From 028733bb89982a39cf1341937417c9d76f39b2ef Mon Sep 17 00:00:00 2001
From: DongHun Kwak <dh0128.kwak@samsung.com>
Date: Fri, 16 Sep 2022 07:45:15 +0900
Subject: [PATCH] Imported Upstream version 2.3.0

---
 AUTHORS                                            |   201 +-
 ChangeLog                                          | 11884 +++++++++++++------
 Makefile.am                                        |    42 +-
 Makefile.in                                        |    75 +-
 NEWS                                               |   761 +-
 README                                             |    85 +-
 VERSION                                            |     2 +-
 acinclude.m4                                       |   187 +-
 aclocal.m4                                         |     2 -
 agent/Makefile.am                                  |    23 +-
 agent/Makefile.in                                  |   197 +-
 agent/agent.h                                      |   227 +-
 agent/cache.c                                      |    93 +-
 agent/call-daemon.c                                |   684 ++
 agent/call-pinentry.c                              |   563 +-
 agent/call-scd.c                                   |   906 +-
 agent/call-tpm2d.c                                 |   248 +
 agent/command-ssh.c                                |   361 +-
 agent/command.c                                    |   743 +-
 agent/cvt-openpgp.c                                |   129 +-
 agent/divert-scd.c                                 |   275 +-
 agent/divert-tpm2.c                                |   147 +
 agent/findkey.c                                    |   668 +-
 agent/genkey.c                                     |   149 +-
 agent/gpg-agent-w32info.rc                         |     2 -
 agent/gpg-agent.c                                  |   194 +-
 agent/gpg-agent.w32-manifest.in                    |    18 -
 agent/learncard.c                                  |    14 +-
 agent/pkdecrypt.c                                  |    57 +-
 agent/pksign.c                                     |   292 +-
 agent/preset-passphrase.c                          |    16 +-
 agent/protect-tool.c                               |    76 +-
 agent/protect.c                                    |   101 +-
 agent/sexp-secret.c                                |   142 +
 agent/trans.c                                      |     1 -
 agent/trustlist.c                                  |    59 +-
 am/cmacros.am                                      |     3 +
 autogen.rc                                         |    13 +-
 autogen.sh                                         |     1 +
 build-aux/speedo.mk                                |    52 +-
 build-aux/speedo/patches/gpgme-1.12.0.patch        |    36 -
 build-aux/speedo/w32/inst.nsi                      |     5 +-
 build-aux/speedo/w32/wixlib.wxs                    |     3 +
 build-aux/texinfo.tex                              |     4 +-
 common/Makefile.am                                 |    10 +-
 common/Makefile.in                                 |   351 +-
 common/argparse.c                                  |  2809 -----
 common/argparse.h                                  |   281 -
 common/asshelp.c                                   |   388 +-
 common/asshelp.h                                   |    28 +
 common/asshelp2.c                                  |    56 +
 common/audit.c                                     |     2 +-
 common/audit.h                                     |     2 +-
 common/common-defs.h                               |     3 +-
 common/compliance.c                                |    44 +-
 common/compliance.h                                |     4 +-
 common/convert.c                                   |    40 +-
 common/dotlock.c                                   |    93 +-
 common/dotlock.h                                   |     1 -
 common/dynload.h                                   |     3 -
 common/exechelp-posix.c                            |    40 +-
 common/exechelp-w32.c                              |    43 +-
 common/exechelp-w32ce.c                            |     5 +-
 common/exechelp.h                                  |    15 +-
 common/exectool.c                                  |    25 +-
 common/exectool.h                                  |     4 +-
 common/gettime.c                                   |    41 +-
 common/gpgrlhelp.c                                 |    71 +-
 common/homedir.c                                   |   594 +-
 common/i18n.c                                      |     6 +-
 common/init.c                                      |    16 +-
 common/iobuf.c                                     |   268 +-
 common/iobuf.h                                     |    12 +-
 common/keyserver.h                                 |    73 +
 common/logging.c                                   |  1110 --
 common/logging.h                                   |    92 +-
 common/mapstrings.c                                |    50 +-
 common/mbox-util.c                                 |    32 +-
 common/mbox-util.h                                 |     2 +-
 common/membuf.c                                    |     5 +-
 common/miscellaneous.c                             |   148 +-
 common/mischelp.c                                  |    43 +-
 common/name-value.c                                |    77 +-
 common/name-value.h                                |     8 +-
 common/openpgp-fpr.c                               |   283 -
 common/openpgp-oid.c                               |   247 +-
 common/openpgp-s2k.c                               |    67 +
 common/openpgpdefs.h                               |    53 +-
 common/percent.c                                   |    20 +-
 common/pkscreening.c                               |   159 +
 common/pkscreening.h                               |    26 +
 common/recsel.c                                    |    12 +-
 common/session-env.c                               |    45 +-
 common/sexp-parse.h                                |     2 +-
 common/sexputil.c                                  |    17 +-
 common/signal.c                                    |    12 +-
 common/simple-pwquery.c                            |     2 +-
 common/status.c                                    |    99 +
 common/status.h                                    |     8 +
 common/stringhelp.c                                |   216 +-
 common/stringhelp.h                                |    15 +-
 common/sysutils.c                                  |   355 +-
 common/sysutils.h                                  |     6 +-
 common/t-convert.c                                 |    38 +
 common/t-exechelp.c                                |     2 +-
 common/t-mapstrings.c                              |    26 -
 common/t-mbox-util.c                               |   193 +-
 common/t-name-value.c                              |    25 +
 common/t-openpgp-oid.c                             |    73 +-
 common/t-percent.c                                 |   213 +-
 common/t-sexputil.c                                |    41 +-
 common/t-stringhelp.c                              |   247 +-
 common/t-w32-reg.c                                 |    43 +-
 common/tlv-builder.c                               |     1 -
 common/tlv.h                                       |     5 +-
 common/ttyio.c                                     |    72 +-
 common/ttyio.h                                     |     2 +
 common/types.h                                     |    22 +-
 common/userids.c                                   |    79 +-
 common/util.h                                      |    53 +-
 common/w32-reg.c                                   |   101 +-
 common/w32help.h                                   |     1 -
 common/w32info-rc.h.in                             |     2 +-
 common/xasprintf.c                                 |    53 -
 config.h.in                                        |   112 +-
 configure                                          |  1613 ++-
 configure.ac                                       |   368 +-
 dirmngr/Makefile.am                                |    54 +-
 dirmngr/Makefile.in                                |   274 +-
 dirmngr/cdb.h                                      |     2 +-
 dirmngr/cdblib.c                                   |     6 +-
 dirmngr/certcache.c                                |    90 +-
 dirmngr/crlcache.c                                 |     4 +-
 dirmngr/crlfetch.c                                 |     4 +-
 dirmngr/crlfetch.h                                 |     3 +-
 dirmngr/dirmngr-client.c                           |    55 +-
 dirmngr/dirmngr.c                                  |   225 +-
 dirmngr/dirmngr.h                                  |    18 +-
 dirmngr/dirmngr.w32-manifest.in                    |    18 -
 dirmngr/dirmngr_ldap.c                             |   672 +-
 dirmngr/dns-stuff.c                                |   127 +-
 dirmngr/dns-stuff.h                                |    14 +-
 dirmngr/dns.c                                      |    21 +-
 dirmngr/domaininfo.c                               |     2 +-
 dirmngr/http-ntbtls.c                              |    20 +-
 dirmngr/http.c                                     |   247 +-
 dirmngr/http.h                                     |    19 +-
 dirmngr/ks-action.c                                |    63 +-
 dirmngr/ks-action.h                                |     2 +-
 dirmngr/ks-engine-finger.c                         |     2 +-
 dirmngr/ks-engine-hkp.c                            |   173 +-
 dirmngr/ks-engine-http.c                           |     2 +-
 dirmngr/ks-engine-ldap.c                           |   648 +-
 dirmngr/ldap-misc.c                                |   332 -
 dirmngr/ldap-parse-uri.c                           |    23 +-
 dirmngr/ldap-url.c                                 |    19 -
 dirmngr/ldap-wrapper.c                             |    45 +-
 dirmngr/ldap.c                                     |   531 +-
 dirmngr/ldapserver.c                               |   104 +-
 dirmngr/ldapserver.h                               |    18 +-
 dirmngr/loadswdb.c                                 |     4 +-
 dirmngr/misc.c                                     |     2 +-
 dirmngr/ocsp.c                                     |    15 +-
 dirmngr/server.c                                   |   181 +-
 dirmngr/t-dns-stuff.c                              |    12 +-
 dirmngr/t-http.c                                   |     9 +-
 dirmngr/t-ldap-misc.c                              |   158 -
 dirmngr/t-ldap-parse-uri.c                         |    54 +-
 dirmngr/t-support.h                                |     6 -
 dirmngr/workqueue.c                                |     6 +-
 doc/DETAILS                                        |   196 +-
 doc/HACKING                                        |    70 +-
 doc/Makefile.am                                    |    37 +-
 doc/Makefile.in                                    |   113 +-
 doc/debugging.texi                                 |     2 +-
 doc/defsincdate                                    |     2 +-
 doc/dirmngr.texi                                   |   238 +-
 doc/examples/README                                |     2 +
 doc/examples/gpgconf.conf                          |     8 +-
 doc/examples/gpgconf.rnames                        |    12 -
 doc/examples/pwpattern.list                        |     2 +-
 doc/{ => examples}/qualified.txt                   |    12 +-
 doc/gnupg-card-architecture.pdf                    |   Bin 19415 -> 19407 bytes
 doc/gnupg-logo.eps                                 |  2704 -----
 doc/gnupg-module-overview.pdf                      |   Bin 480860 -> 691936 bytes
 doc/gnupg-module-overview.png                      |   Bin 123361 -> 142611 bytes
 doc/gnupg-module-overview.svg                      |   364 +-
 doc/gnupg.info                                     |   390 +-
 doc/gnupg.info-1                                   |   862 +-
 doc/gnupg.info-2                                   |  2292 ++--
 doc/gnupg.info-3                                   |   Bin 0 -> 9063 bytes
 doc/gnupg.texi                                     |    12 +-
 doc/gpg-agent.texi                                 |   105 +-
 doc/gpg-card.texi                                  |   861 ++
 doc/gpg.texi                                       |   459 +-
 doc/gpgsm.texi                                     |   144 +-
 doc/help.ja.txt                                    |    53 +-
 doc/help.txt                                       |    13 +-
 doc/help.zh_CN.txt                                 |   263 +-
 doc/help.zh_TW.txt                                 |   326 +-
 doc/scdaemon.texi                                  |    71 +-
 doc/tools.texi                                     |   245 +-
 doc/whats-new-in-2.1.txt                           |     2 +-
 doc/wks.texi                                       |    24 +-
 doc/yat2m.c                                        |     9 +-
 g10/Makefile.am                                    |    65 +-
 g10/Makefile.in                                    |   326 +-
 g10/armor.c                                        |   643 +-
 g10/build-packet.c                                 |   392 +-
 g10/call-agent.c                                   |   823 +-
 g10/call-agent.h                                   |    57 +-
 g10/call-dirmngr.c                                 |   224 +-
 g10/call-dirmngr.h                                 |     6 +-
 g10/call-keyboxd.c                                 |   864 ++
 g10/card-util.c                                    |   278 +-
 g10/cipher-aead.c                                  |   448 +
 g10/{cipher.c => cipher-cfb.c}                     |     2 +-
 g10/cpr.c                                          |    57 +-
 g10/decrypt-data.c                                 |    57 +-
 g10/dek.h                                          |     3 +-
 g10/delkey.c                                       |    33 +-
 g10/distsigkey.gpg                                 |   Bin 3902 -> 2899 bytes
 g10/ecdh.c                                         |   581 +-
 g10/encrypt.c                                      |   622 +-
 g10/exec.c                                         |   538 +-
 g10/exec.h                                         |    27 +-
 g10/expand-group.c                                 |    88 +
 g10/export.c                                       |   394 +-
 g10/filter.h                                       |    66 +-
 g10/free-packet.c                                  |    48 +-
 g10/getkey.c                                       |   912 +-
 g10/gpg.c                                          |   545 +-
 g10/gpg.h                                          |    25 +-
 g10/gpg.w32-manifest.in                            |     7 +-
 g10/gpgcompose.c                                   |  3089 -----
 g10/gpgv.c                                         |    80 +-
 g10/gpgv.w32-manifest.in                           |    18 -
 g10/import.c                                       |   236 +-
 g10/kbnode.c                                       |     5 +-
 g10/key-check.c                                    |    16 +-
 g10/key-clean.c                                    |    10 +-
 g10/key-clean.h                                    |     2 +-
 g10/keydb-private.h                                |   186 +
 g10/keydb.c                                        |   389 +-
 g10/keydb.h                                        |   122 +-
 g10/keyedit.c                                      |   249 +-
 g10/keyedit.h                                      |     1 +
 g10/keygen.c                                       |   904 +-
 g10/keyid.c                                        |   350 +-
 g10/keylist.c                                      |   493 +-
 g10/keyring.c                                      |    33 +-
 g10/keyserver-internal.h                           |    22 +-
 g10/keyserver.c                                    |   501 +-
 g10/main.h                                         |    35 +-
 g10/mainproc.c                                     |   672 +-
 g10/misc.c                                         |   139 +-
 g10/objcache.c                                     |   689 ++
 dirmngr/ldap-misc.h => g10/objcache.h              |    32 +-
 g10/openfile.c                                     |    24 +-
 g10/options.h                                      |    48 +-
 g10/packet.h                                       |   159 +-
 g10/parse-packet.c                                 |   392 +-
 g10/passphrase.c                                   |    79 +-
 g10/photoid.c                                      |   406 +-
 g10/photoid.h                                      |     2 +-
 g10/pkclist.c                                      |   402 +-
 g10/pkglue.c                                       |   235 +-
 g10/pkglue.h                                       |    12 +-
 g10/plaintext.c                                    |    39 -
 g10/pubkey-enc.c                                   |   158 +-
 g10/revoke.c                                       |    68 +-
 g10/seskey.c                                       |    15 +-
 g10/sig-check.c                                    |   235 +-
 g10/sign.c                                         |  1917 +--
 g10/skclist.c                                      |   169 +-
 g10/t-keydb-get-keyblock.c                         |     6 +-
 g10/t-keydb.c                                      |     7 +-
 g10/tdbdump.c                                      |    19 +-
 g10/tdbio.c                                        |    30 +-
 g10/tdbio.h                                        |     1 -
 g10/test-stubs.c                                   |    68 +-
 g10/tofu.c                                         |    24 +-
 g10/trust.c                                        |    17 +-
 g10/trustdb.c                                      |   200 +-
 g10/trustdb.h                                      |     4 +-
 g10/verify.c                                       |     2 +-
 g13/Makefile.in                                    |    42 +-
 g13/call-syshelp.c                                 |     2 +-
 g13/g13-syshelp.c                                  |    32 +-
 g13/g13.c                                          |    46 +-
 g13/g13tuple.c                                     |     2 +-
 g13/mountinfo.c                                    |     2 +-
 g13/runner.c                                       |     2 +-
 g13/server.c                                       |     2 +-
 kbx/Makefile.am                                    |    58 +-
 kbx/Makefile.in                                    |   508 +-
 kbx/backend-cache.c                                |  1201 ++
 kbx/backend-kbx.c                                  |   457 +
 kbx/backend-sqlite.c                               |  1820 +++
 kbx/backend-support.c                              |   359 +
 kbx/backend.h                                      |   188 +
 kbx/frontend.c                                     |   500 +
 kbx/frontend.h                                     |    41 +
 kbx/kbx-client-util.c                              |   466 +
 kbx/kbx-client-util.h                              |    42 +
 kbx/kbxserver.c                                    |  1000 ++
 kbx/kbxutil.c                                      |    99 +-
 kbx/keybox-blob.c                                  |   135 +-
 kbx/keybox-defs.h                                  |     7 +-
 kbx/keybox-file.c                                  |     2 +-
 kbx/keybox-init.c                                  |    21 -
 kbx/keybox-openpgp.c                               |   122 +-
 kbx/keybox-search-desc.h                           |    26 +-
 kbx/keybox-search.c                                |   234 +-
 kbx/keybox-update.c                                |    11 +
 kbx/keybox.h                                       |    12 +-
 g10/gpgv-w32info.rc => kbx/keyboxd-w32info.rc      |    12 +-
 kbx/keyboxd.c                                      |  1814 +++
 kbx/keyboxd.h                                      |   178 +
 kbx/mkerrors                                       |     2 +-
 m4/Makefile.am                                     |     6 +-
 m4/Makefile.in                                     |    37 +-
 m4/codeset.m4                                      |    19 +-
 m4/gettext.m4                                      |   177 +-
 m4/gnupg-pth.m4                                    |   105 -
 m4/isc-posix.m4                                    |    26 -
 m4/lcmessage.m4                                    |    21 +-
 m4/ldap.m4                                         |    15 +-
 m4/libcurl.m4                                      |   253 -
 m4/readline.m4                                     |     4 +-
 m4/socklen.m4                                      |   102 +-
 m4/tar-ustar.m4                                    |    43 -
 po/Makevars                                        |     6 +-
 po/POTFILES.in                                     |    10 +-
 po/ca.gmo                                          |   Bin 44152 -> 43561 bytes
 po/ca.po                                           |  5162 ++++----
 po/cs.gmo                                          |   Bin 232096 -> 230386 bytes
 po/cs.po                                           |  5276 ++++----
 po/da.gmo                                          |   Bin 135629 -> 132337 bytes
 po/da.po                                           |  5322 +++++----
 po/de.gmo                                          |   Bin 240262 -> 246402 bytes
 po/de.po                                           |  5480 +++++----
 po/el.gmo                                          |   Bin 58609 -> 57704 bytes
 po/el.po                                           |  5145 ++++----
 po/en@boldquot.gmo                                 |   Bin 218651 -> 225334 bytes
 po/en@boldquot.po                                  |  4983 ++++----
 po/en@quot.gmo                                     |   Bin 216283 -> 222822 bytes
 po/en@quot.po                                      |  4982 ++++----
 po/eo.gmo                                          |   Bin 28679 -> 28340 bytes
 po/eo.po                                           |  5097 ++++----
 po/es.gmo                                          |   Bin 220693 -> 219477 bytes
 po/es.po                                           |  5308 +++++----
 po/et.gmo                                          |   Bin 42455 -> 41767 bytes
 po/et.po                                           |  5141 ++++----
 po/fi.gmo                                          |   Bin 43973 -> 43309 bytes
 po/fi.po                                           |  5138 ++++----
 po/fr.gmo                                          |   Bin 207035 -> 205495 bytes
 po/fr.po                                           |  5338 +++++----
 po/gl.gmo                                          |   Bin 43817 -> 43261 bytes
 po/gl.po                                           |  5141 ++++----
 po/gnupg2.pot                                      |  4849 ++++----
 po/hu.gmo                                          |   Bin 45379 -> 44688 bytes
 po/hu.po                                           |  5142 ++++----
 po/id.gmo                                          |   Bin 42244 -> 41595 bytes
 po/id.po                                           |  5141 ++++----
 po/it.gmo                                          |   Bin 230219 -> 228212 bytes
 po/it.po                                           |  5329 +++++----
 po/ja.gmo                                          |   Bin 246913 -> 252423 bytes
 po/ja.po                                           |  5221 ++++----
 po/nb.gmo                                          |   Bin 215582 -> 214424 bytes
 po/nb.po                                           |  5283 +++++----
 po/pl.gmo                                          |   Bin 234893 -> 233014 bytes
 po/pl.po                                           |  5300 +++++----
 po/pt.gmo                                          |   Bin 36877 -> 36612 bytes
 po/pt.po                                           |  5124 ++++----
 po/ro.gmo                                          |   Bin 84251 -> 83262 bytes
 po/ro.po                                           |  5219 ++++----
 po/ru.gmo                                          |   Bin 300278 -> 295395 bytes
 po/ru.po                                           |  5315 +++++----
 po/sk.gmo                                          |   Bin 44874 -> 44228 bytes
 po/sk.po                                           |  5142 ++++----
 po/sv.gmo                                          |   Bin 135894 -> 132622 bytes
 po/sv.po                                           |  5325 +++++----
 po/tr.gmo                                          |   Bin 133684 -> 131135 bytes
 po/tr.po                                           |  5302 +++++----
 po/uk.gmo                                          |   Bin 302977 -> 301346 bytes
 po/uk.po                                           |  5328 +++++----
 po/zh_CN.gmo                                       |   Bin 216648 -> 221826 bytes
 po/zh_CN.po                                        |  5260 ++++----
 po/zh_TW.gmo                                       |   Bin 179508 -> 178487 bytes
 po/zh_TW.po                                        |  5307 +++++----
 regexp/Makefile.in                                 |    32 +-
 scd/Makefile.am                                    |     9 +-
 scd/Makefile.in                                    |    82 +-
 scd/apdu.c                                         |   643 +-
 scd/apdu.h                                         |     8 +-
 scd/app-common.h                                   |   168 +-
 scd/app-dinsig.c                                   |    34 +-
 scd/app-geldkarte.c                                |    19 +-
 scd/app-help.c                                     |    17 +-
 scd/app-nks.c                                      |  1804 ++-
 scd/app-openpgp.c                                  |  1767 ++-
 scd/app-p15.c                                      |  1151 +-
 scd/app-piv.c                                      |  3723 ++++++
 scd/app-sc-hsm.c                                   |    55 +-
 scd/app.c                                          |  2245 +++-
 scd/atr.c                                          |     1 -
 scd/ccid-driver.c                                  |   147 +-
 scd/ccid-driver.h                                  |     3 +
 scd/command.c                                      |  1381 ++-
 scd/iso7816.c                                      |   208 +-
 scd/iso7816.h                                      |    12 +-
 scd/scdaemon-w32info.rc                            |     2 -
 scd/scdaemon.c                                     |   102 +-
 scd/scdaemon.h                                     |    34 +-
 scd/scdaemon.w32-manifest.in                       |    18 -
 sm/Makefile.am                                     |    39 +-
 sm/Makefile.in                                     |   298 +-
 sm/call-agent.c                                    |   199 +-
 sm/call-dirmngr.c                                  |    93 +-
 sm/certchain.c                                     |   228 +-
 sm/certcheck.c                                     |   174 +-
 sm/certdump.c                                      |    39 +-
 sm/certlist.c                                      |    49 +-
 sm/certreqgen-ui.c                                 |     7 +-
 sm/certreqgen.c                                    |   314 +-
 sm/decrypt.c                                       |   675 +-
 sm/delete.c                                        |    14 +-
 sm/encrypt.c                                       |   314 +-
 sm/export.c                                        |   103 +-
 sm/fingerprint.c                                   |   112 +-
 sm/gpgsm-w32info.rc                                |     2 -
 sm/gpgsm.c                                         |   350 +-
 sm/gpgsm.h                                         |    97 +-
 sm/import.c                                        |   117 +-
 sm/keydb.c                                         |  1161 +-
 sm/keydb.h                                         |    13 +-
 sm/keylist.c                                       |   230 +-
 sm/minip12.c                                       |   537 +-
 sm/misc.c                                          |   128 +-
 sm/qualified.c                                     |     7 +-
 sm/server.c                                        |   105 +-
 sm/sign.c                                          |   216 +-
 sm/t-minip12.c                                     |   165 +
 sm/verify.c                                        |    25 +-
 tests/Makefile.am                                  |     8 +-
 tests/Makefile.in                                  |    39 +-
 tests/asschk.c                                     |    10 +-
 tests/gpgme/Makefile.in                            |    41 +-
 tests/gpgscm/Makefile.in                           |    41 +-
 tests/gpgscm/main.c                                |    14 +-
 tests/gpgscm/scheme.c                              |    42 +-
 tests/gpgsm/Makefile.in                            |    41 +-
 tests/migrations/Makefile.in                       |    41 +-
 tests/openpgp/Makefile.am                          |     5 +-
 tests/openpgp/Makefile.in                          |    46 +-
 tests/openpgp/README                               |     2 +-
 tests/openpgp/all-tests.scm                        |    21 +-
 tests/openpgp/armor.scm                            |     6 +-
 tests/openpgp/defs.scm                             |    21 +-
 tests/openpgp/gpgconf.scm                          |     9 +-
 tests/openpgp/gpgv.scm                             |    14 +-
 tests/openpgp/issue2419.scm                        |     2 +-
 tests/openpgp/quick-key-manipulation.scm           |     6 -
 tests/openpgp/samplekeys/README                    |     2 +
 tests/openpgp/setup.scm                            |     2 +-
 tests/openpgp/verify.scm                           |    12 +-
 tests/pkits/Makefile.in                            |    32 +-
 tests/sm-verify                                    |     2 +-
 tests/tpm2dtests/Makefile.am                       |    80 +
 tests/tpm2dtests/Makefile.in                       |   660 +
 tests/tpm2dtests/all-tests.scm                     |    81 +
 tests/tpm2dtests/defs.scm                          |   473 +
 tests/tpm2dtests/ecc.scm                           |    23 +
 tests/tpm2dtests/longpassphrase.scm                |    36 +
 tests/tpm2dtests/rsa.scm                           |    13 +
 tests/tpm2dtests/run-tests.scm                     |    43 +
 tests/tpm2dtests/shell.scm                         |    51 +
 tests/tpm2dtests/start_sw_tpm.sh                   |    35 +
 tests/tpm2dtests/unimportable.scm                  |    28 +
 tools/Makefile.am                                  |   105 +-
 tools/Makefile.in                                  |   295 +-
 tools/card-call-scd.c                              |  1788 +++
 tools/card-keys.c                                  |   652 +
 tools/card-misc.c                                  |   118 +
 tools/card-yubikey.c                               |   446 +
 tools/ccidmon.c                                    |    47 +-
 .../gpg-card-w32info.rc                            |    13 +-
 tools/gpg-card.c                                   |  4158 +++++++
 tools/gpg-card.h                                   |   259 +
 .../gpg-card.w32-manifest.in                       |     4 +-
 tools/gpg-check-pattern.c                          |   202 +-
 tools/gpg-connect-agent.c                          |    91 +-
 tools/gpg-pair-tool.c                              |  1965 +++
 tools/gpg-wks-client.c                             |    35 +-
 tools/gpg-wks-server.c                             |   101 +-
 tools/gpg-zip.in                                   |   151 -
 tools/gpgconf-comp.c                               |   269 +-
 tools/gpgconf.c                                    |   592 +-
 tools/gpgconf.h                                    |     6 +
 tools/gpgsplit.c                                   |    20 +-
 tools/gpgtar-create.c                              |   402 +-
 tools/gpgtar-extract.c                             |   288 +-
 tools/gpgtar-list.c                                |   302 +-
 tools/gpgtar.c                                     |    66 +-
 tools/gpgtar.h                                     |    15 +-
 tools/mime-parser.c                                |     6 +-
 tools/no-libgcrypt.c                               |     2 +-
 tools/rfc822parse.c                                |    38 +-
 tools/watchgnupg.c                                 |   175 +-
 tools/wks-util.c                                   |    57 +-
 tpm2d/Makefile.am                                  |    37 +
 tpm2d/Makefile.in                                  |   799 ++
 tpm2d/command.c                                    |   505 +
 tpm2d/ibm-tss.h                                    |   396 +
 tpm2d/intel-tss.h                                  |   684 ++
 tpm2d/tpm2.c                                       |  1007 ++
 tpm2d/tpm2.h                                       |    58 +
 tpm2d/tpm2daemon.c                                 |  1290 ++
 tpm2d/tpm2daemon.h                                 |   100 +
 520 files changed, 155093 insertions(+), 112262 deletions(-)
 create mode 100644 agent/call-daemon.c
 create mode 100644 agent/call-tpm2d.c
 create mode 100644 agent/divert-tpm2.c
 delete mode 100644 agent/gpg-agent.w32-manifest.in
 create mode 100644 agent/sexp-secret.c
 delete mode 100755 build-aux/speedo/patches/gpgme-1.12.0.patch
 delete mode 100644 common/argparse.c
 delete mode 100644 common/argparse.h
 create mode 100644 common/keyserver.h
 delete mode 100644 common/logging.c
 delete mode 100644 common/openpgp-fpr.c
 create mode 100644 common/openpgp-s2k.c
 create mode 100644 common/pkscreening.c
 create mode 100644 common/pkscreening.h
 delete mode 100644 dirmngr/dirmngr.w32-manifest.in
 delete mode 100644 dirmngr/ldap-misc.c
 delete mode 100644 dirmngr/t-ldap-misc.c
 delete mode 100644 doc/examples/gpgconf.rnames
 rename doc/{ => examples}/qualified.txt (98%)
 delete mode 100644 doc/gnupg-logo.eps
 create mode 100644 doc/gnupg.info-3
 create mode 100644 doc/gpg-card.texi
 create mode 100644 g10/call-keyboxd.c
 create mode 100644 g10/cipher-aead.c
 rename g10/{cipher.c => cipher-cfb.c} (98%)
 create mode 100644 g10/expand-group.c
 delete mode 100644 g10/gpgcompose.c
 delete mode 100644 g10/gpgv.w32-manifest.in
 create mode 100644 g10/keydb-private.h
 create mode 100644 g10/objcache.c
 rename dirmngr/ldap-misc.h => g10/objcache.h (52%)
 create mode 100644 kbx/backend-cache.c
 create mode 100644 kbx/backend-kbx.c
 create mode 100644 kbx/backend-sqlite.c
 create mode 100644 kbx/backend-support.c
 create mode 100644 kbx/backend.h
 create mode 100644 kbx/frontend.c
 create mode 100644 kbx/frontend.h
 create mode 100644 kbx/kbx-client-util.c
 create mode 100644 kbx/kbx-client-util.h
 create mode 100644 kbx/kbxserver.c
 rename g10/gpgv-w32info.rc => kbx/keyboxd-w32info.rc (82%)
 create mode 100644 kbx/keyboxd.c
 create mode 100644 kbx/keyboxd.h
 delete mode 100644 m4/gnupg-pth.m4
 delete mode 100644 m4/isc-posix.m4
 delete mode 100644 m4/libcurl.m4
 delete mode 100644 m4/tar-ustar.m4
 create mode 100644 scd/app-piv.c
 delete mode 100644 scd/scdaemon.w32-manifest.in
 create mode 100644 sm/t-minip12.c
 create mode 100644 tests/tpm2dtests/Makefile.am
 create mode 100644 tests/tpm2dtests/Makefile.in
 create mode 100644 tests/tpm2dtests/all-tests.scm
 create mode 100644 tests/tpm2dtests/defs.scm
 create mode 100644 tests/tpm2dtests/ecc.scm
 create mode 100644 tests/tpm2dtests/longpassphrase.scm
 create mode 100644 tests/tpm2dtests/rsa.scm
 create mode 100644 tests/tpm2dtests/run-tests.scm
 create mode 100644 tests/tpm2dtests/shell.scm
 create mode 100755 tests/tpm2dtests/start_sw_tpm.sh
 create mode 100644 tests/tpm2dtests/unimportable.scm
 create mode 100644 tools/card-call-scd.c
 create mode 100644 tools/card-keys.c
 create mode 100644 tools/card-misc.c
 create mode 100644 tools/card-yubikey.c
 rename dirmngr/dirmngr-w32info.rc => tools/gpg-card-w32info.rc (81%)
 create mode 100644 tools/gpg-card.c
 create mode 100644 tools/gpg-card.h
 rename sm/gpgsm.w32-manifest.in => tools/gpg-card.w32-manifest.in (89%)
 create mode 100644 tools/gpg-pair-tool.c
 delete mode 100644 tools/gpg-zip.in
 create mode 100644 tpm2d/Makefile.am
 create mode 100644 tpm2d/Makefile.in
 create mode 100644 tpm2d/command.c
 create mode 100644 tpm2d/ibm-tss.h
 create mode 100644 tpm2d/intel-tss.h
 create mode 100644 tpm2d/tpm2.c
 create mode 100644 tpm2d/tpm2.h
 create mode 100644 tpm2d/tpm2daemon.c
 create mode 100644 tpm2d/tpm2daemon.h

diff --git a/AUTHORS b/AUTHORS
index 7daa3ef..6f28f6b 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -16,8 +16,8 @@ List of Copyright holders
 =========================
 
   Copyright (C) 1997-2019 Werner Koch
+  Copyright (C) 2003-2021 g10 Code GmbH
   Copyright (C) 1994-2021 Free Software Foundation, Inc.
-  Copyright (C) 2003-2022 g10 Code GmbH
   Copyright (C) 2002 Klarälvdalens Datakonsult AB
   Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper <drepper@gnu.ai.mit.edu>
   Copyright (C) 1994 X Consortium
@@ -32,21 +32,212 @@ List of Copyright holders
   Copyright (C) 1992-1996 Regents of the University of Michigan.
   Copyright (C) 2000 Dimitrios Souflis
   Copyright (C) 2008,2009,2010,2012-2016 William Ahern
+  Copyright (C) 2015-2019 IBM Corporation
   Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik
+  Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
 
 
 Authors with a FSF copyright assignment
 =======================================
 
-The list of authors who signed a FSF copyright assignment is kept in
-the GIT master branch's copy of this file.
+Ales Nyakhaychyk <nyakhaychyk@i1fn.linux.by> Translations [be]
+
+Andrey Jivsov <openpgp@brainhub.org>  Assigns past and future changes for ECC.
+    (g10/ecdh.c.  other changes to support ECC)
+
+Ben Kibbey  <bjk@luxsci.net>  Assigns past and future changes.
+
+Birger Langkjer <birger.langkjer@image.dk> Translations [da]
+
+Maxim Britov <maxim.britov@gmail.com> Translations [ru]
+
+Daniel Resare  <daniel@resare.com> Translations [sv]
+Per Tunedal    <per@clipanish.com> Translations [sv]
+Daniel Nylander <po@danielnylander.se> Translations [sv]
+
+Daiki Ueno <ueno@unixuser.org>  Assigns Past and Future Changes.
+    (changed:passphrase.c and related code)
+
+David Shaw <dshaw@jabberwocky.com> Assigns past and future changes.
+    (all in keyserver/,
+     a lot of changes in g10/ see the ChangeLog,
+     bug fixes here and there)
+
+Dokianakis Theofanis <madf@hellug.gr> Translations [el]
+
+Edmund GRIMLEY EVANS <edmundo@rano.org> Translations [eo]
+
+Florian Weimer	<fw@deneb.enyo.de>  Assigns past and future changes
+    (changed:g10/parse-packet.c, include/iobuf.h, util/iobuf.c)
+
+g10 Code GmbH   <info@g10code.com>  Assigns past and future changes
+(all work since 2001 as indicated by mail addresses in ChangeLogs)
+Assignment for future changes terminated on 2012-12-04
+(mail 87boe9x0e3.fsf@vigenere.g10code.de)
+
+Gaël Quéri  <gael@lautre.net>  Translations [fr]
+    (fixed a lot of typos)
+
+Gregory Steuck <steuck@iname.com> Translations [ru]
+
+Nagy Ferenc László <nfl@nfllab.com> Translations [hu]
+
+Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl]
+
+Jacobo Tarri'o Barreiro <jtarrio@iname.com> Translations [gl]
+
+Janusz Aleksander Urbanowicz <alex@bofh.torun.pl> Translations [pl]
+Jakub Bogusz <qboosh@pld-linux.org> Translations [pl]
+
+Jedi Lin <Jedi@idej.org> Translations [zh-tw]
+
+Jouni Hiltunen <jouni.hiltunen@kolumbus.fi> Translations [fi]
+Tommi Vainikainen <Tommi.Vainikainen@iki.fi> Translations [fi]
+
+Laurentiu Buzdugan <lbgnupg@rolix.org> Translations [ro]
+
+Magda Procha'zkova'  <magda@math.muni.cz> Translations [cs]
+
+Michael Roth  <mroth@nessie.de>  Assigns changes.
+    (wrote cipher/des.c., changes and bug fixes all over the place)
+
+Michal Majer <mmajer@econ.umb.sk> Translations [sk]
+
+Marco d'Itri <md@linux.it> Translations [it]
+
+Marcus Brinkmann  <marcus@g10code.de>
+    (gpgconf and fixes all over the place)
+
+Matthew Skala <mskala@ansuz.sooke.bc.ca>  Disclaimer
+    (wrote cipher/twofish.c)
+
+Moritz Schulte  <moritz@g10code.com>
+   (ssh support gpg-agent)
+
+Niklas Hernaeus <nh@df.lth.se> Disclaimer
+    (weak key patches)
+
+Nilgun Belma Buguner <nilgun@technologist.com> Translations [tr]
+
+Nils Ellmenreich  <nils 'at' infosun.fmi.uni-passau.de>
+                                      Assigns past and future changes
+    (configure.in, cipher/rndlinux.c, FAQ)
+
+Paul Eggert <eggert@twinsun.com>
+    (configuration macros for LFS)
+
+Pavel I. Shajdo <pshajdo@gmail.com> Translations [ru]
+    (man pages)
+
+Pedro Morais <morais@poli.org> Translations [pt_PT]
+
+Rémi Guyomarch	<rguyom@mail.dotcom.fr> Assigns past and future changes.
+    (g10/compress.c, g10/encr-data.c,
+     g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
+
+Stefan Bellon   <sbellon@sbellon.de> Assigns past and future changes.
+   (All patches to support RISC OS)
+
+Timo Schulz     <twoaday@freakmail.de> Assigns past and future changes.
+   (util/w32reg.c, g10/passphrase.c, g10/hkp.c)
+
+Tedi Heriyanto	<tedi_h@gmx.net> Translations [id]
+
+Thiago Jung Bauermann <jungmann@cwb.matrix.com.br> Translations [pt_BR]
+Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> Translations [pt_BR]
+
+Toomas Soome <tsoome@ut.ee> Translations [et]
+
+Urko Lusa <ulusa@euskalnet.net> Translations [es_ES]
+
+Walter Koch <koch@u32.de>  Translations [de]
+
+Werner Koch  <wk@gnupg.org>  Assigns GNU Privacy Guard and future changes.
+    (started the whole thing, wrote the S/MIME extensions, the
+     smartcard daemon and the gpg-agent)
+Assignment for future changes terminated on 2013-03-29
+(mail 878v6dbut0.fsf@vigenere.g10code.de dated 2013-02-24).
+
+Yosiaki IIDA <iida@ring.gr.jp> Translations [ja]
+
+Yuri Chornoivan, yurchor at ukr dot net: Translations [uk]
+
+Yutaka Niibe   Assigns Past and Future Changes
+     (scd/)
 
 
 Authors with a DCO
 ==================
 
-The list of authors who signed the Developer's Certificate of Origin
-is kept in the GIT master branch's copy of this file.
+Andre Heinecke <aheinecke@intevation.de>
+2014-09-19:4525694.FcpLvWDUFT@esus:
+
+Andreas Schwier <andreas.schwier@cardcontact.de>
+2014-07-22:53CED1D8.1010306@cardcontact.de:
+
+Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
+2016-10-17:580484F4.8040806@ssi.gouv.fr:
+
+Ben McGinnes <ben@adversary.org>
+2017-12-16:20171216002102.l6aejk5xdp6xhtfi@adversary.org:
+
+Christian Aistleitner <christian@quelltextlich.at>
+2013-05-26:20130626112332.GA2228@quelltextlich.at:
+
+Damien Goutte-Gattat <dgouttegattat@incenp.org>
+2015-01-17:54BA49AA.2040708@incenp.org:
+
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+2014-09-24:87oau6w9q7.fsf@alice.fifthhorseman.net:
+
+Hans of Guardian <hans@guardianproject.info>
+2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574@guardianproject.info:
+
+Ineiev <ineiev@gnu.org>
+2017-05-09:20170509121611.GH25850@gnu.org:
+
+James Bottomley <James.Bottomley@HansenPartnership.com>
+2018-02-01:1517501629.3145.9.camel@HansenPartnership.com:
+
+Jiri Kerestes <jiri.kerestes@trustica.cz>
+2018-07-25:<d77cfcda-bbc3-0620-4e81-10dff33a94ca@trustica.cz>:
+
+Jonas Borgström <jonas@borgstrom.se>
+2013-08-29:521F1E7A.5080602@borgstrom.se:
+
+Joshua Rogers <git@internot.info>
+2014-12-22:5497FE75.7010503@internot.info:
+
+Jussi Kivilinna <jussi.kivilinna@iki.fi>
+2018-02-11:2d8b7014-ff67-1e73-1152-9ff9fb8c10d7@iki.fi:
+
+Kyle Butt <kylebutt@gmail.com>
+2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ@mail.gmail.com:
+
+Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
+2018-07-13:c397e637-f1ce-34f0-7e6a-df04a76e1c35@ssi-schaefer.com:
+
+Phil Pennock <phil.pennock@spodhuis.org>
+Phil Pennock <phil@pennock-tech.com>
+2017-01-19:20170119061225.GA26207@breadbox.private.spodhuis.org:
+
+Rainer Perske <rainer.perske@uni-muenster.de>
+2017-10-24:permail-2017102014511105be2aed00002fc6-perske@message-id.uni-muenster.de:
+
+Stefan Tomanek <tomanek@internet-sicherheit.de>
+2014-01-30:20140129234449.GY30808@zirkel.wertarbyte.de:
+
+Tobias Mueller <muelli@cryptobitch.de>
+2016-11-23:1479937342.11180.3.camel@cryptobitch.de:
+
+Werner Koch <wk@gnupg.org>
+2013-03-29:87620ahchj.fsf@vigenere.g10code.de:
+
+William L. Thomson Jr. <wlt@o-sinc.com>
+2017-05-23:assp.0316398ca8.20170523093623.00a17d03@o-sinc.com:
+
+Yann E. MORIN <yann.morin.1998@free.fr>
+2016-07-10:20160710093202.GA3688@free.fr:
 
 
 Other authors
diff --git a/ChangeLog b/ChangeLog
index 0995bd2..3a05660 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,2660 +1,1501 @@
-2022-09-02  Werner Koch  <wk@gnupg.org>
+2021-04-07  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.39.
-	+ commit 7c2078a680dde2eaef30a8a6dc49de4540498736
+	Release GnuPG 2.3.0.
+	+ commit c922a798a341261f1aafaf7c1c0217e4ce3e3acf
 
 
-2022-09-01  Werner Koch  <wk@gnupg.org>
+2021-04-01  Werner Koch  <wk@gnupg.org>
 
-	common: Make nvc_lookup more robust.
-	+ commit 8c22b00268bf5b2374cf7af69465a902b91946aa
-	* common/name-value.c (nvc_first): Allow for NULL arg.
-	(nvc_lookup): Allow for PK being NULL.
+	gpgconf: Return a new pseudo option compliance_de_vs.
+	+ commit a78475fbb7b60ca96137fbe179d8b939cfe2cd89
+	* tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
+	"compliance_de_vs".
+	* g10/gpg.c (gpgconf_list): Returh that pseudo option.
 
-	Release 2.2.38.
-	+ commit 0b786fde775588413e5c9842bca3a3d8ea06fad5
+	common: Make the compliance check more robust.
+	+ commit 1d1ec1146c04415c7051af62e133459a4537c945
+	* common/compliance.c (get_compliance_cache): New.
+	(gnupg_rng_is_compliant): Use per mode cache.
+	(gnupg_gcrypt_is_compliant): Ditto.
 
+	card: New flag --reread for LIST.
+	+ commit c727951a2440913bbab5b250c9bd2bb1d35ab0d7
+	* tools/gpg-card.c (cmd_list): Add flag --reread.
+	* tools/card-call-scd.c (scd_learn): New arg reread.
+
+	* tools/card-call-scd.c (release_card_info): Fix releasing of the new
+	label var.
+
+	scd: New flag --reread for LEARN.
+	+ commit ff87f4e578f412332ae59fdab016f0a5304baaf9
+	* scd/command.c (cmd_learn): Add flag --reread.
+	* scd/app-common.h (struct app_ctx_s): New field need_reset.
+	* scd/app.c (write_learn_status_core): Set need_reset if we notice an
+	error after returning from a reread.  Change all callers of card
+	functions to return GPG_ERR_CARD_RESET so that that app is not anymore
+	used.
 
-2022-08-31  Werner Koch  <wk@gnupg.org>
+	scd:p15: New flag APP_LEARN_FLAG_REREAD.
+	+ commit e17d3f866057543d142d63379fd4f4a36d79147f
+	* scd/app-p15.c (do_deinit): Factor code out to ...
+	(release_lists, release_tokeninfo): new.
+	(read_ef_tokeninfo): Reset all data before reading.
+	(read_p15_info): Ditto.
+	(do_learn_status): Implement reread flag.
 
-	dirmngr: New option --debug-cache-expired-certs.
-	+ commit ea34325c54a2746bdc2d667a1c98ab07b051cf75
-	* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
-	* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
-	(opts): Add option.
-	(parse_rereadable_options): Set option.
-	* dirmngr/certcache.c (put_cert): Handle the option.
-
-	common,w32: Fix an encoding problem of the printed timezone.
-	+ commit 0b91fa0f13fd3644d0be137ed02e006aa05b9501
-	* common/gettime.c (w32_strftime) [W32]: New function.
-	(strftime) [W32]: New refinition macro.
-
-	gpg: Emit STATUS_FAILURE for --require-compliance errors.
-	+ commit e05fb5ca3711f02eb562868dc38d30e3cccda270
-	* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG.  Print
-	compliance failure error and status for CO_DE_VS.
-	* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
-	require-compliance error case.
-	* g10/encrypt.c (check_encryption_compliance): Ditto.
-
-2022-08-31  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Add npth_unprotect/npth_protect for blocking operations.
-	+ commit e1169e8f8ac75ad32fccb7743ffd06803bd50f93
-	* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
-	(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
-	blocking operations by npth_unprotect/npth_protect.
-
-	dirmngr: Reject certificate which is not valid into cache.
-	+ commit 14ccabe7f82f64bbf84b8a880cd8b4a34cea9061
-	* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
-	certificate which is obviously invalid.
-
-2022-08-31  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix assertion failure due to errors in encrypt_filter.
-	+ commit aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
-	* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
-	return value.
-	* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
+2021-03-31  Werner Koch  <wk@gnupg.org>
 
-	* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
+	scd: Replace all assert macros by the log_assert macro.
+	+ commit 1c16878efd0bcf036f56abef93d64ac41ce9e95b
 
-2022-08-30  Werner Koch  <wk@gnupg.org>
 
-	gpg: Make --require-compliance work for -se.
-	+ commit f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
-	* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
-	out to ...
-	(create_dek_with_warnings): new
-	(check_encryption_compliance): and new.
+	build: Require automake 1.16.3.
+	+ commit 6ca540715139899137e1f86c7e1dcbd0288f15b3
+	* configure.ac (min_automake_version): Bump to 1.16.3
 
-	* g10/encrypt.c (encrypt_filter): Add the compliance check.
+2021-03-31  NIIBE Yutaka  <gniibe@fsij.org>
 
-2022-08-29  Werner Koch  <wk@gnupg.org>
+	build: Update gpg-error.m4.
+	+ commit 8d6152a4cfd8a4cf176c01f99e1d49eeecab4367
+	* m4/gpg-error.m4: Update from libgpg-error.
 
-	gpg: Rename a function.
-	+ commit 15cf36f6a84deb739bef9944819c5f79f8de3334
-	* g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.
+2021-03-30  Werner Koch  <wk@gnupg.org>
 
-	gpg: Very minor cleanup in decrypt_data.
-	+ commit 5b24c41ba72c2d06f6acc7c2ad51cf6f384d41d8
-	* g10/decrypt-data.c (decrypt_data): Show also the aead algo with
-	--show-session-key.  Remove meanwhile superfluous NULL-ptr test.
+	card: Print the key's label if available.
+	+ commit 0d6f276f61c583d776687029c715b1ee4280e4ed
+	* tools/gpg-card.h (struct key_info_s): Add field 'label'.
+	* tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL.
+	(scd_learn): Always request KEY-LABEL.
+	* tools/gpg-card.c (nullnone): New.
+	(list_one_kinfo, list_card): Use it.  Print the label.
 
-2022-08-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+	scd:p15: Return labels for keys and certificates.
+	+ commit 7f9126363265a6b6fe4223d68fc4e87678c4ddfc
+	* scd/app-p15.c (send_certinfo): Extend certinfo.
+	(do_getattr): Support KEY-LABEL.
 
-	g10/decrypt-data: disable output estream buffering to reduce overhead.
-	+ commit e92812a4752e56977286f96f7b5064db1e22936d
-	* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
-	output file.
+	scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
+	+ commit 651c07a7301c33229af051d83edbf898bae52e8b
+	* scd/app-p15.c (verify_pin): Take care of verify status.
 
-2022-08-24  Werner Koch  <wk@gnupg.org>
+	scd:p15: Return the creation time of the keys.
+	+ commit de4d3c99aa58ee06ae978d59e7e3aa7bace1c440
+	* scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr.
+	(keygrip_from_prkdf): Set them.
+	(send_keypairinfo): Extend KEYPAIRINFO.
 
-	Release 2.2.37.
-	+ commit 8e60f885713b833dfd8cef7f5b0272df0e48d62f
+2021-03-30  NIIBE Yutaka  <gniibe@fsij.org>
 
+	build: Fix for make distcheck, no EPS support.
+	+ commit d1bac0a3be7081a4bfc7f813f9d626e1396ad5c1
+	* Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
+	* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove EPS files.
+	(gnupg.dvi): Remove.
 
-2022-08-19  Werner Koch  <wk@gnupg.org>
+2021-03-29  Werner Koch  <wk@gnupg.org>
 
-	gpgsm: New option --compatibility-flags.
-	+ commit 77b6896f7a85a4b1c9cdd731e1d68d59a0e09950
-	* sm/gpgsm.c (oCompatibilityFlags): New option.
-	(compatibility_flags): new.
-	(main): Parse and print them in verbose mode.
-	* sm/gpgsm.h (opt): Add field compat_glags.:
-	(COMPAT_ALLOW_KA_TO_ENCR): New.
-	* sm/keylist.c (print_capabilities): Take care of the new flag.
-	* sm/certlist.c (cert_usage_p): Ditto.
+	scd:p15: Make RSA with SHA512 work with CardOS.
+	+ commit 592f48011790e30d4bcfd9093eb58b786c8c9a8b
+	* scd/app-p15.c (do_sign): Rewrite.
 
-	* common/miscellaneous.c (parse_compatibility_flags): New.
-	* common/util.h (struct compatibility_flags_s): New.
+	agent: Skip unknown unknown ssh curves seen on cards.
+	+ commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304
+	* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
+	curves.
 
-2022-08-17  Werner Koch  <wk@gnupg.org>
+	scd:p15: Support ECDSA and ECDH for CardOS.
+	+ commit a494b29af9cc9c4c8c8323bae20e845d5a390448
+	* scd/iso7816.c (iso7816_pso_csv): New.
+	* scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
+	needed.
+
+	* scd/app-p15.c (CARD_PRODUCT_RSCS): New.
+	(struct prkdf_object_s): Add fields is_ecc, token_label, and
+	tokenflags.
+	(do_deinit): Free new fields.
+	(cardproduct2str): New.
+	(read_ef_prkdf): Set new is_ecc flag.
+	(read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
+	(read_p15_info): here.  set the product info here after all data has
+	been gathered.
+	(send_keypairinfo): Chnage the way the gpgusage flags are used.
+	(make_pin_prompt): If the token has a label and the current cert has
+	no CN, show the label as holder info.
+	(do_sign): Support ECDSA.  Take care of the gpgusage flags.
+	(do_decipher): Support ECDH.  Take care of the gpgusage flags.
+
+	gpg: Allow ECDH with a smartcard returning just the x-ccordinate.
+	+ commit f129b0e97730b47d62482fba9599db39b526f3d2
+	* g10/ecdh.c (extract_secret_x): Add extra safety check. Allow for
+	x-only coordinate.
+
+2021-03-28  Werner Koch  <wk@gnupg.org>
 
-	gpgconf: Make --auto-key-import and --include-key-block visible again.
-	+ commit b356eddf3d7a1ed0fae808b9277134d50f4974af
-	* tools/gpgconf-comp.c: Add options.
+	gpgconf: Do not i18n an empty string to the PO files meta data.
+	+ commit 18d884f8411a0ca263a8aa588bb49eb0dae9ee19
+	* tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
 
-2022-08-16  Werner Koch  <wk@gnupg.org>
+2021-03-26  Werner Koch  <wk@gnupg.org>
 
-	agent: Fix bug introduced earlier today.
-	+ commit 3591112fdb013dee1a1a668c9f777d0890520311
-	* agent/findkey.c (agent_write_private_key): Fix condition.
+	tests: Make sure the built keyboxd is used by the tests.
+	+ commit a5e72b663b3649c939d32d6526b5e2b3347dedd9
+	* tests/openpgp/defs.scm (tool): Add keyboxd.
+	* tests/openpgp/setup.scm: Ditto.
 
-	gpg: Fix "generate" command in --card-edit.
-	+ commit 914ee7247562dc8f1e4b8503b3b574a5d2749bde
-	* g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
-	testing for it.
+	gpgconf: Fix another argv overflow if --homedir is used.
+	+ commit 057131159b445d2d49392e95c677ad7b4cd4ae9c
+	* tools/gpgconf-comp.c (gc_component_check_options): Increase array.
 
-	* g10/card-util.c (current_card_status): Always try to update the
-	shadow keys.
-	* g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.
+	gpgconf: Fix argv overflow if --homedir is used.
+	+ commit d3d57a1bc88ece0c12c91f54b089482cce92c5a0
+	* tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too
+	small array.
+	(gpg_agent_runtime_change): Fix error message.
+	(scdaemon_runtime_change): Ditto.
+	(tpm2daemon_runtime_change): Ditto.
+	(dirmngr_runtime_change): Ditto.
+	(keyboxd_runtime_change): Ditto.
 
-	gpg: Update shadow-keys with --card-status also for non-openpgp cards.
-	+ commit 2d23a72690b44528783264a93e170585a99cc774
-	* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
-	mode.
-	* g10/call-agent.c (agent_update_shadow_keys): new.
-	* g10/card-util.c (current_card_status): Call it.
-
-	agent: Let READKEY update the display-s/n of the Token entry.
-	+ commit 755920d4335730fbf25e24342dc9c8a8a772dac3
-	* agent/findkey.c (agent_write_private_key): Factor file name
-	generation out to ...
-	(fname_from_keygrip): new.
-	(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
-	(agent_write_shadow_key): Ditto.
+	agent: Add debug output for failed RSA signature verification.
+	+ commit 6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281
+	* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
+	and print some debug info in the error case.
 
-	* agent/command.c (cmd_readkey): Update the shadow-key in card mode.
+	common: New function to uncompress an ECC public key.
+	+ commit 935765b451aadc63fbba763a4a00f4efa0254436
+	* common/sexputil.c (ec2os): New.
+	(uncompress_ecc_q_in_canon_sexp): New.
 
-	gpg: Fix --card-status to handle lowercase APPTYPEs.
-	+ commit 8e393e2592646f7d2a11ec32232b8f29eacdce13
-	* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
+	* common/t-sexputil.c (fail2): new.
+	(test_ecc_uncompress): New.
+	(main): Run new test.
 
-2022-08-16  NIIBE Yutaka  <gniibe@fsij.org>
+2021-03-26  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpg: Fix detecting OpenPGP card by serialno.
-	+ commit 27ae89db6e6901a8fd6f1dce50a25c1a4b845086
-	* g10/card-util.c (get_info_for_key_operation): Use ->apptype to
-	determine card's APP.
-	(current_card_status): Even if its SERIALNO is not like OpenPGP card,
-	it's OpenPGP card when app says so.
+	scd: Fix PC/SC error handling at apdu_dev_list_start.
+	+ commit d4e5979c630c2960cf1fd5796f1060419e71cb04
+	* scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add.
+	(pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE.
+	(apdu_dev_list_start): Return error correctly.
 
-2022-08-16  Werner Koch  <wk@gnupg.org>
+2021-03-24  Werner Koch  <wk@gnupg.org>
 
-	common: In private key mode write "Key:" always last in name-value.
-	+ commit 12ad9529782df1eecf628281b8db62cafd775c4f
-	* common/name-value.c (nvc_write): Take care of Key. Factor some code
-	out to ...
-	(write_one_entry): new.
+	card: Add option --use-default-pin to command "login".
+	+ commit 73bad368dacf5334bf78af15b243d06fd1273849
+	* tools/gpg-card.c (cmd_login): Add option.
 
-2022-08-15  Werner Koch  <wk@gnupg.org>
+	scd:p15: Make $SIGNKEY et al determination more fault tolerant.
+	+ commit 964363e788210f96a471e31ffa8fd17b534c0aa8
+	* scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out
+	the keys to use.
 
-	agent: Create and use Token entries to track the display s/n.
-	+ commit dc9b2426288e4eb6ab42aa7f731a35bc8d383b46
-	* agent/divert-scd.c (linefeed_to_percent0A): New.
-	(ask_for_card): Add arg grip.  Read Token and Label items and use
-	them.
-	(divert_pksign, divert_pkdecrypt): Pass down grip.
-	* agent/findkey.c (write_extended_private_key): Add args serialno,
-	keyref, and dispserialno.  Writen Token item.
-	(agent_write_private_key): Add args serialno, keyref, and
-	dispserialno.
-	(read_key_file): Add arg r_keymeta.
-	(agent_keymeta_from_file): New.
-	(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
-	* agent/protect-tool.c (agent_write_private_key): Ditto.
-	* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
-	agent_write_shadow_key.
-	* agent/command-ssh.c (card_key_available): Ditto.
-
-	common: New function nve_set.
-	+ commit 706adf669173ec604158e4a2f4337e3da6cb1e45
-	* common/name-value.c (nve_set): New.
-	(nvc_set): Use nve_set.
-	(nvc_delete_named): New.
-	(nvc_get_string): New.
-	(nvc_get_boolean): New.
+2021-03-24  NIIBE Yutaka  <gniibe@fsij.org>
 
-2022-08-04  Werner Koch  <wk@gnupg.org>
+	gpg: Fix v5 signature for clearsign.
+	+ commit 14ef703ad65850fa22d394c4d521ba602ff2cc8d
+	* g10/sign.c (clearsign_file): Prepare EXTRAHASH.
 
-	gpg: Fix wrong error message for keytocard.
-	+ commit f2a81e3745017072585c9999a129ee5dd0bdc6e6
-	* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
+	gpg: Support ECDH with v5 key.
+	+ commit 90a5b4e648b3c8a6fe645df7e61654dfdb3548be
+	* g10/ecdh.c (build_kdf_params): Use the first 20 octets.
+	* g10/pkglue.c (pk_encrypt): Remove length check to 20.
+	* g10/pubkey-enc.c (get_it): Likewise.
 
-2022-08-03  Werner Koch  <wk@gnupg.org>
+2021-03-23  Werner Koch  <wk@gnupg.org>
 
-	common: Silence warnings from AllowSetForegroundWindow.
-	+ commit 6583abedf3f0ffe5cc8283fe683144fc1d5add40
-	* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
-	only with debug flag set.
+	gpgconf: Fix listing of default_pubkey_algo.
+	+ commit a107b24ddb45c9eef432d456f302c1acea3af27c
+	* tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No
+	flags needed for pseudo options.
+	(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
+	(gc_component): Add field known_pseudo_options.
+	(struct read_line_wrapper_parm_s): New.
+	(read_line_wrapper): New.
+	(retrieve_options_from_program): Use read_line_wrapper to handle
+	pseudo options.
 
-	dirmngr: Fix failed malloc error message.
-	+ commit 94908857e1f54a3550a3704a5de6bd10b7902169
-	* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
+2021-03-22  Werner Koch  <wk@gnupg.org>
+
+	kbxd: Group the options.
+	+ commit ed82ef91459f72b955f4e342ab88a7a0949c436b
+	* kbx/keyboxd.h (opt): Remove unused field 'batch'.
+	* kbx/keyboxd.c (opts): Remove --batch.  Add group descriptions.
+
+2021-03-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Support exporting Ed448 SSH key.
+	+ commit 1524a942b645d9facbedd9ed4a472e343838b6a1
+	* common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New.
+	(openpgp_oid_is_ed448): New.
+	* common/util.h (openpgp_oid_is_ed448): New.
+	* g10/export.c (export_one_ssh_key): Support Ed448 key.
+
+	gpg: Fix exporting SSH key.
+	+ commit 0b45c5a9941094bd4529c3bf5b1cb8ce2584b9a4
+	* g10/export.c (export_one_ssh_key): Finish base 64 encoder before
+	writing out the comment string.
+
+2021-03-19  Werner Koch  <wk@gnupg.org>
+
+	card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.
+	+ commit 475644e049436c49de7620a1539515479ad2aa4f
+	* tools/gpg-card.c (cmd_writecert): Allow the other key references.
+	(cmd_readcert): Ditto.
+
+	scd:openpgp: Allow reading and writing user certs for keys 1 and 2.
+	+ commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f
+	* scd/iso7816.c (CMD_SELECT_DATA): New.
+	(iso7816_select_data): New.
+	* scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
+	(do_writecert): Ditto.
+	(do_setattr): Add CERT-1 and CERT-2.
+
+	scd:openpgp: Rename an internal variable.
+	+ commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5
+	* scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
+	s/max_certlen_3/max_certlen.  Change users.
+
+	scd:openpgp: Small speedup reading card properties.
+	+ commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19
+	* scd/app-openpgp.c (struct app_local_s): Add new flag.
+	(get_cached_data): Force chace use if flag is set.
+	(app_select_openpgp): Avoid reading DO 6E multiple times.
+
+2021-03-18  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Allow to use an auth object label with cmd CHECKPIN.
+	+ commit 85082a83c2c1bda50fe6b7aa2ac68cef4faca4c7
+	* scd/app-p15.c (prepare_verify_pin): Allow for PRKDF to be NULL.
+	(make_pin_prompt): Ditto.
+	(verify_pin): Ditto.
+	(do_check_pin): Allow using the Label to specify a PIN.
+
+	card: Print PIN descriptions and fix number of printed retry counters.
+	+ commit 1ac189f2df6cedab3a133baca69558fdf6a908d4
+	* tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo,
+	and chvlabels.
+	* tools/card-call-scd.c (release_card_info): Free chvlabels.
+	(learn_status_cb): Parse CHV-LABEL.  Set nmaxlen and nchvinfo.
+	* tools/gpg-card.c (list_retry_counter): Print CHV labels.
+
+	scd:p15: New attribute CHV-LABEL.
+	+ commit ef29a960bf06005c34093cd9a6bca5a202ed359a
+	* scd/app-p15.c (parse_common_obj_attr): Map spaces in the lapel to
+	underscores.
+	(read_ef_aodf): Prettify printing of the type.
+	(do_getattr): New attribute CHV-LABEL
+	(do_learn_status): Emit CHV-LABEL.
+	(verify_pin): Distinguish the PIN prompts.
+
+	agent: Simplify a function.
+	+ commit 26215cb211ad93ad9cc51fb4f8257b9e3c254a4e
+	* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
+	of handcounting space.
+
+2021-03-16  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Implement CHV-STATUS attribute.
+	+ commit bf1d7bc3697c7d650994ba94d3704af189594657
+	* scd/command.c (send_status_direct): Return an error.
+	* scd/app-p15.c (do_learn_status): Emit CHV-STATUS.
+	(compare_aodf_objid): New.
+	(do_getattr): Implement CHV-STATUS.
+
+	card: Generalize the CHV counter printing.
+	+ commit e4c2d7be22ffb47b41a3b6c1152bd75dceed74e2
+	* tools/gpg-card.c (list_retry_counter): New.  Factored out from the
+	other functions.
+	(cmd_verify): Re-read the chv status.
+
+2021-03-16  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>
+
+	build: Check for the IBM TSS tools to run the tpm2d tests.
+	+ commit c0f50811fcf81e5ebe2df326342081cfdacfbbfc
+	* configure.ac (TEST_LIBTSS): Make that conditional depend on the
+	detection of tssstartup.
+
+	build: Fix distcheck when tpm2dtests are run.
+	+ commit ad481666ea6ef3743041ec6d043a3e6901ebab33
+	* tests/tpm2dtests/Makefile.am (EXTRA_DIST): Distribute test files.
+	(CLEANFILES): Make sure to remove log files.
+
+2021-03-15  James Bottomley  <James.Bottomley@HansenPartnership.com>
+
+	tests:tpm2d: add missing start_sw_tpm.sh script.
+	+ commit a788f2e8306d80f7f3df34eb62ec7ce1a62d48e1
+	* tests/tpm2dtests/start_sw_tpm.sh: New.
+	* tests/tpm2dtests/Makefile.am: Add.
+
+2021-03-15  Werner Koch  <wk@gnupg.org>
+
+	gpg: New option --no-auto-trust-new-key.
+	+ commit 1523b5f76f6e600c4f2d153b49a807ff2dc8d268
+	* g10/gpg.c (oNoAutoTrustNewKey): New.
+	(opts): Add --no-auto-trust-new-key.
+	(main): Set it.
+	* g10/options.h (opt): Add flags.no_auto_trust_new_key.
+
+	build: new option to disable building of tpm2daemon.
+	+ commit 8d6123faa8cae0bad6f82c9021e9ac6686b2f55d
+	* configure.ac (build_tpmd): New configure option --disable-tpm2d
+	(BUILD_WITH_TPM2D): New.
+	* Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
+	HAVE_LIBTSS.
+	* build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
+	tpm2d.
+	* autogen.rc: Ditto.
+
+2021-03-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Add handling of Ed448 key.
+	+ commit b743942a9719be59f1da67cd338248fe7ee5aeab
+	* scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
+	(send_key_attr): Use ecc.algo field.
+	(ecc_read_pubkey): Use ecc.algo field.
+	(ecc_writekey): Ed448 means EdDSA.
+	(parse_algorithm_attribute): Set ecc.algo field from card.
+	Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.
+
+	scd: Fix count_sos_bits handling.
+	+ commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10
+	* scd/app-openpgp.c (count_sos_bits): Handle an exceptional case.
+
+	common: Fix the NBITS of Ed448in OIDTABLE.
+	+ commit 373b52e69a6ca609a663a0c4a018358fdf52dc7e
+	common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.
+
+2021-03-12  Werner Koch  <wk@gnupg.org>
 
-	gpgconf: Add config file for Windows Registry dumps.
-	+ commit ebb736b2c310c8736d1165be9c8e2de413dd0ac6
-	* tools/gpgconf.c (show_registry_entries_from_file): New.
-	(show_configs): Call it.
-	* doc/examples/gpgconf.rnames: New.
-	* doc/Makefile.am (examples): Add it.
+	scd: New option --pcsc-shared.
+	+ commit 5732e7a8e97cebf8e850c472e644e2a9b040836f
+	* scd/scdaemon.h (opt): Add field opcsc_shared.
+	* scd/scdaemon.c (opcscShared): New.
+	(opts): Add "--pcsc-shared".
+	(main): Set flag.
+	* scd/apdu.c (connect_pcsc_card): Use it.
+	(pcsc_get_status): Take flag in account.
+	* scd/app-openpgp.c (cache_pin): Bypass in shared mode.
+	(verify_chv2: Do not auto verify chv1 in shared mode.
+	* scd/app-piv.c (cache_pin): By pass caceh in shared mode.
 
-2022-08-02  Werner Koch  <wk@gnupg.org>
+2021-03-12  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpg: Make symmetric + pubkey encryption de-vs compliant.
-	+ commit e8011a7ceca7d5d9fd703f227e56931a7ea151d6
-	* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
-	de-vs compliant.
+	scd: Fix computing fingerprint for ECC with SOS.
+	+ commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774
+	* scd/app-openpgp.c (count_sos_bits): New.  Count as sos_write does.
+	(store_fpr): For ECC, use count_sos_bits.
 
-	* g10/mainproc.c (struct symlist_item): New.
-	(struct mainproc_context): Add field symenc_list.
-	(release_list): Free that list.
-	(proc_symkey_enc): Record infos from symmetric session packet.
-	(proc_encrypted): Check symkey packet algos
+	gpg: Fix compute_fingerprint for ECC with SOS.
+	+ commit cfc1497efa8c98cf490f5efc9b280a6ec44514bd
+	* g10/keyid.c (hash_public_key): Tweak NBITS just as sos_write does.
 
-	gpgconf: Improve registry dumping.
-	+ commit 6bc959231802d60694b7677d3537261d9cda1e1d
-	* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
-	string.
-	(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
-	(show_configs): Indicate whether the HKLM fallback was used.
-	* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
-	Registry key.  Indicate whether the HKLM fallback was used.
+2021-03-11  Valtteri Vuorikoski  <vuori@notcom.org>
 
-2022-07-28  Werner Koch  <wk@gnupg.org>
+	scd:piv: Improve APT parser compatibility.
+	+ commit 8cad11d13b15b0ef672545b06450dfbea1fef18e
+	* scd/app-piv.c (app_select_piv): Allow for full AID.
 
-	gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
-	+ commit 890e616593af5d1e0f2eb932768205ef90928e5e
-	* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
-	algorithm.
+2021-03-11  Werner Koch  <wk@gnupg.org>
 
-2022-07-27  Werner Koch  <wk@gnupg.org>
+	gpg: New option --force-sign-key.
+	+ commit fe02ef04500c1b35cd27132fb99ac1961f555193
+	* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
+	(main): Set it.
+	* g10/options.h (opt): New flag flags.force_sign_key.
+	* g10/keyedit.c (sign_uids): Use new flag.
 
-	agent: New option --no-user-trustlist and --sys-trustlist-name.
-	+ commit d0bd91ba73a7e333e9b5007875c9bd475fb9581e
-	* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
-	(opts): Add new option names.
-	(parse_rereadable_options): Parse options.
-	(finalize_rereadable_options): Reset allow-mark-trusted for the new
-	option.
-	* agent/agent.h (opt): Add fields no_user_trustlist and
-	sys_trustlist_name.
-	* agent/trustlist.c (make_sys_trustlist_name): New.
-	(read_one_trustfile): Use here.
-	(read_trustfiles): Use here.  Implement --no-user-trustlist.  Also
-	repalce "allow_include" by "systrust" and adjust callers.
+2021-03-11  James Bottomley via Gnupg-devel  <gnupg-devel@gnupg.org>
+
+	tpmd2: Add Support for the Intel TSS.
+	+ commit b9c560e3a400da83073b232ee12fae090b21d20c
+	* configure.ac: Check for Intel TSS.
+	* tpm2d/intel-tss.h: New.
+	* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
+
+2021-03-10  James Bottomley  <James.Bottomley@HansenPartnership.com>
+
+	tpm2d: add tests for the tpm2daemon.
+	+ commit 6720f1343aef9342127380b155c19e12c92d65ac
+	* configure.ac: Detect TPM emulator and enable tests.
+	* tests/tpm2dtests/: New test suite.
+	* tests/Makefile.am: Run tests.
+
+	gpg: Add new command keytotpm to convert a private key to TPM format.
+	+ commit 92b601fceec7da64939591001dba94e202f6e6a0
+	* agent/command.c (cmd_keytotpm): New.
+	(agent/command.c): Register new command KEYTOTPM.
+	* g10/call-agent.c (agent_keytotpm): New.
+	* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
+	(keyedit_menu): Implement.
+
+	agent: Add new shadow key type and functions to call tpm2daemon.
+	+ commit 1f995b9ba42b76c1d83b484e5362548a54a70dab
+	* agent/call-tpm2d.c: New.
+	* divert-tpm2.c: New.
+	* agent/Makefile.am: Add new files.
+	* agent/agent.h (DAEMON_TPM2D): New.  Add stub fucntions.
+	* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
+	* agent/command.c (do_one_keyinfo): Handle tpmv2.
+	* agent/gpg-agent.c (oTpm2daemonProgram): New.
+	(opts): New option --tpm2daemon-program.
+	(parse_rereadable_options): Handle option.
+	* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
+	(agent_pksign_do): Ditto.
+	---
 
-2022-07-27  Ingo Klöcker  <dev@ingo-kloecker.de>
+	A new shadow key type: "tpm2-v1" is introduced signalling that the
+	shadowed key is handled by the tpm2daemon.  A function to identify
+	this type is introduced and diversions to the tpm2daemon functions are
+	conditioned on this function for pkign and pkdecrypt where the same
+	diversions to scd are currently done.  The (info) field of the
+	shadowed key stores the actual TPM key.  The TPM key is encrypted so
+	only the physical TPM it was created on can read it (so no special
+	protection is required for the info filed), but if the (info) field
+	becomes corrupt or damaged, the key will be lost (unlike the token
+	case, where the key is actually moved inside the token).
+
+	Note, this commit adds handling for existing TPM format shadow keys,
+	but there is still no way to create them.
+
+
+	Additional changes:
+	* Add ChangeLog entries.
+	* Some minor indentation fixes.
+	* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
+	  work.
+	* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
+	  gpg_error_t.  Mark args as unused.
+	* agent/protect.c (agent_is_tpm2_key): Free BUF.
+
+	tpm2d: Add tpm2daemon code.
+	+ commit 62a7854816b8f3661fb41f05463289e5b96663ee
+	* tpm2d: New directory.
+	* Makefile.am (SUBDIRS): Add directory.
+	* configure.ac: Detect libtss and decide whether to build tpm2d.
+	* am/cmacros.am: Add a define.
+	* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
+	* common/homedir.c (gnupg_module_name): Add tpm2d.
+	* common/mapstrings.c (macros): Add "TPM2DAEMON".
+	* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
+	* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
+	(gc_component): Add TPM2.
+	(tpm2daemon_runtime_change): New.
+	* tpm2d/Makefile.am: New.
+	* tpm2d/command.c: New.
+	* tpm2d/ibm-tss.h: New.
+	* tpm2d/tpm2.c: New.
+	* tpm2d/tpm2.h: New.
+	* tpm2d/tpm2daemon.c: New.
+	* tpm2d/tpm2daemon.h: New.
 
-	gpg: Look up user ID to revoke by UID hash.
-	+ commit abe69b2094dd749fc2f285b672d30a4f1e3f12a7
-	* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
-	(keyedit_quick_revuid): Use find_userid() instead of iterating over the
-	nodes of the keyblock.
-	* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
-	user ID specified by its hash.
+	---
+	This commit adds and plumbs in a tpm2daemon to the build to mirror the
+	operation of scdaemon.  The architecture of the code is that
+	tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
+	updated function prefixes (this argues there could be some further
+	consolidation of the daemon handling code).  Note that although this
+	commit causes the daemon to be built and installed, nothing actually
+	starts it or uses it yet.
+
+	Command handling
+	----------------
+
+	command.c is copied from the command handler in scd.c except that the
+	command implementation is now done in terms of tpm2 commands and the
+	wire protocol is far simpler.  The tpm2daemon only responds to 4
+	commands
+
+	IMPORT:    import a standard s-expression private key and export it to
+	           TPM2 format.  This conversion cannot be undone and the
+	           private key now can *only* be used by the TPM2.  To anyone
+	           who gets hold of the private key now, it's just an
+	           encrypted binary blob.
+
+	PKSIGN:    create a signature from the tpm2 key.  The TPM2 form private
+	           key is retrieved by KEYDATA and the hash to be signed by
+	           EXTRA.  Note there is no hash specifier because the tpm2
+	           tss deduces the hash type from the length of the EXTRA
+	           data.  This is actually a limitation of the tpm2 command
+	           API and it will be interesting to see how this fares if the
+	           tpm2 ever supports say sha3-256 hashes.
+
+	PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
+		   The tpm2 for private key is retrieved by KEYDATA and the
+		   information used to create the symmetric key by EXTRA.
+
+	KILLTPM2D: stop the daemon
+
+	All the tpm2 primitives used by command.c are in tpm2.h and all the
+	tpm2 specific gunk is confined to tpm2.c, which is the only piece of
+	this that actually does calls into the tss library.
+
+
+	Changes from James' patch:
+
+	- gpgconf: The displayed name is "TPM" and not "TPM2".  That
+	  string is used by GUIs and should be something the user
+	  understands.  For example we also use "network" instead
+	  of "Dirmngr".
+	- Removed some commented includes.
+	- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
+	- Silenced a C90 compiler warning and flags unused parameters.
+	- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
+	  files so that make distcheck works.
+
+2021-03-10  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Support special extended usage flags for OpenPGP keys.
+	+ commit 08b5ac492afc6c6e7eaaa1f70d67c81cbda2c9be
+	* scd/app-p15.c (struct gpgusage_flags_s): New.
+	(struct prkdf_object_s): Add field gpgusage.
+	(struct app_local_s): Add field any_gpgusage.
+	(dump_gpgusage_flags): New.
+	(read_p15_info): Parse athe gpgusage flags.
+	(do_getattr): Take care of the gpgusage flags.
+
+2021-03-08  Werner Koch  <wk@gnupg.org>
+
+	sm: Init nPth which might be used by some helper code.
+	+ commit a4021d9be4aeac7429bf6a8e9f336dbb62cacfc4
+	* sm/gpgsm.c: Include npth.h.
+	(main): Init nPth.
+
+	w32: Cleanup use of pid_t in call-daemon.
+	+ commit 33c492dcb955bff01fffae31fb7750f88e07b8ff
+	* agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
+	use HANDLE for pid_t.
+	(wait_child_thread): Ditto.
 
-2022-07-27  Werner Koch  <wk@gnupg.org>
+	w32: Change spawn functions to use Unicode version of CreateProcess.
+	+ commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7
+	* common/exechelp-w32.c (gnupg_spawn_process): Change to use
+	CreateProcessW.
+	(gnupg_spawn_process_fd): Ditto.
+	(gnupg_spawn_process_detached): Ditto.
+	* g10/exec.c (w32_system): Ditto.
 
-	wkd: Bind the address to the nonce.
-	+ commit 73a98c13969169fee6bf5eaa71507a409eb17caf
-	* tools/gpg-wks-server.c (make_pending_fname): New.
-	(store_key_as_pending, check_and_publish): Use here.
-	(process_new_key): Pass addrspec to store_key_as_pending.
-	(expire_one_domain): Expire also the new files.
+2021-03-08  NIIBE Yutaka  <gniibe@fsij.org>
 
-2022-07-26  Ingo Klöcker  <dev@ingo-kloecker.de>
+	scd: Fix for X448.
+	+ commit fc99f77b14b6c2cdfb547607651922c16863dcf0
+	* scd/app-openpgp.c (do_decipher): Support with no prefix.
 
-	dirmngr: Ask keyservers to provide the key fingerprints.
-	+ commit 22e8dc792702cd485408b5a8212d34a3917851ca
-	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
-	request URL.
+2021-03-05  Werner Koch  <wk@gnupg.org>
 
-2022-07-25  Ingo Klöcker  <dev@ingo-kloecker.de>
+	w32: Always use Unicode for console input and output.
+	+ commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
+	* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
+	UTF-8 for input and putput.  Switch gettext to UTF-8.
+	* tools/gpgconf.c (main): Display the input and output codepage if
+	they differ.
+	* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
 
-	gpg: Request keygrip of key to add via command interface.
-	+ commit ee8f1c10a7a54714fb2a9ca141d38e666b9a424d
-	* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
-	* doc/help.txt (gpg.keygen.keygrip): New help text.
+	w32: Free memory allocated by new function w32_write_console.
+	+ commit 31b708e268ebb725307856865f34a61670a35586
+	* common/ttyio.c (w32_write_console): Free buffer.
 
-2022-07-25  Werner Koch  <wk@gnupg.org>
+	common,w32: Allow Unicode input and output with the console.
+	+ commit f165c8a737cc968554c9d78932c69869456108ff
+	* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
+	(w32_write_console): New.
+	(tty_printf, tty_fprintf) [W32]: Use new function.
 
-	wkd: Fix path traversal attack on gpg-wks-server.
-	+ commit c1489ca0e101a81df6f8b1ba8d8a9afd9ebc6412
-	* tools/gpg-wks-server.c (check_and_publish): Check for invalid
-	characters in sender controlled data.
-	* tools/wks-util.c (wks_fname_from_userid): Ditto.
-	(wks_compute_hu_fname): Ditto.
-	(ensure_policy_file): Ditto.
+	common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
+	+ commit 8622f53994249d8fb49a488cfe480ffbeb8cbfba
+	* common/ttyio.c: Remove cruft like EMX and RISCOS support.  Translate
+	a few strings.  Re-indent.
 
-2022-07-13  NIIBE Yutaka  <gniibe@fsij.org>
+2021-03-04  Werner Koch  <wk@gnupg.org>
 
-	scd:openpgp: Fix workaround for Yubikey heuristics.
-	+ commit 8c9f879d4aa01ad96320869fb3da83a843292504
-	* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
-	of firmware 5.4, too.
+	common: Rename w32-misc.c to w32-cmdline.c.
+	+ commit 7262d602d802c4a3840097d5de217fcfb9728b49
+	* common/w32-misc.c: Rename to ....
+	* common/w32-cmdline.c: this.
+	* common/Makefile.am: Adjust.
 
-	scd: Fail when no good algorithm attribute.
-	+ commit 225c66f13b8700d9d283367705b31070a3d38d93
-	* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
-	(change_keyattr): Follow the change.
-	(app_select_openpgp): Handle the error of parse_algorithm_attribute.
+	common,w32: Implement globing of command line args.
+	+ commit 089c9439674e8ecbc64f0ba924e6fb447bbc2b9d
+	* common/w32-misc.c [W32]: Include windows.h
+	(struct add_arg_s): New.
+	(add_arg): New.
+	(glob_arg): New.
+	(parse_cmdstring): Add arg argvflags and set it.
+	(w32_parse_commandline): Add arg r_itemsalloced.  Add globing.
 
-2022-07-12  NIIBE Yutaka  <gniibe@fsij.org>
+	* common/init.c (prepare_w32_commandline): Mark glob created items as
+	leaked.
 
-	scd: Don't inhibit SSH authentication for larger data if it can.
-	+ commit 07e43eda8dc69cecc385a6b3723e155afbc59257
-	* scd/app-openpgp.c (do_auth): Use command chaining if available.
+	* common/t-w32-cmdline.c : Include windows.h
+	(test_all): Add simple glob test for Unix.
+	(main): Add manual test mode for Windows.
 
-2022-07-06  Werner Koch  <wk@gnupg.org>
+	common,w32: Refine the command line parsing for \ in quotes.
+	+ commit 20c60076866904187a09393de596deef286116f8
+	* common/t-w32-cmdline.c (test_all): Add new test cases.
+	* common/w32-misc.c (strip_one_arg): Add arg endquote.
+	(parse_cmdstring): Take care of backslashes in quotes.
 
-	Release 2.3.36.
-	+ commit 491645b50ec97db12520483d347291d660db209c
+	gpg: Prepare for globing with UTF-8.
+	+ commit 8e15506d6680bbee85bc01453da28fc90b4cb673
+	* g10/gpg.c (_dowildcard): Remove.
+	(my_strusage): Enable wildcards using our new system.
 
+	common: First take on handling Unicode command line args.
+	+ commit deb6c94362c0f179de1cac18707aad2f51a21e10
+	* common/w32-misc.c: New.
+	* common/t-w32-cmdline.c: New.
+	* common/init.c: Include w32help.h.
+	(prepare_w32_commandline): New.
+	(_init_common_subsystems) [W32]: Call prepare_w32_commandline.
 
-2022-06-29  Werner Koch  <wk@gnupg.org>
+	* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
+	(module_tests): Add t-w32-cmdline
+	(t_w32_cmdline_LDADD): New.
 
-	gpgconf: New short options -V and -X.
-	+ commit f357a5f239919de976b86a666410f504682973e4
-	* tools/gpgconf.c: Assign short options -X and -V
-	(show_version_gnupg): Print the vsd version if available.
+2021-03-01  Nicolas Fella via Gnupg-devel  <gnupg-devel@gnupg.org>
 
-2022-06-24  NIIBE Yutaka  <gniibe@fsij.org>
+	gpg: Keep temp files when opening images via xdg-open.
+	+ commit be2da244565822ad1f268f84dc88a23e5aa8d26a
+	* g10/photoid.c (get_default_photo_command): Change parameter for
+	xdg-open.
 
-	agent: Flush before calling ftruncate.
-	+ commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7
-	* agent/findkey.c (write_extended_private_key): Make sure
-	it is flushed out.
+2021-02-25  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Read out the access flags.
+	+ commit d51a5ca1084c69c0ed304126a7aaa0a648b2eba6
+	* scd/app-p15.c (struct keyaccess_flags_s): New.
+	(struct prkdf_object_s): Add field accessflags.
+	(dump_keyusage_flags): New.
+	(dump_keyaccess_flags): New.
+	(parse_keyaccess_flags): New.
+	(parse_common_key_attr): Return access flags.
+	(read_ef_prkdf): Parse the access flags.  Allow for ECkeys.
+	(read_ef_pukdf): Ditto.  Use new functions for printing.
+	(read_p15_info): Use new fucntion for printing.
+
+	sm: Do not print certain issuer not found diags in quiet mode.
+	+ commit a170f0e73f38e474b6d4463433fe344eca865fa5
+	* sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
+	verbose mode.  Do not print issuer not found diags in quiet mode.
+	* sm/minip12.c (parse_bag_data): Add missing verbose condition.
+
+	sm: Fix issuer certificate look error due to legacy error code.
+	+ commit 473b83d1b9efe51fcca68708580597dddf3f50b7
+	* sm/certchain.c (find_up): Get rid of the legacy return code -1 and
+	chnage var name rc to err.
+	(gpgsm_walk_cert_chain): Change var name rc to err.
+	(do_validate_chain): Get rid of the legacy return code -1.
 
-2022-06-21  Werner Koch  <wk@gnupg.org>
+2021-02-24  Werner Koch  <wk@gnupg.org>
 
-	sm: Update pkcs#12 module from master.
-	+ commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
-	* sm/minip12.c: Update from master.
-	* sm/import.c (parse_p12): Pass NULL for curve.
+	scd:p15: Get the label value of all objects for better diagnostics.
+	+ commit cfdaf2bcc85b3b6f16904006f239b400a3487ff8
+	* scd/app-p15.c (struct cdf_object_s): Add fields authid, authidlen,
+	and label.
+	(struct prkdf_object_s): Add field label.
+	(struct aodf_object_s): Ditto.
+	(release_cdflist): Free new fields.
+	(release_prkdflist): Free new field.
+	(release_aodf_object): Ditto.
+	(parse_common_obj_attr): Return the label.
+	(read_ef_prkdf): Store the label.
+	(read_ef_pukdf): Ditto.
+	(read_ef_cdf): Use parse_common_obj_attr and store authid and label.
+	Print them im verbose mode.
+	(read_ef_aodf): Store the label and print it.
 
-2022-06-20  Werner Koch  <wk@gnupg.org>
+	sm: Silence some output on --quiet.
+	+ commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a
+	* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
+	* sm/gpgsm.c: Include minip12.h.
+	(set_debug): Call p12_set_verbosity.
+	* sm/import.c (parse_p12): Dump keygrip only in debug mode.
+	* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
+	(parse_bag_encrypted_data): Print info messages only in verbose mode.
 
-	common: Add an easy to use DER builder.
-	+ commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195
-	* common/tlv-builder.c: New.
-	* common/tlv.c: Remove stuff only used by GnuPG 1.
-	(put_tlv_to_membuf, get_tlv_length): Move to ...
-	* common/tlv-builder.c: here.
-	* common/tlv.h (tlv_builder_t): New.
+2021-02-23  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Make it code work again for D-Trust cards.
+	+ commit 33aaa37e5bc0beb75305cdf9d8be850daccaee5e
+	* scd/app-p15.c (select_and_read_binary): Allow to skip the select.
+	(select_and_read_record): Return the statusword.  Silence error
+	message for SW_FILE_STRUCT.
+	(select_ef_by_path): Fix selection with a home_DF.
+	(read_first_record): Fallback to read_binary for CardOS and return
+	info about this.
+	(read_ef_prkdf): Use info from read_first_record to decide whether to
+	use record or binary mode.
+	(read_ef_pukdf): Ditto.
+	(read_ef_aodf): Ditto.
+	(read_ef_cdf): Ditto.  New arg cdftype for diagnostics.
+	(read_p15_info): Pass cdftype.
+
+	* scd/apdu.h (SW_FILE_STRUCT): New.
+	* scd/apdu.c (apdu_strerror): Map that one to a string.
+	* scd/iso7816.c (map_sw): and to a gpg-error.
+
+2021-02-22  Werner Koch  <wk@gnupg.org>
+
+	scd: Fix readkey --info in case a readkey command is available.
+	+ commit 2490f4e8e1d1feecb44aefa79bd71f5f8b06c9a4
+	* scd/command.c (do_readkey): Make --info also work if a readkey
+	command is available.
+
+	* scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with
+	the previous commit.
+
+	scd:p15: Extract extended usage flagsand act upon them.
+	+ commit 488eaedc9a332d8164dea22e469354fc10b0a253
+	* scd/app-p15.c: Add a couple of oid constants.
+	(struct cdf_object_s): Replace fields image and imagelen by cert.
+	(struct prkdf_object_s): Add extusage flags
+	(send_keypairinfo): Use them.
+	(cdf_object_from_certid): Factor parts out to ...
+	(cdf_object_from_objid): new function.
+	(read_ef_prkdf): Move info printing to ...
+	(read_p15_info): here.  Fill the extusage flags.
+	(readcert_by_cdf): Cache the ksba cert object instead of the binary
+	cert.
+	* scd/app.c (select_additional_application): Fix a log_debug call.
+	(scd_update_reader_status_file): Ditto.
 
-2022-06-14  Werner Koch  <wk@gnupg.org>
+	sm: Extend the list of known OIDs.
+	+ commit 4c9b509d2402f79668e502a9db5879280a4f683b
+	* sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
+	key usage.
 
-	g10: Fix garbled status messages in NOTATION_DATA.
-	+ commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21
-	* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
+2021-02-19  Werner Koch  <wk@gnupg.org>
 
-2022-06-09  NIIBE Yutaka  <gniibe@fsij.org>
+	build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.
+	+ commit 5573ab714b92f6ee899a816998e56e1238f4c573
+	* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
+	* tools/Makefile.am (gpg_pair_tool_SOURCES):  We build it always.
 
-	agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
-	+ commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a
-	* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
-	and assuan_end_confidential, and wipe the memory after use.
-	* agent/command.c (cmd_preset_passphrase): Likewise.
-	* scd/command.c (pin_cb): Likewise.
+	scd: Minor tweak for easier backporting.
+	+ commit 6d4280b13ddc928ff6bc41bdf482030f0f814fdb
+	* scd/app-common.h (APP_CARD): New.  Use it in app-*.c to access
+	app->card.
 
-2022-06-03  Werner Koch  <wk@gnupg.org>
+2021-02-18  Werner Koch  <wk@gnupg.org>
 
-	w32: Avoid warning about not including winsock2.h after windows.h.
-	+ commit dfc01118ce0707c2d920fb31f7731f3a383df761
-	* common/dynload.h: Include winsock2.h first.
+	po: Change translatability of a fallback string.
+	+ commit 0be4861762c21ebfb4c2e28bb9a3e5cfbc08e1a9
+	* agent/call-pinentry.c (setup_genpin): Do not make the fallback
+	translatable.
 
-	w32: Allow Unicode filenames for iobuf_cancel.
-	+ commit 10db566489880acd510f8e07dc52a38dd82feafe
-	* common/iobuf.c (iobuf_cancel): Use gnupg_remove
-	* common/mischelp.c (same_file_p): Allow for Unicode names.
+	speedo: Update w32 stuff from 2.2.
+	+ commit 919a969354d4021f2e64a948b4c224cd37323713
+	* build-aux/speedo.mk: Update from 2.2.  Add target w32-msi-release.
+	* build-aux/speedo/w32/inst.nsi: Fix location of doc files.
+	* build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
+	* Makefile.am (release): Support a WITH_MSI variable.
+	(wixlibfile): Improve copying to archive.
+	(release): Use AMTAR instead of TAR.
 
-2022-06-01  Werner Koch  <wk@gnupg.org>
+2021-02-17  Werner Koch  <wk@gnupg.org>
 
-	scd:p15: Fix accidental commit of debug code.
-	+ commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff
-	* scd/app-p15.c (do_sign): Revert MSE setting.
+	dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
+	+ commit ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe
+	* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
+	extension.
+	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
+	hostname - which is NULL and thus the same if not given.  Fix minor
+	error in error code handling.
 
-	scd: Shorten cardio debug output for all zeroes.
-	+ commit 62becf599eb861936faf88b6ec5e0f7b1658b54e
-	* scd/apdu.c (all_zero_p): New.
-	(send_le): Use it.
+2021-02-16  NIIBE Yutaka  <gniibe@fsij.org>
 
-	(cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
+	build: Update gpg-error.m4 again.
+	+ commit 3fa1fa747b61867076e344c3eb07a66826c1983a
+	* m4/gpg-error.m4: Update from libgpg-error.
 
-2022-05-17  NIIBE Yutaka  <gniibe@fsij.org>
+2021-02-15  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: Fix use of SCardListReaders for PC/SC.
-	+ commit 7bc794c3113400af082b26610d9d1305826be54e
-	* scd/apdu.c (open_pcsc_reader): Initialize NREADER.
+	build: Update gpg-error.m4.
+	+ commit 985e85dc0e6c54aa465a2af610c5a04fc10649a0
+	* m4/gpg-error.m4: Update from libgpg-error.
 
-2022-05-10  NIIBE Yutaka  <gniibe@fsij.org>
+2021-02-12  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: Add workaround for ECC attribute on Yubikey.
-	+ commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a
-	* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
-	octet in a key attribute.
+	build: Update gpg-error.m4.
+	+ commit e1e3f1db4660b5416828aeb636a7f767fadcc7a4
+	* m4/gpg-error.m4: Update from libgpg-error.
 
-2022-05-06  Werner Koch  <wk@gnupg.org>
+	build: Fix library dependency of g13 test program.
+	+ commit 83e0a9d6b990aa517bc338b578f7faf393ae1b0d
+	* g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS.
 
-	scd:p15: Improve the displayed S/N for Technology Nexus cards.
-	+ commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
-	* scd/app-p15.c (any_control_or_space_mem): New.
-	(get_dispserialno): Add new code.
+2021-02-10  Werner Koch  <wk@gnupg.org>
 
-	scd:p15: Fix the the sanity check of the displayed S/N.
-	+ commit 8efe738c4a090f523461fa3055da668467715105
-	* scd/app-p15.c (any_control_or_space): Fix loop.
+	gpg: Do not allow old cipher algorithms for encryption.
+	+ commit 825dd7220ff6079cbe2d0df7fde93526c077fb6d
+	* g10/gpg.c: New option --allow-old-cipher-algos.
+	(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
+	AES256.  Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
+	* g10/options.h (opt): Add flags.allow_old_cipher_algos.
+	* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
+	unless in --quiet mode.
+	* g10/encrypt.c (setup_symkey): Disallow by default algos with a
+	blocklengt < 128.
+	(encrypt_crypt): Ditto.  Fallback by default to AES instead of 3DES.
+	* g10/pkclist.c (algo_available): Take care of old cipher also.
+	(select_algo_from_prefs): Use AES as implicit algorithm by default.
 
-2022-05-05  Werner Koch  <wk@gnupg.org>
+	* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
 
-	scd:p15: Fix reading certificates without length info.
-	+ commit 7f029eef6ce15be4167f56e7fc07755d189e5e27
-	* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
-	object has no length info.  Add debug output when reading a cert.
-	(read_p15_info): No more need to disable extended mode for GeNUA cards.
+	Remove obsolete M4 macros.
+	+ commit 6e730c18816fbb3e074d93840396ed18f00ab7e2
+	* m4/gnupg-pth.m4: Remove.
+	* m4/libcurl.m4: Remove.
 
-	scd: New debug flags "card".
-	+ commit d60f930d9b000e802dc61c8e8d494a3091dc0437
-	* scd/scdaemon.c (debug_flags): Add "card".
-	* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
+	Require GpgRT version 1.41.
+	+ commit 2b75b256054427119a284792540243c3471267d4
+	* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
+	and set to 1.41.
+	* common/sysutils.c (gnupg_access): Remove code for older gpgrt
+	versions.
+	* kbx/backend-sqlite.c: Ditto.
+	* sm/gpgsm.c (main): Ditto.
 
-	gpg: Minor robustness fix.
-	+ commit 36a5509e11c81305c4ded93982fa594bd52555a6
-	* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
-	failed gcry_mpi_scan.
+2021-02-09  Werner Koch  <wk@gnupg.org>
+
+	build: Make make distcheck work again.
+	+ commit f9e4dae08d7caed741d35916c46b8302e098d521
+	* m4/Makefile.am (EXTRA_DIST): Remove isc-posix.m4
+
+	tools: Remove the symcryptrun tool.
+	+ commit 209b7113f3493bd829ec5c90275ff95a273d9dd4
+	* tools/symcryptrun.c: Remove.
+	* tools/Makefile.am: Ditto.
+	* doc/tools.texi: Remove man page.
+	* configure.ac: Remove build option and tests used only by this tool.
+	* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
+	symcryptrun.
+
+2021-02-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Fix selection of key.
+	+ commit 390f597868a5b5934f21f81ebf6ff110b6792283
+	* g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED.
+
+2021-02-02  Werner Koch  <wk@gnupg.org>
+
+	gpg: Remove support for PKA.
+	+ commit 7f3ce66ec56a5aea6170b7eb1bda5626eb208c83
+	* g10/gpg.c (oPrintPKARecords): Remove.
+	(opts): Remove --print-pka-records.
+	(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
+	* g10/options.h (EXPORT_DANE_FORMAT): Remove.
+	(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
+	(KEYSERVER_HONOR_PKA_RECORD): Remove.
+	* g10/packet.h (pka_info_t): Remove.
+	(PKT_signature): Remove flags.pka_tried and pka_info.
+	* g10/parse-packet.c (register_known_notation): Remove
+	"pka-address@gnupg.org".
+	* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
+	* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
+	* g10/export.c (parse_export_options): Remove "export-pka".
+	(do_export): Adjust for this.
+	(write_keyblock_to_output): Ditto.
+	(do_export_stream): Ditto.
+	(print_pka_or_dane_records): Rename to ...
+	(print_dane_records): this and remove two args. Remove PKA printing.
+	* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
+	pka_info field.
+	* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
+	* g10/keyserver.c: Remove "honor-pka-record".
+	(keyserver_import_pka): Remove.
+	* g10/mainproc.c (get_pka_address): Remove.
+	(pka_uri_from_sig): Remove.
+	(check_sig_and_print): Remove code for PKA.
+
+	gpg: Remove more or less useless tool gpgcompose.
+	+ commit fde7d833573d358b2c5b5eb7d837bc27c6dcb3d1
+	* g10/gpgcompose.c: Remove
+
+	gpg: Remove experimental feature to export w/o user-ids.
+	+ commit 3491faa3bb62c1c96c6dd5947516128b2a966535
+	* g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove.
+	* g10/import.c (parse_import_options): Remove option import-drop-uids.
+	(import_one_real): Remove drop uids code.
+	(remove_all_uids): Remove function.
+	* g10/export.c (parse_export_options): Remove option export-drop-uids.
+	(do_export_one_keyblock): Remove drop uids code.
+
+	card: List keys of pkcs#15 cards.
+	+ commit a06c79b6143fc49e6f5169b8a9f53c691031d6ca
+	* tools/gpg-card.c (list_p15): New.
+	(list_card): Call it.
+
+	scd:p15: Read PuKDF and minor refactoring.
+	+ commit 0c080ed5791ecf1606d1c2fddc0c55362fd171d3
+	* scd/app-p15.c (pukdf_object_t): New.
+	(struct app_local_s): Add field public_key_info.
+	(release_pukdflist): New.
+	(select_and_read_record): No diagnostic in case of not_found.
+	(read_first_record): New.  Factored out from the read_ef_ fucntions.
+	(read_ef_pukdf): New.  Basically a copy of read_ef_prkdf for now.
+	(read_p15_info): Also read the public keys.
+
+	(cardtype2str): New.
+	(read_ef_tokeninfo): Print a string with the cardtype.
+
+2021-02-01  Werner Koch  <wk@gnupg.org>
+
+	sm: Add a few OIDs and merge OID tables.
+	+ commit 0737dc8187a0eb9ca4661e2ad45954c718daa451
+	* sm/keylist.c (OID_FLAG_KP): New.
+	(key_purpose_map): Merge into ...
+	(oidtranstbl): this.
+	(get_oid_desc): New arg 'matchflag'.  Use function in place of direct
+	access to key_purpose_map.
 
-2022-05-02  NIIBE Yutaka  <gniibe@fsij.org>
+2021-01-28  Werner Koch  <wk@gnupg.org>
 
-	tests: Add a test for Ed25519 keys for non-protected secret.
-	+ commit 06e82e997a56406e04113a7f6c1d083e0cc04172
-	* tests/openpgp/issue5120.scm: New.
+	Include the library version in the compliance checks.
+	+ commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f
+	* common/compliance.c (gnupg_gcrypt_is_compliant): New.
+	(gnupg_rng_is_compliant): Also check library version.
+	* g10/mainproc.c (proc_encrypted): Use new function.
+	(check_sig_and_print): Ditto.
+	* sm/decrypt.c (gpgsm_decrypt): Ditto.
+	* sm/encrypt.c (gpgsm_encrypt): Ditto.
+	* sm/verify.c (gpgsm_verify): Ditto
 
-2022-04-28  NIIBE Yutaka  <gniibe@fsij.org>
+2021-01-27  Werner Koch  <wk@gnupg.org>
 
-	gpg: Handle leading-zeros private key for Ed25519.
-	+ commit 3fcef7371480cce392d690897d42955f1b19c12a
-	* g10/parse-packet.c (mpi_read_detect_0_removal): New.
-	(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
-	to tweak the checksum.
+	scd:p15: Make file selection more robust.
+	+ commit 1e197c29ed95d021f5693cd3652b6acb07d928ea
+	* scd/app-p15.c: Include host2net.h.
+	(DEFAULT_HOME_DF): New.
+	(select_and_read_binary): Replace slot by app.  Change callers.  Use
+	select_ef_by_path.
+	(select_and_read_record): ditto.
+	(select_ef_by_path): Make use use the home_df.
+	(parse_certid): Adjust for always set home_df.
+	(print_tokeninfo_tokenflags): Ditto.
+	(app_select_p15): Take the home_df from the FCI returned by select.
+
+	scd: Define new status word.
+	+ commit 7620473cd007c074b0625a678caa6105a4c87142
+	* scd/apdu.h (SW_NO_CURRENT_EF): New.
+
+	scd:p15: Factor the commonKeyAttributes parser out.
+	+ commit 5bcbc8cee310067aa3cc48665b0fb0595c64ae4d
+	* scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key
+	 objects.  Factor some code out to ...
+	(parse_common_key_attr): new.
 
-	Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
-	+ commit 3192939a10df17cb9666773ed8888627f6d16b8d
-	This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.
+	gpg: Fix ugly error message for an unknown symkey algorithm.
+	+ commit b08418d22cc898c9d135217e07ca77f3daf3c9e9
+	* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
+	algorithm.
 
-2022-04-25  Werner Koch  <wk@gnupg.org>
+2021-01-26  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Factor the commonObjectAttributes parser out.
+	+ commit fb84674d6c645a423b8ed9835437d25e4893e183
+	* scd/app-p15.c (parse_common_obj_attr): New.
+	(read_ef_prkdf): Use new function.
+	(read_ef_aodf): Ditto.
+
+	scd:p15: First step towards real CardOS 5 support.
+	+ commit fc287c0552b0fe489c66bb493879f4330c34f287
+	* scd/iso7816.c (iso7816_select_path): Add arg from_cdf.
+	* scd/app-nks.c (do_readkey): Adjust for this change.
+
+	* scd/app-p15.c (CARD_TYPE_CARDOS_53): New.
+	(IS_CARDOS_5): New.
+	(card_atr_list): Add standard ATR for CardOS 5.3.
+	(select_and_read_binary): Remove the fallback to record read hack.
+	(select_and_read_record): New.
+	(select_ef_by_path): Rework and support CardOS feature.
+	(read_ef_prkdf): Use read record for CardOS.
+	(read_ef_cdf): Ditto.
+	(read_ef_aodf): Ditto.  Also fix bug in the detection of other
+	unsupported attribute types.
+	(verify_pin): Use IS_CARDOS_5 macro.
+	(app_select_p15): Force direct method for CardOS.
+
+2021-01-25  Werner Koch  <wk@gnupg.org>
+
+	agent: Support ssh-agent extensions for environment variables.
+	+ commit 224e26cf7b67f22bb0140133eac6b4ad24f3b1b7
+	* common/session-env.c (session_env_list_stdenvnames): Extend to allow
+	return all names as one string.
+	* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
+	(SSH_RESPONSE_EXTENSION_FAILURE): New.
+	(request_specs): Add handler for the extension command.
+	(ssh_handler_extension): New.
+
+2021-01-21  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Show the ATR as part of the TokenInfo diagnostics.
+	+ commit 60499d98940d4b7a1673b8584cafe0f7ac2901dd
+	* scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode.
+
+2021-01-19  Werner Koch  <wk@gnupg.org>
+
+	Require Libgcrypt 1.9.
+	+ commit 9500432b7ae10d98b30c58de4357e2ffb93bf795
+	* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
+	GCRYPT_VERSION_NUMBER dependent code.
+
+2021-01-12  Werner Koch  <wk@gnupg.org>
+
+	tools: Add option --clock to watchgnupg.
+	+ commit 93d5d7ea2a8b110b3ad88be25f2f67d706361e44
+	* tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use
+	clock_gettime.
+	(print_version): New option --clock.
 
-	Release 2.2.35.
-	+ commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1
+2021-01-11  Werner Koch  <wk@gnupg.org>
 
+	gpg,w32: Fix gnupg_remove.
+	+ commit b6967d31912912ad3c0a2ff6bf6eb9822a194562
+	* common/sysutils.c (map_w32_to_errno): New.
+	(gnupg_w32_set_errno): New.
+	(gnupg_remove) [w32]: Set ERRNO
 
-	gpg: Avoid NULL ptr access due to corrupted packets.
-	+ commit 86d84464ae11666b1556e876a41a65cec8daaf18
-	* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
-	with NULL and length > 0
-	(parse_key): Ditto.
+2021-01-06  Ingo Klöcker  <dev@ingo-kloecker.de>
 
-2022-04-25  NIIBE Yutaka  <gniibe@fsij.org>
+	I meant "SHA-2 digests" in the previous commit.
+	+ commit 7eef40cc1143fb19132786ebcca1c9a6c9a85e6e
 
-	agent: Not writing password into file.
-	+ commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3
-	* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
-	pattern check program.
 
-2022-04-25  Werner Koch  <wk@gnupg.org>
+	scd:nks: Add support for signing plain SHA-3 digests.
+	+ commit 8fe976d5b9a0f2902868737dd502c749565222a6
+	* scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify
+	encoding of ASN.1 encoded hashes.
 
-	gpg: Emit an ERROR status as hint for a bad passphrase.
-	+ commit f021ecd57624f09430731f5deee2c4d0712150c8
-	* g10/mainproc.c (proc_symkey_enc): Issue new error code.
-	(proc_encrypted): Ditto.
+2020-12-30  Werner Koch  <wk@gnupg.org>
 
-2022-04-20  Werner Koch  <wk@gnupg.org>
+	wkd: Minor permission fix for created files.
+	+ commit c008e8d20e12c8845403ad7dad499f6a196ecc6a
+	* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
+	(ensure_policy_file): No need to make the policy file group writable.
 
-	w32: Do no use Registry item DefaultLogFile for the main tools.
-	+ commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28
-	* g10/gpg.c (main): Set LOG_NO_REGISTRY.
-	* sm/gpgsm.c (main): Ditto.
-	* tools/gpg-connect-agent.c (main): Ditto.
-	* tools/gpgconf.c (main): Ditto.
-	(show_other_registry_entries): Print "DefaultLogFile".
-
-2022-04-14  Werner Koch  <wk@gnupg.org>
-
-	gpg: Replace an assert by a log_fatal.
-	+ commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639
-	* g10/build-packet.c (do_signature): Use log_fatal.
-
-	scd: Minor code reorganization.
-	+ commit 58532fe56c334d0edc589311e6601fb9da70d9a1
-	* scd/ccid-driver.c: Move struct defines to the top.
-	(MAX_DEVICE): Rename to CCID_MAX_DEVICE.
-
-	scd: Fix memory leak in ccid-driver.
-	+ commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432
-	* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
-
-2022-04-13  Werner Koch  <wk@gnupg.org>
-
-	scd:p15: Improve the PIN prompt for Genua cards.
-	+ commit e99670f944bc613d258d0810c5831a2099718d4e
-	* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
-	(cardproduct2str): Add it.
-	(read_p15_info): Detect and set GENUA
-	(make_pin_prompt): Take holder string from the AODF.
-
-	scd:p15: Support for GeNUA cards.
-	+ commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3
-	* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
-	cards.
-
-	scd:p15: Prepare AODF parsing for other authentication types.
-	+ commit 29fd80581867beeec068b49e8587762394e7d4d1
-	* scd/app-p15.c (auth_type_t): New.
-	(struct aodf_object_s): Add field auth_type.
-	(read_ef_aodf): Distinguish between pin and authkey types.  Include
-	the authtype in the verbose mode diags.
-
-	scd:p15: Add basic support for AET JCOP cards.
-	+ commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0
-	* scd/app-p15.c (CARD_TYPE_AET): New.
-	(cardtype2str): Add string.
-	(card_atr_list): Add corresponding ATR.
-	(app_local_s): New flag no_extended_mode.  Turn two other flags into
-	bit flags.
-	(select_ef_by_path): Hack to handle the 3FFF thing.
-	(readcert_by_cdf): Do not use extended mode for AET.
-	(app_select_p15): Set no_extended_mode.
-	---
-	(cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
+2020-12-21  Werner Koch  <wk@gnupg.org>
 
-2022-03-29  NIIBE Yutaka  <gniibe@fsij.org>
+	common: Remove superfluous debug output from dotlock.c.
+	+ commit fc0eaa9add3c9bc93d4404988be3e1eb8f88ffa2
+	* common/dotlock.c (dotlock_create_unix): Remove debug output.
 
-	common,unix: Backport dotlock changes from GnuPG 2.3.
-	+ commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d
-	* common/dotlock.c (read_lockfile): Return FD in R_FD.
-	(dotlock_take_unix): Fix a race condition by new read_lockfile and
-	checking with fstat.  Describe one race condition in comment.
-	(dotlock_release_unix): Follow the change of read_lockfile.
+	doc: Explain LDAP keyserver parameters.
+	+ commit e0cbb97925a109fee7c0a7450bcac120f2766ed2
 
-2022-03-28  Werner Koch  <wk@gnupg.org>
 
-	dirmngr: Escape more characters in WKD requests.
-	+ commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23
-	* dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'
+2020-12-18  Werner Koch  <wk@gnupg.org>
 
-2022-03-22  Werner Koch  <wk@gnupg.org>
+	dirmngr: Do not block threads in LDAP keyserver calls.
+	+ commit 355e2992c043dd3241a9e838255f01418490ef33
+	* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
 
-	gpgtar: New option --with-log.
-	+ commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b
-	* tools/gpgtar.c: New option --with-log.
-	* tools/gpgtar.h (opt): Add field with_log.
-	* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
-	building up.  Add option --log-file if needed.
-	* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
-	is used outside of its scope.
-	* tools/gpgtar-list.c (gpgtar_list): Ditto.
+2020-12-17  Werner Koch  <wk@gnupg.org>
 
-2022-03-21  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Make WKD_GET work even for servers not handling SRV RRs.
-	+ commit 6d30fb6940d57237392f9196a4de5c7246ffefdf
-	* dirmngr/server.c (proc_wkd_get): Take care of DNS server failures
-
-	gpgtar: Finally use a pipe for decryption.
-	+ commit d431feb3077f763e37f824026988a10d87c8a5aa
-	* tools/gpgtar.h (opt): Add new flags.
-	* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
-	--require-compliance.
-	(main): Init signals.
-	* tools/gpgtar-create.c: Add new header files.
-	(gpgtar_create): Rework to use a pipe for encryption and signing.
-	* tools/gpgtar-list.c: Add new header files.
-	(gpgtar_list): Rework to use a pipe for decryption.
-	* tools/gpgtar-extract.c: Add new header files.
-	(gpgtar_extract): Rework to use a pipe for decryption.
-
-2022-03-18  Werner Koch  <wk@gnupg.org>
-
-	gpg: Print info about the used AEAD algorithm.
-	+ commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca
-	* g10/misc.c (openpgp_cipher_algo_mode_name): New.
-	* g10/decrypt-data.c (decrypt_data): Use function here.
-
-	common: New function map_static_strings.
-	+ commit c1453665491fb6a16883ee5e1828cfb0c28b466a
-	* common/mapstrings.c (struct intmapping_s): New.
-	(map_static_strings): New.
-	* common/stringhelp.c (do_strconcat): Rename to ...
-	(vstrconcat): this and make global.
-
-	* common/t-mapstrings.c (test_map_static_strings): New test.
-
-	gpg: Allow decryption of symencr even for non-compliant cipher.
-	+ commit e081a601f7b31fa278e46de7c6834a756b63cec2
-	* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
-	all callers.  Fail on compliance error only in --require-compliance
-	mode.  Make sure to return an error if the buffer is missing; actually
-	that should be an assert.
-	* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
-	mode status.  Consult the compliance error now returned by
-	decrypt_data.
-
-2022-03-15  Werner Koch  <wk@gnupg.org>
-
-	common: New flags for gnupg_spawn_process.
-	+ commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
-	* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
-	(GNUPG_SPAWN_KEEP_STDOUT): New.
-	(GNUPG_SPAWN_KEEP_STDERR): New.
-	* common/exechelp-posix.c (do_exec): Add arg flags and implement new
-	flags.
-	* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
+	gpg: New AKL method "ntds"
+	+ commit 4a3836e2b2f9a91995d5ce058820e1121298f548
+	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
+	support for KEYDB_SEARCH_MODE_MAIL.
+	(ks_ldap_get): Add a debug.
+	* g10/options.h (AKL_NTDS): New.
+	* g10/keyserver.c (keyserver_import_ntds): New.
+	(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
+	* g10/getkey.c (parse_auto_key_locate): Support "ntds".
+	(get_pubkey_byname): Ditto.
 
-2022-03-09  Werner Koch  <wk@gnupg.org>
+	dirmngr: Support "ldap:///" for the current AD user.
+	+ commit 1194e4f7e2dff620e0da87f212f3a35f8021b142
+	* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
+	* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
+	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
 
-	gpgconf: Silence warnings from parsing the options files.
-	+ commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0
-	* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
-	flag for the arg parser only in --verbose mode.
+	dirmngr: Allow LDAP searches via fingerprint.
+	+ commit 2cadcce3e877c857bb8859574762b59b9c193b44
+	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
+	serverinfo and allow searching by fingerprint.
+	(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
 
-2022-03-09  NIIBE Yutaka  <gniibe@fsij.org>
+2020-12-15  Werner Koch  <wk@gnupg.org>
 
-	sm: Fix parsing encrypted data.
-	+ commit 0c7dffe99d3fded41df87512063515b5ca2da820
-	* sm/minip12.c (cram_octet_string): Finish when N==0.
-	(parse_bag_encrypted_data): Support constructed data with multiple
-	octet strings.
+	dirmngr: Store all version 2 schema attributes.
+	+ commit a2434ccabdd1956876b44e05e07c3c3630c50f8f
+	* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
+	* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
+	extract-state and schemav2.  Add data for the new schema version.
+	remove the legacy code to handle UIDs in the "pub" line.
+	(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
 
-2022-03-08  Werner Koch  <wk@gnupg.org>
+2020-12-14  Werner Koch  <wk@gnupg.org>
 
-	gpgsm: New option --require-compliance.
-	+ commit 847d618454e6f8418b169132dbdd0307d9b4d7e0
-	* sm/gpgsm.c (oRequireCompliance): New.
-	(opts): Add --require-compliance.
-	(main): Set option.
-	* sm/gpgsm.h (opt): Add field require_compliance.
-	(gpgsm_errors_seen): Declare.
-	* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
-	* sm/encrypt.c (gpgsm_encrypt): Ditto.
-	* sm/decrypt.c (gpgsm_decrypt): Ditto.
+	dirmngr: Support the new Active Directory schema.
+	+ commit e9ddd61fe979b1b8e1a4801f7f916d0222397245
+	* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
+	(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
+	serverinfo arg.  Set the new info flags.
+	(ks_ldap_get): Adjust for change.
+	(ks_ldap_search): Ditto.
+	(ks_ldap_put): Ditto.  Replace xmalloc by xtrymalloc.  Change the DN
+	for use with NTDS (aka Active Directory).
+	* doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of
+	pgpVersion.
+	* doc/ldap/gnupg-ldap-ad-init.ldif: New.
+	* doc/ldap/gnupg-ldap-ad-schema.ldif: New.
 
-	gpg: New option --require-compliance.
-	+ commit 17890d43187384d049d80af28a5baea8613ff6ea
-	* g10/options.h (opt): Add field flags.require_compliance.
-	* g10/gpg.c (oRequireCompliance): New.
-	(opts): Add --require-compliance.
-	(main): Set option.
-	* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
-	(check_sig_and_print): Ditto.
-	* g10/encrypt.c (encrypt_crypt): Ditto.
+	dirmngr: Do not store the useless pgpSignerID in the LDAP.
+	+ commit cc056eb534c1b8f7d1a90af3b9ecb9d6b2f322fa
+	* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
+	pgpSignerID.
+	* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
 
-	gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
-	+ commit c11292fe736db6e61fad17d74f65b0b5ad9c2808
-	* g10/Makefile.am (AM_CFLAGS): Reorder.
+	dirmngr: Fix adding keys to an LDAP server.
+	+ commit 37a899d0e4fd49512d522e7f6f86b6968309fece
+	* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
+	addlist.
 
-2022-03-04  Werner Koch  <wk@gnupg.org>
+2020-12-11  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpgtar,w32: Support file names longer than MAX_PATH.
-	+ commit 5492079defab85b1ba2c583e32a8feb752314b2e
-	* tools/gpgtar.c: Replace assert by log_assert.
-	* tools/gpgtar-extract.c: Ditto.
-	(extract_regular): Create files with sysopen flag.
-	* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
+	scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
+	+ commit 3b392630881350baabeba16fa760bad04be94d03
+	* scd/app-nks.c (do_readkey): Allow KEYGRIP access.
+	Support NKS-IDLM.XXXX keyref.
 
-	common,w32: Support file names longer than MAX_PATH in iobuf.
-	+ commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7
-	* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
-	(any8bitchar): Remove.
+	scd:nks: Factor out pubkey retrieval from keygrip handling.
+	+ commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d
+	* scd/app-nks.c (pubkey_from_pk_file): New.
+	(keygripstr_from_pk_file): Use pubkey_from_pk_file.
 
-2022-02-24  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+2020-12-10  NIIBE Yutaka  <gniibe@fsij.org>
 
-	g10: Avoid extra hash contexts when decrypting MDC input.
-	+ commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1
-	* g10/mainproc.c (mainproc_context): New member
-	'seen_pkt_encrypted_mdc'.
-	(release_list): Clear 'seen_pkt_encrypted_mdc'.
-	(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
-	(have_seen_pkt_encrypted_aead): Rename to...
-	(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
-	'seen_pkt_encrypted_mdc'.
-	(proc_plaintext): Do not enable extra hash contexts when decrypting
-	MDC input.
+	scd:nks: Add support of KEYGRIP for do_readcert.
+	+ commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3
+	* scd/app-nks.c (do_readcert): Support KEYGRIP.
 
-2022-02-21  Werner Koch  <wk@gnupg.org>
+	scd:nks: Factor out iteration over filelist.
+	+ commit 6c4365847666cefac73ccc743a99fac473da2186
+	* scd/app-nks.c (iterate_over_filelist): New.
+	(do_with_keygrip): Use iterate_over_filelist.
 
-	scd:p15: Used extended mode already for RSA 2048.
-	+ commit a2db490de5473af42d7b5a99398c48befe294394
-	* scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
+2020-12-09  Werner Koch  <wk@gnupg.org>
 
-2022-02-17  NIIBE Yutaka  <gniibe@fsij.org>
+	wks-client: Improve an error message.
+	+ commit c7c88648b71b8ce3a5507946afb91761fc6d931e
+	* tools/gpg-wks-client.c (read_confirmation_request): Print trust
+	letter.
 
-	tests: Remove a test case with "quiet" option with gpgconf.
-	+ commit f064d972e38863358a2dd53de43acd66572830c2
-	* tests/openpgp/gpgconf.scm: Remove "quiet" test.
+2020-12-09  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: Use lock_slot for apdu_send_direct.
-	+ commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586
-	* scd/apdu.c (apdu_send_direct): Use lock_slot.
+	scd:ccid:spr532: Extend abort_cmd for initialization time.
+	+ commit a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f
+	* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
+	synchronize until success, even ignoring timeout.
+	(bulk_in): Normal use case of abort_cmd.
+	(ccid_vendor_specific_init): Initial use case of abort_cmd.
 
-2022-02-09  Werner Koch  <wk@gnupg.org>
+	scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
+	+ commit f50373027222f28ab9d37843178a5d44cc1e3cc0
+	* scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
+	call libusb_clear_halt.
 
-	gpgconf: Do not show "quiet" as option.
-	+ commit 2f2130ff24faf4507fa5949e834c155b4a8e1525
-	* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
+	scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
+	+ commit ffabc29d5eadfe81b9f62b7d4fe6e858b191354d
+	* scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.
 
-2022-02-07  Werner Koch  <wk@gnupg.org>
+2020-12-08  NIIBE Yutaka  <gniibe@fsij.org>
 
-	Release 2.2.34.
-	+ commit 04d40a680baa43f9803d0981b1da49144021d723
+	scd:yubikey: Fix support of Yubikey NEO.
+	+ commit 946555ea3ceb823b95ed13654ae4fd667daa4337
+	* scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue.
 
+	agent: Allow decryption with card but no file.
+	+ commit eda3c688fc2e85c7cd63029cb9caf06552d203b4
+	* agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
+	but without a stub key.
 
-	dirmngr: Changes to the linking order.
-	+ commit 3c79ff34c417bfc392008eca1970b86bec54d6c3
-	* dirmngr/Makefile.am: Tweak library order.
+	agent: Clean up the API of agent_pkdecrypt.
+	+ commit 9beab36dfa39106f6efd1bb89551a581bcf9df60
+	* agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
+	* agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.
 
-	gpgconf: Make gpgconf --launch dirmngr work again.
-	+ commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50
-	* tools/gpgconf.h (gc_component_id_t): Fix the order.
+	agent: Allow pksign operation with card but no file.
+	+ commit cbb0e069f55bc45037bbd69d54ce23dae2af2ac6
+	* agent/pksign.c (agent_pksign_do): Add support with no file.
 
-	gpgconf: Print the used code pages on Windows with --show-configs.
-	+ commit 32b364b99b492c580330591640cdaa7407016733
-	* tools/gpgconf.c (show_configs): Add some code
+2020-12-07  Ingo Klöcker  <dev@ingo-kloecker.de>
 
-	common: Fix creation of Windows socket directories.
-	+ commit 7d1215cb9cba258102b91c92e6973783e8d53b07
-	* common/homedir.c (w32_try_mkdir): Remove.
-	(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
-	(_gnupg_socketdir_internal): Ditto.
+	gpg: Make quick-gen-key with algo "card" work for keys without keytime.
+	+ commit 255d33d65126df00bc036580d0b32735d7178c8b
+	* g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr
+	is "card" or "card/...".
 
-2022-02-04  Werner Koch  <wk@gnupg.org>
+2020-12-07  NIIBE Yutaka  <gniibe@fsij.org>
 
-	m4: Update our library m4 files from master.
-	+ commit c8cd66ae7e609f221c7dad905e88a206a285ab1c
-	* m4/gpg-error.m4: Updated
-	* m4/ksba.m4: Updated
-	* m4/libassuan.m4: Updated
-	* m4/libgcrypt.m4: Updated
-	* m4/npth.m4: Updated
-	* m4/ntbtls.m4: Updated
+	gpg,card: Allow no version information of Yubikey.
+	+ commit 1cd615afe3010d2c3919de489d7c9a78513c8694
+	* g10/call-agent.c (learn_status_cb): Assume >= 2 when no version.
+	* tools/card-call-scd.c (learn_status_cb): Likewise.
 
-2022-02-03  Werner Koch  <wk@gnupg.org>
+2020-12-03  NIIBE Yutaka  <gniibe@fsij.org>
 
-	dirmngr: Allow building with non-standard ntbtls location.
-	+ commit 137590fd8614a69cc60da3226cefc4495502ec26
-	* dirmngr/Makefile.am: Add missing -L and -I
+	scd:nks: Fix caching keygrip (more).
+	+ commit 87d2c579cc38c1d2787945650125fb0e0336652c
+	* scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.
 
-	dirmngr: Simplify --gpgconf-list output.
-	+ commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408
-	* dirmngr/dirmngr.c (main): Keep only values with the default flag.
+	scd: Fix KEYINFO command with --data option.
+	+ commit 54b88ae4606265f3d51c1ca603dbf846f3dfd678
+	* scd/command.c (cmd_keyinfo): Handle --data option correctly.
 
-	sm: New option --ignore-cert-with-oid.
-	+ commit bcf446b70ca58ac1497269f047fba9ddb3d62e96
-	* sm/gpgsm.c (oIgnoreCertWithOID): New.
-	(opts): Add option.
-	(main): Store its value.
-	* sm/call-agent.c (learn_cb): Test against that list.
+	scd:openpgp: Fix writing ECC key to card.
+	+ commit a25c99b156ca9acaa7712e9c09a6df0a7a23c833
+	* scd/app-openpgp.c (build_privkey_template): Adding another argument
+	of ecc_d_fixed_len to handle variable-size MPI.
 
-2022-02-02  Werner Koch  <wk@gnupg.org>
+2020-12-02  Werner Koch  <wk@gnupg.org>
 
-	gpgconf: Return the compliance_de_vs item.
-	+ commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2
-	* tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option.
+	kbx: Better error message in case of a crippled Libgcrypt.
+	+ commit 63ed2054a1f3cfbdff5cda390952f10a512dab83
+	* kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
 
-2022-02-01  Werner Koch  <wk@gnupg.org>
+2020-12-01  Jens Meißner  <meissner@b1-systems.de>
 
-	dirmngr: Avoid initial delay on the first keyserver access.
-	+ commit dde88897e2c5851aab32370ee6c8ace150debb77
-	* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
-	* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
-	proxy in never-use-tor Mode.
+	doc: Add parameters for batch generation of ECC keys.
+	+ commit 4f9ac5dac093300ac18fd3732bffdd2a3fc38776
+	* doc/gpg.texi: Add parameters for batch generation of ECC keys.
 
-	* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
-	Windows.
+2020-11-30  Werner Koch  <wk@gnupg.org>
 
-	gpg: Set --verbose and clear --quiet in debug mode.
-	+ commit d426ed66ac043e442649a8a2bc7eac6753a5bf58
-	* g10/gpg.c (set_debug): Tweak options.
+	scd:nks: Minor additions to the basic IDLM application support.
+	+ commit 806547d9d243b26c2275fc00c645ee39d258b49b
+	* scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
+	(keygripstr_from_pk_file): Handle special value.
+	(do_readcert): Ditto.
+	(do_writecert): Ditto.
 
-2022-01-28  Werner Koch  <wk@gnupg.org>
+2020-11-27  Werner Koch  <wk@gnupg.org>
 
-	ssh: Fix adding an ed25519 key with a zero length comment.
-	+ commit 2331900d1cc022c04177272a51c00690229bb989
-	* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
-	into an S-expression.
-	(stream_read_string): Do not not try to a read a zero length block.
+	card: Let the APDU command prints a description of the status word.
+	+ commit ad469609b101fe6c1128135180fef8eae13279ff
+	* tools/card-call-scd.c (scd_apdu_strerror): New.
+	* tools/gpg-card.c (cmd_apdu): Print a description.
 
-2022-01-27  Werner Koch  <wk@gnupg.org>
+	scd: New getinfo sub-command apdu_strerror.
+	+ commit 0e34683a6c4b037aa50ca0f97ddb9d5c4e499084
+	* scd/apdu.c (apdu_strerror): Add missing status codes.
+	* scd/command.c (cmd_getinfo): New sub-command apdu_strerror.
 
-	gpgconf: Tweak the use of ldapserver.
-	+ commit e1fc053dc1ad260922428cf864071e829e6c30f2
-	* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
-	invisible.
-	(known_options_dirmngr): Add "ldapserver".
-	* sm/gpgsm.c (oKeyServer_deprecated): New.
-	(opts): Assign "ldapserver" to the new option and makr it as obsolete.
+	card: Netkey improvement for passwd.
+	+ commit 5804db1a13d2cf8f4010d1257c586bed978c3173
+	* tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the
+	card does not support it.  Print no error in cases the user canceled.
 
-2022-01-26  Werner Koch  <wk@gnupg.org>
+2020-11-27  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpgconf: Some more fixes for the backported stuff.
-	+ commit eefa2d19ee3f359435f0e5324cb5f10f2d8940a5
-	* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
-	have a default.  Remove runtime flag.
-	* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
-	* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
-	(known_options_gpg_agent): Add a few missing runtime flags.  Remove
-	"options".  Add "check-sym-passphrase-pattern".
-	(known_options_scdaemon, known_options_gpgsm): Remove "options".
-	(dirmngr): Ditto.
-
-	* tools/gpgconf-comp.c (is_known_option): Return only options having a
-	value for name.  Thus we list list options from the known_options
-	tables.
-
-	gpgconf: Fix --list-options for forced options.
-	+ commit 85300587cc8a115c96e812850762090f937ade9b
-	* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
-	by log_assert.
-	(known_options_gpg): Add "keyserver" as invisible.  Remove "options".
-	(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
-	(gc_component): Add field known_pseudo_options.
-	(struct read_line_wrapper_parm_s): New.
-	(read_line_wrapper): New.
-	(retrieve_options_from_program): Use read_line_wrapper to handle
-	pseudo options.
-	(retrieve_options_from_program): Ignore to be ignored options.  Add
-	failsafe code to avoid calling percent_escape with NULL.
-
-2022-01-25  Werner Koch  <wk@gnupg.org>
-
-	common: Fix returning of option attributes for options with args.
-	+ commit d8e6d1e9ed7d181f546426269ab7b04e184bb9a1
-	* common/argparse.c (gnupg_argparse): Set attribute flags
-
-	scd: Also prefer Yubikeys if no reader port is given.
-	+ commit 38c666ec3fdb0e3a8762889ae99faca4adb68b68
-	* scd/apdu.c (select_a_reader): Extend the white list.
-
-2022-01-17  NIIBE Yutaka  <gniibe@fsij.org>
-
-	gpg: Fix adding the list of ultimate trusted keys.
-	+ commit 4cc724639c012215f59648cbb4b7631b9d352e36
-	* g10/keygen.c (do_generate_keypair): Remove call to
-	register_trusted_keyid for updating user_utk_list.
-	* g10/trust.c (register_trusted_keyid): Remove.
-	(update_ownertrust): Add call to tdb_update_utk.
-	* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
-	function by adding "static" qualifier.
-	Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
-	(tdb_update_utk): New.
-	* g10/trustdb.h (tdb_update_utk): New.
-
-2022-01-12  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: Add command aliases -L -K -R.
-	+ commit f16c535eee912224a44b5999df7915c69f2d41bc
-	* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
-
-	common,w32: Improve HKCU->HKLM fallback.
-	+ commit 96db487a4da5903b71c64edf7a0ee9c2e01a8762
-	* common/w32-reg.c (read_w32_registry_string): Add another fallback.
-
-2022-01-10  Werner Koch  <wk@gnupg.org>
-
-	gpgtar: List and extract using extended headers.
-	+ commit bf4cf04a54bb2aa34afdf1d3c814ca4e185bacc8
-	* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
-	* tools/gpgtar-list.c (parse_header): Set the new type flags.
-	(parse_extended_header): New.
-	(read_header): Add arg r_extheader and parse extended header.
-	(print_header): Consult the extended header.
-	(gpgtar_list): Pass an extended header object.
-	(gpgtar_read_header): Ditto.
-	(gpgtar_print_header): Ditto.
-	* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
-	checking out to ...
-	(check_suspicious_name): new.
-	(extract_regular): Add arg exthdr and consult it.
-	(extract_directory): Likewise.
-	(gpgtar_extract): Provide extheader object.
-
-	gpgtar: Create extended header for long file names.
-	+ commit ec69ceab2615758e88c52a1d30c4731b3e71b105
-	* tools/gpgtar-create.c (global_header_count): new.
-	(myreadlink): New.
-	(build_header): New arg r_exthdr.  Detect and store long file and link
-	names.  Factor checkum computation out to ...
-	(compute_checksum): new.
-	(add_extended_header_record): New.
-	(write_extended_header): New.
-	(write_file): Write extended header.
-
-2021-12-30  Werner Koch  <wk@gnupg.org>
-
-	build: Fixes recent commits to still build with gpgrt 1.27.
-	+ commit c4153f7021afafe9ce4459aa08857136b394cce7
-	* agent/gpg-agent.c (main): Use gnupg_argparse.
-	* tools/gpgconf-comp.c: Use gnupg_opt_t.
-	* tools/gpgconf.c (show_version_gnupg): Use strusage.
-
-	gpgconf: Do not list ignored options and mark forced options as r/o.
-	+ commit c69c51bce0f07bf1becdb944a422bdc563705dae
-	* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
-	the no_change flag for forced options.
-	(retrieve_options_from_program): Put the attributes into the option
-	table.
-
-2021-12-29  Werner Koch  <wk@gnupg.org>
-
-	gpg: Re-group the options in the --help output.
-	+ commit f7bde071ccc8583b58ddaafa42e997e9202b041f
-	* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
-	use ARGPARSE_ignore and remove the code in the option switch.
-
-	agent: Re-group the options in the --help output.
-	+ commit 7e535503a9c637007a933a77e4bc674c8fb6dfea
-	* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
-
-	gpgconf: Take care of --homedir when reading/updating options.
-	+ commit 5934027115239cb7b39659f14f7a1dfecada6b76
-	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
-	(scdaemon_runtime_change): Ditto.
-	(dirmngr_runtime_change): Ditto.
-	(gc_component_check_options): Pass --homedir if needed.
-	(retrieve_options_from_program): Take care of --homedir.
-
-	gpgconf: Rewrite the gpgconf-comp module.
-	+ commit 7a3a1ef3707194e1086c452d005319c519905d3e
-	* tools/gpgconf.h (gc_component_t): Change type to ...
-	(gc_component_id_t): this.
-	(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
-	directly.
-	* tools/gpgconf-comp.c: Major rework.
-
-	gpgconf: Support reading global options (part 2).
-	+ commit 5f890f417f135e237074c8a454e6a73e66d7b78d
-	* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
-	are now read in from the component.  Also remove a few meanwhile
-	obsolete options.
-	* agent/gpg-agent.c: Add option description which were only set in
-	gpgconf-comp.c.
-	* dirmngr/dirmngr.c: Ditto.
-	* scd/scdaemon.c: Ditto.
-	* sm/gpgsm.c: Ditto.
-	* g10/gpg.c: Ditto.
-
-	gpgconf: Support reading global options (part 1).
-	+ commit 7397872445d6d2b8c9ef25e0108e603baa5478de
-	* tools/gpgconf.c (main): Set the config directories.
-	* tools/gpgconf-comp.c (gc_backend): Change the name of the config
-	files.
-	(struct gc_option): Add new field 'attr'.
-	(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
-
-	common: New function xreallocarray.
-	+ commit f0d034ebf4fc299c2a6097248f51c329e65d2976
-	* common/miscellaneous.c (gnupg_reallocarray): New.
-	(xreallocarray): New.
-
-2021-12-13  Werner Koch  <wk@gnupg.org>
-
-	common,w32: Sync read_w32_registry_string with the gpgrt version.
-	+ commit 1af559a9a24fd930094ab7b466ed051cdbc66f99
-	* common/w32-reg.c (get_root_key): Add short version of the root
-	classes.
-
-2021-12-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-	gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
-	+ commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830
-	* g10/parse-packet.c (sos_read): Backport from 2.3.
-	(parse_key): Use sos_read for Ed25519 private key.
-
-2021-11-23  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.33.
-	+ commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63
-
-
-2021-11-23  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit 007fea8ce9af97f36b48253c6be764dcd35fdd9e
-
-
-2021-11-22  Werner Koch  <wk@gnupg.org>
-
-	gpg: New option --forbid-gen-key.
-	+ commit 985fb25c46eafc811e7a07597591ede0cf89a921
-	* g10/gpg.c (oForbidGenKey, opts): New option.
-	(mopt): New local struct
-	(gen_key_forbidden): New.
-	(main): Set and handle the option.
-
-2021-11-19  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: Include output of --list-dirs in --show-configs.
-	+ commit 40d2c931652777509aba35d48b5d193a7e208780
-	* tools/gpgconf.c (list_dirs): Add arg special.
-	(show_other_registry_entries): Print the Homedir.
-	(show_configs): List directories.
-
-2021-11-18  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: --show-configs now prints a bunch of Registry entries.
-	+ commit 7f31891ab1e51c00dd42232d3c286df519c2cdb8
-	* tools/gpgconf.c (show_other_registry_entries): New.
-	(show_configs): Call it.  Minor reformatting.
-
-	gpgconf: Extend --show-config to show envvars.
-	+ commit 58652f4c0b3a5e9fb6de54d802173bc52c798134
-	* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
-	things.
-	(show_configs_one_file): New arg LISTP to be passed thru.
-	(show_configs): Show envars and regisiry values.
-
-	common,w32: New function read_w32_reg_string.
-	+ commit 6c6c404883e52545ed38293384c95fdacb7227c4
-	* common/w32-reg.c (read_w32_reg_string): New.
-
-	* common/t-w32-reg.c (test_read_registry): Add another test.
-
-	gpg,gpgsm: Add option --min-rsa-length.
-	+ commit 6ee01c1d26cae0415a3eec7f067cff7c324cb9c1
-	* common/compliance.c (min_compliant_rsa_length): New.
-	(gnupg_pk_is_compliant): Take in account.
-	(gnupg_pk_is_allowed): Ditto.
-	(gnupg_set_compliance_extra_info): New.
-	* g10/gpg.c (oMinRSALength): New.
-	(opts): Add --min-rsa-length.
-	(main): Set value.
-	* g10/options.h (opt): Add field min_rsa_length.
-	* sm/gpgsm.c (oMinRSALength): New.
-	(opts): Add --min-rsa-length.
-	(main): Set value.
-	* sm/gpgsm.h (opt): Add field min_rsa_length.
-
-2021-11-15  Werner Koch  <wk@gnupg.org>
-
-	sm: Detect circular chains in --list-chain.
-	+ commit c9343bec83e2c2a14b564b8a13998806eab1ae9f
-	* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
-
-2021-11-15  NIIBE Yutaka  <gniibe@fsij.org>
-	    Klas Lindfors
-
-	scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
-	+ commit b6b735edab036e4992872ef3d44b357fb9281ca8
-	* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.
-
-2021-11-14  Ingo Klöcker  <dev@ingo-kloecker.de>
-
-	build: Fix several "include file not found" problems.
-	+ commit 027e34235bc576e1523566bf98b2b795d3dc7967
-	* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
-	* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
-	NPTH_CFLAGS.
-	* tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
-	gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.
-
-2021-11-14  Werner Koch  <wk@gnupg.org>
-
-	agent: Print the non-option warning earlier.
-	+ commit a43efc9294d158c62a3a04396fa3fe6c77090ba8
-	* agent/gpg-agent.c (main): Move detection up.
-
-2021-11-13  Werner Koch  <wk@gnupg.org>
-
-	gpg: Remove stale ultimately trusted keys from the trustdb.
-	+ commit bc6d56282ec998e4b2d13c522316348b5058fc3f
-	* g10/tdbdump.c (export_ownertrust): Skip records marked with the
-	option --trusted-key.
-	(import_ownertrust): Clear the trusted-key flag.
-	* g10/tdbio.h (struct trust_record): Add field flags.
-	* g10/tdbio.c (tdbio_dump_record): Improve output.
-	(tdbio_read_record, tdbio_write_record): Handle flags.
-	* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
-	the flag for new --trusted-keys.
-	(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.
-
-	gpgconf: New command --show-configs.
-	+ commit 8fe3f57643479b8cb2e9e10fa2069c415c47d0af
-	* tools/gpgconf.c (aShowConfigs): New.
-	(opts): Add --show-configs.
-	(CUTLINE_FMT): New.
-	(show_version_gnupg): Add arg "prefix" and adjust caller.
-	(my_copy_file): New.
-	(show_configs_one_file): New.New.
-	(show_configs): New.
-	(main): Call show_configs.
-
-	agent,dirmngr: New option --steal-socket.
-	+ commit 6507c6ab101e61fc5a3472497d258a0109257a47
-	* agent/gpg-agent.c (oStealSocket): New.
-	(opts): Add option.
-	(steal_socket): New file global var.
-	(main): Set option.
-	(create_server_socket): Implement option.
-
-	* dirmngr/dirmngr.c (oStealSocket): New.
-	(opts): Add option.
-	(steal_socket): New file global var.
-	(main): Set option.  Add comment to eventually implement it.
-
-2021-11-10  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: More conservative selection of a card reader.
-	+ commit 0982c6cb19da689ae84ad25b6db12bf30ac75030
-	* scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.
-
-2021-11-09  Bernhard M. Wiedemann  <bwiedemann@suse.de>
-
-	wks: Do not mark key files as executable.
-	+ commit 46ada6a9bd83daa9e5f064adfea1bb6ccdba5dcb
-
-
-	wks: Allow access to newly created dirs.
-	+ commit f54feb44700062fd3f4ca2d5e6d4e203e74d94ea
-
-
-2021-11-02  Werner Koch  <wk@gnupg.org>
-
-	common: Support MYPROC_SELF_EXE for Solaris.
-	+ commit 006131f6289cd0e03a470c77795ad50a4bf9e269
-	* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
-
-	common: Silence warning from unix_rootdir on systems w/o /proc.
-	+ commit bcd8f0239dfc36f99fbbb8ee309828ccee8974c0
-	* common/homedir.c (unix_rootdir): Silence diagnostic in the common
-	case.
-	(MYPROC_SELF_EXE): Support NetBSD.
-
-2021-11-02  Ingo Klöcker  <dev@ingo-kloecker.de>
-
-	common: Respect gpgconf.ctl when looking up translations.
-	+ commit 947fedf0e7d95571abd039e827c401ebc64a8abb
-	* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
-	(i18n_localegettext): Ditto.
-	* tools/gpgconf-comp.c (my_dgettext): Ditto.
-
-2021-11-02  Werner Koch  <wk@gnupg.org>
-
-	common: Support gpgconf.ctl also for BSDs.
-	+ commit 49d589c409cc1813a48fecaf3fb5772e6febe281
-	* common/homedir.c (MYPROC_SELF_EXE): New.
-	(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
-	fallback.
-
-	common: Add keyword sysconfdir to the optional gpgconf.ctl file.
-	+ commit 3828dd7a4067db2911caebde324053b4e354a486
-	* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
-	(gnupg_sysconfdir): Return it.
-
-	common: Support a gpgconf.ctl file under Unix.
-	+ commit 82328165cf4be4771674b703c1e15178f87530e2
-	* common/homedir.c (unix_rootdir): New.
-	(gnupg_bindir): Use it.
-	(gnupg_libexecdir): Use it.
-	(gnupg_libdir): Use it.
-	(gnupg_datadir): Use it.
-	(gnupg_localedir): Use it.
-
-	common: New function substitute_envvars.
-	+ commit f0162afb6b6f8ac1a993452643d8cb64fb3f2953
-	* common/stringhelp.c (substitute_envvars): New.  Based on code in
-	gpg-connect-agent.
-	* common/t-stringhelp.c: Include sysutils.h.
-	(test_substitute_envvars): New.
-
-	common,w32: Do not always print "Garbled console data" warning.
-	+ commit a756a61f19ce44958f93757894f65b09cebd484a
-	* common/init.c (_init_common_subsystems): Silence message.
-
-2021-11-02  NIIBE Yutaka  <gniibe@fsij.org>
-
-	dns: Make reading resolv.conf more robust.
-	+ commit 152f0281552f6a8e4bc082f3aaeec17c84001cfe
-	* dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
-	begins with '.'.
-
-2021-10-22  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix printing of binary notations.
-	+ commit 918e9218002b2b0d455a8df86a63c9187cf6fdf4
-	* g10/keylist.c (show_notation): Print binary notation from BDAT.
-
-	gpgconf: create local option file even if a global file exists.
-	+ commit 5e3eea4b738cc3e8e257635b7cb53dcf43c07f79
-	* tools/gpgconf-comp.c (munge_config_filename): New.
-	(change_options_program): Call it.
-
-2021-10-22  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Select a reader for PC/SC.
-	+ commit 752422a792cecf459b37f517d634bcf272292b14
-	* scd/apdu.c (select_a_reader): New.
-	(open_pcsc_reader): Use select_a_reader.
-
-2021-10-13  Werner Koch  <wk@gnupg.org>
-
-	gpg: New option --override-compliance-check.
-	+ commit 773b8fbbe915449c723302f5268d7906b40d84d3
-	* g10/gpg.c (oOverrideComplianceCheck): New.
-	(opts): Add new option.
-	(main): Set option and add check for batch mode.
-	* g10/options.h (opt): Add flags.override_compliance_check.
-
-	* g10/sig-check.c (check_signature2): Factor complaince checking out
-	to ...
-	(check_key_verify_compliance): new.  Turn error into a warning in
-	override mode.
-
-2021-10-06  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.32.
-	+ commit 476096099db9ea3f66581fa3ca8724291e3a5c80
-
-
-2021-10-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-	gpg: Skip the packet when not used for AEAD.
-	+ commit a17f1b607473f5aae081ffe22381dda2b54a7a6a
-	* g10/free-packet.c (free_packet): Add the case for case
-	PKT_ENCRYPTED_AEAD.
-
-2021-10-06  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: New option --ignore-cert.
-	+ commit 323a20399d905e8ae1cc0d71846c298116460464
-	* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
-	(opt): Add field ignored_certs.
-	* dirmngr/dirmngr.c: Add option --ignore-cert
-	(parse_rereadable_options): Handle that option.
-	(parse_ocsp_signer): Rename to ...
-	(parse_fingerprint_item): this and add two args.
-	* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
-	Change callers to handle the new error return.
-
-	dirmngr: Fix Let's Encrypt certificate chain validation.
-	+ commit 341ab0123a8fa386565ecf13f6462a73a137e6a4
-	* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
-	certififcate if any.
-
-2021-09-15  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.31.
-	+ commit ecf4c2f611238799a3af6369a64e418a77ab9dd6
-
-
-2021-09-14  Werner Koch  <wk@gnupg.org>
-
-	scd: Remove context reference counting from pc/sc.
-	+ commit 67e1834ad402e86906429ba0e2bf7ebd72de2450
-	* scd/apdu.c (pcsc): Add flag context_valid, remove count.
-	(close_pcsc_reader): Use new flag instead of looking at magic context
-	value.
-	(pcsc_init): Set new flag.
-	(open_pcsc_reader): Use new flag.
-	(apdu_init): Clear new flag.
-
-	* scd/apdu.c: Remove assert.h.  Replace all assert by log_assert.
-
-2021-09-13  Werner Koch  <wk@gnupg.org>
-
-	common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
-	+ commit 117afec018911a3b0187f15c8559f811a72ddb79
-	* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
-	breakaway messages and turn them again into debug messages.
-
-2021-09-08  Werner Koch  <wk@gnupg.org>
-
-	scd: Support PC/SC for "getinfo reader_list".
-	+ commit f32994b0bf07d62bf596cc8bb6ec3c3a5f133ac4
-	* scd/apdu.c: Include membuf.h.
-	(pcsc): Add reader_list field.
-	(open_pcsc_reader): Fill that field.
-	(apdu_get_reader_list): New.
-	* scd/command.c: Remove header ccid-driver.h.
-	(pretty_assuan_send_data): New.
-	(cmd_getinfo): Print all reader names.
-
-2021-09-07  Werner Koch  <wk@gnupg.org>
-
-	scd: Fix possible assertion in close_pcsc_reader.
-	+ commit 192113552faa98f40cc91fe014ec55861474626c
-	* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
-	invalid.
-	(open_pcsc_reader): Compare the context against -1 which is our
-	indicator for an invalid context.
-
-	agent: Fix segv in GET_PASSPHRASE (regression)
-	+ commit 4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2
-	* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
-	NULL.
-
-2021-08-27  NIIBE Yutaka  <gniibe@fsij.org>
-
-	common: Fix put_membuf.
-	+ commit 7e431e009e479e63f0996a612e12fb9d8b209ab9
-	* common/membuf.c (put_membuf): Allow NULL for the second arg.
-
-	build: Fix removal of AC_TYPE_SIGNAL.
-	+ commit 0ca84cbdf0a5a956f4de80f874f8a3b495cfab20
-	* configure.ac: AC_TYPE_SIGNAL is still needed.
-
-	common: Fix get_signal_name for GNU/Linux.
-	+ commit d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d
-	* common/signal.c (get_signal_name): Use sigdescr_np if available.
-	* configure.ac: Check the function.
-
-2021-08-26  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.30.
-	+ commit d583e750a668f82bdaa1d0f7c4ffc68c35ed4ca6
-
-
-2021-08-20  Werner Koch  <wk@gnupg.org>
-
-	wkd: Properly unescape the user-id from a key listing.
-	+ commit 2b65f4e953806977490b11cb4739c22ab94e0030
-	* tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
-
-	common: New function decode_c_string.
-	+ commit 17e2ec488f662059df0fd2d3b777aa51eab5c0cc
-	* common/miscellaneous.c (decode_c_string): New.
-
-	agent: Use the sysconfdir for a pattern file.
-	+ commit 5ed8e598faaffa9aec43fc70199ed7f57560c2ba
-	* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
-
-	agent: Ignore passphrase constraints for a generated passphrase.
-	+ commit db5dc7a91af3774cfbce0bc533e0f0b5498402fe
-	* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
-	(MAX_GENPIN_TRIES): Remove.
-	* agent/call-pinentry.c (struct entry_parm_s):
-	(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
-	(is_generated_pin): New.
-	(inq_cb): Suppress constraints checking for a generated passphrase.
-	No more need for several tries to generate the passphrase.
-	(do_getpin): Store a generated passphrase/pin in the status field.
-	(agent_askpin): Suppress constraints checking for a generated
-	passphrase.
-	(agent_get_passphrase): Ditto.
-	* agent/command.c (cmd_get_passphrase): Ditto.
-
-	wkd: Fix client issue with leading or trailing spaces in user-ids.
-	+ commit 576e429d41a144ff4f0c00e8722da2f92ae17d9a
-	* common/recsel.c (recsel_parse_expr): Add flag -t.
-	* common/stringhelp.c (strtokenize): Factor code out to
-	do_strtokenize.
-	(strtokenize_nt): New.
-	(do_strtokenize): Add arg trim to support the strtokenize_nt.
-	* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
-
-	* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
-	flag -t.
-
-	gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
-	+ commit 6685696adafba104072303507dedbbd45731d326
-	* g10/card-util.c (change_name): Call write_sc_op_status.
-
-2021-08-18  Werner Koch  <wk@gnupg.org>
-
-	agent: Improve the GENPIN callback.
-	+ commit 2e69ce878f893de0830317f94c51fdce70e1e540
-	* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by  ...
-	(DEFAULT_GENPIN_BITS): this and increase to 150.
-	(generate_pin): Make sure that we use at least 128 bits.
-
-	agent: Fix for zero length help string in pinentry hints.
-	+ commit 4855888c0a56a50be6085476f5767d0c62722f2d
-	* agent/call-pinentry.c: Remove unused assert.h.
-	(inq_cb): Fix use use of assuan_end_confidential in case of nested
-	use.
-	(do_getpin): Ditto.
-	(setup_formatted_passphrase): Escape the help string.
-	(setup_enforced_constraints): Ignore empty help strings.
-
-	common,w32: Replace log_debug by log_info for InProcessJobs.
-	+ commit ec2f1b38980a1b60624a35707ccebb05c5524d2f
-	* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
-
-2021-08-17  Werner Koch  <wk@gnupg.org>
-
-	w32: Move socketdir to LOCAL_APPDATA.
-	+ commit 4dfa951a0a631d5e0e44ff5fb8fb74adb651190c
-	* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
-	instead of the constant which makes a difference on Windows.
-	(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
-	(gnupg_cachedir): Remove unsued function.
-
-	* common/sysutils.c (gnupg_rmdir): New.
-	* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
-
-	gpgconf,w32: Print more registry diagnostics with --list-dirs.
-	+ commit 013f2e4672b1565002700e307d3bb95d9352c4d5
-	* tools/gpgconf.c (list_dirs): Figure out classes with the key.
-
-	agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient.
-	+ commit 455ba49071dea7588c9de11785b3092e45e4560b
-	* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
-
-	agent: New option --check-sym-passphrase-pattern.
-	+ commit c6a4a660fdb977713a1e6c0dd4dae97ddffbe376
-	* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
-	(opts): Add --check-sym-passphrase-pattern.
-	(parse_rereadable_options): Set option.
-	(main): Return option info.
-	* tools/gpgconf-comp.c: Add new option.
-	* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
-	(struct pin_entry_info_s): Add var constraints_flags.
-	(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
-	(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
-	* agent/genkey.c (check_passphrase_pattern): Rename to ...
-	(do_check_passphrase_pattern): this to make code reading
-	easier. Handle the --check-sym-passphrase-pattern option.
-	(check_passphrase_constraints): Replace arg no_empty by a generic
-	flags arg.  Also handle --check-sym-passphrase-pattern here.
-	* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
-	CHECK_CONSTRAINTS_NEW_SYMKEY flag.
-	* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
-	(struct inq_cb_parm_s): New.
-	(inq_cb): Use new struct for parameter passing.  Pass flags to teh
-	constraints checking.
-	(do_getpin): Pass constraints flag down.
-	(agent_askpin): Take constraints flag from the supplied pinentry
-	struct.
-
-2021-08-17  Ingo Klöcker  <dev@ingo-kloecker.de>
-
-	agent: Add checkpin inquiry for pinentry.
-	+ commit 9832566e4512ab7cb90aa0b7f769792f5c123ed4
-	* agent/call-pinentry.c: Include zb32.
-	(MAX_GENPIN_TRIES): New.
-	(DEFAULT_GENPIN_BYTES): New.
-	(generate_pin): New.
-	(setup_genpin): New.
-	(inq_quality): Rename to ...
-	(inq_cb): this.  Handle checkpin inquiry.
-	(setup_enforced_constraints): New.
-	(agent_get_passphrase): Call sertup_genpin.  Call
-	setup_enforced_constraints if new passphrase is requested.
-
-2021-08-16  Ingo Klöcker  <dev@ingo-kloecker.de>
-
-	agent: New option --pinentry-formatted-passphrase.
-	+ commit 32fbdddf8b4729d9a54a7751c0b5e406a470657f
-	* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
-	* agent/call-pinentry.c (setup_formatted_passphrase): New.
-	(agent_get_passphrase): Pass option to pinentry.
-	* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
-	(opts): Add option.
-	(parse_rereadable_options): Set option.
-
-	common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry.
-	+ commit 8fff61de9433e9293712a1dd21dfbe12f951eff9
-	* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
-	QT_QPA_PLATFORM.
-
-2021-08-16  Werner Koch  <wk@gnupg.org>
-
-	tools: Extend gpg-check-pattern.
-	+ commit 5ca15e58b241901cc46fd9fad4db3bbb9e321988
-	* tools/gpg-check-pattern.c: Major rewrite.
-
-2021-07-04  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.29.
-	+ commit 695a879af81e895741109874b9ac0712e1afc994
-
-
-2021-06-25  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Change the default keyserver.
-	+ commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1
-	* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
-	keyserver.ubuntu.com.
-
-	* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
-	* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
-	* dirmngr/http.c (http_session_new): Ditto.
-
-	* dirmngr/server.c (make_keyserver_item): Use a different mapping for
-	the gnupg.net names.
-
-	gpg: Let --fetch-key return an exit code on failure.
-	+ commit 5fe4b978875271fb55f1f674ab545bed2b97a7a8
-	* g10/keyserver.c (keyserver_fetch): Return an error code.
-	* g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
-
-2021-06-23  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
-	+ commit b90c55fa66db254da98958de10e1287c39a4322a
-	* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.
-
-	scd:ccid:spr532: Extend abort_cmd for initialization time.
-	+ commit 8e941e19b08785e5e709943765548d4f9f9f57a3
-	* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
-	synchronize until success, even ignoring timeout.
-	(bulk_in): Normal use case of abort_cmd.
-	(ccid_vendor_specific_init): Initial use case of abort_cmd.
-
-2021-06-22  Werner Koch  <wk@gnupg.org>
-
-	tests: Cope with broken Libgcrypt versions.
-	+ commit af2fd9f0af25e1f95d9484f7d2125cd9888aa308
-	* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
-	errors.
-
-	w32: Add fallback in case the Windows console can't cope with Unicode.
-	+ commit e94dfa21d2c17b590122d55468f68e8ab72e4193
-	* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
-	error.
-
-2021-06-21  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Fix regression in KS_GET for mail address pattern.
-	+ commit adf7bfba5ddce9faadff959369ba2271cdd36825
-	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern.
-	(ks_hkp_get): Allow for mail addresses.
-	-
-
-	Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail
-	address as an exact pattern (e.g. "=foo@example.org").  Since 2.2.28
-	the mail address is detected gpg gpg and we see for example
-	"<foo@example.org>".  This patch fixes this to turn a mail address
-	into an exact match again.
-
-2021-06-14  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Error code map fix for older Yubikey.
-	+ commit 01a413d5235f1bbd00f83fb86d0e183d8f0b1a57
-	* scd/iso7816.c (map_sw): Recognize 6A86.
-
-2021-06-11  NIIBE Yutaka  <gniibe@fsij.org>
-
-	dirmngir: Fix build with --disable-ldap.
-	+ commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083
-	* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
-	Conditionalize.
-
-	dirmngr: Remove use of USE_LDAPWRAPPER.
-	+ commit 8ee4c8d1e0d7677d4f8b9538c12b32bb6393c2c5
-	* configure.ac (USE_LDAPWRAPPER): Remove.
-	* dirmngr/Makefile.am: Use USE_LDAP instead of USE_LDAPWRAPPER.
-	* dirmngr/ldap-wrapper-ce.c: Remove.
-	* dirmngr/ldap-wrapper.h, dirmngr/ldap-wrapper.c: Remove
-	USE_LDAPWRAPPER things.
-
-2021-06-10  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.28.
-	+ commit 9f6076868ecd313e832c112ea79cfcffed3dc342
-
-
-	gpg: Partial fix for Unicode problem in output files.
-	+ commit 845711d1420cc01289c15ba49deb03200a5cd102
-	* g10/openfile.c (overwrite_filep): Use gnupg_access.
-
-	scd: Fix serial number detection for Yubikey 5.
-	+ commit c2f02797cdefdce5afd8b29bb8e51d4515a70a96
-	* scd/app.c (app_new_register): Handle serial number correctly.
-
-2021-06-09  Werner Koch  <wk@gnupg.org>
-
-	gpgtar,w32: Fix file size computation.
-	+ commit 198b240b195596974e8b61e2b79fb6e8dc78f89a
-	* tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
-
-	sm: New option --ldapserver as an alias for --keyserver.
-	+ commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093
-	* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
-	alias.
-
-	dirmngr: Allow to pass no filter args to dirmngr_ldap.
-	+ commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1
-	* dirmngr/dirmngr_ldap.c (main): Handle no args case.
-
-2021-06-08  Werner Koch  <wk@gnupg.org>
-
-	w32: Change spawn functions to use Unicode version of CreateProcess.
-	+ commit 7a98e45e74ec2883c24689964d6119796da0969f
-	* common/exechelp-w32.c (gnupg_spawn_process): Change to use
-	CreateProcessW.
-	(gnupg_spawn_process_fd): Ditto.
-	(gnupg_spawn_process_detached): Ditto.
-	* g10/exec.c (w32_system): Ditto.
-
-2021-06-08  Andre Heinecke  <aheinecke@gnupg.org>
-
-	common,w32: Breakaway detached childs when in job.
-	+ commit f20e9a464487443552b6cbdf918c6448d3cb643f
-	* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
-	CREATE_BREAKAWAY_FROM_JOB creation flag if required.
-
-2021-06-08  Werner Koch  <wk@gnupg.org>
-
-	w32: Always use Unicode for console input and output.
-	+ commit b912f07cdf00043b97fca54e4113fab277726e03
-	* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
-	UTF-8 for input and putput.  Switch gettext to UTF-8.
-	* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
-
-	w32: Free memory allocated by new function w32_write_console.
-	+ commit ebdb62a98a6e917bafb795b5f50483a95790e739
-	* common/ttyio.c (w32_write_console): Free buffer.
-
-	common,w32: Allow Unicode input and output with the console.
-	+ commit 90aadf69f730ff1bd053abcd6cc8bc67518ecf4b
-	* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
-	(w32_write_console): New.
-	(tty_printf, tty_fprintf) [W32]: Use new function.
-
-	common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
-	+ commit 521e176a605e6b6229825761906005b05608daf5
-	* common/ttyio.c: Remove cruft like EMX and RISCOS support.  Translate
-	a few strings.  Re-indent.
-
-	common: Rename w32-misc.c to w32-cmdline.c.
-	+ commit d7d9a5ba3cbf9cf7e22a8871474032b525825eed
-	* common/w32-misc.c: Rename to ....
-	* common/w32-cmdline.c: this.
-	* common/Makefile.am: Adjust.
-
-	common,w32: Implement globing of command line args.
-	+ commit 09f49b4c9aae46c40a189b1270e215bc978dbc3c
-	* common/w32-misc.c [W32]: Include windows.h
-	(struct add_arg_s): New.
-	(add_arg): New.
-	(glob_arg): New.
-	(parse_cmdstring): Add arg argvflags and set it.
-	(w32_parse_commandline): Add arg r_itemsalloced.  Add globing.
-
-	* common/init.c (prepare_w32_commandline): Mark glob created items as
-	leaked.
-
-	* common/t-w32-cmdline.c : Include windows.h
-	(test_all): Add simple glob test for Unix.
-	(main): Add manual test mode for Windows.
-
-	* common/xasprintf.c (xtryreallocarray): New.
-
-	common,w32: Refine the command line parsing for \ in quotes.
-	+ commit 4d6807b215e7541fd52caf7e4adc40d77670f99f
-	* common/t-w32-cmdline.c (test_all): Add new test cases.
-	* common/w32-misc.c (strip_one_arg): Add arg endquote.
-	(parse_cmdstring): Take care of backslashes in quotes.
-
-	common: First take on handling Unicode command line args.
-	+ commit 90ddd1cf13cd6bb88d5bb8c1846d7297ca8ac81c
-	* common/w32-misc.c: New.
-	* common/t-w32-cmdline.c: New.
-	* common/init.c: Include w32help.h.
-	(prepare_w32_commandline): New.
-	(_init_common_subsystems) [W32]: Call prepare_w32_commandline.
-
-	* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
-	(module_tests): Add t-w32-cmdline
-	(t_w32_cmdline_LDADD): New.
-
-	gpg: Prepare for globing with UTF-8.
-	+ commit 1f59c4c8e2cfa2b111f0798212546864668383f9
-	* g10/gpg.c (_dowildcard): Remove.
-	(my_strusage): Enable wildcards using our new system.
-
-	dirmngr: Rewrite the LDAP wrapper tool.
-	+ commit 39815c023f0371dea01f7c51469b19c06ad18718
-	* dirmngr/ldap-misc.c: New.
-	* dirmngr/ldap-misc.h: New.
-	* dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
-	(ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
-	* dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
-	mode.
-	* dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
-	the saqme as GPG_ERR_NO_DATA.
-	* dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
-	Remove arg url.  Adjust for changes in dirmngr_ldap.
-	(url_fetch_ldap): Remove args host and port.  Parse the URL and use
-	these values to call run_ldap_wrapper.
-	(attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
-	(rfc2254_need_escape, rfc2254_escape): New.
-	(extfilt_need_escape, extfilt_escape): New.
-	(parse_one_pattern): Rename to ...
-	(make_one_filter): this.  Change for new dirmngr_ldap calling
-	convention.  Make issuer DN searching partly work.
-	(escape4url, make_url): Remove.
-	(start_cert_fetch_ldap): Change for new dirmngr_ldap calling
-	convention.
-	* dirmngr/dirmngr_ldap.c: Major rewrite.
-
-	* dirmngr/t-ldap-misc.c: New.
-	* dirmngr/t-support.h (DIM, DIMof): New.
-	* dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
-	(module_tests) [USE_LDAP]: Add t-ldap-misc.
-	(t_ldap_parse_uri_SOURCES): Ditto.
-	(t_ldap_misc_SOURCES): New.
-
-2021-06-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-	agent: Appropriate error code for importing key with no passwd.
-	+ commit 2f98d8a0f92dc991bff406e159690a111202fcb4
-	* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
-	GPG_ERR_BAD_SECKEY.
-
-2021-06-04  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Remove useless code.
-	+ commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3
-	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
-	password_param thing because we set the password directly without an
-	intermediate var.
-
-2021-06-02  Werner Koch  <wk@gnupg.org>
-
-	sm: Support AES-GCM decryption.
-	+ commit b722fd755c77cbba12478f6de8913c73213d78ee
-	* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
-	supports this.
-	* sm/decrypt.c (decrypt_gcm_filter): New.
-	(gpgsm_decrypt): Use this filter if requested.  Check authtag.
-	* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
-	in consumer (decrypt) de-vs mode.
-
-2021-05-28  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: Make runtime changes with different homedir work.
-	+ commit c8f0b02936c73b6ef3c99a1bea9ae63f74da0768
-	* tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir
-	first.  Remove unused variable.
-
-	dirmngr: Fix default port for our redefinition of ldaps.
-	+ commit 8de9d54ac83fa20cb52b847b643311841be4d6dc
-	* dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
-	Move a tmpstr out of the blocks.
-	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
-
-2021-05-27  NIIBE Yutaka  <gniibe@fsij.org>
-
-	build: _DARWIN_C_SOURCE should be 1.
-	+ commit 40b2890b4349781ddb0330193aed0286b1d23dad
-	* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
-
-2021-05-26  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
-	+ commit 317d5947b84ae2707e46b89fb0d8318c07174e13
-	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
-
-	* dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
-	(parse_rereadable_options): here.
-
-	dirmngr: New option --ldapserver.
-	+ commit ff17aee5d10c8c5ab902253fb4332001c3fc3701
-	* dirmngr/dirmngr.c (opts): Add option --ldapserver.
-	(ldapserver_list_needs_reset): New var.
-	(parse_rereadable_options): Implement option.
-	(main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
-
-	* dirmngr/server.c (cmd_ldapserver): Add option --clear and list
-	configured servers if none are given.
-
-	dirmngr: Allow for non-URL specified ldap keyservers.
-	+ commit 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
-	* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
-	(make_keyserver_item): Handle non-URL ldap specs.
-	* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
-	ldap_over_tls, and ntds.
-
-	* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
-	string.  Improve error messages for the non-file case.  Support flags.
-	* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
-	(ks_action_search, ks_action_get, ks_action_put): Ditto.
-	* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
-	(ks_ldap_help): Handle non-URL ldap specs.
-	(my_ldap_connect): Add args r_host and r_use_tls.  Rewrite to support
-	URLs and non-URL specified keyservers.
-	(ks_ldap_get): Adjust for changes in my_ldap_connect.
-	(ks_ldap_search): Ditto.
-	(ks_ldap_put): Ditto.
-
-	gpg,sm: Simplify keyserver spec parsing.
-	+ commit 9f586700ec4ceac97fd47cd799878a8847342ffa
-	* common/keyserver.h: Remove.
-	* sm/gpgsm.h (struct keyserver_spec): Remove.
-	(opt): Change keyserver to a strlist_t.
-	* sm/gpgsm.c (keyserver_list_free): Remove.
-	(parse_keyserver_line): Remove.
-	(main): Store keyserver in an strlist.
-	* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
-	an ambiguity in dirmngr by adding a prefix if needed.
-
-	* g10/options.h (struct keyserver_spec): Move definition from
-	keyserver.h to here.  Remove most fields.
-	* g10/keyserver.c (free_keyserver_spec): Adjust.
-	(cmp_keyserver_spec): Adjust.
-	(parse_keyserver_uri): Simplify.
-	(keyidlist): Remove fakev3 arg which does not make any sense because
-	we don't even support v3 keys.
-
-	dirmngr: Support pseudo URI scheme "opaque".
-	+ commit 72124fadafde153f8ac89a70202006d831829d06
-	* dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
-	* dirmngr/http.c (http_parse_uri): Use this flag.  Change all callers
-	to use the new macro for better readability.
-	(do_parse_uri): Add pseudo scheme "opaque".
-	(uri_query_value): New.
-
-2021-05-21  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Release memory for RDRNAME.
-	+ commit 5be0d075b1ad03a46a6169bf16cd3ee6102e1358
-	* scd/apdu.c (apdu_close_reader): Free RDRNAME field.
-
-2021-05-20  Jakub Jelen  <jjelen@redhat.com>
-
-	scd: avoid memory leaks.
-	+ commit 678e1b20d3531e642fa8871ea56c6c7d5c208fbe
-	* scd/app-p15.c (send_certinfo): free labelbuf
-	  (do_sign): goto leave instead of return
-	* scd/command.c (cmd_genkey): goto leave instead of return
-
-	common: Avoid double-free.
-	+ commit 4dc4b025d6dd194a96b11ccfd64d763d2c902a91
-	* common/name-value.c (do_nvc_parse): reset to null after ownership
-	change
-
-2021-05-19  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit 17b7048732e265450323cc3e01a48c9d492edf0c
-
-
-2021-05-19  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
-	+ commit f0e538619d5079fcd87c31e853e6deb28564a321
-	* dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if
-	available.
-	(ks_ldap_search): Ditto.
-	(extract_keys): Make sure to free the ldap values also in corner
-	cases.
-	(my_ldap_value_free): New.
-	(ks_ldap_get): Ditto.
-	(ks_ldap_search): Ditto.
-	(my_ldap_connect): Ditto.
-
-2021-05-18  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
-	+ commit 7bf8530e75d05a712d00a333d59b0a8cf663b9cb
-	* g10/call-dirmngr.c (record_output): Rewrite.
-
-2021-05-18  Ingo Klöcker  <dev@ingo-kloecker.de>
-
-	scd:p15: Fix logic for appending product name to MANUFACTURER.
-	+ commit aa6288140481bccc366e87fcdc6781dc82d0af31
-	* scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
-	manufacturer_id does not already contain a bracket and if we have a
-	product name.
-
-2021-05-17  Werner Koch  <wk@gnupg.org>
-
-	gpg: Use a more descriptive prompt for symmetric decryption.
-	+ commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b
-	* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
-	(passphrase_to_dek_ext): Remove this obsolete prototype.
-	* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
-	value.
-	(passphrase_to_dek): Add arg flags and pass it on.
-	* g10/mainproc.c (proc_symkey_enc): Use new flag.
-
-	sm: Ask for the password for password based decryption (pwri)
-	+ commit 50ea1b67e8260aaebbeba0c4cd73e21443a74636
-	* sm/decrypt.c (pwri_decrypt): Add arg ctrl.  Ask for passphrase.
-
-	* sm/export.c (export_p12): Mark string as translatable.
-	* sm/import.c (parse_p12): Ditto.
-
-	sm: Support decryption of password based encryption (pwri)
-	+ commit 6f31acac767f2ec67729c0491f29061b26fe14b9
-	* sm/decrypt.c (string_from_gcry_buffer): New.
-	(pwri_parse_pbkdf2): New.
-	(pwri_decrypt): New.
-	(prepare_decryption): Support pwri.
-	(gpgsm_decrypt): Test for PWRI.  Move IS_DE_VS flag to DFPARM.
-
-	* common/sexputil.c (cipher_mode_to_string): New.
-
-	dirmngr: LDAP search by a mailbox now ignores revoked keys.
-	+ commit b6f8cd7eef4b00a2c6ccaac743382f1dd83bde6a
-	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
-	and disable keys in mail mode.
-
-2021-05-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd,pcsc: Use a single context.
-	+ commit 987b8168602286d06debbbc8d4deebd35f454e29
-	* scd/apdu.c (pcsc): New variable.
-	(struct reader_table_s): Remove pcsc.context from member.
-	(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
-	(close_pcsc_reader): Release pcsc.context here with reference count.
-	(apdu_open_one_reader): Move API loading to ...
-	(pcsc_init): new.
-	(apdu_open_one_reader): Remove.
-	(apdu_open_reader): Call open_pcsc_reader instead of
-	apdu_open_one_reader.
-	(open_pcsc_reader): Call pcsc_init if needed.  Call close_pcsc_reader
-	instead of pcsc_release_context.  Make reader parsing more robust.
-	(apdu_init): Initialize pcsc.count and pcsc.context.
-
-2021-05-04  Werner Koch  <wk@gnupg.org>
-
-	gpg: Allow ECDH with a smartcard returning just the x-coordinate.
-	+ commit b203325ce112c223a5164081cecd14744a01ff69
-	* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction
-	part out to  ...
-	(extract_secret_x): new.  Allow for x-only coordinate.
-	(pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi
-	to (shared,nshared).  Move param check to the top.  Add extra safety
-	check.
-	(pk_ecdh_decrypt): Adjust for change.
-	* g10/pkglue.c (get_data_from_sexp): New.
-	(pk_encrypt): Use it for "s" and adjusted for changed
-	pk_ecdh_encrypt_with_shared_point.
-	* g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call
-	pk_ecdh_decrypt with the frame buffer.
-
-	scd: Fix possible PC/SC removed card problem.
-	+ commit 9d83bfb639680d3bc756fcfe2b7f83b18bed8dff
-	* scd/apdu.c (pcsc_cancel): New.
-	(pcsc_init): Load new function.
-	(connect_pcsc_card): Use it after a removed card error.
-
-	scd: Add string for another PC/SC error code.
-	+ commit a475bb725be7e275a06e0625b0088f607f36634c
-	* scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New.
-	(pcsc_error_string): Add a description for this.
-	* scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic.
-
-2021-05-04  Kirill Elagin  <kirelagin@gmail.com>
-
-	scd: Fix unblock PIN by a Reset Code with KDF.
-	+ commit 6c4216094ef4771d1d5011b7aee35f241e3bcc4d
-	* scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
-	pin2hash_if_kdf, for user's PIN.
-
-2021-05-04  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix mailbox based search via AKL keyserver method.
-	+ commit 22fe23f46d3179cb0a68f58bf6f722b89c0c4d9c
-	* g10/keyserver.c (keyserver_import_name): Rename to ...
-	(keyserver_import_mbox): this.  And use mail search mode.
-	* g10/getkey.c (get_pubkey_byname): Change the two callers.
-
-	gpg: Auto import keys specified with --trusted-keys.
-	+ commit e7251be84c797ddbc3f0a5212886761666e3aa33
-	* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
-	* g10/trustdb.c (verify_own_keys): Use it.
-
-	(cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
-
-	gpg: Allow decryption w/o public key but with correct card inserted.
-	+ commit e53f6037283e1a4f18b1c5d66d2678888c701cea
-	* agent/command.c (cmd_readkey): Add option --no-data and special
-	handling for $SIGNKEYID and $AUTHKEYID.
-	* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
-	output.
-	* g10/skclist.c (enum_secret_keys): Automagically get a missing public
-	key for the current card.
-
-	agent: Silence error messages for READKEY --card.
-	+ commit aa612d752ebb1851f23184df084aed5314b72e3a
-	* agent/command.c (cmd_readkey): Test for shadow key before creating
-	it.
-
-	(cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a)
-
-2021-05-03  Werner Koch  <wk@gnupg.org>
-
-	gpg: Allow fingerprint based lookup with --locate-external-key.
-	+ commit 2af217ecd7e4242be2b35bc0085eccaf13cc2027
-	* g10/keyserver.c (keyserver_import_fprint_ntds): New.
-	* g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
-	fingerprint in no_local mode.
-
-	gpg: Lookup a missing public key of the current card via LDAP.
-	+ commit b59af0e2a05a3714b0bcbe7e775c6ffacfbc7119
-	* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
-	key from the current card via LDAP.
-	* g10/call-dirmngr.c: Include keyserver-intetnal.h.
-	(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
-	new LDAP flag.
-	* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
-	Replace the use of the value 1 for the former quick arg.
-	(KEYSERVER_IMPORT_FLAG_LDAP): New.
-	* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
-	length.
-	* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
-	* dirmngr/server.c (cmd_ks_get): Add option --ldap.
-
-	scd: Add option --info to emit KEYPAIRINFO by readkey command.
-	+ commit b8df8321e1ef38147f42af1166d2c60805f88b9c
-	* scd/command.c (do_readkey): Implement this.
-	* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
-	parm optional.  Add arg R_ALGOSTR.
-
-2021-05-03  NIIBE Yutaka  <gniibe@fsij.org>
-
-	common: Fix gnupg_wait_processes, by skipping invalid PID.
-	+ commit c2ba6bea4ce81a066765c285c4b7c1dc6d39f144
-	* common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.
-
-2021-05-03  Werner Koch  <wk@gnupg.org>
-
-	agent: Skip unknown unknown ssh curves seen on cards.
-	+ commit bbf4bd3bfcb51e9d91e08ceefba3ff016bae50ff
-	* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
-	curves.
-
-2021-04-29  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: Do not i18n an empty string to the PO files meta data.
-	+ commit a456303ae306fbfda0cf89ff41678d50c24bf6fc
-	* tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
-
-	scd: New option --pcsc-shared.
-	+ commit 5eec40f3d82777b4fb807a9bf1b71422a8caa2f9
-	* scd/scdaemon.h (opt): Add field opcsc_shared.
-	* scd/scdaemon.c (opcscShared): New.
-	(opts): Add "--pcsc-shared".
-	(main): Set flag.
-	* scd/apdu.c (connect_pcsc_card): Use it.
-	(pcsc_get_status): Take flag in account.
-	* scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
-	mode.
-
-	scd: Rewrite READKEY to allow for compressed points.
-	+ commit 96577e2e46e4c5b66a2685cb605e07be0a6a09a5
-	* scd/app-help.c (app_help_pubkey_from_cert): New.  Taken from 2.3.
-	* scd/command.c (cmd_readkey): Rewrite using new helper.
-
-	common: Extend the openpgp_curve_to_oid function.
-	+ commit 5b8593135fa6e88ecc459444ec19b9a824f12a15
-	* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
-	Change all callers.
-
-	common: New module to compute openpgp fingerprints.
-	+ commit f3c98b8cb5adcac17043fa6066b73bd08c8ef41a
-	* common/openpgp-fpr.c: New.
-	* common/Makefile.am (common_sources): Add it.
-
-	common: New function to uncompress an ECC public key.
-	+ commit c825117c5fa562fced0d3cafc22fd878cf615b42
-	* common/sexputil.c (ec2os): New.
-	(uncompress_ecc_q_in_canon_sexp): New.
-
-	* common/t-sexputil.c (fail2): new.
-	(test_ecc_uncompress): New.
-	(main): Run new test.
-
-	common: New function cmp_canon_sexp.
-	+ commit 473e649ea1a69e82b7f99a17fbff4d641936c61c
-	* common/sexputil.c (cmp_canon_sexp): New.
-	(cmp_canon_sexp_def_tcmp): New.
-	* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
-
-	scd: New function send_keyinfo to assist in backporting.
-	+ commit 0eed0ced9bcd3c14621076d26cf4d9f809e1873c
-	* scd/command.c (send_keyinfo): New.
-
-	scd: Minor changes to assist in backporting from 2.3.
-	+ commit 3db99b8861a7544efee13be45d14bbac63c0c868
-	* scd/command.c (send_status_direct): Return an error code.
-	* scd/app-common.h (APP_LEARN_FLAG_REREAD): New.
-
-	scd: Extend an internal function to also return the algo.
-	+ commit 72a7d45a230bf28e2ba7e8a57b702c98998ea0a3
-	* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
-	r_algo.  Change all callers.
-	(app_help_get_keygrip_string): Ditto.
-
-	scd: New function for iso7816 PSO_CSV.
-	+ commit 91dd74f3d7e3630bb7f298fe4d392f8a6cef9acb
-	* scd/iso7816.c (iso7816_pso_csv): New.
-
-	scd: Extend iso7816_select_path.
-	+ commit 855d14d390e8dd8464f2f38187dbccb19a13e815
-	* scd/iso7816.c (iso7816_select_path): Add arg top_fd.
-	* scd/app-nks.c (do_readkey): Adjust for this change
-	(select_ef_by_path: Ditto.
-
-	* common/tlv.h: Include membuf.h.
-
-	scd: Add new status codes.
-	+ commit 3ce69d8387925d444d529ce0bb5beed9e880aad7
-	* scd/apdu.h (SW_SM_NOT_SUP, SW_CC_NOT_SUP, SW_FILE_STRUCT)
-	(SW_NO_CURRENT_EF): New.
-	* scd/apdu.c (apdu_strerror): Map them to strings.
-	* scd/iso7816.c (map_sw): ... and to gpg-error.
-
-	scd: Extend ISO binary and record reading functions.
-	+ commit ec9e8e0d6a1fe47dbf42652c4246e1c34fdf0288
-	* scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
-	change callers.
-	(iso7816_read_record): Factor all code out to ...
-	(iso7816_read_record_ext): New.
-
-2021-04-13  Werner Koch  <wk@gnupg.org>
-
-	gpg: Do not use self-sigs-only for LDAP keyserver imports.
-	+ commit 1303b0ed84da57b48d88343ab43f83546e508aba
-	* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
-	* g10/options.h (opts): New field expl_import_self_sigs_only.
-	* g10/import.c (parse_import_options): Set it.
-	* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
-
-2021-04-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Fix CCID driver for SCM SPR332/SPR532.
-	+ commit f8ae51977ce4079d638d1ae2f3dd1da41c02a6d7
-	* scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
-	(ccid_vendor_specific_setup): Only send CLEAR_HALT.
-	(ccid_transceive_secure): Each time, use send_escape_cmd.
-
-2021-04-06  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix new pseudo option compliance_de_vs.
-	+ commit 18551c6dc2c33f856d05053b27a1210c4c607cef
-	* g10/gpg.c (gpgconf_list): Take opt.compliance also in account.
-
-2021-04-01  Werner Koch  <wk@gnupg.org>
-
-	common: Make the compliance check more robust.
-	+ commit 8ef0f53cb0014026d0d58b8de2133310d96bc1e3
-	* common/compliance.c (get_compliance_cache): New.
-	(gnupg_rng_is_compliant): Use per mode cache.
-	(gnupg_gcrypt_is_compliant): Ditto.
-
-	gpgconf: Return a new pseudo option compliance_de_vs.
-	+ commit 9feffc03f36499162342609897484b4b32fd53a7
-	* tools/gpgconf-comp.c (gc_options_gpg): Add "compliance_de_vs".
-	* g10/gpg.c (gpgconf_list): Return that pseudo option.
-
-2021-03-26  Werner Koch  <wk@gnupg.org>
-	    cbiedl@gnupg.com
-
-	gpgconf: Fix argv overflow if --homedir is used.
-	+ commit a50093893cd100c74a32cbacc749aab582154625
-	* tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too
-	small array.
-
-2021-03-11  Werner Koch  <wk@gnupg.org>
-
-	gpg: New option --force-sign-key.
-	+ commit 87d7b7e07565bdba9e9e8b8698f7094046d4f762
-	* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
-	(main): Set it.
-	* g10/options.h (opt): New flag flags.force_sign_key.
-	* g10/keyedit.c (sign_uids): Use new flag.
-
-2021-03-02  Werner Koch  <wk@gnupg.org>
-
-	sm: Do away with the locked flag in keydb.c.
-	+ commit f3e68e39da7609f594572833528a0f2b9c20bf2d
-	* sm/keydb.c (struct keydb_handle): Remove field locked.
-	(keydb_lock): Remove use of locked flag.
-	(lock_all): Ditto.
-	(unlock_all): Ditto.
-	(keydb_set_flags): Use dotlock_is_locked instead of the locked flag.
-	(keydb_insert_cert): Ditto.
-	(keydb_delete): Ditto.
-	(keydb_search): s/keydb_lock/lock_all/.
-	(keydb_set_cert_flags): Ditto.
-	(keydb_clear_some_cert_flags): Ditto.
-
-	* sm/keydb.c (maybe_create_keybox): s/access/gnupg_access/.
-
-	common: New function dotlock_is_locked.
-	+ commit 67b82a9c607e1488972a85a30015f48c68245af0
-	* common/dotlock.c (dotlock_is_locked): New.
-	(dotlock_take): Set locked flag also in disabled mode.  No more
-	warning if the lock has already been taken.
-	(dotlock_release): Clear locked flag also in disabled mode.  No more
-	warning if the lock has not been taken.
-
-	sm: Lock kbx files also before a search.
-	+ commit 677245ba0e7d6c0bc85ac998f47e3f220b736840
-	* sm/keydb.c (keydb_search): Lock files.
-
-	sm: On Windows close the kbx files at several places.
-	+ commit 2b9ae79ad81a0d3eff011fabe6629e371cd7c5b4
-	* kbx/keybox-search.c (keybox_search_reset) [W32]: Always close.
-
-	* kbx/keybox-init.c (keybox_close_all_files): New.
-	* sm/keydb.c (keydb_close_all_files): New.
-	* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function.
-	(gpgsm_dirmngr_lookup): Ditto.
-	(gpgsm_dirmngr_run_command): Ditto.
-
-	sm: Remove unused function.
-	+ commit c99f3599d80d351dda1400314b43ea8ccdcc7b7d
-	* sm/keydb.c (keydb_insert_cert): Remove.
-	* kbx/keybox-update.c (keybox_update_cert): Remove stub.
-
-2021-03-01  Nicolas Fella via Gnupg-devel  <gnupg-devel@gnupg.org>
-
-	gpg: Keep temp files when opening images via xdg-open.
-	+ commit 0441ed6e1c1d7eac81bfbec6ce51f319d9d20eb7
-	* g10/photoid.c (get_default_photo_command): Change parameter for
-	xdg-open.
-
-2021-03-01  Werner Koch  <wk@gnupg.org>
-
-	sm: Silence some other pkcs#12 import prattle.
-	+ commit e5af401fc4c3294de9a4f10630b200185329230b
-	* sm/minip12.c (parse_bag_data): Print a regular log_info only in
-	verbose mode.
-
-2021-02-24  Werner Koch  <wk@gnupg.org>
-
-	sm: Silence some output on --quiet.
-	+ commit bcdbf0fcf3c1c210504cbed53f524704747deaaa
-	* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
-	* sm/gpgsm.c: Include minip12.h.
-	(set_debug): Call p12_set_verbosity.
-	* sm/import.c (parse_p12): Dump keygrip only in debug mode.
-	* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
-	(parse_bag_encrypted_data): Print info messages only in verbose mode.
-
-2021-02-19  Werner Koch  <wk@gnupg.org>
-
-	scd: Change parameters of readkey fucntion pointer.
-	+ commit 41979ed7308ef3ab1c877d3f110ce9b61eb17bec
-	* scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New.
-	(struct app_ctx_s): Replace param advanced by flags in readkey.
-	Change all users.
-
-	scd: Pass ctrl parameter to more app functions.
-	+ commit 669786cf646d8636de85a3cb8b3aa83ba709d207
-	* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
-	pointers for readkey, setattr, sign, auth, decipher, and check_pin.
-
-	scd: Detect Yubikey and provide nicer display-s/n.
-	+ commit f8588369bcb0e66118725793b53e871ce2acb10d
-	* scd/app-common.h (struct app_ctx_s): Rename unused field
-	card_version to cardversion.
-	* scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey
-	and set cardversion.
-	(app_get_dispserialno): New.
-	* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
-
-	scd: Change the apptype from a string to an enum.
-	+ commit 43b3ec5aee40172890c077485e438d2d4994d81d
-	* scd/app-common.h (cardtype_t): New.
-	(apptype_t): New.
-	(struct app_ctx_s): Change type of field apptype.  Add fields
-	appversion and cardtype.  Adjust all app-*.c for the new type.
-	* scd/app.c (supported_app_list): New.
-	(strapptype): New.
-	(apptype_from_name): New.
-	(app_dump_state): Use strapptype.
-	(app_write_learn_status): Ditto.
-	(app_getattr): Ditto.
-	(check_conflict): Use apptype_from_name and integer comparison.
-	* scd/app-openpgp.c: Replace app->card_version by app->appversion.
-
-	scd: Add some compatibility code for easier backporting.
-	+ commit 6380126b31aacb2e8ad3aae4866d4d384186bf97
-	* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
-	(APP_READKEY_FLAG_INFO): New.
-	(APP_LEARN_FLAG_KEYPAIRINFO): New.
-	(APP_LEARN_FLAG_MULTI): New.
-	(struct app_ctx_s): New forward declaration.
-	(struct app_ctx_s): Add members prep_reselect, reselect, and
-	with_keygrip.
-	(KEYGRIP_ACTION_SEND_DATA): New.
-	(KEYGRIP_ACTION_WRITE_STATUS): New.
-	(KEYGRIP_ACTION_LOOKUP): New.
-	(APP_CARD): New macro.
-	* scd/scdaemon.h: Include app-common.h and remove from all other
-	files.
-	(app_t): Move typedef to ...
-	* scd/app-common.h: here.
-
-2021-02-17  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
-	+ commit 55f46b33df08e8e0ea520ade5f73b321bc01d705
-	* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
-	extension.
-	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
-	hostname - which is NULL and thus the same if not given.  Fix minor
-	error in error code handling.
-
-	dirmngr: Rewrite a weird function by straighter code.
-	+ commit cdc828f6902667196eb3870f9287045afe7144d5
-	* dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp.
-
-2021-01-28  Werner Koch  <wk@gnupg.org>
-
-	Include the library version in the compliance checks.
-	+ commit 6e258babe7ccc52a7fb621339c2e2fc5f0f23bc9
-	* common/compliance.c (gnupg_gcrypt_is_compliant): New.
-	(gnupg_rng_is_compliant): Also check library version.
-	* g10/mainproc.c (proc_encrypted): Use new function.
-	(check_sig_and_print): Ditto.
-	* sm/decrypt.c (gpgsm_decrypt): Ditto.
-	* sm/encrypt.c (gpgsm_encrypt): Ditto.
-	* sm/verify.c (gpgsm_verify): Ditto
-
-2021-01-27  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix ugly error message for an unknown symkey algorithm.
-	+ commit 9037be5f40da409a7734a2672e64345472f294fc
-	* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
-	algorithm.
-
-2021-01-11  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.27.
-	+ commit 0c103cde00098bdf1cec8f27e764300d192210e4
-
-
-	gpg,w32: Fix gnupg_remove.
-	+ commit 3901c1a8c59a436ea4509d5aaebbecc5a0268391
-	* common/sysutils.c (map_w32_to_errno): New.
-	(gnupg_w32_set_errno): New.
-	(gnupg_remove) [w32]: Set ERRNO
-
-2021-01-08  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix --gpgconf-list case with no conf files at all.
-	+ commit 9f37d3e6f307a9460c0a356afa1f8b991c527d6c
-	* g10/gpg.c (get_default_configname): Remove unused function.
-	(main): Provide a proper filename to gpgconf_list.
-
-2021-01-07  Werner Koch  <wk@gnupg.org>
-
-	gpgconf: Fix description of two new options.
-	+ commit ff30fcd3dc78c00ed87ce6bd3414b828bdf51e84
-	* tools/gpgconf-comp.c: Fix auto-key-import and include-key-block.
-
-2020-12-30  Werner Koch  <wk@gnupg.org>
-
-	wkd: Minor permission fix for created files.
-	+ commit fdc54850263b2b888398f95be7816134b45a60d3
-	* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
-	(ensure_policy_file): No need to make the policy file group writable.
-
-2020-12-23  Werner Koch  <wk@gnupg.org>
-
-	gpg: Initialize a variable even in a never used code path.
-	+ commit 83e875a2d1e7560b9626266373c89e6e6eb7cb50
-	* g10/sign.c (write_signature_packets): Init ERR.
-
-2020-12-21  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.26.
-	+ commit c77bb1a750f0e2d6538d23fdc0af0e3ff3d56781
-
-
-	common: Remove superfluous debug output from dotlock.c.
-	+ commit 323a69ef65e0d48fb9d038ecca01a70688ad3325
-	* common/dotlock.c (dotlock_create_unix): Remove debug output.
-
-	doc: Explain LDAP keyserver parameters.
-	+ commit 261fb98c6f034f3f96abee79ea73febd115420ae
-
-
-	common: Fix the "ignore" meta command in argparse.c.
-	+ commit 09dc59f6d43f5e81781429913b8f377581825be0
-	* src/argparse.c (gnupg_argparse): Factor some code out to ...
-	(prepare_arg_return): new.
-	(gnupg_argparse): No missing arg error in ignore sections.
-	* common/sysutils.c: Include pwd.h.
-	(gnupg_getusername): New.
-
-2020-12-18  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix --trusted-key with fingerprint arg.
-	+ commit 8a2e5025eb0f9537a4e776cf2886771a507121f1
-	* g10/trustdb.c (tdb_register_trusted_key): Take care of that
-	other constant.
-
-	dirmngr: Do not block threads in LDAP keyserver calls.
-	+ commit 15bfd189c07ef0f1bb94db0aee9ad26441ddc494
-	* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
-
-	dirmngr: Fix backport of the new option parser from 2.3.
-	+ commit 9b886adba4f83ca462f8015060bcea8a7ceb6bb0
-	* dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
-	gpgconf-dirmngr.conf.
-
-2020-12-17  Werner Koch  <wk@gnupg.org>
-
-	gpg: New AKL method "ntds"
-	+ commit 559efd23e936536435a42646b62fe8c4f8585d38
-	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
-	support for KEYDB_SEARCH_MODE_MAIL.
-	(ks_ldap_get): Add a debug.
-	* g10/options.h (AKL_NTDS): New.
-	* g10/keyserver.c (keyserver_import_ntds): New.
-	(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
-	* g10/getkey.c (parse_auto_key_locate): Support "ntds".
-	(get_pubkey_byname): Ditto.
-
-	dirmngr: Support "ldap:///" for the current AD user.
-	+ commit 776bef74c778c6740a6aac8a05801a958868346d
-	* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
-	* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
-	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
-
-	dirmngr: Allow LDAP searches via fingerprint.
-	+ commit c75fd75532905a2922288e0e8ac01fcd0226fc52
-	* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
-	serverinfo and allow searching by fingerprint.
-	(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
-
-	dirmngr: Store all version 2 schema attributes.
-	+ commit c28cb5282b149f1e34df6f923e88e1998a60cc4a
-	* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
-	* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
-	extract-state and schemav2.  Add data for the new schema version.
-	remove the legacy code to handle UIDs in the "pub" line.
-	(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
-
-
-	This is a backport from 2.3
-
-	dirmngr: Support the new Active Directory schema.
-	+ commit ac8ece92662d83b79b03a369df07362d320fd118
-	* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
-	(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
-	serverinfo arg.  Set the new info flags.
-	(ks_ldap_get): Adjust for change.
-	(ks_ldap_search): Ditto.
-	(ks_ldap_put): Ditto.  Replace xmalloc by xtrymalloc.  Change the DN
-	for use with NTDS (aka Active Directory).
-
-	dirmngr: Do not store the useless pgpSignerID in the LDAP.
-	+ commit 0e88c73bc94fbca224f06d95bb024030bb3a73bb
-	* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
-	pgpSignerID.
-	* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
-
-	dirmngr: Fix adding keys to an LDAP server.
-	+ commit e47de853820000ddf383e7b790fbc435e3378d66
-	* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
-	addlist.
-
-2020-12-16  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
-	+ commit 3c55e15cee4bfed6ef96fbc97a0d2f00afceebe3
-	* scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
-	call libusb_clear_halt.
-
-	scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
-	+ commit 585cfca0a60bd910012a8a2218f74889840b2546
-	* scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.
-
-2020-12-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd:openpgp: Fix writing ECC key to card.
-	+ commit 5a03bf61304d0c2c8b4df53a1a7680cd0eb91cb1
-	* scd/app-openpgp.c (build_privkey_template): Adding another argument
-	of ecc_d_fixed_len to handle variable-size MPI.
-
-2020-12-04  Werner Koch  <wk@gnupg.org>
+	scd:ccid-driver: Fix pinpad error handling for cancel/timeout.
+	+ commit bb591222c3c5cb1a1750b1b1dd26d0bc53b347cb
+	* scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New.
+	* scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New.
+	(CCID_DRIVER_ERR_UI_TIMEOUT): New.
+	* scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error.
+	* scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and
+	SW_HOST_UI_TIMEOUT.
 
-	Backport of the new option parser from 2.3.
-	+ commit a028f24136a062f55408a5fec84c6d31201b2143
-	* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
-	* common/argparse.c, common/argparse.h: Rewrite.
-	* tests/gpgscm/main.c: Switch to the new option parser.
+2020-11-26  Werner Koch  <wk@gnupg.org>
 
-	* g10/gpg.c: Switch to the new option parser and enable a global conf
-	file.
-	* g10/gpgv.c: Ditto.
-	* agent/gpg-agent.c: Ditto.
-	* agent/preset-passphrase.c: Ditto.
-	* agent/protect-tool.c: Ditto.
-	* scd/scdaemon.c: Ditto.
-	* dirmngr/dirmngr.c: Ditto.
-	* dirmngr/dirmngr_ldap.c: Ditto
-	* dirmngr/dirmngr-client.c: Ditto.
-	* kbx/kbxutil.c: Ditto.
-	* tools/gpg-card.c: Ditto.
-	* tools/gpg-check-pattern.c: Ditto.
-	* tools/gpg-connect-agent.c: Ditto.
-	* tools/gpg-pair-tool.c: Ditto.
-	* tools/gpg-wks-client.c: Ditto.
-	* tools/gpg-wks-server.c: Ditto.
-	* tools/gpgconf.c: Ditto.
-	* tools/gpgsplit.c: Ditto.
-	* tools/gpgtar.c: Ditto.
-	* g13/g13.c: Ditto.
-	* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
-	* sm/gpgsm.c: Ditto. Add option --no-options.
+	agent: Fix YK s/n and prettify the request card prompt for Yubikeys.
+	+ commit 7113263a00d8c9b09f0dfdb9590bfe2bab1bc776
+	* agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
+	prompt.
+	* scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
+	(card_get_dispserialno): Ditto.
+	* scd/app-openpgp.c (get_disp_serialno): Remove.
+	(get_prompt_info): Use app_get_dispserialno.--
+
+	scd: Do not try to use a non-enabled app after card switching.
+	+ commit d784e763495c8d53e29a2debdd9c0e0578f15a6a
+	* scd/app.c (app_dump_state): Also print the refcount.
+	(maybe_switch_app): Make sure the app exists on the card.
+
+	scd: Add special serialno compare for OpenPGP cards.
+	+ commit 764c69a841abc1a4dff2fa86b4cd0b63ec737860
+	* scd/app.c (is_same_serialno): New.
+	(check_application_conflict): Use this.
+	(select_application): Ditto.
+	(app_switch_current_card): Ditto.
+	* scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
+	compare case insensitive.
+
+2020-11-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Report an error for receiving key from agent.
+	+ commit 605ab99912ac632363d1b4378a710229e40ca99e
+	* g10/export.c (do_export_one_keyblock): Report an error.
+
+	scd,nks: Fix caching keygrip.
+	+ commit 920154370834ad8d947aed19c9d914a27dde6baa
+	* scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
+	available.
 
-2020-12-02  Werner Koch  <wk@gnupg.org>
+2020-11-25  Werner Koch  <wk@gnupg.org>
 
-	kbx: Better error message in case of a crippled Libgcrypt.
-	+ commit acafa695e1e7998b892a6a621ef06d57bbc82722
-	* kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
+	scd:p15: Print the internal card type.
+	+ commit 00037f499db830c75fee2111dfbef72fa11bd98a
+	* scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
 
-2020-12-01  Jens Meißner  <meissner@b1-systems.de>
+	scd:p15: Improve support for some CardOS based cards.
+	+ commit c7b9a4ee439eca5a4bde4781f7d8983af3b9201e
+	* scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
+	change callers.
+	(iso7816_read_record): Factor all code out to ...
+	(iso7816_read_record_ext): new.
+	* scd/app-p15.c (select_and_read_binary): Fallback to record reading.
+	(read_ef_aodf): Clear EOF error.
+
+	scd: Rework the handling of the displayed serial number.
+	+ commit 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7
+	* scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys.
+	(app_munge_serialno): Handle Yubikey serial numbers.
+	(card_get_serialno): Remove special Yubikey treatment.  Drop arg
+	is_canonical.
+	(app_get_serialno): Clear ERRNO on error.
+	(card_get_dispserialno): New.  Also change formatting of Yubikey and
+	OpenPGP numbers to match those printed on the card.
+	(app_get_dispserialno): New.
+	* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
+	(yubikey_get_serialno): Remove.
+	* scd/app-piv.c (get_dispserialno): Remove.
+	(do_getattr): Use app_get_dispserialno.
 
-	doc: Add parameters for batch generation of ECC keys.
-	+ commit a3f95a29b97d603c606936620e4638cc6db10ec9
-	* doc/gpg.texi: Add parameters for batch generation of ECC keys.
+2020-11-25  NIIBE Yutaka  <gniibe@fsij.org>
 
-2020-11-27  NIIBE Yutaka  <gniibe@fsij.org>
+	scd: Fix an error return for READKEY.
+	+ commit c3a20c88fb30b0fc4ce50a01de97fae333003682
+	* scd/command.c (cmd_readkey): Return when error.
 
-	common: Fix fallback handling to utf-8.
-	+ commit 7d7a50ba7231bd4432b1254c7067a7f287890632
-	* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
+	scd,nks: Fix SEGV for learn for older card.
+	+ commit 006944b856ee2202905290e8a2f5523a7877d444
+	* scd/app-nks.c (keygripstr_from_pk_file): Set algostr.
 
-2020-11-23  Werner Koch  <wk@gnupg.org>
+2020-11-20  NIIBE Yutaka  <gniibe@fsij.org>
 
-	Release 2.2.25.
-	+ commit 40f75823d25548abbc52dd6121963a55d99b1230
+	gpg: Change API of agent_scd_serialno.
+	+ commit 777019faf0b8f10a897c3ee477d35f9b29f02224
+	* g10/call-agent.c (agent_scd_serialno): Extend API to allow with
+	R_SERIALNO == NULL.
+	* g10/card-util.c (card_status): Use NULL for agent_scd_serialno.
+	(factory_reset): Likewise.
+	* g10/skclist.c (build_sk_list): Likewise.
 
+	Fix the previous comment changes help doc string.
+	+ commit cc8b99d18e26397028ca185e44d0886a94cc1bf6
+	* scd/command.c (hlp_learn): Fix the doc string.
 
 2020-11-19  Werner Koch  <wk@gnupg.org>
 
 	gpgconf: Also print revision of libksba.
-	+ commit 6594dc31f58916b6f8b31de070e85d56221e3b94
+	+ commit 4070f302e4decc8d54d1305cbd30f6dab052ef7e
 	* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
 	string.
 	(gpgconf_versions): Print ksba revision.
 
-2020-11-19  Jakub Bogusz  <qboosh@pld-linux.org>
-
-	po: Update Polish translation.
-	+ commit f7cbf68fdd1e42cdbabec7e06f2149f6b3f1d1dc
-
-
 2020-11-19  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd:openpgp: Public keys should be available for check_keyidstr.
-	+ commit 84020385be19556800b22cc5b0ce098acd424298
-	* scd/app-openpgp.c (check_keyidstr): Call get_public_key.
-
-2020-11-17  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.24.
-	+ commit 5751c48035764d938ae0459fcecd37194133bfb7
-
-
-2020-11-16  Werner Koch  <wk@gnupg.org>
-	    NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd:openpgp: Allow keygrip to be used to reference a key.
-	+ commit 1049f06c6d2e1a833af4c73ea67a05417bbd0967
-	* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
-	(store_keygrip): New.
-	(read_public_key): Store the keygrip.
-	(get_public_key): Sitto.
-	(send_keypair_info): USe the stored keygrip.
-	(check_keyidstr): New.  Factored out from other functions and
-	extended.
-	(do_sign): Use check_keyidstr.
-	(do_auth): Ditto.
-	(do_decipher): Ditto.
-	(do_check_pin): Ditto.
+	agent: Fix creating shadow key on card key generation.
+	+ commit 8ddadbbdbbe20b9e87eb2bfa142577e26dae297e
+	* agent/command.c (cmd_readkey): Fix handling --card option.
+
+	gpg: Fix --card-edit command.
+	+ commit e45455d3020ca8f21c54112b6dfb1cc9bd3f2623
+	* g10/card-util.c (get_info_for_key_operation): Revert the change.
+
+2020-11-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Update to newer autoconf constructs.
+	+ commit d66fb3aa53a6c4a815fe35a15e3c61886c5df628
+	* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
+	AC_TRY_COMPILE.  Use AC_RUN_IFELSE instead of AC_TRY_RUN.
+	(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
+	* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
+	Use AS_HELP_STRING instead of AC_HELP_STRING.
+	(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
+	(AC_TYPE_SIGNAL): Remove.
+	* m4/isc-posix.m4: Remove.
+	* m4/codeset.m4: Update from gnulib.
+	* m4/gettext.m4: Update from gnulib.
+	* m4/lcmessage.m4: Update from gnulib.
+	* m4/socklen.m4: Update from gnulib.
+	* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
+	Use AC_LINK_IFELSE instead of AC_TRY_LINK.
+	Use AC_RUN_IFELSE instead of AC_TRY_RUN.
+	* m4/gpg-error.m4: Update from libgpg-error.
+	* m4/readline.m4: Update from libgpg-error.
+	* m4/npth.m4: Update from npth.
+	* m4/libassuan.m4: Update from libassuan.
+	* m4/libgcrypt.m4: Update from libgcrypt.
+	* m4/ksba.m4: Update from libksba.
+	* m4/ntbtls.m4: Update from ntbtls.
+	* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
+	RETSIGTYPE to void.
+	[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
+
+	build: Use modern Autoconf check for types.
+	+ commit aeeb8e975dc740cb79954de7fec4fcfe902d3a42
+	* common/types.h: Use HAVE_TYPE_BYTE, HAVE_USHORT_TYPEDEF,
+	HAVE_ULONG_TYPEDEF, HAVE_U16_TYPEDEF, and HAVE_TYPE_U32.
+	* configure.ac (byte, ushort, ulong, u16, u32): Use AC_CHECK_TYPES.
 
 2020-11-13  Werner Koch  <wk@gnupg.org>
 
-	gpg: Provide better diagnostic for replaced card keys.
-	+ commit 5d98f95aa90c290a88ce97525d9f98f0aaf9e5aa
-	* agent/divert-scd.c (divert_pksign): Add arg 'grip'.  Replace OPENPGP
-	key reference to keygrips.
-	(divert_pkdecrypt): Ditto.
-	* agent/protect.c (parse_shadow_info): Trim spaces.
-	* agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
-	* agent/pksign.c (agent_pksign_do): Ditto.
-
-	* g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
-	id error.
-	* g10/sign.c (do_sign): Ditto.
-
 	gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
-	+ commit aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
+	+ commit e37c2e184448f64e285f925ab9636b5f21be99f7
 	* g10/keydb.h (pref_hint): Change from union to struct and add field
 	'exact'.  Adjust callers.
 	* g10/pkclist.c (algo_available): Take care of the exact hint.
-	* g10/sign.c (sign_file): Fix indentation.  Rework the hash from
+	* g10/sign.c (sign_file): Rework the hash detection from
 	recipient prefs.
 
 2020-11-12  Werner Koch  <wk@gnupg.org>
 
 	gpgconf: Yet another fix for --apply-profile.
-	+ commit f400ff4e7dfb424fbfcf7dfc5f80d89757ece5ab
+	+ commit e546cc78b75978a696298f2fcc072faeb7f69be4
 	* tools/gpgconf.c (main): Use gnupg_homedir instead of
 	default_homedir.  Check for existance of the directory.
 
-	scd: Skip unknown options in command SERIALNO.
-	+ commit 7076f6cafbac0cfbb3ab11e0f27c5d04ca956e8f
-	* scd/command.c (cmd_serialno): Skip options.
-
 2020-11-11  Werner Koch  <wk@gnupg.org>
 
-	gpg: Support brainpool keygen with "key from card".
-	+ commit 966fe1e9d98a0345da9b506ce9be0ad398f12d43
-	* g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist
-	curves.
+	w32: Replace some fopen by es_fopen.
+	+ commit d574213ce21c495d9432eeb5956e8857826876c6
+	* agent/protect-tool.c (read_file): Replace fopen by es_fopen.
+	* dirmngr/dirmngr-client.c (read_pem_certificate):  Ditto.
+	(read_certificate): Ditto.
+	* g10/keydb.c (rt_from_file): Ditto.
+	* kbx/kbxutil.c (read_file): Ditto.
+	* g10/plaintext.c (get_output_file) [__riscos__]: Remove code.
 
-2020-11-10  Werner Koch  <wk@gnupg.org>
+2020-11-11  NIIBE Yutaka  <gniibe@fsij.org>
 
-	w32: Support Unicode also for config files etc.
-	+ commit 163e4ff1959788781403ddf85f808054de414fd6
-	* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
-	new function in most places where fopen is used.
+	gpg: Fix the previous commit.
+	+ commit dd2703096f3ee7f4b6b96e2b649daf85aa8d6030
+	* g10/delkey.c (do_delete_key): Fix the condition for the error.
 
-	w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
-	+ commit 9188a3c6b7eb871f711a0979620ca72f99522d53
-	* common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.
+2020-11-10  NIIBE Yutaka  <gniibe@fsij.org>
 
-2020-11-09  NIIBE Yutaka  <gniibe@fsij.org>
+	gpg: In batch mode, delete-secret-key is not okay without --yes.
+	+ commit f9bbc751633f38f58fecb71c33aae735e9b30241
+	* g10/delkey.c (do_delete_key): Emit an error when not --yes.
 
-	scd: Internal CCID driver: Fix a race condition on close.
-	+ commit 8e206c1721564c91dd05ea46b5262670011155ab
-	* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
-	return 0 only at the initial call.
-	(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
-	the loop, to invoke scd_update_reader_status_file, which calls
-	ccid_slot_status again.
-	(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
-	(ccid_get_atr): ... here.
+	gpg: Fix agent_delete_key interaction.
+	+ commit 9854369a729b9fde43eac2e2f7154f5187378787
+	* g10/call-agent.c (agent_delete_key): Set up CTX.
 
 2020-11-09  Werner Koch  <wk@gnupg.org>
 
+	card: Run factory-reset in locked stated also in gpg-card.
+	+ commit 12fd10791f1dec4ec42810d7b92c69e1ae2327b9
+	* tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs.
+	* tools/card-misc.c (send_apdu): Handle them.
+	* tools/gpg-card.c (cmd_factoryreset): Use lock commands.
+
 	card: Run factory-reset in locked stated.
-	+ commit 7f765a98fd662f345baf30d93392103e5f85ace1
+	+ commit 8fb0d5e3c775f40e321689b35431d81425406237
 	* scd/command.c (reset_notify): Add option --keep-lock.
 	(do_reset): Add arg keep_lock.
 	(cmd_lock): Send progress status.
@@ -2662,49 +1503,72 @@
 	* g10/card-util.c (send_apdu): Ditto.
 	(factory_reset): Use lock commands.
 
-	gpg: Fix recent commit for weak digest algos and smartcards.
-	+ commit 21d5323f5d029758fd55eae1dfdfb88b718ceada
-	* g10/sign.c (sign_file): Fix condition.
+	gpg: Do not print rejected digest algo notes with --quiet.
+	+ commit e08e1d62d089a154ec5d7c80cd58e8e3b18d2d6b
+	* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
+	(print_sha1_keysig_rejected_note): Ditto.
+
+2020-11-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Fix SOS handling when exporting SSH key with libgcrypt 1.8.
+	+ commit bf3a9377d147d8a83d9c71ca5a7284897c913951
+	* g10/export.c (key_to_sshblob): Fix SOS correctly.
 
-	Require libksba 1.3.5.
-	+ commit 549dc8cfe9a44fe7eb8a6a90662d4cbb1958a556
-	* configure.ac (NEED_KSBA_VERSION): Set to 1.3.5.
+	agent: Fix SOS handling with libgcrypt 1.8.
+	+ commit ba4f68416742eb241ec5490d16f88b0eb0bdc811
+	* agent/cvt-openpgp.c (apply_protection): Handle opaque MPI.
 
-	Require Libgpg-error 1.27.
-	+ commit fc01ae50718b4030fbfdf3ca65ddb3e3107eacda
-	* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
-	* common/util.h: Remove compatibility macros.
+2020-11-06  Werner Koch  <wk@gnupg.org>
 
-	Require Libgcrypt 1.8.
-	+ commit 99ab3aed15c8a84347e39fbe49bd5748aeefe31a
-	* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
-	* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
-	for Libgcrypt < 1.8.
-	* common/compliance.c (gnupg_rng_is_compliant): Ditto.
-	* agent/pksign.c: Ditto.
-	* agent/gpg-agent.c (thread_init_once): Ditto.
-	(agent_libgcrypt_progress_cb): Ditto.
-	* agent/command.c (cmd_getinfo): Ditto.
+	agent: Minor tweaks to the new genpin inquiry.
+	+ commit c896112fa3f7f3289b5198bfac992160feb0ad0a
+	* agent/call-pinentry.c (generate_pin): Use STRING random which is
+	sufficient for a passphrase.
+	(inq_cb): s/rc/err/.  Do not print two errors in case generate_pin
+	fails.  Lowercase strings as per GNU standards.
+	(setup_genpin): Fix translation test.
+	(setup_qualitybar): Ditto.
 
-2020-11-09  Ben Kibbey  <bjk@luxsci.net>
+2020-11-06  Andre Heinecke  <aheinecke@gnupg.org>
+
+	agent: Add genpin inquiry for pinentry.
+	+ commit 557ddbde32585c534626b57a595a2ccf28fd585e
+	* agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
+	(do_getpin): Update with new name for inquire callback.
+	(inq_quality): Rename to inq_cb and add genpin support.
+	(inq_cb): Renamed form inq_quality.
+	(generate_pin): New helper to generate a pin.
+	(agent_askpin): Fix some typos.
+	(setup_genpin): Provide new strings for pinentry.
+
+2020-11-05  Ben Kibbey  <bjk@luxsci.net>
 
 	gpg: Add canceled status message.
-	+ commit f05d1772c47b71cf77f79519b8edbc682002d303
+	+ commit 31e47dfad0f40e31e8b3113b933696e8e4105136
 	* common/status.h (STATUS_CANCELED_BY_USER): New.
 	* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
 	instead of STATUS_MISSING_PASSPHRASE when canceled is set.
 
-2020-11-09  Werner Koch  <wk@gnupg.org>
+2020-11-05  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpg: Do not print rejected digest algo notes with --quiet.
-	+ commit c373735e79a1b6240e9eca972c2bbb0c9f3247c4
-	* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
-	(print_sha1_keysig_rejected_note): Ditto.
+	scd: Use lock_slot for apdu_send_direct.
+	+ commit f808012ac2cf67ec563da178d963f300a7f2564d
+	* scd/apdu.c (apdu_send_direct): Use lock_slot.
+
+	scd: Internal CCID driver: Fix a race condition on close.
+	+ commit 484bafda4dbf5ffe9e7c41ef24fbc5bd791a3b32
+	* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
+	return 0 only at the initial call.
+	(bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
+	the loop, to invoke scd_update_reader_status_file, which calls
+	ccid_slot_status again.
+	(ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
+	(ccid_get_atr): ... here.
 
 2020-11-04  Werner Koch  <wk@gnupg.org>
 
 	speedo,w32: Install gpg-check-pattern and example profiles.
-	+ commit a4fa4b5d4ba38e51436914505af1a8f3483ed945
+	+ commit f5a81953e172a7bb4d02f2dc0e398f379c39ec84
 	* doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
 	* doc/examples/Automatic.prf: New.
 	* doc/Makefile.am (examples): Adjust.
@@ -2713,17 +1577,16 @@
 	* build-aux/speedo/w32/wixlib.wxs: Add new files.
 
 	g13: Include a now missing header file.
-	+ commit d4089b04a5f15c1cc1a4809cb8f0d59fc1cdf564
+	+ commit b7f4e2d71fe3dee680f834cfc3dd620352830147
 	* g13/create.c: Include sysutuls.h
-	* g13/sh-dmcrypt.c: Ditto.
 
 	gpgconf: Make sure the homedir exists for --apply-profile.
-	+ commit 1fbf085bc8b4a92772d1da8bfea507f4f97434b1
+	+ commit 7d95f2e7e7a09e3d433d449b117e3470f9dd38c7
 	* tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
 	standard home directory.
 
 	common: Fix duplicate implementation of try_make_homedir.
-	+ commit 6fe5c8c06e8cd162913ee5b0eb741eb4beebf44a
+	+ commit dabc314b71378f585fac2753149f3358e32ec621
 	* g10/openfile.c (try_make_homedir): Move core of the code to ...
 	* common/homedir.c (gnupg_maybe_make_homedir): new.
 	* sm/keydb.c (try_make_homedir): Implement using new function.
@@ -2734,11 +1597,11 @@
 2020-11-04  Andre Heinecke  <aheinecke@gnupg.org>
 
 	w32: Add another pinentry search path.
-	+ commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596
+	+ commit c8f6f6bbc8b203e633d382aa84862807c1aeb3d1
 	* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
 
 	w32: Add windows subsystem variant of gpgconf.
-	+ commit c366e04958481382c3f7b50f169120053186069b
+	+ commit e2659f4bf603693c43af0444239bc52744291edc
 	* tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
 	subsystem windows.
 	* build-aux/speedo/w32/wixlib.wxs: Package it.
@@ -2746,57 +1609,88 @@
 2020-11-03  Werner Koch  <wk@gnupg.org>
 
 	w32: Fix strftime problem on Windows.
-	+ commit d633e92233f4a4afc82d3d9282220f303974525b
+	+ commit e8aae18b997b3fdbfac86c644be94044aa67224d
 	* common/gettime.c: Include locale.h.
 	(asctimestamp): Increase buffer.  On Windows use setlocale.
 
 	gpg: Switch to AES256 for symmetric encryption in de-vs mode.
-	+ commit 166e779634ea5fe2a7beeb186807e3a81128c717
+	+ commit d1f2a6d9f71cf50318f4891c84aeedb975553896
 	* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
 	mode.
 	* g10/encrypt.c (setup_symkey): Add extra compliance check.
 	(encrypt_simple): Avoid printing a second error oncplinace failure.
 
-2020-11-03  Andre Heinecke  <aheinecke@gnupg.org>
-
-	po: Major update of italian translation.
-	+ commit ccecdc1f34a973dcd8d00b6ee9c830e0ddc8d08b
-	* po/it.po: Update to a recent 2.2 version.
-
 2020-11-02  Werner Koch  <wk@gnupg.org>
 
 	gpg: Allow setting notations with the empty string as value.
-	+ commit f007d79533e638e395e1a3cf99233fd900cc805c
+	+ commit e1bafa3574ccd56d9f8f8c1deb3d8fb9fd7025cc
 	* g10/misc.c (pct_expando): Catch special case of the empty string.
 	Also map a NULL to the empty string.
 	* g10/photoid.c (show_photos): Make an empty string used as command
 	fail.
 
+	build: Remove m4 macro defs which are not anymore used.
+	+ commit 6397cf5fbe3bbc1f616431b011f76e031a387d4c
+	* configure.ac (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Do not use.
+	* acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Remove unused macro
+	defs.
+	(GNUPG_CHECK_FAQPROG): Ditto.
+	(GNUPG_CHECK_DOCBOOK_TO_TEXI): Ditto.
+	(GNUPG_CHECK_MLOCK): Ditto.
+
 	gpg: Do not use weak digest algos if selected by recipient prefs.
-	+ commit 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a
+	+ commit 15746d60d492f5792e4a179ab0a08801b4049695
 	* g10/misc.c (is_weak_digest): New.
 	(print_digest_algo_note): Use it here.
 	* g10/sig-check.c (check_signature_end_simple): Use it.
 	* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
 	the least of weak digest algorithm.
 
-2020-10-30  Ingo Klöcker  <dev@ingo-kloecker.de>
+2020-11-02  Ingo Klöcker  <dev@ingo-kloecker.de>
 
 	gpg: Fix iteration over signatures.
-	+ commit 8a941428086bc173a65d4e8687308ca923394738
+	+ commit b004701adca89ba85f75e12a4d284297147fe4f2
 	* g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node
 
+2020-11-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	kbx: Don't put zero-byte for ECC.
+	+ commit 8211d0bc3ba5ed15d0668050c08a6e28228b08a4
+	* kbx/keybox-openpgp.c (parse_key): Only put zero for non-ECC.
+
+	gpg: Fix debug output for key_check_all_keysigs with opaque MPI.
+	+ commit 90c3d623ce37695a1eb29c0a7276b23490d14603
+	* g10/key-check.c (key_check_all_keysigs): Handle opaque MPI.
+
+	gpg: Fix check_signature2 for opaque MPI.
+	+ commit 029ba6dc961c683d6683c97667d3c0e103738aa4
+	* g10/sig-check.c (check_signature2): Handle the case of opaque MPI.
+
+	gpg: Change the API for checksum to use const qualifier.
+	+ commit 21d8927f794bd901b13feaaac6d31d463349a64f
+	* g10/main.h (checksum): Use const.
+	* g10/misc.c (checksum): Use const.
+
+	gpg: Fix counting buffer size in check_signature2.
+	+ commit 3151210e455f14848921fac838a5064749258d9f
+	* g10/sig-check.c (check_signature2): Use GCRYMPI_FMT_PGP.
+
 2020-10-30  NIIBE Yutaka  <gniibe@fsij.org>
 
-	agent: Fix secret key import for Ed25519.
-	+ commit ba321b60bc3bfc29dfc6fa325dcabad4fac29f9c
-	* agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the
-	beginning of MPI.
+	gpg: Fix SOS handling with libgcrypt version <= 1.8.
+	+ commit 813e24108a139c8059dad8bc679b2ab76b807ed9
+	* g10/misc.c (checksum_mpi): Don't depend new feature
+	of gcry_mpi_print which supports opaque MPI.
+
+	gpg: Fix first zero-byte case for SOS handling.
+	+ commit dd4fb1c8f668f78fbcf5052e80c5c40d4cdad20c
+	* g10/export.c (transfer_format_to_openpgp): Check the first byte.
+	* g10/pkglue.c (sexp_extract_param_sos): Likewise.
 
 2020-10-28  Werner Koch  <wk@gnupg.org>
 
 	gpg: New command --quick-revoke-sig.
-	+ commit 7ec56b033647a1b14d56f771d51c563dbd25f1b7
+	+ commit 243f9176e799b2328f2e5bed93099bfc474fdc5a
 	* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
 	(opts): Add --quick-revoke-sig.
 	(main): Implement.
@@ -2804,25 +1698,107 @@
 	adjust all callers.
 	(keyedit_quick_revsig): new.
 	* g10/revoke.c (get_default_sig_revocation_reason): New.
+	* g10/keylist.c (cmp_signodes): Make global.
+
+2020-10-27  Werner Koch  <wk@gnupg.org>
+
+	gpg: Sort the signatures in standard key listings.
+	+ commit 742e2729f4bcadfeb93260107462f4faa108d3b2
+	* g10/gpg.c (parse_list_options): Add "sort-sigs".
+	(main): Make it the default.
+	* g10/options.h (LIST_SORT_SIGS): New.
 	* g10/keylist.c (cmp_signodes): New.
+	(list_keyblock_print): Sort signatures and factor signature printing
+	code out to ...
+	(list_signature_print): new.
+
+2020-10-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Handle canonical serialno and app specific serialno differently.
+	+ commit e59d2b3632d8c778bd2c4375a1c3ba9c786c4360
+	* scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg.
+	* scd/app.c (app_send_devinfo): Use app specific serialno.
+	(card_get_serialno): Support two different cases.
+	(app_get_serialno): Return app specific serialno.
+	(send_serialno_and_app_status): Return canonical serialno.
+	* scd/command.c (cmd_serialno): Return app specific serialno.
+	(cmd_learn): Return canonical serialno.
+
+2020-10-26  Werner Koch  <wk@gnupg.org>
+
+	g10: Make call to agent_scd_serialno more robust.
+	+ commit 0f780b1aebb1b1bde219401735a1c24c1f0a7978
+	* g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored
+	on error at r_serialno.
+	* g10/card-util.c (card_status): Simplify freeing of seriaono.
+	(factory_reset): Ditto.
 
 2020-10-26  NIIBE Yutaka  <gniibe@fsij.org>
 
+	scd: Flush the cache when writing cert data object.
+	+ commit 8264b10d33e46d2caac2f2c38ccb5f764c31ad77
+	* scd/app-piv.c (do_writecert): Flush the cache of the data object.
+
+	gpg: Fix double free on error.
+	+ commit a153d0f7691486efe0aadfb1e226544ae6d20ffd
+	* g10/card-util.c (card_status): Check an error return.
+
+	gpg,tools: Fix detecting OpenPGP card by serialno.
+	+ commit 157f1de64e437cecd75335e9f4077ba9835e3da0
+	* tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
+	APP.
+	* g10/card-util.c (get_info_for_key_operation): Likewise.
+	(current_card_status): Even if its SERIALNO is not like OpenPGP card,
+	it's OpenPGP card when app says so.
+
 	scd: Internal CCID driver thing only for SPR532.
-	+ commit 38040ffee81e3c7a6972c9eae42af44eaaeb6ce6
+	+ commit 31def32eeed8cff705ca827e4bbc0bfcc80c512f
 	* scd/ccid-driver.c (ccid_vendor_specific_setup): New.  Limit
 	only for SPR532, excluding other readers by SCM.
 	(ccid_slot_status): Use ccid_vendor_specific_setup.
 
+2020-10-24  NIIBE Yutaka  <gniibe@fsij.org>
+
 	scd: Internal CCID driver limiting only for SPR532.
-	+ commit d1c9cc3ca03d2134a0feecab6db3c4af308c7fa7
+	+ commit 3c6b5dfa2a2379a5f5eaa052f7dbc73462097425
 	* scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
 	SPR532.
 
 2020-10-23  Werner Koch  <wk@gnupg.org>
 
+	common: Allow building with released libgpg-error.
+	+ commit 32f336d9555f18464d72a5068c290ab82ee92617
+	* common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt.
+
+2020-10-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Handle Yubikey's multiple apps and serialno.
+	+ commit 2d4de4b6f06c87cd0f72b2a0d09950e1b50841b2
+	* scd/app-common.h (yubikey_get_serialno): New.
+	* scd/app-openpgp.c (yubikey_get_serialno): New.
+	* scd/app.c (card_get_serialno): Use OpenPGP app's serialno,
+	when it's enabled for Yubikey.
+	(send_serialno_and_app_status): Use card_get_serialno, not
+	directly accessing ->serialno.
+
+	scd: Use app_get_serialno for app_getattr.
+	+ commit c8cc35dd2c106d91a793667690c0b200560d5d2d
+	* scd/app.c (app_getattr): Use app_get_serialno.
+
+	scd: Don't overwrite serialno for Yubikey.
+	+ commit 65c91e601ae93aee1a5fa399d4a5d4498ad76eda
+	* scd/app-openpgp.c (app_select_openpgp): Keep ->serialno.
+
+	scd,openpgp: Use app_get_serialno function to get SERIALNO.
+	+ commit 41505f0ae544535b524a409d87aa2540607fc9a4
+	* scd/app-openpgp.c (check_keyidstr): Don't directly access
+	app->serialno, but use app_get_serialno.
+	(do_with_keygrip): Likewise.
+
+2020-10-21  Werner Koch  <wk@gnupg.org>
+
 	common: New functions gnupg_opendir et al.
-	+ commit 5f8123df7856b724a062177026fe669ae49be263
+	+ commit 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
 	* common/sysutils.h (struct gnupg_dirent_s): New.
 	* common/sysutils.c: Include dirent.h.
 	(struct gnupg_dir_s): New.
@@ -2830,177 +1806,101 @@
 	callers of opendir, readdir, and closedir to use these functions.
 
 	w32: Make gnupg_remove and gnupg_rename_file Unicode aware.
-	+ commit 4252cd7b18b41a0d91076e46df9ba857e743406b
+	+ commit 9a0197b6fe412cfc66b0cece521267180e454416
 	* common/sysutils.c (w32_rename): New.
 	(gnupg_rename_file) [W32]: Support Unicode.
 	(gnupg_remove) [W32]: Support Unicode.  Drop Windows-CE support.
 
+2020-10-20  Werner Koch  <wk@gnupg.org>
+
 	Replace all calls to stat by gnupg_stat.
-	+ commit 157030271f2d88d0756788a60c43e455870ec124
+	+ commit 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6
 	* common/sysutils.c (gnupg_stat): New.
 	* common/sysutils.h: Include sys/stat.h.
 
-	Replace most calls to open by a new wrapper.
-	+ commit 86e52e3c33843f67a7972181ccbf33b48a40e557
-	* common/sysutils.c (any8bitchar) [W32]: New.
-	(gnupg_open): New.  Replace most calls to open by this.
-	* common/iobuf.c (any8bitchar) [W32]: New.
-	(direct_open) [W32]: Use CreateFileW if needed.
-
-2020-10-21  Werner Koch  <wk@gnupg.org>
-
-	w32: Allow Unicode filenames for dotlock.
-	+ commit d65ea29683eeecfcf12e74744a490e8acfc1a5cf
-	* common/dotlock.c (any8bitchar) [W32]: New.
-	(dotlock_create_w32): Use strconcat and CreateFileW.
-
-	* common/t-dotlock.c: Source include dotlock.c and modify to allow
-	manual testing on Windows.
-
-	Replace all calls to access by gnupg_access.
-	+ commit dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
-	* common/sysutils.c (gnupg_access): New.  Replace all calls to access
-	by this wrapper.
-	* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
-	directory name.
-	(standard_homedir): Adjust for change.
-	(w32_commondir, gnupg_cachedir): Ditto.
-
-2020-10-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Add a workaround for Yubikey.
-	+ commit 25bec16d0bdcb9829a7b35c403cbb778b3b0c097
-	* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
-
-	scd: Silence compiler warning.
-	+ commit 0f4c956a76614bebf0f86bef79eba0e850e23df4
-	* scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
-
-	scd: Report any error for LEARN command.
-	+ commit 7c8823bf82daade7417aeaebc34fefe3aa7c1856
-	* scd/app-openpgp.c (do_learn_status): Report any error.
-
-	scd: Internal CCID driver: More fix for SPR532.
-	+ commit 1f1b68eef72bed9bb7ac1eb8102f6f51d587dbc0
-	* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
-
-	scd: Internal CCID driver fix.
-	+ commit 33a2d4bd7ffc6ad10d7ddb0f29fe4e21609806f7
-	* scd/ccid-driver.c (intr_cb): More useful debug output.
-	(ccid_slot_status): Remove redundant condition.
-
-	scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
-	+ commit 48565e7a08d64e3628da8baa80541841af0a6166
-	* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
-	(ccid_vendor_specific_init): Don't call libusb_clear_halt.
-
-	scd: Internal CCID driver: Fix a failure path.
-	+ commit 30693dfb6fe970dba195bf00a77d854e6fbc1ed0
-	* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
-	libusb_release_interface.
-
-	scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
-	+ commit 498cd38019b8122824d69fd194675ab532501423
-	* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
-
-	scd: Change handling of SPR532 card reader.
-	+ commit 7db836c0e9223a4d5f30636e35e18156a97e6b91
-	* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
-	for SPR532 initialization.
-	(ccid_slot_status): Send ESCape command after GetSlotStatus.
-
-	scd: For SPR532, submit the ESCape command at initialization.
-	+ commit 11d8d1e0505645f7d14bcc1c01d17a566e033705
-	* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
-	command for VENDOR_SCM.
-	(ccid_transceive_secure): Don't submit the ESC command every time.
-
-	scd: Fix CCID internal driver for interrupt transfer.
-	+ commit dd7cc24d5f9274579f0966de3be7ae8b0c19bacd
-	* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
-
-	scd: Better handling of timeout and time extension.
-	+ commit 186d11896ca2751eac8a7f54845ec71cc7f6fcc3
-	* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
-	(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
-	determined value.  Use value from variable wait_more for bulk_in.
-	Set wait_more by the value of time extension request.
-
-	scd: Fix internal CCID driver, so that -DTEST works.
-	+ commit 60af035c22b9fbdc10c8c0a69399c46908801c66
-	* scd/ccid-driver.c: Support a test program by ccid-driver.
-
-	scd: ccid-driver: Initial getting ATR more robustly.
-	+ commit 165312dca90a198ebc0be4ed6b0791297c90b085
-	* scd/ccid-driver.c (send_power_off): New.
-	(do_close_reader): Use send_power_off.
-	(ccid_get_atr): Add error recovery.
-
-	scd: Clean up the structure for future fix of PC/SC.
-	+ commit 1efc01ff987dde4adf6777d4df44b5a00f6f0d8d
-	* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
-	(open_ccid_reader): Follow the change.
-	(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
-	(apdu_open_reader): Likewise.
-	* scd/ccid-driver.c (ccid_dev_scan): Use void *.
-	(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
-	* scd/ccid-driver.h: Change the APIs.
+	Replace most calls to open by a new wrapper.
+	+ commit 4dcef0e17836e8725c31a3b76f2bf7144345c808
+	* common/sysutils.c (any8bitchar) [W32]: New.
+	(gnupg_open): New.  Replace most calls to open by this.
+	* common/iobuf.c (any8bitchar) [W32]: New.
+	(direct_open) [W32]: Use CreateFileW if needed.
+
+	w32: Allow Unicode filenames for dotlock.
+	+ commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7
+	* common/dotlock.c (any8bitchar) [W32]: New.
+	(dotlock_create_w32): Use strconcat and CreateFileW.
 
-2020-10-06  Werner Koch  <wk@gnupg.org>
+	* common/t-dotlock.c: Source include dotlock.c and modify to allow
+	manual testing on Windows.
 
-	scd: Map some error codes from libusb to ccid-driver error codes.
-	+ commit 5b985b026418213a4c75291cb041ca8aa798cec3
-	* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
-	* scd/apdu.h: New SW_HOST error codes.
-	* scd/apdu.c (host_sw_string): Print them
-	* scd/ccid-driver.c (map_libusb_error): New.
-	(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
-	* scd/iso7816.c (map_sw): Map new codes to gpg-error.
+	Replace all calls to access by gnupg_access.
+	+ commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5
+	* common/sysutils.c (gnupg_access): New.  Replace all calls to access
+	by this wrapper.
+	* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
+	directory name.
+	(standard_homedir): Adjust for change.
+	(w32_commondir, gnupg_cachedir): Ditto.
 
-2020-10-06  NIIBE Yutaka  <gniibe@fsij.org>
+2020-10-09  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: internal driver: Submit SET_INTERFACE control transfer.
-	+ commit cccdca61a841228475da573aab8b57c659a9631a
-	* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
-	control transfer.
+	gpg,ecc: Fix SOS handling when receiving from agent.
+	+ commit 228836f79f64559c9582ac2d475e50af57684bf8
+	* g10/export.c (transfer_format_to_openpgp): It's not simple opaque
+	MPI, but SOS.
 
-	scd: Internal CCID driver: Clean up backport from master.
-	+ commit 7b531fe5801b0ad47414c4a6ed961665ba5a2541
-	    * scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
-	    that this is anyway an impossible case.
+	agent: Fix SEGV when debuging for cache enabled.
+	+ commit 33cb1655f1b7c597d1ebdcb38447648477e6ac9f
+	* agent/cache.c (agent_get_cache): Avoid dereferencing NULL.
 
 2020-10-05  Werner Koch  <wk@gnupg.org>
 
+	gpgsm: Fix detection of too old keyboxd.
+	+ commit 4eb9ce847825e8c6a07ce27d303c56233e85d007
+	* sm/keydb.c (warn_version_mismatch): Add arg ctrl and pass on.
+	(create_new_context): Pass ctrl to warn function.
+
 	dirmngr: Minor cleanup for better readability.
-	+ commit ffbef54d36d4c2c150b63a57c79872d2e1f2a68e
+	+ commit b258f8de7e9fc436d72c4d4ff8f98e9b86d2f3f5
 	* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
 	start_cacert_fetch_ldap and remove arg attr.  Instead use
 	"cACertificate" directly.
 	* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
 	(start_cert_fetch_ldap): Rename arg for clarity.
 
+	dirmngr: Add warning on the use of --add-servers.
+	+ commit 210575d8826ea61e4914e4b61eff7b875c972b85
+	* tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to
+	expert mode.
+
+	gpg: Switch to ed25519+cv25519 as default algo.
+	+ commit ff31dde456f32950f0df6c974b4c41f1d650d68f
+	* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
+	default ago.
+	(ask_algo): Change default and also the way we indicate the default
+	algo in the list of algos.
+	(ask_curve): Indicate the default curve.
+
+	keyboxd: Fix duplicates when listing keys by uid.
+	+ commit 194034f813a09a0021e6aa82d64ea0693b37c8d0
+	* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add fields
+	lastubid_valid and lastubid.
+	(run_sql_prepare): Add optional extra2 arg and chage callers.
+	(run_select_statement): Add an ORDER BY clause to most SELECTs.
+	(be_sqlite_search): Skip duplicated keyblocks in a search.
+
 2020-10-04  Werner Koch  <wk@gnupg.org>
 
 	build: Fix SENDMAIL define for a PATH with spaces.
-	+ commit 77e416741abb0a871733bd46cbc81329859de96e
+	+ commit 6c36b8bb23bb033aaae5f1dff3b38d8e0e44717c
 	* configure.ac: Fix use of $PATH
 
-2020-10-02  Werner Koch  <wk@gnupg.org>
+	(cherry picked from commit 77e416741abb0a871733bd46cbc81329859de96e)
 
-	gpgconf,w32: Add manifest so we get the correct windows version.
-	+ commit 239e60a37f63d3880d1107b6981a964f437761ae
-	* common/w32info-rc.h.in: Update copyright info.
-	* tools/gpg-connect-agent-w32info.rc: Tweak file info.
-	* tools/gpgconf-w32info.rc: New.
-	* tools/gpgconf.w32-manifest.in: New.
-	* configure.ac: Add new .in file.
-	* tools/Makefile.am (EXTRA_DIST): Add them.
-	(gpg_connect_agent_robjs, gpgconf_robjs): New.
-	(gpgconf_LDADD): Add resource file.
-	(gpg_connect_agent_LDADD): Change name of resource macro.
+2020-10-02  Werner Koch  <wk@gnupg.org>
 
 	gpgconf: New option --show-versions.
-	+ commit a298ba02ee76a9291ef5cec1a3564d8e254b9ca7
+	+ commit 357ad9ae29677c1676b56d2b81282e2f78ec8040
 	* tools/gpgconf.c: Include exechelp.h.  New option --show-versions.
 	(get_revision_from_blurb): New.
 	(show_version_gnupg): New.
@@ -3008,178 +1908,646 @@
 	(show_version_gpgrt): New.
 	(show_versions_via_dirmngr): New.
 	(show_versions): New.
+	* tools/gpgconf-comp.c (GPGNAME): Remove unused macro.
 	* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
 	(get_revision_from_blurb): New.
 	(gpgconf_versions): New.
 
+	w32: Silence warning due to recent change of split_fields.
+	+ commit 371228a244232f2b74181e0aa3c44d698df840ce
+	* common/compliance.c (gnupg_rng_is_compliant): Make fields const.
+
+	gpg: Fix parameter parsing form ed448.
+	+ commit e824e27d36021a868c855244d22c7d40a88a396e
+	* g10/keygen.c (parse_key_parameter_part): Set algo also for 448.
+
 2020-10-01  Andre Heinecke  <aheinecke@gnupg.org>
 
 	doc: Remove enable-extended-key-format in vsnfd.
-	+ commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c
+	+ commit d84862cf109c75ae30ed5e2531b4554083c6a558
 	* doc/examples/vsnfd.prf: Remove enable-extended-key-format
 
+2020-09-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Internal CCID driver: More fix for SPR532.
+	+ commit 920f258eb6018ecec1d63bad6a0fb0772f72affa
+	* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
+
+	scd: Report any error for LEARN command.
+	+ commit 862d9c6face9b4ad61f6e59bf1ba9b5f5d05c58c
+	* scd/app-openpgp.c (do_learn_status): Report any error.
+
+2020-09-29  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Internal CCID driver fix.
+	+ commit 1444203ca32ccfa4bd5097d2d49565c4055c620b
+	* scd/ccid-driver.c (intr_cb): More useful debug output.
+	(ccid_slot_status): Remove redundant condition.
+
+	scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
+	+ commit 6af978713e4c69d7814f47e709f1dfb3fe9076d1
+	* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
+	(ccid_vendor_specific_init): Don't call libusb_clear_halt.
+
+2020-09-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Internal CCID driver: Fix a failure path.
+	+ commit d561c936a217627bc29aac628a8d01f7003dcd28
+	* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
+	libusb_release_interface.
+
+	scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
+	+ commit b1e8072320c19246962beb6d67dc5784b5a72364
+	* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
+
+	scd: Internal CCID: Clear the handle after use.
+	+ commit c5e8ef3ab980012b64f5894f437e2ff568b02f43
+	* scd/apdu.c (close_ccid_reader): Clear the handle.
+	(open_ccid_reader): Likewise.
+
+	scd: Change handling of SPR532 card reader.
+	+ commit 684a52dffa8b7f79b26fe53b3ab10d7748a8fb37
+	* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
+	for SPR532 initialization.
+	(ccid_slot_status): Send ESCape command after GetSlotStatus.
+
+2020-09-25  Werner Koch  <wk@gnupg.org>
+
+	keyboxd: Make use of the config table.
+	+ commit f8fbd9e7346ee0c3b09271ec2cdb589282eae1c9
+	* kbx/backend-sqlite.c (DATABASE_VERSION): New.
+	(table_definitions): Make column name of table config unique.
+	(create_or_open_database): Read and set the database version.
+	(get_config_value, set_config_value): New.
+
+2020-09-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: For PC/SC, send the ESC command at init for SPR532 reader.
+	+ commit 93e3c97889120dd17d79b7c8dd04293553785c9b
+	* scd/apdu.c (struct reader_table_s): Remove is_spr532.
+	(pcsc_vendor_specific_init): Send the ESC command for SPR532.
+	(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.
+
+	scd: For SPR532, submit the ESCape command at initialization.
+	+ commit 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
+	* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
+	command for VENDOR_SCM.
+	(ccid_transceive_secure): Don't submit the ESC command every time.
+
+2020-09-24  Werner Koch  <wk@gnupg.org>
+
+	gpg: New experimental import option "bulk-import"
+	+ commit d49a945b12d98fadd0d37f4e50b5e02799e16305
+	* g10/options.h (IMPORT_BULK): New.
+	* g10/import.c (parse_import_options): Add "bulk-import".
+	* g10/call-keyboxd.c (in_transaction): New var.
+	(gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
+	mode.
+	(create_new_context): Run a begin transaction if in bulk import mode.
+
+	keyboxd: New command TRANSACTION.
+	+ commit c2b14f5d6852fb9efaca8aeec7961e9d036203e8
+	* kbx/backend-sqlite.c (be_sqlite_rollback): New.
+	(be_sqlite_commit): New.
+	(be_sqlite_search): Take care of global transactions.
+	(be_sqlite_store): Ditto.
+	(be_sqlite_delete): Ditto.
+	* kbx/frontend.c (kbxd_rollback, kbxd_commit): New.
+	* kbx/keyboxd.h (opt): Add vars for transactions.
+	* kbx/kbxserver.c (struct server_local_s): Add fields next_session and
+	client_pid.
+	(session_list): New var.
+	(cmd_transaction): New.
+	(register_commands): Register command.
+	(kbxd_start_command_handler): Store pids and track sessions.  Do a
+	final rollback.
+
+	tests: Integrate --use-keyboxd into the OpenPGP test suite.
+	+ commit b19a60c6f7e892635db9e22499a7a44087c86c41
+	* tests/openpgp/all-tests.scm (all-tests): Replace extended-key-format
+	mode with a new keyboxd mode.
+	* tests/openpgp/defs.scm (create-gpghome): Ditto.
+	* tests/openpgp/gpgv.scm: Adjust for keyboxd mode.
+	* tests/openpgp/issue2419.scm: Fix to allow setting a log-file into
+	gpg.conf for debugging.
+
+	keyboxd: Implement multiple search descriptions.
+	+ commit 25ad3c22d79d06c16a5fc652b0a6e3ffd99ad2b6
+	* kbx/kbx-client-util.c (kbx_client_data_simple): New.
+	* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
+	(be_sqlite_search): Use that.
+	* g10/call-keyboxd.c (keydb_search): Implement multi mode.
+
+	keyboxd: Fix UDPATE keyblob SQL statement.
+	+ commit 1f89d50537b3b16165e921df60734ce6203650cb
+	* kbx/backend-sqlite.c: Always use ?NNN for SQL parameters.
+
+	tests: Fix convenience function to run gpg.
+	+ commit 97798eec4b77470b3aecdbee9729fa76b8550dfe
+	* tests/openpgp/defs.scm (pipe:gpg): Remove stray dash.
+
+	keyboxd: Remove unused variables.
+	+ commit 0ac003b4576392ca3e930304a98bbf8183ab5f8b
+	* kbx/kbx-client-util.c (datastream_thread): No need to set PK_NO and
+	UID_NO.
+
+	keyboxd: Integrate into gpgconf.
+	+ commit acaeba2dbdb9bbd68a823c671d5c3577fef5d26d
+	* common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
+	* common/homedir.c (keyboxd_socket_name): New.
+	(gnupg_module_name): Put keyboxd into libexecdir.
+	* tools/gpgconf-comp.c (known_options_keyboxd): New.
+	(gc_component): Add entry for keyboxd.
+	(keyboxd_runtime_change): New.
+	(gc_component_launch): Support keyboxd.
+	* tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
+	(main): Also remove keyboxd socket.
+
+2020-09-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix CCID internal driver for interrupt transfer.
+	+ commit 7cbb513a2dc150a90a30c53316970df2a439d494
+	* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
+
 2020-09-22  Werner Koch  <wk@gnupg.org>
 
+	gpg: Set the found-by flags in the keyblock in keyboxd mode.
+	+ commit 183509756179fadd95d1cc740047b94dc16bb279
+	* g10/keydb-private.h (struct keydb_handle_s): Add fields to return
+	the ordinals of the last found blob.
+	* g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
+	parser.
+
+	sm: Fix returning of the ephemeral flag in keyboxd mode.
+	+ commit b810320b1bf76209dc1087cb91ca34232d9268c3
+	* sm/keydb.c (search_status_cb): Skip over the ubid.
+
+	common: Fix name of keyboxd.
+	+ commit c81a7b09368a474de4e3572fbb527d1597408ab1
+	* common/homedir.c (gnupg_module_name): Fix name.
+
+	keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.
+	+ commit 0e892bda4e0bf9db9116d7d5585d4e7b0d2eae57
+	* kbx/backend-sqlite.c (table_definitions): Add column UINO to
+	userids.
+	(be_sqlite_local_s): Add fields select_col_uidno and
+	select_col_subkey.
+	(run_select_statement): Also select subkey or uidno column.
+	(be_sqlite_search): Return their values.
+	(store_into_userid): Store the UIDNO.
+	* kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO.
+
 	kbx: Add bounds check to detect corrupt keyboxes.
-	+ commit be8b30f8ebf637a7e476ff8902349a56924bf20f
-	* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.  Add support
-	for 32 byte fingerprints.
+	+ commit e0a312bfd646485ae8a0ae5e26720fc1667c5490
+	* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.
+
+2020-09-21  Werner Koch  <wk@gnupg.org>
+
+	scd: Extend KEYPAIRINFO with an algorithm string.
+	+ commit 26da47ae53d51e16ae6867cd419ddbf124a94933
+	* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
+	of a KEYPAIRINFO.
+	* scd/command.c (do_readkey): Ditto.
+	* scd/app-piv.c (do_readkey): Ditto.
+	* scd/app-nks.c (do_learn_status_core): Ditto.
+	(struct fid_cache_s): Add field algostr.
+	(flush_fid_cache): Release it.
+	(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
+	single exit label.
+	* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
+	r_algostr.  Change all callers.
+
+	sm: Implement delete key in keyboxd mode.
+	+ commit c772770574ea2d337f8745ff304b1b8acd8a2e4c
+	* sm/keydb.c (keydb_delete): Implement keyboxd mode.
+	(keydb_update_cert): Disable unused function.
+	* kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer.
+
+2020-09-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix regression for access through the extra secket.
+	+ commit 8a84a71f3a58a3e943f238b70743cd6408477eba
+	* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
+	(cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
+	KEYINFO --list=encr sub commands.
+
+	common,agent,dirmngr,g10,tools: Fix split_fields API.
+	+ commit dfdcf14738976c6b236f4fa1c3b68af351024b3c
+	* common/stringhelp.h (split_fields): Use const * for the strings in
+	the ARRAY.
+	(split_fields_colon): Likewise.
+	* common/stringhelp.c (split_fields, split_fields_colon): Fix
+	the implementation.
+	* agent/call-scd.c, agent/command.c: Follow the change.
+	* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
+	* g10/call-agent.c, tools/card-call-scd.c: Likewise.
+	* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
+	* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
+	* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
+	* tools/wks-util.c: Likewise.
 
 2020-09-16  NIIBE Yutaka  <gniibe@fsij.org>
 
+	scd: Clear PIN cache when changing key attributes.
+	+ commit 8ff36630277f05fbe4e43c7d757eb90da8645e3f
+	* scd/app-openpgp.c (change_keyattr): Clear all PINs.
+
+	scd: Clear caching PIN at KDF setup.
+	+ commit f4c07fc3d3c32e96d4306f6daa60b6de7fba7dc5
+	* scd/app-openpgp.c (do_setattr): Clear PINs.
+
+	scd: Add better support for KDF feature.
+	+ commit 316a8cbc7523560d999e46eb524165db11682210
+	* scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.
+
+	gpg,scd: Fix handling of KDF feature.
+	+ commit 8dfd0ebfd8cf2b6bcecbd91c8f7fad6db583aa5a
+	* g10/card-util.c (kdf_setup): Fix the default value.
+	* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
+	Zeitcontrol.  Make sure Gnuk and Yubikey work well.
+
+2020-09-15  NIIBE Yutaka  <gniibe@fsij.org>
+
 	scd: Fix the use case of verify_chv2 by CHECKPIN.
-	+ commit 61aea64b3c1717a7e304c82cda92e08ce5a6c533
+	+ commit 6e51f2044aebb885ea81dae259db1b7f477b1c44
 	* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
 	when needed.
 
+2020-09-11  Werner Koch  <wk@gnupg.org>
+
+	scd:piv: Avoid conflict when writing a cert.
+	+ commit fbc1b199fdc8fd9a4ab422f005b4eb521b594c5c
+	* scd/app-piv.c (map_curve_name_to_oid): New.
+	(my_cmp_public_key): New.
+	(do_writecert): Replace simple memcmp by cmp_canon_sexp.
+
+	common: New function cmp_canon_sexp.
+	+ commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e
+	* common/sexputil.c (cmp_canon_sexp): New.
+	(cmp_canon_sexp_def_tcmp): New.
+	* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
+
+	keyboxd: Implement lookup by short and long keyid.
+	+ commit 9a94db1f662a1c5973b57b25e25aeab1bc33250e
+	* kbx/backend-sqlite.c: Change definition of column KID.
+	(kid_from_mem): Remove.
+	(kid_from_u32): Rewrite.
+	(run_sql_bind_int64): Remove.
+	(run_select_statement): Implement lookup by short keyid.  Fix lookup
+	by long keyid.
+	(store_into_fingerprint): Adjust kid arg.
+
+	keyboxd: Add ephemeral and revoked flag to the sqlite backend.
+	+ commit 616c60d93dfab27dde00e1489c6c51340ec93b6c
+	* kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and
+	is_revoked.  Adjust callers.
+	* kbx/backend-sqlite.c: Alter table pubkey to add new columns.
+	(run_select_statement): Add new column to all selects.
+	(be_sqlite_search): Return the new flags.
+
+2020-09-10  Andre Heinecke  <aheinecke@gnupg.org>
+
+	doc: Update and extend module overview.
+	+ commit d62797ebcc15ffac52664fe08759d18a92491ddc
+	* doc/gnupg-module-overview.svg: Add examples of GPGME aware
+	applications
+
 2020-09-10  Werner Koch  <wk@gnupg.org>
 
+	sm: Implement initial support for keyboxd.
+	+ commit ed6ebb696e4063dc664d7ee74fc492025881c459
+	* sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
+	* sm/keydb.c (struct keydb_local_s): Change definition of
+	search_result.
+	(keydb_get_cert): Implement keyboxd mode.
+	(keydb_get_flags): Temporary hack for keyboxd mode.  Needs to be
+	fixed.
+	(struct store_parm_s, store_inq_cb): New.
+	(keydb_insert_cert): Implement keyboxd mode.
+	(keydb_locate_writable): Make static.
+	(keydb_search_reset): Implement keyboxd mode.
+	(search_status_cb): New.
+	(keydb_search): Implement keyboxd mode. Replace return code -1 by
+	GPG_ERR_NOT_FOUND.
+	(keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
+	* sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
+	GPG_ERR_NOT_FOUND.
+	(list_internal_keys): Ditto.
+	* sm/sign.c (add_certificate_list): Ditto.
+	* sm/certchain.c (find_up_search_by_keyid): Ditto.
+	(find_up_external, find_up, find_up_dirmngr): Ditto.
+	(gpgsm_walk_cert_chain): Ditto.
+	(get_regtp_ca_info): Ditto.
+	* sm/certlist.c (gpgsm_add_to_certlist): Ditto.
+	(gpgsm_find_cert): Ditto.
+	* sm/delete.c (delete_one): Ditto.
+	* sm/export.c (gpgsm_export): Ditto.
+	(gpgsm_p12_export): Ditto.
+	* sm/import.c (gpgsm_import_files): Ditto.
+
+	keyboxd: Add basic support for X.509.
+	+ commit c9677d416e6ff190c589af35b514a01a787085fb
+	* kbx/keybox-blob.c (x509_email_kludge): Rename to ...
+	(_keybox_x509_email_kludge): this and make global.
+	* kbx/backend.h: Include ksba.h.
+	* kbx/backend-support.c (be_get_x509_serial): New.
+	(be_get_x509_keygrip): New.
+	* kbx/backend-sqlite.c (table_definitions): New table 'issuers'.
+	(run_select_statement): Implements modes ISSUER, ISSUER_SN, SUBJECT.
+	(store_into_userid): Add arg override_mbox.
+	(store_into_issuer): New.
+	(be_sqlite_store): Implement x509 part.
+
+	keyboxd: Use D-lines instead of a separate thread.
+	+ commit 6fcc263c182fc49d9ba2d1bd7649b4af1e9f3e3a
+	* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
+	* g10/call-keyboxd.c (open_context): Set DLINES to true.
+	* sm/keydb.c (open_context): Ditto.
+
+	keyboxd: Add options --openpgp and --x509 to SEARCH.
+	+ commit 29977e21d18188e16e50fee95a95e05fdbd97caf
+	* kbx/keyboxd.h (struct server_control_s): Replace the two request
+	objects by just one.  Add filter flags.
+	* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
+	(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
+	* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
+	request object.
+	(kbxd_search, kbxd_store, kbxd_delete): Ditto.
+	* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
+	(run_sql_prepare): Add optional arg 'extra'.  Change callers.
+	(run_sql_bind_ntext): New.
+	(run_sql_bind_text): Just call run_sql_bind_ntext.
+	(run_select_statement): Add ctrl arg.  Implement the filter flags.
+
+	* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
+
 	gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
-	+ commit a084924d07be16dbbbf4b34d463c67c8d4c117be
+	+ commit 3cf9bb4d73cfe78d3d48734e7c8a65d9a98112a5
 	* dirmngr/server.c (cmd_killdirmngr): Return 0.
 	* tools/gpg-connect-agent.c (main): Catch signals.
 
 	dirmngr: Fix the pool keyserver case for a single host in the pool.
-	+ commit 72e04b03b1a7aee5521156c6d549ca10a81ac529
+	+ commit 5a87011c46b5b01659c3cbc3c7a04da94ae5ca9e
 	* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
 	localhost and if there is no pool.
 
 	dirmngr: Align the gnutls use of CAs with the ntbtls code.
-	+ commit e4f3b74c91063d83395ba0bc37f67cb22d47ca8f
+	+ commit faabc49797df43c4904b6230f83e8c6677e88b22
 	* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
 	pool certificate for the default keyserver.
 
+2020-09-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Flush KDF DO (0x00F9) when it's being set.
+	+ commit d4cb774ddd8830836c9c87a90db01f749ac8d67c
+	* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.
+
+2020-09-09  Werner Koch  <wk@gnupg.org>
+
 	agent: Keep some permissions of private-keys-v1.d.
-	+ commit 7de9ed521e516879a72ec6ff6400aed4bdce5920
+	+ commit 8ed85ef3de9cdeee86e281a8b46be1bd49a36e7a
 	* common/sysutils.c (modestr_to_mode): Re-implement.
 	(gnupg_chmod): Support keeping of permissions.
 
+	kbx: Change X.509 S/N search definition.
+	+ commit adec6a84f6ee176764391da358ae150f92b1f1e4
+	* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
+	SNLLEN with a hex flag.  Add SNHEX.
+	* kbx/keybox-search.c (keybox_search): Adjust.
+	* common/userids.c (classify_user_id): Adjust.
+	* sm/keydb.c (keydb_search_desc_dump): Adjust.
+	* g10/keydb.c (keydb_search_desc_dump): Adjust.
+
+2020-09-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg,tools: Add handling of supported algorithms by a card.
+	+ commit 2bc1ec294422504e2d2e5d20716aba68f1c2b0d7
+	* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
+	* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
+	(agent_release_card_info): Release supported_keyalgo.
+	* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
+	* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
+	(release_card_info): Release supported_keyalgo.
+
+	scd: Add a workaround for Yubikey.
+	+ commit 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272
+	* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
+
+2020-09-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix handling 0x00FA to support OpenPGP card 3.4.
+	+ commit 270c49b8c6eaf99df7b417f9d0e45eba0acfb423
+	* scd/app-openpgp.c (data_objects): It may be longer.
+
 2020-09-04  Werner Koch  <wk@gnupg.org>
 
 	gpg: Initialize a parameter to silence valgrind.
-	+ commit 6ce8fdc4b2a05bb2c1cf2aa9faa76f1c7a4fdb28
+	+ commit 65eb1569809a3c42e8afb064f6194fac2e34a03a
 	* g10/keygen.c (read_parameter_file): Initialize nline.
 	* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
 
+2020-09-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Support GET DATA response with no header for DO 0x00FA.
+	+ commit 43bbc25b0f57dec24412886ff46041e0b1f3de26
+	* scd/app-openpgp.c (do_getattr): Support Gnuk, as well.
+
+	scd: Parse "Algorithm Information" data object in scdaemon.
+	+ commit eba2563dabbb4f61537900289fbe3ae113904733
+	* scd/app-openpgp.c (data_objects): 0x00FA for binary data.
+	(do_getattr): Parse the data and send it in status lines.
+	(get_algorithm_attribute_string): New.
+
 2020-09-03  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.23.
-	+ commit e234d04c3c91cd4e84cb5790a131bf6a8b6733c4
+	sm: New options to prepare the use of keyboxd.
+	+ commit 046f419f806036248c058c4bd44368f8596287b7
+	* sm/Makefile.am (AM_CFLAGS): Add npth flags.
+	(common_libs): Use npth version of the lib.
+	(gpgsm_LDADD): Add npth libs.
+	* sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
+	(opts): New options --use-keyboxd and --keyboxd-program.
+	(main): Set them.
+	(gpgsm_deinit_default_ctrl): New.
+	(main): Call it.
+	* sm/server.c (gpgsm_server): Ditto.
+	* sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
+	(keydb_local_s): New type.
+	(struct server_control_s): Add field keybd_local.
+	* sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
+	(struct keydb_local_s): New.
+	(struct keydb_handle): Add fields for keyboxd use.
+	(gpgsm_keydb_deinit_session_data): New.
+	(warn_version_mismatch): New.
+	(create_new_context): New.
+	(open_context): New.
+	(keydb_new): Implement keyboxd mode.
+	(keydb_release): Ditto.
+	(keydb_get_resource_name): Ditto.
+
+	* sm/keydb.c: Add stub support for all other functions.
+
+	sm: Add arg ctrl to keydb_new.
+	+ commit a7d006293ec84532cc1972cd2f990198eadf1a1a
+	* sm/keydb.c (keydb_new): Add arg and change all callers.
 
+2020-09-03  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpg: Fix AEAD preference list overflow.
-	+ commit aeb8272ca8aad403a4baac33b8d5673719cfd8f0
-	* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
+	scd: Add handling of "Algorithm Information" DO.
+	+ commit 90d0072165cc5c6888f14462392a211de0c4b232
+	* cd/app-openpgp.c (data_objects): Add 0x00FA.
+	(do_getattr): Add KEY-ATTR-INFO.
 
 2020-09-02  Werner Koch  <wk@gnupg.org>
 
 	gpg: Fix segv importing certain keys.
-	+ commit 896c528ba0555443cca81b3f091f761e70c698cd
+	+ commit 8ec9573e57866dda5efb4677d4454161517484bc
 	* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
 
-2020-09-01  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Fix a regression for OpenPGP card.
-	+ commit 0a9665187a7cbf68933b7162fb5f974177684a50
-	* scd/app-openpgp.c (verify_chv2): Make sure loading keys.
+	keyboxd: Restructure client access code.
+	+ commit 497db0b5bcd688c4e2144ba167bd2ac485069d1b
+	* kbx/kbx-client-util.c: New.
+	* kbx/kbx-client-util.h: New.
+	* kbx/Makefile.am (client_sources): New.
+	* g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
+	and make global.
+	* g10/call-keyboxd.c: Include kbx-client-util.h.
+	(struct keyboxd_local_s): Remove struct datastream.  Add field kcd.
+	Remove per_session_init_done.
+	(lock_datastream, unlock_datastream): Remove.
+	(prepare_data_pipe, datastream_thread): Remove.
+	(keydb_get_keyblock_do_parse): Remove.
+	(gpg_keyboxd_deinit_session_data): Release the KCD object.
+	(open_context): Use of kbx_client_data_new.
+	(keydb_get_keyblock): Simplify.
+	(keydb_search): Use kbx_client_data_cmd and _wait.
+
+	keyboxd: Fix user id based queries.
+	+ commit 4d839f5a8083e1ddd4767c838f56a4079f846c6d
+	* kbx/backend-sqlite.c (run_select_statement): Add the missing join
+	for user id bases queries.
+
+	common: New helper function gnupg_close_pipe.
+	+ commit 2042f5a4641f4e43137b7683077b4d733d216417
+	* common/exechelp-posix.c (gnupg_close_pipe): New.
+	* common/exechelp-w32.c (gnupg_close_pipe): New.
+
+2020-09-01  Werner Koch  <wk@gnupg.org>
+
+	Use only one copy of the warn_server_mismatch function.
+	+ commit 2cd8bae23d7382588cf096df3eed83e02331a2bf
+	* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
+	slightly modified version of warn_version_mismatch found in other
+	modules.
+	* common/status.c (gnupg_status_strings): New.
+	* g10/cpr.c (write_status_strings2): New.
+	* g10/call-agent.c (warn_version_mismatch): Use the new unified
+	warn_server_version_mismatch function.
+	* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
+	* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
+	* sm/call-agent.c (warn_version_mismatch): Ditto.
+	* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
+	* tools/card-call-scd.c (warn_version_mismatch): Ditto.
 
 2020-08-28  Werner Koch  <wk@gnupg.org>
 
 	sm: Fix a bug in the rfc2253 parser.
-	+ commit d2fe2ffd753706d07b26fbe22b17a561a2e535fc
+	+ commit 16c1d8a14e98894408f30349cab68ff17ef6b35e
 	* sm/certdump.c (parse_dn_part): Fix parser flaw.
 
+2020-08-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Fix fallback handling to utf-8.
+	+ commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba
+	* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
+
 2020-08-27  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.22.
-	+ commit f9c120a29986e82d1179b38167ef2696dd0cc10a
+	scd: New option to APDU command to return the ATR as data.
+	+ commit a0a4744bd0640e587b33ec3dae819ec4054f0472
+	* scd/command.c (cmd_apdu): Add new option --data-atr.
+	* tools/gpg-card.c (cmd_apdu): Use that here.  Also fix the --exlen
+	option and do not print the statusword in atr mode.
+	* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
+	status word.
 
+	scd: Fix reading of the ATR for card type detection.
+	+ commit 95b5a852e269e602ade6a07ed468e9072c247b8c
+	* scd/app.c (app_new_register): Do not use apdu_get_slot.
 
 	dirmngr: Print the last alert message returned by NTBTLS.
-	+ commit 45499b2ca3e8f3466e725dbc381757c89a7c39bf
+	+ commit 05358d73841149f64dc5d620f4b8855255e7f4da
 	* dirmngr/http.c (send_request): Print the last TLS alert.
 
 2020-08-27  NIIBE Yutaka  <gniibe@fsij.org>
 
+	scd: Add heuristics to identify cardtype.
+	+ commit 9f148360a2bf04672b43ef7cec48e21d44b06ae1
+	* scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
+	CARDTYPE_ZEITCONTROL.
+	* scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
+	CARDTYPE_ZEITCONTROL.
+	(app_new_register): Detect Gnuk and Zeit Control implementation
+	by examining its ATR string.
+
 	scd: Add condition for VERIFY with 0x82.
-	+ commit d2f1a0a791db3eb03c003365cbcd010bd8066edb
+	+ commit af189be481df02a77e088aa0a60a1fc02dfa12bf
 	* scd/app-openpgp.c (verify_chv2): Check availability of keys in
 	question.
 
 2020-08-26  Werner Koch  <wk@gnupg.org>
 
 	build: Silence gcc warning -Wformat-zero-length.
-	+ commit 0be5decc097286e3502b6a12e019d40b8caf27b4
+	+ commit 90a87d96eaf5b97cd53cb0ee0495b646be7b84bb
 	* configure.ac: Avoid useless gcc warning.  We use an empty string
 	quite often, for example in log_printhex.
 
-2020-08-26  NIIBE Yutaka  <gniibe@fsij.org>
-
-	agent: Allow TERM="".
-	+ commit 4c8d5eb0bdd380c412c5f5fbc2b92fe6bcea825d
-	* agent/call-pinentry.c (start_pinentry): When TERM is none,
-	don't send OPTION ttytype to pinentry.
-
-2020-08-25  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit 00ac538e928076e1879366cdce0e57be41f6c8fb
-
-
 2020-08-25  Werner Koch  <wk@gnupg.org>
 
-	gpg: Set default keysize to rsa3072.
-	+ commit 60f08969e13b2bb7f194eff80c3a275d444dc6b7
-	* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
-	(gen_rsa): Set fallback to 3072.
-	(get_keysize_range): Set default to 3072.
-	* doc/examples/vsnfd.prf: No more need for default-new-key-algo.
+	gpg: Remove left over debug output from recent change.
+	+ commit fc1a1857551c05135d54e2e620e609fda59d5bca
+	* g10/import.c (collapse_subkeys): Remove debug out.
+
+	examples: Simplify vsnfd.prf.
+	+ commit 40acc5ef3ef73494e67d88ea310503e5bf08bc36
+	* doc/examples/vsnfd.prf: Remove default-new-key-algo option.
 
 	sm: Do not require a default keyring for --gpgconf-list.
-	+ commit 0847133e4cafa214c8129c245194d97c1e192cd5
+	+ commit e7677da479c4fb5abd0339de807b27c0f487d2e0
 	* sm/gpgsm.c (main): No default keyring for gpgconf mode.
 
+	gpgconf: Silence warnings from parsing the options files.
+	+ commit ad1254b59d41e127879fc9f495d392316135b4a5
+	* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
+	flag for the arg parser only in --verbose mode.
+
 	agent: Allow using --gogconf-list even if HOME does not exist.
-	+ commit adea5ba7e75261705ba6e9c2456207e9455677f3
+	+ commit b17846e4fd02f65b24ada306855fb110c56c5e73
 	* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
 
-2020-08-23  Werner Koch  <wk@gnupg.org>
-
-	gpg,gpgsm: Record the creation time of a private key.
-	+ commit 5ac0cf1b8198dcaac7e7abaf05c28dd413f38cad
-	* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
-	(gpgsm_agent_import_key): Ditto.
-	* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
-	(agent_import_key): Ditto.
-	* g10/import.c (transfer_secret_keys): Pass the creation date to the
-	agent.
-	* g10/keygen.c (common_gen): Ditto.
-
-	agent: Allow to pass a timestamp to genkey and import.
-	+ commit 051830d7b4862b6eca6c18c9fd53b51fa1158c34
-	* agent/command.c (cmd_genkey): Add option --timestamp.
-	(cmd_import_key): Ditto.
-	* agent/genkey.c (store_key): Add arg timestamp and change callers.
-	(agent_genkey): Ditto.
-	* agent/findkey.c (write_extended_private_key): Add args timestamp and
-	newkey to write a Created line.
-	(agent_write_private_key): Add arg timestamp.
-	(agent_write_shadow_key): Ditto.
-	* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
-
-2020-08-22  Werner Koch  <wk@gnupg.org>
-
-	agent: Default to extended key format.
-	+ commit 5b927b7b27bddc8ee70176414690d8ca8d879b54
-	* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
-	(opts): Make --enable-extended-key-format a dummy option.  Add
-	disable-extended-key-format.
-	(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
-	* agent/protect.c (agent_protect): Be safe and set use_ocb either to
-	to 1 or 0.
+	gpgconf,w32: New debug command --show-codepages.
+	+ commit 32021dfa5bcaa056c18e4ec40fdcd0f8b7de382b
+	* tools/gpgconf.c (aShowCodepages): New.
+	(opts): New command --show-codepages.
+	(main) [W32]: Implement
+
+	gpg: Collapse duplicate subkeys.
+	+ commit 633c1fea5f0dc4cb270c22ee41c24e1ec0706204
+	* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
+	(IMPORT_COLLAPSE_SUBKEYS): New.
+	* g10/gpg.c (main): Make them the default.
+	* g10/import.c (parse_import_options): New import options
+	"no-collapse-uids" and "no-collapse_subkeys".
+	(collapse_subkeys): New.
+	(import_one_real): Collapse subkeys and allow disabling the collapsing
+	using the new options.
+	(read_key_from_file_or_buffer): Always collapse subkeys.
+	* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
+
+2020-08-21  Werner Koch  <wk@gnupg.org>
 
 	gpgtar,w32: Handle Unicode file names.
-	+ commit 843890663b6c68b4361ccfbeb11a50b02d5cc13f
+	+ commit 34e7703a962809921e83770f20f3eb66599265d1
 	* tools/gpgtar.c (oUtf8Strings): New.
 	(opts): Add option --utf8-strings.
 	(parse_arguments): Set option.
@@ -3190,19 +2558,19 @@
 	(scan_directory) [W32]: Convert file name to utf8.
 	(gpgtar_create): Convert pattern.
 
-	common: Use gpgrt functions for mkdir and chdir if available.
-	+ commit 364cef997c0ac5632152acfb7ab2330c4f289a9a
+	common: Use gpgrt functions for mkdir and chdir.
+	+ commit eec70e539e44c288068f26f190d52a5718fd3a10
 	* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
 	(gnupg_chdir): Divert to gpgrt_chdir
 
-	common,w32: Do not assume the ANSI codepage during string conversion.
-	+ commit bef68efd8da92115142005d22e9336ff798dcf4b
+	common,w32: Do not assume the ANSI code during string conversion.
+	+ commit 5305ce17ff7a68ecc88c5ae8c4bec5897df6322f
 	* common/utf8conv.c (get_w32_codepage): New.
 	(wchar_to_native): Use instead oc CP_ACP.
 	(native_to_wchar): Ditto.
 
 	common: Strip trailing CR,LF from w32_strerror.
-	+ commit 73b0fdabdb108880034b7730d04614d8a7cf943a
+	+ commit 33fd55ca6f3efc50c260469179788e9f725ddc58
 	* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
 	* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
 	arg to w32_strerror.
@@ -3210,7 +2578,7 @@
 2020-08-20  Werner Koch  <wk@gnupg.org>
 
 	gpgtar: Make --files-from and --null work as described.
-	+ commit 1efe99f3d9e3c6d5733cf512b7e494284a445bfa
+	+ commit e276f63e4a80e8d1cb1ba5621cedaeb0ccda956d
 	* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
 	null_names.  Improve reading from a file.
 	* tools/gpgtar.c: Make global vars static.
@@ -3218,122 +2586,301 @@
 	Pass option variables to gpgtar_create.
 
 	build: New configure option --disable-tests.
-	+ commit 829bc3bc60da134841705f7d701b0870e1629b38
+	+ commit 32aac55875f324f8c3d85dad8483604eae65e3e8
 	* configure.ac: Add option --disable-tests.  Print warnings in the
 	summary.
 	(DISABLE_TESTS): New am_conditional.
 
 	gpg: Fix regression for non-default --passphrase-repeat option.
-	+ commit a4d73b1c8e2a312e78831843aa04364d7d3c8e6f
+	+ commit b8c4dd902df34faa4d23efb2bb4ac222c8bbdbdb
 	* agent/command.c (cmd_get_passphrase): Take care of --repeat with
 	--newsymkey.
 
+2020-08-19  Werner Koch  <wk@gnupg.org>
+
+	gpg,gpgsm: Record the creation time of a private key.
+	+ commit 4031c42bfd0135874a5b362df175de93a19f1b51
+	* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
+	(gpgsm_agent_import_key): Ditto.
+	* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
+	(agent_import_key): Ditto.
+	* g10/import.c (transfer_secret_keys): Pass the creation date to the
+	agent.
+	* g10/keygen.c (common_gen): Ditto.
+
+2020-08-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Fix condition of string_to_aead_algo.
+	+ commit 1d66b518ca83e8d315283682b1e504f1e171a0b1
+	* g10/misc.c (string_to_aead_algo): Only compare if not NULL.
+
+	dns: Fix memory use-after-free.
+	+ commit cc0d53905ce9306b51bace2682ae3d1d122c7881
+	* dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.
+
+	common: Fix iobuf.c.
+	+ commit f58d441bee7e93e6344f833acc1412b3be2f6818
+	* common/iobuf.c (iobuf_cancel): Initialize DUMMY.
+	(do_iobuf_fdopen): Initialize LEN.
+	(iobuf_read_line): Fix the loop condition.
+
+	Silence compiler warnings.
+	+ commit f3e424d4e7273e60e69747ca4936149af7b6482a
+	* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
+	conversion.
+	* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
+	int to float.
+	* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
+
+	scd: Fix possible uninitialized variables.
+	+ commit 4fa0a65676a29cb53ee242caf13c393f7573c9a3
+	* scd/app-openpgp.c (do_change_pin): Initialize resultlen2.
+	(do_change_pin): Don't call wipe_and_free on the error path.
+	Initialize bufferlen2.
+
+2020-08-17  Werner Koch  <wk@gnupg.org>
+
+	agent: Allow to pass a timestamp to genkey and import.
+	+ commit 0da923a1240ac78d60c92cdd8488c4e405c3243b
+	* agent/command.c (cmd_genkey): Add option --timestamp.
+	(cmd_import_key): Ditto.
+	* agent/genkey.c (store_key): Add arg timestamp and change callers.
+	(agent_genkey): Ditto.
+	* agent/findkey.c (write_extended_private_key): Add args timestamp and
+	new key to write a Created line.
+	(agent_write_private_key): Add arg timestamp.
+	(agent_write_shadow_key): Ditto.
+	 agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
+
+2020-08-14  Werner Koch  <wk@gnupg.org>
+
+	Add --chuid to gpg, gpg-card, and gpg-connect-agent.
+	+ commit 6bcb609e1b2a507caa2e1a078178709d808b590b
+	* g10/gpg.c (oChUid): New.
+	(opts): Add --chuid.
+	(main): Implement --chuid.  Delay setting of homedir until the new
+	chuid is done.
+	* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
+	done.
+	* tools/gpg-card.c (oChUid): New.
+	(opts): Add --chuid.
+	(changeuser): New helper var.
+	(main): Implement --chuid.
+	* tools/gpg-connect-agent.c (oChUid): New.
+	(opts): Add --chuid.
+	(main): Implement --chuid.
+
 2020-08-13  Werner Koch  <wk@gnupg.org>
 
 	gpg: Ignore personal_digest_prefs for ECDSA keys.
-	+ commit f0f8b124f0d2332e1c0b496df5e5f9c4b3db6bc3
+	+ commit 53d84f98157070f24dc861f1a75980474d074ddb
 	* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
 
 2020-08-12  Werner Koch  <wk@gnupg.org>
 
+	scd: Log info about CCIDs with permission problems.
+	+ commit 2af884c64354182b1903d7a77df07e877f5ed7ba
+	* scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
+	(apdu_open_reader): Print a note on EPERM of the USB device.
+
+	scd: Map some error codes from libusb to ccid-driver error codes.
+	+ commit 9a8d7e41bba1926158a21ebdda542241493ef983
+	* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
+	* scd/apdu.h: New SW_HOST error codes.
+	* scd/apdu.c (host_sw_string): Print them
+	* scd/ccid-driver.c (map_libusb_error): New.
+	(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
+	* scd/iso7816.c (map_sw): Map new codes to gpg-error.
+
 	common: Pass the WAYLAND_DISPLAY envvar along.
-	+ commit 3cf920a1e353ceec7a3d854d5b509be417e4c801
+	+ commit 3944430ffeaa032719fd82f8eaa118b3f326b8ed
 	* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
 
+2020-08-10  Werner Koch  <wk@gnupg.org>
+
+	scd:piv: Allow signing using PSS.
+	+ commit cbf203801e021e0f4d4143ecc92296ae7d0f0dd7
+	* scd/app-piv.c (do_sign): Allow for PSS.
+
+	agent: Add option --pss to pksign to be used by smartcards.
+	+ commit bb096905b9ee1f5175efee1ab6c98045a26a2678
+	* agent/command.c (cmd_sethash): Add option --pss and allow for
+	--hash=null.
+	* agent/agent.h (struct server_control_s): Add digest.is_pss and
+	zero where needed.
+	* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
+	* scd/command.c (cmd_pksign): Add for --hash=none.
+
+2020-08-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Fix trustdb for v5key.
+	+ commit 373c975859a55f942276d6078f27ee33570bf2d5
+	* g10/keydb.h (fpr20_from_pk): New.
+	* g10/keyid.c (fpr20_from_pk): New.
+	* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
+	* g10/trustdb.c (keyid_from_fpr20): New.
+	(verify_own_keys): Use keyid_from_fpr20.
+	(tdb_update_ownertrust): Use fpr20_from_pk.
+	(update_min_ownertrust): Likewise.
+	(update_validity): Likewise.
+
+	gpg: Fix short key ID for v5key.
+	+ commit 20982bbd7539d2032f4d6249a2654c245445521d
+	* g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
+	* g10/keyring.c (keyring_search): Handle short key ID for v5key.
+
+2020-08-06  Werner Koch  <wk@gnupg.org>
+
+	gpgsm: New option --chuid.
+	+ commit 646a30fd394a739ef653556b1a7b2eeebda95951
+	* sm/gpgsm.c (oChUid, opts): New option --chuid.
+	(main): Implement option.
+
+	gpgconf: New option --chuid.
+	+ commit d10f45184c4482036c41f4818c84c0725a0c2c94
+	* tools/gpgconf.c (oChUid, opts): New option --chuid.
+	(main): Implement.
+
+	common: New helper function gnupg_chuid.
+	+ commit 8ff00ef0de871ca43076b00df4871c3165ced001
+	* common/sysutils.c (try_set_envvar): New.
+	(gnupg_chuid): New.
+
+2020-08-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	kbx: Support v5key for short kid and long kid.
+	+ commit df531848a9618131921d584baba81c128f94de68
+	* kbx/keybox-search.c (has_short_kid): Support v5key.
+	(has_long_kid): Likewise.
+
+2020-08-05  Werner Koch  <wk@gnupg.org>
+
+	gpg: Add level 16 to --gen-random.
+	+ commit d847f0651ab4304129145b55353501636b4e4728
+	* g10/gpg.c (main): Add that hack.
+
 2020-08-04  Werner Koch  <wk@gnupg.org>
 
 	sm: Also show the SHA-256 fingerprint.
-	+ commit 9c57de75cf36cfcf408eda1b59a0362a061517ce
+	+ commit e7d70923901eeb6a2c26445aee9db7e78f6f7f3a
 	* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
 	(list_cert_raw): Print the SHA2 fingerprint.
 	(list_cert_std): Ditto.
 
+2020-08-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	w32: Fix cast from intptr_t of _get_osfhandle.
+	+ commit 8e04cf969e95ccaa31bbaa7333938af1ea7476c6
+	* common/exectool.c (gnupg_exec_tool_stream): Cast to unsigned long.
+
+2020-07-31  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix coercion for pinentry_pid handling.
+	+ commit da3a4c54a8ce8a7dc442c70bda9b7eda22d43e57
+	* agent/call-pinentry.c (start_pinentry): Don't use pid_t.
+
+	scd: Silence compiler warning.
+	+ commit 2a34a2afea5fcb5f4ed206afa110650db3dd7ef0
+	* scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
+
 2020-07-30  NIIBE Yutaka  <gniibe@fsij.org>
 
+	w32: Add NETLIBS for sm/t-minip12.
+	+ commit c1f81eb9fc2544a417ebc2ce19b04541525da684
+	* sm/Makefile.am (t_minip12_LDADD): Add NETLIBS.
+
 	w32: More adding NETLIBS.
-	+ commit 8d9ce32c30db2bba5736fff5f56b7c145aaec42c
+	+ commit 5fa4427419c875e46d051ae6ed376d5ad6037401
 	* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).
 
 	w32: Add link to $(NETLIB) for -lws2_32.
-	+ commit f95d923090e119a7a05eef13bbbc108ed98e513a
+	+ commit d69f5570ee5e1b099e39fdf64e18add23ff5c815
 	* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
 	* sm/Makefile.am (gpgsm_LDADD): Ditto.
 	* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.
 
+2020-07-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	kbx: Fix short KID and long KID handling for FPR32.
+	+ commit fa4a2bd7a1ba8d4bda5f9cec0826104f50142d4f
+	* kbx/keybox-search.c (blob_cmp_fpr_part): For FPR32, it's
+	the first part in the fingerprint.
+
+2020-07-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix closing reader and reeleasing context in PC/SC.
+	+ commit daa2cec6a543f06a2e408d97a80a5041027f16a9
+	* scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
+	(apdu_dev_list_finish): Release the context when no readers.
+
+	Use gpgrt's new option parser for symcryptrun.
+	+ commit f484ac2b2d2ea176db1a70d961a778180147d9b2
+	* tools/symcryptrun.c: Follow API change of the new option parser.
+
+	scd: PC/SC: Don't release the context when it's in use.
+	+ commit 46d185f60397f68830bfdfb99627b29aea5016f1
+	* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
+
+	gpg-card: Fix type of historyname.
+	+ commit 43000b0434b47a72608b41d67054ba42db21b699
+	* tools/gpg-card.c (interactive_loop): Remove const qualifier.
+
 2020-07-16  Werner Koch  <wk@gnupg.org>
 
 	gpg: Do not close stdout after --export-ssh-key.
-	+ commit 970e43130506186c82d528d0a4fe34725e3c8e6b
+	+ commit 5c514a274ca8ac6be875818237e2e1bbc0c6a2a5
 	* g10/export.c (export_ssh_key): Do not close stdout.
 
-2020-07-15  NIIBE Yutaka  <gniibe@fsij.org>
+2020-07-16  NIIBE Yutaka  <gniibe@fsij.org>
 
-	tools: Use internal regexp routines.
-	+ commit b4cbb5f58a00fa5ac9f1282664c0adb7ecfa9e57
-	* tools/gpg-check-pattern.c: Use jimregexp.h.
+	common: Avoid undefined behavior of left shift operator.
+	+ commit 8abf065307ff4a7ea873fe59f76173bf17dac241
+	* common/iobuf.c (block_filter): Handle an error earlier.
+	Make sure it's unsigned.
+
+2020-07-15  NIIBE Yutaka  <gniibe@fsij.org>
 
 	regexp: Import change from JimTcl.
-	+ commit 1d1f2aa94370dcb715f6ae02ea5e14eb7ec5fa98
+	+ commit 91cb46d948db234be1ea8092f5db9e14294f1b79
 	* regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.
 
-	regexp: Fix generation of _unicode_mapping.c.
-	+ commit 8904b18822fc2203ed667844cc3885dc459dbfef
-	* configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
-	* regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
-	* regexp/parse-unidata.awk: Don't use strtonum.
-
-	gpg: Add regular expression support.
-	+ commit 199309190a0b9966445bc386747c433949d3b81e
-	* AUTHORS, COPYING.other: Update.
-	* Makefile.am (SUBDIRS): Add regexp sub directory.
-	* configure.ac (DISABLE_REGEX): Remove.
-	* g10/Makefile.am (needed_libs): Add libregexp.a.
-	* g10/trustdb.c: Remove DISABLE_REGEX support.
-	* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
-	  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
-	* regexp/UnicodeData.txt: New from Unicode.
-	* regexp/Makefile.am, regexp/parse-unidata.awk: New.
-	* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
-	* tools/Makefile.am: Remove DISABLE_REGEX support.
-
-2020-07-13  Werner Koch  <wk@gnupg.org>
+2020-07-14  Werner Koch  <wk@gnupg.org>
 
 	agent: Fix regression with --newsymkey in loopback mode.
-	+ commit d9ea47f702840c87431df984b9b3f7e60c9ea815
+	+ commit 0a6af6dc12998ef7b19673ad05d11e82f826de9d
 	* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
 	same as with !OPT_NEWSYMKEY.
 
 2020-07-13  NIIBE Yutaka  <gniibe@fsij.org>
 
 	dirmngr: Handle EAFNOSUPPORT at connect_server.
-	+ commit ce793fc2f838a97cb1e92b3060337b8052f3dc3a
+	+ commit 109d16e8f644da97ed9c00e6f9010a53097f587a
 	* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
 
-2020-07-09  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.21.
-	+ commit be6fc39ed9b4ffd56d960e20499599c851c17b44
+2020-07-10  NIIBE Yutaka  <gniibe@fsij.org>
 
+	gpg: For decryption, support use of a key with no 'encrypt' usage.
+	+ commit 31ae0718ba10c3b1b670ba6131b4995de24aa7a1
+	* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
+	Emit information the key has no 'encrypt' usage.
 
 2020-07-08  Werner Koch  <wk@gnupg.org>
 
 	Do not use the pinentry's qualitybar.
-	+ commit b451c4f5ea672c9915e28d8dde30abc675060f06
+	+ commit 999d25d47d45a0f594c84d51c041da0b24d68c5d
 	* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
 	* g10/call-agent.c (agent_get_passphrase): Ditto.
 	* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
 
 	gpg: Use integrated passphrase repeat entry also for -c.
-	+ commit ae8b88c635424ef36f024d0016949d11187dc21e
+	+ commit a6a4bbf6debd925a23c22eea86a562f061fdfe6c
 	* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
 	* g10/passphrase.c (passphrase_get): Add arg newsymkey.
 	(passphrase_to_dek): Pass it on.
 
 	agent: New option --newsymkey for GET_PASSPHRASE.
-	+ commit d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
-	* agent/call-pinentry.c (do_getpin): New.
-	(agent_askpin): Use do_getpin.
-	(agent_get_passphrase): Add arg pininfo.  Use do_getpin.
+	+ commit eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
+	* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
 	* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
 	* agent/command.c (reenter_passphrase_cmp_cb): New.
 	(cmd_get_passphrase): Add option --newsymkey.
@@ -3341,7 +2888,7 @@
 2020-07-07  Werner Koch  <wk@gnupg.org>
 
 	gpg: Fix flaw in symmetric algorithm selection in mixed mode.
-	+ commit 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e
+	+ commit 6864bba78e76a1ff72aec140ae9f4e752454c463
 	* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
 	instead of the fallback s2k_cipher_algo.  Fix error code.
 	(encrypt_simple): Use setup_symkey.
@@ -3349,62 +2896,446 @@
 2020-07-03  Werner Koch  <wk@gnupg.org>
 
 	sm: Exclude rsaPSS from de-vs compliance mode.
-	+ commit 4a36adaa64311a42eb78d9e52390df489454cafb
+	+ commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
 	* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
 	* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
 	test rsaPSS.  Adjust all callers.
-	* common/util.c (pubkey_algo_to_string): New.
 	(gnupg_pk_is_allowed): Ditto.
 	* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
 	(gpgsm_get_hash_algo_from_sigval): New.
 	* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
 	arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
 	* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
-	also get the algo flags.  Pass algo flags along.  Change some of the
-	info output to be more like current master.
+	also get the algo flags.  Pass algo flags along.
 
 2020-07-02  Werner Koch  <wk@gnupg.org>
 
+	scd:nks: Implement writecert for the Signature card v2.
+	+ commit c1663c690b29d2dea8bc782c42de5eca08a24cc9
+	* scd/iso7816.c (CMD_UPDATE_BINARY): New.
+	(iso7816_update_binary): New.
+	* scd/app-nks.c (do_deinit): Factor some code out to...
+	(flush_fid_cache): new.
+	(do_writecert): New.
+	(app_select_nks): Register new handler.
+
 	dirmngr: Silence annoying warning for missing default ldap server file.
-	+ commit daca1a011b0e4ae888fd6b11253993cb3537990f
+	+ commit f55a05a69ba07eb2ed354a9275e71e94c5e362aa
 	* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
 	(main): Use that arg for the default file.
 
-	dirmngr: Fix case handling of "ldapi" scheme.
-	+ commit 0795ab1c8f95831c15d4ae36d197805a26f8c899
-	* dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.
+	Support a history file in gpg-card and gpg-connect-agent.
+	+ commit d70b8769c888f42896ae3ef4972bf82e9b5a0c32
+	* common/gpgrlhelp.c (read_write_history): New.
+	(gnupg_rl_initialize): Register new function.
+	* common/ttyio.c (my_rl_rw_history): New var.
+	(tty_private_set_rl_hooks): Add arg read_write_history.
+	(tty_read_history): New.
+	(tty_write_history): New.
+	* tools/gpg-card.c (HISTORYNAME): New.
+	(oNoHistory): New enum value.
+	(opts): New option --no-history.
+	(cmd_history): New.
+	(cmds): New command "history".
+	(interactive_loop): Read and save the history.
+	* tools/gpg-connect-agent.c (HISTORYNAME): New.
+	(opts): New option --no-history.
+	(main): Read and save the history.  New command /history.
+
+2020-06-30  Werner Koch  <wk@gnupg.org>
+
+	scd:nks: Fix certificate read problem with TCOS signature card v2.
+	+ commit 07aef873ebc77241e9a2be225537319f6fc15a41
+	* scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN.
+	(do_readcert): Test for the app_id.
+
+	scd: Change how the removed card flag is set.
+	+ commit 58b091df831f61c8d3551114f2480d36e73de2da
+	* scd/command.c (cmd_serialno): Set/clear card removed flags for all
+	connections using the current card.
+
+	card: Better detect removed cards.  Add TCOS PIN menu.
+	+ commit fb10b6cba43f4ed8675093ac25f461de4dacdce9
+	* tools/card-call-scd.c (scd_change_pin): Add arg 'nullpin'.
+	* tools/gpg-card.h (struct card_info_s): Add field 'card_removed'.
+	* tools/gpg-card.c (fixup_scd_errors): New.
+	(maybe_set_card_removed): New.
+	(list_one_kinfo): Change type of first arg to get access to INFO.  Set
+	card_removed flag.
+	(list_all_kinfo): Improve label alignment.
+	(cmd_list): Check that the current card is still available.
+	(cmd_passwd): Add option --nullpin and menu to chnage TCOS PINs.
+	(dispatch_command): Handle card_removed flag.
+	(interactive_loop): Ditto.
+
+2020-06-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Support Ed448/X448 key generation.
+	+ commit 45398518fb76e2b859d2d48cf4cdbc11fbbda4fa
+	* g10/keygen.c (ask_curve): Support Ed448/X448 keys.
+	(generate_keypair): Support switch to X448 key.
+
+2020-06-29  Werner Koch  <wk@gnupg.org>
+
+	scd: Shorten cardio debug output for all zeroes.
+	+ commit 9b6f574928546e6905a92c3e74d72478f1585c66
+	* scd/apdu.c (all_zero_p): New.
+	(send_le): Use it.
+
+	sm: Fix regression in Friday's commit.
+	+ commit 4f1c257c03667497d642930884b65c4f2245adbd
+	* sm/gpgsm.c (main): Set ERR also for encrypt.
 
 2020-06-26  Werner Koch  <wk@gnupg.org>
 
+	sm: Try not to output a partial new message after an error.
+	+ commit ccbb0cfeefed096a9841b6557d10eef12d55b721
+	* sm/gpgsm.c (main) <aSign,aEncr>:  Uses gpgrt_fcancel on error.
+
 	sm: Print the serial number of a cert also in decimal.
-	+ commit ad6bf5d67f58dcdd76b621e77b81efa7b41ca885
+	+ commit 208a90197317fb9746ecf54a1d14acbeeddfbd18
 	* sm/certdump.c: Include membuf.h.
 	(gpgsm_print_serial_decimal): New.
 	* sm/keylist.c (list_cert_raw): Print s/n also in decimal
 	(list_cert_std): Ditto.
 
+2020-06-25  Werner Koch  <wk@gnupg.org>
+
+	scd:nks: Fix remaining tries warning in --reset mode.
+	+ commit 2429e8559844e27de478d7e90834a714b3748834
+	* scd/app-nks.c (do_change_pin): Chnage computaion of 'remaining'.
+
+	card: Add  password change menu for NKS cards.
+	+ commit 28c069db3bb5a1065de69bcc0435c8415df87e5b
+	* tools/gpg-card.c (cmd_passwd): Add menu for NKS.  Add option
+	--reset.
+
+	sm: Fix support verification of nistp521 signatures.
+	+ commit 17a25c14f1ed1199898ad618c17204eafd5524c1
+	* sm/certcheck.c (do_encode_md): Fix obvious bug.
+
+2020-06-24  James Bottomley  <James.Bottomley@HansenPartnership.com>
+	    Werner Koch  <wk@gnupg.org>
+
+	agent: separate out daemon handling infrastructure for reuse.
+	+ commit f541e1d95a91d4764c7ed0df10c293bfd493dd41
+	* agent/call-scd.c: Factor re-usable code out to ...
+	* agent/call-daemon.c: new.  Store infos in an array to allow for
+	other backend daemons.
+	* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
+	* agent/agent.h: Include assuan.h.
+	(enum daemon_type): New.
+	(opt): Replace scdaemon_program by daemon_program array.  Replace
+	scd_local by a array d_local.  Change users accordingly.
+
+2020-06-24  Werner Koch  <wk@gnupg.org>
+
+	gpgconf: Fix regression in --launch and --kill from March.
+	+ commit 2d8f060679bafed27909a5ad54b7f74a9f8dd51b
+	* tools/gpgconf.h (gc_component_id_t): Align order with gc_component
+	array.
+
+2020-06-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg,agent: Support Ed448 signing.
+	+ commit a763bb2580b0d586a80b8ccd3654f41e49604f4f
+	* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
+	so that it can support Ed448, as well as Ed25519.
+	(agent_pksign_do): Follow the change.
+	* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
+	for Ed448, it's only for classic curves.
+	* common/openpgp-oid.c (oidtable): Add Ed448.
+	* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
+	* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
+	* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
+	(ask_algo, parse_key_parameter_part): Handle "ed448".
+	* g10/pkglue.c (pk_verify): Support Ed448.
+	(pk_check_secret_key): Support Ed448.
+	* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
+	(make_keysig_packet): Likewise.
+
+2020-06-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Use "cv448" to specify key using X448.
+	+ commit c94eea15d6847c08d2d9ff1c7608953f25fea67d
+	* common/openpgp-oid.c (oidtable): Use "cv448".
+	(oid_cv448): Rename from oid_x448.
+	(openpgp_oidbuf_is_cv448, openpgp_oid_is_cv448): Likewise.
+	* common/util.h (openpgp_oid_is_cv448): Follow the change.
+	* g10/ecdh.c (pk_ecdh_generate_ephemeral_key): Likewise.
+	* g10/keygen.c (gen_ecc, ask_algo): Use "cv448".
+	(parse_key_parameter_part): Likewise.
+	* g10/pkglue.c (get_data_from_sexp): Fix for debug output.
+
+2020-06-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Use get_pk_algo_from_key.
+	+ commit 4bdade5b0bea1816a2479c73abc71b41f09ba727
+	* agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
+	(agent_pk_get_algo): Remove.
+	* agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.
+
+	agent: Clean up for getting info from SEXP.
+	+ commit d2e4aa5ee4c5128547cc45c2e1ac35fdc5c00f45
+	* agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove.
+	(agent_pk_get_algo): New.
+	* agent/findkey.c (agent_pk_get_algo): New.
+	* agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC.
+	(agent_pksign_do): Use agent_pk_get_algo.
+
+	agent: A little clean up.
+	+ commit abc6a3100a33122ba3673b578a2b364a6b45d252
+	* agent/findkey.c (agent_is_eddsa_key): Remove dead case.
+
+2020-06-17  Werner Koch  <wk@gnupg.org>
+
+	agent: Fix regression in 'd' fixup code for shadowed keys.
+	+ commit d1e1c622d55e783ae5bf601249598f0da8d5e688
+	* agent/sexp-secret.c (fixup_when_ecc_private_key): Ignore shadowed
+	keys.
+
+	sm: Support verification of nistp521 signatures.
+	+ commit 596212e71abf33b30608348b782c093dace83110
+	* sm/certcheck.c (do_encode_md): Take care of nistp521.
+
+2020-06-09  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix for new SOS changes when used with Libgcrypt < 1.8.6.
+	+ commit eeb599c9e261586a664430058b7cfad7025a503f
+	* g10/free-packet.c (is_mpi_copy_broken): New.
+	(my_mpi_copy): Mix gcry_mpi_copy.
+
+	gpg: Extend the TRUST_ status lines.
+	+ commit 96f1ed5468002330ea21d9ad32ac3b464bb40b1a
+	* g10/pkclist.c (write_trust_status): Add arg mbox.
+	(check_signatures_trust): Appenmd mbox to the status lines.
+
+2020-06-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Use bytes for ECDH.
+	+ commit da5e0bc31b4c6f16ed5ff9b35063f3b03eb7ff16
+	* g10/ecdh.c (extract_secret_x): Use byte * instead of MPI.
+	(prepare_ecdh_with_shared_point): Use char * instead of MPI.
+	(pk_ecdh_encrypt_with_shared_point): Likewise.
+	(pk_ecdh_decrypt): Likewise.
+	* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt):
+	Change declaration.
+	* g10/pkglue.c (get_data_from_sexp): New.
+	(pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp.
+	Follow the change of pk_ecdh_encrypt_with_shared_point.
+	* g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt.
+
+	gpg: Add X448 support.
+	+ commit e9760eb9e70b9804c988dafe01851f6600869d9e
+	* common/openpgp-oid.c (oidtable): Add X448.
+	(oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New.
+	* common/util.h (openpgp_oid_is_x448): New.
+	* g10/ecdh.c (gen_k): Add handling of opaque MPI and support
+	endianness.
+	(pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI.
+	* g10/keygen.c (gen_ecc): Add support for X448.
+	(ask_algo, parse_key_parameter_part): Likewise.
+
+	gpg,ecc: Handle external representation as SOS with opaque MPI.
+	+ commit f5bc94555458123f93d8b07816a68fb7485421e1
+	* g10/pkglue.h (sexp_extract_param_sos): New.
+	* g10/build-packet.c (sos_write): New.
+	(do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
+	* g10/export.c (cleartext_secret_key_to_openpgp): Use
+	sexp_extract_param_sos.
+	(transfer_format_to_openpgp): Use opaque MPI for ECC.
+	* g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
+	* g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
+	* g10/parse-packet.c (sos_read): New.
+	(parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
+	* g10/pkglue.c (sexp_extract_param_sos): New.
+	(pk_verify): Handle opaque MPI for SOS.
+	(pk_encrypt): Use sexp_extract_param_sos.
+	* g10/seskey.c (encode_session_key): Use opaque MPI.
+	* g10/sign.c (do_sign): Use sexp_extract_param_sos.
+
+2020-06-08  Werner Koch  <wk@gnupg.org>
+
+	gpg: If possible TRUST values now depend on signer's UID or --sender.
+	+ commit 5c2080f4670a768787f5cb4ed5c32e0946837883
+	* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
+	Pass KEYBLOCK down do check_signatures_trust.  Protect existsing error
+	ocde in case the signature expired.
+	* g10/pkclist.c (is_in_sender_list): New.
+	(check_signatures_trust): Add args keyblock and pk.  Add new uid based
+	checking code.
+	* g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
+
+2020-06-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix the condition to detect leading 0x00 problem.
+	+ commit e2e5736842299ebfb8263b674d5cbfb9b784d70f
+	* agent/sexp-secret.c (fixup_when_ecc_private_key): Use curve name
+	to identify the issue.
+
+2020-06-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent,ecc: Use of opaque MPI for ECC, fixup 'd'.
+	+ commit 47c1c329ed823a562185f86e98ac903605104f11
+	* agent/Makefile.am: Add sexp-secret.c.
+	* agent/agent.h: New function declarations.
+	* agent/sexp-secret.c: New.
+	* agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
+	* agent/protect-tool.c (read_and_unprotect): Fix up private part,
+	calling fixup_when_ecc_private_key.
+
+	agent: For ECC, use opaque MPI for key representation.
+	+ commit 2b118516240b4bddd34c68c23a99bea56682a509
+	* agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
+	(do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
+	(convert_from_openpgp_main): Use opaque MPI for ECC.
+	(apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
+	(extract_private_key): Use "/qd" for ECC, opaque MPI.
+
+	agent,ssh: Tighten condition for EdDSA.
+	+ commit a7d46c78e242e72f6ff681f6fe56ffc4dcb74a18
+	* agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
+	point representation of EdDSA.
+
+	agent: Remove duplicated code for EdDSA.
+	+ commit 2e988546c59ba25bf9e63521112c0c3c73b012f1
+	* agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
+	Use sexp_key_construct always.
+
+	agent: Clean up do_encode_md.
+	+ commit 4c0b12f817f15862111a01493aaadce943410ee9
+	* agent/pksign.c (do_encode_md): Directly use sexp_build.
+
 2020-06-03  Werner Koch  <wk@gnupg.org>
 
 	doc: Minor enhancement for reproducibility.
-	+ commit 5ade2b68db231c78d8ecca0eb21db2153da958d2
+	+ commit 074ab108e768b2f946d789c1f3a7f14a65e07c52
 	* doc/Makefile.am (defsincdate): In no repo mode and with
 	SOURCE_DATE_EPOCH set, use that instead of blanking the date.
 
-	common: Add missing error code GPG_ERR_WRONG_NAME.
-	+ commit 381c54179c2adefd558035f573a2029de2e1a2f7
-	* configure.ac: Require libgpg-error 1.25.
-	* common/util.h: Define some extra error codes.
+	card: Improve openpgp key writing in "writecert".
+	+ commit 4f6e0e12cbd3444b9e6ea5e4b92ea5b3072a3e17
+	* tools/card-keys.c (struct export_key_status_parm_s): New.
+	(export_key_status_cb): New.
+	(get_minimal_openpgp_key): New.
+	* tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
+	from an existing gpg key.
+
+	gpg: Improve generation of keys stored on card (brainpool,cv25519).
+	+ commit 48251cf9a7d3776667342f4705ac3de89bd75534
+	* g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
+	legacy curves.
+	(ask_algo): Tweak mapping of ECC to OpenPGP algos
+	(parse_key_parameter_part): Ditto.
+	(generate_subkeypair): Create the subkey with the time stored on the
+	card.
+
+	sm: Fix recently introduced regression in CSR creation.
+	+ commit 7558128e16d7fc20b9c40bf7e150ca08bbb4467f
+	* sm/certreqgen.c (create_request): Also set SIGKEYLEN.
 
 2020-05-29  NIIBE Yutaka  <gniibe@fsij.org>
 
 	scd: Fix condition for C5 data object for newer Yubikey.
-	+ commit e285b1197b93e5114679b2ece9f10743abc715ef
+	+ commit f3df8dbb696fed192501fa7f741c2e0e0936a3d5
 	* scd/app-openpgp.c (compare_fingerprint): Relax the condition.
 
-2020-05-21  NIIBE Yutaka  <gniibe@fsij.org>
+2020-05-28  Werner Koch  <wk@gnupg.org>
+
+	card: Allow to store and retrieve keyblocks in OpenPGP cards.
+	+ commit 2d9592e78f4978307e378e07d6c170a28000a494
+	* tools/gpg-card.c: Include tlv.h.
+	(cmd_writecert): Add option --openpgp.
+	(cmd_readcert): Ditto.
+
+	card: New command "apdu"
+	+ commit ed0759f39be04dd6108237f5ed03c7cfd1cb4642
+	* tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
+	* tools/gpg-card.c (cmd_apdu): New.
+	(enum cmdids): Add cmdAPDU.
+	(dispatch_command): Add command "apdu".
+	(interactive_loop): Ditto.
+
+2020-05-27  Werner Koch  <wk@gnupg.org>
+
+	card: Update card info after "generate".
+	+ commit 94d31660c6db22c3b539f440994d286f687c273f
+	* tools/gpg-card.c (cmd_generate): Re-read the card on success.
+
+	scd:openpgp: New KEY-STATUS attribute.
+	+ commit 21496761226c1020a98e3ec7dd2b9dd013d4386b
+	* scd/app-openpgp.c (do_getattr): Return KEY-STATUS
+
+	card: Add command "bye"
+	+ commit 08310849a28071fbca761fa4ca18702b39092947
+	* tools/gpg-card.c: Add command "bye" as alias for "quit".
+	* tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
+
+	card: Take care of removed and re-inserted cards.
+	+ commit 46a3de4b5acb37274ddd132499a3243e1f92b506
+	* tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
+	(cmd_factoryreset): Clear that flag.
+	(dispatch_command): Set flag after a reset and after a
+	CARD_NOT_PRESENT error.
+
+2020-05-26  Werner Koch  <wk@gnupg.org>
+
+	card: Implement UID command and print capabilities.
+	+ commit c2a47475ba0f6bd1de80e92dd91949501256025e
+	* tools/card-call-scd.c (learn_status_cb): Return the full value for
+	UIF.  Add info about SM, MCL3, and PD.
+	* tools/gpg-card.h (struct card_info_s): Add corresponding fields.
+	* tools/gpg-card.c (list_openpgp): Print capabilities.  Print the
+	permanent flag for UIF.
+	(cmd_uif): Implement.
+
+	scd:openpgp: Add attribute "UIF" for convenience.
+	+ commit 11f0700282c1eeaee8db6686c38aca0900271351
+	* scd/app-openpgp.c (do_getattr): New attrubute "UIF".
+	(do_learn_status): Use that.
+
+	scd: Fix Yubikey app switching problem.
+	+ commit 20090886706e2af6723ca11e292272fc00cffe07
+	* scd/app.c (select_all_additional_applications_internal): Re-select
+	first app.  Add arg 'ctrl'.
+
+2020-05-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Clean up ECDH code path (5).
+	+ commit 510bda7d3754801be18a592694578589fe503fb8
+	* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
+	encrytion.
+	(pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
+	code path in original pk_ecdh_encrypt_with_shared_point here.
+	* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
+	* g10/pkglue.c (pk_encrypt): Follow the change.
+
+	gpg: Clean up ECDH code path (4).
+	+ commit 64d93271bfce1968ebe61324b900875dbd6dd2eb
+	* g10/ecdh.c (prepare_ecdh_with_shared_point): New.
+	(pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
+	the cipher handle, use prepare_ecdh_with_shared_point.
+
+	gpg: Clean up ECDH code path (3).
+	+ commit 80c02d13d9994abae9e67c3554528352c621cd9b
+	* g10/ecdh.c (derive_kek): New.
+	(pk_ecdh_encrypt_with_shared_point): Use derive_kek.
+
+	gpg: Clean up ECDH code path (2).
+	+ commit a973d9113840282468015eb26f07f2b32f977d70
+	* g10/ecdh.c (build_kdf_params): New.
+	(pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
+	things before extract_secret_x.
+
+	gpg: Clean up ECDH code path (1).
+	+ commit 960d37644cbbe2a234352d0bc58095e2b0371eec
+	* g10/ecdh.c (extract_secret_x): New.
+	(pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.
+
+2020-05-20  NIIBE Yutaka  <gniibe@fsij.org>
 
 	dirmngr: dns: Fix allocation of string buffer in stack.
-	+ commit ab724d3206c8d3500ab2d982c98bad93ee550e42
+	+ commit 30eef28bc0f5deaa1b4b7f04293a6527524280a9
 	* dirmngr/dns.h (dns_strsection, dns_strclass)
 	(dns_strtype): Change APIs.
 	* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
@@ -3419,23 +3350,255 @@
 	(iclass): Use __dst for dns_strclass.
 	(itype): Use __dst for dns_strtype.
 
-2020-05-12  Werner Koch  <wk@gnupg.org>
+2020-05-19  Werner Koch  <wk@gnupg.org>
+
+	sm: Create ECC certificates with AKI and SKI by default.
+	+ commit 44676819f2873705b78849e7b2fd22214b691642
+	* sm/certreqgen.c (create_request): Create AKI and SKI by default.
+
+	common: New function to extract Q from an ECC key.
+	+ commit 3cd9dac7e0976643c6e4b6537cf363b2b12d422f
+	* common/sexputil.c (get_ecc_q_from_canon_sexp): New.
+
+2020-05-18  Werner Koch  <wk@gnupg.org>
+
+	sm: Support creation of EdDSA certificates.
+	+ commit 6dc3846d78192e393be73c16c72750734a9174d1
+	* sm/misc.c (transform_sigval): Support EdDSA.
+	* sm/certreqgen.c (create_request): Support EdDSA cert creation.
+	* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
+	hash algos.
+	* sm/call-agent.c (struct sethash_inq_parm_s): New.
+	(sethash_inq_cb): New.
+	(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
+
+	agent: Allow to use SETHASH for arbitrary data.
+	+ commit b18fb0264abdb6cb0a99ba0ba941dc9a6e35f74a
+	* agent/agent.h (struct server_control_s): Add field digest.data.
+	* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
+	* agent/command.c (reset_notify): Ditto.
+	(start_command_handler): ditto.
+	(cmd_sethash): Add new option --inquire.
+	* agent/call-scd.c (agent_card_pksign): For now return an error if
+	inquire mode was used.
+	* agent/command-ssh.c (ssh_handler_sign_request): Make sure
+	digest.data is cleared.
+	* agent/divert-scd.c (divert_pksign): Implement inquire mode.
+	* agent/pksign.c (agent_pksign_do): Ditto.
+
+2020-05-13  Werner Koch  <wk@gnupg.org>
+
+	sm: Support import and verification of EdDSA certificates.
+	+ commit b1694987bb6484405d41d34046a5290176feadd0
+	* sm/certdump.c (gpgsm_get_serial): New.
+	* sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures.
+
+2020-05-11  Werner Koch  <wk@gnupg.org>
+
+	sm: Support signing using ECDSA.
+	+ commit f44d395bdfec464b1e2a0a1aef39561e6e48a45c
+	* sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
+	* sm/sign.c (gpgsm_sign): Store the public key algo.  Take the hash
+	algo from the curve.  Improve diagnostic output in verbose mode.
+
+2020-05-08  Werner Koch  <wk@gnupg.org>
+
+	sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
+	+ commit 68b857df13c8a4e6cae5e3a29fd065bf90764547
+	* sm/decrypt.c (ecdh_decrypt): Support
+	dhSinglePass-stdDH-sha1kdf-scheme.  Factor key derive code out to ...
+	(ecdh_derive_kek): new global function.  Allow for hashs shorter than
+	the key.
+	(hash_ecc_cms_shared_info): Make file-only.
+	* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
+	new ecdh_derive_kek.  Add test code to create data using
+	dhSinglePass-stdDH-sha1kdf-scheme.
+	* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
+	* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
+
+	sm: Print algorithm infos in data decryption mode.
+	+ commit 439c9b5cb55044f13d4af6563f4e791093d510b0
+	* common/sexputil.c (cipher_mode_to_string): New.
+	* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
+	(gpgsm_decrypt): Show key algo and fingerprint
+
+	sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
+	+ commit 34b628db4618a8712536aea695f934b0286e7b18
+	* common/sexputil.c (pubkey_algo_to_string): New.
+	* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
+	* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
+	* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
+	* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA.  Use new pubkey
+	algo name function
+
+	sm: Improve readability of the data verification output.
+	+ commit a759fa963a42e0652134130029217270b6d5d00b
+	* sm/verify.c (gpgsm_verify): Print the used algorithms.
+
+2020-05-07  Werner Koch  <wk@gnupg.org>
+
+	card: Allow listing of NKS cards.
+	+ commit 94966347452632f8140fae70f7fcbadcc2b81071
+	* tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
+	* tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
+	chvmaxlen.
+	* tools/gpg-card.c (list_nks): New.
+	(print_a_version): Support single part version numbers.
+	(list_card): Call list_nks.
+
+	scd:nks: Add framework to support IDKey cards.
+	+ commit 1f6a39092fe4b5f02bc4741a0a23d102d30f4063
+	* scd/app-nks.c (NKS_APP_IDLM): New.
+	(struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
+	(do_learn_status): Always send CHV-STATUS.
+	(find_fid_by_keyref): Basic support for IDLM only use.
+	(do_learn_status_core): Ditto.
+	(do_readcert): Ditto.
+	(verify_pin): Ditto.
+	(parse_pwidstr): Ditto.
+	(do_with_keygrip): Ditto.
+	(switch_application): Ditto.
+	(app_select_nks): Fallback to IDLM.
+
+	scd:nks: Get the PIN prompts right for the Signature Card.
+	+ commit aecc008acb64ebbb6c667c4a128af4e61da57f84
+	* scd/app-nks.c (get_dispserialno): Move more to the top.
+	(do_getattr): Add $DISPSERIALNO and SERIALNO.  Make CHV-STATUS work
+	with NKS15.
+	(verify_pin): Use dedicated min. PIN lengths.
+	(parse_pwidstr): Support NKS15
+
+	sm: Print the key types as standard key algorithm strings.
+	+ commit 5c29d25e6c7c0a5a63ab4c46d4624217307adb78
+	* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
+	(gpgsm_get_key_algo_info2): new.
+	(gpgsm_pubkey_algo_string): New.
+	* sm/keylist.c (list_cert_colon): Put curve into field 17
+	(list_cert_raw): Print the unified key algotithm string instead of the
+	algo and size.
+	(list_cert_std): Ditto.
+
+	scd:nks: Support decryption using ECDH.
+	+ commit af45d884aa1c3eccbc6972a2e5197ece3fd1987a
+	* scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
+	(keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
+	(find_fid_by_keyref): Ditto.
+	(get_dispserialno): New.
+	(make_prompt): New.
+	(verify_pin): Provide better prompts.
+	(do_decipher): Support ECDH.
+	(parse_pwidstr): Add hack tospecify any pwid..
+	(do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
+	Provide a better prompt.
+
+	sm: Support decryption of ECDH data using a smartcard.
+	+ commit ee6d29f1797e06977ae3d2edae9edc1165c6f144
+	* sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
+	(prepare_decryption): Add arg nbits and pass on.
+	(gpgsm_decrypt): Pass size of curve to prepare_decryption.
+
+2020-05-05  Werner Koch  <wk@gnupg.org>
+
+	scd: Extend an internal function to also return the algo.
+	+ commit 314859d7e7de5010ca1e9d90b83acf3bc8493631
+	* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
+	r_algo.  Change all callers.
+	(app_help_get_keygrip_string): Ditto.
+
+2020-05-04  Werner Koch  <wk@gnupg.org>
+
+	scd:nks: Add do_with_keygrip and implement a cache.
+	+ commit 1e72a1a218490c0fc07811a02ddad6cc38913f77
+	* scd/app-nks.c (struct fid_cache_s): New.
+	(struct app_local_s): Add field 'fid_cache'.
+	(do_deinit): Release the cache.
+	(keygripstr_from_pk_file): Implement the cache.
+	(find_fid_by_keyref): New
+	(do_sign, do_decipher): Use new function.
+	(do_with_keygrip): New.
+
+	sm: Support encryption using ECDH keys.
+	+ commit d5051e31a8fc07c339253c6b82426e0d0115a20a
+	* sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
+	* sm/encrypt.c (ecdh_encrypt): New.
+	(encrypt_dek): Add arg PK_ALGO and support ECDH.
+	(gpgsm_encrypt): Pass PK_ALGO.
+
+2020-04-27  Werner Koch  <wk@gnupg.org>
+
+	sm: Add support to export ECC private keys.
+	+ commit 5da6925a334c68d736804d8f19a684a678409d99
+	* sm/minip12.c [TEST]: Remove test code.  Include util.h, tlv.h. and
+	openpgpdefs.h.  Remove the class and tag constants and replace them by
+	those from tlv.h.
+	(builder_add_oid, builder_add_mpi): New.
+	(build_key_sequence): Rename to ...
+	(build_rsa_key_sequence): this.
+	(build_ecc_key_sequence): New.
+	(p12_build): Call RSA or ECC builder.
+	(p12_raw_build): Ditto.
+	* sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
+	(sexp_to_kparms): Support ECC.
+
+	* sm/t-minip12.c: New to replace the former TEST code in minip12.h.
+
+2020-04-24  Werner Koch  <wk@gnupg.org>
+
+	common: Add an easy to use DER builder.
+	+ commit 5ea878274ef51c819368f021c69c518b9aef6f82
+	* common/tlv-builder.c: New.
+	* common/tlv.c: Remove stuff only used by GnuPG 1.
+	(put_tlv_to_membuf, get_tlv_length): Move to ...
+	* common/tlv-builder.c: here.
+	* common/tlv.h (tlv_builder_t): New.
+
+2020-04-23  Werner Koch  <wk@gnupg.org>
+
+	sm: Support decryption of ECDH data.
+	+ commit 95d83cf906177fe9f00e88ae42d4c118c7db4371
+	* sm/decrypt.c: Include tlv.h.
+	(string_from_gcry_buffer): New.
+	(hash_ecc_cms_shared_info): New.
+	(ecdh_decrypt): New.
+	(prepare_decryption): Support ECDH.  Add arg pk_algo.
+	(gpgsm_decrypt): Lift some variables from an inner code block.
+
+	common: Add functions to help create DER objects.
+	+ commit 5d015b38eb9f828acf522fa89e4944f3b343678c
+	* common/tlv.c (put_tlv_to_membuf): New.
+	(get_tlv_length): New.
+	* common/tlv.h: Include membuf.h.
+
+2020-04-21  Werner Koch  <wk@gnupg.org>
+
+	sm: Support import of PKCS#12 encoded ECC private keys.
+	+ commit 8dfef5197af9f655697e0095c6613137d51c91e7
+	* sm/minip12.c: Include ksba.h.
+	(oid_pcPublicKey): New const.
+	(parse_bag_data): Add arg 'r-curve'.  Support parsing of ECC private
+	keys.
+	(p12_parse): Add arg 'r_curve'.
+	* sm/import.c (parse_p12): Support ECC import.
+
+2020-04-17  Werner Koch  <wk@gnupg.org>
 
-	common: Change argument order of log_printhex.
-	+ commit c6324ee07a9ff2a626d6dfcc094a67b62628d42e
-	* common/logging.c (log_printhex): Chnage order of args.  Make it
-	printf alike.  Change all callers.
-	* configure.ac: Add -Wno-format-zero-length
+	scd:nks: Allow retrieving certificates from a Signature Card v.20.
+	+ commit f05a32e5c9db7d0840c74fccc350a9e0ff5fb819
+	* scd/app-nks.c: Major rework to support non-RSA cards.
+
+	scd: Detect missing card in "getinfo all_active_apps".
+	+ commit 3633ca6e21f7feb97b6690025614575bb6909f8b
+	* scd/app.c (send_card_and_app_list): Detect no app case.
 
 2020-04-16  Werner Koch  <wk@gnupg.org>
 
 	sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
-	+ commit aec7d136e4bdfd53709dc04e3e92f4c50135d368
+	+ commit bbb7edb8807b7d3c8bb5284d8fdf21adb67cd87d
 	* sm/certchain.c (find_up): Disable external lookups in offline mode.
 	Always allow AKI lookup if CRLs are also enabled.
 
 	sm: Lookup missing issuers first using authorityInfoAccess.
-	+ commit d57209553da7da85a369cd362aabeaef07e0bc26
+	+ commit f5efbd5a1169ca7700f430a4a26ba086e603c887
 	* sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
 	adjust all callers.
 	* sm/certchain.c (oidstr_caIssuers): New.
@@ -3445,91 +3608,46 @@
 	(find_up): Try the AIA URI first.
 
 	dirmngr: Allow http URLs with "LOOKUP --url"
-	+ commit 3b27c26241ee25cf75555e11d9bb463faac8237d
+	+ commit 7f1be1ea524ee53d8c7b628e0305b61ebad4ab25
 	* dirmngr/crlfetch.c (read_cert_via_http): New.
 	(fetch_cert_by_url): Implement http scheme.
 
-	gpg: Add missing options --no-include-key-block.
-	+ commit 7dbfd92b3e231cfe111c8832ff1048305c8d2d92
-	* g10/gpg.c (opts): Add it.
-
 	gpg: Make AEAD modes subject to compliance checks.
-	+ commit 37b116db20080f6e1c6ca1dec79014fecf2c3248
+	+ commit cec397e00240829495de2b487fe60d997d810c03
 	* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
 
-	gpg: Show AEAD preferences.
-	+ commit ab7a0b07024c432233e691b5e4be7e32baf8d80f
-	* g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
-	* g10/keyedit.c (show_prefs): Print AEAD preferences.
-	* g10/getkey.c (fixup_uidnode): Set AEAD flags.
-	(merge_selfsigs): Ditto.
-
-	gpg: Support decryption of the new AEAD packet.
-	+ commit 1dfe71c62b184c84723c5f926f2596f46ee967cf
-	* common/openpgpdefs.h (aead_algo_t): New.
-	(pkttype_t): Add PKT_ENCRYPTED_AEAD.
-	* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
-	AEAD.
-	(aead_set_nonce_and_ad): New.
-	(aead_checktag): New.
-	(decrypt_data): Support AEAD.
-	(aead_underflow): New.
-	(aead_decode_filter): New.
-	* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
-	algo_info_printed, and symmetric into bit flags.
-	* g10/mainproc.c (struct mainproc_context): Add field
-	seen_pkt_encrypted_aead.
-	(release_list): Clear it.
-	(have_seen_pkt_encrypted_aead): New.
-	(symkey_decrypt_seskey): Support AEAD.
-	(proc_symkey_enc): Ditto.
-	(proc_encrypted): Ditto.
-	(proc_plaintext): Ditto.
-	* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
-	(openpgp_aead_test_algo): New.
-	(openpgp_aead_algo_name): New.
-	(openpgp_aead_algo_info): New.
-	* g10/packet.h (PKT_symkey_enc): Add field use_aead.
-	(PKT_user_id): Add field flags.aead
-	(PKT_public_key): Ditto.
-	(PKT_encrypted): Add fields for AEAD.
-	* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
-	(parse_symkeyenc): Support AEAD.
-	(parse_encrypted): Ditto.
-	(dump_sig_subpkt): Dump AEAD preference packet.
-	(parse_encrypted_aead): New.
-
 2020-04-15  Werner Koch  <wk@gnupg.org>
 
-	gpg: Improve symmetric decryption speed by about 25%
-	+ commit 144b95cc9d0f03a2fe5d91120f6b4b30f4bb8f71
-	* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer
-	filling code out to ...
-	(fill_buffer): new.
-
-	gpg: Reformat parts of decrypt-data.c.
-	+ commit 2f39e00b6b7d2aa57cd268c579127947042a0fcf
-	* g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer'
-	to 'holdback' and 'defer_filled' to 'holdbacklen'.  Increase size of
-	holdback to allow for future AEAD decryption.  Turn 'partial' and
-	'eof_seen' into bit fields.
-	(decrypt_data): Replace write_status_text by write_Status_printf.
-	Indent parts of the code.
+	gpg: Fix broken setting of AEAD algo.
+	+ commit df0edaf91a220f8c6dffbfd1f795e229858b096b
+	* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
 
 	sm,dirmngr: Restrict allowed parameters used with rsaPSS.
-	+ commit ddc74f50d42370421b4802dc13df88f0ca2fcee5
+	+ commit c0d5c673542b3d517c33fe1a9ab26bcda1a5a95f
 	* sm/certcheck.c (extract_pss_params): Check the used PSS params.
 	* dirmngr/crlcache.c (finish_sig_check): Ditto.
 	* dirmngr/validate.c (check_cert_sig): Ditto.
 
+2020-04-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	regexp: Fix generation of _unicode_mapping.c.
+	+ commit 50b320952e99ea20f9b77c6c501280fe37fd2598
+	* configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
+	* regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
+	* regexp/parse-unidata.awk: Don't use strtonum.
+
+2020-04-14  Werner Koch  <wk@gnupg.org>
+
 	sm: Support rsaPSS verification also for CMS signatures.
-	+ commit 24d563749f50f51841b3fd00eb615a871e45bb28
+	+ commit 6c28d9343ea6df9cda1b69e77751a9e958eb3d70
 	* sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
 	(extract_pss_params): new.
 	(gpgsm_check_cms_signature): Implement PSS.
 
+2020-04-09  Werner Koch  <wk@gnupg.org>
+
 	dirmngr: Support rsaPSS also in the general validate module.
-	+ commit 8bf17eb94d0d85f34477ec0c2c0514000b6aa045
+	+ commit ba34f1415366d91d1831d717ec310ddda33f9cc4
 	* dirmngr/validate.c (hash_algo_from_buffer): New.
 	(uint_from_buffer): New.
 	(check_cert_sig): Support rsaPSS.
@@ -3537,7 +3655,7 @@
 	error.
 
 	sm,dirmngr: Support rsaPSS signature verification.
-	+ commit 0626cc8fed340deb36f0c10e7a68afc287d0f626
+	+ commit b45ab0ca08f8d6f9831192210b9ab141f4e450cf
 	* sm/certcheck.c (hash_algo_from_buffer): New.
 	(uint_from_buffer): New.
 	(gpgsm_check_cert_sig): Handle PSS.
@@ -3549,17 +3667,26 @@
 	(crl_parse_insert): Pass use_pss flag along.
 
 	common: New function to map hash algo names.
-	+ commit 4d37cc72b83f601118c2c6c79d9d96c85e250f7e
+	+ commit 5d5b70ae0f515290a3d64daa1d687fe8c8477f76
 	* common/sexputil.c (hash_algo_to_string): New.
 
 	scd:p15: Return a display S/N via Assuan.
-	+ commit 39e2260d7e05ef2fd6ff94a1bc538cf0d640193c
+	+ commit bfedc760efdcf606da7c214e84d12a10ee4cbcc0
 	* scd/app-p15.c (make_pin_prompt): Factor some code out to ...
 	(get_dispserialno): this.
 	(do_getattr): Use new fucntion for a $DISPSERIALNO.
 
+2020-04-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: ECDH: Accept longer padding.
+	+ commit fd79cadf7ba5ce45dfb5e266975f58bf5c7ce145
+	* g10/pubkey-enc.c (get_it): Remove check which mandates shorter
+	padding.
+
+2020-04-07  Werner Koch  <wk@gnupg.org>
+
 	scd:p15: Show a pretty PIN prompt.
-	+ commit beaa2cbb7f039c6ebfcfff483cfe6002a858993d
+	+ commit 9ec8d984be4676126843d5aa7dfd0b7d71eff13c
 	* scd/app-p15.c (struct prkdf_object_s): New fields common_name and
 	serial_number.
 	(release_prkdflist): Free them.
@@ -3570,11 +3697,11 @@
 	(do_sign): Remove debug output.
 
 	scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
-	+ commit 9e6a3290dad1b19144a2b413902e9918094a2cea
+	+ commit f28795b615c3042f6eb7c9d941e232d0da50efbc
 	* scd/iso7816.c (map_sw): Detect 0x63Cn status code.
 
 	scd: Factor common PIN status check out.
-	+ commit 9497d25c567d4fb8b6be603b102a149060e7aa56
+	+ commit 60d018f6a91c4c90b8ecf13f88ac4256699f4007
 	* scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
 	(ISO7816_VERIFY_NO_PIN): New.
 	(ISO7816_VERIFY_BLOCKED): New.
@@ -3582,27 +3709,40 @@
 	(ISO7816_VERIFY_NOT_NEEDED): New.
 	* scd/iso7816.c (iso7816_verify_status): New.
 	* scd/app-nks.c (get_chv_status): Use new function.
+	* scd/app-piv.c (get_chv_status): Ditto.
+	(verify_chv): Ditto.
 
 	scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
-	+ commit 471b06e91b6ae47e1f71cd7a698763cd9d32ff12
+	+ commit 42ddcc87f4bca40d605d133b6cdb4e761a49a1c9
 	* scd/iso7816.c (iso7816_select_mf): New.
 	* scd/app-p15.c (card_product_t): New.
 	(struct app_local_s): Add field 'card_product'.
 	(read_ef_tokeninfo): Detect D-Trust card.
 	(prepare_verify_pin): Switch to D-Trust AID.
-	(do_decipher): Restore a SE for D-TRust cards.  Change the padding
+	(do_decipher): Restore a SE for D-TRust cards.  Chnage the passing
 	indicator to 0x81.
 
-	* common/percent.c (percent_data_escape): new.  Taken from master.
+2020-04-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tools: Use internal regexp routines.
+	+ commit 7ee2a9687da9560a5d17c7046c87c2f7a6733d5c
+	* tools/gpg-check-pattern.c: Use jimregexp.h.
+
+2020-04-03  Werner Koch  <wk@gnupg.org>
 
 	scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
-	+ commit 4148976841d154c94e6d1d4dcc1720908582086b
+	+ commit aa60645b997d23ac2958f75fd349c1cd7b8af902
 	* scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id.
 	(do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID.
 	(send_keypairinfo): Also print usage flags.
 
-	gpg: Use the new MANUFACTURER attribute.
-	+ commit 88b456bdf4e4763e8f1b718f5597d4d075d989cd
+	gpg,card: Use the new MANUFACTURER attribute.
+	+ commit 15352b0eac335e7993fcd7720106a3a7d22caae1
+	* tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
+	* tools/card-call-scd.c (release_card_info): Release them.
+	(learn_status_cb): Parse MANUFACTURER attribute.
+	* tools/gpg-card.c (get_manufacturer): Remove.
+	(list_card): Use the new attribute.
 	* g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
 	* g10/call-agent.c (agent_release_card_info): Release them.
 	(learn_status_cb): Parse MANUFACTURER attribute.
@@ -3610,48 +3750,89 @@
 	(current_card_status): Use new attribute.
 
 	scd:openpgp: New attribute "MANUFACTURER".
-	+ commit 431b3e68e071d2bdc22b2c845ca929182830ddbd
+	+ commit 541a6a903e79c9146a379f5c6c0fb34e6c2b42c4
 	* scd/app-openpgp.c (get_manufacturer): New..
 	(do_getattr): Add new attribute "MANUFACTURER".
 	(do_learn_status): Always print it.
 
+2020-04-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Add regular expression support.
+	+ commit ba247a114c75a84473c11c1484013b09fbb9bcd1
+	* AUTHORS, COPYING.other: Update.
+	* Makefile.am (SUBDIRS): Add regexp sub directory.
+	* configure.ac (DISABLE_REGEX): Remove.
+	* g10/Makefile.am (needed_libs): Add libregexp.a.
+	* g10/trustdb.c: Remove DISABLE_REGEX support.
+	* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
+	  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
+	* regexp/UnicodeData.txt: New from Unicode.
+	* regexp/Makefile.am, regexp/parse-unidata.awk: New.
+	* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
+	* tools/Makefile.am: Remove DISABLE_REGEX support.
+
+2020-04-02  Werner Koch  <wk@gnupg.org>
+
+	scd:p15: Implement do_with_keygrip and capabilities.
+	+ commit 61c5b0767fac4c2d7fe95cdbc6d0f0a94878c813
+	* scd/app-p15.c (prepare_verify_pin): Allow use without an AODF.
+	(verify_pin): Ditto.
+	(do_with_keygrip): Implement capability restrictions.
+
 	scd:p15: Rename some variables and functions for clarity.
-	+ commit b0cb2c2ab8c71738167785564698c43b50c15fee
+	+ commit 8149742ddfea6c76898786cb7de7c92bbf8aab0a
 	* scd/app-p15.c: Rename keyinfo to prkdf.
 
+	scd: Use Gcrypt usage constants for the do_with_keygrip capabilities.
+	+ commit 5b7b42e2b2b7ba7b88f89ff4b4ee7baf0eef2a04
+	* scd/command.c (cmd_keyinfo): Use Gcrypt constants for CAP.
+	* scd/app-openpgp.c (do_with_keygrip): Adjust for them.
+	* scd/app-piv.c (do_with_keygrip): Ditto.
+
+2020-04-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: New command DEVINFO.
+	+ commit 2ccbcfec121f768574a59aa2ecff22d8b422d61b
+	* scd/app.c (notify_cond): New condition variable.
+	(app_send_devinfo, app_wait): New.
+	(scd_update_reader_status_file): Kick NOTIFY_COND.
+	(initialize_module_command): Initialize NOTIFY_COND.
+	* scd/command.c (struct server_local_s):  Add watching_status.
+	(cmd_devinfo): New.
+	(register_commands): Add DEVINFO command.
+	(send_client_notifications): Write status change to DEVINFO channel.
+	* scd/scdaemon.h (app_wait, app_send_devinfo): New.
 
-	Backported from master.  Removed the do_with_keygrip related parts
-	because that function is not available.
+2020-04-01  Werner Koch  <wk@gnupg.org>
 
 	scd:p15: Cache the PIN.
-	+ commit 133b6ff8cd0c938abbf55ba6dc50299240d247f6
+	+ commit 29f8f52bf8161c238c26389ab178caa98801234e
 	* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
 	(verify_pin): Make use of it.
 
-2020-04-08  NIIBE Yutaka  <gniibe@fsij.org>
-
-	gpg: ECDH: Accept longer padding.
-	+ commit 2f08a4f25df7d1cbf037bdf0d7f5c1ef5859fa1e
-	* g10/pubkey-enc.c (get_it): Remove check which mandates shorter
-	padding.
-
-2020-04-01  Werner Koch  <wk@gnupg.org>
-
-	scd:p15: Add missing keygrip retrieval for decryption.
-	+ commit b95a0bfbba75025761aa163eca74c7653d76981a
-	* scd/app-p15.c (do_decipher): Get the keygrip.
+	scd:p15: Run a keygrip_from_prkdf before verify_pin.
+	+ commit 132d82c1582009013af5c7bdb17cbaaa8807c70e
+	* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
+	verification.
+	(do_decipher): Add keygrip_from_prkdf.
 
 	scd:p15: Support decryption with CardOS 5 cards.
-	+ commit 4af38ea5e450b3eb79af98b9876b2b968110a459
+	+ commit ca4391399c690a45270cca30f03ac564c394c1f6
 	* scd/app-p15.c (do_decipher): New.
 
 	scd:p15: Factor PIN verification out to a new function.
-	+ commit ce9406ca370b482c05c859d963949ae75c99cb6f
+	+ commit 375b1454875ff079efc122e33b1216b412eecfaf
 	* scd/app-p15.c (do_sign): Factor code out to ...
 	(prepare_verify_pin, verify_pin): new functions.
 
+	sm: Fix a warning in an es_fopencooie function.
+	+ commit c7ff8c59b9252f8f27cabee3fea503f06c7d46ff
+	* sm/certdump.c (format_name_writer): Take care of a flush request.
+
+2020-03-31  Werner Koch  <wk@gnupg.org>
+
 	scd:p15: Support signing with CardOS 5 cards.
-	+ commit e730444e7b7502b935bbe343935f68f764b95b96
+	+ commit 103c1576b73ed75b771a8ffd1c97628651b99797
 	* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
 	r_pkey and change all callers.
 	(app_help_get_keygrip_string): Ditto.
@@ -3667,21 +3848,22 @@
 	the algo and length of the key ion the object.
 	(keyref_from_keyinfo): New. Factored out code.
 	(do_sign): Support SHA-256 and >2048 bit RSA keys.
-	common/scd:p15: Support signing with CardOS 5 cards.
-	* common/util.h (KEYGRIP_LEN): New.
+	(do_with_keygrip): New.
+	(app_select_p15): Register new function.
 
 	scd:p15: Read certificates in extended mode.
-	+ commit 368f006a2840cd6b37caf7b4b98a16b818ac2289
+	+ commit 2bdd4fc7b6cfd9ac5410d20f1cee66567a6b24c5
 	* scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
-	* scd/app-common.h (app_get_slot): New.
 
 	scd: Add function for binary read in extended mode.
-	+ commit 64142caafe5c89ad4db36b47c2dc917a9ac66a8e
+	+ commit c9ad81070a2bb1116d3f096a440c43e57e6f933a
 	* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
 	(iso7816_read_binary_ext): new function.  Add arg extended_mode.
 
+2020-03-30  Werner Koch  <wk@gnupg.org>
+
 	scd:p15: Detect CardOS 5 cards and print some basic infos.
-	+ commit 60b0aa7e57e787cbeca22adf77b330f753553d87
+	+ commit 8a68d497f1dd0b124318eb47db9da0c4b64c8b8b
 	* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly.  Silence
 	the garbage warning for null bytes.
 	(print_tokeninfo_tokenflags): New.
@@ -3690,25 +3872,18 @@
 	(CARD_TYPE_CARDOS_50): New const.
 	(card_atr_list): Detect CardOS 5.0
 
-2020-03-30  Werner Koch  <wk@gnupg.org>
-
-	wks: Take name of sendmail from configure.
-	+ commit 76d2a02dfe8f923c0d4d8ef86ca71a9ac47c243d
-	* configure.ac (NAME_OF_SENDMAIL): New ac_define.
-	* tools/send-mail.c (run_sendmail): Use it.
-
 	agent: Print an error if gpg-protect reads the extended key format.
-	+ commit 011a2f5fb77c7963f25550e423160507818f7a91
+	+ commit c5c21a064671dc8e461434d19cbde67b89df25e2
 	* agent/protect-tool.c (read_key): Detect simple extended key format.
 
 	sm: Fix possible NULL deref in error messages of --gen-key.
-	+ commit 2b4b0b1223aab955aafa2a150fe2dbc04c210bcd
-	* sm/certreqgen.c: Protect printing the line numbers in case of !R.
+	+ commit 9c5c7c6f602c84589cd5c93a85a27b416e744338
+	* sm/certreqgen.c: Protect printing the liniernur in case of !R.
 
 2020-03-27  Werner Koch  <wk@gnupg.org>
 
 	sm: Consider certificates w/o CRL DP as valid.
-	+ commit 1424c12e4c7164990797a0a1daa3db6f3329aed4
+	+ commit 0b583a555e75fbb9140310390a267febd3329a12
 	* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
 	* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
 	distribution point.
@@ -3717,49 +3892,51 @@
 	(opts): Add option --enable-issuer-based-crl-check.
 	(main): Set option.
 
-2020-03-20  Werner Koch  <wk@gnupg.org>
+	scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
+	+ commit 4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63
+	* scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to
+	test also for OpenPGP.3.
+	(do_sign): Enable that new mode.
 
-	Release 2.2.20.
-	+ commit 5094bb08edd48087a5aa89494fc361f0ce4f34aa
-	* build-aux/speedo.mk (sign-installer): Fix syntax error.
+2020-03-27  NIIBE Yutaka  <gniibe@fsij.org>
 
-2020-03-19  Werner Koch  <wk@gnupg.org>
+	gpgsm: Fix the previous commit.
+	+ commit e06a8e3e87f044a5bf6ee06f92cc4fd2a0914863
 
-	gpgconf: Take care of --homedir when reading/updating options.
-	+ commit b92860a8b9d253661de0060623e920b3f58e4443
-	* tools/gpgconf-comp.c (gc_component_check_options): Take care of
-	--homedir.
-	(retrieve_options_from_program): Ditto.
 
-2020-03-18  NIIBE Yutaka  <gniibe@fsij.org>
+2020-03-26  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: Fix pinpad handling when KDF enabled.
-	+ commit 133248b297a1d72897f280d8bd21081cd6ebd66c
-	* scd/app-openpgp.c (do_getattr): Send the KDF DO information.
+	gpgsm: Support key generation with ECC.
+	+ commit 49ea53b755f0fef468055a1493e790735908f865
+	* sm/certreqgen.c (pKEYCURVE): New.
+	(read_parameters): Add pKEYCURVE handling.
+	(proc_parameters): Support ECC key generation.
 
-	scd: Disable pinpad if it's impossible by KDF DO.
-	+ commit b27e20a95cb7af59dcaa6e59aacf52ed766be1f3
-	* scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
-	(do_getattr): Set pinpad.disabled field.
-	(check_pinpad_request): Use the pinpad.disabled field.
-	(do_setattr): Update pinpad.disabled field.
+	gpgsm: Remove restriction of key generation (only RSA).
+	+ commit 238707db8b05a385af5419e606ea5110ace31d2b
+	* sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.
 
-2020-03-18  Werner Koch  <wk@gnupg.org>
+2020-03-19  Werner Koch  <wk@gnupg.org>
 
-	gpg: Print a hint for --batch mode and --delete-secret-key.
-	+ commit fbe318475236166b54e19d228bf9b24e442e0fa5
-	* g10/delkey.c: Include shareddefs.h.
-	(delete_keys): Print a hint.
+	gpgconf: Take care of --homedir when reading/updating options.
+	+ commit c1844ca7520f9a67bff85ee4fbf49c6725668289
+	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
+	(scdaemon_runtime_change): Ditto.
+	(dirmngr_runtime_change): Ditto.
+	(gc_component_check_options): Pass --homedir if needed.
+	(retrieve_options_from_program): Take care of --homedir.
 
-	dirmngr: Improve finding OCSP cert.
-	+ commit 25dc0e5b1eb02f79946a86c799c7720001a296bc
-	* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
-	and try to locate by keyid.
+2020-03-18  Werner Koch  <wk@gnupg.org>
+
+	gpg: Also allow a v5 fingerprint for --trusted-key.
+	+ commit 4287f89557b3bc9ab2876331e1bcb143d759fb47
+	* g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet
+	fingerprints.
 
 2020-03-18  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	gpg: Update --trusted-key to accept fingerprint as well as long key id.
-	+ commit b6d89d1944c55f302fb797cce0e007f59aabaf54
+	+ commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
 	* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
 	as long key ID.
 	* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
@@ -3768,14 +3945,38 @@
 	    gniibe@fsij.org
 
 	gpg: Fix key expiration and usage for keys created at the Epoch.
-	+ commit e77f332b01f13af606ae0158dabcd644c274e456
+	+ commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad
 	* g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
 	account.
 
 2020-03-14  Werner Koch  <wk@gnupg.org>
 
+	gpgconf: Further simplify the gpgconf option processing.
+	+ commit 451cd1b3928172b312ca2597c3318e6e9e8be97d
+	* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
+	* tools/gpgconf-comp.c: here.
+	(known_options_scdaemon): Remove "options".
+	(known_options_dirmngr): Remove "options".
+	(known_options_gpgsm): Remove "options".
+	(known_options_gpg): Remove "options" and "keyserver".
+	(struct gc_option_s): Rename active t gpgconf_list.
+	(gc_component_list_options): Do not act upon active.
+	(option_check_validity): Ditto.
+	(is_known_option): Make it work correctly for unknown options.
+	(retrieve_options_from_program): Use renamed flag gpgconf_list only to
+	detect duplicated items from --gpgconf-list.  Do not set runtime.
+	Only e set the options if set by --gpgconf-list; never clear them.
+	* agent/gpg-agent.c: Simplify the --gpgconf-list output.
+	* dirmngr/dirmngr.c: Ditto.
+	* g10/gpg.c: Ditto.
+	* kbx/keyboxd.c: Ditto.
+	* scd/scdaemon.c: Ditto.
+	* sm/gpgsm.c: Ditto.
+	* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
+	for the string arg test.
+
 	gpg: New option --auto-key-import.
-	+ commit 95b42278cafe7520d87168fb993ba715699e6bb6
+	+ commit 6b306f45f4fbe36b90cec4685aabb267a61e283f
 	* g10/gpg.c (opts): New options --auto-key-import,
 	--no-auto-key-import, and --no-include-key-block.
 	(gpgconf_list): Add them.
@@ -3784,77 +3985,438 @@
 	feature.
 	* tools/gpgconf-comp.c: Give the new options a Basic config level.
 
-	gpg: Make use of the included key block in a signature.
-	+ commit b42d9f540c7484e45cfc997f77e360d0f0ec4bb9
-	* g10/import.c (read_key_from_file): Rename to ...
-	(read_key_from_file_or_buffer): this and add new parameters.  Adjust
-	callers.
-	(import_included_key_block): New.
-	* g10/packet.h (PKT_signature): Add field flags.key_block.
-	* g10/parse-packet.c (parse_signature): Set that flags.
-	* g10/sig-check.c (check_signature2): Add parm forced_pk and change
-	all callers.
-	* g10/mainproc.c (do_check_sig): Ditto.
-	(check_sig_and_print): Try the included key block if no key is
-	available.
+2020-03-13  Werner Koch  <wk@gnupg.org>
+
+	gpg: Make use of the included key block in a signature.
+	+ commit 6a4443c8425fd548020553b22d5a16ffad98371f
+	* g10/import.c (read_key_from_file): Rename to ...
+	(read_key_from_file_or_buffer): this and add new parameters.  Adjust
+	callers.
+	(import_included_key_block): New.
+	* g10/packet.h (PKT_signature): Add field flags.key_block.
+	* g10/parse-packet.c (parse_signature): Set that flags.
+	* g10/sig-check.c (check_signature2): Add parm forced_pk and change
+	all callers.
+	* g10/mainproc.c (do_check_sig): Ditto.
+	(check_sig_and_print): Try the included key block if no key is
+	available.
+
+	gpg: New option --include-key-block.
+	+ commit 865d485180240369a20d3be14d0c6499783df2b5
+	* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
+	* g10/gpg.c (oIncludeKeyBlock): New.
+	(opts): New option --include-key-block.
+	(main): Implement.
+	* g10/options.h (opt): New flag include_key_block.
+	* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
+	(parse_one_sig_subpkt): Ditto.
+	(can_handle_critical): Ditto.
+	* g10/sign.c (mk_sig_subpkt_key_block): New.
+	(write_signature_packets): Call it for data signatures.
+
+	gpg: Add property "fpr" for use by --export-filter.
+	+ commit 32493ce50ad880de7b548d7870c6040a8233a8f5
+	* g10/export.c (push_export_filters): New.
+	(pop_export_filters): New.
+	(export_pubkey_buffer): Add args prefix and prefixlen.  Adjust
+	callers.
+	* g10/import.c (impex_filter_getval): Add property "fpr".
+	* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
+
+2020-03-12  Werner Koch  <wk@gnupg.org>
+
+	gpgconf: Rewrite the gpgconf-comp module.
+	+ commit b4f1159a5bd7b2799d7d35e883e0632ebf3339c8
+	* tools/gpgconf.h (gc_component_t): Change type to ...
+	(gc_component_id_t): this.
+	(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
+	directly.
+	* tools/gpgconf-comp.c: Major rework.
+
+2020-03-06  Werner Koch  <wk@gnupg.org>
+
+	gpg: Re-group the options in the --help output.
+	+ commit 41eb5108ce59244d961df43bbf73b8aa6e95e9cd
+	* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
+	use ARGPARSE_ignore and remove the code in the option switch.
+
+	agent: Re-group the options in the --help output.
+	+ commit c693b7f4ade97357c33b410728bb741674255487
+	* agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
+
+	gpgconf: Support reading global options (part 2).
+	+ commit 4423e9dcde5e1a8d73ff7386942fe3c0c4b917fc
+	* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
+	are now read in from the component.  Also remove a few meanwhile
+	obsolete options.
+	* agent/gpg-agent.c: Add option description which were only set in
+	gpgconf-comp.c.
+	* dirmngr/dirmngr.c: Ditto.
+	* scd/scdaemon.c: Ditto.
+	* sm/gpgsm.c: Ditto.
+	* g10/gpg.c: Ditto.
+
+2020-03-05  Werner Koch  <wk@gnupg.org>
+
+	gpgconf: Support reading global options (part 1).
+	+ commit d2425d1495f4fe4f5c3a79d7dc5571fda00849d8
+	* tools/gpgconf.c (main): Set the coinfig directories.
+	* tools/gpgconf-comp.c (gc_backend): Change the name of the config
+	files.
+	(struct gc_option): Add new field 'attr'.
+	(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
+
+2020-03-04  Werner Koch  <wk@gnupg.org>
+
+	common: Add xreallocarray function.
+	+ commit 6fa1808cb7639f0f3745b78c4b7ce902e42b228c
+	* common/miscellaneous.c (xreallocarray): New func.
+	* common/util.h (xtryreallocarray): New macro.
+
+2020-03-03  Werner Koch  <wk@gnupg.org>
+
+	gpgconf: Always use xmalloc.
+	+ commit 178b3772ff79148b496715da1b8ca5ba86caf2bc
+	* tools/gpgconf-comp.c: Fix spelling of "cannot".  Use log_assert
+	instead of a plain assert.
+	(gc_percent_escape, percent_deescape): Fail on malloc error.
+
+2020-02-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix the previous commit.
+	+ commit 19f70b5072b2ef80759ced83fe0dac9cf4dde830
+	* scd/app-openpgp.c (do_setattr): Flush the KDF DO just before setting.
+
+	scd: Improve setattr for KDF.
+	+ commit 3ba7c9bcf7f19b0a308499fcf3dbbb15da38799a
+	* scd/app-openpgp.c (do_setattr): For setting KDF DO, support standard
+	OpenPGP card, which needs to update PIN.
+
+	scd: Fix pinpad handling when KDF enabled.
+	+ commit 11da441016222337284c519ff56aca34e3042373
+	* scd/app-openpgp.c (do_getattr): Send the KDF DO information.
+
+2020-02-25  Werner Koch  <wk@gnupg.org>
+
+	gpg: Re-enable versioned config files.
+	+ commit 79f2318aa5c54c57220aa73251635d21cee0ccfa
+	* g10/gpg.c (main): Use ARGPARSE_FLAG_USERVERS.
+
+	gpg: Re-add checking of config file permissions.
+	+ commit 7e8f28653c1b4305758a61c064d793e32ba633d5
+	* g10/gpg.c (main): Re-add permission checking of the user config
+	file.  Re-add code to check against the SE-Linux secured file list.
+	(get_default_configname): Remove unused func.
+	* configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
+	(SAFE_VERSION_DASH): Remove.
+
+2020-02-22  Werner Koch  <wk@gnupg.org>
+
+	Use gpgrt's new option parser for the new keyboxd.
+	+ commit 833c04334a53530bd40d7dd815b6a0f1ffef296d
+	* kbx/keyboxd.c: Switch to the new option parser and enable a global
+	conf file.
+
+	agent,dirmngr: Re-read the user specified config file.
+	+ commit 941a48f9b12b4c470686321bf4fd58c23b6cf86d
+	* agent/gpg-agent.c (reread_configuration): Use a two-part config
+	file.
+	* dirmngr/dirmngr.c (reread_configuration): Ditto.
+
+	Remove the now obsolete argparse code.
+	+ commit cdbe10b762f38449b86da69076209324b0c99982
+	* tests/gpgscm/main.c: Switch to the new option parser.
+	* common/argparse.c, common/argparse.h: Remove.
+	* common/init.c (_init_common_subsystems): Do not call obsolete func.
+	* common/Makefile.am (common_sources): Remove those files.
+
+2020-02-21  Werner Koch  <wk@gnupg.org>
+
+	Use gpgrt's new option parser for the remaining daemons.
+	+ commit ba463128ce65a0f347643f7246a8e097c5be19f1
+	* scd/scdaemon.c: Switch to the new option parser and enable a global
+	conf file.
+	* dirmngr/dirmngr.c: Ditto.
+	* g13/g13.c: Ditto.
+	* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
+	* dirmngr/dirmngr_ldap.c: Switch to the new option parser.
+	* dirmngr/dirmngr-client.c: Switch to the new option parser.
+
+	Use gpgrt's new option parser for the tools.
+	+ commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
+	* agent/preset-passphrase.c: Switch to the new option parser.
+	* agent/protect-tool.c: Ditto.
+	* kbx/kbxutil.c: Ditto.
+	* tools/gpg-card.c: Ditto.
+	* tools/gpg-check-pattern.c: Ditto.
+	* tools/gpg-connect-agent.c: Ditto.
+	* tools/gpg-pair-tool.c: Ditto.
+	* tools/gpg-wks-client.c: Ditto.
+	* tools/gpg-wks-server.c: Ditto.
+	* tools/gpgconf.c: Ditto.
+	* tools/gpgsplit.c: Ditto.
+	* tools/gpgtar.c: Ditto.
+
+2020-02-20  Werner Koch  <wk@gnupg.org>
+
+	Use gpgrt's new option parser for gpgc, gpgsm, and gpg-agent.
+	+ commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
+	* g10/gpgv.c: Use new option parser.
+	* sm/gpgsm.c: Ditto.
+	* agent/gpg-agent.c: Ditto.
+	(opts): Add option --no-options.
+
+	gpg: Use gpgrt's new option parser to provide a global conf file.
+	+ commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59
+	* common/util.h: Remove argparse.h.
+	* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
+	* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
+	* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
+	argparse.h.  Do this also for all main modules which use our option
+	parser except for gpg.  Replace calls to strusage by calls to
+	gpgrt_strusage everywhere.
+
+	* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
+	oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
+	(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
+	parser to make use of the new gpgrt_argparser.
 
-	gpg: New option --include-key-block.
-	+ commit d79ebee64ea582da3c3be69cc23e146e2db3738b
-	* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
-	* g10/gpg.c (oIncludeKeyBlock): New.
-	(opts): New option --include-key-block.
-	(main): Implement.
-	* g10/options.h (opt): New flag include_key_block.
-	* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
-	(parse_one_sig_subpkt): Ditto.
-	(can_handle_critical): Ditto.
-	* g10/sign.c (mk_sig_subpkt_key_block): New.
-	(write_signature_packets): Call it for data signatures.
+2020-02-19  Werner Koch  <wk@gnupg.org>
 
-	gpg: Add property "fpr" for use by --export-filter.
-	+ commit 2baa00ea186359f758fea5cb61aff99b09fec821
-	* g10/export.c (push_export_filters): New.
-	(pop_export_filters): New.
-	(export_pubkey_buffer): Add args prefix and prefixlen.  Adjust
-	callers.
-	* g10/import.c (impex_filter_getval): Add property "fpr".
-	* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
+	card: New option --info for command list and select by s/n.
+	+ commit ee911df979e9b53787162367865ca24682adae6e
+	* tools/gpg-card.c (cmd_list): add option --info.  Factor soem code
+	out to ...
+	(print_card_list): new.
 
 2020-02-19  NIIBE Yutaka  <gniibe@fsij.org>
 
 	gpg: Fix default-key selection when card is available.
-	+ commit 1cdd9e57f701f0d99d118d32adffe5216a94b0b2
+	+ commit 41913d76f7db4a7dabab26c1bc439c96ad86712f
 	* g10/getkey.c (get_seckey_default_or_card): Handle the case
 	when card key is not suitable for requested usage.
 
+2020-02-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	Spelling cleanup.
+	+ commit 0904b8ef348a52335c378bee6dc90a978885d66f
+	No functional changes, just fixing minor spelling issues.
+
+	---
+
+	Most of these were identified from the command line by running:
+
+	  codespell \
+	    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
+	    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
+	    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
+	    NEWS README README.maint TODO
+
 2020-02-19  Nick Piper  <nick.piper@cgi.com>
 
 	doc: Correction of typo in documentation of KEY_CONSIDERED.
-	+ commit 60dbe082949b13635f3f31aa03d12aa9f671c941
-	(cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
+	+ commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f
+
+
+2020-02-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Disable pinpad if it's impossible by KDF DO.
+	+ commit 95c7498b76231d3297541172d878f6a26702539b
+	* scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
+	(do_getattr): Set pinpad.disabled field.
+	(check_pinpad_request): Use the pinpad.disabled field.
+	(do_setattr): Update pinpad.disabled field.
 
 2020-02-15  Werner Koch  <wk@gnupg.org>
 
 	gpgsm: Fix import of some CR,LF ternminated certificates.
-	+ commit 38f819bd6d77d068d8626bf7f5b968ff03c263af
+	+ commit 6248739799fd4a877529089375e2a4103d33e6f4
 	* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
 	don't just rely on the padding chars.  This could happen only with
 	CR+LF termnmated PEM files.  Also move the detection into the invalid
 	character detection branch for a minor parser speedup.
 
+2020-02-13  Werner Koch  <wk@gnupg.org>
+
+	build: New configure option --disable-keyboxd.
+	+ commit 6cac2bd0382eb7ed0d249f077522516e64fc1d8f
+	* configure.ac: Add option --dsiable-keyboxd
+	* kbx/Makefile.am: Do not build keyboxd in that case.
+
+	scd: Print the main app name also for not fully supported cards.
+	+ commit 11d917c7796dc748e2d798d327a045ba295994f4
+	* scd/app.c (send_serialno_and_app_status): Add fallback.
+
+	card: Fix openpgp subkey listing.
+	+ commit e582d8f5b2c1bac8b6ccdfd6412b621a2584eb7f
+	* tools/gpg-card.c (list_one_kinfo): Fix printing of the subkeys.
+
+	gpg: New option --full-timestrings.
+	+ commit 86312b920a1d5817903d7175e9c2109bcf521b7c
+	* g10/options.h (opt): Add flags.full_timestrings.
+	* g10/gpg.c (oFullTimestrings): New.
+	(opts): New option.
+	(main): Set new flag.
+	* g10/keyid.c (dateonlystr_from_pk): New.
+	(dateonlystr_from_sig): New.
+	(datestr_from_pk): Divert to isotimestamp if requested.
+	(datestr_from_sig): Ditto.
+	(expirestr_from_pk): Ditto.
+	(expirestr_from_sig): Ditto.
+	(revokestr_from_pk): Ditto.
+	* g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and
+	dateonlystr_from_pk.
+
+	gpg: Changes to allow direct key generation from an OpenPGP card.
+	+ commit 14ac350f868ca71492c20c7b682d0b55b4893c9c
+	* g10/call-agent.h (struct keypair_info_s): Add fields keytime and
+	usage.
+	* g10/call-agent.c (struct keypairinfo_cb_parm_s): New.
+	(scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data.
+	(agent_scd_keypairinfo): Change accordingly.
+	(agent_scd_readkey): Add arg ctrl and change callers.  Change return
+	arg from an strlist_t to a keypair_info_t.
+	(readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME.
+	* g10/keygen.c (pSUBKEYCREATIONDATE): New.
+	(pAUTHKEYCREATIONDATE): New.
+	(get_parameter_u32): Allow for new parameters.
+	(do_create_from_keygrip): For card keys use direct scd call which does
+	not create a stub file.
+	(ask_algo): Rework to use the new keypair_info_t as return from
+	agent_scd_keypairinfo.
+	(parse_key_parameter_part): Likewise.  Also get and return the key
+	creation time using a arg.
+	(parse_key_parameter_string): New args r_keytime and r_subkeytime.
+	(parse_algo_usage_expire): New arg r_keytime.
+	(proc_parameter_file): Ignore the explict pCREATIONDATE for card keys.
+	(quickgen_set_para): New arg keytime.
+	(quick_generate_keypair): Get the keytimes and set the pCARDKEY flag.
+	(generate_keypair): Likewise.
+	(do_generate_keypair): Implement the cardkey with keytime thingy.
+	(generate_subkeypair): Use the keytime parameters.
+	* g10/keygen.c (pAUTHKEYCREATIONDATE): New.  Not yet set but may come
+	handy later.
+	(get_parameter_u32): Take care of that.
+	(do_generate_keypair): For cardkeys sign with the current time.
+
+	card: Take the key creation time from the KEYPAIRINFO.
+	+ commit e63f8bee4044e0cc9ebc1f9c0f9f6b63660d45e8
+	* tools/card-call-scd.c (learn_status_cb): Adjust for recent change.
+
+	scd:openpgp: Return key creation time as part of KEYPARIINFO.
+	+ commit 1ad84aabb410e56bea074b82a06fe32b2897b660
+	* scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time
+	as part of a KEYPAIRINFO.
+	(do_readkey): Do not return the KEY-TIME anymore.
+
+	agent: Allow signing with card key even without a stub key.
+	+ commit 638526d37fee0a1febac9d29fab384b913819fc9
+	* agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
+	(struct readkey_status_parm_s): New.
+	(readkey_status_cb): New.
+	(agent_card_readkey): Add optional arg R_KEYREF and change all
+	callers.
+	* agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
+	* agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
+	* agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
+	if there is no stub key yet.  Create the stub key.  Also fixed a
+	misnaming between s_pkey and s_skey.
+
+2020-02-12  Werner Koch  <wk@gnupg.org>
+
+	gpg: Rename the struct card_key_info_s.
+	+ commit 8c63430d1a40a70ff8b4ddf1ed0fcabf9c0afbcc
+	* g10/call-agent.h (struct card_key_info_s): Rename to ...
+	(struct keypair_info_s): this.
+	(keypair_info_t): New.  Use this everywhere instead of
+	card_key_info_s.
+	* g10/call-agent.c (agent_scd_free_keyinfo): Rename to ..
+	(free_keypair_info): this.  Change all callers.
+
+	card: Fix parsing of the received card_list.
+	+ commit 125c959677d55a8cf663c2dc248a3fc6f9be50bb
+	* tools/card-call-scd.c (scd_cardlist): Allow for SERIALNO without any
+	apps.
+
+	card: List more info for an OpenPGP key.
+	+ commit 1abfce82bd525de2976c31b83bb0e67e33364e58
+	* tools/gpg-card.h (struct pubkey_s): Add field created.
+	* tools/card-keys.c (parse_key_record): Set that field.
+	* tools/gpg-card.c (print_shax_fpr): Print the fingerprint without
+	spaces for easier c+p.
+	(list_one_kinfo): Print the actual used fingerprint and creation date
+	from the keyblock.
+
+	card: New option --no-key-lookup.
+	+ commit 2c6092bc5d794ae36cbf2f6b62337dc23f57bf3e
+	* tools/gpg-card.h (opt): Add var no_key_lookup.
+	* tools/gpg-card.c (oNoKeyLookup): New const.
+	(opts): New option --no-key-lookup.
+	(list_one_kinfo): Add arg no_key_lookup and implement.
+	(list_all_kinfo): Add arg no_key_lookup.
+	(list_openpgp, list_piv, list_card): Ditto.
+	(cmd_list): New option --no-key-lookup.
+
+2020-02-11  Werner Koch  <wk@gnupg.org>
+
+	gpg: Improve key creation direct from the card.
+	+ commit 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb
+	* g10/call-agent.c (readkey_status_cb): New.
+	(agent_scd_readkey): Add new arg r_keytime and allow NULL for
+	r_result.  Change all callers.
+	(agent_readkey): Minor code reformatting.
+	* g10/keygen.c (pCARDKEY): New.
+	(struct para_data_s): Add u.bool.
+	(get_parameter_bool): New.
+	(do_create_from_keygrip): Add arg cardkey and make use of it.
+	(ask_algo): Add args r_cardkey and r_keytime.  Read the keytime of the
+	selected card key and return it.
+	(generate_keypair): Store CARDKEY and KEYTIME.
+	(do_generate_keypair): Pass CARDKEY to do_create_from_keygrip.
+	(generate_subkeypair): Ditto.
+
+	scd:openpgp: Send a KEY-TIME status with READKEY.
+	+ commit 77ea916533c5ca918b17ce83f6cc1b1afbd31e55
+	* scd/app-openpgp.c (retrieve_fprtime_from_card): New.
+	(do_readkey): Send a KEY_TIME status.
+
+	card: First code to actually create openpgp keys.
+	+ commit 6bc7318ef55017e1aca6e52899fd0b223da7cfc1
+	* tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
+	generation.
+	(generate_key): Allow generatiing one OpenPGP key.
+
+	scd:openpgp: Optional allow for lowercase keyrefs.
+	+ commit 323548acd9defde0a8ea7d74c18cd4a1b339ff2e
+	* scd/app-openpgp.c (do_readkey): Use case insensitive match of the
+	keyref.
+	(do_writekey, do_sign, do_auth, do_decipher): Ditto.
+
+	scd:openpgp: Allow auto-changing of the key attributes in genkey.
+	+ commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b
+	* scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
+	(parse_algorithm_attribute): Store the new keyalgo field.
+	(change_keyattr): Change info message.
+	(change_keyattr_from_string): Rewrite to also accept a keyref and a
+	keyalgo string.
+	(do_genkey): Change the keyattr if a keyalgo string is given.
+
+	common: Extend the openpgp_curve_to_oid function.
+	+ commit 24095101a5069f15a9aea7512498ac436a76814a
+	* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
+	Change all callers.
+
 2020-02-10  Werner Koch  <wk@gnupg.org>
 
 	doc: Improve the warning section of the gpg man page.
-	+ commit 146dacd3b13bf5d917978313092c022641305a27
-	* doc/gpg.texi: Update return value and warning sections.
-
-	(cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
+	+ commit 113a8288b85725f7726bb2952431deea745997d8
+	* doc/gpg.texi: Update return valeu and warning sections.
 
 2020-02-10  Werner Koch  <wk@gnupg.org>
 	    Tomáš Mráz
 
 	build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
-	+ commit 21d9bd8b87a9f793a106095e3838eb71825189d7
+	+ commit 6aff8a132815a84bab69401c1e7de96ec549fbf2
 	* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
 	here but now without the Norcroft-C.  Change all other places where it
 	gets defined.
@@ -3869,137 +4431,581 @@
 2020-02-10  Werner Koch  <wk@gnupg.org>
 
 	gpg: Make really sure that --verify-files always returns an error.
-	+ commit 49151255f3b1decf2e394a58bc0ac412bda2b214
+	+ commit 5681b8eaa44005afdd30211b47e5fb1a799583dd
 	* g10/verify.c (verify_files): Track the first error code.
 
-	common: Also protect log_inc_errorcount against counter overflow.
-	+ commit 47f514fde6e29137d660c19e6eea0b842d2b03f5
-	* common/logging.c (log_inc_errorcount): Also protect against
-	overflow.
-	(log_error): Call log_inc_errorcount instead of directly bumping the
-	counter.
+	card: Remove command "key-attr" and hack on "generate".
+	+ commit 438b7881ba0bf4e5fd8e5d5212601e5691f2aafe
+	* tools/gpg-card.h (struct key_attr): Remove.
+	(struct key_info_s): Remove key_attr.  Add keyalgo and keyalgo_id.
+	* tools/card-call-scd.c (learn_status_cb): Rework the key-attr info.
+	* tools/gpg-card.c (list_one_kinfo): Always show the algorithm; if
+	there is no key show the key attributes instead.
+	(list_openpgp): Do not print the "Key attributes".
+	(generate_key): Factor the repalce key pormpt out to ...
+	(ask_replace_keys): new.
+	(generate_openpgp): Rename to generate_all_openpgp_card_keys and add
+	an algo parameter.
+	(generate_generic): Rename to generate_key.  Prepare generation of a
+	single OpenPGP key.
+	(cmd_generate): Revamp.
+	(ask_card_rsa_keysize): Remove.
+	(ask_card_keyattr): Remove.
+	(do_change_keyattr): Remove.
+	(cmd_keyattr): Remove.
+	(enum cmdids): Remove cmdKEYATTR.
+	(cmds): Ditto.
+	(dispatch_command): Ditto.
+	(interactive_loop): Ditto.
+
+	scd:openpgp: Let the genkey function also accept a full keyref.
+	+ commit fb6ff7ead7dff33541b595f3e8d5342f9c7a6d6c
+	* scd/app-openpgp.c (send_key_attr): Use log_assert.
+	(do_genkey): Allow prefix.
+
+	common: Extend the new get_keyalgo_string function.
+	+ commit 332a72f7340895e7db1e9c5f89046f722bb7465b
+	* common/openpgp-oid.c (openpgp_oid_or_name_to_curve): New.
+	(get_keyalgo_string): Use it.
+
+2020-02-09  Werner Koch  <wk@gnupg.org>
+
+	common: Remove duplicated call to a function.
+	+ commit d1c518cdc9330c2dd4034efc544de0dd6ec73ea1
+	* common/openpgp-oid.c (openpgp_oid_to_str): Remove duplicated call.
+
+	common: New function get_keyalgo_string.
+	+ commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab
+	* common/openpgp-oid.c (struct keyalgo_string_s): New.
+	(keyalgo_strings): New.
+	(keyalgo_strings_size, keyalgo_strings_used): New.
+	(get_keyalgo_string): New.
+
+	common: Add OpenPGP<->Gcrypt pubkey id mapping functions.
+	+ commit 49c891a9bfac24a1d95e76d33d44a49426247777
+	* g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
+	* common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
+	Change all 4 callers.
+	(map_openpgp_pk_to_gcry): New.
+
+	card: Support brainpool curves in the generate command.
+	+ commit 9df9996b415ee671a0f22b6936745f829884eda2
+	* tools/gpg-card.c (cmd_generate): Add brainpool curves and dummy name
+	"help".
+
+2020-02-03  Werner Koch  <wk@gnupg.org>
+
+	sm: New option --issuer-der for the listkey commands.
+	+ commit 2e5ab34496fe7e1b9bd2194ab59a58cf44ca9d1e
+	* sm/server.c (do_listkeys): Implement new option.
+
+2020-01-21  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Fix building w/o LDAP support.
+	+ commit d8973975e7636ec0f007575a0bede92147d835f8
+	* dirmngr/Makefile.am: Conditionally build dirmngr_ldap.
+
+	gpg: Fix printing of keyring name (regression in master)
+	+ commit bf931299e846fa47bcabe3716ec82af7c3290ce5
+	* g10/keydb.c (keydb_get_resource_name):
+
+2020-01-20  Werner Koch  <wk@gnupg.org>
+
+	tools: Let watchgnupg determine the socket name via gpgconf.
+	+ commit e0d9181ad11aaf7e68231db4b3708978a9a52fd6
+	* tools/watchgnupg.c: Include sys/wait.h.
+	(GNUPG_DEF_COPYRIGHT_LINE): Add a default value for standalone
+	building.
+	(get_logname): New.
+	(main): Use a default socket name and add option --homedir.
 
 2020-01-17  Werner Koch  <wk@gnupg.org>
 
 	gpgconf,w32: Print a warning for a suspicious homedir.
-	+ commit a265d3997a9120cb607c2d9b843bf9ee9e944378
+	+ commit 7f12fb55f9757cd68147eca8f162c85378538405
 	* tools/gpgconf.c (list_dirs): Check whether the homedir has been
 	taken from the registry.
 
-2020-01-16  NIIBE Yutaka  <gniibe@fsij.org>
-
-	gpg: default-key: Simply don't limit by capability.
-	+ commit a7840777e4277039482ce3ea3e6fc919526be2f1
-	* g10/getkey.c (parse_def_secret_key): Remove the check.
-
-2019-12-23  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix output of --with-secret if a pattern is given.
-	+ commit def1ceccf05baf187b9313e6e37171709ab44225
-	* g10/keylist.c (list_one): Probe for a secret key in --with-secret
-	mode.
+2020-01-17  NIIBE Yutaka  <gniibe@fsij.org>
 
-2019-12-19  Andre Heinecke  <aheinecke@gnupg.org>
+	gpg: Prefer card key on use in multiple subkeys situation.
+	+ commit 8748c50bfaa8df2b1e59c301d15fd6b9ddbd9c47
+	* g10/call-agent.c (keyinfo_status_cb): Parse more fields.
+	(agent_probe_secret_key): Use KEYINFO and returns bigger value
+	representing the preference.
+	* g10/getkey.c (finish_lookup): For subkeys, select one
+	by using value of agent_probe_secret_key.
 
-	speedo: Make signing optional for w32-release.
-	+ commit a56c591f9063d895544d681e25bda2ffb22f7ca0
-	* build-aux/speedo.mk (AUTHENTICODE_sign): Check if
-	certificates are available.
+	gpg: Prepare enhancement of agent_probe_secret_key.
+	+ commit 853d5b7677ea01f65c9bc5160cd8509b62f486f7
+	* g10/call-agent.c (agent_probe_secret_key): Change semantics of
+	return value.
+	* g10/call-agent.h (agent_probe_secret_key): Change comment.
+	* g10/delkey.c (do_delete_key): Follow the change.
+	* g10/getkey.c (get_seckey, parse_def_secret_key): Likewise.
+	(finish_lookup, have_secret_key_with_kid): Likewise.
+	* g10/gpgv.c (agent_probe_secret_key): Likewise.
+	* g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise.
+	(show_key_with_all_names_colon): Likewise.
+	* g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise
+	* g10/test-stubs.c (agent_probe_secret_key): Likewise.
+
+2020-01-16  Werner Koch  <wk@gnupg.org>
+
+	card: Allow switching of cards and applications.
+	+ commit bd85f9232ad639d4acba443272147c4fc01b1b65
+	* tools/card-call-scd.c (struct card_cardlist_parm_s): Add field
+	with_apps.
+	(card_cardlist_cb): Handle the new with_apps flag.
+	(scd_switchcard): New.
+	(scd_switchapp): New.
+	(scd_applist): New.
+	(scd_serialno): Pass --all also in --demand mode.
+
+	* tools/gpg-card.c (cmd_list): Simplify switching of cards.  Add
+	switching of alls.  Print a list of apps per card.
+
+	scd: New commands SWITCHCARD and SWITCHAPP.
+	+ commit 718555874efcbad502112449c7d15025cb193628
+	* scd/app.c: Include membuf.h.
+	(app_switch_current_card): New.
+	(send_card_and_app_list): Factor code out to ...
+	(send_serialno_and_app_status): new.
+	(app_send_card_list): New.
+	(app_send_active_apps): New.
+	(app_switch_active_app): New.
+	* scd/command.c (cmd_switchcard): New.
+	(cmd_switchapp): New.
+	(register_commands): Register new commands.
+	(cmd_getinfo): New sub-commands "active_apps" and "all_active_apps".
+
+	scd:piv: Remove debug code from a recent commit.
+	+ commit dd61164410ee185750d1aa55ee0e33dcab8f4542
+	* scd/app-piv.c (ask_and_prepare_chv): here.
+
+	gpg: Print better debug info in case of broken sig subpackets.
+	+ commit 3ccad75d76b9c17b9495c48df8dd4be46d3b3105
+	* g10/parse-packet.c (enum_sig_subpkt): Print a hexdump.
 
-	speedo: Use multithreaded xz for w32 source.
-	+ commit 28403cb5fe4eea2ac1ad514fdfcfa282e795c69f
-	* build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
+2020-01-16  NIIBE Yutaka  <gniibe@fsij.org>
 
-	speedo: Improve and document wixlib build.
-	+ commit 4d9b262584fb15e7965d579fad9a149e26849c18
-	* Makefile.am (sign-release): Add handling for wixlib.
-	* build-aux/speedo.mk: Add help-wixlib and improve handling.
+	gpg: Use "SCD KEYINFO" to get available card keys.
+	+ commit 8edd4b8b8cdcbdcf1986214d6d17cadb604ddf54
+	* g10/skclist.c (enum_secret_keys): Don't use agent_scd_cardlist and
+	agent_scd_serialno, but agent_scd_keyinfo.
 
-2019-12-17  Andre Heinecke  <aheinecke@intevation.de>
+	gpg: Add agent_scd_keyinfo to retrieve available card keys.
+	+ commit 8240a70c31a8e1617de64c42168cf3299b85b39e
+	* g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo)
+	(agent_scd_keyinfo): New.
+	* g10/call-agent.h: Define new functions.
 
-	speedo, w32: Add w32-wixlib target for MSI package.
-	+ commit c461de93f44efaa6a1d9669eb9d4033943368431
-	* Makefile.am (EXTRA_DIST): Add wixlib.wxs
-	* build-aux/speedo.mk (w32-wixlib): New target.
-	(w32-release): Build wixlib if WIXPREFIX is set.
-	(help): Add documentation.
-	* build-aux/speedo/w32/wixlib.wxs
+	gpg: default-key: Simply don't limit by capability.
+	+ commit 1aa2a0a46dc19e108b79dc129a3b0c5576d14671
+	* g10/getkey.c (parse_def_secret_key): Remove the check.
 
-2019-12-07  Werner Koch  <wk@gnupg.org>
+2020-01-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Cert only key should be usable with --default-key.
+	+ commit 9287f9e87b215e79fdb7fb9dfdf2b47666e6ea2f
+	* g10/getkey.c (parse_def_secret_key): Allow cert-only key.
+
+2020-01-13  Werner Koch  <wk@gnupg.org>
+
+	scd: Make the PIN cache robust against wrongdoing of gpg-agent.
+	+ commit 2dd6b4b998dd6e156e2e75ede0f40fb768c69f40
+	* scd/app-openpgp.c (struct app_local_s): New field pincache.
+	(cache_pin): Set it.
+	(pin_from_cache): Consult it.
+	* scd/app-piv.c (struct app_local_s): New field pincache.
+	(cache_pin): Set it.
+	(pin_from_cache): Consult it.
+
+	scd:piv: Implement PIN cache.
+	+ commit 60502c3606ee425d07c84b175ab310368c12b0ad
+	* scd/command.c (pincache_put): Add arg pinlen and change all callers
+	to provide it.
+	* scd/app-piv.c (cache_pin): New.
+	(pin_from_cache): New.
+	(ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen.  Take
+	PIN from the cache.  Return the unpadded length.
+	(verify_chv): Add arg ctrl.  Cache the PIN.
+	(do_change_chv): Clear PIN cache.
+
+	agent: Avoid multiple calls to scd for KEYINFO.
+	+ commit 2e86cca7f4181310bebfd795c059369ba03a8d8b
+	* agent/command.c (struct server_local_s): Add last_card_keyinfo.
+	(eventcounter): Add maybe_key_change.
+	(cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
+	counter.
+	(cmd_keyinfo): Cache the keyinfo from the card.
+	(start_command_handler): Release the cache.
+
+	agent: Replace free by xfree in recently added code.
+	+ commit aaef0fc3a743d06012c4a7fd8caa80d969863cc9
+	* agent/call-scd.c (agent_card_free_keyinfo): Use xfree.
+
+	gpg,sm: Avoid useless ASFW diagnostic in loopback mode.
+	+ commit 14aa797bb8f3f7d3f4ef66b8fcdac7439000b49a
+	* common/sysutils.c (inhibit_set_foregound_window): New var.
+	(gnupg_inhibit_set_foregound_window): New func.
+	(gnupg_allow_set_foregound_window): Use var.
+	* g10/gpg.c (main): Inhibit in loopback mode.
+	* sm/gpgsm.c (main): Ditto.
 
-	Release 2.2.19.
-	+ commit 1c841c8389fb9640762822395b988e0d1584c9ae
+	scd: Fix memory leak in command READKEY.
+	+ commit 2b843be5ac9f37c9faf2d9ab720eafceb3d534ad
+	* scd/command.c (cmd_readcert): Replace xstrdup by xtrystrdup.
+	(cmd_readkey): Ditto.  Fix memory leak.
+
+	scd: Make SERIALNO --all work correctly and use it.
+	+ commit 0e48aa084921c77944d4802c86ac33c607c519af
+	* scd/app.c (maybe_switch_app): Factor reselect code out to ...
+	(run_reselect): new.
+	(app_write_learn_status): Tweak diagnostics.
+	(app_do_with_keygrip): Run reselect if a card has more than one
+	switchable application.
+
+	* agent/call-scd.c (agent_card_serialno): Ditto.
+	* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
+	(scd_serialno): Ditto.
+
+2020-01-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: handle SSH operation by KEYGRIP.
+	+ commit 15028627a1655b7ad1835fbd0a32cf30debe807a
+	* agent/command-ssh.c (card_key_available): Supply KEYINFO argument.
+	Call agent_card_readkey by KEYGRIP of KEYINFO.
+	Don't use $AUTHKEYID, but IDSTR of KEYINFO.
+	(ssh_handler_request_identities): Follow the change of
+	card_key_available.
+
+	agent: Extend agent_card_getattr with KEYGRIP.
+	+ commit c31266716dd69fee7bd64cf1e33d7631cd328e72
+	* agent/agent.h (struct card_key_info_s): KEYGRIP null terminated.
+	(agent_card_getattr): Add KEYGRIP argument.
+	* agent/call-scd.c (agent_card_getattr): Handle KEYGRIP argument.
+	(card_keyinfo_cb): Make KEYGRIP null terminated.
+	* agent/command.c (cmd_readkey): Follow the change.
+
+2020-01-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Implement direct access by KEYGRIP for GETATTR and READKEY.
+	+ commit 0cfded4bb1484366c785c268f2fb1061c7be5fdb
+	* scd/app-openpgp.c (do_readkey): Handle KEYGRIP access.
+	* scd/command.c (do_readkey): New.
+	(cmd_readkey): Use do_readkey supporting KEYGRIP access.
+	(cmd_getattr): Supporting KEYGRIP access.
+
+2020-01-09  Werner Koch  <wk@gnupg.org>
+
+	scd:openpgp: Implement PIN cache.
+	+ commit 63bda3aad8ec4163b0241f64e8b587d665d650c3
+	* scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them
+	everywere where we do a wipememory followed by a free.
+	(pin2hash_if_kdf): Change interface.  The input PIN is not anymore
+	changed.  Further there are no more assumptions about the length of
+	the provided buffer.
+	(cache_pin): Restructure.
+	(chvno_to_keyref): New.
+	(pin_from_cache): New.
+	(verify_a_chv): Add arg CTRL.  Adjust for changed pin2hash_if_kdf.
+	Chache and retrieve the PIN here.
+	(verify_chv2): Do not cache the PIN here.
+	(build_enter_admin_pin_prompt): Add arg 'r_remaining'.
+	(verify_chv3): Adjust for changed pin2hash_if_kdf.  Implement the PIN
+	cache.
+	(do_change_pin): Clear the PIN cache.  Do not change the PIN here.
+	Lots of adjustments to cope with the chnaged pin2hash_if_kdf.
+	(do_sign): Do not cache the PIN here.
+
+	scd: Use a scdaemon internal key to protect the PIN cache IPC.
+	+ commit ce5a7fb72b599de592a087867768ac1f81fd2989
+	* agent/call-scd.c (handle_pincache_put): Do not decrypt.
+	(handle_pincache_get): New.
+	(inq_needpin): Call it.
+	* scd/command.c (set_key_for_pincache): New.
+	(pincache_put): Restructure and set key.
+	(pincache_get): Ditto.
+
+2020-01-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: SSH: SCD KEYINFO to list available keys.
+	+ commit 57b8ed61ab93dd5aa73159f6db8adeb83d54b85f
+	* agent/agent.h (agent_card_cardlist): Remove.
+	(agent_card_keyinfo): Add CAP argument.
+	* agent/call-scd.c (card_cardlist_cb): Remove.
+	(agent_card_cardlist): Remove.
+	(agent_card_keyinfo): Support CAP constraint.
+	* agent/command-ssh.c (card_key_list): Remove.
+	(ssh_handler_request_identities): Use SCD KEYINFO command.
+	* agent/command.c (cmd_keyinfo): Follow the API change.
+	* agent/divert-scd.c (ask_for_card): Likewise.
+
+2020-01-07  Werner Koch  <wk@gnupg.org>
+
+	scd: First changes to implement a PIN cache.
+	+ commit fbf97a7856bd2f80a1714f63417c59d6c604d333
+	* scd/command.c (pincache_put): New.  Uses a dummy key for now.
+	(pincache_get): New.
+	* scd/app.c (select_application): Flush the PIN cache.
+	(scd_update_reader_status_file): Ditto.
+	(maybe_switch_app): Call the new prep_reselect function.
+	(app_write_learn_status): Ditto.
+	* scd/app-openpgp.c (cache_pin): New helper to cache a PIN.
+	(verify_chv2): Call it.
+	(verify_chv3): Call it.
+	(clear_chv_status): Call it.
+	(do_change_pin): Call it.
+
+	* scd/app-common.h (struct app_ctx_s): Add function 'prep_select'.
+	* scd/app-openpgp.c (do_prep_reselect): New stub function.
+	(app_select_openpgp): Set new stub function.
+	* scd/app-piv.c (do_prep_reselect): New stub function.
+	(app_select_piv): Set new stub function.
+
+	* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr,
+	sign, auth, decipher, and check_pin.  Change all implementations and
+	callers to pass such a parameter.
+
+	agent: First changes to support a PIN cache for scdaemon.
+	+ commit d5c00354bb02ae6cb2e3a72136a1a95cb2db7f3f
+	* agent/agent.h (CACHE_MODE_PIN): New.
+	* agent/cache.c (housekeeping): Special handling of new new mode.
+	(agent_flush_cache): Ditto.  Add arg 'pincache_only' and change
+	caller.
+	(agent_put_cache): Support new mode.
+	(agent_get_cache): Ditto.
+	* agent/call-scd.c (wait_child_thread): Flush the entire PIN cache.
+	(start_scd): Ditto.
+	(agent_card_killscd): Ditto.
+	(handle_pincache_put): New.  Uses a dummy encryption key for now.
+	(pincache_put_cb): New.
+	(inq_needpin): Prepare for PINCACHE_GET inquiry.
+	(learn_status_cb): Handle the PINENTRY_PUT status line.
+	(get_serialno_cb): Ditto
+	(agent_card_pksign): Ditto.
+	(padding_info_cb): Ditto.
+	(agent_card_readcert): Ditto.
+	(agent_card_readkey): Ditto.
+	(agent_card_writekey): Ditto.
+	(card_getattr_cb): Ditto.
+	(card_cardlist_cb): Ditto.
+	(card_keyinfo_cb): Ditto.
+	(pass_status_thru): Ditto.
+
+	kbx: Make sure the tables are joined in a select.
+	+ commit 41a882443622fe08ebaa75bf358e83630bbb8631
+	* kbx/backend-sqlite.c (run_select_statement): Join the tables.
+
+2020-01-03  Werner Koch  <wk@gnupg.org>
+
+	scd: Minor fix for readibility.
+	+ commit c0625c15c1fb6d06202669eb8caff2710377952d
+	* scd/command.c (open_card_with_request): Use NULL instead of
+	APPTYPE_NULL.
+
+2020-01-02  Werner Koch  <wk@gnupg.org>
+
+	kbx: Initial support for an SQLite backend.
+	+ commit f4da1455c7ab858ea9007d0813774c6d04cd4576
+	* kbx/backend-sqlite.c: New.
+	* kbx/Makefile.am (keyboxd_SOURCES): Add it.
+	(keyboxd_CFLAGS, keyboxd_LDADD): Add SQLite flags.
+	* kbx/backend.h (enum database_types): Add DB_TYPE_SQLITE.
+	(be_sqlite_local_t): New typedef.
+	(struct db_request_part_s): Add field besqlite.
+	* kbx/backend-support.c (strdbtype): Add string for DB_TYPE_SQLITE.
+	(be_generic_release_backend): Support SQLite.
+	(be_release_request): Ditto.
+	(be_find_request_part): Ditto.
+	(is_x509_blob): Rename to ...
+	(be_is_x509_blob): this and make global.
+	* kbx/frontend.c (kbxd_set_database): Detect ".db" suffix and use that
+	for SQLite.
+	(kbxd_search): Support SQLite
+	(kbxd_store): Ditto.
+	(kbxd_delete): Ditto.
+	* kbx/frontend.h (kbxd_store_modes): Move to ...
+	* kbx/keyboxd.h (enum kbxd_store_modes): here.
+	* kbx/keyboxd.c (main): USe pubring.db for now.  This is a temporary
+	hack.
+
+	* kbx/backend-kbx.c (be_kbx_delete): Remove unused var cert.
 
+2019-12-23  Werner Koch  <wk@gnupg.org>
 
-	po: Make g10/call-dirmngr.c translatable.
-	+ commit 03983711b3376a5dff518a99adf5fb3a5bd8be4a
-	* po/POTFILES.in: Add g10/call-dirmngr.c
-	* g10/call-dirmngr.c (create_context): Change an i18n sting for easier
-	reuse.
+	gpg: Fix output of --with-secret if a pattern is given.
+	+ commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5
+	* g10/keylist.c (list_one): Probe for a secret key in --with-secret
+	mode.
 
-	dirmngr: Tell gpg about WKD lookups resulting from a cache.
-	+ commit 438a1ec2978c64ecfe6b5ddaa61f214c2dcae88f
-	* dirmngr/server.c (proc_wkd_get): Print new NOTE status
-	"wkd_cached_result".
-	* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
-	verbose mode.
+	kbx: Change keyboxd to work only with one database.
+	+ commit 8a556c23a29776b2b5aa1d563e779b6ae0139dff
+	* kbx/frontend.c (the_database): New var.
+	(db_desc_t): Remove.
+	(kbxd_add_resource): Renamed to ...
+	(kbxd_set_database): this.  Simplify.
+	(kbxd_search): Change to use only one database.
+	(kbxd_store): Ditto.
+	(kbxd_delete): Ditto.
+
+2019-12-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Enhance KEYINFO command to limit listing with capability.
+	+ commit b2a2df174b216881387ae849770d875cd74984c2
+	* scd/app-common.h: Add CAPABILITY argument to the WITH_KEYGRIP.
+	(app_do_with_keygrip): Likewise.
+	* scd/app-openpgp.c (send_keyinfo_if_available): New.
+	(do_with_keygrip): Support listing with CAPABILITY.
+	* scd/app-piv.c (do_with_keygrip): Likewise.
+	* scd/app.c (maybe_switch_app): Supply the argument.
+	(app_do_with_keygrip): Add CAPABILITY argument.
+	* scd/command.c (cmd_pksign, cmd_pkauth): Supply the argument.
+	(cmd_pkdecrypt): Likewise.
+	(cmd_keyinfo): Support listing with CAPABILITY.
 
 2019-12-06  Werner Koch  <wk@gnupg.org>
 
 	sm: Add special case for expired intermediate certificates.
-	+ commit 8c167febc0abc00be281a9dc8c2544b8d048a002
+	+ commit d246f317c04862cacfefc899c98da182ee2805a5
 	* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
 	* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
 	Also simplify by using ref-ed cert objects in place of an anyfound
 	var.
 
+	dirmngr: Tell gpg about WKD looks resulting from a cache.
+	+ commit 8a6ecc6ff52b9ec045e200cc200977707278f89c
+	* dirmngr/server.c (proc_wkd_get): Print new NOTE status
+	"wkd_cached_result".
+	* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
+	verbose mode.
+
 2019-12-04  Werner Koch  <wk@gnupg.org>
 
 	gpg: Use AKL for angle bracketed mail address with -r.
-	+ commit 78bb81e9deeca264f6a516630496470341e78fa9
+	+ commit 1abb39fdaf44c2477719fbea43ef8042d8b9033e
 	* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
 	(get_best_pubkey_byname): Ditto.
 
-2019-11-29  Werner Koch  <wk@gnupg.org>
-
-	gpg: Fix double free with anonymous recipients.
-	+ commit 9ac182f376abf910a7b737b0e1ebd447eaa582f1
-	* g10/pubkey-enc.c (get_session_key): Do not release SK.
-
-2019-11-25  Werner Koch  <wk@gnupg.org>
+2019-11-28  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.18.
-	+ commit 82b9e1bdbdd756290b8873b3e244dcc8d1f840fb
+	gpg: Change the way v5 fingerprints are printed.
+	+ commit d2ff62dbdf891319e6db5850c6077c85e5eb784e
+	* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
+	* g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
 
+	gpg: Implement insert, update, and delete via keyboxd.
+	+ commit 7244666926929f3b2475d8cab50db3ff620cdbe3
+	* g10/call-keyboxd.c (struct store_parm_s): New.
+	(store_inq_cb): New.
+	(keydb_update_keyblock): Implement the keyboxd part.
+	(keydb_insert_keyblock): Ditto.
+	(keydb_delete_keyblock): Ditto.
+	(keydb_search_reset): Clear ubid flag.  Also use the correct union
+	member for building the search string.
+
+	kbx: Add new command DELETE.
+	+ commit 490e0cd0bab8d8d06ffdc5b8977964d5a76a8df0
+	* kbx/kbxserver.c (cmd_delete): New.
+	* kbx/frontend.c (kbxd_delete): New.
+	* kbx/backend-kbx.c (be_kbx_delete): New.
+
+	kbx: Redefine the UBID which is now the primary fingerprint.
+	+ commit 915297705af6f1db74dacf0d6665b83eb0a58459
+	* common/util.h (UBID_LEN): New.  Use it at all places.
+	* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
+	* kbx/keybox-dump.c (print_ubib): Remove.
+	(_keybox_dump_blob): Do not print the now removed ubid flag.
+	* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
+	for the size of the ubid and grip.
+	* kbx/keybox-search.c (blob_cmp_ubid): New.
+	(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
+	(keybox_get_data): Add arg 'r_ubid'.
+
+	* kbx/frontend.h (enum kbxd_store_modes): New.
+	* kbx/kbxserver.c (cmd_store): Add new option --insert.
+
+	* kbx/backend-cache.c (be_cache_initialize): New.
+	(be_cache_add_resource): Call it here.
+	* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
+	(be_kbx_search): Get the UBID from keybox_get_data.
+	* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
+	(be_ubid_from_blob): new.  Change all callers.
+
+	* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
+	use the new cache init function.
+	(kbxd_store): Replace arg 'only_update' by 'mode'.  Seek using the
+	ubid.  Take care of the mode.
+
+2019-11-27  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Replace no-strict-overflow pragma by wrapv pragma.
+	+ commit f59455d054a79068ebf480cd28f02993c1facf3b
+	* dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
+	Replace protecting macro.
+
+	gpg: Move a keydb function to another file.
+	+ commit 61f41cdce5b60b9df05d6531ab1b7aab84ada659
+	* g10/keydb.c (build_keyblock_image): Move to ...
+	* g10/build-packet.c (build_keyblock_image): here.
+
+2019-11-26  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Rework of the LDAP code, part 1.
+	+ commit 264c15c72fe050f5e8d2f1cb2444a459df6fe99f
+	* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
+	* dirmngr/http.c (do_parse_uri): Set flag.  Do not error out for a
+	missing slashes in an http scheme if NO_SCHEME_CHECK is active.
+	* dirmngr/t-http.c (main): Print new flag.
+	* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
+	checking the scheme.
+	* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
+	http_parse_uri.
+	* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
+
+	dirmngr: Make building with a TLS library mandatory.
+	+ commit 1009e4e5f71347a1fe194e59a9d88c8034a67016
+	* configure.ac: Do not build dirmngr if no TLS is available.
+	* dirmngr/http.c: Remove all uses of the USE_TLS macro.
+
+	doc: Fixed variable naming.
+	+ commit 8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff
+	* kbx/keybox.h: Fix naming of arguments.
+	* scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
+	that this is anyway an impossible case.
 
-	tests: Adjust for now invalid SHA-1 key signatures.
-	+ commit 8e49fc7f43ecfe44dac57d97c555e2cbc7eb8e9a
-	* tests/openpgp/defs.scm (create-gpghome): Add
-	allow-weak-key-signatures.
+2019-11-25  Werner Koch  <wk@gnupg.org>
 
 	agent: Improve --debug-pinentry diagnostics.
-	+ commit 96c4943a5bd070772d8be7bb7db8548840af5f8f
+	+ commit c8783b3a204b371d44b8953429652101cf2e4d1b
 	* agent/call-pinentry.c (atfork_cb): Factor code out to ...
 	(atfork_core): new.
 
 2019-11-23  Werner Koch  <wk@gnupg.org>
 
 	wkd: Let --install-key write a template policy file.
-	+ commit 6e893061b54ddd38e83531f5513e3168d0002e41
+	+ commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d
 	* tools/wks-util.c (ensure_policy_file): New.
 	(wks_cmd_install_key): Call it.
 
+2019-11-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	po: Apply removal of dirmngr/ldap-wrapper-ce.c.
+	+ commit 116dfb20013b73b950bbcee1d1f6c2a5d1d7ffdd
+	* po/POTFILES.in: Update.
+
 2019-11-18  Werner Koch  <wk@gnupg.org>
 
 	dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
-	+ commit 3efc94f1eb17eb5c5950c2fab9f701518352ae19
+	+ commit d9c7935188483dae381c12e7eef19072bbade4b3
 	* doc/DETAILS: Specify new status code "NOTE".
 	* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
 	bad TLS certificate.
 	* g10/call-dirmngr.c (ks_status_cb): Detect this status.
 
 	dirmngr: Forward http redirect warnings to gpg.
-	+ commit 4dd50991252409eb2023ab8ad11f36a050f421af
+	+ commit ae9acb8745c1654b446b3cd5b9322b235723d9cb
 	* dirmngr/http.c: Include dirmngr-status.h
 	(http_prepare_redirect): Emit WARNING status lines for redirection
 	problems.
@@ -4009,43 +5015,79 @@
 	* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
 	* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
 
-	dirmngr: Factor some prototypes out to dirmngr-status.h.
-	+ commit 466bdf7c07f4ebfc69d503f85b9423f2f6440682
-	* dirmngr/dirmngr-status.h: New.
-	* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
-	to that file.
-	* dirmngr/t-support.c: New.
-	* dirmngr/Makefile.am (t_common_src): Add new file.
-
 2019-11-15  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd,ccid: Add support of GEMPC_EZIO.
-	+ commit 9b41f58c8a549055fa6bf7e21e2931b86f4da776
-	* scd/ccid-driver.h (GEMPC_EZIO): New.
-	* scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.
+	scd,ccid: Fix detection of supported readers with pinpad.
+	+ commit 1cb9a831f6eedfa4c8950b8a7706ea77b74693f7
+	* scd/ccid-driver.c (ccid_transceive_secure): When not supported,
+	return CCID_DRIVER_ERR_NOT_SUPPORTED.
 
 2019-11-12  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Use IPv4 or IPv6 interface only if available.
-	+ commit 392e068e9f143d41f6350345619543cbcd47380f
+	+ commit 12def3a84e0358528347107dc88cfe740a54941f
 	* dirmngr/dns-stuff.c (cached_inet_support): New variable.
 	(dns_stuff_housekeeping): New.
 	(check_inet_support): New.
 	* dirmngr/http.c (connect_server): Use only detected interfaces.
 	* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
 
+2019-11-12  Andre Heinecke  <aheinecke@gnupg.org>
+
+	dirmngr: Tune down err on missing ldapservers file.
+	+ commit 40daa0bc0bc87a521713d7dd1568f3874759a143
+	* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
+	in case no such file exists.
+
 2019-11-11  Werner Koch  <wk@gnupg.org>
 
+	dirmngr: Remove cruft from dirmngr_ldap.
+	+ commit 4c295646ba0e175743e6be13457308c1e6d21dd3
+	* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
+	* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
+	* dirmngr/ldap-wrapper-ce.c: Remove.
+	* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
+	to debug output.
+	* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
+	my_ldap macros.
+	(fetch_ldap) [W32]: Use ldap_sslinit.
+
 	gpg: Forbid the creation of SHA-1 third-party key signatures.
-	+ commit 754a03f5a279964af62025d11d92391e650fddb7
+	+ commit dd18be979e138dd3712315ee390463e8ee1fe8c1
 	* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
 	(do_sign): Add arg signhints and inhibit SHA-1 signatures.  Change
 	callers to pass 0.
 	(complete_sig): Add arg signhints and pass on.
 	(make_keysig_packet, update_keysig_packet): Set signhints.
 
+	dirmngr: Rename an enum value for clarity.
+	+ commit eebd43d5b688e99131fcbf8f8292a485b91402a2
+	* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
+
+2019-11-09  Werner Koch  <wk@gnupg.org>
+
+	gpgsm: Allow sepcification of ldaps servers.
+	+ commit 6e1c99bc397382f1ea2ba9d61a64328410adc95f
+	* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
+	* sm/gpgsm.c (parse_keyserver_line): Parse flags.
+	* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
+
+	* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
+	* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
+	* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
+
+	* dirmngr/dirmngr_ldap.c: New option --tls.
+	(fetch_ldap): Make use of that option.
+
+2019-11-07  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix a potential loss of key sigs during import with self-sigs-only.
+	+ commit 6701a38f8e4a35ba715ad37743b8505bfd089541
+	* g10/import.c (import_one_real): Don't do the final clean in the
+	merge case.
+
 	gpg: Add option --allow-weak-key-signatures.
-	+ commit 3b1fcf65239d9c73cc54760ea52a5749e024fa76
+	+ commit e624c41dbafd33af82c1153188d14de72fcc7cd8
 	* g10/gpg.c (oAllowWeakKeySignatures): New.
 	(opts): Add --allow-weak-key-signatures.
 	(main): Set it.
@@ -4054,95 +5096,494 @@
 	* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
 	act on new option.
 
-2019-11-07  Werner Koch  <wk@gnupg.org>
+	gpg: Print rfc4880bis note only in verbose mode.
+	+ commit f4047f56058cf9be2aa362fc439846ce930da8c7
+	* g10/gpg.c (main): Change condition for an info diagnostic.
 
-	gpg: Fix a potential loss of key sigs during import with self-sigs-only.
-	+ commit 2975868ede40ce8b8a0d20e7f0e4cd687772f9d0
-	* g10/import.c (import_one_real): Don't do the final clean in the
-	merge case.
+2019-11-06  Werner Koch  <wk@gnupg.org>
 
-2019-10-15  Werner Koch  <wk@gnupg.org>
+	gpg: Remove an unused variable.
+	+ commit fd88b8847a371a2927f52afceeeb457b64cce162
+	* g10/delkey.c (do_delete_key): here.
 
-	gpg: Also delete key-binding signature when deleting a subkey.
-	+ commit d8052db74a0d2e6a55cf104e0ecb1868936bd09c
-	* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
+	gpg: Do not require --batch when using --log-file.
+	+ commit 584b65ad7e937710a4fc6db42d6849bb3449d6ef
+	* g10/gpg.c (main): Remove a long standing FIXME.
 
-2019-10-15  NIIBE Yutaka  <gniibe@fsij.org>
+2019-10-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd,ccid: Fix GEMPC_EZIO handling.
+	+ commit c6702d77d936b3e9d91b34d8fdee9599ab94ee1b
+	* scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.
+
+2019-10-17  NIIBE Yutaka  <gniibe@fsij.org>
 
-	Revert "gpg: The first key should be in candidates."
-	+ commit 2906636b929f08fdf342560834d920e8e8153458
-	This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578.
+	gpg: More fix of get_best_pubkey_byname.
+	+ commit e2c2b0fb2d9b31fa1b61803d04919645a9149996
+	* g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
+	setting of CTX.
+
+	gpg: Fix two other cases in get_best_pubkey_byname.
+	+ commit 286d4c607574e91f590512a1385bb3320cf8da77
+	* g10/getkey.c (pubkey_cmp): Handle a primary key with
+	PUBKEY_USAGE_ENC, and make sure new key is for encryption.
+	(get_best_pubkey_byname): Add comment for ranking.
+
+	doc: Fix documentation about --locate-keys.
+	+ commit 627a990f8e306d4f34bc503b303dc8b13616029e
+	* doc/gpg.texi (--locate-keys): Remove mentioning signing keys.
+
+2019-10-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Fix get_best_pubkey_byname to consider the first match.
+	+ commit f2734381ae1431e395a0bed16df2f4d5d13aa2c5
+	* g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
+	by get_pubkey_byname.  Add initial call to pubkey_cmp to fill
+	BEST at first before the loop.
 
 2019-10-15  Werner Koch  <wk@gnupg.org>
 
-	gpg: Extend --quick-gen-key for creating keys from a card.
-	+ commit 652ca4b2bf985546baa70754f66eab3840cf2820
-	* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
-	support the special algo "card".
-	(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
-	Handle the "card" algo.  Adjust callers.
-	(parse_algo_usage_expire): Add arg R_KEYGRIP.
-	(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
-	list.
-	(quick_generate_keypair): Handle algo "card".
-	(generate_keypair): Also handle the keygrips as returned by
-	parse_key_parameter_string.
-	(ask_algo): Support ed25519 from a card.
+	gpg: Also delete key-binding signature when deleting a subkey.
+	+ commit d1bc12d1b66e0657969a8eb846bdcd9bee717a7c
+	* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
 
 2019-10-15  NIIBE Yutaka  <gniibe@fsij.org>
 
-	po: Update Japanese translation.
-	+ commit fe02709ffd3c41fe84b90cda96edd12e6b836741
+	gpg: Put the first key in candidates correctly.
+	+ commit 44604209c1cfe18532d13eda63d8c1f86a6e12ec
+	* g10/getkey.c (get_best_pubkey_byname): After the call of
+	get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
+	the loop.
+
+	scd,ccid: Add 08e6:34c2 (GEMPC_EZIO).
+	+ commit c933c15d587a1c0df3f4b3bf37d8d15164dd318f
+	* scd/ccid-driver.c (ccid_transceive_secure): Add pinpad support
+	for 08e6:34c2 which supports extended APDU exchange.
 
+2019-10-09  NIIBE Yutaka  <gniibe@fsij.org>
 
 	gpg: The first key should be in candidates.
-	+ commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578
+	+ commit 7535f1d47a35e30f736f0e842844555f7a4a9841
 	* g10/getkey.c (get_best_pubkey_byname): Handle the first key
 	as the initial candidate for the selection.
 
+2019-10-07  Werner Koch  <wk@gnupg.org>
+
+	kbx: Implement update for the STORE command.
+	+ commit f4bdf8e590877e9bfddfd19a4e4167f6531c9fb1
+	* kbx/backend-kbx.c (be_kbx_update): New.
+	* kbx/frontend.c (kbxd_store): Call it.
+
+2019-10-07  NIIBE Yutaka  <gniibe@fsij.org>
+
 	gpg: Fix a memory leak in get_best_pubkey_byname.
-	+ commit 2924ac374eb8cbf87ed6c9fbbb72c0b8d1d37fa3
+	+ commit e28572116fe4c586ba9d1e8f27389bf3f06e036b
 	* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
 
 2019-10-03  Werner Koch  <wk@gnupg.org>
 
+	gpg: Ignore all SHA-1 signatures in 3rd party key signatures.
+	+ commit 7d9aad63c4f1aefe97da61baf5acd96c12c0278e
+	* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
+	and remove debug output.
+
 	gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
-	+ commit edc36f59fcfcb4b896a53530345d586f7e5df560
+	+ commit c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
 	* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
 	SHA-1 based signatures.
 
+2019-10-01  Werner Koch  <wk@gnupg.org>
+
+	gpg: Read the UBID from the keybox and detect wrong blob type.
+	+ commit 63dbc817e7dcc6edc757281f09e1ca80500ab2d1
+	* g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID.
+	* g10/call-keyboxd.c (search_status_cb): New.
+	(keydb_search): Set new UBID fields.
+
+	kbx: Add first version of STORE command to keyboxd.
+	+ commit c7293a4d125c4675c86ecdee0f2f3186fc4bdaf7
+	* kbx/Makefile.am (keyboxd_CFLAGS): -DKEYBOX_WITH_X509.
+	(keyboxd_LDADD): Add libksba.
+	* kbx/kbxserver.c (cmd_store): New.
+	* kbx/frontend.c (kbxd_store): New.
+	* kbx/backend-support.c (is_x509_blob): New.
+	(be_fingerprint_from_blob): New.
+	* kbx/backend-kbx.c (be_kbx_seek): Add args FPR and FPRLEN.
+	(be_kbx_insert): New.
+
+	common: New function hex2fixedbuf.
+	+ commit 61765136cf92be2884603bc3fac020a1c6ed91f4
+	* common/convert.c (hex2fixedbuf): New.
+
+2019-09-30  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix --recv-key in case of a given fingerprint.
+	+ commit a605dbb430b1f73ef974ad54f74679dfc0eefb18
+	* g10/keyserver.c (keyserver_retrieval_screener): Compare against
+	actual length.
+
+	gpg: Fix expand GPG groups when resolving a key.
+	+ commit ec81c437e71b4c630a799ed29447cc5e3db162cd
+	* g10/expand-group.c (expand_group): Add arg prepend_input.
+	* g10/pkclist.c (build_pk_list): Adjust for it.
+	* g10/getkey.c (key_byname): Keep the expanded names in the CTX and
+	don't premature free them.
+	(get_pubkey_byname): Append the namelist to the extra_list.
+
+2019-09-27  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix a recently introduced printf format buglet.
+	+ commit b966a7c142ab6341f4149d55e2609dbb9914acec
+	* g10/parse-packet.c (dump_sig_subpkt): Fix format error.
+
+	kbx: Fix error code return in keyboxd.
+	+ commit 8e574130482167dc7d2e2888cc80ad6584345e3d
+	* kbx/frontend.c (kbxd_add_resource): Print a diagnostic on error.
+	* kbx/backend-kbx.c (be_kbx_add_resource): Acttually returh the error
+	code.
+
+	kbx: Store the UBIB in the blob.
+	+ commit 0af1c6447dc0f981ab7306e3bef520f37aded167
+	* kbx/keybox-blob.c (create_blob_header): New blob flag UBIB.
+	(create_blob_finish): Write the UBIB.
+	* kbx/keybox-dump.c (print_ubib): New.
+	(_keybox_dump_blob): Print UBIB flag.
+	* kbx/keybox-search.c (has_ubid): Compare the stored UBIB if
+	available.
+
+	kbx,gpg: Allow lookup using a UBID.
+	+ commit 4be79b5abeae82b9840e6aa93874f743e13c6df7
+	* common/userids.c (classify_user_id): Detect UBIDs.
+	* kbx/backend-cache.c (blob_table_put): Store the public key type.
+	(be_cache_search): Add search mode for UBIDs.
+	* kbx/backend.h (struct db_request_part_s): Add cache.seqno_ubid.
+	* g10/keydb.c (keydb_search_desc_dump): Fix printing of keygrip.  Add
+	ubid printing.
+	* g10/call-keyboxd.c (keydb_search): Support search by UBID.
+
+	kbx: First take on a cache for the keyboxd.
+	+ commit 280e9c9cfac31ae5ac874c928eee063cc922e27e
+	* kbx/backend.h (enum database_types): Add DB_TYPE_CACHE.
+	(struct db_request_part_s): Add seqno fields.
+	(struct db_request_s): Add infos for the cache backend.
+	* kbx/backend-support.c (struct backend_handle_s): Add 'backend_id'.
+	(strdbtype): Support DB_TYPE_CACHE.
+	(be_generic_release_backend): Ditto.
+	(be_find_request_part): New.
+	(be_return_pubkey): New arg UBID and chnage status name.
+	* kbx/backend-cache.c: New.
+	* kbx/backend-kbx.c (be_kbx_init_request_part): New.
+	(be_kbx_search): Factor some code out to a support function.
+	(be_kbx_seek): New.
+	* kbx/frontend.c (kbxd_add_resource): Support DB_TYPE_CACHE.
+	(kbxd_search): Support the NEXR operation with the cache.
+	* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_UBID): New.
+	(struct keydb_search_desc): Add field u.ubid.
+	* kbx/keybox-search.c (has_ubid): New.
+	(keybox_search): Support the UBID search.
+
+2019-09-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Build gpg-pair-tool only when there is newer libgcrypt.
+	+ commit bb5ed9fe1abfcbb6128325508366bc802eb576c5
+	* configure.ac (HAVE_NEWER_LIBGCRYPT): New.
+	* tools/Makefile.am: Conditionalize build of gpg-pair-tool.
+
+2019-09-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tools: Fix gpg-pair-tool to follow new API.
+	+ commit 7c81e5cb97c77244be164daf7a80e29f6b6e437b
+
+
+	tools: Don't prepare G in gpg-pair-tool.
+	+ commit b928de70e072fce15d7bba39f370d32dd8b74095
+	* tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G.
+
+	tools: Use new API of libgcrypt for gpg-pair-tool.
+	+ commit f22a00416149448172bf8110d466d65c87962cae
+	* tools/gpg-pair-tool.c (create_dh_keypair): Just use
+	gcry_random_bytes for secret.  Call gcry_ecc_mul_point
+	with G to get the public key.
+	(compute_master_secret): Use gcry_ecc_mul_point.
+
+2019-09-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd,pcsc: Use HANDLE for context and card.
+	+ commit 49671b76eae2c7d1edb13ed927654d0c11d879f1
+	* scd/apdu.c (HANDLE): New.
+
+2019-09-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Remove old fallback logic from CCID to PC/SC.
+	+ commit 980d0234d31699e51051e0cc6002ad177b6e7136
+	* scd/apdu.c (apdu_dev_list_start): Return an error on failure.
+
+	scd,pcsc: Support "reader-port" option for PC/SC reader.
+	+ commit 6d750fe7fc4224924f13ef578010a26cdbe0a67b
+	* scd/apdu.c (apdu_open_reader): Skip use of a reader if it's not the
+	one specified when it is specified.
+
+	scd,pcsc: Remove the restriction of no-scanning in PC/SC.
+	+ commit c569e49d1764d2573aec5684f9cee397bdd8ccb1
+	* scd/apdu.h (app_open_reader): Remove the last argument.
+	* scd/apdu.c (app_open_reader): Ditto.
+	* scd/app.c (select_application): Don't supply APP_EMPTY.
+
+2019-09-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd,pcsc: Fix examining the list of readers.
+	+ commit 92be4e87eec984a3f3737339c311761d2650c55a
+	* scd/apdu.c (apdu_dev_list_start): Traverse the string+NUL carefully.
+
+	scd,pcsc: Fix for initializing PC/SC.
+	+ commit 441106cdf0fdd310e3b36370186849167db11345
+	* scd/apdu.c (pcsc_init): Load it at first.
+	(apdu_open_reader): Check for the CCID internal driver.
+
+	scd,pcsc: Support multiple card readers.
+	+ commit e8534f899915a039610973a84042cbe25a5e7ce2
+	* scd/apdu.c (close_pcsc_reader, apdu_init): Clear pcsc.rdrname.
+	(pcsc_init): Load of PC/SC module moved from ...
+	(open_pcsc_reader): ... here.
+	(apdu_dev_list_start): Add support for PC/SC.
+	(apdu_dev_list_finish): Likewise.
+	(apdu_open_reader): Likewise.
+
+	scd,pcsc: Use a single context.
+	+ commit 1080e91efd60cb41c2d6dbafaee810e5967a3161
+	* scd/apdu.c (pcsc): New variable.
+	(struct reader_table_s): Remove pcsc.context from member.
+	(pcsc_get_status, connect_pcsc_card): Use pcsc.context.
+	(close_pcsc_reader): Release pcsc.context here with reference count.
+	(pcsc_init): New.
+	(open_pcsc_reader): Don't call pcsc_establish_context here.  Call
+	close_pcsc_reader instead of pcsc_release_context.
+	(apdu_open_reader): Call pcsc_init if needed.
+	(apdu_init): Initialize pcsc.count and pcsc.context.
+
+	scd: Clean up the structure for future fix of PC/SC.
+	+ commit f44aa290c1368a3119b2323664c0f356195c4206
+	* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
+	(open_ccid_reader): Follow the change.
+	(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
+	(apdu_open_reader): Likewise.
+	* scd/ccid-driver.c (ccid_dev_scan): Use void *.
+	(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
+	* scd/ccid-driver.h: Change the APIs.
+
+2019-09-10  Werner Koch  <wk@gnupg.org>
+
+	gpg: First rough implementation of keyboxd access for key lookup.
+	+ commit ce9906b008c94c2aa4ac770a981d1e1e0b8aea47
+	* g10/Makefile.am: Add nPth flags.
+	* g10/gpg.c: Include npth.h.
+	(gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
+	(main): Init nPth.
+	* g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
+	remove the search result and the assuan context.
+	* g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
+	(lock_datastream, unlock_datastream): New.
+	(gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
+	(prepare_data_pipe): New.
+	(open_context): Return kbl instead of an Assuan context.  Init mutexes
+	etc.
+	(close_context): Merge into ...
+	(keydb_release): here.  Adjust for changed data structures.
+	(datastream_thread): New.
+	(keydb_get_keyblock): Implement datastream stuff.
+	(keydb_search): Ditto.
+
+	* common/asshelp.c (wait_for_sock): Add arg connect_flags.
+	(start_new_service): Set FDPASSING flag for the keyboxd.
+
+	kbx: Allow fd-passing for the keyboxd.
+	+ commit 6c327b4dd6d8041b84f856ffc2a7d82b352d273f
+	* kbx/kbxserver.c: Include host2net.h
+	(struct server_local_s): Add field outstream.
+	(prepare_outstream): New.
+	(kbxd_writen): New.
+	(kbxd_write_data_line): Write to file descrptor.  Disable the slow
+	human reader friendly data line formatting.
+	(cmd_search, cmd_next): Disable data logging.
+	(kbxd_start_command_handler): Add OUTPUT command.
+	* kbx/keyboxd.c (main): Enable log monitor.
+
+	common: Allow a readlimit for iobuf_esopen.
+	+ commit 2f0fdab8aabdf408495163ef99b2d4d111f74692
+	* common/iobuf.c (file_es_filter_ctx_t): Add fields use_readlimit and
+	readlimit.
+	(file_es_filter): Implement them.
+	(iobuf_esopen): Add new arg readlimit.
+	* g10/decrypt-data.c (decrypt_data): Adjust for change.
+	* g10/import.c (import_keys_es_stream): Ditto.
+
+2019-09-10  Andre Heinecke  <aheinecke@gnupg.org>
+
+	doc: Fix distchek for generated eps file.
+	+ commit c69a37dcbdc8db47489fbf744f58bb61399d223f
+	* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add
+	gnupg-module-overview.eps, gnupg-card-architecture.eps
+	(DISTCLEANFILES): Remove them.
+
+2019-09-09  Werner Koch  <wk@gnupg.org>
+
+	gpg: New option --use-keyboxd.
+	+ commit aba82684fe14289cf62b4694bc398f3a274b4762
+	* g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
+	(opts): New options --use-keyboxd and --keyboxd-program.
+	(main): Implement them.
+	* g10/keydb.c: Move some defs out to ...
+	* g10/keydb-private.h: new file.
+	* g10/keydb.c: prefix function names with "internal" and move original
+	functions to ...
+	* g10/call-keyboxd.c: new file.  Divert to the internal fucntion if
+	--use-keyboxd is used.  Add a CTRL arg to most fucntions and change
+	all callers.
+	* g10/Makefile.am (common_source): Add new files.
+	(noinst_PROGRAMS): Do bot build gpgcompose.
+
+	kbx: Fix keyboxd search first.
+	+ commit 5e00c1773d8fd44ba95b39a48e12b0ec94ac8cbe
+	* kbx/kbxserver.c (cmd_next): Switch to mode next if needed.
+
+	kbx: Allow searching from start.
+	+ commit 1545b948e1c8e8fa4873d434fb790a88ed96091c
+	* kbx/kbxserver.c (cmd_search): Detect empty pattern.
+
+2019-09-06  Stephan Mueller  <smueller@chronox.de>
+
+	gpg: expand GPG groups when resolving a key.
+	+ commit e825aea2ba3529c333d7ec2c76e63998cb83d999
+	* g10/expand-group.c: New
+	* g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
+	* g10/keydb.h: Add prototypes of expand_id and expand_group.
+	* g10/getkey.c: Use expand_group before resolving key references.
+	* g10/Makefile.am: Compile expand-group.c.
+
 2019-09-06  Werner Koch  <wk@gnupg.org>
 
 	gpg: Make --quiet work on --send-keys.
-	+ commit de57b5bf91d64f8843a68d1950bd12aecc82f8c1
+	+ commit d9c4c3776b8ec3261e13693e230dd480b1127b18
 	* g10/keyserver.c (keyserver_put): Act upon --quiet.
 
+2019-09-05  Werner Koch  <wk@gnupg.org>
+
+	gpg: Prepare parser for the new attestation certificates.
+	+ commit 209caaff66fbe96df144e6b1474435992e087fa4
+	* common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
+	* g10/keydb.h (IS_ATTST_SIGS): New.
+	(IS_CERT): Include the new one.
+	* g10/sign.c (mk_notation_policy_etc): Do not put notations into
+	attestation key signatures.
+	* g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
+	Print the attestation sigs.
+	(parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
+	(can_handle_critical): Ditto.
+	(enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
+
+	gpg: Rework the signature subpacket iteration function.
+	+ commit e1d9be730ca07e10a20df5ef60d7562030f10676
+	* g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
+	so that the entire signature packet is available.  Change all callers.
+	(parse_sig_subpkt): Ditto.
+
+	scd: Implement auto-switching between Yubikey apps.
+	+ commit 7febb4f2476742936b829424ad23df662b37f4b4
+	* scd/app.c (apptype_from_keyref): New.
+	(maybe_switch_app): Add arg 'keyref' and use this also for switching.
+	Change all callers to pass a keyref if needed.
+
+	scd:openpgp: Avoid PIN caching issues after re-select.
+	+ commit 5d9eb060b764d45152edb266cd8a08f5724ad709
+	* scd/app-openpgp.c (do_reselect): Clear PIN cache flags.
+
+	scd:piv: Allow the keygrip as alternative to a keyref.
+	+ commit 947b44e835dec5967d400a9391d8746fb3f759df
+	* scd/app-piv.c (find_dobj_by_keyref): Allow the keygrip as input.
+
+	scd: Improve locking of app_do_with_keygrip.
+	+ commit c8d739a356d3dacdf63fa2d722d117401cf52caf
+	* scd/app.c (app_do_with_keygrip): Lock once per card.
+
+	scd: New debug flag "app".
+	+ commit 4e701953fec6efb10aaf34373e648b1dcafba054
+	* scd/scdaemon.h (DBG_APP_VALUE, DBG_APP): New.
+	* scd/scdaemon.c (debug_flags): Add "app".
+	* scd/app.c (xstrapptype): New.
+	(app_readcert, app_readkey, app_getattr): Add debug output.
+	(app_setattr, app_sign, app_auth): Ditto.
+	(app_writecert, app_writekey, app_change_pin): Ditto.
+	(app_check_pin): Ditto.
+
+2019-09-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix ask_for_card to allow a key on multiple cards.
+	+ commit 9f39e0167d0642bcfb9bcabcbc7f8160b39a20ee
+	* agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select
+	card, but use KEYGRIP.
+
+2019-09-04  Werner Koch  <wk@gnupg.org>
+
+	scd: New sub-command cmd_has_option for GETINFO.
+	+ commit fed9c93e05af4aeeb2fe9af81200fc7a745f2dec
+	* scd/command.c (cmd_getinfo): Add cmd_has_option sub-command.
+
+	scd: Add option --all to the SERIALNO command.
+	+ commit 9a0d8f2d8906d2f37c2755c4695b91c27c8acc2f
+	* scd/command.c (cmd_serialno): Add option --all.
+	(open_card_with_request): Implement that option.
+	* scd/app.c (select_all_additional_applications_internal): New.
+	(select_additional_application): Add mode to call new function.
+
+	scd: Fix Error checking in additioal app selection.
+	+ commit fa258379424c6d48538b054b8dc7c1ab5c2d4290
+	* scd/app.c (select_additional_application): Return error for unknown
+	NAME.
+
+	scd: Add option --multi to the LEARN command.
+	+ commit 5cf5a04bae03d622a42753735c60dfab3b24ade8
+	* scd/app-common.h (APP_LEARN_FLAG_MULTI): New.
+	* scd/command.c (cmd_learn): Add option --multi.
+	* scd/app.c (app_write_learn_status): Factor some code out to ...
+	(write_learn_status_core): new.
+	(app_write_learn_status): Implement flag --multi.
+
+	scd: Use a macro for the flag parameter of learn_status.
+	+ commit 2cdea776cd6db13c8f4ff45c89bd3292f216b186
+	* scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro..
+	* scd/command.c (cmd_learn): Pass that flag instead of a plain number.
+	* scd/app-nks.c (do_learn_status_core): Use new flag.
+	* scd/app-p15.c (do_learn_status): Ditto.
+	* scd/app-piv.c (do_learn_status): Ditto.
+	* scd/app-sc-hsm.c (do_learn_status): Ditto.
+	* scd/app.c (app_write_learn_status): Ditto.
+
 2019-08-23  Werner Koch  <wk@gnupg.org>
 
-	gpg: Implement keybox compression run.
-	+ commit b5f7ac6c368a07b3d35191bf56fdf58145c4e44b
-	* kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all
-	callers to pass -1.
+	gpg,sm: Implement keybox compression run and release lock in gpgsm.
+	+ commit e64f0dfd72de548837f630bccd249a87451b89c5
 	* g10/keydb.c (keydb_add_resource): Call keybox_compress.
+	* sm/keydb.c (keydb_add_resource): Release the lock after a compress.
 
 	kbx: Include deleted records into the --stats output.
-	+ commit 34f55c5e348d4bf9894c24988e6856b411ba05de
+	+ commit 5ef0d7a795cf2462314ea0cb72c7efa7243ab405
 	* kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
 	account.
 
-	kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
-	+ commit e854580fa562c423f3d977318b515fb4d186f99a
-	* kbx/keybox-update.c (keybox_compress): Use make_timestamp.
+	kbx: Fix regression in compression trigger from July 18.
+	+ commit 30aaa4ba007210aa043c3d524415495a4d9fd17f
+	* kbx/keybox-update.c (keybox_compress): Change condition back.
+	Also use make_timestamp for CUT_TIME.
 
 	gpg: Allow --locate-external-key even with --no-auto-key-locate.
-	+ commit df6cff8233aa281d150861a26cd262a8a15c73e7
+	+ commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d
 	* g10/getkey.c (akl_empty_or_only_local): New.
 	* g10/gpg.c (DEFAULT_AKL_LIST): New.
 	(main): Use it here.
 	(main) <aLocateExtKeys>: Set default AKL if none is set.
 
 	gpg: Silence some warning messages during -Kv.
-	+ commit 589f1187137cb14da1d16be1fdaf8f1ac2c2d436
+	+ commit d7aca1bef68589134b36395901b92496a7a37392
 	* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
 	* g10/keylist.c (list_all): Set that during secret key listsings.
 	* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
@@ -4150,235 +5591,474 @@
 	(can_handle_critical_notation, enum_sig_subpkt): Ditto.
 	(parse_signature, parse_key, parse_attribute_subpkts): Ditto.
 
-	gpg: Do not show an informational diagnostics with quiet.
-	+ commit 215858aba342e6f2b9a7c93f579638279af3a561
+	gpg: Do not show two informational diagnostics with quiet.
+	+ commit f14ddeb89c4519cd7ccf52c4595b93ab11ccbda1
 	* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
 
 	gpgconf: Suggest the use of --gpgconf-test on --launch problems.
-	+ commit 7c386c5fb5aebbbb36daf61c25d20e6888123994
+	+ commit 2a45800b2f8043d2533403eaadf8736d15ad7017
 	* tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
 
-2019-08-21  Werner Koch  <wk@gnupg.org>
-
-	scd:nks: Extend keypairinfo with usage flags.
-	+ commit 0a9053eff0406c6799ee201013194200c0ed3487
-	* scd/app-nks.c (do_learn_status_core): Return usage.
+2019-08-22  Werner Koch  <wk@gnupg.org>
 
-	scd:openpgp: Extend keypairinfo with usage flags.
-	+ commit 6f67abcc0339b42a181285b3416959c39a2d7808
-	* scd/app-openpgp.c (send_keypair_info): Return usage.
+	gpg: Extend --quick-gen-key for creating keys from a card.
+	+ commit d3f5d8544fdb43082ff34b106122bbf0619a0ead
+	* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
+	support the special algo "card".
+	(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
+	Handle the "card" algo.  Adjust callers.
+	(parse_algo_usage_expire): Add arg R_KEYGRIP.
+	(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
+	list.
+	(quick_generate_keypair): Handle algo "card".
+	(generate_keypair): Also handle the keygrips as returned by
+	parse_key_parameter_string.
+	(ask_algo): Support ed25519 from a card.
 
-	sm: Show the usage flags when generating a key from a card.
-	+ commit a8aacaf2042a72760e6eaf35e65bfd6d42e642f0
-	* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
-	flags.
-	* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
-	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
+2019-08-22  NIIBE Yutaka  <gniibe@fsij.org>
 
-	(cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
+	gpg: Factor export_ssh_key.
+	+ commit 6f760e6eb0e8820d386b33c28cb14210adfc6aef
+	* g10/export.c (export_one_ssh_key): Factor out.
+	(export_ssh_key): Use export_one_ssh_key.
 
-	gpg: Allow decryption using non-OpenPGP cards.
-	+ commit 9a317557c58d2bdcc504b70c366b77f4cac71df7
-	* g10/call-agent.c (struct getattr_one_parm_s): New.
-	(getattr_one_status_cb): New.
-	(agent_scd_getattr_one): New.
-	* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
-	pkcs#1.
-	* g10/getkey.c (enum_secret_keys): Move to...
-	* g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards.
+	dns: Fix irrelevant use of tmpfile.
+	+ commit e00e68135c01351ed66fed3c4453a1b13c8d522f
+	* dirmngr/dns.c (dns_trace_open): Don't use tmpfile.
 
-	scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
-	+ commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a
-	* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
-	* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
-	* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
-	"$SIGNKEYID".
-	* scd/app-nks.c (do_getattr): Add attributes too.
+2019-08-21  Werner Koch  <wk@gnupg.org>
 
-	gpg: Allow direct key generation from card with --full-gen-key.
-	+ commit fbed618a3699bea131ce36949387af0fa3cf13f9
-	* g10/call-agent.c (agent_scd_readkey): New.
-	* g10/keygen.c (ask_key_flags): Factor code out to ..
-	(ask_key_flags_with_mask): new.
-	(ask_algo): New mode 14.
+	gpg: In a list of card keys show the standard keys.
+	+ commit ce403c74dbc9c027b823910f22338269e625f76f
+	* g10/keygen.c (ask_algo): Identify the standard keys.
 
-	common: Extend function pubkey_algo_string.
-	+ commit 0353cb0a5edeef07330da1688b7801c073959185
-	* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
-	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
+	scd:nks: Extend keypairinfo with usage flags.
+	+ commit 0d2c9ef29c1741845df2d56f0024f87eab42efb3
+	* scd/app-nks.c (do_learn_status_core): Return usage.
 
-	(cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)
+	(cherry picked from commit 0a9053eff0406c6799ee201013194200c0ed3487)
 
-	Removed the changes in gpg-card which is not part of 2.2
+	scd:nks: Support attributes $ENCRKEYID and $SIGNKEYID.
+	+ commit 671e54d62c39a9e196d13714cb67c2f3c38f2fa0
+	* scd/app-nks.c (do_getattr): Add new attributes.
 
 	gpg: New option --use-only-openpgp-card.
-	+ commit c185f6dfbd1bfd809369da789239a371e9d1610e
+	+ commit c97c2e578dd173ef5e7916a3aa539b3a65a7d86d
 	* g10/gpg.c (opts): Add option.
 	(main): Set flag.
 	* g10/options.h: Add flags.use_only_openpgp_card.
 	* g10/call-agent.c (start_agent): Implement option.
 
-	gpg: Prepare card code to allow other than OpenPGP cards.
-	+ commit fe5c8de862885c51d27c2dc9ea237846c5e57e8a
-	* g10/call-agent.c (start_agent): Use card app auto selection.
-	* g10/card-util.c (current_card_status): Print the Application type.
-	(card_status): Put empty line between card listings.
+2019-08-21  NIIBE Yutaka  <gniibe@fsij.org>
 
-	(cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
+	scd: Fix check_application_conflict.
+	+ commit 6fae96094c973be880919f3a7798ca69d9365b69
+	* scd/scd/app.c (check_application_conflict): Compare APPTYPE.
 
-	gpg: New card function agent_scd_keypairinfo.
-	+ commit 768cb6402f2941781262b9cb0a2aeecc89941f0f
-	* g10/call-agent.c (scd_keypairinfo_status_cb)
-	(agent_scd_keypairinfo): New.  Taken from gpgsm.
+	scd: Fix selecting additional APP.
+	+ commit 8dc19d35e854264cfe503cdbb9e5ccafa9bc97d0
+	* scd/app.c (select_additional_application_internal): Factor out.
+	(select_additional_application): Getting the lock and call
+	select_additional_application_internal, set current_apptype, then.
+	(select_application): Call select_additional_application_internal
+	for Yubikey.
 
-	(cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
+	scd: Fix how select_additional_application is called.
+	+ commit 4781c4a86608b57f9d1daf55b9b2970130fe6120
+	* scd/app.c (check_application_conflict): Check against current APP.
+	(select_additional_application): Update current_apptype of CTRL.
 
-	gpg: Remove two unused card related functions.
-	+ commit c2f87a936afb7eba288d7e6558c24509cd6ab045
-	* g10/call-agent.c (inq_writekey_parms): Remove.
-	(agent_scd_writekey): Remove.
-	(agent_clear_pin_cache): Remove this stub.
+	scd: Fix resetting CARD_CTX.
+	+ commit 09d000babb71990ef1b3f42017a67516bb994388
+	* scd/app.c (deallocate_card): Don't call scd_clear_current_app.
+	(card_reset): Reset ctrl->current_apptype.
+	* scd/command.c (open_card_with_request): Likewise.
+	(send_client_notifications): Likewise.
+	(scd_clear_current_app): Remove.
+
+	scd: Fix switching to another APP.
+	+ commit d4f135c34b332f1f833617a7f1ef0bdbff5eb589
+	* scd/app.c (select_additional_application): Initialize card of APP.
+	Break after the selection.
+	Don't free APP if success.
 
-	(cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
+2019-08-20  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
-	gpg: Repurpose the ISO defined DO "sex" to "salutation".
-	+ commit d410b5f9309607599c9ff45061fd1f02638a9a88
-	* g10/card-util.c (current_card_status): String changes.
-	(change_sex): Description change.
-	(cmds): Add "salutation"; keep "sex" as an alias.
+	doc: fix minor spelling and tense errors.
+	+ commit b7793c3af32b2d99359022f805636953a50d8c68
+	* doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup.
 
-	gpg: Remove unused arg in a card related function.
-	+ commit c66a2cc8d306e7d9d0b4450311f230f182762f93
-	* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
+	doc: clarify CARD event counter.
+	+ commit cba6e1bd7242e8b8c6822f4e93368cb315b5524b
+	* doc/gpg-agent.texi: improve documentation of CARD entry in
+	GETEVENTCOUNTER description.
+
+2019-08-08  Andre Heinecke  <aheinecke@intevation.de>
+
+	speedo, w32: Add w32-wixlib target for MSI package.
+	+ commit 0b7088dc8035e8d5832c89085eea3b288de67710
+	* Makefile.am (EXTRA_DIST): Add wixlib.wxs
+	* build-aux/speedo.mk (w32-wixlib): New target.
+	(w32-release): Build wixlib if WIXPREFIX is set.
+	(help): Add documentation.
+	* build-aux/speedo/w32/wixlib.wxs
 
-	(cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
+2019-08-08  Werner Koch  <wk@gnupg.org>
+
+	build: Sign all Windows binaries.
+	+ commit 4964691861796ad6e7bd59dd553a617f68676b2b
+	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
+	(AUTHENTICODE_TOOL): New.
+	(AUTHENTICODE_FILES): New.
+	(installer): Sign listed files.
+	(AUTHENTICODE_SIGNHOST): New macro.
+	(sign-installer): Use that macro instead of direct use of osslsigncode.
 
-2019-08-12  NIIBE Yutaka  <gniibe@fsij.org>
+2019-08-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Remove fallback mechanism to PC/SC.
+	+ commit 100642e776964219936e493315eb8b7c99742f41
+	* scd/apdu.c [HAVE_LIBUSB] (apdu_open_reader): Simply let it fail.
+
+2019-08-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix an error path of agent_get_confirmation.
+	+ commit bb82ad018a7bf93bd704cf44e51cd086e41a4ad5
+	* agent/call-pinentry.c (agent_get_confirmation): Make sure
+	unlock_pinentry is always called.
+
+2019-08-06  Werner Koch  <wk@gnupg.org>
+
+	kbx: Add framework for the SEARCH command.
+	+ commit 5ea6250cc5761612d17ca4fb34eed096f26e2826
+	* kbx/backend-kbx.c: New.
+	* kbx/backend-support.c: New.
+	* kbx/backend.h: New.
+	* kbx/frontend.c: New.
+	* kbx/frontend.h: New.
+	* kbx/kbxserver.c: Implement SEARCH and NEXT command.
+	* kbx/keybox-search-desc.h (enum pubkey_types): New.
+	* kbx/keybox-search.c (keybox_get_data): New.
+	* kbx/keyboxd.c (main): Add a standard resource.
+
+	kbx: Allow writing using a estream.
+	+ commit 1f980d23af8b818ed8246ec6bf13b9c61b963ec0
+	* kbx/keybox-file.c (_keybox_write_header_blob): New optional arg
+	stream.  Change callers.
+
+	tools: New option --keyboxd for gpg-connect-agent.
+	+ commit 0611f548bcd3c772084d6c3111dc88a09a67f65a
+	* configure.ac: New option --keyboxd-pgm.
+	(KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
+	* common/util.h: Add substitutes for new error codes.
+	(GNUPG_MODULE_NAME_KEYBOXD): New.
+	* common/homedir.c (gnupg_module_name): Support
+	GNUPG_MODULE_NAME_KEYBOXD.
+	* common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
+	(wait_for_sock): Support keyboxd.
+	(start_new_service): Ditto.
+	(start_new_keyboxd): New.
+	* tools/gpg-connect-agent.c: New options --keyboxd and
+	--keyboxd-program.
+	(start_agent): Implement new option.
+
+2019-08-06  NIIBE Yutaka  <gniibe@fsij.org>
 
 	common: Fix line break handling, finding a space.
-	+ commit 6e6078c8d0d4a2947e2a34f1367e4472f6ae483b
+	+ commit f588dd8d1766de48c90a5501cf2d537f256d003e
 	* common/name-value.c (assert_raw_value): Correctly find a space.
 
+	gpg: Don't report NO_SECKEY for valid key.
+	+ commit d8a49bbcd1b1d40ab0ddadac0dbb16a5d75c626e
+	* g10/mainproc.c (proc_encrypted): Report status of STATUS_NO_SECKEY
+	only when some error occurred.
+
+2019-08-05  Werner Koch  <wk@gnupg.org>
+
+	common: Remove code duplication for service starting.
+	+ commit e22ebf357050f98558b428502a565fc3dc256932
+	* common/homedir.c (gpg_agent_socket_name): New.
+	* common/asshelp.c (start_new_service): New.  Based on
+	start_new_gpg_agent.
+	(start_new_gpg_agent): Divert to start_new_service.
+	(start_new_dirmngr): Ditto.
+
+2019-08-05  NIIBE Yutaka  <gniibe@fsij.org>
+
 	sm: Support AES-256 key.
-	+ commit a9816d5fb13edb30c5d12cf85ae3e1a114fcc2c1
+	+ commit ef2424144a070c9199e40424ec8d9b5a9919aa72
 	* sm/decrypt.c (prepare_decryption): Handle a case for AES-256.
 
+2019-08-02  Werner Koch  <wk@gnupg.org>
+
+	common: Change yet unused status_printf function.
+	+ commit d8a84594abe4be933756db07b987dc8bcd79c8b9
+	* common/asshelp2.c (status_printf): Rename to status_no_printf.
+	(status_printf): New.
+
+2019-07-26  NIIBE Yutaka  <gniibe@fsij.org>
+
 	sm: Fix error checking of decryption result.
-	+ commit ccf5cc8b0b6cee562f7d5598149abcde17440ed4
+	+ commit 15fe78184cc66ce6e657a6e949a522d7821f8a1c
 	* sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition.
 
-2019-08-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+2019-07-26  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
-	+ commit 64500e7f6dd63c793734e52e270b1ea23cfd1928
+	+ commit 3ba091ab8c93c87741a451f579d63dd500d7621d
 	* g10/call-agent.c (agent_pkdecrypt): accept but do not require
 	NUL-terminated data from the agent.
 	* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
 	NUL-terminated data from the agent.
 
-2019-08-12  NIIBE Yutaka  <gniibe@fsij.org>
+2019-07-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: photoid: Use standard spawn API.
+	+ commit fd9e6ae22eb93aa5140b56e1b0fa14e6402d6099
+	* g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
+	(setup_input_file): Rename from make_tempdir.
+	(expand_args): Drop support of 'o' and 'O'.
+	(fill_command_argv, run_with_pipe, create_temp_file) New.
+	(show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
+	(show_photos): Call show_photo.
+
+	gpg: photoid: Move functions from exec.c.
+	+ commit c57c5004ec6cc7dc7b7a4f250516199a8a1e31fc
+	* g10/exec.c (w32_system): Expose to public.
+	(exec_write, exec_read, exec_finish, make_tempdir, expand_args): Move
+	to photoid.c.
+	* g10/exec.h: Likewise.
+	* g10/photoid.c (exec_write, exec_read, exec_finish, make_tempdir)
+	(expand_args): Move here.
 
 	scd: Handle CCID bwi of time extension.
-	+ commit 879660bf4581d902cc1d1244091873c6c0225fa2
+	+ commit 996c497a864d820af06333014b2c5f74d1054866
 	* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
 	value as defined section 6.2.6 in CCID specification.
 
 	scd: Fix bBWI value.
-	+ commit f8961a576d3b5d69bb0e600a64553659ebef8ee7
+	+ commit 858dc9564326e65e6d8771af160d4513aea1e4eb
 	* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
 	level transfer.
 	(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
 	level transfer.
 
-	card: Fix showing KDF object attribute.
-	+ commit 8e01676981206c209c0bfcb92633d9d2f06a2d90
-	* g10/call-agent.c (learn_status_cb): Parse the KDF DO.
-	* g10/card-util.c (current_card_status): Show it correctly.
+2019-07-24  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Fix the previous commit.
+	+ commit 044379772fc5b0f39c6a36809722e702808b6ec3
+	* common/asshelp.c [HAVE_W32_SYSTEM] (start_new_gpg_agent): Use
+	gnupg_spawn_process_detached.
+	(start_new_dirmngr): Likewise.
+
+	common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.
+	+ commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623
+	* common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
+	and gnupg_wait_process.
+	(start_new_dirmngr): Likewise.
+
+	common,w32: Fix cast from gnupg_fd_t to call _open_osfhandle.
+	+ commit a64411c607d5450e786c3207b9023394574c979b
+	* common/sysutils.c (translate_sys2libc_fd): Use intptr_t.
+	(gnupg_tmpfile): Likewise.
+
+2019-07-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: A little clean up.
+	+ commit 7bfbb9fa7e7693cd7f19a8d130aa0a9a82825d5d
+	* g10/keyserver.c: Don't include exec.h.
+	* g10/photoid.c (image_type_to_string): It's constant.
+	* g10/photoid.h (image_type_to_string): Likewise.
 
 2019-07-22  NIIBE Yutaka  <gniibe@fsij.org>
 
+	scd: Error code map fix for older Yubikey.
+	+ commit 13bc0431ff1ce51246694208df611cc4561fb4b3
+	* scd/iso7816.c (map_sw): Recognize 6A86.
+
+2019-07-19  NIIBE Yutaka  <gniibe@fsij.org>
+
 	gpg: The option --passphrase= can be empty.
-	+ commit b21133ba80f21ce93d5a4afe48027172d9fc1999
+	+ commit fcd766719a6e8f18f4be4c0f91e12aa157ca5506
 	* g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
 	empty string.
 
+	card: Fix showing KDF object attribute.
+	+ commit 98f4eff7ffde106ae4f60739d1104282430ac14f
+	* g10/call-agent.c (learn_status_cb): Parse the KDF DO.
+	* g10/card-util.c (current_card_status): Show it correctly.
+
+	scd: Support "[CHV3]" attribute for keyid string.
+	+ commit 57565d5f975d3c00853bb49678d63ee8b896b741
+	* scd/app-openpgp.c (check_keyidstr0: Relax the check.
+
+	card: Support disabling KDF functionality.
+	+ commit 9c0cd9d07546698ab66cedd06c503e6b698593f9
+	* g10/card-util.c (kdf_setup): Can be "off".
+
+2019-07-18  Werner Koch  <wk@gnupg.org>
+
+	kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
+	+ commit 824ca6f042dc69edaf67bf9d4e875be75babab00
+	* kbx/keybox-update.c (keybox_compress): Use make_timestamp.
+
+2019-07-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: More check for symmetric key encryption.
+	+ commit 44be675b759d27bac310c2de8bae1b7882a26b65
+	* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
+	* g10/mainproc.c (symkey_decrypt_seskey): Add another check.
+
 2019-07-16  NIIBE Yutaka  <gniibe@fsij.org>
 
+	doc: Fix description of the field 11.
+	+ commit 4195ce15f4942245a29ef20ace42ad0f27e82ffd
+	* doc/DETAILS: Fix.
+
 	dirmngr: Don't add system CAs for SKS HKPS pool.
-	+ commit 58e234fbeb6cc5908b69a73e50428f02e584e504
+	+ commit 75e0ec65170b7053743406e3f3b605febcf7312a
 	* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
 	add_system_cas.
 
-	gpg: Improve import slowness.
-	+ commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96
-	* g10/import.c (read_block): Avoid O(N^2) append.
-	(sec_to_pub_keyblock): Likewise.
+2019-07-12  Werner Koch  <wk@gnupg.org>
 
-	gpg: Fix keyring retrieval.
-	+ commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7
-	* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
+	scd: Remove useless GNUPG_SCD_MAIN_HEADER macro.
+	+ commit fb1c8978f57b8f92e2ea9d10afc1d133656c9706
+	* scd/apdu.c (): Remove never set and useless macro.
+	* scd/ccid-driver.c: Ditto.
+	* scd/iso7816.c: Ditto.
 
-2019-07-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+2019-07-12  NIIBE Yutaka  <gniibe@fsij.org>
 
-	doc: fix spelling.
-	+ commit d10bb027e481b518e4bf13ba72d14933d6cbb8cb
-	* doc/tools.texi: fix a handful of minor spelling errors.
+	doc: Dependencies for figures are only for maintainers.
+	+ commit 58bab1a8784b0dbae70b5d74757cd56484292d1c
+	* doc/Makefile.am [MAINTAINER_MODE] (.svg.eps, etc.): Enable only
+	when maintainer-mode.
 
-2019-07-09  Werner Koch  <wk@gnupg.org>
+	Fix a reference in comment.
+	+ commit 4e601c7643fcfa3d8babcce58daa4c6c6a42d338
+	* common/openpgp-s2k.c: Fix.
 
-	Release 2.2.17.
-	+ commit 591523ec94b6279b8b39a01501d78cf980de8722
+	gpg: Don't try decryption by session key when NULL.
+	+ commit 89303b9998ea30d87b4c60dd48097dbe5e986a89
+	* g10/mainproc.c (proc_encrypted): Only call get_session_key when
+	PKENC_LIST is not NULL.
+	Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
+	it's encrypted only by symmetric key.
 
+2019-07-11  NIIBE Yutaka  <gniibe@fsij.org>
 
-2019-07-09  Ineiev  <ineiev@gnu.org>
+	agent: Relax the handling of pinentry error for keyboard grab.
+	+ commit 02d8b383833bac0382e910a2058b11b127acfd4d
+	* agent/call-pinentry.c (start_pinentry): It's not fatal when
+	pinentry doesn't support no-grab/grab option.
 
-	po: Update Russian translation.
-	+ commit ad0c61972a413987d2cc8ac8deb6a646b954ae05
+	scd: Fix internal CCID driver, so that -DTEST works.
+	+ commit b31060425226b45deb21915bf5cd8b6ba62bd098
+	* scd/ccid-driver.c: Support a test program by ccid-driver.
 
+	scd: Fix debug logging of the internal CCID driver.
+	+ commit 2536bf276189a474a3a1ca9716368cf5d991b0d6
+	* scd/ccid-driver.c [GNUPG_MAJOR_VERSION] (DEBUGOUT): Use log_debug.
+
+	gpg: Fix getting User ID.
+	+ commit 29c7fb4053d207c163802642babbdbb6f885727e
+	* g10/getkey.c (user_id_db): Remove, as no use anymore.
+	(get_user_id_string): Use cache_get_uid_bykid.
+	(get_user_id_byfpr): Use cache_get_uid_byfpr.
+	* g10/objcache.c (cache_get_uid_byfpr): New.
+	* g10/objcache.h (cache_get_uid_byfpr): New.
+
+2019-07-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpg: Improve import slowness.
+	+ commit 33c17a8008c3ba3bb740069f9f97c7467f156b54
+	* g10/import.c (read_block): Avoid O(N^2) append.
+	(sec_to_pub_keyblock): Likewise.
+
+	gpg: Fix keyring retrieval.
+	+ commit a7a043e82555a9da984c6fb01bfec4990d904690
+	* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
 
 2019-07-09  Werner Koch  <wk@gnupg.org>
 
 	gpg: Do not try the import fallback if the options are already used.
-	+ commit 3c2cf5ea952015a441ee5701c41dadc63be60d87
+	+ commit a29156d5a650702ad79fe11f45782bc4bc159c13
 	* g10/import.c (import_one): Check options.
 
 	gpg: Fix regression in option "self-sigs-only".
-	+ commit b6effaf4669b2c3707932e3c5f2f57df886d759e
+	+ commit eec150eca78a053193a0994a96482791b5da36be
 	* g10/import.c (read_block): Make sure KEYID is availabale also on a
 	pending packet.
 
+2019-07-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	sm: Fix card access.
+	+ commit 37d758e5f2b5d07dc937098cf48096cf35ea61e4
+	* sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.
+
+	scd: ccid-driver: Initial getting ATR more robustly.
+	+ commit c51a5685554a06e00ae1e99070b44613b2f8d417
+	* scd/ccid-driver.c (send_power_off): New.
+	(do_close_reader): Use send_power_off.
+	(ccid_get_atr): Add error recovery.
+
+2019-07-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix keygrip search.
+	+ commit 39c40e572c5632f836d089dce49224f947244bf2
+	* scd/app.c (app_do_with_keygrip): Break the entire loop.
+
 2019-07-05  Werner Koch  <wk@gnupg.org>
 
 	gpg: With --auto-key-retrieve prefer WKD over keyservers.
-	+ commit 3242837d203a7b90b92952e63ee160a5a41764c0
+	+ commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9
 	* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
 	use of the preferred keyserver.  Remove keyserver lookup just by the
 	keyid.  Try a WKD lookup before a keyserver lookup.
 
 	wkd: Change client/server limit back to 64 KiB.
-	+ commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4
+	+ commit b0e8724b102535c27a8c973ec038d340858a8eb8
 	* tools/wks-receive.c (decrypt_data): Change limit.
 
+2019-07-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	sm: Return the last error for pubkey decryption.
+	+ commit 38b9da7de3350b1e56b85a058cdb1fdded78cf6d
+	* sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
+	and return the last error when no key is available.
+	Fix the error report with TMP_RC for second call of
+	ksba_cms_get_issuer_serial.
+
+	gpg: Return the last error for pubkey decryption.
+	+ commit 6cc4119ec03be61c78189a0bec99372035289b91
+	* g10/mainproc.c (proc_encrypted): Check ->result against -1.
+	When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
+	* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
+	get_it.
+	When no secret key is available for some reasons, return the last
+	specific error, if any.
+
 2019-07-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	dirmngr: fix handling of HTTPS redirections during HKP.
-	+ commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6
+	+ commit 064aeb14c9b869e114e9ec789526fad8da657230
 	* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
 	following a HTTP redirection.
 
 2019-07-04  Werner Koch  <wk@gnupg.org>
 
 	gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
-	+ commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6
+	+ commit 23c978640812d123eaffd4108744bdfcf48f7c93
 	* g10/gpg.c (main): Change default.
 
 	gpg: Avoid printing false AKL error message.
-	+ commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf
+	+ commit 91a6ba32347a21c9029728eec96b8ff80f944629
 	* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
 	and skipped-local.
 
 	gpg: New command --locate-external-key.
-	+ commit 46f3283b345e1cabca4b0320cf98274ade8ec162
+	+ commit d00c8024e58822e0623b3fad99248ce68a8b7725
 	* g10/gpg.c (aLocateExtKeys): New.
 	(opts): Add --locate-external-keys.
 	(main): Implement that.
@@ -4389,7 +6069,7 @@
 	(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
 
 	gpg: Make the get_pubkey_byname interface easier to understand.
-	+ commit 11871433436b5b9b9aca46579dd185a9a77674cd
+	+ commit 9980f81da765f88a65604ab083563bf15ccdb425
 	* g10/keydb.h (enum get_pubkey_modes): New.
 	* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
 	change all callers.
@@ -4397,95 +6077,358 @@
 2019-07-03  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Avoid endless loop in case of HTTP error 503.
-	+ commit d2e8d71251813e61b15a07637497fabe823b822c
+	+ commit 8b113bb148f273524682252233b3c65954e1419e
 	* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
 	(handle_send_request_error): Use it for 503 and 504.
 	(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
 	extra_tries.
 
 	dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
-	+ commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9
+	+ commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36
 	* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
 	same.
 
-2019-07-03  Peter Lebbing  <peter@digitalbrains.com>
+2019-07-02  Peter Lebbing  <peter@digitalbrains.com>
 
 	Mention --sender in documentation.
-	+ commit 37b549dfe0acd362399debd7c93794eb75937402
-
-
-2019-07-03  Werner Koch  <wk@gnupg.org>
+	+ commit cf92f7d96f83e5af7d2c232c8450c2c7d900ade8
 
-	dirmngr: Support the new WKD draft with the openpgpkey subdomain.
-	+ commit 458973f502b9a43ecf29e804a2c0c86e78f5927a
-	* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
-	method.
 
-2019-07-02  Werner Koch  <wk@gnupg.org>
+2019-07-01  Werner Koch  <wk@gnupg.org>
 
 	gpg: Fallback to import with self-sigs-only on too large keyblocks.
-	+ commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800
+	+ commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160
 	* g10/import.c (import_one): Rename to ...
 	(import_one_real): this.  Do not print and update stats on keyring
 	write errors.
 	(import_one): New.  Add fallback code.
 
-2019-07-01  Werner Koch  <wk@gnupg.org>
-
 	gpg: New import and keyserver option "self-sigs-only"
-	+ commit adb120e663fc5e78f714976c6e42ae233c1990b0
+	+ commit 2e349bb6173789e0e9e42c32873d89c7bc36cea4
 	* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
 	* g10/import.c (parse_import_options): Add option "self-sigs-only".
 	(read_block): Handle that option.
 
 	gpg: Make read_block in import.c more flexible.
-	+ commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0
+	+ commit 894b72d796c826b1c7e1df788e16874cd051e672
 	* g10/import.c: Change arg 'with_meta' to 'options'.  Change callers.
 
 2019-07-01  NIIBE Yutaka  <gniibe@fsij.org>
 
 	tools: gpgconf: Killing order is children-first.
-	+ commit 526714806da4e50c8e683b25d76460916d58ff41
+	+ commit 7c877f942a344e7778005840ed7f3e20ace12f4a
 	* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
 
+2019-06-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
+	+ commit 374a0775546b6241ca2dd10836202c50300d8e91
+	* agent/call-pinentry.c (watch_sock_start): Factor out
+	from do_getpin.
+	(watch_sock_end): Likewise.
+	(do_getpin): Use those functions.
+	(agent_get_confirmation): Likewise.
+	(popup_message_thread): Likewise.
+
+2019-06-25  Werner Koch  <wk@gnupg.org>
+
+	scd: Do not conflict if a card with another serialno is demanded.
+	+ commit 92ba831758cff0262504ac51e5df7a439844327c
+	* scd/app.c (check_application_conflict): Add args to pass a serialno.
+	* scd/command.c (open_card_with_request): Pass the serialno to
+	check_application_conflict.
+
+	scd: Return a stable list with "getinfo card_list".
+	+ commit c8e62965bc90eabff5c4b7cb349bd8e41584c01b
+	* scd/app.c (compare_card_list_items): New.
+	(app_send_card_list): Sort the card objects by slot.
+
+	scd: Add an re-select mechanism to switch apps.
+	+ commit d803b3bb3c084b6bce4d2bd161db50dc45442e5b
+	* scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
+	* scd/app-piv.c (do_reselect): New.
+	(app_select_piv): Move AID constant to file scope.
+	* scd/app-openpgp.c (do_reselect): New.
+	(app_select_openpgp): Move AID constant to file scope.
+	* scd/app.c (apptype_from_name): New.
+	(check_application_conflict): Check against all apps of the card.
+	Always set current_apptype.
+	(select_additional_application): New.
+	(maybe_switch_app): New.
+	(app_write_learn_status, app_readcert, app_readkey, app_getattr)
+	(app_setattr, app_sign, app_auth, app_decipher, app_writecert)
+	(app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
+	(app_do_with_keygrip): Force reselect on success.
+	(app_new_register): Move setting of CURRENT_APPTYPE to ...
+	(select_application): here so that it will be set to the requested
+	card.
+	* scd/command.c (open_card_with_request): Select additional
+	application if possible.
+
 2019-06-24  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	spelling: Fix "synchronize"
-	+ commit 520f5d70e4128b61c30da2a463f6c34ca24b628e
+	+ commit d7d1ff45574ed935d07642964a529a358b11a1a7
+
+
+2019-06-21  Werner Koch  <wk@gnupg.org>
+
+	scd: Take the card look while running app->with_keygrip.
+	+ commit b304c006a3c9ba186fb2510859df7f02a0acad25
+	* scd/app.c (app_do_with_keygrip): Lock the card.
+
+	scd: Take the lock earlier in the function dispatchers.
+	+ commit 0400a4eb1782e7a4aea5b04492c93939c6b9799a
+	* scd/app.c: Chnage all function dispatcher.
+
+	scd: Add code to check whether app switching is possible.
+	+ commit 1b78e4951ed7a66ec71ca036e7680148a63143be
+	* scd/app.c (check_conflict): Fold into ...
+	(check_application_conflict): this and adjust callers.  Return a
+	different error code if it is possible to switch apps.
+
+	scd: Track the currently selected app.
+	+ commit 91e2931caac9b914efa0a4524effaaa5948ebd00
+	* scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
+	* scd/command.c (scd_clear_current_app): New.
+	* scd/app.c (app_new_register): Set it.
+	(deallocate_card): Clear it.
+
+	scd: Simplify inclusion of app-common.h.
+	+ commit 43dcf93407d6d2b87b6e7db74fd05fd237495bfe
+	* scd/scdaemon.h: Include app-common.h.  Remove inclusion of that
+	header from all other files.
+	(card_t, app_t): Move typedef to ...
+	* scd/app-common.h: here.  Use them in the defs.
+
+	gpg: Very minor code cleanup.
+	+ commit 4256e9f0f1bf27ed2e93ca3890003ead208ef6df
+	* g10/decrypt-data.c (decrypt_data): Remove superfluous test.
+
+	scd: Use enums for cardtype and apptype.
+	+ commit 9551275857c1f9a75fee5736fa6c3cf361364f22
+	* scd/app-common.h (cardtype_t): New.
+	(apptype_t): New.
+	(struct card_ctx_s): Change type of cardtype.
+	(struct app_ctx_s): Change type of apptype.  Adjust all users.
+	* scd/app.c (struct app_priority_list_s): Add field apptype.
+	(strcardtype): New.  Use as needed.
+	(strapptype): New.  Use as needed.
+
+2019-06-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+	po: Update Japanese Translation.
+	+ commit 0ccb5ddef18f04b86855530838af4cbb9b8aa30b
+
+
+	tools: Fix error handling for gpg-pair-tool.
+	+ commit d5287f43fd4def68901519a4c1d471b81ee86ed0
+	* tools/gpg-pair-tool.c (read_message): Initialize ERR.
+
+2019-06-19  Werner Koch  <wk@gnupg.org>
+
+	scd: Split data structures into app and card related objects.
+	+ commit 5a5288d051a551a1a8f169225e62572f6ee8cb10
+	* scd/app-common.h (struct card_ctx_s): New.
+	(struct app_ctx_s): Factor card specific fields out to card_ctx_s.
+	(app_get_slot): New.
+	* scd/scdaemon.h (card_t): New.
+	(struct server_control_s): Rename field app_ctx to card_ctx and change
+	all users.
+	* scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
+	related fields.
+	* scd/app-geldkarte.c: Ditto.
+	* scd/app-nks.c: Ditto.
+	* scd/app-openpgp.c: Ditto.
+	* scd/app-p15.c: Ditto.
+	* scd/app-sc-hsm.c: Ditto.
+	* scd/app.c: Lost of changes to adjust for the changed data
+	structures.  Change all callers.
+	(app_list_lock): Rename to card_list_lock.
+	(app_top): Remove.
+	(card_top): New.
+	(lock_app): Rename to lock_card and change arg type.
+	(unlock_app): Rename to unlock_card.
+	(app_dump_state): Print card and app info.
+	(app_reset): Rename to card_reset.
+	(app_new_register): Change for the new data structure.
+	(deallocate_card): Dealloc card and all apps.
+	(app_ref): Rename to card_ref.
+	(app_unref): Rename to card_unref.
+	(app_unref_locked): Rename to card_unref_locked.
+	(card_get_serialno): New.
+	* scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
+	former app object and not the standard one from the context.
+
+2019-06-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: KEYINFO: Send LF for --data.
+	+ commit c3dd53a65dc9ea2c4814e24079f0270c2fef14c6
+	* scd/command.c (send_keyinfo): Send LF for --data.
+
+2019-06-17  Werner Koch  <wk@gnupg.org>
+
+	scd:piv: Add the do_with_keygrip feature.
+	+ commit e900bf29737b3f7a09f749a271f2c5d7b59c49eb
+	* scd/app-piv.c (do_with_keygrip): New.
+	(app_select_piv): Register function.
+
+	scd: Add explict functions for 'app' reference counting.
+	+ commit c594dcfc93486cd26e193aa5c82bb8a8f30ab57b
+	* scd/app.c (app_ref): New.
+	(app_unref): New.
+	(release_application): Renamed to ...
+	(app_unref_locked): this and remove arg locked_already.  Change
+	callers to use this or app_ref.
+	* scd/command.c (open_card_with_request):
+	(cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
+	instead of accessing the counter directly.
+
+	scd: Slight change to app->fnc.do_with_keygrip.
+	+ commit 70f7b262877b1e751d8557dc04a09a420e9d8a8f
+	* scd/app-openpgp.c (do_with_keygrip): Return a real error code to
+	avoid misinterpretation of the result.  Also fix the case for a too
+	small buffer.
+
+	scd: Use the correct gpg for the v1.0 OpenPGP card hack.
+	+ commit 479c2775d5df64432c1bf64faae7f9abd3042850
+	* scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
+	just "gpg".
+
+2019-06-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	fix up 6562de7475b21cd03c7b1a83a591fa563c589f5b.
+	+ commit 6e46862abd2c2e82f245e381c3f08c5829fb61e6
+
+
+2019-06-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	doc/gpgsm: explain what "policy-file" refers to.
+	+ commit 6562de7475b21cd03c7b1a83a591fa563c589f5b
+	A new user who sees "policy-file" and searches naively through the
+	documentation to find it again won't be able to tell what this refers
+	to, since "policies.txt" doesn't otherwise match the search string
+	"policy".  This gives them a fighting chance at finding the
+	documentation.
+
+2019-06-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpgparsemail: Die on parse error, printing errno thing.
+	+ commit 1e9d61fb95e4813225a40f720231196abdb83992
+	* tools/gpgparsemail.c (parse_message): Revert the change.
+	* tools/rfc822parse.c (transition_to_body): Set ERRNO.
+	(transition_to_header, insert_header): Likewise.
+
+2019-06-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Bring back --card-timeout option as deprecated.
+	+ commit 72fe8d652fce6cb9104bb07ef0fb811cbab3303a
+	* doc/scdaemon.texi (card-timeout): Add.
+	* scd/scdaemon.c (main): Revert the change.
+
+	gpgparsemail: Die on parse error (not abort).
+	+ commit c13e459ffeffb8c5387c44b3c04bb92b7111a75b
+	* tools/gpgparsemail.c (parse_message): Don't use ERRNO.
+	* tools/rfc822parse.c (transition_to_body): Return -1.
+	(transition_to_header, insert_header): Likewise.
+
+2019-06-04  Werner Koch  <wk@gnupg.org>
+
+	sm: Print a better diagnostic for encryption certificate selection.
+	+ commit 9bf650db022b6b65bbfa74c311cdc3e6b73d3b44
+	* sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
+	similar branches.
+
+2019-06-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Block signals in g10_exit.
+	+ commit 537fbe13af6a70e105982c4b69c1bcc3908ffb08
+	* g10/gpg.c (g10_exit): Block all signals before calling
+	emergency_cleanup.
+
+	agent: Allow TERM="".
+	+ commit 0076bef2026a87c4c0e05bad7d322638b1de3f37
+	* agent/call-pinentry.c (start_pinentry): When TERM is none,
+	don't send OPTION ttytype to pinentry.
 
+	agent: Add pinentry_loopback_confirm declaration.
+	+ commit 3a1bb0081087c0604ed681642114934ffe607fa1
+	* agent/agent.h (pinentry_loopback_confirm): New.
+
+	scd: Remove unsupported --card-timeout option.
+	+ commit 4262933ef6f7530b4ad55646250a6763de9bf103
+	* doc/scdaemon.texi (card-timeout): Remove.
+	* scd/scdaemon.c (main): Remove oCardTimeout handling.
+
+	g10,agent: Support CONFIRM for --delete-key.
+	+ commit 20acc7c0226550530085a674ef1bb41ebfa39408
+	* agent/call-pinentry.c (agent_get_confirmation): Add call of
+	pinentry_loopback_confirm.
+	(agent_popup_message_start): Likewise.
+	(agent_popup_message_stop): Return if it's loopback mode.
+	* agent/command.c (pinentry_loopback_confirm): New.
+
+	* g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
+	when PINENTRY_MODE_LOOPBACK mode.
+	(confirm_status_cb): New.
+	(agent_delete_key): Supply confirm_status_cb to set the description
+	string for confirmation.
+
+	doc: Add a section for gpg-check-pattern.
+	+ commit eaf3b89d11156cc055644fc50761e1692e791e84
+	* doc/Makefile.am: Add gpg-check-pattern.1.
+	* doc/tools.texi (GPG-CHECK-PATTERN): New.
 
 2019-06-03  Werner Koch  <wk@gnupg.org>
 
 	Return better error code for some getinfo IPC commands.
-	+ commit f3251023750d6bd9023dbb8373c804d7d4540a56
+	+ commit f2ac6742d403a5a95d84ac7cdcf8913c39297bcb
 	* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
 	* g13/server.c (cmd_getinfo): Ditto.
 	* sm/server.c (cmd_getinfo): Ditto.
 
-2019-05-29  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
-
-	doc/wks.texi: fix typo.
-	+ commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421
+2019-05-29  NIIBE Yutaka  <gniibe@fsij.org>
 
+	agent: Add A-flag for KEYINFO output for card.
+	+ commit 6790eaf9529209e36099d9520821a3b8ad02ccef
+	* agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
+	A-flag.
+	(cmd_keyinfo): Call agent_card_keyinfo to offer additional information
+	if it's on card.
 
 2019-05-28  Werner Koch  <wk@gnupg.org>
 
-	Release GnuPG 2.2.16.
-	+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
-
-
 	dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
-	+ commit 5281ecbe3ae8364407d9831243b81d664b040805
+	+ commit 405f41007c35ef52bf85c7c2686dab01fdf2c950
 	* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
 	r_produced_at, and r_md.  Get the hash algo from the signature and
 	create the context here.
 	(check_signature): Allow any hash algo.  Print a diagnostic if the
 	signature does not verify.
 
+	dirmngr: Improve finding OCSP cert.
+	+ commit 4699e294cc9e59f35262adca26ca291927acca9e
+	* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
+	and try to locate by keyid.
+
+	agent: Make an MD encoding function more robust.
+	+ commit a2a90717466a88756bbdc6b11577cfee061fc1a8
+	* agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
+	uninitalized TMP in the error case.
+
+2019-05-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Remove unused agent_show_message.
+	+ commit 19415a265253a5ab72e79493d2f40c7e4441d81e
+	* agent/call-pinentry.c (agent_show_message): Remove.
+	* agent/genkey.c (take_this_one_anyway): Rename from
+	take_this_one_anyway2.  Remove a dead path calling agent_show_message.
+	(check_passphrase_constraints): Use take_this_one_anyway.
+
 2019-05-27  Werner Koch  <wk@gnupg.org>
 
 	sm: Avoid confusing diagnostic for the default key.
-	+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
+	+ commit 521e7d4644ed365ab2de3dfaa6c3728ca10ba79b
 	* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
 	callers.
 	(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
@@ -4494,42 +6437,68 @@
 	gpgsm_cert_use_sign_p
 
 	gpg: Fixed i18n markup of some strings.
-	+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
+	+ commit b6289af9738ddbc533defba0aefd950a9ca21ff1
 	* g10/tofu.c: Removed some translation markups which either make no
 	sense or are not possble.
 
 	gpg: Allow deletion of subkeys with --delete-[secret-]key.
-	+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
+	+ commit cc6069ac6ecd57dcbb808f28d54fd9f89dc55014
 	* common/userids.c (classify_user_id): Do not set the EXACT flag in
 	the default case.
 	* g10/export.c (exact_subkey_match_p): Make static,
 	* g10/delkey.c (do_delete_key): Implement subkey only deleting.
 
-2019-05-27  NIIBE Yutaka  <gniibe@fsij.org>
+2019-05-23  NIIBE Yutaka  <gniibe@fsij.org>
 
 	agent: Stop scdaemon after reload when disable_scdaemon.
-	+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
+	+ commit 7158a5696dc84e1ebd2b523ab83a43a32423181d
 	* agent/call-scd.c (agent_card_killscd): New.
 	* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
 
+	g10: Copy expiredate from primary key when marked expired.
+	+ commit 265e6d670682e661cec89657c3330b0b388ca0a7
+	* g10/getkey.c (merge_selfsigs): Update ->expiredate of subkey.
+
 2019-05-21  Werner Koch  <wk@gnupg.org>
 
 	gpg: Do not bail on an invalid packet in the local keyring.
-	+ commit 30f44957ccd1433846709911798af3da4e437900
+	+ commit 4c7d63cd5b02ebfd09933bebd1312e01958b3e20
 	* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
 
 	gpg: Do not allow creation of user ids larger than our parser allows.
-	+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
+	+ commit 156788a43c20e38cd52f4f725395aff2c72142ff
 	* g10/parse-packet.c: Move max packet lengths constants to ...
 	* g10/packet.h: ... here.
 	* g10/build-packet.c (do_user_id): Return an error if too data is too
 	large.
 	* g10/keygen.c (write_uid): Return an error for too large data.
 
+	gpg: Unify the the use of the print_pubkey_info functions.
+	+ commit 126caa34bbdb36f40514643b9d6f5ead3240c735
+	* g10/keylist.c (format_seckey_info): Remove.
+	(print_pubkey_info, print_seckey_info): Remove.
+	(format_key_info): New.
+	(print_key_info): New.
+	(print_key_info_log): New.
+	* g10/card-util.c (current_card_status): Use print_key_info and remove
+	the useless condition on KEYBLOCK.
+	* g10/delkey.c (do_delete_key): Replace print_pubkey_info and
+	print_seckey_info by print_key_info.
+	* g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
+	print_key_info.
+	* g10/pkclist.c (do_we_trust_pre): Ditto.
+	* g10/revoke.c (gen_desig_revoke): Ditto.
+	(gen_revoke): Ditto.  Also use print_key_info_log instead of separate
+	functions.
+
 2019-05-21  NIIBE Yutaka  <gniibe@fsij.org>
 
+	scd: Fix for SCARD_IO_REQUEST structure.
+	+ commit 1eb93d9229c54baa5f1b7ccf7d105d3692c51a4d
+	* scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.
+
 	agent: For SSH key, don't put NUL-byte at the end.
-	+ commit 6e39541f4f488fe59eac399bad18c465f373a784
+	+ commit 479f7bf31ce405e558d844c3eb576b463a8697e5
 	* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
 	the length by the second call of gcry_sexp_sprint.
 
@@ -4537,14 +6506,14 @@
 	    Matheus Afonso Martins Moreira
 
 	gpg: Do not delete any keys if --dry-run is passed.
-	+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
+	+ commit 110a4550179fd1faeee8d2f17a33ed7807a397ae
 	* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
 	Do not clear the ownertrust.  Do not let the agent delete the key.
 
 2019-05-17  Werner Koch  <wk@gnupg.org>
 
 	gpg: Fix using --decrypt along with --use-embedded-filename.
-	+ commit 1702179d91b7136661af084d7dab2e50a2857491
+	+ commit 386bacd9741639d7f5e83c81628d3cad78407197
 	* g10/options.h (opt): Add flags.dummy_outfile.
 	* g10/decrypt.c (decrypt_message): Set this global flag instead of the
 	fucntion local flag.
@@ -4552,7 +6521,7 @@
 	used as a dummy option aslong with --use-embedded-filename.
 
 	gpg: Improve the photo image viewer selection.
-	+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
+	+ commit 7e5847da0f3d715cb59d05adcd9107b460b6411b
 	* g10/exec.c (w32_system): Add "!ShellExecute" special.
 	* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
 	under Windows and fallbac to 'display' and 'xdg-open' in the Unix
@@ -4563,206 +6532,539 @@
 2019-05-16  Werner Koch  <wk@gnupg.org>
 
 	kbx: Fix an endless loop under Windows due to an incomplete fix.
-	+ commit 0fff927889b075442ed7130f376118c31fda1f32
+	+ commit 6fc5df1e10129f3171d80cf731f310b9e8d97c26
 	* kbx/keybox-search.c (keybox_search):  We need to seek to the last
 	position in all cases not just when doing a NEXT.
 
-	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
-	+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
-	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
-	instead of fclose so that a close is done if the file is opened by
-	another handle.
-	* kbx/keybox-search.c (keybox_search): Remember the last offset and
-	use that in NEXT search mode if we had to re-open the file.
-
 	gpgconf: Before --launch check that the config file is fine.
-	+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
+	+ commit 50c2f76ae65d4ee793876865011fa97c85f38ac2
 	* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
 	* tools/gpgconf.c (gpgconf_failure): Call log_flush.
 
+	scd: Remove unused cruft from GnuPG 1.x.
+	+ commit 79c99921e35921140c83d7c101829d95f038f3da
+	* scd/apdu.c: Remove code used only by GnuPG 1.
+	* scd/app-openpgp.c: Ditto.
+	* scd/ccid-driver.c: Ditto.
+	* scd/iso7816.c: Ditto.
+
+2019-05-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent,scd: Scan and load all public keys for availability.
+	+ commit dc35b25195e564affdea7969a7c4ea4e200ab45f
+	* agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
+	* scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.
+
+2019-05-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Support scdaemon operation using KEYGRIP.
+	+ commit 1091f22511e1a8259eb5c998f5c207ee95723a4a
+	* agent/agent.h (struct card_key_info_s): New.
+	(divert_pksign, divert_pkdecrypt): New API.
+	* agent/call-scd.c (card_keyinfo_cb): New.
+	(agent_card_free_keyinfo, agent_card_keyinfo): New.
+	* agent/divert-scd.c (ask_for_card): Having GRIP argument,
+	ask scdaemon with agent_card_keyinfo.
+	(divert_pksign, divert_pkdecrypt): Ditto.
+	* agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
+	* agent/pksign.c (agent_pksign_do): Ditto.
+
+	scd: Don't put newline at the end of status.
+	+ commit 01730529f20882cd98882a61408e9bee960c86f1
+	* scd/command.c (send_keyinfo): Remove newline.
+
 2019-05-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	gpg: enable OpenPGP export of cleartext keys with comments.
-	+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
+	+ commit 392e59a3d487e174edcea570e69a0f946c55a19a
 	* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
 	sublists in private-key S-expression.
 
 2019-05-15  Werner Koch  <wk@gnupg.org>
 
 	gpgconf: Support --homedir for --launch.
-	+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
+	+ commit a4be077abdbf286e3dcdeb0553ba0e74b7e2df5f
 	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
 	gnupg_homedir already returns abd absolute name.
 	(scdaemon_runtime_change): Ditto.
 	(dirmngr_runtime_change): Ditto.
 	(gc_component_launch): Support --homedir.
 
+	sm: Add a couple of debug calls to the keydb module.
+	+ commit 6e041b7b356c3adba714e98f4ecf0dd007375390
+	* sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
+	(DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
+	* sm/gpgsm.c: new debug flags "lookup" and "clock"
+	* sm/keydb.c: Add log_clock calls to most functions.
+	(keydb_search_desc_dump): New.
+	(keydb_search) [DBG_LOOKUP]: Print descrh decription.
+	* sm/keylist.c (list_cert_std): Flush FP in debug mode to better
+	syncronize the output with the debug output
+
+2019-05-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix return value for KEYINFO command.
+	+ commit 62c29af63203400947569c5965a8cf05a22fcd4c
+	* scd/command.c (cmd_keyinfo): Return GPG_ERR_NOT_FOUND if none.
+
+2019-05-14  Werner Koch  <wk@gnupg.org>
+
+	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
+	+ commit 49b236af0ecbb6df67513feb4b63851f2e159ea2
+	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
+	instead of fclose so that a close is done if the file is opened by
+	another handle.
+	* kbx/keybox-search.c (keybox_search): Remember the last offset and
+	use that in NEXT search mode if we had to re-open the file.
+
+	sm: Change keydb code to use the keybox locking.
+	+ commit 22e274f839f9a6c9a511648f29cae497f6492c97
+	* kbx/keybox-init.c (keybox_lock): New arg TIMEOUT.  Change all
+	callers to pass -1 when locking.
+	* sm/keydb.c (struct resource_item): Remove LOCKANDLE.
+	(struct keydb_handle): Add KEEP_LOCK.
+	(keydb_add_resource): Use keybox locking instead of a separate dotlock
+	for testing whether we can run a compress.
+	(keydb_release): Reset KEEP_LOCK.
+	(keydb_lock): Set KEEP_LOCK.
+	(unlock_all): Take care of KEEP_LOCK.
+	(lock_all): Use keybox_lock instead of dotlock fucntions.
+	(keydb_delete): Remove arg UNLOCK.
+	* sm/delete.c (delete_one): Adjust keydb_delete.  Due to the KEEP_LOCK
+	the keydb_release takes care of unlocking.
+
 2019-05-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	agent: correct length for uri and comment on 64-bit big-endian platforms
-	+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
+	+ commit 5651b2c460a7898027c1765c2063c302606b5f85
 	* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
 	gcry_sexp_build_array's %b.
 
 2019-05-14  Werner Koch  <wk@gnupg.org>
 
 	gpg: Do not print a hint to use the deprecated --keyserver option.
-	+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
+	+ commit 7102d9b798b0985412007d3bf8b954959e4adec7
 	* g10/keyserver.c (keyserver_search): Remove a specialized error
 	message.
 
 2019-05-14  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Fix possible null dereference.
-	+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
+	+ commit 802a2aa300bad3d4385d17a2deeb0966da4e737d
 	* g10/armor.c (armor_filter): Access ->d in the internal loop.
 
-	build: Update m4/iconv.m4.
-	+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
-	* m4/iconv.m4: Update from gettext 0.20.1.
-
 2019-05-13  Werner Koch  <wk@gnupg.org>
 
 	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
-	+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
+	+ commit 484d6ba5896acfa3dcf73d9536bcf5e006579b5f
 	* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
 
-2019-05-12  Werner Koch  <wk@gnupg.org>
+	gpg: Cleanup use of make_keysig_packet.
+	+ commit d07666412d4317460c6f03b3ffd03edf4a715ef7
+	* g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
+	which was always passed as 0.  Change all callers.
 
-	sm: Fix a warning in an es_fopencooie function.
-	+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
-	* sm/certdump.c (format_name_writer): Take care of a flush request.
+	* g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
+
+2019-05-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Update m4/iconv.m4.
+	+ commit 1cd2aca03b8807c6f8e4929ace462bb606dcd53f
+	* m4/iconv.m4: Update from gettext 0.20.1.
 
 2019-05-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	doc: correct documentation for gpgconf --kill.
-	+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
+	+ commit 9662538be6afc8beee0f2654f9a8f234c5dac016
 	* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
 
-	(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
+2019-05-07  Werner Koch  <wk@gnupg.org>
 
-2019-05-09  Werner Koch  <wk@gnupg.org>
+	agent: If a Label is make sure that label is part of the prompt.
+	+ commit 69e0b080f06b66eee96327617c6fbffe8a88d586
+	* agent/findkey.c (has_comment_expando): New.
+	(agent_key_from_file): Modify DESC_TEXT.
 
-	build: Sign all Windows binaries.
-	+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
-	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
-	(AUTHENTICODE_TOOL): New.
-	(AUTHENTICODE_FILES): New.
-	(installer): Sign listed files.
-	(AUTHENTICODE_SIGNHOST): New macro.
-	(sign-installer): Use that macro instead of direct use of osslsigncode.
+	agent: Allow the use of "Label:" in a key file.
+	+ commit 5388537806411c19ea84db8c4419f410be9ac616
+	* agent/findkey.c (linefeed_to_percent0A): New.
+	(read_key_file): Add optional arg 'keymeta' and change all callers.
+	(agent_key_from_file): Prefer "Label:" over the comment for protected
+	keys.
+
+	common: New functions nvc_delete_named and nvc_get_string.
+	+ commit b5985d0ca21ca376f22c050857bfda05592cebef
+	* common/name-value.c (nvc_delete_named): New.
+	(nvc_get_string): New.
+
+2019-05-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Support direct use of app with PKSIGN/PKAUTH/PKDECRYPT.
+	+ commit c856ee7312c9eeb7d79a30189a49f70986420364
+	* scd/command.c (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): When length
+	of keyidstr is 40, it is considered as a keygrip for direct use.
 
 2019-05-03  Werner Koch  <wk@gnupg.org>
 
+	agent: Put Token lines into the key files.
+	+ commit bdf252e76ada0056bec2ee7940255f32552328c5
+	* agent/findkey.c (write_extended_private_key): Add args serialno and
+	keyref.  Write a Token line if that does not yet exist.
+	(agent_write_private_key): Add args serialno and keyref and change all
+	callers.
+	(agent_write_shadow_key): Skip leading spaces.
+	* agent/keyformat.txt: Improve extended key format docs.
+
+	common: In private key mode write "Key:" always last in name-value.
+	+ commit c9fa28bfad297b17e76341ffb40383ce92da5d44
+	* common/name-value.c (nvc_write): Take care of Key. Factor some code
+	out to ...
+	(write_one_entry): new.
+
 	gpg: Use just the addrspec from the Signer's UID.
-	+ commit 05204b72497db093f5d2da4a2446c0264a946296
-	* g10/parse-packet.c (parse_signature): Take only the addrspec from a
+	+ commit bd6ecbb8f8e92fe4a7fed40fcf470eb83bda0927
+	* g10/parse-packet.c (parse_signature): Take only rthe addrspec from a
 	Signer's UID subpacket.
 
+2019-04-30  Werner Koch  <wk@gnupg.org>
+
+	sm: Add yet inactive options to support authenticode.
+	+ commit 5f3864fb647237f862bbe7e26763dffa0e945202
+	* sm/gpgsm.c (opts): New options --authenticode and --attribute.
+	* sm/gpgsm.h (opt): Add vars authenticode and attribute_list.
+	* sm/sign.c (add_signed_attribute): New but inactive.
+	(gpgsm_sign): Use new options.
+
+2019-04-29  Andre Heinecke  <aheinecke@gnupg.org>
+
+	common,w32: Breakaway detached childs when in job.
+	+ commit 03df28b18b92b3fd3d2ba1000903c088dc5b0fcf
+	* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
+	CREATE_BREAKAWAY_FROM_JOB creation flag if required.
+
+2019-04-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Add new command: KEYINFO.
+	+ commit 874bc970ba6ec243ff474ef090242e0f7be6a7bc
+	* scd/app-common.h (struct app_ctx_s): Add with_keygrip function.
+	* scd/app-openpgp.c (do_with_keygrip): New.
+	* scd/app.c (app_do_with_keygrip): New.
+	* scd/command.c (cmd_keyinfo): New.
+	(send_keyinfo): New.
+
 2019-04-23  NIIBE Yutaka  <gniibe@fsij.org>
 
 	po: Update Japanese Translation.
-	+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
+	+ commit d5443b918dd3b8ccb3c4fdd8fe9d70d84aa312ff
+
+
+	scd: Allow KEYGRIP as KEYIDSTR.
+	+ commit e769609cd3c12d2e26955538399172016f78d2d4
+	* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
+	(store_keygrip): New.
+	(read_public_key): Call store_keygrip to hold keygrip.
+	(get_public_key): Likewise.
+	(send_keypair_info): Use stored keygrip_str.
+	(check_keyidstr): Allow use of KEYGRIP.
+	(do_check_pin): Allow use of KEYGRIP of signing slot.
+
+2019-04-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Factor out a function to check keyidstr.
+	+ commit b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
+	* scd/app-openpgp.c (check_keyidstr): New.
+	(do_sign, do_auth, do_decipher, do_check_pin): Use check_keyidstr.
+
+2019-04-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	gpgconf: correct capitalization of "Tor"
+	+ commit ea7d85ff658c000f5f469e0a869af0e512e8c59f
+	* tools/gpgconf-comp.cb (gc_options_dirmngr): correct capitalization
+	of Tor.
+
+2019-04-18  Andre Heinecke  <aheinecke@intevation.de>
+
+	g10: Fix double free when locating by mbox.
+	+ commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0
+	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
+	to NULL after use.
+
+2019-04-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix a memory leak.
+	+ commit a861f9343d6e6d18064e4e54aeb914c5a10b2095
+	* g10/import.c (import): Care PNDING_PKT on error.
+
+2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Fix AWK portability.
+	+ commit b6f0b0efa19e0434024bc16e246032b613fd448a
+	* common/Makefile.am: Use pkg_namespace.
+	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.
+
+2019-04-13  Werner Koch  <wk@gnupg.org>
+
+	gpg: New caching functions.
+	+ commit 64a5fd37271a3e454c0d59ac3500e1a1b232e4f7
+	* g10/objcache.c: New.
+	* g10/objcache.h: New.
+	* g10/Makefile.am (common_source): Add them.
+	* g10/gpg.c: Include objcache.h.
+	(g10_exit): Call objcache_dump_stats.
+	* g10/getkey.c: Include objcache.h.
+	(get_primary_uid, release_keyid_list): Remove.
+	(cache_user_id): Remove.
+	(finish_lookup): Call the new cache_put_keyblock instead of
+	cache_user_id.
+	(get_user_id_string): Remove code for mode 2.
+	(get_user_id): Implement using cache_get_uid_bykid.
+
+2019-04-12  Werner Koch  <wk@gnupg.org>
+
+	gpg: Cache a once computed fingerprint in PKT_public_key.
+	+ commit 60f384592144de53c9a5f5e11d7f73ce863aa94f
+	* g10/packet.h (PKT_public_key): Add fields fpr and fprlen.
+	* g10/keyid.c (do_fingerprint_md): Remove.
+	(compute_fingerprint): New.
+	(keyid_from_pk): Simplify.
+	(fingerprint_from_pk): Simplify.
+	(hexfingerprint): Avoid using extra array.
+
+2019-04-11  Werner Koch  <wk@gnupg.org>
+
+	gpg: Accept also armored data from the WKD.
+	+ commit 1b1f649deaeba963ed7240b27f848004db0b051f
+	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+
+	gpg: Set a limit of 5 to the number of keys imported from the WKD.
+	+ commit 40595b57936e39ee2a4d58b1dd19edea7537a471
+	* g10/import.c (import): Limit the number of considered keys to 5.
+	(import_one): Return the first fingerprint in case of WKD.
+
+2019-04-11  Andre Heinecke  <aheinecke@gnupg.org>
+
+	speedo,w32: Install gpg-card.exe.
+	+ commit b30351496dd3056462c8db25c03fed6d2aa00e9b
+	* build-aux/speedo/w32/inst.nsi: Install gpg-card.exe
+
+2019-04-05  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix printing of the user id during import.
+	+ commit ea32842d5c2e2d262d32791130d7eae5c8c3edcf
+	* g10/getkey.c (struct keyid_list): Add field fprlen.
+	(cache_user_id): Set and test it.
+	(get_user_id_byfpr): Make static, add arg fprlen and use it.
+	(get_user_id_byfpr_native): Add arg fprlen and change all callers.
 
+2019-04-04  Werner Koch  <wk@gnupg.org>
+
+	scd:piv: Fix RSA decryption.
+	+ commit 958172cc3acb7172bc5e1fa76efafe26695ed402
+	* scd/app-piv.c (do_decipher): Fixup leading zero byte.
+
+2019-04-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Better handling of timeout and time extension.
+	+ commit f1cf799a37f320d33cae445c74f3fc1936dd9995
+	* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
+	(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
+	determined value.  Use value from variable wait_more for bulk_in.
+	Set wait_more by the value of time extension request.
+
+2019-04-03  Werner Koch  <wk@gnupg.org>
+
+	gpg: Improve the code to decrypt using PIV cards.
+	+ commit 2c9b68f28de1ce9a6a18d091caba01ddd4707774
+	* g10/call-agent.c (agent_scd_keypairinfo): Add arg 'keyref'.
+	* g10/keygen.c (ask_algo): Adjust.
+	* g10/skclist.c (enum_secret_keys): Request the keyref directly.
+
+	scd: New options --info and --info-only for READKEY.
+	+ commit 679b8f1c045476bd6e0a1f1565379263143994ee
+	* scd/command.c (cmd_readkey): New options --info and --info-only.
+	* scd/app.c (app_readkey): New arg 'flags'.
+	* scd/app-common.h (APP_READKEY_FLAG_INFO): New.
+	(struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey.
+	Change all implementers.
+	* scd/app-nks.c (do_readkey): Stub implementation of
+	APP_READKEY_FLAG_INFO.
+	* scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO.
+	* scd/app-piv.c (do_readkey): Ditto.
+
+	gpg: Allow decryption using PIV cards.
+	+ commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4
+	* g10/call-agent.c (struct getattr_one_parm_s): New.
+	(getattr_one_status_cb): New.
+	(agent_scd_getattr_one): New.
+	* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
+	pkcs#1.
+	* g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards.
+
+	scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
+	+ commit 2b1135cf920cf3d863813d60f032d476dcccfb58
+	* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
+	* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
+	* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
+	"$SIGNKEYID".
+	* scd/app-piv.c (do_getattr): Ditto.
+
+	gpg: Avoid endless loop if a card's serial number can't be read.
+	+ commit 1f688e0d1dba4dd7a311d416d06d654ed7b4290d
+	* g10/skclist.c (enum_secret_keys): Move list forward on error.
+
+	card: Allow card selection with LIST.
+	+ commit bcca3acb87c36213fef9311236ea949d006f759c
+	* tools/card-call-scd.c (start_agent): Request serialno only whean
+	started.
+	(scd_serialno): Allow NULL for r_serialno.
+	* tools/gpg-card.c (cmd_factoryreset): Use changed scd_serialno.
+	(cmd_list): New.
+	(dispatch_command): Use cmd_list for cmdLIST.
+	(interactive_loop): Ditto.
+
+	gpg: Print modern style key info for non-decryptable keys.
+	+ commit 2d3392c147a24e49ee4658d4a50fafd68599fba3
+	* g10/mainproc.c (print_pkenc_list): Simplify.
 
-2019-04-18  Andre Heinecke  <aheinecke@intevation.de>
+2019-04-02  Werner Koch  <wk@gnupg.org>
 
-	g10: Fix double free when locating by mbox.
-	+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
-	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
-	to NULL after use.
+	gpg: Allow direct key generation from card with --full-gen-key.
+	+ commit a480182f9d7ec316648cb64248f7a0cc8f681bc3
+	* g10/call-agent.c (agent_scd_readkey): New.
+	* g10/keygen.c (ask_key_flags): Factor code out to ..
+	(ask_key_flags_with_mask): new.
+	(ask_algo): New mode 14.
 
-2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>
+	common: Extend function pubkey_algo_string.
+	+ commit f952226043824cbbeb8517126b5266926121c4e8
+	* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
+	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
+	* tools/gpg-card.c (list_one_kinfo): Ditto.
 
-	common: Fix AWK portability.
-	+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
-	* common/Makefile.am: Use pkg_namespace.
-	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.
+	dirmngr: Improve domaininfo cache update algorithm.
+	+ commit e100ace7f8a729bbe30d9f4ed157a7a229a04eb0
+	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
+	(insert_or_update): Implement new update algorithm.
 
-2019-04-11  Werner Koch  <wk@gnupg.org>
+2019-04-01  Werner Koch  <wk@gnupg.org>
 
-	gpg: Accept also armored data from the WKD.
-	+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
-	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+	sm: Show the usage flags when generating a key from a card.
+	+ commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7
+	* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
+	flags.
+	* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
+	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
 
-	gpg: Set a limit of 5 to the number of keys imported from the WKD.
-	+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
-	* g10/import.c (import): Limit the number of considered keys to 5.
-	(import_one): Return the first fingerprint in case of WKD.
+	gpg: Prepare card code to allow other than OpenPGP cards.
+	+ commit e47524c34a2a9f53c2507f67a0b41b460cee78b7
+	* g10/call-agent.c (start_agent): Use card app auto selection.
+	* g10/card-util.c (current_card_status): Print the Application type.
+	(card_status): Put empty line between card listings.
 
-2019-04-02  Werner Koch  <wk@gnupg.org>
+	gpg: New card function agent_scd_keypairinfo.
+	+ commit 0fad61de159acf39e38a04f28f162f0beb0e77d6
+	* g10/call-agent.c (scd_keypairinfo_status_cb)
+	(agent_scd_keypairinfo): New.  Taken from gpgsm.
 
-	scd: Add dummy option --application-priority.
-	+ commit cb2065967465939f82cc585254cae0244ed94eac
+	gpg: Remove two unused card related functions.
+	+ commit 334b16b868e771b983263ed20c200869e7e51198
+	* g10/call-agent.c (inq_writekey_parms): Remove.
+	(agent_scd_writekey): Remove.
+	(agent_clear_pin_cache): Remove this stub.
 
+	gpg: Remove unused arg in a card related function.
+	+ commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e
+	* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
 
-	dirmngr: Improve domaininfo cache update algorithm.
-	+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
-	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
-	(insert_or_update): Implement new update algorithm.
+2019-03-29  Werner Koch  <wk@gnupg.org>
 
-	dirmngr: Better error code for http status 413.
-	+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
+	dirmngr: Better for error code for http status 413.
+	+ commit 21b674097442a54ae889a90d708639b257ba43db
 	* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 	* dirmngr/ocsp.c (do_ocsp_request): Ditto.
 
-2019-04-01  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+2019-03-28  Werner Koch  <wk@gnupg.org>
 
-	NEWS: correct typo in header.
-	+ commit 5b1b5be65f343d252c865d705d23b55982718f2d
+	scd: New option --application-priority.
+	+ commit 97feef8ee94a5e1cb9daba82f108eb62122c7910
+	* scd/scdaemon.c (oApplicationPriority): New.
+	(opts): Add "application_priority".
+	(main): Process option.
+	* scd/app.c (app_update_priority_list): New.
+	(get_supported_applications): Take apps from global list.
 
+	* tools/gpgconf-comp.c (gc_options_scdaemon): Add option.
 
-2019-03-27  NIIBE Yutaka  <gniibe@fsij.org>
+	card: For passwd add a PIV menu and make the OpenPGP menu optional.
+	+ commit 80c069b5e1ad6fbd547de59f332eb3fabb68c572
+	* tools/gpg-card.c (get_selection): New.
+	(cmd_passwd): Reworked.
 
-	g10: Fix symmetric cipher algo constant for ECDH.
-	+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
-	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
-	ECC strength 384, according to RFC-6637.
+	card: Allow "yubikey disable" only for Yubikey-5 and later.
+	+ commit 2f761251c5730a9ad113fa58466addc9c2372da8
+	* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
+	for Yubikey-5.
+	* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
+
+2019-03-27  Werner Koch  <wk@gnupg.org>
+
+	scd: Support reading the Yubikey 4 firmware version.
+	+ commit 5a3055eb722e61126748e83564e1bba42807d722
+	* scd/app.c (app_new_register): Detect yk4 version numbers.
 
 2019-03-27  Trevor Bentley  <trevor@yubico.com>
 
 	gpg: Don't use EdDSA algo ID for ECDSA curves.
-	+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
+	+ commit 4324560b2c0bb76a1769535c383424a042e505ae
 	* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
 	an EdDSA curve.
 
 2019-03-26  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.15.
-	+ commit dc93e57226db32d5b90884dcf768d271baa6628a
-
-
 	sm: Allow decryption even if expired other keys are configured.
-	+ commit 30972d21824264aef2088d30b4f2e5ce3aca889e
+	+ commit aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad
 	* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
 	mode.
 
 	agent: Allow other ssh fingerprint algos in KEYINFO.
-	+ commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
+	+ commit 3c7a1f3aea7f6e8137a93ef2166ff329688f5445
 	* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
 	the standard algo.
 
 2019-03-25  Werner Koch  <wk@gnupg.org>
 
 	wkd: New command --print-wkd-url for gpg-wks-client.
-	+ commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
+	+ commit 70c97a862aa586c314a64190d1e489a272e552ea
 	* tools/gpg-wks-client.c (aPrintWKDURL): New.
 	(opts): Add option.
 	(main): Implement.
 	* tools/wks-util.c (wks_cmd_print_wkd_url): New.
 
+2019-03-25  Andre Heinecke  <aheinecke@gnupg.org>
+
+	sm, w32: Translate logger and status fd to handles.
+	+ commit e4e0804ed123516fa00f8a876a862b2c6d34ba5c
+	* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
+	convert the FDs.
+
 2019-03-25  NIIBE Yutaka  <gniibe@fsij.org>
 
 	libdns: Don't use _[A-Z] which are reserved names.
-	+ commit a975fd127a5d58bbbb3c585e610a54daeb423af6
+	+ commit 8d1b5982138c104f3c50663738892fa110193059
 	* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
 	reserved "_[A-Z]".
 
-2019-03-25  Werner Koch  <wk@gnupg.org>
+2019-03-22  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	doc: fix formatting error.
+	+ commit b30528f48780c9917ec8ba3b3d163fba5c740d92
+
+
+2019-03-22  Werner Koch  <wk@gnupg.org>
 
 	wkd: New command --print-wkd-hash for gpg-wks-client.
-	+ commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
+	+ commit e847cf1df7aa55ac2af7efd39ca05882258acbfe
 	* tools/gpg-wks-client.c (aPrintWKDHash): New.
 	(opts) : Add "--print-wkd-hash".
 	(main): Implement that command.
@@ -4770,46 +7072,20 @@
 	* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
 	(wks_cmd_print_wkd_hash): New.
 
-2019-03-25  Andre Heinecke  <aheinecke@gnupg.org>
-
-	sm, w32: Translate logger and status fd to handles.
-	+ commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
-	* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
-	convert the FDs.
-
-2019-03-22  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
-
-	doc: fix formatting error.
-	+ commit 93782de23fe45e7f7f86140fda6de39395c3a9d8
-
-
-2019-03-19  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.14.
-	+ commit 813de13e73b01409fabff9859f24c4f23b808796
-
+	scd: Refactor the app selection code.
+	+ commit 393269948c883afb770bb536f03045254d13b911
+	* scd/app.c (app_priority_list): New.
 
-2019-03-18  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit dc00947b21dcd4417a35da711c884cef5cc9fc7d
+2019-03-18  Andre Heinecke  <aheinecke@gnupg.org>
 
+	speedo: Fix installer build with NSIS-3.
+	+ commit b98799ce964df1743478dc3d0cc503f51c4b6733
+	* build-aux/speedo.mk: Add charset for nsis 3.
 
 2019-03-18  Werner Koch  <wk@gnupg.org>
 
-	gpg: Do not bail out on v5 keys in the local keyring.
-	+ commit de70a2f377c1647417fb8a2b6476c3744a901296
-	* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
-	instead of invalid packet.
-	* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
-	error to invalid keyring.
-	(keydb_search): Skip unknown version errors simlar to legacy keys.
-	* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
-	versions.
-	* g10/import.c (read_block): Handle unknown version.
-
 	gpg: Allow import of PGP desktop exported secret keys.
-	+ commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
+	+ commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9
 	* g10/import.c (NODE_TRANSFER_SECKEY): New.
 	(import): Add attic kludge.
 	(transfer_secret_keys): Add arg only_marked.
@@ -4821,8 +7097,10 @@
 	(do_transfer): New.
 	(import_matching_seckeys): New.
 
+2019-03-15  Werner Koch  <wk@gnupg.org>
+
 	gpg: Avoid importing secret keys if the keyblock is not valid.
-	+ commit 43b23aa82be7e02414398af506986b812e2b9349
+	+ commit f799e9728bcadb3d4148a47848c78c5647860ea4
 	* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
 	new field TAG.
 	* g10/kbnode.c (alloc_node): Change accordingly.
@@ -4833,7 +7111,7 @@
 	error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
 
 	gpg: During secret key import print "sec" instead of "pub".
-	+ commit db2d75f1ffede2ea77163b487a15e60249daffa0
+	+ commit f64477db86568bdc28c313bfeb8b95d8edf05a3c
 	* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
 	useless code for "sub" and "ssb".
 	* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
@@ -4841,23 +7119,349 @@
 	printing.
 
 	gpg: Simplify an interactive import status line.
-	+ commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
+	+ commit f06b6fe47f56a15ac426665c3d9661d4b104696f
 	* g10/cpr.c (write_status_printf): Escape CR and LF.
 	* g10/import.c (print_import_check): Simplify by using
 	write_status_printf and hexfingerprint.
 
+	gpg: Fix recently introduced use after free.
+	+ commit 3e1f3df6183b2ed2cadf2af2383063891e2c53bd
+	* g10/mainproc.c (proc_plaintext): Do not use freed memory.
+
+2019-03-14  Werner Koch  <wk@gnupg.org>
+
+	kbx: Unify the fingerprint search modes.
+	+ commit bdda31a26bc69b6ee72e964510db113645de76ef
+	* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
+	(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove.  Switch
+	all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
+
+	gpg: Make rfc4880bis the default.
+	+ commit caf4b3fc16e97eb175c46f45f5770d02becb862d
+	* g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
+	rfc4880bis features.
+	(main): Change rfc4880bis warning to a note.
+
+	gpg: Implement v5 keys and v5 signatures.
+	+ commit 01c87d4ce23bc9fc44ec5301c2c6bf2ce615c375
+	* g10/build-packet.c (gpg_mpi_write): New optional arg
+	R_NWRITTEN.  Allow NULL for OUT.  Change all callers.
+	(do_key): Support v5 keys.
+	(build_sig_subpkt_from_sig): Support 32 byte fingerprints.
+	* g10/parse-packet.c (parse_signature): First try to set the keyid
+	from the issuer fingerprint.
+	(parse_key): Support v5 keys.
+	(create_gpg_control): Better make sure to always allocate the static
+	size of the struct in case future compilers print warnings.
+	* g10/keyid.c (hash_public_key): Add v5 support.
+	(keyid_from_pk): Ditto.
+	(keyid_from_fingerprint): Ditto.
+	(fingerprint_from_pk): Ditto.
+	* g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
+	(pVERSION, pSUBVERSION): New.
+	(add_feature_v5): New.
+	(keygen_upd_std_prefs): Call it.
+	(do_create_from_keygrip): Add arg keygen_flags and support the v5
+	flag.
+	(common_gen): Support the v5 flag.
+	(parse_key_parameter_part): New flags v4 and v5.
+	(parse_key_parameter_string): Add args for version and subversion.
+	(read_parameter_file): New keywords "Key-Version" and
+	"Subkey-Version".
+	(quickgen_set_para): Add arg 'version'.
+	(quick_generate_keypair, generate_keypair): Support version parms.
+	(do_generate_keypair): Support v5 key flag.
+	(generate_subkeypair): Ditto.
+	(generate_card_subkeypair): Preparse for keyflags.
+	(gen_card_key): Ditto.
+	* g10/sig-check.c (check_signature2): Add args extrahash and
+	extrahashlen.
+	(check_signature_end): Ditto.
+	(check_signature_end_simple): Ditto.  Use them.
+	* g10/mainproc.c (proc_plaintext): Put extra hash infor into the
+	control packet.
+	(do_check_sig): Add args extrahas and extrahashlen and pass them on.
+	(issuer_fpr_raw): Support 32 byte fingerprint.
+	(check_sig_and_print): get extra hash data and pass it on.
+
+	kbx: Add support for 32 byte fingerprints.
+	+ commit f40e9d6a528521d12795e1a6cc15c849b216be92
+	* common/userids.c (classify_user_id): Support 32 byte fingerprints.
+	* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
+	(struct keydb_search_desc): Add field fprlen.
+	* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
+	version and increase size of fpr to 32.
+	* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
+	(struct keyboxblob_key): Add field fprlen and increase size of fpr.
+	(pgp_create_key_part_single): Allow larger fingerprints.
+	(create_blob_header): Implement blob version 2 and add arg want_fpr32.
+	(_keybox_create_openpgp_blob): Detect the need for blob version 2.
+	* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
+	fingerprints.
+	(blob_cmp_fpr): Ditto.
+	(blob_cmp_fpr_part): Ditto.
+	(has_fingerprint): Add arg fprlen and pass on.
+	(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
+	changed has_fingerprint.
+	* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
+	* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.
+
+	* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
+	* g10/export.c (exact_subkey_match_p): Ditto.
+	* g10/gpg.c (main): Ditto.
+	* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
+	KEYDB_SEARCH_MODE_FPR.
+	* g10/keydb.c (keydb_search_desc_dump): Support
+	KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
+	(keydb_search): Add new arg fprlen and change all callers.
+	* g10/keyedit.c (find_by_primary_fpr): Ditto.
+	* g10/keyid.c (keystr_from_desc): Ditto.
+	* g10/keyring.c (keyring_search): Ditto.
+	* g10/keyserver.c (print_keyrec): Ditto.
+	(parse_keyrec): Ditto.
+	(keyserver_export): Ditto.
+	(keyserver_retrieval_screener): Ditto.
+	(keyserver_import): Ditto.
+	(keyserver_import_fprint): Ditto.
+	(keyidlist): Ditto.
+	(keyserver_get_chunk): Ditto.
+
+	* g10/keydb.c (keydb_search): Add new arg fprlen and change all
+	callers.
+
+	* sm/keydb.c (keydb_search_fpr): Adjust for changed
+	KEYDB_SEARCH_MODE_FPR.
+
+	gpg: Implemented latest rfc4880bis version 5 packet hashing.
+	+ commit a21ca3a1eff4722dea778cca4abe14a873ccebdf
+	* configure.ac (AC_CHECK_SIZEOF): Test size_t.
+	* g10/sig-check.c (check_signature_end_simple): Support v5 signatures
+	as per current rfc4880bis.  For correctness also allow for N > 2^32.
+	* g10/sign.c (pt_extra_hash_data_t): New.
+	(hash_sigversion_to_magic): New arg EXTRAHASH.
+	(write_plaintext_packet): New arg R_EXTRAHASH.
+	(write_signature_packets): Pass EXTRAHASH.
+	(sign_file): Ditto.
+	(sign_symencrypt_file): Ditto.
+
+2019-03-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Fix the previous commit.
+	+ commit f199b627ce512c8495af5c9bd1c81127ccde3ca0
+	* g10/ecdh.c (kek_params_table): Revert the change.
+	* scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
+	for 384-bit key.
+
+2019-03-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix symmetric cipher algo constant for ECDH.
+	+ commit af3efd149f555d36a455cb2ea311ff81caf5124c
+	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
+	ECC strength 384, according to RFC-6637.
+
+2019-03-11  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Avoid testing for Tor with --gpgconf-list.
+	+ commit 9f37e93dd741a5436ff412955628806ae84725ca
+	* dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
+	(dirmngr_sighup_action): Call it here.
+	(main): Call it here unless in --gpgconf-list mode.
+
+2019-03-07  Werner Koch  <wk@gnupg.org>
+
+	common: Minor rework of tty_get.
+	+ commit b7de105e0a836bd4d7bd558f8e699d88ab0cafec
+	* common/ttyio.c (do_get): Re-indent and remove the checking for char
+	values larger than 0xa0.  Use explicy control character checking.
+
+	dirmngr: Add CSRF protection exception for protonmail.
+	+ commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3
+	* dirmngr/http.c (same_host_p): Add exception table.
+
+2019-03-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	gpgv: Improve documentation for keyring choices.
+	+ commit 096c2aa705f85289ff8b610da1dd9181e4c904fd
+	* doc/gpgv.texi: Improve documentation for keyring choices
+
+2019-03-06  Werner Koch  <wk@gnupg.org>
+
+	gpgtar: Make option -C work for archive creation.
+	+ commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc
+	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
+
+	agent: Re-introduce --enable-extended-key-format.
+	+ commit 91ae3e7fb66271691f6fe507262a62fc7e2663a3
+	* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
+	(parse_rereadable_options): Handle it in a special way.
+	* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
+	or 0.
+	* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
+
+	gpgtar: Improve error messages.
+	+ commit 72feb8fa8280aba674573a1afc955a92e8065242
+	* tools/gpgtar.h (struct tarinfo_s): New.
+	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
+	global vars more to the top.
+	(set_cmd): Rename 'cmd' to 'c'.
+	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
+	messages.
+	(read_header): Add arg 'info' and update counter.
+	(skip_data): Ditto.
+	(gpgtar_list): Pass info object to read functions.
+	(gpgtar_read_header): Add arg 'info'.
+	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
+	(extract_regular): Add arg 'info' and update counter.
+
+	agent: Default to extended key format.
+	+ commit 05eff1f6623c272fcabd4e238842afc832710324
+	* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
+	(oEnableExtendedKeyFormat): Remove.
+	(opts): Make --enable-extended-key-format a dummy option.  Add
+	disable-extended-key-format.
+	(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
+
+	card: Allow PEM encoded certificates in "writecert".
+	+ commit 4e1f04a4cd30859507218395e630e886801ae2b7
+	* tools/gpg-card.c (cmd_writecert): Convert from base64.
+
+	card: Print the keyref also for non-initialized slots.
+	+ commit 772bba34ea089b3a00f0b1ea5138ba7422c95180
+	* tools/gpg-card.c (list_one_kinfo): Add arg label_keyref and change
+	callers.
+
+2019-03-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix detection of exit of scdaemon.
+	+ commit 2abad7585a004586e27ead6ab8c9c57ce5ed1326
+	* agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
+	SCD_LOCAL_LIST.  Move common case code to fast path.
+	Release START_SCD_LOCK before calling unlock_scd.
+	When new CTX is allocated, clear INVALID flag.
+	(agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
+	START_SCD_LOCK.
+
+2019-03-05  Werner Koch  <wk@gnupg.org>
+
+	card: Print card version.  Check for bad Yubikeys.
+	+ commit 8d4af54ddd039d47e9c4803559193fcca97f0a46
+	* scd/app.c (app_new_register): Set card version for Yubikeys.
+	(app_write_learn_status): Print CARDVERSION and APPVERSION.
+	* tools/card-call-scd.c (learn_status_cb): Detect them.
+	* tools/gpg-card.h (struct card_info_s): Add appversion and
+	cardversion.
+	* tools/gpg-card.c (list_openpgp): Remove version printing from serial
+	number.
+	(print_a_version): New.
+	(list_card): Print card and app version.
+	(cmd_generate): Do not allow broken Yubikeys.
+
+	scd: Rename a shared info field name.
+	+ commit 64caa6a08298119b10dc36ddd27b357cb47825b5
+	* scd/app-piv.c (app_select_piv):
+	* scd/app-common.h (struct app_ctx_s): Rename 'card_version' to
+	'cardversion'.  Rename all users.  Add 'appversion'.
+
+	scd:piv: Implement import of private keys for Yubikeys.
+	+ commit e897e1e255ef9870dfd1639d6f4e97bdf4e83b34
+	* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
+	 callers.
+	(writekey_rsa, writekey_ecc): New.
+	(do_writekey): New.
+	(do_writecert): Provide a better error message for an empty cert.
+	(app_select_piv): Register do_writekey.
+	* scd/iso7816.c (iso7816_send_apdu): New.
+	* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
+	* agent/command.c (cmd_keytocard): Make the timestamp optional.
+	* tools/card-call-scd.c (inq_writekey_parms): Remove.
+	(scd_writekey): Rewrite.
+	* tools/gpg-card.c (cmd_writekey): New.
+	(enum cmdids): Add cmdWRITEKEY.
+	(dispatch_command, interactive_loop): Call cmd_writekey.
+
+	gpg: Make invalid primary key algos obvious in key listings.
+	+ commit db87132b10664718b7db6ec1dad584b54d1fb265
+	* g10/keylist.c (print_key_line): Print a warning for invalid algos.
+
+	agent: Minor change to the KEYTOCARD command.
+	+ commit bcc89a6df24c79690436340f65c7ab13c65c2c45
+	* agent/command.c (cmd_keytocard): Make timestamp optional.  Use
+	modern parser function.
+	* agent/call-scd.c (agent_card_writekey): Rename an arg and for
+	clarity return gpg_error_t instead of int.
+	* agent/divert-scd.c (divert_writekey): Ditto.
+
+2019-03-01  Werner Koch  <wk@gnupg.org>
+
+	sm: Print Yubikey attestation extensions with --dump-cert.
+	+ commit 86c241a8c9a952ea8007066b70b04f435e2e483e
+	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
+	(OID_FLAG_HEX): New.
+	(print_hex_extn): New.
+	(list_cert_raw): Make use of that flag.
+
+	scd:piv: Add feature to read Yubikey attestation certificates.
+	+ commit 51df13d9ec8e89c4236e2f4a9ae3647963c30783
+	* scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
+
+	scd:piv: Allow writecert to only write matching certs.
+	+ commit 696d4c290dd4945b693263721f606b5049b9569d
+	* scd/app-piv.c (do_readkey): Read the key from the cert here instead
+	of letting the upper layer do this.
+	(do_writecert): Check that the cert matches the key and that a key has
+	already been generated.
+
+	card: Remove the "admin" command.
+	+ commit 280baee72dcb0ca54ce99b524bc2125cbc38e0e4
+	* tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
+	(enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
+	to cmdFACTRST.
+	(cmds): Remove column 'admin_only'.
+	(interactive_loop): Remove admin_only stuff.
 
-	Fixed one conlict in a comment.
+2019-02-28  Werner Koch  <wk@gnupg.org>
+
+	sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
+	+ commit 2c75af9f65d15653ed1bc191f1098ae316607041
+	* sm/keylist.c (print_compliance_flags): Also check the diges_also.
+
+2019-02-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: PKSIGN should return signature in same format for card.
+	+ commit 0173b249cfb7f02f94911ec759630d81f312e0bd
+	* agent/pksign.c (agent_pksign_do):
+
+2019-02-26  Werner Koch  <wk@gnupg.org>
+
+	scd: Simplify the app_readkey parameters.
+	+ commit c2235d994dbb1d7ddba20f89a7c02f4a27b0610c
+	* scd/app-help.c (app_help_pubkey_from_cert): New.
+	* scd/command.c (cmd_readkey): Refactor to use that new function and
+	handle the --advanced flag only here.
+	* scd/app.c (app_readkey): Remove parm advanced.
+	* scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
+	readkey member.
+	* scd/app-nks.c (do_readkey): Adjust for removed parm.
+	* scd/app-piv.c (do_readkey): Ditto.
+	* scd/app-openpgp.c (do_readkey): Ditto.
 
-2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
+	conf: New option --show-socket.
+	+ commit ac485b4f253ad6bbd2bc648650b56d60fc82f89d
+	* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
+	* tools/gpgconf.h: here.
+	* tools/gpgconf.c (oShowSocket): New.
+	(opts): Add new option.
+	(main): Implement new option.
+
+2019-02-26  NIIBE Yutaka  <gniibe@fsij.org>
 
 	libdns: Avoid using compound literals (8).
-	+ commit ee08a15e31284d32fb59774fc15e39107a727072
+	+ commit 371ae25f8f6f2d1ac030bf984bca479393a5ed43
 	* dirmngr/dns.h (dns_quietinit): Remove.
 	(dns_hints_i_new): Remove.
 
 	libdns: Avoid using compound literals (7).
-	+ commit 4ab0fef5dc856d1f2747efab584182aa880f631c
+	+ commit d661acd483236d34720a4959fc816d05f89c2cb7
 	* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
 	* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
 	automatic variable for opts.
@@ -4865,7 +7469,7 @@
 	Likewise.
 
 	libdns: Avoid using compound literals (6).
-	+ commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
+	+ commit 6501e59d3685bb58753c9caea729a4b0eca3942a
 	* dirmngr/dns.h (dns_rr_i_new): Remove.
 	(dns_rr_i_init): Remove unused second argument.
 	* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
@@ -4875,25 +7479,21 @@
 	* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
 	(getsrv_libdns): Follow the change of dns_rr_i_init.
 
-	(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
-
 	libdns: Avoid using compound literals (5).
-	+ commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
+	+ commit a1ccfe2b37847cce0db2fb94a7365c9fa501eda4
 	* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
 	Call dns_rr_grep with NULL.
 	* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
 
 	libdns: Avoid using compound literals (4).
-	+ commit 229302aecf8deea0349e79ca0cc05f32665391b7
+	+ commit 7313a112f9c7ada61d24285313d2e2d069a672e8
 	* dirmngr/dns.h (dns_d_new*): Remove.
 	* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
 	variable.
 	(parse_domain): Likewise.
 
-	(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
-
 	libdns: Avoid using compound literals (3).
-	+ commit f0de4fc990767ae5d120a523be51616b0f35f4f6
+	+ commit 72efb7840258808cd892b90d871ea1cc1c31d7f5
 	* dirmngr/dns.h (dns_p_new): Remove.
 	* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
 	variable.
@@ -4901,7 +7501,7 @@
 	(send_query, show_hints, echo_port): Likewise.
 
 	libdns: Avoid using compound literals (2).
-	+ commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
+	+ commit 455ef62d29a112de05897139716265d07e4c6ae3
 	* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
 	(dns_strclass1, dns_strclass3): Remove.
 	(dns_strtype1, dns_strtype3): Remove.
@@ -4910,188 +7510,261 @@
 	* dirmngr/dns.c (dns_strsection): Use automatic variable.
 	(dns_strclass, dns_strtype): Likewise.
 
-	(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
-
 	libdns: Avoid using compound literals.
-	+ commit 1318d1e2d50989c66f496ede906a846859f0cf9f
+	+ commit 1c405499388fd5bed0968ab5c6c5d1b3373537b9
 	* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
 	variables.
 	(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
 
-2019-03-07  Werner Koch  <wk@gnupg.org>
-
-	dirmngr: Add CSRF protection exception for protonmail.
-	+ commit 557c721e787e7e6d311ccb48d8aa677123061cf5
-	* dirmngr/http.c (same_host_p): Add exception table.
-
-	gpgtar: Make option -C work for archive creation.
-	+ commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
-	* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
-
-	gpgtar: Improve error messages.
-	+ commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
-	* tools/gpgtar.h (struct tarinfo_s): New.
-	* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
-	global vars more to the top.
-	(set_cmd): Rename 'cmd' to 'c'.
-	* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
-	messages.
-	(read_header): Add arg 'info' and update counter.
-	(skip_data): Ditto.
-	(gpgtar_list): Pass info object to read functions.
-	(gpgtar_read_header): Add arg 'info'.
-	* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
-	(extract_regular): Add arg 'info' and update counter.
-
-	gpg: Make invalid primary key algos obvious in key listings.
-	+ commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
-	* g10/keylist.c (print_key_line): Print a warning for invalid algos.
-
-	sm: Print Yubikey attestation extensions with --dump-cert.
-	+ commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
-	* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
-	(OID_FLAG_HEX): New.
-	(print_hex_extn): New.
-	(list_cert_raw): Make use of that flag.
-
-	(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
-
-2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-	tests: Add "disable-scdaemon" in gpg-agent.conf.
-	+ commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
-	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
-	  "scdaemon-program".
-	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
-	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
-
-2019-03-07  Werner Koch  <wk@gnupg.org>
-
-	scd: Fix flushing of CA-FPR data objects.
-	+ commit e7eafe10197557ce874db2f049d683f90f26e0bc
-	* scd/app-openpgp.c (do_setattr): Add new table item to flush a
-	different tag.
-
-2019-03-07  NIIBE Yutaka  <gniibe@fsij.org>
-
-	agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
-	+ commit 77a285a0a94994ee9b42289897f9bf3075c7192d
-	* agent/command.c (cmd_clear_passphrase): Add support for SSH.
-
-2019-03-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
-
-	gpgv: Improve documentation for keyring choices.
-	+ commit a7b2a87f940dba078867c44f1f50d46211d51719
-	* doc/gpgv.texi: Improve documentation for keyring choices
-
-2019-02-28  Werner Koch  <wk@gnupg.org>
+2019-02-25  Werner Koch  <wk@gnupg.org>
 
-	sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
-	+ commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
-	* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
-	Add new arg 'cert'.
+	scd: PIV: Always require a PIN for signing with 9C.
+	+ commit a481d17432bf7cca19ca71b6aa5ccd9aee2b3baa
+	* scd/app-piv.c (verify_chv): Add arg 'force'.
+	(do_sign): Use force for 0x9c.
 
-2019-02-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+	card: Rename gpg-card-tool to gpg-card.
+	+ commit 28de5c0ea53373c56a4405fe6b08d194682dd1de
+	* tools/card-tool-keys.c: Rename to card-keys.c.
+	* tools/card-tool-misc.c: Rename to card-misc.c.
+	* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
+	* tools/card-tool.h: Rename to gpg-card.h.
+	* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
+	* doc/card-tool.texi: Rename top gpg-card.texi
 
-	gpgsm: default to 3072-bit keys.
-	+ commit 121286d9d1506dbaad9ba33bae2e459814fe5849
-	* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
-	default to 3072 bits.
-	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
-	3072 bits.
-	* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
-	* sm/gpgsm.c (main): print correct default_pubkey_algo.
+	agent: Fix for suggested Libgcrypt use.
+	+ commit a12c3a566e2e4b10bc02976a2819070877ee895c
+	* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
 
-2019-02-26  Werner Koch  <wk@gnupg.org>
+2019-02-25  NIIBE Yutaka  <gniibe@fsij.org>
 
-	conf: New option --show-socket.
-	+ commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
-	* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
-	* tools/gpgconf.h: here.
-	* tools/gpgconf.c (oShowSocket): New.
-	(opts): Add new option.
-	(main): Implement new option.
+	gpgscm: Build well even if NDEBUG defined.
+	+ commit e140c6d4f581be1a60a34b67b16430452f3987e8
+	* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
+	[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
 
-2019-02-25  Werner Koch  <wk@gnupg.org>
+2019-02-22  NIIBE Yutaka  <gniibe@fsij.org>
 
-	scd: Don't let the "undefined" app cause a conflict error.
-	+ commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
-	* scd/app.c (check_conflict): Ignore "undefined".
+	scd: internal driver: Submit SET_INTERFACE control transfer.
+	+ commit 611faf1579a56925994d53eb08e1290a4b3958cf
+	* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
+	control transfer.
 
-	(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
+2019-02-21  Werner Koch  <wk@gnupg.org>
 
 	sm: Fix certificate creation with key on card.
-	+ commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
+	+ commit c1000c673814e552923cf1361346d7dfeee55608
 	* sm/certreqgen.c (create_request): Fix for certmode.
 
-	agent: Fix for suggested Libgcrypt use.
-	+ commit 0a95b153811f36739d1b20f23920bad0bb07c68b
-	* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
+	card: Print usage info for each key.
+	+ commit 7317aeb3f448c98dcfa9c04f49b9a69d81c26776
+	* tools/card-call-scd.c (learn_status_cb): Handle extended
+	KEYPARIRINFO.
+	* tools/card-tool.h (struct key_info_s): Add field 'usage'.
+	* tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.
+
+	scd: Extend KEYPAIRINFO by key usage info.
+	+ commit 5e21ef2d556ca65b7869bf16ab465f3511601e1e
+	* scd/app-openpgp.c (send_keypair_info): Append usage string.
+	* scd/app-piv.c (struct data_object_s): Remove column 'binary'.  Add
+	column 'usage'.
+	(dump_all_do): Adjust for removed 'binary'.
+	(send_keypair_and_cert_info): Append usage string.
+
+	card: Print the keyref in the listing.
+	+ commit 3384ba6c1c421cfa674dbd8294dc655d7320534e
+	* tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
 
-2019-02-25  NIIBE Yutaka  <gniibe@fsij.org>
+	scd: Don't let the "undefined" app cause a conflict error.
+	+ commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a
+	* scd/app.c (check_conflict): Ignore "undefined".
 
-	gpgscm: Build well even if NDEBUG defined.
-	+ commit 8161afb9dddaba839be92fbe9d85c05235eda825
-	* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
-	[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
+	sm: Prepare algo mapping to handle values > 255.
+	+ commit d7a54ca461ad75e4fab77a2f1b25986c7637762a
+	* sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
+	PKALGO.
 
-2019-02-19  Neal H. Walfield  <neal@g10code.com>
+2019-02-21  NIIBE Yutaka  <gniibe@fsij.org>
 
-	gpg: Fix comparison.
-	+ commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
-	* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
-	not one or fewer.
+	scd: Clear CHV status on timeout error.
+	+ commit 2013cb5ee667610de35f8b92c2f979f5caa09d4c
+	* scd/app-openpgp.c (clear_chv_status): New.
+	(do_change_pin): Use clear_chv_status.
+	(do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT.
+	(do_auth, do_decipher): Likewise.
+
+	scd: Handle ack button timeout as GPG_ERR_TIMEOUT.
+	+ commit bd15aa34ab8ad10adbb7540a8845b4a2600437b6
+	* scd/apdu.h (SW_ACK_TIMEOUT): New.
+	* scd/iso7816.c (map_sw): Return GPG_ERR_TIMEOUT for SW_ACK_TIMEOUT.
+
+	tests: Add "disable-scdaemon" in gpg-agent.conf.
+	+ commit 64b7c6fd1945bc206cf56979633dfca8a7494374
+	* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
+	  "scdaemon-program".
+	* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
+	* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
 
 2019-02-19  NIIBE Yutaka  <gniibe@fsij.org>
 
-	agent: Fix cancellation handling for scdaemon.
-	+ commit 005e951714ff62087b8c8802e05d14b7998826f3
-	* agent/call-scd.c (cancel_inquire): Remove.
-	(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
-	(agent_card_scd): Don't call cancel_inquire.
+	agent: Terminate pinentry process gracefully, by watching socket.
+	+ commit c395f8315362793409be54aca630ce6e903ea984
+	* agent/call-pinentry.c (watch_sock): New.
+	(do_getpin): Spawn the watching thread.
 
-	scd: Distinguish cancel by user and protocol error.
-	+ commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
-	* scd/apdu.h (SW_HOST_CANCELLED): New.
-	* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
-	(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
-	* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
-	SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+	agent: Minor change for pinentry status handling.
+	+ commit 99aa54323f97937613e02d8c2da91544e1fe7bcf
+	* agent/call-pinentry.c (struct entry_parm_s): Add status.
+	(do_getpin): Use param->status.
+	(agent_askpin): Copy param->status. to pininfo.
 
-	common: Fix gnupg_wait_processes.
-	+ commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
-	* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
-	even if we already see an error.
+	agent: Factor out the getpin interaction.
+	+ commit ada797f477f923bee36d67c8e49f728ae7adb9e9
+	* agent/call-pinentry.c (do_getpin): New.
+	(agent_askpin, agent_get_passphrase): Use do_getpin.
+
+2019-02-18  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>
+
+	sm: Support generation of card-based ed25519 CSR.
+	+ commit 3cbdf896e6919333b5423001ab58c01a04363386
+	* sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
+	S-expression for EdDSA signature.
+	* sm/certreqgen.c (create_request): Force use of SHA512 when
+	using a ed25519 key.
+	* sm/misc.c (transform_sigval): Insert OID for ed25519.
+
+2019-02-15  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>
+
+	sm: Support generation of card-based ECDSA CSR.
+	+ commit 74e9b579ca273fc07be090bb5fb7800a97b1b452
+	* sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
+	and format resulting S-expression accordingly.
+	* sm/misc.c (transform_sigval): Support ECDSA signatures.
 
 2019-02-14  Ingvar Hagelund  <ingvar@redpill-linpro.com>
 
 	po: Correct a simple typo in the Norwegian translation.
-	+ commit a09bba976d2f5694011a9291189a70a0f3c4caae
+	+ commit b89f1790e0b9f3196a2382a9b9ff5f461c58a449
 
 
-2019-02-12  Werner Koch  <wk@gnupg.org>
+2019-02-13  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.13.
-	+ commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f
+	card: New command "yubikey".
+	+ commit 7e1cd2cd416f852fc039af310e3df1ce395d89a9
+	* tools/card-tool-yubikey.c: New.
+	* tools/Makefile.am (gpg_card_tool_SOURCES): Add it.
+	* tools/card-call-scd.c (scd_apdu): Allow returning data.
+	* tools/card-tool-misc.c (send_apdu): New.  Move from gpg-card-tool.c
+	and let it return data.  Change all callers.
 
+	* tools/gpg-card-tool.c (cmd_writecert): Prepend the certref with the
+	current application type.
+	(cmd_yubikey): New.
 
 2019-02-11  Werner Koch  <wk@gnupg.org>
 
+	scd: Implement decryption for PIV cards.
+	+ commit 43b14b4cc227311aa77b1fc1d9577c5f7d3eda86
+	* scd/app-piv.c (do_decipher): New.
+
+	scd: For PIV cards used NO_AUTH instead of BAD_PIN.
+	+ commit b2838694402ce0cfc2ef70451bf0e6677b875ca9
+	* common/util.h (GPG_ERR_NO_AUTH, GPG_ERR_BAD_AUTH): Add replacement
+	codes for gpgrt < 1.36.
+	* scd/app-piv.c (auth_adm_key):
+	(do_genkey, do_writecert): Use better error codes.
+
+2019-02-08  Werner Koch  <wk@gnupg.org>
+
+	scd: Implement RSA signing for PIV cards.
+	+ commit 53beea56afecde76f0f4ca93fc50ca59298a093e
+	* scd/app-piv.c (concat_tlv_list): New.
+	(get_key_algorithm_by_dobj): Rename args for clarity.
+	(do_auth): factor all code out to ...
+	(do_sign): new.  Implement RSA signing.
+
 	sm: In --gen-key with "key from card" show also the algorithm.
-	+ commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
+	+ commit 0328976c94adc2c518c7a7763a35319a0000c5e2
 	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
 
 	common: Provide function to get public key algo names in our format.
-	+ commit d29d73264f607642281fb701a17015306c8fc4d7
-	* common/sexputil.c (pubkey_algo_string): New.
+	+ commit 03bf8e967adb2dd13329ba1089deb419d49e55c0
+	* tools/card-tool-misc.c (pubkey_algo_string): Move to  ...
+	* common/sexputil.c (pubkey_algo_string): here.
+
+	card: Make "generate" work for PIV cards.
+	+ commit a1cb4a940f308ba21ecc002b044efccf0c547784
+	* tools/card-call-scd.c (scd_genkey_cb): Make createtime optional.
+	(scd_genkey_cb):  Ditto.  Add arg algo.
+	* tools/gpg-card-tool.c (cmd_generate): Add options and factor card
+	specific code out to ...
+	(generate_openpgp, generate_generic): new functions.
+
+	scd: Allow generating ECC curves on PIV cards.
+	+ commit b349adc5c0d00d2fc405a45bd078f1580b5610cc
+	* scd/app-piv.c (genkey_parse_ecc): New.
+	(get_keygrip_by_tag): Call that one.
+	(do_readkey): Call that one.
+	* scd/command.c (cmd_genkey): Add option --algo.
 
 	common: New functions get_option_value and ascii_strupr.
-	+ commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
+	+ commit e2f18023b3b3b7e55b35218f65e37448d1011172
 	* common/server-help.c (get_option_value): New.
 	* common/stringhelp.c (ascii_strupr): New.
 
+2019-02-07  Werner Koch  <wk@gnupg.org>
+
+	card: Print the used algorithm of all keys.
+	+ commit b79bc877f2ad4d08e7de377cf4bf616b981b3c5f
+	* tools/card-call-scd.c (scd_readkey): New.
+	* tools/card-tool-misc.c (pubkey_algo_string): New.
+	* tools/gpg-card-tool.c (list_one_kinfo): Print the algo.
+
+	card: Fix a NULL-ptr deref in key listings.
+	+ commit df6ba6dfd235fddb7645bc16573da1a6a7e6b49d
+	* tools/card-tool-keys.c (get_matching_keys): Fix segv.
+	* tools/gpg-card-tool.c (main): Init info.
+
+	scd: Store a new PIV public key in the certificate DO.
+	+ commit 5bf1212000f48243642ace0f708fd27446879b9e
+	* scd/app-piv.c (struct genkey_result_s): Remove type and all users.
+	(send_keypair_and_cert_info): Print certinfo only if we got a cert..
+	(readcert_by_tag): Add arg r_mechanism and implement reading of public
+	keys.
+	(get_keygrip_by_tag): Use a public key to compute the keygrip.
+	(do_readcert): Make sure to only return a certificate.
+	(do_readkey): Read public key from the DO if a certificate is missing.
+	(get_key_algorithm_by_dobj): Get the algorithm also from a public key.
+	(does_key_exist): String changes.
+	(do_genkey): Remove result caching and store public key in the DO.
+
+	card: Support reading and writing PIV certificates.
+	+ commit fcec5b40e589b2ef201efb89f22a952feb4a9069
+	* scd/app-piv.c (add_tlv): New.
+	(put_data): New.
+	(do_writecert): New.
+	(do_setattr): Remove usused special mode 0.
+	* tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
+	OPENPGP.
+	(cmd_readcert): Ditto.
+
+2019-02-06  Werner Koch  <wk@gnupg.org>
+
+	scd: Add genkey command to app-piv (rsa-only)
+	+ commit b5b1f721582df9d0379cb68b4faeceed32a56e49
+	* scd/app-piv.c (struct genkey_result_s): new.
+	(struct app_local_s): add member genkey_results.
+	(do_deinit): Free that one.
+	(flush_cached_data): Extend to delete all items.
+	(keyref_from_dobj): New.
+	(do_readkey): New.
+	(do_auth): Use keyref_from_dobj.
+	(does_key_exist): New.
+	(genkey_parse_rsa): New.
+	(do_genkey): New.
+
 	scd: Make app_genkey and supporting ISO function more flexible.
-	+ commit 14816c798099925e47908e7ce415412d72fbe28e
+	+ commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c
 	* scd/app.c (app_genkey): Add arg keytype.
 	* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
 	* scd/command.c (cmd_genkey): Adjust for change.
@@ -5102,52 +7775,97 @@
 	* scd/app-openpgp.c (do_genkey): Adjust for changes.
 
 	scd: Fix parameter name of app_change_key.
-	+ commit c075274aac0ffd388df638548b75a7d90e7e929d
+	+ commit c26af8ac263ea006ed32e110a09271e4bfbf1f37
 	* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
 	* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
 	change from int to unsigned int.
 
+	scd: Implement PIN changing and unblocking for PIV cards.
+	+ commit e9e876cb5572670322aa1d3462d64c75c03974d9
+	* scd/app-piv.c: Some refactoring
+	(do_change_chv): Implement.
+
+2019-02-05  Werner Koch  <wk@gnupg.org>
+
 	scd: Allow standard keyref scheme for app-openpgp.
-	+ commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
+	+ commit 3231ecdafd71ac47b734469b07170756979ede72
 	* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
 	"OPENPGP."
+	* tools/card-call-scd.c (scd_change_pin): Change API to use strings.
+	* tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
+	(cmd_unblock): Ditto.
+
+2019-01-31  Werner Koch  <wk@gnupg.org>
+
+	card: Implement non-interactive mode.
+	+ commit 1c0fa3e6f74692d5e9b5f08cda523f0fcec305eb
+	* tools/card-tool.h (opt): Add field 'initialized'.
+	* tools/card-call-scd.c (scd_learn): Set it.
+	* tools/gpg-card-tool.c (main): Reworked.
+	(dispatch_command): New.
+
+	card: New command 'authenticate'.
+	+ commit da383257404cde9689bc58259ef3f46e9903bf34
+	* tools/card-tool-misc.c (hex_to_buffer): New.
+	* tools/gpg-card-tool.c (get_data_from_file): Change to allow returning
+	a string.
+	(cmd_authenticate): New.
+	(cmds): Add command "authenticate".
+
+	scd: Add DES authentication for PIV card.
+	+ commit 1d57450f3e71b198e66e155a8ebbfab452f58ffc
+	* scd/app-piv.c (flush_cached_data): New.
+	(auth_adm_key): New.
+	(set_adm_key): New.
+	(do_setattr): New.
+	* scd/command.c (MAXLEN_SETATTRDATA): New.
+	(cmd_setattr): Add an inquire option.
 
-	gpg: Emit an ERROR status if no key was found with --list-keys.
-	+ commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
-	* g10/keylist.c (list_one): Emit status line.
-
-2019-02-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-	po: Update Japanese translation.
-	+ commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1
-
+2019-01-30  Werner Koch  <wk@gnupg.org>
 
-	agent: Clear bogus pinentry cache, when it causes an error.
-	+ commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
-	* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
-	(struct pin_entry_info_s): Add status.
-	* agent/call-pinentry.c (agent_askpin): Clearing the ->status
-	before the loop, let the assuan_transact set ->status.  When
-	failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
-	soon.
-	* agent/findkey.c (unprotect): Clear the pinentry cache,
-	when it causes an error.
+	card: Cache the results from gpg and gpgsm.
+	+ commit 0107984f9f55f84e4842642bceefd2181ec09dab
+	* tools/card-tool-keys.c (keyblock_cache): New var.
+	(release_keyblock): Factor code out to a new do_release_keyblock.  Add
+	a cache.
+	(flush_keyblock_cache): New.
+	(get_matching_keys): Use the cache.
+	* tools/gpg-card-tool.c (cmds): Add command "reset".
+	(interactive_loop): Implement reset.
+
+	card: Print matching OpenPGP and X.509 data.
+	+ commit 833f27a6a7e059e38bccaf360f05e72e4403545a
+	* tools/card-tool-keys.c: New.
+	* tools/Makefile.am (gpg_card_tool_SOURCES): Add file.
+	* tools/card-tool.h (struct pubkey_s, pubkey_t): New.
+	(struct userid_s, userid_t): New.
+	(struct keyblock_s, keyblock_t): New.
+	* common/util.h (GNUPG_PROTOCOL_): New const
+	* tools/gpg-card-tool.c (aTest): Add temporary command.
+	(list_one_kinfo): Print info from gpg and gpgsm.
 
-	dirmngr: Fix initialization of assuan's nPth hook.
-	+ commit 7f4c3eb0a039621c564b6095ab5f810524843157
-	* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
-	(thread_init): ... here.
+	gpg: Emit an ERROR status if no key was found with --list-keys.
+	+ commit 140fda8c61422ec055c3f7e214cc35706c4320dd
+	* g10/keylist.c (list_one): Emit status line.
 
-2019-01-30  Werner Koch  <wk@gnupg.org>
+	common: Add kludge to allow silencing gnupg_exec_tool_stream.
+	+ commit 1fd3d864b4eceaf45b33e754e5d832b7ccc0d17f
+	* common/exectool.c (read_and_log_buffer_t): Take care of a --quiet
+	argument.
+	(gnupg_exec_tool_stream): Ditto.
 
 	gpg: Allow generating Ed25519 key from an existing key.
-	+ commit 31d2a1eecaee766919b18bc42b918d9168f601f8
+	+ commit 346a98fabe03adf2e202e36fc2aa24b1c2571154
 	* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
 
+	common: New function decode_c_string.
+	+ commit 6ecedd0b25b6b1a33be63b99f2a8256370000521
+	* common/miscellaneous.c (decode_c_string): New.
+
 2019-01-29  Werner Koch  <wk@gnupg.org>
 
 	gpg: Implement searching keys via keygrip.
-	+ commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
+	+ commit c128667b3cba749dd14262e032d4c260a2b0acd3
 	* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
 	* kbx/keybox-openpgp.c (struct keyparm_s): New.
 	(keygrip_from_keyparm): New.
@@ -5156,27 +7874,166 @@
 	(has_keygrip): Call it.
 
 	common: Provide some convenient OpenPGP related constants.
-	+ commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
+	+ commit f382984966a31a4cbe572bce5370590c5490ed1e
 	* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
 	(OPENPGP_MAX_NSKEY): New.
 	(OPENPGP_MAX_NSIG): New.
 	(OPENPGP_MAX_NENC): New.
 	* g10/packet.h: Define PUBKEY_MAX using the new consts.
 
-	(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
-
 	common: New helper functions for OpenPGP curve OIDs.
-	+ commit dddbb26155f292fde2909ecc84b62b693b6dea49
+	+ commit 4a1558d0c7190cf13d35385e47291a7aa121be3e
 	* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
 	to ...
 	(openpgp_oidbuf_to_str): new.
 	(openpgp_oidbuf_is_ed25519): New.
 	(openpgp_oidbuf_is_cv25519): New.
 
+	card: Support factory reset for Yubikey PIV application.
+	+ commit 79bed504e51034d960fcb858fb643901cad85913
+	* scd/app-common.h (struct app_ctx_s): Add field cardtype.
+	* scd/app.c (app_new_register): Set cardtype for yubikey.
+	(app_getattr): Add CARDTYPE.
+	(app_write_learn_status): Emit new attribute.
+	* scd/app-piv.c (do_getattr): Add CHV-USAGE.
+	(do_learn_status): Emit it.
+	* tools/card-tool.h (struct card_info_s): Add field cardtype.
+	* tools/card-call-scd.c (learn_status_cb): Parse "CARDTYPE".
+
+	* tools/gpg-card-tool.c (list_piv): Print PIN usage policy.
+	(list_card): Print card type.
+	(cmd_factoryreset): Implement for Yubikey with PIV.
+
+	card: Print keyinfo for PIV cards.
+	+ commit 9325c92284bb346d11c3591bb2ea88095989361a
+	* scd/app-piv.c (do_learn_status): Print CHV-STATUS.
+	* tools/card-tool.h (struct card_info_s): Rename chvretry to chvinfo.
+	* tools/card-call-scd.c (learn_status_cb): Depend CHV-STATUS on app
+	type.
+	* tools/gpg-card-tool.c (list_piv): New.
+
+	card: Make printing of key information more flexible.
+	+ commit 237880175f59d372011cd2e20bb49726eeccf058
+	* tools/card-tool-misc.c: New.
+	* tools/card-tool.h: Rewored data structures for key infos.
+	* tools/gpg-card-tool.c: Ditto.
+	* tools/card-call-scd.c: Ditto.
+
+2019-01-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Clear bogus pinentry cache, when it causes an error.
+	+ commit 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb
+	* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
+	(struct pin_entry_info_s): Add status.
+	* agent/call-pinentry.c (agent_askpin): Clearing the ->status
+	before the loop, let the assuan_transact set ->status.  When
+	failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
+	soon.
+	* agent/findkey.c (unprotect): Clear the pinentry cache,
+	when it causes an error.
+
+2019-01-27  Werner Koch  <wk@gnupg.org>
+
+	card: Implement the bulk of OpenPGP stuff into gpg-card-tool.
+	+ commit 1c9251004592415b27988064ae20504dd1c37f57
+	* tools/card-call-scd.c: New.
+	* tools/card-tool.h: new.
+	* tools/gpg-card-tool.c: Largely extended.
+
+2019-01-26  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix just changed agent_get_s2k_count.
+	+ commit 54f88afba4564e62e51fe6e22beabbdee75f91ac
+	* g10/call-agent.c (agent_get_s2k_count): Actually return the count.
+
+	gpg: Move S2K encoding function to a shared file.
+	+ commit ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1
+	* g10/passphrase.c (encode_s2k_iterations): Move function to ...
+	* common/openpgp-s2k.c: new file.  Remove default intialization code.
+	* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
+	* g10/call-agent.c (agent_get_s2k_count): Change to return the count
+	and print an error.
+	* agent/protect.c: Include openpgpdefs.h
+	* g10/card-util.c (gen_kdf_data): Adjust for changes
+	* g10/gpgcompose.c: Include call-agent.h.
+	(sk_esk): Adjust for changes.
+	* g10/passphrase (passphrase_to_dek): Adjust for changes.
+	* g10/main.h (S2K_DECODE_COUNT): Remove macro.
+
+2019-01-25  Werner Koch  <wk@gnupg.org>
+
+	scd: Improve app selection for app "undefined".
+	+ commit 0415b80227c52620bece3ae7502f38f24a23e59d
+	* scd/app.c (app_new_register): Don't bail out early in undefined
+	mode.
+
+	scd: Fix flushing of CA-FPR data objects.
+	+ commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6
+	* scd/app-openpgp.c (do_setattr): Add new table item to flush a
+	different tag.
+
+2019-01-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
+	+ commit ae966bbe9b16ed68a51391afdde615339755e22d
+	* agent/command.c (cmd_clear_passphrase): Add support for SSH.
+
+	dirmngr: Fix initialization of assuan's nPth hook.
+	+ commit 1f8817475f59ede3f28f57edc10ba56bbdd08b49
+	* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
+	(thread_init): ... here.
+
+2019-01-24  Werner Koch  <wk@gnupg.org>
+
+	common: Extend function percent_data_escape.
+	+ commit 055f8854d3f49b8d06105d20f344f5ac10e4f6a6
+	* common/percent.c (percent_data_escape): Add new args prefix and
+	plus_escape.
+	* agent/command.c (cmd_put_secret): Adjust for changed function
+
+	* common/t-percent.c (test_percent_data_escape): Extend test for the
+	prefix.
+	(test_percent_data_escape_plus): new test for the plus escaping.
+
+2019-01-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Support PASSWD --clear for OpenPGP card.
+	+ commit fec75a3868da72196f76aca95c7ab07debb7dc04
+	* scd/app-openpgp.c (do_change_pin): Implement handling
+	APP_CHANGE_FLAG_CLEAR.
+
 2019-01-22  Werner Koch  <wk@gnupg.org>
 
+	gpg: Stop early when trying to create a primary Elgamal key.
+	+ commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8
+	* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
+
+	card-tool: Add skeleton for new tool.
+	+ commit e6d613711a327d63511601dd42aeff34e09ec95a
+	* tools/gpg-card-tool.c: New.
+	* tools/gpg-card-tool-w32info.rc: New.
+	* tools/Makefile.am: Add new tool.
+
+	common: Add generic status print function.
+	+ commit 03cf23b43ec5fea8a355d3ba2200e86a8efc589b
+	* common/status.c (gnupg_set_status_fd): New.
+	(gnupg_status_printf): New.
+	* po/Makevars (XGETTEXT_OPTIONS): Add gnupg-status_printf.
+
+2019-01-21  Werner Koch  <wk@gnupg.org>
+
+	scd: Support CHV-STATUS and CHECKPIN for PIV.
+	+ commit fa9d703de5c70ae925e8ca6604073506f24d641a
+	* scd/app-piv.c (parse_pin_keyref): New.
+	(get_chv_status): New.
+	(do_getattr): Add name CHV-STATUS.
+	(verify_pin): Add arg keyref to support other PINs.
+	(do_change_pin): New.  Right now limited to --clear.
+	(do_check_pin): New.
+	(app_select_piv): Register new commands.
+
 	scd: Add option --clear to PASSWD.
-	+ commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
+	+ commit 29929e65521279eabc98a67c766fe485057405a9
 	* scd/command.c (cmd_passwd): Add option --clear.
 	(send_status_printf): New.
 	* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
@@ -5184,8 +8041,18 @@
 	used.
 	* scd/app-openpgp.c (do_change_pin): Ditto.
 
+2019-01-20  Werner Koch  <wk@gnupg.org>
+
+	scd: Add very basic support for PIV cards.
+	+ commit ec56996029d95d4bd26e1badfe207232270c6247
+	* scd/app-piv.c: New.
+	* scd/Makefile.am (card_apps): Add app-piv.c
+	* scd/app.c (app_new_register): Try to get a Yubikey serial number.
+	Detect the PIV application.
+	(get_supported_applications): Add "piv".
+
 	scd: One new and one improved 7816 function.
-	+ commit 9309175de8c76de44021c25c7885355ff1a9b67b
+	+ commit 70bb5c7931598590b1acfae90bf4657f5911d2d3
 	* scd/apdu.c (apdu_send_direct): New arg R_SW.
 	* scd/command.c (cmd_apdu): Ditto.
 	* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
@@ -5193,8 +8060,10 @@
 	* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
 	arg.
 
+2019-01-17  Werner Koch  <wk@gnupg.org>
+
 	ssh: Simplify the curve name lookup.
-	+ commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
+	+ commit d93797c8a7892fe26672c551017468e9f8099ef6
 	* agent/command-ssh.c (struct ssh_key_type_spec): Add field
 	alt_curve_name.
 	(ssh_key_types): Add some alternate curve names.
@@ -5207,67 +8076,65 @@
 	GnuPG-2.2 Libgcrypt 1.7 is required.
 	(ssh_handler_request_identities): Log an error message.
 
-	gpg: Stop early when trying to create a primary Elgamal key.
-	+ commit f5d3b982e44c5cfc60e9936020102a598b635187
-	* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
+2019-01-16  NIIBE Yutaka  <gniibe@fsij.org>
 
-2019-01-17  NIIBE Yutaka  <gniibe@fsij.org>
+	gpg: Report STATUS_NO_SECKEY when it is examined.
+	+ commit dafffa95b2317bcb80fff1fd6d2bc7b4e6b1e206
+	* g10/packet.h (struct pubkey_enc_list): Add result.
+	* g10/mainproc.c (proc_pubkey_enc): Initialize ->result.
+	(proc_encrypted): Report STATUS_NO_SECKEY status.
+	* g10/pubkey-enc.c (get_session_key): Set ->result.
+
+2019-01-07  NIIBE Yutaka  <gniibe@fsij.org>
 
 	scd: Fix for USB INTERRUPT transfer.
-	+ commit 9dc76d599cd4c86d3c187d078daad1144a92564c
+	+ commit 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa
 	* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
 	just handle this event as failure.
 
-2018-12-19  NIIBE Yutaka  <gniibe@fsij.org>
+2019-01-03  Werner Koch  <wk@gnupg.org>
 
-	agent: Fix message for ACK button.
-	+ commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
-	* agent/divert-scd.c (getpin_cb): Display correct message.
+	scd: Add two variants to the set of ISO7816 functions.
+	+ commit 405feca2bdeeb620dc406667a702035a123ae848
+	* scd/iso7816.c (iso7816_select_application_ext): New.
+	(iso7816_get_data_odd): New.
 
-2018-12-18  Werner Koch  <wk@gnupg.org>
+	scd: Support "READKEY --advanced" for all cards.
+	+ commit cca2b87e79cda212a33c13efdd2b2830295d2efe
+	* scd/command.c (cmd_readkey): Reformat for advanced mode.
 
-	Silence compiler warnings new with gcc 8.
-	+ commit 21fc089148678f59edb02e0e16bed65b709fb972
-	* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
-	* tests/gpgscm/scheme.c: Include gpgrt.h.
-	(Eval_Cycle): Ignore -Wimplicit-fallthrough.
+2018-12-18  Werner Koch  <wk@gnupg.org>
 
 	wks: Do not use compression for the encrypted data.
-	+ commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
+	+ commit 70a8db0333e3c22403b3647f8b5f924f6dace719
 	* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
 	* tools/gpg-wks-server.c (encrypt_stream): Ditto.
 
 2018-12-18  NIIBE Yutaka  <gniibe@fsij.org>
 
-	po: Update Japanese translation.
-	+ commit ae9159e0685098ee97d6f526666524423f4a0fff
-
-
-	scd: Support "acknowledge button" feature.
-	+ commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
-	* scd/apdu.c (set_prompt_cb): New member function.
-	(set_prompt_cb_ccid_reader): New function.
-	(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
-	(apdu_set_prompt_cb): New.
-	* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
-	* ccid-driver.c (ccid_set_prompt_cb): New.
-	(bulk_in): Call ->prompt_cb when timer extension.
-	* scd/command.c (popup_prompt): New.
+	scd: Fix description string.
+	+ commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe
+	* scd/app-openpgp.c (data_objects): Capitalize the word for usage.
 
-	agent: Support --ack option for POPUPPINPADPROMPT.
-	+ commit e6be36ee8854dc343a5e0f914991da3da360b513
-	* agent/divert-scd.c (getpin_cb): Support --ack option.
+2018-12-17  Werner Koch  <wk@gnupg.org>
 
-2018-12-14  Werner Koch  <wk@gnupg.org>
+	Silence a few compiler warnings new with gcc 8.
+	+ commit 40c307fa8d0e813f2aa57806f25b8b0063cc2be3
+	* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
+	* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
+	gcc.
 
-	Release 2.2.12.
-	+ commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a
+2018-12-12  NIIBE Yutaka  <gniibe@fsij.org>
 
+	card: Suppress error message by agent_scd_cardlist.
+	+ commit ebf775eb16fef27bd1f27319a5483d04dcf95a9a
+	* g10/call-agent.c (agent_scd_cardlist): Add
+	FLAG_FOR_CARD_SUPPRESS_ERRORS.
 
 2018-12-11  Werner Koch  <wk@gnupg.org>
 
-	agent: Make the S2K calibration time runtime configurable.
-	+ commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
+	agent: Make the S2K calibration time runtime configurabe.
+	+ commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25
 	* agent/protect.c (s2k_calibration_time): New file global var.
 	(calibrate_s2k_count): Use it here.
 	(get_calibrated_s2k_count): Replace function static var by ...
@@ -5277,21 +8144,8 @@
 	(opts): New option --s2k-calibration.
 	(parse_rereadable_options): Parse that option.
 
-2018-12-11  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
-
-	agent: compile-time configuration of s2k calibration.
-	+ commit 0cf0f3aaf835d29848f1485df357606254ba6fad
-	* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
-	AGENT_S2K_CALIBRATION (measured in milliseconds)
-	* agent/protect.c (calibrate_s2k_count): Calibrate based on
-	AGENT_S2K_CALIBRATION.
-
-	(cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
-
-2018-12-11  Werner Koch  <wk@gnupg.org>
-
 	dirmngr: Retry another server from the pool on 502, 503, 504.
-	+ commit e5abdb6da7fa7cd4d146c7285b160277511bc230
+	+ commit 05ef6282784495a77f4faf76c0de5bc85dfecf06
 	* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
 	http_status and handle it.
 	(ks_hkp_search): Get http_status froms end_request and pass on to
@@ -5300,78 +8154,77 @@
 	(ks_hkp_put): Ditto.
 
 	dirmngr: New function http_status2string.
-	+ commit b9d71ea64a694582739c18cfef9621b36d5371e9
+	+ commit dc61f4ecea5c9815cb00aeb25439978337c1fd64
 	* dirmngr/http.c (http_status2string): New.
 
 	gpg: In search-keys return "Not found" instead of "No Data".
-	+ commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
+	+ commit e7252ae57f3c9da557f23295268f74dd25fee3a1
 	* g10/keyserver.c (keyserver_search): Check for NO_DATA.
 
 2018-12-11  Tomi Leppänen  <tomi.leppanen@jolla.com>
 
 	tools: Use POSIX compatible arguments for find.
-	+ commit dfcc5e6d3ec91f547feb78e442946e729b49878c
+	+ commit 2c35e67e3475ec38ff49953d79bd0f734d6db542
 	* tools/addgnupghome (filelist): Remove bashism.
 
-2018-12-06  NIIBE Yutaka  <gniibe@fsij.org>
-
-	scd: Make "learn" report about KDF data object.
-	+ commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
-	* scd/app-openpgp.c (do_learn_status): Report KDF attr.
-	* g10/card-util.c (current_card_status): Output KDF for with_colons.
-
-	card: Display if KDF is enabled or not.
-	+ commit 751ff784e5316470f266750d299ae857ad7840d8
-	* g10/call-agent.h (kdf_do_enabled): New field.
-	* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
-	* g10/card-util.c (current_card_status): Inform the availability.
-
-	g10: Fix memory leak for --card-status.
-	+ commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
-	* g10/card-util.c (card_status): Release memory of serial number.
-
 2018-12-05  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Fix print_pubkey_info new line output.
-	+ commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
+	+ commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f
 	* g10/keylist.c (print_pubkey_info): Reverse the condition.
 
-2018-12-05  Werner Koch  <wk@gnupg.org>
-
-	gpg: New list-option "show-only-fpr-mbox".
-	+ commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
-	* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
-	* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
-	* g10/keylist.c (list_keyblock_simple): New.
-	(list_keyblock): Call it.
-	(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
-	mode.
+2018-12-04  Werner Koch  <wk@gnupg.org>
 
 	wks: Fix filter expression syntax flaw.
-	+ commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
+	+ commit 0c36ec241d285545f286069843de4f663cd274a3
 	* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
 	expression needs a space before the value.
 	(install_key_from_spec_file): Replace es_getline by es_read_line and
 	remove debug output.
 
+	gpg: Prepare revocation keys for use with v5 keys.
+	+ commit c6e2ee020784de63edfa83c76095e086eae49eef
+	* g10/packet.h (struct revocation_key): Add field 'fprlen'.
+	* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
+	keys.  Also fix reading of unitialized data at place where
+	MAX_FINGERPRINT_LEN is used.
+	* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
+	Do an explicit compare to avoid reading unitialized data.
+	* g10/sig-check.c (check_revocation_keys): Use the fprlen.
+	* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
+	reading unitialized data.
+	* g10/import.c (revocation_present): Use fprlen.
+	* g10/keyedit.c (show_key_with_all_names): Use fprlen.
+	(menu_addrevoker): Use fprlen.  Allow for v5 keys.
+	* g10/keygen.c (keygen_add_revkey): Use fprlen.
+	(parse_revocation_key): Allow for v5 keys.
+	* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys.  Print a
+	better error message in case of bogus fingerprints.
+	* g10/keylist.c (print_revokers): Use fprlen.
+
 	wks: Allow reading of --install-key arguments from stdin.
-	+ commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
+	+ commit ba46a359b9d6549b74ec8401ea39bad434d87564
 	* tools/wks-util.c (install_key_from_spec_file): New.
 	(wks_cmd_install_key): Call it.
 	* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
 	* tools/gpg-wks-server.c (main): Ditto.
 
-	(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
+	gpg: New list-option "show-only-fpr-mbox".
+	+ commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49
+	* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
+	* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
+	* g10/keylist.c (list_keyblock_simple): New.
+	(list_keyblock): Call it.
+	(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
+	mode.
 
 	wks: Create sub-directories.
-	+ commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
+	+ commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0
 	* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
 	if needed.
 
-	(cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
-
 	wks: Add new commands --install-key and --remove-key to the client.
-	+ commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
+	+ commit 602b1909632925d5a2e0778c102d66109795c627
 	* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
 	(opts): Add "--install-key", "--remove-key" and "-C".
 	(parse_arguments): Parse them.
@@ -5379,7 +8232,7 @@
 	commands.
 
 	wks: Move a few server functions to wks-util.
-	+ commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
+	+ commit 99094c992c20dd22971beb3527cfda109cd1df89
 	* tools/gpg-wks-server.c (write_to_file): Move to ...
 	* tools/wks-util.c: here.
 	* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
@@ -5391,41 +8244,89 @@
 	* tools/gpg-wks-server.c (command_remove_key): Move to ...
 	* tools/wks-util.c (wks_cmd_remove_key): here and change callers.
 
-	(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
+2018-12-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Remove --with-*-prefix from configure_opts.
+	+ commit 802b23289cc9b43a56e5032c2681eb21d4014784
+	* autogen.rc (configure_opts): Remove --with-*-prefix.
 
-2018-12-05  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+2018-12-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
 
 	g10/mainproc: disable hash contexts when --skip-verify is used.
-	+ commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
+	+ commit 73e74de0e33bbb76300f96a4174024779047df06
 	* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
 	opt.skip_verify is set.
 
 	common/iobuf: fix memory wiping in iobuf_copy.
-	+ commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
+	+ commit 654e353d9b20f10fa275e7ae10cc50480654f079
 	* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
 	first sizeof(char*) bytes.
 
-	common: Use platform memory zeroing function for wipememory.
-	+ commit 21fdef6963539680a16b68b7536378bdaa8dea85
+	common/mischelp: use platform memory zeroing function for wipememory.
+	+ commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c
 	* common/mischelp.h (wipememory): Replace macro with function
 	prototype.
 	(wipememory2): Remove.
 	* common/mischelp.c (wipememory): New.
-	* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
-	remove duplicated checks.
+	* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
 
-2018-12-05  Werner Koch  <wk@gnupg.org>
+2018-11-30  Werner Koch  <wk@gnupg.org>
+
+	scd: Add strerror to new error message.
+	+ commit 3a90efb7cf13532cc82b45c11a7abdadfe0c81f1
+	* agent/call-scd.c (wait_child_thread): Add %s.
 
 	gpg: Improve error message about failed keygrip computation.
-	+ commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
+	+ commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc
 	* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
 
-	(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
+2018-11-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Serialize opening device by select_application.
+	+ commit 47106ac435e891ced67f0ad9bb6b2ee12098c880
+	* scd/app.c (app_new_register): Don't lock APP_LIST_LOCK here.
+	(select_application): Lock with APP_LIST_LOCK earlier.
+
+2018-11-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Better serialization for scdaemon access.
+	+ commit 483e63f9b5faead819ddd28308902ef43bf298ab
+	* agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
+	(wait_child_thread): Add log_info for Windows, and fixed log_error
+	message.
+
+2018-11-26  Andre Heinecke  <aheinecke@intevation.de>
+
+	w32: Fix linkage of gpg-pair-tool.
+	+ commit f12fcd907903742bde3ebb7ffef244c92d6d1611
+	* tools/Makefile.am (gpg_pair_tool_LDADD): Add W32SOCKLIBS.
+
+2018-11-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Have a thread to wait for the child process of scdaemon.
+	+ commit 40c7923ea881881a48de8f303b0870ec5910e13d
+	* agent/call-scd.c (wait_child_thread): New.
+	(start_scd): Create a thread for wait_child_thread.
+	(agent_scd_check_aliveness): Remove.
+
+	agent: Defer calling assuan_release when it's still in use.
+	+ commit 9fb3f0f3f79e74166cce8e0781e97043f25890cc
+	* agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
+	and INVALID flags.
+	(unlock_scd): Call assuan_release when CTX is invalid.
+	(start_scd): Set IN_USE.
+	(agent_scd_check_aliveness): Don't call assuan_release when it's in use.
 
-2018-11-23  Werner Koch  <wk@gnupg.org>
+	agent: Clean up SCDaemon management.
+	+ commit f45d6124696cc92ccdec09841b8182679c377997
+	* agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
+	(start_scd): Don't assign to the field.
+	(agent_scd_check_aliveness): Fix typo in comment.
+
+2018-11-22  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Avoid possible CSRF attacks via http redirects.
-	+ commit 4a4bb874f63741026bd26264c43bb32b1099f060
+	+ commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144
 	* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
 	(http_redir_info_t): New.
 	* dirmngr/http.c (do_parse_uri): Set new fields.
@@ -5436,31 +8337,175 @@
 	instead of the open code.
 	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
 
+2018-11-16  Werner Koch  <wk@gnupg.org>
+
+	gpg: Start using OCB mode by default with Libgcrypt 1.9.
+	+ commit 1e700961ddf4c54ec5a03a697fe00d7eb606fdff
+	* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
+
+2018-11-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	card: Display UIF setting.
+	+ commit e955ca245ea08e68ae2397f1583c8728d72acbd8
+	* g10/call-agent.h (agent_card_info_s): Add UIF fields.
+	* g10/call-agent.c (learn_status_cb): Put UIF DOs info.
+	* g10/card-util.c (current_card_status): Output for UIF.
+
+	scd: Make "learn" report about KDF data object.
+	+ commit 05d163aebc04db109ec5e004eb04a4b3796f6421
+	* scd/app-openpgp.c (do_learn_status): Report KDF attr.
+	* g10/card-util.c (current_card_status): Output KDF for with_colons.
+
+	card: Display if KDF is enabled or not.
+	+ commit a5542a4a702c2210facf58a98bc8d3d16089b6ab
+	* g10/call-agent.h (kdf_do_enabled): New field.
+	* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
+	* g10/card-util.c (current_card_status): Inform the availability.
+
+2018-11-14  Werner Koch  <wk@gnupg.org>
+
+	Remove the gpg-zip script.
+	+ commit 8b8ea802ca071c911158cab0203245a16a69125c
+	* tools/gpg-zip.in: Remove.
+	* m4/tar-ustar.m4: Remove.
+
+2018-11-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Simplify agent_popup_message_stop.
+	+ commit 804a77edd9472d44606641b7772550521e1ba271
+	* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.
+
+2018-11-13  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Support the new WKD draft with the openpgpkey subdomain.
+	+ commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd
+	* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
+	method.
+
+2018-11-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Update libgcrypt.m4 and ntbtls.m4.
+	+ commit d58fe697acefd435ec01503dae574d6c99dfedae
+	* m4/libgcrypt.m4: Update from master.
+	* m4/ntbtls.m4: Update from master.
+
 2018-11-12  Andre Heinecke  <aheinecke@intevation.de>
 
 	dirmngr: Add FLUSHCRLs command.
-	+ commit 00321a025f90990a71b60b4689ede1f38fbde347
+	+ commit 678e4706ee614a6b7e543e2a80072d75405dd4db
 	Summary:
 	* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
 	* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
 	(register_commands): Add FLUSHCRLS.
 
-2018-11-06  Werner Koch  <wk@gnupg.org>
+2018-11-12  Werner Koch  <wk@gnupg.org>
 
-	Release 2.1.11.
-	+ commit cb46b787571ef149856be03b8c3481bb79871698
+	common: Prepare for parsing mail sub-addresses.
+	+ commit 6b9f772914624cc673ba26d49b6e3adc32dd7e0a
+	* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
+	implement.  Change all callers to pass false for it.
+
+	* common/t-mbox-util.c (run_mbox_no_sub_test): New.
+	(run_filter): Add arg no_sub.
+	(main): Call new test and add option --no-sub.
+
+2018-11-11  Werner Koch  <wk@gnupg.org>
 
+	common: Add --filter option to t-mbox-util.
+	+ commit b3095c95ef9d2d76b49a6ad1b946fca590380dc9
+	* common/t-mbox-util.c (run_filter): New.
+	(main): Add option parser.
+
+2018-11-09  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	g10/mainproc: avoid extra hash contexts when decrypting AEAD input.
+	+ commit b46382dd47731231ff49b59c486110a25e08e985
+	* g10/mainproc.c (mainproc_context): New member
+	'seen_pkt_encrypted_aead'.
+	(release_list): Clear 'seen_pkt_encrypted_aead'.
+	(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
+	(have_seen_pkt_encrypted_aead): New.
+	(proc_plaintext): Do not enable extra hash contexts when decryption
+	AEAD input.
+
+2018-11-08  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	g10/armor: optimize radix64 to binary conversion.
+	+ commit 643ec7c642dc75191e712963d2bb460ac247e09b
+	* g10/armor.c (asctobin): Larger look-up table for fast path.
+	(initialize): Update 'asctobin' initialization.
+	(radix64_read): Add fast path for radix64 to binary conversion.
+
+	g10/armor: optimize binary to radix64 conversion.
+	+ commit e8142cc69a2ae5a5d0a238bc9f88841067359af8
+	* g10/armor.c (bintoasc): Change to read-only.
+	(initialize): Use const pointer for 'bintoasc'.
+	(armor_output_buf_as_radix64): New function for faster binary to
+	radix64 conversion.
+	(armor_filter): Use new conversion function.
+
+	g10/armor: use libgcrypt's CRC24 implementation.
+	+ commit e486d4f0259f27906d2c2869cc01b3aa31aaa0a6
+	* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
+	(new_armor_context): Open libgcrypt CRC24 context.
+	(release_armor_context): Close CRC24 context.
+	(initialize): Remove CRC table generation.
+	(get_afx_crc): New.
+	(check_input, fake_packet, radix64_read, armor_filter): Update to use
+	CRC24 context.
+	* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
+	with libgcrypt md context pointer.
+
+	common/iobuf: optimize iobuf_read_line.
+	+ commit 2b5718c1f76851160115f455c3a9383b04521347
+	* common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
+	character in buffer.
+
+	g10/armor: remove unused unarmor_pump code.
+	+ commit 47424881b27d4b3bae2925265b2008cda0c2933f
+	* g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
+	(unarmor_pump_release, unarmor_pump): Remove.
+	* g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
+	(unarmor_pump): Remove.
+
+	g10/armor: fix eof checks in radix64_read.
+	+ commit a571bb8df52d6f2727876e086790dd037c9948ad
+	* g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
+	of 'c == -1', as 'c' is never set to this value.
+
+	g10/decrypt-data: use iobuf_read for higher performance.
+	+ commit 5d6c080522e1666943b75c99124fb69b985b6941
+	* g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
+	for reading data.
+
+	g10/decrypt-data: use fill_buffer in more places.
+	+ commit e2b9095de35ac4d402b077d5484b4131700a9925
+	* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
+	fill_buffer.
+
+2018-11-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	gpgcompose: Fix --sk-esk.
+	+ commit 69930f6884a934207f7aa523cf6d2b8e22dfe666
+	* g10/gpgcompose.c (sk_esk): Copy the result content correctly.
+	Don't forget to free the result.
+
+	g10: Fix log_debug formatting.
+	+ commit 7fc3decc2e038be905d47701c7ce196ed86a725b
+	* g10/cipher-aead.c (do_flush): No cast is correct.
+	* g10/decrypt-data.c (aead_underflow): No cast needed.
+	Use "%j" for uint64_t for chunklen.
 
 2018-11-06  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Fix print_keygrip for smartcard.
-	+ commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
+	+ commit 01b77ebbb71d47ba276d3a1af9595fdcd9b48f5f
 	* g10/card-util.c (print_keygrip): Use tty_fprintf.
 
 2018-11-05  Werner Koch  <wk@gnupg.org>
 
 	wks: New option --with-colons for gpg-wks-client.
-	+ commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
+	+ commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c
 	* tools/gpg-wks.h (opt): Add field with_colons.
 	* tools/gpg-wks-client.c (oWithColons): New const.
 	(opts, parse_arguments): Add option --with-colons.
@@ -5470,185 +8515,363 @@
 	(get_policy_and_sa): New function.
 	(command_supported): Make use of new function.
 
-	speedo: Remove obsolete configure option of gpgme.
-	+ commit 593895a5e495c4647efa7db164356f3cae3d5759
-	* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
-	--disable-w32-qt option.
-
-	dirmngr: In verbose mode print the OCSP responder id.
-	+ commit 50756927ce6247abc2fadefbc76c58b75c8a7586
-	* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
-
-	(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
-
-	tools: Replace duplicated code in mime-maker.
-	+ commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
-	* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
-	mime-maker.c.
-	(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
-	(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
-	(capitalize_header_name): Remove.  Replace calls by new func.
-	(my_toupper, my_strcasecmp): New.
-	* tools/mime-maker.c: Include rfc822parse.h.
-	(HEADER_NAME_CHARS, capitalize_header_name): Remove.
-	(add_header): Replace check and capitalization by new functions.
-
-	gpg: Don't take the a TOFU trust model from the trustdb,
-	+ commit 82cd7556fdce989aaacf91e0d369a62e4652f224
-	* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
-	(create_version_record): Don't init as TOFU.
-	(tdbio_db_matches_options): Don't indicate a change in case TOFU is
-	stored in an old trustdb file.
-
-	dirmngr: Emit SOURCE status also on NO_DATA.
-	+ commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
-	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
-	NO DATA error.
-	(ks_hkp_get): Ditto.
-	* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
-	also on error.
-	(gpg_dirmngr_ks_get): Ditto.
+	speedo: Remove obsolete configure option of gpgme.
+	+ commit d7323bb2d957fbeb8192c0ecbd99b1d14d302912
+	* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
+	--disable-w32-qt option.
 
 	dirmngr: Fix LDAP port parsing.
-	+ commit 5ab58d3001b0342aecaf691b1af70b1f76426f55
+	+ commit a3a5a2451924640588e5ecc03a1d4ba6a6ba94a5
 	* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
 	segv for a missing slash after the host name.
 
+2018-11-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Update *.m4 from libraries.
+	+ commit 8e84efbe35633275e260712ba38a505e3f9d0898
+	* m4/gpg-error.m4: Update from master.
+	* m4/ksba.m4: Ditto.
+	* m4/libassuan.m4: Ditto.
+	* m4/libgcrypt.m4: Ditto.
+	* m4/npth.m4: Ditto.
+	* m4/ntbtls.m4: Ditto.
+
+2018-10-31  NIIBE Yutaka  <gniibe@fsij.org>
+
+	build: Update *.m4 from libraries.
+	+ commit fd7aee6a97134fdf48a496841241f8ae25736e61
+	* m4/gpg-error.m4: Update from master.
+	* m4/ksba.m4: Ditto.
+	* m4/libassuan.m4: Ditto.
+	* m4/libgcrypt.m4: Ditto.
+	* m4/npth.m4: Ditto.
+	* m4/ntbtls.m4: Ditto.
+
 2018-10-26  Werner Koch  <wk@gnupg.org>
 
 	build: By default build wks-tools on all Unix platforms.
-	+ commit 8a33d5c9c699d2145d39b362d580df67571c5f36
-	(cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)
+	+ commit b83fed64f8051279a8f36e024c1f12f7f13c4716
+
 
 	wkd: Add option --directory to the server.
-	+ commit 839426104a0c829f0182b22048fdc51cf295beb7
+	+ commit f248416bc9792e80bb0785302058131de49d7639
 	* tools/gpg-wks-server.c (opts): Add '--directory',
 	(main): Explain how to set correct permissions.
 	(command_list_domains): Create an empty policy file and remove the
 	warning for an empty policy file.
 
+2018-10-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	kbx: Increase size of field for fingerprint.
+	+ commit 4249e9a2bf028f007d1ddaac730f636e5c6da20f
+	* kbx/keybox-search-desc.h (fpr): Increase the size.
+
+2018-10-25  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	all: fix more spelling errors.
+	+ commit a7c5d65eb50355274c1b5b047c02c653f518900a
+
+
+	headers: fix spelling.
+	+ commit b39ece7d35401302879062d9d4bec25b1249ae7e
+
+
 2018-10-25  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
-	+ commit 26ebb15bec897a105b248680c1ddf1806592b1eb
+	+ commit 2b57a8159cdc3b212a4efc68787b40cafcd91ebe
 	* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
 	out of scope and cleanup the entire pgpKeySize block.
 
+2018-10-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10,scd: Improve UIF support.
+	+ commit 0240345728a84d8f235ce05889e83963e52742eb
+	* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
+	* g10/call-agent.h: New member field "bt".
+	* g10/card-util.c (uif): Limit its access only when it is supported.
+	* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
+	when there is a button.
+
+2018-10-24  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	all: fix spelling and typos.
+	+ commit 54eb375ff14e2a93cea70eab35719be4d25f51ca
+
+
+	doc: fix spelling mistakes.
+	+ commit ef540d1af0649ebf1add190d0ab095e957658b7e
+
+
 2018-10-24  Werner Koch  <wk@gnupg.org>
 
 	agent: Fix possible uninitalized use of CTX in simple_pwquery.
-	+ commit e53253485cd7ceb7012505a629d2cd997167ccab
+	+ commit bafcf7095159493a656382997f8b0d0bb11a20e8
 	* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
 
 	agent: Fix possible release of unitialize var in a genkey error case.
-	+ commit 62c75271173f83c5770576aae7b84f55a9ccbc16
+	+ commit 2bdc4b6ed97770ed15ec6c5afa02c2e44568a3bc
 	* agent/command.c (cmd_genkey): Initialize 'value'.
 
 	ssh: Fix possible infinite loop in case of an read error.
-	+ commit 147e59b7815daafb32b570a96f1d1925d0f37008
+	+ commit 7385e1babf6eef586c79ad23f8e541aaf608c4e5
 	* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
 	than EOF.
 
 	tools: Fix FILE memory leak in gpg-connect-agent.
-	+ commit f1561e5196e54f11b18050eeaeda50e786d188c2
+	+ commit 378719f25fe00d46393541f4a4f79e04484c3000
 	* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
 	stream.
 
-	(cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)
-
 	sm: Use the correct string in an error message.
-	+ commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7
+	+ commit 793fd8d876777c24c4d5072301fa530333d6e1d9
 	* sm/gpgsm.c (main): Fix error message.
 
-2018-10-24  Andre Heinecke  <aheinecke@intevation.de>
-
-	dirmngr: Only print info for no ldapserver file.
-	+ commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430
-	* dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
-	for ENOENT.
-
-2018-10-23  Andre Heinecke  <aheinecke@intevation.de>
-
-	sm: Fix dirmngr loadcrl for intermediate certs.
-	+ commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
-	* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
-	(inq_certificate): Distinguish unsupported inquiry error.
+	gpg: Unfinished support for v5 signatures.
+	+ commit 64a1e86fc06d89c980a196c61d2b6d77d167565e
+	* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
+	* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
+	byte count.
+	* g10/sign.c (hash_sigversion_to_magic): Ditto.
+	(write_signature_packets): Request v5 sig for v5 keys.  Remove useless
+	condition.
+	(make_keysig_packet): Request v5 sig for v5 keys.
 
 2018-10-22  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Prepare for updated WKD specs with ?l= param.
-	+ commit a2bd4a64e5b057f291a60a9499f881dd47745e2f
+	+ commit 256a280c51f9ea862e4bfb0bb530c2a96f9088f9
 	* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
 	request.
 
-	gpg: Fix extra check for sign usage of a data signature.
-	+ commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
-	* g10/sig-check.c (check_signature_end_simple):
+	agent: Fix build regression for Windows.
+	+ commit 68b8096b6617cdad09c99d7eda2035176807e78f
+	* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
+	Fix setting of it in case of a failed getsocketopt.
+	* agent/command.c (start_command_handler): Fix setting of the pid and
+	uid for Windows.
+
+	dirmngr: In verbose mode print the OCSP responder id.
+	+ commit 0a7f446c189201ca6e527af08b44da756b343209
+	* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
+
+2018-10-15  Werner Koch  <wk@gnupg.org>
+
+	tools: Replace duplicated code in mime-maker.
+	+ commit f03928b16c4fb00077d22d8ec141575ef6d26913
+	* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
+	mime-maker.c.
+	(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
+	(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
+	(capitalize_header_name): Remove.  Replace calls by new func.
+	(my_toupper, my_strcasecmp): New.
+	* tools/mime-maker.c: Include rfc822parse.h.
+	(HEADER_NAME_CHARS, capitalize_header_name): Remove.
+	(add_header): Replace check and capitalization by new functions.
 
 2018-10-15  NIIBE Yutaka  <gniibe@fsij.org>
 
 	scd: Fix signing authentication status.
-	+ commit 7e2b0488d13561be2b754e28801de654747a8dcc
+	+ commit 78f542e1f4495195db2e668f9cd41657fb1afc77
 	* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
 
+2018-10-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix message for ACK button.
+	+ commit 4ed941ff26783c4fabfe2079029f8e436eb7e340
+	* agent/divert-scd.c (getpin_cb): Display correct message.
+
+2018-10-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Support "acknowledge button" feature.
+	+ commit 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5
+	* scd/apdu.c (set_prompt_cb): New member function.
+	(set_prompt_cb_ccid_reader): New function.
+	(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
+	(apdu_set_prompt_cb): New.
+	* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
+	* ccid-driver.c (ccid_set_prompt_cb): New.
+	(bulk_in): Call ->prompt_cb when timer extension.
+	* scd/command.c (popup_prompt): New.
+
+	agent: Support --ack option for POPUPPINPADPROMPT.
+	+ commit 827529339a4854886dbb5625238e7e01013efdcd
+	* agent/divert-scd.c (getpin_cb): Support --ack option.
+
+2018-10-10  Werner Koch  <wk@gnupg.org>
+
+	gpg: Don't take the a TOFU trust model from the trustdb,
+	+ commit 150a33df41944d764621f037038683f3d605aa3f
+	* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
+	(create_version_record): Don't init as TOFU.
+	(tdbio_db_matches_options): Don't indicate a change in case TOFU is
+	stored in an old trustdb file.
+
+2018-10-08  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix extra check for sign usage of a data signature.
+	+ commit b6275f3bda8edff34274c5b921508567f491ab9c
+	* g10/sig-check.c (check_signature_end_simple):
+
+	gpg: Make --skip-hidden-recipients work again.
+	+ commit 79f165d7a8bcc26972712bb0f0cc554d5c3d4e42
+	* g10/pubkey-enc.c (get_session_key): Take care of
+	opt.skip_hidden_recipients.
+
+2018-10-02  Werner Koch  <wk@gnupg.org>
+
+	gpg: New options import-drop-uids and export-drop-uids.
+	+ commit 8e83493dae426fe36a0e0081198b10db1e103ff1
+	* g10/options.h (IMPORT_DROP_UIDS): New.
+	(EXPORT_DROP_UIDS): New.
+	* g10/import.c (parse_import_options): Add option "import-drop-uids".
+	(import_one): Don't bail out with that options and no uids found.
+	Also remove all uids.
+	(remove_all_uids): New.
+	* g10/export.c (parse_export_options): Add option "export-drop-uids".
+	(do_export_one_keyblock): Implement option.
+
 2018-10-02  NIIBE Yutaka  <gniibe@fsij.org>
 
 	common: Fix gnupg_reopen_std.
-	+ commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8
+	+ commit 50b02dba2060a8969da47b18d9c0ecdccbd30db4
 	* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
 
+2018-09-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10,scd: Support UIF changing command.
+	+ commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad
+	* g10/card-util.c (uif, cmdUIF): New.
+	(card_edit): Add call to uif by cmdUIF.
+	* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
+	(do_setattr): Likewise.
+	(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.
+
+2018-09-18  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix memory leak for --card-status.
+	+ commit fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b
+	* g10/card-util.c (card_status): Release memory of serial number.
+
+2018-09-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix another memory leak.
+	+ commit 60c880bda5c9b821fd2968cf89c38c37be3c1a7b
+	* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.
+
+	g10: Fix memory leak (more).
+	+ commit 2eb481e8cc1c37378cf68a06557c4a7a625d315c
+	* g10/skclist.c (enum_secret_keys): Free SERIALNO on update.
+
+	g10: Fix memory leak in enum_secret_keys.
+	+ commit 64c5c45e2aa4a12d939680b9d51c8b26d61c5e9d
+	* g10/skclist.c (enum_secret_keys): Don't forget to call
+	free_public_key in the error return paths.
+
+2018-09-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."
+	+ commit 69bab1cba07a8259b85a7911c2824724667803a4
+	This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.
+
+	dirmngr: Serialize access to hosttable.
+	+ commit 995aded58724a1a07704493b311be5222b3f82a2
+	* dirmngr/dirmngr.h (ks_hkp_init): New.
+	* dirmngr/dirmngr.c (main): Call ks_hkp_init.
+	* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
+	(ks_hkp_mark_host): Serialize access to hosttable.
+	(ks_hkp_print_hosttable, make_host_part): Likewise.
+	(ks_hkp_housekeeping, ks_hkp_reload): Likewise.
+
 2018-09-10  NIIBE Yutaka  <gniibe@fsij.org>
 
 	common: Use iobuf_get_noeof to avoid undefined behaviors.
-	+ commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7
+	+ commit f80346f42df4bdc7d0a9741c3922129aceae4f81
 	* common/iobuf.c (block_filter): Use iobuf_get_noeof.
 
 	agent: Fix error code check from npth_mutex_init.
-	+ commit 213379debe5591dad6339aa95aa7282e0de620f9
+	+ commit adce73b86fd49d5bbb8884231a26cc7533d400e2
 	* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
 	error when npth_mutex_init returns non-zero.
 
+2018-09-07  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Emit SOURCE status also on NO_DATA.
+	+ commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388
+	* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
+	NO DATA error.
+	(ks_hkp_get): Ditto.
+	* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
+	also on error.
+	(gpg_dirmngr_ks_get): Ditto.
+
+2018-09-07  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	dirmngr: hkp: Avoid potential race condition when some hosts die.
+	+ commit 04b56eff118ec34432c368b87e724bce1ac683f9
+	* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
+	through the host table instead of risking out-of-bounds write.
+
 2018-09-07  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Fix memory leak.
-	+ commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7
+	+ commit 7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e
 	* g10/import.c (read_block): Call free_packet to skip the packet.
 
 2018-09-06  NIIBE Yutaka  <gniibe@fsij.org>
 
+	gpgscm: Suppress warnings for GCC > 6.
+	+ commit 99c17b970bc0ca7e0cff7fe031c6f9feb05af3ff
+	* tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6.
+	(FALLTHROUGH): New for fallthrough.
+	(Eval_Cycle): Use FALLTHROUGH.  Remove not-needed comment of
+	fallthrough.
+
 	Fix use of strncpy, which is actually good to use memcpy.
-	+ commit f0fdee2e24a25f57a84e1684984ce3921d923e0a
+	+ commit 625ced6e672daa892d334323cce6b3d42a6f929f
 	* common/ssh-utils.c (get_fingerprint): Use memcpy.
 	* g10/build-packet.c (string_to_notation): Use memcpy.
 
-2018-08-30  Werner Koch  <wk@gnupg.org>
-
-	Release 2.2.10.
-	+ commit 24697074f44c18eeeedbc1e09d35f56504c57a1f
-
-
-2018-08-30  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit 2f5ba3a6c19b7a514488be01b7683287d74545d3
-
+2018-09-05  Werner Koch  <wk@gnupg.org>
+
+	kbx: Add framework for a public key daemon.
+	+ commit 512be1d04b98a9d6a9067bd34c16513089a0db9f
+	* kbx/keyboxd.c: New.
+	* kbx/keyboxd.h: New.
+	* kbx/kbxserver.c: New.
+	* kbx/keyboxd-w32info.rc: New.
+	* kbx/Makefile.am (EXTRA_DIST): Add new rc file.
+	(resource_objs): Ditto.
+	(libexec_PROGRAMS): New.
+	(common_libs, commonpth_libs): New.
+	(kbxutil_LDADD): Use here.
+	(keyboxd_SOURCES): New.
+	(keyboxd_CFLAGS): New.
+	(keyboxd_LDADD): New.
+	(keyboxd_LDFLAGS): New.
+	(keyboxd_DEPENDENCIES): new.
+	($(PROGRAMS)): Extend.
+
+	common: New function status_printf.
+	+ commit d4489be467e7229e17fb17a0489bf711d6ce66d6
+	* common/asshelp2.c (set_assuan_context_func): New.
+	(status_printf): New.
+	* po/Makevars (XGETTEXT_OPTIONS): Add status_printf
 
 2018-08-29  Werner Koch  <wk@gnupg.org>
 
 	gpg: Explain error message in key generation with --batch.
-	+ commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70
+	+ commit 1bfe766bcf3959135333900934f1a15c9b96c3cf
 	* g10/keygen.c (generate_keypair): Show more info.
 
 	gpg: Remove unused function get_pubkeys.
-	+ commit 719fc941b6eceb75c2326335d9d73011823ff3f9
+	+ commit ed8fe21e6612401846fc4af8631f0136dc633c67
 	* g10/getkey.c (get_pubkeys): Remove.
 	(pubkey_free): Remove and use code directly ...
 	(pubkeys_free): ... here.
 
-	(cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
-
 	gpg: New option --known-notation.
-	+ commit a59a9962f48f828ea7d22362dfa6d82841551110
+	+ commit 3da835713fb6220112d988e1953f3d84beabbf6a
 	* g10/gpg.c (oKnownNotation): New const.
 	(opts): Add option --known-notation.
 	(main): Set option.
@@ -5657,40 +8880,10 @@
 	(can_handle_critical_notation): Rewrite to handle the new feature.
 	Also print the name of unknown notations in verbose mode.
 
-2018-08-28  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16
-
-
-2018-08-28  Werner Koch  <wk@gnupg.org>
-
-	assuan: Fix exponential decay for first second.
-	+ commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a
-	* common/asshelp.c (wait_for_sock): Round SECSLEFT.
-	* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
-	mode.
-	* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
-
-2018-08-28  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
-
-	assuan: Use exponential decay for first 1s of spinlock.
-	+ commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead
-	* common/asshelp.c (wait_for_sock): instead of checking the socket
-	every second, we check 10 times in the first second (with exponential
-	decay).
-
-	assuan: Reorganize waiting for socket.
-	+ commit a22a55b994e06dd06157fbdabf5a402d8daf69c2
-	* common/asshelp.c (wait_for_sock): New function, collecting
-	codepaths from...
-	(start_new_gpg_agent) here and...
-	(start_new_dirmngr) here.
-
 2018-08-28  Werner Koch  <wk@gnupg.org>
 
 	gpg: Refresh expired keys originating from the WKD.
-	+ commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f
+	+ commit 7f172404bfcf719b9b1af4a182d4803525ebff7c
 	* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
 	(get_pubkey_byname): Set it.
 	(only_expired_enc_subkeys): New.
@@ -5698,59 +8891,140 @@
 	WKD.
 
 	gpg: Remove unused arg from a function.
-	+ commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9
+	+ commit db67ccb759426c1173761574b14bdfe6a76394c2
 	* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
 	Change both callers.
 
-	(cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
+2018-08-27  Werner Koch  <wk@gnupg.org>
+
+	gpg: Prepare for longer card fingerprints.
+	+ commit 108702ccae8ff1e5fec3b8e710f06a03637244c7
+	* g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
+	"*len".
+	* g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
+	return the actual length.
+	(agent_release_card_info): Adjust for these changes.
+	* g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
+	arg FPRLEN.  Change all callers to pass the length.
+	(print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
+	FPRLEN.  Change all callers to pass the length.
+	(fpr_is_zero): Add arg FPRLEN.
+	(fpr_is_ff): Ditto.
+	(show_card_key_info): Use the new functions.
+	* g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
+
+2018-08-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix enum_secret_keys for card keys.
+	+ commit b823788d200902f34c632026934cf0e43152b73e
+	* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
+	fingerprint in binary, change it to hex string.
+
+	g10: Prefer to available card keys for decryption.
+	+ commit 84cc55880a5815155328229beb309326472bfd82
+	* g10/skclist.c (enum_secret_keys): Add logic to prefer
+	decryption keys on cards.
+
+	g10: Move enum_secret_keys to skclist.c.
+	+ commit 03a8de7def4195b9accde47c1dcb84279361936d
+	* g10/getkey.c (enum_secret_keys): Move to...
+	* g10/skclist.c (enum_secret_keys): ... here.
+
+	g10: Fix comment of enum_secret_keys.
+	+ commit 6bb93fc295e712ddf9b461dfe650211caf16a844
+	* g10/getkey.c (enum_secret_keys): Fix comment for usage of
+	enum_secret_keys, following the previous change.
+
+	g10: Enumerated keys for decryption should be unique.
+	+ commit 30153c65f0875f9a62838f6347bcdcedd6114d35
+	* g10/getkey.c (enum_secret_keys): Collecting keys in the context,
+	check duplicate to make sure returning only unique keys.
+	* g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
+	enum_secret_keys to free keys.
+
+	g10: Change decryption key selection for public key encryption.
+	+ commit ce2f71760155b71a71418fe145a557c99bd52290
+	* g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list.
+	(do_proc_packets): Remove the first arg CTRL.  Fix call of
+	proc_pubkey_enc.
+	(release_list): Handle pubkey_enc_list.
+	(proc_pubkey_enc): Remove the first arg CTRL.  Simply put the packet
+	to pubkey_enc_list.
+	(print_pkenc_list): Remove the last arg FAILED.
+	(proc_encrypted): Only call print_pkenc_list once.
+	Handle DEK here.
+	(proc_packets, proc_signature_packets, proc_signature_packets_by_fd)
+	(proc_encryption_packets): Fix call of do_proc_packets.
+	* g10/packet.h (struct pubkey_enc_list): Define.
+	* g10/pubkey-enc.c (get_it): Change the second argument K.
+	(get_session_key): Select session key by LIST, using enum_secret_keys.
+	* g10/gpgv.c (get_session_key): Change the second argument K.
+	* g10/test-stubs.c (get_session_key): Likewise.
 
 2018-08-10  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Fix undefined behavior when EOF in parsing packet for S2K.
-	+ commit 822c633845066756b6442ca67b93b4b5c4316ca0
+	+ commit 1b309d9f6199a91caa0ca0b97b92d599e00b736e
 	* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
 	(parse_key): Likewise.
 
-2018-07-29  Werner Koch  <wk@gnupg.org>
+2018-07-27  Werner Koch  <wk@gnupg.org>
 
 	gpg: Set a limit for a WKD import of 256 KiB.
-	+ commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
+	+ commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41
 	* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
 	(gpg_dirmngr_wkd_get): Use it.
 
 	dirmngr: Validate SRV records in WKD queries.
-	+ commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
+	+ commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee
 	* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
 	to mitigate rogue DNS servers.
 
 	common: New function to validate domain names.
-	+ commit 4f59187a17f16d559e37a375501a0add1ca7eee8
+	+ commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72
 	* common/mbox-util.c (is_valid_domain_name): New.
 	* common/t-mbox-util.c (run_dns_test): New test.
 
-	(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
-
-2018-07-29  Jiří Keresteš  <jiri.kerestes@trustica.cz>
+2018-07-26  Jiří Keresteš  <jiri.kerestes@trustica.cz>
 
 	scd: Add support for Trustica Cryptoucan.
-	+ commit d43248af9242d30e95f58285e4f2a2e927aae937
-	(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
+	+ commit 967d3649d24aba623133808e8d01675dff389fbb
 
-2018-07-12  Werner Koch  <wk@gnupg.org>
 
-	Release 2.2.9.
-	+ commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45
+2018-07-25  Werner Koch  <wk@gnupg.org>
 
+	dirmngr: Print a WARNING status for DNS config problems.
+	+ commit bd4048c533165fd82340354d7229fcc2220db5a5
+	* dirmngr/dirmngr-status.h: New.
+	* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
+	to that file.
+	* dirmngr/t-support.c: New.
+	* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
+	(t_common_src): Add t-support.c.
+	* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
+	* dirmngr/dns-stuff.c: Include dirmngr-status.h.
+	(libdns_init): Print WARNING status line.  Change call callers to take
+	and pass a CTRL argument.
+	* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
+	status.
+
+2018-07-24  Werner Koch  <wk@gnupg.org>
+
+	gpg: Use 128 MiB as default AEAD chunk size.
+	+ commit 9aa1b368efd4edf51b6d056339bffb726de5162b
+	* g10/gpg.c (oDebugAllowLargeChunks): New.
+	(opts): New option --debug-allow-large-chunks.
+	(main): Implement that option.
 
 2018-07-09  Werner Koch  <wk@gnupg.org>
 
 	gpg: Remove multiple subkey bindings during export-clean.
-	+ commit 61562fe00027a4263f53661ad279072bd0b0133e
+	+ commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc
 	* g10/key-clean.c (clean_one_subkey_dupsigs): New.
 	(clean_all_subkeys): Call it.
 
 	gpg: Let export-clean remove expired subkeys.
-	+ commit 8055f186a32e628028de897b7ee4705cd8e999b7
+	+ commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93
 	* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
 	(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
 	* g10/key-clean.c (clean_one_subkey): New.
@@ -5761,14 +9035,16 @@
 	the export clean options.
 
 	gpg: Split key cleaning function for clarity.
-	+ commit 046276db3a04f1907ddcf77c3771832613918226
+	+ commit 6c3567196f7e72552f326ce07dccbcce31926e5d
 	* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
 	subkey cleaning into ...
 	(clean_all_subkeys): new.  Call that always after the former clean_key
 	invocations.
 
+2018-07-06  Werner Koch  <wk@gnupg.org>
+
 	gpg: Move key cleaning functions to a separate file.
-	+ commit 40bf383f72b5629de739e30c9c35bbcb628273e8
+	+ commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f
 	* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
 	(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
 	* g10/key-clean.c: new file.
@@ -5779,21 +9055,14 @@
 	* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
 	* g10/keydb.h: here.
 
-2018-07-06  Werner Koch  <wk@gnupg.org>
-
-	gpg: Allow decryption using several passphrases in may cases.
-	+ commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
-	* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
-	(proc_symkey_enc): Clear passpharse on error from above function.
-
 2018-07-05  Werner Koch  <wk@gnupg.org>
 
 	po: Add flag options for xgettext.
-	+ commit 833738a316977ee774399bd658d535216dff22e9
+	+ commit cb71573f376235036c98143155e964a15cfcb250
 	* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
 
 	gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
-	+ commit 221af19351addcdc28a1cd533c8628cfa3841671
+	+ commit f7526c7bc754acf68bde0b79c785e875a9365d60
 	* g10/getkey.c (get_pubkey_for_sig): New.
 	(get_pubkeyblock_for_sig): New.
 	* g10/mainproc.c (issuer_fpr_raw): Give global scope.
@@ -5802,27 +9071,70 @@
 	* g10/sig-check.c (check_signature2): Ditto.
 	(check_signature_over_key_or_uid): Ditto.
 
-2018-07-04  Andre Heinecke  <aheinecke@intevation.de>
-
-	po: Fix bug in german translation.
-	+ commit 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c
-	* po/de.po (decryption forced to fail!): Fix translation.
+	tools: Add experimental code for a pairing protocol.
+	+ commit faf3c70c7715ba86eb56fdccc6cf831bf87b2ee0
+	* configure.ac (GNUPG_CACHE_DIR): New const.
+	* tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
+	(gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
+	(gpg_pair_tool_LDADD): New.
+	* tools/gpg-pair-tool.c: New.
 
 2018-07-04  Werner Koch  <wk@gnupg.org>
 
 	gpg: Ignore too large user ids during import.
-	+ commit cb6b925f94b42c91fe8a7ed8bb22d98984538efc
+	+ commit 01cd66f9faf1623833e6afac84164de5a136ecff
 	* g10/import.c (read_block): Add special treatment for bad user ids
 	and comment packets.
 
 	gpg: Extra check for sign usage when verifying a data signature.
-	+ commit ef50fdf82a459894ed3da7b9be83f89658f1eaba
+	+ commit 214b0077264e35c079e854a8b6374704aea45cd5
 	* g10/sig-check.c (check_signature_end_simple): Check sign usage.
 
-2018-07-03  Werner Koch  <wk@gnupg.org>
+2018-07-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix memory leak for PKT_signature.
+	+ commit 996febbab21eb9283b0634e51303a36b318734a6
+	* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
+	* g10/gpgcompose.c (signature): Likewise.
+	* g10/sign.c (write_signature_packets): Likewise.
+
+2018-07-02  Werner Koch  <wk@gnupg.org>
+
+	agent: New commands PUT_SECRET and GET_SECRET.
+	+ commit 8a915cd9faf052b4faa3c415f2ac5aa8d6ea1efe
+	* agent/agent.h (CACHE_MODE_DATA): New const.
+	* agent/cache.c (DEF_CACHE_TTL_DATA): new.
+	(housekeeping): Tweak for CACHE_MODE_DATA.
+	(cache_mode_equal): Ditto.
+	(agent_get_cache): Ditto.
+	(agent_put_cache): Implement CACHE_MODE_DATA.
+	* agent/command.c (MAXLEN_PUT_SECRET): New.
+	(parse_ttl): New.
+	(cmd_get_secret): New.
+	(cmd_put_secret): New.
+	(register_commands): Register new commands.
+
+	common: New function percent_data_escape.
+	+ commit 58baf40af641f8cbf597e508a292e85ae94688f1
+	* common/percent.c (percent_data_escape): New.
+	* common/t-percent.c (test_percent_data_escape): New.
+
+	agent: Fix segv running in --server mode.
+	+ commit 3978df943dc7a4781a23382be2d3b4a96a04f71f
+	* agent/command.c (start_command_handler): Do not write to
+	CLIENT_CREDS after an error.
+
+2018-07-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	libdns: For SOCKS connection, just fails.
+	+ commit 1aacd12471935a354cfd85ee1805edc7eb16e6c5
+	* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
+	iterate to other server, but return the error immediately.
+
+2018-06-21  Werner Koch  <wk@gnupg.org>
 
 	gpg: Print revocation reason for "rev" records.
-	+ commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5
+	+ commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46
 	* g10/main.h: Add prototype.
 	* g10/keylist.c (list_keyblock_print): Print revocation info.
 	(list_keyblock_colon): Ditto.
@@ -5831,144 +9143,147 @@
 	* g10/gpgv.c (get_revocation_reason): New stub.
 
 	gpg: Print revocation reason for "rvs" records.
-	+ commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2
+	+ commit b7cd2c2093ae1b47645be50fa1d431a028187cad
 	* g10/import.c (get_revocation_reason): New.
 	(list_standalone_revocation): Extend function.
 
 	gpg: Let --show-keys print revocation certificates.
-	+ commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7
+	+ commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011
 	* g10/import.c (list_standalone_revocation): New.
 	(import_revoke_cert): Call new function.
 
-2018-07-03  NIIBE Yutaka  <gniibe@fsij.org>
-
-	g10: Fix memory leak for PKT_signature.
-	+ commit 2809be1f97a447171a9e8b40079851740b15341a
-	* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
-	* g10/gpgcompose.c (signature): Likewise.
-	* g10/sign.c (write_signature_packets): Likewise.
-
-2018-07-02  NIIBE Yutaka  <gniibe@fsij.org>
-
-	libdns: For SOCKS connection, just fails.
-	+ commit cca92ca5348999a3564dd54d7b0a103cc9e7640c
-	* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
-	iterate to other server, but return the error immediately.
+	build: Remove duplicates from AC_CHECK_FUNCS.
+	+ commit 7e9aa307f76cdf2f624d43a35a8266e8b4e473f9
+	* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
 
 2018-06-20  NIIBE Yutaka  <gniibe@fsij.org>
 
 	libdns: Let kernel to decide the local port.
-	+ commit 72a35ffee022f1bf180d02250c5be6a4edb599e7
+	+ commit 861f1da0731bf29dcb9221c4f22c76b40ec15a78
 	* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
 	(dns_socket): Don't select ephemeral port in user space.
 
+2018-06-19  Werner Koch  <wk@gnupg.org>
+
+	wks: Take name of sendmail from configure.
+	+ commit 08147f8bbdca40c98c2a094fa48fab15b8339c80
+	* configure.ac (NAME_OF_SENDMAIL): New ac_define.
+	* tools/send-mail.c (run_sendmail): Use it.
+
 2018-06-18  NIIBE Yutaka  <gniibe@fsij.org>
 
 	libdns: Fix for non-FQDN hostname.
-	+ commit 87d0ecf8a1b80139a6cab2a79f1ca6e287207999
+	+ commit a4a054bf14fa855715faee01a152755c4e2a74f7
 	* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
 	hostname.
 
+2018-06-15  NIIBE Yutaka  <gniibe@fsij.org>
+
 	libdns: Fix connect and try next nameserver when ECONNREFUSED.
-	+ commit 699fe4b36f62b0f4d4e21a85ee7c9ae13377d6cb
+	+ commit bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
 	* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
 	by connect with AF_UNSPEC and try again.  Also try again for
 	ECONNREFUSED.
 	(dns_res_exec): Try next nameserver when ECONNREFUSED.
 
 	libdns: Clear struct sockaddr_storage by zero.
-	+ commit 0c05b08e8b5c1f120fe5f3ed5c061f034f7496a0
+	+ commit 1c0b6681e4f322b88ac35d1f21c03d3cfc35fc23
 	* dirmngr/dns.c (dns_resconf_pton): Clear SS.
 	(dns_resconf_setiface): Clear ->IFACE.
 	(dns_hints_root, send_query): Clear SS.
 
+2018-06-14  NIIBE Yutaka  <gniibe@fsij.org>
+
 	libdns: Sync to upstream.
-	+ commit 20c289606f89803929948ddd18910acff2acc9eb
+	+ commit 3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d
 	* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.
 
 	dirmngr: Fix recursive resolver mode.
-	+ commit 13320db678675246f4bb5a3fb6ece143f37c34a4
+	+ commit 5b40338f12762cd74238c2d2b3101c33dd2d0ed3
 	* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
 
 2018-06-12  Werner Koch  <wk@gnupg.org>
 
+	Some preparations to eventuallt use gpgrt_argparse.
+	+ commit cb52eb76b3ba0269742c5322e10a2b5151dafaf2
+	* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
+	* tools/watchgnupg.c (print_version): USe this macro.
+	* common/init.c (_init_common_subsystems): Register argparse
+	functions.
+
+	Require libgpg-error 1.29 and remove internal logging functions.
+	+ commit 440472663d608660343c54f09172c851f5127c9c
+	* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
+	* common/util.h: Remove replacement error codes.
+	* common/logging.h: Remove fallback to internal logging functions.
+	* common/logging.c: Remove.
+	* common/Makefile.am (common_sources): Remove logging.c
+
 	gpg: Do not import revocations with --show-keys.
-	+ commit e8f439e0547463c24f3c10008fee73e6c4259f52
+	+ commit fe621cc64b13b00914633630f28b4b417892d629
 	* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
 	IMPORT_DRY_RUN.
 
+2018-06-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	card: Fix memory leak for fetch-url sub command.
+	+ commit 8f99299a54a0ac09f9c90c1085b704db78973fda
+	* g10/card-util.c (fetch_url): Release INFO.
+
 2018-06-12  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
 
 	gpg: Add new usage option for drop-subkey filters.
-	+ commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947
+	+ commit 2ddfb5bef920919443309ece9fa2930282bbce85
 	* g10/import.c (impex_filter_getval): Add new "usage" property for
 	drop-subkey filter.
 
 2018-06-11  Werner Koch  <wk@gnupg.org>
 
 	gpg: Set some list options with --show-keys.
-	+ commit cbb84b3361263504dcb958208bc20177cb97cebd
+	+ commit d2bc66f241a66cc95140cbb3a07555f6301290ed
 	* g10/gpg.c (main): Set some list options.
 
 2018-06-08  Werner Koch  <wk@gnupg.org>
 
-	gpg: Allow building with older libgpg-error.
-	+ commit 18274db32b5dea7fe8db67043a787578c975de4d
-	* g10/mainproc.c (proc_encrypted): Use constant from logging.h
-
-	Release 2.2.8.
-	+ commit cd9aaa7862955846f8adf819cd89d0db33e9c08c
-
-
-2018-06-08  Ineiev  <ineiev@gnu.org>
-
-	po: Update Russian translation.
-	+ commit 77ab99f80a5b0fbc60e05230185a54cd200d5e65
-
-
-2018-06-08  Werner Koch  <wk@gnupg.org>
-
 	gpg: Sanitize diagnostic with the original file name.
-	+ commit 210e402acd3e284b32db1901e43bf1470e659e49
+	+ commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b
 	* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
 
 2018-06-07  Werner Koch  <wk@gnupg.org>
 
 	gpg: Improve import's repair-key duplicate signature detection.
-	+ commit 6a87a0bd2501d82f4a6263608e4856e841305caf
+	+ commit 26746fe65d14a00773473c2d0d271406a5105bca
 	* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
 	(remove_duplicate_sigs): new.
 	(key_check_all_keysigs): Call remove_duplicate_sigs again after
 	reordering.
 
 	gpg: Fix import's repair-key duplicate signature detection.
-	+ commit cedd754fcb03f6dad6e462efc3d347bcef4ec83a
+	+ commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
 	* g10/packet.h (PKG_siganture): Add field 'help_counter'.
 	* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
 	(key_check_all_keysigs): De-duplicate on a per-block base.
 
 	gpg: Improve verbose output during import.
-	+ commit 36cc730fa516b3a197f3bb1eb6f3881dd128fbb7
+	+ commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20
 	* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
 	keyid.
 	(delete_inv_parts): Ditto.
 
-	(cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
-
 2018-06-06  Werner Koch  <wk@gnupg.org>
 
 	agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
-	+ commit c5c8fb1ec7c8690495de6189ec2c3a322db4e881
+	+ commit 7ffc1ac7dd95d4cc1897a4c36d5cd628741c12f2
 	* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
 	with the standard list.
 
 	gpg: Also detect a plaintext packet before an encrypted packet.
-	+ commit 054a187f24b19313cec59414fa924640e1b8c79c
+	+ commit 344b548dc71657d0285d93f78f17a2663b5e586f
 	* g10/mainproc.c (proc_encrypted): Print warning and later force an
 	error.
 
 	gpg: New command --show-keys.
-	+ commit dc87a3341f28ddac1113e90a3861d062be2610e2
+	+ commit 257661d6ae0ca376df758c38fabab2316d10e3a9
 	* g10/gpg.c (aShowKeys): New const.
 	(opts): New command --show-keys.
 	(main): Implement command.
@@ -5976,36 +9291,67 @@
 	mode.
 	(import_one): Be silent in show-only mode.
 
+2018-06-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Remove bogus comment.
+	+ commit d2e6b3ea1d70db1039a828fb3a978a4504f8f0c5
+	* g10/mainproc.c (proc_pubkey_enc): Remove a comment.
+
 2018-05-31  Werner Koch  <wk@gnupg.org>
 
 	gpg: Print a hint on how to decrypt a non-mdc message anyway.
-	+ commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de
+	+ commit 874e391665405fc413a69f2ffacdb94bb08da7ff
 	* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
 	MDC.  Also print a dedicated status error code
 
-	(cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
+2018-05-30  Werner Koch  <wk@gnupg.org>
+
+	gpg: Ignore the multiple message override options.
+	+ commit d3d41146b33040eb65eaaaffcfc7b4211e60bd95
+	* g10/gpg.c (oAllowMultisigVerification)
+	(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
+	(opts): Turn --allow-multisig-verification, --allow-multiple-messages
+	and --no-allow-multiple-messages into NOPs
+	* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
+	* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
+	false.
 
 	gpg: Detect multiple literal plaintext packets more reliable.
-	+ commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295
+	+ commit 97183b5c0fae05fcda942caa7df14ee6a133d846
 	* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
 
+2018-05-29  Werner Koch  <wk@gnupg.org>
+
+	gpg: Remove PGP6 compliance mode.
+	+ commit b2c05d691247a79fb46f75b653cbc4bf518c1c2a
+	* g10/gpg.c: Make --pgp6 an alias for --pgp7.
+	* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
+	* g10/options.h (PGP6): Remove.  Adjust all users.
+
 	gpg: Remove MDC options.
-	+ commit 866667765f38bf65b612191209d0f0a87fb16393
-	* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
+	+ commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709
+	* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
 	and --no-disable-mdc into NOPs.
 	* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
-	* g10/cipher.c (write_header): Include extra hint and make
-	translatable.
-	* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
+	(use_aead): Ignore MDC options. Print warning for missing MDC feature
+	flags.
+	* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
+	(warn_missing_aead_from_pklist): this and adjust.
+
+	gpg: Fix detection of the AEAD feature flag.
+	+ commit af4a5dbe575f304838db358aaeb45741f149d0a7
+	* g10/getkey.c (fixup_uidnode): Use bitmask 0x02.
+
+2018-05-15  Werner Koch  <wk@gnupg.org>
 
 	gpg: Hard fail on a missing MDC even for legacy algorithms.
-	+ commit 3db1b48a2da42942cb5a57281441167901bdcdc8
+	+ commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f
 	* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
 	* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
 	allow testing with the current files.
 
 	gpg: Turn --no-mdc-warn into a NOP.
-	+ commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941
+	+ commit 96350c5d5afcbc7f66c535e38b9fcc7355622855
 	* g10/gpg.c (oNoMDCWarn): Remove.
 	(opts): Make --no-mdc-warn a NOP.
 	(main): Don't set var.
@@ -6497,6 +9843,10 @@
 	* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
 	the type octet.  Print diagnostic.
 
+	Change license of argparse.c back to LGPLv2.1.
+	+ commit fa0ed1c7e2eee7c559026696e6b21acc882a97aa
+	* common/argparse.c, common/argparse.h: Change license
+
 2018-03-19  NIIBE Yutaka  <gniibe@fsij.org>
 
 	scd: signal mask should be set just after npth_init.
@@ -6579,6 +9929,57 @@
 	+ commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
 	* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
 
+2018-02-28  Werner Koch  <wk@gnupg.org>
+
+	gpg: Avoid writing a zero length last chunk in AEAD mode.
+	+ commit f2c09203b98b83669a460dc8161283de96022536
+	* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
+	(write_final_chunk): Do not increase chunkindex.
+	(do_flush): Call set_nonce_and_ad immediately before the first
+	encryption of a chunk.  Bump up the chunkindex after writing the tag.
+	(do_free): Do not insert a zero length last chunk.
+	* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
+
+	gpg: Merge two functions in cipher-aead.c.
+	+ commit 047506a03d21739b5b922f6b3fd9f059b0b137c5
+	* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
+	(set_nonce_and_ad): new function.
+	(write_auth_tag): Print error message here.
+	(do_flush): Rename var newchunk to finalize.
+
+2018-02-27  Werner Koch  <wk@gnupg.org>
+
+	gpg: Simplify the AEAD decryption function.
+	+ commit 618b86325f776f7250ad2bb09680e4bb427d7e50
+	* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
+	(aead_set_nonce_and_ad): new single function.  Change callers.
+	(decrypt_data): Do not set the nonce and ad here.
+	(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
+
+	gpg: Factor common code out of the AEAD decryption function.
+	+ commit ad989373f1a46139ed0fbc4d4a91069b78617ad9
+	* g10/decrypt-data.c (aead_underflow): Factor reading and checking
+	code code out to ...
+	(fill_buffer, aead_checktag): new functions.
+
+	gpg: Rename cipher.c to cipher-cfb.c.
+	+ commit b703ba725dadca8298a0c69365225f9a7ff60ae2
+	* g10/cipher.c: Rename to ...
+	* g10/cipher-cfb.c: this.
+
+	gpg: Fix corner cases in AEAD encryption.
+	+ commit ebb0fcf6e0bd6997eff4097ddda94955134212af
+	* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
+	index if the previous chunk was empty.
+	* g10/decrypt-data.c (aead_underflow): Likewise.  Also handle a other
+	corner cases.  Add more debug output.
+
+2018-02-23  Werner Koch  <wk@gnupg.org>
+
+	gpg: Try to mitigate the problem of wrong CFB symkey passphrases.
+	+ commit cbc7bacf2ff95aebb427bb244c719143a9001f3c
+	* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
+
 2018-02-22  Michał Górny  <mgorny@gentoo.org>
 
 	dirmngr: Handle failures related to missing IPv6 gracefully.
@@ -6588,6 +9989,10 @@
 
 2018-02-22  Werner Koch  <wk@gnupg.org>
 
+	build: Update swdb tags and include release info from 2.2.5.
+	+ commit 7853190cfe2953fdac066b4f3256edc206896144
+
+
 	Release 2.2.5.
 	+ commit 9581a65ccc10daededc05c55391a04022f794a4a
 
@@ -6716,12 +10121,26 @@
 	* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
 	(handle_connections): Use pipe.
 
+2018-02-06  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix packet length checking in symkeyenc parser.
+	+ commit 8305739fe857ed3378f885bb43777fd518dd1060
+	* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
+	end.  Add additional check to cope for the 0je extra bytes needed for
+	AEAD.
+
 2018-01-29  NIIBE Yutaka  <gniibe@fsij.org>
 
 	tests: Fix for NetBSD with __func__.
 	+ commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
 	* tests/asschk.c: Don't define __func__ if available.
 
+2018-01-28  Werner Koch  <wk@gnupg.org>
+
+	gpg: Rename a misnomed arg in open_outfile.
+	+ commit 303310d05e708dd58dcf7b7d8e8634cd5085bc7e
+	* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.
+
 2018-01-27  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Improve assuan error comment for cmd keyserver.
@@ -6731,6 +10150,10 @@
 
 2018-01-26  NIIBE Yutaka  <gniibe@fsij.org>
 
+	agent: Fix sending connecting process uid to pinentry.
+	+ commit 660eafa3a9f68e116e9b0597edc317d8ff90f9b2
+	* agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.
+
 	agent: Fix last commit.
 	+ commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
 	* configure.ac: Check ucred.h as well as sys/ucred.h.
@@ -6741,6 +10164,111 @@
 	    * configure.ac: Check sys/ucred.h instead of ucred.h.
 	    * agent/command-ssh.c: Include sys/ucred.h.
 
+2018-01-24  Werner Koch  <wk@gnupg.org>
+
+	gpg: New maintainer option --debug-set-iobuf-size.
+	+ commit db7661b5a297a58c95fa9873d43f31d697b8feb3
+	* g10/gpg.c (opts): Add new option.
+	(opt_set_iobuf_size): New var.
+	(set_debug): Set the option.
+	* tests/openpgp/armor.scm: Use this option to revert the buffer size
+	to the one which used to exhibit the tested bugs.
+
+	iobuf: Increase the size of the buffer.  Add iobuf_set_buffer_size.
+	+ commit bfc11816444512b4ebcc6617d3c3b5988e753de3
+	* common/iobuf.c (IOBUF_BUFFER_SIZE): Rename to
+	DEFAULT_IOBUF_BUFFER_SIZE and increase to 64k.
+	(iobuf_buffer_size): New var.  Always use this instead of the macro.
+	(iobuf_set_buffer_size): New.
+	(struct file_filter_ctx_t): Add field delayed_rc.
+	(file_filter) [!W32]: Try to fill the supplied buffer.
+
+	gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
+	+ commit ff1bdc23d9f1693c1add7c1fe8d218b7bf743e31
+	* g10/cipher-aead.c (do_flush): Init ERR.  Fix remaining chunklen
+	computation.
+	(do_free): Add dummy encryption.  Close the cipher handle.
+	* g10/decrypt-data.c (aead_underflow): Rewrite.
+
+	gpg: Rename a variable in decrypt-data for clarity.
+	+ commit 83a15fa88e91d277811b6d030c4aa40c4fb3e6ad
+	* g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
+	to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
+	Change all users.
+
+2018-01-23  Werner Koch  <wk@gnupg.org>
+
+	gpg: New option --chunk-size.
+	+ commit f3ef8b0dcaede1c85da0dff8eeceda6a994f0b28
+	* g10/gpg.c (opts): New option --chunk-size.
+	(oChunkSize): New const.
+	(build_list_aead_test_algo, build_list_aead_algo_name): New.
+	(my_strusage): List AEAD algos.
+	(main): Implement --chunk-size..
+	* g10/options.h (struct opt): Add field 'chunk_size'.
+	(DBG_IPC): Remove duplicated macro.
+	* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
+	* g10/misc.c (openpgp_aead_test_algo): Ditto.
+
+	* g10/cipher-aead.c: Silence if not in debug mode.
+	* g10/decrypt-data.c: Ditto.
+
+	gpg: Copy the AEAD prefs to the user ID struct.
+	+ commit 112e02ee89b78369c1c50e672873e726cbfeb994
+	* g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
+
+	gpg: Clear the symmetric passphrase cache for encrypted session keys.
+	+ commit 278d87465685e0aa415e0333de1d27e79d1608f0
+	* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
+	error.
+	(proc_encrypted): Need to take are of the checksum error.
+
+	gpg: Implement AEAD for SKESK packets.
+	+ commit 9aab9167bca38323973e853845ca95ae8e9b6871
+	* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
+	* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
+	* g10/parse-packet.c (parse_symkeyenc): Ditto.
+	* g10/encrypt.c (encrypt_symmetric): Force using a random session
+	key in AEAD mode.
+	(encrypt_seskey): Add and support arg aead_algo.
+	(write_symkey_enc): Ditto.
+	(encrypt_simple): Adjust accordingly.
+	(encrypt_filter): Ditto.
+	* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
+	support.
+	* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
+	but return an error.
+	(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
+
+	* g10/import.c (check_prefs): Check AEAD preferences.
+	* g10/keyedit.c (show_prefs): Print AEAD preferences.
+
+2018-01-22  Werner Koch  <wk@gnupg.org>
+
+	gpg: Unify AEAD parameter retrieval.
+	+ commit da3015e3c05030fe709c8f922486e73d06d1d16a
+	* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
+	* g10/encrypt.c (use_aead): Return the AEAD algo.
+	(encrypt_simple): Adjust for this change.
+	(encrypt_crypt): Ditto.
+	(encrypt_filter): Ditto.
+	* g10/sign.c (sign_symencrypt_file): Ditto.
+
+	* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
+	(openpgp_aead_algo_info): New.
+	* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
+	(write_header): Use new fucntion.
+	* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
+	(decrypt_data): Use new function.  Also allow for chunkbytes other
+	than 10.
+
+	gpg: Refactor function encrypt_seskey.
+	+ commit 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
+	* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
+	encrypted key and returns that buffer and its length.
+	(encrypt_simple): Adjust for above change.
+	(write_symkey_enc): Ditto.
+
 2018-01-22  NIIBE Yutaka  <gniibe@fsij.org>
 
 	scd: Support KDF Data Object of OpenPGPcard V3.3.
@@ -6751,6 +10279,45 @@
 	(verify_chv2, do_sign): Follow the change of verify_a_chv.
 	(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
 
+2018-01-21  Werner Koch  <wk@gnupg.org>
+
+	gpg: Support EAX if for latest Libgcrypt.
+	+ commit 7356d6ec50ea24bc9449187e1c2b3ecd717b789f
+	* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
+	(write_header): Use it.
+	* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
+	(decrypt_data): Use it.
+	* g10/misc.c (openpgp_aead_test_algo): Allow EAX.
+
+	gpg: First take on PKT_ENCRYPTED_AEAD.
+	+ commit 3f4ca85cb0cf58006417f4f7faafaa9a1f1bdf22
+	* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
+	* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
+	* g10/filter.h (cipher_filter_context_t):  Add new fields for AEAD.
+	* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
+	chunkbyte.
+	* g10/build-packet.c (do_encrypted_aead): New.
+	(build_packet): Call it.
+	* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
+	(parse_one_sig_subpkt, can_handle_critical): Ditto.
+	(parse_encrypted): Clear new PKT_ENCRYPTED fields.
+	(parse_encrypted_aead): New.
+	(parse): Call it.
+	* g10/gpg.c (main): Take care of --rfc4880bis option when checking
+	compliance.
+	* g10/cipher-aead.c: Replace the stub by real code.
+	* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
+	AEAD.
+	(aead_set_nonce): New.
+	(aead_set_ad): New.
+	(decrypt_data): Support AEAD.
+	(aead_underflow): New.
+	(aead_decode_filter): New.
+	* g10/encrypt.c (use_aead): Make that new fucntion work.
+	(encrypt_simple): Use default_aead_algo() instead of EAX.
+	* g10/mainproc.c (proc_encrypted): Support AEAD.
+	(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
+
 2018-01-18  Werner Koch  <wk@gnupg.org>
 
 	gpg: Fix the use of future-default with --quick-add-key.
@@ -6762,6 +10329,66 @@
 	parse_key_parameter_string so that it can use it in case a subkey is
 	to be created.
 
+2018-01-10  Werner Koch  <wk@gnupg.org>
+
+	gpg: Add stub function for encrypting AEAD.
+	+ commit 81d71818d054a5faa9153fd52a4b79bbbb71e9d5
+	* g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
+	* g10/cipher-aead.c: New.  Right now only with a stub function.
+	* g10/Makefile.am (gpg_sources): Add file.
+	* g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
+	cipher_filter_aead.
+	(encrypt_crypt): Ditto.
+	(encrypt_filter): Ditto.
+	* g10/sign.c (sign_symencrypt_file): Ditto.
+
+	gpg: New option --force-aead.
+	+ commit 4e2ba546cdccbbc6d3e29867ee5671fd44d74e67
+	* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
+	into single bit vars.  Make sure they are always set to 1 or 0.
+	(DEK): New field use_aead.
+	* g10/options.h (struct opt): New field force_aead.
+	* g10/pkclist.c (select_aead_from_pklist): New.
+	* g10/gpg.c (oForceAEAD): New const.
+	(opts): New options "--force-aead".
+	(main): Set new option.
+	* g10/encrypt.c (use_aead): New.
+	(encrypt_simple): Implement new flags DEK.use_aead.
+	(encrypt_crypt): Ditto.
+	(encrypt_filter): Ditto.
+	* g10/sign.c (sign_symencrypt_file): Ditto.
+
+	gpg: Add option and preference framework for AEAD.
+	+ commit 8217cd49364b9f81b390f7ca6a608dd946f93efc
+	* common/openpgpdefs.h (aead_algo_t): New.
+	(SIGSUBPKT_PREF_AEAD): New.
+	* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
+	(opts): New options --aead-algo and --personal-aead-preferences.
+	(set_compliance_option): Clar aead algo.
+	(main): Parse and check the new options
+	* g10/options.h (struct opt): Add fields def_aead_algo and
+	personal_aead_prefs.
+	* g10/packet.h (PREFTYPE_AEAD): New enum value.
+	(PKT_user_id): Add field flags.aead.
+	(PKT_public_key): Add field flags.aead.
+	* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
+	* g10/getkey.c (fixup_uidnode): Set AEAD flag.
+	(merge_selfsigs): Ditto.
+	* g10/kbnode.c (dump_kbnode): Show aead flag.
+	* g10/keyedit.c (show_prefs): Ditto.
+	(show_key_with_all_names_colon): Ditto.
+	* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
+	(set_one_pref): Suppport PREFTYPE_AEAD.
+	(keygen_set_std_prefs): Parse AEAD preferences.
+	(keygen_get_std_prefs): Ditto.
+	(add_feature_aead): New.
+	(keygen_upd_std_prefs): Call that and build AEAD pref  packet.
+	* g10/main.h (DEFAULT_AEAD_ALGO): New const.
+	* g10/misc.c (openpgp_aead_test_algo): New.
+	(openpgp_aead_algo_name): New.
+	(string_to_aead_algo): New.
+	(default_aead_algo): New.
+
 2018-01-09  Andre Heinecke  <aheinecke@intevation.de>
 
 	doc: Note pinentry-mode for passphrase opts.
@@ -6885,6 +10512,10 @@
 	+ commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
 	* po/ja.po: Fix message with no "%s".
 
+	po: Update Japanese translation.
+	+ commit 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8
+	* po/ja.po: Fix message with no "%s".
+
 2017-12-13  Werner Koch  <wk@gnupg.org>
 
 	gpg: Print a warning for too much data encrypted with 3DES et al.
@@ -6985,6 +10616,11 @@
 	* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
 	known and tell domaininfo about the results.
 
+	Adjust for changed macro names in libgpg-error master.
+	+ commit 34defc9bce91d66fa8c9481ebe6e78b612e570dc
+	* common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
+	libgpg-error versions.
+
 2017-12-08  NIIBE Yutaka  <gniibe@fsij.org>
 
 	agent: Fix description of shadow format.
@@ -7020,6 +10656,25 @@
 	+ commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
 	* g10/trustdb.c (sanitize_regexp): Only escape operators.
 
+2017-11-27  Werner Koch  <wk@gnupg.org>
+
+	Use the gpgrt log functions if possible.
+	+ commit b56dfdfc1865ceb7c3c025d79996e049faee7fdf
+	* common/logging.c: Do not build any code if we can use the gpgrt_log
+	functions.
+	(log_logv_with_prefix): Rename to log_logv_prefix and change order of
+	args so that this function matches its printf like counterpart
+	gpgrt_logv_prefix.  Change all callers.
+	(log_debug_with_string): Rename to log_debug_string. Change all
+	callers.
+	(log_printhex): Move first arg to end so that this function matches
+	its printf like counterpart gpgrt_log_printhex.  Change all callers.
+	* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
+	gpgrt_log functions.
+	(bug_at): Add inline versions if we can use the gpgrt_log functions.
+	* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
+	(mycflags): Add -Wno-format-zero-length.
+
 2017-11-26  Werner Koch  <wk@gnupg.org>
 
 	gpg: Do not read from uninitialized memory with --list-packets.
@@ -7088,12 +10743,40 @@
 	(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
 	before a calling abort_sig_check.
 
+2017-11-15  Werner Koch  <wk@gnupg.org>
+
+	assuan: Fix exponential decay for first second.
+	+ commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798
+	* common/asshelp.c (wait_for_sock): Round SECSLEFT.
+	* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
+	mode.
+	* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
+
+	common: Change log_clock to printf style.
+	+ commit 8704304699bcbc1c10d0315ec7d25a1ae05c9905
+	* common/logging.c (log_clock): Use do_logv.
+
+	common: Tweak new code to keep already translated strings.
+	+ commit 4a7fe9a596b639a0edb08502f20cb293129e5a33
+	* common/asshelp.c (wait_for_sock): Replace NAME by WHICH and adjust
+	caller.  Revert to use the former strings.
+
 2017-11-15  Andre Heinecke  <aheinecke@intevation.de>
 
 	w32: Fix default registry path.
 	+ commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
 	* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
 
+2017-11-15  Werner Koch  <wk@gnupg.org>
+
+	gpg: Repurpose the ISO defined DO "sex" to "salutation".
+	+ commit 166f3f9ec40888e10cb0c51017944bfc57503fc1
+	* g10/card-util.c (current_card_status): String changes.
+	(change_sex): Description change.
+	(cmds): Add "salutation"; keep "sex" as an alias.
+
+2017-11-15  Andre Heinecke  <aheinecke@intevation.de>
+
 	gpgtar: Prefer --set-filename over implicit name.
 	+ commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
 	* tools/gpgtar-extract.c: Prefer opt.filename over filename
@@ -7105,12 +10788,102 @@
 	+ commit b062ea5bc25157c942047b3fe7f5182a06106340
 	* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
 
+2017-11-14  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Check for WKD support at session end.
+	+ commit d4e2302d8f4a1ff52d56da4f8e3a5d1c6303822d
+	* dirmngr/domaininfo.c (insert_or_update): Copy the name.
+	* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
+	* dirmngr/server.c (set_error): Protect CTX.
+	(dirmngr_status): Protect against missing ASSUAN_CTX.
+	(dirmngr_status_help): Ditto.
+	(dirmngr_status_printf): Ditto.
+	(cmd_wkd_get): Factor code out to ...
+	(proc_wkd_get): new func.  Support silent operation with no CTX.
+	(task_check_wkd_support): New.
+
+	dirmngr: Add a background task framework.
+	+ commit 96a4fbecd1acf946dcde20bef4752c539dae196b
+	* dirmngr/workqueue.c: New.
+	* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
+	* dirmngr/server.c (server_local_s): New field session_id.
+	(cmd_wkd_get): Add a task.
+	(task_check_wkd_support): New stub function.
+	(cmd_getinfo): New sub-commands "session_id" and "workqueue".
+	(start_command_handler): Add arg session_id and store it in
+	SERVER_LOCAL.
+	(dirmngr_status_helpf): New.
+	* dirmngr/dirmngr.h (wqtask_t): New type.
+	* dirmngr/dirmngr.c (main): Pass 0 as session_id to
+	start_command_handler.
+	(start_connection_thread): Introduce a session_id and pass it to
+	start_command_handler.  Run post session tasks.
+	(housekeeping_thread): Run global workqueue tasks.
+
 2017-11-14  Andre Heinecke  <aheinecke@intevation.de>
 
 	sm, w32: Fix initial keybox creation.
 	+ commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
 	* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
 
+2017-11-14  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Limit the number of cached domains for WKD.
+	+ commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d
+	* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
+	(insert_or_update): Limit the length of a bucket chain.
+	(domaininfo_print_stats): Print just one summary line.
+
+2017-11-13  Werner Koch  <wk@gnupg.org>
+
+	dirmngr: Keep track of domains used for WKD queries.
+	+ commit 65038e6852185c20413d8f6602218ee636413b77
+	* dirmngr/domaininfo.c: New file.
+	* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
+	* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
+	known and tell domaininfo about the results.
+
+	gpg-agent: Avoid getting stuck in shutdown pending state.
+	+ commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25
+	* agent/gpg-agent.c (handle_connections): Always check inotify fds.
+
+2017-11-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tests: Handle the case with DISABLE_REGEX.
+	+ commit 80b904543486a2f12087bc34a6049ede4eb75940
+	* tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
+	  Conditionalize.
+	* tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.
+
+2017-11-13  Damien Goutte-Gattat  <dgouttegattat@incenp.org>
+
+	tests: Run the trust-pgp-4 test again.
+	+ commit a1fe3708d0894c138f6dd75d2a6bd22c64359172
+	* tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
+	(EXTRA_DIST): Remove the test file from EXTRA_DIST.
+
+2017-11-09  NIIBE Yutaka  <gniibe@fsij.org>
+	    Damien Goutte-Gattat  <dgouttegattat@incenp.org>
+
+	g10: Fix regexp sanitization.
+	+ commit ccf3ba92087e79abdeaa0208795829b431c6f201
+	* g10/trustdb.c (sanitize_regexp): Only escape operators.
+
+2017-11-08  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	assuan: Use exponential decay for first 1s of spinlock.
+	+ commit 149041b0b917f4298239fe18b5ebd5ead71584a6
+	* common/asshelp.c (wait_for_sock): instead of checking the socket
+	every second, we check 10 times in the first second (with exponential
+	decay).
+
+	assuan: Reorganize waiting for socket.
+	+ commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907
+	* common/asshelp.c (wait_for_sock): New function, collecting
+	codepaths from...
+	(start_new_gpg_agent) here and...
+	(start_new_dirmngr) here.
+
 2017-11-07  Werner Koch  <wk@gnupg.org>
 
 	Release 2.2.2.
@@ -7124,6 +10897,11 @@
 
 	(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
 
+	dirmngr: Reduce default LDAP timeout to 15 seconds.
+	+ commit ab7ac827041b5cd97bbca7a75b0930072dd6611f
+	* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
+	* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
+
 	speedo: Include software versions in the W32 README.
 	+ commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
 	(cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)
@@ -7134,14 +10912,28 @@
 	+ commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c
 
 
+2017-11-07  Werner Koch  <wk@gnupg.org>
+
+	speedo: Include software versions in the W32 README.
+	+ commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407
+
+
 2017-11-07  NIIBE Yutaka  <gniibe@fsij.org>
 
 	po: Update Japanese translation.
 	+ commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a
 
 
+	agent: Use clock or clock_gettime for calibration.
+	+ commit 380bce13d94ff03c96e39ac1d834f382c5c730a1
+	* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
+
 2017-11-06  Werner Koch  <wk@gnupg.org>
 
+	tests: Minor imporvement in agent invocation.
+	+ commit 42308224d1fce64c666aed2be5eb4ef42e8aced4
+	* tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
+
 	agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
 	+ commit 3607ab2cf382296cb398a92d5ec792239960bf7b
 	* agent/command.c (cmd_getinfo): New sub-commands.
@@ -7158,6 +10950,20 @@
 	(opts): New option --s2k-count.
 	(parse_rereadable_options): Set opt.s2k_count.
 
+	agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
+	+ commit 52d41c8b0f4af6278d18d8935399ddad16a26856
+	* agent/command.c (cmd_getinfo): New sub-commands.
+	* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
+	(get_calibrated_s2k_count): new.
+	(get_standard_s2k_time): New.
+
+	agent: New option --s2k-count.
+	+ commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e
+	* agent/agent.h (opt): New field 's2k_count'.
+	* agent/gpg-agent.c (oS2KCount): New enum value.
+	(opts): New option --s2k-count.
+	(parse_rereadable_options): Set opt.s2k_count.
+
 2017-11-06  NIIBE Yutaka  <gniibe@fsij.org>
 
 	g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
@@ -7190,18 +10996,55 @@
 	* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
 	(do_change_rsa_keysize): Rename to do_change_keyattr.
 
+	gpg: Unifiy the message for re-configuring cards.
+	+ commit 922bae8082f2f8d696ea0e7d7e9e4d986789bdfc
+	* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
+
+	gpg: Introduce magic value 25519 to switch a card to ECC.
+	+ commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
+	* g10/card-util.c (show_keysize_warning): Slightly change the text.
+	(ask_card_keyattr): Handle special value 25519.
+	(do_change_keyattr): Allow changing to cv25519/ed25519.
+	(generate_card_keys): Ditto.
+	(card_generate_subkey): Ditto.
+
 2017-11-02  NIIBE Yutaka  <gniibe@fsij.org>
 
 	agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
 	+ commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
 	* agent/learncard.c (agent_handle_learn): Find SERIALNO.
 
+	agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
+	+ commit 5e96fe72e477d09e35ccee48af0fd9ab2b3ae409
+	* agent/learncard.c (agent_handle_learn): Find SERIALNO.
+
 2017-11-01  NIIBE Yutaka  <gniibe@fsij.org>
 
 	common: Accept the Z-suffix for yymmddThhmmssZ format.
 	+ commit 0e5bd473a07f188615c4fce26b73bb452d689d68
 	* common/gettime.c (isotime_p): Accept the Z suffix.
 
+2017-11-01  Werner Koch  <wk@gnupg.org>
+
+	gpg: Rename two card related functions in card-util.
+	+ commit f795f4529d8ab5a05db1cc1960abd34390bfae1b
+	* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
+	(do_change_rsa_keysize): Rename to do_change_keyattr.
+
+2017-11-01  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
+	+ commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc
+	* g10/keygen.c (pSUBKEYGRIP): New.
+	(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
+	(do_generate_keypair): Support pSUBKEYGRIP.
+
+2017-10-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Simplify "factory-reset" procedure.
+	+ commit d63b7966cdd72548c60466c620de5cd6104a779e
+	* g10/card-util.c (factory_reset): Simplify.
+
 2017-10-27  NIIBE Yutaka  <gniibe@fsij.org>
 
 	agent: Clean up pinentry access locking.
@@ -7225,8 +11068,29 @@
 	(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
 	(start_pinentry): Allow recursive use.
 
+	agent: Clean up pinentry access locking.
+	+ commit fb7828676cc2c01047498898378711e049f73fee
+	* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
+	* agent/call-pinentry.c (entry_owner): Remove.
+	(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
+	(unlock_pinentry): Add CTRL to arguments to access thread private.
+	Check and decrement PINENTRY_ACTIVE for recursive use.
+	(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
+	(agent_askpin): Follow the change of unlock_pinentry API.
+	(agent_get_passphrase, agent_get_confirmation): Likewise.
+	(agent_show_message, agent_popup_message_start): Likewise.
+	(agent_popup_message_stop, agent_clear_passphrase): Likewise.
+
 2017-10-26  NIIBE Yutaka  <gniibe@fsij.org>
 
+	agent: Allow recursive use of pinentry.
+	+ commit 3b66a256e3760e88066ca11b7b49d924e42aa46b
+	* agent/agent.h (struct server_control_s): Add pinentry_level.
+	* agent/call-pinentry.c (agent_popup_message_stop): Not clear
+	ENTRY_CTX here.
+	(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
+	(start_pinentry): Allow recursive use.
+
 	agent, tests: Support --disable-scdaemon build case.
 	+ commit 05cb87276c21c3a47226c75026fa46a955553dd9
 	* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
@@ -7237,6 +11101,16 @@
 	+ commit b13972dfbf7224478652038725ab0d2cb41b7303
 	* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
 
+	agent, tests: Support --disable-scdaemon build case.
+	+ commit bf26c08b95389718ba07f12789d372c6f438134f
+	* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
+	* tests/openpgp/defs.scm (create-gpghome): Likewise.
+	* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
+
+	Fix comment of configure.
+	+ commit 3549dce4f5a726f5350ac2f20d83ba9f84cc23b4
+	* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
+
 2017-10-24  Werner Koch  <wk@gnupg.org>
 
 	gpg: Avoid superfluous sig check info during import.
@@ -7347,6 +11221,94 @@
 	* sm/keylist.c (print_capabilities): Move colon printing ...
 	(list_cert_colon): to here.
 
+2017-10-19  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	agent: Send pinentry the uid of connecting process where possible.
+	+ commit 28aa6890588cc108639951bb4bef03ac17743046
+	* agent/agent.h (server_control_s): Add field 'client_uid'.
+	* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
+	option "owner" sent to pinentry.
+	* agent/command-ssh.c (peer_info_s): New static struct.
+	(get_client_pid): Rename to...
+	(get_client_info): Here, and extract uid in addition to pid.
+	(start_command_handler_ssh): Use get_client_info() instead of
+	get_client_pid().
+	* agent/command.c (start_command_handler): Try assuan_get_peercred,
+	and only fall back to assuan_get_pid when assuan_get_peercred fails.
+
+2017-10-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix find_and_check_key for multiple keyrings.
+	+ commit 995c46ea77cff5b99b2fca17b547d6525a4f227e
+	* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
+	keyblock.
+
+2017-10-18  Werner Koch  <wk@gnupg.org>
+
+	gpg: Keep a lock during the read-update/insert cycle in import.
+	+ commit 645f30ad310a518a863eb7bd3e11251a7e7f2eca
+	* g10/keydb.c (keydb_handle): New field 'keep_lock'.
+	(keydb_release): Clear that flag.
+	(keydb_lock): New function.
+	(unlock_all): Skip if KEEP_LOCK is set.
+	* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
+	requested.
+
+	gpg: Improve keydb handling in the main import function.
+	+ commit 3bb06531d38b85be295308e826a50a1a7ba935ec
+	* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
+	(get_keyblock_byfprint_fast): .. new function.
+	* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
+	(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
+	handle.  Remove the now surplus keyblock fetch in the merge branch.
+
+	gpg: Simplify keydb handling of the main import function.
+	+ commit d353287f721ffb56627d55bef04cc770ff0a8681
+	* g10/import.c (import_keys_internal): Return gpg_error_t instead of
+	int.  Change var names.
+	(import_keys_es_stream): Ditto.
+	(import_one): Ditto.  Use a single keydb_new and simplify the use of
+	of keydb_release.
+
+	gpg: Fix wrong Tofu DB consistency check.
+	+ commit 18e5946aef458cd95fdce4a04e144747b52b0472
+	* g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
+	is the size of the fingerprint.
+
+2017-10-17  Werner Koch  <wk@gnupg.org>
+
+	gpg,sm: New option --with-key-screening.
+	+ commit 825abec0e7f38667a34dce3025fc2f3a05001dde
+	* common/pkscreening.c: New.
+	* common/pkscreening.h: New.
+	* common/Makefile.am (common_sources): Add them.
+	* g10/gpg.c (opts): New option --with-key-screening.
+	* g10/options.h (struct opt): New field with_key_screening.
+	* g10/keylist.c: Include pkscreening.h.
+	(print_pk_screening): New.
+	(list_keyblock_print): Call it.
+	(print_compliance_flags): Call it.
+	* sm/gpgsm.c (opts): New option --with-key-screening.
+	* sm/gpgsm.h (scruct opt): New field with_key_screening.
+	* sm/keylist.c:  Include pkscreening.h.
+	(print_pk_screening): New.
+	(print_compliance_flags): Call it.  Add new arg cert.
+	(list_cert_colon): Pass arg cert
+	(list_cert_std): Call print_pk_screening.
+	* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
+
+	sm: Fix colon listing of fields > 12 in crt records.
+	+ commit 69e579d78545aee5096a5d170e1cb9e511a09a90
+	* sm/keylist.c (print_capabilities): Move colon printing ...
+	(list_cert_colon): to here.
+
+2017-10-06  Neal H. Walfield  <neal@g10code.com>
+
+	gpg: Fix comparison.
+	+ commit 1ed21eee79749b976b4a935f2279b162634e9c5e
+	* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
+	not one or fewer.
+
 2017-09-28  Werner Koch  <wk@gnupg.org>
 
 	gpg: Workaround for junk after --trusted-key.
@@ -7354,12 +11316,75 @@
 	* g10/trust.c (register_trusted_key): Cut off everthing starting as a
 	hash sign.
 
+2017-09-27  Werner Koch  <wk@gnupg.org>
+
+	gpg: Prepare for a longer fingerprint.
+	+ commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
+	* g10/card-util.c (change_cafpr): Use MAX_FINGERPRINT_LEN.
+	* g10/cipher.c (write_header): Use snprintf.
+	* g10/gpg.h (MAX_FINGERPRINT_LEN): Change to 32.
+	(MAX_FORMATTED_FINGERPRINT_LEN): Change to 59
+	* g10/keyid.c (format_hexfingerprint): Add v5 fingerprint format.
+	* g10/tofu.c (get_policy): Use MAX_FINGERPRINT_LEN for the buffer but
+	keep the raw length for now.
+
+	common: Add constant KEYGRIP_LEN.
+	+ commit 76c80021d4da0755dbb04bd5d42f32015cba0b9a
+	* common/util.h (KEYGRIP_LEN): New.
+	* g10/call-agent.c (agent_probe_any_secret_key): Use that constant.
+	* g10/keyid.c (keygrip_from_pk): Ditto.
+
+	gpg: Let --debug clock time sign and verify.
+	+ commit 6aa4478c78cb34cf3d0ae5c752525110947bd247
+	* configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
+	* common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
+	timestamp printing.
+	* g10/call-agent.c (agent_pksign): Time signing.
+	* g10/sig-check.c (check_signature_end_simple): Time verification.
+
+2017-09-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Select a secret key by checking availability under gpg-agent.
+	+ commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6
+	* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
+	by agent_probe_secret_key.
+	(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
+
+2017-09-20  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Fix cancellation handling for scdaemon.
+	+ commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3
+	* agent/call-scd.c (cancel_inquire): Remove.
+	(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
+	(agent_card_scd): Don't call cancel_inquire.
+
+	scd: Distinguish cancel by user and protocol error.
+	+ commit 2396055c096884d521c26b76f26263a146207c24
+	* scd/apdu.h (SW_HOST_CANCELLED): New.
+	* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
+	(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
+	* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
+	SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+
+2017-09-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Accept the Z-suffix for yymmddThhmmssZ format.
+	+ commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b
+	* common/gettime.c (isotime_p): Accept the Z suffix.
+
 2017-09-19  Werner Koch  <wk@gnupg.org>
 
 	Release 2.2.1.
 	+ commit 355ca9e9498740fb6294eec451507b4891ae01ec
 
 
+2017-09-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Fix gnupg_wait_processes.
+	+ commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d
+	* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+	even if we already see an error.
+
 2017-09-18  Werner Koch  <wk@gnupg.org>
 
 	dirmngr: Use system certs if --hkp-cacert is not used.
@@ -7442,6 +11467,17 @@
 	+ commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
 	* tools/mime-maker.c (mime_maker_add_body_data): New.
 
+2017-09-11  Alon Bar-Lev  <alon.barlev@gmail.com>
+
+	sm: Move qualified.txt from datadir into sysconfdir.
+	+ commit 384a3748d9022b7ae3f629c13f92e204565fea3d
+	* doc/Makefile.am: Move qualified.txt into examples.
+	* doc/qualified.txt: Move into examples, remove trailing spaces.
+	* doc/examples/README: Document qualified.txt.
+	* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
+	* sm/qualified.c (read_list): Move qualified.txt from datadir into
+	sysconfdir.
+
 2017-09-11  NIIBE Yutaka  <gniibe@fsij.org>
 
 	tests: Fix a test which specifies expiration date.
@@ -7460,6 +11496,52 @@
 	* g10/keygen.c (proc_parameter_file): Special case the email only
 	case.
 
+2017-09-08  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	agent: compile-time configuration of s2k calibration.
+	+ commit 926d07c5fa05de05caef3a72b6fe156606ac0549
+	* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
+	AGENT_S2K_CALIBRATION (measured in milliseconds)
+	* agent/protect.c (calibrate_s2k_count): Calibrate based on
+	AGENT_S2K_CALIBRATION.
+
+	gpg: default to AES-256.
+	+ commit 73ff075204df09db5248170a049f06498cdbb7aa
+	* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
+
+	gpg: default to 3072-bit RSA keys.
+	+ commit 909fbca19678e6e36968607e8a2348381da39d8c
+	* agent/command.c (hlp_genkey): update help text to suggest the use of
+	3072 bits.
+	* doc/wks.texi: Make example match default generation.
+	* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
+	rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
+	(gen_rsa, get_keysize_range): update default from 2048 to 3072).
+	* g10/keyid.c (pubkey_string): update comment so that first example
+	is the default 3072-bit RSA.
+
+	gpgsm: default to 3072-bit keys.
+	+ commit 7955262151a5c755814dd23414e6804f79125355
+	* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
+	default to 3072 bits.
+	* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
+	3072 bits.
+	* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
+	* sm/gpgsm.c (main): print correct default_pubkey_algo.
+
+2017-09-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tests: Fix a test which specifies expiration date.
+	+ commit 17f764dd4972a063fe09c4b9d2846e8efcb25c7a
+	* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
+	comparison.
+
+2017-08-29  NIIBE Yutaka  <gniibe@fsij.org>
+
+	scd: Fix for large ECC keys.
+	+ commit ff7ccd284c327a5b1c89603f157089177dac9d13
+	* scd/app-openpgp.c (do_decipher): Support larger length.
+
 2017-08-28  Werner Koch  <wk@gnupg.org>
 
 	Release 2.2.0.
diff --git a/Makefile.am b/Makefile.am
index f3aa206..06a9a66 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,10 +18,13 @@
 
 ## Process this file with automake to produce Makefile.in
 
+# To include the wixlibs for building an MSI installer in a release use
+#   make release WITH_MSI=1
+
 # Location of the released tarball archives.  This is prefixed by
 # the variable RELEASE_ARCHIVE in ~/.gnupg-autogen.rc.  For example:
 # RELEASE_ARCHIVE=user@host:archive/tarballs
-RELEASE_ARCHIVE_SUFFIX  = gnupg/v2.2
+RELEASE_ARCHIVE_SUFFIX  = gnupg/v2.3
 # The variable RELEASE_SIGNKEY in ~/.gnupg-autogen.rc is used
 # to specify the key for signing.  For example:
 # RELEASE_SIGNKEY=D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
@@ -29,6 +32,7 @@ RELEASE_ARCHIVE_SUFFIX  = gnupg/v2.2
 
 # Autoconf flags.
 ACLOCAL_AMFLAGS = -I m4
+AM_DISTCHECK_DVI_TARGET = pdf
 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
   --enable-all-tests --enable-g13 \
   --enable-gpgtar --enable-wks-tools --disable-ntbtls
@@ -58,7 +62,6 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
              build-aux/speedo/patches/atk-1.32.0.patch	    \
              build-aux/speedo/patches/libiconv-1.14.patch   \
              build-aux/speedo/patches/pango-1.29.4.patch    \
-             build-aux/speedo/patches/gpgme-1.12.0.patch    \
              build-aux/speedo/patches/sqlite.patch
 
 
@@ -104,10 +107,15 @@ tests =
 else
 tests = tests
 endif
+if BUILD_TPM2D
+tpm2d = tpm2d
+else
+tpm2d =
+endif
 
 SUBDIRS = m4 common regexp kbx \
           ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \
-          tools po ${doc} ${tests}
+          tools po ${doc} ${tests} ${tpm2d}
 
 dist_doc_DATA = README
 
@@ -116,7 +124,7 @@ dist-hook: gen-ChangeLog
 
 distcheck-hook:
 	set -e; ( \
-	pref="#+macro: gnupg22_" ;\
+	pref="#+macro: gnupg24_" ;\
 	reldate="$$(date -u +%Y-%m-%d)" ;\
         echo "$${pref}ver  $(PACKAGE_VERSION)"  ;\
         echo "$${pref}date $${reldate}" ;\
@@ -185,24 +193,27 @@ release:
 	   exit 2;\
          fi ;\
 	 echo "/* Build started at $$(date -uIseconds) */" ;\
+	 [ -n "$(WITH_MSI)" ] && echo "/* (with MSI build support) */" ;\
 	 cd $(top_srcdir); \
 	 ./autogen.sh --force; \
 	 cd $(abs_top_builddir); \
 	 rm -rf dist; mkdir dist ; cd dist ; \
 	 $(abs_top_srcdir)/configure --enable-maintainer-mode; \
 	 $(MAKE) distcheck TESTFLAGS=--parallel; \
-	 $(TAR) xjf $(RELEASE_NAME).tar.bz2 ;\
-	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk w32-release ;\
+	 $(AMTAR) xjf $(RELEASE_NAME).tar.bz2 ;\
+	 target=w32-release ;\
+	 [ -n "$(WITH_MSI)" ] && target=w32-msi-release ;\
+	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk $${target} ;\
 	 echo "/* Build finished at $$(date -uIseconds) */" ;\
-         echo "/*" ;\
-	 echo " * Please run the final step interactivly:" ;\
+	 echo "/*" ;\
+	 echo " * Please run the final step interactively:" ;\
 	 echo " *   make sign-release" ;\
 	 echo " */" ;\
 	) 2>&1 | tee "$(RELEASE_NAME).buildlog"
 
 sign-release:
 	 +(set -e; \
-	  test $$(pwd | sed 's,.*/,,') = dist || cd dist; \
+	  cd dist; \
 	  x=$$(grep '^RELEASE_ARCHIVE=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
           if [ -z "$$x" ]; then \
              echo "error: RELEASE_ARCHIVE missing in ~/.gnupg-autogen.rc">&2; \
@@ -225,8 +236,7 @@ sign-release:
 		  $${release_w32_name}.tar.xz.sig \
 		  $${release_w32_name}.exe.sig    \
 		  $${release_w32_name}.exe.swdb" ;\
-	  files3="$${release_w32_name}.wixlib \
-	          $${release_w32_name}.wixlib.sig"; \
+          wixlibfile="$${release_w32_name}.wixlib";\
 	  $(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk w32-sign-installer ;\
 	  echo "/* Signing the source tarball ..." ;\
 	  gpg -sbu $$mysignkey $(RELEASE_NAME).tar.bz2 ;\
@@ -234,18 +244,20 @@ sign-release:
 	  gpg -sbu $$mysignkey $${release_w32_name}.tar.xz ;\
 	  echo "/* Signing the W32 installer ..." ;\
 	  gpg -sbu $$mysignkey $${release_w32_name}.exe ;\
-	  echo "/* Signing the Wixlib ..." ;\
-	  gpg -sbu $$mysignkey $${release_w32_name}.wixlib ;\
 	  cat $(RELEASE_NAME).swdb >swdb.snippet;\
-	  echo '#+macro: gnupg22_branch  STABLE-BRANCH-2-2' >>swdb.snippet;\
+	  echo '#+macro: gnupg24_branch  STABLE-BRANCH-2-4' >>swdb.snippet;\
 	  cat  $${release_w32_name}.exe.swdb >>swdb.snippet;\
 	  echo >>swdb.snippet ;\
 	  sha1sum $${files1} >>swdb.snippet ;\
           cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
                | gzip >$(RELEASE_NAME).buildlog ;\
           echo "Release created - copying it to the archive ..." ;\
-	  scp -p $${files1} $${files2} $${files3} $$myarchive/ \
+	  scp -p $${files1} $${files2} $$myarchive/ \
 	    || echo "/* Error copying files to the archive - ignored */" ;\
+	  if [ -e $${wixlibfile} ]; then\
+	    scp -p $${wixlibfile} $$myarchive/ \
+	      || echo "/* Error copying wixlib to the archive - ignored. */" ;\
+          fi ;\
 	  echo '/*' ;\
 	  echo ' * All done; for checksums see dist/swdb.snippet' ;\
 	  echo ' */' ;\
diff --git a/Makefile.in b/Makefile.in
index 82c7441..53bc832 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -32,6 +32,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <https://www.gnu.org/licenses/>.
 
+# To include the wixlibs for building an MSI installer in a release use
+#   make release WITH_MSI=1
+
 VPATH = @srcdir@
 am__is_gnu_make = { \
   if test -z '$(MAKELEVEL)'; then \
@@ -111,16 +114,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -218,7 +220,7 @@ ETAGS = etags
 CTAGS = ctags
 CSCOPE = cscope
 DIST_SUBDIRS = m4 common regexp kbx g10 sm agent scd g13 dirmngr tools \
-	po doc tests
+	po doc tests tpm2d
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
 	$(top_srcdir)/build-aux/compile \
 	$(top_srcdir)/build-aux/config.guess \
@@ -270,8 +272,6 @@ am__relativize = \
 GZIP_ENV = --best
 DIST_ARCHIVES = $(distdir).tar.bz2
 DIST_TARGETS = dist-bzip2
-# Exists only to be overridden by the user if desired.
-AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -315,9 +315,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -326,6 +328,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -353,9 +356,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -392,13 +396,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -465,13 +472,14 @@ top_srcdir = @top_srcdir@
 # Location of the released tarball archives.  This is prefixed by
 # the variable RELEASE_ARCHIVE in ~/.gnupg-autogen.rc.  For example:
 # RELEASE_ARCHIVE=user@host:archive/tarballs
-RELEASE_ARCHIVE_SUFFIX = gnupg/v2.2
+RELEASE_ARCHIVE_SUFFIX = gnupg/v2.3
 # The variable RELEASE_SIGNKEY in ~/.gnupg-autogen.rc is used
 # to specify the key for signing.  For example:
 # RELEASE_SIGNKEY=D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
 
 # Autoconf flags.
 ACLOCAL_AMFLAGS = -I m4
+AM_DISTCHECK_DVI_TARGET = pdf
 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
   --enable-all-tests --enable-g13 \
   --enable-gpgtar --enable-wks-tools --disable-ntbtls
@@ -500,7 +508,6 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
              build-aux/speedo/patches/atk-1.32.0.patch	    \
              build-aux/speedo/patches/libiconv-1.14.patch   \
              build-aux/speedo/patches/pango-1.29.4.patch    \
-             build-aux/speedo/patches/gpgme-1.12.0.patch    \
              build-aux/speedo/patches/sqlite.patch
 
 DISTCLEANFILES = g10defs.h
@@ -520,9 +527,11 @@ DISTCLEANFILES = g10defs.h
 @BUILD_DOC_TRUE@doc = doc
 @DISABLE_TESTS_FALSE@tests = tests
 @DISABLE_TESTS_TRUE@tests = 
+@BUILD_TPM2D_FALSE@tpm2d = 
+@BUILD_TPM2D_TRUE@tpm2d = tpm2d
 SUBDIRS = m4 common regexp kbx \
           ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \
-          tools po ${doc} ${tests}
+          tools po ${doc} ${tests} ${tpm2d}
 
 dist_doc_DATA = README
 gen_start_date = 2011-12-01T06:00:00
@@ -1055,7 +1064,7 @@ dist-hook: gen-ChangeLog
 
 distcheck-hook:
 	set -e; ( \
-	pref="#+macro: gnupg22_" ;\
+	pref="#+macro: gnupg24_" ;\
 	reldate="$$(date -u +%Y-%m-%d)" ;\
         echo "$${pref}ver  $(PACKAGE_VERSION)"  ;\
         echo "$${pref}date $${reldate}" ;\
@@ -1105,24 +1114,27 @@ release:
 	   exit 2;\
          fi ;\
 	 echo "/* Build started at $$(date -uIseconds) */" ;\
+	 [ -n "$(WITH_MSI)" ] && echo "/* (with MSI build support) */" ;\
 	 cd $(top_srcdir); \
 	 ./autogen.sh --force; \
 	 cd $(abs_top_builddir); \
 	 rm -rf dist; mkdir dist ; cd dist ; \
 	 $(abs_top_srcdir)/configure --enable-maintainer-mode; \
 	 $(MAKE) distcheck TESTFLAGS=--parallel; \
-	 $(TAR) xjf $(RELEASE_NAME).tar.bz2 ;\
-	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk w32-release ;\
+	 $(AMTAR) xjf $(RELEASE_NAME).tar.bz2 ;\
+	 target=w32-release ;\
+	 [ -n "$(WITH_MSI)" ] && target=w32-msi-release ;\
+	 $(MAKE) -f  $(RELEASE_NAME)/build-aux/speedo.mk $${target} ;\
 	 echo "/* Build finished at $$(date -uIseconds) */" ;\
-         echo "/*" ;\
-	 echo " * Please run the final step interactivly:" ;\
+	 echo "/*" ;\
+	 echo " * Please run the final step interactively:" ;\
 	 echo " *   make sign-release" ;\
 	 echo " */" ;\
 	) 2>&1 | tee "$(RELEASE_NAME).buildlog"
 
 sign-release:
 	 +(set -e; \
-	  test $$(pwd | sed 's,.*/,,') = dist || cd dist; \
+	  cd dist; \
 	  x=$$(grep '^RELEASE_ARCHIVE=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
           if [ -z "$$x" ]; then \
              echo "error: RELEASE_ARCHIVE missing in ~/.gnupg-autogen.rc">&2; \
@@ -1145,8 +1157,7 @@ sign-release:
 		  $${release_w32_name}.tar.xz.sig \
 		  $${release_w32_name}.exe.sig    \
 		  $${release_w32_name}.exe.swdb" ;\
-	  files3="$${release_w32_name}.wixlib \
-	          $${release_w32_name}.wixlib.sig"; \
+          wixlibfile="$${release_w32_name}.wixlib";\
 	  $(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk w32-sign-installer ;\
 	  echo "/* Signing the source tarball ..." ;\
 	  gpg -sbu $$mysignkey $(RELEASE_NAME).tar.bz2 ;\
@@ -1154,18 +1165,20 @@ sign-release:
 	  gpg -sbu $$mysignkey $${release_w32_name}.tar.xz ;\
 	  echo "/* Signing the W32 installer ..." ;\
 	  gpg -sbu $$mysignkey $${release_w32_name}.exe ;\
-	  echo "/* Signing the Wixlib ..." ;\
-	  gpg -sbu $$mysignkey $${release_w32_name}.wixlib ;\
 	  cat $(RELEASE_NAME).swdb >swdb.snippet;\
-	  echo '#+macro: gnupg22_branch  STABLE-BRANCH-2-2' >>swdb.snippet;\
+	  echo '#+macro: gnupg24_branch  STABLE-BRANCH-2-4' >>swdb.snippet;\
 	  cat  $${release_w32_name}.exe.swdb >>swdb.snippet;\
 	  echo >>swdb.snippet ;\
 	  sha1sum $${files1} >>swdb.snippet ;\
           cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
                | gzip >$(RELEASE_NAME).buildlog ;\
           echo "Release created - copying it to the archive ..." ;\
-	  scp -p $${files1} $${files2} $${files3} $$myarchive/ \
+	  scp -p $${files1} $${files2} $$myarchive/ \
 	    || echo "/* Error copying files to the archive - ignored */" ;\
+	  if [ -e $${wixlibfile} ]; then\
+	    scp -p $${wixlibfile} $$myarchive/ \
+	      || echo "/* Error copying wixlib to the archive - ignored. */" ;\
+          fi ;\
 	  echo '/*' ;\
 	  echo ' * All done; for checksums see dist/swdb.snippet' ;\
 	  echo ' */' ;\
diff --git a/NEWS b/NEWS
index 09f36c1..6680b4f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,468 +1,95 @@
-Noteworthy changes in version 2.2.39 (2022-09-02)
--------------------------------------------------
-
-  * agent: Fix regression in 2.2.37 related to non-extended format
-    private keys.  [T6176]
-
-  Release-info: https://dev.gnupg.org/T6175
-
-
-Noteworthy changes in version 2.2.38 (2022-09-01)
--------------------------------------------------
-
-  * gpg: Make --require-compliance work for sign+encrypt.  [T6174]
-
-  * gpg: Fix an encoding problem under Windows in the printed
-    timezone.  [T5073]
-
-  * gpg: Emit a FAILURE status for --require-compliance errors.
-    [rGe05fb5ca37]
-
-  * dirmngr: Avoid caching expired certificates.  [T6142]
-
-  Release-info: https://dev.gnupg.org/T6159
-
-
-Noteworthy changes in version 2.2.37 (2022-08-24)
--------------------------------------------------
-
-  * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit
-    preference.  [T6043]
-
-  * gpg: Actually show symmetric+pubkey encrypted data as de-vs
-    compliant.  Add extra compliance checks for symkey_enc packets.
-    [T6119]
-
-  * gpg: Request keygrip of key to be added via command-fd interface.
-    [T5771]
-
-  * gpg: Look up user ID to revoke by UID hash.  [T5936]
-
-  * gpg: Fix wrong error message for "keytocard".  [T6122]
-
-  * gpg: --card-status shows the application type for non-openpgp
-    cards again.  [rG8e393e2592]
-
-  * gpg: The options --auto-key-import and --include-key-block are
-    again listed by gpgconf.  [T6138]
-
-  * gpgsm: New option --compatibility-flags.  [rG77b6896f7a]
-
-  * agent: New options --no-user-trustlist and --sys-trustlist-name.
-    [T5990]
-
-  * agent: Track and update the Display-S/N of cards so that the
-    "please insert card" prompt may now show more information.  Use
-    "gpg --card-status" to update stored card meta data.  [T6135]
-
-  * scd:openpgp: Fix problem with ECC algorithm attributes on
-    Yubikeys.  [rG225c66f13b87]
-
-  * scd:openpgp: Fix problem with Yubikey 5.4 firmware.  [T6070]
-
-  * dirmngr: Ask keyservers to provide the key fingerprints.  [T5741]
-
-  * ssh: Allow authentication as used by OpenSSH's PQ crypto support.
-    [T5935]
-
-  * wkd: Fix path traversal attack in gpg-wks-server.  Add the mail
-    address to the pending request data.  [rGc1489ca0e1, T6098]
-
-  * gpgconf: Improve registry dumping.  [rG6bc9592318]
-
-  * Silence warnings from AllowSetForegroundWindow.  [rG6583abedf3]
-
-  Release-info: https://dev.gnupg.org/T6105
-
-
-Noteworthy changes in version 2.2.36 (2022-07-06)
--------------------------------------------------
-
-  * g10: Fix possibly garbled status messages in NOTATION_DATA.  This
-    bug could trick GPGME and other parsers to accept faked status
-    lines.  [T6027, CVE-2022-34903]
-
-  * gpg: Handle leading zeroes in Ed25519 private keys and reverse
-    change regarding Ed25519 SOS encoding as introduced with 2.2.34.
-    [T5120]
-
-  * gpg: Allow Unicode file names for iobuf_cancel under Windows.
-
-  * gpgsm: Improve pkcs#12 import.  [T6037,T5793,T4921,T4757]
-
-  * scd,p15: Fix reading certificates w/o length info.
-
-  * scd,p15: Improve the displayed S/N for Technology Nexus cards.
-
-  * scd,openpgp: Add workaround for ECC attribute on Yubikey. [T5963]
-
-  * scd: Fix use of SCardListReaders for PC/SC.  [T5979]
-
-  * gpgconf: New short options -X and -V.
-
-  * Make sure to always set CONFIDENTIAL flag in Assuan.  [T5977]
-
-  Release-info: https://dev.gnupg.org/T5949
-
-
-Noteworthy changes in version 2.2.35 (2022-04-25)
--------------------------------------------------
-
-  * gpg,gpgsm: New option --require-compliance.  [17890d4318]
-
-  * gpgtar: New option --with-log.  [rGce69d55f70]
-
-  * gpg: Threefold decryption speedup for large files.
-    [T5820,rG9116fd1e9a]
-
-  * gpgtar: Support file names longer than MAX_PATH.  [rG5492079def]
-
-  * scdaemon: Add support for GeNUA cards.  [rG44ec383cde]
-
-  * gpg: Allow decryption of symmetric encrypted data even for
-    non-compliant cipher.  [rGe081a601f7]
-
-  * gpg: Avoid possible race condition in --edit-card/factory-reset.
-    [T5831]
-
-  * gpg: Emit an ERROR status as hint for a bad passphrase.  [T5943]
-
-  * gpg: Avoid NULL-ptr access due to corrupted packets.  [T5940]
-
-  * gpgsm: Fix parsing of certain PKCS#12 files.  [T5793]
-
-  * gpgtar: Use a pipe for decryption and thus avoid memory
-    exhaustion.  [rGd431feb307]
-
-  * scdaemon: Use extended mode for pkcs#15 already for rsa2048.
-    [rGa2db490de5]
-
-  * dirmngr: Make WKD lookups work for resolvers not handling SRV
-    records.  [T4729]
-
-  * dirmngr: Escape more characters in WKD requests.  [T5902]
-
-  * gpgconf: Silence warnings from parsing the option files.  [T5874]
-
-  * Improve removing of stale lockfiles under Unix.  [T5884]
-
-  Release-info: https://dev.gnupg.org/T5928
-
-
-Noteworthy changes in version 2.2.34 (2022-02-07)
--------------------------------------------------
-
-  * gpgconf: Backport the improved option reading and writing code
-    from 2.3.  [rG7a3a1ef370,T4788]
-
-  * gpgconf: Do not list ignored options and mark forced options as
-    read-only.  [T5732]
-
-  * gpgconf: Correctly show registry entries with --show-configs.
-    [T5724]
-
-  * gpgconf: Add command aliases -L, -K, and -R.  [rGf16c535eee]
-
-  * gpgconf: Tweak the use of the ldapserver option.  [T5801]
-
-  * gpgconf: Make "--launch gpg-agent" work again.  [rG5a7ed6dd8f]
-
-  * gpg: Accept Ed25519 private keys in modernized encoding.  [T5120]
-
-  * gpg: Fix adding the list of ultimate trusted keys.  [T5742]
-
-  * gpgsm: New option --ignore-cert-with-oid.  [rGbcf446b70c]
-
-  * dirmngr: Avoid initial delay on the first keyserver access in
-    presence of --no-use-tor.  [rGdde88897e2]
-
-  * scdaemon: Also prefer Yubikeys if no reader port is given.
-    [rG38c666ec3f]
-
-  * agent: Make missing strings translatable and update German and
-    Japanese translations.  [T4777]
-
-  * ssh: Fix adding an ed25519 key with a zero length comment.  [T5794]
-
-  * gpgtar: Create and handle extended headers to support long file
-    names.  [T5754]
-
-  * Fix the creation of socket directories under Windows for non-ascii
-    account names.  [rG7d1215cb9c]
-
-  * Improve the registry HKCU->HKLM fallback.  [rG96db487a4d]
-
-  * Prettify the --help output of most commands.
-
-  Release-info: https://dev.gnupg.org/T5703
-  See-also: gnupg-announce/2022q1/000470.html
-
-
-Noteworthy changes in version 2.2.33 (2021-11-23)
--------------------------------------------------
-
-  * gpg: New option --min-rsa-length.  [rG6ee01c1d26]
-
-  * gpg: New option --forbid-gen-key.  [rG985fb25c46]
-
-  * gpg: New option --override-compliance-check.  [T5655]
-
-  * gpgconf: New command --show-configs.  [rG8fe3f57643]
-
-  * agent,dirmngr: New option --steal-socket.  [rG6507c6ab10]
-
-  * scd: Improve the selection of the default PC/SC reader.  [T5644]
-
-  * gpg: Fix printing of binary notations.  [T5667]
-
-  * gpg: Remove stale ultimately trusted keys from the trustdb.  [T5685]
-
-  * gpgsm: Detect circular chains in --list-chain.  [rGc9343bec83]
-
-  * gpgconf: Create the local option file even if the global file
-    exists.  [T5650]
-
-  * dirmngr: Make reading resolv.conf more robust.  [T5657]
-
-  * gpg-wks-server: Fix created file permissions.  [rGf54feb4470]
-
-  * scd: Support longer data for ssh-agent authentication with openpgp
-    cards.  [T5682]
-
-  * Support gpgconf.ctl for NetBSD and Solaris.  [T5656,T5671]
-
-  * Silence "Garbled console data" warning under Windows in most
-    cases.
-
-  * Silence warning about the rootdir under Unices w/o a mounted /proc
-    file system.
-
-  * Fix possible build problems about missing include files.  [T5592]
-
-  * i18n: Replace the term "PIN-Cache" by "Passswort-Cache" in the
-    German translation. [rgf453d52e53]
-
-  * i18n: Update the Russian translation.
-
-  Release-info: https://dev.gnupg.org/T5641
-  See-also: gnupg-announce/2021q4/000467.html
-
-
-Noteworthy changes in version 2.2.32 (2021-10-06)
--------------------------------------------------
-
-  * dirmngr: Fix Let's Encrypt certificate chain validation.  [T5639]
-
-  * dirmngr: New option --ignore-cert.  [323a20399d]
-
-  * gpg: Fix --list-packets for AEAD packets with unknown key.  [T5584]
-
-  Release-info: https://dev.gnupg.org/T5601
-  See-also: gnupg-announce/2021q4/000465.html
-
-
-Noteworthy changes in version 2.2.31 (2021-09-15)
--------------------------------------------------
-
-  * agent: Fix a regression in GET_PASSPHRASE.  [#5577]
-
-  * scd: Fix an assertion failure in close_pcsc_reader.  [67e1834ad4]
-
-  * scd: Add support for PC/SC in "GETINFO reader_list".
-
-  Release-info: https://dev.gnupg.org/T5571
-  See-also: gnupg-announce/2021q3/000464.html
-
-
-Noteworthy changes in version 2.2.30 (2021-08-26)
--------------------------------------------------
-
-  * gpg: Extended gpg-check-pattern to support accept rules,
-    conjunctions, and case-sensitive matching.  [5ca15e58b2]
-
-  * agent: New option --pinentry-formatted-passphrase.  [#5553]
-
-  * agent: New option --check-sym-passphrase-pattern.  [#5517]
-
-  * agent: Use the sysconfdir for the pattern files.  [5ed8e598fa]
-
-  * agent: Add "checkpin" inquiry for use by pinentry.  [#5532]
-
-  * wkd: Fix client issue with leading or trailing spaces in
-    user-ids.  [576e429d41]
-
-  * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
-    [#3659]
-
-  * Under Windows use LOCAL_APPDATA for the socket directory.  [#5537]
-
-  Release-info: https://dev.gnupg.org/T5519
-  See-also: gnupg-announce/2021q3/000463.html
-
-
-Noteworthy changes in version 2.2.29 (2021-07-04)
--------------------------------------------------
-
-  * Fix regression in 2.2.28 for Yubikey NEO.  [#5487]
-
-  * Change the default keyserver to keyserver.ubuntu.com.  This is a
-    temporary change due to the shutdown of the SKS keyserver pools.
-    [47c4e3e00a]
+Noteworthy changes in version 2.3.0 (2021-04-07)
+------------------------------------------------
 
-  * gpg: Let --fetch-key return an exit code on failure.  [#5376]
+  * A new experimental key database daemon is provided.  To enable it
+    put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
+    in a SQLite database and make key lookup much faster.
 
-  * dirmngr: Fix regression in KS_GET for mail address pattern.
-    [#5497]
+  * New tool gpg-card as a flexible frontend for all types of
+    supported smartcards.
 
-  * Add fallback in case the Windows console can't cope with Unicode.
-    [#5491]
+  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
+    gpg-connect-agent.
 
-  * Improve initialization of SPR532 in the CCID driver and make the
-    driver more robust.  [#5297,b90c55fa66db]
+  * The gpg-wks-client tool is now installed under bin; a wrapper for
+    its old location at libexec is also installed.
 
-  * Make test suite work in presence of a broken Libgcrypt
-    installation.  [#5502]
+  * tpm2d: New daemon to physically bind keys to the local machine.
 
-  * Make configure option --disable-ldap work again.
+  * gpg: Switch to ed25519/cv25519 as default public key algorithms.
 
-  Release-info: https://dev.gnupg.org/T5498
-  See-also: gnupg-announce/2021q3/000461.html
+  * gpg: Verification results now depend on the --sender option and
+    the signer's UID subpacket.  [T4735]
 
+  * gpg: Do not use any 64-bit block size cipher algorithm for
+    encryption.  Use AES as last resort cipher preference instead of
+    3DES.  This can be reverted using --allow-old-cipher-algos.
 
-Noteworthy changes in version 2.2.28 (2021-06-10)
--------------------------------------------------
+  * gpg: Support AEAD encryption mode using OCB or EAX.
 
-  * gpg: Auto import keys specified with --trusted-keys.
-    [e7251be84c79]
+  * gpg: Support v5 keys and signatures.
 
-  * gpg: Allow decryption w/o public key but with correct card
-    inserted.  [e53f6037283e]
+  * gpg: Support curve X448 (ed448, cv448).
 
-  * gpg: Allow fingerprint based lookup with --locate-external-key.
-    [2af217ecd7e4]
+  * gpg: Allow use of group names in key listings.  [e825aea2ba]
 
-  * gpg: Lookup a missing public key of the current card via LDAP.
-    [b59af0e2a05a]
+  * gpg: New option --full-timestrings to print date and time.
 
   * gpg: New option --force-sign-key.  [#4584]
 
-  * gpg: Use a more descriptive password prompt for symmetric
-    decryption.  [03f83bcda5d1]
-
-  * gpg: Do not use the self-sigs-only option for LDAP keyserver
-    imports.  [#5387]
-
-  * gpg: Keep temp files when opening images via xdg-open.
-    [0441ed6e1c]
-
-  * gpg: Fix mailbox based search via AKL keyserver method.
-    [22fe23f46d31]
-
-  * gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
-    [7bf8530e75d0]
-
-  * gpg: Allow ECDH with a smartcard returning only the x-coordinate.
-    [b203325ce1]
-
-  * gpgsm: New option --ldapserver as an alias for --keyserver.  Note
-    that configuring servers in gpgsm and gpg is deprecated; please
-    use the dirmngr configuration options.
-
-  * gpgsm: Support AES-GCM decryption.  [b722fd755c77]
-
-  * gpgsm: Support decryption of password protected files.
-    [6f31acac767f]
-
-  * gpgsm: Lock keyboxes also during a search to fix lockups on
-    Windows.  [#4505]
-
-  * agent: Skip unknown unknown ssh curves seen on
-    cards. [bbf4bd3bfcb5]
-
-  * scdaemon: New option --pcsc-shared.  [5eec40f3d827]
-
-  * scdaemon: Backport PKCS#15 card support from GnuPG 2.3
-    [7637d39fe20e]
+  * gpg: New option --no-auto-trust-new-key.
 
-  * scdaemon: Fix CCID driver for SCM SPR332/SPR532.  [#5297]
+  * gpg: The legacy key discovery method PKA is no longer supported.
+    The command --print-pka-records and the PKA related import and
+    export options have been removed.
 
-  * scdaemon: Fix possible PC/SC removed card problem.  [9d83bfb63968]
+  * gpg: Support export of Ed448 Secure Shell keys.
 
-  * scdaemon: Fix unblock PIN by a Reset Code with KDF.  [#5413]
+  * gpgsm: Add basic ECC support.
 
-  * scdaemon: Support compressed points.  [96577e2e46e4]
+  * gpgsm: Support creation of EdDSA certificates.  [#4888]
 
-  * scdaemon: Prettify S/N for Yubikeys and fix reading for early
-    Yubikey 5 tokens.  [f8588369bcb0,#5442]
+  * agent: Allow the use of "Label:" in a key file to customize the
+    pinentry prompt.  [5388537806]
 
-  * dirmngr: New option --ldapserver to avoid the need for the
-    separate dirmngr_ldapservers.conf file.
+  * agent: Support ssh-agent extensions for environment variables.
+    With a patched version of OpenSSH this avoids the need for the
+    "updatestartuptty" kludge.  [224e26cf7b]
 
-  * dirmngr: The dirmngr_ldap wrapper has been rewritten to properly
-    support ldap-over-tls and starttls for X.509 certificates and
-    CRLs.  [39815c023f03]
+  * scd: Improve support for multiple card readers and tokens.
 
-  * dirmngr: OpenPGP LDAP keyservers may now also be configured using
-    the same syntax as used for X.509 and CRL LDAP servers.  This
-    avoids the former cumbersome quoting rules and adds a flexible set
-    of flags to control the connection.  [2b4cddf9086f]
+  * scd: Support PIV cards.
 
-  * dirmngr: The "ldaps" scheme of an OpenPGP keyserver URL is now
-    interpreted as ldap-with-starttls on port 389.  To use the
-    non-standardized ldap-over-tls the new LDAP configuration method
-    of the new attribute "gpgNtds" needs to be used.  [55f46b33df08]
+  * scd: Support for Rohde&Schwarz Cybersecurity cards.
 
-  * dirmngr: Return the fingerprint as search result also for LDAP
-    OpenPGP keyservers.  This requires the modernized LDAP schema.
-    [#5441]
+  * scd: Support Telesec Signature Cards v2.0
 
-  * dirmngr: An OpenPGP LDAP search by a mailbox now ignores revoked
-    keys.  [b6f8cd7eef4b]
+  * scd: Support multiple application on certain smartcard.
 
-  * gpgconf: Make runtime changes with non-default homedir work.
-    [c8f0b02936c7]
+  * scd: New option --application-priority.
 
-  * gpgconf: Do not translate an empty string to the PO file's meta
-    data.  [#5363]
+  * scd: New option --pcsc-shared; see man page for important notes.
 
-  * gpgconf: Fix argv overflow if --homedir is used.  [#5366]
+  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
 
-  * gpgconf: Return a new pseudo option "compliance_de_vs".
-    [9feffc03f364]
+  * The symcryptrun tool, a wrapper for the now obsolete external
+    Chiasmus tool, has been removed.
 
-  * gpgtar: Fix file size computation under Windows.  [198b240b1955]
+  * Full Unicode support for the command line.  [#4398]
 
-  * Full Unicode support for the Windows command line.  [#4398]
+  Changes also found in 2.2.27:
 
-  * Fix problem with Windows Job objects and auto start of our
-    daemons.  [#4333]
+  * gpg: Fix regression in 2.2.24 for gnupg_remove function under
+    Windows.  [#5230]
 
-  * i18n: In German always use "Passwort" instead of "Passphrase" in
-    prompts.
+  * gpgconf: Fix case with neither local nor global gpg.conf.  [9f37d3e6f3]
 
-  Release-info: https://dev.gnupg.org/T5482
-  See-also: gnupg-announce/2021q2/000460.html
+  * gpgconf: Fix description of two new options.  [#5221]
 
+  * Build Windows installer without timestamps.  Note that the
+    Authenticode signatures still carry a timestamp.
 
-Noteworthy changes in version 2.2.27 (2021-01-11)
--------------------------------------------------
-
- * gpg: Fix regression in 2.2.24 for gnupg_remove function under
-   Windows.  [#5230]
-
- * gpgconf: Fix case with neither local nor global gpg.conf.  [9f37d3e6f3]
-
- * gpgconf: Fix description of two new options.  [#5221]
-
- * Build Windows installer without timestamps.  Note that the
-   Authenticode signatures still carry a timestamp.
-
-  Release-info: https://dev.gnupg.org/T5234
-  See-also: gnupg-announce/2021q1/000452.html
-
-
-Noteworthy changes in version 2.2.26 (2020-12-21)
--------------------------------------------------
+  Changes also found in 2.2.26:
 
   * gpg: New AKL method "ntds".  [559efd23e9]
 
@@ -489,12 +116,7 @@ Noteworthy changes in version 2.2.26 (2020-12-21)
 
   * Fix the iconv fallback handling to UTF-8.  [#5038]
 
-  Release-info: https://dev.gnupg.org/T5153
-  See-also: gnupg-announce/2020q4/000451.html
-
-
-Noteworthy changes in version 2.2.25 (2020-11-23)
--------------------------------------------------
+  Changes also found in 2.2.25:
 
   * scd: Fix regression in 2.2.24 requiring gpg --card-status before
     signing or decrypting.  [#5065]
@@ -502,12 +124,7 @@ Noteworthy changes in version 2.2.25 (2020-11-23)
   * gpgsm: Using Libksba 1.5.0 signatures with a rarely used
     combination of attributes can now be verified.  [#5146]
 
-  Release-info: https://dev.gnupg.org/T5140
-  See-also: gnupg-announce/2020q4/000450.html
-
-
-Noteworthy changes in version 2.2.24 (2020-11-17)
--------------------------------------------------
+  Changes also found in 2.2.24:
 
   * Allow Unicode file names on Windows almost everywhere.  Note that
     it is still not possible to use Unicode strings on the command
@@ -533,9 +150,6 @@ Noteworthy changes in version 2.2.24 (2020-11-17)
     ECDSA.  This is in particular needed for keys created from
     existing smartcard based keys.  [aeed0b93ff]
 
-  * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys.
-    [#5114]
-
   * agent: Keep some permissions of private-keys-v1.d.  [#2312]
 
   * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
@@ -555,19 +169,7 @@ Noteworthy changes in version 2.2.24 (2020-11-17)
   * w32: Install gpg-check-pattern and example profiles.  Install
     Windows subsystem variant of gpgconf (gpgconf-w32).
 
-  * i18n: Complete overhaul and completion of the Italian translation.
-    Thanks to Denis Renzi.
-
-  * Require Libgcrypt 1.8 because 1.7 has long reached end-of-life.
-
-  Release-info: https://dev.gnupg.org/T5052
-  See-also: gnupg-announce/2020q4/000449.html
-
-
-Noteworthy changes in version 2.2.23 (2020-09-03)
--------------------------------------------------
-
-  * gpg: Fix AEAD preference list overflow.  [#5050]
+  Changes also found in 2.2.23:
 
   * gpg: Fix a possible segv in the key cleaning code.
 
@@ -576,15 +178,7 @@ Noteworthy changes in version 2.2.23 (2020-09-03)
   * scdaemon: Fix a PIN verify failure on certain OpenPGP card
     implementations.  Regression in 2.2.22.  [#5039]
 
-  * po: Fix bug in the Hungarian translation.  Updates for the Czech,
-    Polish, and Ukrainian translations.
-
-  Release-info: https://dev.gnupg.org/T5045
-  See-also: gnupg-announce/2020q3/000448.html
-
-
-Noteworthy changes in version 2.2.22 (2020-08-27)
--------------------------------------------------
+  Changes also found in 2.2.22:
 
   * gpg: Change the default key algorithm to rsa3072.
 
@@ -622,25 +216,14 @@ Noteworthy changes in version 2.2.22 (2020-08-27)
   * gpgpslit: Install tool.  It was not installed in the past to avoid
     conflicts with the version installed by GnuPG 1.4.  [#5023]
 
-  * gpgtar: Handle Unicode file names on Windows correctly (requires
-    libgpg-error 1.39).  [#4083]
+  * gpgtar: Handle Unicode file names on Windows correctly. [#4083]
 
   * gpgtar: Make --files-from and --null work as documented.  [#5027]
 
   * Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
     connections succeed for servers demanding GCM.
 
-  Release-info: https://dev.gnupg.org/T5030
-  See-also: gnupg-announce/2020q3/000447.html
-
-
-Noteworthy changes in version 2.2.21 (2020-07-09)
--------------------------------------------------
-
-  * gpg: Improve symmetric decryption speed by about 25%.
-    See commit 144b95cc9d.
-
-  * gpg: Support decryption of AEAD encrypted data packets.
+  Changes also found in 2.2.21:
 
   * gpg: Add option --no-include-key-block. [#4856]
 
@@ -676,15 +259,12 @@ Noteworthy changes in version 2.2.21 (2020-07-09)
   * wkd: Take name of sendmail from configure.  Fixes an OpenBSD
     specific bug.  [#4886]
 
-  Release-info: https://dev.gnupg.org/T4897
-  See-also: gnupg-announce/2020q3/000446.html
+  * Support a command history file in gpg-card and gpg-connect-agent.
 
+  Changes also found in 2.2.20:
 
-Noteworthy changes in version 2.2.20 (2020-03-20)
--------------------------------------------------
-
-  * Protect the error counter against overflow to guarantee that the
-    tools can't be tricked into returning success after an error.
+  * In constrast to 2.2 no explicit protection against overflow of the
+    error counter is needed because libgpg-error takes care of this.
 
   * gpg: Make really sure that --verify-files always returns an error.
 
@@ -712,28 +292,18 @@ Noteworthy changes in version 2.2.20 (2020-03-20)
 
   * Avoid build problems with LTO or gcc-10. [#4831]
 
-  Release-info: https://dev.gnupg.org/T4860
-  See-also: gnupg-announce/2020q1/000444.html
-
-
-Noteworthy changes in version 2.2.19 (2019-12-07)
--------------------------------------------------
+  Changes also found in 2.2.19:
 
-  * gpg: Fix double free when decrypting for hidden recipients.
-    Regression in 2.2.18.  [#4762].
+  * gpg: Only in 2.2.19; not requird in master: Fix double free when
+    decrypting for hidden recipients.  Regression in 2.2.18.  [#4762].
 
-  * gpg: Use auto-key-locate for encryption even for mail addressed
+  * gpg: Use auto-key-locate for encryption even for mail addresses
     given with angle brackets.  [#4726]
 
   * gpgsm: Add special case for certain expired intermediate
     certificates.  [#4696]
 
-  Release-info: https://dev.gnupg.org/T4768
-  See-also: gnupg-announce/2019q4/000443.html
-
-
-Noteworthy changes in version 2.2.18 (2019-11-25)
--------------------------------------------------
+  Changes also found in 2.2.18:
 
   * gpg: Changed the way keys are detected on a smartcards; this
     allows the use of non-OpenPGP cards.  In the case of a not very
@@ -745,10 +315,11 @@ Noteworthy changes in version 2.2.18 (2019-11-25)
 
   * gpg: Prepare against chosen-prefix SHA-1 collisions in key
     signatures.  This change removes all SHA-1 based key signature
-    newer than 2019-01-19 from the web-of-trust.  Note that this
-    includes all key signature created with dsa1024 keys.  The new
-    option --allow-weak-key-signatues can be used to override the new
-    and safer behaviour.  [#4755,CVE-2019-14855]
+    from the web-of-trust.  Note that this includes all key signature
+    created with dsa1024 keys.  (Version 2.2.18 limits this to key
+    signatures newer than 2019-01-19.)  The new option
+    --allow-weak-key-signatues can be used to override the new and
+    safer behaviour.  [#4755,CVE-2019-14855]
 
   * gpg: Improve performance for import of large keyblocks.  [#4592]
 
@@ -798,12 +369,7 @@ Noteworthy changes in version 2.2.18 (2019-11-25)
   * wkd: gpg-wks-client --install-key now installs the required policy
     file.
 
-  Release-info: https://dev.gnupg.org/T4684
-  See-also: gnupg-announce/2019q4/000442.html
-
-
-Noteworthy changes in version 2.2.17 (2019-07-09)
--------------------------------------------------
+  Changes also found in 2.2.17:
 
   * gpg: Ignore all key-signatures received from keyservers.  This
     change is required to mitigate a DoS due to keys flooded with
@@ -835,12 +401,7 @@ Noteworthy changes in version 2.2.17 (2019-07-09)
 
   * gpgconf: Fix a race condition when killing components.  [#4577]
 
-  Release-info: https://dev.gnupg.org/T4606
-  See-also: gnupg-announce/2019q3/000439.html
-
-
-Noteworthy changes in version 2.2.16 (2019-05-28)
--------------------------------------------------
+  Changes also found in 2.2.16:
 
   * gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
     violation.  [#4505]
@@ -900,12 +461,7 @@ Noteworthy changes in version 2.2.16 (2019-05-28)
 
   * The installer for Windows now comes with signed binaries.
 
-  Release-info: https://dev.gnupg.org/T4509
-  See-also: gnupg-announce/2019q2/000438.html
-
-
-Noteworthy changes in version 2.2.15 (2019-03-26)
--------------------------------------------------
+  Changes also found in 2.2.15:
 
   * sm: Fix --logger-fd and --status-fd on Windows for non-standard
     file descriptors.
@@ -921,18 +477,11 @@ Noteworthy changes in version 2.2.15 (2019-03-26)
   * wkd: New commands --print-wkd-hash and --print-wkd-url for
     gpg-wks-client.
 
-  Release-info: https://dev.gnupg.org/T4434
-  See-also: gnupg-announce/2019q1/000436.html
-
-
-Noteworthy changes in version 2.2.14 (2019-03-19)
--------------------------------------------------
+  Changes also found in 2.2.14:
 
   * gpg: Allow import of PGP desktop exported secret keys.  Also avoid
    importing secret keys if the secret keyblock is not valid.  [#4392]
 
-  * gpg: Do not error out on version 5 keys in the local keyring.
-
   * gpg: Make invalid primary key algo obvious in key listings.
 
   * sm: Do not mark a certificate in a key listing as de-vs compliant
@@ -960,12 +509,7 @@ Noteworthy changes in version 2.2.14 (2019-03-19)
 
   * gpgtar: Make option -C work for archive creation.
 
-  Release-info: https://dev.gnupg.org/T4412
-  See-also: gnupg-announce/2019q1/000435.html
-
-
-Noteworthy changes in version 2.2.13 (2019-02-12)
--------------------------------------------------
+  Changes also found in 2.2.13:
 
   * gpg: Implement key lookup via keygrip (using the & prefix).
 
@@ -987,12 +531,7 @@ Noteworthy changes in version 2.2.13 (2019-02-12)
   * wks: Do no use compression for the the encrypted challenge and
     response.
 
-  Release-info: https://dev.gnupg.org/T4290
-  See-also: gnupg-announce/2019q1/000434.html
-
-
-Noteworthy changes in version 2.2.12 (2018-12-14)
--------------------------------------------------
+  Changes also found in 2.2.12:
 
   * tools: New commands --install-key and --remove-key for
     gpg-wks-client.  This allows to prepare a Web Key Directory on a
@@ -1025,14 +564,9 @@ Noteworthy changes in version 2.2.12 (2018-12-14)
 
   * New simplified Chinese translation (zh_CN).
 
-  Release-info: https://dev.gnupg.org/T4289
-  See-also: gnupg-announce/2018q4/000433.html
-
+  Changes also found in 2.2.11:
 
-Noteworthy changes in version 2.2.11 (2018-11-06)
--------------------------------------------------
-
-  * gpgsm: Fix CRL loading when intermediate certicates are not yet
+  * gpgsm: Fix CRL loading when intermediate certificates are not yet
     trusted.
 
   * gpgsm: Fix an error message about the digest algo.  [#4219]
@@ -1070,12 +604,7 @@ Noteworthy changes in version 2.2.11 (2018-11-06)
 
   * Fix some minor memory leaks and bugs.
 
-  Release-info: https://dev.gnupg.org/T4233
-  See-also: gnupg-announce/2018q4/000432.html
-
-
-Noteworthy changes in version 2.2.10 (2018-08-30)
--------------------------------------------------
+  Changes also found in 2.2.10:
 
   * gpg: Refresh expired keys originating from the WKD.  [#2917]
 
@@ -1089,12 +618,7 @@ Noteworthy changes in version 2.2.10 (2018-08-30)
 
   * dirmngr: Validate SRV records in WKD queries.
 
-  Release-info: https://dev.gnupg.org/T4112
-  See-also: gnupg-announce/2018q3/000428.html
-
-
-Noteworthy changes in version 2.2.9 (2018-07-12)
-------------------------------------------------
+  Changes also found in 2.2.9:
 
   * dirmngr: Fix recursive resolver mode and other bugs in the libdns
     code.  [#3374,#3803,#3610]
@@ -1131,12 +655,7 @@ Noteworthy changes in version 2.2.9 (2018-07-12)
 
   * gpg: New "usage" property for the drop-subkey filters.  [#4019]
 
-  Release-info: https://dev.gnupg.org/T4036
-  See-also: gnupg-announce/2018q3/000427.html
-
-
-Noteworthy changes in version 2.2.8 (2018-06-08)
-------------------------------------------------
+  Changes also found in 2.2.8:
 
   * gpg: Decryption of messages not using the MDC mode will now lead
     to a hard failure even if a legacy cipher algorithm was used.  The
@@ -1164,11 +683,7 @@ Noteworthy changes in version 2.2.8 (2018-06-08)
   * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
     list of startup environment variables.  [#3947]
 
-  See-also: gnupg-announce/2018q2/000425.html
-
-
-Noteworthy changes in version 2.2.7 (2018-05-02)
-------------------------------------------------
+  Changes also found in 2.2.7:
 
   * gpg: New option --no-symkey-cache to disable the passphrase cache
     for symmetrical en- and decryption.
@@ -1195,7 +710,7 @@ Noteworthy changes in version 2.2.7 (2018-05-02)
   * dirmngr: Fallback to CRL if no default OCSP responder is configured.
 
   * dirmngr: Implement CRL fetching via https.  Here a redirection to
-    http is explictly allowed.
+    http is explicitly allowed.
 
   * dirmngr: Make LDAP searching and CRL fetching work under Windows.
     This stopped working with 2.1.  [#3937]
@@ -1203,11 +718,7 @@ Noteworthy changes in version 2.2.7 (2018-05-02)
   * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
     debugging.
 
-  See-also: gnupg-announce/2018q2/000424.html
-
-
-Noteworthy changes in version 2.2.6 (2018-04-09)
-------------------------------------------------
+  Changes also found in 2.2.6:
 
   * gpg,gpgsm: New option --request-origin to pretend requests coming
     from a browser or a remote site.
@@ -1231,17 +742,12 @@ Noteworthy changes in version 2.2.6 (2018-04-09)
 
   * gpg: Print the keygrips in the --card-status.
 
-  * gpg: Improve the OpenPGP card's factory-reset.  [7f765a98fd]
-
   * scd: Support KDF DO setup.  [#3823]
 
   * scd: Fix some issues with PC/SC on Windows.  [#3825]
 
   * scd: Fix suspend/resume handling in the CCID driver.
 
-  * scd: Fix a race condition in the CCID driver leading to a segv for
-    some readers.  [#5121]
-
   * agent: Evict cached passphrases also via a timer.  [#3829]
 
   * agent: Use separate passphrase caches depending on the request
@@ -1257,11 +763,7 @@ Noteworthy changes in version 2.2.6 (2018-04-09)
 
   * Allow the use of UNC directory names as homedir.  [#3818]
 
-  See-also: gnupg-announce/2018q2/000421.html
-
-
-Noteworthy changes in version 2.2.5 (2018-02-22)
-------------------------------------------------
+  Changes also found in 2.2.5:
 
   * gpg: Allow the use of the "cv25519" and "ed25519" short names in
     addition to the canonical curve names in --batch --gen-key.
@@ -1304,11 +806,7 @@ Noteworthy changes in version 2.2.5 (2018-02-22)
     with statically linked versions of the core GnuPG libraries.  Also
     use --enable-wks-tools by default by Speedo builds for Unix.
 
-  See-also: gnupg-announce/2018q1/000420.html
-
-
-Noteworthy changes in version 2.2.4 (2017-12-20)
-------------------------------------------------
+  Changes also found in 2.2.4:
 
   * gpg: Change default preferences to prefer SHA512.
 
@@ -1337,11 +835,7 @@ Noteworthy changes in version 2.2.4 (2017-12-20)
   * New configure option --enable-run-gnupg-user-socket to first try a
     socket directory which is not removed by systemd at session end.
 
-  See-also: gnupg-announce/2017q4/000419.html
-
-
-Noteworthy changes in version 2.2.3 (2017-11-20)
-------------------------------------------------
+  Changes also found in 2.2.3:
 
   * gpgsm: Fix initial keybox creation on Windows. [#3507]
 
@@ -1358,11 +852,7 @@ Noteworthy changes in version 2.2.3 (2017-11-20)
   * agent: Improve robustness of the shutdown pending
     state. [Git#7ffedfab89]
 
-  See-also: gnupg-announce/2017q4/000417.html
-
-
-Noteworthy changes in version 2.2.2 (2017-11-07)
-------------------------------------------------
+  Changes also found in 2.2.2:
 
   * gpg: Avoid duplicate key imports by concurrently running gpg
     processes. [#3446]
@@ -1390,7 +880,7 @@ Noteworthy changes in version 2.2.2 (2017-11-07)
 
   * gpgsm: Do not expect X.509 keyids to be unique.  [#1644]
 
-  * agent: Fix stucked Pinentry when using --max-passphrase-days. [#3190]
+  * agent: Fix stuck Pinentry when using --max-passphrase-days. [#3190]
 
   * agent: New option --s2k-count.  [#3276 (workaround)]
 
@@ -1403,11 +893,7 @@ Noteworthy changes in version 2.2.2 (2017-11-07)
 
   * Add configure option --enable-werror.  [#2423]
 
-  See-also: gnupg-announce/2017q4/000416.html
-
-
-Noteworthy changes in version 2.2.1 (2017-09-19)
-------------------------------------------------
+  Changes also found in 2.2.1:
 
   * gpg: Fix formatting of the user id in batch mode key generation
     if only "name-email" is given.
@@ -1427,7 +913,40 @@ Noteworthy changes in version 2.2.1 (2017-09-19)
     certificates are configured.  If build with GNUTLS, this was
     already the case.
 
-  See-also: gnupg-announce/2017q3/000415.html
+  Release-info: https://dev.gnupg.org/T5343
+  See-also: gnupg-announce/2021q2/000458.html
+
+
+Release dates of 2.2 versions
+-----------------------------
+
+Version 2.2.27 (2021-01-11) https://dev.gnupg.org/T5234
+Version 2.2.26 (2020-12-21) https://dev.gnupg.org/T5153
+Version 2.2.25 (2020-11-23) https://dev.gnupg.org/T5140
+Version 2.2.24 (2020-11-17) https://dev.gnupg.org/T5052
+Version 2.2.23 (2020-09-03) https://dev.gnupg.org/T5045
+Version 2.2.22 (2020-08-27) https://dev.gnupg.org/T5030
+Version 2.2.21 (2020-07-09) https://dev.gnupg.org/T4897
+Version 2.2.20 (2020-03-20) https://dev.gnupg.org/T4860
+Version 2.2.19 (2019-12-07) https://dev.gnupg.org/T4768
+Version 2.2.18 (2019-11-25) https://dev.gnupg.org/T4684
+Version 2.2.17 (2019-07-09) https://dev.gnupg.org/T4606
+Version 2.2.16 (2019-05-28) https://dev.gnupg.org/T4509
+Version 2.2.15 (2019-03-26) https://dev.gnupg.org/T4434
+Version 2.2.14 (2019-03-19) https://dev.gnupg.org/T4412
+Version 2.2.13 (2019-02-12) https://dev.gnupg.org/T4290
+Version 2.2.12 (2018-12-14) https://dev.gnupg.org/T4289
+Version 2.2.11 (2018-11-06) https://dev.gnupg.org/T4233
+Version 2.2.10 (2018-08-30) https://dev.gnupg.org/T4112
+Version 2.2.9  (2018-07-12) https://dev.gnupg.org/T4036
+Version 2.2.8  (2018-06-08)
+Version 2.2.7  (2018-05-02)
+Version 2.2.6  (2018-04-09)
+Version 2.2.5  (2018-02-22)
+Version 2.2.4  (2017-12-20)
+Version 2.2.3  (2017-11-20)
+Version 2.2.2  (2017-11-07)
+Version 2.2.1  (2017-09-19)
 
 
 Noteworthy changes in version 2.2.0 (2017-08-28)
@@ -2061,7 +1580,7 @@ Noteworthy changes in version 2.1.11 (2016-01-26)
 
  * gpg: Emit PROGRESS status lines during key generation.
 
- * gpg: Don't check for ambigious or non-matching key specification in
+ * gpg: Don't check for ambiguous or non-matching key specification in
    the config file or given to --encrypt-to.  This feature will return
    in 2.3.x.
 
@@ -2088,7 +1607,7 @@ Noteworthy changes in version 2.1.11 (2016-01-26)
  * dirmmgr: All configured keyservers are now searched.
 
  * dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
-   Use this certiticate even if --hkp-cacert is not used.
+   Use this certificate even if --hkp-cacert is not used.
 
  * gpgtar: Add actual encryption code.  gpgtar does now fully replace
    gpg-zip.
@@ -2122,7 +1641,7 @@ Noteworthy changes in version 2.1.10 (2015-12-04)
  * gpg: New option --only-sign-text-ids to exclude photo IDs from key
    signing.
 
- * gpg: Check for ambigious or non-matching key specification in the
+ * gpg: Check for ambiguous or non-matching key specification in the
    config file or given to --encrypt-to.
 
  * gpg: Show the used card reader with --card-status.
@@ -2412,7 +1931,7 @@ Noteworthy changes in version 2.1.1 (2014-12-16)
 
  * gpg: Fixed regression in --refresh-keys.
 
- * gpg: Fixed regresion in %g and %p codes for --sig-notation.
+ * gpg: Fixed regression in %g and %p codes for --sig-notation.
 
  * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA.
 
@@ -2492,7 +2011,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
 
  * gpg: Default keyring is now created with a .kbx suffix.
 
- * gpg: Add a shortcut to the key capabilies menu (e.g. "=e" sets the
+ * gpg: Add a shortcut to the key capabilities menu (e.g. "=e" sets the
    encryption capabilities).
 
  * gpg: Fixed obsolete options parsing.
@@ -2647,7 +2166,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
 
  * scdaemon: Rename option --disable-pinpad (was --disable-keypad).
 
- * scdaemon: Better support fo CCID readers.  Now, internal CCID
+ * scdaemon: Better support for CCID readers.  Now, internal CCID
    driver supports readers with no auto configuration feature.
 
  * dirmngr: Removed support for the original HKP keyserver which is
@@ -2684,7 +2203,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
  * scdaemon: Does not anymore block after changing a card (regression
    fix).
 
- * tools: gpg-connect-agent does now proberly display the help output
+ * tools: gpg-connect-agent does now properly display the help output
    for "SCD HELP" commands.
 
 
@@ -2809,7 +2328,7 @@ Noteworthy changes in version 2.0.13 (2009-09-04)
  * Add hack to the internal CCID driver to allow the use of some
    Omnikey based card readers with 2048 bit keys.
 
- * GPG now repeatly asks the user to insert the requested OpenPGP
+ * GPG now repeatedly asks the user to insert the requested OpenPGP
    card.  This can be disabled with --limit-card-insert-tries=1.
 
  * Minor bug fixes.
@@ -2935,7 +2454,7 @@ Noteworthy changes in version 2.0.9 (2008-03-26)
 
  * Extended the PKITS framework.
 
- * Fixed a bug in the ambigious name detection.
+ * Fixed a bug in the ambiguous name detection.
 
  * Fixed possible memory corruption while importing OpenPGP keys (bug
    introduced with 2.0.8). [CVE-2008-1530]
@@ -4189,7 +3708,7 @@ Noteworthy changes in version 1.0.1 (1999-12-16)
     * Fixed some minor bugs and the problem with conventional encrypted
       packets which did use the gpg v3 partial length headers.
 
-    * Add Indonesian and Portugese translations.
+    * Add Indonesian and Portuguese translations.
 
     * Fixed a bug with symmetric-only encryption using the non-default 3DES.
       The option --emulate-3des-s2k-bug may be used to decrypt documents
@@ -4292,7 +3811,7 @@ Noteworthy changes in version 0.9.8 (1999-06-26)
 
     * New option --with-key-data to list the public key parameters.
       New option -N to insert notations and a --set-policy-url.
-      A couple of other options to allow reseting of options.
+      A couple of other options to allow resetting of options.
 
     * Better support for HPUX.
 
@@ -4771,7 +4290,7 @@ Noteworthy changes in version 0.2.19 (1998-05-29)
 Noteworthy changes in version 0.2.18 (1998-05-15)
 ------------------------------------
 
-    * Splitted cipher/random.c, add new option "--disable-dev-random"
+    * Split cipher/random.c, add new option "--disable-dev-random"
       to configure to support the development of a random source for
       other systems. Prepared sourcefiles rand-unix.c, rand-w32.c
       and rand-dummy.c (which is used to allow compilation on systems
diff --git a/README b/README
index 1ff3f5f..d21089c 100644
--- a/README
+++ b/README
@@ -1,10 +1,10 @@
                        The GNU Privacy Guard 2
                       =========================
-                             Version 2.2
+                         Version 2.3 (devel)
 
           Copyright 1997-2019 Werner Koch
           Copyright 1998-2021 Free Software Foundation, Inc.
-          Copyright 2003-2022 g10 Code GmbH
+          Copyright 2003-2021 g10 Code GmbH
 
 
 * INTRODUCTION
@@ -25,13 +25,9 @@
   can be freely used, modified and distributed under the terms of the
   GNU General Public License.
 
-  Note that the 2.0 series of GnuPG reached end-of-life on 2017-12-31.
-  It is not possible to install a 2.2.x version along with any 2.0.x
-  version.
-
 * BUILD INSTRUCTIONS
 
-  GnuPG 2.2 depends on the following GnuPG related packages:
+  GnuPG 2.3 depends on the following GnuPG related packages:
 
     npth         (https://gnupg.org/ftp/gcrypt/npth/)
     libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
@@ -42,9 +38,9 @@
   You should get the latest versions of course, the GnuPG configure
   script complains if a version is not sufficient.
 
-  For some advanced features several other libraries are required.
-  The configure script prints diagnostic messages if one of these
-  libraries is not available and a feature will not be available..
+  Several other standard libraries are also required.  The configure
+  script prints diagnostic messages if one of these libraries is not
+  available and a feature will not be available..
 
   You also need the Pinentry package for most functions of GnuPG;
   however it is not a build requirement.  Pinentry is available at
@@ -67,9 +63,7 @@
   Before running the "make install" you might need to become root.
 
   If everything succeeds, you have a working GnuPG with support for
-  OpenPGP, S/MIME, ssh-agent, and smartcards.  Note that there is no
-  binary gpg but a gpg2 so that this package won't conflict with a
-  GnuPG 1.4 installation.  gpg2 behaves just like gpg.
+  OpenPGP, S/MIME, ssh-agent, and smartcards.
 
   In case of problem please ask on the gnupg-users@gnupg.org mailing
   list for advise.
@@ -78,16 +72,11 @@
   doc/HACKING in the section "How to build an installer for Windows".
   This requires some experience as developer.
 
-  Note that the PKITS tests are always skipped unless you copy the
-  PKITS test data file into the tests/pkits directory.  There is no
-  need to run these test and some of them may even fail because the
-  test scripts are not yet complete.
-
   You may run
 
     gpgconf --list-dirs
 
-  to view the default directories used by GnuPG.
+  to view the directories used by GnuPG.
 
   To quickly build all required software without installing it, the
   Speedo method may be used:
@@ -120,28 +109,7 @@
 
   Add other options as needed.
 
-* MIGRATION from 1.4 or 2.0 to 2.2
-
-  The major change in 2.2 is gpg-agent taking care of the OpenPGP
-  secret keys (those managed by GPG).  The former file "secring.gpg"
-  will not be used anymore.  Newly generated keys are stored in the
-  agent's key store directory "~/.gnupg/private-keys-v1.d/".  The
-  first time gpg needs a secret key it checks whether a "secring.gpg"
-  exists and copies them to the new store.  The old secring.gpg is
-  kept for use by older versions of gpg.
-
-  Note that gpg-agent now uses a fixed socket.  All tools will start
-  the gpg-agent as needed.  The formerly used environment variable
-  GPG_AGENT_INFO is ignored by 2.2.  The SSH_AUTH_SOCK environment
-  variable should be set to a fixed value.
-
-  The Dirmngr is now part of GnuPG proper and also used to access
-  OpenPGP keyservers.  The directory layout of Dirmngr changed to make
-  use of the GnuPG directories.  Dirmngr is started by gpg or gpgsm as
-  needed. There is no more need to install a separate Dirmngr package.
 
-  All changes introduced with GnuPG 2.2 have been developed in the 2.1
-  series of releases.  See the respective entries in the file NEWS.
 
 * RECOMMENDATIONS
 
@@ -152,9 +120,9 @@
   the file system, it is sometimes not possible to use the GnuPG home
   directory (i.e. ~/.gnupg) as the location for the sockets.  To solve
   this problem GnuPG prefers the use of a per-user directory below the
-  the /run (or /var/run) hierarchy for the the sockets.  It is thus
+  the /run (or /var/run) hierarchy for the sockets.  It is thus
   suggested to create per-user directories on system or session
-  startup.  For example the following snippet can be used in
+  startup.  For example, the following snippet can be used in
   /etc/rc.local to create these directories:
 
       [ ! -d /run/user ] && mkdir /run/user
@@ -167,6 +135,7 @@
               fi
             done )
 
+
 * DOCUMENTATION
 
   The complete documentation is in the texinfo manual named
@@ -179,15 +148,16 @@
   version of the manual pertaining to the current development snapshot
   is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
 
-* Installing GnuPG 2.2. and GnuPG 1.4
 
-  GnuPG 2.2 is a current version of GnuPG with state of the art
-  security design and many more features.  To install both versions
-  alongside, it is suggested to rename the 1.4 version of "gpg" to
-  "gpg1" as well as the corresponding man page.  Newer releases of the
-  1.4 branch will likely do this by default.  In case this is not
-  possible, the 2.2 version can be installed under the name "gpg2"
-  using the configure option --enable-gpg-is-gpg2.
+* Using the legacy version GnuPG 1.4
+
+  The 1.4 version of GnuPG is only intended to allow decryption of old
+  data material using legacy keys which are not anymore supported by
+  GnuPG 2.x.  To install both versions alongside, it is suggested to
+  rename the 1.4 version of "gpg" to "gpg1" as well as the
+  corresponding man page.  Newer releases of the 1.4 branch will
+  likely do this by default.
+
 
 * HOW TO GET MORE INFORMATION
 
@@ -196,7 +166,6 @@
   "https://gnupg.org/faq/whats-new-in-2.1.html" .
 
   The primary WWW page is "https://gnupg.org"
-             or using Tor "http://ic6au7wa3f6naxjq.onion"
   The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
 
   See [[https://gnupg.org/download/mirrors.html]] for a list of
@@ -237,13 +206,13 @@
   authors and we try to answer questions when time allows us.
 
   Commercial grade support for GnuPG is available; for a listing of
-  offers see https://gnupg.org/service.html.  Maintaining and
-  improving GnuPG requires a lot of time.  Since 2001 g10 Code GmbH, a
-  German company owned and headed by GnuPG's principal author Werner
-  Koch and Gpg4win maintainer Andre Heinecke, is bearing the majority
-  of these costs.  Under the brand https://gnupg.com g10 Code GmbH
-  does now provide commercial offers.  Donations are also appreciated;
-  see https://gnupg.org/donate/ .
+  offers see https://gnupg.org/service.html .  Maintaining and
+  improving GnuPG requires a lot of time.  Since 2001, g10 Code GmbH,
+  a German company owned and headed by GnuPG's principal author Werner
+  Koch, is bearing the majority of these costs.  To keep GnuPG in a
+  healthy state, they need your support.
+
+  Please consider to donate at https://gnupg.org/donate/ .
 
 
 # This file is Free Software; as a special exception the authors gives
diff --git a/VERSION b/VERSION
index fdaade6..276cbf9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2.39
+2.3.0
diff --git a/acinclude.m4 b/acinclude.m4
index 690dc42..cc5870e 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -52,50 +52,6 @@ AC_DEFUN([GNUPG_CHECK_GNUMAKE],
     fi
   ])
 
-dnl GNUPG_CHECK_FAQPROG
-dnl
-AC_DEFUN([GNUPG_CHECK_FAQPROG],
-  [ AC_MSG_CHECKING(for faqprog.pl)
-    if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
-        working_faqprog=yes
-        FAQPROG="faqprog.pl"
-    else
-	working_faqprog=no
-        FAQPROG=": "
-    fi
-    AC_MSG_RESULT($working_faqprog)
-    AC_SUBST(FAQPROG)
-    AM_CONDITIONAL(WORKING_FAQPROG, test "$working_faqprog" = "yes" )
-
-dnl     if test $working_faqprog = no; then
-dnl         AC_MSG_WARN([[
-dnl ***
-dnl *** It seems that the faqprog.pl program is not installed;
-dnl *** however it is only needed if you want to change the FAQ.
-dnl ***  (faqprog.pl should be available at:
-dnl ***    ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl )
-dnl *** No need to worry about this warning.
-dnl ***]])
-dnl     fi
-   ])
-
-dnl GNUPG_CHECK_DOCBOOK_TO_TEXI
-dnl
-AC_DEFUN([GNUPG_CHECK_DOCBOOK_TO_TEXI],
-  [
-    AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no)
-    AC_MSG_CHECKING(for sgml to texi tools)
-    working_sgmltotexi=no
-    if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then
-      if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then
-            working_sgmltotexi=yes
-      fi
-    fi
-    AC_MSG_RESULT($working_sgmltotexi)
-    AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" )
-   ])
-
-
 
 dnl GNUPG_CHECK_ENDIAN
 dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST
@@ -117,18 +73,18 @@ AC_DEFUN([GNUPG_CHECK_ENDIAN],
     AC_CACHE_VAL(gnupg_cv_c_endian,
       [ gnupg_cv_c_endian=unknown
         # See if sys/param.h defines the BYTE_ORDER macro.
-        AC_TRY_COMPILE([#include <sys/types.h>
-        #include <sys/param.h>], [
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+        #include <sys/param.h>]], [[
         #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
          bogus endian macros
-        #endif], [# It does; now see whether it defined to BIG_ENDIAN or not.
-        AC_TRY_COMPILE([#include <sys/types.h>
-        #include <sys/param.h>], [
+        #endif]])], [# It does; now see whether it defined to BIG_ENDIAN or not.
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+        #include <sys/param.h>]], [[
         #if BYTE_ORDER != BIG_ENDIAN
          not big endian
-        #endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
+        #endif]])], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
         if test "$gnupg_cv_c_endian" = unknown; then
-            AC_TRY_RUN([main () {
+            AC_RUN_IFELSE([AC_LANG_SOURCE([[main () {
               /* Are we little or big endian?  From Harbison&Steele.  */
               union
               {
@@ -137,7 +93,7 @@ AC_DEFUN([GNUPG_CHECK_ENDIAN],
               } u;
               u.l = 1;
               exit (u.c[sizeof (long) - 1] == 1);
-              }],
+              }]])],
               gnupg_cv_c_endian=little,
               gnupg_cv_c_endian=big,
               gnupg_cv_c_endian=$tmp_assumed_endian
@@ -168,11 +124,11 @@ AC_DEFUN([GNUPG_BUILD_PROGRAM],
   [m4_define([my_build], [m4_bpatsubst(build_$1, [[^a-zA-Z0-9_]], [_])])
    my_build=$2
    m4_if([$2],[yes],[
-      AC_ARG_ENABLE([$1], AC_HELP_STRING([--disable-$1],
+      AC_ARG_ENABLE([$1], AS_HELP_STRING([--disable-$1],
                                          [do not build the $1 program]),
                            my_build=$enableval, my_build=$2)
     ],[
-      AC_ARG_ENABLE([$1], AC_HELP_STRING([--enable-$1],
+      AC_ARG_ENABLE([$1], AS_HELP_STRING([--enable-$1],
                                          [build the $1 program]),
                            my_build=$enableval, my_build=$2)
     ])
@@ -194,7 +150,7 @@ AC_DEFUN([GNUPG_BUILD_PROGRAM],
 # GPG_USE_<NAME>.
 AC_DEFUN([GNUPG_GPG_DISABLE_ALGO],
   [AC_MSG_CHECKING([whether to enable the $2 for gpg])
-   AC_ARG_ENABLE([gpg-$1], AC_HELP_STRING([--disable-gpg-$1],
+   AC_ARG_ENABLE([gpg-$1], AS_HELP_STRING([--disable-gpg-$1],
                                           [disable the $2 algorithm in gpg]),
                                           , enableval=yes)
    AC_MSG_RESULT($enableval)
@@ -203,127 +159,6 @@ AC_DEFUN([GNUPG_GPG_DISABLE_ALGO],
    fi
   ])
 
-
-
-
-# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
-# is not called from uid 0 (not tested whether uid 0 works)
-# For DECs Tru64 we have also to check whether mlock is in librt
-# mlock is there a macro using memlk()
-dnl GNUPG_CHECK_MLOCK
-dnl
-AC_DEFUN([GNUPG_CHECK_MLOCK],
-  [ AC_CHECK_FUNCS(mlock)
-    if test "$ac_cv_func_mlock" = "no"; then
-        AC_CHECK_HEADERS(sys/mman.h)
-        if test "$ac_cv_header_sys_mman_h" = "yes"; then
-            # Add librt to LIBS:
-            AC_CHECK_LIB(rt, memlk)
-            AC_CACHE_CHECK([whether mlock is in sys/mman.h],
-                            gnupg_cv_mlock_is_in_sys_mman,
-                [AC_TRY_LINK([
-                    #include <assert.h>
-                    #ifdef HAVE_SYS_MMAN_H
-                    #include <sys/mman.h>
-                    #endif
-                ], [
-                    int i;
-
-                    /* glibc defines this for functions which it implements
-                     * to always fail with ENOSYS.  Some functions are actually
-                     * named something starting with __ and the normal name
-                     * is an alias.  */
-                    #if defined (__stub_mlock) || defined (__stub___mlock)
-                    choke me
-                    #else
-                    mlock(&i, 4);
-                    #endif
-                    ; return 0;
-                ],
-                gnupg_cv_mlock_is_in_sys_mman=yes,
-                gnupg_cv_mlock_is_in_sys_mman=no)])
-            if test "$gnupg_cv_mlock_is_in_sys_mman" = "yes"; then
-                AC_DEFINE(HAVE_MLOCK,1,
-                          [Defined if the system supports an mlock() call])
-            fi
-        fi
-    fi
-    if test "$ac_cv_func_mlock" = "yes"; then
-        AC_MSG_CHECKING(whether mlock is broken)
-          AC_CACHE_VAL(gnupg_cv_have_broken_mlock,
-             AC_TRY_RUN([
-                #include <stdlib.h>
-                #include <unistd.h>
-                #include <errno.h>
-                #include <sys/mman.h>
-                #include <sys/types.h>
-                #include <fcntl.h>
-
-                int main()
-                {
-                    char *pool;
-                    int err;
-                    long int pgsize = getpagesize();
-
-                    pool = malloc( 4096 + pgsize );
-                    if( !pool )
-                        return 2;
-                    pool += (pgsize - ((long int)pool % pgsize));
-
-                    err = mlock( pool, 4096 );
-                    if( !err || errno == EPERM )
-                        return 0; /* okay */
-
-                    return 1;  /* hmmm */
-                }
-
-            ],
-            gnupg_cv_have_broken_mlock="no",
-            gnupg_cv_have_broken_mlock="yes",
-            gnupg_cv_have_broken_mlock="assume-no"
-           )
-         )
-         if test "$gnupg_cv_have_broken_mlock" = "yes"; then
-             AC_DEFINE(HAVE_BROKEN_MLOCK,1,
-                       [Defined if the mlock() call does not work])
-             AC_MSG_RESULT(yes)
-             AC_CHECK_FUNCS(plock)
-         else
-            if test "$gnupg_cv_have_broken_mlock" = "no"; then
-                AC_MSG_RESULT(no)
-            else
-                AC_MSG_RESULT(assuming no)
-            fi
-         fi
-    fi
-  ])
-
-
-dnl Stolen from gcc
-dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead
-dnl of the usual 2.
-AC_DEFUN([GNUPG_FUNC_MKDIR_TAKES_ONE_ARG],
-[AC_CHECK_HEADERS(sys/stat.h unistd.h direct.h)
-AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg,
-[AC_TRY_COMPILE([
-#include <sys/types.h>
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#ifdef HAVE_DIRECT_H
-# include <direct.h>
-#endif], [mkdir ("foo", 0);],
-        gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)])
-if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
-  AC_DEFINE(MKDIR_TAKES_ONE_ARG,1,
-            [Defined if mkdir() does not take permission flags])
-fi
-])
-
-
 # GNUPG_TIME_T_UNSIGNED
 # Check whether time_t is unsigned
 #
diff --git a/aclocal.m4 b/aclocal.m4
index 867f66b..7f18972 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1228,7 +1228,6 @@ m4_include([m4/codeset.m4])
 m4_include([m4/gettext.m4])
 m4_include([m4/gpg-error.m4])
 m4_include([m4/iconv.m4])
-m4_include([m4/isc-posix.m4])
 m4_include([m4/ksba.m4])
 m4_include([m4/lcmessage.m4])
 m4_include([m4/ldap.m4])
@@ -1246,5 +1245,4 @@ m4_include([m4/progtest.m4])
 m4_include([m4/readline.m4])
 m4_include([m4/socklen.m4])
 m4_include([m4/sys_socket_h.m4])
-m4_include([m4/tar-ustar.m4])
 m4_include([acinclude.m4])
diff --git a/agent/Makefile.am b/agent/Makefile.am
index f0ba964..ee7c38d 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -25,9 +25,7 @@ libexec_PROGRAMS += gpg-preset-passphrase
 endif
 noinst_PROGRAMS = $(TESTS)
 
-EXTRA_DIST = ChangeLog-2011 \
-             gpg-agent-w32info.rc gpg-agent.w32-manifest.in \
-             all-tests.scm
+EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc all-tests.scm
 
 
 AM_CPPFLAGS =
@@ -35,14 +33,17 @@ AM_CPPFLAGS =
 include $(top_srcdir)/am/cmacros.am
 
 if HAVE_W32_SYSTEM
-gpg_agent_robjs = $(resource_objs) gpg-agent-w32info.o
-gpg-agent-w32info.o : gpg-agent.w32-manifest
-else
-gpg_agent_robjs =
+resource_objs += gpg-agent-w32info.o
 endif
 
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
 
+if HAVE_LIBTSS
+tpm2_sources =  divert-tpm2.c call-tpm2d.c
+else
+tpm2_sources =
+endif
+
 gpg_agent_SOURCES = \
 	gpg-agent.c agent.h \
 	command.c command-ssh.c \
@@ -50,6 +51,7 @@ gpg_agent_SOURCES = \
 	cache.c \
 	trans.c \
 	findkey.c \
+	sexp-secret.c \
 	pksign.c \
 	pkdecrypt.c \
 	genkey.c \
@@ -58,6 +60,8 @@ gpg_agent_SOURCES = \
 	divert-scd.c \
 	cvt-openpgp.c cvt-openpgp.h \
 	call-scd.c \
+	call-daemon.c \
+	$(tpm2_sources) \
 	learncard.c
 
 common_libs = $(libcommon)
@@ -74,12 +78,13 @@ gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
 gpg_agent_LDADD = $(commonpth_libs) \
                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
 	        $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
-		$(gpg_agent_robjs)
+		$(resource_objs)
 gpg_agent_LDFLAGS = $(extra_bin_ldflags)
-gpg_agent_DEPENDENCIES = $(gpg_agent_robjs)
+gpg_agent_DEPENDENCIES = $(resource_objs)
 
 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
+	sexp-secret.c \
 	protect.c cvt-openpgp.c
 
 gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
diff --git a/agent/Makefile.in b/agent/Makefile.in
index ab8735f..ec02419 100644
--- a/agent/Makefile.in
+++ b/agent/Makefile.in
@@ -142,62 +142,71 @@ noinst_PROGRAMS = $(am__EXEEXT_2)
 @GNUPG_AGENT_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_9 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_10 = gpg-agent-w32info.o
 @DISABLE_TESTS_FALSE@TESTS = t-protect$(EXEEXT)
 subdir = agent
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = gpg-agent.w32-manifest
+CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
 @HAVE_W32CE_SYSTEM_FALSE@am__EXEEXT_1 =  \
 @HAVE_W32CE_SYSTEM_FALSE@	gpg-preset-passphrase$(EXEEXT)
 @DISABLE_TESTS_FALSE@am__EXEEXT_2 = t-protect$(EXEEXT)
 PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+am__gpg_agent_SOURCES_DIST = gpg-agent.c agent.h command.c \
+	command-ssh.c call-pinentry.c cache.c trans.c findkey.c \
+	sexp-secret.c pksign.c pkdecrypt.c genkey.c protect.c \
+	trustlist.c divert-scd.c cvt-openpgp.c cvt-openpgp.h \
+	call-scd.c call-daemon.c divert-tpm2.c call-tpm2d.c \
+	learncard.c
+@HAVE_LIBTSS_TRUE@am__objects_1 = gpg_agent-divert-tpm2.$(OBJEXT) \
+@HAVE_LIBTSS_TRUE@	gpg_agent-call-tpm2d.$(OBJEXT)
 am_gpg_agent_OBJECTS = gpg_agent-gpg-agent.$(OBJEXT) \
 	gpg_agent-command.$(OBJEXT) gpg_agent-command-ssh.$(OBJEXT) \
 	gpg_agent-call-pinentry.$(OBJEXT) gpg_agent-cache.$(OBJEXT) \
 	gpg_agent-trans.$(OBJEXT) gpg_agent-findkey.$(OBJEXT) \
-	gpg_agent-pksign.$(OBJEXT) gpg_agent-pkdecrypt.$(OBJEXT) \
-	gpg_agent-genkey.$(OBJEXT) gpg_agent-protect.$(OBJEXT) \
-	gpg_agent-trustlist.$(OBJEXT) gpg_agent-divert-scd.$(OBJEXT) \
-	gpg_agent-cvt-openpgp.$(OBJEXT) gpg_agent-call-scd.$(OBJEXT) \
-	gpg_agent-learncard.$(OBJEXT)
+	gpg_agent-sexp-secret.$(OBJEXT) gpg_agent-pksign.$(OBJEXT) \
+	gpg_agent-pkdecrypt.$(OBJEXT) gpg_agent-genkey.$(OBJEXT) \
+	gpg_agent-protect.$(OBJEXT) gpg_agent-trustlist.$(OBJEXT) \
+	gpg_agent-divert-scd.$(OBJEXT) gpg_agent-cvt-openpgp.$(OBJEXT) \
+	gpg_agent-call-scd.$(OBJEXT) gpg_agent-call-daemon.$(OBJEXT) \
+	$(am__objects_1) gpg_agent-learncard.$(OBJEXT)
 gpg_agent_OBJECTS = $(am_gpg_agent_OBJECTS)
 am__DEPENDENCIES_1 =
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpg-agent-w32info.o
 gpg_agent_LINK = $(CCLD) $(gpg_agent_CFLAGS) $(CFLAGS) \
 	$(gpg_agent_LDFLAGS) $(LDFLAGS) -o $@
 am_gpg_preset_passphrase_OBJECTS = preset-passphrase.$(OBJEXT)
 gpg_preset_passphrase_OBJECTS = $(am_gpg_preset_passphrase_OBJECTS)
-@HAVE_W32CE_SYSTEM_FALSE@am__DEPENDENCIES_3 =  \
+@HAVE_W32CE_SYSTEM_FALSE@am__DEPENDENCIES_2 =  \
 @HAVE_W32CE_SYSTEM_FALSE@	../common/libsimple-pwquery.a
-gpg_preset_passphrase_DEPENDENCIES = $(am__DEPENDENCIES_3) \
+gpg_preset_passphrase_DEPENDENCIES = $(am__DEPENDENCIES_2) \
 	$(common_libs) $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 am_gpg_protect_tool_OBJECTS = gpg_protect_tool-protect-tool.$(OBJEXT) \
+	gpg_protect_tool-sexp-secret.$(OBJEXT) \
 	gpg_protect_tool-protect.$(OBJEXT) \
 	gpg_protect_tool-cvt-openpgp.$(OBJEXT)
 gpg_protect_tool_OBJECTS = $(am_gpg_protect_tool_OBJECTS)
@@ -209,10 +218,10 @@ gpg_protect_tool_LINK = $(CCLD) $(gpg_protect_tool_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 am_t_protect_OBJECTS = t-protect.$(OBJEXT) protect.$(OBJEXT)
 t_protect_OBJECTS = $(am_t_protect_OBJECTS)
-am__DEPENDENCIES_4 = $(common_libs) $(am__DEPENDENCIES_1) \
+am__DEPENDENCIES_3 = $(common_libs) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-t_protect_DEPENDENCIES = $(am__DEPENDENCIES_4)
+t_protect_DEPENDENCIES = $(am__DEPENDENCIES_3)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -229,12 +238,15 @@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
 am__depfiles_remade = ./$(DEPDIR)/gpg_agent-cache.Po \
+	./$(DEPDIR)/gpg_agent-call-daemon.Po \
 	./$(DEPDIR)/gpg_agent-call-pinentry.Po \
 	./$(DEPDIR)/gpg_agent-call-scd.Po \
+	./$(DEPDIR)/gpg_agent-call-tpm2d.Po \
 	./$(DEPDIR)/gpg_agent-command-ssh.Po \
 	./$(DEPDIR)/gpg_agent-command.Po \
 	./$(DEPDIR)/gpg_agent-cvt-openpgp.Po \
 	./$(DEPDIR)/gpg_agent-divert-scd.Po \
+	./$(DEPDIR)/gpg_agent-divert-tpm2.Po \
 	./$(DEPDIR)/gpg_agent-findkey.Po \
 	./$(DEPDIR)/gpg_agent-genkey.Po \
 	./$(DEPDIR)/gpg_agent-gpg-agent.Po \
@@ -242,11 +254,13 @@ am__depfiles_remade = ./$(DEPDIR)/gpg_agent-cache.Po \
 	./$(DEPDIR)/gpg_agent-pkdecrypt.Po \
 	./$(DEPDIR)/gpg_agent-pksign.Po \
 	./$(DEPDIR)/gpg_agent-protect.Po \
+	./$(DEPDIR)/gpg_agent-sexp-secret.Po \
 	./$(DEPDIR)/gpg_agent-trans.Po \
 	./$(DEPDIR)/gpg_agent-trustlist.Po \
 	./$(DEPDIR)/gpg_protect_tool-cvt-openpgp.Po \
 	./$(DEPDIR)/gpg_protect_tool-protect-tool.Po \
 	./$(DEPDIR)/gpg_protect_tool-protect.Po \
+	./$(DEPDIR)/gpg_protect_tool-sexp-secret.Po \
 	./$(DEPDIR)/preset-passphrase.Po ./$(DEPDIR)/protect.Po \
 	./$(DEPDIR)/t-protect.Po
 am__mv = mv -f
@@ -268,8 +282,9 @@ am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(gpg_agent_SOURCES) $(gpg_preset_passphrase_SOURCES) \
 	$(gpg_protect_tool_SOURCES) $(t_protect_SOURCES)
-DIST_SOURCES = $(gpg_agent_SOURCES) $(gpg_preset_passphrase_SOURCES) \
-	$(gpg_protect_tool_SOURCES) $(t_protect_SOURCES)
+DIST_SOURCES = $(am__gpg_agent_SOURCES_DIST) \
+	$(gpg_preset_passphrase_SOURCES) $(gpg_protect_tool_SOURCES) \
+	$(t_protect_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -316,9 +331,8 @@ am__tty_colors = { \
     std=''; \
   fi; \
 }
-am__DIST_COMMON = $(srcdir)/Makefile.in \
-	$(srcdir)/gpg-agent.w32-manifest.in \
-	$(top_srcdir)/am/cmacros.am $(top_srcdir)/build-aux/depcomp \
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
+	$(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
@@ -360,9 +374,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -371,6 +387,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -398,9 +415,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -437,13 +455,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -506,16 +527,14 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = ChangeLog-2011 \
-             gpg-agent-w32info.rc gpg-agent.w32-manifest.in \
-             all-tests.scm
-
+EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc all-tests.scm
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_2) \
 	$(am__append_3) $(am__append_4) $(am__append_5) \
-	$(am__append_6) $(am__append_7) $(am__append_8)
+	$(am__append_6) $(am__append_7) $(am__append_8) \
+	$(am__append_9)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -526,16 +545,16 @@ AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_2) \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_10)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
 libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
-@HAVE_W32_SYSTEM_FALSE@gpg_agent_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpg_agent_robjs = $(resource_objs) gpg-agent-w32info.o
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+@HAVE_LIBTSS_FALSE@tpm2_sources = 
+@HAVE_LIBTSS_TRUE@tpm2_sources = divert-tpm2.c call-tpm2d.c
 gpg_agent_SOURCES = \
 	gpg-agent.c agent.h \
 	command.c command-ssh.c \
@@ -543,6 +562,7 @@ gpg_agent_SOURCES = \
 	cache.c \
 	trans.c \
 	findkey.c \
+	sexp-secret.c \
 	pksign.c \
 	pkdecrypt.c \
 	genkey.c \
@@ -551,6 +571,8 @@ gpg_agent_SOURCES = \
 	divert-scd.c \
 	cvt-openpgp.c cvt-openpgp.h \
 	call-scd.c \
+	call-daemon.c \
+	$(tpm2_sources) \
 	learncard.c
 
 common_libs = $(libcommon)
@@ -563,12 +585,13 @@ gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
 gpg_agent_LDADD = $(commonpth_libs) \
                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
 	        $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
-		$(gpg_agent_robjs)
+		$(resource_objs)
 
 gpg_agent_LDFLAGS = $(extra_bin_ldflags)
-gpg_agent_DEPENDENCIES = $(gpg_agent_robjs)
+gpg_agent_DEPENDENCIES = $(resource_objs)
 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
+	sexp-secret.c \
 	protect.c cvt-openpgp.c
 
 gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
@@ -625,8 +648,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-gpg-agent.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-agent.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
@@ -738,12 +759,15 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-cache.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-daemon.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-pinentry.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-scd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-tpm2d.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command-ssh.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-cvt-openpgp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-divert-scd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-divert-tpm2.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-findkey.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-genkey.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-gpg-agent.Po@am__quote@ # am--include-marker
@@ -751,11 +775,13 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-pkdecrypt.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-pksign.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-protect.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-sexp-secret.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trans.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trustlist.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-cvt-openpgp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect-tool.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-sexp-secret.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preset-passphrase.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protect.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-protect.Po@am__quote@ # am--include-marker
@@ -878,6 +904,20 @@ gpg_agent-findkey.obj: findkey.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-findkey.obj `if test -f 'findkey.c'; then $(CYGPATH_W) 'findkey.c'; else $(CYGPATH_W) '$(srcdir)/findkey.c'; fi`
 
+gpg_agent-sexp-secret.o: sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-sexp-secret.o -MD -MP -MF $(DEPDIR)/gpg_agent-sexp-secret.Tpo -c -o gpg_agent-sexp-secret.o `test -f 'sexp-secret.c' || echo '$(srcdir)/'`sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-sexp-secret.Tpo $(DEPDIR)/gpg_agent-sexp-secret.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sexp-secret.c' object='gpg_agent-sexp-secret.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-sexp-secret.o `test -f 'sexp-secret.c' || echo '$(srcdir)/'`sexp-secret.c
+
+gpg_agent-sexp-secret.obj: sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-sexp-secret.obj -MD -MP -MF $(DEPDIR)/gpg_agent-sexp-secret.Tpo -c -o gpg_agent-sexp-secret.obj `if test -f 'sexp-secret.c'; then $(CYGPATH_W) 'sexp-secret.c'; else $(CYGPATH_W) '$(srcdir)/sexp-secret.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-sexp-secret.Tpo $(DEPDIR)/gpg_agent-sexp-secret.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sexp-secret.c' object='gpg_agent-sexp-secret.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-sexp-secret.obj `if test -f 'sexp-secret.c'; then $(CYGPATH_W) 'sexp-secret.c'; else $(CYGPATH_W) '$(srcdir)/sexp-secret.c'; fi`
+
 gpg_agent-pksign.o: pksign.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-pksign.o -MD -MP -MF $(DEPDIR)/gpg_agent-pksign.Tpo -c -o gpg_agent-pksign.o `test -f 'pksign.c' || echo '$(srcdir)/'`pksign.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-pksign.Tpo $(DEPDIR)/gpg_agent-pksign.Po
@@ -990,6 +1030,48 @@ gpg_agent-call-scd.obj: call-scd.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-scd.obj `if test -f 'call-scd.c'; then $(CYGPATH_W) 'call-scd.c'; else $(CYGPATH_W) '$(srcdir)/call-scd.c'; fi`
 
+gpg_agent-call-daemon.o: call-daemon.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-daemon.o -MD -MP -MF $(DEPDIR)/gpg_agent-call-daemon.Tpo -c -o gpg_agent-call-daemon.o `test -f 'call-daemon.c' || echo '$(srcdir)/'`call-daemon.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-call-daemon.Tpo $(DEPDIR)/gpg_agent-call-daemon.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='call-daemon.c' object='gpg_agent-call-daemon.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-daemon.o `test -f 'call-daemon.c' || echo '$(srcdir)/'`call-daemon.c
+
+gpg_agent-call-daemon.obj: call-daemon.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-daemon.obj -MD -MP -MF $(DEPDIR)/gpg_agent-call-daemon.Tpo -c -o gpg_agent-call-daemon.obj `if test -f 'call-daemon.c'; then $(CYGPATH_W) 'call-daemon.c'; else $(CYGPATH_W) '$(srcdir)/call-daemon.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-call-daemon.Tpo $(DEPDIR)/gpg_agent-call-daemon.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='call-daemon.c' object='gpg_agent-call-daemon.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-daemon.obj `if test -f 'call-daemon.c'; then $(CYGPATH_W) 'call-daemon.c'; else $(CYGPATH_W) '$(srcdir)/call-daemon.c'; fi`
+
+gpg_agent-divert-tpm2.o: divert-tpm2.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-divert-tpm2.o -MD -MP -MF $(DEPDIR)/gpg_agent-divert-tpm2.Tpo -c -o gpg_agent-divert-tpm2.o `test -f 'divert-tpm2.c' || echo '$(srcdir)/'`divert-tpm2.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-divert-tpm2.Tpo $(DEPDIR)/gpg_agent-divert-tpm2.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='divert-tpm2.c' object='gpg_agent-divert-tpm2.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-divert-tpm2.o `test -f 'divert-tpm2.c' || echo '$(srcdir)/'`divert-tpm2.c
+
+gpg_agent-divert-tpm2.obj: divert-tpm2.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-divert-tpm2.obj -MD -MP -MF $(DEPDIR)/gpg_agent-divert-tpm2.Tpo -c -o gpg_agent-divert-tpm2.obj `if test -f 'divert-tpm2.c'; then $(CYGPATH_W) 'divert-tpm2.c'; else $(CYGPATH_W) '$(srcdir)/divert-tpm2.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-divert-tpm2.Tpo $(DEPDIR)/gpg_agent-divert-tpm2.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='divert-tpm2.c' object='gpg_agent-divert-tpm2.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-divert-tpm2.obj `if test -f 'divert-tpm2.c'; then $(CYGPATH_W) 'divert-tpm2.c'; else $(CYGPATH_W) '$(srcdir)/divert-tpm2.c'; fi`
+
+gpg_agent-call-tpm2d.o: call-tpm2d.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-tpm2d.o -MD -MP -MF $(DEPDIR)/gpg_agent-call-tpm2d.Tpo -c -o gpg_agent-call-tpm2d.o `test -f 'call-tpm2d.c' || echo '$(srcdir)/'`call-tpm2d.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-call-tpm2d.Tpo $(DEPDIR)/gpg_agent-call-tpm2d.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='call-tpm2d.c' object='gpg_agent-call-tpm2d.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-tpm2d.o `test -f 'call-tpm2d.c' || echo '$(srcdir)/'`call-tpm2d.c
+
+gpg_agent-call-tpm2d.obj: call-tpm2d.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-tpm2d.obj -MD -MP -MF $(DEPDIR)/gpg_agent-call-tpm2d.Tpo -c -o gpg_agent-call-tpm2d.obj `if test -f 'call-tpm2d.c'; then $(CYGPATH_W) 'call-tpm2d.c'; else $(CYGPATH_W) '$(srcdir)/call-tpm2d.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-call-tpm2d.Tpo $(DEPDIR)/gpg_agent-call-tpm2d.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='call-tpm2d.c' object='gpg_agent-call-tpm2d.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-tpm2d.obj `if test -f 'call-tpm2d.c'; then $(CYGPATH_W) 'call-tpm2d.c'; else $(CYGPATH_W) '$(srcdir)/call-tpm2d.c'; fi`
+
 gpg_agent-learncard.o: learncard.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-learncard.o -MD -MP -MF $(DEPDIR)/gpg_agent-learncard.Tpo -c -o gpg_agent-learncard.o `test -f 'learncard.c' || echo '$(srcdir)/'`learncard.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-learncard.Tpo $(DEPDIR)/gpg_agent-learncard.Po
@@ -1018,6 +1100,20 @@ gpg_protect_tool-protect-tool.obj: protect-tool.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect-tool.obj `if test -f 'protect-tool.c'; then $(CYGPATH_W) 'protect-tool.c'; else $(CYGPATH_W) '$(srcdir)/protect-tool.c'; fi`
 
+gpg_protect_tool-sexp-secret.o: sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-sexp-secret.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-sexp-secret.Tpo -c -o gpg_protect_tool-sexp-secret.o `test -f 'sexp-secret.c' || echo '$(srcdir)/'`sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_protect_tool-sexp-secret.Tpo $(DEPDIR)/gpg_protect_tool-sexp-secret.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sexp-secret.c' object='gpg_protect_tool-sexp-secret.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-sexp-secret.o `test -f 'sexp-secret.c' || echo '$(srcdir)/'`sexp-secret.c
+
+gpg_protect_tool-sexp-secret.obj: sexp-secret.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-sexp-secret.obj -MD -MP -MF $(DEPDIR)/gpg_protect_tool-sexp-secret.Tpo -c -o gpg_protect_tool-sexp-secret.obj `if test -f 'sexp-secret.c'; then $(CYGPATH_W) 'sexp-secret.c'; else $(CYGPATH_W) '$(srcdir)/sexp-secret.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_protect_tool-sexp-secret.Tpo $(DEPDIR)/gpg_protect_tool-sexp-secret.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sexp-secret.c' object='gpg_protect_tool-sexp-secret.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-sexp-secret.obj `if test -f 'sexp-secret.c'; then $(CYGPATH_W) 'sexp-secret.c'; else $(CYGPATH_W) '$(srcdir)/sexp-secret.c'; fi`
+
 gpg_protect_tool-protect.o: protect.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-protect.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-protect.Tpo -c -o gpg_protect_tool-protect.o `test -f 'protect.c' || echo '$(srcdir)/'`protect.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_protect_tool-protect.Tpo $(DEPDIR)/gpg_protect_tool-protect.Po
@@ -1269,12 +1365,15 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
 
 distclean: distclean-am
 		-rm -f ./$(DEPDIR)/gpg_agent-cache.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-call-daemon.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-call-pinentry.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-call-scd.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-call-tpm2d.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-command-ssh.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-command.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-cvt-openpgp.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-divert-scd.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-divert-tpm2.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-findkey.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-genkey.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-gpg-agent.Po
@@ -1282,11 +1381,13 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/gpg_agent-pkdecrypt.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-pksign.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-protect.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-sexp-secret.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-trans.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-trustlist.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-cvt-openpgp.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-protect-tool.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-protect.Po
+	-rm -f ./$(DEPDIR)/gpg_protect_tool-sexp-secret.Po
 	-rm -f ./$(DEPDIR)/preset-passphrase.Po
 	-rm -f ./$(DEPDIR)/protect.Po
 	-rm -f ./$(DEPDIR)/t-protect.Po
@@ -1336,12 +1437,15 @@ installcheck-am:
 
 maintainer-clean: maintainer-clean-am
 		-rm -f ./$(DEPDIR)/gpg_agent-cache.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-call-daemon.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-call-pinentry.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-call-scd.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-call-tpm2d.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-command-ssh.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-command.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-cvt-openpgp.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-divert-scd.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-divert-tpm2.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-findkey.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-genkey.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-gpg-agent.Po
@@ -1349,11 +1453,13 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/gpg_agent-pkdecrypt.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-pksign.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-protect.Po
+	-rm -f ./$(DEPDIR)/gpg_agent-sexp-secret.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-trans.Po
 	-rm -f ./$(DEPDIR)/gpg_agent-trustlist.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-cvt-openpgp.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-protect-tool.Po
 	-rm -f ./$(DEPDIR)/gpg_protect_tool-protect.Po
+	-rm -f ./$(DEPDIR)/gpg_protect_tool-sexp-secret.Po
 	-rm -f ./$(DEPDIR)/preset-passphrase.Po
 	-rm -f ./$(DEPDIR)/protect.Po
 	-rm -f ./$(DEPDIR)/t-protect.Po
@@ -1397,7 +1503,6 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS
 
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
-@HAVE_W32_SYSTEM_TRUE@gpg-agent-w32info.o : gpg-agent.w32-manifest
 
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
diff --git a/agent/agent.h b/agent/agent.h
index 56e13ec..064b7be 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -29,6 +29,7 @@
 #define map_assuan_err(a) \
         map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
 #include <errno.h>
+#include <assuan.h>
 
 #include <gcrypt.h>
 #include "../common/util.h"
@@ -36,7 +37,6 @@
 #include "../common/sysutils.h" /* (gnupg_fd_t) */
 #include "../common/session-env.h"
 #include "../common/shareddefs.h"
-#include "../common/name-value.h"
 
 /* To convey some special hash algorithms we use algorithm numbers
    reserved for application use. */
@@ -49,11 +49,19 @@
 #define MAX_DIGEST_LEN 64
 
 /* The maximum length of a passphrase (in bytes).  Note: this is
-   further contrained by the Assuan line length (and any other text on
+   further constrained by the Assuan line length (and any other text on
    the same line).  However, the Assuan line length is 1k bytes so
    this shouldn't be a problem in practice.  */
 #define MAX_PASSPHRASE_LEN 255
 
+/* The daemons we support.  When you add a new daemon, add to
+   both the daemon_type and the daemon_modules array in call-daemon.c */
+enum daemon_type
+  {
+   DAEMON_SCD,
+   DAEMON_TPM2D,
+   DAEMON_MAX_TYPE
+  };
 
 /* A large struct name "opt" to keep global flags */
 EXTERN_UNLESS_MAIN_MODULE
@@ -80,10 +88,10 @@ struct
   /* Filename of the program to start as pinentry.  */
   const char *pinentry_program;
 
-  /* Filename of the program to handle smartcard tasks.  */
-  const char *scdaemon_program;
+  /* Filename of the program to handle daemon tasks.  */
+  const char *daemon_program[DAEMON_MAX_TYPE];
 
-  int disable_scdaemon;         /* Never use the SCdaemon. */
+  int disable_daemon[DAEMON_MAX_TYPE];         /* Never use the daemon. */
 
   int no_grab;         /* Don't let the pinentry grab the keyboard */
 
@@ -100,9 +108,6 @@ struct
      upon this timeout value.  */
   unsigned long pinentry_timeout;
 
-  /* If set, then passphrase formatting is enabled in pinentry.  */
-  int pinentry_formatted_passphrase;
-
   /* The default and maximum TTL of cache entries. */
   unsigned long def_cache_ttl;     /* Default. */
   unsigned long def_cache_ttl_ssh; /* for SSH. */
@@ -118,11 +123,8 @@ struct
   /* The minimum number of non-alpha characters in a passphrase.  */
   unsigned int min_passphrase_nonalpha;
 
-  /* File name with a patternfile or NULL if not enabled.  If the
-   * second one is set, it is used for symmetric only encryption
-   * instead of the former. */
+  /* File name with a patternfile or NULL if not enabled.  */
   const char *check_passphrase_pattern;
-  const char *check_sym_passphrase_pattern;
 
   /* If not 0 the user is asked to change his passphrase after these
      number of days.  */
@@ -149,13 +151,6 @@ struct
      interactively mark certificate in trustlist.txt as trusted. */
   int allow_mark_trusted;
 
-  /* Only use the system trustlist.  */
-  int no_user_trustlist;
-
-  /* The standard system trustlist is SYSCONFDIR/trustlist.txt.  This
-   * option can be used to change the name.  */
-  const char *sys_trustlist_name;
-
   /* If this global option is true, the Assuan command
      PRESET_PASSPHRASE is allowed.  */
   int allow_preset_passphrase;
@@ -221,7 +216,7 @@ struct ssh_control_file_s;
 typedef struct ssh_control_file_s *ssh_control_file_t;
 
 /* Forward reference for local definitions in call-scd.c.  */
-struct scd_local_s;
+struct daemon_local_s;
 
 /* Collection of data per session (aka connection). */
 struct server_control_s
@@ -241,14 +236,15 @@ struct server_control_s
   /* Private data of the server (command.c). */
   struct server_local_s *server_local;
 
-  /* Private data of the SCdaemon (call-scd.c). */
-  struct scd_local_s *scd_local;
+  /* Private data of the daemon (call-XXX.c). */
+  struct daemon_local_s *d_local[DAEMON_MAX_TYPE];
 
   /* Environment settings for the connection.  */
   session_env_t session_env;
   char *lc_ctype;
   char *lc_messages;
   unsigned long client_pid;
+  int client_uid;
 
   /* The current pinentry mode.  */
   pinentry_mode_t pinentry_mode;
@@ -258,10 +254,15 @@ struct server_control_s
 
   /* Information on the currently used digest (for signing commands).  */
   struct {
+    char *data;    /* NULL or malloced data of length VALUELEN.  If
+                      this is set the other fields are ignored.  Used
+                      for PureEdDSA and RSA with PSS (in which case
+                      data_is_pss is also set).  */
+    int valuelen;
     int algo;
     unsigned char value[MAX_DIGEST_LEN];
-    int valuelen;
-    int raw_value: 1;
+    unsigned int raw_value: 1;
+    unsigned int is_pss: 1;    /* DATA holds PSS formated data.  */
   } digest;
   unsigned char keygrip[20];
   int have_keygrip;
@@ -289,8 +290,7 @@ enum
   {
     PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
     PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
-    PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9,
-    PINENTRY_STATUS_PASSWORD_GENERATED = 1 << 10
+    PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9
   };
 
 /* Information pertaining to pinentry requests.  */
@@ -299,7 +299,6 @@ struct pin_entry_info_s
   int min_digits; /* min. number of digits required or 0 for freeform entry */
   int max_digits; /* max. number of allowed digits allowed*/
   int max_tries;  /* max. number of allowed tries.  */
-  unsigned int constraints_flags;  /* CHECK_CONSTRAINTS_... */
   int failed_tries; /* Number of tries so far failed.  */
   int with_qualitybar; /* Set if the quality bar should be displayed.  */
   int with_repeat;  /* Request repetition of the passphrase.  */
@@ -333,11 +332,13 @@ enum
 typedef enum
   {
     CACHE_MODE_IGNORE = 0, /* Special mode to bypass the cache. */
-    CACHE_MODE_ANY,        /* Any mode except ignore matches. */
+    CACHE_MODE_ANY,        /* Any mode except ignore and data matches. */
     CACHE_MODE_NORMAL,     /* Normal cache (gpg-agent). */
     CACHE_MODE_USER,       /* GET_PASSPHRASE related cache. */
     CACHE_MODE_SSH,        /* SSH related cache. */
-    CACHE_MODE_NONCE       /* This is a non-predictable nonce.  */
+    CACHE_MODE_NONCE,      /* This is a non-predictable nonce.  */
+    CACHE_MODE_PIN,        /* PINs stored/retrieved by scdaemon.  */
+    CACHE_MODE_DATA        /* Arbitrary data.  */
   }
 cache_mode_t;
 
@@ -376,6 +377,15 @@ typedef int (*lookup_ttl_t)(const char *hexgrip);
 #endif
 
 
+/* Information from scdaemon for card keys.  */
+struct card_key_info_s
+{
+  struct card_key_info_s *next;
+  char keygrip[41];
+  char *serialno;
+  char *idstr;
+};
+
 /*-- gpg-agent.c --*/
 void agent_exit (int rc)
                 GPGRT_ATTR_NORETURN; /* Also implemented in other tools */
@@ -387,7 +397,7 @@ const char *get_agent_socket_name (void);
 const char *get_agent_ssh_socket_name (void);
 int get_agent_active_connection_count (void);
 #ifdef HAVE_W32_SYSTEM
-void *get_agent_scd_notify_event (void);
+void *get_agent_daemon_notify_event (void);
 #endif
 void agent_sighup_action (void);
 int map_pk_openpgp_to_gcry (int openpgp_algo);
@@ -404,8 +414,11 @@ void bump_key_eventcounter (void);
 void bump_card_eventcounter (void);
 void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
 gpg_error_t pinentry_loopback (ctrl_t, const char *keyword,
-	                       unsigned char **buffer, size_t *size,
-			       size_t max_length);
+                               unsigned char **buffer, size_t *size,
+                               size_t max_length);
+gpg_error_t pinentry_loopback_confirm (ctrl_t ctrl, const char *desc,
+                                       int ask_confirmation,
+                                       const char *ok, const char *notok);
 
 #ifdef HAVE_W32_SYSTEM
 int serve_mmapped_ssh_request (ctrl_t ctrl,
@@ -430,9 +443,8 @@ gpg_error_t agent_modify_description (const char *in, const char *comment,
                                       const gcry_sexp_t key, char **result);
 int agent_write_private_key (const unsigned char *grip,
                              const void *buffer, size_t length, int force,
-                             time_t timestamp,
                              const char *serialno, const char *keyref,
-                             const char *dispserialno);
+                             time_t timestamp);
 gpg_error_t agent_key_from_file (ctrl_t ctrl,
                                  const char *cache_nonce,
                                  const char *desc_text,
@@ -444,17 +456,16 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl,
                                  char **r_passphrase);
 gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
                                      gcry_sexp_t *result);
-gpg_error_t agent_keymeta_from_file (ctrl_t ctrl, const unsigned char *grip,
-                                     nvc_t *r_keymeta);
 gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
                                         const unsigned char *grip,
                                         gcry_sexp_t *result);
-int agent_is_dsa_key (gcry_sexp_t s_key);
-int agent_is_eddsa_key (gcry_sexp_t s_key);
+int agent_pk_get_algo (gcry_sexp_t s_key);
+int agent_is_tpm2_key(gcry_sexp_t s_key);
 int agent_key_available (const unsigned char *grip);
 gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
                                       int *r_keytype,
-                                      unsigned char **r_shadow_info);
+                                      unsigned char **r_shadow_info,
+                                      unsigned char **r_shadow_info_type);
 gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
                               const unsigned char *grip,
                               int force, int only_stubs);
@@ -487,7 +498,7 @@ int agent_clear_passphrase (ctrl_t ctrl,
 void initialize_module_cache (void);
 void deinitialize_module_cache (void);
 void agent_cache_housekeeping (void);
-void agent_flush_cache (void);
+void agent_flush_cache (int pincache_only);
 int agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode,
                      const char *data, int ttl);
 char *agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode);
@@ -505,16 +516,12 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
                           membuf_t *outbuf, cache_mode_t cache_mode);
 
 /*-- pkdecrypt.c --*/
-int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
-                     const unsigned char *ciphertext, size_t ciphertextlen,
-                     membuf_t *outbuf, int *r_padding);
+gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+                             const unsigned char *ciphertext, size_t ciphertextlen,
+                             membuf_t *outbuf, int *r_padding);
 
 /*-- genkey.c --*/
-#define CHECK_CONSTRAINTS_NOT_EMPTY  1
-#define CHECK_CONSTRAINTS_NEW_SYMKEY 2
-
-int check_passphrase_constraints (ctrl_t ctrl, const char *pw,
-                                  unsigned int flags,
+int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty,
 				  char **failed_constraint);
 gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
                                       char **r_passphrase);
@@ -543,8 +550,15 @@ unsigned char *make_shadow_info (const char *serialno, const char *idstring);
 int agent_shadow_key (const unsigned char *pubkey,
                       const unsigned char *shadow_info,
                       unsigned char **result);
+int agent_shadow_key_type (const unsigned char *pubkey,
+                           const unsigned char *shadow_info,
+                           const unsigned char *type,
+                           unsigned char **result);
 gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey,
                                    unsigned char const **shadow_info);
+gpg_error_t agent_get_shadow_info_type (const unsigned char *shadowkey,
+                                        unsigned char const **shadow_info,
+                                        unsigned char **shadow_type);
 gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
                                char **r_hexsn, char **r_idstr, int *r_pinlen);
 gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
@@ -552,11 +566,9 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
                                  const unsigned char *s2ksalt,
                                  unsigned int s2kcount,
                                  unsigned char *key, size_t keylen);
-gpg_error_t agent_write_shadow_key (int maybe_update,
-                                    const unsigned char *grip,
+gpg_error_t agent_write_shadow_key (const unsigned char *grip,
                                     const char *serialno, const char *keyid,
-                                    const unsigned char *pkbuf, int force,
-                                    const char *dispserialno);
+                                    const unsigned char *pkbuf, int force);
 
 
 /*-- trustlist.c --*/
@@ -567,30 +579,92 @@ gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name,
                                const char *fpr, int flag);
 void agent_reload_trustlist (void);
 
+/*-- divert-tpm2.c --*/
+#ifdef HAVE_LIBTSS
+int divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
+                        const unsigned char *digest, size_t digestlen, int algo,
+                        const unsigned char *shadow_info, unsigned char **r_sig,
+                        size_t *r_siglen);
+int divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+                           const unsigned char *cipher,
+                           const unsigned char *shadow_info,
+                           char **r_buf, size_t *r_len, int *r_padding);
+int divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
+                          gcry_sexp_t s_skey);
+#else /*!HAVE_LIBTSS*/
+static inline int
+divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
+                    const unsigned char *digest,
+                    size_t digestlen, int algo,
+                    const unsigned char *shadow_info,
+                    unsigned char **r_sig,
+                    size_t *r_siglen)
+{
+  (void)ctrl; (void)desc_text; (void)digest; (void)digestlen;
+  (void)algo; (void)shadow_info; (void)r_sig; (void)r_siglen;
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+static inline int
+divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+                       const unsigned char *cipher,
+                       const unsigned char *shadow_info,
+                       char **r_buf, size_t *r_len,
+                       int *r_padding)
+{
+  (void)ctrl; (void)desc_text; (void)cipher; (void)shadow_info;
+  (void)r_buf; (void)r_len; (void)r_padding;
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+static inline int
+divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
+                      gcry_sexp_t s_skey)
+{
+  (void)ctrl; (void)grip; (void)s_skey;
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+#endif /*!HAVE_LIBTSS*/
+
+
 
 /*-- divert-scd.c --*/
 int divert_pksign (ctrl_t ctrl, const char *desc_text,
-                   const unsigned char *digest, size_t digestlen, int algo,
                    const unsigned char *grip,
+                   const unsigned char *digest, size_t digestlen, int algo,
                    const unsigned char *shadow_info, unsigned char **r_sig,
                    size_t *r_siglen);
 int divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
-                      const unsigned char *cipher,
                       const unsigned char *grip,
+                      const unsigned char *cipher,
                       const unsigned char *shadow_info,
                       char **r_buf, size_t *r_len, int *r_padding);
 int divert_generic_cmd (ctrl_t ctrl,
                         const char *cmdline, void *assuan_context);
-int divert_writekey (ctrl_t ctrl, int force, const char *serialno,
-                     const char *id, const char *keydata, size_t keydatalen);
-
+gpg_error_t divert_writekey (ctrl_t ctrl, int force, const char *serialno,
+                             const char *keyref,
+                             const char *keydata, size_t keydatalen);
+
+/*-- call-daemon.c --*/
+gpg_error_t daemon_start (enum daemon_type type, ctrl_t ctrl);
+assuan_context_t daemon_type_ctx (enum daemon_type type, ctrl_t ctrl);
+gpg_error_t daemon_unlock (enum daemon_type type, ctrl_t ctrl, gpg_error_t rc);
+void initialize_module_daemon (void);
+void agent_daemon_dump_state (void);
+int agent_daemon_check_running (enum daemon_type type);
+void agent_daemon_check_aliveness (void);
+void agent_reset_daemon (ctrl_t ctrl);
+void agent_kill_daemon (enum daemon_type type);
+
+/*-- call-tpm2d.c --*/
+int agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
+			  gcry_sexp_t s_skey);
+int agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
+			size_t digestlen, const unsigned char *shadow_info,
+			unsigned char **r_sig, size_t *r_siglen);
+int agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
+			   size_t cipherlen, const unsigned char *shadow_info,
+			   char **r_buf, size_t *r_len);
 
 /*-- call-scd.c --*/
-void initialize_module_call_scd (void);
-void agent_scd_dump_state (void);
-int agent_scd_check_running (void);
-void agent_scd_check_aliveness (void);
-int agent_reset_scd (ctrl_t ctrl);
 int agent_card_learn (ctrl_t ctrl,
                       void (*kpinfo_cb)(void*, const char *),
                       void *kpinfo_cb_arg,
@@ -619,20 +693,24 @@ int agent_card_pkdecrypt (ctrl_t ctrl,
                           char **r_buf, size_t *r_buflen, int *r_padding);
 int agent_card_readcert (ctrl_t ctrl,
                          const char *id, char **r_buf, size_t *r_buflen);
-int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
-int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
-                         const char *id, const char *keydata,
-                         size_t keydatalen,
-                         int (*getpin_cb)(void *, const char *,
-                                          const char *, char*, size_t),
-                         void *getpin_cb_arg);
-gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
-gpg_error_t agent_card_cardlist (ctrl_t ctrl, strlist_t *result);
+int agent_card_readkey (ctrl_t ctrl, const char *id,
+                        unsigned char **r_buf, char **r_keyref);
+gpg_error_t agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
+                                 const char *keyref,
+                                 const char *keydata, size_t keydatalen,
+                                 int (*getpin_cb)(void *, const char *,
+                                                  const char *, char*, size_t),
+                                 void *getpin_cb_arg);
+gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result,
+                                const char *keygrip);
 int agent_card_scd (ctrl_t ctrl, const char *cmdline,
                     int (*getpin_cb)(void *, const char *,
                                      const char *, char*, size_t),
                     void *getpin_cb_arg, void *assuan_context);
-void agent_card_killscd (void);
+
+void agent_card_free_keyinfo (struct card_key_info_s *l);
+gpg_error_t agent_card_keyinfo (ctrl_t ctrl, const char *keygrip,
+                                int cap, struct card_key_info_s **result);
 
 
 /*-- learncard.c --*/
@@ -647,4 +725,9 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
                      gcry_mpi_t *mpi_array, int arraysize,
                      gcry_sexp_t *r_curve, gcry_sexp_t *r_flags);
 
+/*-- sexp-secret.c --*/
+gpg_error_t fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p);
+gpg_error_t sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
+                                    unsigned char *buf);
+
 #endif /*AGENT_H*/
diff --git a/agent/cache.c b/agent/cache.c
index 238b6e2..7616daf 100644
--- a/agent/cache.c
+++ b/agent/cache.c
@@ -23,11 +23,14 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
-#include <assert.h>
 #include <npth.h>
 
 #include "agent.h"
 
+/* The default TTL for DATA items.  This has no configure
+ * option because it is expected that clients provide a TTL.  */
+#define DEF_CACHE_TTL_DATA  (10 * 60)  /* 10 minutes.  */
+
 /* The size of the encryption key in bytes.  */
 #define ENCRYPTION_KEYSIZE (128/8)
 
@@ -50,11 +53,12 @@ struct secret_data_s {
   char data[1];  /* A string.  */
 };
 
+/* The cache object.  */
 typedef struct cache_item_s *ITEM;
 struct cache_item_s {
   ITEM next;
   time_t created;
-  time_t accessed;
+  time_t accessed;  /* Not updated for CACHE_MODE_DATA */
   int ttl;  /* max. lifetime given in seconds, -1 one means infinite */
   struct secret_data_s *pw;
   cache_mode_t cache_mode;
@@ -200,7 +204,9 @@ housekeeping (void)
   /* First expire the actual data */
   for (r=thecache; r; r = r->next)
     {
-      if (r->pw && r->ttl >= 0 && r->accessed + r->ttl < current)
+      if (r->cache_mode == CACHE_MODE_PIN)
+        ; /* Don't let it expire - scdaemon explicitly flushes them.  */
+      else if (r->pw && r->ttl >= 0 && r->accessed + r->ttl < current)
         {
           if (DBG_CACHE)
             log_debug ("  expired '%s'.%d (%ds after last access)\n",
@@ -211,14 +217,19 @@ housekeeping (void)
         }
     }
 
-  /* Second, make sure that we also remove them based on the created stamp so
-     that the user has to enter it from time to time. */
+  /* Second, make sure that we also remove them based on the created
+   * stamp so that the user has to enter it from time to time.  We
+   * don't do this for data items which are used to storage secrets in
+   * meory and are not user entered passphrases etc.  */
   for (r=thecache; r; r = r->next)
     {
       unsigned long maxttl;
 
       switch (r->cache_mode)
         {
+        case CACHE_MODE_DATA:
+        case CACHE_MODE_PIN:
+          continue;  /* No MAX TTL here.  */
         case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break;
         default: maxttl = opt.max_cache_ttl; break;
         }
@@ -280,13 +291,13 @@ agent_cache_housekeeping (void)
 
 
 void
-agent_flush_cache (void)
+agent_flush_cache (int pincache_only)
 {
   ITEM r;
   int res;
 
   if (DBG_CACHE)
-    log_debug ("agent_flush_cache\n");
+    log_debug ("agent_flush_cache%s\n", pincache_only?" (pincache only)":"");
 
   res = npth_mutex_lock (&cache_lock);
   if (res)
@@ -294,6 +305,8 @@ agent_flush_cache (void)
 
   for (r=thecache; r; r = r->next)
     {
+      if (pincache_only && r->cache_mode != CACHE_MODE_PIN)
+        continue;
       if (r->pw)
         {
           if (DBG_CACHE)
@@ -315,8 +328,11 @@ static int
 cache_mode_equal (cache_mode_t a, cache_mode_t b)
 {
   /* CACHE_MODE_ANY matches any mode other than CACHE_MODE_IGNORE.  */
-  return ((a == CACHE_MODE_ANY && b != CACHE_MODE_IGNORE)
-          || (b == CACHE_MODE_ANY && a != CACHE_MODE_IGNORE) || a == b);
+  return ((a == CACHE_MODE_ANY
+           && !(b == CACHE_MODE_IGNORE || b == CACHE_MODE_DATA))
+          || (b == CACHE_MODE_ANY
+              && !(a == CACHE_MODE_IGNORE || a == CACHE_MODE_DATA))
+          || a == b);
 }
 
 
@@ -349,6 +365,8 @@ agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode,
       switch(cache_mode)
         {
         case CACHE_MODE_SSH: ttl = opt.def_cache_ttl_ssh; break;
+        case CACHE_MODE_DATA: ttl = DEF_CACHE_TTL_DATA; break;
+        case CACHE_MODE_PIN: ttl = -1; break;
         default: ttl = opt.def_cache_ttl; break;
         }
     }
@@ -357,11 +375,24 @@ agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode,
 
   for (r=thecache; r; r = r->next)
     {
-      if (((cache_mode != CACHE_MODE_USER
-            && cache_mode != CACHE_MODE_NONCE)
-           || cache_mode_equal (r->cache_mode, cache_mode))
-          && r->restricted == restricted
-          && !strcmp (r->key, key))
+      if (cache_mode == CACHE_MODE_PIN && data)
+        {
+          /* PIN mode is special because it is only used by scdaemon.  */
+          if (!strcmp (r->key, key))
+            break;
+        }
+      else if (cache_mode == CACHE_MODE_PIN)
+        {
+          /* FIXME: Parse the structure of the key and delete several
+           * cached PINS.  */
+          if (!strcmp (r->key, key))
+            break;
+        }
+      else if (((cache_mode != CACHE_MODE_USER
+                 && cache_mode != CACHE_MODE_NONCE)
+                || cache_mode_equal (r->cache_mode, cache_mode))
+               && r->restricted == restricted
+               && !strcmp (r->key, key))
         break;
     }
   if (r) /* Replace.  */
@@ -415,9 +446,8 @@ agent_put_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode,
 }
 
 
-/* Try to find an item in the cache.  Note that we currently don't
-   make use of CACHE_MODE except for CACHE_MODE_NONCE and
-   CACHE_MODE_USER.  */
+/* Try to find an item in the cache.  Returns NULL if not found or an
+ * malloced string with the value.  */
 char *
 agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode)
 {
@@ -427,6 +457,7 @@ agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode)
   int res;
   int last_stored = 0;
   int restricted = ctrl? ctrl->restricted : -1;
+  int yes;
 
   if (cache_mode == CACHE_MODE_IGNORE)
     return NULL;
@@ -445,21 +476,31 @@ agent_get_cache (ctrl_t ctrl, const char *key, cache_mode_t cache_mode)
 
   if (DBG_CACHE)
     log_debug ("agent_get_cache '%s'.%d (mode %d)%s ...\n",
-               key, ctrl->restricted, cache_mode,
+               key, restricted, cache_mode,
                last_stored? " (stored cache key)":"");
   housekeeping ();
 
   for (r=thecache; r; r = r->next)
     {
-      if (r->pw
-          && ((cache_mode != CACHE_MODE_USER
-               && cache_mode != CACHE_MODE_NONCE)
-              || cache_mode_equal (r->cache_mode, cache_mode))
-          && r->restricted == restricted
-          && !strcmp (r->key, key))
+      if (cache_mode == CACHE_MODE_PIN)
+        yes = (r->pw && !strcmp (r->key, key));
+      else if (r->pw
+               && ((cache_mode != CACHE_MODE_USER
+                    && cache_mode != CACHE_MODE_NONCE)
+                   || cache_mode_equal (r->cache_mode, cache_mode))
+               && r->restricted == restricted
+               && !strcmp (r->key, key))
+        yes = 1;
+      else
+        yes = 0;
+
+      if (yes)
         {
-          /* Note: To avoid races KEY may not be accessed anymore below.  */
-          r->accessed = gnupg_get_time ();
+          /* Note: To avoid races KEY may not be accessed anymore
+           * below.  Note also that we don't update the accessed time
+           * for data items.  */
+          if (r->cache_mode != CACHE_MODE_DATA)
+            r->accessed = gnupg_get_time ();
           if (DBG_CACHE)
             log_debug ("... hit\n");
           if (r->pw->totallen < 32)
diff --git a/agent/call-daemon.c b/agent/call-daemon.c
new file mode 100644
index 0000000..1444008
--- /dev/null
+++ b/agent/call-daemon.c
@@ -0,0 +1,684 @@
+/* call-daemon - Common code for the call-XXX.c modules
+ * Copyright (C) 2001, 2002, 2005, 2007, 2010,
+ *               2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#ifdef HAVE_SIGNAL_H
+# include <signal.h>
+#endif
+#include <sys/stat.h>
+#include <sys/types.h>
+#ifndef HAVE_W32_SYSTEM
+#include <sys/wait.h>
+#endif
+#include <npth.h>
+
+#include "agent.h"
+#include <assuan.h>
+#include "../common/strlist.h"
+
+/* Daemon type to module mapping.  Make sure that they are added in the
+ * same order as given by the daemon_type enum.  */
+static const int daemon_modules[DAEMON_MAX_TYPE] =
+  {
+    GNUPG_MODULE_NAME_SCDAEMON,
+    GNUPG_MODULE_NAME_TPM2DAEMON
+  };
+
+/* Definition of module local data of the CTRL structure.  */
+struct daemon_local_s
+{
+  /* We keep a list of all allocated context with an anchor at
+     DAEMON_LOCAL_LIST (see below). */
+  struct daemon_local_s *next_local;
+
+  /* Link back to the global structure.  */
+  struct daemon_global_s *g;
+
+  assuan_context_t ctx;   /* NULL or session context for the daemon
+                             used with this connection. */
+  unsigned int in_use: 1; /* CTX is in use.  */
+  unsigned int invalid:1; /* CTX is invalid, should be released.  */
+};
+
+
+/* Primary holder of all the started daemons */
+struct daemon_global_s
+{
+  /* To keep track of all active daemon contexts, we keep a linked list
+     anchored at this variable. */
+  struct daemon_local_s *local_list;
+  /* A malloced string with the name of the socket to be used for
+     additional connections.  May be NULL if not provided by
+     daemon. */
+  char *socket_name;
+
+  /* The context of the primary connection.  This is also used as a flag
+     to indicate whether the daemon has been started. */
+  assuan_context_t primary_ctx;
+
+  /* To allow reuse of the primary connection, the following flag is set
+     to true if the primary context has been reset and is not in use by
+     any connection. */
+  int primary_ctx_reusable;
+};
+
+static struct daemon_global_s daemon_global[DAEMON_MAX_TYPE];
+
+
+/* A Mutex used inside the start_daemon function. */
+static npth_mutex_t start_daemon_lock;
+
+
+/* Communication object for wait_child_thread.  */
+struct wait_child_thread_parm_s
+{
+  enum daemon_type type;
+  pid_t pid;
+};
+
+
+/* Thread to wait for daemon termination and cleanup of resources.  */
+static void *
+wait_child_thread (void *arg)
+{
+  int err;
+  struct wait_child_thread_parm_s *parm = arg;
+  enum daemon_type type = parm->type;
+  pid_t pid =  parm->pid;
+#ifndef HAVE_W32_SYSTEM
+  int wstatus;
+#endif
+  const char *name = gnupg_module_name (daemon_modules[type]);
+  struct daemon_global_s *g = &daemon_global[type];
+  struct daemon_local_s *sl;
+
+  xfree (parm);  /* We have copied all data to the stack.  */
+
+#ifdef HAVE_W32_SYSTEM
+  npth_unprotect ();
+  /* Note that although we use a pid_t here, it is actually a HANDLE.  */
+  WaitForSingleObject ((HANDLE)pid, INFINITE);
+  npth_protect ();
+  log_info ("daemon %s finished\n", name);
+#else /* !HAVE_W32_SYSTEM*/
+
+ again:
+  npth_unprotect ();
+  err = waitpid (pid, &wstatus, 0);
+  npth_protect ();
+
+  if (err < 0)
+    {
+      if (errno == EINTR)
+        goto again;
+      log_error ("waitpid for %s failed: %s\n", name, strerror (errno));
+      return NULL;
+    }
+  else
+    {
+      if (WIFEXITED (wstatus))
+        log_info ("daemon %s finished (status %d)\n",
+                  name, WEXITSTATUS (wstatus));
+      else if (WIFSIGNALED (wstatus))
+        log_info ("daemon %s killed by signal %d\n", name, WTERMSIG (wstatus));
+      else
+        {
+          if (WIFSTOPPED (wstatus))
+            log_info ("daemon %s stopped by signal %d\n",
+                      name, WSTOPSIG (wstatus));
+          goto again;
+        }
+    }
+#endif /*!HAVE_W32_SYSTEM*/
+
+  agent_flush_cache (1);  /* Flush the PIN cache.  */
+
+  err = npth_mutex_lock (&start_daemon_lock);
+  if (err)
+    {
+      log_error ("failed to acquire the start_daemon lock: %s\n",
+                 strerror (err));
+    }
+  else
+    {
+      assuan_set_flag (g->primary_ctx, ASSUAN_NO_WAITPID, 1);
+
+      for (sl = g->local_list; sl; sl = sl->next_local)
+        {
+          sl->invalid = 1;
+          if (!sl->in_use && sl->ctx)
+            {
+              assuan_release (sl->ctx);
+              sl->ctx = NULL;
+            }
+        }
+
+      g->primary_ctx = NULL;
+      g->primary_ctx_reusable = 0;
+
+      xfree (g->socket_name);
+      g->socket_name = NULL;
+
+      err = npth_mutex_unlock (&start_daemon_lock);
+      if (err)
+        log_error ("failed to release the start_daemon lock"
+                   " after waitpid for %s: %s\n", name, strerror (err));
+    }
+
+  return NULL;
+}
+
+
+/* This function shall be called after having accessed the daemon.  It
+ * is currently not very useful but gives an opportunity to keep track
+ * of connections currently calling daemon.  Note that the "lock"
+ * operation is done by the daemon_start function which must be called
+ * and error checked before any daemon operation.  CTRL is the usual
+ * connection context and RC the error code to be passed through the
+ * function. */
+gpg_error_t
+daemon_unlock (enum daemon_type type, ctrl_t ctrl, gpg_error_t rc)
+{
+  gpg_error_t err;
+
+  if (ctrl->d_local[type]->in_use == 0)
+    {
+      log_error ("%s: CTX for type %d is not in use\n", __func__, (int)type);
+      if (!rc)
+        rc = gpg_error (GPG_ERR_INTERNAL);
+    }
+  err = npth_mutex_lock (&start_daemon_lock);
+  if (err)
+    {
+      log_error ("failed to acquire the start_daemon lock: %s\n",
+                 strerror (err));
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+  ctrl->d_local[type]->in_use = 0;
+  if (ctrl->d_local[type]->invalid)
+    {
+      assuan_release (ctrl->d_local[type]->ctx);
+      ctrl->d_local[type]->ctx = NULL;
+      ctrl->d_local[type]->invalid = 0;
+    }
+  err = npth_mutex_unlock (&start_daemon_lock);
+  if (err)
+    {
+      log_error ("failed to release the start_daemon lock: %s\n",
+                 strerror (err));
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+  return rc;
+}
+
+
+/* To make sure we leave no secrets in our image after forking of the
+   daemon, we use this callback. */
+static void
+atfork_cb (void *opaque, int where)
+{
+  (void)opaque;
+
+  if (!where)
+    gcry_control (GCRYCTL_TERM_SECMEM);
+}
+
+
+/* Fork off the daemon if this has not already been done.  Lock the
+ * daemon and make sure that a proper context has been setup in CTRL.
+ * This function might also lock the daemon, which means that the
+ * caller must call unlock_daemon after this function has returned
+ * success and the actual Assuan transaction been done. */
+gpg_error_t
+daemon_start (enum daemon_type type, ctrl_t ctrl)
+{
+  gpg_error_t err = 0;
+  const char *pgmname;
+  assuan_context_t ctx = NULL;
+  const char *argv[5];
+  assuan_fd_t no_close_list[3];
+  int i;
+  int rc;
+  char *abs_homedir = NULL;
+  struct daemon_global_s *g = &daemon_global[type];
+  const char *name = gnupg_module_name (daemon_modules[type]);
+
+  log_assert (type < DAEMON_MAX_TYPE);
+  /* if this fails, you forgot to add your new type to daemon_modules */
+  log_assert (DAEMON_MAX_TYPE == DIM (daemon_modules));
+
+  if (opt.disable_daemon[type])
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  if (ctrl->d_local[type] && ctrl->d_local[type]->ctx)
+    {
+      ctrl->d_local[type]->in_use = 1;
+      return 0; /* Okay, the context is fine.  */
+    }
+
+  if (ctrl->d_local[type] && ctrl->d_local[type]->in_use)
+    {
+      log_error ("%s: CTX of type %d is in use\n", __func__, type);
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+
+  /* We need to serialize the access to scd_local_list and primary_scd_ctx. */
+  rc = npth_mutex_lock (&start_daemon_lock);
+  if (rc)
+    {
+      log_error ("failed to acquire the start_daemon lock: %s\n",
+                 strerror (rc));
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+
+  /* If this is the first call for this session, setup the local data
+     structure. */
+  if (!ctrl->d_local[type])
+    {
+      ctrl->d_local[type] = xtrycalloc (1, sizeof *ctrl->d_local[type]);
+      if (!ctrl->d_local[type])
+        {
+          err = gpg_error_from_syserror ();
+          rc = npth_mutex_unlock (&start_daemon_lock);
+          if (rc)
+            log_error ("failed to release the start_daemon lock: %s\n",
+                       strerror (rc));
+          return err;
+        }
+      ctrl->d_local[type]->g = g;
+      ctrl->d_local[type]->next_local = g->local_list;
+      g->local_list = ctrl->d_local[type];  /* FIXME: CHECK the G thing */
+    }
+
+  ctrl->d_local[type]->in_use = 1;
+
+  /* Check whether the pipe server has already been started and in
+     this case either reuse a lingering pipe connection or establish a
+     new socket based one. */
+  if (g->primary_ctx && g->primary_ctx_reusable)
+    {
+      ctx = g->primary_ctx;
+      g->primary_ctx_reusable = 0;
+      if (opt.verbose)
+        log_info ("new connection to %s daemon established (reusing)\n",
+		  name);
+      goto leave;
+    }
+
+  rc = assuan_new (&ctx);
+  if (rc)
+    {
+      log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+      err = rc;
+      goto leave;
+    }
+
+  if (g->socket_name)
+    {
+      rc = assuan_socket_connect (ctx, g->socket_name, 0, 0);
+      if (rc)
+        {
+          log_error ("can't connect to socket '%s': %s\n",
+                     g->socket_name, gpg_strerror (rc));
+          err = gpg_error (GPG_ERR_NO_SCDAEMON);
+          goto leave;
+        }
+
+      if (opt.verbose)
+        log_info ("new connection to %s daemon established\n",
+		  name);
+      goto leave;
+    }
+
+  if (g->primary_ctx)
+    {
+      log_info ("%s daemon is running but won't accept further connections\n",
+		name);
+      err = gpg_error (GPG_ERR_NO_SCDAEMON);
+      goto leave;
+    }
+
+  /* Nope, it has not been started.  Fire it up now. */
+  if (opt.verbose)
+    log_info ("no running %s daemon - starting it\n", name);
+
+  agent_flush_cache (1);  /* Make sure the PIN cache is flushed.  */
+
+  if (fflush (NULL))
+    {
+#ifndef HAVE_W32_SYSTEM
+      err = gpg_error_from_syserror ();
+#endif
+      log_error ("error flushing pending output: %s\n", strerror (errno));
+      /* At least Windows XP fails here with EBADF.  According to docs
+         and Wine an fflush(NULL) is the same as _flushall.  However
+         the Wime implementation does not flush stdin,stdout and stderr
+         - see above.  Lets try to ignore the error. */
+#ifndef HAVE_W32_SYSTEM
+      goto leave;
+#endif
+    }
+
+  if (!opt.daemon_program[type] || !*opt.daemon_program[type])
+    opt.daemon_program[type] = gnupg_module_name (daemon_modules[type]);
+
+  if ( !(pgmname = strrchr (opt.daemon_program[type], '/')))
+    pgmname = opt.daemon_program[type];
+  else
+    pgmname++;
+
+  argv[0] = pgmname;
+  argv[1] = "--multi-server";
+  if (gnupg_default_homedir_p ())
+    argv[2] = NULL;
+  else
+    {
+      abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
+      if (!abs_homedir)
+        {
+          log_error ("error building filename: %s\n",
+                     gpg_strerror (gpg_error_from_syserror ()));
+          goto leave;
+        }
+
+      argv[2] = "--homedir";
+      argv[3] = abs_homedir;
+      argv[4] = NULL;
+    }
+
+  i=0;
+  if (!opt.running_detached)
+    {
+      if (log_get_fd () != -1)
+        no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
+      no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
+    }
+  no_close_list[i] = ASSUAN_INVALID_FD;
+
+  /* Connect to the daemon and perform initial handshaking.  Use
+     detached flag so that under Windows DAEMON does not show up a
+     new window.  */
+  rc = assuan_pipe_connect (ctx, opt.daemon_program[type], argv,
+			    no_close_list, atfork_cb, NULL,
+                            ASSUAN_PIPE_CONNECT_DETACHED);
+  if (rc)
+    {
+      log_error ("can't connect to the daemon %s: %s\n",
+                 name, gpg_strerror (rc));
+      err = gpg_error (GPG_ERR_NO_SCDAEMON);
+      goto leave;
+    }
+
+  if (opt.verbose)
+    log_info ("first connection to daemon %s established\n", name);
+
+
+  /* Get the name of the additional socket opened by daemon. */
+  {
+    membuf_t data;
+    unsigned char *databuf;
+    size_t datalen;
+
+    xfree (g->socket_name);
+    g->socket_name = NULL;
+    init_membuf (&data, 256);
+    assuan_transact (ctx, "GETINFO socket_name",
+                     put_membuf_cb, &data, NULL, NULL, NULL, NULL);
+
+    databuf = get_membuf (&data, &datalen);
+    if (databuf && datalen)
+      {
+        g->socket_name = xtrymalloc (datalen + 1);
+        if (!g->socket_name)
+          log_error ("warning: can't store socket name: %s\n",
+                     strerror (errno));
+        else
+          {
+            memcpy (g->socket_name, databuf, datalen);
+            g->socket_name[datalen] = 0;
+            if (DBG_IPC)
+              log_debug ("additional connections at '%s'\n", g->socket_name);
+          }
+      }
+    xfree (databuf);
+  }
+
+  /* Tell the daemon we want him to send us an event signal.  We
+     don't support this for W32CE.  */
+#ifndef HAVE_W32CE_SYSTEM
+  if (opt.sigusr2_enabled)
+    {
+      char buf[100];
+
+#ifdef HAVE_W32_SYSTEM
+      snprintf (buf, sizeof buf, "OPTION event-signal=%lx",
+                (unsigned long)get_agent_daemon_notify_event ());
+#else
+      snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
+#endif
+      assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+#endif /*HAVE_W32CE_SYSTEM*/
+
+  g->primary_ctx = ctx;
+  g->primary_ctx_reusable = 0;
+
+  {
+    npth_t thread;
+    npth_attr_t tattr;
+    struct wait_child_thread_parm_s *wctp;
+
+    wctp = xtrymalloc (sizeof *wctp);
+    if (!wctp)
+      {
+        err = gpg_error_from_syserror ();
+        log_error ("error preparing wait_child_thread: %s\n", strerror (err));
+        goto leave;
+      }
+
+    wctp->type = type;
+    wctp->pid = assuan_get_pid (g->primary_ctx);
+    err = npth_attr_init (&tattr);
+    if (!err)
+      {
+        npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+        err = npth_create (&thread, &tattr, wait_child_thread, wctp);
+        if (err)
+          log_error ("error spawning wait_child_thread: %s\n", strerror (err));
+        npth_attr_destroy (&tattr);
+      }
+  }
+
+ leave:
+  rc = npth_mutex_unlock (&start_daemon_lock);
+  if (rc)
+    log_error ("failed to release the start_daemon lock: %s\n", strerror (rc));
+
+  xfree (abs_homedir);
+  if (err)
+    {
+      daemon_unlock (type, ctrl, err);
+      if (ctx)
+	assuan_release (ctx);
+    }
+  else
+    {
+      ctrl->d_local[type]->ctx = ctx;
+      ctrl->d_local[type]->invalid = 0;
+    }
+  return err;
+}
+
+
+/* This function must be called once to initialize this module.  This
+   has to be done before a second thread is spawned.  We can't do the
+   static initialization because NPth emulation code might not be able
+   to do a static init; in particular, it is not possible for W32. */
+void
+initialize_module_daemon (void)
+{
+  static int initialized;
+  int err;
+
+  if (!initialized)
+    {
+      err = npth_mutex_init (&start_daemon_lock, NULL);
+      if (err)
+	log_fatal ("error initializing mutex: %s\n", strerror (err));
+      initialized = 1;
+    }
+}
+
+
+/* This function may be called to print information pertaining to the
+   current state of this module to the log. */
+void
+agent_daemon_dump_state (void)
+{
+  int i;
+
+  for (i = 0; i < DAEMON_MAX_TYPE; i++) {
+    struct daemon_global_s *g = &daemon_global[i];
+
+    log_info ("%s: name %s primary_ctx=%p pid=%ld reusable=%d\n", __func__,
+	      gnupg_module_name (daemon_modules[i]),
+	      g->primary_ctx,
+	      (long)assuan_get_pid (g->primary_ctx),
+	      g->primary_ctx_reusable);
+    if (g->socket_name)
+      log_info ("%s: socket='%s'\n", __func__, g->socket_name);
+  }
+}
+
+
+/* Check whether the daemon is active.  This is a fast check without
+ * any locking and might give a wrong result if another thread is
+ * about to start the daemon or the daemon is about to be stopped. */
+int
+agent_daemon_check_running (enum daemon_type type)
+{
+  return !!daemon_global[type].primary_ctx;
+}
+
+
+/* Send a kill command to the daemon of TYPE */
+void
+agent_kill_daemon (enum daemon_type type)
+{
+  struct daemon_global_s *g = &daemon_global[type];
+
+  if (g->primary_ctx == NULL)
+    return;
+  /* FIXME: This assumes SCdaemon; we should add a new command
+   * (e.g. SHUTDOWN) so that there is no need to have a daemon
+   * specific command.  */
+  assuan_transact (g->primary_ctx, "KILLSCD",
+                   NULL, NULL, NULL, NULL, NULL, NULL);
+  agent_flush_cache (1);  /* 1 := Flush the PIN cache.  */
+}
+
+
+/* Reset the daemons if they have been used.  Actually it is not a
+   reset but a cleanup of resources used by the current connection. */
+void
+agent_reset_daemon (ctrl_t ctrl)
+{
+  int i;
+  int rc;
+
+  rc = npth_mutex_lock (&start_daemon_lock);
+  if (rc)
+    {
+      log_error ("failed to acquire the start_daemon lock: %s\n",
+                 strerror (rc));
+      return;
+    }
+
+
+  for (i = 0; i < DAEMON_MAX_TYPE; i++)
+    if (ctrl->d_local[i])
+      {
+        struct daemon_global_s *g = ctrl->d_local[i]->g;
+
+	if (ctrl->d_local[i]->ctx)
+	  {
+            /* For the primary connection we send a reset and keep
+             * that connection open for reuse. */
+            if (ctrl->d_local[i]->ctx == g->primary_ctx)
+	      {
+		/* Send a RESTART to the daemon.  This is required for the
+		   primary connection as a kind of virtual EOF; we don't
+		   have another way to tell it that the next command
+		   should be viewed as if a new connection has been
+		   made.  For the non-primary connections this is not
+		   needed as we simply close the socket.  We don't check
+		   for an error here because the RESTART may fail for
+		   example if the daemon has already been terminated.
+		   Anyway, we need to set the reusable flag to make sure
+		   that the aliveness check can clean it up. */
+		assuan_transact (g->primary_ctx, "RESTART",
+				 NULL, NULL, NULL, NULL, NULL, NULL);
+		g->primary_ctx_reusable = 1;
+	      }
+	    else /* Secondary connections.  */
+	      assuan_release (ctrl->d_local[i]->ctx);
+	    ctrl->d_local[i]->ctx = NULL;
+	  }
+
+	/* Remove the local context from our list and release it. */
+	if (!g->local_list)
+	  BUG ();
+	else if (g->local_list == ctrl->d_local[i])
+	  g->local_list = ctrl->d_local[i]->next_local;
+	else
+	  {
+	    struct daemon_local_s *sl;
+
+	    for (sl=g->local_list; sl->next_local; sl = sl->next_local)
+	      if (sl->next_local == ctrl->d_local[i])
+		break;
+	    if (!sl->next_local)
+	      BUG ();
+	    sl->next_local = ctrl->d_local[i]->next_local;
+	  }
+	xfree (ctrl->d_local[i]);
+	ctrl->d_local[i] = NULL;
+      }
+
+
+  rc = npth_mutex_unlock (&start_daemon_lock);
+  if (rc)
+    log_error ("failed to release the start_daemon lock: %s\n", strerror (rc));
+}
+
+
+assuan_context_t
+daemon_type_ctx (enum daemon_type type, ctrl_t ctrl)
+{
+  return ctrl->d_local[type]->ctx;
+}
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 5fcf98b..dd60c2e 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -53,12 +53,10 @@
    time. */
 #define LOCK_TIMEOUT  (1*60)
 
-/* Define the number of bits to use for a generated pin.  The
- * passphrase will be rendered as zbase32 which results for 150 bits
- * in a string of 30 characters.  That fits nicely into the 5
- * character blocking which pinentry can do.  128 bits would actually
- * be sufficient but can't be formatted nicely. */
-#define DEFAULT_GENPIN_BITS 150
+/* Define the maximum tries to generate a pin for the GENPIN inquire */
+#define MAX_GENPIN_TRIES 10
+/* Define the number of characters to use for a generated pin */
+#define DEFAULT_GENPIN_BYTES (128 / 8)
 
 /* The assuan context of the current pinentry. */
 static assuan_context_t entry_ctx;
@@ -93,7 +91,6 @@ struct entry_parm_s
   size_t size;
   unsigned char *buffer;
   int status;
-  unsigned int constraints_flags;
 };
 
 
@@ -201,7 +198,7 @@ unlock_pinentry (ctrl_t ctrl, gpg_error_t rc)
 
 
 /* Helper for at_fork_cb which can also be called by the parent to
- * show which envvars will be set.  */
+ * show shich envvars will be set.  */
 static void
 atfork_core (ctrl_t ctrl, int debug_mode)
 {
@@ -213,15 +210,8 @@ atfork_core (ctrl_t ctrl, int debug_mode)
       /* For all new envvars (!ASSNAME) and the two medium old ones
        * which do have an assuan name but are conveyed using
        * environment variables, update the environment of the forked
-       * process.  We also pass DISPLAY despite that --display is also
-       * used when exec-ing the pinentry.  The reason is that for
-       * example the qt5ct tool does not have any arguments and thus
-       * relies on the DISPLAY envvar.  The use case here is a global
-       * envvar like "QT_QPA_PLATFORMTHEME=qt5ct" which for example is
-       * useful when using the Qt pinentry under GNOME or XFCE.
-       */
+       * process.  */
       if (!assname
-          || (!opt.keep_display && !strcmp (name, "DISPLAY"))
           || !strcmp (name, "XAUTHORITY")
           || !strcmp (name, "PINENTRY_USER_DATA"))
         {
@@ -436,7 +426,7 @@ start_pinentry (ctrl_t ctrl)
     log_debug ("connection to PIN entry established\n");
 
   if (opt.debug_pinentry)
-    atfork_core (ctrl, 1); /* Just show the envvars set after the fork.  */
+    atfork_core (ctrl, 1);
 
   value = session_env_getenv (ctrl->session_env, "PINENTRY_USER_DATA");
   if (value != NULL)
@@ -455,7 +445,17 @@ start_pinentry (ctrl_t ctrl)
                         opt.no_grab? "OPTION no-grab":"OPTION grab",
                         NULL, NULL, NULL, NULL, NULL, NULL);
   if (rc)
-    return unlock_pinentry (ctrl, rc);
+    {
+      if (gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED
+          || gpg_err_code (rc) == GPG_ERR_UNKNOWN_OPTION)
+        {
+          if (opt.verbose)
+            log_info ("Option no-grab/grab is ignored by pinentry.\n");
+          /* Keep going even if the feature is not supported.  */
+        }
+      else
+        return unlock_pinentry (ctrl, rc);
+    }
 
   value = session_env_getenv (ctrl->session_env, "GPG_TTY");
   if (value)
@@ -533,14 +533,16 @@ start_pinentry (ctrl_t ctrl)
 
   {
     /* Provide a few default strings for use by the pinentries.  This
-       may help a pinentry to avoid implementing localization code.  */
+     * may help a pinentry to avoid implementing localization code.
+     * Note that gpg-agent has been set to utf-8 so that the strings
+     * are in the expected encoding.  */
     static const struct { const char *key, *value; int what; } tbl[] = {
-      /* TRANSLATORS: These are labels for buttons etc used in
-         Pinentries.  An underscore indicates that the next letter
-         should be used as an accelerator.  Double the underscore for
-         a literal one.  The actual to be translated text starts after
-         the second vertical bar.  Note that gpg-agent has been set to
-         utf-8 so that the strings are in the expected encoding.  */
+      /* TRANSLATORS: These are labels for buttons etc as used in
+       * Pinentries.  In your translation copy the text before the
+       * second vertical bar verbatim; translate only the following
+       * text.  An underscore indicates that the next letter should be
+       * used as an accelerator.  Double the underscore to have
+       * pinentry display a literal underscore.   */
       { "ok",     N_("|pinentry-label|_OK") },
       { "cancel", N_("|pinentry-label|_Cancel") },
       { "yes",    N_("|pinentry-label|_Yes") },
@@ -634,8 +636,9 @@ start_pinentry (ctrl_t ctrl)
         nodename = utsbuf.nodename;
 #endif /*!HAVE_W32_SYSTEM*/
 
-      if ((optstr = xtryasprintf ("OPTION owner=%lu %s",
-                                  ctrl->client_pid, nodename)))
+      if ((optstr = xtryasprintf ("OPTION owner=%lu/%d %s",
+                                  ctrl->client_pid, ctrl->client_uid,
+                                  nodename)))
         {
           assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
                            NULL);
@@ -685,7 +688,7 @@ start_pinentry (ctrl_t ctrl)
       log_info ("You may want to update to a newer pinentry\n");
       rc = 0;
     }
-  else if (!rc && (pid_t)pinentry_pid == (pid_t)(-1))
+  else if (!rc && pinentry_pid == (unsigned long)(-1L))
     log_error ("pinentry did not return a PID\n");
   else
     {
@@ -834,19 +837,18 @@ estimate_passphrase_quality (const char *pw)
 
 
 /* Generate a random passphrase in zBase32 encoding (RFC-6189) to be
- * used by Pinentry to suggest a passphrase.  */
+ * used by pinetry to suggest a passphrase.  */
 static char *
 generate_pin (void)
 {
-  unsigned int nbits = opt.min_passphrase_len * 8;
-  size_t nbytes;
+  size_t nbytes = opt.min_passphrase_len;
   void *rand;
   char *generated;
 
-  if (nbits < 128)
-    nbits = DEFAULT_GENPIN_BITS;
-
-  nbytes = (nbits + 7) / 8;
+  if (nbytes < 8)
+    {
+      nbytes = DEFAULT_GENPIN_BYTES;
+    }
 
   rand = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM);
   if (!rand)
@@ -855,130 +857,65 @@ generate_pin (void)
       return NULL;
     }
 
-  generated = zb32_encode (rand, nbits);
+  generated = zb32_encode (rand, nbytes * 8);
   gcry_free (rand);
   return generated;
 }
 
 
 /* Handle inquiries. */
-struct inq_cb_parm_s
-{
-  assuan_context_t ctx;
-  unsigned int flags;  /* CHECK_CONSTRAINTS_... */
-  int genpinhash_valid;
-  char genpinhash[32]; /* Hash of the last generated pin.  */
-};
-
-
-/* Return true if PIN is indentical to the last generated pin.  */
-static int
-is_generated_pin (struct inq_cb_parm_s *parm, const char *pin)
-{
-  char hashbuf[32];
-
-  if (!parm->genpinhash_valid)
-    return 0;
-  if (!*pin)
-    return 0;
-  /* Note that we compare the hash so that we do not need to save the
-   * generated PIN longer than needed. */
-  gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, pin, strlen (pin));
-
-  if (!memcmp (hashbuf, parm->genpinhash, 32))
-    return 1; /* yes, it is the same.  */
-
-  return 0;
-}
-
-
 static gpg_error_t
 inq_cb (void *opaque, const char *line)
 {
-  struct inq_cb_parm_s *parm = opaque;
+  assuan_context_t ctx = opaque;
   gpg_error_t err;
   const char *s;
   char *pin;
-  int percent;
-  char numbuf[20];
 
   if ((s = has_leading_keyword (line, "QUALITY")))
     {
+      char numbuf[20];
+      int percent;
+
       pin = unescape_passphrase_string (s);
       if (!pin)
         err = gpg_error_from_syserror ();
       else
         {
           percent = estimate_passphrase_quality (pin);
-          if (check_passphrase_constraints (NULL, pin, parm->flags, NULL))
+          if (check_passphrase_constraints (NULL, pin, 0, NULL))
             percent = -percent;
           snprintf (numbuf, sizeof numbuf, "%d", percent);
-          err = assuan_send_data (parm->ctx, numbuf, strlen (numbuf));
+          err = assuan_send_data (ctx, numbuf, strlen (numbuf));
           xfree (pin);
         }
     }
-  else if ((s = has_leading_keyword (line, "CHECKPIN")))
+  else if ((s = has_leading_keyword (line, "GENPIN")))
     {
-      char *errtext = NULL;
-      size_t errtextlen;
+      int tries;
 
-      if (!opt.enforce_passphrase_constraints)
+      for (tries = 0; tries < MAX_GENPIN_TRIES; tries ++)
         {
-          log_error ("unexpected inquiry 'CHECKPIN' without enforced "
-                     "passphrase constraints\n");
-          err = gpg_error (GPG_ERR_ASS_UNEXPECTED_CMD);
-          goto leave;
-        }
-
-      pin = unescape_passphrase_string (s);
-      if (!pin)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          if (!is_generated_pin (parm, pin)
-              && check_passphrase_constraints (NULL, pin,parm->flags, &errtext))
+          pin = generate_pin ();
+          if (!pin)
             {
-              if (errtext)
-                {
-                  /* Unescape the percent-escaped errtext because
-                     assuan_send_data escapes it again. */
-                  errtextlen = percent_unescape_inplace (errtext, 0);
-                  err = assuan_send_data (parm->ctx, errtext, errtextlen);
-                }
-              else
-                {
-                  log_error ("passphrase check failed without error text\n");
-                  err = gpg_error (GPG_ERR_GENERAL);
-                }
+              log_error ("failed to generate a passphrase\n");
+              err = gpg_error (GPG_ERR_GENERAL);
+              goto leave;
             }
-          else
+          if (!check_passphrase_constraints (NULL, pin, 0, NULL))
             {
-              err = assuan_send_data (parm->ctx, NULL, 0);
+              assuan_begin_confidential (ctx);
+              err = assuan_send_data (ctx, pin, strlen (pin));
+              assuan_end_confidential (ctx);
+              xfree (pin);
+              goto leave;
             }
-          xfree (errtext);
           xfree (pin);
         }
-    }
-  else if ((s = has_leading_keyword (line, "GENPIN")))
-    {
-      int wasconf;
-
-      parm->genpinhash_valid = 0;
-      pin = generate_pin ();
-      if (!pin)
-        {
-          log_error ("failed to generate a passphrase\n");
-          err = gpg_error (GPG_ERR_GENERAL);
-          goto leave;
-        }
-      wasconf = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
-      assuan_begin_confidential (parm->ctx);
-      err = assuan_send_data (parm->ctx, pin, strlen (pin));
-      if (!wasconf)
-        assuan_end_confidential (parm->ctx);
-      gcry_md_hash_buffer (GCRY_MD_SHA256, parm->genpinhash, pin, strlen (pin));
-      parm->genpinhash_valid = 1;
-      xfree (pin);
+      log_error ("failed to generate a passphrase after %i tries\n",
+                 MAX_GENPIN_TRIES);
+      err = gpg_error (GPG_ERR_GENERAL);
     }
   else
     {
@@ -1045,128 +982,6 @@ setup_genpin (ctrl_t ctrl)
 }
 
 
-/* Helper to setup pinentry for formatted passphrase. */
-static gpg_error_t
-setup_formatted_passphrase (ctrl_t ctrl)
-{
-  static const struct { const char *key, *help_id, *value; } tbl[] = {
-    /* TRANSLATORS: This is a text shown by pinentry if the option
-        for formatted passphrase is enabled.  The length is
-        limited to about 900 characters.  */
-    { "hint",  "pinentry.formatted_passphrase.hint",
-      N_("Note: The blanks are not part of the passphrase.") },
-    { NULL, NULL }
-  };
-
-  gpg_error_t rc;
-  char line[ASSUAN_LINELENGTH];
-  int idx;
-  char *tmpstr;
-  const char *s;
-  char *escapedstr;
-
-  (void)ctrl;
-
-  if (opt.pinentry_formatted_passphrase)
-    {
-      snprintf (line, DIM(line), "OPTION formatted-passphrase");
-      rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL,
-                            NULL);
-      if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-        return rc;
-
-      for (idx=0; tbl[idx].key; idx++)
-        {
-          tmpstr = gnupg_get_help_string (tbl[idx].help_id, 0);
-          if (tmpstr)
-            s = tmpstr;
-          else
-            s = L_(tbl[idx].value);
-          escapedstr = try_percent_escape (s, "\t\r\n\f\v");
-          xfree (tmpstr);
-          if (escapedstr && *escapedstr)
-            {
-              snprintf (line, DIM(line), "OPTION formatted-passphrase-%s=%s",
-                        tbl[idx].key, escapedstr);
-              rc = assuan_transact (entry_ctx, line,
-                                    NULL, NULL, NULL, NULL, NULL, NULL);
-            }
-          else
-            rc = 0;
-          xfree (escapedstr);
-          if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-            return rc;
-        }
-    }
-
-  return 0;
-}
-
-
-/* Helper to setup pinentry for enforced passphrase constraints. */
-static gpg_error_t
-setup_enforced_constraints (ctrl_t ctrl)
-{
-  static const struct { const char *key, *help_id, *value; } tbl[] = {
-    { "hint-short", "pinentry.constraints.hint.short", NULL },
-    { "hint-long",  "pinentry.constraints.hint.long", NULL },
-    /* TRANSLATORS: This is a text shown by pinentry as title of a dialog
-       telling the user that the entered new passphrase does not satisfy
-       the passphrase constraints.  Please keep it short. */
-    { "error-title", NULL, N_("Passphrase Not Allowed") },
-    { NULL, NULL }
-  };
-
-  gpg_error_t rc;
-  char line[ASSUAN_LINELENGTH];
-  int idx;
-  char *tmpstr;
-  const char *s;
-  char *escapedstr;
-
-  (void)ctrl;
-
-  if (opt.enforce_passphrase_constraints)
-    {
-      snprintf (line, DIM(line), "OPTION constraints-enforce");
-      rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL,
-                            NULL);
-      if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-        return rc;
-
-      for (idx=0; tbl[idx].key; idx++)
-        {
-          tmpstr = gnupg_get_help_string (tbl[idx].help_id, 0);
-          if (tmpstr)
-            s = tmpstr;
-          else if (tbl[idx].value)
-            s = L_(tbl[idx].value);
-          else
-            {
-              log_error ("no help string found for %s\n", tbl[idx].help_id);
-              continue;
-            }
-          escapedstr = try_percent_escape (s, "\t\r\n\f\v");
-          xfree (tmpstr);
-          if (escapedstr && *escapedstr)
-            {
-              snprintf (line, DIM(line), "OPTION constraints-%s=%s",
-                        tbl[idx].key, escapedstr);
-              rc = assuan_transact (entry_ctx, line,
-                                    NULL, NULL, NULL, NULL, NULL, NULL);
-            }
-          else
-            rc = 0;  /* Ignore an empty string (would give an IPC error).  */
-          xfree (escapedstr);
-          if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-            return rc;
-        }
-    }
-
-  return 0;
-}
-
-
 /* Helper for agent_askpin and agent_get_passphrase.  */
 static gpg_error_t
 setup_qualitybar (ctrl_t ctrl)
@@ -1267,34 +1082,116 @@ build_cmd_setdesc (char *line, size_t linelen, const char *desc)
 }
 
 
+
+/* Watch the socket's EOF condition, while checking finish of
+   foreground thread.  When EOF condition is detected, terminate
+   the pinentry process behind the assuan pipe.
+ */
+static void *
+watch_sock (void *arg)
+{
+  pid_t pid = assuan_get_pid (entry_ctx);
+
+  while (1)
+    {
+      int err;
+      fd_set fdset;
+      struct timeval timeout = { 0, 500000 };
+      gnupg_fd_t sock = *(gnupg_fd_t *)arg;
+
+      if (sock == GNUPG_INVALID_FD)
+        return NULL;
+
+      FD_ZERO (&fdset);
+      FD_SET (FD2INT (sock), &fdset);
+      err = npth_select (FD2INT (sock)+1, &fdset, NULL, NULL, &timeout);
+
+      if (err < 0)
+        {
+          if (errno == EINTR)
+            continue;
+          else
+            return NULL;
+        }
+
+      /* Possibly, it's EOF.  */
+      if (err > 0)
+        break;
+    }
+
+  if (pid == (pid_t)(-1))
+    ; /* No pid available can't send a kill. */
+#ifdef HAVE_W32_SYSTEM
+  /* Older versions of assuan set PID to 0 on Windows to indicate an
+     invalid value.  */
+  else if (pid != (pid_t) INVALID_HANDLE_VALUE && pid != 0)
+    TerminateProcess ((HANDLE)pid, 1);
+#else
+  else if (pid > 0)
+    kill (pid, SIGINT);
+#endif
+
+  return NULL;
+}
+
+
+static gpg_error_t
+watch_sock_start (gnupg_fd_t *sock_p, npth_t *thread_p)
+{
+  npth_attr_t tattr;
+  int err;
+
+  err = npth_attr_init (&tattr);
+  if (err)
+    {
+      log_error ("do_getpin: error npth_attr_init: %s\n", strerror (err));
+      return gpg_error_from_errno (err);
+    }
+  npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE);
+
+  err = npth_create (thread_p, &tattr, watch_sock, sock_p);
+  npth_attr_destroy (&tattr);
+  if (err)
+    {
+      log_error ("do_getpin: error spawning thread: %s\n", strerror (err));
+      return gpg_error_from_errno (err);
+    }
+
+  return 0;
+}
+
+static void
+watch_sock_end (gnupg_fd_t *sock_p, npth_t *thread_p)
+{
+  int err;
+
+  *sock_p = GNUPG_INVALID_FD;
+  err = npth_join (*thread_p, NULL);
+  if (err)
+    log_error ("watch_sock_end: error joining thread: %s\n", strerror (err));
+}
+
+
 /* Ask pinentry to get a pin by "GETPIN" command, spawning a thread
- * detecting the socket's EOF.   */
+   detecting the socket's EOF.
+ */
 static gpg_error_t
 do_getpin (ctrl_t ctrl, struct entry_parm_s *parm)
 {
   gpg_error_t rc;
-  int wasconf;
-  struct inq_cb_parm_s inq_cb_parm;
-
-  (void)ctrl;
+  int saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
+  gnupg_fd_t sock_watched = ctrl->thread_startup.fd;
+  npth_t thread;
 
-  inq_cb_parm.ctx = entry_ctx;
-  inq_cb_parm.flags = parm->constraints_flags;
-  inq_cb_parm.genpinhash_valid = 0;
+  rc = watch_sock_start (&sock_watched, &thread);
+  if (rc)
+    return rc;
 
-  wasconf = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
   assuan_begin_confidential (entry_ctx);
   rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, parm,
-                        inq_cb, &inq_cb_parm,
+                        inq_cb, entry_ctx,
                         pinentry_status_cb, &parm->status);
-  if (!wasconf)
-    assuan_end_confidential (entry_ctx);
-
-  if (!rc && parm->buffer && is_generated_pin (&inq_cb_parm, parm->buffer))
-    parm->status |= PINENTRY_STATUS_PASSWORD_GENERATED;
-  else
-    parm->status &= ~PINENTRY_STATUS_PASSWORD_GENERATED;
-
+  assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
   /* Most pinentries out in the wild return the old Assuan error code
      for canceled which gets translated to an assuan Cancel error and
      not to the code for a user cancel.  Fix this here. */
@@ -1306,10 +1203,10 @@ do_getpin (ctrl_t ctrl, struct entry_parm_s *parm)
       && gpg_err_code (rc) == GPG_ERR_CANCELED)
     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
 
+  watch_sock_end (&sock_watched, &thread);
+
   return rc;
 }
-
-
 
 /* Call the Entry and ask for the PIN.  We do check for a valid PIN
    number here and repeat it as long as we have invalid formed
@@ -1327,7 +1224,6 @@ agent_askpin (ctrl_t ctrl,
   struct entry_parm_s parm;
   const char *errtext = NULL;
   int is_pin = 0;
-  int is_generated;
 
   if (opt.batch)
     return 0; /* fixme: we should return BAD PIN */
@@ -1446,14 +1342,12 @@ agent_askpin (ctrl_t ctrl,
       parm.size = pininfo->max_length;
       *pininfo->pin = 0; /* Reset the PIN. */
       parm.buffer = (unsigned char*)pininfo->pin;
-      parm.constraints_flags = pininfo->constraints_flags;
 
       if (errtext)
         {
           /* TRANSLATORS: The string is appended to an error message in
              the pinentry.  The %s is the actual error message, the
-             two %d give the current and maximum number of tries.
-             Do not translate the "SETERROR" keyword. */
+             two %d give the current and maximum number of tries. */
           snprintf (line, DIM(line), L_("SETERROR %s (try %d of %d)"),
                     errtext, pininfo->failed_tries+1, pininfo->max_tries);
           rc = assuan_transact (entry_ctx, line,
@@ -1474,15 +1368,13 @@ agent_askpin (ctrl_t ctrl,
 
       rc = do_getpin (ctrl, &parm);
       pininfo->status = parm.status;
-      is_generated = !!(parm.status & PINENTRY_STATUS_PASSWORD_GENERATED);
-
       if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
         errtext = is_pin? L_("PIN too long")
                         : L_("Passphrase too long");
       else if (rc)
         return unlock_pinentry (ctrl, rc);
 
-      if (!errtext && pininfo->min_digits && !is_generated)
+      if (!errtext && pininfo->min_digits)
         {
           /* do some basic checks on the entered PIN. */
           if (!all_digitsp (pininfo->pin))
@@ -1494,7 +1386,7 @@ agent_askpin (ctrl_t ctrl,
             errtext = L_("PIN too short");
         }
 
-      if (!errtext && pininfo->check_cb && !is_generated)
+      if (!errtext && pininfo->check_cb)
         {
           /* More checks by utilizing the optional callback. */
           pininfo->cb_errtext = NULL;
@@ -1540,9 +1432,9 @@ agent_askpin (ctrl_t ctrl,
 
 /* Ask for the passphrase using the supplied arguments.  The returned
    passphrase needs to be freed by the caller.  PININFO is optional
-   and can be used to have constraints checinkg while the pinentry
+   and can be used to have constraints checking while the pinentry
    dialog is open (like what we do in agent_askpin).  This is very
-   similar to agent_akpin and we should eventually merge the two
+   similar to agent_askpin and we should eventually merge the two
    functions. */
 int
 agent_get_passphrase (ctrl_t ctrl,
@@ -1553,7 +1445,6 @@ agent_get_passphrase (ctrl_t ctrl,
 {
   int rc;
   int is_pin;
-  int is_generated;
   char line[ASSUAN_LINELENGTH];
   struct entry_parm_s parm;
 
@@ -1664,10 +1555,6 @@ agent_get_passphrase (ctrl_t ctrl,
         return unlock_pinentry (ctrl, rc);
     }
 
-  rc = setup_formatted_passphrase (ctrl);
-  if (rc)
-    return unlock_pinentry (ctrl, rc);
-
   if (!pininfo)
     {
       /* Legacy method without PININFO.  */
@@ -1697,10 +1584,6 @@ agent_get_passphrase (ctrl_t ctrl,
         pininfo->with_repeat = 0; /* Pinentry does not support it.  */
 
       (void)setup_genpin (ctrl);
-
-      rc = setup_enforced_constraints (ctrl);
-      if (rc)
-        return unlock_pinentry (ctrl, rc);
     }
   pininfo->repeat_okay = 0;
   pininfo->status = 0;
@@ -1708,7 +1591,6 @@ agent_get_passphrase (ctrl_t ctrl,
   for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++)
     {
       memset (&parm, 0, sizeof parm);
-      parm.constraints_flags = pininfo->constraints_flags;
       parm.size = pininfo->max_length;
       parm.buffer = (unsigned char*)pininfo->pin;
       *pininfo->pin = 0; /* Reset the PIN. */
@@ -1738,15 +1620,13 @@ agent_get_passphrase (ctrl_t ctrl,
 
       rc = do_getpin (ctrl, &parm);
       pininfo->status = parm.status;
-      is_generated = !!(parm.status & PINENTRY_STATUS_PASSWORD_GENERATED);
-
       if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
         errtext = is_pin? L_("PIN too long")
                         : L_("Passphrase too long");
       else if (rc)
         return unlock_pinentry (ctrl, rc);
 
-      if (!errtext && pininfo->min_digits && !is_generated)
+      if (!errtext && pininfo->min_digits)
         {
           /* do some basic checks on the entered PIN. */
           if (!all_digitsp (pininfo->pin))
@@ -1758,7 +1638,7 @@ agent_get_passphrase (ctrl_t ctrl,
             errtext = L_("PIN too short");
         }
 
-      if (!errtext && pininfo->check_cb && !is_generated)
+      if (!errtext && pininfo->check_cb)
         {
           /* More checks by utilizing the optional callback. */
           pininfo->cb_errtext = NULL;
@@ -1821,6 +1701,9 @@ agent_get_confirmation (ctrl_t ctrl,
       if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
         return gpg_error (GPG_ERR_CANCELED);
 
+      if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
+        return pinentry_loopback_confirm (ctrl, desc, 1, ok, notok);
+
       return gpg_error (GPG_ERR_NO_PIN_ENTRY);
     }
 
@@ -1874,70 +1757,39 @@ agent_get_confirmation (ctrl_t ctrl,
         return unlock_pinentry (ctrl, rc);
     }
 
-  rc = assuan_transact (entry_ctx, "CONFIRM",
-                        NULL, NULL, NULL, NULL, NULL, NULL);
-  if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
-    rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
-
-  return unlock_pinentry (ctrl, rc);
-}
-
-
-
-/* Pop up the PINentry, display the text DESC and a button with the
-   text OK_BTN (which may be NULL to use the default of "OK") and wait
-   for the user to hit this button.  The return value is not
-   relevant.  */
-int
-agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
-{
-  int rc;
-  char line[ASSUAN_LINELENGTH];
-
-  if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
-    return gpg_error (GPG_ERR_CANCELED);
+  {
+    gnupg_fd_t sock_watched = ctrl->thread_startup.fd;
+    npth_t thread;
 
-  rc = start_pinentry (ctrl);
-  if (rc)
-    return rc;
+    rc = watch_sock_start (&sock_watched, &thread);
+    if (!rc)
+      {
+        rc = assuan_transact (entry_ctx, "CONFIRM",
+                              NULL, NULL, NULL, NULL, NULL, NULL);
+        if (rc && gpg_err_source (rc)
+            && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+          rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
 
-  if (desc)
-    build_cmd_setdesc (line, DIM(line), desc);
-  else
-    snprintf (line, DIM(line), "RESET");
-  rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
-  /* Most pinentries out in the wild return the old Assuan error code
-     for canceled which gets translated to an assuan Cancel error and
-     not to the code for a user cancel.  Fix this here. */
-  if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
-    rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+        watch_sock_end (&sock_watched, &thread);
+      }
 
-  if (rc)
     return unlock_pinentry (ctrl, rc);
-
-  if (ok_btn)
-    {
-      snprintf (line, DIM(line), "SETOK %s", ok_btn);
-      rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL,
-                            NULL, NULL, NULL);
-      if (rc)
-        return unlock_pinentry (ctrl, rc);
-    }
-
-  rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL,
-                        NULL, NULL, NULL);
-  if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
-    rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
-
-  return unlock_pinentry (ctrl, rc);
+  }
 }
 
 
+
 /* The thread running the popup message. */
 static void *
 popup_message_thread (void *arg)
 {
-  (void)arg;
+  gpg_error_t rc;
+  gnupg_fd_t sock_watched = *(gnupg_fd_t *)arg;
+  npth_t thread;
+
+  rc = watch_sock_start (&sock_watched, &thread);
+  if (rc)
+    return NULL;
 
   /* We use the --one-button hack instead of the MESSAGE command to
      allow the use of old Pinentries.  Those old Pinentries will then
@@ -1945,6 +1797,7 @@ popup_message_thread (void *arg)
      annoyance. */
   assuan_transact (entry_ctx, "CONFIRM --one-button",
                    NULL, NULL, NULL, NULL, NULL, NULL);
+  watch_sock_end (&sock_watched, &thread);
   popup_finished = 1;
   return NULL;
 }
@@ -1965,7 +1818,15 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
   int err;
 
   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
-    return gpg_error (GPG_ERR_CANCELED);
+    {
+      if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
+        return gpg_error (GPG_ERR_CANCELED);
+
+      if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
+        return pinentry_loopback_confirm (ctrl, desc, 0, ok_btn, NULL);
+
+      return gpg_error (GPG_ERR_NO_PIN_ENTRY);
+    }
 
   rc = start_pinentry (ctrl);
   if (rc)
@@ -1993,7 +1854,8 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
   npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE);
 
   popup_finished = 0;
-  err = npth_create (&popup_tid, &tattr, popup_message_thread, NULL);
+  err = npth_create (&popup_tid, &tattr, popup_message_thread,
+                     &ctrl->thread_startup.fd);
   npth_attr_destroy (&tattr);
   if (err)
     {
@@ -2016,6 +1878,9 @@ agent_popup_message_stop (ctrl_t ctrl)
 
   (void)ctrl;
 
+  if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
+    return;
+
   if (!popup_tid || !entry_ctx)
     {
       log_debug ("agent_popup_message_stop called with no active popup\n");
@@ -2039,14 +1904,6 @@ agent_popup_message_stop (ctrl_t ctrl)
       TerminateProcess (process, 1);
     }
 #else
-  else if (pid && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
-    { /* The daemon already died.  No need to send a kill.  However
-         because we already waited for the process, we need to tell
-         assuan that it should not wait again (done by
-         unlock_pinentry). */
-      if (rc == pid)
-        assuan_set_flag (entry_ctx, ASSUAN_NO_WAITPID, 1);
-    }
   else if (pid > 0)
     kill (pid, SIGINT);
 #endif
diff --git a/agent/call-scd.c b/agent/call-scd.c
index c5b95f4..3ede33c 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -17,6 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -25,7 +26,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
 #include <unistd.h>
 #ifdef HAVE_SIGNAL_H
 # include <signal.h>
@@ -54,17 +54,10 @@ struct scd_local_s
      SCD_LOCAL_LIST (see below). */
   struct scd_local_s *next_local;
 
-  /* We need to get back to the ctrl object actually referencing this
-     structure.  This is really an awkward way of enumerating the local
-     contexts.  A much cleaner way would be to keep a global list of
-     ctrl objects to enumerate them.  */
-  ctrl_t ctrl_backlink;
-
-  assuan_context_t ctx; /* NULL or session context for the SCdaemon
-                           used with this connection. */
-  int locked;           /* This flag is used to assert proper use of
-                           start_scd and unlock_scd. */
-
+  assuan_context_t ctx;   /* NULL or session context for the SCdaemon
+                             used with this connection. */
+  unsigned int in_use: 1; /* CTX is in use.  */
+  unsigned int invalid:1; /* CTX is invalid, should be released.  */
 };
 
 
@@ -96,495 +89,137 @@ struct inq_needpin_parm_s
 };
 
 
-/* To keep track of all active SCD contexts, we keep a linked list
-   anchored at this variable. */
-static struct scd_local_s *scd_local_list;
-
-/* A Mutex used inside the start_scd function. */
-static npth_mutex_t start_scd_lock;
-
-/* A malloced string with the name of the socket to be used for
-   additional connections.  May be NULL if not provided by
-   SCdaemon. */
-static char *socket_name;
-
-/* The context of the primary connection.  This is also used as a flag
-   to indicate whether the scdaemon has been started. */
-static assuan_context_t primary_scd_ctx;
-
-/* To allow reuse of the primary connection, the following flag is set
-   to true if the primary context has been reset and is not in use by
-   any connection. */
-static int primary_scd_ctx_reusable;
-
-
-
-/* Local prototypes.  */
-
-
 
 
-/* This function must be called once to initialize this module.  This
-   has to be done before a second thread is spawned.  We can't do the
-   static initialization because NPth emulation code might not be able
-   to do a static init; in particular, it is not possible for W32. */
-void
-initialize_module_call_scd (void)
+static int
+start_scd (ctrl_t ctrl)
 {
-  static int initialized;
-  int err;
-
-  if (!initialized)
-    {
-      err = npth_mutex_init (&start_scd_lock, NULL);
-      if (err)
-	log_fatal ("error initializing mutex: %s\n", strerror (err));
-      initialized = 1;
-    }
+  return daemon_start (DAEMON_SCD, ctrl);
 }
 
 
-/* This function may be called to print information pertaining to the
-   current state of this module to the log. */
-void
-agent_scd_dump_state (void)
+static gpg_error_t
+unlock_scd (ctrl_t ctrl, gpg_error_t err)
 {
-  log_info ("agent_scd_dump_state: primary_scd_ctx=%p pid=%ld reusable=%d\n",
-            primary_scd_ctx,
-            (long)assuan_get_pid (primary_scd_ctx),
-            primary_scd_ctx_reusable);
-  if (socket_name)
-    log_info ("agent_scd_dump_state: socket='%s'\n", socket_name);
+  return daemon_unlock (DAEMON_SCD, ctrl, err);
 }
 
 
-/* The unlock_scd function shall be called after having accessed the
-   SCD.  It is currently not very useful but gives an opportunity to
-   keep track of connections currently calling SCD.  Note that the
-   "lock" operation is done by the start_scd() function which must be
-   called and error checked before any SCD operation.  CTRL is the
-   usual connection context and RC the error code to be passed trhough
-   the function. */
-static int
-unlock_scd (ctrl_t ctrl, int rc)
+static assuan_context_t
+daemon_ctx (ctrl_t ctrl)
 {
-  if (ctrl->scd_local->locked != 1)
-    {
-      log_error ("unlock_scd: invalid lock count (%d)\n",
-                 ctrl->scd_local->locked);
-      if (!rc)
-        rc = gpg_error (GPG_ERR_INTERNAL);
-    }
-  ctrl->scd_local->locked = 0;
-  return rc;
-}
-
-/* To make sure we leave no secrets in our image after forking of the
-   scdaemon, we use this callback. */
-static void
-atfork_cb (void *opaque, int where)
-{
-  (void)opaque;
-
-  if (!where)
-    gcry_control (GCRYCTL_TERM_SECMEM);
+  return daemon_type_ctx (DAEMON_SCD, ctrl);
 }
 
 
-/* Fork off the SCdaemon if this has not already been done.  Lock the
-   daemon and make sure that a proper context has been setup in CTRL.
-   This function might also lock the daemon, which means that the
-   caller must call unlock_scd after this function has returned
-   success and the actual Assuan transaction been done. */
-static int
-start_scd (ctrl_t ctrl)
+
+/* This handler is a helper for pincache_put_cb but may also be called
+ * directly for that status code with ARGS being the arguments after
+ * the status keyword (and with white space removed).  */
+static gpg_error_t
+handle_pincache_put (const char *args)
 {
-  gpg_error_t err = 0;
-  const char *pgmname;
-  assuan_context_t ctx = NULL;
-  const char *argv[5];
-  assuan_fd_t no_close_list[3];
-  int i;
-  int rc;
-  char *abs_homedir = NULL;
-
-  if (opt.disable_scdaemon)
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* If this is the first call for this session, setup the local data
-     structure. */
-  if (!ctrl->scd_local)
-    {
-      ctrl->scd_local = xtrycalloc (1, sizeof *ctrl->scd_local);
-      if (!ctrl->scd_local)
-        return gpg_error_from_syserror ();
-      ctrl->scd_local->ctrl_backlink = ctrl;
-      ctrl->scd_local->next_local = scd_local_list;
-      scd_local_list = ctrl->scd_local;
-    }
-
-
-  /* Assert that the lock count is as expected. */
-  if (ctrl->scd_local->locked)
+  gpg_error_t err;
+  const char *s, *key, *pin;
+  char *keybuf = NULL;
+  size_t keylen;
+
+  key = s = args;
+  while (*s && !spacep (s))
+    s++;
+  keylen = s - key;
+  if (keylen < 3)
     {
-      log_error ("start_scd: invalid lock count (%d)\n",
-                 ctrl->scd_local->locked);
-      return gpg_error (GPG_ERR_INTERNAL);
-    }
-  ctrl->scd_local->locked++;
-
-  if (ctrl->scd_local->ctx)
-    return 0; /* Okay, the context is fine.  We used to test for an
-                 alive context here and do an disconnect.  Now that we
-                 have a ticker function to check for it, it is easier
-                 not to check here but to let the connection run on an
-                 error instead. */
-
-
-  /* We need to protect the following code. */
-  rc = npth_mutex_lock (&start_scd_lock);
-  if (rc)
-    {
-      log_error ("failed to acquire the start_scd lock: %s\n",
-                 strerror (rc));
-      return gpg_error (GPG_ERR_INTERNAL);
-    }
-
-  /* Check whether the pipe server has already been started and in
-     this case either reuse a lingering pipe connection or establish a
-     new socket based one. */
-  if (primary_scd_ctx && primary_scd_ctx_reusable)
-    {
-      ctx = primary_scd_ctx;
-      primary_scd_ctx_reusable = 0;
-      if (opt.verbose)
-        log_info ("new connection to SCdaemon established (reusing)\n");
-      goto leave;
-    }
-
-  rc = assuan_new (&ctx);
-  if (rc)
-    {
-      log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
-      err = rc;
-      goto leave;
-    }
-
-  if (socket_name)
-    {
-      rc = assuan_socket_connect (ctx, socket_name, 0, 0);
-      if (rc)
-        {
-          log_error ("can't connect to socket '%s': %s\n",
-                     socket_name, gpg_strerror (rc));
-          err = gpg_error (GPG_ERR_NO_SCDAEMON);
-          goto leave;
-        }
-
-      if (opt.verbose)
-        log_info ("new connection to SCdaemon established\n");
+      /* At least we need 2 slashes and slot number.  */
+      log_error ("%s: ignoring invalid key\n", __func__);
+      err = 0;
       goto leave;
     }
 
-  if (primary_scd_ctx)
+  keybuf = xtrymalloc (keylen+1);
+  if (!keybuf)
     {
-      log_info ("SCdaemon is running but won't accept further connections\n");
-      err = gpg_error (GPG_ERR_NO_SCDAEMON);
-      goto leave;
-    }
-
-  /* Nope, it has not been started.  Fire it up now. */
-  if (opt.verbose)
-    log_info ("no running SCdaemon - starting it\n");
-
-  if (fflush (NULL))
-    {
-#ifndef HAVE_W32_SYSTEM
       err = gpg_error_from_syserror ();
-#endif
-      log_error ("error flushing pending output: %s\n", strerror (errno));
-      /* At least Windows XP fails here with EBADF.  According to docs
-         and Wine an fflush(NULL) is the same as _flushall.  However
-         the Wime implementation does not flush stdin,stdout and stderr
-         - see above.  Lets try to ignore the error. */
-#ifndef HAVE_W32_SYSTEM
       goto leave;
-#endif
     }
-
-  if (!opt.scdaemon_program || !*opt.scdaemon_program)
-    opt.scdaemon_program = gnupg_module_name (GNUPG_MODULE_NAME_SCDAEMON);
-  if ( !(pgmname = strrchr (opt.scdaemon_program, '/')))
-    pgmname = opt.scdaemon_program;
-  else
-    pgmname++;
-
-  argv[0] = pgmname;
-  argv[1] = "--multi-server";
-  if (gnupg_default_homedir_p ())
-    argv[2] = NULL;
-  else
+  memcpy (keybuf, key, keylen);
+  keybuf[keylen] = 0;
+  key = keybuf;
+
+  while (spacep (s))
+    s++;
+  pin = s;
+  if (!*pin)
     {
-      abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
-      if (!abs_homedir)
-        {
-          log_error ("error building filename: %s\n",
-                     gpg_strerror (gpg_error_from_syserror ()));
-          goto leave;
-        }
-
-      argv[2] = "--homedir";
-      argv[3] = abs_homedir;
-      argv[4] = NULL;
-    }
-
-  i=0;
-  if (!opt.running_detached)
-    {
-      if (log_get_fd () != -1)
-        no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
-      no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
-    }
-  no_close_list[i] = ASSUAN_INVALID_FD;
-
-  /* Connect to the scdaemon and perform initial handshaking.  Use
-     detached flag so that under Windows SCDAEMON does not show up a
-     new window.  */
-  rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
-			    no_close_list, atfork_cb, NULL,
-                            ASSUAN_PIPE_CONNECT_DETACHED);
-  if (rc)
-    {
-      log_error ("can't connect to the SCdaemon: %s\n",
-                 gpg_strerror (rc));
-      err = gpg_error (GPG_ERR_NO_SCDAEMON);
+      /* No value - flush the cache.  The cache module knows aboput
+       * the structure of the key to flush only parts.  */
+      log_debug ("%s: flushing cache '%s'\n", __func__, key);
+      agent_put_cache (NULL, key, CACHE_MODE_PIN, NULL, -1);
+      err = 0;
       goto leave;
     }
 
-  if (opt.verbose)
-    log_debug ("first connection to SCdaemon established\n");
-
-
-  /* Get the name of the additional socket opened by scdaemon. */
-  {
-    membuf_t data;
-    unsigned char *databuf;
-    size_t datalen;
-
-    xfree (socket_name);
-    socket_name = NULL;
-    init_membuf (&data, 256);
-    assuan_transact (ctx, "GETINFO socket_name",
-                     put_membuf_cb, &data, NULL, NULL, NULL, NULL);
-
-    databuf = get_membuf (&data, &datalen);
-    if (databuf && datalen)
-      {
-        socket_name = xtrymalloc (datalen + 1);
-        if (!socket_name)
-          log_error ("warning: can't store socket name: %s\n",
-                     strerror (errno));
-        else
-          {
-            memcpy (socket_name, databuf, datalen);
-            socket_name[datalen] = 0;
-            if (DBG_IPC)
-              log_debug ("additional connections at '%s'\n", socket_name);
-          }
-      }
-    xfree (databuf);
-  }
-
-  /* Tell the scdaemon we want him to send us an event signal.  We
-     don't support this for W32CE.  */
-#ifndef HAVE_W32CE_SYSTEM
-  if (opt.sigusr2_enabled)
-    {
-      char buf[100];
-
-#ifdef HAVE_W32_SYSTEM
-      snprintf (buf, sizeof buf, "OPTION event-signal=%p",
-                get_agent_scd_notify_event ());
-#else
-      snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
-#endif
-      assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
-    }
-#endif /*HAVE_W32CE_SYSTEM*/
-
-  primary_scd_ctx = ctx;
-  primary_scd_ctx_reusable = 0;
+  log_debug ("%s: caching '%s'->'%s'\n", __func__, key, pin);
+  agent_put_cache (NULL, key, CACHE_MODE_PIN, pin, -1);
+  err = 0;
 
  leave:
-  xfree (abs_homedir);
-  if (err)
-    {
-      unlock_scd (ctrl, err);
-      if (ctx)
-	assuan_release (ctx);
-    }
-  else
-    {
-      ctrl->scd_local->ctx = ctx;
-    }
-  rc = npth_mutex_unlock (&start_scd_lock);
-  if (rc)
-    log_error ("failed to release the start_scd lock: %s\n", strerror (rc));
+  xfree (keybuf);
   return err;
 }
 
 
-/* Check whether the SCdaemon is active.  This is a fast check without
-   any locking and might give a wrong result if another thread is about
-   to start the daemon or the daemon is about to be stopped.. */
-int
-agent_scd_check_running (void)
+/* This status callback is to intercept the PINCACHE_PUT status
+ * messages.  OPAQUE is not used.  */
+static gpg_error_t
+pincache_put_cb (void *opaque, const char *line)
 {
-  return !!primary_scd_ctx;
-}
+  const char *s;
 
+  (void)opaque;
 
-/* Check whether the Scdaemon is still alive and clean it up if not. */
-void
-agent_scd_check_aliveness (void)
-{
-  pid_t pid;
-#ifdef HAVE_W32_SYSTEM
-  DWORD rc;
-#else
-  int rc;
-#endif
-  struct timespec abstime;
-  int err;
+  s = has_leading_keyword (line, "PINCACHE_PUT");
+  if (s)
+    return handle_pincache_put (s);
+  else
+    return 0;
+}
 
-  if (!primary_scd_ctx)
-    return; /* No scdaemon running. */
 
-  /* This is not a critical function so we use a short timeout while
-     acquiring the lock.  */
-  npth_clock_gettime (&abstime);
-  abstime.tv_sec += 1;
-  err = npth_mutex_timedlock (&start_scd_lock, &abstime);
-  if (err)
-    {
-      if (err == ETIMEDOUT)
-        {
-          if (opt.verbose > 1)
-            log_info ("failed to acquire the start_scd lock while"
-                      " doing an aliveness check: %s\n", strerror (err));
-        }
-      else
-        log_error ("failed to acquire the start_scd lock while"
-                   " doing an aliveness check: %s\n", strerror (err));
-      return;
-    }
+/* Handle a PINCACHE_GET inquiry.  ARGS are the arguments of the
+ * inquiry which should be a single string with the key for the cached
+ * value.  CTX is the Assuan handle.  */
+static gpg_error_t
+handle_pincache_get (const char *args, assuan_context_t ctx)
+{
+  gpg_error_t err;
+  const char *key;
+  char *pin = NULL;
 
-  if (primary_scd_ctx)
+  log_debug ("%s: enter '%s'\n", __func__, args);
+  key = args;
+  if (strlen (key) < 5)
     {
-      pid = assuan_get_pid (primary_scd_ctx);
-#ifdef HAVE_W32_SYSTEM
-      /* If we have a PID we disconnect if either GetExitProcessCode
-         fails or if ir returns the exit code of the scdaemon.  259 is
-         the error code for STILL_ALIVE.  */
-      if (pid != (pid_t)(void*)(-1) && pid
-          && (!GetExitCodeProcess ((HANDLE)pid, &rc) || rc != 259))
-#else
-      if (pid != (pid_t)(-1) && pid
-          && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
-#endif
-        {
-          /* Okay, scdaemon died.  Disconnect the primary connection
-             now but take care that it won't do another wait. Also
-             cleanup all other connections and release their
-             resources.  The next use will start a new daemon then.
-             Due to the use of the START_SCD_LOCAL we are sure that
-             none of these context are actually in use. */
-          struct scd_local_s *sl;
-
-          assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1);
-          assuan_release (primary_scd_ctx);
-
-          for (sl=scd_local_list; sl; sl = sl->next_local)
-            {
-              if (sl->ctx)
-                {
-                  if (sl->ctx != primary_scd_ctx)
-                    assuan_release (sl->ctx);
-                  sl->ctx = NULL;
-                }
-            }
-
-          primary_scd_ctx = NULL;
-          primary_scd_ctx_reusable = 0;
-
-          xfree (socket_name);
-          socket_name = NULL;
-        }
+      /* We need at least 2 slashes, one slot number and two 1 byte strings.*/
+      err = gpg_error (GPG_ERR_INV_REQUEST);
+      log_debug ("%s: key too short\n", __func__);
+      goto leave;
     }
 
-  err = npth_mutex_unlock (&start_scd_lock);
-  if (err)
-    log_error ("failed to release the start_scd lock while"
-               " doing the aliveness check: %s\n", strerror (err));
-}
-
-
-
-/* Reset the SCD if it has been used.  Actually it is not a reset but
-   a cleanup of resources used by the current connection. */
-int
-agent_reset_scd (ctrl_t ctrl)
-{
-  if (ctrl->scd_local)
+  pin = agent_get_cache (NULL, key, CACHE_MODE_PIN);
+  if (!pin || !*pin)
     {
-      if (ctrl->scd_local->ctx)
-        {
-          /* We can't disconnect the primary context because libassuan
-             does a waitpid on it and thus the system would hang.
-             Instead we send a reset and keep that connection for
-             reuse. */
-          if (ctrl->scd_local->ctx == primary_scd_ctx)
-            {
-              /* Send a RESTART to the SCD.  This is required for the
-                 primary connection as a kind of virtual EOF; we don't
-                 have another way to tell it that the next command
-                 should be viewed as if a new connection has been
-                 made.  For the non-primary connections this is not
-                 needed as we simply close the socket.  We don't check
-                 for an error here because the RESTART may fail for
-                 example if the scdaemon has already been terminated.
-                 Anyway, we need to set the reusable flag to make sure
-                 that the aliveness check can clean it up. */
-              assuan_transact (primary_scd_ctx, "RESTART",
-                               NULL, NULL, NULL, NULL, NULL, NULL);
-              primary_scd_ctx_reusable = 1;
-            }
-          else
-            assuan_release (ctrl->scd_local->ctx);
-          ctrl->scd_local->ctx = NULL;
-        }
-
-      /* Remove the local context from our list and release it. */
-      if (!scd_local_list)
-        BUG ();
-      else if (scd_local_list == ctrl->scd_local)
-        scd_local_list = ctrl->scd_local->next_local;
-      else
-        {
-          struct scd_local_s *sl;
-
-          for (sl=scd_local_list; sl->next_local; sl = sl->next_local)
-            if (sl->next_local == ctrl->scd_local)
-              break;
-          if (!sl->next_local)
-            BUG ();
-          sl->next_local = ctrl->scd_local->next_local;
-        }
-      xfree (ctrl->scd_local);
-      ctrl->scd_local = NULL;
+      xfree (pin);
+      err = 0;  /* Not found is indicated by sending no data back.  */
+      log_debug ("%s: not cached\n", __func__);
+      goto leave;
     }
+  log_debug ("%s: cache returned '%s'\n", __func__, pin);
+  err = assuan_send_data (ctx, pin, strlen (pin));
 
-  return 0;
+ leave:
+  xfree (pin);
+  return err;
 }
 
 
@@ -593,6 +228,7 @@ static gpg_error_t
 learn_status_cb (void *opaque, const char *line)
 {
   struct learn_parm_s *parm = opaque;
+  gpg_error_t err = 0;
   const char *keyword = line;
   int keywordlen;
 
@@ -608,12 +244,14 @@ learn_status_cb (void *opaque, const char *line)
     {
       parm->kpinfo_cb (parm->kpinfo_cb_arg, line);
     }
+  else if (keywordlen == 12 && !memcmp (keyword, "PINCACHE_PUT", keywordlen))
+    err = handle_pincache_put (line);
   else if (keywordlen && *line)
     {
       parm->sinfo_cb (parm->sinfo_cb_arg, keyword, keywordlen, line);
     }
 
-  return 0;
+  return err;
 }
 
 /* Perform the LEARN command and return a list of all private keys
@@ -641,7 +279,7 @@ agent_card_learn (ctrl_t ctrl,
   parm.certinfo_cb_arg = certinfo_cb_arg;
   parm.sinfo_cb = sinfo_cb;
   parm.sinfo_cb_arg = sinfo_cb_arg;
-  rc = assuan_transact (ctrl->scd_local->ctx, "LEARN --force",
+  rc = assuan_transact (daemon_ctx (ctrl), "LEARN --force",
                         NULL, NULL, NULL, NULL,
                         learn_status_cb, &parm);
   if (rc)
@@ -655,6 +293,7 @@ agent_card_learn (ctrl_t ctrl,
 static gpg_error_t
 get_serialno_cb (void *opaque, const char *line)
 {
+  gpg_error_t err = 0;
   char **serialno = opaque;
   const char *keyword = line;
   const char *s;
@@ -679,12 +318,17 @@ get_serialno_cb (void *opaque, const char *line)
       memcpy (*serialno, line, n);
       (*serialno)[n] = 0;
     }
+  else if (keywordlen == 12 && !memcmp (keyword, "PINCACHE_PUT", keywordlen))
+    err = handle_pincache_put (line);
 
-  return 0;
+  return err;
 }
 
+
 /* Return the serial number of the card or an appropriate error.  The
-   serial number is returned as a hexstring. */
+ * serial number is returned as a hexstring.  If the serial number is
+ * not required by the caller R_SERIALNO can be NULL; this might be
+ * useful to test whether a card is available. */
 int
 agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand)
 {
@@ -697,11 +341,11 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand)
     return rc;
 
   if (!demand)
-    strcpy (line, "SERIALNO");
+    strcpy (line, "SERIALNO --all");
   else
     snprintf (line, DIM(line), "SERIALNO --demand=%s", demand);
 
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
+  rc = assuan_transact (daemon_ctx (ctrl), line,
                         NULL, NULL, NULL, NULL,
                         get_serialno_cb, &serialno);
   if (rc)
@@ -709,7 +353,10 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand)
       xfree (serialno);
       return unlock_scd (ctrl, rc);
     }
-  *r_serialno = serialno;
+  if (r_serialno)
+    *r_serialno = serialno;
+  else
+    xfree (serialno);
   return unlock_scd (ctrl, 0);
 }
 
@@ -737,12 +384,7 @@ inq_needpin (void *opaque, const char *line)
       rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
                             line, pin, pinlen);
       if (!rc)
-        {
-          assuan_begin_confidential (parm->ctx);
-          rc = assuan_send_data (parm->ctx, pin, pinlen);
-          assuan_end_confidential (parm->ctx);
-        }
-      wipememory (pin, pinlen);
+        rc = assuan_send_data (parm->ctx, pin, pinlen);
       xfree (pin);
     }
   else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
@@ -755,6 +397,10 @@ inq_needpin (void *opaque, const char *line)
       rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
                             "", NULL, 0);
     }
+  else if ((s = has_leading_keyword (line, "PINCACHE_GET")))
+    {
+      rc = handle_pincache_get (s, parm->ctx);
+    }
   else if (parm->passthru)
     {
       unsigned char *value;
@@ -838,18 +484,23 @@ agent_card_pksign (ctrl_t ctrl,
   if (rc)
     return rc;
 
+  /* FIXME: In the mdalgo case (INDATA,INDATALEN) might be long and
+   * thus we can't convey it on a single Assuan line.  */
+  if (!mdalgo)
+    gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
   if (indatalen*2 + 50 > DIM(line))
     return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
 
   bin2hex (indata, indatalen, stpcpy (line, "SETDATA "));
 
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
-                        NULL, NULL, NULL, NULL, NULL, NULL);
+  rc = assuan_transact (daemon_ctx (ctrl), line,
+                        NULL, NULL, NULL, NULL, pincache_put_cb, NULL);
   if (rc)
     return unlock_scd (ctrl, rc);
 
   init_membuf (&data, 1024);
-  inqparm.ctx = ctrl->scd_local->ctx;
+  inqparm.ctx = daemon_ctx (ctrl);
   inqparm.getpin_cb = getpin_cb;
   inqparm.getpin_cb_arg = getpin_cb_arg;
   inqparm.getpin_cb_desc = desc_text;
@@ -862,10 +513,10 @@ agent_card_pksign (ctrl_t ctrl,
   else
     snprintf (line, sizeof line, "PKSIGN %s %s",
               hash_algo_option (mdalgo), keyid);
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
+  rc = assuan_transact (daemon_ctx (ctrl), line,
                         put_membuf_cb, &data,
                         inq_needpin, &inqparm,
-                        NULL, NULL);
+                        pincache_put_cb, NULL);
 
   if (rc)
     {
@@ -886,6 +537,7 @@ agent_card_pksign (ctrl_t ctrl,
 static gpg_error_t
 padding_info_cb (void *opaque, const char *line)
 {
+  gpg_error_t err = 0;
   int *r_padding = opaque;
   const char *s;
 
@@ -893,8 +545,10 @@ padding_info_cb (void *opaque, const char *line)
     {
       *r_padding = atoi (s);
     }
+  else if ((s=has_leading_keyword (line, "PINCACHE_PUT")))
+    err = handle_pincache_put (line);
 
-  return 0;
+  return err;
 }
 
 
@@ -937,14 +591,14 @@ agent_card_pkdecrypt (ctrl_t ctrl,
           sprintf (p, "%02X", indata[len]);
           p += 2;
         }
-      rc = assuan_transact (ctrl->scd_local->ctx, line,
+      rc = assuan_transact (daemon_ctx (ctrl), line,
                             NULL, NULL, NULL, NULL, NULL, NULL);
       if (rc)
         return unlock_scd (ctrl, rc);
     }
 
   init_membuf (&data, 1024);
-  inqparm.ctx = ctrl->scd_local->ctx;
+  inqparm.ctx = daemon_ctx (ctrl);
   inqparm.getpin_cb = getpin_cb;
   inqparm.getpin_cb_arg = getpin_cb_arg;
   inqparm.getpin_cb_desc = desc_text;
@@ -952,7 +606,7 @@ agent_card_pkdecrypt (ctrl_t ctrl,
   inqparm.keydata = NULL;
   inqparm.keydatalen = 0;
   snprintf (line, DIM(line), "PKDECRYPT %s", keyid);
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
+  rc = assuan_transact (daemon_ctx (ctrl), line,
                         put_membuf_cb, &data,
                         inq_needpin, &inqparm,
                         padding_info_cb, r_padding);
@@ -988,10 +642,10 @@ agent_card_readcert (ctrl_t ctrl,
 
   init_membuf (&data, 1024);
   snprintf (line, DIM(line), "READCERT %s", id);
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
+  rc = assuan_transact (daemon_ctx (ctrl), line,
                         put_membuf_cb, &data,
                         NULL, NULL,
-                        NULL, NULL);
+                        pincache_put_cb, NULL);
   if (rc)
     {
       xfree (get_membuf (&data, &len));
@@ -1006,41 +660,107 @@ agent_card_readcert (ctrl_t ctrl,
 
 
 
-/* Read a key with ID and return it in an allocate buffer pointed to
-   by r_BUF as a valid S-expression. */
+struct readkey_status_parm_s
+{
+  char *keyref;
+};
+
+static gpg_error_t
+readkey_status_cb (void *opaque, const char *line)
+{
+  struct readkey_status_parm_s *parm = opaque;
+  gpg_error_t err = 0;
+  char *line_buffer = NULL;
+  const char *s;
+
+  if ((s = has_leading_keyword (line, "KEYPAIRINFO"))
+      && !parm->keyref)
+    {
+      /* The format of such a line is:
+       *   KEYPAIRINFO <hexgrip> <keyref> [usage] [keytime] [algostr]
+       *
+       * Here we only need the keyref.  We use only the first received
+       * KEYPAIRINFO; it is possible to receive several if there are
+       * two or more active cards with the same key.  */
+      const char *fields[2];
+      int nfields;
+
+      line_buffer = xtrystrdup (line);
+      if (!line_buffer)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
+        goto leave;  /* Not enough args; invalid status line - skip.  */
+
+      parm->keyref = xtrystrdup (fields[1]);
+      if (!parm->keyref)
+        err = gpg_error_from_syserror ();
+    }
+  else
+    err = pincache_put_cb (NULL, line);
+
+ leave:
+  xfree (line_buffer);
+  return err;
+}
+
+
+/* Read a key with ID (keyref or keygrip) and return it in a malloced
+ * buffer pointed to by R_BUF as a valid S-expression.  If R_KEYREF is
+ * not NULL the keyref is stored there. */
 int
-agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
+agent_card_readkey (ctrl_t ctrl, const char *id,
+                    unsigned char **r_buf, char **r_keyref)
 {
   int rc;
   char line[ASSUAN_LINELENGTH];
   membuf_t data;
   size_t len, buflen;
+  struct readkey_status_parm_s parm;
+
+  memset (&parm, 0, sizeof parm);
 
   *r_buf = NULL;
+  if (r_keyref)
+    *r_keyref = NULL;
+
   rc = start_scd (ctrl);
   if (rc)
     return rc;
 
   init_membuf (&data, 1024);
-  snprintf (line, DIM(line), "READKEY %s", id);
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
+  snprintf (line, DIM(line), "READKEY%s -- %s",
+            r_keyref? " --info":"", id);
+  rc = assuan_transact (daemon_ctx (ctrl), line,
                         put_membuf_cb, &data,
                         NULL, NULL,
-                        NULL, NULL);
+                        readkey_status_cb, &parm);
   if (rc)
     {
       xfree (get_membuf (&data, &len));
+      xfree (parm.keyref);
       return unlock_scd (ctrl, rc);
     }
   *r_buf = get_membuf (&data, &buflen);
   if (!*r_buf)
-    return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
+    {
+      xfree (parm.keyref);
+      return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
+    }
 
   if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
     {
+      xfree (parm.keyref);
       xfree (*r_buf); *r_buf = NULL;
       return unlock_scd (ctrl, gpg_error (GPG_ERR_INV_VALUE));
     }
+  if (r_keyref)
+    *r_keyref = parm.keyref;
+  else
+    xfree (parm.keyref);
 
   return unlock_scd (ctrl, 0);
 }
@@ -1060,24 +780,28 @@ inq_writekey_parms (void *opaque, const char *line)
 }
 
 
-int
+/* Call scd to write a key to a card under the id KEYREF.  */
+gpg_error_t
 agent_card_writekey (ctrl_t ctrl,  int force, const char *serialno,
-                     const char *id, const char *keydata, size_t keydatalen,
+                     const char *keyref,
+                     const char *keydata, size_t keydatalen,
                      int (*getpin_cb)(void *, const char *,
                                       const char *, char*, size_t),
                      void *getpin_cb_arg)
 {
-  int rc;
+  gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   struct inq_needpin_parm_s parms;
 
-  (void)serialno;
-  rc = start_scd (ctrl);
-  if (rc)
-    return rc;
+  (void)serialno; /* NULL or a number to check for the correct card.
+                   * But is is not implemented.  */
 
-  snprintf (line, DIM(line), "WRITEKEY %s%s", force ? "--force " : "", id);
-  parms.ctx = ctrl->scd_local->ctx;
+  err = start_scd (ctrl);
+  if (err)
+    return err;
+
+  snprintf (line, DIM(line), "WRITEKEY %s%s", force ? "--force " : "", keyref);
+  parms.ctx = daemon_ctx (ctrl);
   parms.getpin_cb = getpin_cb;
   parms.getpin_cb_arg = getpin_cb_arg;
   parms.getpin_cb_desc= NULL;
@@ -1085,9 +809,10 @@ agent_card_writekey (ctrl_t ctrl,  int force, const char *serialno,
   parms.keydata = keydata;
   parms.keydatalen = keydatalen;
 
-  rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL,
-                        inq_writekey_parms, &parms, NULL, NULL);
-  return unlock_scd (ctrl, rc);
+  err = assuan_transact (daemon_ctx (ctrl), line, NULL, NULL,
+                         inq_writekey_parms, &parms,
+                         pincache_put_cb, NULL);
+  return unlock_scd (ctrl, err);
 }
 
 
@@ -1104,6 +829,7 @@ struct card_getattr_parm_s {
 static gpg_error_t
 card_getattr_cb (void *opaque, const char *line)
 {
+  gpg_error_t err = 0;
   struct card_getattr_parm_s *parm = opaque;
   const char *keyword = line;
   int keywordlen;
@@ -1123,8 +849,10 @@ card_getattr_cb (void *opaque, const char *line)
       if (!parm->data)
         parm->error = errno;
     }
+  else if (keywordlen == 12 && !memcmp (keyword, "PINCACHE_PUT", keywordlen))
+    err = handle_pincache_put (line);
 
-  return 0;
+  return err;
 }
 
 
@@ -1133,7 +861,8 @@ card_getattr_cb (void *opaque, const char *line)
    NULL is never stored in this case.  On error an error code is
    returned and NULL stored at RESULT. */
 gpg_error_t
-agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
+agent_card_getattr (ctrl_t ctrl, const char *name, char **result,
+                    const char *keygrip)
 {
   int err;
   struct card_getattr_parm_s parm;
@@ -1151,13 +880,16 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
   /* We assume that NAME does not need escaping. */
   if (8 + strlen (name) > DIM(line)-1)
     return gpg_error (GPG_ERR_TOO_LARGE);
-  stpcpy (stpcpy (line, "GETATTR "), name);
+  if (keygrip == NULL)
+    stpcpy (stpcpy (line, "GETATTR "), name);
+  else
+    snprintf (line, sizeof line, "GETATTR %s %s", name, keygrip);
 
   err = start_scd (ctrl);
   if (err)
     return err;
 
-  err = assuan_transact (ctrl->scd_local->ctx, line,
+  err = assuan_transact (daemon_ctx (ctrl), line,
                          NULL, NULL, NULL, NULL,
                          card_getattr_cb, &parm);
   if (!err && parm.error)
@@ -1176,16 +908,17 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
 
 
 
-struct card_cardlist_parm_s {
+struct card_keyinfo_parm_s {
   int error;
-  strlist_t list;
+  struct card_key_info_s *list;
 };
 
-/* Callback function for agent_card_cardlist.  */
+/* Callback function for agent_card_keylist.  */
 static gpg_error_t
-card_cardlist_cb (void *opaque, const char *line)
+card_keyinfo_cb (void *opaque, const char *line)
 {
-  struct card_cardlist_parm_s *parm = opaque;
+  gpg_error_t err = 0;
+  struct card_keyinfo_parm_s *parm = opaque;
   const char *keyword = line;
   int keywordlen;
 
@@ -1194,61 +927,157 @@ card_cardlist_cb (void *opaque, const char *line)
   while (spacep (line))
     line++;
 
-  if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+  if (keywordlen == 7 && !memcmp (keyword, "KEYINFO", keywordlen))
     {
       const char *s;
       int n;
+      struct card_key_info_s *keyinfo;
+      struct card_key_info_s **l_p = &parm->list;
+
+      while ((*l_p))
+        l_p = &(*l_p)->next;
+
+      keyinfo = xtrycalloc (1, sizeof *keyinfo);
+      if (!keyinfo)
+        {
+        alloc_error:
+          if (!parm->error)
+            parm->error = gpg_error_from_syserror ();
+          return 0;
+        }
 
       for (n=0,s=line; hexdigitp (s); s++, n++)
         ;
 
-      if (!n || (n&1) || *s)
-        parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
-      else
-        add_to_strlist (&parm->list, line);
+      if (n != 40)
+        {
+        parm_error:
+          if (!parm->error)
+            parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+          return 0;
+        }
+
+      memcpy (keyinfo->keygrip, line, 40);
+      keyinfo->keygrip[40] = 0;
+
+      line = s;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      if (*line++ != 'T')
+        goto parm_error;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      for (n=0,s=line; hexdigitp (s); s++, n++)
+        ;
+
+      if (!n)
+        goto parm_error;
+
+      keyinfo->serialno = xtrymalloc (n+1);
+      if (!keyinfo->serialno)
+        goto alloc_error;
+
+      memcpy (keyinfo->serialno, line, n);
+      keyinfo->serialno[n] = 0;
+
+      line = s;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      if (!*line)
+        goto parm_error;
+
+      keyinfo->idstr = xtrystrdup (line);
+      if (!keyinfo->idstr)
+        goto alloc_error;
+
+      *l_p = keyinfo;
     }
+  else if (keywordlen == 12 && !memcmp (keyword, "PINCACHE_PUT", keywordlen))
+    err = handle_pincache_put (line);
 
-  return 0;
+  return err;
 }
 
-/* Call the scdaemon to retrieve list of available cards. On success
-   the allocated strlist is stored at RESULT.  On error an error code is
-   returned and NULL stored at RESULT. */
+
+void
+agent_card_free_keyinfo (struct card_key_info_s *l)
+{
+  struct card_key_info_s *l_next;
+
+  for (; l; l = l_next)
+    {
+      l_next = l->next;
+      xfree (l->serialno);
+      xfree (l->idstr);
+      xfree (l);
+    }
+}
+
+/* Call the scdaemon to check if a key of KEYGRIP is available, or
+   retrieve list of available keys on cards.  With CAP, we can limit
+   keys with specified capability.  On success, the allocated
+   structure is stored at RESULT.  On error, an error code is returned
+   and NULL is stored at RESULT.  */
 gpg_error_t
-agent_card_cardlist (ctrl_t ctrl, strlist_t *result)
+agent_card_keyinfo (ctrl_t ctrl, const char *keygrip, int cap,
+                    struct card_key_info_s **result)
 {
   int err;
-  struct card_cardlist_parm_s parm;
+  struct card_keyinfo_parm_s parm;
   char line[ASSUAN_LINELENGTH];
+  char *list_option;
 
   *result = NULL;
 
+  switch (cap)
+    {
+    case                  0: list_option = "--list";      break;
+    case GCRY_PK_USAGE_SIGN: list_option = "--list=sign"; break;
+    case GCRY_PK_USAGE_ENCR: list_option = "--list=encr"; break;
+    case GCRY_PK_USAGE_AUTH: list_option = "--list=auth"; break;
+    default:                 return gpg_error (GPG_ERR_INV_VALUE);
+    }
+
   memset (&parm, 0, sizeof parm);
-  strcpy (line, "GETINFO card_list");
+  snprintf (line, sizeof line, "KEYINFO %s", keygrip ? keygrip : list_option);
 
   err = start_scd (ctrl);
   if (err)
     return err;
 
-  err = assuan_transact (ctrl->scd_local->ctx, line,
+  err = assuan_transact (daemon_ctx (ctrl), line,
                          NULL, NULL, NULL, NULL,
-                         card_cardlist_cb, &parm);
+                         card_keyinfo_cb, &parm);
   if (!err && parm.error)
     err = parm.error;
 
   if (!err)
     *result = parm.list;
   else
-    free_strlist (parm.list);
+    agent_card_free_keyinfo (parm.list);
 
   return unlock_scd (ctrl, err);
 }
-
-
 
 static gpg_error_t
 pass_status_thru (void *opaque, const char *line)
 {
+  gpg_error_t err = 0;
   assuan_context_t ctx = opaque;
   char keyword[200];
   int i;
@@ -1273,9 +1102,13 @@ pass_status_thru (void *opaque, const char *line)
       while (spacep (line))
         line++;
 
-      assuan_write_status (ctx, keyword, line);
+      /* We do not want to pass PINCACHE_PUT through.  */
+      if (!strcmp (keyword, "PINCACHE_PUT"))
+        err = handle_pincache_put (line);
+      else
+        assuan_write_status (ctx, keyword, line);
     }
-  return 0;
+  return err;
 }
 
 static gpg_error_t
@@ -1306,7 +1139,7 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
   if (rc)
     return rc;
 
-  inqparm.ctx = ctrl->scd_local->ctx;
+  inqparm.ctx = daemon_ctx (ctrl);
   inqparm.getpin_cb = getpin_cb;
   inqparm.getpin_cb_arg = getpin_cb_arg;
   inqparm.getpin_cb_desc = NULL;
@@ -1314,14 +1147,14 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
   inqparm.keydata = NULL;
   inqparm.keydatalen = 0;
 
-  saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS);
-  assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1);
-  rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
+  saveflag = assuan_get_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS);
+  assuan_set_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS, 1);
+  rc = assuan_transact (daemon_ctx (ctrl), cmdline,
                         pass_data_thru, assuan_context,
                         inq_needpin, &inqparm,
                         pass_status_thru, assuan_context);
 
-  assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag);
+  assuan_set_flag (daemon_ctx (ctrl), ASSUAN_CONVEY_COMMENTS, saveflag);
   if (rc)
     {
       return unlock_scd (ctrl, rc);
@@ -1329,12 +1162,3 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
 
   return unlock_scd (ctrl, 0);
 }
-
-void
-agent_card_killscd (void)
-{
-  if (primary_scd_ctx == NULL)
-    return;
-  assuan_transact (primary_scd_ctx, "KILLSCD",
-                   NULL, NULL, NULL, NULL, NULL, NULL);
-}
diff --git a/agent/call-tpm2d.c b/agent/call-tpm2d.c
new file mode 100644
index 0000000..6fae5d8
--- /dev/null
+++ b/agent/call-tpm2d.c
@@ -0,0 +1,248 @@
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "agent.h"
+#include <assuan.h>
+#include "../common/strlist.h"
+#include "../common/sexp-parse.h"
+#include "../common/i18n.h"
+
+static int
+start_tpm2d (ctrl_t ctrl)
+{
+  return daemon_start (DAEMON_TPM2D, ctrl);
+}
+
+static int
+unlock_tpm2d (ctrl_t ctrl, gpg_error_t err)
+{
+  return daemon_unlock (DAEMON_TPM2D, ctrl, err);
+}
+
+static assuan_context_t
+daemon_ctx (ctrl_t ctrl)
+{
+  return daemon_type_ctx (DAEMON_TPM2D, ctrl);
+}
+
+struct inq_parm_s {
+  assuan_context_t ctx;
+  gpg_error_t (*getpin_cb)(ctrl_t, const char *, char **);
+  ctrl_t ctrl;
+  /* The next fields are used by inq_keydata.  */
+  const unsigned char *keydata;
+  size_t keydatalen;
+  /* following only used by inq_extra */
+  const unsigned char *extra;
+  size_t extralen;
+  char *pin;
+};
+
+static gpg_error_t
+inq_needpin (void *opaque, const char *line)
+{
+  struct inq_parm_s *parm = opaque;
+  char *pin = NULL;
+  gpg_error_t rc;
+  const char *s;
+
+  if ((s = has_leading_keyword (line, "NEEDPIN")))
+    {
+      rc = parm->getpin_cb (parm->ctrl, s, &pin);
+      if (!rc)
+        rc = assuan_send_data (parm->ctx, pin, strlen(pin));
+      parm->pin = pin;
+    }
+  else
+    {
+      log_error ("unsupported inquiry '%s'\n", line);
+      rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+    }
+
+  return rc;
+}
+
+static gpg_error_t
+inq_keydata (void *opaque, const char *line)
+{
+  struct inq_parm_s *parm = opaque;
+
+  if (has_leading_keyword (line, "KEYDATA"))
+    return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
+  else
+    return inq_needpin (opaque, line);
+}
+
+static gpg_error_t
+inq_extra (void *opaque, const char *line)
+{
+  struct inq_parm_s *parm = opaque;
+
+  if (has_leading_keyword (line, "EXTRA"))
+    return assuan_send_data (parm->ctx, parm->extra, parm->extralen);
+  else
+    return inq_keydata (opaque, line);
+}
+
+int
+agent_tpm2d_writekey (ctrl_t ctrl, unsigned char **shadow_info,
+		      gcry_sexp_t s_skey)
+{
+  int rc;
+  char line[ASSUAN_LINELENGTH];
+  size_t n;
+  unsigned char *kbuf;
+  membuf_t data;
+  struct inq_parm_s inqparm;
+  size_t len;
+
+  rc = start_tpm2d (ctrl);
+  if (rc)
+    return rc;
+
+  /* note: returned data is TPM protected so no need for a sensitive context */
+  init_membuf(&data, 4096);
+
+  inqparm.ctx = daemon_ctx (ctrl);
+  inqparm.getpin_cb = agent_ask_new_passphrase;
+  inqparm.ctrl = ctrl;
+  inqparm.pin = NULL;
+
+  n = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
+  kbuf = xtrymalloc (n);
+  gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, kbuf, n);
+  inqparm.keydata = kbuf;
+  inqparm.keydatalen = n;
+  snprintf(line, sizeof(line), "IMPORT");
+
+  rc = assuan_transact (daemon_ctx (ctrl), line,
+			put_membuf_cb, &data,
+			inq_keydata, &inqparm,
+			NULL, NULL);
+  xfree (kbuf);
+  xfree (inqparm.pin);
+  if (rc)
+    {
+      xfree (get_membuf (&data, &len));
+      return unlock_tpm2d (ctrl, rc);
+    }
+
+  *shadow_info = get_membuf (&data, &len);
+
+  return unlock_tpm2d (ctrl, 0);
+}
+
+static gpg_error_t
+pin_cb (ctrl_t ctrl, const char *prompt, char **passphrase)
+{
+  *passphrase = agent_get_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER);
+  if (*passphrase)
+    return 0;
+  return agent_get_passphrase(ctrl, passphrase,
+			      _("Please enter your passphrase, so that the "
+				"secret key can be unlocked for this session"),
+			      prompt, NULL, 0,
+			      ctrl->keygrip, CACHE_MODE_USER, NULL);
+}
+
+int
+agent_tpm2d_pksign (ctrl_t ctrl, const unsigned char *digest,
+		    size_t digestlen, const unsigned char *shadow_info,
+		    unsigned char **r_sig, size_t *r_siglen)
+{
+  int rc;
+  char line[ASSUAN_LINELENGTH];
+  membuf_t data;
+  struct inq_parm_s inqparm;
+
+  rc = start_tpm2d (ctrl);
+  if (rc)
+    return rc;
+
+  init_membuf (&data, 1024);
+
+  inqparm.ctx = daemon_ctx (ctrl);
+  inqparm.getpin_cb = pin_cb;
+  inqparm.ctrl = ctrl;
+  inqparm.keydata = shadow_info;
+  inqparm.keydatalen = gcry_sexp_canon_len (shadow_info, 0, NULL, NULL);
+  inqparm.extra = digest;
+  inqparm.extralen = digestlen;
+  inqparm.pin = NULL;
+
+  snprintf(line, sizeof(line), "PKSIGN");
+
+  rc = assuan_transact (daemon_ctx (ctrl), line,
+			put_membuf_cb, &data,
+			inq_extra, &inqparm,
+			NULL, NULL);
+  if (!rc)
+    agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
+
+  xfree (inqparm.pin);
+
+  if (rc)
+    {
+      size_t len;
+      xfree (get_membuf (&data, &len));
+      return unlock_tpm2d (ctrl, rc);
+    }
+
+  *r_sig = get_membuf (&data, r_siglen);
+
+  return unlock_tpm2d (ctrl, 0);
+}
+
+int
+agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
+		       size_t cipherlen, const unsigned char *shadow_info,
+		       char **r_buf, size_t *r_len)
+{
+  int rc;
+  char line[ASSUAN_LINELENGTH];
+  membuf_t data;
+  struct inq_parm_s inqparm;
+
+  rc = start_tpm2d (ctrl);
+  if (rc)
+    return rc;
+
+  init_membuf (&data, 1024);
+
+  inqparm.ctx = daemon_ctx (ctrl);
+  inqparm.getpin_cb = pin_cb;
+  inqparm.ctrl = ctrl;
+  inqparm.keydata = shadow_info;
+  inqparm.keydatalen = gcry_sexp_canon_len (shadow_info, 0, NULL, NULL);
+  inqparm.extra = cipher;
+  inqparm.extralen = cipherlen;
+  inqparm.pin = NULL;
+
+  snprintf(line, sizeof(line), "PKDECRYPT");
+
+  rc = assuan_transact (daemon_ctx (ctrl), line,
+			put_membuf_cb, &data,
+			inq_extra, &inqparm,
+			NULL, NULL);
+  if (!rc)
+    agent_put_cache (ctrl, ctrl->keygrip, CACHE_MODE_USER, inqparm.pin, 0);
+
+  xfree (inqparm.pin);
+
+  if (rc)
+    {
+      size_t len;
+      xfree (get_membuf (&data, &len));
+      return unlock_tpm2d (ctrl, rc);
+    }
+
+  *r_buf = get_membuf (&data, r_len);
+
+  return unlock_tpm2d (ctrl, 0);
+}
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 21dd53c..73f98e9 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -41,7 +41,6 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <assert.h>
 #ifndef HAVE_W32_SYSTEM
 #include <sys/socket.h>
 #include <sys/un.h>
@@ -71,6 +70,7 @@
 #define SSH_REQUEST_LOCK                  22
 #define SSH_REQUEST_UNLOCK                23
 #define SSH_REQUEST_ADD_ID_CONSTRAINED    25
+#define SSH_REQUEST_EXTENSION             27
 
 /* Options. */
 #define	SSH_OPT_CONSTRAIN_LIFETIME	   1
@@ -81,6 +81,7 @@
 #define SSH_RESPONSE_FAILURE               5
 #define SSH_RESPONSE_IDENTITIES_ANSWER    12
 #define SSH_RESPONSE_SIGN_RESPONSE        14
+#define SSH_RESPONSE_EXTENSION_FAILURE    28
 
 /* Other constants.  */
 #define SSH_DSA_SIGNATURE_PADDING 20
@@ -157,7 +158,7 @@ typedef gpg_error_t (*ssh_signature_encoder_t) (ssh_key_type_spec_t *spec,
                                                 estream_t signature_blob,
 						gcry_sexp_t sig);
 
-/* Type, which is used for boundling all the algorithm specific
+/* Type, which is used for bundling all the algorithm specific
    information together in a single object.  */
 struct ssh_key_type_spec
 {
@@ -250,6 +251,9 @@ static gpg_error_t ssh_handler_lock (ctrl_t ctrl,
 static gpg_error_t ssh_handler_unlock (ctrl_t ctrl,
 				       estream_t request,
 				       estream_t response);
+static gpg_error_t ssh_handler_extension (ctrl_t ctrl,
+                                          estream_t request,
+                                          estream_t response);
 
 static gpg_error_t ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis);
 static gpg_error_t ssh_signature_encoder_rsa (ssh_key_type_spec_t *spec,
@@ -267,6 +271,11 @@ static gpg_error_t ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
 static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment);
 
 
+struct peer_info_s
+{
+  unsigned long pid;
+  int uid;
+};
 
 /* Global variables.  */
 
@@ -286,7 +295,8 @@ static const ssh_request_spec_t request_specs[] =
     REQUEST_SPEC_DEFINE (REMOVE_IDENTITY,       remove_identity,       0),
     REQUEST_SPEC_DEFINE (REMOVE_ALL_IDENTITIES, remove_all_identities, 0),
     REQUEST_SPEC_DEFINE (LOCK,                  lock,                  0),
-    REQUEST_SPEC_DEFINE (UNLOCK,                unlock,                0)
+    REQUEST_SPEC_DEFINE (UNLOCK,                unlock,                0),
+    REQUEST_SPEC_DEFINE (EXTENSION,             extension,             0)
 #undef REQUEST_SPEC_DEFINE
   };
 
@@ -613,7 +623,7 @@ stream_read_string (estream_t stream, unsigned int secure,
         }
 
       /* Read data.  */
-      err = length? stream_read_data (stream, buffer, length) : 0;
+      err = stream_read_data (stream, buffer, length);
       if (err)
         goto out;
 
@@ -623,7 +633,7 @@ stream_read_string (estream_t stream, unsigned int secure,
     }
   else  /* Dummy read requested.  */
     {
-      err = length? stream_read_skip (stream, length) : 0;
+      err = stream_read_skip (stream, length);
       if (err)
         goto out;
     }
@@ -1025,7 +1035,7 @@ search_control_file (ssh_control_file_t cf, const char *hexgrip,
 {
   gpg_error_t err;
 
-  assert (strlen (hexgrip) == 40 );
+  log_assert (strlen (hexgrip) == 40 );
 
   if (r_disabled)
     *r_disabled = 0;
@@ -1504,7 +1514,7 @@ ssh_signature_encoder_dsa (ssh_key_type_spec_t *spec,
 
   /* DSA specific code.  */
 
-  /* FIXME: Why this complicated code?  Why collecting boths mpis in a
+  /* FIXME: Why this complicated code?  Why collecting both mpis in a
      buffer instead of writing them out one after the other?  */
   for (i = 0; i < 2; i++)
     {
@@ -1725,11 +1735,6 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
   estream_t format = NULL;
   char *algo_name = NULL;
 
-  /* We can't encode an empty string in an S-expression, thus to keep
-   * the code simple we use "(none)" instead.  */
-  if (!comment || !*comment)
-    comment = "(none)";
-
   if ((key_spec.flags & SPEC_FLAG_IS_EdDSA))
     {
       /* It is much easier and more readable to use a separate code
@@ -1749,7 +1754,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
                                "(comment%s))",
                                curve_name,
                                mpis[0], mpis[1],
-                               comment);
+                               comment? comment:"");
       else
         err = gcry_sexp_build (&sexp_new, NULL,
                                "(public-key(ecc(curve %s)"
@@ -1757,8 +1762,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
                                "(comment%s))",
                                curve_name,
                                mpis[0],
-                               comment);
-
+                               comment? comment:"");
     }
   else
     {
@@ -1957,14 +1961,13 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
 	}
       if ((key_spec.flags & SPEC_FLAG_IS_EdDSA))
         {
-
           data = gcry_sexp_nth_data (value_pair, 1, &datalen);
           if (!data)
             {
               err = gpg_error (GPG_ERR_INV_SEXP);
               goto out;
             }
-          if (*p_elems == 'q' && datalen)
+          if (*p_elems == 'q' && (datalen & 1) && *data == 0x40)
             { /* Remove the prefix 0x40.  */
               data++;
               datalen--;
@@ -2125,6 +2128,10 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
        * we only want the real 32 byte private key - Libgcrypt expects
        * this.
        */
+
+      /* For now, it's only Ed25519.  In future, Ed448 will come.  */
+      curve_name = "Ed25519";
+
       mpi_list = xtrycalloc (3, sizeof *mpi_list);
       if (!mpi_list)
         {
@@ -2231,39 +2238,15 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
 	goto out;
     }
 
-  if ((spec.flags & SPEC_FLAG_IS_EdDSA))
-    {
-      if (secret)
-        {
-          err = gcry_sexp_build (&key, NULL,
-                                 "(private-key(ecc(curve \"Ed25519\")"
-                                 "(flags eddsa)(q %m)(d %m))"
-                                 "(comment%s))",
-                                 mpi_list[0], mpi_list[1],
-                                 comment? comment:"");
-        }
-      else
-        {
-          err = gcry_sexp_build (&key, NULL,
-                                 "(public-key(ecc(curve \"Ed25519\")"
-                                 "(flags eddsa)(q %m))"
-                                 "(comment%s))",
-                                 mpi_list[0],
-                                 comment? comment:"");
-        }
-    }
-  else
+  err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list,
+                            comment? comment:"");
+  if (!err)
     {
-      err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list,
-                                comment? comment:"");
-      if (err)
-        goto out;
+      if (key_spec)
+        *key_spec = spec;
+      *key_new = key;
     }
 
-  if (key_spec)
-    *key_spec = spec;
-  *key_new = key;
-
  out:
   es_fclose (cert);
   mpint_list_free (mpi_list);
@@ -2376,45 +2359,16 @@ ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
 }
 
 
+/* Check whether a key of KEYGRIP on smartcard is available and
+   whether it has a usable key.  Store a copy of that key at R_PK and
+   return 0.  If no key is available store NULL at R_PK and return an
+   error code.  If CARDSN is not NULL, a string with the serial number
+   of the card will be a malloced and stored there. */
 static gpg_error_t
-card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
-{
-  gpg_error_t err;
-
-  *r_serialno = NULL;
-  *result = NULL;
-
-  err = agent_card_serialno (ctrl, r_serialno, NULL);
-  if (err)
-    {
-      if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
-        log_info (_("error getting serial number of card: %s\n"),
-                  gpg_strerror (err));
-
-      /* Nothing available.  */
-      return 0;
-    }
-
-  err = agent_card_cardlist (ctrl, result);
-  if (err)
-    {
-      xfree (*r_serialno);
-      *r_serialno = NULL;
-    }
-  return err;
-}
-
-/* Check whether a smartcard is available and whether it has a usable
-   key.  Store a copy of that key at R_PK and return 0.  If no key is
-   available store NULL at R_PK and return an error code.  If CARDSN
-   is not NULL, a string with the serial number of the card will be
-   a malloced and stored there. */
-static gpg_error_t
-card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
+card_key_available (ctrl_t ctrl, const struct card_key_info_s *keyinfo,
+                    gcry_sexp_t *r_pk, char **cardsn)
 {
   gpg_error_t err;
-  char *authkeyid;
-  char *serialno = NULL;
   unsigned char *pkbuf;
   size_t pkbuflen;
   gcry_sexp_t s_pk;
@@ -2424,48 +2378,12 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
   if (cardsn)
     *cardsn = NULL;
 
-  /* First see whether a card is available and whether the application
-     is supported.  */
-  err = agent_card_getattr (ctrl, "$AUTHKEYID", &authkeyid);
-  if ( gpg_err_code (err) == GPG_ERR_CARD_REMOVED )
-    {
-      /* Ask for the serial number to reset the card.  */
-      err = agent_card_serialno (ctrl, &serialno, NULL);
-      if (err)
-        {
-          if (opt.verbose)
-            log_info (_("error getting serial number of card: %s\n"),
-                      gpg_strerror (err));
-          return err;
-        }
-      log_info (_("detected card with S/N: %s\n"), serialno);
-      err = agent_card_getattr (ctrl, "$AUTHKEYID", &authkeyid);
-    }
-  if (err)
-    {
-      log_error (_("no authentication key for ssh on card: %s\n"),
-                 gpg_strerror (err));
-      xfree (serialno);
-      return err;
-    }
-
-  /* Get the S/N if we don't have it yet.  Use the fast getattr method.  */
-  if (!serialno && (err = agent_card_getattr (ctrl, "SERIALNO", &serialno)) )
-    {
-      log_error (_("error getting serial number of card: %s\n"),
-                 gpg_strerror (err));
-      xfree (authkeyid);
-      return err;
-    }
-
   /* Read the public key.  */
-  err = agent_card_readkey (ctrl, authkeyid, &pkbuf);
+  err = agent_card_readkey (ctrl, keyinfo->keygrip, &pkbuf, NULL);
   if (err)
     {
       if (opt.verbose)
         log_info (_("no suitable card key found: %s\n"), gpg_strerror (err));
-      xfree (serialno);
-      xfree (authkeyid);
       return err;
     }
 
@@ -2476,38 +2394,19 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
       log_error ("failed to build S-Exp from received card key: %s\n",
                  gpg_strerror (err));
       xfree (pkbuf);
-      xfree (serialno);
-      xfree (authkeyid);
-      return err;
-    }
-
-  err = ssh_key_grip (s_pk, grip);
-  if (err)
-    {
-      log_debug ("error computing keygrip from received card key: %s\n",
-		 gcry_strerror (err));
-      xfree (pkbuf);
-      gcry_sexp_release (s_pk);
-      xfree (serialno);
-      xfree (authkeyid);
       return err;
     }
 
+  hex2bin (keyinfo->keygrip, grip, sizeof (grip));
   if ( agent_key_available (grip) )
     {
-      char *dispserialno;
-
       /* (Shadow)-key is not available in our key storage.  */
-      agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
-      err = agent_write_shadow_key (0, grip, serialno, authkeyid, pkbuf, 0,
-                                    dispserialno);
-      xfree (dispserialno);
+      err = agent_write_shadow_key (grip, keyinfo->serialno,
+                                    keyinfo->idstr, pkbuf, 0);
       if (err)
         {
           xfree (pkbuf);
           gcry_sexp_release (s_pk);
-          xfree (serialno);
-          xfree (authkeyid);
           return err;
         }
     }
@@ -2518,27 +2417,24 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
 
       /* If the card handler is able to return a short serialnumber,
          use that one, else use the complete serialno. */
-      if (!agent_card_getattr (ctrl, "$DISPSERIALNO", &dispsn))
+      if (!agent_card_getattr (ctrl, "$DISPSERIALNO", &dispsn,
+                               keyinfo->keygrip))
         {
           *cardsn = xtryasprintf ("cardno:%s", dispsn);
           xfree (dispsn);
         }
       else
-        *cardsn = xtryasprintf ("cardno:%s", serialno);
+        *cardsn = xtryasprintf ("cardno:%s", keyinfo->serialno);
       if (!*cardsn)
         {
           err = gpg_error_from_syserror ();
           xfree (pkbuf);
           gcry_sexp_release (s_pk);
-          xfree (serialno);
-          xfree (authkeyid);
           return err;
         }
     }
 
   xfree (pkbuf);
-  xfree (serialno);
-  xfree (authkeyid);
   *r_pk = s_pk;
   return 0;
 }
@@ -2586,12 +2482,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
      reader - this should be allowed even without being listed in
      sshcontrol. */
 
-  if (!opt.disable_scdaemon)
+  if (!opt.disable_daemon[DAEMON_SCD])
     {
       char *serialno;
-      strlist_t card_list, sl;
+      struct card_key_info_s *keyinfo_list;
+      struct card_key_info_s *keyinfo;
+
+      /* Scan device(s), and get list of KEYGRIP.  */
+      err = agent_card_serialno (ctrl, &serialno, NULL);
+      if (!err)
+        {
+          xfree (serialno);
+          err = agent_card_keyinfo (ctrl, NULL, GCRY_PK_USAGE_AUTH,
+                                    &keyinfo_list);
+        }
 
-      err = card_key_list (ctrl, &serialno, &card_list);
       if (err)
         {
           if (opt.verbose)
@@ -2600,22 +2505,11 @@ ssh_handler_request_identities (ctrl_t ctrl,
           goto scd_out;
         }
 
-      for (sl = card_list; sl; sl = sl->next)
+      for (keyinfo = keyinfo_list; keyinfo; keyinfo = keyinfo->next)
         {
-          char *serialno0;
           char *cardsn;
 
-          err = agent_card_serialno (ctrl, &serialno0, sl->d);
-          if (err)
-            {
-              if (opt.verbose)
-                log_info (_("error getting serial number of card: %s\n"),
-                          gpg_strerror (err));
-              continue;
-            }
-
-          xfree (serialno0);
-          if (card_key_available (ctrl, &key_public, &cardsn))
+          if (card_key_available (ctrl, keyinfo, &key_public, &cardsn))
             continue;
 
           err = ssh_send_key_public (key_blobs, key_public, cardsn);
@@ -2624,7 +2518,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
           xfree (cardsn);
           if (err)
             {
-              if (opt.verbose)
+              if (err && opt.verbose)
                 gcry_log_debugsxp ("pubkey", key_public);
               if (gpg_err_code (err) == GPG_ERR_UNKNOWN_CURVE
                   || gpg_err_code (err) == GPG_ERR_INV_CURVE)
@@ -2635,8 +2529,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
                 }
               else
                 {
-                  xfree (serialno);
-                  free_strlist (card_list);
+                  agent_card_free_keyinfo (keyinfo_list);
                   goto out;
                 }
             }
@@ -2644,8 +2537,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
             key_counter++;
         }
 
-      xfree (serialno);
-      free_strlist (card_list);
+      agent_card_free_keyinfo (keyinfo_list);
     }
 
  scd_out:
@@ -2662,7 +2554,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
         continue; /* Should not happen.  */
       if (cf->item.disabled)
         continue;
-      assert (strlen (cf->item.hexgrip) == 40);
+      log_assert (strlen (cf->item.hexgrip) == 40);
       hex2bin (cf->item.hexgrip, grip, sizeof (grip));
 
       err = agent_public_key_from_file (ctrl, grip, &key_public);
@@ -2737,7 +2629,7 @@ data_hash (unsigned char *data, size_t data_n,
    allow the use of signature algorithms that implement the hashing
    internally (e.g. Ed25519).  On success the created signature is
    stored in ssh format at R_SIG and it's size at R_SIGLEN; the caller
-   must use es_free to releaase this memory.  */
+   must use es_free to release this memory.  */
 static gpg_error_t
 data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
            const void *hash, size_t hashlen,
@@ -2912,6 +2804,9 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
   if (!hash_algo)
     hash_algo = GCRY_MD_SHA1;  /* Use the default.  */
   ctrl->digest.algo = hash_algo;
+  xfree (ctrl->digest.data);
+  ctrl->digest.data = NULL;
+  ctrl->digest.is_pss = 0;
   if ((spec.flags & SPEC_FLAG_USE_PKCS1V2))
     ctrl->digest.raw_value = 0;
   else
@@ -3159,8 +3054,8 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
 
   /* Store this key to our key storage.  We do not store a creation
    * timestamp because we simply do not know.  */
-  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, 0,
-                                 NULL, NULL, NULL);
+  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0,
+                                 NULL, NULL, 0);
   if (err)
     goto out;
 
@@ -3425,6 +3320,84 @@ ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response)
   return ret_err;
 }
 
+/* Handler for the "extension" command.  */
+static gpg_error_t
+ssh_handler_extension (ctrl_t ctrl, estream_t request, estream_t response)
+{
+  gpg_error_t ret_err;
+  gpg_error_t err;
+  char *exttype = NULL;
+  char *name = NULL;
+  char *value = NULL;
+
+  err = stream_read_cstring (request, &exttype);
+  if (err)
+    goto leave;
+
+  if (opt.verbose)
+    log_info ("ssh-agent extension '%s' received\n", exttype);
+  if (!strcmp (exttype, "ssh-env@gnupg.org"))
+    {
+      for (;;)
+        {
+          xfree (name); name = NULL;
+          err = stream_read_cstring (request, &name);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            break;  /* ready.  */
+          if (err)
+            {
+              if (opt.verbose)
+                log_error ("error reading ssh-agent env name\n");
+              goto leave;
+            }
+          xfree (value); value = NULL;
+          err = stream_read_cstring (request, &value);
+          if (err)
+            {
+              if (opt.verbose)
+                log_error ("error reading ssh-agent env value\n");
+              goto leave;
+            }
+          if (opt.debug)
+            log_debug ("ssh-agent env '%s'='%s'\n", name, value);
+          err = session_env_setenv (ctrl->session_env, name,
+                                    *value? value : NULL);
+          if (err)
+            {
+              log_error ("error setting ssh-agent env value: %s\n",
+                         gpg_strerror (err));
+              goto leave;
+            }
+        }
+      err = 0;
+    }
+  else if (!strcmp (exttype, "ssh-envnames@gnupg.org"))
+    {
+      ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+      if (!ret_err)
+        ret_err = stream_write_cstring
+          (response, session_env_list_stdenvnames (NULL, NULL));
+      goto finalleave;
+    }
+  else
+    {
+      if (opt.verbose)
+        log_info ("ssh-agent extension '%s' not supported\n", exttype);
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+ leave:
+  if (!err)
+    ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+  else
+    ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+ finalleave:
+  xfree (exttype);
+  xfree (name);
+  xfree (value);
+  return ret_err;
+}
+
 
 
 /* Return the request specification for the request identified by TYPE
@@ -3610,10 +3583,11 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
 
 
 /* Return the peer's pid.  */
-static unsigned long
-get_client_pid (int fd)
+static void
+get_client_info (int fd, struct peer_info_s *out)
 {
-  pid_t client_pid = (pid_t)0;
+  pid_t client_pid = (pid_t)(-1);
+  int client_uid = -1;
 
 #ifdef SO_PEERCRED
   {
@@ -3628,8 +3602,10 @@ get_client_pid (int fd)
       {
 #if defined (HAVE_STRUCT_SOCKPEERCRED_PID) || defined (HAVE_STRUCT_UCRED_PID)
         client_pid = cr.pid;
+        client_uid = (int)cr.uid;
 #elif defined (HAVE_STRUCT_UCRED_CR_PID)
         client_pid = cr.cr_pid;
+        client_uid = (int)cr.cr_uid;
 #else
 #error "Unknown SO_PEERCRED struct"
 #endif
@@ -3640,6 +3616,15 @@ get_client_pid (int fd)
     socklen_t len = sizeof (pid_t);
 
     getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &client_pid, &len);
+#if defined (LOCAL_PEERCRED)
+    {
+      struct xucred cr;
+      len = sizeof (struct xucred);
+
+      if (!getsockopt (fd, SOL_LOCAL, LOCAL_PEERCRED, &cr, &len))
+	client_uid = (int)cr.cr_uid;
+    }
+#endif
   }
 #elif defined (LOCAL_PEEREID)
   {
@@ -3647,7 +3632,10 @@ get_client_pid (int fd)
     socklen_t unpl = sizeof unp;
 
     if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1)
-      client_pid = unp.unp_pid;
+      {
+        client_pid = unp.unp_pid;
+        client_uid = (int)unp.unp_euid;
+      }
   }
 #elif defined (HAVE_GETPEERUCRED)
   {
@@ -3655,7 +3643,8 @@ get_client_pid (int fd)
 
     if (getpeerucred (fd, &ucred) != -1)
       {
-        client_pid= ucred_getpid (ucred);
+        client_pid = ucred_getpid (ucred);
+	client_uid = (int)ucred_geteuid (ucred);
         ucred_free (ucred);
       }
   }
@@ -3663,7 +3652,8 @@ get_client_pid (int fd)
   (void)fd;
 #endif
 
-  return (unsigned long)client_pid;
+  out->pid = (client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid);
+  out->uid = client_uid;
 }
 
 
@@ -3674,12 +3664,15 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
   estream_t stream_sock = NULL;
   gpg_error_t err;
   int ret;
+  struct peer_info_s peer_info;
 
   err = agent_copy_startup_env (ctrl);
   if (err)
     goto out;
 
-  ctrl->client_pid = get_client_pid (FD2INT(sock_client));
+  get_client_info (FD2INT(sock_client), &peer_info);
+  ctrl->client_pid = peer_info.pid;
+  ctrl->client_uid = peer_info.uid;
 
   /* Create stream from socket.  */
   stream_sock = es_fdopen (FD2INT(sock_client), "r+");
@@ -3714,8 +3707,8 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
       es_ungetc (c, stream_sock);
     }
 
-  /* Reset the SCD in case it has been used. */
-  agent_reset_scd (ctrl);
+  /* Reset the daemon in case it has been used. */
+  agent_reset_daemon (ctrl);
 
 
  out:
@@ -3862,8 +3855,8 @@ serve_mmapped_ssh_request (ctrl_t ctrl,
       valid_response = 1;
     }
 
-  /* Reset the SCD in case it has been used. */
-  agent_reset_scd (ctrl);
+  /* Reset the daemon in case it has been used. */
+  agent_reset_daemon (ctrl);
 
   return valid_response? 0 : -1;
 }
diff --git a/agent/command.c b/agent/command.c
index b682c55..095f38b 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -30,7 +30,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <dirent.h>
@@ -50,6 +49,8 @@
 #define MAXLEN_KEYPARAM 1024
 /* Maximum allowed size of key data as used in inquiries (bytes). */
 #define MAXLEN_KEYDATA 8192
+/* Maximum length of a secret to store under one key.  */
+#define MAXLEN_PUT_SECRET 4096
 /* The size of the import/export KEK key (in bytes).  */
 #define KEYWRAP_KEYSIZE (128/8)
 
@@ -111,6 +112,16 @@ struct server_local_s
 
   /* Last PASSWD_NONCE sent as status (malloced). */
   char *last_passwd_nonce;
+
+  /* Per connection cache of the keyinfo from the cards.  The
+   * eventcounters for cards at the time the info was fetched is
+   * stored here as a freshness indicator.  */
+  struct {
+    struct card_key_info_s *ki;
+    unsigned int eventno;
+    unsigned int maybe_key_change;
+  } last_card_keyinfo;
+
 };
 
 
@@ -147,6 +158,11 @@ struct
      detected. */
   unsigned int card;
 
+  /* Internal counter to track possible changes to a key.
+   * FIXME: This should be replaced by generic notifications from scd.
+   */
+  unsigned int maybe_key_change;
+
 } eventcounter;
 
 
@@ -227,6 +243,8 @@ reset_notify (assuan_context_t ctx, char *line)
   memset (ctrl->keygrip, 0, 20);
   ctrl->have_keygrip = 0;
   ctrl->digest.valuelen = 0;
+  xfree (ctrl->digest.data);
+  ctrl->digest.data = NULL;
 
   xfree (ctrl->server_local->keydesc);
   ctrl->server_local->keydesc = NULL;
@@ -292,6 +310,31 @@ parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
 }
 
 
+/* Parse the TTL from STRING.  Leading and trailing spaces are
+ * skipped.  The value is constrained to -1 .. MAXINT.  On error 0 is
+ * returned, else the number of bytes scanned.  */
+static size_t
+parse_ttl (const char *string, int *r_ttl)
+{
+  const char *string_orig = string;
+  long ttl;
+  char *pend;
+
+  ttl = strtol (string, &pend, 10);
+  string = pend;
+  if (string == string_orig || !(spacep (string) || !*string)
+      || ttl < -1L || (int)ttl != (long)ttl)
+    {
+      *r_ttl = 0;
+      return 0;
+    }
+  while (spacep (string) || *string== '\n')
+    string++;
+  *r_ttl = (int)ttl;
+  return string - string_orig;
+}
+
+
 /* Write an Assuan status line.  KEYWORD is the first item on the
  * status line.  The following arguments are all separated by a space
  * in the output.  The last argument must be a NULL.  Linefeeds and
@@ -615,7 +658,7 @@ static const char hlp_setkeydesc[] =
   "Set a description to be used for the next PKSIGN, PKDECRYPT, IMPORT_KEY\n"
   "or EXPORT_KEY operation if this operation requires a passphrase.  If\n"
   "this command is not used a default text will be used.  Note, that\n"
-  "this description implictly selects the label used for the entry\n"
+  "this description implicitly selects the label used for the entry\n"
   "box; if the string contains the string PIN (which in general will\n"
   "not be translated), \"PIN\" is used, otherwise the translation of\n"
   "\"passphrase\" is used.  The description string should not contain\n"
@@ -663,20 +706,24 @@ cmd_setkeydesc (assuan_context_t ctx, char *line)
 
 
 static const char hlp_sethash[] =
-  "SETHASH (--hash=<name>)|(<algonumber>) <hexstring>\n"
+  "SETHASH (--hash=<name>)|(<algonumber>) <hexstring>]\n"
+  "SETHASH [--pss] --inquire\n"
   "\n"
   "The client can use this command to tell the server about the data\n"
-  "(which usually is a hash) to be signed.";
+  "(which usually is a hash) to be signed.  The option --inquire is\n"
+  "used to ask back for to-be-signed data in case of PureEdDSA or\n"
+  "with --pss for pre-formatted rsaPSS.";
 static gpg_error_t
 cmd_sethash (assuan_context_t ctx, char *line)
 {
-  int rc;
+  gpg_error_t err;
   size_t n;
   char *p;
   ctrl_t ctrl = assuan_get_pointer (ctx);
   unsigned char *buf;
   char *endp;
   int algo;
+  int opt_inquire, opt_pss;
 
   /* Parse the alternative hash options which may be used instead of
      the algo number.  */
@@ -698,48 +745,94 @@ cmd_sethash (assuan_context_t ctx, char *line)
         algo = GCRY_MD_MD5;
       else if (has_option (line, "--hash=tls-md5sha1"))
         algo = MD_USER_TLS_MD5SHA1;
+      else if (has_option (line, "--hash=none"))
+        algo = 0;
       else
-        return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
+        {
+          err = set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
+          goto leave;
+        }
     }
   else
     algo = 0;
 
+  opt_pss = has_option (line, "--pss");
+  opt_inquire = has_option (line, "--inquire");
   line = skip_options (line);
 
-  if (!algo)
+  if (!algo && !opt_inquire)
     {
       /* No hash option has been given: require an algo number instead  */
       algo = (int)strtoul (line, &endp, 10);
       for (line = endp; *line == ' ' || *line == '\t'; line++)
         ;
       if (!algo || gcry_md_test_algo (algo))
-        return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
+        {
+          err = set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
+          goto leave;
+        }
     }
+  xfree (ctrl->digest.data);
+  ctrl->digest.data = NULL;
   ctrl->digest.algo = algo;
   ctrl->digest.raw_value = 0;
+  ctrl->digest.is_pss = opt_pss;
 
-  /* Parse the hash value. */
-  n = 0;
-  rc = parse_hexstring (ctx, line, &n);
-  if (rc)
-    return rc;
-  n /= 2;
-  if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
-    ;
-  else if (n != 16 && n != 20 && n != 24
-           && n != 28 && n != 32 && n != 48 && n != 64)
-    return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
-
-  if (n > MAX_DIGEST_LEN)
-    return set_error (GPG_ERR_ASS_PARAMETER, "hash value to long");
-
-  buf = ctrl->digest.value;
-  ctrl->digest.valuelen = n;
-  for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++)
-    buf[n] = xtoi_2 (p);
-  for (; n < ctrl->digest.valuelen; n++)
-    buf[n] = 0;
-  return 0;
+  if (opt_inquire)
+    {
+      /* We limit the to-be-signed data to some reasonable size which
+       * may eventually allow us to pass that even to smartcards.  */
+      size_t maxlen = 2048;
+
+      if (algo)
+        {
+	  err = set_error (GPG_ERR_ASS_PARAMETER,
+                          "both --inquire and an algo are specified");
+	  goto leave;
+        }
+
+      err = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", maxlen);
+      if (!err)
+	err = assuan_inquire (ctx, "TBSDATA", &buf, &n, maxlen);
+      if (err)
+        goto leave;
+
+      ctrl->digest.data = buf;
+      ctrl->digest.valuelen = n;
+    }
+  else
+    {
+      /* Parse the hash value. */
+      n = 0;
+      err = parse_hexstring (ctx, line, &n);
+      if (err)
+        goto leave;
+      n /= 2;
+      if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
+        ;
+      else if (n != 16 && n != 20 && n != 24
+               && n != 28 && n != 32 && n != 48 && n != 64)
+        {
+          err = set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
+          goto leave;
+        }
+
+      if (n > MAX_DIGEST_LEN)
+        {
+          err = set_error (GPG_ERR_ASS_PARAMETER, "hash value to long");
+          goto leave;
+        }
+
+      buf = ctrl->digest.value;
+      ctrl->digest.valuelen = n;
+      for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++)
+        buf[n] = xtoi_2 (p);
+      for (; n < ctrl->digest.valuelen; n++)
+        buf[n] = 0;
+    }
+
+ leave:
+  return leave_cmd (ctx, err);
 }
 
 
@@ -843,7 +936,7 @@ static const char hlp_genkey[] =
   "\n"
   "  C: GENKEY\n"
   "  S: INQUIRE KEYPARAM\n"
-  "  C: D (genkey (rsa (nbits  2048)))\n"
+  "  C: D (genkey (rsa (nbits 3072)))\n"
   "  C: END\n"
   "  S: D (public-key\n"
   "  S: D   (rsa (n 326487324683264) (e 10001)))\n"
@@ -921,6 +1014,8 @@ cmd_genkey (assuan_context_t ctx, char *line)
   if (*line)
     cache_nonce = xtrystrdup (line);
 
+  eventcounter.maybe_key_change++;
+
   /* First inquire the parameters */
   rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_KEYPARAM);
   if (!rc)
@@ -978,8 +1073,8 @@ cmd_genkey (assuan_context_t ctx, char *line)
 
 
 static const char hlp_readkey[] =
-  "READKEY [--no-data] <hexstring_with_keygrip>\n"
-  "                    --card <keyid>\n"
+  "READKEY <hexstring_with_keygrip>\n"
+  "        --card <keyid>\n"
   "\n"
   "Return the public key for the given keygrip or keyid.\n"
   "With --card, private key file with card information will be created.";
@@ -992,15 +1087,12 @@ cmd_readkey (assuan_context_t ctx, char *line)
   gcry_sexp_t s_pkey = NULL;
   unsigned char *pkbuf = NULL;
   char *serialno = NULL;
-  char *keyidbuf = NULL;
   size_t pkbuflen;
-  int opt_card, opt_no_data;
-  char *dispserialno = NULL;
+  int opt_card;
 
   if (ctrl->restricted)
     return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
 
-  opt_no_data = has_option (line, "--no-data");
   opt_card = has_option (line, "--card");
   line = skip_options (line);
 
@@ -1008,7 +1100,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
     {
       const char *keyid = line;
 
-      rc = agent_card_getattr (ctrl, "SERIALNO", &serialno);
+      rc = agent_card_getattr (ctrl, "SERIALNO", &serialno, NULL);
       if (rc)
         {
           log_error (_("error getting serial number of card: %s\n"),
@@ -1016,13 +1108,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
           goto leave;
         }
 
-      /* Hack to create the shadow key for the standard keys.  */
-      if ((!strcmp (keyid, "$SIGNKEYID") || !strcmp (keyid, "$ENCRKEYID")
-           || !strcmp (keyid, "$AUTHKEYID"))
-          && !agent_card_getattr (ctrl, keyid, &keyidbuf))
-        keyid = keyidbuf;
-
-      rc = agent_card_readkey (ctrl, keyid, &pkbuf);
+      rc = agent_card_readkey (ctrl, keyid, &pkbuf, NULL);
       if (rc)
         goto leave;
       pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
@@ -1039,25 +1125,11 @@ cmd_readkey (assuan_context_t ctx, char *line)
           goto leave;
         }
 
-      agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
-      if (agent_key_available (grip))
-        {
-          /* Shadow-key is not available in our key storage.  */
-          rc = agent_write_shadow_key (0, grip, serialno, keyid, pkbuf, 0,
-                                       dispserialno);
-        }
-      else
-        {
-          /* Shadow-key is available in our key storage but ne check
-           * whether we need to update it with a new display-s/n or
-           * whatever.  */
-          rc = agent_write_shadow_key (1, grip, serialno, keyid, pkbuf, 0,
-                                       dispserialno);
-        }
+      rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0);
       if (rc)
         goto leave;
 
-      rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
+      rc = assuan_send_data (ctx, pkbuf, pkbuflen);
     }
   else
     {
@@ -1077,16 +1149,14 @@ cmd_readkey (assuan_context_t ctx, char *line)
             {
               pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON,
                                            pkbuf, pkbuflen);
-              rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
+              rc = assuan_send_data (ctx, pkbuf, pkbuflen);
             }
         }
     }
 
  leave:
-  xfree (keyidbuf);
   xfree (serialno);
   xfree (pkbuf);
-  xfree (dispserialno);
   gcry_sexp_release (s_pkey);
   return leave_cmd (ctx, rc);
 }
@@ -1140,19 +1210,21 @@ static const char hlp_keyinfo[] =
   "      'D' - The key has been disabled,\n"
   "      'S' - The key is listed in sshcontrol (requires --with-ssh),\n"
   "      'c' - Use of the key needs to be confirmed,\n"
+  "      'A' - The key is available on card,\n"
   "      '-' - No flags given.\n"
   "\n"
   "More information may be added in the future.";
 static gpg_error_t
 do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
                 int data, int with_ssh_fpr, int in_ssh,
-                int ttl, int disabled, int confirm)
+                int ttl, int disabled, int confirm, int on_card)
 {
   gpg_error_t err;
   char hexgrip[40+1];
   char *fpr = NULL;
   int keytype;
   unsigned char *shadow_info = NULL;
+  unsigned char *shadow_info_type = NULL;
   char *serialno = NULL;
   char *idstr = NULL;
   const char *keytypestr;
@@ -1163,7 +1235,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
   char ttlbuf[20];
   char flagsbuf[5];
 
-  err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info);
+  err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info,
+                                  &shadow_info_type);
   if (err)
     {
       if (in_ssh && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
@@ -1187,6 +1260,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
     strcat (flagsbuf, "S");
   if (confirm)
     strcat (flagsbuf, "c");
+  if (on_card)
+    strcat (flagsbuf, "A");
   if (!*flagsbuf)
     strcpy (flagsbuf, "-");
 
@@ -1233,9 +1308,23 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
 
   if (shadow_info)
     {
-      err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL);
-      if (err)
-        goto leave;
+      if (strcmp (shadow_info_type, "t1-v1") == 0)
+        {
+          err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL);
+          if (err)
+            goto leave;
+        }
+      else if (strcmp (shadow_info_type, "tpm2-v1") == 0)
+        {
+          serialno = xstrdup("TPM-Protected");
+          idstr = NULL;
+        }
+      else
+        {
+          log_error ("unrecognised shadow key type %s\n", shadow_info_type);
+          err = GPG_ERR_BAD_KEY;
+          goto leave;
+        }
     }
 
   if (!data)
@@ -1270,6 +1359,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
 
  leave:
   xfree (fpr);
+  xfree (shadow_info_type);
   xfree (shadow_info);
   xfree (serialno);
   xfree (idstr);
@@ -1291,9 +1381,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
   ssh_control_file_t cf = NULL;
   char hexgrip[41];
   int disabled, ttl, confirm, is_ssh;
-
-  if (ctrl->restricted)
-    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+  struct card_key_info_s *keyinfo_on_cards;
+  struct card_key_info_s *l;
+  int on_card;
 
   if (has_option (line, "--ssh-list"))
     list_mode = 2;
@@ -1321,8 +1411,30 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
   if (opt_with_ssh || list_mode == 2)
     cf = ssh_open_control_file ();
 
+  /* Take the keyinfo for cards from our local cache.  Actually this
+   * cache could be a global one but then we would need to employ
+   * reference counting. */
+  if (ctrl->server_local->last_card_keyinfo.ki
+      && ctrl->server_local->last_card_keyinfo.eventno == eventcounter.card
+      && (ctrl->server_local->last_card_keyinfo.maybe_key_change
+          == eventcounter.maybe_key_change))
+    {
+      keyinfo_on_cards = ctrl->server_local->last_card_keyinfo.ki;
+    }
+  else if (!agent_card_keyinfo (ctrl, NULL, 0, &keyinfo_on_cards))
+    {
+      agent_card_free_keyinfo (ctrl->server_local->last_card_keyinfo.ki);
+      ctrl->server_local->last_card_keyinfo.ki = keyinfo_on_cards;
+      ctrl->server_local->last_card_keyinfo.eventno = eventcounter.card;
+      ctrl->server_local->last_card_keyinfo.maybe_key_change
+        = eventcounter.maybe_key_change;
+    }
+
   if (list_mode == 2)
     {
+      if (ctrl->restricted)
+        return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+
       if (cf)
         {
           while (!ssh_read_control_file (cf, hexgrip,
@@ -1330,8 +1442,14 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
             {
               if (hex2bin (hexgrip, grip, 20) < 0 )
                 continue; /* Bad hex string.  */
+
+              on_card = 0;
+              for (l = keyinfo_on_cards; l; l = l->next)
+                if (!memcmp (l->keygrip, hexgrip, 40))
+                  on_card = 1;
+
               err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, 1,
-                                    ttl, disabled, confirm);
+                                    ttl, disabled, confirm, on_card);
               if (err)
                 goto leave;
             }
@@ -1343,6 +1461,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
       char *dirname;
       gnupg_dirent_t dir_entry;
 
+      if (ctrl->restricted)
+        return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+
       dirname = make_filename_try (gnupg_homedir (),
                                    GNUPG_PRIVATE_KEYS_DIR, NULL);
       if (!dirname)
@@ -1381,8 +1502,13 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
                 goto leave;
             }
 
+          on_card = 0;
+          for (l = keyinfo_on_cards; l; l = l->next)
+            if (!memcmp (l->keygrip, hexgrip, 40))
+              on_card = 1;
+
           err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
-                                ttl, disabled, confirm);
+                                ttl, disabled, confirm, on_card);
           if (err)
             goto leave;
         }
@@ -1404,8 +1530,13 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
             goto leave;
         }
 
+      on_card = 0;
+      for (l = keyinfo_on_cards; l; l = l->next)
+        if (!memcmp (l->keygrip, line, 40))
+          on_card = 1;
+
       err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
-                            ttl, disabled, confirm);
+                            ttl, disabled, confirm, on_card);
     }
 
  leave:
@@ -1507,7 +1638,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
   char *entry_errtext = NULL;
   struct pin_entry_info_s *pi = NULL;
   struct pin_entry_info_s *pi2 = NULL;
-  int is_generated;
 
   if (ctrl->restricted)
     return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
@@ -1619,8 +1749,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
       pi->max_tries = 3;
       pi->with_qualitybar = opt_qualbar;
       pi->with_repeat = opt_repeat;
-      pi->constraints_flags = (CHECK_CONSTRAINTS_NOT_EMPTY
-                               | CHECK_CONSTRAINTS_NEW_SYMKEY);
       pi2->max_length = MAX_PASSPHRASE_LEN + 1;
       pi2->max_tries = 3;
       pi2->check_cb = reenter_passphrase_cmp_cb;
@@ -1640,13 +1768,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
             goto leave;
           xfree (entry_errtext);
           entry_errtext = NULL;
-          is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
-
           /* We don't allow an empty passpharse in this mode.  */
-          if (!is_generated
-              && check_passphrase_constraints (ctrl, pi->pin,
-                                               pi->constraints_flags,
-                                               &entry_errtext))
+          if (check_passphrase_constraints (ctrl, pi->pin, 1, &entry_errtext))
             {
               pi->failed_tries = 0;
               pi2->failed_tries = 0;
@@ -1702,18 +1825,12 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
                                  opt_qualbar, cacheid, CACHE_MODE_USER, NULL);
       xfree (entry_errtext);
       entry_errtext = NULL;
-      is_generated = 0;
-
       if (!rc)
         {
           int i;
 
           if (opt_check
-              && !is_generated
-	      && check_passphrase_constraints
-              (ctrl, response,
-               (opt_newsymkey? CHECK_CONSTRAINTS_NEW_SYMKEY:0),
-               &entry_errtext))
+	      && check_passphrase_constraints (ctrl, response,0,&entry_errtext))
             {
               goto next_try;
             }
@@ -2133,11 +2250,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
 
       rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", maxlen);
       if (!rc)
-        {
-          assuan_begin_confidential (ctx);
-          rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen);
-          assuan_end_confidential (ctx);
-        }
+	rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen);
     }
   else
     rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required");
@@ -2146,10 +2259,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
     {
       rc = agent_put_cache (ctrl, grip_clear, CACHE_MODE_ANY, passphrase, ttl);
       if (opt_inquire)
-        {
-	  wipememory (passphrase, len);
-          xfree (passphrase);
-        }
+	xfree (passphrase);
     }
 
 leave:
@@ -2169,8 +2279,40 @@ cmd_scd (assuan_context_t ctx, char *line)
   int rc;
 #ifdef BUILD_WITH_SCDAEMON
   ctrl_t ctrl = assuan_get_pointer (ctx);
+
   if (ctrl->restricted)
-    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+    {
+      const char *argv[5];
+      int argc;
+      char *l;
+
+      l = xtrystrdup (line);
+      if (!l)
+        return gpg_error_from_syserror ();
+
+      argc = split_fields (l, argv, DIM (argv));
+
+      /* These commands are allowed.  */
+      if ((argc == 1 && !strcmp (argv[0], "SERIALNO"))
+          || (argc == 2
+              && !strcmp (argv[0], "GETINFO")
+              && !strcmp (argv[1], "version"))
+          || (argc == 2
+              && !strcmp (argv[0], "GETATTR")
+              && !strcmp (argv[1], "KEY-FPR"))
+          || (argc == 2
+              && !strcmp (argv[0], "KEYINFO")
+              && !strcmp (argv[1], "--list=encr")))
+        xfree (l);
+      else
+        {
+          xfree (l);
+          return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+        }
+    }
+
+  /* All  SCD prefixed commands may change a key.  */
+  eventcounter.maybe_key_change++;
 
   rc = divert_generic_cmd (ctrl, line, ctx);
 #else
@@ -2311,6 +2453,8 @@ cmd_import_key (assuan_context_t ctx, char *line)
   if (*line)
     cache_nonce = xtrystrdup (line);
 
+  eventcounter.maybe_key_change++;
+
   assuan_begin_confidential (ctx);
   err = assuan_inquire (ctx, "KEYDATA",
                         &wrappedkey, &wrappedkeylen, MAXLEN_KEYDATA);
@@ -2394,7 +2538,7 @@ cmd_import_key (assuan_context_t ctx, char *line)
         goto leave; /* Invalid canonical encoded S-expression.  */
       if (passphrase)
         {
-          assert (!opt_unattended);
+          log_assert (!opt_unattended);
           if (!cache_nonce)
             {
               char buf[12];
@@ -2438,11 +2582,11 @@ cmd_import_key (assuan_context_t ctx, char *line)
                            ctrl->s2k_count, -1);
       if (!err)
         err = agent_write_private_key (grip, finalkey, finalkeylen, force,
-                                       opt_timestamp, NULL, NULL, NULL);
+                                       NULL, NULL, opt_timestamp);
     }
   else
-    err = agent_write_private_key (grip, key, realkeylen, force,
-                                   opt_timestamp, NULL, NULL, NULL);
+    err = agent_write_private_key (grip, key, realkeylen, force, NULL, NULL,
+                                   opt_timestamp);
 
  leave:
   gcry_sexp_release (openpgp_sexp);
@@ -2654,6 +2798,8 @@ cmd_delete_key (assuan_context_t ctx, char *line)
   stub_only = has_option (line, "--stub-only");
   line = skip_options (line);
 
+  eventcounter.maybe_key_change++;
+
   /* If the use of a loopback pinentry has been disabled, we assume
    * that a silent deletion of keys shall also not be allowed.  */
   if (!opt.allow_loopback_pinentry)
@@ -2684,19 +2830,23 @@ cmd_delete_key (assuan_context_t ctx, char *line)
 #endif
 
 static const char hlp_keytocard[] =
-  "KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>\n"
-  "\n";
+  "KEYTOCARD [--force] <hexgrip> <serialno> <keyref> [<timestamp>]\n"
+  "\n"
+  "TIMESTAMP is required for OpenPGP and defaults to the Epoch.  The\n"
+  "SERIALNO is used for checking; use \"-\" to disable the check.";
 static gpg_error_t
 cmd_keytocard (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int force;
   gpg_error_t err = 0;
+  const char *argv[5];
+  int argc;
   unsigned char grip[20];
+  const char *serialno, *timestamp_str, *keyref;
   gcry_sexp_t s_skey = NULL;
   unsigned char *keydata;
   size_t keydatalen;
-  const char *serialno, *timestamp_str, *id;
   unsigned char *shadow_info = NULL;
   time_t timestamp;
 
@@ -2706,7 +2856,14 @@ cmd_keytocard (assuan_context_t ctx, char *line)
   force = has_option (line, "--force");
   line = skip_options (line);
 
-  err = parse_keygrip (ctx, line, grip);
+  argc = split_fields (line, argv, DIM (argv));
+  if (argc < 3)
+    {
+      err = gpg_error (GPG_ERR_MISSING_VALUE);
+      goto leave;
+    }
+
+  err = parse_keygrip (ctx, argv[0], grip);
   if (err)
     goto leave;
 
@@ -2716,39 +2873,19 @@ cmd_keytocard (assuan_context_t ctx, char *line)
       goto leave;
     }
 
-  /* Fixme: Replace the parsing code by split_fields().  */
-  line += 40;
-  while (*line && (*line == ' ' || *line == '\t'))
-    line++;
-  serialno = line;
-  while (*line && (*line != ' ' && *line != '\t'))
-    line++;
-  if (!*line)
-    {
-      err = gpg_error (GPG_ERR_MISSING_VALUE);
-      goto leave;
-    }
-  *line = '\0';
-  line++;
-  while (*line && (*line == ' ' || *line == '\t'))
-    line++;
-  id = line;
-  while (*line && (*line != ' ' && *line != '\t'))
-    line++;
-  if (!*line)
-    {
-      err = gpg_error (GPG_ERR_MISSING_VALUE);
-      goto leave;
-    }
-  *line = '\0';
-  line++;
-  while (*line && (*line == ' ' || *line == '\t'))
-    line++;
-  timestamp_str = line;
-  while (*line && (*line != ' ' && *line != '\t'))
-    line++;
-  if (*line)
-    *line = '\0';
+  /* Note that checking of the s/n is currently not implemented but we
+   * want to provide a clean interface if we ever implement it.  */
+  serialno = argv[1];
+  if (!strcmp (serialno, "-"))
+    serialno = NULL;
+
+  keyref = argv[2];
+
+  /* FIXME: Default to the creation time as stored in the private
+   * key.  The parameter is here so that gpg can make sure that the
+   * timestamp as used for key creation (and thus the openPGP
+   * fingerprint) is used.  */
+  timestamp_str = argc > 3? argv[3] : "19700101T000000";
 
   if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))
     {
@@ -2760,38 +2897,269 @@ cmd_keytocard (assuan_context_t ctx, char *line)
                              &shadow_info, CACHE_MODE_IGNORE, NULL,
                              &s_skey, NULL);
   if (err)
-    {
-      xfree (shadow_info);
-      goto leave;
-    }
+    goto leave;
   if (shadow_info)
     {
-      /* Key is on a smartcard already.  */
-      xfree (shadow_info);
-      gcry_sexp_release (s_skey);
+      /* Key is already on a smartcard - we can't extract it. */
       err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
       goto leave;
     }
 
-  keydatalen =  gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
+  /* Note: We can't use make_canon_sexp because we need to allocate a
+   * few extra bytes for our hack below.  */
+  keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
   keydata = xtrymalloc_secure (keydatalen + 30);
   if (keydata == NULL)
     {
       err = gpg_error_from_syserror ();
-      gcry_sexp_release (s_skey);
       goto leave;
     }
-
   gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen);
   gcry_sexp_release (s_skey);
+  s_skey = NULL;
   keydatalen--;			/* Decrement for last '\0'.  */
-  /* Add timestamp "created-at" in the private key */
+  /* Hack to insert the timestamp "created-at" into the private key.  */
   snprintf (keydata+keydatalen-1, 30, KEYTOCARD_TIMESTAMP_FORMAT, timestamp);
   keydatalen += 10 + 19 - 1;
-  err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen);
+
+  err = divert_writekey (ctrl, force, serialno, keyref, keydata, keydatalen);
   xfree (keydata);
 
  leave:
+  gcry_sexp_release (s_skey);
+  xfree (shadow_info);
+  return leave_cmd (ctx, err);
+}
+
+
+
+static const char hlp_get_secret[] =
+  "GET_SECRET <key>\n"
+  "\n"
+  "Return the secret value stored under KEY\n";
+static gpg_error_t
+cmd_get_secret (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err;
+  char *p, *key;
+  char *value = NULL;
+  size_t valuelen;
+
+  /* For now we allow this only for local connections.  */
+  if (ctrl->restricted)
+    {
+      err = gpg_error (GPG_ERR_FORBIDDEN);
+      goto leave;
+    }
+
+  line = skip_options (line);
+
+  for (p=line; *p == ' '; p++)
+    ;
+  key = p;
+  p = strchr (key, ' ');
+  if (p)
+    {
+      *p++ = 0;
+      for (; *p == ' '; p++)
+        ;
+      if (*p)
+        {
+          err = set_error (GPG_ERR_ASS_PARAMETER, "too many arguments");
+          goto leave;
+        }
+    }
+  if (!*key)
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER, "no key given");
+      goto leave;
+    }
+
+
+  value = agent_get_cache (ctrl, key, CACHE_MODE_DATA);
+  if (!value)
+    {
+      err = gpg_error (GPG_ERR_NO_DATA);
+      goto leave;
+    }
+
+  valuelen = percent_unescape_inplace (value, 0);
+  err = assuan_send_data (ctx, value, valuelen);
+  wipememory (value, valuelen);
+
+ leave:
+  xfree (value);
+  return leave_cmd (ctx, err);
+}
+
+
+static const char hlp_put_secret[] =
+  "PUT_SECRET [--clear] <key> <ttl> [<percent_escaped_value>]\n"
+  "\n"
+  "This commands stores a secret under KEY in gpg-agent's in-memory\n"
+  "cache.  The TTL must be explicitly given by TTL and the options\n"
+  "from the configuration file are not used.  The value is either given\n"
+  "percent-escaped as 3rd argument or if not given inquired by gpg-agent\n"
+  "using the keyword \"SECRET\".\n"
+  "The option --clear removes the secret from the cache."
+  "";
+static gpg_error_t
+cmd_put_secret (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  int opt_clear;
+  unsigned char *value = NULL;
+  size_t valuelen = 0;
+  size_t n;
+  char *p, *key, *ttlstr;
+  unsigned char *valstr;
+  int ttl;
+  char *string = NULL;
+
+  /* For now we allow this only for local connections.  */
+  if (ctrl->restricted)
+    {
+      err = gpg_error (GPG_ERR_FORBIDDEN);
+      goto leave;
+    }
+
+  opt_clear = has_option (line, "--clear");
+  line = skip_options (line);
+
+  for (p=line; *p == ' '; p++)
+    ;
+  key = p;
+  ttlstr = NULL;
+  valstr = NULL;
+  p = strchr (key, ' ');
+  if (p)
+    {
+      *p++ = 0;
+      for (; *p == ' '; p++)
+        ;
+      if (*p)
+        {
+          ttlstr = p;
+          p = strchr (ttlstr, ' ');
+          if (p)
+            {
+              *p++ = 0;
+              for (; *p == ' '; p++)
+                ;
+              if (*p)
+                valstr = p;
+            }
+        }
+    }
+  if (!*key)
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER, "no key given");
+      goto leave;
+    }
+  if (!ttlstr || !*ttlstr || !(n = parse_ttl (ttlstr, &ttl)))
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER, "no or invalid TTL given");
+      goto leave;
+    }
+  if (valstr && opt_clear)
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER,
+                       "value not expected with --clear");
+      goto leave;
+    }
+
+  if (valstr)
+    {
+      valuelen = percent_unescape_inplace (valstr, 0);
+      value = NULL;
+    }
+  else /* Inquire the value to store */
+    {
+      err = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u",MAXLEN_PUT_SECRET);
+      if (!err)
+        err = assuan_inquire (ctx, "SECRET",
+                              &value, &valuelen, MAXLEN_PUT_SECRET);
+      if (err)
+        goto leave;
+    }
+
+  /* Our cache expects strings and thus we need to turn the buffer
+   * into a string.  Instead of resorting to base64 encoding we use a
+   * special percent escaping which only quoted the Nul and the
+   * percent character. */
+  string = percent_data_escape (0, NULL, value? value : valstr, valuelen);
+  if (!string)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  err = agent_put_cache (ctrl, key, CACHE_MODE_DATA, string, ttl);
+
+
+ leave:
+  if (string)
+    {
+      wipememory (string, strlen (string));
+      xfree (string);
+    }
+  if (value)
+    {
+      wipememory (value, valuelen);
+      xfree (value);
+    }
+  return leave_cmd (ctx, err);
+}
+
+
+
+static const char hlp_keytotpm[] =
+  "KEYTOTPM <hexstring_with_keygrip>\n"
+  "\n";
+static gpg_error_t
+cmd_keytotpm (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  unsigned char grip[20];
+  gcry_sexp_t s_skey;
+  unsigned char *shadow_info = NULL;
+
+  if (ctrl->restricted)
+    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
+
+  err = parse_keygrip (ctx, line, grip);
+  if (err)
+    goto leave;
+
+  if (agent_key_available (grip))
+    {
+      err =gpg_error (GPG_ERR_NO_SECKEY);
+      goto leave;
+    }
+
+  err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip,
+                             &shadow_info, CACHE_MODE_IGNORE, NULL,
+                             &s_skey, NULL);
+  if (err)
+    {
+      xfree (shadow_info);
+      goto leave;
+    }
+  if (shadow_info)
+    {
+      /* Key is on a TPM or smartcard already.  */
+      xfree (shadow_info);
+      gcry_sexp_release (s_skey);
+      err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
+      goto leave;
+    }
+
+  err = divert_tpm2_writekey (ctrl, grip, s_skey);
+  gcry_sexp_release (s_skey);
+
+ leave:
   return leave_cmd (ctx, err);
 }
 
@@ -3146,7 +3514,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
     }
   else if (!strcmp (line, "scd_running"))
     {
-      rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_FALSE);
+      rc = agent_daemon_check_running (DAEMON_SCD)? 0:gpg_error (GPG_ERR_FALSE);
     }
   else if (!strcmp (line, "std_env_names"))
     {
@@ -3219,7 +3587,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
   else if (!strcmp (line, "jent_active"))
     {
       char *buf;
-      char *fields[5];
+      const char *fields[5];
 
       buf = gcry_get_config (0, "rng-type");
       if (buf
@@ -3486,6 +3854,8 @@ register_commands (assuan_context_t ctx)
     { "IMPORT_KEY",     cmd_import_key, hlp_import_key },
     { "EXPORT_KEY",     cmd_export_key, hlp_export_key },
     { "DELETE_KEY",     cmd_delete_key, hlp_delete_key },
+    { "GET_SECRET",     cmd_get_secret, hlp_get_secret },
+    { "PUT_SECRET",     cmd_put_secret, hlp_put_secret },
     { "GETVAL",         cmd_getval,    hlp_getval },
     { "PUTVAL",         cmd_putval,    hlp_putval },
     { "UPDATESTARTUPTTY",  cmd_updatestartuptty, hlp_updatestartuptty },
@@ -3493,6 +3863,7 @@ register_commands (assuan_context_t ctx)
     { "RELOADAGENT",    cmd_reloadagent,hlp_reloadagent },
     { "GETINFO",        cmd_getinfo,   hlp_getinfo },
     { "KEYTOCARD",      cmd_keytocard, hlp_keytocard },
+    { "KEYTOTPM",	cmd_keytotpm, hlp_keytotpm },
     { NULL }
   };
   int i, rc;
@@ -3571,14 +3942,17 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
   ctrl->server_local->assuan_ctx = ctx;
   ctrl->server_local->use_cache_for_signing = 1;
 
+  ctrl->digest.data = NULL;
   ctrl->digest.raw_value = 0;
+  ctrl->digest.is_pss = 0;
 
   assuan_set_io_monitor (ctx, io_monitor, NULL);
   agent_set_progress_cb (progress_cb, ctrl);
 
   for (;;)
     {
-      pid_t client_pid;
+      assuan_peercred_t client_creds; /* Note: Points into CTX.  */
+      pid_t pid;
 
       rc = assuan_accept (ctx);
       if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
@@ -3591,12 +3965,29 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
           break;
         }
 
-      client_pid = assuan_get_pid (ctx);
-      ctrl->server_local->connect_from_self = (client_pid == getpid ());
-      if (client_pid != ASSUAN_INVALID_PID)
-        ctrl->client_pid = (unsigned long)client_pid;
+      rc = assuan_get_peercred (ctx, &client_creds);
+      if (rc)
+        {
+
+          if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
+            ;
+          else
+            log_info ("Assuan get_peercred failed: %s\n", gpg_strerror (rc));
+          pid = assuan_get_pid (ctx);
+          ctrl->client_uid = -1;
+        }
       else
-        ctrl->client_pid = 0;
+        {
+#ifdef HAVE_W32_SYSTEM
+          pid = assuan_get_pid (ctx);
+          ctrl->client_uid = -1;
+#else
+          pid = client_creds->pid;
+          ctrl->client_uid = client_creds->uid;
+#endif
+        }
+      ctrl->client_pid = (pid == ASSUAN_INVALID_PID)? 0 : (unsigned long)pid;
+      ctrl->server_local->connect_from_self = (pid == getpid ());
 
       rc = assuan_process (ctx);
       if (rc)
@@ -3606,11 +3997,14 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
         }
     }
 
+  /* Clear the keyinfo cache.  */
+  agent_card_free_keyinfo (ctrl->server_local->last_card_keyinfo.ki);
+
   /* Reset the nonce caches.  */
   clear_nonce_cache (ctrl);
 
   /* Reset the SCD if needed. */
-  agent_reset_scd (ctrl);
+  agent_reset_daemon (ctrl);
 
   /* Reset the pinentry (in case of popup messages). */
   agent_reset_query (ctrl);
@@ -3646,3 +4040,26 @@ pinentry_loopback(ctrl_t ctrl, const char *keyword,
   assuan_end_confidential (ctx);
   return rc;
 }
+
+/* Helper for the pinentry loopback mode to ask confirmation
+   or just to show message.  */
+gpg_error_t
+pinentry_loopback_confirm (ctrl_t ctrl, const char *desc,
+                           int ask_confirmation,
+                           const char *ok, const char *notok)
+{
+  gpg_error_t err = 0;
+  assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+
+  if (desc)
+    err = print_assuan_status (ctx, "SETDESC", "%s", desc);
+  if (!err && ok)
+    err = print_assuan_status (ctx, "SETOK", "%s", ok);
+  if (!err && notok)
+    err = print_assuan_status (ctx, "SETNOTOK", "%s", notok);
+
+  if (!err)
+    err = assuan_inquire (ctx, ask_confirmation ? "CONFIRM 1" : "CONFIRM 0",
+                          NULL, NULL, 0);
+  return err;
+}
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 78f2989..3da553f 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "agent.h"
 #include "../common/i18n.h"
@@ -158,7 +157,7 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
           if (!strcmp (curve, "Ed25519"))
             /* Do not store the OID as name but the real name and the
                EdDSA flag.  */
-            format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%M)))";
+            format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
           else if (!strcmp (curve, "Curve25519"))
             format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
           else
@@ -375,6 +374,38 @@ prepare_unprotect (int pubkey_algo, gcry_mpi_t *skey, size_t skeysize,
 }
 
 
+/* Scan octet string in the PGP format (length-in-two-octet octets) */
+static int
+scan_pgp_format (gcry_mpi_t *r_mpi, int pubkey_algo,
+                 const unsigned char *buffer,
+                 size_t buflen, size_t *r_nbytes)
+{
+  /* Using gcry_mpi_scan with GCRYMPI_FLAG_PGP can be used if it is
+     MPI, but it will be "normalized" removing leading zeros.  */
+  unsigned int nbits, nbytes;
+
+  if (pubkey_algo != GCRY_PK_ECC)
+    return gcry_mpi_scan (r_mpi, GCRYMPI_FMT_PGP, buffer, buflen, r_nbytes);
+
+  /* It's ECC, where we use SOS.  */
+
+  if (buflen < 2)
+    return GPG_ERR_INV_OBJ;
+
+  nbits = (buffer[0] << 8) | buffer[1];
+  if (nbits >= 16384)
+    return GPG_ERR_INV_OBJ;
+
+  nbytes = (nbits + 7) / 8;
+  if (buflen < nbytes + 2)
+    return GPG_ERR_INV_OBJ;
+
+  *r_nbytes = nbytes + 2;
+  *r_mpi = gcry_mpi_set_opaque_copy (NULL, buffer+2, nbits);
+  return 0;
+}
+
+
 /* Note that this function modifies SKEY.  SKEYSIZE is the allocated
    size of the array including the NULL item; this is used for a
    bounds check.  On success a converted key is stored at R_KEY.  */
@@ -408,29 +439,43 @@ do_unprotect (const char *passphrase,
       actual_csum = 0;
       for (i=npkey; i < nskey; i++)
         {
+          unsigned char *buffer;
+
           if (!skey[i] || gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1))
             return gpg_error (GPG_ERR_BAD_SECKEY);
 
           if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE))
             {
               unsigned int nbits;
-              const unsigned char *buffer;
               buffer = gcry_mpi_get_opaque (skey[i], &nbits);
               nbytes = (nbits+7)/8;
+
+              nbits = nbytes * 8;
+              if (*buffer)
+                if (nbits >= 8 && !(*buffer & 0x80))
+                  if (--nbits >= 7 && !(*buffer & 0x40))
+                    if (--nbits >= 6 && !(*buffer & 0x20))
+                      if (--nbits >= 5 && !(*buffer & 0x10))
+                        if (--nbits >= 4 && !(*buffer & 0x08))
+                          if (--nbits >= 3 && !(*buffer & 0x04))
+                            if (--nbits >= 2 && !(*buffer & 0x02))
+                              if (--nbits >= 1 && !(*buffer & 0x01))
+                                --nbits;
+
+              actual_csum += (nbits >> 8);
+              actual_csum += (nbits & 0xff);
               actual_csum += checksum (buffer, nbytes);
             }
           else
             {
-              unsigned char *buffer;
-
               err = gcry_mpi_aprint (GCRYMPI_FMT_PGP, &buffer, &nbytes,
                                      skey[i]);
-              if (!err)
-                actual_csum += checksum (buffer, nbytes);
+              if (err)
+                return err;
+
+              actual_csum += checksum (buffer, nbytes);
               xfree (buffer);
             }
-          if (err)
-            return err;
         }
 
       if (actual_csum != desired_csum)
@@ -488,7 +533,7 @@ do_unprotect (const char *passphrase,
       unsigned char *data;
       u16 csum_pgp7 = 0;
 
-      if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE ))
+      if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_USER1))
         {
           gcry_cipher_close (cipher_hd);
           return gpg_error (GPG_ERR_BAD_SECKEY);
@@ -557,7 +602,7 @@ do_unprotect (const char *passphrase,
         {
           for (i=npkey; i < nskey; i++ )
             {
-              if (gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_PGP, p, ndata, &nbytes))
+              if (scan_pgp_format (&tmpmpi, pubkey_algo, p, ndata, &nbytes))
                 {
                   /* Checksum was okay, but not correctly decrypted.  */
                   desired_csum = 0;
@@ -571,7 +616,7 @@ do_unprotect (const char *passphrase,
             }
           skey[i] = NULL;
           skeylen = i;
-          assert (skeylen <= skeysize);
+          log_assert (skeylen <= skeysize);
 
           /* Note: at this point NDATA should be 2 for a simple
              checksum or 20 for the sha1 digest.  */
@@ -588,7 +633,7 @@ do_unprotect (const char *passphrase,
           size_t ndata;
           unsigned int ndatabits;
 
-          if (!skey[i] || !gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE))
+          if (!skey[i] || !gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1))
             {
               gcry_cipher_close (cipher_hd);
               return gpg_error (GPG_ERR_BAD_SECKEY);
@@ -615,7 +660,7 @@ do_unprotect (const char *passphrase,
           buffer[1] = p[1];
           gcry_cipher_decrypt (cipher_hd, buffer+2, ndata-2, p+2, ndata-2);
           actual_csum += checksum (buffer, ndata);
-          err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_PGP, buffer, ndata, &ndata);
+          err = scan_pgp_format (&tmpmpi, pubkey_algo, buffer, ndata, &nbytes);
           xfree (buffer);
           if (err)
             {
@@ -838,13 +883,14 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist,
       value = gcry_sexp_nth_data (list, ++idx, &valuelen);
       if (!value || !valuelen)
         goto bad_seckey;
-      if (is_enc)
+      if (is_enc || npkey == 1 /* This is ECC */)
         {
-          /* Encrypted parameters need to be stored as opaque.  */
           skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, valuelen*8);
           if (!skey[skeyidx])
             goto outofmem;
-          gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
+          if (is_enc)
+            /* Encrypted parameters need to have a USER1 flag.  */
+            gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
         }
       else
         {
@@ -946,8 +992,6 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist,
       if (!is_protected)
         {
           err = try_do_unprotect_cb (pi);
-          if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
-            err = gpg_error (GPG_ERR_BAD_SECKEY);
         }
       else if (cache_nonce)
         {
@@ -1069,8 +1113,8 @@ convert_from_openpgp_native (ctrl_t ctrl,
           if (!agent_protect (*r_key, passphrase,
                               &protectedkey, &protectedkeylen,
                               ctrl->s2k_count, -1))
-            agent_write_private_key (grip, protectedkey, protectedkeylen,
-                                     1, 0, NULL, NULL, NULL);
+            agent_write_private_key (grip, protectedkey, protectedkeylen, 1,
+                                     NULL, NULL, 0);
           xfree (protectedkey);
         }
       else
@@ -1079,7 +1123,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
           agent_write_private_key (grip,
                                    *r_key,
                                    gcry_sexp_canon_len (*r_key, 0, NULL,NULL),
-                                   1, 0, NULL, NULL, NULL);
+                                   1, NULL, NULL, 0);
         }
     }
 
@@ -1107,22 +1151,39 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
   int ndata;
   unsigned char *p, *data;
 
-  assert (npkey < nskey);
-  assert (nskey < DIM (bufarr));
+  log_assert (npkey < nskey);
+  log_assert (nskey < DIM (bufarr));
 
   /* Collect only the secret key parameters into BUFARR et al and
      compute the required size of the data buffer.  */
   ndata = 20; /* Space for the SHA-1 checksum.  */
   for (i = npkey, j = 0; i < nskey; i++, j++ )
     {
-      err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
+      if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
+        {
+          p = gcry_mpi_get_opaque (array[i], &nbits[j]);
+          narr[j] = (nbits[j] + 7)/8;
+          data = xtrymalloc_secure (narr[j]);
+          if (!data)
+            err = gpg_error_from_syserror ();
+          else
+            {
+              memcpy (data, p, narr[j]);
+              bufarr[j] = data;
+              err = 0;
+            }
+        }
+      else
+        {
+          err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
+          nbits[j] = gcry_mpi_get_nbits (array[i]);
+        }
       if (err)
         {
           for (i = 0; i < j; i++)
             xfree (bufarr[i]);
           return err;
         }
-      nbits[j] = gcry_mpi_get_nbits (array[i]);
       ndata += 2 + narr[j];
     }
 
@@ -1145,7 +1206,7 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
       xfree (bufarr[i]);
       bufarr[i] = NULL;
     }
-  assert (p == data + ndata - 20);
+  log_assert (p == data + ndata - 20);
 
   /* Append a hash of the secret key parameters.  */
   gcry_md_hash_buffer (GCRY_MD_SHA1, p, data, ndata - 20);
@@ -1174,6 +1235,7 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
       array[i] = NULL;
     }
   array[npkey] = gcry_mpi_set_opaque (NULL, data, ndata*8);
+  gcry_mpi_set_flag (array[npkey], GCRYMPI_FLAG_USER1);
   return 0;
 }
 
@@ -1202,7 +1264,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
   gpg_error_t err;
   gcry_sexp_t list, l2;
   char *name;
-  const char *algoname, *format;
+  const char *algoname, *format, *elems;
   int npkey, nskey;
   gcry_sexp_t curve = NULL;
   gcry_sexp_t flags = NULL;
@@ -1247,7 +1309,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
   if (!strcmp (name, "rsa"))
     {
       algoname = "rsa";
-      format = "ned?p?q?u?";
+      format = elems = "ned?p?q?u?";
       npkey = 2;
       nskey = 6;
       err = gcry_sexp_extract_param (list, NULL, format,
@@ -1257,7 +1319,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
   else if (!strcmp (name, "elg"))
     {
       algoname = "elg";
-      format = "pgyx?";
+      format = elems = "pgyx?";
       npkey = 3;
       nskey = 4;
       err = gcry_sexp_extract_param (list, NULL, format,
@@ -1267,7 +1329,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
   else if (!strcmp (name, "dsa"))
     {
       algoname = "dsa";
-      format = "pqgyx?";
+      format = elems = "pqgyx?";
       npkey = 4;
       nskey = 5;
       err = gcry_sexp_extract_param (list, NULL, format,
@@ -1277,7 +1339,8 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
   else if (!strcmp (name, "ecc") || !strcmp (name, "ecdsa"))
     {
       algoname = "ecc";
-      format = "qd?";
+      format = "/qd?";
+      elems = "qd?";
       npkey = 1;
       nskey = 2;
       curve = gcry_sexp_find_token (list, "curve", 0);
@@ -1301,7 +1364,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
     {
       *r_algoname = algoname;
       if (r_elems)
-        *r_elems = format;
+        *r_elems = elems;
       *r_npkey = npkey;
       if (r_nskey)
         *r_nskey = nskey;
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index b9ea7e7..273f3a8 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -31,201 +31,109 @@
 #include "../common/i18n.h"
 #include "../common/sexp-parse.h"
 
-/* Replace all linefeeds in STRING by "%0A" and return a new malloced
- * string.  May return NULL on memory error.  */
-static char *
-linefeed_to_percent0A (const char *string)
-{
-  const char *s;
-  size_t n;
-  char *buf, *p;
-
-  for (n=0, s=string; *s; s++)
-    if (*s == '\n')
-      n += 3;
-    else
-      n++;
-  p = buf = xtrymalloc (n+1);
-  if (!buf)
-    return NULL;
-  for (s=string; *s; s++)
-    if (*s == '\n')
-      {
-        memcpy (p, "%0A", 3);
-        p += 3;
-      }
-    else
-      *p++ = *s;
-  *p = 0;
-  return buf;
-}
 
-
-/* Ask for the card using SHADOW_INFO.  If GRIP is not NULL, the
- * function also tries to find additional information from the shadow
- * key file.  */
-static int
+static gpg_error_t
 ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info,
               const unsigned char *grip, char **r_kid)
 {
-  int rc, i;
   char *serialno;
-  int no_card = 0;
   char *desc;
-  char *want_sn, *want_kid, *want_sn_disp;
-  int got_sn_disp_from_meta = 0;
+  char *want_sn;
   int len;
-  char *comment = NULL;
+  gpg_error_t err;
+  char hexgrip[41];
 
   *r_kid = NULL;
+  bin2hex (grip, 20, hexgrip);
 
-  rc = parse_shadow_info (shadow_info, &want_sn, &want_kid, NULL);
-  if (rc)
-    return rc;
-  want_sn_disp = xtrystrdup (want_sn);
-  if (!want_sn_disp)
+  if (shadow_info)
     {
-      rc = gpg_error_from_syserror ();
-      xfree (want_sn);
-      xfree (want_kid);
-      xfree (comment);
-      return rc;
+      err = parse_shadow_info (shadow_info, &want_sn, NULL, NULL);
+      if (err)
+        return err;
     }
+  else
+    want_sn = NULL;
 
-  if (grip)
+  len = want_sn? strlen (want_sn) : 0;
+  if (len == 32 && !strncmp (want_sn, "D27600012401", 12))
     {
-      nvc_t keymeta;
-      const char *s;
-      size_t snlen;
-      nve_t item;
-      char **tokenfields = NULL;
-
-      rc = agent_keymeta_from_file (ctrl, grip, &keymeta);
-      if (!rc)
+      /* This is an OpenPGP card - reformat  */
+      if (!strncmp (want_sn+16, "0006", 4))
         {
-          snlen = strlen (want_sn);
-          s = NULL;
-          for (item = nvc_lookup (keymeta, "Token:");
-               item;
-               item = nve_next_value (item, "Token:"))
-            if ((s = nve_value (item)) && !strncmp (s, want_sn, snlen))
-              break;
-          if (s && (tokenfields = strtokenize (s, " \t\n")))
-            {
-              if (tokenfields[0] && tokenfields[1] && tokenfields[2]
-                  && tokenfields[3] && strlen (tokenfields[3]) > 1)
-                {
-                  xfree (want_sn_disp);
-                  want_sn_disp = percent_plus_unescape (tokenfields[3], 0xff);
-                  if (!want_sn_disp)
-                    {
-                      rc = gpg_error_from_syserror ();
-                      xfree (tokenfields);
-                      nvc_release (keymeta);
-                      xfree (want_sn);
-                      xfree (want_kid);
-                      xfree (comment);
-                      return rc;
-                    }
-                  got_sn_disp_from_meta = 1;
-                }
-
-              xfree (tokenfields);
-            }
-
-          if ((s = nvc_get_string (keymeta, "Label:")))
-            comment = linefeed_to_percent0A (s);
-
-          nvc_release (keymeta);
+          /* This is a Yubikey.  Print the s/n as it would be printed
+           * on Yubikey 5. Example: D2760001240100000006120808620000
+           *                                        mmmm^^^^^^^^      */
+          unsigned long sn;
+
+          sn  = atoi_4 (want_sn+20) * 10000;
+          sn += atoi_4 (want_sn+24);
+          snprintf (want_sn, 32, "%lu %03lu %03lu",
+                    (sn/1000000ul), (sn/1000ul % 1000ul), (sn % 1000ul));
+        }
+      else  /* Default is the Zeitcontrol card print format.  */
+        {
+          memmove (want_sn, want_sn+16, 4);
+          want_sn[4] = ' ';
+          memmove (want_sn+5, want_sn+20, 8);
+          want_sn[13] = 0;
         }
     }
-
-  len = strlen (want_sn_disp);
-  if (got_sn_disp_from_meta)
-    ; /* We got the the display S/N from the key file.  */
-  else if (len == 32 && !strncmp (want_sn_disp, "D27600012401", 12))
-    {
-      /* This is an OpenPGP card - reformat  */
-      memmove (want_sn_disp, want_sn_disp+16, 4);
-      want_sn_disp[4] = ' ';
-      memmove (want_sn_disp+5, want_sn_disp+20, 8);
-      want_sn_disp[13] = 0;
-    }
-  else if (len == 20 && want_sn_disp[19] == '0')
+  else if (len == 20 && want_sn[19] == '0')
     {
       /* We assume that a 20 byte serial number is a standard one
        * which has the property to have a zero in the last nibble (Due
        * to BCD representation).  We don't display this '0' because it
        * may confuse the user.  */
-      want_sn_disp[19] = 0;
+      want_sn[19] = 0;
     }
 
   for (;;)
     {
-      rc = agent_card_serialno (ctrl, &serialno, want_sn);
-      if (!rc)
+      /* Scan device(s), and check if key for GRIP is available.  */
+      err = agent_card_serialno (ctrl, &serialno, NULL);
+      if (!err)
         {
-          log_info ("detected card with S/N %s\n", serialno);
-          i = strcmp (serialno, want_sn);
+          struct card_key_info_s *keyinfo;
+
           xfree (serialno);
-          serialno = NULL;
-          if (!i)
+          err = agent_card_keyinfo (ctrl, hexgrip, 0, &keyinfo);
+          if (!err)
             {
-              xfree (want_sn_disp);
+              /* Key for GRIP found, use it directly.  */
+              agent_card_free_keyinfo (keyinfo);
               xfree (want_sn);
-              xfree (comment);
-              *r_kid = want_kid;
-              return 0; /* yes, we have the correct card */
+              if ((*r_kid = xtrystrdup (hexgrip)))
+                return 0;
+              else
+                return gpg_error_from_syserror ();
             }
         }
-      else if (gpg_err_code (rc) == GPG_ERR_ENODEV)
-        {
-          log_info ("no device present\n");
-          rc = 0;
-          no_card = 1;
-        }
-      else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
+
+      if (!want_sn)
+        ; /* No shadow info so we can't ask; ERR is already set.  */
+      else if (asprintf (&desc,
+                    "%s:%%0A%%0A"
+                    "  %s",
+                    L_("Please insert the card with serial number"),
+                    want_sn) < 0)
         {
-          log_info ("no card present\n");
-          rc = 0;
-          no_card = 2;
+          err = out_of_core ();
         }
       else
         {
-          log_error ("error accessing card: %s\n", gpg_strerror (rc));
-        }
+          err = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
+          if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
+              gpg_err_code (err) == GPG_ERR_NO_PIN_ENTRY)
+            err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
 
-      if (!rc)
-        {
-          if (asprintf (&desc,
-                    "%s:%%0A%%0A"
-                    "  %s%%0A"
-                    "  %s",
-                        no_card
-                        ? L_("Please insert the card with serial number")
-                        : L_("Please remove the current card and "
-                             "insert the one with serial number"),
-                        want_sn_disp, comment? comment:"") < 0)
-            {
-              rc = out_of_core ();
-            }
-          else
-            {
-              rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
-              if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
-                  gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY)
-                rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
-
-              xfree (desc);
-            }
+          xfree (desc);
         }
-      if (rc)
+
+      if (err)
         {
-          xfree (want_sn_disp);
           xfree (want_sn);
-          xfree (want_kid);
-          xfree (comment);
-          return rc;
+          return err;
         }
     }
 }
@@ -284,7 +192,7 @@ has_percent0A_suffix (const char *string)
    string with the passphrase, the buffer may optionally be padded
    with arbitrary characters.
 
-   If DESC_TEXT is not NULL it can be used as further informtion shown
+   If DESC_TEXT is not NULL it can be used as further information shown
    atop of the INFO message.
 
    INFO gets displayed as part of a generic string.  However if the
@@ -521,11 +429,13 @@ getpin_cb (void *opaque, const char *desc_text, const char *info,
  * smartcard.  DESC_TEXT is the original text for a prompt has send by
  * gpg to gpg-agent.
  *
+ * Note: If SHADOW_INFO is NULL the user can't be asked to insert the
+ * card, we simply try to use an inserted card with the given keygrip.
+ *
  * FIXME: Explain the other args.  */
 int
-divert_pksign (ctrl_t ctrl, const char *desc_text,
+divert_pksign (ctrl_t ctrl, const char *desc_text, const unsigned char *grip,
                const unsigned char *digest, size_t digestlen, int algo,
-               const unsigned char *grip,
                const unsigned char *shadow_info, unsigned char **r_sig,
                size_t *r_siglen)
 {
@@ -539,24 +449,17 @@ divert_pksign (ctrl_t ctrl, const char *desc_text,
   rc = ask_for_card (ctrl, shadow_info, grip, &kid);
   if (rc)
     return rc;
+  /* Note that the KID may be an keyref or a keygrip.  The signing
+   * functions handle both.  */
 
-  /* For OpenPGP cards we better use the keygrip as key reference.
-   * This has the advantage that app-openpgp can check that the stored
-   * key matches our expectation.  This is important in case new keys
-   * have been created on the same card but the sub file has not been
-   * updated.  In that case we would get a error from our final
-   * signature checking code or, if the pubkey algo is different,
-   * weird errors from the card (Conditions of use not satisfied).  */
-  if (kid && grip && !strncmp (kid, "OPENPGP.", 8))
+  if (!algo)
     {
-      xfree (kid);
-      kid = bin2hex (grip, KEYGRIP_LEN, NULL);
-      if (!kid)
-        return gpg_error_from_syserror ();
+      /* This is the PureEdDSA case.  (DIGEST,DIGESTLEN) this the
+       * entire data which will be signed.  */
+      rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
+                              0, digest, digestlen, &sigval, &siglen);
     }
-
-
-  if (algo == MD_USER_TLS_MD5SHA1)
+  else if (algo == MD_USER_TLS_MD5SHA1)
     {
       int save = ctrl->use_auth_call;
       ctrl->use_auth_call = 1;
@@ -596,8 +499,8 @@ divert_pksign (ctrl_t ctrl, const char *desc_text,
    R_PADDING with -1 for not known.  */
 int
 divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
-                  const unsigned char *cipher,
                   const unsigned char *grip,
+                  const unsigned char *cipher,
                   const unsigned char *shadow_info,
                   char **r_buf, size_t *r_len, int *r_padding)
 {
@@ -692,21 +595,6 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   if (rc)
     return rc;
 
-  /* For OpenPGP cards we better use the keygrip as key reference.
-   * This has the advantage that app-openpgp can check that the stored
-   * key matches our expectation.  This is important in case new keys
-   * have been created on the same card but the sub file has not been
-   * updated.  In that case we would get a error from our final
-   * signature checking code or, if the pubkey algo is different,
-   * weird errors from the card (Conditions of use not satisfied).  */
-  if (kid && grip && !strncmp (kid, "OPENPGP.", 8))
-    {
-      xfree (kid);
-      kid = bin2hex (grip, KEYGRIP_LEN, NULL);
-      if (!kid)
-        return gpg_error_from_syserror ();
-    }
-
   rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl, NULL,
                              ciphertext, ciphertextlen,
                              &plaintext, &plaintextlen, r_padding);
@@ -719,12 +607,13 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   return rc;
 }
 
-int
+
+gpg_error_t
 divert_writekey (ctrl_t ctrl, int force, const char *serialno,
-                 const char *id, const char *keydata, size_t keydatalen)
+                 const char *keyref, const char *keydata, size_t keydatalen)
 {
-  return agent_card_writekey (ctrl, force, serialno, id, keydata, keydatalen,
-                              getpin_cb, ctrl);
+  return agent_card_writekey (ctrl, force, serialno, keyref,
+                              keydata, keydatalen, getpin_cb, ctrl);
 }
 
 int
diff --git a/agent/divert-tpm2.c b/agent/divert-tpm2.c
new file mode 100644
index 0000000..0741c68
--- /dev/null
+++ b/agent/divert-tpm2.c
@@ -0,0 +1,147 @@
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+#include "../common/i18n.h"
+#include "../common/sexp-parse.h"
+
+int
+divert_tpm2_pksign (ctrl_t ctrl, const char *desc_text,
+                    const unsigned char *digest, size_t digestlen, int algo,
+                    const unsigned char *shadow_info, unsigned char **r_sig,
+                    size_t *r_siglen)
+{
+  (void)desc_text;
+  (void)algo;
+  return agent_tpm2d_pksign(ctrl, digest, digestlen,
+			    shadow_info, r_sig, r_siglen);
+}
+
+
+static gpg_error_t
+agent_write_tpm2_shadow_key (ctrl_t ctrl, const unsigned char *grip,
+			     unsigned char *shadow_info)
+{
+  gpg_error_t err;
+  unsigned char *shdkey;
+  unsigned char *pkbuf;
+  size_t len;
+  gcry_sexp_t s_pkey;
+
+  err = agent_public_key_from_file (ctrl, grip, &s_pkey);
+  len = gcry_sexp_sprint(s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
+  pkbuf = xtrymalloc (len);
+  gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, len);
+  gcry_sexp_release (s_pkey);
+
+  err = agent_shadow_key_type (pkbuf, shadow_info, "tpm2-v1", &shdkey);
+  xfree (pkbuf);
+  if (err)
+    {
+      log_error ("shadowing the key failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
+  len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
+  err = agent_write_private_key (grip, shdkey, len, 1 /*force*/,
+                                 NULL, NULL, 0);
+  xfree (shdkey);
+  if (err)
+    log_error ("error writing key: %s\n", gpg_strerror (err));
+
+  return err;
+}
+
+int
+divert_tpm2_writekey (ctrl_t ctrl, const unsigned char *grip,
+                      gcry_sexp_t s_skey)
+{
+  int ret;
+  /* shadow_info is always shielded so no special handling required */
+  unsigned char *shadow_info;
+
+  ret = agent_tpm2d_writekey(ctrl, &shadow_info, s_skey);
+  if (!ret) {
+    ret = agent_write_tpm2_shadow_key (ctrl, grip, shadow_info);
+    xfree (shadow_info);
+  }
+  return ret;
+}
+
+int
+divert_tpm2_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+                       const unsigned char *cipher,
+                       const unsigned char *shadow_info,
+                       char **r_buf, size_t *r_len, int *r_padding)
+{
+  const unsigned char *s;
+  size_t n;
+
+  *r_padding = -1;
+
+  (void)desc_text;
+
+  s = cipher;
+  if (*s != '(')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+  if (!smatch (&s, n, "enc-val"))
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  if (*s != '(')
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  s++;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+  if (smatch (&s, n, "rsa"))
+    {
+      *r_padding = 0;
+      if (*s != '(')
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (!smatch (&s, n, "a"))
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+      n = snext (&s);
+    }
+  else if (smatch (&s, n, "ecdh"))
+    {
+      if (*s != '(')
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (smatch (&s, n, "s"))
+        {
+          n = snext (&s);
+          s += n;
+          if (*s++ != ')')
+            return gpg_error (GPG_ERR_INV_SEXP);
+          if (*s++ != '(')
+            return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+          n = snext (&s);
+          if (!n)
+            return gpg_error (GPG_ERR_INV_SEXP);
+        }
+      if (!smatch (&s, n, "e"))
+        return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+      n = snext (&s);
+    }
+  else
+    return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+
+  return agent_tpm2d_pkdecrypt (ctrl, s, n, shadow_info, r_buf, r_len);
+}
diff --git a/agent/findkey.c b/agent/findkey.c
index dadcc3c..28ff617 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1,7 +1,7 @@
 /* findkey.c - Locate the secret key
  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007,
  *               2010, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 2014, 2019 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -26,10 +26,8 @@
 #include <string.h>
 #include <ctype.h>
 #include <fcntl.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
-#include <assert.h>
 #include <npth.h> /* (we use pth_sleep) */
 
 #include "agent.h"
@@ -52,64 +50,67 @@ struct try_unprotect_arg_s
 };
 
 
-/* Return the file name for the 20 byte keygrip GRIP.  Return NULL on
- * error. */
+/* Repalce all linefeeds in STRING by "%0A" and return a new malloced
+ * string.  May return NULL on memory error.  */
 static char *
-fname_from_keygrip (const unsigned char *grip)
+linefeed_to_percent0A (const char *string)
 {
-  char hexgrip[40+4+1];
-
-  bin2hex (grip, 20, hexgrip);
-  strcpy (hexgrip+40, ".key");
-
-  return make_filename_try (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR,
-                            hexgrip, NULL);
+  const char *s;
+  size_t n;
+  char *buf, *p;
+
+  for (n=0, s=string; *s; s++)
+    if (*s == '\n')
+      n += 3;
+    else
+      n++;
+  p = buf = xtrymalloc (n+1);
+  if (!buf)
+    return NULL;
+  for (s=string; *s; s++)
+    if (*s == '\n')
+      {
+        memcpy (p, "%0A", 3);
+        p += 3;
+      }
+    else
+      *p++ = *s;
+  *p = 0;
+  return buf;
 }
 
 
-/* Note: Ownership of FNAME and FP are moved to this function.
- * OLD_FORMAT is true if the file exists but is still in the
- * non-extended mode format.  If MAYBE_UPDATE is set the function
- * assumes that the file exists but writes it only if it figures that
- * an update is required.  */
+/* Note: Ownership of FNAME and FP are moved to this function.  */
 static gpg_error_t
-write_extended_private_key (int maybe_update,
-                            char *fname, estream_t fp,
-                            int old_format, int newkey,
-                            const void *buf, size_t len, time_t timestamp,
+write_extended_private_key (char *fname, estream_t fp, int update, int newkey,
+                            const void *buf, size_t len,
                             const char *serialno, const char *keyref,
-                            const char *dispserialno)
+                            time_t timestamp)
 {
   gpg_error_t err;
   nvc_t pk = NULL;
   gcry_sexp_t key = NULL;
   int remove = 0;
-  char *token0 = NULL;
   char *token = NULL;
-  char *dispserialno_buffer = NULL;
-  char **tokenfields = NULL;
 
-  if (old_format || newkey)
+  if (update)
     {
-      /* We must create a new NVC if the key is still in the old
-       * format and of course if it is a new key.  */
-      pk = nvc_new_private_key ();
-      if (!pk)
+      int line;
+
+      err = nvc_parse_private_key (&pk, &line, fp);
+      if (err && gpg_err_code (err) != GPG_ERR_ENOENT)
         {
-          err = gpg_error_from_syserror ();
+          log_error ("error parsing '%s' line %d: %s\n",
+                     fname, line, gpg_strerror (err));
           goto leave;
         }
-      maybe_update = 0; /* Always write.  */
     }
   else
-    { /* Parse the existing NVC.  */
-      int lineno = 0;
-
-      err = nvc_parse_private_key (&pk, &lineno, fp);
-      if (err)
+    {
+      pk = nvc_new_private_key ();
+      if (!pk)
         {
-          log_error ("error parsing '%s' line %d: %s\n",
-                     fname, lineno, gpg_strerror (err));
+          err = gpg_error_from_syserror ();
           goto leave;
         }
     }
@@ -123,53 +124,24 @@ write_extended_private_key (int maybe_update,
   if (err)
     goto leave;
 
-  /* If a timestamp has been supplied and the key is new write a
-   * creation timestamp.  Note that we can't add this item if we are
-   * still in the old format.  We also add an extra check that there
-   * is no Created item yet.  */
-  if (timestamp && newkey && !nvc_lookup (pk, "Created:"))
-    {
-      gnupg_isotime_t timebuf;
-
-      epoch2isotime (timebuf, timestamp);
-      err = nvc_add (pk, "Created:", timebuf);
-      if (err)
-        goto leave;
-    }
-
   /* If requested write a Token line.  */
   if (serialno && keyref)
     {
       nve_t item;
       const char *s;
-      size_t token0len;
 
-      if (dispserialno)
-        {
-          /* Escape the DISPSERIALNO.  */
-          dispserialno_buffer = percent_plus_escape (dispserialno);
-          if (!dispserialno_buffer)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          dispserialno = dispserialno_buffer;
-        }
-
-      token0 = strconcat (serialno, " ", keyref, NULL);
-      if (token0)
-        token = strconcat (token0, " - ", dispserialno? dispserialno:"-", NULL);
-      if (!token0 || !token)
+      token = strconcat (serialno, " ", keyref, NULL);
+      if (!token)
         {
           err = gpg_error_from_syserror ();
           goto leave;
         }
 
-      token0len = strlen (token0);
+      /* fixme: the strcmp should compare only the first two strings.  */
       for (item = nvc_lookup (pk, "Token:");
            item;
            item = nve_next_value (item, "Token:"))
-        if ((s = nve_value (item)) && !strncmp (s, token0, token0len))
+        if ((s = nve_value (item)) && !strcmp (s, token))
           break;
       if (!item)
         {
@@ -179,50 +151,41 @@ write_extended_private_key (int maybe_update,
           err = nvc_add (pk, "Token:", token);
           if (err)
             goto leave;
-          maybe_update = 0; /* Force write.  */
-        }
-      else
-        {
-          /* Token exists: Update the display s/n.  It may have
-           * changed due to changes in a newer software version.  */
-          if (maybe_update && s && (tokenfields = strtokenize (s, " \t\n"))
-              && tokenfields[0] && tokenfields[1] && tokenfields[2]
-              && tokenfields[3]
-              && !strcmp (tokenfields[3], dispserialno))
-            ; /* No need to update Token entry.  */
-          else
-            {
-              err = nve_set (item, token);
-              if (err)
-                goto leave;
-              maybe_update = 0; /* Force write.  */
-            }
         }
     }
 
+  /* If a timestamp has been supplied and the key is new write a
+   * creation timestamp.  (We douple check that there is no Created
+   * item yet.)*/
+  if (timestamp && newkey && !nvc_lookup (pk, "Created:"))
+    {
+      gnupg_isotime_t timebuf;
+
+      epoch2isotime (timebuf, timestamp);
+      err = nvc_add (pk, "Created:", timebuf);
+      if (err)
+        goto leave;
+    }
+
+
   err = es_fseek (fp, 0, SEEK_SET);
   if (err)
     goto leave;
 
-  if (!maybe_update)
+  err = nvc_write (pk, fp);
+  if (err)
     {
-      err = nvc_write (pk, fp);
-      if (!err)
-        err = es_fflush (fp);
-      if (err)
-        {
-          log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
-          remove = 1;
-          goto leave;
-        }
+      log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
+      remove = 1;
+      goto leave;
+    }
 
-      if (ftruncate (es_fileno (fp), es_ftello (fp)))
-        {
-          err = gpg_error_from_syserror ();
-          log_error ("error truncating '%s': %s\n", fname, gpg_strerror (err));
-          remove = 1;
-          goto leave;
-        }
+  if (ftruncate (es_fileno (fp), es_ftello (fp)))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error truncating '%s': %s\n", fname, gpg_strerror (err));
+      remove = 1;
+      goto leave;
     }
 
   if (es_fclose (fp))
@@ -235,41 +198,40 @@ write_extended_private_key (int maybe_update,
   else
     fp = NULL;
 
-  if (!maybe_update)
-    bump_key_eventcounter ();
+  bump_key_eventcounter ();
 
  leave:
   es_fclose (fp);
   if (remove)
     gnupg_remove (fname);
   xfree (fname);
-  xfree (token);
-  xfree (token0);
-  xfree (dispserialno_buffer);
-  xfree (tokenfields);
   gcry_sexp_release (key);
   nvc_release (pk);
+  xfree (token);
   return err;
 }
 
 /* Write an S-expression formatted key to our key storage.  With FORCE
  * passed as true an existing key with the given GRIP will get
- * overwritten.  If TIMESTAMP is not zero and the key does not yet
- * exists it will be recorded as creation date.  If SERIALNO, KEYREF,
- * of DISPSERIALNO are not NULL they will be recorded as well.  */
+ * overwritten.  If SERIALNO and KEYREF are given a Token line is
+ * added to the key if the extended format is used.  If TIMESTAMP is
+ * not zero and the key doies not yet exists it will be recorded as
+ * creation date.  */
 int
 agent_write_private_key (const unsigned char *grip,
-                         const void *buffer, size_t length,
-                         int force, time_t timestamp,
+                         const void *buffer, size_t length, int force,
                          const char *serialno, const char *keyref,
-                         const char *dispserialno)
+                         time_t timestamp)
 {
   char *fname;
   estream_t fp;
+  char hexgrip[40+4+1];
 
-  fname = fname_from_keygrip (grip);
-  if (!fname)
-    return gpg_error_from_syserror ();
+  bin2hex (grip, 20, hexgrip);
+  strcpy (hexgrip+40, ".key");
+
+  fname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR,
+                         hexgrip, NULL);
 
   /* FIXME: Write to a temp file first so that write failures during
      key updates won't lead to a key loss.  */
@@ -327,26 +289,20 @@ agent_write_private_key (const unsigned char *grip,
       if (first != '(')
         {
           /* Key is already in the extended format.  */
-          return write_extended_private_key (0, fname, fp, 0, 0,
-                                             buffer, length,
-                                             timestamp, serialno, keyref,
-                                             dispserialno);
+          return write_extended_private_key (fname, fp, 1, 0, buffer, length,
+                                             serialno, keyref, timestamp);
         }
       if (first == '(' && opt.enable_extended_key_format)
         {
           /* Key is in the old format - but we want the extended format.  */
-          return write_extended_private_key (0, fname, fp, 1, 0,
-                                             buffer, length,
-                                             timestamp, serialno, keyref,
-                                             dispserialno);
+          return write_extended_private_key (fname, fp, 0, 0, buffer, length,
+                                             serialno, keyref, timestamp);
         }
     }
 
   if (opt.enable_extended_key_format)
-    return write_extended_private_key (0, fname, fp, 0, 1,
-                                       buffer, length,
-                                       timestamp, serialno, keyref,
-                                       dispserialno);
+    return write_extended_private_key (fname, fp, 0, 1, buffer, length,
+                                       serialno, keyref, timestamp);
 
   if (es_fwrite (buffer, length, 1, fp) != 1)
     {
@@ -395,7 +351,7 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
   gnupg_isotime_t now, protected_at, tmptime;
   char *desc = NULL;
 
-  assert (!arg->unprotected_key);
+  log_assert (!arg->unprotected_key);
 
   arg->change_required = 0;
   err = agent_unprotect (ctrl, arg->protected_key, pi->pin, protected_at,
@@ -460,6 +416,33 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
 }
 
 
+/* Return true if the STRING has an %C or %c expando.  */
+static int
+has_comment_expando (const char *string)
+{
+  const char *s;
+  int percent = 0;
+
+  if (!string)
+    return 0;
+
+  for (s = string; *s; s++)
+    {
+      if (percent)
+        {
+          if (*s == 'c' || *s == 'C')
+            return 1;
+          percent = 0;
+        }
+      else if (*s == '%')
+        percent = 1;
+    }
+  return 0;
+}
+
+
+
+
 /* Modify a Key description, replacing certain special format
    characters.  List of currently supported replacements:
 
@@ -772,7 +755,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
     }
   else
     {
-      assert (arg.unprotected_key);
+      log_assert (arg.unprotected_key);
       if (arg.change_required)
         {
           /* The callback told as that the user should change their
@@ -780,7 +763,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
           size_t canlen, erroff;
           gcry_sexp_t s_skey;
 
-          assert (arg.unprotected_key);
+          log_assert (arg.unprotected_key);
           canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL);
           rc = gcry_sexp_sscan (&s_skey, &erroff,
                                 (char*)arg.unprotected_key, canlen);
@@ -826,7 +809,8 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
  * return it as an gcrypt S-expression object in RESULT.  If R_KEYMETA
  * is not NULl and the extended key format is used, the meta data
  * items are stored there.  However the "Key:" item is removed from
- * it.  On failure returns an error code and stores NULL at RESULT. */
+ * it.  On failure returns an error code and stores NULL at RESULT and
+ * R_KEYMETA. */
 static gpg_error_t
 read_key_file (const unsigned char *grip, gcry_sexp_t *result, nvc_t *r_keymeta)
 {
@@ -881,7 +865,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result, nvc_t *r_keymeta)
   if (first != '(')
     {
       /* Key is in extended format.  */
-      nvc_t pk;
+      nvc_t pk = NULL;
       int line;
 
       err = nvc_parse_private_key (&pk, &line, fp);
@@ -1001,8 +985,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
 {
   gpg_error_t err;
   unsigned char *buf;
-  size_t len, buflen, erroff;
+  size_t len, erroff;
   gcry_sexp_t s_skey;
+  nvc_t keymeta = NULL;
+  char *desc_text_buffer = NULL;  /* Used in case we extend DESC_TEXT.  */
 
   *result = NULL;
   if (shadow_info)
@@ -1010,7 +996,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
   if (r_passphrase)
     *r_passphrase = NULL;
 
-  err = read_key_file (grip, &s_skey, NULL);
+  err = read_key_file (grip, &s_skey, &keymeta);
   if (err)
     {
       if (gpg_err_code (err) == GPG_ERR_ENOENT)
@@ -1023,7 +1009,11 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
      now.  */
   err = make_canon_sexp (s_skey, &buf, &len);
   if (err)
-    return err;
+    {
+      nvc_release (keymeta);
+      xfree (desc_text_buffer);
+      return err;
+    }
 
   switch (agent_private_key_type (buf))
     {
@@ -1048,25 +1038,43 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
     case PRIVATE_KEY_PROTECTED:
       {
 	char *desc_text_final;
-	char *comment = NULL;
+	char *comment_buffer = NULL;
+	const char *comment = NULL;
 
         /* Note, that we will take the comment as a C string for
-           display purposes; i.e. all stuff beyond a Nul character is
-           ignored.  */
-        {
-          gcry_sexp_t comment_sexp;
+         * display purposes; i.e. all stuff beyond a Nul character is
+         * ignored.  If a "Label" entry is available in the meta data
+         * this is used instead of the s-expression comment.  */
+        if (keymeta && (comment = nvc_get_string (keymeta, "Label:")))
+          {
+            if (strchr (comment, '\n')
+                && (comment_buffer = linefeed_to_percent0A (comment)))
+              comment = comment_buffer;
+            /* In case DESC_TEXT has no escape pattern for a comment
+             * we append one.  */
+            if (desc_text && !has_comment_expando (desc_text))
+              {
+                desc_text_buffer = strconcat (desc_text, "%0A%C", NULL);
+                if (desc_text_buffer)
+                  desc_text = desc_text_buffer;
+              }
+          }
+        else
+          {
+            gcry_sexp_t comment_sexp;
 
-          comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
-          if (comment_sexp)
-            comment = gcry_sexp_nth_string (comment_sexp, 1);
-          gcry_sexp_release (comment_sexp);
-        }
+            comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
+            if (comment_sexp)
+              comment_buffer = gcry_sexp_nth_string (comment_sexp, 1);
+            gcry_sexp_release (comment_sexp);
+            comment = comment_buffer;
+          }
 
         desc_text_final = NULL;
 	if (desc_text)
           err = agent_modify_description (desc_text, comment, s_skey,
                                           &desc_text_final);
-        gcry_free (comment);
+        gcry_free (comment_buffer);
 
 	if (!err)
 	  {
@@ -1121,13 +1129,15 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
           xfree (*r_passphrase);
           *r_passphrase = NULL;
         }
+      nvc_release (keymeta);
+      xfree (desc_text_buffer);
       return err;
     }
 
-  buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
-  err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
-  wipememory (buf, buflen);
+  err = sexp_sscan_private_key (result, &erroff, buf);
   xfree (buf);
+  nvc_release (keymeta);
+  xfree (desc_text_buffer);
   if (err)
     {
       log_error ("failed to build S-Exp (off=%u): %s\n",
@@ -1137,191 +1147,9 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
           xfree (*r_passphrase);
           *r_passphrase = NULL;
         }
-      return err;
-    }
-
-  *result = s_skey;
-  return 0;
-}
-
-
-/* Return the string name from the S-expression S_KEY as well as a
-   string describing the names of the parameters.  ALGONAMESIZE and
-   ELEMSSIZE give the allocated size of the provided buffers.  The
-   buffers may be NULL if not required.  If R_LIST is not NULL the top
-   level list will be stored there; the caller needs to release it in
-   this case.  */
-static gpg_error_t
-key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list,
-                     char *r_algoname, size_t algonamesize,
-                     char *r_elems, size_t elemssize)
-{
-  gcry_sexp_t list, l2;
-  const char *name, *algoname, *elems;
-  size_t n;
-
-  if (r_list)
-    *r_list = NULL;
-
-  list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 );
-  if (!list)
-    list = gcry_sexp_find_token (s_key, "protected-private-key", 0 );
-  if (!list)
-    list = gcry_sexp_find_token (s_key, "private-key", 0 );
-  if (!list)
-    {
-      log_error ("invalid private key format\n");
-      return gpg_error (GPG_ERR_BAD_SECKEY);
     }
 
-  l2 = gcry_sexp_cadr (list);
-  gcry_sexp_release (list);
-  list = l2;
-  name = gcry_sexp_nth_data (list, 0, &n);
-  if (n==3 && !memcmp (name, "rsa", 3))
-    {
-      algoname = "rsa";
-      elems = "ne";
-    }
-  else if (n==3 && !memcmp (name, "dsa", 3))
-    {
-      algoname = "dsa";
-      elems = "pqgy";
-    }
-  else if (n==3 && !memcmp (name, "ecc", 3))
-    {
-      algoname = "ecc";
-      elems = "pabgnq";
-    }
-  else if (n==5 && !memcmp (name, "ecdsa", 5))
-    {
-      algoname = "ecdsa";
-      elems = "pabgnq";
-    }
-  else if (n==4 && !memcmp (name, "ecdh", 4))
-    {
-      algoname = "ecdh";
-      elems = "pabgnq";
-    }
-  else if (n==3 && !memcmp (name, "elg", 3))
-    {
-      algoname = "elg";
-      elems = "pgy";
-    }
-  else
-    {
-      log_error ("unknown private key algorithm\n");
-      gcry_sexp_release (list);
-      return gpg_error (GPG_ERR_BAD_SECKEY);
-    }
-
-  if (r_algoname)
-    {
-      if (strlen (algoname) >= algonamesize)
-        return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
-      strcpy (r_algoname, algoname);
-    }
-  if (r_elems)
-    {
-      if (strlen (elems) >= elemssize)
-        return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
-      strcpy (r_elems, elems);
-    }
-
-  if (r_list)
-    *r_list = list;
-  else
-    gcry_sexp_release (list);
-
-  return 0;
-}
-
-
-/* Return true if KEYPARMS holds an EdDSA key.  */
-static int
-is_eddsa (gcry_sexp_t keyparms)
-{
-  int result = 0;
-  gcry_sexp_t list;
-  const char *s;
-  size_t n;
-  int i;
-
-  list = gcry_sexp_find_token (keyparms, "flags", 0);
-  for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
-    {
-      s = gcry_sexp_nth_data (list, i, &n);
-      if (!s)
-        continue; /* Not a data element. */
-
-      if (n == 5 && !memcmp (s, "eddsa", 5))
-        {
-          result = 1;
-          break;
-        }
-    }
-  gcry_sexp_release (list);
-  return result;
-}
-
-
-/* Return the public key algorithm number if S_KEY is a DSA style key.
-   If it is not a DSA style key, return 0.  */
-int
-agent_is_dsa_key (gcry_sexp_t s_key)
-{
-  int result;
-  gcry_sexp_t list;
-  char algoname[6];
-
-  if (!s_key)
-    return 0;
-
-  if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
-    return 0; /* Error - assume it is not an DSA key.  */
-
-  if (!strcmp (algoname, "dsa"))
-    result = GCRY_PK_DSA;
-  else if (!strcmp (algoname, "ecc"))
-    {
-      if (is_eddsa (list))
-        result = 0;
-      else
-        result = GCRY_PK_ECDSA;
-    }
-  else if (!strcmp (algoname, "ecdsa"))
-    result = GCRY_PK_ECDSA;
-  else
-    result = 0;
-
-  gcry_sexp_release (list);
-  return result;
-}
-
-
-/* Return true if S_KEY is an EdDSA key as used with curve Ed25519.  */
-int
-agent_is_eddsa_key (gcry_sexp_t s_key)
-{
-  int result;
-  gcry_sexp_t list;
-  char algoname[6];
-
-  if (!s_key)
-    return 0;
-
-  if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0))
-    return 0; /* Error - assume it is not an EdDSA key.  */
-
-  if (!strcmp (algoname, "ecc") && is_eddsa (list))
-    result = 1;
-  else if (!strcmp (algoname, "eddsa")) /* backward compatibility.  */
-    result = 1;
-  else
-    result = 0;
-
-  gcry_sexp_release (list);
-  return result;
+  return err;
 }
 
 
@@ -1347,21 +1175,6 @@ agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
 }
 
 
-gpg_error_t
-agent_keymeta_from_file (ctrl_t ctrl, const unsigned char *grip,
-                         nvc_t *r_keymeta)
-{
-  gpg_error_t err;
-  gcry_sexp_t s_skey;
-
-  (void)ctrl;
-
-  err = read_key_file (grip, &s_skey, r_keymeta);
-  gcry_sexp_release (s_skey);
-  return err;
-}
-
-
 /* Return the public key for the keygrip GRIP.  The result is stored
    at RESULT.  This function extracts the public key from the private
    key database.  On failure an error code is returned and NULL stored
@@ -1383,7 +1196,8 @@ agent_public_key_from_file (ctrl_t ctrl,
   const char *uri, *comment;
   size_t uri_length, comment_length;
   int uri_intlen, comment_intlen;
-  char *format, *p;
+  membuf_t format_mb;
+  char *format;
   void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
                             for comment + end-of-list.  */
   int argidx;
@@ -1425,62 +1239,53 @@ agent_public_key_from_file (ctrl_t ctrl,
   s_skey = NULL;
 
 
-  /* FIXME: The following thing is pretty ugly code; we should
-     investigate how to make it cleaner.  Probably code to handle
-     canonical S-expressions in a memory buffer is better suited for
-     such a task.  After all that is what we do in protect.c.  Need
-     to find common patterns and write a straightformward API to use
-     them.  */
-  assert (sizeof (size_t) <= sizeof (void*));
-
-  format = xtrymalloc (15+4+7*npkey+10+15+1+1);
-  if (!format)
-    {
-      err = gpg_error_from_syserror ();
-      for (i=0; array[i]; i++)
-        gcry_mpi_release (array[i]);
-      gcry_sexp_release (curve);
-      gcry_sexp_release (flags);
-      gcry_sexp_release (uri_sexp);
-      gcry_sexp_release (comment_sexp);
-      return err;
-    }
+  log_assert (sizeof (size_t) <= sizeof (void*));
 
+  init_membuf (&format_mb, 256);
   argidx = 0;
-  p = stpcpy (stpcpy (format, "(public-key("), algoname);
-  p = stpcpy (p, "%S%S");       /* curve name and flags.  */
+  put_membuf_printf (&format_mb, "(public-key(%s%%S%%S", algoname);
   args[argidx++] = &curve;
   args[argidx++] = &flags;
   for (idx=0, s=elems; idx < npkey; idx++)
     {
-      *p++ = '(';
-      *p++ = *s++;
-      p = stpcpy (p, " %m)");
-      assert (argidx < DIM (args));
+      put_membuf_printf (&format_mb, "(%c %%m)", *s++);
+      log_assert (argidx < DIM (args));
       args[argidx++] = &array[idx];
     }
-  *p++ = ')';
+  put_membuf_str (&format_mb, ")");
   if (uri)
     {
-      p = stpcpy (p, "(uri %b)");
-      assert (argidx+1 < DIM (args));
+      put_membuf_str (&format_mb, "(uri %b)");
+      log_assert (argidx+1 < DIM (args));
       uri_intlen = (int)uri_length;
       args[argidx++] = (void *)&uri_intlen;
       args[argidx++] = (void *)&uri;
     }
   if (comment)
     {
-      p = stpcpy (p, "(comment %b)");
-      assert (argidx+1 < DIM (args));
+      put_membuf_str (&format_mb, "(comment %b)");
+      log_assert (argidx+1 < DIM (args));
       comment_intlen = (int)comment_length;
       args[argidx++] = (void *)&comment_intlen;
-      args[argidx++] = (void*)&comment;
+      args[argidx++] = (void *)&comment;
     }
-  *p++ = ')';
-  *p = 0;
-  assert (argidx < DIM (args));
+  put_membuf (&format_mb, ")", 2);
+  log_assert (argidx < DIM (args));
   args[argidx] = NULL;
 
+  format = get_membuf (&format_mb, NULL);
+  if (!format)
+    {
+      err = gpg_error_from_syserror ();
+      for (i=0; array[i]; i++)
+        gcry_mpi_release (array[i]);
+      gcry_sexp_release (curve);
+      gcry_sexp_release (flags);
+      gcry_sexp_release (uri_sexp);
+      gcry_sexp_release (comment_sexp);
+      return err;
+    }
+
   err = gcry_sexp_build_array (&list, NULL, format, args);
   xfree (format);
   for (i=0; array[i]; i++)
@@ -1496,7 +1301,6 @@ agent_public_key_from_file (ctrl_t ctrl,
 }
 
 
-
 /* Check whether the secret key identified by GRIP is available.
    Returns 0 is the key is available.  */
 int
@@ -1524,7 +1328,8 @@ agent_key_available (const unsigned char *grip)
    S-expression.  */
 gpg_error_t
 agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
-                          int *r_keytype, unsigned char **r_shadow_info)
+                          int *r_keytype, unsigned char **r_shadow_info,
+                          unsigned char **r_shadow_info_type)
 {
   gpg_error_t err;
   unsigned char *buf;
@@ -1571,11 +1376,11 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
           const unsigned char *s;
           size_t n;
 
-          err = agent_get_shadow_info (buf, &s);
+          err = agent_get_shadow_info_type (buf, &s, r_shadow_info_type);
           if (!err)
             {
               n = gcry_sexp_canon_len (s, 0, NULL, NULL);
-              assert (n);
+              log_assert (n);
               *r_shadow_info = xtrymalloc (n);
               if (!*r_shadow_info)
                 err = gpg_error_from_syserror ();
@@ -1724,27 +1529,16 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
 /* Write an S-expression formatted shadow key to our key storage.
    Shadow key is created by an S-expression public key in PKBUF and
    card's SERIALNO and the IDSTRING.  With FORCE passed as true an
-   existing key with the given GRIP will get overwritten. If
-   DISPSERIALNO is not NULL the human readable s/n will also be
-   recorded in the key file.  If MAYBE_UPDATE is set it is assumed that
-   the shadow key already exists and we test whether we should update
-   it (FORCE is ignored in this case).  */
+   existing key with the given GRIP will get overwritten.  */
 gpg_error_t
-agent_write_shadow_key (int maybe_update, const unsigned char *grip,
+agent_write_shadow_key (const unsigned char *grip,
                         const char *serialno, const char *keyid,
-                        const unsigned char *pkbuf, int force,
-                        const char *dispserialno)
+                        const unsigned char *pkbuf, int force)
 {
   gpg_error_t err;
   unsigned char *shadow_info;
   unsigned char *shdkey;
   size_t len;
-  char *fname = NULL;
-  estream_t fp = NULL;
-  char first;
-
-  if (maybe_update && !opt.enable_extended_key_format)
-    return 0;  /* Silently ignore.  */
 
   /* Just in case some caller did not parse the stuff correctly, skip
    * leading spaces.  */
@@ -1766,62 +1560,10 @@ agent_write_shadow_key (int maybe_update, const unsigned char *grip,
     }
 
   len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
-
-  if (maybe_update)  /* Update mode.  */
-    {
-      fname = fname_from_keygrip (grip);
-      if (!fname)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-
-      fp = es_fopen (fname, "rb+,mode=-rw");
-      if (!fp)
-        {
-          err = gpg_error_from_syserror ();
-          log_error ("shadow key file '%s' disappeared\n", fname);
-          goto leave;
-        }
-
-      /* See if an existing key is in extended format.  */
-      if (es_fread (&first, 1, 1, fp) != 1)
-        {
-          err = gpg_error_from_syserror ();
-          log_error ("error reading first byte from '%s': %s\n",
-                     fname, gpg_strerror (err));
-          goto leave;
-        }
-
-      if (es_fseek (fp, 0, SEEK_SET))
-        {
-          err = gpg_error_from_syserror ();
-          log_error ("error seeking in '%s': %s\n", fname, gpg_strerror (err));
-          goto leave;
-        }
-
-      /* "(first == '(')" indicates that the key is in the old format.  */
-      err = write_extended_private_key (maybe_update,
-                                        fname, fp, (first == '('), 0,
-                                        shdkey, len,
-                                        0, serialno, keyid,
-                                        dispserialno);
-      fname = NULL;  /* Ownership was transferred.  */
-      fp = NULL;     /* Ditto.  */
-    }
-  else  /* Standard mode */
-    {
-      err = agent_write_private_key (grip, shdkey, len, force, 0,
-                                     serialno, keyid, dispserialno);
-    }
-
- leave:
-  xfree (fname);
-  es_fclose (fp);
+  err = agent_write_private_key (grip, shdkey, len, force, serialno, keyid, 0);
   xfree (shdkey);
   if (err)
-    log_error ("error %s key: %s\n", maybe_update? "updating":"writing",
-               gpg_strerror (err));
+    log_error ("error writing key: %s\n", gpg_strerror (err));
 
   return err;
 }
diff --git a/agent/genkey.c b/agent/genkey.c
index a944ac7..9b47f0f 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -24,8 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
-#include <unistd.h>
 
 #include "agent.h"
 #include "../common/i18n.h"
@@ -48,12 +46,12 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
     }
 
   len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
-  assert (len);
+  log_assert (len);
   buf = gcry_malloc_secure (len);
   if (!buf)
       return out_of_core ();
   len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
-  assert (len);
+  log_assert (len);
 
   if (passphrase)
     {
@@ -69,8 +67,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
       buf = p;
     }
 
-  rc = agent_write_private_key (grip, buf, len, force, timestamp,
-                                NULL, NULL, NULL);
+  rc = agent_write_private_key (grip, buf, len, force, NULL, NULL, timestamp);
   xfree (buf);
   return rc;
 }
@@ -92,123 +89,79 @@ nonalpha_count (const char *s)
 
 
 /* Check PW against a list of pattern.  Return 0 if PW does not match
-   these pattern.  If CHECK_CONSTRAINTS_NEW_SYMKEY is set in flags and
-   --check-sym-passphrase-pattern has been configured, use the pattern
-   file from that option.  */
+   these pattern.  */
 static int
-do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
+check_passphrase_pattern (ctrl_t ctrl, const char *pw)
 {
   gpg_error_t err = 0;
   const char *pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CHECK_PATTERN);
-  estream_t stream_to_check_pattern = NULL;
+  FILE *infp;
   const char *argv[10];
   pid_t pid;
   int result, i;
-  const char *pattern;
-  char *patternfname;
 
   (void)ctrl;
 
-  pattern = opt.check_passphrase_pattern;
-  if ((flags & CHECK_CONSTRAINTS_NEW_SYMKEY)
-      && opt.check_sym_passphrase_pattern)
-    pattern = opt.check_sym_passphrase_pattern;
-  if (!pattern)
-    return 1; /* Oops - Assume password should not be used  */
-
-  if (strchr (pattern, '/') || strchr (pattern, '\\')
-      || (*pattern == '~' && pattern[1] == '/'))
-    patternfname = make_absfilename_try (pattern, NULL);
-  else
-    patternfname = make_filename_try (gnupg_sysconfdir (), pattern, NULL);
-  if (!patternfname)
+  infp = gnupg_tmpfile ();
+  if (!infp)
     {
-      log_error ("error making filename from '%s': %s\n",
-                 pattern, gpg_strerror (gpg_error_from_syserror ()));
-      return 1; /* Do not pass the check.  */
+      err = gpg_error_from_syserror ();
+      log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
+      return 1; /* Error - assume password should not be used.  */
     }
 
-  /* Make debugging a broken config easier by printing a useful error
-   * message.  */
-  if (gnupg_access (patternfname, F_OK))
+  if (fwrite (pw, strlen (pw), 1, infp) != 1)
     {
-      log_error ("error accessing '%s': %s\n",
-                 patternfname, gpg_strerror (gpg_error_from_syserror ()));
-      xfree (patternfname);
-      return 1; /* Do not pass the check.  */
+      err = gpg_error_from_syserror ();
+      log_error (_("error writing to temporary file: %s\n"),
+                 gpg_strerror (err));
+      fclose (infp);
+      return 1; /* Error - assume password should not be used.  */
     }
+  fseek (infp, 0, SEEK_SET);
+  clearerr (infp);
 
   i = 0;
   argv[i++] = "--null";
   argv[i++] = "--",
-  argv[i++] = patternfname,
+  argv[i++] = opt.check_passphrase_pattern,
   argv[i] = NULL;
-  assert (i < sizeof argv);
+  log_assert (i < sizeof argv);
 
-  if (gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
-                           &stream_to_check_pattern, NULL, NULL, &pid))
+  if (gnupg_spawn_process_fd (pgmname, argv, fileno (infp), -1, -1, &pid))
     result = 1; /* Execute error - assume password should no be used.  */
+  else if (gnupg_wait_process (pgmname, pid, 1, NULL))
+    result = 1; /* Helper returned an error - probably a match.  */
   else
-    {
-      es_set_binary (stream_to_check_pattern);
-      if (es_fwrite (pw, strlen (pw), 1, stream_to_check_pattern) != 1)
-        {
-          err = gpg_error_from_syserror ();
-          log_error (_("error writing to pipe: %s\n"), gpg_strerror (err));
-          result = 1; /* Error - assume password should not be used.  */
-        }
-      else
-        es_fflush (stream_to_check_pattern);
-      es_fclose (stream_to_check_pattern);
-      if (gnupg_wait_process (pgmname, pid, 1, NULL))
-        result = 1; /* Helper returned an error - probably a match.  */
-      else
-        result = 0; /* Success; i.e. no match.  */
-      gnupg_release_process (pid);
-    }
-
-  xfree (patternfname);
+    result = 0; /* Success; i.e. no match.  */
+  gnupg_release_process (pid);
+
+  /* Overwrite our temporary file. */
+  fseek (infp, 0, SEEK_SET);
+  clearerr (infp);
+  for (i=((strlen (pw)+99)/100)*100; i > 0; i--)
+    putc ('\xff', infp);
+  fflush (infp);
+  fclose (infp);
   return result;
 }
 
 
 static int
-take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
+take_this_one_anyway (ctrl_t ctrl, const char *desc, const char *anyway_btn)
 {
-  gpg_error_t err;
-
-  if (opt.enforce_passphrase_constraints)
-    {
-      err = agent_show_message (ctrl, desc, L_("Enter new passphrase"));
-      if (!err)
-        err = gpg_error (GPG_ERR_CANCELED);
-    }
-  else
-    err = agent_get_confirmation (ctrl, desc,
-                                  anyway_btn, L_("Enter new passphrase"), 0);
-  return err;
-}
-
-
-static int
-take_this_one_anyway (ctrl_t ctrl, const char *desc)
-{
-  return take_this_one_anyway2 (ctrl, desc, L_("Take this one anyway"));
+  return agent_get_confirmation (ctrl, desc,
+                                 anyway_btn, L_("Enter new passphrase"), 0);
 }
 
 
 /* Check whether the passphrase PW is suitable. Returns 0 if the
- * passphrase is suitable and true if it is not and the user should be
- * asked to provide a different one.  If FAILED_CONSTRAINT is set, a
- * message describing the problem is returned at FAILED_CONSTRAINT.
- * The FLAGS are:
- *   CHECK_CONSTRAINTS_NOT_EMPTY
- *       Do not allow an empty passphrase
- *   CHECK_CONSTRAINTS_NEW_SYMKEY
- *       Hint that the passphrase is used for a new symmetric key.
- */
+   passphrase is suitable and true if it is not and the user should be
+   asked to provide a different one.  If FAILED_CONSTRAINT is set, a
+   message describing the problem is returned in
+   *FAILED_CONSTRAINT.  */
 int
-check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
+check_passphrase_constraints (ctrl_t ctrl, const char *pw, int no_empty,
 			      char **failed_constraint)
 {
   gpg_error_t err = 0;
@@ -217,7 +170,6 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
   char *msg1 = NULL;
   char *msg2 = NULL;
   char *msg3 = NULL;
-  int no_empty = !!(flags & CHECK_CONSTRAINTS_NOT_EMPTY);
 
   if (ctrl && ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
     return 0;
@@ -242,8 +194,8 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
 	  if (opt.enforce_passphrase_constraints || no_empty)
 	    *failed_constraint = xstrdup (desc);
 	  else
-	    err = take_this_one_anyway2 (ctrl, desc,
-					 L_("Yes, protection is not needed"));
+	    err = take_this_one_anyway (ctrl, desc,
+					L_("Yes, protection is not needed"));
 	}
 
       goto leave;
@@ -295,9 +247,8 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
      and pattern.  The actual test is done by an external program.
      The warning message is generic to give the user no hint on how to
      circumvent this list.  */
-  if (*pw
-      && (opt.check_passphrase_pattern || opt.check_sym_passphrase_pattern)
-      && do_check_passphrase_pattern (ctrl, pw, flags))
+  if (*pw && opt.check_passphrase_pattern &&
+      check_passphrase_pattern (ctrl, pw))
     {
       if (!failed_constraint)
         {
@@ -342,7 +293,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
 	*failed_constraint = msg;
       else
 	{
-	  err = take_this_one_anyway (ctrl, msg);
+	  err = take_this_one_anyway (ctrl, msg, L_("Take this one anyway"));
 	  xfree (msg);
 	}
     }
@@ -412,7 +363,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
   if (!pi2)
     {
       err = gpg_error_from_syserror ();
-      xfree (pi);
+      xfree (pi2);
       return err;
     }
   pi->max_length = MAX_PASSPHRASE_LEN + 1;
@@ -590,7 +541,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
   if (DBG_CRYPTO)
     log_debug ("returning public key\n");
   len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
-  assert (len);
+  log_assert (len);
   buf = xtrymalloc (len);
   if (!buf)
     {
@@ -600,7 +551,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
       return tmperr;
     }
   len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
-  assert (len);
+  log_assert (len);
   put_membuf (outbuf, buf, len);
   gcry_sexp_release (s_public);
   xfree (buf);
diff --git a/agent/gpg-agent-w32info.rc b/agent/gpg-agent-w32info.rc
index a0311b2..d586cad 100644
--- a/agent/gpg-agent-w32info.rc
+++ b/agent/gpg-agent-w32info.rc
@@ -48,5 +48,3 @@
       VALUE "Translation", 0x409, 0x4b0
     END
   END
-
-1 RT_MANIFEST "gpg-agent.w32-manifest"
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 53b86dd..74c2108 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -21,14 +21,12 @@
  */
 
 #include <config.h>
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <stddef.h>
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <time.h>
 #include <fcntl.h>
 #include <sys/stat.h>
@@ -97,7 +95,6 @@ enum cmd_and_opt_values
   oPinentryTouchFile,
   oPinentryInvisibleChar,
   oPinentryTimeout,
-  oPinentryFormattedPassphrase,
   oDisplay,
   oTTYname,
   oTTYtype,
@@ -105,6 +102,7 @@ enum cmd_and_opt_values
   oLCmessages,
   oXauthority,
   oScdaemonProgram,
+  oTpm2daemonProgram,
   oDefCacheTTL,
   oDefCacheTTLSSH,
   oMaxCacheTTL,
@@ -113,12 +111,10 @@ enum cmd_and_opt_values
   oMinPassphraseLen,
   oMinPassphraseNonalpha,
   oCheckPassphrasePattern,
-  oCheckSymPassphrasePattern,
   oMaxPassphraseDays,
   oEnablePassphraseHistory,
   oDisableExtendedKeyFormat,
   oEnableExtendedKeyFormat,
-  oStealSocket,
   oUseStandardSocket,
   oNoUseStandardSocket,
   oExtraSocket,
@@ -128,8 +124,6 @@ enum cmd_and_opt_values
   oIgnoreCacheForSigning,
   oAllowMarkTrusted,
   oNoAllowMarkTrusted,
-  oNoUserTrustlist,
-  oSysTrustlistName,
   oAllowPresetPassphrase,
   oAllowLoopbackPinentry,
   oNoAllowLoopbackPinentry,
@@ -157,7 +151,7 @@ enum cmd_and_opt_values
 # define ENAMETOOLONG EINVAL
 #endif
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
   ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
@@ -174,7 +168,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoDetach,  "no-detach", N_("do not detach from the console")),
   ARGPARSE_s_n (oSh,	  "sh",        N_("sh-style command output")),
   ARGPARSE_s_n (oCsh,	  "csh",       N_("csh-style command output")),
-  ARGPARSE_s_n (oStealSocket, "steal-socket", "@"),
   ARGPARSE_s_s (oDisplay,    "display",     "@"),
   ARGPARSE_s_s (oTTYname,    "ttyname",     "@"),
   ARGPARSE_s_s (oTTYtype,    "ttytype",     "@"),
@@ -207,6 +200,8 @@ static ARGPARSE_OPTS opts[] = {
                 /* */             N_("do not use the SCdaemon") ),
   ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
                 /* */             N_("|PGM|use PGM as the SCdaemon program") ),
+  ARGPARSE_s_s (oTpm2daemonProgram, "tpm2daemon-program",
+		/* */             N_("|PGM|use PGM as the tpm2daemon program") ),
   ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
 
   ARGPARSE_s_s (oExtraSocket, "extra-socket",
@@ -251,8 +246,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
                 /* */    N_("disallow clients to mark keys as \"trusted\"")),
   ARGPARSE_s_n (oAllowMarkTrusted,   "allow-mark-trusted", "@"),
-  ARGPARSE_s_n (oNoUserTrustlist,    "no-user-trustlist", "@"),
-  ARGPARSE_s_s (oSysTrustlistName,   "sys-trustlist-name", "@"),
   ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
                 /* */                    N_("allow presetting passphrase")),
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
@@ -270,8 +263,6 @@ static ARGPARSE_OPTS opts[] = {
                    " characters for a new passphrase")),
   ARGPARSE_s_s (oCheckPassphrasePattern,  "check-passphrase-pattern",
                 N_("|FILE|check new passphrases against pattern in FILE")),
-  ARGPARSE_s_s (oCheckSymPassphrasePattern,  "check-sym-passphrase-pattern",
-                "@"),
   ARGPARSE_s_u (oMaxPassphraseDays,       "max-passphrase-days",
                 N_("|N|expire the passphrase after N days")),
   ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history",
@@ -287,16 +278,15 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oGrab,   "grab",   N_("let PIN-Entry grab keyboard and mouse")),
   ARGPARSE_s_n (oNoGrab, "no-grab",   "@"),
   ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
-                /* */             N_("|PGM|use PGM as the PIN-Entry program")),
+                N_("|PGM|use PGM as the PIN-Entry program")),
   ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
   ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
   ARGPARSE_s_u (oPinentryTimeout, "pinentry-timeout",
                 N_("|N|set the Pinentry timeout to N seconds")),
-  ARGPARSE_s_n (oPinentryFormattedPassphrase, "pinentry-formatted-passphrase",
-                "@"),
   ARGPARSE_s_n (oAllowEmacsPinentry,  "allow-emacs-pinentry",
                 N_("allow passphrase to be prompted through Emacs")),
 
+
   /* Dummy options for backward compatibility.  */
   ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -385,9 +375,6 @@ static int disable_check_own_socket;
 /* Flag indicating that we are in supervised mode.  */
 static int is_supervised;
 
-/* Flag indicating to start the daemon even if one already runs.  */
-static int steal_socket;
-
 /* Flag to inhibit socket removal in cleanup.  */
 static int inhibit_socket_removal;
 
@@ -432,8 +419,8 @@ static char *default_lc_ctype;
 static char *default_lc_messages;
 static char *default_xauthority;
 
-/* Name of a config file which was last read on startup or, if missing,
- * the name of the standard config file.  Any value here enables the
+/* Name of a config file which was last read on startup or if missing
+ * the name of the standard config file.  Any value here enabled the
  * rereading of the standard config files on SIGHUP. */
 static char *config_filename;
 
@@ -845,7 +832,7 @@ cleanup (void)
    PARGS, resets the options to the default.  REREAD should be set
    true if it is not the initial option parsing. */
 static int
-parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
 {
   int i;
 
@@ -861,8 +848,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       xfree (opt.pinentry_invisible_char);
       opt.pinentry_invisible_char = NULL;
       opt.pinentry_timeout = 0;
-      opt.pinentry_formatted_passphrase = 0;
-      opt.scdaemon_program = NULL;
+      memset (opt.daemon_program, 0, sizeof opt.daemon_program);
       opt.def_cache_ttl = DEFAULT_CACHE_TTL;
       opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
       opt.max_cache_ttl = MAX_CACHE_TTL;
@@ -871,17 +857,15 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
       opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
       opt.check_passphrase_pattern = NULL;
-      opt.check_sym_passphrase_pattern = NULL;
       opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
       opt.enable_passphrase_history = 0;
       opt.enable_extended_key_format = 1;
       opt.ignore_cache_for_signing = 0;
       opt.allow_mark_trusted = 1;
-      opt.sys_trustlist_name = NULL;
       opt.allow_external_cache = 1;
       opt.allow_loopback_pinentry = 1;
       opt.allow_emacs_pinentry = 0;
-      opt.disable_scdaemon = 0;
+      memset (opt.disable_daemon, 0, sizeof opt.disable_daemon);
       disable_check_own_socket = 0;
       /* Note: When changing the next line, change also gpgconf_list.  */
       opt.ssh_fingerprint_digest = GCRY_MD_MD5;
@@ -904,7 +888,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 
     case oLogFile:
       if (!reread)
-        return 0; /* not handeld */
+        return 0; /* not handled */
       if (!current_logfile || !pargs->r.ret_str
           || strcmp (current_logfile, pargs->r.ret_str))
         {
@@ -924,11 +908,15 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
       break;
     case oPinentryTimeout: opt.pinentry_timeout = pargs->r.ret_ulong; break;
-    case oPinentryFormattedPassphrase:
-      opt.pinentry_formatted_passphrase = 1;
+
+    case oTpm2daemonProgram:
+      opt.daemon_program[DAEMON_TPM2D] = pargs->r.ret_str;
       break;
-    case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
-    case oDisableScdaemon: opt.disable_scdaemon = 1; break;
+
+    case oScdaemonProgram:
+      opt.daemon_program[DAEMON_SCD] = pargs->r.ret_str;
+      break;
+    case oDisableScdaemon: opt.disable_daemon[DAEMON_SCD] = 1; break;
     case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
 
     case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
@@ -946,9 +934,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oCheckPassphrasePattern:
       opt.check_passphrase_pattern = pargs->r.ret_str;
       break;
-    case oCheckSymPassphrasePattern:
-      opt.check_sym_passphrase_pattern = pargs->r.ret_str;
-      break;
     case oMaxPassphraseDays:
       opt.max_passphrase_days = pargs->r.ret_ulong;
       break;
@@ -968,8 +953,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 
     case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
     case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
-    case oNoUserTrustlist: opt.no_user_trustlist = 1; break;
-    case oSysTrustlistName: opt.sys_trustlist_name = pargs->r.ret_str; break;
 
     case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
 
@@ -1015,11 +998,6 @@ finalize_rereadable_options (void)
   /* Hack to allow --grab to override --no-grab.  */
   if ((opt.no_grab & 2))
     opt.no_grab = 0;
-
-  /* With --no-user-trustlist it does not make sense to allow the mark
-   * trusted feature.  */
-  if (opt.no_user_trustlist)
-    opt.allow_mark_trusted = 0;
 }
 
 
@@ -1050,16 +1028,16 @@ initialize_modules (void)
   assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
   initialize_module_cache ();
   initialize_module_call_pinentry ();
-  initialize_module_call_scd ();
+  initialize_module_daemon ();
   initialize_module_trustlist ();
 }
 
 
 /* The main entry point.  */
 int
-main (int argc, char **argv )
+main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   char *last_configname = NULL;
@@ -1090,7 +1068,7 @@ main (int argc, char **argv )
 #endif /*HAVE_SIGPROCMASK*/
 
   /* Set program name etc.  */
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
   /* Please note that we may running SUID(ROOT), so be very CAREFUL
      when adding any stuff between here and the call to INIT_SECMEM()
@@ -1165,7 +1143,7 @@ main (int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -1194,8 +1172,9 @@ main (int argc, char **argv )
    *  Now we are now working under our real uid
    */
 
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  /* The configuraton directories for use by gpgrt_argparser.  */
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   argc = orig_argc;
   argv = orig_argv;
@@ -1208,7 +1187,7 @@ main (int argc, char **argv )
                   | ARGPARSE_FLAG_SYS
                   | ARGPARSE_FLAG_USER);
 
-  while (gnupg_argparser (&pargs, opts, GPG_AGENT_NAME EXTSEP_S "conf"))
+  while (gpgrt_argparser (&pargs, opts, GPG_AGENT_NAME EXTSEP_S "conf"))
     {
       if (pargs.r_opt == ARGPARSE_CONFFILE)
         {
@@ -1244,7 +1223,6 @@ main (int argc, char **argv )
         case oSh: csh_style = 0; break;
         case oServer: pipe_server = 1; break;
         case oDaemon: is_daemon = 1; break;
-        case oStealSocket: steal_socket = 1; break;
         case oSupervised: is_supervised = 1; break;
 
         case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
@@ -1322,22 +1300,12 @@ main (int argc, char **argv )
 	}
     }
 
-  /* Print a warning if an argument looks like an option.  */
-  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
-    {
-      int i;
-
-      for (i=0; i < argc; i++)
-        if (argv[i][0] == '-' && argv[i][1] == '-')
-          log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
-    }
-
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (!last_configname)
-    config_filename = make_filename (gnupg_homedir (),
-                                     GPG_AGENT_NAME EXTSEP_S "conf",
-                                     NULL);
+    config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                         GPG_AGENT_NAME EXTSEP_S "conf",
+                                         NULL);
   else
     {
       config_filename = last_configname;
@@ -1349,6 +1317,15 @@ main (int argc, char **argv )
 
   finalize_rereadable_options ();
 
+  /* Print a warning if an argument looks like an option.  */
+  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
+    {
+      int i;
+
+      for (i=0; i < argc; i++)
+        if (argv[i][0] == '-' && argv[i][1] == '-')
+          log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
+    }
 
 #ifdef ENABLE_NLS
   /* gpg-agent usually does not output any messages because it runs in
@@ -1431,23 +1408,25 @@ main (int argc, char **argv )
     agent_exit (0);
   else if (gpgconf_list)
     {
+      /* Note: If an option is runtime changeable, please set the
+       * respective flag in the gpgconf-comp.c table.  */
       es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
       es_printf ("default-cache-ttl:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, DEFAULT_CACHE_TTL );
+                 GC_OPT_FLAG_DEFAULT, DEFAULT_CACHE_TTL );
       es_printf ("default-cache-ttl-ssh:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, DEFAULT_CACHE_TTL_SSH );
+                 GC_OPT_FLAG_DEFAULT, DEFAULT_CACHE_TTL_SSH );
       es_printf ("max-cache-ttl:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, MAX_CACHE_TTL );
+                 GC_OPT_FLAG_DEFAULT, MAX_CACHE_TTL );
       es_printf ("max-cache-ttl-ssh:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, MAX_CACHE_TTL_SSH );
-      es_printf ("enforce-passphrase-constraints:%lu:\n",
-              GC_OPT_FLAG_NONE);
+                 GC_OPT_FLAG_DEFAULT, MAX_CACHE_TTL_SSH );
       es_printf ("min-passphrase-len:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, MIN_PASSPHRASE_LEN );
+                 GC_OPT_FLAG_DEFAULT, MIN_PASSPHRASE_LEN );
       es_printf ("min-passphrase-nonalpha:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, MIN_PASSPHRASE_NONALPHA);
+                 GC_OPT_FLAG_DEFAULT, MIN_PASSPHRASE_NONALPHA);
+      es_printf ("check-passphrase-pattern:%lu:\n",
+                 GC_OPT_FLAG_DEFAULT);
       es_printf ("max-passphrase-days:%lu:%d:\n",
-              GC_OPT_FLAG_DEFAULT, MAX_PASSPHRASE_DAYS);
+                 GC_OPT_FLAG_DEFAULT, MAX_PASSPHRASE_DAYS);
       es_printf ("ssh-fingerprint-digest:%lu:\"%s:\n",
                  GC_OPT_FLAG_DEFAULT, "md5");
 
@@ -1512,7 +1491,7 @@ main (int argc, char **argv )
         log_set_prefix (NULL, 0);
 
       log_info ("%s %s starting in supervised mode.\n",
-                strusage(11), strusage(13) );
+                gpgrt_strusage(11), gpgrt_strusage(13) );
 
       /* See below in "regular server mode" on why we remove certain
        * envvars.  */
@@ -1770,7 +1749,7 @@ main (int argc, char **argv )
 
           /* Unless we are running with a program given on the command
            * line we can assume that the inotify things works and thus
-           * we can avoid tye regular stat calls.  */
+           * we can avoid the regular stat calls.  */
           if (!argc)
             reliable_homedir_inotify = 1;
         }
@@ -1792,7 +1771,7 @@ main (int argc, char **argv )
           exit (1);
         }
 
-      log_info ("%s %s started\n", strusage(11), strusage(13) );
+      log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13) );
       handle_connections (fd, fd_extra, fd_browser, fd_ssh);
       assuan_sock_close (fd);
     }
@@ -1919,7 +1898,7 @@ agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
 static void
 agent_init_default_ctrl (ctrl_t ctrl)
 {
-  assert (ctrl->session_env);
+  log_assert (ctrl->session_env);
 
   /* Note we ignore malloc errors because we can't do much about it
      and the request will fail anyway shortly after this
@@ -1950,6 +1929,8 @@ agent_deinit_default_ctrl (ctrl_t ctrl)
   unregister_progress_cb ();
   session_env_release (ctrl->session_env);
 
+  xfree (ctrl->digest.data);
+  ctrl->digest.data = NULL;
   if (ctrl->lc_ctype)
     xfree (ctrl->lc_ctype);
   if (ctrl->lc_messages)
@@ -1997,12 +1978,12 @@ agent_copy_startup_env (ctrl_t ctrl)
    Fixme: Due to the way the argument parsing works, we create a
    memory leak here for all string type arguments.  There is currently
    no clean way to tell whether the memory for the argument has been
-   allocated or points into the process' original arguments.  Unless
+   allocated or points into the process's original arguments.  Unless
    we have a mechanism to tell this, we need to live on with this. */
 static void
 reread_configuration (void)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   char *twopart;
   int dummy;
 
@@ -2022,7 +2003,7 @@ reread_configuration (void)
   pargs.flags = (ARGPARSE_FLAG_KEEP
                  |ARGPARSE_FLAG_SYS
                  |ARGPARSE_FLAG_USER);
-  while (gnupg_argparser (&pargs, opts, twopart))
+  while (gpgrt_argparser (&pargs, opts, twopart) )
     {
       if (pargs.r_opt == ARGPARSE_CONFFILE)
         {
@@ -2034,7 +2015,7 @@ reread_configuration (void)
       else /* Try to parse this option - ignore unchangeable ones. */
         parse_rereadable_options (&pargs, 1);
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
   xfree (twopart);
   finalize_rereadable_options ();
   set_debug ();
@@ -2075,7 +2056,7 @@ get_agent_active_connection_count (void)
    event.  */
 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
 void *
-get_agent_scd_notify_event (void)
+get_agent_daemon_notify_event (void)
 {
   static HANDLE the_event = INVALID_HANDLE_VALUE;
 
@@ -2216,20 +2197,14 @@ create_server_socket (char *name, int primary, int cygwin,
          server is not yet operational; this would lead to a hang.  */
       if (primary && !check_for_running_agent (1))
         {
-          if (steal_socket)
-            log_info (N_("trying to steal socket from running %s\n"),
-                      "gpg-agent");
-          else
-            {
-              log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
-              log_set_file (NULL);
-              log_error (_("a gpg-agent is already running - "
-                           "not starting a new one\n"));
-              *name = 0; /* Inhibit removal of the socket by cleanup(). */
-              assuan_sock_close (fd);
-              xfree (unaddr);
-              agent_exit (2);
-            }
+          log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
+          log_set_file (NULL);
+          log_error (_("a gpg-agent is already running - "
+                       "not starting a new one\n"));
+          *name = 0; /* Inhibit removal of the socket by cleanup(). */
+          assuan_sock_close (fd);
+          xfree (unaddr);
+          agent_exit (2);
         }
       gnupg_remove (unaddr->sun_path);
       rc = assuan_sock_bind (fd, addr, len);
@@ -2375,9 +2350,6 @@ handle_tick (void)
   if (!last_minute)
     last_minute = time (NULL);
 
-  /* Check whether the scdaemon has died and cleanup in this case. */
-  agent_scd_check_aliveness ();
-
   /* If we are running as a child of another process, check whether
      the parent is still alive and shutdown if not. */
 #ifndef HAVE_W32_SYSTEM
@@ -2387,7 +2359,7 @@ handle_tick (void)
         {
           shutdown_pending = 2;
           log_info ("parent process died - shutting down\n");
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
           cleanup ();
           agent_exit (0);
         }
@@ -2425,7 +2397,7 @@ agent_sighup_action (void)
   log_info ("SIGHUP received - "
             "re-reading configuration and flushing cache\n");
 
-  agent_flush_cache ();
+  agent_flush_cache (0);
   reread_configuration ();
   agent_reload_trustlist ();
   /* We flush the module name cache so that after installing a
@@ -2433,8 +2405,8 @@ agent_sighup_action (void)
      "pinentry-basic" fallback was in use.  */
   gnupg_module_name_flush_some ();
 
-  if (opt.disable_scdaemon)
-    agent_card_killscd ();
+  if (opt.disable_daemon[DAEMON_SCD])
+    agent_kill_daemon (DAEMON_SCD);
 }
 
 
@@ -2468,7 +2440,7 @@ handle_signal (int signo)
          logging system.  */
       /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
       agent_query_dump_state ();
-      agent_scd_dump_state ();
+      agent_daemon_dump_state ();
       break;
 
     case SIGUSR2:
@@ -2485,7 +2457,7 @@ handle_signal (int signo)
       if (shutdown_pending > 2)
         {
           log_info ("shutdown forced\n");
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
           cleanup ();
           agent_exit (0);
 	}
@@ -2493,7 +2465,7 @@ handle_signal (int signo)
 
     case SIGINT:
       log_info ("SIGINT received - immediate shutdown\n");
-      log_info( "%s %s stopped\n", strusage(11), strusage(13));
+      log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
       cleanup ();
       agent_exit (0);
       break;
@@ -2615,7 +2587,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
   if (!data)
     goto leave;
 
-  /* log_printhex (data, 20, "request:"); */
+  /* log_printhex ("request:", data, 20); */
 
   ctrl = xtrycalloc (1, sizeof *ctrl);
   if (!ctrl)
@@ -2636,7 +2608,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
   if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
     ret = 1; /* Valid ssh message has been constructed.  */
   agent_deinit_default_ctrl (ctrl);
-  /* log_printhex (data, 20, "  reply:"); */
+  /* log_printhex ("  reply:", data, 20); */
 
  leave:
   xfree (ctrl);
@@ -2871,7 +2843,7 @@ handle_connections (gnupg_fd_t listen_fd,
   sigs = 0;
   ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
 # else
-  events[0] = get_agent_scd_notify_event ();
+  events[0] = get_agent_daemon_notify_event ();
   events[1] = INVALID_HANDLE_VALUE;
 # endif
 #endif
@@ -3113,7 +3085,7 @@ handle_connections (gnupg_fd_t listen_fd,
   if (home_inotify_fd != -1)
     close (home_inotify_fd);
   cleanup ();
-  log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
+  log_info (_("%s %s stopped\n"), gpgrt_strusage(11), gpgrt_strusage(13));
   npth_attr_destroy (&tattr);
 }
 
diff --git a/agent/gpg-agent.w32-manifest.in b/agent/gpg-agent.w32-manifest.in
deleted file mode 100644
index d865aef..0000000
--- a/agent/gpg-agent.w32-manifest.in
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
-<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-<description>GNU Privacy Guard (Private key daemon)</description>
-<assemblyIdentity
-    type="win32"
-    name="GnuPG.gpg-agent"
-    version="@BUILD_VERSION@"
-    />
-<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
-  <application>
-    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><!-- 10 -->
-    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
-    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
-    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
-    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><!-- Vista -->
-  </application>
-</compatibility>
-</assembly>
diff --git a/agent/learncard.c b/agent/learncard.c
index 2e491e1..678ff9b 100644
--- a/agent/learncard.c
+++ b/agent/learncard.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
 
@@ -40,7 +39,7 @@ struct keypair_info_s
   char hexgrip[1];   /* The keygrip (i.e. a hash over the public key
                         parameters) formatted as a hex string.
                         Allocated somewhat large to also act as
-                        memeory for the above ID field. */
+                        memory for the above ID field. */
 };
 typedef struct keypair_info_s *KEYPAIR_INFO;
 
@@ -402,21 +401,14 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
         continue; /* The key is already available. */
 
       /* Unknown key - store it. */
-      rc = agent_card_readkey (ctrl, item->id, &pubkey);
+      rc = agent_card_readkey (ctrl, item->id, &pubkey, NULL);
       if (rc)
         {
           log_debug ("agent_card_readkey failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
 
-      {
-        char *dispserialno;
-
-        agent_card_getattr (ctrl, "$DISPSERIALNO", &dispserialno);
-        rc = agent_write_shadow_key (0, grip, serialno, item->id, pubkey,
-                                     force, dispserialno);
-        xfree (dispserialno);
-      }
+      rc = agent_write_shadow_key (grip, serialno, item->id, pubkey, force);
       xfree (pubkey);
       if (rc)
         goto leave;
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 6aed96b..16a15b9 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
 
@@ -34,14 +33,15 @@
    Try to get the key from CTRL and write the decoded stuff back to
    OUTFP.   The padding information is stored at R_PADDING with -1
    for not known.  */
-int
+gpg_error_t
 agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                  const unsigned char *ciphertext, size_t ciphertextlen,
                  membuf_t *outbuf, int *r_padding)
 {
   gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL;
   unsigned char *shadow_info = NULL;
-  int rc;
+  gpg_error_t err = 0;
+  int no_shadow_info = 0;
   char *buf = NULL;
   size_t len;
 
@@ -50,15 +50,15 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   if (!ctrl->have_keygrip)
     {
       log_error ("speculative decryption not yet supported\n");
-      rc = gpg_error (GPG_ERR_NO_SECKEY);
+      err = gpg_error (GPG_ERR_NO_SECKEY);
       goto leave;
     }
 
-  rc = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
-  if (rc)
+  err = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
+  if (err)
     {
-      log_error ("failed to convert ciphertext: %s\n", gpg_strerror (rc));
-      rc = gpg_error (GPG_ERR_INV_DATA);
+      log_error ("failed to convert ciphertext: %s\n", gpg_strerror (err));
+      err = gpg_error (GPG_ERR_INV_DATA);
       goto leave;
     }
 
@@ -67,31 +67,36 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
       log_printhex (ctrl->keygrip, 20, "keygrip:");
       log_printhex (ciphertext, ciphertextlen, "cipher: ");
     }
-  rc = agent_key_from_file (ctrl, NULL, desc_text,
-                            ctrl->keygrip, &shadow_info,
-                            CACHE_MODE_NORMAL, NULL, &s_skey, NULL);
-  if (rc)
+  err = agent_key_from_file (ctrl, NULL, desc_text,
+                             ctrl->keygrip, &shadow_info,
+                             CACHE_MODE_NORMAL, NULL, &s_skey, NULL);
+  if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
+    no_shadow_info = 1;
+  else if (err)
     {
-      if (gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
+      if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
         log_error ("failed to read the secret key\n");
       goto leave;
     }
 
-  if (shadow_info)
+  if (shadow_info || no_shadow_info)
     { /* divert operation to the smartcard */
 
       if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
         {
-          rc = gpg_error (GPG_ERR_INV_SEXP);
+          err = gpg_error (GPG_ERR_INV_SEXP);
           goto leave;
         }
 
-      rc = divert_pkdecrypt (ctrl, desc_text, ciphertext,
-                             ctrl->keygrip, shadow_info,
-                             &buf, &len, r_padding);
-      if (rc)
+      if (agent_is_tpm2_key (s_skey))
+	err = divert_tpm2_pkdecrypt (ctrl, desc_text, ciphertext, shadow_info,
+                                     &buf, &len, r_padding);
+      else
+        err = divert_pkdecrypt (ctrl, desc_text, ctrl->keygrip, ciphertext,
+                                shadow_info, &buf, &len, r_padding);
+      if (err)
         {
-          log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
+          log_error ("smartcard decryption failed: %s\n", gpg_strerror (err));
           goto leave;
         }
 
@@ -107,10 +112,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
 /*           gcry_sexp_dump (s_skey); */
 /*         } */
 
-      rc = gcry_pk_decrypt (&s_plain, s_cipher, s_skey);
-      if (rc)
+      err = gcry_pk_decrypt (&s_plain, s_cipher, s_skey);
+      if (err)
         {
-          log_error ("decryption failed: %s\n", gpg_strerror (rc));
+          log_error ("decryption failed: %s\n", gpg_strerror (err));
           goto leave;
         }
 
@@ -120,10 +125,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
           gcry_sexp_dump (s_plain);
         }
       len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, NULL, 0);
-      assert (len);
+      log_assert (len);
       buf = xmalloc (len);
       len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
-      assert (len);
+      log_assert (len);
       if (*buf == '(')
         put_membuf (outbuf, buf, len);
       else
@@ -143,5 +148,5 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   gcry_sexp_release (s_cipher);
   xfree (buf);
   xfree (shadow_info);
-  return rc;
+  return err;
 }
diff --git a/agent/pksign.c b/agent/pksign.c
index 09d61b8..b877add 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -24,8 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
-#include <unistd.h>
 #include <sys/stat.h>
 
 #include "agent.h"
@@ -46,32 +44,27 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
       int i;
 
       s = gcry_md_algo_name (algo);
-      if (s && strlen (s) < 16)
+      if (!s || strlen (s) >= 16)
+        {
+          hash = NULL;
+          rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+        }
+      else
 	{
-	  for (i=0; i < strlen (s); i++)
-	    tmp[i] = tolower (s[i]);
+	  for (i=0; s[i]; i++)
+	    tmp[i] = ascii_tolower (s[i]);
 	  tmp[i] = '\0';
-	}
 
-      rc = gcry_sexp_build (&hash, NULL,
-			    "(data (flags pkcs1) (hash %s %b))",
-			    tmp, (int)mdlen, md);
+          rc = gcry_sexp_build (&hash, NULL,
+                                "(data (flags pkcs1) (hash %s %b))",
+                                tmp, (int)mdlen, md);
+	}
     }
   else
     {
-      gcry_mpi_t mpi;
-
-      rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL);
-      if (!rc)
-	{
-	  rc = gcry_sexp_build (&hash, NULL,
-				"(data (flags raw) (value %m))",
-				mpi);
-	  gcry_mpi_release (mpi);
-	}
-      else
-        hash = NULL;
-
+      rc = gcry_sexp_build (&hash, NULL,
+                            "(data (flags raw) (value %b))",
+                            (int)mdlen, md);
     }
 
   *r_hash = hash;
@@ -136,15 +129,20 @@ rfc6979_hash_algo_string (size_t mdlen)
 /* Encode a message digest for use with the EdDSA algorithm
    (i.e. curve Ed25519). */
 static gpg_error_t
-do_encode_eddsa (const byte *md, size_t mdlen, gcry_sexp_t *r_hash)
+do_encode_eddsa (size_t nbits, const byte *md, size_t mdlen,
+                 gcry_sexp_t *r_hash)
 {
   gpg_error_t err;
   gcry_sexp_t hash;
+  const char *fmt;
+
+  if (nbits == 448)
+    fmt = "(data(value %b))";
+  else
+    fmt = "(data(flags eddsa)(hash-algo sha512)(value %b))";
 
   *r_hash = NULL;
-  err = gcry_sexp_build (&hash, NULL,
-                         "(data(flags eddsa)(hash-algo sha512)(value %b))",
-                         (int)mdlen, md);
+  err = gcry_sexp_build (&hash, NULL, fmt, (int)mdlen, md);
   if (!err)
     *r_hash = hash;
   return err;
@@ -162,7 +160,7 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey,
 
   *r_hash = NULL;
 
-  if (pkalgo == GCRY_PK_ECDSA)
+  if (pkalgo == GCRY_PK_ECC)
     qbits = gcry_pk_get_nbits (pkey);
   else if (pkalgo == GCRY_PK_DSA)
     qbits = get_dsa_qbits (pkey);
@@ -189,10 +187,10 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey,
       return gpg_error (GPG_ERR_INV_LENGTH);
     }
 
-  /* ECDSA 521 is special has it is larger than the largest hash
+  /* ECDSA 521 is special as it is larger than the largest hash
      we have (SHA-512).  Thus we change the size for further
      processing to 512.  */
-  if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
+  if (pkalgo == GCRY_PK_ECC && qbits > 512)
     qbits = 512;
 
   /* Check if we're too short.  Too long is safe as we'll
@@ -250,13 +248,13 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits,
   frame[n++] = 0;
   frame[n++] = 1; /* Block type. */
   i = nframe - mdlen - 3 ;
-  assert (i >= 8); /* At least 8 bytes of padding.  */
+  log_assert (i >= 8); /* At least 8 bytes of padding.  */
   memset (frame+n, 0xff, i );
   n += i;
   frame[n++] = 0;
   memcpy (frame+n, md, mdlen );
   n += mdlen;
-  assert (n == nframe);
+  log_assert (n == nframe);
 
   /* Create the S-expression.  */
   rc = gcry_sexp_build (&hash, NULL,
@@ -291,15 +289,22 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
   gcry_sexp_t s_hash = NULL;
   gcry_sexp_t s_pkey = NULL;
   unsigned char *shadow_info = NULL;
+  int no_shadow_info = 0;
   const unsigned char *data;
   int datalen;
   int check_signature = 0;
+  int algo;
 
   if (overridedata)
     {
       data = overridedata;
       datalen = overridedatalen;
     }
+  else if (ctrl->digest.data)
+    {
+      data = ctrl->digest.data;
+      datalen = ctrl->digest.valuelen;
+    }
   else
     {
       data = ctrl->digest.value;
@@ -312,52 +317,97 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
   err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
                              &shadow_info, cache_mode, lookup_ttl,
                              &s_skey, NULL);
-  if (err)
+  if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
+    no_shadow_info = 1;
+  else if (err)
     {
-      if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
-        log_error ("failed to read the secret key\n");
+      log_error ("failed to read the secret key\n");
       goto leave;
     }
+  else
+    algo = get_pk_algo_from_key (s_skey);
 
-  if (shadow_info)
+  if (shadow_info || no_shadow_info)
     {
-      /* Divert operation to the smartcard */
+      /* Divert operation to the smartcard.  With NO_SHADOW_INFO set
+       * we don't have the keystub but we want to see whether the key
+       * is on the active card.  */
       size_t len;
       unsigned char *buf = NULL;
-      int key_type;
-      int is_RSA = 0;
-      int is_ECDSA = 0;
-      int is_EdDSA = 0;
 
-      err = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
-      if (err)
+      if (no_shadow_info)
         {
-          log_error ("failed to read the public key\n");
-          goto leave;
-        }
+          /* Try to get the public key from the card or fail with the
+           * original NO_SECKEY error.  We also write a stub file (we
+           * are here only because no stub exists). */
+          char *serialno;
+          unsigned char *pkbuf = NULL;
+          size_t pkbuflen;
+          char hexgrip[2*KEYGRIP_LEN+1];
+          char *keyref;
+
+          if (agent_card_serialno (ctrl, &serialno, NULL))
+            {
+              /* No card available or error reading the card.  */
+              err = gpg_error (GPG_ERR_NO_SECKEY);
+              goto leave;
+            }
+          bin2hex (ctrl->keygrip, KEYGRIP_LEN, hexgrip);
+          if (agent_card_readkey (ctrl, hexgrip, &pkbuf, &keyref))
+            {
+              /* No such key on the card.  */
+              xfree (serialno);
+              err = gpg_error (GPG_ERR_NO_SECKEY);
+              goto leave;
+            }
+          pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
+          err = gcry_sexp_sscan (&s_pkey, NULL, (char*)pkbuf, pkbuflen);
+          if (err)
+            {
+              xfree (serialno);
+              xfree (pkbuf);
+              xfree (keyref);
+              log_error ("%s: corrupted key returned by scdaemon\n", __func__);
+              goto leave;
+            }
 
-      if (agent_is_eddsa_key (s_skey))
-        is_EdDSA = 1;
+          if (keyref)
+            agent_write_shadow_key (ctrl->keygrip, serialno, keyref, pkbuf, 0);
+
+          algo = get_pk_algo_from_key (s_pkey);
+
+          xfree (serialno);
+          xfree (pkbuf);
+          xfree (keyref);
+        }
       else
         {
-          key_type = agent_is_dsa_key (s_skey);
-          if (key_type == 0)
-            is_RSA = 1;
-          else if (key_type == GCRY_PK_ECDSA)
-            is_ECDSA = 1;
+          /* Get the public key from the stub file.  */
+          err = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
+          if (err)
+            {
+              log_error ("failed to read the public key\n");
+              goto leave;
+            }
         }
 
       {
         char *desc2 = NULL;
 
         if (desc_text)
-          agent_modify_description (desc_text, NULL, s_skey, &desc2);
-
-        err = divert_pksign (ctrl, desc2? desc2 : desc_text,
-                             data, datalen,
-                             ctrl->digest.algo,
-                             ctrl->keygrip,
-                             shadow_info, &buf, &len);
+          agent_modify_description (desc_text, NULL, s_pkey, &desc2);
+
+	if (agent_is_tpm2_key (s_skey))
+	  err = divert_tpm2_pksign (ctrl, desc2? desc2 : desc_text,
+				    data, datalen,
+				    ctrl->digest.algo,
+				    shadow_info, &buf, &len);
+	else
+	  err = divert_pksign (ctrl, desc2? desc2 : desc_text,
+			       ctrl->keygrip,
+			       data, datalen,
+			       ctrl->digest.algo,
+			       shadow_info, &buf, &len);
         xfree (desc2);
       }
       if (err)
@@ -366,77 +416,67 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
           goto leave;
         }
 
-      if (is_RSA)
+      if (algo == GCRY_PK_RSA)
         {
+          unsigned char *p = buf;
+
           check_signature = 1;
-          if (*buf & 0x80)
+
+          /*
+           * Smartcard returns fixed-size data, which is good for
+           * PKCS1.  If variable-size unsigned MPI is needed, remove
+           * zeros.
+           */
+          if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1
+              || ctrl->digest.raw_value)
             {
-              len++;
-              buf = xtryrealloc (buf, len);
-              if (!buf)
-                goto leave;
+              int i;
 
-              memmove (buf + 1, buf, len - 1);
-              *buf = 0;
+              for (i = 0; i < len - 1; i++)
+                if (p[i])
+                  break;
+              p += i;
+              len -= i;
             }
 
           err = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))",
-                                 (int)len, buf);
+                                 (int)len, p);
         }
-      else if (is_EdDSA)
+      else if (algo == GCRY_PK_EDDSA)
         {
           err = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))",
                                  (int)len/2, buf, (int)len/2, buf + len/2);
         }
-      else if (is_ECDSA)
+      else if (algo == GCRY_PK_ECC)
         {
-          unsigned char *r_buf_allocated = NULL;
-          unsigned char *s_buf_allocated = NULL;
           unsigned char *r_buf, *s_buf;
           int r_buflen, s_buflen;
+          int i;
 
           r_buflen = s_buflen = len/2;
 
-          if (*buf & 0x80)
-            {
-              r_buflen++;
-              r_buf_allocated = xtrymalloc (r_buflen);
-              if (!r_buf_allocated)
-                {
-                  err = gpg_error_from_syserror ();
-                  goto leave;
-                }
-
-              r_buf = r_buf_allocated;
-              memcpy (r_buf + 1, buf, len/2);
-              *r_buf = 0;
-            }
-          else
-            r_buf = buf;
-
-          if (*(buf + len/2) & 0x80)
-            {
-              s_buflen++;
-              s_buf_allocated = xtrymalloc (s_buflen);
-              if (!s_buf_allocated)
-                {
-                  err = gpg_error_from_syserror ();
-                  xfree (r_buf_allocated);
-                  goto leave;
-                }
-
-              s_buf = s_buf_allocated;
-              memcpy (s_buf + 1, buf + len/2, len/2);
-              *s_buf = 0;
-            }
-          else
-            s_buf = buf + len/2;
+          /*
+           * Smartcard returns fixed-size data.  For ECDSA signature,
+           * variable-size unsigned MPI is assumed, thus, remove
+           * zeros.
+           */
+          r_buf = buf;
+          for (i = 0; i < r_buflen - 1; i++)
+            if (r_buf[i])
+              break;
+          r_buf += i;
+          r_buflen -= i;
+
+          s_buf = buf + len/2;
+          for (i = 0; i < s_buflen - 1; i++)
+            if (s_buf[i])
+              break;
+          s_buf += i;
+          s_buflen -= i;
 
           err = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))",
                                  r_buflen, r_buf,
                                  s_buflen, s_buf);
-          xfree (r_buf_allocated);
-          xfree (s_buf_allocated);
         }
       else
         err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
@@ -451,21 +491,26 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
     }
   else
     {
-      /* No smartcard, but a private key */
-      int dsaalgo = 0;
+      /* No smartcard, but a private key (in S_SKEY). */
 
       /* Put the hash into a sexp */
-      if (agent_is_eddsa_key (s_skey))
-        err = do_encode_eddsa (data, datalen,
+      if (algo == GCRY_PK_EDDSA)
+        err = do_encode_eddsa (gcry_pk_get_nbits (s_skey), data, datalen,
                                &s_hash);
       else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
         err = do_encode_raw_pkcs1 (data, datalen,
                                    gcry_pk_get_nbits (s_skey),
                                    &s_hash);
-      else if ( (dsaalgo = agent_is_dsa_key (s_skey)) )
+      else if (algo == GCRY_PK_DSA || algo == GCRY_PK_ECC)
         err = do_encode_dsa (data, datalen,
-                             dsaalgo, s_skey,
+                             algo, s_skey,
                              &s_hash);
+      else if (ctrl->digest.is_pss)
+        {
+          log_info ("signing with rsaPSS is currently only supported"
+                    " for (some) smartcards\n");
+          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+        }
       else
         err = do_encode_md (data, datalen,
                             ctrl->digest.algo,
@@ -495,14 +540,23 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
   /* Check that the signature verification worked and nothing is
    * fooling us e.g. by a bug in the signature create code or by
    * deliberately introduced faults.  Because Libgcrypt 1.7 does this
-   * for RSA internally there is no need to do it here again.  */
+   * for RSA internally there is no need to do it here again.  We do
+   * this always for card based RSA keys, though.  */
   if (check_signature)
     {
       gcry_sexp_t sexp_key = s_pkey? s_pkey: s_skey;
 
       if (s_hash == NULL)
         {
-          if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
+          if (ctrl->digest.is_pss)
+            {
+              err = gcry_sexp_build (&s_hash, NULL,
+                                     "(data (flags raw) (value %b))",
+                                     (int)datalen, data);
+            }
+          else if (algo == GCRY_PK_DSA || algo == GCRY_PK_ECC)
+            err = do_encode_dsa (data, datalen, algo, sexp_key, &s_hash);
+          else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
             err = do_encode_raw_pkcs1 (data, datalen,
                                        gcry_pk_get_nbits (sexp_key), &s_hash);
           else
@@ -517,6 +571,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
         {
           log_error (_("checking created signature failed: %s\n"),
                      gpg_strerror (err));
+          if (DBG_CRYPTO)
+            {
+              gcry_log_debugsxp ("verify s_hsh", s_hash);
+              gcry_log_debugsxp ("verify s_sig", s_sig);
+              gcry_log_debugsxp ("verify s_key", sexp_key);
+            }
           gcry_sexp_release (s_sig);
           s_sig = NULL;
         }
diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c
index c5aeafe..df6da00 100644
--- a/agent/preset-passphrase.c
+++ b/agent/preset-passphrase.c
@@ -26,7 +26,6 @@
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #ifdef HAVE_LOCALE_H
@@ -70,7 +69,7 @@ aTest };
 
 static const char *opt_passphrase;
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   { 301, NULL, 0, N_("@Options:\n ") },
 
@@ -91,7 +90,7 @@ my_strusage (int level)
   const char *p;
   switch (level)
     {
-    case  9: p = "GPL-3.0-or-later"; break;
+      case  9: p = "GPL-3.0-or-later"; break;
     case 11: p = "gpg-preset-passphrase (@GNUPG@)";
       break;
     case 13: p = VERSION; break;
@@ -207,12 +206,12 @@ forget_passphrase (const char *keygrip)
 int
 main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int cmd = 0;
   const char *keygrip = NULL;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("gpg-preset-passphrase", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
@@ -222,7 +221,7 @@ main (int argc, char **argv)
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -236,14 +235,15 @@ main (int argc, char **argv)
         default : pargs.err = 2; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
   if (log_get_errorcount(0))
     exit(2);
 
   if (argc == 1)
     keygrip = *argv;
   else
-    usage (1);
+    gpgrt_usage (1);
 
   /* Tell simple-pwquery about the standard socket name.  */
   {
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index fb2c71d..1fcbd11 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -26,7 +26,6 @@
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #ifdef HAVE_LOCALE_H
@@ -104,7 +103,7 @@ static char *get_passphrase (int promptno);
 static void release_passphrase (char *pw);
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (300, N_("@Commands:\n ")),
 
   ARGPARSE_c (oProtect,   "protect",   "protect a private key"),
@@ -202,10 +201,10 @@ make_canonical (const char *fname, const char *buf, size_t buflen)
       return NULL;
     }
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
-  assert (len);
+  log_assert (len);
   result = xmalloc (len);
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, result, len);
-  assert (len);
+  log_assert (len);
   gcry_sexp_release (sexp);
   return result;
 }
@@ -226,10 +225,10 @@ make_advanced (const unsigned char *buf, size_t buflen)
       return NULL;
     }
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
-  assert (len);
+  log_assert (len);
   result = xmalloc (len);
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
-  assert (len);
+  log_assert (len);
   gcry_sexp_release (sexp);
   return result;
 }
@@ -238,7 +237,7 @@ make_advanced (const unsigned char *buf, size_t buflen)
 static char *
 read_file (const char *fname, size_t *r_length)
 {
-  FILE *fp;
+  estream_t fp;
   char *buf;
   size_t buflen;
 
@@ -246,10 +245,8 @@ read_file (const char *fname, size_t *r_length)
     {
       size_t nread, bufsize = 0;
 
-      fp = stdin;
-#ifdef HAVE_DOSISH_SYSTEM
-      setmode ( fileno(fp) , O_BINARY );
-#endif
+      fp = es_stdin;
+      es_set_binary (fp);
       buf = NULL;
       buflen = 0;
 #define NCHUNK 8192
@@ -261,8 +258,8 @@ read_file (const char *fname, size_t *r_length)
           else
             buf = xrealloc (buf, bufsize);
 
-          nread = fread (buf+buflen, 1, NCHUNK, fp);
-          if (nread < NCHUNK && ferror (fp))
+          nread = es_fread (buf+buflen, 1, NCHUNK, fp);
+          if (nread < NCHUNK && es_ferror (fp))
             {
               log_error ("error reading '[stdin]': %s\n", strerror (errno));
               xfree (buf);
@@ -278,30 +275,30 @@ read_file (const char *fname, size_t *r_length)
     {
       struct stat st;
 
-      fp = gnupg_fopen (fname, "rb");
+      fp = es_fopen (fname, "rb");
       if (!fp)
         {
           log_error ("can't open '%s': %s\n", fname, strerror (errno));
           return NULL;
         }
 
-      if (fstat (fileno(fp), &st))
+      if (fstat (es_fileno (fp), &st))
         {
           log_error ("can't stat '%s': %s\n", fname, strerror (errno));
-          fclose (fp);
+          es_fclose (fp);
           return NULL;
         }
 
       buflen = st.st_size;
       buf = xmalloc (buflen+1);
-      if (fread (buf, buflen, 1, fp) != 1)
+      if (es_fread (buf, buflen, 1, fp) != 1)
         {
           log_error ("error reading '%s': %s\n", fname, strerror (errno));
-          fclose (fp);
+          es_fclose (fp);
           xfree (buf);
           return NULL;
         }
-      fclose (fp);
+      es_fclose (fp);
     }
 
   *r_length = buflen;
@@ -373,7 +370,7 @@ read_and_protect (const char *fname)
 static void
 read_and_unprotect (ctrl_t ctrl, const char *fname)
 {
-  int  rc;
+  gpg_error_t err;
   unsigned char *key;
   unsigned char *result;
   size_t resultlen;
@@ -384,15 +381,15 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
   if (!key)
     return;
 
-  rc = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
-                        protected_at, &result, &resultlen);
+  err = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
+                         protected_at, &result, &resultlen);
   release_passphrase (pw);
   xfree (key);
-  if (rc)
+  if (err)
     {
       if (opt_status_msg)
         log_info ("[PROTECT-TOOL:] bad-passphrase\n");
-      log_error ("unprotecting the key failed: %s\n", gpg_strerror (rc));
+      log_error ("unprotecting the key failed: %s\n", gpg_strerror (err));
       return;
     }
   if (opt.verbose)
@@ -405,6 +402,12 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
         log_info ("key protection done at [unknown]\n");
     }
 
+  err = fixup_when_ecc_private_key (result, &resultlen);
+  if (err)
+    {
+      log_error ("malformed key: %s\n", gpg_strerror (err));
+      return;
+    }
   if (opt_armor)
     {
       char *p = make_advanced (result, resultlen);
@@ -442,7 +445,7 @@ read_and_shadow (const char *fname)
       return;
     }
   resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL);
-  assert (resultlen);
+  log_assert (resultlen);
 
   if (opt_armor)
     {
@@ -478,7 +481,7 @@ show_shadow_info (const char *fname)
       return;
     }
   infolen = gcry_sexp_canon_len (info, 0, NULL,NULL);
-  assert (infolen);
+  log_assert (infolen);
 
   if (opt_armor)
     {
@@ -505,7 +508,7 @@ show_file (const char *fname)
     return;
 
   keylen = gcry_sexp_canon_len (key, 0, NULL,NULL);
-  assert (keylen);
+  log_assert (keylen);
 
   if (opt_canonical)
     {
@@ -554,19 +557,20 @@ show_keygrip (const char *fname)
   putchar ('\n');
 }
 
+
 
 
 
 int
 main (int argc, char **argv )
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int cmd = 0;
   const char *fname;
   ctrl_t ctrl;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
   log_set_prefix ("gpg-protect-tool", GPGRT_LOG_WITH_PREFIX);
 
@@ -580,7 +584,7 @@ main (int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -610,7 +614,7 @@ main (int argc, char **argv )
         default: pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (log_get_errorcount (0))
     exit (2);
@@ -619,7 +623,7 @@ main (int argc, char **argv )
   if (argc == 1)
     fname = *argv;
   else if (argc > 1)
-    usage (1);
+    gpgrt_usage (1);
 
   /* Allocate an CTRL object.  An empty object should be sufficient.  */
   ctrl = xtrycalloc (1, sizeof *ctrl);
@@ -733,7 +737,7 @@ get_passphrase (int promptno)
                    gpg_strerror (err));
       agent_exit (0);
     }
-  assert (pw);
+  log_assert (pw);
 
   return pw;
 }
@@ -810,18 +814,16 @@ agent_askpin (ctrl_t ctrl,
 int
 agent_write_private_key (const unsigned char *grip,
                          const void *buffer, size_t length, int force,
-                         time_t timestamp,
                          const char *serialno, const char *keyref,
-                         const char *dispserialno)
+                         time_t timestamp)
 {
   char hexgrip[40+4+1];
   char *p;
 
   (void)force;
-  (void)timestamp;
   (void)serialno;
   (void)keyref;
-  (void)dispserialno;
+  (void)timestamp;
 
   bin2hex (grip, 20, hexgrip);
   strcpy (hexgrip+40, ".key");
diff --git a/agent/protect.c b/agent/protect.c
index 87df685..76ead44 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -41,6 +41,7 @@
 
 #include "cvt-openpgp.h"
 #include "../common/sexp-parse.h"
+#include "../common/openpgpdefs.h"  /* For s2k functions.  */
 
 
 /* The protection mode for encryption.  The supported modes for
@@ -49,9 +50,6 @@
 #define PROT_CIPHER_STRING "aes"
 #define PROT_CIPHER_KEYLEN (128/8)
 
-/* Decode an rfc4880 encoded S2K count.  */
-#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
-
 
 /* A table containing the information needed to create a protected
    private key.  */
@@ -530,7 +528,7 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
           memcpy (p, iv+blklen, blklen); /* Add padding.  */
           p += blklen;
         }
-      assert ( p - outbuf == outlen);
+      log_assert ( p - outbuf == outlen);
       if (use_ocb)
         {
           gcry_cipher_final (hd);
@@ -720,11 +718,11 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   hash_end = s;
   s++;
   /* Skip to the end of the S-expression.  */
-  assert (depth == 1);
+  log_assert (depth == 1);
   rc = sskip (&s, &depth);
   if (rc)
     return rc;
-  assert (!depth);
+  log_assert (!depth);
   real_end = s-1;
 
   rc = do_encryption (hash_begin, hash_end - hash_begin + 1,
@@ -762,7 +760,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
 
   memcpy (p, prot_end+1, real_end - prot_end);
   p += real_end - prot_end;
-  assert ( p - *result == *resultlen);
+  log_assert ( p - *result == *resultlen);
   xfree (protected);
 
   return 0;
@@ -1001,7 +999,7 @@ merge_lists (const unsigned char *protectedkey,
 
   /* Skip over the protected list element in the original list.  */
   s = protectedkey + replacepos;
-  assert (*s == '(');
+  log_assert (*s == '(');
   s++;
   i = 1;
   rc = sskip (&s, &i);
@@ -1028,7 +1026,7 @@ merge_lists (const unsigned char *protectedkey,
   rc = sskip (&s, &i);
   if (rc)
     goto failure;
-  assert (s[-1] == ')');
+  log_assert (s[-1] == ')');
   endpos = s; /* one behind the end of the list */
 
   /* Append the rest. */
@@ -1128,7 +1126,7 @@ agent_unprotect (ctrl_t ctrl,
   if (!protect_info[infidx].algo)
     return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
 
-  /* See wether we have a protected-at timestamp.  */
+  /* See whether we have a protected-at timestamp.  */
   protect_list = s;  /* Save for later.  */
   if (protected_at)
     {
@@ -1518,9 +1516,10 @@ make_shadow_info (const char *serialno, const char *idstring)
   to. The input parameters are expected to be valid canonicalized
   S-expressions */
 int
-agent_shadow_key (const unsigned char *pubkey,
-                  const unsigned char *shadow_info,
-                  unsigned char **result)
+agent_shadow_key_type (const unsigned char *pubkey,
+                       const unsigned char *shadow_info,
+                       const unsigned char *type,
+                       unsigned char **result)
 {
   const unsigned char *s;
   const unsigned char *point;
@@ -1573,10 +1572,10 @@ agent_shadow_key (const unsigned char *pubkey,
   point = s; /* insert right before the point */
   depth--;
   s++;
-  assert (depth == 1);
+  log_assert (depth == 1);
 
   /* Calculate required length by taking in account: the "shadowed-"
-     prefix, the "shadowed", "t1-v1" as well as some parenthesis */
+     prefix, the "shadowed", shadow type as well as some parenthesis */
   n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
   *result = xtrymalloc (n);
   p = (char*)*result;
@@ -1586,7 +1585,7 @@ agent_shadow_key (const unsigned char *pubkey,
   /* (10:public-key ...)*/
   memcpy (p, pubkey+14, point - (pubkey+14));
   p += point - (pubkey+14);
-  p = stpcpy (p, "(8:shadowed5:t1-v1");
+  p += sprintf (p, "(8:shadowed%d:%s", (int)strlen(type), type);
   memcpy (p, shadow_info, shadow_info_len);
   p += shadow_info_len;
   *p++ = ')';
@@ -1596,11 +1595,20 @@ agent_shadow_key (const unsigned char *pubkey,
   return 0;
 }
 
+int
+agent_shadow_key (const unsigned char *pubkey,
+                  const unsigned char *shadow_info,
+                  unsigned char **result)
+{
+  return agent_shadow_key_type (pubkey, shadow_info, "t1-v1", result);
+}
+
 /* Parse a canonical encoded shadowed key and return a pointer to the
-   inner list with the shadow_info */
+   inner list with the shadow_info and the shadow type */
 gpg_error_t
-agent_get_shadow_info (const unsigned char *shadowkey,
-                       unsigned char const **shadow_info)
+agent_get_shadow_info_type (const unsigned char *shadowkey,
+                            unsigned char const **shadow_info,
+                            unsigned char **shadow_type)
 {
   const unsigned char *s;
   size_t n;
@@ -1652,11 +1660,19 @@ agent_get_shadow_info (const unsigned char *shadowkey,
   n = snext (&s);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
-  if (smatch (&s, n, "t1-v1"))
+  if (shadow_type) {
+    char *buf = xtrymalloc(n+1);
+    memcpy(buf, s, n);
+    buf[n] = '\0';
+    *shadow_type = buf;
+  }
+
+  if (smatch (&s, n, "t1-v1") || smatch(&s, n, "tpm2-v1"))
     {
       if (*s != '(')
         return gpg_error (GPG_ERR_INV_SEXP);
-      *shadow_info = s;
+      if (shadow_info)
+        *shadow_info = s;
     }
   else
     return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
@@ -1664,12 +1680,52 @@ agent_get_shadow_info (const unsigned char *shadowkey,
 }
 
 
+gpg_error_t
+agent_get_shadow_info (const unsigned char *shadowkey,
+                       unsigned char const **shadow_info)
+{
+  return agent_get_shadow_info_type (shadowkey, shadow_info, NULL);
+}
+
+
+int
+agent_is_tpm2_key (gcry_sexp_t s_skey)
+{
+  unsigned char *buf;
+  unsigned char *type;
+  size_t len;
+  gpg_error_t err;
+
+  err = make_canon_sexp (s_skey, &buf, &len);
+  if (err)
+    return 0;
+
+  err = agent_get_shadow_info_type (buf, NULL, &type);
+  if (err)
+    return 0;
+  xfree (buf);
+
+  err = strcmp (type, "tpm2-v1") == 0;
+  xfree (type);
+  return err;
+}
+
+
+gpg_error_t
+agent_get_shadow_type (const unsigned char *shadowkey,
+                       unsigned char **shadow_type)
+{
+  return agent_get_shadow_info_type (shadowkey, NULL, shadow_type);
+}
+
+
 /* Parse the canonical encoded SHADOW_INFO S-expression.  On success
    the hex encoded serial number is returned as a malloced strings at
    R_HEXSN and the Id string as a malloced string at R_IDSTR.  On
    error an error code is returned and NULL is stored at the result
    parameters addresses.  If the serial number or the ID string is not
-   required, NULL may be passed for them.  */
+   required, NULL may be passed for them.  Note that R_PINLEN is
+   currently not used by any caller.  */
 gpg_error_t
 parse_shadow_info (const unsigned char *shadow_info,
                    char **r_hexsn, char **r_idstr, int *r_pinlen)
@@ -1725,7 +1781,6 @@ parse_shadow_info (const unsigned char *shadow_info,
         }
       memcpy (*r_idstr, s, n);
       (*r_idstr)[n] = 0;
-      trim_spaces (*r_idstr);
     }
 
   /* Parse the optional PINLEN.  */
diff --git a/agent/sexp-secret.c b/agent/sexp-secret.c
new file mode 100644
index 0000000..b539659
--- /dev/null
+++ b/agent/sexp-secret.c
@@ -0,0 +1,142 @@
+/* sexp-secret.c - SEXP handling of the secret key
+ * Copyright (C) 2020 g10 Code GmbH.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include "agent.h"
+#include "../common/sexp-parse.h"
+
+/*
+ * When it's for ECC, fixup private key part in the cannonical SEXP
+ * representation in BUF.  If not ECC, do nothing.
+ */
+gpg_error_t
+fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p)
+{
+  const unsigned char *s;
+  char curve_name[256];
+  size_t n;
+  size_t buflen = *buflen_p;
+
+  s = buf;
+  if (*s != '(')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+  if (smatch (&s, n, "shadowed-private-key"))
+    return 0;  /* Nothing to do.  */
+  if (!smatch (&s, n, "private-key"))
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  if (*s != '(')
+    return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  s++;
+  n = snext (&s);
+  if (!smatch (&s, n, "ecc"))
+    return 0;
+
+  /* It's ECC */
+  while (*s == '(')
+    {
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (n == 5 && !memcmp (s, "curve", 5))
+        {
+          s += n;
+          n = snext (&s);
+          if (!n || n >= sizeof curve_name)
+            return gpg_error (GPG_ERR_INV_SEXP);
+
+          memcpy (curve_name, s, n);
+          curve_name[n] = 0;
+          s += n;
+        }
+      else if (n == 1 && *s == 'd')
+        {
+          unsigned char *s0;
+          size_t n0;
+
+          s += n;
+          s0 = (unsigned char *)s;
+          n = snext (&s);
+          n0 = s - s0;
+
+          if (!n)
+            return gpg_error (GPG_ERR_INV_SEXP);
+          else if (!*s /* Leading 0x00 added at the front for classic curve */
+                   && strcmp (curve_name, "Ed25519")
+                   && strcmp (curve_name, "Ed448")
+                   && strcmp (curve_name, "X448"))
+            {
+              size_t numsize;
+
+              n--;
+              buflen--;
+              numsize = snprintf (s0, s-s0+1, "%u:", (unsigned int)n);
+              memmove (s0+numsize, s+1, buflen - (s - buf));
+              memset (s0+numsize+buflen - (s - buf), 0, (n0 - numsize) + 1);
+              buflen -= (n0 - numsize);
+              s = s0+numsize+n;
+              *buflen_p = buflen;
+            }
+          else
+            s += n;
+        }
+      else
+        {
+          s += n;
+          n = snext (&s);
+          if (!n)
+            return gpg_error (GPG_ERR_INV_SEXP);
+          s += n;
+        }
+      if ( *s != ')' )
+        return gpg_error (GPG_ERR_INV_SEXP);
+      s++;
+    }
+  if (*s != ')')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+
+  return 0;
+}
+
+/*
+ * Scan BUF to get SEXP, put into RESULT.  Error offset will be in the
+ * pointer at R_ERROFF.  For ECC, the private part 'd' will be fixed
+ * up; That part may have 0x00 prefix of signed MPI encoding, which is
+ * incompatible to opaque MPI handling.
+ */
+gpg_error_t
+sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
+                        unsigned char *buf)
+{
+  gpg_error_t err;
+  size_t buflen, buflen0;
+
+  buflen = buflen0 = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+  err = fixup_when_ecc_private_key (buf, &buflen);
+  if (!err)
+    err = gcry_sexp_sscan (result, r_erroff, (char*)buf, buflen0);
+  wipememory (buf, buflen0);
+
+  return err;
+}
diff --git a/agent/trans.c b/agent/trans.c
index ff1a34e..9d090ff 100644
--- a/agent/trans.c
+++ b/agent/trans.c
@@ -28,7 +28,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
 
diff --git a/agent/trustlist.c b/agent/trustlist.c
index 086d8ae..087afbd 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/stat.h>
 #include <npth.h>
@@ -128,26 +127,8 @@ clear_trusttable (void)
 }
 
 
-/* Return the name of the system trustlist.  Caller must free.  */
-static char *
-make_sys_trustlist_name (void)
-{
-  if (opt.sys_trustlist_name
-      && (strchr (opt.sys_trustlist_name, '/')
-          || strchr (opt.sys_trustlist_name, '\\')
-          || (*opt.sys_trustlist_name == '~'
-              && opt.sys_trustlist_name[1] == '/')))
-    return make_absfilename (opt.sys_trustlist_name, NULL);
-  else
-    return make_filename (gnupg_sysconfdir (),
-                          (opt.sys_trustlist_name ?
-                           opt.sys_trustlist_name : "trustlist.txt"),
-                          NULL);
-}
-
-
 static gpg_error_t
-read_one_trustfile (const char *fname, int systrust,
+read_one_trustfile (const char *fname, int allow_include,
                     trustitem_t **addr_of_table,
                     size_t *addr_of_tablesize,
                     int *addr_of_tableidx)
@@ -206,7 +187,7 @@ read_one_trustfile (const char *fname, int systrust,
           gpg_error_t err2;
           gpg_err_code_t ec;
 
-          if (systrust)
+          if (!allow_include)
             {
               log_error (_("statement \"%s\" ignored in '%s', line %d\n"),
                          "include-default", fname, lnr);
@@ -214,7 +195,7 @@ read_one_trustfile (const char *fname, int systrust,
             }
           /* fixme: Should check for trailing garbage.  */
 
-          etcname = make_sys_trustlist_name ();
+          etcname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL);
           if ( !strcmp (etcname, fname) ) /* Same file. */
             log_info (_("statement \"%s\" ignored in '%s', line %d\n"),
                       "include-default", fname, lnr);
@@ -226,7 +207,7 @@ read_one_trustfile (const char *fname, int systrust,
             }
           else
             {
-              err2 = read_one_trustfile (etcname, 1,
+              err2 = read_one_trustfile (etcname, 0,
                                          &table, &tablesize, &tableidx);
               if (err2)
                 err = err2;
@@ -355,7 +336,7 @@ read_trustfiles (void)
   int tableidx;
   size_t tablesize;
   char *fname;
-  int systrust = 0;
+  int allow_include = 1;
   gpg_err_code_t ec;
 
   tablesize = 20;
@@ -364,24 +345,17 @@ read_trustfiles (void)
     return gpg_error_from_syserror ();
   tableidx = 0;
 
-  if (opt.no_user_trustlist)
-    fname = NULL;
-  else
+  fname = make_filename_try (gnupg_homedir (), "trustlist.txt", NULL);
+  if (!fname)
     {
-      fname = make_filename_try (gnupg_homedir (), "trustlist.txt", NULL);
-      if (!fname)
-        {
-          err = gpg_error_from_syserror ();
-          xfree (table);
-          return err;
-        }
+      err = gpg_error_from_syserror ();
+      xfree (table);
+      return err;
     }
 
-  if (!fname || (ec = gnupg_access (fname, F_OK)))
+  if ((ec = gnupg_access (fname, F_OK)))
     {
-      if (!fname)
-        ; /* --no-user-trustlist active.  */
-      else if ( ec == GPG_ERR_ENOENT )
+      if ( ec == GPG_ERR_ENOENT )
         ; /* Silently ignore a non-existing trustfile.  */
       else
         {
@@ -389,10 +363,11 @@ read_trustfiles (void)
           log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err));
         }
       xfree (fname);
-      fname = make_sys_trustlist_name ();
-      systrust = 1;
+      fname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL);
+      allow_include = 0;
     }
-  err = read_one_trustfile (fname, systrust, &table, &tablesize, &tableidx);
+  err = read_one_trustfile (fname, allow_include,
+                            &table, &tablesize, &tableidx);
   xfree (fname);
 
   if (err)
@@ -576,7 +551,7 @@ insert_colons (const char *string)
         }
     }
   *p = 0;
-  assert (strlen (buffer) <= nnew);
+  log_assert (strlen (buffer) <= nnew);
 
   return buffer;
 }
diff --git a/am/cmacros.am b/am/cmacros.am
index 9610e4e..e71bc4e 100644
--- a/am/cmacros.am
+++ b/am/cmacros.am
@@ -44,6 +44,9 @@ endif
 if GNUPG_SCDAEMON_PGM
 AM_CPPFLAGS += -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
 endif
+if GNUPG_TPM2DAEMON_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+endif
 if GNUPG_DIRMNGR_PGM
 AM_CPPFLAGS += -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
 endif
diff --git a/autogen.rc b/autogen.rc
index 3ea03e0..d10a540 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -1,7 +1,7 @@
 # autogen.sh configuration for GnuPG                           -*- sh -*-
 
 display_name=GnuPG
-
+patches_to=gnupg-devel@gnupg.org
 #version_parts=3
 
 case "$myhost:$myhostsub" in
@@ -17,25 +17,16 @@ esac
 case "$myhost" in
   w32)
     configure_opts="
-      --with-gpg-error-prefix=@SYSROOT@
-      --with-ksba-prefix=@SYSROOT@
-      --with-libgcrypt-prefix=@SYSROOT@
-      --with-libassuan-prefix=@SYSROOT@
       --with-zlib=@SYSROOT@
       --with-regex=@SYSROOT@
-      --with-npth-prefix=@SYSROOT@
       --disable-g13
+      --disable-tpm2d
       "
     ;;
 
   amd64)
     configure_opts="
-      --with-gpg-error-prefix=@SYSROOT@
-      --with-ksba-prefix=@SYSROOT@
-      --with-libgcrypt-prefix=@SYSROOT@
-      --with-libassuan-prefix=@SYSROOT@
       --with-zlib=/usr/x86_64-linux-gnu/usr
-      --with-pth-prefix=/usr/x86_64-linux-gnu/usr
      "
     ;;
 esac
diff --git a/autogen.sh b/autogen.sh
index b238550..4b511bf 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -469,6 +469,7 @@ EOF
       chmod +x  .git/hooks/commit-msg
       if [ x"${display_name}" != x ]; then
          git config format.subjectPrefix "PATCH ${display_name}"
+         git config sendemail.to "${patches_to}"
       fi
   fi
 fi
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 42817f3..fb1c23b 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -41,7 +41,7 @@
 #
 # Lists packages and versions.
 #
-# The information reyured to sign the tarballs and binaries
+# The information required to sign the tarballs and binaries
 # are expected in the developer specific file ~/.gnupg-autogen.rc".
 # Here is an example:
 #--8<---------------cut here---------------start------------->8---
@@ -130,7 +130,7 @@ help-wixlib:
 	@echo 'Alternative locations can be passed by WIXPREFIX variable'
 	@echo '  unzip -d ~/w32root/wixtools ~/Downloads/wix311-binaries.zip'
 	@echo ''
-	@echo 'Afterwards w32-release will build also a wixlib.'
+	@echo 'Afterwards w32-msi-release will also build a wixlib.'
 
 
 SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1
@@ -186,6 +186,10 @@ w32-release: check-tools
 	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
                                                    installer-from-source
 
+w32-msi-release: check-tools
+	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+                                   WITH_WIXLIB=1   installer-from-source
+
 w32-sign-installer: check-tools
 	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
                                                    sign-installer
@@ -243,9 +247,6 @@ $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST))
 $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL))
 $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY))
 $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
-$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
-$(eval $(call READ_AUTOGEN_template,OSSLPKCS11ENGINE))
-$(eval $(call READ_AUTOGEN_template,SCUTEMODULE))
 
 # All files given in AUTHENTICODE_FILES are signed before
 # they are put into the installer.
@@ -255,11 +256,9 @@ AUTHENTICODE_FILES= \
                     gpg-agent.exe             \
                     gpg-connect-agent.exe     \
                     gpg-preset-passphrase.exe \
-                    gpg-check-pattern.exe     \
                     gpg-wks-client.exe        \
                     gpg.exe                   \
                     gpgconf.exe               \
-                    gpgconf-w32.exe           \
                     gpgme-w32spawn.exe        \
                     gpgsm.exe                 \
                     gpgtar.exe                \
@@ -398,7 +397,7 @@ endif
 # Version numbers of the released packages
 gnupg_ver_this = $(shell cat $(topsrc)/VERSION)
 
-gnupg_ver        := $(shell awk '$$1=="gnupg22_ver" {print $$2}' swdb.lst)
+gnupg_ver        := $(shell awk '$$1=="gnupg24_ver" {print $$2}' swdb.lst)
 
 libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
 libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst)
@@ -408,9 +407,9 @@ npth_ver  := $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst)
 npth_sha1 := $(shell awk '$$1=="npth_sha1" {print $$2}' swdb.lst)
 npth_sha2 := $(shell awk '$$1=="npth_sha2" {print $$2}' swdb.lst)
 
-libgcrypt_ver  := $(shell awk '$$1=="libgcrypt18_ver" {print $$2}' swdb.lst)
-libgcrypt_sha1 := $(shell awk '$$1=="libgcrypt18_sha1" {print $$2}' swdb.lst)
-libgcrypt_sha2 := $(shell awk '$$1=="libgcrypt18_sha2" {print $$2}' swdb.lst)
+libgcrypt_ver  := $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst)
+libgcrypt_sha1 := $(shell awk '$$1=="libgcrypt_sha1" {print $$2}' swdb.lst)
+libgcrypt_sha2 := $(shell awk '$$1=="libgcrypt_sha2" {print $$2}' swdb.lst)
 
 libassuan_ver  := $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst)
 libassuan_sha1 := $(shell awk '$$1=="libassuan_sha1" {print $$2}' swdb.lst)
@@ -615,7 +614,7 @@ speedo_pkg_ntbtls_configure = --disable-shared
 
 ifeq ($(TARGETOS),w32)
 speedo_pkg_gnupg_configure = \
-        --disable-g13 --enable-ntbtls
+        --disable-g13 --enable-ntbtls --disable-tpm2d
 else
 speedo_pkg_gnupg_configure = --disable-g13 --enable-wks-tools
 endif
@@ -1087,7 +1086,7 @@ else
 endif
 	@touch $(stampdir)/stamp-$(1)-01-configure
 
-# Note that unpack has no 64 bit version becuase it is just the source.
+# Note that unpack has no 64 bit version because it is just the source.
 # Fixme: We should use templates to create the standard and w64
 # version of these rules.
 $(stampdir)/stamp-w64-$(1)-01-configure: $(stampdir)/stamp-$(1)-00-unpack
@@ -1259,7 +1258,7 @@ all-speedo: $(stampdir)/stamp-final
 
 report-speedo: $(addprefix report-,$(speedo_build_list))
 
-# Just to check if we catched all stamps.
+# Just to check if we caught all stamps.
 clean-stamps:
 	$(RM) -fR $(stampdir)
 
@@ -1415,7 +1414,7 @@ wixlib: installer $(bdir)/README.txt $(w32src)/wixlib.wxs
 	)
 
 define MKSWDB_commands
- ( pref="#+macro: gnupg22_w32_$(3)" ;\
+ ( pref="#+macro: gnupg24_w32_$(3)" ;\
    echo "$${pref}ver  $(INST_VERSION)_$(BUILD_DATESTR)"  ;\
    echo "$${pref}date $(2)" ;\
    echo "$${pref}size $$(wc -c <$(1)|awk '{print int($$1/1024)}')k";\
@@ -1431,20 +1430,11 @@ define AUTHENTICODE_sign
      echo "speedo: Signing via host $(AUTHENTICODE_SIGNHOST)";\
      scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
      ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \
-        /a /n '"g10 Code GmbH"' \
+        /n '"g10 Code GmbH"' \
         /tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \
         /fd sha256 /du https://gnupg.org a.exe ;\
      scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
      echo "speedo: signed file is '$(2)'" ;\
-   elif [ "$(AUTHENTICODE_KEY)" = card ]; then \
-     echo "speedo: Signing using a card";\
-     $(OSSLSIGNCODE) sign \
-       -pkcs11engine $(OSSLPKCS11ENGINE) \
-       -pkcs11module $(SCUTEMODULE) \
-       -certs $(AUTHENTICODE_CERTS) \
-       -h sha256 -n GnuPG -i https://gnupg.org \
-       -ts http://rfc3161timestamp.globalsign.com/advanced \
-       -in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \
    elif [ -e "$(AUTHENTICODE_KEY)" ]; then \
      echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
      osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
@@ -1457,14 +1447,6 @@ define AUTHENTICODE_sign
    fi
 endef
 
-# Help target for testing to sign a file.
-# Usage: make -f speedo.mk test-authenticode-sign TARGETOS=w32 FILE=foo.exe
-test-authenticode-sign:
-	(set -e; \
-	 echo "Test signining of $(FILE)" ; \
-	 $(call AUTHENTICODE_sign,"$(FILE)","$(FILE)");\
-	)
-
 
 # Build the installer from the source tarball.
 installer-from-source: dist-source
@@ -1475,7 +1457,7 @@ installer-from-source: dist-source
 	 tar xJf "../$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar.xz";\
 	 cd $(INST_NAME)-$(INST_VERSION); \
 	 $(MAKE) -f build-aux/speedo.mk this-w32-installer SELFCHECK=0;\
-	 if [ -d "$(WIXPREFIX)" ]; then \
+	 if [ -d "$(WIXPREFIX)" -a x"$(WITH_WIXLIB)" = x1 ]; then \
 		 $(MAKE) -f build-aux/speedo.mk this-w32-wixlib SELFCHECK=0;\
 	 fi; \
 	 reldate="$$(date -u +%Y-%m-%d)" ;\
@@ -1508,7 +1490,7 @@ sign-installer:
 	 exefile="../../$$exefile" ;\
 	 msifile="../../$$msifile" ;\
 	 $(call MKSWDB_commands,$${exefile},$${reldate}); \
-	 if [ -e "$${msifile}" ]; then \
+	 if [ -f "$${msifile}" ]; then \
 	   $(call MKSWDB_commands,$${msifile},$${reldate},"wixlib_"); \
 	 fi; \
 	 echo "speedo: /*" ;\
diff --git a/build-aux/speedo/patches/gpgme-1.12.0.patch b/build-aux/speedo/patches/gpgme-1.12.0.patch
deleted file mode 100755
index 1920dcf..0000000
--- a/build-aux/speedo/patches/gpgme-1.12.0.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-  From 4faa0ccf58c7a0f64f51dcbc8466add660080414 Mon Sep 17 00:00:00 2001
-  From: Werner Koch <wk@gnupg.org>
-  Date: Fri, 2 Nov 2018 11:26:19 +0100
-  Subject: [PATCH] w32: Don't use CloseHandle on an arbitrary integer.
-
-  * src/assuan-support.c (my_waitpid): Do not close the PID = it is not
-  a handle.
-  --
-
-  At some time in the distant past we might have used the process object
-  as pid which obviously required a close.  However this was changed and
-  so what we did here was to close an arbitrary handle (one which
-  matches the pid).
-
-  GnuPG-bug-id: 4237
-  Signed-off-by: Werner Koch <wk@gnupg.org>
-
-diff --git a/src/assuan-support.c b/src/assuan-support.c
-index 7fbd48a8..705088e4 100644
---- a/src/assuan-support.c
-+++ b/src/assuan-support.c
-@@ -219,7 +219,7 @@ my_waitpid (assuan_context_t ctx, pid_t pid,
-   (void)nowait;
-   (void)status;
-   (void)options;
--  CloseHandle ((HANDLE) pid);
-+  (void)pid;  /* Just a number without a kernel object.  */
- #else
-   /* We can't just release the PID, a waitpid is mandatory.  But
-      NOWAIT in POSIX systems just means the caller already did the
---
-2.11.0
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index bc41fac..6267b64 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -624,11 +624,12 @@ Section "GnuPG" SEC_gnupg
   File "bin/gpgsm.exe"
   File "bin/gpgconf.exe"
   File "bin/gpg-connect-agent.exe"
+  File "bin/gpg-card.exe"
   File "bin/gpgtar.exe"
+  File "bin/gpg-wks-client.exe"
   File "libexec/dirmngr_ldap.exe"
   File "libexec/gpg-preset-passphrase.exe"
   File "libexec/gpg-check-pattern.exe"
-  File "libexec/gpg-wks-client.exe"
 
   ClearErrors
   SetOverwrite try
@@ -1319,6 +1320,7 @@ Section "-un.gnupg"
   Delete "$INSTDIR\bin\gpgconf.exe"
   Delete "$INSTDIR\bin\gpg-connect-agent.exe"
   Delete "$INSTDIR\bin\gpgtar.exe"
+  Delete "$INSTDIR\bin\gpg-card.exe"
   Delete "$INSTDIR\bin\dirmngr_ldap.exe"
   Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
   Delete "$INSTDIR\bin\gpg-check-pattern.exe"
@@ -1328,7 +1330,6 @@ Section "-un.gnupg"
   Delete "$INSTDIR\share\doc\gnupg\examples\Automatic.prf"
   Delete "$INSTDIR\share\doc\gnupg\examples\pwpattern.list"
   RMDir  "$INSTDIR\share\doc\gnupg\examples"
-  RMDir  "$INSTDIR\share\doc\gnupg"
 
   Delete "$INSTDIR\share\gnupg\sks-keyservers.netCA.pem"
   Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel"
diff --git a/build-aux/speedo/w32/wixlib.wxs b/build-aux/speedo/w32/wixlib.wxs
index d3ffc08..f851e96 100644
--- a/build-aux/speedo/w32/wixlib.wxs
+++ b/build-aux/speedo/w32/wixlib.wxs
@@ -61,6 +61,9 @@ and then manually edited:
       <Component Id="cmp74961776CCC7B203F500FE261DC12F92" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4B">
         <File Id="filB82A767EB9971018C006215A9FDE77EF" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-connect-agent.exe"/>
       </Component>
+      <Component Id="cmp74961776CCC7B203F500FE261DC12F94" Directory="dirAA72FFDDFA224FB221D53750596B0144" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4C">
+        <File Id="filB82A767EB9971018C006215A9FDE77F1" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-card.exe"/>
+      </Component>
       <Component Id="cmp6C1FB70721B208E33DB24296B93AB93F" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FE29D2AA-3151-4421-B8C0-355F69F267A1">
         <File Id="fil563D2C0464DCE7ECADE6E15C0FC65821" KeyPath="yes" Source="$(var.SourceDir)\libexec\gpg-preset-passphrase.exe"/>
       </Component>
diff --git a/build-aux/texinfo.tex b/build-aux/texinfo.tex
index 5a17f97..9e11848 100644
--- a/build-aux/texinfo.tex
+++ b/build-aux/texinfo.tex
@@ -3,7 +3,7 @@
 % Load plain if necessary, i.e., if running under initex.
 \expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
 %
-\def\texinfoversion{2007-05-03.09}
+\def\texinfoversion{2018-10-25.16}
 %
 % Copyright (C) 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
 % 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
@@ -4598,7 +4598,7 @@ end
 \chardef\maxseclevel = 3
 %
 % A numbered section within an unnumbered changes to unnumbered too.
-% To achive this, remember the "biggest" unnum. sec. we are currently in:
+% To achieve this, remember the "biggest" unnum. sec. we are currently in:
 \chardef\unmlevel = \maxseclevel
 %
 % Trace whether the current chapter is an appendix or not:
diff --git a/common/Makefile.am b/common/Makefile.am
index bd281d6..2621634 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -52,14 +52,14 @@ common_sources = \
 	mapstrings.c stringhelp.c stringhelp.h \
 	strlist.c strlist.h \
 	utf8conv.c utf8conv.h \
-	argparse.c argparse.h \
-	logging.c logging.h  \
+	logging.h  \
 	dotlock.c dotlock.h  \
         mischelp.c mischelp.h \
 	status.c status.h\
 	shareddefs.h \
 	openpgpdefs.h \
 	gc-opt-flags.h \
+	keyserver.h \
 	sexp-parse.h \
 	tlv.c tlv.h tlv-builder.c \
 	init.c init.h \
@@ -86,7 +86,7 @@ common_sources = \
 	localename.c \
 	session-env.c session-env.h \
 	userids.c userids.h \
-	openpgp-oid.c \
+	openpgp-oid.c openpgp-s2k.c \
 	ssh-utils.c ssh-utils.h \
 	agent-opt.c \
 	helpfile.c \
@@ -97,8 +97,8 @@ common_sources = \
 	name-value.c name-value.h \
 	recsel.c recsel.h \
 	ksba-io-support.c ksba-io-support.h \
-	openpgp-fpr.c \
-	compliance.c compliance.h
+	compliance.c compliance.h \
+	pkscreening.c pkscreening.h
 
 
 if HAVE_W32_SYSTEM
diff --git a/common/Makefile.in b/common/Makefile.in
index d78f9c0..73e60d3 100644
--- a/common/Makefile.in
+++ b/common/Makefile.in
@@ -142,33 +142,33 @@ noinst_PROGRAMS = $(am__EXEEXT_3) $(am__EXEEXT_4)
 @GNUPG_AGENT_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-@HAVE_W32_SYSTEM_TRUE@am__append_9 = w32-reg.c w32-cmdline.c
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_9 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_10 = w32-reg.c w32-cmdline.c
 
 # To make the code easier to read we have split home some code into
 # separate source files.
-@HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__append_10 = exechelp-w32ce.c
-@HAVE_W32CE_SYSTEM_FALSE@@HAVE_W32_SYSTEM_TRUE@am__append_11 = exechelp-w32.c
-@HAVE_W32_SYSTEM_FALSE@am__append_12 = exechelp-posix.c
-@HAVE_W32CE_SYSTEM_FALSE@am__append_13 = t-exechelp t-exectool
-@HAVE_W32_SYSTEM_TRUE@am__append_14 = t-w32-reg
+@HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__append_11 = exechelp-w32ce.c
+@HAVE_W32CE_SYSTEM_FALSE@@HAVE_W32_SYSTEM_TRUE@am__append_12 = exechelp-w32.c
+@HAVE_W32_SYSTEM_FALSE@am__append_13 = exechelp-posix.c
+@HAVE_W32CE_SYSTEM_FALSE@am__append_14 = t-exechelp t-exectool
+@HAVE_W32_SYSTEM_TRUE@am__append_15 = t-w32-reg
 subdir = common
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -202,23 +202,24 @@ libcommon_a_LIBADD =
 am__libcommon_a_SOURCES_DIST = common-defs.h util.h utilproto.h \
 	fwddecl.h i18n.c i18n.h types.h host2net.h dynload.h w32help.h \
 	mapstrings.c stringhelp.c stringhelp.h strlist.c strlist.h \
-	utf8conv.c utf8conv.h argparse.c argparse.h logging.c \
-	logging.h dotlock.c dotlock.h mischelp.c mischelp.h status.c \
-	status.h shareddefs.h openpgpdefs.h gc-opt-flags.h \
-	sexp-parse.h tlv.c tlv.h tlv-builder.c init.c init.h \
-	sexputil.c sysutils.c sysutils.h homedir.c gettime.c gettime.h \
-	yesno.c b64enc.c b64dec.c zb32.c zb32.h convert.c percent.c \
-	mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
-	xreadline.c membuf.c membuf.h ccparray.c ccparray.h iobuf.c \
-	iobuf.h ttyio.c ttyio.h asshelp.c asshelp2.c asshelp.h \
-	exechelp.h signal.c audit.c audit.h localename.c session-env.c \
-	session-env.h userids.c userids.h openpgp-oid.c ssh-utils.c \
-	ssh-utils.h agent-opt.c helpfile.c mkdir_p.c mkdir_p.h \
-	exectool.c exectool.h server-help.c server-help.h name-value.c \
+	utf8conv.c utf8conv.h logging.h dotlock.c dotlock.h mischelp.c \
+	mischelp.h status.c status.h shareddefs.h openpgpdefs.h \
+	gc-opt-flags.h keyserver.h sexp-parse.h tlv.c tlv.h \
+	tlv-builder.c init.c init.h sexputil.c sysutils.c sysutils.h \
+	homedir.c gettime.c gettime.h yesno.c b64enc.c b64dec.c zb32.c \
+	zb32.h convert.c percent.c mbox-util.c mbox-util.h \
+	miscellaneous.c xasprintf.c xreadline.c membuf.c membuf.h \
+	ccparray.c ccparray.h iobuf.c iobuf.h ttyio.c ttyio.h \
+	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
+	audit.h localename.c session-env.c session-env.h userids.c \
+	userids.h openpgp-oid.c openpgp-s2k.c ssh-utils.c ssh-utils.h \
+	agent-opt.c helpfile.c mkdir_p.c mkdir_p.h exectool.c \
+	exectool.h server-help.c server-help.h name-value.c \
 	name-value.h recsel.c recsel.h ksba-io-support.c \
-	ksba-io-support.h openpgp-fpr.c compliance.c compliance.h \
-	w32-reg.c w32-cmdline.c exechelp-w32ce.c exechelp-w32.c \
-	exechelp-posix.c get-passphrase.c get-passphrase.h
+	ksba-io-support.h compliance.c compliance.h pkscreening.c \
+	pkscreening.h w32-reg.c w32-cmdline.c exechelp-w32ce.c \
+	exechelp-w32.c exechelp-posix.c get-passphrase.c \
+	get-passphrase.h
 @HAVE_W32_SYSTEM_TRUE@am__objects_1 = libcommon_a-w32-reg.$(OBJEXT) \
 @HAVE_W32_SYSTEM_TRUE@	libcommon_a-w32-cmdline.$(OBJEXT)
 @HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__objects_2 = libcommon_a-exechelp-w32ce.$(OBJEXT)
@@ -228,8 +229,7 @@ am__libcommon_a_SOURCES_DIST = common-defs.h util.h utilproto.h \
 am__objects_5 = libcommon_a-i18n.$(OBJEXT) \
 	libcommon_a-mapstrings.$(OBJEXT) \
 	libcommon_a-stringhelp.$(OBJEXT) libcommon_a-strlist.$(OBJEXT) \
-	libcommon_a-utf8conv.$(OBJEXT) libcommon_a-argparse.$(OBJEXT) \
-	libcommon_a-logging.$(OBJEXT) libcommon_a-dotlock.$(OBJEXT) \
+	libcommon_a-utf8conv.$(OBJEXT) libcommon_a-dotlock.$(OBJEXT) \
 	libcommon_a-mischelp.$(OBJEXT) libcommon_a-status.$(OBJEXT) \
 	libcommon_a-tlv.$(OBJEXT) libcommon_a-tlv-builder.$(OBJEXT) \
 	libcommon_a-init.$(OBJEXT) libcommon_a-sexputil.$(OBJEXT) \
@@ -248,6 +248,7 @@ am__objects_5 = libcommon_a-i18n.$(OBJEXT) \
 	libcommon_a-session-env.$(OBJEXT) \
 	libcommon_a-userids.$(OBJEXT) \
 	libcommon_a-openpgp-oid.$(OBJEXT) \
+	libcommon_a-openpgp-s2k.$(OBJEXT) \
 	libcommon_a-ssh-utils.$(OBJEXT) \
 	libcommon_a-agent-opt.$(OBJEXT) libcommon_a-helpfile.$(OBJEXT) \
 	libcommon_a-mkdir_p.$(OBJEXT) libcommon_a-strlist.$(OBJEXT) \
@@ -255,8 +256,8 @@ am__objects_5 = libcommon_a-i18n.$(OBJEXT) \
 	libcommon_a-server-help.$(OBJEXT) \
 	libcommon_a-name-value.$(OBJEXT) libcommon_a-recsel.$(OBJEXT) \
 	libcommon_a-ksba-io-support.$(OBJEXT) \
-	libcommon_a-openpgp-fpr.$(OBJEXT) \
-	libcommon_a-compliance.$(OBJEXT) $(am__objects_1) \
+	libcommon_a-compliance.$(OBJEXT) \
+	libcommon_a-pkscreening.$(OBJEXT) $(am__objects_1) \
 	$(am__objects_2) $(am__objects_3) $(am__objects_4)
 am__objects_6 = libcommon_a-get-passphrase.$(OBJEXT)
 am_libcommon_a_OBJECTS = $(am__objects_5) $(am__objects_6)
@@ -266,23 +267,23 @@ libcommonpth_a_LIBADD =
 am__libcommonpth_a_SOURCES_DIST = common-defs.h util.h utilproto.h \
 	fwddecl.h i18n.c i18n.h types.h host2net.h dynload.h w32help.h \
 	mapstrings.c stringhelp.c stringhelp.h strlist.c strlist.h \
-	utf8conv.c utf8conv.h argparse.c argparse.h logging.c \
-	logging.h dotlock.c dotlock.h mischelp.c mischelp.h status.c \
-	status.h shareddefs.h openpgpdefs.h gc-opt-flags.h \
-	sexp-parse.h tlv.c tlv.h tlv-builder.c init.c init.h \
-	sexputil.c sysutils.c sysutils.h homedir.c gettime.c gettime.h \
-	yesno.c b64enc.c b64dec.c zb32.c zb32.h convert.c percent.c \
-	mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
-	xreadline.c membuf.c membuf.h ccparray.c ccparray.h iobuf.c \
-	iobuf.h ttyio.c ttyio.h asshelp.c asshelp2.c asshelp.h \
-	exechelp.h signal.c audit.c audit.h localename.c session-env.c \
-	session-env.h userids.c userids.h openpgp-oid.c ssh-utils.c \
-	ssh-utils.h agent-opt.c helpfile.c mkdir_p.c mkdir_p.h \
-	exectool.c exectool.h server-help.c server-help.h name-value.c \
+	utf8conv.c utf8conv.h logging.h dotlock.c dotlock.h mischelp.c \
+	mischelp.h status.c status.h shareddefs.h openpgpdefs.h \
+	gc-opt-flags.h keyserver.h sexp-parse.h tlv.c tlv.h \
+	tlv-builder.c init.c init.h sexputil.c sysutils.c sysutils.h \
+	homedir.c gettime.c gettime.h yesno.c b64enc.c b64dec.c zb32.c \
+	zb32.h convert.c percent.c mbox-util.c mbox-util.h \
+	miscellaneous.c xasprintf.c xreadline.c membuf.c membuf.h \
+	ccparray.c ccparray.h iobuf.c iobuf.h ttyio.c ttyio.h \
+	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
+	audit.h localename.c session-env.c session-env.h userids.c \
+	userids.h openpgp-oid.c openpgp-s2k.c ssh-utils.c ssh-utils.h \
+	agent-opt.c helpfile.c mkdir_p.c mkdir_p.h exectool.c \
+	exectool.h server-help.c server-help.h name-value.c \
 	name-value.h recsel.c recsel.h ksba-io-support.c \
-	ksba-io-support.h openpgp-fpr.c compliance.c compliance.h \
-	w32-reg.c w32-cmdline.c exechelp-w32ce.c exechelp-w32.c \
-	exechelp-posix.c call-gpg.c call-gpg.h
+	ksba-io-support.h compliance.c compliance.h pkscreening.c \
+	pkscreening.h w32-reg.c w32-cmdline.c exechelp-w32ce.c \
+	exechelp-w32.c exechelp-posix.c call-gpg.c call-gpg.h
 @HAVE_W32_SYSTEM_TRUE@am__objects_7 =  \
 @HAVE_W32_SYSTEM_TRUE@	libcommonpth_a-w32-reg.$(OBJEXT) \
 @HAVE_W32_SYSTEM_TRUE@	libcommonpth_a-w32-cmdline.$(OBJEXT)
@@ -294,8 +295,6 @@ am__objects_11 = libcommonpth_a-i18n.$(OBJEXT) \
 	libcommonpth_a-stringhelp.$(OBJEXT) \
 	libcommonpth_a-strlist.$(OBJEXT) \
 	libcommonpth_a-utf8conv.$(OBJEXT) \
-	libcommonpth_a-argparse.$(OBJEXT) \
-	libcommonpth_a-logging.$(OBJEXT) \
 	libcommonpth_a-dotlock.$(OBJEXT) \
 	libcommonpth_a-mischelp.$(OBJEXT) \
 	libcommonpth_a-status.$(OBJEXT) libcommonpth_a-tlv.$(OBJEXT) \
@@ -323,6 +322,7 @@ am__objects_11 = libcommonpth_a-i18n.$(OBJEXT) \
 	libcommonpth_a-session-env.$(OBJEXT) \
 	libcommonpth_a-userids.$(OBJEXT) \
 	libcommonpth_a-openpgp-oid.$(OBJEXT) \
+	libcommonpth_a-openpgp-s2k.$(OBJEXT) \
 	libcommonpth_a-ssh-utils.$(OBJEXT) \
 	libcommonpth_a-agent-opt.$(OBJEXT) \
 	libcommonpth_a-helpfile.$(OBJEXT) \
@@ -333,8 +333,8 @@ am__objects_11 = libcommonpth_a-i18n.$(OBJEXT) \
 	libcommonpth_a-name-value.$(OBJEXT) \
 	libcommonpth_a-recsel.$(OBJEXT) \
 	libcommonpth_a-ksba-io-support.$(OBJEXT) \
-	libcommonpth_a-openpgp-fpr.$(OBJEXT) \
-	libcommonpth_a-compliance.$(OBJEXT) $(am__objects_7) \
+	libcommonpth_a-compliance.$(OBJEXT) \
+	libcommonpth_a-pkscreening.$(OBJEXT) $(am__objects_7) \
 	$(am__objects_8) $(am__objects_9) $(am__objects_10)
 am__objects_12 = libcommonpth_a-call-gpg.$(OBJEXT)
 am_libcommonpth_a_OBJECTS = $(am__objects_11) $(am__objects_12)
@@ -448,7 +448,6 @@ depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
 am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommon_a-agent-opt.Po \
-	./$(DEPDIR)/libcommon_a-argparse.Po \
 	./$(DEPDIR)/libcommon_a-asshelp.Po \
 	./$(DEPDIR)/libcommon_a-asshelp2.Po \
 	./$(DEPDIR)/libcommon_a-audit.Po \
@@ -471,7 +470,6 @@ am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommon_a-iobuf.Po \
 	./$(DEPDIR)/libcommon_a-ksba-io-support.Po \
 	./$(DEPDIR)/libcommon_a-localename.Po \
-	./$(DEPDIR)/libcommon_a-logging.Po \
 	./$(DEPDIR)/libcommon_a-mapstrings.Po \
 	./$(DEPDIR)/libcommon_a-mbox-util.Po \
 	./$(DEPDIR)/libcommon_a-membuf.Po \
@@ -479,9 +477,10 @@ am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommon_a-mischelp.Po \
 	./$(DEPDIR)/libcommon_a-mkdir_p.Po \
 	./$(DEPDIR)/libcommon_a-name-value.Po \
-	./$(DEPDIR)/libcommon_a-openpgp-fpr.Po \
 	./$(DEPDIR)/libcommon_a-openpgp-oid.Po \
+	./$(DEPDIR)/libcommon_a-openpgp-s2k.Po \
 	./$(DEPDIR)/libcommon_a-percent.Po \
+	./$(DEPDIR)/libcommon_a-pkscreening.Po \
 	./$(DEPDIR)/libcommon_a-recsel.Po \
 	./$(DEPDIR)/libcommon_a-server-help.Po \
 	./$(DEPDIR)/libcommon_a-session-env.Po \
@@ -504,7 +503,6 @@ am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommon_a-yesno.Po \
 	./$(DEPDIR)/libcommon_a-zb32.Po \
 	./$(DEPDIR)/libcommonpth_a-agent-opt.Po \
-	./$(DEPDIR)/libcommonpth_a-argparse.Po \
 	./$(DEPDIR)/libcommonpth_a-asshelp.Po \
 	./$(DEPDIR)/libcommonpth_a-asshelp2.Po \
 	./$(DEPDIR)/libcommonpth_a-audit.Po \
@@ -527,7 +525,6 @@ am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommonpth_a-iobuf.Po \
 	./$(DEPDIR)/libcommonpth_a-ksba-io-support.Po \
 	./$(DEPDIR)/libcommonpth_a-localename.Po \
-	./$(DEPDIR)/libcommonpth_a-logging.Po \
 	./$(DEPDIR)/libcommonpth_a-mapstrings.Po \
 	./$(DEPDIR)/libcommonpth_a-mbox-util.Po \
 	./$(DEPDIR)/libcommonpth_a-membuf.Po \
@@ -535,9 +532,10 @@ am__depfiles_remade = ./$(DEPDIR)/gpgrlhelp.Po \
 	./$(DEPDIR)/libcommonpth_a-mischelp.Po \
 	./$(DEPDIR)/libcommonpth_a-mkdir_p.Po \
 	./$(DEPDIR)/libcommonpth_a-name-value.Po \
-	./$(DEPDIR)/libcommonpth_a-openpgp-fpr.Po \
 	./$(DEPDIR)/libcommonpth_a-openpgp-oid.Po \
+	./$(DEPDIR)/libcommonpth_a-openpgp-s2k.Po \
 	./$(DEPDIR)/libcommonpth_a-percent.Po \
+	./$(DEPDIR)/libcommonpth_a-pkscreening.Po \
 	./$(DEPDIR)/libcommonpth_a-recsel.Po \
 	./$(DEPDIR)/libcommonpth_a-server-help.Po \
 	./$(DEPDIR)/libcommonpth_a-session-env.Po \
@@ -698,9 +696,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -709,6 +709,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -736,9 +737,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -775,13 +777,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -858,7 +863,8 @@ MAINTAINERCLEANFILES = audit-events.h status-codes.h
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_2) \
 	$(am__append_3) $(am__append_4) $(am__append_5) \
-	$(am__append_6) $(am__append_7) $(am__append_8)
+	$(am__append_6) $(am__append_7) $(am__append_8) \
+	$(am__append_9)
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
@@ -880,23 +886,22 @@ libcommontlsnpth = ../common/libcommontlsnpth.a
 common_sources = common-defs.h util.h utilproto.h fwddecl.h i18n.c \
 	i18n.h types.h host2net.h dynload.h w32help.h mapstrings.c \
 	stringhelp.c stringhelp.h strlist.c strlist.h utf8conv.c \
-	utf8conv.h argparse.c argparse.h logging.c logging.h dotlock.c \
-	dotlock.h mischelp.c mischelp.h status.c status.h shareddefs.h \
-	openpgpdefs.h gc-opt-flags.h sexp-parse.h tlv.c tlv.h \
-	tlv-builder.c init.c init.h sexputil.c sysutils.c sysutils.h \
-	homedir.c gettime.c gettime.h yesno.c b64enc.c b64dec.c zb32.c \
-	zb32.h convert.c percent.c mbox-util.c mbox-util.h \
-	miscellaneous.c xasprintf.c xreadline.c membuf.c membuf.h \
-	ccparray.c ccparray.h iobuf.c iobuf.h ttyio.c ttyio.h \
-	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
-	audit.h localename.c session-env.c session-env.h userids.c \
-	userids.h openpgp-oid.c ssh-utils.c ssh-utils.h agent-opt.c \
-	helpfile.c mkdir_p.c mkdir_p.h strlist.c strlist.h exectool.c \
-	exectool.h server-help.c server-help.h name-value.c \
-	name-value.h recsel.c recsel.h ksba-io-support.c \
-	ksba-io-support.h openpgp-fpr.c compliance.c compliance.h \
-	$(am__append_9) $(am__append_10) $(am__append_11) \
-	$(am__append_12)
+	utf8conv.h logging.h dotlock.c dotlock.h mischelp.c mischelp.h \
+	status.c status.h shareddefs.h openpgpdefs.h gc-opt-flags.h \
+	keyserver.h sexp-parse.h tlv.c tlv.h tlv-builder.c init.c \
+	init.h sexputil.c sysutils.c sysutils.h homedir.c gettime.c \
+	gettime.h yesno.c b64enc.c b64dec.c zb32.c zb32.h convert.c \
+	percent.c mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
+	xreadline.c membuf.c membuf.h ccparray.c ccparray.h iobuf.c \
+	iobuf.h ttyio.c ttyio.h asshelp.c asshelp2.c asshelp.h \
+	exechelp.h signal.c audit.c audit.h localename.c session-env.c \
+	session-env.h userids.c userids.h openpgp-oid.c openpgp-s2k.c \
+	ssh-utils.c ssh-utils.h agent-opt.c helpfile.c mkdir_p.c \
+	mkdir_p.h strlist.c strlist.h exectool.c exectool.h \
+	server-help.c server-help.h name-value.c name-value.h recsel.c \
+	recsel.h ksba-io-support.c ksba-io-support.h compliance.c \
+	compliance.h pkscreening.c pkscreening.h $(am__append_10) \
+	$(am__append_11) $(am__append_12) $(am__append_13)
 
 # Sources only useful without NPTH.
 without_npth_sources = \
@@ -925,8 +930,8 @@ libgpgrl_a_SOURCES = \
 module_tests = t-stringhelp t-timestuff t-convert t-percent t-gettime \
 	t-sysutils t-sexputil t-session-env t-openpgp-oid t-ssh-utils \
 	t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist t-name-value \
-	t-ccparray t-recsel t-w32-cmdline $(am__append_13) \
-	$(am__append_14)
+	t-ccparray t-recsel t-w32-cmdline $(am__append_14) \
+	$(am__append_15)
 @MAINTAINER_MODE_FALSE@module_maint_tests = 
 @MAINTAINER_MODE_TRUE@module_maint_tests = t-helpfile t-b64
 t_extra_src = t-support.h
@@ -1138,7 +1143,6 @@ distclean-compile:
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgrlhelp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-agent-opt.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-argparse.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-asshelp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-asshelp2.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-audit.Po@am__quote@ # am--include-marker
@@ -1161,7 +1165,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-iobuf.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-ksba-io-support.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-localename.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-logging.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mapstrings.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mbox-util.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-membuf.Po@am__quote@ # am--include-marker
@@ -1169,9 +1172,10 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mischelp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mkdir_p.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-name-value.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-openpgp-fpr.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-openpgp-oid.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-openpgp-s2k.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-percent.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-pkscreening.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-recsel.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-server-help.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-session-env.Po@am__quote@ # am--include-marker
@@ -1194,7 +1198,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-yesno.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-zb32.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-agent-opt.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-argparse.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-asshelp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-asshelp2.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-audit.Po@am__quote@ # am--include-marker
@@ -1217,7 +1220,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-iobuf.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-ksba-io-support.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-localename.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-logging.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mapstrings.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mbox-util.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-membuf.Po@am__quote@ # am--include-marker
@@ -1225,9 +1227,10 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mischelp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mkdir_p.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-name-value.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-openpgp-fpr.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-openpgp-oid.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-openpgp-s2k.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-percent.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-pkscreening.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-recsel.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-server-help.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-session-env.Po@am__quote@ # am--include-marker
@@ -1367,34 +1370,6 @@ libcommon_a-utf8conv.obj: utf8conv.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
 
-libcommon_a-argparse.o: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-argparse.o -MD -MP -MF $(DEPDIR)/libcommon_a-argparse.Tpo -c -o libcommon_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-argparse.Tpo $(DEPDIR)/libcommon_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommon_a-argparse.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-
-libcommon_a-argparse.obj: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-argparse.obj -MD -MP -MF $(DEPDIR)/libcommon_a-argparse.Tpo -c -o libcommon_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-argparse.Tpo $(DEPDIR)/libcommon_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommon_a-argparse.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-
-libcommon_a-logging.o: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-logging.o -MD -MP -MF $(DEPDIR)/libcommon_a-logging.Tpo -c -o libcommon_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-logging.Tpo $(DEPDIR)/libcommon_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommon_a-logging.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-
-libcommon_a-logging.obj: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-logging.obj -MD -MP -MF $(DEPDIR)/libcommon_a-logging.Tpo -c -o libcommon_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-logging.Tpo $(DEPDIR)/libcommon_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommon_a-logging.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-
 libcommon_a-dotlock.o: dotlock.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dotlock.o -MD -MP -MF $(DEPDIR)/libcommon_a-dotlock.Tpo -c -o libcommon_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-dotlock.Tpo $(DEPDIR)/libcommon_a-dotlock.Po
@@ -1843,6 +1818,20 @@ libcommon_a-openpgp-oid.obj: openpgp-oid.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
 
+libcommon_a-openpgp-s2k.o: openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-s2k.o -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-s2k.Tpo -c -o libcommon_a-openpgp-s2k.o `test -f 'openpgp-s2k.c' || echo '$(srcdir)/'`openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-s2k.Tpo $(DEPDIR)/libcommon_a-openpgp-s2k.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-s2k.c' object='libcommon_a-openpgp-s2k.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-s2k.o `test -f 'openpgp-s2k.c' || echo '$(srcdir)/'`openpgp-s2k.c
+
+libcommon_a-openpgp-s2k.obj: openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-s2k.obj -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-s2k.Tpo -c -o libcommon_a-openpgp-s2k.obj `if test -f 'openpgp-s2k.c'; then $(CYGPATH_W) 'openpgp-s2k.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-s2k.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-s2k.Tpo $(DEPDIR)/libcommon_a-openpgp-s2k.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-s2k.c' object='libcommon_a-openpgp-s2k.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-s2k.obj `if test -f 'openpgp-s2k.c'; then $(CYGPATH_W) 'openpgp-s2k.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-s2k.c'; fi`
+
 libcommon_a-ssh-utils.o: ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommon_a-ssh-utils.Tpo -c -o libcommon_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-ssh-utils.Tpo $(DEPDIR)/libcommon_a-ssh-utils.Po
@@ -1969,20 +1958,6 @@ libcommon_a-ksba-io-support.obj: ksba-io-support.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ksba-io-support.obj `if test -f 'ksba-io-support.c'; then $(CYGPATH_W) 'ksba-io-support.c'; else $(CYGPATH_W) '$(srcdir)/ksba-io-support.c'; fi`
 
-libcommon_a-openpgp-fpr.o: openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-fpr.o -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-fpr.Tpo -c -o libcommon_a-openpgp-fpr.o `test -f 'openpgp-fpr.c' || echo '$(srcdir)/'`openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-fpr.Tpo $(DEPDIR)/libcommon_a-openpgp-fpr.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-fpr.c' object='libcommon_a-openpgp-fpr.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-fpr.o `test -f 'openpgp-fpr.c' || echo '$(srcdir)/'`openpgp-fpr.c
-
-libcommon_a-openpgp-fpr.obj: openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-fpr.obj -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-fpr.Tpo -c -o libcommon_a-openpgp-fpr.obj `if test -f 'openpgp-fpr.c'; then $(CYGPATH_W) 'openpgp-fpr.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-fpr.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-fpr.Tpo $(DEPDIR)/libcommon_a-openpgp-fpr.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-fpr.c' object='libcommon_a-openpgp-fpr.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-fpr.obj `if test -f 'openpgp-fpr.c'; then $(CYGPATH_W) 'openpgp-fpr.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-fpr.c'; fi`
-
 libcommon_a-compliance.o: compliance.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-compliance.o -MD -MP -MF $(DEPDIR)/libcommon_a-compliance.Tpo -c -o libcommon_a-compliance.o `test -f 'compliance.c' || echo '$(srcdir)/'`compliance.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-compliance.Tpo $(DEPDIR)/libcommon_a-compliance.Po
@@ -1997,6 +1972,20 @@ libcommon_a-compliance.obj: compliance.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-compliance.obj `if test -f 'compliance.c'; then $(CYGPATH_W) 'compliance.c'; else $(CYGPATH_W) '$(srcdir)/compliance.c'; fi`
 
+libcommon_a-pkscreening.o: pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pkscreening.o -MD -MP -MF $(DEPDIR)/libcommon_a-pkscreening.Tpo -c -o libcommon_a-pkscreening.o `test -f 'pkscreening.c' || echo '$(srcdir)/'`pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-pkscreening.Tpo $(DEPDIR)/libcommon_a-pkscreening.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pkscreening.c' object='libcommon_a-pkscreening.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pkscreening.o `test -f 'pkscreening.c' || echo '$(srcdir)/'`pkscreening.c
+
+libcommon_a-pkscreening.obj: pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pkscreening.obj -MD -MP -MF $(DEPDIR)/libcommon_a-pkscreening.Tpo -c -o libcommon_a-pkscreening.obj `if test -f 'pkscreening.c'; then $(CYGPATH_W) 'pkscreening.c'; else $(CYGPATH_W) '$(srcdir)/pkscreening.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-pkscreening.Tpo $(DEPDIR)/libcommon_a-pkscreening.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pkscreening.c' object='libcommon_a-pkscreening.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pkscreening.obj `if test -f 'pkscreening.c'; then $(CYGPATH_W) 'pkscreening.c'; else $(CYGPATH_W) '$(srcdir)/pkscreening.c'; fi`
+
 libcommon_a-w32-reg.o: w32-reg.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-w32-reg.o -MD -MP -MF $(DEPDIR)/libcommon_a-w32-reg.Tpo -c -o libcommon_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-w32-reg.Tpo $(DEPDIR)/libcommon_a-w32-reg.Po
@@ -2151,34 +2140,6 @@ libcommonpth_a-utf8conv.obj: utf8conv.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
 
-libcommonpth_a-argparse.o: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-argparse.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-argparse.Tpo -c -o libcommonpth_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-argparse.Tpo $(DEPDIR)/libcommonpth_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommonpth_a-argparse.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-
-libcommonpth_a-argparse.obj: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-argparse.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-argparse.Tpo -c -o libcommonpth_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-argparse.Tpo $(DEPDIR)/libcommonpth_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommonpth_a-argparse.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-
-libcommonpth_a-logging.o: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-logging.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-logging.Tpo -c -o libcommonpth_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-logging.Tpo $(DEPDIR)/libcommonpth_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommonpth_a-logging.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-
-libcommonpth_a-logging.obj: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-logging.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-logging.Tpo -c -o libcommonpth_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-logging.Tpo $(DEPDIR)/libcommonpth_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommonpth_a-logging.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-
 libcommonpth_a-dotlock.o: dotlock.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dotlock.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-dotlock.Tpo -c -o libcommonpth_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-dotlock.Tpo $(DEPDIR)/libcommonpth_a-dotlock.Po
@@ -2627,6 +2588,20 @@ libcommonpth_a-openpgp-oid.obj: openpgp-oid.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
 
+libcommonpth_a-openpgp-s2k.o: openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-s2k.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-s2k.Tpo -c -o libcommonpth_a-openpgp-s2k.o `test -f 'openpgp-s2k.c' || echo '$(srcdir)/'`openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-s2k.Tpo $(DEPDIR)/libcommonpth_a-openpgp-s2k.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-s2k.c' object='libcommonpth_a-openpgp-s2k.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-s2k.o `test -f 'openpgp-s2k.c' || echo '$(srcdir)/'`openpgp-s2k.c
+
+libcommonpth_a-openpgp-s2k.obj: openpgp-s2k.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-s2k.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-s2k.Tpo -c -o libcommonpth_a-openpgp-s2k.obj `if test -f 'openpgp-s2k.c'; then $(CYGPATH_W) 'openpgp-s2k.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-s2k.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-s2k.Tpo $(DEPDIR)/libcommonpth_a-openpgp-s2k.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-s2k.c' object='libcommonpth_a-openpgp-s2k.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-s2k.obj `if test -f 'openpgp-s2k.c'; then $(CYGPATH_W) 'openpgp-s2k.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-s2k.c'; fi`
+
 libcommonpth_a-ssh-utils.o: ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo -c -o libcommonpth_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo $(DEPDIR)/libcommonpth_a-ssh-utils.Po
@@ -2753,20 +2728,6 @@ libcommonpth_a-ksba-io-support.obj: ksba-io-support.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ksba-io-support.obj `if test -f 'ksba-io-support.c'; then $(CYGPATH_W) 'ksba-io-support.c'; else $(CYGPATH_W) '$(srcdir)/ksba-io-support.c'; fi`
 
-libcommonpth_a-openpgp-fpr.o: openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-fpr.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-fpr.Tpo -c -o libcommonpth_a-openpgp-fpr.o `test -f 'openpgp-fpr.c' || echo '$(srcdir)/'`openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-fpr.Tpo $(DEPDIR)/libcommonpth_a-openpgp-fpr.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-fpr.c' object='libcommonpth_a-openpgp-fpr.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-fpr.o `test -f 'openpgp-fpr.c' || echo '$(srcdir)/'`openpgp-fpr.c
-
-libcommonpth_a-openpgp-fpr.obj: openpgp-fpr.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-fpr.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-fpr.Tpo -c -o libcommonpth_a-openpgp-fpr.obj `if test -f 'openpgp-fpr.c'; then $(CYGPATH_W) 'openpgp-fpr.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-fpr.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-fpr.Tpo $(DEPDIR)/libcommonpth_a-openpgp-fpr.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-fpr.c' object='libcommonpth_a-openpgp-fpr.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-fpr.obj `if test -f 'openpgp-fpr.c'; then $(CYGPATH_W) 'openpgp-fpr.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-fpr.c'; fi`
-
 libcommonpth_a-compliance.o: compliance.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-compliance.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-compliance.Tpo -c -o libcommonpth_a-compliance.o `test -f 'compliance.c' || echo '$(srcdir)/'`compliance.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-compliance.Tpo $(DEPDIR)/libcommonpth_a-compliance.Po
@@ -2781,6 +2742,20 @@ libcommonpth_a-compliance.obj: compliance.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-compliance.obj `if test -f 'compliance.c'; then $(CYGPATH_W) 'compliance.c'; else $(CYGPATH_W) '$(srcdir)/compliance.c'; fi`
 
+libcommonpth_a-pkscreening.o: pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pkscreening.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-pkscreening.Tpo -c -o libcommonpth_a-pkscreening.o `test -f 'pkscreening.c' || echo '$(srcdir)/'`pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-pkscreening.Tpo $(DEPDIR)/libcommonpth_a-pkscreening.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pkscreening.c' object='libcommonpth_a-pkscreening.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pkscreening.o `test -f 'pkscreening.c' || echo '$(srcdir)/'`pkscreening.c
+
+libcommonpth_a-pkscreening.obj: pkscreening.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pkscreening.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-pkscreening.Tpo -c -o libcommonpth_a-pkscreening.obj `if test -f 'pkscreening.c'; then $(CYGPATH_W) 'pkscreening.c'; else $(CYGPATH_W) '$(srcdir)/pkscreening.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-pkscreening.Tpo $(DEPDIR)/libcommonpth_a-pkscreening.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pkscreening.c' object='libcommonpth_a-pkscreening.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pkscreening.obj `if test -f 'pkscreening.c'; then $(CYGPATH_W) 'pkscreening.c'; else $(CYGPATH_W) '$(srcdir)/pkscreening.c'; fi`
+
 libcommonpth_a-w32-reg.o: w32-reg.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-w32-reg.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-w32-reg.Tpo -c -o libcommonpth_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-w32-reg.Tpo $(DEPDIR)/libcommonpth_a-w32-reg.Po
@@ -3119,7 +3094,6 @@ clean-am: clean-generic clean-noinstLIBRARIES clean-noinstPROGRAMS \
 distclean: distclean-am
 		-rm -f ./$(DEPDIR)/gpgrlhelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-agent-opt.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-argparse.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-asshelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-asshelp2.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-audit.Po
@@ -3142,7 +3116,6 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-iobuf.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-ksba-io-support.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-localename.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-logging.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mapstrings.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mbox-util.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-membuf.Po
@@ -3150,9 +3123,10 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-mischelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mkdir_p.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-name-value.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-fpr.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-oid.Po
+	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-s2k.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-percent.Po
+	-rm -f ./$(DEPDIR)/libcommon_a-pkscreening.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-recsel.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-server-help.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-session-env.Po
@@ -3175,7 +3149,6 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-yesno.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-zb32.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-agent-opt.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-argparse.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-asshelp.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-asshelp2.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-audit.Po
@@ -3198,7 +3171,6 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libcommonpth_a-iobuf.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-ksba-io-support.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-localename.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-logging.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mapstrings.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mbox-util.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-membuf.Po
@@ -3206,9 +3178,10 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mischelp.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mkdir_p.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-name-value.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-fpr.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-oid.Po
+	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-s2k.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-percent.Po
+	-rm -f ./$(DEPDIR)/libcommonpth_a-pkscreening.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-recsel.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-server-help.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-session-env.Po
@@ -3304,7 +3277,6 @@ installcheck-am:
 maintainer-clean: maintainer-clean-am
 		-rm -f ./$(DEPDIR)/gpgrlhelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-agent-opt.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-argparse.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-asshelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-asshelp2.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-audit.Po
@@ -3327,7 +3299,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-iobuf.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-ksba-io-support.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-localename.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-logging.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mapstrings.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mbox-util.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-membuf.Po
@@ -3335,9 +3306,10 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-mischelp.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-mkdir_p.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-name-value.Po
-	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-fpr.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-oid.Po
+	-rm -f ./$(DEPDIR)/libcommon_a-openpgp-s2k.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-percent.Po
+	-rm -f ./$(DEPDIR)/libcommon_a-pkscreening.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-recsel.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-server-help.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-session-env.Po
@@ -3360,7 +3332,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libcommon_a-yesno.Po
 	-rm -f ./$(DEPDIR)/libcommon_a-zb32.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-agent-opt.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-argparse.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-asshelp.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-asshelp2.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-audit.Po
@@ -3383,7 +3354,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libcommonpth_a-iobuf.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-ksba-io-support.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-localename.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-logging.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mapstrings.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mbox-util.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-membuf.Po
@@ -3391,9 +3361,10 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mischelp.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-mkdir_p.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-name-value.Po
-	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-fpr.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-oid.Po
+	-rm -f ./$(DEPDIR)/libcommonpth_a-openpgp-s2k.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-percent.Po
+	-rm -f ./$(DEPDIR)/libcommonpth_a-pkscreening.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-recsel.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-server-help.Po
 	-rm -f ./$(DEPDIR)/libcommonpth_a-session-env.Po
diff --git a/common/argparse.c b/common/argparse.c
deleted file mode 100644
index b63f800..0000000
--- a/common/argparse.c
+++ /dev/null
@@ -1,2809 +0,0 @@
-/* [argparse.c wk 17.06.97] Argument Parser for option handling
- * Copyright (C) 1998-2001, 2006-2008, 2012 Free Software Foundation, Inc.
- * Copyright (C) 1997-2001, 2006-2008, 2013-2017 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute and/or modify this
- * part of GnuPG under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <https://gnu.org/licenses/>.
- */
-
-/* This is a modified version of gpgrt/libgpg-error src/argparse.c.
- * We use this to require a dependency on a newer gpgrt version.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdarg.h>
-#include <limits.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-
-#include "util.h"
-#include "common-defs.h"
-#include "i18n.h"
-#include "mischelp.h"
-#include "stringhelp.h"
-#include "logging.h"
-#include "utf8conv.h"
-#include "sysutils.h"
-#include "argparse.h"
-
-
-/* Optional handler to write strings.  See gnupg_set_usage_outfnc.  */
-static int (*custom_outfnc) (int, const char *);
-
-
-#if USE_INTERNAL_ARGPARSE
-
-/* The almost always needed user handler for strusage.  */
-static const char *(*strusage_handler)( int ) = NULL;
-/* Optional handler to map strings.  See gnupg_set_fixed_string_mapper.  */
-static const char *(*fixed_string_mapper)(const char*);
-
-
-/* Hidden argparse flag used to mark the object as initialized.  */
-#define ARGPARSE_FLAG__INITIALIZED  (1u << ((8*4)-1))
-
-/* Special short options which are auto-inserterd.  Must fit into an
- * unsigned short.  */
-#define ARGPARSE_SHORTOPT_HELP 32768
-#define ARGPARSE_SHORTOPT_VERSION 32769
-#define ARGPARSE_SHORTOPT_WARRANTY 32770
-#define ARGPARSE_SHORTOPT_DUMP_OPTIONS 32771
-#define ARGPARSE_SHORTOPT_DUMP_OPTTBL 32772
-
-
-/* The malloced configuration directories or NULL.  */
-static struct
-{
-  char *user;
-  char *sys;
-} confdir;
-
-
-/* The states for the gnupg_argparser machinery.  */
-enum argparser_states
-  {
-   STATE_init = 0,
-   STATE_open_sys,
-   STATE_open_user,
-   STATE_open_cmdline,
-   STATE_read_sys,
-   STATE_read_user,
-   STATE_read_cmdline,
-   STATE_finished
-  };
-
-
-/* An internal object used to store the user provided option table and
- * some meta information.  */
-typedef struct
-{
-  unsigned short short_opt;
-  unsigned short ordinal;     /* (for --help)  */
-  unsigned int   flags;
-  const char    *long_opt;    /* Points into the user provided table. */
-  const char    *description; /* Points into the user provided table. */
-  unsigned int   forced:1;    /* Forced to use the sysconf value.  */
-  unsigned int   ignore:1;    /* Ignore this option everywhere but in
-                               * the sysconf file.  */
-  unsigned int   explicit_ignore:1; /* Ignore was explicitly set.  */
-} opttable_t;
-
-
-/* Internal object of the public gnupg_argparse_t object.  */
-struct _argparse_internal_s
-{
-  int idx;   /* Note that this is saved and restored in gnupg_argparser. */
-  int inarg;                       /* (index into args) */
-  unsigned int verbose:1;          /* Print diagnostics.                */
-  unsigned int stopped:1;          /* Option processing has stopped.    */
-  unsigned int in_sysconf:1;       /* Processing global config file.    */
-  unsigned int mark_forced:1;      /* Mark options as forced.           */
-  unsigned int mark_ignore:1;      /* Mark options as to be ignored.    */
-  unsigned int explicit_ignore:1;  /* Option has explicitly been set
-                                    * to ignore or unignore.  */
-  unsigned int ignore_all_seen:1;  /* [ignore-all] has been seen.       */
-  unsigned int user_seen:1;        /* A [user] has been seen.           */
-  unsigned int user_wildcard:1;    /* A [user *] has been seen.         */
-  unsigned int user_any_active:1;  /* Any user section was active.      */
-  unsigned int user_active:1;      /* User section active.              */
-  unsigned int explicit_confopt:1; /* A conffile option has been given. */
-  char *explicit_conffile;         /* Malloced name of an explicit
-                                    * conffile. */
-  char *username;                  /* Malloced current user name.       */
-  unsigned int opt_flags;          /* Current option flags.             */
-  enum argparser_states state;     /* State of the gnupg_argparser.     */
-  const char *last;
-  void *aliases;
-  const void *cur_alias;
-  void *iio_list;
-  estream_t conffp;
-  char *confname;
-  opttable_t *opts;            /* Malloced option table.  */
-  unsigned int nopts;          /* Number of items in OPTS.  */
-};
-
-
-typedef struct alias_def_s *ALIAS_DEF;
-struct alias_def_s {
-    ALIAS_DEF next;
-    char *name;   /* malloced buffer with name, \0, value */
-    const char *value; /* ptr into name */
-};
-
-
-/* Object to store the names for the --ignore-invalid-option option.
-   This is a simple linked list.  */
-typedef struct iio_item_def_s *IIO_ITEM_DEF;
-struct iio_item_def_s
-{
-  IIO_ITEM_DEF next;
-  char name[1];      /* String with the long option name.  */
-};
-
-
-static int  set_opt_arg (gnupg_argparse_t *arg, unsigned int flags, char *s);
-static void show_help (opttable_t *opts, unsigned int nopts,unsigned int flags);
-static void show_version (void);
-static void dump_option_table (gnupg_argparse_t *arg);
-static int writestrings (int is_error, const char *string,
-                         ...) GPGRT_ATTR_SENTINEL(0);
-
-static int arg_parse (gnupg_argparse_t *arg, gnupg_opt_t *opts, int no_init);
-
-
-
-/* Set a function to write strings which is then used instead of
- * estream.  The first arg of that function is MODE and the second the
- * STRING to write.  A mode of 1 is used for writing to stdout and a
- * mode of 2 to write to stderr.  Other modes are reserved and should
- * not output anything.  A NULL for STRING requests a flush.  */
-void
-gnupg_set_usage_outfnc (int (*f)(int, const char *))
-{
-  custom_outfnc = f;
-}
-
-
-/* Register function F as a string mapper which takes a string as
- * argument, replaces known "@FOO@" style macros and returns a new
- * fixed string.  Warning: The input STRING must have been allocated
- * statically.  */
-void
-gnupg_set_fixed_string_mapper (const char *(*f)(const char*))
-{
-  fixed_string_mapper = f;
-}
-
-
-/* Register a configuration directory for use by the argparse
- * functions.  The defined values for WHAT are:
- *
- *   GNUPG_CONFDIR_SYS   The systems's configuration dir.
- *                       The default is /etc
- *
- *   GNUPG_CONFDIR_USER  The user's configuration directory.
- *                       The default is $HOME.
- *
- * A trailing slash is ignored; to have the function lookup
- * configuration files in the current directory, use ".".  There is no
- * error return; more configuraion values may be added in future
- * revisions of this library.
- */
-void
-gnupg_set_confdir (int what, const char *name)
-{
-  char *buf, *p;
-
-  if (what == GNUPG_CONFDIR_SYS)
-    {
-      xfree (confdir.sys);
-      buf = confdir.sys = xtrystrdup (name);
-    }
-  else if (what == GNUPG_CONFDIR_USER)
-    {
-      xfree (confdir.user);
-      buf = confdir.user = xtrystrdup (name);
-    }
-  else
-    return;
-
-  if (!buf)
-    log_fatal ("out of core in %s\n", __func__);
-#ifdef HAVE_W32_SYSTEM
-  for (p=buf; *p; p++)
-    if (*p == '\\')
-      *p = '/';
-#endif
-  /* Strip trailing slashes unless buf is "/" or any other single char
-   * string.  */
-  if (*buf)
-    {
-      for (p=buf + strlen (buf)-1; p > buf; p--)
-        if (*p == '/')
-          *p = 0;
-        else
-          break;
-    }
-}
-
-
-
-static const char *
-map_fixed_string (const char *string)
-{
-  return fixed_string_mapper? fixed_string_mapper (string) : string;
-}
-
-#endif /* USE_INTERNAL_ARGPARSE */
-
-
-/* Write STRING and all following const char * arguments either to
-   stdout or, if IS_ERROR is set, to stderr.  The list of strings must
-   be terminated by a NULL.  */
-static int
-writestrings (int is_error, const char *string, ...)
-{
-  va_list arg_ptr;
-  const char *s;
-  int count = 0;
-
-  if (string)
-    {
-      s = string;
-      va_start (arg_ptr, string);
-      do
-        {  /* Fixme: Swicth to estream?  */
-          if (custom_outfnc)
-            custom_outfnc (is_error? 2:1, s);
-          else
-            fputs (s, is_error? stderr : stdout);
-          count += strlen (s);
-        }
-      while ((s = va_arg (arg_ptr, const char *)));
-      va_end (arg_ptr);
-    }
-  return count;
-}
-
-
-static void
-flushstrings (int is_error)
-{
-  if (custom_outfnc)
-    custom_outfnc (is_error? 2:1, NULL);
-  else
-    fflush (is_error? stderr : stdout);
-}
-
-
-#if USE_INTERNAL_ARGPARSE
-
-static void
-deinitialize (gnupg_argparse_t *arg)
-{
-  if (arg->internal)
-    {
-      xfree (arg->internal->username);
-      xfree (arg->internal->explicit_conffile);
-      xfree (arg->internal->opts);
-      xfree (arg->internal);
-      arg->internal = NULL;
-    }
-
-  arg->flags &= ARGPARSE_FLAG__INITIALIZED;
-  arg->lineno = 0;
-  arg->err = 0;
-}
-
-/* Our own exit handler to clean up used memory.  */
-static void
-my_exit (gnupg_argparse_t *arg, int code)
-{
-  deinitialize (arg);
-  exit (code);
-}
-
-
-static gpg_err_code_t
-initialize (gnupg_argparse_t *arg, gnupg_opt_t *opts, estream_t fp)
-{
-  /* We use a dedicated flag to detect whether *ARG has been
-   * initialized.  This is because the old version of that struct, as
-   * used in GnuPG, had no requirement to zero out all fields of the
-   * object and existing code still sets only argc,argv and flags.  */
-  if (!(arg->flags & ARGPARSE_FLAG__INITIALIZED)
-      || (arg->flags & ARGPARSE_FLAG_RESET)
-      || !arg->internal)
-    {
-      /* Allocate internal data.  */
-      if (!(arg->flags & ARGPARSE_FLAG__INITIALIZED) || !arg->internal)
-        {
-          arg->internal = xtrymalloc (sizeof *arg->internal);
-          if (!arg->internal)
-            return gpg_err_code_from_syserror ();
-          arg->flags |= ARGPARSE_FLAG__INITIALIZED; /* Mark as initialized.  */
-        }
-      else if (arg->internal->opts)
-        xfree (arg->internal->opts);
-      arg->internal->opts = NULL;
-      arg->internal->nopts = 0;
-
-      /* Initialize this instance. */
-      arg->internal->idx = 0;
-      arg->internal->last = NULL;
-      arg->internal->inarg = 0;
-      arg->internal->stopped = 0;
-      arg->internal->in_sysconf = 0;
-      arg->internal->user_seen = 0;
-      arg->internal->user_wildcard = 0;
-      arg->internal->user_any_active = 0;
-      arg->internal->user_active = 0;
-      arg->internal->username = NULL;
-      arg->internal->mark_forced = 0;
-      arg->internal->mark_ignore = 0;
-      arg->internal->explicit_ignore = 0;
-      arg->internal->ignore_all_seen = 0;
-      arg->internal->explicit_confopt = 0;
-      arg->internal->explicit_conffile = NULL;
-      arg->internal->opt_flags = 0;
-      arg->internal->state = STATE_init;
-      arg->internal->aliases = NULL;
-      arg->internal->cur_alias = NULL;
-      arg->internal->iio_list = NULL;
-      arg->internal->conffp = NULL;
-      arg->internal->confname = NULL;
-
-      /* Clear the copy of the option list.  */
-      /* Clear the error indicator.  */
-      arg->err = 0;
-
-      /* Usually an option file will be parsed from the start.
-       * However, we do not open the stream and thus we have no way to
-       * know the current lineno.  Using this flag we can allow the
-       * user to provide a lineno which we don't reset.  */
-      if (fp || arg->internal->conffp || !(arg->flags & ARGPARSE_FLAG_NOLINENO))
-        arg->lineno = 0;
-
-      /* Need to clear the reset request.  */
-      arg->flags &= ~ARGPARSE_FLAG_RESET;
-
-      /* Check initial args.  */
-      if ( *arg->argc < 0 )
-        log_bug ("invalid argument passed to gnupg_argparse\n");
-
-    }
-
-  /* Create an array with pointers to the provided list of options.
-   * Keeping a copy is useful to sort that array and thus do a binary
-   * search and to allow for extra space at the end to insert the
-   * hidden options.  An ARGPARSE_FLAG_RESET can be used to reinit
-   * this array.  */
-  if (!arg->internal->opts)
-    {
-      int seen_help = 0;
-      int seen_version = 0;
-      int seen_warranty = 0;
-      int seen_dump_options = 0;
-      int seen_dump_option_table = 0;
-      int i;
-
-      for (i=0; opts[i].short_opt; i++)
-        {
-          if (opts[i].long_opt)
-            {
-              if (!strcmp(opts[i].long_opt, "help"))
-                seen_help = 1;
-              else if (!strcmp(opts[i].long_opt, "version"))
-                seen_version = 1;
-              else if (!strcmp(opts[i].long_opt, "warranty"))
-                seen_warranty = 1;
-              else if (!strcmp(opts[i].long_opt, "dump-options"))
-                seen_dump_options = 1;
-              else if (!strcmp(opts[i].long_opt, "dump-option-table"))
-                seen_dump_option_table = 1;
-            }
-        }
-      i += 5; /* The number of the above internal options.  */
-      i++;    /* End of list marker.  */
-      arg->internal->opts = xtrycalloc (i, sizeof *arg->internal->opts);
-      if (!arg->internal->opts)
-        return gpg_err_code_from_syserror ();
-      for(i=0; opts[i].short_opt; i++)
-        {
-          arg->internal->opts[i].short_opt   = opts[i].short_opt;
-          arg->internal->opts[i].flags       = opts[i].flags;
-          arg->internal->opts[i].long_opt    = opts[i].long_opt;
-          arg->internal->opts[i].description = opts[i].description;
-          arg->internal->opts[i].ordinal = i;
-        }
-
-      if (!seen_help)
-        {
-          arg->internal->opts[i].short_opt   = ARGPARSE_SHORTOPT_HELP;
-          arg->internal->opts[i].flags       = ARGPARSE_TYPE_NONE;
-          arg->internal->opts[i].long_opt    = "help";
-          arg->internal->opts[i].description = "@";
-          arg->internal->opts[i].ordinal = i;
-          i++;
-        }
-      if (!seen_version)
-        {
-          arg->internal->opts[i].short_opt   = ARGPARSE_SHORTOPT_VERSION;
-          arg->internal->opts[i].flags       = ARGPARSE_TYPE_NONE;
-          arg->internal->opts[i].long_opt    = "version";
-          arg->internal->opts[i].description = "@";
-          arg->internal->opts[i].ordinal = i;
-          i++;
-        }
-
-      if (!seen_warranty)
-        {
-          arg->internal->opts[i].short_opt   = ARGPARSE_SHORTOPT_WARRANTY;
-          arg->internal->opts[i].flags       = ARGPARSE_TYPE_NONE;
-          arg->internal->opts[i].long_opt    = "warranty";
-          arg->internal->opts[i].description = "@";
-          arg->internal->opts[i].ordinal = i;
-          i++;
-        }
-
-      if (!seen_dump_option_table)
-        {
-          arg->internal->opts[i].short_opt   = ARGPARSE_SHORTOPT_DUMP_OPTTBL;
-          arg->internal->opts[i].flags       = ARGPARSE_TYPE_NONE;
-          arg->internal->opts[i].long_opt    = "dump-option-table";
-          arg->internal->opts[i].description = "@";
-          arg->internal->opts[i].ordinal = i;
-          i++;
-        }
-
-      if (!seen_dump_options)
-        {
-          arg->internal->opts[i].short_opt   = ARGPARSE_SHORTOPT_DUMP_OPTIONS;
-          arg->internal->opts[i].flags       = ARGPARSE_TYPE_NONE;
-          arg->internal->opts[i].long_opt    = "dump-options";
-          arg->internal->opts[i].description = "@";
-          arg->internal->opts[i].ordinal = i;
-          i++;
-        }
-      /* Take care: When adding new options remember to increase the
-       * size of the array.  */
-
-      arg->internal->opts[i].short_opt = 0;
-
-      /* Note that we do not count the end marker but keep it in the
-       * table anyway as an extra item.  */
-      arg->internal->nopts = i;
-    }
-
-  if (arg->err)
-    {
-      /* Last option was erroneous.  */
-      const char *s;
-
-      if (!fp && arg->internal->conffp)
-        fp = arg->internal->conffp;
-
-      if (fp)
-        {
-          if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
-            s = _("argument not expected");
-          else if ( arg->r_opt == ARGPARSE_READ_ERROR )
-            s = _("read error");
-          else if ( arg->r_opt == ARGPARSE_KEYWORD_TOO_LONG )
-            s = _("keyword too long");
-          else if ( arg->r_opt == ARGPARSE_MISSING_ARG )
-            s = _("missing argument");
-          else if ( arg->r_opt == ARGPARSE_INVALID_ARG )
-            s = _("invalid argument");
-          else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
-            s = _("invalid command");
-          else if ( arg->r_opt == ARGPARSE_INVALID_ALIAS )
-            s = _("invalid alias definition");
-          else if ( arg->r_opt == ARGPARSE_PERMISSION_ERROR )
-            s = _("permission error");
-          else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE )
-            s = _("out of core");
-          else if ( arg->r_opt == ARGPARSE_NO_CONFFILE )
-            s = NULL;  /* Error has already been printed.  */
-          else if ( arg->r_opt == ARGPARSE_INVALID_META )
-            s = _("invalid meta command");
-          else if ( arg->r_opt == ARGPARSE_UNKNOWN_META )
-            s = _("unknown meta command");
-          else if ( arg->r_opt == ARGPARSE_UNEXPECTED_META )
-            s = _("unexpected meta command");
-          else
-            s = _("invalid option");
-          if (s)
-            log_error ("%s:%u: %s\n",
-                              gpgrt_fname_get (fp), arg->lineno, s);
-	}
-      else
-        {
-          s = arg->internal->last? arg->internal->last:"[??]";
-
-          if ( arg->r_opt == ARGPARSE_MISSING_ARG )
-            log_error (_("missing argument for option \"%.50s\"\n"), s);
-          else if ( arg->r_opt == ARGPARSE_INVALID_ARG )
-            log_error (_("invalid argument for option \"%.50s\"\n"), s);
-          else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
-            log_error (_("option \"%.50s\" does not expect "
-                                "an argument\n"), s);
-          else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
-            log_error (_("invalid command \"%.50s\"\n"), s);
-          else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION )
-            log_error (_("option \"%.50s\" is ambiguous\n"), s);
-          else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_COMMAND )
-            log_error (_("command \"%.50s\" is ambiguous\n"),s );
-          else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE )
-            log_error ("%s\n", _("out of core"));
-          else if ( arg->r_opt == ARGPARSE_PERMISSION_ERROR )
-            log_error ("%s\n", _("permission error"));
-          else if ( arg->r_opt == ARGPARSE_NO_CONFFILE)
-            ;  /* Error has already been printed.  */
-          else if ( arg->r_opt == ARGPARSE_INVALID_META )
-            log_error ("%s\n", _("invalid meta command"));
-          else if ( arg->r_opt == ARGPARSE_UNKNOWN_META )
-            log_error ("%s\n", _("unknown meta command"));
-          else if ( arg->r_opt == ARGPARSE_UNEXPECTED_META )
-            log_error ("%s\n",_("unexpected meta command"));
-          else
-            log_error (_("invalid option \"%.50s\"\n"), s);
-	}
-      if (arg->err != ARGPARSE_PRINT_WARNING)
-        my_exit (arg, 2);
-      arg->err = 0;
-    }
-
-  /* Zero out the return value union.  */
-  arg->r.ret_str = NULL;
-  arg->r.ret_long = 0;
-
-  return 0;
-}
-
-
-static void
-store_alias( ARGPARSE_ARGS *arg, char *name, char *value )
-{
-    /* TODO: replace this dummy function with a rea one
-     * and fix the probelms IRIX has with (ALIAS_DEV)arg..
-     * used as lvalue
-     */
-  (void)arg;
-  (void)name;
-  (void)value;
-#if 0
-    ALIAS_DEF a = xmalloc( sizeof *a );
-    a->name = name;
-    a->value = value;
-    a->next = (ALIAS_DEF)arg->internal.aliases;
-    (ALIAS_DEF)arg->internal.aliases = a;
-#endif
-}
-
-
-/* Return true if KEYWORD is in the ignore-invalid-option list.  */
-static int
-ignore_invalid_option_p (ARGPARSE_ARGS *arg, const char *keyword)
-{
-  IIO_ITEM_DEF item = arg->internal->iio_list;
-
-  for (; item; item = item->next)
-    if (!strcmp (item->name, keyword))
-      return 1;
-  return 0;
-}
-
-
-/* Add the keywords up to the next LF to the list of to be ignored
-   options.  After returning FP will either be at EOF or the next
-   character read wll be the first of a new line.  The function
-   returns 0 on success or true on malloc failure.  */
-static int
-ignore_invalid_option_add (ARGPARSE_ARGS *arg, estream_t fp)
-{
-  IIO_ITEM_DEF item;
-  int c;
-  char name[100];
-  int namelen = 0;
-  int ready = 0;
-  enum { skipWS, collectNAME, skipNAME, addNAME} state = skipWS;
-
-  while (!ready)
-    {
-      c = gpgrt_getc (fp);
-      if (c == '\n')
-        ready = 1;
-      else if (c == EOF)
-        {
-          c = '\n';
-          ready = 1;
-        }
-    again:
-      switch (state)
-        {
-        case skipWS:
-          if (!isascii (c) || !isspace(c))
-            {
-              namelen = 0;
-              state = collectNAME;
-              goto again;
-            }
-          break;
-
-        case collectNAME:
-          if (isspace (c))
-            {
-              state = addNAME;
-              goto again;
-            }
-          else if (namelen < DIM(name)-1)
-            name[namelen++] = c;
-          else /* Too long.  */
-            state = skipNAME;
-          break;
-
-        case skipNAME:
-          if (isspace (c))
-            {
-              state = skipWS;
-              goto again;
-            }
-          break;
-
-        case addNAME:
-          name[namelen] = 0;
-          if (!ignore_invalid_option_p (arg, name))
-            {
-              item = xtrymalloc (sizeof *item + namelen);
-              if (!item)
-                return 1;
-              strcpy (item->name, name);
-              item->next = (IIO_ITEM_DEF)arg->internal->iio_list;
-              arg->internal->iio_list = item;
-            }
-          state = skipWS;
-          goto again;
-        }
-    }
-  return 0;
-}
-
-
-/* Clear the entire ignore-invalid-option list.  */
-static void
-ignore_invalid_option_clear (ARGPARSE_ARGS *arg)
-{
-  IIO_ITEM_DEF item, tmpitem;
-
-  for (item = arg->internal->iio_list; item; item = tmpitem)
-    {
-      tmpitem = item->next;
-      xfree (item);
-    }
-  arg->internal->iio_list = NULL;
-}
-
-
-/* Make sure the username field is filled.  Return 0 on success.  */
-static int
-assure_username (gnupg_argparse_t *arg)
-{
-  if (!arg->internal->username)
-    {
-      arg->internal->username = gnupg_getusername ();
-      if (!arg->internal->username)
-        {
-          log_error ("%s:%u: error getting current user's name: %s\n",
-                            arg->internal->confname, arg->lineno,
-                            gpg_strerror (gpg_error_from_syserror ()));
-          /* Not necessary the correct error code but given that we
-           * either have a malloc error or some internal system error,
-           * it is the best we can do.  */
-          return ARGPARSE_PERMISSION_ERROR;
-        }
-    }
-  return 0;
-}
-
-
-/* Implementation of the "user" command.  ARG is the context.  ARGS is
- * a non-empty string which this function is allowed to modify.  */
-static int
-handle_meta_user (gnupg_argparse_t *arg, unsigned int alternate, char *args)
-{
-  int rc;
-
-  (void)alternate;
-
-  rc = assure_username (arg);
-  if (rc)
-    return rc;
-
-  arg->internal->user_seen = 1;
-  if (*args == '*' && !args[1])
-    {
-      arg->internal->user_wildcard = 1;
-      arg->internal->user_active = !arg->internal->user_any_active;
-    }
-  else if (arg->internal->user_wildcard)
-    {
-      /* All other user statements are ignored after a wildcard.  */
-      arg->internal->user_active = 0;
-    }
-  else if (!strcasecmp (args, arg->internal->username))
-    {
-      arg->internal->user_any_active = 1;
-      arg->internal->user_active = 1;
-    }
-  else
-    {
-      arg->internal->user_active = 0;
-    }
-
-  return 0;
-}
-
-
-/* Implementation of the "force" command.  ARG is the context.  A
- * value of 0 for ALTERNATE is "force", a value of 1 requests an
- * unforce".  ARGS is the empty string and not used.  */
-static int
-handle_meta_force (gnupg_argparse_t *arg, unsigned int alternate, char *args)
-{
-  (void)args;
-
-  arg->internal->mark_forced = alternate? 0 : 1;
-
-  return 0;
-}
-
-
-/* Implementation of the "ignore" command.  ARG is the context.  A
- * value of 0 for ALTERNATE is a plain "ignore", a value of 1 request
- * an "unignore, a value of 2 requests an "ignore-all".  ARGS is the
- * empty string and not used.  */
-static int
-handle_meta_ignore (gnupg_argparse_t *arg, unsigned int alternate, char *args)
-{
-  (void)args;
-
-  if (!alternate)
-    {
-      arg->internal->mark_ignore = 1;
-      arg->internal->explicit_ignore = 1;
-    }
-  else if (alternate == 1)
-    {
-      arg->internal->mark_ignore = 0;
-      arg->internal->explicit_ignore = 1;
-    }
-  else
-    arg->internal->ignore_all_seen = 1;
-
-  return 0;
-}
-
-
-/* Implementation of the "echo" command.  ARG is the context.  If
- * ALTERNATE is true the filename is not printed.  ARGS is the string
- * to log.  */
-static int
-handle_meta_echo (gnupg_argparse_t *arg, unsigned int alternate, char *args)
-{
-  int rc = 0;
-  char *p, *pend;
-
-  if (alternate)
-    log_info ("%s", "");
-  else
-    log_info ("%s:%u: ", arg->internal->confname, arg->lineno);
-
-  while (*args)
-    {
-      p = strchr (args, '$');
-      if (!p)
-        {
-          log_printf ("%s", args);
-          break;
-        }
-      *p = 0;
-      log_printf ("%s", args);
-      if (p[1] == '$')
-        {
-          log_printf ("$");
-          args = p+2;
-          continue;
-        }
-      if (p[1] != '{')
-        {
-          log_printf ("$");
-          args = p+1;
-          continue;
-        }
-      pend = strchr (p+2, '}');
-      if (!pend)  /* No closing brace.  */
-        {
-          log_printf ("$");
-          args = p+1;
-          continue;
-        }
-      p += 2;
-      *pend = 0;
-      args = pend+1;
-      if (!strcmp (p, "user"))
-        {
-          rc = assure_username (arg);
-          if (rc)
-            goto leave;
-          log_printf ("%s", arg->internal->username);
-        }
-      else if (!strcmp (p, "file"))
-        log_printf ("%s", arg->internal->confname);
-      else if (!strcmp (p, "line"))
-        log_printf ("%u", arg->lineno);
-      else if (!strcmp (p, "epoch"))
-        log_printf ("%lu",  (unsigned long)time (NULL));
-    }
-
- leave:
-  log_printf ("\n");
-  return rc;
-}
-
-
-/* Implementation of the "verbose" command.  ARG is the context.  If
- * ALTERNATE is true the verbosity is disabled.  ARGS is not used.  */
-static int
-handle_meta_verbose (gnupg_argparse_t *arg, unsigned int alternate, char *args)
-{
-  (void)args;
-
-  if (alternate)
-    arg->internal->verbose = 0;
-  else
-    arg->internal->verbose = 1;
-  return 0;
-}
-
-/* Handle a meta command.  KEYWORD has the content inside the brackets
- * with leading and trailing spaces removed.  The function may modify
- * KEYWORD.  On success 0 is returned, on error an ARGPARSE_ error
- * code is returned.  */
-static int
-handle_metacmd (gnupg_argparse_t *arg, char *keyword)
-{
-  static struct {
-    const char *name;          /* Name of the command.                   */
-    unsigned short alternate;  /* Use alternate version of the command.  */
-    unsigned short needarg:1;  /* Command requires an argument.          */
-    unsigned short always:1;   /* Command allowed in all conf files.     */
-    unsigned short noskip:1;   /* Even done in non-active [user] mode.   */
-    int (*func)(gnupg_argparse_t *arg,
-                unsigned int alternate, char *args); /*handler*/
-  } cmds[] =
-      {{ "user",        0, 1, 0, 1, handle_meta_user },
-       { "force",       0, 0, 0, 0, handle_meta_force },
-       { "+force",      0, 0, 0, 0, handle_meta_force },
-       { "-force",      1, 0, 0, 0, handle_meta_force },
-       { "ignore",      0, 0, 0, 0, handle_meta_ignore },
-       { "+ignore",     0, 0, 0, 0, handle_meta_ignore },
-       { "-ignore",     1, 0, 0, 0, handle_meta_ignore },
-       { "ignore-all",  2, 0, 0, 0, handle_meta_ignore },
-       { "+ignore-all", 2, 0, 0, 0, handle_meta_ignore },
-       { "verbose",     0, 0, 1, 1, handle_meta_verbose },
-       { "+verbose",    0, 0, 1, 1, handle_meta_verbose },
-       { "-verbose",    1, 0, 1, 1, handle_meta_verbose },
-       { "echo",        0, 1, 1, 1, handle_meta_echo },
-       { "-echo",       1, 1, 1, 1, handle_meta_echo },
-       { "info",        0, 1, 1, 0, handle_meta_echo },
-       { "-info",       1, 1, 1, 0, handle_meta_echo }
-      };
-  char *rest;
-  int i;
-
-  for (rest = keyword; *rest && !(isascii (*rest) && isspace (*rest)); rest++)
-    ;
-  if (*rest)
-    {
-      *rest++ = 0;
-      trim_spaces (rest);
-    }
-
-  for (i=0; i < DIM (cmds); i++)
-    if (!strcmp (cmds[i].name, keyword))
-      break;
-  if (!(i < DIM (cmds)))
-    return ARGPARSE_UNKNOWN_META;
-  if (cmds[i].needarg && !*rest)
-    return ARGPARSE_MISSING_ARG;
-  if (!cmds[i].needarg && *rest)
-    return ARGPARSE_UNEXPECTED_ARG;
-  if (!arg->internal->in_sysconf && !cmds[i].always)
-    return ARGPARSE_UNEXPECTED_META;
-
-  if (!cmds[i].noskip
-      && arg->internal->in_sysconf
-      && arg->internal->user_seen
-      && !arg->internal->user_active)
-    return 0; /* Skip this meta command.  */
-
-  return cmds[i].func (arg, cmds[i].alternate, rest);
-}
-
-
-/* Helper for gnupg_argparse.  */
-static void
-prepare_arg_return (gnupg_argparse_t *arg, opttable_t *opts,
-                    int idx, int in_alias, int set_ignore)
-{
-  /* No argument found at the end of the line.  */
-  if (in_alias)
-    arg->r_opt = ARGPARSE_MISSING_ARG;
-  else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK))
-    arg->r_type = ARGPARSE_TYPE_NONE; /* Does not take an arg. */
-  else if ((opts[idx].flags & ARGPARSE_OPT_OPTIONAL))
-    arg->r_type = ARGPARSE_TYPE_NONE; /* No optional argument. */
-  else if (!(opts[idx].ignore && !opts[idx].forced) && !set_ignore)
-    arg->r_opt = ARGPARSE_MISSING_ARG;
-
-  /* If the caller wants us to return the attributes or
-   * ignored options, or these flags in.  */
-  if ((arg->flags & ARGPARSE_FLAG_WITHATTR))
-    {
-      if (opts[idx].ignore)
-        arg->r_type |= ARGPARSE_ATTR_IGNORE;
-      if (opts[idx].forced)
-        arg->r_type |= ARGPARSE_ATTR_FORCE;
-      if (set_ignore)
-        arg->r_type |= ARGPARSE_OPT_IGNORE;
-    }
-}
-
-/****************
- * Get options from a file.
- * Lines starting with '#' are comment lines.
- * Syntax is simply a keyword and the argument.
- * Valid keywords are all keywords from the long_opt list without
- * the leading dashes. The special keywords "help", "warranty" and "version"
- * are not valid here.
- * The special keyword "alias" may be used to store alias definitions,
- * which are later expanded like long options.
- * The option
- *   ignore-invalid-option OPTIONNAMEs
- * is recognized and updates a list of option which should be ignored if they
- * are not defined.
- * Caller must free returned strings.
- * If called with FP set to NULL command line args are parse instead.
- *
- * Q: Should we allow the syntax
- *     keyword = value
- *    and accept for boolean options a value of 1/0, yes/no or true/false?
- * Note: Abbreviation of options is here not allowed.
- */
-int
-gnupg_argparse (estream_t fp, gnupg_argparse_t *arg, gnupg_opt_t *opts_orig)
-{
-  enum { Ainit,
-         Acomment,     /* In a comment line.           */
-         Acopykeyword, /* Collecting a keyword.        */
-         Awaitarg,     /* Wait for an argument.        */
-         Acopyarg,     /* Copy the argument.           */
-         Akeyword_eol, /* Got keyword at end of line.  */
-         Akeyword_spc, /* Got keyword at space.        */
-         Acopymetacmd, /* Copy a meta command.         */
-         Askipmetacmd, /* Skip spaces after metacmd.   */
-         Askipmetacmd2,/* Skip comment after metacmd.  */
-         Ametacmd,     /* Process the metacmd.         */
-         Askipandleave /* Skip the rest of the line and then leave.  */
-  } state;
-  opttable_t *opts;
-  unsigned int nopts;
-  int i, c;
-  int idx = 0;
-  char keyword[100];
-  char *buffer = NULL;
-  size_t buflen = 0;
-  int in_alias=0;
-  int set_ignore = 0;
-  int unread_buf[3];  /* We use an int so that we can store EOF.  */
-  int unread_buf_count = 0;
-
-  if (arg && !opts_orig)
-    {
-      deinitialize (arg);
-      return 0;
-    }
-
-  if (!fp) /* Divert to arg_parse() in this case.  */
-    return arg_parse (arg, opts_orig, 0);
-
-  if (initialize (arg, opts_orig, fp))
-    return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-
-  opts = arg->internal->opts;
-  nopts = arg->internal->nopts;
-
-  /* If the LINENO is zero we assume that we are at the start of a
-   * file and we skip over a possible Byte Order Mark.  */
-  if (!arg->lineno)
-    {
-      unread_buf[0] = gpgrt_fgetc (fp);
-      unread_buf[1] = gpgrt_fgetc (fp);
-      unread_buf[2] = gpgrt_fgetc (fp);
-      if (unread_buf[0] != 0xef
-          || unread_buf[1] != 0xbb
-          || unread_buf[2] != 0xbf)
-        unread_buf_count = 3;
-    }
-
-  arg->internal->opt_flags = 0;
-
-  /* Find the next keyword.  */
-  state = Ainit;
-  i = 0;
-  for (;;)
-    {
-    nextstate:
-      /* Before scanning the next char handle the keyword seen states.  */
-      if (state == Akeyword_eol || state == Akeyword_spc)
-        {
-          /* We are either at the end of a line or right after a
-           * keyword.  In the latter case we need to find the keyword
-           * so that we can decide whether an argument is required.  */
-
-          /* Check the keyword.  */
-          for (idx=0; idx < nopts; idx++ )
-            {
-              if (opts[idx].long_opt && !strcmp (opts[idx].long_opt, keyword))
-                break;
-            }
-          arg->r_opt = opts[idx].short_opt;
-          if (!(idx < nopts))
-            {
-              /* The option (keyword) is not known - check for
-               * internal keywords before returning an error.  */
-              if (state == Akeyword_spc && !strcmp (keyword, "alias"))
-                {
-                  in_alias = 1;
-                  state = Awaitarg;
-                }
-              else if (!strcmp (keyword, "ignore-invalid-option"))
-                {
-                  /* We might have keywords as argument - add them to
-                   * the list of ignored keywords.  Note that we
-                   * ignore empty argument lists and thus do not to
-                   * call the function in the Akeyword_eol state. */
-                  if (state == Akeyword_spc)
-                    {
-                      if (ignore_invalid_option_add (arg, fp))
-                        {
-                          arg->r_opt = ARGPARSE_OUT_OF_CORE;
-                          goto leave;
-                        }
-                      arg->lineno++;
-                    }
-                  state = Ainit;
-                  i = 0;
-                }
-              else if (ignore_invalid_option_p (arg, keyword))
-                {
-                  /* This invalid option is already in the iio list.  */
-                  state = state == Akeyword_eol? Ainit : Acomment;
-                  i = 0;
-                }
-              else
-                {
-                  arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND)
-                                ? ARGPARSE_INVALID_COMMAND
-                                : ARGPARSE_INVALID_OPTION);
-                  if (state == Akeyword_spc)
-                    state = Askipandleave;
-                  else
-                    goto leave;
-                }
-            }
-          else if (state != Akeyword_spc
-                   && arg->internal->in_sysconf
-                   && arg->internal->user_seen
-                   && !arg->internal->user_active)
-            {
-              /* We are in a [user] meta command and it is not active.
-               * Skip the command.  */
-              state = state == Akeyword_eol? Ainit : Acomment;
-              i = 0;
-            }
-          else if (state != Akeyword_spc
-                   && (opts[idx].flags & ARGPARSE_OPT_IGNORE))
-            {
-              /* Known option is configured to be ignored.  Start from
-               * scratch (new line) or process like a comment.  */
-              state = state == Akeyword_eol? Ainit : Acomment;
-              i = 0;
-            }
-          else /* Known option */
-            {
-              set_ignore = 0;
-
-              if (arg->internal->in_sysconf)
-                {
-                  /* Set the current forced and ignored attributes.  */
-                  if (arg->internal->mark_forced)
-                    opts[idx].forced = 1;
-                  if (arg->internal->mark_ignore)
-                    opts[idx].ignore = 1;
-                  if (arg->internal->explicit_ignore)
-                    opts[idx].explicit_ignore = 1;
-
-                  if (opts[idx].ignore && !opts[idx].forced)
-                    {
-                      if (arg->internal->verbose)
-                        log_info ("%s:%u: ignoring option \"--%s\"\n",
-                                  arg->internal->confname,
-                                  arg->lineno,
-                                  opts[idx].long_opt);
-                      if ((arg->flags & ARGPARSE_FLAG_WITHATTR))
-                        set_ignore = 1;
-                      else
-                        {
-                          state = state == Akeyword_eol? Ainit : Acomment;
-                          i = 0;
-                          goto nextstate;  /* Ignore this one.  */
-                        }
-                    }
-                }
-              else /* Non-sysconf file  */
-                {  /* Act upon the forced and ignored attributes.  */
-                  if (opts[idx].ignore || opts[idx].forced)
-                    {
-                      if (arg->internal->verbose)
-                        log_info ("%s:%u: ignoring option \"--%s\""
-                                         " due to attributes:%s%s\n",
-                                         arg->internal->confname,
-                                         arg->lineno,
-                                         opts[idx].long_opt,
-                                         opts[idx].forced? " forced":"",
-                                         opts[idx].ignore? " ignore":"");
-                      if ((arg->flags & ARGPARSE_FLAG_WITHATTR))
-                        set_ignore = 1;
-                      else
-                        {
-                          state = state == Akeyword_eol? Ainit : Acomment;
-                          i = 0;
-                          goto nextstate;  /* Ignore this one.  */
-                        }
-                    }
-                }
-
-              if (state == Akeyword_spc)
-                {
-                  /* If we shall ignore but not set the option we skip
-                   * the argument.  Otherwise we would need to use a
-                   * made-up but not used args in the conf file. */
-                  if (set_ignore || (opts[idx].ignore && !opts[idx].forced))
-                    {
-                      prepare_arg_return (arg, opts, idx, 0, set_ignore);
-                      set_ignore = 0;
-                      state = Askipandleave;
-                    }
-                  else
-                    state = Awaitarg;
-                }
-              else
-                {
-                  prepare_arg_return (arg, opts, idx, 0, set_ignore);
-                  set_ignore = 0;
-                  goto leave;
-                }
-
-            }
-        } /* (end state Akeyword_eol/Akeyword_spc) */
-      else if (state == Ametacmd)
-        {
-          /* We are at the end of a line.  */
-          log_assert (*keyword == '[');
-          trim_spaces (keyword+1);
-          if (!keyword[1])
-            {
-              arg->r_opt = ARGPARSE_INVALID_META; /* Empty.  */
-              goto leave;
-            }
-          c = handle_metacmd (arg, keyword+1);
-          if (c)
-            {
-              arg->r_opt = c;   /* Return error.  */
-              goto leave;
-            }
-          state = Ainit;
-          i = 0;
-        }
-
-      /* Get the next character from the line.  */
-      if (unread_buf_count)
-        c = unread_buf[3 - unread_buf_count--];
-      else
-        c = gpgrt_fgetc (fp);
-
-      if (c == '\n' || c== EOF )
-        { /* Handle end of line.  */
-          if ( c != EOF )
-            arg->lineno++;
-          if (state == Askipandleave)
-            goto leave;
-          else if (state == Acopykeyword)
-            {
-              keyword[i] = 0;
-              state = Akeyword_eol;
-              goto nextstate;
-	    }
-          else if (state == Acopymetacmd)
-            {
-              arg->r_opt = ARGPARSE_INVALID_META;  /* "]" missing */
-              goto leave;
-	    }
-          else if (state == Askipmetacmd || state == Askipmetacmd2)
-            {
-              state = Ametacmd;
-              goto nextstate;
-            }
-          else if (state == Awaitarg)
-            {
-              /* No argument found at the end of the line.  */
-              prepare_arg_return (arg, opts, idx, in_alias, set_ignore);
-              set_ignore = 0;
-              goto leave;
-	    }
-          else if (state == Acopyarg)
-            {
-              /* Has an argument at the end of a line. */
-              if (in_alias)
-                {
-                  if (!buffer)
-                    arg->r_opt = ARGPARSE_UNEXPECTED_ARG;
-                  else
-                    {
-                      char *p;
-
-                      buffer[i] = 0;
-                      p = strpbrk (buffer, " \t");
-                      if (p)
-                        {
-                          *p++ = 0;
-                          trim_spaces (p);
-			}
-                      if (!p || !*p)
-                        {
-                          xfree (buffer);
-                          arg->r_opt = ARGPARSE_INVALID_ALIAS;
-                        }
-                      else
-                        {
-                          store_alias (arg, buffer, p);
-                        }
-		    }
-		}
-              else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK))
-                arg->r_opt = ARGPARSE_UNEXPECTED_ARG;
-              else
-                {
-                  char *p;
-
-                  if (!buffer)
-                    {
-                      keyword[i] = 0;
-                      buffer = xtrystrdup (keyword);
-                      if (!buffer)
-                        arg->r_opt = ARGPARSE_OUT_OF_CORE;
-		    }
-                  else
-                    buffer[i] = 0;
-
-                  if (buffer)
-                    {
-                      trim_spaces (buffer);
-                      p = buffer;
-                      if (*p == '"')
-                        {
-                          /* Remove quotes. */
-                          p++;
-                          if (*p && p[strlen(p)-1] == '\"' )
-                            p[strlen(p)-1] = 0;
-                        }
-                      if (!set_opt_arg (arg, opts[idx].flags, p))
-                        xfree (buffer);
-                      else
-                        gpgrt_annotate_leaked_object (buffer);
-                      /* If the caller wants us to return the attributes or
-                       * ignored options, or these flags in. */
-                      if ((arg->flags & ARGPARSE_FLAG_WITHATTR))
-                        {
-                          if (opts[idx].ignore)
-                            arg->r_type |= ARGPARSE_ATTR_IGNORE;
-                          if (opts[idx].forced)
-                            arg->r_type |= ARGPARSE_ATTR_FORCE;
-                          if (set_ignore)
-                            arg->r_type |= ARGPARSE_OPT_IGNORE;
-                        }
-                    }
-                }
-              goto leave;
-            }
-          else if (c == EOF)
-            {
-              ignore_invalid_option_clear (arg);
-              if (gpgrt_ferror (fp))
-                arg->r_opt = ARGPARSE_READ_ERROR;
-              else
-                arg->r_opt = 0; /* EOF. */
-              goto leave;
-            }
-          state = Ainit;
-          i = 0;
-        } /* (end handle end of line) */
-      else if (state == Askipandleave)
-        ; /* Skip. */
-      else if (state == Ainit && isascii (c) && isspace(c))
-        ; /* Skip leading white space.  */
-      else if (state == Ainit && c == '#' )
-        state = Acomment;	/* Start of a comment.  */
-      else if (state == Acomment || state == Askipmetacmd2)
-        ; /* Skip comments. */
-      else if (state == Askipmetacmd)
-        {
-          if (c == '#')
-            state = Askipmetacmd2;
-          else if (!(isascii (c) && isspace(c)))
-            {
-              arg->r_opt = ARGPARSE_INVALID_META;
-              state = Askipandleave;
-            }
-        }
-      else if (state == Acopykeyword && isascii (c) && isspace(c))
-        {
-          keyword[i] = 0;
-          state = Akeyword_spc;
-          goto nextstate;
-        }
-      else if (state == Acopymetacmd && c == ']')
-        {
-          keyword[i] = 0;
-          state = Askipmetacmd;
-          goto nextstate;
-        }
-      else if (state == Awaitarg)
-        {
-          /* Skip leading spaces of the argument.  */
-          if (!isascii (c) || !isspace(c))
-            {
-              i = 0;
-              keyword[i++] = c;
-              state = Acopyarg;
-            }
-        }
-      else if (state == Acopyarg)
-        {
-          /* Collect the argument. */
-          if (buffer)
-            {
-              if (i < buflen-1)
-                buffer[i++] = c;
-              else
-                {
-                  char *tmp;
-                  size_t tmplen = buflen + 50;
-
-                  tmp = xtryrealloc (buffer, tmplen);
-                  if (tmp)
-                    {
-                      buflen = tmplen;
-                      buffer = tmp;
-                      buffer[i++] = c;
-                    }
-                  else
-                    {
-                      xfree (buffer);
-                      arg->r_opt = ARGPARSE_OUT_OF_CORE;
-                      goto leave;
-                    }
-                }
-            }
-          else if (i < DIM(keyword)-1)
-            keyword[i++] = c;
-          else
-            {
-              size_t tmplen = DIM(keyword) + 50;
-              buffer = xtrymalloc (tmplen);
-              if (buffer)
-                {
-                  buflen = tmplen;
-                  memcpy(buffer, keyword, i);
-                  buffer[i++] = c;
-                }
-              else
-                {
-                  arg->r_opt = ARGPARSE_OUT_OF_CORE;
-                  goto leave;
-                }
-            }
-        }
-      else if (i >= DIM(keyword)-1)
-        {
-          arg->r_opt = ARGPARSE_KEYWORD_TOO_LONG;
-          state = Askipandleave; /* Skip rest of line and leave.  */
-        }
-      else if (!i)
-        {
-          state = c == '[' ? Acopymetacmd : Acopykeyword;
-          keyword[i++] = c;
-        }
-      else
-        {
-          keyword[i++] = c;
-        }
-    }
-
- leave:
-  return arg->r_opt;
-}
-
-
-/* Return true if the list of options OPTS has any option marked with
- * ARGPARSE_OPT_CONFFILE.  */
-static int
-any_opt_conffile (opttable_t *opts, unsigned int nopts)
-{
-  int i;
-
-  for (i=0; i < nopts; i++ )
-    if ((opts[i].flags & ARGPARSE_OPT_CONFFILE))
-      return 1;
-  return 0;
-}
-
-
-/* Return true if FNAME is an absolute filename.  */
-static int
-is_absfname (const char *fname)
-{
-  const char *s;
-
-#ifdef HAVE_W32_SYSTEM
-  s = strchr (fname, ':');
-  if (s)
-    s++;
-  else
-    s = fname;
-#else
-  s = fname;
-#endif
-
-  return (*s == '/'
-#ifdef HAVE_W32_SYSTEM
-          || *s == DIRSEP_C
-#endif
-          );
-}
-
-
-/* If FNAME specifies two files of the form
- *   NAME1:/NAME2    (Unix)
- * or
- *   NAME1;[x:]/NAME2  (Windows)
- * return a pointer to the delimiter or NULL if there is none.
- */
-static const char *
-is_twopartfname (const char *fname)
-{
-  const char *s;
-
-  if ((s = strchr (fname, PATHSEP_C)) && is_absfname (s+1) && s != fname)
-    return s;
-  return NULL;
-}
-
-
-/* Try to use a version-ed config file name.  A version-ed config file
- * name is one which has the packages version number appended.  For
- * example if the standard config file name is "foo.conf" and the
- * version of the foo program is 1.2.3-beta1 the following config
- * files are tried in order until one is readable:
- *
- *   foo.conf-1.2.3-beta1
- *   foo.conf-1.2.3
- *   foo.conf-1.2
- *   foo.conf-1
- *   foo.conf
- *
- * The argument CONFIGNAME should already be expanded.  On success a
- * newly allocated file name is returned.  On error NULL is returned.
- */
-static char *
-try_versioned_conffile (const char *configname)
-{
-  const char *version = strusage (13);
-  char *name;
-  char *dash, *endp;
-
-  if (!version || !*version)
-    return NULL; /* No program version known. */
-
-  name = strconcat (configname, "-", version, NULL);
-  if (!name)
-    return NULL;  /* Oops: Out of core - ignore.  */
-  dash = name + strlen (configname);
-
-  endp = dash + strlen (dash) - 1;
-  while (endp > dash)
-    {
-      if (!gnupg_access (name, R_OK))
-        {
-          return name;
-        }
-      for (; endp > dash; endp--)
-        {
-          if (*endp == '-' || *endp == '.')
-            {
-              *endp = 0;
-              break;
-            }
-        }
-    }
-
-  xfree (name);
-  return NULL;
-}
-
-
-/* This function is called after a sysconf file has been read.  */
-static void
-finish_read_sys (gnupg_argparse_t *arg)
-{
-  opttable_t *opts = arg->internal->opts;
-  unsigned int nopts = arg->internal->nopts;
-  int i;
-
-  if (arg->internal->ignore_all_seen)
-    {
-      /* [ignore-all] was used: Set all options which have not
-       * explictly been set as ignore or not ignore to ignore.  */
-      for (i = 0; i < nopts; i++)
-        {
-          if (!opts[i].explicit_ignore)
-            opts[i].ignore = 1;
-        }
-    }
-
-  /* Reset all flags which pertain only to sysconf files.  */
-  arg->internal->in_sysconf = 0;
-  arg->internal->user_active = 0;
-  arg->internal->mark_forced = 0;
-  arg->internal->mark_ignore = 0;
-  arg->internal->explicit_ignore = 0;
-  arg->internal->ignore_all_seen = 0;
-}
-
-/* The full arg parser which handles option files and command line
- * arguments.  The behaviour depends on the combinations of CONFNAME
- * and the ARGPARSE_FLAG_xxx values:
- *
- * | CONFNAME | SYS | USER | Action             |
- * |----------+-----+------+--------------------|
- * | NULL     |   - |    - | cmdline            |
- * | string   |   0 |    1 | user, cmdline      |
- * | string   |   1 |    0 | sys, cmdline       |
- * | string   |   1 |    1 | sys, user, cmdline |
- *
- * Note that if an option has been flagged with ARGPARSE_OPT_CONFFILE
- * and a type of ARGPARSE_TYPE_STRING that option is not returned but
- * the specified configuration file is processed directly; if
- * ARGPARSE_TYPE_NONE is used no user configuration files are
- * processed and from the system configuration files only those which
- * are immutable are processed.  The string values for CONFNAME shall
- * not include a directory part because that is taken from the values
- * set by gnupg_set_confdir.  However, if CONFNAME is a twopart
- * filename delimited by a colon (semicolon on Windows) with the
- * second part being an absolute filename, the first part is used for
- * the SYS file and the the entire second part for the USER file.
- */
-int
-gnupg_argparser (gnupg_argparse_t *arg, gnupg_opt_t *opts,
-                 const char *confname)
-{
-  /* First check whether releasing the resources has been requested.  */
-  if (arg && !opts)
-    {
-      deinitialize (arg);
-      return 0;
-    }
-
-  /* Make sure that the internal data object is ready and also print
-   * warnings or errors from the last iteration.  */
-  if (initialize (arg, opts, NULL))
-    return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-
- next_state:
-  switch (arg->internal->state)
-    {
-    case STATE_init:
-      if (arg->argc && arg->argv && *arg->argc
-          && any_opt_conffile (arg->internal->opts, arg->internal->nopts))
-        {
-          /* The list of option allow for conf files
-           * (e.g. gpg's "--option FILE" and "--no-options")
-           * Now check whether one was really given on the command
-           * line.  Note that we don't need to run this code if no
-           * argument array was provided. */
-          int  save_argc = *arg->argc;
-          char **save_argv = *arg->argv;
-          unsigned int save_flags = arg->flags;
-          int save_idx = arg->internal->idx;
-          int any_no_conffile = 0;
-
-          arg->flags = (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION
-                        | ARGPARSE_FLAG__INITIALIZED);
-          while (arg_parse (arg, opts, 1))
-            {
-              if ((arg->internal->opt_flags & ARGPARSE_OPT_CONFFILE))
-                {
-                  arg->internal->explicit_confopt = 1;
-                  if ((arg->r_type & ARGPARSE_TYPE_MASK) == ARGPARSE_TYPE_STRING
-                      && !arg->internal->explicit_conffile)
-                    {
-                      /* Store the first conffile name.  All further
-                       * conf file options are not handled.  */
-                      arg->internal->explicit_conffile
-                        = xtrystrdup (arg->r.ret_str);
-                      if (!arg->internal->explicit_conffile)
-                        return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-
-                    }
-                  else if ((arg->r_type & ARGPARSE_TYPE_MASK)
-                            == ARGPARSE_TYPE_NONE)
-                    any_no_conffile = 1;
-                }
-            }
-          if (any_no_conffile)
-            {
-              /* A NoConffile option overrides any other conf file option.  */
-              xfree (arg->internal->explicit_conffile);
-              arg->internal->explicit_conffile = NULL;
-            }
-          /* Restore parser.  */
-          *arg->argc = save_argc;
-          *arg->argv = save_argv;
-          arg->flags = save_flags;
-          arg->internal->idx = save_idx;
-        }
-
-      if (confname && *confname)
-        {
-          if ((arg->flags & ARGPARSE_FLAG_SYS))
-            arg->internal->state = STATE_open_sys;
-          else if ((arg->flags & ARGPARSE_FLAG_USER))
-            arg->internal->state = STATE_open_user;
-          else
-            return (arg->r_opt = ARGPARSE_INVALID_ARG);
-        }
-      else
-        arg->internal->state = STATE_open_cmdline;
-      goto next_state;
-
-    case STATE_open_sys:
-      {
-        /* If it is a two part name take the first part.  */
-        const char *s;
-        char *tmpname = NULL;
-
-        if ((s = is_twopartfname (confname)))
-          {
-            tmpname = xtrymalloc (s - confname + 1);
-            if (!tmpname)
-              return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-            memcpy (tmpname, confname, s-confname);
-            tmpname[s-confname] = 0;
-            s = tmpname;
-          }
-        else
-          s = confname;
-        xfree (arg->internal->confname);
-        arg->internal->confname = make_filename_try
-          (confdir.sys? confdir.sys : "/etc", s, NULL);
-        xfree (tmpname);
-        if (!arg->internal->confname)
-          return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-      }
-      arg->lineno = 0;
-      arg->internal->idx = 0;
-      arg->internal->verbose = 0;
-      arg->internal->stopped = 0;
-      arg->internal->inarg = 0;
-      gpgrt_fclose (arg->internal->conffp);
-      arg->internal->conffp = gpgrt_fopen (arg->internal->confname, "r");
-      if (!arg->internal->conffp)
-        {
-          if ((arg->flags & ARGPARSE_FLAG_VERBOSE) || arg->internal->verbose)
-            log_info (_("Note: no default option file '%s'\n"),
-                             arg->internal->confname);
-          if ((arg->flags & ARGPARSE_FLAG_USER))
-            arg->internal->state = STATE_open_user;
-          else
-            arg->internal->state = STATE_open_cmdline;
-          goto next_state;
-        }
-
-      if ((arg->flags & ARGPARSE_FLAG_VERBOSE) || arg->internal->verbose)
-        log_info (_("reading options from '%s'\n"),
-                         arg->internal->confname);
-      arg->internal->state = STATE_read_sys;
-      arg->internal->in_sysconf = 1;
-      arg->r.ret_str = xtrystrdup (arg->internal->confname);
-      if (!arg->r.ret_str)
-        arg->r_opt = ARGPARSE_OUT_OF_CORE;
-      else
-        {
-          gpgrt_annotate_leaked_object (arg->r.ret_str);
-          arg->r_opt = ARGPARSE_CONFFILE;
-          arg->r_type = ARGPARSE_TYPE_STRING;
-        }
-      break;
-
-    case STATE_open_user:
-      if (arg->internal->explicit_confopt
-          && arg->internal->explicit_conffile)
-        {
-          /* An explict option to use a specific configuration file
-           * has been given - use that one.  */
-          xfree (arg->internal->confname);
-          arg->internal->confname
-            = xtrystrdup (arg->internal->explicit_conffile);
-          if (!arg->internal->confname)
-            return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-        }
-      else if (arg->internal->explicit_confopt)
-        {
-          /* An explict option not to use a configuration file has
-           * been given - leap direct to command line reading.  */
-          arg->internal->state = STATE_open_cmdline;
-          goto next_state;
-        }
-      else
-        {
-          /* Use the standard configure file.  If it is a two part
-           * name take the second part.  If it is the standard name
-           * and ARGPARSE_FLAG_USERVERS is set try versioned config
-           * files. */
-          const char *s;
-          char *nconf;
-
-          xfree (arg->internal->confname);
-          if ((s = is_twopartfname (confname)))
-            {
-              arg->internal->confname = make_filename_try (s + 1, NULL);
-              if (!arg->internal->confname)
-                return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-            }
-          else
-            {
-              arg->internal->confname = make_filename_try
-                (confdir.user? confdir.user : "~/.config", confname, NULL);
-              if (!arg->internal->confname)
-                return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-              if ((arg->flags & ARGPARSE_FLAG_USERVERS)
-                  && (nconf = try_versioned_conffile (arg->internal->confname)))
-                {
-                  xfree (arg->internal->confname);
-                  arg->internal->confname = nconf;
-                }
-            }
-        }
-      arg->lineno = 0;
-      arg->internal->idx = 0;
-      arg->internal->verbose = 0;
-      arg->internal->stopped = 0;
-      arg->internal->inarg = 0;
-      arg->internal->in_sysconf = 0;
-      gpgrt_fclose (arg->internal->conffp);
-      arg->internal->conffp = gpgrt_fopen (arg->internal->confname, "r");
-      if (!arg->internal->conffp)
-        {
-          arg->internal->state = STATE_open_cmdline;
-          if (arg->internal->explicit_confopt)
-            {
-              log_error (_("option file '%s': %s\n"),
-                                arg->internal->confname, strerror (errno));
-              return (arg->r_opt = ARGPARSE_NO_CONFFILE);
-            }
-          else
-            {
-              if ((arg->flags & ARGPARSE_FLAG_VERBOSE)
-                  || arg->internal->verbose)
-                log_info (_("Note: no default option file '%s'\n"),
-                                 arg->internal->confname);
-              goto next_state;
-            }
-        }
-
-      if ((arg->flags & ARGPARSE_FLAG_VERBOSE) || arg->internal->verbose)
-        log_info (_("reading options from '%s'\n"),
-                         arg->internal->confname);
-      arg->internal->state = STATE_read_user;
-      arg->r.ret_str = xtrystrdup (arg->internal->confname);
-      if (!arg->r.ret_str)
-        arg->r_opt = ARGPARSE_OUT_OF_CORE;
-      else
-        {
-          gpgrt_annotate_leaked_object (arg->r.ret_str);
-          arg->r_opt = ARGPARSE_CONFFILE;
-          arg->r_type = ARGPARSE_TYPE_STRING;
-        }
-      break;
-
-    case STATE_open_cmdline:
-      gpgrt_fclose (arg->internal->conffp);
-      arg->internal->conffp = NULL;
-      xfree (arg->internal->confname);
-      arg->internal->confname = NULL;
-      arg->internal->idx = 0;
-      arg->internal->verbose = 0;
-      arg->internal->stopped = 0;
-      arg->internal->inarg = 0;
-      arg->internal->in_sysconf = 0;
-      if (!arg->argc || !arg->argv || !*arg->argv)
-        {
-          /* No or empty argument vector - don't bother to parse things.  */
-          arg->internal->state = STATE_finished;
-          goto next_state;
-        }
-      arg->r_opt = ARGPARSE_CONFFILE;
-      arg->r_type = ARGPARSE_TYPE_NONE;
-      arg->r.ret_str = NULL;
-      arg->internal->state = STATE_read_cmdline;
-      break;
-
-    case STATE_read_sys:
-     arg->r_opt = gnupg_argparse (arg->internal->conffp, arg, opts);
-      if (!arg->r_opt)
-        {
-          finish_read_sys (arg);
-          arg->internal->state = STATE_open_user;
-          goto next_state;
-        }
-      if ((arg->internal->opt_flags & ARGPARSE_OPT_CONFFILE))
-        goto next_state;  /* Already handled - again.  */
-      break;
-
-    case STATE_read_user:
-      arg->r_opt = gnupg_argparse (arg->internal->conffp, arg, opts);
-      if (!arg->r_opt)
-        {
-          arg->internal->state = STATE_open_cmdline;
-          goto next_state;
-        }
-      if ((arg->internal->opt_flags & ARGPARSE_OPT_CONFFILE))
-        goto next_state;  /* Already handled - again.  */
-      break;
-
-    case STATE_read_cmdline:
-      arg->r_opt = arg_parse (arg, opts, 1);
-      if (!arg->r_opt)
-        {
-          arg->internal->state = STATE_finished;
-          goto next_state;
-        }
-      if ((arg->internal->opt_flags & ARGPARSE_OPT_CONFFILE))
-        goto next_state;  /* Already handled - again.  */
-      break;
-
-    case STATE_finished:
-      arg->r_opt = 0;
-      break;
-    }
-
-  return arg->r_opt;
-}
-
-
-
-/* Given the list of options in ARG and a keyword, return the index of
- * the long option matching KEYWORD.  On error -1 is returned for not
- * found or -2 for ambigious keyword.  */
-static int
-find_long_option (gnupg_argparse_t *arg, const char *keyword)
-{
-  int i;
-  size_t n;
-  opttable_t *opts   = arg->internal->opts;
-  unsigned int nopts = arg->internal->nopts;
-
-  /* Would be better if we can do a binary search, but it is not
-   * possible to reorder our option table because we would mess up our
-   * help strings.  What we can do is: Build an option lookup table
-   * when this function is first invoked.  The latter has already been
-   * done. */
-  if (!*keyword)
-    return -1;
-  for (i=0; i < nopts; i++ )
-    if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword))
-      return i;
-  /* Not found.  See whether it is an abbreviation.  Aliases may not
-   * be abbreviated, though. */
-  n = strlen (keyword);
-  for (i=0; i < nopts; i++)
-    {
-      if (opts[i].long_opt && !strncmp (opts[i].long_opt, keyword, n))
-        {
-          int j;
-          for (j=i+1; j < nopts; j++)
-            {
-              if (opts[j].long_opt
-                  && !strncmp (opts[j].long_opt, keyword, n)
-                  && !(opts[j].short_opt == opts[i].short_opt
-                       && opts[j].flags == opts[i].flags ) )
-                return -2;  /* Abbreviation is ambiguous.  */
-	    }
-          return i;
-	}
-    }
-  return -1;  /* Not found.  */
-}
-
-
-/* The option parser for command line options.  */
-static int
-arg_parse (gnupg_argparse_t *arg, gnupg_opt_t *opts_orig, int no_init)
-{
-  int idx;
-  opttable_t *opts;
-  unsigned int nopts;
-  int argc;
-  char **argv;
-  char *s, *s2;
-  int i;
-
-  if (no_init)
-    ;
-  else if (initialize (arg, opts_orig, NULL))
-    return (arg->r_opt = ARGPARSE_OUT_OF_CORE);
-
-  opts = arg->internal->opts;
-  nopts = arg->internal->nopts;
-  argc = *arg->argc;
-  argv = *arg->argv;
-  idx = arg->internal->idx;
-
-  if (!idx && argc && !(arg->flags & ARGPARSE_FLAG_ARG0))
-    {
-      /* Skip the first argument.  */
-      argc--; argv++; idx++;
-    }
-
- next_one:
-  if (!argc || (s = *argv) == NULL)
-    {
-      /* No more args.  */
-      arg->r_opt = 0;
-      goto leave; /* Ready. */
-    }
-
-  arg->internal->last = s;
-  arg->internal->opt_flags = 0;
-
-  if (arg->internal->stopped && (arg->flags & ARGPARSE_FLAG_ALL))
-    {
-      arg->r_opt = ARGPARSE_IS_ARG;  /* Not an option but an argument.  */
-      arg->r_type = ARGPARSE_TYPE_STRING;
-      arg->r.ret_str = s;
-      argc--; argv++; idx++; /* set to next one */
-    }
-  else if (arg->internal->stopped)
-    {
-      arg->r_opt = 0;
-      goto leave; /* Ready.  */
-    }
-  else if ( *s == '-' && s[1] == '-' )
-    {
-      /* Long option.  */
-      char *argpos;
-
-      arg->internal->inarg = 0;
-      if (!s[2] && !(arg->flags & ARGPARSE_FLAG_NOSTOP))
-        {
-          /* Stop option processing.  */
-          arg->internal->stopped = 1;
-          arg->flags |= ARGPARSE_FLAG_STOP_SEEN;
-          argc--; argv++; idx++;
-          goto next_one;
-	}
-
-      argpos = strchr( s+2, '=' );
-      if ( argpos )
-        *argpos = 0;
-      i = find_long_option (arg, s+2);
-      if ( argpos )
-        *argpos = '=';
-
-      if (i > 0 && opts[i].short_opt == ARGPARSE_SHORTOPT_HELP)
-        {
-          show_help (opts, nopts, arg->flags);
-          my_exit (arg, 0);
-        }
-      else if (i > 0 && opts[i].short_opt == ARGPARSE_SHORTOPT_VERSION)
-        {
-          if (!(arg->flags & ARGPARSE_FLAG_NOVERSION))
-            {
-              show_version ();
-              my_exit (arg, 0);
-            }
-	}
-      else if (i > 0 && opts[i].short_opt == ARGPARSE_SHORTOPT_WARRANTY)
-        {
-          writestrings (0, strusage (16), "\n", NULL);
-          my_exit (arg, 0);
-	}
-      else if (i > 0 && opts[i].short_opt == ARGPARSE_SHORTOPT_DUMP_OPTTBL)
-        dump_option_table (arg);
-      else if (i > 0 && opts[i].short_opt == ARGPARSE_SHORTOPT_DUMP_OPTIONS)
-        {
-          for (i=0; i < nopts; i++ )
-            {
-              if (opts[i].long_opt && !(opts[i].flags & ARGPARSE_OPT_IGNORE))
-                writestrings (0, "--", opts[i].long_opt, "\n", NULL);
-	    }
-          my_exit (arg, 0);
-	}
-
-      if ( i == -2 )
-        arg->r_opt = ARGPARSE_AMBIGUOUS_OPTION;
-      else if ( i == -1 )
-        {
-          arg->r_opt = ARGPARSE_INVALID_OPTION;
-          arg->r.ret_str = s+2;
-	}
-      else
-        arg->r_opt = opts[i].short_opt;
-
-      if ( i < 0 )
-        ;
-      else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) )
-        {
-          if ( argpos )
-            {
-              s2 = argpos+1;
-              if ( !*s2 )
-                s2 = NULL;
-	    }
-          else
-            s2 = argv[1];
-
-          if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
-            {
-              arg->r_type = ARGPARSE_TYPE_NONE; /* Argument is optional.  */
-	    }
-          else if ( !s2 )
-            {
-              arg->r_opt = ARGPARSE_MISSING_ARG;
-	    }
-          else if ( !argpos && *s2 == '-'
-                    && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
-            {
-              /* The argument is optional and the next seems to be an
-                 option.  We do not check this possible option but
-                 assume no argument */
-              arg->r_type = ARGPARSE_TYPE_NONE;
-	    }
-          else
-            {
-              set_opt_arg (arg, opts[i].flags, s2);
-              if ( !argpos )
-                {
-                  argc--; argv++; idx++; /* Skip one.  */
-		}
-	    }
-	}
-      else
-        {
-          /* Does not take an argument. */
-          if ( argpos )
-            arg->r_type = ARGPARSE_UNEXPECTED_ARG;
-          else
-            {
-              arg->internal->opt_flags = opts[i].flags;
-              arg->r_type = ARGPARSE_TYPE_NONE;
-            }
-	}
-      argc--; argv++; idx++; /* Set to next one.  */
-    }
-  else if ( (*s == '-' && s[1]) || arg->internal->inarg )
-    {
-      /* Short option.  */
-      int dash_kludge = 0;
-
-      i = 0;
-      if ( !arg->internal->inarg )
-        {
-          arg->internal->inarg++;
-          if ( (arg->flags & ARGPARSE_FLAG_ONEDASH) )
-            {
-              for (i=0; i < nopts; i++ )
-                if ( opts[i].long_opt && !strcmp (opts[i].long_opt, s+1))
-                  {
-                    dash_kludge = 1;
-                    break;
-                  }
-            }
-        }
-      s += arg->internal->inarg;
-
-      if (!dash_kludge )
-        {
-          for (i=0; i < nopts; i++ )
-            if ( opts[i].short_opt == *s )
-              break;
-        }
-
-      if ( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) )
-        {
-          show_help (opts, nopts, arg->flags);
-          my_exit (arg, 0);
-        }
-
-      arg->r_opt = opts[i].short_opt;
-      if (!opts[i].short_opt )
-        {
-          arg->r_opt = (opts[i].flags & ARGPARSE_OPT_COMMAND)?
-            ARGPARSE_INVALID_COMMAND:ARGPARSE_INVALID_OPTION;
-          arg->internal->inarg++; /* Point to the next arg.  */
-          arg->r.ret_str = s;
-        }
-      else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) )
-        {
-          if ( s[1] && !dash_kludge )
-            {
-              s2 = s+1;
-              set_opt_arg (arg, opts[i].flags, s2);
-            }
-          else
-            {
-              s2 = argv[1];
-              if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
-                {
-                  arg->r_type = ARGPARSE_TYPE_NONE;
-                  arg->internal->opt_flags = opts[i].flags;
-                }
-              else if ( !s2 )
-                {
-                  arg->r_opt = ARGPARSE_MISSING_ARG;
-                }
-              else if ( *s2 == '-' && s2[1]
-                        && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
-                {
-                  /* The argument is optional and the next seems to
-                     be an option.  We do not check this possible
-                     option but assume no argument.  */
-                  arg->r_type = ARGPARSE_TYPE_NONE;
-                  arg->internal->opt_flags = opts[i].flags;
-                }
-              else
-                {
-                  set_opt_arg (arg, opts[i].flags, s2);
-                  argc--; argv++; idx++; /* Skip one.  */
-                }
-            }
-          s = "x"; /* This is so that !s[1] yields false.  */
-        }
-      else
-        {
-          /* Does not take an argument.  */
-          arg->r_type = ARGPARSE_TYPE_NONE;
-          arg->internal->opt_flags = opts[i].flags;
-          arg->internal->inarg++; /* Point to the next arg.  */
-        }
-      if ( !s[1] || dash_kludge )
-        {
-          /* No more concatenated short options.  */
-          arg->internal->inarg = 0;
-          argc--; argv++; idx++;
-        }
-    }
-  else if ( arg->flags & ARGPARSE_FLAG_MIXED )
-    {
-      arg->r_opt = ARGPARSE_IS_ARG;
-      arg->r_type = ARGPARSE_TYPE_STRING;
-      arg->r.ret_str = s;
-      argc--; argv++; idx++; /* Set to next one.  */
-    }
-  else
-    {
-      arg->internal->stopped = 1; /* Stop option processing.  */
-      goto next_one;
-    }
-
-  if (arg->r_opt > 0 && i >= 0 && i < nopts
-      && ((opts[i].ignore && opts[i].explicit_ignore) || opts[i].forced))
-    {
-
-      if ((arg->flags & ARGPARSE_FLAG_WITHATTR))
-        {
-          if (opts[i].ignore)
-            arg->r_type |= ARGPARSE_ATTR_IGNORE;
-          if (opts[i].forced)
-            arg->r_type |= ARGPARSE_ATTR_FORCE;
-          arg->r_type |= ARGPARSE_OPT_IGNORE;
-        }
-      else
-        {
-          log_info (_("Note: ignoring option \"--%s\""
-                             " due to global config\n"),
-                           opts[i].long_opt);
-          goto next_one;  /* Skip ignored/forced option.  */
-        }
-    }
-
- leave:
-  *arg->argc = argc;
-  *arg->argv = argv;
-  arg->internal->idx = idx;
-  return arg->r_opt;
-}
-
-
-
-/* Returns: -1 on error, 0 for an integer type and 1 for a non integer
-   type argument.  */
-static int
-set_opt_arg (gnupg_argparse_t *arg, unsigned flags, char *s)
-{
-  int base = (flags & ARGPARSE_OPT_PREFIX)? 0 : 10;
-  long l;
-
-  arg->internal->opt_flags = flags;
-  switch ( (arg->r_type = (flags & ARGPARSE_TYPE_MASK)) )
-    {
-    case ARGPARSE_TYPE_LONG:
-    case ARGPARSE_TYPE_INT:
-      errno = 0;
-      l = strtol (s, NULL, base);
-      if ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE)
-        {
-          arg->r_opt = ARGPARSE_INVALID_ARG;
-          return -1;
-        }
-      if (arg->r_type == ARGPARSE_TYPE_LONG)
-        arg->r.ret_long = l;
-      else if ( (l < 0 && l < INT_MIN) || l > INT_MAX )
-        {
-          arg->r_opt = ARGPARSE_INVALID_ARG;
-          return -1;
-        }
-      else
-        arg->r.ret_int = (int)l;
-      return 0;
-
-    case ARGPARSE_TYPE_ULONG:
-      while (isascii (*s) && isspace(*s))
-        s++;
-      if (*s == '-')
-        {
-          arg->r.ret_ulong = 0;
-          arg->r_opt = ARGPARSE_INVALID_ARG;
-          return -1;
-        }
-      errno = 0;
-      arg->r.ret_ulong = strtoul (s, NULL, base);
-      if (arg->r.ret_ulong == ULONG_MAX && errno == ERANGE)
-        {
-          arg->r_opt = ARGPARSE_INVALID_ARG;
-          return -1;
-        }
-      return 0;
-
-    case ARGPARSE_TYPE_STRING:
-    default:
-      arg->r.ret_str = s;
-      return 1;
-    }
-}
-
-
-/* Return the length of the option O.  This needs to consider the
- * description as well as the option name.  */
-static size_t
-long_opt_strlen (opttable_t *o)
-{
-  size_t n = strlen (o->long_opt);
-
-  if ( o->description && *o->description == '|' )
-    {
-      const char *s;
-      int is_utf8 = is_native_utf8 ();
-
-      s=o->description+1;
-      if ( *s != '=' )
-        n++;
-      /* For a (mostly) correct length calculation we exclude
-       * continuation bytes (10xxxxxx) if we are on a native utf8
-       * terminal. */
-      for (; *s && *s != '|'; s++ )
-        if ( is_utf8 && (*s&0xc0) != 0x80 )
-          n++;
-    }
-  return n;
-}
-
-
-/* Qsort compare for show_help.  */
-static int
-cmp_ordtbl (const void *a_v, const void *b_v)
-{
-  const unsigned short *a = a_v;
-  const unsigned short *b = b_v;
-
-  return *a - *b;
-}
-
-
-/****************
- * Print formatted help. The description string has some special
- * meanings:
- *  - A description string which is "@" suppresses help output for
- *    this option
- *  - a description which starts with a '@' and is followed by
- *    any other characters is printed as is; this may be used for examples
- *    and such.  This is a legacy methiod, moder codes uses the flags
- *    ARGPARSE_OPT_VERBATIM or ARGPARSE_OPT_HEADER.
- *  - A description which starts with a '|' outputs the string between this
- *    bar and the next one as arguments of the long option.
- */
-static void
-show_help (opttable_t *opts, unsigned int nopts, unsigned int flags)
-{
-  const char *s;
-  char tmp[2];
-  unsigned int *ordtbl = NULL;
-
-  show_version ();
-  writestrings (0, "\n", NULL);
-  s = strusage (42);
-  if (s && *s == '1')
-    {
-      s = strusage (40);
-      writestrings (1, s, NULL);
-      if (*s && s[strlen(s)] != '\n')
-        writestrings (1, "\n", NULL);
-    }
-  s = strusage(41);
-  writestrings (0, s, "\n", NULL);
-  if ( nopts )
-    {
-      /* Auto format the option description.  */
-      int i,j,indent;
-      const char *last_header = NULL;
-
-      ordtbl = xtrycalloc (nopts, sizeof *ordtbl);
-      if (!ordtbl)
-        {
-          writestrings (1, "\nOoops: Out of memory whilst printing the help.\n",
-                        NULL);
-          goto leave;
-        }
-
-      /* Get max. length of long options.  */
-      for (i=indent=0; i < nopts; i++ )
-        {
-          if ( opts[i].long_opt )
-            if ( !opts[i].description || *opts[i].description != '@' )
-              if ( (j=long_opt_strlen(opts+i)) > indent && j < 35 )
-                indent = j;
-          ordtbl[i] = opts[i].ordinal;
-	}
-
-      qsort (ordtbl, nopts, sizeof *ordtbl, cmp_ordtbl);
-
-      /* The first option needs to have a description; if not do not
-       * print the help at all.  */
-      if (!opts[ordtbl[0]].description)
-        goto leave;
-
-      /* Example: " -v, --verbose   Viele Sachen ausgeben" */
-      indent += 10;
-      if ( *opts[ordtbl[0]].description != '@'
-           && !(opts[ordtbl[0]].flags
-                & (ARGPARSE_OPT_VERBATIM|ARGPARSE_OPT_HEADER)))
-        writestrings (0, "Options:", "\n", NULL);
-      for (i=0; i < nopts; i++ )
-        {
-          s = map_fixed_string (_( opts[ordtbl[i]].description ));
-          if ( s && *s== '@' && !s[1] ) /* Hide this line.  */
-            continue;
-          if ( s && (opts[ordtbl[i]].flags & ARGPARSE_OPT_HEADER))
-            {
-              /* We delay printing until we have found one real output
-               * line.  This avoids having a header above an empty
-               * section.  */
-              last_header = s;
-              continue;
-	    }
-          if (last_header)
-            {
-              if (*last_header)
-                writestrings (0, "\n", last_header, ":\n", NULL);
-              last_header = NULL;
-            }
-          if ( s && (opts[ordtbl[i]].flags & ARGPARSE_OPT_VERBATIM))
-            {
-              writestrings (0, s, NULL);
-              continue;
-	    }
-          if ( s && *s == '@' )  /* Unindented legacy comment only line.  */
-            {
-              for (s++; *s; s++ )
-                {
-                  if ( *s == '\n' )
-                    {
-                      if( s[1] )
-                        writestrings (0, "\n", NULL);
-		    }
-                  else
-                    {
-                      tmp[0] = *s;
-                      tmp[1] = 0;
-                      writestrings (0, tmp, NULL);
-                    }
-                }
-              writestrings (0, "\n", NULL);
-              continue;
-	    }
-
-          j = 3;
-          if ( opts[ordtbl[i]].short_opt < 256 )
-            {
-              tmp[0] = opts[ordtbl[i]].short_opt;
-              tmp[1] = 0;
-              writestrings (0, " -", tmp, NULL );
-              if ( !opts[ordtbl[i]].long_opt )
-                {
-                  if (s && *s == '|' )
-                    {
-                      writestrings (0, " ", NULL); j++;
-                      for (s++ ; *s && *s != '|'; s++, j++ )
-                        {
-                          tmp[0] = *s;
-                          tmp[1] = 0;
-                          writestrings (0, tmp, NULL);
-                        }
-                      if ( *s )
-                        s++;
-		    }
-		}
-	    }
-          else
-            writestrings (0, "   ", NULL);
-          if ( opts[ordtbl[i]].long_opt )
-            {
-              tmp[0] = opts[ordtbl[i]].short_opt < 256?',':' ';
-              tmp[1] = 0;
-              j += writestrings (0, tmp, " --", opts[ordtbl[i]].long_opt, NULL);
-              if (s && *s == '|' )
-                {
-                  if ( *++s != '=' )
-                    {
-                      writestrings (0, " ", NULL);
-                      j++;
-		    }
-                  for ( ; *s && *s != '|'; s++, j++ )
-                    {
-                      tmp[0] = *s;
-                      tmp[1] = 0;
-                      writestrings (0, tmp, NULL);
-                    }
-                  if ( *s )
-                    s++;
-		}
-              writestrings (0, "   ", NULL);
-              j += 3;
-	    }
-          for (;j < indent; j++ )
-            writestrings (0, " ", NULL);
-          if ( s )
-            {
-              if ( *s && j > indent )
-                {
-                  writestrings (0, "\n", NULL);
-                  for (j=0;j < indent; j++ )
-                    writestrings (0, " ", NULL);
-		}
-              for (; *s; s++ )
-                {
-                  if ( *s == '\n' )
-                    {
-                      if ( s[1] )
-                        {
-                          writestrings (0, "\n", NULL);
-                          for (j=0; j < indent; j++ )
-                            writestrings (0, " ", NULL);
-			}
-		    }
-                  else
-                    {
-                      tmp[0] = *s;
-                      tmp[1] = 0;
-                      writestrings (0, tmp, NULL);
-                    }
-		}
-	    }
-          writestrings (0, "\n", NULL);
-	}
-	if ( (flags & ARGPARSE_FLAG_ONEDASH) )
-          writestrings (0, "\n(A single dash may be used "
-                        "instead of the double ones)\n", NULL);
-    }
-  if ( (s=strusage(19)) )
-    {
-      writestrings (0, "\n", NULL);
-      writestrings (0, s, NULL);
-    }
-
- leave:
-  flushstrings (0);
-  xfree (ordtbl);
-}
-
-
-static void
-show_version ()
-{
-  const char *s;
-  int i;
-
-  /* Version line.  */
-  writestrings (0, strusage (11), NULL);
-  if ((s=strusage (12)))
-    writestrings (0, " (", s, ")", NULL);
-  writestrings (0, " ", strusage (13), "\n", NULL);
-  /* Additional version lines. */
-  for (i=20; i < 30; i++)
-    if ((s=strusage (i)))
-      writestrings (0, s, "\n", NULL);
-  /* Copyright string.  */
-  if ((s=strusage (14)))
-    writestrings (0, s, "\n", NULL);
-  /* Licence string.  */
-  if( (s=strusage (10)) )
-    writestrings (0, s, "\n", NULL);
-  /* Copying conditions. */
-  if ( (s=strusage(15)) )
-    writestrings (0, s, NULL);
-  /* Thanks. */
-  if ((s=strusage(18)))
-    writestrings (0, s, NULL);
-  /* Additional program info. */
-  for (i=30; i < 40; i++ )
-    if ( (s=strusage (i)) )
-      writestrings (0, s, NULL);
-  flushstrings (0);
-}
-
-
-/* Print the table of options with flags etc.  */
-static void
-dump_option_table (gnupg_argparse_t *arg)
-{
-  opttable_t *opts;
-  unsigned int nopts;
-  const char *s;
-  char tmp[50];
-  unsigned int *ordtbl = NULL;
-  int i;
-
-  opts = arg->internal->opts;
-  nopts = arg->internal->nopts;
-  if (!nopts)
-    return;
-
-  ordtbl = xtrycalloc (nopts, sizeof *ordtbl);
-  if (!ordtbl)
-    {
-      writestrings (1, "\nOoops: Out of memory whilst dumping the table.\n",
-                    NULL);
-      flushstrings (1);
-      my_exit (arg, 2);
-    }
-  for (i=0; i < nopts; i++ )
-    ordtbl[i] = opts[i].ordinal;
-  qsort (ordtbl, nopts, sizeof *ordtbl, cmp_ordtbl);
-  for (i=0; i < nopts; i++ )
-    {
-      if (!opts[ordtbl[i]].long_opt)
-        continue;
-      writestrings (0, opts[ordtbl[i]].long_opt, ":", NULL);
-      snprintf (tmp, sizeof tmp, "%u:%u:",
-                opts[ordtbl[i]].short_opt,
-                opts[ordtbl[i]].flags);
-      writestrings (0, tmp, NULL);
-      s = opts[ordtbl[i]].description;
-      if (s)
-        {
-          for (; *s; s++)
-            {
-              if (*s == '%' || *s == ':' || *s == '\n')
-                snprintf (tmp, sizeof tmp, "%%%02X", *s);
-              else
-                {
-                  tmp[0] = *s;
-                  tmp[1] = 0;
-                }
-              writestrings (0, tmp, NULL);
-            }
-        }
-      writestrings (0, ":\n", NULL);
-    }
-
-  flushstrings (0);
-  xfree (ordtbl);
-  my_exit (arg, 0);
-}
-
-
-
-/* Level
- *     0: Print copyright string to stderr
- *     1: Print a short usage hint to stderr and terminate
- *     2: Print a long usage hint to stdout and terminate
- *     8: Return NULL for UTF-8 or string with the native charset.
- *     9: Return the SPDX License tag.
- *    10: Return license info string
- *    11: Return the name of the program
- *    12: Return optional name of package which includes this program.
- *    13: version  string
- *    14: copyright string
- *    15: Short copying conditions (with LFs)
- *    16: Long copying conditions (with LFs)
- *    17: Optional printable OS name
- *    18: Optional thanks list (with LFs)
- *    19: Bug report info
- *20..29: Additional lib version strings.
- *30..39: Additional program info (with LFs)
- *    40: short usage note (with LF)
- *    41: long usage note (with LF)
- *    42: Flag string:
- *          First char is '1':
- *             The short usage notes needs to be printed
- *             before the long usage note.
- */
-const char *
-strusage( int level )
-{
-  const char *p = strusage_handler? strusage_handler(level) : NULL;
-  const char *tmp;
-
-  if ( p )
-    return map_static_macro_string (p);
-
-  switch ( level )
-    {
-
-    case 8: break; /* Default to utf-8.  */
-    case 9: p = "GPL-3.0-or-later"; break;
-    case 10:
-      tmp = strusage (9);
-      if (tmp && !strcmp (tmp, "LGPL-2.1-or-later"))
-        p = ("License GNU LGPL-2.1-or-later <https://gnu.org/licenses/>");
-      else /* Default to GPLv3+.  */
-        p =("License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>");
-      break;
-    case 11: p = "foo"; break;
-    case 13: p = "0.0"; break;
-    case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
-    case 15: p =
-"This is free software: you are free to change and redistribute it.\n"
-"There is NO WARRANTY, to the extent permitted by law.\n";
-      break;
-    case 16:
-      tmp = strusage (9);
-      if (tmp && !strcmp (tmp, "LGPL-2.1-or-later"))
-        p =
-"This is free software; you can redistribute it and/or modify\n"
-"it under the terms of the GNU Lesser General Public License as\n"
-"published by the Free Software Foundation; either version 2.1 of\n"
-"the License, or (at your option) any later version.\n\n"
-"It is distributed in the hope that it will be useful,\n"
-"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
-"GNU Lesser General Public License for more details.\n\n"
-"You should have received a copy of the GNU Lesser General Public License\n"
-"along with this software.  If not, see <https://gnu.org/licenses/>.\n";
-      else /* Default */
-        p =
-"This is free software; you can redistribute it and/or modify\n"
-"it under the terms of the GNU General Public License as published by\n"
-"the Free Software Foundation; either version 3 of the License, or\n"
-"(at your option) any later version.\n\n"
-"It is distributed in the hope that it will be useful,\n"
-"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
-"GNU General Public License for more details.\n\n"
-"You should have received a copy of the GNU General Public License\n"
-"along with this software.  If not, see <https://gnu.org/licenses/>.\n";
-      break;
-    case 40: /* short and long usage */
-    case 41: p = ""; break;
-    }
-
-  return p;
-}
-
-
-/* Set the usage handler.  This function is basically a constructor.  */
-void
-set_strusage ( const char *(*f)( int ) )
-{
-  strusage_handler = f;
-}
-
-#endif /* USE_INTERNAL_ARGPARSE */
-
-
-void
-usage (int level)
-{
-  const char *p;
-
-  if (!level)
-    {
-      writestrings (1, strusage(11), " ", strusage(13), "; ",
-                    strusage (14), "\n", NULL);
-      flushstrings (1);
-    }
-  else if (level == 1)
-    {
-      p = strusage (40);
-      writestrings (1, p, NULL);
-      if (*p && p[strlen(p)] != '\n')
-        writestrings (1, "\n", NULL);
-      exit (2);
-    }
-  else if (level == 2)
-    {
-      p = strusage (42);
-      if (p && *p == '1')
-        {
-          p = strusage (40);
-          writestrings (1, p, NULL);
-          if (*p && p[strlen(p)] != '\n')
-            writestrings (1, "\n", NULL);
-        }
-      writestrings (0, strusage(41), "\n", NULL);
-      exit (0);
-    }
-}
diff --git a/common/argparse.h b/common/argparse.h
deleted file mode 100644
index 282aaea..0000000
--- a/common/argparse.h
+++ /dev/null
@@ -1,281 +0,0 @@
-/* argparse.h - Argument parser for option handling.
- *	Copyright (C) 1998,1999,2000,2001,2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute and/or modify this
- * part of GnuPG under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <https://www.gnu.org/licenses/>.
- */
-
-#ifndef GNUPG_COMMON_ARGPARSE_H
-#define GNUPG_COMMON_ARGPARSE_H
-
-#include <stdio.h>
-#include <gpg-error.h>
-
-#if GPGRT_VERSION_NUMBER < 0x012600 /* 1.38 */
-
-#define USE_INTERNAL_ARGPARSE 1
-
-/* We use a copy of the code from the new gpgrt parser.  */
-
-struct _argparse_internal_s;
-typedef struct
-{
-  int  *argc;	      /* Pointer to ARGC (value subject to change). */
-  char ***argv;	      /* Pointer to ARGV (value subject to change). */
-  unsigned int flags; /* Global flags.  May be set prior to calling the
-                         parser.  The parser may change the value.  */
-  int err;            /* Print error description for last option.
-                         Either 0,  ARGPARSE_PRINT_WARNING or
-                         ARGPARSE_PRINT_ERROR.  */
-  unsigned int lineno;/* The current line number.  */
-  int r_opt; 	      /* Returns option code. */
-  int r_type;	      /* Returns type of option value.  */
-  union {
-    int   ret_int;
-    long  ret_long;
-    unsigned long ret_ulong;
-    char *ret_str;
-  } r;		      /* Return values */
-
-  struct _argparse_internal_s *internal;
-} gnupg_argparse_t;
-
-
-typedef struct
-{
-  int          short_opt;
-  const char  *long_opt;
-  unsigned int flags;
-  const char  *description; /* Optional option description. */
-} gnupg_opt_t;
-
-
-typedef gnupg_argparse_t ARGPARSE_ARGS;
-typedef gnupg_opt_t      ARGPARSE_OPTS;
-
-/* Short options.  */
-#define ARGPARSE_SHORTOPT_HELP 32768
-#define ARGPARSE_SHORTOPT_VERSION 32769
-#define ARGPARSE_SHORTOPT_WARRANTY 32770
-#define ARGPARSE_SHORTOPT_DUMP_OPTIONS 32771
-
-
-/* Global flags (ARGPARSE_ARGS).  */
-#define ARGPARSE_FLAG_KEEP       1   /* Do not remove options form argv.     */
-#define ARGPARSE_FLAG_ALL        2   /* Do not stop at last option but return
-                                        remaining args with R_OPT set to -1. */
-#define ARGPARSE_FLAG_MIXED      4   /* Assume options and args are mixed.   */
-#define ARGPARSE_FLAG_NOSTOP     8   /* Do not stop processing at "--".      */
-#define ARGPARSE_FLAG_ARG0      16   /* Do not skip the first arg.           */
-#define ARGPARSE_FLAG_ONEDASH   32   /* Allow long options with one dash.    */
-#define ARGPARSE_FLAG_NOVERSION 64   /* No output for "--version".           */
-#define ARGPARSE_FLAG_RESET     128  /* Request to reset the internal state. */
-#define ARGPARSE_FLAG_STOP_SEEN 256  /* Set to true if a "--" has been seen. */
-#define ARGPARSE_FLAG_NOLINENO  512  /* Do not zero the lineno field.        */
-#define ARGPARSE_FLAG_SYS      1024  /* Use system config file.              */
-#define ARGPARSE_FLAG_USER     2048  /* Use user config file.                */
-#define ARGPARSE_FLAG_VERBOSE  4096  /* Print additional argparser info.     */
-#define ARGPARSE_FLAG_USERVERS 8192  /* Try version-ed user config files.    */
-#define ARGPARSE_FLAG_WITHATTR 16384 /* Return attribute bits.               */
-
-/* Flags for each option (ARGPARSE_OPTS).  The type code may be
-   ORed with the OPT flags.  */
-#define ARGPARSE_TYPE_NONE        0  /* Does not take an argument.        */
-#define ARGPARSE_TYPE_INT         1  /* Takes an int argument.            */
-#define ARGPARSE_TYPE_STRING      2  /* Takes a string argument.          */
-#define ARGPARSE_TYPE_LONG        3  /* Takes a long argument.            */
-#define ARGPARSE_TYPE_ULONG       4  /* Takes an unsigned long argument.  */
-#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional.             */
-#define ARGPARSE_OPT_PREFIX   (1<<4) /* Allow 0x etc. prefixed values.    */
-#define ARGPARSE_OPT_IGNORE   (1<<6) /* Ignore command or option.         */
-#define ARGPARSE_OPT_COMMAND  (1<<7) /* The argument is a command.        */
-#define ARGPARSE_OPT_CONFFILE (1<<8) /* The value is a conffile.          */
-#define ARGPARSE_OPT_HEADER   (1<<9) /* The value is printed as a header. */
-#define ARGPARSE_OPT_VERBATIM (1<<10)/* The value is printed verbatim.    */
-#define ARGPARSE_ATTR_FORCE   (1<<14)/* Attribute force is set.           */
-#define ARGPARSE_ATTR_IGNORE  (1<<15)/* Attribute ignore is set.          */
-
-#define ARGPARSE_TYPE_MASK  7  /* Mask for the type values (internal).  */
-
-/* A set of macros to make option definitions easier to read.  */
-#define ARGPARSE_x(s,l,t,f,d) \
-     { (s), (l), ARGPARSE_TYPE_ ## t | (f), (d) }
-
-#define ARGPARSE_s(s,l,t,d) \
-     { (s), (l), ARGPARSE_TYPE_ ## t, (d) }
-#define ARGPARSE_s_n(s,l,d) \
-     { (s), (l), ARGPARSE_TYPE_NONE, (d) }
-#define ARGPARSE_s_i(s,l,d) \
-     { (s), (l), ARGPARSE_TYPE_INT, (d) }
-#define ARGPARSE_s_s(s,l,d) \
-     { (s), (l), ARGPARSE_TYPE_STRING, (d) }
-#define ARGPARSE_s_l(s,l,d) \
-     { (s), (l), ARGPARSE_TYPE_LONG, (d) }
-#define ARGPARSE_s_u(s,l,d) \
-     { (s), (l), ARGPARSE_TYPE_ULONG, (d) }
-
-#define ARGPARSE_o(s,l,t,d) \
-     { (s), (l), (ARGPARSE_TYPE_ ## t  | ARGPARSE_OPT_OPTIONAL), (d) }
-#define ARGPARSE_o_n(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_NONE   | ARGPARSE_OPT_OPTIONAL), (d) }
-#define ARGPARSE_o_i(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_INT    | ARGPARSE_OPT_OPTIONAL), (d) }
-#define ARGPARSE_o_s(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_OPTIONAL), (d) }
-#define ARGPARSE_o_l(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_LONG   | ARGPARSE_OPT_OPTIONAL), (d) }
-#define ARGPARSE_o_u(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_ULONG  | ARGPARSE_OPT_OPTIONAL), (d) }
-
-#define ARGPARSE_p(s,l,t,d) \
-     { (s), (l), (ARGPARSE_TYPE_ ## t  | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_p_n(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_NONE   | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_p_i(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_INT    | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_p_s(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_p_l(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_LONG   | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_p_u(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_ULONG  | ARGPARSE_OPT_PREFIX), (d) }
-
-#define ARGPARSE_op(s,l,t,d) \
-     { (s), (l), (ARGPARSE_TYPE_ ## t \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_op_n(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_NONE \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_op_i(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_INT \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_op_s(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_STRING \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_op_l(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_LONG \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-#define ARGPARSE_op_u(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_ULONG \
-                  | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
-
-#define ARGPARSE_c(s,l,d) \
-     { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_COMMAND), (d) }
-
-#define ARGPARSE_conffile(s,l,d) \
-  { (s), (l), (ARGPARSE_TYPE_STRING|ARGPARSE_OPT_CONFFILE), (d) }
-
-#define ARGPARSE_noconffile(s,l,d) \
-  { (s), (l), (ARGPARSE_TYPE_NONE|ARGPARSE_OPT_CONFFILE), (d) }
-
-#define ARGPARSE_ignore(s,l) \
-     { (s), (l), (ARGPARSE_OPT_IGNORE), "@" }
-
-#define ARGPARSE_group(s,d) \
-     { (s), NULL, 0, (d) }
-
-/* Verbatim print the string D in the help output.  It does not make
- * use of the "@" hack as ARGPARSE_group does.  */
-#define ARGPARSE_verbatim(d) \
-  { 1, NULL, (ARGPARSE_OPT_VERBATIM), (d) }
-
-/* Same as ARGPARSE_verbatim but also print a colon and a LF.  N can
- * be used give a symbolic name to the header.  Nothing is printed if
- * D is the empty string.  */
-#define ARGPARSE_header(n,d) \
-  { 1, (n), (ARGPARSE_OPT_HEADER), (d) }
-
-/* Mark the end of the list (mandatory).  */
-#define ARGPARSE_end() \
-  { 0, NULL, 0, NULL }
-
-
-/* Other constants.  */
-#define ARGPARSE_PRINT_WARNING  1
-#define ARGPARSE_PRINT_ERROR    2
-
-
-/* Error values.  */
-#define ARGPARSE_IS_ARG            (-1)
-#define ARGPARSE_INVALID_OPTION    (-2)
-#define ARGPARSE_MISSING_ARG       (-3)
-#define ARGPARSE_KEYWORD_TOO_LONG  (-4)
-#define ARGPARSE_READ_ERROR        (-5)
-#define ARGPARSE_UNEXPECTED_ARG    (-6)
-#define ARGPARSE_INVALID_COMMAND   (-7)
-#define ARGPARSE_AMBIGUOUS_OPTION  (-8)
-#define ARGPARSE_AMBIGUOUS_COMMAND (-9)
-#define ARGPARSE_INVALID_ALIAS     (-10)
-#define ARGPARSE_OUT_OF_CORE       (-11)
-#define ARGPARSE_INVALID_ARG       (-12)
-#define ARGPARSE_PERMISSION_ERROR  (-13)
-#define ARGPARSE_NO_CONFFILE       (-14)
-#define ARGPARSE_CONFFILE          (-15)
-#define ARGPARSE_INVALID_META      (-16)
-#define ARGPARSE_UNKNOWN_META      (-17)
-#define ARGPARSE_UNEXPECTED_META   (-18)
-
-/* Values used for gnupg_set_confdir.  */
-#define GNUPG_CONFDIR_USER 1   /* The user's configuration dir.    */
-#define GNUPG_CONFDIR_SYS  2   /* The systems's configuration dir. */
-
-/* Take care: gpgrt_argparse keeps state in ARG and requires that
- * either ARGPARSE_FLAG_RESET is used after OPTS has been changed or
- * gpgrt_argparse (NULL, ARG, NULL) is called first.  */
-int gnupg_argparse (gpgrt_stream_t fp,
-                    gnupg_argparse_t *arg, gnupg_opt_t *opts);
-int gnupg_argparser (gnupg_argparse_t *arg, gnupg_opt_t *opts,
-                     const char *confname);
-
-const char *strusage (int level);
-void set_strusage (const char *(*f)( int ));
-void gnupg_set_usage_outfnc (int (*f)(int, const char *));
-void gnupg_set_fixed_string_mapper (const char *(*f)(const char*));
-void gnupg_set_confdir (int what, const char *name);
-
-#else /* !USE_INTERNAL_ARGPARSE */
-
-#define GNUPG_CONFDIR_USER GPGRT_CONFDIR_USER
-#define GNUPG_CONFDIR_SYS  GPGRT_CONFDIR_SYS
-
-typedef gpgrt_argparse_t gnupg_argparse_t;
-typedef gpgrt_opt_t      gnupg_opt_t;
-typedef gpgrt_argparse_t ARGPARSE_ARGS;
-typedef gpgrt_opt_t      ARGPARSE_OPTS;
-
-#define gnupg_argparse(a,b,c)            gpgrt_argparse ((a),(b),(c))
-#define gnupg_argparser(a,b,c)           gpgrt_argparser ((a),(b),(c))
-#define strusage(a)                      gpgrt_strusage (a)
-#define set_strusage(a)                  gpgrt_set_strusage (a)
-#define gnupg_set_usage_outfnc(a)        gpgrt_set_usage_outfnc ((a))
-#define gnupg_set_fixed_string_mapper(a) gpgrt_set_fixed_string_mapper ((a))
-#define gnupg_set_confdir(a,b)           gpgrt_set_confdir ((a),(b))
-
-#endif /* !USE_INTERNAL_ARGPARSE */
-
-void usage (int level);
-
-#endif /*GNUPG_COMMON_ARGPARSE_H*/
diff --git a/common/asshelp.c b/common/asshelp.c
index d87017e..172c7d9 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -56,9 +56,11 @@
    operation after we started them before giving up.  */
 #ifdef HAVE_W32CE_SYSTEM
 # define SECS_TO_WAIT_FOR_AGENT 30
+# define SECS_TO_WAIT_FOR_KEYBOXD 30
 # define SECS_TO_WAIT_FOR_DIRMNGR 30
 #else
 # define SECS_TO_WAIT_FOR_AGENT 5
+# define SECS_TO_WAIT_FOR_KEYBOXD 5
 # define SECS_TO_WAIT_FOR_DIRMNGR 5
 #endif
 
@@ -93,7 +95,7 @@ my_libassuan_log_handler (assuan_context_t ctx, void *hook,
     return 0; /* Temporary disabled.  */
 
   if (msg)
-    log_string (GPGRT_LOG_DEBUG, msg);
+    log_string (GPGRT_LOGLVL_DEBUG, msg);
 
   return 1;
 }
@@ -276,6 +278,7 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name,
     (homedir,
      !strcmp (name, "agent")?   "gnupg_spawn_agent_sentinel":
      !strcmp (name, "dirmngr")? "gnupg_spawn_dirmngr_sentinel":
+     !strcmp (name, "keyboxd")? "gnupg_spawn_keyboxd_sentinel":
      /*                    */   "gnupg_spawn_unknown_sentinel",
      NULL);
   if (!fname)
@@ -307,8 +310,17 @@ unlock_spawning (lock_spawn_t *lock, const char *name)
     }
 }
 
+
+/* Helper to start a service.  SECS gives the number of seconds to
+ * wait.  SOCKNAME is the name of the socket to connect.  VERBOSE is
+ * the usual verbose flag.  CTX is the assuan context.  CONNECT_FLAGS
+ * are the assuan connect flags.  DID_SUCCESS_MSG will be set to 1 if
+ * a success messages has been printed.
+ */
 static gpg_error_t
-wait_for_sock (int secs, const char *name, const char *sockname, int verbose, assuan_context_t ctx, int *did_success_msg)
+wait_for_sock (int secs, int module_name_id, const char *sockname,
+               unsigned int connect_flags,
+               int verbose, assuan_context_t ctx, int *did_success_msg)
 {
   gpg_error_t err = 0;
   int target_us = secs * 1000000;
@@ -332,20 +344,27 @@ wait_for_sock (int secs, const char *name, const char *sockname, int verbose, as
           /*            next_sleep_us); */
           if (secsleft < lastalert)
             {
-              log_info (_("waiting for the %s to come up ... (%ds)\n"),
-                        name, secsleft);
+              log_info (module_name_id == GNUPG_MODULE_NAME_DIRMNGR?
+                        _("waiting for the dirmngr to come up ... (%ds)\n"):
+                        module_name_id == GNUPG_MODULE_NAME_KEYBOXD?
+                        _("waiting for the keyboxd to come up ... (%ds)\n"):
+                        _("waiting for the agent to come up ... (%ds)\n"),
+                        secsleft);
               lastalert = secsleft;
             }
         }
       gnupg_usleep (next_sleep_us);
       elapsed_us += next_sleep_us;
-      err = assuan_socket_connect (ctx, sockname, 0, 0);
+      err = assuan_socket_connect (ctx, sockname, 0, connect_flags);
       if (!err)
         {
           if (verbose)
             {
-              log_info (_("connection to %s established\n"),
-                        name);
+              log_info (module_name_id == GNUPG_MODULE_NAME_DIRMNGR?
+                        _("connection to the dirmngr established\n"):
+                        module_name_id == GNUPG_MODULE_NAME_KEYBOXD?
+                        _("connection to the keyboxd established\n"):
+                        _("connection to the agent established\n"));
               *did_success_msg = 1;
             }
           break;
@@ -357,25 +376,36 @@ wait_for_sock (int secs, const char *name, const char *sockname, int verbose, as
   return err;
 }
 
-/* Try to connect to the agent via socket or start it if it is not
-   running and AUTOSTART is set.  Handle the server's initial
-   greeting.  Returns a new assuan context at R_CTX or an error
-   code. */
-gpg_error_t
-start_new_gpg_agent (assuan_context_t *r_ctx,
-                     gpg_err_source_t errsource,
-                     const char *agent_program,
-                     const char *opt_lc_ctype,
-                     const char *opt_lc_messages,
-                     session_env_t session_env,
-                     int autostart, int verbose, int debug,
-                     gpg_error_t (*status_cb)(ctrl_t, int, ...),
-                     ctrl_t status_cb_arg)
+
+/* Try to connect to a new service via socket or start it if it is not
+ * running and AUTOSTART is set.  Handle the server's initial
+ * greeting.  Returns a new assuan context at R_CTX or an error code.
+ * MODULE_NAME_ID is one of:
+ *     GNUPG_MODULE_NAME_AGENT
+ *     GNUPG_MODULE_NAME_DIRMNGR
+ */
+static gpg_error_t
+start_new_service (assuan_context_t *r_ctx,
+                   int module_name_id,
+                   gpg_err_source_t errsource,
+                   const char *program_name,
+                   const char *opt_lc_ctype,
+                   const char *opt_lc_messages,
+                   session_env_t session_env,
+                   int autostart, int verbose, int debug,
+                   gpg_error_t (*status_cb)(ctrl_t, int, ...),
+                   ctrl_t status_cb_arg)
 {
   gpg_error_t err;
   assuan_context_t ctx;
   int did_success_msg = 0;
   char *sockname;
+  const char *printed_name;
+  const char *lock_name;
+  const char *status_start_line;
+  int no_service_err;
+  int seconds_to_wait;
+  unsigned int connect_flags = 0;
   const char *argv[6];
 
   *r_ctx = NULL;
@@ -387,15 +417,40 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
       return err;
     }
 
-  sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
-  if (!sockname)
+  switch (module_name_id)
     {
-      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+    case GNUPG_MODULE_NAME_AGENT:
+      sockname = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
+      lock_name = "agent";
+      printed_name = "gpg-agent";
+      status_start_line = "starting_agent ? 0 0";
+      no_service_err = GPG_ERR_NO_AGENT;
+      seconds_to_wait = SECS_TO_WAIT_FOR_AGENT;
+      break;
+    case GNUPG_MODULE_NAME_DIRMNGR:
+      sockname = make_filename (gnupg_socketdir (), DIRMNGR_SOCK_NAME, NULL);
+      lock_name = "dirmngr";
+      printed_name = "dirmngr";
+      status_start_line = "starting_dirmngr ? 0 0";
+      no_service_err = GPG_ERR_NO_DIRMNGR;
+      seconds_to_wait = SECS_TO_WAIT_FOR_DIRMNGR;
+      break;
+    case GNUPG_MODULE_NAME_KEYBOXD:
+      sockname = make_filename (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL);
+      lock_name = "keyboxd";
+      printed_name = "keyboxd";
+      status_start_line = "starting_keyboxd ? 0 0";
+      no_service_err = GPG_ERR_NO_KEYBOXD;
+      seconds_to_wait = SECS_TO_WAIT_FOR_KEYBOXD;
+      connect_flags |= ASSUAN_SOCKET_CONNECT_FDPASSING;
+      break;
+    default:
+      err = gpg_error (GPG_ERR_INV_ARG);
       assuan_release (ctx);
       return err;
     }
 
-  err = assuan_socket_connect (ctx, sockname, 0, 0);
+  err = assuan_socket_connect (ctx, sockname, 0, connect_flags);
   if (err && autostart)
     {
       char *abs_homedir;
@@ -407,12 +462,12 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
       int i;
 
       /* With no success start a new server.  */
-      if (!agent_program || !*agent_program)
-        agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
-      else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-')
+      if (!program_name || !*program_name)
+        program_name = gnupg_module_name (module_name_id);
+      else if ((s=strchr (program_name, '|')) && s[1] == '-' && s[2]=='-')
         {
           /* Hack to insert an additional option on the command line.  */
-          program = xtrystrdup (agent_program);
+          program = xtrystrdup (program_name);
           if (!program)
             {
               gpg_error_t tmperr = gpg_err_make (errsource,
@@ -427,22 +482,21 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
         }
 
       if (verbose)
-        log_info (_("no running gpg-agent - starting '%s'\n"),
-                  agent_program);
+        log_info (_("no running %s - starting '%s'\n"),
+                  printed_name, program_name);
 
       if (status_cb)
-        status_cb (status_cb_arg, STATUS_PROGRESS,
-                   "starting_agent ? 0 0", NULL);
+        status_cb (status_cb_arg, STATUS_PROGRESS, status_start_line, NULL);
 
-      /* We better pass an absolute home directory to the agent just
-         in case gpg-agent does not convert the passed name to an
-         absolute one (which it should do).  */
+      /* We better pass an absolute home directory to the service just
+       * in case the service does not convert the passed name to an
+       * absolute one (which it should do).  */
       abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
       if (!abs_homedir)
         {
           gpg_error_t tmperr = gpg_err_make (errsource,
                                              gpg_err_code_from_syserror ());
-          log_error ("error building filename: %s\n",gpg_strerror (tmperr));
+          log_error ("error building filename: %s\n", gpg_strerror (tmperr));
           xfree (sockname);
           assuan_release (ctx);
           xfree (program);
@@ -453,8 +507,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
         {
           gpg_error_t tmperr = gpg_err_make (errsource,
                                              gpg_err_code_from_syserror ());
-          log_error ("error flushing pending output: %s\n",
-                     strerror (errno));
+          log_error ("error flushing pending output: %s\n", strerror (errno));
           xfree (sockname);
           assuan_release (ctx);
           xfree (abs_homedir);
@@ -462,32 +515,42 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
           return tmperr;
         }
 
-      /* If the agent has been configured for use with a standard
-         socket, an environment variable is not required and thus
-         we can safely start the agent here.  */
       i = 0;
       argv[i++] = "--homedir";
       argv[i++] = abs_homedir;
-      argv[i++] = "--use-standard-socket";
+      if (module_name_id == GNUPG_MODULE_NAME_AGENT)
+        argv[i++] = "--use-standard-socket";
       if (program_arg)
         argv[i++] = program_arg;
       argv[i++] = "--daemon";
       argv[i++] = NULL;
 
-      if (!(err = lock_spawning (&lock, gnupg_homedir (), "agent", verbose))
-          && assuan_socket_connect (ctx, sockname, 0, 0))
+      if (!(err = lock_spawning (&lock, gnupg_homedir (), lock_name, verbose))
+          && assuan_socket_connect (ctx, sockname, 0, connect_flags))
         {
-          err = gnupg_spawn_process_detached (program? program : agent_program,
+#ifdef HAVE_W32_SYSTEM
+          err = gnupg_spawn_process_detached (program? program : program_name,
                                               argv, NULL);
+#else /*!W32*/
+          pid_t pid;
+
+          err = gnupg_spawn_process_fd (program? program : program_name,
+                                        argv, -1, -1, -1, &pid);
+          if (!err)
+            err = gnupg_wait_process (program? program : program_name,
+                                      pid, 1, NULL);
+#endif /*!W32*/
           if (err)
-            log_error ("failed to start agent '%s': %s\n",
-                       agent_program, gpg_strerror (err));
+            log_error ("failed to start %s '%s': %s\n",
+                       printed_name, program? program : program_name,
+                       gpg_strerror (err));
           else
-            err = wait_for_sock (SECS_TO_WAIT_FOR_AGENT, "agent",
-                                 sockname, verbose, ctx, &did_success_msg);
+            err = wait_for_sock (seconds_to_wait, module_name_id,
+                                 sockname, connect_flags,
+                                 verbose, ctx, &did_success_msg);
         }
 
-      unlock_spawning (&lock, "agent");
+      unlock_spawning (&lock, lock_name);
       xfree (abs_homedir);
       xfree (program);
     }
@@ -495,17 +558,21 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
   if (err)
     {
       if (autostart || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED)
-        log_error ("can't connect to the agent: %s\n", gpg_strerror (err));
+        log_error ("can't connect to the %s: %s\n",
+                   printed_name, gpg_strerror (err));
       assuan_release (ctx);
-      return gpg_err_make (errsource, GPG_ERR_NO_AGENT);
+      return gpg_err_make (errsource, no_service_err);
     }
 
   if (debug && !did_success_msg)
-    log_debug ("connection to agent established\n");
+    log_debug ("connection to the %s established\n", printed_name);
+
+  if (module_name_id == GNUPG_MODULE_NAME_AGENT)
+    err = assuan_transact (ctx, "RESET",
+                           NULL, NULL, NULL, NULL, NULL, NULL);
 
-  err = assuan_transact (ctx, "RESET",
-                         NULL, NULL, NULL, NULL, NULL, NULL);
-  if (!err)
+  if (!err
+      && module_name_id == GNUPG_MODULE_NAME_AGENT)
     {
       err = send_pinentry_environment (ctx, errsource,
                                        opt_lc_ctype, opt_lc_messages,
@@ -513,12 +580,12 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
       if (gpg_err_code (err) == GPG_ERR_FORBIDDEN
           && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT)
         {
-          /* Check whether we are in restricted mode.  */
+          /* Check whether the agent is in restricted mode.  */
           if (!assuan_transact (ctx, "GETINFO restricted",
                                 NULL, NULL, NULL, NULL, NULL, NULL))
             {
               if (verbose)
-                log_info (_("connection to agent is in restricted mode\n"));
+                log_info (_("connection to the agent is in restricted mode\n"));
               err = 0;
             }
         }
@@ -534,117 +601,64 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
 }
 
 
+/* Try to connect to the agent or start a new one.  */
+gpg_error_t
+start_new_gpg_agent (assuan_context_t *r_ctx,
+                     gpg_err_source_t errsource,
+                     const char *agent_program,
+                     const char *opt_lc_ctype,
+                     const char *opt_lc_messages,
+                     session_env_t session_env,
+                     int autostart, int verbose, int debug,
+                     gpg_error_t (*status_cb)(ctrl_t, int, ...),
+                     ctrl_t status_cb_arg)
+{
+  return start_new_service (r_ctx, GNUPG_MODULE_NAME_AGENT,
+                            errsource, agent_program,
+                            opt_lc_ctype, opt_lc_messages, session_env,
+                            autostart, verbose, debug,
+                            status_cb, status_cb_arg);
+}
+
+
 /* Try to connect to the dirmngr via a socket.  On platforms
    supporting it, start it up if needed and if AUTOSTART is true.
    Returns a new assuan context at R_CTX or an error code. */
 gpg_error_t
-start_new_dirmngr (assuan_context_t *r_ctx,
+start_new_keyboxd (assuan_context_t *r_ctx,
                    gpg_err_source_t errsource,
-                   const char *dirmngr_program,
-                   int autostart,
-                   int verbose, int debug,
+                   const char *keyboxd_program,
+                   int autostart, int verbose, int debug,
                    gpg_error_t (*status_cb)(ctrl_t, int, ...),
                    ctrl_t status_cb_arg)
 {
-  gpg_error_t err;
-  assuan_context_t ctx;
-  const char *sockname;
-  int did_success_msg = 0;
-
-  *r_ctx = NULL;
-
-  err = assuan_new (&ctx);
-  if (err)
-    {
-      log_error ("error allocating assuan context: %s\n", gpg_strerror (err));
-      return err;
-    }
-
-  sockname = dirmngr_socket_name ();
-  err = assuan_socket_connect (ctx, sockname, 0, 0);
-
-#ifdef USE_DIRMNGR_AUTO_START
-  if (err && autostart)
-    {
-      lock_spawn_t lock;
-      const char *argv[4];
-      char *abs_homedir;
-
-      /* No connection: Try start a new Dirmngr.  */
-      if (!dirmngr_program || !*dirmngr_program)
-        dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
-
-      if (verbose)
-        log_info (_("no running Dirmngr - starting '%s'\n"),
-                  dirmngr_program);
-
-      if (status_cb)
-        status_cb (status_cb_arg, STATUS_PROGRESS,
-                   "starting_dirmngr ? 0 0", NULL);
-
-      abs_homedir = make_absfilename (gnupg_homedir (), NULL);
-      if (!abs_homedir)
-        {
-          gpg_error_t tmperr = gpg_err_make (errsource,
-                                             gpg_err_code_from_syserror ());
-          log_error ("error building filename: %s\n",gpg_strerror (tmperr));
-          assuan_release (ctx);
-          return tmperr;
-        }
-
-      if (fflush (NULL))
-        {
-          gpg_error_t tmperr = gpg_err_make (errsource,
-                                             gpg_err_code_from_syserror ());
-          log_error ("error flushing pending output: %s\n",
-                     strerror (errno));
-          assuan_release (ctx);
-          return tmperr;
-        }
-
-      argv[0] = "--daemon";
-      /* Try starting the daemon.  Versions of dirmngr < 2.1.15 do
-       * this only if the home directory is given on the command line.  */
-      argv[1] = "--homedir";
-      argv[2] = abs_homedir;
-      argv[3] = NULL;
-
-      if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose))
-          && assuan_socket_connect (ctx, sockname, 0, 0))
-        {
-          err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL);
-          if (err)
-            log_error ("failed to start the dirmngr '%s': %s\n",
-                       dirmngr_program, gpg_strerror (err));
-          else
-            err = wait_for_sock (SECS_TO_WAIT_FOR_DIRMNGR, "dirmngr",
-                                 sockname, verbose, ctx, &did_success_msg);
-        }
-
-      unlock_spawning (&lock, "dirmngr");
-      xfree (abs_homedir);
-    }
-#else
-  (void)dirmngr_program;
-  (void)verbose;
-  (void)status_cb;
-  (void)status_cb_arg;
-#endif /*USE_DIRMNGR_AUTO_START*/
-
-  if (err)
-    {
-      if (autostart || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED)
-        log_error ("connecting dirmngr at '%s' failed: %s\n",
-                   sockname, gpg_strerror (err));
-      assuan_release (ctx);
-      return gpg_err_make (errsource, GPG_ERR_NO_DIRMNGR);
-    }
+  return start_new_service (r_ctx, GNUPG_MODULE_NAME_KEYBOXD,
+                            errsource, keyboxd_program,
+                            NULL, NULL, NULL,
+                            autostart, verbose, debug,
+                            status_cb, status_cb_arg);
+}
 
-  if (debug && !did_success_msg)
-    log_debug ("connection to the dirmngr established\n");
 
-  *r_ctx = ctx;
-  return 0;
+/* Try to connect to the dirmngr via a socket.  On platforms
+   supporting it, start it up if needed and if AUTOSTART is true.
+   Returns a new assuan context at R_CTX or an error code. */
+gpg_error_t
+start_new_dirmngr (assuan_context_t *r_ctx,
+                   gpg_err_source_t errsource,
+                   const char *dirmngr_program,
+                   int autostart, int verbose, int debug,
+                   gpg_error_t (*status_cb)(ctrl_t, int, ...),
+                   ctrl_t status_cb_arg)
+{
+#ifndef USE_DIRMNGR_AUTO_START
+  autostart = 0;
+#endif
+  return start_new_service (r_ctx, GNUPG_MODULE_NAME_DIRMNGR,
+                            errsource, dirmngr_program,
+                            NULL, NULL, NULL,
+                            autostart, verbose, debug,
+                            status_cb, status_cb_arg);
 }
 
 
@@ -683,3 +697,57 @@ get_assuan_server_version (assuan_context_t ctx, int mode, char **r_version)
     }
   return err;
 }
+
+
+/* Print a warning if the server's version number is less than our
+ * version number.  Returns an error code on a connection problem.
+ * CTX is the Assuan context, SERVERNAME is the name of teh server,
+ * STATUS_FUNC and STATUS_FUNC_DATA is a callback to emit status
+ * messages.  If PRINT_HINTS is set additional hints are printed.  For
+ * MODE see get_assuan_server_version.  */
+gpg_error_t
+warn_server_version_mismatch (assuan_context_t ctx,
+                              const char *servername, int mode,
+                              gpg_error_t (*status_func)(ctrl_t ctrl,
+                                                         int status_no,
+                                                         ...),
+                              void *status_func_ctrl,
+                              int print_hints)
+{
+  gpg_error_t err;
+  char *serverversion;
+  const char *myversion = gpgrt_strusage (13);
+
+  err = get_assuan_server_version (ctx, mode, &serverversion);
+  if (err)
+    log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
+             GPGRT_LOGLVL_INFO : GPGRT_LOGLVL_ERROR,
+             _("error getting version from '%s': %s\n"),
+             servername, gpg_strerror (err));
+  else if (compare_version_strings (serverversion, myversion) < 0)
+    {
+      char *warn;
+
+      warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
+                           servername, serverversion, myversion);
+      if (!warn)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          log_info (_("WARNING: %s\n"), warn);
+          if (print_hints)
+            {
+              log_info (_("Note: Outdated servers may lack important"
+                          " security fixes.\n"));
+              log_info (_("Note: Use the command \"%s\" to restart them.\n"),
+                        "gpgconf --kill all");
+            }
+          if (status_func)
+            status_func (status_func_ctrl, STATUS_WARNING,
+                         "server_version_mismatch 0", warn, NULL);
+          xfree (warn);
+        }
+    }
+  xfree (serverversion);
+  return err;
+}
diff --git a/common/asshelp.h b/common/asshelp.h
index bf1bd17..e7e43bd 100644
--- a/common/asshelp.h
+++ b/common/asshelp.h
@@ -65,6 +65,16 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
                      gpg_error_t (*status_cb)(ctrl_t, int, ...),
                      ctrl_t status_cb_arg);
 
+/* This function is used to connect to the keyboxd.  If needed the
+ * keyboxd is started.  */
+gpg_error_t
+start_new_keyboxd (assuan_context_t *r_ctx,
+                   gpg_err_source_t errsource,
+                   const char *keyboxd_program,
+                   int autostart, int verbose, int debug,
+                   gpg_error_t (*status_cb)(ctrl_t, int, ...),
+                   ctrl_t status_cb_arg);
+
 /* This function is used to connect to the dirmngr.  On some platforms
    the function is able starts a dirmngr process if needed.  */
 gpg_error_t
@@ -79,11 +89,29 @@ start_new_dirmngr (assuan_context_t *r_ctx,
 gpg_error_t get_assuan_server_version (assuan_context_t ctx,
                                        int mode, char **r_version);
 
+/* Print a server version mismatch warning.  */
+gpg_error_t warn_server_version_mismatch (assuan_context_t ctx,
+                                          const char *servername, int mode,
+                                          gpg_error_t (*status_fnc)
+                                                           (ctrl_t ctrl,
+                                                            int status_id,
+                                                            ...),
+                                          void *status_func_ctrl,
+                                          int print_hints);
+
 
 /*-- asshelp2.c --*/
 
+void set_assuan_context_func (assuan_context_t (*func)(ctrl_t ctrl));
+
 /* Helper function to print an assuan status line using a printf
    format string.  */
+
+gpg_error_t status_printf (ctrl_t ctrl, const char *keyword, const char *format,
+                           ...) GPGRT_ATTR_PRINTF(3,4);
+gpg_error_t status_no_printf (ctrl_t ctrl, int no, const char *format,
+                           ...) GPGRT_ATTR_PRINTF(3,4);
+
 gpg_error_t print_assuan_status (assuan_context_t ctx,
                                  const char *keyword,
                                  const char *format,
diff --git a/common/asshelp2.c b/common/asshelp2.c
index 0a7c454..4aad8a2 100644
--- a/common/asshelp2.c
+++ b/common/asshelp2.c
@@ -36,6 +36,24 @@
 
 #include "util.h"
 #include "asshelp.h"
+#include "status.h"
+
+
+/* A variable with a function to be used to return the current assuan
+ * context for a CTRL variable.  This needs to be set using the
+ * set_assuan_ctx_func function.  */
+static assuan_context_t (*the_assuan_ctx_func)(ctrl_t ctrl);
+
+
+/* Set FUNC to be used as a mapping function from CTRL to an assuan
+ * context.  Pass NULL for FUNC to disable the use of the assuan
+ * context in this module.  */
+void
+set_assuan_context_func (assuan_context_t (*func)(ctrl_t ctrl))
+{
+  the_assuan_ctx_func = func;
+}
+
 
 /* Helper function to print an assuan status line using a printf
    format string.  */
@@ -134,3 +152,41 @@ print_assuan_status_strings (assuan_context_t ctx, const char *keyword, ...)
   va_end (arg_ptr);
   return err;
 }
+
+
+/* This function is similar to print_assuan_status but takes a CTRL
+ * arg instead of an assuan context as first argument.  */
+gpg_error_t
+status_printf (ctrl_t ctrl, const char *keyword, const char *format, ...)
+{
+  gpg_error_t err;
+  va_list arg_ptr;
+  assuan_context_t ctx;
+
+  if (!ctrl || !the_assuan_ctx_func || !(ctx = the_assuan_ctx_func (ctrl)))
+    return 0;
+
+  va_start (arg_ptr, format);
+  err = vprint_assuan_status (ctx, keyword, format, arg_ptr);
+  va_end (arg_ptr);
+  return err;
+}
+
+
+/* Same as status_printf but takes a status number instead of a
+ * keyword.  */
+gpg_error_t
+status_no_printf (ctrl_t ctrl, int no, const char *format, ...)
+{
+  gpg_error_t err;
+  va_list arg_ptr;
+  assuan_context_t ctx;
+
+  if (!ctrl || !the_assuan_ctx_func || !(ctx = the_assuan_ctx_func (ctrl)))
+    return 0;
+
+  va_start (arg_ptr, format);
+  err = vprint_assuan_status (ctx, get_status_string (no), format, arg_ptr);
+  va_end (arg_ptr);
+  return err;
+}
diff --git a/common/audit.c b/common/audit.c
index 718f729..803523c 100644
--- a/common/audit.c
+++ b/common/audit.c
@@ -80,7 +80,7 @@ static void writeout_rem (audit_ctx_t ctx,
 
 
 /* Add NAME to the list of help tags.  NAME needs to be a const string
-   an this function merly stores this pointer.  */
+   an this function merely stores this pointer.  */
 static void
 add_helptag (audit_ctx_t ctx, const char *name)
 {
diff --git a/common/audit.h b/common/audit.h
index 4ef2645..05f3953 100644
--- a/common/audit.h
+++ b/common/audit.h
@@ -185,7 +185,7 @@ typedef enum
        if no real recipient has been given.  */
 
     AUDIT_SESSION_KEY,     /* string */
-    /* Mark the creation or availibility of the session key.  The
+    /* Mark the creation or availability of the session key.  The
        parameter is the algorithm ID.  */
 
     AUDIT_ENCRYPTED_TO,   /* cert, err */
diff --git a/common/common-defs.h b/common/common-defs.h
index b1928e6..cad5405 100644
--- a/common/common-defs.h
+++ b/common/common-defs.h
@@ -47,7 +47,8 @@ void tty_private_set_rl_hooks (void (*init_stream) (FILE *),
                                void (*inhibit_completion) (int),
                                void (*cleanup_after_signal) (void),
                                char *(*readline_fun) (const char*),
-                               void (*add_history_fun) (const char*));
+                               void (*add_history_fun) (const char*),
+                               int (*rw_history_fun)(const char *, int, int));
 
 
 
diff --git a/common/compliance.c b/common/compliance.c
index eaecee7..217ed09 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -40,10 +40,6 @@
 static int initialized;
 static int module;
 
-/* This value is used by DSA and RSA checks in addition to the hard
- * coded length checks.  It allows to increase the required key length
- * using a confue file.  */
-static unsigned int min_compliant_rsa_length;
 
 /* Return the address of a compliance cache variable for COMPLIANCE.
  * If no such variable exists NULL is returned.  FOR_RNG returns the
@@ -54,7 +50,6 @@ get_compliance_cache (enum gnupg_compliance_mode compliance, int for_rng)
   static int r_gnupg   = -1, s_gnupg   = -1;
   static int r_rfc4880 = -1, s_rfc4880 = -1;
   static int r_rfc2440 = -1, s_rfc2440 = -1;
-  static int r_pgp6    = -1, s_pgp6    = -1;
   static int r_pgp7    = -1, s_pgp7    = -1;
   static int r_pgp8    = -1, s_pgp8    = -1;
   static int r_de_vs   = -1, s_de_vs   = -1;
@@ -66,7 +61,6 @@ get_compliance_cache (enum gnupg_compliance_mode compliance, int for_rng)
     case CO_GNUPG:   ptr = for_rng? &r_gnupg   : &s_gnupg  ; break;
     case CO_RFC4880: ptr = for_rng? &r_rfc4880 : &s_rfc4880; break;
     case CO_RFC2440: ptr = for_rng? &r_rfc2440 : &s_rfc2440; break;
-    case CO_PGP6:    ptr = for_rng? &r_pgp6    : &s_pgp6   ; break;
     case CO_PGP7:    ptr = for_rng? &r_pgp7    : &s_pgp7   ; break;
     case CO_PGP8:    ptr = for_rng? &r_pgp8    : &s_pgp8   ; break;
     case CO_DE_VS:   ptr = for_rng? &r_de_vs   : &s_de_vs  ; break;
@@ -182,10 +176,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
           break;
 
         case is_rsa:
-          result = ((keylength == 2048
-                     || keylength == 3072
-                     || keylength == 4096)
-                    && keylength >= min_compliant_rsa_length);
+          result = (keylength == 2048
+                    || keylength == 3072
+                    || keylength == 4096);
           /* Although rsaPSS was not part of the original evaluation
            * we got word that we can claim compliance.  */
           (void)algo_flags;
@@ -197,8 +190,7 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
 	      size_t P = gcry_mpi_get_nbits (key[0]);
 	      size_t Q = gcry_mpi_get_nbits (key[1]);
 	      result = (Q == 256
-			&& (P == 2048 || P == 3072)
-                        && P >= min_compliant_rsa_length);
+			&& (P == 2048 || P == 3072));
 	    }
 	  break;
 
@@ -264,10 +256,9 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
               break;
 	    case PK_USE_ENCRYPTION:
 	    case PK_USE_SIGNING:
-	      result = ((keylength == 2048
-                         || keylength == 3072
-                         || keylength == 4096)
-                        && keylength >= min_compliant_rsa_length);
+	      result = (keylength == 2048
+                        || keylength == 3072
+                        || keylength == 4096);
               break;
 	    default:
 	      log_assert (!"reached");
@@ -282,9 +273,7 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 	    {
 	      size_t P = gcry_mpi_get_nbits (key[0]);
 	      size_t Q = gcry_mpi_get_nbits (key[1]);
-	      result = (Q == 256
-                        && (P == 2048 || P == 3072)
-                        && keylength >= min_compliant_rsa_length);
+	      result = (Q == 256 && (P == 2048 || P == 3072));
             }
           break;
 
@@ -427,8 +416,7 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
                       || mode == GCRY_CIPHER_MODE_CFB);
 	    case GNUPG_MODULE_NAME_GPGSM:
 	      return (mode == GCRY_CIPHER_MODE_NONE
-                      || mode == GCRY_CIPHER_MODE_CBC
-                      || (mode == GCRY_CIPHER_MODE_GCM && !producer));
+                      || mode == GCRY_CIPHER_MODE_CBC);
 	    }
 	  log_assert (!"reached");
 
@@ -550,7 +538,7 @@ gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance)
       if (res == 1)
         {
           char *buf;
-          char *fields[5];
+          const char *fields[5];
 
           buf = gcry_get_config (0, "rng-type");
           if (buf
@@ -599,7 +587,7 @@ gnupg_gcrypt_is_compliant (enum gnupg_compliance_mode compliance)
           /* Libgcrypt might be nice enough to tell us whether it is
            * compliant.  */
           char *buf;
-          char *fields[3];
+          const char *fields[3];
 
           buf = gcry_get_config (0, "compliance");
           if (buf
@@ -632,7 +620,6 @@ gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance)
       return "8";
     case CO_RFC4880:
     case CO_RFC2440:
-    case CO_PGP6:
     case CO_PGP7:
     case CO_PGP8:
       log_assert (!"no status code assigned for this compliance mode");
@@ -684,7 +671,6 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
     case CO_GNUPG:   return "--compliance=gnupg";
     case CO_RFC4880: return "--compliance=openpgp";
     case CO_RFC2440: return "--compliance=rfc2440";
-    case CO_PGP6:    return "--compliance=pgp6";
     case CO_PGP7:    return "--compliance=pgp7";
     case CO_PGP8:    return "--compliance=pgp8";
     case CO_DE_VS:   return "--compliance=de-vs";
@@ -692,11 +678,3 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
 
   log_assert (!"invalid compliance mode");
 }
-
-
-/* Set additional infos for example taken from config files at startup.  */
-void
-gnupg_set_compliance_extra_info (unsigned int min_rsa)
-{
-  min_compliant_rsa_length = min_rsa;
-}
diff --git a/common/compliance.h b/common/compliance.h
index e29ff4e..2f70392 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -39,7 +39,7 @@ void gnupg_initialize_compliance (int gnupg_module_name);
 enum gnupg_compliance_mode
   {
     CO_GNUPG, CO_RFC4880, CO_RFC2440,
-    CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
+    CO_PGP7, CO_PGP8, CO_DE_VS
   };
 
 enum pk_use_case
@@ -91,7 +91,5 @@ int gnupg_parse_compliance_option (const char *string,
 const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
                                             compliance);
 
-void gnupg_set_compliance_extra_info (unsigned int min_rsa);
-
 
 #endif /*GNUPG_COMMON_COMPLIANCE_H*/
diff --git a/common/convert.c b/common/convert.c
index ee2f117..1efacce 100644
--- a/common/convert.c
+++ b/common/convert.c
@@ -43,8 +43,7 @@
    LENGTH bytes.  The function checks that the STRING will convert
    exactly to LENGTH bytes. The string is delimited by either end of
    string or a white space character.  The function returns -1 on
-   error or the length of the parsed string.  In-place conversion is
-   allowed but the Source string might be garbled on error.  */
+   error or the length of the parsed string.  */
 int
 hex2bin (const char *string, void *buffer, size_t length)
 {
@@ -178,7 +177,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf)
    string or a white space character.  The function makes sure that
    the resulting string in BUFFER is terminated by a Nul byte.  Note
    that the returned string may include embedded Nul bytes; the extra
-   Nul byte at the end is used to make sure tha the result can always
+   Nul byte at the end is used to make sure that the result can always
    be used as a C-string.
 
    BUFSIZE is the available length of BUFFER; if the converted result
@@ -192,8 +191,8 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf)
    HEXSTRING.
 
    On success the function returns a pointer to the next character
-   after HEXSTRING (which is either end-of-string or a the next white
-   space).  If BUFLEN is not NULL the number of valid vytes in BUFFER
+   after HEXSTRING (which is either end-of-string or the next white
+   space).  If BUFLEN is not NULL the number of valid bytes in BUFFER
    is stored there (an extra Nul byte is not counted); this will even
    be done if BUFFER has been passed as NULL. */
 const char *
@@ -265,3 +264,34 @@ hex2str_alloc (const char *hexstring, size_t *r_count)
     BUG ();
   return result;
 }
+
+
+
+/* Take the hex-encoded string HEXSTR and put it into the provided
+ * BUFFER in binary format.  The length of the buffer is BUFEFR_SIZE
+ * and the expected size of the hex-string (sans leading and trailing
+ * spaces) is 2*BUFFER_SIZE.  Returns the actual scanned length of
+ * HEXSTR including any leading and trailing spaces on success or 0 on
+ * error.  The HEXSTR must be terminated by a Space or a Nul and may
+ * have leading spaces.  */
+unsigned int
+hex2fixedbuf (const char *hexstr, void *buffer_arg, size_t buffer_size)
+{
+  unsigned char *buffer = buffer_arg;
+  const char *s;
+  unsigned int leading_spaces, n;
+
+  for (leading_spaces = 0; *hexstr && *hexstr == ' '; hexstr++)
+    leading_spaces++;
+
+  for (s=hexstr, n=0; hexdigitp (s); s++, n++)
+    ;
+  if ((*s && *s != ' ') || !(n == 2*buffer_size))
+    return 0; /* Invalid or wrong length. */
+  for (s=hexstr, n=0; *s && n < buffer_size; s += 2, n++)
+    buffer[n] = xtoi_2 (s);
+  while (*s && *s == ' ')
+    s++;
+
+  return leading_spaces + (s - hexstr);
+}
diff --git a/common/dotlock.c b/common/dotlock.c
index 772bda3..cd8e950 100644
--- a/common/dotlock.c
+++ b/common/dotlock.c
@@ -526,7 +526,7 @@ maybe_deadlock (dotlock_t h)
    has been created on the same node. */
 #ifdef HAVE_POSIX_SYSTEM
 static int
-read_lockfile (dotlock_t h, int *same_node, int *r_fd)
+read_lockfile (dotlock_t h, int *same_node )
 {
   char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node
                                    names are usually shorter. */
@@ -579,11 +579,7 @@ read_lockfile (dotlock_t h, int *same_node, int *r_fd)
       nread += res;
     }
   while (res && nread != expected_len);
-
-  if (r_fd)
-    *r_fd = fd;
-  else
-    close(fd);
+  close(fd);
 
   if (nread < 11)
     {
@@ -1016,14 +1012,6 @@ dotlock_destroy (dotlock_t h)
 }
 
 
-/* Return true if H has been taken.  */
-int
-dotlock_is_locked (dotlock_t h)
-{
-  return h && !!h->locked;
-}
-
-
 
 #ifdef HAVE_POSIX_SYSTEM
 /* Unix specific code of make_dotlock.  Returns 0 on success and -1 on
@@ -1039,12 +1027,13 @@ dotlock_take_unix (dotlock_t h, long timeout)
   const char *maybe_dead="";
   int same_node;
   int saveerrno;
-  int fd;
 
  again:
   if (h->use_o_excl)
     {
       /* No hardlink support - use open(O_EXCL).  */
+      int fd;
+
       do
         {
           my_set_errno (0);
@@ -1114,7 +1103,7 @@ dotlock_take_unix (dotlock_t h, long timeout)
     }
 
   /* Check for stale lock files.  */
-  if ( (pid = read_lockfile (h, &same_node, &fd)) == -1 )
+  if ( (pid = read_lockfile (h, &same_node)) == -1 )
     {
       if ( errno != ENOENT )
         {
@@ -1126,56 +1115,22 @@ dotlock_take_unix (dotlock_t h, long timeout)
       my_info_0 ("lockfile disappeared\n");
       goto again;
     }
-  else if ( (pid == getpid() && same_node)
-            || (same_node && kill (pid, 0) && errno == ESRCH) )
-    /* Stale lockfile is detected. */
+  else if ( pid == getpid() && same_node )
     {
-      struct stat sb;
-
-      /* Check if it's unlocked during examining the lockfile.  */
-      if (fstat (fd, &sb) || sb.st_nlink == 0)
-        {
-          /* It's gone already by another process.  */
-          close (fd);
-          goto again;
-        }
-
-      /*
-       * Here, although it's quite _rare_, we have a race condition.
-       *
-       * When multiple processes race on a stale lockfile, detecting
-       * AND removing should be done atomically.  That is, to work
-       * correctly, the file to be removed should be the one which is
-       * examined for detection.
-       *
-       * But, when it's not atomic, consider the case for us where it
-       * takes some time between the detection and the removal of the
-       * lockfile.
-       *
-       * In this situation, it is possible that the file which was
-       * detected as stale is already removed by another process and
-       * then new lockfile is created (by that process or other one).
-       *
-       * And it is newly created valid lockfile which is going to be
-       * removed by us.
-       *
-       * Consider this long comment as it expresses possible (long)
-       * time between fstat above and unlink below; Meanwhile, the
-       * lockfile in question may be removed and there may be new
-       * valid one.
-       *
-       * In short, when you see the message of removing stale lockfile
-       * when there are multiple processes for the work, there is
-       * (very) little possibility something went wrong.
-       */
-
-      unlink (h->lockname);
+      my_info_0 ("Oops: lock already held by us\n");
+      h->locked = 1;
+      return 0; /* okay */
+    }
+  else if ( same_node && kill (pid, 0) && errno == ESRCH )
+    {
+      /* Note: It is unlikely that we get a race here unless a pid is
+         reused too fast or a new process with the same pid as the one
+         of the stale file tries to lock right at the same time as we.  */
       my_info_1 (_("removing stale lockfile (created by %d)\n"), pid);
-      close (fd);
+      unlink (h->lockname);
       goto again;
     }
 
-  close (fd);
   if (lastpid == -1)
     lastpid = pid;
   ownerchanged = (pid != lastpid);
@@ -1295,14 +1250,11 @@ dotlock_take (dotlock_t h, long timeout)
   int ret;
 
   if ( h->disable )
-    {
-      h->locked = 1;
-      return 0; /* Locks are completely disabled.  Return success. */
-    }
+    return 0; /* Locks are completely disabled.  Return success. */
 
   if ( h->locked )
     {
-      /* my_debug_1 ("'%s' is already locked (%s)\n", h->lockname); */
+      my_debug_1 ("Oops, '%s' is already locked\n", h->lockname);
       return 0;
     }
 
@@ -1325,7 +1277,7 @@ dotlock_release_unix (dotlock_t h)
   int pid, same_node;
   int saveerrno;
 
-  pid = read_lockfile (h, &same_node, NULL);
+  pid = read_lockfile (h, &same_node);
   if ( pid == -1 )
     {
       saveerrno = errno;
@@ -1394,14 +1346,11 @@ dotlock_release (dotlock_t h)
     return 0;
 
   if ( h->disable )
-    {
-      h->locked = 0;
-      return 0;
-    }
+    return 0;
 
   if ( !h->locked )
     {
-      /* my_debug_1 ("Oops, '%s' is not locked (%s)\n", h->lockname); */
+      my_debug_1 ("Oops, '%s' is not locked\n", h->lockname);
       return 0;
     }
 
diff --git a/common/dotlock.h b/common/dotlock.h
index 9869739..03131bb 100644
--- a/common/dotlock.h
+++ b/common/dotlock.h
@@ -102,7 +102,6 @@ dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags);
 void dotlock_set_fd (dotlock_t h, int fd);
 int  dotlock_get_fd (dotlock_t h);
 void dotlock_destroy (dotlock_t h);
-int dotlock_is_locked (dotlock_t h);
 int dotlock_take (dotlock_t h, long timeout);
 int dotlock_release (dotlock_t h);
 void dotlock_remove_lockfiles (void);
diff --git a/common/dynload.h b/common/dynload.h
index f1dc3f0..54a47b2 100644
--- a/common/dynload.h
+++ b/common/dynload.h
@@ -34,9 +34,6 @@
 #ifndef __MINGW32__
 # include <dlfcn.h>
 #else
-# ifdef HAVE_WINSOCK2_H
-#  include <winsock2.h>  /* needs to be included before windows.h */
-# endif
 # include <windows.h>
 # include "utf8conv.h"
 # include "mischelp.h"
diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
index e9cb7ed..b144108 100644
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@@ -1,6 +1,6 @@
 /* exechelp.c - Fork and exec helpers for POSIX
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -26,6 +26,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
  */
 
 #include <config.h>
@@ -276,21 +277,16 @@ get_all_open_fds (void)
 static void
 do_exec (const char *pgmname, const char *argv[],
          int fd_in, int fd_out, int fd_err,
-         int *except, void (*preexec)(void), unsigned int flags)
+         int *except, void (*preexec)(void) )
 {
   char **arg_list;
   int i, j;
   int fds[3];
-  int nodevnull[3];
 
   fds[0] = fd_in;
   fds[1] = fd_out;
   fds[2] = fd_err;
 
-  nodevnull[0] = !!(flags & GNUPG_SPAWN_KEEP_STDIN);
-  nodevnull[1] = !!(flags & GNUPG_SPAWN_KEEP_STDOUT);
-  nodevnull[2] = !!(flags & GNUPG_SPAWN_KEEP_STDERR);
-
   /* Create the command line argument array.  */
   i = 0;
   if (argv)
@@ -309,9 +305,7 @@ do_exec (const char *pgmname, const char *argv[],
   /* Assign /dev/null to unused FDs. */
   for (i=0; i <= 2; i++)
     {
-      if (nodevnull[i])
-        continue;
-      if (fds[i] == -1)
+      if (fds[i] == -1 )
         {
           fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY);
           if (fds[i] == -1)
@@ -323,8 +317,6 @@ do_exec (const char *pgmname, const char *argv[],
   /* Connect the standard files.  */
   for (i=0; i <= 2; i++)
     {
-      if (nodevnull[i])
-        continue;
       if (fds[i] != i && dup2 (fds[i], i) == -1)
         log_fatal ("dup2 std%s failed: %s\n",
                    i==0?"in":i==1?"out":"err", strerror (errno));
@@ -424,6 +416,15 @@ gnupg_create_pipe (int filedes[2])
 }
 
 
+/* Close the end of a pipe.  */
+void
+gnupg_close_pipe (int fd)
+{
+  if (fd != -1)
+    close (fd);
+}
+
+
 /* Fork and exec the PGMNAME, see exechelp.h for details.  */
 gpg_error_t
 gnupg_spawn_process (const char *pgmname, const char *argv[],
@@ -534,7 +535,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
       es_fclose (outfp);
       es_fclose (errfp);
       do_exec (pgmname, argv, inpipe[0], outpipe[1], errpipe[1],
-               except, preexec, flags);
+               except, preexec);
       /*NOTREACHED*/
     }
 
@@ -584,7 +585,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
     {
       gcry_control (GCRYCTL_TERM_SECMEM);
       /* Run child. */
-      do_exec (pgmname, argv, infd, outfd, errfd, NULL, NULL, 0);
+      do_exec (pgmname, argv, infd, outfd, errfd, NULL, NULL);
       /*NOTREACHED*/
     }
 
@@ -731,13 +732,8 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
     {
       int status = -1;
 
-      /* Skip invalid PID.  */
       if (pids[i] == (pid_t)(-1))
-        {
-          r_exitcodes[i] = -1;
-          left -= 1;
-          continue;
-        }
+        return my_error (GPG_ERR_INV_VALUE);
 
       /* See if there was a previously stored result for this pid.  */
       if (get_result (pids[i], &status))
@@ -883,7 +879,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
         for (i=0; envp[i]; i++)
           putenv (xstrdup (envp[i]));
 
-      do_exec (pgmname, argv, -1, -1, -1, NULL, NULL, 0);
+      do_exec (pgmname, argv, -1, -1, -1, NULL, NULL);
 
       /*NOTREACHED*/
     }
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 00cf3fc..0988b90 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -1,6 +1,6 @@
 /* exechelp-w32.c - Fork and exec helpers for W32.
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -26,6 +26,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
  */
 
 #include <config.h>
@@ -396,6 +397,15 @@ gnupg_create_pipe (int filedes[2])
 }
 
 
+/* Close the end of a pipe.  */
+void
+gnupg_close_pipe (int fd)
+{
+  if (fd != -1)
+    close (fd);
+}
+
+
 /* Fork and exec the PGMNAME, see exechelp.h for details.  */
 gpg_error_t
 gnupg_spawn_process (const char *pgmname, const char *argv[],
@@ -544,14 +554,11 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
     return err;
 
   if (inpipe[0] == INVALID_HANDLE_VALUE)
-    nullhd[0] = ((flags & GNUPG_SPAWN_KEEP_STDIN)?
-                 GetStdHandle (STD_INPUT_HANDLE) : w32_open_null (0));
+    nullhd[0] = w32_open_null (0);
   if (outpipe[1] == INVALID_HANDLE_VALUE)
-    nullhd[1] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)?
-                 GetStdHandle (STD_OUTPUT_HANDLE) : w32_open_null (1));
+    nullhd[1] = w32_open_null (1);
   if (errpipe[1] == INVALID_HANDLE_VALUE)
-    nullhd[2] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)?
-                 GetStdHandle (STD_ERROR_HANDLE) : w32_open_null (1));
+    nullhd[2] = w32_open_null (1);
 
   /* Start the process.  Note that we can't run the PREEXEC function
      because this might change our own environment. */
@@ -896,14 +903,10 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
   BOOL in_job = FALSE;
   gpg_err_code_t ec;
   int rc;
-  int jobdebug;
 
   /* We don't use ENVP.  */
   (void)envp;
 
-  cmdline = getenv ("GNUPG_EXEC_DEBUG_FLAGS");
-  jobdebug = (cmdline && (atoi (cmdline) & 1));
-
   if ((ec = gnupg_access (pgmname, X_OK)))
     return gpg_err_make (default_errsource, ec);
 
@@ -952,32 +955,24 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
       else if ((info.BasicLimitInformation.LimitFlags &
                 JOB_OBJECT_LIMIT_BREAKAWAY_OK))
         {
-          if (jobdebug)
-            log_debug ("Using CREATE_BREAKAWAY_FROM_JOB flag\n");
+          log_debug ("Using CREATE_BREAKAWAY_FROM_JOB flag\n");
           cr_flags |= CREATE_BREAKAWAY_FROM_JOB;
         }
       else if ((info.BasicLimitInformation.LimitFlags &
                 JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK))
         {
           /* The child process should automatically detach from the job. */
-          if (jobdebug)
-            log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag; "
-                       "JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK is set\n");
+          log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag; "
+                     "JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK is set\n");
         }
       else
         {
           /* It seems that the child process must remain in the job.
            * This is not necessarily an error, although it can cause premature
            * termination of the child process when the job is closed. */
-          if (jobdebug)
-            log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag\n");
+          log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag\n");
         }
     }
-  else
-    {
-      if (jobdebug)
-        log_debug ("Process is not in a Job\n");
-    }
 
   /*   log_debug ("CreateProcess(detached), path='%s' cmdline='%s'\n", */
   /*              pgmname, cmdline); */
diff --git a/common/exechelp-w32ce.c b/common/exechelp-w32ce.c
index ec9f014..3d68a01 100644
--- a/common/exechelp-w32ce.c
+++ b/common/exechelp-w32ce.c
@@ -1,6 +1,6 @@
 /* exechelp-w32.c - Fork and exec helpers for W32CE.
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2010-2012, 2014-2016 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -26,6 +26,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
  */
 
 #include <config.h>
diff --git a/common/exechelp.h b/common/exechelp.h
index 1240fde..d50e378 100644
--- a/common/exechelp.h
+++ b/common/exechelp.h
@@ -1,5 +1,6 @@
 /* exechelp.h - Definitions for the fork and exec helpers
  * Copyright (C) 2004, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -25,6 +26,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
  */
 
 #ifndef GNUPG_COMMON_EXECHELP_H
@@ -67,13 +69,14 @@ gpg_error_t gnupg_create_outbound_pipe (int filedes[2],
    inheritable.  */
 gpg_error_t gnupg_create_pipe (int filedes[2]);
 
+/* Close the end of a pipe.  */
+void gnupg_close_pipe (int fd);
+
 
 #define GNUPG_SPAWN_NONBLOCK   16
 #define GNUPG_SPAWN_RUN_ASFW   64
 #define GNUPG_SPAWN_DETACHED  128
-#define GNUPG_SPAWN_KEEP_STDIN   256
-#define GNUPG_SPAWN_KEEP_STDOUT  512
-#define GNUPG_SPAWN_KEEP_STDERR 1024
+
 
 /* Fork and exec the program PGMNAME.
 
@@ -119,12 +122,6 @@ gpg_error_t gnupg_create_pipe (int filedes[2]);
           the child.  Note that due to unknown problems this actually
           allows SetForegroundWindow for all children of this process.
 
-   GNUPG_SPAWN_KEEP_STDIN
-   GNUPG_SPAWN_KEEP_STDOUT
-   GNUPG_SPAWN_KEEP_STDERR
-          Do not assign /dev/null to a non-required standard file
-          descriptor.
-
  */
 gpg_error_t
 gnupg_spawn_process (const char *pgmname, const char *argv[],
diff --git a/common/exectool.c b/common/exectool.c
index 3458de4..8013ba1 100644
--- a/common/exectool.c
+++ b/common/exectool.c
@@ -53,6 +53,7 @@ typedef struct
   exec_tool_status_cb_t status_cb;
   void *status_cb_value;
   int cont;
+  int quiet;
   size_t used;
   size_t buffer_size;
   char *buffer;
@@ -110,6 +111,8 @@ read_and_log_stderr (read_and_log_buffer_t *state, es_poll_t *fderr)
               state->status_cb (state->status_cb_value,
                                 state->buffer + 9, rest);
             }
+          else if (state->quiet)
+            ;
           else if (!state->cont
               && !strncmp (state->buffer, pname, len)
               && strlen (state->buffer) > strlen (pname)
@@ -302,7 +305,7 @@ copy_buffer_flush (struct copy_buffer *c, estream_t sink)
 /* Run the program PGMNAME with the command line arguments given in
  * the NULL terminates array ARGV.  If INPUT is not NULL it will be
  * fed to stdin of the process.  stderr is logged using log_info and
- * the process' stdout is written to OUTPUT.  If OUTPUT is NULL the
+ * the process's stdout is written to OUTPUT.  If OUTPUT is NULL the
  * output is discarded.  If INEXTRA is given, an additional input
  * stream will be passed to the child; to tell the child about this
  * ARGV is scanned and the first occurrence of an argument
@@ -331,10 +334,16 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
   int count;
   read_and_log_buffer_t fderrstate;
   struct copy_buffer *cpbuf_in = NULL, *cpbuf_out = NULL, *cpbuf_extra = NULL;
+  int quiet = 0;
+  int dummy_exitcode;
 
   memset (fds, 0, sizeof fds);
   memset (&fderrstate, 0, sizeof fderrstate);
 
+  /* If the first argument to the program is "--quiet" avoid all extra
+   * diagnostics.  */
+  quiet = (argv && argv[0] && !strcmp (argv[0], "--quiet"));
+
   cpbuf_in = xtrymalloc (sizeof *cpbuf_in);
   if (cpbuf_in == NULL)
     {
@@ -360,6 +369,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
   copy_buffer_init (cpbuf_extra);
 
   fderrstate.pgmname = pgmname;
+  fderrstate.quiet = quiet;
   fderrstate.status_cb = status_cb;
   fderrstate.status_cb_value = status_cb_value;
   fderrstate.buffer_size = 256;
@@ -375,7 +385,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
       err = gnupg_create_outbound_pipe (extrapipe, &extrafp, 1);
       if (err)
         {
-          log_error ("error running outbound pipe for extra fp: %s\n",
+          log_error ("error creating outbound pipe for extra fp: %s\n",
                      gpg_strerror (err));
           goto leave;
         }
@@ -386,7 +396,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
          create a copy of the array.  */
 #ifdef HAVE_W32_SYSTEM
       snprintf (extrafdbuf, sizeof extrafdbuf, "-&%lu",
-                (unsigned long)(void*)_get_osfhandle (extrapipe[0]));
+                (unsigned long)_get_osfhandle (extrapipe[0]));
 #else
       snprintf (extrafdbuf, sizeof extrafdbuf, "-&%d", extrapipe[0]);
 #endif
@@ -411,7 +421,8 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
     argv[argsaveidx] = argsave;
   if (err)
     {
-      log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
+      if (!quiet)
+        log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
       goto leave;
     }
 
@@ -535,7 +546,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
   es_fclose (outfp); outfp = NULL;
   es_fclose (errfp); errfp = NULL;
 
-  err = gnupg_wait_process (pgmname, pid, 1, NULL);
+  err = gnupg_wait_process (pgmname, pid, 1, quiet? &dummy_exitcode : NULL);
   pid = (pid_t)(-1);
 
  leave:
@@ -547,7 +558,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
   es_fclose (outfp);
   es_fclose (errfp);
   if (pid != (pid_t)(-1))
-    gnupg_wait_process (pgmname, pid, 1, NULL);
+    gnupg_wait_process (pgmname, pid, 1,  quiet? &dummy_exitcode : NULL);
   gnupg_release_process (pid);
 
   copy_buffer_shred (cpbuf_in);
@@ -571,7 +582,7 @@ nop_free (void *ptr)
 /* Run the program PGMNAME with the command line arguments given in
    the NULL terminates array ARGV.  If INPUT_STRING is not NULL it
    will be fed to stdin of the process.  stderr is logged using
-   log_info and the process' stdout is returned in a newly malloced
+   log_info and the process's stdout is returned in a newly malloced
    buffer RESULT with the length stored at RESULTLEN if not given as
    NULL.  A hidden Nul is appended to the output.  On error NULL is
    stored at RESULT, a diagnostic is printed, and an error code
diff --git a/common/exectool.h b/common/exectool.h
index 27bbfc9..108903f 100644
--- a/common/exectool.h
+++ b/common/exectool.h
@@ -46,7 +46,7 @@ typedef void (*exec_tool_status_cb_t) (void *opaque,
 /* Run the program PGMNAME with the command line arguments given in
    the NULL terminates array ARGV.  If INPUT_STRING is not NULL it
    will be fed to stdin of the process.  stderr is logged using
-   log_info and the process' stdout is returned in a newly malloced
+   log_info and the process's stdout is returned in a newly malloced
    buffer RESULT with the length stored at RESULTLEN if not given as
    NULL.  A hidden Nul is appended to the output.  On error NULL is
    stored at RESULT, a diagnostic is printed, and an error code
@@ -58,7 +58,7 @@ gpg_error_t gnupg_exec_tool (const char *pgmname, const char *argv[],
 /* Run the program PGMNAME with the command line arguments given in
    the NULL terminates array ARGV.  If INPUT is not NULL it will be
    fed to stdin of the process.  stderr is logged using log_info and
-   the process' stdout is written to OUTPUT.  On error a diagnostic is
+   the process's stdout is written to OUTPUT.  On error a diagnostic is
    printed, and an error code returned.  INEXTRA is reserved. */
 gpg_error_t gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
                                     estream_t input, estream_t inextra,
diff --git a/common/gettime.c b/common/gettime.c
index 3fe30ce..03c152f 100644
--- a/common/gettime.c
+++ b/common/gettime.c
@@ -676,46 +676,6 @@ isotimestamp (u32 stamp)
 }
 
 
-/* Windows version of strftime returning the string as utf-8.  */
-#ifdef HAVE_W32_SYSTEM
-
-#define strftime(a,b,c,d)  w32_strftime ((a),(b),(c),(d))
-
-static size_t
-w32_strftime (char *s, size_t max, const char *format, const struct tm *tm)
-{
-  wchar_t *wformatbuf = NULL;
-  const wchar_t *wformat = L"%c %Z";
-  wchar_t wbuf[200];
-  size_t n;
-  char *buf;
-
-  if (strcmp (format, "%c %Z"))
-    {
-      log_debug ("  comverted\n");
-      wformatbuf = utf8_to_wchar (format);
-      if (wformatbuf)
-        wformat = wformatbuf;
-    }
-
-  n = wcsftime (wbuf, sizeof wbuf, wformat, tm);
-  xfree (wformatbuf);
-  if (!n)
-    {
-      /* Most likely the buffer is too short - try ISO format instead.  */
-      n = wcsftime (wbuf, sizeof wbuf, L"%Y-%m-%d %H:%M:%S", tm);
-      if (!n)
-        wcscpy (wbuf, L"[????" "-??" "-??]");
-    }
-  buf = wchar_to_utf8 (wbuf);
-  mem2str (s, buf? buf : "[????" "-??" "-??]", max);
-  xfree (buf);
-  return strlen (s) + 1;
-}
-#endif /*HAVE_W32_SYSTEM*/
-
-
-
 /****************
  * Note: this function returns local time
  */
@@ -734,6 +694,7 @@ asctimestamp (u32 stamp)
       strcpy (buffer, "????" "-??" "-??");
       return buffer;
     }
+
   tp = localtime( &atime );
 #ifdef HAVE_STRFTIME
 # if defined(HAVE_NL_LANGINFO)
diff --git a/common/gpgrlhelp.c b/common/gpgrlhelp.c
index 680d999..fd3a48f 100644
--- a/common/gpgrlhelp.c
+++ b/common/gpgrlhelp.c
@@ -77,11 +77,77 @@ init_stream (FILE *fp)
   rl_inhibit_completion = 1;
 }
 
+
+/* Read or write the history to or from the file FILENAME.  The
+ * behaviour depends on the flag WRITE_MODE:
+ *
+ * In read mode (WRITE_MODE is false) these semantics are used:
+ *
+ *   If NLINES is positive only this number of lines are read from the
+ *   history and the history is always limited to that number of
+ *   lines.  A negative value for NLINES is undefined.
+ *
+ *   If FILENAME is NULL the current history is cleared.  If NLINES is
+ *   positive the number of lines stored in the history is limited to
+ *   that number.  A negative value for NLINES is undefined.
+ *
+ * If WRITE_MODE is true these semantics are used:
+ *
+ *   If NLINES is negative the history and the history file are
+ *   cleared; if it is zero the entire history is written to the file;
+ *   if it is positive the history is written to the file and the file
+ *   is truncated to this number of lines.
+ *
+ *   If FILENAME is NULL no file operations are done but if NLINES is
+ *   negative the entire history is cleared.
+ *
+ * On success 0 is returned; on error -1 is returned and ERRNO is set.
+ */
+static int
+read_write_history (const char *filename, int write_mode, int nlines)
+{
+  int rc;
+
+  if (write_mode)
+    {
+      if (nlines < 0)
+        clear_history ();
+      rc = filename? write_history (filename) : 0;
+      if (!rc && filename && nlines > 0)
+        rc = history_truncate_file (filename, nlines);
+      if (rc)
+        {
+          gpg_err_set_errno (rc);
+          return -1;
+        }
+    }
+  else
+    {
+      clear_history ();
+      if (filename)
+        {
+          if (nlines)
+            rc = read_history_range (filename, 0, nlines);
+          else
+            rc = read_history (filename);
+          if (rc)
+            {
+              gpg_err_set_errno (rc);
+              return -1;
+            }
+        }
+      if (nlines > 0)
+        stifle_history (nlines);
+    }
+
+  return 0;
+}
+
 #endif /*HAVE_LIBREADLINE*/
 
 
 /* Initialize our readline code.  This should be called as early as
-   possible as it is actually a constructur.  */
+ * possible as it is actually a constructor.  */
 void
 gnupg_rl_initialize (void)
 {
@@ -91,7 +157,8 @@ gnupg_rl_initialize (void)
                             inhibit_completion,
                             cleanup_after_signal,
                             readline,
-                            add_history);
+                            add_history,
+                            read_write_history);
   rl_readline_name = GNUPG_NAME;
 #endif
 }
diff --git a/common/homedir.c b/common/homedir.c
index 9788c22..8b54f9d 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -1,7 +1,6 @@
 /* homedir.c - Setup the home directory.
  * Copyright (C) 2004, 2006, 2007, 2010 Free Software Foundation, Inc.
  * Copyright (C) 2013, 2016 Werner Koch
- * Copyright (C) 2021 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -27,7 +26,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
  */
 
 #include <config.h>
@@ -59,24 +57,13 @@
 #include <sys/stat.h> /* for stat() */
 #endif
 
+
+
 #include "util.h"
 #include "sysutils.h"
 #include "i18n.h"
 #include "zb32.h"
 
-/* The name of the symbolic link to the file from which the process
- * text was read.  */
-#if __linux__
-# define MYPROC_SELF_EXE "/proc/self/exe"
-#elif defined(__NetBSD__)
-# define MYPROC_SELF_EXE "/proc/curproc/exe"
-#elif defined(__illumos__) || defined(__sun)
-# define MYPROC_SELF_EXE "/proc/self/path/a.out"
-#else /* Assume other BSDs */
-# define MYPROC_SELF_EXE "/proc/curproc/file"
-#endif
-
-
 /* The GnuPG homedir.  This is only accessed by the functions
  * gnupg_homedir and gnupg_set_homedir.  Malloced.  */
 static char *the_gnupg_homedir;
@@ -87,21 +74,21 @@ static byte non_default_homedir;
 
 #ifdef HAVE_W32_SYSTEM
 /* A flag used to indicate that a control file for gpgconf has been
- * detected.  Under Windows the presence of this file indicates a
- * portable installations and triggers several changes:
- *
- * - The GNUGHOME directory is fixed relative to installation
- *   directory.  All other means to set the home directory are ignored.
- *
- * - All registry variables will be ignored.
- *
- * This flag is not used on Unix systems.
+   detected.  Under Windows the presence of this file indicates a
+   portable installations and triggers several changes:
+
+   - The GNUGHOME directory is fixed relative to installation
+     directory.  All other means to set the home directory are ignore.
+
+   - All registry variables will be ignored.
+
+   This flag is not used on Unix systems.
  */
 static byte w32_portable_app;
 #endif /*HAVE_W32_SYSTEM*/
 
 #ifdef HAVE_W32_SYSTEM
-/* This flag is true if this process' binary has been installed under
+/* This flag is true if this process's binary has been installed under
    bin and not in the root directory as often used before GnuPG 2.1. */
 static byte w32_bin_is_bin;
 #endif /*HAVE_W32_SYSTEM*/
@@ -112,6 +99,25 @@ static const char *w32_rootdir (void);
 #endif
 
 
+
+#ifdef HAVE_W32_SYSTEM
+static void
+w32_try_mkdir (const char *dir)
+{
+#ifdef HAVE_W32CE_SYSTEM
+  wchar_t *wdir = utf8_to_wchar (dir);
+  if (wdir)
+    {
+      CreateDirectory (wdir, NULL);
+      xfree (wdir);
+    }
+#else
+  CreateDirectory (dir, NULL);
+#endif
+}
+#endif
+
+
 /* This is a helper function to load and call a Windows function from
  * either of one DLLs.  On success an UTF-8 file name is returned.
  * ERRNO is _not_ set on error.  */
@@ -160,7 +166,7 @@ is_gnupg_default_homedir (const char *dir)
 {
   int result;
   char *a = make_absfilename (dir, NULL);
-  char *b = make_absfilename (standard_homedir (), NULL);
+  char *b = make_absfilename (GNUPG_DEFAULT_HOMEDIR, NULL);
   result = !compare_filenames (a, b);
   xfree (b);
   xfree (a);
@@ -256,7 +262,7 @@ standard_homedir (void)
 
               /* Try to create the directory if it does not yet exists.  */
               if (gnupg_access (dir, F_OK))
-                gnupg_mkdir (dir, "-rwx");
+                w32_try_mkdir (dir);
             }
           else
             dir = GNUPG_DEFAULT_HOMEDIR;
@@ -367,10 +373,8 @@ check_portable_app (const char *dir)
     }
   xfree (fname);
 }
-#endif /*HAVE_W32_SYSTEM*/
 
 
-#ifdef HAVE_W32_SYSTEM
 /* Determine the root directory of the gnupg installation on Windows.  */
 static const char *
 w32_rootdir (void)
@@ -422,235 +426,7 @@ w32_rootdir (void)
   /* Fallback to the hardwired value. */
   return GNUPG_LIBEXECDIR;
 }
-#endif /*HAVE_W32_SYSTEM*/
-
 
-#ifndef HAVE_W32_SYSTEM /* Unix */
-/* Determine the root directory of the gnupg installation on Unix.
- * The standard case is that this function returns NULL so that the
- * root directory as configured at build time is used.  However, it
- * may return a static string with a different root directory, similar
- * to what we do on Windows.  That second mode is triggered by the
- * existence of a file gpgconf.ctl installed side-by-side to gpgconf.
- * This file is parsed for keywords describing the actually to be used
- * root directory.  There is no solid standard on Unix to locate the
- * binary used to create the process, thus we support this currently
- * only on Linux and BSD where we can look this info up using the proc
- * file system.  If WANT_SYSCONFDIR is true the optional sysconfdir
- * entry is returned.  */
-static const char *
-unix_rootdir (int want_sysconfdir)
-{
-  static int checked;
-  static char *dir;   /* for the rootdir  */
-  static char *sdir;  /* for the sysconfdir */
-
-  if (!checked)
-    {
-      char *p;
-      char *buffer;
-      size_t bufsize = 256-1;
-      int nread;
-      gpg_error_t err;
-      char *line;
-      size_t linelen;
-      ssize_t length;
-      estream_t fp;
-      char *rootdir;
-      char *sysconfdir;
-      const char *name;
-
-      for (;;)
-        {
-          buffer = xmalloc (bufsize+1);
-          nread = readlink (MYPROC_SELF_EXE, buffer, bufsize);
-          if (nread < 0)
-            {
-              err = gpg_error_from_syserror ();
-              buffer[0] = 0;
-              if ((name = getenv ("GNUPG_BUILD_ROOT")) && *name == '/')
-                {
-                  /* Try a fallback for systems w/o a supported /proc
-                   * file system if we are running a regression test.  */
-                  log_info ("error reading symlink '%s': %s\n",
-                            MYPROC_SELF_EXE, gpg_strerror (err));
-                  xfree  (buffer);
-                  buffer = xstrconcat (name, "/bin/gpgconf", NULL);
-                  log_info ("trying fallback '%s'\n", buffer);
-                }
-              break;
-            }
-          else if (nread < bufsize)
-            {
-              buffer[nread] = 0;
-              break;  /* Got it.  */
-            }
-          else if (bufsize >= 4095)
-            {
-              buffer[0] = 0;
-              log_info ("error reading symlink '%s': %s\n",
-                        MYPROC_SELF_EXE, "value too large");
-              break;
-            }
-          xfree (buffer);
-          bufsize += 256;
-        }
-      if (!*buffer)
-        {
-          xfree (buffer);
-          checked = 1;
-          return NULL;  /* Error - assume no gpgconf.ctl.  */
-        }
-
-      p = strrchr (buffer, '/');
-      if (!p)
-        {
-          xfree (buffer);
-          checked = 1;
-          return NULL;  /* Erroneous /proc - assume no gpgconf.ctl.  */
-        }
-      *p = 0;  /* BUFFER has the directory.  */
-      if ((p = strrchr (buffer, '/')))
-        {
-          /* Strip one part and expect the file below a bin dir.  */
-          *p = 0;
-          p = xstrconcat (buffer, "/bin/gpgconf.ctl", NULL);
-          xfree (buffer);
-          buffer = p;
-        }
-      else /* !p */
-        {
-          /* Installed in the root which is not a good idea.  Assume
-           * no gpgconf.ctl.  */
-          xfree (buffer);
-          checked = 1;
-          return NULL;
-        }
-
-      if (gnupg_access (buffer, F_OK))
-        {
-          /* No gpgconf.ctl file.  */
-          xfree (buffer);
-          checked = 1;
-          return NULL;
-        }
-      /* log_info ("detected '%s'\n", buffer); */
-      fp = es_fopen (buffer, "r");
-      if (!fp)
-        {
-          err = gpg_error_from_syserror ();
-          log_info ("error opening '%s': %s\n", buffer, gpg_strerror (err));
-          xfree (buffer);
-          checked = 1;
-          return NULL;
-        }
-
-      line = NULL;
-      linelen = 0;
-      rootdir = NULL;
-      sysconfdir = NULL;
-      while ((length = es_read_line (fp, &line, &linelen, NULL)) > 0)
-        {
-          /* Strip NL and CR, if present.  */
-          while (length > 0
-                 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
-            line[--length] = 0;
-          trim_spaces (line);
-          if (!strncmp (line, "rootdir=", 8))
-            {
-              name = "rootdir";
-              p = line + 8;
-            }
-          else if (!strncmp (line, "rootdir =", 9))  /* (What a kludge) */
-            {
-              name = "rootdir";
-              p = line + 9;
-            }
-          else if (!strncmp (line, "sysconfdir=", 11))
-            {
-              name = "sysconfdir";
-              p = line + 11;
-            }
-          else if (!strncmp (line, "sysconfdir =", 12))  /* (What a kludge) */
-            {
-              name = "sysconfdir";
-              p = line + 12;
-            }
-          else
-            continue;
-          trim_spaces (p);
-          p = substitute_envvars (p);
-          if (!p)
-            {
-              err = gpg_error_from_syserror ();
-              log_info ("error getting %s from gpgconf.ctl: %s\n",
-                        name, gpg_strerror (err));
-            }
-          else if (!strcmp (name, "sysconfdir"))
-            {
-              xfree (sysconfdir);
-              sysconfdir = p;
-            }
-          else
-            {
-              xfree (rootdir);
-              rootdir = p;
-            }
-        }
-      if (es_ferror (fp))
-        {
-          err = gpg_error_from_syserror ();
-          log_info ("error reading '%s': %s\n", buffer, gpg_strerror (err));
-          es_fclose (fp);
-          xfree (buffer);
-          xfree (line);
-          checked = 1;
-          return NULL;
-        }
-      es_fclose (fp);
-      xfree (buffer);
-      xfree (line);
-
-      if (!rootdir || !*rootdir || *rootdir != '/')
-        {
-          log_info ("invalid rootdir '%s' specified in gpgconf.ctl\n", rootdir);
-          xfree (rootdir);
-          xfree (sysconfdir);
-          dir = NULL;
-        }
-      else if (sysconfdir && (!*sysconfdir || *sysconfdir != '/'))
-        {
-          log_info ("invalid sysconfdir '%s' specified in gpgconf.ctl\n",
-                    sysconfdir);
-          xfree (rootdir);
-          xfree (sysconfdir);
-          dir = NULL;
-        }
-      else
-        {
-          while (*rootdir && rootdir[strlen (rootdir)-1] == '/')
-            rootdir[strlen (rootdir)-1] = 0;
-          dir = rootdir;
-          gpgrt_annotate_leaked_object (dir);
-          /* log_info ("want rootdir '%s'\n", dir); */
-          if (sysconfdir)
-            {
-              while (*sysconfdir && sysconfdir[strlen (sysconfdir)-1] == '/')
-                sysconfdir[strlen (sysconfdir)-1] = 0;
-              sdir = sysconfdir;
-              gpgrt_annotate_leaked_object (sdir);
-              /* log_info ("want sysconfdir '%s'\n", sdir); */
-            }
-        }
-      checked = 1;
-    }
-
-  return want_sysconfdir? sdir : dir;
-}
-#endif /* Unix */
-
-
-#ifdef HAVE_W32_SYSTEM
 static const char *
 w32_commondir (void)
 {
@@ -814,117 +590,8 @@ gnupg_daemon_rootdir (void)
 char *
 _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
 {
-#if defined(HAVE_W32_SYSTEM)
-  char *name;
-
-  (void)skip_checks;
-
-  *r_info = 0;
-
-  /* First make sure that non_default_homedir and w32_portable_app can
-   * be set.  */
-  gnupg_homedir ();
-
-  if (w32_portable_app)
-    {
-      name = xstrconcat (w32_rootdir (), DIRSEP_S, "gnupg", NULL);
-    }
-  else
-    {
-      char *path;
-
-      path = w32_shgetfolderpath (NULL,
-                                  CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
-                                  NULL, 0);
-      if (path)
-        {
-          name = xstrconcat (path, "\\gnupg", NULL);
-          xfree (path);
-          if (gnupg_access (name, F_OK))
-            gnupg_mkdir (name, "-rwx");
-        }
-      else
-        {
-          name = xstrdup (gnupg_homedir ());
-        }
-    }
-
-  /* If a non default homedir is used, we check whether an
-   * corresponding sub directory below the socket dir is available
-   * and use that.  We hash the non default homedir to keep the new
-   * subdir short enough.  */
-  if (non_default_homedir)
-    {
-      char sha1buf[20];
-      struct stat sb;
-      char *suffix;
-      char *p;
-
-      *r_info |= 32; /* Testing subdir.  */
-
-      /* Canonicalize the name to avoid problems with mixed case
-       * names.  Note that we use only 10 bytes of the hash because on
-       * Windows the account name is also part of the name.  */
-      suffix = ascii_strlwr (xstrdup (gnupg_homedir ()));
-      for (p=suffix; *p; p++)
-        if ( *p == '\\')
-          *p = '/';
-      gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, suffix, strlen (suffix));
-      xfree (suffix);
-      suffix = zb32_encode (sha1buf, 8*10);
-      if (!suffix)
-        {
-          *r_info |= 1; /* Out of core etc. */
-          goto leave_w32;
-        }
-      p = xstrconcat (name, "\\d.", suffix, NULL);
-      xfree (suffix);
-      xfree (name);
-      name = p;
-
-      /* Stat that directory and check constraints.
-       * The command
-       *    gpgconf --remove-socketdir
-       * can be used to remove that directory.  */
-      if (gnupg_stat (name, &sb))
-        {
-          if (errno != ENOENT)
-            *r_info |= 1; /* stat failed. */
-          else if (!skip_checks)
-            {
-              /* Try to create the directory and check again.  */
-              if (gnupg_mkdir (name, "-rwx"))
-                *r_info |= 16; /* mkdir failed.  */
-              else if (gnupg_stat (name, &sb))
-                {
-                  if (errno != ENOENT)
-                    *r_info |= 1; /* stat failed. */
-                  else
-                    *r_info |= 64; /* Subdir does not exist.  */
-                }
-              else
-                goto leave_w32; /* Success!  */
-            }
-          else
-            *r_info |= 64; /* Subdir does not exist.  */
-          if (!skip_checks)
-            {
-              xfree (name);
-              name = NULL;
-              goto leave_w32;
-            }
-        }
-    }
+#if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT)
 
- leave_w32:
-  /* If nothing works - fall back to the homedir.  */
-  if (!name)
-    {
-      *r_info |= 128; /* Fallback.  */
-      name = xstrdup (gnupg_homedir ());
-    }
-
-#elif !defined(HAVE_STAT)
   char *name;
 
   (void)skip_checks;
@@ -1147,11 +814,7 @@ gnupg_sysconfdir (void)
     }
   return name;
 #else /*!HAVE_W32_SYSTEM*/
-  const char *dir = unix_rootdir (1);
-  if (dir)
-    return dir;
-  else
-    return GNUPG_SYSCONFDIR;
+  return GNUPG_SYSCONFDIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
@@ -1159,13 +822,20 @@ gnupg_sysconfdir (void)
 const char *
 gnupg_bindir (void)
 {
+#if defined (HAVE_W32CE_SYSTEM)
   static char *name;
+
+  if (!name)
+    name = xstrconcat (w32_rootdir (), DIRSEP_S "bin", NULL);
+  return name;
+#elif defined(HAVE_W32_SYSTEM)
   const char *rdir;
 
-#if defined(HAVE_W32_SYSTEM)
   rdir = w32_rootdir ();
   if (w32_bin_is_bin)
     {
+      static char *name;
+
       if (!name)
         name = xstrconcat (rdir, DIRSEP_S "bin", NULL);
       return name;
@@ -1173,18 +843,7 @@ gnupg_bindir (void)
   else
     return rdir;
 #else /*!HAVE_W32_SYSTEM*/
-  rdir = unix_rootdir (0);
-  if (rdir)
-    {
-      if (!name)
-        {
-          name = xstrconcat (rdir, DIRSEP_S "bin", NULL);
-          gpgrt_annotate_leaked_object (name);
-        }
-      return name;
-    }
-  else
-    return GNUPG_BINDIR;
+  return GNUPG_BINDIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
@@ -1197,75 +856,35 @@ gnupg_libexecdir (void)
 #ifdef HAVE_W32_SYSTEM
   return gnupg_bindir ();
 #else /*!HAVE_W32_SYSTEM*/
-  static char *name;
-  const char *rdir;
-
-  rdir = unix_rootdir (0);
-  if (rdir)
-    {
-      if (!name)
-        {
-          name = xstrconcat (rdir, DIRSEP_S "libexec", NULL);
-          gpgrt_annotate_leaked_object (name);
-        }
-      return name;
-    }
-  else
-    return GNUPG_LIBEXECDIR;
+  return GNUPG_LIBEXECDIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
 const char *
 gnupg_libdir (void)
 {
+#ifdef HAVE_W32_SYSTEM
   static char *name;
 
-#ifdef HAVE_W32_SYSTEM
   if (!name)
     name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
   return name;
 #else /*!HAVE_W32_SYSTEM*/
-  const char *rdir;
-
-  rdir = unix_rootdir (0);
-  if (rdir)
-    {
-      if (!name)
-        {
-          name = xstrconcat (rdir, DIRSEP_S "lib", DIRSEP_S, "gnupg", NULL);
-          gpgrt_annotate_leaked_object (name);
-        }
-      return name;
-    }
-  else
-    return GNUPG_LIBDIR;
+  return GNUPG_LIBDIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
 const char *
 gnupg_datadir (void)
 {
+#ifdef HAVE_W32_SYSTEM
   static char *name;
 
-#ifdef HAVE_W32_SYSTEM
   if (!name)
     name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
   return name;
 #else /*!HAVE_W32_SYSTEM*/
-  const char *rdir;
-
-  rdir = unix_rootdir (0);
-  if (rdir)
-    {
-      if (!name)
-        {
-          name = xstrconcat (rdir, DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
-          gpgrt_annotate_leaked_object (name);
-        }
-      return name;
-    }
-  else
-    return GNUPG_DATADIR;
+  return GNUPG_DATADIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
@@ -1273,28 +892,86 @@ gnupg_datadir (void)
 const char *
 gnupg_localedir (void)
 {
+#ifdef HAVE_W32_SYSTEM
   static char *name;
 
-#ifdef HAVE_W32_SYSTEM
   if (!name)
     name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "locale",
                        NULL);
   return name;
 #else /*!HAVE_W32_SYSTEM*/
-  const char *rdir;
+  return LOCALEDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
 
-  rdir = unix_rootdir (0);
-  if (rdir)
+/* Return the name of the cache directory.  The name is allocated in a
+   static area on the first use.  Windows only: If the directory does
+   not exist it is created.  */
+const char *
+gnupg_cachedir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+  static const char *dir;
+
+  if (!dir)
     {
-      if (!name)
+      const char *rdir;
+
+      rdir = w32_rootdir ();
+      if (w32_portable_app)
         {
-          name = xstrconcat (rdir, DIRSEP_S "share" DIRSEP_S "locale", NULL);
-          gpgrt_annotate_leaked_object (name);
+          dir = xstrconcat (rdir,
+                            DIRSEP_S, "var",
+                            DIRSEP_S, "cache",
+                            DIRSEP_S, "gnupg", NULL);
+        }
+      else
+        {
+          char *path;
+          const char *s1[] = { "GNU", "cache", "gnupg", NULL };
+          int s1_len;
+          const char **comp;
+
+          s1_len = 0;
+          for (comp = s1; *comp; comp++)
+            s1_len += 1 + strlen (*comp);
+
+          path = w32_shgetfolderpath (NULL,
+                                      CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
+                                      NULL, 0);
+          if (path)
+            {
+              char *tmp = xmalloc (strlen (path) + s1_len + 1);
+              char *p;
+
+              p = stpcpy (tmp, path);
+              for (comp = s1; *comp; comp++)
+                {
+                  p = stpcpy (p, "\\");
+                  p = stpcpy (p, *comp);
+
+                  if (gnupg_access (tmp, F_OK))
+                    w32_try_mkdir (tmp);
+                }
+
+              dir = tmp;
+              xfree (path);
+            }
+          else
+            {
+              dir = "c:\\temp\\cache\\gnupg";
+#ifdef HAVE_W32CE_SYSTEM
+              dir += 2;
+              w32_try_mkdir ("\\temp\\cache");
+              w32_try_mkdir ("\\temp\\cache\\gnupg");
+#endif
+            }
         }
-      return name;
     }
-  else
-    return LOCALEDIR;
+  return dir;
+#else /*!HAVE_W32_SYSTEM*/
+  return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
@@ -1306,14 +983,10 @@ gpg_agent_socket_name (void)
   static char *name;
 
   if (!name)
-    {
-      name = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
-      gpgrt_annotate_leaked_object (name);
-    }
+    name = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
   return name;
 }
 
-
 /* Return the user socket name used by DirMngr.  */
 const char *
 dirmngr_socket_name (void)
@@ -1326,6 +999,18 @@ dirmngr_socket_name (void)
 }
 
 
+/* Return the user socket name used by Keyboxd.  */
+const char *
+keyboxd_socket_name (void)
+{
+  static char *name;
+
+  if (!name)
+    name = make_filename (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL);
+  return name;
+}
+
+
 /* Return the default pinentry name.  If RESET is true the internal
    cache is first flushed.  */
 static const char *
@@ -1401,10 +1086,7 @@ static int gnupg_module_name_called;
  * be called before any invocation of 'gnupg_module_name', and must
  * not be called twice.  It can be used by test suites to make sure
  * the components from the build directory are used instead of
- * potentially outdated installed ones.
- * Fixme: It might be better to make use of the newer gpgconf.ctl feature
- *        for regression testing.
- */
+ * potentially outdated installed ones.  */
 void
 gnupg_set_builddir (const char *newdir)
 {
@@ -1471,6 +1153,13 @@ gnupg_module_name (int which)
       X(libexecdir, "scd", "scdaemon");
 #endif
 
+    case GNUPG_MODULE_NAME_TPM2DAEMON:
+#ifdef GNUPG_DEFAULT_TPM2DAEMON
+      return GNUPG_DEFAULT_TPM2DAEMON;
+#else
+      X(libexecdir, "tpm2d", TPM2DAEMON_NAME);
+#endif
+
     case GNUPG_MODULE_NAME_DIRMNGR:
 #ifdef GNUPG_DEFAULT_DIRMNGR
       return GNUPG_DEFAULT_DIRMNGR;
@@ -1478,6 +1167,13 @@ gnupg_module_name (int which)
       X(bindir, "dirmngr", DIRMNGR_NAME);
 #endif
 
+    case GNUPG_MODULE_NAME_KEYBOXD:
+#ifdef GNUPG_DEFAULT_KEYBOXD
+      return GNUPG_DEFAULT_KEYBOXD;
+#else
+      X(libexecdir, "kbx", KEYBOXD_NAME);
+#endif
+
     case GNUPG_MODULE_NAME_PROTECT_TOOL:
 #ifdef GNUPG_DEFAULT_PROTECT_TOOL
       return GNUPG_DEFAULT_PROTECT_TOOL;
diff --git a/common/i18n.c b/common/i18n.c
index 60362ce..b5a2864 100644
--- a/common/i18n.c
+++ b/common/i18n.c
@@ -87,7 +87,7 @@ i18n_init (void)
 #else
 # ifdef ENABLE_NLS
   setlocale (LC_ALL, "" );
-  bindtextdomain (PACKAGE_GT, gnupg_localedir ());
+  bindtextdomain (PACKAGE_GT, LOCALEDIR);
   textdomain (PACKAGE_GT);
 # endif
 #endif
@@ -199,10 +199,10 @@ i18n_localegettext (const char *lc_messages, const char *string)
   if (!setlocale (LC_MESSAGES, lc_messages))
     goto leave;
 
-  bindtextdomain (PACKAGE_GT, gnupg_localedir ());
+  bindtextdomain (PACKAGE_GT, LOCALEDIR);
   result = gettext (string);
   setlocale (LC_MESSAGES, saved);
-  bindtextdomain (PACKAGE_GT, gnupg_localedir ());
+  bindtextdomain (PACKAGE_GT, LOCALEDIR);
 
   /* Cache the result.  */
   if (!mh)
diff --git a/common/init.c b/common/init.c
index 4ae7cbc..7b6b4ae 100644
--- a/common/init.c
+++ b/common/init.c
@@ -208,14 +208,8 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
   gettext_use_utf8 (1);
   if (!SetConsoleCP (CP_UTF8) || !SetConsoleOutputCP (CP_UTF8))
     {
-      /* Don't show the error if the program does not have a console.
-       * This is for example the case for daemons.  */
-      int rc = GetLastError ();
-      if (rc != ERROR_INVALID_HANDLE)
-        {
-          log_info ("SetConsoleCP failed: %s\n", w32_strerror (rc));
-          log_info ("Warning: Garbled console data possible\n");
-        }
+      log_info ("SetConsoleCP failed: %s\n", w32_strerror (-1));
+      log_info ("Warning: Garbled console data possible\n");
     }
 #endif
 
@@ -230,10 +224,10 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
   }
 
   /* --version et al shall use estream as well.  */
-  gnupg_set_usage_outfnc (writestring_via_estream);
+  gpgrt_set_usage_outfnc (writestring_via_estream);
 
   /* Register our string mapper with gpgrt.  */
-  gnupg_set_fixed_string_mapper (map_static_macro_string);
+  gpgrt_set_fixed_string_mapper (map_static_macro_string);
 
   /* Logging shall use the standard socket directory as fallback.  */
   log_set_socket_dir_cb (gnupg_socketdir);
@@ -337,7 +331,7 @@ prepare_w32_commandline (int *r_argc, char ***r_argv)
   const char *s;
   int i, globing, itemsalloced;
 
-  s = strusage (95);
+  s = gpgrt_strusage (95);
   globing = (s && *s == '1');
 
   wcmdline = GetCommandLineW ();
diff --git a/common/iobuf.c b/common/iobuf.c
index 6370efb..e82e75d 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -59,10 +59,8 @@
 
 /*-- Begin configurable part.  --*/
 
-/* The size of the internal buffers.
-   NOTE: If you change this value you MUST also adjust the regression
-   test "armored_key_8192" in armor.test! */
-#define IOBUF_BUFFER_SIZE  8192
+/* The standard size of the internal buffers.  */
+#define DEFAULT_IOBUF_BUFFER_SIZE  (64*1024)
 
 /* To avoid a potential DoS with compression packets we better limit
    the number of filters in a chain.  */
@@ -70,6 +68,10 @@
 
 /*-- End configurable part.  --*/
 
+/* The size of the iobuffers.  This can be changed using the
+ * iobuf_set_buffer_size function.  */
+static unsigned int iobuf_buffer_size = DEFAULT_IOBUF_BUFFER_SIZE;
+
 
 #ifdef HAVE_W32_SYSTEM
 # ifdef HAVE_W32CE_SYSTEM
@@ -92,6 +94,7 @@ typedef struct
   int keep_open;
   int no_cache;
   int eof_seen;
+  int delayed_rc;
   int print_only_name; /* Flags indicating that fname is not a real file.  */
   char fname[1];       /* Name of the file.  */
 } file_filter_ctx_t;
@@ -103,6 +106,8 @@ typedef struct
   int keep_open;
   int no_cache;
   int eof_seen;
+  int use_readlimit;   /* Take care of the readlimit.  */
+  size_t readlimit;    /* Number of bytes left to read.  */
   int print_only_name; /* Flags indicating that fname is not a real file.  */
   char fname[1];       /* Name of the file.  */
 } file_es_filter_ctx_t;
@@ -168,7 +173,7 @@ static int translate_file_handle (int fd, int for_write);
    to be sent to A's filter function.
 
    If A is a IOBUF_OUTPUT_TEMP filter, then this also enlarges the
-   buffer by IOBUF_BUFFER_SIZE.
+   buffer by iobuf_buffer_size.
 
    May only be called on an IOBUF_OUTPUT or IOBUF_OUTPUT_TEMP filters.  */
 static int filter_flush (iobuf_t a);
@@ -194,6 +199,18 @@ fd_cache_strcmp (const char *a, const char *b)
 }
 
 
+#ifdef HAVE_W32_SYSTEM
+static int
+any8bitchar (const char *string)
+{
+  if (string)
+    for ( ; *string; string++)
+      if ((*string & 0x80))
+        return 1;
+  return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
 /*
  * Invalidate (i.e. close) a cached iobuf
  */
@@ -295,11 +312,11 @@ direct_open (const char *fname, const char *mode, int mode700)
       sm = FILE_SHARE_READ;
     }
 
-  /* We always use the Unicode version because it supports file names
-   * longer than MAX_PATH.  (requires gpgrt 1.45) */
-  if (1)
+  /* We use the Unicode version of the function only if needed to
+   * avoid an extra conversion step.  */
+  if (any8bitchar (fname))
     {
-      wchar_t *wfname = gpgrt_fname_to_wchar (fname);
+      wchar_t *wfname = utf8_to_wchar (fname);
       if (wfname)
         {
           hfile = CreateFileW (wfname, da, sm, NULL, cd,
@@ -309,6 +326,8 @@ direct_open (const char *fname, const char *mode, int mode700)
       else
         hfile = INVALID_HANDLE_VALUE;
     }
+  else
+    hfile = CreateFileA (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL);
 
   return hfile;
 
@@ -453,12 +472,20 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
 
   if (control == IOBUFCTRL_UNDERFLOW)
     {
-      assert (size); /* We need a buffer.  */
+      log_assert (size); /* We need a buffer.  */
       if (a->eof_seen)
 	{
 	  rc = -1;
 	  *ret_len = 0;
 	}
+      else if (a->delayed_rc)
+        {
+          rc = a->delayed_rc;
+          a->delayed_rc = 0;
+          if (rc == -1)
+            a->eof_seen = -1;
+	  *ret_len = 0;
+        }
       else
 	{
 #ifdef HAVE_W32_SYSTEM
@@ -489,29 +516,39 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
 	  int n;
 
 	  nbytes = 0;
-	  do
-	    {
-	      n = read (f, buf, size);
-	    }
-	  while (n == -1 && errno == EINTR);
-	  if (n == -1)
-	    {			/* error */
-	      if (errno != EPIPE)
-		{
-		  rc = gpg_error_from_syserror ();
-		  log_error ("%s: read error: %s\n",
-			     a->fname, strerror (errno));
-		}
-	    }
-	  else if (!n)
-	    {			/* eof */
-	      a->eof_seen = 1;
-	      rc = -1;
-	    }
-	  else
-	    {
-	      nbytes = n;
-	    }
+        read_more:
+          do
+            {
+              n = read (f, buf + nbytes, size - nbytes);
+            }
+          while (n == -1 && errno == EINTR);
+          if (n > 0)
+            {
+              nbytes += n;
+              if (nbytes < size)
+                goto read_more;
+            }
+          else if (!n) /* eof */
+            {
+              if (nbytes)
+                a->delayed_rc = -1;
+              else
+                {
+                  a->eof_seen = 1;
+                  rc = -1;
+                }
+            }
+          else /* error */
+            {
+              rc = gpg_error_from_syserror ();
+              if (gpg_err_code (rc) != GPG_ERR_EPIPE)
+                log_error ("%s: read error: %s\n", a->fname, gpg_strerror (rc));
+              if (nbytes)
+                {
+                  a->delayed_rc = rc;
+                  rc = 0;
+                }
+            }
 #endif
 	  *ret_len = nbytes;
 	}
@@ -571,6 +608,7 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
   else if (control == IOBUFCTRL_INIT)
     {
       a->eof_seen = 0;
+      a->delayed_rc = 0;
       a->keep_open = 0;
       a->no_cache = 0;
     }
@@ -615,6 +653,34 @@ file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf,
 	  rc = -1;
 	  *ret_len = 0;
 	}
+      else if (a->use_readlimit)
+	{
+          nbytes = 0;
+          if (!a->readlimit)
+	    {			/* eof */
+	      a->eof_seen = 1;
+	      rc = -1;
+	    }
+          else
+            {
+              if (size > a->readlimit)
+                size = a->readlimit;
+              rc = es_read (f, buf, size, &nbytes);
+              if (rc == -1)
+                {			/* error */
+                  rc = gpg_error_from_syserror ();
+                  log_error ("%s: read error: %s\n", a->fname,strerror (errno));
+                }
+              else if (!nbytes)
+                {			/* eof */
+                  a->eof_seen = 1;
+                  rc = -1;
+                }
+              else
+                a->readlimit -= nbytes;
+            }
+	  *ret_len = nbytes;
+	}
       else
 	{
           nbytes = 0;
@@ -858,16 +924,22 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
 		    }
 		  else if (c == 255)
 		    {
-		      a->size = iobuf_get_noeof (chain) << 24;
-		      a->size |= iobuf_get_noeof (chain) << 16;
-		      a->size |= iobuf_get_noeof (chain) << 8;
-		      if ((c = iobuf_get (chain)) == -1)
+                      size_t len = 0;
+                      int i;
+
+                      for (i = 0; i < 4; i++)
+                        if ((c = iobuf_get (chain)) == -1)
+                          break;
+                        else
+                          len = ((len << 8) | c);
+
+                      if (i < 4)
 			{
 			  log_error ("block_filter: invalid 4 byte length\n");
 			  rc = GPG_ERR_BAD_DATA;
 			  break;
 			}
-		      a->size |= c;
+                      a->size = len;
                       a->partial = 2;
                       if (!a->size)
                         {
@@ -1055,6 +1127,30 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
   return rc;
 }
 
+
+/* Change the default size for all IOBUFs to KILOBYTE.  This needs to
+ * be called before any iobufs are used and can only be used once.
+ * Returns the current value.  Using 0 has no effect except for
+ * returning the current value.  */
+unsigned int
+iobuf_set_buffer_size (unsigned int kilobyte)
+{
+  static int used;
+
+  if (!used && kilobyte)
+    {
+      if (kilobyte < 4)
+        kilobyte = 4;
+      else if (kilobyte > 16*1024)
+        kilobyte = 16*1024;
+
+      iobuf_buffer_size = kilobyte * 1024;
+      used = 1;
+    }
+  return iobuf_buffer_size / 1024;
+}
+
+
 #define MAX_IOBUF_DESC 32
 /*
  * Fill the buffer by the description of iobuf A.
@@ -1107,7 +1203,7 @@ iobuf_alloc (int use, size_t bufsize)
   if (bufsize == 0)
     {
       log_bug ("iobuf_alloc() passed a bufsize of 0!\n");
-      bufsize = IOBUF_BUFFER_SIZE;
+      bufsize = iobuf_buffer_size;
     }
 
   a = xcalloc (1, sizeof *a);
@@ -1186,7 +1282,7 @@ iobuf_cancel (iobuf_t a)
   /* send a cancel message to all filters */
   for (a2 = a; a2; a2 = a2->chain)
     {
-      size_t dummy;
+      size_t dummy = 0;
       if (a2->filter)
 	a2->filter (a2->filter_ov, IOBUFCTRL_CANCEL, a2->chain, NULL, &dummy);
     }
@@ -1197,7 +1293,14 @@ iobuf_cancel (iobuf_t a)
     {
       /* Argg, MSDOS does not allow removing open files.  So
        * we have to do it here */
-      gnupg_remove (remove_name);
+#ifdef HAVE_W32CE_SYSTEM
+      wchar_t *wtmp = utf8_to_wchar (remove_name);
+      if (wtmp)
+        DeleteFile (wtmp);
+      xfree (wtmp);
+#else
+      remove (remove_name);
+#endif
       xfree (remove_name);
     }
 #endif
@@ -1208,7 +1311,7 @@ iobuf_cancel (iobuf_t a)
 iobuf_t
 iobuf_temp (void)
 {
-  return iobuf_alloc (IOBUF_OUTPUT_TEMP, IOBUF_BUFFER_SIZE);
+  return iobuf_alloc (IOBUF_OUTPUT_TEMP, iobuf_buffer_size);
 }
 
 iobuf_t
@@ -1283,7 +1386,7 @@ do_open (const char *fname, int special_filenames,
 	return NULL;
     }
 
-  a = iobuf_alloc (use, IOBUF_BUFFER_SIZE);
+  a = iobuf_alloc (use, iobuf_buffer_size);
   fcx = xmalloc (sizeof *fcx + strlen (fname));
   fcx->fp = fp;
   fcx->print_only_name = print_only;
@@ -1325,12 +1428,12 @@ do_iobuf_fdopen (int fd, const char *mode, int keep_open)
   iobuf_t a;
   gnupg_fd_t fp;
   file_filter_ctx_t *fcx;
-  size_t len;
+  size_t len = 0;
 
   fp = INT2FD (fd);
 
   a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
-		   IOBUF_BUFFER_SIZE);
+		   iobuf_buffer_size);
   fcx = xmalloc (sizeof *fcx + 20);
   fcx->fp = fp;
   fcx->print_only_name = 1;
@@ -1361,19 +1464,22 @@ iobuf_fdopen_nc (int fd, const char *mode)
 
 
 iobuf_t
-iobuf_esopen (estream_t estream, const char *mode, int keep_open)
+iobuf_esopen (estream_t estream, const char *mode, int keep_open,
+              size_t readlimit)
 {
   iobuf_t a;
   file_es_filter_ctx_t *fcx;
   size_t len = 0;
 
   a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
-		   IOBUF_BUFFER_SIZE);
+		   iobuf_buffer_size);
   fcx = xtrymalloc (sizeof *fcx + 30);
   fcx->fp = estream;
   fcx->print_only_name = 1;
   fcx->keep_open = keep_open;
-  sprintf (fcx->fname, "[fd %p]", estream);
+  fcx->readlimit = readlimit;
+  fcx->use_readlimit = !!readlimit;
+  snprintf (fcx->fname, 30, "[fd %p]", estream);
   a->filter = file_es_filter;
   a->filter_ov = fcx;
   file_es_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
@@ -1393,7 +1499,7 @@ iobuf_sockopen (int fd, const char *mode)
   size_t len;
 
   a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT,
-		   IOBUF_BUFFER_SIZE);
+		   iobuf_buffer_size);
   scx = xmalloc (sizeof *scx + 25);
   scx->sock = fd;
   scx->print_only_name = 1;
@@ -1594,13 +1700,13 @@ iobuf_push_filter2 (iobuf_t a,
 	 increased accordingly.  We don't need to allocate a 10 MB
 	 buffer for a non-terminal filter.  Just use the default
 	 size.  */
-      a->d.size = IOBUF_BUFFER_SIZE;
+      a->d.size = iobuf_buffer_size;
     }
   else if (a->use == IOBUF_INPUT_TEMP)
     /* Same idea as above.  */
     {
       a->use = IOBUF_INPUT;
-      a->d.size = IOBUF_BUFFER_SIZE;
+      a->d.size = iobuf_buffer_size;
     }
 
   /* The new filter (A) gets a new buffer.
@@ -1917,7 +2023,7 @@ filter_flush (iobuf_t a)
 
   if (a->use == IOBUF_OUTPUT_TEMP)
     {				/* increase the temp buffer */
-      size_t newsize = a->d.size + IOBUF_BUFFER_SIZE;
+      size_t newsize = a->d.size + iobuf_buffer_size;
 
       if (DBG_IOBUF)
 	log_debug ("increasing temp iobuf from %lu to %lu\n",
@@ -2201,7 +2307,7 @@ iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen)
 
 /* Copies the data from the input iobuf SOURCE to the output iobuf
    DEST until either an error is encountered or EOF is reached.
-   Returns the number of bytes copies or (size_t)(-1) on error.  */
+   Returns the number of bytes copies.  */
 size_t
 iobuf_copy (iobuf_t dest, iobuf_t source)
 {
@@ -2214,11 +2320,11 @@ iobuf_copy (iobuf_t dest, iobuf_t source)
   size_t max_read = 0;
   int err;
 
-  log_assert (source->use == IOBUF_INPUT || source->use == IOBUF_INPUT_TEMP);
-  log_assert (dest->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
+  assert (source->use == IOBUF_INPUT || source->use == IOBUF_INPUT_TEMP);
+  assert (dest->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP);
 
   if (iobuf_error (dest))
-    return (size_t)(-1);
+    return -1;
 
   temp = xmalloc (temp_size);
   while (1)
@@ -2564,12 +2670,50 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
     }
 
   p = buffer;
-  while ((c = iobuf_get (a)) != -1)
+  while (1)
     {
-      *p++ = c;
-      nbytes++;
-      if (c == '\n')
-	break;
+      if (!a->nofast && a->d.start < a->d.len && nbytes < length - 1)
+	/* Fast path for finding '\n' by using standard C library's optimized
+	   memchr.  */
+	{
+	  unsigned size = a->d.len - a->d.start;
+	  byte *newline_pos;
+
+	  if (size > length - 1 - nbytes)
+	    size = length - 1 - nbytes;
+
+	  newline_pos = memchr (a->d.buf + a->d.start, '\n', size);
+	  if (newline_pos)
+	    {
+	      /* Found newline, copy buffer and return. */
+	      size = (newline_pos - (a->d.buf + a->d.start)) + 1;
+	      memcpy (p, a->d.buf + a->d.start, size);
+	      p += size;
+	      nbytes += size;
+	      a->d.start += size;
+	      a->nbytes += size;
+	      break;
+	    }
+	  else
+	    {
+	      /* No newline, copy buffer and continue. */
+	      memcpy (p, a->d.buf + a->d.start, size);
+	      p += size;
+	      nbytes += size;
+	      a->d.start += size;
+	      a->nbytes += size;
+	    }
+	}
+      else
+	{
+	  c = iobuf_readbyte (a);
+	  if (c == -1)
+	    break;
+	  *p++ = c;
+	  nbytes++;
+	  if (c == '\n')
+	    break;
+	}
 
       if (nbytes == length - 1)
 	/* We don't have enough space to add a \n and a \0.  Increase
@@ -2579,7 +2723,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
 	    /* We reached the buffer's size limit!  */
 	    {
 	      /* Skip the rest of the line.  */
-	      while (c != '\n' && (c = iobuf_get (a)) != -1)
+	      while ((c = iobuf_get (a)) != -1 && c != '\n')
 		;
 
 	      /* p is pointing at the last byte in the buffer.  We
diff --git a/common/iobuf.h b/common/iobuf.h
index 624e154..a3d9bd5 100644
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -252,6 +252,12 @@ struct iobuf_struct
 extern int iobuf_debug_mode;
 
 
+/* Change the default size for all IOBUFs to KILOBYTE.  This needs to
+ * be called before any iobufs are used and can only be used once.
+ * Returns the current value.  Using 0 has no effect except for
+ * returning the current value.  */
+unsigned int iobuf_set_buffer_size (unsigned int kilobyte);
+
 /* Returns whether the specified filename corresponds to a pipe.  In
    particular, this function checks if FNAME is "-" and, if special
    filenames are enabled (see check_special_filename), whether
@@ -315,8 +321,10 @@ iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
    letter 'w', creates an output filter.  Otherwise, creates an input
    filter.  If KEEP_OPEN is TRUE, then the stream is not closed when
    the filter is destroyed.  Otherwise, the stream is closed when the
-   filter is destroyed.  */
-iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
+   filter is destroyed.  If READLIMIT is not 0 this gives a limit on
+   the number of bytes to read from estream.  */
+iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open,
+                      size_t readlimit);
 
 /* Create a filter using an existing socket.  On Windows creates a
    special socket filter.  On non-Windows systems simply, this simply
diff --git a/common/keyserver.h b/common/keyserver.h
new file mode 100644
index 0000000..850798e
--- /dev/null
+++ b/common/keyserver.h
@@ -0,0 +1,73 @@
+/* keyserver.h - Public definitions for gpg keyserver helpers.
+ * Copyright (C) 2001, 2002, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_KEYSERVER_H
+#define GNUPG_COMMON_KEYSERVER_H
+
+#define KEYSERVER_PROTO_VERSION    1
+
+/* These are usable for return codes for the gpgkeys_ process, and
+   also KEY FAILED codes. */
+#define KEYSERVER_OK               0 /* not an error */
+#define KEYSERVER_INTERNAL_ERROR   1 /* gpgkeys_ internal error */
+#define KEYSERVER_NOT_SUPPORTED    2 /* operation not supported */
+#define KEYSERVER_VERSION_ERROR    3 /* VERSION mismatch */
+#define KEYSERVER_GENERAL_ERROR    4 /* keyserver internal error */
+#define KEYSERVER_NO_MEMORY        5 /* out of memory */
+#define KEYSERVER_KEY_NOT_FOUND    6 /* key not found */
+#define KEYSERVER_KEY_EXISTS       7 /* key already exists */
+#define KEYSERVER_KEY_INCOMPLETE   8 /* key incomplete (EOF) */
+#define KEYSERVER_UNREACHABLE      9 /* unable to contact keyserver */
+
+/* Must be 127 due to shell internal magic. */
+#define KEYSERVER_SCHEME_NOT_FOUND 127
+
+/* Object to hold information pertaining to a keyserver; it also
+   allows building a list of keyservers.  Note that g10/options.h has
+   a typedef for this.  FIXME: We should make use of the
+   parse_uri_t. */
+struct keyserver_spec
+{
+  struct keyserver_spec *next;
+  char *uri;
+  char *scheme;
+  char *auth;
+  char *host;
+  char *port;
+  char *path;
+  char *opaque;
+  strlist_t options;
+  struct
+  {
+    unsigned int direct_uri:1;
+  } flags;
+};
+
+
+#endif /*GNUPG_COMMON_KEYSERVER_H*/
diff --git a/common/logging.c b/common/logging.c
deleted file mode 100644
index 7fe8b74..0000000
--- a/common/logging.c
+++ /dev/null
@@ -1,1110 +0,0 @@
-/* logging.c - Useful logging functions
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
- *               2009, 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute and/or modify this
- * part of GnuPG under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-#include <config.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <errno.h>
-#include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_WINSOCK2_H
-#  include <winsock2.h>
-# endif
-# include <windows.h>
-#else /*!HAVE_W32_SYSTEM*/
-# include <sys/socket.h>
-# include <sys/un.h>
-# include <netinet/in.h>
-# include <arpa/inet.h>
-#endif /*!HAVE_W32_SYSTEM*/
-#include <unistd.h>
-#include <fcntl.h>
-#include <assert.h>
-/* #include <execinfo.h> */
-
-#define GNUPG_COMMON_NEED_AFLOCAL 1
-#include "util.h"
-#include "i18n.h"
-#include "common-defs.h"
-#include "logging.h"
-#include "sysutils.h"
-
-#ifdef HAVE_W32_SYSTEM
-# ifndef S_IRWXG
-#  define S_IRGRP S_IRUSR
-#  define S_IWGRP S_IWUSR
-# endif
-# ifndef S_IRWXO
-#  define S_IROTH S_IRUSR
-#  define S_IWOTH S_IWUSR
-# endif
-#endif
-
-
-#ifdef HAVE_W32CE_SYSTEM
-# define isatty(a)  (0)
-#endif
-
-#undef WITH_IPV6
-#if defined (AF_INET6) && defined(PF_INET) \
-    && defined (INET6_ADDRSTRLEN) && defined(HAVE_INET_PTON)
-# define WITH_IPV6 1
-#endif
-
-#ifndef EAFNOSUPPORT
-# define EAFNOSUPPORT EINVAL
-#endif
-#ifndef INADDR_NONE  /* Slowaris is missing that.  */
-#define INADDR_NONE  ((unsigned long)(-1))
-#endif /*INADDR_NONE*/
-
-#ifdef HAVE_W32_SYSTEM
-#define sock_close(a)  closesocket(a)
-#else
-#define sock_close(a)  close(a)
-#endif
-
-
-static estream_t logstream;
-static int log_socket = -1;
-static char prefix_buffer[80];
-static int with_time;
-static int with_prefix;
-static int with_pid;
-#ifdef HAVE_W32_SYSTEM
-static int no_registry;
-#endif
-static int (*get_pid_suffix_cb)(unsigned long *r_value);
-static const char * (*socket_dir_cb)(void);
-static int running_detached;
-static int force_prefixes;
-
-static int missing_lf;
-static int errorcount;
-
-
-int
-log_get_errorcount (int clear)
-{
-    int n = errorcount;
-    if( clear )
-	errorcount = 0;
-    return n;
-}
-
-void
-log_inc_errorcount (void)
-{
-  /* Protect against counter overflow.  */
-  if (errorcount < 30000)
-    errorcount++;
-}
-
-
-/* The following 3 functions are used by es_fopencookie to write logs
-   to a socket.  */
-struct fun_cookie_s
-{
-  int fd;
-  int quiet;
-  int want_socket;
-  int is_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  int use_writefile;
-#endif
-  char name[1];
-};
-
-
-/* Write NBYTES of BUFFER to file descriptor FD. */
-static int
-writen (int fd, const void *buffer, size_t nbytes, int is_socket)
-{
-  const char *buf = buffer;
-  size_t nleft = nbytes;
-  int nwritten;
-#ifndef HAVE_W32_SYSTEM
-  (void)is_socket; /* Not required.  */
-#endif
-
-  while (nleft > 0)
-    {
-#ifdef HAVE_W32_SYSTEM
-      if (is_socket)
-        nwritten = send (fd, buf, nleft, 0);
-      else
-#endif
-        nwritten = write (fd, buf, nleft);
-
-      if (nwritten < 0 && errno == EINTR)
-        continue;
-      if (nwritten < 0)
-        return -1;
-      nleft -= nwritten;
-      buf = buf + nwritten;
-    }
-
-  return 0;
-}
-
-
-/* Returns true if STR represents a valid port number in decimal
-   notation and no garbage is following.  */
-static int
-parse_portno (const char *str, unsigned short *r_port)
-{
-  unsigned int value;
-
-  for (value=0; *str && (*str >= '0' && *str <= '9'); str++)
-    {
-      value = value * 10 + (*str - '0');
-      if (value > 65535)
-        return 0;
-    }
-  if (*str || !value)
-    return 0;
-
-  *r_port = value;
-  return 1;
-}
-
-
-static gpgrt_ssize_t
-fun_writer (void *cookie_arg, const void *buffer, size_t size)
-{
-  struct fun_cookie_s *cookie = cookie_arg;
-
-  /* FIXME: Use only estream with a callback for socket writing.  This
-     avoids the ugly mix of fd and estream code.  */
-
-  /* Note that we always try to reconnect to the socket but print
-     error messages only the first time an error occurred.  If
-     RUNNING_DETACHED is set we don't fall back to stderr and even do
-     not print any error messages.  This is needed because detached
-     processes often close stderr and by writing to file descriptor 2
-     we might send the log message to a file not intended for logging
-     (e.g. a pipe or network connection). */
-  if (cookie->want_socket && cookie->fd == -1)
-    {
-#ifdef WITH_IPV6
-      struct sockaddr_in6 srvr_addr_in6;
-#endif
-      struct sockaddr_in srvr_addr_in;
-#ifndef HAVE_W32_SYSTEM
-      struct sockaddr_un srvr_addr_un;
-#endif
-      const char *name_for_err = "";
-      size_t addrlen;
-      struct sockaddr *srvr_addr = NULL;
-      unsigned short port = 0;
-      int af = AF_LOCAL;
-      int pf = PF_LOCAL;
-      const char *name = cookie->name;
-
-      /* Not yet open or meanwhile closed due to an error. */
-      cookie->is_socket = 0;
-
-      /* Check whether this is a TCP socket or a local socket.  */
-      if (!strncmp (name, "tcp://", 6) && name[6])
-        {
-          name += 6;
-          af = AF_INET;
-          pf = PF_INET;
-        }
-#ifndef HAVE_W32_SYSTEM
-      else if (!strncmp (name, "socket://", 9))
-        name += 9;
-#endif
-
-      if (af == AF_LOCAL)
-        {
-          addrlen = 0;
-#ifndef HAVE_W32_SYSTEM
-          memset (&srvr_addr, 0, sizeof srvr_addr);
-          srvr_addr_un.sun_family = af;
-          if (!*name && (name = socket_dir_cb ()) && *name)
-            {
-              if (strlen (name) + 7 < sizeof (srvr_addr_un.sun_path)-1)
-                {
-                  strncpy (srvr_addr_un.sun_path,
-                           name, sizeof (srvr_addr_un.sun_path)-1);
-                  strcat (srvr_addr_un.sun_path, "/S.log");
-                  srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
-                  srvr_addr = (struct sockaddr *)&srvr_addr_un;
-                  addrlen = SUN_LEN (&srvr_addr_un);
-                  name_for_err = srvr_addr_un.sun_path;
-                }
-            }
-          else
-            {
-              if (*name && strlen (name) < sizeof (srvr_addr_un.sun_path)-1)
-                {
-                  strncpy (srvr_addr_un.sun_path,
-                           name, sizeof (srvr_addr_un.sun_path)-1);
-                  srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
-                  srvr_addr = (struct sockaddr *)&srvr_addr_un;
-                  addrlen = SUN_LEN (&srvr_addr_un);
-                }
-            }
-#endif /*!HAVE_W32SYSTEM*/
-        }
-      else
-        {
-          char *addrstr, *p;
-#ifdef HAVE_INET_PTON
-          void *addrbuf = NULL;
-#endif /*HAVE_INET_PTON*/
-
-          addrstr = xtrymalloc (strlen (name) + 1);
-          if (!addrstr)
-            addrlen = 0; /* This indicates an error.  */
-          else if (*name == '[')
-            {
-              /* Check for IPv6 literal address.  */
-              strcpy (addrstr, name+1);
-              p = strchr (addrstr, ']');
-              if (!p || p[1] != ':' || !parse_portno (p+2, &port))
-                {
-                  gpg_err_set_errno (EINVAL);
-                  addrlen = 0;
-                }
-              else
-                {
-                  *p = 0;
-#ifdef WITH_IPV6
-                  af = AF_INET6;
-                  pf = PF_INET6;
-                  memset (&srvr_addr_in6, 0, sizeof srvr_addr_in6);
-                  srvr_addr_in6.sin6_family = af;
-                  srvr_addr_in6.sin6_port = htons (port);
-#ifdef HAVE_INET_PTON
-                  addrbuf = &srvr_addr_in6.sin6_addr;
-#endif /*HAVE_INET_PTON*/
-                  srvr_addr = (struct sockaddr *)&srvr_addr_in6;
-                  addrlen = sizeof srvr_addr_in6;
-#else
-                  gpg_err_set_errno (EAFNOSUPPORT);
-                  addrlen = 0;
-#endif
-                }
-            }
-          else
-            {
-              /* Check for IPv4 literal address.  */
-              strcpy (addrstr, name);
-              p = strchr (addrstr, ':');
-              if (!p || !parse_portno (p+1, &port))
-                {
-                  gpg_err_set_errno (EINVAL);
-                  addrlen = 0;
-                }
-              else
-                {
-                  *p = 0;
-                  memset (&srvr_addr_in, 0, sizeof srvr_addr_in);
-                  srvr_addr_in.sin_family = af;
-                  srvr_addr_in.sin_port = htons (port);
-#ifdef HAVE_INET_PTON
-                  addrbuf = &srvr_addr_in.sin_addr;
-#endif /*HAVE_INET_PTON*/
-                  srvr_addr = (struct sockaddr *)&srvr_addr_in;
-                  addrlen = sizeof srvr_addr_in;
-                }
-            }
-
-          if (addrlen)
-            {
-#ifdef HAVE_INET_PTON
-              if (inet_pton (af, addrstr, addrbuf) != 1)
-                addrlen = 0;
-#else /*!HAVE_INET_PTON*/
-              /* We need to use the old function.  If we are here v6
-                 support isn't enabled anyway and thus we can do fine
-                 without.  Note that Windows has a compatible inet_pton
-                 function named inetPton, but only since Vista.  */
-              srvr_addr_in.sin_addr.s_addr = inet_addr (addrstr);
-              if (srvr_addr_in.sin_addr.s_addr == INADDR_NONE)
-                addrlen = 0;
-#endif /*!HAVE_INET_PTON*/
-            }
-
-          xfree (addrstr);
-        }
-
-      cookie->fd = addrlen? socket (pf, SOCK_STREAM, 0) : -1;
-      if (cookie->fd == -1)
-        {
-          if (!cookie->quiet && !running_detached
-              && isatty (es_fileno (es_stderr)))
-            es_fprintf (es_stderr, "failed to create socket for logging: %s\n",
-                        strerror(errno));
-        }
-      else
-        {
-          if (connect (cookie->fd, srvr_addr, addrlen) == -1)
-            {
-              if (!cookie->quiet && !running_detached
-                  && isatty (es_fileno (es_stderr)))
-                es_fprintf (es_stderr, "can't connect to '%s%s': %s\n",
-                            cookie->name, name_for_err, strerror(errno));
-              sock_close (cookie->fd);
-              cookie->fd = -1;
-            }
-        }
-
-      if (cookie->fd == -1)
-        {
-          if (!running_detached)
-            {
-              /* Due to all the problems with apps not running
-                 detached but being called with stderr closed or used
-                 for a different purposes, it does not make sense to
-                 switch to stderr.  We therefore disable it. */
-              if (!cookie->quiet)
-                {
-                  /* fputs ("switching logging to stderr\n", stderr);*/
-                  cookie->quiet = 1;
-                }
-              cookie->fd = -1; /*fileno (stderr);*/
-            }
-        }
-      else /* Connection has been established. */
-        {
-          cookie->quiet = 0;
-          cookie->is_socket = 1;
-        }
-    }
-
-  log_socket = cookie->fd;
-  if (cookie->fd != -1)
-    {
-#ifdef HAVE_W32CE_SYSTEM
-      if (cookie->use_writefile)
-        {
-          DWORD nwritten;
-
-          WriteFile ((HANDLE)cookie->fd, buffer, size, &nwritten, NULL);
-          return (gpgrt_ssize_t)size; /* Okay.  */
-        }
-#endif
-      if (!writen (cookie->fd, buffer, size, cookie->is_socket))
-        return (gpgrt_ssize_t)size; /* Okay. */
-    }
-
-  if (!running_detached && cookie->fd != -1
-      && isatty (es_fileno (es_stderr)))
-    {
-      if (*cookie->name)
-        es_fprintf (es_stderr, "error writing to '%s': %s\n",
-                    cookie->name, strerror(errno));
-      else
-        es_fprintf (es_stderr, "error writing to file descriptor %d: %s\n",
-                    cookie->fd, strerror(errno));
-    }
-  if (cookie->is_socket && cookie->fd != -1)
-    {
-      sock_close (cookie->fd);
-      cookie->fd = -1;
-      log_socket = -1;
-    }
-
-  return (gpgrt_ssize_t)size;
-}
-
-
-static int
-fun_closer (void *cookie_arg)
-{
-  struct fun_cookie_s *cookie = cookie_arg;
-
-  if (cookie->fd != -1 && cookie->fd != 2)
-    sock_close (cookie->fd);
-  xfree (cookie);
-  log_socket = -1;
-  return 0;
-}
-
-
-/* Common function to either set the logging to a file or a file
-   descriptor. */
-static void
-set_file_fd (const char *name, int fd)
-{
-  estream_t fp;
-  int want_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  int use_writefile = 0;
-#endif
-  struct fun_cookie_s *cookie;
-
-  /* Close an open log stream.  */
-  if (logstream)
-    {
-      if (logstream != es_stderr)
-        es_fclose (logstream);
-      logstream = NULL;
-    }
-
-  /* Figure out what kind of logging we want.  */
-  if (name && !strcmp (name, "-"))
-    {
-      name = NULL;
-      fd = es_fileno (es_stderr);
-    }
-
-  want_socket = 0;
-  if (name && !strncmp (name, "tcp://", 6) && name[6])
-    want_socket = 1;
-#ifndef HAVE_W32_SYSTEM
-  else if (name && !strncmp (name, "socket://", 9))
-    want_socket = 2;
-#endif /*HAVE_W32_SYSTEM*/
-#ifdef HAVE_W32CE_SYSTEM
-  else if (name && !strcmp (name, "GPG2:"))
-    {
-      HANDLE hd;
-
-      ActivateDevice (L"Drivers\\"GNUPG_NAME"_Log", 0);
-      /* Ignore a filename and write the debug output to the GPG2:
-         device.  */
-      hd = CreateFile (L"GPG2:", GENERIC_WRITE,
-                       FILE_SHARE_READ | FILE_SHARE_WRITE,
-                       NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
-      fd = (hd == INVALID_HANDLE_VALUE)? -1 : (int)hd;
-      name = NULL;
-      force_prefixes = 1;
-      use_writefile = 1;
-    }
-#endif /*HAVE_W32CE_SYSTEM*/
-
-  /* Setup a new stream.  */
-
-  /* The xmalloc below is justified because we can expect that this
-     function is called only during initialization and there is no
-     easy way out of this error condition.  */
-  cookie = xmalloc (sizeof *cookie + (name? strlen (name):0));
-  strcpy (cookie->name, name? name:"");
-  cookie->quiet = 0;
-  cookie->is_socket = 0;
-  cookie->want_socket = want_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  cookie->use_writefile = use_writefile;
-#endif
-  if (!name)
-    cookie->fd = fd;
-  else if (want_socket)
-    cookie->fd = -1;
-  else
-    {
-      do
-        cookie->fd = open (name, O_WRONLY|O_APPEND|O_CREAT,
-                           (S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR|S_IWGRP|S_IWOTH));
-      while (cookie->fd == -1 && errno == EINTR);
-    }
-  log_socket = cookie->fd;
-
-  {
-    es_cookie_io_functions_t io = { NULL };
-    io.func_write = fun_writer;
-    io.func_close = fun_closer;
-
-    fp = es_fopencookie (cookie, "w", io);
-  }
-
-  /* On error default to a stderr based estream.  */
-  if (!fp)
-    fp = es_stderr;
-
-  es_setvbuf (fp, NULL, _IOLBF, 0);
-
-  logstream = fp;
-
-  /* We always need to print the prefix and the pid for socket mode,
-     so that the server reading the socket can do something
-     meaningful. */
-  force_prefixes = want_socket;
-
-  missing_lf = 0;
-}
-
-
-/* Set the file to write log to.  The special names NULL and "-" may
-   be used to select stderr and names formatted like
-   "socket:///home/foo/mylogs" may be used to write the logging to the
-   socket "/home/foo/mylogs".  If the connection to the socket fails
-   or a write error is detected, the function writes to stderr and
-   tries the next time again to connect the socket.
-  */
-void
-log_set_file (const char *name)
-{
-  set_file_fd (name? name: "-", -1);
-}
-
-void
-log_set_fd (int fd)
-{
-  if (! gnupg_fd_valid (fd))
-    log_fatal ("logger-fd is invalid: %s\n", strerror (errno));
-
-  set_file_fd (NULL, fd);
-}
-
-
-/* Set a function to retrieve the directory name of a socket if
- * only "socket://" has been given to log_set_file.  */
-void
-log_set_socket_dir_cb (const char *(*fnc)(void))
-{
-  socket_dir_cb = fnc;
-}
-
-
-void
-log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value))
-{
-  get_pid_suffix_cb = cb;
-}
-
-
-void
-log_set_prefix (const char *text, unsigned int flags)
-{
-  if (text)
-    {
-      strncpy (prefix_buffer, text, sizeof (prefix_buffer)-1);
-      prefix_buffer[sizeof (prefix_buffer)-1] = 0;
-    }
-
-  with_prefix = (flags & GPGRT_LOG_WITH_PREFIX);
-  with_time = (flags & GPGRT_LOG_WITH_TIME);
-  with_pid  = (flags & GPGRT_LOG_WITH_PID);
-  running_detached = (flags & GPGRT_LOG_RUN_DETACHED);
-#ifdef HAVE_W32_SYSTEM
-  no_registry = (flags & GPGRT_LOG_NO_REGISTRY);
-#endif
-}
-
-
-const char *
-log_get_prefix (unsigned int *flags)
-{
-  if (flags)
-    {
-      *flags = 0;
-      if (with_prefix)
-        *flags |= GPGRT_LOG_WITH_PREFIX;
-      if (with_time)
-        *flags |= GPGRT_LOG_WITH_TIME;
-      if (with_pid)
-        *flags |= GPGRT_LOG_WITH_PID;
-      if (running_detached)
-        *flags |= GPGRT_LOG_RUN_DETACHED;
-#ifdef HAVE_W32_SYSTEM
-      if (no_registry)
-        *flags |= GPGRT_LOG_NO_REGISTRY;
-#endif
-    }
-  return prefix_buffer;
-}
-
-/* This function returns true if the file descriptor FD is in use for
-   logging.  This is preferable over a test using log_get_fd in that
-   it allows the logging code to use more then one file descriptor.  */
-int
-log_test_fd (int fd)
-{
-  if (logstream)
-    {
-      int tmp = es_fileno (logstream);
-      if ( tmp != -1 && tmp == fd)
-        return 1;
-    }
-  if (log_socket != -1 && log_socket == fd)
-    return 1;
-  return 0;
-}
-
-int
-log_get_fd ()
-{
-  return logstream? es_fileno(logstream) : -1;
-}
-
-estream_t
-log_get_stream ()
-{
-  if (!logstream)
-    {
-      log_set_file (NULL); /* Make sure a log stream has been set.  */
-      assert (logstream);
-    }
-  return logstream;
-}
-
-
-static void
-print_prefix (int level, int leading_backspace)
-{
-  if (level != GPGRT_LOG_CONT)
-    { /* Note this does not work for multiple line logging as we would
-       * need to print to a buffer first */
-      if (with_time && !force_prefixes)
-        {
-          struct tm *tp;
-          time_t atime = time (NULL);
-
-          tp = localtime (&atime);
-          es_fprintf_unlocked (logstream, "%04d-%02d-%02d %02d:%02d:%02d ",
-                               1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-                               tp->tm_hour, tp->tm_min, tp->tm_sec );
-        }
-      if (with_prefix || force_prefixes)
-        es_fputs_unlocked (prefix_buffer, logstream);
-      if (with_pid || force_prefixes)
-        {
-          unsigned long pidsuf;
-          int pidfmt;
-
-          if (get_pid_suffix_cb && (pidfmt=get_pid_suffix_cb (&pidsuf)))
-            es_fprintf_unlocked (logstream, pidfmt == 1? "[%u.%lu]":"[%u.%lx]",
-                                 (unsigned int)getpid (), pidsuf);
-          else
-            es_fprintf_unlocked (logstream, "[%u]", (unsigned int)getpid ());
-        }
-      if ((!with_time && (with_prefix || with_pid)) || force_prefixes)
-        es_putc_unlocked (':', logstream);
-      /* A leading backspace suppresses the extra space so that we can
-         correctly output, programname, filename and linenumber. */
-      if (!leading_backspace
-          && (with_time || with_prefix || with_pid || force_prefixes))
-        es_putc_unlocked (' ', logstream);
-    }
-
-  switch (level)
-    {
-    case GPGRT_LOG_BEGIN: break;
-    case GPGRT_LOG_CONT: break;
-    case GPGRT_LOG_INFO: break;
-    case GPGRT_LOG_WARN: break;
-    case GPGRT_LOG_ERROR: break;
-    case GPGRT_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break;
-    case GPGRT_LOG_BUG:   es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break;
-    case GPGRT_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break;
-    default:
-      es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level);
-      break;
-    }
-}
-
-
-static void
-do_logv (int level, int ignore_arg_ptr, const char *extrastring,
-         const char *prefmt, const char *fmt, va_list arg_ptr)
-{
-  int leading_backspace = (fmt && *fmt == '\b');
-
-  if (!logstream)
-    {
-#ifdef HAVE_W32_SYSTEM
-      char *tmp;
-
-      tmp = (no_registry
-             ? NULL
-             : read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR,
-                                         "DefaultLogFile"));
-      log_set_file (tmp && *tmp? tmp : NULL);
-      xfree (tmp);
-#else
-      log_set_file (NULL); /* Make sure a log stream has been set.  */
-#endif
-      assert (logstream);
-    }
-
-  es_flockfile (logstream);
-  if (missing_lf && level != GPGRT_LOG_CONT)
-    es_putc_unlocked ('\n', logstream );
-  missing_lf = 0;
-
-  print_prefix (level, leading_backspace);
-  if (leading_backspace)
-    fmt++;
-
-  if (fmt)
-    {
-      if (prefmt)
-        es_fputs_unlocked (prefmt, logstream);
-
-      if (ignore_arg_ptr)
-        { /* This is used by log_string and comes with the extra
-           * feature that after a LF the next line is indent at the
-           * length of the prefix.  Note that we do not yet include
-           * the length of the timestamp and pid in the indent
-           * computation.  */
-          const char *p, *pend;
-
-          for (p = fmt; (pend = strchr (p, '\n')); p = pend+1)
-            es_fprintf_unlocked (logstream, "%*s%.*s",
-                                 (int)((p != fmt
-                                        && (with_prefix || force_prefixes))
-                                       ?strlen (prefix_buffer)+2:0), "",
-                                 (int)(pend - p)+1, p);
-          es_fputs_unlocked (p, logstream);
-        }
-      else
-        es_vfprintf_unlocked (logstream, fmt, arg_ptr);
-      if (*fmt && fmt[strlen(fmt)-1] != '\n')
-        missing_lf = 1;
-    }
-
-  /* If we have an EXTRASTRING print it now while we still hold the
-   * lock on the logstream.  */
-  if (extrastring)
-    {
-      int c;
-
-      if (missing_lf)
-        {
-          es_putc_unlocked ('\n', logstream);
-          missing_lf = 0;
-        }
-      print_prefix (level, leading_backspace);
-      es_fputs_unlocked (">> ", logstream);
-      missing_lf = 1;
-      while ((c = *extrastring++))
-        {
-          missing_lf = 1;
-          if (c == '\\')
-            es_fputs_unlocked ("\\\\", logstream);
-          else if (c == '\r')
-            es_fputs_unlocked ("\\r", logstream);
-          else if (c == '\n')
-            {
-              es_fputs_unlocked ("\\n\n", logstream);
-              if (*extrastring)
-                {
-                  print_prefix (level, leading_backspace);
-                  es_fputs_unlocked (">> ", logstream);
-                }
-              else
-                missing_lf = 0;
-            }
-          else
-            es_putc_unlocked (c, logstream);
-        }
-      if (missing_lf)
-        {
-          es_putc_unlocked ('\n', logstream);
-          missing_lf = 0;
-        }
-    }
-
-  if (level == GPGRT_LOG_FATAL)
-    {
-      if (missing_lf)
-        es_putc_unlocked ('\n', logstream);
-      es_funlockfile (logstream);
-      exit (2);
-    }
-  else if (level == GPGRT_LOG_BUG)
-    {
-      if (missing_lf)
-        es_putc_unlocked ('\n', logstream );
-      es_funlockfile (logstream);
-      /* Using backtrace requires a configure test and to pass
-       * -rdynamic to gcc.  Thus we do not enable it now.  */
-      /* { */
-      /*   void *btbuf[20]; */
-      /*   int btidx, btlen; */
-      /*   char **btstr; */
-
-      /*   btlen = backtrace (btbuf, DIM (btbuf)); */
-      /*   btstr = backtrace_symbols (btbuf, btlen); */
-      /*   if (btstr) */
-      /*     for (btidx=0; btidx < btlen; btidx++) */
-      /*       log_debug ("[%d] %s\n", btidx, btstr[btidx]); */
-      /* } */
-      abort ();
-    }
-  else
-    es_funlockfile (logstream);
-}
-
-
-void
-log_log (int level, const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt) ;
-  do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_logv (int level, const char *fmt, va_list arg_ptr)
-{
-  do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
-}
-
-
-/* Same as log_logv but PREFIX is printed immediately before FMT.
- * Note that PREFIX is an additional string and independent of the
- * prefix set by log_set_prefix.  */
-void
-log_logv_with_prefix (int level, const char *prefix,
-                      const char *fmt, va_list arg_ptr)
-{
-  do_logv (level, 0, NULL, prefix, fmt, arg_ptr);
-}
-
-
-static void
-do_log_ignore_arg (int level, const char *str, ...)
-{
-  va_list arg_ptr;
-  va_start (arg_ptr, str);
-  do_logv (level, 1, NULL, NULL, str, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-/* Log STRING at LEVEL but indent from the second line on by the
- * length of the prefix.  */
-void
-log_string (int level, const char *string)
-{
-  /* We need a dummy arg_ptr, but there is no portable way to create
-   * one.  So we call the do_logv function through a variadic wrapper. */
-  do_log_ignore_arg (level, string);
-}
-
-
-void
-log_info (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_INFO, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_error (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_ERROR, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-  log_inc_errorcount ();
-}
-
-
-void
-log_fatal (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_FATAL, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-
-
-void
-log_bug (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_BUG, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-
-
-void
-log_debug (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_DEBUG, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-/* The same as log_debug but at the end of the output STRING is
- * printed with LFs expanded to include the prefix and a final --end--
- * marker.  */
-void
-log_debug_with_string (const char *string, const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_DEBUG, 0, string, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_printf (const char *fmt, ...)
-{
-  va_list arg_ptr;
-
-  va_start (arg_ptr, fmt);
-  do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, NULL, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-/* Flush the log - this is useful to make sure that the trailing
-   linefeed has been printed.  */
-void
-log_flush (void)
-{
-  do_log_ignore_arg (GPGRT_LOG_CONT, NULL);
-}
-
-
-/* Print a hexdump of BUFFER.  With TEXT of NULL print just the raw
-   dump, with TEXT just an empty string, print a trailing linefeed,
-   otherwise print an entire debug line. */
-void
-log_printhex (const void *buffer, size_t length, const char *fmt, ...)
-{
-  if (fmt && *fmt)
-    {
-      va_list arg_ptr ;
-
-      va_start (arg_ptr, fmt);
-      do_logv (GPGRT_LOG_DEBUG, 0, NULL, NULL, fmt, arg_ptr);
-      va_end (arg_ptr);
-      log_printf (" ");
-    }
-  if (length)
-    {
-      const unsigned char *p = buffer;
-      log_printf ("%02X", *p);
-      for (length--, p++; length--; p++)
-        log_printf (" %02X", *p);
-    }
-  if (fmt)
-    log_printf ("\n");
-}
-
-
-/*
-void
-log_printcanon () {}
-is found in sexputils.c
-*/
-
-/*
-void
-log_printsexp () {}
-is found in sexputils.c
-*/
-
-
-void
-log_clock (const char *string)
-{
-#if 0
-  static unsigned long long initial;
-  struct timespec tv;
-  unsigned long long now;
-
-  if (clock_gettime (CLOCK_REALTIME, &tv))
-    {
-      log_debug ("error getting the realtime clock value\n");
-      return;
-    }
-  now = tv.tv_sec * 1000000000ull;
-  now += tv.tv_nsec;
-
-  if (!initial)
-    initial = now;
-
-  log_debug ("[%6llu] %s", (now - initial)/1000, string);
-#else
-  /* You need to link with -ltr to enable the above code.  */
-  log_debug ("[not enabled in the source] %s", string);
-#endif
-}
-
-
-#ifdef GPGRT_HAVE_MACRO_FUNCTION
-void
-bug_at( const char *file, int line, const char *func )
-{
-  log_log (GPGRT_LOG_BUG, "... this is a bug (%s:%d:%s)\n", file, line, func);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
-void
-bug_at( const char *file, int line )
-{
-  log_log (GPGRT_LOG_BUG, "you found a bug ... (%s:%d)\n", file, line);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
-
-
-#ifdef GPGRT_HAVE_MACRO_FUNCTION
-void
-_log_assert (const char *expr, const char *file, int line, const char *func)
-{
-  log_log (GPGRT_LOG_BUG, "Assertion \"%s\" in %s failed (%s:%d)\n",
-           expr, func, file, line);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
-void
-_log_assert (const char *expr, const char *file, int line)
-{
-  log_log (GPGRT_LOG_BUG, "Assertion \"%s\" failed (%s:%d)\n",
-           expr, file, line);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
diff --git a/common/logging.h b/common/logging.h
index cb1ec11..a5800cb 100644
--- a/common/logging.h
+++ b/common/logging.h
@@ -38,79 +38,31 @@
 #include "mischelp.h"
 #include "w32help.h"
 
-int  log_get_errorcount (int clear);
-void log_inc_errorcount (void);
-void log_set_file( const char *name );
-void log_set_fd (int fd);
-void log_set_socket_dir_cb (const char *(*fnc)(void));
-void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value));
-void log_set_prefix (const char *text, unsigned int flags);
-const char *log_get_prefix (unsigned int *flags);
-int log_test_fd (int fd);
-int  log_get_fd(void);
-estream_t log_get_stream (void);
-
+/* We use the libgpg-error provided log functions.  but we need one
+ * more function:  */
 #ifdef GPGRT_HAVE_MACRO_FUNCTION
-  void bug_at (const char *file, int line, const char *func)
-               GPGRT_ATTR_NORETURN;
-  void _log_assert (const char *expr, const char *file, int line,
-                    const char *func) GPGRT_ATTR_NORETURN;
-# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__)
-# define log_assert(expr)                                       \
-  ((expr)                                                       \
-   ? (void) 0                                                   \
-   : _log_assert (#expr, __FILE__, __LINE__, __FUNCTION__))
-#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
-  void bug_at (const char *file, int line);
-  void _log_assert (const char *expr, const char *file, int line);
-# define BUG() bug_at( __FILE__ , __LINE__ )
-# define log_assert(expr)                                       \
-  ((expr)                                                       \
-   ? (void) 0                                                   \
-   : _log_assert (#expr, __FILE__, __LINE__))
+#  define BUG() bug_at ( __FILE__, __LINE__, __FUNCTION__)
+static inline void bug_at (const char *file, int line, const char *func)
+                           GPGRT_ATTR_NORETURN;
+static inline void
+bug_at (const char *file, int line, const char *func)
+{
+  gpgrt_log (GPGRT_LOGLVL_BUG, "there is a bug at %s:%d:%s\n",
+             file, line, func);
+  abort ();
+}
+#else
+#  define BUG() bug_at ( __FILE__, __LINE__)
+static inline void bug_at (const char *file, int line)
+                           GPGRT_ATTR_NORETURN;
+static inline void
+bug_at (const char *file, int line)
+{
+  gpgrt_log (GPGRT_LOGLVL_BUG, "there is a bug at %s:%d\n", file, line);
+  abort ();
+}
 #endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
 
-/* Flag values for log_set_prefix. */
-#define GPGRT_LOG_WITH_PREFIX  1
-#define GPGRT_LOG_WITH_TIME    2
-#define GPGRT_LOG_WITH_PID     4
-#define GPGRT_LOG_RUN_DETACHED 256
-#define GPGRT_LOG_NO_REGISTRY  512
-
-/* Log levels as used by log_log.  */
-enum jnlib_log_levels {
-    GPGRT_LOG_BEGIN,
-    GPGRT_LOG_CONT,
-    GPGRT_LOG_INFO,
-    GPGRT_LOG_WARN,
-    GPGRT_LOG_ERROR,
-    GPGRT_LOG_FATAL,
-    GPGRT_LOG_BUG,
-    GPGRT_LOG_DEBUG
-};
-void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3);
-void log_logv (int level, const char *fmt, va_list arg_ptr);
-void log_logv_with_prefix (int level, const char *prefix,
-                           const char *fmt, va_list arg_ptr);
-void log_string (int level, const char *string);
-void log_bug (const char *fmt, ...)    GPGRT_ATTR_NR_PRINTF(1,2);
-void log_fatal (const char *fmt, ...)  GPGRT_ATTR_NR_PRINTF(1,2);
-void log_error (const char *fmt, ...)  GPGRT_ATTR_PRINTF(1,2);
-void log_info (const char *fmt, ...)   GPGRT_ATTR_PRINTF(1,2);
-void log_debug (const char *fmt, ...)  GPGRT_ATTR_PRINTF(1,2);
-void log_debug_with_string (const char *string, const char *fmt,
-                            ...) GPGRT_ATTR_PRINTF(2,3);
-void log_printf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
-void log_flush (void);
-
-/* Print a hexdump of BUFFER.  With FMT passed as NULL print just the
- * raw dump, with FMT being an empty string, print a trailing
- * linefeed, otherwise print an entire debug line with expanded FMT
- * followed by the hexdump and a final LF.  */
-void log_printhex (const void *buffer, size_t length,
-                   const char *fmt, ...) GPGRT_ATTR_PRINTF(3,4);
-
-void log_clock (const char *string);
 
 
 /* Some handy assertion macros which don't abort.  */
diff --git a/common/mapstrings.c b/common/mapstrings.c
index 16da48e..318ca5b 100644
--- a/common/mapstrings.c
+++ b/common/mapstrings.c
@@ -50,6 +50,7 @@ static struct {
   { "GPGSM",     GPGSM_NAME },
   { "GPG_AGENT", GPG_AGENT_NAME },
   { "SCDAEMON",  SCDAEMON_NAME },
+  { "TPM2DAEMON",TPM2DAEMON_NAME},
   { "DIRMNGR",   DIRMNGR_NAME },
   { "G13",       G13_NAME },
   { "GPGCONF",   GPGCONF_NAME },
@@ -68,18 +69,6 @@ struct mapping_s
 static struct mapping_s *mappings;
 
 
-/* Similar to above but using two integers and a domain as key.  */
-struct intmapping_s
-{
-  struct intmapping_s *next;
-  int key1;
-  int key2;
-  const char *string;
-  char domain[1];
-};
-static struct intmapping_s *intmappings;
-
-
 /* If STRING has already been mapped, return the mapped string.  If
    not return NULL.  */
 static const char *
@@ -177,40 +166,3 @@ map_static_macro_string (const char *string)
 
   return store_mapping (string, p);
 }
-
-
-/* If a list of strings has already been mapped to a the tuple
- * (DOMAIN,KEY1,KEY2) return that string.  If not, create a mapping
- * made up of the concatenation of the given strings.  */
-const char *
-map_static_strings (const char *domain, int key1, int key2,
-                    const char *string1, ...)
-{
-  va_list arg_ptr;
-  struct intmapping_s *m;
-
-  if (!string1 || !domain)
-    return "";
-
-  for (m = intmappings; m; m = m->next)
-    if (m->key1 == key1 && m->key2 == key2 && !strcmp (domain, m->domain))
-      return m->string;
-
-  m = xmalloc (sizeof *m + strlen (domain));
-  strcpy (m->domain, domain);
-  m->key1 = key1;
-  m->key2 = key2;
-
-  va_start (arg_ptr, string1);
-  m->string = vstrconcat (string1, arg_ptr);
-  va_end (arg_ptr);
-  if (!m->string)
-    log_fatal ("map_static_strings failed: %s\n", strerror (errno));
-
-  gpgrt_annotate_leaked_object (m->string);
-  gpgrt_annotate_leaked_object (m);
-
-  m->next = intmappings;
-  intmappings = m;
-  return m->string;
-}
diff --git a/common/mbox-util.c b/common/mbox-util.c
index 76255ba..a9086a3 100644
--- a/common/mbox-util.c
+++ b/common/mbox-util.c
@@ -173,11 +173,12 @@ is_valid_mailbox (const char *name)
 
 
 /* Return the mailbox (local-part@domain) form a standard user id.
-   All plain ASCII characters in the result are converted to
-   lowercase.  Caller must free the result.  Returns NULL if no valid
-   mailbox was found (or we are out of memory). */
+ * All plain ASCII characters in the result are converted to
+ * lowercase.  If SUBADDRESS is 1, '+' denoted sub-addresses are not
+ * included in the result.  Caller must free the result.  Returns NULL
+ * if no valid mailbox was found (or we are out of memory). */
 char *
-mailbox_from_userid (const char *userid)
+mailbox_from_userid (const char *userid, int subaddress)
 {
   const char *s, *s_end;
   size_t len;
@@ -226,6 +227,29 @@ mailbox_from_userid (const char *userid)
   else
     errno = EINVAL;
 
+  if (result && subaddress == 1)
+    {
+      char *atsign, *plus;
+
+      if ((atsign = strchr (result, '@')))
+        {
+          /* We consider a subaddress only if there is a single '+'
+           * in the local part and the '+' is not the first or last
+           * character.  */
+          *atsign = 0;
+          if ((plus = strchr (result, '+'))
+              && !strchr (plus+1, '+')
+              && result != plus
+              && plus[1] )
+            {
+              *atsign = '@';
+              memmove (plus, atsign, strlen (atsign)+1);
+            }
+          else
+            *atsign = '@';
+        }
+    }
+
   return result? ascii_strlwr (result): NULL;
 }
 
diff --git a/common/mbox-util.h b/common/mbox-util.h
index 7355cee..10ff2c4 100644
--- a/common/mbox-util.h
+++ b/common/mbox-util.h
@@ -22,7 +22,7 @@
 int has_invalid_email_chars (const void *buffer, size_t length);
 int is_valid_mailbox (const char *name);
 int is_valid_mailbox_mem (const void *buffer, size_t length);
-char *mailbox_from_userid (const char *userid);
+char *mailbox_from_userid (const char *userid, int subaddress);
 int is_valid_user_id (const char *uid);
 int is_valid_domain_name (const char *string);
 
diff --git a/common/membuf.c b/common/membuf.c
index 009fbc3..18a971d 100644
--- a/common/membuf.c
+++ b/common/membuf.c
@@ -111,10 +111,7 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
         }
       mb->buf = p;
     }
-  if (buf)
-    memcpy (mb->buf + mb->len, buf, len);
-  else
-    memset (mb->buf + mb->len, 0, len);
+  memcpy (mb->buf + mb->len, buf, len);
   mb->len += len;
 }
 
diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index c377554..5ede001 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -45,14 +45,14 @@ my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
   /* Map the log levels.  */
   switch (level)
     {
-    case GCRY_LOG_CONT: level = GPGRT_LOG_CONT; break;
-    case GCRY_LOG_INFO: level = GPGRT_LOG_INFO; break;
-    case GCRY_LOG_WARN: level = GPGRT_LOG_WARN; break;
-    case GCRY_LOG_ERROR:level = GPGRT_LOG_ERROR; break;
-    case GCRY_LOG_FATAL:level = GPGRT_LOG_FATAL; break;
-    case GCRY_LOG_BUG:  level = GPGRT_LOG_BUG; break;
-    case GCRY_LOG_DEBUG:level = GPGRT_LOG_DEBUG; break;
-    default:            level = GPGRT_LOG_ERROR; break;
+    case GCRY_LOG_CONT: level = GPGRT_LOGLVL_CONT; break;
+    case GCRY_LOG_INFO: level = GPGRT_LOGLVL_INFO; break;
+    case GCRY_LOG_WARN: level = GPGRT_LOGLVL_WARN; break;
+    case GCRY_LOG_ERROR:level = GPGRT_LOGLVL_ERROR; break;
+    case GCRY_LOG_FATAL:level = GPGRT_LOGLVL_FATAL; break;
+    case GCRY_LOG_BUG:  level = GPGRT_LOGLVL_BUG; break;
+    case GCRY_LOG_DEBUG:level = GPGRT_LOGLVL_DEBUG; break;
+    default:            level = GPGRT_LOGLVL_ERROR; break;
     }
   log_logv (level, fmt, arg_ptr);
 }
@@ -117,59 +117,11 @@ xoutofcore (void)
 }
 
 
-/* This is safe version of realloc useful for reallocing a calloced
- * array.  There are two ways to call it:  The first example
- * reallocates the array A to N elements each of SIZE but does not
- * clear the newly allocated elements:
- *
- *  p = gpgrt_reallocarray (a, n, n, nsize);
- *
- * Note that when NOLD is larger than N no cleaning is needed anyway.
- * The second example reallocates an array of size NOLD to N elements
- * each of SIZE but clear the newly allocated elements:
- *
- *  p = gpgrt_reallocarray (a, nold, n, nsize);
- *
- * Note that gnupg_reallocarray (NULL, 0, n, nsize) is equivalent to
- * gcry_calloc (n, nsize).
- */
-void *
-gnupg_reallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size)
-{
-  size_t oldbytes, bytes;
-  char *p;
-
-  bytes = nmemb * size; /* size_t is unsigned so the behavior on overflow
-                         * is defined. */
-  if (size && bytes / size != nmemb)
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-
-  p = gcry_realloc (a, bytes);
-  if (p && oldnmemb < nmemb)
-    {
-      /* OLDNMEMBS is lower than NMEMB thus the user asked for a
-         calloc.  Clear all newly allocated members.  */
-      oldbytes = oldnmemb * size;
-      if (size && oldbytes / size != oldnmemb)
-        {
-          xfree (p);
-          gpg_err_set_errno (ENOMEM);
-          return NULL;
-        }
-      memset (p + oldbytes, 0, bytes - oldbytes);
-    }
-  return p;
-}
-
-
-/* Die-on-error version of gnupg_reallocarray.   */
+/* Wrapper around gpgrt_reallocarray.   */
 void *
 xreallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size)
 {
-  void *p = gnupg_reallocarray (a, oldnmemb, nmemb, size);
+  void *p = gpgrt_reallocarray (a, oldnmemb, nmemb, size);
   if (!p)
     xoutofcore ();
   return p;
@@ -760,83 +712,3 @@ parse_debug_flag (const char *string, unsigned int *debugvar,
   *debugvar |= result;
   return 0;
 }
-
-
-
-/* Parse an --comaptibility_flags style argument consisting of comma
- * separated strings.
- *
- * Returns: 0 on success or -1 and ERRNO set on error.  On success the
- *          supplied variable is updated by the parsed flags.
- *
- * If STRING is NULL the enabled flags are printed.
- */
-int
-parse_compatibility_flags (const char *string, unsigned int *flagvar,
-                           const struct compatibility_flags_s *flags)
-
-{
-  unsigned long result = 0;
-  int i, j;
-
-  if (!string)
-    {
-      if (flagvar)
-        {
-          log_info ("enabled compatibility flags:");
-          for (i=0; flags[i].name; i++)
-            if ((*flagvar & flags[i].flag))
-              log_printf (" %s", flags[i].name);
-          log_printf ("\n");
-        }
-      return 0;
-    }
-
-  while (spacep (string))
-    string++;
-
-  if (!strcmp (string, "?") || !strcmp (string, "help"))
-    {
-      log_info ("available compatibility flags:\n");
-      for (i=0; flags[i].name; i++)
-        log_info (" %s\n", flags[i].name);
-      if (flags[i].flag != 77)
-        exit (0);
-    }
-  else
-    {
-      char **words;
-      words = strtokenize (string, ",");
-      if (!words)
-        return -1;
-      for (i=0; words[i]; i++)
-        {
-          if (*words[i])
-            {
-              for (j=0; flags[j].name; j++)
-                if (!strcmp (words[i], flags[j].name))
-                  {
-                    result |= flags[j].flag;
-                    break;
-                  }
-              if (!flags[j].name)
-                {
-                  if (!strcmp (words[i], "none"))
-                    {
-                      *flagvar = 0;
-                      result = 0;
-                    }
-                  else if (!strcmp (words[i], "all"))
-                    result = ~0;
-                  else
-                    log_info ("unknown compatibility flag '%s' ignored\n",
-                              words[i]);
-                }
-            }
-        }
-      xfree (words);
-    }
-
-  *flagvar |= result;
-  return 0;
-}
diff --git a/common/mischelp.c b/common/mischelp.c
index ee85002..81dd501 100644
--- a/common/mischelp.c
+++ b/common/mischelp.c
@@ -80,30 +80,35 @@ same_file_p (const char *name1, const char *name2)
 #ifdef HAVE_W32_SYSTEM
       HANDLE file1, file2;
       BY_HANDLE_FILE_INFORMATION info1, info2;
-      wchar_t *wname;
-
-      wname = gpgrt_fname_to_wchar (name1);
-      if (wname)
-        {
-          file1 = CreateFileW (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-          xfree (wname);
-        }
-      else
-        file1 = INVALID_HANDLE_VALUE;
 
+#ifdef HAVE_W32CE_SYSTEM
+      {
+        wchar_t *wname = utf8_to_wchar (name1);
+        if (wname)
+          file1 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+        else
+          file1 = INVALID_HANDLE_VALUE;
+        xfree (wname);
+      }
+#else
+      file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+#endif
       if (file1 == INVALID_HANDLE_VALUE)
         yes = 0; /* If we can't open the file, it is not the same.  */
       else
         {
-          wname = gpgrt_fname_to_wchar (name2);
-          if (wname)
-            {
-              file2 = CreateFileW (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-              xfree (wname);
-            }
-          else
-            file2 = INVALID_HANDLE_VALUE;
-
+#ifdef HAVE_W32CE_SYSTEM
+          {
+            wchar_t *wname = utf8_to_wchar (name2);
+            if (wname)
+              file2 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+            else
+              file2 = INVALID_HANDLE_VALUE;
+            xfree (wname);
+          }
+#else
+          file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+#endif
           if (file2 == INVALID_HANDLE_VALUE)
             yes = 0; /* If we can't open the file, it is not the same.  */
           else
diff --git a/common/name-value.c b/common/name-value.c
index b9b13d1..f663ecf 100644
--- a/common/name-value.c
+++ b/common/name-value.c
@@ -476,33 +476,24 @@ nvc_set (nvc_t pk, const char *name, const char *value)
 
   e = nvc_lookup (pk, name);
   if (e)
-    return nve_set (e, value);
-  else
-    return nvc_add (pk, name, value);
-}
-
-
-/* Update entry E to VALUE.  */
-gpg_error_t
-nve_set (nve_t e, const char *value)
-{
-  char *v;
-
-  if (!e)
-    return GPG_ERR_INV_ARG;
+    {
+      char *v;
 
-  v = xtrystrdup (value? value:"");
-  if (!v)
-    return my_error_from_syserror ();
+      v = xtrystrdup (value);
+      if (v == NULL)
+	return my_error_from_syserror ();
 
-  free_strlist_wipe (e->raw_value);
-  e->raw_value = NULL;
-  if (e->value)
-    wipememory (e->value, strlen (e->value));
-  xfree (e->value);
-  e->value = v;
+      free_strlist_wipe (e->raw_value);
+      e->raw_value = NULL;
+      if (e->value)
+	wipememory (e->value, strlen (e->value));
+      xfree (e->value);
+      e->value = v;
 
-  return 0;
+      return 0;
+    }
+  else
+    return nvc_add (pk, name, value);
 }
 
 
@@ -523,6 +514,7 @@ nvc_delete (nvc_t pk, nve_t entry)
   nve_release (entry, pk->private_key_mode);
 }
 
+
 /* Delete the entries with NAME from PK.  */
 void
 nvc_delete_named (nvc_t pk, const char *name)
@@ -546,32 +538,21 @@ nve_t
 nvc_first (nvc_t pk)
 {
   nve_t entry;
-
-  if (!pk)
-    return NULL;
-
   for (entry = pk->first; entry; entry = entry->next)
     if (entry->name)
       return entry;
-
   return NULL;
 }
 
 
-/* Get the first entry with the given name.  Return NULL if it does
- * not exist.  */
+/* Get the first entry with the given name.  */
 nve_t
 nvc_lookup (nvc_t pk, const char *name)
 {
   nve_t entry;
-
-  if (!pk)
-    return NULL;
-
   for (entry = pk->first; entry; entry = entry->next)
     if (entry->name && ascii_strcasecmp (entry->name, name) == 0)
       return entry;
-
   return NULL;
 }
 
@@ -600,7 +581,7 @@ nve_next_value (nve_t entry, const char *name)
 
 /* Return the string for the first entry in NVC with NAME.  If an
  * entry with NAME is missing in NVC or its value is the empty string
- * NULL is returned.  Note that the returned string is a pointer
+ * NULL is returned.  Note that the The returned string is a pointer
  * into NVC.  */
 const char *
 nvc_get_string (nvc_t nvc, const char *name)
@@ -616,27 +597,6 @@ nvc_get_string (nvc_t nvc, const char *name)
 }
 
 
-/* Return true if NAME exists and its value is true; that is either
- * "yes", "true", or a decimal value unequal to 0.  */
-int
-nvc_get_boolean (nvc_t nvc, const char *name)
-{
-  nve_t item;
-  const char *s;
-
-  if (!nvc)
-    return 0;
-  item = nvc_lookup (nvc, name);
-  if (!item)
-    return 0;
-  s = nve_value (item);
-  if (s && (atoi (s)
-            || !ascii_strcasecmp (s, "yes")
-            || !ascii_strcasecmp (s, "true")))
-    return 1;
-  return 0;
-}
-
 
 
 /* Private key handling.  */
@@ -764,7 +724,6 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream,
       if (raw_value)
 	{
 	  err = _nvc_add (*result, name, NULL, raw_value, 1);
-          name = NULL;
 	  if (err)
 	    goto leave;
 	}
diff --git a/common/name-value.h b/common/name-value.h
index fd0a98c..a6283a6 100644
--- a/common/name-value.h
+++ b/common/name-value.h
@@ -75,9 +75,6 @@ nve_t nve_next_value (nve_t entry, const char *name);
 /* Return the string for the first entry in NVC with NAME or NULL.  */
 const char *nvc_get_string (nvc_t nvc, const char *name);
 
-/* Return a boolean value for the first entry in NVC with NAME.  */
-int nvc_get_boolean (nvc_t nvc, const char *name);
-
 
 
 /* Adding and modifying values.  */
@@ -91,9 +88,6 @@ gpg_error_t nvc_add (nvc_t pk, const char *name, const char *value);
    first entry is updated.  */
 gpg_error_t nvc_set (nvc_t pk, const char *name, const char *value);
 
-/* Update entry E to VALUE.  */
-gpg_error_t nve_set (nve_t e, const char *value);
-
 /* Delete the given entry from PK.  */
 void nvc_delete (nvc_t pk, nve_t pke);
 
@@ -114,7 +108,7 @@ gpg_error_t nvc_set_private_key (nvc_t pk, gcry_sexp_t sexp);
 
 /* Parsing and serialization.  */
 
-/* Parse STREAM and return a newly allocated private key container
+/* Parse STREAM and return a newly allocated name-value container
    structure in RESULT.  If ERRLINEP is given, the line number the
    parser was last considering is stored there.  */
 gpg_error_t nvc_parse (nvc_t *result, int *errlinep, estream_t stream);
diff --git a/common/openpgp-fpr.c b/common/openpgp-fpr.c
deleted file mode 100644
index 7b11008..0000000
--- a/common/openpgp-fpr.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/* openpgp-fpr.c - OpenPGP Fingerprint computation
- * Copyright (C) 2021 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
- */
-
-#include <config.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <ctype.h>
-
-#include "util.h"
-#include "openpgpdefs.h"
-
-/* Count the number of bits, assuming the A represents an unsigned big
- * integer of length LEN bytes. */
-static unsigned int
-count_bits (const unsigned char *a, size_t len)
-{
-  unsigned int n = len * 8;
-  int i;
-
-  for (; len && !*a; len--, a++, n -=8)
-    ;
-  if (len)
-    {
-      for (i=7; i && !(*a & (1<<i)); i--)
-        n--;
-    }
-  return n;
-}
-
-/* Variant of count_bits for simple octet strings.  */
-static unsigned int
-count_sos_bits (const unsigned char *a, size_t len)
-{
-  unsigned int n = len * 8;
-  int i;
-
-  if (len == 0 || *a == 0)
-    return n;
-
-  for (i=7; i && !(*a & (1<<i)); i--)
-    n--;
-
-  return n;
-}
-
-
-gpg_error_t
-compute_openpgp_fpr (int keyversion, int pgpalgo, unsigned long timestamp,
-                     gcry_buffer_t *iov, int iovcnt,
-                     unsigned char *result, unsigned int *r_resultlen)
-{
-  gpg_error_t err;
-  int hashalgo;
-  unsigned char prefix[15];
-  size_t n;
-  int i;
-
-  if (r_resultlen)
-    *r_resultlen = 0;
-
-  if (iovcnt < 2)
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  /* Note that iov[0] is reserved.  */
-  for (n=0, i=1; i < iovcnt; i++)
-    n += iov[i].len;
-
-  i = 0;
-  if (keyversion == 5)
-    {
-      hashalgo = GCRY_MD_SHA256;
-      n += 10; /* Add the prefix length.  */
-      prefix[i++] = 0x9a;
-      prefix[i++] = (n >> 24);
-      prefix[i++] = (n >> 16);
-    }
-  else if (keyversion == 4)
-    {
-      hashalgo = GCRY_MD_SHA1;
-      n += 6;  /* Add the prefix length.  */
-      prefix[i++] = 0x99;
-    }
-  else
-    return gpg_error (GPG_ERR_UNKNOWN_VERSION);
-
-  prefix[i++] = (n >> 8);
-  prefix[i++] = n;
-  prefix[i++] = keyversion;
-  prefix[i++] = (timestamp >> 24);
-  prefix[i++] = (timestamp >> 16);
-  prefix[i++] = (timestamp >>  8);
-  prefix[i++] = (timestamp);
-  prefix[i++] = pgpalgo;
-  if (keyversion == 5)
-    {
-      prefix[i++] = ((n-10) >> 24);
-      prefix[i++] = ((n-10) >> 16);
-      prefix[i++] = ((n-10) >>  8);
-      prefix[i++] = (n-10);
-    }
-  log_assert (i <= sizeof prefix);
-  /* The first element is reserved for our use; set it.  */
-  iov[0].size = 0;
-  iov[0].off = 0;
-  iov[0].len = i;
-  iov[0].data = prefix;
-
-  /* for (i=0; i < iovcnt; i++) */
-  /*   log_printhex (iov[i].data, iov[i].len, "cmpfpr i=%d: ", i); */
-
-  err = gcry_md_hash_buffers (hashalgo, 0, result, iov, iovcnt);
-  /* log_printhex (result, 20, "fingerpint: "); */
-
-  /* Better clear the first element because it was set by us.  */
-  iov[0].size = 0;
-  iov[0].off = 0;
-  iov[0].len = 0;
-  iov[0].data = NULL;
-
-  if (!err && r_resultlen)
-    *r_resultlen = (hashalgo == GCRY_MD_SHA1)? 20 : 32;
-
-  return err;
-}
-
-
-gpg_error_t
-compute_openpgp_fpr_rsa (int keyversion, unsigned long timestamp,
-                         const unsigned char *m, unsigned int mlen,
-                         const unsigned char *e, unsigned int elen,
-                         unsigned char *result, unsigned int *r_resultlen)
-{
-  gcry_buffer_t iov[5] = { {0} };
-  unsigned char nbits_m[2], nbits_e[2];
-  unsigned int n;
-
-  /* Strip leading zeroes. */
-  for (; mlen && !*m; mlen--, m++)
-    ;
-  for (; elen && !*e; elen--, e++)
-    ;
-
-  /* Count bits. */
-  n = count_bits (m, mlen);
-  nbits_m[0] = n >> 8;
-  nbits_m[1] = n;
-
-  n = count_bits (e, elen);
-  nbits_e[0] = n >> 8;
-  nbits_e[1] = n;
-
-  /* Put parms into the array.  Note that iov[0] is reserved. */
-  iov[1].len  = 2;
-  iov[1].data = nbits_m;
-  iov[2].len  = mlen;
-  iov[2].data = (void*)m;
-  iov[3].len  = 2;
-  iov[3].data = nbits_e;
-  iov[4].len  = elen;
-  iov[4].data = (void*)e;
-
-  return compute_openpgp_fpr (keyversion, PUBKEY_ALGO_RSA, timestamp,
-                              iov, 5, result, r_resultlen);
-}
-
-
-/* Determine KDF hash algorithm and KEK encryption algorithm by CURVE.
- * The returned buffer has a length of 4.
- * Note: This needs to be kept in sync with the table in g10/ecdh.c */
-static const unsigned char*
-default_ecdh_params (unsigned int nbits)
-{
-  /* See RFC-6637 for those constants.
-         0x03: Number of bytes
-         0x01: Version for this parameter format
-         KEK digest algorithm
-         KEK cipher algorithm
-  */
-  if (nbits <= 256)
-    return (const unsigned char*)"\x03\x01\x08\x07";
-  else if (nbits <= 384)
-    return (const unsigned char*)"\x03\x01\x09\x09";
-  else
-    return (const unsigned char*)"\x03\x01\x0a\x09";
-}
-
-
-gpg_error_t
-compute_openpgp_fpr_ecc (int keyversion, unsigned long timestamp,
-                         const char *curvename, int for_encryption,
-                         const unsigned char *q, unsigned int qlen,
-                         const unsigned char *kdf, unsigned int kdflen,
-                         unsigned char *result, unsigned int *r_resultlen)
-{
-  gpg_error_t err;
-  const char *curveoidstr;
-  gcry_mpi_t curveoid = NULL;
-  unsigned int curvebits;
-  int pgpalgo;
-  const unsigned char *oidraw;
-  size_t oidrawlen;
-  gcry_buffer_t iov[5] = { {0} };
-  unsigned int iovlen;
-  unsigned char nbits_q[2];
-  unsigned int n;
-
-  curveoidstr = openpgp_curve_to_oid (curvename, &curvebits, &pgpalgo);
-  err = openpgp_oid_from_str (curveoidstr, &curveoid);
-  if (err)
-    goto leave;
-  oidraw = gcry_mpi_get_opaque (curveoid, &n);
-  if (!oidraw)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-  oidrawlen = (n+7)/8;
-
-  /* If the curve does not enforce a certain algorithm, we use the
-   * for_encryption flag to decide which algo to use.  */
-  if (!pgpalgo)
-    pgpalgo = for_encryption? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
-
-  /* Count bits. */
-  n = count_sos_bits (q, qlen);
-  nbits_q[0] = n >> 8;
-  nbits_q[1] = n;
-
-  /* Put parms into the array.  Note that iov[0] is reserved. */
-  iov[1].len  = oidrawlen;
-  iov[1].data = (void*)oidraw;
-  iov[2].len  = 2;
-  iov[2].data = nbits_q;
-  iov[3].len  = qlen;
-  iov[3].data = (void*)q;
-  iovlen = 4;
-  if (pgpalgo == PUBKEY_ALGO_ECDH)
-    {
-      if (!kdf || !kdflen || !kdf[0])
-        {
-          /* No KDF given - use the default.  */
-          kdflen = 4;
-          kdf = default_ecdh_params (curvebits);
-        }
-      iov[4].len  = kdflen;
-      iov[4].data = (void*)kdf;
-      iovlen++;
-    }
-
-  err = compute_openpgp_fpr (keyversion, pgpalgo, timestamp,
-                             iov, iovlen, result, r_resultlen);
-
- leave:
-  gcry_mpi_release (curveoid);
-  return err;
-}
diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
index 943fe3e..0189407 100644
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@@ -48,6 +48,8 @@ static struct {
 
   { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519", PUBKEY_ALGO_ECDH },
   { "Ed25519",    "1.3.6.1.4.1.11591.15.1", 255, "ed25519", PUBKEY_ALGO_EDDSA },
+  { "X448",       "1.3.101.111",            448, "cv448",   PUBKEY_ALGO_ECDH },
+  { "Ed448",      "1.3.101.113",            456, "ed448",   PUBKEY_ALGO_EDDSA },
 
   { "NIST P-256",      "1.2.840.10045.3.1.7",    256, "nistp256" },
   { "NIST P-384",      "1.3.132.0.34",           384, "nistp384" },
@@ -71,6 +73,35 @@ static const char oid_ed25519[] =
 static const char oid_cv25519[] =
   { 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01 };
 
+/* The OID for X448 in OpenPGP format. */
+/*
+ * Here, we have a little semantic discrepancy.  X448 is the name of
+ * the ECDH computation and the OID is assigned to the algorithm in
+ * RFC 8410.  Note that this OID is not the one which is assigned to
+ * the curve itself (originally in 8410).  Nevertheless, we use "X448"
+ * for the curve in libgcrypt.
+ */
+static const char oid_cv448[] = { 0x03, 0x2b, 0x65, 0x6f };
+
+/* The OID for Ed448 in OpenPGP format. */
+static const char oid_ed448[] = { 0x03, 0x2b, 0x65, 0x71 };
+
+
+/* A table to store keyalgo strings like "rsa2048 or "ed25519" so that
+ * we do not need to allocate them.  This is currently a simple array
+ * but may eventually be changed to a fast data structure.  Noet that
+ * unknown algorithms are stored with (NBITS,CURVE) set to (0,NULL). */
+struct keyalgo_string_s
+{
+  enum gcry_pk_algos algo;   /* Mandatory. */
+  unsigned int nbits;        /* Size for classical algos.  */
+  char *curve;               /* Curvename (OID) or NULL.   */
+  char *name;                /* Allocated name.  */
+};
+static struct keyalgo_string_s *keyalgo_strings;  /* The table.       */
+static size_t keyalgo_strings_size;               /* Allocated size.  */
+static size_t keyalgo_strings_used;               /* Used size.       */
+
 
 /* Helper for openpgp_oid_from_str.  */
 static size_t
@@ -209,7 +240,7 @@ openpgp_oidbuf_to_str (const unsigned char *buf, size_t len)
 
   /* To calculate the length of the string we can safely assume an
      upper limit of 3 decimal characters per byte.  Two extra bytes
-     account for the special first octect */
+     account for the special first octet */
   string = p = xtrymalloc (len*(1+3)+2+1);
   if (!string)
     return NULL;
@@ -282,7 +313,6 @@ openpgp_oid_to_str (gcry_mpi_t a)
       return NULL;
     }
 
-  buf = gcry_mpi_get_opaque (a, &lengthi);
   return openpgp_oidbuf_to_str (buf, (lengthi+7)/8);
 }
 
@@ -320,6 +350,24 @@ openpgp_oidbuf_is_cv25519 (const void *buf, size_t len)
 }
 
 
+/* Return true if (BUF,LEN) represents the OID for Ed448.  */
+static int
+openpgp_oidbuf_is_ed448 (const void *buf, size_t len)
+{
+  return (buf && len == DIM (oid_ed448)
+          && !memcmp (buf, oid_ed448, DIM (oid_ed448)));
+}
+
+
+/* Return true if (BUF,LEN) represents the OID for X448.  */
+static int
+openpgp_oidbuf_is_cv448 (const void *buf, size_t len)
+{
+  return (buf && len == DIM (oid_cv448)
+          && !memcmp (buf, oid_cv448, DIM (oid_cv448)));
+}
+
+
 /* Return true if the MPI A represents the OID for Curve25519.  */
 int
 openpgp_oid_is_cv25519 (gcry_mpi_t a)
@@ -335,6 +383,36 @@ openpgp_oid_is_cv25519 (gcry_mpi_t a)
 }
 
 
+/* Return true if the MPI A represents the OID for Ed448.  */
+int
+openpgp_oid_is_ed448 (gcry_mpi_t a)
+{
+  const unsigned char *buf;
+  unsigned int nbits;
+
+  if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+    return 0;
+
+  buf = gcry_mpi_get_opaque (a, &nbits);
+  return openpgp_oidbuf_is_ed448 (buf, (nbits+7)/8);
+}
+
+
+/* Return true if the MPI A represents the OID for X448.  */
+int
+openpgp_oid_is_cv448 (gcry_mpi_t a)
+{
+  const unsigned char *buf;
+  unsigned int nbits;
+
+  if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+    return 0;
+
+  buf = gcry_mpi_get_opaque (a, &nbits);
+  return openpgp_oidbuf_is_cv448 (buf, (nbits+7)/8);
+}
+
+
 /* Map the Libgcrypt ECC curve NAME to an OID.  If R_NBITS is not NULL
    store the bit size of the curve there.  Returns NULL for unknown
    curve names.  If R_ALGO is not NULL and a specific ECC algorithm is
@@ -383,9 +461,9 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo)
 }
 
 
-/* Map an OpenPGP OID to the Libgcrypt curve NAME.  Returns NULL for
-   unknown curve names.  Unless CANON is set we prefer an alias name
-   here which is more suitable for printing.  */
+/* Map an OpenPGP OID to the Libgcrypt curve name.  Returns NULL for
+ * unknown curve names.  Unless CANON is set we prefer an alias name
+ * here which is more suitable for printing.  */
 const char *
 openpgp_oid_to_curve (const char *oidstr, int canon)
 {
@@ -402,6 +480,27 @@ openpgp_oid_to_curve (const char *oidstr, int canon)
 }
 
 
+/* Map an OpenPGP OID, name or alias to the Libgcrypt curve name.
+ * Returns NULL for unknown curve names.  Unless CANON is set we
+ * prefer an alias name here which is more suitable for printing.  */
+const char *
+openpgp_oid_or_name_to_curve (const char *oidname, int canon)
+{
+  int i;
+
+  if (!oidname)
+    return NULL;
+
+  for (i=0; oidtable[i].name; i++)
+    if (!strcmp (oidtable[i].oidstr, oidname)
+        || !strcmp (oidtable[i].name, oidname)
+        || (oidtable[i].alias &&!strcmp (oidtable[i].alias, oidname)))
+      return !canon && oidtable[i].alias? oidtable[i].alias : oidtable[i].name;
+
+  return NULL;
+}
+
+
 /* Return true if the curve with NAME is supported.  */
 static int
 curve_supported_p (const char *name)
@@ -470,3 +569,141 @@ openpgp_is_curve_supported (const char *name, int *r_algo,
     }
   return NULL;
 }
+
+
+/* Map a Gcrypt public key algorithm number to the used by OpenPGP.
+ * Returns 0 for unknown gcry algorithm.  */
+pubkey_algo_t
+map_gcry_pk_to_openpgp (enum gcry_pk_algos algo)
+{
+  switch (algo)
+    {
+    case GCRY_PK_EDDSA:  return PUBKEY_ALGO_EDDSA;
+    case GCRY_PK_ECDSA:  return PUBKEY_ALGO_ECDSA;
+    case GCRY_PK_ECDH:   return PUBKEY_ALGO_ECDH;
+    default: return algo < 110 ? (pubkey_algo_t)algo : 0;
+    }
+}
+
+
+/* Map an OpenPGP public key algorithm number to the one used by
+ * Libgcrypt.  Returns 0 for unknown gcry algorithm.  */
+enum gcry_pk_algos
+map_openpgp_pk_to_gcry (pubkey_algo_t algo)
+{
+  switch (algo)
+    {
+    case PUBKEY_ALGO_EDDSA:  return GCRY_PK_EDDSA;
+    case PUBKEY_ALGO_ECDSA:  return GCRY_PK_ECDSA;
+    case PUBKEY_ALGO_ECDH:   return GCRY_PK_ECDH;
+    default: return algo < 110 ? (enum gcry_pk_algos)algo : 0;
+    }
+}
+
+
+/* Return a string describing the public key algorithm and the
+ * keysize.  For elliptic curves the function prints the name of the
+ * curve because the keysize is a property of the curve.  ALGO is the
+ * Gcrypt algorithm number, CURVE is either NULL or gives the OID of
+ * the curve, NBITS is either 0 or the size for algorithms like RSA.
+ * The returned string is taken from permanent table.  Examples
+ * for the output are:
+ *
+ * "rsa3072"    - RSA with 3072 bit
+ * "elg1024"    - Elgamal with 1024 bit
+ * "ed25519"    - ECC using the curve Ed25519.
+ * "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
+ * "E_1.3.6.1.4.1.11591.2.12242973" - ECC with a bogus OID.
+ * "unknown_N"  - Unknown OpenPGP algorithm N.
+ *                If N is > 110 this is a gcrypt algo.
+ */
+const char *
+get_keyalgo_string (enum gcry_pk_algos algo,
+                    unsigned int nbits, const char *curve)
+{
+  const char *prefix;
+  int i;
+  char *name, *curvebuf;
+
+  switch (algo)
+    {
+    case GCRY_PK_RSA:   prefix = "rsa"; break;
+    case GCRY_PK_ELG:   prefix = "elg"; break;
+    case GCRY_PK_DSA:	prefix = "dsa"; break;
+    case GCRY_PK_ECC:
+    case GCRY_PK_ECDH:
+    case GCRY_PK_ECDSA:
+    case GCRY_PK_EDDSA: prefix = "";    break;
+    default:            prefix = NULL;  break;
+    }
+
+  if (prefix && *prefix && nbits)
+    {
+      for (i=0; i < keyalgo_strings_used; i++)
+        {
+          if (keyalgo_strings[i].algo == algo
+              && keyalgo_strings[i].nbits
+              && keyalgo_strings[i].nbits == nbits)
+            return keyalgo_strings[i].name;
+        }
+      /* Not yet in the table - add it.  */
+      name = xasprintf ("%s%u", prefix, nbits);
+      nbits = nbits? nbits : 1;  /* No nbits - oops - use 1 instead.  */
+      curvebuf = NULL;
+    }
+  else if (prefix && !*prefix)
+    {
+      const char *curvename;
+
+      for (i=0; i < keyalgo_strings_used; i++)
+        {
+          if (keyalgo_strings[i].algo == algo
+              && keyalgo_strings[i].curve
+              && !strcmp (keyalgo_strings[i].curve, curve))
+            return keyalgo_strings[i].name;
+        }
+
+      /* Not yet in the table - add it.  */
+      curvename = openpgp_oid_or_name_to_curve (curve, 0);
+      if (curvename)
+        name = xasprintf ("%s", curvename);
+      else if (curve)
+        name = xasprintf ("E_%s", curve);
+      else
+        name = xasprintf ("E_error");
+      nbits = 0;
+      curvebuf = xstrdup (curve);
+    }
+  else
+    {
+      for (i=0; i < keyalgo_strings_used; i++)
+        {
+          if (keyalgo_strings[i].algo == algo
+              && !keyalgo_strings[i].nbits
+              && !keyalgo_strings[i].curve)
+            return keyalgo_strings[i].name;
+        }
+      /* Not yet in the table - add it.  */
+      name = xasprintf ("unknown_%u", (unsigned int)algo);
+      nbits = 0;
+      curvebuf = NULL;
+    }
+
+  /* Store a new entry.  This is a loop because of a possible nPth
+   * thread switch during xrealloc.  */
+  while (keyalgo_strings_used >= keyalgo_strings_size)
+    {
+      keyalgo_strings_size += 10;
+      if (keyalgo_strings_size > 1024*1024)
+        log_fatal ("%s: table getting too large - possible DoS\n", __func__);
+      keyalgo_strings = xrealloc (keyalgo_strings, (keyalgo_strings_size
+                                                    * sizeof *keyalgo_strings));
+    }
+  keyalgo_strings[keyalgo_strings_used].algo = algo;
+  keyalgo_strings[keyalgo_strings_used].nbits = nbits;
+  keyalgo_strings[keyalgo_strings_used].curve = curvebuf;
+  keyalgo_strings[keyalgo_strings_used].name = name;
+  keyalgo_strings_used++;
+
+  return name;  /* Note that this is in the table.  */
+}
diff --git a/common/openpgp-s2k.c b/common/openpgp-s2k.c
new file mode 100644
index 0000000..69de763
--- /dev/null
+++ b/common/openpgp-s2k.c
@@ -0,0 +1,67 @@
+/* openpgp-s2ks.c - OpenPGP S2K helper functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 2010, 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include "util.h"
+#include "openpgpdefs.h"
+
+
+/* Pack an s2k iteration count into the form specified in RFC-4880.
+ * If we're in between valid values, round up.  */
+unsigned char
+encode_s2k_iterations (int iterations)
+{
+  unsigned char c=0;
+  unsigned char result;
+  unsigned int count;
+
+  if (iterations <= 1024)
+    return 0;  /* Command line arg compatibility.  */
+
+  if (iterations >= 65011712)
+    return 255;
+
+  /* Need count to be in the range 16-31 */
+  for (count=iterations>>6; count>=32; count>>=1)
+    c++;
+
+  result = (c<<4)|(count-16);
+
+  if (S2K_DECODE_COUNT(result) < iterations)
+    result++;
+
+  return result;
+}
diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
index 05f3621..5ab45de 100644
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@@ -119,6 +119,7 @@ typedef enum
     SIGSUBPKT_ISSUER_FPR    = 33, /* Issuer fingerprint. */
     SIGSUBPKT_PREF_AEAD     = 34, /* Preferred AEAD algorithms. */
 
+    SIGSUBPKT_ATTST_SIGS    = 37, /* Attested Certifications.  */
     SIGSUBPKT_KEY_BLOCK     = 38, /* Entire key used.          */
 
     SIGSUBPKT_FLAG_CRITICAL = 128
@@ -126,16 +127,6 @@ typedef enum
 sigsubpkttype_t;
 
 
-/* Note that we encode the AEAD algo in a 3 bit field at some places.  */
-typedef enum
-  {
-    AEAD_ALGO_NONE	    =  0,
-    AEAD_ALGO_EAX	    =  1,
-    AEAD_ALGO_OCB	    =  2
-  }
-aead_algo_t;
-
-
 typedef enum
   {
     CIPHER_ALGO_NONE	    =  0,
@@ -156,6 +147,16 @@ typedef enum
 cipher_algo_t;
 
 
+/* Note that we encode the AEAD algo in a 3 bit field at some places.  */
+typedef enum
+  {
+    AEAD_ALGO_NONE	    =  0,
+    AEAD_ALGO_EAX	    =  1,
+    AEAD_ALGO_OCB	    =  2
+  }
+aead_algo_t;
+
+
 typedef enum
   {
     PUBKEY_ALGO_RSA         =  1,
@@ -205,26 +206,18 @@ compress_algo_t;
 #define OPENPGP_MAX_NENC   2  /* Maximum number of encryption parameters. */
 
 
-/*-- openpgp-fpr.c --*/
-gpg_error_t compute_openpgp_fpr (int keyversion, int pgpalgo,
-                                 unsigned long timestamp,
-                                 gcry_buffer_t *iov, int iovcnt,
-                                 unsigned char *result,
-                                 unsigned int *r_resultlen);
-gpg_error_t compute_openpgp_fpr_rsa (int keyversion,
-                                     unsigned long timestamp,
-                                     const unsigned char *m, unsigned int mlen,
-                                     const unsigned char *e, unsigned int elen,
-                                     unsigned char *result,
-                                     unsigned int *r_resultlen);
-gpg_error_t compute_openpgp_fpr_ecc (int keyversion,
-                                     unsigned long timestamp,
-                                     const char *curvename, int for_encryption,
-                                     const unsigned char *q, unsigned int qlen,
-                                     const unsigned char *kdf,
-                                     unsigned int kdflen,
-                                     unsigned char *result,
-                                     unsigned int *r_resultlen);
+/* Decode an rfc4880 encoded S2K count.  */
+#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
+
+
+/*-- openpgp-s2k.c --*/
+unsigned char encode_s2k_iterations (int iterations);
+
+
+/*-- openpgp-oid.c --*/
+pubkey_algo_t map_gcry_pk_to_openpgp (enum gcry_pk_algos algo);
+enum gcry_pk_algos map_openpgp_pk_to_gcry (pubkey_algo_t algo);
+
 
 
 #endif /*GNUPG_COMMON_OPENPGPDEFS_H*/
diff --git a/common/percent.c b/common/percent.c
index 224de78..debf157 100644
--- a/common/percent.c
+++ b/common/percent.c
@@ -37,16 +37,16 @@
 
 
 /* Create a newly alloced string from STRING with all spaces and
-   control characters converted to plus signs or %xx sequences.  The
-   function returns the new string or NULL in case of a malloc
-   failure.
-
-   Note that we also escape the quote character to work around a bug
-   in the mingw32 runtime which does not correcty handle command line
-   quoting.  We correctly double the quote mark when calling a program
-   (i.e. gpg-protect-tool), but the pre-main code does not notice the
-   double quote as an escaped quote.  We do this also on POSIX systems
-   for consistency.  */
+ * control characters converted to plus signs or %xx sequences.  The
+ * function returns the new string or NULL in case of a malloc
+ * failure.
+ *
+ * Note that this function also escapes the quote character to work
+ * around a bug in the mingw32 runtime which does not correctly handle
+ * command line quoting.  We correctly double the quote mark when
+ * calling a program (i.e. gpg-protect-tool), but the pre-main code
+ * does not notice the double quote as an escaped quote.  We do this
+ * also on POSIX systems for consistency.  */
 char *
 percent_plus_escape (const char *string)
 {
diff --git a/common/pkscreening.c b/common/pkscreening.c
new file mode 100644
index 0000000..a3bfb47
--- /dev/null
+++ b/common/pkscreening.c
@@ -0,0 +1,159 @@
+/* pkscreening.c - Screen public keys for vulnerabilities
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+
+#include "util.h"
+#include "pkscreening.h"
+
+
+/* Helper */
+static inline gpg_error_t
+my_error (gpg_err_code_t ec)
+{
+  return gpg_err_make (default_errsource, ec);
+}
+
+
+/* Emulation of the new gcry_mpi_get_ui function.  */
+static gpg_error_t
+my_mpi_get_ui (unsigned int *v, gcry_mpi_t a)
+{
+  gpg_error_t err;
+  unsigned char buf[8];
+  size_t n;
+  int i, mul;
+
+  if (gcry_mpi_cmp_ui (a, 16384) > 0)
+    return my_error (GPG_ERR_ERANGE); /* Clearly too large for our purpose.  */
+
+  err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, a);
+  if (err)
+    return err;
+
+  *v = 0;
+  for (i = n - 1, mul = 1; i >= 0; i--, mul *= 256)
+    *v += mul * buf[i];
+
+  return 0;
+}
+
+
+/* Detect whether the MODULUS of a public RSA key is affected by the
+ * ROCA vulnerability as found in the Infinion RSA library
+ * (CVE-2017-15361).  Returns 0 if not affected, GPG_ERR_TRUE if
+ * affected, GPG_ERR_BAD_MPI if an opaque RSA was passed, or other
+ * error codes if something weird happened  */
+gpg_error_t
+screen_key_for_roca (gcry_mpi_t modulus)
+{
+  static struct {
+    unsigned int prime_ui;
+    const char *print_hex;
+    gcry_mpi_t prime;
+    gcry_mpi_t print;
+  } table[] = {
+   { 3,   "0x6" },
+   { 5,   "0x1E" },
+   { 7,   "0x7E" },
+   { 11,  "0x402" },
+   { 13,  "0x161A" },
+   { 17,  "0x1A316" },
+   { 19,  "0x30AF2" },
+   { 23,  "0x7FFFFE" },
+   { 29,  "0x1FFFFFFE" },
+   { 31,  "0x7FFFFFFE" },
+   { 37,  "0x4000402"  },
+   { 41,  "0x1FFFFFFFFFE" },
+   { 43,  "0x7FFFFFFFFFE" },
+   { 47,  "0x7FFFFFFFFFFE" },
+   { 53,  "0x12DD703303AED2" },
+   { 59,  "0x7FFFFFFFFFFFFFE" },
+   { 61,  "0x1434026619900B0A" },
+   { 67,  "0x7FFFFFFFFFFFFFFFE" },
+   { 71,  "0x1164729716B1D977E" },
+   { 73,  "0x147811A48004962078A" },
+   { 79,  "0xB4010404000640502"   },
+   { 83,  "0x7FFFFFFFFFFFFFFFFFFFE" },
+   { 89,  "0x1FFFFFFFFFFFFFFFFFFFFFE" },
+   { 97,  "0x1000000006000001800000002" },
+   { 101, "0x1FFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 103, "0x16380E9115BD964257768FE396" },
+   { 107, "0x27816EA9821633397BE6A897E1A" },
+   { 109, "0x1752639F4E85B003685CBE7192BA" },
+   { 113, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 127, "0x6CA09850C2813205A04C81430A190536" },
+   { 131, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 137, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 139, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 149, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 151, "0x50C018BC00482458DAC35B1A2412003D18030A" },
+   { 157, "0x161FB414D76AF63826461899071BD5BACA0B7E1A" },
+   { 163, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" },
+   { 167, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }
+  };
+  gpg_error_t err;
+  int i;
+  gcry_mpi_t rem;
+  unsigned int bitno;
+
+  /* Initialize on the first call. */
+  if (!table[0].prime)
+    {
+      /* We pass primes[i] to the call so that in case of a concurrent
+       * second thread the already allocated space is reused.  */
+      for (i = 0; i < DIM (table); i++)
+        {
+          table[i].prime = gcry_mpi_set_ui (table[i].prime, table[i].prime_ui);
+          if (gcry_mpi_scan (&table[i].print, GCRYMPI_FMT_HEX,
+                             table[i].print_hex, 0, NULL))
+            BUG ();
+        }
+    }
+
+  /* Check that it is not NULL or an opaque MPI.  */
+  if (!modulus || gcry_mpi_get_flag (modulus, GCRYMPI_FLAG_OPAQUE))
+    return my_error (GPG_ERR_BAD_MPI);
+
+  /* We divide the modulus of an RSA public key by a set of small
+   * PRIMEs and examine all the remainders.  If all the bits at the
+   * index given by the remainder are set in the corresponding PRINT
+   * masks the key is very likely vulnerable.  If any of the tested
+   * bits is zero, the key is not vulnerable.  */
+  rem = gcry_mpi_new (0);
+  for (i = 0; i < DIM (table); i++)
+    {
+      gcry_mpi_mod (rem, modulus, table[i].prime);
+      err = my_mpi_get_ui (&bitno, rem);
+      if (gpg_err_code (err) == GPG_ERR_ERANGE)
+        continue;
+      if (err)
+        goto leave;
+      if (!gcry_mpi_test_bit (table[i].print, bitno))
+        goto leave;  /* Not vulnerable.  */
+    }
+
+  /* Very likely vulnerable */
+  err = my_error (GPG_ERR_TRUE);
+
+ leave:
+  gcry_mpi_release (rem);
+  return err;
+}
diff --git a/common/pkscreening.h b/common/pkscreening.h
new file mode 100644
index 0000000..a647589
--- /dev/null
+++ b/common/pkscreening.h
@@ -0,0 +1,26 @@
+/* pkscreening.c - Screen public keys for vulnerabilities
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_PKSCREENING_H
+#define GNUPG_COMMON_PKSCREENING_H
+
+gpg_error_t screen_key_for_roca (gcry_mpi_t modulus);
+
+
+#endif /*GNUPG_COMMON_PKSCREENING_H*/
diff --git a/common/recsel.c b/common/recsel.c
index df77b57..b2b302b 100644
--- a/common/recsel.c
+++ b/common/recsel.c
@@ -172,8 +172,6 @@ find_next_lc (char *string)
  *
  *   --  VALUE spans to the end of the expression.
  *   -c  The string match in this part is done case-sensitive.
- *   -t  Do not trim leading and trailing spaces from VALUE.
- *       Note that a space after <op> is here required.
  *
  * For example four calls to recsel_parse_expr() with these values for
  * EXPR
@@ -205,7 +203,6 @@ recsel_parse_expr (recsel_expr_t *selector, const char *expression)
   char *s0, *s;
   int toend = 0;
   int xcase = 0;
-  int notrim = 0;
   int disjun = 0;
   char *next_lc = NULL;
 
@@ -235,7 +232,6 @@ recsel_parse_expr (recsel_expr_t *selector, const char *expression)
         {
         case '-': toend = 1; break;
         case 'c': xcase = 1; break;
-        case 't': notrim = 1; break;
         default:
           log_error ("invalid flag '-%c' in expression\n", *expr);
           recsel_release (se_head);
@@ -395,11 +391,8 @@ recsel_parse_expr (recsel_expr_t *selector, const char *expression)
       return my_error (GPG_ERR_INV_OP);
     }
 
-  if (*s == ' ' || *s == '\t')
+  while (*s == ' ' || *s == '\t')
     s++;
-  if (!notrim)
-    while (*s == ' ' || *s == '\t')
-      s++;
 
   if (se->op == SELECT_NONEMPTY || se->op == SELECT_ISTRUE)
     {
@@ -432,8 +425,7 @@ recsel_parse_expr (recsel_expr_t *selector, const char *expression)
       return my_error (GPG_ERR_NO_NAME);
     }
 
-  if (!notrim)
-    trim_spaces (se->name + (s - expr));
+  trim_spaces (se->name + (s - expr));
   se->value = se->name + (s - expr);
   if (!se->value[0] && !(se->op == SELECT_NONEMPTY || se->op == SELECT_ISTRUE))
     {
diff --git a/common/session-env.c b/common/session-env.c
index c46529a..5d6b66d 100644
--- a/common/session-env.c
+++ b/common/session-env.c
@@ -71,11 +71,6 @@ static struct
   { "XMODIFIERS" },              /* Used by Xlib to select X input
                                       modules (eg "@im=SCIM").  */
   { "WAYLAND_DISPLAY" },         /* For the Wayland display engine.  */
-  { "XDG_SESSION_TYPE" },        /* Used by Qt and other non-GTK toolkits
-                                    to check for x11 or wayland.  */
-  { "QT_QPA_PLATFORM" },         /* Used by Qt to explicitly request
-                                    x11 or wayland; in particular, needed
-                                    to make Qt use Wayland on Gnome.  */
   { "GTK_IM_MODULE" },           /* Used by gtk to select gtk input
                                     modules (eg "scim-bridge").  */
   { "DBUS_SESSION_BUS_ADDRESS" },/* Used by GNOME3 to talk to gcr over
@@ -103,13 +98,45 @@ static size_t lastallocatedarraysize;
 
 /* Return the names of standard environment variables one after the
    other.  The caller needs to set the value at the address of
-   ITERATOR initially to 0 and then call this function until it returns
-   NULL.  */
+   ITERATOR initially to 0 and then call this function until it
+   returns NULL.  If ITERATOR is NULL, a single comma delimited string
+   with the names is returned; NULL is never returned in this case and
+   R_ASSNAME is ignored.  */
 const char *
 session_env_list_stdenvnames (int *iterator, const char **r_assname)
 {
-  int idx = *iterator;
+  int idx;
+  static char *commastring;
+
+  if (!iterator)
+    {
+      if (!commastring)
+        {
+          size_t len = 0;
+          char *p;
+
+          for (idx = 0; idx < DIM (stdenvnames); idx++)
+            len += strlen (stdenvnames[idx].name) + 1;
+          commastring = xtrymalloc (len);
+          if (!commastring)
+            {
+              log_error ("%s: error allocating string: %s\n", __func__,
+                         gpg_strerror (gpg_error_from_syserror ()));
+              return "GPG_TTY,TERM,DISPLAY";
+            }
+          p = commastring;
+          for (idx = 0; idx < DIM (stdenvnames); idx++)
+            {
+              if (idx)
+                *p++ = ',';
+              p = stpcpy (p, stdenvnames[idx].name);
+            }
+          gpgrt_annotate_leaked_object (commastring);
+        }
+      return commastring;
+    }
 
+  idx = *iterator;
   if (idx < 0 || idx >= DIM (stdenvnames))
     return NULL;
   *iterator = idx + 1;
@@ -381,7 +408,7 @@ session_env_getenv_or_default (session_env_t se, const char *name,
    until it returns NULL.  The value is returned at R_VALUE.  If
    R_DEFAULT is not NULL, the default flag is stored on return.  The
    default flag indicates that the value has been taken from the
-   process' environment.  The caller must not change the returned
+   process's environment.  The caller must not change the returned
    name or value.  */
 char *
 session_env_listenv (session_env_t se, int *iterator,
diff --git a/common/sexp-parse.h b/common/sexp-parse.h
index 4f77f14..0403d65 100644
--- a/common/sexp-parse.h
+++ b/common/sexp-parse.h
@@ -105,7 +105,7 @@ smatch (unsigned char const **buf, size_t buflen, const char *token)
 }
 
 /* Format VALUE for use as the length indicatior of an S-expression.
-   The caller needs to provide a buffer HELP_BUFFER wth a length of
+   The caller needs to provide a buffer HELP_BUFFER with a length of
    HELP_BUFLEN.  The return value is a pointer into HELP_BUFFER with
    the formatted length string.  The colon and a trailing nul are
    appended.  HELP_BUFLEN must be at least 3 - a more useful value is
diff --git a/common/sexputil.c b/common/sexputil.c
index 68388e1..b7ddea8 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -113,7 +113,7 @@ log_printcanon (const char *text, const unsigned char *sexp, size_t sexplen)
 }
 
 
-/* Print the gcryp S-expression in SEXP in advanced format.  With TEXT
+/* Print the gcrypt S-expression SEXP in advanced format.  With TEXT
    of NULL print just the raw S-expression, with TEXT just an empty
    string, print a trailing linefeed, otherwise print an entire debug
    line. */
@@ -199,7 +199,7 @@ make_canon_sexp_pad (gcry_sexp_t sexp, int secure,
 }
 
 /* Return the so called "keygrip" which is the SHA-1 hash of the
-   public key parameters expressed in a way depended on the algorithm.
+   public key parameters expressed in a way dependend on the algorithm.
 
    KEY is expected to be an canonical encoded S-expression with a
    public or private key. KEYLEN is the length of that buffer.
@@ -393,7 +393,7 @@ make_simple_sexp_from_hexstr (const char *line, size_t *nscanned)
   for (; n > 1; n -=2, s += 2)
     *p++ = xtoi_2 (s);
   *p++ = ')';
-  *p = 0; /* (Not really neaded.) */
+  *p = 0; /* (Not really needed.) */
 
   return buf;
 }
@@ -1008,9 +1008,10 @@ get_pk_algo_from_key (gcry_sexp_t key)
   algo = gcry_pk_map_name (algoname);
   if (algo == GCRY_PK_ECC)
     {
-      gcry_sexp_t l1 = gcry_sexp_find_token (list, "flags", 0);
+      gcry_sexp_t l1;
       int i;
 
+      l1 = gcry_sexp_find_token (list, "flags", 0);
       for (i = l1 ? gcry_sexp_length (l1)-1 : 0; i > 0; i--)
 	{
 	  s = gcry_sexp_nth_data (l1, i, &n);
@@ -1024,6 +1025,12 @@ get_pk_algo_from_key (gcry_sexp_t key)
 	    }
 	}
       gcry_sexp_release (l1);
+
+      l1 = gcry_sexp_find_token (list, "curve", 0);
+      s = gcry_sexp_nth_data (l1, 1, &n);
+      if (n == 5 && !memcmp (s, "Ed448", 5))
+        algo = GCRY_PK_EDDSA;
+      gcry_sexp_release (l1);
     }
 
  out:
@@ -1158,9 +1165,7 @@ hash_algo_to_string (int algo)
        { "md4",       GCRY_MD_MD4 },
        { "tiger",     GCRY_MD_TIGER },
        { "haval",     GCRY_MD_HAVAL },
-#if GCRYPT_VERSION_NUMBER >= 0x010900
        { "sm3",       GCRY_MD_SM3 },
-#endif
        { "md5",       GCRY_MD_MD5 }
       };
   int i;
diff --git a/common/signal.c b/common/signal.c
index 92925fd..41c14ba 100644
--- a/common/signal.c
+++ b/common/signal.c
@@ -51,7 +51,7 @@ static void (*cleanup_fnc)(void);
 
 #ifndef HAVE_DOSISH_SYSTEM
 static void
-init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
+init_one_signal (int sig, void (*handler)(int), int check_ign )
 {
 # ifdef HAVE_SIGACTION
   struct sigaction oact, nact;
@@ -69,7 +69,7 @@ init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
   nact.sa_flags = 0;
   sigaction ( sig, &nact, NULL);
 # else
-  RETSIGTYPE (*ohandler)(int);
+  void (*ohandler)(int);
 
   ohandler = signal (sig, handler);
   if (check_ign && ohandler == SIG_IGN)
@@ -87,9 +87,7 @@ get_signal_name( int signum )
 {
   /* Note that we can't use strsignal(), because it is not
      reentrant. */
-#if HAVE_SIGDESCR_NP
-  return sigdescr_np (signum);
-#elif HAVE_DECL_SYS_SIGLIST && defined(NSIG)
+#if HAVE_DECL_SYS_SIGLIST && defined(NSIG)
   return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?";
 #else
   return NULL;
@@ -98,7 +96,7 @@ get_signal_name( int signum )
 #endif /*!HAVE_DOSISH_SYSTEM*/
 
 #ifndef HAVE_DOSISH_SYSTEM
-static RETSIGTYPE
+static void
 got_fatal_signal (int sig)
 {
   const char *s;
@@ -157,7 +155,7 @@ got_fatal_signal (int sig)
 #endif /*!HAVE_DOSISH_SYSTEM*/
 
 #ifndef HAVE_DOSISH_SYSTEM
-static RETSIGTYPE
+static void
 got_usr_signal (int sig)
 {
   (void)sig;
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index b8ada42..7688c84 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -75,7 +75,7 @@
 
 
 /* Name of the socket to be used.  This is a kludge to keep on using
-   the existsing code despite that we only support a standard socket.  */
+   the existing code despite that we only support a standard socket.  */
 static char *default_gpg_agent_info;
 
 
diff --git a/common/status.c b/common/status.c
index 50afce4..b752c12 100644
--- a/common/status.c
+++ b/common/status.c
@@ -34,6 +34,10 @@
 #include "status.h"
 #include "status-codes.h"
 
+/* The stream to output the status information.  Output is disabled if
+ * this is NULL.  */
+static estream_t statusfp;
+
 
 /* Return the status string for code NO. */
 const char *
@@ -47,6 +51,101 @@ get_status_string ( int no )
 }
 
 
+/* Set a global status FD.  */
+void
+gnupg_set_status_fd (int fd)
+{
+  static int last_fd = -1;
+
+  if (fd != -1 && last_fd == fd)
+    return;
+
+  if (statusfp && statusfp != es_stdout && statusfp != es_stderr)
+    es_fclose (statusfp);
+  statusfp = NULL;
+  if (fd == -1)
+    return;
+
+  if (fd == 1)
+    statusfp = es_stdout;
+  else if (fd == 2)
+    statusfp = es_stderr;
+  else
+    statusfp = es_fdopen (fd, "w");
+  if (!statusfp)
+    {
+      log_fatal ("can't open fd %d for status output: %s\n",
+                 fd, gpg_strerror (gpg_error_from_syserror ()));
+    }
+  last_fd = fd;
+}
+
+
+/* Write a status line with code NO followed by the output of the
+ * printf style FORMAT.  The caller needs to make sure that LFs and
+ * CRs are not printed.  */
+void
+gnupg_status_printf (int no, const char *format, ...)
+{
+  va_list arg_ptr;
+
+  if (!statusfp)
+    return;  /* Not enabled.  */
+
+  es_fputs ("[GNUPG:] ", statusfp);
+  es_fputs (get_status_string (no), statusfp);
+  if (format)
+    {
+      es_putc (' ', statusfp);
+      va_start (arg_ptr, format);
+      es_vfprintf (statusfp, format, arg_ptr);
+      va_end (arg_ptr);
+    }
+  es_putc ('\n', statusfp);
+}
+
+
+/* Write a status line with code NO followed by the remaining
+ * arguments which must be a list of strings terminated by a NULL.
+ * Embedded CR and LFs in the strings are C-style escaped.  All
+ * strings are printed with a space as delimiter.  */
+gpg_error_t
+gnupg_status_strings (ctrl_t dummy, int no, ...)
+{
+  va_list arg_ptr;
+  const char *s;
+
+  (void)dummy;
+
+  if (!statusfp)
+    return 0;  /* Not enabled. */
+
+  va_start (arg_ptr, no);
+
+  es_fputs ("[GNUPG:] ", statusfp);
+  es_fputs (get_status_string (no), statusfp);
+  while ((s = va_arg (arg_ptr, const char*)))
+    {
+      if (*s)
+        es_putc (' ', statusfp);
+      for (; *s; s++)
+        {
+          if (*s == '\n')
+            es_fputs ("\\n", statusfp);
+          else if (*s == '\r')
+            es_fputs ("\\r", statusfp);
+          else
+            es_fputc (*(const byte *)s, statusfp);
+        }
+    }
+  es_putc ('\n', statusfp);
+  es_fflush (statusfp);
+
+  va_end (arg_ptr);
+  return 0;
+}
+
+
 const char *
 get_inv_recpsgnr_code (gpg_error_t err)
 {
diff --git a/common/status.h b/common/status.h
index d5564e4..0c481d2 100644
--- a/common/status.h
+++ b/common/status.h
@@ -30,6 +30,8 @@
 #ifndef GNUPG_COMMON_STATUS_H
 #define GNUPG_COMMON_STATUS_H
 
+#include "../common/fwddecl.h"
+
 enum
   {
     STATUS_ENTER,
@@ -164,6 +166,12 @@ enum
 
 
 const char *get_status_string (int code);
+void gnupg_set_status_fd (int fd);
+void gnupg_status_printf (int no, const char *format,
+                          ...) GPGRT_ATTR_PRINTF(2,3);
+gpg_error_t gnupg_status_strings (ctrl_t dummy, int no,
+                                  ...) GPGRT_ATTR_SENTINEL(0);
+
 const char *get_inv_recpsgnr_code (gpg_error_t err);
 
 
diff --git a/common/stringhelp.c b/common/stringhelp.c
index 5baaa1b..24524e8 100644
--- a/common/stringhelp.c
+++ b/common/stringhelp.c
@@ -2,7 +2,7 @@
  * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007,
  *               2008, 2009, 2010  Free Software Foundation, Inc.
  * Copyright (C) 2014 Werner Koch
- * Copyright (C) 2015, 2021  g10 Code GmbH
+ * Copyright (C) 2015  g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -29,7 +29,6 @@
  * You should have received a copies of the GNU General Public License
  * and the GNU Lesser General Public License along with this program;
  * if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
  */
 
 #include <config.h>
@@ -49,6 +48,7 @@
 # endif
 # include <windows.h>
 #endif
+#include <assert.h>
 #include <limits.h>
 
 #include "util.h"
@@ -160,30 +160,32 @@ ascii_memistr ( const void *buffer, size_t buflen, const char *sub )
   return NULL;
 }
 
+
 /* This function is similar to strncpy().  However it won't copy more
-   than N - 1 characters and makes sure that a '\0' is appended. With
-   N given as 0, nothing will happen.  With DEST given as NULL, memory
-   will be allocated using xmalloc (i.e. if it runs out of core
-   the function terminates).  Returns DES or a pointer to the
-   allocated memory.
+ * than N - 1 characters and makes sure that a '\0' is appended. With
+ * N given as 0, nothing will happen.  With DEST given as NULL, memory
+ * will be allocated using xmalloc (i.e. if it runs out of core the
+ * function terminates).  Returns DEST or a pointer to the allocated
+ * memory.
  */
 char *
-mem2str( char *dest , const void *src , size_t n )
+mem2str (char *dest, const void *src, size_t n)
 {
-    char *d;
-    const char *s;
-
-    if( n ) {
-	if( !dest )
-	    dest = xmalloc( n ) ;
-	d = dest;
-	s = src ;
-	for(n--; n && *s; n-- )
-	    *d++ = *s++;
-	*d = '\0' ;
+  char *d;
+  const char *s;
+
+  if (n)
+    {
+      if (!dest)
+        dest = xmalloc (n);
+      d = dest;
+      s = src ;
+      for (n--; n && *s; n--)
+        *d++ = *s++;
+      *d = '\0' ;
     }
 
-    return dest ;
+  return dest;
 }
 
 
@@ -214,7 +216,7 @@ trim_spaces( char *str )
 }
 
 
-/* Same as trim_spaces but only consider, space, tab, cr and lf as space.  */
+/* Same as trim_spaces but only condider, space, tab, cr and lf as space.  */
 char *
 ascii_trim_spaces (char *str)
 {
@@ -1167,10 +1169,9 @@ try_percent_escape (const char *str, const char *extra)
 }
 
 
-/* Same as strconcat but takes a va_list.  Returns EINVAL if the list
- * is too long, all other errors are due to an ENOMEM condition.  */
-char *
-vstrconcat (const char *s1, va_list arg_ptr)
+
+static char *
+do_strconcat (const char *s1, va_list arg_ptr)
 {
   const char *argv[48];
   size_t argc;
@@ -1215,7 +1216,7 @@ strconcat (const char *s1, ...)
   else
     {
       va_start (arg_ptr, s1);
-      result = vstrconcat (s1, arg_ptr);
+      result = do_strconcat (s1, arg_ptr);
       va_end (arg_ptr);
     }
   return result;
@@ -1234,7 +1235,7 @@ xstrconcat (const char *s1, ...)
   else
     {
       va_start (arg_ptr, s1);
-      result = vstrconcat (s1, arg_ptr);
+      result = do_strconcat (s1, arg_ptr);
       va_end (arg_ptr);
     }
   if (!result)
@@ -1292,8 +1293,8 @@ strsplit (char *string, char delim, char replacement, int *count)
  * Returns: A malloced and NULL delimited array with the tokens.  On
  *          memory error NULL is returned and ERRNO is set.
  */
-static char **
-do_strtokenize (const char *string, const char *delim, int trim)
+char **
+strtokenize (const char *string, const char *delim)
 {
   const char *s;
   size_t fields;
@@ -1332,51 +1333,24 @@ do_strtokenize (const char *string, const char *delim, int trim)
   for (n = 0, p = buffer; (pend = strpbrk (p, delim)); p = pend + 1)
     {
       *pend = 0;
-      if (trim)
-        {
-          while (spacep (p))
-            p++;
-          for (px = pend - 1; px >= p && spacep (px); px--)
-            *px = 0;
-        }
-      result[n++] = p;
-    }
-  if (trim)
-    {
       while (spacep (p))
         p++;
-      for (px = p + strlen (p) - 1; px >= p && spacep (px); px--)
+      for (px = pend - 1; px >= p && spacep (px); px--)
         *px = 0;
+      result[n++] = p;
     }
+  while (spacep (p))
+    p++;
+  for (px = p + strlen (p) - 1; px >= p && spacep (px); px--)
+    *px = 0;
   result[n++] = p;
   result[n] = NULL;
 
-  log_assert ((char*)(result + n + 1) == buffer);
+  assert ((char*)(result + n + 1) == buffer);
 
   return result;
 }
 
-/* Tokenize STRING using the set of delimiters in DELIM.  Leading
- * spaces and tabs are removed from all tokens.  The caller must xfree
- * the result.
- *
- * Returns: A malloced and NULL delimited array with the tokens.  On
- *          memory error NULL is returned and ERRNO is set.
- */
-char **
-strtokenize (const char *string, const char *delim)
-{
-  return do_strtokenize (string, delim, 1);
-}
-
-/* Same as strtokenize but does not trim leading and trailing spaces
- * from the fields.  */
-char **
-strtokenize_nt (const char *string, const char *delim)
-{
-  return do_strtokenize (string, delim, 0);
-}
-
 
 /* Split a string into space delimited fields and remove leading and
  * trailing spaces from each field.  A pointer to each field is stored
@@ -1391,10 +1365,11 @@ strtokenize_nt (const char *string, const char *delim)
  *   foo (fields[1]);
  */
 int
-split_fields (char *string, char **array, int arraysize)
+split_fields (char *string, const char **array, int arraysize)
 {
   int n = 0;
-  char *p, *pend;
+  const char *p;
+  char *pend;
 
   for (p = string; *p == ' '; p++)
     ;
@@ -1429,10 +1404,11 @@ split_fields (char *string, char **array, int arraysize)
  *   foo (fields[1]);
  */
 int
-split_fields_colon (char *string, char **array, int arraysize)
+split_fields_colon (char *string, const char **array, int arraysize)
 {
   int n = 0;
-  char *p, *pend;
+  const char *p;
+  char *pend;
 
   p = string;
   do
@@ -1477,7 +1453,7 @@ parse_version_number (const char *s, int *number)
 
 
 /* This function breaks up the complete string-representation of the
-   version number S, which is of the following struture: <major
+   version number S, which is of the following structure: <major
    number>.<minor number>[.<micro number>]<patch level>.  The major,
    minor, and micro number components will be stored in *MAJOR, *MINOR
    and *MICRO.  If MICRO is not given 0 is used instead.
@@ -1689,107 +1665,3 @@ format_text (const char *text_in, int target_cols, int max_cols)
 
   return text;
 }
-
-
-/* Substitute environment variables in STRING and return a new string.
- * On error the function returns NULL.  */
-char *
-substitute_envvars (const char *string)
-{
-  char *line, *p, *pend;
-  const char *value;
-  size_t valuelen, n;
-  char *result = NULL;
-
-  result = line = xtrystrdup (string);
-  if (!result)
-    return NULL; /* Ooops */
-
-  while (*line)
-    {
-      p = strchr (line, '$');
-      if (!p)
-        goto leave; /* No or no more variables.  */
-
-      if (p[1] == '$') /* Escaped dollar sign. */
-        {
-          memmove (p, p+1, strlen (p+1)+1);
-          line = p + 1;
-          continue;
-        }
-
-      if (p[1] == '{')
-        {
-          int count = 0;
-
-          for (pend=p+2; *pend; pend++)
-            {
-              if (*pend == '{')
-                count++;
-              else if (*pend == '}')
-                {
-                  if (--count < 0)
-                    break;
-                }
-            }
-          if (!*pend)
-            goto leave; /* Unclosed - don't substitute.  */
-        }
-      else
-        {
-          for (pend = p+1; *pend && (alnump (pend) || *pend == '_'); pend++)
-            ;
-        }
-
-      if (p[1] == '{' && *pend == '}')
-        {
-          int save = *pend;
-          *pend = 0;
-          value = getenv (p+2);
-          *pend++ = save;
-        }
-      else
-        {
-          int save = *pend;
-          *pend = 0;
-          value = getenv (p+1);
-          *pend = save;
-        }
-
-      if (!value)
-        value = "";
-      valuelen = strlen (value);
-      if (valuelen <= pend - p)
-        {
-          memcpy (p, value, valuelen);
-          p += valuelen;
-          n = pend - p;
-          if (n)
-            memmove (p, p+n, strlen (p+n)+1);
-          line = p;
-        }
-      else
-        {
-          char *src = result;
-          char *dst;
-
-          dst = xtrymalloc (strlen (src) + valuelen + 1);
-          if (!dst)
-            {
-              xfree (result);
-              return NULL;
-            }
-          n = p - src;
-          memcpy (dst, src, n);
-          memcpy (dst + n, value, valuelen);
-          n += valuelen;
-          strcpy (dst + n, pend);
-          line = dst + n;
-          xfree (result);
-          result = dst;
-        }
-    }
-
- leave:
-  return result;
-}
diff --git a/common/stringhelp.h b/common/stringhelp.h
index 84215c7..c5f252b 100644
--- a/common/stringhelp.h
+++ b/common/stringhelp.h
@@ -141,27 +141,21 @@ char *try_percent_escape (const char *str, const char *extra);
    NULL.  Returns a malloced buffer with the new string or NULL on a
    malloc error or if too many arguments are given.  */
 char *strconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0);
-/* Same but taking a va_list.  */
-char *vstrconcat (const char *s1, va_list arg_ptr);
 /* Ditto, but die on error.  */
 char *xstrconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0);
 
-
 char **strsplit (char *string, char delim, char replacement, int *count);
 
 /* Tokenize STRING using the set of delimiters in DELIM.  */
 char **strtokenize (const char *string, const char *delim);
-/* Tokenize STRING using the set of delimiters in DELIM but do not
- * trim the tokens.  */
-char **strtokenize_nt (const char *string, const char *delim);
 
 /* Split STRING into space delimited fields and store them in the
  * provided ARRAY.  */
-int split_fields (char *string, char **array, int arraysize);
+int split_fields (char *string, const char **array, int arraysize);
 
 /* Split STRING into colon delimited fields and store them in the
  * provided ARRAY.  */
-int split_fields_colon (char *string, char **array, int arraysize);
+int split_fields_colon (char *string, const char **array, int arraysize);
 
 /* Return True if MYVERSION is greater or equal than REQ_VERSION.  */
 int compare_version_strings (const char *my_version, const char *req_version);
@@ -169,13 +163,8 @@ int compare_version_strings (const char *my_version, const char *req_version);
 /* Format a string so that it fits within about TARGET_COLS columns.  */
 char *format_text (const char *text, int target_cols, int max_cols);
 
-/* Substitute environmen variabales in STRING.  */
-char *substitute_envvars (const char *string);
-
 
 /*-- mapstrings.c --*/
 const char *map_static_macro_string (const char *string);
-const char *map_static_strings (const char *domain, int key1, int key2,
-                                const char *string1, ...);
 
 #endif /*GNUPG_COMMON_STRINGHELP_H*/
diff --git a/common/sysutils.c b/common/sysutils.c
index 5f54ae1..8b2d701 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -40,9 +40,8 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
-#ifdef HAVE_PWD_H
-# include <pwd.h>
-#endif
+#include <limits.h>
+#include <sys/types.h>
 #include <unistd.h>
 #include <errno.h>
 #ifdef HAVE_STAT
@@ -57,6 +56,10 @@
 # include <sys/time.h>
 # include <sys/resource.h>
 #endif
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+# include <grp.h>
+#endif /*HAVE_PWD_H*/
 #ifdef HAVE_W32_SYSTEM
 # if WINVER < 0x0500
 #   define WINVER 0x0500  /* Required for AllowSetForegroundWindow.  */
@@ -107,6 +110,11 @@ struct gnupg_dir_s
  * an explanation of these file names.  */
 static int allow_special_filenames;
 
+#ifdef HAVE_W32_SYSTEM
+/* State of gnupg_inhibit_set_foregound_window.  */
+static int inhibit_set_foregound_window;
+#endif
+
 
 static GPGRT_INLINE gpg_error_t
 my_error_from_syserror (void)
@@ -538,7 +546,7 @@ translate_sys2libc_fd (gnupg_fd_t fd, int for_write)
 
   /* Note that _open_osfhandle is currently defined to take and return
      a long.  */
-  x = _open_osfhandle ((long)fd, for_write ? 1 : 0);
+  x = _open_osfhandle ((intptr_t)fd, for_write ? 1 : 0);
   if (x == -1)
     log_error ("failed to translate osfhandle %p\n", (void *) fd);
   return x;
@@ -669,7 +677,7 @@ gnupg_tmpfile (void)
           int fd = (int)file;
           fp = _wfdopen (fd, L"w+b");
 #else
-          int fd = _open_osfhandle ((long)file, 0);
+          int fd = _open_osfhandle ((intptr_t)file, 0);
           if (fd == -1)
             {
               CloseHandle (file);
@@ -770,6 +778,20 @@ gnupg_reopen_std (const char *pgmname)
 }
 
 
+/* Inhibit calls to AllowSetForegroundWindow on Windows.  Calling this
+ * with YES set to true calls to gnupg_allow_set_foregound_window are
+ * shunted.  */
+void
+gnupg_inhibit_set_foregound_window (int yes)
+{
+#ifdef HAVE_W32_SYSTEM
+  inhibit_set_foregound_window = yes;
+#else
+  (void)yes;
+#endif
+}
+
+
 /* Hack required for Windows.  */
 void
 gnupg_allow_set_foregound_window (pid_t pid)
@@ -778,13 +800,11 @@ gnupg_allow_set_foregound_window (pid_t pid)
     log_info ("%s called with invalid pid %lu\n",
               "gnupg_allow_set_foregound_window", (unsigned long)pid);
 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
+  else if (inhibit_set_foregound_window)
+    ;
   else if (!AllowSetForegroundWindow ((pid_t)pid == (pid_t)(-1)?ASFW_ANY:pid))
-    {
-      char *flags = getenv ("GNUPG_EXEC_DEBUG_FLAGS");
-      if (flags && (atoi (flags) & 2))
-        log_info ("AllowSetForegroundWindow(%lu) failed: %s\n",
-                  (unsigned long)pid, w32_strerror (-1));
-    }
+    log_info ("AllowSetForegroundWindow(%lu) failed: %s\n",
+               (unsigned long)pid, w32_strerror (-1));
 #endif
 }
 
@@ -967,35 +987,9 @@ modestr_to_mode (const char *modestr, mode_t oldmode)
 int
 gnupg_mkdir (const char *name, const char *modestr)
 {
-#if GPG_ERROR_VERSION_NUMBER < 0x011c00 /* 1.28 */
- #ifdef HAVE_W32CE_SYSTEM
-  wchar_t *wname;
-  (void)modestr;
-
-  wname = utf8_to_wchar (name);
-  if (!wname)
-    return -1;
-  if (!CreateDirectoryW (wname, NULL))
-    {
-      xfree (wname);
-      return -1;  /* ERRNO is automagically provided by gpg-error.h.  */
-    }
-  xfree (wname);
-  return 0;
- #elif MKDIR_TAKES_ONE_ARG
-  (void)modestr;
-  /* Note: In the case of W32 we better use CreateDirectory and try to
-     set appropriate permissions.  However using mkdir is easier
-     because this sets ERRNO.  */
-  return mkdir (name);
- #else
-  return mkdir (name, modestr_to_mode (modestr, 0));
- #endif
-#else
   /* Note that gpgrt_mkdir also sets ERRNO in addition to returing an
    * gpg-error style error code.  */
   return gpgrt_mkdir (name, modestr);
-#endif
 }
 
 
@@ -1004,40 +998,9 @@ gnupg_mkdir (const char *name, const char *modestr)
 int
 gnupg_chdir (const char *name)
 {
-#if GPG_ERROR_VERSION_NUMBER < 0x011c00 /* 1.28 */
-  return chdir (name);
-#else /* Use the improved version from libgpg_error.  */
-  /* Note that gpgrt_chdir also sets ERRNO in addition to returning a
+  /* Note that gpgrt_chdir also sets ERRNO in addition to returning an
    * gpg-error style error code.  */
   return gpgrt_chdir (name);
-#endif
-}
-
-
-/* A wrapper around rmdir.  NAME is expected to be utf8 encoded.  */
-int
-gnupg_rmdir (const char *name)
-{
-#ifdef HAVE_W32_SYSTEM
-  int rc;
-  wchar_t *wfname;
-
-  wfname = utf8_to_wchar (name);
-  if (!wfname)
-    rc = 0;
-  else
-    {
-      rc = RemoveDirectoryW (wfname);
-      if (!rc)
-        gnupg_w32_set_errno (-1);
-      xfree (wfname);
-    }
-  if (!rc)
-    return -1;
-  return 0;
-#else
-  return rmdir (name);
-#endif
 }
 
 
@@ -1261,53 +1224,7 @@ gnupg_unsetenv (const char *name)
 char *
 gnupg_getcwd (void)
 {
-#if GPGRT_VERSION_NUMBER < 0x012800 /* 1.40 */
-# ifdef HAVE_W32_SYSTEM
-  wchar_t wbuffer[MAX_PATH + sizeof(wchar_t)];
-  DWORD wlen;
-  char *buf, *p;
-
-  wlen = GetCurrentDirectoryW (MAX_PATH, wbuffer);
-  if (!wlen)
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-
-    }
-  else if (wlen > MAX_PATH)
-    {
-      gpg_err_set_errno (ENAMETOOLONG);
-      return NULL;
-    }
-  buf = wchar_to_utf8 (wbuffer);
-  if (buf)
-    {
-      for (p=buf; *p; p++)
-        if (*p == '\\')
-          *p = '/';
-    }
-  return buf;
-
-# else /*Unix*/
-  char *buffer;
-  size_t size = 100;
-
-  for (;;)
-    {
-      buffer = xtrymalloc (size+1);
-      if (!buffer)
-        return NULL;
-      if (getcwd (buffer, size) == buffer)
-        return buffer;
-      xfree (buffer);
-      if (errno != ERANGE)
-        return NULL;
-      size *= 2;
-    }
-# endif /*Unix*/
-#else
   return gpgrt_getcwd ();
-#endif
 }
 
 
@@ -1316,26 +1233,7 @@ gnupg_getcwd (void)
 gpg_err_code_t
 gnupg_access (const char *name, int mode)
 {
-#if GPGRT_VERSION_NUMBER < 0x012800 /* 1.40 */
-# ifdef HAVE_W32_SYSTEM
-  wchar_t *wfname;
-  gpg_err_code_t ec;
-
-  wfname = utf8_to_wchar (name);
-  if (!wfname)
-    ec = gpg_err_code_from_syserror ();
-  else
-    {
-      ec = _waccess (wfname, mode)? gpg_err_code_from_syserror () : 0;
-      xfree (wfname);
-    }
-  return ec;
-# else
-  return access (name, mode)? gpg_err_code_from_syserror () : 0;
-# endif
-#else /* gpgrt 1.40 or newer.  */
   return gpgrt_access (name, mode);
-#endif
 }
 
 
@@ -1381,55 +1279,6 @@ gnupg_stat (const char *name, struct stat *statbuf)
 #endif /*HAVE_STAT*/
 
 
-/* Wrapper around fopen for the cases where we have not yet switched
- * to es_fopen.  Note that for convenience the prototype is in util.h */
-FILE *
-gnupg_fopen (const char *fname, const char *mode)
-{
-#ifdef HAVE_W32_SYSTEM
-  if (any8bitchar (fname))
-    {
-      wchar_t *wfname;
-      const wchar_t *wmode;
-      wchar_t *wmodebuf = NULL;
-      FILE *ret;
-
-      wfname = utf8_to_wchar (fname);
-      if (!wfname)
-        return NULL;
-      if (!strcmp (mode, "r"))
-        wmode = L"r";
-      else if (!strcmp (mode, "rb"))
-        wmode = L"rb";
-      else if (!strcmp (mode, "w"))
-        wmode = L"w";
-      else if (!strcmp (mode, "wb"))
-        wmode = L"wb";
-      else
-        {
-          wmodebuf = utf8_to_wchar (mode);
-          if (!wmodebuf)
-            {
-              xfree (wfname);
-              return NULL;
-            }
-          wmode = wmodebuf;
-        }
-      ret = _wfopen (wfname, wmode);
-      xfree (wfname);
-      xfree (wmodebuf);
-      return ret;
-    }
-  else
-    return fopen (fname, mode);
-
-#else /*Unix*/
-  return fopen (fname, mode);
-#endif /*Unix*/
-}
-
-
-
 /* A wrapper around open to handle Unicode file names under Windows.  */
 int
 gnupg_open (const char *name, int flags, unsigned int mode)
@@ -1600,6 +1449,100 @@ gnupg_closedir (gnupg_dir_t gdir)
 }
 
 
+/* Try to set an envvar.  Print only a notice on error.  */
+#ifndef HAVE_W32_SYSTEM
+static void
+try_set_envvar (const char *name, const char *value, int silent)
+{
+  if (gnupg_setenv (name, value, 1))
+    if (!silent)
+      log_info ("error setting envvar %s to '%s': %s\n", name, value,
+                gpg_strerror (my_error_from_syserror ()));
+}
+#endif /*!HAVE_W32_SYSTEM*/
+
+
+/* Switch to USER which is either a name or an UID.  This is a nop
+ * under Windows.  Note that in general it is only possible to switch
+ * to another user id if the process is running under root.  if silent
+ * is set no diagnostics are printed.  */
+gpg_error_t
+gnupg_chuid (const char *user, int silent)
+{
+#ifdef HAVE_W32_SYSTEM
+  (void)user;  /* Not implemented for Windows - ignore.  */
+  (void)silent;
+  return 0;
+
+#elif HAVE_PWD_H /* A proper Unix  */
+  unsigned long ul;
+  struct passwd *pw;
+  struct stat st;
+  char *endp;
+  gpg_error_t err;
+
+  gpg_err_set_errno (0);
+  ul = strtoul (user, &endp, 10);
+  if (errno || endp == user || *endp)
+    pw = getpwnam (user);  /* Not a number; assume USER is a name.  */
+  else
+    pw = getpwuid ((uid_t)ul);
+
+  if (!pw)
+    {
+      if (!silent)
+        log_error ("user '%s' not found\n", user);
+      return my_error (GPG_ERR_NOT_FOUND);
+    }
+
+  /* Try to set some envvars even if we are already that user.  */
+  if (!stat (pw->pw_dir, &st))
+    try_set_envvar ("HOME", pw->pw_dir, silent);
+
+  try_set_envvar ("USER", pw->pw_name, silent);
+  try_set_envvar ("LOGNAME", pw->pw_name, silent);
+#ifdef _AIX
+  try_set_envvar ("LOGIN", pw->pw_name, silent);
+#endif
+
+  if (getuid () == pw->pw_uid)
+    return 0;  /* We are already this user.  */
+
+  /* If we need to switch set PATH to a standard value and make sure
+   * GNUPGHOME is not set. */
+  try_set_envvar ("PATH", "/usr/local/bin:/usr/bin:/bin", silent);
+  if (gnupg_unsetenv ("GNUPGHOME"))
+    if (!silent)
+      log_info ("error unsetting envvar %s: %s\n", "GNUPGHOME",
+                gpg_strerror (gpg_error_from_syserror ()));
+
+  if (initgroups (pw->pw_name, pw->pw_gid))
+    {
+      err = my_error_from_syserror ();
+      if (!silent)
+        log_error ("error setting supplementary groups for '%s': %s\n",
+                   pw->pw_name, gpg_strerror (err));
+      return err;
+    }
+
+  if (setuid (pw->pw_uid))
+    {
+      err = my_error_from_syserror ();
+      log_error ("error switching to user '%s': %s\n",
+                 pw->pw_name, gpg_strerror (err));
+      return err;
+    }
+
+  return 0;
+
+#else /*!HAVE_PWD_H */
+  if (!silent)
+    log_info ("system is missing passwd querying functions\n");
+  return my_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+}
+
+
 
 #ifdef HAVE_W32CE_SYSTEM
 /* There is a isatty function declaration in cegcc but it does not
@@ -1903,49 +1846,3 @@ gnupg_fd_valid (int fd)
   close (d);
   return 1;
 }
-
-
-/* Return a malloced copy of the current user's account name; this may
- * return NULL on memory failure.  Note that this should eventually be
- * replaced by a gpgrt function. */
-char *
-gnupg_getusername (void)
-{
-  char *result = NULL;
-
-#ifdef HAVE_W32_SYSTEM
-  wchar_t wtmp[1];
-  wchar_t *wbuf;
-  DWORD wsize = 1;
-
-  GetUserNameW (wtmp, &wsize);
-  wbuf = xtrymalloc (wsize * sizeof *wbuf);
-  if (!wbuf)
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-  if (!GetUserNameW (wbuf, &wsize))
-    {
-      gpg_err_set_errno (EINVAL);
-      xfree (wbuf);
-      return NULL;
-    }
-  result= wchar_to_utf8 (wbuf);
-  xfree (wbuf);
-
-#else /* !HAVE_W32_SYSTEM */
-
-# if defined(HAVE_PWD_H) && defined(HAVE_GETPWUID)
-  struct passwd *pwd;
-
-  pwd = getpwuid (getuid());
-  if (pwd)
-    result = xtrystrdup (pwd->pw_name);
-
-# endif /*HAVE_PWD_H*/
-
-#endif /* !HAVE_W32_SYSTEM */
-
-  return result;
-}
diff --git a/common/sysutils.h b/common/sysutils.h
index e22156b..9f2920b 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -77,13 +77,13 @@ int translate_sys2libc_fd_int (int fd, int for_write);
 int check_special_filename (const char *fname, int for_write, int notranslate);
 FILE *gnupg_tmpfile (void);
 void gnupg_reopen_std (const char *pgmname);
+void gnupg_inhibit_set_foregound_window (int yes);
 void gnupg_allow_set_foregound_window (pid_t pid);
 int  gnupg_remove (const char *fname);
 gpg_error_t gnupg_rename_file (const char *oldname, const char *newname,
                                int *block_signals);
 int gnupg_mkdir (const char *name, const char *modestr);
 int gnupg_chdir (const char *name);
-int gnupg_rmdir (const char *name);
 int gnupg_chmod (const char *name, const char *modestr);
 char *gnupg_mkdtemp (char *template);
 int  gnupg_setenv (const char *name, const char *value, int overwrite);
@@ -94,12 +94,14 @@ gpg_err_code_t gnupg_access (const char *name, int mode);
 int gnupg_stat (const char *name, struct stat *statbuf);
 #endif /*HAVE_STAT*/
 int gnupg_open (const char *name, int flags, unsigned int mode);
+
 gnupg_dir_t gnupg_opendir (const char *name);
 gnupg_dirent_t gnupg_readdir (gnupg_dir_t gdir);
 int gnupg_closedir (gnupg_dir_t gdir);
+
+gpg_error_t gnupg_chuid (const char *user, int silent);
 char *gnupg_get_socket_name (int fd);
 int gnupg_fd_valid (int fd);
-char *gnupg_getusername (void);
 
 gpg_error_t gnupg_inotify_watch_delete_self (int *r_fd, const char *fname);
 gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
diff --git a/common/t-convert.c b/common/t-convert.c
index e25de90..c7ba8f6 100644
--- a/common/t-convert.c
+++ b/common/t-convert.c
@@ -445,6 +445,43 @@ test_hex2str (void)
 
 
 
+static void
+test_hex2fixedbuf (void)
+{
+  static struct {
+    const char *hex;
+    unsigned bufsize;
+    unsigned int resultlen;
+    const char *result;
+  } tests[] = {
+    /* Simple tests.  */
+    { "112233445566778899aabbccddeeff1122", 17, 34,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22"},
+    { " 112233445566778899aabbccddeeff1122", 17, 35,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22"},
+    { "112233445566778899aabbccddeeff1122 ", 17, 35,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22"},
+    { "  112233445566778899aabbccddeeff1122 ", 17, 37,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22"},
+    { "  112233445566778899aabbccddeeff11 ", 16, 35,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11"},
+    { "  112233445566778899aabbccddeeff11", 16, 34,
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11"}
+  };
+  char buffer[100];  /* Large enough for all tests.  */
+  int idx;
+  unsigned int n;
+
+  for (idx=0; idx < DIM (tests); idx++)
+    {
+      n = hex2fixedbuf (tests[idx].hex, buffer, tests[idx].bufsize);
+      if (n != tests[idx].resultlen)
+        fail (idx);
+      else if (memcmp (buffer, tests[idx].result, tests[idx].bufsize))
+        fail (idx);
+    }
+
+}
 
 
 int
@@ -458,6 +495,7 @@ main (int argc, char **argv)
   test_bin2hex ();
   test_bin2hexcolon ();
   test_hex2str ();
+  test_hex2fixedbuf ();
 
   return 0;
 }
diff --git a/common/t-exechelp.c b/common/t-exechelp.c
index cf967fc..3bf082b 100644
--- a/common/t-exechelp.c
+++ b/common/t-exechelp.c
@@ -131,7 +131,7 @@ test_close_all_fds (void)
   free (array);
 
   /* Now let's check the realloc we use.  We do this and the next
-     tests only if we are allowed to open enought descriptors.  */
+     tests only if we are allowed to open enough descriptors.  */
   if (get_max_fds () > 32)
     {
       int except[] = { 20, 23, 24, -1 };
diff --git a/common/t-mapstrings.c b/common/t-mapstrings.c
index 7dc6221..0856c3c 100644
--- a/common/t-mapstrings.c
+++ b/common/t-mapstrings.c
@@ -88,31 +88,6 @@ test_map_static_macro_string (void)
 }
 
 
-static void
-test_map_static_strings (void)
-{
-  const char *s, *s1;
-
-  s1 = map_static_strings ("mydomain", 0, 42,
-                           "This", " ", "is", " ", "my"," ","string", NULL);
-  if (strcmp (s1, "This is my string"))
-    fail (1);
-  s = map_static_strings ("mydomain", 0, 42,
-                          "This", " ", "is", " ", "my"," ","string", NULL);
-  if (strcmp (s1, s))
-    fail (2);
-  s = map_static_strings ("mydomain", 0, 42, "foo", NULL);
-  if (strcmp (s1, s))
-    fail (3);
-  s = map_static_strings ("mydomain", 1, 42, "foo 1.42", NULL);
-  if (!strcmp (s1, s))
-    fail (4);
-  s = map_static_strings ("xdomain", 1, 42, "foo 1.42 other domain", NULL);
-  if (!strcmp (s1, s))
-    fail (5);
-}
-
-
 int
 main (int argc, char **argv)
 {
@@ -120,7 +95,6 @@ main (int argc, char **argv)
   (void)argv;
 
   test_map_static_macro_string ();
-  test_map_static_strings ();
 
   return 0;
 }
diff --git a/common/t-mbox-util.c b/common/t-mbox-util.c
index fb1ac12..e777e03 100644
--- a/common/t-mbox-util.c
+++ b/common/t-mbox-util.c
@@ -25,6 +25,9 @@
 #include "util.h"
 #include "mbox-util.h"
 
+#define PGM "t-mbox-util"
+
+
 #define pass()  do { ; } while(0)
 #define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
                                __FILE__,__LINE__, (a));          \
@@ -32,6 +35,10 @@
                     } while(0)
 
 
+static int verbose;
+static int debug;
+
+
 static void
 run_mbox_test (void)
 {
@@ -70,13 +77,98 @@ run_mbox_test (void)
       { "<fo()o@example.org> ()", "fo()o@example.org" },
       { "fo()o@example.org", NULL},
       { "Mr. Foo <foo@example.org><bar@example.net>", "foo@example.org"},
+      { "Surname, Forename | company <foo@example.org>", "foo@example.org"},
+      /* The next one is for sure not RFC-822 correct but nevertheless
+       * the way gpg does it.  We won't change it because the user-id
+       * is only rfc-822 alike and not compliant (think only of our
+       * utf-8 requirement).  */
+      { "\"<foo@example.org>\" <foo@example.net>", "foo@example.org"},
       { NULL, NULL }
     };
   int idx;
 
   for (idx=0; testtbl[idx].userid; idx++)
     {
-      char *mbox = mailbox_from_userid (testtbl[idx].userid);
+      char *mbox = mailbox_from_userid (testtbl[idx].userid, 0);
+
+      if (!testtbl[idx].mbox)
+        {
+          if (mbox)
+            fail (idx);
+        }
+      else if (!mbox)
+        fail (idx);
+      else if (strcmp (mbox, testtbl[idx].mbox))
+        fail (idx);
+
+      xfree (mbox);
+    }
+}
+
+
+static void
+run_mbox_no_sub_test (void)
+{
+  static struct
+  {
+    const char *userid;
+    const char *mbox;
+  } testtbl[] =
+    {
+      { "foo+bar@example.org", "foo@example.org" },
+      { "Werner Koch <wk@gnupg.org>", "wk@gnupg.org" },
+      { "<wk@gnupg.org>", "wk@gnupg.org" },
+      { "wk@gnupg.org", "wk@gnupg.org" },
+      { "wk@gnupg.org ", NULL },
+      { " wk@gnupg.org", NULL },
+      { "Werner Koch (test) <wk@gnupg.org>", "wk@gnupg.org" },
+      { "Werner Koch <wk@gnupg.org> (test)", "wk@gnupg.org" },
+      { "Werner Koch <wk@gnupg.org (test)", NULL },
+      { "Werner Koch <wk@gnupg.org >", NULL },
+      { "Werner Koch <wk@gnupg.org", NULL },
+      { "", NULL },
+      { "@", NULL },
+      { "bar <>", NULL },
+      { "<foo@example.org>", "foo@example.org" },
+      { "<foo.@example.org>", "foo.@example.org" },
+      { "<.foo.@example.org>", ".foo.@example.org" },
+      { "<foo..@example.org>", "foo..@example.org" },
+      { "<foo..bar@example.org>", "foo..bar@example.org" },
+      { "<foo@example.org.>", NULL },
+      { "<foo@example..org>", NULL },
+      { "<foo@.>", NULL },
+      { "<@example.org>", NULL },
+      { "<foo@@example.org>", NULL },
+      { "<@foo@example.org>", NULL },
+      { "<foo@example.org> ()", "foo@example.org" },
+      { "<fo()o@example.org> ()", "fo()o@example.org" },
+      { "<fo()o@example.org> ()", "fo()o@example.org" },
+      { "fo()o@example.org", NULL},
+      { "Mr. Foo <foo@example.org><bar@example.net>", "foo@example.org"},
+      { "foo+bar@example.org", "foo@example.org" },
+      { "foo++bar@example.org", "foo++bar@example.org" },
+      { "foo++@example.org", "foo++@example.org" },
+      { "foo+@example.org", "foo+@example.org" },
+      { "+foo@example.org", "+foo@example.org" },
+      { "++foo@example.org", "++foo@example.org" },
+      { "+foo+@example.org", "+foo+@example.org" },
+      { "+@example.org", "+@example.org" },
+      { "++@example.org", "++@example.org" },
+      { "foo+b@example.org", "foo@example.org" },
+      { "foo+ba@example.org", "foo@example.org" },
+      { "foo+bar@example.org", "foo@example.org" },
+      { "foo+barb@example.org", "foo@example.org" },
+      { "foo+barba@example.org", "foo@example.org" },
+      { "f+b@example.org", "f@example.org" },
+      { "fo+b@example.org", "fo@example.org" },
+
+      { NULL, NULL }
+    };
+  int idx;
+
+  for (idx=0; testtbl[idx].userid; idx++)
+    {
+      char *mbox = mailbox_from_userid (testtbl[idx].userid, 1);
 
       if (!testtbl[idx].mbox)
         {
@@ -143,14 +235,105 @@ run_dns_test (void)
 }
 
 
+static void
+run_filter (int no_sub)
+{
+  char buf[4096];
+  int c;
+  char *p, *mbox;
+  unsigned int count1 = 0;
+  unsigned int count2 = 0;
+
+  while (fgets (buf, sizeof buf, stdin))
+    {
+      p = strchr (buf, '\n');
+      if (p)
+        *p = 0;
+      else
+        {
+          /* Skip to the end of the line.  */
+          while ((c = getc (stdin)) != EOF && c != '\n')
+            ;
+        }
+      count1++;
+      trim_spaces (buf);
+      mbox = mailbox_from_userid (buf, no_sub);
+      if (mbox)
+        {
+          printf ("%s\n", mbox);
+          xfree (mbox);
+          count2++;
+        }
+    }
+  if (verbose)
+    fprintf (stderr, PGM ": lines=%u mboxes=%u\n", count1, count2);
+}
+
+
 int
 main (int argc, char **argv)
 {
-  (void)argc;
-  (void)argv;
+  int last_argc = -1;
+  int opt_filter = 0;
+  int opt_no_sub = 0;
 
-  run_mbox_test ();
-  run_dns_test ();
+  if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM " [FILE]\n"
+                 "Options:\n"
+                 "  --verbose         Print timings etc.\n"
+                 "  --debug           Flyswatter\n"
+                 "  --filter          Filter mboxes from input lines\n"
+                 "  --no-sub          Ignore '+'-sub-addresses\n"
+                 , stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose += 2;
+          debug++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--filter"))
+        {
+          opt_filter = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--no-sub"))
+        {
+          opt_no_sub = 1;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+
+  if (opt_filter)
+    run_filter (opt_no_sub);
+  else
+    {
+      run_mbox_test ();
+      run_mbox_no_sub_test ();
+      run_dns_test ();
+    }
 
   return 0;
 }
diff --git a/common/t-name-value.c b/common/t-name-value.c
index 57f685f..bd17404 100644
--- a/common/t-name-value.c
+++ b/common/t-name-value.c
@@ -292,6 +292,7 @@ run_modification_tests (void)
 {
   gpg_error_t err;
   nvc_t pk;
+  nve_t e;
   gcry_sexp_t key;
   char *buf;
 
@@ -344,6 +345,30 @@ run_modification_tests (void)
   assert (strcmp (buf, "") == 0);
   xfree (buf);
 
+  /* Test whether we can delete an entry by name.  */
+  err = nvc_add (pk, "Key:", "(3:foo)");
+  assert (!err);
+  e = nvc_lookup (pk, "Key:");
+  assert (e);
+  nvc_delete_named (pk, "Kez:");  /* Delete an nonexistent name.  */
+  e = nvc_lookup (pk, "Key:");
+  assert (e);
+  nvc_delete_named (pk, "Key:");
+  e = nvc_lookup (pk, "Key:");
+  assert (!e);
+
+  /* Ditto but now whether it deletes all entries with that name.  We
+   * don't use "Key" because that name is special in private key mode.  */
+  err = nvc_add (pk, "AKey:", "A-value");
+  assert (!err);
+  err = nvc_add (pk, "AKey:", "B-value");
+  assert (!err);
+  e = nvc_lookup (pk, "AKey:");
+  assert (e);
+  nvc_delete_named (pk, "AKey:");
+  e = nvc_lookup (pk, "AKey:");
+  assert (!e);
+
   nvc_set (pk, "Foo:", "A really long value spanning across multiple lines"
 	   " that has to be wrapped at a convenient space.");
   buf = nvc_to_string (pk);
diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c
index fd9de5d..6736fa6 100644
--- a/common/t-openpgp-oid.c
+++ b/common/t-openpgp-oid.c
@@ -27,7 +27,7 @@
 #define pass()  do { ; } while(0)
 #define fail(a,e)                                                       \
   do { fprintf (stderr, "%s:%d: test %d failed (%s)\n",                 \
-                __FILE__,__LINE__, (a), gpg_strerror (e));              \
+                __func__, __LINE__, (a), gpg_strerror (e));             \
     exit (1);                                                           \
   } while(0)
 
@@ -150,7 +150,7 @@ test_openpgp_oid_to_str (void)
       if (strcmp (string, samples[idx].string))
         fail (idx, 0);
       xfree (string);
-}
+    }
 
 }
 
@@ -226,6 +226,74 @@ test_openpgp_enum_curves (void)
 }
 
 
+static void
+test_get_keyalgo_string (void)
+{
+  static struct
+  {
+    int algo;
+    unsigned int nbits;
+    const char *curve;
+    const char *name;
+  } samples[] =
+      {
+       { GCRY_PK_RSA, 1024, NULL, "rsa1024" },
+       { GCRY_PK_RSA, 1536, NULL, "rsa1536" },
+       { GCRY_PK_RSA, 768,  NULL, "rsa768"  },
+       { GCRY_PK_DSA, 3072, NULL, "dsa3072" },
+       { GCRY_PK_DSA, 1024, NULL, "dsa1024" },
+       { GCRY_PK_ELG, 2048, NULL, "elg2048" },
+       { GCRY_PK_ELG, 0,    NULL, "unknown_20" },
+       { 47114711,    1000, NULL, "unknown_47114711" },
+       /* Note that we don't care about the actual ECC algorithm.  */
+       { GCRY_PK_EDDSA,  0, "1.3.6.1.4.1.11591.15.1", "ed25519" },
+       { GCRY_PK_ECDSA,  0, "1.3.6.1.4.1.11591.15.1", "ed25519" },
+       { GCRY_PK_ECDH,   0, "1.3.6.1.4.1.11591.15.1", "ed25519" },
+       { GCRY_PK_ECDH,   0, "1.3.6.1.4.1.3029.1.5.1", "cv25519" },
+       { GCRY_PK_ECDH,   0, "1.3.36.3.3.2.8.1.1.7",   "brainpoolP256r1" },
+       { GCRY_PK_ECDH,   0, "1.3.36.3.3.2.8.1.1.11",  "brainpoolP384r1" },
+       { GCRY_PK_ECDH,   0, "1.3.36.3.3.2.8.1.1.13",  "brainpoolP512r1" },
+       { GCRY_PK_ECDH,   0, "1.3.132.0.10",           "secp256k1" },
+       { GCRY_PK_ECDH,   0, "1.2.840.10045.3.1.7",    "nistp256"  },
+       { GCRY_PK_ECDH,   0, "1.3.132.0.34",           "nistp384"  },
+       { GCRY_PK_ECDH,   0, "1.3.132.0.35",           "nistp521"  },
+       { GCRY_PK_ECDH,   0, "1.2.3.4.5.6",            "E_1.2.3.4.5.6" },
+       { GCRY_PK_ECDH,   0, BADOID,    "E_1.3.6.1.4.1.11591.2.12242973" },
+
+       /* Some again to test existing lookups.  */
+       { GCRY_PK_RSA, 768,  NULL, "rsa768"  },
+       { GCRY_PK_DSA, 3072, NULL, "dsa3072" },
+       { GCRY_PK_DSA, 1024, NULL, "dsa1024" },
+       { GCRY_PK_ECDH,   0, "1.3.6.1.4.1.11591.15.1", "ed25519" },
+       { GCRY_PK_ECDH,   0, "1.3.6.1.4.1.3029.1.5.1", "cv25519" },
+       { GCRY_PK_ECDH,   0, "1.3.36.3.3.2.8.1.1.7",   "brainpoolP256r1" },
+       { 47114711,    1000, NULL, "unknown_47114711" }
+      };
+  int idx;
+  const char *name;
+  int oops = 0;
+  int pass;
+
+  /* We do several passes because that is how the function is
+   * called.  */
+  for (pass=0; pass < 3; pass++)
+    for (idx=0; idx < DIM (samples); idx++)
+      {
+        name = get_keyalgo_string (samples[idx].algo,
+                                   samples[idx].nbits,
+                                   samples[idx].curve);
+        if (strcmp (samples[idx].name, name))
+          {
+            fprintf (stderr, "%s:test %d.%d: want '%s' got '%s'\n",
+                     __func__, pass, idx, samples[idx].name, name);
+            oops = 1;
+          }
+    }
+  if (oops)
+    exit (1);
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -241,6 +309,7 @@ main (int argc, char **argv)
   test_openpgp_oid_to_str ();
   test_openpgp_oid_is_ed25519 ();
   test_openpgp_enum_curves ();
+  test_get_keyalgo_string ();
 
   return 0;
 }
diff --git a/common/t-percent.c b/common/t-percent.c
index 145a89b..42b5416 100644
--- a/common/t-percent.c
+++ b/common/t-percent.c
@@ -99,6 +99,213 @@ test_percent_plus_escape (void)
 }
 
 
+static void
+test_percent_data_escape (void)
+{
+  static struct {
+    const char *prefix;
+    const char *data;
+    size_t datalen;
+    const char *expect;
+  } tbl[] = {
+    {
+      NULL,
+      "", 0,
+      ""
+    }, {
+      NULL,
+      "a", 1,
+      "a",
+    }, {
+      NULL,
+      "%22", 3,
+      "%2522"
+    }, {
+      NULL,
+      "%%", 3,
+      "%25%25%00"
+    }, {
+      NULL,
+      "\n \0BC\t", 6,
+      "\n %00BC\t"
+    }, {
+      "",
+      "", 0,
+      ""
+    }, {
+      "",
+      "a", 1,
+      "a",
+    }, {
+      "",
+      "%22", 3,
+      "%2522"
+    }, {
+      "",
+      "%%", 3,
+      "%25%25%00"
+    }, {
+      "",
+      "\n \0BC\t", 6,
+      "\n %00BC\t"
+    }, {
+      "a",
+      "", 0,
+      "a"
+    }, {
+      "a",
+      "a", 1,
+      "aa",
+    }, {
+      "a",
+      "%22", 3,
+      "a%2522"
+    }, {
+      "a",
+      "%%", 3,
+      "a%25%25%00"
+    }, {
+      "a",
+      "\n \0BC\t", 6,
+      "a\n %00BC\t"
+    }, {
+      " ",
+      "%%", 3,
+      " %25%25%00"
+    }, {
+      "+",
+      "%%", 3,
+      "+%25%25%00"
+    }, {
+      "%",
+      "%%", 3,
+      "%25%25%25%00"
+    }, {
+      "a b",
+      "%%", 3,
+      "a b%25%25%00"
+    }, {
+      "a%2Bb",
+      "%%", 3,
+      "a%252Bb%25%25%00"
+    }, {
+      "\n",
+      "%%", 3,
+      "%0A%25%25%00"
+    }, {
+      NULL,
+      NULL, 0,
+      NULL }
+  };
+  char *buf;
+  int i;
+  size_t len, prefixlen;
+
+  for (i=0; tbl[i].data; i++)
+    {
+      buf = percent_data_escape (0, tbl[i].prefix, tbl[i].data, tbl[i].datalen);
+      if (!buf)
+        {
+          fprintf (stderr, "out of core: %s\n", strerror (errno));
+          exit (2);
+        }
+      if (strcmp (buf, tbl[i].expect))
+        {
+          fail (i);
+        }
+      len = percent_plus_unescape_inplace (buf, 0);
+      prefixlen = tbl[i].prefix? strlen (tbl[i].prefix) : 0;
+      if (len != tbl[i].datalen + prefixlen)
+        fail (i);
+      else if (tbl[i].prefix && memcmp (buf, tbl[i].prefix, prefixlen)
+               && !(prefixlen == 1 && *tbl[i].prefix == '+' && *buf == ' '))
+        {
+          /* Note extra condition above handles the one test case
+           * which reverts a plus to a space due to the use of the
+           * plus-unescape function also for the prefix part.  */
+          fail (i);
+        }
+      else if (memcmp (buf+prefixlen, tbl[i].data, tbl[i].datalen))
+        {
+          fail (i);
+        }
+      xfree (buf);
+    }
+}
+
+
+
+static void
+test_percent_data_escape_plus (void)
+{
+  static struct {
+    const char *data;
+    size_t datalen;
+    const char *expect;
+  } tbl[] = {
+    {
+      "", 0,
+      ""
+    }, {
+      "a", 1,
+      "a",
+    }, {
+      "%22", 3,
+      "%2522"
+    }, {
+      "%%", 3,
+      "%25%25%00"
+    }, {
+      "\n \0BC\t", 6,
+      "%0A+%00BC%09"
+    }, {
+      " ", 1,
+      "+"
+    }, {
+      "  ", 2,
+      "++"
+    }, {
+      "+ +", 3,
+      "%2B+%2B"
+    }, {
+      "\" \"", 3,  /* Note: This function does not escape quotes.  */
+      "\"+\""
+    }, {
+      "%22", 3,
+      "%2522"
+    }, {
+      "%% ", 3,
+      "%25%25+"
+    }, {
+      "\n ABC\t", 6,
+      "%0A+ABC%09"
+    }, { NULL, 0, NULL }
+  };
+  char *buf;
+  int i;
+  size_t len;
+
+  for (i=0; tbl[i].data; i++)
+    {
+      buf = percent_data_escape (1, NULL, tbl[i].data, tbl[i].datalen);
+      if (!buf)
+        {
+          fprintf (stderr, "out of core: %s\n", strerror (errno));
+          exit (2);
+        }
+      if (strcmp (buf, tbl[i].expect))
+        {
+          fail (i);
+        }
+      len = percent_plus_unescape_inplace (buf, 0);
+      if (len != tbl[i].datalen)
+        fail (i);
+      else if (memcmp (buf, tbl[i].data, tbl[i].datalen))
+        fail (i);
+      xfree (buf);
+    }
+}
+
 
 int
 main (int argc, char **argv)
@@ -106,9 +313,9 @@ main (int argc, char **argv)
   (void)argc;
   (void)argv;
 
-  /* FIXME: We escape_unescape is not tested - only
-     percent_plus_unescape.  */
+  /* FIXME: escape_unescape is not tested - only percent_plus_unescape.  */
   test_percent_plus_escape ();
-
+  test_percent_data_escape ();
+  test_percent_data_escape_plus ();
   return 0;
 }
diff --git a/common/t-sexputil.c b/common/t-sexputil.c
index 8da9760..d75090c 100644
--- a/common/t-sexputil.c
+++ b/common/t-sexputil.c
@@ -182,6 +182,7 @@ test_make_canon_sexp_from_rsa_pk (void)
 }
 
 
+
 /* Communiacation object for tcmp.  */
 struct tcmp_parm_s {
   int curve_seen;
@@ -460,33 +461,17 @@ test_ecc_uncompress (void)
       if (bbuf)
         {
           err = uncompress_ecc_q_in_canon_sexp (bbuf, bbuflen, &rbuf, &rbuflen);
-          if (gpg_err_code (err) == GPG_ERR_UNKNOWN_CURVE)
-            {
-              static int shown;
-              fprintf (stderr, "%s:%d: test %d failed: %s - ignored\n",
-                       __FILE__,__LINE__, idx, gpg_strerror (err));
-              if (!shown)
-                {
-                  shown = 1;
-                  fprintf (stderr, "This is likely due to a patched"
-                           " version of Libgcrypt with removed support"
-                           " for Brainpool curves\n");
-                }
-            }
-          else
-            {
-              if (err)
-                fail2 (idx,err);
-              if (!rbuf)
-                fail (idx);  /* Not converted despite a need for it. */
-
-              /* log_printcanon ("  orig:", abuf, abuflen); */
-              /* log_printcanon ("  comp:", bbuf, bbuflen); */
-              /* log_printcanon ("uncomp:", rbuf, rbuflen); */
-
-              if (rbuflen != abuflen || memcmp (rbuf, abuf, abuflen))
-                fail (idx);
-            }
+          if (err)
+            fail2 (idx,err);
+          if (!rbuf)
+            fail (idx);  /* Not converted despite a need for it. */
+
+          /* log_printcanon ("  orig:", abuf, abuflen); */
+          /* log_printcanon ("  comp:", bbuf, bbuflen); */
+          /* log_printcanon ("uncomp:", rbuf, rbuflen); */
+
+          if (rbuflen != abuflen || memcmp (rbuf, abuf, abuflen))
+            fail (idx);
         }
 
       xfree (abuf);
@@ -496,6 +481,8 @@ test_ecc_uncompress (void)
 }
 
 
+
+
 int
 main (int argc, char **argv)
 {
diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
index d76991f..6f7f6f7 100644
--- a/common/t-stringhelp.c
+++ b/common/t-stringhelp.c
@@ -1,6 +1,6 @@
 /* t-stringhelp.c - Regression tests for stringhelp.c
  * Copyright (C) 2007 Free Software Foundation, Inc.
- *               2015, 2021  g10 Code GmbH
+ *               2015  g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -27,7 +27,6 @@
  * You should have received a copies of the GNU General Public License
  * and the GNU Lesser General Public License along with this program;
  * if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
  */
 
 #include <config.h>
@@ -35,16 +34,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
+#include <assert.h>
 #ifdef HAVE_PWD_H
 # include <pwd.h>
 #endif
 #include <unistd.h>
 #include <sys/types.h>
 #include <limits.h>
-#include <assert.h>
 
 #include "t-support.h"
-#include "sysutils.h"
 #include "stringhelp.h"
 
 
@@ -689,144 +687,6 @@ test_strtokenize (void)
 
 
 static void
-test_strtokenize_nt (void)
-{
-  struct {
-    const char *s;
-    const char *delim;
-    const char *fields_expected[10];
-  } tv[] = {
-    {
-      "", ":",
-      { "", NULL }
-    },
-    {
-      "a", ":",
-      { "a", NULL }
-    },
-    {
-      ":", ":",
-      { "", "", NULL }
-    },
-    {
-      "::", ":",
-      { "", "", "", NULL }
-    },
-    {
-      "a:b:c", ":",
-      { "a", "b", "c", NULL }
-    },
-    {
-      "a:b:", ":",
-      { "a", "b", "", NULL }
-    },
-    {
-      "a:b", ":",
-      { "a", "b", NULL }
-    },
-    {
-      "aa:b:cd", ":",
-      { "aa", "b", "cd", NULL }
-    },
-    {
-      "aa::b:cd", ":",
-      { "aa", "", "b", "cd", NULL }
-    },
-    {
-      "::b:cd", ":",
-      { "", "", "b", "cd", NULL }
-    },
-    {
-      "aa:   : b:cd ", ":",
-      { "aa", "   ", " b", "cd ", NULL }
-    },
-    {
-      "  aa:   : b:  cd ", ":",
-      { "  aa", "   ", " b", "  cd ", NULL }
-    },
-    {
-      "  ", ":",
-      { "  ", NULL }
-    },
-    {
-      "  :", ":",
-      { "  ", "", NULL }
-    },
-    {
-      "  : ", ":",
-      { "  ", " ", NULL }
-    },
-    {
-      ": ", ":",
-      { "", " ", NULL }
-    },
-    {
-      ": x ", ":",
-      { "", " x ", NULL }
-    },
-    {
-      "a:bc:cde:fghi:jklmn::foo:", ":",
-      { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }
-    },
-    {
-      ",a,bc,,def,", ",",
-      { "", "a", "bc", "", "def", "", NULL }
-    },
-    {
-      " a ", " ",
-      { "", "a", "", NULL }
-    },
-    {
-      " ", " ",
-      { "", "", NULL }
-    },
-    {
-      "", " ",
-      { "", NULL }
-    }
-  };
-
-  int tidx;
-
-  for (tidx = 0; tidx < DIM(tv); tidx++)
-    {
-      char **fields;
-      int field_count;
-      int field_count_expected;
-      int i;
-
-      for (field_count_expected = 0;
-           tv[tidx].fields_expected[field_count_expected];
-           field_count_expected ++)
-        ;
-
-      fields = strtokenize_nt (tv[tidx].s, tv[tidx].delim);
-      if (!fields)
-        fail (tidx * 1000);
-      else
-        {
-          for (field_count = 0; fields[field_count]; field_count++)
-            ;
-          if (field_count != field_count_expected)
-            fail (tidx * 1000);
-          else
-            {
-              for (i = 0; i < field_count_expected; i++)
-                if (strcmp (tv[tidx].fields_expected[i], fields[i]))
-                  {
-                    printf ("For field %d, expected '%s', but got '%s'\n",
-                            i, tv[tidx].fields_expected[i], fields[i]);
-                    fail (tidx * 1000 + i + 1);
-                  }
-            }
-          }
-
-      xfree (fields);
-    }
-}
-
-
-static void
 test_split_fields (void)
 {
   struct {
@@ -857,7 +717,7 @@ test_split_fields (void)
   };
 
   int tidx;
-  char *fields[10];
+  const char *fields[10];
   int field_count_expected, nfields, field_count, i;
   char *s2;
 
@@ -932,7 +792,7 @@ test_split_fields_colon (void)
   };
 
   int tidx;
-  char *fields[10];
+  const char *fields[10];
   int field_count_expected, nfields, field_count, i;
   char *s2;
 
@@ -1196,103 +1056,6 @@ test_compare_version_strings (void)
 }
 
 
-static void
-test_substitute_envvars (void)
-{
-  struct {
-    const char *name;
-    const char *value;
-  } envvars[] = {
-    { "HOME", "/home/joe" },
-    { "AVAR",  "avar" },
-    { "AVAR1", "avarx" },
-    { "AVAR2", "avarxy" },
-    { "AVAR3", "avarxyz" },
-    { "AVAR0", "ava" },
-    { "MY_VAR", "my_vars_value" },
-    { "STRANGE{X}VAR", "strange{x}vars-value" },
-    { "ZERO",  "" }
-  };
-  struct {
-    const char *string;
-    const char *result;
-  } tests[] = {
-    { "foo bar",
-      "foo bar"
-    },
-    { "foo $HOME",
-      "foo /home/joe"
-    },
-    { "foo $HOME ",
-      "foo /home/joe "
-    },
-    { "foo $HOME$$",
-      "foo /home/joe$"
-    },
-    { "foo ${HOME}/.ssh",
-      "foo /home/joe/.ssh"
-    },
-    { "foo $HOME/.ssh",
-      "foo /home/joe/.ssh"
-    },
-    { "foo $HOME_/.ssh",
-      "foo /.ssh"
-    },
-    { "foo $HOME/.ssh/$MY_VAR:1",
-      "foo /home/joe/.ssh/my_vars_value:1"
-    },
-    { "foo $HOME${MY_VAR}:1",
-      "foo /home/joemy_vars_value:1"
-    },
-    { "${STRANGE{X}VAR}-bla",
-      "strange{x}vars-value-bla"
-    },
-    { "${STRANGE{X}{VAR}-bla", /* missing "}" */
-      "${STRANGE{X}{VAR}-bla"
-    },
-    { "zero->$ZERO<-",
-      "zero-><-"
-    },
-    { "->$AVAR.$AVAR1.$AVAR2.$AVAR3.$AVAR0<-",
-      "->avar.avarx.avarxy.avarxyz.ava<-"
-    },
-    { "",
-      ""
-    }
-  };
-  int idx;
-  char *res;
-
-  for (idx=0; idx < DIM(envvars); idx++)
-    if (gnupg_setenv (envvars[idx].name, envvars[idx].value, 1))
-      {
-        fprintf (stderr,"error setting envvar '%s' to '%s': %s\n",
-                 envvars[idx].name, envvars[idx].value,
-                 strerror (errno));
-        exit (2);
-      }
-
-  for (idx=0; idx < DIM(tests); idx++)
-    {
-      res = substitute_envvars (tests[idx].string);
-      if (!res)
-        {
-          fprintf (stderr,"error substituting '%s' (test %d): %s\n",
-                   tests[idx].string, idx, strerror (errno));
-          exit (2);
-        }
-      if (strcmp (res, tests[idx].result))
-        {
-          fprintf (stderr, "substituted '%s'\n", tests[idx].string);
-          fprintf (stderr, "     wanted '%s'\n", tests[idx].result);
-          fprintf (stderr, "        got '%s'\n", res);
-          fail (idx);
-        }
-      xfree (res);
-    }
-}
-
-
 int
 main (int argc, char **argv)
 {
@@ -1307,12 +1070,10 @@ main (int argc, char **argv)
   test_make_absfilename_try ();
   test_strsplit ();
   test_strtokenize ();
-  test_strtokenize_nt ();
   test_split_fields ();
   test_split_fields_colon ();
   test_compare_version_strings ();
   test_format_text ();
-  test_substitute_envvars ();
 
   xfree (home_buffer);
   return !!errcount;
diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c
index 1a44e38..01816db 100644
--- a/common/t-w32-reg.c
+++ b/common/t-w32-reg.c
@@ -44,28 +44,25 @@
 static void
 test_read_registry (void)
 {
-  char *string1, *string2;
+  char *string;
 
-  string1 = read_w32_registry_string
+#ifdef HAVE_W32CE_SYSTEM
+  string = read_w32_registry_string ("HKEY_CLASSES_ROOT",
+                                     "BOOTSTRAP\\CLSID", NULL);
+  if (!string)
+    fail (0);
+  fprintf (stderr, "Bootstrap clsid: %s\n", string);
+  xfree (string);
+#endif
+
+  string = read_w32_registry_string
     ("HKEY_CURRENT_USER",
      "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
      "User Agent");
-  if (!string1)
+  if (!string)
     fail (0);
-  fprintf (stderr, "User agent: %s\n", string1);
-
-  string2 = read_w32_reg_string
-    ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion"
-     "\\Internet Settings:User Agent", NULL);
-  if (!string2)
-    fail (1);
-  fprintf (stderr, "User agent: %s\n", string2);
-  if (strcmp (string1, string2))
-    fail (2);
-
-
-  xfree (string1);
-  xfree (string2);
+  fprintf (stderr, "User agent: %s\n", string);
+  xfree (string);
 }
 
 
@@ -74,14 +71,10 @@ test_read_registry (void)
 int
 main (int argc, char **argv)
 {
-  if (argc > 1)
-    {
-      char *string = read_w32_reg_string (argv[1], NULL);
-      printf ("%s -> %s\n", argv[1], string? string : "(null)");
-      xfree (string);
-    }
-  else
-    test_read_registry ();
+  (void)argc;
+  (void)argv;
+
+  test_read_registry ();
 
   return 0;
 }
diff --git a/common/tlv-builder.c b/common/tlv-builder.c
index 59e2691..3b644ca 100644
--- a/common/tlv-builder.c
+++ b/common/tlv-builder.c
@@ -350,7 +350,6 @@ get_tlv_length (int class, int tag, int constructed, size_t length)
 
   (void)constructed;  /* Not used, but passed for uniformity of such calls.  */
 
-  /* coverity[identical_branches] */
   if (tag < 0x1f)
     {
       buflen++;
diff --git a/common/tlv.h b/common/tlv.h
index 51a0ef4..e371ca5 100644
--- a/common/tlv.h
+++ b/common/tlv.h
@@ -32,7 +32,6 @@
 
 #include "membuf.h"
 
-
 enum tlv_tag_class {
   CLASS_UNIVERSAL = 0,
   CLASS_APPLICATION = 1,
@@ -97,8 +96,8 @@ const unsigned char *find_tlv_unchecked (const unsigned char *buffer,
    and the length part from the TLV triplet.  Update BUFFER and SIZE
    on success. */
 gpg_error_t parse_ber_header (unsigned char const **buffer, size_t *size,
-                               int *r_class, int *r_tag,
-                               int *r_constructed,
+                              int *r_class, int *r_tag,
+                              int *r_constructed,
                               int *r_ndef, size_t *r_length, size_t *r_nhdr);
 
 
diff --git a/common/ttyio.c b/common/ttyio.c
index c310817..15f7a02 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -100,7 +100,7 @@ static void (*my_rl_cleanup_after_signal) (void);
 static void (*my_rl_init_stream) (FILE *);
 static char *(*my_rl_readline) (const char*);
 static void (*my_rl_add_history) (const char*);
-
+static int (*my_rl_rw_history)(const char *, int, int);
 
 /* This is a wrapper around ttyname so that we can use it even when
    the standard streams are redirected.  It figures the name out the
@@ -236,24 +236,10 @@ w32_write_console (const char *string)
   n = wcslen (wstring);
 
   if (!WriteConsoleW (con.out, wstring, n, &nwritten, NULL))
-    {
-      static int shown;
-      if (!shown)
-        {
-          shown = 1;
-          log_info ("WriteConsole failed: %s", w32_strerror (-1));
-          log_info ("Please configure a suitable font for the console\n");
-        }
-      n = strlen (string);
-      if (!WriteConsoleA (con.out, string, n , &nwritten, NULL))
-        log_fatal ("WriteConsole fallback failed: %s", w32_strerror (-1));
-    }
-  else
-    {
-      if (n != nwritten)
-        log_fatal ("WriteConsole failed: %lu != %lu\n",
-                   (unsigned long)n, (unsigned long)nwritten);
-    }
+    log_fatal ("WriteConsole failed: %s", w32_strerror (-1));
+  if (n != nwritten)
+    log_fatal ("WriteConsole failed: %lu != %lu\n",
+               (unsigned long)n, (unsigned long)nwritten);
   last_prompt_len += n;
   xfree (wstring);
 }
@@ -454,12 +440,12 @@ do_get (const char *prompt, int hidden)
       exit (2);
     }
 
-  if( !initialized )
-    init_ttyfp();
+  if (!initialized)
+    init_ttyfp ();
 
   last_prompt_len = 0;
-  tty_printf( "%s", prompt );
-  buf = xmalloc((n=50));
+  tty_printf ("%s", prompt);
+  buf = xmalloc ((n=50));
   i = 0;
 
 #ifdef HAVE_W32_SYSTEM
@@ -560,7 +546,6 @@ do_get (const char *prompt, int hidden)
         }
       buf[i++] = c;
     }
-
   if (*cbuf != '\n')
     {
       buf[0] = CONTROL_D;
@@ -582,6 +567,8 @@ do_get (const char *prompt, int hidden)
 }
 
 
+
+/* Note: This function never returns NULL. */
 char *
 tty_get( const char *prompt )
 {
@@ -698,7 +685,8 @@ tty_private_set_rl_hooks (void (*init_stream) (FILE *),
                           void (*inhibit_completion) (int),
                           void (*cleanup_after_signal) (void),
                           char *(*readline_fun) (const char*),
-                          void (*add_history_fun) (const char*))
+                          void (*add_history_fun) (const char*),
+                          int (*rw_history_fun)(const char *, int, int))
 {
   my_rl_init_stream = init_stream;
   my_rl_set_completer = set_completer;
@@ -706,6 +694,40 @@ tty_private_set_rl_hooks (void (*init_stream) (FILE *),
   my_rl_cleanup_after_signal = cleanup_after_signal;
   my_rl_readline = readline_fun;
   my_rl_add_history = add_history_fun;
+  my_rl_rw_history = rw_history_fun;
+}
+
+
+/* Read the history from FILENAME or limit the size of the history.
+ * If FILENAME is NULL and NLINES is zero the current history is
+ * cleared.  Returns 0 on success or -1 on error and sets ERRNO.  No
+ * error is return if readline support is not available.  */
+int
+tty_read_history (const char *filename, int nlines)
+{
+  int rc;
+
+  if (!my_rl_rw_history)
+    return 0;
+
+  rc = my_rl_rw_history (filename, 0, nlines);
+  if (rc && gpg_err_code_from_syserror () == GPG_ERR_ENOENT)
+    rc = 0;
+
+  return rc;
+}
+
+
+/* Write the current history to the file FILENAME.  Returns 0 on
+ * success or -1 on error and sets ERRNO.  No error is return if
+ * readline support is not available.  */
+int
+tty_write_history (const char *filename)
+{
+  if (!my_rl_rw_history)
+    return 0;
+
+  return my_rl_rw_history (filename, 1, 0);
 }
 
 
diff --git a/common/ttyio.h b/common/ttyio.h
index 5bff82f..46bcc2f 100644
--- a/common/ttyio.h
+++ b/common/ttyio.h
@@ -66,6 +66,8 @@ void tty_disable_completion (void);
 #define tty_enable_completion(x)
 #define tty_disable_completion()
 #endif
+int tty_read_history (const char *filename, int nlines);
+int tty_write_history (const char *filename);
 void tty_cleanup_after_signal (void);
 void tty_cleanup_rl_after_signal (void);
 
diff --git a/common/types.h b/common/types.h
index 8e551df..28f3779 100644
--- a/common/types.h
+++ b/common/types.h
@@ -67,29 +67,29 @@
      Windows typedefs byte in the RPC headers but we need to avoid a
      warning about a double definition.
  */
-#ifndef HAVE_BYTE_TYPEDEF
+#ifndef HAVE_TYPE_BYTE
 #  undef byte	    /* There might be a macro with this name.  */
 #  ifdef __riscos__
      typedef char byte;
 #  elif !(defined(_WIN32) && defined(cbNDRContext))
      typedef unsigned char byte;
 #  endif
-#  define HAVE_BYTE_TYPEDEF
-#endif /*!HAVE_BYTE_TYPEDEF*/
+#  define HAVE_TYPE_BYTE
+#endif /*!HAVE_TYPE_BYTE*/
 
-#ifndef HAVE_USHORT_TYPEDEF
+#ifndef HAVE_TYPE_USHORT
 #  undef ushort     /* There might be a macro with this name.  */
    typedef unsigned short ushort;
-#  define HAVE_USHORT_TYPEDEF
+#  define HAVE_TYPE_USHORT
 #endif
 
-#ifndef HAVE_ULONG_TYPEDEF
+#ifndef HAVE_TYPE_ULONG
 #  undef ulong	    /* There might be a macro with this name.  */
    typedef unsigned long ulong;
-#  define HAVE_ULONG_TYPEDEF
+#  define HAVE_TYPE_ULONG
 #endif
 
-#ifndef HAVE_U16_TYPEDEF
+#ifndef HAVE_TYPE_U16
 #  undef u16	    /* There might be a macro with this name.  */
 #  if SIZEOF_UNSIGNED_INT == 2
      typedef unsigned int   u16;
@@ -98,10 +98,10 @@
 #  else
 #    error no typedef for u16
 #  endif
-#  define HAVE_U16_TYPEDEF
+#  define HAVE_TYPE_U16
 #endif
 
-#ifndef HAVE_U32_TYPEDEF
+#ifndef HAVE_TYPE_U32
 #  undef u32        /* There might be a macro with this name.  */
 #  if SIZEOF_UNSIGNED_INT == 4
      typedef unsigned int u32;
@@ -110,7 +110,7 @@
 #  else
 #    error no typedef for u32
 #  endif
-#  define HAVE_U32_TYPEDEF
+#  define HAVE_TYPE_U32
 #endif
 
 #endif /*GNUPG_COMMON_TYPES_H*/
diff --git a/common/userids.c b/common/userids.c
index 00f26b7..0f03896 100644
--- a/common/userids.c
+++ b/common/userids.c
@@ -65,6 +65,9 @@
  *   (note that you can't search for these characters). Compare
  *   is not case sensitive.
  * - If the userid starts with a '&' a 40 hex digits keygrip is expected.
+ * - If the userid starts with a '^' followed by 40 hex digits it describes
+ *   a Unique-Blob-ID (UBID) which is the hash of keyblob or certificate as
+ *   stored in the database.  This is used in the IPC of the keyboxd.
  */
 
 gpg_error_t
@@ -189,7 +192,8 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                   }
               }
             desc->sn = (const unsigned char*)s;
-            desc->snlen = -1;
+            desc->snlen = si - s;
+            desc->snhex = 1;
             if (!*si)
               mode = KEYDB_SEARCH_MODE_SN;
             else
@@ -226,14 +230,15 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                 goto out;
               }
           }
-        if (i != 32 && i != 40)
+        if (i != 32 && i != 40 && i != 64)
           {
             rc = gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr.  */
             goto out;
           }
         for (i=0,si=s; si < se; i++, si +=2)
           desc->u.fpr[i] = hextobyte(si);
-        for (; i < 20; i++)
+        desc->fprlen = i;
+        for (; i < 32; i++)
           desc->u.fpr[i]= 0;
         mode = KEYDB_SEARCH_MODE_FPR;
       }
@@ -250,6 +255,17 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
       }
       break;
 
+    case '^': /* UBID */
+      {
+        if (hex2bin (s+1, desc->u.ubid, UBID_LEN) < 0)
+          {
+            rc = gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */
+            goto out;
+          }
+        mode = KEYDB_SEARCH_MODE_UBID;
+      }
+      break;
+
     default:
       if (s[0] == '0' && s[1] == 'x')
         {
@@ -326,14 +342,17 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                 }
               desc->u.fpr[i] = c;
             }
-          mode = KEYDB_SEARCH_MODE_FPR16;
+          desc->fprlen = 16;
+          for (; i < 32; i++)
+            desc->u.fpr[i]= 0;
+          mode = KEYDB_SEARCH_MODE_FPR;
         }
       else if ((hexlength == 40
                 && (s[hexlength] == 0
                     || (s[hexlength] == '!' && s[hexlength + 1] == 0)))
                || (!hexprefix && hexlength == 41 && *s == '0'))
         {
-          /* SHA1/RMD160 fingerprint.  */
+          /* SHA1 fingerprint.  */
           int i;
           if (hexlength == 41)
             s++;
@@ -347,7 +366,32 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                 }
               desc->u.fpr[i] = c;
             }
-          mode = KEYDB_SEARCH_MODE_FPR20;
+          desc->fprlen = 20;
+          for (; i < 32; i++)
+            desc->u.fpr[i]= 0;
+          mode = KEYDB_SEARCH_MODE_FPR;
+        }
+      else if ((hexlength == 64
+                && (s[hexlength] == 0
+                    || (s[hexlength] == '!' && s[hexlength + 1] == 0)))
+               || (!hexprefix && hexlength == 65 && *s == '0'))
+        {
+          /* SHA256 fingerprint.  */
+          int i;
+          if (hexlength == 65)
+            s++;
+          for (i=0; i < 32; i++, s+=2)
+            {
+              int c = hextobyte(s);
+              if (c == -1)
+                {
+                  rc = gpg_error (GPG_ERR_INV_USER_ID);
+                  goto out;
+                }
+              desc->u.fpr[i] = c;
+            }
+          desc->fprlen = 32;
+          mode = KEYDB_SEARCH_MODE_FPR;
         }
       else if (!hexprefix)
         {
@@ -369,15 +413,21 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                   desc->u.fpr[i] = c;
                 }
               if (i == 20)
-                mode = KEYDB_SEARCH_MODE_FPR20;
+                {
+                  desc->fprlen = 20;
+                  mode = KEYDB_SEARCH_MODE_FPR;
+                }
+              for (; i < 32; i++)
+                desc->u.fpr[i]= 0;
             }
           if (!mode)
             {
               /* Still not found.  Now check for a space separated
-                 OpenPGP v4 fingerprint like:
-                   8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367
-                 or
-                   8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367
+               * OpenPGP v4 fingerprint like:
+               *   8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367
+               * or
+               *   8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367
+               * FIXME: Support OpenPGP v5 fingerprint
                */
               hexlength = strspn (s, " 0123456789abcdefABCDEF");
               if (s[hexlength] && s[hexlength] != ' ')
@@ -411,7 +461,12 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
                       s += 2;
                     }
                   if (i == 20)
-                    mode = KEYDB_SEARCH_MODE_FPR20;
+                    {
+                      desc->fprlen = 20;
+                      mode = KEYDB_SEARCH_MODE_FPR;
+                    }
+                  for (; i < 32; i++)
+                    desc->u.fpr[i]= 0;
                 }
             }
           if (!mode) /* Default to substring search.  */
diff --git a/common/util.h b/common/util.h
index 82b3a34..0427bc8 100644
--- a/common/util.h
+++ b/common/util.h
@@ -35,14 +35,10 @@
 #include <errno.h>  /* We need errno.  */
 #include <gpg-error.h> /* We need gpg_error_t and estream. */
 
-/* These error codes might be used but not defined in the required
+/* These error codes are used but not defined in the required
  * libgpg-error version.  Define them here.
  * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
  */
-#if GPG_ERROR_VERSION_NUMBER < 0x012400 /* 1.36 */
-# define GPG_ERR_NO_AUTH          314
-# define GPG_ERR_BAD_AUTH         315
-#endif
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
 # if !defined (INCLUDED_BY_MAIN_MODULE)
@@ -59,10 +55,13 @@
  * parameters as generated by gcry_pk_get_keygrip.  */
 #define KEYGRIP_LEN 20
 
+/* The length of the unique blob identifier as used by the keyboxd.
+ * This is the possible truncated fingerprint of the primary key.  */
+#define UBID_LEN    20
+
 
 /* Get all the stuff from jnlib. */
 #include "../common/logging.h"
-#include "../common/argparse.h"
 #include "../common/stringhelp.h"
 #include "../common/mischelp.h"
 #include "../common/strlist.h"
@@ -100,6 +99,7 @@ typedef char **rl_completion_func_t (const char *, int, int);
 #define xtrycalloc(a,b)  gcry_calloc ((a),(b))
 #define xtrycalloc_secure(a,b)  gcry_calloc_secure ((a),(b))
 #define xtryrealloc(a,b) gcry_realloc ((a),(b))
+#define xtryreallocarray(a,b,c,d) gpgrt_reallocarray ((a),(b),(c),(d))
 #define xtrystrdup(a)    gcry_strdup ((a))
 #define xfree(a)         gcry_free ((a))
 #define xfree_fnc        gcry_free
@@ -110,6 +110,7 @@ typedef char **rl_completion_func_t (const char *, int, int);
 #define xcalloc_secure(a,b) gcry_xcalloc_secure ((a),(b))
 #define xrealloc(a,b)    gcry_xrealloc ((a),(b))
 #define xstrdup(a)       gcry_xstrdup ((a))
+/* See also the xreallocarray prototype below.  */
 
 /* For compatibility with gpg 1.4 we also define these: */
 #define xmalloc_clear(a) gcry_xcalloc (1, (a))
@@ -142,6 +143,7 @@ ssize_t read_line (FILE *fp,
                    char **addr_of_buffer, size_t *length_of_buffer,
                    size_t *max_length);
 
+
 /*-- b64enc.c and b64dec.c --*/
 struct b64state
 {
@@ -226,10 +228,11 @@ char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf);
 const char *hex2str (const char *hexstring,
                      char *buffer, size_t bufsize, size_t *buflen);
 char *hex2str_alloc (const char *hexstring, size_t *r_count);
+unsigned int hex2fixedbuf (const char *hexstr, void *buffer, size_t bufsize);
 
 /*-- percent.c --*/
 char *percent_plus_escape (const char *string);
-char *percent_data_escape (int plus_escape, const char *prefix,
+char *percent_data_escape (int plus, const char *prefix,
                            const void *data, size_t datalen);
 char *percent_plus_unescape (const char *string, int nulrepl);
 char *percent_unescape (const char *string, int nulrepl);
@@ -245,12 +248,17 @@ int openpgp_oidbuf_is_ed25519 (const void *buf, size_t len);
 int openpgp_oid_is_ed25519 (gcry_mpi_t a);
 int openpgp_oidbuf_is_cv25519 (const void *buf, size_t len);
 int openpgp_oid_is_cv25519 (gcry_mpi_t a);
+int openpgp_oid_is_cv448 (gcry_mpi_t a);
+int openpgp_oid_is_ed448 (gcry_mpi_t a);
 const char *openpgp_curve_to_oid (const char *name,
                                   unsigned int *r_nbits, int *r_algo);
 const char *openpgp_oid_to_curve (const char *oid, int canon);
+const char *openpgp_oid_or_name_to_curve (const char *oidname, int canon);
 const char *openpgp_enum_curves (int *idxp);
 const char *openpgp_is_curve_supported (const char *name,
                                         int *r_algo, unsigned int *r_nbits);
+const char *get_keyalgo_string (enum gcry_pk_algos algo,
+                                unsigned int nbits, const char *curve);
 
 
 /*-- homedir.c --*/
@@ -268,8 +276,10 @@ const char *gnupg_libexecdir (void);
 const char *gnupg_libdir (void);
 const char *gnupg_datadir (void);
 const char *gnupg_localedir (void);
+const char *gnupg_cachedir (void);
 const char *gpg_agent_socket_name (void);
 const char *dirmngr_socket_name (void);
+const char *keyboxd_socket_name (void);
 
 char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info);
 
@@ -287,11 +297,20 @@ char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info);
 #define GNUPG_MODULE_NAME_GPGCONF       10
 #define GNUPG_MODULE_NAME_DIRMNGR_LDAP  11
 #define GNUPG_MODULE_NAME_GPGV          12
+#define GNUPG_MODULE_NAME_KEYBOXD       13
+#define GNUPG_MODULE_NAME_TPM2DAEMON    14
 const char *gnupg_module_name (int which);
 void gnupg_module_name_flush_some (void);
 void gnupg_set_builddir (const char *newdir);
 
 
+/* A list of constants to identify protocols.  This is used by tools
+ * which need to distinguish between the different protocols
+ * implemented by GnuPG.  May be used as bit flags.  */
+#define GNUPG_PROTOCOL_OPENPGP    1   /* The one and only (gpg).      */
+#define GNUPG_PROTOCOL_CMS        2   /* The core of S/MIME (gpgsm)   */
+#define GNUPG_PROTOCOL_SSH_AGENT  4   /* Out ssh-agent implementation */
+
 
 /*-- gpgrlhelp.c --*/
 void gnupg_rl_initialize (void);
@@ -302,9 +321,6 @@ char *gnupg_get_help_string (const char *key, int only_current_locale);
 /*-- localename.c --*/
 const char *gnupg_messages_locale_name (void);
 
-/*-- sysutils.c --*/
-FILE *gnupg_fopen (const char *fname, const char *mode);
-
 /*-- miscellaneous.c --*/
 
 /* This function is called at startup to tell libgcrypt to use our own
@@ -314,8 +330,10 @@ void setup_libgcrypt_logging (void);
 /* Print an out of core message and die.  */
 void xoutofcore (void);
 
-/* Array allocation.  */
-void *gnupg_reallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size);
+/* Wrapper aroung gpgrt_reallocarray.  Uses the gpgrt alloc function
+ * which are redirect to the Libgcrypt versions via
+ * init_common_subsystems.  Thus they can be used interchangeable with
+ * the other alloc functions. */
 void *xreallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size);
 
 /* Same as estream_asprintf but die on memory failure.  */
@@ -323,8 +341,6 @@ char *xasprintf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
 /* This is now an alias to estream_asprintf.  */
 char *xtryasprintf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
 
-void *xtryreallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size);
-
 /* Replacement for gcry_cipher_algo_name.  */
 const char *gnupg_cipher_algo_name (int algo);
 
@@ -358,15 +374,6 @@ struct debug_flags_s
 int parse_debug_flag (const char *string, unsigned int *debugvar,
                       const struct debug_flags_s *flags);
 
-struct compatibility_flags_s
-{
-  unsigned int flag;
-  const char *name;
-  const char *desc;
-};
-int parse_compatibility_flags (const char *string, unsigned int *flagvar,
-                               const struct compatibility_flags_s *flags);
-
 
 /*-- Simple replacement functions. */
 
diff --git a/common/w32-reg.c b/common/w32-reg.c
index cbaba56..d8d94b9 100644
--- a/common/w32-reg.c
+++ b/common/w32-reg.c
@@ -54,17 +54,17 @@ get_root_key(const char *root)
 
   if (!root)
     root_key = HKEY_CURRENT_USER;
-  else if (!strcmp (root, "HKEY_CLASSES_ROOT") || !strcmp (root, "HKCR"))
+  else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) )
     root_key = HKEY_CLASSES_ROOT;
-  else if (!strcmp (root, "HKEY_CURRENT_USER") || !strcmp (root, "HKCU"))
+  else if (!strcmp( root, "HKEY_CURRENT_USER" ) )
     root_key = HKEY_CURRENT_USER;
-  else if (!strcmp (root, "HKEY_LOCAL_MACHINE") || !strcmp (root, "HKLM"))
+  else if (!strcmp( root, "HKEY_LOCAL_MACHINE" ) )
     root_key = HKEY_LOCAL_MACHINE;
-  else if (!strcmp (root, "HKEY_USERS") || !strcmp (root, "HKU"))
+  else if (!strcmp( root, "HKEY_USERS" ) )
     root_key = HKEY_USERS;
-  else if (!strcmp (root, "HKEY_PERFORMANCE_DATA"))
+  else if (!strcmp( root, "HKEY_PERFORMANCE_DATA" ) )
     root_key = HKEY_PERFORMANCE_DATA;
-  else if (!strcmp (root, "HKEY_CURRENT_CONFIG") || !strcmp (root, "HKCC"))
+  else if (!strcmp( root, "HKEY_CURRENT_CONFIG" ) )
     root_key = HKEY_CURRENT_CONFIG;
   else
     return NULL;
@@ -160,18 +160,8 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
     }
 
   nbytes = 1;
-  if (RegQueryValueEx (key_handle, name, 0, NULL, NULL, &nbytes))
-    {
-      if (root)
-        goto leave;
-      /* Try to fallback to HKLM also for a missing value.  */
-      RegCloseKey (key_handle);
-      if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle))
-        return NULL; /* Nope.  */
-      if (RegQueryValueEx (key_handle, name, 0, NULL, NULL, &nbytes))
-        goto leave;
-    }
-
+  if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
+    goto leave;
   result = xtrymalloc ((n1=nbytes+1));
   if (!result)
     goto leave;
@@ -229,19 +219,6 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
           xfree (tmp);
         }
     }
-  else if (type == REG_DWORD && nbytes == sizeof (DWORD))
-    {
-      char *tmp;
-      DWORD dummy;
-
-      memcpy (&dummy, result, nbytes);
-      tmp = xtryasprintf ("%u", (unsigned int)dummy);
-      if (tmp)
-        {
-          xfree (result);
-          result = tmp;
-        }
-    }
 
  leave:
   RegCloseKey (key_handle);
@@ -249,67 +226,5 @@ read_w32_registry_string (const char *root, const char *dir, const char *name)
 #endif /*!HAVE_W32CE_SYSTEM*/
 }
 
-/* Compact version of read_w32_registry_string.  This version expects
- * a single string as key described here using an example:
- *
- *    HKCU\Software\GNU\GnuPG:HomeDir
- *
- * HKCU := the class, other supported classes are HKLM, HKCR, HKU, and
- *         HKCC.  If no class is given and the string thus starts with
- *         a backslash HKCU with a fallback to HKLM is used.
- * Software\GNU\GnuPG := The actual key.
- * HomeDir := the name of the item.  The name is optional to use the default
- *            value.
- *
- * Note that the first backslash and the first colon act as delimiters.
- *
- * Returns a malloced string or NULL if not found.  If R_HKLM_FALLBACK
- * is not NULL, no class was given, and the result came from HKLM,
- * true is stored there.
- */
-char *
-read_w32_reg_string (const char *key_arg, int *r_hklm_fallback)
-{
-  char *key;
-  char *p1, *p2;
-  char *result, *result2;
-
-  if (r_hklm_fallback)
-    *r_hklm_fallback = 0;
-
-  if (!key_arg)
-    return NULL;
-  key = xtrystrdup (key_arg);
-  if (!key)
-    {
-      log_info ("warning: malloc failed while reading registry key\n");
-      return NULL;
-    }
-
-  p1 = strchr (key, '\\');
-  if (!p1)
-    {
-      xfree (key);
-      return NULL;
-    }
-  *p1++ = 0;
-  p2 = strchr (p1, ':');
-  if (p2)
-    *p2++ = 0;
-
-  result = read_w32_registry_string (*key? key : NULL, p1, p2);
-  if (result && !*key && r_hklm_fallback)
-    {
-      /* No key given - see whether the result came from HKCU or HKLM.  */
-      result2 = read_w32_registry_string ("HKCU", p1, p2);
-      if (result2)
-        xfree (result2);
-      else
-        *r_hklm_fallback = 1;
-    }
-  xfree (key);
-  return result;
-}
-
 
 #endif /*HAVE_W32_SYSTEM*/
diff --git a/common/w32help.h b/common/w32help.h
index 54e9267..edb51b8 100644
--- a/common/w32help.h
+++ b/common/w32help.h
@@ -44,7 +44,6 @@ char **w32_parse_commandline (char *cmdline, int globing, int *r_argv,
 /*-- w32-reg.c --*/
 char *read_w32_registry_string (const char *root,
 				const char *dir, const char *name );
-char *read_w32_reg_string (const char *key, int *r_hklm_fallback);
 
 /* Other stuff.  */
 #ifdef HAVE_W32CE_SYSTEM
diff --git a/common/w32info-rc.h.in b/common/w32info-rc.h.in
index 4c0e034..94f13b0 100644
--- a/common/w32info-rc.h.in
+++ b/common/w32info-rc.h.in
@@ -29,4 +29,4 @@ built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0"
 #define W32INFO_PRODUCTVERSION "@VERSION@\0"
 
 #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \
-2022 g10 Code GmbH\0"
+2021 g10 Code GmbH\0"
diff --git a/common/xasprintf.c b/common/xasprintf.c
index 7e37e5b..00ff66a 100644
--- a/common/xasprintf.c
+++ b/common/xasprintf.c
@@ -1,6 +1,5 @@
 /* xasprintf.c
  *	Copyright (C) 2003, 2005 Free Software Foundation, Inc.
- *      Copyright (C) 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -69,55 +68,3 @@ xtryasprintf (const char *fmt, ...)
     return NULL;
   return buf;
 }
-
-
-/* This is safe version of realloc useful for reallocing a calloced
- * array.  There are two ways to call it:  The first example
- * reallocates the array A to N elements each of SIZE but does not
- * clear the newly allocated elements:
- *
- *  p = xtryreallocarray (a, n, n, nsize);
- *
- * Note that when NOLD is larger than N no cleaning is needed anyway.
- * The second example reallocates an array of size NOLD to N elements
- * each of SIZE but clear the newly allocated elements:
- *
- *  p = xtryreallocarray (a, nold, n, nsize);
- *
- * Note that xtryreallocarray (NULL, 0, n, nsize) is equivalent to
- * xtrycalloc (n, nsize).
- *
- * The same function under the name gpgrt_reallocarray exists in
- * libgpg-error but only since version 1.38 and thus we use a copy
- * here.
- */
-void *
-xtryreallocarray (void *a, size_t oldnmemb, size_t nmemb, size_t size)
-{
-  size_t oldbytes, bytes;
-  char *p;
-
-  bytes = nmemb * size; /* size_t is unsigned so the behavior on overflow
-                         * is defined. */
-  if (size && bytes / size != nmemb)
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-
-  p = xtryrealloc (a, bytes);
-  if (p && oldnmemb < nmemb)
-    {
-      /* OLDNMEMBS is lower than NMEMB thus the user asked for a
-         calloc.  Clear all newly allocated members.  */
-      oldbytes = oldnmemb * size;
-      if (size && oldbytes / size != oldnmemb)
-        {
-          xfree (p);
-          gpg_err_set_errno (ENOMEM);
-          return NULL;
-        }
-      memset (p + oldbytes, 0, bytes - oldbytes);
-    }
-  return p;
-}
diff --git a/config.h.in b/config.h.in
index 240c7cb..0ea55d1 100644
--- a/config.h.in
+++ b/config.h.in
@@ -35,9 +35,15 @@
 /* Defined if GPGSM is to be build */
 #undef BUILD_WITH_GPGSM
 
+/* Defined if KEYBOXD is to be build */
+#undef BUILD_WITH_KEYBOXD
+
 /* Defined if SCDAEMON is to be build */
 #undef BUILD_WITH_SCDAEMON
 
+/* Defined if TPM2D to be build */
+#undef BUILD_WITH_TPM2D
+
 /* Use as default system trust store file */
 #undef DEFAULT_TRUST_STORE_FILE
 
@@ -65,6 +71,9 @@
 /* This is only used with "make distcheck" */
 #undef ENABLE_GNUPG_BUILDDIR_ENVVAR
 
+/* Defined to use log_clock timestamps */
+#undef ENABLE_LOG_CLOCK
+
 /* Define to 1 if translation of program messages to the user's native
    language is requested. */
 #undef ENABLE_NLS
@@ -210,8 +219,8 @@
 /* Defined if ttyname does not work properly */
 #undef HAVE_BROKEN_TTYNAME
 
-/* Defined if a `byte' is typedef'd */
-#undef HAVE_BYTE_TYPEDEF
+/* Define to 1 if the system has the type `byte'. */
+#undef HAVE_BYTE
 
 /* Defined if the bz2 compression library is available */
 #undef HAVE_BZIP2
@@ -245,9 +254,6 @@
    don't. */
 #undef HAVE_DECL_SYS_SIGLIST
 
-/* Define to 1 if you have the <direct.h> header file. */
-#undef HAVE_DIRECT_H
-
 /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
 #undef HAVE_DOPRNT
 
@@ -334,6 +340,9 @@
 /* Define to 1 if you have the `inotify_init' function. */
 #undef HAVE_INOTIFY_INIT
 
+/* Defined if we have the Intel TSS */
+#undef HAVE_INTEL_TSS
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
@@ -370,12 +379,15 @@
 /* Define to 1 if you have a fully functional readline library. */
 #undef HAVE_LIBREADLINE
 
+/* Defined if we have TPM2 support library */
+#undef HAVE_LIBTSS
+
+/* Define to 1 if you have the `tss2-esys' library (-ltss2-esys). */
+#undef HAVE_LIBTSS2_ESYS
+
 /* defined if libusb is available */
 #undef HAVE_LIBUSB
 
-/* defined if libutil is available */
-#undef HAVE_LIBUTIL
-
 /* Define to 1 if you have the <libutil.h> header file. */
 #undef HAVE_LIBUTIL_H
 
@@ -441,9 +453,6 @@
 /* Define to 1 if you have the `sigaction' function. */
 #undef HAVE_SIGACTION
 
-/* Define to 1 if you have the `sigdescr_np' function. */
-#undef HAVE_SIGDESCR_NP
-
 /* Define to 1 if you have the <signal.h> header file. */
 #undef HAVE_SIGNAL_H
 
@@ -561,17 +570,17 @@
 /* Define to 1 if you have the `ttyname' function. */
 #undef HAVE_TTYNAME
 
-/* Defined if a `u16' is typedef'd */
-#undef HAVE_U16_TYPEDEF
+/* Define to 1 if the system has the type `u16'. */
+#undef HAVE_U16
 
-/* Defined if a `u32' is typedef'd */
-#undef HAVE_U32_TYPEDEF
+/* Define to 1 if the system has the type `u32'. */
+#undef HAVE_U32
 
 /* Define to 1 if you have the <ucred.h> header file. */
 #undef HAVE_UCRED_H
 
-/* Defined if a `ulong' is typedef'd */
-#undef HAVE_ULONG_TYPEDEF
+/* Define to 1 if the system has the type `ulong'. */
+#undef HAVE_ULONG
 
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
@@ -582,8 +591,8 @@
 /* Defined if time_t is an unsigned type */
 #undef HAVE_UNSIGNED_TIME_T
 
-/* Defined if a `ushort' is typedef'd */
-#undef HAVE_USHORT_TYPEDEF
+/* Define to 1 if the system has the type `ushort'. */
+#undef HAVE_USHORT
 
 /* Define to 1 if you have the <util.h> header file. */
 #undef HAVE_UTIL_H
@@ -639,15 +648,21 @@
 /* Defined if this is not a regular release */
 #undef IS_DEVELOPMENT_VERSION
 
+/* The displayed name of keyboxd */
+#undef KEYBOXD_DISP_NAME
+
+/* The name of the keyboxd */
+#undef KEYBOXD_NAME
+
+/* The name of the keyboxd socket */
+#undef KEYBOXD_SOCK_NAME
+
 /* Defined if the host has little endian byte ordering */
 #undef LITTLE_ENDIAN_HOST
 
 /* Defined if this build is in maintainer mode */
 #undef MAINTAINER_MODE
 
-/* Defined if mkdir() does not take permission flags */
-#undef MKDIR_TAKES_ONE_ARG
-
 /* Tool with sendmail -t interface */
 #undef NAME_OF_SENDMAIL
 
@@ -702,9 +717,6 @@
 /* A human readable text with the name of the OS */
 #undef PRINTABLE_OS_NAME
 
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
 /* Defined if "make check" shall run all tests */
 #undef RUN_ALL_TESTS
 
@@ -720,8 +732,8 @@
 /* Size of secure memory buffer */
 #undef SECMEM_BUFFER_SIZE
 
-/* defines the filename of the shred program */
-#undef SHRED
+/* The size of `size_t', as computed by sizeof. */
+#undef SIZEOF_SIZE_T
 
 /* The size of `time_t', as computed by sizeof. */
 #undef SIZEOF_TIME_T
@@ -744,6 +756,18 @@
 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #undef TIME_WITH_SYS_TIME
 
+/* The displayed name of TPM2 daemon */
+#undef TPM2DAEMON_DISP_NAME
+
+/* The name of the TPM2 daemon */
+#undef TPM2DAEMON_NAME
+
+/* The name of the TPM2 daemon socket */
+#undef TPM2DAEMON_SOCK_NAME
+
+/* ibmtss include location */
+#undef TSS_INCLUDE
+
 /* Define to enable auto starting of the dirmngr */
 #undef USE_DIRMNGR_AUTO_START
 
@@ -879,14 +903,6 @@
 #define EXEEXT_S ""
 #endif
 
-/* This is the same as VERSION, but should be overridden if the
-   platform cannot handle things like dots '.' in filenames. Set
-   SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
-   uses for dots and dashes. */
-#define SAFE_VERSION VERSION
-#define SAFE_VERSION_DOT  '.'
-#define SAFE_VERSION_DASH '-'
-
 /* Some global constants.
  * Note that the homedir must not end in a slash.  */
 #ifdef HAVE_DOSISH_SYSTEM
@@ -901,10 +917,25 @@
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
 #define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
+#define GNUPG_PUBLIC_KEYS_DIR   "public-keys.d"
 #define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
-
-#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2022 g10 Code GmbH"
-
+#define GNUPG_CACHE_DIR         "cache.d"
+
+/* GnuPG has always been a part of the GNU project and thus we have
+ * shown the FSF as holder of the copyright.  We continue to do so for
+ * the reason that without the FSF the free software used all over the
+ * world would not have come into existence.  However, under Windows
+ * we print a different copyright string with --version because the
+ * copyright assignments of g10 Code and Werner Koch were terminated
+ * many years ago, g10 Code is still the major contributor to the
+ * code, and Windows is not an FSF endorsed platform.  Note that the
+ * actual list of copyright holders can be found in the AUTHORS file.  */
+#ifdef HAVE_W32_SYSTEM
+#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2021 g10 Code GmbH"
+#else
+#define GNUPG_DEF_COPYRIGHT_LINE \
+        "Copyright (C) 2021 Free Software Foundation, Inc."
+#endif
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
@@ -956,9 +987,12 @@
 # endif
 #endif
 
-/* Provide the es_ macro for estream.  */
+/* Enable the es_ macros from gpgrt.  */
 #define GPGRT_ENABLE_ES_MACROS 1
 
+/* Enable the log_ macros from gpgrt.  */
+#define GPGRT_ENABLE_LOG_MACROS 1
+
 /* We want the argparse macros from gpgrt.  */
 #define GPGRT_ENABLE_ARGPARSE_MACROS 1
 
diff --git a/configure b/configure
index 3fcae64..2a1bcc2 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for gnupg 2.2.39.
+# Generated by GNU Autoconf 2.69 for gnupg 2.3.0.
 #
 # Report bugs to <https://bugs.gnupg.org>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='gnupg'
 PACKAGE_TARNAME='gnupg'
-PACKAGE_VERSION='2.2.39'
-PACKAGE_STRING='gnupg 2.2.39'
+PACKAGE_VERSION='2.3.0'
+PACKAGE_STRING='gnupg 2.3.0'
 PACKAGE_BUGREPORT='https://bugs.gnupg.org'
 PACKAGE_URL=''
 
@@ -647,6 +647,10 @@ BUILD_GPGTAR_FALSE
 BUILD_GPGTAR_TRUE
 BUILD_DOC_FALSE
 BUILD_DOC_TRUE
+BUILD_TPM2D_FALSE
+BUILD_TPM2D_TRUE
+BUILD_KEYBOXD_FALSE
+BUILD_KEYBOXD_TRUE
 BUILD_DIRMNGR_FALSE
 BUILD_DIRMNGR_TRUE
 BUILD_G13_FALSE
@@ -660,6 +664,18 @@ BUILD_GPGSM_TRUE
 BUILD_GPG_FALSE
 BUILD_GPG_TRUE
 USE_C99_CFLAGS
+HAVE_LIBTSS
+TEST_LIBTSS_FALSE
+TEST_LIBTSS_TRUE
+HAVE_LIBTSS_FALSE
+HAVE_LIBTSS_TRUE
+LIBTSS_CFLAGS
+LIBTSS_LIBS
+TSSSTARTUP
+SWTPM_IOCTL
+SWTPM
+TPMSERVER
+TSS_INCLUDE
 W32SOCKLIBS
 NETLIBS
 CROSS_COMPILING_FALSE
@@ -704,8 +720,6 @@ NTBTLS_CONFIG
 NPTH_LIBS
 NPTH_CFLAGS
 NPTH_CONFIG
-SHRED
-LIBUTIL_LIBS
 FUSERMOUNT
 ENCFS
 SQLITE3_FALSE
@@ -745,9 +759,6 @@ PKG_CONFIG_PATH
 PKG_CONFIG
 CC_FOR_BUILD
 AWK_HEX_NUMBER_OPTION
-HAVE_USTAR_FALSE
-HAVE_USTAR_TRUE
-TAR
 HAVE_YAT2M_FALSE
 HAVE_YAT2M_TRUE
 YAT2M
@@ -770,9 +781,15 @@ GNUPG_DIRMNGR_LDAP_PGM
 GNUPG_PROTECT_TOOL_PGM_FALSE
 GNUPG_PROTECT_TOOL_PGM_TRUE
 GNUPG_PROTECT_TOOL_PGM
+GNUPG_KEYBOXD_PGM_FALSE
+GNUPG_KEYBOXD_PGM_TRUE
+GNUPG_KEYBOXD_PGM
 GNUPG_DIRMNGR_PGM_FALSE
 GNUPG_DIRMNGR_PGM_TRUE
 GNUPG_DIRMNGR_PGM
+GNUPG_TPM2DAEMON_PGM_FALSE
+GNUPG_TPM2DAEMON_PGM_TRUE
+GNUPG_TPM2DAEMON_PGM
 GNUPG_SCDAEMON_PGM_FALSE
 GNUPG_SCDAEMON_PGM_TRUE
 GNUPG_SCDAEMON_PGM
@@ -882,18 +899,21 @@ ac_user_opts='
 enable_option_checking
 enable_silent_rules
 enable_dependency_tracking
-enable_gpg
 enable_gpgsm
 enable_scdaemon
 enable_g13
 enable_dirmngr
+enable_keyboxd
+enable_tpm2d
 enable_doc
 enable_gpgtar
 enable_wks_tools
 with_agent_pgm
 with_pinentry_pgm
 with_scdaemon_pgm
+with_tpm2daemon_pgm
 with_dirmngr_pgm
+with_keyboxd_pgm
 with_protect_tool_pgm
 with_dirmngr_ldap_pgm
 enable_gpg_is_gpg2
@@ -934,7 +954,6 @@ enable_ccid_driver
 enable_dirmngr_auto_start
 enable_maintainer_mode
 enable_largefile
-with_tar
 with_libgpg_error_prefix
 with_gpg_error_prefix
 with_libgcrypt_prefix
@@ -961,6 +980,7 @@ with_zlib
 with_bzip2
 with_readline
 enable_optimization
+enable_log_clock
 enable_werror
 enable_all_tests
 enable_tests
@@ -1537,7 +1557,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures gnupg 2.2.39 to adapt to many kinds of systems.
+\`configure' configures gnupg 2.3.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1608,7 +1628,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of gnupg 2.2.39:";;
+     short | recursive ) echo "Configuration of gnupg 2.3.0:";;
    esac
   cat <<\_ACEOF
 
@@ -1622,11 +1642,12 @@ Optional Features:
                           do not reject slow dependency extractors
   --disable-dependency-tracking
                           speeds up one-time build
-  --disable-gpg           do not build the gpg program
   --disable-gpgsm         do not build the gpgsm program
   --disable-scdaemon      do not build the scdaemon program
   --enable-g13            build the g13 program
   --disable-dirmngr       do not build the dirmngr program
+  --disable-keyboxd       do not build the keyboxd program
+  --disable-tpm2d         do not build the tpm2d program
   --disable-doc           do not build the doc program
   --disable-gpgtar        do not build the gpgtar program
   --disable-wks-tools     do not build the wks-tools program
@@ -1682,6 +1703,7 @@ Optional Features:
   --disable-endian-check  disable the endian check and trust the OS provided
                           macros
   --disable-optimization  disable compiler optimization
+  --enable-log-clock      enable log_clock timestamps
   --enable-werror         append -Werror to CFLAGS
   --enable-all-tests      let "make check" run all tests
   --disable-tests         do not run any tests
@@ -1698,7 +1720,9 @@ Optional Packages:
   --with-agent-pgm=PATH  Use PATH as the default for the agent)
   --with-pinentry-pgm=PATH  Use PATH as the default for the pinentry)
   --with-scdaemon-pgm=PATH  Use PATH as the default for the scdaemon)
+  --with-tpm2daemon-pgm=PATH  Use PATH as the default for the tpm2daemon)
   --with-dirmngr-pgm=PATH  Use PATH as the default for the dirmngr)
+  --with-keyboxd-pgm=PATH  Use PATH as the default for the keyboxd)
   --with-protect-tool-pgm=PATH  Use PATH as the default for the protect-tool)
   --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmngr ldap wrapper)
   --with-agent-s2k-calibration=MSEC
@@ -1706,7 +1730,6 @@ Optional Packages:
                           milliseconds
   --with-photo-viewer=FIXED_VIEWER  set a fixed photo ID viewer
   --with-capabilities     use linux capabilities default=no
-  --with-tar=PATH         look for a tar program in PATH
   --with-libgpg-error-prefix=PFX
                           prefix where GPG Error is installed (optional)
 
@@ -1825,7 +1848,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-gnupg configure 2.2.39
+gnupg configure 2.3.0
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2534,7 +2557,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by gnupg $as_me 2.2.39, which was
+It was created by gnupg $as_me 2.3.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2889,20 +2912,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 # build-aux/speedo.mk and Makefile.am
 
 cat >>confdefs.h <<_ACEOF
-#define GNUPG_SWDB_TAG "gnupg22"
+#define GNUPG_SWDB_TAG "gnupg24"
 _ACEOF
 
 
-NEED_GPG_ERROR_VERSION=1.27
+NEED_GPGRT_VERSION=1.41
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.8.0
+NEED_LIBGCRYPT_VERSION=1.9.1
 
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.5.0
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.3.5
+NEED_KSBA_VERSION=1.3.4
 
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
@@ -2913,7 +2936,7 @@ NEED_NPTH_VERSION=1.2
 
 NEED_GNUTLS_VERSION=3.0
 
-NEED_SQLITE_VERSION=3.7
+NEED_SQLITE_VERSION=3.27
 
 development_version=no
 PACKAGE=$PACKAGE_NAME
@@ -3433,7 +3456,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='gnupg'
- VERSION='2.2.39'
+ VERSION='2.3.0'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5121,7 +5144,6 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
 
 
 
-
 # Some status variables.
 have_gpg_error=no
 have_libgcrypt=no
@@ -5132,6 +5154,7 @@ have_gnutls=no
 have_sqlite=no
 have_npth=no
 have_libusb=no
+have_libtss=no
 have_system_resolver=no
 gnupg_have_ldap="n/a"
 
@@ -5148,26 +5171,8 @@ use_tls_library=no
 large_secmem=no
 show_tor_support=no
 
-
-   build_gpg=yes
-
-      # Check whether --enable-gpg was given.
-if test "${enable_gpg+set}" = set; then :
-  enableval=$enable_gpg; build_gpg=$enableval
-else
-  build_gpg=yes
-fi
-
-
-   case "$build_gpg" in
-         no|yes)
-           ;;
-         *)
-           as_fn_error $? "only yes or no allowed for feature --enable-gpg" "$LINENO" 5
-           ;;
-   esac
-
-
+# gpg is a required part and can't be disabled anymore.
+build_gpg=yes
 
    build_gpgsm=yes
 
@@ -5251,6 +5256,46 @@ fi
 
 
 
+   build_keyboxd=yes
+
+      # Check whether --enable-keyboxd was given.
+if test "${enable_keyboxd+set}" = set; then :
+  enableval=$enable_keyboxd; build_keyboxd=$enableval
+else
+  build_keyboxd=yes
+fi
+
+
+   case "$build_keyboxd" in
+         no|yes)
+           ;;
+         *)
+           as_fn_error $? "only yes or no allowed for feature --enable-keyboxd" "$LINENO" 5
+           ;;
+   esac
+
+
+
+   build_tpm2d=yes
+
+      # Check whether --enable-tpm2d was given.
+if test "${enable_tpm2d+set}" = set; then :
+  enableval=$enable_tpm2d; build_tpm2d=$enableval
+else
+  build_tpm2d=yes
+fi
+
+
+   case "$build_tpm2d" in
+         no|yes)
+           ;;
+         *)
+           as_fn_error $? "only yes or no allowed for feature --enable-tpm2d" "$LINENO" 5
+           ;;
+   esac
+
+
+
    build_doc=yes
 
       # Check whether --enable-doc was given.
@@ -5425,6 +5470,27 @@ test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
 
 
 
+# Check whether --with-tpm2daemon-pgm was given.
+if test "${with_tpm2daemon_pgm+set}" = set; then :
+  withval=$with_tpm2daemon_pgm; GNUPG_TPM2DAEMON_PGM="$withval"
+else
+  GNUPG_TPM2DAEMON_PGM=""
+fi
+
+
+ if test -n "$GNUPG_TPM2DAEMON_PGM"; then
+  GNUPG_TPM2DAEMON_PGM_TRUE=
+  GNUPG_TPM2DAEMON_PGM_FALSE='#'
+else
+  GNUPG_TPM2DAEMON_PGM_TRUE='#'
+  GNUPG_TPM2DAEMON_PGM_FALSE=
+fi
+
+show_gnupg_tpm2daemon_pgm="(default)"
+test -n "$GNUPG_TPM2DAEMON_PGM" && show_gnupg_tpm2daemon_pgm="$GNUPG_TPM2DAEMON_PGM"
+
+
+
 # Check whether --with-dirmngr-pgm was given.
 if test "${with_dirmngr_pgm+set}" = set; then :
   withval=$with_dirmngr_pgm; GNUPG_DIRMNGR_PGM="$withval"
@@ -5445,6 +5511,26 @@ show_gnupg_dirmngr_pgm="(default)"
 test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
 
 
+# Check whether --with-keyboxd-pgm was given.
+if test "${with_keyboxd_pgm+set}" = set; then :
+  withval=$with_keyboxd_pgm; GNUPG_KEYBOXD_PGM="$withval"
+else
+  GNUPG_KEYBOXD_PGM=""
+fi
+
+
+ if test -n "$GNUPG_KEYBOXD_PGM"; then
+  GNUPG_KEYBOXD_PGM_TRUE=
+  GNUPG_KEYBOXD_PGM_FALSE='#'
+else
+  GNUPG_KEYBOXD_PGM_TRUE='#'
+  GNUPG_KEYBOXD_PGM_FALSE=
+fi
+
+show_gnupg_keyboxd_pgm="(default)"
+test -n "$GNUPG_KEYBOXD_PGM" && show_gnupg_keyboxd_pgm="$GNUPG_KEYBOXD_PGM"
+
+
 # Check whether --with-protect-tool-pgm was given.
 if test "${with_protect_tool_pgm+set}" = set; then :
   withval=$with_protect_tool_pgm; GNUPG_PROTECT_TOOL_PGM="$withval"
@@ -7598,6 +7684,7 @@ done
   done
 IFS=$as_save_IFS
 
+  test -z "$ac_cv_path_YAT2M" && ac_cv_path_YAT2M=""./yat2m" "
   ;;
 esac
 fi
@@ -7620,14 +7707,12 @@ else
   HAVE_YAT2M_FALSE=
 fi
 
-
-        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strerror in -lcposix" >&5
-$as_echo_n "checking for strerror in -lcposix... " >&6; }
-if ${ac_cv_lib_cposix_strerror+:} false; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5
+$as_echo_n "checking for library containing strerror... " >&6; }
+if ${ac_cv_search_strerror+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcposix  $LIBS"
+  ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -7646,22 +7731,37 @@ return strerror ();
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_cposix_strerror=yes
-else
-  ac_cv_lib_cposix_strerror=no
+for ac_lib in '' cposix; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_strerror=$ac_res
 fi
 rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cposix_strerror" >&5
-$as_echo "$ac_cv_lib_cposix_strerror" >&6; }
-if test "x$ac_cv_lib_cposix_strerror" = xyes; then :
-  LIBS="$LIBS -lcposix"
+    conftest$ac_exeext
+  if ${ac_cv_search_strerror+:} false; then :
+  break
 fi
+done
+if ${ac_cv_search_strerror+:} false; then :
 
+else
+  ac_cv_search_strerror=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5
+$as_echo "$ac_cv_search_strerror" >&6; }
+ac_res=$ac_cv_search_strerror
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
+fi
 
 # Check whether --enable-largefile was given.
 if test "${enable_largefile+set}" = set; then :
@@ -7865,91 +7965,6 @@ fi
 
 
 
-# Check whether --with-tar was given.
-if test "${with_tar+set}" = set; then :
-  withval=$with_tar; _do_tar=$withval
-fi
-
-
-  if test x$_do_tar != xno ; then
-
-     if test x$_do_tar = x ; then
-        # Extract the first word of ""tar"", so it can be a program name with args.
-set dummy "tar"; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_TAR+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $TAR in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_TAR="$TAR" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_TAR="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-TAR=$ac_cv_path_TAR
-if test -n "$TAR"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TAR" >&5
-$as_echo "$TAR" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-        _mytar=$ac_cv_path_TAR
-     fi
-
-     # Check if our tar is ustar format.  If so, it's good.  TODO: Add some
-     # code to check various options, etc, to try and create ustar
-     # format.
-
-     if test x$_mytar != x ; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $_mytar speaks USTAR" >&5
-$as_echo_n "checking whether $_mytar speaks USTAR... " >&6; }
-        echo hithere > conftest.txt
-        $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null
-        _tar_bad=$?
-        rm conftest.txt
-
-	if test x$_tar_bad = x0 ; then
-	   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-	else
-	   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-	fi
-     fi
-  fi
-
-   if test x$_tar_bad = x0; then
-  HAVE_USTAR_TRUE=
-  HAVE_USTAR_FALSE='#'
-else
-  HAVE_USTAR_TRUE='#'
-  HAVE_USTAR_FALSE=
-fi
-
-
-
-
 # GNU AWK requires -n option to interpret "0xHH" as a number
 if $AWK 'BEGIN { if (PROCINFO["version"]) exit 1 }'; then
   AWK_HEX_NUMBER_OPTION=''
@@ -8193,7 +8208,7 @@ $as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
         ;;
     *-apple-darwin*)
 
-$as_echo "#define _DARWIN_C_SOURCE 1" >>confdefs.h
+$as_echo "#define _DARWIN_C_SOURCE 900000L" >>confdefs.h
 
         ;;
     *-*-netbsd*)
@@ -8290,8 +8305,8 @@ $as_echo "$as_me: checking for libraries" >&6;}
 
 
 #
-# libgpg-error is a library with error codes shared between GnuPG
-# related projects.
+# gpgrt (aka libgpg-error) is a library with error codes shared
+# between GnuPG related projects.
 #
 
   gpg_error_config_prefix=""
@@ -8370,7 +8385,7 @@ $as_echo "no" >&6; }
 fi
 
 
-  min_gpg_error_version="$NEED_GPG_ERROR_VERSION"
+  min_gpg_error_version="$NEED_GPGRT_VERSION"
   ok=no
 
   # Extract the first word of "gpgrt-config", so it can be a program name with args.
@@ -8768,7 +8783,29 @@ $as_echo "$as_me: WARNING:
 
 
 
-
+# And, then, check if it's newer than 1.9.0 so that we can
+# conditionally build some programs.
+# Note: This is not anymore needed but keep the code commented in case
+# we need it again with some future libgcrypt.
+#have_libgcrypt_newer=no
+#if test $ok = yes; then
+#    if test "$major" -gt 1; then
+#        have_libgcrypt_newer=yes
+#    else
+#        if test "$major" -eq 1; then
+#            if test "$minor" -gt 9; then
+#               have_libgcrypt_newer=yes
+#            else
+#               if test "$minor" -eq 9; then
+#                   if test "$micro" -ge 0; then
+#                     have_libgcrypt_newer=yes
+#                   fi
+#               fi
+#            fi
+#        fi
+#    fiy
+#fi
+#AM_CONDITIONAL(HAVE_NEWER_LIBGCRYPT, [test $have_libgcrypt_newer = yes])
 
 #
 # libassuan is used for IPC
@@ -9445,15 +9482,16 @@ fi
 
   else
     use_tofu=no
+    build_keyboxd=no
     tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
 ***
-*** Building without SQLite support - TOFU disabled
+*** Building without SQLite support - TOFU and Keyboxd disabled
 ***
 *** $tmp" >&5
 $as_echo "$as_me: WARNING:
 ***
-*** Building without SQLite support - TOFU disabled
+*** Building without SQLite support - TOFU and Keyboxd disabled
 ***
 *** $tmp" >&2;}
   fi
@@ -9572,108 +9610,6 @@ _ACEOF
 
 
 
-# Checks for dirmngr
-
-
-#
-# Checks formerly used for symcryptrun.
-#
-
-# libutil has openpty() and login_tty().
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5
-$as_echo_n "checking for openpty in -lutil... " >&6; }
-if ${ac_cv_lib_util_openpty+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lutil  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char openpty ();
-int
-main ()
-{
-return openpty ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_util_openpty=yes
-else
-  ac_cv_lib_util_openpty=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5
-$as_echo "$ac_cv_lib_util_openpty" >&6; }
-if test "x$ac_cv_lib_util_openpty" = xyes; then :
-   LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
-
-$as_echo "#define HAVE_LIBUTIL 1" >>confdefs.h
-
-
-fi
-
-
-
-# shred is used to clean temporary plain text files.
-# Extract the first word of "shred", so it can be a program name with args.
-set dummy shred; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_SHRED+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $SHRED in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_SHRED="$SHRED" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_SHRED="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  test -z "$ac_cv_path_SHRED" && ac_cv_path_SHRED="/usr/bin/shred"
-  ;;
-esac
-fi
-SHRED=$ac_cv_path_SHRED
-if test -n "$SHRED"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SHRED" >&5
-$as_echo "$SHRED" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SHRED "${SHRED}"
-_ACEOF
-
-
 
 #
 # Check whether the nPth library is available
@@ -9888,7 +9824,7 @@ fi
 
 
 #
-# NTBTLS is our TLS library.  If it is not available fallback to
+# NTBTLS is our TLS library.  If it is not available we fall back to
 # GNUTLS.
 #
 # Check whether --enable-ntbtls was given.
@@ -10192,14 +10128,15 @@ $as_echo "#define HTTP_USE_GNUTLS 1" >>confdefs.h
 
   else
     tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+    build_dirmngr=no
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
 ***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
+*** Neither NTBTLS nor GNUTLS available - not building dirmngr.
 ***
 *** $tmp" >&5
 $as_echo "$as_me: WARNING:
 ***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
+*** Neither NTBTLS nor GNUTLS available - not building dirmngr.
 ***
 *** $tmp" >&2;}
   fi
@@ -11123,6 +11060,7 @@ $as_echo "#define USE_LDAP 1" >>confdefs.h
 fi
 
 
+
 #
 # Check for sendmail
 #
@@ -12637,15 +12575,24 @@ if eval \${$gt_func_gnugettext_libc+:} false; then :
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include <libintl.h>
-$gt_revision_test_code
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
 extern int *_nl_domain_bindings;
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_domain_bindings)
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+
 int
 main ()
 {
+
 bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+
   ;
   return 0;
 }
@@ -13381,19 +13328,28 @@ else
             LIBS="$LIBS $LIBINTL"
                         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include <libintl.h>
-$gt_revision_test_code
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
 extern
 #ifdef __cplusplus
 "C"
 #endif
 const char *_nl_expand_alias (const char *);
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias (""))
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+
 int
 main ()
 {
+
 bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+
   ;
   return 0;
 }
@@ -13409,27 +13365,36 @@ rm -f core conftest.err conftest.$ac_objext \
               LIBS="$LIBS $LIBICONV"
               cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include <libintl.h>
-$gt_revision_test_code
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
 extern
 #ifdef __cplusplus
 "C"
 #endif
 const char *_nl_expand_alias (const char *);
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias (""))
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+
 int
 main ()
 {
+
 bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
   LIBINTL="$LIBINTL $LIBICONV"
-                LTLIBINTL="$LTLIBINTL $LTLIBICONV"
-                eval "$gt_func_gnugettext_libintl=yes"
+                 LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+                 eval "$gt_func_gnugettext_libintl=yes"
 
 fi
 rm -f core conftest.err conftest.$ac_objext \
@@ -14011,62 +13976,18 @@ _ACEOF
 
 fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
-$as_echo_n "checking return type of signal handlers... " >&6; }
-if ${ac_cv_type_signal+:} false; then :
-  $as_echo_n "(cached) " >&6
+ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h.  */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_sys_siglist" = xyes; then :
+  ac_have_decl=1
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <signal.h>
-
-int
-main ()
-{
-return *(signal (0, 0)) (0) == 1;
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_type_signal=int
-else
-  ac_cv_type_signal=void
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
-$as_echo "$ac_cv_type_signal" >&6; }
-
-cat >>confdefs.h <<_ACEOF
-#define RETSIGTYPE $ac_cv_type_signal
-_ACEOF
-
-
-for ac_func in sigdescr_np
-do :
-  ac_fn_c_check_func "$LINENO" "sigdescr_np" "ac_cv_func_sigdescr_np"
-if test "x$ac_cv_func_sigdescr_np" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_SIGDESCR_NP 1
-_ACEOF
-
-fi
-done
-
-ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include <signal.h>
-/* NetBSD declares sys_siglist in unistd.h.  */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-
-"
-if test "x$ac_cv_have_decl_sys_siglist" = xyes; then :
-  ac_have_decl=1
-else
-  ac_have_decl=0
-fi
+  ac_have_decl=0
+fi
 
 cat >>confdefs.h <<_ACEOF
 #define HAVE_DECL_SYS_SIGLIST $ac_have_decl
@@ -14115,37 +14036,58 @@ done
   fi
 
 
-   ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
-      #if HAVE_SYS_SOCKET_H
-      # include <sys/socket.h>
-      #elif HAVE_WS2TCPIP_H
-      # include <ws2tcpip.h>
-      #endif
+
+   if test $ac_cv_header_sys_socket_h = no; then
+                         for ac_header in ws2tcpip.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "ws2tcpip.h" "ac_cv_header_ws2tcpip_h" "$ac_includes_default"
+if test "x$ac_cv_header_ws2tcpip_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_WS2TCPIP_H 1
+_ACEOF
+
+fi
+
+done
+
+   fi
+
+   ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "
+/* <sys/types.h> is not needed according to POSIX, but the
+   <sys/socket.h> in i386-unknown-freebsd4.10 and
+   powerpc-apple-darwin5.5 required it. */
+#include <sys/types.h>
+#if HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#elif HAVE_WS2TCPIP_H
+# include <ws2tcpip.h>
+#endif
+
 "
 if test "x$ac_cv_type_socklen_t" = xyes; then :
 
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
 $as_echo_n "checking for socklen_t equivalent... " >&6; }
-      if ${gl_cv_gl_cv_socklen_t_equiv+:} false; then :
+if ${gl_cv_socklen_t_equiv+:} false; then :
   $as_echo_n "(cached) " >&6
 else
   # Systems have either "struct sockaddr *" or
-	 # "void *" as the second argument to getpeername
-	 gl_cv_socklen_t_equiv=
-	 for arg2 in "struct sockaddr" void; do
-	   for t in int size_t "unsigned int" "long int" "unsigned long int"; do
-	     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+         # "void *" as the second argument to getpeername
+         gl_cv_socklen_t_equiv=
+         for arg2 in "struct sockaddr" void; do
+           for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+             cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <sys/types.h>
-		#include <sys/socket.h>
+                   #include <sys/socket.h>
 
-		int getpeername (int, $arg2 *, $t *);
+                   int getpeername (int, $arg2 *, $t *);
 int
 main ()
 {
 $t len;
-		getpeername (0, 0, &len);
+                  getpeername (0, 0, &len);
   ;
   return 0;
 }
@@ -14154,17 +14096,16 @@ if ac_fn_c_try_compile "$LINENO"; then :
   gl_cv_socklen_t_equiv="$t"
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-	     test "$gl_cv_socklen_t_equiv" != "" && break
-	   done
-	   test "$gl_cv_socklen_t_equiv" != "" && break
-	 done
+             test "$gl_cv_socklen_t_equiv" != "" && break
+           done
+           test "$gl_cv_socklen_t_equiv" != "" && break
+         done
+         if test "$gl_cv_socklen_t_equiv" = ""; then
+           as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
+         fi
 
 fi
-
-      if test "$gl_cv_socklen_t_equiv" = ""; then
-	as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
-      fi
-      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5
 $as_echo "$gl_cv_socklen_t_equiv" >&6; }
 
 cat >>confdefs.h <<_ACEOF
@@ -14346,191 +14287,51 @@ $as_echo "#define BIG_ENDIAN_HOST 1" >>confdefs.h
 fi
 
 # fixme: we should get rid of the byte type
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for byte typedef" >&5
-$as_echo_n "checking for byte typedef... " >&6; }
-    if ${gnupg_cv_typedef_byte+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include <stdlib.h>
-    #include <sys/types.h>
-int
-main ()
-{
-
-    #undef byte
-    int a = sizeof(byte);
+ac_fn_c_check_type "$LINENO" "byte" "ac_cv_type_byte" "$ac_includes_default"
+if test "x$ac_cv_type_byte" = xyes; then :
 
-  ;
-  return 0;
-}
+cat >>confdefs.h <<_ACEOF
+#define HAVE_BYTE 1
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_byte=yes
-else
-  gnupg_cv_typedef_byte=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_byte" >&5
-$as_echo "$gnupg_cv_typedef_byte" >&6; }
-    if test "$gnupg_cv_typedef_byte" = yes; then
 
-$as_echo "#define HAVE_BYTE_TYPEDEF 1" >>confdefs.h
 
-    fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ushort typedef" >&5
-$as_echo_n "checking for ushort typedef... " >&6; }
-    if ${gnupg_cv_typedef_ushort+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include <stdlib.h>
-    #include <sys/types.h>
-int
-main ()
-{
-
-    #undef ushort
-    int a = sizeof(ushort);
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_ushort=yes
-else
-  gnupg_cv_typedef_ushort=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ushort" >&5
-$as_echo "$gnupg_cv_typedef_ushort" >&6; }
-    if test "$gnupg_cv_typedef_ushort" = yes; then
-
-$as_echo "#define HAVE_USHORT_TYPEDEF 1" >>confdefs.h
+ac_fn_c_check_type "$LINENO" "ushort" "ac_cv_type_ushort" "$ac_includes_default"
+if test "x$ac_cv_type_ushort" = xyes; then :
 
-    fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ulong typedef" >&5
-$as_echo_n "checking for ulong typedef... " >&6; }
-    if ${gnupg_cv_typedef_ulong+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include <stdlib.h>
-    #include <sys/types.h>
-int
-main ()
-{
-
-    #undef ulong
-    int a = sizeof(ulong);
-
-  ;
-  return 0;
-}
+cat >>confdefs.h <<_ACEOF
+#define HAVE_USHORT 1
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_ulong=yes
-else
-  gnupg_cv_typedef_ulong=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ulong" >&5
-$as_echo "$gnupg_cv_typedef_ulong" >&6; }
-    if test "$gnupg_cv_typedef_ulong" = yes; then
 
-$as_echo "#define HAVE_ULONG_TYPEDEF 1" >>confdefs.h
-
-    fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u16 typedef" >&5
-$as_echo_n "checking for u16 typedef... " >&6; }
-    if ${gnupg_cv_typedef_u16+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include <stdlib.h>
-    #include <sys/types.h>
-int
-main ()
-{
-
-    #undef u16
-    int a = sizeof(u16);
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_u16=yes
-else
-  gnupg_cv_typedef_u16=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
+ac_fn_c_check_type "$LINENO" "ulong" "ac_cv_type_ulong" "$ac_includes_default"
+if test "x$ac_cv_type_ulong" = xyes; then :
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u16" >&5
-$as_echo "$gnupg_cv_typedef_u16" >&6; }
-    if test "$gnupg_cv_typedef_u16" = yes; then
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ULONG 1
+_ACEOF
 
-$as_echo "#define HAVE_U16_TYPEDEF 1" >>confdefs.h
 
-    fi
+fi
+ac_fn_c_check_type "$LINENO" "u16" "ac_cv_type_u16" "$ac_includes_default"
+if test "x$ac_cv_type_u16" = xyes; then :
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u32 typedef" >&5
-$as_echo_n "checking for u32 typedef... " >&6; }
-    if ${gnupg_cv_typedef_u32+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include <stdlib.h>
-    #include <sys/types.h>
-int
-main ()
-{
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U16 1
+_ACEOF
 
-    #undef u32
-    int a = sizeof(u32);
 
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_u32=yes
-else
-  gnupg_cv_typedef_u32=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u32" >&5
-$as_echo "$gnupg_cv_typedef_u32" >&6; }
-    if test "$gnupg_cv_typedef_u32" = yes; then
+ac_fn_c_check_type "$LINENO" "u32" "ac_cv_type_u32" "$ac_includes_default"
+if test "x$ac_cv_type_u32" = xyes; then :
 
-$as_echo "#define HAVE_U32_TYPEDEF 1" >>confdefs.h
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U32 1
+_ACEOF
 
-    fi
 
+fi
 
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
@@ -14664,6 +14465,39 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
+$as_echo_n "checking size of size_t... " >&6; }
+if ${ac_cv_sizeof_size_t+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_size_t" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (size_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_size_t=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
+$as_echo "$ac_cv_sizeof_size_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t
+_ACEOF
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
 if ${ac_cv_header_time+:} false; then :
@@ -15323,60 +15157,6 @@ done
 #
 # W32 specific test
 #
-for ac_header in sys/stat.h unistd.h direct.h
-do :
-  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if mkdir takes one argument" >&5
-$as_echo_n "checking if mkdir takes one argument... " >&6; }
-if ${gnupg_cv_mkdir_takes_one_arg+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#ifdef HAVE_DIRECT_H
-# include <direct.h>
-#endif
-int
-main ()
-{
-mkdir ("foo", 0);
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_mkdir_takes_one_arg=no
-else
-  gnupg_cv_mkdir_takes_one_arg=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_mkdir_takes_one_arg" >&5
-$as_echo "$gnupg_cv_mkdir_takes_one_arg" >&6; }
-if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
-
-$as_echo "#define MKDIR_TAKES_ONE_ARG 1" >>confdefs.h
-
-fi
-
 
 
 #
@@ -15585,106 +15365,518 @@ $as_echo_n "checking whether readline via \"$_combo\" is present and sane... " >
 int
 main ()
 {
-
-rl_completion_func_t *completer;
-add_history("foobar");
-rl_catch_signals=0;
-rl_inhibit_completion=0;
-rl_attempted_completion_function=NULL;
-rl_completion_matches(NULL,NULL);
-
+
+rl_completion_func_t *completer;
+add_history("foobar");
+rl_catch_signals=0;
+rl_inhibit_completion=0;
+rl_attempted_completion_function=NULL;
+rl_completion_matches(NULL,NULL);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  _found_readline=yes
+else
+  _found_readline=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_found_readline" >&5
+$as_echo "$_found_readline" >&6; }
+
+        LIBS=$_readline_save_libs
+
+        if test $_found_readline = yes ; then
+
+$as_echo "#define HAVE_LIBREADLINE 1" >>confdefs.h
+
+           LIBREADLINE=$_combo
+
+           gnupg_cv_have_readline=yes
+           break
+        fi
+     done
+
+     unset _termcap
+     unset _readline_save_libs
+     unset _combo
+     unset _found_readline
+  fi
+
+
+
+if test "$development_version" = yes; then
+
+$as_echo "#define IS_DEVELOPMENT_VERSION 1" >>confdefs.h
+
+fi
+
+if test "$USE_MAINTAINER_MODE" = "yes"; then
+
+$as_echo "#define MAINTAINER_MODE 1" >>confdefs.h
+
+fi
+
+ if test x$cross_compiling = xyes; then
+  CROSS_COMPILING_TRUE=
+  CROSS_COMPILING_FALSE='#'
+else
+  CROSS_COMPILING_TRUE='#'
+  CROSS_COMPILING_FALSE=
+fi
+
+
+
+    if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
+        :
+    else
+        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+***
+*** It seems that you are not using GNU make.  Some make tools have serious
+*** flaws and you may not be able to build this software at all. Before you
+*** complain, please try GNU make:  GNU make is easy to build and available
+*** at all GNU archives.  It is always available from ftp.gnu.org:/gnu/make.
+***" >&5
+$as_echo "$as_me: WARNING:
+***
+*** It seems that you are not using GNU make.  Some make tools have serious
+*** flaws and you may not be able to build this software at all. Before you
+*** complain, please try GNU make:  GNU make is easy to build and available
+*** at all GNU archives.  It is always available from ftp.gnu.org:/gnu/make.
+***" >&2;}
+    fi
+
+
+# Add some extra libs here so that previous tests don't fail for
+# mysterious reasons - the final link step should bail out.
+# W32SOCKLIBS is also defined so that if can be used for tools not
+# requiring any network stuff but linking to code in libcommon which
+# tracks in winsock stuff (e.g. init_common_subsystems).
+if test "$have_w32_system" = yes; then
+   if test "$have_w32ce_system" = yes; then
+     W32SOCKLIBS="-lws2"
+   else
+     W32SOCKLIBS="-lws2_32"
+   fi
+   NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
+fi
+
+
+
+
+#
+# TPM libtss library .. don't compile TPM support if we don't have it
+#
+LIBTSS_LIBS=
+LIBTSS_CFLAGS=
+if test "$build_tpm2d" = "yes"; then
+  _save_libs="$LIBS"
+  _save_cflags="$CFLAGS"
+  LIBS=""
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing TSS_Create" >&5
+$as_echo_n "checking for library containing TSS_Create... " >&6; }
+if ${ac_cv_search_TSS_Create+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char TSS_Create ();
+int
+main ()
+{
+return TSS_Create ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' tss ibmtss; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_TSS_Create=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_TSS_Create+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_TSS_Create+:} false; then :
+
+else
+  ac_cv_search_TSS_Create=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_TSS_Create" >&5
+$as_echo "$ac_cv_search_TSS_Create" >&6; }
+ac_res=$ac_cv_search_TSS_Create
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  have_libtss=IBM
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing Esys_Initialize" >&5
+$as_echo_n "checking for library containing Esys_Initialize... " >&6; }
+if ${ac_cv_search_Esys_Initialize+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char Esys_Initialize ();
+int
+main ()
+{
+return Esys_Initialize ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' tss2-esys; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_Esys_Initialize=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_Esys_Initialize+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_Esys_Initialize+:} false; then :
+
+else
+  ac_cv_search_Esys_Initialize=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_Esys_Initialize" >&5
+$as_echo "$ac_cv_search_Esys_Initialize" >&6; }
+ac_res=$ac_cv_search_Esys_Initialize
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  have_libtss=Intel
+fi
+
+fi
+
+  if test "$have_libtss" = IBM; then
+    LIBTSS_CFLAGS="-DTPM_POSIX"
+    CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
+    ac_fn_c_check_header_mongrel "$LINENO" "tss2/tss.h" "ac_cv_header_tss2_tss_h" "$ac_includes_default"
+if test "x$ac_cv_header_tss2_tss_h" = xyes; then :
+
+$as_echo "#define TSS_INCLUDE tss2" >>confdefs.h
+
+else
+
+      ac_fn_c_check_header_mongrel "$LINENO" "ibmtss/tss.h" "ac_cv_header_ibmtss_tss_h" "$ac_includes_default"
+if test "x$ac_cv_header_ibmtss_tss_h" = xyes; then :
+
+$as_echo "#define TSS_INCLUDE ibmtss" >>confdefs.h
+
+else
+
+        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No TSS2 include directory found, disabling TPM support" >&5
+$as_echo "$as_me: WARNING: No TSS2 include directory found, disabling TPM support" >&2;}
+        have_libtss=no
+
+fi
+
+
+
+fi
+
+
+    LIBTSS_LIBS=$LIBS
+
+  elif test "$have_libtss" = Intel; then
+    ##
+    # Intel TSS has an API issue: Esys_TR_GetTpmHandle wasn't introduced
+    # until version 2.4.0.
+    #
+    # Note: the missing API is fairly serious and is also easily backportable
+    # so keep the check below as is intead of going by library version number.
+    ##
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Esys_TR_GetTpmHandle in -ltss2-esys" >&5
+$as_echo_n "checking for Esys_TR_GetTpmHandle in -ltss2-esys... " >&6; }
+if ${ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ltss2-esys  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char Esys_TR_GetTpmHandle ();
+int
+main ()
+{
+return Esys_TR_GetTpmHandle ();
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
-  _found_readline=yes
+  ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle=yes
 else
-  _found_readline=no
+  ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle=no
 fi
 rm -f core conftest.err conftest.$ac_objext \
     conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle" >&5
+$as_echo "$ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle" >&6; }
+if test "x$ac_cv_lib_tss2_esys_Esys_TR_GetTpmHandle" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBTSS2_ESYS 1
+_ACEOF
 
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_found_readline" >&5
-$as_echo "$_found_readline" >&6; }
+  LIBS="-ltss2-esys $LIBS"
 
-        LIBS=$_readline_save_libs
+else
 
-        if test $_found_readline = yes ; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)" >&5
+$as_echo "$as_me: WARNING: Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)" >&2;}
+	have_libtss=no
 
-$as_echo "#define HAVE_LIBREADLINE 1" >>confdefs.h
+fi
 
-           LIBREADLINE=$_combo
+    LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
 
-           gnupg_cv_have_readline=yes
-           break
-        fi
-     done
+$as_echo "#define HAVE_INTEL_TSS 1" >>confdefs.h
 
-     unset _termcap
-     unset _readline_save_libs
-     unset _combo
-     unset _found_readline
   fi
+  LIBS="$_save_libs"
+  CFLAGS="$_save_cflags"
+  if test "$have_libtss" != no; then
 
+$as_echo "#define HAVE_LIBTSS 1" >>confdefs.h
 
+    # look for a TPM emulator for testing
+    # Extract the first word of "tpm_server", so it can be a program name with args.
+set dummy tpm_server; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TPMSERVER+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $TPMSERVER in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_TPMSERVER="$TPMSERVER" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_TPMSERVER="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
 
-if test "$development_version" = yes; then
+  ;;
+esac
+fi
+TPMSERVER=$ac_cv_path_TPMSERVER
+if test -n "$TPMSERVER"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TPMSERVER" >&5
+$as_echo "$TPMSERVER" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
 
-$as_echo "#define IS_DEVELOPMENT_VERSION 1" >>confdefs.h
 
+    # Extract the first word of "swtpm", so it can be a program name with args.
+set dummy swtpm; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SWTPM+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $SWTPM in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_SWTPM="$SWTPM" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_SWTPM="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+SWTPM=$ac_cv_path_SWTPM
+if test -n "$SWTPM"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWTPM" >&5
+$as_echo "$SWTPM" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
 fi
 
-if test "$USE_MAINTAINER_MODE" = "yes"; then
 
-$as_echo "#define MAINTAINER_MODE 1" >>confdefs.h
+    # Extract the first word of "swtpm_ioctl", so it can be a program name with args.
+set dummy swtpm_ioctl; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SWTPM_IOCTL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $SWTPM_IOCTL in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_SWTPM_IOCTL="$SWTPM_IOCTL" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_SWTPM_IOCTL="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
 
+  ;;
+esac
 fi
-
- if test x$cross_compiling = xyes; then
-  CROSS_COMPILING_TRUE=
-  CROSS_COMPILING_FALSE='#'
+SWTPM_IOCTL=$ac_cv_path_SWTPM_IOCTL
+if test -n "$SWTPM_IOCTL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWTPM_IOCTL" >&5
+$as_echo "$SWTPM_IOCTL" >&6; }
 else
-  CROSS_COMPILING_TRUE='#'
-  CROSS_COMPILING_FALSE=
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
 fi
 
 
+    # Extract the first word of "tssstartup", so it can be a program name with args.
+set dummy tssstartup; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TSSSTARTUP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $TSSSTARTUP in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_TSSSTARTUP="$TSSSTARTUP" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_TSSSTARTUP="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+TSSSTARTUP=$ac_cv_path_TSSSTARTUP
+if test -n "$TSSSTARTUP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TSSSTARTUP" >&5
+$as_echo "$TSSSTARTUP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
 
-    if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
-        :
-    else
-        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** It seems that you are not using GNU make.  Some make tools have serious
-*** flaws and you may not be able to build this software at all. Before you
-*** complain, please try GNU make:  GNU make is easy to build and available
-*** at all GNU archives.  It is always available from ftp.gnu.org:/gnu/make.
-***" >&5
-$as_echo "$as_me: WARNING:
-***
-*** It seems that you are not using GNU make.  Some make tools have serious
-*** flaws and you may not be able to build this software at all. Before you
-*** complain, please try GNU make:  GNU make is easy to build and available
-*** at all GNU archives.  It is always available from ftp.gnu.org:/gnu/make.
-***" >&2;}
-    fi
+  fi
+fi
+if test "$have_libtss" = no; then
+  build_tpm2d=no
+fi
 
 
-# Add some extra libs here so that previous tests don't fail for
-# mysterious reasons - the final link step should bail out.
-# W32SOCKLIBS is also defined so that if can be used for tools not
-# requiring any network stuff but linking to code in libcommon which
-# tracks in winsock stuff (e.g. init_common_subsystems).
-if test "$have_w32_system" = yes; then
-   if test "$have_w32ce_system" = yes; then
-     W32SOCKLIBS="-lws2"
-   else
-     W32SOCKLIBS="-lws2_32"
-   fi
-   NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
+ if test "$have_libtss" != no; then
+  HAVE_LIBTSS_TRUE=
+  HAVE_LIBTSS_FALSE='#'
+else
+  HAVE_LIBTSS_TRUE='#'
+  HAVE_LIBTSS_FALSE=
 fi
 
+ if test -n "$TPMSERVER" || test -n "$SWTPM" && test -n "$TSSSTARTUP"; then
+  TEST_LIBTSS_TRUE=
+  TEST_LIBTSS_FALSE='#'
+else
+  TEST_LIBTSS_TRUE='#'
+  TEST_LIBTSS_FALSE=
+fi
 
 
 
@@ -15760,7 +15952,6 @@ $as_echo "$_gcc_wopt" >&6; }
         if test x"$_gcc_wopt" = xyes ; then
           mycflags="$mycflags -W -Wno-sign-compare -Wno-format-zero-length"
           mycflags="$mycflags -Wno-missing-field-initializers"
-          mycflags="$mycflags -Wno-format-zero-length"
         fi
 
         { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wdeclaration-after-statement" >&5
@@ -15927,6 +16118,26 @@ fi
 
 
 #
+# log_debug has certain requirements which might hamper portability.
+# Thus we use an option to enable it.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable log_clock" >&5
+$as_echo_n "checking whether to enable log_clock... " >&6; }
+# Check whether --enable-log_clock was given.
+if test "${enable_log_clock+set}" = set; then :
+  enableval=$enable_log_clock; enable_log_clock=$enableval
+else
+  enable_log_clock=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_clock" >&5
+$as_echo "$enable_log_clock" >&6; }
+if test "$enable_log_clock" = yes ; then
+
+$as_echo "#define ENABLE_LOG_CLOCK 1" >>confdefs.h
+
+fi
+
 # Add -Werror to CFLAGS.  This hack can be used to avoid problems with
 # misbehaving autoconf tests in case the user supplied -Werror.
 #
@@ -16076,6 +16287,22 @@ else
   BUILD_DIRMNGR_FALSE=
 fi
 
+ if test "$build_keyboxd" = "yes"; then
+  BUILD_KEYBOXD_TRUE=
+  BUILD_KEYBOXD_FALSE='#'
+else
+  BUILD_KEYBOXD_TRUE='#'
+  BUILD_KEYBOXD_FALSE=
+fi
+
+ if test "$build_tpm2d" = "yes"; then
+  BUILD_TPM2D_TRUE=
+  BUILD_TPM2D_FALSE='#'
+else
+  BUILD_TPM2D_TRUE='#'
+  BUILD_TPM2D_FALSE=
+fi
+
  if test "$build_doc" = "yes"; then
   BUILD_DOC_TRUE=
   BUILD_DOC_FALSE='#'
@@ -16162,6 +16389,16 @@ if test "$build_dirmngr" = yes ; then
 $as_echo "#define BUILD_WITH_DIRMNGR 1" >>confdefs.h
 
 fi
+if test "$build_keyboxd" = yes ; then
+
+$as_echo "#define BUILD_WITH_KEYBOXD 1" >>confdefs.h
+
+fi
+if test "$build_tpm2d" = yes ; then
+
+$as_echo "#define BUILD_WITH_TPM2D 1" >>confdefs.h
+
+fi
 if test "$build_g13" = yes ; then
 
 $as_echo "#define BUILD_WITH_G13 1" >>confdefs.h
@@ -16213,6 +16450,17 @@ _ACEOF
 
 
 cat >>confdefs.h <<_ACEOF
+#define TPM2DAEMON_NAME "tpm2daemon"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define TPM2DAEMON_DISP_NAME "TPM2 Daemon"
+_ACEOF
+
+
+
+cat >>confdefs.h <<_ACEOF
 #define SCDAEMON_NAME "scdaemon"
 _ACEOF
 
@@ -16235,6 +16483,17 @@ _ACEOF
 
 
 cat >>confdefs.h <<_ACEOF
+#define KEYBOXD_NAME "keyboxd"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define KEYBOXD_DISP_NAME "Keyboxd"
+_ACEOF
+
+
+
+cat >>confdefs.h <<_ACEOF
 #define G13_NAME "g13"
 _ACEOF
 
@@ -16293,12 +16552,22 @@ _ACEOF
 
 
 cat >>confdefs.h <<_ACEOF
+#define KEYBOXD_SOCK_NAME "S.keyboxd"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define TPM2DAEMON_SOCK_NAME "S.tpm2daemon"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
 #define DIRMNGR_SOCK_NAME "S.dirmngr"
 _ACEOF
 
 
 cat >>confdefs.h <<_ACEOF
-#define DIRMNGR_DEFAULT_KEYSERVER "hkps://keyserver.ubuntu.com"
+#define DIRMNGR_DEFAULT_KEYSERVER "hkps://hkps.pool.sks-keyservers.net"
 _ACEOF
 
 
@@ -16320,7 +16589,7 @@ fi
 #
 # Provide information about the build.
 #
-BUILD_REVISION="7c2078a68"
+BUILD_REVISION="c922a798a"
 
 
 cat >>confdefs.h <<_ACEOF
@@ -16329,7 +16598,7 @@ _ACEOF
 
 
 BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'`
-BUILD_VERSION="${BUILD_VERSION}31776"
+BUILD_VERSION="${BUILD_VERSION}51490"
 BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,`
 
 
@@ -16367,15 +16636,15 @@ if test "$have_gpg_error" = "no"; then
 ***
 *** You need libgpg-error to build this program.
 **  This library is for example available at
-***   https://gnupg.org/ftp/gcrypt/libgpg-error
-*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***   https://gnupg.org/ftp/gcrypt/gpgrt
+*** (at least version $NEED_GPGRT_VERSION is required.)
 ***" >&5
 $as_echo "$as_me:
 ***
 *** You need libgpg-error to build this program.
 **  This library is for example available at
-***   https://gnupg.org/ftp/gcrypt/libgpg-error
-*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***   https://gnupg.org/ftp/gcrypt/gpgrt
+*** (at least version $NEED_GPGRT_VERSION is required.)
 ***" >&6;}
 fi
 if test "$have_libgcrypt" = "no"; then
@@ -16511,7 +16780,7 @@ fi
 
 
 
-ac_config_files="$ac_config_files m4/Makefile Makefile po/Makefile.in common/Makefile common/w32info-rc.h regexp/Makefile kbx/Makefile g10/Makefile sm/Makefile agent/Makefile scd/Makefile g13/Makefile dirmngr/Makefile tools/gpg-zip tools/Makefile doc/Makefile tests/Makefile tests/gpgscm/Makefile tests/openpgp/Makefile tests/migrations/Makefile tests/gpgsm/Makefile tests/gpgme/Makefile tests/pkits/Makefile agent/gpg-agent.w32-manifest g10/gpg.w32-manifest g10/gpgv.w32-manifest sm/gpgsm.w32-manifest scd/scdaemon.w32-manifest dirmngr/dirmngr.w32-manifest tools/gpgconf.w32-manifest tools/gpgtar.w32-manifest tools/gpg-connect-agent.w32-manifest tools/gpg-check-pattern.w32-manifest tools/gpg-wks-client.w32-manifest"
+ac_config_files="$ac_config_files m4/Makefile Makefile po/Makefile.in common/Makefile common/w32info-rc.h regexp/Makefile kbx/Makefile g10/Makefile sm/Makefile agent/Makefile scd/Makefile tpm2d/Makefile g13/Makefile dirmngr/Makefile tools/Makefile doc/Makefile tests/Makefile tests/gpgscm/Makefile tests/openpgp/Makefile tests/tpm2dtests/Makefile tests/migrations/Makefile tests/gpgsm/Makefile tests/gpgme/Makefile tests/pkits/Makefile g10/gpg.w32-manifest tools/gpg-connect-agent.w32-manifest tools/gpgconf.w32-manifest tools/gpgtar.w32-manifest tools/gpg-check-pattern.w32-manifest tools/gpg-wks-client.w32-manifest tools/gpg-card.w32-manifest"
 
 
 
@@ -16660,10 +16929,18 @@ if test -z "${GNUPG_SCDAEMON_PGM_TRUE}" && test -z "${GNUPG_SCDAEMON_PGM_FALSE}"
   as_fn_error $? "conditional \"GNUPG_SCDAEMON_PGM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${GNUPG_TPM2DAEMON_PGM_TRUE}" && test -z "${GNUPG_TPM2DAEMON_PGM_FALSE}"; then
+  as_fn_error $? "conditional \"GNUPG_TPM2DAEMON_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${GNUPG_DIRMNGR_PGM_TRUE}" && test -z "${GNUPG_DIRMNGR_PGM_FALSE}"; then
   as_fn_error $? "conditional \"GNUPG_DIRMNGR_PGM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${GNUPG_KEYBOXD_PGM_TRUE}" && test -z "${GNUPG_KEYBOXD_PGM_FALSE}"; then
+  as_fn_error $? "conditional \"GNUPG_KEYBOXD_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${GNUPG_PROTECT_TOOL_PGM_TRUE}" && test -z "${GNUPG_PROTECT_TOOL_PGM_FALSE}"; then
   as_fn_error $? "conditional \"GNUPG_PROTECT_TOOL_PGM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16700,10 +16977,6 @@ if test -z "${HAVE_YAT2M_TRUE}" && test -z "${HAVE_YAT2M_FALSE}"; then
   as_fn_error $? "conditional \"HAVE_YAT2M\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${HAVE_USTAR_TRUE}" && test -z "${HAVE_USTAR_FALSE}"; then
-  as_fn_error $? "conditional \"HAVE_USTAR\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${HAVE_DOSISH_SYSTEM_TRUE}" && test -z "${HAVE_DOSISH_SYSTEM_FALSE}"; then
   as_fn_error $? "conditional \"HAVE_DOSISH_SYSTEM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16740,6 +17013,14 @@ if test -z "${CROSS_COMPILING_TRUE}" && test -z "${CROSS_COMPILING_FALSE}"; then
   as_fn_error $? "conditional \"CROSS_COMPILING\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${HAVE_LIBTSS_TRUE}" && test -z "${HAVE_LIBTSS_FALSE}"; then
+  as_fn_error $? "conditional \"HAVE_LIBTSS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${TEST_LIBTSS_TRUE}" && test -z "${TEST_LIBTSS_FALSE}"; then
+  as_fn_error $? "conditional \"TEST_LIBTSS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${BUILD_GPG_TRUE}" && test -z "${BUILD_GPG_FALSE}"; then
   as_fn_error $? "conditional \"BUILD_GPG\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16764,6 +17045,14 @@ if test -z "${BUILD_DIRMNGR_TRUE}" && test -z "${BUILD_DIRMNGR_FALSE}"; then
   as_fn_error $? "conditional \"BUILD_DIRMNGR\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${BUILD_KEYBOXD_TRUE}" && test -z "${BUILD_KEYBOXD_FALSE}"; then
+  as_fn_error $? "conditional \"BUILD_KEYBOXD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_TPM2D_TRUE}" && test -z "${BUILD_TPM2D_FALSE}"; then
+  as_fn_error $? "conditional \"BUILD_TPM2D\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${BUILD_DOC_TRUE}" && test -z "${BUILD_DOC_FALSE}"; then
   as_fn_error $? "conditional \"BUILD_DOC\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -17189,7 +17478,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by gnupg $as_me 2.2.39, which was
+This file was extended by gnupg $as_me 2.3.0, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -17255,7 +17544,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-gnupg config.status 2.2.39
+gnupg config.status 2.3.0
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -17405,29 +17694,26 @@ do
     "sm/Makefile") CONFIG_FILES="$CONFIG_FILES sm/Makefile" ;;
     "agent/Makefile") CONFIG_FILES="$CONFIG_FILES agent/Makefile" ;;
     "scd/Makefile") CONFIG_FILES="$CONFIG_FILES scd/Makefile" ;;
+    "tpm2d/Makefile") CONFIG_FILES="$CONFIG_FILES tpm2d/Makefile" ;;
     "g13/Makefile") CONFIG_FILES="$CONFIG_FILES g13/Makefile" ;;
     "dirmngr/Makefile") CONFIG_FILES="$CONFIG_FILES dirmngr/Makefile" ;;
-    "tools/gpg-zip") CONFIG_FILES="$CONFIG_FILES tools/gpg-zip" ;;
     "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
     "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
     "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
     "tests/gpgscm/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gpgscm/Makefile" ;;
     "tests/openpgp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/openpgp/Makefile" ;;
+    "tests/tpm2dtests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/tpm2dtests/Makefile" ;;
     "tests/migrations/Makefile") CONFIG_FILES="$CONFIG_FILES tests/migrations/Makefile" ;;
     "tests/gpgsm/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gpgsm/Makefile" ;;
     "tests/gpgme/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gpgme/Makefile" ;;
     "tests/pkits/Makefile") CONFIG_FILES="$CONFIG_FILES tests/pkits/Makefile" ;;
-    "agent/gpg-agent.w32-manifest") CONFIG_FILES="$CONFIG_FILES agent/gpg-agent.w32-manifest" ;;
     "g10/gpg.w32-manifest") CONFIG_FILES="$CONFIG_FILES g10/gpg.w32-manifest" ;;
-    "g10/gpgv.w32-manifest") CONFIG_FILES="$CONFIG_FILES g10/gpgv.w32-manifest" ;;
-    "sm/gpgsm.w32-manifest") CONFIG_FILES="$CONFIG_FILES sm/gpgsm.w32-manifest" ;;
-    "scd/scdaemon.w32-manifest") CONFIG_FILES="$CONFIG_FILES scd/scdaemon.w32-manifest" ;;
-    "dirmngr/dirmngr.w32-manifest") CONFIG_FILES="$CONFIG_FILES dirmngr/dirmngr.w32-manifest" ;;
+    "tools/gpg-connect-agent.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpg-connect-agent.w32-manifest" ;;
     "tools/gpgconf.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpgconf.w32-manifest" ;;
     "tools/gpgtar.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpgtar.w32-manifest" ;;
-    "tools/gpg-connect-agent.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpg-connect-agent.w32-manifest" ;;
     "tools/gpg-check-pattern.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpg-check-pattern.w32-manifest" ;;
     "tools/gpg-wks-client.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpg-wks-client.w32-manifest" ;;
+    "tools/gpg-card.w32-manifest") CONFIG_FILES="$CONFIG_FILES tools/gpg-card.w32-manifest" ;;
 
   *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
   esac
@@ -18271,28 +18557,36 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
 fi
 
 
+show_tss_type=
+if test "$build_tpm2d" = "yes"; then
+  show_tss_type="($have_libtss)"
+fi
 
 echo "
         GnuPG v${VERSION} has been configured as follows:
 
-        Revision:  7c2078a68  (31776)
+        Revision:  c922a798a  (51490)
         Platform:  $PRINTABLE_OS_NAME ($host)
 
         OpenPGP:   $build_gpg
         S/MIME:    $build_gpgsm
         Agent:     $build_agent
         Smartcard: $build_scdaemon $build_scdaemon_extra
+        TPM:       $build_tpm2d $show_tss_type
         G13:       $build_g13
         Dirmngr:   $build_dirmngr
+        Keyboxd:   $build_keyboxd
         Gpgtar:    $build_gpgtar
         WKS tools: $build_wks_tools
 
-        Protect tool:      $show_gnupg_protect_tool_pgm
-        LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
-        Default agent:     $show_gnupg_agent_pgm
-        Default pinentry:  $show_gnupg_pinentry_pgm
-        Default scdaemon:  $show_gnupg_scdaemon_pgm
-        Default dirmngr:   $show_gnupg_dirmngr_pgm
+        Protect tool:       $show_gnupg_protect_tool_pgm
+        LDAP wrapper:       $show_gnupg_dirmngr_ldap_pgm
+        Default agent:      $show_gnupg_agent_pgm
+        Default pinentry:   $show_gnupg_pinentry_pgm
+        Default scdaemon:   $show_gnupg_scdaemon_pgm
+        Default keyboxd:    $show_gnupg_keyboxd_pgm
+        Default tpm2daemon: $show_gnupg_tpm2daemon_pgm
+        Default dirmngr:    $show_gnupg_dirmngr_pgm
 
         Dirmngr auto start:  $dirmngr_auto_start
         Readline support:    $gnupg_cv_have_readline
@@ -18301,6 +18595,13 @@ echo "
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support
 "
+if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
+cat <<G10EOF
+        Warning: TPM support is compiled in but no software TPM
+                 for testing was discovered. TPM tests are disabled
+
+G10EOF
+fi
 if test "x${gpg_config_script_warn}" != x; then
 cat <<G10EOF
         Warning: Mismatches between the target platform and the
diff --git a/configure.ac b/configure.ac
index 495e90b..9cf0c6a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
-# configure.ac - for GnuPG 2.2
-# Copyright (C) 1998-2019 Free Software Foundation, Inc.
+# configure.ac - for GnuPG 2.1
 # Copyright (C) 1998-2019 Werner Koch
-# Copyright (C) 2003-2022 g10 Code GmbH
+# Copyright (C) 1998-2021 Free Software Foundation, Inc.
+# Copyright (C) 2003-2021 g10 Code GmbH
 #
 # This file is part of GnuPG.
 #
@@ -19,8 +19,8 @@
 # along with this program; if not, see <https://www.gnu.org/licenses/>.
 
 # Process this file with autoconf to produce a configure script.
-AC_PREREQ(2.61)
-min_automake_version="1.14"
+AC_PREREQ([2.61])
+min_automake_version="1.16.3"
 
 # To build a release you need to create a tag with the version number
 # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
@@ -28,8 +28,8 @@ min_automake_version="1.14"
 # another commit and push so that the git magic is able to work.
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
-m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [39])
+m4_define([mym4_minor], [3])
+m4_define([mym4_micro], [0])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release
@@ -48,22 +48,22 @@ m4_define([mym4_version],      m4_argn(4, mym4_verslist))
 m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
 m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
-AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
+AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
 
 # When changing the SWDB tag please also adjust the hard coded tags in
 # build-aux/speedo.mk and Makefile.am
-AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg22", [swdb tag for this branch])
+AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch])
 
-NEED_GPG_ERROR_VERSION=1.27
+NEED_GPGRT_VERSION=1.41
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.8.0
+NEED_LIBGCRYPT_VERSION=1.9.1
 
 NEED_LIBASSUAN_API=2
 NEED_LIBASSUAN_VERSION=2.5.0
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.3.5
+NEED_KSBA_VERSION=1.3.4
 
 NEED_NTBTLS_API=1
 NEED_NTBTLS_VERSION=0.1.0
@@ -74,7 +74,7 @@ NEED_NPTH_VERSION=1.2
 
 NEED_GNUTLS_VERSION=3.0
 
-NEED_SQLITE_VERSION=3.7
+NEED_SQLITE_VERSION=3.27
 
 development_version=mym4_isbeta
 PACKAGE=$PACKAGE_NAME
@@ -88,7 +88,7 @@ AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
 AC_CANONICAL_HOST
 AB_INIT
 
-AC_GNU_SOURCE
+AC_USE_SYSTEM_EXTENSIONS
 
 
 # Some status variables.
@@ -101,6 +101,7 @@ have_gnutls=no
 have_sqlite=no
 have_npth=no
 have_libusb=no
+have_libtss=no
 have_system_resolver=no
 gnupg_have_ldap="n/a"
 
@@ -117,13 +118,16 @@ use_tls_library=no
 large_secmem=no
 show_tor_support=no
 
-GNUPG_BUILD_PROGRAM(gpg, yes)
+# gpg is a required part and can't be disabled anymore.
+build_gpg=yes
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 # The agent is a required part and can't be disabled anymore.
 build_agent=yes
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
 GNUPG_BUILD_PROGRAM(g13, no)
 GNUPG_BUILD_PROGRAM(dirmngr, yes)
+GNUPG_BUILD_PROGRAM(keyboxd, yes)
+GNUPG_BUILD_PROGRAM(tpm2d, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)
 # We use gpgtar to unpack test data, hence we always build it.  If the
 # user opts out, we simply don't install it.
@@ -182,6 +186,15 @@ show_gnupg_scdaemon_pgm="(default)"
 test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
 
 
+AC_ARG_WITH(tpm2daemon-pgm,
+    [  --with-tpm2daemon-pgm=PATH  Use PATH as the default for the tpm2daemon)],
+          GNUPG_TPM2DAEMON_PGM="$withval", GNUPG_TPM2DAEMON_PGM="" )
+AC_SUBST(GNUPG_TPM2DAEMON_PGM)
+AM_CONDITIONAL(GNUPG_TPM2DAEMON_PGM, test -n "$GNUPG_TPM2DAEMON_PGM")
+show_gnupg_tpm2daemon_pgm="(default)"
+test -n "$GNUPG_TPM2DAEMON_PGM" && show_gnupg_tpm2daemon_pgm="$GNUPG_TPM2DAEMON_PGM"
+
+
 AC_ARG_WITH(dirmngr-pgm,
     [  --with-dirmngr-pgm=PATH  Use PATH as the default for the dirmngr)],
           GNUPG_DIRMNGR_PGM="$withval", GNUPG_DIRMNGR_PGM="" )
@@ -190,6 +203,14 @@ AM_CONDITIONAL(GNUPG_DIRMNGR_PGM, test -n "$GNUPG_DIRMNGR_PGM")
 show_gnupg_dirmngr_pgm="(default)"
 test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
 
+AC_ARG_WITH(keyboxd-pgm,
+    [  --with-keyboxd-pgm=PATH  Use PATH as the default for the keyboxd)],
+          GNUPG_KEYBOXD_PGM="$withval", GNUPG_KEYBOXD_PGM="" )
+AC_SUBST(GNUPG_KEYBOXD_PGM)
+AM_CONDITIONAL(GNUPG_KEYBOXD_PGM, test -n "$GNUPG_KEYBOXD_PGM")
+show_gnupg_keyboxd_pgm="(default)"
+test -n "$GNUPG_KEYBOXD_PGM" && show_gnupg_keyboxd_pgm="$GNUPG_KEYBOXD_PGM"
+
 AC_ARG_WITH(protect-tool-pgm,
     [  --with-protect-tool-pgm=PATH  Use PATH as the default for the protect-tool)],
           GNUPG_PROTECT_TOOL_PGM="$withval", GNUPG_PROTECT_TOOL_PGM="" )
@@ -214,7 +235,7 @@ test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
 # 2.2.  This option can be used to install gpg under the name gpg2.
 #
 AC_ARG_ENABLE(gpg-is-gpg2,
-    AC_HELP_STRING([--enable-gpg-is-gpg2],[Set installed name of gpg to gpg2]),
+    AS_HELP_STRING([--enable-gpg-is-gpg2],[Set installed name of gpg to gpg2]),
     gpg_is_gpg2=$enableval)
 if test "$gpg_is_gpg2" = "yes"; then
    AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
@@ -226,7 +247,7 @@ AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg_is_gpg2" = "yes")
 # leaking their contents through processing these files by gpg itself
 AC_MSG_CHECKING([whether SELinux support is requested])
 AC_ARG_ENABLE(selinux-support,
-              AC_HELP_STRING([--enable-selinux-support],
+              AS_HELP_STRING([--enable-selinux-support],
                              [enable SELinux support]),
               selinux_support=$enableval, selinux_support=no)
 AC_MSG_RESULT($selinux_support)
@@ -234,7 +255,7 @@ AC_MSG_RESULT($selinux_support)
 
 AC_MSG_CHECKING([whether to allocate extra secure memory])
 AC_ARG_ENABLE(large-secmem,
-              AC_HELP_STRING([--enable-large-secmem],
+              AS_HELP_STRING([--enable-large-secmem],
                              [allocate extra secure memory]),
               large_secmem=$enableval, large_secmem=no)
 AC_MSG_RESULT($large_secmem)
@@ -248,7 +269,7 @@ AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
 
 AC_MSG_CHECKING([calibrated passphrase-stretching (s2k) duration])
 AC_ARG_WITH(agent-s2k-calibration,
-              AC_HELP_STRING([--with-agent-s2k-calibration=MSEC],
+              AS_HELP_STRING([--with-agent-s2k-calibration=MSEC],
                              [calibrate passphrase stretching (s2k) to MSEC milliseconds]),
               agent_s2k_calibration=$withval, agent_s2k_calibration=100)
 AC_MSG_RESULT($agent_s2k_calibration milliseconds)
@@ -257,7 +278,7 @@ AC_DEFINE_UNQUOTED(AGENT_S2K_CALIBRATION, $agent_s2k_calibration,
 
 AC_MSG_CHECKING([whether to enable trust models])
 AC_ARG_ENABLE(trust-models,
-              AC_HELP_STRING([--disable-trust-models],
+              AS_HELP_STRING([--disable-trust-models],
                              [disable all trust models except "always"]),
               use_trust_models=$enableval)
 AC_MSG_RESULT($use_trust_models)
@@ -268,7 +289,7 @@ fi
 
 AC_MSG_CHECKING([whether to enable TOFU])
 AC_ARG_ENABLE(tofu,
-                AC_HELP_STRING([--disable-tofu],
+                AS_HELP_STRING([--disable-tofu],
                                [disable the TOFU trust model]),
               use_tofu=$enableval, use_tofu=$use_trust_models)
 AC_MSG_RESULT($use_tofu)
@@ -278,7 +299,7 @@ fi
 
 AC_MSG_CHECKING([whether to enable libdns])
 AC_ARG_ENABLE(libdns,
-                AC_HELP_STRING([--disable-libdns],
+                AS_HELP_STRING([--disable-libdns],
                                [do not build with libdns support]),
               use_libdns=$enableval, use_libdns=yes)
 AC_MSG_RESULT($use_libdns)
@@ -325,7 +346,7 @@ GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
 # implementations SHOULD support ZLIB.
 AC_MSG_CHECKING([whether to enable the ZIP and ZLIB compression algorithm])
 AC_ARG_ENABLE(zip,
-   AC_HELP_STRING([--disable-zip],
+   AS_HELP_STRING([--disable-zip],
                   [disable the ZIP and ZLIB compression algorithm]),
    use_zip=$enableval)
 AC_MSG_RESULT($use_zip)
@@ -334,7 +355,7 @@ AC_MSG_RESULT($use_zip)
 # It is defined only after we confirm the library is available later
 AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
 AC_ARG_ENABLE(bzip2,
-   AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
+   AS_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
    use_bzip2=$enableval)
 AC_MSG_RESULT($use_bzip2)
 
@@ -342,7 +363,7 @@ AC_MSG_RESULT($use_bzip2)
 # programs, like a photo viewer.
 AC_MSG_CHECKING([whether to enable external program execution])
 AC_ARG_ENABLE(exec,
-    AC_HELP_STRING([--disable-exec],[disable all external program execution]),
+    AS_HELP_STRING([--disable-exec],[disable all external program execution]),
     use_exec=$enableval)
 AC_MSG_RESULT($use_exec)
 if test "$use_exec" = no ; then
@@ -380,7 +401,7 @@ fi
 #
 AC_MSG_CHECKING([for the size of the key and uid cache])
 AC_ARG_ENABLE(key-cache,
-        AC_HELP_STRING([--enable-key-cache=SIZE],
+        AS_HELP_STRING([--enable-key-cache=SIZE],
                        [Set key cache to SIZE (default 4096)]),,enableval=4096)
 if test "$enableval" = "no"; then
    enableval=5
@@ -412,7 +433,7 @@ AC_MSG_RESULT($use_capabilities)
 # Check whether to disable the card support
 AC_MSG_CHECKING([whether smartcard support is requested])
 AC_ARG_ENABLE(card-support,
-              AC_HELP_STRING([--disable-card-support],
+              AS_HELP_STRING([--disable-card-support],
                              [disable smartcard support]),
               card_support=$enableval)
 AC_MSG_RESULT($card_support)
@@ -428,14 +449,14 @@ fi
 #
 AC_MSG_CHECKING([whether to enable the internal CCID driver])
 AC_ARG_ENABLE(ccid-driver,
-              AC_HELP_STRING([--disable-ccid-driver],
+              AS_HELP_STRING([--disable-ccid-driver],
                              [disable the internal CCID driver]),
               use_ccid_driver=$enableval)
 AC_MSG_RESULT($use_ccid_driver)
 
 AC_MSG_CHECKING([whether to auto start dirmngr])
 AC_ARG_ENABLE(dirmngr-auto-start,
-              AC_HELP_STRING([--disable-dirmngr-auto-start],
+              AS_HELP_STRING([--disable-dirmngr-auto-start],
                              [disable auto starting of the dirmngr]),
               dirmngr_auto_start=$enableval)
 AC_MSG_RESULT($dirmngr_auto_start)
@@ -485,14 +506,6 @@ AH_BOTTOM([
 #define EXEEXT_S ""
 #endif
 
-/* This is the same as VERSION, but should be overridden if the
-   platform cannot handle things like dots '.' in filenames. Set
-   SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
-   uses for dots and dashes. */
-#define SAFE_VERSION VERSION
-#define SAFE_VERSION_DOT  '.'
-#define SAFE_VERSION_DASH '-'
-
 /* Some global constants.
  * Note that the homedir must not end in a slash.  */
 #ifdef HAVE_DOSISH_SYSTEM
@@ -507,10 +520,25 @@ AH_BOTTOM([
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
 #define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
+#define GNUPG_PUBLIC_KEYS_DIR   "public-keys.d"
 #define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
-
-#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2022 g10 Code GmbH"
-
+#define GNUPG_CACHE_DIR         "cache.d"
+
+/* GnuPG has always been a part of the GNU project and thus we have
+ * shown the FSF as holder of the copyright.  We continue to do so for
+ * the reason that without the FSF the free software used all over the
+ * world would not have come into existence.  However, under Windows
+ * we print a different copyright string with --version because the
+ * copyright assignments of g10 Code and Werner Koch were terminated
+ * many years ago, g10 Code is still the major contributor to the
+ * code, and Windows is not an FSF endorsed platform.  Note that the
+ * actual list of copyright holders can be found in the AUTHORS file.  */
+#ifdef HAVE_W32_SYSTEM
+#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2021 g10 Code GmbH"
+#else
+#define GNUPG_DEF_COPYRIGHT_LINE \
+        "Copyright (C) 2021 Free Software Foundation, Inc."
+#endif
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
@@ -562,9 +590,12 @@ AH_BOTTOM([
 # endif
 #endif
 
-/* Provide the es_ macro for estream.  */
+/* Enable the es_ macros from gpgrt.  */
 #define GPGRT_ENABLE_ES_MACROS 1
 
+/* Enable the log_ macros from gpgrt.  */
+#define GPGRT_ENABLE_LOG_MACROS 1
+
 /* We want the argparse macros from gpgrt.  */
 #define GPGRT_ENABLE_ARGPARSE_MACROS 1
 
@@ -619,12 +650,11 @@ AC_PROG_RANLIB
 AC_CHECK_TOOL(AR, ar, :)
 AC_PATH_PROG(PERL,"perl")
 AC_CHECK_TOOL(WINDRES, windres, :)
-AC_PATH_PROG(YAT2M, "yat2m")
+AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
 AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
 AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
-AC_ISC_POSIX
+AC_SEARCH_LIBS([strerror],[cposix])
 AC_SYS_LARGEFILE
-GNUPG_CHECK_USTAR
 
 
 # GNU AWK requires -n option to interpret "0xHH" as a number
@@ -743,7 +773,7 @@ case "${host}" in
         build_wks_tools=no
         ;;
     *-apple-darwin*)
-        AC_DEFINE(_DARWIN_C_SOURCE, 1,
+        AC_DEFINE(_DARWIN_C_SOURCE, 900000L,
                   Expose all libc features (__DARWIN_C_FULL).)
         ;;
     *-*-netbsd*)
@@ -797,10 +827,10 @@ AC_MSG_NOTICE([checking for libraries])
 
 
 #
-# libgpg-error is a library with error codes shared between GnuPG
-# related projects.
+# gpgrt (aka libgpg-error) is a library with error codes shared
+# between GnuPG related projects.
 #
-AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
+AM_PATH_GPG_ERROR("$NEED_GPGRT_VERSION",
                   have_gpg_error=yes,have_gpg_error=no)
 
 
@@ -809,7 +839,29 @@ AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
 #
 AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
         have_libgcrypt=yes,have_libgcrypt=no)
-
+# And, then, check if it's newer than 1.9.0 so that we can
+# conditionally build some programs.
+# Note: This is not anymore needed but keep the code commented in case
+# we need it again with some future libgcrypt.
+#have_libgcrypt_newer=no
+#if test $ok = yes; then
+#    if test "$major" -gt 1; then
+#        have_libgcrypt_newer=yes
+#    else
+#        if test "$major" -eq 1; then
+#            if test "$minor" -gt 9; then
+#               have_libgcrypt_newer=yes
+#            else
+#               if test "$minor" -eq 9; then
+#                   if test "$micro" -ge 0; then
+#                     have_libgcrypt_newer=yes
+#                   fi
+#               fi
+#            fi
+#        fi
+#    fiy
+#fi
+#AM_CONDITIONAL(HAVE_NEWER_LIBGCRYPT, [test $have_libgcrypt_newer = yes])
 
 #
 # libassuan is used for IPC
@@ -913,7 +965,7 @@ LIBS="$gnupg_dlopen_save_libs"
 # Checks for g10
 
 AC_ARG_ENABLE(sqlite,
-                AC_HELP_STRING([--disable-sqlite],
+                AS_HELP_STRING([--disable-sqlite],
                                [disable the use of SQLITE]),
               try_sqlite=$enableval, try_sqlite=yes)
 
@@ -929,10 +981,11 @@ if test x"$use_tofu" = xyes ; then
     AC_SUBST([SQLITE3_LIBS])
   else
     use_tofu=no
+    build_keyboxd=no
     tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
     AC_MSG_WARN([[
 ***
-*** Building without SQLite support - TOFU disabled
+*** Building without SQLite support - TOFU and Keyboxd disabled
 ***
 *** $tmp]])
   fi
@@ -956,26 +1009,6 @@ AC_DEFINE_UNQUOTED(FUSERMOUNT,
 	"${FUSERMOUNT}", [defines the filename of the fusermount program])
 
 
-# Checks for dirmngr
-
-
-#
-# Checks formerly used for symcryptrun.
-#
-
-# libutil has openpty() and login_tty().
-AC_CHECK_LIB(util, openpty,
-              [ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
-                AC_DEFINE(HAVE_LIBUTIL,1,
-                         [defined if libutil is available])
-             ])
-AC_SUBST(LIBUTIL_LIBS)
-
-# shred is used to clean temporary plain text files.
-AC_PATH_PROG(SHRED, shred, /usr/bin/shred)
-AC_DEFINE_UNQUOTED(SHRED,
-	"${SHRED}", [defines the filename of the shred program])
-
 
 #
 # Check whether the nPth library is available
@@ -997,7 +1030,7 @@ fi
 # Enable debugging of nPth
 #
 AC_ARG_ENABLE(npth-debug,
-   AC_HELP_STRING([--enable-npth-debug],
+   AS_HELP_STRING([--enable-npth-debug],
                   [build with debug version of npth]),
                   [if test $enableval = yes ; then
                      AC_DEFINE(NPTH_ENABLE_DEBUG,1,
@@ -1007,11 +1040,11 @@ AC_ARG_ENABLE(npth-debug,
 
 
 #
-# NTBTLS is our TLS library.  If it is not available fallback to
+# NTBTLS is our TLS library.  If it is not available we fall back to
 # GNUTLS.
 #
 AC_ARG_ENABLE(ntbtls,
-              AC_HELP_STRING([--disable-ntbtls],
+              AS_HELP_STRING([--disable-ntbtls],
                              [disable the use of NTBTLS as TLS library]),
               try_ntbtls=$enableval, try_ntbtls=yes)
 if test x"$try_ntbtls" = xyes ; then
@@ -1023,7 +1056,7 @@ if test "$have_ntbtls" = yes ; then
    AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
 else
   AC_ARG_ENABLE(gnutls,
-                AC_HELP_STRING([--disable-gnutls],
+                AS_HELP_STRING([--disable-gnutls],
                                [disable GNUTLS as fallback TLS library]),
                 try_gnutls=$enableval, try_gnutls=yes)
   if test x"$try_gnutls" = xyes ; then
@@ -1038,9 +1071,10 @@ else
     AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
   else
     tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+    build_dirmngr=no
     AC_MSG_WARN([[
 ***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
+*** Neither NTBTLS nor GNUTLS available - not building dirmngr.
 ***
 *** $tmp]])
   fi
@@ -1050,7 +1084,7 @@ fi
 # Allow to set a fixed trust store file for system provided certificates.
 #
 AC_ARG_WITH([default-trust-store-file],
-            [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+            [AS_HELP_STRING([--with-default-trust-store-file=FILE],
                             [Use FILE as system trust store])],
             default_trust_store_file="$withval",
             default_trust_store_file="")
@@ -1179,7 +1213,8 @@ AC_SUBST(DNSLIBS)
 # gnupg_have_ldap from "n/a" to "no" or "yes".
 
 AC_ARG_ENABLE(ldap,
-    AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
+    AS_HELP_STRING([--disable-ldap],
+                   [disable LDAP support]),
     [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
 
 if test "$gnupg_have_ldap" != "no" ; then
@@ -1208,6 +1243,7 @@ if test "$gnupg_have_ldap" = yes ; then
 fi
 
 
+
 #
 # Check for sendmail
 #
@@ -1215,7 +1251,7 @@ fi
 # sendmail-ish interface to the outside world.  That includes Exim,
 # Postfix, etc.  Basically, anything that can handle "sendmail -t".
 AC_ARG_WITH(mailprog,
-      AC_HELP_STRING([--with-mailprog=NAME],
+      AS_HELP_STRING([--with-mailprog=NAME],
                      [use "NAME -t" for mail transport]),
              ,with_mailprog=yes)
 if test x"$with_mailprog" = xyes ; then
@@ -1338,9 +1374,13 @@ AC_C_INLINE
 AC_C_VOLATILE
 AC_TYPE_SIZE_T
 AC_TYPE_MODE_T
-AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([sigdescr_np])
-AC_DECL_SYS_SIGLIST
+AC_CHECK_DECLS([sys_siglist],[],[],[#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h.  */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+])
+
 
 gl_HEADER_SYS_SOCKET
 gl_TYPE_SOCKLEN_T
@@ -1348,8 +1388,8 @@ gl_TYPE_SOCKLEN_T
 AC_SEARCH_LIBS([inet_addr], [nsl])
 
 AC_ARG_ENABLE(endian-check,
-              AC_HELP_STRING([--disable-endian-check],
-	      [disable the endian check and trust the OS provided macros]),
+              AS_HELP_STRING([--disable-endian-check],
+              [disable the endian check and trust the OS provided macros]),
 	      endiancheck=$enableval,endiancheck=yes)
 
 if test x"$endiancheck" = xyes ; then
@@ -1357,16 +1397,12 @@ if test x"$endiancheck" = xyes ; then
 fi
 
 # fixme: we should get rid of the byte type
-GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
-GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
-GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
-GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF)
-GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF)
-
+AC_CHECK_TYPES([byte, ushort, ulong, u16, u32])
 AC_CHECK_SIZEOF(unsigned short)
 AC_CHECK_SIZEOF(unsigned int)
 AC_CHECK_SIZEOF(unsigned long)
 AC_CHECK_SIZEOF(unsigned long long)
+AC_CHECK_SIZEOF(size_t)
 AC_HEADER_TIME
 AC_CHECK_SIZEOF(time_t,,[[
 #include <stdio.h>
@@ -1456,7 +1492,6 @@ AC_CHECK_FUNCS([getpeerucred])
 #
 # W32 specific test
 #
-GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
 
 
 #
@@ -1493,7 +1528,7 @@ if test "$use_bzip2" = yes ; then
   _cppflags="${CPPFLAGS}"
   _ldflags="${LDFLAGS}"
   AC_ARG_WITH(bzip2,
-     AC_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
+     AS_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
       [
       if test -d "$withval" ; then
         CPPFLAGS="${CPPFLAGS} -I$withval/include"
@@ -1557,6 +1592,65 @@ AC_SUBST(NETLIBS)
 AC_SUBST(W32SOCKLIBS)
 
 #
+# TPM libtss library .. don't compile TPM support if we don't have it
+#
+LIBTSS_LIBS=
+LIBTSS_CFLAGS=
+if test "$build_tpm2d" = "yes"; then
+  _save_libs="$LIBS"
+  _save_cflags="$CFLAGS"
+  LIBS=""
+  AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=IBM,
+    AC_SEARCH_LIBS([Esys_Initialize], [tss2-esys],have_libtss=Intel))
+  if test "$have_libtss" = IBM; then
+    LIBTSS_CFLAGS="-DTPM_POSIX"
+    CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
+    AC_CHECK_HEADER([tss2/tss.h],
+                    [AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
+      AC_CHECK_HEADER([ibmtss/tss.h],[AC_DEFINE(TSS_INCLUDE,ibmtss,
+                                                [ibmtss include location])], [
+        AC_MSG_WARN([No TSS2 include directory found, disabling TPM support])
+        have_libtss=no
+      ])
+    ])
+    LIBTSS_LIBS=$LIBS
+    AC_SUBST(TSS_INCLUDE)
+  elif test "$have_libtss" = Intel; then
+    ##
+    # Intel TSS has an API issue: Esys_TR_GetTpmHandle wasn't introduced
+    # until version 2.4.0.
+    #
+    # Note: the missing API is fairly serious and is also easily backportable
+    # so keep the check below as is intead of going by library version number.
+    ##
+    AC_CHECK_LIB(tss2-esys, Esys_TR_GetTpmHandle, [], [
+	AC_MSG_WARN([Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)])
+	have_libtss=no
+    ])
+    LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
+    AC_DEFINE(HAVE_INTEL_TSS, 1, [Defined if we have the Intel TSS])
+  fi
+  LIBS="$_save_libs"
+  CFLAGS="$_save_cflags"
+  if test "$have_libtss" != no; then
+    AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
+    # look for a TPM emulator for testing
+    AC_PATH_PROG(TPMSERVER, tpm_server,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
+    AC_PATH_PROG(SWTPM, swtpm,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
+    AC_PATH_PROG(SWTPM_IOCTL, swtpm_ioctl,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
+    AC_PATH_PROG(TSSSTARTUP, tssstartup,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
+  fi
+fi
+if test "$have_libtss" = no; then
+  build_tpm2d=no
+fi
+AC_SUBST(LIBTSS_LIBS)
+AC_SUBST(LIBTSS_CFLAGS)
+AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" != no)
+AM_CONDITIONAL(TEST_LIBTSS, test -n "$TPMSERVER" || test -n "$SWTPM" && test -n "$TSSSTARTUP")
+AC_SUBST(HAVE_LIBTSS)
+
+#
 # Setup gcc specific options
 #
 USE_C99_CFLAGS=
@@ -1592,7 +1686,6 @@ if test "$GCC" = yes; then
         if test x"$_gcc_wopt" = xyes ; then
           mycflags="$mycflags -W -Wno-sign-compare -Wno-format-zero-length"
           mycflags="$mycflags -Wno-missing-field-initializers"
-          mycflags="$mycflags -Wno-format-zero-length"
         fi
 
         AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
@@ -1662,18 +1755,31 @@ AC_SUBST(USE_C99_CFLAGS)
 # things and eliminate variables.
 #
 AC_ARG_ENABLE(optimization,
-   AC_HELP_STRING([--disable-optimization],
+   AS_HELP_STRING([--disable-optimization],
                   [disable compiler optimization]),
                   [if test $enableval = no ; then
                       CFLAGS=`echo $CFLAGS | sed s/-O[[1-9]]\ /-O0\ /g`
                    fi])
 
 #
+# log_debug has certain requirements which might hamper portability.
+# Thus we use an option to enable it.
+#
+AC_MSG_CHECKING([whether to enable log_clock])
+AC_ARG_ENABLE(log_clock,
+              AS_HELP_STRING([--enable-log-clock],
+                             [enable log_clock timestamps]),
+              enable_log_clock=$enableval, enable_log_clock=no)
+AC_MSG_RESULT($enable_log_clock)
+if test "$enable_log_clock" = yes ; then
+  AC_DEFINE(ENABLE_LOG_CLOCK,1,[Defined to use log_clock timestamps])
+fi
+
 # Add -Werror to CFLAGS.  This hack can be used to avoid problems with
 # misbehaving autoconf tests in case the user supplied -Werror.
 #
 AC_ARG_ENABLE(werror,
-   AC_HELP_STRING([--enable-werror],
+   AS_HELP_STRING([--enable-werror],
                   [append -Werror to CFLAGS]),
                   [if test $enableval = yes ; then
                       CFLAGS="$CFLAGS -Werror"
@@ -1684,7 +1790,7 @@ AC_ARG_ENABLE(werror,
 #
 AC_MSG_CHECKING([whether "make check" shall run all tests])
 AC_ARG_ENABLE(all-tests,
-              AC_HELP_STRING([--enable-all-tests],
+              AS_HELP_STRING([--enable-all-tests],
                              [let "make check" run all tests]),
               run_all_tests=$enableval, run_all_tests=no)
 AC_MSG_RESULT($run_all_tests)
@@ -1698,7 +1804,7 @@ fi
 #
 AC_MSG_CHECKING([whether tests should be run])
 AC_ARG_ENABLE(tests,
-              AC_HELP_STRING([--disable-tests],
+              AS_HELP_STRING([--disable-tests],
                              [do not run any tests]),
               run_tests=$enableval, run_tests=yes)
 AC_MSG_RESULT($run_tests)
@@ -1725,7 +1831,7 @@ fi
 # before /run/user
 #
 AC_ARG_ENABLE(run-gnupg-user-socket,
-    AC_HELP_STRING([--enable-run-gnupg-user-socket],
+    AS_HELP_STRING([--enable-run-gnupg-user-socket],
                    [try /run/gnupg/user for sockets prior to /run/user]),
     use_run_gnupg_user_socket=$enableval)
 if test x"$use_run_gnupg_user_socket" = x"yes"; then
@@ -1758,6 +1864,8 @@ AM_CONDITIONAL(BUILD_AGENT,       test "$build_agent" = "yes")
 AM_CONDITIONAL(BUILD_SCDAEMON,    test "$build_scdaemon" = "yes")
 AM_CONDITIONAL(BUILD_G13,         test "$build_g13" = "yes")
 AM_CONDITIONAL(BUILD_DIRMNGR,     test "$build_dirmngr" = "yes")
+AM_CONDITIONAL(BUILD_KEYBOXD,     test "$build_keyboxd" = "yes")
+AM_CONDITIONAL(BUILD_TPM2D,       test "$build_tpm2d" = "yes")
 AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
 AM_CONDITIONAL(BUILD_WKS_TOOLS,   test "$build_wks_tools" = "yes")
@@ -1785,6 +1893,12 @@ fi
 if test "$build_dirmngr" = yes ; then
     AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build])
 fi
+if test "$build_keyboxd" = yes ; then
+    AC_DEFINE(BUILD_WITH_KEYBOXD,1,[Defined if KEYBOXD is to be build])
+fi
+if test "$build_tpm2d" = yes ; then
+    AC_DEFINE(BUILD_WITH_TPM2D,1,[Defined if TPM2D to be build])
+fi
 if test "$build_g13" = yes ; then
     AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build])
 fi
@@ -1805,6 +1919,10 @@ AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
 AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
                                         [The displayed name of gpg-agent])
 
+AC_DEFINE_UNQUOTED(TPM2DAEMON_NAME, "tpm2daemon", [The name of the TPM2 daemon])
+AC_DEFINE_UNQUOTED(TPM2DAEMON_DISP_NAME, "TPM2 Daemon",
+                                       [The displayed name of TPM2 daemon])
+
 AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
 AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
                                        [The displayed name of scdaemon])
@@ -1813,6 +1931,10 @@ AC_DEFINE_UNQUOTED(DIRMNGR_NAME, "dirmngr", [The name of the dirmngr])
 AC_DEFINE_UNQUOTED(DIRMNGR_DISP_NAME, "DirMngr",
                                       [The displayed name of dirmngr])
 
+AC_DEFINE_UNQUOTED(KEYBOXD_NAME, "keyboxd", [The name of the keyboxd])
+AC_DEFINE_UNQUOTED(KEYBOXD_DISP_NAME, "Keyboxd",
+                                      [The displayed name of keyboxd])
+
 AC_DEFINE_UNQUOTED(G13_NAME, "g13", [The name of the g13 tool])
 AC_DEFINE_UNQUOTED(G13_DISP_NAME, "G13", [The displayed name of g13])
 
@@ -1834,10 +1956,14 @@ AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
                    [The name of the dirmngr info envvar])
 AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
                    [The name of the SCdaemon socket])
+AC_DEFINE_UNQUOTED(KEYBOXD_SOCK_NAME, "S.keyboxd",
+                   [The name of the keyboxd socket])
+AC_DEFINE_UNQUOTED(TPM2DAEMON_SOCK_NAME, "S.tpm2daemon",
+                   [The name of the TPM2 daemon socket])
 AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
                    [The name of the dirmngr socket])
 AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
-                   "hkps://keyserver.ubuntu.com",
+                   "hkps://hkps.pool.sks-keyservers.net",
       [The default keyserver for dirmngr to use, if none is explicitly given])
 
 AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
@@ -1865,7 +1991,7 @@ AC_SUBST(BUILD_VERSION)
 AC_SUBST(BUILD_FILEVERSION)
 
 AC_ARG_ENABLE([build-timestamp],
-  AC_HELP_STRING([--enable-build-timestamp],
+  AS_HELP_STRING([--enable-build-timestamp],
                  [set an explicit build timestamp for reproducibility.
                   (default is the current time in ISO-8601 format)]),
      [if test "$enableval" = "yes"; then
@@ -1893,8 +2019,8 @@ if test "$have_gpg_error" = "no"; then
 ***
 *** You need libgpg-error to build this program.
 **  This library is for example available at
-***   https://gnupg.org/ftp/gcrypt/libgpg-error
-*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***   https://gnupg.org/ftp/gcrypt/gpgrt
+*** (at least version $NEED_GPGRT_VERSION is required.)
 ***]])
 fi
 if test "$have_libgcrypt" = "no"; then
@@ -1994,34 +2120,35 @@ g10/Makefile
 sm/Makefile
 agent/Makefile
 scd/Makefile
+tpm2d/Makefile
 g13/Makefile
 dirmngr/Makefile
-tools/gpg-zip
 tools/Makefile
 doc/Makefile
 tests/Makefile
 tests/gpgscm/Makefile
 tests/openpgp/Makefile
+tests/tpm2dtests/Makefile
 tests/migrations/Makefile
 tests/gpgsm/Makefile
 tests/gpgme/Makefile
 tests/pkits/Makefile
-agent/gpg-agent.w32-manifest
 g10/gpg.w32-manifest
-g10/gpgv.w32-manifest
-sm/gpgsm.w32-manifest
-scd/scdaemon.w32-manifest
-dirmngr/dirmngr.w32-manifest
+tools/gpg-connect-agent.w32-manifest
 tools/gpgconf.w32-manifest
 tools/gpgtar.w32-manifest
-tools/gpg-connect-agent.w32-manifest
 tools/gpg-check-pattern.w32-manifest
 tools/gpg-wks-client.w32-manifest
+tools/gpg-card.w32-manifest
 ])
 
 
 AC_OUTPUT
 
+show_tss_type=
+if test "$build_tpm2d" = "yes"; then
+  show_tss_type="($have_libtss)"
+fi
 
 echo "
         GnuPG v${VERSION} has been configured as follows:
@@ -2033,17 +2160,21 @@ echo "
         S/MIME:    $build_gpgsm
         Agent:     $build_agent
         Smartcard: $build_scdaemon $build_scdaemon_extra
+        TPM:       $build_tpm2d $show_tss_type
         G13:       $build_g13
         Dirmngr:   $build_dirmngr
+        Keyboxd:   $build_keyboxd
         Gpgtar:    $build_gpgtar
         WKS tools: $build_wks_tools
 
-        Protect tool:      $show_gnupg_protect_tool_pgm
-        LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
-        Default agent:     $show_gnupg_agent_pgm
-        Default pinentry:  $show_gnupg_pinentry_pgm
-        Default scdaemon:  $show_gnupg_scdaemon_pgm
-        Default dirmngr:   $show_gnupg_dirmngr_pgm
+        Protect tool:       $show_gnupg_protect_tool_pgm
+        LDAP wrapper:       $show_gnupg_dirmngr_ldap_pgm
+        Default agent:      $show_gnupg_agent_pgm
+        Default pinentry:   $show_gnupg_pinentry_pgm
+        Default scdaemon:   $show_gnupg_scdaemon_pgm
+        Default keyboxd:    $show_gnupg_keyboxd_pgm
+        Default tpm2daemon: $show_gnupg_tpm2daemon_pgm
+        Default dirmngr:    $show_gnupg_dirmngr_pgm
 
         Dirmngr auto start:  $dirmngr_auto_start
         Readline support:    $gnupg_cv_have_readline
@@ -2052,6 +2183,13 @@ echo "
         TOFU support:        $use_tofu
         Tor support:         $show_tor_support
 "
+if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
+cat <<G10EOF
+        Warning: TPM support is compiled in but no software TPM
+                 for testing was discovered. TPM tests are disabled
+
+G10EOF
+fi
 if test "x${gpg_config_script_warn}" != x; then
 cat <<G10EOF
         Warning: Mismatches between the target platform and the
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index f55bb35..77ca3f5 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -21,10 +21,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011 tls-ca.pem \
-             dirmngr-w32info.rc dirmngr.w32-manifest.in
-
-
+EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011 tls-ca.pem
 dist_pkgdata_DATA = sks-keyservers.netCA.pem
 
 bin_PROGRAMS = dirmngr dirmngr-client
@@ -79,33 +76,24 @@ endif
 if USE_LDAP
 dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
                    ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
-                   ldap-misc.c ldap-misc.h \
                    ks-engine-ldap.c $(ldap_url) ldap-wrapper.c
 ldaplibs = $(LDAPLIBS)
 else
 ldaplibs =
 endif
 
-if HAVE_W32_SYSTEM
-dirmngr_robjs = $(resource_objs) dirmngr-w32info.o
-dirmngr-w32info.o : dirmngr.w32-manifest
-else
-dirmngr_robjs =
-endif
-
 
 dirmngr_LDADD = $(libcommonpth) \
         $(DNSLIBS) $(LIBASSUAN_LIBS) \
-	$(KSBA_LIBS) $(NPTH_LIBS) $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
-        $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) \
-        $(NETLIBS) $(dirmngr_robj)
+	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
+	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
 if USE_LDAP
 dirmngr_LDADD += $(ldaplibs)
 endif
 dirmngr_LDFLAGS = $(extra_bin_ldflags)
 
 if USE_LDAP
-dirmngr_ldap_SOURCES = dirmngr_ldap.c ldap-misc.c ldap-misc.h $(ldap_url)
+dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
 dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
 dirmngr_ldap_LDFLAGS =
 dirmngr_ldap_LDADD = $(libcommon) \
@@ -124,15 +112,15 @@ t_common_src = t-support.h t-support.c
 if USE_LIBDNS
 t_common_src += dns.c dns.h
 endif
-t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) \
-                 $(NTBTLS_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-                 $(LIBGNUTLS_LIBS) \
-                 $(NETLIBS) $(DNSLIBS) $(LIBINTL) $(LIBICONV)
+t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
+                 $(GPG_ERROR_LIBS) $(NETLIBS) \
+                 $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
+                 $(DNSLIBS) $(LIBINTL) $(LIBICONV)
 
 module_tests = t-http-basic
 
 if USE_LDAP
-module_tests += t-ldap-parse-uri t-ldap-misc
+module_tests += t-ldap-parse-uri
 endif
 
 # Test which need a network connections are only used in maintainer mode.
@@ -166,30 +154,20 @@ t_http_basic_CFLAGS  = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
 	         $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
                  $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
 t_http_basic_LDADD   = $(t_common_ldadd) \
-	               $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
-                       $(GPG_ERROR_LIBS) \
-                       $(LIBGNUTLS_LIBS) $(DNSLIBS)
+	         $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+
 
 t_ldap_parse_uri_SOURCES = \
 	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
-        http.c http-common.c dns-stuff.c ldap-misc.c \
+        http.c http-common.c dns-stuff.c \
         $(ldap_url) $(t_common_src)
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
-			  $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) \
-                          $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
-t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(KSBA_LIBS) $(DNSLIBS)
-
-t_ldap_misc_SOURCES = t-ldap-misc.c ldap-misc.c ldap-misc.h $(ldap_url)
-t_ldap_misc_CFLAGS = -DWITHOUT_NPTH=1 $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-                     $(NTBTLS_CFLAGS)
-t_ldap_misc_LDFLAGS =
-t_ldap_misc_LDADD = $(libcommon) $(NTBTLS_LIBS) $(LIBGCRYPT_LIBS) \
-                    $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
-                    $(KSBA_LIBS) $(GPG_ERROR_LIBS) $(LIBICONV) $(NETLIBS)
-
+			  $(LIBGCRYPT_CFLAGS) \
+                          $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)
 
 t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
-		     $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) \
+		     $(LIBGCRYPT_CFLAGS) \
 	             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 t_dns_stuff_SOURCES = $(t_common_src) t-dns-stuff.c dns-stuff.c
 t_dns_stuff_LDADD   = $(t_common_ldadd) $(DNSLIBS)
diff --git a/dirmngr/Makefile.in b/dirmngr/Makefile.in
index 4d35b8b..c2eb147 100644
--- a/dirmngr/Makefile.in
+++ b/dirmngr/Makefile.in
@@ -147,33 +147,32 @@ noinst_PROGRAMS = $(am__EXEEXT_2) $(am__EXEEXT_3) $(am__EXEEXT_4)
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-@USE_LIBDNS_TRUE@am__append_8 = dns.c dns.h
-@USE_LDAP_TRUE@am__append_9 = ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@USE_LIBDNS_TRUE@am__append_9 = dns.c dns.h
+@USE_LDAP_TRUE@am__append_10 = ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
 @USE_LDAP_TRUE@                   ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
-@USE_LDAP_TRUE@                   ldap-misc.c ldap-misc.h \
 @USE_LDAP_TRUE@                   ks-engine-ldap.c $(ldap_url) ldap-wrapper.c
 
-@USE_LDAP_TRUE@am__append_10 = $(ldaplibs)
-@USE_LIBDNS_TRUE@am__append_11 = dns.c dns.h
-@USE_LDAP_TRUE@am__append_12 = t-ldap-parse-uri t-ldap-misc
+@USE_LDAP_TRUE@am__append_11 = $(ldaplibs)
+@USE_LIBDNS_TRUE@am__append_12 = dns.c dns.h
+@USE_LDAP_TRUE@am__append_13 = t-ldap-parse-uri
 subdir = dirmngr
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -181,12 +180,11 @@ DIST_COMMON = $(srcdir)/Makefile.am $(dist_pkgdata_DATA) \
 	$(noinst_HEADERS) $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = dirmngr.w32-manifest
+CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
 	"$(DESTDIR)$(pkgdatadir)"
-@USE_LDAP_TRUE@am__EXEEXT_1 = t-ldap-parse-uri$(EXEEXT) \
-@USE_LDAP_TRUE@	t-ldap-misc$(EXEEXT)
+@USE_LDAP_TRUE@am__EXEEXT_1 = t-ldap-parse-uri$(EXEEXT)
 am__EXEEXT_2 = t-http-basic$(EXEEXT) $(am__EXEEXT_1)
 @MAINTAINER_MODE_TRUE@am__EXEEXT_3 = t-dns-stuff$(EXEEXT)
 @MAINTAINER_MODE_TRUE@am__EXEEXT_4 = t-http$(EXEEXT)
@@ -200,12 +198,12 @@ am__dirmngr_SOURCES_DIST = dirmngr.c dirmngr.h server.c crlcache.c \
 	ks-engine.h ks-engine-hkp.c ks-engine-http.c \
 	ks-engine-finger.c ks-engine-kdns.c dns.c dns.h ldapserver.h \
 	ldapserver.c ldap.c w32-ldap-help.h ldap-wrapper.h \
-	ldap-parse-uri.c ldap-parse-uri.h ldap-misc.c ldap-misc.h \
-	ks-engine-ldap.c ldap-url.h ldap-url.c ldap-wrapper.c
+	ldap-parse-uri.c ldap-parse-uri.h ks-engine-ldap.c ldap-url.h \
+	ldap-url.c ldap-wrapper.c
 @USE_LIBDNS_TRUE@am__objects_1 = dns.$(OBJEXT)
 @HAVE_W32_SYSTEM_TRUE@am__objects_2 = ldap-url.$(OBJEXT)
 @USE_LDAP_TRUE@am__objects_3 = ldapserver.$(OBJEXT) ldap.$(OBJEXT) \
-@USE_LDAP_TRUE@	ldap-parse-uri.$(OBJEXT) ldap-misc.$(OBJEXT) \
+@USE_LDAP_TRUE@	ldap-parse-uri.$(OBJEXT) \
 @USE_LDAP_TRUE@	ks-engine-ldap.$(OBJEXT) $(am__objects_2) \
 @USE_LDAP_TRUE@	ldap-wrapper.$(OBJEXT)
 am_dirmngr_OBJECTS = dirmngr.$(OBJEXT) server.$(OBJEXT) \
@@ -226,8 +224,7 @@ dirmngr_DEPENDENCIES = $(libcommonpth) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_3)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3)
 dirmngr_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(dirmngr_LDFLAGS) \
 	$(LDFLAGS) -o $@
 am_dirmngr_client_OBJECTS = dirmngr-client.$(OBJEXT)
@@ -238,12 +235,10 @@ dirmngr_client_DEPENDENCIES = $(libcommon) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
 dirmngr_client_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(dirmngr_client_LDFLAGS) $(LDFLAGS) -o $@
-am__dirmngr_ldap_SOURCES_DIST = dirmngr_ldap.c ldap-misc.c ldap-misc.h \
-	ldap-url.h ldap-url.c
+am__dirmngr_ldap_SOURCES_DIST = dirmngr_ldap.c ldap-url.h ldap-url.c
 @HAVE_W32_SYSTEM_TRUE@am__objects_4 = dirmngr_ldap-ldap-url.$(OBJEXT)
 @USE_LDAP_TRUE@am_dirmngr_ldap_OBJECTS =  \
 @USE_LDAP_TRUE@	dirmngr_ldap-dirmngr_ldap.$(OBJEXT) \
-@USE_LDAP_TRUE@	dirmngr_ldap-ldap-misc.$(OBJEXT) \
 @USE_LDAP_TRUE@	$(am__objects_4)
 dirmngr_ldap_OBJECTS = $(am_dirmngr_ldap_OBJECTS)
 @USE_LDAP_TRUE@dirmngr_ldap_DEPENDENCIES = $(libcommon) \
@@ -293,44 +288,28 @@ am_t_http_basic_OBJECTS = $(am__objects_10) \
 t_http_basic_OBJECTS = $(am_t_http_basic_OBJECTS)
 t_http_basic_DEPENDENCIES = $(am__DEPENDENCIES_4) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 t_http_basic_LINK = $(CCLD) $(t_http_basic_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-am__t_ldap_misc_SOURCES_DIST = t-ldap-misc.c ldap-misc.c ldap-misc.h \
-	ldap-url.h ldap-url.c
-@HAVE_W32_SYSTEM_TRUE@am__objects_11 = t_ldap_misc-ldap-url.$(OBJEXT)
-am_t_ldap_misc_OBJECTS = t_ldap_misc-t-ldap-misc.$(OBJEXT) \
-	t_ldap_misc-ldap-misc.$(OBJEXT) $(am__objects_11)
-t_ldap_misc_OBJECTS = $(am_t_ldap_misc_OBJECTS)
-t_ldap_misc_DEPENDENCIES = $(libcommon) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-t_ldap_misc_LINK = $(CCLD) $(t_ldap_misc_CFLAGS) $(CFLAGS) \
-	$(t_ldap_misc_LDFLAGS) $(LDFLAGS) -o $@
 am__t_ldap_parse_uri_SOURCES_DIST = t-ldap-parse-uri.c \
 	ldap-parse-uri.c ldap-parse-uri.h http.c http-common.c \
-	dns-stuff.c ldap-misc.c ldap-url.h ldap-url.c t-support.h \
-	t-support.c dns.c dns.h
-@HAVE_W32_SYSTEM_TRUE@am__objects_12 =  \
+	dns-stuff.c ldap-url.h ldap-url.c t-support.h t-support.c \
+	dns.c dns.h
+@HAVE_W32_SYSTEM_TRUE@am__objects_11 =  \
 @HAVE_W32_SYSTEM_TRUE@	t_ldap_parse_uri-ldap-url.$(OBJEXT)
-@USE_LIBDNS_TRUE@am__objects_13 = t_ldap_parse_uri-dns.$(OBJEXT)
-am__objects_14 = t_ldap_parse_uri-t-support.$(OBJEXT) \
-	$(am__objects_13)
+@USE_LIBDNS_TRUE@am__objects_12 = t_ldap_parse_uri-dns.$(OBJEXT)
+am__objects_13 = t_ldap_parse_uri-t-support.$(OBJEXT) \
+	$(am__objects_12)
 am_t_ldap_parse_uri_OBJECTS =  \
 	t_ldap_parse_uri-t-ldap-parse-uri.$(OBJEXT) \
 	t_ldap_parse_uri-ldap-parse-uri.$(OBJEXT) \
 	t_ldap_parse_uri-http.$(OBJEXT) \
 	t_ldap_parse_uri-http-common.$(OBJEXT) \
-	t_ldap_parse_uri-dns-stuff.$(OBJEXT) \
-	t_ldap_parse_uri-ldap-misc.$(OBJEXT) $(am__objects_12) \
-	$(am__objects_14)
+	t_ldap_parse_uri-dns-stuff.$(OBJEXT) $(am__objects_11) \
+	$(am__objects_13)
 t_ldap_parse_uri_OBJECTS = $(am_t_ldap_parse_uri_OBJECTS)
 t_ldap_parse_uri_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1)
 t_ldap_parse_uri_LINK = $(CCLD) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_@AM_V@)
@@ -352,18 +331,17 @@ am__depfiles_remade = ./$(DEPDIR)/cdblib.Po ./$(DEPDIR)/certcache.Po \
 	./$(DEPDIR)/crlcache.Po ./$(DEPDIR)/crlfetch.Po \
 	./$(DEPDIR)/dirmngr-client.Po ./$(DEPDIR)/dirmngr.Po \
 	./$(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po \
-	./$(DEPDIR)/dirmngr_ldap-ldap-misc.Po \
 	./$(DEPDIR)/dirmngr_ldap-ldap-url.Po ./$(DEPDIR)/dns-stuff.Po \
 	./$(DEPDIR)/dns.Po ./$(DEPDIR)/domaininfo.Po \
 	./$(DEPDIR)/http-common.Po ./$(DEPDIR)/http-ntbtls.Po \
 	./$(DEPDIR)/http.Po ./$(DEPDIR)/ks-action.Po \
 	./$(DEPDIR)/ks-engine-finger.Po ./$(DEPDIR)/ks-engine-hkp.Po \
 	./$(DEPDIR)/ks-engine-http.Po ./$(DEPDIR)/ks-engine-kdns.Po \
-	./$(DEPDIR)/ks-engine-ldap.Po ./$(DEPDIR)/ldap-misc.Po \
-	./$(DEPDIR)/ldap-parse-uri.Po ./$(DEPDIR)/ldap-url.Po \
-	./$(DEPDIR)/ldap-wrapper.Po ./$(DEPDIR)/ldap.Po \
-	./$(DEPDIR)/ldapserver.Po ./$(DEPDIR)/loadswdb.Po \
-	./$(DEPDIR)/misc.Po ./$(DEPDIR)/ocsp.Po ./$(DEPDIR)/server.Po \
+	./$(DEPDIR)/ks-engine-ldap.Po ./$(DEPDIR)/ldap-parse-uri.Po \
+	./$(DEPDIR)/ldap-url.Po ./$(DEPDIR)/ldap-wrapper.Po \
+	./$(DEPDIR)/ldap.Po ./$(DEPDIR)/ldapserver.Po \
+	./$(DEPDIR)/loadswdb.Po ./$(DEPDIR)/misc.Po \
+	./$(DEPDIR)/ocsp.Po ./$(DEPDIR)/server.Po \
 	./$(DEPDIR)/t_dns_stuff-dns-stuff.Po \
 	./$(DEPDIR)/t_dns_stuff-dns.Po \
 	./$(DEPDIR)/t_dns_stuff-t-dns-stuff.Po \
@@ -377,14 +355,10 @@ am__depfiles_remade = ./$(DEPDIR)/cdblib.Po ./$(DEPDIR)/certcache.Po \
 	./$(DEPDIR)/t_http_basic-http.Po \
 	./$(DEPDIR)/t_http_basic-t-http-basic.Po \
 	./$(DEPDIR)/t_http_basic-t-support.Po \
-	./$(DEPDIR)/t_ldap_misc-ldap-misc.Po \
-	./$(DEPDIR)/t_ldap_misc-ldap-url.Po \
-	./$(DEPDIR)/t_ldap_misc-t-ldap-misc.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-dns-stuff.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-dns.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-http-common.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-http.Po \
-	./$(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-ldap-parse-uri.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-ldap-url.Po \
 	./$(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Po \
@@ -410,12 +384,11 @@ am__v_CCLD_1 =
 SOURCES = $(dirmngr_SOURCES) $(dirmngr_client_SOURCES) \
 	$(dirmngr_ldap_SOURCES) $(t_dns_stuff_SOURCES) \
 	$(t_http_SOURCES) $(t_http_basic_SOURCES) \
-	$(t_ldap_misc_SOURCES) $(t_ldap_parse_uri_SOURCES)
+	$(t_ldap_parse_uri_SOURCES)
 DIST_SOURCES = $(am__dirmngr_SOURCES_DIST) $(dirmngr_client_SOURCES) \
 	$(am__dirmngr_ldap_SOURCES_DIST) \
 	$(am__t_dns_stuff_SOURCES_DIST) $(am__t_http_SOURCES_DIST) \
 	$(am__t_http_basic_SOURCES_DIST) \
-	$(am__t_ldap_misc_SOURCES_DIST) \
 	$(am__t_ldap_parse_uri_SOURCES_DIST)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
@@ -492,8 +465,7 @@ am__tty_colors = { \
     std=''; \
   fi; \
 }
-am__DIST_COMMON = $(srcdir)/Makefile.in \
-	$(srcdir)/dirmngr.w32-manifest.in $(top_srcdir)/am/cmacros.am \
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
 	$(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -536,9 +508,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -547,6 +521,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -574,9 +549,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -613,13 +589,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -682,16 +661,15 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011 tls-ca.pem \
-             dirmngr-w32info.rc dirmngr.w32-manifest.in
-
+EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011 tls-ca.pem
 dist_pkgdata_DATA = sks-keyservers.netCA.pem
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -723,18 +701,16 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
 	ocsp.h validate.c validate.h dns-stuff.c dns-stuff.h http.c \
 	http.h http-common.c http-common.h http-ntbtls.c ks-action.c \
 	ks-action.h ks-engine.h ks-engine-hkp.c ks-engine-http.c \
-	ks-engine-finger.c ks-engine-kdns.c $(am__append_8) \
-	$(am__append_9)
+	ks-engine-finger.c ks-engine-kdns.c $(am__append_9) \
+	$(am__append_10)
 @USE_LDAP_FALSE@ldaplibs = 
 @USE_LDAP_TRUE@ldaplibs = $(LDAPLIBS)
-@HAVE_W32_SYSTEM_FALSE@dirmngr_robjs = 
-@HAVE_W32_SYSTEM_TRUE@dirmngr_robjs = $(resource_objs) dirmngr-w32info.o
 dirmngr_LDADD = $(libcommonpth) $(DNSLIBS) $(LIBASSUAN_LIBS) \
-	$(KSBA_LIBS) $(NPTH_LIBS) $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
-	$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) \
-	$(NETLIBS) $(dirmngr_robj) $(am__append_10)
+	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) $(NTBTLS_LIBS) \
+	$(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
+	$(am__append_11)
 dirmngr_LDFLAGS = $(extra_bin_ldflags)
-@USE_LDAP_TRUE@dirmngr_ldap_SOURCES = dirmngr_ldap.c ldap-misc.c ldap-misc.h $(ldap_url)
+@USE_LDAP_TRUE@dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
 @USE_LDAP_TRUE@dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
 @USE_LDAP_TRUE@dirmngr_ldap_LDFLAGS = 
 @USE_LDAP_TRUE@dirmngr_ldap_LDADD = $(libcommon) \
@@ -747,13 +723,13 @@ dirmngr_client_LDADD = $(libcommon) \
                        $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV)
 
 dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
-t_common_src = t-support.h t-support.c $(am__append_11)
-t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) \
-                 $(NTBTLS_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-                 $(LIBGNUTLS_LIBS) \
-                 $(NETLIBS) $(DNSLIBS) $(LIBINTL) $(LIBICONV)
+t_common_src = t-support.h t-support.c $(am__append_12)
+t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
+                 $(GPG_ERROR_LIBS) $(NETLIBS) \
+                 $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
+                 $(DNSLIBS) $(LIBINTL) $(LIBICONV)
 
-module_tests = t-http-basic $(am__append_12)
+module_tests = t-http-basic $(am__append_13)
 @MAINTAINER_MODE_FALSE@module_net_tests = 
 
 # Test which need a network connections are only used in maintainer mode.
@@ -782,31 +758,20 @@ t_http_basic_CFLAGS = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
                  $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
 
 t_http_basic_LDADD = $(t_common_ldadd) \
-	               $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
-                       $(GPG_ERROR_LIBS) \
-                       $(LIBGNUTLS_LIBS) $(DNSLIBS)
+	         $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
 
 t_ldap_parse_uri_SOURCES = \
 	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
-        http.c http-common.c dns-stuff.c ldap-misc.c \
+        http.c http-common.c dns-stuff.c \
         $(ldap_url) $(t_common_src)
 
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
-			  $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) \
-                          $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
-
-t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(KSBA_LIBS) $(DNSLIBS)
-t_ldap_misc_SOURCES = t-ldap-misc.c ldap-misc.c ldap-misc.h $(ldap_url)
-t_ldap_misc_CFLAGS = -DWITHOUT_NPTH=1 $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-                     $(NTBTLS_CFLAGS)
-
-t_ldap_misc_LDFLAGS = 
-t_ldap_misc_LDADD = $(libcommon) $(NTBTLS_LIBS) $(LIBGCRYPT_LIBS) \
-                    $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
-                    $(KSBA_LIBS) $(GPG_ERROR_LIBS) $(LIBICONV) $(NETLIBS)
+			  $(LIBGCRYPT_CFLAGS) \
+                          $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
+t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)
 t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1  $(USE_C99_CFLAGS) \
-		     $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) \
+		     $(LIBGCRYPT_CFLAGS) \
 	             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
 t_dns_stuff_SOURCES = $(t_common_src) t-dns-stuff.c dns-stuff.c
@@ -845,8 +810,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-dirmngr.w32-manifest: $(top_builddir)/config.status $(srcdir)/dirmngr.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
@@ -959,10 +922,6 @@ t-http-basic$(EXEEXT): $(t_http_basic_OBJECTS) $(t_http_basic_DEPENDENCIES) $(EX
 	@rm -f t-http-basic$(EXEEXT)
 	$(AM_V_CCLD)$(t_http_basic_LINK) $(t_http_basic_OBJECTS) $(t_http_basic_LDADD) $(LIBS)
 
-t-ldap-misc$(EXEEXT): $(t_ldap_misc_OBJECTS) $(t_ldap_misc_DEPENDENCIES) $(EXTRA_t_ldap_misc_DEPENDENCIES) 
-	@rm -f t-ldap-misc$(EXEEXT)
-	$(AM_V_CCLD)$(t_ldap_misc_LINK) $(t_ldap_misc_OBJECTS) $(t_ldap_misc_LDADD) $(LIBS)
-
 t-ldap-parse-uri$(EXEEXT): $(t_ldap_parse_uri_OBJECTS) $(t_ldap_parse_uri_DEPENDENCIES) $(EXTRA_t_ldap_parse_uri_DEPENDENCIES) 
 	@rm -f t-ldap-parse-uri$(EXEEXT)
 	$(AM_V_CCLD)$(t_ldap_parse_uri_LINK) $(t_ldap_parse_uri_OBJECTS) $(t_ldap_parse_uri_LDADD) $(LIBS)
@@ -980,7 +939,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr-client.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap-ldap-misc.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap-ldap-url.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns-stuff.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns.Po@am__quote@ # am--include-marker
@@ -994,7 +952,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-http.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-kdns.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-ldap.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-misc.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-parse-uri.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-url.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-wrapper.Po@am__quote@ # am--include-marker
@@ -1020,14 +977,10 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_http_basic-http.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_http_basic-t-http-basic.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_http_basic-t-support.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_misc-ldap-misc.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_misc-ldap-url.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_misc-t-ldap-misc.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-dns-stuff.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-dns.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-http-common.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-http.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-ldap-parse-uri.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-ldap-url.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Po@am__quote@ # am--include-marker
@@ -1069,20 +1022,6 @@ dirmngr_ldap-dirmngr_ldap.obj: dirmngr_ldap.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-dirmngr_ldap.obj `if test -f 'dirmngr_ldap.c'; then $(CYGPATH_W) 'dirmngr_ldap.c'; else $(CYGPATH_W) '$(srcdir)/dirmngr_ldap.c'; fi`
 
-dirmngr_ldap-ldap-misc.o: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-ldap-misc.o -MD -MP -MF $(DEPDIR)/dirmngr_ldap-ldap-misc.Tpo -c -o dirmngr_ldap-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-ldap-misc.Tpo $(DEPDIR)/dirmngr_ldap-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='dirmngr_ldap-ldap-misc.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-
-dirmngr_ldap-ldap-misc.obj: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-ldap-misc.obj -MD -MP -MF $(DEPDIR)/dirmngr_ldap-ldap-misc.Tpo -c -o dirmngr_ldap-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-ldap-misc.Tpo $(DEPDIR)/dirmngr_ldap-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='dirmngr_ldap-ldap-misc.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-
 dirmngr_ldap-ldap-url.o: ldap-url.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-ldap-url.o -MD -MP -MF $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo -c -o dirmngr_ldap-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo $(DEPDIR)/dirmngr_ldap-ldap-url.Po
@@ -1321,48 +1260,6 @@ t_http_basic-http-common.obj: http-common.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_http_basic_CFLAGS) $(CFLAGS) -c -o t_http_basic-http-common.obj `if test -f 'http-common.c'; then $(CYGPATH_W) 'http-common.c'; else $(CYGPATH_W) '$(srcdir)/http-common.c'; fi`
 
-t_ldap_misc-t-ldap-misc.o: t-ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-t-ldap-misc.o -MD -MP -MF $(DEPDIR)/t_ldap_misc-t-ldap-misc.Tpo -c -o t_ldap_misc-t-ldap-misc.o `test -f 't-ldap-misc.c' || echo '$(srcdir)/'`t-ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-t-ldap-misc.Tpo $(DEPDIR)/t_ldap_misc-t-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-ldap-misc.c' object='t_ldap_misc-t-ldap-misc.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-t-ldap-misc.o `test -f 't-ldap-misc.c' || echo '$(srcdir)/'`t-ldap-misc.c
-
-t_ldap_misc-t-ldap-misc.obj: t-ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-t-ldap-misc.obj -MD -MP -MF $(DEPDIR)/t_ldap_misc-t-ldap-misc.Tpo -c -o t_ldap_misc-t-ldap-misc.obj `if test -f 't-ldap-misc.c'; then $(CYGPATH_W) 't-ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/t-ldap-misc.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-t-ldap-misc.Tpo $(DEPDIR)/t_ldap_misc-t-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-ldap-misc.c' object='t_ldap_misc-t-ldap-misc.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-t-ldap-misc.obj `if test -f 't-ldap-misc.c'; then $(CYGPATH_W) 't-ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/t-ldap-misc.c'; fi`
-
-t_ldap_misc-ldap-misc.o: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-ldap-misc.o -MD -MP -MF $(DEPDIR)/t_ldap_misc-ldap-misc.Tpo -c -o t_ldap_misc-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-ldap-misc.Tpo $(DEPDIR)/t_ldap_misc-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='t_ldap_misc-ldap-misc.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-
-t_ldap_misc-ldap-misc.obj: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-ldap-misc.obj -MD -MP -MF $(DEPDIR)/t_ldap_misc-ldap-misc.Tpo -c -o t_ldap_misc-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-ldap-misc.Tpo $(DEPDIR)/t_ldap_misc-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='t_ldap_misc-ldap-misc.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-
-t_ldap_misc-ldap-url.o: ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-ldap-url.o -MD -MP -MF $(DEPDIR)/t_ldap_misc-ldap-url.Tpo -c -o t_ldap_misc-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-ldap-url.Tpo $(DEPDIR)/t_ldap_misc-ldap-url.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-url.c' object='t_ldap_misc-ldap-url.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
-
-t_ldap_misc-ldap-url.obj: ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -MT t_ldap_misc-ldap-url.obj -MD -MP -MF $(DEPDIR)/t_ldap_misc-ldap-url.Tpo -c -o t_ldap_misc-ldap-url.obj `if test -f 'ldap-url.c'; then $(CYGPATH_W) 'ldap-url.c'; else $(CYGPATH_W) '$(srcdir)/ldap-url.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_misc-ldap-url.Tpo $(DEPDIR)/t_ldap_misc-ldap-url.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-url.c' object='t_ldap_misc-ldap-url.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_misc_CFLAGS) $(CFLAGS) -c -o t_ldap_misc-ldap-url.obj `if test -f 'ldap-url.c'; then $(CYGPATH_W) 'ldap-url.c'; else $(CYGPATH_W) '$(srcdir)/ldap-url.c'; fi`
-
 t_ldap_parse_uri-t-ldap-parse-uri.o: t-ldap-parse-uri.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -MT t_ldap_parse_uri-t-ldap-parse-uri.o -MD -MP -MF $(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Tpo -c -o t_ldap_parse_uri-t-ldap-parse-uri.o `test -f 't-ldap-parse-uri.c' || echo '$(srcdir)/'`t-ldap-parse-uri.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Tpo $(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Po
@@ -1433,20 +1330,6 @@ t_ldap_parse_uri-dns-stuff.obj: dns-stuff.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -c -o t_ldap_parse_uri-dns-stuff.obj `if test -f 'dns-stuff.c'; then $(CYGPATH_W) 'dns-stuff.c'; else $(CYGPATH_W) '$(srcdir)/dns-stuff.c'; fi`
 
-t_ldap_parse_uri-ldap-misc.o: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -MT t_ldap_parse_uri-ldap-misc.o -MD -MP -MF $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Tpo -c -o t_ldap_parse_uri-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Tpo $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='t_ldap_parse_uri-ldap-misc.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -c -o t_ldap_parse_uri-ldap-misc.o `test -f 'ldap-misc.c' || echo '$(srcdir)/'`ldap-misc.c
-
-t_ldap_parse_uri-ldap-misc.obj: ldap-misc.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -MT t_ldap_parse_uri-ldap-misc.obj -MD -MP -MF $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Tpo -c -o t_ldap_parse_uri-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Tpo $(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-misc.c' object='t_ldap_parse_uri-ldap-misc.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -c -o t_ldap_parse_uri-ldap-misc.obj `if test -f 'ldap-misc.c'; then $(CYGPATH_W) 'ldap-misc.c'; else $(CYGPATH_W) '$(srcdir)/ldap-misc.c'; fi`
-
 t_ldap_parse_uri-ldap-url.o: ldap-url.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_ldap_parse_uri_CFLAGS) $(CFLAGS) -MT t_ldap_parse_uri-ldap-url.o -MD -MP -MF $(DEPDIR)/t_ldap_parse_uri-ldap-url.Tpo -c -o t_ldap_parse_uri-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_ldap_parse_uri-ldap-url.Tpo $(DEPDIR)/t_ldap_parse_uri-ldap-url.Po
@@ -1739,7 +1622,6 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/dirmngr-client.Po
 	-rm -f ./$(DEPDIR)/dirmngr.Po
 	-rm -f ./$(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po
-	-rm -f ./$(DEPDIR)/dirmngr_ldap-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/dirmngr_ldap-ldap-url.Po
 	-rm -f ./$(DEPDIR)/dns-stuff.Po
 	-rm -f ./$(DEPDIR)/dns.Po
@@ -1753,7 +1635,6 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/ks-engine-http.Po
 	-rm -f ./$(DEPDIR)/ks-engine-kdns.Po
 	-rm -f ./$(DEPDIR)/ks-engine-ldap.Po
-	-rm -f ./$(DEPDIR)/ldap-misc.Po
 	-rm -f ./$(DEPDIR)/ldap-parse-uri.Po
 	-rm -f ./$(DEPDIR)/ldap-url.Po
 	-rm -f ./$(DEPDIR)/ldap-wrapper.Po
@@ -1779,14 +1660,10 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/t_http_basic-http.Po
 	-rm -f ./$(DEPDIR)/t_http_basic-t-http-basic.Po
 	-rm -f ./$(DEPDIR)/t_http_basic-t-support.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-ldap-misc.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-ldap-url.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-t-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-dns-stuff.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-dns.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-http-common.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-http.Po
-	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-parse-uri.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-url.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Po
@@ -1845,7 +1722,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/dirmngr-client.Po
 	-rm -f ./$(DEPDIR)/dirmngr.Po
 	-rm -f ./$(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po
-	-rm -f ./$(DEPDIR)/dirmngr_ldap-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/dirmngr_ldap-ldap-url.Po
 	-rm -f ./$(DEPDIR)/dns-stuff.Po
 	-rm -f ./$(DEPDIR)/dns.Po
@@ -1859,7 +1735,6 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/ks-engine-http.Po
 	-rm -f ./$(DEPDIR)/ks-engine-kdns.Po
 	-rm -f ./$(DEPDIR)/ks-engine-ldap.Po
-	-rm -f ./$(DEPDIR)/ldap-misc.Po
 	-rm -f ./$(DEPDIR)/ldap-parse-uri.Po
 	-rm -f ./$(DEPDIR)/ldap-url.Po
 	-rm -f ./$(DEPDIR)/ldap-wrapper.Po
@@ -1885,14 +1760,10 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/t_http_basic-http.Po
 	-rm -f ./$(DEPDIR)/t_http_basic-t-http-basic.Po
 	-rm -f ./$(DEPDIR)/t_http_basic-t-support.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-ldap-misc.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-ldap-url.Po
-	-rm -f ./$(DEPDIR)/t_ldap_misc-t-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-dns-stuff.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-dns.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-http-common.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-http.Po
-	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-misc.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-parse-uri.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-ldap-url.Po
 	-rm -f ./$(DEPDIR)/t_ldap_parse_uri-t-ldap-parse-uri.Po
@@ -1941,7 +1812,6 @@ uninstall-am: uninstall-binPROGRAMS uninstall-dist_pkgdataDATA \
 
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
-@HAVE_W32_SYSTEM_TRUE@dirmngr-w32info.o : dirmngr.w32-manifest
 
 $(PROGRAMS) : $(libcommon) $(libcommonpth)
 
diff --git a/dirmngr/cdb.h b/dirmngr/cdb.h
index 0c0d270..5d46f69 100644
--- a/dirmngr/cdb.h
+++ b/dirmngr/cdb.h
@@ -85,7 +85,7 @@ int cdb_make_put(struct cdb_make *cdbmp,
 		 const void *key, cdbi_t klen,
 		 const void *val, cdbi_t vlen,
 		 int flag);
-#define CDB_PUT_ADD	0	/* add unconditionnaly, like cdb_make_add() */
+#define CDB_PUT_ADD	0	/* add unconditionally, like cdb_make_add() */
 #define CDB_PUT_REPLACE	1	/* replace: do not place to index OLD record */
 #define CDB_PUT_INSERT	2	/* add only if not already exists */
 #define CDB_PUT_WARN	3	/* add unconditionally but ret. 1 if exists */
diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c
index 827399f..c401263 100644
--- a/dirmngr/cdblib.c
+++ b/dirmngr/cdblib.c
@@ -19,7 +19,7 @@
    length, meaning that corresponding hash table is empty.
 
    Right after toc section, data section follows without any
-   alingment.  It consists of series of records, each is a key length,
+   alignment.  It consists of series of records, each is a key length,
    value (data) length, key and value.  Again, key and value length
    are 4-byte unsigned integers.  Each next record follows previous
    without any special alignment.
@@ -52,7 +52,7 @@
    beginning of a table).  When hash value in question is found in
    hash table, look to key of corresponding record, comparing it with
    key in question.  If them of the same length and equals to each
-   other, then record is found, overwise, repeat with next hash table
+   other, then record is found, otherwise, repeat with next hash table
    slot.  Note that there may be several records with the same key.
 */
 
@@ -245,7 +245,7 @@ cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen)
   pos = cdb_unpack(htp);	/* htab position */
   if (n > (cdbp->cdb_fsize >> 3) /* overflow of httodo ? */
       || pos > cdbp->cdb_fsize /* htab start within file ? */
-      || httodo > cdbp->cdb_fsize - pos) /* entrie htab within file ? */
+      || httodo > cdbp->cdb_fsize - pos) /* htab entry within file ? */
   {
     gpg_err_set_errno (EPROTO);
     return -1;
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 5705323..bee1c44 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -262,29 +262,13 @@ clean_cache_slot (cert_item_t ci)
  * fingerprint of the certificate will be stored there.  FPR_BUFFER
  * needs to point to a buffer of at least 20 bytes.  The fingerprint
  * will be stored on success or when the function returns
- * GPG_ERR_DUP_VALUE or GPG_ERR_NOT_ENABLED.  */
+ * GPG_ERR_DUP_VALUE.  */
 static gpg_error_t
 put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass,
           void *fpr_buffer)
 {
   unsigned char help_fpr_buffer[20], *fpr;
   cert_item_t ci;
-  fingerprint_list_t ignored;
-
-  /* Do not keep expired certificates in the permanent cache.  */
-  if (permanent && !opt.debug_cache_expired_certs)
-    {
-      ksba_isotime_t not_after;
-      ksba_isotime_t current_time;
-
-      if (ksba_cert_get_validity (cert, 1, not_after))
-        return gpg_error (GPG_ERR_BAD_CERT);
-
-      gnupg_get_isotime (current_time);
-
-      if (*not_after && strcmp (current_time, not_after) > 0)
-        return gpg_error (GPG_ERR_CERT_EXPIRED);
-    }
 
   fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
 
@@ -333,14 +317,6 @@ put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass,
     }
 
   cert_compute_fpr (cert, fpr);
-  /* Compare against the list of to be ignored certificates.  */
-  for (ignored = opt.ignored_certs; ignored; ignored = ignored->next)
-    if (ignored->binlen == 20 && !memcmp (fpr, ignored->hexfpr, 20))
-      {
-        /* We are configured not to use this certificate.  */
-        return gpg_error (GPG_ERR_NOT_ENABLED);
-      }
-
   for (ci=cert_cache[*fpr]; ci; ci = ci->next)
     if (ci->cert && !memcmp (ci->fpr, fpr, 20))
       return gpg_error (GPG_ERR_DUP_VALUE);
@@ -464,8 +440,6 @@ load_certs_from_dir (const char *dirname, unsigned int trustclass)
               cert_log_subject (_("  subject ="), cert);
             }
         }
-      else if (gpg_err_code (err) == GPG_ERR_NOT_ENABLED)
-        log_info ("certificate '%s' skipped due to configuration\n", fname);
       else
         log_error (_("error loading certificate '%s': %s\n"),
                      fname, gpg_strerror (err));
@@ -536,8 +510,6 @@ load_certs_from_file (const char *fname, unsigned int trustclasses,
       err = put_cert (cert, 1, trustclasses, NULL);
       if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
         log_info (_("certificate '%s' already cached\n"), fname);
-      else if (gpg_err_code (err) == GPG_ERR_NOT_ENABLED)
-        log_info ("certificate '%s' skipped due to configuration\n", fname);
       else if (err)
         log_error (_("error loading certificate '%s': %s\n"),
                    fname, gpg_strerror (err));
@@ -653,9 +625,6 @@ load_certs_from_w32_store (const char *storename)
               if (DBG_X509)
                 log_debug (_("certificate '%s' already cached\n"), storename);
             }
-          else if (gpg_err_code (err) == GPG_ERR_NOT_ENABLED)
-            log_info ("certificate '%s' skipped due to configuration\n",
-                      storename);
           else if (err)
             log_error (_("error loading certificate '%s': %s\n"),
                        storename, gpg_strerror (err));
@@ -755,12 +724,11 @@ cert_cache_init (strlist_t hkp_cacerts)
   /* Put the special pool certificate into our store.  This is
    * currently only used with ntbtls.  For GnuTLS http_session_new
    * unfortunately loads that certificate directly from the file.  */
-  /* Disabled for 2.2.29 because the service had to be shutdown.  */
-  /* fname = make_filename_try (gnupg_datadir (), */
-  /*                            "sks-keyservers.netCA.pem", NULL); */
-  /* if (fname) */
-  /*   load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1); */
-  /* xfree (fname); */
+  fname = make_filename_try (gnupg_datadir (),
+                             "sks-keyservers.netCA.pem", NULL);
+  if (fname)
+    load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1);
+  xfree (fname);
 
   for (sl = hkp_cacerts; sl; sl = sl->next)
     load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
@@ -883,8 +851,6 @@ cache_cert (ksba_cert_t cert)
     log_info (_("certificate already cached\n"));
   else if (!err)
     log_info (_("certificate cached\n"));
-  else if (gpg_err_code (err) == GPG_ERR_NOT_ENABLED)
-    log_info ("certificate skipped due to configuration\n");
   else
     log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
   return err;
@@ -905,10 +871,7 @@ cache_cert_silent (ksba_cert_t cert, void *fpr_buffer)
   release_cache_lock ();
   if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
     err = 0;
-
-  if (gpg_err_code (err) == GPG_ERR_NOT_ENABLED)
-    log_info ("certificate skipped due to configuration\n");
-  else if (err)
+  if (err)
     log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
   return err;
 }
@@ -1485,7 +1448,6 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
   gpg_error_t err;
   int seq;
   ksba_cert_t cert = NULL;
-  ksba_cert_t first;         /* The first certificate found.  */
   cert_fetch_context_t context = NULL;
   ksba_sexp_t subj;
 
@@ -1523,46 +1485,24 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
     }
 
   /* Now check whether the certificate is cached.  */
-  first = NULL;
-  subj = NULL;
   for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
     {
-      if (!keyid
-          || (!ksba_cert_get_subj_key_id (cert, NULL, &subj)
-              && !cmp_simple_canon_sexp (keyid, subj)))
+      if (!keyid)
+        break; /* No keyid requested, so return the first one found. */
+      if (!ksba_cert_get_subj_key_id (cert, NULL, &subj)
+          && !cmp_simple_canon_sexp (keyid, subj))
         {
           xfree (subj);
-          subj = NULL;
           if (DBG_LOOKUP)
             log_debug ("%s: certificate found in the cache"
-                       " %sby subject DN\n", __func__, !keyid?"only ":"");
-
-          /* If this a trusted cert - then prefer it.  */
-          if (!is_trusted_cert (cert, (CERTTRUST_CLASS_SYSTEM
-                                       | CERTTRUST_CLASS_CONFIG)))
-            {
-              ksba_cert_release (first);
-              first = cert;
-              cert = NULL;
-              /* We stop at the first trusted certificate and ignore
-               * any yet found non-trusted certificates.   */
-              break;
-            }
-          else if (!first)
-            {
-              /* Not trusted.  Save only the first one but continue
-               * the loop in case there is also a trusted one.  */
-              ksba_cert_release (first);
-              first = cert;
-              cert = NULL;
-            }
+                       " via subject DN\n", __func__);
+          break; /* Found matching cert. */
         }
       xfree (subj);
-      subj = NULL;
       ksba_cert_release (cert);
     }
-  if (first)
-    return first; /* Return the first found certificate.  */
+  if (cert)
+    return cert; /* Done.  */
 
   /* If we do not have a subject DN but have a keyid, try to locate it
    * by keyid.  */
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index eee4b72..9d18b72 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -1950,7 +1950,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
             ksba_sexp_t keyid;
 
             /* We need to look for the issuer only after having read
-               all items.  The issuer itselfs comes before the items
+               all items.  The issuer itself comes before the items
                but the optional authorityKeyIdentifier comes after the
                items. */
             err = ksba_crl_get_issuer (crl, &crlissuer);
@@ -2075,7 +2075,7 @@ get_crl_number (ksba_crl_t crl)
 
 
 /* Return the authorityKeyIdentifier or NULL if it is not available.
-   The issuer name may consists of several parts - they are delimted by
+   The issuer name may consists of several parts - they are delimited by
    0x01. */
 static char *
 get_auth_key_id (ksba_crl_t crl, char **serialno)
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index e355aab..c8091f6 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -240,7 +240,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
       else
         {
 #       if USE_LDAP
-          err = url_fetch_ldap (ctrl, url, reader);
+          err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
 #       else /*!USE_LDAP*/
           err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 #       endif /*!USE_LDAP*/
@@ -513,7 +513,7 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
   else /* Assume LDAP.  */
     {
 #if USE_LDAP
-      err = url_fetch_ldap (ctrl, url, &reader);
+      err = url_fetch_ldap (ctrl, url, NULL, 0, &reader);
 #else
       (void)ctrl;
       (void)url;
diff --git a/dirmngr/crlfetch.h b/dirmngr/crlfetch.h
index f309653..3822adb 100644
--- a/dirmngr/crlfetch.h
+++ b/dirmngr/crlfetch.h
@@ -62,7 +62,8 @@ void crl_close_reader (ksba_reader_t reader);
 
 /*-- ldap.c --*/
 gpg_error_t url_fetch_ldap (ctrl_t ctrl,
-                            const char *url, ksba_reader_t *reader);
+                            const char *url, const char *host, int port,
+                            ksba_reader_t *reader);
 gpg_error_t attr_fetch_ldap (ctrl_t ctrl,
                              const char *dn, const char *attr,
                              ksba_reader_t *reader);
diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c
index e4df476..1560fd3 100644
--- a/dirmngr/dirmngr-client.c
+++ b/dirmngr/dirmngr-client.c
@@ -33,7 +33,6 @@
 #include <assuan.h>
 
 #include "../common/logging.h"
-#include "../common/argparse.h"
 #include "../common/stringhelp.h"
 #include "../common/mischelp.h"
 #include "../common/strlist.h"
@@ -66,7 +65,7 @@ enum
 
 
 /* The list of options as used by the argparse.c code.  */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   { oVerbose,  "verbose",   0, N_("verbose") },
   { oQuiet,    "quiet",     0, N_("be somewhat more quiet") },
   { oOCSP,     "ocsp",      0, N_("use OCSP instead of CRLs") },
@@ -189,7 +188,7 @@ my_strusage (int level)
 int
 main (int argc, char **argv )
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   assuan_context_t ctx;
   gpg_error_t err;
   unsigned char *certbuf;
@@ -202,12 +201,12 @@ main (int argc, char **argv )
   int cmd_squid_mode = 0;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("dirmngr-client",
                   GPGRT_LOG_WITH_PREFIX);
-  /* Register our string mapper.  Usually done in
-   * init_common_subsystems, but we don't use that here.  */
-  gnupg_set_fixed_string_mapper (map_static_macro_string);
+  /* Register our string mapper with gpgrt.  Usually done in
+   * init_common_subsystems, but we don't need that here.  */
+  gpgrt_set_fixed_string_mapper (map_static_macro_string);
 
   /* For W32 we need to initialize the socket subsystem.  Because we
      don't use Pth we need to do this explicit. */
@@ -230,7 +229,7 @@ main (int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -256,7 +255,7 @@ main (int argc, char **argv )
         default : pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (log_get_errorcount (0))
     exit (2);
@@ -266,14 +265,14 @@ main (int argc, char **argv )
   else if (cmd_lookup || cmd_loadcrl)
     {
       if (!argc)
-        usage (1);
+        gpgrt_usage (1);
       err = 0;
     }
   else if (cmd_squid_mode)
     {
       err = 0;
       if (argc)
-        usage (1);
+        gpgrt_usage (1);
     }
   else if (!argc)
     {
@@ -292,7 +291,7 @@ main (int argc, char **argv )
   else
     {
       err = 0;
-      usage (1);
+      gpgrt_usage (1);
     }
 
   if (log_get_errorcount (0))
@@ -462,7 +461,7 @@ data_cb (void *opaque, const void *buffer, size_t length)
 static gpg_error_t
 read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
 {
-  FILE *fp;
+  estream_t fp;
   int c;
   int pos;
   int value;
@@ -476,16 +475,16 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
 
   init_asctobin ();
 
-  fp = fname? gnupg_fopen (fname, "r") : stdin;
+  fp = fname? es_fopen (fname, "r") : es_stdin;
   if (!fp)
-    return gpg_error_from_errno (errno);
+    return gpg_error_from_syserror ();
 
   pos = 0;
   value = 0;
   bufsize = 8192;
   buf = xmalloc (bufsize);
   buflen = 0;
-  while ((c=getc (fp)) != EOF)
+  while ((c=es_getc (fp)) != EOF)
     {
       int escaped_c = 0;
 
@@ -494,10 +493,10 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
           if (c == '%')
             {
               char tmp[2];
-              if ((c = getc(fp)) == EOF)
+              if ((c = es_getc(fp)) == EOF)
                 break;
               tmp[0] = c;
-              if ((c = getc(fp)) == EOF)
+              if ((c = es_getc(fp)) == EOF)
                 break;
               tmp[1] = c;
               if (!hexdigitp (tmp) || !hexdigitp (tmp+1))
@@ -505,7 +504,7 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
                   log_error ("invalid percent escape sequence\n");
                   state = s_idle; /* Force an error. */
                   /* Skip to end of line.  */
-                  while ( (c=getc (fp)) != EOF && c != '\n')
+                  while ( (c=es_getc (fp)) != EOF && c != '\n')
                     ;
                   goto ready;
                 }
@@ -594,7 +593,7 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
     }
  ready:
   if (fname)
-    fclose (fp);
+    es_fclose (fp);
 
   if (state == s_init && c == EOF)
     {
@@ -621,7 +620,7 @@ static gpg_error_t
 read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
 {
   gpg_error_t err;
-  FILE *fp;
+  estream_t fp;
   unsigned char *buf;
   size_t nread, bufsize, buflen;
 
@@ -637,9 +636,9 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
         return 0;
     }
 
-  fp = fname? gnupg_fopen (fname, "rb") : stdin;
+  fp = fname? es_fopen (fname, "rb") : es_stdin;
   if (!fp)
-    return gpg_error_from_errno (errno);
+    return gpg_error_from_syserror ();
 
   buf = NULL;
   bufsize = buflen = 0;
@@ -652,13 +651,13 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
       else
         buf = xrealloc (buf, bufsize);
 
-      nread = fread (buf+buflen, 1, NCHUNK, fp);
-      if (nread < NCHUNK && ferror (fp))
+      nread = es_fread (buf+buflen, 1, NCHUNK, fp);
+      if (nread < NCHUNK && es_ferror (fp))
         {
-          err = gpg_error_from_errno (errno);
+          err = gpg_error_from_syserror ();
           xfree (buf);
           if (fname)
-            fclose (fp);
+            es_fclose (fp);
           return err;
         }
       buflen += nread;
@@ -666,7 +665,7 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
   while (nread == NCHUNK);
 #undef NCHUNK
   if (fname)
-    fclose (fp);
+    es_fclose (fp);
   *rbuf = buf;
   *rbuflen = buflen;
   return 0;
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index e287194..33de686 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1,6 +1,6 @@
 /* dirmngr.c - Keyserver and X.509 LDAP access
  * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003-2004, 2006-2007, 2008, 2010-2011, 2020-2021 g10 Code GmbH
+ * Copyright (C) 2003-2004, 2006-2007, 2008, 2010-2011, 2020 g10 Code GmbH
  * Copyright (C) 2014 Werner Koch
  *
  * This file is part of GnuPG.
@@ -107,7 +107,6 @@ enum cmd_and_opt_values {
   oDebugWait,
   oDebugLevel,
   oGnutlsDebug,
-  oDebugCacheExpiredCerts,
   oNoGreeting,
   oNoOptions,
   oHomedir,
@@ -125,7 +124,6 @@ enum cmd_and_opt_values {
   oHTTPProxy,
   oLDAPProxy,
   oOnlyLDAPProxy,
-  oLDAPServer,
   oLDAPFile,
   oLDAPTimeout,
   oLDAPAddServers,
@@ -140,11 +138,9 @@ enum cmd_and_opt_values {
   oForce,
   oAllowOCSP,
   oAllowVersionCheck,
-  oStealSocket,
   oSocketName,
   oLDAPWrapperProgram,
   oHTTPWrapperProgram,
-  oIgnoreCert,
   oIgnoreCertExtension,
   oUseTor,
   oNoUseTor,
@@ -162,7 +158,7 @@ enum cmd_and_opt_values {
 
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
   ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
@@ -187,7 +183,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
   ARGPARSE_s_n (oSh,       "sh",        N_("sh-style command output")),
   ARGPARSE_s_n (oCsh,      "csh",       N_("csh-style command output")),
-  ARGPARSE_s_n (oStealSocket, "steal-socket", "@"),
   ARGPARSE_s_s (oHomedir, "homedir", "@"),
   ARGPARSE_conffile (oOptions,  "options", N_("|FILE|read options from FILE")),
   ARGPARSE_noconffile (oNoOptions, "no-options", "@"),
@@ -219,7 +214,6 @@ static ARGPARSE_OPTS opts[] = {
                 N_("|N|do not return more than N items in one query")),
   ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/
   ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
-  ARGPARSE_s_s (oIgnoreCert,"ignore-cert", "@"),
   ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
 
 
@@ -244,7 +238,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
                 N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
 
-
   ARGPARSE_header ("HTTP", N_("Configuration for HTTP servers")),
 
   ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
@@ -266,8 +259,6 @@ static ARGPARSE_OPTS opts[] = {
                 N_("|HOST|use HOST for LDAP queries")),
   ARGPARSE_s_n (oOnlyLDAPProxy, "only-ldap-proxy",
                 N_("do not use fallback hosts with --ldap-proxy")),
-  ARGPARSE_s_s (oLDAPServer, "ldapserver",
-                N_("|SPEC|use this keyserver to lookup keys")),
   ARGPARSE_s_s (oLDAPFile, "ldapserverlist-file",
                 N_("|FILE|read LDAP server list from FILE")),
   ARGPARSE_s_n (oLDAPAddServers, "add-servers",
@@ -294,9 +285,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_header (NULL, N_("Other options")),
 
   ARGPARSE_s_n (oForce,    "force",    N_("force loading of outdated CRLs")),
-
   ARGPARSE_s_s (oSocketName, "socket-name", "@"),  /* Only for debugging.  */
-  ARGPARSE_s_n (oDebugCacheExpiredCerts, "debug-cache-expired-certs", "@"),
+
 
   ARGPARSE_header (NULL, ""),  /* Stop the header group.  */
 
@@ -367,10 +357,6 @@ static volatile int shutdown_pending;
 /* Flags to indicate that we shall not watch our own socket. */
 static int disable_check_own_socket;
 
-/* Flag indicating to start the daemon even if one already runs.  */
-static int steal_socket;
-
-
 /* Flag to control the Tor mode.  */
 static enum
   { TOR_MODE_AUTO = 0,  /* Switch to NO or YES         */
@@ -388,14 +374,9 @@ static int active_connections;
  * thread to run background network tasks.  */
 static int network_activity_seen;
 
-/* A list of filenames registred with --hkp-cacert.  */
+/* A list of filenames registered with --hkp-cacert.  */
 static strlist_t hkp_cacert_filenames;
 
-/* A flag used to clear the list of ldapservers iff --ldapserver is
- * given on the command line or one of the conf files. In this case we
- * want to clear all old specifications through the legacy
- * dirmngr_ldapservers.conf. */
-static int ldapserver_list_needs_reset;
 
 /* The timer tick used for housekeeping stuff.  The second constant is used when a shutdown is pending.  */
 #define TIMERTICK_INTERVAL           (60)
@@ -429,9 +410,7 @@ static void cleanup (void);
 #if USE_LDAP
 static ldap_server_t parse_ldapserver_file (const char* filename, int ienoent);
 #endif /*USE_LDAP*/
-static fingerprint_list_t parse_fingerprint_item (const char *string,
-                                                  const  char *optionname,
-                                                  int want_binary);
+static fingerprint_list_t parse_ocsp_signer (const char *string);
 static void netactivity_action (void);
 static void handle_connections (assuan_fd_t listen_fd);
 static void gpgconf_versions (void);
@@ -472,7 +451,7 @@ my_strusage( int level )
 
 /* Callback from libksba to hash a provided buffer.  Our current
    implementation does only allow SHA-1 for hashing. This may be
-   extended by mapping the name, testing for algorithm availibility
+   extended by mapping the name, testing for algorithm availability
    and adjust the length checks accordingly. */
 static gpg_error_t
 my_ksba_hash_buffer (void *arg, const char *oid,
@@ -581,7 +560,7 @@ set_tor_mode (void)
 {
   if (dirmngr_use_tor ())
     {
-      /* Enable Tor mode and when called again force a new curcuit
+      /* Enable Tor mode and when called again force a new circuit
        * (e.g. on SIGHUP).  */
       enable_dns_tormode (1);
       if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
@@ -623,15 +602,6 @@ dirmngr_use_tor (void)
 }
 
 
-/* This is somewhat similar to dirmngr_use_tor but avoids a trial
- * connect and may thus be faster for this special case.  */
-int
-dirmngr_never_use_tor_p (void)
-{
-  return tor_mode == TOR_MODE_NEVER;
-}
-
-
 static void
 wrong_args (const char *text)
 {
@@ -658,7 +628,7 @@ shutdown_reaper (void)
    PARGS, resets the options to the default.  REREAD should be set
    true if it is not the initial option parsing. */
 static int
-parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
 {
   if (!pargs)
     { /* Reset mode. */
@@ -688,12 +658,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
           xfree (opt.ocsp_signer);
           opt.ocsp_signer = tmp;
         }
-      while (opt.ignored_certs)
-        {
-          fingerprint_list_t tmp = opt.ignored_certs->next;
-          xfree (opt.ignored_certs);
-          opt.ignored_certs = tmp;
-        }
       FREE_STRLIST (opt.ignored_cert_extensions);
       http_register_tls_ca (NULL);
       FREE_STRLIST (hkp_cacert_filenames);
@@ -706,9 +670,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       set_dns_timeout (0);
       opt.connect_timeout = 0;
       opt.connect_quick_timeout = 0;
-      opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
-      ldapserver_list_needs_reset = 1;
-      opt.debug_cache_expired_certs = 0;
       return 1;
     }
 
@@ -760,8 +721,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oAllowVersionCheck: opt.allow_version_check = 1; break;
     case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
     case oOCSPSigner:
-      opt.ocsp_signer = parse_fingerprint_item (pargs->r.ret_str,
-                                                "--ocsp-signer", 0);
+      opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
       break;
     case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break;
     case oOCSPMaxPeriod: opt.ocsp_max_period = pargs->r.ret_int; break;
@@ -783,24 +743,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       }
       break;
 
-    case oIgnoreCert:
-      {
-        fingerprint_list_t item, r;
-        item = parse_fingerprint_item (pargs->r.ret_str, "--ignore-cert", 20);
-        if (item)
-          {  /* Append  */
-            if (!opt.ignored_certs)
-              opt.ignored_certs = item;
-            else
-              {
-                for (r = opt.ignored_certs; r->next; r = r->next)
-                  ;
-                r->next = item;
-              }
-          }
-      }
-      break;
-
     case oIgnoreCertExtension:
       add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
       break;
@@ -816,32 +758,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oStandardResolver: enable_standard_resolver (1); break;
     case oRecursiveResolver: enable_recursive_resolver (1); break;
 
-    case oLDAPServer:
-#if USE_LDAP
-      {
-        ldap_server_t server;
-        char *p;
-
-        p = pargs->r.ret_str;
-        if (!strncmp (p, "ldap:", 5) && !(p[5] == '/' && p[6] == '/'))
-          p += 5;
-
-        server = ldapserver_parse_one (p, NULL, 0);
-        if (server)
-          {
-            if (ldapserver_list_needs_reset)
-              {
-                ldapserver_list_needs_reset = 0;
-                ldapserver_list_free (opt.ldapservers);
-                opt.ldapservers = NULL;
-              }
-            server->next = opt.ldapservers;
-            opt.ldapservers = server;
-          }
-      }
-#endif
-      break;
-
     case oKeyServer:
       if (*pargs->r.ret_str)
         add_to_strlist (&opt.keyserver, pargs->r.ret_str);
@@ -863,14 +779,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.connect_quick_timeout = pargs->r.ret_ulong * 1000;
       break;
 
-    case oLDAPTimeout:
-      opt.ldaptimeout = pargs->r.ret_int;
-      break;
-
-    case oDebugCacheExpiredCerts:
-      opt.debug_cache_expired_certs = 0;
-      break;
-
     default:
       return 0; /* Not handled. */
     }
@@ -884,7 +792,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 }
 
 
-/* This fucntion is called after option parsing to adjust some values
+/* This function is called after option parsing to adjust some values
  * and call option setup functions.  */
 static void
 post_option_parsing (void)
@@ -895,7 +803,6 @@ post_option_parsing (void)
     opt.connect_quick_timeout = opt.connect_timeout;
 
   set_debug ();
-  set_tor_mode ();
 }
 
 
@@ -919,12 +826,12 @@ my_ntbtls_log_handler (void *opaque, int level, const char *fmt, va_list argv)
   (void)opaque;
 
   if (level == -1)
-    log_logv_with_prefix (GPGRT_LOG_INFO, "ntbtls: ", fmt, argv);
+    log_logv_prefix (GPGRT_LOGLVL_INFO, "ntbtls: ", fmt, argv);
   else
     {
       char prefix[10+20];
       snprintf (prefix, sizeof prefix, "ntbtls(%d): ", level);
-      log_logv_with_prefix (GPGRT_LOG_DEBUG, prefix, fmt, argv);
+      log_logv_prefix (GPGRT_LOGLVL_DEBUG, prefix, fmt, argv);
     }
 }
 #endif
@@ -952,7 +859,7 @@ int
 main (int argc, char **argv)
 {
   enum cmd_and_opt_values cmd = 0;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   char *last_configname = NULL;
@@ -972,7 +879,7 @@ main (int argc, char **argv)
   struct assuan_malloc_hooks malloc_hooks;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix (DIRMNGR_NAME, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID);
 
   /* Make sure that our subsystems are ready.  */
@@ -1041,7 +948,7 @@ main (int argc, char **argv)
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -1060,8 +967,8 @@ main (int argc, char **argv)
   socket_name = dirmngr_socket_name ();
 
   /* The configuraton directories for use by gpgrt_argparser.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   /* We are re-using the struct, thus the reset flag.  We OR the
    * flags so that the internal intialized flag won't be cleared. */
@@ -1073,7 +980,7 @@ main (int argc, char **argv)
                    | ARGPARSE_FLAG_KEEP
                    | ARGPARSE_FLAG_SYS
                    | ARGPARSE_FLAG_USER);
-  while (gnupg_argparser (&pargs, opts, DIRMNGR_NAME EXTSEP_S "conf"))
+  while (gpgrt_argparser (&pargs, opts, DIRMNGR_NAME EXTSEP_S "conf"))
     {
       if (pargs.r_opt == ARGPARSE_CONFFILE)
         {
@@ -1118,7 +1025,6 @@ main (int argc, char **argv)
         case oNoVerbose: opt.verbose = 0; break;
         case oHomedir: /* Ignore this option here. */; break;
         case oNoDetach: nodetach = 1; break;
-        case oStealSocket: steal_socket = 1; break;
         case oLogFile: logfile = pargs.r.ret_str; break;
         case oCsh: csh_style = 1; break;
         case oSh: csh_style = 0; break;
@@ -1128,6 +1034,9 @@ main (int argc, char **argv)
 #        endif /*USE_LDAP*/
           break;
 	case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
+	case oLDAPTimeout:
+	  opt.ldaptimeout = pargs.r.ret_int;
+	  break;
 
         case oFakedSystemTime:
           gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
@@ -1149,12 +1058,12 @@ main (int argc, char **argv)
           break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (!last_configname)
-    opt.config_filename = make_filename (gnupg_homedir (),
-                                         DIRMNGR_NAME EXTSEP_S "conf",
-                                         NULL);
+    opt.config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                             DIRMNGR_NAME EXTSEP_S "conf",
+                                             NULL);
   else
     {
       opt.config_filename = last_configname;
@@ -1172,8 +1081,8 @@ main (int argc, char **argv)
   if (greeting)
     {
       es_fprintf (es_stderr, "%s %s; %s\n",
-                  strusage(11), strusage(13), strusage(14) );
-      es_fprintf (es_stderr, "%s\n", strusage(15) );
+                  gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14));
+      es_fprintf (es_stderr, "%s\n", gpgrt_strusage(15));
     }
 
 #ifdef IS_DEVELOPMENT_VERSION
@@ -1208,13 +1117,16 @@ main (int argc, char **argv)
       log_printf ("\n");
     }
 
+  /* Note that we do not run set_tor_mode in --gpgconf-list mode
+   * because it will attempt to connect to the tor client and that can
+   * be time consuming.  */
   post_option_parsing ();
+  if (cmd != aGPGConfTest && cmd != aGPGConfList && cmd != aGPGConfVersions)
+    set_tor_mode ();
 
-  /* Get LDAP server list from file unless --ldapserver has been used.  */
+  /* Get LDAP server list from file. */
 #if USE_LDAP
-  if (opt.ldapservers)
-    ;
-  else if (!ldapfile)
+  if (!ldapfile)
     {
       ldapfile = make_filename (gnupg_homedir (),
                                 "dirmngr_ldapservers.conf",
@@ -1263,6 +1175,7 @@ main (int argc, char **argv)
       thread_init ();
       cert_cache_init (hkp_cacert_filenames);
       crl_cache_init ();
+      ks_hkp_init ();
       http_register_netactivity_cb (netactivity_action);
       start_command_handler (ASSUAN_INVALID_FD, 0);
       shutdown_reaper ();
@@ -1298,6 +1211,7 @@ main (int argc, char **argv)
       thread_init ();
       cert_cache_init (hkp_cacert_filenames);
       crl_cache_init ();
+      ks_hkp_init ();
       http_register_netactivity_cb (netactivity_action);
       handle_connections (3);
       shutdown_reaper ();
@@ -1380,11 +1294,7 @@ main (int argc, char **argv)
 #endif
               ))
 	{
-          /* Fixme: We should actually test whether a dirmngr is
-           * already running.  For now the steal option is a dummy. */
-          /* if (steal_socket) */
-          /*   log_info (N_("trying to steal socket from running %s\n"), */
-          /*             "dirmngr"); */
+          /* Fixme: We should test whether a dirmngr is already running. */
 	  gnupg_remove (redir_socket_name? redir_socket_name : socket_name);
 	  rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
 	}
@@ -1523,6 +1433,7 @@ main (int argc, char **argv)
       thread_init ();
       cert_cache_init (hkp_cacert_filenames);
       crl_cache_init ();
+      ks_hkp_init ();
       http_register_netactivity_cb (netactivity_action);
       handle_connections (fd);
       shutdown_reaper ();
@@ -1545,6 +1456,7 @@ main (int argc, char **argv)
       thread_init ();
       cert_cache_init (hkp_cacert_filenames);
       crl_cache_init ();
+      ks_hkp_init ();
       if (!argc)
         rc = crl_cache_load (&ctrlbuf, NULL);
       else
@@ -1568,6 +1480,7 @@ main (int argc, char **argv)
       thread_init ();
       cert_cache_init (hkp_cacert_filenames);
       crl_cache_init ();
+      ks_hkp_init ();
       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
       if (rc)
         log_error (_("fetching CRL from '%s' failed: %s\n"),
@@ -1675,7 +1588,7 @@ dirmngr_deinit_default_ctrl (ctrl_t ctrl)
 /* Create a list of LDAP servers from the file FILENAME. Returns the
    list or NULL in case of errors.
 
-   The format fo such a file is line oriented where empty lines and
+   The format of such a file is line oriented where empty lines and
    lines starting with a hash mark are ignored.  All other lines are
    assumed to be colon seprated with these fields:
 
@@ -1700,14 +1613,10 @@ parse_ldapserver_file (const char* filename, int ignore_enoent)
   fp = es_fopen (filename, "r");
   if (!fp)
     {
-      if (errno == ENOENT)
-        {
-          if (!ignore_enoent)
-            log_info ("No ldapserver file at: '%s'\n", filename);
-        }
+      if (ignore_enoent && gpg_err_code_from_syserror () == GPG_ERR_ENOENT)
+        ;
       else
-        log_error (_("error opening '%s': %s\n"), filename,
-                   strerror (errno));
+        log_info ("failed to open '%s': %s\n", filename, strerror (errno));
       return NULL;
     }
 
@@ -1752,13 +1661,8 @@ parse_ldapserver_file (const char* filename, int ignore_enoent)
 }
 #endif /*USE_LDAP*/
 
-
-/* Parse a fingerprint entry as used by --ocsc-signer.  OPTIONNAME as
- * a description on the options used.  WANT_BINARY requests to store a
- * binary fingerprint.  Returns NULL on error and logs that error. */
 static fingerprint_list_t
-parse_fingerprint_item (const char *string,
-                        const char *optionname, int want_binary)
+parse_ocsp_signer (const char *string)
 {
   gpg_error_t err;
   char *fname;
@@ -1783,15 +1687,10 @@ parse_fingerprint_item (const char *string,
       if (j != 40 || !(spacep (string+i) || !string[i]))
         {
           log_error (_("%s:%u: invalid fingerprint detected\n"),
-                     optionname, 0);
+                     "--ocsp-signer", 0);
           xfree (item);
           return NULL;
         }
-      if (want_binary)
-        {
-          item->binlen = 20;
-          hex2bin (item->hexfpr, item->hexfpr, 20);
-        }
       return item;
     }
 
@@ -1874,12 +1773,6 @@ parse_fingerprint_item (const char *string,
           log_error (_("%s:%u: invalid fingerprint detected\n"), fname, lnr);
           errflag = 1;
         }
-      else if (want_binary)
-        {
-          item->binlen = 20;
-          hex2bin (item->hexfpr, item->hexfpr, 20);
-        }
-
       i++;
       while (spacep (p+i))
         i++;
@@ -1905,12 +1798,12 @@ parse_fingerprint_item (const char *string,
    Fixme: Due to the way the argument parsing works, we create a
    memory leak here for all string type arguments.  There is currently
    no clean way to tell whether the memory for the argument has been
-   allocated or points into the process' original arguments.  Unless
+   allocated or points into the process's original arguments.  Unless
    we have a mechanism to tell this, we need to live on with this. */
 static void
 reread_configuration (void)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   char *twopart;
   int dummy;
 
@@ -1930,7 +1823,7 @@ reread_configuration (void)
   pargs.flags = (ARGPARSE_FLAG_KEEP
                  |ARGPARSE_FLAG_SYS
                  |ARGPARSE_FLAG_USER);
-  while (gnupg_argparser (&pargs, opts, twopart))
+  while (gpgrt_argparser (&pargs, opts, twopart))
     {
       if (pargs.r_opt == ARGPARSE_CONFFILE)
         {
@@ -1942,7 +1835,7 @@ reread_configuration (void)
       else /* Try to parse this option - ignore unchangeable ones. */
         parse_rereadable_options (&pargs, 1);
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
   xfree (twopart);
   post_option_parsing ();
 }
@@ -1956,6 +1849,7 @@ dirmngr_sighup_action (void)
   log_info (_("SIGHUP received - "
               "re-reading configuration and flushing caches\n"));
   reread_configuration ();
+  set_tor_mode ();
   cert_cache_deinit (0);
   crl_cache_deinit ();
   cert_cache_init (hkp_cacert_filenames);
@@ -2006,7 +1900,7 @@ handle_signal (int signo)
       if (shutdown_pending > 2)
         {
           log_info (_("shutdown forced\n"));
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
           cleanup ();
           dirmngr_exit (0);
 	}
@@ -2014,7 +1908,7 @@ handle_signal (int signo)
 
     case SIGINT:
       log_info (_("SIGINT received - immediate shutdown\n"));
-      log_info( "%s %s stopped\n", strusage(11), strusage(13));
+      log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
       cleanup ();
       dirmngr_exit (0);
       break;
@@ -2071,9 +1965,14 @@ housekeeping_thread (void *arg)
 }
 
 
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
+/* We try to enable correct overflow handling for signed int (commonly
+ * used for time_t). With gcc 4.2 -fno-strict-overflow was introduced
+ * and used here as a pragma.  Later gcc versions (gcc 6?) removed
+ * this as a pragma and -fwrapv was then suggested as a replacement
+ * for -fno-strict-overflow.  */
+#if GPGRT_HAVE_PRAGMA_GCC_PUSH
 # pragma GCC push_options
-# pragma GCC optimize ("no-strict-overflow")
+# pragma GCC optimize ("wrapv")
 #endif
 static int
 time_for_housekeeping_p (time_t curtime)
@@ -2091,7 +1990,7 @@ time_for_housekeeping_p (time_t curtime)
     }
   return 0;
 }
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
+#if GPGRT_HAVE_PRAGMA_GCC_PUSH
 # pragma GCC pop_options
 #endif
 
@@ -2425,7 +2324,7 @@ handle_connections (assuan_fd_t listen_fd)
   if (listen_fd != GNUPG_INVALID_FD)
     assuan_sock_close (listen_fd);
   cleanup ();
-  log_info ("%s %s stopped\n", strusage(11), strusage(13));
+  log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
 }
 
 const char*
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 369102d..92d9d4b 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -50,10 +50,7 @@ struct ldap_server_s
   char *user;
   char *pass;
   char *base;
-
-  unsigned int starttls:1;       /* Use STARTTLS.  */
-  unsigned int ldap_over_tls:1;  /* Use LDAP over an TLS tunnel */
-  unsigned int ntds:1;           /* Use Active Directory authentication.  */
+  unsigned int use_ldaps:1;
 };
 typedef struct ldap_server_s *ldap_server_t;
 
@@ -75,7 +72,6 @@ typedef struct fingerprint_list_s *fingerprint_list_t;
 struct fingerprint_list_s
 {
   fingerprint_list_t next;
-  char binlen;  /* If this is not 0 hexfpr actually carries a binary fpr.  */
   char hexfpr[20+20+1];
 };
 
@@ -121,18 +117,11 @@ struct
   int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in
                                   the certificate.  */
 
-  /* A list of fingerprints of certififcates we should completely
-   * ignore.  These are all stored in binary format.  */
-  fingerprint_list_t ignored_certs;
-
   /* A list of certificate extension OIDs which are ignored so that
      one can claim that a critical extension has been handled.  One
      OID per string.  */
   strlist_t ignored_cert_extensions;
 
-  /* Allow expired certificates in the cache.  */
-  int debug_cache_expired_certs;
-
   int allow_ocsp;     /* Allow using OCSP. */
 
   int max_replies;
@@ -227,12 +216,11 @@ void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
 void dirmngr_sighup_action (void);
 const char* dirmngr_get_current_socket_name (void);
 int dirmngr_use_tor (void);
-int dirmngr_never_use_tor_p (void);
 
 /*-- Various housekeeping functions.  --*/
 void ks_hkp_housekeeping (time_t curtime);
 void ks_hkp_reload (void);
-
+void ks_hkp_init (void);
 
 /*-- server.c --*/
 ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);
@@ -246,8 +234,6 @@ int dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat,
 void start_command_handler (gnupg_fd_t fd, unsigned int session_id);
 gpg_error_t dirmngr_tick (ctrl_t ctrl);
 
-/* (See also dirmngr-status.h)  */
-
 /*-- http-ntbtls.c --*/
 /* Note that we don't use a callback for gnutls.  */
 
diff --git a/dirmngr/dirmngr.w32-manifest.in b/dirmngr/dirmngr.w32-manifest.in
deleted file mode 100644
index 719ca97..0000000
--- a/dirmngr/dirmngr.w32-manifest.in
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
-<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-<description>GNU Privacy Guard (Network daemon)</description>
-<assemblyIdentity
-    type="win32"
-    name="GnuPG.dirmngr"
-    version="@BUILD_VERSION@"
-    />
-<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
-  <application>
-    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><!-- 10 -->
-    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
-    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
-    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
-    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><!-- Vista -->
-  </application>
-</compatibility>
-</assembly>
diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
index ea0da6c..7d19410 100644
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@@ -1,5 +1,5 @@
 /* dirmngr-ldap.c  -  The LDAP helper for dirmngr.
- * Copyright (C) 2004, 2021 g10 Code GmbH
+ * Copyright (C) 2004 g10 Code GmbH
  * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -21,6 +21,7 @@
 
 #include <config.h>
 
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <stddef.h>
@@ -48,14 +49,13 @@
 
 #include <gpg-error.h>
 #include "../common/logging.h"
-#include "../common/argparse.h"
 #include "../common/stringhelp.h"
 #include "../common/mischelp.h"
 #include "../common/strlist.h"
+
+#include "../common/i18n.h"
 #include "../common/util.h"
 #include "../common/init.h"
-#include "ldap-misc.h"
-
 
 /* There is no need for the npth_unprotect and leave functions here;
  * thus we redefine them to nops.  We keep them in the code just for
@@ -87,11 +87,10 @@ enum
     oUser,
     oPass,
     oEnvPass,
-    oBase,
+    oDN,
+    oFilter,
     oAttr,
-    oStartTLS,
-    oLdapTLS,
-    oNtds,
+    oTls,
 
     oOnlySearchTimeout,
     oLogWithPID
@@ -99,42 +98,41 @@ enum
 
 
 /* The list of options as used by the argparse.c code.  */
-static ARGPARSE_OPTS opts[] = {
-  { oVerbose,  "verbose",   0, "verbose" },
-  { oQuiet,    "quiet",     0, "be somewhat more quiet" },
-  { oTimeout,  "timeout",   1, "|N|set LDAP timeout to N seconds"},
-  { oMulti,    "multi",     0, "return all values in"
-                               " a record oriented format"},
+static gpgrt_opt_t opts[] = {
+  { oVerbose,  "verbose",   0, N_("verbose") },
+  { oQuiet,    "quiet",     0, N_("be somewhat more quiet") },
+  { oTimeout,  "timeout",   1, N_("|N|set LDAP timeout to N seconds")},
+  { oMulti,    "multi",     0, N_("return all values in"
+                                  " a record oriented format")},
   { oProxy,    "proxy",     2,
-                "|NAME|ignore host part and connect through NAME"},
-  { oStartTLS, "starttls",  0, "use STARTLS for the conenction"},
-  { oLdapTLS,  "ldaptls",   0, "use a TLS for the connection"},
-  { oNtds,     "ntds",      0, "authenticate using AD"},
-  { oHost,     "host",      2, "|NAME|connect to host NAME"},
-  { oPort,     "port",      1, "|N|connect to port N"},
-  { oUser,     "user",      2, "|NAME|use NAME for authentication"},
-  { oPass,     "pass",      2, "|PASS|use password PASS"
-                               " for authentication"},
-  { oEnvPass,  "env-pass",  0, "take password from $DIRMNGR_LDAP_PASS"},
-  { oBase,     "base",      2, "|DN|Start query at DN"},
-  { oAttr,     "attr",      2, "|STRING|return the attribute STRING"},
+    N_("|NAME|ignore host part and connect through NAME")},
+  { oTls,      "tls",       0, N_("force a TLS connection")},
+  { oHost,     "host",      2, N_("|NAME|connect to host NAME")},
+  { oPort,     "port",      1, N_("|N|connect to port N")},
+  { oUser,     "user",      2, N_("|NAME|use user NAME for authentication")},
+  { oPass,     "pass",      2, N_("|PASS|use password PASS"
+                                  " for authentication")},
+  { oEnvPass,  "env-pass",  0, N_("take password from $DIRMNGR_LDAP_PASS")},
+  { oDN,       "dn",        2, N_("|STRING|query DN STRING")},
+  { oFilter,   "filter",    2, N_("|STRING|use STRING as filter expression")},
+  { oAttr,     "attr",      2, N_("|STRING|return the attribute STRING")},
   { oOnlySearchTimeout, "only-search-timeout", 0, "@"},
   { oLogWithPID,"log-with-pid", 0, "@"},
   ARGPARSE_end ()
 };
 
 
-/* A structure with module options.  */
-static struct
+/* A structure with module options.  This is not a static variable
+   because if we are not build as a standalone binary, each thread
+   using this module needs to handle its own values.  */
+struct my_opt_s
 {
   int quiet;
   int verbose;
   my_ldap_timeval_t timeout;/* Timeout for the LDAP search functions.  */
   unsigned int alarm_timeout; /* And for the alarm based timeout.  */
   int multi;
-  int starttls;
-  int ldaptls;
-  int ntds;
+  int force_tls;
 
   estream_t outstream;    /* Send output to this stream.  */
 
@@ -144,18 +142,19 @@ static struct
   char *user;  /* Authentication user.  */
   char *pass;  /* Authentication password.  */
   char *host;  /* Override host.  */
-  int  port;   /* Override port.  */
-  char *base;  /* Override DN.  */
+  int port;    /* Override port.  */
+  char *dn;    /* Override DN.  */
+  char *filter;/* Override filter.  */
   char *attr;  /* Override attribute.  */
-} opt;
+};
+typedef struct my_opt_s *my_opt_t;
 
 
 /* Prototypes.  */
 #ifndef HAVE_W32_SYSTEM
 static void catch_alarm (int dummy);
 #endif
-static gpg_error_t connect_ldap (LDAP **r_ld);
-static gpg_error_t process_filter (LDAP *ld, const char *string);
+static int process_url (my_opt_t myopt, const char *url);
 
 
 
@@ -165,7 +164,7 @@ my_strusage (int level)
 {
   const char *p;
 
-  switch(level)
+  switch (level)
     {
     case  9: p = "GPL-3.0-or-later"; break;
     case 11: p = "dirmngr_ldap (@GNUPG@)";
@@ -173,14 +172,14 @@ my_strusage (int level)
     case 13: p = VERSION; break;
     case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
     case 17: p = PRINTABLE_OS_NAME; break;
-    case 19: p = "Please report bugs to <@EMAIL@>.\n"; break;
+    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
     case 49: p = PACKAGE_BUGREPORT; break;
     case 1:
     case 40: p =
-               "Usage: dirmngr_ldap [options] filters (-h for help)\n";
+               _("Usage: dirmngr_ldap [options] [URL] (-h for help)\n");
       break;
     case 41: p =
-           ("Syntax: dirmngr_ldap [options] filters\n"
+          _("Syntax: dirmngr_ldap [options] [URL]\n"
             "Internal LDAP helper for Dirmngr\n"
             "Interface and options may change without notice\n");
       break;
@@ -194,58 +193,63 @@ my_strusage (int level)
 int
 main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int any_err = 0;
   char *p;
   int only_search_timeout = 0;
+  struct my_opt_s my_opt_buffer;
+  my_opt_t myopt = &my_opt_buffer;
   char *malloced_buffer1 = NULL;
-  LDAP *ld;
+
+  memset (&my_opt_buffer, 0, sizeof my_opt_buffer);
 
   early_system_init ();
 
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX);
 
+  /* Setup I18N and common subsystems. */
+  i18n_init();
+
   init_common_subsystems (&argc, &argv);
 
   es_set_binary (es_stdout);
-  opt.outstream = es_stdout;
+  myopt->outstream = es_stdout;
 
   /* LDAP defaults */
-  opt.timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
-  opt.timeout.tv_usec = 0;
-  opt.alarm_timeout = 0;
+  myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
+  myopt->timeout.tv_usec = 0;
+  myopt->alarm_timeout = 0;
 
   /* Parse the command line.  */
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
-        case oVerbose: opt.verbose++; break;
-        case oQuiet: opt.quiet++; break;
+        case oVerbose: myopt->verbose++; break;
+        case oQuiet: myopt->quiet++; break;
 	case oTimeout:
-	  opt.timeout.tv_sec = pargs.r.ret_int;
-	  opt.timeout.tv_usec = 0;
-          opt.alarm_timeout = pargs.r.ret_int;
+	  myopt->timeout.tv_sec = pargs.r.ret_int;
+	  myopt->timeout.tv_usec = 0;
+          myopt->alarm_timeout = pargs.r.ret_int;
 	  break;
         case oOnlySearchTimeout: only_search_timeout = 1; break;
-        case oStartTLS: opt.starttls = 1; opt.ldaptls = 0; break;
-        case oLdapTLS:  opt.starttls = 0; opt.ldaptls = 1; break;
-        case oNtds:     opt.ntds = 1; break;
-        case oMulti: opt.multi = 1; break;
-        case oUser: opt.user = pargs.r.ret_str; break;
-        case oPass: opt.pass = pargs.r.ret_str; break;
+        case oMulti: myopt->multi = 1; break;
+        case oUser: myopt->user = pargs.r.ret_str; break;
+        case oPass: myopt->pass = pargs.r.ret_str; break;
         case oEnvPass:
-          opt.pass = getenv ("DIRMNGR_LDAP_PASS");
+          myopt->pass = getenv ("DIRMNGR_LDAP_PASS");
           break;
-        case oProxy: opt.proxy = pargs.r.ret_str; break;
-        case oHost: opt.host = pargs.r.ret_str; break;
-        case oPort: opt.port = pargs.r.ret_int; break;
-        case oBase: opt.base = pargs.r.ret_str; break;
-        case oAttr: opt.attr = pargs.r.ret_str; break;
+        case oProxy: myopt->proxy = pargs.r.ret_str; break;
+        case oTls:  myopt->force_tls = 1; break;
+        case oHost: myopt->host = pargs.r.ret_str; break;
+        case oPort: myopt->port = pargs.r.ret_int; break;
+        case oDN:   myopt->dn = pargs.r.ret_str; break;
+        case oFilter: myopt->filter = pargs.r.ret_str; break;
+        case oAttr: myopt->attr = pargs.r.ret_str; break;
         case oLogWithPID:
           {
             unsigned int oldflags;
@@ -259,46 +263,39 @@ main (int argc, char **argv)
           break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (only_search_timeout)
-    opt.alarm_timeout = 0;
+    myopt->alarm_timeout = 0;
 
-  if (opt.proxy)
+  if (myopt->proxy)
     {
-      malloced_buffer1 = xtrystrdup (opt.proxy);
+      malloced_buffer1 = xtrystrdup (myopt->proxy);
       if (!malloced_buffer1)
         {
           log_error ("error copying string: %s\n", strerror (errno));
           return 1;
         }
-      opt.host = malloced_buffer1;
-      p = strchr (opt.host, ':');
+      myopt->host = malloced_buffer1;
+      p = strchr (myopt->host, ':');
       if (p)
         {
           *p++ = 0;
-          opt.port = atoi (p);
+          myopt->port = atoi (p);
         }
-      if (!opt.port)
-        opt.port = 389;  /* make sure ports gets overridden.  */
+      if (!myopt->port)
+        myopt->port = 389;  /* make sure ports gets overridden.  */
     }
 
-  if (opt.port < 0 || opt.port > 65535)
-    log_error ("invalid port number %d\n", opt.port);
-
-  if (!opt.port)
-    opt.port = opt.ldaptls? 636 : 389;
-
-#ifndef HAVE_W32_SYSTEM
-  if (!opt.host)
-    opt.host = "localhost";
-#endif
-
+  if (myopt->port < 0 || myopt->port > 65535)
+    log_error (_("invalid port number %d\n"), myopt->port);
 
   if (log_get_errorcount (0))
     exit (2);
+  if (argc < 1)
+    gpgrt_usage (1);
 
-  if (opt.alarm_timeout)
+  if (myopt->alarm_timeout)
     {
 #ifndef HAVE_W32_SYSTEM
 # if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
@@ -315,23 +312,9 @@ main (int argc, char **argv)
 #endif
     }
 
-  if (connect_ldap (&ld))
-    any_err = 1;
-  else
-    {
-      if (!argc)
-        {
-          if (process_filter (ld, "(objectClass=*)"))
-            any_err = 1;
-        }
-      else
-        {
-          for (; argc; argc--, argv++)
-            if (process_filter (ld, *argv))
-              any_err = 1;
-        }
-      ldap_unbind (ld);
-    }
+  for (; argc; argc--, argv++)
+    if (process_url (myopt, *argv))
+      any_err = 1;
 
   xfree (malloced_buffer1);
   return any_err;
@@ -362,16 +345,16 @@ alarm_thread (void *arg)
 
 
 static void
-set_timeout (void)
+set_timeout (my_opt_t myopt)
 {
-  if (opt.alarm_timeout)
+  if (myopt->alarm_timeout)
     {
 #ifdef HAVE_W32_SYSTEM
       static HANDLE timer;
       LARGE_INTEGER due_time;
 
       /* A negative value is a relative time.  */
-      due_time.QuadPart = (unsigned long long)-10000000 * opt.alarm_timeout;
+      due_time.QuadPart = (unsigned long long)-10000000 * myopt->alarm_timeout;
 
       if (!timer)
         {
@@ -382,7 +365,7 @@ set_timeout (void)
           sec_attr.nLength = sizeof sec_attr;
           sec_attr.bInheritHandle = FALSE;
 
-          /* Create a manual resetable timer.  */
+          /* Create a manual resettable timer.  */
           timer = CreateWaitableTimer (NULL, TRUE, NULL);
           /* Initially set the timer.  */
           SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
@@ -393,192 +376,15 @@ set_timeout (void)
       else /* Retrigger the timer.  */
         SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
 #else
-      alarm (opt.alarm_timeout);
-#endif
-    }
-}
-
-
-
-/* Connect to the ldap server.  On success the connection handle is
- * stored at R_LD. */
-static gpg_error_t
-connect_ldap (LDAP **r_ld)
-{
-  gpg_error_t err = 0;
-  int lerr;
-  LDAP *ld = NULL;
-#ifndef HAVE_W32_SYSTEM
-  char *tmpstr;
+      alarm (myopt->alarm_timeout);
 #endif
-
-  *r_ld = NULL;
-
-  if (opt.starttls || opt.ldaptls)
-    {
-#ifndef HAVE_LDAP_START_TLS_S
-      log_error ("ldap: can't connect to the server: no TLS support.");
-      err = GPG_ERR_LDAP_NOT_SUPPORTED;
-      goto leave;
-#endif
-    }
-
-
-  set_timeout ();
-#ifdef HAVE_W32_SYSTEM
-  npth_unprotect ();
-  ld = ldap_sslinit (opt.host, opt.port, opt.ldaptls);
-  npth_protect ();
-  if (!ld)
-    {
-      lerr = LdapGetLastError ();
-      err = ldap_err_to_gpg_err (lerr);
-      log_error ("error initializing LDAP '%s:%d': %s\n",
-                 opt.host, opt.port, ldap_err2string (lerr));
-      goto leave;
-    }
-#else /* Unix */
-  tmpstr = xtryasprintf ("%s://%s:%d",
-                         opt.ldaptls? "ldaps" : "ldap",
-                         opt.host, opt.port);
-  if (!tmpstr)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-  npth_unprotect ();
-  lerr = ldap_initialize (&ld, tmpstr);
-  npth_protect ();
-  if (lerr || !ld)
-    {
-      err = ldap_err_to_gpg_err (lerr);
-      log_error ("error initializing LDAP '%s': %s\n",
-                 tmpstr, ldap_err2string (lerr));
-      xfree (tmpstr);
-      goto leave;
-    }
-  xfree (tmpstr);
-#endif /* Unix */
-
-  if (opt.verbose)
-    log_info ("LDAP connected to '%s:%d'%s\n",
-              opt.host, opt.port,
-              opt.starttls? " using STARTTLS" :
-              opt.ldaptls?  " using LDAP-over-TLS" : "");
-
-
-#ifdef HAVE_LDAP_SET_OPTION
-  {
-    int ver = LDAP_VERSION3;
-
-    lerr = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ver);
-    if (lerr != LDAP_SUCCESS)
-      {
-	log_error ("unable to go to LDAP 3: %s\n", ldap_err2string (lerr));
-	err = ldap_err_to_gpg_err (lerr);
-	goto leave;
-      }
-  }
-#endif
-
-
-#ifdef HAVE_LDAP_START_TLS_S
-  if (opt.starttls)
-    {
-#ifndef HAVE_W32_SYSTEM
-      int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
-
-      lerr = ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
-      if (lerr)
-	{
-	  log_error ("ldap: error setting an TLS option: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
-	  goto leave;
-	}
-#else
-      /* On Windows, the certificates are checked by default.  If the
-	 option to disable checking mentioned above is ever
-	 implemented, the way to do that on Windows is to install a
-	 callback routine using ldap_set_option (..,
-	 LDAP_OPT_SERVER_CERTIFICATE, ..); */
-#endif
-
-      npth_unprotect ();
-      lerr = ldap_start_tls_s (ld,
-#ifdef HAVE_W32_SYSTEM
-			      /* ServerReturnValue, result */
-			      NULL, NULL,
-#endif
-			      /* ServerControls, ClientControls */
-			      NULL, NULL);
-      npth_protect ();
-      if (lerr)
-	{
-	  log_error ("ldap: error switching to STARTTLS mode: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
-	  goto leave;
-	}
-    }
-#endif
-
-  if (opt.ntds)
-    {
-      if (opt.verbose)
-        log_info ("binding to current user via AD\n");
-#ifdef HAVE_W32_SYSTEM
-      npth_unprotect ();
-      lerr = ldap_bind_s (ld, NULL, NULL, LDAP_AUTH_NEGOTIATE);
-      npth_protect ();
-      if (lerr != LDAP_SUCCESS)
-	{
-	  log_error ("error binding to LDAP via AD: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
-	  goto leave;
-	}
-#else /* Unix */
-      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-      goto leave;
-#endif /* Unix */
-    }
-  else if (opt.user)
-    {
-      if (opt.verbose)
-        log_info ("LDAP bind to '%s', password '%s'\n",
-                   opt.user, opt.pass ? ">not_shown<" : ">none<");
-
-      npth_unprotect ();
-      lerr = ldap_simple_bind_s (ld, opt.user, opt.pass);
-      npth_protect ();
-      if (lerr != LDAP_SUCCESS)
-	{
-	  log_error ("error binding to LDAP: %s\n", ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
-	  goto leave;
-	}
-    }
-  else
-    {
-      /* By default we don't bind as there is usually no need to.  */
-    }
-
- leave:
-  if (err)
-    {
-      if (ld)
-        ldap_unbind (ld);
     }
-  else
-    *r_ld = ld;
-  return err;
 }
 
 
 /* Helper for fetch_ldap().  */
 static int
-print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
+print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
 {
   LDAPMessage *item;
   int any = 0;
@@ -590,15 +396,15 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
       BerElement *berctx;
       char *attr;
 
-      if (opt.verbose > 1)
-        log_info ("scanning result for attribute '%s'\n",
+      if (myopt->verbose > 1)
+        log_info (_("scanning result for attribute '%s'\n"),
                   want_attr? want_attr : "[all]");
 
-      if (opt.multi)
+      if (myopt->multi)
         { /*  Write item marker. */
-          if (es_fwrite ("I\0\0\0\0", 5, 1, opt.outstream) != 1)
+          if (es_fwrite ("I\0\0\0\0", 5, 1, myopt->outstream) != 1)
             {
-              log_error ("error writing to stdout: %s\n",
+              log_error (_("error writing to stdout: %s\n"),
                          strerror (errno));
               return -1;
             }
@@ -614,10 +420,10 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
           struct berval **values;
           int idx;
 
-          if (opt.verbose > 1)
-            log_info ("          available attribute '%s'\n", attr);
+          if (myopt->verbose > 1)
+            log_info (_("          available attribute '%s'\n"), attr);
 
-          set_timeout ();
+          set_timeout (myopt);
 
           /* I case we want only one attribute we do a case
              insensitive compare without the optional extension
@@ -652,23 +458,23 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
 
           if (!values)
             {
-              if (opt.verbose)
-                log_info ("attribute '%s' not found\n", attr);
+              if (myopt->verbose)
+                log_info (_("attribute '%s' not found\n"), attr);
               ldap_memfree (attr);
               continue;
             }
 
-          if (opt.verbose)
+          if (myopt->verbose)
             {
-              log_info ("found attribute '%s'\n", attr);
-              if (opt.verbose > 1)
+              log_info (_("found attribute '%s'\n"), attr);
+              if (myopt->verbose > 1)
                 for (idx=0; values[idx]; idx++)
                   log_info ("         length[%d]=%d\n",
                             idx, (int)values[0]->bv_len);
 
             }
 
-          if (opt.multi)
+          if (myopt->multi)
             { /*  Write attribute marker. */
               unsigned char tmp[5];
               size_t n = strlen (attr);
@@ -678,10 +484,10 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
               tmp[2] = (n >> 16);
               tmp[3] = (n >> 8);
               tmp[4] = (n);
-              if (es_fwrite (tmp, 5, 1, opt.outstream) != 1
-                  || es_fwrite (attr, n, 1, opt.outstream) != 1)
+              if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1
+                  || es_fwrite (attr, n, 1, myopt->outstream) != 1)
                 {
-                  log_error ("error writing to stdout: %s\n",
+                  log_error (_("error writing to stdout: %s\n"),
                              strerror (errno));
                   ldap_value_free_len (values);
                   ldap_memfree (attr);
@@ -692,7 +498,7 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
 
           for (idx=0; values[idx]; idx++)
             {
-              if (opt.multi)
+              if (myopt->multi)
                 { /* Write value marker.  */
                   unsigned char tmp[5];
                   size_t n = values[0]->bv_len;
@@ -703,9 +509,9 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
                   tmp[3] = (n >> 8);
                   tmp[4] = (n);
 
-                  if (es_fwrite (tmp, 5, 1, opt.outstream) != 1)
+                  if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1)
                     {
-                      log_error ("error writing to stdout: %s\n",
+                      log_error (_("error writing to stdout: %s\n"),
                                  strerror (errno));
                       ldap_value_free_len (values);
                       ldap_memfree (attr);
@@ -715,9 +521,9 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
                 }
 
 	      if (es_fwrite (values[0]->bv_val, values[0]->bv_len,
-                             1, opt.outstream) != 1)
+                             1, myopt->outstream) != 1)
                 {
-                  log_error ("error writing to stdout: %s\n",
+                  log_error (_("error writing to stdout: %s\n"),
                              strerror (errno));
                   ldap_value_free_len (values);
                   ldap_memfree (attr);
@@ -726,18 +532,18 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
                 }
 
               any = 1;
-              if (!opt.multi)
+              if (!myopt->multi)
                 break; /* Print only the first value.  */
             }
           ldap_value_free_len (values);
           ldap_memfree (attr);
-          if (want_attr || !opt.multi)
+          if (want_attr || !myopt->multi)
             break; /* We only want to return the first attribute.  */
         }
       ber_free (berctx, 0);
     }
 
-  if (opt.verbose > 1 && any)
+  if (myopt->verbose > 1 && any)
     log_info ("result has been printed\n");
 
   return any?0:-1;
@@ -745,51 +551,183 @@ print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
 
 
 
-/* Fetch data from the server at LD using FILTER.  */
+/* Helper for the URL based LDAP query. */
 static int
-fetch_ldap (LDAP *ld, char *base, int scope, char *filter)
+fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
 {
-  gpg_error_t err;
-  int lerr;
+  LDAP *ld;
   LDAPMessage *msg;
-  char *attrs[2];
+  int rc = 0;
+  char *host, *dn, *filter, *attrs[2], *attr;
+  int port;
+  int ret;
+  int usetls;
+
+  host     = myopt->host?   myopt->host   : ludp->lud_host;
+  port     = myopt->port?   myopt->port   : ludp->lud_port;
+  dn       = myopt->dn?     myopt->dn     : ludp->lud_dn;
+  filter   = myopt->filter? myopt->filter : ludp->lud_filter;
+  attrs[0] = myopt->attr?   myopt->attr   : ludp->lud_attrs? ludp->lud_attrs[0]:NULL;
+  attrs[1] = NULL;
+  attr = attrs[0];
 
-  if (filter && !*filter)
-    filter = NULL;
+  if (!port && myopt->force_tls)
+    port = 636;
+  else if (!port)
+    port = (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))? 636:389;
 
-  if (opt.verbose)
+  if (myopt->verbose)
     {
-      log_info ("fetching using");
-      if (base)
-        log_printf (" base '%s'", base);
+      log_info (_("processing url '%s'\n"), url);
+      if (myopt->force_tls)
+        log_info ("forcing tls\n");
+      else
+        log_info ("not forcing tls\n");
+
+      if (myopt->user)
+        log_info (_("          user '%s'\n"), myopt->user);
+      if (myopt->pass)
+        log_info (_("          pass '%s'\n"), *myopt->pass?"*****":"");
+      if (host)
+        log_info (_("          host '%s'\n"), host);
+      log_info (_("          port %d\n"), port);
+      if (dn)
+        log_info (_("            DN '%s'\n"), dn);
       if (filter)
-        log_printf (" filter '%s'", filter);
-      log_printf ("\n");
+        log_info (_("        filter '%s'\n"), filter);
+      if (myopt->multi && !myopt->attr && ludp->lud_attrs)
+        {
+          int i;
+          for (i=0; ludp->lud_attrs[i]; i++)
+            log_info (_("          attr '%s'\n"), ludp->lud_attrs[i]);
+        }
+      else if (attr)
+        log_info (_("          attr '%s'\n"), attr);
     }
 
-  attrs[0] = opt.attr;
-  attrs[1] = NULL;
 
-  set_timeout ();
+  if (!host || !*host)
+    {
+      log_error (_("no host name in '%s'\n"), url);
+      return -1;
+    }
+  if (!myopt->multi && !attr)
+    {
+      log_error (_("no attribute given for query '%s'\n"), url);
+      return -1;
+    }
+
+  if (!myopt->multi && !myopt->attr
+      && ludp->lud_attrs && ludp->lud_attrs[0] && ludp->lud_attrs[1])
+    log_info (_("WARNING: using first attribute only\n"));
+
+  set_timeout (myopt);
+
+  usetls = (myopt->force_tls
+            || (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps")));
+#if HAVE_W32_SYSTEM
+  if (1)
+    {
+      npth_unprotect ();
+      ld = ldap_sslinit (host, port, usetls);
+      npth_protect ();
+      if (!ld)
+        {
+          ret = LdapGetLastError ();
+          log_error (_("LDAP init to '%s:%d' failed: %s\n"),
+                     host, port, ldap_err2string (ret));
+          return -1;
+        }
+    }
+#else /*!W32*/
+  if (usetls)
+    {
+      char *uri;
+
+      uri = xtryasprintf ("ldaps://%s:%d", host, port);
+      if (!uri)
+        {
+          log_error (_("error allocating memory: %s\n"),
+                     gpg_strerror (gpg_error_from_syserror ()));
+          return -1;
+        }
+      npth_unprotect ();
+      ret = ldap_initialize (&ld, uri);
+      npth_protect ();
+      if (ret)
+        {
+          log_error (_("LDAP init to '%s' failed: %s\n"),
+                     uri, ldap_err2string (ret));
+          xfree (uri);
+          return -1;
+        }
+      else if (myopt->verbose)
+        log_info (_("LDAP init to '%s' done\n"), uri);
+      xfree (uri);
+    }
+  else
+    {
+      /* Keep the old way so to avoid regressions.  Eventually we
+       * should really consider the supplied scheme and use only
+       * ldap_initialize.  */
+      npth_unprotect ();
+      ld = ldap_init (host, port);
+      npth_protect ();
+      if (!ld)
+        {
+          log_error (_("LDAP init to '%s:%d' failed: %s\n"),
+                     host, port, strerror (errno));
+          return -1;
+        }
+    }
+#endif /*!W32*/
+
   npth_unprotect ();
-  lerr = ldap_search_st (ld, base, scope, filter,
-                         attrs,
-                         0,
-                         &opt.timeout, &msg);
+  /* Fixme:  Can we use MYOPT->user or is it shared with other theeads?.  */
+  ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
   npth_protect ();
-  if (lerr == LDAP_SIZELIMIT_EXCEEDED && opt.multi)
+#ifdef LDAP_VERSION3
+  if (ret == LDAP_PROTOCOL_ERROR)
     {
-      if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, opt.outstream) != 1)
+      /* Protocol error could mean that the server only supports v3. */
+      int version = LDAP_VERSION3;
+      if (myopt->verbose)
+        log_info ("protocol error; retrying bind with v3 protocol\n");
+      npth_unprotect ();
+      ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+      ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
+      npth_protect ();
+    }
+#endif
+  if (ret)
+    {
+      log_error (_("binding to '%s:%d' failed: %s\n"),
+                 host, port, ldap_err2string (ret));
+      ldap_unbind (ld);
+      return -1;
+    }
+
+  set_timeout (myopt);
+  npth_unprotect ();
+  rc = ldap_search_st (ld, dn, ludp->lud_scope, filter,
+                       myopt->multi && !myopt->attr && ludp->lud_attrs?
+                       ludp->lud_attrs:attrs,
+                       0,
+                       &myopt->timeout, &msg);
+  npth_protect ();
+  if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi)
+    {
+      if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, myopt->outstream) != 1)
         {
-          log_error ("error writing to stdout: %s\n", strerror (errno));
+          log_error (_("error writing to stdout: %s\n"), strerror (errno));
           return -1;
         }
     }
-  else if (lerr)
+  else if (rc)
     {
-      log_error ("searching '%s' failed: %s\n",
-                 filter, ldap_err2string (lerr));
-      if (lerr != LDAP_NO_SUCH_OBJECT)
+      log_error (_("searching '%s' failed: %s\n"),
+                 url, ldap_err2string (rc));
+      if (rc != LDAP_NO_SUCH_OBJECT)
         {
           /* FIXME: Need deinit (ld)?  */
           /* Hmmm: Do we need to released MSG in case of an error? */
@@ -797,43 +735,39 @@ fetch_ldap (LDAP *ld, char *base, int scope, char *filter)
         }
     }
 
-  err = print_ldap_entries (ld, msg, opt.multi? NULL:opt.attr);
+  rc = print_ldap_entries (myopt, ld, msg, myopt->multi? NULL:attr);
 
   ldap_msgfree (msg);
-  return err;
+  ldap_unbind (ld);
+  return rc;
 }
 
 
 
 
-/* Main processing.  Take the filter and run the LDAP query. The
- * result is printed to stdout, errors are logged to the log stream.
- * To allow searching with a different base it is possible to extend
- * the filer.  For example:
- *
- *   ^CN=foo, OU=My Users&(objectClasses=*)
- *
- * Uses "CN=foo, OU=My Users" as base DN and "(objectClasses=*)" as
- * filter.  If the base prefix includes an ampersand, it needs to be
- * doubled.  The usual escaping rules for DNs (for the base) and
- * filters apply.  If no scope is given (see ldap_parse_extfilter for
- * the syntax) subtree scope is used.
- */
-static gpg_error_t
-process_filter (LDAP *ld, const char *string)
+/* Main processing.  Take the URL and run the LDAP query. The result
+   is printed to stdout, errors are logged to the log stream. */
+static int
+process_url (my_opt_t myopt, const char *url)
 {
-  gpg_error_t err;
-  char *base, *filter;
-  int scope = -1;
-
-  err = ldap_parse_extfilter (string, 0, &base, &scope, &filter);
-  if (!err)
-    err = fetch_ldap (ld,
-                      base? base : opt.base,
-                      scope == -1? LDAP_SCOPE_SUBTREE : scope,
-                      filter);
-
-  xfree (base);
-  xfree (filter);
-  return err;
+  int rc;
+  LDAPURLDesc *ludp = NULL;
+
+
+  if (!ldap_is_ldap_url (url))
+    {
+      log_error (_("'%s' is not an LDAP URL\n"), url);
+      return -1;
+    }
+
+  if (ldap_url_parse (url, &ludp))
+    {
+      log_error (_("'%s' is an invalid LDAP URL\n"), url);
+      return -1;
+    }
+
+  rc = fetch_ldap (myopt, url, ludp);
+
+  ldap_free_urldesc (ludp);
+  return rc;
 }
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 4a50d75..0edbc04 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -73,6 +73,7 @@
 #include "./dirmngr-err.h"
 #include "../common/util.h"
 #include "../common/host2net.h"
+#include "dirmngr-status.h"
 #include "dns-stuff.h"
 
 #ifdef USE_NPTH
@@ -159,7 +160,7 @@ static struct
 
 
 #ifdef USE_LIBDNS
-/* Libdns gobal data.  */
+/* Libdns global data.  */
 struct libdns_s
 {
   struct dns_resolv_conf *resolv_conf;
@@ -442,12 +443,13 @@ resolv_conf_changed_p (void)
 /* Initialize libdns.  Returns 0 on success; prints a diagnostic and
  * returns an error code on failure.  */
 static gpg_error_t
-libdns_init (void)
+libdns_init (ctrl_t ctrl)
 {
   gpg_error_t err;
   struct libdns_s ld;
   int derr;
   char *cfgstr = NULL;
+  const char *fname = NULL;
 
   if (libdns.resolv_conf)
     return 0; /* Already initialized.  */
@@ -541,7 +543,6 @@ libdns_init (void)
       xfree (ninfo);
 
 #else /* Unix */
-      const char *fname;
 
       fname = RESOLV_CONF_NAME;
       resolv_conf_changed_p (); /* Reset timestamp.  */
@@ -631,6 +632,7 @@ libdns_init (void)
     {
       err = libdns_error_to_gpg_error (derr);
       log_error ("failed to load DNS hints: %s\n", gpg_strerror (err));
+      fname = "[dns hints]";
       goto leave;
     }
 
@@ -641,6 +643,14 @@ libdns_init (void)
     log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":"");
 
  leave:
+  if (!fname)
+    fname = cfgstr;
+  if (err && fname)
+    dirmngr_status_printf (ctrl, "WARNING",
+                           "dns_config_problem %u"
+                           " error accessing '%s': %s <%s>",
+                           err, fname, gpg_strerror (err), gpg_strsource (err));
+
   xfree (cfgstr);
   return err;
 }
@@ -710,7 +720,7 @@ dns_stuff_housekeeping (void)
  * failure an error code is returned and NULL stored at R_RES.
  */
 static gpg_error_t
-libdns_res_open (struct dns_resolver **r_res)
+libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res)
 {
   gpg_error_t err;
   struct dns_resolver *res;
@@ -737,7 +747,7 @@ libdns_res_open (struct dns_resolver **r_res)
       libdns_deinit ();
     }
 
-  err = libdns_init ();
+  err = libdns_init (ctrl);
   if (err)
     return err;
 
@@ -816,7 +826,7 @@ libdns_res_wait (struct dns_resolver *res)
 
 #ifdef USE_LIBDNS
 static gpg_error_t
-resolve_name_libdns (const char *name, unsigned short port,
+resolve_name_libdns (ctrl_t ctrl, const char *name, unsigned short port,
                      int want_family, int want_socktype,
                      dns_addrinfo_t *r_dai, char **r_canonname)
 {
@@ -849,7 +859,7 @@ resolve_name_libdns (const char *name, unsigned short port,
       portstr = portstr_;
     }
 
-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
   if (err)
     goto leave;
 
@@ -961,7 +971,7 @@ resolve_name_libdns (const char *name, unsigned short port,
 
 /* Resolve a name using the standard system function.  */
 static gpg_error_t
-resolve_name_standard (const char *name, unsigned short port,
+resolve_name_standard (ctrl_t ctrl, const char *name, unsigned short port,
                        int want_family, int want_socktype,
                        dns_addrinfo_t *r_dai, char **r_canonname)
 {
@@ -1007,7 +1017,7 @@ resolve_name_standard (const char *name, unsigned short port,
              CNAME redirection again.  */
           char *cname;
 
-          if (get_dns_cname (name, &cname))
+          if (get_dns_cname (ctrl, name, &cname))
             goto leave; /* Still no success.  */
 
           ret = getaddrinfo (cname, *portstr? portstr : NULL, &hints, &aibuf);
@@ -1072,18 +1082,19 @@ resolve_name_standard (const char *name, unsigned short port,
 
 
 /* This a wrapper around getaddrinfo with slightly different semantics.
-   NAME is the name to resolve.
-   PORT is the requested port or 0.
-   WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
-   WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
-
-   On success the result is stored in a linked list with the head
-   stored at the address R_AI; the caller must call gpg_addrinfo_free
-   on this.  If R_CANONNAME is not NULL the official name of the host
-   is stored there as a malloced string; if that name is not available
-   NULL is stored.  */
+ * NAME is the name to resolve.
+ * PORT is the requested port or 0.
+ * WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
+ * WANT_SOCKETTYPE is either 0 for any socket type
+ *                 or SOCK_STREAM or SOCK_DGRAM.
+ *
+ * On success the result is stored in a linked list with the head
+ * stored at the address R_AI; the caller must call free_dns_addrinfo
+ * on this.  If R_CANONNAME is not NULL the official name of the host
+ * is stored there as a malloced string; if that name is not available
+ * NULL is stored.  */
 gpg_error_t
-resolve_dns_name (const char *name, unsigned short port,
+resolve_dns_name (ctrl_t ctrl, const char *name, unsigned short port,
                   int want_family, int want_socktype,
                   dns_addrinfo_t *r_ai, char **r_canonname)
 {
@@ -1092,15 +1103,15 @@ resolve_dns_name (const char *name, unsigned short port,
 #ifdef USE_LIBDNS
   if (!standard_resolver)
     {
-      err = resolve_name_libdns (name, port, want_family, want_socktype,
+      err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype,
                                   r_ai, r_canonname);
       if (err && libdns_switch_port_p (err))
-        err = resolve_name_libdns (name, port, want_family, want_socktype,
+        err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype,
                                    r_ai, r_canonname);
     }
   else
 #endif /*USE_LIBDNS*/
-    err = resolve_name_standard (name, port, want_family, want_socktype,
+    err = resolve_name_standard (ctrl, name, port, want_family, want_socktype,
                                  r_ai, r_canonname);
   if (opt_debug)
     log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err));
@@ -1111,7 +1122,8 @@ resolve_dns_name (const char *name, unsigned short port,
 #ifdef USE_LIBDNS
 /* Resolve an address using libdns.  */
 static gpg_error_t
-resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen,
+resolve_addr_libdns (ctrl_t ctrl,
+                     const struct sockaddr_storage *addr, int addrlen,
                      unsigned int flags, char **r_name)
 {
   gpg_error_t err;
@@ -1143,7 +1155,7 @@ resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen,
     goto leave;
 
 
-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
   if (err)
     goto leave;
 
@@ -1307,7 +1319,8 @@ resolve_addr_standard (const struct sockaddr_storage *addr, int addrlen,
 
 /* A wrapper around getnameinfo.  */
 gpg_error_t
-resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
+resolve_dns_addr (ctrl_t ctrl,
+                  const struct sockaddr_storage *addr, int addrlen,
                   unsigned int flags, char **r_name)
 {
   gpg_error_t err;
@@ -1316,9 +1329,9 @@ resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
   /* Note that we divert to the standard resolver for NUMERICHOST.  */
   if (!standard_resolver && !(flags & DNS_NUMERICHOST))
     {
-      err = resolve_addr_libdns (addr, addrlen, flags, r_name);
+      err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name);
       if (err && libdns_switch_port_p (err))
-        err = resolve_addr_libdns (addr, addrlen, flags, r_name);
+        err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name);
     }
   else
 #endif /*USE_LIBDNS*/
@@ -1416,7 +1429,7 @@ is_onion_address (const char *name)
 /* libdns version of get_dns_cert.  */
 #ifdef USE_LIBDNS
 static gpg_error_t
-get_dns_cert_libdns (const char *name, int want_certtype,
+get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype,
                      void **r_key, size_t *r_keylen,
                      unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
 {
@@ -1436,7 +1449,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
            : (want_certtype - DNS_CERTTYPE_RRBASE));
 
 
-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
   if (err)
     goto leave;
 
@@ -1802,7 +1815,7 @@ get_dns_cert_standard (const char *name, int want_certtype,
    supported certtypes only records with this certtype are considered
    and the first found is returned.  (R_KEY,R_KEYLEN) are optional. */
 gpg_error_t
-get_dns_cert (const char *name, int want_certtype,
+get_dns_cert (ctrl_t ctrl, const char *name, int want_certtype,
               void **r_key, size_t *r_keylen,
               unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
 {
@@ -1819,10 +1832,10 @@ get_dns_cert (const char *name, int want_certtype,
 #ifdef USE_LIBDNS
   if (!standard_resolver)
     {
-      err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
+      err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen,
                                  r_fpr, r_fprlen, r_url);
       if (err && libdns_switch_port_p (err))
-        err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
+        err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen,
                                    r_fpr, r_fprlen, r_url);
     }
   else
@@ -1854,7 +1867,8 @@ priosort(const void *a,const void *b)
  * R_COUNT.  */
 #ifdef USE_LIBDNS
 static gpg_error_t
-getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count)
+getsrv_libdns (ctrl_t ctrl,
+               const char *name, struct srventry **list, unsigned int *r_count)
 {
   gpg_error_t err;
   struct dns_resolver *res = NULL;
@@ -1865,7 +1879,7 @@ getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count)
   int derr;
   unsigned int srvcount = 0;
 
-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
   if (err)
     goto leave;
 
@@ -2084,7 +2098,8 @@ getsrv_standard (const char *name,
  * we do not return NONAME but simply store 0 at R_COUNT.  On error an
  * error code is returned and 0 stored at R_COUNT.  */
 gpg_error_t
-get_dns_srv (const char *name, const char *service, const char *proto,
+get_dns_srv (ctrl_t ctrl,
+             const char *name, const char *service, const char *proto,
              struct srventry **list, unsigned int *r_count)
 {
   gpg_error_t err;
@@ -2113,9 +2128,9 @@ get_dns_srv (const char *name, const char *service, const char *proto,
 #ifdef USE_LIBDNS
   if (!standard_resolver)
     {
-      err = getsrv_libdns (name, list, &srvcount);
+      err = getsrv_libdns (ctrl, name, list, &srvcount);
       if (err && libdns_switch_port_p (err))
-        err = getsrv_libdns (name, list, &srvcount);
+        err = getsrv_libdns (ctrl, name, list, &srvcount);
     }
   else
 #endif /*USE_LIBDNS*/
@@ -2181,7 +2196,7 @@ get_dns_srv (const char *name, const char *service, const char *proto,
           (*list)[j].run_count=prio_count;
         }
 
-      chose=prio_count*rand()/RAND_MAX;
+      chose=prio_count*rand()/(float)RAND_MAX;
 
       for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
         {
@@ -2220,7 +2235,7 @@ get_dns_srv (const char *name, const char *service, const char *proto,
 #ifdef USE_LIBDNS
 /* libdns version of get_dns_cname.  */
 gpg_error_t
-get_dns_cname_libdns (const char *name, char **r_cname)
+get_dns_cname_libdns (ctrl_t ctrl, const char *name, char **r_cname)
 {
   gpg_error_t err;
   struct dns_resolver *res;
@@ -2228,7 +2243,7 @@ get_dns_cname_libdns (const char *name, char **r_cname)
   struct dns_cname cname;
   int derr;
 
-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
   if (err)
     goto leave;
 
@@ -2373,7 +2388,7 @@ get_dns_cname_standard (const char *name, char **r_cname)
 
 
 gpg_error_t
-get_dns_cname (const char *name, char **r_cname)
+get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname)
 {
   gpg_error_t err;
 
@@ -2382,9 +2397,9 @@ get_dns_cname (const char *name, char **r_cname)
 #ifdef USE_LIBDNS
   if (!standard_resolver)
     {
-      err = get_dns_cname_libdns (name, r_cname);
+      err = get_dns_cname_libdns (ctrl, name, r_cname);
       if (err && libdns_switch_port_p (err))
-        err = get_dns_cname_libdns (name, r_cname);
+        err = get_dns_cname_libdns (ctrl, name, r_cname);
       return err;
     }
 #endif /*USE_LIBDNS*/
@@ -2446,15 +2461,27 @@ check_inet_support (int *r_v4, int *r_v6)
                   log_debug ("%s:     addr: %s\n", __func__, buffer);
               }
           }
+      }
+
+    for (ai = aibuf; ai; ai = ai->ai_next)
+      {
+        if (ai->ai_family == AF_INET)
+          *r_v4 = 1;
+      }
+    for (ai = aibuf; ai; ai = ai->ai_next)
+      {
         if (ai->ai_family == AF_INET6)
           {
             struct sockaddr_in6 *v6addr = (struct sockaddr_in6 *)ai->ai_addr;
-            if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr))
-              *r_v6 = 1;
-          }
-        else if (ai->ai_family == AF_INET)
-          {
-            *r_v4 = 1;
+            if (!IN6_IS_ADDR_LINKLOCAL (&v6addr->sin6_addr)
+                && (!*r_v4 || !IN6_IS_ADDR_LOOPBACK (&v6addr->sin6_addr)))
+              {
+                /* We only assume v6 if we do not have a v4 address or
+                 * if the address is not ::1.  Linklocal never
+                 * indicates v6 support.  */
+                *r_v6 = 1;
+                break;
+              }
           }
       }
 
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index a9f9651..415eac5 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -140,12 +140,14 @@ void dns_stuff_housekeeping (void);
 void free_dns_addrinfo (dns_addrinfo_t ai);
 
 /* Function similar to getaddrinfo.  */
-gpg_error_t resolve_dns_name (const char *name, unsigned short port,
+gpg_error_t resolve_dns_name (ctrl_t ctrl,
+                              const char *name, unsigned short port,
                               int want_family, int want_socktype,
                               dns_addrinfo_t *r_dai, char **r_canonname);
 
 /* Function similar to getnameinfo.  */
-gpg_error_t resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
+gpg_error_t resolve_dns_addr (ctrl_t ctrl,
+                              const struct sockaddr_storage *addr, int addrlen,
                               unsigned int flags, char **r_name);
 
 /* Return true if NAME is a numerical IP address.  */
@@ -155,16 +157,18 @@ int is_ip_address (const char *name);
 int is_onion_address (const char *name);
 
 /* Get the canonical name for NAME.  */
-gpg_error_t get_dns_cname (const char *name, char **r_cname);
+gpg_error_t get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname);
 
 /* Return a CERT record or an arbitrary RR.  */
-gpg_error_t get_dns_cert (const char *name, int want_certtype,
+gpg_error_t get_dns_cert (ctrl_t ctrl,
+                          const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
                           unsigned char **r_fpr, size_t *r_fprlen,
                           char **r_url);
 
 /* Return an array of SRV records.  */
-gpg_error_t get_dns_srv (const char *name,
+gpg_error_t get_dns_srv (ctrl_t ctrl,
+                         const char *name,
                          const char *service, const char *proto,
                          struct srventry **list, unsigned int *r_count);
 
diff --git a/dirmngr/dns.c b/dirmngr/dns.c
index 25d839a..3ac6a2d 100644
--- a/dirmngr/dns.c
+++ b/dirmngr/dns.c
@@ -1836,7 +1836,7 @@ static void dns_p_free(struct dns_packet *P) {
 } /* dns_p_free() */
 
 
-/* convience routine to free any existing packet before storing new packet */
+/* convenience routine to free any existing packet before storing new packet */
 static struct dns_packet *dns_p_setptr(struct dns_packet **dst, struct dns_packet *src) {
 	dns_p_free(*dst);
 
@@ -4507,8 +4507,6 @@ struct dns_trace *dns_trace_open(FILE *fp, dns_error_t *error) {
 
 	if (fp) {
 		trace->fp = fp;
-	} else if (!(fp = tmpfile())) {
-		goto syerr;
 	}
 
 	trace->id = dns_trace_mkid();
@@ -5659,12 +5657,7 @@ skip:
 			memset(resconf->search, '\0', sizeof resconf->search);
 
 			for (i = 1, j = 0; i < wc && j < lengthof(resconf->search); i++, j++)
-				if (words[i][0] == '.') {
-					/* Ignore invalid search spec.  */
-					j--;
-				} else {
-					dns_d_anchor(resconf->search[j], sizeof resconf->search[j], words[i], strlen(words[i]));
-				}
+				dns_d_anchor(resconf->search[j], sizeof resconf->search[j], words[i], strlen(words[i]));
 
 			break;
 		case DNS_RESCONF_LOOKUP:
@@ -7656,7 +7649,7 @@ retry:
 			goto udp_connect_retry;
 		} else if (error == ECONNREFUSED)
 			/* Error for previous socket operation may
-			   be reserverd asynchronously. */
+			   be reserved(?) asynchronously. */
 			goto udp_connect_retry;
 
 		if (error)
@@ -8254,7 +8247,7 @@ struct dns_resolver *dns_res_open(struct dns_resolv_conf *resconf, struct dns_ho
 	/*
 	 * Don't try to load it ourselves because a NULL object might be an
 	 * error from, say, dns_resconf_root(), and loading
-	 * dns_resconf_local() by default would create undesirable surpises.
+	 * dns_resconf_local() by default would create undesirable surprises.
 	 */
 	if (!resconf || !hosts || !hints) {
 		if (!*_error)
@@ -8308,8 +8301,14 @@ struct dns_resolver *dns_res_stub(const struct dns_options *opts, int *error) {
 	if (!(hints = dns_hints_local(resconf, error)))
 		goto epilog;
 
+        /* RESCONF is closed by dns_hints_local, so, get it again.  */
+	if (!(resconf = dns_resconf_local(error)))
+		goto epilog;
+
 	if (!(res = dns_res_open(resconf, hosts, hints, NULL, opts, error)))
 		goto epilog;
+        else
+		return res;
 
 epilog:
 	dns_resconf_close(resconf);
diff --git a/dirmngr/domaininfo.c b/dirmngr/domaininfo.c
index 2e55842..b41aef3 100644
--- a/dirmngr/domaininfo.c
+++ b/dirmngr/domaininfo.c
@@ -120,7 +120,7 @@ domaininfo_print_stats (void)
 }
 
 
-/* Return true if DOMAIN definitely does not support WKD.  Noet that
+/* Return true if DOMAIN definitely does not support WKD.  Note that
  * DOMAIN is expected to be lowercase.  */
 int
 domaininfo_is_wkd_not_supported (const char *domain)
diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
index 7f13318..ae5cf55 100644
--- a/dirmngr/http-ntbtls.c
+++ b/dirmngr/http-ntbtls.c
@@ -47,7 +47,7 @@ gnupg_http_tls_verify_cb (void *opaque,
   ksba_cert_t cert;
   ksba_cert_t hostcert = NULL;
   unsigned int validate_flags;
-  /* const char *hostname; */
+  const char *hostname;
 
   (void)http;
   (void)session;
@@ -55,7 +55,7 @@ gnupg_http_tls_verify_cb (void *opaque,
   log_assert (ctrl && ctrl->magic == SERVER_CONTROL_MAGIC);
   log_assert (!ntbtls_check_context (tls));
 
-  /* Get the peer's certs fron ntbtls.  */
+  /* Get the peer's certs from ntbtls.  */
   for (idx = 0;
        (cert = ntbtls_x509_get_peer_cert (tls, idx)); idx++)
     {
@@ -81,16 +81,14 @@ gnupg_http_tls_verify_cb (void *opaque,
    * certificate.  Note that this differes from the GnuTLS
    * implementation which uses this special certificate only if no
    * other certificates are configured. */
-  /* Disabled for 2.2.19 to due problems with the standard hkps pool.  */
-  /* hostname = ntbtls_get_hostname (tls); */
-  /* if (hostname */
-  /*     && !ascii_strcasecmp (hostname, get_default_keyserver (1))) */
-  /*   { */
-  /*     validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL; */
-  /*   } */
-  /* else */
+  hostname = ntbtls_get_hostname (tls);
+  if (hostname
+      && !ascii_strcasecmp (hostname, get_default_keyserver (1)))
+    {
+      validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL;
+    }
+  else /* Use the certificates as requested from the HTTP module.  */
     {
-      /* Use the certificates as requested from the HTTP module.  */
       if ((http_flags & HTTP_FLAG_TRUST_CFG))
         validate_flags |= VALIDATE_FLAG_TRUST_CONFIG;
       if ((http_flags & HTTP_FLAG_TRUST_DEF))
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 946234e..f7f6530 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1,8 +1,8 @@
 /* http.c  -  HTTP protocol handler
- * Copyright (C) 1999, 2001-2004, 2006, 2009, 2010,
+ * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
  *               2011 Free Software Foundation, Inc.
- * Copyright (C) 1999, 2001-2004, 2006, 2009, 2010, 2011, 2014 Werner Koch
- * Copyright (C) 2015-2017, 2021 g10 Code GmbH
+ * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 2015-2019 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -39,9 +39,8 @@
   - stpcpy is required
   - fixme: list other requirements.
 
-
-  - With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
-    provided (this also requires estream).
+  - Either HTTP_USE_NTBTLS or HTTP_USE_GNUTLS must be defined to select
+    which TLS library to use.
 
   - With HTTP_NO_WSASTARTUP the socket initialization is not done
     under Windows.  This is useful if the socket layer has already
@@ -136,13 +135,10 @@
 
 #if HTTP_USE_NTBTLS
 typedef ntbtls_t         tls_session_t;
-# define USE_TLS 1
 #elif HTTP_USE_GNUTLS
 typedef gnutls_session_t tls_session_t;
-# define USE_TLS 1
 #else
-typedef void *tls_session_t;
-# undef USE_TLS
+# error building without TLS is not supported
 #endif
 
 static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
@@ -153,14 +149,15 @@ static int remove_escapes (char *string);
 static int insert_escapes (char *buffer, const char *string,
                            const char *special);
 static uri_tuple_t parse_tuple (char *string);
-static gpg_error_t send_request (http_t hd, const char *httphost,
+static gpg_error_t send_request (ctrl_t ctrl, http_t hd, const char *httphost,
                                  const char *auth,const char *proxy,
 				 const char *srvtag, unsigned int timeout,
                                  strlist_t headers);
 static char *build_rel_path (parsed_uri_t uri);
 static gpg_error_t parse_response (http_t hd);
 
-static gpg_error_t connect_server (const char *server, unsigned short port,
+static gpg_error_t connect_server (ctrl_t ctrl,
+                                   const char *server, unsigned short port,
                                    unsigned int flags, const char *srvtag,
                                    unsigned int timeout, assuan_fd_t *r_sock);
 static gpgrt_ssize_t read_server (assuan_fd_t sock, void *buffer, size_t size);
@@ -240,10 +237,7 @@ struct http_session_s
   unsigned long magic;
 
   int refcount;    /* Number of references to this object.  */
-#ifdef HTTP_USE_GNUTLS
-  gnutls_certificate_credentials_t certcred;
-#endif /*HTTP_USE_GNUTLS*/
-#ifdef USE_TLS
+
   tls_session_t tls_session;
   struct {
     int done;      /* Verifciation has been done.  */
@@ -251,7 +245,7 @@ struct http_session_s
     unsigned int status; /* Verification status.  */
   } verify;
   char *servername; /* Malloced server name.  */
-#endif /*USE_TLS*/
+
   /* A callback function to log details of TLS certifciates.  */
   void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
                        const void **, size_t *);
@@ -265,6 +259,10 @@ struct http_session_s
 
   /* The connect timeout */
   unsigned int connect_timeout;
+
+#ifdef HTTP_USE_GNUTLS
+  gnutls_certificate_credentials_t certcred;
+#endif /*HTTP_USE_GNUTLS*/
 };
 
 
@@ -648,31 +646,29 @@ notify_netactivity (void)
 
 
 
-#ifdef USE_TLS
 /* Free the TLS session associated with SESS, if any.  */
 static void
 close_tls_session (http_session_t sess)
 {
   if (sess->tls_session)
     {
-# if HTTP_USE_NTBTLS
+#if HTTP_USE_NTBTLS
       /* FIXME!!
          Possibly, ntbtls_get_transport and close those streams.
          Somehow get SOCK to call my_socket_unref.
       */
       ntbtls_release (sess->tls_session);
-# elif HTTP_USE_GNUTLS
+#elif HTTP_USE_GNUTLS
       my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
       my_socket_unref (sock, NULL, NULL);
       gnutls_deinit (sess->tls_session);
       if (sess->certcred)
         gnutls_certificate_free_credentials (sess->certcred);
-# endif /*HTTP_USE_GNUTLS*/
+#endif /*HTTP_USE_GNUTLS*/
       xfree (sess->servername);
       sess->tls_session = NULL;
     }
 }
-#endif /*USE_TLS*/
 
 
 /* Release a session.  Take care not to release it while it is being
@@ -692,15 +688,14 @@ session_unref (int lnr, http_session_t sess)
   if (sess->refcount)
     return;
 
-#ifdef USE_TLS
   close_tls_session (sess);
-#endif /*USE_TLS*/
 
   sess->magic = 0xdeadbeef;
   xfree (sess);
 }
 #define http_session_unref(a) session_unref (__LINE__, (a))
 
+
 void
 http_session_release (http_session_t sess)
 {
@@ -766,38 +761,35 @@ http_session_new (http_session_t *r_session,
         goto leave;
       }
 
-    /* Disabled for 2.2.19 to due problems with the standard hkps pool.  */
-    /* is_hkps_pool = (intended_hostname */
-    /*                 && !ascii_strcasecmp (intended_hostname, */
-    /*                                       get_default_keyserver (1))); */
-    is_hkps_pool = 0;
+    is_hkps_pool = (intended_hostname
+                    && !ascii_strcasecmp (intended_hostname,
+                                          get_default_keyserver (1)));
 
     /* If we are looking for the hkps pool from sks-keyservers.net,
      * then forcefully use its dedicated certificate authority.  */
-    /* Disabled for 2.2.29 because the service had to be shutdown.  */
-    /* if (is_hkps_pool) */
-    /*   { */
-    /*     char *pemname = make_filename_try (gnupg_datadir (), */
-    /*                                        "sks-keyservers.netCA.pem", NULL); */
-    /*     if (!pemname) */
-    /*       { */
-    /*         err = gpg_error_from_syserror (); */
-    /*         log_error ("setting CA from file '%s' failed: %s\n", */
-    /*                    pemname, gpg_strerror (err)); */
-    /*       } */
-    /*     else */
-    /*       { */
-    /*         rc = gnutls_certificate_set_x509_trust_file */
-    /*           (sess->certcred, pemname, GNUTLS_X509_FMT_PEM); */
-    /*         if (rc < 0) */
-    /*           log_info ("setting CA from file '%s' failed: %s\n", */
-    /*                     pemname, gnutls_strerror (rc)); */
-    /*         xfree (pemname); */
-    /*       } */
-    /*         */
-    /*     if (is_hkps_pool) */
-    /*       add_system_cas = 0; */
-    /*   } */
+    if (is_hkps_pool)
+      {
+        char *pemname = make_filename_try (gnupg_datadir (),
+                                           "sks-keyservers.netCA.pem", NULL);
+        if (!pemname)
+          {
+            err = gpg_error_from_syserror ();
+            log_error ("setting CA from file '%s' failed: %s\n",
+                       pemname, gpg_strerror (err));
+          }
+        else
+          {
+            rc = gnutls_certificate_set_x509_trust_file
+              (sess->certcred, pemname, GNUTLS_X509_FMT_PEM);
+            if (rc < 0)
+              log_info ("setting CA from file '%s' failed: %s\n",
+                        pemname, gnutls_strerror (rc));
+            xfree (pemname);
+          }
+
+        if (is_hkps_pool)
+          add_system_cas = 0;
+      }
 
     /* Add configured certificates to the session.  */
     if ((flags & HTTP_FLAG_TRUST_DEF) && !is_hkps_pool)
@@ -892,9 +884,7 @@ http_session_new (http_session_t *r_session,
     log_debug ("http.c:session_new: sess %p created\n", sess);
   err = 0;
 
-#if USE_TLS
  leave:
-#endif /*USE_TLS*/
   if (err)
     http_session_unref (sess);
   else
@@ -946,7 +936,7 @@ http_session_set_timeout (http_session_t sess, unsigned int timeout)
    If HTTPHOST is not NULL it is used for the Host header instead of a
    Host header derived from the URL. */
 gpg_error_t
-http_open (http_t *r_hd, http_req_t reqtype, const char *url,
+http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype, const char *url,
            const char *httphost,
            const char *auth, unsigned int flags, const char *proxy,
            http_session_t session, const char *srvtag, strlist_t headers)
@@ -970,7 +960,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
 
   err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS));
   if (!err)
-    err = send_request (hd, httphost, auth, proxy, srvtag,
+    err = send_request (ctrl, hd, httphost, auth, proxy, srvtag,
                         hd->session? hd->session->connect_timeout : 0,
                         headers);
 
@@ -994,7 +984,8 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
    this http abstraction layer.  This has the advantage of providing
    service tags and an estream interface.  TIMEOUT is in milliseconds. */
 gpg_error_t
-http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
+http_raw_connect (ctrl_t ctrl, http_t *r_hd,
+                  const char *server, unsigned short port,
                   unsigned int flags, const char *srvtag, unsigned int timeout)
 {
   gpg_error_t err = 0;
@@ -1030,7 +1021,8 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
   {
     assuan_fd_t sock;
 
-    err = connect_server (server, port, hd->flags, srvtag, timeout, &sock);
+    err = connect_server (ctrl, server, port,
+                          hd->flags, srvtag, timeout, &sock);
     if (err)
       {
         xfree (hd);
@@ -1110,7 +1102,7 @@ http_start_data (http_t hd)
   if (!hd->in_data)
     {
       if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-        log_debug_with_string ("\r\n", "http.c:request-header:");
+        log_debug_string ("\r\n", "http.c:request-header:");
       es_fputs ("\r\n", hd->fp_write);
       es_fflush (hd->fp_write);
       hd->in_data = 1;
@@ -1183,14 +1175,14 @@ http_wait_response (http_t hd)
    be used as an HTTP proxy and any enabled $http_proxy gets
    ignored. */
 gpg_error_t
-http_open_document (http_t *r_hd, const char *document,
+http_open_document (ctrl_t ctrl, http_t *r_hd, const char *document,
                     const char *auth, unsigned int flags, const char *proxy,
                     http_session_t session,
                     const char *srvtag, strlist_t headers)
 {
   gpg_error_t err;
 
-  err = http_open (r_hd, HTTP_REQ_GET, document, NULL, auth, flags,
+  err = http_open (ctrl, r_hd, HTTP_REQ_GET, document, NULL, auth, flags,
                    proxy, session, srvtag, headers);
   if (err)
     return err;
@@ -1301,14 +1293,15 @@ parse_uri (parsed_uri_t *ret_uri, const char *uri,
 /*
  * Parse an URI and put the result into the newly allocated RET_URI.
  * On success the caller must use http_release_parsed_uri() to
- * releases the resources.  If the HTTP_PARSE_NO_SCHEME_CHECK flag is
- * set, the function tries to parse the URL in the same way it would
- * do for an HTTP style URI.   */
+ * releases the resources.  If NO_SCHEME_CHECK is set, the function
+ * tries to parse the URL in the same way it would do for an HTTP
+ * style URI; this can for example be used for hkps or ldap schemes.
+ */
 gpg_error_t
 http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
-                unsigned int flags)
+                int no_scheme_check)
 {
-  return parse_uri (ret_uri, uri, !!(flags & HTTP_PARSE_NO_SCHEME_CHECK), 0);
+  return parse_uri (ret_uri, uri, no_scheme_check, 0);
 }
 
 
@@ -1351,6 +1344,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
   uri->params = uri->query = NULL;
   uri->use_tls = 0;
   uri->is_http = 0;
+  uri->is_ldap = 0;
   uri->opaque = 0;
   uri->v6lit = 0;
   uri->onion = 0;
@@ -1358,9 +1352,8 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
   uri->off_host = 0;
   uri->off_path = 0;
 
-  /* A quick validity check unless we have the opaque scheme. */
-  if (strspn (p, VALID_URI_CHARS) != n
-      && strncmp (p, "opaque:", 7))
+  /* A quick validity check. */
+  if (strspn (p, VALID_URI_CHARS) != n)
     return GPG_ERR_BAD_URI;	/* Invalid characters found. */
 
   if (!only_local_part)
@@ -1382,7 +1375,6 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
           uri->port = 11371;
           uri->is_http = 1;
         }
-#ifdef USE_TLS
       else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
                || (force_tls && (!strcmp (uri->scheme, "http")
                                  || !strcmp (uri->scheme,"hkp"))))
@@ -1391,15 +1383,25 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
           uri->is_http = 1;
           uri->use_tls = 1;
         }
-#endif /*USE_TLS*/
-      else if (!strcmp (uri->scheme, "opaque"))
+      else if (!no_scheme_check)
+	return GPG_ERR_INV_URI; /* Not an http style scheme.  */
+      else if (!strcmp (uri->scheme, "ldap") && !force_tls)
         {
-          uri->opaque = 1;
-          uri->path = p2;
-          return 0;
+          uri->port = 389;
+          uri->is_ldap = 1;
+        }
+      else if (!strcmp (uri->scheme, "ldaps")
+               || (force_tls && (!strcmp (uri->scheme, "ldap"))))
+        {
+          uri->port = 636;
+          uri->is_ldap = 1;
+          uri->use_tls = 1;
+        }
+      else if (!strcmp (uri->scheme, "ldapi"))  /* LDAP via IPC.  */
+        {
+          uri->port = 0;
+          uri->is_ldap = 1;
         }
-      else if (!no_scheme_check)
-	return GPG_ERR_INV_URI; /* Unsupported scheme */
 
       p = p2;
 
@@ -1465,8 +1467,8 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
 	    return GPG_ERR_BAD_URI;	/* Hostname includes a Nul. */
 	  p = p2 ? p2 : NULL;
 	}
-      else if (uri->is_http)
-	return GPG_ERR_INV_URI; /* No Leading double slash for HTTP.  */
+      else if (!no_scheme_check && (uri->is_http || uri->is_ldap))
+	return GPG_ERR_INV_URI; /* HTTP or LDAP w/o leading double slash. */
       else
         {
           uri->opaque = 1;
@@ -1749,7 +1751,7 @@ is_hostname_port (const char *string)
  * Returns 0 if the request was successful
  */
 static gpg_error_t
-send_request (http_t hd, const char *httphost, const char *auth,
+send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth,
 	      const char *proxy, const char *srvtag, unsigned int timeout,
               strlist_t headers)
 {
@@ -1761,16 +1763,13 @@ send_request (http_t hd, const char *httphost, const char *auth,
   char *proxy_authstr = NULL;
   char *authstr = NULL;
   assuan_fd_t sock;
-#ifdef USE_TLS
   int have_http_proxy = 0;
-#endif
 
   if (hd->uri->use_tls && !hd->session)
     {
       log_error ("TLS requested but no session object provided\n");
       return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
     }
-#ifdef USE_TLS
   if (hd->uri->use_tls && !hd->session->tls_session)
     {
       log_error ("TLS requested but no TLS context available\n");
@@ -1778,15 +1777,12 @@ send_request (http_t hd, const char *httphost, const char *auth,
     }
   if (opt_debug)
     log_debug ("Using TLS library: %s %s\n",
-# if HTTP_USE_NTBTLS
+#if HTTP_USE_NTBTLS
                "NTBTLS", ntbtls_check_version (NULL)
-# elif HTTP_USE_GNUTLS
+#elif HTTP_USE_GNUTLS
                "GNUTLS", gnutls_check_version (NULL)
-# else
-               "?", "?"
-# endif /*HTTP_USE_*TLS*/
+#endif /*HTTP_USE_GNUTLS*/
                );
-#endif /*USE_TLS*/
 
   if ((hd->flags & HTTP_FLAG_FORCE_TOR))
     {
@@ -1807,12 +1803,11 @@ send_request (http_t hd, const char *httphost, const char *auth,
   port = hd->uri->port ? hd->uri->port : 80;
 
   /* Try to use SNI.  */
-#ifdef USE_TLS
   if (hd->uri->use_tls)
     {
-# if HTTP_USE_GNUTLS
+#if HTTP_USE_GNUTLS
       int rc;
-# endif
+#endif
 
       xfree (hd->session->servername);
       hd->session->servername = xtrystrdup (httphost? httphost : server);
@@ -1822,7 +1817,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
           return err;
         }
 
-# if HTTP_USE_NTBTLS
+#if HTTP_USE_NTBTLS
       err = ntbtls_set_hostname (hd->session->tls_session,
                                  hd->session->servername);
       if (err)
@@ -1830,16 +1825,15 @@ send_request (http_t hd, const char *httphost, const char *auth,
           log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
           return err;
         }
-# elif HTTP_USE_GNUTLS
+#elif HTTP_USE_GNUTLS
       rc = gnutls_server_name_set (hd->session->tls_session,
                                    GNUTLS_NAME_DNS,
                                    hd->session->servername,
                                    strlen (hd->session->servername));
       if (rc < 0)
         log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
-# endif /*HTTP_USE_GNUTLS*/
+#endif /*HTTP_USE_GNUTLS*/
     }
-#endif /*USE_TLS*/
 
   if ( (proxy && *proxy)
        || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
@@ -1864,10 +1858,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
 
       if (err)
         ;
-#ifdef USE_TLS
       else if (!strcmp (uri->scheme, "http"))
         have_http_proxy = 1;
-#endif
       else if (!strcmp (uri->scheme, "socks4")
                || !strcmp (uri->scheme, "socks5h"))
         err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
@@ -1896,14 +1888,16 @@ send_request (http_t hd, const char *httphost, const char *auth,
             }
         }
 
-      err = connect_server (*uri->host ? uri->host : "localhost",
+      err = connect_server (ctrl,
+                            *uri->host ? uri->host : "localhost",
                             uri->port ? uri->port : 80,
                             hd->flags, NULL, timeout, &sock);
       http_release_parsed_uri (uri);
     }
   else
     {
-      err = connect_server (server, port, hd->flags, srvtag, timeout, &sock);
+      err = connect_server (ctrl,
+                            server, port, hd->flags, srvtag, timeout, &sock);
     }
 
   if (err)
@@ -1918,7 +1912,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
       return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
     }
 
-#if USE_TLS
   if (have_http_proxy && hd->uri->use_tls)
     {
       int saved_flags;
@@ -1939,7 +1932,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
         return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 
       if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-        log_debug_with_string (request, "http.c:request:");
+        log_debug_string (request, "http.c:request:");
 
       cookie = xtrycalloc (1, sizeof *cookie);
       if (! cookie)
@@ -2005,7 +1998,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
        * TLS session and talk directly to the target server.  */
       http_proxy = NULL;
     }
-#endif	/* USE_TLS */
 
 #if HTTP_USE_NTBTLS
   if (hd->uri->use_tls)
@@ -2016,12 +2008,12 @@ send_request (http_t hd, const char *httphost, const char *auth,
 
       /* Until we support send/recv in estream under Windows we need
        * to use es_fopencookie.  */
-#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_W32_SYSTEM
       in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
                            simple_cookie_functions);
-#else
+# else
       in = es_fdopen_nc (hd->sock->fd, "rb");
-#endif
+# endif
       if (!in)
         {
           err = gpg_error_from_syserror ();
@@ -2029,12 +2021,12 @@ send_request (http_t hd, const char *httphost, const char *auth,
           return err;
         }
 
-#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_W32_SYSTEM
       out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
                             simple_cookie_functions);
-#else
+# else
       out = es_fdopen_nc (hd->sock->fd, "wb");
-#endif
+# endif
       if (!out)
         {
           err = gpg_error_from_syserror ();
@@ -2052,7 +2044,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
           return err;
         }
 
-#ifdef HTTP_USE_NTBTLS
       if (hd->session->verify_cb)
         {
           err = ntbtls_set_verify_cb (hd->session->tls_session,
@@ -2065,7 +2056,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
               return err;
             }
         }
-#endif /*HTTP_USE_NTBTLS*/
 
       while ((err = ntbtls_handshake (hd->session->tls_session)))
         {
@@ -2092,11 +2082,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
       /* Try the available verify callbacks until one returns success
        * or a real error.  Note that NTBTLS does the verification
        * during the handshake via   */
-#ifdef HTTP_USE_NTBTLS
       err = 0; /* Fixme check that the CB has been called.  */
-#else
-      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
 
       if (hd->session->verify_cb
           && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
@@ -2124,7 +2110,9 @@ send_request (http_t hd, const char *httphost, const char *auth,
         }
 
     }
+
 #elif HTTP_USE_GNUTLS
+
   if (hd->uri->use_tls)
     {
       int rc;
@@ -2181,6 +2169,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
           return err;
         }
     }
+
 #endif /*HTTP_USE_GNUTLS*/
 
   if (auth || hd->uri->auth)
@@ -2193,7 +2182,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
           if (!myauth)
             {
               xfree (proxy_authstr);
-              return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+              return gpg_err_make (default_errsource,
+                                   gpg_err_code_from_syserror ());
             }
           remove_escapes (myauth);
         }
@@ -2262,7 +2252,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
     }
 
   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-    log_debug_with_string (request, "http.c:request:");
+    log_debug_string (request, "http.c:request:");
 
   /* First setup estream so that we can write even the first line
      using estream.  This is also required for the sake of gnutls. */
@@ -2298,7 +2288,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
       for (;headers; headers=headers->next)
         {
           if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-            log_debug_with_string (headers->d, "http.c:request-header:");
+            log_debug_string (headers->d, "http.c:request-header:");
           if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
               || (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
             {
@@ -2549,7 +2539,7 @@ parse_response (http_t hd)
 	return GPG_ERR_EOF;
 
       if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-        log_debug_with_string (line, "http.c:response:\n");
+        log_debug_string (line, "http.c:response:\n");
     }
   while (!*line);
 
@@ -2915,7 +2905,7 @@ connect_with_timeout (assuan_fd_t sock,
  * function tries to connect to all known addresses and the timeout is
  * for each one. */
 static gpg_error_t
-connect_server (const char *server, unsigned short port,
+connect_server (ctrl_t ctrl, const char *server, unsigned short port,
                 unsigned int flags, const char *srvtag, unsigned int timeout,
                 assuan_fd_t *r_sock)
 {
@@ -2970,7 +2960,7 @@ connect_server (const char *server, unsigned short port,
   /* Do the SRV thing */
   if (srvtag)
     {
-      err = get_dns_srv (server, srvtag, NULL, &serverlist, &srvcount);
+      err = get_dns_srv (ctrl, server, srvtag, NULL, &serverlist, &srvcount);
       if (err)
         log_info ("getting '%s' SRV for '%s' failed: %s\n",
                   srvtag, server, gpg_strerror (err));
@@ -3000,7 +2990,8 @@ connect_server (const char *server, unsigned short port,
       if (opt_debug)
         log_debug ("http.c:connect_server: trying name='%s' port=%hu\n",
                    serverlist[srv].target, port);
-      err = resolve_dns_name (serverlist[srv].target, port, 0, SOCK_STREAM,
+      err = resolve_dns_name (ctrl,
+                              serverlist[srv].target, port, 0, SOCK_STREAM,
                               &aibuf, NULL);
       if (err)
         {
@@ -3535,6 +3526,7 @@ http_verify_server_credentials (http_session_t sess)
 #endif
 }
 
+
 /* Return the first query variable with the specified key.  If there
    is no such variable, return NULL.  */
 struct uri_tuple_s *
@@ -3549,15 +3541,6 @@ uri_query_lookup (parsed_uri_t uri, const char *key)
   return NULL;
 }
 
-const char *
-uri_query_value (parsed_uri_t url, const char *key)
-{
-  struct uri_tuple_s *t;
-  t = uri_query_lookup (url, key);
-  return t? t->value : NULL;
-}
-
-
 
 /* Return true if both URI point to the same host for the purpose of
  * redirection check.  A is the original host and B the host given in
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 2b11c58..4ad0351 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -51,11 +51,12 @@ struct parsed_uri_s
   char *original;       /* Unmodified copy of the parsed URI.  */
   char *scheme;	        /* Pointer to the scheme string (always lowercase). */
   unsigned int is_http:1; /* This is a HTTP style URI.   */
+  unsigned int is_ldap:1; /* This is a LDAP style URI.   */
   unsigned int use_tls:1; /* Whether TLS should be used. */
-  unsigned int opaque:1;/* Unknown scheme; PATH has the rest.  */
-  unsigned int v6lit:1; /* Host was given as a literal v6 address.  */
-  unsigned int onion:1; /* .onion address given.  */
-  unsigned int explicit_port:1; /* The port was explicitly specified.  */
+  unsigned int opaque:1;  /* Unknown scheme; PATH has the rest.  */
+  unsigned int v6lit:1;   /* Host was given as a literal v6 address.  */
+  unsigned int onion:1;   /* .onion address given.  */
+  unsigned int explicit_port :1; /* The port was explicitly specified.  */
   unsigned int ad_current:1;    /* Use Active Directory's current user.  */
   char *auth;           /* username/password for basic auth.  */
   char *host; 	        /* Host (converted to lowercase). */
@@ -70,7 +71,6 @@ struct parsed_uri_s
 typedef struct parsed_uri_s *parsed_uri_t;
 
 struct uri_tuple_s *uri_query_lookup (parsed_uri_t uri, const char *key);
-const char *uri_query_value (parsed_uri_t url, const char *key);
 
 typedef enum
   {
@@ -151,18 +151,17 @@ void http_session_set_log_cb (http_session_t sess,
 void http_session_set_timeout (http_session_t sess, unsigned int timeout);
 
 
-#define HTTP_PARSE_NO_SCHEME_CHECK 1
 gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
-                            unsigned int flags);
+                            int no_scheme_check);
 
 void http_release_parsed_uri (parsed_uri_t uri);
 
-gpg_error_t http_raw_connect (http_t *r_hd,
+gpg_error_t http_raw_connect (ctrl_t ctrl, http_t *r_hd,
                               const char *server, unsigned short port,
                               unsigned int flags, const char *srvtag,
                               unsigned int timeout);
 
-gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
+gpg_error_t http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype,
                        const char *url,
                        const char *httphost,
                        const char *auth,
@@ -178,7 +177,7 @@ gpg_error_t http_wait_response (http_t hd);
 
 void http_close (http_t hd, int keep_read_stream);
 
-gpg_error_t http_open_document (http_t *r_hd,
+gpg_error_t http_open_document (ctrl_t ctrl, http_t *r_hd,
                                 const char *document,
                                 const char *auth,
                                 unsigned int flags,
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index 9b56258..0c54794 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -67,8 +67,6 @@ ks_action_help (ctrl_t ctrl, const char *url)
 {
   gpg_error_t err;
   parsed_uri_t parsed_uri;  /* The broken down URI.  */
-  char *tmpstr;
-  const char *s;
 
   if (!url || !*url)
     {
@@ -78,46 +76,19 @@ ks_action_help (ctrl_t ctrl, const char *url)
   else
     {
 #if USE_LDAP
-      if (!strncmp (url, "ldap:", 5) && !(url[5] == '/' && url[6] == '/'))
-        {
-          /* Special ldap scheme given.  This differs from a valid
-           * ldap scheme in that no double slash follows.  Use
-           * http_parse_uri to put it as opaque value into parsed_uri.  */
-          tmpstr = strconcat ("opaque:", url+5, NULL);
-          if (!tmpstr)
-            err = gpg_error_from_syserror ();
-          else
-            {
-              err = http_parse_uri (&parsed_uri, tmpstr, 0);
-              xfree (tmpstr);
-            }
-        }
-      else if ((s=strchr (url, ':')) && !(s[1] == '/' && s[2] == '/'))
-        {
-          /* No scheme given.  Use http_parse_uri to put the string as
-           * opaque value into parsed_uri.  */
-          tmpstr = strconcat ("opaque:", url, NULL);
-          if (!tmpstr)
-            err = gpg_error_from_syserror ();
-          else
-            {
-              err = http_parse_uri (&parsed_uri, tmpstr, 0);
-              xfree (tmpstr);
-            }
-        }
-      else if (ldap_uri_p (url))
+      if (ldap_uri_p (url))
 	err = ldap_parse_uri (&parsed_uri, url);
       else
 #endif
 	{
-	  err = http_parse_uri (&parsed_uri, url, HTTP_PARSE_NO_SCHEME_CHECK);
+	  err = http_parse_uri (&parsed_uri, url, 1);
 	}
 
       if (err)
         return err;
     }
 
-  /* Call all engines to give them a chance to print a help sting.  */
+  /* Call all engines to give them a chance to print a help string.  */
   err = ks_hkp_help (ctrl, parsed_uri);
   if (!err)
     err = ks_http_help (ctrl, parsed_uri);
@@ -193,10 +164,9 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
       int is_ldap = 0;
       unsigned int http_status = 0;
 #if USE_LDAP
-      is_ldap = (!strcmp (uri->parsed_uri->scheme, "ldap")
-		 || !strcmp (uri->parsed_uri->scheme, "ldaps")
-		 || !strcmp (uri->parsed_uri->scheme, "ldapi")
-                 || uri->parsed_uri->opaque);
+      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+		 || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+		 || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
 #endif
       if (is_http || is_ldap)
         {
@@ -241,7 +211,7 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
    keyservers and write the result to the provided output stream.  */
 gpg_error_t
 ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
-	       strlist_t patterns, int ldap_only, estream_t outfp)
+	       strlist_t patterns, estream_t outfp)
 {
   gpg_error_t err = 0;
   gpg_error_t first_err = 0;
@@ -268,14 +238,10 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
                        || strcmp (uri->parsed_uri->scheme, "https") == 0);
       int is_ldap = 0;
 
-      if (ldap_only)
-        is_hkp_s = is_http_s = 0;
-
 #if USE_LDAP
-      is_ldap = (!strcmp (uri->parsed_uri->scheme, "ldap")
-		 || !strcmp (uri->parsed_uri->scheme, "ldaps")
-		 || !strcmp (uri->parsed_uri->scheme, "ldapi")
-                 || uri->parsed_uri->opaque);
+      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+		 || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+		 || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
 #endif
 
       if (is_hkp_s || is_http_s || is_ldap)
@@ -344,7 +310,7 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
   if (!url)
     return gpg_error (GPG_ERR_INV_URI);
 
-  err = http_parse_uri (&parsed_uri, url, HTTP_PARSE_NO_SCHEME_CHECK);
+  err = http_parse_uri (&parsed_uri, url, 1);
   if (err)
     return err;
 
@@ -413,10 +379,9 @@ ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
       int is_ldap = 0;
 
 #if USE_LDAP
-      is_ldap = (!strcmp (uri->parsed_uri->scheme, "ldap")
-                 || !strcmp (uri->parsed_uri->scheme, "ldaps")
-                 || !strcmp (uri->parsed_uri->scheme, "ldapi")
-                 || uri->parsed_uri->opaque);
+      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+		|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+		|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
 #endif
 
       if (is_http || is_ldap)
diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h
index 36e0cf0..d576ef0 100644
--- a/dirmngr/ks-action.h
+++ b/dirmngr/ks-action.h
@@ -26,7 +26,7 @@ gpg_error_t ks_action_resolve (ctrl_t ctrl, uri_item_t keyservers);
 gpg_error_t ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
 			      strlist_t patterns, estream_t outfp);
 gpg_error_t ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
-			   strlist_t patterns, int ldap_only, estream_t outfp);
+			   strlist_t patterns, estream_t outfp);
 gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
 gpg_error_t ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
 			   void *data, size_t datalen,
diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
index e53a0ee..30ede15 100644
--- a/dirmngr/ks-engine-finger.c
+++ b/dirmngr/ks-engine-finger.c
@@ -82,7 +82,7 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
     }
   *server++ = 0;
 
-  err = http_raw_connect (&http, server, 79,
+  err = http_raw_connect (ctrl, &http, server, 79,
                           ((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
                            | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
                            | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index ef7a717..93c676b 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -35,6 +35,7 @@
 # include <netdb.h>
 #endif /*!HAVE_W32_SYSTEM*/
 
+#include <npth.h>
 #include "dirmngr.h"
 #include "misc.h"
 #include "../common/userids.h"
@@ -112,6 +113,8 @@ struct hostinfo_s
    resolved from a pool name and its allocated size.*/
 static hostinfo_t *hosttable;
 static int hosttable_size;
+/* A mutex used to serialize access to the hosttable. */
+static npth_mutex_t hosttable_lock;
 
 /* The number of host slots we initially allocate for HOSTTABLE.  */
 #define INITIAL_HOSTTABLE_SIZE 50
@@ -229,6 +232,9 @@ select_random_host (hostinfo_t hi)
   size_t tblsize;
   int pidx, idx;
 
+  /* CHECKTHIS();  See */
+  /*                 https://sources.debian.org/patches/gnupg2/2.2.20-1/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch/ */
+
   /* We create a new table so that we randomly select only from
      currently alive hosts.  */
   for (idx = 0, tblsize = 0;
@@ -308,7 +314,7 @@ tor_not_running_p (ctrl_t ctrl)
    PROTOCOL.  If NAME specifies a pool (as indicated by IS_POOL),
    update the given reference table accordingly.  */
 static void
-add_host (const char *name, int is_pool,
+add_host (ctrl_t ctrl, const char *name, int is_pool,
           const dns_addrinfo_t ai,
           enum ks_protocol protocol, unsigned short port)
 {
@@ -324,7 +330,7 @@ add_host (const char *name, int is_pool,
   if (is_pool)
     {
       /* For a pool immediately convert the address to a string.  */
-      tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+      tmperr = resolve_dns_addr (ctrl, ai->addr, ai->addrlen,
                                  (DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost);
     }
   else if (!is_ip_address (name))
@@ -341,7 +347,7 @@ add_host (const char *name, int is_pool,
     {
       /* Do a PTR lookup on AI.  If a name was not found the function
        * returns the numeric address (with brackets).  */
-      tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+      tmperr = resolve_dns_addr (ctrl, ai->addr, ai->addrlen,
                                  DNS_WITHBRACKET, &tmphost);
     }
 
@@ -515,7 +521,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
       unsigned int srvscount;
 
       /* Check for SRV records.  */
-      err = get_dns_srv (name, srvtag, NULL, &srvs, &srvscount);
+      err = get_dns_srv (ctrl, name, srvtag, NULL, &srvs, &srvscount);
       if (err)
         {
           if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED)
@@ -531,13 +537,13 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
 
           for (i = 0; i < srvscount; i++)
             {
-              err = resolve_dns_name (srvs[i].target, 0,
+              err = resolve_dns_name (ctrl, srvs[i].target, 0,
                                       AF_UNSPEC, SOCK_STREAM,
                                       &ai, &cname);
               if (err)
                 continue;
               dirmngr_tick (ctrl);
-              add_host (name, is_pool, ai, protocol, srvs[i].port);
+              add_host (ctrl, name, is_pool, ai, protocol, srvs[i].port);
               new_hosts = 1;
             }
 
@@ -552,7 +558,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
     {
       /* Find all A records for this entry and put them into the pool
          list - if any.  */
-      err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+      err = resolve_dns_name (ctrl, name, 0, 0, SOCK_STREAM, &aibuf, &cname);
       if (err)
         {
           log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err));
@@ -583,7 +589,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
                 continue;
               dirmngr_tick (ctrl);
 
-              add_host (name, is_pool, ai, 0, 0);
+              add_host (ctrl, name, is_pool, ai, 0, 0);
               new_hosts = 1;
             }
 
@@ -641,7 +647,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
        * hosttable. */
       char *host;
 
-      err = resolve_dns_name (hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL);
+      err = resolve_dns_name (ctrl, hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL);
       if (!err)
         {
           for (ai = aibuf; ai; ai = ai->next)
@@ -649,7 +655,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
               if ((!opt.disable_ipv6 && ai->family == AF_INET6)
                   || (!opt.disable_ipv4 && ai->family == AF_INET))
                 {
-                  err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
+                  err = resolve_dns_addr (ctrl,
+                                          ai->addr, ai->addrlen, 0, &host);
                   if (!err)
                     {
                       /* Okay, we return the first found name.  */
@@ -726,8 +733,7 @@ mark_host_dead (const char *name)
   parsed_uri_t parsed_uri = NULL;
   int done = 0;
 
-  if (name && *name
-      && !http_parse_uri (&parsed_uri, name, HTTP_PARSE_NO_SCHEME_CHECK))
+  if (name && *name && !http_parse_uri (&parsed_uri, name, 1))
     {
       if (parsed_uri->v6lit)
         {
@@ -779,9 +785,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive)
   if (!name || !*name || !strcmp (name, "localhost"))
     return 0;
 
+  if (npth_mutex_lock (&hosttable_lock))
+    log_fatal ("failed to acquire mutex\n");
+
   idx = find_hostinfo (name);
   if (idx == -1)
-    return gpg_error (GPG_ERR_NOT_FOUND);
+    {
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
 
   hi = hosttable[idx];
   if (alive && hi->dead)
@@ -840,6 +852,10 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive)
         }
     }
 
+ leave:
+  if (npth_mutex_unlock (&hosttable_lock))
+    log_fatal ("failed to release mutex\n");
+
   return err;
 }
 
@@ -860,7 +876,9 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
   if (err)
     return err;
 
-  /* FIXME: We need a lock for the hosttable.  */
+  if (npth_mutex_lock (&hosttable_lock))
+    log_fatal ("failed to acquire mutex\n");
+
   curtime = gnupg_get_time ();
   for (idx=0; idx < hosttable_size; idx++)
     if ((hi=hosttable[idx]))
@@ -889,7 +907,7 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
 
                 /* Turn the numerical IP address string into an AI and
                  * then do a DNS PTR lookup.  */
-                if (!resolve_dns_name (hi->name, 0, 0,
+                if (!resolve_dns_name (ctrl, hi->name, 0, 0,
                                        SOCK_STREAM,
                                        &aibuf, &canon))
                   {
@@ -900,7 +918,7 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
                       }
                     for (ai = aibuf; !canon && ai; ai = ai->next)
                       {
-                        resolve_dns_addr (ai->addr, ai->addrlen,
+                        resolve_dns_addr (ctrl, ai->addr, ai->addrlen,
                                           DNS_WITHBRACKET, &canon);
                         if (canon && is_ip_address (canon))
                           {
@@ -920,14 +938,14 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
                 /* Get the IP address as a string from a name.  Note
                  * that resolve_dns_addr allocates CANON on success
                  * and thus terminates the loop. */
-                if (!resolve_dns_name (hi->name, 0,
+                if (!resolve_dns_name (ctrl, hi->name, 0,
                                        hi->v6? AF_INET6 : AF_INET,
                                        SOCK_STREAM,
                                        &aibuf, NULL))
                   {
                     for (ai = aibuf; !canon && ai; ai = ai->next)
                       {
-                        resolve_dns_addr (ai->addr, ai->addrlen,
+                        resolve_dns_addr (ctrl, ai->addr, ai->addrlen,
                                           DNS_NUMERICHOST|DNS_WITHBRACKET,
                                           &canon);
                       }
@@ -953,12 +971,12 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
                               diedstr? ")":""   );
         xfree (died);
         if (err)
-          return err;
+	  goto leave;
 
         if (hi->cname)
           err = ks_printf_help (ctrl, "  .       %s", hi->cname);
         if (err)
-          return err;
+	  goto leave;
 
         if (hi->pool)
           {
@@ -973,14 +991,21 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
             put_membuf( &mb, "", 1);
             p = get_membuf (&mb, NULL);
             if (!p)
-              return gpg_error_from_syserror ();
+	      {
+		err = gpg_error_from_syserror ();
+		goto leave;
+	      }
             err = ks_print_help (ctrl, p);
             xfree (p);
             if (err)
-              return err;
+              goto leave;
           }
       }
-  return 0;
+
+ leave:
+  if (npth_mutex_unlock (&hosttable_lock))
+    log_fatal ("failed to release mutex\n");
+  return err;
 }
 
 
@@ -1049,9 +1074,16 @@ make_host_part (ctrl_t ctrl,
       protocol = KS_PROTOCOL_HKP;
     }
 
+  if (npth_mutex_lock (&hosttable_lock))
+    log_fatal ("failed to acquire mutex\n");
+
   portstr[0] = 0;
   err = map_host (ctrl, host, srvtag, force_reselect, protocol,
                   &hostname, portstr, r_httpflags, r_httphost);
+
+  if (npth_mutex_unlock (&hosttable_lock))
+    log_fatal ("failed to release mutex\n");
+
   if (err)
     return err;
 
@@ -1125,6 +1157,9 @@ ks_hkp_housekeeping (time_t curtime)
   int idx;
   hostinfo_t hi;
 
+  if (npth_mutex_lock (&hosttable_lock))
+    log_fatal ("failed to acquire mutex\n");
+
   for (idx=0; idx < hosttable_size; idx++)
     {
       hi = hosttable[idx];
@@ -1141,6 +1176,9 @@ ks_hkp_housekeeping (time_t curtime)
           log_info ("resurrected host '%s'", hi->name);
         }
     }
+
+  if (npth_mutex_unlock (&hosttable_lock))
+    log_fatal ("failed to release mutex\n");
 }
 
 
@@ -1152,6 +1190,9 @@ ks_hkp_reload (void)
   int idx, count;
   hostinfo_t hi;
 
+  if (npth_mutex_lock (&hosttable_lock))
+    log_fatal ("failed to acquire mutex\n");
+
   for (idx=count=0; idx < hosttable_size; idx++)
     {
       hi = hosttable[idx];
@@ -1165,6 +1206,9 @@ ks_hkp_reload (void)
     }
   if (count)
     log_info ("number of resurrected hosts: %d", count);
+
+  if (npth_mutex_unlock (&hosttable_lock))
+    log_fatal ("failed to release mutex\n");
 }
 
 
@@ -1210,7 +1254,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
   http_session_set_log_cb (session, cert_log_cb);
   http_session_set_timeout (session, ctrl->timeout);
 
-  err = http_open (&http,
+  err = http_open (ctrl, &http,
                    post_cb? HTTP_REQ_POST : HTTP_REQ_GET,
                    request,
                    httphost,
@@ -1348,7 +1392,7 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
   int retry = 0;
 
   /* Fixme: Should we disable all hosts of a protocol family if a
-   * request for an address of that familiy returned ENETDOWN?  */
+   * request for an address of that family returned ENETDOWN?  */
 
   switch (gpg_err_code (err))
     {
@@ -1439,8 +1483,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 {
   gpg_error_t err;
   KEYDB_SEARCH_DESC desc;
-  char fprbuf[2+40+1];
-  char *namebuffer = NULL;
+  char fprbuf[2+64+1];
   char *hostport = NULL;
   char *request = NULL;
   estream_t fp = NULL;
@@ -1460,30 +1503,15 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
   err = classify_user_id (pattern, &desc, 1);
   if (err)
     return err;
+  log_assert (desc.fprlen <= 64);
   switch (desc.mode)
     {
     case KEYDB_SEARCH_MODE_EXACT:
     case KEYDB_SEARCH_MODE_SUBSTR:
+    case KEYDB_SEARCH_MODE_MAIL:
     case KEYDB_SEARCH_MODE_MAILSUB:
       pattern = desc.u.name;
       break;
-    case KEYDB_SEARCH_MODE_MAIL:
-      namebuffer = xtrystrdup (desc.u.name);
-      if (!namebuffer)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      /* Strip trailing angle bracket.  */
-      if (namebuffer[0] && namebuffer[1]
-          && namebuffer[strlen (namebuffer)-1] == '>')
-        namebuffer[strlen(namebuffer)-1] = 0;
-      /* Strip optional leading angle bracket.  */
-      if (*namebuffer == '<' && namebuffer[1])
-        pattern = namebuffer + 1;
-      else
-        pattern = namebuffer;
-      break;
     case KEYDB_SEARCH_MODE_SHORT_KID:
       snprintf (fprbuf, sizeof fprbuf, "0x%08lX", (ulong)desc.u.kid[1]);
       pattern = fprbuf;
@@ -1493,17 +1521,10 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
                 (ulong)desc.u.kid[0], (ulong)desc.u.kid[1]);
       pattern = fprbuf;
       break;
-    case KEYDB_SEARCH_MODE_FPR16:
-      fprbuf[0] = '0';
-      fprbuf[1] = 'x';
-      bin2hex (desc.u.fpr, 16, fprbuf+2);
-      pattern = fprbuf;
-      break;
-    case KEYDB_SEARCH_MODE_FPR20:
     case KEYDB_SEARCH_MODE_FPR:
       fprbuf[0] = '0';
       fprbuf[1] = 'x';
-      bin2hex (desc.u.fpr, 20, fprbuf+2);
+      bin2hex (desc.u.fpr, desc.fprlen, fprbuf+2);
       pattern = fprbuf;
       break;
     default:
@@ -1533,7 +1554,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 
     xfree (request);
     request = strconcat (hostport,
-                         "/pks/lookup?op=index&options=mr&fingerprint=on&search=",
+                         "/pks/lookup?op=index&options=mr&search=",
                          searchkey,
                          NULL);
     xfree (searchkey);
@@ -1594,7 +1615,6 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
   xfree (request);
   xfree (hostport);
   xfree (httphost);
-  xfree (namebuffer);
   return err;
 }
 
@@ -1608,9 +1628,8 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
 {
   gpg_error_t err;
   KEYDB_SEARCH_DESC desc;
-  char kidbuf[2+40+1];
+  char kidbuf[2+64+1];
   const char *exactname = NULL;
-  char *namebuffer = NULL;
   char *searchkey = NULL;
   char *hostport = NULL;
   char *request = NULL;
@@ -1631,6 +1650,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
   err = classify_user_id (keyspec, &desc, 1);
   if (err)
     return err;
+  log_assert (desc.fprlen <= 64);
   switch (desc.mode)
     {
     case KEYDB_SEARCH_MODE_SHORT_KID:
@@ -1640,39 +1660,21 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
       snprintf (kidbuf, sizeof kidbuf, "0x%08lX%08lX",
 		(ulong)desc.u.kid[0], (ulong)desc.u.kid[1]);
       break;
-    case KEYDB_SEARCH_MODE_FPR20:
     case KEYDB_SEARCH_MODE_FPR:
-      /* This is a v4 fingerprint. */
+      if (desc.fprlen < 20)
+        {
+          log_error ("HKP keyservers do not support v3 fingerprints\n");
+          return gpg_error (GPG_ERR_INV_USER_ID);
+        }
       kidbuf[0] = '0';
       kidbuf[1] = 'x';
-      bin2hex (desc.u.fpr, 20, kidbuf+2);
+      bin2hex (desc.u.fpr, desc.fprlen, kidbuf+2);
       break;
 
     case KEYDB_SEARCH_MODE_EXACT:
       exactname = desc.u.name;
       break;
 
-    case KEYDB_SEARCH_MODE_MAIL:
-      namebuffer = xtrystrdup (desc.u.name);
-      if (!namebuffer)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      /* Strip trailing angle bracket.  */
-      if (namebuffer[0] && namebuffer[1]
-          && namebuffer[strlen (namebuffer)-1] == '>')
-        namebuffer[strlen(namebuffer)-1] = 0;
-      /* Strip optional leading angle bracket.  */
-      if (*namebuffer == '<' && namebuffer[1])
-        exactname = namebuffer + 1;
-      else
-        exactname = namebuffer;
-      break;
-
-    case KEYDB_SEARCH_MODE_FPR16:
-      log_error ("HKP keyservers do not support v3 fingerprints\n");
-      /* fall through */
     default:
       return gpg_error (GPG_ERR_INV_USER_ID);
     }
@@ -1734,7 +1736,6 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
 
  leave:
   es_fclose (fp);
-  xfree (namebuffer);
   xfree (request);
   xfree (hostport);
   xfree (httphost);
@@ -1846,3 +1847,13 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
   xfree (httphost);
   return err;
 }
+
+void
+ks_hkp_init (void)
+{
+  int err;
+
+  err = npth_mutex_init (&hosttable_lock, NULL);
+  if (err)
+    log_fatal ("error initializing mutex: %s\n", strerror (err));
+}
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index c96625d..f55a257 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -106,7 +106,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
   http_session_set_timeout (session, ctrl->timeout);
 
   *r_fp = NULL;
-  err = http_open (&http,
+  err = http_open (ctrl, &http,
                    HTTP_REQ_GET,
                    url,
                    /* httphost */ NULL,
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 6bf19cb..52a14a1 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -28,17 +28,28 @@
 # include <getopt.h>
 #endif
 #include <stdlib.h>
-#include <npth.h>
+#include <errno.h>
+#include <assert.h>
 
+#ifdef _WIN32
+# include <winsock2.h>
+# include <winldap.h>
+#else
+# ifdef NEED_LBER_H
+#  include <lber.h>
+# endif
+/* For OpenLDAP, to enable the API that we're using. */
+# define LDAP_DEPRECATED 1
+# include <ldap.h>
+#endif
+#include <npth.h>
 
 #include "dirmngr.h"
 #include "misc.h"
 #include "../common/userids.h"
 #include "../common/mbox-util.h"
 #include "ks-engine.h"
-#include "ldap-misc.h"
 #include "ldap-parse-uri.h"
-#include "ldapserver.h"
 
 
 /* Flags with infos from the connected server.  */
@@ -48,11 +59,177 @@
 #define SERVERINFO_NTDS     8 /* Server is an Active Directory.      */
 
 
+
 #ifndef HAVE_TIMEGM
 time_t timegm(struct tm *tm);
 #endif
+
+/* Convert an LDAP error to a GPG error.  */
+static int
+ldap_err_to_gpg_err (int code)
+{
+  gpg_err_code_t ec;
+
+  switch (code)
+    {
+#ifdef LDAP_X_CONNECTING
+    case LDAP_X_CONNECTING: ec = GPG_ERR_LDAP_X_CONNECTING; break;
+#endif
+
+    case LDAP_REFERRAL_LIMIT_EXCEEDED: ec = GPG_ERR_LDAP_REFERRAL_LIMIT; break;
+    case LDAP_CLIENT_LOOP: ec = GPG_ERR_LDAP_CLIENT_LOOP; break;
+    case LDAP_NO_RESULTS_RETURNED: ec = GPG_ERR_LDAP_NO_RESULTS; break;
+    case LDAP_CONTROL_NOT_FOUND: ec = GPG_ERR_LDAP_CONTROL_NOT_FOUND; break;
+    case LDAP_NOT_SUPPORTED: ec = GPG_ERR_LDAP_NOT_SUPPORTED; break;
+    case LDAP_CONNECT_ERROR: ec = GPG_ERR_LDAP_CONNECT; break;
+    case LDAP_NO_MEMORY: ec = GPG_ERR_LDAP_NO_MEMORY; break;
+    case LDAP_PARAM_ERROR: ec = GPG_ERR_LDAP_PARAM; break;
+    case LDAP_USER_CANCELLED: ec = GPG_ERR_LDAP_USER_CANCELLED; break;
+    case LDAP_FILTER_ERROR: ec = GPG_ERR_LDAP_FILTER; break;
+    case LDAP_AUTH_UNKNOWN: ec = GPG_ERR_LDAP_AUTH_UNKNOWN; break;
+    case LDAP_TIMEOUT: ec = GPG_ERR_LDAP_TIMEOUT; break;
+    case LDAP_DECODING_ERROR: ec = GPG_ERR_LDAP_DECODING; break;
+    case LDAP_ENCODING_ERROR: ec = GPG_ERR_LDAP_ENCODING; break;
+    case LDAP_LOCAL_ERROR: ec = GPG_ERR_LDAP_LOCAL; break;
+    case LDAP_SERVER_DOWN: ec = GPG_ERR_LDAP_SERVER_DOWN; break;
+
+    case LDAP_SUCCESS: ec = GPG_ERR_LDAP_SUCCESS; break;
+
+    case LDAP_OPERATIONS_ERROR: ec = GPG_ERR_LDAP_OPERATIONS; break;
+    case LDAP_PROTOCOL_ERROR: ec = GPG_ERR_LDAP_PROTOCOL; break;
+    case LDAP_TIMELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_TIMELIMIT; break;
+    case LDAP_SIZELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_SIZELIMIT; break;
+    case LDAP_COMPARE_FALSE: ec = GPG_ERR_LDAP_COMPARE_FALSE; break;
+    case LDAP_COMPARE_TRUE: ec = GPG_ERR_LDAP_COMPARE_TRUE; break;
+    case LDAP_AUTH_METHOD_NOT_SUPPORTED: ec=GPG_ERR_LDAP_UNSUPPORTED_AUTH;break;
+    case LDAP_STRONG_AUTH_REQUIRED: ec = GPG_ERR_LDAP_STRONG_AUTH_RQRD; break;
+    case LDAP_PARTIAL_RESULTS: ec = GPG_ERR_LDAP_PARTIAL_RESULTS; break;
+    case LDAP_REFERRAL: ec = GPG_ERR_LDAP_REFERRAL; break;
+
+#ifdef LDAP_ADMINLIMIT_EXCEEDED
+    case LDAP_ADMINLIMIT_EXCEEDED: ec = GPG_ERR_LDAP_ADMINLIMIT; break;
+#endif
+
+#ifdef LDAP_UNAVAILABLE_CRITICAL_EXTENSION
+    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
+                               ec = GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN; break;
+#endif
+
+    case LDAP_CONFIDENTIALITY_REQUIRED: ec = GPG_ERR_LDAP_CONFIDENT_RQRD; break;
+    case LDAP_SASL_BIND_IN_PROGRESS: ec = GPG_ERR_LDAP_SASL_BIND_INPROG; break;
+    case LDAP_NO_SUCH_ATTRIBUTE: ec = GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE; break;
+    case LDAP_UNDEFINED_TYPE: ec = GPG_ERR_LDAP_UNDEFINED_TYPE; break;
+    case LDAP_INAPPROPRIATE_MATCHING: ec = GPG_ERR_LDAP_BAD_MATCHING; break;
+    case LDAP_CONSTRAINT_VIOLATION: ec = GPG_ERR_LDAP_CONST_VIOLATION; break;
+
+#ifdef LDAP_TYPE_OR_VALUE_EXISTS
+    case LDAP_TYPE_OR_VALUE_EXISTS: ec = GPG_ERR_LDAP_TYPE_VALUE_EXISTS; break;
+#endif
+
+    case LDAP_INVALID_SYNTAX: ec = GPG_ERR_LDAP_INV_SYNTAX; break;
+    case LDAP_NO_SUCH_OBJECT: ec = GPG_ERR_LDAP_NO_SUCH_OBJ; break;
+    case LDAP_ALIAS_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_PROBLEM; break;
+    case LDAP_INVALID_DN_SYNTAX: ec = GPG_ERR_LDAP_INV_DN_SYNTAX; break;
+    case LDAP_IS_LEAF: ec = GPG_ERR_LDAP_IS_LEAF; break;
+    case LDAP_ALIAS_DEREF_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_DEREF; break;
+
+#ifdef LDAP_X_PROXY_AUTHZ_FAILURE
+    case LDAP_X_PROXY_AUTHZ_FAILURE: ec = GPG_ERR_LDAP_X_PROXY_AUTH_FAIL; break;
+#endif
+
+    case LDAP_INAPPROPRIATE_AUTH: ec = GPG_ERR_LDAP_BAD_AUTH; break;
+    case LDAP_INVALID_CREDENTIALS: ec = GPG_ERR_LDAP_INV_CREDENTIALS; break;
+
+#ifdef LDAP_INSUFFICIENT_ACCESS
+    case LDAP_INSUFFICIENT_ACCESS: ec = GPG_ERR_LDAP_INSUFFICIENT_ACC; break;
+#endif
+
+    case LDAP_BUSY: ec = GPG_ERR_LDAP_BUSY; break;
+    case LDAP_UNAVAILABLE: ec = GPG_ERR_LDAP_UNAVAILABLE; break;
+    case LDAP_UNWILLING_TO_PERFORM: ec = GPG_ERR_LDAP_UNWILL_TO_PERFORM; break;
+    case LDAP_LOOP_DETECT: ec = GPG_ERR_LDAP_LOOP_DETECT; break;
+    case LDAP_NAMING_VIOLATION: ec = GPG_ERR_LDAP_NAMING_VIOLATION; break;
+    case LDAP_OBJECT_CLASS_VIOLATION: ec = GPG_ERR_LDAP_OBJ_CLS_VIOLATION; break;
+    case LDAP_NOT_ALLOWED_ON_NONLEAF: ec=GPG_ERR_LDAP_NOT_ALLOW_NONLEAF;break;
+    case LDAP_NOT_ALLOWED_ON_RDN: ec = GPG_ERR_LDAP_NOT_ALLOW_ON_RDN; break;
+    case LDAP_ALREADY_EXISTS: ec = GPG_ERR_LDAP_ALREADY_EXISTS; break;
+    case LDAP_NO_OBJECT_CLASS_MODS: ec = GPG_ERR_LDAP_NO_OBJ_CLASS_MODS; break;
+    case LDAP_RESULTS_TOO_LARGE: ec = GPG_ERR_LDAP_RESULTS_TOO_LARGE; break;
+    case LDAP_AFFECTS_MULTIPLE_DSAS: ec = GPG_ERR_LDAP_AFFECTS_MULT_DSAS; break;
+
+#ifdef LDAP_VLV_ERROR
+    case LDAP_VLV_ERROR: ec = GPG_ERR_LDAP_VLV; break;
+#endif
+
+    case LDAP_OTHER: ec = GPG_ERR_LDAP_OTHER; break;
+
+#ifdef LDAP_CUP_RESOURCES_EXHAUSTED
+    case LDAP_CUP_RESOURCES_EXHAUSTED: ec=GPG_ERR_LDAP_CUP_RESOURCE_LIMIT;break;
+    case LDAP_CUP_SECURITY_VIOLATION: ec=GPG_ERR_LDAP_CUP_SEC_VIOLATION; break;
+    case LDAP_CUP_INVALID_DATA: ec = GPG_ERR_LDAP_CUP_INV_DATA; break;
+    case LDAP_CUP_UNSUPPORTED_SCHEME: ec = GPG_ERR_LDAP_CUP_UNSUP_SCHEME; break;
+    case LDAP_CUP_RELOAD_REQUIRED: ec = GPG_ERR_LDAP_CUP_RELOAD; break;
+#endif
+
+#ifdef LDAP_CANCELLED
+    case LDAP_CANCELLED: ec = GPG_ERR_LDAP_CANCELLED; break;
+#endif
+
+#ifdef LDAP_NO_SUCH_OPERATION
+    case LDAP_NO_SUCH_OPERATION: ec = GPG_ERR_LDAP_NO_SUCH_OPERATION; break;
+#endif
+
+#ifdef LDAP_TOO_LATE
+    case LDAP_TOO_LATE: ec = GPG_ERR_LDAP_TOO_LATE; break;
+#endif
 
+#ifdef LDAP_CANNOT_CANCEL
+    case LDAP_CANNOT_CANCEL: ec = GPG_ERR_LDAP_CANNOT_CANCEL; break;
+#endif
+
+#ifdef LDAP_ASSERTION_FAILED
+    case LDAP_ASSERTION_FAILED: ec = GPG_ERR_LDAP_ASSERTION_FAILED; break;
+#endif
+
+#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED
+    case LDAP_PROXIED_AUTHORIZATION_DENIED:
+                                      ec = GPG_ERR_LDAP_PROX_AUTH_DENIED; break;
+#endif
 
+    default:
+#if defined(LDAP_E_ERROR) && defined(LDAP_X_ERROR)
+      if (LDAP_E_ERROR (code))
+        ec = GPG_ERR_LDAP_E_GENERAL;
+      else if (LDAP_X_ERROR (code))
+        ec = GPG_ERR_LDAP_X_GENERAL;
+      else
+#endif
+        ec = GPG_ERR_LDAP_GENERAL;
+      break;
+    }
+
+  return ec;
+}
+
+/* Retrieve an LDAP error and return it's GPG equivalent.  */
+static int
+ldap_to_gpg_err (LDAP *ld)
+{
+#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
+  int err;
+
+  if (ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, &err) == 0)
+    return ldap_err_to_gpg_err (err);
+  else
+    return GPG_ERR_GENERAL;
+#elif defined(HAVE_LDAP_LD_ERRNO)
+  return ldap_err_to_gpg_err (ld->ld_errno);
+#else
+  /* We should never get here since the LDAP library should always
+     have either ldap_get_option or ld_errno, but just in case... */
+  return GPG_ERR_INTERNAL;
+#endif
+}
 
 static time_t
 ldap2epochtime (const char *timestr)
@@ -118,16 +295,6 @@ epoch2ldaptime (time_t stamp)
     return xstrdup ("INVALID TIME");
 }
 #endif
-
-
-static void
-my_ldap_value_free (char **vals)
-{
-  if (vals)
-    ldap_value_free (vals);
-}
-
-
 
 /* Print a help output for the schemata supported by this module. */
 gpg_error_t
@@ -135,40 +302,32 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri)
 {
   const char data[] =
     "Handler for LDAP URLs:\n"
-    "  ldap://HOST:PORT/[BASEDN]????[bindname=BINDNAME,password=PASSWORD]\n"
+    "  ldap://host:port/[BASEDN]???[bindname=BINDNAME,password=PASSWORD]\n"
     "\n"
     "Note: basedn, bindname and password need to be percent escaped. In\n"
     "particular, spaces need to be replaced with %20 and commas with %2c.\n"
-    "Thus bindname will typically be of the form:\n"
+    "bindname will typically be of the form:\n"
     "\n"
     "  uid=user%2cou=PGP%20Users%2cdc=EXAMPLE%2cdc=ORG\n"
     "\n"
     "The ldaps:// and ldapi:// schemes are also supported.  If ldaps is used\n"
     "then the server's certificate will be checked.  If it is not valid, any\n"
-    "operation will be aborted.  Note that ldaps means LDAP with STARTTLS\n"
-    "\n"
-    "As an alternative to an URL a string in this form may be used:\n"
-    "\n"
-    "  HOST:PORT:BINDNAME:PASSWORD:BASEDN:FLAGS:\n"
-    "\n"
-    "The use of the percent sign or a colon in one of the string values is\n"
-    "currently not supported.\n"
+    "operation will be aborted.\n"
     "\n"
     "Supported methods: search, get, put\n";
   gpg_error_t err;
 
   if(!uri)
     err = ks_print_help (ctrl, "  ldap");
-  else if (!strcmp (uri->scheme, "ldap")
-           || !strcmp (uri->scheme, "ldaps")
-           || !strcmp (uri->scheme, "ldapi")
-           || uri->opaque)
+  else if (uri->is_ldap)
     err = ks_print_help (ctrl, data);
   else
     err = 0;
 
   return err;
 }
+
+
 
 /* Convert a keyspec to a filter.  Return an error if the keyspec is
    bad or is not supported.  The filter is escaped and returned in
@@ -220,8 +379,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
       else
         p = freeme;
       if ((serverinfo & SERVERINFO_SCHEMAV2))
-        f = xasprintf ("(&(gpgMailbox=%s)(!(|(pgpRevoked=1)(pgpDisabled=1))))",
-                       p);
+        f = xasprintf ("(gpgMailbox=%s)", p);
       else if (!only_exact)
         f = xasprintf ("(pgpUserID=*<%s>*)", p);
       break;
@@ -246,12 +404,10 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
 		     (ulong) desc.u.kid[0], (ulong) desc.u.kid[1]);
       break;
 
-    case KEYDB_SEARCH_MODE_FPR16:
-    case KEYDB_SEARCH_MODE_FPR20:
     case KEYDB_SEARCH_MODE_FPR:
       if ((serverinfo & SERVERINFO_SCHEMAV2))
         {
-          freeme = bin2hex (desc.u.fpr, 20, NULL);
+          freeme = bin2hex (desc.u.fpr, desc.fprlen, NULL);
           if (!freeme)
             return gpg_error_from_syserror ();
           f = xasprintf ("(|(gpgFingerprint=%s)(gpgSubFingerprint=%s))",
@@ -324,176 +480,96 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
    If no LDAP error occurred, you still need to check that *basednp is
    valid.  If it is NULL, then the server does not appear to be an
    OpenPGP Keyserver.  */
-static gpg_error_t
+static int
 my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
-                 char **r_basedn, char **r_host, int *r_use_tls,
-                 unsigned int *r_serverinfo)
+                 char **basednp, unsigned int *r_serverinfo)
 {
-  gpg_error_t err = 0;
-  int lerr;
-  ldap_server_t server = NULL;
+  int err = 0;
   LDAP *ldap_conn = NULL;
+  char *user = uri->auth;
+  struct uri_tuple_s *password_param;
+  char *password;
   char *basedn = NULL;
-  char *host = NULL;   /* Host to use.  */
-  int port;            /* Port to use.  */
-  int use_tls;         /* 1 = starttls, 2 = ldap-over-tls  */
-  int use_ntds;        /* Use Active Directory authentication.  */
-  const char *bindname;
-  const char *password;
-  const char *basedn_arg;
-#ifndef HAVE_W32_SYSTEM
-  char *tmpstr;
-#endif
 
-  if (r_basedn)
-    *r_basedn = NULL;
-  if (r_host)
-    *r_host = NULL;
-  if (r_use_tls)
-    *r_use_tls = 0;
   *r_serverinfo = 0;
 
-  if (uri->opaque)
-    {
-      server = ldapserver_parse_one (uri->path, NULL, 0);
-      if (!server)
-        return gpg_error (GPG_ERR_LDAP_OTHER);
-      host = server->host;
-      port = server->port;
-      bindname = server->user;
-      password = bindname? server->pass : NULL;
-      basedn_arg = server->base;
-      use_tls = server->starttls? 1 : server->ldap_over_tls? 2 : 0;
-      use_ntds = server->ntds;
-    }
-  else
-    {
-      host = uri->host;
-      port = uri->port;
-      bindname = uri->auth;
-      password = bindname? uri_query_value (uri, "password") : NULL;
-      basedn_arg = uri->path;
-      use_tls = uri->use_tls ? 1 : 0;
-      use_ntds = uri->ad_current;
-    }
-
-  if (!port)
-    port = use_tls == 2? 636 : 389;
-
-
-  if (host)
-    {
-      host = xtrystrdup (host);
-      if (!host)
-        {
-          err = gpg_error_from_syserror ();
-          goto out;
-        }
-    }
-
-  if (opt.verbose)
-    log_info ("ldap connect to '%s:%d:%s:%s:%s:%s%s'\n",
-              host, port,
-              basedn_arg ? basedn_arg : "",
-              bindname ? bindname : "",
-              password ? "*****" : "",
-              use_tls == 1? "starttls" : use_tls == 2? "ldaptls" : "plain",
-              use_ntds ? ",ntds":"");
+  password_param = uri_query_lookup (uri, "password");
+  password = password_param ? password_param->value : NULL;
 
+  if (opt.debug)
+    log_debug ("my_ldap_connect(%s:%d/%s????%s%s%s%s%s%s)\n",
+               uri->host, uri->port,
+               uri->path ? uri->path : "",
+               uri->auth ? "bindname=" : "",
+               uri->auth ? uri->auth : "",
+               uri->auth && password ? "," : "",
+               password ? "password=" : "",
+               password ? ">not shown<": "",
+               uri->ad_current? " auth=>current_user<":"");
 
   /* If the uri specifies a secure connection and we don't support
      TLS, then fail; don't silently revert to an insecure
      connection.  */
-  if (use_tls)
+  if (uri->use_tls)
     {
 #ifndef HAVE_LDAP_START_TLS_S
-      log_error ("ldap: can't connect to the server: no TLS support.");
+      log_error ("Can't use LDAP to connect to the server: no TLS support.");
       err = GPG_ERR_LDAP_NOT_SUPPORTED;
       goto out;
 #endif
     }
 
-
-#ifdef HAVE_W32_SYSTEM
-  /* Note that host==NULL uses the default domain controller.  */
-  npth_unprotect ();
-  ldap_conn = ldap_sslinit (host, port, (use_tls == 2));
-  npth_protect ();
+  ldap_conn = ldap_init (uri->host, uri->port);
   if (!ldap_conn)
     {
-      lerr = LdapGetLastError ();
-      err = ldap_err_to_gpg_err (lerr);
-      log_error ("error initializing LDAP '%s:%d': %s\n",
-                 host, port, ldap_err2string (lerr));
-      goto out;
-    }
-#else /* Unix */
-  tmpstr = xtryasprintf ("%s://%s:%d",
-                         use_tls == 2? "ldaps" : "ldap",
-                         host, port);
-  if (!tmpstr)
-    {
-      err = gpg_error_from_syserror ();
-      goto out;
-    }
-  npth_unprotect ();
-  lerr = ldap_initialize (&ldap_conn, tmpstr);
-  npth_protect ();
-  if (lerr != LDAP_SUCCESS || !ldap_conn)
-    {
-      err = ldap_err_to_gpg_err (lerr);
-      log_error ("error initializing LDAP '%s': %s\n",
-                 tmpstr, ldap_err2string (lerr));
-      xfree (tmpstr);
+      err = gpg_err_code_from_syserror ();
+      log_error ("error initializing LDAP for (%s://%s:%d)\n",
+                 uri->scheme, uri->host, uri->port);
       goto out;
     }
-  xfree (tmpstr);
-#endif /* Unix */
 
 #ifdef HAVE_LDAP_SET_OPTION
   {
     int ver = LDAP_VERSION3;
 
-    lerr = ldap_set_option (ldap_conn, LDAP_OPT_PROTOCOL_VERSION, &ver);
-    if (lerr != LDAP_SUCCESS)
+    err = ldap_set_option (ldap_conn, LDAP_OPT_PROTOCOL_VERSION, &ver);
+    if (err != LDAP_SUCCESS)
       {
 	log_error ("ks-ldap: unable to go to LDAP 3: %s\n",
-		   ldap_err2string (lerr));
-	err = ldap_err_to_gpg_err (lerr);
+		   ldap_err2string (err));
 	goto out;
       }
   }
-  if (opt.ldaptimeout)
-    {
-      int ver = opt.ldaptimeout;
+#endif
 
-      lerr = ldap_set_option (ldap_conn, LDAP_OPT_TIMELIMIT, &ver);
-      if (lerr != LDAP_SUCCESS)
-        {
-          log_error ("ks-ldap: unable to set LDAP timelimit to %us: %s\n",
-                     opt.ldaptimeout, ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
-          goto out;
-        }
-      if (opt.verbose)
-        log_info ("ldap timeout set to %us\n", opt.ldaptimeout);
+  /* XXX: It would be nice to have an option to provide the server's
+     certificate.  */
+#if 0
+#if defined(LDAP_OPT_X_TLS_CACERTFILE) && defined(HAVE_LDAP_SET_OPTION)
+  err = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file);
+  if (err)
+    {
+      log_error ("unable to set ca-cert-file to '%s': %s\n",
+		 ca_cert_file, ldap_err2string (err));
+      goto out;
     }
+#endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
 #endif
 
-
 #ifdef HAVE_LDAP_START_TLS_S
-  if (use_tls == 1)
+  if (uri->use_tls)
     {
+      /* XXX: We need an option to determine whether to abort if the
+	 certificate is bad or not.  Right now we conservatively
+	 default to checking the certificate and aborting.  */
 #ifndef HAVE_W32_SYSTEM
       int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
 
-      lerr = ldap_set_option (ldap_conn,
-                              LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
-      if (lerr)
+      err = ldap_set_option (ldap_conn,
+			     LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
+      if (err)
 	{
-	  log_error ("ldap: error setting an TLS option: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
+	  log_error ("error setting TLS option on LDAP connection\n");
 	  goto out;
 	}
 #else
@@ -505,7 +581,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 #endif
 
       npth_unprotect ();
-      lerr = ldap_start_tls_s (ldap_conn,
+      err = ldap_start_tls_s (ldap_conn,
 #ifdef HAVE_W32_SYSTEM
 			      /* ServerReturnValue, result */
 			      NULL, NULL,
@@ -513,49 +589,45 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 			      /* ServerControls, ClientControls */
 			      NULL, NULL);
       npth_protect ();
-      if (lerr)
+      if (err)
 	{
-	  log_error ("ldap: error switching to STARTTLS mode: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
+	  log_error ("error connecting to LDAP server with TLS\n");
 	  goto out;
 	}
     }
 #endif
 
-  if (use_ntds)
+  if (uri->ad_current)
     {
+      if (opt.debug)
+        log_debug ("LDAP bind to current user via AD\n");
 #ifdef HAVE_W32_SYSTEM
       npth_unprotect ();
-      lerr = ldap_bind_s (ldap_conn, NULL, NULL, LDAP_AUTH_NEGOTIATE);
+      err = ldap_bind_s (ldap_conn, NULL, NULL, LDAP_AUTH_NEGOTIATE);
       npth_protect ();
-      if (lerr != LDAP_SUCCESS)
+      if (err != LDAP_SUCCESS)
 	{
 	  log_error ("error binding to LDAP via AD: %s\n",
-                     ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
+                     ldap_err2string (err));
 	  goto out;
 	}
 #else
-      log_error ("ldap: no Active Directory support but 'ntds' requested\n");
       err = gpg_error (GPG_ERR_NOT_SUPPORTED);
       goto out;
 #endif
     }
-  else if (bindname)
+  else if (uri->auth)
     {
+      if (opt.debug)
+        log_debug ("LDAP bind to %s, password %s\n",
+                   user, password ? ">not shown<" : ">none<");
 
       npth_unprotect ();
-      /* Older Windows header dont have the const for the last two args.
-       * Thus we need to cast to avoid warnings.  */
-      lerr = ldap_simple_bind_s (ldap_conn,
-                                 (char * const)bindname,
-                                 (char * const)password);
+      err = ldap_simple_bind_s (ldap_conn, user, password);
       npth_protect ();
-      if (lerr != LDAP_SUCCESS)
+      if (err != LDAP_SUCCESS)
 	{
-	  log_error ("error binding to LDAP: %s\n", ldap_err2string (lerr));
-          err = ldap_err_to_gpg_err (lerr);
+	  log_error ("error binding to LDAP: %s\n", ldap_err2string (err));
 	  goto out;
 	}
     }
@@ -564,16 +636,13 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
       /* By default we don't bind as there is usually no need to.  */
     }
 
-  if (basedn_arg && *basedn_arg)
+  if (uri->path && *uri->path)
     {
-      /* User specified base DN.  In this case we know the server is a
+      /* User specified base DN.  */
+      basedn = xstrdup (uri->path);
+
+      /* If the user specifies a base DN, then we know the server is a
        * real LDAP server.  */
-      basedn = xtrystrdup (basedn_arg);
-      if (!basedn)
-        {
-          err = gpg_error_from_syserror ();
-          goto out;
-        }
       *r_serverinfo |= SERVERINFO_REALLDAP;
     }
   else
@@ -582,11 +651,11 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
       char *attr[] = { "namingContexts", NULL };
 
       npth_unprotect ();
-      lerr = ldap_search_s (ldap_conn, "", LDAP_SCOPE_BASE,
+      err = ldap_search_s (ldap_conn, "", LDAP_SCOPE_BASE,
 			   "(objectClass=*)", attr, 0, &res);
       npth_protect ();
 
-      if (lerr == LDAP_SUCCESS)
+      if (err == LDAP_SUCCESS)
 	{
 	  char **context;
 
@@ -605,7 +674,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 
               *r_serverinfo |= SERVERINFO_REALLDAP;
 
-	      for (i = 0; context[i] && !basedn; i++)
+	      for (i = 0; context[i] && ! basedn; i++)
 		{
 		  char **vals;
 		  LDAPMessage *si_res;
@@ -615,42 +684,42 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
                     char *object = xasprintf ("cn=pgpServerInfo,%s",
                                               context[i]);
                     npth_unprotect ();
-                    lerr = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
+                    err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
                                          "(objectClass=*)", attr2, 0, &si_res);
                     npth_protect ();
                     xfree (object);
                   }
 
-		  if (lerr == LDAP_SUCCESS)
+		  if (err == LDAP_SUCCESS)
 		    {
 		      vals = ldap_get_values (ldap_conn, si_res,
 					      "pgpBaseKeySpaceDN");
-		      if (vals && vals[0])
+		      if (vals)
 			{
 			  basedn = xtrystrdup (vals[0]);
+			  ldap_value_free (vals);
 			}
-                      my_ldap_value_free (vals);
 
 		      vals = ldap_get_values (ldap_conn, si_res,
 					      "pgpSoftware");
-		      if (vals && vals[0])
+		      if (vals)
 			{
                           if (opt.debug)
                             log_debug ("Server: \t%s\n", vals[0]);
                           if (!ascii_strcasecmp (vals[0], "GnuPG"))
                             is_gnupg = 1;
+			  ldap_value_free (vals);
 			}
-                      my_ldap_value_free (vals);
 
 		      vals = ldap_get_values (ldap_conn, si_res,
 					      "pgpVersion");
-		      if (vals && vals[0])
+		      if (vals)
 			{
                           if (opt.debug)
                             log_debug ("Version:\t%s\n", vals[0]);
                           if (is_gnupg)
                             {
-                              char *fields[2];
+                              const char *fields[2];
                               int nfields;
                               nfields = split_fields (vals[0],
                                                       fields, DIM(fields));
@@ -660,8 +729,8 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
                                   && !ascii_strcasecmp (fields[1], "ntds"))
                                 *r_serverinfo |= SERVERINFO_NTDS;
                             }
+			  ldap_value_free (vals);
 			}
-                      my_ldap_value_free (vals);
 		    }
 
 		  /* From man ldap_search_s: "res parameter of
@@ -674,7 +743,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 	      ldap_value_free (context);
 	    }
 	}
-      else /* ldap_search failed.  */
+      else
 	{
 	  /* We don't have an answer yet, which means the server might
 	     be a PGP.com keyserver. */
@@ -684,32 +753,32 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 	  char *attr2[] = { "pgpBaseKeySpaceDN", "version", "software", NULL };
 
           npth_unprotect ();
-	  lerr = ldap_search_s (ldap_conn, "cn=pgpServerInfo", LDAP_SCOPE_BASE,
+	  err = ldap_search_s (ldap_conn, "cn=pgpServerInfo", LDAP_SCOPE_BASE,
 			       "(objectClass=*)", attr2, 0, &si_res);
           npth_protect ();
-	  if (lerr == LDAP_SUCCESS)
+	  if (err == LDAP_SUCCESS)
 	    {
 	      /* For the PGP LDAP keyserver, this is always
 	       * "OU=ACTIVE,O=PGP KEYSPACE,C=US", but it might not be
                * in the future. */
 
 	      vals = ldap_get_values (ldap_conn, si_res, "baseKeySpaceDN");
-	      if (vals && vals[0])
+	      if (vals)
 		{
 		  basedn = xtrystrdup (vals[0]);
+		  ldap_value_free (vals);
 		}
-              my_ldap_value_free (vals);
 
 	      vals = ldap_get_values (ldap_conn, si_res, "software");
-	      if (vals && vals[0])
+	      if (vals)
 		{
                   if (opt.debug)
                     log_debug ("ks-ldap: PGP Server: \t%s\n", vals[0]);
+		  ldap_value_free (vals);
 		}
-              my_ldap_value_free (vals);
 
 	      vals = ldap_get_values (ldap_conn, si_res, "version");
-	      if (vals && vals[0])
+	      if (vals)
 		{
                   if (opt.debug)
                     log_debug ("ks-ldap: PGP Server Version:\t%s\n", vals[0]);
@@ -723,8 +792,8 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 		  if (atoi (vals[0]) > 1)
                     *r_serverinfo |= SERVERINFO_PGPKEYV2;
 
+		  ldap_value_free (vals);
 		}
-              my_ldap_value_free (vals);
 	    }
 
 	  ldap_msgfree (si_res);
@@ -747,27 +816,23 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
                  (*r_serverinfo & SERVERINFO_PGPKEYV2)? "pgpKeyV2":"pgpKey");
     }
 
-  ldapserver_list_free (server);
-
   if (err)
-    {
-      xfree (basedn);
-      if (ldap_conn)
-	ldap_unbind (ldap_conn);
-    }
+    xfree (basedn);
   else
     {
-      if (r_basedn)
-	*r_basedn = basedn;
+      if (basednp)
+	*basednp = basedn;
       else
 	xfree (basedn);
-      if (r_host)
-        *r_host = host;
-      else
-        xfree (host);
+    }
 
-      *ldap_connp = ldap_conn;
+  if (err)
+    {
+      if (ldap_conn)
+	ldap_unbind (ldap_conn);
     }
+  else
+    *ldap_connp = ldap_conn;
 
   return err;
 }
@@ -782,17 +847,10 @@ extract_keys (estream_t output,
   char **vals;
 
   es_fprintf (output, "INFO %s BEGIN\n", certid);
+  es_fprintf (output, "pub:%s:", certid);
 
   /* Note: ldap_get_values returns a NULL terminated array of
      strings.  */
-
-  vals = ldap_get_values (ldap_conn, message, "gpgfingerprint");
-  if (vals && vals[0] && vals[0][0])
-    es_fprintf (output, "pub:%s:", vals[0]);
-  else
-    es_fprintf (output, "pub:%s:", certid);
-  my_ldap_value_free (vals);
-
   vals = ldap_get_values (ldap_conn, message, "pgpkeytype");
   if (vals && vals[0])
     {
@@ -800,8 +858,8 @@ extract_keys (estream_t output,
 	es_fprintf  (output, "1");
       else if (strcmp (vals[0],"DSS/DH") == 0)
 	es_fprintf (output, "17");
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, ":");
 
@@ -811,8 +869,8 @@ extract_keys (estream_t output,
       int v = atoi (vals[0]);
       if (v > 0)
 	es_fprintf (output, "%d", v);
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, ":");
 
@@ -821,8 +879,8 @@ extract_keys (estream_t output,
     {
       if (strlen (vals[0]) == 15)
 	es_fprintf (output, "%u", (unsigned int) ldap2epochtime (vals[0]));
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, ":");
 
@@ -831,8 +889,8 @@ extract_keys (estream_t output,
     {
       if (strlen (vals[0]) == 15)
 	es_fprintf (output, "%u", (unsigned int) ldap2epochtime (vals[0]));
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, ":");
 
@@ -841,8 +899,8 @@ extract_keys (estream_t output,
     {
       if (atoi (vals[0]) == 1)
 	es_fprintf (output, "r");
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, "\n");
 
@@ -852,8 +910,8 @@ extract_keys (estream_t output,
       int i;
       for (i = 0; vals[i]; i++)
 	es_fprintf (output, "uid:%s\n", vals[i]);
+      ldap_value_free (vals);
     }
-  my_ldap_value_free (vals);
 
   es_fprintf (output, "INFO %s END\n", certid);
 }
@@ -868,8 +926,6 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   gpg_error_t err = 0;
   int ldap_err;
   unsigned int serverinfo;
-  char *host = NULL;
-  int use_tls;
   char *filter = NULL;
   LDAP *ldap_conn = NULL;
   char *basedn = NULL;
@@ -886,11 +942,12 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
     }
 
   /* Make sure we are talking to an OpenPGP LDAP server.  */
-  err = my_ldap_connect (uri, &ldap_conn,
-                         &basedn, &host, &use_tls, &serverinfo);
-  if (err || !basedn)
+  ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &serverinfo);
+  if (ldap_err || !basedn)
     {
-      if (!err)
+      if (ldap_err)
+	err = ldap_err_to_gpg_err (ldap_err);
+      else
 	err = gpg_error (GPG_ERR_GENERAL);
       goto out;
     }
@@ -907,13 +964,12 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   {
     /* The ordering is significant.  Specifically, "pgpcertid" needs
        to be the second item in the list, since everything after it
-       may be discarded if we aren't in verbose mode. */
+       may be discarded we aren't in verbose mode. */
     char *attrs[] =
       {
 	"dummy",
 	"pgpcertid", "pgpuserid", "pgpkeyid", "pgprevoked", "pgpdisabled",
 	"pgpkeycreatetime", "modifytimestamp", "pgpkeysize", "pgpkeytype",
-        "gpgfingerprint",
 	NULL
       };
     /* 1 if we want just attribute types; 0 if we want both attribute
@@ -958,7 +1014,6 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
       /* The set of entries that we've seen.  */
       strlist_t seen = NULL;
       LDAPMessage *each;
-      int anykey = 0;
 
       for (npth_unprotect (),
              each = ldap_first_entry (ldap_conn, message),
@@ -1011,23 +1066,17 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 		      es_fprintf (fp, "\nKEY 0x%s END\n", certid[0]);
 
 		      ldap_value_free (vals);
-                      anykey = 1;
 		    }
 		}
 	    }
 
-          my_ldap_value_free (certid);
+	  ldap_value_free (certid);
 	}
 
       free_strlist (seen);
 
       if (! fp)
 	err = gpg_error (GPG_ERR_NO_DATA);
-
-      if (!err && anykey)
-        err = dirmngr_status_printf (ctrl, "SOURCE", "%s://%s",
-                                     use_tls? "ldaps" : "ldap",
-                                     host? host:"");
     }
   }
 
@@ -1049,7 +1098,6 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
     }
 
   xfree (basedn);
-  xfree (host);
 
   if (ldap_conn)
     ldap_unbind (ldap_conn);
@@ -1084,10 +1132,12 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
     }
 
   /* Make sure we are talking to an OpenPGP LDAP server.  */
-  err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL, &serverinfo);
-  if (err || !basedn)
+  ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &serverinfo);
+  if (ldap_err || !basedn)
     {
-      if (!err)
+      if (ldap_err)
+	err = ldap_err_to_gpg_err (ldap_err);
+      else
 	err = GPG_ERR_GENERAL;
       goto out;
     }
@@ -1121,8 +1171,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
       {
 	"pgpcertid", "pgpuserid", "pgprevoked", "pgpdisabled",
 	"pgpkeycreatetime", "pgpkeyexpiretime", "modifytimestamp",
-	"pgpkeysize", "pgpkeytype", "gpgfingerprint",
-        NULL
+	"pgpkeysize", "pgpkeytype", NULL
       };
 
     if (opt.debug)
@@ -1162,7 +1211,6 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 	    add_to_strlist (&dupelist, certid[0]);
 	    count++;
 	  }
-        my_ldap_value_free (certid);
       }
 
     if (ldap_err == LDAP_SIZELIMIT_EXCEEDED)
@@ -1192,26 +1240,18 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 	    LDAPMessage *uids;
 
 	    certid = ldap_get_values (ldap_conn, each, "pgpcertid");
-	    if (!certid || !certid[0])
-              {
-                my_ldap_value_free (certid);
-                continue;
-              }
+	    if (! certid || ! certid[0])
+	      continue;
 
 	    /* Have we seen this certid before? */
 	    if (! strlist_find (dupelist, certid[0]))
 	      {
 		add_to_strlist (&dupelist, certid[0]);
 
-                vals = ldap_get_values (ldap_conn, each, "gpgfingerprint");
-                if (vals && vals[0] && vals[0][0])
-                  es_fprintf (fp, "pub:%s:", vals[0]);
-                else
-                  es_fprintf (fp, "pub:%s:", certid[0]);
-                my_ldap_value_free (vals);
+		es_fprintf (fp, "pub:%s:",certid[0]);
 
 		vals = ldap_get_values (ldap_conn, each, "pgpkeytype");
-		if (vals && vals[0])
+		if (vals)
 		  {
 		    /* The LDAP server doesn't exactly handle this
 		       well. */
@@ -1219,60 +1259,60 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 		      es_fputs ("1", fp);
 		    else if (strcasecmp (vals[0], "DSS/DH") == 0)
 		      es_fputs ("17", fp);
+		    ldap_value_free (vals);
 		  }
-		my_ldap_value_free (vals);
 
 		es_fputc (':', fp);
 
 		vals = ldap_get_values (ldap_conn, each, "pgpkeysize");
-		if (vals && vals[0])
+		if (vals)
 		  {
 		    /* Not sure why, but some keys are listed with a
 		       key size of 0.  Treat that like an unknown. */
 		    if (atoi (vals[0]) > 0)
 		      es_fprintf (fp, "%d", atoi (vals[0]));
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 
 		es_fputc (':', fp);
 
 		/* YYYYMMDDHHmmssZ */
 
 		vals = ldap_get_values (ldap_conn, each, "pgpkeycreatetime");
-		if(vals && vals[0] && strlen (vals[0]) == 15)
+		if(vals && strlen (vals[0]) == 15)
 		  {
 		    es_fprintf (fp, "%u",
 				(unsigned int) ldap2epochtime(vals[0]));
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 
 		es_fputc (':', fp);
 
 		vals = ldap_get_values (ldap_conn, each, "pgpkeyexpiretime");
-		if (vals && vals[0] && strlen (vals[0]) == 15)
+		if (vals && strlen (vals[0]) == 15)
 		  {
 		    es_fprintf (fp, "%u",
 				(unsigned int) ldap2epochtime (vals[0]));
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 
 		es_fputc (':', fp);
 
 		vals = ldap_get_values (ldap_conn, each, "pgprevoked");
-		if (vals && vals[0])
+		if (vals)
 		  {
 		    if (atoi (vals[0]) == 1)
 		      es_fprintf (fp, "r");
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 
 		vals = ldap_get_values (ldap_conn, each, "pgpdisabled");
-		if (vals && vals[0])
+		if (vals)
 		  {
 		    if (atoi (vals[0]) ==1)
 		      es_fprintf (fp, "d");
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 
 #if 0
 		/* This is not yet specified in the keyserver
@@ -1280,12 +1320,12 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 		es_fputc (':', fp);
 
 		vals = ldap_get_values (ldap_conn, each, "modifytimestamp");
-		if(vals && vals[0] strlen (vals[0]) == 15)
+		if(vals && strlen (vals[0]) == 15)
 		  {
 		    es_fprintf (fp, "%u",
 				(unsigned int) ldap2epochtime (vals[0]));
+		    ldap_value_free (vals);
 		  }
-                my_ldap_value_free (vals);
 #endif
 
 		es_fprintf (fp, "\n");
@@ -1296,13 +1336,10 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 		     uids = ldap_next_entry (ldap_conn, uids))
 		  {
 		    vals = ldap_get_values (ldap_conn, uids, "pgpcertid");
-                    if (!vals || !vals[0])
-                      {
-                        my_ldap_value_free (vals);
-                        continue;
-                      }
+		    if (! vals)
+		      continue;
 
-		    if (!ascii_strcasecmp (certid[0], vals[0]))
+		    if (strcasecmp (certid[0], vals[0]) == 0)
 		      {
 			char **uidvals;
 
@@ -1312,14 +1349,12 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 						   uids, "pgpuserid");
 			if (uidvals)
 			  {
-			    /* Need to percent escape any colons */
-                            char *quoted = try_percent_escape (uidvals[0],
-                                                               NULL);
-                            if (quoted)
-                              es_fputs (quoted, fp);
+			    /* Need to escape any colons */
+			    char *quoted = percent_escape (uidvals[0], NULL);
+			    es_fputs (quoted, fp);
 			    xfree (quoted);
+			    ldap_value_free (uidvals);
 			  }
-                        my_ldap_value_free (uidvals);
 
 			es_fprintf (fp, "\n");
 		      }
@@ -1328,7 +1363,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 		  }
 	      }
 
-            my_ldap_value_free (certid);
+	      ldap_value_free (certid);
 	  }
       }
 
@@ -1342,7 +1377,8 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
  out:
   if (err)
     {
-      es_fclose (fp);
+      if (fp)
+	es_fclose (fp);
     }
   else
     {
@@ -1659,7 +1695,7 @@ uncescape (char *str)
 	  && hexdigitp (str + r + 3))
 	{
 	  int x = hextobyte (&str[r + 2]);
-	  log_assert (0 <= x && x <= 0xff);
+	  assert (0 <= x && x <= 0xff);
 
 	  str[w] = x;
 
@@ -1924,7 +1960,7 @@ extract_attributes (LDAPMod ***modlist, int *extract_state,
 
       uncescape (uid);
       modlist_add (modlist, "pgpUserID", uid);
-      if (schemav2 && (mbox = mailbox_from_userid (uid)))
+      if (schemav2 && (mbox = mailbox_from_userid (uid, 0)))
         {
           modlist_add (modlist, "gpgMailbox", mbox);
           xfree (mbox);
@@ -1975,10 +2011,12 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
-  err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL, &serverinfo);
-  if (err || !basedn)
+  ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &serverinfo);
+  if (ldap_err || !basedn)
     {
-      if (!err)
+      if (ldap_err)
+	err = ldap_err_to_gpg_err (ldap_err);
+      else
 	err = GPG_ERR_GENERAL;
       goto out;
     }
@@ -2032,8 +2070,8 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
     {
       dump = es_fopen("/tmp/modlist.txt", "w");
       if (! dump)
-	log_error ("failed to open /tmp/modlist.txt: %s\n",
-		   gpg_strerror (gpg_error_from_syserror ()));
+	log_error ("Failed to open /tmp/modlist.txt: %s\n",
+		   strerror (errno));
 
       if (dump)
 	{
diff --git a/dirmngr/ldap-misc.c b/dirmngr/ldap-misc.c
deleted file mode 100644
index 42f9c7a..0000000
--- a/dirmngr/ldap-misc.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/* ldap-misc.c - Miscellaneous helpers for LDAP functions
- * Copyright (C) 2015, 2021 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "dirmngr-err.h"
-#include "../common/util.h"
-#include "ldap-misc.h"
-
-
-/* Convert an LDAP error to a GPG error.  */
-gpg_err_code_t
-ldap_err_to_gpg_err (int code)
-{
-  gpg_err_code_t ec;
-
-  switch (code)
-    {
-#ifdef LDAP_X_CONNECTING
-    case LDAP_X_CONNECTING: ec = GPG_ERR_LDAP_X_CONNECTING; break;
-#endif
-
-    case LDAP_REFERRAL_LIMIT_EXCEEDED: ec = GPG_ERR_LDAP_REFERRAL_LIMIT; break;
-    case LDAP_CLIENT_LOOP: ec = GPG_ERR_LDAP_CLIENT_LOOP; break;
-    case LDAP_NO_RESULTS_RETURNED: ec = GPG_ERR_LDAP_NO_RESULTS; break;
-    case LDAP_CONTROL_NOT_FOUND: ec = GPG_ERR_LDAP_CONTROL_NOT_FOUND; break;
-    case LDAP_NOT_SUPPORTED: ec = GPG_ERR_LDAP_NOT_SUPPORTED; break;
-    case LDAP_CONNECT_ERROR: ec = GPG_ERR_LDAP_CONNECT; break;
-    case LDAP_NO_MEMORY: ec = GPG_ERR_LDAP_NO_MEMORY; break;
-    case LDAP_PARAM_ERROR: ec = GPG_ERR_LDAP_PARAM; break;
-    case LDAP_USER_CANCELLED: ec = GPG_ERR_LDAP_USER_CANCELLED; break;
-    case LDAP_FILTER_ERROR: ec = GPG_ERR_LDAP_FILTER; break;
-    case LDAP_AUTH_UNKNOWN: ec = GPG_ERR_LDAP_AUTH_UNKNOWN; break;
-    case LDAP_TIMEOUT: ec = GPG_ERR_LDAP_TIMEOUT; break;
-    case LDAP_DECODING_ERROR: ec = GPG_ERR_LDAP_DECODING; break;
-    case LDAP_ENCODING_ERROR: ec = GPG_ERR_LDAP_ENCODING; break;
-    case LDAP_LOCAL_ERROR: ec = GPG_ERR_LDAP_LOCAL; break;
-    case LDAP_SERVER_DOWN: ec = GPG_ERR_LDAP_SERVER_DOWN; break;
-
-    case LDAP_SUCCESS: ec = GPG_ERR_LDAP_SUCCESS; break;
-
-    case LDAP_OPERATIONS_ERROR: ec = GPG_ERR_LDAP_OPERATIONS; break;
-    case LDAP_PROTOCOL_ERROR: ec = GPG_ERR_LDAP_PROTOCOL; break;
-    case LDAP_TIMELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_TIMELIMIT; break;
-    case LDAP_SIZELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_SIZELIMIT; break;
-    case LDAP_COMPARE_FALSE: ec = GPG_ERR_LDAP_COMPARE_FALSE; break;
-    case LDAP_COMPARE_TRUE: ec = GPG_ERR_LDAP_COMPARE_TRUE; break;
-    case LDAP_AUTH_METHOD_NOT_SUPPORTED: ec=GPG_ERR_LDAP_UNSUPPORTED_AUTH;break;
-    case LDAP_STRONG_AUTH_REQUIRED: ec = GPG_ERR_LDAP_STRONG_AUTH_RQRD; break;
-    case LDAP_PARTIAL_RESULTS: ec = GPG_ERR_LDAP_PARTIAL_RESULTS; break;
-    case LDAP_REFERRAL: ec = GPG_ERR_LDAP_REFERRAL; break;
-
-#ifdef LDAP_ADMINLIMIT_EXCEEDED
-    case LDAP_ADMINLIMIT_EXCEEDED: ec = GPG_ERR_LDAP_ADMINLIMIT; break;
-#endif
-
-#ifdef LDAP_UNAVAILABLE_CRITICAL_EXTENSION
-    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
-                               ec = GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN; break;
-#endif
-
-    case LDAP_CONFIDENTIALITY_REQUIRED: ec = GPG_ERR_LDAP_CONFIDENT_RQRD; break;
-    case LDAP_SASL_BIND_IN_PROGRESS: ec = GPG_ERR_LDAP_SASL_BIND_INPROG; break;
-    case LDAP_NO_SUCH_ATTRIBUTE: ec = GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE; break;
-    case LDAP_UNDEFINED_TYPE: ec = GPG_ERR_LDAP_UNDEFINED_TYPE; break;
-    case LDAP_INAPPROPRIATE_MATCHING: ec = GPG_ERR_LDAP_BAD_MATCHING; break;
-    case LDAP_CONSTRAINT_VIOLATION: ec = GPG_ERR_LDAP_CONST_VIOLATION; break;
-
-#ifdef LDAP_TYPE_OR_VALUE_EXISTS
-    case LDAP_TYPE_OR_VALUE_EXISTS: ec = GPG_ERR_LDAP_TYPE_VALUE_EXISTS; break;
-#endif
-
-    case LDAP_INVALID_SYNTAX: ec = GPG_ERR_LDAP_INV_SYNTAX; break;
-    case LDAP_NO_SUCH_OBJECT: ec = GPG_ERR_LDAP_NO_SUCH_OBJ; break;
-    case LDAP_ALIAS_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_PROBLEM; break;
-    case LDAP_INVALID_DN_SYNTAX: ec = GPG_ERR_LDAP_INV_DN_SYNTAX; break;
-    case LDAP_IS_LEAF: ec = GPG_ERR_LDAP_IS_LEAF; break;
-    case LDAP_ALIAS_DEREF_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_DEREF; break;
-
-#ifdef LDAP_X_PROXY_AUTHZ_FAILURE
-    case LDAP_X_PROXY_AUTHZ_FAILURE: ec = GPG_ERR_LDAP_X_PROXY_AUTH_FAIL; break;
-#endif
-
-    case LDAP_INAPPROPRIATE_AUTH: ec = GPG_ERR_LDAP_BAD_AUTH; break;
-    case LDAP_INVALID_CREDENTIALS: ec = GPG_ERR_LDAP_INV_CREDENTIALS; break;
-
-#ifdef LDAP_INSUFFICIENT_ACCESS
-    case LDAP_INSUFFICIENT_ACCESS: ec = GPG_ERR_LDAP_INSUFFICIENT_ACC; break;
-#endif
-
-    case LDAP_BUSY: ec = GPG_ERR_LDAP_BUSY; break;
-    case LDAP_UNAVAILABLE: ec = GPG_ERR_LDAP_UNAVAILABLE; break;
-    case LDAP_UNWILLING_TO_PERFORM: ec = GPG_ERR_LDAP_UNWILL_TO_PERFORM; break;
-    case LDAP_LOOP_DETECT: ec = GPG_ERR_LDAP_LOOP_DETECT; break;
-    case LDAP_NAMING_VIOLATION: ec = GPG_ERR_LDAP_NAMING_VIOLATION; break;
-    case LDAP_OBJECT_CLASS_VIOLATION: ec = GPG_ERR_LDAP_OBJ_CLS_VIOLATION; break;
-    case LDAP_NOT_ALLOWED_ON_NONLEAF: ec=GPG_ERR_LDAP_NOT_ALLOW_NONLEAF;break;
-    case LDAP_NOT_ALLOWED_ON_RDN: ec = GPG_ERR_LDAP_NOT_ALLOW_ON_RDN; break;
-    case LDAP_ALREADY_EXISTS: ec = GPG_ERR_LDAP_ALREADY_EXISTS; break;
-    case LDAP_NO_OBJECT_CLASS_MODS: ec = GPG_ERR_LDAP_NO_OBJ_CLASS_MODS; break;
-    case LDAP_RESULTS_TOO_LARGE: ec = GPG_ERR_LDAP_RESULTS_TOO_LARGE; break;
-    case LDAP_AFFECTS_MULTIPLE_DSAS: ec = GPG_ERR_LDAP_AFFECTS_MULT_DSAS; break;
-
-#ifdef LDAP_VLV_ERROR
-    case LDAP_VLV_ERROR: ec = GPG_ERR_LDAP_VLV; break;
-#endif
-
-    case LDAP_OTHER: ec = GPG_ERR_LDAP_OTHER; break;
-
-#ifdef LDAP_CUP_RESOURCES_EXHAUSTED
-    case LDAP_CUP_RESOURCES_EXHAUSTED: ec=GPG_ERR_LDAP_CUP_RESOURCE_LIMIT;break;
-    case LDAP_CUP_SECURITY_VIOLATION: ec=GPG_ERR_LDAP_CUP_SEC_VIOLATION; break;
-    case LDAP_CUP_INVALID_DATA: ec = GPG_ERR_LDAP_CUP_INV_DATA; break;
-    case LDAP_CUP_UNSUPPORTED_SCHEME: ec = GPG_ERR_LDAP_CUP_UNSUP_SCHEME; break;
-    case LDAP_CUP_RELOAD_REQUIRED: ec = GPG_ERR_LDAP_CUP_RELOAD; break;
-#endif
-
-#ifdef LDAP_CANCELLED
-    case LDAP_CANCELLED: ec = GPG_ERR_LDAP_CANCELLED; break;
-#endif
-
-#ifdef LDAP_NO_SUCH_OPERATION
-    case LDAP_NO_SUCH_OPERATION: ec = GPG_ERR_LDAP_NO_SUCH_OPERATION; break;
-#endif
-
-#ifdef LDAP_TOO_LATE
-    case LDAP_TOO_LATE: ec = GPG_ERR_LDAP_TOO_LATE; break;
-#endif
-
-#ifdef LDAP_CANNOT_CANCEL
-    case LDAP_CANNOT_CANCEL: ec = GPG_ERR_LDAP_CANNOT_CANCEL; break;
-#endif
-
-#ifdef LDAP_ASSERTION_FAILED
-    case LDAP_ASSERTION_FAILED: ec = GPG_ERR_LDAP_ASSERTION_FAILED; break;
-#endif
-
-#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED
-    case LDAP_PROXIED_AUTHORIZATION_DENIED:
-                                      ec = GPG_ERR_LDAP_PROX_AUTH_DENIED; break;
-#endif
-
-    default:
-#if defined(LDAP_E_ERROR) && defined(LDAP_X_ERROR)
-      if (LDAP_E_ERROR (code))
-        ec = GPG_ERR_LDAP_E_GENERAL;
-      else if (LDAP_X_ERROR (code))
-        ec = GPG_ERR_LDAP_X_GENERAL;
-      else
-#endif
-        ec = GPG_ERR_LDAP_GENERAL;
-      break;
-    }
-
-  return ec;
-}
-
-
-/* Retrieve an LDAP error and return it's GPG equivalent.  */
-gpg_err_code_t
-ldap_to_gpg_err (LDAP *ld)
-{
-#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
-  int err;
-
-  if (ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, &err) == 0)
-    return ldap_err_to_gpg_err (err);
-  else
-    return GPG_ERR_GENERAL;
-#elif defined(HAVE_LDAP_LD_ERRNO)
-  return ldap_err_to_gpg_err (ld->ld_errno);
-#else
-  /* We should never get here since the LDAP library should always
-     have either ldap_get_option or ld_errno, but just in case... */
-  return GPG_ERR_INTERNAL;
-#endif
-}
-
-
-
-/* Parse an extended filter syntax as used by dirmngr_ldap.c
- * For example:
- *
- *   ^CN=foo, OU=My Users&(objectClasses=*)
- *
- * Uses "CN=foo, OU=My Users" as base DN and "(objectClasses=*)" as
- * filter.  If the base prefix includes an ampersand, it needs to be
- * doubled.  The usual escaping rules for DNs (for the base) and
- * filters apply.  Other examples:
- *
- *  ^CN=foo, OU=My Users&
- *
- * Use just the base DN.
- *
- *  ^CN=foo, OU=My Users&SCOPE&
- *
- * Specify the scope which is "base", "one", or "sub".  May of course
- * also be followed by a filter.
- *
- *  ^&SCOPE&(objectClasses=*)
- *
- * Give a scope and a filter.  Note that R_SCOPE is only changed if a
- * STRING has scope parameter.  Setting this initally to -1 allows to
- * detect this case.
- */
-gpg_error_t
-ldap_parse_extfilter (const char *string, int silent,
-                      char **r_base, int *r_scope, char **r_filter)
-{
-  gpg_error_t err = 0;
-  char *base = NULL;
-  char *filter = NULL;
-  const char *s;
-  char *p;
-
-  if (r_base)
-    *r_base = NULL;
-  if (r_filter)
-    *r_filter = NULL;
-
-  if (*string == '^')
-    {
-      string++;
-      base = xtrymalloc (strlen (string)+1);
-      if (!base)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      for (s=string, p=base; *s; s++)
-        {
-          *p++ = *s;
-          if (*s == '&' && s[1] == '&')
-            s++;  /* Skip quoted ampersand.  */
-          else if (*s == '&')
-            {
-              p--;
-              break;
-            }
-        }
-      *p = 0;
-      if (!*s)
-        {
-          if (!silent)
-            log_info ("LDAP extended filter is not terminated\n");
-          err = gpg_error (GPG_ERR_SYNTAX);
-          goto leave;
-        }
-      string = s + 1;
-    }
-
-  if (!*string)
-    goto leave; /* ready.  */
-
-  if (!strncmp (string, "base&", 5))
-    {
-      string += 5;
-      if (r_scope)
-        *r_scope = LDAP_SCOPE_BASE;
-    }
-  else if (!strncmp (string, "one&", 4))
-    {
-      string += 4;
-      if (r_scope)
-        *r_scope = LDAP_SCOPE_ONELEVEL;
-    }
-  else if (!strncmp (string, "sub&", 4))
-    {
-      string += 4;
-      if (r_scope)
-        *r_scope = LDAP_SCOPE_SUBTREE;
-    }
-
-  if (!*string)
-    goto leave; /* ready.  */
-
-  if (*string != '(')
-    {
-      if (!silent)
-        log_info ("LDAP filter does not start with a left parentheses\n");
-      return gpg_error (GPG_ERR_SYNTAX);
-    }
-  if (string[strlen(string)-1] != ')')
-    {
-      if (!silent)
-        log_info ("LDAP filter does not end with a right parentheses\n");
-      return gpg_error (GPG_ERR_SYNTAX);
-    }
-
-  filter = xtrystrdup (string);
-  if (!filter)
-    err = gpg_error_from_syserror ();
-
- leave:
-  if (err)
-    {
-      xfree (base);
-      xfree (filter);
-    }
-  else
-    {
-      if (r_base)
-        *r_base = base;
-      else
-        xfree (base);
-      if (r_filter)
-        *r_filter = filter;
-      else
-        xfree (filter);
-    }
-  return err;
-}
diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c
index c36763e..573bcc7 100644
--- a/dirmngr/ldap-parse-uri.c
+++ b/dirmngr/ldap-parse-uri.c
@@ -30,27 +30,24 @@
 #include "../common/util.h"
 #include "http.h"
 
-/* Returns 1 if the string is an LDAP URL (begins with ldap:, ldaps:
-   or ldapi:).  */
+/* Returns 1 if the string is an LDAP URL.  */
 int
 ldap_uri_p (const char *url)
 {
-  char *colon = strchr (url, ':');
+  parsed_uri_t puri;
+  int result;
 
-  if (!colon)
-    return 0;
+  if (http_parse_uri (&puri, url, 1))
+    result = 0;
   else
-    {
-      int offset = (uintptr_t) colon - (uintptr_t) url;
+    result = !!puri->is_ldap;
 
-      if (   (offset == 4 && !ascii_memcasecmp (url, "ldap", 4))
-	  || (offset == 5 && (!ascii_memcasecmp (url, "ldaps", 5)
-                              || !ascii_memcasecmp (url, "ldapi", 5))))
-	return 1;
-      return 0;
-    }
+  http_release_parsed_uri (puri);
+
+  return result;
 }
 
+
 /* Parse a URI and put the result into *purip.  On success the
    caller must use http_release_parsed_uri() to releases the resources.
 
diff --git a/dirmngr/ldap-url.c b/dirmngr/ldap-url.c
index 0cb5d4a..8308514 100644
--- a/dirmngr/ldap-url.c
+++ b/dirmngr/ldap-url.c
@@ -100,25 +100,6 @@ void ldap_pvt_hex_unescape( char *s );
 # define LDAP_SCOPE_DEFAULT -1
 #endif
 
-#if __GNUC__
-# define MY_GCC_VERSION (__GNUC__ * 10000 \
-                         + __GNUC_MINOR__ * 100 \
-                         + __GNUC_PATCHLEVEL__)
-#else
-# define MY_GCC_VERSION 0
-#endif
-
-
-/* Avoid warnings about strncpy usage.  */
-#if MY_GCC_VERSION >= 80000
-# pragma GCC diagnostic ignored "-Wstringop-truncation"
-# pragma GCC diagnostic ignored "-Wstringop-overflow"
-#elif defined __clang__
-# pragma clang diagnostic ignored "-Wstringop-truncation"
-# pragma clang diagnostic ignored "-Wstringop-overflow"
-#endif
-
-
 
 
 /* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.9.2.2 2003/03/03 17:10:04 kurt Exp $ */
diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index 42bc38a..31de6e0 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -21,11 +21,10 @@
 /*
  * We can't use LDAP directly for these reasons:
  *
- * 1. On some systems the LDAP library uses (indirectly) pthreads and
- *    that is not compatible with GNU Pth.  Since 2.1 we use nPth
- *    instead of GNU Pth which does not have this problem anymore
- *    because it will use pthreads if the platform supports it.  Thus
- *    this was a historical reasons.
+ * 1. The LDAP library is linked to separate crypto library like
+ *    OpenSSL and even if it is linked to the library we use in dirmngr
+ *    (ntbtls or gnutls) it is sometimes a different version of that
+ *    library with all the surprising failures you may get due to this.
  *
  * 2. It is huge library in particular if TLS comes into play.  So
  *    problems with unfreed memory might turn up and we don't want
@@ -184,7 +183,7 @@ destroy_wrapper (struct wrapper_context_s *ctx)
 }
 
 
-/* Print the content of LINE to thye log stream but make sure to only
+/* Print the content of LINE to the log stream but make sure to only
    print complete lines.  Using NULL for LINE will flush any pending
    output.  LINE may be modified by this function. */
 static void
@@ -373,12 +372,13 @@ ldap_reaper_thread (void *dummy)
 
       if (DBG_EXTPROG)
         {
-          log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n",
+          log_debug ("ldap-reaper: next run (count=%d size=%d timeout=%d)\n",
                      count, fparraysize, millisecs);
           for (count=0; count < fparraysize; count++)
             if (!fparray[count].ignore)
-              log_debug ("ldap-reaper: fp[%d] stream=%p want=%d\n",
-                         count, fparray[count].stream,fparray[count].want_read);
+              log_debug ("ldap-reaper: fp[%d] stream=%p %s\n",
+                         count, fparray[count].stream,
+                         fparray[count].want_read? "want_read":"");
         }
 
       ret = es_poll (fparray, fparraysize, millisecs);
@@ -401,7 +401,7 @@ ldap_reaper_thread (void *dummy)
         {
           for (count=0; count < fparraysize; count++)
             if (!fparray[count].ignore)
-              log_debug ("ldap-reaper: fp[%d] stream=%p r=%d %c%c%c%c%c%c%c\n",
+              log_debug ("ldap-reaper: fp[%d] stream=%p rc=%d %c%c%c%c%c%c%c\n",
                          count, fparray[count].stream, ret,
                          fparray[count].got_read? 'r':'-',
                          fparray[count].got_write?'w':'-',
@@ -494,7 +494,7 @@ ldap_reaper_thread (void *dummy)
          * wrappers.  */
         if (any_action && DBG_EXTPROG)
           {
-            log_debug ("ldap worker stati:\n");
+            log_debug ("ldap worker states:\n");
             for (ctx = reaper_list; ctx; ctx = ctx->next)
               log_debug ("  c=%p pid=%d/%d rdr=%p logfp=%p"
                          " ctrl=%p/%d la=%lu rdy=%d\n",
@@ -548,7 +548,7 @@ ldap_reaper_launch_thread (void)
 #ifdef HAVE_W32_SYSTEM
   /* Static init does not yet work in W32 nPth.  */
   if (npth_cond_init (&reaper_run_cond, NULL))
-    log_fatal ("%s: failed to init condition variable: %s\n",
+    log_fatal ("%s: failed to init condition variabale: %s\n",
                __func__, gpg_strerror (gpg_error_from_syserror ()));
 #endif
 
@@ -714,8 +714,9 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
 
       if (DBG_EXTPROG)
         {
-          log_debug ("%s: fp[0] stream=%p want=%d\n",
-                     __func__, fparray[0].stream,fparray[0].want_read);
+          log_debug ("%s: fp[0] stream=%p %s\n",
+                     __func__, fparray[0].stream,
+                     fparray[0].want_read?"want_read":"");
         }
 
       ret = es_poll (fparray, DIM (fparray), millisecs);
@@ -729,7 +730,7 @@ reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
         }
       if (DBG_EXTPROG)
         {
-          log_debug ("%s: fp[0] stream=%p r=%d %c%c%c%c%c%c%c\n",
+          log_debug ("%s: fp[0] stream=%p rc=%d %c%c%c%c%c%c%c\n",
                      __func__, fparray[0].stream, ret,
                      fparray[0].got_read? 'r':'-',
                      fparray[0].got_write?'w':'-',
@@ -856,9 +857,9 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
   err = gnupg_spawn_process (pgmname, arg_list,
                              NULL, NULL, GNUPG_SPAWN_NONBLOCK,
                              NULL, &outfp, &errfp, &pid);
+  xfree (arg_list);
   if (err)
     {
-  xfree (arg_list);
       xfree (ctx);
       log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
       return err;
@@ -877,7 +878,6 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
     err = ksba_reader_set_cb (*reader, reader_callback, ctx);
   if (err)
     {
-      xfree (arg_list);
       log_error (_("error initializing reader object: %s\n"),
                  gpg_strerror (err));
       destroy_wrapper (ctx);
@@ -899,15 +899,8 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
   unlock_reaper_list ();
 
   if (DBG_EXTPROG)
-    {
-      log_debug ("ldap wrapper %d started (%p, %s)",
-                 (int)ctx->pid, ctx->reader, pgmname);
-      for (i=0; arg_list[i]; i++)
-        log_printf (" [%s]", arg_list[i]);
-      log_printf ("\n");
-    }
-  xfree (arg_list);
-
+    log_debug ("ldap wrapper %d started (%p, %s)\n",
+               (int)ctx->pid, ctx->reader, pgmname);
 
   /* Need to wait for the first byte so we are able to detect an empty
      output and not let the consumer see an EOF without further error
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 86c2060..ffe54ba 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -1,12 +1,12 @@
 /* ldap.c - LDAP access
  * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2010, 2021 g10 Code GmbH
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2010 g10 Code GmbH
  *
- * This file is part of GnuPG.
+ * This file is part of DirMngr.
  *
- * GnuPG is free software; you can redistribute it and/or modify
+ * DirMngr is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
+ * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
  *
  * DirMngr is distributed in the hope that it will be useful,
@@ -15,8 +15,8 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
 #include <config.h>
@@ -36,7 +36,6 @@
 #include "ldapserver.h"
 #include "misc.h"
 #include "ldap-wrapper.h"
-#include "ldap-url.h"
 #include "../common/host2net.h"
 
 
@@ -117,15 +116,14 @@ static gpg_error_t
 run_ldap_wrapper (ctrl_t ctrl,
                   int ignore_timeout,
                   int multi_mode,
-                  int tls_mode,
-                  int ntds,
                   const char *proxy,
                   const char *host, int port,
                   const char *user, const char *pass,
-                  const char *base, const char *filter, const char *attr,
+                  const char *dn, const char *filter, const char *attr,
+                  const char *url,
                   ksba_reader_t *reader)
 {
-  const char *argv[50];
+  const char *argv[40];
   int argc;
   char portbuf[30], timeoutbuf[30];
 
@@ -133,7 +131,7 @@ run_ldap_wrapper (ctrl_t ctrl,
   *reader = NULL;
 
   argc = 0;
-  if (pass && *pass)  /* Note, that the password must be the first item.  */
+  if (pass)  /* Note, that the password must be the first item.  */
     {
       argv[argc++] = "--pass";
       argv[argc++] = pass;
@@ -147,18 +145,9 @@ run_ldap_wrapper (ctrl_t ctrl,
   argv[argc++] = "--log-with-pid";
   if (multi_mode)
     argv[argc++] = "--multi";
-
-  if (tls_mode == 1)
-    argv[argc++] = "--starttls";
-  else if (tls_mode)
-    argv[argc++] = "--ldaptls";
-
-  if (ntds)
-    argv[argc++] = "--ntds";
-
   if (opt.ldaptimeout)
     {
-      snprintf (timeoutbuf, sizeof timeoutbuf, "%u", opt.ldaptimeout);
+      sprintf (timeoutbuf, "%u", opt.ldaptimeout);
       argv[argc++] = "--timeout";
       argv[argc++] = timeoutbuf;
       if (ignore_timeout)
@@ -169,7 +158,7 @@ run_ldap_wrapper (ctrl_t ctrl,
       argv[argc++] = "--proxy";
       argv[argc++] = proxy;
     }
-  if (host && *host)
+  if (host)
     {
       argv[argc++] = "--host";
       argv[argc++] = host;
@@ -180,24 +169,27 @@ run_ldap_wrapper (ctrl_t ctrl,
       argv[argc++] = "--port";
       argv[argc++] = portbuf;
     }
-  if (user && *user)
+  if (user)
     {
       argv[argc++] = "--user";
       argv[argc++] = user;
     }
-  if (base && *base)
+  if (dn)
+    {
+      argv[argc++] = "--dn";
+      argv[argc++] = dn;
+    }
+  if (filter)
     {
-      argv[argc++] = "--base";
-      argv[argc++] = base;
+      argv[argc++] = "--filter";
+      argv[argc++] = filter;
     }
   if (attr)
     {
       argv[argc++] = "--attr";
       argv[argc++] = attr;
     }
-
-  if (filter)
-    argv[argc++] = filter;
+  argv[argc++] = url? url : "ldap://";
   argv[argc] = NULL;
 
   return ldap_wrapper (ctrl, reader, argv);
@@ -210,48 +202,19 @@ run_ldap_wrapper (ctrl_t ctrl,
    reader is returned.  If HOST or PORT are not 0, they are used to
    override the values from the URL. */
 gpg_error_t
-url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
+url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port,
+                ksba_reader_t *reader)
 {
   gpg_error_t err;
-  LDAPURLDesc *ludp = NULL;
-  int tls_mode;
-
-  if (!ldap_is_ldap_url (url))
-    {
-      log_error (_("'%s' is not an LDAP URL\n"), url);
-      return gpg_error (GPG_ERR_INV_URI);
-    }
-
-  if (ldap_url_parse (url, &ludp))
-    {
-      log_error (_("'%s' is an invalid LDAP URL\n"), url);
-      return gpg_error (GPG_ERR_INV_URI);
-    }
-
-  if (ludp->lud_filter && ludp->lud_filter[0] != '(')
-    {
-      log_error (_("'%s' is an invalid LDAP URL\n"), url);
-      err = gpg_error (GPG_ERR_BAD_URI);
-      goto leave;
-    }
-
-  if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))
-    tls_mode = 2; /* LDAP-over-TLS here becuase we get it from certs. */
-  else
-    tls_mode = 0;
 
   err = run_ldap_wrapper (ctrl,
                           1, /* Ignore explicit timeout because CRLs
                                 might be very large. */
-                          0, /* No Multi-mode.  */
-                          tls_mode,
-                          0, /* No AD authentication.  */
+                          0,
                           opt.ldap_proxy,
-                          ludp->lud_host, ludp->lud_port,
-                          NULL, NULL,  /* user, password */
-                          ludp->lud_dn,    /* Base DN */
-                          ludp->lud_filter,
-                          ludp->lud_attrs? ludp->lud_attrs[0] : NULL,
+                          host, port,
+                          NULL, NULL,
+                          NULL, NULL, NULL, url,
                           reader);
 
   /* FIXME: This option might be used for DoS attacks.  Because it
@@ -260,8 +223,17 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
      turn. */
   if (!err && opt.add_new_ldapservers && !opt.ldap_proxy)
     {
-      if (ludp->lud_host)
-        add_server_to_servers (ludp->lud_host, ludp->lud_port);
+      if (host)
+        add_server_to_servers (host, port);
+      else if (url)
+        {
+          char *tmp = host_and_port_from_url (url, &port);
+          if (tmp)
+            {
+              add_server_to_servers (tmp, port);
+              xfree (tmp);
+            }
+        }
     }
 
   /* If the lookup failed and we are not only using the proxy, we try
@@ -280,32 +252,19 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         {
 	  ldap_server_t server = iter.server;
 
-          if (server->starttls)
-            tls_mode = 1;
-          else if (server->ldap_over_tls)
-            tls_mode = 2;
-          else
-            tls_mode = 0;
-
           err = run_ldap_wrapper (ctrl,
                                   0,
-                                  0, /* No Multi-mode */
-                                  tls_mode,
-                                  server->ntds,
+                                  0,
                                   NULL,
                                   server->host, server->port,
-                                  server->user, server->pass,
-                                  server->base,
-                                  ludp->lud_filter,
-                                  ludp->lud_attrs? ludp->lud_attrs[0] : NULL,
+                                  NULL, NULL,
+                                  NULL, NULL, NULL, url,
                                   reader);
           if (!err)
             break;
         }
     }
 
- leave:
-  ldap_free_urldesc (ludp);
   return err;
 }
 
@@ -322,32 +281,20 @@ attr_fetch_ldap (ctrl_t ctrl,
 
   *reader = NULL;
 
-  /* FIXME; we might want to look at the Base DN to try matching
+  /* FIXME; we might want to look at the Base SN to try matching
      servers first. */
   for (ldapserver_iter_begin (&iter, ctrl); ! ldapserver_iter_end_p (&iter);
        ldapserver_iter_next (&iter))
     {
       ldap_server_t server = iter.server;
-      int tls_mode;
-
-      if (server->starttls)
-        tls_mode = 1;
-      else if (server->ldap_over_tls)
-        tls_mode = 2;
-      else
-        tls_mode = 0;
 
       err = run_ldap_wrapper (ctrl,
                               0,
                               0,
-                              tls_mode,
-                              server->ntds,
                               opt.ldap_proxy,
                               server->host, server->port,
                               server->user, server->pass,
-                              dn,
-                              "(objectClass=*)",
-                              attr,
+                              dn, "objectClass=*", attr, NULL,
                               reader);
       if (!err)
         break; /* Probably found a result. Ready. */
@@ -355,144 +302,46 @@ attr_fetch_ldap (ctrl_t ctrl,
   return err;
 }
 
-
 
-/* Return true if VALUE needs escaping.  */
-static int
-rfc2254_need_escape (const char *value)
-{
-  /* NUL needs to be escaped as well but we can represent that in
-   * VALUE, so no need for it.  */
-  return !!strpbrk (value, "*()\\");
-}
+/* Parse PATTERN and return a new strlist to be used for the actual
+   LDAP query.  Bit 0 of the flags field is set if that pattern is
+   actually a base specification.  Caller must release the returned
+   strlist.  NULL is returned on error.
 
-/* Escape VALUE using RFC-2254 rules.  Returns NULL on error. */
-static char *
-rfc2254_escape (const char *value)
-{
-  const char *s;
-  char *buffer, *p;
-  size_t length = 0;
-
-  for (s=value; *s; s++)
-    switch (*s)
-      {
-      case '*':
-      case '(':
-      case ')':
-      case '\\': length += 3; break;
-      default:   length++; break;
-      }
-
-  buffer = xtrymalloc (length+1);
-  if (!buffer)
-    return NULL;
-  p = buffer;
-  for (s=value; *s; s++)
-    switch (*s)
-      {
-      case '*':  p = stpcpy (p, "\\2a"); break;
-      case '(':  p = stpcpy (p, "\\28"); break;
-      case ')':  p = stpcpy (p, "\\29"); break;
-      case '\\': p = stpcpy (p, "\\5c"); break;
-      default:   *p++ = *s; break;
-      }
-  *p = 0;
-  return buffer;
-}
-
-
-/* Return true if VALUE needs escaping.  */
-static int
-extfilt_need_escape (const char *value)
-{
-  /* NUL needs to be escaped as well but we can represent that in
-   * VALUE, so no need for it.  */
-  return !!strchr (value, '&');
-}
-
-/* Escape VALUE using our extended filter rules from dirmngr_ldap.c.
- * Returns NULL on error. */
-static char *
-extfilt_escape (const char *value)
-{
-  const char *s;
-  char *buffer, *p;
-  size_t length = 0;
-
-  for (s=value; *s; s++)
-    {
-      length++;
-      if (*s == '&')
-        length++;
-    }
-
-  buffer = xtrymalloc (length+1);
-  if (!buffer)
-    return NULL;
-  p = buffer;
-  for (s=value; *s; s++)
-    {
-      *p++ = *s;
-      if (*s == '&')
-        *p++ = '&';
-    }
-  *p = 0;
-  return buffer;
-}
-
-
-/* Parse PATTERN and return a new filter expression for an LDAP query.
- * The extended filter syntax as known by dirmngr_ldap.c is used.
- * Caller must release the returned value.  R_RESULT is set to NULL on
- * error.
- *
- * Supported patterns:
+ * Possible patterns:
  *
- *  | Ok  | gpg style user id type                               |
- *  |-----+------------------------------------------------------|
- *  | no  | KeyID                                                |
- *  | no  | Fingerprint                                          |
- *  | no  | OpenPGP userid                                       |
- *  | yes | Email address  Indicated by a left angle bracket.    |
- *  | no  | Exact word match in user id or subj. name            |
- *  | yes | Subj. DN  indicated by a leading slash               |
- *  | no  | Issuer DN                                            |
- *  | no  | Serial number + subj. DN                             |
- *  | yes | Substring match indicated by a leading '*; (default) |
+ *   KeyID
+ *   Fingerprint
+ *   OpenPGP userid
+ * x Email address  Indicated by a left angle bracket.
+ *   Exact word match in user id or subj. name
+ * x Subj. DN  indicated bu a leading slash
+ *   Issuer DN
+ *   Serial number + subj. DN
+ * x Substring match indicated by a leading '*; is also the default.
  */
-static gpg_error_t
-make_one_filter (const char *pattern, char **r_result)
-{
-  gpg_error_t err = 0;
-  char *pattern_buffer = NULL;
-  char *result = NULL;
-  size_t n;
 
-  *r_result = NULL;
+strlist_t
+parse_one_pattern (const char *pattern)
+{
+  strlist_t result = NULL;
+  char *p;
 
   switch (*pattern)
     {
     case '<':			/* Email. */
       {
         pattern++;
-        if (rfc2254_need_escape (pattern)
-            && !(pattern = pattern_buffer = rfc2254_escape (pattern)))
-          {
-            err = gpg_error_from_syserror ();
-            goto leave;
-          }
-        result = strconcat ("(mail=", pattern, ")", NULL);
-        if (!result)
+	result = xmalloc (sizeof *result + 5 + strlen (pattern));
+        result->next = NULL;
+        result->flags = 0;
+	p = stpcpy (stpcpy (result->d, "mail="), pattern);
+	if (p[-1] == '>')
+	  *--p = 0;
+        if (!*result->d) /* Error. */
           {
-            err = gpg_error_from_syserror ();
-            goto leave;
-          }
-        n = strlen (result);
-        if (result[n-2] == '>') /* Strip trailing '>' */
-          {
-            result[n-2] = ')';
-            result[n-1] = 0;
+            xfree (result);
+            result = NULL;
           }
 	break;
       }
@@ -500,86 +349,125 @@ make_one_filter (const char *pattern, char **r_result)
       pattern++;
       if (*pattern)
         {
-          /* We need just the BaseDN.  This assumes that the Subject
-           * is correcly stored in the DT.  This is however not always
-           * the case and the actual DN is different ffrom the
-           * subject.  In this case we won't find anything.  */
-          if (extfilt_need_escape (pattern)
-              && !(pattern = pattern_buffer = extfilt_escape (pattern)))
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          result = strconcat ("^", pattern, "&base&", NULL);
-          if (!result)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
+          result = xmalloc (sizeof *result + strlen (pattern));
+          result->next = NULL;
+          result->flags = 1; /* Base spec. */
+          strcpy (result->d, pattern);
         }
       break;
-    case '#':			/* Issuer DN - Not yet working. */
+    case '#':			/* Issuer DN. */
       pattern++;
       if (*pattern == '/')  /* Just issuer DN. */
         {
           pattern++;
-          if (extfilt_need_escape (pattern)
-              && !(pattern = pattern_buffer = extfilt_escape (pattern)))
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          result = strconcat ("^", pattern, "&base&", NULL);
-          if (!result)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
 	}
       else  /* Serial number + issuer DN */
 	{
-
         }
       break;
     case '*':
       pattern++;
       /* fall through */
     default:			/* Take as substring match. */
-      if (*pattern)
-        {
-          if (rfc2254_need_escape (pattern)
-              && !(pattern = pattern_buffer = rfc2254_escape (pattern)))
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          result = strconcat ("(|(sn=*", pattern,
-                              "*)(|(cn=*", pattern,
-                              "*)(mail=*", pattern,
-                              "*)))", NULL);
-          if (!result)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-        }
+      {
+	const char format[] = "(|(sn=*%s*)(|(cn=*%s*)(mail=*%s*)))";
+
+        if (*pattern)
+          {
+            result = xmalloc (sizeof *result
+                              + strlen (format) + 3 * strlen (pattern));
+            result->next = NULL;
+            result->flags = 0;
+            sprintf (result->d, format, pattern, pattern, pattern);
+          }
+      }
       break;
     }
 
-  if (!result)
-    err = gpg_error (GPG_ERR_INV_USER_ID);
+  return result;
+}
 
- leave:
-  xfree (pattern_buffer);
-  if (err)
-    xfree (result);
+/* Take the string STRING and escape it according to the URL rules.
+   Return a newly allocated string. */
+static char *
+escape4url (const char *string)
+{
+  const char *s;
+  char *buf, *p;
+  size_t n;
+
+  if (!string)
+    string = "";
+
+  for (s=string,n=0; *s; s++)
+    if (strchr (UNENCODED_URL_CHARS, *s))
+      n++;
+    else
+      n += 3;
+
+  buf = malloc (n+1);
+  if (!buf)
+    return NULL;
+
+  for (s=string,p=buf; *s; s++)
+    if (strchr (UNENCODED_URL_CHARS, *s))
+      *p++ = *s;
+    else
+      {
+        sprintf (p, "%%%02X", *(const unsigned char *)s);
+        p += 3;
+      }
+  *p = 0;
+
+  return buf;
+}
+
+
+
+/* Create a LDAP URL from DN and FILTER and return it in URL.  We don't
+   need the host and port because this will be specified using the
+   override options. */
+static gpg_error_t
+make_url (char **url, const char *dn, const char *filter)
+{
+  gpg_error_t err;
+  char *u_dn, *u_filter;
+  char const attrs[] = (USERCERTIFICATE ","
+                        /* In 2005 wk mentioned in the changelog that
+                         * work on the userSMIMECertificate has
+                         * started but it seems that no further
+                         * progress was made or the whole thing was
+                         * simply forgotten.  */
+                        /* USERSMIMECERTIFICATE "," */
+                        CACERTIFICATE ","
+                        X509CACERT );
+
+  *url = NULL;
+
+  u_dn = escape4url (dn);
+  if (!u_dn)
+      return gpg_error_from_errno (errno);
+
+  u_filter = escape4url (filter);
+  if (!u_filter)
+    {
+      err = gpg_error_from_errno (errno);
+      xfree (u_dn);
+      return err;
+    }
+
+  *url = strconcat ("ldap:///", u_dn, "?", attrs, "?sub?", u_filter, NULL);
+  if (!*url)
+    err = gpg_error_from_syserror ();
   else
-    *r_result = result;
+    err = 0;
+
+  xfree (u_dn);
+  xfree (u_filter);
   return err;
 }
 
 
-
 /* Prepare an LDAP query to return the cACertificate attribute for DN.
  * All configured default servers are queried until one responds.
  * This function returns an error code or 0 and stored a newly
@@ -595,7 +483,7 @@ start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
   if (!*r_context)
     return gpg_error_from_errno (errno);
 
-  /* FIXME; we might want to look at the Base DN to try matching
+  /* FIXME; we might want to look at the Base SN to try matching
      servers first. */
   err = gpg_error (GPG_ERR_CONFIGURATION);
 
@@ -607,12 +495,10 @@ start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
       err = run_ldap_wrapper (ctrl,
                               0,
                               1,  /* --multi (record format) */
-                              0, /* No TLS */
-                              0, /* No AD authentication.  */
                               opt.ldap_proxy,
                               server->host, server->port,
                               server->user, server->pass,
-                              dn, "objectClass=*", "cACertificate",
+                              dn, "objectClass=*", "cACertificate", NULL,
                               &(*r_context)->reader);
       if (!err)
         break; /* Probably found a result. */
@@ -640,13 +526,12 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
   int port;
   char *user = NULL;
   char *pass = NULL;
-  char *base = NULL;
+  const char *base;
   char *argv[50];
   int argc = 0;
   int argc_malloced = 0;
   char portbuf[30], timeoutbuf[30];
-  int starttls, ldaptls, ntds;
-
+  int use_ldaps = 0;
 
   *r_context = NULL;
 
@@ -674,24 +559,17 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
           err = gpg_error_from_syserror ();
           goto leave;
         }
-      if (server->base && !(base = xtrystrdup (server->base)))
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-
-      starttls = server->starttls;
-      ldaptls  =  server->ldap_over_tls;
-      ntds     = server->ntds;
+      base = server->base;
+      use_ldaps = server->use_ldaps;
     }
   else /* Use a default server. */
-    {
-      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-      goto leave;
-    }
+    return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 
 
-  if (pass && *pass) /* Note: Must be the first item. */
+  if (!base)
+    base = "";
+
+  if (pass) /* Note: Must be the first item. */
     {
       argv[argc++] = "--pass";
       argv[argc++] = pass;
@@ -704,27 +582,20 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
 
   argv[argc++] = "--log-with-pid";
   argv[argc++] = "--multi";
-
-  if (starttls)
-    argv[argc++] = "--starttls";
-  else if (ldaptls)
-    argv[argc++] = "--ldaptls";
-
-  if (ntds)
-    argv[argc++] = "--ntds";
-
   if (opt.ldaptimeout)
     {
       snprintf (timeoutbuf, sizeof timeoutbuf, "%u", opt.ldaptimeout);
       argv[argc++] = "--timeout";
       argv[argc++] = timeoutbuf;
     }
-  if (proxy && *proxy)
+  if (opt.ldap_proxy)
     {
       argv[argc++] = "--proxy";
       argv[argc++] = proxy;
     }
-  if (host && *host)
+  if (use_ldaps)
+    argv[argc++] = "--tls";
+  if (host)
     {
       argv[argc++] = "--host";
       argv[argc++] = host;
@@ -735,49 +606,56 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
       argv[argc++] = "--port";
       argv[argc++] = portbuf;
     }
-  if (user && *user)
+  if (user)
     {
       argv[argc++] = "--user";
       argv[argc++] = user;
     }
-  if (base && *base)
-    {
-      argv[argc++] = "--base";
-      argv[argc++] = base;
-    }
-
 
   /* All entries in argv from this index on are malloc'ed.  */
   argc_malloced = argc;
 
   for (; patterns; patterns = patterns->next)
     {
+      strlist_t sl;
+      char *url;
+
       if (argc >= DIM (argv) - 1)
         {
           /* Too many patterns.  It does not make sense to allow an
              arbitrary number of patters because the length of the
              command line is limited anyway.  */
-          err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
-          goto leave;
+          /* fixme: cleanup. */
+          return gpg_error (GPG_ERR_RESOURCE_LIMIT);
         }
-      if (*patterns->d)
+      sl = parse_one_pattern (patterns->d);
+      if (!sl)
         {
-          err = make_one_filter (patterns->d, &argv[argc]);
-          if (err)
-            goto leave;
-          argc++;
+          log_error (_("start_cert_fetch: invalid pattern '%s'\n"),
+                     patterns->d);
+          err = gpg_error (GPG_ERR_INV_USER_ID);
+          goto leave;
         }
+      if ((sl->flags & 1))
+        err = make_url (&url, sl->d, "objectClass=*");
+      else
+        err = make_url (&url, base, sl->d);
+      free_strlist (sl);
+      if (err)
+        goto leave;
+      argv[argc++] = url;
     }
   argv[argc] = NULL;
 
   *r_context = xtrycalloc (1, sizeof **r_context);
   if (!*r_context)
     {
-      err = gpg_error_from_syserror ();
+      err = gpg_error_from_errno (errno);
       goto leave;
     }
 
   err = ldap_wrapper (ctrl, &(*r_context)->reader, (const char**)argv);
+
   if (err)
     {
       xfree (*r_context);
@@ -789,7 +667,6 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
     xfree (argv[argc_malloced]);
   xfree (proxy);
   xfree (host);
-  xfree (base);
   xfree (user);
   xfree (pass);
   return err;
diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 7d101c5..20a2bb1 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -48,7 +48,7 @@ ldapserver_list_free (ldap_server_t servers)
 
 /* Parse a single LDAP server configuration line.  Returns the server
    or NULL in case of errors.  The configuration line is assumed to be
-   colon seprated with these fields:
+   colon separated with these fields:
 
    1. field: Hostname
    2. field: Portnumber
@@ -57,14 +57,6 @@ ldapserver_list_free (ldap_server_t servers)
    5. field: Base DN
    6. field: Flags
 
-   Flags are:
-
-     starttls  := Use STARTTLS with a default port of 389
-     ldaptls   := Tunnel LDAP trough a TLS tunnel with default port 636
-     plain     := Switch to plain unsecured LDAP.
-     (The last of these 3 flags is the effective one)
-     ntds      := Use Active Directory authentication
-
    FILENAME and LINENO are used for diagnostic purposes only.
 */
 ldap_server_t
@@ -73,18 +65,14 @@ ldapserver_parse_one (char *line,
 {
   char *p;
   char *endp;
+  const char *s;
   ldap_server_t server;
   int fieldno;
   int fail = 0;
+  int i;
 
   /* Parse the colon separated fields.  */
-  server = xtrycalloc (1, sizeof *server);
-  if (!server)
-    {
-      fail = 1;
-      goto leave;
-    }
-
+  server = xcalloc (1, sizeof *server);
   for (fieldno = 1, p = line; p; p = endp, fieldno++ )
     {
       endp = strchr (p, ':');
@@ -94,9 +82,14 @@ ldapserver_parse_one (char *line,
       switch (fieldno)
 	{
 	case 1:
-          server->host = xtrystrdup (p);
-          if (!server->host)
-            fail = 1;
+	  if (*p)
+	    server->host = xstrdup (p);
+	  else
+	    {
+	      log_error (_("%s:%u: no hostname given\n"),
+			 filename, lineno);
+	      fail = 1;
+	    }
 	  break;
 
 	case 2:
@@ -105,85 +98,46 @@ ldapserver_parse_one (char *line,
 	  break;
 
 	case 3:
-          server->user = xtrystrdup (p);
-          if (!server->user)
-            fail = 1;
+	  if (*p)
+	    server->user = xstrdup (p);
 	  break;
 
 	case 4:
 	  if (*p && !server->user)
 	    {
-              if (filename)
-                log_error (_("%s:%u: password given without user\n"),
-                           filename, lineno);
-              else
-                log_error ("ldap: password given without user ('%s')\n", line);
+	      log_error (_("%s:%u: password given without user\n"),
+			 filename, lineno);
 	      fail = 1;
 	    }
 	  else if (*p)
-            {
-              server->pass = xtrystrdup (p);
-              if (!server->pass)
-                fail = 1;
-            }
+	    server->pass = xstrdup (p);
 	  break;
 
 	case 5:
 	  if (*p)
-            {
-              server->base = xtrystrdup (p);
-              if (!server->base)
-                fail = 1;;
-            }
+	    server->base = xstrdup (p);
 	  break;
 
         case 6:
           {
             char **flags = NULL;
-            int i;
-            const char *s;
 
             flags = strtokenize (p, ",");
             if (!flags)
-              {
-                log_error ("strtokenize failed: %s\n",
-                           gpg_strerror (gpg_error_from_syserror ()));
-                fail = 1;
-                break;
-              }
+              log_fatal ("strtokenize failed: %s\n",
+                         gpg_strerror (gpg_error_from_syserror ()));
 
             for (i=0; (s = flags[i]); i++)
               {
                 if (!*s)
                   ;
-                else if (!ascii_strcasecmp (s, "starttls"))
-                  {
-                    server->starttls = 1;
-                    server->ldap_over_tls = 0;
-                  }
-                else if (!ascii_strcasecmp (s, "ldaptls"))
-                  {
-                    server->starttls = 0;
-                    server->ldap_over_tls = 1;
-                  }
-                else if (!ascii_strcasecmp (s, "plain"))
-                  {
-                    server->starttls = 0;
-                    server->ldap_over_tls = 0;
-                  }
-                else if (!ascii_strcasecmp (s, "ntds"))
-                  {
-                    server->ntds = 1;
-                  }
+                else if (!ascii_strcasecmp (s, "ldaps"))
+                  server->use_ldaps = 1;
+                else if (!ascii_strcasecmp (s, "ldap"))
+                  server->use_ldaps = 0;
                 else
-                  {
-                    if (filename)
-                      log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
-                                filename, lineno, s);
-                    else
-                      log_info ("ldap: unknown flag '%s' ignored in (%s)\n",
-                                s, line);
-                  }
+                  log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
+                            filename, lineno, s);
               }
 
             xfree (flags);
@@ -196,13 +150,9 @@ ldapserver_parse_one (char *line,
 	}
     }
 
- leave:
   if (fail)
     {
-      if (filename)
-        log_info (_("%s:%u: skipping this line\n"), filename, lineno);
-      else
-        log_info ("ldap: error in server spec ('%s')\n", line);
+      log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       ldapserver_list_free (server);
       server = NULL;
     }
diff --git a/dirmngr/ldapserver.h b/dirmngr/ldapserver.h
index fa836e3..1b20508 100644
--- a/dirmngr/ldapserver.h
+++ b/dirmngr/ldapserver.h
@@ -26,6 +26,18 @@
 void ldapserver_list_free (ldap_server_t servers);
 
 
+/* Parse a single LDAP server configuration line.  Returns the server
+   or NULL in case of errors.  The configuration line is assumed to be
+   colon separated with these fields:
+
+   1. field: Hostname
+   2. field: Portnumber
+   3. field: Username
+   4. field: Password
+   5. field: Base DN
+
+   FILENAME and LINENO are used for diagnostic purposes only.
+*/
 ldap_server_t ldapserver_parse_one (char *line,
 				    const char *filename, unsigned int lineno);
 
@@ -35,7 +47,7 @@ ldap_server_t ldapserver_parse_one (char *line,
 struct ldapserver_iter
 {
   ctrl_t ctrl;
-  enum { LDAPSERVER_SESSION, LDAPSERVER_OPT } group;
+  enum { LDAPSERVER_SESSION, LDAPSERVER_GLOBAL } group;
   ldap_server_t server;
 };
 
@@ -50,7 +62,7 @@ ldapserver_iter_next (struct ldapserver_iter *iter)
     {
       if (iter->group == LDAPSERVER_SESSION)
 	{
-	  iter->group = LDAPSERVER_OPT;
+	  iter->group = LDAPSERVER_GLOBAL;
 	  iter->server = opt.ldapservers;
 	}
     }
@@ -60,7 +72,7 @@ ldapserver_iter_next (struct ldapserver_iter *iter)
 static inline int
 ldapserver_iter_end_p (struct ldapserver_iter *iter)
 {
-  return (iter->group == LDAPSERVER_OPT && iter->server == NULL);
+  return (iter->group == LDAPSERVER_GLOBAL && iter->server == NULL);
 }
 
 
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index fb88372..e9ced8a 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -43,7 +43,7 @@ time_of_saved_swdb (const char *fname, time_t *r_filedate, time_t *r_verified)
   size_t length_of_line = 0;
   size_t  maxlen;
   ssize_t len;
-  char *fields[2];
+  const char *fields[2];
   gnupg_isotime_t isot;
   time_t filedate = (time_t)(-1);
   time_t verified = (time_t)(-1);
@@ -198,7 +198,7 @@ verify_status_cb (void *opaque, const char *keyword, char *args)
   /* We care only about the first valid signature.  */
   if (!strcmp (keyword, "VALIDSIG") && !parm->anyvalid)
     {
-      char *fields[3];
+      const char *fields[3];
 
       parm->anyvalid = 1;
       if (split_fields (args, fields, DIM (fields)) >= 3)
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index ba47c99..9cedf91 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -637,7 +637,7 @@ armor_data (char **r_string, const void *data, size_t datalen)
 }
 
 
-/* Copy all data from IN to OUT.  OUT may be NULL to use this fucntion
+/* Copy all data from IN to OUT.  OUT may be NULL to use this function
  * as a dummy reader.  */
 gpg_error_t
 copy_stream (estream_t in, estream_t out)
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index 3483ab9..6ed1809 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -181,7 +181,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp,
     }
 
  once_more:
-  err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
+  err = http_open (ctrl, &http, HTTP_REQ_POST, url, NULL, NULL,
                    ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
                     | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
                     | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
@@ -389,7 +389,7 @@ validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
 
          Note, that in theory we could simply ask the client via an
          inquire to validate a certificate but this might involve
-         calling DirMngr again recursivly - we can't do that as of now
+         calling DirMngr again recursively - we can't do that as of now
          (neither DirMngr nor gpgsm have the ability for concurrent
          access to DirMngr.   */
 
@@ -437,7 +437,7 @@ check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig,
 }
 
 
-/* Check the signature of an OCSP repsonse.  OCSP is the context,
+/* Check the signature of an OCSP response.  OCSP is the context,
    S_SIG the signature value and MD the handle of the hash we used for
    the response.  This function automagically finds the correct public
    key.  If SIGNER_FPR_LIST is not NULL, the default OCSP reponder has been
@@ -519,11 +519,8 @@ check_signature (ctrl_t ctrl,
           /* dump_cert ("from ocsp response", cert); */
           cref = xtrymalloc (sizeof *cref);
           if (!cref)
-            {
-              err = gpg_error_from_syserror ();
-              log_error (_("allocating list item failed: %s\n"),
-                         gpg_strerror (err));
-            }
+            log_error (_("allocating list item failed: %s\n"),
+                       gcry_strerror (err));
           else if (!cache_cert_silent (cert, &cref->fpr))
             {
               cref->next = ctrl->ocsp_certs;
@@ -850,7 +847,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
         err = gpg_error (GPG_ERR_TIME_CONFLICT);
     }
 
-  /* Check that we are not beyound NEXT_UPDATE  (plus some extra time). */
+  /* Check that we are not beyond NEXT_UPDATE  (plus some extra time). */
   if (*next_update)
     {
       gnupg_copy_time (tmp_time, next_update);
diff --git a/dirmngr/server.c b/dirmngr/server.c
index afdb0d2..f6c2c45 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -666,7 +666,7 @@ static const char hlp_dns_cert[] =
 static gpg_error_t
 cmd_dns_cert (assuan_context_t ctx, char *line)
 {
-  /* ctrl_t ctrl = assuan_get_pointer (ctx); */
+  ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err = 0;
   int pka_mode, dane_mode;
   char *mbox = NULL;
@@ -731,7 +731,7 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
       /* We lowercase ascii characters but the DANE I-D does not allow
          this.  FIXME: Check after the release of the RFC whether to
          change this.  */
-      mbox = mailbox_from_userid (line);
+      mbox = mailbox_from_userid (line, 0);
       if (!mbox || !(domain = strchr (mbox, '@')))
         {
           err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
@@ -782,7 +782,7 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
   else
     name = line;
 
-  err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url);
+  err = get_dns_cert (ctrl, name, certtype, &key, &keylen, &fpr, &fprlen, &url);
   if (err)
     goto leave;
 
@@ -859,7 +859,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
   line = skip_options (line);
   is_wkd_query = !(opt_policy_flags || opt_submission_addr);
 
-  mbox = mailbox_from_userid (line);
+  mbox = mailbox_from_userid (line, 0);
   if (!mbox || !(domain = strchr (mbox, '@')))
     {
       err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
@@ -899,7 +899,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
       /* FIXME: We should put a cache into dns-stuff because the same
        * query (with a different port and socket type, though) will be
        * done later by http function.  */
-      err = resolve_dns_name (domainbuf, 0, 0, 0, &aibuf, NULL);
+      err = resolve_dns_name (ctrl, domainbuf, 0, 0, 0, &aibuf, NULL);
       if (err)
         {
           err = 0;
@@ -922,16 +922,9 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
       size_t domainlen, targetlen;
       int i;
 
-      err = get_dns_srv (domain, "openpgpkey", NULL, &srvs, &srvscount);
+      err = get_dns_srv (ctrl, domain, "openpgpkey", NULL, &srvs, &srvscount);
       if (err)
-        {
-          /* Ignore server failed becuase there are too many resolvers
-           * which do not work as expected.  */
-          if (gpg_err_code (err) == GPG_ERR_SERVER_FAILED)
-            err = 0; /*(srvcount is guaranteed to be 0)*/
-          else
-            goto leave;
-        }
+        goto leave;
 
       /* Check for rogue DNS names.  */
       for (i = 0; i < srvscount; i++)
@@ -1012,7 +1005,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
     {
       char *escapedmbox;
 
-      escapedmbox = http_escape_string (mbox, "%;?&=+#");
+      escapedmbox = http_escape_string (mbox, "%;?&=");
       if (escapedmbox)
         {
           uri = strconcat ("https://",
@@ -1147,13 +1140,10 @@ task_check_wkd_support (ctrl_t ctrl, const char *domain)
 
 
 static const char hlp_ldapserver[] =
-  "LDAPSERVER [--clear] <data>\n"
+  "LDAPSERVER <data>\n"
   "\n"
   "Add a new LDAP server to the list of configured LDAP servers.\n"
-  "DATA is in the same format as expected in the configure file.\n"
-  "An optional prefix \"ldap:\" is allowed.  With no args all\n"
-  "configured ldapservers are listed.  Option --clear removes all\n"
-  "servers configured in this session.";
+  "DATA is in the same format as expected in the configure file.";
 static gpg_error_t
 cmd_ldapserver (assuan_context_t ctx, char *line)
 {
@@ -1161,63 +1151,13 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   ldap_server_t server;
   ldap_server_t *last_next_p;
-  int clear_flag;
 
-  clear_flag = has_option (line, "--clear");
-  line = skip_options (line);
   while (spacep (line))
     line++;
+  if (*line == '\0')
+    return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing")));
 
-  if (clear_flag)
-    {
-#if USE_LDAP
-      ldapserver_list_free (ctrl->server_local->ldapservers);
-#endif /*USE_LDAP*/
-      ctrl->server_local->ldapservers = NULL;
-    }
-
-  if (!*line && clear_flag)
-    return leave_cmd (ctx, 0);
-
-  if (!*line)
-    {
-      /* List all ldapservers.  */
-      struct ldapserver_iter ldapserver_iter;
-      char *tmpstr;
-      char portstr[20];
-
-      for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
-           !ldapserver_iter_end_p (&ldapserver_iter);
-           ldapserver_iter_next (&ldapserver_iter))
-        {
-          server = ldapserver_iter.server;
-          if (server->port)
-            snprintf (portstr, sizeof portstr, "%d", server->port);
-          else
-            *portstr = 0;
-
-          tmpstr = xtryasprintf ("ldap:%s:%s:%s:%s:%s:%s%s:",
-                                 server->host? server->host : "",
-                                 portstr,
-                                 server->user? server->user : "",
-                                 server->pass? "*****": "",
-                                 server->base? server->base : "",
-                                 server->starttls ? "starttls" :
-                                 server->ldap_over_tls ? "ldaptls" : "none",
-                                 server->ntds ? ",ntds" : "");
-          if (!tmpstr)
-            return leave_cmd (ctx, gpg_error_from_syserror ());
-          dirmngr_status (ctrl, "LDAPSERVER", tmpstr, NULL);
-          xfree (tmpstr);
-        }
-      return leave_cmd (ctx, 0);
-    }
-
-  /* Skip an "ldap:" prefix unless it is a valid ldap url.  */
-  if (!strncmp (line, "ldap:", 5) && !(line[5] == '/' && line[6] == '/'))
-    line += 5;
-
-  server = ldapserver_parse_one (line, NULL, 0);
+  server = ldapserver_parse_one (line, "", 0);
   if (! server)
     return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG));
 
@@ -1679,8 +1619,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
           if (!err && single)
             goto ready;
 
-          if (gpg_err_code (err) == GPG_ERR_NO_DATA
-              || gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+          if (gpg_err_code (err) == GPG_ERR_NO_DATA)
             {
               err = 0;
               if (cache_only)
@@ -2126,8 +2065,6 @@ make_keyserver_item (const char *uri, uri_item_t *r_item)
 {
   gpg_error_t err;
   uri_item_t item;
-  const char *s;
-  char *tmpstr = NULL;
 
   *r_item = NULL;
 
@@ -2145,22 +2082,22 @@ make_keyserver_item (const char *uri, uri_item_t *r_item)
    */
   if (!strcmp (uri, "hkps://keys.gnupg.net")
       || !strcmp (uri, "keys.gnupg.net"))
-    uri = "hkps://keyserver.ubuntu.com";
+    uri = "hkps://hkps.pool.sks-keyservers.net";
   else if (!strcmp (uri, "https://keys.gnupg.net"))
-    uri = "hkps://keyserver.ubuntu.com";
+    uri = "https://hkps.pool.sks-keyservers.net";
   else if (!strcmp (uri, "hkp://keys.gnupg.net"))
-    uri = "hkp://pgp.surf.nl";
+    uri = "hkp://hkps.pool.sks-keyservers.net";
   else if (!strcmp (uri, "http://keys.gnupg.net"))
-    uri = "hkp://pgp.surf.nl:80";
+    uri = "http://hkps.pool.sks-keyservers.net";
   else if (!strcmp (uri, "hkps://http-keys.gnupg.net")
            || !strcmp (uri, "http-keys.gnupg.net"))
-    uri = "hkps://keyserver.ubuntu.com";
+    uri = "hkps://ha.pool.sks-keyservers.net";
   else if (!strcmp (uri, "https://http-keys.gnupg.net"))
-    uri = "hkps://keyserver.ubuntu.com";
+    uri = "https://ha.pool.sks-keyservers.net";
   else if (!strcmp (uri, "hkp://http-keys.gnupg.net"))
-    uri = "hkp://pgp.surf.nl";
+    uri = "hkp://ha.pool.sks-keyservers.net";
   else if (!strcmp (uri, "http://http-keys.gnupg.net"))
-    uri = "hkp://pgp.surf.nl:80";
+    uri = "http://ha.pool.sks-keyservers.net";
 
   item = xtrymalloc (sizeof *item + strlen (uri));
   if (!item)
@@ -2171,64 +2108,14 @@ make_keyserver_item (const char *uri, uri_item_t *r_item)
   strcpy (item->uri, uri);
 
 #if USE_LDAP
-  if (!strncmp (uri, "ldap:", 5) && !(uri[5] == '/' && uri[6] == '/'))
-    {
-      /* Special ldap scheme given.  This differs from a valid ldap
-       * scheme in that no double slash follows..  Use http_parse_uri
-       * to put it as opaque value into parsed_uri.  */
-      tmpstr = strconcat ("opaque:", uri+5, NULL);
-      if (!tmpstr)
-        err = gpg_error_from_syserror ();
-      else
-        err = http_parse_uri (&item->parsed_uri, tmpstr, 0);
-    }
-  else if ((s=strchr (uri, ':')) && !(s[1] == '/' && s[2] == '/'))
-    {
-      /* No valid scheme given.  Use http_parse_uri to put the string
-       * as opaque value into parsed_uri.  */
-      tmpstr = strconcat ("opaque:", uri, NULL);
-      if (!tmpstr)
-        err = gpg_error_from_syserror ();
-      else
-        err = http_parse_uri (&item->parsed_uri, tmpstr, 0);
-    }
-  else if (ldap_uri_p (uri))
-    {
-      int fixup = 0;
-      /* Fixme: We should get rid of that parser and repalce it with
-       * our generic (http) URI parser.  */
-
-      /* If no port has been specified and the scheme ist ldaps we use
-       * our idea of the default port because the standard LDAP URL
-       * parser would use 636 here.  This is because we redefined
-       * ldaps to mean starttls.  */
-#ifdef HAVE_W32_SYSTEM
-      if (!strcmp (uri, "ldap:///"))
-          fixup = 1;
-      else
-#endif
-        if (!http_parse_uri (&item->parsed_uri,uri,HTTP_PARSE_NO_SCHEME_CHECK))
-        {
-          if (!item->parsed_uri->port
-              && !strcmp (item->parsed_uri->scheme, "ldaps"))
-            fixup = 2;
-          http_release_parsed_uri (item->parsed_uri);
-          item->parsed_uri = NULL;
-        }
-
-      err = ldap_parse_uri (&item->parsed_uri, uri);
-      if (!err && fixup == 1)
-        item->parsed_uri->ad_current = 1;
-      else if (!err && fixup == 2)
-        item->parsed_uri->port = 389;
-    }
+  if (ldap_uri_p (item->uri))
+    err = ldap_parse_uri (&item->parsed_uri, uri);
   else
-#endif /* USE_LDAP */
+#endif
     {
-      err = http_parse_uri (&item->parsed_uri, uri, HTTP_PARSE_NO_SCHEME_CHECK);
+      err = http_parse_uri (&item->parsed_uri, uri, 1);
     }
 
-  xfree (tmpstr);
   if (err)
     xfree (item);
   else
@@ -2283,7 +2170,7 @@ ensure_keyserver (ctrl_t ctrl)
     {
       /* If there is just one onion and one plain keyserver given, we take
          only one depending on whether Tor is running or not.  */
-      if (!dirmngr_never_use_tor_p () && is_tor_running (ctrl))
+      if (is_tor_running (ctrl))
         {
           ctrl->server_local->keyservers = onion_items;
           onion_items = NULL;
@@ -2294,7 +2181,7 @@ ensure_keyserver (ctrl_t ctrl)
           plain_items = NULL;
         }
     }
-  else if (dirmngr_never_use_tor_p () || !is_tor_running (ctrl))
+  else if (!is_tor_running (ctrl))
     {
       /* Tor is not running.  It does not make sense to add Onion
          addresses.  */
@@ -2516,12 +2403,11 @@ cmd_ks_search (assuan_context_t ctx, char *line)
 
 
 static const char hlp_ks_get[] =
-  "KS_GET [--quick] [--ldap] {<pattern>}\n"
+  "KS_GET {<pattern>}\n"
   "\n"
   "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
   "(see command KEYSERVER).  Each pattern should be a keyid, a fingerprint,\n"
-  "or an exact name indicated by the '=' prefix.  Option --quick uses a\n"
-  "shorter timeout; --ldap will use only ldap servers";
+  "or an exact name indicated by the '=' prefix.";
 static gpg_error_t
 cmd_ks_get (assuan_context_t ctx, char *line)
 {
@@ -2530,11 +2416,9 @@ cmd_ks_get (assuan_context_t ctx, char *line)
   strlist_t list, sl;
   char *p;
   estream_t outfp;
-  int ldap_only;
 
   if (has_option (line, "--quick"))
     ctrl->timeout = opt.connect_quick_timeout;
-  ldap_only = has_option (line, "--ldap");
   line = skip_options (line);
 
   /* Break the line into a strlist.  Each pattern is by
@@ -2576,8 +2460,7 @@ cmd_ks_get (assuan_context_t ctx, char *line)
       ctrl->server_local->inhibit_data_logging = 1;
       ctrl->server_local->inhibit_data_logging_now = 0;
       ctrl->server_local->inhibit_data_logging_count = 0;
-      err = ks_action_get (ctrl, ctrl->server_local->keyservers,
-                           list, ldap_only, outfp);
+      err = ks_action_get (ctrl, ctrl->server_local->keyservers, list, outfp);
       es_fclose (outfp);
       ctrl->server_local->inhibit_data_logging = 0;
     }
@@ -3178,7 +3061,7 @@ dirmngr_status_printf (ctrl_t ctrl, const char *keyword,
   va_list arg_ptr;
   assuan_context_t ctx;
 
-  if (!ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx))
+  if (!ctrl || !ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx))
     return 0;
 
   va_start (arg_ptr, format);
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 5a3ede1..6d52160 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -178,7 +178,7 @@ main (int argc, char **argv)
       if (verbose || any_options)
         printf ("CERT lookup on '%s'\n", name);
 
-      err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
+      err = get_dns_cert (NULL, name, DNS_CERTTYPE_ANY, &key, &keylen,
                           &fpr, &fpr_len, &url);
       if (err)
         printf ("get_dns_cert failed: %s <%s>\n",
@@ -218,7 +218,7 @@ main (int argc, char **argv)
       char *cname;
 
       printf ("CNAME lookup on '%s'\n", name);
-      err = get_dns_cname (name, &cname);
+      err = get_dns_cname (NULL, name, &cname);
       if (err)
         printf ("get_dns_cname failed: %s <%s>\n",
                 gpg_strerror (err), gpg_strsource (err));
@@ -234,7 +234,7 @@ main (int argc, char **argv)
       unsigned int count;
       int i;
 
-      err = get_dns_srv (name? name : "_hkp._tcp.wwwkeys.pgp.net",
+      err = get_dns_srv (NULL, name? name : "_hkp._tcp.wwwkeys.pgp.net",
                          NULL, NULL, &srv, &count);
       if (err)
         printf ("get_dns_srv failed: %s <%s>\n",
@@ -261,7 +261,7 @@ main (int argc, char **argv)
 
       printf ("Lookup on '%s'\n", name);
 
-      err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+      err = resolve_dns_name (NULL, name, 0, 0, SOCK_STREAM, &aibuf, &cname);
       if (err)
         {
           fprintf (stderr, PGM": resolving '%s' failed: %s\n",
@@ -278,7 +278,7 @@ main (int argc, char **argv)
                   ai->family == AF_INET?  "inet4" : "?    ",
                   ai->socktype, ai->protocol);
 
-          err = resolve_dns_addr (ai->addr, ai->addrlen,
+          err = resolve_dns_addr (NULL, ai->addr, ai->addrlen,
                                   (DNS_NUMERICHOST
                                    | (opt_bracket? DNS_WITHBRACKET:0)),
                                   &host);
@@ -290,7 +290,7 @@ main (int argc, char **argv)
               xfree (host);
             }
 
-          err = resolve_dns_addr (ai->addr, ai->addrlen,
+          err = resolve_dns_addr (NULL, ai->addr, ai->addrlen,
                                   (opt_bracket? DNS_WITHBRACKET:0),
                                   &host);
           if (err)
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index 75874df..8ad5e7a 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -137,7 +137,7 @@ my_http_tls_verify_cb (void *opaque,
   (void)session;
   (void)http_flags;
 
-  /* Get the peer's certs fron ntbtls.  */
+  /* Get the peer's certs from ntbtls.  */
   for (idx = 0;
        (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
     {
@@ -381,7 +381,7 @@ main (int argc, char **argv)
   (void)no_crl;
 #endif /*HTTP_USE_GNUTLS*/
 
-  rc = http_parse_uri (&uri, *argv, HTTP_PARSE_NO_SCHEME_CHECK);
+  rc = http_parse_uri (&uri, *argv, 1);
   if (rc)
     {
       log_error ("'%s': %s\n", *argv, gpg_strerror (rc));
@@ -419,8 +419,9 @@ main (int argc, char **argv)
             }
           putchar ('\n');
         }
-      printf ("Flags :%s%s%s%s\n",
+      printf ("Flags :%s%s%s%s%s\n",
               uri->is_http? " http":"",
+              uri->is_ldap? " ldap":"",
               uri->opaque?  " opaque":"",
               uri->v6lit?   " v6lit":"",
               uri->onion?   " onion":"");
@@ -438,7 +439,7 @@ main (int argc, char **argv)
   if (session)
     http_session_set_timeout (session, timeout);
 
-  rc = http_open_document (&hd, *argv, NULL, my_http_flags,
+  rc = http_open_document (NULL, &hd, *argv, NULL, my_http_flags,
                            NULL, session, NULL, NULL);
   if (rc)
     {
diff --git a/dirmngr/t-ldap-misc.c b/dirmngr/t-ldap-misc.c
deleted file mode 100644
index afba102..0000000
--- a/dirmngr/t-ldap-misc.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* t-ldap-parse-uri.c - Tests for ldap-parse-uri.c and ldap-misc.c
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <gpg-error.h>
-
-#include "../common/util.h"
-#include "t-support.h"
-#include "ldap-misc.h"
-
-
-static void
-test_ldap_parse_extfilter (void)
-{
-  struct {
-    const char *string;
-    const char *base;
-    const char *filter;
-    int scope;
-    gpg_err_code_t ec;
-  } tests[] =
-  {
-   { "^CN=foo, OU=My Users&(objectClasses=*)",
-     "CN=foo, OU=My Users", "(objectClasses=*)",
-     -1 },
-   { "^CN=foo, OU=My Users&base&(objectClasses=*)",
-     "CN=foo, OU=My Users", "(objectClasses=*)",
-     LDAP_SCOPE_BASE },
-   { "^CN=foo, OU=My Users&one&(objectClasses=*)",
-     "CN=foo, OU=My Users", "(objectClasses=*)",
-     LDAP_SCOPE_ONELEVEL },
-   { "^CN=foo, OU=My Users&sub&(objectClasses=*)",
-     "CN=foo, OU=My Users", "(objectClasses=*)",
-     LDAP_SCOPE_SUBTREE },
-   /* { "^CN=foo, OU=My Users&children&(objectClasses=*)", */
-   /*   "CN=foo, OU=My Users", "(objectClasses=*)", */
-   /*   LDAP_SCOPE_CHILDREN }, */
-   { "^CN=foo, OU=My Users&",
-     "CN=foo, OU=My Users", NULL,
-     -1 },
-   { "^CN=foo, OU=My Users&sub&",
-     "CN=foo, OU=My Users", NULL,
-     LDAP_SCOPE_SUBTREE },
-   /* { "^&children&(objectClasses=*)", */
-   /*   "", "(objectClasses=*)", */
-   /*   LDAP_SCOPE_CHILDREN }, */
-   { "^CN=foo, OU=My &&Users&base&(objectClasses=*)",
-     "CN=foo, OU=My &Users", "(objectClasses=*)",
-     LDAP_SCOPE_BASE },
-   { "^CN=foo, OU=My Users&&&base&(objectClasses=*)",
-     "CN=foo, OU=My Users&", "(objectClasses=*)",
-     LDAP_SCOPE_BASE },
-   { "^CN=foo, OU=My Users",
-     NULL, NULL,
-     LDAP_SCOPE_BASE, GPG_ERR_SYNTAX },
-   { "^CN=foo, OU=My Users&base(objectClasses=*)",
-     NULL, NULL,
-     LDAP_SCOPE_BASE, GPG_ERR_SYNTAX },
-   { "^CN=foo, OU=My Users&base&objectClasses=*)",
-     NULL, NULL,
-     LDAP_SCOPE_BASE, GPG_ERR_SYNTAX },
-   { "^CN=foo, OU=My Users&base&(objectClasses=*",
-     NULL, NULL,
-     LDAP_SCOPE_BASE, GPG_ERR_SYNTAX }
-  };
-  int idx;
-  gpg_error_t err;
-  int errcount = 0;
-  char *base, *filter;
-  int scope;
-
-  for (idx= 0; idx < DIM (tests); idx++)
-    {
-      scope = -1;
-      err = ldap_parse_extfilter (tests[idx].string, 1, &base, &scope, &filter);
-      if (err && tests[idx].ec)
-        {
-          if (gpg_err_code (err) != tests[idx].ec)
-            {
-              fprintf (stderr, "%s: test %d failed: wrong error code %d\n",
-                       __func__, idx, err);
-              errcount++;
-            }
-          continue;
-        }
-      if (err)
-        {
-          fprintf (stderr, "%s: test %d failed: %s\n",
-                   __func__, idx, gpg_strerror (err));
-          errcount++;
-          continue;
-        }
-      if (tests[idx].ec)
-        {
-          fprintf (stderr, "%s: test %d failed: error not detected\n",
-                   __func__, idx);
-          errcount++;
-          continue;
-        }
-      if ((!tests[idx].base ^ !base)
-          || (tests[idx].base && strcmp (tests[idx].base, base)))
-        {
-          fprintf (stderr, "%s: test %d failed: base mismatch ('%s')\n",
-                   __func__, idx, base? base : "(null");
-          errcount++;
-        }
-      if ((!tests[idx].filter ^ !filter)
-          || (tests[idx].filter && strcmp (tests[idx].filter, filter)))
-        {
-          fprintf (stderr, "%s: test %d failed: filter mismatch ('%s')\n",
-                   __func__, idx, filter? filter : "(null");
-          errcount++;
-        }
-      if (tests[idx].scope != scope)
-        {
-          fprintf (stderr, "%s: test %d failed: scope mismatch (%d)\n",
-                   __func__, idx, scope);
-          errcount++;
-        }
-      xfree (base);
-      xfree (filter);
-    }
-  if (errcount)
-    exit (1);
-}
-
-
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_ldap_parse_extfilter ();
-
-  return 0;
-}
diff --git a/dirmngr/t-ldap-parse-uri.c b/dirmngr/t-ldap-parse-uri.c
index 932ca7d..984e141 100644
--- a/dirmngr/t-ldap-parse-uri.c
+++ b/dirmngr/t-ldap-parse-uri.c
@@ -20,9 +20,13 @@
 #include <config.h>
 
 #include "ldap-parse-uri.h"
-
 #include "t-support.h"
 
+#define PGM "t-ldap-parse-uri"
+
+static int verbose;
+
+
 struct test_ldap_uri_p
 {
   const char *uri;
@@ -32,7 +36,11 @@ struct test_ldap_uri_p
 void
 check_ldap_uri_p (int test_count, struct test_ldap_uri_p *test)
 {
-  int result = ldap_uri_p (test->uri);
+  int result;
+
+  if (verbose)
+    fprintf (stderr, PGM ": checking '%s'\n", test->uri);
+  result = ldap_uri_p (test->uri);
   if (result != test->result)
     {
       printf ("'%s' is %san LDAP schema, but ldap_uri_p says opposite.\n",
@@ -106,6 +114,8 @@ check_ldap_parse_uri (int test_count, struct test_ldap_parse_uri *test)
   gpg_error_t err;
   parsed_uri_t puri;
 
+  if (verbose)
+    fprintf (stderr, PGM ": parsing '%s'\n", test->uri);
   err = ldap_parse_uri (&puri, test->uri);
   if (err)
     {
@@ -242,12 +252,48 @@ test_ldap_escape_filter (void)
        test_count ++)
     check_ldap_escape_filter (test_count, &tests[test_count - 1]);
 }
+
+
 
 int
 main (int argc, char **argv)
 {
-  (void)argc;
-  (void)argv;
+  int last_argc = -1;
+
+  if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM "\n"
+                 "Options:\n"
+                 "  --verbose         print timings etc.\n",
+                 stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+  if (argc)
+    {
+      fprintf (stderr, PGM ": no argumenst are expected\n");
+      exit (1);
+    }
 
   test_ldap_uri_p ();
   test_ldap_parse_uri ();
diff --git a/dirmngr/t-support.h b/dirmngr/t-support.h
index 7f60c94..f773f1e 100644
--- a/dirmngr/t-support.h
+++ b/dirmngr/t-support.h
@@ -31,12 +31,6 @@
 #ifndef DIRMNGR_T_SUPPORT_H
 #define DIRMNGR_T_SUPPORT_H 1
 
-#ifndef DIM
-# define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
-# define DIMof(type,member)   DIM(((type *)0)->member)
-#endif
-
-
 /* Macros to print the result of a test.  */
 #define pass()  do { ; } while(0)
 #define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
diff --git a/dirmngr/workqueue.c b/dirmngr/workqueue.c
index 2cb8573..2974f5d 100644
--- a/dirmngr/workqueue.c
+++ b/dirmngr/workqueue.c
@@ -38,7 +38,7 @@ struct wqitem_s
    * task is not associated with a specific session.  */
   unsigned int session_id;
 
-  /* The function to perform the backgrount task.  */
+  /* The function to perform the background task.  */
   wqtask_t func;
 
   /* A string with the string argument for that task.  */
@@ -59,7 +59,7 @@ workqueue_dump_queue (ctrl_t ctrl)
   wqitem_t item;
   unsigned int count;
 
-  /* Temporay detach the entiere workqueue so that other threads don't
+  /* Temporarily detach the entiere workqueue so that other threads don't
    * get into our way.  */
   saved_workqueue = workqueue;
   workqueue = NULL;
@@ -116,7 +116,7 @@ workqueue_add_task (wqtask_t func, const char *args, unsigned int session_id,
 
 
 /* Run the task described by ITEM.  ITEM must have been detached from
- * the workqueue; its ownership is transferred to this fucntion.  */
+ * the workqueue; its ownership is transferred to this function.  */
 static void
 run_a_task (ctrl_t ctrl, wqitem_t item)
 {
diff --git a/doc/DETAILS b/doc/DETAILS
index 420f67d..0353899 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -2,7 +2,7 @@
 #+TITLE: GnuPG Details
 # Globally disable superscripts and subscripts:
 #+OPTIONS: ^:{}
-#
+#+STARTUP: showall
 
 # Note: This file uses org-mode; it should be easy to read as plain
 # text but be aware of some markup peculiarities: Verbatim code is
@@ -59,7 +59,7 @@ described here.
     - uat :: User attribute (same as user id except for field 10).
     - sig :: Signature
     - rev :: Revocation signature
-    - rvs :: Recocation signature (standalone) [since 2.2.9]
+    - rvs :: Revocation signature (standalone) [since 2.2.9]
     - fpr :: Fingerprint (fingerprint is in field 10)
     - fp2 :: SHA-256 fingerprint (fingerprint is in field 10)
     - pkd :: Public key data [*]
@@ -127,7 +127,7 @@ described here.
 *** Field 4 - Public key algorithm
 
     The values here are those from the OpenPGP specs or if they are
-    greather than 255 the algorithm ids as used by Libgcrypt.
+    greater than 255 the algorithm ids as used by Libgcrypt.
 
 *** Field 5 - KeyID
 
@@ -178,8 +178,9 @@ described here.
     Signature class as per RFC-4880.  This is a 2 digit hexnumber
     followed by either the letter 'x' for an exportable signature or
     the letter 'l' for a local-only signature.  The class byte of an
-    revocation key is also given here, 'x' and 'l' is used the same
-    way.  This field if not used for X.509.
+    revocation key is also given here, by a 2 digit hexnumber and
+    optionally followed by the letter 's' for the "sensitive"
+    flag.  This field is not used for X.509.
 
     "rev" and "rvs" may be followed by a comma and a 2 digit hexnumber
     with the revocation reason.
@@ -222,7 +223,7 @@ described here.
 
 *** Field 14 - Flag field
 
-    Flag field used in the --edit menu output
+    Flag field used in the --edit-key menu output
 
 *** Field 15 - S/N of a token
 
@@ -238,17 +239,19 @@ described here.
 
 *** Field 17 - Curve name
 
-    For pub, sub, sec, and ssb records this field is used for the ECC
-    curve name.
+    For pub, sub, sec, ssb, crt, and crs records this field is used
+    for the ECC curve name.
 
 *** Field 18 - Compliance flags
 
-    Space separated list of asserted compliance modes for this key.
+    Space separated list of asserted compliance modes and
+    screening result for this key.
 
     Valid values are:
 
     - 8  :: The key is compliant with RFC4880bis
     - 23 :: The key is compliant with compliance mode "de-vs".
+    - 6001 :: Screening hit on the ROCA vulnerability.
 
 *** Field 19 - Last update
 
@@ -538,18 +541,19 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     Mark the start of the actual decryption process.  This is also
     emitted when in --list-only mode.
 *** END_DECRYPTION
-    Mark the end of the actual decryption process.  This are also
+    Mark the end of the actual decryption process.  This is also
     emitted when in --list-only mode.
 *** DECRYPTION_KEY <fpr> <fpr2> <otrust>
     This line is emitted when a public key decryption succeeded in
     providing a session key.  <fpr> is the hexified fingerprint of the
-    actual key used for descryption.  <fpr2> is the fingerprint of the
+    actual key used for decryption.  <fpr2> is the fingerprint of the
     primary key.  <otrust> is the letter with the ownertrust; this is
     in general a 'u' which stands for ultimately trusted.
 *** DECRYPTION_INFO <mdc_method> <sym_algo> [<aead_algo>]
     Print information about the symmetric encryption algorithm and the
     MDC method.  This will be emitted even if the decryption fails.
-    For an AEAD algorithm AEAD_ALGO is not 0.
+    For an AEAD algorithm AEAD_ALGO is not 0.  GPGSM currently does
+    not print such a status.
 
 *** DECRYPTION_FAILED
     The symmetric decryption failed - one reason could be a wrong
@@ -569,8 +573,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     --override-session-key.  It is not an indication that the
     decryption will or has succeeded.
 
-*** BEGIN_ENCRYPTION  <mdc_method> <sym_algo>
+*** BEGIN_ENCRYPTION  <mdc_method> <sym_algo> [<aead_algo>]
     Mark the start of the actual encryption process.
+    MDC_METHOD shall be 0 if an AEAD_ALGO is not 0.  Users should
+    however ignore MDC_METHOD if AEAD_ALGO is not 0.
 
 *** END_ENCRYPTION
     Mark the end of the actual encryption process.
@@ -699,7 +705,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 
        -  0 :: No specific reason given
        -  1 :: Not Found
-       -  2 :: Ambigious specification
+       -  2 :: Ambiguous specification
        -  3 :: Wrong key usage
        -  4 :: Key revoked
        -  5 :: Key expired
@@ -773,30 +779,51 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** TRUST_
     These are several similar status codes:
 
-    - TRUST_UNDEFINED <error_token>
-    - TRUST_NEVER     <error_token>
-    - TRUST_MARGINAL  [0  [<validation_model>]]
-    - TRUST_FULLY     [0  [<validation_model>]]
-    - TRUST_ULTIMATE  [0  [<validation_model>]]
+#+begin_src
+    - TRUST_UNDEFINED <error_token> [<validation_model> [<mbox>]]
+    - TRUST_NEVER     <error_token> [<validation_model> [<mbox>]]
+    - TRUST_MARGINAL  0  [<validation_model> [<mbox>]]
+    - TRUST_FULLY     0  [<validation_model> [<mbox>]]
+    - TRUST_ULTIMATE  0  [<validation_model> [<mbox>]]
+#+end_src
 
     For good signatures one of these status lines are emitted to
     indicate the validity of the key used to create the signature.
-    The error token values are currently only emitted by gpgsm.
+    <error_token> values other that a literal zero are currently only
+    emitted by gpgsm.
 
     VALIDATION_MODEL describes the algorithm used to check the
     validity of the key.  The defaults are the standard Web of Trust
     model for gpg and the standard X.509 model for gpgsm.  The
     defined values are
 
-       - pgp   :: The standard PGP WoT.
-       - shell :: The standard X.509 model.
-       - chain :: The chain model.
-       - steed :: The STEED model.
-       - tofu  :: The TOFU model
+       - classic  :: The classic PGP WoT model.
+       - pgp      :: The standard PGP WoT.
+       - external :: The external PGP trust model.
+       - tofu     :: The GPG Trust-On-First-Use model.
+       - tofu+pgp :: Ditto but combined with mopdel "pgp".
+       - always   :: The Always trust model.
+       - direct   :: The Direct Trust model.
+       - shell    :: The Standard X.509 model.
+       - chain    :: The Chain model.
+       - steed    :: The STEED model.
+       - unknown  :: An unknown trust model.
 
     Note that the term =TRUST_= in the status names is used for
     historic reasons; we now speak of validity.
 
+    MBOX is the UTF-8 encoded and percent escaped addr-spec of the
+    User ID used to compute the validity of a signature.  If this is
+    not known the validity is computed on the key with no specific
+    User ID.  Note that MBOX is always the addr-spec of the User ID;
+    for User IDs without a proper addr-spec a dash is used to
+    distinguish this from the case that no User ID at all is known.
+    The MBOX is either taken from the Signer's User ID signature
+    sub-packet or from the addr-spec passed to gpg using the --sender
+    option.  If both are available and they don't match
+    TRUST_UNDEFINED along with an error code is emitted.  MBOX is not
+    used by gpgsm.
+
 *** TOFU_USER <fingerprint_in_hex> <mbox>
 
     This status identifies the key and the userid for all following
@@ -1015,7 +1042,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
       - 2 :: bad PIN
 
 *** SC_OP_SUCCESS
-    A smart card operaion succeeded.  This status is only printed for
+    A smart card operation succeeded.  This status is only printed for
     certain operation and is mostly useful to check whether a PIN
     change really worked.
 
@@ -1046,6 +1073,24 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     should not contain spaces.  The error code is a either a string
     commencing with a letter or such a string prefixed with a
     numerical error code and an underscore; e.g.: "151011327_EOF".
+
+    Some of the error locations are:
+
+    - decryption.early_plaintext :: The OpenPGP message contains more
+         than one plaintext.
+    - genkey :: Problem generating a key.  The error code further
+                describes the problem.
+    - get_passphrase :: Problem getting the passphrase from the
+                        gpg-agent.
+    - keyedit.passwd :: Changing the password failed.
+    - nomdc_with_legacy_cipher :: The message was not MDC protected.
+         Use the command line to lern about a workaround.
+    - random-compliance :: The random number generator or the used
+         version of Libgcrypt do not fulfill the requirements of the
+         current compliance setting.  The error code is often
+         GPG_ERR_FORBIDDEN.
+    - set_expire :: Changing the expiration time failed.
+
 *** WARNING <location> <error code> [<text>]
     This is a generic warning status message, it might be followed by
     error location specific data. <location> and <error code> may not
@@ -1076,7 +1121,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     Deleting a key failed.  Reason codes are:
     - 1 :: No such key
     - 2 :: Must delete secret key first
-    - 3 :: Ambigious specification
+    - 3 :: Ambiguous specification
     - 4 :: Key is stored on a smartcard.
 
 *** PROGRESS <what> <char> <cur> <total> [<units>]
@@ -1140,12 +1185,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     These were used for the ancient shared memory based co-processing.
 *** BEGIN_STREAM, END_STREAM
     Used to issued by the experimental pipemode.
+*** GOODMDC
+    This is not anymore needed. Checking the DECRYPTION_OKAY status is
+    sufficient.
+*** BADMDC
+    This is not anymore needed.
 
 ** Inter-component codes
    Status codes are also used between the components of the GnuPG
    system via the Assuan S lines.  Some of them are documented here:
 
-*** PUBKEY_INFO <n> <ubid>
+*** PUBKEY_INFO <n> <ubid> <flags> <uidno> <pkno>
     The type of the public key in the following D-lines or
     communicated via a pipe.  <n> is the value of =enum pubkey_types=
     and <ubid> the Unique Blob ID (UBID) which is the fingerprint of
@@ -1153,7 +1203,15 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     that the keyboxd SEARCH command can be used to lookup the public
     key using the <ubid> prefixed with a caret (^).
 
-*** KEYPAIRINFO <grip> <keyref> [<usage>] [<keytime>]
+    <flags> is a string extra information about the blob.  The first
+    byte is either '-' for standard key or 'e' for an ephemeral key.
+    The second byte is either '-' or 'r' for a known revoked key.
+
+    <uidno> and <pkno> are the ordinal numbers for the the user id or
+    public key which matches the search criteria.  A value of 0 means
+    not known.
+
+*** KEYPAIRINFO <grip> <keyref> [<usage>] [<keytime>] [<algostr>]
 
     This status is emitted by scdaemon and gpg-agent to convey brief
     information about keypairs stored on tokens.  <grip> is the
@@ -1165,15 +1223,59 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     encryption, 's' for signing, 'a' for authentication). A '-' can be
     used to tell that usage flags are not conveyed.  <keytime> is used
     by OpenPGP cards for the stored key creation time.  A '-' means no
-    info available.  The format is the usual ISO string are a number
-    with the seconds since Epoch.
+    info available.  The format is the usual ISO string or a number
+    with the seconds since Epoch.  <algostr> is the algorithm or curve
+    this key uses (e.g. "rsa2048") or a "-" if not known.
+
+*** CERTINFO <certtype> <certref> [<label>]
+
+    This status is mettited for X.509 certifcates.
+    CERTTYPE is a number indicating the type of the certificate:
+     0   := Unknown
+     100 := Regular X.509 cert
+     101 := Trusted X.509 cert
+     102 := Useful X.509 cert
+     110 := Root CA cert in a special format (e.g. DINSIG)
+     111 := Root CA cert as standard X509 cert
+
+    CERTREF identifies the certificate uniquely on the card and may be
+    used to match it with a key's KEYREF.  LABEL is an optional human
+    readable decription of the certificate; it won't have any space in
+    it and is percent encoded.
+
 *** MANUFACTURER <n> [<string>]
 
     This status returns the Manufactorer ID as the unsigned number N.
-    For OpenPGP this is weel defined; for other cards this is 0.  The
+    For OpenPGP this is well defined; for other cards this is 0.  The
     name of the manufacturer is also given as <string>; spaces are not
     escaped.  For PKCS#15 cards <string> is TokenInfo.manufactorerID.
 
+*** KEY-STATUS <keyref> <status>
+    This is the response from scdaemon on GETATTR KEY-STATUS for
+    OpenPGP cards.  <keyref> is the usual keyref (e.g. OPENPGP.1 or
+    OPENPGP.129) and <status> is an integer describing the status of
+    the key: 0 = key is not present, 1 = key generated on card, 2 =
+    key imported.  See section 4.4.3.8 of the OpenPGP Smart Card
+    Application V3.4.
+
+*** KEY-ATTR-INFO <keyref> <string>
+    This is the response from scdaemon on GETATTR KEY-ATTR-INFO for
+    OpenPGP cards.  <keyref> is the usual keyref (e.g. OPENPGP.1 or
+    OPENPGP.129) and <string> is the algoritm or curve name, which
+    is available for the key.
+
+*** KEY-TIME <n> <timestamp>
+    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref N
+    of 1 gives the timestamp for the standard OpenPGP signing key, 2
+    for the encryption key, and 3 for an authentication key.  Note
+    that a KEYPAIRINFO status lines carries the same information and
+    should be preferred.
+
+*** KEY-LABEL <keyref> <label>
+    This returns the human readbable label for the keys given by
+    KEYREF.  LABEL won't have any space in it and is percent encoded.
+    This info shall only be used for dispaly purposes.
+
 * Format of the --attribute-fd output
 
   When --attribute-fd is set, during key listings (--list-keys,
@@ -1304,7 +1406,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    - 1 u8 :: =ownertrust=.
    - 1 u8 :: =depth=.
    - 1 u8 :: =min_ownertrust=.
-   - 1 byte :: =flags=.
+   - 1 byte :: Not used.
    - 1 u32 :: =validlist=.
    - 10 byte :: Not used.
 
@@ -1497,6 +1599,21 @@ Status codes are:
   1.3.6.1.4.1.11591.2.2          X.509 extensions
   1.3.6.1.4.1.11591.2.2.1          standaloneCertificate
   1.3.6.1.4.1.11591.2.2.2          wellKnownPrivateKey
+  1.3.6.1.4.1.11591.2.3          CMS contentType
+  1.3.6.1.4.1.11591.2.3.1          OpenPGP keyblock (as octet string)
+  1.3.6.1.4.1.11591.2.4          LDAP stuff
+  1.3.6.1.4.1.11591.2.4.1          attributes
+  1.3.6.1.4.1.11591.2.4.1.1          gpgFingerprint attribute
+  1.3.6.1.4.1.11591.2.4.1.2          gpgSubFingerprint attribute
+  1.3.6.1.4.1.11591.2.4.1.3          gpgMailbox attribute
+  1.3.6.1.4.1.11591.2.4.1.4          gpgSubCertID attribute
+  1.3.6.1.4.1.11591.2.5          LDAP URL extensions
+  1.3.6.1.4.1.11591.2.5.1          gpgNtds=1 (auth. with current AD user)
+  1.3.6.1.4.1.11591.2.6          GnuPG extended key usage
+  1.3.6.1.4.1.11591.2.6.1          use for certification key
+  1.3.6.1.4.1.11591.2.6.2          use for signing key
+  1.3.6.1.4.1.11591.2.6.3          use for encryption key
+  1.3.6.1.4.1.11591.2.6.4          use for authentication key
   1.3.6.1.4.1.11591.2.12242973   invalid encoded OID
 #+end_example
 
@@ -1540,6 +1657,19 @@ Description of some debug flags:
 
 
 * Miscellaneous notes
+** List of useful RFCs
+  - RFC-3447 :: PKCS  #1: RSA Cryptography Specifications Version 2.1
+  - RFC-4880 :: OpenPGP
+  - RFC-5280 :: X.509 PKI Certificate and CRL Profile
+  - RFC-6818 :: Updates to the X.509 PKI Certificate and CRL Profile
+  - RFC-8398 :: Internationalized Email Addresses in X.509 Certificates.
+  - RFC-8399 :: Internationalization Updates to RFC 5280
+  - RFC-5480 :: ECC Subject Public Key Information
+  - RFC-8813 :: Clarifications for ECC Subject Public Key
+  - RFC-5915 :: Elliptic Curve Private Key Structure
+  - RFC-5958 :: Asymmetric Key Packages
+  - RFC-7292 :: PKCS #12: Personal Information Exchange Syntax v1.1
+  - RFC-8351 :: The PKCS #8 EncryptedPrivateKeyInfo Media Type
 
 ** v3 fingerprints
    For packet version 3 we calculate the keyids this way:
diff --git a/doc/HACKING b/doc/HACKING
index bd16856..f9b43e2 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -3,6 +3,7 @@
 #+TEXT: Some notes on GnuPG internals
 #+STARTUP: showall
 #+OPTIONS: ^:{}
+# Note: This might be a copy; the original lives in gnupg/doc/HACKING.
 
 * How to contribute
 
@@ -33,9 +34,9 @@ not be copied to the ChangeLog, separate it by a line consisting of
 two dashes at the begin of a line.
 
 The one-line summary usually starts with a keyword to identify the
-mainly affected subsystem.  If more than one keyword is required the
-are delimited by a comma (e.g. =scd,w32:=). Commonly found keywords
-are
+mainly affected subsystem (that is not the directory).  If more than
+one keyword is required they are delimited by a comma
+(e.g. =scd,w32:=). Commonly found keywords are
 
  - agent   :: The gpg-agent component
  - build   :: Changes to the build system
@@ -119,7 +120,8 @@ Note that such a comment will be removed if the git commit option
 
   - That's it.  From now on you only need to add a "Signed-off-by:"
     line with your name and mail address to the commit message.  It is
-    recommended to send the patches using a PGP/MIME signed mail.
+    recommended to send the patches using a PGP/MIME signed mail.  See
+    below on how to send patches.
 
 ** Coding standards
 
@@ -150,7 +152,7 @@ Note that such a comment will be removed if the git commit option
       if ( 42 == foo )
 #+end_src
     this is harder to read and modern compilers are pretty good in
-    detecing accidential assignments.  It is also suggested not to
+    detecing accidental assignments.  It is also suggested not to
     compare to 0 or NULL but to test the value direct or with a '!';
     this makes it easier to see that a boolean test is done.
   - We use our own printf style functions like =es_printf=, and
@@ -182,12 +184,11 @@ Note that such a comment will be removed if the git commit option
 ** Variable names
 
   Follow the GNU standards.  Here are some conventions you may want to
-  stick to (do not rename existing "wrong" uses without a goog
-  reason).
+  stick to (do not rename existing "wrong" uses without a good reason).
 
   - err :: This conveys an error code of type =gpg_error_t= which is
            compatible to an =int=.  To compare such a variable to a
-           GPG_ERR_ constant, it is necessary to map the value like
+           GPG_ERR_ constant, it is necessary to access the value like
            this: =gpg_err_code(err)=.
   - ec  :: This is used for a gpg-error code which has no source part
            (=gpg_err_code_t=) and will eventually be used as input to
@@ -207,10 +208,6 @@ Note that such a comment will be removed if the git commit option
   - The predefined macro =__func__=:
     : log_debug ("%s: Problem with foo\n", __func__);
 
-  - Variable declaration inside a for():
-    : for (int i = 0; i < 5; ++)
-    :   bar (i);
-
   Although we usually make use of the =u16=, =u32=, and =u64= types,
   it is also possible to include =<stdint.h>= and use =int16_t=,
   =int32_t=, =int64_t=, =uint16_t=, =uint32_t=, and =uint64_t=.  But do
@@ -225,6 +222,7 @@ Note that such a comment will be removed if the git commit option
   - Regression-due-to :: Commit id of the regression fixed by this commit.
   - Fixes-commit :: Commit id this commit fixes.
   - Updates-commit :: Commit id this commit updates.
+  - See-commit :: Commit id of a related commit.
   - Reported-by :: Value is a name or mail address of a bug reporte.
   - Suggested-by :: Value is a name or mail address of someone how
                     suggested this change.
@@ -232,7 +230,47 @@ Note that such a comment will be removed if the git commit option
   - Some-comments-by :: Name or mail address of the author of
                         additional comments (commit log or code).
   - Proofread-by :: Sometimes used by translation commits.
-  - Signed-off-by :: Name or mail address of the developer
+  - Signed-off-by :: Name or mail address of the developer.
+  - Backported-from-master :: Value is the commit id of the original patch.
+  - Ported-from-stable :: Value is the commit id of the original patch.
+
+** Sending patches
+Submitting patches, and subsequent discussions around them,
+happens via the gnupg-devel@gnupg.org public mailing list.
+
+Send your patches to that list, preferably PGP/MIME signed.  Make sure
+to include a mention of 'gnupg' (or gpgme, libassuan, etc) in the
+subject line; the list is used for several different projects.
+
+In general you should send patches only for the master branch; we may
+later decide to backport to another branch.  Please ask first before
+sending pacthes for another branch.
+
+If you're working from the Git repo, here's a suggested workflow:
+
+  - Configure git send-email defaults:
+
+    : git config format.subjectPrefix 'PATCH gnupg'
+    : git config sendemail.to gnupg-devel@gnupg.org
+
+    (For other sub-projects adjust accordingly)
+
+  - hack hack hack
+
+  - Commit your changes; group changes into easily-reviewable commit
+    units, feel free to submit several patches at once.
+
+    e.g. if you want to submit a single patch on top of master, do:
+    : git send-email --annotate -1
+
+    e.g. if you have two commits on top of master, do:
+    : git send-email --annotate --cover-letter -2
+
+   (that prompts you for a summary mail to precede your actual patch
+    mails)
+
+  - use Git's --dry-run option to test your setup
+
 
 * Windows
 ** How to build an installer for Windows
@@ -346,7 +384,7 @@ Note that such a comment will be removed if the git commit option
   - g10/main.h     :: Prototypes and some constants
   - g10/mainproc.c :: Message processing
   - g10/armor.c    :: Ascii armor filter
-  - g10/mdfilter.c :: Filter to calculate hashs
+  - g10/mdfilter.c :: Filter to calculate hashes
   - g10/textfilter.c :: Filter to handle CR/LF and trailing white space
   - g10/cipher.c   :: En-/Decryption filter
   - g10/misc.c     :: Utility functions
@@ -399,7 +437,7 @@ The *secure versions allocate memory in the secure memory.  That is,
 swapping out of this memory is avoided and is gets overwritten on
 free.  Use this for passphrases, session keys and other sensitive
 material.  This memory set aside for secure memory is linited to a few
-k.  In general the function don't print a memeory message and
+k.  In general the function don't print a memory message and
 terminate the process if there is not enough memory available.  The
 "try" versions of the functions return NULL instead.
 
@@ -429,5 +467,3 @@ plaintext packets and so on.  The file g10/encode.c might be a good
 starting point to see how it is used - actually this is the other way:
 constructing messages using pushed filters but it may be easier to
 understand.
-
-
diff --git a/doc/Makefile.am b/doc/Makefile.am
index aba09b9..b860669 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -23,8 +23,7 @@ include $(top_srcdir)/am/cmacros.am
 
 examples = examples/README examples/scd-event examples/trustlist.txt	\
 	   examples/VS-NfD.prf examples/Automatic.prf                   \
-           examples/debug.prf                                           \
-           examples/gpgconf.rnames examples/gpgconf.conf                \
+           examples/debug.prf  examples/qualified.txt                   \
 	   examples/systemd-user/README 				\
 	   examples/systemd-user/dirmngr.service 			\
 	   examples/systemd-user/dirmngr.socket				\
@@ -33,7 +32,7 @@ examples = examples/README examples/scd-event examples/trustlist.txt	\
 	   examples/systemd-user/gpg-agent-ssh.socket 			\
 	   examples/systemd-user/gpg-agent-browser.socket		\
 	   examples/systemd-user/gpg-agent-extra.socket 		\
-	   examples/pwpattern.list
+	   examples/gpgconf.conf examples/pwpattern.list
 
 helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
             help.da.txt help.de.txt help.el.txt help.eo.txt		\
@@ -45,8 +44,8 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
 
 profiles =
 
-EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
-	     gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
+EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
+	     gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
 	     gnupg-module-overview.png gnupg-module-overview.pdf \
              gnupg-card-architecture.png gnupg-card-architecture.pdf \
              FAQ gnupg7.texi mkdefsinc.c defsincdate \
@@ -71,17 +70,13 @@ nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \
 gnupg_TEXINFOS = \
 	gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
 	tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
-	sysnotes.texi dirmngr.texi wks.texi \
+	sysnotes.texi dirmngr.texi wks.texi gpg-card.texi \
         gnupg-module-overview.svg \
         gnupg-card-architecture.fig \
 	howtos.texi howto-create-a-server-cert.texi
 
 gnupg.texi : defs.inc
 
-# We need EPS files for "make distcheck" but we do not want to distribute
-# them due to their size.  Let's build them as needed.
-gnupg.dvi : gnupg-module-overview.eps gnupg-card-architecture.eps
-
 
 DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
 
@@ -91,13 +86,13 @@ YAT2M_OPTIONS = -I $(srcdir) \
         --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.2"
 
 myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
-	        dirmngr.texi scdaemon.texi tools.texi wks.texi
+	        dirmngr.texi scdaemon.texi tools.texi wks.texi \
+                gpg-card.texi
 myman_pages   = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 \
                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 		gpg-connect-agent.1 gpgparsemail.1 gpgtar.1 \
-                gpg-check-pattern.1 \
 		applygnupgdefaults.8 gpg-wks-client.1 gpg-wks-server.1 \
-		dirmngr-client.1
+		dirmngr-client.1 gpg-card.1 gpg-check-pattern.1
 if USE_GPG2_HACK
 myman_pages += gpg2.1 gpgv2.1
 else
@@ -112,25 +107,16 @@ watchgnupg_SOURCE = gnupg.texi
 CLEANFILES = yat2m mkdefsinc defs.inc
 
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
-                 gnupg-card-architecture.eps \
-                 gnupg-module-overview.eps \
 		 $(myman_pages) gnupg.7
 
-if HAVE_YAT2M
-YAT2M_CMD = $(YAT2M)
-YAT2M_DEP = $(YAT2M)
-else
-YAT2M_CMD = ./yat2m
-YAT2M_DEP = yat2m
-
 yat2m: yat2m.c
 	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
-endif
 
 mkdefsinc: mkdefsinc.c Makefile ../config.h
 	$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
                         -o $@ $(srcdir)/mkdefsinc.c
 
+if MAINTAINER_MODE
 .svg.eps:
 	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
 
@@ -151,6 +137,7 @@ mkdefsinc: mkdefsinc.c Makefile ../config.h
 
 .fig.pdf:
 	fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+endif
 
 
 yat2m-stamp: $(myman_sources) defs.inc
@@ -158,12 +145,12 @@ yat2m-stamp: $(myman_sources) defs.inc
 	@touch yat2m-stamp.tmp
 	incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
 	for file in $(myman_sources) ; do \
-              $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
+              $(YAT2M) $(YAT2M_OPTIONS) --store \
                   --date "`cat $$incd 2>/dev/null`" \
 	          `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
 	@mv -f yat2m-stamp.tmp $@
 
-yat2m-stamp: $(YAT2M_DEP)
+yat2m-stamp: $(YAT2M)
 
 $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
 	@if test -f $@; then :; else \
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 59b671f..0fcf672 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -137,26 +137,26 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-@USE_GPG2_HACK_TRUE@am__append_8 = gpg2.1 gpgv2.1
-@USE_GPG2_HACK_FALSE@am__append_9 = gpg.1 gpgv.1
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@USE_GPG2_HACK_TRUE@am__append_9 = gpg2.1 gpgv2.1
+@USE_GPG2_HACK_FALSE@am__append_10 = gpg.1 gpgv.1
 subdir = doc
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -306,9 +306,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -317,6 +319,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -344,9 +347,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -383,13 +387,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -457,7 +464,8 @@ top_srcdir = @top_srcdir@
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -477,8 +485,7 @@ libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
 examples = examples/README examples/scd-event examples/trustlist.txt	\
 	   examples/VS-NfD.prf examples/Automatic.prf                   \
-           examples/debug.prf                                           \
-           examples/gpgconf.rnames examples/gpgconf.conf                \
+           examples/debug.prf  examples/qualified.txt                   \
 	   examples/systemd-user/README 				\
 	   examples/systemd-user/dirmngr.service 			\
 	   examples/systemd-user/dirmngr.socket				\
@@ -487,7 +494,7 @@ examples = examples/README examples/scd-event examples/trustlist.txt	\
 	   examples/systemd-user/gpg-agent-ssh.socket 			\
 	   examples/systemd-user/gpg-agent-browser.socket		\
 	   examples/systemd-user/gpg-agent-extra.socket 		\
-	   examples/pwpattern.list
+	   examples/gpgconf.conf examples/pwpattern.list
 
 helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
             help.da.txt help.de.txt help.el.txt help.eo.txt		\
@@ -498,8 +505,8 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\
             help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
 
 profiles = 
-EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
-	     gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
+EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
+	     gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
 	     gnupg-module-overview.png gnupg-module-overview.pdf \
              gnupg-card-architecture.png gnupg-card-architecture.pdf \
              FAQ gnupg7.texi mkdefsinc.c defsincdate \
@@ -521,7 +528,7 @@ nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \
 gnupg_TEXINFOS = \
 	gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
 	tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
-	sysnotes.texi dirmngr.texi wks.texi \
+	sysnotes.texi dirmngr.texi wks.texi gpg-card.texi \
         gnupg-module-overview.svg \
         gnupg-card-architecture.fig \
 	howtos.texi howto-create-a-server-cert.texi
@@ -532,26 +539,21 @@ YAT2M_OPTIONS = -I $(srcdir) \
         --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.2"
 
 myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
-	        dirmngr.texi scdaemon.texi tools.texi wks.texi
+	        dirmngr.texi scdaemon.texi tools.texi wks.texi \
+                gpg-card.texi
 
 myman_pages = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 watchgnupg.1 \
 	gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 	gpg-connect-agent.1 gpgparsemail.1 gpgtar.1 \
-	gpg-check-pattern.1 applygnupgdefaults.8 gpg-wks-client.1 \
-	gpg-wks-server.1 dirmngr-client.1 $(am__append_8) \
-	$(am__append_9)
+	applygnupgdefaults.8 gpg-wks-client.1 gpg-wks-server.1 \
+	dirmngr-client.1 gpg-card.1 gpg-check-pattern.1 \
+	$(am__append_9) $(am__append_10)
 man_MANS = $(myman_pages) gnupg.7
 watchgnupg_SOURCE = gnupg.texi
 CLEANFILES = yat2m mkdefsinc defs.inc
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
-                 gnupg-card-architecture.eps \
-                 gnupg-module-overview.eps \
 		 $(myman_pages) gnupg.7
 
-@HAVE_YAT2M_FALSE@YAT2M_CMD = ./yat2m
-@HAVE_YAT2M_TRUE@YAT2M_CMD = $(YAT2M)
-@HAVE_YAT2M_FALSE@YAT2M_DEP = yat2m
-@HAVE_YAT2M_TRUE@YAT2M_DEP = $(YAT2M)
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-am
 
@@ -632,6 +634,7 @@ $(am__aclocal_m4_deps):
 	  rm -rf $(@:.html=.htp); exit 1; \
 	fi
 $(srcdir)/gnupg.info: gnupg.texi $(gnupg_TEXINFOS)
+gnupg.dvi: gnupg.texi $(gnupg_TEXINFOS)
 gnupg.pdf: gnupg.texi $(gnupg_TEXINFOS)
 gnupg.html: gnupg.texi $(gnupg_TEXINFOS)
 .dvi.ps:
@@ -1178,49 +1181,45 @@ uninstall-man: uninstall-man1 uninstall-man7 uninstall-man8
 
 gnupg.texi : defs.inc
 
-# We need EPS files for "make distcheck" but we do not want to distribute
-# them due to their size.  Let's build them as needed.
-gnupg.dvi : gnupg-module-overview.eps gnupg-card-architecture.eps
-
-@HAVE_YAT2M_FALSE@yat2m: yat2m.c
-@HAVE_YAT2M_FALSE@	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+yat2m: yat2m.c
+	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
 
 mkdefsinc: mkdefsinc.c Makefile ../config.h
 	$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
                         -o $@ $(srcdir)/mkdefsinc.c
 
-.svg.eps:
-	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.svg.eps:
+@MAINTAINER_MODE_TRUE@	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.svg.png:
-	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.svg.png:
+@MAINTAINER_MODE_TRUE@	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.svg.pdf:
-	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.svg.pdf:
+@MAINTAINER_MODE_TRUE@	convert `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.fig.png:
-	fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.fig.png:
+@MAINTAINER_MODE_TRUE@	fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.fig.jpg:
-	fig2dev -L jpeg `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.fig.jpg:
+@MAINTAINER_MODE_TRUE@	fig2dev -L jpeg `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.fig.eps:
-	fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.fig.eps:
+@MAINTAINER_MODE_TRUE@	fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
 
-.fig.pdf:
-	fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+@MAINTAINER_MODE_TRUE@.fig.pdf:
+@MAINTAINER_MODE_TRUE@	fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
 
 yat2m-stamp: $(myman_sources) defs.inc
 	@rm -f yat2m-stamp.tmp
 	@touch yat2m-stamp.tmp
 	incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
 	for file in $(myman_sources) ; do \
-              $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
+              $(YAT2M) $(YAT2M_OPTIONS) --store \
                   --date "`cat $$incd 2>/dev/null`" \
 	          `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
 	@mv -f yat2m-stamp.tmp $@
 
-yat2m-stamp: $(YAT2M_DEP)
+yat2m-stamp: $(YAT2M)
 
 $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
 	@if test -f $@; then :; else \
diff --git a/doc/debugging.texi b/doc/debugging.texi
index 14056d6..6639e18 100644
--- a/doc/debugging.texi
+++ b/doc/debugging.texi
@@ -38,7 +38,7 @@ and solving problems.
 
 A keybox is a file format used to store public keys along with meta
 information and indices.  The commonly used one is the file
-@file{pubring.kbx} in the @file{.gnupg} directory. It contains all
+@file{pubring.kbx} in the @file{.gnupg} directory.  It contains all
 X.509 certificates as well as OpenPGP keys.
 
 @noindent
diff --git a/doc/defsincdate b/doc/defsincdate
index e07e00b..3e0306e 100644
--- a/doc/defsincdate
+++ b/doc/defsincdate
@@ -1 +1 @@
-1660898960
+1616427011
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index e47f39c..981b48b 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -14,7 +14,7 @@
 @manpage dirmngr.8
 @ifset manverb
 .B dirmngr
-\- GnuPG's network access daemon
+\- CRL and OCSP daemon
 @end ifset
 
 @mansect synopsis
@@ -198,11 +198,11 @@ however carefully selected to best aid in debugging.
 
 @item --debug @var{flags}
 @opindex debug
-Set debugging flags.  This option is only useful for debugging and its
-behavior may change with a new release.  All flags are or-ed and may
-be given in C syntax (e.g. 0x0042) or as a comma separated list of
-flag names.  To get a list of all supported flags the single word
-"help" can be used.
+Set debug flags.  All flags are or-ed and @var{flags} may be given in
+C syntax (e.g. 0x0042) or as a comma separated list of flag names.  To
+get a list of all supported flags the single word "help" can be used.
+This option is only useful for debugging and the behavior may change
+at any time without notice.
 
 @item --debug-all
 @opindex debug-all
@@ -253,9 +253,9 @@ network).  Certain other features are disabled in this mode.  The
 effect of @option{--use-tor} cannot be overridden by any other command
 or even by reloading dirmngr.  The use of @option{--no-use-tor}
 disables the use of Tor.  The default is to use Tor if it is available
-on startup or after reloading dirmngr.  The test on the available of
-Tor is done by trying to connects to a SOCKS proxy at either port 9050
-or 9150); if another type of proxy is listening on one of these ports,
+on startup or after reloading dirmngr.  The test on the availability of
+Tor is done by trying to connect to a SOCKS proxy at either port 9050
+or 9150; if another type of proxy is listening on one of these ports,
 you should use @option{--no-use-tor}.
 
 @item --standard-resolver
@@ -321,8 +321,9 @@ provided.  These are the same as the @option{--keyserver-options} of
 @command{gpg}, but apply only to this particular keyserver.
 
 Most keyservers synchronize with each other, so there is generally no
-need to send keys to more than one server. Somes keyservers use round
-robin DNS to give a different keyserver each time you use it.
+need to send keys to more than one server. The keyserver
+@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
+keyserver each time you use it.
 
 If exactly two keyservers are configured and only one is a Tor hidden
 service (.onion), Dirmngr selects the keyserver to use depending on
@@ -330,43 +331,28 @@ whether Tor is locally running or not.  The check for a running Tor is
 done for each new connection.
 
 If no keyserver is explicitly configured, dirmngr will use the
-built-in default of @code{https://keyserver.ubuntu.com}.
+built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
 
 Windows users with a keyserver running on their Active Directory
-may use the short form @code{ldap:///} for @var{name} to access this directory.
+should use @code{ldap:///} for @var{name} to access this directory.
+As an alternative it is also possible to add @code{gpgNtds=1} as
+extension (i.e. after the fourth question mark).
 
 For accessing anonymous LDAP keyservers @var{name} is in general just
 a @code{ldaps://ldap.example.com}.  A BaseDN parameter should never be
-specified.  If authentication is required things are more complicated
-and two methods are available:
-
-The modern method (since version 2.2.28) is to use the very same syntax
-as used with the option @option{--ldapserver}.  Please see over
-there for details; here is an example:
-
-@example
-       keyserver ldap:ldap.example.com::uid=USERNAME,ou=GnuPG Users,
-       dc=example,dc=com:PASSWORD::starttls
-@end example
-
-       The other method is to use a full URL for @var{name}; for example:
+specified.  If authentication is required the value of @var{name} is
+for example:
 
 @example
        keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME
        %2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD
 @end example
 
-       Put this all on one line without any spaces and keep the '%2C'
-       as given.  Replace USERNAME, PASSWORD, and the 'dc' parts
-       according to the instructions received from your LDAP
-       administrator.  Note that only simple authentication
-       (i.e. cleartext passwords) is supported and thus using ldaps is
-       strongly suggested (since 2.2.28 "ldaps" defaults to port 389
-       and uses STARTTLS).  On Windows authentication via AD can be
-       requested by adding @code{gpgNtds=1} after the fourth question
-       mark instead of the bindname and password parameter.
-
-
+       Put this all on one line without any spaces and keep the '%2C' as given.
+       Replace USERNAME, PASSWORD, and the 'dc' parts according to the
+       instructions received from the LDAP administrator.  Note that only
+       simple authentication (i.e. cleartext passwords) is supported and thus
+       using ldaps is strongly suggested.
 
 @item --nameserver @var{ipaddr}
 @opindex nameserver
@@ -414,7 +400,7 @@ force the use of the default responder.
 If the environment variable @env{http_proxy} has been set, use its
 value to access HTTP servers.
 
-@item --http-proxy [http://]@var{host}[:@var{port}]
+@item --http-proxy @var{host}[:@var{port}]
 @opindex http-proxy
 @efindex http_proxy
 Use @var{host} and @var{port} to access HTTP servers.  The use of this
@@ -438,9 +424,10 @@ configured LDAP server if the connection using the "proxy" failed.
 
 @item --ldapserverlist-file @var{file}
 @opindex ldapserverlist-file
-Read the list of LDAP servers to consult for CRLs and X.509 certificates from
-file instead of the default per-user ldap server list file. The default
-value for @var{file} is @file{dirmngr_ldapservers.conf}.
+Read a list of LDAP servers to consult for CRLs and certificates from
+file.  This servers from this list are used after any servers set by a
+client for its session. The default value for @var{file} is
+@file{dirmngr_ldapservers.conf}.
 
 This server list file contains one LDAP server per line in the format
 
@@ -448,6 +435,10 @@ This server list file contains one LDAP server per line in the format
 
 Lines starting with a  @samp{#} are comments.
 
+The only defined flag is @code{ldaps} to specify that a TLS
+connections shall be used.  Flags are comma delimited; unknown flags
+are ignored.
+
 Note that as usual all strings entered are expected to be UTF-8 encoded.
 Obviously this will lead to problems if the password has originally been
 encoded as Latin-1.  There is no other solution here than to put such a
@@ -457,40 +448,6 @@ helpful for frontends as it enables editing this configuration file using
 percent-escaped strings.}
 
 
-@item --ldapserver @var{spec}
-@opindex ldapserver
-This is an alternative way to specify LDAP servers for CRL and X.509
-certificate retrieval.  If this option is used the servers configured
-in @file{dirmngr_ldapservers.conf} (or the file given by
-@option{--ldapserverlist-file}) are cleared.  Note that
-@file{dirmngr_ldapservers.conf} is not read again by a reload
-signal. However, @option{--ldapserver} options are read again.
-
-@var{spec} is either a proper LDAP URL or a colon delimited list of
-the form
-
-@sc{hostname:port:username:password:base_dn:flags:}
-
-with an optional prefix of @code{ldap:} (but without the two slashes
-which would turn this into a proper LDAP URL).  @sc{flags} is a list
-of one or more comma delimited keywords:
-@table @code
-@item plain
-The default: Do not use a TLS secured connection at all; the default
-port is 389.
-@item starttls
-Use STARTTLS to secure the connection; the default port is 389.
-@item ldaptls
-Tunnel LDAP through a TLS connection; the default port is 636.
-@item ntds
-On Windows authenticate the LDAP connection using the Active Directory
-with the current user.
-@end table
-
-Note that in an URL style specification the scheme @code{ldaps://}
-refers to STARTTLS and _not_ to LDAP-over-TLS.
-
-
 @item --ldaptimeout @var{secs}
 @opindex ldaptimeout
 Specify the number of seconds to wait for an LDAP query before timing
@@ -501,17 +458,22 @@ out.  The default are 15 seconds.  0 will never timeout.
 @opindex add-servers
 This option makes dirmngr add any servers it discovers when validating
 certificates against CRLs to the internal list of servers to consult for
-certificates and CRLs.
+certificates and CRLs.  This option should in general not be used.
 
-This option is useful when trying to validate a certificate that has
-a CRL distribution point that points to a server that is not already
-listed in the ldapserverlist. Dirmngr will always go to this server and
-try to download the CRL, but chances are high that the certificate used
-to sign the CRL is located on the same server. So if dirmngr doesn't add
-that new server to list, it will often not be able to verify the
-signature of the CRL unless the @code{--add-servers} option is used.
+This option might be useful when trying to validate a certificate that
+has a CRL distribution point that points to a server that is not
+already listed in the ldapserverlist.  Dirmngr will always go to this
+server and try to download the CRL, but chances are high that the
+certificate used to sign the CRL is located on the same server. So if
+dirmngr doesn't add that new server to list, it will often not be able
+to verify the signature of the CRL unless the @code{--add-servers}
+option is used.
 
-Note: The current version of dirmngr has this option disabled by default.
+Caveat emptor: Using this option may enable denial-of-service attacks
+and leak search requests to unknown third parties.  This is because
+arbitrary servers are added to the internal list of LDAP servers which
+in turn is used for all unspecific LDAP queries as well as a fallback
+for queries which did not return a result.
 
 
 @item --allow-ocsp
@@ -583,25 +545,6 @@ won't be rejected due to an unknown critical extension.  Use this
 option with care because extensions are usually flagged as critical
 for a reason.
 
-@item --ignore-cert @var{fpr}|@var{file}
-@opindex ignore-cert
-Entirely ignore certificates with the fingerprint @var{fpr}.  As an
-alternative to the fingerprint a filename can be given in which case
-all certificates described in that file are ignored.  Any argument
-which contains a slash, dot or tilde is considered a filename.  Usual
-filename expansion takes place: A tilde at the start followed by a
-slash is replaced by the content of @env{HOME}, no slash at start
-describes a relative filename which will be searched at the home
-directory.  To make sure that the @var{file} is searched in the home
-directory, either prepend the name with "./" or use a name which
-contains a dot.  The format of such a file is a list of SHA-1
-fingerprint, one per line with optional colons between the bytes.
-Empty lines and lines prefixed with a hash mark are ignored.
-
-This option is useful as a quick workaround to exclude certain
-certificates from the system store.
-
-
 @item --hkp-cacert @var{file}
 Use the root certificates in @var{file} for verification of the TLS
 certificates used with @code{hkps} (keyserver access over TLS).  If
@@ -609,8 +552,10 @@ the file is in PEM format a suffix of @code{.pem} is expected for
 @var{file}.  This option may be given multiple times to add more
 root certificates.  Tilde expansion is supported.
 
-If no @code{hkp-cacert} directive is present, dirmngr will use the
-system CAs.
+If no @code{hkp-cacert} directive is present, dirmngr will make a
+reasonable choice: if the keyserver in question is the special pool
+@code{hkps.pool.sks-keyservers.net}, it will use the bundled root
+certificate for that pool.  Otherwise, it will use the system CAs.
 
 @end table
 
@@ -623,7 +568,7 @@ system CAs.
 @section Configuration
 
 Dirmngr makes use of several directories when running in daemon mode:
-There are a few configuration files whih control the operation of
+There are a few configuration files to control the operation of
 dirmngr.  By default they may all be found in the current home
 directory (@pxref{option --homedir}).
 
@@ -673,31 +618,92 @@ part will be created by dirmngr if it does not exists but you need to
 make sure that the upper directory exists.
 
 @end table
-@manpause
 
-To be able to see what's going on you should create the configure file
-@file{~/gnupg/dirmngr.conf} with at least one line:
+Several options control the use of trusted certificates for TLS and
+CRLs.  Here is an Overview on the use and origin of those Root CA
+certificates:
+@table @asis
+
+@item System
+
+These System root certificates are used by:  FIXME
+
+The origin of the system provided certificates depends on the
+platform.  On Windows all certificates from the Windows System Stores
+@code{ROOT} and @code{CA} are used.
+
+On other platforms the certificates are read from the first file found
+form this list: @file{/etc/ssl/ca-bundle.pem},
+@file{/etc/ssl/certs/ca-certificates.crt},
+@file{/etc/pki/tls/cert.pem},
+@file{/usr/local/share/certs/ca-root-nss.crt},
+@file{/etc/ssl/cert.pem}.
+
+@item GnuPG
+
+The GnuPG specific certificates stored in the directory
+@file{/etc/gnupg/trusted-certs} are only used to validate CRLs.
+
+@c Note that dirmngr's VALIDATE command also uses them but that
+@c command is anyway only intended for debugging.
+
+@item OpenPGP keyserver
+
+For accessing the OpenPGP keyservers the only certificates used are
+those set with the configuration option @option{hkp-cacert}.
+
+@item OpenPGP keyserver pool
+
+This is usually only one certificate read from the file
+@file{@value{DATADIR}/gnupg/sks-keyservers.netCA.pem}.  If this
+certificate exists it is used to access the special keyservers
+@code{hkps.pool.sks-keyservers.net} (or @file{hkps://keys.gnupg.net}).
+
+@end table
+
+Please note that @command{gpgsm} accepts Root CA certificates for its
+own purposes only if they are listed in its file @file{trustlist.txt}.
+@command{dirmngr} does not make use of this list - except FIXME.
+
+
+@mansect notes
+
+To be able to see diagnostics it is often useful to put at least the
+following lines into the configuration file
+@file{~/gnupg/dirmngr.conf}:
 
 @example
 log-file ~/dirmngr.log
+verbose
 @end example
 
+You may want to check the log file to see whether all desired root CA
+certificates are correctly loaded.
+
 To be able to perform OCSP requests you probably want to add the line:
 
 @example
 allow-ocsp
 @end example
 
-To make sure that new options are read and that after the installation
-of a new GnuPG versions the installed dirmngr is running, you may want
-to kill an existing dirmngr first:
+To make sure that new options are read or that after the installation
+of a new GnuPG versions the right dirmngr version is running, you
+should kill an existing dirmngr so that a new instance is started as
+needed by the otehr components:
 
 @example
 gpgconf --kill dirmngr
 @end example
 
-You may check the log file to see whether all desired root
-certificates have been loaded correctly.
+Direct interfaction with the dirmngr is possible by using the command
+
+@example
+gpg-connect-agent --dirmngr
+@end example
+
+Enter @code{HELP} at the prompt to see a list of commands and enter
+@code{HELP} followed by a command name to get help on that command.
+
 
 
 @c
@@ -1169,7 +1175,7 @@ as a binary blob.
 @c
 @c If no certificate was found, the function returns with the error
 @c GPG_ERR_MISSING_CERT.  Now the signature is verified.  If this fails,
-@c the erro is returned.  On success the @code{validate_cert_chain} is
+@c the error is returned.  On success the @code{validate_cert_chain} is
 @c used to verify that the certificate is actually valid.
 @c
 @c Here we may encounter a recursive situation:
@@ -1186,7 +1192,7 @@ as a binary blob.
 @c In the end the same fucntionality is used, albeit hidden by a couple
 @c of indirection and argument and result code mangling.  It furthere
 @c ingetrages OCSP checking depending on options are the way it is
-@c called.  GPGSM still uses this command but might eventuall switch over
+@c called.  GPGSM still uses this command but might eventually switch over
 @c to CHECKCRL and CHECKOCSP so that ISVALID can be retired.
 @c
 @c
diff --git a/doc/examples/README b/doc/examples/README
index 77ee807..4d6a5be 100644
--- a/doc/examples/README
+++ b/doc/examples/README
@@ -9,3 +9,5 @@ trustlist.txt   A list of trustworthy root certificates
 gpgconf.conf    A sample configuration file for gpgconf.
 
 systemd-user    Sample files for a Linux-only init system.
+
+qualified.txt   Sample file for qualified.txt.
diff --git a/doc/examples/gpgconf.conf b/doc/examples/gpgconf.conf
index a61d4d4..95e463b 100644
--- a/doc/examples/gpgconf.conf
+++ b/doc/examples/gpgconf.conf
@@ -5,10 +5,6 @@
 # defaults in gpgconf and to enforce certain values for the various
 # GnuPG related configuration files.
 #
-# NOTE: This is a legacy mechanism.  The modern way is to use global
-#       configuration files like /etc/gnupg/gpg.conf which are more
-#       flexible and better integrated into the configuration system.
-#
 # Empty lines and comment lines, indicated by a hash mark as first non
 # white space character, are ignored.  The line is separated by white
 # space into fields. The first field is used to match the user or
@@ -60,3 +56,7 @@
 # "enable-ocsp" is put into the config file of gpgsm.  The latter may
 # be changed by any user.
 #-------------------------------------------------------------------
+
+
+
+
diff --git a/doc/examples/gpgconf.rnames b/doc/examples/gpgconf.rnames
deleted file mode 100644
index 0e83732..0000000
--- a/doc/examples/gpgconf.rnames
+++ /dev/null
@@ -1,12 +0,0 @@
-# gpgconf-rnames.lst
-# Additional registry settings to be shown by "gpgconf -X".
-#
-# Example: HKCU\Software\GNU\GnuPG:FooBar
-#
-#  HKCU := The class.  Other supported classes are HKLM, HKCR, HKU,
-#          and HKCC.  If no class is given and the string thus starts
-#          with a backslash HKCU with a fallback to HKLM is used.
-#  Software\GNU\GnuPG := The actual key.
-#  FooBar := The name of the item.  if a name is not given the default
-#            value is used.
-#
diff --git a/doc/examples/pwpattern.list b/doc/examples/pwpattern.list
index 251c2d4..fb84754 100644
--- a/doc/examples/pwpattern.list
+++ b/doc/examples/pwpattern.list
@@ -10,7 +10,7 @@
  
 # Reject the usual metavariables.  Usual not required because
 # gpg-agent can be used to reject all passphrases shorter than 8
-# charactes.
+# characters.
 foo
 bar
 baz
diff --git a/doc/qualified.txt b/doc/examples/qualified.txt
similarity index 98%
rename from doc/qualified.txt
rename to doc/examples/qualified.txt
index c0e4da5..eba11f2 100644
--- a/doc/qualified.txt
+++ b/doc/examples/qualified.txt
@@ -29,7 +29,7 @@
 #
 #                 Germany
 #
-# The information for Germany is available 
+# The information for Germany is available
 # at http://www.bundesnetzagentur.de
 #*******************************************
 
@@ -74,7 +74,7 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B  de
 #Serial number: 02
 #       Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
 #               Telekommunikation und Post/C=DE
-#      Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für 
+#      Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
 #               Telekommunikation und Post/C=DE
 #     validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
 #     key type: 1024 bit RSA
@@ -118,7 +118,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 #    key usage: certSign
 #     policies: 1.3.36.8.1.1:N:
 # chain length: unlimited
-# [checked: 2008-06-25] 
+# [checked: 2008-06-25]
 44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0  de
 
 #           ID: 0x46A2CC8A
@@ -130,7 +130,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 #    key usage: certSign
 #     policies: 1.3.36.8.1.1:N:
 # chain length: unlimited
-# [checked: 2008-06-25] 
+# [checked: 2008-06-25]
 AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A  de
 
 
@@ -215,7 +215,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C  de
 #     key type: 2048 bit RSA
 #    key usage: certSign crlSign
 # chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
 #         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
 #         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
 C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA  de
@@ -230,7 +230,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA  de
 #     key type: 2048 bit RSA
 #    key usage: certSign crlSign
 # chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
 #         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
 #         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
 D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B  de
diff --git a/doc/gnupg-card-architecture.pdf b/doc/gnupg-card-architecture.pdf
index 565416a1e460a8009b4aa0b7fb59ead3a8d3f72e..8f09405f8edd1aebf083cff5a686a6098772a43d 100644
GIT binary patch
delta 360
zcmcaUo$>s1#tqTVOcoZKW1Vdog%V9IjZ)LnjC7OJQjK&C4b#jfuW@O?E-W=U#??%~
zP}jgj*T6i)(9+7t1c)Xta@EEZyzAPE%aA@ddu&qo-ORBGuW^x@?Bw3G`Gk8cBe$V}
ziGjJHrI88HS_4mUZ6v<7fswj_fx0G_en@6XPO64}Mt*LpetEWjv3`19X+iqr6YdI=
zr+KC^8f^aSS<4vf=;r2V;pk*wZt3J~;%aVW;o@ZB?Br-<XyjyMYHDt0<3>nDESH@f
bS8+*VQAtHnY8scJg@w5>m#V6(zZ(|-|0HJB

delta 360
zcmX><o$>l~#tqTVOqNEQW1Vdog)B`{%q&fkjCIY7Qj&BH4bv<puW@O?E-W=U#??%~
zNY}tp*T5*m(8S8r(#pVM@*-DlOu@UZt+)*7bF;@Lb>Gb#oA4SJsmV_6O)R=bdPbA;
zJQX%SakpjEH8QX?FfueTwKTBMHZW2*Fi_Xz()Z0zaY-ym)o`&gGB83?G1<>k0j9r=
z(PZ;i&sxS<XJa=5XA2`EH%muTBXa{o3pZ0kGYdmABR5wAM<-J|8#h8KV!7<>xQa^>
Xi%KerQq#B$Ei5byxl~nM{oS|#)9PTO

diff --git a/doc/gnupg-logo.eps b/doc/gnupg-logo.eps
deleted file mode 100644
index d428f23..0000000
--- a/doc/gnupg-logo.eps
+++ /dev/null
@@ -1,2704 +0,0 @@
-%!PS-Adobe-3.0 EPSF-3.0
-%%Creator: (ImageMagick)
-%%Title: (gnupg-logo.eps)
-%%CreationDate: (Thu Mar  8 17:48:33 2007)
-%%BoundingBox: 0 0 118 38
-%%HiResBoundingBox: 0 0 118.11 38
-%%DocumentData: Clean7Bit
-%%LanguageLevel: 1
-%%Pages: 1
-%%EndComments
-
-%%BeginDefaults
-%%EndDefaults
-
-%%BeginProlog
-%
-% Display a color image.  The image is displayed in color on
-% Postscript viewers or printers that support color, otherwise
-% it is displayed as grayscale.
-%
-/DirectClassPacket
-{
-  %
-  % Get a DirectClass packet.
-  %
-  % Parameters:
-  %   red.
-  %   green.
-  %   blue.
-  %   length: number of pixels minus one of this color (optional).
-  %
-  currentfile color_packet readhexstring pop pop
-  compression 0 eq
-  {
-    /number_pixels 3 def
-  }
-  {
-    currentfile byte readhexstring pop 0 get
-    /number_pixels exch 1 add 3 mul def
-  } ifelse
-  0 3 number_pixels 1 sub
-  {
-    pixels exch color_packet putinterval
-  } for
-  pixels 0 number_pixels getinterval
-} bind def
-
-/DirectClassImage
-{
-  %
-  % Display a DirectClass image.
-  %
-  systemdict /colorimage known
-  {
-    columns rows 8
-    [
-      columns 0 0
-      rows neg 0 rows
-    ]
-    { DirectClassPacket } false 3 colorimage
-  }
-  {
-    %
-    % No colorimage operator;  convert to grayscale.
-    %
-    columns rows 8
-    [
-      columns 0 0
-      rows neg 0 rows
-    ]
-    { GrayDirectClassPacket } image
-  } ifelse
-} bind def
-
-/GrayDirectClassPacket
-{
-  %
-  % Get a DirectClass packet;  convert to grayscale.
-  %
-  % Parameters:
-  %   red
-  %   green
-  %   blue
-  %   length: number of pixels minus one of this color (optional).
-  %
-  currentfile color_packet readhexstring pop pop
-  color_packet 0 get 0.299 mul
-  color_packet 1 get 0.587 mul add
-  color_packet 2 get 0.114 mul add
-  cvi
-  /gray_packet exch def
-  compression 0 eq
-  {
-    /number_pixels 1 def
-  }
-  {
-    currentfile byte readhexstring pop 0 get
-    /number_pixels exch 1 add def
-  } ifelse
-  0 1 number_pixels 1 sub
-  {
-    pixels exch gray_packet put
-  } for
-  pixels 0 number_pixels getinterval
-} bind def
-
-/GrayPseudoClassPacket
-{
-  %
-  % Get a PseudoClass packet;  convert to grayscale.
-  %
-  % Parameters:
-  %   index: index into the colormap.
-  %   length: number of pixels minus one of this color (optional).
-  %
-  currentfile byte readhexstring pop 0 get
-  /offset exch 3 mul def
-  /color_packet colormap offset 3 getinterval def
-  color_packet 0 get 0.299 mul
-  color_packet 1 get 0.587 mul add
-  color_packet 2 get 0.114 mul add
-  cvi
-  /gray_packet exch def
-  compression 0 eq
-  {
-    /number_pixels 1 def
-  }
-  {
-    currentfile byte readhexstring pop 0 get
-    /number_pixels exch 1 add def
-  } ifelse
-  0 1 number_pixels 1 sub
-  {
-    pixels exch gray_packet put
-  } for
-  pixels 0 number_pixels getinterval
-} bind def
-
-/PseudoClassPacket
-{
-  %
-  % Get a PseudoClass packet.
-  %
-  % Parameters:
-  %   index: index into the colormap.
-  %   length: number of pixels minus one of this color (optional).
-  %
-  currentfile byte readhexstring pop 0 get
-  /offset exch 3 mul def
-  /color_packet colormap offset 3 getinterval def
-  compression 0 eq
-  {
-    /number_pixels 3 def
-  }
-  {
-    currentfile byte readhexstring pop 0 get
-    /number_pixels exch 1 add 3 mul def
-  } ifelse
-  0 3 number_pixels 1 sub
-  {
-    pixels exch color_packet putinterval
-  } for
-  pixels 0 number_pixels getinterval
-} bind def
-
-/PseudoClassImage
-{
-  %
-  % Display a PseudoClass image.
-  %
-  % Parameters:
-  %   class: 0-PseudoClass or 1-Grayscale.
-  %
-  currentfile buffer readline pop
-  token pop /class exch def pop
-  class 0 gt
-  {
-    currentfile buffer readline pop
-    token pop /depth exch def pop
-    /grays columns 8 add depth sub depth mul 8 idiv string def
-    columns rows depth
-    [
-      columns 0 0
-      rows neg 0 rows
-    ]
-    { currentfile grays readhexstring pop } image
-  }
-  {
-    %
-    % Parameters:
-    %   colors: number of colors in the colormap.
-    %   colormap: red, green, blue color packets.
-    %
-    currentfile buffer readline pop
-    token pop /colors exch def pop
-    /colors colors 3 mul def
-    /colormap colors string def
-    currentfile colormap readhexstring pop pop
-    systemdict /colorimage known
-    {
-      columns rows 8
-      [
-        columns 0 0
-        rows neg 0 rows
-      ]
-      { PseudoClassPacket } false 3 colorimage
-    }
-    {
-      %
-      % No colorimage operator;  convert to grayscale.
-      %
-      columns rows 8
-      [
-        columns 0 0
-        rows neg 0 rows
-      ]
-      { GrayPseudoClassPacket } image
-    } ifelse
-  } ifelse
-} bind def
-
-/DisplayImage
-{
-  %
-  % Display a DirectClass or PseudoClass image.
-  %
-  % Parameters:
-  %   x & y translation.
-  %   x & y scale.
-  %   label pointsize.
-  %   image label.
-  %   image columns & rows.
-  %   class: 0-DirectClass or 1-PseudoClass.
-  %   compression: 0-none or 1-RunlengthEncoded.
-  %   hex color packets.
-  %
-  gsave
-  /buffer 512 string def
-  /byte 1 string def
-  /color_packet 3 string def
-  /pixels 768 string def
-
-  currentfile buffer readline pop
-  token pop /x exch def
-  token pop /y exch def pop
-  x y translate
-  currentfile buffer readline pop
-  token pop /x exch def
-  token pop /y exch def pop
-  currentfile buffer readline pop
-  token pop /pointsize exch def pop
-  /Times-Roman findfont pointsize scalefont setfont
-  x y scale
-  currentfile buffer readline pop
-  token pop /columns exch def
-  token pop /rows exch def pop
-  currentfile buffer readline pop
-  token pop /class exch def pop
-  currentfile buffer readline pop
-  token pop /compression exch def pop
-  class 0 gt { PseudoClassImage } { DirectClassImage } ifelse
-  grestore
-} bind def
-%%EndProlog
-%%Page:  1 1
-%%PageBoundingBox: 0 0 118 38
-userdict begin
-DisplayImage
-0 0
-118.11 38.189
-12.000000
-300 97
-0
-0
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFBFE3F675C3EC33A7E30795DE008EDB008CDB
-008DDB008FDC0092DD0093DD0093DD0093DD0093DD0091DC008FDC008DDB008CDB008EDB
-0996DE38AAE47AC5EDC3E5F7FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEBF7FC91CFF031A6E30090DC008CDB008FDC0092DD0093DD0093DD
-0093DD0092DD0091DC0090DC0090DC008FDC0090DC0091DC0091DD0092DD0093DD0093DD
-0092DD008FDC008CDB0091DC35A8E397D2F1F0F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFEDF8FD81C8EE1B9DE0008CDB008FDC0093DD0093DD0093DD0091DD008FDC008DDB
-008DDB0092DD0E99DF1B9EE126A3E22AA5E320A1E11A9EE00A97DE0091DC008DDB008DDB
-008FDC0092DD0093DD0092DD008FDC008DDB229FE189CCEFF1F9FDFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-A1D7F2239FE1008CDB0090DC0093DD0093DD0092DD008EDC008DDB0C97DE37A9E474C3EC
-A4D7F3C8E7F8E6F4FCF4FAFDFCFEFFFFFFFFFEFFFFFCFEFFEBF7FCCDEAF8A5D8F370C2EC
-32A7E30895DE008DDB008FDC0093DD0093DD0090DC008CDB28A2E2ACDBF4FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB4CB2E6
-008EDB008FDC0093DD0093DD0092DD008DDB0091DC3FACE597D2F1DFF1FBFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEE7F4FCD5EDF9CBE9F8C4E5F7CFEAF8DDF1FAEEF8FD
-EFF8FDD6EDF995D1F140ADE50593DD008FDC0093DD0093DD008FDC008EDC56B6E8E6F5FC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB1DEF51A9CE0008CDB
-0093DD0093DD0093DD008EDB0493DD55B5E8C3E5F7FFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
-CDE9F89BD4F165BDEA38AAE41F9FE10D98DF0294DD0091DC008FDC0091DC0193DD0B97DE
-1D9FE13AABE468BFEB8DCEF07AC5ED39A9E40A95DE0092DD0093DD0092DD008CDB229FE0
-BBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ACDEF0090DC0090DC0093DD
-0093DD0091DC008DDB44AEE6C7E7F8FFFFFFFFFFFFFFFFFFFFFFFFC9E7F871C2EC2AA3E2
-0192DD008DDB008DDB008FDC0090DC0091DC0092DD0092DD0093DD0092DD0092DD0091DD
-0090DC008FDC008DDB008EDB0996DE23A2E2189DE00192DD0093DD0093DD0093DD008FDC
-0592DD96D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF73C3EC008DDB0091DD0093DD0093DD
-008EDB1198DF96D2F1FFFFFFFFFFFFFFFFFFF6FBFE9FD6F241ADE50092DD008CDB008FDC
-0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0092DD0091DC0092DD0093DD0093DD0093DD0093DD0093DD
-0091DC008EDC82CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6CC0EB008BDB0092DD0093DD0093DD008CDB
-34A7E3D3ECF9FFFFFFFFFFFFFFFFFFA4D8F22BA3E2008DDB008EDB0092DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0092DD008DDB7CC8EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF78C6ED008DDB0092DD0093DD0093DD008CDB55B6E8
-F0F9FDFFFFFFFFFFFFC9E8F842ADE5008EDB008FDC0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0092DD008DDB89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF9AD4F1008EDB0092DD0093DD0093DD008CDB61BCEAFCFEFF
-FFFFFFFEFFFF87CBEF0894DD008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0092DD008FDCA6D9F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFC4E6F70793DD0091DC0093DD0093DD008CDB5AB9E9FEFEFFFFFFFF
-E6F5FC4BB1E7008CDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0090DC0D96DED2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFF0F9FD28A3E2008EDB0093DD0093DD008DDB40AEE5F8FCFEFFFFFFD3ECF9
-29A2E2008CDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0092DD0090DC008FDC008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD008DDB33A8E4F7FBFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF68BFEB008BDB0093DD0093DD008FDC1D9EE1E6F4FCFFFFFFC8E8F8179ADF
-008EDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008CDB
-0091DC1B9EE139ABE454B6E86AC0EB68BFEB52B6E837AAE4199DE00090DC008CDB0090DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD008CDB7EC8EEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFC5E6F70191DC0092DD0093DD0092DD0190DCB8E1F6FFFFFFC9E9F81499DF008FDB
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDC2EA6E380C8EE
-C3E5F7F0F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF8FDBDE3F679C5ED29A3E2
-008EDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0091DC0894DED2ECF9FFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FEFFFF3FAEE5008DDB0093DD0093DD008CDB65BEEAFFFFFFD9EFFA189BDF008EDC0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0091DD008DDB2FA5E3A7D9F3F9FDFEFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE
-A0D6F229A3E2008CDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4CB4E7FFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-B3DFF5008FDB0093DD0093DD0090DC189CE0ECF7FCF0F9FD2FA6E3008EDB0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD008FDC0693DD85CBEEF5FBFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFF2FAFD79C6ED0291DD0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0291DCC3E6F7FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF
-3AACE5008EDB0093DD0093DD008CDB8DCFF0FFFFFF56B7E8008CDB0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008EDB1A9CE0BDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFB3DFF51298DF008FDC0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4EB4E7FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E7F8
-0191DC0092DD0093DD0090DC189DE0F9FCFEA2D8F3008DDB0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD008EDC1F9EE0D5EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFCDEAF8199CE0008FDC0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0493DDD1ECF9FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB
-008CDB0093DD0093DD008CDB80C9EEEDF7FD1199DF0090DC0093DD0093DD0093DD0093DD
-0093DD0093DD0090DC1398DFD1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC3E6F70B95DD0091DC0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB78C6EDFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FD179DE0
-0090DC0093DD0092DD0594DEE4F3FB60BCEA008CDB0093DD0093DD0093DD0093DD0093DD
-0093DD0092DD008FDCACDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FD7F2008EDB0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC29A5E3F9FCFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4DFF5008FDC
-0093DD0093DD008EDB49B2E7CBE9F80492DD0092DD0093DD0093DD0093DD0093DD0093DD
-0093DD008DDB64BDEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF51B5E8008DDB0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DCC8E8F8
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008CDB
-0093DD0093DD008DDB8DCFF057B8E9008DDB0093DD0093DD0093DD0093DD0093DD0093DD
-0091DC1199DFE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBEFFA0B96DE0091DC0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF36AAE4008FDC
-0093DD0093DD0694DD85CBEF0996DE0092DD0093DD0093DD0093DD0093DD0093DD0093DD
-008CDB75C5ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF69BFEB008CDB0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB46B0E7
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0091DC23A2E252B6E8008EDC0093DD0093DD0093DD0093DD0093DD0093DD0092DD
-0895DDD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0EBF90493DD0092DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC189DE0
-F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F70091DD0093DD
-0093DD0091DC1FA0E1169CE00091DC0093DD0093DD0093DD0093DD0093DD0093DD008EDB
-40AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF2EA7E3008FDC0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0394DD
-D2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5D9F3008EDB0093DD
-0093DD0093DD0294DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
-89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF72C3EC008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
-B8E1F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
-BAE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA8DAF3008EDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB
-9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77C5ED008CDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0495DE
-D4EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F80092DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
-8CCFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC0C99DF
-E4F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBF0FB0797DE0092DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F4FC0E99DF0092DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD139BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6DC1EB008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
-F1F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1F8FD129BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
-7FC9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEF4FAFDF4FAFEF4FAFEF4FAFE66BEEA008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC119BDF
-E3F3FCF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
-F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
-F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEE3F3FC119BDF0091DC
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0087D9
-80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF58B8E91E9BDF1EA0E11EA0E11EA0E10D98DF0092DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0294DD
-1C9FE11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
-1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
-1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11C9FE10294DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB008FDC58B7E8
-E3F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB6E0F591D0F071C2EC
-53B5E841AEE637AAE436AAE436A9E43FADE554B6E872C3EC91D0F0B5DFF5DDF0FAFCFDFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFEFEFFE0F2FBDDF0FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FA
-DDF1FADDF1FADDF1FADDF1FADDF1FADDF0FAE5F4FBEEF8FDF6FBFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB7E0F593D0F071C2EC53B5E8
-41AEE536AAE436AAE436A9E43EADE553B6E870C2EC90D0F0B6DFF5DEF1FBFCFDFEFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF3DADE5008BDA0090DC0090DC0090DC0092DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
-0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
-0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB37A8E4B1DEF4FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFEFFFFC7E7F780C8EE39AAE40E98DF008FDC008DDB008CDB
-008DDB008EDB008FDC008FDC008FDC008EDB008DDB008CDB008DDB008FDC0A96DE2CA4E2
-62BCEAA2D7F2DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFDFEFF3FADE60993DD0997DE0997DE0997DE0997DE0997DE0997DE0997DE0997DE
-0997DE0997DE0997DE0997DE0997DE0996DE0D99DF159BE023A1E13AABE467BEEAA2D6F2
-DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFC7E7F77FC7EE37A9E40F98DF008FDC008DDB008CDB008DDB
-008EDB008FDC008FDC008FDC008EDC008DDB008CDB008DDB008FDC0A97DE2CA4E260BBEA
-A4D7F3DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0092DD008EDB008DDB2EA5E3A1D6F2FCFEFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFF9FDFEA1D7F238A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
-008DDB008DDB0895DE40ACE590CFF0EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF58B8E9008BDA0092DD0092DD0092DD0092DD0092DD0092DD0092DD0092DD
-0092DD0092DD0092DD0092DD0092DD0092DD0091DC0091DC0090DC008FDC008DDB008DDB
-0995DE4CB2E7B4DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFF9FDFEA1D6F239A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
-008DDB0996DE3FACE591D0F0ECF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0091DC008DDB0090DC3DABE4A1D7F2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFAFDDF434A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC
-008EDB008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD
-0093DD0093DD0092DD008EDB0089D99DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF62BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0091DC008DDB
-008DDB008DDB008DDB008DDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
-0092DD008DDB008FDC4CB1E7D1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-B0DDF535A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC008EDB
-008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD
-0093DD0092DD008EDC0089D9A8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC
-008DDB008DDB1A9CE061BAEAC0E4F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FC
-63BCEA008EDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0090DC22A1E1
-4BB3E76FC2EC86CCEF94D2F194D2F186CCEF6DC1EB4AB2E722A1E10092DD008CDB008FDC
-0093DD0093DD0093DD0093DD008EDB9DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0091DC25A3E261BCEA
-61BCEA61BCEA61BCEA61BCEA5BBAE944AFE621A1E10090DC008DDB0092DD0093DD0093DD
-0093DD0093DD0093DD008CDB1097DEABDBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD63BBEA
-008FDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0091DC22A1E14AB2E7
-6EC1EB87CCEF94D2F194D2F185CBEF6CC0EB4AB2E723A1E10092DD008CDB008FDC0093DD
-0093DD0093DD0093DD008EDBA8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC008CDB008EDB1299DF
-50B4E7A3D7F2ECF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EDF92BA4E2
-008CDB0092DD0093DD0093DD0093DD0093DD0092DD008DDB0C96DE63BCEABDE3F6F5FBFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC7E7F780C8EE2BA4E2
-008FDC008EDB0092DD0093DD008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB66BEEBFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFDBDE3F655B6E80090DC0090DC0093DD
-0093DD0093DD0093DD0093DD0090DC008FDCA0D7F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD6EEFA2DA4E2008BDB
-0092DD0093DD0093DD0093DD0093DD0093DD008DDB0B96DE63BCE9BEE3F6F5FBFEFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC8E7F782C9EE2CA4E2008FDC
-008EDB0092DD0093DD008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0092DD008FDC008DDB008DDB0494DD2AA4E268BEEAA6D9F3E6F4FB
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFE9F6FC93D1F1FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E6F71A9BE0008EDB
-0093DD0093DD0093DD0093DD0093DD0091DC008FDC5CB9E9D6EEFAFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFE
-B1DEF549B0E60090DC008EDB008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEDCF41499DF008FDC
-0093DD0093DD0093DD0093DD0093DD0090DC0894DDC6E7F8FFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F81A9BDF008EDB0093DD
-0093DD0093DD0093DD0093DD0091DC008FDC5AB8E8D4ECF9FFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFEB1DEF5
-49B0E60090DC008EDB008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC
-008DDB008DDB008FDC0996DE2DA6E35FBAE99BD4F1D3ECF9F9FCFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF4FAFD3AAAE440AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0ECF91399DF008EDC0093DD
-0093DD0093DD0093DD0093DD008FDC0B95DE9ED5F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFB5DFF536A8E30087D99AD4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F80F96DE
-0091DC0093DD0093DD0093DD0093DD0093DD008EDB2CA6E3F6FBFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEBF9169ADF008EDB0093DD0093DD
-0093DD0093DD0093DD0090DC0A95DE9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFB7E0F537A8E40087D9A5D8F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0092DD0091DC0090DC008FDC008EDB008DDB008DDB008EDB0394DD199DE035A9E4
-60BBE98ECEF0B8E1F6DCF0FAFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFEEF8FD43AEE60087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB209FE1008EDB0093DD0093DD
-0093DD0093DD0093DD008FDC1399DEC0E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF9FDFE84C9EEAADBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF99D4F2
-008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDBA2D8F2FFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB209FE1008EDB0093DD0093DD0093DD
-0093DD0093DD0090DC0F97DEBBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFAFDFE85CAEEB3DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0092DD0091DC008FDC008EDB008DDB008DDB008CDB008DDB008EDB
-0090DC0495DD0E99DF1E9FE131A7E34AB2E76FC2EC91D0F0B0DDF4D3ECF9F0F8FDFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFE4F4FC36A8E3008CDB008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF48B1E7008CDB0093DD0093DD0093DD
-0093DD0093DD0091DC0793DDBDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFF
-2FA7E3008FDC0093DD0093DD0093DD0093DD0093DD008EDB3AACE5FEFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF4AB2E7008CDB0093DD0093DD0093DD0093DD
-0093DD0091DC0692DDB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC
-008EDB008CDB008EDC0294DD139BDF2CA5E342AFE659B8E969BFEB7CC7ED91D0F0ACDBF4
-C3E5F7D5EDF9E6F4FCF4FAFDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-CDEAF924A0E1008DDB0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008CDB0093DD0093DD0093DD0093DD
-0093DD0093DD008DDB94D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEE1F2FBC7E7F7BDE3F6BDE3F6
-C0E4F6D7EEF9F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-93D1F0008DDB0093DD0093DD0093DD0093DD0093DD0092DD0795DEDBF0FAFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008CDB0093DD0093DD0093DD0093DD0093DD
-0093DD008DDB92D1F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC008CDB0090DC1C9EE0
-4AB1E778C5EDAFDCF4D2EBF9EBF6FCFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4
-1398DF008EDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE0F2FB0F98DF0090DC0093DD0093DD0093DD0093DD
-0093DD008DDB4CB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEAF6FC9ED6F29ED6F29ED6F29ED6F29ED6F29ED6F29ED4F1D7EEFA
-FFFFFFFFFFFFFFFFFFFFFFFFF4FBFEAEDCF45DB9E928A3E20B97DE0091DC008FDC008FDC
-008FDC0695DE1A9DE044AFE691CFF0E0F2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE7F5FC9ED5F29ED6F29ED6F2
-9ED6F29ED6F29ED6F29ED4F1B6E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB9E1F69ED4F19ED6F29ED6F2
-9ED6F29ED6F29ED6F29ED4F2DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-D4EDF90594DD0092DD0093DD0093DD0093DD0093DD0093DD008EDCA9DBF3FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFE4F3FB1099DF0090DC0093DD0093DD0093DD0093DD0093DD
-008DDB49B2E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0091DC008DDB0090DC2AA3E275C4ECBDE3F6F1F9FD
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF7FC8EE0090DC
-0090DC0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC1EB008CDB0093DD0093DD0093DD0093DD0093DD
-0092DC0A95DDD8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFDBF0FA0092DD008CDB008EDB008EDB008EDB008EDB0087D98FD0F0
-FFFFFFFFFFFFFFFFFFA1D7F32AA2E2008EDB008DDB0090DC0091DD0092DD0093DD0093DD
-0093DD0092DD0091DC008EDB008CDB1198DF7FC8EEF7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1EBF9008FDC008CDB008EDB
-008EDB008EDB008EDB0087D953B6E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF57B8E90087D9008EDB008EDB
-008EDB008EDB008DDB008CDBC4E6F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-F6FBFE1EA0E10090DC0093DD0093DD0093DD0093DD0093DD008CDB88CDEFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008CDB0093DD0093DD0093DD0093DD0093DD0091DC
-0995DED6EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0091DC008CDB0D97DE60BAE9B8E0F5F9FCFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FA49B0E6008DDB0092DD
-0093DD0093DD0093DD0093DD008ADA4DB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFE1F3FB0D98DF0091DD0093DD0093DD0093DD0093DD0093DD
-008CDB66BFEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB93D2F1
-FFFFFFF6FBFE5DBAE9008DDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0091DC008BDB3BAAE4E1F2FBFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE8F5FC0F9ADF0091DC0093DD
-0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008DDB72C3ECFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFE2F2FB0C97DE0091DC0093DD0093DD0093DD0093DD0093DD008DDB
-65BEEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0092DD008DDB0D96DE71C1ECDBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA4D8F31A9BDF008DDB0093DD0093DD
-0093DD0093DD008FDC008EDB1C9ADF6ABFEBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF84CBEE008CDB0093DD0093DD0093DD0093DD0093DD0092DD
-0492DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB98D4F1
-FFFFFF50B4E7008BDA0092DD0093DD0093DD0093DD0092DD0092DD0092DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB2AA3E2E7F5FCFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFF37ABE4008FDC0093DD0093DD0093DD0093DD0093DD008DDB69BFEBFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF84CBEF008CDB0093DD0093DD0093DD0093DD0093DD0092DD0393DD
-CFEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
-008FDC0091DC63BCEAD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FB57B7E8008EDB0090DC0093DD0093DD0093DD
-0090DC008DDB33A7E3A5D8F3F1F9FDACDCF4FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFBFDFF2CA6E3008FDC0093DD0093DD0093DD0093DD0093DD008FDB
-32A8E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDBA1D8F2
-83CAEE008BDA0093DD0093DD008FDC008DDB008EDB0091DC0093DD0091DC008EDB008DDB
-0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD008BDA4EB4E7FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008CDB73C3ECFFFFFFFFFFFF
-FFFFFFFFFFFFFEFEFF31A8E4008FDC0093DD0093DD0093DD0093DD0093DD008FDC2BA6E3
-FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0092DD008CDB
-2AA3E2B7E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF6FBFE8DCEEF1499DF008CDB0092DD0093DD0093DD0091DC008CDB
-209EE097D2F1F9FCFEFFFFFFC6E7F756B7E9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFD4ECF90394DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
-6EC1ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD45B0E6
-0695DE0092DD0090DC008FDC31A7E37DC7EEADDCF4C6E7F7CDEAF8C5E6F7A7D9F368BEEB
-189CE0008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDCBAE2F6FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-F7FCFE21A1E20090DC0093DD0093DD0093DD0093DD0093DD008DDB8BCEEFFFFFFFFFFFFF
-FFFFFFFFFFFFD3ECF90493DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0091DC008EDB66BDEA
-F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFEFFFFA5D8F32CA3E2008DDB0091DC0093DD0093DD0092DD008CDB0B95DE78C5EC
-ECF7FCFFFFFFFFFFFFF8FCFE2BA4E245B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF91D0F1008CDB0093DD0093DD0093DD0093DD0093DD0093DD008EDB
-B0DDF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0091DC
-0092DD008EDB1D9DE0ACDBF4FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-E8F5FC65BDEA008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB52B6E8FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-D9EFFA0695DD0092DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4FFFFFFFFFFFF
-FFFFFFFFFFFF95D2F1008DDB0093DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0090DC0793DD97D3F1FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
-ABDBF43BABE4008EDB008FDC0093DD0093DD0093DD008EDB0091DC54B5E7D2ECF9FFFFFF
-FFFFFFFFFFFFFFFFFF79C7ED0087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF57B8E9008DDB0093DD0093DD0093DD0093DD0093DD0092DD0696DE
-DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0093DD
-008FDC229FE1D8EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF66BEEA008DDB0093DD0093DD0093DD0093DD0093DD0090DC189EE0F2F9FD
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-9AD4F1008DDB0093DD0093DD0093DD0093DD0093DD0092DD0896DEDDF1FBFFFFFFFFFFFF
-FFFFFFFFFFFF56B7E8008DDB0093DD0093DD0093DD0093DD0093DD0092DD0796DEDAEFFA
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD008FDB1399DFB8E1F6FFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEAF6FC96D1F02FA5E3
-008EDB008EDC0093DD0093DD0092DD008DDB008EDB44AEE5BDE3F6FFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFA9DBF3008FDC008CDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFBFDFF2BA5E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC1FA0E1
-F6FBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0092DC
-0894DDC8E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFEEF7FD189DE00090DC0093DD0093DD0093DD0093DD0092DD0495DED6EDFA
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-3BACE5008EDB0093DD0093DD0093DD0093DD0093DD008EDB3DADE5FFFFFFFFFFFFFFFFFF
-FFFFFFFCFEFF2BA6E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC23A2E2F9FCFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB008FDC169ADFC7E8F8FFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEBBE2F66BBFEB189CE0008DDB008FDC
-0093DD0092DD0090DC008CDB0292DD47AFE6AEDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFCEEBF90F97DE0090DC008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFE6F4FC0D99DF0091DC0093DD0093DD0093DD0093DD0093DD008EDB42AFE6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008DDB
-61BCEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF6BC0EC008DDB0093DD0093DD0093DD0093DD0093DD0090DCC1E5F7
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB7E1F5
-0190DC0093DD0093DD0093DD0093DD0093DD0093DD008DDBA2D7F2FFFFFFFFFFFFFFFFFF
-FFFFFFEAF6FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008EDB3CACE5FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008ADA1198DECAE9F8FFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEFF8FDB7E0F571C2EC28A2E20090DC008CDB0090DC0091DC008EDB
-008DDB0091DC27A2E273C3ECCDE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-E0F2FB219FE1008EDC0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFD0EBF80294DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB5CBAE9
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD0292DD
-CBE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFA7DAF3008DDB0093DD0093DD0093DD0093DD0093DD008FDCBCE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFD2BA4E2
-008FDC0093DD0093DD0093DD0093DD0093DD008EDC2BA5E3F5FBFEFFFFFFFFFFFFFFFFFF
-FFFFFFCFEBF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB58B9E8FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF3DADE5038EDCB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3FAFDD8EEFA
-B1DDF479C5ED44AFE6169BE0008DDB0089DA008BDA008CDB008DDB0091DC1A9DE046B0E6
-89CCEFC5E6F7F7FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9F6FC
-31A6E3008DDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFC0E4F70090DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEF6FBFE
-F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0090DC27A4E2
-FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBEE4F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE4FB3E7008DDB
-0093DD0093DD0093DD0093DD0093DD0090DC0592DDC2E5F7FFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB75C4ECFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEF6FBFEF6FBFE
-F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF37AAE48FD0F0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFAFDFEDCF0FABEE3F6A7D9F38CCEEF72C3EC56B7E836A9E4159BE00091DC
-008DDB008CDB0090DC0796DE199DE02EA6E347B0E674C3EC9BD4F1C6E6F7EFF8FDFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE6F5FC35A8E3
-008DDB0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFAEDCF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4229DE0
-22A1E122A1E122A1E122A1E122A1E122A0E12FA7E3EBF6FCFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB51B5E8
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF83FADE5008DDB0093DD
-0093DD0093DD0093DD0093DD0091DC008EDB95D3F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFAADCF4008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB84CBEFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDDF4229DE022A1E1
-22A1E122A1E122A1E122A1E122A0E133A9E4EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFCFEFFADDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFCFEFFEFF8FDE3F3FBD4EDF9C4E6F7BAE1F6B5E0F5B2DEF5B6E0F5BAE2F6
-C5E6F7CCE9F8D7EEFAE4F4FBF1F9FDFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD8EEFA2BA3E2008DDB
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFA8D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB82CAEE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E5F7008EDC
-008FDC0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB63BDEA
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5DBAE9F4FAFE
-F4FAFEF4FAFEF4FAFEF2FAFDE9F5FCCBE9F89DD5F250B4E70794DD008EDC0093DD0093DD
-0093DD0093DD0093DD008EDB0491DD98D4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBBE2F6008CDB0090DC
-0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFE4F61B9CE0008EDB0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF9CD5F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB94D2F1
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC33A9E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6FC2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0B98DE1EA0E1
-1EA0E11EA0E11EA0E11B9FE1109ADF0093DD008DDB008EDB0092DD0093DD0093DD0093DD
-0093DD0090DC008CDB2BA3E2B8E1F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFF00793DD008FDC0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFA7D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB88CDEF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
-0090DC0090DC0090DC0090DC0091DC0092DD0093DD0093DD0093DD0093DD0091DC008EDB
-008CDB1B9CE083CAEEF3FAFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFF9DD6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB90D0F0FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB54B5E8008DDB0091DC0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFABDBF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB80C9EE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
-0090DC0090DC0090DC0090DC008FDC008FDC008EDB008DDB008CDB008FDC0F98DF49B1E6
-97D2F1EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFA7DAF3008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB89CDEFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFDFFFF98D3F1179BDF008CDB0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD0093DD008DDB78C5ED
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0D98DF22A1E1
-22A1E122A1E122A1E123A2E130A7E335A9E446B0E65EBAE981C8EEB3DEF5E3F3FBFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB7CC7EDFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFB7E0F53CABE5008DDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFCEEAF80293DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEB
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5EBAEAF6FBFE
-F6FBFEF6FBFEF6FBFEF6FBFEFEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFCCEAF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF
-BBE2F648B0E60090DC008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFE2F2FB0B98DF0091DC0093DD0093DD0093DD0093DD0093DD008DDB4DB4E7
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFE7F5FC0E99DF0091DD0093DD0093DD0093DD0093DD0093DD008EDB47B1E7FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FC9BD4F138A9E4
-0091DC008EDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFAFCFF26A3E20090DC0093DD0093DD0093DD0093DD0093DD008FDC2EA7E3
-FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFAFDFE27A4E2008FDC0093DD0093DD0093DD0093DD0093DD008FDC2DA6E3FCFEFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FDBAE1F568BEEB1A9CE0008DDB008EDC
-0092DD0093DD0093DD0093DD0093DD0093DD0090DC008DDB0091DC0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF50B5E8008DDB0093DD0093DD0093DD0093DD0093DD0091DC0F9ADF
-E7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF4DB4E7008EDB0093DD0093DD0093DD0093DD0093DD0091DC119BDFEAF6FD
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFDDF0FAA5D8F35DB9E91D9EE1008FDC008DDB0090DC0093DD0093DD
-0093DD0093DD0093DD0092DD008DDB008EDB23A1E184CBEE79C6ED0090DC0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF86CCEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DC
-C2E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF8ACDEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DCBEE4F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFE8F5FCC1E5F7
-96D2F168BEEB34A8E40996DE008EDB008DDB0090DC0093DD0093DD0093DD0093DD0093DD
-0092DD008FDC008CDB0794DD4FB3E7A9DAF3F7FCFEF5FBFE34A8E40090DC0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFC8E8F80192DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB
-83CAEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFC8E8F80191DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB86CCEF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFCFEFFFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FAFDFEF3FAFDEBF7FCD9EFFAC5E6F7AEDCF494D1F175C4EC4CB3E72CA5E3119ADF0091DC
-008DDB008DDB008FDC0092DD0093DD0093DD0093DD0093DD0092DD0091DC008EDC008CDB
-0090DC2BA3E27CC7EDD5EDF9FFFFFFFFFFFFF7FCFE39ABE4008DDB0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF6FBFE1FA0E10090DC0093DD0093DD0093DD0093DD0093DD008EDB
-43B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFF9FCFF25A3E2008FDC0093DD0093DD0093DD0093DD0093DD008EDB3BADE5
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFE3F3FBA7D9F372C2EC53B5E83CACE533A9E427A3E224A2E2
-1D9FE1149CE00B97DE0194DD008FDC008CDB008CDB008BDB008DDB008EDB0090DC0091DC
-0091DC0091DC0090DC008FDC008EDC008DDB008CDB008DDB0091DC159BDF3EACE584CAEE
-C4E6F7F8FCFEFFFFFFFFFFFFFFFFFFF1F9FD49B1E6008DDB0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF6FC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD
-0B97DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFF6EC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD0896DE
-DDF0FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFDDAEFFAB6DFF592D0F075C4EC52B5E8
-36A9E428A4E21C9EE1129ADF0D98DF0A97DE0595DE0595DE0595DE0595DE0595DE0A97DE
-0C98DF129BDF1D9FE12BA5E33BABE555B6E87CC7ED9DD5F2C3E5F7ECF6FCFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFE8F6FC41ADE5008CDB0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFCEEAF90392DC0092DD0093DD0093DD0093DD0093DD0093DD
-008CDB82CBEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFCFEAF80393DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
-81CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFDFEFFF5FBFEEFF8FDE6F4FCE0F2FBD6EEFAD5EDF9D5EDF9D5EDF9D5EDF9DFF1FB
-E3F3FBEDF7FDF3FAFDFBFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFCAE8F826A1E1008DDB0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD
-0090DC1A9DE0EDF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
-0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF67BEEB008DDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD0090DC
-199DE0EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFEFFFF91D0F00C95DE008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1E5F70090DC0092DD0093DD0093DD0093DD0093DD
-0093DD008CDB7DC8EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD119BDF0091DC0093DD
-0093DD0093DD0093DD008DDB60BBEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF36AAE5008FDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFC4E6F70191DC0092DD0093DD0093DD0093DD0093DD0093DD
-008CDB78C6EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-D0EBF945AEE5008DDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF59B9E9008CDB0093DD0093DD0093DD0093DD
-0093DD0091DC0A95DECFEBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5FAFE1EA0E10090DC0093DD
-0093DD0093DD0093DD008FDC2FA7E3FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEAF80392DD0092DD0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5BBAE9008BDB0093DD0093DD0093DD0093DD0093DD
-0091DD0994DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FB72C2EC
-0B95DE008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB189CE0008FDC0093DD0093DD0093DD
-0093DD0093DD008EDC2DA5E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3BACE5008EDC0093DD
-0093DD0093DD0093DD0092DD0392DDC9E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF52B6E8008EDB0093DD0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB199CE00090DC0093DD0093DD0093DD0093DD
-0093DD008EDC2BA4E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB79C5ED1499DF008CDB
-0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4008FDB0092DD0093DD0093DD
-0093DD0093DD0093DD008DDB44AFE6F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB008CDB0093DD
-0093DD0093DD0093DD0093DD008EDB43AFE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0093DD0093DD0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAFDDF4008FDC0092DD0093DD0093DD0093DD
-0093DD0093DD008DDB40ADE5EFF9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
-0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F866BDEA159ADF008CDB0091DC0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0092DD0093DD
-0093DD0093DD0093DD0093DD008DDB37A9E4D8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1ECF90092DD
-0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA3D8F3008DDB0093DD
-0093DD0093DD0093DD0093DD0093DD008EDB64BCEAF5FBFDFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFEFF8FD6EC0EB008FDC0092DD0092DD0093DD0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF85CBEF008DDB0092DD0093DD0093DD
-0093DD0093DD0093DD008DDB37A9E3D9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EEF90093DD0092DD
-0093DD0093DD0093DD0093DD008FDC37AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFDEF1FB93D0F03EACE50192DD008DDB0091DC0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF71C3EC008CDB0092DD
-0093DD0093DD0093DD0093DD0093DD008EDB159ADF98D3F1F7FCFEFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF98D3F10091DC
-0092DD0093DD0093DD0093DD0093DD008FDC33A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FD179DE00090DC
-0093DD0093DD0093DD0093DD0093DD0093DD008DDB2FA5E39DD5F2DEF1FBF6FBFEFBFDFE
-FAFDFEF0F9FDD2ECF988CCEF25A1E1008DDB0092DD0091DC0896DE0194DD0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF75C4ED008CDB0092DD0093DD
-0093DD0093DD0093DD0093DD008EDB1599DF97D3F1F7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF9BD5F10091DD0092DD
-0093DD0093DD0093DD0093DD008FDC33A9E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFD
-C6E6F787CBEF3EACE50C97DE008DDB008EDC0092DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CBEF008FDC
-008FDC0093DD0093DD0093DD0093DD0093DD0090DC008EDB2BA4E28DCEF0D9EFFAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2F3FB9AD3F138A9E40090DC0092DD
-0093DD0093DD0093DD0093DD0093DD0090DC20A1E1F6FBFEFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008BDA
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB0A97DE21A1E12AA5E3
-29A4E3199EE00394DD008DDB0090DC0093DD008FDC21A1E187CCEF0191DC0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF88CCEF008FDC008FDC
-0093DD0093DD0093DD0093DD0093DD0090DC008EDB2CA4E28ECEF0DBEFFAFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB99D3F138A9E40090DC0092DD0093DD
-0093DD0093DD0093DD0093DD008FDC23A2E2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FCFEE6F4FCCDE9F8AEDCF484CAEE4DB3E71F9FE1
-0092DC008CDB008EDC0091DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF4
-1C9CE0008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0996DE33A8E3
-5FBBEA84CBEE8FD0F08FD0F089CDEF6CC1EB3BABE50F98DF008DDB008FDC0093DD0093DD
-0093DD0093DD0093DD0093DD0092DD008DDB008FDCD5EDF9FFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBEE3F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFDFE47B1E6
-008BDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DD0090DC008FDC
-0090DC0090DC0092DD0093DD0093DD008FDC0B95DDC8E8F8B7E1F6008EDB0093DD0093DD
-0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF41C9CE0
-008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0A96DE32A8E35DBAE9
-83CAEE8FD0F08FD0F08ACDEF6CC0EB3CABE51099DF008DDB008FDC0093DD0093DD0093DD
-0093DD0093DD0093DD0092DD008EDB0090DCD6EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FBBAE1F68DCEF0
-6BC0EB58B8E94AB2E742AEE642AFE642AFE642AFE642AEE64AB2E751B5E856B8E861BCEA
-61BCEA61BCEA57B8E94DB3E73BACE524A2E20E99DF0093DD008EDC008DDB008EDB0090DC
-0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-E3F3FB5FBAE90291DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
-008DDB008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD
-0093DD0091DC008EDB008CDB0494DD35A8E484CAEEE9F6FCFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6EC1EC
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFBEE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBAE2F6
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FD
-42AEE6008ADA0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB0E96DEB5E0F5FFFFFFA9DAF4008EDB0093DD0093DD
-0093DD0093DD0092DD0A97DEDEF2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF62BDEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB63BDEAFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB
-61BBE90191DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
-008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD0093DD
-0091DC008EDB008CDB0393DD34A8E481C9EEE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF881C8EE3DACE50C97DE008FDC008DDB
-008DDB008DDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008DDB008DDB
-008DDB008DDB008DDB008EDB008EDC0090DC0091DC0092DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFC4E6F75BB7E90C97DE008CDB008DDB0090DC0092DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC008DDB
-008EDC1199DF4BB2E78DCDF0D1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFE9F5FC0997DE008EDB0090DC0090DC0090DC0090DC008ADA58B8E9
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFB6E0F5008CDB0090DC0090DC0090DC0090DC0090DC008ADA9FD6F3
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-F5FBFE70C2EC0894DD008CDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
-0093DD0092DD008EDB008DDB3BAAE4CBE9F8FFFFFFFFFFFFA7D9F4008BDA0090DC0090DC
-0090DC0090DC008FDC0092DCD3EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFF50B5E8008ADA0090DC0090DC0090DC0090DC0090DC008ADA4DB4E8FFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFC2E5F75AB7E80D97DE008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
-0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DD008FDC008DDB008EDC
-1199DF4AB1E78DCEEFD1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF1F9FDA6D9F339A9E4008CDB0086D90088DA008BDB008CDB008DDB
-008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
-008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
-008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
-008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
-008DDB008DDB008DDB008DDB0086D947B1E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFDDF1FA93D0F050B3E71B9DE00293DD008EDC008DDB008CDB
-008CDB008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D98DF35A8E36ABFEB
-AFDCF4E5F4FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFD8EEFA26A2E222A0E122A1E122A1E122A1E122A1E1229DE05AB9E9
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFA1D7F3229CE022A1E122A1E122A1E122A1E122A1E1229CE08FD0F0
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFCFEAF965BCEA1B9DE00090DC008DDB008CDB008CDB008DDB008CDB008DDB
-008EDC0B97DE44AEE5A6D8F3FBFDFEFFFFFFFFFFFFFFFFFFB4DFF5229DE022A1E122A1E1
-22A1E122A1E122A1E1219EE1BFE4F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFDFEFF4DB4E7229EE022A1E122A1E122A1E122A1E122A1E1229EE047B1E6FBFDFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFDFF1FB96D1F14EB3E71B9DE00293DD008EDC008DDB008CDB008CDB
-008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D97DE34A8E36BBFEBAEDCF4
-E5F4FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFBFDFFABDCF466BCEA60BBE968BFEB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
-6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
-6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
-6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
-6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
-6BC0EB6BC0EB6BC0EB6BC0EB6BBDEA9AD4F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD0EBF9B4DEF599D3F185CBEF
-73C3EC6BC0EB6BC0EB6BC0EB70C2EC82CAEE93D1F0A8DAF3C5E6F7E3F2FBFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFBFEFEF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFF8FCFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF8FCFE
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFEEF8FDC5E6F7A0D6F285CBEF77C5ED6DC1EC80C9EE94D1F1
-B4DEF5DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFF6FBFEF6FBFEF6FBFE
-F6FBFEF6FBFEF6FBFEF6FBFEFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFEFFFFF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF4FBFDFDFEFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD1EBF9B2DEF597D3F185CBEE72C3EC
-6BC0EB6BC0EB6BC0EB70C2EC81C9EE92D0F0A9DAF3C4E6F7E2F2FBFFFFFFFFFFFFFFFFFF
-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-
-end
-%%PageTrailer
-%%Trailer
-%%EOF
diff --git a/doc/gnupg-module-overview.pdf b/doc/gnupg-module-overview.pdf
index 6b99d411a69f43c45a108c5c40dcc594a09fd135..d0e43e446dcdac61d8cb6a0934f5f6ff1a9e1876 100644
GIT binary patch
delta 49692
zcmeHw2S60Z7x(SK?a>jt*uWBv6-5v=Di%aV!LDd52-et*UGK0Y8l$nCx<;eX*keOc
zPh-Jeu^{#eNRc8P6oI|(H#>LB(J`@n|L-#y*4>#m^Jd<>_h#nJo4IHEs)lT;=NDjP
zpw=i<jN2U5r1plKCdu%q>P|<uZFAiW{O7v)N}2ZDxd#TW+?f<ZBhID|Yh>`~e-~Vd
zx=U2g^~1Rr=|zXLFVYJR&(qI-Xiy@9B44I}=jop`oOzzE4ZwfqxkC3PMt|tbv$Qk0
z!|7*fB??LbPEjIQy&_LNOZzwh_(?&E+~u8omR5Xtns)MEg@2x=<pibnL!lR^pZ<aG
zC!VH#SO9*SK~ZeJ<4@8)eozX9s-L8(75MuE;n<V3q5|;ik`>}x+Ofx}#fGDgQ$Ipb
z>Xo9P<sEsP`YD3{<J4T?QK~<JlKw-V3jL1~zaM^-`tJkq>t$Btd>nd|`k%tX)I$XY
zzlW*0f-?8FB3EMWv?7uYK1}_W0r+#}ROr4BJWMS#JV-h4ufqNZDS3li-l+EZK=MN5
z0@(K;W%HdRI(%}6QVh!pGlDYtN7egWyDo<9)ggb&8Zz7L4jK5{9rBf`M!#=r{5Ail
zpx+PrQyRQe`m4@*mM!z@Rs51Avld7eNOnpTuC5MOuU=Peojl9m&Tl=VynXxX+_{4q
zH@2=`z0{`+ih@g5eoCCVP$~+<G`_&tj~nUS?wenJ85^Pq2?N>tE6<!cFnMxMTU)Cl
zu@pkDBJ<>GZ()!nrFg;gDy-C!$4@LNX#4-bklnl6tzJDXI+{<kSDo{$@j*HVGGk>H
zAOGIk+RDqT&Wo3x>J2is6vK4on#kDB@-17Pc?o|`)o#H6<+bYpGiMH{SFb|#>Xt<X
zMbXLsHWgi2B-)%*MG4_P3=G0k(hT6Hl7i-ebaDB1*|G_*UcFWYdA3&B`I#Bx)6K2g
zv*(^F%cDJ4dsuT@ddqw{n>c2YSxV~g`w#k7tY~uJz<L#PyqDR;i5?RsGzfb&DC514
zD#`sD5!RP!u3|iznk6O;yKvE+mq06?1_s*?W)*hLn#C<!RzTt9ciHroF{C2hjMT@w
znwiPt;#8~D4N&PirVAE&4;WAr-1II(Wp&g&ryi=rA!cUDDPDJidK()Xs?|GCi}vh=
zi^qI?>Y`AaT#%iO-)D}nwl;bBGL)O&pXtW#*s)BdY6ZB#1g|d&^DWzcB(Kqigv4Ry
z=4@<i8VapeNYjQFHgZ@PW8~l^ikBgtoNXL4mqYVjv#zdHSF3(fRXgOt{`1f7Y1116
zd26xd^^M=Y^ENb;hKEN3Wm~pI3!9{5FSS(znOvZZ5Bu;@zePWdKw^2-`rwAD5Kq=P
zAt4iJva&~rXyRG_Bc1*HHgaYGhSdwHciwfpIO18bM~@zIa45Hyk^U}H&x1XCuDhLG
z4Ir+M4yh%B0#1L6uJBmxVI)Ek0+wR~Z}wWdb|$I6fti^M?W>s!z>Q5!8{Vo_4blT$
z*s!q3UcGDqG_1fLKv%pB8904<KNMG34;0=K*@zLn{`i9nt;ARhBxZU5k-ITS3W7yO
zCZkX{gKxgEL~J9m51iTfgke2<+9R<gn#vm3H!G)Vw|0iui0Le7U7><0B%}-b<jJES
ze{6&T9K>{AW;|rWi4-$%V5=f3KD02_G1c}d_+770>(nWA>eN3ft3lliAizMG!#7RX
zcNso*cGf`Fmee<gV@8RU{Y6(<ZtD=)MS<GP5LEQr|5VY4h(yp5>OrrfGiKPS)-3+N
ztD@}Fr{Sn5XZ4Di#3k;Qt{~ktfmN+(HEY)BFHzM(xz?1ub?Yt_oGKzy_G0%RaQXiG
zF6iL8ME<lK;F-g8g6QSu0<cJ4(W9J8MNeeiLPf7w4lbe*XU?3mw=at-=r;mmMa!1;
z{&yMyP3Y38N}fjCyw&U5Z>xN5#1J>FZuuPS^tC7S)cY3|?5{oXwI}o^$(W-3mvQ1N
zJAGxRuk566ax^6iu&>h&-CE}BU`MPGUsde?TQb3TVCmi6XyGD<Oo{c;W88cLro8d?
z9qltEiWMtc3X5s1=mxUlV#7w|=hr~H?CUA4-ibkJQ=WxCgr%~W7_3|S2YJ>}*&V8p
zW2_iJ%^_U@Uat7%e-W#^98E<VWK0`0Y}hxXXycweZT`m_)DR8gB{mioY^hR&)}n2Y
zzQAG%vm;VrTlin@H`+|;_utp%C1qhe%+t)>dphzGn)*N8OeO8jUAsG=*M<!FCQmc_
z_N`%Q$qHK(UD2CjYDDDs-rjW^G$@T+l`EUV`gZQTyO;_a5^U43to*##u|^FGBO`;l
zbxSQ<?v%|F#l3imBQLQ6Mgni8vn=o3=K_xLo!<<W#VI-=XO8PEdwRx1Xn_`bLS9=g
zR~Rh%$w9;p(_7cB)oRzaL?sc4>iHdVh42X$ZF3mBeQpHy0^<VFSd=wUw`T9@0PCx0
z0{Tw0zH;-;44QsaouDN;xT<$=TZjrw++yw1(ubRx8V(*@n-ECSMkM;vX9Lg^1_q3)
zYZYuGHEUK5R&lx9;MVQlG%w8iu#t@(T@Skzc#a?6pmb?DFERRUMGF8tc{%_@N3RfI
zk?81N5dHC!{&|RA4;?DjNPNMFJ8xdo#*NFM$~HFUC@lD1UoNS;tV1pAdQ6?#2sU!)
z1XK-MByn$siW$K_s5`o#j*h6gI*?@*280a-Rsh%Z>sJGv_WXq>jX`@3`gI~5Sl&V`
z5-+iFLr{4b!*yfB;2iB<m5dEJooVY_v!+E6JOaBMsCngT4_dy0{sVTcTGb2*ufhib
zePv77<>xPGhQwB_Dz04Bl55wFxxn;Mg}PV&1neOLdk8#Wap<rstq`93_Cri$h!K)Z
zMfR9BtuZgL*s-&{2q_4ZsZwcAW56DumaVOMWE7DKga;4%Nu^AS78U4c!-l2NuSB6+
z2+2_7CMJgHQZ&6A<fNWXD6vJ*NZ=0zDMbu#;)lW>U%tHYs?{w)$s<QQcj{CHtPBQ4
z3E$NPmw{=TG%36FuXfk2_xx*HJ4eUz*m}AX)JIG2Kesr8gSk*v`cf<3+~gPoXC=$#
zum_p}6xj0-@ly5>Kfw>+N(i|aLth|Qx9{`@3%Aox$jlmnPw*V_U~fx53GdJ(AX1B<
zyM2(Grhz_WFpwzz-rF%cW(Xo_5deUMQW)qRXqea0gVF9mpj=UW36d1S`gV3@7)C<+
zRv@$~{pZqU4|E*rpySKK{+%iBIysdGM*wXvp!KcblG8gh=f{~d(}_)v5~D*t87Xz_
z;OSY5sx^U2tBPED{(}3q?d?HU5%O+uA6{ZQZd`pDBXDWe^}n|k0q_FZtyN1a`buAW
zz#mh0(Q@g|UC@#W=s0MwX*v!~^6KWCUxNV&SSK`WpjbA#&e_?zeS2#fla;L)L5C=4
zOOBbul=}`Z=tm@D)(PTKI2V^H$fmEf>5v0aqS+}UqZ?}J^xbzk16CWQB1`0GC`~IX
zIYfY#OrIi0gYoLsvx4db3^bAc5c}&gCz(uIp@K0+1Pt3Ee}bPd(4w740_&iBS|yZx
z;9#e+WsNK>+OSp-Y$$3vtAQGYpn`~?!<m3?0E7^t-_U`5`qTiqz*Im|uAC8=ZtU24
zXx4zDnR=`~Q|A|0Fg5fi<^{C1TBgRH;dkFvq)bf{Fs6X&WZ=@V6<+Q?=tq0-%dk3X
zfFax5T$cWp4B2?%opOF2Ru?M`Eph5}x1WA?Y}BZ9epVNUZwikYmB{MoeUM}1$ZvUb
zfdD;v*q{f(Be-^I=>+tEv5wuLkd=AZ9n6V71}BKs5MCTcLQjAvsLn$7LbX8egI!Q^
z_wLonKCplbgD<Lrwt*K04dQDVTfhMUNl@IV6S^gLxg$$IdfXrEcKQtAACdiu^7A$A
zNwg63rq-&bRp(?Nl_;PM@{~lG9|DD4=;_lNLp38P6iv&NF#<yX7*c>C`S=M^9aIx?
zAr9=|J8<pw8$FSP-FeJA_x#<FmJjxwGKI7|qs@CCsHZk<Dv<<3?KGk$h7Agc23N0c
zcJ*2h3?Z09VH!!t1?YR!HzJZye>T@6T-G9Iw$ahlJ1a3UOPo8}ju9oGKmmsYK#zgC
z`n?Z<SpHiJ;DA<#%tF%8C+HcF74T%TqvHai12rQ*zW^9fg&{0`j4&lbCCF1^g!whz
z1p%-Ubv^VZ6jP;2CIG-H0m>0;;Cuq0fGZ7c7=7vs0AfIXD6%Zm>=EdE^e1$bD)jv<
zJ<hKraK2g2NJq4!#1;GqMOC>4cpL<T83BcXThO&&DvAm$fcY;t4FNMdP@eMmADh}j
z-y(N8%WBokFq;9mmZd}AUtjGZBU{W?ISRck;b`b-C|BsUrcKM{nS4-=hH6FqM?k_L
zn+VX@;8hIeD1G?wI-~+Z|KbU;MZ4)I7)cx)5rah+);4$nhhXcN%4=JELk2)Pnn#!z
z=i+FL7BmU!^VxH)LM1N}1)0JVXB>#CqdrI57s%0q)HcX3wct=J>#!og0)b+}WDD&h
zBb&g{P=V-&i<d}qF$0A(uU+>Yg@j)FQXFkVIhsy&2M(--3PG7eFzMhfaCFWb8(vwM
zV?!aIJmp6F7^0ewqisl}t}F49hoj*Nf(iU3)5{*12ZJ^n|7e4$%S<^jYbk_Hbhq(&
zlsT#a+L4*LP%OF^Q${fe!(ru-V035%5%D_iJLnF4LJ&|z_|4EH%x6VLhgQXyBrtmG
z))gmCYygm4j9#Hnj#$y`dTJcSU}gf>CR6}Dy<j0(7>R*0Jwyq*x=IyO{jmQ4(H!mC
zS<_ypSx)@Z74sRWdVGTCH*9Pp7PV&WcUV}^PqZDz1+0JTwXJ6*H<ud}!Sqy`X+A85
zpo!bIt%RDQ;<=bUK4EC@-VQLXYt{Jc*9lH7i2t3S#)}Ya%Jdi*07KD$qJsw2BC8XD
z>7fGYV1!gO4J&7Hu3uuNzjwdyFTebN+I_IIm;SCv-YGk+E_epR9mY3wB<f8g1*SKm
zYMfY5Bvw@8&{RC3Lq3%0>9k>*>9oe(x>aLYDb|W$`l)841dbuBPdR@a1_}`mUdSjf
zF`?@$d`3j_-`m!Pgd%`jh@Yi~F#f1f--@{~a)bEre}rhGabi5^k1UiYAak&d2#k+W
zmo`<Lv@|DH<UKMdsZpajt3PGV^-WCJA9M>8EKN}Vd1P*;<95pG7ztstAZ02$cdj~n
zb`vrE=&>%){B#-)))w_10ANI@U!U*}MmHou!GQ5G<K6tHa}kV9+l^df#?-_33Z}!X
zj!cdO#^$*iam*Y+ouf|cxY>lWErbaQ<|t*$nh@eAxmP1|lp+L}GB;h?5v3t0GFTr(
z=0*&JA7T$yhN=N^Kb*N?A3S|}|Hou*Q>xKXIclNB&<bXylNCe?%&lFIf?`msqWuG@
z7*5d`z=N>(M4(oaqBT0eFbS<{RMiZef&3sYS$^x=OO)SzS2HBkENA5@3>>{-BcW)-
zC;A3;5*eG+UdLt_JCTHG0~Wuq`-$-wiLgAQj7_Wn5`{i<Qn1pP-eNXM7my;S)9HC<
z($2sBYPVy@a&$ynC0|7WC5ejAtQ|U3hILGw(okjxi=sGKbSMn?1MEs?au`OSW@$X0
zbLSF+A^ilyVdgC+VJif(i%)bJ8blZvZEXvwFkjWOSoViJVVp)=XnACno=dOW8^Im}
z*Y7uP;4<wZ^8bw+=lb@m0Y`6v|3&K<6>ELMQT|8as3sU2ZN-8Le!3$6qt*~>^blS^
zEeL&a{9iV=JqAj#Uq2_%{DXbO3)ActBJ<N34Q4B#5nZaHC3&VZ9v)!zs+dtjfnZVt
zO@fX?BcaBiAOSBhf6Zc<A3dIFC{gU*qiPp7X|;!${N^lCp(`Iheh8DFxUNL07y-Z$
zB10htfsjsOBl11Qd#W#ygqbZE2QS1REHM?=o|mtH*Q<+zJS;M>%U~)`3&ax|zn4`n
z-d15wr%qbF$MyoT%8WIB@SvZ)eHHkMtGs48E2~wr89m0kbZO&Nt6E|VIexq=#-i~P
z8epn`fVutZ)h+P?alpcK_nr<2Xc%Vu6aY#dGo6VO8=gMhZN<tuEnxVBa-(V1l}#a`
z;5DR8pJ4~d!PE~)+p+kSRDkX3Mqp3nx^>?H3B)TXs1MS}Oj%MB)-CWPKG7{On9}0V
zQ9XLvVC8V+NM~V6s@Sr{nI`@Fr&4I<zs%q4Lo#C_gx+>>smDL-jR8p;RP}vamB)|o
zgb;7s*anM-0;>W_id_PL=1%1?^}<013XDyr$&(x6eaRBXZ@(q)9XnRWr@wz^Ntr6+
z_x;kXd-eA1Nem5OL$Nf(k5!JXkAy~w#${&Av=gB|-;1sf6x#ZIBFq>+z=fkmxkg6D
z<#YggLiNJasC-rZs1G?>iDOR1>m`V#u;*k!7h6<T1-;ZjG#p?)3d0Ll>d;-}Ak3Op
z&;_ucVa-TKmJ;eESb%uBM1e_QTDmGJWwff4M`>e)V9F)aO<Ny#<;9C?0|O}*7&mV8
z1hugUfwck3XW23*Y_UM%u%ZQrSy~#iRQ#x=bm*{eumr^94P}Frw4YEn3|g3J96Z<w
zngJ3IMy5$%KnOP24OtHRyRKHX!qx{S3rbONq2w@_KtJdQstF3<0)>u)3rPErBxSMr
zSDjUEyf7;t*avdxsZ(xP>-Fqq9}*I#&t9tMo{mKETFsriATBQb+O;zqHYirD`ms-+
z4!nWa%$Y;+Zed~S<I@8#zy3P0MaxF`G%+!1(xlG9MPm?2!}#(2t5>fmm&+<tDAT{c
zix^+Jw56LH7LV2Ca<*cnvR+=@#iTA>TbY~lCJG~E<Hp}io;<L0X^VypYtdxH$Yh4Y
zh7o8KI%$$8jR%@amC8y7Ey;6A1)pNMANr!0_@O!eH9U@X-MMp(+uD{Hq>PA+y>Q{^
z>eX5T<|&iXO^j41N3g8S&8_rzG^%pt^4;Cr;Qg0h#`6X?Al;B5Zup!tXSk&2Y*3?l
z7uRy-tme)0Uc7i*mo6=#)195|Y2HSSY9U664;!0Gy?V8yv7h{@(6I`|MDTy=uzx>y
z|9+5;-R*P(oiO65Zh4me&{Jso%9YsF88>V^cQJ;20Q7~wfMCVTrQdogV`5USTsg^c
zb7*6iEE(6jO%rSDvf%1!)hc%G+~T+2CU@vC%yH(-VSuo+`=&*UhRvGQGc`2^3v}y-
z{+>#6{`AvWd;7YOJP5$pANm>^8cd%)M5G|fZQHhKl`7C_va;n$HE-Tv-aH?qYRNok
zP?rRWf<}pXKF7;I{aywOP`Uk&n0N19dG~H0rtMAPV=$S8`r5pCr|Qt}9tJ~?M{@}-
zvWi^d62s~^laxJHtJ`!;KzLy3(p5ZL_VVRBcyHLSv9IsXG__NwE<CFU3wwjl8#nG#
zK{^{8iFgwe)9Tf2XU$ToR2wWTEH`ZU3oveO9y4bu@Z#Xme94mEP@hgf>C5!Q`DEvh
z!&^qgiXl-PQxjjjscTC~&2@J7t&?Xs={VZMqxbmnQ)wggpRuuT(YOZ>LTKd8n-6&d
z#j|HooR<SLhx2R8bl?)(%2>{IfuR#9c}Po1u4gS-Zc>snorKou#y^~nMHk);f9Id%
z#W38dW^AMX(o$mRxoC-XC+67L4uvlQRwY=yHzezWUb?o@^JV>6+D_29T$$Fbot>Oo
z{`u#w-MbIj+bbLf4EUb3>YUi1X6TBe?66@YjvqgV94_!RG|9ytq)m+g^xlZJNpY96
z>c~vP9LkvV;s@Vrk!SKH=m!_*hYoTqD&TPV2iK&tbPn0J5_b)^PW}-@HD%||U%YPJ
zCekh|a38p=bLVb7dtwf~LO5;Q1$Cb#Gz>&<!{lm3U4J{jMvPqBEu;l*r1s1-uH83`
z&wuV3V@&$sNrVLhI>kP3rvP^+CWqqqG|64NPfTOIlZc`LlMv)<rP}A=#;=qr^gf%f
zloIaFE5Xe_c_;-9=TZ^d=P><auN0;ln6j~%1uv42(1B1Fw(x<J)Whf%^?I;wf73lj
zr8n^R^J|}@J)H2#=GPvdWYl3?;OE}P71k*@Brr_2#1vJ>;t`&9SOW5rZ(s}6-y^^p
z8Jnk2<D#t-F>vrKaoeEfhbl4KpE9Lajhdw^S2iy&C<=`ISdq%&3sMLbv*<s~c<kCd
zq4>;&G)l}kR(vb`MNu$e3eS)izEh`q%a>2!CT?U~V9=cYv8OAHGhv+0u#LcK2zvr{
z4@4s=CN9|VCA()53;n%QVjh)PaO-pY={}HizBijOqyLDJ--d>1Z#=1}b7}JhBZs;>
zldDGH?FeoR2skLt?HcJ%3c7&<eVHF|S&{dDnG-Or(f(F$0cX4Ok_OmuqK<jggd{$(
z-wMkM2m!gLk^h+lp6tPczyJKRBhe~3jqi-ccQVF?09uY6W3lD+^;_;Cw0tsJKJ34@
z+?copNU9Qtfh6~eO0q{KF{1t!*nCKnkPQz}HDLP^4jC{{Lz`fa6Ei6&9Fa<RU;3*P
zyj5UggO3ZmN{De?x6=fd7rGlfXHFC7CgQIzB*D8FSzw04WVwZ5iwb}5RR!I%h9)jT
zv4Q}&kj2=L&a5f@$h`Zy?A-b8e{EAGCDg!F*z%Le3%Sd~$qcR>z>k1N3xtC;3;PIA
zw`diZW74FC5E1MsgRpcDN)QnXY>!|k1kN{DTZ0OK`DJNyN(k&SU>^X~hiwo(PH>*U
z84=J$bmxMn6KF)dZX~8C<o69^J7vi)&GA_Z3GVLIVMv5cAG{+F(MLNn`7^&v$QhN$
z8ge2V6%`Kz+<YI|uR8AYX2JX3J{>r#i3|tQmD1<AG05f1t=?(q`kz>?B_SS{P|-kU
z*cf|Zpj>4o_E8{Q*xI0EC`7WV!h=!Vvd6v|vWT83Fo5!scGRzr76PwSY={5@{RHJG
z3XFL)22Th(%)!Z4DO&GDx(A1Y5U7=R5u^(Vc{OZUojjz2$hvf@R}ASYi<WO{Gr)6!
zhW;Prf1vzerp(oR_x_6a1?gLA7=ez)f>%OK^gC)?O^NMdFc008DujqlH*F?vU19)D
zMaNJ$(_lx8`f!Q>{rlHMnZ(;iGg5H0Q;2el7;r4eij2guiTd{=7VBPY-J(jwq1Q||
zJK8#V0;E<W#oaI-^9;vxcgoAYVJRu$v@ud(LL$OT$hAcvCA8ZVFkv%&Cd7&tDt``H
z2aYX*mT&x<RvgWgx%DBm%)^sVEO0$2jwh{&pSd16VX3F&BoZ$v3uS=Wm3|O*DYQ<G
z0y(Y7exqIq)MF5yO{TME+5L0U4Z|R)Ge+db<9dQz3e-@@LqZe+JHp#;j!u%NXlcl`
zD`U6>M69k)#DRh&58Y?juLu$*`k$*bktq{YLK0G)h%I5vHT86&;1*_z;es}?5T>*i
z&yG+qk&1Bhi<B5)iv;lkwJM0iFNFj`Y;j<w4qF69B<!h+&I1HMmFe!Oqny_)J<3%A
z38rb8kK1}t_LGiqV|2{-r{6Apnt2N}n|j!=dl58C@gGq6N2biZ64FeVcNh~dC`na#
z=0IL5b{0krQ_+L1FoNYFgGex<A0;*;MvxoXDjR@g-2N@H%B3-a<E&JdE>+>_fo)#!
z6t}8|)awgKW{Q7Om6=SLhaW;BC2{|jG{Dp}CUywzcl{@<B-kQ{Z;3c@D}-uo3ZoiI
zgWnd2s9!AJF><3nQk!BjrscnyqQ5j^z-lvR+U0S!!MKglm%Ae~(2XGKtqyE?20}PM
zv?|pAH;vP=9}c?xrenWhqTEIsZa@}ueI6V~cu*A{)3FE^O!xn-+MJTpSD5-M;S<hF
zzJ;9<8<ipnFs;G-0tyg3qrXI?#HH@b6j+$oR4szIa0CI1gH~eUa6^E&5-$TtX;Uq6
zE%b>?JWC~3*m@V;Oi&@ZO$x_Qu=g-6_kL#bHnRBu@(N3GB}P>EvIt9ZOy)4d!)%uf
zERwR|Itac<6}$*u<`!_?gIfnBhd^DMBB%?W9HL+)*6>Y$2P=+SKpZf$B=b=+ur#8o
z(@LMZNDu}Z;y{ZjD*UCeK@Gk|evnqjxdlxdKgrxD-T#(t$;nD=G)njgLe1d_7e*V@
z9d0_<RS><)M3Q2Hg2n*`l&5DgsQsoWU4YD(LxE|rn~t4$%!!5${YG?eM=JCxF_YvW
zDEa|z?3lVE53n_FULNv8*C(HJ9#pZgIi*@tk5QCZ7nH=B3I#M!H)YFv<)^!D<P7p`
zfO+2R!gnCPR#-RiVh_kaw`Kn;g>^rALRUp!d6?|^eHA)^E55P>-Piug5_zmA|DS4!
z4vg~Vt9O(Z+wLZpBy7K%oD&rKA4R+eCvPt#*cO(s;c94yNkg*vQJ79v&2@LKyD~0$
zWPR_6s{<1eR3!?E62g@Tta;Hm*90c&hxYp;L11QeAn!kUIGjVebz~cU;t5O##=v;p
z3)QOL8w^grT9luF2Hc%hDzEm9Ic2h;1NjLwIk`9LNmK?bX0tF_2yPyqypBrzOi$k<
zuLmBBo_03w#}5sP56z&1pL#Zq23zqh&&#;uA&qA*OwSyfpK{93H{&W#;|8mv3k%<?
zqjLvEp6~zk=|IXpmJ<dYi!L@OW^w0Q8TRDx3pM+R|IR1w*e6U$Ciwn-FvEVWjqqy@
z<Su^w#n0!WjW5G=Q62Jhtr#7h#v95mUc3eWKHgA)&$)9IF!O=`%T<PX5f)N$JxpJ4
zh7Bucq<2Ey>llPbe9!eXlJ+BddWLox=Wn%iA;bItl``-Xb6l==NEB#CNJuPP58u4W
zm@{V{tbU{&a4O9?2PL)!9{${+c&Rg5VaMV~7(FG|RTyvN3UM1@);2pohHeyB%fDDo
z)5y}&k|s=W!;)UL)pdf(&eh6)g{!x;q*ltpR?fPH^(P%9H0<^3l;g+G<7g0V7}^2S
z!;C2Iw<AWsp*SatvrE`pK||?bCE9e@#Bh{FxJpKe65y+=ziWfi$frUx67~?Bs)gZ<
zW)q*dL<@WC;^A$?<DKp}lB0gYH2^dh_HSX=KnyBD-Sz4Al30`~+nxTfNx}3klb_!2
z{BOCZ6hqvL7car6kB-;B(;jCd@T*YpC?tz!9dVTcadq4;A>0q*!mS1SthjCg+YvZd
zMUEB=dn_Vxarz8ffAEw+ygqSpxC(|z?5$$+2ZuDsKD>|-RK_(jI9mbB4y<<K)maC<
z{W`(=26sYic_UbtvNoY4L_Uy;988pu`*dKIhcgZ>569QBON2;zS_NiiY{CEVLw%e{
zMt5U}4h30R@wk5uJCrz(MGo>43vqp&iN)5(Lm)wo>Vn(1=pI`Tu{ZTgC&VuNCop8e
z!H;=~V1XvvZ}BW{wHP(3kH6KRWehU{3cx!Ljb)U^U}<^{5VjL=+K+C0qt%qgU_Dqd
zVNayIEz%eVS;U)(aIzCNOYs^iSR_GXx>t_7Dqtd|7X5?6;QYu)(4k;L7}Q{mL*J1j
zc?!))R2IELPZC3t(BJeP091r31iT=C#wZUgjx7X853*nz6D*E*7-Tu;<5Jtz9u<h<
zm>?=Z(*EH%&(pI2CeHMqI3%NJx*ETH84Vf%iQp(kX}ff3^Mwni>e1FaH~*HUv<3Hx
zS1*y>e~BmEfdy@`Er_$lI0+<*yhvM62>TTv5)E+Afdvzd=O%)sy~$x^i9)<h3_1W*
zpca301oR1|6zGbb0MLtm<{=`oP#y*fs+uSmyoYco4gy<)v~z)uQMXQ>i67Ntw4S>K
z>|11N6v4q~v76xEZtZx+|HP<8#9&!Cvl>B#q7~`s^cQg&QL5q?{U3j<(xYk~j_n7k
z!XFuuO>2uMs0TASx$sNiSnv(bXMyaL&WIGLii?ckTLDA47!U&hdIyRA?QR%rArVMA
zINYxjvG5D5N1sq<@T8*exULM=Wym}<2`W(-t+DwbmH>T)1D$Xgf#N_PfYw~lPtxry
z^!BXTo)FT({`lcSrmR(d6_BZ3<td%Vs7fs!?4L5RT9F1}3$|+2GVpa0f0Bs)kPp|`
z3jP|3+qdrt{zz(g+2cRrc{Qa^ZvG{dUbJYbk&&UerwfLHCkDNu1^f%A6R<Y41vV;Z
z^F&I+h!6K6L~<b&4azDNqPGX4u=PW(I1#P}LO<${n7Dk9`lex<3RK5#7PuNmgW>#9
z7-?~rB*hKRhmOSwUmTr<hbPoONK2Erhd)U-li#g5e0Xz-34CQn)nW+z^Uu@g%x#i~
zz{VI~z}A@Z<Rfq%1woWA2+Xsip)2Xo43`#g5#1XV2RIBH(3w=cMFPX?NdFEP_+imY
zfVcy;qJkhUB?8}K=tsZNv(q37*@x2cGbmmxWdVT8v7oMLE~qW7g1}@=A-{E7(c9Iv
zzM34`(5Z)l)NBs#suC-){#%q4iXrc{Yk^=7k-TJB^I&n_dB6Y{%pB?$K6B6!Rw8wB
z!WCk}F)YD_4Pz3#SrD*iH*S0b`VKkA^cfm+>95VLtxXYm^e8!|J!*74?2ay2&<s8?
zxO0mFV|xwL30#DLB(OZV4f2JgRZ8NsRI^UqQv3F~KsVbpDT4u%=79@RgNCKid2mW3
za|DS3hmL6y9Fw8@vFD9X-}&}pmK7^nptm+{YK#8+^;akCL18BfCp~Gdf}YAE(()xK
z1R@kvOg_+(L8_0Nbe%Q3$<U!~=})lL6qZelJB}H(E}RkkOD&#VGy@nzhODeiu`7?k
zNc&57?XF2%uErr<GNeirr%#{M7qS_U?P+<&3sWj&UAlB1K715kQBkH$X=mqVD^^Zb
zt(lHcubyqUZmsG2!i8gSI;~$n7cVdO(q$}Z<mAbNY;3F%kK>912Ds8lJXfy#v17;P
zIM`@xEJq<q<w%+|QaQ4hxw&co{+*BkX*enR^UvdG+Wh&WYb$Ewb{kpw@}+zC?$D!$
zvyl-yZd^Yk|M=rzD=P~Gybm1M8E5Zk9+hf3>WgD_=H@1jjtwSE^t7-rYt^c;HdSau
zu6Jers9Z4$((F$c_R03GyLbN%1hld+jBzVxvfT>j0%0g~ULk1O5uz!WzKGs(R>l`D
zTts&hXBXYC0*0}3<~AKX*bRs(0?}Y8yL0D(3Kc5iyDH&7DKmhqsEff|h7&N4E(~*7
z<>)cwrY87xLJ59>prlw8Uj#Xjj?*Gme8R@V`B)}12nmVNGR;7}zO<oz*%y7;v6#M$
z++6f{T|s&8-qR^lhUE>4{867KMwu707L6ibl|BuApF;2tQxul)q49oxd%4h3OfwA4
zu2S~&=_>;V4n?Qh6HOre5_jQUsP=8olwnj8ca163R#U()dlyumDkyk{fBpS)3b#v?
zupkbT?aBTrN0xk?l2jJYEd3vzn)MM&+jsFJmF7P&u-I0raLQ9P@2s3rs1}{=r+Rw!
zTf7;b>xW}k-y&_4D)t=l#dK7)IB&}hGiDp9mYnZJ5{vA8|DfRH;wZw*CIh>_$JMF$
zO?P50DpVcNF0*)6lEzF`Rl8%(nEThiGhSP4FKC%|1+f$@_Qk7`6&v%=oT=jf_Tf_D
z7w8#=*tu#IUhIL`#l;eUoDZ4k|If=Q2EyEmo44DrYvCmhNh!9X3@veK)IeGyGeu?P
z<5gIZS^j%7vkRZBQF+o9>6zfFtt4?vF090K^)v&<poHx<c{@Z~<PU!v_9(na7t`X4
z1gB0_-R4OTJ>$m~*YR}CLUhyIVw*3lq1At~jINW&0gHkv`yqu2Q(E;D3ub6BME!t5
zi69#V1YGOgyZ<*;)NbXO&c#so1Ii|{&M@=nth`}krn;0`7=Y84sSWum`yVOt{{(_8
z#v~>t{kG!vW2{b~9m;Vw&6)3r(%eJZSKLt9w`=k22wR<?eu^urUayZ=md5h~%d#%O
z#HE34>f|4PsPO~T6Bu=%7c-wx=JzqLxh3=?gsovUOA?d-Qj`Sn6TuMtTNNd%>!+xK
zfIm!8B3gYq{9mpMX#2lh7wGVRsV)%lf1xhO!T)8XKo9>H=>mQHU!n_g;s1ACP-|=0
zzYoB#pIM>*@j2e};ID<T;B%lAu?!O5v@h-d4gNefE^OB&Bt-R5O$r}Fu04b)KUKYX
z4CBifV6;^+ZgW(V+8c73B*UY`FKydgHv|8<ZZNC0SM_Y)fyq?ApU5Og4RAoNI9RiH
z8pX?(cd*lmoi8qEm^7WUe8K#nZZeCR$r#{NVzC9JX>jY+J>0~K8{s)yUuFd7r(~?u
ztS{4FYJiiW#TCFNXcVcb30%9y%q+EfG1E?}yrfb1oR0ZoK?&T7FO2`R;>))Gbj+9Q
z0z&^U*#%ns|Dp@(Y!9P?EL;1c2=?_p9aB^QewwT(3Q7m`@nJ;#-jITiUwpA;=HN#c
zd^-GHw%w5oTuehQEPD83zC;)3<Np#}kPH7O?Sfon7x^ML{+OH}>n#{u%=fWg^5Fk`
zT`>G~3<*Q&KRM6#LUhjezxmW%f3ZMwj`Ll^)L!hpl);}Ae+FvrrG~xMD=%sk@84%U
zzkl<{wl&LVjhr&1+nBx`K3`A*nc{OI%!7;I@2mKX4bF{!N~s}kpt{kK?Q75l=!lK#
z&~h>hsk+WLvNT4?^NMSy4|#TSFqIojbE|cDYV+VF?Lt>|id^IRIf4>s6rTrGfmjIs
zHHy#D)B^EW6JpDTt?C4_gZStI6S;w>tHbrvhk1UxI;pG7QmX#FzAT-we4tUBJ+!^F
znS4Q?y02Du;?8X{Na5_-%6u6cRcNJh<|xFsciplUM(6x@?$YM8ZX(NK%#su0`gOFQ
z<z72!qgzfk?p%nhhB=~Ubgw<2lS4}4oBiB5LqiAk^=7jB21e45M?u&Hzrn4nYB)!|
zzm3d*;ieohsBLm>K^yqQhCUAV6Tr!>2&K6LKO3^#)RwZQ+<g~WQ}x4^GEV~&>8ocC
zP(*~vRTa8(?k>MJGKL_nZydhb6-9)<c*F&rGjvp=ga-!3Z_`uFjAh_G08gjD?dlsg
zHx60pVr3?Om!8IjE;Mw^L8sp4B0FOso9WZ@)GY2$gh6eUUG=_VzLxAiGg{0U*++fu
ziD4?k`B}&+tGD!$Wi#xnXZJhQF9#&E1Yp&w&CYV?Z_A=KCkWL{4cQsqJ%WC2mmA{t
zPtGV!fG{$Y$7}d(w2VtKF)XJ_+&NZ6+uA658-AjJ&pt)U5+D^(p-+c$hc2^jtF7$>
zK&C4?%tbz^Rh8Fa&$WQY@ft<o*`sTRH4^b^!Bj&U-a3C=3&xfDM`kEHynWZWW_jUu
zjI}?1WS0Q<o0QZ1DXX{I!&0r9D05+uVRw-ku1M7_rxgnb#gWFSEoaLrNOdJvs;KTT
zSJs%}wn$l1uEs){BOJZ#<hr_qnzK?Vce<TynNT716kl0yu{M>;sb9{QIh8bTg`dT|
z>WPbGQyDW4+frrC*`CcR-T$RMDB8AAw5NWR4Uw|_ep&}AsBM0e4S{Dgr(7Yk<9_?m
z(6;<BU-!gK9-8giKr8=HeQJfwM#k2iyprS!TLbdI5w`9+nX~FmCEN1jzV9BoHh-pR
z>txl$OuuiGxsyz<|ByLzLqZHJ>qKxK+h@3M`qBNtN^M?R4!_;w>`(6Nr?}7l-ud|6
zKh>Q#$#4s@^Bfhyz5Fj(LxxdsC%4IlaS6{2%<4z3_wXLj{n8TmYfIgS_wW96wTGts
zb`M$<3STsuls|t+n?arf)NQxRnh}-}H~=(Xz8f@0r7rK0Ij;k^6VJSQTc*43oaIhQ
z5VF<-<>Q@}*RN;y<jv$0beTGFtoob3WsP&ntEirGK<2<OW4PT1WzA5QS-mwA-H-Ze
z%YrmyZPS+ZVvR>HkM4+}WzC&2S)FxIzpR1krAK7d8G-L@>jnJeKHJ+p^Dhs6o5zAt
z?njiQNLr;CUfoYGBA=T_I}92)K>g~dtch49tz2tM0bxP#@q@dM^z6Q3JSk2rC2GCL
zyb<n`hIAj?tMl6BKdA#x>QzR+6c=;K61Oz`9e#3}8eDB8ReM~MX&Clw5uz2OZhJ*$
zX~;sE|318NUU^+NtPuqMRIbv(pFbSYu6ka`;ccr$zI>tw$umaMtjtVkAf7w4%V4hh
zKpUBq;h-*C8==9_KUt@^cF$!_>ZM^a7X!IsoM)#;zjhGI6?EQ%rR^tu-{piFaB~b~
z&+pyr+nn?Al9lJ~Y%&NJ1{MJf;`QRe?Gs{g9Sqpl8pX)o?YOq}4YLF|g19AnN!faA
zzm7!TrZ8&dJy~g~*=vn7IpGbe8N+n}aykSsO(Cmx#?kBWd)d;Ir1)GpA~cG}cdkIH
z<9~;e)Q$s;laS-h`YxqRWKV*wsWED#FkIVxvP$Z;sj^JQM0)R90MI-Z+Nd3Agux1}
z2A2Cb&iiTUT>U+I%_KVfrBl7CtA{kq;6k4pG*H`}m30xurW)q&wsc=PxM8aX)nXz-
z_G>fk&;W@g&rA1h{1s^a@Uf%Sqaz4crJt;nC1N&u<3}8&`~O(R^M7k|){wC&OqDyB
z0%v3#-LcNGZsn#nrGWS9{5BZFktc-<@-rBzo)jcwm@288x*-Y)SA5&78r;yXx}{US
zD#v!M$Fyy`w!oDp>>Gy6sZ$c;!9E+8OrJ2&wP)K#u8ws+Ur+*>;&UR*gNxvIRD8w;
z=f>Z&RNKZA2X!{uxMW7)xualV%&E;;&mU`sYxorY96y(D!Lth_izR$b-kblMkH}di
z9aeiSVr9~XF&aLY@5@)>SMzuIM4n%uS*+pH_z-?S-<7YzALKK0@|>i3Y9?y<2&4|?
zpOLg!4WGcTf~cR(fjmPXH4Ha>30uW>tA_XEE&017`6U4!&QIju=Kx>S0v}(>T37#D
z!~e#6@fjrffrj79+w*BTpjWh@@0PJ;tNLqzb~;JCso?|orZf`;zODtVw*r7CH2f*P
zA8FeH&2>_l5jiF500*uDV1NcBknpJ_`J#rOz#q>6ys0g5sfsOK^}L3k!k;6F=Ln@G
z`l#>dnzNQIRr!*JkKt<*z>^w&6Tc^?JRMjV$Cj>qRl~30k7>b@`SN;TbSm6&J^P%g
zSe{nxxQ6e{N9Di-Q<w=G*e6U?j19?rU6OcI!*An{>VavTI4?%#sNVPo04qM`r)Z(>
z@=84@QdleX_08-<rs4&Dy%r{tAD{=L-a3$U@A1FbG8Iqq+q5uoe3$$%VcXd<<qL#a
ztTx@jR+AQ%*mf6NuaLyE>Un$E;Zg$>%Z2S_dsyz*@OsEEsN3#iuhL|bgKVFC$v+%q
zuhV3w!|dOd_wwXUIL!V-llL8E*XK*_d5k?vlgpl97v)Rdaf01VlY5+Ems#a5e1Ybz
zI`$O1hyqLrU^f&1Q28vofC6ke&+g6#pzZEu7uZS+E~mBUN^N21a|aKx#@z5r>==P6
zw=S`p3(M$tIakJcSJ|>vK*?Pi{yl$hfo5GUYAn!b(S=-P%^7aTMYbAw*mfCBPYc3L
z{^y^U&YnH*x8GJHCL$tn&K$+enRAveUybvr;)z1~5)||VKf8f<{ahULf_31|?qyld
z?>bwqP<|o<zk|Be4N{G3S5OV|a2GNB^UwJW8@Awc>CzR~uHD_ddE0>lNAZbzUA}x<
z1dES<f9cXqZ*QNbp`qmG#d2rknw(+FbHic{%sIckY#Hu(AX~m-0KZww;L&_fJqD*z
z*XAavP{uV>h&<||Of6|RZqun#7xBGspZ~612SBFVw;$v4;6e4aZGUrvud@{`^S}u1
zI63G|Z?mN;2Js8E=%4bF@}VDnn=Qj|jRS!mkIJ>RxPSe1<*i$ffGi;3%EpabfqvDh
zb@+9YY13w|U%#2N3<mBzFnMr01Oay}@2bUpoc}8iZYTBHAky@Kw}2au${vRgpBTMl
z$uhM%VBNZnr%zv^P2ah5AG&+XmYs_i|GHwu8Z`aTq2mBMe*7!|5PW?X(Z0x&D^G=n
z2D7ECc`~IW6@d<%$Un+grGQ}8gyH7jL6z{ZWkz%7?y%)7uV24+^(y(XBQVGH>%l_%
zEl!*`2QEP*SmfF@y{_N#5MBSveW3e+4<;y}yR(2;Zzv2_AG*)thW@>Gfe8;=9pTZ`
zrAvQXu;Ay_t2q=M6_t#4rE=k>O$3vG*i0XWa=#xiRt)C7w8$>-b8=dChwxb&b>&BF
zFhj-@J3gEwp3(4i^ap`ETAgh23`O1LyAl`-PWyS^oT6@OVH{tu6|5DsN3Ur3P~Mb(
zmmkU}gso5|3sVSTV8<96&$GOE&oG8kZE0)50GG<w=hdW)U=1J1oA5Vt%DbY4yBy9|
zsP>lc#s5S{|7T>>mgsk4syZW_{Z4ALoj2mo(((GW26K@<ybqs}Q(%(1Zxrh+t@VbV
zgBoq%Uy-D@Wb8h{x8vK>nFa-qRiBP#>r3me(D14J5#W~aP55E_)CJR*Pv^(*9r4|W
zUq>lQb3~}+acos-^%okR$4L5$f4bnw@+bUD3^02A|4eNk&;DZ}b98jHYtAKSvHO)t
z8bvm*NzLR_-e-S-paj;|{}yxd`|P(_m>(%Ln%l7%W6s3Rx%38M)`j?)=id|^W?zgK
zfR)IQIQwFe;Zow9O9=vW{LBjlmfJoj7RcvZil2Sy&Fo8sLF)r6<7Zrav*>y}+Obfh
zIP)rf#r1^OZ!$xo(k=!59dLO?z?GGSg|k;y-FtR7A};%7WXg+(3o*&3Vv<f57NQbP
zJ`Q~t9-IB}#gogo)?Ex-eKAmlprrq3pUy%Y60ZgQ`8+&^lpPguEog%Xo(ozBd?R@4
z<M7y(H<QpG3pLHpgr~2&m6(>ohlNIjhK<kWhi7FM8kFxdhdz0-B{4zs>J=ZMn4r=4
zXfz`V3n=LR{q+g)n)~+;rKSzd&h{>>XrA|uiSc^)Ffchulb9HknKi0lNTpCU)G;A(
z<df%jWoz%G2(3_PTanC%g@s2%pkCw_37lrf$?5Fuks8e?1o1>D%D#JdU3@(M>Q#7T
z<V1}I05s&l=mQ7e12AdC+vabF)3SsoDOU^UESxq)F)^{;4<6h|5}J|Cj};0YrNKS&
zWtDhOOd9?8*_|S4jS`<c>5m`Y#SeGl+$3)7#!*>h6k6kbH<+WfzIPwL1MiubG$b-=
z;FG6))6<6uJ%P^9hOF#i_wKDtNYGrnwm0ymduZ5z2xX*ac!XzE)WGm?&vzNPMc$it
z#-GMpqw$W3^%86S_T7k((Eg8~^aY04xbF#^UI1`n(ul{;f{JX!NL&GnL)5qgBOstV
znu3G;8l^z2tZdqf?3kFOD_2ze_fOcfXWX8@f7pLu^4;M1F|ofzM=y_#S^gq&MOYMh
z4|{b1#0(6)cKGlw7cQ>4aAC#iGt2Ma<Nj1H3w*XQHFbNkbIP{llx-;~+g?ZSjEIN=
zbbNedc=(?I0Y7iuHG9XN8G(Vzl9RV4DU-G)i6MDQOw7(#k+0X@PA-grz&g0n1Si9B
zbt;a9<7gf(6QD=Ab&Vhs3yia`U#CVyBq7Aaq`~VsF77Qt{F`^TLQ)@vr{M))iHXYW
zH*eCOJh}VeLE!!SH}2mLeEjg{s<YR3UAgh-Vc-Mj2Z1EvLEz)ZcjMwxg&bK43E2tp
z?;l6JeHM`(AD>A+bBDyl?AZ9MHMbMd2tSR4zYnEE<vB+ZM&i^z`eLtgp9_Ax0=Mbx
z-RFW6r-%h#>9>U9OiIc|pzrjVoRl3D{_ff9_sL15!HJ1{eEfshxUpdMm{=c#*jS&a
zH=|$2jl@fgvk)bujg5<Y2xx7&#z|Svqu+<dyibCYd<B!3_)J>wd)%#Twt>@=0;*2L
z7kz;6`t@Mkqzv~e1l;DJCk{A+TcrnThAKXNoslF=_7W2Lq@-Y8D}JJM>s}zNf?ST|
z`5%&#9{@TbF$)2ipS{i~sD_$swtm4iL`?);KopD^s8S%bg_?PztKq$fcNbr#-+uM(
z)~k0n!!m+GuVuU+o$;PDMwfwTEmAcfZ4F0cW{(Yyyn7`i<4VX|gsUNM1D>b9jHWa+
zCN#X2nD{P(JH)d+l(|V585%k%Gi&(!Ok6`!aCrO9>&esY2?-z;>2v*{-~aImSzxjl
z5;CJ=-|s!J;h4J5-+Q~CztHd8xjxsfd;W8>_l>}TsWsEarTL_dPeVu_mz+8!I_^>Q
zo9yT}nPNyt04*vRqqJ2wqF*O&;g)IitDTw*5qTH(>T+bHIx_NjVd2#)bwoty>(^<o
zUd7W89-e@gsHhYyydaMV@$m@nV`I}}qSNpKsl?I9Teku)U%qhr_Kho7E(8Sy1_j-`
zfB$ww>Bz^CKKK(tRMhkM_;f4^>Y1RHD{n-^ruu5uj+J|8iM#$*(%Y2ml%(v`WKBv^
zu_62V)u6q54xLa39Q8lBe%+=`8~-|e^1_u%xBlLJ@X$du;!hqwcj-dl_P_QVJ96s8
zv49KbuJ7J?aL2a2>Z4~)o;V+P{a$*iCM`vi+9_F+>VrRR;8BH?q^uGK^x$eVC1t*b
zb7g2-0>aaA72ZEj)6`E&6plYh+jl$q&+|_Y2E}f>{PK@8k2alsy!FEK?N>to2zd18
z`Da@$Jl}Td<=;1>)~N6Ne)8U5mtNo#FPj1$Z#n-AS$19vLm>p63;uixM++z|U_Kbc
z`#(yXcOg6``6sTXR4(v*L~7QShsj$%B>eR#W!t0FzaEn3w#TX4AE&OoleGMH5?)A*
z5D1LkCwUjbhC8uKPCrH}!PpUhK80XL@oR#T7G96v_E3P$2e#!wvj2;e)O0ROD*xV8
zdN(NOxkeV9o)xI}GLRoHXDsD4Fqhb5WN@~X<W-C^GT!m;VFl!zE6Ep_H_gt<N)A@X
z9Z^Odn8n?$B)7Jh6?I@{tiK{DSdBEEOR6My!#-MTYk99`NjrwTTG>8+y=%(GE=e0Y
z$FA!Xwz5OQde_9?J0m7}L+6;aol-V-*8Js`zGqmgckvNG%>`J?f0rG-eLrFoH@LFA
zmPOmt&F*(qo~^LK@Zx0%x4g2v9m>C5S?*z&6cfLPt5HQ>qg3YB?wMP<MeZ0A-|}@>
zYFZlCql$cP)5eLf9%MW?s(GR=I=sDiB=-58Oj7;KD)Lz-(b<jpY^-=RJU73p+?rca
zRn8jYGc_$e_})GB_Nww3OofbWDFNcKOReEw^Y?kpJA7T@8dR6}DxJk=W|CFq%Xeh0
zmBI7a<F76sP@3nH_za{VR~lK>rQBF&Bkx}&69v5B-ylOA9}BZ;GEB*-SeQrf{4H*x
zjl2Pq$o*j>cPx96zs&!`pMe4VB=*VPV*#0ciwm=n*R2rcw;(($4mv3^GASxDIW{K!
zQfPYWd(PHYZe2Exf5*QC;`gXl2A|2N^KqBB?zZw;4i7FIefT`){?peFpT|CW5%(fI
zIpAd)R(cCHsP!8@F*ylUi9=P$Dl;uQ19g6PiQ8!_|JL&T-57)ngdh^Q7q;>~vL;O&
zo7r)WHRN^ZtJ<rEd}xz8P3)T4HE+_QX|txyzBOsweWFiCuOCO))a}@^sa;dOG%l*Q
zJXwjAXLI}JHg@Dcn+Y~1<X;l!&?0}FlVhH^=1vaHo8*scVV^I~v57<eIN+^A@Z}(G
z(WHrkQyxIXIoWZ_zVg;e2YUyf5l(hZTG+Q3Zs+CG%-(C{aHl2?-c6jEdU@H|x3C{>
zH^Rr>$<fiL1%5Bs(ZSwvgq@?EUGwG+_RX4&XkpjJ=DYt=gso7<V3Rg&Os4+mHRZ>d
XQ$~z5act4V-oe47c5N4rPA2~cTOgi6

delta 12212
zcmds62V4}_)^}!>-I-BDEU-ZYOl(*pARwsmX)MwAA~sCaL}NjsNi<QDSkMJlVvElb
z(5uEMN>ig4u#Ad|2nMksMNlb%0#c-R7Vf+=I}5uYAtpwD-|uq|<DGl{=YP&UcW#@>
z_@#g9i5|a&)0}T__L5Y*qABL=_Z^P$3RPWg-1Q5Geq4hx<>Vstjhr+@zst!~Z$$PX
zO1NSRaxtMU*K+=r<k#wQ2ZHA@R*bjneaCAQntzzCMH7aQ%K_Gl*}yA&|Lf-e#SpPx
zHiBFw)Dv5{TVqH!!Mqo<g;yj*U*7TQAQ6+{O)itx9GcY2#L#;e*&m>@XK0{M_FVn{
zxZF|6i@!`>;Sp1WmhY3eaiexhJSp#3a}Q#YcO30RDfueSSdS_sUlLu*{o8;lC*7NK
zxART|k@#qZ@=5!9Li(h=giO@|DRe9dpERv_rx7nNT%4EWA|+;}y^^ox6*Feo-A|f<
z3=N4j-cx?|;Ji$zN}^k94Ua=szZ2gDm5h{7LB8`z0$2>~#&u|q(#6Cm`FifkJ5(+C
zx2;u!Ud1}(Ln@8njD}I&|9<=;$Mmt3$t!VG|NR_51dj+VdM4H5l_CHRYT>JMj9U7N
z9MB^kt6n9WneMOhO!VAJmHq9$K+qS<xm!Ne=2xTGbAvMAOb$_N+M+=)r2J6F^OOu3
zou@t`6zHq-lqK2&WkIzIt-C<I^^=_)x^;o-i9GDdcah0OYT6%-M0M<H$Fq;M?Rd{H
z(u3&bP1u=pW3N#wDPpL1sqNrq!&*$lkEh#Cgqp}6h)mJ?+mt@{<85jw<=xF~P;)Nm
zl2u&XWy-CsY^b@$sky?EfGZ}6+Df5-6|zpv$%Gy{cjG1E>JD6Qag`a=3W^v3W!o2d
zAX~$@)$x?mp9Ut94KAQ&Q|PNP<XCSDJLV7g&ZSb5UXpJ~CG`PCOn~4<{Q+5V&Pxa9
z#Zz-B<m*b>v>IGJx3-jOXlsVi_JF>n<$!nI>7AEXSyED8!bLEWFIwqV=!q(Bhl-;9
zw6$hJw{k^YB+wO(P_}-dwN+f0p5)JodV;YzH^5BtS!-$IVCL9KqE6A$dFUHcifLn2
zYHI7-vheVj>C->%!+qUPGT{&M_ZNtRtZFEd=nHZ7=BA94n3MYLWxC7d%ZK=Xk%@z?
zKp&FH&##J&eF%>SYzMlb!fBEbT*<#A9<A;V{z8M>+-LlQJRSsRJX5l!t+CMdo(Ez9
zj*l0-ItTjduW@wI-Fxwh*x0ZG2e{F1NtO}Z?e8U?f2B#Cn^P4RKXXR+;;ALxoxbdh
zGK};pIK~tDw2eX3c9QOGkrZq9)9LEHy0~pzd#%u|Rf#Ng`-jC{hf(nlbL&w5A+xUk
zNJTS?b&-XyU)-DdP`rMJ&HSy4Z0>&@bb)RN>mv(av$(f#plEUb(zj8C>;H~`|K?_j
zmiJMGiq|OaFR;H(Z!b8DdeMKBq9w{bs_?amdn?qF{t<6FvnQOXA3wh5=xF>j>l4ho
z>I$+jBtA#?K9m-4D|Sm(6HRX;QvT%Kh4n$n1MRzu2W_HDxG6^^;iPfn5njpr@a-2}
z$roo^eY7J~veDZjT)OFUs09A>;7`h34waegb&uv1)s^M((U<&pxhs~;_~N7YmpG4p
zbK(xp6mQaD3tz6n{hWWe!Aob3Q!br#4E>ONC$g@#M#&d)%N^;CB)7tet|Z(Qv61Iz
zyl*woRNs5<pcv1QnY+g4qY3$F;+qloe8rn`)oO#>^U;#m($u^?6CUpv7rB1KrjPr}
zJJE}sM?Jb1t>nvj#omNc7z!hQ%@$5GK~^3#$r(D+RfNGqUXhU;JA9y-Vrt*q-4hTI
zEiFgxN9p$Hld<GHgU36^EgoYrd%SHyPA0rL<9d3~1|%0Yi>@b_6Z^Le>(e>Q`vc*1
z?DuG%Hyo+m(A2Ty$_@{=jWO-aM1=ao>oMdRCbQ%A&!O*AGKIJMSKtU4Cehu6L&{t<
zs+<W$_bkZ?2DQGEJ{fLG1|RrQ$t!ps&0i=Rf;t5fQuNtEdMr7%9$g8R$&rN%E$8kp
zq-OzJkdM-RYF`fAuOZsg*l+UO5j`T$1a45fY_jdZSuLTXC}~>4t#N~lTJh~<*pc_2
z3<4o^)t5eh_GF`$fh%4{-=m~<eN7-eqN_$YSlr+8{sO1r8-={k61sp_+=)1=bVj2c
zWqCrY4AIqc#zrVPp}W>hC)vji-Luk?wupEs;Aekei%Q*O^(}$%n?`S1K35H7B{BsJ
zB4Y!Y=-$Lwj8^wrf5fQ+Eop*3O-cOrKfOdaVS*wo$!@aI{kv9{m24ASvl6M|*5!~R
zi_zg4>Az8iC27^v5l)Tx??3FFot~`0%M@2b{C-<8v^nLLnFCT2ZmJ>MNi-^vcH~Cw
zr^gX`A$}pPVdF(?G+_7B3}@j>k7yGMb4De>nFi3tq(~{WM9xhKq6ZViIOK7Z9wifE
z5O@!tq0f`tsbA^o8cKDmIn$H0!yjP1LYlB#YAC&uAk5K}Gqi~=rIDU=<`27t#$3KY
z&m{;uWEw_W>5EQtczh0*+~78Z(H45r0V{S0xMNo#0T5hq1U*WN`wC~?;9RfKW=*)Q
z(X^9*dw7E$Wg+s_@HiX$<6m%+ipOAqF}{lT;-k2jn;b*`OHca#x}O9WK6mLs1hEKR
zi>2rF5>3G%2QS3eaSUF7Q?O|M3--cE5aI%E);-!*qD^5pE+|n<OUC^s??B;;1L2wh
zR3gDgxD4($aUUhogLTa1+>uAL9YHvv2Pw3zCU^k);InXT!1ZeLbUY0=!2NFS{nTdW
zv$=a2v^k-9&a@2($7`_)+N{K9H2zoN%TOxC3%TJ>XlqRb%^pFmHHOSB#jbb<aEQ@A
z!|U-kco`1k>~os}XlAYH>4ThA5#6yhdJW(($5hY;61`hjLj0DrHD=r<_j!_%u#GdU
zpk)&3$)f~x$XR!6H;%1|gN@6JpKEZ^x|-^qMywc_X)A-f!4IC4c3XHG^_<9E)?+48
zl+%a-D5Rd5h^9Em_6Rdfj}}u1le~4z`p=!4%!u~PcuM;F`Qtl39Vq%zPf3i+DD(9D
zx0_(VK7pd)Go6J|$D(~GBw1RgCDxhw(szt=9zA%Y&{T<p$>kOCzlY6q=q@rh;$T{O
z*R12Sj7N>QY*>oCmiv76u83<-!zA|2gm=#R`)m-H+LK)R+l-2kDPSk|)7(J<Y9(O+
z34qy%Jh1tDacPKP==DKYi{NX_7x3D40ryQmrZ-6g@h8Jfi}$0R=1g_tN|f#WfkQ9D
zkVD&r4>h6(r+1keqP_4b(X3ksG=Fdziui=C)LHbN@15v1!_u+8>Eook!lDOeuwGUU
zVaf^P1YUu0!{w6)ZTr0CWF!A|ncbspW5qmusa^t67o}vDyz=0Og?lGL4+MNM1SVei
z<azVbDOia$Tss_@LPFSi7UpJM3HIH*^0PS;hfZ|p`+;5WHz)4kOz|ciw(#XD+|T)k
z8$5An-}#e<?O5x2ojYDu{9M?1s=E(en#b637Vj}~2{&g9qqhuMnX#SFr>7VL&ODMS
zB~XSLYt+_#I>(sy-OJ-D9EKNReQb<vl(xaP*b=wHHh3F;q&<85$Qed5JOSS-7?ZyK
z!VKnt-@(Um9&S+bM|fO|6Y(0{9beI!?9!M_yTo)gKgq)sXoPPn`Tz2`5^u+&ae)?!
zG*IOgrfZMWJody2tWxq`JWj<7j@JVBYk;9w0eFGOtML&*S;ymY+#lc90)No}pIl=)
z_Xy|lA-q#iRtS+(xKIo96@Uh0_iH?UjK>M}MLd3pr?fyo(}zVfox5M>@i?3%C<}xz
zf7inN#9iTmXeN!2r{J#zO)ig1u$2ym+Z6-OdfejicQ{q3&*rfUeyT+T@(#k3XwQ}3
zVjdAD7<vM0aM$rc9UStsq=$1BcbQ~DUWh*xG*1L?PC6Lwa1uk3{X)fF0d+b4_gx-(
zYPSa7fY}$|Xm}#i$tV(^6f}={OllDix%r8V8EF)bPivHnu5x!0)1U0xiqf0A|A1LQ
zQlLV^QkW_F$vked+{5ilVQz>@mvqLtg)%ywxhX1rGMVH0un_84PI|&z6qRf?v$usZ
zB%8S^D!<KTyjmz_dCXB!8Ct+>Gti|~@;AB3&lxXKom9l^e?je8%qT^*w2V30LLDeR
z2o+__TLhX_%a~0NPADbyad9d6`RZ>kCH0361-|>;cdOmp6orMgq8hGH-nen=+O_Mq
zZ~qByb8^Z&J%3oWYAr~1HZHM8;kAsB0cZ{$^aJa4>pZ{$g>;Y^p`8yHb9ASIaaAYT
zzLGiEdQ>J=LR3Gh7_+6t#j5Mq?=D*8`uK4ka3&<AZP>7BF_e6K_FcLZ1qD$qUc9z{
zzb}-xZru?R6My>j#iK`q;WjYvq@UmMCRkBX-Sz8t7A|zj%zO@&adD4+_+bkacJ0~|
z9v<Bkr4h=nW(-Z>Q3&F39Zpp8S9Q8n$!oIrVGW~Cc$?UDKw%Ax+4#J?3V;9OOO|{o
z#u^ZC;?${gLabR?C89qu4upOYLqBoibWl+6?c4W7gEMEs;1-!<MsDEecPu32f@u5X
zNuf?;rgcm=c`MH^MAf)cQPhcXbw&j|V`c^!6CM2Y6I#1gA@&uJiqY(z%gU`IBX2KX
z{%uo`Hlhly9v)s|?T#Hj@F0Ng>eX&fpB6O*)CK*go-s1IibFJ`O;0=8G-(R17sD|?
zok`Zr99Wwog1jF;9wOujT6^HYk<ic!Xfnxmvxl01fM20=z?WKke)HyS=g(h-GKg+e
zCr_S%8p!maLjgKbxnZW0{0{aNqJc>T=BO9qdVrZO1bnfSqTv$O>^+gXDYTG~^Y91>
zq5bw7=j$6Ns^NO!LIgb8P=Emdk6Kt*Bti$^bCetfOIXGrIQT3y3Di)4Uet!PJAmyZ
z&&De?5mn(~%_6d-9XLILg$D{g@S@M9tl4<cWm81YpI3W%ZC(t00D~$gr&LtK6$aSW
zt=pB#jnKhx3thE%@t4b&uLOZd3>}iNas&8q21H=1P<X<a)rN&)Nr+2@O*L^P;mt3^
zWlgaxfh<(AlgQ&1(*>y{VB#dMP_Q^`)?NLe(}hWYo*paHHR&s3JDEh_p9OAMaq3~s
zfJM3Sr#2eN{a3~&5It@PhnaS`T2R6Q_M5nTicmjps;98TuWiqEF}Z|)5Ncs9EXNXD
z*GQ)18&UrHtg(D9z9DEzdHgAceP!d%SHqNOz#5xW;hy+`psD6z&!B#2MBFbLl(aKz
zY+8cN#l^H852u|K7&US!`TZK4Ls!7nz>!ditCaj!9^c2N_@WjU%`NT9jvy_r!cJxv
z&Q<dJ1gblDGX5OHuBq`C#l;x0qsV>@aI~C-JHW=r8~ZB*g9G8L=mm?rA#8kd8o^5b
z3ODF2b^vL<O-O7$_`Icz3625UG+eGlo#i%kXM2#s4y+?_iVN?-UhJr6Yd6%!5h(_;
zC%u0r`*i)8Z>L_$b9hV4^JR~ss-t{RPg_<luf4vzD$1uS<F-Hu-J<GKc-DhIJP{e%
zv2u6*$cNZ>V#AF+LHv4E1FlrPS?Q$qSE0hS;G6H$(0~YgwhQWL&q~FMp*?Hk9>go+
z@@ubWR^Q34xt-Ngpz>}`Z3}_QmXcH3yr$Xhi?mP!_^8b4&<<&pxR$q6scI@Kk09Al
zb_xv<-Oa7ZDnOaGY?le8>Y<#Hl9QB_`S9V><mAkhN7+!w%`J!Fo}FEilU@2Or>r2q
zDm^V1ZnLvXv$IN`JuA=1C{P#508ms^i%N&E-Hd=OtDr70xxAqrt`po=)YN)nWa_|9
z7BZpst12t42b`{yl{SDgm}-AL9(pa}=Fy|S!9L(<(5bt3l8+w?fx?Mj&%k6IdF|H8
z6K9VcId&?TyLjQ+>CmtM{}Y$OqAr||2nq~NP01-MYtW??%iu1%Kow}vET|0_SviV9
z#pKl7%c@DstxL_VeNp1mixV?S9%NO<r4@qQeUzV=Q5u`_JT9#WuAsf2S(@;;Bs$@#
zT2*o{^?7Vc0n{fvE(XBE?8>w}4Re|fKUBtL)g114zpOD+l~vW7(3oND6iC$i^itK;
zr&W<z)z{P#l~sKzwc=z-1r(rCE7>)X(9dv%O7#`WVX4JOZ>B;)6i{i)*+N+~2dZ=F
zl>y1+x}4zj4x3j~10xYP)YPDlhO?hCI4+IX%d4ut#a$lGp6>=P42ZfqT-zOaPKBY}
zP>GIAWtI8^8|qc%@uv$y*F6hfjjX4!CiLo(2%p;0+!{1%8v7q&9SWGnPNT{K=AgQ1
zteHW<?(wDjCR8P!#`UmP+Mxl{*?oHFV((`kKrz$VULD>mj6RZ>l#CzYbUUP)&W<M5
zqxYQI$&!-1lH+KnGy8Ujii49&5-&jJR26pUnlrmjHn99@qAK|;nmU8+hUU#+rTYBC
zb7c>%)>M|)*43%dH#68ZvYduKFwr!i@)_(qQd~hM#K&`{AF-<l!>R^&E5(y}xw-H*
zjaT7tbo^s>T4#)Fa5enp;AC8*s>b*_>Nt~~DHj%jESwGpq;#0}gli@)!womk>Y41v
z@_L*LHAT1>KgR_yMV7%Sq!_Dipn{p~K%yAQXR-F3uH)bFMI4SJ;HY^I*WW-3X0iQ@
zb3-;{XBEMI3AQ3npA^F2h)64|P@%)KSd-3$5K9HFf;ehaRlrzx4aLr4d)YmRI+u}C
zk@mDS^+`#3R@vk1@=K{;gf|GM&_Y~NR;ms~cx6|Ki;7Djw90VQZ#HXbP#d4G5tyvv
z3eddSth2;%h^;-kFq`e$Q7EyCmbrYr;0xB;&O45<;><r`dt3Llv2wJsv9`5yv~sXy
z2T%IiW$gTK7g_WhJIuz)Mn{Lf+{Tu<!?f>cH`KyP_-C=qf))N3>V`VDtaGrkvTspm
zKh)N-rLFx?J8Op*aCWv<FV@*xTl5wDX&r+P2b&f^2P<nUTSRSV-*b1cadBNZf9Rqi
z4leT@?X9gH7TGu~90HX?>|I<OtcF;-EO2qOceS-0YUQ$Mp^KgCeAh+x4hyV@*xS3<
uTiM%=v>5R!6g|}(bJ&q1*_GeUU-9kg6^mS1TL&wfp^j|t-s2{ZXa5Irkr2fI

diff --git a/doc/gnupg-module-overview.png b/doc/gnupg-module-overview.png
index a56567f3872059240a0fdd0daba2dcbe2f5a1fa4..dec6d068afd78e48276ed3bae69bc117b2d79fe7 100644
GIT binary patch
literal 142611
zcmeFZbySq!_b)y{Bc0OHT}s!8ba%rbAzhM^g96e>2uO}JNQX3x2%<F7-O}A4a0mUw
z_kGv;{qbAt{&Uy5XV&6*n0VrxefD|n{d(;uLPJd+2a5s=007`9D#&O704P)d0B8dr
z4f#&gq^LV`gJSbk^(g>Q6^H%%IV$phI!gsDRRF-3832HV0039Ww_qCpfF~~iuw@Pa
zh^7JnWUd)an&QY0&@7bYW$ykoOoQ`T<Tn9|GEa4Urg!G7A;iYCXa_dQxIj$^Dv*Sr
zS%a?<yGpF8`FMH`*>KR5rXuLc!(j&S5Rd&9+R1<kY<lu@Zr|*M6gRH{k>l)1pvaww
zJiawV=ASJ|UNMOpK=99|sg}C<zkl%+4G~rNKO5_y<!kUie@U?RO2w6q{vRzzJPs50
zpJ$axTIc%`{LiC>ABi&y<Nxz;npxc_=>IqvJ$=vd|GT*VyLwL78XeM}Ojin}B`?}x
z{m-=@k!n)$<@mT+%Rl{N9a3)?{*R8owyqZ-k1ET7iYXKops4WnV$7N%4|*vsGIP{!
z#m3CAo9%e#(tZAECh=B5;&8wFZhPf=%8Ngi<B)bfXqiX!wv)CMxB6!7R(Pb1^e!$-
z{m^Db@ps#C#%Ul)4bS<mSKyBS_wvMx-0sASx$B#=fQ;*v{<+)gW;~MfS8BWdH&-ly
z=Wc6zJ}>>K7HHQO&Ulz#kkwz@`C2#+xLa@!WS^jKS+`3xpS8WB>73nBzoMR4Td?OT
z+|E*!IJ_QQsEFj?(r$E&HU8}<wm_*~utE^ja(mu&*t))Ayw+ZK=Qxm_dh_a5;P9^G
zN`%_m>pa)7Id$YFapjV*CQ7P#`~6wJuzUEq{C32G{kmVdyxPRl_2ByX9?SK1`lWD?
zvs9zlLc70|Me@<|pvfRKU>5Vv;5vwdg_)IWuOdbHVnFyME6<DiyATr^s5I_jPqs4V
z)VFj~KN0GQ`d%h0zo5W6lh5l?kGfZGuMSr|G6`P>%(pi|4{c_YFP4x!ajE=$%~Sc}
z$}JMpVsF5Bz%Af9aG-H^Vo<+hVkW{%Et8Q8^@QV>z^{=ff2RF#5P*p4HaEK5*1k9c
z5V<qrT*0q5HSGULa-_+qz*^E8{i3&P_2`1BdL_kb`p8DHueLniuDD_caQCR{!?>=M
z@|;R<keUZ~FJ^VVeL=n)_x7EsN`dF)Tv?*sW#JG1)-{{Mh35I5_{;0E%RB3D5BUJ^
zZu?1fti0hpcl(_!oX5u|5+hpbQ^4ExSfTns5ygVFiJ<uxK~i^y)qZAcy|usRtlPxe
z?$$L`Vww1htc=*th3{?_gl?%n?9cSwWoz6Xv$7cOvux@sG5rXn!K%*xyyNb~x{Z5X
zN624h6FBfo-wP(ic0AbMcej6exf0d?+;1;%{-&r;ilvU93nyrE{#N2cc5cx0U{|Ng
zx$3X&f{Q!zUo4-rGNXNCLZ0@-zWy_NZdEgK{_g!}GW{R-p7*my<}Pp2yK3LUBp7Up
zr(!xyoci19=tCEKPi$m(+i0mn4cpiN(EVz_uF(z4T>EQ*<C^^aM;q-78(u>**QPL{
zIdv6NAv|IIOA~^66gqp=(T<Sop4ixM0Q_QZIhc6`_!bq{fno+=D(7X#`wGu|s2d(Y
zKxr+1KInIG^8BhX5+PFIK6vH>EQDrxopNI5#i`PAWtQ!1gku2MV@nz)tBHm>s}yGn
z#)7$@n#QW~pxE|Jq~@;_BfoLqHq<*%(61O22azu!z*w(Ng>DPpP>b)eBJ(fEVjWy$
zjud!R;F~`d$1bKs4}!Vh44enuP*pnE>o=$IEKYrOPqk5oFNZ~9J7nv7dEANL$=%*m
z<O5h7G923tafCnlo+Vx@(v>Tlq_3X;y)m7yT62-&;4~aN!Ow?A@a=-~XN9V09#UIq
zq$cG%8-cTD+B09j>4IllXQ3I~7^QVkG81L&R6)0^R8o0B3_r!Ct|aT9i@8`nOfDvX
zd|$`!SN9I45U_v3>PawJ>zp{jP6l849_EQ2t?iZ6u0geokKWfLs673J7=Ny7QlATk
z$;B*LZi~e^)#Rc7b_up6I5w5=wg)$PLyDWE_#KE3$MPLLYF4;<aw|C?wNywXUkbIs
z^v)~pQz0Pzo1ot5G@F>gpJn%oi1$nItpa*IwTG!29&4CIAcZ6%wo7bgv<4OaHWCAb
zj}1?&&Sj(rxV|2d+)jZh=0)V{0fv@kqG}7i2ID8<CvJGdlv0&aONy&=f1i$HZErpB
z0%WzFeA;~u;`|8}uklqjKZA?Z80n&pI+PffnCN;X$)Et-@Rs!oNl`&AXf!@|0M-wB
z{8P0cSN<cNrPiC^v@kE)rX3Bhq{j7`@80h|NglLZ9sfv42d;n4aG9IMhp|sv##iSu
z<Wvj~kFvo9u~;PvPR4%&<^}yGin^%~%aNB+Zpy*wHO}9}I)P~MXkQANdScJkMHW2N
z%&2h<UKx^L^PoOh5SK1`PYcjMQv(=Tl3To|W+DIrM&W3fa3Ninh${xTpnWbrjP-bM
z=6V#hkBpdln->>jnmmt0_o0SFu`kjPrk)br1DfG|m7E<wcwoN4m_c3Y1OlUiz^`xz
z9k)-|cFdI?AU63$W@?yVxc<pw+wr;$E%?BtsGFQbFqjV=N57L*tOUBh_p^CjZ3A4T
zZh5>g0l*EEtZj@JG<WNwr^}{<&l|R;^zd8DE6PBBa^)I7+r`m%4hgM8Jp*V4NY-y#
zV%9$JZW*p2#&@BF3ROo`=k~QmxUd9Lh@u-@z8GsrD+cI%?71VszcJI{E;f1J2P&WU
zFrKUyt&}=|4g6;7iQOV24-dA*IN6xZ?L^@)x9xte-&?EWr6F^|a3Z#ar%?~YZ56MD
zKet}=joA*s^V0Fs`Lm**uq<ZtZ^kVje_!7fz=0cmv@eU929w5cUacD!?-Ye^_^I58
zJNc~1nA=29%ho%vilsqa4sO4sqqT#75vSKIoaI;NKFXo}*k&4#-Sd1=EwuT^?jEQx
zJu9oS`h9h7k3{w&i<t{0sL952ZVZb<jDr5^;V<Prye%{Ucc^J?xr(;e6DgiEt)0_2
zv0$&;-Cjd9Py$-QH|e74T>6}B&2qiVr(tG@{=9Vil)3lRIDgRR4JHy`1|?|=7CP)~
zqCO~p;-kIE*Ap8S9w@VR{$3Sp4@}b<;34##LV+{eK=S#U>f9?&9sMF_LJnZsx3pjE
zr%A{I-9!^gDEEyv<C(ZMFK;zzP7SYS^`B`?;7mSOIFTQ+%^fym!ooOswRu$)S)F_N
zD&i|)ch@*b=?Rad$$r@VT|=L`#LPPj1TF4H)vGVu0JS&%tdj9ZNaTErkyE(AmIeGw
zHhXrNCpL88n(L~4`!sr^KJQxkyw%7Ko|LC!casZSaBhF>t#@xi-B($jwSlPjV5|N0
z8Rag<7$e<~#KtH(gSGs#|Df}ebtI&}As~z<j3#R07*`!k_uV$pLJsH2<7tY|yDo-U
zKJyo^uCJ@^`{RGKq!>)x6L|#%)py?pG)q67Y3y<xYW(?G<Tp}*p*e6%^U1*Osn7pB
z7xJV%-|oG0r(_&Xv=Q2d$;7KX--q}zK=QnM<FFyl(zHtSqNeLSQ>~lm{`c_wD?(tS
zB%<1gJGi`9uc3_rrh5q{;_R{B8vsf4SWJIy7WnBW5Ls(^;g0S9xXf^csr#`Fktys9
zbmIViWee*S2>W9;B(<uwQN_Q&Ik<AWv6#AEPyW*-$eldL{}<H!&;CH}|9^#p!$IFc
z&%c27cVRO07{>MN$z&neWb+xfhhBJC=y+%-R!-hAl`r}e<9j6S{}I^zS!u#uiRI(k
zuC}|kX}b?sf>o0Oi2rfk6BeX-4hN;uoSck$0c}D?3g5g5CeF*tbLk1V@#*X?bOvx^
zlJT_h>D9{r^M{|1vt~o8^!;R0oh<s|W62;jL-Yo$^74Hucj$tls~0XNkT5<qbsjoQ
z^DhJYyBV%PnrO~lWwPzmPYX#nDi_y#>IEs?E;lMEno*RYw{2}rqC+UEX{jRXZMW$D
z7w_Hy9^j)rIM@N|yi4K<D#e5|43E!if?3)59?wYO+OpL;zB;6L#hEA%NKFjzqYS~J
z{QV@@S-Rd?Uka?HkZ(a^URCLHm@5x^pC=RX3<uy8kvtwN4|%A#`BOd)#1Z<QBfuU+
zFQYk|W9t%8Y4szQ;%`rb<U<(b%^t4$o3MlsvAmAu*y<<wH4wmivC#S%*%ecVnJY7V
z)xwn;1`R{kly{U0vi2o9Si)Gbv1HT0e8%zdw=8UdfxSP1%(6)avH}9MrsPw+^B-}k
zisJjg(D5X>E^gy%{yUYB5&fNA)6kgiF_5a0l&g=2wV*^n?&VA0{GDwkdOp4~Dc7g2
zZkTTGVrGYEhG1b~k=_H>0ipU878b;qXnrAc%{Sd(Ss88Z%ykG^mBR#~DXfFl#K4%c
zfzzbv<OSN0&d<CEck%;_I2u`#f$8$!?lw!mFDFKVmpTrXCVD{*p#lzB(I{!*s_AJT
zfZ)zxu#+B;_VCcs;-UF#-oW3xZ3v3z{S*uFk!Pae)S|@OMFvta(Z`923>SX%GD20x
zLZ3eMw2q%#Uq=sSCr$t#hkkgxzktrJ%&sdcNy7VXV|%{@lQ@N#!^`zG{g-aMz(7s?
zB<j=isHZ9_N>Jn}o_FldKyVaKw+f{J&lGQeHw(bF670v+)X?RybLAIWFlFfZ`7d9b
z?e3DC?VY*+R#V8ycjn7>av6FkJA;=2J}(&0o;!^19-(~6k{--*W&+YK9j=61AY?c5
zm1DVxrLxz4#%FQQ_olHb1d+vTY$OrG(>lk`k~GI<2<WfQladS!sU?4J6SkHpIy$LS
z0JjJQ>YT=4Vh!%=E8Q6@@1%sd7=Qgj-(uTp|Jv+*DA>N|BZfgOYGU@FkLXvw--X6u
zV{4vT=Hpm|(eqs+=t9t)=)bZrHyHPc7}1Z~h09%!MM<@<K`EiVDGP1=ZNE{MIzojC
zVfRzbNn>=djH@G=OZ}YVcBox{w!Y$v%wmqup+%GsLd|V`;A#cd{L}AzdJr8q;w_%g
zEeFG)v=OE-m%rFB9j=?39SJ`n!~6h%Mya(`%m9?$shYlX4s__Mb8y%PmMgo=+FGJ1
z(8Vu4a#a!bJsGo-71OJ%{+W%DB!78?G^dc*o%x1nd4K;cG=!|6r@Vm9rx&ACtPu%J
zr{JW3_nY1%p+!ZjFCnTCnRA;X2)(KE!tBZR_81mdMc>Qnm51i74bPuZOUb@%&&-pH
z(Z-!(L0J>vIXtqiCDBmSs#-n-!I~F;ojH^8N>hnc&#HF0#S+TLakrB;FwC}53##)S
zMdA7T)00{|>4&gdD9fRjp0riRC2XAY8jy=$Oxq*04-R}5uo~!Fee2f5;N+1cz4~|E
zGXXIZ6_)y}gq5od6syVNUyk@_q+%;|7z5WBsW&&5$rgfMf!>PaUhXqAGVLGu$F2`b
z1)*gv{z&|;AnX6(N03Vc*KFI3Th{WiUq`E7Ha95yU{iZJZD-|uJ%>7ezsmeDJMBa1
zEQF%WRN|f4!6%~D)rAG3jtHXQZui&~LH;c4{ewMI|IO(2oD1r~uGy`qwgBZWkg7H2
zLQvGTB+=;KDZX)zjGO4Cm8-0kk5NAql%!?^T&@TQidSO7(Iq76Obzcek`u=*w#Soq
zg9DatZ*a^&)LpUEQOz%)ZAk_tNw)-Dz9{tc2^lZv2cgTWKi;zgLp6%towb$DIGI~o
zn!g)<o~tjF`{t3I>iElDYX*_;M37k&q5AWh>SQsN3^6hb6h^v7kGOC)n7#I$txuzP
zNN?7^%R7ck>*&0EwU~8sdvlfzi(md8zvc`O(8vv|;v13{B#esMSY9@NFd6v}Q*b5p
zaK+`cAL%;q&OhA2sbMhKhBbs$`WcaLKv2uk)d#W3mZe?l`A65dikIOWq&fN4ZDa`5
z%`#)BuP`%<3Nxl=cET{<ND05>XkfWw1=MBbfetZ;F8dHMIr~HYRU`U4i2BLnRffWh
zB+ow6<fbOkG(f&aNz#}2eHZolL#Ue8=bhmn4>46(umGM+XJ<A8ASTAHDB7dJS6C$^
z9g!rGk`EcicgiuJq&#u>wG1Lx#3G$Frrh8<+1s7xx<+}EK*;gw*;^8AEs}U*?v@Jf
zA%mYq!<Y1t1Qx5^*>mnPS>|@^Y+6=#fwJ@;#DS`}jWwLZn%tySRmJtebr;u^KhrDi
zMn(!@*$3wY-bcz09(e8Qsl@0SXcY~$6(X#jAFYbr1Pl2bGnb=lC~MXHvLiy6Xw_~6
zuS2jS-h2(cj9f{S(vR4<zOl{G=Nc`s{z<<gLgB%=ev?70mi2)Boo0nbR7P*Fd{e@m
z8Pi=W2MbdtA=AkTjGk3X#;>$`ko#Xt=-_i?n)oTYsHpu{5^dcKl7Wm@bHobLT3T18
zvLcsFHLkb*-=9p45>s1gYm4{X+-||uGNnUdG!}6*OesKn4edk)Vi(?~AM>+jjGRWR
z62u#9o5NrGcdz3<H5s%v9d2gy{vZ;o9x-!VXfw#OxFJ@{#7ax6%ka0yx(vt9>>9|7
z;<@Z1i@JThs@=6i=(XqXhM&rKd#ax=2GJzuD)FPc_GQ=5BybGwT3+rF@B+NoY<&5J
z$Z!E;kKSYRWj@M5%E1KG`)6=u0v1UuE&7&%{e<K(E^lIL+TH}v2)oP}YErZT@8!gJ
z`m~BBGM>0ZsYFL)>Oo~f602L$$L0QR?u3EN3KQTSMi6cFB@O?)c^iF0Q=2=AUL=S9
zxX$2ZBYlu_DWQH@iGbE2THf2mrNfW!t1D=R_hlumE|m=FzZkjAHBD1MP<4tl%zMu3
zS!kEwiFuat6AB1T$9rIc|0pJUr<L@A5eIKSfO>=BY}c3_*Otd_V(-XWwmUOJ{P1~X
zspVaU&#nLQF9f=st!)KAto>xIx1105c5(0aR-#hLpl<6&`OZojN8g8I0OD0~P0d$D
zS+PAWyg0qk;FyjuoWL}M+tS4$oY`<2j}#5(h#lvIFf&7`$%aZj+Y^#>a=b1X0Q;5m
z=GpLP1pjj+UJ)ZX#ezeC{St_$hl^jrpp20_#NK<QLbydd;}y_VlkpqXWQlAZWm8jX
zY~b6@XKyJU0(wKNducxP5K8)imwtwa&#%FFH@oB1A`s6HzsG;8fT?zTi&2+%XMd2h
ze^?V?7SqM7+Lu8RF(ML^=cy$8ivK&lZOY~y<;$ZGj#nKC;*WZt{%mPf9*$;v9IFB<
zQDE1XBq;Uawi47$6+JbxHZQDnUypM6O{4f1E}n>)BW?8tYGdW`y;qE%2Q!7c^~1+W
zZfJ_jeu!G8l7IIo@yjEj<~0|So&}#L@#K{IBOoJ8E@QJ6j101YOg|?S9nw!aYz7C{
z=i2zF*!K3fzhA|xYibfQDQ}^&5<*s85WQkne?cnR)(=tkNVoz4b=xCZsSWPE`I|{K
zK6-_FuN#HhSiwU(^}MmczcDkD{_s%^NypKe<W~}gtPrKI9T|FHo_rv1t_h@$LYw_v
z7UBQ=_V-(8@q+%(!nkI1bB1K@%sU=gdE<~L{MCa-U6f-$42<y09?CHFkZ7TnV}_tW
zPpGW4oU`HAX`}X!^oL)`+S=kXll%|E1Bu>-yg`Se0k*B&D<<T2r<rYFx*a|5)$IfC
zhzVZ`g-{Af&j21_U`9lN3!+8}^&2Y`{NM4g^k#`2c}iVe$_DV|j5t3(cfLD}4C(1(
zko&QaN5d8SP+Jmpl3{25#zOkc?G$M@rE@^z$!UrJz7A>A(K6!;i6PUS;ji`&D=C}3
z+sP{?x%bV**(5wm?6l243;TWEHScoQ&2rVnUF&&Blc-AKv9ew<h%u!gF{X)h0c;SG
zl9B``gofM35Wh7H`)71<>&eH8it_RzeWsCp)uZC5a8|!|_F-kBv@~`B7->#!Zeyck
z2-?@uwN>ri5C(B^HcVSaL3^FmXX7vTs!_`OrN4#qnEiB^n6B0P-FBvSbsI346&Y_D
zizOe2cALLb^KXk8w79pJ?A#qZx9OpAJ>CA)lI32hcRvaXzQ6Uq9NmGvu&8<Q!o596
z>PSf79MkW-%@I&bY+T2Whi=lvp-*K48vdD@+C~CH`fH(?0n}en$Lsn;Z9!5X6yTe{
zxl22i&n{3-5XLhDgJsV}T>g0(DTWM@<E9T5AyIpaqr@l2^Vs_fETsu^-EV-(21Z+L
z-;LC63+DfZVN*P7K^FrmSs23-BT4K>vCm#DKl>H?Ea>7|z8PqCaD>GL;v`AoF5^=f
z9%g}Z<CAd~Nitrq`2T?^tK$5!YMkcJKZ;3Si)=+GJhIm8q1rTGbowoJhw>>}WX-r1
zfUERa4&xo(t2P6JmW$!seHSVG;NYq`VoXA7ChHz5f$yp8%LmW9s*^gWufBIivsH|G
z13z{w6n?wB!{95@_=pfH7)W5DM`I8c9x#fBr5eiWlp4?pUwf6%G4Ro8TwJ@$!00gE
zkZ2qK0n!zCCq!4L#|FizuPw89z4zX@i0`-QizIQR+;KdcO_7t6{!qWTOFjJb@Y^e}
z;?33iJjeWM!Ce@6D|y}n(9YW#9-e^f^%-r!Rx@8GRd(Qnyjca+6&Q11VLMytWDAB%
z9qFkRjS~OC-##+g;*%cf(o~#@u3Dc$MiWD;U%jbj7cu$EZ@hxzN8mp57X{jJn5s!a
z0j@sKM@zyQZh`r-@3sD&sQ8mdlDRuy(;<=N0j!7A*t}5(4Ts07DgGeWe3Z8sr>^>l
zmj062dH#XB=8jENgSGM;-$NJf4`J-{8cDt4R&~`L_+lQcw_WK=g(1<!?6J!m!}>wM
zEe-vY2k%ww2tMxEvQ@l{au+*xwjWqKLe6QNg=nF-RkDW?eVnLlY(G^I?&3i-ry|>0
zl8nv2Rk!-s!$~+uF?u9%FVhkC!IIX)dn8^=0!!)WO&QjMaeH{`2JjQ|9$ng$@z6eh
znsxB*gGgV$r)O}z&$ZzEarfZ1Sc@N-OXBhDq)fZkYV&s%#d6qOKLv2j^F6ido}JLB
zmqs?)iSJZzdET2GOK6sDt&Yj(zCAu(=$YIxkyUhUf-$NF9QKU{fx^sebOs4O=})H-
z6yceP*qtUZ&a;&VQ&1$xKOAg4>7Ux?!LhSjhIEBv9d%artun~2j;eXJztu^coX&dE
zvw@F;@qNRVa}*@ZCE;FR2sBS@cvaInUeT=9lv7@wranIS7V~SEX*+H-p<HZBeA3}{
z`j)GCmB)_+ijv4<#XFp=*M$@4Ht^xDZ{@1(mU)FON+UWW3KOUp!lb-Xq>#}S*7Mbl
zyV=|MrMYI5bZGX*8eMud^Zg>f_pm)B;I?#<J3B2$qV47m&61qbL83nur0&B?sriXw
zNbS1<IS)OXi4W9tku6K|<~NvOo8X3Wz)@uT!dFtG?6XtxH>Q6YilK*ep;}jzjfYi%
zF5nyH%C|WsO^?c+`XHW5+Ql_$yzKjU=4dJ<MLqOU_G3Nn`*7hV=&nWQS)ILH|6@^@
z2QEN9<m+1~HPGa5xTY}4+YaAIWxh%)8P>%%B1V-4J)2#bw}F<I8hm!V{T6xpH->n@
zrB5D;?ce~u?hLr5P}AU?h;*13pU*r_f7`fwkQn5m3(uj~(e_~cr31w()+tT9p&UCB
zB3g5y3UrY#@ka?aM?vpS?h$<=HZ1j{Zf|YX`zE+)Y)jXcqIAdh<={cv64#0tq7Btg
z`BEJu>3uuP*cfARP3JZQ|A`5q9-eO-;)G}Cxj^Hz8iNuIZ+|DS2)4<{N$b2g!fnS&
zI9iJnh-VUg#rC;(y``OPwt-+=^!jG5vp@agz{9oEICeRc?>iLbrq{eI*IwdC=+vhB
zElCUw8g1^W+Tg|I5xeYTl1IiZ+y_7l2cu0+0{(=Nsqq-`S9r`;J%v5ObUO=oT6hMm
z+(tUBqP+4MkGs!;Eo8D78JY4IF4vdgEsrYY;il1iywk3uwPN%`o(d`KH7)O{$12>v
z97#7uDI(sbzu_>!1|_I7(JBdDoL<MPyB*($UJ)z(oxl2{0#Vd3SkzFc^~Lel80Ma&
zI1R?uEbdSdf=1&<%L9Iu(Lc8U@MlR4<_%_hH-erJQwp#XUR6Mub6lFB`)%We-H2Ss
zK1s(Tc+XpQnldPd82i7-nId*E0DX@izq)Rf@?_(2*Ozv6RZWkqQrFYjdJfvxMv|aT
z!==6t6E7ePA2oB2-C?3d+JzdA=!hRa)9ICue%B5x$8mBRtB;IlDv8wnMCuPXA-g`W
zzl;!SZ`T*A3b?k2M`j29q)`T&KN{B)R#<T;-?sW}oL7H!m5)3oggaSLUW;-8D-z5w
z%Y=YUo0qj?_N+Z0I!1NYMHX2<JKD7YQkhjUee3y$bkg|H1AYlbKb~QAoW1afc0|E=
z1?tcj#c;tAat`?nlqqJ7%&hTx;EO>+vv1r}03%1YeX6YNDWajosoR49BhyRO9+HbV
zF8c?{5Nn-slY@|)+kn~jyC34$os6&Enn+Xy-gK<P4#}l%lTlnrGc&2xtfh|Lh(EW;
z;B}rY8;!m=ib<^V)}7M-aO*M1BJTa$pTHpTbHP^c5@M`Je?;CBbg)&Jeygv*uFzAg
z0&c3<XzO9as@&4f83Yofjs=VtvMWMj*1RTSjKPV?D!$r3&}{W{%D&}0AucRe`kg0G
z(R9gcKc0{=kmLobVUyK^UF<`MW8Kk8&kQ8SdC;EN4x2aHQ4N*6=zT>d25^@ji2A&n
zTU4JnxQrJ^2&h}%3TDrQZIBInYn{MsWfl}gaG!9DmdXt?Aiil)mR~ucfAgYp-z^{=
zn$GKo^k%`-DYKUe-okX{IP@h9(Nq?AExk!>5c{DE5v({}fm(ujrOATeSWj_Z-UAGc
zt<R@|U>msewl4?PCt%7Il;6)CAbh-a@@^5u+<RRj0!Q@wv?gi}o}9XpVxq)8J5X$4
zH{&{o$2<rjnWurbn6)rBmyHWL9`C2TI}n7w$T3oT2T=DFXCr$>^{y|ej{qREEmv6R
z&$rfDc49msnFgxTwT#O50*5ek@GX(Q%VJbT2-1D$*)VaGLO{mobXJl|f4V_fOoSA7
zAG^L-*(~@n2iztcuQ>tAltpL6bAqs;JQ+Iy`c>KJrh6$DqX2|S20}lqr*Pq!PoerL
z(I9YQeb$!39?hrNPqb?RI9t+?5;%$d&hfoWQ74C3543RgTSB5kJ?N@pZ(lS>0xn=u
z<9FVQ5WIHM-Sz@HlIgoYW=AQaD4|e13kbSCT9+OjF8cDr2nI!MKhlKyOWEgo1xo|i
zX^VeXo4dn}v&-LBWTD|2(WWgN(8GT|&9BL;$?>;v{ds(1OUKEzV`}jn!GqYB85Kb|
zyT&MfyAGZU+7&$92gy8%F?hd<K3ZKg)}M!se?q?@y<<n`<8Y8PNdz$W87u`>o_ya`
zBas9=wLHIYEX5m5)7h?#z~SAyY-qr`0RR*M2Q>S0gnOWm$C6J}sL=f#kKJT*&=&Q-
z4F2j}iI^jK%xKMWz;=<Vm&3j&)V(j0MD(tb_qp#hE}e(V2BMP!2KAJxVO6z;23(o8
zdisv=Itwla&RSkvS3^9?2IaA+!Q(1MBYoClFlV2L>7LkxKY5^A6eRJH!@250Rriib
zl!`2t8vB7xAHgR!d;5|nzYovO!~M>l2&44j+w?VfGcY_~I#pbh+?%`hcq*83_RzdU
z*vV)Oh~RabtmJnfe%4t|tXF!_2;Lz(+x2_(V1s9OVWHrAyLaHKwnk}Jnn0VzgW&}w
zufXuOE~~5`8wni2r{@#xGy8a}wDCcnQE>>0{kp2UEug@!u?ENAq(d2HjRv0NyiK=7
zhHJ5aR*EyD&08`JvwD+L%go?lQ#3QK%m+z34y_tc)bR0`<brURvg!KdI~_z}ruv}*
za42d-Uy}?5mw(D)83#rqd^1785}X>68dcm3Bl963%fvb{o)sEBrW&fTuNY$z07$vC
z2WY;9$%c}ZpU;CIv`cj4>|i4XyZ6mU3AzqPIrJ*jm-Zkos)fM4Lxlg=%k+{uaOX=4
zLn`pErhe+fML9Wn*w90tnavo}-wzNjO$%R&v?INk9n<l34)J*pE&$*`Q^;x9m|oU2
z>Pgw8iz*uqyus|S=TZ$&(T!3cvkll$ovt5i7diOe?dQ^oZ*Dx}RNxr}<OwjNiR06$
zy&hPddvoy_Vzm84-c52*a;Wv<8e0Tf_*xTHSAYp-RbcfQzLWk7Z`theZ?g}ZuyN7%
z8%f=;OsCs#!1W|*-GPqJq5bNUXeN|?{emZqiz7>icAP-9jckn8I%<SoG}$-goZ8nv
zu=|oustUM!b8AeW8>}B?M&00qDc*L_@KGK}S7o={j{=5wQFNCmss_hc3VNIhW7~R<
zW|^LXH9GSv-wvzLF|l6eFai!X_lWEq(Zhij0oW4oMr-$V`X<DWB^LQ+Y813GTH*6E
z0G+4KR(LH9EGD$yqt^~{ov>R*sRx)fDIcG>Ji^(8MRyI6JagDGMOS+-n!jlWcI+s?
z=0O8rPW)QP;GwY<$+3<=djyMZJj;!ggBc?hYBCZASa37~@SgAtx4hUjMm#!y=Jc#1
zxNDnC>NEoVXrT|Pw~sMo<C#remIcbL%RNisN13H_C=}f@0=T+*`DA;brM|NN79+0;
zEG`^fxaQNSmidt{TMts3@I$SwNB7#FzS;V10AK%3li2z!7zhM!)z|2CYP-pF88Vp$
z&*x|Udi5FP8@;hK>rbK~0)Oe5t_*3iH-hov`)K?Mw*2S^Nm5>w(Uy?CQL7NWs^3DT
zf_k=Gjyb^shH)$%(tujt&Hb6&0Ep0(kH}n!InB_z!HyRI!RNgg#g;Ihk?1uusxamK
zXie|S2h?0_lKa$z&{PmePK`3Y-QEeHb@GKaY4Y8NIr3)aOdjAqcmdCT8p9|5aH}t~
z3sDzg_I$4b=oUGNY17tjdg=bCvh$N08Y)m|_tPntPIa<_URC2ON^kSSJy{$t<zPEs
z?d`Br)HJjwWiIDk=lpvwcgX9S5ubhmB_3b_oPT}_<q`)j#qhQap)IcEr-bgs0Xsq}
zKUZ9X%N&g|tM$=mLFME1LtshfpbTO=Jiuv|z8h%V^LnV&(hcrwH4Ui8rz^Tj#Pp5?
z$j4Dvjf;V7#cb<;mSXvs9!>Ag5&8Vys<H{ee%CH{o1461)$OiBuuyoF4QiPK#Kcns
zJwyRG1NGGnHh{z07Mue9u$2BAzf~w!!$Y$&mnxGf{mel97iup8nM`2w>KWfAv`|$F
zQ;pu=pqOKsv5N`*g;+HhInmYNkI-lM;}v)h`Wk0P^r$`h)IhRlcJ=xXKkXC+&BwS4
zIg2!dK1r2vi<Y9f+V!nf$0oj~Cb=ojTHYKfT84-yPE~g^gC)AmT9v#|&m#TK1&6LL
z&)D9aOYT=Ktp#Vf`^~ocQ8%0}CMzERt>sU*^E>kxnfJhET>f?YUJn=J`*WLU0$@o;
zY$OTo7tj2bdpm6uxnb^nHg%M{!2rI+<Md=mh;E3X2cbEk`O$nOv&MLpW85+~WF%Sj
z?W7%Wpes|iq8`1(Q2&$mI3}y3X@kX6Q*-@9Q&Jmjun|+8;}auRQL1b~KO=_kI73wV
zB6<>3MV`guxmfHFqI6~)2Lq5nlxK&Gtcjb2iG7FdqRb(YYZO{mtB;pZ5xY6>w7GPf
z9;CT<7b?h#=~y?L;Gu=`t&T>h?yZQq=(I=4p?;v*kGPTiV&xC%b-@V2U^$mh;OE@W
zS?C?WSHP=BO+2vW*skU@FHjn)pmMPY5i2Y4D1Z2m>3P%j=4O8$5V{@>dEhYT`Gobi
z_YVoc_SOsBH>txhjACJd!vuA|N^0*41f}NZ+q+i7BGRWI@Mwcy0n|<i|JqmUN_UGo
zC?^iOwuT?ABODMrQ#Cd`k$~x$&-J^rdQ+M=qPf@$w;VswCKE5JO?L8UC$4`t>hoY@
zTg$8GQ5~(n9`PvLy!iws+F_nl9sAz)d;Fs8kkSk^;;hyz@{x6Mb7|A9LQ3Ps(+{X?
zxPY^-J8yO8&^;>m%;)k2cwh9T@+F>-oQmapDLDyX9UxmnHL;KGh3*os1EeCuOr#Z`
z4z2@XyAy;tO}<{c?gl`<4&Fq8vjnz<hLq5MWmDVy3=(j)+=?mAssZMT$$3X-1LiWD
z#m>vIi9hIDWo=R$`u{>4iS_Q6o&!Y-z0`K+sW#k-x<BIHz>em6y(=29Q#sX0Z6YBn
ztKWXqO#rFO#EiV{a2~vpSUqKxB-;>j=il-i3wa7@w=lDmRPAkSVT~m}WYBgdywBci
z&VNC9EA@bg3MreoYq9I7weuDNM}>r9(<%bU4m(iaZi)<kR9;wbPgsO=w#uK<jOB}&
zn{~Iu=8N%G9JdT8ORlyB8r9Uku$xBszCFd|kh1y>Y?XJ1fA6FxQgvbLY5f_PPrZnt
zgIz?b@r&x9dZ{;TzZZy_Mdo96P+UC-x|w<K0ErfEx@LQK%=3f5L{x3D3sN~PHq%|`
zbGdr}$|gzAa5j{SQoHu4Qg-us<Ml8s`ACK<_J3)~Z_X70+c4>Kq>LX}SZG~=)DKn_
ztr#m6CmRkoZQ&S^#KSb$Pe>_+1aENWA<S3rb$E)+kc$2Cz?Q4SBX+pUN?S~`CyH8Q
z=1Vaz!Umm7E$j6%1l`=zrdA_RX0525r^}a4G$b7>P-|~H=Fzf@WAh(X!&N}>eR!7B
zGN7cD)47BO5$^b!m_VG(L#AI^RE%8|iOg6^`RrL<J=SG2$cOKuA#CG@X;xSOqPfR$
zweIli;5`;^P&%ieVd*OzDok-gA9Gf?uF9uWJ;ouC26xwUCIsLu5clghP(#d2kE9p<
zm5X7k@9CDR_j_v8ztjuz?+w<ycBSWwf!l1uQ9Vo}B#ikCH2u+3tXCEifDD-Ekt;v-
zaNI))_mjSeOKT3#pcd-O+2Noio<0C9vM9VCptfw4+@ZKIBl@3X5)j0L?yCV_^2%oL
z=N~aoDRE6DMBw~GadF2UQ4RjzDgo$wF#nGi5p3X{{Lu)Yg<(7kGf@U8DVCPuse?Qi
zr>Dj20hdf@XwBZ>_lzVQG&}$mVrI1#Qv!^q3JNB(Qe+bv&o_n~S^*I<_@A9oJMc-9
zeN3lpqW&v#K<)*im-OJm!UMC2wTca7<BKYdkTgjIARJ%T5qO_q4kRv$-5QHY2Vp8G
zC^%q<e@SGC*9X#m>1H|NuB6!>zmx>&MSjv7qX0f2d5g=X&3t{+gz4<O{{m<l%57Sn
z3`maXO_`Yjwsy_8mX*B^&_kYc!%zIf@hT$UU{R-s?dz@!Y@|#5lMf^ChfP9U{wsDd
z(H^zF0?`-Gl0imzIM+sPy#cM&WxZ#a{#sMRBj@bf`hq1JeDDvtHAgXVpt%RlsDriW
zwRm>>{1{qZ9{(PsyZdU38{jt#%Wt!sc%@|HWyhZ|iKRbE8(qV8mt(0<)4;fYs2mvJ
zDLxv<)*mSd-Xyo<!tHMnUNdr`y>YO41Fz%c={78_sDL>h0PX~W9UZIpgh+~uwb<}u
z4-WDe=`a-)H@&SXKit=ooERHCaT*TY!-TB9E4q<9L`3sFrvGFMj!Nckn|aOz7t||D
zlrf#s{8=y4j<Sd%ep_xt8Rw<#wRkeOtoN;7wd_GlWx&U4W;9l<_U|RHT>$6Bd#7q-
zXzV<tvxRHu_X5a&u{eWE#3VB9eCj^Ffx<k>jzu`+UndQY*$x!0F5J2?;GvT_p_ieh
z5jZbPG<4rPg2Td}g(Wqj`6#uv7zF`zklC(DP;RJZuJg$+9YW+GgXqtx_s+dL!B@ps
z{jZ<ExUB1EOU1}|-39#0n~60>v_>o~z?$<pVrt$6X&5?X#-16&zI5E;x2o+lkT)?n
z-)e7A80VCaB5HJy;?{q)JF5Eu_?C>>n=El_L6wZU+z~p~`k0WqHY+g5?{j6H02UA}
z@(tR1HNYQb673|N<K$vtG3z>=uy8{kI#tN8ejZ|7e@Pv3BpD5&i^u2~FGFy&_>vGM
z-rUNB=QN-i&~q9d6``4P6dRqcDngWViW>vS&6(IVmo>oV@s+mm=Ner)R8#RTP;O4>
zt&gxdPqFrTGy|Mxcw}Y`Y@o!+iA#fmh5<(NIRm`LCnnyG5AfR#@!a-z084~sNz5s+
zOJ;McWCyBa{Y%{vE>-ia<Kr`646)lEHd~vLH)(aS-56ZNRjj*xqO#cF`rF4mF=&JN
z5weg+u0CguFf1QLq@*%y;+Fka>giPER8Ru;DL>qr>>+XWd};dGIs+-z{8zhLN9vI`
zgp#6HS5K7wCD8aQ%7Q?vTo$ydq!w;n-7XHQ6(diTJG!D=qDi(bd0(hpTA9}hzffr;
z?pl}V%#tXxfH^In?Rw$?<aqgiQf1x*hJ7cbAMYi^w2!Q_|4<7MjmQ*BF?b+@bYP7_
zysCe>!q7^K&^YyRuT^d9CnRZtp3c}Rgh+>?P4HKh056*?&s?KNfJjN3R)RA-VySty
zfMZN!C7Bs$;vKp21SvJ2ukrC{!`_0qU)Q)Rgj?KUhoWM))PwJJRHwiP&uxn|l{H<8
zD?K(>G9h>${k-eBVYI)0=ad8LI;ZQfGl3-$W1lFqK{P9eD+<c+nxW#6_i8F0bo4nv
z@;Pc+!Krw#GN-!da@fGJh!Sl^@1QnQdaW!i()_fC4FH<*EVC5Vdu{69HY_E7x}Hv#
z6J*T$`i-UX4><!{6dmb&CDb$!p#tOUwZVGmJ!#pRq^he4_K7T1&sF*^SODtpe9<2{
z0Hy<^0!zPajkN*p+4_!9*saCgt)PVUnncaQp!TEOmAj9lGtFO35DHKDe<s8cf5dD_
zYV&_6LCea(W_q=uxtQd7WTgQ#&+%C9jC>yHC5V|WC=r0wfT>^6#)G0l%%WN{iD$rw
zOv&Ex(-ANcE<FO+$z6_gY>s?U4UUz5i<{C5zF`cw_BH5TzEH}j3Xf53MeQSf(cc6G
zH_)54Zux+0Sp^+!MbTjw=SLi&NdJHRosiuNpq|&(mKh1WrwELyOEs_;Lr=P*22Ei<
z2`STaV_>_JZ8w+ha0XE?&Rd>2Wu((uNVG_Cq|JU{K*G)^UBL`<2bdtiJ;BWbQvp-3
z0F-WZ*WvE`F))=)?2nD+?Bqw-F&BFV7rxoo^YBKaIcxVEvwVy{zmltHfRr6GT-DfO
zPiuQhf|z2bI9VNVbsp*z8jNVchD}G(yE6VP#z?)yunQ~2@Gu)RIzvO}iO|HDY;x=w
zZ9cB2=lhQk0%Eot2~wXoLN3dG05%0hMRk40J45ZxVr`DXUP8(?{-4hjlQ@fM0mRR$
zEG{VkOBi_SN<Bu-jgBR__XOb;7`rPJ`;+&3CV&4mwh2AQnem^58?0ViIxWJkI>Ij*
z5BL}Hg6?cN5ESF%S2!eVBlkiy^n$3zFLWMW$yz*PK8k0g$0vy2K_Qk~>R_LSQH+i<
zGF2z@glgqKhy}#uOG;9Uf$VeA(pDoJbH7wHCjZ;%Atk?zZN!5S9I&~FUP?6_Kp2V&
zj<McDgWCqbdj2ZN?!dTj7%uE~Uiyc<89)V&hhr_TdSau{nDkj@8i2v?WA4vG%PVT$
zpL3aou)*GR%8WsLt7|UBdymFBlO$L=3z-@wT*F18jKF7CLlgS?`lamz($dSz@A#yj
ze#v%`LNZD}ga4?28~~z2!<y8$+k}*>$az)rP~^K_tTj~ao**6zzEA!K@r8K(MU5_p
zXHNdAaEcP$#}uf@^woY)F$>3Pc0e;yv00R35X3C*M_PwcNm^ER%45w1RWH@Aa8;h_
z$t;~2gWoTWWnF?!oZL3i!UT>Oe}sEzL)trIpR9!7kN620cVxuGRyHB8l6YJ;!2kAi
zNXRO;jA)qP!wwd-q^Pa*M7^3V57c%Md1qiZVbyH|TaD#aAx8t)UM4ov=j=>caVq6v
z906?!3=hjNVZ7<K6Ud|ct*8m4n}WVUGZT0nxQB8y<Ep;eu#4H|xZLY#UA`k-)#W!1
z(OW2;WeJ!qPm51i@a31Uv@TKrAds(@n1S$**iPPxa^|jSg*E&&s(?UHOW?h~C?nZE
zcio>ajDkQvs?)~N+Nw*E$a+P7G~knXg=U$#(@TwyM`b&TZ@^Y=viTV0FY^zoG%%>$
zh$pEek0O--!GSn9iqwdwj>8?|qz3fdhFZ^L`Ck4Pxeo8k5qCj`!M4{8O9sXS1|~U9
z9NJQFB|~Mdn^yqX^PbrFjrM`n#z3N&FxYnW4+e*MR9`WdrdmeKp}L=9&b+8a4#Opu
zak9v4=EgSTJ&bG17O(mkJX!fXUIao<NHlT{_6u$Gy9xS&FKrycWt_FAUs_LST>tqZ
z6p0N$C{M|Mubg7%x;}Su>be5BEke?DVLI%{H96p}x^S|_=11zzc_Egr?sH^u+mDJt
z9k;E~9<9aD(S`PHt;PH&bZ`fK^ZEuG^_yo8Ck8zPUFC!WM1{$Vc#8G+XC41CuYot0
z%>NnktHRw80|9qm2}H4*fPU*BghUm2uSS2$t>pMM4Okk$Gp6WgMIN}e2jyiIBRF(+
zzS76Sfi7%uND;!YizA3xrKsU)m85Pe|Jt4@9o5p3qT<3rmQYLUS1|x($m#aY8NhdF
zM0*DHFB+Abl23n65FK4B2M*(XGFpT>OX@s_^|&|Sh8nqi4Q>N1L#r%Z%Fzkmy?d8@
zwsP3gc~27~h^IVV2~13+sfcHk;WC&K5(q_)m(^bACNgAX=$2EXB&NZ57YC0XJ$0l0
zFPIJ_+wA?hm-i5Oqs1)CIgje0UCfr2#){;!dT?+A#tah(VNtuCmIBNGd3_f_Q-A1`
zCP4u8{Y<vR=|sbcBnE~>ehqtX2o9lt@}!FF-y+RVi(6OYeAichwbSX9PBS%C5Yvd(
zo2eRz=+BX^YXpVc?)0=D;4eihlJ!R}esw<h)zz&tyt)+#y||L|)M6yJTK~hu1LZJ~
z94Zg?ED=(UGfFxX_WARcy2@-Wnt(tA3KCG6{oWwpeTt-*yr6%;Ei^(t@OEuNb$~EA
z`SSPO&9TCNeBDWI)>sg4UoX%guwmwVwL9R4`1590B)}yYJ}+t?{iXAT8_{yhA?fUc
z<VnNZ_E?&Z!dWW}IFw~Hh{i@4w_%<g({*iakjEeGv{M8jKw?&S6?ze?UWpF;;XBTI
zb`nUlG@KjW3lU#l83|*RlQv)}heG|xhKzUSW_)GOuE$94vhXW)C#%<{B<ZB1!xh><
z(ZuqxoPG?JcWHjNjVsxVYH2!Ew2RTl>(2_<2p<eA_kCD=0l^s_81M<Ru!@T62*q|O
z0p5GcPq>cp&T~fkl1E>?qXF?B#Q8pEPPVmLGrHc(t|sv-lan}K8Q>MMAf;VCjhstM
zxUQ!6{3|YgSY>5rJ%qN(1-dN^FEXet+G_~f^Z#!&d1D`UH0Qkd;lZf01+_!b&G9b5
zaJ#x?)3k)*V~7DmW*YN-JqEO!fGYeJ@K>lew!Ae~mjyV_JKwLrLwSIYj$3PpN{&E4
zEE!#u8(ux`dx!ynK>GL*dZl{(MIy*JRkSXF*oO@VV`G{GDUaLKwwE2au6vW2`Qrin
z&197&pFSN@x578aU(j$c2kv~t&0W_a74-Z5#wl@UljfVom>;A*8ptrT#(sx)c~m?F
z><+c;27!UlrF(5Iym>NL{)aUJy!rL*E)URJ^PXRC=gw+fo^QoD0=joLx;r^pYX|J0
z4PX?iqoadqUN>J~pGSs-b1jdToejdukQ>kJo8$HWhMyby*iy$;a+8k{=A~zpWA1-S
zkmNL@K<IU5Y+_hB6)PCHGC^?mBCUM$FFc}s`GBS#!TETuUI0Gud(iOjV5sn#Ha`_n
z9JRwsmCxCI&aAhMinFyp0%<E1o9q&A;IsSP@>i>hEE5^M#m`Jlty%wY-=qjCyKns1
z1dxEKc0B8ad2Y9f@+%&g=}*(<t=^UXE(PMFkf?{t(GPV?0FU#KkialQb?I}pk6ys}
zCd+?Z8FJ@JeF=Gi|7`yk*8SgCuixK9&}aSWDx#kSU;w)XeEHZtdm%|-6cvt3f&mz{
z`cc32?st&syD~6-o5|p0`O(_h&Q?HGdBRt(ANng7!@kgODN!rEgzItRy^jV$4lXve
zT<EM?zi2h1Kr*5pcd$ZIBU&vutQWYDHFXL4g`bLjf%|%?EP~XyI~;_SQqH*5l5y33
zS*vFviO1_f3+i5jKcIJwO69TZ6G7#mrKoImDcAWB9?77BYY|b;hMk;Pu=rKbMwSny
zt5VJD@@g0UzeAHF{`&937*66!0+wbY&yRrszeA(LS3JsbQ?xgM@Gq+>%2#HC2e^=a
z!m<~e02-HhQ;8FNTYz>*pO%*`^73LuQTBLdKt4tvf2JoN!{QtAX@CGs!^p^L>!uy(
z=G|RLpqYJvwR6kWjL`&-zTD>g&nOLWniM}}u@fq}v3+?W3hOmp#NU-6DeB*sBl@{U
zQ<KQaeE)k&v&9==9Y;c8hZj6N?hNq09l-b$ivYs^)2cW6l+m!;xZ3eUh{s~oDNnEB
z-PtR-#=cXMU4@$3>(iIWt~r~jiPENlrg2Jc3dPBfXQgIr`ZKP*yi*hzO?<CTll6p+
zo1#H*#Nno`71G}vS}GL+wnc}BSMQV3UlDL+5zqZT0+~;9<jt<J!k0qBdS~{ZC9mhF
zW_)$$dZ-0}C<zXJNOBpy*7N%@CC*bbp4fACe7f$cl$;F~*@yP6-L~86_m!LV=m$#v
z*j9X;NxN!)H`Vnh6eCrCOr-FNhBq*GN@p1xp*7`A@z)2&-<R~=cgL;fnV*XE6GDJr
zDg+Gp^^u?e6h5e<AuysPKNZiRXi?yKs?zH(HR113wedOP3nXKEiQt+F*ze9xz17Tq
z4Ua(9%xx5HW|`w9X}&t~+0`_kYqFyNx1W`U4-^FV4Su+5N_CW6fAz0fswMjWGetM-
z!kHhWbVn=!M;wC&1%3h+`rFb2e8IqckkVznraw1Nec9K~dd5-U6vh<p_RPzbYfoY-
zYMxp!DHb-FZ&3Fg`@MX!?FyTft*Tno-(bpyXWuXGe1AnBSaGnWtI{`E|DU?86ESTh
zHu_^F3R6FKkuL!t=QoQJ0M<O4Pxl38C4BjHWbZt%L=^c_giWgLU};0d>6*f4tlkd>
z-reTCQ|c;#VQ7Zr?tBG`Ob|VaoCM`DNSOLU&z4?VXScREB>t7h^Y{nkI)e*4wF}b(
zb^lbZ1{H)<hHRvwB8Usw9GVu;#?8#cdN0L?T3#L(ztFOlmzRMa&2CMtJbR*1XEer5
z`X2Ts8}BmP9W8PzohgOw)1Tt=jqJ|9&o0T4diRUHUpFl~xTlMQtbPsy11|(!ngaGl
z7&ub8w#I<k$sj4|1U5(I;AoBblWhySyOmn}`ZfgR@0tX-*U7dfJ3Sa^3?xiQ__+__
zIauymAAn)1sMPKROS9@I_(Atp-qB9j_}^w!<Fft<!$5yl%9>=dN0H0P(I~h&x=B&@
z)e|Cg#2-Imwp#5{0U6&ZguE5$CW!d{eKj3||N6DXY%qvb1LBTnj;Y-1e{0x_j+AAN
zQ~XJoQsJ}7$S|Iw?J4ZfUS5zFAq&!@V@M8rh~!rfQ690fj)Qr_s;UZT;b3a&x+MsI
zLgEMq@Q>=4zABGVDS6Znv*>=6**J%~(9`EE7><?}t<ees!rXCKNI&4t`Ud)`&s-tw
zw*{8rPphS$B_YeL1Nz0zy|tIcz?sY*Dvk%_1_B<szsIRzrX*sSf*kLusgV=thDcZz
z^@iXCx^Ye1f{SvE4vl=QiNp&h95P5vd^{DH_>{NZSQz;v34DT^z<HWLKjBUq+h22i
z&3jmMb=vlYI;LG`wP|)^U7HZ&k4`hn)Ucz3mus=e$LuhXuv1ClCM8c!QaPcBf3306
zRDRjM;O%qHJ&#tzRBU)$i|MNMM{|B(;ntIzvCTtD$`g2k@tuc{ce0Msmd(whWr(Ko
zU1~aQDY^$ylV|hQLj{Pmw2{&H)lo=T6QSRAjZN@!f<+guDqu@-Yh1#ZocCT-K87-Y
zxjxX!omzKmxU@4h!4gc7ur;P03dju|&UKkb;bbBuMaKhqB~S>ci2;5k<jCT+0QMFK
zGUI4#J}16TN;*-6cz^Ue|6~e#od7~TyLdr0*yR=3K%uZTA$2afeb{iHgth_KholRA
zH38hqfuX45SPm0cSL{8z#D7X8Y`JQk1MD90N|W;~Um3we@_Y`T-69yoeTm&3PBQIG
zpGuSQCX+wholAEM9LPX*WYYbVC0s0=W!&J&(YFI_)kV7aB<F))U$UHHL4o>N<=d;+
zqm|`LR*q%J@?KUUmF*8+6A@_TXbnydmsCZDbp_5dx{&3_&eJL+eM)_!-`UO5u5OHn
zRF8RFjo`xGk2UyAoWeePExcTR!9LESBHS?NO^;8VImBI8^S{V?>!>KdH|%$U?(Pzl
zl#)(CBt$|$x<Nu}=#IfcN$KwH?wAoNLAtw}p*zpu_xG;%oOSm6CoW^ne)e<U*L_`|
zU6p-*)*E+cTa?VQw6i02zlwZJPj(Sg%ciHufM&+8PtlY0$arwpgCMi;5WO@k%0Kbb
z9W*}KI6OiH_2(xN$1SO>MZK-q3h<AhKr^zqXV0HMN@c_8EWSRMSvm5QOafb~DDAm~
zgspub`rLF$5fNZsR$`)xL`Fo82PDEl<X<SGF-Mn=oIK;d78CC5bmc78oU)rvIFN$r
zfcBg?j?1rxxZyt|@lx0+Vm6H<P<sRpcbI@i99}xT<~6C~@j1UM)t#ke3#IX5(yior
znWj2&c(@=0EnKPj7>f>?|LQPbCI|i(bxbTlc>bOhYXKipl^b`Ly{jSq7X!hwelGaY
zYy-zN_FsDCXYknjZE{!u9eFrCz6}T&-buj_#S@Q}^qFYnJCvrPnkmLPe6@41Xi>;0
zy%OcPJ(5fre0|s9f2Zh%-t^tDIc^JQ>W6@BQVS~HcXT{{y95Cv)nC6?{Wuu@WsOLV
zv}DJN<VK;H?LVJP5|MU4yrH67xDh3Ic6Zwdq0dOsX=}-Rf*hQ*UjO)3wXcYL_ye@(
z78=aea-mzT!<&**fL!W0y2yai$51|f=6ar+z5veDY6DBwJuW<dH2TLrjn~)vXEH(i
zNjEyw4W36wEfKR&S}`<H&2!Y-J8e&X{|p_N|D9}h4;M6gbmJGk2dmhQG551){pxx&
zKNWMiwu+Gr)|TqOwE33JmLg6W>qKtg2w+(8u^AimTs$?LzU+cdzpB0>)BNvym+zM@
z4eJ0UunZ(yH7oOyenont$9<usE5W1!9>D*!k19fxxvDzih|9|{+~7#EvCJ|qN-R6#
zdi!E+p$iRzy;ofrU=_22g^7t^Hik6~c8Xs;3N9o(iZl{Ux1#X3ho`rWDrzs$czN0U
z0!P~mHGXM8QAd!<oEP}9Nngxm71E*+tMjGLV89|98~dy98pAG1fbJ>=|M-M~KJe9l
zkq1Sm_1>hN;6h>X5144qZk<hT*f8y<HdFAfF1S>sp`^gqCpfqQHXL~smukl-A<8Rx
z%I7yE-7HcBJQxk^ZZ5XdL=;Sq@eEzw*ssj|0-8l&i+6cS_u5s$4!2?#49H<$6{?Wu
z{J0f(iDGD^>rrAO7%qQj@pk-14iPwOT0dGQ_|BdGG(TEV)~b@*@%A!x_uzA&*NLco
zg%kSDIEP=>k|q4_--?X5YBRs?@IaMV-#~0~I`nU~C}w6v#OnBfA3xY)M~XoLwgYJg
z7I_rFOoK+)^SNWNoSaOO5r#%6fz#@@0P7Cv46{zQ>wSQ$+l{KIF^Tn}|Jic$li=6j
z#$+MmvhPX&o5{3Qzkbr5_;T3x6(RJ;pNetvIKc0qgSLlDjGt*-0t6=<JAdSp3bY~j
z(A_`qRIzf)*R5d1_%xj(8z+;+wp}L(7NFLqp9>*CgMo9K!0rEZDD!ucmPavQchcB_
z=(3aK`~7`pK&K{vN<c5c_cz|qB)xEtE_s2vMbZ`_ra{XVAGe+U#0irA6e34xNOJRs
z=Al5%r~K0H{^)XjZL?OdmQpRPoa9Krw(i4v{~P#hedO{F&KSQ*LP9tah9G18^`qa=
zbheJ_bb1w^U&}vE#nFt|nyUfNJDvQBB(E7&A!Lp8Vh3+0tacahiYb$K1Ee=JqJGz#
z%(NbPBnM-EuldzpDuaN6VpPDkalE}qQ`MbKw99XKmwFu2^IrtpnO^%R^5?U-kGdS<
zCEb7JnDDN1AWy)(j6MV5k00B2q-UQAX=rRq6_g5~Sfp4=f12pM+GQy#?WS+T0;N9e
z3GvZxZ5805D?Um<ttGR#kMj%c3h39b`<Er%wrG5OsZCXcqz>TfFS^zH+NgS1|6)=k
zaU|?D2OrOw6nx89Sd9!02r`f!WKGS^&EpOnq&&Uh1GFO&wD-OyaU@DfnKK92zWEas
zbQV~Oj2aJ~Klsw*(9qNSxhnGm?LyvH7u7s&N5VVFk>vbZg*%Kb@7?R-#yel1*Ezm=
zu>!V*HGrsmmVO1r_y2aN0*bsTc}8*ZcG(V=-Ry?{#hKjFd~<=o4`WKF3On6uTW_Sz
zCPw17o)5^|TW`ij0#NwgmGA~s4?!1?nE4q=LBLPa;O$l<hnR(r<j!Nq<D!#sic;T>
zyx}!N>hI>G#Sth2>FFj`@mMJmHzp70LQA(^2L(e$!FUf^rEw8W^MnQJomGwZSnye&
z<xI3YC>Z@4XQe&*-n0v1D;X1hwCYg~!`JFaj$@|f@&*Y(uFH}8S}uIfd}Wj-L9(?}
zx==uBG;h6_ViCn*A?2=QA1%YvX;mlH4gP~Tdr&g~Ba~uztoD+bfsO6#<F$B(>2Fk8
z$QPi1jZS|b1WVkvL8>5~ers;pL5&bU!=lf^!=V^RNa&=kt^^$$J55IVaf`J$<mUG=
z-j^FO@;vy--rk(!mg=9`b&U}|8HbMM)4Sf79NirSeU;T`fdP^P4QbqqN#4Qyx6e^!
z0&gxh8^@^8Yd&gds(W%GH`DgueRk~s-Q4bDdj;F5B&F|a{DCa+gSN%}g3pigrvG;)
zy(LgZ=9IS;Ohan?g=QFaA*&cGQUniD#E*4gF9tqI&)}d0ej&w@ZO<rKe=P3Vt1L97
zRL779WooU#WBhv!ARgoG<57Xao~fP-QVzsy|AJZXuqnwUQz-=ulc-`NK?6J)5rTM6
zeSrBsKReo<Qd2Wth~$p{S1<jaxQQ&Nd$R5=y5&=)@A}TxR#3AK=#3KXX%hGM(9bzu
zF7a9a`8c4%6cSByq6`XDG;<PotU=D}I1zWZZsT9e%8HQDlf@OptS5IyQI29PaX*l}
zq2Y@#KzS(VM<TYPtoNBsp9kE|X@F)H{Utp*Tae4gP3TXGj64VB%0GjTPd9QcB9oTG
zS4D#$BiMaR+z@d^4b6OaZM0d(m+jGrd0(<@iXRLtd{%Y4Mnyy>W?2X2YFJyN-IAqS
zZ;>ikbF>W>kLjxrk7wAR&JgPE?Gg>w9_>=S=j{xD%fsc9zBRqzNE$M(y{e4Am?pzn
zTo%1KU@a|XH@6}{7<K%O$p_r288UsVcPfIf0?j8pM@Djf%W|8vqjY;{p$5`P*!U#X
zs&~YnT>Vi<L1y043(U}->kP3KxN;-Uf>lmY2=q_1zH+St{^`D9ef5>|(t6*!>W0MN
zOLFf09mBe36(-V~86&MEM?&^`ZNW#l8O|1ce%Hv95rnBtwEdOJ(ZK>Dm&^=RN1t3T
zYZd%le`3DX&OYPApH~pKP0;Ue0(2VBF|FsD6bE00#rW0#cXa;7IitTW4B%aIT^+6b
zRrpUX>$o93VCe`LeqzbnZ<caqW+5;8`gAi=D_)DJ4xHNSmgHtZ@N?*8rtOSo=eccr
ztu6gVPu>epfX-tq(saT-DY!q0G&P?B)2!CDKS{3^@JONf`4Re`>b&W>Mtethcz8L)
ze&am)b$j&SO<-huPoxmi<<lq6`q&h#5jx5=I5CwdPh7uIP*j9rdtyIMfUQzRUvW|X
z`7@#z%qIE*`_;R5CFuVZaVUx*xo@d&bEn$qZ!TbCVDI2o@7O&oI|3oQf>m^W!eoA4
z7qsIi#*zYJ4385+wud>lwx^HG45VI*O+MV&`HN!fSx6tv#zs?9Fq`Do#c{)oc`XKH
z>GskEEu9<eHoliGqWoW@`}*|*r`zs~HJNo8MdZ@2&sP$=K0w2!saU>obUJYi_QPqc
z0)3CP*|Y3mHY#L8m-i<9gZ<#xm}AWbIX5H5Cr2skVhXk_g~(eEfiR>L5`pm~KR5SY
zVI4S>8)B%d;Ws@-5e|=GlTVY>1nwa=$=W7p50AamNRDD3E-aZ<zg!v(ro*_&>#-_o
zIol>OQdT@)%vPFbXjmA-2L^h(9ECHov(;X^p$s*;gniB1hlccJCz*bPul)()cqvhi
z#6v_39cCZh+yvc|Y7-)}Eo0*#`Kof`YRf-C-{N5pmp`^9|EUPa;ay~50?l@)d*xF?
z`u8XalTJpCwZ(wvrayciv2D)3-_Gx9S*vCA-IVDm+klDe|H%HxfAk$(pX6w%l%~v}
zD(I)w4U|x1i0NAG4=|XRt#rWH^T6^o5e7bI0Bec5+I$OE0vmdp*daU&Sym!I2Wg05
z6cyf=J5u+j%Q#D79Ui)C&lu>Br4dX^@5W8#h6CXhm@>wO^k5o@%Zh9?JDmDLNMqFw
z8spEFo$CNCZ!MS35gp3<fZd;E4i(%lb>prDeDlV2Ystf}QMTDN(IsgR+H)9J9fdyA
z3%R2!1ijsSK3ZCdeMq}*OTcz8<cH<DGq>&eBN5)S!{lxd0PN5V*-hQSpa>Jx%V?yX
z@^q9b%@2p>WaePL3UrR>%cULw`UY8b5E7kw%g<SMdhN9SV(V%ZuYkKrd!H3T6*<Q1
zUZI<WPwYLzzXl3Q=L($Qqn;wpXvd3zZHKZsq8ZKxov&E2=cc^;-WP~0C9UY)lwxL7
z%KFv!N}KeBm8uMyS^OZP2f~D5vub%zh|A(pr14)$s{6Ikr5t6co}tNkvvN=bo~Qg5
zqzi|0Oi=+3d~n@58iD?kAci7s;f=dwG22e}cxZ^KGJrAfwUUY+>Rxiy;HiaS#@uvO
z;8i@>$fA`|G6r?Rwmjrq6ZNlZQumf9NYz`ikXRR&APu8!D`&4cc5Q*yv!35yc*$+t
zb_1QzliN>7Apo<&{CD_(!~D-9)UliG`F|)BHLf0c@xybxeNqH!jg98IRA!yjSFDX8
zTk!h=ld?Q?ld%HJ+~5EdItg#i*VLf#qJD+r766TibKiv_|4^pPnetbp7)ZdN3OMZ6
zmQx@=Sq8iyx~5*yJwN&y)J>H?hqkw8S$o)mpOCPXKJgsY^}wiaObN?wW(;E4IRUTv
zC?6uxm*A{+qTgLyUhb!dU<G6xU8JyFy(cF6Q6blp(6p-TfP6n(@^1K7;hI<paSU<b
z@d)(4)H~rCYW3mNtiF>fH*%BHw8K+Ma^1SqVA9QHo34*Hyk%#P8hjPA*Ao8I{z0)l
z=r!ZVKtli^=s?7u@%ro^{)}kzEe)3k!BAQL{3{I<gD3-)Z~Ulw8J)r>`i~Dx+p{C{
zmED?sDUV`@(Q*gWGQ4I{M6V$LJC>Fb*){)JPWj!abq8&?#VTiWrpIWab=^ehnQV5Z
zazPvb>({Z#dNwpB>E#ZM*AW0!@Zbo$F-|9i7kAb2XBVl%R3vfn4Rq6OFtM|nwQlmX
zK;#!Ind7(z?wlZzj;rr-YeF+L{M!IoG@q1uZcc;MEMSl}EjJ|KDF18Zy1X9M1W;us
zWe%~Ax0h7yvKDI!T`+3h7Y%}{(29N(`h#Dft%hH4N_g0^uS;dTH|ZW&nz!!HFeX~F
zT?>M5HD;&MhoVQ(5OcE}0H1H_2y(nYqtN@f#h8zPrv`g8QQ@FF(&hr;gENqb8u6dy
z`jRY&5UJdcvCLYNfN$c|&SwkE4E|CrKRrPeZFYu>EzgErj3eax>%eJ~5~($?@7d=C
zdY`c<z&G6c>8r<R)?OV>-RsU$_nKF`Yx?L@%~J;jFG#HQ3lQSfc<{V_>b^N~{2U{t
zagJ8{is4$`+UK}yVo~MwaohxZlr4xF)S&{+Z2dAa_*~eDB0eX|CASYR@BTA_NoMy>
zF*o>0W&Ua3Zic9Vh3C;TDZ@AOKVw$l3TK3V`%{1@L{xqhn^dBhg%OE9?y2o`fPVfC
z+@aX;WMCidTPo$wnKNkU%)fr5e}?VG;aOvQ<=1#U2Y`3l?r_-zBYbS$)wGfJv3x_W
zE!cK{@^{N0g;Mz{wnB?OI4yq7WqQ>SQolZ3Nfyl_T@i&*U*Eq}7X*FAWC(6}$^`(7
zU9qgVxSgdQI<fssNT^cQBRxD$GS$nk&XS>rze@oT5k*nw!cYN!FIiStb*qM`=NsWy
zCkw6ZMj!xLmeGWBczB=UoI9HLSy8qv8D36aUiXhxXibeP`Y`t4X-Z}5fPxewA<b9A
zD#f6{FJEG!KT;mix9=WA49+wS5zTkQe|;8OY(qT18RD^R6!QRC%C&+4bLM6uk<O2d
zJyv!(<mVhdooaPqkcKlAUs<kcB|>oW6sbUYK^=7GscayRBIR8_?c6VU6Vu_Z`Yos#
zlf6b(`r;@>=f!&UNZcN}{Og#D!h?5<nRH;^g(ENdnRx1NCKv$UE-T-wD~wRM@Rc(M
zz-I~!S1jp315`+};eY`>=$<VhMS!e_wnd`}iAu+(0NW2Zp_HlHci(z{g5V0FH3r&r
z@TWRipUqC#OFoqtZNl!Bm%O{o$Sj{_QbS{PzBw4%!M=x8c^eCXq=bji{a$qOewX$D
zz%!NBOP(w~EUvg$x^FwV(>gY-ZVL)2K{=D_N?IA{)qat|pX`0M&#OxdSijt~crG_c
zJ%9fInTr7tfF2&=y-+jA?<L_DqStqb%Or3GN}f=<q|aphdKRDLfj|L^38o1FRpuY<
zfxcIOWT??r?&V(J%crq-4~dswJWcisL?~^uU+kyb4f3%Kz5q1G(xUvEfJ{&8POs6U
zjTLD+w=5fFyor|G5lRD|Y<iSw>fu+^an<Nt@Dflb*GO>EAxGIeB}=avkUGAqI8azr
zYe%hs39v-C|8RZj>LxI!X^5PpH1xAE!+!_;qL++7x3dct|06^;)i}C(yo(A=o*g|;
zPXmn?$0ykQJbE~1xO(Uh=*U;CG>>Khs~1|cD_Ur{m7p`LN|tO~fD$BbUPo*uLw|jy
z?ynpJaTy-7-64|?XGQ6=`6KWqx7NNm7{0ha%?hCl>g6e$yZ!M8_^g<xR}J~Qst=j<
zNb?zDRzeQukMHRv0ikdL7U)mrL4FAUpkx(2el030=T^ZJK+As7%=23SkK4|$xhgv7
zGn#<sM=#6<=g#sWmVl+TKRzxm|AKbL*ie6G!|uHa)%G7Zr@}g-H@;FI2gi%&X<jvc
zhPGt-LK!7IYATn{76*hwj9V*U^B+a_t2=hRr!5#l7K9U~jS8AUk7={xp6yW~{ofP_
zX~g`DA}!2NgUV%?<XgR=uG`(p&STzHxjaY>;5PDg495l?Z%(phOn@rtxntikP&&FK
zySLPdysI#2v)OT%^7TDlG*Y_M)T=A8v#!G5T7=!RoP2ov7Q-CUP><I~MN34<wx+Ak
zQ?lMdOZ9Ieir$kV?ZZ;Ui<wfb-nl^}CAjZP^>EODjf=(+bhYCBdSIl~cj{S!`dXgF
zGrtz}4Ig4=P(tZ=wlns-76L}fIb3_I_|J{^88LZK{`O;^PV8XNh`gw(DFwf4X>dvz
z(1VYRC=3~4pYGc)PPb4G6%4npQTqTSBsj5aZ=uoAev4Ud(Ej9`LajM`r36RE=0(yB
zqt+1?tWXqoE&hW%7~f_?SlF4JKpMELOhapo9XFJ&)#Elg7k<1xa0a>t+Sst)Jxzmu
z!3;krDFP$K0fytnra#}eic!?$rUQq{pJ41xqN8mX?0+oA6SZUsWW1@FEe_RmAA4x=
zusjGxZv=>S9q2SOAhE9m!|^-krLzl167R}gTS4|4z;^WI&tG1~e*doUhAu~3p;3rv
z$_dil+V2nVnxVEmaMbuWqdFB}$u`nfra<`*p<R>G7qar5urq{Xf<E4FZl_mzNxDC1
z;6xkfSAP~8SCqB)2s|aUK4#})CKXn@>QIy*HyO!&!&m=>U99LKeEe-5Ewwt(@s!V(
z){%&{vHqRuJSOsJ-|9xv6?GLuz=eg|Lb<B|TG}wiBBmJHaajKFwroA*99&j+W_VFq
zi*)Z^i-jXoBA9s)WpGF>z|xGljzf%svG+MD;1Ea;N5&)=)vJnjG{=ie!9^2gdd*2y
zpOH3T#$ND_;vQl!4Yh3b`fRA&mBjXyhDNUFJ2Z>lHGCAZ;1Dv+ay)+0WI+Kw@FR-B
zlRBfI<L@3^m_dt*d{T&XC@?&H#?gX)evpHOP5*rBgGnq>qA6vOBCdQx%xCr3^1XhE
zWDE)D5MdM)7n4Qa1`$ysjr~Ob8|?pUw_khB{__K=Nd4p&ZqP3=^V0X;RGGz=@~V7=
z`kPJ4C)2RGFP`)VZXS=oxEJ12#ptMO$gK;~JE;CMig6xA;Yn;T4e-n3i;({Rb7#Rd
zGnj&+AOZ!6QHg}KnCSvZ*+~*WcBJ(Vr8h|CO29ux0oOl|%q}$UwT4SK4+GuNQ6V+-
z^;71&Gjy9bHWT9Zpi6i+iy7fNef8pr?L=tWQ{%Q&CMff(Xy$=TxV-Oef)2B-0sY~!
z%q!54^w!Ywu~|k&j#QvT8#J+F%oT>mBa^_px*)~y2#xTQZ58h5%+&(yJ#*VhaYFe=
zL6ato@O|k2V%cwC0CoHl#PW;{Y4*T*ZDOJ%l#xA@`FYpOq_x7ob<ya*rc=uAO{=$+
z71+aZbD%ro|IjIKzWCi3(V?MXe@6EyMZ3nnyYcC=2)O6`Z&(%d6=|%Z)jXenv{U4W
z|G$x{S?P>OIa;Su=@Ckq<mctZ*kS*OxufHePT*NSw>OD*z1T-P3)~%{7Me)_1-2J!
z^YX&6OgpjY(@V~1pY|s=lc0v0+Lf%M&&5l64z)=*>UggytZKv6mU|+#uL4EdQ$+CF
zreNaB%m2B&n6aZ-77_S+vHP==CLl*;?>q106FBzr)yZIbpe9l?m24(GgD5~2?8L}f
z!&f@b@POT&#4JflXmUMrO$su4Nv;_sepV(iAJ%%P-@y5uu1|X}NHjcaq>}~X;sNBp
zrbV8j5FkgdWS#!|%L}cl<bkTlH-r=JkUA3B<=a+OE{J^fMIQenIQ-v}c-D-7IC@4~
z@a#1V7LYa~!~|UW<1iiM4Q;iC7+dGr`B@DhBD%JQ*C&A!6?GF3)*DBxA+^1+LQf|K
zlqXM|jtTK_0Qir?nc~p!hny(5x6|FVXgq+lpa7!|`s_L92`Px|M+o`k6y9HQBn483
zAb}%QZ1OzhF8DFg(q)Pa2|)lHI=b7c@9hp4-1l_;3XI;vWT-|)Is)OIPVHZ?%Ao^h
zn*-0{dITqcR6oL~68(RM*;T4V4!uJ*g4AH)Cn>^&o;Z#K`ZYYpXj{QeO*Y>YTS*^F
z#F*emug7V6oI|`rd>JMUz8IbRmiQsVt@P#HvQ*F6&)r|R&`*O{l6>A+G0q(8mM)+z
zr?&1Z$#dwk&+iM=G^<62$KO>>4akm*(332%9B`s&q-spM1jO!W73q6X50yK?x@3C6
zdaJcvwqG|5UJ4^u0j6UPJQ8%n4G#Pm__3S@+7RMIZXN<4BYn<J(u_3*F@(7xpYUi^
zWl0en@E3|Fa+h7y0(Zq1<qO#o1Zq#S6dG`Op4upk^{hy_3~r=xqOaYHmnSw`?pLwG
z?=o+GbM!%zZfy38s{xlBi^f-$7{Si<-t#+depD4t-QVnqA9a`S7Nr)uJ9q;~_?}zp
z+>S)l%fNyv@4C*ZEwNE#(PZ0fuukXZTwE6Qq`F_xV!PQR`SnO`biUaG;)5|q;ctFf
zn+UJFv_JA0<fx-(bI+N&=YU^jZU&`IWA7!`Kt?KCd&5P2mIc~vec8)(xIOciXtP;#
z`_8sU^HnFyq()VhUn2i+O=2D%`-a-n!;e(*$T`tR?x(Q{?L^rbZT_VJ=m*MKU=*va
zIt;^6N8CB*$Q-U-Q}dUcD>;ji91&047uy%0RQJN@sPPfM>(Qqr$}SlYNY0(r%ql0y
z`kd{(^`gRbSAMWF(jC6WB<XAW@U6SbzYNKXJTt6fdlC0=c~wnnZy)vw`HM*FZ>+qO
zMx}0bmIGWQMeO35JEJKfatS$3cVgTU<}o&?$Vd|BHT&bSm+*L|;{Sg1Qe3MZ<DKI9
z@{nv@R4#Tq3`q5S{fS+^3tTUbE7x-(GVvR~w%I0z%U4HOnvy~__Vec=u;A^P*g*qr
zxFy(z<V^_QbJ_yTS)#g5YA_vgX~%<V$;XY}d*Hp>u_-LhRb}nXjeo-(U51BphP!i9
z#Kwadsd<a897y|33`d9_RF-JS=c9u$w4F67%ko}Lb&UAzH71YMT#D1^F?g4DLagK#
zuw}brOVxtHu3cnMXhX>mV0S+Sx`&6!2~l|spb5&^h3ZHU6cp)dRwrSk9KKu*Fr_qk
zTm%Vc!Va~K;~Uo`OLtWleGB6#?*%jkH06Q)!!(WCLUAlVOC(y)PqFA3+L_y#ec3Wz
zDhDJ<^FV8LLOur{r`z}z9aV}i@y?rHkEcn6fI0DM_Q51Gn%3IOL5;9BDlvX{YimHl
z_aBYrvasZgo{S#2CA=)US;fH*g#nG%6XUgZaM`IB_Rx`OcaUK$?Hayk?wz6-oUmbZ
zN#!%OJTRsEin~7FRdG8e3;U^^>J%LW$ApNPO>6@~>F;^D3_K4$V-o(vXUs+p<Mh{W
z;r;2$b!AYMR+ateZ_fI=ror)-c(cE_j&roD-}v?hJ$hUqv#?N4rcRw@^Z4o~cY0E)
zT}O}{w0vx^ym~Z(KK*ePxpot9zl!)EPk(*Avoj5WgiVxkiUNwiASuY9P?Zst)L?GV
z!s^`(3Nc*G)s^4)a(DIdFuk5f#)Oc5DvdQJj+(?dOXp}Xbem>WL>2-tvT7NaJHU=P
zW8GErPcLx{0HD4D0L<jNLPL4c(ROggw#SJmZoLjS7i@vW?~32;{*ua7jAhrHj=J-2
zMsvg6na0?1YneRqAFbl{Xt-TIz9|F9jC{*Ea|6`*O`V&{pzxrX-%osQ%$WFu48B6g
z>$Mk+l5j%9D5+24F?r7V$AqdifVJ<CA7Q}JcXU8Xr!L@7eAjD&6KBh*qWjl5Ewl}B
zQ+IGpCA{w5i&zmFNZvLX{beZxs2_I7HY^6FC;8eOSDJP85O+mXmv8Pb?>kwr5s*@n
zQhr1w(bKS2UiJadEdk@!eOu+Y>05nY0W-e&;9lr0Mk1>-+@L-D>4P)CdxzpVtv8@=
za}>_zF>Do29A%b@@Zllu+%po*I5DD{JMXv6U$!=jXHSk8y}g-ciwg)gx9J`mC`BEj
zL&VZzKlW|weu7zHVS&Iyn!)sd`;r898OfDTb6lpAW#mo&^NHv%mFa2}$5mwy_C9_;
zLg;820RgJoCbbpbXVDH)*wdS$S^uiHf7!hp-~Vc|Q%F*+^F;3-xnQA;2of>%y*;^%
zJ!6Z9>j1Og+FP-s9QouRJI(2$s!3EH5mV=^pF)n$k91a^#2b?v|2sczF)<)t>t9hV
z)ptPtL>mPo%KeOPP=r8QrAD>hZ}^AKoF=<lsVr$GKe0+75@vX7A%8LT%H3Kga9P07
zyp(*hOGj7To2}@q3tt9RKKJ6X3neD-j>z0gEv?-}Uqqw~TzRf-=1bq9ol&cTLiZ`=
zdC%|MHh0sBXptX#%;)S)1zR)%8MCzxlQX!z6lz(&7)`dKGgYqz(Dt=j_0J~A&0lw1
zc3pNQfN_iX3)Ic29UE4bgKv;-f`_f)Y<YZij^6$`Ntc@s(Ix9q-OLfnf&i+If+Hoh
zz^SY%S&O^kl63<C0|Blw^l$SN?%4q{@JGSz`YjZB3(BV%91SJHs0vO~{ZCF4*WEG^
zL3EP%G@4>X?uS_`lGJ?2RC?xk;CQiixe--rt&!qG%srboyh(Z&t@IM*RCsLlU68*N
zb-tjAay}T_hO0p2?OQ=-`9xz6zcr==nwpo^ux_yR{`_3?I)lmO+45v}0$bZlB$?`Z
z=PDkXmR9syM!=+Nm{R_M9mn_n_UdGF1^!=Xp1sVcJhwH@-5KO=H0@;(5@Gg`*smvI
zyH3Ki<aMywn(hu9;1sVv9FsONSq}W_Q#)|!FBT3a!w&h{`09L;iRC6}kG^U*Z$;dS
z#Yq<F6#4|Ovg%9YR6rH|7qDkH$BGE|gDS5J#TuW;@s23EPkMa*jTWRy4_(Oij@TKI
zFb_`h?t76pvb{jqFtqck*u^+eqw%vF`Ysvqi@dZ(LBq<J#S4hRLc^CajhOiE`qlmL
z=49AWil-=In}3lG-Z4V_Hi8|yCTYgTW_6kp(^`eo#h=T#$hWZSWFi!$DvX<C($F7P
zXFpqKUtI`&WCx`B^b-9hvszq02-eTeC1iPW^}qs-4}ME`e-8I)0Sqhg6DJy}AWP!Y
zz9~lY-XN+1wck_75zgt(dK=DR5G<gEdWrGh{4n~<4`PTmN^gcz;%(qd*y5gVd%o%$
zTjw+^Cb37T-Uc1=Mv_S`SF|b4y_xlLY*)F>fliTUkBOS$hkq8+d*YRd4*DP5D8d(x
z`%acZL%$n?T+*AMUbH8oWc!T}`9*_8WYLuU8R1qNidSg?@i$EQg<OHkB($dA4saLA
zee<TcRG<I!P*5Rb3E>Mcxf~=6lBc1w0-@NT+XU$XJ8?oN$zU;lUT3RFrG6FaZa-U#
z7*iW2OiRtteN!EU1Ki9UkWoEAMMmdGb|zLPQ}Y9Y#Vdd9ht4M+vq1f1&T*%`G<ap@
zG;51&#wS6lc;X_51>8es<{@FYWB{byROseZ>uGz=bnbNSM^OGn+JeuD^~7DnOV@y{
zCIep0-bj!<)*dXSc5Xh(<LyEcKzztI!^^{Uf=xw>&e+S>$+zpuUIguO3Q6p$z>-S+
z>P9w^jJxGNjL4$Kdj7nrV#`jzWGq;X1I=$;Ik!(PK8(xmedzb0g{Icp-zZDlJ^4(2
z&3}mW+Z0NEdZY-ASm&s@fGfQBcN+V$03ldpq``)$y&l|)ts`6}llz9v^^zz%<K^10
z89donzXp$I4r&+uo*bSZ&i;n%0rPWJkcTT!mYFQk+8etf-R@=My;7%Ff0?;Ri>v3h
zss#xqmEY`z{bFr3W2Cfyn`T;(xaJ#RmjLagtLL)})pSX}CVz|lkTcGSdYvm^!m(v<
zvQsA%GnXZXPM3_;vwq2Nl?A%ZFe)tzVJA|dq7ve-o6QkUZzP>zsTm9^f=BnO3clQr
zcJtZmpGvN@3_jsfrKk|Ga4GuB3!ht<TNp8nv>wj0Pp(tWXCH{J39SizFOi+ywm>BN
z>C1#?>Cw!x6au$aXe<@`%Q-IMCbNi<@O9eI6Cvl_p3>DY3#R!LjpzBVRez+#;*of2
zFU`jf3c+&y-}-r51f(}mHBuQ)VT_fl!xYc#;eMqzdLCT>_kH*MTG-|1gN#$@Z57TJ
zX)fShOZ(01m|cw)OJK9d!9pv-RL)GcZ<uoNVKDB0rR|^s+|v->+G=*7?&_(mSyYO+
zTGmzL#^w$uaKYZIeqEWf^D2_1y@xnrLP>|uRJUVr@!_%WKlRAZwHn~(02I8^)SSW_
zi<z2E6~)CNLc=>f2FV3y%f)h_;~<@uT=OTB2eAKzJa`_l0V;52)6u+q)qs{(Ewiro
zr2oQ%cr}l04=kf*6qy`FUUGOy`&f*qVkqG&;X4A<(eiOrhQYmv=k?X?cYA$(izxvU
zH@XlQ*K~YzOKeMQ4v<t&%UbuN{Q3H;vabd{^HLMi=bb4T>U@QX?=>T*Dn6V<^`Be=
z*uQFG6{i41Nq62C?7jw=Vt`+Wrrb3FMLk^ix4u}qvg%WTzf0rf7*ChmDTXV|E6ii;
z?yYjP<Q*n4UI3#FnVYdBdfE&&#|8@LlYwID?m2dJm@SVa4o5oH$ajptdUe(I&DKL=
z2O+5HoEn@OwZLw*@a!2;AoV$93g)f0U#|b4e)smw8r!;c%)8K!3t7R@9E+^^;5VQ)
zpw7{yxLo~R!$f@*O2DKL$d^Bu($+%2>Q%nhs%|{T%@(iD)jtaUyO7i>V2$pHIGNe3
zBVZNEnfr+aNctv(3*p6?s<Q6Oaw~_PE}bs9DtEre63Sah*b%@kP_Iywp2da#Zo|J>
zD91uk!b{jYz|d)}@HX{h&NjS2g*v#*Z!{fP(B^jn$K?H#dKF?C7=5Ds9Z^jzR(d;d
zi-B|PoF!TvVz8^*4L&z0Exm{D+*<tIQ8V)V@U#%Acy6ORHq!=&6M^62xB%XPp0zz^
zIVkWmym3Qhc)&~f>IW`eqm(U<sibscP@#m`@}YG4xCLG{8^c)L&|KVj!IX5ok`6_?
z%lp2Q0CXCB;r%1^xpL(^fy51l0|I&!*B@I%!`W;+zFmiuU>g9P1D%65IT&{c5C$7|
zcpdqjaXA-=d|%@q;GytuS`Q3|zPDR+^65tOOTsT(S1-bau{>)otOII^kdB+X>#(*2
znGNaQ&oRx}P%-=i@l$(r5(n)D!$<~z3okjq`{Vh@o)DFF%7}38gs92MdH?LBAZnM{
z^ZV-`CyXqrzFy=HT=&ZMOKnGft5)Gs%U)kMNv|?kCoey&M)zxh5cadPqJK40SWZMY
z+@8+|;*Uxy`9QGkMB3Ib(?X>9LM+L`<AF4tizDuK)U$$I8o-98t(~ks7pRu?SND0+
zO^fJV=E>UMB<sm!wt6L<a?`y(QzGQkh6ILPv$hMcrTX~<2FG+UQr^ET^fyJ~u->l6
zDH7eke5Q(6t&Ny{851VuOzfz)QB$(`I^+8D4!(^)uRyr(mlS2LWCM32U{mYv`M`Dv
zl7pPy9I#)F!AhvdIF`e`w7k6RWKn3R$jB;(QTce9DFK)EuB&$qH+$I!HEZ~6t_!w5
zr?V3|BTMzA6KpR2$2TOb<E=MBZ+8Ol8Zg@iYkTz8?*P;bS@DXPZVp2V$#T@yX!u!g
zu17mQj<VzT_&5KTn`G%gszRWi;{bC)xOQI5*yD{b-g$QifAk#Ugl)AnuX?|f%vyz1
zTWQmx{EZt(GjwaU3wT!(uW^&u+I@3@SqzXz;=WzDrS!)pv{GYSBp$n^2dqbY&2Ydg
z#qOAJwkE(gQwqSA>+m-66~#bWXv{%RLP>H}q$`JRcm{dO_3tOdSS_|!WfrdIo%auD
zr&ZT|JKQ~Gt(;I@?dmewa$s}6M>4%6*3`G@Z{s?-tWh&;wHm=(8KZCW<M+{Z<!^-+
zZsTB?eiiq>u6^2^Xri-O<Oh`oy<TH@p=Wv-o-~nh^2s?1zoSq1#Fh|S#>zs^xbSQA
zSM|6PgYlxT-$^TK1^vxYSfSJl+YfU+4bwUq)~|;#Tn1D6Z28Bm3kaic&iQPkkl@!V
zjA;y701xh{qaxCqI^Ld36t5_pu8p&t{zA;cy_XzfDdaQ0ry24D9<0q_#K{g4=l8aD
zg&>0#O5-oa#{*~2Ad|2oGMz;?ze$7<CB*aM2E$X}#Af53tl|@C3DDF2bY@GE-r6&3
z`A6O=p!Uk<1eWq?ZLZw~yZmol>0d2ht^)%9s;fU6-K~Mitq$i+g0u>i$j@;9{pAUg
z0?M&C8_GudjkLFI?g}>W;N~6BMS@8yWD%-l;?88-_{tWml+734v1D7P+TL&}aeyxs
z@(gGF>Au-qX9FX=(Pwi%)fWrr2NjV(5e0)6yBGT#wHRB8s<R$E!@wi=RfOE@UeT=P
zULqRi4~zGYAfexHEtTzl?#|{z(xo+_S57CZme*iyd?N|ZMt8ZkKk=A&sWoCBJs?ls
zvU<kU(#}4e&DpVqdaInJP^qAn#Wm_}R5d;SWx5fOPA}s1No`lLl*4Tci-gO#!8cM&
zx9?AWcw?07v+WH>cvY4~r<o7*lLyuUuXoh8&*39knUK+;zHxrz`u&n$`i0+uyQb3J
zNinJ{s%)zb8cGmq5UK!>Y?ph&xK=lkCnj-JJwNvj0p0G;7fQdRa}--~?-)lZ;L;+u
z^*{2BR^1-8aE%|9IQu~F??g{Yfm|q{Z``=XWQX9WF6J<0c66yP7`#lG`CGV4u87gv
z2zu1GHr;DWf19rF?DP7pa$UM&rid?`LO><B(7xoqR=zw~#=yV^wR4Qh=c|Oz?OmY6
zW2SPAo4w}ora<KKLVtt`ZN1El(Pyh4VL5z=#7hhF6&z8er!0?>M-HBkW&e=p4t$8g
zE=+Q}*|<$UDaS^sgH7F=nX8DQ^LW7LfFZw0XpIv;hD}nH-@Td0)Y3RN?JrrkJD=KP
zb3qX<4bXdNz#>Q_OC-~!;R)pn<vShJ^EaLTYN3q+=93$s5IG20{fVE-l^*=0evOH`
zN6ayzkXA#?lPG~m@|mv|aVH6W*-qIGc^as>#{DC$=>6(s=}qnaWXdDUaw0+hEfYEE
zo(Xz3{bKrD+nXC^L<??;q~G=F(JFM2ANEnz8}QL;WFRLMz+P80RdkFei_Uht6!by%
z&c<}SeNPK`wR+r5c@5q#pEowH1dK@*`l&~NSBg3`e{i6Ty)BNPuzvB*MZN!x+YD&3
zwcN)C4Q%+i3GM6{MEBnF-SWP^N$G{&0cU-67h3?6Z{$7Wod`R0P$b=D;Vw}7ynN5N
z4Lz8i%YSM|?Ar@YOP#+JUwn(A7LYYd#P=1kKORx4km;-5PDt#(GPVgsS$_Ed)o{q4
z3r|BKs%LgkevYvhK1*BQPcQspvnS>5;srU{2vxp-%IIGO6cI0i@5N-=_A-Q>-zgGx
z_4M?}V2t`#z3=IcUk97Tbv_S)06(Fl;$ztzpScG&Zup98Wol(kYzDraiLXf&y6d65
z621D)Qz~CWH{8a7gyu3y*orKd9%?B>KQjQpX>U1kSDb(JJu?urQWB^_R*pyp7ae?a
zF#V<cJX&uA_sg~s6)BgP4c1Zxz{26Zn|vn03eC!G6CE;i)vn7+iUnBWfE@oRk1lL3
z^cmKm++?yQ24L$fg%p}7sU)PZuB8e{GxvE#NnE^0-Vp2e2*34#VA%=G*)%LWce!|+
zYyOMMVP9J*c@3LU@MQk^!mLsALhcJ|VhG{KM^StWw)})n5(giBMscR5@dK9dk5(Uj
zZZOSj^q?$NBn<@lYEoPHpZfXJ!#Zw3!&`Nl37&XnHIXiiqqHrMJNaBf$}i{|?~Hrl
zHXcT4K=D;=jRSFId;&Z7B|wr)Ba`no<B@=#wwTsoKNcZ@HkAb@E)ON7?h*JFzEto_
zjR~f1bdOf`OZ>AJnz8S_;!UhOl!>64!BRT3aqqY5n%;kfBA8=DD~Hp$ha&1>;oZ`7
zyA`${K1fff*1<*=q+BFWxWV&E>kr!nf}=0*IJvjn3;fqW#ASU=5&k~8P_ViW^fri#
zwyAEHT*K+|H+>(Us2+9;>Ja|jPu1b@meqzzHS=uCQs7`>8sEGPpy|f#Vs`+g*Ohy;
zb?ynn!{P1k6Li3t-lXk34@hUy!Z1EI6CNfiwBy+b{#c0oBuPcbFtgzuW8doVI)AyN
zyOGeO2U={#ryBde<XIgFeS5OPH)H#rW=JQmQfbwtOM#H%_lF+@i^BeAv^!$Xe4uZ)
z{_ft0Q*S6LPuuEcc(lvOMjN^~4}g*hBz}Lt>jFQ5uBO>SJMBYe<Fo_+2q06_lu>?H
z<b~Yo>Eviy<wmXEANd{Y&ZlQs=Airi%|Z`)_g(or=|ut0<6UTuon!a4n)KcJChG&D
z>WSlA#N@c-xVqY^@NHM}Nqw~r6C>#fo`prpokgdIB0Uq-S9UqZLK#aZp9aIyKoKo;
zUJ^7Iu6R2%W8Ne@?G|798rtD8Z#0<u7194Sn=4$p-499`PR^@qGrRth`+F3|ylrO3
zop(e=qAjQSRU(to@qCgH--R_^C@?@Z=%*_0X?6{|4gT0Y#&bC6Ihe;7(zc+Ed6?B7
zA~+}tFuH0vZp4OnZBQp8iO2kYW2ccJY)dX3n?1#^f(fDjHg3S)yc_afdTQjo^wtCf
zzZ?jg#dwxy=Dl$3I`;=`J-Ri^r{+1`%{>^{*@M4i5D|$j(l@UH`mk8jKlh#7Sf%p0
z47Bi7hgRGS_^8+06ligV;1d*FpB7?gq^*4Vk0vKd$@+LX{qO-lAL4Hfwh_RH%!n)v
z7s`v@El!g}{k@1-lckq&`Mz0l@45m(;8-&}EQdaMcYm46Cu&t9fpOWl$6YN7hO(9B
z*U(v^&NaGh4wM>UUf>%NH!<@w4FxDa2uKt?ZE58~Jtv#ex6Z$n-Naj^?a~kbvzcFM
zYd%S4UrQ{nF6!~p14fJuRlMOql)s>**n2T$k)s*fffg3QDOq>OiRvqIzCIOS($rmy
z(3~yyhb%Syb_?Q=2_&Xe`5@ecQ}Cj-_jD(E4N)XiwlL*IvZUQtKG97Cr%D%)>`Mn&
zDD@`97=u0tCoX^JqA)&OIB!C@W#b?IIgYk4@h6=Civa*oz?;|7?@d-_e%L->qS?R-
z?y~$LaM!?X&?tkK&*0y*#Po;v{a-F)dAZCD{4pIH7uWqaS$Z(>)l)`_-PCroJ{p7X
z>ds~-TG=bk$7VD*4xaf17^xYlaqkr7zi!~Cvi7M*%)?Tl?&LFuTkmBqb`ylm7nFkE
zcbg(`?FyT6i)MA_Z>AmU=N(Qk=XbdWT7*yLNS68|h2&d`!4|)Jzr`9Cw9dEr-JB!l
za?{kAU!-;5Z{Mx%Z|-~eW_qV!VMp5KT=ZA&bQjUzYG2$bi<ZX<YR%}Fu{b)Nb`Ebc
zgYqR*ebQ3UKNzKZ`Nbu}Ynn!P2K>=UAUZ9ke`=j&KSMslaPKX_E&6v3XUV;9@c4#l
z7Q|Wx1KzcTkNC;OyPyxy3QK6Dsmmo1J#DPTv!)%I(!6`<sW3S9ieyKeDvk0f!+hai
z0$6TuR4ZsA1`X01A<<7Fzdr8e$HgjOhKigqDQf=vl0K5~_;+8@YM_HgT~r1|{!j>8
zc@7+&s%3bEZ;0qo_dV-)sq0^b!wN`gbGx1>6mkA>zEJK1qx<>RFe#uE)LrShwUSv}
zUI6Q{_a-RVem9!g&Yocr7pFTT7zZ1Adm%8d-JB0UsT%B)v`4esYpuL!>VsC7R@<lk
zg6BU=k3(^|yAsxuuMM{`CQpC}Ejn0gGF(a@eqKs}w~gMY(5GMRc6${r<|4mj0FV|W
zdifB4>3;=TgQ+=kFCC68f4sl@aiHy~xBRhF5Nx|p?giUptLSx%T^=EqN<6g~iPy&x
z|9GA=ovj7`)Q>GVn1)9I5m>OH!4gk7bDX$?1!g=d$#gxjd?|dwRt0<*--}2z*>)%$
z>&B<G_NxQA9^9_Vy9K>qowMW+W9L>;HHOrDOB(>X$zE)wHggb=^~)>X)f%BHA!lK<
z1ZBZwJ2H&F+rs&)r@T^whiS`qWZ*8AP*sW`keH0eHwOvOUO?T$bQxG`3TFE7ZQ6$2
z;Z!?-&}g3}ttFma_WibgE@YcbO6KO<`2c;OgXw&`H+^Kj)bz1)UmvbtAP0IGO@lBR
zg@%n%;Ts8H%<DHLinsT5TJuyKyqRtvc6;#L1h9kLE~1I-sA%n7YrJsXP`^J6fFXFT
zB5Q`4)oKo2H;)_0F&*>t`AoI-=C#zQin3U(HK*zo&u(7{w}v6Vu?abF=C3thwz<9X
zrlS`P49lNXk_=20Z)Z?7;hC|yotA%tP-CI^`T=EwHpRnnLkYgb{TYUn1%1L9^t22l
z#~9`(e7?K}N!r!GvOaH_K51ftrj7cj9Mq$}v(UECru-P5AL4C8bYq%SNFoY&BKFGN
zcOG1#(`t5>^#YDlOsN%(3ZMQpoq0~MG@s((vY-Vbn>TXx84zFUyWu`~xd{;8^_d8m
zz&J$g%$~_mGK^j;?eZ<ga6I$0JpX%JLg?7{5cd$~FSY#aYdpz3J1oL2aw6gi@;4yb
z2%Jq8p(nofZNtxqrr;!NAmq9=FuvTV?YIc_@79a#zMMKK-NmXl(h=kZ<@~)vB@%6_
zYB2`Rf<4m=lU^qMV*(oS663eGa-dv<;%uxwv+8=){t@yxWL$sHra`V_7V~ywCG+1>
zvw6H+kWn%A+XS7SPmRdZ+WMMibA&;Az~Ht-zQ-QW*TC0cAr2MGkM%TjORJyw&L>d7
zd?Iw(6XSacf$o!bqQmO*>T^UPrR(59$jjZslHb*aK$Qc@)|(>A3cHc2H`r9*e7zJK
zr<SKYF6)0|HIVmXMO{605zAO>h+6G+1#B24_?Z5Y$uQmgmYSS~D)@Y%;&KsboD7N$
zIx{NRY=9(P3hP<gBo-RVn0&fGIZ&H~hO+Rb{dFZT5G~p%pdtpizLpQYx>`*c@l(8T
z`WU?cd4E{2ggFdnb&3&|R`P`n|H}T%A_x8z`72V|El?z4L;TuGf`FEimQsL#wYvOo
z+i^%B?lYm7IXXZJzsN`D8mtP2gHJ8hS|HSN@)jfE)Qvk-_<1oxd)DfBjB(P5RvRG9
z<zk>^&koJA4vssHA=9+fPBhFWc67Y{we6F6zfva+DIlgX`!J$FN+g)%z&~G0k|6GR
zyu=#|g^k{(=2?Kx#wfk!0w?5<mvGZ-YD+d4Q(IGw@aGJ$W_ZnSxb23c7|FGU9`gYm
z=`W77R|YjCBYf#l&q15XsSx*UQl9(8qlfUnD52+c2#K7`CTHm{r0;s$V*I90;F;S&
zdCjUQijv${Ev`gF)E#?f?!y>UGmf@0_1IF0<Q7Iqg{rV%nB{1-<^{xJp-i%3+PnHJ
z01aNpF<WMb1K#nPJaHf~ANh2aKaoDuggxc&bA#xQgF`97mZwF4guNHj7As)>g5eCg
z(Mb3y<7miVA5;oKUOO|2vR0T=e79j55n2o4xUO$D7TzIAd=u&nZZo)dzH)KTuv3`+
z8GI6$TJOFf+Cb9d{IoC9II&4?@=Rp*!R}!f0X-7yKA?$2rC53ihiS{g4>Ol#enX^U
zDK#zMr{gFs2zf0ky<|{6;_n>w1&E$*4P}P_mr{R=b=#W5OY8LyYU2af6XUG(gh^P<
zbUG?7<xEC$-b7n|m&&lnuz*{b=){@oUJHSkaTEDJ{53T})iR-7W3y+jPnxp{eKu6^
zDjRDcIxvKfYoGyvxh73F#j?_n)A2&zTz~a62pZd{wV`)QH8taF>rzi9mFJo`V$q0M
z<2AjpzUUW-=|DV}=Lh^k_X<BVfYJTuYYly6dx2SWo?8A|{yua&nl`7)CQf)tnM>3C
zs0QD9w~X@FI8As1?y8^?W^};9{~#>Lm)|yun#{Hos~1N5NUo6)Cgh?(Erfsi0-!6T
z$1g-v;yU)&X~Pyj$Kq=(?Bcwq)U<fN-48E3)L4$cxx0-)b64F<OOX4cv3%My!t{0#
zq)7h^`LIXc&zx+#B@U%Q-=>{>zU^XeX=QC{n(6K-Y0+PE$kxz@CdWF^rquzqn(~T^
zq(0_GAftd^we!f0U&@1;-y+f=ekc@9z8zmQ>0`p#&vb-s_XZX^1JUs9jeYik$Bh;P
zW+F=41<1R?g%6UQ&Z@AN7EXUfMTEtMe`6H{=l=ir!-^RHfBtYM5{378E+NU6bJz{!
zGq`ie^6Ts`CF??_XHe8`fPV`$CFFze9Kf1*h&jWYGdCjqU%l{s>*B?<C6Spr>UZ`+
zJqAfF(Z|cjm&+L;1(vL|sA{*NF-YPZaw%YTiG_Jk1)v@?;O_xVI4ACVJ-zHsre^5T
zO|bQIBf|do$9eRb#)`3)Q!kyIe(X=?gud#*;>i8Xn3Y5L1O!Lml)IyEz7wU$x~%-~
z-}~QLisWBJMOm;fx-_BgxwKFoE;o!IEv17PEoZfU9T*uCH^(Q~@8643WnKOo0RHz^
zeOKokR$XV|QWwQyRKzQiUIA2AkErDsiF{j6)_acYxU+AboDl%!<}!85PUAqrE}wOF
z5yg|WN?_wOzdW8uuuznjA$h5y7O5yO=jxnwAOnEEc136KHGU@by_P09BU@I%vAF@!
zj$c1HZ~WcEu>B5|7J+#dQ7fn5`_R!@XdCe3<-_rPR9*U%M6|QPn~>efh_?!3?nm`G
zQ5P0bWs3)1#>m0(!|<8P-p$LSyMX)Khrc&3Y9DSp>itIUVLzsKFX+e@<Btxw*=~L`
z!g4yVPA=ASQejgP0h@jzA2$y+SH@~##&=h5{(4<W9Q3W-Nqj%(dwJuRczbb%ya-HW
zF`n(tuW&Iy{?M<m_~F3Y`1oM<^5(6RpuGESje)td8+RRELfkU_O+7h)+!dQ^YJIbt
ziE({?-o@$_0E!jDkz=bTwQa4QY1i}34xV>HEqK3)7OE%AGz%w&zi>@6Zb={cMK~PM
zLP_>h@-JXYYja~vRSqr%u4hD?u+x&N-6kykRP@Td6K8a88ByCJ<PEfVRJ$IRqM9Ao
zG|k`#Z1J*_Ep>&DOTV}AlVwt&e^nC2bW*fLMHv;b#utn5%y@X_{5p_b3Y2<Xd~fmw
z=!u4(YyLK@*K>^DW(>2z;9jZTd^!*{IwDLs07S8;<KetO2q-ZffaHHyM@#2QZ~Jxw
zXcWTRcimw=G&*bQbwLO0R#LOXgom^Gr(}Kl-(LCtT|IqWC!7|Zc_;&9`2;1?PYw{9
zrak<FFsD&h*<Sk2%G-|kUHuvtBo{+jiI~ANk>0ranwN&Qmp1M7At2Ayb?o6fX1i|z
z6leK0X#5C7b(-q4GQ+mC4us8TazFlUZoxB@hPt)rQxfy$X@iPzr*8g94lelYZ*H!a
z4j3O&((h94>~gc8Uh{7B{GV-4s8$r)th~R|Ne`a&tAj}(r+>~ZPG_QbKo0KR6n3Wn
zhp)Geit3Bn$7dK?rAs=bk&qB+6hvvHrBOgSq$Fnmr9q^-y9EKs0VzdVq`SMjes>1^
zeBbx|<9F^_&RQ~a@44sfv-h)~z0cWc`fnRvKOtuaHfXdt&ewK45`S;FT$oH#j}3`^
zq`NoLK$%CW@!jgZYIbI3joTkeQCFL1X^I_7r&o=*@>fE}QcdO1^PH|z&SLb}{3T^#
zmMota{kor3+?SP+%QARM?$JfMi8FC=Y_gOV1|OQ#&-9suF}Cxfv^SvXXL&w0b)|r(
zl^CIAP66MK67<PScchIHK{Z-^#l@AK`QN$dvf5JpLqk(y_!Q6S2_huk_4Hjd7sHOf
zO;sOqWIG;65k=}%PUcz_gDG4RJ>#vw9&il0%mEdZSJI(jj-h0jCqrJt`$ICct@{<T
zxj3>i(zSoeCfyG_X*Q4O7-gO1b+F!fFeyQ$nX@yqYC_f%uPl$qUYI5Bx@zda$3!MG
z?@mSmIo`wE&62$bS|4(1ys1C~#L=ZiWR}`qp`M%bmZaVp1`{r7zn$@$sAI{@^j;mM
z_I<$j-aVNM=h{72S~-z^P=DRpdgxvv_bU9{MK5+_nP+xhE@k~o)IK}?hq)l(zoqTO
z(}#URHaxrAbtAi%XXl)a>$~jRb#e2ICf8V@sY%16LhW)(=V>SG!;8lg7~ZZIq|5c&
z_|&K($-DVBesvQzNgZi<Wuz;P#fD;qq2fRgf84v{a%Q-6yEpYZOD}doXltR7^Wu^r
zA1F|mXegdKF6J^d2@cy5t36+_=@#&rC>~$1iL6snjG0%Qxt>j};k=%{UiP}Iz3}!5
zKONn_zP=LuH2gTfgY^3Jd~`pxe)w_Y(Sr+W0Aw;m_710I>%_E77qPdl>|WQUUY$9e
zhF%*4iNC*STE6Z|756f^YLdU$%?+9McPtHGJ}Y@RU&-gm0<51E<`p-%v&oNyNM1g4
zH!6-fvqOnhmOvK%86sjgQ-$q>;{h5?KnZ8i5PTU?WDUeyKE&<MT#3iMI)vt)_yv${
zny!adVV}ahc?FAQy=8#kt|%>SEnUr)P}n&h$E;`8S(IM8v@F$Twq}LPN#zf}p6ws#
z-SvQ8l!g!X9eByg#QI=iaUk+N0UCuS6p?@{m35sH_!tirq(xq#t>v502}-LS03*vi
z08C4z^BzMlS1xG#z(D8ueH0Su5ONAfki%59120fD<FNObEwpJs1@Uba-J2BdhT%<*
z2y%^3Xb`@3N!%HjD*>$`umD}~zS(1*x>85viSuKMUKX{F<X)$ZKR?FtYKM=#QPg`>
zuPOu-vb)^vU7;BDaRzZIh`WSSW}DYzR*o#qSZjmc`Fp&`bo`7!9$6o6dVb87)9d)x
z@vdRRXlr|#sA1zY_l^$Bj^+|2TKBzZU|%9&ZpRG-Mrq>4!R9e!chEOsO(~0H){WAu
zc>w_j{$*Nu=)xe0Wi585py4(p&=?C99b#zOIwV#>z>fp2rb$YhH0R&z8G5CTXZnOg
z#$!ZMDPG}_i5~n4f`hU%8R$J{CVqa8e9tUFB&|XOOW@?!v#9Otl9GDK@36Tj408uf
z6Q&1ebVF6Hby=xg<yP~M4<;M>tY4>>1hqWLx*3wJJ4h_@VtZ0=k!Hslx9q5kp{th~
z-n_~s_h|z~L%{v>t{e~If%NnP0(Ixb!IF$HxX3Je|2$NC-li6Hlm)QN5!Bju^L?IK
z5h736mx}swW9AQ11l12DK0DWykt=ql0T0Z=E$RL)uslYYCNoX#>3)EgA}DU}HOIk)
z5Dk@IkGN`o;nz{X<3vo9vI;SNcdw63*>LrBRjp{O56S`uo&l{EnNt~XFs<g=dXCz|
zmTv07_%bly%bI0QX?&w8%9Y;kc96FwXj`~`d#BO2ULNryR=G%$4;tDWXly0FC~bsD
z^JbH~$1Z5nj=oVwEcpV;9~kohM?`^eeEd~Wd)W&toED2eh6pAGXc>RZde+B9ee|Gu
zUMZ8$O2F$nqA$-Gh08pKFL!#6ZzlY|pEu>#P;V0v7s9b`kDbi#OSp@hEY^!QAtZ8o
z(uSs0wK!EY;|c%SY-{RIr3qM4pbh*Jt-U(}+98ABVnrdoa!Qb(c<-!@4OV6SGT!H$
zz=3|CfB5F>hiUKp4hi9}`OIxWY0F(1!A0SKH3x7m9!YwFVeTZSBK(_cuHXYi--%$i
zGW$H0tpeVTAGed?5$UK2qn-}Zt)#{(;wzZ_(in4lXC3XV_Rj~0u#n(~d*qEM8jB^n
zBA(*ezy|aInil$Wwz-#fa93Ru<T$DPYD1nZCo8Hr|F8v|&VUVnwQ3mfB6UQ+tijM7
zOy+5O(9nMj)qUcy*ctsypNalV+t_=T5+y3kC*TF{L#d&Y91bGpfML8mM?1tMWd%nJ
zfDt>MFPof7ye$f*Y2lkIkyr-C9{npq!xx{^g?H?=sy}^CiU#V!UA@iz8}(Y%;+`^g
zwlX$+=(VP$UNM?Hmq5eFfiXf<yy+#iYX5Y}RVbt5l^xW_lF|m1lpGx){&cWR2#iyX
z&oiwe;(2~mwS$ko13U;_5+R@gR4JjSZ(vqzK0J{P!Dd&1+($^q0W7=;xWw&@2LlzD
z1;8*<#I^SbF&)_)CYO(%C!Rsn+02rSP0<BQduB~-Fc<RQB#*xPd^4~SoJEMz6H;fk
zk3;~Kmq%FWnXRm<`sL5FRlLBJ-lLPwd4}+Ckdx5xs%~z@gudB_<VB|#h_Ot0=7<WQ
zZUO0h@wLA~qxY^7jG@6`8oL60fb_8ouON2Rc0~VZWy=44jGIyt$6CqEXR+0JL=S-%
zOL>Qekp;Gs_n<QSij9yrS(p~`w8w+#g_GPoxa=RiEL8tqS&ZA_6-{yxDmo;M$yg!@
z#P3M#u|Q>1AacbnJ)uw#Wr&s5lgK<rWYm+0lpRPBz>k<Bbb26&$*z1eT!_^a;Pu#u
zuAoJ+PLI;R&^Ya12XB>ib^hDp(fd;<F3jJA<1Y!z_LUpv<EOye9d%hhPoJ)?AZ}0@
zm{C~RAo`ho#O+ggBw``|d<#qCZ3f@mL$(|^aSwR6Z0g({bR%dPh~Ef{_QfhR;Dzmi
z1kM78qg^|sf(*ki7MqJ$ADg?*+If7V3IT^{ic?*2u0R58RG9b?Uic(wvL0ACWd4OG
zsD_^g@R2sf<92ZL{Y{yvJr2-hbtl&L1lao?oxG!-u9T>%UB`8IL15qkj2`}EOQB)Z
zr#YYG@5N)QiR)h49sU3$L**3~(uswyD;R`HPesNC2C&3)^zlfyX+;nNkzxSQawF0!
z5M#$YD<sxdVT@)$+i){Zh+sp^t@@FT0CvJ7Wrx0`?HDzzOczlcp7D;$W5gwahboB&
z<z4S760T4L))=tjqZX&~o%t)wz+v$MI6aRjY95sj`B@dh817K;_f9;&8Qd47w+|mw
zZ<f>wTe}%kKrY%|({l}g1nC=}=M6L?R-?+(f6vcweK<vs+4TfD?7$x^)aC}OjJ6#h
zPLFAJyr*&V7RoJu)JaNA4r7Fh-&OxVimf&9W(@$Z^2kW60M400{HB$Cm#Gt}`-6aE
zr-056xR1*Y=YJ^|x2t<I?mk)#ayR{Z+@*VGr}1wao0<Bp9b!T*Wr?aLj%9M|D8$Hq
zz}%lxvcv0`V?+7h>NuO48ITUp7=t)RG|ner)LD#-4R$FnqLE6do77Rw4o-|53jFN<
zkc4xKeRVi5%wqYN=pY}((Lu=kxEz0`%w@ju@ii+D3|)mREA}KO34=3Of-*4wIOeau
z8k7bGU$($eX_)duGQ>5N(NXJw8s4)v9aL(G@Ld7jyp)b@^=(}G_F?ay%OX$oJ-E)X
zp#9ryG9%X<&|B~q1X3abZRqC-k;e>L{gJ*|`)?)Dnm$OULO^O5PzgVV*Q;rOF%RUE
zmL~KF9TI!4rlevoy9z>R2^O(`iUy@*HqyDGOg=B{Ko&zr>I^>F4P5sS;(|K!yA~la
z2$=+aV)A{cMj_Tp6-sz5z|%W-PnT`L!J+C59;mAD$n;3%|4t)T4T)`FzeyhTc2XfQ
zmq3dW;*-(O0=GV!v-D%5x{FXajDEKm&r#h@3;RZ^0>bst;-b!F?A#d|oahcsecWf$
zi{(CjDUs>pPkjbBNr*5r{;F}7BM5QZYuh<g-8N=WZa?4OAd~+DG_>(=aHaA+lqu8e
zGch&@$dD4W!1Y%3*9jAd_US4aQdd&kf|~C~>;nC@Pn5ga*NH3Aq25{}l`An4+2Qfl
z-6@dHOh-S&bIPe$2l6Ch&Lqy6nFUV7zyjf=$*ihE-M^HY`1tVg!N9}?nf_{7=NWHP
znOppSc2!jkxq1tCX~*p<x}ljbN#Yt%e@*qCwEZE?)1-@qoub{!tH!ou$?GL0&^)cL
zxetc2w{gjbC3!1adRejeXfg@_ZpyU3G5=Dmq_;hPDB|qWX{KtZUW)NuJQh@?@20<H
zsbRRL9$uE#jxb_pa0L2WR)hi~$by1Ee}5b!fC>F#F(*EJ$5RN+&nk$GH4KC4uwHC^
zkoVSxQwm~NjcwB3@K3M!6jdaF0dU*)s0?=>VKv;IB^7=86%1MeLw}4`riOIGc8`C>
zkF!uc0Om#Iu4=p9_VG{siZaT$kaa*?4y^6HIA(_c>lY*u7kt7l7~<m=gsqv)fCL^V
zWjAoDX?JeOH5IN+uNHm`c}Sn}U{7$tzH=V0@7nA7{Bj%8dnU5JUle`|)Vf~$7-$%D
z1J8?eeaIb0k>4vSYpoLGp7{`1YF^5AD<MeY9?%tYg1XWo?=|koDc@T~Ec=7zWq2<v
z6#~m{izP95P3fw+rT5)saREtc$Z98ecP27~@+-eruL@hT1n1rxwTVlHB$)o3w=I|X
zrxtI9<jhv2#GFk~tKGs3`4+(I7gTzjUc!4_pcus{q|Zgbcd;=WpNh^jmr2kWGxwR<
z^gsJsbb^4WQFFI%-aw;aH-n*pkTEH#{GN6_B^mEz+#(k5rh{b{_}9wgHMHwHRuqRK
z+*#58$3AMN6?I$8|B~>H`97_a1x{)=;d;A;rlu3c-|*qXtyKN}uF>qQ;SY*5`84b|
zERkD_1}P>%>Kf{JNQW!oluS@8e%dXzx|5rSL^hAv4HiSH4ng6jG?z^cV6j?%jZjW7
zALdVM<Jt6EFX>8nH&*Wx7!EV$>hLE)6_~hY_x{8Txb;$5;(nuceh)!2?|wVmKj5^?
z5iBZl3_-kJRw&Y_u^b9w+xnrrdnou14BjofZ^#QG^RV9e);tWQ6nJ9gFoN(?#N{>u
zd3O+QC%q`2Odh2-n*TOZXGle%+<FiC^CtcnXE7MRY{&X%l6m^dwwm#2rXU|Vt-LO(
zB7hN#5Mv=!W6G1q<8HdR*xT=d;B-?Z2=m1vmVqo@3@4CV<b&=J9MZ@MI2bB>0V>UO
zBtW-={{e`9hK-}79bs6t@;=?_%Ia)ex#<|V_Hsp!Su#wCK|J(=@71k!ZS!jUmbgov
zHaGnH`)>`D=q0l)iz<pTC9}zC*Q$Th_@8oT3L`F^BZT5>kyy6TtA$oSV8vG<5Pf%%
zw(HvtH%Pu-yU;X4?EOLm%9jNufTRNOqH&N_j~mC|z3O`8D{LpQq1V4N3+29_euAn-
zlT@5D>Ubjn^m_jwoR)52lMkfeAGgYKNI=ejI{=#Vs+S4?h*-qpy*1))N|e5ZyWQz*
z94I#efl$f?oTKwAgm?c4Ho4?0F{hb^HVk{BqlDSiou6#{Un?#}MNC=t0w4|$lMYDr
zXYM=EA5X5RDZ}J;uP%{QCs>hH`2t>SQwiAA@V?idu{hW0t)M~+%dr;Wm9w3Z>~*Fa
zO}x?e5dtcXPT#6AIL7Y_lUv0gOnLn8rzRs7kAoRnyD*i71QB5M);WrDqikmfgbNKr
z>&DEew6szS-t$H<Sp(ueVW=1(H<&3SN*<3t3diqD$6sFxCfm5Xx;l2NE7_S)YsETF
zXFZS>oN@{DI|AJt6!!y#1oXS9TCQtNGgz?8zPcKZ!|!BR?sA?=vyVTe#Do>60(DN|
z9p(Gt`Qh@bbNe=Z+no3HTAMy4_T63++t)RE7ab-fE)8M3za6U*e~7dn^7-EXO)#xw
zDg6DiV?J(`T!x$UH(^C`n91aL{yfj6SH1Y-Fh{R1wNreGl=k6+YU>`Ct`jwz_Q#o-
zdI9gL9g}IEC>Ea(3{P|P*#Fw?5Dlw24{c~_J>vCcmG>4bskB1pmEe|J0Pb*g{?(AF
zHB6H#)jXpkI*j?qKCb<V;)kS~P4Owt9@nSz)q`S+dR^1u;`Z|oDh)metHz;dPI<dh
zPT}tG;}nxpVbhX-;zlb9PK+b-Kus$88oU(lRns&wzb3>bbVSp;yE38(bZAr4{fV;(
zlTh`rQwqVD{-ljh%`)SWGgII?*UD6BiGB9IF<UEXZs1>6@i3X=quo@D)0+8h+b=7E
z@`ii9S6HpA5B~HnoS#PgEj*4@P8#bH--`XSneF_BYP^lA<3ay?`=r>FJ>NK1`|E9H
z!sZ84UgC|4d-km~wn?r%0;1y^R=jEL`Q*%&Nf)z6yW0jXbtQ-5Teg(T7x$Tg-mW*<
zmWp}%O!Shq?^@^bavmPF+aDEPiUrmsmw1&QmwHa@cDzaI+$5-LDDOF{S(bVIx9IxH
zE5t=aQf$lbD0kgsb!@9+_sYY4LvUd}v}sbX-@g5c?d$V!@1*TZzU3$7;~m;G^Fj~u
z4d}<5tj+GeF_hafGiXeJ1bhOAfb$G78PYsmuaaV(m-nb{?1s$IaFw5j_Fs35GghTW
z7;-$wNe%of7%0Tq%+l=Y_>H1@1!MgBqNX<H&9>68^Cv8uTz%Vv$aN>1-0zB5)@E5w
zQ*+|s&#~I+4taf4Le}%@3^p#w)&hRKSoWHm<hn~JsJQ8Bd^{+ow0k@#T2iu4QKxsj
z+wR4GakWp9t0&|AEcu+*&q!ohIK9THIJ}PL$M&#ZhrNe*>6&0j<y^od^|7mCIECfu
z3H$bABVO=yczRfWDk#qo#6WxLv@eXV2|J5?|3quz@^sg!YF!NH@T*Zq$I!vB?(udP
z))w$umm7jur2ywTN24^T)MpbusWkjGy~p0W%G<ajyvg9{{Db;wgAh$_qPv9U-V9`L
zTKwHhtBJAAS52+Sq?4sso0`M+t7|lt?z77s>P_Si+^=bXe>YEzt!QjT)~m%E&)SHf
z*eG|w0c*pu&Du)|$tc)il}~JRg;RFF&Gpse-t*cObm}O4(<F3u|D7I&p8bWZ`{X>c
zbwj=0Tp0W8CF4=epJScL%P&G#;p6w_D%ZzSO-HLQ{R?SIP$Fe|sRi80Sfbzf_@=CS
z=0>VAGt=@3X1#vFpEjnP%b+L&%1iUXhGO>zgq2fXHi%vwVl@?1hldR+g;eNOhF#4a
zUx`nI=MktI|F+L0yq_D_Io}s%;1`#-Pj8*Oell-BQ>`a&s5`maYOOS3AN<<Bjao+P
z=`!!tC6lvwM$e|>rg*x2)*?;mFn{CG6=9vY-gc~C81I$6bn>w380XPZzt9=;)rsR_
zu=m7@lr7h{Li6elZ;{$CO<|iuc7l3paj~X8Kwy`pg*mC#`H$H*=l?iOc~Ocx+R&`4
z6A?}*4xh88*ATc+SN57+ENc&cP&(mv_IN=XCb;RZS^pL19(sLd)8FtfUhDYay2qv&
zvubIF;y4t8ztyVEd)zkmQ~T_huLQj=68cV0M=w`}4ECH)ycP;v$0Dg^Hd4JGaHnkT
z&QHmBP0(Pqrx$t~R}<1*88(z$&gXW#d`($fDmSs|<x!87%=}=lW<D%-$2rhaX+@+<
zT*iKUo?7$blAzJczOC*`;smw>nU#1m*q#%rK**ywF+U_mQ`^&2vY%XYOiB>KY(M<W
zMO^Rv<%(ytGG$;xqqwl*g}v;h-vis&n#+!cDf@Hgqk85>y<z)~riQI~rL~$`uavox
z>s_b*t?0h9*0$(A*O!w@PdA0y4R{W(;(J$(lWar9-UJVo;atpqh-xR~^Nd^;VY>3T
zoH%`X<}B_-6WHWR{iU%fD>Qaw|MN)dU~7B+`enq<(ZH(>ui7mPtfr={PlBnk*gmwa
zgDE2?1QP}srAix{i}OTt7xGsp%dhogN4$2AmCmjRg{OM^MHP+bU%s1I2-F<D&P`an
z^fgGin+!e?{PZ?NpG7A1=MUq;bhJK?m`je}*q4G{bg)aNRGMp#%e6y=jjOk7$0ifg
zgaj0tExYXvwu}OeS#8ACR4;W?4^HOWi!D8k&l#&k?UyBoodZR=PP)gtF0;=4Kf`$#
z4;lx)=>dP;77V=puJ}$oF!-5_JUfn9%{60%vpavGl~cC`M7ki?-E1Q!Yk$x3i}O9N
zrTPcoQXl!z6ulhVy|`u|roB#L5~Iea->DxPgec*H!sab5bmk4x%y%_%b&{_h+N)x}
z1>Cf#dikD&1>i8dII=|4I8@N2?LpntcI|))BLkfx6Ei^RX8-1@O7dXScfZ8ZIOD!o
zQ?YoM*LURLzU#GGohSx&BQal(>VEkzqOi5Jg?=$~TH5376f=%HPoyY$$$xL~S0D?k
z8<t$G+XwUNV<NrF%}oI8uUs?b8=x{DZgZM6LDPt`nfu68p?CB=JX$C~5sPZmefW0d
zah~O)??I60u+M;(yUNJXuz4s^*WmIa!Sp^kMD#L9OGg`s%&iuV9_AjT3{bd6ce4j;
zl4NJnW$#+zc@kDH@B+|Dl9E9`&;@7cV_wh!!tp}3AoB+cFf^#=&eH%SOQKRwk01CV
z+czx=C~R}av^CKWd<`|EW$}c7(hn^UTR7Vn!Jq@|%yjY6yeG+aF3QmBt(4_RbUU$c
z+vUB|X-|J72YY@+unRyOfB>LY0S;Yqx|5g^2~xA@!k*U?Q~G_(yYYPxq_j+2plsQY
z4XOX^t9oLD_y6KagmDxZ+5>wb-T_s4yS~TB@ac=L-Cv>preYvnfp@3$I$Sd+jZBFZ
zNf<UwmX^_*aW{z7oKRX*)7>5JSZQP=iDXpbe@h@b&wV$x6@=`3hE^6f4vG}h6Ffr7
zgHS9a@3%@%-2x!8r*aF@<iM~2?<X5KaxZr_*O3SyJ7rwZFm?%${g3)8MTZSg6Xb|)
zy;?*kM6w_+*Kh@E&VLA`t$z98Bo=}`rX)0bzDuaQ+F7D52Du?#5k78DGDrmobD$!8
z-27E~0L(M0ADLb+?x&zgO$0mR2ZNuqUssR1`wyr9{6WP1U1mW;GERpez_-XCdR{Oi
zfyyMfLZgbLA%fVyeqlrLhIq;R$jG<@xtecDkh(^bvI?+aS-R!ot+$UnsmO-#CEioQ
zxOSY!hLu!IqJi@TUwC8kq5}B$hS_ITctA+`0yxaylYv<<kNpV(W^-d}ww|QG<GIv6
zCIeJsgqYp*Tw|N(9YZ2>;KE9B5?*)ytMHGe`%}rJ^mPG^GsU)_O^0|U%PCS;+XqJB
z`<knF=_Wiw6dW}}`*eYi7%1Z6$)KRn%*qBZHjRWbvko4N&p)0br9qY?;X7@nLI!Yw
zcw|Ee-XH^QD!(4^;W_+3!8@Kodm0snpuXl96;$Y0s4%lpZ)XAN>pq}hZBLykgWfn_
z0Hjw5ek^l*at78@Oino8rSCJl(pI`2hZ_hVYks)aK>EonB;CG@MN<+WKor77q|uOk
z0$;024dpgv!Tya~1vtXwo=?a|Ul!dJDaCv6{1XaS7^;qp00`ySUsLm;GLlycl1|9*
z!34S^j`Ya}9&LEAswPUp4|b!UT0>wz+t?|~i&5ouRlKZghi_J2mbF0yx+QNohF?XC
zc{+BPi{s@|y!&nZBPWvp;Mm&IYlv)pM1TolWnOdl@$F>8K@K1=Pq_sMH~5cmOyQSP
zNZOij5$SISP?+aeB7uDja<MMa-i+GY6=AtY+iM-%4U&c9Fi8xq9%(;RWJQL$`Xgqb
z={21QzA}U86EP(VIv`yXgbF^sH;dvWNn?%hVg+Ma|I*L)QcGy@cIp%FZZr<=n)f0n
zIX7;rLsjP}y&2fW5^<%yZTNC1`ximSeX)3+pXlk+1DX3^A98{jXZ~T|p-=9Xyb;eM
zvqkf#yJ2r$C9p6FehvY&&GUi@_>EkQi+2|~z2GuDJo8T!tH$`N_~Bq~pVe^u<FW=_
zGIBXdE;+>yo9JT*q6q^RWc6!S*B8!UfP0Bjd$Xm>N)SgSK}gw-Vd&Tytpnp|la-3{
z0ETp+ZBWb)>EFLfdI2otnFAtJ5W>a%DIYmPOZJ1T9i%3U0cgA|5qnflIy|^{`S`~V
zPl-psb_>^WQU{hc&nH4^?t`r!PukQ@673uu0T=pnOa?!E6mFfQhdoO)vk0}y`n>w!
z<Fn#l5Mm*-6q~cVn5xpzc($PI1T)t+<ftIB93<C})r^fp1Ys9kxer59aOM=SF3gZz
zPijh|T!8J!!u6>_v%WKi{=1p-H+Y9>IWfuB;TOO-00Q~7vS91;Lj~rv6ctYIU{z>^
z%+c8r4b)j-U-ZR%A(H+eiX{7at9)Oms@frS$aX7!4Us{hiV<hQP4p39O%F%Q&VCk@
zI>9Cf^|S8aLwy+yLa{}0ixl_EI%3CeM710sg4%$&IS7p!G0cibCbK~CGt`=m<cf|y
z*!dL$Is)1Hx2qc9``8BOV3~?~YMR$lgCiI$Yqn;_1osZ4@U>Wx1YEu}J+=x6gr9`M
zH}nP#!}CoGGQwz2Tx+4z<%*}wt9OL9R0mtLt;puT#$a(670CTb_m3-bb8NikFhi*c
zt?I<7B%f6t`+B1+ag7p`d8Yi1n`_7n&?JDR@#-_5G+HDDX3<QVcUCL<n`SL#O}o#J
z5&-@2syNy>G;!4(Wm*69g1GT69((W<CYnWk&r$U#!|j8rJl&Eh?rTEox<y2vS%8IG
z)-`%oN*vVymT`dw$P86%vmwElzhMYokpT*br_9H<kq2KMO%=q%?HiA@rrF%*vmcc~
z3P$04vKY^#&RPpX)bAHQl1R<>%sGn3etY@lQ0^}m5M=3B(qR^4@EwrE!(XK_B4?x5
z6JbXWMpEEW15%HgVQ+!gu$AWzyw?ttg}S--UG?H4va@;=POn34qA3*69~#Xk)Lmbj
zHz@6P&4YWi3lYgWmp^}zvKnN0;GZ78tY)4}afHN_>NPr_z6M@1Lp*|(LvL*n4MY}Z
z4(*d{;P@}Hn1zu8u!fYaI)1;p=hC)`DaY8T=z$qFe?d$sPwS9?4J7vidR)aQ;{ziw
z)&W1-<aWhiyrf}esy8${;?ST+jgL#;tl&l^N0)!f2SwE+Hs+X<!i|hyzn@oa5<zG+
zMrIAWG_pA0)qojNy)mV&vjLBrCF2+bTM#Px1x-!eci;m1&|><4lC)h+C*z&|#Vgm>
z1QX3Vu{pYQ8tl#<!w)i}1xCa`N7L4Q4+f2p^N6(dfPOdh@x9_fhI=DojA{blu4BtL
z+$Mq#)zIujdk+$x4aCbvoS>ND`jVLP1P=>{H=lL*Ay;M_BMuN=0*9d>!2;0nY@tvC
zD*YLt61(B|Hw(hTY0cffirX}hkLb2y2Y+AQ*p`?VfT6w*SeARppP5rI=?7K&{IL2j
ziV*6Tp9ggu+nl4-4d9YY0VI>?fr1J+K;D6tAsdqRmPy@)`x8$HGTy^tQd3`N(pWSP
z<K^5I@*4)-WyhrA0p*#de#?lj{@>tdqbq187A#Sto?7`KF772l_odNWfs1|=Yi&aK
zv2f0#a6Ti<Z}3IRj6^Foj+;MHCpwM?lVYOvp?)w-cjQK>87#sp;-rsvWo0C#vb_EB
zpI#7Cq6d-A+$5n8$r1g74U7VDNOkh!m3?oCkJuqNH?1MkvkE*^vGHLuk|vMGYrFHf
z`2QCMMc+uGA8z1U#@-EXlb1#tX&)5BTb4$e_o%N(B?RDyTYd5RQ&22k-XzEGPjBjJ
z-XYZweuO?@PMR^$Pd?<lsr;g26x^XB0G8<i?#(3N`_CEI(<pa8H?iZiq?bkCvO!!>
zK)Pr_W`C0b0ZabJ;7>6g3Y)G$Tu-X5gxz1xK+S$s#HXV4);cA9X2?a3xC)0#z|*J!
zNoCn)pkF_bYHZ9A2q0JZ{rVRqjB>+r@=GcM0?#R!DnL>zJ$(>qZr+X5BYDpk!Gfry
z^U2SgNdChc*!<TXl_{kd%11p%-c$PM<l&-!E}xmhn_cF=Jsw94WI%v%;91HHaw#J8
z4h&2F2F>vVJd*~X-AzatkZy|y@{%92g3a1MN&Zc@od&wb1LUYp$9a^_q$vUg@9F7X
zvuv&79*WxS*$<v-bHIX`9?E}RM4O=D+l<ftm#%ROt@pxSdix?G!}yGmKlAVmq{Zz)
zJsq*MN`S;*e<7gMYJdST&`Sn&n;R0-x~`2B6WoXS-RM8D`U}Sb(h-2{iEGSA6-gO1
z|2sFTuH}WQ8m279Q&unnn(H>-q<oMMv2S5{7?7=e>1{}#)=$&xC$#qLg@hi_D6S`J
zBb9`pi^JB!1Qs5ULL{A*Bc~9Xz=;f9FQ!(TZzO6;be42JnsZHqH!B#~p1Ozu9C|!Q
z6e*Aef`<`st7Q?=Wr%PEe`o#rpIX+SLwfO5C}@iROo*X?9F#^4B6?><`0j!nl$#HX
zTn5q7X;~Ua1Y38D{fzc}+BbX<ZHxNq2oTtW^<d*%+5-`Kq0Aa&UPi>Hs2LDqbt7>W
zQr(%~=g{vHfxYL^IG0x=*x<XqDgaWn4w&B`I|3JKg1f-6)fSeYBi1Ux0NM+8j?MDQ
z4(Lp6vy<;S8=&5S_R_hhsE%=7ZszE@I9H-GwEA>7M+K#?mA6+knDEwoOVOj?%VJ2f
z0{HeIRIRx=0Ev+a?72DVK@v?Pn=SHcpB_T*$;!Nt@~-cy3F(3__oNDYZ*e^K1`gIn
z|I<slg9QPkBqJ)9#G!=}?|lCL#Z44?j`*+v2rL2j4a1T*M1gDV%K~ChGgKXFS+xo}
zYp)p4K~4~6wVzJQLt33kD}}H8;EOw_q<dVbS>8!k_GcZ4PI}WL`Ez6#<#MRvBEI>`
z8#3H=u5sZ^gV{?ds)btiZalefW)~h`)y?r$UR_8Q=no3sdjQt}qe=DM2XYe&4Dce%
z{it{+nFPglm&Ep_lK})o8<h6?Cg>B%tEtE1)S#}<_dqQ@($<fDVS`rkZ@?I!DaxKQ
zfw`51K(eMx38)x1_UJ~h;I~;4{Q4n~;;fmptcC~~u-^T*hO<yHR)N!n|21QLrgW46
z^XlMB`!M7v-+WV0`eS26Zr-i&zC3L?`*iPW?r#0A$Np)AIGzxP<L_8aL}UtNXx}wg
zFr-E6Z-jH*LId8PU4j%Zu~DfHNV|k>k(*$7SnZYX7otFI6{iVG8xih8TNJN#Pe2PH
z)DeI6qT&SQDSmnYx72E0Wxht9#`9@(6ebJ~k8yHWmzBxrWsf2li}X*Dluf-WOgLw#
zo|-d0H;ak#z)Uod2dg{xX1BZs^W^On>)`nYw7RK!=UoW!{|>x*XH#M;_=e)ET|>6!
zi$@3V8G6ZzFt(y<_gA$kfLvm|N20w85#xBBt`FvyCb+;qLO)T2v;f(#m99T1rr^tT
zsU7DHAbs+N-_DO|XmJSre`v4Hu;gzrdtx1W=1x*4wXs(Z-Jj_R?NlN`iwgVl<yT3t
zUKd9f^tT@GW9JbRGF*P@ceRSEd2@iK4MLb^z*{i<4frm=G0b8@9&^L~@DrE$3MU8D
zl8IUZw^Q1_cgFMX-yI<L*G+5QHogFu8BCB^%ypb_5w~4h7i_Ln9XkJ{gQbHS9#yHD
z@*NFq%GiyaJDTqpRZAuADPmZR{mwmebHDK!tjYSiC)$=w*+DH|eN_e#yKUpk{gEWU
z{TH-+(QCc`5IxDu?QAhHSK_MdqL(cPin~+tU9ZmB5J$P(woOdoIcQSU{SSvAR^D4}
zb9E*I1oVoFSu$8VPA4oo+8;YrVh2-?i`r1>qeofmRjFM9d8RVG4r1@?$<YOeoC{RW
zDU>f24-ev(z&-xgXEC7$t*gmvDWEgRP{jQeqBqjE8!h)|NNju!;5oW3I8$4zO`wr?
zHM=YO{P3!K<69iw=zoB8thdz{z<swxr`$hW-K!M+d!#@4M52~`l_OIg>ehT1w7`Kv
z#`Q?sq)&2{g*CtZsHf;nsP~;B44Y<e;_XE56tjjDy?Z4X8{aF(``HP|nt)>)%Vgox
zu~#YLVx-V)tsrYz87wA2WsckIZ1kyZ;JDcjpmuH_{Ia~6gkP3y>{LUgcYp(@_k<uK
zt(g<cq!8-RQWvqhdo>4p1HKfQ03F8S^*lGUm#haPsZ?k(U!RI)GEM%Yg$Z;{plxcn
z1S9TsBDvP^D<Ro00S#?p1$Jp#nZ}T>LJ;=#QtTpb5<9=lH%pfYg%W7b+9lnKn+o&#
zc-CDjhE}tGocv476WlDl!j_~aBs3Zmq;sZJidjFg%jRGpW+=6ck1Mx;7NSU@$L)$h
zI0p=1G4OGV4$9<Y?fq1CjNkfv=iAo(5?8pVwrZ8<m%B;Hj?T+5L-3Rscg>!-yT3cR
z-&minL8YGuPdwL<O?^mz7V%k{?po>y{gd!LakpZzK6@MgPmwgBFq^Q<*KBs;FE>-v
zJ^rq})-d#I3n;KwM7ieF(<wM(hnIW?Hc>(lZy`>gE?yABCd|G3d&AAe6E;yW;hw+&
z9+RnT64X!@s{O-k=mj6E-jcwI{o;!q2H_N|uPNANqSai~-7GdmgeEVQ-A0TcJE`+$
z%Sy|jQro7j*h%uZ1Ji-O3dzwpIB`Q}4n04gfCueOxgp#v<1e-&fE0UaStB5-a382U
zH$<(u>lqXzePsEoh&9tu?Im*zF}pNBy1=O|o7fh}Zs@|I+}B1THBU?wn-s-i;^*nl
zJqkm;;o9hz?4V_PFtB$hfkhxXcP)MegvyUwa9WH%<J4_A9!mx9d-=?#ln4Ukn_XV?
zilv=>UE9=aw-Dm_q03XqSxO+|g)(4T5&!-@WgnASBL0U=K$!%1wO1ABOuIUR8U@bJ
zay)p_I{K)i&9cr9?Y*P7ou?zYtYNjWYmKbK#5JR<8oNuG;Pen>4YKp~dBXl}!X3UD
z2Uo(hg%*O2V=<JeyPktQg7;__2=}l&uddH=*-12x_GRE~73yw@`Vs-!c`E~i+)oT0
zChSrN%=`ns(0f>)47_^`&+z|n4V2`qdGFeQ2j&(vacg~=?dW)><ngeP<Qn22@_RN_
zfY7dEuf(N78D3JL$6JB4!!PNkNVfxdp^wC}c{fKfDcxN+IuENPa?;~#$IM;<bD3!l
z%b}7D1(_bECW~G3(Rw#s1Y4aU5+N=_Z02?KlY}969ViyQ{)Vtz<(xcOu51$9>P;AW
z;}G*x8#EYb+HTqoPuq~Ud(kaOk=q!NlgB+&e`P+^jA0IqNqpVF!H>eCQGFuXiw+-<
z>C!FKMF|pNx3D<pGPE{I9(~IYHzL8B0P~gfY9=geFgx$D0xSQmw;H;;4SoNkNAq1h
z?un3Kt9LGMS<SDxRZ+d@uo!`?NuX{htbLmzwpU$g^<BV<Cf~00Yt~~ic(GsNW!Mi{
z83uQ)eHDK>LMT>0VMna?&sOvd@pwIO-7nK~m<4Zv``g!dJ$~V<EqJy~S6>eo8ytJv
z;l`~Bu~)XJGYQ~b{`_4V|DD_!B_}0iN%sh{b96D@5&mRx#g<TwEpO~RMuNY|g7MK`
z6Jtn!syqu55$SUXp_t-^swv%0S?7<jSa((`^)>uOl5bDuDD2MnH%U_{fY;2zMQ^0}
zle5Ax^Xf`&C@dP-YX<NmK|t!#*>hPt?o(bu%D>02o6JTY8IF84da`#0VbqAKF^<(+
z%?tRVjs6yTUs>Gt68wY<%#^6mBqoMF5$8JJXX8~~LKbdMZLL2JSt9;zNk#>16a)6K
zE%pAMCjST`rQ#ZMO;#5o9}T@0InuAWN0g|)@!47rpqn!mc7|b1Pb;E9^$HCY;;+xo
zkIq>ZBH9i$B--|g86G)no^jx*IOJVqeYIZt1&^#$q7<Qw3S&Cl>6z2J=m*b~-uWi~
zHC7XNoGeb8Kk@sDVyp=*yEmI33uR>@-B6!nygrjhO$f1d<E;jK0N_@g?^$}EvAfSy
zp2yEG|Benr=OLt&veWlb3rCEBq8&FZaG?2tzMr?$$Z#{fo9%HOr4C3<SGS*GPz50I
z&P3gk*A|sWuvi{v>t@Du@P%?nBXHlphWft%XFgN;EN<b<PWxu}XdN-Mc5~hOmr=1J
zpHx%)9bIJ*nepSdZsp_f>X*|?=>F_fM7NL&@u7l^*T%|rLrw!;=9M-U&SSPIE2l@e
z$^}|Kn>NQ-sqRHQvcN5U&n5$z0geelKaLATCU4w!1yw32!uSDvl@${~0rUf|nYR`i
z25Mj`9+1kzeLxt*LUlLdQONWAVZ?5rlTVmH-rv3d{d|C=d%*h&0EPNKBGMlLZyZTM
z|ATwLrWDdnRkeVkISB+q1Go-MKKVP$>d5qK0HNNtAa(-$nLkqq#_z0MiW^@ZM0Rb2
zbW#7u!`g^{{(Dz-JMN`_sVTQ_a^Mf_tZV~3D^KL{HUI7md=8Mx11!p2V1MM7cvb`m
zm)e)jf6AAU*+zkI-Tz06`kjFX!vxVw1psuEED$+vj9?RdQ5uz@+Z@f_I10n_^ONE{
zKio~3TOCXjfJVcz7lr=5L4-s8Yo3JZ`7^Ztk9;@wWn~x4l5)ChF)TJgwBwh%y!-^%
z&-gzcDizftZT_EI_+}3<Cu(}lk_Aya_%!05i2v$ugK=@2-Z-H7)uhahR?G~-pNV*!
ztVSKV(VU$4aezu@$AFWqV8^c4Vti^YBC$Y4Wq+oG{0AaXik46cukRp(le15Hf2OV|
z8a;zKu_l_6g~7~F2~>2ix}=l&W8YMR5&9XROu@l92B!48cWP=am-Il4qXDHRxXuOQ
z05RA-w0vuSsxD+(I~OYTHcJ*Q08iSUc!w;U#ybJ6zO^gXpl5Aro1*^1{x`@DW;nIy
z*WrdqC*7v2^7}hjz?q@!Y}GP!Y_dZTOc__#1E=qo#QF_qU&LoGI~b{CCiZF7r#{ai
zeC&TM<GSL70^l@(NWKj}er4>-6Jk{4$o=a+L&*L24MfTiev7xFnDRu-iX0FHpXPgM
zIg+8|7@klE7ER6{C^I2z8>7#)7q1#VPBn1(p%AM8XIJmS1??wl2B;<E(oMP|Vepr;
zt%21;FpkbIZ7nFS{w~{3AAx<_=$-``fR}>aFKZOBgjYY+Dxd3Ta6*Au2$$VYeC&P(
zI`U~~a5ATjjAM;_0)5t!{;aeEh3X>?m0~J-k&(6a7gb&_y0p}lwbxmMWm>xRBlf-`
zjhHG#nvi)v`+1QVl<|+&<N9yE5Q60mjg9*-YKm$dvh%q<Q+$7~BN}-whef7vFM;n#
zBNn&+_wW5Yw3w2T(=jNV#?>}xy<ld)`HpEXbn1L+aT}_64;Ru}7x7_yJE-roF=4pT
zY+w4Y?LupijOzi*%6)ESO1``mh#{=TP|`&6`!$JC7m1S647$z44m)In$YrZ&G22s5
zm^`nyi@<*MRR>sts$4Od5*NDJa<s{11yvZSTs_5tV?KY5ZVA<C=}x>NT-aBZEYjk6
z!(doi<6^rx2EAuxC4b&EZ_qYW*r*C?M-L^Z>P3rd`SWK62QOr1CIGYhgBBJgJ`T;%
z5qe5~inwjzL1OZaQaET&_f6GV(!#74aTDKO{s`^6BW-jqjWnnQTY`%S#!q{o)}#^E
z^R;i|fwF`5*&!1ll<;`!57szpeJ7<Z-B&8w0}1?QatS3OShU;yzaTeEX+tzE_xO4~
zSM191I4+KE%_m{}0=P6DtB^Ed>>t=bX?pG=P<ovkrQ<UrEy&Zyhi5hgEt^HJe_jp~
zf7sYrqy~{5I@?LoX@Px$O+`qF2#h&gcG=&WuW}tvyPmFAmIi}|AUvXBpp}f(Y2uHD
zSZTp&`hP29$s)xPU$UpUiq~y2F~Yi}#ou0N;O&s(dGI?3^_81}-Mf}#4fN>Gk~s|?
z73iG_lpP#h8mGp-n^wv`&vP``tgF`&Ti<iI9wMctz8Jt#Rwtwh0_vSvY~_k(o#&^0
zPc7JfV`5-(VY-G96`wo{`zbf0o8n^7(gE(3_qm|=-MJKFo7DUW)G5zg60=b0&I{dn
z+&A^eTfd7eJiDauwB{sM22^W4Df4Dpsjgty<%3pd-+<;;Q~J-yeuF~r3i-U41=^vf
zx~KR<vVE_!<4qLihq;}X)uA867_<2B)b)p+C1E;Ry`~K|A<Qo21oo^W6e*I9#>UAP
zX>P_+R2*f3klM|*oc~N{zl1|XT=7O;U82?W8K_32`7`aN*Gyc0nwj0*CF6ch$(y5Q
zZJ1bQJsw;NC!XCinZ}$+{?(B?Z$-=S$du0;b%XS1+gqLD9UY&oR|YA!G{1@LXf_m$
zgCisail`&5*b9S<G+hq~9g+g<3Ybwj!*7!P^o}cQxe=lS&$kW<igJa-dNlrM$}q^H
z-&d343DnyBS||1qN+946PxptINR1H&LPhm60HqX)h>nwY65nT|P%EeuCoIz*sUPLV
zBV!Mv(kZCZ%}?`{JU_}E2W7VLypeqf{uJ=+6A>4t>yPpCb@{X}%H?y7o)WLK6fF0A
z^OZ=j?~qJf<JM%=dVCKQRVMp*CwCv^@16BwaVnGpJYb<7gW^gO#2P#vE6}%%E!1sw
ze0<X}Ws3SdfI%jv2AxukN<{1U+fuzFx&`J?Ax#pdJZY{{lOAr|L*V>Qd<QhlRgt@d
z{<vKDXd!qqAuK#JuEEu|&w2`be@uD)q<MU6Awe5!`1Pzx(uRw^?|m=#+qHPM&MniH
z3`jwS+tY_KCSv!Zq}<}<K{l6{_E**9@D;!-Lv2I{oy>|sA%cagxn9XWjiA1Q^k+6*
zJrcqT&l1S$*6({P6;0cL_W8zpeJzV5xIC{lK|7b{-?wW;9cUKJunfsS(M$YfpdGYk
z(9x_AH3S5lsY6QS@GYd@`*jrsuTMKlFQs^QP|ck*QXs88-=Nyi;kRAYwW^C=&UcAj
zFK2FT9NqQfX5kA#?yTW9Z%76#O!Q7Gc`C5)?+P!H;#&*!GQ0P1&lc~^$Btv~1~gES
za?_EXK1ZrkNH>Y=L^;47iZnBKVRC^AcgbD&N-fr~0?zYEtKx@QzvMqwHg!gi1JyJP
zdYiU-7}|ZmqkTaGB7=PgLGkTTCNsVAy#-w`f@LJm&rVBUx991OZx*>LiSy=dPYsZ|
z!$2C%$LH%1iHeVZFDtuXs-t387&9O-%Y+gzh{VgAikLU4Nd?4n-pf<N&zDDPR~SEi
zX4?i0qu<Vz%KH353fQGU%aRSG(4MucsW#I^E2*fc7HRWZYRn`6#l<@Eq1bHETI4mH
zdATI-=mo43gsYh((?o#dP_{A93v#nCMe_42%TV$-G)j{48*5)l9I?WQhlUCj5`P8W
z`+{N&LlGDsI+rw`xzp$oSf6m>dW`LU+(-_2D|57AUSLT;;j?hasPZ*S&)P7*#!8zw
zpP*HC)4o06O?%X<pIuDcJUknaC{lK{&Nvm-2&2IIt0KFjA|;0J11%tXI5dOD3)T~u
z^yJ|~SV=~(9P9{-Muw`~W^#jOu@(KLYWHbOPp_HB73C=ZX=&Y)-`)3yQRdrr=jCE!
z#y1Vk%&Nd-jA7Jz4rpcSsyt5}Bx~$uf4u!}+-7LMGh?i`a5x$v>YiXB@wnXm_$gYX
zxXrEY2VvT)jNT`Gd2wW;kWzK>2#xH?^4<_!58mH7TxI0V*mynJbZIH23;EReU5&8}
zmAmqqF&IAaGTdD`@QyI#2m%S$BO@-OTfNl7NKv9u#$F+H+j5eihCjA`*N`{UdThXZ
zI-AB-2%SRfy;^Ld9(mHa@6q|I^_ZES{Pf7daE8ZlA+2i*HVz9fZ4r>t0Up>cr{vp6
ziTX*uL5;19rK~AP^W$g5!0qc!fwI?cX$+Om?yN(cA&~2a8S))MT&?d_g0>{ecUO)#
zCVoIEUv5vkw`*%&>q*#lRS;hegQf<XOvA8cj|LT_q8$Il8GxW+*05Ru${&N3!n9X`
zCJU&aENh%M=VcE65XQG#=5UbV>Jt9h)bwN56kGb7oAa5C`|YzTEAtf4luz~Xa4Fo*
z=wzpm5lW5@sE;^QwMWXDf+yNsJ9E-IW@(?bYV2xBYpd58kJi-lGEFT)YaI}W3H$Ny
zk?z{xZ|PHJDV*HGQtIt}5B2Db?HyB18KWzC%A(e3`nIJb0^`G;)^MLqY)<EicVy1g
z3tv9-kaP1=E>03Io5$okuyCan6sN`Dl`m`icp@^qZSCA}vi5fL-3h8Y>B@A8_*kEA
z5%z&9hsfO$DdHCwN6C8FUKOv=f0OHf&#;zDvx(3R{yogx=>7BI{h-83jHN}p`giW6
zan-Fne~#1#=Jj2xE!gXr;2E{*W@Ao@Zr9nt1*hYa=rP)Ay(Y&5ovwou{X5U*&X4o7
zTDvUh%l2M|s;<_dJXCs8uQ15HYLBO~#?S6<qBC9#FZvjrY&{OTpV2){HU*px($qw<
z@pcFjr`f+-wFybvH9MCi86=!;>U=!@sGS-1@k+gJ>>G&0skHV_iOxXyo7F9gS?6Pz
z$!Q^JxqIZn6}!x^Rzf3V*`8%+;i^06$yF8Q+XJ4{-pBYVUtVJ2WDLNRWs!LSYTuh#
zoRn1PJSFwC9UXty)71FM#fnj4i1@7!UlyQvs(GFfd10esg2A)r(83zGA(w)QrcYWG
zrd37C(=6^NmVW$})VM$@1yIzC9ehA?e!#i``K{3%uiCGlO#9iH)6mS&vd&0iV4mME
zJzY|}TkU@Fmnj2Tc|0I;Co^z{Ww{VUTq^~@@QsL*T@c8UU`i~%1&@T}(AQw&4VBFJ
zN%*rN2sac4<JO2g>DLqU#s|<^Ov+ANNu4;z&}ol`=Elxs+fXPjv3T`hyrUJc+q6#2
z<188B<O-S6HqB9BH01jQXR@zzZ1Wxq%~)BpNCgr&*EP?@-){*D`X79kH&*z3{Upoc
zWo%^_9IyPrz?BD?)B#4Kx-g%ehKXV8E<T|KBb|}#-dk<|$Wa4`R?G@#iCrWqdScX$
ztmU1%ByzOHo4qvt1IP0^6l3z;0=RG`wPiYbSq&fo&KQWMdH&};&7m^q7DdA5f&A7@
zSNI)${nT-ATe{bmCIU9~UkA@qem!+_B1lg9s`#a2G;DL+APaI9ba_UMgJBxLYZ}Fc
z8zpnPcmJ5_qRss&cA5mNavV0^Qmk`zwHHNh|B{$t>CXQ0bm77JGBeHIqTD)`NOL5!
zq~uyY1N~gQPzzA(i6;EgyObD&${;96pK_gcF|$lsh3Oi8y#4H%)3JBxaB0(TRn2#p
z+G!2?2|+E?M@Jgt3$33#GR{OqepHw>Z;h#bXcfWrYMK>6q?`R~5eY1S41EoPAW{Zj
z0M!8#r2N%NasV;;TXf?E%tHxSR9d#Ob!XG-wHiIzJ@<&vrj(T==@jhg%0CttYnyxs
z3dTLzp*ygBVw4fwm)$j5v3GQ}bBv2S93}&Vc|~F2Egj)T(hE|bNQ{F?j*6i#q@EY3
z!Cx3HbXxYqh3nl(U*V0=TaC`GV(GRob~XCLgp8Agp5!n&9$*zRX%xmRCYxIL=Smo)
z+fE0QE=s{XTN*t}^}%(1$-)iwj!I6ug<1LhJ$IIS8pKhP@OzSWcflz5WG9=CxFyKA
zXB^Dn*cuv4#7^N1>Io}!2P^hh^&Xyz*vv|e)*yMp9K{BwJ1Y!Fn>ugPCwlS2!s3s*
zuxLE}#5_5#9;W(3T40dUW00^PFr_0Gz>$0ZMh@}WM#n6O2aMeI3oM+X84!rY_mRn?
z5Ht=Wb8`<;7Or+h-7=r(XnW~2%pjtdns@S8Gzy}29~xq-s{Rn(bAHwK$&QYLV+_rX
zyED;6M<Fd+GMI$f3<Tk^Gc0G6cwa6ZEb@>)nuN)sWANq1#1n6?wD`Wt)j$$Bj!_3r
zsS5P|@85U3AX^24xfBAZHgih~*WS>l=xBFruJ6Rr%cpn{0!wG#l$lwf-uv?Glm}Rf
zc6UZH$Lgw`t(_Kq`_Lq?eCOI+Hc>R*0N{ZHSsm{Y`%oZtPS{WH<k!K)I?Ksul_cYp
zKhLq=vGJKZOwi<6Dd!I~hDhlBDNdZv6yizWp{MnYqw_tL*tC~TS7WW4+;b{5RsOaH
zgFu7(zO9d<B;-qDLm;hSNDxW%ITjvjI%%2CH#4Qp*n}Yb;Klti%C1;(N=$h?!1wmO
zp8oK^ymmn#rv5KN%*qyGc=t`VuS&{6mgi?S!J2jAyk(mZ;6S#jwVvdd!Swew9rc}w
z!(-$%d9{xDf!}ia8Qaklyzcd-Nh*Sr!8KW;Jp}eY31oN;11*3L(#=a^2?XGQ4Q2@S
zgV{iG{OnW!C>@v*QzIt%Tb#AEPrFG9veUGQWmDK7KHBo+M;BzG7S`CNFwA%aAf3!n
zgXe}{xXlN;+a#QMWN_qIahN|Oh0e8yD*kZX7QZ);#j}Nxr<O5Nk$dEppYbViWl3Z3
z_4|poZ@r~w#^(Bi>orr0P}aF9R+BCiRW;R|sC)fINu~E?3hM3TwwTp}Mi_x2IQ(RS
z52%IIN;wU4UNNV<I8SAgPjqIlSQ4>%KCpy>$OQV=GO~couKyXQlhs1F6UHb-1R5nC
zYG^eKQ{U&kNmhbN^zQI|&fU<W=g{}?29;@kvo%Q8OXv}kl}Wu=o;5J)PGI(h>C6GT
z=?%<g<!|xKlbMH8jrX45auAVl)Ler`=(Z+KhZPl;f6B@rG7$c?tPUVBE9NSTfTuDA
zGqeo^mr%7QvqftY-=9aq<U6B&*0XWbAhaCn4f!>ss`V%Tp4zi-7TT{2jh{L5xI1^P
zN${7u9Twe-oH8gluz&7!WR+PYA@H^<W{IZ^?+)qIV=(9JKsIhDEP1X(@0%5vx&J3C
z1tG;ha_~xP{3Bwaf=KOm=lpSRXfbgh#pfn@6+svR86aLyaq@C?wP-oDls{C2g?iE3
z&$#4=tqoQ1p%w%W6`GxXwExQBe#AEfJ)OHajm~Nhu^0HNcJ>ajK^W0iG_6~56nY0y
zh(87q^HQM{1gICh-9o0SNfB{<2*Qp~rvw82$bjix27Nssx7peatHCYV0Mm-J%G$l0
zYUF{<)W!lT9}$JX@568)NhF(-UP?t5Z3EAFV}~3|x8rb~CJ}s8R$V=XT}h%-U6qO!
zg5Msp%Yw#1LdsQA4@NRNubrAm8DK%iZ9(zvkYhjhV-!;$0(5n8ZY5#*w#TX*{~cGA
z?e+{UR|oN@va&oIXyVM$Q9aWRk<$N1*IR%^wRY{}GYpM%N=rAWlr#t^-Q5@<2qN9g
z2q+<;lz?=1Nauhc2uMkHNOw2<_6+)d-}nBn|Jvu`I_J#nJ$pZUJ?pvGz1Fi<3VJ2F
zVuthD;Tr6LW&DG+4iu^YT&iSo$jgw2R=WBHhvSTj@rO$*hU?98W999?iEAP*P9PAl
zlD;A3ESg~ux8a{xXwfoxnrm*r=7B8<Ogf2xYux9g-(IRbq(Ca}5qau6MdnzrNC=JS
zG7kC!hG+6Xq({VJx-Q2Es^@;RuH>7_z@ghCOl!?rWxFz0e5k{$INe5MiM7W&=ef8c
zBpCvS%(wKz8~kQ`xbtWi_ZHQ@LH}C*o!xDdr}yY_%AYGdOKXx`a*6AEY>a>xrr_5k
zg7)4`xb6W@A|%Ek?dpYJii%h?=pU9U>sM{2)h@#*^|s!M&9B`R!x&@S96#t%C4M5E
zDjY&yO~XCQ%5838L9*zi%IogoV~;UKx;=y2$-VOiNiopCaT?tB&K{}*9dMubU{(+!
z4I={JIN<2B<#M{t{64&a0_*V;$Z~pZZ5o76mij^FDQVVhlI-~!&yb{>Rp2)(A4)K!
z9R>;I)&Ob;oihSJ{nSAS$VOeI%X<ewY^+SzmOZC`9R~E5BgUDFT;HAd^n!U>HhMlv
z1Ty?J)`t+?aSvaazvJ_5c%pWstxu){^Qv*<HD^)(nQGbYa{;YvZN8E4NWV@su9Vr9
zRQV!uG{T+QC|&QmEe#jzNp#zxjig=sotOxI;_xTPO*}PP`se5RC*5?;O09&nv_3Ss
zmUF8$H{7Kf4o+UWj~|i_6PvTTZUgOvC@F?Y{D$zy?!BJ9W=I;e3S)cmJ1%A89Q|mW
zCJCF1G?vR_j?HhL&8J1LCDr?^aR#n3)v!j+D7|0daDG@HEG3Ctz+q{v{b_o2C~J{C
zNox?eiLlH1v@d)h)p6;H7;1>_cjaOoBC?%p>-g>|Mw-vXZ@WLd^1)9ZWl%*F3qQMC
z+TnH*61NPc+1%_A1XaJisPe-}O_vVDzF5C%x|l$pZ@x*!8=i_21W%@3w@TFdnmuCw
zDt1-{R&Pyp-!rKn3dWQE_NOZuIZq0u41g8;coU37Q%|?)0(04P@NengSqNt!DJQM?
zXW}}%IXG<83p#;bX+v|2CWw<L=wWEv@m5*bbyG$D*VQrZF8Z4pZ#!PSk?7v)!<#O0
z?=vC~oozp(8XwVAG(JU&NBf5S{kqnZBR+z=xU)@iaYIZGrcjLoicR{+Kx9~<Wa1R`
zCnX%ZMF}41B5B`SQP{Z1*gtRcrY7hY8OFLPHgg6aP6D&RAFd1MuvqHq&_TpRuGt)c
zGD8xJC2okUw$<v-5_29QIcolspxQ{zxFv#L#Nr#b$e%+UD~98RC!^&3bi|~L?f5j&
zIKOpuR4|oH{K(0W#lj|f)cxwbTg*dj%|HKx`|0j)_9G0tmoL|OnR*JWPvRCl5f`55
zq#N7t9Ax9U4HLX0AR#G3WrL!iy><n?=i?{oTHhuQTeaSM-(bSTz^KD<_LE^P6lV?c
zB=|7%x7_?fJO2IT(n}8SD@p@uOd|hxO<_aZPh@W-R~)vdE*`^8E&7t<e86hMp+IFi
z(0CirXSl{%kP`I{5e9CZ@g03GF2ln)j70^>m6f)Gl|;3nDOO|XJcUGqJ4-5hzMkaj
z9pz!~mQqvW<|cF~q6Kn<AW91+Ubs8RSjVJ(gp1Rhi;{}!ImUa-)&2#LO}c!T|6~4>
zzB9!X@$_f~Gv8te0Rh2`fs<G`oPA)rv4sP!;Oy9?tNCp}i$3lPXWX#O+(QY!@F{#L
z)JPrL4!Y~>`FS|^-tiV$Eq@GM2#Slg%lh*-5RwOM`VJk0=EcHqOxu;DSj)6>F0KAt
z)7JP-^Jdhcyf=H8DqvXMYoxJOpd4NIRn%=8DC-Wb53Ap6--3U%cqr3ljPl-@P9)pi
z^p||%uo{`!F-9zADEW=#j;%B%cE~Een69|T-~<gHp^EYy9~dFU{dCmNJ0~&7cnt|f
zVV*jl(pQ0kchOJ>T#6vT)?{I9n%iEODa?gCtf<1VQe*WCbX_}1nM~)03rdEEZ|Ew-
zGm5><Nix!9A!XA38N49;`E!?M_k~EJ_UzDyFSWnm9};;TaSUmEdw@-mNy(o(=H+79
zSxg0gX>qW;5(k~J+?fgF?OYV=I9N%cfrcTd)hDohHZzIE2fq}F;cABmIN$VUPkiuD
z{O`Lvlub+Bjb@Ls;EI&)`7$6z9!Yn0F!>RqEB*EO9l-B83`ju;UFqA!A7NBND7<D(
z-e>#Fk&m2~d*UBLl0;nAhw_Lc8J~nxKXSA_@!S9NGm2FW+URuxG#n;BJw)^jPJwpC
zaOxEs-?g5oc=bD5rSc;17j6=f4%wGkx9dx<m_Hbr95N<rKpzWBoz}e_Bu|V{^WJt;
z!WUJBkdl&=Suf-h$Kq2`mxc3>eJPA}D2V|oiOELYDU%8*ye=f7uFja~<uWFplo*(k
z6;4F+(tpWYEdE$AT9U0?&ovddWlSv_t9e_z3~2SvOk4&G2gz5_LmoWmqsnb+CcUOA
z1)Qf>FFYg%J;sX_jJ^DY-ZZ)PdxuxioElwT?0DP3_@74os7aaH;T%eFQ;6xT3o@zu
zlaeE$+E<a#ws;o`p{5?h!!VX5k3-q2<eVqCLR9-f=EPe7W+8pH)x^QgFYa#V>qz$B
zKVS*0`rc4w^t%u1;vrE13Q_ijDEXAyd5)>DOIY0VTt4SjQu3o{Y;v-$t1Q+R)OYrm
zrwz5H{rn(s@}?#W^2)`?<lMYlWG`jmFB9mx8JW_V$2nBw#e~uSJ=N>PiRNzv%O=7J
zD~`v<8s!gv=ci`}T939j(Z|c}6d}Smy}cjGUrDwwGV?#Zs21vsvfAKFt&^^_!6>)x
z{czVoUD$os#dGUQ(TtyhisEijZ5EHp`Jk?NZ>)usxPP5X#4@P-?(<)DuZVX`mKBn}
z0M)+GbuEVTI}-mK2kO`CHnH!bswJbMv0vHWQ#9ehCg=4%rH@06m5>T4Afy!NT8i6s
z|J6>$y=nA{RT1fn^vl1V6nta*mp;9}02K*GPhhtJI<dbd=rfbVZI=&oJmd5k3DOkw
zIjfD8(C7K!xb$F1M{?Y&7=-NY{sXsGdtdhLLfasN`Yji`^>&}p@47-Yq3ykwqnG`k
zUb`c0Qy$J(?!@^@*PAKJWHDWVA*|$ls^%+4B0^{=Ij?DhJ0aV$7FX(=HNA<+q-%D|
z#H7Ic^U#8T%XJ@>x;OFgwzkrU<I|r<7a`FO0tR2jYB#xo^t0*x6AWZjpc1tXXT6!~
zJHWn7tBBq=3#l&FFEI_zu4~qR{qaYbQ#C-hT_<}7$MH6QMRS!h`I#NxUpO92yl-op
z=CYxc!yiLcyn0>VOF1&~V*}Xo;8i&)3U9f$#rG&JnN1*)h)^+($E42r)m&RJF{|oV
zkRxIuTB$y2DR@0z{-QfJraF#V()aRoZ&B)Of2li;7vCH49~}|UJcO{%ts?~caAUN@
zteL{Bp?Un`<;f(0xl%AUzBmNtukMG(q;qK)29S+LoiT9dH5TU$*KN*zz180<3$yDN
zY@V-Z;kEe6<kx2_$CRlB*)mGTnhR1I{tR-i;i$a}o8u>8Lt5MVc4*sky)-wAQg8h&
z+g*o0a~?mHAs`~Ey|c=Axb1UKyNNfDo{7n(Hd|AfJvFaC^XFT?)N<)8#ft}EuQIot
zf&oXgWYX6Cr3iEslK>u*-mftoaYO_mR3w~L->SaC?}?{YsEpMO|2EJ%v-&6k-ZuKk
zE|%FhkSSXhF4GZiwV#)>jCIW=Id>4jXE#w)E`^`=B;sHt##fJsnfMiuHw$c7x&A~%
z{n4Vw!#XJFb4oOL#?X3rJ(HAAms+UUnbsq`H{$g4{w9w4<6P4#^P+$bBi2Hbi%b!|
z#}7ZO-`xY^&^!tFz9J~d;Qt^h1;d@Yj?5@yT!1%0l5s<C(VxoM4thM$`BWd`O>%W9
zGCchJWj*L>p!p{24cw8-=(zLF>ig|!9Q)V{CBK?Ve(QmS=PI`m=7)T$h<gZH#!5Mp
z5|B=Um&zEIEocDs<Ap6`?t-q+j!r*Ea7Z?*CJoW?#}{HC39Aio1^Gm!Q!}_h-NU1j
zlPiud%=Ye(Q-y?vxX%Pj$ui{InUq?ZRo_7%zh5d1sIH*SjrUZJ$D&T&_*?db6+Im_
zb(I~YDs-~?<_P6!XvHg)8MdopVDd`L|IT?M2gbRtLb=$aE_wD<!%LKNpsTA!vvtv+
zrK{@{LrpM8ZlZ#PW#9K%yT+Z)58h{kigXRrs^_Obtr^MDLGmy?ZM_mfyL|RfGdK?Z
ziId+F;6S^n{3j9#`2B96?sihn{Bvtok*6``M3$J3AE$kN*|Krt36v2D&g4Dp`JK4J
zcOjis8|`Zrm3(Sv*<Z7_=T|YxtI2I@>;X|H)hT!xk4a623`dJ#(};Za&Ggk2-jYoX
z*RQq@kB}0ruw5x77k>BsL*qq<(+vOKifr%KSWU4#?XFPLofowxb@)o}rLNqZ0k`*<
zf6r$=4`r9Kl+f<Aa;E$Hu7a#)Q7{ONxJgwuujL3iZSYQ!0zxcu2n>&ykZXhBM$e=5
z;R13#zybkt69tTv{qyUqi<6yMx-WbdtpQlXP>b*Haj68AX=euzLb!@-B$EU~w3A5^
zCI9m6Mel^%2k=Jih;0}?WINrf@BNBEvrsMQJKt;ly+J8bVUg`Pj?p&a=0mR$o43Cb
zY=(zOEgX+yM^}gsmXvHkcL>q(n>HawJ`C^o5>T<9lqtsa=)sB>Mv8g|ukOjGOYxTJ
zl^o<i4Za9$sG^ptOjT`_Oi%0`N=48Hl7Z~ntLzRGW4h5nqi?q+p1gr;R+K+z!mkOo
zw-@jc*f0U%479d(svJDh)l&Hy2pec!9T+XK-3ADJvbWu2E942jyiiy^!l?o)Qbx0t
zb?aW$PFyL%N#1rvm*2l`{!CPDlPVv^g%4}81kiWpfi`6+Sy55g1;i=vk<&J%?Qvg7
z;9(AuKOqJ3^?|G-k%4)94K|gu{(TkbidqUCw(8BsBH>kV@ln0*_A_+)gRCB}{XAbE
zvGW^*yL(g~yByqDzpmNSZt2~^>+@DpmRh93eJ`LR>OsYa;P3BA%{Z#9q~70IhQQbt
zhVovFS}z+`eo|UeaEi1CD1n11urg_mDtEO!j|r=f1HaB!k;*9>IOaNPP|Y#U#YuB<
zMm({n0G}eYK>l+Dk4AphHO;r<4>~^V6DMk>cSuMlrCmqZoF6(?FM7jK%}a#=kj1k<
zL{T4LQs3Ykd3v8>eJg7*^19RxXh46^`}yH;FxyfWV$OJ?;0rhvtb1B+Cp+wz&V3B%
zsE1JrT{^Ct^2WILMO>c!7U>9HeB?mxwuAm>Wcr2{upVFX4h<L;#{que9LWrocxaAe
z=Q57uMLo-3hHMeSsfH)3X;vUvZG&0Ab1<?oqgZFP&;Jk)+{hu2+)_7&d-jR)g^hS>
zSBWD*Qbo1W+KIp`j+Uf+lX{zRn`T9=`%iyhJ?k(v!$QU-jP)N5_i3oeeMn5;C33Ra
zKA_$ED)j3H<0Jq`C)#Hscq6u=a$et$=jxhG#jhq4hpLz=i&d|;U!eW&S`z6H{#Fjw
z0LeyUGAl;2X{4h@-h2H1&fNzfRiwayJfr1biL7cmW#%pK&~V5=ct~-~dcOknS@XN5
zww^(JWly^_&#2mdy3Pe`h7|Y|La1vz=9ZHu!BVhkG}?)tK~>C{*u+o-Ly{+YEdZc^
zeM^A(Kkg#cUcq)+nc2!YYn^#&Vu7Ajd0|FAL`q1D10*<g6`0(U_iVi9?tV&xmW(Y~
zd}$!hrNweZv2|>mUgxN15Y3&~V&vsR+eun)c|EgvFZV{$IyjblOU>paiUTY_m?-!w
z$>{2)qvK`WVgd6=e#}*=YdybQVDZJH0XlXWtrqD3OpP`3r>_tjxcyd1NbxGE_v3`n
zRn^?w_FokOxq)32^{)#nKX96#_3Ya$8vuEX=dxR&6YL`>{Uj=HjZa+r_AWh2A?o^E
znoK6#(`vh<q@iRg)enJIIHbdLQ>&CY70VFUHT?8jcIVeuKf5K#)l7Wog5n3~HD$V0
z9%gPDwR<ES(e?o%gst?+vY2Z)P<v!H($BX~omk19>@B!vR9+|qlLfXj$PHd)g<mL%
zPOp5I*1iFg#pPMs*toCgl|0CzJnr-_0&$s#S2l|omMc7Lb*x#Mm9j4C@6x!4317a+
z2^-4}yJD@a*kiL8%C(*T!+MQi$D9429trrlOm*A-$i%75{vMAy6<Vu$mc0!G?b+ck
zKx!@W^D6UEf*LlfYJ(3>;jnhkC!)4YR*GsYqv|Gy!OfJ}=bA)lG5B3KcB1BnKQq6M
zOEycGTE=4}Tx12KH%(o5v+sA_`1zghJJA5Ha12Jj(dzI<D~fqpsr#Nk#=h~7!5z6i
z)FbL&9&#8M8}sz%+!EDSQ}mXU=7M9dq3t4B83TTHNS_6F_t(79Ob|bOIW93<eCKFo
zdNec7bD!ajsjcnSXpK{`l3%kz3|(fM3;QQ;D4#hzt9So8OHTn`<BI7(CpTw8pM%Tf
zykCWOCDUR5&m=k=$&KLZbcDM1#vMw*K`L@muhwy1+5EWQ`sMzp64+Kii$t;G;D)HW
z9Q|rsW<5|hR0K2gZq&<)7aZPF3`p<G3LWSZ2dp@p<^U%G!N5bEnnnnWLnmK5PZKRy
zx5%*4W*Eea6nZ{{sMB_IA%tV^0(XOAL_!%&Ry!;=b)o=R(e(}DFH;|=(xs`T;P`cG
zr53|ONF!*$+3J2gL#nT5XIiA){D6(9ho}j`zY<rlKrF#gEHP_&S9PkDzCK|&aF*fa
zU%jez9ZI>5dQ*A9L=0Cmcir;8o%Tk(WuE&+Kux{p|M_yHv`X*{DE7{(7_v(`kCUzf
ztuTFMX2i1Kw0%?0rh<kc4Kxm62C`L~J`q!2=VIfL5t22nJqG!?-S`!9Kz1%?rm=n&
z0UME<I|7->4IAH}y{4>MYy094x?@4`?K$NY?XMMnNuz8Ef=z<2_gaCOGDyesDd?m2
zRqCKTNqTx4E!K`u-s0033d<NV)jz`d?hBu;)wQIvh`O1sy%qfQ6_MGI4D*ZqItnuB
zwmf#}nV1O_{JWDcQe(6VG?t8geH#8~&TE`G^{&CF(8MGznA2OkQ@YRv1+%YU8TrpT
z)*C;qB=p)va*oDw!_9$4IU<YgSj1h0ntcLx{ZHK1mMj)_=i4)&zs4HQ&K&3?q_?Mx
z3ZV+EZNWlapo6xv1I~C*k(^5wdGI0XoT|nZ>LP;$kb=b`rRq=pNKg_yB6Ee-`c!3!
zaxGXUJyZC(?`rgkEPakqZ>^l)B5I@@9jQx+H<qy8rg3Ut7Ep{HSQ<pg9hb@}v1@{<
zghr_G3JHgtq^<ZnBU^sqo_52>&(sA|YxL6twm1Qv#LZq#)#7pU&-e(ds`CaAHZPZ0
z`JfD9CI})0E`8yDcD#dPPc_{{*T3IaU&1`BIGnGeg8_~R_<%2&gj!DZyt|4WSN(gc
z=aD}#Op{HA<H{bcvkAoAnNxFKZXf5kpY!L2WupWVm#R%QH-{&Qfamv!AI-F@vxbKe
zc7$^eKXz+iZ2!clWC}SC^0^>0K&_#0-tw#hMUKK}d^aA>HQbU^7Q>$yj~;Yt5wi%b
zVXfn~`rU}rU{??rRtUFrnff(Q0o#@?Vjvu+y6$sd4@NsKeorA=%1y#QA^8dv0JCK&
z#qsR#BRj!+VW46l1OoU>0L$?x@|F#PyhqCZ5ZT*C<k}=8g`8LU%xZz3ZtSkB(Rv|z
zKTO{4+ufn3XbD;g^<al_6=SIDVH+_Q8lTnVi)D@R{JJV@9&7d+P@0HwSm2;1<FbCn
z$ZFqSM8Mc+O2%V$ERJGKGK8hu9IB1AB4|H*{3gw--l)c<dzQ|DU^vD%D0=tx$Zz|W
z1DN5`4Ts6fyTJkamjJPF`6I%7wK|eRh@xdRqP`A=kJtRV>538bu*F$vVgbHlY_?e^
zf)dNieH9kUMnkW$@40bu?ArO({HRSQy^q#hYcAUmBlFP~B?pbk`okUzpr7R^>}PRQ
z80#_W@-vAAB{p8nBRa)`fEZ3X8jMz*b#}%c^OrC6O=q_A9ggyMw12gNr!N|rb8kv<
zv;qU=NKtz%?CnVwgAcy7j(?K~8`^r`yN_|8DdQha;2>Ay*e)d6|Mc|`TU_(hEY-}6
zSu@Jc-nEZ)?(sD;o#Yc7r6<L2M~on(zdx64i`6F^>v#4v2gcVQYriFkVHpbp8Apow
z#58xdL2*EWg?A!IMS%H`X)v0y8tsVg<yM>P*8T*WPo=`FO1{Ke&o6&?zy0GBHCr^$
zQ(24oo8|?f&>hEoOl{Xf>IrM%en<HNat{`WZbngd;-Q8}-Jb)>5;MQ}oF-nM9?(~v
zB+*f8i?6I^A>C%6KM04RKwzt7VsZTY%#0`JZp3MyB(TtlyR9ZtP_3SR*X1Ckc^4U(
z`vNXLe05Qj$?8*Qecp)r9tTM2;0FI8a9XaYK)q4VmaYAE&`WVcDwW(hm9uY#GU)s?
z>O0G?ok_prXX8R7$6(cKxBZYCr&PZUaFh%s$iVG+WAyTFNd#S7)0J^G@nofw1I9!i
z;OJS?Sh14xPj(!DXQVX5S@)%e;js3FU^PXMPM&O84u9OG>(*9Ph*7o3q&1mw)Q#sr
z%2HURTmLBL+{+@WC7FGYf#(bMxIVSD+{0O<TjPs6^~il??#d5JhG8gHa*5|~mE&hJ
z`AO>M0JB>r-Py|2C{Y0-P{dDLlU3(aFK4fk!LO6v_;RX5O3!)A&>T{#U+G?!G2~G%
z7V`tc`;=e;rKYIPDQC%fYw;@=5CuP|WSQ}t*i*dm`$&qI=rj}sl%iG9&Zb$YFJAFn
z1W$Af$Y?Dz1?J0z()C2cf&oWr_Tbdawq%FPb^EKNWWT|1t<$wqg0SD?1^O#LZ-c8B
zrhhzBPqt0hc=;hsf@kY*D{w%m(Sv1IsxwHD+88MUfFd`mps)x+Q1EHR+;`_-Uvue!
z0uC<`f_}I<kntpf7T%xs_yZmd_AQUX4b4IbGoSbA?)>);-4{PUGb_b%89>1o7@Kqs
zG{R>4-fK<=u(UTH1Zx~gDU9qlVS~^3Nln)wRA@rgRszFX!uo2li?JL%Pm`^)!`Ya~
zIHI@FZxaAfq5=WhuSwHyhQ!6>K&nrumSK(HZD-_y9+=fXK>*)=P+Oh`o1ctIsCODg
zI4$qXLv<i~VvySWLyeOacj&B}Po|>8v%ve$imAX$Z2%3Xtlj*w5Mz_fb?0~j3kZ>K
zdU(**q}I8YDb!>i+?0LB)leSjPA3ngf(p(~P>T!T)zJCe3^?wX(VfJ}*>DIGzyN2f
zk4{7`u#JS}-bgz%LX}Qb+yvFRc~tzQNCoaYd@WvL1DW0T?k2j@2ey-bUPV=%<0g2(
zkZJau)qMVaAoF%J%E(pq$f=R%+^o}0ueb}v`k*3X44&Xo{!oQx%gdJ_kr2Gv6!0^l
z@L#?@Kx4t5)uIEnOIx=Q%q-t`9i<V*B5LPzW*k3jW%Qda2c&9K?%lz~?RvE%1OkI+
zMIep*S)a4==rSLnKf%e6H`!s49A^OdODs%e9(^zPdjOEOUjw4u-Q5*McW?du&^_F9
z>HudLi$Z>>QfUQ1=KMc>jD5@HCrm>YDTkcMc?O~#iv2}g%GF{d;c?6MG#p40r{<0e
zdc#n2Tz|pn8JZ)5EHd+0TG7mIP-r&WFOdS*TsdjLs`vsVe{g4Vc^X$csCYM50ocqG
z6@O_r*vmy-V|wa2y?BGdyiP(_RgXGXJK^N+fSu0|WXD|mcDI-k#wX=drV!j**Exga
zX|?8Q?cjlk1F?whr$C-T;$CFf3fID!T>>Tny-9r)QAz`nuyg<NqSle3<lcSaDe-}C
zR%!iaGu&&BPGYwOceWuqu8*2T9Z2-8Yj#_T`<f;3S~N>Z)<GA&o0CorWRVB%;U5yW
zV3Rm+-1hrYE-x1Q1T^;R%dX`moB8NRM~&C2E-^N9>ofk`2Ym_2(+8?no%gjO1cgG#
zeyZl}BIuxHSqCQ^or64o$ffx{Urx*B2RF67CbBq?v=nb@T>rO~Kp8l-Meo;odH6Fi
z-^*9A=b^Q6_0X)=&&>GL0(;kVy;K^?$zEbs7$<0o$2?`P;}{))LT-c|WMGynWzU40
zAE-mo=?YOSDhd2x7G(rkf(kI%2!aJ;6Dd$U8WHE!ez1cJLeM;qfrzn}B?}aA61ntC
zK@P46K?evJy%JOLRO^9sxll5+cSwN(=$KmA0fa1@o{ES;BnqPGZkyHmWl5G^E|gbA
z)PwHI3?|y?;~WNU4;)=S@(4+&$;{Ks0U|EZye09iEXF3UZ2hVD3@OCVCtS=w+3YQJ
zQSob)Nub+c0g=dX4OrR(4!vG&v#6R<Vq|nIwb}U9%XB`AcOAIM4BeOy6Zq?w%|`@Y
zhio-c#RNlYtCJ@Sa`Xk#v0PLI`8z52G{|oBm9`L4^)#6uAG;dj*pBuZx4gJs)2WZ9
ztNv!Jh3W9>`Xv2EE4_MtAu`FIl>uz~XCspyQWqgmr1kGT5t}^V0x<%Wob>fQDi>`!
z%xH8hW}!->yj1oa5b8qT)bT2HbKTRz=?`Wo0P}vQFXM?BW~A?#;L7CTs)STOELCSg
zD%F0zZkR?AY!^{!GH-+RM?A?be$fT7%f0t3sjtS4o^Q%+?1Hcue!$sxaz2ArPTslw
zHTyn+ui&Nrp#(gqKrN}CQR?*b?zqMV=wNu6D(pSDO7C?_d~YnL3yJh6hBcd?i_LyF
z*Sfiq1Zza&8ZMN4=hl}$=}}HMNsI*<#G%L5_!#h)jlXDrPe^57#h1jZK>|j1<-I(p
zhed~}NI(*IPWw5AXfbIirkK+~<`l2kuwOux^Of)R(7^B)C7kgS@t@Otb}5!)hUbUr
zxGm!C3xCRCh{&G-Nn}f0r-ecz(eDXl;DOOs?(obJm`BZKe_a!%cS`K>@2Lj~2RzQj
z2})@<=R)(w^|@;0L1|(2caw7m4<x0FhNOT)G005iQ(%R&<r4;XK+5~^B=;$pcZ58j
z9O}Lm-E|*d^p#G6UfwJ>N4l0DyWVTLC!v7@9rZCCy%@a1){wP3?OeNbMA*kjoBtB1
zrXpEDDMrZlwZK6<F#-xpY<YRFXmE$++|NVn+HNFLS_*dW%*x95PS0Iox82v|sfMt8
z4ZCYyk-C7hoRhwd#yhKC>9ZTL0??!vuCiVvXd!pWIA7W3I6F7<6#D3Y%e@OV(`Z(n
zr-B9jBHYOMfFl1YZ1avFNY|%G{;nJ3HSX&zWg2i=W50CJ{kZ&;)sy?L2_spo5?X&S
zf<uMKuI1+yA{Ldxc?AhiV9;|gX>%AxI*)vkh5*V(Dhi>8ow%9ZNyV9KobbAmBep2}
zX5T5Z;+F@x{dX|C<L;TY^gz!rBu`lD!37LEhQ=4UhdOB~OHth&d_5GaHx3}fWAKkd
zY7_5Yl<=`%?n!HjW^^}tK1KVLu5&WxyQM8uMp#fI@@h+~0~E9-vd)*kna_@+4E>5@
z_Lmf^5=jlg^WT5tvz6lT87)a}zIqAI@2r10Is<I`zA9YdPA12n!Ev^mc3C#Vg+9uE
zBvfq&8mv(K-JcylIFKcw$$m2a&8jb1oXXvI^Q_FO7rqi<#^B=*PD$Po@jFD_AL{<y
z=ZL;z`?*A}c{#Wcd}@X{Mr8_g2`4g;j=|#VeYI(Bjyu*+cJ_LL^yvlt7FARU(46gj
z-S_ZH6b6<m_+8W#U5~<5QYm&){9Woi_wf2r&h`1}p>3PVf_)kH?wjwGS{>PF*(+xq
z*6nt1{+=OqYRDIFfndJPVxTDtYUj!CbH<G~oSqPU%7(+WA4^inq#i8M#=vH7*0}gd
z7J>L7RK5ap-(Q!Md~AK4_>6vwBoCv@5zW``)J+^H_Hmv{$hEhY7jzf#oOFNxoJ<^$
zrPSC^F)4@W5oZdNCDDvU`Z;GrW4F;-Sc^Xf0FLyNGt|p{ug(Fc8-k>y-FS8p00^J1
zYa`2-P67dkAf+xySj8fq3>aB%!wSq?pyI>UL?uin5Sx@k`>84KixI2duZSoy^aDaL
z)C={?faEBkQMg|nqFnk)vk25C6F8XW7XAQ7Cg9U&s$Cz>76AFh6>f{u2JgWxdVj>8
zHL)(WyG=BV*A&`86Vk@t^@v4>@>UMGh)>y!h{O)yo?bY^9>+#Shwt|t<;<!9_08&x
ziv(*tFHmOcn@B!}XuL{4TJ+ZAibI*i85#fjwh7U2EK973(?{>T81=#HpQX&-$>4Jh
zEgt>{z~29J`{f@BN36pbJ^5c|`J1usbUhq&%iJl6Q1W9@)ku5uhn-`n1gJq*_!=qD
z+dw$RD$<iQfg*6ExF-n^Zbrn*VP(%c!f8awD1;pl6pbH{X+C{Ra7rZ#BA6veO)Wye
zh;O-WQuJ5ZO#=U*#N1Li>ng7!8~A-*oez?@uU!KiTs^RTISa2(LINo1&d68YF-7a-
z#YTgB#Wn0)hGWl8gGQM3l6SkQ=3;?|uYPpX^c%1P9G7q)<;`|Q?eAq(NOF>g>+<+r
z#HMS>pFKGbQ+mCzjn(|bua1D4sE_mHnHUJtoC%^e5#^C6{L~!y0`m~n*49#PJ!QNa
zBx4-6wA7A_lu|gjAp|3q+o<aG_=Bz5JItEt(#R+z_r<|p;VnHSg@|joZQt3vopA63
z0o##61BiAB@?$tswIm9GEVuNbRh3{N=9y^Fj6u^kZ>v0K{=;u=?3Px0*@GGc8aBrx
ze~Nw@5zjTYdxf5mA@T_iSG>q~dFD(&b4fFzjY7?-OzA1~uH^NhUu^<><1l3zh(PpG
zK%Z011fVCC`hzGUV95sBeGJ?@L6XS7I9UamVnPwpUDEN_8MuQ)8EN~R!2WATO%>TE
zK)E}?G@vEGZL0RC1<wp2Psr|jp$4G5&Y@{^_B;PvpdBO8E~f*swkNUy4v=NYvOrM=
zu?OknA&Y~po)G=_{0m~MB=QPvYzHb%NawvbZjpZe8L|gl<lhG8_AlZOMQqinG3jWA
zRgO^jLiyG?#y}wBm~ig<hMP_lmIj!7xxppYs1&-yO{w?H=dCh{5&-L`v2M9+=iHKt
zx@)IZQEh$a%Z%XR4-AlB=T!iZl^1lFIHtA9etdaE?4yti0zp9vveMdbgNT?lwOU}v
z8lH~tfK9o7YX`BpV0Djr>1~%l+nYH{8adDcCJwJ7FRFmrz%#`xE{qR+LkAo%TopTH
zqYVR>RvX1n$Wu>Si|S{Z(6`U3Y~!baN<4^P4dVAqXZ1uG^A{h>aOTTAL8M0@wagX>
z!QQr;lg%Va69noj!CkT#0sTyJN8cgH1}e~IW?GnLu}*M7w2frJ7ocHu4U!WSb2)OL
z$RPozaQ_?9GoQa@kce-a@({8!k5G>%f~57ac}pa%!e5&>dGBzUzR}FSkm|1Yxcben
zA)=T*bni!B#yw>aczsE7$yY}9r<H1Q7r5#G^brk6mj!B$7Kzqnh(fD@?Rda;anA@u
zg;1aiaO(4yC_n*zJ~Cz0*kVM76o&NYsq4&DZ~<f|PQ@fua?g56F=B`1{d%7HFql)4
zcVTM|qU0!HmaC;(S^b#F8XMbi5U`)&a~V)(gix737*{?)5wGVZ;$jTxW|`|eg2*<)
zpB{Wo+4Nd;LW44P*(7wKKv$Qs$((`x=vhJ2ZT6NzSsAI?kBjHv*vE(}c25%0W%B<Z
zT1?5x9)`B@Sa<!^M27QTG#&>H5llq^hGsnnf_p&M1$Ll$<M|K$C`4v3GKv0*LFY+X
znY+#!8}e-hv1Jj|hnTb%BXv`|1@;pcS$y|@3Qe&Y1lhIABYIdNMWHSgr;d#VHH(sP
z7Ra1@_iw&^6vjYS6d2gK?e+xKN!EE{76xf**wo=Y0T8UB=jGl4)2wWB%;AClkWKei
zwJj9GY$C2}=J8rC@?M78cr3}wLI*X}^9kAIL)O_j${7j<TOtSb5mxFuN%n1_H3kOe
zVR^hSoHVFFW2Zg-83tqES)MAq@4$`4CI)j!>5L(4A>pTlF@sGmS6vZoU^oo^mX`d3
zjVIqwha9@*IAkrpECXu{%!0V&qkYBH2Qt`1oYxd1E#th8MN$j&t;=<Q&;XMnjpdb?
zAP6-#?k4&Ii;y`bcfu#-&p2jkRkj6zB7M=I24F$*N3oLnv4Ct<I1W%=v9SYDz6lZ5
zj0RrYZDYYh$>Z$@^dXhFkln`3L3-wU>6m039O$m(f@9M~V?LYPKehpB1rbL@mRhfk
zo%zC(m#8CBQaj;}W_}|Et}l1u+ug>KtdfPIIukL&9G+|fMVk>4ZGt%+xGm#Wrlnr|
z2`bAJLi4U1$8@p8W=IQ%YG@qUH!djX!H0%>lyhVtda_?_szBj_==#gt??j??1caZy
z1Qg5Yr4@{^vyGZ#U?}?2P-}<%m_@_eL^d*$m5rA%Rm+W-w9L8PD3Ja-gR|}(8eX(c
zG#VZXYT5V5G5xtzn}4<VUOY(4R_Cqs|F>x)fJcTrEfjHab!Cl~1$3a3iMsf|PQef2
z8xquwYS>+oUG5kdx_I>Gqzn`XTBI3V3A*syv5kk>M1(ql|A~CkVG<_`s+!khYhD;Z
z!XwQ_X*QNQUGCR6ZI7CQ%cB==o?&f<V_IXlr-j0XrOULC8k@Bqpt_1WN8LOBb<E=F
z5<52aSPKl;&7~b7^0%i7kqIM7K=|0bpr_2n(x8PlJmg-tLp2%Jw5WcCO_FF^w(MMb
z6dY>ph##|B+NE$9LSNZJafRv)?mZ_YIAQXD?P5_#9K0-v#I?*(Y$i&spT!V{v{P->
z?a*P6JZe6uxN$X)Ir}~EiKbokNp$@kp#}q<=Y+dw&p+BZg801mf6?CCXjhe!wN!U@
zK0DzC)b~q3xXcq+3Nd>Dn+U+#Xldut-u60@WlD%KOF0a&hR|2$S}-Tmr&E+#+NgX9
zqT!)2jlmI3Eah^!hY6Ph3BZ`_Jc!dO#@2!y<6;Qa&SfjWrPPT7==#B|;e;UFp5D8Q
zScoCYtHE1^;(@~FDZ+zk-fPq1P_yB>I;ac$ua{J#jyBq^3XDs1{gm(VeX$wrNb8!S
zy<_n6CEX9F{1E=hlA;|a`Auiw8<SXDfyXjlNOgpxU}##x{PXAkmidVO`6o~VYqah5
zQkaVa2JV>jgpQa}<vFE#`e;nl%J$4-!AU^nM@LaIVf9!=U}<m1lO9I{20sj46w!bW
zm~6|Rjc`Z}5IPZE`6nX)&z&BjKk0PVA6%_jT`{`^qJaX71Z{YaEuR6utzm_6+ZeRV
z*pV~sor4N;;?#!Daa8!%kFf)<@;VVn6y~fT6-8U31Ri?O95`zLDl*i9cRO_%D9ZZh
zp)l0`!g~VIZ77U|G%Qr!#G*RqTRuzAU(Vo+NmlLI9k{@yuUImA#GxXj2XVhmSzJZZ
zr(U!<e)x`V1N~I{QYDX=FFp4=zdswGm>RmD@nxx|$VGvchy#Aa6PR`Zf|fa{#*ClP
z@G_Z*ML{nf$gQ9o*reUgq8ITmp4m?Em4T~tjzy?nU~v`bFitT&-PB$iEps0@t{Vk&
z$#yB{<NUsiG&3fAk@w=et+4<*>Q{E4(Deoem#q$CTjs~HydXBtpI$gc4s`IRzDd9~
zl5ut03VB<Ql>@pJFj)Dj>dp@Ctgb{|c!>GT|98?c2`W4$feJ$1%c7q5U>~s-Foc0U
z*wgYIXd)-mu!|v8I0vuwW-%)`tS9AGg2&i{9pk$(2`s@CGWW|e2-uD5X;*25sNv$?
z@?uc0(}0?xNp~rAu2~g>;>r6r7DfE562+YmmqiXx4d><J+nS5Mqky5M^AX+0m4nW*
zb?mrxlx|o-5m6CDT{#9f;k$%yLED-3D|iwNc%_>qM!JIJY>!6uRj%lFn{3;1GDV=(
zPyT#uBZN9&&=KO#2})#}sFfA!f~2kQ@Q-Q0pVrqr=s0twJ8la{aiEe8f}pmaS6|mQ
zS=R0yyep~rP5t2;@zqRwEQSN;3!nBy;7<4q8m#tB%uT=LKMZq$D$4aduFMDR(>joC
zgF(ja*CxQ`fhi?x?g}!)(4=>cVX{mNgizT{`e>R`xb$%8trh%a%|s+5^k!!$Fcd1g
zu)Mv6i}|jgpr~kU&DUObP(@+)F-R@aapDhFYz8~@3iGiR2ujru6LE9md-d$*_x$X}
z#(JUG_6BBK8;eQQPM`aA^UImvSPxN_RlI8WHV69XW=|CJ{5{@7s5V9#lTV&6Z*}Yx
zzwxwpvTELva)=tU`6=Mnbp11Pd6*l-A4kTK^9-k_+{=Lj*c)_o<TKkpEos)Q6ugjl
zxCJ%grSeS3u9X+gxY&Es>_z>0(>3~p7w@zwd^5@Ycx8jmek`-Pmbw32#)8I#+kAe!
zgN`vDvY0sYh`Rh>Wuv;-Y)nZAPuM%}r_I6V_-eZ5y6fiAs6yBJ$mCy}SS}*3Oz~Hr
zYaccg^OkC^<S~^q@QEG&$e)7%cc5@@!#&9sem8|IgWEIIkD4U5X@83NEqSTR%5jy;
ztKIfOq5fxa)5?vuaL+_?o7oUB#HXbA(sO&I&+J0pH~83j&hVG+<Nd8piH<ZN-F}0v
z2%5O$pWHrkdUn1MH#Gbp3G<LnC%@#{*WC8==nC88)avske=}O3hlir;^1PuA^ulzD
z#mHA<#;m$m<0N(drZ$8Sl&ZeYt&Rc;2rqtmA*gTW=`7tZ4T2xvP^GGO>5aYH?K@i0
z_GJrrgVAg2y-Ix0ccNDfWd7wfnB<vkyfS^3%Jk7I7gA$(@$JbJ7O*KDr@a{!*rl>}
zL;k%f=BIgBAN-;7gl)|7^^Xs#0lv!Y_xn*mW34PlPXuo&X}~vA5!nZ7$rtXclC=6j
zm!>0Xtv6~6EJr6T<e=U8l@eOOe55c}5E)_>0XDVvy=4ftG(!1ugK3}-;?w>8(Q%N?
zOM}>~KJ`Rx%D2zzHxpc+-{j<8E7Y(m|4=GBIrp;BDua+dD3!UtdD)Ry99s%gMGyZ@
z+d!D!HnVZVhk4u?1?w<VYD5u<$*j#(e;@u`wL#uh4DYTB8aPPh+Z5`^T@gIdxxhDT
ze%`TpD51@2`Z*oUr;IGW%89XG{t-5}Jr=|JJi`XQx>M*tOE-8e@s#o@_Vd*f3u4ok
z9g9%f((eAZ!Z^)-ml8w%q!kYxs0A0$7}{rE0Ve(R4*=2<ilQ!2h5$A5fz@O<V|6aI
z=5`OBB5Oov_zzw3HZR}GNAc=&kua9)R&iybatoOM^N{EDOb|3Y8I8>VzXZ{*4|V6D
z;;o6VJuLm`6|FMi(lz05zprC&!tam@o0FSbbraX#J=#I}kbRfa0q)w+72b^hxr<M&
zQC`9%AawVp<E?{C%g3+%y~SvFtIX{2pNKD7J-kmlf_>Ua6xS;6@&;_WQ+qyDl;VYS
z%=bv*P%|BwGym*-I|d~m-#-EH!c*CIp>qs1L4b|GZ3h-ZV8dSilSguaAAy1_2ze3U
z?>o~=34!I{h?-PlW1v*a;VW<7nR_Ji9XnD?snLgHEhw6H`ewD#=jYgqHxk64h<<5H
zw5PPG;`@-#7@wmjFRVXYLjTZCv^;RhI_o-OY(BhE&+UsixGJo?*fi7``sfP!7RXU7
z|1|FAYyG8L4$0Z{k!0oSbdI^$gF(*&x{~kF>)|5rSz+w&G79EPI!@PoFE@`)rx)ik
z#(iGHx`CH`!*}dnJBr=`D`Ug(KP=kso7s!6po<rmQxU0JNjO$Ku<+?J?sLMU7|Bug
z+>kTA&wfGk;nNC@;@xP}aJ${cFrzgwyuN50h+#}!njbj@eYD~mA1Ei#5@ylCN55ds
zdmHrrg?SeL#emc2X|Ki;sXhhQwIck^*u_7Oihu+WoKIzY^QHSKNtYpa*I2+w>OBHU
z_Z{0#5kMd&AXY{xE$crZHV3W~_D}g&PoimUHTAv|u!)cS5$Mf4la6nGLw7amdGxr@
z-j=hM$q%B=b~L*c86LlIyWfzl14#6;2JpP;E|KV+yarh^;YcDiSOKL=?ql&^06zO4
z(O@Am#N-YjLoDBq0pO~Fn18#YQUGujX3IwQuV6^$%CHu&yVOzQNa`N>Eqk~@viRgv
z*!zb=k`7{sx?|~^a@IWj<Ozr+1b|+tz}lN?Gjzk_0N`<?xA^HPWjd$=fxtNCLkOVy
zWsi|a=t{|n9|M4E1x%MFbM#UKqIZJB(D3r*f!hF3JkqNwPXJb&<t^L*_aA305!yV&
zgfF5kFWsw!ET37v4QEBd>PAeJz-$>U1Y!dqPxO1`O;Getk|e6<|2zQ1w*ZNc08oDx
zQDl&8*<*Fr78DGfj4$bcCvf}e?cYNTOqBo@8RCBzLkHl#Ko>j5Uo`RWtMMgR2~dO&
zK?HoDxCuONG!6B0Z<l}DJ&_3e8<y(3s5vHA>@EQSvk%U(JLqI2Pt*cn_?Dx&eF+0}
zfL-X)1n%_}P~TAJJF>Y(P>?JmW^r*<6*RBRwRGrlEzmPVBV_NpYjTV3Q5ZEq9|8zI
z@l}AlH4_3bA})_WeHzLdX}8uTy>OHOEsfh1lR*<Jj_`j*JgQ&anvI_X0Tn~=@ZOC{
zvx)va5f~4oW6zaS_DtntAK9F3u>QrLd}#LfiG7I<1iF9p>BoD4S#Lqe%s0kl79J4)
z)=2EpBNkT<<as1q4yjyOt8?^(qL?o*9+W}US+tZj?)m>U5gH?koA+iJh7?RNAw-c=
zMr_=`d0oLo7@gHPE?VR$FjS@!;;x{i5ago;s+;BV4gvUbi4rj|rT+he!T-L3L)PIZ
zK7cP%9+D1+VFGW!lLYW>{^PbG$My;=Bc7J5u7>b|n9AX>=&=^*;anwtCQ1;$=9~Zh
zu7VyA0(z)a<`2ngvAxs*{6`vUP5b}*jZf-Nav6sR5%&Z<DnIgCk0F%msyesDMGTfT
z(c*reae*?#5_Gb{prI)yBY(OXk&np(L_QPyQ26}Pp55cbHNN9w5Z5QQ3G}G|ByT+x
zZ#{?xm^y%mgnU#5ZimQDdjC66<IP*5r1r_x2VJX57f{&G!CH45e!g#>dEA7eq=ZYd
zM>_^dBO~C7?oJLxY!Gg;q4=mE;uAnLu+ys4jdHmW3J9pDCeLBEaTwqof0P}lh5egf
zQ>W{0#{u>jO~0OsaaUmc*r_|<I?P3YZC1)1cPqVBS9)icsj5GW@KbKL<bU&BCYO1L
z$R-#u-;p;BfJL^PTyr!;cWpuqG9&kux7O||^zyM|3QZvWv8}zM-EzwuhV-x2^WQt>
z=LKM$hFGJ24B@R35pNv-+7Ovs_8}6R5a60&viGFTVUR3@>oss%?+^Kl0uZVJ2;0H1
ztP0}QV~Yx_Q{HMCiC`!FVu2FCDXC$-M;ub0b%2Akl+pRgYPdS!v*cCv6{na;)}vs`
z^SyKGxT&YSd241rwo|xo)^Q?}hm*w<jdJ-oD{Wq^*I>QbG{UIS{-|ykhd^fMgYW#t
zo{?}en~&X5<?yI3C?ORq;m^#Xlx#ffx!s{rM>Pl}s-m=X)wGN_*cW?hjrn@rUmuRG
zmJwnm(DI90*Nwdb29(eSQy_q{xtS*2S%XaY*2P=AwF)iLv7W%)%lavCeAZ^l!;Cy+
zSyLILf<KGx;EFH+hOWy*`{u@EzE$A;@{g-tjvF8E*%80VIXfSEd)>`K5bX-r;cUr=
zS-fT%Ur|s}$E<y07aHsPYwB>;n@Gd4$c+dH;fsWT){(&OaLBGK`Y-*ZtNEB#jt@F0
zVhPP%q>IXt{7)&F(B8d7`-R<wcA+F2-|;$kT>V=b@^%%TW88Ye76^-;PB-Y0d!W8@
zkDiwsIB<Is9@_R6J_7Di^KD|;-9*?I`}@<Dbzl)n;NTF8nb=>lx1X7roo&9&SqV<!
zS-BY4qbYan47tY%tGj>py^=O4>A}hAz{UV`t&(Hh^VG@mh3>;subXb+<jZcFsTLag
zACka9*T0tfTRO*oEDab>(LwwAjSqcrA@9eU2^Tb~v7#E=Or<@&ud1W4BdYK3Q+Rx&
z?jO(mreH-3y<UyD25t~&c>+dg?0*oZ$gNkdA=r=M)BofMhl&JUx0*MB6|?`<y^ZV<
z2*qxv1WQER?S#<po8jquB2`l4sZ%)(hgu!)d6)(#DasD3;|}YONy$bVI1eEXcq=+U
z2HgeLhF80kemdX(I^yXDUIpP=GnDW>Zi&awoMA3Y8--ny%77h+CN63;&XJy3hsQVg
z7Fq5?Ht<FsB~(WOKZ_LE$RPK&Py{oUjG`wH(u>P=Tf3A<4MGB~LU2E%m~nFvW3#h(
zh#5$z5#A20gviAUF!Pjo)ksSd{Q~L8y_w5!sZbpxT6#dJA<zB;|Hg6FljYUzG-OCO
z{s^pV=p}o40+e|))S3UahRQxNX279-8jQdv=K#sZetTu)<q>}#ks{_K7eK!Ni1)u2
zVA)612yzDb2zYo8T>o$V)pTke!o47JQPdaYi1YvZhx6aj0OtxI*A-_6^}no0dLavP
zos_y(^3;358Uu7*x_fluPLy$?=nA{#hX|J}5%wB^NdU%=J?XDU(XBw4`VW&3T@rEv
zOC?eW%iw<(Qxd_y>xo8e)YGY{hDI1jmQ=we)tH5$i>>{XaO^?8#pj0|#K_aS+7WNN
zvkgxwURh&|{y)eV`8t3<OV)^+Krn)x*UA5lI%K22F*DHaS$;^}d<Rfvlwm_C7zXRw
zf7>4a8{9|HaKuYRyqb_!^#2~cui=RIh5&g$mN@(WwU|L{AD#jB6lmzC9mZ7&mli*Y
zMXFW#NBWw&i3t=m(~X_a%p5>Vum_6weg7N`hDC=hxXU1axK<x!fshwK834D5Ky}IK
z3`>8{{+cO)EoB7oQJF+MEp%m;A8r{|BEo+<u>SWYGLdB*Q{|kkp<M5zD@WNv<bA1l
zPf1CT3z$5&km~Vou*BUT4Qj`rkEU<L7WMuujj{|+mAM@NDokb^c8lr)aUXP^t|Nm1
zFN${k_p*QXfv5x6K>>`{Di1)I02~rz=rU+k`(eZ+iQz!R4W_5wo5}mD2pZez|L_R{
zvH_^+c6R;!t1b6`o-_>{#{b{i9g_|q44_TKx`wlTB(mk-t<v18z&vuolhovY$|4i~
z$NK(zdw}u--6;5hlk+tI{hdNSgGTJ5huLx&-ge+`8zQ1v6Y%&2?vN#01|(?cRkj`w
zHZy|n`oDbpie^qZkF5Pbfb@24C;Wto#FPTp`SMAB*YdW(=bv2eZ*@RbU&JREVx|7%
z+>oCrK_WMeD31}j3OYzaMy3}%MuJ#%a{jMwZRB&a30WdkBjQK?`@h$beOT1#6F`I3
zn$kud(~OeM?aWK+YJjv-DxB_Sw5}vUpILng&mq5G*2iJiGu;9}1_nX^zbg780Q`81
zG=$O;XdVYhm&wZ}zd15pGR%mGlITm?FOOz?)W3uw4Qj&Ljk$`x0llYOdeSAY`7+7L
zJ&P)&l?F~Ef|dLGqY@zqdf{ML{-?J<`0Rg+CLx0CM55~6TkQIuPyg3PTn<lb|98zB
z;D+-41D8Lb^MjuL3o-oD1;-j$U~V!0wKVqsV`)Yf-Ge>Og+PtO>*B-V5OJGHmwrih
z<g4=h%3Y>@!;+fCNyBy@?8#rTQRt`m7vIS;1Odhh$s=o6!H|sTC;h6*LOSaSV!p{t
zE#q_Wm}?O%Z_NS0tg2QNy}iQE76)B<QYH@DgC}|T`2=bHf^1-nnE;!_{+0-$lfm{H
z@WPSWwUGA#rJqa`l`s!*_Ma32%K=hkqdW2NGTZR*^56e;IfCUG-Z~u|qc=Q}bynFd
z_-n}a1b9XmYQ_Fz$QA-oVSp_O89fDTiG}~iziRPseAqrLl8{CNY<6x!Gr$zA6a9ZI
z5f|X%L=ye~*(ufk9UcM7P6~EviX!`2{xg+;vD8MQegvw_&W$Ypzo?#Y$pKi?WI;nn
zTRTuI{ZIeP6K<`U+&RS^O}~u4PiLX2+^tv_{hzhq|F}IQf`HB<)n;!fN?+P&lR!2T
z8!?C<k<2>q$g-LLOve9Ol$a=k+kX9;q;el+_SUon|6NEU)Hj3`_MhK+rLxhX>_FrL
z9Eqf|08Rc!mHd0kC2Pb}03Pyi)I^JP>tDC;KZBg3<?0aWkbu1)aLpm#`WHa_vn81v
z3xL)}->xP+4v{h(t`z@Ke#F0|&jKMLHe52{T*{-NUflm)OCKd6Y}YLYD))cfb;}66
zxGU}8Qdx->5+?9E-~K=2_a)Q7bOQRH@%#5?a=+aMlAbyPT+sm0t@fS%$I~PX4nnNg
zs+LIC*zt&jbYJRB*+XOQH%0T&n=Xh1q3J{MI4~Uz1pVS1rHnkI@5wB&=!;{GS4ZE5
zKY2AZ`&m`KIQ9?;P2!>Ihv6N9rcoQQ&$qw@7FCAr6F{b(VojVa-XCsTk4Zy3bCB_U
z&CSy2$+qwa#c(my(@J-({WWa(=*iLi%C%HyWeK;00{E;ONX&TLrW)@P@X_yJ{ECZy
zh#&-W7Me61Ym!*5y{SF^;dQp>*K-g&(|^s*i5u=|T=wgD8um`U{f<%}M#aTOQ;(L^
zX0+_Mk#9s%8l60f8TyZ7rEMI2or&Xx?_BhAQhj=8IYCL=eK?6{OY-VeaI2{T!sK}=
zsW&@>Z<0|6x4u^g=0o(^lu3VFo*(-ix@|P7%@c}TK%q8uqtB^Fzx70zM(F7@quZ=N
zTy-BdWM5O2e9--Ttdx`ll?xg+L!(0xY~PZ9G=#R#T{UjjfJV>F?sJcd^H}55X@7S5
z{OCI-y$qv83N<w5pz0^xOB8U2R}-hO4iMOiPHNZpD<E&8-1RwH?~D?I&i<)(GLr?T
z88wOcRYCqR{|R=)FVhMsv4-i%HMyX0>9Q7+O>pk$m7MrC)CrY->+iOm(6!7VN%6cJ
z_Kh+I9CiQY@>wh>upxA~x&%z}+Ne-*%?0{0)3tD$s!WTB@Ke__AR7CaA(IH;1HuOa
z(FJISDE!EUxjd?mhbFWvbIuPMlq60(ts#XomHloBlBEp;#YI+CkjEH8>lRd~+M`@#
z&!$K^>7EbC)YGIMsWL`P02Wd!e9w5dLx?`xtu^Yo3;e{yVUogR&JpfZQW6fYG7>7f
zq=5!f5DypJ?f>nRc{aoYePz&{E0ffQr<Tv)VWg?9DKIy<^tf8k3;etO7ncwxW~8#(
z$B<gIib?H9YS*>UD;7@iD+8#8fr(Gp2y}v0;BgO;sQ40z!uKdOESQvj$*O;FDAX$I
z(o0qZ<-%nr9+eVg`0G%9X$?o&<*S(azG>>rd%-QwJjfu+pzOG6*>B<(_(Z{piPa}3
zCk2MKXF--NI}(j($9K#oy?u4e8(t@`Q97k6oIL1I*+EgAco80-2M!cXG+5n6IgGWw
z+kFXEP*dP0Awk^4-UYG$(gZvQM)+dU3vwdgU`yahr!RE2FFso&wZf`GHCh9?^G2xb
zy5|f!oq!!?D@Y{z|EPM)fT-H8ZFqtb1QaPr6_iftmQ?BPmXPj-8APQ)>F!2ax<*2z
zLAtw3Vi;hEcXQp(_v8CJvG<uPk992f&0aR(_TDsgg?uhOo(pvCJm0No#!@&Cwq0s5
zg#U6vy1eTToJ3LC>K$Uecj$-di$CJD%M*TMNTx#h>=Gw{Lv|<bjH$8N=`jvhxKFYQ
zh8Oo$(3?EU%B_|3br2NMG0>7cLuB$dzSqA13tBs`-?DQ;^3AI>UOV-<hYx^%A#qhK
zV9lr|A89P)H+B@`%-OzJKK=#h`6?jG)E&XjUDTaLszNHzqUY;&pjxGF(Z=BmP4GoS
zIz5mSbLBWDPF&vpe}qiZ<Xum5d;>eM2Rhx6-AeBozqHh}G^${EwaiwybUB;se-%y7
z^o8&~v0W<K!&Trh*l+a~$T}$5OD{~C{>W6=xbC{Wy4flrHRlm|<$+ZfOvtL$Mm*A2
z+i~e<48BR9t+&v;e{6TXM^$``16a<U<`pag!-rMRc-8rZlf}{Z&-MrKCTjg+l)y8O
z_b;4_cOUf9A7Er&G$T%i)mgv(fSzZFS0YvP5eHg?2i%^4?<H68WXZrg?`t<>uFVQx
z#*;-${{i0(JvXgVhHG}S<18v6)@Cw2@Fo$H?|jpv6ftoJIE1FeboVRUl{5j3eC1y_
z?lGXd1N!;MM}g)RV;bgbJrlMEx6~s*4%kAQHh5Y7yb4K=aS8vY%;igDfdF5&ng^x_
zj{X((G}gdiPZO#8==e0t#<-B$z7v=m;Gr!Tv@*FC41nE4kO@0%P+4NrKq-fUS013g
z54$jB)$cB)X6(ds?Jhx2Rcu}I6)pB4u19=qrq^VZV%gCJolK;B-vq|bi_&96FqtW4
z6u5qZ%cC+i8e~}zJ1x5Fg+}lp6;axtRYd8RXg`MlB4IWQ&rti-+_flB5bLZ`(H_pc
zXk*3ss+`39YMG-RXxl->+$Qh^tKBo_ZQ5~<#0gLn$B)Y*3H4_Vmy@1s<8XjcS$fbD
zigj+grfY@&jr^MvPX^m+sK%$v?$Vu%C!kZyR}A=APz#~A%q`;(8r~$f(i(!IrktX$
z$MU3nDx_ndg~s8KV8wx-{b0N;cWw?O=CoF254yuhBDko)+;#y<aIWhKTa>8kBzk<)
zrW3twy2K1lAEdCa5FquM+lTN4U=X!A9L=l}jkM`)R9y~NR|a;OT4#^xiaywO)IE~O
zrbcX0m&)_7V^d`wYPkZm@k1?EUg6d77Wb3Z_20n0zsR8qSJ(JI$G8K_eS+C(`r7GN
z|FK1&x_X`Tz#XWC(<n<*8NU*rm$Cw_0SN57va3O}PDM-TiWQ$1k0IvS&)rA+^E3_3
zd)Gkk4Y0%=kuPJD5k0)5H-Bpe1C&0M(3186Q{n04uF0_{eAC+9lh+E6!#A;;PDo!H
zHu$^8>{ekYY@sOTsuw%FDy{a(9()_{X$sXII{nb}n2><(Q!`Y7ff1obh1Ot03COFF
zy+yO0Vr1KH=bdFHnEZ`)yqM!Rn@U_BqcUpD`9pEG5=&>q-sa0f>Qs1s<SUOu)Z2Ri
z#Z$6Nt{=<V{8{S{=b|oAkX%1ow#jCU2$7jQm6Z~>kI_eHt)^Ka{S`xcRSH=iZ{Q`E
z+WkE~WcQ4-mHG!hkFeo^VJ}1?N9%gG0l>%513^RCw-OK{AVK&ajzV#FoEWyW=_H4C
zaA;`|{%6_CR!A2c7|*`I*8dYTk8oV}{rm9rC`SK>Dcdb7?HKbq+#3}XRfrH5sYN6j
zBm(nq?~HdhE2OLHwPm1HX2%pr{~=Vw1IMRrQf6ld+te|Ob$ovER+T`#P&yRL`v#5-
zUEm{TdB~&qW2R~!OF~S!JhesZUZc{`GPj+>Z18!M9jYq7i2bwqm4k&G1l0(6r}0AX
zfihw-+%c3fhlp|hGA%Mk0{YC;u~vQBX)p7|C@zjJB{}Ic*U+fr=(PfH{Lj7!*2Sj+
zW3~$NJ*^Tl)Ts}?P6A`>ODe#l?id7iPdUwCfC8HCz~@o?0y;v%rYd*8*m35J!UAuB
zko*5-P7Ha41X`Le1`vkSPQI-_kq}{%HuvD}mj~c&DR~lHen!u~Ui5p#3A7F4J{?`V
zvl1VhnXz{XA!cc9k@zqG^Fh?VA5QnMc@g7PguBg$83M+;>CMU&3&1nE$#99r{YXIo
zm5nUhvK50QY1--BvHRT>7_3fzw$x_bgkFm8h{mU5N6qlgec+PW*AP!^5XjbQ!BWXK
z&QFL}1fxh^r`s%n&cbZG|2TxDM{T1b6m7I}-?A-V)vKqUS73?wED1ROmIwanY4^US
zl=Kvw9#%bRvj8{GPqpuTaIeJLsziO7g_W`Sv<`OEN|;qTW?a79O8qxH3XksS)O`%S
zbe3aXAF$4sV$rWUq4)U&mk6(Whwk1O26C6xRC>!Q*yoiPX><G>v*Se5OI}6F-Ky{p
zZS?QBRrj5wlcnxz&lz;pmv0ZA*4qqX6ks(U9#%{4Ys5{oOp1#5n?L^7)>yc7@LNLN
zH&}f$6wqUR25hql?H?ZFdx`u0y&ZbKjMR%(s}BxO58EDg$*^*jwt{9I<%;PYurBXg
ztQFVj15>O&`91C@#SU(6f5@y;{@7$vL>YTf`Tk+_6yM(9>rCZ(CRPVZ#HS*Ie{MgZ
zuTb{M)R5hG65kXV+pHYIl9+rmh*t{QD&&iH?EpeG?T6WG@hAo?(BBuP1V?00UgMbs
zE~e)m%sB%S76!;d%vq>aX2!N}5y^7<^1;a#W*3mrk)Fx8cdh_*Qk2h7M$YQVC0#`w
zgq+HVzxRabn`ca0tEJri+CGghAvx#u!SJH>X&k2m<M?d2?$kC;7c-VVJlSq8>`^xv
zts5egpCA#&AI+>~Y;Y}96GCK_w$i$n(s@wih}#~<%DHzaL!TF}W-t(9Zfg4R2#8R6
zO5jvnxDWRPAco3(8EAikC?eSp%zh84<>j1xs!g*XGC`gFie%}6$f4{Bbmk3!MdL%Q
z<m#;y23~yo5NZM%U_o1(T;KyE9Hm_$gk3-lvE0RHPq{elHTS^XETPl@@!jaX^smkJ
zL2{r;$fvB{It}-k1p^L}-F-3;$glzdF)L+NuGJyyLTC9vnjjkwmIj4=9%)_kC}Xtq
z%lF{DE4Ctj!RYCa+sdb7Uc7&5gjHJddznmGO)QfOt2b@$*GJdV!F$shS7MY*R(t&z
z4vVdK&v0fYRa1?nI;_KI1N)^vL31^7{+r5eekpYtp1#}T5pDF^^3cu%Ih_&P_XoT!
z0ag3&K|{Yt%Jn0#eD<l^Ec*07uQ?ynbt@rT-$i-O1t)-3w;0-q=@G`tN3+4z@%-Q4
z`>d?Bos<w;-)VPa71Y8-3Tu0cPkp)6oF_$36GjEGyIOFWsFTQW4oTd`924%N$&7Pq
z!~$>cBWmFL$-9JwQBC|>kvEgbQC7}!lWuEEse><4u;J<6$DXTYL-7(e&gwxm4rPfn
zKG=VxHssegfQS;TFHlbZs>}!DVe**C*T`wpkm~7g(_abgaG}9bcD_fyQQj|{{W}=^
zAg>~lGaVNkvQ8>Hnj;Uo31s4U$Ajeyi>WaU#QDcr+(`ZvqpJ7J{eju5I@IO<nhogh
z1BpUynu!PAENwlu_*%7<`jmtToTl4!hbVYrR`?v)I~JM;Z$ZyOs6SUj?{D=6F^OPF
zP!Rg6lz@Q@v`{ypqYH=qQFC}rcAyF&-<$s7`Izk4zfLqe#~g4bZsT~rct!~3J%}5r
zr^<pU-EVfObVl3~x>mVPR0JWY6)H{Aw061)H_4je3%1#u11ATaeWs_Z-(|RZGTY)|
zXXpK>fyTA&EZc7W<ChQ(9URF=5Z23|Yv;vU@IkUMHKCT}K$m2fs4wT_<5+bzM@5az
zDL?`USo_uc$O*9SiUjF7t6GJ&^6c^;G?$j`$vmkr{&xYJCHCiozSLe88{UT*71JLX
zYhDVzN_n{r`CHa;zD@?e@}7BID|{~_^ma3<`)#7(pJk7~9=AzUTc{zsvhTl0_e*G@
z+CC<Cx>B>u)lCCl+ogI|(9OOehS&&^UreM8N&gz+lB-i%l>FU0kRm^<n|uyzlMpi$
z)B4|Yn-qEXdJDi)dtQ2I=`i58A=PXEl<~iizMxxJnAM<>n2-HKa*n^YIbxE)+O0Br
z4R&cY<1V|N9QapAniXabkQ$0t+a<kT7U(!{F=eY7dlXt~W^HPi8z7;uS`S$Pau-Bj
zV4j&9juC+!HG|CCRAl#)KdZMTiSY;140{P~w>IA=%=p9p5!{^Rzfc*<8*vE=1NNRM
z^r6~YI5TzFBqs&Seaxe;j!3Pr=-d5K2%>VsP5UduCG&;HibUY^IG!W5Ch0fDxN^<#
zcda#clcKOTKdHrx8tCTm(Y9)};7G3A;5jB)xW5LsvYVTqN(?2Z)zC4oV>twyU_O;x
zhYSZ7x0DKnS^1NvslozFKv-L)zn&;bs8(}pl>ngd9a2R?S2x;VcQ<jB5?S7-GN_|o
zc!lwlp|x3t`>>-GzsJf(A!4?+wICr9b9a*MX=43JrmxrnW{PJXGO%(mP+cl9Z&8qI
z?>zDLM_16X#p*mbm$9{bmx&>!z(j3Qw7ne`qHgzsGvK;ShT{r?I&AeNsiU~K;&u6O
zjge)o8V+hrM*R7%n1e@#+2mfDt^G`TKli*<DtO)z^AckIdw=H4?}tmv;Zpme{@y7(
zeqschY#^|q!G4m>4y>p+Lsk11CZ;`6GG?_@sYWxE$;C7NkwG4mA#S{^&#{l5Us)N&
ze!>gF3x6Iz)C%e7<d^1OV7qNd(^UXU@J7k;yEvkSpPFMh&AO_+JZL9Ij_c#4r5;YP
z7Eq7qO!*`X$%5c4d|~NIOnoda($def;H{P+b_ToYx+=Fu^@nM6^^?%4a&PJfRTsBg
zVb0ATdap5&_<=JubDAvQv8`vvSIWI#`L#9rU3SM;yo9&;^9y+^VEOqaF!1fh+#<zc
zQH-Q_SLkCwX67~}wV)p`T5j%L*!9^PlZB?mFVqxZY9WoPVaI<rYljQIC}ua_k)qM-
zVb5^rT2H-~ss^q?%DPB{&VqO%M|13Mv5fo+c=VLyhALo~owlB@$Yk!8L8IKfIHHw6
zdcvduIjJY!GbEJvR$KD(Y}ouSawy_oLsWE=C}?>y(<|eL&)p3Q{Xt`V^UL5h*w9c>
zKDm@!PC%wuZSAhfg<7YrMZe|7Kg(1K{nBzR0M@+IjoLfo+KVd;wyXqDKQ%Hag+7)D
zEG;%)8>%XtZ)m*BUrhR;+hhhyIr>EdHWF)9KE8wRB?c1Y+&hOu(s#E?X!}uGdrwt-
zODy1%UR7g7QU5#tKy($CDbFnUo%p4}N|g!5+ccF2UqM6R>2GV#j@rHRtpX7JEKWw_
zvL>gS0rvgLkS}<t6;nv;#r8XqXH6iWp!wE?!yL|TI4R=oh9Tf?qY%$*7EGq<=eL@-
zZUr}BPkU?$1?~RYBNQ{W73d&B=tK~I1q;Aa&1j*0A{{oSEh8i<drZ14PjO8+;3BYF
z@1^!TZs5r(*&TU?Q#N2Wy*R>p94Mc|e(Kb($DEuaAIroZHTWR&&!^CctT+0{AB4Uo
zCCy8S;chQ9d(iE%vUXi0cZVx)!N?v)P)^NfZ@&YWgsvpBci<^09~$z+ACcADt7(z)
zUC&jTD(%+A1JreCJa#NM7tS^|M4?^ee=?V>8$51k*8|voKOUlpF(i+`1;t=$Q$a>B
z5zhd{V-a;zpp-g53eLwm5~N(l+UM9fn`WgX;bX+{{!IRh>|0A05f2DN^(+2|@9nQ3
z$_Pec><EepH}mgYeP}v5a|VV3uvVE+`=CC-&yO`ZUwo+%{kAKySBnzak_Bk@oGvk+
zrT+g0!RJMLRgX>Ba`a^oi-O-s<?fK$<obd%++{2@CX+i*j0dDaD*FHp@(QQk&OE0S
zu;<jr*-kA-ou%XNXKt*U@coyDN&egm6eS2{P3oK|{G~<AiKG2sS2t7h^UINz$K#Ui
z7!vC0mc_5k0Mb=SNww#VY|j$=6SK)c2)qKbLbX-2J8rLYgro%s+NC6!{1FvC<)32&
zeiC^^jDu8c9aFl`^t|55{<NBDgxIO}ockO`&D6RNGA&`T>mJIMyiWrXtE;b9GBLXd
z(PmaKn6X2pzS{X-e4usO8cKbc%?1DRWre5g7_s~dUv{>ON!jmau0Ju5w(ScPie*>6
zFG%inJ|NDm1_9`wx`w=PRNCA8Z(58H@hluy7|Iw!8PwV>yNQ`w@88D|K6U^F6E;Vq
zbw~yLyt-`U2(vs6h+<moK_G810^oG4<b#*#qmMZ1A2O<%8O*TMNmyH-U44EHuc|uK
zibVE3$p?n!f8o|%T`giP*7-uu6RbTYOJ+X>k^0KRQ{#LkHr(u)=_oCZg@r%My%x&1
ze0XRmFz~ptmN)XRF6KbW#86om2_W5Fev=Br+F)T(0RO%L)9xO|e5<g(OBu*QE)0RF
zB&ni=XG_(mirYRkXg)uA>m(+juiq(k^$0k^O1Yn6;X7mcM?le5o?5NbJ93~QhDQBf
zejp*Oq=FeCWN1iU^iU3by5*Uq?efh<Jk;gWub_HT*k7hvseUgL^m$-yU+VSRbEFBO
z#t&;~rx<YV*HiMa0CiQh0jR51-zhQ6^vz%GLW|wMUkT7_gLWrU=g!ZqOm40gQPf({
zAT0azOKEJct23$7kTrO2uDxb%FXC`PYE#=fU8rpyOu?6?eHTUc?_YMk$MosAb2ZOD
zq-~xQpk*AFn)=K5L0Vc;H)<7W>En>TCkn%v*gqoeFdtGiY}~}+Ax^h$ZRrf*HWOiy
ze3M|CsXE~_Pim*V$<(Xo)bLmaxr!eyjB7n}(>k81S3X%zrmx?4UMbTU7z--h2=l{(
zMlOy^+J)Mfei-`pjuz%to2;+({PT34fd9?M+ur&PwVgckG4$Y2$^N8Rw1WO|*ZNWo
zGp4EX6Cd2|dN6_VDdnF1#M`GFQ+ro;d%?Vc_>@-!&JAEHvFm4Ce}p%}#+LmgI=@zv
z6qv&nnN0iQq@-GQ0m94Yzp4}i%k;7LIm9>7RH=N1l!s&(tU6BB<8vRLadY#%awZ&U
zsx{Bsa5LHY%PzMs51E~%$oMNKzL-fHxfN!ReB=3VSR`QIm)(!&UawpTcdO$;$sn*B
z<PyXC0HnXgGJ@?W!vI9|B=+c!95|I9wP$pAiJIfkvU5w9CxO3<HNYY(E!{`tT?iXF
zUy~fk<-gZm7#M@<v^H6Fb5jStkH>B2_xXm|o-{Lo=_kPoLcG~$1b_lJyJ*L`x+`}!
zJTN}xPz9`q#T@{iy6x4S|6WT#gglNkv@-^==_eeeREU|Fa&;Z0@joJ|6)c)@&r(d?
zV55lxcq&*k_aYT`@>H&FQI{ne$(ycg+10L}b2_)n^egs)-9W#im+CJpj5oIAy3www
zeDRZdK9Eu^<b}be$g|kuvV?I+iDs(N>hDL0Idph{n~BZJZ#s+Mu*Y;1&BOu6=*)@$
zO(pO4%`Ler>JAYRX#x0GMi8j>tA5-VH^xAd4Q(7&2v8)mJuJAstxm58;PXnt?*S!1
zavhJV`g0CE%e2!Q&(RmmYeO8|8?Zc@D`>cP0jV&;jK4i6-3FRF&^Tg6M7ZUSAF=4S
zvnXE-7Q6ZKkJMO|b$v<?Oc%zUC>ePy;Cmj5+KNY1nhL)XwZ-SLHo5El>2-DbE<eWU
zGo-00WiF2r9!Xizgf0X3C9sj(jXbQZ<{m2b*Squ*7VfvYq65E~uI--@L=GYQ-lMSa
zHys*9@rtx7#+}rm_d}}Rn+F-SJ-qnGMzuX^p1!x{0|*@>8RVoyArQLNr3SCA#lGsz
z1S59`XPnSaMvB#IUtLCn_9l_v<3tImM6Z^wdPw0lr+-gTXn=&Zlq$U>U+nJJ5z4kd
zVUO&36V#uOKH+VJJKx0Xt}(bh-tqOjgiH0j3MV8jZIh!_n5IaxU#b6t$iItYs(0zJ
z5+)|ogF3WXo=5mF?-uNJm&WfScuB7d{k?h};LT`-so7x=W$NQyvR9x~KICf-6h)D7
z`?!oc5F#Zw2Hd(%FX82mFILg*TG$!lnMW%88+b{n+m~xdEJ6p)j#s1rq2;_ncsgJJ
zT;RP{7fQ~Ws)+V<X>^j^ju-kO1vVKkS}4o#22=8#&FD=^3TD*VH@`S}^MVt0+uQ6&
z2xZZ7o6{4bbvj<{>YsQI+UUEPxGVuFWX#(b9*Y5G=25n6h0wr2(~z5Jt-&xRA3%hS
zou4~o8MimZ|Cj<dd*GL7m_BmajgzZYUVuNQ^RN+{d%*K?6?Cd@*6t&I-n=%~87wB%
znF*B&c0hU0l212JP2`#hEH9g++daZnNcVYr(uco2=V@*pZ2=GNnHP2U4Q-v077V`!
z7?(BRwy;0@-e8D2$HMqEF_Dmewe#w`3BTGcjeWHAGcK;nI=>H__TtZ;@d%VN0ki_h
z3|b>VGZAL$F=650M;^vkKHQ#hy$S6Z1Q%<RWqe>*-kdc5__QoSe7NG4`Um5`enw?w
z@md^n3)AHW=Rs(A0Ol(tJMU(lbyW1-0*b_H3)hB}B``yDDp;)i!Jmzek1Hfu1+PB7
zn!y$Ezsi<bcSa0z2(Vf{UEVi%6XPhdys|RIw)%?GdStRd*#Iu;`!%k-K@{2bN7Cf#
ztkcj)5afSlH@~8a>ve7yfb?msM6A%Ry`$aWzRxMB2b|rerm;G*8>lPw@;fb)b~4B!
zK0jc)WiGjBvzdynpDT$s5BJ-E%Y-XM`p@A5#%rp>ECjpzfvYD9CDTcdI6r{4$D_0Y
zl<Y>$-sSpY2bLR_qBtIb?Uuxx94{B)nZ{0P3S?QDr53dd$`Ifhr`izVx$UUkG?BoC
zJqvs%^zez<gs$dZ!VrUHJ-ys|@L2Vy9IwZgV6@kof*Us}nY25~vl>5tN3`VMSKGy1
zwrqY5ray!b{Mu4*Qv|Hta@Hh^_-bNdfe*zsR-&!q{Lqe0bAnek_xFokt?qj@QJd~-
zZ0&HqKCNBbNdvvZ+%khZL?9Z5If;3)K05i`9lSZXr&28)Q;l58dV^0hz2EO;8uUr}
z#SEJ>IEw1&XqDO<#PE@=nu2zgO7@B<$4_;wYULC+#O8+5^5)=_z9dik($LOWhC?P{
zVH%@?hq{&}%Xy7V_=y!;8#q^vzf^slw9<00+d}MP8%WG=+FwOQS3*i^ljRr-@IaSU
zs~cTzxXe>9Nqh0mcGR~@k<jIXIc2R;^*iC7!p^?F(|g@n;__BEDckAtB%H-q9`g8c
zRT<G7*ug<GF<}&N*>)$wb(7q%NZEG%CfbCYR=d^=Gugv$=A`2qiPKH<)ZPhnz|Fc(
z*hYM>PLagg2x5+miinKJ6TIjp>Z4ox?Gaf~`yjQ7k^Kj8Z2FbCzeuyx3rp5cX~ANC
zIE#-@@u-P!?U&k`Eufwt@6%n_Xc1%}d2F%p1OJ9s*7hH@dWT+}vA*^@zp+Bvos%Z2
zXWs$(!|RJ^$Kgzv-fI6;gyWrOPrc`n*g}X8208gQm8Lj|$HBm(+FShpb6@-7MJeKF
ziVQMCwv`_cMvKK2efKfTDLv5|b(R}lVPI!pu{dG9xA}rk%llilw9`0eS{jW#gSRA-
zxiOVDow0VunMQ?<82;1J2l9|qe&hZ<?RVa0&vUu=j+QgMPu4rzLKfk%W1sRpe;2yt
zyq(48vC(L1nK_`XKs6t+Aa~<u?Su$JLPL$?_6ZxB+c~JTR4-5ebE2;xkreSvjvkbp
zfM;Bok(KsB`B<>Xd5v3r;0i1gmNfO3Ez`%MLb&q7J2HE;_<VUf5VPq0fimun^9%cQ
zo=LJPD6IWW=ZC@pju%s{L_qS%Rv0SLWdrwsr>OW^q@-cl^7cB4CO@Un&ryq8_cB1W
zJ)qd9z=$b5;2~`RG3ReS#k=D_yGPM3vuIv%aR4!<>d~#fTp}x48x#a!8Fg0%Q<c|p
z`ydv5!~zy0L?eII#OZ4<Zk^*<$dWDMXmx&W|D4e8CQG;hb5tO_Roy{yJsp}4pMXQ9
zxs6v(fL4Pnv*kQLv1!E4Xh?6Vo)%n4TwNTevAa`1hchna+up%#r&=<ww&V|pN2!wd
zkEAo}A4o(}baPPBf`&3_#Y<)(%Y&)W`8hFQfS8sAD_cB6y}@OpqbA}6TB?=Kv7BC=
zNo!gtGP=8MJ=bOJVzVN1f!cGN9<fT2GTD_hU%tIT;oxc1;U3PoE<A{)fHyU{eb<xN
z#XjDWm?)7k^?TEpK2;$u7I}gt=8v2C7>3KqPdk2S(199GjH4H4Cj=7_#hhVulc<nL
z<Pi}wn9&pUI)vuX_5UzlT0DyKyt8yPHc`pQ1;LR3Hyh`OU`fW`#(XiM>s#l4C%7r7
zGQQ<)YvI4v5YRHELL1DWJFKqs;X&ZmF!WLKudTQ8T)e@nc<r>kiNlrklZMZLW-@fo
zZ&L3Lj>}YYxi<z6K>(R*raJ`)6Zavnh$BWrgT{R75forY$!AIklsMho5Yr<@->fN1
zpV2uukWpSegv`&gcQ6dz*x1BaPN(RBOu+jyYkE1W9$7kE;k7=>>iVy(I!-B{?$8(U
zV*+Lx;r5-JRY(f&flq1|)Y&=Ic%udmI1L_MyI>(93iCXz9ax6(jj%v2vAT%e!Ys`A
zau;!fJ}UeSG$Uv(FGgCw0E~mQPwvcq;uF7*+A0{u$nNi7n7264mZ1lnX$jFRAx^fB
zh<oztO&h`(COAj-TE(H_4HO++&<)R#VH4XM#K0w`a`5?u?c`is$#0BvKRet6{J_n@
zeqJ70JkWIHo$G3FNXXwU?Ijr93$t(5g?@grg#^`=oJj?|G(~FpA;HHo%V!^lH8ZV1
z9v%tqXJ9Jf^U5(f+br{*lGIbwTf-f!tlV5KEgMX?ZIum^fXMNqiWG1(ExIkDAt$YA
z_56U}Uy=cWPdVGk3hkjQZ5Icq_NK0{-vV%`8IpU%tB2DcwNKC7epSVBFt0#BBVDaW
zw1t57WS+sIfB7;M2MGp^!d(uVGgS@V;DekLU~RxE*7Z<fh=}+#%gke>rL*i0Z9(Fg
z)E{}L1#(;9mTZAJ?UK};=Qx;L$z^G<nYGfYuV!sbwubaaZ@s|)ncRxNv+r+zs-YZ-
zNpH24Y73@u>0kER_5qHm=%{gHrdqKcc4*EQKdh@B;PYUdsX#XUt0P8j46n04R;FI&
zCLNz|b~%*6?Cc~x8>yJqABz*?lvIr#Xyr)XhWhZr3zfHkrU;kAio&^uyX^qBocZ_S
zqK!$0xrACwOUyr9p!JeDl93j%xLBf>aaUs`Az|%g_xfJps-fZ$<%U5wEJgWIp1<0~
z7H?7$5`5m(G8N<99QV+_dbLEV_Iu_#;C8KzkJArU;)5y)dSEw~5s~io#f1YOS+<q#
zdV|W~m6h8hPiJnAq8xw!ZqnzSgc8yYiK%1Xd+BJube#Pq7|J^f3^3|ly@{rVzmOTQ
z-NVN&H_ogs{<;~BHy08TFtOgtj@7LNs<Es!G+ga#5Ab>ja$<AeNqmJ99<7{4ukFU(
zhlo$Z{djx3hy|jc;HC{VQ`(u`SsFUJrA{-dv8pfCdqFtT>N~iGX#=vK(`vKPrDoLk
zSY0cHa5~H{GI3mi0k1?NnP<;pa%m7)%JWS$2%u(lIi&Q@vYpzc#r+Hg=v&Xsz7`Dh
zIymzqf2GE2e{E_WmOij5c5TrIq0bkPIDQyshppKqazrNP=31IoxK3-o<9vAkUbg}z
z=IyU)7Gd}gf0BIJar_n-m0PB#X_rw!1(=~dC4d<kaI^bchY(V3<X=o;K%&#$rd(Y8
zQLGZ6rLw;d(Y}u_7UQRZ095WIqbV3}hX#Xv@2Pc~>rlw*D#UnkaD>q%7-abzc6Isz
ziINjMxHo%%nj^+$AWcvrn*hK9o#kP1IUCJp<wD(5&37Jmx9H;Rz@_>S4lULtNGk&(
zS5EBr<1esl5#Y9D;L)ZZ``z9?SE>q?=!tSTr8R;|O6IV?OuD-`4x4Pj#3eT#(Za?6
z8#+B?)EY1gT#OwTgeb<bLE4vwJ=HrP@zL6hdgC3&js-5|3$!06?NnEM3j^)v9ExC!
zB`wCsf$zCUeot2ol9B8{fpfG#DhuvU%oIKs8%(o*`Cdn9yqy5(N~3Z*S2s@ZsJR^`
z)_vO0<Uot$IV6KU2&rarbq(TA=?+Zc4M*`sVQ&tLbD<7aGArsGmlmo6=hXE+$SG>p
z-Ci#oE3tNm>9UUarf?5^CA&OcqY*zBB|FAjv(rK^93TAWq-bd0wiva>q$+NK_oh&d
zN0nG!H$GLGK}?9w;6<s<43@30FJJVPxA})JB%RUbyWPhu!tIc2$c_#(9-?8!rK8&e
zK(1s;qL`H#fewXDwifF#BO2{!PbZ(5*%X<bay53Aa<7F(SCz682Dtkkd;9T1sUNM%
zpC9e1seJAYw(OWjt+>_EdRVLmUVW$bcv<gatLrQa)uVEK$TrqE41F?=_9#vM=gKh_
zVyP+wA~y$PZ1HLGNo|(i`qSQtXC?xBZDl>tSLNO2!jw)XIS2JcEgF(f3)SWteatd>
z6H6m>5Em`(dD#1dgEH{*=XFUJ{pBlUZ>o(oC<vRM-1G_d^qf9^pDS@lq#|RY0oR&$
z^%Xid?L1&`I2sU+afVd@gtjuM)A0ept!0AK5xNoQ&YzMpb@`jYb0ieOv_Y0xUOp!)
z8maD~q~iBTr*ip2Z+$Pk)V4Fc?xW4Ju*Z)RdKlqye<C2mU#c+=wQA+nEiQoU7X1dt
zD~N!LQrhs%wOCu$QSt6pqg2c7XBB};{`<$mxz8nnuw3isGYEk`dJVk{{ucf7>V+bb
z;_lF^vzdm@PMVOYD8lz1>O<eBTf7D7!qbb{PG}&VUk@72?9!{@tMiS8HDZn!q#R=D
zcZQWNO1@tRs7t1|_}?xl3vUEqVSdq!LPPdv-F<^#w9BjATe<D57$sV4SBwX7Pwomz
zOFuHXVr~w6Jkrk*=5$<quvEVg$YK0~_V*l<{!6VAjf>V%sVx2aT7H^(1^X&vECJWw
zHM?8%CId;Ll$p_(@8c@dvS2spE!CgrcV|p~ve%Lu27}Uqy#<OlLy4*Qfc`4F*I%w%
z6UwybZ(Aid+fF|Jy1r!CY7>Mgq&3`a$TM+zIs^;8B!mKrpn-lL)gxT>-~DIS6(rk>
zcq&I<QNYqOgHKsbjC6l5`n{H6?SH3RQFWWoZQG-!P^s9pF+qhUnoYml_+KhsQE7ik
zF`MSlV`X4h*9S}QWNJ!I`Ve36l)c;R%c+(;_8WHgVR#L`DEluXvf@h_t4GEh6<OX(
zyLm0NpZCGCQS;v0GxKq%*QvF|FtVl(B94}K)M=`K{;zsX1BswrT9r{{0*GX<2x!6s
zM@F`d9zeN|jx6cu7BG+n0F}6h-YZ4;!JH$_KU(NdM`H`4+tMX*v3rwf<sr}s%;VH5
zG9F#wB|h7PlqGB@>uZ+^Bj&2e?}@SnAZHn?r!t{Lmkhgx*sqkuoO)P@w#SQi1xo3b
z#Eq1d_fqy_PS8!kg#KT@ievwu8^@xRW{bMz05;bO*j$aa_M24cPohp>G5@fn$Mq7I
zH%gYRgtz7USO34WUQ`p*c|`u&a=3uZ93c6VJ!_dh?5PiX;=Q~3*TzOZFr19Rs6-0_
zbejH1oQf02^xE{_ggN5d^En!^1#E@nRhOoQifYXCPyfsAA(CIOS!&IE<4#-#+DEqD
zTu5q1+?&J%*!m!;V7}dtlo&}#+x!}LX}343evf@uIxxa*D%4qOEf7CH1`oHKK&hw;
zKO4db|1VT3p`l^0kcWksD2>(Eq%BILQw7|?(oKAWCY~x!WGFm(c<RY$BFGp0U=nzd
zX=j~rKpjDnSnHsJaP;_-Fc%8~fB&)oZo}oi_;<l2`gw=iVnBmRE^wkHq{fOC5B8c0
z2znrOyK#U|{VdMx0@`2;%~K*;S+cv>MTC7fY68w?Zf`fr;R*$HdTPS8`73lld`0nB
z24Nh72{sVssUCqTY|hu(BEedzfq~HamQxYJAI3266h}*iD}}f(#MBQ(M7Q`Vd=0!U
z<m(-59mQ-OjF$;-Z66>J*;1(cwBuYIzP0Xc!buqU7r@8t%DI4S4J13iE_F~~`_~7J
zV;8+WpD;qC3p*x${tdd1!Ph!N6co-VY(AKzk@QzYIZ_L2dB?O1b6TqeVe_Hk<%Uzl
zUi2WD@TgfYCeU>KkwY@#05O_N7t4aLDEPfdRc62SWuNYS&}Ndf62%9Ql`thTxiaEX
z^4V>_9(ay3U9+WR0_Q;<_31KU`WYXA??<S5`%0y)Me#}J%O%G`GnrJ)ujdjQeP67e
zZedgKrrcdBab+1c$M4aIs2Z6Hnaj=<y!-(ZJ<7ZSOzi?i+sM_ic<Kx+g8A#icPWx#
zOE=BB*%tjLhHSgw+1cF;AT3YI)|Xy;aelKlTUVyhSq<Q6lVY3fUuMZgyI)010oIbN
zjIj&U<DjYbc^0A5`k#=fcwA=JExxd0slvD)`FdnP5ka1iUVS;asUThL^1+W2|CJ?T
zvc<D~U6$fyeMIla+rPqVK!}`SzU}Ype3Rz^;7Vt6@mQCrz9V~LhHH{0kFwErge79a
zeeO@8Gh%mwtj#M^{Z^!A5gVrM;d>vO1<C~a%IPJUtAbQE$wh5PLf<fe-l_`;uwL5Q
zkJYwwZrN#-Vl*#Y+JfrSUeT0415s>Q*pDj!aFngf3qR4vuDag&I#cBnXtL?+n>8QQ
z;<x={0?ya{>Z+$CoUj17=$OH7CFSHn-$AmYZ34tE+d#4tG<c1WwXM<q6M!A6@e?Jx
z==K!iH21BLL^^;Re0}X$W4G%0<;9P0ZxX?ym~rac*UcdLY+sZ+l-3@MOUkoTK1P}(
z+H6=$<mZ2z^oy>3R(uCCps<+j!AAb4`ET`4<bV0Ra_%qZG<X*v5#+(TnWoA<&(hqC
zck*4Fx<ql}sJEjJbVJlWirnb(=0NR`4@j?f1L^gnB^b>kLy&-*bwfb@M*yDAmHqRd
z0XadEG~o|dc5)nKluMW+3OzSyClt8nfEEIAU1Do-tTTB~yy#O1KpA`ba^p{rx~m08
z4F@tg>dO!-lM0g*Hvs}_!RDsg1%-mjVT-U{s;ckv#OY2N`>5XOyPKGFmX@_0V%Xr<
zGZtFlq$Q1xEY3^Z1N)MPZI!&<uCizC=EPckvSB{5`sK4}h7C{_Y|m#60hza$#a4cL
z?-upC_u4<Rg#Bm74#rHEmw%x#p@}T|WltWfUg3Ni!R!I-UFL$@2YBI=Z$)y`s<-}p
z$MzOef(p5p2#MW&UxFFE=xhDIqR?dHw-S;uF3E36fL<2$Tugd1+<tqLd!k}3ARlB&
zYim~P^p1-dQ1@sXzy4gj;~1c648UKi01Vc*6aW5K^u`Aiy?uK!J)KlHUQD>ZBz_jR
z=3??Yg0A045&M<GG}+Bx{K_gW+u}7$z(e0^>txGPNd6S)oz|_SC>`fY%w%RHUoTSW
zxHR&Hgc_dwI(pyxfFOdpxo1O03Nbm!`rZnw@}v6FDZwj=Vl^%P)3Zmyyg*E32ndGG
z0m0Da{g$)qR!0foOdjCbVWsf8a@JbYc?baq9dZ$%7)N3z&ye_p9YPq<rWDHYAngQ|
z`BWcQU<I8m5kc^;_gR7e-v!!=iYnPA=@TsLi8-IZL)I+&K*=bfM7WLTz>!TE)J@T1
zkiN5PQ6AvD2>M^jA_zdFbQ4JJ0L?|ZH!u6ZfQumAwg!SjRj@&B-S|~wKsl42{j5NF
z?HR`GPv?kAg+_U<AxQ2$k^soFPLx;_TKpx)!JAv2XSJ{i9yYVOuit^KqIp#}@yaPs
zii@~9$4D8sE+Z4ofBmZ8yFnLp6z@RrQ7_1|^f4#;he|YT#L#oX^IM|YC)0#SW2&@Z
zV$9`-4}}eF0^d9}apOSqc^`tX9C^Zuc0&D$LqfVb0qTobDPe(at%<`z=ZD{#`!gR<
zf<Y)JV<7db%c3fN8OljBl2UqO<ePpELV7o0;W*(5;woLGi=hUCupe;%MQ_es(ys=T
z&$07zCya~uAs`VF;U}sNx!!8FSqWU<M(DV;9B@I~K`j5FicU@?pW0!ZeYI^L`33@|
zjr^BmPW_`)dNid2>6(-mNo;|DDybL%Xc>K!HQFnEeW4hywOdIFps^F-Lr_lptSRml
zeMc}>psl2|3U2?sHaRRaf60Q^uwHwU<4V3g)i(Z9q!o^9r6_KLaqEYU_JtW{s9;a~
z@3~JEB_fKi+Z=PnL5?DwnG69CEk0k<r_Mw=p=6$Pl5l@Mckz@15CvLiVw{HceDwK?
zJ|7!1>@0-@DLkq$FFnV4Awp^Y5Lj%B#y#8#hv34J7)JRA_Cq44Hu8RXc7Be=Ze8Me
zHD8Qv6#+%&&xxi|M>CD&+_BxL+(hvyLesx8dUA(X{!p)k{$p~y*u1E{|B>AFj5OIL
zN!Eqh-W$^Bdsf57?~B+_$~7W{@9A)OZa;v&dTUVOC!P?lcZr^R-ls5n6Jv=p2HvtI
z)At`DjIc>mn>Mj5UeKg?U}vOp*HVme@nLK(f0^GTJs|zoo018SQmj3)?AtY_j`zjK
z+&={pclO%#7=+;2DPhljdHk%g7QEla1mHQpmJ~l0yy+&2hTcgCwh<2j?-IUr3l-;h
z!8xi?=&K>}=I=wD-77z-5161&({f=UjJ6wD>dSHL05OV-Mxc~MCNoLN5XN-^_K}k#
zXg$5cSc6XM{wVd=#2cgk>`Iiazp|pLRXg$n*f9E7_3+#?cjch<SS`gQvp`xi=?xje
zmsJJ|TosG&G33E42*Zl{H>L&f%_r$wP0ApUMOTz;+}yNZT{ue(l@83aMp5U{@~1G*
z6GK46s!m?<yvk8C5YO`1+7*g#gXj#3eFB*E&dMSe*X;?@s=T?8t^nngLDlQW7Pafe
zC#4-^&z!?rlBJD-?PPk9{v;h!KI{6cITXqO`qjNQ^b!Wy<*S^{_s4B;8SUm>;sjk-
zEv1i6ILZVA&C0a={jcUcmiJ<&je2F&VB1)rkavdf8(YJYi~Gq`X%M{YiiYQ4kd7JG
z?ybPqfFaGSsT@47S5k3>nR6)TOfl&0)a%6yO@OEd2;*9LI2E;3{fgg=gyWHAh~BCh
z-k-4P%l(AVb~csiziocq0OB!QVTx9YlWLpf@2XpEA)>J7ae;FN0AlUa%fyrA2}M6V
z^IzdEvh)R6sC>=G&$IcTEyVaF4%KRDxZ&avdlykA^FXlj*ZJ;;_V3Fi;&ChstSBMQ
zJo=I44`Y;NK#kp|FJO7R)&k11lKk&8MD8}P$1!$vvMl{(P%?F($C~Dg^rVmeTWqK2
zUPc32S;HY7%9LAAgz+~#9uThYsep^-HWad>MFW>toqzQXNz_n(`RP6YXCX5@%qQgo
zfd~|Qr`UW%OhjzVe;5mz>`)Jvt<(or$eXoa8%}@2+?@43C#=U*TEF9D{Vlbh`xYQg
zzIR^NN0^wyl7+^LJ@7ABcHo6m^b!{@em)`qh+-IRKVx_AE5$*4I`PlR4=~*#&Xgzs
z_C)~TX|#9cOCX4q=Cl0$x)H!phEz`$f1=qCSH|?wLn+g68v)A<OUPsYk%dIhU8;ZZ
zA4h-u3Dp}a*RRdNex&nkoU^X<9{xH>6}$G>u?<9!YIA6F{brx%t_PsaLhFgYP<t1Y
zNti&uj%RRty*fD62VCerJ?zefRLlb`p_Uz8^GCy4-~Rk2b>*P7!D%_7)#Y*qncPiC
zOVK?Qm?-n6#S`6F`)c17`0brUaQ>E!9}UK5pkGRwpU(c71ZsOP$~ZDGtCj1p7ogR=
z=a2rUj0H$+JgPjXh0KRx_!p_3sJ#vB25leMYXzzMn`S<ICQJx5gYT%mRvvHwK-X7e
zC0_+E>u+$+Y#Vmsx7;O+l#G-r0cM!d%=mqF!YA|+OOdHxz1Xoz&TOp5gx&xTfyr_$
z7~)^kLXD<6bBH`3-2jGQ|A@t-gqHI1gkvjN6F$Mfad5^(B#f^*>1B9pe&>iCXxYEl
zUff7HVv{!}$3aPYK^zOzTixNj-Dar(*=9|DGJJC5e-AZ>N#1bTZ=TPB9#&6Z9lWCk
ziB=Ls1LFS7syp~)WV|nA?1aiAKoqZ1T-Czq#_l3Op|P`8k5;_<0HaR7-T%fO@7Y3m
zodoyO2G7EUf@|UUXiAOi*{bC|L`j?S!iy_Vh~$g)JF8CjZ-jahgiATyNMGpduZi`q
zg|H+1jV#+uNwTh|TjY7HtZr`~KJ}FoUoV=Liw7_W0NYy0_czqLA01qiZUfeahbSMo
zHC4`Tk7`I<F!GR{{|Dj^(RpH?phJ>$x-H%7i3g{6HFzzQ0SKR)kJU1}w!B)9=F}go
z0<A<&jI*N5jQ6q+Hu)wJoem|0`eK#ua+^PWCi*Nj%Lu57kcR!9OL9t-mU{N<#f<bH
zycX)G4&NE?4hC<z@@=)=mC)kPH*LLsZTjdR6O-A;d2RrocJo}a?*pq8mObS$4=H)O
zyV7c3fLZWWRekS@Jy9g+xsDEf3+AE{&T!_Roev=zF?F?v^f$Q(jppyJSDDZuY%%+@
zmq!1MX>wvp_(~KU<z=7#^Do9XYx(_`fRQfKsAz_H={^oN$S`WUXiPY{J$DRu8>7bD
zu8V7ww}kW?iEu?-JpAE%D)Q{)PT{4-h=ODL0BwV2dE-|L>}P(~^)Zv)aFVZ@%ukK6
zz78{PBw2wtdrS72f}#=e?-WJY_#k4!!uuS{gb{xB#v{+3w9&RvAdgM=eGoPB)>WTt
z%xEoM<P7xupIO34KENkv-$s(8Yp3=v=`VtBDK-Db8}eCWJj7YpJyR2N=%I+}MF=&B
zwoBe?<3ssq)yX$_FE#ww2)nS&`=Q?sxge{UDlp&Vz0<UitP4CuR~dHa;%6|m7Jj+-
z<vo+=cDtQ;RmIVYp#+M-R#~JCY(np`0u(faa8FfzC+znh$4p7$tJqQ_sZ6r7*Zx@#
zd=nCPg{?5q{Fb1hfdlPz$M(qdv8(W?&i!lpE8hRBPFh9OH8kHyl|U8w+-7*aLID@2
zUZ`o{$ouToM)il-^`boPN-M40MoW^w<wWPTb#}xBSAE6j+e|#J=4hs-H|>z+(e8Zp
zTVME%W-h@l3N#-4@+T~#v*^ojrdkRF&#6l-J~mV?h$4<t9EC=srXqvinWo{Ug=jpw
zNAd%8+)+S@`nHc{!|X%0<@H8w?N|!X;majs+}JQcTDscp!8*5s9;nQ=`h@=W4XnN?
zar9V?V{MF@<*EI!!?-+~vZw6O1x9)dm-#h|eltn>sd9TyiQCR_tNs_~k}gYY{>OX%
zn?PFtD!kb6ps07;r`Yh3F!kdbvecTFjv7T6ZsH5|i&>+H)sjN8wl(7Sc`uCE2xDNW
zI0F@a<z6N@oNA7TVeX0d;^0gaiI;L&dj+M5Jk)BaqjgHI8kqFQ{x+}KX1q+y8`mjA
z8!Dd2L&Dg+$FZ_&z3i2N$5sxNU~rQmtQu1-R|oez!g-kHC(M}l<;0=6PS$(Emnm`Y
zp$Io?5$`uIr2zShXaYJ5qo-t3BiIR)n%<Tz556hIy8TL8iq_U<FqSC;BPNw<%Tvm4
zkq7ga=iajOZp&ju)4jc{CJZk~I)IZ%H#kF0bvsEsI0~6=-Y__5K9tDZ(?=Q+KxxvE
z-@lMu+zdVmHO*XEkOSw!<!oO}C2L^Hb`PG;e2dgyRhz7&(YrREDMb7xNzF@b1}UM*
zBAO^cU7E`KDf2qOsy=;!7Wl>5C@}K#vg4yC8alTzhq80T(^;yt-B^ABI4$p^%hiM1
zGaf&bZlvgYZv>j$Z~xiL5DlEffXGDOk)MvdfEcP-TvEbfZ&>8>VZ|J$C`$jf`2^UI
z(dZfKl9577ag)CzPdBy(!LyEr78fQo-x{8ISI_I-zx~u+!)`54PNFt^jA6+Db6&uy
zY9sj&e%SzV#5?`W656F4@?MDubgBMJ>FpR(_KuUSJhi9E!MCkQx}ZQZeyQk};}^#s
z9%ny9m(EDC_%K$Sdau*UeDpX*k};?ED4*I=-60RsY}Q}`b+fd>Y0}cV06k5Kte}j{
zdxl^tr7>e+36#(>&FOrHFD7U0Zt}a#!9Y>`!+ioAkQ3R_BW92HId=(O;@;6Mgq#)=
z*`Y>?aI)c;KC-`9TKLoY2dj@k8>%!wCCa-QnF&=ThPht&mx_f~4itpM%)F9Et3ZFB
zqp8JFTfoUWySvo5StV`-G5)ieF2tLIf8o_ynr(Vq#9cUg#itF_=}EVnT_y6qBzOy#
zets8ag9)D6J~&jygF1slQL#Wdf7JG!@WHa`-WY4vUMfBf2S0T2xQ+Kl7~(A%(VlG4
zk@g#yUj7@&W*`3^Xy@RoXoGD`0R^A~N-bDo`LHsu$`yFY*<Gv9(+^knd?uCEOJBxF
z0$a0#=ctY#ahIjDKfflA_+)N-Qq8ZAiOim$(Wy(UAIi-iC`3E8laQXQA<NKv@i7}<
z-1ITw7wFh8(0Ef^MU&Nn>MsvrYe&=FotbSo(HB92p&`}e_o6^SMo8c~{68%~huB%I
zZ#D9OzId;nRu+I&<m1>h9Qhj|pNkM%QVIhKhlN+Fm!H`|9L9ZX8N39)S(zGlj?u#P
zgoUVS*6;_IE6ewu%YjmzL1{r50SITE)@NJq5H(U9ZUBt(CUIZs%pQxiQvB)pB-zC#
zvA)nw$}|&GeYhP_Gp92>C+alxo#T5bl;G&W$ppwK<DcI021G;0$jbPX5Gd^=>IrO$
zEE`aUe6d__%wMFLrkxcS^2?kq4p{gXRfG2<9pBA^7U_J;DbXxZp;^cbu_E;)y{5wY
zQ@cU>srddyzK$qCZlOokC(fn^%}R*=S(_U9uMk4M)+UN)m?vkv<&G)Pr9=WA8-tN+
z;%EK^b(-8yrtiv}KV9A~EwMk|5UK6ZOV|^lXy9D-`PYh*<z6+xn}H2x;mF`eo<nkS
z*Mef^yMT&tLu(DU_Rnt+>uT8AKCM^<tb)zV>jaOgPhH0lHWIxzQNw#YkAz>U;*M$S
zdFS7aKF%&jskUa#AQBh2PGj$eG4nQ3H_~$i+4fFI{cT5dZZ<0_?sg3K57((KP@KSp
zy{B6)vJUKA5|bZ)If=-!Q2$I~i8$8MW)Km=vU}%st63^!qHVvQ(q92zfGx1^w^Lq>
zyl5~QAbysu5|f(dO7iz8Mv4F&QcUKU;fCWi!S)9|_snD_sAgj^7-ECpG?U4Rnc<-!
zyz`F+N0ab|W&g>@zc;=;0eAp0f?(uF>)T;I^}ui}!gWVcc#6EQQHIB(qI6E<HB-^7
z!eO78wKfD2RdIzGjUj0yL;a4ENSL=cZ2i~C+9&ZxLUhb9NvY-Ex!RI{WU^4>_*gW7
z5`)~XJz^Ia;{o&PVr)+vOfItq^eGW`nG>#aNV7r)BJE}t83VUqs4O-w{zM7rATlgs
z^ad#XY_HH;_>DcQ4?W(j63ul4(*`F^7F*!GU2EbOsCtl8kCeVh4M3bC!E|)C;885+
zvRJ+A+fyR2#3zftE|<QDJNvh-(_SWbRlXI_cJKy)!mQ^3X{EsCP!GMk$r_qYv)m2)
zcezeOfV{oLLCVj39_;!y2hX;*@(ZT$S)(**&8$|V@2X8t0INvatgk(%(&(N2azJIG
ztqGNi-eS|i_E!n-;NoTnN)VL8k<0sps=@y-((#Ydvmg3rZ5RQxZ<6VE3|+8Ss2;U!
z&24>tf{54R!1X%-xy{x#&2_Fyg#TtiW@v)bI3Bv{ZG)*=JT~&IV2GmF<iHIbfGXl9
z)<b{B@?E#F@zQ?Dq)M^e<i-T2%HC&RU6dbyc1UN=fDA7H==&m@z|Qt0lIrRjXKYfr
zBg98gjc_-H><*Mr-=Nf|gs;+cw5l1q97Kj*XmDP_^x9oZzrG}WWR+T!?kBT<7B@!D
zJB9q)@KD34vRQALdfBb~_HZ^sB3CuYGkS@DzHH{a$>_DjtZ~7sQo=0p_t|aJ#qTsV
zY{xIG(K(1U*`twLoPS&+6@9662>1RmZ$bl%IuT(m)K3N{`J1Y>ehc_;h_dkuM^J~E
zH60#H-#cC%ZT`p!Pb{0m;-vP^RMwMuy4jm_a6x5HdXH_;daRx}n-&&mgoL_FNj|QX
zwQNi9*(&kBe5d{R53fyj2!=NvPr+3esAb6k0?vh_v5UM~%|f9O?6o@fB7!p?A<I84
zH}I(j?7{M3EcUli;&Z+j0{nOXifqjTu?aYY(MYV04C$%&%V{fdZ&EZr7}@9ts#$*V
zNuGr6PL(+<Ph(m8{qkOXM7^vvF(bxi3~hRhrS<z22%c<aHKZVK>vJA1@PPh^7|VpC
z(yeBzEo2o@Bu0>{VJh-GXK4guaD=J|FYyn}VBnOa;RsX$QSPbA;Q^W=NGoX(2kFH6
zHFV72Bg)8VmW;$P#1t-@wo@?>sv;8bY2i15k&)q-!9eJ0wk}FpJ{~h=;Ul|kBZ<x^
z3Nd*u2ddH66177DA_z$5HU>(+eF^lHpvwJ!WL*VVR9&|oT3Wh85Gj!m=@gW1q#Nn(
zE|HR!?gnWPq*G#OkZzFfh9QT0K)>()_rLo*&&;DUoH=`~wb$Bf?Y-ZZ0_`UyC`#fZ
zHc>_Hd~)s^382UZRP)JST+5uLY#|Z4upSu9BM^F6?3Gs5K1{cYL?3~lpiu8eh#x#&
zG9v=PYkqF$oEeW$JYNTy6eAu+;8zS*A5q`97p|q4cYKO5&@5d6#LG0H(%<;&)o6Y=
zuZd?<NP-h~g+2}Ynfhe5&Xiv2xphxbu>2fims8bicLaC8Z)J57b-y|YBThKOwIy_~
zc3ie0tvx!jUMMNO_goA^(ZH>yt6*53953DePPu%N(62khj0Aguuy-SmBVP1XnMMMY
zMbOfF`X}7ChN_*RWCveAeYlRmS<t#=|BQ+n<Au)0W@f9F>MJb_I_LW7_1odm*7Oaw
zL8Ii~LM?b#Dry3tqTynJ@(VP*qp^0mAOetNIP;s9v!Sp}WG#w1fy`@2x#4nP8#;6%
zt~{qpCA9R4oL(0!?CpOWs19dj5m)-bI%it!9O5>Jj43gXpsek9A}ueoes@cnP;cM<
z23jv|t}kM}{g++@P|QQ)?!U6%>`z++omnnaIf1K$EYGKRD&3TPrZHI9fp&)IIJa9f
zb@RlN>-2Y+uGO+gI;Pw04lI%`xo15sjM|Z1J9xd^&-?0nokR-&F2T-NSL?65I)oi1
z0Itu6KIA48CKQ`Um)AgJhxg>Yaz25nxCeY+qk->-H>wl!w&+`qRbzt(PTo*YlZMo7
zdjpb@M#V$Pv|(7gyj4jsQ3139T`$)-*Z2%$WV?7w74mx7rT;MAM!StUQkQ(`y3H>E
zN#{To6i=#d-#Li0HPN8D3&k*?c-MFE2Wv}V8h|PW4DH|6_g?3vYvr;!XXftDGSoR|
zB!h&`S0RI_)kRZ9I*pUQ1qB70a}D&g%l@daHao3_6l%mrlgE=+itvOruG1^5FMOMF
zn{u__2vdA4q53qwnx{5{t!0WalXuBd#0l&NXmIKKZZ+V>Ye=mP*%A+8oZ_Oh=Cqam
zA%oCYCE&tXZusS7*h=g>C10M!%yW0?mY(kJ-dBY=;-v=B-{*z18(YcmB7(DGn$>W$
z#NewxUh8h0^_BZ3w>9;)Z}YU~sOC}&jnLk?XD0e8wtV&5`y66)fT4kV$)SZ`0jNUF
zkOA{4^#2Q{NJo<Vl=YdxM}5jlZG%Qp{<hwZ-W+uwz5YC=gbPyG2V%LNjTOi)kr;5b
z!Wdtq&A32KGX3R{GRn|FYr^E;U>qa|>EFmG?KSsvOEV|yuzSFkq}JPSTzm8t3Vbbo
zt|~DJ%OPqLtaEn(-i;*aMy38jk4l|fYE?5?&s)K2YB(~4<LgAU%NFp;r#0O!$}Xyx
zQBQV)`vbuhBPta<W4mP3u~Y8ZLuEq&mqYxKYUGcVKD@3dNr%`v3=Y1TGG;u?VD;)g
zb9?6dToIc-y1>Vyg8);PuN$7_3)>eqZ@4Bq&(+H!yr)jDcC=#GA(2b09^k#f19~Oh
zo{w!K=pvkF<<X<hRz8qq%H;{fHB=*hX?k_Slc6dJ<LgW+|E%n-R!EhvrdVx+lpv#A
z=Y3BRwD_9&s>n0lyW!5UkyGy8JMKWMp=#f1{o1D?$M3liHl>83^N74_&Be?tEq{y8
z?E{6HjV8#Yabe%tLh(gYgi??knMJNAS+l$Ax$7^O;2FXy*6zLGea>~u{{(1D#;34?
zUl8zZCmeid9w-!w#ewNG_kb>KpN*fzfxXb;+o{I(UJ=)nb*NjUw)7#t2R7prux1qF
zFfyWvL!=;58*qwFg$*C6GcV-#vvMsa*Xv%d4MmYC#rD^**08>lg>#<UuSuBCINpy-
zRkDu&$m3~yX}3eI`a&RbU7+S}_we&i-YwAP2FT7LIp%noQe(ubaa(h+M|5M3-|T|9
zOED+%x7%+gIp(N-5S~M)MGm+Z87ZFDTHbmptLoteTgD4^{R}&s6T`(|x`Y7Ow=h>e
zsU}VP?sISUch&anEBl>;lu$&zkPTm+#sgw>m?`a>I@UgR=@N_wIbLs{ja^Y)C}iz@
zd03~y-H}J4^v6}K?0Cc;Uw=jWG8z3%D~fWH>$2&x-STIXDyt20AdF<EZhcm$dbXho
zQlFXN_tF5-;<Jyvd4xFxmZeg`mB)7enTBn19?{kz>)t*dy9uq=#Pz6Zt+x|H;;k=d
z0!CTH@BNuNoREOE1czc3r#CGKXNjh@DssTSWT;_BSd0LyTUn9tR|MYUS4)kaHkxz^
zQe`jeN4=SS{Rp2FynJ%R{4myAtP#%47mA&Hkn|LKvZLadVUijLwBt8K?-zGGiVy2x
zfe?6xSTX5ddX6HfciVGJT|fw%+|Qn17HHxH9dK4S&EBa0(6^qA`9+|DH@SgD-0hw>
z)CK?El}t5G%czy0jl<HvYT84%9sxiy1a^=<VwYm;lC1^(#natf4pOUBdJva_v(b0?
z;%G<e3bpcv(B5a1Bbf=+%T$?Qsm34fE<Q~<qi^d)6Jw#9SK3$<R05yp=n}%m!^Xpw
zLR{u?(~#olHSLG@=_z@cc{6G%gtNv5WjPzCV9tuSRmU(ve_dvi`FYVqzw^raz4p?9
zXXEK0O5%jK$_@Q>TbzsPqPAAit=m*Ha6F~t_|AQ1-zj(g0fP4*&m>A6U03hs0S98p
zc|xfk{r%-5CN6*<lb!l}&=uAa^xU@baltk?xTJiOs8k1zP%+yvgHOh<GJjnQodbq2
zrE>o{(vyfpq&BSf#M?~=+G-ioluV>HvI7uhBW)vXDBK9e-Tjh#DPv99^heU8-)BK%
z-amYxd_jT~P)}oeJ?-uW>8yT1Z>=nVTXRMSeq5)hSy}4x%9%+;t)#*e<mqs`aY-!n
zP3N1A__3hRJX_K6dH0kB6MU{ko<-h$<^8eO%1!4cjKKNz`0gr_khie6a9P&vmFRs4
zbPU^%`1;M6#l4tC<Y#B(ee5$(Nv9+zY9VeR4xqDZ%(IZ13RLpTq!(6#WxT&V2A7dH
zx_b-gP5de{^aIW%f9SJ*fJ*$!eDxP%kxs04Ots_fK4a99q|H}LRQc-&iIVrE@~u%5
zEc-S>_vd-tTNE&$I;t&526Ky-qMa}(>RUR^O+o!Thfw2Od+tgFgB;PcjPgyK9h~b$
z<Rkh6rFmX5CH3dHGIYdCux)UBJp;F+3Bbi3@U)jEM(TwH0Qv_74nGUbpA_G$W)!O`
zmgkZqs0~%8Cfy6j*Q>1?OlZJ*g+iDFzQN0XXf5&%zkh8KvSB<p2v}_zb{e*mPrB4G
z&ou#r8TyPYfC0H3xX`-<l4G@xfd%;g@9WQK3*{6onChPpE>7}g8zU2PThzqxz!?+s
zSWWzdDV}TK{8-@o69bWAA`&i7F8Q-rC+Gu%2H#{ViW>98;R^@p1vSZnvKnzP-T@IF
z8~wr8CP8`k5uHe1y=Cd8K!O2Hxao{H;9hZq=d9i-FXW(6x9!e?y2BlF9XB#};{ngt
z?|MG~@yr6|MY*(&*^4_*-ukY731-?WZrFH3Ch*3+pi*q+GvaLXoz}=)pPTpQ@6Cap
zGKst#JLM6WJGG2-IUf&TFIT<oxr{yz^u1C!Ep1RRpy2PLf6(WDA-8V1Y!ww#D5rp8
zb**{SPEnTE)aA?gu}yVy<Z;rz3e6n2p}*0{6L1BA+RhK-)<M3p-Piswj))+&Y~Z+X
zg|wG)Vaasl2U)pIu?tYQ#$pX-5_~6t_$2;EP%3D?w_(++cEQ@C_YTC6g{=XX4zx%_
z(6^9e^@LB}sv-L{iaKH-)8q}O=Y4Pa5X$}~l>3ACsSub*Xt5sm3N~N0Z2V^rtS!G%
z_nToD0P9Zc44RAb6E_o@W@sb0h<KoT$<Aqw18O4x0f%68Uh%_#Ov9Vh6N)!FlW}&X
z;c_9sW!DB~peTkngW(LbCe%(t9^cU@wpeHd&Y8E$IjcIW;umPeCwxtioCGanxKvgd
z1t$AjV3hG9$dlx9h%><)F>mXh_#@hy^rSuGq=lVOQPtFTh@YmHm?#V(^JP;v*Z2SY
ze`zu9RZ*!^v>RlFY{i!%CM{s5UK=@{N&_5X-A-!uE!_!zLh1RtwO5NU2N`$OJl4GO
zry)i}`x?F(PLUA^Ms0SD#v1sVRRS3^`c)kp<U%RgR$rVg3!8jWp<H*ryZpX6C~RiG
z9Bbuo7h-w({kOVoj4EI;x^xL%Kx-y}dN#}V%lAL!rBoJF7R;@i_Bb}YGG0$Ha-%R^
zAMMN2)?B|cEbZ1nXG9h~j9jF!iiYkZyM5-H0cJsa;jL^88;3s;|AEB*2PHPbXmHa!
znei{?wfHzq2TcHX`h&YS!tYh<#g}l?dsU>vd4VYVnWNDJ3asgD6L|7iXEqTnk3yxl
zhjT#ZITrCZ(g+wOKD;dE*z#FX>Q3R*ZLe#GQc#s)tz*r!8FfMOBdUVsC6psmdy;!o
zk}K;OnpW07x}cAyj34Q%%CB?oIs;?cP`q8na|(i>9N-;9+#O$k0lTPA8EL1a_uV)>
zMsip}VxYN&*80RzeDGGb!txateT%^-=^A^aM^~|A+&Wk$wIm2FUDX6nmHJ}H@$lJ^
z#~#DNR1Pq*l(#8Tw4G&dzpJ8c3q@eY=i5bO*POGoTHtOIIStx?h(TSw%CmGtbRA(E
zUhOqhSh=j<0h1TvT?Cjw1aws5>)_^uKOQFfAIR%p6MlHr0JEKFkq{T{B{HkQBe`PV
z)p&97hxk;`1#&nzDFC(<VGi8Dz09^8ey7vvMFLkc?#{!W&40wloon&aSqQAkAyY~-
z(mCv2CQDUOB*Nqn6YqQe@=jdcZ#+(rq4spD$-`a0+jr{c$Q3ds3>QpY%=t|W#C!23
zf7tgmzRAn78qjQ4b*Pygv1`$(GPsIp<Vm<Zj&F2jbmgz7ZJC+E!Xgxud_XI)?X$Yn
z2Z8NK#kUiqAT$*YlSArA3G{Mxp<NAOPDyVQ{AA^L__uX1r$d{kVf2KieJj$#{aOX?
z&dmm-gs$ISza_@>bh}yK-;D8HlyA;*--V%m16(GQ(&R5N8L1Y%Z^N>w!9?KK5vrOn
z`{8pWwOp94?(Xga&alLpFh$hoPNY!(sbfmtv}t5I-P*J&mmz^VG!_gt3^q5K3mrx0
zIJiLTzNbWgQ;kllKLH(6#q)st@DZr_TPry7nkz8!5BZCCT!WT|vi(!8smeTwmI<NV
zcQvdtl@<CfU{0g#16ZeSGP2W3COuon4v{63w$Zfoe(Ew9jB7VuGYt44PDk>LL)@qP
z0xY^&ylo*^gDOdapc0d9m#-ggy&J`JU2VeY(Fa;@df547_nMU%ZVQhJvT6N177m;|
zW--)`tlDdVRFwf-Oj<4=$L-V}^qOMmasu(I)Qbe^Nl@P;gJ$vkd%cf`(aqpp#;Nj}
zhS{Cus?J45np$t`JB~$IsQd9$==O2n&!8iqv1n4(E87=-lxgeg>dLdyT(-Ymzibpy
zBsXzT-#gn@Jrn+g)D;N}Nj>Biw16AnOth&u<CniOUoW1(_q^xnD_v8uCt3!Yyf;5f
z!>_IPI6r{Ae&w9@+UFrk`~&d(H)#d6?O-@bZhS!6soSWX=<8NeaGX)yE7bXriTXwO
zP(GQWGmDBGx|#(Ut!nnSSqu<6gyG3(SiZ^QrcA|sk9ya+*nendIXPW|g^VUn9<_&}
zC$taqLmLcx6mTd=?uuxVnb?pu)oMMKb+dL5bE7QTEYs&Y<S_(E&8UHS8eyAj=(Wwi
z&2L7^g0ad%)K*8bYAs!MSB``SSAjlPA?G&rM$5m^AZs|XwtOoyYKY4x^-pP|t<4B7
z0UeIzDIBXMdy5a5&2Rjd_dk5RM(@}~K>!!c`G0ZWfHH@^-GYBOe@UYP_M5wTyfx*|
z^qQ`}9Jcb!MYbQ?d!Va0D}D^408!KbLy*2!T7>`HDs_ueeZqUXa;meuej;D|Sq2op
zN(uY0WD<Mzz<={!vW+`)w{soq>=)9$%PA1Rfd6thi}$-6qp1XICu2nGVOygQz|N^0
zp6vklm%H?@Qu==7t2$GVT#(W=8JoPhZv{10HYQ)sfu^!yy$r!HiJv{5AV}5`*^H{e
z?|qv(YMQ~QR5H=E32kCJDSBN|)Lw)bO6m>0G@(upKVpZQL|5a~yON-^)}3$R(q8UN
z!ZE?{>Tj4g;Ad8F?gW<hasc4?zwu37`l*(-m6cy#-e9AJlfqwqsVL>>f%w?9$68pf
zxxg%#@C7r%q_Vd&?a7N}t>0%M!-JrH8BJ|LcEslz))viPzC;HHllnYD^5Txlqgt7c
zs5nUIWO^$(Uo67RVI^vV)++fCnn*`y#>|;)8TzL9H=3tC3V8O?_R{)Zfv(T@r(Cu)
zDfMN3Cc82&m)&dMr-*%j6{I#S6-)LovHOR9bfuWO7ZW&PR$fe*y);HR`IpyV9rSyD
zm3qy^Zw$LNnH9vx<F%i_Lh^)=?3})k^l1yNcLN`a_(_5fmOE%iHLruF7SusQY%$&d
zTCfbA+uer4aFE_LRe?`tub3QfK_`r#aJ_+i=*I{7COlCVILwuWTnEI#VAQn&^H1r$
zoFj)uFP9r@CIr55*Kc;^e3{&$4#CF0-!n6JOUr7n2M|1ouh`x1$z8ue<?nR3m;I-Z
zm@`U!&*^p*YB+ss0<F+_rw}j#C{UIh@ai}Z7n?NsV~58Y#CNI4$b8N3iq4Cj-n#iz
zzpH+ytfY6|Kf#<J3JaZtPI|-Yxs9A;PO#~<{e}q&ngA`Pxx4Jh;4K^9r`(k{!L5{c
z>V_;~dXgPGb($#Y6`aa$%J}<PgB!^X8xgqx>i8)`FTZ|GW*h!miYS>lnK*v9BD`-Z
znJSEJ>!tm37v!LZY(_0#I1kLdg$XiSidBJ)A%NIb>N_gfkE6^=i<cRxNV<frvfEj2
zH?CB5@(z3&k1dI8Bncv);4c!KM?NE3GP%`rS@&k(kyD;3E7LB(%&d|zNs;Ak>zL|*
z=xessX4!N=fDP!)H6EcV%H-vahe!`J4*x;4NqTlM_~a!lp9jJ1vu9YgY7K{$nK?jl
zf{xZ+eu?u<1q&q~f$@`aP*DAiEP~1dfd<g-!hXZZ!2Ku^O1SGv-}!)m->6Js?nyii
zSu~57v0T<#kKe)X_mjeUMGS0DHR-QavtY%YZk&@am?Tn@FHbJDL(Lr9%BFA>QA8!#
z^S<@ePJ1<ZS%f~Y0I9H?X03!kH$Q=qBJZ&gJf$xapPHh+RIm8hK8x9w+PZQ3qXgmT
z<7A9_<hWmCil8-yJ8WkVI0#%1OMs|N=vc%yQeo5)KZpohx>(~r*G`>x^xNBQIc=AB
zYKp)QL5zS@+YLQ&jjPwr*-%d|grBD76(V*sPBTscor7zDdw{?_yrboGr9K3w&2!<Z
zff3#JXzOUJqOlFN7qwTZ{O}Y~G*!IVhT&^wHa5DE5F3C#JS-@959Fs6kd8$c6WFT$
z;a9EC;S=kvHfp-^d^sVD^B#FQFWYQuZENe4#MSjGGWS2#6u$@IILl4*JG`oxv#DK*
zR}>l@$W4;S^SNyz!Xv;Uz}iGfZS{g)6uJo+E_JssNy5G=)>8RFk$!wfi4FJX0P3Ie
z!C=gmUd$ybXvlyQ#K%n%<_aRDab~0HGfRJtkkX|KZ~Nr%DLNlFZrCLp2#U>1^q{_w
z?Jev>BGz}l`ZPA<Pjpb=wSspN&j7s9?F1L$MFeAaA)C@g4Sz(KNNNhP20>6$v8$?^
z>XRoHc#{m{FY_p$2`fZJJ(-rY%6n%5XT%U+sCJNJ?=dWsk>ZYqXx>tMRklbjR75=y
zJp&6cUmYXrNrcicP3pjY^f&T1`a-|72={LOOC6rglf>!d>11a`>+&e|XRqfJ3K6i#
zKr*Ipi`$1GyGCOPG8rFWvfahbp%+AIGkQk;@4lRu_{o>bmo6{(4r64H9b&++@*BE$
zlY-1A%04uDBMa@&ImKEdN$Y)T0^u{OH+>wW5!!j_6rT)R_gN}2!>wE-x`Il-O9k#i
zcfXYfSEl)t=ScBd@p@1E8j{o3$$(?=alia279d~JzvY?Rg?LsF$QL9bDy;lBbijh1
z5U?N)!$?rS3~Zh@W3$%32iH=Q`u=#Gt{cJ*>j@T3ey#%ox!x_tcO5sJ?DjFI<jU4p
zV4Cjzn$GE>&oq`EOmv^~g$yoodQ{!toS*e=$Bl8`L!oQGdpp*D_^PRwyxiD;2;Qrl
zX!iCn__j;?Ck4JQbkTuFyCJ#Y)bNe{=_h+>rGW@s)<WU0-ZYFm!KD5Ub7qbclvDd!
z@w^@7=>akXo<Og0!+8+>ho4%lT5V$BJ*|tK|H}I*AAZ%f`JVddQ<#CDB|fCXC+_R_
zyROELg29~+B;VnChp<QwXl{>GDu26-9eEp=86IO$a9KGQL4gUjfbHmBdV)!W6suJY
z7SN-l)U507EP!M2UL}i+qV_E}%2ik~t{j63l*j2XW|YH`=5t9GM!}CCm#og%qGy@`
zS3U93-O5du2Qp<U-Vn;1cT4kE6Up?-R;0Q}CkhV}cuI;_6tBwBMN1;pC<Mq84FtM8
z2M8&>Wp0yQiwEW~>qF*6$@8^pT)w+7G(N2}@fn833rn`Yvm~IbG&h*|EY{ZKa5^Mo
zhon>L`QxOkA$C6R5C#ICr*Hsno%rO%2@7S@2iIbj*Lo*gy*Xk_*Q&Ik_pUlK$}`I6
z1ww75zM9@(#mG68b!e*wF!4J*-(D&YJ3xvibPaEPD0}?hc}U;-S}lThDr{~P2<LSR
zbRyZWYo!Q|d_y;-Qx4Wqw(q3)4cv1@G=HY2t)h$abg-VMQiSy7aG&eC7G%iLJc-G3
z(r@vfG?49Q@WDOVA=T#UMZdIXa902R;;9{*cLd*ybBQJpUuW5Po}U3lm0)3mtWz3~
zmoMIeilgQ-j5HCy(b?9j5cJ!v0>W26;tX@oB171{$R&!_9IBD;X8rkA_rn)O_}?@#
zRV>=%c4*IM(86rETh>S79^Foek?&9dFTsI2{s>7P=T0jR{>NAy?q>UId|!9{^Pj|3
zzA}C(u&Q8?7vy4rca1r7XrHH+L`Qm|JVj{bN2f&y7X6KOBd0t^y`}xtbE9WJgSaU+
zF2_OLWaKWcTPNf57Jk-njp%!;Pqs*Zac399^vLze_1&+!H7*@`w=Stu+6XOzs$AMW
zZz2EcNcFo-zIuad3OAHBl(k<5YUp=L*gZ!wzzR*gukxw!u!7*1CPD!(=>K<V(vSg@
zoZpoldazb;d6A4@f&a+pNaq0@llx_pO`$j6RTpYUp!cvY*}aGj#IHgCp%0)^xw*MP
zcsRnvu{uXRah9_bW5}7@T&o7dHC3&iU-fn`_BqERuS)D#Y3o@ww05VhEl^d{YXNzj
z*jhoh|0x%1PF8ch@Z|c)Y|&=k3j}sC@nZ4O<ID90e$Mxv@HK)*eFPtHg5MiZU-4B&
ztYkRI7qrAAam#OgS!7jr0w78Y5zD!MKMQH}Eee%QM=mOC%E(w{BY5Pnp=bEZ6h+s+
z?>S#lkVL?;y5jGtuhCY`0#14VtWa<bNu8?CH*J{sg2MyhY|G26cj{N$MK^k?j7csu
z>XAA{p`q*i3&S%x#1*Qi(dl4_hS8YLFxnOZ$yPHWsPjuRrcclPbmMLtT?9wO>Qbms
z7)bb2<3rP=KcedTqEu~a=TcDj=YO!VSLz{{_N33@VXe5Iv<?f-rKKf#8AA^29WzqY
zt+qj;qAh`Od2mraN%WQN)ye^nB~Q=S=->05?HMpDt!K5r3!tGxCDXbJ<MVQ`qbU^p
z(F(~@`~37P^kKL&h406c&fNZb8$n(gE>ZUUPQ=0G#~61qD6{8X77A8$C0!jHY#U=a
z{#j2%PQpYM7knEGAc#-(8X^-G5Np~YzDO6~95nO?e&8X@0oXM!AMUh4L>l||PT@a@
z8fcGCNo_4E!0Pu|BQHA0Gd9g$KHh0IY&Pc1P4<a~bu~v>Acs2Sl3&hZ``h1Ttd~;A
z7+B%-?ZU6Q{+4t9zKO$U!v_U-Z!Dl;*d!GFC(kPI03o2*<)^>YkZ3tf5s@Ar>ED+S
zp@)wWO>E^q`TyTLiV{lN2AfL1=2Wu?L3#Lov`uN}*UzkEqe9~`(Nk(&LD)&yi#0Ak
z9F?g~s2M7GvWi7CSkTx9IM;l!xp5Y&A`SoRvBTrPJw8}vtkn;OsgPA9qV9Uf5J%#g
zv_d|rvYbbS{Hp1Tv*<oXNLea9U?Hj@E9GM^`)^539>#wgLBn{|Q@moL>$E!06ReOY
zXnEqFu}J_yJ%_FHHaEUW*VJ3c*oA7n0gwI)4(^GRd=T9aW824PxSDj<b+c_Rpe97a
zc`@IFjO6WAJxBY+O;>bHDoH@_76XxkJ%4HwIOG+4d&!5d&FHnmHoxm$zN_saB}Pp}
zCCI=J8)<6!35Vn#rS8wSg@dG!{sgR(yFLy}@%r%n-?iQ}WLh~IJj7U7R|;l`LBa2(
z{_u}^dQ91YmqvyEmAa_qgTO7TMIX(!hqD0wUtLAtr(%;*5nC`RJl_6fP+RGL)z#x8
z^UyP=BQy++>__gpwYmC;6l~JJHX|wu)qJ?~z-unL_D9OrH4=JzCU2L<06q2^vzV7e
zxFvYQ!vZn?bbfDi#*wvd=k)L2!vhv_oM>!4f{ph_<VwMpe?<ONGWv<fKV7Ce@sj@}
zB5EjU`Og=Z2FjQ)cdnE{{`x;Zr*P`)rT}MyBa<QTL|bCFPdiMcg)~>KywV>9&@{|7
z&NV)be%-wb@Iau|8Ts@>jg_RtXsDJxd9PCZQnUDDxzRQUJO`JWfWjXeGQCE%+v&l4
zr6cYMMKIU~L?2iK+x>n~F#Id%<_hc3g*W3&v=sTy>-(E9=W)OeJeS!0frrFNozDCt
z-e{Z6<bOrAwo7_-t}eFpIzHm<8aVS|MDh9i|25kym9o|Re|2(2TyFv<#^bKa%Xxam
zy2S~_3O{fB-yvRV`e)E!MIU}m(d-Be!O`SFi5@<Jsb&uluQLVgpgVS2FNcQVQOGSx
z7Ij#9+m!!mjEdvIW&ESg6h>mg`yUH-EW~rw67gs#3E@7YP?yt|;GP6FFK;gPYBS>r
z(G1$Zj_cvE!5a(Mc*%dX-KmIzg~|J%CakygB5(JY$bb`!53L6x{9ri$jEIeke9z0`
zVapy5<Ez^svgPp|6J)Qsw=I4B<$QZK+gqY*VzH2|lX^@aqzpqCA0i5o7Pfw7fjyJ|
z80M|Vk)|a}gUkO4_j%@9d5`P%-!CH}H+$>}6f4IZ8Hk|V8pklI6GQIQn`4U%=XPM1
z>C;G;>!t-MlkMrhGI;s!^&j_3@~_crfzf^bwKjk!uads~SvD&Tmzvo>wy{BcAo*u}
zKUl|=&EprC6!dfc(e+01-`+lcUjF#`;IdxnKc9EGqI1H&B>NLM01=6I=06xg>hh8E
zi$A0BYM4fY*r+6&c0gLoQ?z6%iif2^GdG!KRj+cRl3bmK2kQ!JP+GxL`K4TN(@;a*
zGqwRPl@g;8aD0U1pRRR&e{i|e@c(+_Xqy*CkZ+t;VIynKvvUe;B2DQLVx=h}V@=ys
z?|T18etb=1HbsHW&q{F@E%3t#yBJRj-PJ?H_|uFYdQv(1*C{T|PS9J=-5s`tVGw9G
zr^902AN3J)AsCZ3a$TQ$N{P`@31$;ny{d8LC%TP6Y9QHd5A!DwYf1l4O+Hx0U?V)z
zKhZCIUUQS1n-b&JW?<-SSh79tTe-nisqg*ztl5opYaM=c`B7^K?`r`@^p*=hhcN4-
z)>~d`!LcxwKUR4Xqx9e${uT5AvGxCsVj#8zKl(5;GZdOXfz6Y5%2xG1ecWT<ivu+6
z{{yhv$D1yRHhqccwYu)O%nc~&Ohs_wEoj(0gYDjDjOEzi`qRzhLX;1o+$84G5_XG)
z>|wl$bj<<)zRg2hGchsT2CeBDKR5%TKi;w>soElkxsnXsEF^+yBv4u;O$Nz9<58(U
z>c7&bpMp$9^67`*UXq3X5j-%4{@Ur7;ve_;cN79|SiXSMPIi$}{{K;z>x|?+xLf0I
zM}Ff)QBqdwI&)pk^+sz#KXnvhZZ7?LsuO3&c=NqJFDE9L!RNTKxrsCI)e^^zaHM!^
z`?lppV~K|*k7UR<`{Cg?dGd}uXJYy95iEq75{}FAWj_Lg(%TXS{g(Dp+pkfiOg#<a
zFJ&cn&b5Z7`bxLQ{^BX08Z>jzUwXNDdTvW;V)WOSo~a6#?@Ojruq&96KI|>%xn*&S
z3=SURwOqUNO_h}Tp|NtW`H)gtE&Hbt)p<1jRoY+gDX{x#A%NXO=PmThl~nA-r%Gn<
zUAzl5uBHZ`^FYT_BkkDfXcV=F2PUS~Q_PJddqRce<vaP*beodqXG6sWAEU8QxUM<c
z4zL%H)?BCR9lNP#?eTYSPA0On9+y`r9PfR&@XbshPQ3b#qgfbmyY0zYjR2Y>N@+?w
zY3w)(3YqvSF*SGWHSeTX5d2f8kEsMTc<nFh&#_b3;>kY;dxnExeIOaA2P93yx)w;a
z{b?rxV{k9P8tj&5M2W6WngN=TStnW95i{?Ff<zW9-E}{w;)K30tRt^$_e$4r$9>SK
z|6>@otoX+SDSj)o=Uh~sM->~C&C~F-`>$fEzNv##NO<o>)XQ5p8ntYNASK2~b#f>r
zN|mZ2GIJl765WFrxJkib4(!c|U!3M&G@z@^n~%bGdP$bo12K{-{DFz@7*IsAGiB~h
z#52$M`lT5n;f8vacQ!@^i&f4#-UXayk3Sj6tqyno5?da<=ZTOKxtcpW)k&OA3@-N1
z!;4+Yj!<|mIJ_Q7QW8Sv=7X5CU%%7GLT?s5^i&RzqZ?la*wYrpmc-$zr0Q0<P0G{7
zX1z^nSa`{g3+R*rm^e@o{~h(%`7N3^0#=G33>tyz%9D4&?yq;|#aq>R7_hKV6Nk`H
zguz^C2F8|1#}3`aXCBzDiMRTFFLv9n1JB=R(zy4^?VJ<Uo-*%e&HPAalDrZ+k-CuL
zM{G|^%DHE-gU=rL!E9rQmmQs!mxGTLD(S}<5fw#9vhUZTOf93m#ZtM)+)L25ETN<X
z35SW{2h&o-;pHEy@#tGn+wKtkusj3DV+gG5vR+^2sQSQN*>+*{m;}pwWLe|fZ=LIY
z!G=~8>t%Pww{dZYn%=O=fpklZn8q3pd(u*BVs6p{u@<ap$N2Ilq;|rZ4_AhevsIf>
zt@T_->`>X(v8!sT1%{&9heS-rpf!}5O_bg;WuO9!$7Lw-c~K5`gkV+rm;K43=8KK}
zIj%+KTK^V{s*A8m@O(?gaG{8`(%bP+w6$lGb6z5rdu>shR&Iv`>Jeg$`qqM;^YtwU
z1Z@Qpdbm00geQo#{WzpP=`MF&FWA;nHZ{h|sBuZKAr%X_(*isCm>Jc!&(Ev0TjU1M
z(dw6eM4o$l+?aB}p%G<@_@6PSZl<hW7Oy4+9pL%R=U*c#3EDs$e7MREd_HR6Ifd2V
zji8x;8!)}gn+sdq1SfCqoEBnwIn1pbZjg6h&AO@iyM(r}bvFx@L9Q!r^aSyvpUw3U
z&QNm(t$3~GRnA#%yZDQDK1?Ux|8-RQ8XVT@jr=KkYW=^X%?see;v>XGJHMAuXbRR6
zBRL&Rm8MhC^9|m{&WSyHWhYSxk95^LU+?_mvi>aUxztWtlIQYt08Ckcl5m8FgbOVf
zu@-%KUJh<FMTi5thuGXTORiX&|8`$nWj5!6Zu2L)#+*0@H&_>Ytx~5lxaSOM_7Z`=
z;v+a#lE)86og;rz;Ci|K7)G=yXj(wC@0UG;VAw34Evp_H+OoD6>)w5VU5*e0O&xib
zuV5`Be$-gTo|?p{yRNy^593US3DukbiW)F)2rKnAfDqKyQhR!ftBq6ce|I=SG{mx?
zWj0WHO1*#tTl)zWKah2~*@n}rSF##{M7DYB1o;lq3W~gVy>(~p9<%O$p=mr{zV7uT
z0^;U9TD#_fbZ|_ntEYa1{|Z)`i=u17x%6sQpl)x1IujG^(1)W`vn8^#8QNi`6ErQg
zPb?gSxNYZMK0Bgr;!-CAGHzxhh6oFK2+TX*Q{yNs@!n3|y?$kV?swD92v@eOaFiwH
zDXPl$#<TS<ei5_J<IvyBhFldQ0oua=Hhd|MQHHS;=~xdF!UXrUia$hgAQc8upU1HD
ztQo~~eS;s*GK^zVrH}~-Vm%P*(}RI>1Jcj5!|B&c5>Hc?^|mubTcU5KY;4U?o=e2J
zo8*Tc>1|!k<lzW4IsUTRAAN|2A>#H2k{le@RCTQeo^y%`&xDhdrC#UzA<<jM*OB6_
zXiHtUj{9ivNG82LnI#?m-A1poj9UKv8XujFpZ)Oq>cWFcFnz}XM<?TC*vb+)=!Cy(
z>g;e>CBx=^IYhP9S5V)0zu1Wn=hN|X<|DXFEHS~Q#gEtD8Rv8bVPuc^>h1`V@J}VP
zr%2jde_oR6x{gj2Nb8Yi())Lec|(rGY8DyWPQUx4WC||##G5R(2)8MIi8?&pr+9Z#
zM(+Cb1yghNz7z8DWg|RF;{Dad3!FXXJdgcb;hX6EwU{HqrP~!<@&rFao4F;(ktFe@
z#Zh}{hE3~fg4k*klE@ip^g_w3$i!;M6i?XQ$;~q=W0m_R)T=Tejjm9*2AH@0&JDm<
zlV<|g`53urQTo#P?zXji(^+{dB28t06u)aeNU>){HBw-)g=D^xysB{Ry|^H2&WC)B
zWsi=6;#xK|rZT&N*zmLlq17vTUheZxTdGv(m3@TJivWu*BI^X?<c~6VU1oS|R-`xf
zYootyGV}shc~UAz9BqoaWFeVJCPh}VaxI>u_r*yKqPVJ;OHt!a+0SoJE(S9ST1fKv
zs>M?`WMa*q&drszo_8J9GP^&s#=hwuv6o6lR)Bu`IccXcM}z5eQwO(qsG;h+WS%!j
zWW;;R@zQFB?gqH8RnwSG*b0o*Xn_}T7o>l#HZA@DbCZ4KLb)M&DCrqgH$tjZETGkk
zHKh(`|6b9+zo%6qvW=S9;gf&dsOq0t81O1^Fs!)${!K7)ag2-Yz#DjM{7{7ffuM(a
zK!!xNZz3~k{?AcKD|=%b1h}#v%o9iOXie;K>%b{=SUU%cX%@ScavL98jd$gBp}uD9
zx5*cS1^J64d35X<$;ouTEk>jC@1a~!vl}w>J}7Yk;|S%v46%Jz(-;?v5l6ws$TSo1
zc63p(bJK{iYmv~jt3m$l4k28{OIRE0>g7Y4&+h+kZA3ir0JD|#PEnC7enY<9Yc<QY
z@~q3itDRZ#oha0bX3Ch4z=Ms{w8dsI{o4`CRcWEByXHf*j6RHch^xge$QU-Y|4tE4
zhTxZ4<1c!UawaF`l7DCA<zQj4l4w^7&!XM?OB{&UpIKUNn*t(gk$cGC|CR<GtV^8k
z{amJl@Ts2ZVbYu`^XITG>~5EuhguAkagrGAiLEuNzm9Z&B^3gp4=X-PckRO`R7(U8
z-H}GdQ2Co$KIouxt@q@{yB1%Vy7f~fb`6Y(dWV~c!$azAV4P@L!Fm>W?R2s)DG!q#
z;T5%3^H8S&a;p})hm2$LZ%yE#N6+~8+#7$zO+?Y!pBVqjQ3FaI(G}~*;=d`H@%bDZ
zy&&c=kEN3nF9jeK_$T#!c!IZX{A118nkcp*+w8QX$`9Yd=172%jik0h8Ww`QDG$_q
zsGme1hLZb<v8((?`R7DQ!$9r(+I#jMqqx_beL5Q_w0v$W%@idiXn|&9ZK%x5_aX5S
zDu4i!;4EL4!9a6)fI3@Pa1X8MPejHx3PI0@e*s>wt9ultr*#0x_QMa#{tVwF#<H>t
zgf`wDaDf>~u=HBbWa&e(?{E8@VEi8%5w#WLc0V)w&|?utJG?XTbdbS(e8w&7bCzhx
z`Q2{}mjl-bl!YO{j+*1r76z7pQjF`$_I3vHiTe6r<1C)6{mI(tW>h<a*LB{4euMt?
znG{(YiOr#J{)W3Ix@PTSD`rwDn~_EfseyV|7&oV&Bdg=KJy#X?kfn-xRaqUnLP=_>
z@yy$IB3)lna8hni-Jn&e{5LDiJvMR7OFII~mUuLMB^(>aN!?hZZbKP9>NqGGcytx{
ze4@2q@U4bO=}hQUt;duI%?WwV9Ia2UWajN$Ag8Zud54Zyhp~m-iygP)-v`YE&Qz6i
zsb80c27CIbl=0!8>+AN!6daZ|gP%#p<{wYh`h7;8yKBkguC{<cE~=E;#>NUvg?dN!
zmGbx4t#0^P2#ML%s$QH;E<&f;ciDs&n|uJuDNqDiqub?#ki$(|Tc&CE*2XobHJ{b*
zxTAh>rRlFMeMoT<*zmjO)vr5D8<B%~uakpqBXZqr(R~A}g(t1|0?a4%^G6%uOGj-t
zO9u@EulOovyme2V`0ZBWLpAMt5-V@~(!xciDA+zOEEh9A^S<SvuO<ET!6?GTvyNf!
zdP&j`_Kx?^0p7-@^`+m;{mm(pw)<Kn(z|D>Wdb-CAK90NJ45Dd=7^DboHUlb1SV=j
zX>(Bt4hYT?4ZU?A%;EF92e0-pw*MJcRI!_UJ_oCCG^LWU(<7MnL=Kw~WF!#?WP&>T
zMB`bqX}CW!%d_M%48a{sHk5vT-K(~V9YGlwzA7qAng<?m3t<b5CWEkeVR#JB$>D|J
z5s0dicEgSKrX8&G4M*~2j6B-KSHCH^QMZeC1Y?<KiWnB_de3MR;KMU%sab~9FFJSB
zSV8(b>^n}@Yb65(d`v_(hk`IW!ZMRyqw@Yt&usQ!<o~1@2*8F<`RNDhcgPO2gKZ?o
z>8wALOkbbN_o&s`&VR9G*gD(Z@y{Y%@1vPTYewVuAWtE6zlDK^hrh$bu-h7m`8+ba
zQ@eC=7$g|R@BR_}^Y`xWMmQ=z&K3x;uDl1*n;{8}1eqd1SN+5H2tH7CFYg^C+r!06
z*1UrD>+`hJHDuqhf<v|XMxjvrD*Fs5(;jrPWLxcp3+|IAmmXeu-5dK|p&e|v6zEB8
zG+LWl$U9RR(|4UkK0bUYoEbz%jy$oi(zX@%)L6W(%W`UIg*S&#O;QhG?{21SrREm-
zT7FpYHuo$nTm1}}6EdAJSGj+Ev2<`v!S7BzQ=Ga1A89%BH8z|FTQ-$Yt+i)y<XkLb
zzT)P+H<xXuP0c5otiJp`xfSA{W%s3|-1g0o;+v<qALmVP&s%wi*Lvq17K`8(8kvXO
z?a0uGm3LKU12=B!-JQU#4u`(}Naf+4SBSIKNpr^~<?FzR0lduSgU@6goY%|yQ*Xiw
zQG;^a-a#g^pJrShlQDM?t|qd&4GT*u=7+hHB@?B*k%~byC$gB5h3@PQk4;XOX$PW>
zj7(SP_whVUsIwy@eLJ;lu{X!byWvVqMDj-R2dV)MZ_UEHt&e;2++(8RQnS^+8ij>X
z@WbW^PKZu7BdZX}PmZ#twnpx13cPN@RtNXLe|=*yfG0nvRv>#aYn#yM!p}c=PC$as
z+){~afc-i@jSP(qgE+RB=J_*;uXL(e;gvEeXW^N_z{qqx{z>lgR9N_<KSp;1*=w>u
z#BM}%MRy_6l}@`vlkG-kDg(ECBDe-eb+xlw7`5-YRzFE|vZRxwo3-zeer0oySD*V2
zB;ibi@Sp;FsDIdOaN2GRq`f1TSw6SO*oM)`y7^I4W4}5vSNglzYBaZ!fg3jnpXm!k
z$^g^luqAP~8ST@jFcN4u(n?DU48Q-7u#k}aZf5hwXTO650+Z%C@^~hTDK-;hhZTP_
zPxbH5F}_@5zmT~;m&|`>yEC2^XnoVx-w)AmgLk+G^uBes<L8DLoXDy<G{XguZV)YO
ziQ55WD%S5J-)vmx6VU+xiK8c-FA3k6kKLDHat;S8l+7Or1VNEnTA&ZVK9t(5yI&8(
z8>p3d%=hZ!@S;Wg!P^a}`8eUtwW*-%)#$EjE57{qwWt*&=JxCM0$IUA(uS7a*&no<
zf{V!8qfX5gIsV)S4NkNl`N+|Anoqv0wf@rb=?+`iKjdQ{=3CyHUK_Z^iQ+z`P;h}k
z!qD=%HOQ*>-X0YZBip;aXdr>St+C_}Z`5s%p*<+{EC-M&r@ptoG$PN~zWq=fQ6s=c
zK9tcaI73Yu5@c;{6MrT4iJU+FqCt&JrR35}yG%*``^Ug&U<2Br$z(~$<~yb*IJ6u?
z(S;nOg5Fi7b5|p;xusKTUa#+uMp3;JE4RXF>n${!I!Asc6;HnF@*%Jzs9e{Zo7IuD
zScOdYehW8OW{&1G;^W5gc)4KV&GCoj189Dc50ise&M&p4Iz&Vat$pu2{^t@W9;>Bq
zp2?;z*;}=soo?(ynh2=R+@z<t#Ugapog+V~Rcge~p1~J=AgQ|C(yntoZeN(PzQ6SX
zR$-{(|CaDd|JLuG8#MGy6d&+XwpI%HaoM%$u@j;(y`AcpT5KwV{Kh6=ZjpqpZ}u7u
z#4%p%ET<XhPlbv#xkiwEa#{2cS_!Li$en2q!HgEEeNBdx>9Vy-6h_1*s*B$=)~iJx
z_f3KN9g6lncEYQA^Z?TCRBpp?gs`^kk#qYfYO#{Wb}98W=-H)VlJ~QwCs(~_y|%Zh
zb6&1hYtRwe0H~V})e?@!utO#P?Asr7x>L}Bq{h&Bp8z_AJ*bJ{XFfN@%f@lcM(^u0
z<O^=jz|+m3WN7LwCip1h5CDZ7Ztm|$<@T^T$p6gn!T#kJ4+3C@vw&XpjAbO4^?FJ-
z(rRwV$(;vHGPY*~;J)Q@+Hn?v951h|DD#Xe_awbmKiwkfu(pw00}Q&Hr^`60Uj}oM
zQHAu^fi3#w&7sQrcbY(K8aBR&G~yRBvmB@KWXj)IR*v*F>%6^`zhd{cfx(9cdK79^
z8=|vdD^P_oX^F<fGZq*1o@i>bdsCt|AfOBHvb9$l!WH4lV$|9Q>Yf@iR78D-Pg(_7
zRJ>xfyq>wAZD5eZw?pr|uJK7xA}Jan7iK6gp%pFk?b#ABW^QsiK{6=~EkifBUuj(y
zR$XDeuZ$#r#n9;WL^*|&P5RbYNxhN1pmRkGy{hnVVLrS~p%jbwxSC_~S-)fQye=Nz
z{al0NX4GQ(N3qEd*tU441)dEO#G0D$`6>KQF|<f-cp(^oqqy>aFPtYyO+mViiHcv{
z64#7{%ar`;!$3d40I1TaS(^Da080!5;=4N~md0F9U};(Mf>_|h&1<Ezl+d~tu+wj3
zdkw<C2w@asBD}a8h-Z>WGNt}KkkmRK+QP&$h+OA&qrT56JCZ**|I@@vZ#Z4&HEKyf
ziFyos#4IWF+G2m-A{<~VGAd=p1VF~2)6vXKTJ<MeC7Vp9i=N$eW5;@@8`j`cVoHgx
zYRIJSA{~J-HtFBsI|54uy-KOZixZfIKeg3De#^WK#_i3onn0^_vZ(gy&9_OIcIBdW
zHH%dnsnGX}Mb>SrGAZZ1bPi(p@LrosgA||HdX8HRi%yv?Tstg_#du&NhI15{FjC`F
z=)kL%N6c%leCCec(wrN=ZfItOTWd`^%G9UlviXu4=eQ&gG0Z)+tySQV)^?qHF0mUE
zWv$wvz3qJGad$ZMowvVciL&4CC6Yb+XU6*SwH7t}ubr~kyy{}M3)>B^tuu}w5GrWs
z<?u#FoM8E_n;HGujc&_5p2p37`5g6<SPN#%&$~MaWJw*JJ9P79I_GI^q=@MA?1wc2
z96ksC_Sj{;YDb}m45r-BFe03rqkB{#xW|WH;X-r<#|UZaQyGFbD)bZz)S@bDIM&#i
zx1ZuO0z-uMlM9N^mD^9r=TCZl+l5Y-)B5#EIcfCJp4?yUS5#H8(oo`FdV2ZX-uZtL
z&>co$WRyibygeTVGh>Za-pUbNwfLnZHIp@O0NG5mk7_d7aLV;yfO+Zk>6?9<MbDkH
ze5TIG!_mb>Bwwui_gZ)iVO*YT`}cYLq&v&R!8o+$OTg@7ys#bV3n}ue!;9fzi{wJR
zqh*bh(dIy>U0H5^Yt-XaF<tX1B9IM-ms@MGD!|S{$GSG0!O)YJ?iPp&LJ@9s&XYg{
z&_KEG!?6K+xhkklKHNyM!1DU~DT^MgbjqZoTD*sziAl;3Pe-d=o}kt5pKy>vO_5TK
z`f~6R0=L79M(jJQY+Z8S<5iN0p*475hD^7`N?-tX9>S_eop0f<5$QF0D(HQ7adF-@
zH)kWFXIN1c8oRi|Y3p#>aCq-bz8;XlbKe&SPNg^xpn5m@A@mAOGOll$?ZR)_9|@S>
zeb?z#`kBa@vb&@P=W@WO3(XgJE=NuR_Q<+vbUQ7KQ9at77=rVC;dp<ti_K|$hU*-(
ze6i0uC$;d|^*EcNG8Elr@zUx^D#FD@^lhoEZ^~TCI@E?@?Y)l&Kjvbq4T96|#xAiB
z-pAqeYSHR=P%J2s<#z%@(jI^aEyl~206Ic_)7DFW@@m%#pc~^Z$3<<^V|mF^;%~qH
zoz(t^Uw3$c054E;lEn1IV~nVAPXwUOdyeQ-%;|LayeicaKKZx8Yd6FWCtw2@+G7DJ
zL7#AfUc6oDWVIsQxQCP%M{!uUv`i+FkJ^O3Np)D3UMmfpeH;>vH+u(FjqT12`;K$l
zQ4x;!=H%T&zj=df7EmOLUKA#m;HYg@51B2%pqZhYp=Ts!Z5(%iF)2#@2ulsCBh*PO
zRcFe+pZl3Cq&s=+ARsN0x>kAMuTfLP_l$WepDGOAkp13@$`QeM5s<p}yc}WWDOSkV
z!|LJVic&PoOzn3Yqa_sb4bQ|=eOWbEliz6pE|2?266{q5)!&$W_$J1`qs~Kk1y=mZ
zW;AZW(gDnr^TPGe*oea=mR?{t3C48jV^DarvAAyL<>f#R^Qb-)ee2TuqJOd$>hDWQ
zslMe-%k6e@<xtVy{eJhumtfEO=Mn}?PDh`SFm)o%y?G7&1kVMRtlK}q1ss<9dtNCz
z+1s%&^Xq>%mI1TX=LlV$sL$4^a3-Y0dzy{{HQ2)4ksR<>orI!}67|8}<dt2pzQ&iI
z)#Gmm5*5<l_rXbg?bKSag(v58eKTo73>uWUyn+Ih2`u|MN_1*0PBDZnwvdC+fW<WZ
z;dH5DU9Hd6W{p}i(L9cg;?b7Y>I<JYhjqah{P4j1QV(F06S||Eo|%cLOut|{*wX~2
zjhAyCM7h#Lo9Tw{LEoEv_y8v>Mal=vZPlzui$s7Kq}!@aBD>jKx8@x{BdNrk0aD1G
zPN=9yvs-;HrJq1ucielFdVjTK6W>0RMvyKrhuxIhA%;yyMoMK=gP1Pp(>!IPYx_y$
zcH~_8Sitqj-s9+w4<~*12(om;urzni@r$aPI+%o0!>v&SU^t$f;ROE-L@%J_(}7XQ
znJxdWjZ#*oQ2t&3Nk}O8c)+U)jm=nkZSR)&iL51yMEuK|f>l@X_?OOXVgPB~jqCW6
z17>tJO-=3=!H!RHaanveCT+<b)sW%Six#T|_gC9vo>3fD38WN_)<Z)V)6YG4SN(Ne
z#8bI8T!Va`*=<Dk?-E=3rb*aju;U{w{qU1>Lw1AEOn32#YtkCab`)TLW%!;*IsF<k
zL}~c0j`aK;=KG)8a*@-ro6p{>9s+~Px4C+=`KD>fyY<f7qfUP9Z8Yk;wz4>F#zqzS
zpXHx*kp+WwslCH5-wd3?MIe!4a$)e+985PDGR_}3H_q)_M_s;MK@DLR63+M}fZ)}}
znqc?}td-TFb!6I}gAkc1T8Nz|84Ek*P`0TxoD|9I({y`$0*-QU9QwsACbE(h67+(c
z7`nT)vA%J>^R%;!u+bp(vn^BC58Q-W|9#;(|LE@>`vtWbi=+trv=^z<g@kL{DFrru
z?JQrTrEf)B7de3IT;J_#eVsrw09#7xB~vZ(%KHcs?nS0d81!$jVzLz6UV5Bb{GR7W
zMo7VL*e6G(Wuq)y%YI*V`-Vn_%7xi)crz2eA{^5BG<GGoDJVdZeHJ|0QO_&t5`M6w
zc#+Xs1}rs?0fV-kZ~!R0ZQZK@n~FR$#d^tUJYwNnzj))_F+6M!y29VvotvsH$J{d!
zya7t{w@Tq*;lz2f=w91no0oQ523w=+JtU@vmSZoxsHZKa8zBmwYNh~ng*!oyXuk9-
zA2ptxdmVnmW_Nl;A!hdrJ`RLyqU&?sXtckHBnKgfWt|5B1~CSyt0M9j!chEh0_Hk9
zX(=)0rIgEsRA`M3Y&7=!Ly~RY+joUMf>@iGA`H72paYL-==%O^6Io@j8-A1L_Ia@n
zDwpHdY)C>LrOje2tyWE7+5OS);&}nNEd7pN4>{#eB%JS+PN+8@)3*;tu~&yQTwJ_!
zywj6Gi0CI%GKo(RF?CYz%|C!<Z6nHSeD32`n9W7}U<)N1s$unr{DF+3Q&>T_?IDlx
z((U+_!}+zf2(jLtrWNZ>ZOa>=wN{v&qX5WT=a)ay)H#?~u6^}h-XT6$S=)|c)-8&7
zby4B%waMpZ9cb;d))T&1PA;@D5VFIw<V(Vtz8uHm+8a>&n&s*g9fwp)J4YuZmH1%E
z=c>EW)Al#dsofYh{-5FkVqF~<O-&j~v1-P*8?Ik-G;}AmzSEUyVxlc*kLlM6Y_-|z
zpsJSNysg^AfOnGFB<#>T-@)+Ng!VY`dR|_yC*b%WP9-n@jC{`Zu|Gc7vO2o`HU9YL
z7+M<}=TJ+XFI3OR6meT`*(NU5P+gDoZhwph=pV0$@RH{Spp(eDcs0Q~?`>gm-|GkC
zG4|#3pguUg@Qm8efa@8mJNoTfHk;>n1JUJ!xTUz(@7&RY%CtRF+o~`vm%IfIs*2^m
z$rBqq<uep9qD)2RC@ULMr78%_{vXc%GAxS!eIJKuBv%mxqy$Nol5PpXppj5oy1QW!
zkWv~6Nd-ZryO-`-1nHJodZ}eumWBUde17lmgZs%nm&eM3J!W=hUU9{Fp4a2Cp?9>j
z$-GX1?2}5#I{b#U${#68+{hUpipVSm>M=4L8+5a8>{d6rj~I`b8%->d5w!^?B?+kV
z<?MX!?-ttc$vuDhk(5ikF5_Vp@jSE${WX_{sXcc$t0Q{+(<}8f$}qXI2WLm^veJC;
zi+-(i61ld8HQ&iCGNpB<kAddW_Vi^gt=-uB&-0A$VKj;M+#APsRYf*FR$2{biJ7W)
ziBZ8`;7ydrc<_z*eL_BRikRhgtgV~Ba~XXua=7^B$P2nC6-ez%y3JqI!$-4V<Nb9x
zQ?AEme6FBg+ignRZ+oY>@-s7;&9$Z|)Wh|G)UxK4vzToOxukmSb)AnSq!ygUaZApd
zYk4U!CVAz?RL^pe_TsSG+eXl9O0Vc`Tuh{XM(Esq1z8_KL5BlRiijlOdrggEVnB!r
z9{5;d5<(^n=T?Df^ybF-+0uNpH?Ih~|M`Ol*Y=?c00?CNxIM(n*U~!3xL?sZK*3w_
z=zy~;_rrHGHF9aO({D1Q&xAO&)g(52s$t`@bjvf#cHz7dt?!8Lvp+avxV>(jnmaAO
zU%aC~?RE13O}R<uU{+i(<rf|lqLdfNy9-_c!*qT_yI3CxGuVqyxnH{oFU<=9@R{<F
zWH;WC@bJVRwbgvuogL5(^$e?V0G+ntb;ruI2zlGQ%NyyMs<vB?EbA)sIf4X&XW&Ne
zIZCnqjKX*hb9%zURU%b(UUzOqnE{!`yiYmhnt80_OCo056PpZ6L~2=0D2X~3rQZvN
zOCRxk>@;1)@sPp8HeE@qTd1sE+6ErKW3BzvVpMZJglpMks;uE))K7kQW(Cf8$&jyX
zlOW>8#i@P=L7u|4p7-EYZI-~=j_|ivLQ2`d+qD_hQw%TFQx#T>;$*ukMWo8<d<vU1
z9WPkfX3BiX>+@*;@@@>{{10di{W(H+w`#NI(NNk-KD`94)>mPv3?K2;fs~5G_aQ$1
z-1@_5u9o+I7F=~^X}qJ6Lqo)1D+lyea_jLSlk($n@Ni+YpY;S!Yl(1bvN|AAV@<oG
z41p}mTiK9_7Yz+0dvmnur9ZzdEh&Zv(o0KUPzNhNe-zLb^0VycxA?+GO{_o~$C!;=
zC)9H2or0<>4F%h~>E32`cX+etb{FEhfaM3S_<~1aq(ra8Yu|j+*d>`Q!nd+QQwh8L
z&WN`f(TKaxPus~ZZPSeiY&^i)?4arC`h>0iU9)D{<(=$e^L=5X0x}6t13(h{vyWwz
z&6sC?li}?!&|=xHFCh@`DK{tNZwsT%O6k5*#Amg(1_>SId4z3^_ee^mG3Ki}__96+
zyS*N+wu`;#dlGbu+p<~wi0*gjc>ZZAkF%hCASJ8i48mab4A4#Av0v;w0eNF)tb89m
z1U89)!)>a?7=aO{H&0&xU8~#{BPSXAlNo9d>h{*7UwRJ}T<*x?q@<qE0j-3(f~eCW
zhBF-{VwCqjuxm$^);T5Jx2k<7K~6xb2l>^{IR!x{936=Q>vDe#4>_OB=m~%Aj_F(-
zH&`Sv2-qjcI1f(XvknFRm~D&gqx8n;`p<8TE1JSEalD4XGGtgrPO**oUjBV7WxLk%
z9oNa;r1`I=VDt|ctZfFd1?=x%*lJ(Tc@h0H`$gQZrbKA^#?p^rPwOZh=P#Y{H<fI0
zk3K^Ey~ofha1qF|#ZF4Oad+4pnVZPq{Plj_`^LroLT;C8jxzO_RpE?n_mZ)C)wqI}
z1(x5_+EBM(`Wb;v1Xa}9#xDXisP^1j#xSa0t=NPM=qCOl(jUA2wMX;A@)&Q#%6KfH
z{-I-EBOC7r0}a>5eN-k#Q|skJE2S+Z%z4=<V59Z>aUERYT3Lp1A@r-*b53=O-qkcl
z+5y^#y!)NEDeRuuFO9#`y>BEOe&K_LVLIp%UUF2by5Jl_`((a8x$D-_tpeC|nO$ee
z4Sl9Z<-1)qDK80hFPqL_Y`E$Xa$m5wTZ%3#o)S<~8yR?)Fz-|@TD7>b{-o8m`pL_G
zC)Z68_TVda;5l}dkK~cJKbE6w;`Zf&#q}HU*N-nx?%p07B-8neoQ#j)qON!CGQtlJ
ziJ|{ae7XW>qQq-HJtGjt;mA!)+;yk9E@<*-7&%k_Ys=Oc3rN9suj2=k=o32K#ZM6d
zp_^hv#b;{BHQ;x(?iiB+{a9ioOz;TaN;mh{*=m2+Y?H{Z{@LMj;n?jsUqMgwgS@US
znvRjtdDa<yvi-vO!N%!<Ei@PuLlTpFP4J<hZPfrSMLcKx7`&~g_znU8>!~3!my7zv
z<K%Y{=jyMjI8Ur7{30m2_CBcK1C5An`rZpH1Jhu#Y4lN%-f-?+vY>m~6}<1#DFE@a
za#j@yEc*7!FOQ#m*XkKs{Xm%|>7usghabZTiQmyy?ah+fd~Xexl6@YZlRJ4rge7>Y
zC&R6OOD*XOIneTa0{Ru3Rh53M`?JG_Z?S$#RA!YR;MKsYBXNK#zzL9V1~y;+p~6@n
z|M7w~=h#{%;F`<H>$_@5FWLQ&gQ+rWjdVA$IiP(Oz5tJVsD5o$aX=-*Xx{r4!DoU%
zd%UstbMJ$#N@$+eX&0yE%FPwUag8yx>=uEJtT3MU(X*ZLZ<)}I^hSSE+1*h#8|ep}
zFG{6rx_{X3pQG$_7xC4rtQ)M$T{}L>R>ypCz^kd5uq(>yI756jk}@J7qNtK;u(-pj
za{GSC3gyOh<)PE}l1C{#?=Kph0XDAw$K^xijoI2X{-Nx)m0kiMC7lV$Wy=sd(rwOZ
z4aRTb9@d}|cTY7wp2MzlgP~r-3F4#!&I2@xOoq~8^4uhXl9HHv`Orrzwu{Y!6{{i4
zuLOJYYBE3DO+F^4e%%hNMs7ZaVSoqarqE9?UI<I0cOpLC)`b|R5w4#^(@_&Yac2;A
zlpI@oN)f@-qS8MUKKNYucte9rx1eg|`&e)|j00He3SmYzAc(IvGeVDsKgXz&)a~=L
zBn@&U)sFYnS+kfe*@Iu3fV{yqT!Nn&ah}&Dffy{qE0edyDL+s2;-Ycw=Z?xJm2@!>
zv^%)b%Xkox1)>#TSKhIID`Y3m4mG^z9TsuV_)?tzz<$dwe*3ze)-kytIZu<dbe2ha
zW$tHj^&k;Swx18#g36<B?gzbDkrg|@>oKa4dP;F7dE&E^pb!HxQi8<zIs_5d-kU3M
zCee&i;TP`Gn}StBt+GM(wvg|L{0S4Snfxjhn+?D3@Vw@fJH5Psfp%_Aag?cH`5@Qk
zQ@ogHa&7~b22HfG%F6Wd47Q_~WG#8R#Hl29W<+0J(>X(7N5X0!S0>v|;Oswkpwc7K
zcG5e0*D02?15Vl^a4w^VBWRoREixw`+X!5@pD|8SNUifD1W0v58mQfQH<EA92suvH
zZL_3)u-44^F}{3QH?YFvEuZFTGn40pE%+&@oEVRRT-<(;NX!bBk!i&@HC|q52DjPc
zMStJ<>I#2rEtazuA<a<3Hk)j}LL9M0InHH!yOpdKx#Ft2dM<1P_$z9^k;xN(k;#W{
z<y{jK{r9~6CPshw`zb~#uDr0eKV3^PeBL&@vCFW8H6Aryz!rdwCPO1-z@&ww_jMO4
z$W%$EDd*}sWyGr^dew@JApS%Yc(M>*)GhW?syBn?geK$zSbW^d`#(Cv>?Re3c}>%T
zTYRTrkqkh>b9LZ4rQqVJ=Q`MNe<9(9;>tNH>3*QJQQ&23h-~rF*0>T%G8d~1u7#iz
zez5dmA79X3?~|O|nC3O67--XKYt6{+^W;Ikhn~8kZtJ|rDW~_u;irv>ACMGuqhHm^
zp!NJfqxvw-w?Nu$;-hPmO6R~a7*&5L&v_DmR%)bDXwb}#rTdf&i0Zc$vhZQU0Zm}c
z84Ahz?HXbm=9Ja?LQlXu{n{IGWwHgYw?G0s0m+5+ou7@kIrCoN4KHA5(+{mQL!gQm
zg4tG^qn>Ej1)L?XhK~a)oqg_oJhy-XsEua%J*Kywk&)SuAyXjc2(G4xeq#*gqLGa9
zLXOFtBBpoDc5@Ux^eh@FYwR~C_@ln7-NJtHJt3sdYf;!IkSJ9#nz-bt9@cH4dmE`h
zV^n72Vj=9D$8J+rv!b2oUs5qK@hj6+*iP_iDe0PD=Jl>G$?Inx0slD%;J*b!AS!3)
zDdtb8{BQzH?GDpXQ9hr39+)$RshR||?~{1)_4);_eEJxNG05N!D_4*CKtcv*Thfye
zs%j(G%y)Ll724?wv`RS;rGzB0rkfI;Dw4gjvH;bdEY2gokqL^$HS7Cw=y?WCV=Rzu
zC3%L=8<W*}Jt0$w*YfJ2pNM6tKGi>WOIhb}zCT@TUYj6$$k6A-x`<7VOHUw5`ew4;
z7zWOyd+1|%IJioL>|UVrb9!+6a@6W+HX9$?*@q3S9Nbu+K_$!AoYQsYD+$r2Iok@8
zktK1T&B9`6#e)ajQeZsLOUO35`cF!m<4NX2kAC;~&zlGNJ%R5@#{Bb9QE<`_YLJm+
z{@p1^nV%^Pf3rKEE`6DA4&sg+-6c?Gafqz45DBpohq{*@$z^v3-1ZU!8OC^sO*GPe
zQArgxJu@o%tt6Q*cSz7j_oV<QXcu>u@K$h0DCpJ#Ffs6GVv?I_004686^iJHg38It
z^$*D_{u(zvm!`rl&iknM)G2!8xTF|#wl%il=IEMpz!Sv^^Wpa<4KCeL?Id>~`~hbh
z)ejh|f&7CVurr{F6!AGI^u%f6nG8%*I$@-AOJIiBcSXT5)wM}Pw%E<G*s7A@RUT$1
zB42_v@e|beR|#5azm8zsMN=g5w24wrCl3~6IZPcg3j?B_E<Lt^hVc)}H>aX1EewdC
z!q@^bj>QySG1~ZiS>rn!-_Xr9ZfmgG&MNjJ5XRV_O&^Dxn;pdt$=uSUxw6*lP{2UG
zU$)~*l*Cgd9S*Dd#!SxgHdFGAak}|qTt+PA)5#o!AFT?;k143)nsfL$;|vlWDh%A@
zRuiOgb07S{uk=}Nj9BHqAOJwPrk_v$(bYVYoEAK^Z<l{j_NgtHpz@x)R@x!mNR|GW
zV{vSIQB>ta)dK9_(Onnu`8;MG!!DZ_nsiGio7_dMM~Wd(@Wo353l|5a)Bv-S=sxL@
z`NBrsM!6-SF}r-L)>$@wO?KR8nhEG+MhHL^vEU=9biZ>5-=HY=z)T=~L_#|Dsc&9p
zog!uS00<I5Op|lY*btqqx#oSbj<8GonH;02u!`pQyV!ZH%P3ppJMDP#4C`f)z#<QS
z->639dE*JGVM;(7mp8qIT{FMKrxPci!_HWXE541KzW2qaam+^CNWMY&Fz#oQw8IjQ
zUjWohR12v*FW_OiH&bs1D+$#w%575g2{jDdIw9#YhJ`1yd1(g-gNUnR6UTXO7wzgk
z46*y^oUNm<8t!5fH%oGfit{>chz60Q4McYfJ0!4Gy1U;9zk)gy{Re#pfEmsuCZMlm
z>@W|eoUZK6A`}DOL%RKDxqty*5}*z~*U|%+idQ#&b#!(v=dCcpc$OH^LsXYxSO%5=
zb&BE!(GX;u&iL{;&bL;}9k$&TdMl&tvs@yv$~{4Tr^gBk5BmDAkXg$AAw0gNfKPtO
z(_#o+QLSaKm#T3WWMMIts5!QDsJ(mL$vmN(3wi}UyTXfI%@(cKA=>-Oe*myR1&KwD
z{!-z4f=t+EwdYX77|0qbDcIEz;jcz45QpKDSTG829B4z>w<q;!>WhD4GOn`zkuyE@
zHjqxUSsq1hQBQkuGVtud{qhm$9C+r?W`HAxI1p`XQ;^4no^6qd37l!J({?HJ&+S+Q
zHzWMF#o*Cqj^FF^0P)#CbVc4kGS9CwjA1yjFqQo?e_8a)4ok9h@qtk|PJG1U=Pwil
z|B|+@o)|0TcGN_r13f^~5Wo8@>Fs^bSa!eW;GdmceWPuW5m+h0((VCL*Jkv`7d20K
z%PMN0nH$cGYGC|bzx2hk?`j=g%s=zGKY#U$AsN169=oLSW27nqpQ!7&z4Z5VSk8Ar
znd0tSZ-A2hCGf8b0~tr^ET+?4oM7lqoTkReyXhI-yf?I*jej+FLT;$1wx1(VCttU+
z3j%+2A-xzFMJ1i<WVpOxwb0tj?R8@jbY}2V8}>ZfBgz<KX)sE2r!-bc0pQzpnlS)H
zy#Fw-i1Ip`7JM!$!WYO=#+yI<CTON2c3K42^6*C%zFLheH6_Qa!z_HU9A@&rrRCTb
zm@hlYjJSP*mEBlBG351v%-Q*!&ccS$MC`!w8=@DRSNKlS&4*tGj-Q{-B0o-AE!<&p
zLmL_TdTd^Loz7Yr#(Bt|&@3)`^n!)a({syD?D<f4r<wZBEVX~bQm;rn|9$kzeGPey
z$qr-+rP+K|1p?0AlZe;6hIiC{P<}L+`ArC-W$1U`Jsz04E+Stcy1D*nbi*dmJkoOW
z8w<IJh)C_5HvlM=58l@FH4)pf?tls-So)($aXV(cIIsIaZ5DoQ=7xKj{JzJ=^%#O6
zyyh14z=Uy)FdbIQKFJWldEKOGK<n9?UF^0=S%n93SG2nSN8kKCHc0QfK}q$>uN~e(
zyG=DK?9ZJcvYP{bvyqjv2z(7rhVW3s2)c47anf0#dApAQ$Kp3^^AF{1?$cl9;nlg?
zSC8*(aiuUjuMKT7geN{q6EL*gDZ($6Y}z>&xni_M_8JlRV%8^bYl>{{)S0mu40zR?
z-%xY*UzNPq@SFZ4{TtW&m#Ig=j-EOpa!7pi$@o+4LBtiP6$LhM^!ol~Rx#owuVUA!
zEU@ye&OWoquGibsFSF{7@z*zOWwU*Mn+~(Ib<#5=sr3hAUXtPKK6oVFS!T0b{+*Kk
z+)pipA^J{NP}H`Y*wr@xy2@`x&i#K^PJVS#T|qr_tu}e?Y``r4>eA(sW*{>!GcCRN
z*Igge_3sQfh`J?|mIHX$<an?$&uqKWl1)20#ZfBM*l4)Gca4`u#&0_(ov00N@`k^+
zYgFT1Z)|6&OKZ%hNxqZ*<RFo5xv@hxV<S64H704%Ko0URLhDb|ovQ#I18|?^zhSXp
zk^iwqi9QGJUTl8#c%xbUd}wM4+u!rd{+hw>HT;2<@4)6n%GZuhR3To7b2|Hlsiv6Y
zUSQ?d(<y2^7-NmZ4-YdC_2R|tbkcTylzVtxEN~@k+p=R2r;&Fd64#NfiTEtL+`WqB
zP|61}dOzV(F;&A-cR`|u`Eahga&q^r0xb#Ljvn^}CIR!Y!tH!V#~Z+cfdJw;sC&Z6
z<c}^a{tkIoWq!zOY2{<WL9f)5fMgL-?^)e%^&nxZ>GP@`y(hKY7<oYWb*ioWtBTGa
zI#c5X3=ziIX!3I;z8pFuKe71|Noh#ReIjhUKz1iS?=B@OCS#R8<@4>K4boGN^E`z{
z#xjq&iVA`Ia+^E2{bUU|*xCUVzR6+TZX|iis|59o9LBc-7&>d;UA#BE>uk$ZpEcxM
zW@8o5wNE0NRO4suHaZ$|Gk$-+Vat!%1n-oZ?3?)@ZWebyIAK*VA)S%uF)g{$tvP4^
zq+6Cwv$M;4DiH?L%dwpEOHfQe0kQ#f(V}K_u+3UV>p&-vAcb}Rhw@WkFSv~OgUbFN
zHJX(awYVyykt^ff;B(fX5;h;;$!l;d616QdVQP1$Ne{`gp9kz)f{icsHG`hx%cpP@
zWPMZ2*#f8pEAW^WfRGoTt)&NtiuU}Xk98x>K`S65_sljqhlnk>KYZF3-I#51Do{OO
z-mR)aA5m8Tqfmw*-LGbrg)G?hXD*fcupZpM&~S-rI=8Km&e><>`$qUo+jp1nVx;-o
z(0b6KWFppHjBng3Sk`-G)v)g?&py^SyUiaFPwGT*6rGE#TRI%+Skpe5cr`J{Ex+il
z_o;joR4`;q1;$cYQK5;el@zUU=eh2Hwe*zhc{mS1qSg2vpZ#aRqDXtJW8!nALk?H^
zFJ~w?)qGwF6LxFOj+R59CVVucVIylHW2Bz?{<QBJsODd|#{dH#B^HXf$e40`-PpXl
zR9oH>jd6H)#p}6D$SplO-{@nO2<589u9)PStC<VeX4h!DnpHBdFZ34@+2BcV%iKKq
zo4}x)-nikdU<QoIzZCf^Z0+v@P&c3jcJeV&@`-;VHs{Hi(x^<r1$Jz*%&QA)vCiTf
zwTg4MO?rPDz*Yu3<|APPUw9Lnm5F(34IJy|a0<WaXcXuCUO2A!zrc?BAO3Tsvm<%4
z*y*|nr+>wMUpt2>bV(`%Nm>KEBAj)k74k}yxs*U&hy10OIZ!J9tL+e(`kTr5>_6_w
zpI_XWtF&|@+J}JfFQHZ8IzdRA31901w_okf{Og6qaSPoPL&FCExe+>a45n|e-6;56
zIEYT1QL~l#4#~>}9>|U7dVq&jgs3#p9W{LF#a8VucvyXY)$HIomXpC^oo`a5yI}U;
zI>Z#p8kSp3{@bT)`F(Mlb%MX^;+5OO!g4q?$LrIwib>#;L7(p&Rd#$COnj);PnxA7
zmF_EC?e2b<7o#N3xalmM8fbNq`Erw+VF*^Q;*ow<K)3Utx$<<q;qTe6C}IESj{V)z
zDV&})aq)lP)XsSksTtRxz9sjaq^;zraTqSn)NnD7%4^mfMf84>*Qmu?N_kjP>}Ykc
z47IafnGTg3>G%{b3mQU1Yh9UX&jf?MmwhN#V!m?PL!w*e#&H3%p58iVFE_37<g=|Z
zE=4b0E<O)HD!r`^hH(VYgF6D1Y8yv8h4rQD&1rlNh^p~1osNo&fivE1(4>+vQ$Rpf
zeKS{(8GO<2ase%3@XFujAg{~WX0*G9L|i^$5l%K`Oh+mU-d@Z=pL<A(VwR2}NlVLV
z;dXoQpm8M~rkB2iw=(tIUpr#g(RvH)`|`R4#5OW|&GUA|j{z0pDKctOYEmoSwr+m9
zo}x&L5}5vv+8n6ol)KN^TD766<5<1Q*YO~RO0U6%COjN1{Cwg%BHna}{Ym@DuJSc~
z`X$@N!T?_GAgOtz`yzO7Zt+jen&^2A&$M`Hj#zVHK<Npj>iF*DZ1-$;qqMzu&GPh?
zC12@bQ@;Q>L>@^#KU;fmXWK>ma`U_g)^W~t^mR~@_&$44YT1UDxA@LxSr76eeX;^z
zIw)UZ)d8RQpAyE^OaSIyDT?6A+J;#r5_gnw*mOSVX}rd#Y}DS-Dc4_r8ye^9hd9~V
z#rLG!5uS2*)6NrWNZi<(b?$cv?*q}<3s2dX@lP5{IPbPr<C;PTq<E1{Z{-Gvx$jqz
z+JBu@t<5CI^c*vd1uAbGy{&!`27k3!-E3zXh{o(9TWYJ4xtPt&(xV-OYl8eY5Az06
z$bUhjWkfCvHiQ}`H;i)I0)DTgOGXorBEOezES<mvCCPq3da&~_8j7Yg@NMb$%@vx;
zlgje<8HO4|8M?eE7Y(TMOVS!_?UkQsFh34`0lKsH_QOrhl(+obJw=y=QU*?Lkf9`p
zrQg_rJA+pxyP~WzSgcf_y$k_SK5J@%GdYb2tq84E#}ZA5*>MbsQ%%eC-WnkwK&Pj{
zN+9X%yX4M$JIYAL7ZZ1KJwW?d`$x81vlQxt^5LUV<AjTZbIH~EIG7x^*O5;TK@=H{
z?`_TXryn_n=z32jSB@T_OeUsZT5+g_B_^rrh>J7g#Nq=ok@&cWWWC665j{wmujv|&
zm?bPV^DAgax&?h+bGqJ1l2|;fpD7|4T#cBR(B}ua4iAe-I2lLiiW#lpg_=IP#K!nd
z1X;ndGW}k)17QVF7VKHi_F`V7`pfD4w-%&Yibu?{JEqq;+<6+ril0FFMilld<GmYs
z{;A4A`Y%FiDPCWr<G1drn;D~GA7^Eb0@p7GnKWyk%(Hlq&^X()=3%F_ve&5Cr%!!`
zTBY%~?WWH1*P5xj%J$*2Q9mk{ttJ@1eGKhM^fF!u@Iij8b@ZCwYnaE6-C+D7m4myj
z*CXy6`-`zlidZkZO4=rXqUhJluF7|Wi1bM(qZTn`hrs2b?G$IUW&1h4Z^(8lVYKH3
z`Ol8@zU<iC!8Z?a?-_=Yx;-51(-f-XV`_SG#<E%YzD(j^uXFa7Jl8Xg<%L;=;5Qm0
z1tx{T3_QVrz)#s{$+<K1#G=T<;7gUu^b4-fXBk^=TP1iiBLsJ*^Uc#Whr@*3W(P4s
zxJ?CT1zUwvCMmN#wE-{7R4mgUjABJx^>}DpE<?BN5zZ3Iqf*z*bUtEFvsk?UAn;H<
zZ4_&qPS?pmgllK6(hWLMY_ejyVoFDtQ6X*-{fpRQ?1PGyO{!1E!CrS`x{07<DY|J-
zi?@|bgb#Y>M}_4;T1!eWYjI+g>O>y^jcK1Ha+-UC>qb5}ZFsXn%*t)JdPN_y^;qG7
z($)0cUg{+HyRZD&AkSeyv@L0T;NNvbHR7V%W60no8!IR^di(^p$VzHk9=ggWyfyXB
zELUzu+-CbrG48CTQ#!;!xXQ~3zOcaH37VENM_zZs^ds*r7W#u`bnNtt9fazn*UwV7
z%}kt++kOx#g}3BfQejFr9zDLNd2r-{?m38EVd8K{Exhux+bzbQ&uo<N@(Rm*>cu|)
zk+KN=5?Q%N_=Do{b4qTF4Nnb`$McjPH{ld_l%rfoVZ{>%T^W9&$cP!t-8H{Vq+%nE
zkxSDr?<Ap=o(B|_Pl_x|IPEy?PR9-QDyOW<Yjefg?yzbF^l-$eWeB&WJ2=(&oP{!^
zd~e~L&M|kpcoL{eox!6Zc3i{6E3?0~I=+c`5ixrA83+~|#j(}=4V_~c#9E%%36=?3
zp7*IxL|M<NQfKmrGd+YpVP-k39J#yyU!|AGJ5h?cKdj%%<&h-uyqIY+cK80V{5Tw7
zY{qA&Z(^p3ZEFkW3(}B*bm-Zs#qK{21&Vi`6P$Y*{mZ#@6_S8_*1oEkNT=e6m-{Z}
zo_N7GpIIm*+fT+zH17P-A#UID%RVc%>?A>sN9N#6l*jtyh~x7{?p>gy-7JKj*dduM
za4KvrZb13F^+UO2zDmw51o~a>Vn(cA<=RB&w=LZdDJ5;jv69H#b+5T836w8S5@**v
z^FLC_C0{`-F5*$2d#cM3-4k^B@+*kwNf9FuLhYxF#w8wWdWyYKh0lHgtT3z8mts%h
zU1_z`T60n(F%FsaBdTl4RH^rt*msQU1J_D|<MJKSYBu$oCrzY}$O`3=iKhy`Zay_!
zTHXpTgu{cBgqX(tN80@7s#f2sJ<fi&FndRJOjKpX>LHT|w~J}Q`jfP~n<8yNHiY@R
z-|=L3LuLr6gnN8G%>>yt8q58yGjOqgNsY^=G?4J$-M0u|ViO|&h@R#1?bsOSH`UB}
z8mXx32bWYDqgQDGknuZiQ$nK#dsm`r#yFxin5h$aD<EY<$_;E`HrA2vBD(*tD|S8!
zC|Lb1$}Wj^xP+}l0l+)~LDq#NZ{1&p&foSww}%tUmk8BQtiHnCC9b~zv*fy{p=-mc
zI}r;sN>boZ`E+sVlI&v9q!kw=`RS9|6;h3F@3?MkMYSUV=Q;5ME)!LgZy9;6$^9=|
zt5fWFCymyRL_~iqDTLhohhIq&)|t_>VSbKzfT;W#E*LsW`Aq9tT`NA%qi9Q^v~g>K
z=k_U6JmsO<NjloEw26MLMkNZUs`fUr!_%7VOgvH3YgQ@YmV&v{fzAPU8KT_zG*4=Y
zSmy7AOd6Ip8iC`Q!DnY5XC6iRvmGW4;e)(eA!^4f`<=^?D~i_jd27jwjqT=zeL7}3
z!R3kNTIwEUwB`c6C%3D%r%SAKTP=f!@Y3Dl%B<S6BJX$fZ{IKF^?XByFHEU7Pukzj
zO;?*BA{mKfU0As}Qm9p`%D@|B+6)*OD<u0E?E2|&pr6-n?`<#bU8|@jhTF-udIc{v
zY06zXyMq|7kH~y#31oLxUCrRMy>0FCy(`Z%bI4^<%|ON_k%X@iwv(lGPrg(OqU!Mu
zTb3&19zk=kB<v`Icj>~@=3R!y(q2d-$Ps#W0>=e5vLO?}G_d}i8?q_3#g~p4kt-k$
zpZ{j3@6GMsk`z~d3<v3zpMA}+x$<auSVF=MknMR+yp0hnpYQa%IcxJ<#Rui1G7tWI
zx_v%Uv0739U6=iQ;!-j5IHVf$%+fjfwr3-@2;tmL`L!*>0<X<Up13Ce!$U5(KA^F|
zlI`{XJ4^asovPnX)$fl;?<$4I3TB}~6MxmWu2L?*0TzY0p7e{Ak<u8^80n2;&cKXW
z-rm2!hEr5#x>4NNtpvg}x;S*xz4!PW1s%<kd@i+mqT71plhU_J$rnoe{pL==EpP;~
z+*RwcJ6h3A#<be+@|0beRzAkeBjPX)q1&R{9H|0NNuQwuycmeY1voH0DqZj9FG={g
zfTOS@Shsl{;;Pj+WDnL2917o!YU^1{YN=(~I_>G71bffb-HOtW(wF93Y`?WKvm`p%
zJP)c5m~=FZIP`!cYLkldSGqmcF<!gMJ+&3%br+Bo{b+rn1(6cmn(}CbI)_c>m*{la
zrt*Vs_Vdm`c9z%qZ1-4Fc|7!aZ6J7M<VHEKFFLnw7XD^O|9){mez_O<{7>lTKR3yv
zao{B8x3Tj%k->B=IZ6N47UAbbRmz+tQp%j`Y;S@o1t|&TnLB1N?UebQemx{wQ|b>p
z4-()G@6|iiiAh7r;3r&EO+pO3WMM1>Za!R}I3JVcEjn^h0jm{Llh6n3cN$TnCY-jM
z&-O3SYm~V(7H#T->JNS%RG4r&a;m=kB-%x0F|_vKlft)^wFO5mYX2tspK32<EGoz2
zTJHuav0xgP!@siKYbG1I64$f&tM~Qi#iQyi`qR0bYBbvPpA#Ml9JLWTEexCQ^ULBL
zT%Q`+<3o#*?3fv+_SA;DoFDjILc*m!$1oA%5aF3f%q}MRL3CkcPFQ--GcOD31&NDb
zYWT%0{BHUD^03nENAD%sAAz2ckHNyec#J>(>5Tnvz(u|R#v9()Vy;pQquA2=yd7>S
z*;_rr*RXe)BxU6BrzSH182co|>J6VBU6IV_@I3{I?dxmIXprH>0a$KW^2UUZj4^z%
z_%akhYCOGHsW1P{6*mldCe$>0IeKEs0D5_`c^0PLBf|)VZG}o^Gtccx7dbgHHG`Y0
zAobb%<0JtWpxB$1f!WfG6&ZXpbnVkl8z=19C02*^D`BM%IHJ7eCV>`k11Iv?$Q4YO
z`L*10w;q{EILv>q=~8$_=~+~^jp?~LI(AYd>>gQROW80}MK*Ldd_4R6LJ!oA)Cw}P
zD?NG9vC_>K8)yS5tI0o+#S3`22Z{|J=P7bf{{~iG*dq*`z8J$0hHAi{4@8@G-k`LE
zK&wG;aPO&fvlGvyyG*tnQ$uzf27(!q8?hQ@qOp`&2IOB2?*y3$_L#og9^1tU*$#~o
z*g0_;z?ET8N`(>mNb(JyFhh?HFe8}2V}IQggO{!rL|+P$8(wYM!jV>_55ZG`dN7QE
zLH2#nv~<x*{weOY)6Tj<eJx1YFxnLGJ)-X4d4YnR`S?jLRbm44cz3{;8d7FcJ@O~i
z6F$=OJa-f%u|LlQG+cV2yRpn#Ic5mo-bVJshKppq;afpltzn<8Tt0@OK3#O^fy|_$
z@DKL78mZw%b!V7kRJ+gI#$^}GrxAXc*AoJ-4BQ8s&>+qi5lGV(=7A1J>W3w<Oi0km
zY04ytlZ4E9b50Adq~p0i2DIX>3*E3fMtAziOiCXglx<-uU0c)<?c$5G0WExJ5d1(5
z$s}F^>W?<9Ms`pew=Qlto$H}T&`eBDdWZ!CQ^7*d3WB7v1v>8M$JhcrzNv$TBAgb&
z=%GqbyJHeCL-_n2@TLO|vU!kXUX36mX0aM%9MIxC3A~7A=52iAmL=B}*cpPX^4x7#
zdOmiuE|A6r>?mW7f(;|<&rBIb&Th-N%$?SIcf>#mvz?<viaeX)C9^$fqQ-gHuk$ja
zR1BUm^`bKp9s;6~M{b9JGHPS%@6EDIF>sk~RRsE@ukzi^Lfje$4uF?%E#IK+nf86{
zP&SA4wT~%;WhiAi`EPH-0k`_TeVI>bmPdrIar(&hd-1<2BPmSTuDz{Yn4AFV2FrbW
zOOU=_O(GEADjszR<=}anq`vP|4f=?+pBG7Lia6Q?cRUll7AU8n7fHCR^7ho=mz<tU
zs5Y-Z#=p>Eis(j@#O*9!|C&oEg1RC*79Pm69HfqDc9e0yG#y7*tYpVZG&O6#?toFy
zwA&&qFf=Xurzz}`{w0z-oniaC;Yq327w{s>C@7SbK{y>T=&?w0;PHjJNSp1$w5B47
znTAO%!0H&&#yA*%l70YtP}{wz!#GU%xKl47T8H_J$XAz9r-gZiubRXO0vhNjL2h;e
zYejtA0YSitB$JxnwZZ^BB63;yMOJ{gZ2LawCcWIrO<%iKEQ0M?boVE(>}=+3NC4LD
zL%3b<MaY8TB#3D){n9Z!3G1Myr8TyPy1@7dr3@oNAs5}VKs`4p@9mYHsFe29+6T9k
zruUN((1nm)HzyS&03SBx*U3ma#!OZTCACl;!u{319R!?Wxc28gQ2TzGy{_^!Ff!t!
z)1H<|+J#Ky%A!d7JrElGo@*htmgJgM;3c4*>eDDh5cU$@fxdZyjE?1q2$OL+UYSJC
zA1qB~GoNCg!djHT-jX};MCKKgdhY?9TvA|h+(AG|3#c@ftY!)<+hUp$E_rbf(gu5Y
z7XET=yLmFymdQVx2>i*;+e^@Ya*RgN$GgRgPG-zl50j2;f5+p$0z&&)=oL5jbL_#w
z7i;B`=<LaA-teDZq_!}n*#$^0pSWSdk&8^(=mpI31#C97DP|eH06g_<I(Zu8qzSra
zZi8t8x#Km7*$r8XI|yF@`AD^UWwxu1T$~~=poY3~)t7S!)SR$C(S#|&s$n61!3gRV
zNp6a1<lX7qjUyT`twy_}dP-VTnjB>UG0i)O=QO)=yL2qHEZE((pl@XH!S6A0$8-}Y
znM?R;S;@-RfW5`<rkCiGvB^YWcAj{L(6Z36q?hXUo|47~FJ3lh(}DnLD(RTAUqo=&
z8~%(H^c<S42yNHEgJ+yl)}r*b$;gQWBiCtl<^>Sh0bQZMS1hUYR)@!fV>eyn!X=F-
zA1^gtMsj6SA440j-$1Ei^dl)3?=j0Ou!t94pUqar^djy~#*&6RX7~B9bBMA<Iz&0V
ztr?i%acZPLe9@=HrIrUuOQlFuo-Jdn>yPae?>s?UFwmQ^vb+@kaGAA<@i`kG*VQ!+
zVs0>V@7YjqHb*6_J(q(Z5EGO7mr&?UM`7lgONKEFhHI~~%O8W5TE)0@{um93#9|4b
z3bXW$vx<e}g+ycRL@KW$Yp#cKCX;W4zxHKlo(Eqb(3R-pMS(`(hlU&Or|vde@3eV*
zb!-`ddFW0Jm8?P^NCDa2NIvlBr4;9%OzMi>M(v2xXC}$_$Oj9R-s=JI000$=1d3(9
zBSi1MgM<|}rK4tj*V<LbK0v|lZyvid=P&dBf7|s9)ZTxJ<bPa4g=WA1$XNdQYCJsa
ze=?<izooF+_)jA?9zOTx1Fk0d6QW2aHt>hjcpn+d(bT7A>_AqRMMh){U2c*P{FIoT
zAI`CxRHZv=lpLe_=PazR%gf!d{w9TNASEXaGu!v<?^hNN);wGf0IFwW=pU77RzgtQ
z5j%_0B#6$dD><91BR=BkzZ|eXY(hm}#9?00JAV0b7&Yx68p%7~;(nO`q_I);9~WXL
zjST`_Frhw|K<`1aVc|01SN%C|y#H4gMh$D*YJ7j3cMHC&75S|7%6W(HkP?M)&}5m^
z{i!kd2bN4VzJ|Yp@cr@TW!WFb_l?T_6<kud{+|Nw|Gy9N&#hg3{=fIKDgjID7K*mJ
zU51%Gahh!zLWljhGT<4m!YqAd#Od8c*PVADNUJ#J-s|Q-?EyG0aH+mOdF<_Ty0)AW
zeu>#rdmvSQ+-vw8qzUXpy8m7;YFMiI_;hsTdE8aY10U*C<a<0yB2EgEzXc4l*)|8l
zS_b<CC!yx?Q=OGRBdNCqD$)zswO39~5D4NVuypZH!VhQ9sKIaZ#Qu5g|GCPan?lK5
zrQlHy*&o=Hf9XoN#dm+ZsHn1{-L$sDF?@ayv2Y9qaMDhx4{iFta3!|ZHaYn$9<Hx&
zXl6a}VPUf$Y7~M`G<}A;tqetrh%B@&4qZB4c)6us!p>!2mqfZ5rJ}|z<c5oPTLHsL
zMi@^7z6?xVu=lOp9Fps?r~pr#z1+5H+qJIEosYS7b~<|ce1$g}q}C(DaOo~NC?O3$
zZCY7ZARMcci$PkpHm}lI%KMfMkl&9Dae&g%g5YmjUj%)}aSW4&w%HJV1@Z}~lhs+R
zUK1Xf%uDx+l_OKxAbfmF#M>kvo%NR)cs#L<l6&nxW20K)l$en}%kp>AY6iO7{-nlj
z_c%Tf2!0}_&j350Ej-&tR<xw3EaIfQ+V_{QW1Z?87jGQJE5v;5$RhXihtflHZoXF?
z<i@g!&6Wah1%BR^DL{Q&4<RqB`Z20_6m0T0!GD)F#$0qietR!_Ql@l~XsX6@b|zZO
zM72rmApf-WRZ2C_!22K=7gVb>+aEEY3t(<600q)NLv?lRPv8n^`4hOxUuB%A85}n`
zAA?ny7qjKbuI%r?Z*wxc%01~lSK<Pu(IxxXC~2mWJL3-@yq_OmS=nZOk2`raV`o#^
zHq&c&w=|kGCHl%nydSM#M-x6OqAj=VOvBdFRWp?G5c-KI+}520SsrKo@Kbc6`CzMF
zAp3m~CiaKgIz)trSeb~`m*LR^BJM^6oKLK4l`>K5QSoYZ!sIjZX>qIVjA8+I7x=G*
zE{1~X7nR>Falcc4HOlbiAN0uDmYk$*()B4lG{S%EL<P}4PDV+(fTNG>GK`sto<2ET
z@Q(Emomkc*>}?iDZ|xL*wyiH%D@YF66{vwuN#oxBV6R>w`*dG_rMBCN%$@d!g+j`W
zr4cd1<R-|HOV3n?fI~PQD2q&T>{@pcy{>EBefLkef!?Xmqq?b;*Rf|I+uoB0F4-OU
zfK5Ly`|=|}@d)R$>;M6Gy6~Gf7uXowu=cm{Hx*-ONanNL{SIM@5vV)sA$o|<+4?fI
zj)|WSxB3h1_TH>gCFnk>roW}8C%Fv&xZjQm9iK11ZgNfeOjN*rvwUs5pM7a|kfS7)
zMBzOXchGY&(dM1byRl+r;`3=6^2v|dUlUzCTg3+RV_u&Qg`kmezj-MT|5@i0#Wprj
zI1w{lA#61CY*fy|kI|?1l28e??#iKZ+awivzqsR8jMLf7fR5R=DD!bRn(>s_QK=N^
zsA?*^*S}R!BGCFh&WxFZ+FNrS5NVKS<_s-YR40!}mf6bwVHTo95KFpeW2*IG$U;dZ
z^mJ{dT5Y6r6i$rFz)PoaeDaWd^s$QF;71Bq<)I&+ZDq>}EVMfs;;$BM0LSn@<Q6bM
zSu;+icPnSD2vyZGv&5x@I3$}^*?5BhOvU4OR79Sciyq)fAM1>Am+o%b&u3{{b_JzD
zG7^~SO{nU~kqI<J3M7}lICDM$NW2`l0|sDOkEVyLM6yHw79IAu8*6tK9-7dv&=8i>
zbvx2DGVl1*!`8A=mSB5;k@u~$0f|e-56$Xla+@TNK)xfm4QLPK_8uW4t`vbU>G|0~
zdbfkMBVgpJS8yjp@XZu818Eo9rr(t-vJ(^zAt8G(O|{WbBbX*?fF7hoOZYW5JIil`
zpoz{;1Y9X7T5gKP>X2Baa_IJkkP(Y(PO~mA>sr7oq>a?7_I?!p(UK9`Zx>EUFl$)T
zXdj3x!Yfj$TfC$QqsuI12>-C66{9AAPprZ%SbciOZLTKvE?bKLP4{C)Ccn*B8xD(p
zmNf<=10(k>=jyM2xBCLoNeaHtgf%=OAl^#*iP|J9iMh2z2CIY?>s$}(5&Kd7>r)(}
zH~y_Rd0ekY+%#Y#zfNP|LX8z~h_$Y9Ls}G?#47Nnu!-Suz^Ap@!woFh=FOaD{~n{c
zfFDPy=AzrK>@$6**S((1ks~<ThIb_F>?Mge6Tf~v#RFE2L$m*@_y0r`Uy9V1=J@)r
z$tYt1uu89hD0E3OWU=si2u<gk(GU58Z|EHBu&;_XPc)^UqFC3KU0c`Q3}COnjVK#V
z?7kbVbQ{!5C8Yb)Kx3%qsA#BC82T#0o@)AD1r@!MYg69=&_8UkzS#|kox2Jc3w?{W
zmJ){8(w_@|V!~`7Q3q##stM<lY~4pRP%}xw$-GTlt3{$%eLu1K@sQJl*X-{E85JeJ
zW4@R__*;+>J)c}|Il<tpz5l?gInMAzf#p{_iW^p&u}3^$%pF+mOl`iIndfza^~5rB
zP<-u?^V44mtcqesD2TX^hp!Y>j&k%vA=}!e_IG@K2Rn_1$&cO@axF+Y;oVh=YSJsW
z*+19?x+7dVDuCJbm+;wSLcKdX_{GfqlW(MaRbSH{Cw=NEAFOlGs53~^v&Z1)?s>O!
zfzr?Do$KYPJIjqUpb^D?`!Jw1%ufb)K2G0sq-@mKQRI){m+0Q1sbr4Sr>JFhbgns?
z9=4L`NYHw&$}MK$=*6-Y`GG^TJ*h;u!Dy2>^U$Mzl8cEH$*?CeM~(BFN$psYooAHn
z`*N!-?<{4@xBwKH!1gSela`e+&D;9d=dw}XJj63QQOV2w^Nu5C%-(V17(7gi@vEe&
z&l_F)(kY|zA<WQA39H?V>c2Jf^Z^IgsnxPRY>=5`)B#^u{dxSr-4rDrXQw%c3$i=3
znY`QP%GNPIJG4M*QuJA+{>_J|XJsc9+)VWn-aC=MXq~WWx?A`g41>QH=9k>2BPr^6
z6<a++l9eeb;iHNVQy2#52>i&}ujs73*;v`>APYjB2IA`M3GmD}t}lftB}UzQ`$g!=
zJvFJesn)4hJ=#(Fr*5nmc2R--!Pc8K>$EK5RXcGu?g7@QmSm2x=Cb2LrB&{pjTj<(
ziT1N+boTvKZv#9|5PH5HR}fm7|7bS?KKK(+w!)+$or+iLM=C=iLW_@Lho!`k8>B(+
zaj5Zmf>Xy|>%4zSHiL9pYzYYTHahU>f>D{i8naRPDikWqO8}uc#(C}Ab^LA<|Eo^+
zs{mV}!K{aV{X1OyEwq>E2Q9Sf_bk7s=DlvuHIGe@dPeZKo^aZ77`S#xJSwAlDT*=s
zmRk0@{T)#oKoB!a?@=%GE#9gwkpEk)yQn_5Lrn%xIhfT(&)*X7-li!v0~lNV=oBO`
z9OPCDotO5Kpa(Vq&ndEB`aQKVPGlDF4-l;r@+p<7bZe0tERcv}mQj)?t4Y20<Ef9g
zXG-l_N=Cf27F7a7+Tfvqyyt$VG&WKm$92`}U*7fzERLH@j`CC+-VrRtG#WN8J39{4
zb6ZWwg{jhtTQuMRH3#%${m*U9(t(~(A-YL>1EcHY_TptWPz`6UCCxjQYQ19jVMR?=
zCNJMvaIIhBV5kwsg1>Hmpw+Nc=t|)$J8k_Xwfot+FDI~T06*+!m|$2*G8hrz&pE#E
zA~q*KG}P+W0|{%~@jxKCH_9LB4=3$5Nhbf}6aD>U3Hv_FOBtBS^eTBy8!;`(`BPd|
zr_s8s#<-8PL}R&YkGe5?QV=?4l0GQ>araH2OiY1Lp{nW!kf;6hG(_&!b7QJ_kdz&&
zD9wxP^hkN}3)Ft8lsgdd(ip(n^-VSi_U?vW`u9rs&v%F853MPhr3?2ZycBPUkpCCo
z0CJmIyi&%#&2JN>R8K^wacdqg-15;kpE7dtgX|)f@Hj+)WWxb;B^!XUzVqjtjyG3I
zU<k^of4|O?M)z#;o?)RoH>Y!D>ky6z^Imyf&o9PG_YZ*UCR0oE_%&r@{U9J`1GFgV
z2C&Y5BE^V^wah^0i#8OY`WPhNPsQtrwzM|t#oF><kO1K@{hJv9J7|&AO<_Vu@;Ulz
zU?Gg{**M-<Q{0R#TFL>66kS~L2W`yPd%+em+r%LrzT3wmgWo@D32;1d7HwO`3pYh<
zjTh>chP6HjdWlo1cV_q}uw}{4{i~z}6e#3k-$~s&`9>o+F!DgYlJxprm#9vDijM2s
z%oFlO%&5<+;R#G<3WQ$u1BTCI<yKdAYOlJ;kw-pNemyvA8&H7wK0!E_Tc_j_i{my6
zb&#o*n#w2_Gjk*GT$~QDLNah>)H(lZkK~s6-CpL#4Wg%iWr`1nyo(O?*2;-JV`rpn
zk(_!zJv1gC8=6k{THH;Eep|=&D?cI~#~{02+AV;fDqjfD<*YvEH1caX0q>IO78(@0
zRufY;8SZ<w&8i1J#!w-2AEBPF@g}w45#@8FW|=hP<yL11tz2z&jJF+}svti+r&{bU
zD=-6h%yy%y1tw~M_;gY6=cI<QQUKYmwUWdVHPl!#@ZfEXuDH>rH@*(0VQW&mr9GnQ
z?qN(XiExNL!8B=w`_Dfy?Y|fw1(g)LTs==b8fme(OvdQ9Z-#sYWl3L?3h+BSIS!3n
zxC!C#?a1+d|BL$_p*e@d^wn+bN73*Hd&$GY7RZ)g&%SrytqGO&Biv=EqK=7`mOeYR
zP8GJE`D7DvXZxrKS}9%YK5_~9p`^$}8-O>QDdTl9=i@EBIvr;ve@8R+i4+UsD%4J<
z@=*TCuhG-0Z29n}Ub7c!Va<;jdMG(?^dKA(<Hvv$50(doGm`tZ{26?DQGZhntBW@!
zEigq{mA=DUL;?<$GlNw@(_B_xGcqYOch#z8#xIatv#;NCKeLa!e2bAp`<xsN@|Nxt
zR+bJo-!{TrY$0`9I+mtGtN<VVrl-o3kSTRki@?S3sl?LA)aP<}v*${eaN0?KgCm!r
zWtaS(kBnBqFYB$=vXbbm<!+|w0qGRDR&<aM!351U{=)8}+m-hy&#RY8@dHEUcgd?I
zev-3@J$8M!Y7Rt6zZVOzv<`r4{qv_kb|J0~VNsZ3;q7AEDq?`al1KaupOAv-iT@q`
zFKL;!o(0p%F`BEz8)iANk<tWVy7Wda-jA(?D#m+t?lS9q)U$Y<6cld87~>-f$W2|i
zNeJ&wRhiwSPxUj|3##WkJ{g&ncgpP~i04&j^^4zmTp^$B9x#e{N?2@M3!Xo#{s$67
z`2cMze#hV_TiJyxQ_nSsb`|QEZ9Li?u9X0FRZtD+JV*!pZlY}ZZMPz5Ib(@hqx9~X
zV8kS|QMfn5Qu(-9VUNzz%y4z4oy2n`TJRq39AO>k4Mo7SW3C^Bl8fHW2mZKIW<Zh)
zaNhZ~jSPHT*1F0BhKEHZR$7yH^=q7_$@2t046BO+-IT7Ng+PMC=eLT`)nB$!nZDu(
z_h9y(bii9Ph$K5Sdp|4bcvLsEY&7ck6wVfE|GgrwKbiPE>s0E%@Ac+Jd+Fuq#d9=o
zs8lA>ePN82ewSgFA!+K)VJXcOKCF!HL!TbI*~h4*>`s};K#D6h;j82D=%3%|U*7Q&
zWF?hBg+qbQO8f*b=}^00mn$21W+*S#x{phi!RciteZg!b$*rv<xV)rICY#@+;XWZS
zvMiA|)rAu!uNsMoJ?{T3Ru=(IPEjs;c4e)DGL{$oM<Bg%d+kc?p??ihdZF@vmlg^~
zS-cx~A9@W~+#&}@cvV^iF{66o_u?-V<EI~6Qhy|a8D|ChT(Hf3cm3L*c`rHUp8a!2
z?)vK0TTy;edx*NpN6N1$#sJSkLAhGe&S&EAZB6(LqpjaH=MJ)~9|GJXliT_JfeV!P
zk$M!MW(zQ46j$ZHl6{3XO%aC<Q1Te8e*j?VDE@x|R=b1RjFb)XOK3S;cQTDW4!y9L
zz3bFf|Beg&yS_0SVmTb73liS&B}j4%yFKRU1Uf6jOUd)9&U!fqI5+ESx7#qmVH<jL
zh7=Ej3738Em6hmNkv~~FRH~TG`U{#$I`NjxpIal~Ywl!GH+~KSyB>7U^lP|BldU|W
zalFD|fGo7+)~hiSpw|cmihoK^9P7^raXBuWDt+DZu57}$81c#u5N1AfU~Np;c~)`X
zxz!u6YYTl%i9Q^-==2kjT_*qtvtI;%xmYQ!z;rV}`Ivu+uif-*$2H)&9J*PXOtzK;
zF=S-;xUTnoR4*~A_gw>|sjiZVKE?+QUEv~7Vkgh$gZ(0$nsNIucSFLv6EP1yeC0J~
zOtkTe@-U$`aWcys8~yQ20b#Nl5@XcT9uHFzmV}U`h#UJ_7~uCv(3gT69*8P?($G5q
z1BvqgJ!9zsiCQm5_}o(FxJ03sj&sSj!DM~O)y>v4oO&I=e}OpEvLyo!1y?y_P}~fZ
z`(<MtsvrqjpMI@{(YA<l^M{N5{`Zf#_4u8;TB&dWL0nENKqVg#_Q}0>t8in^g-X)y
ztf<Q=b9ry8v0RNhC_Tw(PlAE^JX=bCPk(4s<Cy}Lo%RFhTlvpjkoBO=0r`w`mkVVn
zf>g`RUInn^Kk7ZSLFjm5L|^{15!6>|8&L%?o08)LO)i2^gzdlB-={xt#6e{qNx-}S
zRPuh&&q__`GuZ;^?`L1OaI10|(p+^{(<8J6b$;kQUhYTThm~g3UU8#XC>U$*I)u+e
zzgcDF0JY5q10*dlu{`!S`%OLtu>1d3%;rFmtT}Jj6(V!j!PV5hA3(b-J;jVU7uTLX
zvT$++arce5yj=dH0|a3BJwh>d^pjVzc-hatY{cg%y(8ayJomniy8QPgfveug{<n)%
zW*PbU?rsW290+!g(WqVZ9k7@ptD&<Op>dpmyhP?FTVIX0c=*qwB&e>mG0}EbiC@DW
zSDl)B_J;J0zeKaYDh}KXd4Q`lsqwctkbm-`ZOb^guq{79g)RLVFe5r2k}8J$Fu}VN
zy>K~S`OO3a&K;Y6-A=BEsQk_y$47H->P%{XIOfhPmi3t?cCZuDOwa=MQv4b4#nQjc
zqW-_`zB{U^uWJ)U#RmKo5Rhh}NbjIjD<z>Qy@S%EtMo1+qS6FHZz>5$@4bYMbO}xA
zNR3F5&>>`Q@qNGdo3&>Cn>B0Z*{p;Fl6&ttXP>jnbN0Qk_qg>v9j{KVUZGjztCQz0
zy*6I^US!@L&Jqah2zwB6iSp=>&?iqi1coG7-4`(5e#7ok;gy3|zt0sn=Telgc6*V<
zT`~m-$IqAc1ANI3PHhK)VUG!)OBt~#25z?cdK0#;IYW632lYF?YX=Ma6_+P%J#wxZ
zZPqS%_S0-1)$Od+`8S^*Vayjb>N#l30;SNQxBS-FLc@@l?tqahIX%6xk<0T7wT}DM
z_~nfC+|3ePAL8Eash9P~e6KD&2HDkxVC>eA&;&B0)eRk1-R})iYD;PbaWSS@_(WaE
z2ST^?KkenzmAHb_nEhVdWLEJL+H0I!*kG4ly)^FrPcE~`n0(0ba}@l{Vh5K`WSmu@
zdq$|+X62F%rwiWGTu@K&q?JHTKJ*&$`pY)v^R0Mrf6n{yzXO~{yj<$3GM*dkC?4%>
ztt^dipYDN!>h@H<@4@zp9T4!Y4~yZ|%{QvL_=b{6!v4EZ<+GWlpmX%yXXLeWbn*<!
zc+LY=;nt@cr{_ReIHrkMcA~g7o3@rm3QV!A)&9~DzD98%WBK&W#w(xCwuJ>I-*R36
zstg||2hrFDVO)J<t|OXDopth&PZiLW{060`uPKHDMV>9bfJd?&GTYmj?}`%)o@oxI
zW|LzUFsb$U^Yg)5R#~sjrT(5Rm67H~5Hnb;I&g{tMwLSLKw0MIH<ZujJHe~C4IG+D
z(((LaZ;G`0YI4=lhpYGAoM${f+aAFt?<b@3_2$*t*P-7Q@1#-qvc3iiOw-<Y`0;kY
z@j{2Oa^NSR4g?Xbf_Z-qySX%-9vDG&*QsFAq^|B`M=d8Iv73BMt31nIv+-^5_0I4c
z=lo^%XZzVAt~>~)Wzlc}?x`Fc!>n^LdFm$ixgR+P73${0pJd65E>_<X?tF82ToE*J
zsVTnI{8EJedEEu01ZPXC+@+$=?eAG17I@YzY$e{SXWDa|t2q`est$1VMNj0PF`}tF
zb#|4vvS3<HFUi^=waoM5uY_#t?9^lQ)S%qdT7TGh@8qX$l!#`hN&s+Q&h3OB6!tGh
z=Sn-ya4^N#YZYH$ejz{S_myRMQ*Xdrm0C$((sBajI`gNooq~-`jLQgxX6Kly5pZ{!
ztn=LA^q}3jvHFPl%0XBt{gt7>r0W&z6geU$^!fUC#vM4i=CLPr1anRF=3k3DjFcKn
zP~{(b&i5hZ9_G7OO~xFb#!Mh<=!4Cc(mzEUxxDOcmttF%J^NE2q=xTk$={ES&2U2R
zS@o4o_vPvuW!b{&S<P8Xsjm#E^_Y?*jH%^DIw5hU=Gr>79@EO)O8dyipaDT~CX1la
zi7|Dy=NEEAhezyXfvM<g#J`-Di!;e`zWbZ_0icX>2QUN^X_&xQnd)iZwt#};z_7Xg
z6zW@t$0Pa1HEt^+@(jeS5mSHSmhKWbfc=Qw)V5=#HUk-|OdiC2a8y5D9j|g;?4_LW
zuXe%XFi46NDc4_vSu|n}qu~Du!B35_D%pl#hmM~a{Emi8E&1k!7tl}?aQ3H$^d{ie
z<V218+GO3>;gurgXin8cG2uR~#||JUS0OyC_W{R!bG)#5TPP!W*ky6s!7mq}L&pg$
zFbb<s=PCmJ$&;41-)1`_uY(%XP5s&%xVCh~2$G!K0P%x*lC1ak?;j;SBc8ySYG$eh
z0Xh#T8wGqRECgR$X!hi9O1)s&lPGRCoGU!V77d-4_sC&G9Z($sxb$GaIW?*C8hSB1
zRqIJu=t+8vLxbo13Tja~mQ$3M#h!k<LfHBW>eqPH%=XGyh11lV;XK0%$BE0J3TJEQ
z6i$th%7Ie@)OIlWpD2FAa{C{}jenb``Uogq3|xXu>L<?UKU;uz-)tPs6T1!!SF71>
zy_f_3`VTD#i>jNzQh$UrOmp(B-@1ib=bh1Qq6T*<2$)I%_n4?{5U;cI8rd`(>n~4t
zP+UI^%1h^zK3BOB#)X5PouoAi9ad02Bo3laQPIm7tv|a{nY{cWziZ8xq@Hli@;!?C
z<I^{v8Q)t80X4~z{Oym5);HF>ngyu?!BUEDc@5dA+Oj!b)0>0%tO3nJgjGy8PeN6S
zJIxyBr0Vpu#AX|+%z%@;^tncb7jtDnx#HS7NT;d$x{iE@YFzpskZtNi+!9fdbQ768
zG4-*Vk*6%+Gt+x7EBUi78KMntnJa2Zakt$TfA`*UZzz)(88u?OJbv@yO%Fg6UJa0>
ziCCI)pz3@JiDGBXqojv=VfZDTXQnRmH}Z_uFBQDL_RkJEiv4koWH*U{s}Cl5S_IKS
zep+0r1~)ZV)bh^leTo9Ovlj2n=95?QdewuJ_?bBs9UkM&9{BP7`?d+8CDwhZvfh^v
zs2h(y-#@cU+?nzx5qAn{m{h2z!O1>Dh4Jl$>k7ai?53tw#coOvkJm#V*%qrPFscHF
zd=Iu#LN;DZm?&~MT4o36S|GgOoK%CfhnqmIH6Ylk`X>{9y>S0DjV1|$j1w@f76V5C
zpgIc)Jh8w_7rX{RVy=?>IEZOj%U(_S9jsJL`H6CIqTungV7duu@BY@Of-xeH+?m2U
z$vLe+$0n})j8-RXf)L|+&8H7d4GSYxHVbdM6GW|hlNmXoMbQGNEdsvLeMb6f!o^2-
z9U=9!(QtnCntNs@O>SDE%n4p7dyu$F2)9A4kaS|*m#K%aFcOV-{ZZ$=vpP}JTx{7D
z%Wr7qmy(zt%>Ahy_0MCkG%rsO2?vt04U!xREuoB}R^9OnI~90e`xo$P6;I=;0O|Y<
zrFftk_UkjB;1(5acSziO(*A+vp4<5VK(~PgpBOiVXNO~grr@N3xfN+goZbo?p$1aG
z7VyQ3a~UQ4%m?+c+I0quHks6ki~z-#F-now9=xYrNRU+-!LLIrti*_<vHF0kB*#;D
zw%}UWDYNm(ASB5-^`^=DA02u+`)3?jA=pJH{0A0G@dV9xwAZdZIRkH9JGrRZo0KdW
z1XSoTeC2SaJiv}=L?Yjz8>xQt{4<7WA+lUGgOpM!#_E)kFhD3hShl2oxegk!mbnfN
zKQau?ccSa#N!6|uj3B9IOJ+@?j~|@aKJ%OArK|k1-!O49r!d?#H}FQu=kE6+yobd7
z_N|CzHp$<!cREt?Ta{R<#~GR#t}oG9C?|5*gwKDd)7dttqDibE*==L3918AE%5NM!
zde%EKRdH}euvM<~pJCPHlqV0#;|C8%@)9y%&I(56d_RA*@AshTI-#=#na=u>W8R>y
zLyOwLHQT}1jM1!1Vib&pumSZ9?l12vEs&A%jw#>2qXh;!=7O!ggsgxXx?(gh@d1W<
zDx&9Ppc&YDfg(vciXHel160NXyJ^7`k;M8>A}zND8t8&gY~4xm7ui+L&}UFMXHcZ}
zLRg^a%b<9dk#J6BQTzvF?n-yhCPAZtru)xAAJiKQSv&XI?4EdCfem8myMfSrY^J6p
zB>P32cwBxCcOt`dBZ*ZjG4}GV&YzCVgo|{a@4vgqfuJRXQa%>$VR+)jmM|I=$30`&
z3t4EwSif8lM~x&`J$UvugGZ&9V3nD{lV+5jMPgQCOR3l^ystGvONc`u-lXEOFo$3K
zMLK2{5RE+`D0u*rz39mULZ|>}Y8~zh(}G5P(UXUt?gpKu<9V3|f^8Q<{FGz{qt)H;
zJ~8u98-+J|^G{+zv;|yzGWzHS7Tb>?ZKi(5!=C-&%iX2@j6SA;Zte_5Zk07B&AXvC
zr>F*0E@ia5f)*%AYM}V<(czx6^AlZQkp=Y7L9P!_LSV^xk~#z2?bpH%#JLz~Hj45*
zML7^E4xW(Kmk)c@33BSHv*VB{Jl0d7KCs;2LR4u7f?D;M^I0P3&JSm)*yVw(BQH+h
zWPK(xeG|CTI3P_QF@dpE24|D{9ONqYm|G?<dLw`HFKjOsq+-2}>Jsu<Nq=@D+Wi~C
zFp{y8dS|(#GgVSI<c&JJ=CixB<8sWBnk9lAsBZqv^|w1I*08L&i4me`IH4%S+{<7A
zYGc;w_%6_Mq5OTWU6Wb;xlAjU+Hc3FEu|4geIksV7OZD05EDGEv!~b*NjDs#IHyO4
z%IuQw3vu_O@26)smpJxS%Mug0i7S;~nV(*+h_v2%Ae3t}aSGo~ruN+?)p>9DCrgA$
zL;khHK5?hHr@_;=@k0ZgWu@Te=u5sXuyaN21l!kv(6lAod`Q;6X*OQEHVwke(b`~k
z5~#5|Oztv3F6jh;K<+URC_T`9JcD98Lwre<dP#-)m#PZ239yJHh*%<&pf%=QH}xA;
z>^BM7^>d5`_<-yj5O&}HB(fI1;h4kGbN+!$_WHd$h4?$g__$5jFcF7rn-r-jIk~-3
zU>csR^&IeFBk^A~jkuaHDWCEBm47F|d>uIG-Q4GaJ;)hoP)v}6+khFmS5(&S4RqgF
zh7A^ZENjL{9rvSlRJ;WavJOWZVcj|hO`prLdzChvrw6)EyFnmL63=vj&XIu8X;@iw
zmQF;#r#hK@6R5EcdOwLYEI(UA=mkw=JmAHm8`%?oQBJO1j69tCYB%bw)f0oeUs2yJ
z4Wu~ch>{!@@%bdk-|=DCKLVQF=N!1nlh!TZ0Jybdl_`bP@Ty*oxx+f;1|Y9WT?YWx
z7d?XRhW1CTV?uMFyp*3j{Id`t`8S~$Xv&6_^Yd*e>;;5sl!&d9jwtw}Mv_13y=$+`
ze&Omc`}Re4&ho3HA30xXAQ|mwA2|$eaG+7I8y_0xyuC<=kiN{X*^>ILNIXN8U%T}_
z<_V?pKNfpL;W~eJWEkcbb8RXqS+TcDe#bZEAbD0e<-pfeH)maECJ!CO&7q0NP(nO<
zui@uZ=3cD-q@=~_9j!3`6N45po5t5CX)dXJ*cbqXy&%klsZIhhpVB2A=N|i>jmPiH
z?$xYA$$2a{DGVjXZli?z2j6ojNto)6Lp(sezd?6Ze01`uclwG(|Lf0Z9?+l%^Rqv1
z?Br)I_NGc7kW>wli*L>o_i*1A%#*M`l&gR2TFoYzD&GmX6Cjw6%J$RV%K0_IdPqF_
zM#!;Eazr#w`aJh&<<*#J+-9+#AWaLNc}AT#u-sB<8fSlQtN2_+i~xPr;e;I<qVo|Y
zaR@hbY&h&CIT;z*ORmY+XJ|N8;;+D7u;0Q-;o0z?u!+=U-|8f^`cmT6sWzo|6qYAw
zLZwW6w}y00eTQnV*ws1;8T?!Wt>$`PE3S92kKI{2F#433h5}(RY*=Cin&^{1&XVrj
zf}HCq;?|g=Htg5P;UMRB+-9=K|6tF@Xltf|kwp{-Vby;E4xT)A6A-TVKb1~?2X=n!
z<eZEuCF?8Nlp-NFeS?fY%*pzMZ)pD+&_Nclc>6=RiD71A*wCqNYuIpMr|<hDL%@3B
zqB-o5OOn&IErqp!xKHr*tAUl^`)?1k!^yDehS{?c458Iw{)>**$!xQKVC@nKq*iF?
z*p;2+uXHJxb%IaCUEWE7tmmdv+Y(dybrn4j@r?GBM1o|mC>dEqYu|O|qipQ20ui>g
zhsrTp9ft#%@#?~9PjIEI170f2SF?h>zO+wJ542T;IWbMuU?+zPa!hsQmHjrN)AkOT
z7jN}CCv)8D(#P&j4XpWZ9B}~;Ar+D30uIKBn_ht<Otq7@vzLtfYd%-F9JLYzQ~e*k
zKa|@z_`1fi18lpPuto-@pHrj{k8Qgj@s5>-$aL}~uU=!6MohMr%}ngQJNl}a*C~B#
z$>Vyqa;4vLuPHQCeW}WAnYkFu;*Pv0u9eQgt*rds--T@?lj7&8+GX|!r~|?f&Y43w
zjFu?ve)dpJVq1dOK?(sJPk+%+r&?%Zu(Wv!i2<s(=2_x@lJT~`JqwI5GIg21^QqG;
zm3ewub^njXrzf3+1WJ8(CfuihhZNBz$~M2ygtZD$shbS$y-e=mOzu2WeltB!vmA}c
zBv$QB;1F83bWE7^Of-ZZuQ2I6Q3z|f?Wb88_!rn>FFX@Eeo29>nZfhf0n49=8o5IW
z^Oh#qHg{QELX9!fhkC=A%Ni$Z2=0sN7x;vvG8ocN_zBLc9l`5?Ggd+I()HWsp?8H9
z#2Hw$&ch!{bpc&d>%PRs&o#nQ0KvR@=^rzr?~=!XJIMgSpSiCo5p6qTQxL`rgsW$s
zi~f>$b+tlNL9ZL0<QLY)PfIYQTZftrFgex!X=8Gd+5Hpt@#{pdp*@J)Jx|8Q)8_1N
z|E#?i-f!}#m90EQMz(62o*L#Q@ryf8%`~N6$~dvmxvBSzG$#H?m}tI_ye=K_Tc)@~
ztMc9qRgkn^^=Po<d`qyM#3m})ihjlTtr>Z)O2}pLz;O-Cb<<VS*zi$o{wWWUf1ZKe
zvpy(dP^72;BGLWuvis?SJrD`}ePQPk6&8cQFw}Tu|8KHK>5y?h?#VoRyx@YCkkvR7
z{|umd+@a@!;EOBq46b_qsju>-5e5O8De>2tLKV|ZuK)A+#7zabfoi6>eX-e)Z|>UB
z4npxVyx5=tzXOOa5PMhH+<kW)+IIRGCZ3F+aZ2{T?(yWrNjQK(FZ%6;_u`v_`2`SG
zr+_{)ZwdJ$E%Hm^_&q8JIQWFG=IKL|kGq@7a|n^ps@+LTAYR6<)ud3*R<@mHoV|Mh
zxQjrinjblag;TTzZO57V?ajxTN+^Dp`H~DlamQCk>TxdY%2)}tFbIRe<_i}dpHd1n
z3+*pz+?BJ0kTAtNTRXMvTMD~cR%ETGRT!?@hQ56NM^?Ny=|ZWH!VE*Zq#Tfd@dw&{
z+SZ|<tZvxN#v^)0^^IgCr&!WA`@5pt#da1WU-LD}@Ix88Nsf3Pf2>=`avHDZI8K`k
zoA-MoN-=~l+ArR%)T#5{p*zDm-?eG5AE&ddONC%(Y913nPC><d^PA5^rI4+Q-%~i0
z*>k();~mh_W)BJmF-5%D79=y<WC#W4cf+JpLeGV_9fkH&D|~2t8s^lUkFDeQ>jT?O
zUT}2LVh}QGczKMxyZ3ZK-S(&*@Nm#)3j4tpCjW>FOi%XA=2K&Pb|+!qILqo=J41}w
ziDRKxK3vH4)Kj>!V3Kk%bginNab{aFUGx2)B|HdjD58r&EO;qGuz@2&64G)EV-vj$
z&xLKE=uHCswv#-YLhu{ND5?E!<TUvB#L3W);TL`jy;5!4nL2%ALh!oT&t(w2Dbl{H
zn^gll*dxc#@Y8T$pnUH@{1qSM$a><S5N;~p78LoZU-)`DT@(2b#D_g;3595eMZ)&Z
zBPeogn-Fl){6r@dpk?B$ssVvy^WE%MWb?HMzg<)YLY$N$R4)38vu)8S*?ra-=#omN
zxTID=+Ox$jbPZ0t%+}aJw;EJR%9i7>JyMrkhSC14pB4Tt*m-&ddz1^3@l&_Yo~HsN
z*7m{B`)oQ(e0FZc^J71rVvc@Tr}=LGu#U|?8-Xy1uI2PpMgQW;PW$3_cmFCec#{ps
zZyZxP^gL%)M-i{mknmFUm_}coY{mAtEk2u-Ej{p6KlfbKVygFQ)gqrUT`FB1!j#81
zt8{Q6Khs!U+J>00Wjzd(g3<;~B{;~C>ZGN3Op}4bnunYkusWy^uW?|?Xbgw8pZWQ?
zx*%;PzllB^{cb;4*@ofs)p==JvlPEI-b0H|XUWuwVdL1!7xC&oJm&5gSHfeht@fOo
zlZ(@Om87hzXv7j(_mF2v|69p42Y0QL$J8Sl^b=$VKmVk*L8aA9;w=n1*Fe8agh@I7
zR{kwV2aK+JZT0MyL4=>bdvt}olmDcOv+s7mZ*qNWjD`&cH|~x2H1)>sz(60L*e)KC
z(}=4rBDB?)bQ>+2wAY2VU*aB=9CTkd>sSz!@Gru<uMrZZL|qp;7NQoBse&=osI#8*
z8v?Yxq%E1;>(PRywPi-OGQJc0X^9Da^t81{`+|x&KX*O_f~FFg4Ei?+d+u8xe$>v^
zfI-*&iFW^I<h#UBs$(aZfd5)IyqK8DEW3k2^HygV0u$|S*#No7@dE0&?6zT_x}y&@
zPI2RMRm4emj<j+)hn$qyHX~+d;a{P1Q$tw0=J&W^4#PP6Lp`bWqkx?qYh{5HW2u@p
zrF4n#(cNtlQIf%IOjqin5BsiJx*`@^GfaHG(eACTjLC>e)Tw@5CFkzHdQ_W$>o-@7
zV5z_AusOO^wpuuc9rkx<mPEguztF{Xq*|=+SYnihR1^ufU_NA%WT362tDLu13ie|8
z6{BICSmUyav!OvR`xflfZFdBYkS{AV90M+`LH37B3EpZzmFLUDho3&a!sHaOw(%Xn
zPAZOh{#ivotw%B4c^(EWA*EvXB2Zk!IctE@t6i(6xIDj#{fTRO<T5&*d!T4UYCq7S
z)3?Oi0$=U)PEKmqb}<jv`uPWiqfWVtcte4MRN4!?QK6Q3XWCtpO1GVrPJ6+U3Fq2D
z50zQr9yzfz_sh#-!#1TBq&nix_9X7zDpxgdGmyEVu^jgpr=As%xtssup;V;%wYBet
z;23hQJ@~WQULRHK?M<?+`?K?|mc~;)G#Y2B<Uf;nqhqXhEWcAwVcK)db4)u-V#irh
za$zFgy`<Kqc&lT$Jpvizb9Rq5+;7**Y~u7ya7<KkjpXF(8W$k+ua_uT2`?X#?BGB%
zIuyit{ND&9zcJm>jf&%rC&$lz=yVYns8X>;>YBfhUG(bRN=7Y20`eGd`_dX|71(_$
zff9{4;9V&wox%+PCi)a^#<p){^1DDDcO7;%0RxVyf<ukHn6sTqX|z*mZmX!dC{s7@
z7*bK4x?x(mwmLGOt<rDW4Jl>e{FQV5ZE1&1^Z-3xV_-Mq5C1s&x4$(>dO3G)J7A0g
z<JVt=9wcB=1-GaPTZ(nq8etQ6V#Aj1@<gh;=tyQ#z&p@Xb|}My%nQUyV~zG-^v8u<
z93#2Ee&Dt~5urI3bFF~3iYI9EEPhB>mxsoHb8uj1W;ww1`ZU-+)2X%foBOzBBtF<q
z-soUvbZv@loxSsER6l$AySb?jY_vZY&=4DknTztWB<>YkYz{Gh8#GVK4-0pLTjlv;
z4-xw@o4hvgD9KtPj{nY>#kdAhwOW$cjrk)98jf!<IZY+2Y=oUW65iY9&A?Ph&wd1Z
zhtBqnNrm6`{*Sa8<e0U6T9Hk(nEhm-r@1I5sug+3-G+}&-tf@=-IhjMCS#h(<)`^I
zyT4j>1!<$+r|`R#x9kJ@g>FHE7k@JF()q+XwNc{iDw})$-rD|8`2y^2*A`K58~bo~
zk?8cnz`Cs0)==Sv8X!k%`xf(Dym32`GNhTkh>eo&S#||>1^XXPtkzB|b!AvSPtqdM
z?>`#J$7-*8BY`7Nu&BOe{~~btg`ue5fY@g}=)d&9khTm^BS~vexUX^nqSz^&;4ZR;
z#^fANrDVD&!EUeg;rKSiZ|aZWR5jeGP>##J74lQ=Aa2lqox%aj%0(x}f79f4@Ld@z
z#V+C|V)%v4NSw6<y#xPH$a$W@x{<mOmZ$z7iS_On<O2b^s`a4F{kJ2Eq0BtDv|X~7
zjGD)LGxOBPY%?*W?!&%rnx5`OO`---%_J(jG!Iv9Fq%GPN@!RJ5M)L*U3$asQ<5@R
zd3W|~kJM4EoGKzEL5g7E>`de)X&!M2CZw>dxybhuzw2uBtS8QtHKQAQC?wfpxh8;$
zaIRgt*>a!uUnfqW8?pj44Ualx)S3e+sU_-sNQ<QZY%`;rDjnxMPKUSO|0%k9w{s<N
zOuQloXb{$d@1sR!=61+1Ij2p}^ge#$unwq1#Tnd((yKQ2aOmqv5%zM$KXBT|)GH1X
z_rwWy2<QDiynH5Bi=zZcji?}XPm+-x(N~ny<qtmP58Kro96TwFo^Bi<-?oqL4YHuB
zeLjI3nz7M-R`t=m(bk5L7s!@ucujS+X0I7(s`RLUe;oB~;b@28&{T0|Dm03UlUZfg
zs#FZzc9!lB6gRo$@M8aG=-lGmB5k2+=TdzCpQvClcl<cUKkdqo+(P}wgaoaDvJATw
z5pdQTnAQn245Lz_?=-&Q?pRed=~qkKz00k!l|7U*{Nh6=Df7^u=ZDgnK$=sel22k?
zp0Na!!@|>0Tbdlz+`ZFB{$CFAD2977rmbTIP5?^za?8-j{&`VrE1E|_+dlidQh+Xb
z!6}n67wrZ%-jXL)t=;c6x)S)U%agfRmTL<L^}VtAztkwynPr}@zZN4bCz$pf8W`Yg
zlruSW#1P~ji9Y%ZT_UEjkrJho-@NYG+2D$myEyqvAaf$_e`ijVySQp>XNMf%wvocO
zG)0;YkjrwT$ra7U*=z=$nWESE)}<|VyYNY4`ulT1b(H=aQF2{|gFbDSvRbzU9y_%u
zcWM`2GOR|(*eY_G)_d4h4SMWXZ^;us&px=*xLn}vZCG8M+3u_23@%?UNxvjY$G$n<
z!|Wq}31(sMOI`BdTi5%DzR$ta4}?VgfgKw3-KIjOiLMUAW%?t0#yt~5+h0~5jop)a
zxN*CKoC8yO!R9(nL1})Hdq=IxozIwM9TlHplgJs=77PgT9VKx49*I(yN5I7Q80FE*
z|8YDGJ(KuJT@yXyOCli~WAiE1BjUTNbB&bsu^z=ip#Iv2egS97XHy6jZedIdt<Bu~
zNM42f4?6C~6RzUvJnJX~K?M-huxCEOXpvhS&e{T9;(sImCyziYT?-&e<c8<%g$skw
zcGaA`R90l_QR3z!p~j**zlzG*hgl6VB5szyJHP8!^MD8QaQo~0HJln`e&~E#m3#mG
z=DQ^tjcng+UmoJjI_j%yCm>M<YmRj_TaGr`J=)^BL#R1!pqyiMwRaAU7S|WG4}%}Q
z16L`lk<ZuK>X>%&p{vPUNKSON4Id;Nq)zP|n!I0s2MA<Y0=CibtJC1&rvrY(mhf8}
zs*S#Q*44;Qf$8*&A@D3JFUsBAX{@3K+x6K7^&(rZJl|H<c;<_=PF$@C!K-JPBZgNa
zU#aR^Z2oFvox?%-%2+whCuvWD;DBz~1;hi;Tp4|lpP-<#y|Y)dsuiX5NM^*qEe?R7
zD$DGpS1kpefyegW2KY8k0}5L6YUW+FASG6EnNuF;KZNJWly7`TAayCm({lQC(+d=k
zEamRsCm+`g*7@%oO&lQkqYT)~l!{$ksrw`b0MQ)X7>=zdujQcJv-&D|uRc;Db=1Rl
zmK*pAy$aFC)=j;ymFFvBrgZ$0N~P`Hzpn~)@D6|i3_Rd`8cIUoc-&N8Q}x+pp4@1G
zyt>kDoPo{5xsPA(MB+aGe()ot7*kv9X-Vibs76eWxUK!Dv)*CNYT3OwiwuqX91RNk
z!>6nF?!5u}NHOz!&lAaz2~<>iG$0s;U_dDFPT~H}he_$E1A|q&ssjCLM1$1tr*-LD
z;lojjcl&};&tb?tDK@C)l>GugiOr`Xdr9F8ux0`&s1ed`zk#T7FfBa@F4&7if&t=M
zk0MkY2<!ZiFc2}}Q10ZpO*g~^i0p;jY<=e%ILv6`Md*>7@*$|&9PWZq=eTed=)0wt
zJF;B;cJa12)LBg)6+ZR{tKs8Be>$|Wrn{<YXtndf@k~Gr@oXcc=f3k^HmKPf?UFgj
zb3FWC#3Z#5Y>9H4-D%w`1iSf>PC>rBrTWhYIAh$~;p+xi6ZJ%pomLTo$ka_S*)lJY
zjv%PwB$Y|5SHcb~#<|kF5b2#^Jd&jur5)DMefuY4k7$pPRhT0Lfc|-@*oH|#O2@h3
z%2mfC9LCsNDOvzg+Qx&TF~0abt=(53=;muclsLvv_L{|En4GqO)r=n1q$CMk>bmTV
zcM~R3KK$_cT!hA$<Y;~WHYMHwZ-*&}iGA;9v^o2k&9Hh@KKx!iD75}!M^6tQ*#z~S
zO{0_3c=z$*9gbJ%*WUnn$i1G^P;eX@h5Ag3(W|zdj)>X6^NS*jP3gK<*pm3?xVej<
zuv@BjBu0rp;F&RP!oJ30a!!y<&#-fWK*B-#N-?NA+Yvy1704qbiGidIQ7a{YP6b4D
z(@J6b6apZS033<@Qi$3ShlD#ST?<afDG?UIlwN%)K#Tx##>xO;1IUtRyFl6KUL}y<
z29VqYgJO)d)<Qy}T=sHup5p>&N;GTuqSRK_hCP1Y=_q&UKb>|#qkH3<DlvsUg4&ew
z(EFoSsXAqZLJ-E;_=#b}E%teTPhX4S_9*9>OL^WFN|N<*Vyg#i=;y}Pj{DAUw66LX
zb?ko9uu3v^)y-5Ikzz|NA2WSnH}YwSiHNqV58j%0u~{80C*1S<z*B#b1^c)HwU{Ej
zVV}L3w)yp1UNc&xm*{>}S7kw?TdY|mi~E^&DtQHq<k=Zr*F;h)Q>}T2<u<?NAtNEt
z>}<*dL%leROwWJ0?=p2Sc;|G!=3Q}EsVZ9>PQ`Vnh`RTVbF<iZq4AL!8kvJ?St%Nr
zM04BltXm2%e$5OvX9c5U47e4Hr{#>Np7}O!QQ|tjMStSDhv{KV5|yx4qUSOF;`6Ck
z448&G&3Tb2ccp?{&PF2IP@&w6=J;%W!E{xHq)-W*wD;7HgI*Jx{RTXFCN*j@#9#2J
z&Vzf`WgR~~pi#9vpC4D_h_?+0cD9_23DcE8c*m_6m%As3xsDAwXjUjAbgOZgThOG9
z$kr@UYn7toH|7Td*lodVe!DZlY>9VXL!6lEAs-?{O*4v=fq;hct$f^9K-_*G4kGq0
zgl^Zr@lskE5ay0f@Wy}-RMM7551f$8*VJQbZ3LBXr4$#l<1vrT1xUrXlBu*^?T>|n
znRE-vxVLhylQHN^J^S@s%2ahBJ;Zsp17PisMZ4X)E{VWlz7B}9<EMy{$#Ll6=H@2$
z4!iKF8_F-FR*rHWImBTR5z%OFj#qXFjU-1Wc4dt+jxZ}kl(l`>-6#t}YL7C~Kanie
z;^fH!?COdGo+p*n1&)OVmyr686c5-i^jn`zP<!#xeC~RyLincPbB2QUF})PY)Hm6#
z%#U|g#W*8*Dz%^GOvhq!+M}BuXE$pFXK8f(j{U)3g86zmQv8~o(t~WeEFE+rI&CxB
zuh=DKxZN_nOCc@{$F7QFS2jmR@XMB$md+lA6Qp~QGtJGx!PId-9Y8_vQ~r|tGIcxK
z&UB<czizI2%(Y_Kv7^4;*Y{vQ)=$!7*s`q4Hf~5wYQeR8IX<qG!v(n%`>+Gr)UR}w
ziA6%nzO?jkdEQizWUztCl;Ozw%=6xioNStV9^z^FEds^OKtw@2!8*ogLRtWE5@5f$
z=Zls*L#QEaX+U9IM7GPH(S9}(dytH2wTho&M^%ou6(&R@c);PZ$DnwH;4b<K&bJ6f
zdhWOE<Iat};`G3TBWuSc>Bq?-%oo?kt<^Qipp}q8L4&P0#mh3AbjtbRta&oB?Co*_
zvlG7%TvM{B$^7`uf_KZo?TX0Y<8nVL=lV3Vbh|F0ND7xH@e_Vs=a5mCJy4OwcSre%
z+vo76!Ps4oEooeZ|Guu0N-b(q#Bb`)QyZo6O(x-)C|!-b4A+xnI|XhO6~;kf{c^MX
z#ytap(E3UiQj}&X-{lvpWu=p#Z)v4$sik1aZd3Wjt`d{eOv81Lv9r+Sf_gnz?uyq<
z?W|7WD@(acn*vM5-wZp$`v8f{KVK)Z+4+!r@kwuMa)?HN6Cee^C@9Ha|J)RERxpa$
zPI}lam;aXU%x2I4eUxt@AnSq>GP%uC_ITT4WF9ggjm)y^5;s2xRUVME`eGgpvsX1X
zAVe7%gXnRUfZ)Db0J8)nrSIQ=074n&{8g8FLAr*7qVqfmAbPB8X3eFVB30Hon59v(
zLbDu}%zf)72&D=CrK7mj3Cw=dFW}Rrmu0<NLi&5q5Agn}yNhyB?a92B>YJ$joweF5
zlA(qdi0U7=t_cf2fBfY0=A`#po#c^h$C|G^0DK8nfO)@n$I6&BQ&vXiF8U4mIYkqh
z8<-3b2)l*ezT~uB!ol-ckfZSQJFkXbdtqTAi^g_-0m4Zox?06{>WeZ8Bd<!P9<LB9
zFl}=m3Nn$AjYq2*Csj+ha<o^6yRs}J!e5|f1toVMvi-V;)I9^N#bbN>AP}D*;P#+3
zND$&$7d^51HsjX=6A*Eb)xyd*R6v?CyK4d>br8-5DZxz0=&DtimKAjwU<?;Nz9;H2
zy#_)MHg1x}+9AR(0w$<@5Cge_&Wi{r0(fiTH0AY={qXFl3`N|ZeH4SKfQc+T3LtH8
z^J&%-hz2gE=*(vXF_IVjj3A&P?#9DAUJxJbzyaz1o{TI|wXu)S_%vvuLSUs#Z*GDU
z`Wyhu7-WtEF<>Aj)IN*@eANHK_&FBlf4@o<X&Yjj?H>jZJ7#i>O#S9@s(=3xFgAZh
z4nYykzwhZpz`F7GWue!J|N1JRxrg9T&cD7Om-QIMzkUav&9>l3*uUP&QT*GD@Edxv
z|I?u_Kr`*X{`>#jp{Xrkj&?n11<n{^UPEZtwN?WW{+E_2dqg-v=27||7cm{6k|+jd
z9Colo*jyE`gmQ)Q^-^KCTj3na=58Mi*>rz#g$roD!zj#!*niLO8o=2qOg9J>?i(PK
zY+>5&s?iS2+8x2c8SbleaK~yq1@T1-A|di3t03S&j^1RgO+Ls(0xV?=M9eE!sdj@n
za^17#Am2AhVqv>&Ss22?KFn>s4Q<dgsY65b@@IDvA)c#q&k98Qo0PHn3Q@|7HuWjU
zWNt`7(M;$vWYYf<9kbvWCoUVJv}@ymv>2Eh!@v|;V~BgJU()Rgr&BbvK%h2pNWnVb
zAqq+{1rNeG6U1L0y9=DyLHso__bM(}ti#it0W>Ef36*W;ejw_re04y?{!3wD-b|So
z$Sb7bRDv^%s6mK+aDae0j2eH5Q}_}pG7mj?O^2?@Ljg|KY(@@3l+Kz&mVeGGP`n1I
zh0DXLu<|#fUx7Go12f7Z0cI7z`8t^ew{VObr21;yav)5Ki$DnP*tyu>fM~&%m_ZO)
zg#M+&e_#g*Bqsw|NDX+ri9wv2wuA#P2?JzeZvEvh#@a&^Y7WRW=js5r1vK7y;R2!*
z>KwlR(4f8>=`^pBK#ZjnFs1w>0I?_MrA^%-U<sb-(f1&V&vr`V@pSV0@H}Vk_Odbs
z#t)mHj_snqs853^+|)lwcKC?l(Z2`rdZ>tkrq4b;GtF;5%LO*$5`iOKf;T{{8L=^e
zusiYvxN5+}iv$_6HEwyEO#qR3z3H5Lz8%P%*2zP|R8rlIZ4j})AS#8i^IQwe$L88Q
z0D=5VhviLyiJJ>Y;AV=a{nxnJLCp2eGF}J#FLjCkHb6~${<PAY`aD7?gNTH+m8QfQ
zxJNIz3f$m_8B+^Vx)8V_DF4;Uo|pG6K%nOqL2#{1Vf{%*#D)EjAg*Mor-3~DNH{HR
z&JEm*M^aKZ8z7Sdje&tUC&ewlznL9Q{9Q@l^!1xt@0&a(9{x=it_kvhKwO5^mfv^#
z7#VeE#>a;EC@=sAL&gha_sjWK|78^*Ktips`5PdNLMCJLAARyt{<W~}6PSV}AuR#K
zQG}MJ|Me~4b1v(DO#c7R&e%Zi@&DFh@&D1GCrRW~XD*&RFNg&O3K@sX13edu$1avq
z<}WOPCo&Ns5n+BIF@7OQE#X^IB4Sb^qP#*PQbIy0hu@a}+Xoz+ENrYi|JNV*{pqPL
o@Btd|2+nTSQZ6<w_LgLjHwZr5yl`C&_%oUE1GW44cg<e?4{MAL{Qv*}

literal 123361
zcmeFZhgVZ;(>9KJ)FUb!ML?ygG($ZqO{$6lNdzSHE+8N^^bS!GP!NzVH7W^6?+G<Q
zs(^roP69!Y5<+hQ(!S_<zUO(~^;_RR@LTWRD=TX!+1dM^duHyLYv$UoAL(hIWxveM
z#>RFQsB<5}#`Xt48{5&PzfQ0|i5pk;Wxf63d{_4_8(UT4X`0<}*6|ew9f&R)TZkAN
z+q0K!Y=^9mo-MJl`Txzvw)~ilP5B)g8?RSRqk$^xixc)>?fcB%+bJ^&f%Qu^;QhNs
zL6a*}{?9J#@^x<x3Xbtl@k?Jl|KiHj)D_5!oy6qxcN<kw&tJHI|IS+;L{n3fN@9Y_
ztZM{}P<EOi9r$vfvDubcdTTp3bMWh0ZmTLaOj=9n2<u}1cT>8~TXXFH9{hU0A9eKP
ze;v<kT=)8~LpF}Y|NWXJkN*|RKT7ex>hN0*|EmuFs}BE2;Q#OHVAap@?}0v}XjY!f
z5&87Wue7r~aZEOCPkss$(EbN0pd}kf^L&@f;UzQ8v%Yo%3KIHC_j;6WgcI*Sjg(FS
zf@=E$EhkSn6&{;@)A^@!z+eCVPbJ>D+N$w=o5R(fK+#5cl0_a#(D!B2&QxWiZP@Sw
zi6G&**!@7H(onNCK>-N*sI>LBiu?@!QPUGAqr{R1Ok22_-clrrKI%<NwLznh<gl>Q
zJyLg-;Y~)8Iml4nmzLAnuXp-B=kfmxBd9P>ZX3JrRcW+Ko(1?+q+j;vuaVvhgyixc
zG#v_NSZ$eMs=wY+5#5N`qHcU%b|xblLt$UBfyiNRZFG0I378u+O8(Y}o*+Fl&2RnB
z>bm~Y?&9K`vyg`7V3jA65@#oj>Z;c-lDG!tY`oc7(rMkkr+v{QeiqV><T6>Kq-5!?
z`gp&($_=z`&}zBL63#X4=l@xor(e6Q31e66bZ#i;T31%r7(u<B0|9#3x$Lbas;Al4
zctcFKrl$~VxFAStwYG}jAK<)WEvEbKw^Rf+uKo8SKZBKia(`oB<~}5)bs#WWFA4K1
ziMXL_A0WZ@{l|}m$?o}MF6L{{#f4Ro{!40~1D6DA438xJ_rRd@K~*ib9ul(QisU$y
z`5{o|m=x9w^^SEb<m(Ewb`7r4^b>M)#=?H2Q{j>SIf~xrW-77JFfnea+)aZpXw48?
z5SO6ZR6tW|niT0?)5(~u+!L?(|9g5Q(Y#Y%$$?g}_|Md8vi+|!_yC6D?@0cmD;Mtk
z{NMQGm+}067UJKA`s~u-@s)vKjq>3!XXl|N>Q}wr`gHD+R<;5Omzg_D-yC1xjEspy
zc%E&HFKW`f+~n#GM}iSPxBL9{&$$LDvkl_+x4S~dgmfCz`;ArnIb0U#8hX+;6390x
zvlH6pU-ekgA_I6q>0cHc1f3%Lt~ZhAko)vGSax$^ExjY5Xe1Vxe=FfemLjLnFm5H4
z?V7JYeZ=!f9U?2&RTU8N=<<lGQR`p|G7SDR&fFg{L1JTT)p-6Z(#+#>C`ZO4vk}_t
z$>$iC4{>fgqbIeTHRe_ax68*)YGsi>Of<Z~t{2+9T#R$a#xPgH4gA(mv+m{@^9>J|
zg?p*8wsPabIH!D~PUbBq&%dCh6Gd$IW1t4a#v4L9Zq%|qQ_{-|w=yWq;`n4i7-c^u
zW-ZxNyF#HVIxF}5fXtPdiMknY-21z65vp}IS+|_E(IuTox3RVP@DM{#p6ayTU<ahm
zwSlP<V6Z$=GKqW0i&XM%X8L721RMs6gVSZE#ynEB63dxVWW6FkQYle<%{`zv(0S|U
z+1D})NfFF&az~#oa+e%xBs<);V$@1~{d?dwP}{n*J+M?r;ARi$vLf!Pr)&!*_x*<H
zV1^A>W|*)brk0<K9D@<_u}sPPxRecMKw6ws@@&uCx+(9_&7&+4Ks(S|LLV~RKu5A8
zonJ;c2V_xVm~zYp%1t0=ftp!Z%e&Nu`%d$S$|L*wTNaCT?IZeG7QxF?_LfLZc}{A%
zzRbLFo`UgLj+2FB#UrVVlPySLZ5igy(`30|pPI|Jxqw1pZ=cwI?ZZvfL`WZnfUFz8
zHU_W2Adx4yELQqNq%C%I8=4pBmUtE3ix+dm<Z>@uzN`$27X^0fG8OgM^j>TKOKsSu
zRd{1<OMRa<8*M&BavFBZtDJon_#@?Y!=6a7%<2aITr;YE!ewUVo@P8!%fV&3IoGn>
z`t6A`pKdeScOl<DW-f~7TtVub)A%q3!EgQS>A(C_>6)}{#72&-DCtMLcw(fJj(*-B
z3xD>A&JPj;X9_OhmPfRer}<?Z`zJ+r8-pMp?@RYdQBoQM;X~Wwi@4FULQg^_Ae`on
zRw9cY?8~h-iy)0!4wuZEWG2|pmZCgV==7;>$mbXIJ*bUzXY9yuAdn9LOs>$96%woS
zq~r4<Ymjf>eyi6~#Yb=osxqWLr5n{QwK6?|#a0QysIit3$ii1*M6*J!T=*dmv+oq*
z=<!3R>0t}yz%{4RXDHkvJh7;m%;iF;H%1QDRST>S7x7usYQUmkjtG=I{DQb%%>p<a
zp|4J|bFY^yGxL7>jEHze3GPcz5nUff<u1<CRws2WeV?{vFQTib$MiK;{h@Q_mY8bC
zn0Ugdd85z#+NwDBSH|#>xBvE{8-nZrUaPB11wU(ui>Y|!U+$K-*(ZeOmBHPR(QTKC
zLj7q*P-{tjy_tkXfsVR*9@*LyoFZ06^xxDbEsumc<k9%O!_uVy3f-O}$4}_di+i;I
z0q(L;bO_|>r>d_{rB=ti7dl!t?V^q>S_0k10w~w(H7~0-dsa)KkykYtjb4q<%N#o3
zuz){%hD<D~5r&wsyEt3eDxH3)?9!7=r+5yd)ix@u4w?c~Ty@}K$puz9>qt8FB-5bz
zwVXqjX}b?hOgFbNcwk-+*Bso0vTAzV$H&h<IXQma10S$VZAwI<JPO5b8|f`i)L0N6
zIv{R3R);4CW!HLG66YRtfk`;ghzr{%T^O{zxb2mc$yz{-@{~SqsPJz0y%Rd3pfkl)
zBl^ABiu7ke7#t=%QmS(nSm!#=mmC&pRD^q#t3p7i1k%R-5KDUT;vOn0LfE*R7TzQv
zk5CO(SK@^xN;7vzWwAdGCEb@_f#IOjyleE?kma$#^+n2+xtbJ6=1omH$~iffyU$AP
z$61%byd!<FtUoEs>JyzXbD3$4qUhHtQVmbuv5)-)NBpzR#DC2mQ#Z*|hfw#1UT|7x
z;1Dj%p=DP{o~qDFB3fI*hL$gWY8y1)>$sj)pK0{zQ9<1)C%lHu`ZRo`KUEWyEHVH{
zG=t=8MMWCQq+$*hC>E@hK`&Q=mUZ<*s*LsQgBz!TEYXw;8bZpgT-H0(gsrg=%$=Gx
z$m7RencvoMGoS0QjHei*3Y+KgfZ|`u@xV$W30J7^qgH?*Gz>BRQY`VC@12_0FFk(L
z(mnV^q^2cb_ODA6JhZhgHkMr1BKB7J!rIuyn_H%wyL7Iey=>&`w{V!;X`gAADeJ##
zVScFuT&Pd{#QoM-Is8ydkU0%OxdR-!6%ZdZ$)&vz;Ne!^3wXghsm?bfgAV_~RQ2%l
zodk*bubBmgIoEJ$l7XcHJPXTrcD6bBP)dEIzW@$hh<1Cu6s<R(RBnOiHsa~XGnbMh
zR)t+wCxz3XX{l?|XU+JY?!|Bf4SxUppXe^=*n`-xrOfv^Wx}7QTaIC+P{3kq6<ZUc
z5^lO>k&B=&%MG~scq;ui3UE13?eyBY5T)78u<$uF#of~qWhQk?YQ#PFTC#W|y6={E
z2fb9_YH4#bfwN;=a-=+0HV&GzQFKEBG}YLz9v~HMRPV)nl1&C>E93@+I6oL3bCG@-
zWG${|)wiqx>djS|8m~9^7~8JyNy(P~5`4cmLzW)1X$ijJ5F!%jAv{u?7Ff9+;xbWv
z?126PS#Iq-uZrqWn2)a0Y|mcM@L$&AWhUm!sP@1$+A;ejHq65#&7uEZ(plP7@uN4b
z2@N+&<&m8>WoSv^BdIGBhSCYv#;#-KrIwAVxUKozTk}{K$!FuWq>dq#KIB9VTBzah
z%B;6E&jSm#$9T`o55)$HP2p67*;WC_8bM9c{URV<u*LpIgA^q8!X{UUbV|fw5pX>b
zu9GGSt5zkoe@f&PPoUgG->!hcOAU3+3U^+WXDbS=1@C=Gl{6hBDqcwHO0d2Z<e8DG
z?0?U+f{28}JSW%YN+1VYLWSV!pZ(k2uYULtePn4E%q*s<zTW7Y+s~65gLeOIHS$)N
zu)>v;D@9KIRa^l=spVD&KZdFmkuOg<O!*D+dWR+O7irEB&aSt<y?^sencN9rGCQ5?
zz@$PQM_TYA^`x`{KQth8vqKJeiXB7W%NC_EQUx_4Om6;+6)76iND|hJMr4E^g2Cx4
z73+Z($#P~7gcC~4ygN>+q=R<JyjwtTOLlhlO+`!+%N%-H<`B;pN{4(}1xKB)L3Ae`
z<NYIMo~g-et6|&q1{ia|pXxL~2$%<zZKQ1qC*T{lAFhX*iUOOssqlJ3wvTZf|H*7x
z-M;)*1WYpfg)iT3V9-X5J8vPDiC}Ps;Ke`(jNjo-`~^k}GMp+?T2C}^{ci6weasek
z_38)j_#jAU?CnXBvdzKy?afWI^+t<E-)@-h<MWmY+KG93>>O{q-k2L~y9c^VH99bx
zMsyoP$FSay<Io!GWtNG`s$_|%=*!^vE>w{+jVAacECjNQ4~%Hxx{V}{t;2&Y?i{Y7
zbv-j~>bQ*wS_ewjq>2xobe>yH3JX(JtS_$;fHE1UcZJ-O1=Yj0l%7V*`TX2+a@NxM
zWdH%r4Sp2QJ9F<9zYyQw{qX>B8Yr%Bqwy1FvpgNHH|PKd^U4s4>Eqgm^BHGXWo=S;
zq{aoPA#m6l{pere|3j}oD~opardeZqG^~mrUG3fzDTh?p_*%lR%glfI9!`obhNMXl
z#m5gq$0HABGI5RmY75*C?Xg4cO^_nUz&@}5teef#l;-+dvdQ=auu%B$!O|oLE}oC`
zP>qjAVMH^*4Oj170)|6H%PjnZi2W}rV3?3ycK3${4_rr<$0AO)Am9-e+oULENU2#~
zzm)^%*ODkzuW3=U@U+^p5OL;`GNXB+S}trq`B<SOu*Mm!n;BZm^2hefcN#jzB@5Le
z0+RCXX7wh;>xg90lN$Ie{obrP@bd0v8~e={7CKyFatAYWH|-3)a{8~8Sq7Gp$~?ah
z<|=uw5Cp{$BPC5`fVburEr(v+mhH$lmsGf|Q^2mo2#b{VF(k`1+vvhK;GtNy`|y9I
z>I_}_(SXHfA=71YO$})(9JPD0DLj2dF(I`vPG4`V-l^~pme1Hw-zcMLFU@B`S{G(6
zeIQPZ^8G987zh^l>QlLum5H0CQPVm2MdkB`mE?xRoeGa`C=7_+CNuxm$%6YbzKr)F
z1|(G|c|q+fM(c^++e5y3WLg&o$uT-_okpA)N*3EDJqeJQ>Hp)ziNaI5;>V9ixu2$M
z#a<c`ZgAtPF{ForWcaHcEV*1f>V!22rS<`rXCC<d8_vF8{0jV|4MrDjs5g_+VDfK{
z;5+-=wvGVM;Bu?eJUS&(B_`Gl_IPG-xy{-AZwl&njvTo=*N-U<6fXg%OZhf}N~B9n
zZHt};TxM%+nq6B9`8-dcnvS#4cpuIDvm~>z1tCXSqc*>+v#2R+wLhD*>aV>tkUNqN
zo_Mn|F&CIpY^hFlACa)Mi>wF>cgTC2_fkE4az`6bVBh8E=CL=@tn!@w%o#e6-T3LJ
zyC+#V$uro0lH+Hlu_g81Q+QBOnzDas0%~lfH&5-ZBFTAf5gx~nR$C&vPc$EB!Fu!~
zBJ@!@HZpm6DcEX%ub_|O`Y*CU$E~&&ZQtEjMrg*Yok?PEyl}m;5`6(LYEo*8*Fj1n
z!Llt^r-u8p_0?nFksHfxVKlQt!q&lJNi^t`^?8wZA@@N)X35mhhea7k(~7Bn#9vV_
zFNV5P5Bi82*PD#Sk&iw+;6~CXvCO?il<MeqMqR3OlY6G0B^s&`?usX7ZRZT+hVDlh
zwg39l7|@*5T$ezunA*3<lh2<+Ze)CXz+9GG9UjP4WC2JGPX<(-6Xd3Dh98p5A*aD{
zJlR@cU1{BH&mA<3IaH6(Q}Zp5>$~YTI&s?xc9|vruXC;ezovoKbZ;x_=jqMVg@gWW
zs>ADA%HA|S)B>D=vYPbyP@lRH)He4z0hl@JXhHcARy3U)0=~?hK5H8Xlm2{)+TBt+
zk4um1L<SJ+sO7<oPrf1+xljF*H6aPtZpZ%25s?RsAdLFlf8~q`Ht76mW?R&0-hqsC
zC-HZ=GZbT7!;J4|=RPn)l4hz3l0gpSDThwhL8>G=i&K}x(lEw{CI=NFeVTom;7{~9
zh5jKq{g!21?$5wvBIA*3aK(HJiiGgt>+>kx!7dROZ_vAUguL}FuuwWiUKl|e+SZqq
z(^)=W0xq@T!Pl?uqQ{6h&C7dF$McVLWn(MyBLsHI`k~0$&7m%R^j3djBr}>rS6S{r
z0`13GJ7{w5)3Mdt_qjKB6cUe+PaZ9L63{qC!9%fh1s8a2-R|gUb|^UIsMzs`miBmc
zmDQD6Y(-Lftp(2YyPQkNA}M!K@0LnkIC^_}AXGBj<Mxk%mnvKW2}<P#`C9SI!%4ja
z3EvW$DP#)ipP?XS9}vREHvQ%SPn^X|tYGqs3l}a-er5!@UG3mtB?Y%ChI?>DLkVHH
z)NjNH$!VLA;zIq%KoH!#*w}LS(c$zygQ^*Wu<NR{3%2&4W&{FEJtrOjum<n%B<JJu
zzO{swm}ZnO^`<@3g&49@624g=PrH4U&N6go9d3zw5#uq5>R+!M9>LX-%aOR+Z=|6(
zp|g@5e+tSP*BKR6Z(-zmFUl`}gW|3@e0#4djV$|sM;Vi49sPRV+L`c^PC5|kUsxln
zwI-?okqDJW-$j@9jXBx0$%a~wrro09_N9qii=IWP2E|6P#gL=m7k>y!w)=QCi(L8;
zZRgI>l$g$g^IV+{cZ>1^qdnCw2^-&(Fb3_4(8L69Qmt8F$3EqEfH|X9#UwC%LoI;~
z&;?9paM8}lRz<p^wAgBIo#Ys50J2hARnyfVG9?vWQ)?UG^2zZN68oSRCjl;zQ$YkP
zE=;|v>tJjO>4&HSu2j|9wMU<IiviztjO;zpnTl&D@YTh(?PV#4F0Z(Z0VCq+mu;E%
zm#eC~d!gaT7n<xGJ)1EX{#JP$a0mCQThX4c>MU;&l!ys$5`XJMo!{$gHafgLv-oVY
z5UG;6{sgm|^pmc!&g^Ukc&wu8@Ld>4nM&Q7k&AHJmejoY<7Pi5gHELkO<)sNjnSr4
zxc&eEYz}Syr+)WG7`*Jbh(mUw2ZJt+_fFVV8lBT=c{K-}Z%Ly#Dd3gXou>Qkr{4q-
zKZfkSTe&eY_hABllQuL!RD)5h%w2k408U4!U-8&?Yqxb{xev)V6@M=`PLQSv=Ib@n
z&JrM%xOFK^9k^rlx%@G=6Nfs9uwWYa4huolD%&j`tznps@44!?BAx+{yhb|f!sWwx
z@GHY?Y|WFJYGD_L#}#&8?(Wtn2w@c;9`<gHm|CL7yLc7YdG#h$4!fZhd#g3{D~?88
zZ@fX{%9_J}yN*80&}&41GiY$KSLNqwyY{+XJ5B~XA*t)qTo<>iEYcuLu1XIW#mc;J
z2;5%|OW&HYI$)_dUfYKkH=Co+XmTN;JN=3iC@?8aJv;}BOx)e<J|&|A=aY9uSPN{@
zzH^t(JkHM?{=PH}pavD?8C2LrpM#ti1<o4lNVud*kwVp)YdRBAFHV#kq#tY#_NVpo
zaZ4a9WDdS`cgMG}>eL&8`H?IL@L5VtfXS!HI@dAWEfHb_h7R#eQ;?pleX8#O=!=%(
ztJdWdA{arAioQj}cnG1w-+^3tYRtbLrXhGJmISDh2?!=kkAEYL;J@wjbN|Ul`u6B;
z+eKQ2DDrT7dC(2l&Zsw^aB|GXXt`b@+^qKwcERle$GVA0n9;Fi8lnE~@e|xjbE5In
zH$u8MoFOqW0)hd+YyMaQ-G_LkXEhpsRuKj~!v0o-j>L+%%-QlWEf&Q`vdy7RyMxHC
z5kAujUxP#6DLC0=JW-U$gOP@~r;XOxjz#Pi;>vJn5Rs--x_y5(a*tw(wWCMNw<ALX
z*QZ*tZ9vLmq<2r6L{~>_;$I!oU76O@b!E}FTjhgIm{tsI)!_y6l?FT0AZYRgpex~`
zioI%@g{MbDU2cUOgRt+LUk(=6P&t^`G=>yt+@fa&mruA5a}V3eoY3UKy=AF|#(sZG
zRTGH6v7!nKgETn!d^2DrNf^g@S!M5wB5GI0$J^irAoAvuS1DFmj$iYvm*1y$>7<B_
zu5JJ%K6=wiwMI)fOJNbDr<OvNRSr!|9?YY56a%4`7xoB0I&mcvj6)3JqoHBtcW&$4
zz5C$<DuJ^?8Aj7#&@TM?z5XfqwYermEUY1((7<IKTR*KSD0qWI$MH?IqhWapkK5*K
zoHasKD^K;csC4C5I4mMh?%PGVr6Ic?DrZCExmc>9bV>OamaEjDE=+y1lJ#Zp?9zmb
zb0M9q4FG3ISu<qZU)}%he=s6+{<+1AL+L=^f_Ns}4=YFMA&A4ILIV$6Maq(P;y}ss
zvGcK_X3EMdOO@@r9(Y;7#-OEpK$qbqgZvn^x6AyczLgQLE6JDr^nJ3)3S+C>M1+I|
z@@d+6Yh?Ly@pQDGSI=irD$|)N)~wd)%QI+xXbJEn)O*k6rtqwoS32*teX8gVfyMGl
z+LRhO1HKR3SK$&04y2IbTQj&wFegq&6T$(U7}Pzq-{#HMaFa29XJDtbc@<L9UdEva
z;2zy{prTQ9LBZglpLP;O`{JD%Ju1Mg-ObX(!iu;c+Od-y{NrP73gr~p78of@WVYT}
zAkROD$5eu3j;m=6a<PB&`bJl7ypm^Kw`(Hz9HIghQCH`3s)#nb6&H6l#T8x=j#)NE
z0qzO1d@;#egt(6m5XqcV==NA($1kpsE3k}4V?mdlrSJJM8n5bY9}l$_Jg-6uWih|e
zsFsixjb-{~FjtXlWbxVFozxTaLaErq48O&86`|>bCkac6j;oJv)@*!jGgQ=>-^;+;
z7BviqfXULfg_U#~ZF5s7X&P3-w+gMrGKz-X^eS#!Cr>D6nW=m*BT{}TZN<c$L;wB?
zH!;ELT&82V*50KF=_J38KVC<7yMp6R$_mmJ9~PNcJM}D^o}wO<@5h%3ziFWeOJLEo
zmibf<6xDq&WgQ;I6!{=GyZ>q~@&zL6u6(2f`gC?%zLqel&|Slk&v#<frE{99f}!ni
zvCQWzUf$ib$#eXI`~&Tmx=2HGbZzt2R&N|EzMi>wNn_CLgW>q_t?bZAn=&}HuTMs{
z$!J(%It#j0-qR%3JWF|5ckC-V6WdRai8E>lonJ#9MsvTH|8!w@eLn5B>4Mdvui24_
zL~)Pxrrm9eGK)G_$0qRE5QQaka^FT<<%hjQbpCQev1QXlgsd5iQL4dtOLCx8$v@=@
z;%~^su(G3UInn;EQQsc5Kb<D*UFN@h9vAk)Pj#o`^`slJS8KkvDF4Php-*+5M9NY;
zoO1w}NTI`i2nc~diki?V*Kb#5$t~Zg6h8T6!I$b`<4V+$L7_SM0cPXubv^#TKq|iE
z6DVyM9ut_QBO-wNpcxpgGv>ECIcETQkZ<2<RK#cqV;LWl`*)J61Rxu6vZk{Py`)$)
zjSB(uaVJ5zLB`j250`|*^@^2>X084VZ4KBQsyt~gEQ4*z;gzwf_bRVly=z8u+pG{(
z^~8HhOI51BU2*l358<nT<tfxmemxX>?KeQpLEDA^JZP-Au&h>NIy{f68VDoRxWbJ~
z%-i>_5b_Gc^Y(%-+gePzx|Bo>A+l`bTQHwC*4BnJIxWWELJcqvCKkX$mU_?wvI2mV
ziZD!GP4Q`%_vyQ3qO3Z%@#a`Ol3l}OziR&q>B~!DE)Mxx?zTS`PY>{}0HkwJUX!%j
z=LTych=<`N*c#omn<}4I{=inmDtVelTVFy2Chvu;?Gi?8dTSMiCckcb;I#+%ZbP5m
z8K;-+)cMs6_d_BkkoO`_pOu+3-6~o&#4kq6Db3HMhEE{^h-fM%`1z|v^R%bNALlhD
zm9H5MnyEP)=;5kR-IIa`*P1Km8`{{(k=x0FqH0@-8Cn#fDOg9#2EcR_G_mYdlI;*H
zH;)Ej>CO5Q7Nt+C^u_V)?9-zKL`6C#qSDWCG|fEYH27?^;>BqZcq$G5lX&Qv!5%10
zs567&!|N!I4+0kOnb7bjlHZ<MwRrC;*SSZX8Knx$nZ0qiaTE#d4Kpn8=P3FoLVg|8
z?9JU}d@<O1IiLYQ55<9UZwB@f6yj37OxvtqbAmDb;n{@*CrKqhQvLneFpY^dXTPbZ
ze)->bt#Ch1#fbB}U+|{pdnBUNKz2>*qc5IwGHDxwi3^}2_Ckpqr<SsBA6@H;M|%Cx
zQ-$9W?`g36bA~>$^?O%#r>!L4RC^r{`Mi0&o0lXz^)xJhbJq%W?=QEzF~)c}o<X?b
z9aNazi5m0dY*bs~x+YqmHM6{pB_?oaDAOK=Q{gEiuT8`)82LskDfaN6nIfy3lXG?3
zZUEw882Pk1rN4jSYQN@Xqd%!?W2HJBbM7P*5?`Q>V`Ue6ctp5e6nENW44p>Q7fx$1
zUNAWrwL5;1Hx2}!XGjG$44~RXB;7vTZ|I!o;S~_G&JFUPoj;1AI!M2);t`A|$rTK}
zQh_oLPO@FODRfyV;-X@?-#u|X0#-;NO6&35tGNQRf`_+B!gc6cDApr;qG+{-=WqUz
z@A(uHaK3cDw$R>NiI)|LMelA*S!Cy)XH^`-!ZKJ@vsPg4>D#<M1<e=6uT?&H><%DT
zn8W%p-Hafz;$otr>h#7_59*v%dA*hQsq|{oUK>F76Y89d2d4JGeskmGle6w*O~aQ3
zfBM&PE1b#x+r90X7Ua#78_AvTWJexa+;Yi<iXQanvxm-v?VJWI47^iunEo^LeU4Za
zA|~Y1H=O}Kb<u8Xc$0eI&B?(G_lMOtdMG-;0+GyQzY4l{-3!;_Bhr$(969_-AIkhj
zsil-mQQXNyji8)}A`e1rj--#wfjK*fD^=`^W$}2qeUs~1#3nY88NTy&2@BP|CEssU
zk@eGml3Yuf{nXtpAyg7p>V|8)MIKmrdTw_=!~8V66sI(&^atF>s5qYT%TkWxxpsjC
zi|Vq^C6AeMypl%NC(nWig9zOrMO|A(v);*@Zhb4sy#yKGrZ!Vt$5pNvnwJTC!(TpE
zJBAd}+D6wbo1n|W;mI2*FB`hS)XVE`&Egq;1?0@~LJ1H_zd$3?+hE*#j59f`_aJq<
zfrl|8my58MC>XGdI`7to1ro0{$!+y~5ueirPnNG<_UKcoB((apIDk^1dYFSD1L_#|
zmltuvq-YWNyrJ$6MH46c)%S~=5u7`px93VZU1fQi%{FMpF4T{!aU3IO;JrUTBBXk+
z0X-(sF2o;(0A>!&w|X!wI^&{^{o_}15Mg=7E-??=|4Au-c32lR=tdGmhNhy`|ANYl
zU<|2xEjJ-#o3c>4Y(=fzRJ1=U^XN3TLfUu}RC?A$u({@wmC$yKb-&19L>^sreG;WV
zeIvO0r6#1?MWC=QQ`qAZ=ELD6KcvdOGd3;ElOwa`dFZjgx|D!5e8c(|XGry6a(Fte
z8NpbV1@5YmLls<P)7YiB&1O!zw8?TsT(Z<!e$TPI#Y5@rwb=KOpK)!Se}T*E2t6-U
zab1+}t^1uVGRhmtlWOrO0AZvSxJ#I);@1p|?-j8l&1J3Ey<58L2)K@5u0>tzt7*E{
z3jUqO$qP$S)wu+uPsZW(rrLlnlUGX)foaC(@R7Qy47driHe|&VwdsgU2U`B<-iS&!
zuuZIcPqrjN!|~D?Te7{_Pv0K9Jf|L|%oBk(P~GE#b4852<ieTe7u)RXr`PXP>$?8^
z@$)M&A}DxoVIrH^P~=@I;1gl7H&ksqrekYGpLLB~WS3c<t_a0`|BDpKCq&S}nN3!*
zGFSQb_Ck^5GR-eBu!#Ld?NbPB7hT@dpSh7s#U~7vJ2&M?Crq&W?9^d+e4~!BO;-`v
zv$w8RY%S>Km=!~dY+>OlE-!D`-^Xa;F7;*J;?&Z~l_o|s&Do7#;0zXfxo$O6rYBHj
z+2~Iuz57(yRw@4cyvRn51h>)W7r+W2)|}-+MjmE4e9g7&Rrc?4tyxoGWlwYOe|7n^
z0*{aWS$b|sm?Rl43cTUgUApS433>bC8XxQ*WF=bdecyI$ThzNchtY&!%|;87EAr%C
z44r;<>0GDQ1->WiL0rfS{*Yl{gZZKK2$WTUNcx>&tMn>}d~$l!e@6)5M1Qv%Ud{>*
zVV#QDGUB&9b9bkzqKf*2a?VEeC4uw)+JBOdwHZBtu)2l-r77)i>>-N&hVZ}eN^Wuc
zTYP=cQdRxf5has3GgA?IIdM0(=#GuaP4Au#M-?5wI-)tn)nRx}4HU#e!7kG0u%$aS
zxWV4KQ|sTZ0@a2!VUsA!LJPBl&%K=KGF5dOoGX0eiW?13rwldAJ@=?|9K{){p(4^y
zEBhUDzX=a+Q19I}5DawDt`g`(*(7z1TryqE(6u9Oc={Ml8U+|m?3yBWKoxJ273lS(
z?%iX^^V{IBvfJ@L6~1}QY#Y9n5^N6I$in<M9qvIc<9x}fucZ3pv8Ib9-D6jgl6ute
zWC6!c6^vfR-XZZ988n{CZYx@+;R(zTwdP?6Dm=Is4{uZELX2Pbw!+;2c8lPpjlbI7
zfYn{YZNBSvz!X2eF7XS7+ZWH^S+{8p{d}Wnz9pS9iA=LfXyErfRU2P|LxJ#vWF3KR
z|F2^Up8JtY%0G^C<gN%|8}xnQqnEDnD45B64%ZuO>m!~sj?qKm$)f{SD!#^_D??Hi
zPxHHmjO~<LUTuCqbEjkOXG9j&CGQ60`-um9sY^0t^rx%ZC4~0V{2|x_dQ~;gMdKa=
z(e6cm#FL3+M=<8rtP*+nhFe~FaAR3r>cX6yP+_iwC?V6!`D42*onLj#;Pd2Fd+iYc
zW3*pJxqRd35=a0)tg$|M5W2XYD=lfg(KHi?sg;u(_@<OEHqIVxGx|6v@`vs=P_1uQ
zin1#2GPUAgV=A7sbusu2ZIB*Oqen7q3SZr`?c%UKAS_=0omu6j%)%33%AXBLE-{4y
zc}{6hzPvqW@-4-uq_%RV?Zx(jPP;58R`u`erTL&KcGQ59gG&6WoHwh68`4?G$@VPJ
z!EWi}14k|$>5=OB1zQA7=3t8+th<$*kwJb^RQA2xdQ=w4qZP-Ki4CJHR=5q9WZ1pj
zNkbZ!^v57hcCnCOtd9R1Wq<WAdxza6?k{zXtGcV52g`;b$Mf$+8TGX*ZdDxo0(F!A
zWLcoOqeX^`^}@kn)6nNlR5xBQKEJXenHZ;}-rjRY{FXF39}6SwSmm14eMM=%P0C1N
zAx}4oQ^3niEQ86n>>RqWdy|FQ3ba6@G#>Q{VQ#`YyoL1WUd!4w$S7}~u1sFdM!qn`
zeNSZo1{TKLFT9o@l;h}?zAmfNGP&ofGSfh=MCqaRI{&gB9XK(1vfg)!1p!!H@o$=1
z4S?fN06~+ciU8Y)hgq}oo#ez|C<8MxWfkZf`4KYB2&VFGyz1gONY#HmO$##_Qqf<h
zkvUv`u<+x>{*;70rO7!jH9(NT#>bfhTz8sAd5&-O>XD*^<xhDNd(7c=Lu^<+B8ag`
zn`3FAtrg5$*R^Lg9WNaS>tS*+^=T=f2a$0nGFBw!*K@GGA6#+ibjv+x^OX@6R1-$m
z#Z9k-)~q*Pi=Wa6V0H+c^R>X9Qx_R{t3<cgiQy5lXvP-#p*AMk3M+slCuDY7M6jH!
zg&pS;jY>UZ+&6}jn|7*jZla(1@ZYqE2Xj!v9;_~-Y@NbRjb-xf|H5V#q~7MyXg?Rl
zPa%mk*f!h`lr;qnz!C$os%Gpm+*T6fw@Uwd^7&y8(~zm(Espl@2r|!-bHO1jxiEkA
zC|)Xyy5KT|&`t6D==b3uYGDzi9g$P}eP7G&kdFj?Vs))-$A;9hQ>fS=oKzF=vItiI
z%3k&tQTui*>OQ}7gMEYjDGu5Cw}{-34`=L0PL`;fDO`0gP6ATf*abPpQr3uA7;~Bf
zVA<_1;7gMTMs2$<`kUe+R$+mrcD^noB$5@0_LdPWT(j99B=2ZY*HhL*h`RvhnI@q{
zSaPaG(JsO0?|+~VSjW-KKPdnjWx6kfpX7~z?=DW89^PgQZgy9&Q(N$XWvMgwUvQn$
zkJ1e`_#s(jNYX<#1xNY6{PI_Pf*c!LcP+qgdqKij<WjO&3xfen6?tuX6(BeKcNQ-@
z%QTHnfA|pny}5x-551@s@{<Oquf9&bo@5&8g1G^UxCA`c*vvXniy)gY+u_a1;%J7#
z31o*I(l*6b@)}@@?6$L-UD7bDSPLau&9x1R<2OGlGy2L&lXczsh*&Kos7L`g9gRl2
zEq<b~5TGF2-{q?rL@B4-E&YB~`961-@AVJn76y|WN7hZS`tCj9)zl}HMa%(|?&Nh-
z)No5DA<%WZs9!t_tX!1x{WeTBBS>abKL(Z`>g>1oDrfg|!-y5S!Sj|0NP4ZVeoP^G
za};`|Ti~z2JA}ni_^vuRyx`-G*SGe&oQ6>qXAEjb*o(Q1&^bHd8<fwQy)kt^iBlkD
z_5J-B;aj2=9ya*qH4sumn(lI-@IyuZ6=So1%Mb;xj&G3K6`TltGR6;~a5lll731WZ
zM>b3x$f}Cm-GE$NpdF_LmsQg6eccOv0sQ31Iml~}sD$N%$?;H!b^l;dI59keLXr+Q
zqU1N4GvChEC5$OgUn+W<_R$zbNQ(GG*IZ3fM3hCLcqVIY*g07HUMlEhI)@ZAJd$%#
zS^GksMUZRxF-ZDz^Ak=~>*c!YvECy`?7Ag0^|mhlxY0HjVOIDmDdI=eUlsKcl%BPe
z{GlW5hrym+Ri8VV$aLk=C9`}tKTHGmF5iwul>Z+}`-kg;Z(?sr=uJr>r;|dov+5vY
zH0x~&<_V0}^FHOScrq|wJ5f-L_I$_mGnRe8R(wR-6m9inmk+%~==HtjHhjBu&S#~!
zN^-2@3z}Fh*e$y}Ct{KQ)O=R>hvYW7OjI>*Bj{s3uH{?k2TGP1G@8E2a-z^sR%Y_!
z^-J;d0x2Bs%9Sp*w~9s&EEY>@QzoU{YF4tJK+pqI%9K+{)g%2TlsUi;PDUsgnU@w~
zvJrzG^w6J`e?2A=yteJ5vc38hU46d=?r$|K`Z`18_H`0WHeJ)K@M4JJbboVpFfsLn
z%Udm-%NIi*ul$g~^%RSj2r{iEFSr?&?(&ejeKgYfrZgpd-+z7Xh{1iBh;f4Jx{}#g
z<z;u;{JK!8wKCGMP_Q(mz`Q_D%^#HI`Y_vspgeCQUt`G1<diu6X?vc5%l}>!2SAI>
zgTe5k>;4*(^rzi&5U+`u>d(^#>l*7_&3rZKI(?F|70vr&Fb!BwhbULZfrZ4pd2fxo
zN)fD#Q5Vvc%)zhZ_1HG<69uM9+C+4}Mxs(C^;}J^FK_NWIlMIl&s>}o^c(Qbo>TCR
zT4fly7$W-@{jc#PC^gohN2e|1LA}`P%#ZgXk-sW%r1Rv4wrDR!4eUXKtsd!nthS_}
zC>qv$bFnw4<Qrr%EyDD0RRC%H+C<bs-9|#L{@cvQaF4lI6MzNsi7Cm1WQl}ENa;2z
zkR}tw5msvrgl*at(O<R6*+s#PH4QYAkY|EZgNLdI-U5Y-Q8HDRo*ON=XV!3AfCTeZ
zwSo!gc#V{uhqxi=@U5#p4Fnc?b8vTZG{lmu+v0JYb2MjkY~0+zIo{X6Rjp*Vl*yeg
zR*~84)b?RagZNKTGe-AyWnH$>;^W-NU9gU=JHy^L(tgjj$#yNG0s6=+VLSto8Rg8A
zhx*J2{#6cr+$BN9qt8s;^mBlbwyIh19(S6LMh{(NaOu??&oAt1t+^85_~IIXRv8h&
zl31wQ{8HuIPl2+)uEPd%1HT8~JF(+Tx>HNVLE$2tv1#Q3MoUjA>?Munng=@VQXn`0
zuuudqc~(lXlCV(%*#k{T&cAafKiw#8ui+S+1)0Jyhuib8$7`M?J7Yt(gZ1Nk>K3rU
z@tVzwcvu;qYc`}yS@cVj30bd9#dz{19fmM;#fMh~Ou7ix1b-d9gqX(eFdV-fv&?fN
zT2t40Rjxld!q$3ebqEuVhJuk+pmeKQK85)Qhvy){`C$jCBftBjXM&bySTW1Y&)<`G
z-?V5f$Hw<WZN`bh%Q?jr*|j&ix-OE_!6Swy`sRK8qxWcegKBV<OoTsmbk*`!+vvxZ
z`Ob7+Jd(q$Ut{7W`6Axiy&H~>QTtMcGLy)|1RXYWAusp1ij)|3?%k2igQ+tA5JwI*
z=r5`tWXiS7@1$crQ$Ss^m$2?9Nz<H^h<a*w_TndQE6IA#+b&ODB%O-pNf+b~_WF5O
z!sSO}6xoC$oJuB4hPbgb0jaXPHrzzF+@bW<i_hh8GE;Hzhp?M-AD7lC-&+$;IAvee
zZB!>6?x)~7E^;}%QIVVny_5V=IEUbZ=kBkV>ADQRF}M}YnNDDMQQKFm{QSnh+r^N<
z6uv2_AM;h2uU5}}QLZ$)1^a+dj>dj!?T3ZvELOQPKEiFsvc?>>?NpK7;+X)ji#obF
z@KXQmTbt#omhQa>eGx~Kg+*UhF>^61BI@VFU=4iH+NC2y7{gDnc4gEa42?R7qK!RE
z2!dc=p}}xk_f41YMGp!W=%Q)|^F6ZqvoV2$r+j-?XhVwo3oUhq_disyhwt_*LXduG
zxU^<~d^m0g*yo4>JaWo|2S+TM;`Xp8W*xF=Sk0M|6P^w3{lK48r-fQfY=bpFdiO~3
zlgXnNpC6~etLx6vl|{`gSbMp%P5BND1#E2oxs?o#YCnmriYM-mbzw(2(z2XA^6Ko4
z7g<EQo>i}K%-*sa&$mlFA$JP)EcZdN8e;FQY~Rau+HgRQWiYECnyFiyoDWLCwICMA
zSru+AS4vy2U#Z%m&#v=w3P?1h`T*w7ONATGWiR=+zA6yZ4&`5^NYUs$fbf9BnxT1R
zaQ{g~Awo#Og{*6G4?el=@5-@fXNg!BZWLWu1|IP}y09<%HsbK05Z?VWIlANW`4ad8
ziA>Cs!<$4MQ*A2&Z&9qA6Z0Ki7?UAr4fCVhfk+RdZgJ}wr_(M|<uOTM&`r^vR79u;
zt7Tq9EoH~Z(S^7gj;7S6s~`Tz7pi91QTg!>Q`2<x8g{qky1xM4e?>90O=EEaS?%1H
zSN08}4EsTg@<k%A#z)I7TWa^NX5eL^4~u+0_P$mxDZv(A4>5%pKQz9vE9QcG20YdU
zKf^pYo2(Ap0KU-g#uxY;?Cw`|i=UWaV3XCu4|gsR?LMDlV;excioE~~&~4-kS+@}e
zxW~q|v$~Af*u1QMBkaxM%IPGtg6s^VS*zE+jusOZ`?6-}$5T1Sadl#2SynyLj+mqa
ztx=6O?006NToDzqHk6@rH#l;ORZT|Q6JuAMb2S4#V>2`k&^_4QDVefttS5s*-zAK=
z8Ln-dG#Z9k*iO5R_`nsdck!`~O?b;;i0E6Nov+_-nW~YR`iUNlAD@hh?2yqT3Oa_}
zdIHowLBQymS(5{^sPgt&$pa1TcoF&JFazLnco79zu7d0+;i}N{c_cxo^BS{n5e+Yr
z9ijJE)G(Qc%nIk6F=7QdvYay{M#nn7Tnj3ENc9i>wt5%-7wPV|$oJHF#JO%Qem=Pe
z?59|}r|i7NJ2$($D%>!?q3>6Wa9M!uDyI3Z+;XIW(3$Kj;q~NpYoX55%rIc=x)4!=
z0l*JmYpMm~MY;KHy~2`?Bo`NDxsDgqUYBeBwqbu3(HY6h$uP9z^pr#ynLTg!O_Lkt
zI5nhJ5c-u*e3$&KLX$#+u;2`b(N7l@{Iyt3Fw$cd<^CBl{_09rTE#q%q~E)n7KJn{
z&-eN#4V;8?V&-K?l^i8TJL`tgQ<nmq4-F@GCJF}khEqf6IC6#z5aF58Xnj}!F<X4m
zY6cnbyFD~NEh2rX`N_tlIwWD}wjONja@1KZcHyWW5_AJnB4|hf+%T}9OeH<vNVr_~
z5tj2$S>sCoD>dOgs0^-jwFadRyOxGEVnF5>#iZX=JN0I1EC6dLgVP%A+OCR-skc1A
zq7+taL#P09#~DkRl*P#@_032TZQt4(#T&?X4ZT_<H<T@+82Sjw_;R_%n|GIoiuFs%
zhY;F$L66XP_j(21s$3!JxU69ss62@&$<kodibp|t6@}scwCTfYxh%rQH?)5>=b>vL
zD~segKwQ*z;E&&YC?SXV_Vyzk5pkL-%^w1e%~W&Rd#8v9>0g$2`+3b86bzVupy*=J
z=OQf*O^JB8<&gYc04a5&y5ozw^)em}C0>p88(S<N%=Lg2KFLk4E0fx#7pyBzWq>qD
z;&cgossi10uVi9MyEq5!Go4IFNNb|bOu)22CAA>lcycvQdS_tVdb-zZxvRS`haF@=
zFe7IEVeKGNWHY$~j4~|_$Lt*(+5%e&ck>iBlAgFYv39<AuI7Rx@+XJ+BXqYmHa9lE
zUeRR+9HOxUsakS^--8})ZvZqBq6431Uf<1`^mS#5qu_z8rIH1*p&f6uWeWVkYIrlm
zKAXC|-ko-MxZ)lX2=}0W_Jlj`#tS3YW>bdb%O?Ow*n-dr50!5Ic%)hMXzZS~M&{MB
z;Kl_KY80xDyvs_w^n(7t7qq#gmzq~s+{_G5W7{CkSso;Q>yt-5>;HV~9=4`T@r{B9
z?m^)-cIeN?>5*w;UsLxMh-kl=>qVQ0t`C{&H&nQvp}l2#%$YHFakQLm?JgTJf18O0
zN(Y})VF>Jv;HZOV-wLENe^WNk{EFkdbh%7@aTakdh)a~0W1_0;buDT#NyyXWhRWIh
zNylT2_5Z=Se@3}qP?tIClqb9TE1D}xhU|q*kmuiREp+2kg7jzSxRH~AuEc}t+6hxu
z_t3A+dGVi~H?~%6yGJ?RN)ZMq!%5_d=#KtG-?o|DcbO}+1OPCz+2J1loZuDlpN2@b
zR!eXAyx@$D4*S44<z6LER%0V{juiD??Stl5y(9M%{)_tGoR(UJBQPIl`K|tJnbmLU
z*E=>7fAOY>3+&_RZ6So5%9+1zv$GzL@ULyd#OJ4k*QXA37rW0bfu5yuEP9WkcOV=#
z)j9wnk%P6IdYuC<U-9{Ob8Zmy68awWk^}3yGuD67C!adY$*FWwB^?XT9INh39pzUQ
zq%f|K3{u4BU+DkhK$71vHb-xmD(K{L1Wt^FH&3`c`(iNjuglN0q%?*uGaaeM7T-f0
z8zosB&|@>!O7$~$)>V?X_ImJ`AhDXE=9sW~Nm~*{*RYVe7c*Q(%1KNpyQy;F*-|}$
zq}L|S@(;VA;?urq>`g|orj%p<gBIBuD!w*aFPYMjk)UxKB|pPO>T2Y>C7AIyOK%j<
zS!mSeZQeNy@L04`X#$(`IZ7KZHBJ;w+cpI729^=-99C*#3g)*#`RNr)VF8t_Qqaf8
zHA6>&rt7pQG`LL)?#=QeyZ&n~-?!3$3e)Lw54ImXKhK|9GQq;3y+mrLdF$uA%phmX
zpPYiFv0mYxEq&lV)GAbApmF7VzqegQdD5H2Fy>MMHL!eeSAcl3hV^FKNALB9ZXUd`
z@idJIwY5<k#LoxN6BigK*U+LCb5gQDtLib^s?3#j<L(23vX-Ff$-ZsQDWSN?dGA{4
zwovc3jTL%+b(<z$fp6Y6W8_jLtuHXbHI}velhVK1RC^mck+wTW;AsbNIdqRI8j_Fr
z$(ww#li(4c!&b2+H#PL+vn^N+zuVj(9w#S3`a(OFr*kS#WIVa8eZ}u-Qweis(-Z+D
z$A~P~-Y?!C2`q6cWns#$7jvW|Q&FIggDnTqN*fjId3=y7e$Q){b})lbLaK6qrvLuW
zd!$}m4L(6U<$MM>NpZ@Hl@L}q{XZPagv&2AxpJ-j>5!PUa*biLhD>6k>YQ0HsU``o
z3uw9<TX%J@=#gnr*rNj+pyW4mcW-4<jgg)qhyGzz;hTai8$z$;G4qXP`i?e~pl_-O
ztTg-#_38OM1i|X71bR+sT97fTXu1YizT{_aGOa4r-I$P{$FizZN*T{$2XDSCP1|Gm
zsFUcjNP+D^-O!Dqo%Y77fgv_Y>d;**6k8_NV3qiNP(E+M<@wSFR`p@S=HqXs@w5E=
z*3Tk$*&%Otlt$*>aJmA=z_t~>VuceQ*i>cj>bwZW)FJBK=42k8x5b^EsuWRB;kGgL
zLcdpdzKXPTELXsK8L}&F|J~IR;#BxTt#g*yKnoE$exDeYGuNkdfRrE)O>cTW4gfWO
zEql=|o7asD+T^NuC}<nI%Dry(v49m#O>_KW>$Z~Q_0gD-)kYj*Tf0V;pVh%68A-jE
z5szy(?AI@JaSs5oF&*6s%W_cxSw_WnMbXI1T7&^&BU`gfoFk#$ckx>J;&VmTM0|a`
zK3K>l!M&dGDR$W2JKeG>;a%?eR%&bK%CC81$~n9bAlr!Wi50y(pOyP>w!{6H-`2p!
z@IDr=)+h_SOrg2<iEx`<13u{IV1dP~_DV(FwZN6H`SLjAONRUl2c2nitCITR6o^2A
ze82po!;c=(r*A-i*Miw(fAgJ{S_-nOFT@#}_wv4TZ|asNtvFL;Px2;#>XBX)Rd*IW
zmhIUq6Jm+NRdfC#(oWs3X9F<BH1%ofQZb8V+8TUj8P!c;@RORm+nLAx&)POTI1Dp6
z1gmEvWK-|n=;t`aI{(k#)H^*{+cptC)kbiYbA7jekz}xRtT$!Cp~wiADiqTBw~7E8
z+nxK!*#f26v^%i}k=dQda-(IVUQe4_{d&jQ2HJ0qLhhdu0iLxT|JFV3NJufludtps
z!}jV;+%Ffw#&B^c<d@j1%#o`eVU%;4fNCO?=+>=;5Oe|_))?Bo;>VVAx95Z?U#k0+
zOVM^0qm7z@n_`{W<LO6c{QWbVS6io!Cliai9qy?j%Og=RpFsHU0h)CczdEmF1>G6d
zn_>~oSyx*5rJZa_Es<PMVle7X7H#R>VEYtq_Vc3eA74|%!U9A#^W9n8cGkT;-DmE3
zG{7|*v-gU?I{GeVgDtvi-SR5jY)VO0)d5~X2137=5dKU5DA=WAZ>AcByj$j-(;i)8
zc}K4kD%vajRlYBWS4y00<*6WLgRT2LT%sO*to!hiBF0>>NPnC-tmd(1yx9vThCizG
ze4&Bl*{orl3(ft-F=l)G`#Auu2WP*n>0qDV`VLX8PDik9G}2P`#W(e@(YJ<VHRxL@
zel63xA!Fo;bk@jb%!(uO0zOid0K^W2z8WSa)_N;`RbEG;=9c5zv9aGHd#3h#9V>L+
zNo;QYyj2tXFW%U+hOo>UbnpFZx%JUZ=JA!(f??Hjiw5kZ?%)`>`ak-_Hm>=L^zRjM
ztX2{SkPwUghtIPin3cNp^mPmoIJBHwfAHzGT*Sf$J5C-@iHemV;|cP=heL9#?a*D|
z(JyXL4mXAeKzfD%V<87R@*GGkS55KnUtV+d7IAyL!Ub_}Zz+#MEG*U}ylx?^7_rT$
zN;w#HBwv{g$wvohDR*9FNs0gHKl1mtOmQ<Jynw9N1Q&PVugZs}JAzkaaDR;1>z+?n
z_(w&#sxMH*?2ZFij3G{YtG8kWfB<DXH`Yq|Y`gMJ)ddrg;~dLKfq&YYWPZ(VE7c*l
ze5vTk0VMOML%>D00TI??1G49!>5T%*0iW<!0sg(i0K>vs>0_<gHzzOi`FF2eV4HcV
zRpRx;kmqtsd~Ty#z^{hI@qfDgpTR8J+1*YM4lS}!wEOGYgKAIRw{ypmFS;SKbF)l9
z*1zcIj6NT|-rImh5kR4jL?J=|8JIe4U~xIe!wdC!f`!=3V87U3Qd}c6Y(!ZlKbTX<
zRT2NcjCl?=29+ftk><$u6kdfLcKF9xNu;8RFzXJkef-s0>lLB}Ta7L4{N(r|7Ldde
zwo;@Ux`Opw3`>h$YBAB2E;F^;Ob#9!LY-lq)16E;nf)sf5BYGkhZ-6J5{2pA?w5>C
zMY*pa%5AfMd$+xBzgUM#*oet8YBHi)wiNytAUK`uhn_fhgoYNd4G5dqbc9SqJMyJ_
zJhiml>#o*FryJbF$o<+?L|IoUEr0{2RKEjV%=_Y~|A())fQs^q+D8WvkhBPu5)f%n
zL^=gY>8_!qyJLt!R0IU1RZ<+JL%JEHq)WPn?v4S5_`fsw`|kI@cdh#l3)ULujX7t>
zv!A`sKB+AUcP)|MmP-sfhd5m1qxS!aECvTE_pMru?I1qy9z|ggrSshv@!)4n1y8ve
zc=gZ?t*CF)0Fwqi*q}TmBmb6eMqwA!ELAFnUTqG#<kYL_rS`YTcDElh>Vp@=z{X=V
zZA`wYnCZh>CF2PnKLh+7aB?C>9Rx(1m4kwpn8`KJx{NvBAz^?m|HhqBD$(-hDm%1w
z{ZAWw8&_CFMFz;%OlG;Yv#OYTjMM`xV)6!$z)EI6g)kq5ekA^(l;pk!`+LjmmJ7S7
z0UoH1@dt+|5w$d0p`gu}wX(aHx<9&n8T4dws{9^L^9$bwWksvA#;fmduT2ltW*zdb
z3?-|$DWsxAk&tbEVQT1A*+`qrbOP`6<|7cokmH9YO9?jq(O=T(Sl*Uv6HAO4k)b@~
zcrGLV1uUxad|*+*HK#3j$>w5Su3_mXNB!UaYXdva6rRYzg-d+%{_Up{Y&B)8gBgl|
zwc4%WNN`!`O^M~YytIDRPd~{6LeM<0unG&K#Y0~lM1B9C1@tdhL^6!;#)h$e$LKNO
z4l7uM(ee+c$DrM0W4f(Rn^Xb`bew>ac{7hF8wfjW@phQ~(&eDAxhUEQG`h-jcmSLb
zxzzuSJ1k4?Nx^RR{-bec8%Wx>djG(Lgor{zQ5y%$oWN<(DheGc9c^mb{}HB+0L}w}
zc78oPlX%9&`J8M0*SIP0#%*%U#|}2kH$RoNu1399!_4Q-kEorVb@vw$nvQM8l|_{a
z`#Y)pN9&{N)#2gOj_$nw+h2(OxP|$qAP`?dG#l(jwEe21eN>qQEpT~KOeYA$p{2ii
zh3b68;3fA4wZbzE{ikKW3t*X<io#T_3R+{p2!lZXI$Ov$WcoF@r8uHxfGS~!k=yyH
zuXV`wHCi~vq_<}1^4#@Q9uI5DoPMDJD&rs7w&?&9%_oct68IiXAxuMEmV$|Q+FxPp
zv9E`3QL?97w&ojPZFLcO%)>a{6ojP(>qXiSCHS)E|JQ-G3Jcnd14}QC-b4w%=lFd0
z<UD4_?7_8B^ecK92KY2djEqXTy$}Yz1zeo7EJICu5++NBCq`VrBro*iwffuA@5XH>
zynd>TnB>OT)Ya~I_2-BfSVoMyjtaS%Ckx2=$p|Z3Zs*neqv?oZR<@BZH0Z`U(cdw4
zDFEO&kqm_upDM|;UY0fk-t!+AdxI8@@UqL%qsGFk;cK&0QlzjY({Pcg)u?%-;3+@x
zEmKB(mT)llh1NahddvSyGi98%(39>>9^u}r1>6p>=-+F^R9|=Kni>8zFKq_idBlb>
z_$yXL!Oa5y`9i7IfKxZb5jX6~(8x@+hy0mYQ?7eJIINS7OK^SV-#z{_>fZ(ogxysJ
zg|r~1&E6PL07CdL8jJlAKD1j?AiUaW3Vkdu%EW5ETqQVttPq3U(+fa8=*MepRiw0G
z?{B7)7?!NqFkSk?9n}#VME?SI&L7)`6yano7$*Sa6<o%lxb(V%P0m9l|J%CP%WngD
zuVWtX{pO#6<VoRx9_uyeeBWgy@)B*FS+%tfcMp>SzL~&{pV`14<)X1WvreK`a=6p6
z9S3!BDCc=u+5q*_x*VfAK8zKAl(8?Xo_H)oUp?*hz<L}A|6<P|+=Nsh#Pn&e`qMi2
z+^gyTm%#ndp*~;!9>V*pHJbO9c*5nF@0rHc;vkf!Hf^fN448x7^f$pVBno_=iJPAi
zOR>$sykqB;?9t}rjCdmcbmk!|0*RoO;m&b7FlydT;XwndTU|HF%UYtUX0A(^zCU{f
zSaoOLq?d&S{v|SJZfoO~SPe0-9VXU`4+6-kIv6-a>?q6*2-rZ-mBXFtyrX*eIU;d|
zi!w#z<D(0~sQLPyAS_VK<1VkTx?m}t_eyF5ZU5UY9&A`_emtZS5Z4WpIlH9~+WqFq
zJzoC?c{gWkt|DZTHbJ>uXn0+d9k6+Tol{J_pH}wCO?lmCc}Q{3Qo+A(@q#|UGiQ1&
z>SAFN1B3rVn4&+jJXvA{^Ekz`KceFR=yPvx<lJ<KSEkE&y9HgMQO()fuu4&YEnoyd
zQ1hICh2Xen=8CP%X8~(3^w^#adqu6t<mi`_Rn}7iAsuk{<ENOx2&gZ6UKbqPN3_9;
zSt|-f4n~R7HlTK)?y%+Qfgt9`iLWWd6@Av^vT76H)#`aWC0wCO?c%@{LZt8kw~06e
zk2eJc7Neaa6xn;|!(4kB6&KLyb`l$+ley<Y8XveD&YQQfR*Utb2i-ph1o;;OXlz%B
z*OGr`8<BIH7XGQ3VHMU5UV$-~$1opunqNm74-+nT!*vxOBln(p>T@ZObozVqkLaRp
z$-M{P-$ql^c|EIGiyWT=u4-~iLlgLu#m^xX)Uwy5SSw!ZgBrJ316n-2ml8{0!-KgX
zXB@6C8(^TtCYj+mXguDF^gaL1d*qz+DO4Hg=mbg*v8W<sYj|vPdax0}H9;ZPYKm3*
z9QbaJ7|<(4pvZPtqd{}|a*nm7Yy9R|TeUS`5i7L0SzOwz%xW<e=c3V8j=^u=?CKqp
zQh*}+{+o(He}o0jjS#>Cg77gO+SymDjoV=-QMU5{l^mus4O3X6@M>@|>a6o=+hdOh
zMhgC5u_kRJpb$0qM}+a<Q#WH~QEG$l*?NTq$lHjbtIB1iR~|VjN<=trfwBC3z*5(s
zfmf5n7>hwofpMazNBxn18iLFp*s*53vkbvO5TDzg4DaUAJFrxLU;Gd=SkHy5nc6VB
z78`kfo@3rhd3CWXSdJ*O+^OsnhfP6a1xjvDgUY#o$f?j0J%=Y*4@5uF)G+6iwlx-;
zej=2eh#>=khoaeJbE$I};%#-&F>eeHYb=jEP%qlb^nmBh7aE}K7!;Va4W3{g(6?!h
z&C^Q@VAnfa`?W3qO8A5VNsS3H0T6@{t8-s#$RZ83=DTYi&O1;qm!-f=p^YI$2a4e^
z{`ujd=QVb+Z``u=+di_gp~n{?s(BKEi(4f6In3eAZK@nkea|d#yJiH;Cg2c|XBYUt
z{bF*eX;yG>o9>qk45pirN-$+J3EkWYp0%}u1qK4Ccc>J`b_mpGI>s+QxsaGpt6a93
zT^igM(E9Mij+Msd@|8r`I%aG>{&_l4CZDLhfBL&1y^Hu7*Zjl=9A5dr_}EWjVEBRS
zVWK5Kj?|6%&E)~SDP|c0*yE4i23~KtPomMjABQI)_1~|UNGP(~?A>$Wn==vO6e?T%
z<!NPZe@B)K5*7C}n5^T{qaQo@bSTCo0tLj6xqZ3}Vn$~-3c5^-X1F;UMP?@F9YXzT
zJ+9=U?0$KPK)Ob#Q`HtD)&;<K3TJzd8;dqtw^BW$kiUJy>lb_*d>aFu4Hrk3PWL^9
z+YicWXB5GG^=Ya5aaM=O@Ta{Mm&5IQWnR?biLLBH3!5C1bd(A03p*SBr3<<{eH)HQ
zZ`Ss%(X~5s0rh89+(m(>BAz1#;F?><+fkfW@B9WPXAd$r%9a98g}`Dv;Va?W0jc|+
z+u5V+jE>{7-t2u^_5pjLX1gd<y25>$_kE;MRU;cddqN`M8s$kBF!*ZSg`1`i;P&nm
z4bAM&j?&dHNPB=M1#bDsO%}}xT$YtDt{hkS{V|uP52L@u>gnm_m6)U+s>@1TWL_jP
z8{S^-WxSaz9<%Z5IoG+^n6OjJ66HbFB#qOK*sB*}_Vu;k25#<1x2Ty*3e-xum*Iy0
zUa@q-km&C{a7z2-$)BCzts2JJS<wl>sin)Xiywb%LT$y7jXO~ukg?N@&Ic~1!>Iag
z?+ssm;RUc*B%~|~wSV#_>YiBdJjL9>qN7Wcd!tUHO2x)UksU=JKF!J9@eh44GrO<?
zu8Onx1xE44i=*R;M&H27#O*YLxD|*CYIdP{JFT@MEoq8@%8FlS%)2tNmuk;#e_sHC
zs`tM9I7;I~TWK8`zU|FlyJ6fQKC-mC6&Og%D4N>pIjxq`H*-<Kzdh_T>vs_@Xg^AI
z>RV~O;<wiDN+58t{S?x;i=v+1<8}z#_V+Hh$oMrgBfwuR|9mLfcM<T0(p;{wWV!cU
z<JZM{zI3)9y+<9+?-??RgWda3Q<p`wl+zc6oQ?^rn=7<)0s}Q%;dXI8n+0C+8|-b3
zr!HHZjoxCA1v6<uF8kUID#uD;u5<q|+hn_UD2h{m_XwU44{@DpF{IeU>`v=JOL1)T
z@U{<wXpxz;OUj*tx+>!q6xnIOag^Q8Wkc1><x#`Q!-bu+%EXb$aq$n+2d%1~<hH#u
ztG65gDSLJqFuP^gK8t+85n}g_n!7OY)OV8(`F<&$lFKN7M{~dSw94d<sQh===)5@R
z#8Iq78uj-9IYSUSzk`KIBd05&-wEb`w9TPH8g~M@WqmGnq98*H()FUb8{y~Pb0|HA
z!ax^sNY}GXTBH&(YI~1ymOFPr+JC09+b+~J^iIS<ZRablfj`Kf)r^Ie+m!Vvv#S@m
z2NShi5LDyS86bN>0`c%!K{cKYFC7)`RPRMEf8{})M9R{}ytGgwmX{f`yTtEkI51@N
zA7k29sN{*J7JnJJ+xNZ80GxGE=h<s#C7yV5C%B%vh}P-qq^NS5kIQ$I{OB|TVr1Ir
zw6%k*X%9T|O$0_q*!ZNxc$!Msar5(;2i1&?H}jmRY*28ljZeB{C>|56{T6oE4YKGk
zcaC5AEj;qy3AM6es_$7AtCv1Ej><NOu8$V)(Q|KE)$ww*^j@~jq8j%_WU}wriUdx5
zwqEAV@S(YLK*f{cVVu9PX%x6PX$*Ffb}>ZxfWdV28+;6lzIy^6GJr0YY5X-S&o(1V
zy)LsO&5Z(%JR$8--j}PXeKRXexf`F(t3FI4hlI9U_vk&3qb`reC%N|*K1f6AJp8|W
z++b{^g^W@?^BT*`@Dm672a=mk<?Sf87<yKOTs4GwryOrj<{flxpHPBH7&~2##Z=Um
z!e;zGdW$nQ_8o6S{uXgBYmf<o^&1bfh<?$Df986BqI0w2GN=9XUBhEuGvd#-Bnsl9
z%l*Y3b6yv%D7s+}*()LN#lztXpP_^CTH^|rGgPM(qu$k-Ao%=LhpfFc@H{avs?Im?
z)z{{k%K;jzKi;jLkd;v?x|Ji>u|Q)mEpmM$VqJ{&+vvsqUIr~?{gK+V)nwm57oe4e
ze~{s47Z5$z<dyH)=ul&-f|f|Gx8~l*HWzTi3{a*E)ChPr{y?6p$N6L+1IA|iW_&Wv
z3}3}F*6i#g(K7ERk6dsRiE{a_1fE_5_*|{dAXkejy{4n1Dg!TyAchce6>g`%Bh+1&
zqU;J;ZXL~b$n=49`AqL#;6rEci)Qb>=^f_+-#6?OsBQM0A4lE^yZ*C1{+}){d`nRW
zXA9s9L7tg?vAWAs@Q(LD{jGru!3alXNLo~OyFns&s&8f|I9uF!gq-^#57uh-OS(j?
z<}^dZxNJ6!vVF2}Xn(M8F)y&tVKSrEcoEfjdHMrV$8UZmFwk>v*kx7;47m~~F$Vvg
zJ6~^?g4yBX+zt6uk*QKLiHf>Eqkd$%_Q5ADFk+)p+GWOTWmw$U33Vxh^y4#4>q@*z
zzCCTIw&H(^)OJ6p2Nx!eZoH^$47f~mo1CPbzR0K*^F=nzRIScXUUV%up!5O*bu+4d
zW{c?@x4rUe^nxU>UKz@Iq^>R%$F60y%94sJJaqAo)@@i4>5|h6YpY%7+bZAgn)Inh
zB9ykfHny!uyVxu0W{%De<T*<&l4ZoB=%s{=78i|~uVM&~IgS;78N+PH?F#d%w~aeU
z@E3u^W1Yb^)ztGEtGKD@shz6X=*!Biqr#EeZsj9VJ#g;g4N$v9FP;5YKQ{Hi8U5s|
zHi<QOceoMVXn8^3jL@8Y)IIeB4iANsgr~wx(5sU2AvAfR#5P>4*{n|Du#spRF~YL>
zjKpFI1ePVjpuJayvs2b?!a&ky2<z(0sQ>Nrn!p_%B-RaT1-G2AGsPq-quS%L46;L;
z)#v`K@z!Z(`71W^TRqA*L6Mp7Er2EqvJ8bzdO1~A8EonY26|@gVGf=O0(o=fXO)|?
z>NN-m*Ld|C%dDVrZ{m4-u;VGf*}ZY+uaFfAS+^$Fe)*5MdaW@YqdgNtv7U_GO$s0y
z26EUV+^;m)k#Di_tq%651_1JYJ=Y<cTtHVQr}*v{8cfn+*NHvA?>q7cOFjDGL1QC@
z23xh|+@75QtS){zvVIvuYVE!?A*42u3JNa$<>8EmT~KEk{#O%CO+5PVuUqy(kx>@e
z`|JTNM>5O~5oI`!K%l28pYPb;P%IKmd5}zoOWOMZjRHTKSOl@r#9lHvxaGKvRK72B
zH64D?!6%O@8VOyh{r!KjC$!UMes7)uktEdX%|}9MZA7~AgzeNbVSo$r4k`~0euejn
zG#%bFUNwYfCLy1gYSP<dGCu%8KhP}@NN4w0=X%swcoKq~#g2sq?i*kjlt?DsCV(OR
zt%g9@=ciCjp@S=U?#tTN1E=no+>7F}%?L;J>4v;>$C=oD?j-&_ePLjDoiRBH)smn$
z_kpy8Iyxso<^*7K=xF?W=`4@oIyWvYp^e#_SoPyGhqg>Xbaf9i&*Ob;e2+m2bZic9
z(gpaj40zM2H=0L<CgLvLBGL3;8`)=WqNkIugox!lR97HOeyHB@$ND-JD&#tJqC3xo
zt?NG#U+a{(f;3hCOR}_>0oWK_%Ln~I0Oa5J$OHta41%O|nSlV{k;kwnV~G>uQyG~y
z_BFp^RhUxk`E&6h`t{i1ONHsg2OA((0ceAS7dUyTa>qes7DFp9{E6iA%yoLwHiODm
zHuS~M0Qm<pDZog>n?5)3lA}jjH|wVfx@p;^rTcKjAN^1IGP$>bXl5pKxB8LP6#B))
zIChgS^*U%N(JX^SSH9us*Temi0z|*kokFkPw{AXizJY#VyA?dl!2Arq;}g`(@*kUW
zc)GMibnYl0F_M3}y-bla{D;KKaVJrs$4GPaj2tcLP|A0Kzus+=0L>zu#VT0Y&;s}<
zc|dEDAw}v4@;}$Hc2ULo0d*JJ@n>B9<?cBiJSIt=SsR{8K|*7J9^hT<4Ki{l`Wk3f
z=(c2*lA!2(04K?I{FTdjt$O38Phx8y_t7b9-=a4qCO*DB@SB62nR$yzk56|*k5E3)
zGf!32#_gIwBi0UR1^A5B?1E^DKY;Qb+_*AAnDn<|{hORIO>#i}mULjfJ08+(eveNr
z`{LA_v^&K1>o~Q9;+G*i8P~B&_Ih*~s@_WOOqXDhON%O*s~Y(b6IcJzK%_@byhJl}
zq#sC0y@7mZZ<{EP*-1f1B)Sn|km4&TIvd}qdqWq@@_~lpT7%-{yq!z%PJ9R^YJD^Q
z*+MFTWN>24&b%msbBQJGhhOAACTf*(-FEN@jD2IzQ$y7b`z{8loECQiIx#!bCP;Qt
z+Te#cVS-m@-X<~u_y@q8m~TzN$$)Qk?l1s%E63KC6IT&DLp9e7E?&0xiWxHYO!x_D
zOW<HsM?O&L%x=&)^X@GL5tcoPutW}UiFXHvA*!JpOI>m#lm{B$@WULjCXv&b<m{k2
z;ox}VJqEoi5;Pg>EFej!UEFd=_W7|+DGq{$h}*unszb>!=4B5lP?vN1sdpl`HYNZ9
zWaJ=<^h}>MKVO++dkaHwka*i9ah8zo<1btEDb?=FgI^WZtrUS*IPcVbN8%N3G&@21
z!{&DsZF?u<lEWAG;&#?GdF$QwHd<DzBk4rZZN(U&uPHzQ-#egRNh%QjGMi(X_A#vI
zJJe8hob70-5&&&!;SZ+LJOW29^agK6^xu?E)G$)^5RAX3w=*pV4jZ0P$t@Xa%pQXo
z<EK(G-j0&2h1))eY&pc_D!o(h0K|hmAc=e<Ijrb_7uxtBrTj$+#gBv?&5!@0?5o!o
zr!CS~u7l@6RtvbguvS4XcmF#1Gr{En%cxEab5sXKONE9epj)QFb|>iRkyy6}>`u3z
z=>?K4`veo`0&_NLX(g00+E`vDGTsV~Dt%XE&ty@b0-qL@wk_lcvp}<Kx1Y#05hgr-
zU`E)Fq@|%wjsTcwz!>N))9fkM`g4*;C7Q*J`sJ*W&kBHpVH}h5S+2%tG7um;Z9Ten
zlloNUQChOBKxgHl!1<x>>y#c2=P3iH_f9%zv<C=?;GdKzt4X@xNaN$Lm~+}YmsaWh
z781~9{|4O0N$F|WmeQEvg!i0&PSyg`4=9i#$~2?&-+<6!22Db`6hCn~_QcAjVdd*{
ztjtV7l`e9*x)Jn^r14nu;if&|c@d-&udmgGm2H<=2rxQc;UTS3F|{H~Hb9OKMBUAh
zGGs149H$H<!ExYUTRO?vb@C0>^RNo=${s#q3XD5f+m}Tvh<T&F0$cPrJqUiPi^rBW
z|ElDBuq2udp;iJ6VDb0h;L^RD-1g3~NmFRo3pHn<wv+s1M+xJ+9BmW1FpT+qS)Gdr
zd!r%BuVA1YF!R($4WQ3YxVvJRR1!q=?2DMcrCR%D<Qy(6(lK8Nj01k~GW=gQ=COZX
zP)sIxti-g;CYB4GF@_Tm6Yn63b#)HMDkgx{8Kk5h-H|szpx=7J0##im-w6Ag(6&0;
z`Bor6tMW9wsE|1$N#4-}gcZZ{flex!8n(6g+8kJs#VxHO9E0un_b8Cok281fwRbu6
z7|;RvjygqmXSf?iDu3hMLYviMo(3%#E@{G@gtuW%z+Cs5Y?YzWQ7pjQx0*$dT-Bh-
z`-$uHbO5KpAiJ8Y%{l%naRqO^hjk)Xe@|p#ukhKml}i4i{X7D9gp}0X31fn3uWc~1
z!@#uMNK`sHQvf`{Xs4cfm*SvdiW(H1;E{mk(@>w>C6EpZK5(%@`ysHUd&y{%BrfN5
z^%xYX98aVudrBU=f7ZR``XWfvWoQ2GXq4ht;ci{m%y;Nq6`bfT;5n%Xsgp6r<zsg2
zuNQ-)q|Ivx^esU<j9s85t-6mJ5k=*KCD=XyeaQg$i5SUf9H5ms)T?`<x=G2=^|>$r
z!6Hp3&mTUBLB@>mSL^TCJY$sscO}{~lglTHq^&SvK$-NL`wkN@MP?tdv$dvE;lUx@
zf_Yfx(|e$ql*`VnlbC?v2Fj7jTinjN)}9i8PpV9BB%%fZl1hUnHBDyIg!0;Ba@h*%
z0Qm%z@<kVSLQI0RWflmuV*bD+6rj2x=A{6a2{?edM_;h<$5hd<<~_+adOS_yoto-y
z6={7|n7S&RE!R^YctgYm?qVU|II>FIKy$wE2XXeQB|ybR3{Y!fDu)I&>UE)j;Q}YN
z@;FXay8){*-cr3!{ly8aX^zI~%sYwBcPdiCLle3P-Bkp11%1CM^w>$<pou7`p>in)
zXj%-zjvmb{%e5lEXfNlRX=oZxfYdGs$Cx1q?Q_u+_6YmOj|%CtTbj*U65SRg2pU}=
zM+ivNV?dgI>B7)?Adicpe@I0<FniY`Mtjh)QU6F|@$;pShK<x<>|oAM<74Hoo!9cz
z1o(+@dISqvXfZcn5C+86Gy(fR@kq?fXNs?5>KS?P50QkS4a5J)0{leA000plU;e|i
zsz)JRU8t=DSGq5vtDSr~3Q<f~wR@p)Gfro{U8NXh0^dIO3JU&*kE*(iwlV4VzGp%Y
zJ%t1?Og=C*Q5+ZXvU?2U{mMxIm57o3|CDPx5EveI;4RQZO0hQa?7PABg<+W|2hkN(
zf!o`tpt57R^5u?P3^)2;ZCJ+&6k?E=35*O}cu>WMabwl0Z0P47!bJcah34b_r&J@o
zB$!diIBnCzmCMcN-RDD#t;AoBSk0HAKuII0w;ecr%iVeGHO7{G@(3dgAD2V`wLs2%
z6{MsXr7W~=!1XE$eEg!bxMHwCJd?YmFn6I+KDW-=hPn|3U={?i0w2qG`Wu{%r$7b>
zHm?-M&pOirB=CyZ7m$s}DnCiWFO+dzt4tR9=crirb5S}#`U4U~666S}KY3y@%g(&$
z;rRb5SW}~w^Ll^p;Be=q)Z1{mm`+9YpKLBWHAZnQynuIuHzjYoi|eUcpZr!>(~L*O
z;xKinQk9lsL7x{-HhnMPTd#n9=yddy0aT|~AMxk`nIIIvE(^+Nr*OypDPKq+j#U@Y
zMhIIYljKPtDv9PUJaByCxm{nrD5I9R#>MNS=jswapfXqyFah@Y{EwwCeO0$5tMQjG
z6$GHXYN@WC*M8s$@r#k_Dr33Cy7N3-16Z!rAniW*8f3nGgv-{ydE1!`19|cBb*>Gm
zkahUBoGs98yGxZ^)lXgn2n7-1PDvFuNr%OA%^z-2O=ye%l@g8n-CzvoM^|W2tJq}5
zB)%ydW(9J?z#AVmcV_{Q42W)I?bH%i2j@939@euu<&!6*35QybskpzQb5X^crNArJ
zFYiqIsDN#{*AKlEPW|@+K@_uyBVfX>UVRw&sZ`^Ru_(hLeP^VV8;Z62Crc1dUEgoK
zuwZ(d?tGjmy2F@}(bI0>aS$fyE8nN0h6QN8yFCr{wW?e)G07y}H!>@8f2HHzy7?4%
z;*W#DF+oW$MKgn?oC0_4gJ666@i1np;6N`WE_vJknG}hT*K)4Ugh4aUkh|FU7(WA?
z3>XJ>e?Vmz^=4&~zT^VN1HYM!{2KD=BTW3!H6ZAt4nC;kL(UD92^H|EBLMUf4B#`7
z5LUM22!}92{_3wlPW=*<>URWd{t+{{^gNM{ww6<L`>+c2g9wPx9?8$3>bzRk=`%k?
z?;p$ZGZi`2Pqd%)ZfX{B!%XECOz74uhm%OS-^84&pZfbX%>wWuHIYp@7arxSxQD$k
zt-Q>vSE5^@+we?SOZvO`d*z$s+|z4bR)_KWgTqWZm1)a%Bv7e6|8>X<^Ypk!mTwVc
z9~NVVm_oX6OEu;!+FTZ@p2^g#cyM<dkqu@}CUUgb09C|0-`cA-*0$+l2ao*A7WAkm
z&)&`A7I=MSp!ws2n8}&2%z7s(ugpB2^5jFDx8D2%n_k6dKij{opS5gieniA@t;HPf
zCWX{Hro{KwrXoeZNb(3hn9YTa&+XO#S3Dfsv28iJ6_cWP&#vCxM5SMJ=e1>4%Z5Tf
zi)6%`g-lpPthT(khU>=a$jpLHsm3dSJ`f4H#{38wKy~Uuv!+vz_r%$bY9_iWB_(Z8
z4O>x_oC$2m99I^PhpaBu(gyWyK(QqB@pQM_^Pbo!SmVQs_zSaaO=t5a#M>U&rOR2`
zH&5gJ?zvO7?rO`dGN+}Qc&{fR3LeLQ1uwK@a{|uKa-O@#xVrZUJ~O2RT&efWM_<Mm
z!<5Gkb@eU@#(Xx@9Udz>DRDev9o}qdIOjMsy*9#LmoHv+BDET{wS*O~gopA^Li{t&
z#ZH-@>;ae&x)RYPussriH@FxQE1TNQy_H%InH}6y-`1~o)3yc@kjV-jxrj(+^-vzB
zuy~&*<f5v)rZGF2F^Y<!2TPL4L#)0s>IOO4F$yH9ll|%kW#Eadi+Qa41)*Z^z=O#j
zu(fADxy420zrFAn38GVx2MVEj26%sruQ~f8kKC-*6+N{73TisOBXfd?q?vf-oCojg
zsar%(wN<IO=U4%yt%bClu@mF2C^x0(<F#Yy0H;f2vaO44d+`3?+kyk4RH7K)i-8Tp
zEMWOc!IA8-0;f%Kn@z$vE5K`jO)y2pJ2I%|9=;cok2{nKUE|yQ1ajaoY+zjg#H(<M
zK(rDplxuFo7ZLBNGd}Fx%we-}S|EGu4vfuh!BG##4f9WN3fn9$>DFp%v0>Hw6dg<!
zQAu0AU-x5V?QbQHW%ei&u>Z&$U^~o-D{!sw>`+v=$M(7|sWL=U6_@CV(Hp>?4E%aA
zp75NXR-xc|C2d7sqkH;g5cX(842Kd&1ZQ54veonFv)vWJ2l6W`hBx)UNUl#69}Gl^
ze>NPgcJu^(gg`~ED-$VFDt2;LNh5z97P1C+pEYmv5k~XO{HbC#ej6y>_o0Dmx%XU8
zUv;66K<Z3h>MqIG<gDz)lriB5JC4#F3aAdj{d-SYvNI1ILY)$K@*nx18r3UYM9Sf2
zk#FiZznf*=sns}D9-jJYxV|}E?YuQS$i47ng~L};;j^HmX<s9{^iJz7`;A0WCHe?m
z@w#(KaaJYkZ@5~4pV#q5rU#qNJZq4BDbZd}jP=<4ryjSD(jCWDP*3yx>fBLZ$IjVk
zdx-faajFEoT4x1_xFKd)IZC84&}YBmFVb~ZJiy7?Q@}<yFCgbEGe*SMw^L(qw84nW
zqZ()<{RP<gka_4*vy`UCb9IN6tqqnGXQ$3ps!=b-SQ#x|6?TZ)nk_}1D^ARnGfvLi
zsOKTHd&D|9GDSYGr}jN(^{gIyF>R+X0qe;%^Rz|0`fl}7<-uAeYIuh-P+L!^@?a`o
z)(sZv-{?~;n#B9a1l}x3l$o&*KH@OQ=*P^~t@PYwQu;@iC~KtC)Ex*!p<H8l`&_aZ
zD6_2#)q8(c<@Ymn@#^c<lE^sBk|v4#{@tCeC{)F{C8|J-&X}#Td}>LBN)bY}*#)jo
zdedRi;jp%M+>XDyQ|-3jTal%eN&Q0{e7f>%&9%MDSnMOK9*-`MuKvXV(92*;emjIe
zQ&--c>C@y(!d*XmUK_6JtEC2>wwI+lq|nhl_x&Lk`k}`=mS6{F@%YpPKYcMcgHQgR
z?lKLqMbL_sAurd%MtRn#pLI0Mq3-Y%L}nkYA^{=uNw-@(0R8Jo7m8i}+-F#-IhK#X
z9m*t^)!~@bl2rhDv@E#GcPk?=vlDXk>yuM5O&vm*y9HD`$AlKXR5<{o8$yY9YkYCD
z?PzdxsKJpZpfc{l^*DlQq3*(E_HVJ}Ma+@n6Q9F9_XGFX24%^hX4I!~fs_aUO-1dF
zUVY1}`T0dXV%9FTZ(Ofan+x^*IeDf_ds`)InO3JOTb}H>F>Gw+S8R<6<$DrmYpyjT
z9{paqy<4q~>w*fMTk*Bd8F_<k%1Qg$dMu}2H>*S|VZ0UnV@*AiUs5PE7G4i0SF6Ww
zXzjzeoX{&}e&iaLpW9F<42h*CIQFWS4vkTB2IS9-%&6~t7OQtvN(Z*t;a2?2Dv8zi
zN<EtXl^62^_Gv{Q@vbAktC>^ok(#mNKlC=%Nv2T;+nCQD*sqU2k-@Qn*90-S&3-Pl
zuW>yW(1^UW+g_<NUi2l&`BT6^$IK;binD8M*<sn?xc20zVLVH#aA0tNL$=G_&eSs(
zDZ5*Sco5VFySRl+6MY{48xQ^fXb0)BmER02cu+~9w--8Y(*k&SEHtU5k3d|`ayWk(
zH0yk;ypXB9Ae?!Qs5snHp>tCCjNY3_I6*FSkyYy?{bjAD0Tc28?Pa@;9OP_Mk0%X(
z<LCIao7YzO+T)@+aH}C@QVJe?a#v`{qxFTvgu1ihlp9sIvU%xB<#eFq47UYUvV;7&
zE3iM<E?3-H-e2?Cs7yuLM0M(<^PLo=F8tY!(ThyKq<!2cmucf(Snyg^gmln}Jdqsp
ze6n1laQ(Q=3|(T3QD?v=ch2AC!EM%kfa-+Tey-Q3u-OY&gve}tt@8;%f67a0`^<2I
zQEN-f!Rgy1=7un%m}BdF_raR-4IRfr9^r^ophB>v?#7NNfa@X(;7vx`mLZ`H@W~*R
zb746M(UwD*SzMfxeZ#bT0ss?EyvlTk7%pU)U@E9U{pz-`-S{$w|Bw;r^INiPiBc)J
z8ahN1`AtN1X--4UrBYirX9CVKoZfHD`s4s~qBkCqR*I89d(y-oT)LH*dgOmR9h_wu
z0wAvI!x_{B)KQ}2<%sg)riDf=L^1R1%(uKD1;Ns#>@)-sz_l;495{@>U}aZGECPE9
zN;5J1cQTah&5Z|=cZW12(9HKcN&#K;L%7dYWeLZ0Mcl9C&;!_#FU{q4pJ)>-V^UdF
zqkt7r|DB8gVFQ6B6`J##E*blo4Uj9>OJuG;fZzn)d%8N0j+W76GC=JtHU33s0{%O|
z6flWr<@~<~05+t`V2X1)X6n)$Q;YQP6Y#FL0NsY6&+YK>`7t$g|Nga02W)zmiq3do
z783k>7g`D=Kl)rSaP?Momr)GlgnfpHo{-?#@fV<;=)c3e{VjR6g!~8M2bLj0;}{Bs
zlypQ#AZ}}-VVe6rSvnM&zULHJ7c1nmAK<{65FXW6bZGuRPYx|50O%c)XTmqBuhn4;
z0dP&Snj@L7zh(}@o(s7x&)vkNIR4#`luMuv9<)sYP*J_@7l6~4*#PdROu+APupAr3
z;5b__UF%d(>>=Sj&YB{0WRl{pDH}CoaL)zx!l;(wslr4~im=m6T;ayqQG3+Z%6M*p
zfs-alnu1wn*>%^Wn6&frRQphY%dfx|G9C0Z{XsZh+VWl=$n8>xfyPU8-?EPTHbuwV
z^)KXn^V_3>gMZ9$s|E$pi_7DC>>^TlV;avdf=edB1;`%o%p+ijgbxZIh?~E#(2VXa
zAV0{jcwC<UAUW=X=p}NaMq?w_#(qK8HlrppjcOeOo=gwbL;6Z4M)27M1j@c1YO17t
z*eoe%OednGwfJ;)&Rq&_??N_B_%wgJmL0?uuvM`HnH?qGu2sUe>K$^TXHVhVE!*3_
zx$Nt~lXhNa#zoW9(-A?_Z`JYW?>{O(xcDXPRh5yJ@dv(teyQi_HS@K!beBumZJC+@
zIL>;^$_YrNLArmzqjI4ncu%20gH0?}aZhdIbe^TN<!blT(B0>bq%+2zxDmV|@j`1j
z7ZnUuXVGFC5<!%mb$|V!x3pLPex|-p7TZFtB7a)f<dcBq>peROqVKQ57fj(Ub7Q}t
zY!Vc2I?QYdZ!kRF)vz=v7I^cq%fh5W0OC1bvVWF9sF*0`oi6`K)d`o+Y@y9c68ZzN
zYOP28hr_bh9vcC5M!>rUB=EocqcpNWin{s_m-`E6AFML_dXuf+;2@*q$}iRiH{Mhu
z(*c>kduCqfgKhAh(;(F<;T{&Tsde@`j-k47!_*?lXQFCXJ(1{kMS}ZEnh{iV)1WVK
zfOo!mJ92l|S|vSitiT|s6#i^(bpVQl;~X`I6x`k1*?x)Kwh{&@JG++D;8K&3QhTp)
zGi!^$gYoB7ph5HLlJ9r04qAK;Iw5}+_z9BuL?L*F?ME9;Owg_Q<E<C|cN>dnG{0Sx
z$Q>T$KLurTjufU`&=zZr)f`p7D8{1V6A{H*l`=LizgxvRRdt6)dFGZyONqtSL+skt
z=~}yC?0i!Phrh<)D{{l?eapN3a>K=Q1If@kpFU|;LT^e-x3pLzn|TnQop;mI=ys(q
z4sED11II%@q7OMM>anYaSI4K&ow-_{nLhk?U>0IUP`&DX3Xt#j+Z<Tmvz9CT{1Q&v
z+JiD6&kOme@u_PUjD>A+cBjNLUfUZ;tOmV&%LGkjxk1$9uZz7(PxcnqWX*gv&zHE&
zD2=~!^9Oai!UhT{c8JwagKLVFUaNYW0@`m>O6x8qsf+!Rzvp23FYcs%SzP;-#_IQ>
z5MfY_ZGx1JKr{C38r#uP^4^zkQQJ+u%gglpCr632DwkEaRcG%#pT7<A+B)HK{vZhQ
zl5{ghRc&N{8Yecu=DOgqf5Aa$$aX%#RRcmie>AVKshKX-cOJRi6BpnW%EDw+lWm+=
z#gAC?ul$306}qBfLmR(5+@Kh?SkA#2W$bc!d3h@Z<YBSbP(>=CvgJ1+^-TqL%P;q9
zyFx>8I3FRNLU*@&Uq7WllJIWx$}{-A=3T^?^SN-8!a;7ok+8V!irP@;S;6~A3E=}j
zpYD5x31=$hAzT2dyqaK5d$Hp;@#>%s<!>c=z`uV|9zhpzuKPeD@y0<mF7H9Er5NXD
zXR)o-l&h*!X`k~1H5KLnHqw@OZRG8C9GY*7eP%PdYhH;T2brD-sA9i%?th_<8{(dd
zK;ZFL+6Q8-xLls+HJ07l#@(KqsV}DZb`S9~(Baiv+KCo?N}qF&xry>hS*Y54wpyz#
zmcctf0|IYw5hZffhhkw5OG?sMVtW>sKKB7_k{@sTs}Wgq@!EOjQ$AG_bup7yfs_6G
zd3FZJb7{t_%z}$;PNU}OdI&CE@j*IOHJ0A=Y0$*GR0-ki+L{43%P0&gdo?5sI_6kZ
z6<G9KM@iC?Y78o|dqC#*sWv1vBqfc=ZoaZ!T{(bj9F<x*Xu7`ou%GL?bZm*oM@Ypl
zMua01{zH~>gG-0ay2y5PThq=2CSa@i>lOUA%b(kc*igFjb1`N7P6CUr?QtC4rq0gY
zt1_{#+}%lDUL?+H{%h*yvgwZqDa!V+w2AU`#A&e)Z`XK<LvDS^O%*D4=XYRe&0U1d
zMiI(J-WbCQ{KzO%1;#zjL+%tEsMi_`;b^^Q(>jjA{~4x{<vWUN8TQ;N;k_Z&%ZXdf
zEpyFA3sCVE@k{3vq8pDMA%+Bd0><i@PZyq`ttA5kHk3w`fp3wEh@;la(^)R{hRUZ?
zB;RY)kPm2V`qxa_aTYY=&&_5Rcu%C$ii{4f%uKbP&?Xb;(S0wh&E^MN0zF&Ohq%xL
zl4RGfUU(A>+}(HW3$0q#o;NjPbq{cf<I`Rd9L_h2zsJ5xO+)Ea;xpspCgI%2lPIW<
z0D=4@Za_tMe@g**Vo+7{c(X{;Nym7h3K1QNNY1XKOt%B5-dP6~x9oZEQsI8@2&>0s
zhX|GPS|Zj5MQGjy809ZUNWA7Tx6|*9R+=k4@jGh`^=ZUKqo1&kDa0q)VF7QM3olR_
z0KcBIT(J|w;KO;3gKuYov+Lt1oU!hC)E-tbHn)o+B=5V8#FUDgRk-}t%dZd|CQHk=
z^q`$B`XTdW>|n)|zPqls;B;R|Kqm{~5?(fr>oncNGk}dK1UIlR6R?eX3cHn96+h!G
zt#mizCWgD#og$BE(~TGg{MH+Gq$?`zK%32wEh!x=(7{#x#dA{unrJ$L_CED#>W4E#
zRpY$g9`1M2ga4eyeI&aZe!qo<=0+xkz1nxXPi5rPgFfM5wr1tFdZpMp@7Z-`l(GM+
z=C#g46Vq)t`*rOHAM0>Ayp^y)Z~>dn5e=2WZVDIDJ#eW4_%)Ecw4`Q1Suq(4cLH}>
zb?Q%bXtOk;<g7FPiPB;Vo_qk%3T~s|+g7^3E*70w3;1-;+l#2ytMNXr0KBOwKaB4e
zy<tEDOBh9uD$y<(C3hi<)?3{KZ_ytuYCpnqmQWv_^8VexiKFO>`&Bxm{YLk(c%Y1c
z+mr0?hBl^90TYS28&?u55|Px)%Mz5o>_*SG8m@$F!#&mo>f-NFJyt418BB=p>|OfX
zCoTrgDw&vNR1)52kEAiEt2+0_d-KPnj^advTCikQ-K4a_?A>CW^X2(Q<6;<jaBEX=
zcvV-QF#0KZ`js|krmH3P+m)m-#|=<gP44siWM_Lzqb~xc&YPu8TJjZjetUvK%#9~x
zhEMkPDuq92MpP3LA2sSe>n6WHag|}CTL^0x{d07F++PoeGp<|_8zmj?(c<)35Od-k
zhKrzhc=>nR*h(A?TcV<jPe(5#=@M}2iIQ{flsp_0TOF@f=?d@@xijz)s%UB|3%wJ}
zl|np8Sm%GIoNs2ny}hXMMBuzRz+^Q(y!AIB4ut(I?)2|kd%JisNgnki{{6VU^Y#7|
zIJ~hB^6s()SDUt{??DI!)|sdvM4T5g*p5u~Y-4<b-#>Z&di--dboOu5vCCXXLv85C
zm`HMJ7OW=%s}FPD2D>LI#|JIHYj|i|uKQBiq$(^=XSQLuEcK6w_GF0(hqG3{NPu3I
z->HLV^^5nKLG)B57SAC!P6z@5=)|#`-_JD{RbgvsY2|Jvf#Ni5*r?C*SG+Gp=0y=4
z6dcwE=aXGWcOgfv+vyGkYO(=_bZ2M36;7qk6A#m~nB!ibpF9_V90yQ*rt~?`7mGCz
z_Um}i+dIMtOu8$hmt$9MC|#odn{!9?4U*?yzCJiqJg*C1osThneEVH``X8Tfos@g8
zUZCjB5-M8Tp29(Rc)3O0k-g5I6_*ROrnm24jtjCOyWB39(?Gw|ULzuD0}eb(Vs7J+
z3S8AJ)n42ud4Ya@14>^Fi6^n#N_47BAXHyUvtPot!hyNH^2|(l@DPV+UGrP&celZI
z2v;_BOcRx^y*`r_o-us;gFJ5isJK{z?D$JDiiIGHsNB>)W4P8Xzggk=l7kD6G7jxN
zNck8{3c){}F6B*D;PJF3oopCg?d{QsQ>?xj!1<z4@wReHG<^WlF8Nafc#`kdlXvmj
zgHGw=Yu;Fsa;$<oo=a828cF+7;>E41h&Xz6GF9=eU{S_=CAn5@6!4NLt)e%ZSZ{W$
z#pJFW_II2ZG9Jg?rIyab`TiHm$>tuRSuH8<Uzz<`Sv8T8U9)(W$grg~yeJBL^aghk
zLP3JgBTWpK4(Izzz)^|9G4Luzq#;+gK))it|8<;bQ2g)C_*?imfj65&j6HCD!~M_5
zh_Nkmt$NrtvgL0Ve<OLLIzCZI^ZC&GC_O8SEyp2#fM;zXv*iZX+ee0q69T50hQH<w
z=5JFnAD`?UVS%&*0#9LKFEur%u1?!8#fyIQj2eg3;HSS;VEQ!jB)~lpX-sTpHlN8Z
z@-qM;0y25E-zawNbrfbtX#2KZ`EF)&k04jKPNbwninSV^yFx<OMwXz_ELa<KlQ8^|
z#{sHjq9W9R_9)|{yoEH)ou>k|?uN^<5wU^P>N(ard4%xWzgY4E#E2Obnl1l^5htn9
zo-C}=EhI40n=0&EyPy_Gxv@Ad=jds5nP(r^udbV05D`-tnOdL@ilo*~PnIV}VoQ3k
zcJB@QeEb+gZlI}(osUSjBffG_i!Njrkefm*CmeAjSR!dj?h~EB+gJPz;JDw|PrJSw
zR(D^zvJ<V1D7m|J2}y$cwC$(QrtntTk2iF7pFdSf<|}ZwN#|8ateCvGxVJMKOLux;
z;DB5AK8auI<zm7^;}|xXZt~^cdX4Q-qzZVk$L@&O`<-mm@8%Z;jAjjkLh}y`jUbRk
zWP=XqcF@O<UyA%Ba2W*zY_WC;i@>jB0wCv#b$+L&kw0HHXZeJtCF-jQ{2mxE3r`;V
ztn+s>gxP!l@%)>4ZCV1Plr!Nb{`I(D{~o-(L_yAwCvf{7wR=R|m<deDU2Y{ebU4?d
zhY%AG2;w=v&$GibuKq1$^UK|)R@5~dTijY-RgRPEaYb?Y3oh=;D({HVB1Yj(f_vL<
zYf)dH@9)#!Bse`6bP>V6A-PIWM?TXK!S<M$hnF&m-^-q$g@I4I08i#7ql{q$KK7ma
zCpn;Ed0^kq@#l!UTt>cbw=r>q{~!{4fz+a4*Xg~R?Xb0bf0g}k3o`dMnWb2EtaPQ7
z$RwoLzc#9`(!l7PEvLLqaBdT5V*?%fy*4B%DRKYz?+k7%oOf6_TpoBFCZ?vk$CDe;
zY)Xf>eGdh^lmh}IiQ1#^|KdL(ihVL&M{sxtb<D|YOsj)M&h}=8o!Rg3&e>sgzuL?#
z)H{C^cpJNdz@SpB^3op#4FCUgG(2J!xc#h2az&1SG#>#1u>{>^;)%fPHg$A#refi|
z<acSprl7#H2ztq)`RC^oRc#KPUM|qnx6#ovoIZj%X3bXgY-|ne2v}#VmEw!^_qjd?
z3q#PL`vS#(7}CFv)%k2wOehd7+-o0_-<%RO7E90Rhjsi~hVz+D@}-Gmp#f<;o^q~A
zifuorDu{~z<xfy=E;eq(2<Qo6;DrYcfOr>V`1u{`UIh4GWv8nX@CO;KqXVx&O|g&3
z_*J=vhMt=sZIjlpke_f}m#M0|UA&>RGUPE={<cgNw((YY{R;NeLVd#Nq5V~R1Gm%b
zat*6RJtb)V=EPnUJbCsVf&D1<3u|l#yk&#+gIO!jX51{YGgl%0cnhb7(5NQ4qsW0%
z{r3Gwr1w>;iba&6k8ajOQ`U`YZBK34WjNxH&38HUTmv6HRi+kixDhZL@aTVuW(Ifh
zD_o}ZB6m<+H;jV(>^gc^sTmYAq`5P&#KT)p)fjU!SJ2>**Q)7PT4_$Z*kNu%V5n+b
zH#Vk@G8w%=WZgb2dvPWRk|05t%^z{xrR2;tA?8r$*4O-QH@~$cdwD)$5TuduWB|(+
zlsdtjQr6WcSLX*4V#_rcaN5DQsRcnN_ZQSNL#KalPjky)$+j@cuFK$ju$7Xk7n|4`
z$GZ29;GQGL4eFN7@t#b9sl}sw%F!Y(s^hJ#q^9ofbh>oyaI?NtKqJ{~^Y4uo<XPtU
zPjiJLi<Wx^XDrX#P)3AbSd^1>OCDnal@65&<`vsfMlEm^Yg8=TtIgY<o4XH)sc+w+
z&Nje*s%>{y1-7L^@kFJ;rfB*WRdg9R{Tk+6|BiFdM@SGnZIT?7i>D&~f{>WC!ewWd
zk}|0-wjU1;gLCeU6nuUzLFv90)7UUoVjf-WJU5L6cRWfJE%&m<$7iMS-`@#od>_wF
zM}p@V#_#mu6JE`CAoQ^c0^PXbCxqWkx!h9=xi$90aTaV|>$z*JAgl7f9st%1yMYh(
zRxk-CoMzN={_Gffc`L{D_k*MHQj#ld9!59ISOvIYcM2qn+WA2uccV*xS#h=zQTC_K
z_)^&K7Cd}_@2ewJ)yr3BvI~YqC9?S^Yo`egJ!St)GG6jk^v1IJ<$3J~_$$M@lbSol
zMpM6j{NzMDsj0RwH^aGx1b5WFm0yz&&RCRObpZwLyukAv2Fi1?-N1NGa%y)Hc7cAC
zKcq@s?|tU$e3tkF%)h6}QOmJvsb(r9;7O4GQi$hhET+X55cr~nw;blSk`PN<hBBjf
z%QWWvcb7XCxg=x7b2;Ry+AIcq2UzJDy1z2~y)u6Q(wk8fW1#sle_jF;;V$9ftR74=
zF=QP6Ozh7atv-con|39v7zB~bw?#NQO5psG3{KXFi;QIPze683?`o1%?2y!V6HWvM
zJ0)R9I=h!m5trRHD0fZ9`gB(&qDGromxaqvH-OUw``*0^t#2-UvLK6A0J%lsZr}9U
zey5DnJ2zFWGY*1`O(qrMPlRqw2nu!}8_C{hXIDAGg-oYwvWB7U-sb{!<f_!I;a1%@
z<8CX){SkPm%bst9S|oUClq^=?&6bIzRa=L#2aXP&DE<Da1Z*Jg<$`q7y>CM5<`z6D
z;r7etV2U%yj76JcLD?s{Y|3u#XyZ?$g!VH#?b0SVscAcD+CwNBd19|V@?8DQk6j#`
zlG1^Lpqonzq;<juBU;06okB}k3`QI|`nByRN7i72J8WuaPin#n%}C&R(W4QS49+T5
z{Jb106G@{n>-4l@e*8FNjGN;J^SHM^!r>~t7~0J;_iNgIGGIs&&2Hbj*GQ(zoo{^Q
zPP7ZUMO)`~BP?C+j)8$g22`|ISGVq@A@um|!>E=GpAS}j43=26?~H1}Z~EKRK+Zwo
z;ahS(sl4xVasu8iB#Z6t`OH#OaZWYRd{dm6p+L{sBox5E=NFK4;!YsM!O;&dFj(=y
zzc#9;Z-1Jt&}^NIdLOa5J~m<a_GMKNOR9xl%8-lwVp1NK<S2FE<%Nld=%1=mqs==Y
zEE&9#xd?c8EddbSL12WW_G*&S(rX{xAK7OXo3%1(AfRW6rkdKI8nfvd!EbCdG-_vm
z!Pc{ve_2hEpL%YVr+(Ac{TUAxu5x2`7gAN$s@O~wg|p4=G}4I<QnToA$F~EvLaD~*
zo^_V(<nbGUr}%EmQ`I<cq}x6{X@k>K3oYtUvixMzcVCe^m8e{NE*2Px#AeH7(;TA$
z<x`FnK-9G+!`AN<(@a*PPC!RmN9#1Cc-M|l&9~@Iren>%mywEA<@TIBG^^Nppq_A_
zKz8kh@dK^3!P*NbRh0{)faKdn*15kq@I49f?@qHsl+f?L`@bjFg7}JmJ*&Y_CR0wn
zIYp$Y8qeM6MXjo#^`k8)^jp<JVJ88@)_cz_<?;lTPj{nTW%wTIc}|#_j3%Wh`YS<+
z|9o!p=0uP<?R;LA(9`<L16lt$Rac>{Te`fbx>Z+(HHO_ofLc5YT&i+D_m=R7Yc0)}
zn1?(Wp!fS=IDSA4>>3+S&XU8XW;V+8=zdd^8qwmO%g1mHBq%p0S9|)3Q1=Ok(HSBr
zxxf4t>bQOi_pkbJzRxa6u^OQDUoGYZB5%q@o=n=T7zD!UE-&dOJK|qtUU2#s`oTkP
z{nA<7n|WL5W$lJgF>U#nw<kgMT`4K{d62cVY&+%f6P_v1wQIb^ahrmpieG}(SUz8~
zBcSfd_vXK3EG!gkZ!~bSIkXFtnN-(i6&R*HRjRzW^O=ebbt^VanKFOSXYjr%1U87U
zJNF=E7r1>VlVuImXD$*zJ@D{PXtH2Wh;`BGDSp*kfF5{_-H8FG`{aza*~4ZoKB9vQ
z0lNpN6SV*leAmUNDlhHg61`9No2h;L2ZM4^Re@L21U*4~=H@*F1hHYE?TRj<Z42#l
z1xq-`vo(XOijp@8&v<X$l=b%RW_TpNzfw7aw<@Wk!g9LhviC8HvZ$-86%FnZia27F
z4dw8unFiyPDc=!Mf|;v+@Bi4{GtVcw&GjKfHcCz;@?$_+sQ~177|W!x*e=n@81eP&
z^q>L-wKuD<w=^mzBEiNB4aPHK!{#6Z#t9iX!hDgEM&6fV#|IWxamW2&e&U?iEujT$
zyxJ)AR37ryw7kmKLkraPeyNKtAD;n;65Vc9Wi<Gf+i1fjc%P~Yf~20gXA?nfv-Lf$
zZf~6n>a5kv#tE%;&U&!CloIzEX-Fl66YMQ^oONOG5A<*vsBOKB3Q9KXO{QRnBE7G~
zJh?%4B(!}*G2r$=6{|0Vzb~iYT=jl-L7~y)_ZNtKHdT{JdVu=3QXUVNVE(0%<(IXz
zH;Pyyx6jIf-kBn^ey?4yAE$L@^hCk9H&qmJys3wP9mxk183frh|MX{bxpRNef0ZRs
zWa2#^P|@8$hRt!8g6llxKwsc@v-ug$t>Gxzav_5IVIMyDIzh#E+vy7B8m@G}bHjOm
z<V=byUN#ZCw0+`H$NsHl@(7QVBj(N@kiq1OS3w593k<%uL%*5*AF|#8EUGTrAD#e)
zZV)6zX(^R%Ns(^pQ0WF~7{CA#Pytbp5E!IGx`$S}K|o4rk?#7=8T7sPf4_B}XC7ka
z%sy+c{H?Y3?nxwm&8=LAj=aK@XDdZA@o`jFs$WA>E4{(6@qBIxE!fn>eaP*m9ATx?
zW;fK?jqMjv?<eZrFGY(W)F!#A`zxMJ;9-ZCMMkmP&!I>emlE%d(4~bviMFB78_CGM
z`R7E=FG2=6OedU6_V39t8xj&nyAOAt$ex5W(MVK%RZqiGiTirz>em|+-#`4q+P-Ek
zwN@f?FYe}t2p%qFB`gF;@U^ib^Tr^_*)@;|#wS67CyRNl4(Cw32D$dVl%4ScIP?(M
zydGNXy)j+yFTDBZ2lx|op(}yUyg{Nr^Ij~QTH+1HD}v(gRwnl>oM);%HsWIWlsO61
zP;_MJ;R`b{!9~U18<7)eJ(K$5eIC+?uV1S~s<mI~(kkU<@1Vdb&mt(61wB0~U`k!A
zVOaKee-kI{E54cnZ$z9ATaUN4LegII@t%foSA;znK#V?@xn81`@v#R9MvM*DLv}=h
z&-ct_*dBI1l+e80Nc9_cym@pqyRMGGuF-LXt?;O2=EB;4-L0%ZMybTQqs|F}!9!v@
z0-rAWB<MzTn|gZp2`lZ0r9QBui1`c!D>YY%J*jG+^vv+OvC^mCiNGU{gKz_wkG?B2
ziwYV0vsiZcI@Dipv3m_+Uu1y?yOsC*_vi-*7^)WXA-Hn5^rsBWrDj=axd<8js`Ii?
z%|}PuJ}WA;?0P8@NqKhd8wDhFO-aI9SI9fAnQG}g(90QY2$YeHFWsqd+NKiqdMf5c
z{0QNf4WQDKj3UhRBAf1>^LrTlfetRJ`@Pg9;AY2qTIV~bFj`I1Y_l_&idKV7Wjvz6
zeFnX14;MxpT`j%BI=;v!!8GubXJ;qok5%hTSLDM&RLp}H)YR;>&5e8fgoxm)xvRsX
z9~r)8btZbX;LN(L$4lUKD0$<&vp(8>LHDa;2@D7o(bpyXC>aZPT?n*}-DRs>=k^?`
zZxnk%R_+rG6kGPrZWI*(sZ_OfS8Ieen2%zYQBRhA8^W*R0*X#gv_nPGA~G5(6r!Mn
zgu3QO`$IC0<NP+^gZ@z*UPJMX4l8JP&N#04oan{Q>C&SRx8^Fhv7#>2+m6Ve9apY|
zT%xgTW*Snzx@;D*)Euj>OQ&E;aql(~DDS`P-o3STXkzteids()FJ*O&^ZW@p8Ik~V
z(jt_DT=zy9S{a=c?PQ!0-r6M?y4X5$aJpK@)?<tTRAYV4zU^JSjC0*fI2<!)b%6=H
z?L1b-EjBW&KQ0mNH|-B_c?DoD0hO&0N7{8>tu<by!bkfNZHl(T90ohBG52TK1LxLG
z<_L?45><rMo@J@UFvPkT;}sYs1Lwa@xgJf<tlhM<vnw`A8ZQ>#+QEny8~ZQ?3Zcz%
zcWb^a@(Ld@z4(*g<0aMrcnh4?`}G>TPyEdXUmkvYyS@Dub9{s!C5LH^=gJ@|1lT3G
zA@GEn{}xCv2@D~F&W`ui5@uU#FPtxup{Yo<!lXaa1n_-14|?U?!*Uq6zQmn)?vTLy
z!a%N3$`sOYH&yD2nEj&G?w}dc<H~z3)erOa<jd&={oAaZZfV82nxEFMBX5g%Eb7Ur
zbumQtpn0ZhsN5-CwWv71WMr9?C~f1VO11Ig9OKpl>u%$gP#TB3oX!yy+NuKoPagXr
z<i~jZNt<#ttWVqW+gk)2>fQ9?Y?s#eOdA#&nXCL}z5Evz@d^yZ)4bTzm+QcN@oMk}
zT7lhm?izzqEP0z4E`!*|-aNY=iY>DSw9QL?-|e2aG9;grVmy}O&I@j+uxUr)vlNGh
z{dq%9PiTRb0+Nw$8l4aq)-p%mDHsh;G_8(A<y6KF4}gyxLv*Qfb-$bMoUENF8J4eV
zQCTEbyjZo{0;<ra<%l3LNV#6QJ%c?VA=z`nYI?XMrLeQ-eg2@={I>lIEXb7XBEEdA
z>6cAS$*Z=vOKV|g1C1ALwibBQd_fk3o^l6&u!TB*qWGM7bbFGRig0!*Bqi{@aN5JI
z+bJ(H>zi$OH6Qff;J-<gz#G^Pp<$1vGl0ni%a#UxGxl<I{j8n{S9_ipQr$dN?d=Cy
ze_G+BVTMS_3k;Z`j=TRp$WGvnq!CjNleBZPl0Vv!w_j)Z`_9MGeS!(8wAvc~0~pgU
z@+|JQcy8`S#CG#HyDn;ryecn;s3jy-em>z@{CUAO74zx2AGOQP$Q;|pkNdAAa;L77
z^VwW8GNg$+IX?ywoXy}u$BNMS_)nkeeq6L_VSSCP^DW4PyG-9R2TDD?Gv%J?TbK2W
zGS)$V=vuM!k63#&zU9$2LUsbaJc(qTA4J86lCz5`$A4*1BJuOP%el^wI&(}-rbT{_
zeOL8X;zQwc>G(zMlR7rjtx3a??12H!h*a}5v#R1#qcn0Zz0O;VA{_J*%S#AP(uqpx
zJsA&F@rX}ah2dxQ{Yn|*GN-jNI+3Sgh_mD1M~!wr`$FhNyHP$3+MFBGTV`*W5*97L
zk=iyWiH8#tKQ<Si%fZ<sFQzUiAVT>(@6@<IBMyaNH(W@Op%7*mlF<Z-)OD#hS={>%
zL<mDNMP~JWd#l*5n52VF54U7&LCQW2xHt!nN#7uOMJEg%#DxYAzaye!D{8#^44;Zi
z7b52U2Ur$jV*xr(n?9V!PKo9AO|oeBiUqE)F!a5xhkZCpWf#I;*v~D;`4i@46m+wT
z4RTF(;tx?5rTXFA2Kt5hIk>SIm8St_0xo9URQ&QZ5{KHPcXs4q*5!DVRIM+m){7uX
zZ9PeO_jlw%<wMM@ip-YOA-DOh+Y4wcBC8(Vk4ldCxe~%C`Ed#A)GFk(tsLKl12L=e
z+bdwQ;00!S3VSqSZB)-cBd~$nf-5m`wP=X3!#+K#lo>c&S9GxJzWByfSW>H6Qm*t^
zv_CPSE(yKiLo!X>h1HrCeGij$XHkoE5jU%ESg8iu^ZI(a1&Iq%{RY1$D_@tTzJ$L^
zN1<ecEh_jOMxEg6`wvQ94~pr#rePTZfXP=Lt~(LLc27$`csyKbM-O#qkjOtg-P<EW
zDHxoX^6UvwSOgCQ8JO)A6~zR_Ff>OqGzgX({QfZ-XT|$=7OT;7J}6woGdr^DV2u5d
zEeXX7B9E;&roN}DA5?K*6m9onRSJjqjmqEMU$`f!T#0X7Au)-gO3tpvRj$oz%FZB?
zctbr=*B(2KL=D!Ou#fM5(2!rSj#m#m)H&VhOIKJ}LZxJ;%+I$`{pm7rREc2p$5MNK
zOu09lgQ{y3L1O_;CqAxZ-qnKbnAH0s_E3N(aRD`UEwIE13^}`B-yVtJ*y{u}CIxy>
zUa!~a)i%X2*PC2yH)B5IWzxv_@#kdUeb(t6AR^0KHE-Rbtcsefl=BGmKV<-p0v9t~
zsaK4v0b^wd3?`L4WR~Ly9j0~|>y^6aFLOeIHfJF1x8&7Sy=f+4t!R<HIc6>#H+>|(
zYy7JxN!Vq&4qf`HFW)R5XZUDXJ>7VI0o1W_@~OgU0K{>cH_o97d-#gquWamATIKj>
zjiyjw8O4ioDh6j;jT?*oy*pzKUuMcu5#CS1F$J?v7yTAq@wWu)f@S*tte#qEs=`8A
zv#*ufc*laxiGndN?2N5`A;``k1{h-2$x{7r>k(`ULr77N#qJNcm7MhifRXv`EJD>W
z<c@m&StAuV{ejYUH2*>AWAhvfozLoE+zGjSACZL>NU*7KZ|ekaj@Q99=O?4L$=RQ(
z93(~bBrQ2_tsffLQ_!hIqVC&F@EB+&^K_>K)~4=1t#8O`CVa`xxWQ`6#Ueq;DB+X9
z?)HpkWxvLC-DuNtwq)~yJNO+2iQ(G%DXO5hQ23VP!L3;H`6Umz!twaci$#af#ho;4
zqcT^C6rYc}c-bZ6nfD4!68mB*)fySh)k+?#y$A!VYPtaqQtT?RRzS5_KAbe3_<3AA
z7Q!@E(O6ex#Iw_20wN-~muakd9Y`d#+n3uic#3=>iyGZU<9(W9iM#C18dFb7*pO_t
zp&2t~e>hX5qFiD4FQ4ImA3oiu3V7Dm{LHB$IJowiLQhDNOTp)=eMs%@vt?|vy2IBR
zlRHIGr_a>IAiJz|<Kr|xPM&but?Y@keE+^kqQ>%cl{<oT5D)2WRq2e~+v%oUPhmO>
z)chXKyJ@E@$d+hcOS+m^C0%y5e-3OLYL0Grc;hPV%8%m_?+=4SO2674L$dgra?Q<*
zzX+VP1XTGdF@Jgd@TjU@MQP^*Y}$Adz@8v<u5-B4m-pir_qp?Id(<o^ntmP1^{sNT
zsi65CPhX{-e~R;)u~NOH!@bI4_l1_G3H&?BzudHA7JoLESVN&`E~hqnPFdBOP`Aip
z-yIL(^?hHq*tZ;Yo<0rB1xPK?7VUPOpuj-s&Kun~#&0qnx-OlyjmtF#`vX`AL(HMi
zo?u!f0Q4RCqVHPHHTxg@GHV~aP|(0qi&>ONkBwb$B}IiFI8Bemd?2JD5n{ABju{+S
zZWt{vu5|u!HT=oTUJ7d*$K4<NM|MSJ!bSHA{I;1j81HwrR+{gdBs4VMi)YGg_2PUJ
zfaJG8xAkuCqm1v7XnC;iP}v$e`QWFd9E^Qi6Xm6sX4GT?5WNRG53||K0v-k5yMjg7
zua6aHWUgF5tAv-K=t~9Hw=<?xDO&PA`tk(_<&?Urs2@E^@;>Soom~ns-|ON^kPv2d
zK0p*mU@?mh0Zy~WQcsca-Trki4LEz2id!Fx%b?Jt+Wir_10)140Z6f9)|Mb`{hW+i
zB^?2_m}}L2$(b>Iw!Q#*@xx%QpI~uCbVkcLq=ph~j)Tz1dYEJvj29-y4pnv#kYase
z@7Hx4z3I)tFZ+@IlYC!m<wdqZQQ<Moc-nMTNzG*C*g<`#sd)w4G2_ZbFQ0L8pp!Ih
z9DJI9j7;F-^NmK<n><8gr-%CyZ|8Rg`*!AupxjJ(35(LMA5SVHhxA=Z<A|SX!@)Ya
zXwx+{Jy-rHfxy@;3R3r54__+yGV_aUj(#>#QBsJz)ypR~v#odEqNSLqLvbCEhR|z%
zYZrGbvB&;NmOL4AGbfAAt8bMFu?<yVQR^(2%c=Dmulnz;vvoEvNp05W7jY8jO?%mm
z<T1MnYDDEmH@AMC+&{MBjF44TJssR=jCRp``#K;mK}bvcX$%PyO(32vu(L#;wrOx+
z;5Srv*q}|G4OZb&<G$1(f~zi5Z?w2VXqALspGj1E%>0jF^8NVROId1Yi}<Ya-pl%p
zV11TeV1ucj?|YGes{8cCWI#(21Mx5Yh0gMCu=mWbn1buE_?142SAM+KuQIIb_eR+O
z;(SHWfS;Fiv9Hkq_m}3QzJ@KbV*Er3-0NlW4w>Be02`6tLMVcMhS0CMck_M>C1NI!
z<_P$5sxa&LrqojQO7O+L=fZ{<yZd4p4L(rkC@K=7H{`VSlby`D^~k7_IQvsBkOT^$
z6+FGl1EJm2HhsKZ)IxE0)f*-2MVCc2U4xp)78bb~qW+XtfP}Lz{->|j8!=n35hz@y
z00O}FAN-ECRl<;n=ChNHXgG1M<9DI=P)vUU6A7hUi50CkjM3`i{24Dyvb=th>F3tZ
z&Cv;bN@p~q+s5<+?HxQ^5~gokyieKO9OFd%JWCj7qP?GrSji9M$uO0;%-khF7UuGr
z_WnX_XVWtXOGA6{Z2B6+AoRLSV!FbyQ;Gc5_Y5?Ps7CXBB`AUBGMAuN@%4jsYYRnm
zSP8JsI!=!wzi4xFbEBW@AQ91vc`o;Vl0(*FC_tJYB+|>uA><t<e<EkbXwL#{7el{B
zsm-?!KtkAK+>cr{m0|-j0D9C1P3SOr;y;8dgT=BLPqCv7`=0PeR)^COtn0L>xZf{f
zm^dnF9B&Msi;Uo&3*c-tOhcBJf2`Vj1iF~Ft}BB{a%gPXSc`b=Ocjyo&3$6K^YsPi
z`Nf{sr09FYy2sbFn`3EXY8AS%?cWt@)$RMDGGv?aiRG1><oM%QGCPTm`!zf^3L)Ki
z$+b2cOvn<8vTvQ(KB+r$&v~gJ9_BlwVRuy!%5inDP<Wj*1GfGvb6%Wvn9x(F>}riw
zyD^!S<-t@-^_E*P`>^xv!!C;e4GZ4Ic?Y}&?6jlwG7#Bp(wZ$b8oJd?)86ifT39H=
zH7Kn6kXc{4F*#Y!Y1=Takdu)<j}Kwv7Z}iRZ9Af!>;91TJh5Xhw+pd|dWyq&ZT5@n
z(Ka0-?bA4r^ppD5fo*m{SQu#RYwM)<^U~5iTnk2^$nHTLF8}bMiOD>7AW;2fpSg+s
zu{lRa_Gd`T{9KDyq&+zU(0m%%+!pC_6|Ppsx_d+WK9P&;PFsG#c!d+A18T-;(2F8h
zRV2__n!jwa|8uM{3=))9yt%RD-ty>$@q@I0XWMUxUch;>$^%kP_|R6FZMrQ|DoP0f
zX7dYOBp!Em1}9a~n5x)Pu-igpWB`mA1Y^xV1xm1N9n;S(+g8)QXHoy4J;9VX{plQ!
z`mp_qagOdTd%!VeB~4XEgMTH;6BSeY<Rc%y360e0OYYaE-EUf^=ugvCrGJg?8)w{o
z2dlRBNdD?g#_!<r?#IN<g^CT=R!gTQ=Gnu<p9yj)urp(#_nSFVuf2>%BOfDz1JBF{
z%Ny4!tR^ee*+VK;E1Z&z0!!ZPOe{3ILtN6bS0W@dC0#Av6t%LmB6CO5$8}a&8wI!A
zG2y<k!-mg|ixUOA$VQa;VF%5uV$T{%Y60iVZl^YvOYxxAN&|?=1ssuAm0ygW*Xke_
zPZFhhm~eemSIj$}U}<_j9B`sl%1riMSBh5vN_`zL;gRX-9uGUFI3rdu`>_+U<xpPJ
z?ILXIT%aAAnP{4;auCyUkOZGzHLf&LRXY{CAU{7|YrpSQ=S9)M9T@bAS}BHil!2yz
zQL^TJnK=sUQBK0yVQW!Fbwz8S2hd)B@mU9_9e{8yk~%JKZS5qt^(OBuz{T>!y?ed2
z=xp$B5D#u_S+>0pEy)X+7WaQ7F++Jce)zMz<qrgDrPA^4?J0(k`UOVi_9H6lj@g=@
zz*GzAe*hwp8tS^QjdW?~K!Qv9?E+vWf*)fNUci!soF>ZbC@h>oA|_;#3OL-H+kOH<
zDy;XZEzr|Ye}oTo>17Ic&=X$%I~KNQT?WVjl;Q@rl#1~jim}+tu=3A6K{WzISL3fL
z6#nhEN)w}Gz3HW;JzkfcfADj1Hr1-FyB>9%z4!fPHOfrhc!q<0=~QSny@H8zqKVFI
zxe!IG48`h1ct;tP2M#_Q$K)fnBSoc4kzJzuMvU$^n=+tHK0!)T<tES$@6%IYYHIPh
z*yD5G6AWCxAv#-k-2ALPwLC1?nw2j7>HL)rKFTpzL54AtlmJc@UGPB@d84`c24Ca|
z08GLFfHLLIMEYGTtQL)T3dl-l7ja25h-c%F<X8_8+H7yyl+PYIP@PfQDy=J~l72(%
zxiv0C>TD~=+>zbleB!9k+Z=L{|KJg6GTGtD@0n5!`lnfCgSe<LwZ=|CPJ^@@0VHv{
zP9Zybc`t*Z?m1*2Cf%iN>1~1ouaHYhEou>;v0lo3MPdcrsQcC<r}*Kwu#jyL$>o(C
z71n8I0RGPqhu4>(-l9fHv}2myG^YmpdBqkvz9GMwiS@J)2w0E$U@cES$?<t(7XqEg
zv)9o;e;c*H{nBZV9YH*rV-!U~uft6t=Z|aI0gs}}>L@$(Z2hkA4!(0OjG8ECVEcyH
zL`@gSJ-a5y+W|>P`-V(tKOpzp6BE`@e`?E9;hfBFvf`cOskS@3ytM^U9AWgG;KuDw
z%@||rQ%_S3_<)F7<6ubcF3zwt{@I5#kS!8Zy1+4Us3n|S!Iv=Ja`chs%DuCdmw9BD
z&;PhvP>^4hM(B4Z)e&+SZ>}{09f<a^oT^$I3t<Gh5qeYKN)zX}N7eRM@2pg~a~>=8
z({oJTbeulTuL;2R*4X{MLVwhi#LD3PrS0Atx>lx*feLoOfU~&P(^&a4u(RXZdxFKg
zP8NMDlC{yJSnl*aLBSc<XC-H9b(9-^%`jdRM!cQb8yP#nR)UI3FP42T!x`7NF&?-M
z;m3<D23&z>Y7R)8z)0T<Shqvi!qm8^Xz=2^dB+|VLHYB}yH6@LT+L42LS$w5(h~Yh
zmwat3-hpX*;4G#NEazd>3q%K;H;p`tLWQPhif6*f{VLYJcZWB~3``eBdh0^!CVbA^
z9zrd~`-(r`!)Hs&qK?7<BLe)GW6Im1m})`2`0HzOz-pgckah5cvj)l8Igp^c07$ab
z81VtJh{;|h(g46^B+me`iV4(B(_Fzrwy)qcw}2E9c(M<CoP-ohmJ}-uQ+BumeYb8}
z;r#%&_*e715Xp}a)zn*8i%hY1!#4&NrXEx)^dw}C0;g@-4XGrIRumuQ=aiK{VE{pn
z?c6KHGWD*ON97ax`6MBUcY6{M6uK51G208b$A;K=9TC*{1k_V&d<KcMe6Q%d*TrTz
zdCg3=g60Xlf+`uUVi>U(zfpxA;{jbuRgi~zkG_3rc>DOg&KwHtg*k1SN3DtTsB`=~
z=T5EsN*~>Zuu}Ry#7osdSTv5n@I2tC<G~-~y7*+mcQ$SY2B3rF;##<o3gYfJ>;CE#
z8^0828VQ^RveQ+RU7X%rRH$b;fL18F??<NsIm!F&P{T_8e#^JLH>^R%qhqnfW33+#
zI><9nn*O={0NQ-;jPD8p=7m3+qdmvazo?vqVqBC-(eb4=*whwNIeu5#wDh}z5bJp(
z?fxnW$?VF)=h~Sm9Qti>U10~T0I8iL<x@uH?E9MQU**tC3aK{jXYlv={11wx35)9;
zPg-rWOmZ?v@u|M#a28zvb0vIT4mn;}!Z7?9a#o46p(}v)uMB@HKnpFC6BmJw<`sC;
zj=*khlsDSnq9rwJCRzWrmkl2||4LHFxLNZk^E#;jf3qZ;blR0Xc6?T3_iFbCRW3+T
zN8KMr!7E?IZmc;Dxg!-EBLCp5FYL9ZgiGe{BSK$=-etK0NnH)jrS^tsChH}4K+$5U
zUYr>M$Uuh^S++kA;#tTlWZqu@mV&0M7jDwJf(-vjCT<mgJXGIeXgxr#Na`@19mtF>
z=hLbpAkTe?2y)KjD(M<|f=a8Xe5wvD8#mQu8X9+!E04Li+*4Vku-kgzX8XPm4&-#w
zX0t*oo!r0mbx1^27o`wOtej_RxB8@6^oDvB%)oNJa-%}y2OHIPYY!8MzaHC>z7AGy
z_^?kB@&Il_lJcD@`(vZF$y&6E(m~)gTDk2*9-L#wwSzATdKUf>PFrL6aE0BMl;u5X
zo}P`oxu&{9RdzD2bF<y4V{idFYyA!q?A?Oh+u5Tq>Oh|JJIgrZxsJDK^dL{4-1WaE
z%Qs>naOgA)L*IPyKsJmFnbT+&e!i61v32bPvG%@J#<sry%Yb!A6@lC55h7^VF^-yE
zH6+PINFmA$@-C3);?D2=wW5=jc*n8MJJ{*lk2{UgjQqX~0ow!W=yXksoje!dxZ`CT
z>;=NX$Xk%(873rkAW}<GsV3h9k0$^2VaL~tv9XIhDg9GJZbvD8pYho}9&C%`lNuJA
zZOD=IV&CKSlz_>5MZse#N3NoiQMY(P`dV%ie{F>Gn=#({T_S0r#ZkO6VxXd=B)w+0
z^O={dHiWmJMzu(b={+jN%eu=5osW6|U&{i*ymMvLluhqP0Ax~~U3v3aDMc4C-FQZN
z!Un@#r5!(7zs>CZW9qE?vzu9Lz|B(uZ$~}mUjfU1`pS`2FH0T`e}IP3<EV4pM^DTg
z*K1utucpK|&MBcXSWUfz&;Jw@Yo;yaykk-^#d$Yu^46h4mf6~*{WX1TP~h3FLo36)
zdI`~{cbFc4_ds<#GzQF9iD(pPS0XYXEiump{C>nozYT}@N)-sFPrqv(gZAO}b*v>o
zsuLC&4LnDRilnPmXKsDkdfJY3qm9jDGYFBbR;pus6Uy_L!^<)>ESlC6wX~3uu;mi@
z@`%+S&PZ!D!Qj4_I;n(YU;w!^?@LC;Xh49J;%W|$L4pCWHGn#^^ZRVhHiaR&B=K4E
z3_$!^kRMaUwSgaO%rpjHG@RDm`Ll;9`{D>)Vr`inr4~)0*aXxNAiT=e%cGwC4bn|%
zzDJ{&g774KtkAUf$@*2zOyxH$3NLR2`rG|ToN%x&$|1^D0xyW^kD3}UFC8&1mO)m#
zvx{7pw%{u7jN}K;p<eG6MV!8H@3nb%X0E)?F9@-J^SwE$i1UiM-%i1SwP|^x((h3y
zgT{iig_P_H$53IJR4UME@kG?PaBtHeez<<9$;>N@iqI$7F%vq#s-VuUA8;-l)FLNC
zNx8hMf3W|U_O+c(mf8m)Xs!o%0cb*v^YJm>9@{Yd6?ftke>Ie_Q*yp1T)45pOeJYN
z{VoQBu9TOL%g-+WDFi?udlCf+T)ja;5M#nbOAD}=HdcgC1deU@+qM0R%bboB1WjH#
zIB1#k4`5a2C>nezFh*c%c5klBTn3%+IBrbRxguO5JMZudxUddWb|qK*wO4Gz2Vbze
zq}By)Q@{UV{UqkQWL)&~pm%<`%h5?HO0x1R-*+baT%;R`x_=9nj&+-<D9Opk?f0Ze
z_;3IIhK?Q5P?r`3`|aZ1sRm1&ZS8g-4HS!BnbF2aKOc-TY-LtlVdf~e2n{O~I23Mb
z!c|m3$jN8=J7NfVKY<r0A>M0fy!5Ovb`20{x={>*Pmx#H|2*P&Lr$b}nK!4#*kI77
z{Qqhimx2J(2f?TXl{A%jF1=h`C^3MtZqCXAt!!i{rSn4Yl1cLguIj;o{yuW{m&t8(
zm<M}+v;?keo1MGyE8IE&F3O^E0+WLS7qszJ5bc>y=-cq1&~ek>ykACeQE@b_EYuKY
z8BH-7?Zk#bsOGI$a=J1euJG{XgRilef&XfKp1C?v?f{G{Sd!QpLlz($@Patr1z5fK
zHr7u<OeS`=7+MbS_!1PL9HXlrpaT|%&3^Xe&)k^@;ag10;%Bs1)No=bu#Od^IMr4y
zD}NJ2F_uLr(DbO)NsgtV!Iat>6Pf<vMMlQp0Pr_I)_rRK$olx`&_SZ=(6FyJ5c8a_
zrY%^Pecx>~(gV^N?og?iS8G{8#55ht-embu2%}2J{`JHSx2slv2(xqNu3v@u#Xlpl
zg}ldE%X{`1)aeGAla*A1YS;kX{Fyu){nfaSqzIb%=IAN-0G>(XI=?yhfszU7*=s{5
zYy=C?hkEc8j~Is^U=-NZo4(7+<+8z0Ed|R8=BqtUry;fbapJ}6g335{6TdnZQ4*=X
ziRO8zDaMw*%f;otQBW-f;oTA5!1ckK@*S#p7WQdS3)6pTw<oW$i&aceTYP`TLU~D`
zDTEv&R{d-uH2h7N{%mE=yF9;;co06+^=s*6>Jm{h@|+CVWSn;IHMX`!BcXe2T4+X@
zdVR{a9}vTVXW`+Lt@y-o=~h6izicZOBH8-uUuL0BKP&Cy$dF3R{fvF$_b@oG<KRg`
z4aKb)Y@?}O3ae4W6^@9(7g)hDe*9Qiwtqgy1KfDqmp`>2=d=W&A(E+KWns}a^7d5n
zhCp#;kb_OHd#$k%Dl#arshQ9c>pBD{^b>k8{&H>!hwEDxt8zUlfnQgKIG2$1skh;u
z`LJt(ov}WyQ$F1C{Q~kp%a8rZmD)(amWK{T(E!;MEs$N&G-)P{rxg|aLOWir<~vqc
z{bQxW1~iC~ab_H6NS@0kKy_vAt;?}OWlWZ!)SlN^SWw|VTAi(gQ5k8Ta)q;K{C$88
zVoLT}*Yw;kJF$-y(!~@1GBrH>e1yt$Ko8L4AK_<}p<%dM0RQd4K3ALxEX2w?j36&x
z$q^5aYUKts3qv{2#ua|EJkb)vR}lu9995l}F_J+=4}_PPH+;M6cwGpKg8otul;?@P
ztGIzRZ*&3|71_+8|1@m(dl*JjI8YIwq+hpq<9{@F#TrS{P`|pEnD423FXkd|{8ti(
z!oA>_XFNi_h<vO+fwl(SpI-cvoA5vBwabN`lyT0jFH6$16cqFy>H$i86>Oe?(=_1%
z-P7QJGBb_75>ueUm|0AjQ|>~fxIxLew~^hcLqlT0$aO7jZ~)+`T{r+4SlNKAyZ(-f
zUb!8gxJI#XHmwg>;tCMQBfQYhpJQV7)s1Bg=X~2cmc--9wBKB`rlO^@89#o*S!NNt
zcx0L387IHe5`50M28Z1_80rkTEB}qXP=7|LdJLY83bY_Ku|#?50&4%q>n^(|Y?Hok
z%j7?y$3~c5XB8<1?EpZm6ket!)V!daV+ciU#a<FSes6^Xm@e6yR`JB4+5~1liyR2c
zfTi$%pH=>woGFE%D-=Td>=-oY@^K9TdClb9HKb&3-nJ53AxgpqwKQv*0PVo^7_|gb
z&>LRrSoqs#6KeU<k^eK%iU>~#1w97}(0UemRM<5Xurgu{=;6l<hxK;J+vTi+zjH2+
zRZ>50=2!$yhB6P=`zaZ)X}pD+3L_D5-NOrQT=M`5c`1eI!+`mVO9!MUbTCBI9<4K5
zqnJCD)_19->2Yj(%@y`vtj;3u%e1DXFnGiph~;K>T<HDYQUgBKsAS{#3fC4-Lf)VI
z#X8`KF_Sz(?KD7*CZlg614f$6j^Senu&^oyYOD)PFQ7Dq)b42A73Oed_Kz4Tzykj|
z5FFvuR$*m~Q5kzJSuCK6z}OOOtov6<IGz!eiJP-{Qg0qTIVIc@<aeDv;{C)O7rojc
zIx}%7ktXoEarAlKc`EdC#u~{n0BJpHxV;-lhswCFVvb{!%113m;8Q9+C?Ex)5m^ja
z>R$i{tn!+xCcyVTAe%QzqQ(_}9muP2Y6CX5SmD_pOQ6RDq_&%c4L?}ZMIlbwEqA9B
z<)ti|s#LzFdAdr^YL$4uuwJy=z=Dbpr;(G|q!)5iYl(@a?>@3@U3Vtyfp&Lr-9b>#
zKgq#`5U_oY`fJin9Lf|OApXS&|2X33o{YfMLiGV<$FwN}Jp87bY<@Gc6f^&E4JLIb
zToMydQbNgu!$a6{8}*ChQN$}Fo`OIA$}7u&Lex_jM-;T`18-kZB%}Zo2B=E@uL<|n
zylN8{9SXcLkW48p*@r>q<}hi<q4E4<H!{*v$%Y(50673}V;u@dWgE7#=>Hc_JOnra
zl8V{tN2_}ni-)?oM_M9Sh*5?C;WGLAWx8UxD#E{jrB44zCe44E!&e?=cvm9h((Xns
zU#obUFsKCxL16OuUB_z`nxN?#PY=CxGf$y}XaE`q37_Up>9P<vls`AyhDRP6=1$FE
zy(hbp9W=G5RK9-88(KkJ<RP$g%c54{$F&djA-SxjRJT8T_Vkor=}J3N@HWbUBy}ss
z@7lw|wy7Ch_Ow>A!#P-U{4+!gxj;1@7>np>TeR}HG%|R^H--$vAS#cw7jOcd(l50h
z_1?FIJEiM2ouSU+TyM;S5Z`$2=Qg<7V!2FXY{Ap|k8PmcPqSiIyRkI3(NtP56NQWC
zR|u<-a-wGPiuG8Ff(0~*O$wLaTl-SYjS6kS*vrn6uA5Dp_=y%NC-PJd2-IrS<G4g5
zbi~M2h~9%s;y(Pfly^R{eQCjxDI0uqqX!l?896-(TfJ)~x^**+7x_hmK%}?K#G#nn
zHnF9oe#HruaYMyMokivqte^5Ij`*3f`=Vpo*is0jaF!??YSQEoFgmRWPxrj|vKUk@
z^!>?Ic9AVN6$ab=YAj^eeDJ%Lg^Os4@`Jo3&t;d7X)J@j^=U(?8jyk15xLfRymoVP
z^SRr|`xAR6&D;SvU-s{KjHKdIezecKHBKzCLAoVY$Tj=(EJ)=yvrOGngK!*IvLf>6
z*gtt+uH$+kudaQWeE%!qr^v*hi_S19<O<o-J|ss}<L1oP;F;KgyTq+~#Z1I80Y^7;
zMUVuETZ8WD`{&|k%f?#?A$EIRYGs1hD&mibZ}Spli)WPhU_)j<?QX!x$WZ21w@W^Z
zt743>!c8kEE`X-wK!LS(z%rCeGoy$}p31zV;h_NN@e>~YH;@aQNvqnq`_&6l`AO8t
zoo+{q1g&2uCka8a2mD%S3^2X$J(Hg8+IpPT^{1W#TVAm(S<6Mu?=*wWOd!w(u1Xgi
zxL8X!W8QF*b9a&l0prfo6Hjsr-mZ@}XGmT7n)`%r40g>cqqD={`26t9jfiU;Zkv{n
z_de%3e-64FKDU5$iz#Zrojg3-T2I~q0wc)yX4+zbDqbO(`s&)@V9}o!K)VjrK_5w-
z&uN3h@41bbnFpoLW8Duz9(QcNPo#z4CYcGK(t^@xZ4CDI@69mH<ol((c$^xN%)ZLo
zYr=nI*3lPz;r_9Bd}ll+|FMqY`q_sc$O<9fn8bPrb>cMHbOIKRVzM#im-UmMYm1$<
zPJTEdzb0L?0}U1q!XEy~Fiv9Og-1(QH3+Ud)RnK{droUwq#w~*`2IP`1s0b~^QrR@
zN^PI58;B;T@qd7P%o#2-f9I8BBdxnX?X@2dcWv<L|B>x6!_*j{F8EXRdPs^KzE|Zq
zetxw7;bMkh|H$mG{Yv3R=?2e`?z#3yA$cUm(cg~sgX)Y%ewfL^8^v02Ag}NH6Ntc(
z<Lz)fX`H;Z^%Sx)21xP#1<vdH9=OJo7ve!GAJ(i6jb^hynOA<j2x{;<KZ$)4P}`rm
zo&2goMt1y(5X7~-lWwE$1i4Qavk*)NLtj0*FsFHz^my6f5T`1#0@&MB!px?lq1Ygi
z5^fDaUUzp$?K~^r3qRag%N7p2cw->m@WrAnIA%3|aQcr@=KjGPHUzzKvcU)#kPTKL
zs-%}{m{cG~;aRpPbKKSJIAY}654ufFum9x~6}UrBqd1NTetK9AUq~zLna@+X5i)X|
z<x=QGwTQ(jHzNZKFH&_(qh8Zx-5V!K+LS-d-pxCIDaAq9b>n8RqCa-oyMCFk@tJ4E
zj4^Mn9>{4Y--V=;PZdReyf;Czwn@qq6mUeTL%n~IQhZLvJ{$8D>%if<lJ-7a|8wsd
zv*)whH{bHla-5Q%OW_JW{eAB^@Q{u~`)81h4W;s6kjSfqi=#l-Fu3a5VkZ50scG)B
zbRdb+{s8o-u&E$qSDp{2hvEWZs3hPL|3#q)-$obfHCNT@^}MVba-nkMFApOP_>EMb
z;So0*S{A&1iiHs18*Pzpf=9)^n?<V4$Lji8H44AH!P+D%5sAL|IPQYH!75?_XZ+kr
zQGIXkQK(#fCh$8CBdUD{@rm%3L(!XyYx8c07dFzviqV-L`_&8Zh?iL?RXZaBw>VDE
zJ*>>_Kka7d&o#UU7-G{zy9jXZ#d*>!b5)b9a%YfX$Vtxj0g$aI%UV&CM2yRWCIToK
zkz#_7sr0+48@yn^LB^_}75QqN&>!yoxI%KBlo+e<Xjr^~0qGB{*psQstFOOa7LuiS
z5Nz+1TI}>i^ga$mxZlVX^3=ihnIqCwt$)f);r>JTQ*PUc{0Z5ig{_U5{oSsS^~tTk
zqOy};osaZ{){x(<9+1$TzAoD5y%>4N(kOQB)l&GwUH&>JO88<&>Q#Ye=dhnNzy8ey
z%d;KJfCI09jkCj%vss5>JD>enV2UpU0$fTu^!-ETIB@cq=(cAjw!ZC(y{%Q~A<6H%
zJ{P|Tuc`i6E&(H4Ufj+&Vqv67KHhJc%}^kCK!vrR@8d>xCCF8JDt=?v-e~z_+oQAu
z!)2u%xP&Xq-ujDDc;fSiTQGiRyfE@Q;)4O~lq6}yl+u;Mfm5Wes0O2eGmWJ*#l0k^
zC!Nw2fgk$XZxY)^1~5v~C?>vV3J2um?YOez4IypNi36c4`7DqN|Ciq#3o1Of$$o50
zL`j=6CqT^V)4VV<NoP)HAUQmj9^uJ$1V@@oq#Dm7#M&q@v!RtZ03H>9mXm0e0|Un^
zU08^>K(kz-01`?_K1Ggs)87}?>m{GYH661tK`s@&F2?i+69H@Yn`G_vF4H4UMJ_=n
zI>-Fa!ttoj5z9;Wc3uprtThsziU4>Mkm{|n2$9l-69JLYAQ9NCh;hH?YOWT4W1eTY
zf^Qhuz!*$yE{+Dt0j4bg9p8oD!NlUNr+~!W)dkZWaDg|d^;DOcmUbeukKgej<Wr?o
zV>r{z8Fm&GF1vG|3Q?;^jzPWbV0;r-6Ta8#XC(>7A7S9u5`idq+Cw%y=YE^NUk`p4
zKq^71u4$B1VTP?-;BF<DrH_&Lm`LnDh77nck5a9@^upL8@KOF^UjNcS@CyO@R>Zps
zM*G@Uz&~z*@uoXABCw(M^1qj_aZ{}mR!$`q|D`4xA!}FRP763d!gx6#%xn4#5=<Mw
zNe8lv|ANhzWC|oCN=nSJ1^2>JDg#o(IdU?OTHF#x?8D+eY5)=w&JmyU%qSb>NgC%2
z#E7hDAX2?vo(-&L#r$(&M4lMf01b<5<!LOgOx&O>#*d#R80zG6j_UqRbJH=2%H;<!
zNDVNTFK?Sv-WWV!VjdUGbqx?jXD<)VH~7a#zYHH_X`#9=byx@sU{jikNQTl-8LqC@
zDy?LLUl@J|-~^{i?kqD011<{ZSOp>TP1RoO6UjfWaB^3a9y68X?)Qo_<7}C>v4AOq
zot7ito>58SzB)5$*db$j<e(O2D(u2X+E%T+{+rVO9nt^gaiflxE&@#CfK~1CfS~;V
z9{!)a{blblk-YGLnx_u<v{pbgh?yt=%CNviYx)Cu%KuQ@D{%BLLFvIHpBDwQY1IHK
z@;{`aXr)(@Yp4erK!8=OKy+Qx4tdW1bSf7}2LRIUjv!Yfeq4fZycyNGG6IWkwEJ=+
z5(PYvmXT+=YHZ7c-yz)xYU_KEkdBtbn_X6zlo=R;k)9Tn9+3AA5>;eh_W9aU&|?KI
z%P}F1R*;x`55}yHF%T!chdsC6&6?-bZ0Vf~iAV!d?l@|_#(CHNR!V-i0Y1)$2>U6w
zDx0@JaF6-eomMU@s*;zW0A4e2?KfFgTLEDN8rj^bf5`!-v;4FBNzJ1$rt_DQ92GD{
z$0|=@$4bno@1zf-h%6mKirZ4hS~p;dryeUpOB5hWRCroDtsa#CI1i9@Q&YtOO6(am
zl^#l~ieV|I<02}_axNaJd^TRON{jA}7Vdjq%f&ziG%DXNnjs`9!m2Bx_fT{q?Ed{^
zN8-PGs#vj>yan$`#@!yS>dMRmHovt5bBp|k?O+}&{H-~wE)1M{Q11UOy>G<{#H?Xv
zIWD4E11<;V-fO@GHM~;6>uCBOc%YREVMZ5;X&(r#EbiUGjv3RoB8hj5X5K1C6X%lp
z%Z8t<pFuA8>x*6gEK%;2AN;(VKw!%232iOTvvfHMIwkLA|1z7^q!yM0%Z{wcP6|4J
zld-01Xh=))>`_8A(HwcFhmqZUw;I3Zf3S(p4D)UGM;)ka#LM(QO~aF=03p;t@{)8z
zt^C8awQI-M-2XvS64-?R+CfFXTMppr^1DSMpMi^=`Om$n*eZ79!Htc3)3I^UFF67S
z&Kheae7W{DVv5930f84%1?Oe$L#ybeds?xus#Kl+v6+~JHM2thYGVHSqq*h`Pgkqu
zgSmihris?)o{dc59N$}ief!X{M*^wbv!rB|W;8oC{osv)Zs5cWwn<QAUI8uymKuH{
zWgM{?9~moC?fH|l_2Y|UzwjXCo7^I=U*QqgJjYn(hHtwyD_%ou$eM8A!sWN?%;b#C
z;$Wb96K(uV&k$Sw$*bQq-^us|?+D%*nbWu5S@H+W_>G_dOe=Gbj#y3EhVe<|Omh&y
zF%MR*!eavAhAhvxm5$2knEkEwpOe6DY)cENHoY?^sqII<2ohZJ5|GLlz!i)xE4OnP
z8dX66=Hq+eI|s?rX$aFM)D4f3ucmRl!RjQ$7u((?zo2EuDN{_FAqPkGLg;LA*99Uu
zKp_d*vG8R&Fi+OxWPq^V2KFF=UM4wOT>V5p`qd7Ajh^bcDSI7gvEB;}Z)C3$?$&6D
z3~qzKu9ng8WPvLbXms%<2y@Skk}0Zvmchfs$q*mfnIX}6yCfu>qxyZWs$LcsKk#$-
zAP%^TTwS~Q*xxMvjnzA|Y$I`N1&a;ohO_HE$VY8?yq$*TfWmU{82Np%k9tLgl%q8l
zit5I>IcetQ-41qmVw5TqX()f)2!s>B*x<UJ^IwDg#@(J-Ts4k3G~6@92X-EQ41n7h
z8;W`WZnOY^FNJToL}=_mNFQ(-ZMY!fN3zMa#6DCdx*f=pp80l><id(+>gTIVZ%(Eq
z2B01)$g#t<t8xHFE(tE#`(KoPhxZ+j<^KdDlueh=u*FMA^-?u~Zz!+=uw%fd)hGhy
zzwa*yfq4YrC9WMr!Y`k|_5V6(7L}h?WKp)Lurv@#`zvYx?hC}A1{i(U#-Iz>2>9P|
zso142&&@64J`}eMG74_QxXSZn4VE6J6{ep6R0+}w4TuX}_R`Age8a%+;o2WH;omLO
z0YD{_LLJSd1w`qXH)k^cxA&hF{BHt`5|Q29-Q9x1HU~HhpZ|5o*NX=_65XOiF+tE@
zw#k^UKsY|!iy-prU#k6oe2lyu5ZrJ;Q($9)#{g*jcl!Q|JWx(0;fiI0vYPgQMXhPq
zOqxwAa{3#8VTJ{~#3@FAbGmso7{FA8{>s$<+`$WoZ?JsuO~#Y~Yw~|07I`~*@Y^f0
z`vs2y92~xWxlII$Mr(J|)f4NBbj5fY6ZhZv>g#s@@A`An%lJw@F1n5R>Hxr<9Bk0e
zH#GvwP(V`!jA#DoDu_Y@2xzh^AbZ+kxR-*0UGg^~vHs_1R7&j1-B0h|MqhmIP~Fml
zBqeai)OUZv_^|JHj6@evoSPG3+rD+e7CSx*pAx=fG!>Y9WoQX7Uab`w4#ECQV96>>
zYWL_5CWuAlZ>|q~nBRbnN2@|eqnFvYAk69S2204aCdeD4C#239k!QA8kh$>vfxizU
zzY+-qwwhw3Dn#Itn*Yngm6tSswG30OL0%)I_<zG?GL+swO!Ezw@N&st;P~Gppxpk=
z!LkDd{qA1~3d1b$#f~1_unF8J4}ggW|4zYsxt6P=orADqafceSJ}i;AM$3kqKm-az
zT<LPbLiw>MY>Rc9IP)Sd*KEy}(+8`ZfF}j%4Gfbi2%gupBmc(BaoXPcy#Z{((4kw$
zT=BOx543uX*kUg4RWsx+_F)R^)$?Vi(5u=0d`lt}W?6srgA5doAi+_=f8~YuTj~Z|
z&cdWY;$lU|Wc)!{2A{myFYmJ@T9`Ytjw6+8J@ZmBWGlA*<4m$9P`<_xHn<%QCKfet
z<$wBVunA*~P<#}r<~spP_)nFT5~72NRq5wOmQ0<&?Ip@=(=W<dH%vk_2&@RQm7o+I
zetZ5)*<d{ZB>dOhBDg>+Jg`874W~vi6)a)?FH%;*d>??dw*w~U@*{s=Gp~bI9%E|Q
zMQks_;{QH5$n{^IVu33M@%vY4_;&|86VTtOVk%%jXYs#EMBJd*hF8jCH)8%7o7ut%
z0?$J2wDPtf%yVS#ST22_UV>WRuAjb(ljhL_Tfa#Rc*MU`mHwb9<RPXE1w=L=tF${4
z6-VH=tKm<AlNQHz;G-XN-f#}dT=GOMc{S*R7@XSqd7kbSq+o~r_~WZ!z=t9Ha7%2&
z+meWo!Z+lgD+8ZOS=9M&Jt*0g{(oy?+m}%IH;kxXis~CHtfrwMV9$J7%7JSYwf{`n
zp+{U`fZKl>uMjD~0>IyqpcCLMkxl(8UjO*V5oH~TuL202XHO#@acIatE&s>9xOZ*9
zynOSCY6OS)uNL#~(}QAw*G&Uao=q?(?Pn8OcHkDh^ja8h0WT;$(9&VH3F6_}{r}xT
zBnK!cLE<rmZ7$(|Ai0(b1tx1k=OpPdg|YwjZZU*MuNZb0-KBt9B2eM=R0Wb0E-*>K
zWPn!if2EWTHCJQ=kSM+3C5>redh@Sjl*#;WwBTs|bL5v?^cj^3@N|4~Bt@pBeQ!s}
zu($8-Db0Ueya%uivdj&}89<3!YQ_{Cz<;DN1Q-EK>XK0~%lxkd^&bPgfRr-Ci7OnK
z0-BKj!+&K1`BGq7L0i9k0eA`oa1IXU>HfR<F*Z;E!SIj9mRtD$nmLr0J5Z3h#Mn%l
zWIZk&6{jM&cO64WKuf_I?XPzm6lARNcY+N&XsO2Xfc@1m(>EyapW^)WFqtC4BDn3K
z^AwvCIVA-W(!WxQi38LKJ)=yTu9;S5Ya(*lb9Z1xFX~OsGeu_Uwp`~6e9?K@&_MG#
zNP2Xz*zpRGs$?;uuFRO82I<Uqj3uNRjDJZU96-Uc_@9YdP+OZdr&G=HqX$IH@1wWk
zN)1YIWE98puXyA_cS8|4+zdBS!dlm*+8bw}b&iLbv&q=N4iYim(>sW}eOST)1&C~>
z)}rW*&z^BPO3UHwE_K9kD}{l3r;vO;>5cC3Y89n;zh#X(hmQROU;D*|+Pd3idZo7u
zxTf&FTE_O(eDy?Ue*O;c`mLgLFRtd%jv2$EFpbZoc&<`_H~Q0V;z>{}66y3O#{HF^
zSk27FkJiei&_sAcu*6kQZhGA1)!WP87?{)b4iov|klSr;^Tny=7nSEO_1j_+&7K6L
zn$y2uNiFSB0<AqiwW?=jVsE04w?}OVgXYfoqi_3K)G!v4c+tfF6niZm9CA$|5BlKo
z(sW|uwKN0GjfQhq)Isw`?E3bqMWd|DQ_F5@LCA}ChxS7?EZBaHbeDiSP?zEmjO;#Y
z;t3GgoFB+At>g(wuuf60zaYasVXxXsf*~g!Fy!s)i>WLu^qhZPkuydIx&5{(i9f9h
zncN}6kwPDvko3M6;b1^*6Pgf`(7l7+A}sCt_=xy*7rXghGgSyZ&vrb|7eanN7xG8@
z08|(euDk>W0?dEgGi?i{ypD&P0E^*~!XsI{iyYKC3zEX#kgQ9gGpw^*jNCd$pBmBW
zGZ_)=ZW!m4T9axvahPX1NirM1R+Ec;hupd?cYg%1kXd(rrYy&h$UGc-Ke>g2j<mVP
z!_tF{g&r{CB)~>ZL^fv4Dc?s}GSv<vrd)`6B?={9e-m8mFmZ|}PVrPYO{_|*+D1pj
ziu30C;i@i+0E-lvW!{sX2yDapw>NIR`<?}RcJYM2@;%mgRpJ90A-Ham?&$kW&)qov
zR-#wZ%s8-(nt%yLae^xGiN>81ZM1$VH!Z9H^7D96?q)6gr%Kd{;N#n~73scRyf{cR
z(|W_RJzx{EI5AA@tuf!>RZtcn-|*U|C>553!|TLfPtSih*eHwjLr6`s$^PRS!eJq|
z@7AAT+hwJt!jq8qeF7CD2M8?hPq*AT7$i|t1IE^J!))laX|lor(-7{klo8xo{F`(h
z+ntdkGPRR?tGabqgpQ(Lj$2n`LReW>b#qak!{6BJyV>P;cdV{ksVfy>M-z@ami#8<
zFFeWQ84`l%!--zD^&k>WIrTW#6w_uC9k1}fple2tgRj1a=9)EgZ&uNqrB#h>CAa>R
z$^OxS5Ku?2e+tsykPJ~9<7-10LieA1SexvDDyCi?ax%fy{GK-#yWfPI&EP6LzQ3{z
z$bx}t5C4<>@$bkLs-2a^p%7VLrKhiOwZyoz@qxIqTl2FN(aD{sA7?jhSN@=C<D<Eb
z>VMGl&n#i{TgWBM@gzg?er|QiB|wAk*u56rc+A{a(LMK=8c@cSXEn(+A<M8SlhZG%
zt!5U7FV)un{D5(_>5Cflz-jCxCv8S#(5)@q9k)^k2egemn!P)=^pZjnqj?;>ToCz0
z8_7jJ*V1y7A~GI?LL>LsuIzPjGO(hqFc~SvN7q7r_XbLykNBtU<S+CJTZiZ*dAH@;
z;psXI4X5o00R=<tcZDghU)_$_ifSP24!%9wFmuadXTT}Xy9^@1=PBe?O&CYLLtiRN
zyv(C3Ncx47foG-8w)HO2VI@J}6)!r&xQ+MAI&@W{M|+9_?8Sb&ixd9s(C?p@l8r>n
zRxE;33IT_*yGEQns`kK;(w5^1<LynM;ytV2vA12w<93A~w+x`&FX`g@FLYKoIO}nP
z8LBz;nZ~mkzOWZF@awt^Eu651Sf3o6)_=$57^~l}p`HVn1_Yx&bazU0+SQ?|E+6`C
zry>a5twQDevM~7-4v?YrPp!VUKC0j~u|()H>Kwa_*`tTM_C7i(LA$JLXsIO8tvK4x
z?PFJwt_TjhSpR%4=h@xx0bed5Y<s41|BD&|i;0=3F)ry%+eM<8ouc^YciOe%ivy`r
z8?fW?%EMA4&e`pA9=*pi5UD=1v&?Hqb$zOiN8VOeaLyL1+K7Z8g|wk=72z*qaH&4?
zv;0r^Rl^QL9V;m^8;m_JdZw^eoYvpbk0X3ok~as>2c8-S!#=FpjJu3nakb-#^RXbD
z$`*LgxOyvXDzxr-1<Cty8P0B898KtV@5jZrIdQr_jtY5vszfK!C#Np?;+CBoy7(+`
zqxYS=3f0#NJd5S!8+kiVhL9wvkS9;dN8iyCOB4hXa+^a1njC)6r9h10`EE;0TCxef
zzLmeOHc8tGl`O4s>MAGpDRnOKNVY;x<E6waN@1OU{mnStPo*gw*+_1#v|<|(&e3B9
z22Wsytm4SuUx4*OZ_Gx5W)7d8=0u~_Q+l>xozPmCYL@1)aP#kIpjj@^^x4i4&g1ul
zPnnG7OkK!k|MZJxx^d5LKhLQ5-o%0gUbF9DuRMTswq5z~P8?!eSvLDk1Yz+TnKij1
z4S)6gs!z^UZU)wYU|OO(Rq6J)ucB?;If6CPdPtYB-C{!Uc}$EJd2!_RPOA<AfzHAk
z>8WmfGw~(t32>^;gi0QE7>VR#vuu6FY_F=Xwza|#M~kfcGs4QkB3Ki=LPxkJzeUfj
zQK#sZ9d`So6T0`t4i9S?g@Nq?!#P%_8~qZlk5h0QCRisqCWTz%<LVQVh7wMj3mc@k
zBV`rqujVQM!nkXm)e;rGq6f=DlnL+*BeEw%huTOf($1T<`|uwltfDfm1oIXFZAkKQ
zqu~PKvabM?(7p)(t}~p}wl<uuR@R>6ij|5(H5N^>>m3M-i|>8T=jDOaJLERqB?G!v
zjs^6+)HdioLV9~>#dEDF`LhihZ6r^T{xL-rQst^E%gT1ETwDG>383W%32Qo7X#7TX
z>umxVRMrvVkp-Mn#X46^eC+EXxgq1En?i$xO#QfulZgRj)y}^35C!xd%1bvF{j$Cg
z7Y)JLBC-)GgE02I*UPA3urL_;QlgaxOyU_$lY$7)9n~&rS0fS(XFmUWzqD&4Bz`HY
zfbNMo*fr9?SE0Mx)AuuEu$?z-rxH%=MLU{3{5UPs?vHeV2e`A|;BeA|I})Xm{Krq$
z*`9bIE0)&oaORPu!LNSG#WYnW0yr-zfWQ-SMgij0E+Y&yM2H8Cb#_5E10*WHzk;E6
zKNi?rxk-qIwb#6^l3j_NBMS7^6PlGTl~&T{hrXobs4ehgV*axKVs6emJ~}$?*3lvJ
z+W$w@TZTp1MQy_aNSBCoDTpAAbR(%CA>AP&-5oQ42#Ay@AzdO!hja@9(%sC^Lk|o&
z0|W2H{e0hhywA+R5B^-Uuf6wLd#$z4b)IDKFuADNisU+W?d$i4Su=Nu;P&jpmc+sS
zK#;(@#>JSS@X%K%yi@1VQ8zV?^K0YVB#if?MW+)fv}%|P?(VINoWV|UJHM~*>rH#b
zT&0AGxPf=rt<<l}%r_aWvS;T^Z(Hx?D1FuAj9XG4Zv-Mf=DYW{vt_Rd9L3DVG<|VE
zXL|b^<K6lD2Si9;)k-T7efuK<h)E&KM<eEK^jaW;6fZZOV#bvv@jdLAJ)mlK>cmCe
z-yzl=n7cy(7YpnQRi>S7$^npKz$HgI#V`@s6B_{Mn`ol9T{M0#s)RGPOn%*f6ge|U
z<Xk=pYuLCi|DCUgkS&=ko-@EmS~Q^ClDskSxRN-T1AARTTD0C0$j6c<nE6^DM@u{_
z0pX_n{4-d)RD6Mtyvl$dVXutj{hU*Ed+&0oZFzTsY~@%7p+JKVRKdp))BYxh=0CYX
z#FpWCCEfDtQB7`Xu6mLs2vdJovlIwNXq?;C2B!gWm6O%{!gk%=(<l|U6>)j?mg?G^
z9%-KkpFv2M!!9>HM%T@f$PO3jwT9Xzy>WA4CTI6!LVNu@VXui#2q`eFdxe@Zuvy|U
zuRz07lymMx0e0$hac(B6H%P}@)d;D1Q>-Y&{$6{*vlY4Zo$H|gsk-RMGy&Naa3;sU
zSa5ygf!wZ8EyX$|t)xypyZ6Q8x3YDC=-vDVCGq9JBY?&@yT0%ysG$598;mkR2zYp5
zk}Pyt%%>e^$Yk;`FwYUd?41S;6FJP*e|a_r_nu{7D&=A#9Y=_qoyV1|;)jjl<RJcD
z;Qvf+9T$_PGL$Far)%BOC%3}v4%^f(;?zY_JG|{1(D_j?q!`PvN8H&<2;NKjgzf8Q
zOeN3~Ht`0$IJGCn6~%HdUvV9Goap;jV1eJI#9bl{`@?c`guigH^Lr8VQ~>g()&ix@
z&Gc~G?d?6B;?P3H=2LG{yqoPA{+_nji5I}eDCxT^ecridIhTfFT5kvY1Gz2itSdd>
zD9i>Rm4&g-_)RgZW&}nvHj#_8>V*Y)u!F+Y0@(&hEEI#S_#-m>{Th=L!9W1(snn60
zRkZn#jiNsYwv{AFe^hz(d)K`F?PDg9=Iu>t>k;{*q+-M4fY3K$d^9A3KfU!}^&Z<_
zt#vtYVxn3SeBa;*L_9tPO8?szj*L2MWf<+;ldZ7ZSaYHk{@5O?!U8pC?_Y!Ee=@_i
zcaF)GuxNeYo~r^W$fpypF2HTn*)upMaa_i1y0)Fj+<z>1(tIkCd__SjG?Q%d8wF#m
zVRT_%_+G#*HFfT4H)?eNE$)lED%)M*E74T%$1fr>HyfO{;N>t@3gc!53G6NP*n_k1
zyQ>IWah5@op*0q(iHOZWscfuWfip%QkHUg{nC)U*NFYx$)@g>$dgT%T%1Zi!R-SH6
zks`0MnN5dhUuSaY%s937I<1UaPuB7*5+u=mu`6(~E(~W?qr<~F>n-)gVRmy&hf9)P
zHp^_gPb%yHrEwWkLmP*L0KU*5`Q)b(6Jy8H`5OY)_Fx7MyOpt}^2Hly(H)0wlA|&k
zo*?Ld5b1Yo==vt{CzrTCubjE}ElKWr`e)+W6Bc7Nx1ae`nPIDiyM8{7*!R#fZnwFG
z6EDUQHBUyHt)*f?b}?mbJn@`Nq;Cd1>!+@v{B3PpXwh>cb{)OBX0cLig;2E9=akV_
z>M{P32CbKW3(?V#sI3I`>3_{k;tT<e{qcHc4iTTcjW`u3h=u~%4%fnd${#kQ5v3tN
z;H%kvP6k*GN{Ff!-kBH1Z33MKz~v$D-QC~awfTg7%x7Yk(IJUvpol05p6b?O;LQe#
zJ;#mt*Ns;ayUW=OEr5}+H#F*0`wG4fg*tk;T!TATif{O)0oqMgHDkPnQ>_wLkYHVY
zd4VP9*m#|*=iE?|EC2ML-$*zVDi*fjW^S+mHjt!ewcU_$>*y+DaDTq`arB?l9kzDo
zO;UGXG(rfQig+{TH!rBThUnnqFktRUHAA~}O*;wrBL;2BlNW7(F#zWB_y04Or*ZYg
zji$F<aeein2RtXuc)&i1d`TxU^3GlO8S&*|NZ^?@A7CsS=fBWFvwm@5I^m27CWikF
zBAH~+=KUnjr&!DvnM|OF_xT91A$1$g`^B!toNy9gPEq_p5>waPbPB^3y9LVXO{u_d
zzX^P}N_mcUd6jDvX?9Ys1~`;Nh0{EIEY3wqH|31gyT%QrUk0)D$`SunnttTzuAC|Y
z4Bdea++B~Scw6UH4dp|AKy~zgoWGb&T7;zVV6vH?fnMi8dt0n<a=qYc<(@+Zft62k
zv~u#p*QCRq>7Mfic+$_+9}M(&I?8L0wLH&(VH?*jn2FTm(2Mcq4b<GH6{~P)xmL#F
z=AK-}TTF_%+MR~mz;Lli>4%yFm01YLEPTscw}4*@!|t}rZpGm-U$D(|dZ=A)(ltsq
zc-?-GHZ0Km!;s0pfy>=&j`1LzP51C@0zuUxv#?o910)r}^<i5|6GpL`O$S$3Q8V$M
zaaCgHp6@~YRtA#o5}>?zAHree@i&zH8MCsT!K?!Q?#o&MNNgr41L0BTl2Z$H=RUGZ
z;urj(*4?5Quv??F<;DKaxiI`qXII{BolRQUXwK}0^ELr3-Hz59Dip>enOn>nDFFbL
zAPIGK4(b@%6=)kB{}PlvUP}6U^4v(V6WVUM!<G<wbVQZ2>!Js-(Bw;VHT4!^BvKl^
zZIzqAvs(0;U@wPmwb`~m6o0;Ii|J31XR6Ko_Sz5|BweMmv;B^RrJdzrB5}XP9H-tb
z`9b)zFE<wD3rXfQDL8f`(o0m1IhO$rP(C98Q!-*FE96GXW)^Q);Mr%3kxUYpn`U-v
z2-h6lHWX~@f)EU?L|o6A9E1d4XNXat@>w{tbL1eg74(K|n{rXk&Vh$AjZ8-MWlq`o
zb)hrmgVZDMll_~x4YOs4Oi89nL@>jf*PWjzND=U99F+vuB{9o77>%W4kzED)i4v%C
z<l`?nsG($fk4Xf)&8D4XZW`T$)+HG$)5~6bpN<%0Hp&BVvq_9^10hgm2V5iIh!f!?
z0W}^;)qm5;>9B-oLarMf--AOshlV&y+oK)?85L;fQ50xq;cks0Xw5IVv}@n5O8ACc
zqXR=8%2kHMnwt)es5}O0k^c_91(~UMa8}tvnHE18hb~wS;nh2{=jXVev(%dL#b9-3
z;FZU!;UwNJ6;nfA0?}6GpKKnjI0UwSuPvznbDp<wGaG3Zb`cA!zWZ1>^Jx;<R^P9p
z&tl39^2KozRe0`t0IRe5Xm%+zbO28}m{$B?UCnB`gqioVEjDuFU+dBk3qUQcQK>Z_
zCU?7Jvj5`ASUcwHqL?ohJ{bwOslm<))k7vGDaji?fKNWE=N||pCVd^p;2f#bPh=&I
z7lQ+G?hYutz+z|ds1{e)2Nf?x6e@&(GO&zpZVqHaZt7=?_T{4=6o_U1A`x~rl3u!D
zs`9kGh*eg{GBEf#OcIDwq$MXn*iLl1Q%m2#0jjP(7MW5EtuQa08c6#PO$!qWI`48G
zRS1>4vDX$xKyv*MyKgH9L)F+x9tL9P$W_v1eT^oyq!-Ao53_Nw>I_|oj4$kH%T!}0
z_`v&xH)B}-+b-<WRrP})aa#h0F&cJIPYm-MR<2AaK#QTABwhc$1k<q0ldBEWh{BN$
zE01u5{Z?0wCVeoj6Z_B-^ap3?1u3YLFH^1Q;Nrm4M!RCP^ULEi14+_vEFrhDj<1)V
zT8-xyI0aA1pKKA+2kPT8%Vq|&G?RbfHvC!slO-7%6m2{BUTEwIRWKQNXF()~8}Ss!
zXLqO=f_fnER;k-~XGiIupKT~E304wC)F)HWB`4EZh)Z2b+aK4bR*4R%a++^p<=-4>
z>KF>{uGKPo1m6Z#W9OEzEl~wx`=f&zE?VS5gzV}A-zHgRY}4QXHg2c??EBoK=;-Ld
zLf?B+j%U)|SRiSor-cPyk55b#=VBgn;^d}IBx-vu_}_XoBqW3;)~D7)wT;OFICtP&
zc6qK!xYHNa`C@i(xI2k#N0kcH<H78%CrQTi=RZ`@&zCm5ToaO(uoZA3M;HV%W7g4z
z+vvUXFSF`pClngkdQ6b(2BQ!63Q5rl2Jdu*%Xg5k0^EV6153NaOKp3%H*KIK-aWm}
zdKT@rz|~zk7VIL;Wd!x}2jan(3D=uYh+IXZxR2a1BS88v%Tj3;mL-MH%eP6Y_iK&k
zoiiDzp8!NgRxhOiDzjMja;gpp1p<JIBF3<)Dy=~qGOYUg_obw%gB)sCXQp7xh=D|{
zv^upD$NFGslxq2UygD#s$A!&`Eb(l+QE29sH|6#uJg37o17u+#8vsqlW@Hiq3!C42
zojx@&iF!De`$Ew4>I@bF)=>tSr!+UgZx|Yb1O9v;!17f7+}Y_zoNoZaTvZMSH;}n+
z4TYOOHU?2rD!R4p$<J2kJ8jaEzWzSuY=h+{ucbxB*NUT-$_x*vCs={gq(63)0<<m6
z5Tz_(JCmkb+;ggsEG35*u=dgum}_bI*mG>7mU_R<HM*PHPYgsj?CM*QK4S8P4@L;6
z?hdY@5KsE;g}Q<4OhW3Lc@!TP*H8Ok!p>nA$Cwzm(9OXX3*Khh?Mb_{p2eS?SyB*E
z)^qGaHHnm3IvnSvIk&**_Y0`a2imn;zjsrav1co<zPGj%WpTuSy1EcCDz}8*2n!d;
z2vumf;%({zx1Flk$KVe;(6-P*L<V+S(Cx|fx!?*^<`(!Dv^fZ8aC9Ql`=w)L*K6Au
zL9A601#l@LSemQ$<9{IBOigP=@CL)A1NN0_31P;K&C*(6I<e3L0YK;~CkysOJvEzi
zb5TW;HsFlwdLE9HPh_3v<(cmM%5Kiw;)(|lH#5D*NN<L?MSF*7ladKw9pT*87OK|Q
zZ<UgYoNRgu-STIb-77O1Z?hct>Kw_MeH$JuY?vAO4$E<7%JPfD<pno;EK^GXOi}F7
zqesF|N|>txeJacUMzP1QBRWP&g6ZxJeXs5qoAh77Tow1vX~@^UFNE4<frhdcA%?3T
zLZhQsdD|FZ5E)qdXkp{mtJ@VsQ^3jJ#G^d<a+Apd{>|B^cq8{z;?U^muQ?dAo#m?>
zyM_cTz@4Q6?o7Wl(3{Jb{}_F;$zXD(L}+!o{S<tn|BYMV)oq{pl_gr5ORs;m)z;4H
z`0d44K9|sm!V~F+rWEXs@4u!6FCP<uwDoqh0n@yiAB9o#@&F1sxKm{kZRo<N1yqyB
zSoQjZmly+9INr3wnm>#ERIz^)&ooxh6@)+G62u}`K~xe#Z4V8GbUXbG!^W+F3bB;^
z`k}qyxOO>^!h{GqY&MfnC=m!;{j<KCR~|;eRzCz8Grzgv1j~xKSp+)Fn0DqXXTcg7
zaZk_mV<HCRQAo<n(KDRjV5mtj(bQAdr7zriB=mYkud=T?ZZNxcg~_8%kdPmik2Sk}
zKH?Nd?}M}ha>0T&PMsCu|9sm(K=FnZ4fah!`k>zdU2)AZcb%qsU15Y|&lJ=i6&rgk
z48@R#eWp5L>ox$m^qw)5w1b#sh`5le&&GaD>MWVz&dq%X3paA5LQ=IZHJ*Vz*j5fL
zBt%uEfF@<xWcA-zWGw9mC+{BvRCUecei>LIjt?PO&u$a?ii$WsvXKY~37Hf$U>h|d
zf6orGhn70U-!DanhKIYTd<#b+af#lwISJC<|4Yh1FE%6FXg1<q`Nn2fj)nuv)ina|
zeGRtj(s$45T?wGE9CYW};3I?5uFZho*<vS6$8uRrx$3s2xzEHTW&);h_sXbQTXV{F
zSw#BO9$=^N?mcZ}#`Q(C`=0A7=6b9*saE>pV`Eb%mzZ0$U=E@!XXS1)WzIc`1l*w3
zlXhtUUvn?%uhUl<a{{!V5)4gaMCA__CgB#$Sb7y^o#NdDD_g_Q6s9rqRx2$hZ`uK$
z!>tk^hd<?57dMCd{du9je^-2H>a0=%mtWXY6Fwc|73C!W&`*nz!7DN3_m-xlWZ;bR
zzdFa9ZDV&<+xWTR8G;U%Gc10mZ-Isa8bgB2VC^D!oAKE6!knVx5E&p0xLH%uV5js(
zp-`IT)a23Tzj+yJa1<kfIPBta)m!C;>56k?@IwCI4;Qm<0mpV>32CM@s>)s8Wi<|6
z?^Dg@L6AJ;7A;wJpr94{xl?n!9J)2E&O0oLML-f9Ra}|mm|}9;*reg$;lVampjtN}
zkqXGUo<1|rCwE^7^+U}vg}n%$VOTaNpDH(fm`2WtIRr0Oj<^91?3}y<{}j<NbD_y(
zb@HAZ@pV;xJYQnH{7<OIx-UV3blBmt;mmP1zJHL`vR--2L}fas3&mX*^A6XMW9TFQ
z?6YGmrSb0W#9wH+*Y~R^(r;BwA5(vdi|YUyCxiFM2?&T$X5;_?c3BGyYy}?)TUS%X
zwzke`?is>aT24i@%!9@zb(;wHu(U=;yv$?2wP)pE<c!pg)JseoEJ|3NH+wpPK<55;
zF<M%Qn(@EE2ul9j(j4wMhE(l&{(Hb9qL$0<6;H3dIHmw3lg=Wh|MS~01g=FpNdS!m
zx&2b($1k?`Rt_*VHa!8kS~=5au3}iCF1v<5HcSqp6Vp0B5=t$~aS?g%)q7_7JzhCn
z-l1BWu>Q~;vh~ds3BJ2?XbIjs5tFr8mX~I0*w|aXV%b|1?aT=gWdwQ`E$UVm_W+70
zy>6brp~kgjBq0kF-{m?AjDeGX=VMdq>`5!)p4Gtul;!hPKa7$=G*fqPz&BShib$qb
z734H~4mE4#K0?~QG<z46>o6Ih-+GQi#l6Ll`k2Tb*8ayBAC$_c;cpZm_(cpcM$U14
zH&0jQv0)2!=FAJW=(EwToMZ#pN)#p$Qq*x`aLsM=_zs7p1|cu{7}e_v^6k7BD^gQa
zEojln9pozHG;n|UCW;(}4A5mEAWv9gb|T<0otgeumy$^c(D=V0zuNMAcE+x*IdmbC
z*ypzB>!W8S(m65Fqt_uL;9|1(VZ_68r$ZL(Xg1i!z5_&kFYb#HX@r`$;MG0L!tqBv
z7w4<N`NBObe__MB`TBgkpkWhI#SHN3AIs&bM9+F1t?-VDNr`X}t;=i<Iq&$0IvZVA
zVeo;5d$fKQA4olgF$bQp0y-MWvH*WD!%|el(0m{l00%lDK9Fu4cSlZ>dk+wJ?-_`Q
z!$nqhCTGcVdciXBvr?NwCzz`!KCTu;&7m)u(gC-6?k@m%Nr{8AdgtUMxFV*y)skDU
z-!3PQNx;dVWio;rbalSGbcFr^kgO>EQ!gPY0Q}rK(-(fr6uK?Hb~(*v?580&JbYVC
zn>frJk}&YEkXw^Opc2R}yo_Zy%ji;egSAl4E5^FW*E!1n&U`~lPy2Erg*Vk4XBLZ2
z$fQ+-hxm2c#6W|UYJlt)t{S~k0|74GG)oxtBVo&e93LKmLKIoh1?1{{dt7S7E&N;i
zjb#=LkeL7<u9J2S40tzmiRNlD%?hRkfdWnz@V{%_qvqQ;D|qP^0H{?W9x&fHsFvlO
z_bB0`3`!c=^e+Jkx2+e~Pjc0$;8}F3?6C7f%BQ6UXWM$G%m8t#O^2;buA@HuJ)I?v
z7rY*3-uS4>aXKxQUwx2+`YTt{4f##>VgsgL$s5;kHe2vwf<S})b7LHER4ad8G`~J?
zw8WTscya&cniPKY{CS{3tK148Br)3Z6?r1%>u*jFj5SrVsk3y*YUSdxF!4ymHIV~M
zUZUG)TV_t)`R|#RZSC3ucTgL^=DU#b@Md^(A^OwAw+-}lvI+7P;Q>s2$O*7hs}5~b
zildLBFCf|1t*0oRGNXz!gX9fF!33_@WKqL0-;})9Qkhljb-<gpz{d@*$wiVOWtC13
zXbW~Rmp3nW)>R!2PSRm40K}8C?v6&mCKmv(_uY$1I@<WRN5Nu_MU%RZUq+AB+lwc4
zx=+b(_%n9$NrrQ0nK3?7wi-T95H>jrp5~Pi6`(4vWxQu3fB)l-!ndAv^%QS2dvn@G
z$g-XMrOcDG(}+{x3^^#B!8(MV(Z~{XrU{WFKE4|__-qe)ol#%8I7thzu3mGvG+?PF
z#MA0P@PGl7DzL1F<tuw-*AQL#YOOxEMZT{2hX>GN3AZF{`Lruwp_H6{>BRfE^x9MM
z|DjB<tj=Ey%@13U@(C?9%vm?jHRGCF2G7ePK8J>dL3#8;&tooSa?P4rt7M*5!jIPt
z{bbRgO3SEQDln)&6VNqf6O3-4p(%ovlHmekjzh{jM8yvtO%P5*)7}}aj&jN?xsG<r
zEJV9rqx-pRN(&ZfkW$vw*0y<3Ubm@G(&QEm@xK(XUx?z82gVida&r%m{f+DyOy=2X
z>~9uuM_7QM93BjWugWEU;6Pws*<*YR*9SXW{BlTaAi-xH(jC+P?TH6pr2Kx0{S*n^
zpT9C?sl!Sae%2%r!!nkyyi;wA6NX3nxvggOV(%*F)3&L!Ov3Ex0gitlbClbMK7Fn{
zSpz3Z(0-UkhIFQS1uk;4*3uE8YML%VSMO$HLvN!^&Z+%qPc)`dFS1zgm;5Zrcqe?c
zx@-4UXpZG}GpASQ)Rg=8?Cu0NxZN$eCfBdO-MiB=4G$|pfQm@4v(clmyzZ|9Vk+2T
zZkqqz)G4hQFm#}sSi$_ox_v&*Tg;v9U@;sEt$PD0KIzWH!-U^*X*!GF#1X@5zs?#K
zsH_^MA+Z4K>=4W$*ytA&m=v@GIK>`h)PBU~HA&)2ta}RNLe=SMQ8*ycwcE_g$E^7*
zC$%{p0A}$M?<4-4shJn&=LYL>fG*geWWXXbJ{fas-S)7hd>FQIsR;;BP7GW$ln4`b
z87Lo^F_zk9v~qM5Hyg#WUvAz%caB_GH#`f=5VMs2B+lMY(dd8ts-Y@TemFhCI`tza
zaiT9_VgWAFAqPN2-#GpSuz>((T_=h2^Fg($SMCE15J;u*tG`6DS}{i%*4o;d(5GoE
zP!6c+V)^2wp*9Xk4dWjSf#f-{HQ+#@{E{k}_&{~9T2P&`^DjF-4+9P#p9BdH774Ak
zRL8oh26^{IP}o=YK0eu6T0ouV565k6C})05BhCGLT}D^vNUN>cHNEL>$47jc=C86C
zKr8Xt$i1ma-8$+Y50I~lStx0W4mq-MZ%{?>=C_)iaSZK3-Fu*ro2KcNE-YYDzlOX^
zy9ZD-KAd9Uwj|uz&vf|_pu94Y<zV2d(cZk<YyS%q9ZmYfhKR;@+ocH~5Qs{pX2D8e
z=_olGr{Of4%WK`drK7ojpZbA5i~WLkcJ{1-Rd;0j4ZGd~if;oBZ{eo{9<CQR4c&=`
zJrxzb$uCZ`!|y&?9Q>uH00uZ$c)FoEu<Y{kd4OnC%XHlNj~}%!2-<e_`_Z$#+iBGB
z%#3s0s^<#&>|ay~wz$vki-wiN&YAL51g;6z;o;!b5)YBMgl)xJ+56%_zWXq$xc00$
z6{XYK-dKmX$!=Hz4mvS^M~d40J;^~UvFA`N5rUZbc&73cE*kb#HO*HaZaZc{p?P`j
zm5<JnDv;}YsOj7Akg1J-yn_;^*jbYL3mI*!fJvoI8gqjxD%jkzsl()M=A_Rd<UqY;
z#Ql{3U(=17>%@<qEgnec>CRP=Y&A&IyLcs4h7k}@b7G#iocy+YQ{%g;k4(<9u%LXi
zSyA8DB2#5MXp87%xQmhp0{XC;ycUy%n20l_#AeFhez?7e{<IB$G7GOvPL59cesk|t
zu{gk%`47+dGf)ll=MP+_0Jt<w-i^q1?o5)$Dh^-`ruuPjq^}S=xgSM!jfY^{4#uCz
z_%Zc={oDJ`UwEv-JOGdsvf7!burn{X3qj|k0|`OjKRU}XYpJowsX67$Uf;X~fOWqB
z$=7XqFo4V7Nr7<x+Gv?7)!ePVDg-=b0x|JxGgev4b{?T2Hykn7%LSDU)VZ%KG}z-w
zu>HjP$pv{i6BY4qhjj@In(mSC>3a0{A(({)*KmeR%Yh&zj{L)M=Ah7E)V|$!*vvV>
z(4$m>*VmFcabOxwe*S+Mvrt%Y{*u#$>F#V!GJN2L)o{8O9wcD1uaI9)hdXw)n_<Xv
z7q6$c*Zg4==mgF(e<J;2RMZY$#>P8>eSyH&LstQOUvF*J4qh!D9~nt)jKFiQ*&nGD
zKL4*K#Zs*IEW~ip-U@vR*3CJ*zG>t&<!iyKm`>`y5!d9yph{1&bO1k?V+~Oi8jX|!
z2Q>jMfHC?qIzY4#vwIE5zbt3Carck5G*Ou)JJ44J2Q-u_r-Bk#MtzF~sev=B=(Z)u
z)6IxAe`>cosyNxh@>OArAHUW7)lV4n#i98R>;1>5lS6eHe%Sz~dSltVFCwLNsUA9f
zgwyD|J(pBau&i3Ej0Ep|o;};U(&K9<2PlCzzR_fCj$*y?#K6odEyf4a&O%iaJ`jau
z;typ8tjtVC$}cxp#QWllT#e_pwO&V4Uew%^!@5Di_p4KNH)bB`5SMXiZDs!QP|PR>
zYhFp*gtYSmersXux5F=BJ2`Oif2_k6b!(Rvs!FTRx1e~W8c&j?VLC9#BH<Y{v6w9X
z`gJg09h>|4{`U@UdTj9344_3K1PGZbvJ5WE>*>9&zWn+sfuk^irLgWU)qVo>U9trE
z(b4{$j<mjnHokc9q>H_=rKJJ*(_PAwA73;1@zR6)@bIvr%N+YjPc4l6E1%^v-iQ72
zXtR)%v@D^M%(Qn8o+Gl^EV-$~l|<;fR=)u>SOaX^D=l6WH>hct9H*Ck{n0I`tnPZX
z)@5-%OB3HnMf1~TLg&${(}V?KM7@i;^KoD)Ui<surJ^-4V8SdINnfA*T)Y0$c$DW?
z)K%GW7z-BS*oT4zS9W@jv{XjXM>l{-L%tUYM}L-7fa8UzHo)bdb`{x`F4ET#a)0>w
zyTgS#j%=A?e2w(iw+BjrM<>LsG?L@bRo~9n7%#04k+QHNIDfm{F3t#b7!h%bx=PDz
zuX@u;c$#0AYVmk2s20Cr^Fv=&tYTif?7-WCM!j&QKLnhdYqTuit9O=IM2!;w#94o<
z8;UY7h3xFE{6$@?k5+cYCZ?kD6b)gGIxGO!S%9!Woo#VXro=aMFFB&KU5$BgYw+d$
zD>`co`da{Vq<ktL@z0zCB8Q2dJqnlEmcD2}%DoFG2P=$?$4ew8SpEHwef_gREr9jE
z+T?;#@nGSbCX37c8^Scj6nwny$Z|SQl;8He*D>m3M&RAcxGsm(@VdI>gdJ273=yl-
z;tRb;sKD!0O-6gvva^<ua<%{4VNrL9lj`P?Q&%6%j%~3B3S%W&UZ~4h_h{C;G^=pn
zf!k~inP<3>VVRm{v>FufdiBJ73g!j4^UwQb6E?qvv8j~F1QeES-kdMG1#vAwiSfzI
z{+*X?$RYUGE&#E_LsGE*<?v{D5pk|fU(?_SNx;bo&rZ@2jF=l}_Zr0n9rX<WOSVhv
zk{fj43D+@FEKt#P%A_S6%|?k3IUb`RZoYngWHr2`xWqqwKcQqO;VTy)P$=k?(hI$z
zv|77=2Yf*B_b~6+ueAkp0*Cm%*vm6-k;t}duRWDpgO8UPw=gV8+o5Eh1bB{q;G_4@
zP}<0#Ilhe%c38Xcp2r2FdFDe_*{4d9i%dVjV9U_If31s#4F+L*@yutga4+iMU<-cI
z`f!hRQG=ElVqmc+fyEviZIBa6Gm=*Z=-K{;hOVY`Ac8A$!gF?=FahPaazGnd|EwA=
z*_*g>75B@B=FL3cJu0}Lyh18=^G-u=>5m_c&df+wPTSAb6vAg(9ahc{ir6vXk8OIH
z%l*nein_dKk!d49pO-iCO_L7Z_ogs2&oY?f3p?9uAsv!A7&iNmFra`wUH<0m7nLQ&
z&lB<hf1!?her%7qCzh`K<3Tq$LaT@6t(e;(1qY(=NX>;|8y12>$A~>vjc*_IGY?PU
zwX=|_qYDP(eE#?_ib)EsH!wT#Ts1!{YnZfjugb@1v=<flq2XeE8e;kwjAo8*Xi>a6
z_o~lA;X<yf2d<|${;+UH8ha|mY>f@|0#PTTjmI+c2=X^V?^pBEyySfd+M#fCldQ_!
zdQoWJQocmbL#X))27WVLX=!Eq=X&)vtl4(Q@Z)r;l-#gBjk9yv(=?(8atD8sbdikX
zjSY%HoVl6u7{Av@nr{-b<r$UAA1w212h$9-TtEEMZ8+;VmUs%Lj#i>zqs^3-_~D$W
zpQ2SiRVrpXT8-5H(Z51<_47}SZPYom1*_JsfiuUaa+6Y!LiP+|m-I<)rOXoMVwJtK
zifb_raOWOg`3ipk3h%Lj=kyD|pHWCTJo`j9S@>~Tb;&Lc>4tC<aoUol>X7~IsDJ%(
zLRq`vaN}d&&=*$aq8(ENP|(DG4$Z>hHt;4Ho<AH8S87>OxiHvRd@I`EvbTx5Q`sjx
zA7PZTdGd+V`MYTOtE-_4fD{trhcJq|wUF4>z=ExZ3k3Pbcp3wosb#M^{20y-AvJbd
zl3lzq8w1JC+Oe0~H5*k?SGo#yj_V;3o&!k2Ni3X_6wPm!FgQl113#qf2E+YrS9Op;
zi`Vof@NCL7;$aRt$m=6;9L~h)K4fHa(K2BQ_uQ;;{&cdtd{AOAoF-@S0H~uRl^bf>
zkFBKI_vI)cH?pqlH9rDAO|xb49^@7il`cVP?0Gw@v?P}~F`v{>Qg9XhNr@?$+b)E{
zP2Rt25pQrbLN4ZVMWZ_sSMh;)m`-72927?S{M~l7TTr(cE^%15HTv|uVC_cL_43oT
zu#k_<J||*Ym)yTyq*~T@K;MNOP73xIco8B0V>ws<*K!8lk=c3QM@dVPJJvN%J9eUn
z3CIcpHJ-_AS`JAt%zJ(fgj`=&HRz3Q&JS5N{QLP?-?=~+8~}wT7<NG4qkb4IH>1)y
zuFsYa=*6<B1J}6x{gp;tLntCiO9NP4j0+|Q;l5yG!5&1!YG<S+V;%PKP+jFPZMl0}
z57`7X0bh*Au~>Izs=WGq7#U5>@OqRM^UaU@c4eVXmG}CA$<HyA7nZ?C^jU~Qfb-KQ
zY7cAMb@eZIiW~zbx6#3Z<x(SRAthuaB$#1GIOQi1S&PV?@>orFWPt7K8u!gCQ+KpV
z`DelhbXi;GUQP*3%YM8+q!2VtqdxtC&vy{6i*n!&By6VbDnAjP{-@4~-1L(DBajIx
z4bH>1^$>O=R<cfqAVG`?HT3dcw)q7wmC?cE#Z{BUGR77bH*_Qk84P}<NuLGqXBA~c
z@l8ujvp`B0TU3T?$1c<gX?`ihX|lgro<*NDPfQ6KlkrAU@y7pbb93{iN16R}l`-7c
zm$f&3t6JFSm1h+tZp^r3br$+yN5(u(lY<qBGN;`?5%y=^Km`n=g8<B#e$`EY!@a2D
zr*Aj#Of}vd^Exc~oAgJQrsPeqMdq3U#?pg7XuUI`7=0LDM^eYf%F5E~EIMnQy!kDU
zLibiW<j{_$75dzE6wv&QhIGi?IpUyem>i~&6$!I_u94}Fk<4sDooZ@-vNe9f6?n#F
z75FK~w*Sbu)>ov_hm2l?OPJ$LV8JB#iuI7?hEPHCBc=k_sh_T;&;h(a$IF{I<}g(e
z(bWi2Q7-pO>L(iXEv>qOMy-v@3ye0_ouRNkvuldLQ=<((2<sD#-8ax3?AKWf8`@iK
zUj%LPTgJI*vrLpW789kL>|Vgjs_fsi7|aWGcZPNFH+s`H`<iPXn-Lx%kw-rCAffld
z%SjSXf2gNgX`SM!6j4)9phPppJqn;PGTM26wl(lAUjSQkg5#QMAn6~YlqOZdBrsBf
zZFt?wcSoc5)Bm>O#y83xGJL0=fws$x$uX6+dvLEharm#Gn*;m9E*cs#oMi^Q>9|BR
zrI!Nk>uG#{5;bYi-vT=c?dD%$T>KgPt8KjPAq6UMo5Ej@Qt(4K>5LHrlZvcfq1yal
z?=W^Umo3L37bwMwSl-;1Axjf@F~dT&_-DtO3dvj&7Ck|=Tx+t#S+T%Uvm#x%j0EZw
zhY%~M69=k+*0hDyyzw+3%h<Txf!FoJFP><1mR6|=93D$_&=6by`F4_J@$;VRx+(!E
zO9D4|MVRqLxuR5t?w_@pSr*ht#9uQ@co54=EWOb4y$MpkVS+4%!pa9=xkih6b=S?e
zr^fdw1mlSq^V8kD@8QFx<A?VR6y{c|gtm4-j2mCZe<`sVy8j;2-8x(m=s8Yb=T|98
z935Vm+4_9ob`+?v5;MjK;(0u_t;gEyk9lrywCz%L=o~as{{&PNH}V8&Y17f0SExur
z;CM74$0G{Tm~-{!O6;eq|CgD#vog_joS8)!s-q_)nf&QGb*`+|+*yq1ItI^;gbBaX
zXofaRt%nw}gOjBIkKz{=m5l4Z6~ccWw<q9qu{qGrls6fn$dDaR9&+;7AK(nI`bNmr
ziwxZO&6uvQH7gg$)?fel9Nf}!+j_em$C5zGMRIasQL-1rJk#6Z@fSgDCcEP$dWjXw
z@5Kj=5fRAt!ncr)P<|D&ba6@Aexj+}SzR}7r>gV>X-vl?FI(&OyYn&XUys)VXKa{h
zSgN8bLzYSpt=3_yC;1ZovEfq^&CIE7VPunpz6W6pl(-@`_-L%5Y1~06)~D$tT)q9Q
z>sjr|tJ$wAMHDDEq(4Qadp`Zqqm<FgFx^;9wzsjJq+L|q^@=6q(WZYT-h0zip!hwT
zHq(Vw=o`0C?msM_7EFGk-CK*hG7jzwK|_>eIXd1y#u<`Rh{!VKl8GhHDrtM>eDn!!
zG>c}xMtfCjRBIePa#;TyZPCR)P9&C~KcO>sbo4o-eoR#Wg4+4YudaA9FZEv50cSeK
z)eOZcH$~qp(OY0Euz2<7qVjo|q3LY2sIJw&CPa3?NE8j+^tZan_Oh8s4x;h6m?YLU
z$ai7TIdpzoh@JI8Q+uB33i1Vyu3oS%E?HBnm))Syeb;y}a&dL-zLU}KhrTx|MGvCQ
zIJlR~Zl1F|B*8$yWKl=Ssen_=iRmVQPmW((xy20P=1}3Mtc3}=$BjP}lgxVg<dwQu
zeRmkK;h{_d>3LD+h-41-qk{2qr5mTOvagxGc<{WIIdYnSU*xjRU-T`%zuQ}9xq~s8
zSi`y62f>;WEI8kU<8wbLRoF)_^Y@jI?S0GMy%3-PDaMXGc`&bV6>%US_hF^o+V=H0
zun5TBL830Iq2ot;zms_p=b;?Gutg(fLs|b)4tbdoFE;2oGc?F_-X^q6O28~S>^!Vp
zv(@)3hQs;_t{Ebpl81P)f-1XHp{<8jR+mWX8f>X(s`h<Sd1)1$4U7c-h}7!kwI9Kb
z4WAVhYkBS6+&WrpG3JvJ6@Ay^l4^{os(Zg!+vRx;yY<PIP#?>tkYwB^!L96hhLd`l
zCo!qAPUq8i##bTXvJHyMPBBfr5SA9dVfF2NRiGHHR1p<z5zKOQKRvs2u0-DF5gVQU
z!lO5F^Go&RsWk6eY4*~=6obgwr#FF>;tqeT(r4pk#ia7JuKPnKvUySuWi^QZ&L%<4
zf7OpWK&d=#t1cQ`?LDso5y0t#Fea^fZt53-9hO$Xo<qowY;9-EyfgX4y_qczMa$6-
zPv!KaFy>|jll>v)V~JIk{dmf|Wm=vckELHx9X<JtorL0zF8GG;4AVKb^0&qTsiQ5+
z;j>I{z0(gvgotCIA)YCtvi{Nox8p1kq={B9cfSpTTdjPqO%E({1kgO6KLrPHxqotO
zAAiQB(>nq*lWA^K)og4;K&>F}`0Om+-mUwp7vk*N%E^6arMVOQSiGsF%tOP)n+v5w
zkD0iBmyuj`-XA>{r4gse_MmCzsbu1rwVeI;#sK?_!#j(td9D01w7UoaSFd(>yEs%q
zpLF}{W%fSDit8Uc*Bc*TpFU{9>oYrBL$dWt7j(8FT!BEs&3SExCFhJXk@MHt{LD<b
zP*;5voKJ4V)|)=DzitZdo)&bH*Si^sGTm{Ape=J6=r+!2>Z;q~uf=Z&Jx#D#n2-3g
z5NMmx<5BHAdo#N%eLyOr;x=?!MJ3HbdFiz6Sum*x?l6~N?h6efwqzm8as=E$BEM?K
zb0ra&eOS1Udd7yRot08c#WMZ!$8L$rg8)~%ySb=d>BFcZS|eG&_!T$5K94(Ws1KgB
zP92ma<QYfP(P$lhsN%6U9(o157Sc9?nJmav^u^?k&_X67VG~30OB0EHV0A53)ZhVs
z-B_ZCTe7e4h9i<};Ac%>AX-Dr9tT$v;dpib5HW=Zwg7(ciKp2>U<azSQ2V`e^&l>F
znBuFVr+k*yVOnY#0m`l{;kiGp=U<XMiyGYvSX>02jbwkgr(^rFz+sGQq|C602#54C
zVjXZ1s2c2?C~s0JLQDaFrMtuZAC_4yKGl^+@ak)^eIEbY7oBF`zg-R#8VYp<#!tKJ
zvWPc!EW}=V@h;Y>)p>1xGZ)C)*@@;)2esd$JQtJVdu_&;+ZFflSH4Ij7E{enUl@V;
z=zFvM6owk#IFW&yqET3msQHCzQ1hSdS}s=PW^pHAie1!;4Hg}O!*0GXf!}OX3)25E
zMsfl$u~ZR$QOV@~)Z@2Er-T)0fy=qw--c0&H{WetXUu?kM@=|G>a*U8F>i&)$&M#T
zSf|0PVL^AE4^@-0z*GYEli;zJ$Qub2v})`58Rg<ypc@@bXJ~PyN8%fvE1oAfT)m>E
znj_w2ozuF=|5Pz->G9udE5r*#*o*R&7yU8gST=V7ZNzuj>)wf<)B7x%SBe+L;o*H^
zLXuNg=7eXz9_*8Cact!b8?LC4=UjHBYpOg^^L)L(B(*@ao!Y#<vc+IMxjf0vf=i#J
zwlSD4;$S$OQM7VFTpO5>K=@QuH&EBOK=)sWhI@UL`NPQ1MGdY2Mq@SY=;V#FOsO!h
zfQ;^+VFFuAzi9cH|L~`dLIY4@x`gaVcVlNShV%E&oM<ZXE`I}}bROQc@DwS#SeG$t
z`DVs(Q+dR_w3%jT)InQ^9G#t{|7dx&_^Qjc|1&V_?C8<ODpUJK0$MBLn@@Hj$%56X
zF*OD1T5sk4bZ`NixRN{O*_Py}v4DUrg2ViI=RQNw^Q9S_`_cK3ZP8iOYi1*ur%w$`
z7YBMT{q*0z+t~D`g{2)`oMua-1q9N=U+={Bs?+Ljsx8RzI~r*k=>kVg(AP+>V!=G0
zYS}%&23SLEM|PDpQb)tlML)}A+Znd|rAO|j=)`3H*goZI<OsZ9qs+Y(CJug3q&YqZ
zY+zREVZ>?dnHQ~|wDi_Z9`_OJ$R4;$@V|s(c?k1vXirZ-YDNB}2(@zM;Imc7Yzyp<
zN)y4YE#nTl6x&IXNg`bUJzKnSKVko9BUrwn>hoCJVEe)7%~tsLvz8y<sd*VPi*>6F
zuEW1TqJl^l!{r6nRxd{-mImj`>jua%GPMsqok+P4skGLcjwi2Xoi4_|z|)D$l=2_l
zRRB{c7~B70M-lkU`c=`dfSg1vmMC->$%@+Q&zkChs7^Lve%LPv_L-2546c5%tk6Hj
z1FI|)W*-cR*AFSx-qWn|LRRRu;N)&!KW;kLk9ySbg~A#*t~rnn*eoBf@B5Mv;gJk9
z!A19_tM^V1Wvpy%ru!Xh$9I%ADxWNW@%5|E)DAJ9%rBSh?w8(EF`Is<_CVQ;F^GR(
zUyC-y$)==5E3aVii${mE2oU@Aw>XO}_W9Y9ai}r(*Lw--F$(nV9l6~%5p%9K)}87X
z8$n!j#y!S7nryY$V#>1CKONrm#hS|JBL!mSTZwt2f9Ce{cCfahO`cL+L!SiO#r_(z
z#!bWlLO*gP&N^r~MDWkc-WWlhdFAlx!=}-m?^rV!4WDh~&hcmQzr%-P*zc#g8rjZ&
zgmmO!Dw)X$E-9G3kqF8XY+s6Kg}a?-6tc)Bew`<5`wXAh&Xvb|ML>97WN<S$NW8vl
zv6o}D2w~Af5VJ(a*fL2NuK_`+4@r+bvnsy$UFrYQESfQTv9LL3NBA|1ST}lBQrq$P
zNE821UcP;$IS)pcrMa<w$wH1K(7-JmjNcB)l^7z-sI}76f7vSKQ#eF*mjbfnyLOPJ
z;z?t{>Rm-0#JV^Bn%eoRiUIDZ!)x`Z?WPh5_@VHM1LBBbmy0Hr2E5WWgVOSK`nzNU
zqr*Qq^Fv-}d)ZZfCNDe>T}J4t8mVw}G$w0J1xz5)!@>u7%eO(hv5d6Ik)gD@_{zIE
zJBvT+N?7@1630-mU!&H|{uA9F%?#ZP82z(6@2H;ROtS7IQM-;H)V+~|fcod0w^tV@
zrriqNZ!PbYie73TpTNte1diQ{UVM>F4<c#NzlF#-l`dHv=3K;NX;LJ<EW(Z|?tQNO
zHzSd;-Q&E02_cU7&|Nv&+aybd-ZX|?<#F(EwujtgNp)gXAcwY-SVMR(wYNW1JstD=
zQ<F{89_3}HQ1jH|BOx#K)-qD+OLEye5y`?}UZgiy-OqH=*hb-Mc<kYqC(Gn~rqp46
zlYMcRr$Fkpfe3&H=nc4uKWUx2>DrnXU<E|XYkw*pcCi;3%v*a)QlP{j!NL;54=C?t
ztly@HQT#s3@VfMVPS8jh%=x<#*x)zN<{=IuS=xI({8~~TH-?SO{so-}>Gv@Xv4+fm
zSfLF?V!w`bvB~()<-Bm!oOm`q`K_C_LxeMyA6(9DN3Lhvn>7TnmL61XiMdy?p5bDV
z%0w+|YGJF-)IZ1VcKaa5dK;XmRqY+=XWZeBsNiqmh%VBVzC8ZB+BTZg-T_|Q;@fe~
zSNs~s*RdG<?@yRnPcL)eNPkk#0VN<YJ->P?kwarCQ1t2L6WuUHJsV18pc+cq*E7;q
zfFaw{IcRZjXKwAkZ>QLP_65F@0Bz|AKRNWvXf?6%Rzp<^xe3{cj)pEP^Yi&Xr_N8X
z->pBSet2CzgXEjF*8XF;%QuL1J@7ynzpYg@{#+TMzfEeFlI7K`{V+Wtoh7({ghZ=j
z3zf`pRFV`D`6WxGDCxF26?T<Ca7duYTyY4N!1-;|z5*qc67N9&IU=Tdyg2tKW&rwJ
zvhb5&%0m=i7@Yp)^G9fl#oemQc|WY|m{`p-gikR__s=uA7YE&0hvZJ=@q`Q-Mj1>q
z3DRlXt6l_NBr!JeE_Z`(NkOlwceET~FccAFNgqxk${=c2B=JLyjqC9uN^bN8M*D6@
z@QJTqVeCjV;u*WL_i1>4)(l~|0em;7n9uzUMJp#r<6Ym#VP0PuiA!v*qRgb*eHq#g
zTiyLV8UR~!WYMowpgRz<EM(d7{zZANR&(JxzuAZO0@2t0%`Dj?U?a4v#mg4)zWG0Y
z<20WkRrX`Zs>^QQDt%;~HEdkEB4i#8k>NRYla)`edtKIkj$z|>`^;Sdn?FQd9I%+3
z<*=YhZ)AB`k+OI3ZoYk3Hw$yRvqp5@^!N5H59X?piFoEdgFi#LwFykf7rU+I9BwTH
zCqW15zCp4}To*sK_uB6#J$d)``xaM{7L^L^dw+A`F`;*KW@UZ|G=Tcq>W}1^%?{H)
z4%{*9i<}fGpLy4gH|m^o7I*_vWBip}Fz;T_J=pN{y!Mj(+j%%|h3cP*%uwtC2G_lg
zheWufwNfSz=>xUuB%lv{&0FU7U#a>Bj$d3n@+;6)*P~dFbWTQzN;9l5$Q9q)m-QXL
z_9hlS6dOM4G3Wf^@p6`pJa_Ck(i)>^?bXUgSNQ}tL78wQP(wtr?NfD$i<ZTB6HX(4
zonP$$>Gbk9KaWFO?-H%lhJHWw5{^iDt=mXQ&?+QjE`m5P%ts!xR%+KdW?Ty96AQ1^
zMR*4r-@i7);fhMSI$i$^y7!luj=`7I)iS_jO71>&rL_OfA$NbxkBj`QAnT1i%!Q(}
zHM$Pw<yJ{<-WT^>vi82w!EZh{3@JI-+(j3O969K6eC*VZGj0CW&-2j1n~OqF=i1|+
z*@WbuJPw)#C}}8(b#kdMAC|GuMMlFYm5FNx-N}^kT*EOkuE=XOK&C_a1v=<s@YBbJ
zica6f{(Qr&WX3CxJV+j44>rSb9L~@~*mH4SEc>SlHRb);Ixkeo3@wyusFavzTyhF%
z?A>$p4otj-8%=K+>Yj(dpf*v8QhSt%sk0-~CDizA2!B>q%a-Cxg6j_6w~n8SO;(OL
zm|s2kp&3Z4g2wbpt`wP6BG4+~1)IKG#-;>6F|EkXuLo6y^M}h(Tz?!8dwJv+3ZaHo
zHru{HS+=3Kt?UH1#pMgH*De!brNXbczgsktgzQpv*)TBK$Jg25U-ooWuC6w=x+M0R
zlAr0aO!7asvUixik-=r;4@lna=*F~&d0E~t`TjMfar#I7J>dP>7atDm%7bG@cwguR
zIXQFN66sc=_=9Mw%?Bb+Mrao0OmI1?9tB+sTWfD!J%2TD0}9u=r8X<T>#5TWmb6s?
z?do)I|7NvJ9aq+>_phdAW<P;3?_w2%NJ*Uk)!f#TJ0Y)#h||2-*=H6X@*Kd|*cNs2
zm$mn9R?o<bSygCYv-QQ?%g`tt;kjlKB{PLO*cpm{MFk&Z#I2&9b$ob{E@USA73`Wp
zY*70sOZBTtb&NtaE6U7EFAO1SNW0KWc)o@D*K*D74p~iqr1BbsN1uiAqBmc8S4-pc
z$h)Emm)QEWl7pu0C2m&wyTgZ6hd`c8*j_|pn@2!pDauKlTA}v?%iRvD5A*8i8ew<x
z;%&$IrkHBCC_s9iEp@y*@uqS5;&`<3bth50d*8NZf5TG;<x$gdh8K@38H*-uKRmx0
zTu92nT~Fsr)5rK7&1K|<rN)du1BeGVIy(RVN<E8%GB=3fTiic9727n%=Mp`4ktwTX
zRJK?UbU%Rd?Nsy|4i%>D=7v3JMbKTK`zHFIu*cfj9-=}lW3m1W`CKw9m=}8CQ{(BE
z=H$`)A_DtWpLm>*WFaj;x(Lu7p=LCe11siAgU4!m;?)x13SDF#HR6q3yIAZKLCy53
zPOrXPJm^>)Te5Lm`Bs(S23w1osxFv~Se4tl9KlfjjK9<t+d}&iOOU25miN0~P>y6I
zXtf1KQ-+{gS@xi#7m)T0{HH0|Mu9^zbLaMp1sXQ1Bl%J>u2i94mL4}LGIn}3!I1#<
z=ID~N7cog>%BZQVTk69af7{~$(ZAakO6{up%=!V}adlkPn|N>1$ldJZdLglG<ULF@
zerBy~U)=25^CIx%_a@7={9Y35G#Bk<TOanpo21STr=(EOws^my<t$&RoK4BzG%7oT
zC7YDJx!w1r83&Y#KR=`qy-#yJHO6?;;9W_RX5$AyENX8oum%G$a)&2q^5EWExu>mF
zs~yijgn#;fKEbA<w)080%fj|XP1c*~44ra0A+ondt8NB3V!)?iZ^dl6sd*6GSa&mn
z&WKnsI5i!2qYf*Cr)FE;zt@c*?~prxARM#E<GQD(axvh4+}yiIe+x3osg<>3Iz7C?
z+QFH?U;20_OL@eHCFZzXyh+Lf{p~;5IxCRZ`4M~4SD{>{?tF^>dbH2f(hi(8U7P1I
z(ktQQ78*)|MTh<NV}~*BQaSLg{Gh8_^mBxKbqksi<n}NuW86)p;|)nlrlltYaz7Rg
zo<dM+DHIIEafyvOpBg7sW+jhfZ3xA1I%|jh?^jkHA(a!mel1fhm4EoD<g6<s>6Y`>
zNc)$4Vg58%_dh`1%HkPv3+wuul6%wK=376ZPM@MZ&4jOtSBVFzzR`r%4&4)x^DkyE
z&DR^WaDt)^nCiLJG)yiK&UK594IMI>#_sRC&Vmu`7XLih``WxyW&_!F<LomT6x1S;
zh&(>jPcCY@rLge*ZW%i?E5BfYpDs)~X^DoR5B3@=Ef}!T_^0Hbu=LmU;&f|yG8e#(
z7t;zWn4zor^(QIo<_TUhBi%`3?-eshnbu7zY>K{Ssn!1@!RKZytEwy-w|mp>dv_k|
zt^6<6P0KuH{=nAl?<5~eaSe%m!*n>*vN$Ih-@9ft`E)&h`Sr=GuRlzoE;QX@k#4br
z0#!SmKf9R~ND=f<pBS9+=y)m;O)+uvkf4H~i-S*Xfc92`t^j1^GEA4;<R_Y7m?>Rq
z3hO6I<0Qj-6LZj#(UKAJ(&1Swr%>Tg649A8x^3rTt0J<8j?(UR&B3y-;Njm!niE!%
z5h3x>(FR^zimiKF_uey@tD*$%#?DH_P^SOC$KM<C{eku9hRip=n|H=?D}7jUWMHD7
zsld029A+7n$fN=+%whXsyC7fpCS$6XS=qgI2Cx{qH^}b_20<SbS(108q5t&aEoeB2
zl?U92u_>9AVQYAb{xdFm{-h)6T4#yajR?eu^T<@bK2(^&>g{l}h^pLg=}#d!gu@)d
zEN63`neRu2Gxt(4M-bcMti1YJS@kP^nf$Pw_?`G?J<mU=d=%0hc`Y%$vV2haw}~45
zf4I5|uqeBx4I-c*4bmkgA*gh&2!cu~-6h@9xuk#+Do8g9DBZnucStQ=OV`p1yZ;0F
ze&753&vp5%UhY1-=bSlnX6C+U=C!bp^4_zCh6Yfp%l1TufreYJOa0Ko^FSy5h2x`%
zQ3EgU8sFY3g=-RkjKfX&x+n5Ah*$js3QZNCt_IcZly^hE%ckT3(1JAN#cC=Gzpx;t
z$~_fw6`Y3?k2dbYegWYcK=FOCkAM-ffs@`DHcWb!SW;+0wV{dGfxqA6Wo6fXi8BEw
zUD>*xR&aSWoOq^q(|%8l_Eem1r*CX54;;l;1ku+^)l1QNG<fVI8Ca^lVTUQb4PZNP
zaaZ#LM6FatOE3=Xj0~R*lzjQj{Gn=*azkbV<3x#W=V7Fuwc<o_VT`{7HNs~5K0TI?
z;CdZo;EUVbgHJoGP=(5(N4;x7Ye7cfgJeeosE_SDB$B=A$4so}c~Z;gm^=w&HKmn#
zZi;2>s))XV3;*vczJ;;Ap9!N(S%V+F3y$uH{VM6WuhWEOogabEbX}V6aK2PTF~K!e
zlmQXT!ns=*@SCl-??lW9uzAk!7r63_b~uSnzDpb%s-wxL)9;vaiU7g~zy%Q(hUlz%
z+Oy~ipS?GBh*g@OA1fiJZ%oEk>C{g~9GZQ1X2d9@hd7GS!_)yF;bp3rt;u#Umbi+N
z<CDg^*`2~clc1T9b<zCCFP^g%b~I3(z83C%KYd`?nPYIL{5#8!2aHW=y4TzN$Lpco
z_gOvtysd*uU|$iW*d$G*unl}X5E*=ae+^+PTAoQ3;m;nH!%XK!QtP%oS5ibh8C61W
zvPW`$4yt-|qO&ciSj?3p^mXawCfOox0oPVhM-3GWRk$2fPBOxC+l)5}N9Oc7l9Mk$
zN;Qj!=6Zb6;TrL0LR7TRr895AW$c#hopAuUAUfA>r&&}U@e~Pn?$&s+_OyCyx=Unu
zaA?7MlbsuTZl3#{bbR*=qBRQsQ-8+Ov6t<q>C|k`EJugh@_<fT7e*F-q=?V~-=t0H
z)RC)^RFJlp)y_`?ip<rBSix!9efm{U59q#bzH`aQxmCw1O10>uaT>*ee(#q=uIIc(
z@zv%@o{o&pTv1)|Zp(-BdE3(pV29g}Fzx5cVB%k|=YtPV5?B@MeQEu4nXyN!1$)h$
zpq2XiGC3q)?7MYNN#e0sS?wmSZiYy__i=7Y095`eI^)&R$PmA4Y-J&@Um<-}+K}iP
z%{|Qb`#};05^l=B(|<{FHyPn$OwyDKTacjf<($t~<Rv$}KiR8mE^w(DpXE9l?9@U!
zoVOllF*<g%QAXQ%p<G`9DsZU+Gk-uQr3&W)cGW>iZVnvE`y8ElG;x0B+=IHQ*%ybf
z9TT6btvWqSS-)e_E%tHnFsg~wU*T3(YoH7P)odfCQBtcw$duOHo<|*Q2ig1?q>Z!)
zMjBg0rCUk<4$$>G2*)lKHgsxQ!@w!+t$H+HDGjQgIMtu8t3i4ozKN>uPV(I&9+Ow*
zU8Ktz{N-(Xy$Rm@&-v9Q$l|F|C!`+5=zA+}PJoxO6&a6oMOWr}6>t(+lzu+ute1I(
z|4e7s=i=a2UdZ>SN&be=mm6tU@`!{Jo=3gSEP--ZqE}9$d**Y4h2L)Nsm}c@1UISP
zmt+rkdpi~*(qYAEtxCe)XYQildFW7ihNaXF@(Kxw(ebk1Y0z4^+Jml@_gik^9$<A)
zQ=kY}UMFyx&K(Z%sg0@@j66%V@W@<6B?-%IgDX(Ss6vyU3vZhTP|2K2B6Er^qQ46W
z9;)8;BtBx!4H`CAfv9`lru!{TDxjIy^tYAX&0?>}mG0Q8O_gKLoJ^tY$OvXQCpF3n
z(db+i)e5{Bnk8Vf0@jRLW)q0YJcic9_`w~0soibINa$%`TUOTZvTh<snIMyk+A4;`
zBC;g)1b>ohoaSk{w)@fmiROHHo7rGb(^8kP(k`o;N;s$eY8Z+S89j!Y*=;)}ncyME
zHMmofPw?kZGu99H7?xN`JB1rKLQc=;1f8DM7XnreDvAB|L&>{`K|nBxV7{^LTitJz
zUZ=a#vQL+bSlL2fz}9&S`CP5OKP`qRR;@pbYfx(dB9kV5u6_-?n-u)rxHqGfmX-)E
zE7*CPNB7yqW_$bunlaWbZ4^nHVS{9z7yS_|e{51SrG_(KjfrN9vY^3gO7cI}!KgqF
zm9<UhJZPzUO-^|gue^Cw9EX=~UGKAzcJiSqC?nF0I-Rr_bU0wXDf|=mUGLrsGuyYt
z6~MlUszAe0W;lG?mGhdHtv_k&j`Bsp)<fd3YhfEECA-;~e{b|GX7@rg$3d-8HSc4c
zqA+YH%x$QB!iIlJq|PsWwpoKH+n{<lPfwdO`UyVV?n7I^dX_&EX;Pqpp`4)kB`)vT
z;4N|7Q|zt4aqI$&1>apn&7N?R-RbPEDAx1lTFkBc8>UB72xkFo8~n-Jnz5}T!9Q>-
zFz}rw*KN|I{Kql1$v1G-3-YzKFq?PEt48Na1FvjPs-{Ls4i$Sue>O2>sk~M-H+4ok
z?`r{QI2?bD(QDlYT<1EgGtmQ1+?YzK0tE@~IOTe2!@{0mfCyAil_jtW9wW|-OBF$M
z_zIOTHh=dMR$fr850AuLG+V;rCz)#cHD*e))c5hyo32+p)+^PIgZ<a{T&=lMh)%iP
zu*mmY^AUiBvFvk(>?<_WfNPw^@UFGTlbfWKam`mdE_WOg1M;L*Z+?)P{lR=V^@Uer
z&$@oS!HlFMcDv~9Zyf5sGz)&2`b^x`BPmzH_5E~pAJKlkf0dAxlm(8McmuJ!_!?%6
zd}vdw{%8BYe8+p^1_jV0h=ojgX~({hmQZiIYJF$DY4|$(n$Hs21vB2XO0?|3k?Jbr
z>~PV%%I}jL<dn&|a8Me@EWgKzL6%oExL-^%Sr{)iUPsTB;Q8Z+y?s|~8&lfso`ae3
zjseM9&@3e<dAJug@oeb*UREN$<H=o=P>$ny$O`ROw-wv{<W*tLfhX0I3&w$P{`8~z
z5jYM(aO)Jlx#-aG)eci-5nL|C;1^$czMIwBSl<Rwbq#PC2o{2CB3DIXPt6xtc<u(8
zNOlH9mIt=KB4<mf0!UazE7f0@-?HR7{_6ONQy>9(*7Q({1YbdDn%dYttf76GG@07h
z?kvGm+3a-!`wOhrH-lNJAtI2*t6*31>6AQ77uhk|Hx&@mhF&-B`I;GwDrvj0nfi#`
zAAhZg@xMa-fm8k#O$0vUgE#&jS?Ag36~pY;8xZ1Cd7l41LA~_>+-+7YRnoL<!VzY_
zVA3?2l!EL28?!?++3qw`BpJ^~ThIbuXtsF6UX2dYnBX3&@>o9i%@D7d$4jw?({f2c
zixGP|C!^Nul5wyn3oW7MtpSm@e)wH|nNQOUF{b_KgEii%MQ<)EoO@C`z4d-;p?uUb
zC)zZfnS~v#y3-+QaSltDq=xl99E+ZwJ`L7ASAW5UtzLpN7amWzCDupF=QcF*Bo=#D
z=2h|&#|~y_`uI=noK5oJV6GLx^mh3DL26&@2D&59p;fUz9@w3zLb2LI2fXTXCrj8<
zvKvQ=vk6`dGa8Jho`?byKY7r3L9^wwoqPMYiE7jvI}#uV@Nnhet#b0x3e%;CtNWmf
zE>52*w`L)9CT$H_?tHJUntWNm?~}~wTZsC6Q-O}e#|WIiMu_nrG8PTxX|eADUT<k=
zSLekt@=f@+nLlUv%6utanWB+44z+b`6r~%nDspP;ctUgXapT%*I0QT0p^8jzR|9i`
zY&3FC2qO!YN`o+Fdlz{>FV;tHQZ@7WX|;9po<nc-tCQAE`X2dxv0Gu-FY-*IuV$|b
zh1`6`x9&aOZYr6SK$kfkc`z0Dj^J&+f8a6xxTqf9hej%-)iz641IOtvZ>dKr<TKh}
z>#P3fgoy%twz;(LIO2aA#%>IiICgf-W@$~sQexcR`bz>Ht+8=gSbz3jus+N)1@UC)
z?b*We@-ln|_xWgWHf}`-P^UpXUz@BF(+*c`XszG%RTX6lvh~Nc_4bR*p}3_P$NX2*
z;|Zg}tRl%m+8WmtTI8<FJvqWyhCZyP*A3LSRM&M&ow`#aW49<AuU;S{ueoT6nSbi4
z|2Z9Q`@Q1F$%!z<4Tg4{zCZhzlbKugaMdzSOgSW`n#*e|0<F~P2qhqX#)#1IJpUCn
ze=E1a6&@jL+Fai;Gd0t<t`F(m)u=Pr(SQDF=zfN+|NUTXQY$D~b#nv?>L9)q7GIk&
zoTd+Yb|rC);OnMDQXL)$6Q~PmE;^GnVbe>bHyld>3LJeX!tMyYc4xN|z{5bcF~srx
zHutsEciypuFx^kA2cw9X9(o%l^9=ZgUr~6`TL@>b#-BWs(;k8F?&)_nY_rUzT}-S5
z5-{De0N8-COhW$(LxiF!SF2pA;X6er5_!}*&rB?9y~#y-n=G_)5RNc$od80@@ZivX
z<ND~llJyVdAD0RFqvZeGzwoRc(x&A#M`eukAH(RlgWx7<EO!#o!%f-U{;(3S8Hh3}
zs{j5@=~r<w7cuyAST8aQG`$*Gz9$OqwcF|lrJ<&F(n|p&l<55M8c&lBpGjxu_<K^{
zyg)2LYa%np=UOiXJnZJ64Gb<59zX2af>R)F_GfMwo=%_5KbskcQ@Vm$?O({*9G>;B
zj~Ntkb{8=>YErY3rYT>-`cU;(3G@S(4kH-8mIrd5N~{?S-!x^SnQJ!q9$%OiJ>aQ&
z(@Azt_469#mw%IS3;TMcUtXI1VGY+jbsu-jHMvHgHHl6MRP08Tvde4Ju7@Yhe>&Re
zic5<Z?UXWwdQYI*RcUwJ`jpVVBfqi=i0rktu}?G@H7&M=rHM8-<oH4ur5L1Y;uCg~
z(_tms(X+VEx*!6>4dX560u@TE@wcpf>}h;``q$@P&~C{6;Q3}L#AiL7Z&}Al$R}*^
z-td-?1EOh1yirykKP!^+kpITK|2xqXMaAqAk!b5qWDgE4Axw^Ee@uA@y2Nh`gCJTz
zm+T}=eGE1$al89RBr_Y^2nJ@{Gp;+APx{E8+l7cf6-0y5j?>C}HQUC_zRMF)9^_Q>
zjI;Rc;jrCuGPQ_U3frMQ_19so;{<zK3FD)|YOICr_O!8+#0T%l;Tvph)s3u|?GLWa
z$AeAOMTD%}#&!+Wi|tM3JCKn-($jb6YQ2)~q3?a2V=2-L%&L^NB{1{XA-B`pPsI!q
zW!YV+p#D{>=8~s(JNBFlu2qbIk1sCdY>(0F$iY^WTyJL91?93Y3&?x4b+vTXe((q{
zdO%48w8=7~=q-Anz}u!nWp5eqWXRa#)9Mbq^>>BFg#G}YSK^)}<cj0A9l;D;H3c1N
z|12b=#K<nVhRm$|gJ<4mft3j5xVZkQyQ#{gfHgEf;!|^WngS?^_p_kUTo5LwWIHEW
zktzs%><2fQQFjXqF6?(ms~*1F6bd7LEn%$$=T~{bNacxU*DSBw;H8t{_=y%2eEw-U
zn>UBoTpok%Fr~}QnVWB8?z`7kYpkzKxY(D$Cut^&tP6Zl%Ssh~A;;ymh%B{5nJ{XW
zLOqP4V0~PbcU8$n1iK-j=>K*(??q3U4*S)0FZTUrs|pBUgs;D#-d%ePAmrYko<g}d
z-2^G)2NSX5d7iH^ej1<a2gsDy5`4~PC%3IvaQG~xon5JJ#s3Q#yy8;{{(U`8{>f#w
z$@si_+vJks;}<XLs<jNI#^0+fl?MjH<r2iKTK6+O8jNECwNq4P-uqJNPkz3*>de!z
zl0$YzK7KbmEI+70HH!eBd`Cp@MtLv#4qc_!=|8qQ%Ux8lYhKU~^on4|&cRBda_+mo
zi}FNGc;zq*u??}MKeDl_sQEputDNZ_c4(^o{0HZ^!ZD$P?EOV$_3G&pE2x|fP!f8P
zvtuu4PS_K6wjrwd*-SD~i;3~fbN_e&5=%p#s^{){f<DIercC<k_v1c~c(}X9{sH{J
z%NK1RVIV=#z+DiWl^OA|G9SH!w{2jd=J(r42iMUlg`C>v;SO19dWt(B(<}C^+?>Y_
zCrwjKqs^;<aRmC#rKE;5kxoJbNaomEfs1M(8Y%l2NAdF}$R@_esI|)^-ciY}rqBM2
zlyl&jD6;(r3ooAOOqSb^LMo&dfxf7-59980DCP=fc!osng@h8_*!Oq-dfvjTr_5#x
zW`-DWbVXbD=M2x-vZBMfs@7DyNTQk^H9aj{!p?~mXLPtb)Vu!f+8Z$bPL@?j;GRM=
z4TPal-4@klQ&nbN!hktlt=VdVck1BZfgeGuT@kR%6V)i@eY+3_Nkv!@yX$Xw{4l4p
z#~}`Q0Q_n0o$eKBSNi<Kt7BVhSLeh{;ACo&O<T%853}&T9@@C#xT1jmLZs-E?B?q@
zioz6*K!L3`R9gPr74NH(yu=f=yP+FoqnxgfdXZn<nGg0iN%aZeU~HFkW}Jaex4bvt
zKL%H@<~tw}2I4^n?VaQ(;Y>Ya_qF}L#cuC?WIv)RuXn+vbpp?T$3Gw#=RQX)R=$%a
ztT+|pN!Tkc!<F1GS*-S$TR7un`6d`TQ$59lZnR%PN=UI)=9eg;tK~lS7LDBi_&BU!
z@DjOr^=F%XL9j4q$}YT#{2Rx+7Iff3Z>mq=PR3MuCG&M|osZsL8orFsfA@hMW55o)
zfiGBFA5K|M>4%$EX>Ow1<HA01zSo+gt9g4q<!o2Frb2na#ed?3d27Yfi5^}3OFPjx
zE^e(%4@jLvxs*jnalnH8vOU~$ux_vMHG*TOcV<Ck$R$0=>#XO|!uU)<4Z>lL6n|_f
zTDV%IT0}nR(&cc1{VfrPvcDDV(H?dL4i(UMtq;2&yPwP`@`?sw8QcWUM72$@AX(iw
zCRBIpkUoWRQu_EF!uKfJ(ov#mT6(3(-{+T;zM&M7Dyq`_0$@@hO%q#Zia%rhb6*bH
z5fClySSQ`9;_19v^*<ScAnej|W*K${aYyDY?+P%nb{-X?&*tob4vyTaiS~YY?H9@9
z0H{TW0R{MkylY0#Y2JoW`Rv_dGz)8BLtaDP6?65$dPmk4KxAyLZx%zOoyNKPOdoF$
zv@8~e)a|0sTSS6f?r`4b$%e#lj?!Luo*ZwFVBTWGR>YUzKffTl&&y>t>D2rF;_Zf<
zDHS^QD7}2+#IZtiFqrnv07)|2I>o(NA!n2MRtLw+_5+x&N3>|Gq|n%^a@-ZjPdHl`
z`0)PE6_t$|?4ymD94A-<n5uh;C(?R!5Xi){tS&npm`mbp9fWepp?D%2g^=501bY*m
zCsJ*9F2cd8ByT4F*LGL|aoeO#B~%zj-1YSJM$lsJX5Z_=W)q_a(@#<-k59H$abU1o
zPcLKoXSKYJk8aINlB8|LX&nti$9}HU8i-$HD^=9g;Nx2*h27LJ?c4pFwI!<pY4Ut$
zu|2V=*{G<M;61ufPyPOnSedjk9`-a9iJTS%L)`|);}2<mkQ9XLZavNtqT^J70_U85
z1*|N@%7w2>bEf0^(4f|P;}^KBQS2_9nM;$>PJ6!m1W8sKx2F%8b-zPN@$|6})0m>V
zs8*}|!btazQG*E0{Sw{M>UUxHv2CKKSj(ty^X?8*i*E4q=}kHtCFv`>8!Y;;R0f?|
z6WrdrH%EE7q|k`V|3N+@;d$8yO&lUSJP7}!D99PW9X#qv7He{zHN+lk3v{C^Hi};D
z+F%=5w~Pl}wL5On{{rVuVTHP|jnhWu4Yd}97$9&6=OrLM&t-G>^IOWSpv@lnaLu^2
zg(y%FDjTei+i*X-3)r26PXfAW2G$u4J)FCL*E($tTt4~Q+T{}+qC|Id9DOO08cY(m
zKdHa_WV0=oBn#hp7V2U@(E!BNzvQ;POB6b|ICh&z>bHe@diY!-nXNqMC%SuPO$*y8
zvB_|lX_xs1)?<wMW|aV|a79PZWvj-x=uonkSd>FN6&F*qt$S$!D-S#7<=zIBhcJy<
zjc#!%7J@$CDM`W*QF5%L2zI1jqp2aBs6sm<(tT=^`^NmBS8G!>KPH5Yd1|+Ggf$J|
z<Y#`s4fILH8VnQz6={Ks{7f5=^rs#hyvR2SZKMDp`zCJ2Jkl?&pPA8#Nm0D|at4M!
zgz|_K-&Jaz9|OO8vBK0Ru98{O`NCqzeJi&!#c05-owJRO5Sa}?!N5h&mHx#(u~_+z
zd-ErPDadfp_uqPA=|ry_fu`h*!#-!v)v0KoNw3ToKNa!wHX{ngBT`YjF{EF9|Cz+{
z?UNj3sL$+Tz_DbmD4&{H+~)Q4*}s`R`kAczI?yuIQerA&w@H=K1@uQrd_jp^)Bb?x
z{O89jY&vFd^|I_UtZi*&uo;ci@bc;x0*o=hmSA;}7(HJ#eyqe_wL~f};$b%3>+%Qp
z0G{?F7Dxx7>b-;iH}Vtq&NgK4^(C{YJAsFXh`Ug^LL=wGD=UCe*;SRhv#$3lZN;zH
z)XW<G+9JtRV<?*Mf1i{XdJ8+^e}N|;Jt*}0JCZ;$4(_~a!T)w3fVN4b>DSyak@{lE
z|Mh3C|10x`HWm>0*FFA^1Hs&*3~-%Dp1cpN$j-gNeZp+o$=SkJW2khaphcx03EFvC
z>lfFrsT}9`$qW*PM%nS=eV_L8nuaV16VJJZoBXk*fC(_U@elq9+R044ZFt@<B>CCb
zJG{`9&8YV$4%4y-^$mWc!=ajcpN-JQx45>Obn<<5%YL=u|Bjw&3zVHZ^w&O+VV4%8
z3BL)I{A3POHoAsTrO`E%E~hh2SvBFyiS!zMK$c5rsCV8C=g|809|xtY5<W8Pgr3rL
zvwK`7C)SYzeipH&L|>u+s{Wm6dhNkv#XorcNrSHYkFl^%4t3BSyDA!h?f&4wJcszL
zC@UKvnD-aJB=#s=lnNbY{4;wHeJ$C0oDC3+aysRf?$O`td;lm^FmeZg(Egc9Zw(L0
z;(y)`d@57mTG#~sy41`gKmQwOUioxGIxG0=+&!2jBm1vY>TP)qMdr84It=}d9({pv
z092=&1-lmH^U|Av%Q*bSmtQiod$afwgkT!}anUe;b>hD7v-rnF3n>@SQ%L>eq5*U1
z2MASa=of0f7k@;`5r>!_J4-6`WsLGy=^H5LX2dI7*8;|xSqz-HH=-w<NSm}fj{gvs
zb+j#PqNp{s@{|riU&#d|UFU})WSb^GyRK3H{g(QEu^F+M8QP1^E&8I)d;6|OuJv=*
zybEH=BT7_mhxT8Ym9EXJXP8_kyw(N4e45+YIl<=YEuC@BZ!HZ|F`VzKHwhscMjxUV
z$JrlvRuQ}mvF4|s_*{_+H3AZSyl1c70uvJb$@ITYYM0ZCzxWRDv^^TDqiU4}_AHf9
zZ(vaYdaBHSXLR*nGx`P0G?71<wZlu9@_YrFK6oa}KMoFG_|HQ#|M9^guO%doH(3;I
zoN>N@3DGR9aJ~>^5&>ypp)FX{3U6*2SrJ<nF8o(){v!tekpi;25vZQUhw(S6T{2^D
zncnTPxfCF?l>j+{ipMsI+Wg~xoK<P*+rY0rp1geWBKRMe_O;~FqM`F0qA=puiNs45
zz~64JFGav!&!qaRL5Me8bE+pE8s1+KuCM{v8xF>+%R&A-4EDjMal3eYA}N4!JEYMU
zfXxvQIxxS>Jx5=;vYR^h!T^Zbe^$bn%cleMs|0Cs8~d+dN`L)aYD7zchRq9_q%NK<
zMWPW@-X6nb_%=-WVg>sC@kF2o`c5nPbSpZY4S{=E%=o&^pGQ5A83s0qg0xZKe>MuA
z#sTAh79Dukn<U`JUu!_le+FP#xc~e=3kh&_u9a<KC_9JEKYP=%(BjXwzaIV<o@*#u
zq3sU-_&?g1YmM`a(D)A+dGnUs8?^gJ(_;V2KW@ljJBv24ZE^$;&{b)&YqE$zEw?U8
zj~}RzX#t-+y$;>XXBtG4Q`17pw<k2od8b;#nO^90_!|B{4S1Kw<{!=Vh4lr&#Fl`W
zg*Q`wghc{_zCEmUyg%brYPsw1AwXaTu=I$c?=^Ifm?l{(6z#Rq6-sj|!eS?G_(<2Y
z)$#V4iu&U(Lh}H+YT#XoH6KJtJ6Pp;j61Wn5yx^w9`Cqv8Lt7q&V!uKq_iEZa_7ek
zhz^E4p7=nC7>x4d|NqZ}17WMb@)O2fHF2hRHw>e{!%pe6npyX~51pumFkf%Y>`94)
z<D&<t=Vh;;ykgv#{*f7F{Srf5^R9?aDk7ObN)WkxvyJ{DX3Qgc%^`+>=J@B5w!Ps{
zWM}`QmsV<8aR05?v~CpJ0~v?MT1o$`B>U1gCq*+}LRRKSnoq{%bAPj}+Q#KP_El=;
zE9tmS1BJXGd3!&f#`?bM70bC++}p=U<!0x9v{@H8CE}WFQ}#d0&~J6xUTMOBw>x>u
zwp&Qdvn@&Z&vaGBJ?;1;acBDLLEL&EkjwT*L=Rnn6}%QvsW#RB!Jw{X^IBad{_A-9
z^AX@q?6MA6LJ<{z4_OJ-mjR#KB&QbKx0bU6@PY$>;;%u~2~xo@_*L1OOipwzhe3&s
z&*em8oo{b`UBk9^Yj=L6Xg-1}<!$CKUHE(C+acPgCw-cY&(uOsx#m_?!>;orY;nqc
zX}8I#3#(J?e2Q6;t$fe=QfVE|k?kQcy@gl(Z04!4x8dAyOSnST=tpThfpgn!TkdDu
zyCrWsYH$4<|H1ji_sP3oF=aZ<6rZ>4E{uiqo7OT?@*3iXEw5>Ea@Q6?)?f7rb{<&N
z-P9XoFsSivmpgB+Hec3(X%W1LBZY^$5M~yHtr^A5ug4Ip@yj>8t84UR3g14$n0}T!
z%*fIsQgy-AYyRvvmKyeH_q~1+{-W^~JgPaXYUd^wAeGpAR`J`sd6gyUJ;m7~I|7nq
z14obLio&5%pJB#V$&BWjrT2Cd(igss4bsH=OL5ncx?(hyfA|RGvo^dOBQ!JdeWv8z
z@YrEDn!*8g(BMK{Z?qal!~~lNDCrl_Hn7Gf3n3p&>?9I7-P5qMaC%Ai`QV*h^zg>@
z5S^}vXcB=Zko)HVUg4?dLX>taS9~th9nftTZJo_JRUd1(TPUZSHgz6i&&PFHk$*iq
z5{=T#Ev78q^Z7^N(y9AS5TY!>1S6lH$Kp$m0!ETv6Ij0)1vvKxAxS>mA5uSJxs0fB
zs_!zB>ckqSjvB=m=YF&wDOk{&tI%A!_3Rv!*mk+hPk_cmi6j5CmhHit5e`4*whl|i
z6~Ua>^t>3(Imz}PQyj`Jqdye!wiFws%vkY<kfV?9n9v5@#WRc2@+CIrj<imB2?mh^
zHUR6j{RODj8+qLO4R%7wM!;MB+pxzqga`^J^k9<}Kps|TD0((;V89T&B21HVTI!PK
zpa=E&_AX0ZT;_pxF~rQLT|HR;kiNou=BS=&sbyUZL_nQN6N?;^@QG9<EQ<9imeNX>
zI3axuFwZYj+VV{JT}ALzETmZ%4u4~ddvi*y6(7mIrS(4#F{?@|!NXbO(8yD?&l>HC
z8@KKoMht>64wu3(K2NOpi^m_n;6fd2`itM=PP6^uWhaO5$5fm-O2CsmZc$8-yX7%w
zLq0qZa~fqz5RE}<OJiTwdi&wm$957S>cy_`9YrMj;{IW0(Jd)t(Nz+S$Nm{ph`2Q8
zyDd{~0=?RIFPAoLx(`fZN$4bw=dA2Ke4>|kj`4@UF0pfVS6n;Tx08hy;Js;;W!UdY
z5dEdy7}$?jeaj$wqkXcoA9bctVn}%uIgBCQ(SolGFa9v7s+TqubV`qaH_;sq9OthM
z-TjFF$!lnld{X2>zsQfz;o<LPTK_06Xu|ueVTlvy4(+TBR>Fu>XYEF+OqzN3lk(A@
zUOYYMH4iEUUu?tr-xs3xG@?=|HL4>k%IQ;)N7dv~b5`^v4W_~;P{dXxXI6nVo*W{~
zdO)<k91C?nV?MzRLwJ5VsulI9vxBZQ@?%0jM3{7oo~NQ!CaaNJIuq;Ky8L_Ic@+Iv
zj;oxnK$j`MoGO&TX|i#C0GQ}npkiNRembkUpK2@~Z{1@yhy?MabeFyYXX_z7?*TH3
zY`Q(DvrG{LHOBS|IdKAdqRL~-d&u`+AAe~NOb>-xbrqW{er7GlxZ_6%67)_np`}iX
zPkW#QRC`9gJH!P6nF~Cohkm#^2KO%-)l87~8_s82Jofrnh<B}51yzD})zB`~on)o`
z`Zvl%X!?Zrn#jE8r}qgR@SYAt5lxJvS6`YPH^dkDNZoHaYlq=LLNU2~*^KX?c~#>o
zzf-G^j08O+7ixFzl`&};jPyJpS)hd&H+zZHBl_jQr3)vnIm^in7fW7fg)IiV=KIjP
z4Y@Uxb)#iR$|e$f!J?6^6GN{4xWhJ;@D3LqI2evbGAIKt*RvI_a^tx;#@WCI5s0O9
zu<aSF=p#@?9?4>{LSrG3E~7+O1^pie#Txp}A3TOfsV$@IL3Kz}h3sH>HRSkYNHoXz
zYz%!jXz*TjGGftw7RKYuWYSOtwcqrr3P;gR!Y?Gh`Q2_B*cWt#jPl*%4KGaT6*Rl^
z;E?iq*M<Su`rAL)dRLk_0Z=~_L}t?`Fs}ad`bauF?keXUg~uZn7nfz51xbR)g(zrW
zGk@jcc>1$1y?cM9XQNPuqsdQHZ8zH&t4T|Bl7aZgWP7oPp$qOBR=G%m%Pqc_Ph8H=
z#0b3{lY{PhGk_zWc3WNe9vZDs3wn)xn}UEa*xX+;hz$~JGIK3ucvOMy8heq=V}4uv
zo6-*4PI5w@Pl^1AP$-+@!JR#cBWl7!rc3SR_X_hth7toR0cg2{iv)X}M?c~!A)a?=
zmS4FeqMkk){~=v8?tdPCe%F7$7~JHR;poSD@BH(LC>UbD)kx#bgH?sMbvHyn{Dj~h
zMyzstJ!%FCNdbQwx_a!<9sH>1BZe&MVY;6OYDS_(x)ayZ;03DjB<sOPC5g76HCPCw
z{tk`DC~`oq@q0!@%lypc;7*lbHE0fer`o*gv}6<QTO_Og4&Ux_QAnt!=5;XwUcfsS
z;4ru`kgsp&))UZVIUi@VzHMZ0*Ij{qlb7E<{v`Ll@O`neWo~6rYifnfD<G(lQbVZf
zoaa&NFDllHdc2WR3jlIi{M*Ty8FCsHLOd_b<0KY*yY1rDJ`mU&<a#Ej(LQ~?%*CEn
zlkX>nC(b<`cd>tR*G#CWgc4i9HAi>lJ$2$m_RP}Z{xV`XU;Ee6uvo@au_}Mo)hD9Y
ziJ(_5oZ6HYUxbdgEWS0j&Ksp4p97Cw(VbzA#LHOC9wW)Z3w}QCI4#7C*gtW^7M?5R
z#x2Op=_az}ET{XjhOqFGfY94sjV4E(5Km{z!5?ZbbXM65KC&HL|CuoxR-Tn<9&jd=
z5~mr3+&_6?yQKJ@=2r{Wm%&$2O<7cO{(;|mH2xTOz#Z8}Zs46^_KTyt*DbJO7RuJI
zj^p0M4B-_?4wYuD>k+V1_bsl|n}2m)kYOFLhU8ajEy_188eUu}J2?2M!Q;3Dp7%wS
zzxQ<{zcreBYCkQQmT2Wx{$R-4iX+oUGuku!?DFbt>;$^$JO5BoaG~{+-=<@C>Cj`o
z7wU0qLqlx93&Cvb$D%#4{DL=2vF4QN9kP7d2Sm`1U7#Cy?_aTw`iZcfI<Q_NUeAvn
zhb9*x_vH6_cJx5zHGmhClPn2-jHSG+1z9<_((TSwODwbib$9@(N|(W#Yir<G*1t7L
z<G-TO+9e%`dji7ke@Ytmr8*V}eyv!Kco_swu+tjZO@}@DaAgBzl>;)wd2Pb}<2nO|
zZ<pwEZLEoVzwn@T^zvS2{B2>di!3Q1(<iKJf?4nEB|fMiVY{3GWY`ftbz|or3S7q-
z9^laA|LZ9)gRp1qXX|RoH`V&><MzMYeE&O_?#<+l`z!Yp)PMKW>+kKmcs-f^`;2Sd
zKmISUer1p@yxwJbQ@YDSk&oT;+B@!=;OcZNny_<e>O>txo#s&jRd=MN=duB>{@-wP
zeXIRh-Z0NZz}CA?8G*p-ScpMcJf<GibORRHtud=8_MZ;|Fhj&|dKJ}wJg;*lZ5!?S
zvqb8Z@}4itrxLNp1RiHYU>;4a1o_cye|lfv=IC%m&Ib>^tlg8H!Y+SGCdl$cBs|pn
zcWE@K;KJS0nm;jokEA~)eE5Q4Rvz$n;4)qe%gHhE-6z1kV=;1nyQHeh?!S>IqI2cz
zVi5m?o`~CN*Y+1>zcECq?apv&1SEaS+sYSHo>8qooA!5zP7?HyZG>_g-^P~Z#11jg
z(UEc3Z=VnpVp^%_i8lYiMgu!LU{hjfP^)#8^K5b+J=!1_2>>CHj0#*(TLIfSZy5f&
z(w=z7si&c~WSry4-b25~Dz=*CW0SQCO5bVuVq|L7RQHt!zt4WZD!^K~y*Jni>fabu
z3VAM(SMQ;561c8DoY`+<y<s2?LT+=J4@%@=Vdfvg4AigyQp}9m;D?dykspF$0gKs-
ztx9X9G@uq-{rWpNrRAbM!&y-zk|KHKmT}dsT%-9~ak}A<O~4&an+JoIJc~dp1GDp9
zr*A^<7reTxuw^uAIRV*N;qO3EmB&Xs3tQC6%-`GUc2vHvi`j13K2F#i*Q?l^)sXF!
zks5y&B<A6JY3X)L=>5t?GYq6P9rEErO~ULWs6pLHZm>a1)Lv&xFt*IhPn!)Tpu`jY
zUV|IP`_;`ja}9bq6fuhxy%*f`Y%!$f#Qc5p)`TP|WG<{8uAe)kq;QI*J+M_`GWW#$
ztK^4!;wQHDXS*kVO8|z_H`;zwz&31mlNFuSIY90($ssQ>>b4!Rz^L@Tj48<FK`fW>
z7~GDiE1_(@O^=dmg4b~gUq=8c2^)Z44Q7Yei-BEtXHstQnCn1zt~J-3?6oG#1L4s8
zv!SHfmD~@R8PHy9lJP+7&{p_hJ*$i8vMrHx1(y_7Z_CUMH;3lOisrv$(L?5ypG)=2
zE;3*fNKoAd=zf(maH`rQucNN7ls$>Pu?k`oEq8Ev%`0pKBOR9q$^(y$s0F;|v1Jlu
zqXtZ{v*ej%Q|&PD3aI!dwQ$!$9%(8&mzdTSWIxi`jqx|lHtnsKtM|I(&gRy`rwgJq
zYD8*xQMv~2%;_N|+>;6oz-lBi@iO5;=Xoq(=?s}Cd6_RJ3WEdIo(C_*29g-DDXCN5
z`oXRzGAy%hvN?<Big82GKY#gBlUJz8AA^A8Id$H6!Rc;r>Y9E-X;91Q+FqlQX7_p?
z4`4*Z^IN+G>cD`~h912G_`&qx{HHv>?^gSGwM@Pp1<KoV*EoeVbw>*p=(qXZe`K~M
zGIeo<(5d(}>Q<8}`LfI2x>vBgJ{1Id;8XGhs5aHYKin&oA`<OMqjPYMD05u?DH)Y5
z_46$yk9*sPjZrrm$P>z1XRXJ}HX0N{#lMsi@new%`m^Vjg|+rL+}^$c>IG)_VyhG$
zFceTrQ-9D&6GyDnOyRI$>!FbAc8*A}TVvf-?wc)F{a$Ru$?>3e`fb&j&pSrCqll^~
zt`K~^9mFMmP;kOT617jwvV1}*e~6pH`mo8HSh%$zP|kABa#O1i*7GgJx3>cCWUuk*
z=9IMs)KxKO)W0JI@Rx|bfUl$C*QLOK;-5DWi<e`ENgGx3+~odeZBcvPL>-Bpk^N3s
zZ$Cc>-cqx$vYX~}vC6e8e8V&a2ZNJc*G_gub3#1VJdfXw1y#32Y^@yax?c5PA<SF9
z=0IwEuVO@-FbD`j;6qb0Kjb=Ieg42_Ia4Qvjzby>r9VuBuYM}S*>&7YosV}rh5F;u
zK9w&n?|mN2RT3+O=hUCrZPoP1ZuaoF!ltpS++w(bh47PR2@Q>5vB&;G@*~E(uf9sx
z-LnOvhS_-p!Tm2jwtYH9`i2nQmr-B0*d1eEmdv#-)Ddi#3zbS1Qgn)dTma#uPZUqm
zttT*F4D1HBe}b~~Nnk+`+$IKtW(#X;s{I0Yo|?W^9d%&^s@~^<vnL!j$NGbLs9W<i
z&_|^%=Vpt50-Xed^Yw{yo(hS4t{yqYK(*o$^j9>C;{`cRmvPTE<2`0!?hJGk6eFVB
z_kx0gD(*sU*(v_63Q$<><dM_6Qc?-&BOa%<HlxBppaq&t+*9r#5;nVW_!Ne(um9<D
zR_zn;`cMUAa8FytFO)2Ab^CY}D8>Hdn1C#BG{^p%S4~f;Pum^R<1N(4;iNo;xTjQE
z9!N)~?V;WU%ojUR($LUhubB5Ulk7aKuCTe%2xcZ0hC5YyoX}X7ZVFb*i}Z4FM-%f}
zn|PRu8T0T-{v;B&*tIJxnt-#u&IhRS7&YisOgoaj<7%fPE4Qm%!D=S7i8Yvpn8GZo
zvH_WN4B!jyY01zzxY~JJ?L6s<`I)nYZ#WO>B}nBiwlVlMwm*!hYY^UBoBhmhZ4V!S
z?e8ysit&$IX!7TrO8r)T#ItnvjU%E&f)9NlwSjka6`Pdq;;deu$_Bf^^U;PA1c%E2
z*_xQlmM$H3lqFWHRcIc|6$Y!l@AoR2%4|>*Ba*IRZUDAj$0Q6CsuypMc>7t*gRSuq
zNpt&;S5*~v8J*Vjt=&}p0<nwqy#+RAX*kts^t@2FzrPyg9~Iz{18<Hc%q*|txF0OJ
z{8-qG-RU=TqJ?t+H37fzaJ%?1zw))HuAyoR8x?_de0uD*t3MBYGB2*!<^lX#rHzy<
zM%V3F7D2I~o^PGpBHp+IX^mc6-v)EQ^VfUmz$P4@AuXZeZ+P)b?#9zNp2kV6^S*O<
zXBY-+S@%1ugI!mTuINrUzV5>1Ijma(DJ0x4?Btn$&*0$&a%YK%C)KHQKe&qSvoxEh
zbDh>=Fu}=Q<tKM~Kgb>=Z7x}&0Wq>4JP><aSY10k)lheZ$*sFji9gjZ{JxD2JKjHd
z&n_-yd&*=UC#~nf#QZ79wT&%^`~m7o>j=I0GElCJ2f}-4)T}h0)-}=Qu{t%%Bc2{h
z?y$NHO%rjkUi>6O_$X0|mzsBFAVo|_Cgs#Vjax53e3-grs;rgCH<_>Xyfw-VHc-Zf
zG&MZgo)xHi`>g%r6nRGjCeYlCE?bL`%Bo`<37q;s-BJ+{6?*%poW1og#EQw)Z}!@6
zhZ42^h?!OG`qG+LgSa@Yih8&r<l|}4pUL}Zi-|5jj#IGos`=MG)V|=gxxzi*v*3j<
zIIK!@hj~>PF^@zK7bJD6Jzbo?F6k2z5;{wi)8}iuaP<dPqG|Hdspqd#ByM?irHXGn
zt2$a(pS0Ld40l-RO8*%AwK;-XNxdNzhl_#HD3+!-)+IEy3{+hw=%!soda}DS(b(hw
zl!tvW@5kDdiJF(lY|3<8w)BWJ2*#tXZRmmD`N{&HS@ph0#dr3j>tN}z&19l<T;B6K
zR~Bl|SpxcIW4i5`sZP*5R#)n*b$}NZ#S>$NBF<Mpvz8xa-1PypqMjN91UA!S4Jva)
zhSoZ$_RRo?%QM5qmR&*$imyC2d@($r&D{+D$6#OTJ)7f<mtV@+P4t4oNCZXQs{%?*
zW$8pFaSQcneJb1Ric3lo-(7q{9ABFhK3^r1g$ikDYo&lq!dZRa9d+E7$lvW|m$fkV
zGlS=2y_U;Y6NlxFWvU`QpdXQNup)L-p`MR#e<M}tyH_Ja6~gyuYcD#!T?|$2jR=s3
zG{-&?uUb{Wh~u6G?QG%oCk;}7pV9%X!>%moNSI#{i~6e=<Z9UW9Gk2fwS`u&6~zQj
zSHM|c5?-u{)GOX`brsOdH}k7Hjb9*En3FGYw3j&>dsvd8-*CxJED_upW#Dpe8=Z_Z
zQo^m8f=hd>Q0}Bfx!BMuB)-*XdorT4=m${yREArmnvmOouA=Phi5%mbchH*@OIwEd
zWA6#LUdTFirhO=c@zCiqnm1+8Sz?qjKT3zbN&?@~?fdK(*G?D|HP9!@Yj25{aB4ai
z*Fg7|(Zd)fOH5FtxKK0e<Tc|<4{6LfNb3NL5pZ9*Z*=0yG1!;Y_u~{sUcy~L`@Rbe
z-yO{NQW^v`o<|xBe_ZV*Jr@QL%p16Tkx4Kf@K^d|uz{Svb5B}IuXo#DN@Q{fzwofX
zsg#}~HpLjcm5M2b>wST2(;U~-NqVoD?d(p^nV&D;*+P!vbLlvz@p9jsRh~65gh$tV
z5J7}V5h!tahA$*EDNV|-f`aV?-o?kqMZk9Qi%XZ>&sv6*_8O%XWDmu)DbA=0%@5s9
zl5Bx;VS}7Ifo#@+9Fhg!vb|B+SI1jXy82atX9p(E4)@RuS72RgmD^o`A#<1CP8LM%
z3j>54brDdv5E8Zz+nnAHy?suVKz3~}F{M7J&VN23%hz&hS(OwGrJwf+lOjjEJSQj6
z*C-UzM)(?c#qpSGhEK;5aicxFvjdH5!KDziGl5vQH$xEzO%tQ&7E&OfP<J)?Q=)7I
z>!%Okwhj)(3f3t|r{s;sD#K=os9S!9=drHF@}3`!a6NZTBl}S=-eaTZS5%aG3o|u!
znEC_g1X1f#J9RA))XO5Vnm7l`b#4y%cu1t=)^qBBz(75bym5f??Z$T2FVusJ+&ybV
z`7&QzA(g8grh7{0q`JRSYI|<uf}QA{x6c|3N=YBPZg+@Gs5kc~DaAGvVswA?Snx*7
zUg<R=yV`j!w|+0OphavP9KcxYbWd0Cv4N&zB|38YA?^n=1j6o3fDOO(+&myFORxC%
z6QI991J_x9pzf(4%n6kus;-=;K4*8J@vPG3)u+0O+v!40ZDDvEX3l<cal7_#y?f6v
zeg%B`1XNCWG*shc*|-94e)qIru)u%h2QU48x&H^e90>{J+G&hFT5lY^oeK{yDNicW
zcUx6CU$Zu|geNGZ5lycywmaz-g{W(5%@%eGZV0R7Qd@~l@|w?i5pdo&I$m`gQ!~!S
zI_r$s`mY0L#Y*RyY>r#%oQEgdq+(Tyoha?d*VytjM-&u1hlH>7fBydV>udd#W|0sV
z{H;jC*Cww`E|Q3>=w`ee_K+N*Q><o5n*2?GF^&U8bDz0#JeBn=-aCd&h?+mwKQxw3
zS-Y}2&70l09TGxIR|#TYVZipd*TwjN`1gMU?|ZA0Jtf~vIIH89^&`E64V(Kh1<7al
zuGu56ggI7oW3q_HvIQ!D9MUu{O!l|c`u>#J8>2k=*iP|NHi{S7pBHw%(BQw{UuaEh
zAy1`Dx#*R9)e}?rVv&3_h8>2DVdOVa2c^AnP@Ax*srxn99~>ThWe#g->n7iw^AQ+8
z^@n0MkDbF@;jleUXLCHD(tIgUX}))igh;($^GL7ILOEN0tuj@OYl|t{+X5(myB?M|
zlsB;?LH?_$FQLEt>*f3@lQGA~(4Y5j3a4`m0!q)iWR$Vm>-4<Z&k~J~Z4tC*KUeQF
zY9|Qv)qBeyNqMKrPF!zc9@BNFw)k+v<7IUA)(_jCbGGK@=F7G&w5ehqt3>W-Gc(D>
zcsSs62t5srO{ccfr*KY0M}dwK7;b>W{<f`VCmG$Z&%QB@`PFv2BIGmhQmLrMz|5Q<
z?jb0jT5sBLil$k2(pDDotlT29-In|LOtoD%ZE1+01d_26d<fn8QS5`Lk&O}zR@&Gn
z$Ba=_bWO<j2Quh)@TW=i7YI?aI}Z+lZXY(*XUAg4jIhP3`4iRZhEs)%7kvmq!9pF%
z5RAu0Eo)j6oz1l_Y-|#m_=Sa$oHlWOIXPRV2wt?H%by@8eV*WZl*BKhkT`dEY(f`S
zR~NU$(Ch2P>XZGQV7vRJR%gh!*M;oiP$n)Q?$NVvb~}Gc-U}gQUkF|6H~%WpgKIhB
z+>g|NJ@RyxwW*&AKO-E&AZCl?Z{FY~9hix71a(|d6pL@1e1}FqU)XH=?Vraum@4LV
zxb4r!KRPC_0=IWnj(i^zsORL`KgEyDU90chu#U4EHbYXw7Vs7OHQhrGv>D<WmiKb+
zEGs7*i<b3eg*47|7oCEeGrmc2hNvrx<+>{$FoYWL`~E&tdjt)k!4sx>Pg-d^SLp#Y
zs~*0RIi;RuJg8}d5vK*-LdU#?bKB2J5tck4JRc#9LS7=^dr}8q+vV=_+)XtX8+1=C
zsc+nFF2(MpdlvabxMPI^BP@iCF4g@kBu$ncMBfO*ZpuoQtr5Dr`1+8uo5v0ldR2+o
zDQ%9B6{ORn$7^6aP93XxxU!p82SzeJ{`f}zBI)V^dImk4@HaJ${g$wY(;i1^@YWNf
zts=^revmp>PLHD{BRWKJ7kU?<CQG;v-!&$P5}#?se2+|q!|F{KWuArm#s7GO5H}Yw
z7x6(?ToX;$TNeu*=hQA*7jK#!o#pK~O+&f>+y<}`Kokh?e!E}@q{agOJ_LJyTUX1}
zxO<0#T$MXF8Hl?vKNT8x%wN{Tp6t~>0V-8XsQEZuU9h`72VWeEdXm;A*1C!xQB5a8
zD-|^8U6X(=hxGLK<JSfor^%jvePR-xDwBgev`Vs`P)wz{7^*w{VqoZJ+2m)UKQuN|
zZn-&DJWy^oTcA@sUv59&dZ;|9`~79T`(lI%Wr{vT;GnMV(yW1Eo4EG0D$nTV#2fH5
zH{aqzE8=xpT!xzW#N?VCCG2k}7-TKncUWlpW-|Etd8!zDWc%dh?#bz{_#oN-oz34#
zr3g)rYFFEPER~SDlp8;;HKY%m*Te`&AsbXgxylZreV3&9Gh-fHukiLWoq_$LomsD+
zlcQ9hLEs+ZC)()6F^r#uot7R?<Xk&6s{Ta_fZyJos`24ZkBGxvU%Po<?H&*X@NI8T
z-94&3oRWRQ81|2xk1NygJ>c2fq^(5bg*#tGPmkT8^dim$d+@r?>?)bs!$r+N<?sVJ
z3W?R0B%=6$u(n&+N=g%QCqIGiK;}hPy+K8~CLSPToKJuei|5IQVch2M%0`q-y--Yj
zOEObXMR~;<osMo;cG@7w2f+<;_r#yBOzGcfA`pd0SpnUpT;k%H3|D(18&@wr!Cm(k
zet#Nd4K^rJTjWG#HZfX{GtbvW;Lw+(Q_+BYO|qgIOgTP+KE;2`lnne?*_qZdTSrnD
z!*To5ecDM^LA-n&w^C@}YO$>j55gN8@P;f-cgO*olAKDy^6pLdgk2QEX^N45rUriW
zswt_Zm&~33-C?yS@HXViaBIBGk>21#0Hz8_^ga<a2O7Pm;qnIM)mI;mhi{p8`ZQ09
zZL~sEgi*#;-$LQB*Kw9bCf1pS3(y|QXLql$5ry<!-<p^xDx&90g}U1<*BB;^2>h^p
zO>utJwI}OKAij56KM$8+-ixm{IgH%fHD60fa5J0pN9gR?H#CxQgs9=?(O?PM+D*@t
z`wyguxNXkdW&NJ;+3Y!$5Z~TVy%gN=D*ZTcoFD*el{&^=na<9&aq7y<Z9OH+EpkrS
z(6wf2)hrHUy!ZqEel$u62|AaW*>$Yz+`&IDT&;`Uqe^aYIT@eQ8M2lxB5IIn8cYH2
zUOK_toV59?tn7Z%2n<e(S;M(<WyLqq2aUx)9dq5!-zl#gomNzKRBRU}gQ2xj4#<)U
z>AJfvPEBDG_A<r>c6#m?!u0m6u!P2zlt1}cXZ+GptD5f5=#A3z-PXgaoS*i!HhC&k
zx3QhAG7B7xHgk!IyQa-?m<Hbi-sor5`(Dt#){ZOZCSj{DHYzo(^EijCqAJM6IFb2h
zqkYO;+9ekAzx_fG^t+89LaZE`<kBjPBghQmaN*ctb>Uked5YnA+bRh;679HjqId3y
z?zZ}!e8Ot<wWws!;l$kM<dyFn2YZbWfLpM4!-528fI!fC&t!BsJ4>N+A9Y4WD<l0N
z1cy2^hN3OhD2==_$aYpco48!C!n%qFjrFNf%T)iOiVBy1;hNp-Q-uJ9><DUm@P$#M
z=WcZ!G%eW0XlnwzhfXWM1Ks<Cw@fLxEC1@DIk$ntD^m+wyHVB@60w!V)``Yo!QFSx
zp6AoyryTBV>IPjiAeFG&Iv^kL1A}NiY;`vWC2StWz3F57X<1U5aEdpa`Xb=mHzq9w
zS)eAKM!tdQpUf+RX;wPn?Xf?(rpptqdN&>^|9pGm>sTi>^1Y;A5oIhg75^mbTd@~~
zzVgD+2F$4aW0v(^TCu#xv$Ofo+1Zpp8@bk@4E~Ytv$uc$ia@P)vB!&4bT`Y7GTP6P
zrkDt6T}+g&_8BPJe%So&gcnhTLCo?oVdy7S3}+mRMzRK=A-}4_U@d_694B$;-x55k
z8g`6k);Br4xF${^=B{?$D+;uKb@Y&n#3vA3Yef(d5_)rU8RO(exqrTpP|I8EqvyE`
z#C6KgkgtK(Lq-T@Y{oa4n#Z(xl2LS@N|Oz6ON?J2+6y0iS4vAaJ-WZJxvAM@#xEVU
zTRp>ye|CXIdUp!1HKa(`hvnWa3@Oi$6fA~WuM0;B8^Rc#v}2giiwrPob&F@r&lWmh
z3-%s-`n2OuZyHPxs@|^mcjUs3xPX0FC|qEx2x6!E5h@;(=KCvFP{BF(t?71F>xSXx
z7;DH=SQ+V>Zp|S>hCRq)cxeKbqYX64@gQj<z)ky@NeslNpbys-Kq^2dmGxm-YUoLj
zM$xV85clR#BI{_qN2l3o8O><&*$-6nVz<od@%OJznFQ$f{W>CWdE`j3iJ3!*dL3z<
z_aG0CyhjC9yoC5d0G*Q)e$G><6O1#JzZ4lF8K}<P$VUax@CmP8(R3vVzR00aeC%;J
zUNRT?*!MC!eG3ohA~78JvGM%eHSi+}xn&BE?pG23m4wHC7POr!_ZYq9d$x$3x*;~|
zk&OXWtW2>%t(_JqcnGXc#bBFF4iu*t;SO`W$RjQIYPu2<Ev|SXG=+ixTS#?T8PAXo
z9*<pwfb1e_dBouEYX^N8?|=8I@o0!YRH>0)efsSY0_?uL7!e}4AP>9tb3eo=s0b)b
zkq%S}L6^35n9{`yj><<yUptg__R|S^p(zR-j9;;4rp*qzf}mGiV__O>`YG<Qmn^Yy
zn)=4VlVSiM4qup0n*hlP3eL{R$1&8&xyJn;W$zu;#P-E~C!vY--is(jKtKcmsVa&T
z0Y!SX(0lI?L_t(QrAcpsAXR!Nh=BB7Lz4~xLJI*x$TLCjeeUo1<6Z0BpS55Kn3*|q
z=FB<!?7hF!vfQ$hofHi<hYM5t_jZ6Ja<zWBONXTst#Z)S?sU=MF?Qk=md{_mD*71u
z8}cg>A6u;^o7Oa0Hm^_s7?wU?iu#z0yfavIuR5rjUIgcJ+(E{d!A+z}F?P2oe9EWg
zm}r$LC7;Bf9WCv|MI@;*&OXD<_u@_3CBKyzC9xJzw7Ejiu?3gO>Mec6Ia_L)kBWnH
zhuKL$KyKkbm6IOnXu7Q&7=TGyDLK9o64J4=GZKdo5{HeEFqOZ1x8=c1f73=gs(Q+I
zVSW8G*N-1PD=WvX`c<UCm1O2~r`Qh9_Q}br-t;QWyGtKL!%b@+?-N-N6E|YcF7Cf&
z;8hP3Rqn|-19u>uwrAz{GZiZdie0y+x)WSlJr>&wVqLCmt_^lYx6ZM1rDcnaNR5^>
zFY;dDdBl^z^<%F3<>#O8*Tq(~I@0O#6P^HiMMGKl2DxIS?^FPFX&t)mAZOLpQg93+
z=0PrPqLM$OI0E0#h~*hvhySR#YB3M{_D-jo1h#%Rx8kTAkh-_>P`yaS)%1YHhZIn=
zUO~x`yy%WU$cGzi4SeE9E>(N-fIM+_ir0)8)f2z)$@$FR;LZ@aqRHOfo<CC$ue8<q
zaT!p=;hec1{ZIn$cAh`3#J_okg0RBa0uvd`J0Jh2z(E!A=K?%}NnR;3qoJ?K;Ax%P
z1g3R8>8{0WKK_bkSU;gJ57~lMC8P`*>-L9D$XZp3ncGMTo?P{xtTE(%-kw%eJs#qF
z!`R>2Uq|}WPDzkRa9&R$U3jfR==bLcA}eWf-EZ#;{G^5OYGOBB6zH#h8oTBt!Yo&F
zk|}{|85{G98>Pc9X7)+cFWr9W6)uG(RE=qmLY$HvY@23!cBv0kB7S799=1Ti&0m|3
zgbtAAlPM=1J3%jASJ>7ALK3u^sjNxW7XWt|;@+gt?T)DZw<(h(QqBs7OXf^NIq#bJ
zlNbt(M)RMDFqM{xzfQEmx;NkQIC8Qry9BuU8-7-i0b<Dm>n6fAZp*hdo8Qg<rjf5V
z)ysR#yBh1$41<Dor@l7X+s>6fZTX<A4`_brm~!!j9PPq$CwySyZOSEP%kH@v1gWz9
z&E8%-rw7AbG6}bo(iIp~B`NPm70yUt+4BrsD~2;;b`J89V;NI_*7g0Z8MjCIa#_f|
zkqT@`^Zj(pzBP@G>*=9!cm5>nU3gVFGBt_<SWc!cDpHBRc<@=ejs;k^#tQ3q?$GcE
zo?%L2E;Kz1NItq5G6581c+>cM22JOnTFTqPm?3O=l?>Rsh3mw<^21}08|AXSINed(
zUyq4!qMPBXqd4L?l-=}Z?($1Oi6AICJ9xPg0@yc6C+JG~K{qQV0XG|4=~YXeu3Y+q
z<^kLt92qquJpf@8DLb7sU#UjwQ#Z-lB$I0$osIJ7!)bWSjR<Sn{wpq@TiJtzR5l-e
zmudrK%Mg5p$)zIfGcF#jgA}EsK?PVn|D)rTeyQLyhz_)l&+Xw-606T4j;`NOzS7Tb
znX_qUY#i|pB6{)Y%gaLwxYTA9H6MRcij4+Cjr7^Vk^9+)y1<RYbt8~xzJ2k9r@$zX
z<gOHDC}XwE389qau)B3)beOQETt!z~6>98Ny}3R7^xZgP397qgv~9FaQgS}DA7@&k
zJUF++0E9-LOMU(8pvN&9J2(~<{xH{KOXb^3yq?^vlbM-+JCs8mHn)l7S|E(;jT7Pz
zyy*YXAFbd664GeKZ9B4=G1KmbA1$PN*wB2$Rs3;)5?9)<ntsTj0VVz-hB?GTsIOmd
zF=xDKQY-$=clXVuqk;yUG%!gohnv4DE%jZIx{P*@tj>Kemb}_qp#3|2pO_>Zs8UOm
zAUfBNV55M_2UiC+`W>4BUQ<8RUcy7>>kL0|=zj5KSiCnpLEvLhtcsMhr`;M^v{b=G
z?E0$a<5@w62MHoAX=@ZMaDQQ5-)17RsTVzGxzwVIa72GB%l*OTiL-Ngm?s4D;`xB6
zbY(79L)v|%q`E|hf3BEtIYTowpqEa$u#oXA=>jxKgTmY^4Df${T%`f!zY(Ahxbfud
zj?-<x+n?MK=$_hpY9rJ4iFXUVv_m{kQfEBY5fQWd@~#7*JiNG+#efr?BI3g?S_YL6
zQ(SzaB|!^_$y3ipDi&M29F1EKH`}dlY*hU4BK_kPZ=OZnfxcxZr$dh=^EF69w6P~d
zdb~YUC<K#><^&^DF}PBXz{TBt>N$KzYmUj;)vGGndYJJPYmGW7VBuF!=nH@i6RRck
zy<c^opDC%9x|g1=dJ?;?ldDCV9OI~2CBqUcXS8S2nQal+bMhH=oq1DnBDhrXg>1~0
zM%4}Nq@mcLf=1M3gvwYn_q{#(PMs^^rpI2(@HncsK1{nJ3lySv&B7YULlzaeaK}ge
zJAo)<L9jVT{H&p$^*V=(&HBJlChy2$-qs^H!H=%6I0_-M-sck0gL1?^{=NXW%N#qa
zc;UpFp((^N6fgB_&6fS*$iz>q4tm$fsyk*lz5Uq_jHjJlo7;BYVMMo^YY3=(VCL_C
zYG*x-2;*h_aiw21Ek^EA;MarHA@7&WTF>Mnc9-^3=YoaK{n~vW1n+&Lx82I@9OP3m
z?s#nr9)|FFgj{+TCd>*aWly^$=eZMFu{ac^9!%|ITI2cqzNtW3u1^wD>ZLP~Us$rI
z)EtIo^^zwujrNcqs=oR~^)uhoI)&23=_q&O+&g7;og2A@7cx2S$i8BHg?)X<G-ZnG
z1u^&CPba7OD4>BaooD&>t<+_i^Q~kcc_uz(snfLn$DRGGdu<6V+{3Vt4kINgz*%5G
z(y+7lwuw47*}6wSf@>&oILE!j$-|C@Cc>erYRtFjemD~?GspcUHhqEnnar=B!BUgF
zfsjp7K*-|TU_LQn7!knjBqLk9oO~kQ{e&KKaiH|m@UBM34UT@;m&}+jP1cJA_Ql1u
zb$qX8$m*HAsO;j446CdRAKa2!pZ?<B;*>ZeUT-P3a{PJqd0J~yhdpPBFZoRZ2jU5G
zXu#rLWVaOMr(`@Z`hEZ^znrbODt)8R;*MPvSBEW5UavFdnuFSJr0ouPnZi9C$3p_`
zFe8WgAr3FdM4`uuwKHz@%U+@1!#g-R{h7ONUWI>gpvx|4$5{5HUH6Y)|Iqa4<UR|@
zkJGw+L|-B3q0Jrp3{^DW44geIk;TgDvkAlbnl6Tcu=zp|jRZ@Vs6cZ@m&Y4_@$Jr|
z=NSuGZ{OKTw-(x$7e6G0at6ttPB9TSn`47e6uvij?_U(nAmpui?t#3goFx(?lQMXF
zX@6~FELSu6*6H<^Ks7vm?9KIRt=S^{t$GkUFW2cC4@h7-ZjI-;3Ic&rZvy14dXsez
zh5~;X$s$k+q}=76xomCxK=#_w{*<SMXSDD7eA~KdJ)c>~-nFu-NS%{mv=Gmu{x=zw
zuEicuK{kJ?v_{rXaazst9n9G}EXXHCI+dEEFJ%f=3)9M3?_(kl*|yMUTVMY_6wDNl
zN`V}-_y2Fg<+(CV!r*!qWh6d<$@cAedA+}JYsYe9eI~N*TN)GgQvfgVMLkx+Z{Tz5
zKH>z=GaYqw4E~dLcID-MqfJn8_3y)nxQ>?cR(+A{cwcp-S@EGFqd4bgu&2P%0il4i
z2ha03N0Tbo$@X}BjNIjOZKoUm$xqy)>~A3b%9l#H$~7H$vQc>+ujUo77a5@t*>X*N
zv(}XgFY@*`+zdz}YY_~%a-ODle(IO{l9Y3FJi_kzQoe8Sp9XU2_9QQoiI-fLf>MNP
zO8QH1nyA(Hz5PA|h~DK-1LokMaEj{R<NW2%y^o@DZmu{QS|EEVy!G{3a+Sl-8W1ok
z<GDOCSABLKUf5Rn)^M3)|M%9aVSjlVR!?yyHbuwn{v4GvE-)Xd&Tx2o(s$P|x$I_}
zVivZC=7x$!s_lVy$b%6e(d*wNDts8)9wmImOK1zJ6c&-+#otS!)fmVT`uJ|o7m?+y
zG`wm+6LCVxEb@0U%gLAxP0<GBJZ0wuptBR<FsWm$mAdlL@>mb31?Fsq+c^w0IjQkL
zKw5REwB+-sj)1ZrD>|pGa4u=r`JW2=^)d>TT<KG1hh1<X=l<iJLjnXv;W!-J&dKiY
za&+0}`%&8h6Ds5m{j)X2YQ;yZ%Bjz_nw$1r#@CC7Q#*lTjksFu0OD>5l{7d;M@v)w
zkcPd{=U{;-IyhZL8OV|wdCsBW_D>cN{vP<MP>n03DVl}*jviLkm`<JF1C~l(Y^D9&
z-R$%!E`(v%n#8l%HzWfzC7nXNC9y+@Ryb}66N7y7G5&By#H)V78WCRIAH%B^ACT+q
z9$=@aP#Jhqu|90&u=9Hh)4L_*?E=jSOfL?sqdeVeg<B`4TLx8qHlOqT<#h|bZo;KK
zL7n+kU#sK{AHuvRb6zLszww>=X#_ctf|XDs5(Jl>0~y6LhF|G6QZ@3fO_s(3fIPsn
zS8OtziUEP(0Flq_wQ*rznrxk|IDk08W0L^D?%X*G#9)07S7p|Tj^<mNC$#pz^%hjE
zzwnj(1~he$@kCWAmZP=*ZU>bOwb~l|9mP$liD?gNi45>VlEC`ar;fj-J``R0y?R@j
zJQJT22&jepvqHo74eOZWNXt^IrLN6pxRTI*q48HYg3MP>Z{lNRbG6+K$lb~FsKsxg
zG9|>G&Tb~C2jeT00NQ^X=MUy(DVzWMEPq6I4P4fWSjfrTnJ;@+P~ZAR$9TFi8ee{u
z=d~#Kl~MwRY&$LW;@x4&EvcVu3r{o-<nBGoZpFv5&JE(LTK>(^Y)Hrse|`skg_@Oq
z!&%`4UI?kAqwSDM?Wi!^pz?YAJ1#&o?c=Y}EKB5Q_G)YPQ_Y8udBaKbrABKxL4?%r
zo4Ay-=-nmuDcx_ZHTey0xX)a|7X6U<W)(KHk6?Fn?*f_~xb#csX<&Z`qmStPZ3B7Z
z7Sw#>g#TK%IX;5)nVh?*JC!?~L0Z6ZJ|daBFG;#QrbrxUfa}D<iKi}|PNhO01yy(9
z+8uU#ThFWK@4?4gTGr3g4i<t6S9J*>+|F;o^@oL_0s95?jye~TmbTMuk7Uk834e8*
zXY^n@E>QjrfnCxf9%KIOWTYZsn7#BK#c|2PA67TOfFB93_Z`F!7l~?yw{(YZu3_0G
z8mfFPy#cjKo_4$Indr#D)r?i=Y?U6@P;yJZ<*6;==8@^DE`OeeDe3{qrFfv2_!3f%
zV*@TE03sGOu3Xro$@>(nHskJ8>H<qDfcq&Ods4`rX3!V`qg|8g&HE%D`ZfOc;s$-;
zW&<=W>XomidwK5x34d@$+2|pxy@!n}P?2)TN!45QKC8?2+BBT+-Jg7;0!6bTv>VBL
zPKB<;ipwt&(=7Er-Wz!4y>B@K21Gfvmk=MDY>V~pdH?9Gj3#a@B$jQ^qfbsHc{_n#
z8@Ctv+0RnM-<vs`ce+j+ro`8w{5o3;YT%kB|Gl4Jn>6KN)$;r8*AGS(=496F@@^dA
zs7FLA_~hII);T^iM6EVHLfljR+~n9X4^#;-Za<c)_7tl@iiLla%tRyG%Je@+=XwFM
zkr9ydyN?AF9D^R=%b(NuMhBGaa}?a74hRe&2+W1`1<5iApHj3_F|St0(5DsqvYrUn
z4PLz_LSOR%cPGSqod4UWJi9Ex`P0ySsy;>L)W=KB>w$CWu2DZ_SXVF9kl<lX9m=wZ
ze@S{VG90L#@^zD)Ye+-AT*~}55Lz8Dqha|l@S%F9&19DZBx-L3bsVY^<c(?RL}2_J
zQ$fuoQ~GutR?@3ATNtvYoiFSA>!R^@ZH5MDo@$-9fJI}wVAN>9o0zd|#~z^%u8)b+
z4-zjWc-AJiskbB<h4$Vn5A8OqKDd5^paA;rTrCrbn8#20P+XU#|30}NgXcF_9FQl>
zUGGJQ^LVwx#48*qH8R2mCugn16E*mT>k;8!I2X#-c<6VpmSz3|0?^-{N;M)e?vF95
zTbSzbu|=b3dn~?Q{gS#%^YVB3psNCRcv)j#@=yqJ*zDkv53-AaUuJ#ohEX|Rlk!E(
zWk*ut>n41>4TQWVy`lLx;`PrY6!@xq2_G6A!Q9gFZ;Ca8sz2XWVg>)SxmWNc){?r~
zZu*;R!ON?Sc<@RsaGoZ`bl$-D1H;E}esi?ShDjOJ8Uf&6aOZZ#4j(iBPsQJ?6vW+P
zs#*oYiyWdJ4Fj$dk}t+TnBK+b4qF_bZ9b}1S>}v;I)Q8r;ySGVQw16Llq|mUjN(6@
za^MpFF<R7lRZ^Cg+kf+YAHC{)0kmGJ|M2$1dMU$rZ;zQlPZfRO!9T6O7obRKem$UV
zharBslY`Iu^K{Gkfb{HD<&AM*Dn#dXW#*%Y%40xcubDyOs?88?svZeVI#HyYN5bP{
z;~DecICQ;vqW1#XC`DD~SJ?9_^mJ4A{;#x7zU;#H@83I!t3R2-oSn@}#}@Rk&6WiB
zxi_uKDy&Ys>+~O|Af<`~KD+>!P@WxJ66w3t_uJ8S{-_(MI+WKf%gU3L9v%(DN&M)c
zFv)uP?;Uxwmf*W`(6gRMSK49~+Dpu4VVGkX7q1JUJ>ffexF&>LTeCNPT>FLAfx_X!
z9CcG}N<((1X`z0heviSt4|Wkn<r(iSp{%S(MaO<7k<t?K-%pk`IJMXfZ3`i$V3Tkd
zpcdHDp31Bsa9L=NVB>dMD&#6+0w8githSts4}|Thbqif9A!NTOPwyu{|I6<qiU;x9
zz<h%j^~n$15ydX+wt1oS+2mVGp?ENx<IO3D3UC(dJ;}FrvF<7N*53^=<*W*86{ncU
z)QXq-?QL`x@UOD3KEdd0X;qRmVDUh=w&63?^#thEx%A-RCIj;a^B0V`DimzwsjGM$
z)F&9Z9VSEGL>5CQ-+Ud`@+Q1uXp8w&yc)#OUo2NIo=3FvtpA;SKLp&oAGBKinjrb^
z&G5nk3b~$u&%VJ~28!FN(=pZ6A^ZCM=JM{eHCJn|l2Q;*3QLz-L^m0TR{GlQ$AaeP
zw?eD29U#O>F#<6|D!t;~vpS&1UH-%>|9!ZUNAp^cbL?F2D;EQf8rkLT*wP}U`5Krj
zn5pfIv)S)-<2Mdkq*BGX>nPIh?cFtV^(kDzy)o`n+^2d7Ci_t37)20Zd{SkCqH@_@
zul@SftGkI)f2(-PbPD8P@cn7q1{ti6S2n?c6WoxrZ>RZlINe>8j%L|9fbi@q4J{kJ
zOeg_<#QbA}{qae007UFkvQA#p<Tj<{Eq%nYA%4*t^54)8Gz@+@Jzn_oQ#ArQ6;z3}
z!+=#d@Nf@^08mbpRG8Z~e=?X04#Sb-Sd=V003_y1XP(x#dMWwl?5QosK`{_C(KeY|
z)Mfkp_fK#D!Se?@!>wAu6&3LxKDb(}g=CV1K`Oh(1dR)XEz0^{q;}r2SU8Q?=kFt#
z6$z|A*m^wgxL6%IcaxFsl8CICSHtE7<^o+4lYNGa8&`9?LN7s$64iOVo^)gVI12!|
zZ$P+j+^J-S3<dqvt9DZe#a?RitQN?}DYck;8Hl4G*`{h#Jm`DGee?Rw>np;gnTKIh
z_R~<<Zpb2m2;`nVz3C%|Yuxez@&YKZ)kfb)>I=dvL;$(qO7F2*Llq{U;$4$P+ou+1
zO~)833X%$Md*oOU(a6O@hBa<*kAD(c*p;BP(bm8G(AahQH4E7dD{~@Y$7_y7pP&~@
zgc^!X$PDP}_&ko?=H1?PUlS1~78kWL>q#NeD3NR&J9?q?JMsq`5l6;1EnO~nC#;i=
z-<e&KhE9}FMIzc}JDBvydly+Y%#^pH)BAOW9#)g%+MN{z^FXg}JEcPN5Rb;qB|o66
zp>Ng>=c_G1Ad5;><=aojADx_u2$=sSr~EUXo_}qAFE$)9sGXg8|1P+E%Br&0jv#ED
zqJ+(iMDI({1LKdx(`q$wE<#{|f=7DUg<%s4g7N?y0`jE?upxqw^{2zFx#3{7d$Df?
z7&>Lr#Gc>TY@2xZoeBIkQj;z9CWJ%omXF8I(b;~!@3)owq_006H)AIFziUCIw*VYL
z{@<DWL#kiTGWr=`&~7O7G29i;uqXr|_uv@tR2m0E$9IxdcL!mM;cc6CS`cz8Iiza<
zAyni+``+}TOWL+vW1DHl>C~RRP<4>G0h!P9vv#=+Mwhaq&IOf+&@h`fR$6nsv@d!H
zh~ZRKT)t!<dSZKGC5SkSf-BB$6LDjop0s+XXKYPX*~=m!V)S>xu!W4a+v;2vYjv3j
zzXXzJMjaJVS0Q<$+69j?u4g!8I%JA-XwMYX>G#q}AD=GmLlc#B8gu=M^uS|+V}hek
zz!G;ZgKXdhjwO97uwB?<h)NVl%~j2{D-3#{AyV))Ika6bvdE~1rhoV-VmBshKV&@B
z+&d`l0ypD#sC4MhjKk2WXqyY4DXz0UyKdxwu9;YTM#TxT9!oRyFO#<@vMn;iPL$Lk
zBHk>W5A<)5bZnpJmHzKNJs2ic*J+qN_FF}y!hoVqn(uFcHA<5#BwH@R6gFF%Qf|ly
zj~L}uYLf{J=WBcwPlaYHs02oxfLiA$gJn;zxwwsW8uD95po|q9k1LjSEDVyLI)+t(
zw?%83=g%M(xrZ8CiBquPDV#0tD@BG(Qnv55>sPj1fE8h?4eF6gc?4pb?kOwM59e!+
zUH2DPpbHXhwr_`_KXP9`Buid#`0A;R$QZjF@Bm8vfPz<w{&1ndR&yXFLvs7Z^6jMC
zuaTgLFo4K5x5it3o(I(gpV|RtpZRvh$6o6sY9kEYe04%}ne4tDJK?7&K8}YEVmJ~8
z%r7DCj3uS7Yc1xs_ug5ZMa6t3z7nO$&VeMNPtvw|xnkX?f`}c<|KSZP=drq{plNX=
zrWto9J<@nFzWrLS`@(yAW#wQp1qg2V%?)Xnh>Q5iL6+jHCxUTmIncY8!|zi@{>0X$
zdCDXFx@2!<H7D-`vcvrx5Z{a1u)&OH<vZ!G_oAYJ7h_N^35shZSewgd<6vYxpRTl_
zV~?}jAGE*GS0Gyg)KEC|nu6Ophuq-pi<Q=aym5OAKugCh*rxxsgr2H~-AiWEjoC&q
z2OE2+1I>1fu9Bb9V|R8Ou6#ItlZZ1tDBxt*HY41d3duPO1A=amJq-k}q9{2yZn3@z
zU_X}L`#z!h+3=G8@iE1!RLb0k{RT>M8L=f8b;fv;8OCpmpf1dVVx1LYaAX7kx$cDL
zmpe~e^{q<8NHN_Zs4kPu2%MNBu5KwusENGQh<GJ$A=zVRP<xw8aso<0+nj=>r@G4d
zteBu-$Nx84nA&IZ%o4MDxoz>sC%UV>I!XLoMC2IOL&<yrPNw)8YJ=43Tjtx`F7252
z-WFus_C8}f!YbGMZaDT;$goft)Ed;rvR#NZdF&RUdw1S!r*R&>flL^Y=0B_sK07-O
z@`H&FTjuV=10?#03doizAzw$d^3#vf4brM49Bqvr%|C;+LEXn^O~dy>m6Q+0=V=*&
zS&91o=cy<sy&)yN<uSEhK_^i2ZT{QK0=F?bD;t5JtfPnpeyDrYDto^SWEA~mPA8CR
zegO~2=9Mh~_*;RlenBzuN&lu|IZgxQ`sOaXMfx)Uh;Uuq+D29ZY;4Nd-nr-+pIAlV
zbeUUs7qmq=G=i9}ZMXil2iZC!q~}4}N4d)^1ESgH_nXPJYweed<LV)Llz2c+3w%zH
zt&>W`crjP0u5ZDfo~4ENyP0cV)gbZ$7QGvV#3R!>?pnR_P%WMGT!n`rL2KbbioZ|3
zrRd5OJlhw!{lY<=dslTK=BGr4$+(-T5G4`oh@EzUtLMB-+TuFX$)o5e(ZW6;W)Gi%
z-!#vm%NM&D7&jqbvU9S_ryy#aYMfnY5R(*B^>t8eyuh_bb(Hk(LMwU=yrqb<VvO-f
z2(}VEeuyBExM}Aw!o%`LB1$6a0+=r<P1^4XGxsDOg3pRKg7qLu-D~lKThRpH7@i2_
z5rbyfyqqWc*+2VRY=^M8Duwxn`TN~d8h$eTr28T>^G&gyHr@C2_PfPxm}$a*>40gy
z3PL`!L?6ovkq@JC1-@3~7XGb=_qVE%@ws_=7ku_kJNG;6gRp4e#ik$gAm>Lt(E<Na
zb?*n%-7x~~m$b2<en<6s;Vm9y-udiw&Hup_+6d)O<)<|W*YU;Tl+KU`X)gj56Y7LL
z4L5!yvIBp$hFoTFDGzGk5c{>Rj1Vw~J*|1lQ27IjllZzvY*Yq+7%Ywb{i;_fp;Y8)
zBaTQ-;@aTIUSdOk*c$=wr<~uNhonG~@@P(<r=s!dId{X241UShDU!_X;)Vs>h)Mog
zUi|rfvhNb{RxuJnpLu~#`rk5IG&F<G*3T*<My;d?K1qF&x|rJBn9g)b^iG;5vF2LZ
zfP4zrLh(@D8!Qban4ow-^?=Hvx(1iCIE3zSk0nE4XPvzpWks+xbI~UlliGpi1L%`Y
z6}|fCXs(~PZ4dW%y7kf;o90xONnCdp-7*^wG7jd$7rD^h+J4mjWs&=j<kv5)XHqTu
zD+n@8as0@nLZJhuG*8Zs!uO&N-Pv&_wYaYxIcLy=(t{oT<#1Pn4V;1|&KomX%{8^v
ztJj3iK8u=v<6=^$KaCsElnx?P`GQfn6{PG(h(zc3gW202Z4%r{^cF{sQi++_G?Y#-
zS>3$ELz9qq)Orf{{WW&U7%b3ap7pGCs7f8)B`bK|R41Ik+C>1jK+AxCt)-)j)SsLR
zWUk)nH{~SSyw!l%;cKEkLD1j1WCL-560m|w!yCUSaJznJfP25X%o^Y^O%p}?)uAI*
zVQTC)hw5FW1%czz=rCmUkKOywFHy?E&KEL7Hq=-f;aR^ii$BgVML$`T<VWsaR(h=e
zm<fqi6j1^G^<3$()??9*-FE1grY{Pt1bNXXpW2_vux8wjT6{R`IJkt}<x|q{E{?~Z
zLbF`&EovNlw>n1yXUdw=@>?q##w&Q<3;%psL+X9EYD*g1pLJg5=$QlJuphM7Cz31h
zlNtJe=dWmXZC<8_T}}Dqdz$xtk%kNF%?)v9ZzklXO9VkdgaHCtr+J#RpFki?De~@Q
zZ*)|1OEMKM^)PYb2hG`}*GuW2ncHa7XIae@Tp>8y8fBt?Cij27V?%0`+ql~0o$id1
z>V|}CZTHql5ez8meDV9Z0irMGRk(n8R$Gb-BEArjrM!D%i@vN<rw8aaxRm8|BtNEy
zuB^ScaW=XL7l*nsHz6`!bVa3>@Kf|jT)+fw>aZ-zS`_CNs2a7H9?f6vH`x)hR6Fw(
z)pqEMSha`0!!8w>_3bLkQzl{qk9`i^e%Xk2K5v$RlQo%WeSo`mO2yy3FDHYrRy^~>
z$aG)>nkQ9X#IAbDRR_7pz-ttf4sP%cnHW6)wo&&{IWlUND1Q6XP3%&YXn|tp>}p5c
z%6GFqui8r7LCuqu-I5}Hd!dT{J7Y|XKyi~oud*sbnG>1@c>kx#vu><)XCAt8`7w*@
zi_XFXV@$)gbu@Ax^XxbQ(^(YQ7gUBuZ>PR4G->aToz$AGs;%x;=Hq5qq+U32tM5Uh
z$~vyrW9#>NL_03Ir)+lIu&nA==vzg*AL1r=x1AcxQGI$DPm+fm)vAwc6m8=VhR-Y`
zlZ{Pk<E))U5jE7o#NtgZW(#_G{PxpYn9iQ(CM+^t?ugZy-S;LKOhwveP;)`rlf&Ij
zY$xk#_m+5BTg=DonFI{3RJ8YlRX}Fo{iyx3)7^&lm`gXBkV5@Rw}zVSQnWUj2ZA$k
zceuoY>`q6HY|~D#dp^E$A`fvJuCrTTgSU3k>Fy^OtOg5eNbvw|+dSEAS>4S!z8d|t
zTlx%z+M5!gu$>#2)8|ZBF~bc@D~!bCstz}aIXP{)b0+8_F<rxMBQcV*^;n5S>?-Og
z0n^Vi&cFQFaBKL(+b5v)A&>Rdsnu!R>2cRLbS91+rNHH!)N|%mfObl$Fgf`+s!)B_
z=6JY&yje3;fkuDd^h!rcAy-k$dn0ny7!O74T};EMR<}D=6djY)IEz7`n@p07oAbrH
z-R;rKL9Z6q#TR-U75#mk7MJzRS6pqs9gub8)V2x9Hqn1s`W;|dsg8A-QJ9O~^r~$;
zwv|uBHZ+Um`)(@|U4=?mH(z}KcA_7EJ2tXN=RYp=Sln$60w#7@=8^d4)Ff+xYWQc<
zJp^M>NYULu$3RE0!1AYo50`)c4ty30iOo28B;V$MYLd*nq{4HrID)o}mT=DqX^dFC
zdi#>fozTa#Q=J-Dv|}Ho`7gXIeD#uRRKXtt8|M@MwXxcb?NXEe<$vc@;m^<pzB^0t
zHQYiXhN!)<{*tLK%{Q>{Y~TEF6HI?m^CmVRNU{1A$x<HL5hH^E+8hzJ%IR%}{q{3#
znwI%R<w;%87jxfJdpb@xp@h_l57mK&5v0BkKYWP$z)j6b*cFB8j-Z@GSavdNot&-4
zY%0IjvJRu=dJ;S(f|0&cdq;$n{GxbQIa;(}Zj<Vep$rv+$~4hyo?N7!TCSY^x?F|`
zl(~NU$oq<agJEsd{_!g!!!1i*=@)@V=*@0Y+D}LgmtV75eMN+{N?Auv=1HjEtJa5p
zNKU8~4lU`AGvq2pe5KlM3$C{0Rcb(p?(gp|uj#XEG4o@ZaX+Nf)3o%WYAm<N(2KHa
z$Y67(E?!#R2wJGHZLY-ryTyyH!G0$1^(QVaBVXXW6@)sD15YqIE8&Q}b)@QKH?Mem
zFEA+XH;=0-yvH2RNxg{cKEvL7gWlf~-<z28cH&h-Rt;$+q7<+JFK|t}$Ap6o{82$?
ze!<dbXJ;`D!Jsq@@?$z@0v7Y)&_^K-d&(=*)vSAX<c2^FBeDrC1%mH2mvxtO;Z9r7
z&sB#l^^U9N5N;L0IGIH(foUgjo9fdZvn=~!8;z5IT0bXD=oj}As`nGH{yBwub4z6D
zt6!U)mjx08)MLR9=7JR#km1jY`uV3<#)8doXTP@4+gfOM=LGDnl`XWFA$G-!Qe442
zVz1uKwytolT+syWO%-3>k?yXDLH&YzeoD>29?xOi>x+L4DpVt4;5VH~$I4FVimSWo
z5yzJXZ;#CdmeEz0^9y&|p_ljiO+!j*o!y&*%)N1U?$@(pXc;0dg4XLvMrh;EZMKsq
zagssX!TjBIQReaRx%@I*6Lt@!EQ0-|Fo(YKjTVp=wv5)w+B?IfCv_hytsL&JUJ^=c
zIAi~?vU}==Y5H{%@EY+FJ$~;HNi$h8UjL)QVV5+x8ko9Zl}^7dQ|X|Rijs@iv>AXc
ztSS+4#ZxVfF4Hlz_ig1^Eo`3hTl2UNx0Qo$y>@^%Yv_*_e>2q$agQ$1t=FR%5EJ6L
z#zPe5$W`@xf)Z90=ST);OqZacjd@j6NK$+t`>3a?x0!yfBM-vh8@{(sI@e!t-TV1=
zJBW7c<rGn6NUr9?)TCQr(?ie6amzV$bd0syWR+s{&hZ&Tdiit!1}%?S)uAR@4ipat
zjXJ<nUXl0`X)DdPoPjSYF?{2447nq41(^{f^ds=dDH(&sRAcs<t?eeOf~hLetA&TU
zt7lEc`mo;4-RIC4=|?<jv(|tjN$~sTgJ3GW<RH)j3i$YUcr39piweLyOy}26TD<9>
zygihIrG8_W^~4G-3~swBRw+9~Owj&W7vkre{XYo*pJ^da7m&C4pY{9sO8%IW4nIBp
zuL;aOfB7G`-T7H8`)j!T(Yfqe%{A7nPH`fo4>mlt+)Y?$N~^`wkbU{2o^(#d{{|k{
zxqz%=<^72NoKMyjB<Rm!*1Gv-Q+>P_Oy~3VAFXEhEhx}*rtbu5*u)I*Wm1T_j{h{J
z^X~jRMFUpGbk_eK8yF5yvj~cYtGL|L<h_Nn@>1)k{XdpCI0ok)9x2QMW#M|UQVT&g
z)dNnMGr*6}Po8El{q>E%6X9j|Ys6K|6VK*VFg78Kps0FIZ~5(u^eEvC!x5d?N3__~
zvS3AT;w|zi7DD{&y=;Ui@6Fph0VFqG_zAEx>i=;{pZ{!6{(t7#_=7%b>iGZJ{(CY6
zLU@#X8~6N{Q438k&iSWZQSUaGMn!`Tusxq%sFwY?v_Y)__TEAEH<VETXS*}u4rG&F
zXAuorpWeLL6Z+?zmfdNd;!*02l$08q7T6x|%!_%%e|L6}20QZ#xmcRmYDJlRb(_je
z&S!VN?awV+>rn4i1Av4Pl9Mvi?kt`})^U1bbqVHGCt^xF6!sL<d3d@?{<lLN#ATuI
zK#K^fDW`8y8|YX*jFZ%b&QAasd^a2V@<mlO2FlQ_Cv5zk{DEWAltg8|kK9jj09xtC
z`wx0AOS(txbFbeX3cX^1g`x<?s6aP0X2d*OpUg+CaP-P1$sjr`e*%E;j(2Bo61_v?
zNoULE6j##2B0wf#j&<JkcgJfkras?*<j$Khj(o6!wi3o>Bl07&y~ZVfRSgg7J|WDp
zLXWiWvt}x7k=?43Vs$8x@^Z1I1KRT#a7A#gu&)-P4UsTLr6QP72qo?J({D4n_3CWU
z$V#a(vqj>~vKh<zHu9RrwZp7rvvir@aOv>soDlieLvnc2g^AK<t#3z}eg?U%g*n*}
zrI`A9S!$D6U=LAneNJLZJ$VDqeirU?=Y9Vbw?A%ko$G16my+*}jS}AxeQj1Zq-c#z
z*fOsQR-m02du~iMCv0Il=NZ^23qFt8Ub!(Y-)QC6TR}aahkJx05Q0{=+ehku0iE4C
zyCu5;Ce^1c{;3kQzoo8x0Dt_+8+87lD<4<_YgC?(OVf(me$%KLA?@+<Vrx?^Ulr8@
z@2)d!%C$rQaQyk26>^GqGU0?{y<>s@d~lgm{YFinXDZ?r)7sK#XF&{;_KI1ezvVXg
z>>D1K<2u0A0eioa^~PL+lY#^N^%6+KDIRE_ZR+r?uiyf{qNEBt+WALa*|92DT~h{P
zGWqXny(J|yjjUt!l!VZ$2t;YKgM~$F8<zGyDTUK=sCfv04eE^mAi(<sz18d-a#PJQ
zc1i%8Qyn||*pIAK(>-<N)<bSz@4fA%8KoH&Pp;9xD^brU;HA}1onhowVwkl6(WnOL
zy@dy`_I>~=o0%`3F=G#*P+f2VL=QZZQYYi-4jDT9vZV?qIF&`u)#CbyMohc)ie+ft
zFzfy-e+JS%@Ev(?FAu$^`7T9{0{W3TV%K#+ng+$Q(da=!&d4Tw(~n|0b~^S|7}(g~
zVe5A?sR!GLqxPKBxgVn4!J-ovf9kw_$HHN0;#WQisBzV=A5{+-e)hF3%9OI=z<z!F
zj9EL&Fv2Rw3uGMcU|1F;xwEpx_L`q8gj_Y(SDANy=T+<V`V&w-_VN429?&0ruitG*
zfJGdsd|9d)cZBLy{Kxb%3>vd=iS1xpKifLnCRn+3KW+Ln$b%ojITlPQu%&<Tks5*K
zM#_j`6S06#&AcjwXogGU50r;VNH~g1vuT`MV6WyuO^c(_RkN#RGN21(7X^`~bQ7k(
zO1`%UDz#>2goaU4ud~Zses=SN?&B$u0zvHwP5W<NG~C4jCdbv5(9qYEl4)~HVzzd2
z4K`f9!9oI3_ox`*&Q%u#3Uu!q_0r~T=z6}e_gBgcy(8Pk35+sp=>L61Wy#&j@lxB0
zWzE=CTa0TLy8inT>);#WjFKz>NJ@<>exFaN<YJ@X!8cIF%&?ahTpl(usH39AK~a<H
zDU0x8WIpL12o5_VSi6Gf&Ens^Kd}ZUpP8LoJ06(fEv;$-gID(q2<g|&zW9IK{=1L#
z;qc~`<CHP%$2b6!jYs)l?|mt-28>Vx)SeTm&Xz#@v-eFhjnpE%-(1?c6NE?Uc~-k}
zWQ5YMtq<@^)gi#fRSYdZn8?nuuSbH&L-yy<EEVw=I2kdM5ur(=hv$qTFL$lJTgewk
zz>%IyuyVIIJidmKo6;4eEnfA)VLb=7bSWmh=dG{e^AOP;kE7w=zoVdgq|0<&IMDZq
z?-AESLr99LOpvA!VJ2gdDkHG8kBrYKntD+$O8Y8}0-eE^x|&}%gDoD1s1_6z5YX|`
zq27;y1)o28NpI9p5<m=-tg$74NrLFWZ_34A<kb>@$h!!XSZ_i=f^VO%=RyQ7W-vk@
zO#d(hg&_-=A-@95cL_mCx+I{0LH45;DY8}tpy{^y^0kW=1NCl>pqh}*$qgNa!<A09
zY8PGZC#y!kyZNAl!r3296TlsgQPr|8U;+Is_6^aGz#!60^3U7o&l`F9(b&5}CPPtB
z%pu>_!zqHQ8;;gfeW!UZMLaUefQ=0a2-M&w4<pQMv&{@vm~W_4o(tQ04`->q@$=OM
z!$pHOLjdq-<u`lXaoTA32_AxP7xBPy6cSEMHVACIMmN7rN?He>IHKSi)kGeJo&aEt
zRtb%6Y``!Dp8X(G4|7D*SRe(ngAjahMVk8hl}DGW$Sj@}T7N5J{>(OceMpr{y9ywY
zk`TvqI+vfOG<@qJq9TY4MxQGNabj<BJ=$QlQ0a;K{E#2o6(gus)(H}(zeaz}8g$F*
zmQ~%upSyG_{83S8$VFd<y&+aiQ>n~+dE07dvvJ5LZ*{)LZ7?u8;G86pm@^*`^bQhN
zPqJBRLMcU$WqAMe{Yzfx#YYSo`xk8(hU*$8RWsHsVy^cVfSJ<G0$BV&0&b;moICmE
z<k<(g9^Re>|Hs=$gB20veWI2Z3zEx2XUvBBL5rgSs4N)m0mxp}g#kc}OB@=@P;Vzh
z{=9^1ZmjfumVFK#th_(YYD%`FfdU{B7qK+ys<|>&GM(d=&}9lOEq-d+S_jEx#G|x3
z*=Eg@PO<rTI;TdR=E5v>!zCXA?d=z}G0U0|{e|M6rV#|R@2)Va3iBLRj|CUujDlhC
zegG|D{cqo%=;jOV+(EzICNuqhn$xGAns5s?d{2u>-ZXaq)`P~J*~dW8bcMBT|4<qX
zVOrwdI7=kJCn%-MLGqJ`QB7?2!UINr)#t6Ck{PplrVWC(WDHD#gkaKay8HY-;H2E7
zTqC__!6A!~4k8mm)_xngY+xI2u^_6%?|`Vw>nc3whcvgH$w-YpDYPOPfY-uvb|auR
z6jsSHZuLsw-3{gU>=I=Qr^T?0vrv%)-^<AQ@U>K6Y4A=k8gf`UQL-d=L3(t3<dq}U
z5(mQ|GUT6$=HGt)@gB)LN=6Roq3Tx56hD~Gguh19g-Be=+Np1ve64cOK6{*)d0SyR
zuts*L?ijIBl1wlg*og5%6Uoi`H0=5itnqFDK=e<Gk4$$70`!gwcMQP?=A*&7I9;W?
zjbVNiC};ws=ruDVkO(CnB|i-Sa&3_;6Xn_q8NT0F+LD+EVtMdDDFI#VtpUc*z$TsD
zONI}#mm2T-k!1WT<!OCOPH>+kTAb5TI8AH#Ab0)YaEK=u0U09#wS30|jmQGv8IW#p
z^;vXLa?GE4T$uyyVvCa!bOsG8<FT0fZ2LSn5}eDP;^xwI+v3&Yg$|l17>>SiMRbp3
zL*mUlH59=Jaeka$HzBbHd*;dlsfl6$c1JQe<8*B=TWA(MK!sIk>Z4d>YnPIQ9I{Wi
zTZGHItjs5dhA@Frr*2iErlEHB--_~mDJIO^{5vV+!RX%Y<keY%l+|1Pj+_)dd5YOh
z#^8)%of+Kw0)kINv_hTCzH{=*>4FSTHgfb>EQTv1;r)VONB^o+VdUpGd$JJ+^1dYh
zRe@9vCN6;{qZYTIw>9~VRE{B(trP`$48*5jW#Xg;AhRg}?t7m8t}DcrWR_&h>xv3d
zV_U|eQbk1UvH<}m<z0JCg39S{S?NdlYB|JEQ}p`+yz|YixQDZ=+{nB&<JZ1Fn^fmO
zBL~y|^RF8XMB*qp?4DjiuAQ;}KkJI1t24LiJP)e6Wq}RClNo_uvY`KU^Ydg)i~Tn~
z=I>HO<k262=Vp!R?V1_a`jD7?%|2NfstGx({m;G6p<6ikS@RZ-;Jq4aoP;1LvoZ?+
znEB-;W?(;K-J2$z9e{k=(X)DVMh}X8j_Ejz4k?zc-`=dFvtb>RD70nP_OKj`yQkkJ
zJ9WyR^FZxmEDtR4v9((2RU!w{Y1$fI>WPiAQOg3d45x1Z7e71PoOCE-`OxzbkN3zy
z{ezA8k!$&E)MJW;!3M#wTb%%;YeSjp;UXN+_)sHCJDCdtwfRfApOQhbcV%K@yhr{_
zVq@q2x#XavUu++xc$`7oq0=O_RFLAdM!&-iL)f)Z00x7k1_@tV@zP13@?ERvpqr&3
zkqz0ob7}OCAA~Gzch1Dr6I6%IuzJ}u&(kac5Sk<f+n(hdL#x99NVJzd<HmK(x@FhQ
zMVm|lYLDDt4MF=Sy$F)R=I>|iCv31nhH||gBd|~5fx-HB+MTgI0LYc+ya3?$Z3ge-
zybliGzOVItc(-%CA0m@x8EV*kq;{OROLMo9s_dsAh_@v|O~ulsPxr%m*=`be!bco+
zswqIad3SVY`Tt6E@3sG3L!P*%&6B2q?5D?Sid+fwgo^ZxiU^MkP5>Y|nhCc|Hx5)#
zahc?nV&6l8-a?v)0?3ZuRwqQJ18`B_;IUHfxnPmouaTap0Q*Fzt|=@77N#_3Z<1!$
zM&`__HzqV><9rXj=jH-~y)(3o(km2fVG22cYM5B)RY9F6xp|<^?>j#WBL&vAzBWAa
z&EC83niZD#IU*6n*RJtCk(t1UVOMZLm+*73q^W%!W2xg{)jc>P*pJ|Vc#YzN_raf=
zcSZEC6Cn#3|2qMI<bV`OH_OlNBCxF8l}Ycyx3961r~%Ts&Y-i*!8<5BMOMLNBMOrH
zO{xV-NHVqa%4f-FRtt_h6P%xY=})$O4fI}xIa-YK64E9Zik*nYLNP&T>^3H(r#{j9
z1`;AlZpPdo2BHtYN~y!n2Q1-dAC2n)5Z@o;G7NqZn9&AhBrqZey-lRQan%Z9;?cAg
zFvubhoOhbJ2k0<g`!j}P?fyA!=lHl30P+g^p<>l~K4>>Z0-J~w)Nc$`h%oF1w(1-5
z>q<77zG0x4S#%@PpP>D6qzY>^ArCzs5CIb&UzOvn_Gnf`yHkM-6OG!>Zr7En^=HgH
z{ZUvfE%qWWW1PX0XEfBFmp1N<5M|tNWu>r}AgoHC4f4a-W;kq>Rd$cXpD)YsE3<-s
zhlP{CTH6``P@o8^c4U>7j%^KXB>}U64ua<Mk9GFHu0TDnA|8+BKr4O$Jn&UPqsHP5
zjjbG6V5N0WJzF<495UvT?|VjWu#SezN4BtqN<kPfPd0VFQ&B&s1>ixhoewd<rs&hZ
z4x+%ydBGOlmjxh}Ts%tejIP;L=J5jiqCxMosNN|EpHNTKcrK1b8i%k*Sx=|90xp(i
zQ=jpj;@_qr56PsiO;=Deo7wvm{XPvE;>yx~kon=xC0G%vdTh>!>Y!-|qlOgPi+cO#
zut5xe=a7%mEH9B6f>@u}Y3JYOwMZJ3D6rK7{%mbEZ&9b?YZR5s<&*mdkv7~7x;_Ov
zz;6V-vHpk1$!7l2D&$m?JqE)3zJ*yBf0l)ht8yIFCm~~=g$RRja9^*S)c&-FuL>Zf
zpnN=-Gq3*6Y>u$Zqx_<J2@vy`rDYmt(s;OXVSa6MZLR00X_nkSEwOB9kq8qHv4p;+
zV7zHC0n%2?3)04BG-UIf)UMR^dL|=?d&rYmByK#I9sK3h+=1mp`-3c*VokNZz!t!M
zO8%}6aMS~L3Prioot;*gq7$wLyU2&M0j^y@(a65CYVu_a)P88KWmS_PkvOr=Pz1Q*
zGcVEm&1<m}G&Yzok*GmdXsc<s{EXKxS;4Hi&`%8n=PtXfxsHmJ;Uq14$|Io@fG*%d
z%v%?t+Bn|H!dTV;u6}U%2mq${F_?cE622Fuxg<a2{{{U3);0-XI6Fv<Wi@K6cx%f*
z@J+A4sK`!o-gk6WH(j4dLnP5ey!Og@*AP(53$AEdg$gPS?S83wr3ZCm%Q1X@2yw^a
zRxM<S@+vYGRA(BYM)$$IZFYN6@n=u^ap-_2&z$E^5&IZ(dGHUD)@NVpL)0&eRyIyC
zYnvA<l<!={J1G1u{&u)!!P@(7kxQ&fZgES3ow}gjzNA!1*>2!^%@K14!Na(RBqHXG
z0jND)7^PQfjJGx@gG7D}oaQVy=hFmUd6KRZsOjlTa__(%r2xk`Aj@GNe_j5l!V@yP
z7CE~|iSKE9aVw}K`=}`jWmF{VQMAy`Po(O{0#9i8HLkQeJHjt2_qHB5Ud9iFInBn3
znG+5c^TXi8<s?X$SD22vC}{o~^4FUn#ec>O6Zs^p&0+SW5>vH^lc_Y3G&X0`YNEF^
z8SJoLp3@(%08P!s(~u3x!bP4*otS4BH#(u}MhUbjMqyI@Yoa<$O2?38GEjMRzk&ir
zdI0{VTGg5EZy)`*hl{l?=p|CiAavLbvKIxW7$stCpn=D;PpPrn^h+F|^FeGmn2Lu>
zS>X+#AY-9H>9gCuDtE7Ng-MdzGmnA#Qf0ljr)7LqF8fXXwhT|;fF_07QGSyFdMb6N
zO6L97tPFO9goMNZK-c*jVqo}>=dae!6FJ(bj|R=?*OhpfcLINLteu>HQ^%2Sr*yxy
zk7|FA_S*N}XUT0h3CQ7WRZ<S3K&M{1Tc!m-^&mnG;1fRLS9uTRH;$j-gZ<670xQuB
zJ6`MX9OncGW^B{A+?nEo#8unJLsx+A0E~N%{~lg#UmbuT)<~dI+YWdU03Xd0_ki~?
z_ly{T_Uz!Bp?A4V4@EELvFphcx*6avDxu3GZe4JAnFH9q{upp=&^)VInd_HW7XW00
zGLJ)B79^mn3#?5TK5WL}IUjH5!btx_G#<c*#_>jS(`mZKb@BcrO2n)IC^&jA!{zsn
z*JMn@xtgiBJU5>Bs^Iksm6e;z6K;umnr(poMj4OEnePYmx^n{&!ttfofE{Vg&Xi9w
zMAAT*@`1L%{OCl%cm3xu=h8Wg<`$*B@+Ire{+}n&b&4Bjd9p4-zx93;5pvrE4xD75
zV1l8##0BI(1M?F`)HjHLN~j)NgOxDTf_gpgBB*h)vtv^w%Nr!yoK%x2^{BwNM^7$u
zKUZsyeScNy&-xpBSu%P=?lIlY;XVKzW@gSW7=bMc`E~Il1CJ2MTLNh_J4oNrxm~tu
z+25T8o20c?2g>utCv*5e3*HdU$lx^R{zhHe`8+1PU;b~@F;``DJ-hdJh0>>OVGISL
zAPn1<bA><Gj$L1Y42{+@)|QUuQBdZ;y8%J*-3g-RO#v)66QxgE!ze;NURH@>m!bVE
zZrK%kRR{0eFZpgiUTj+L1$JNQNxWfA=>pWdOO|qeOR898T<tVdCn@&l7ZBESd*-ix
zZu4hY3>rDtKiQmwH&*Rhx8<%lA%b^|*NiG`XtaxrD(yzUffLUS`sv&zv?6GE)nWxc
zj+Y<#0mqna@V$}o4R04KY=?6nCf|fbamadYPJn&<@CLyj-xI-@QG~Z^V|2ygb$C1J
z$EC1y;4S3*B$~Nu+*k2W8q}=O54AB$RuhChK_SN5PRgx%lO*jKOMwp5_Kt}_T~Ii`
z^b17n_;_hGCVjOKS1^LV^sOn_V75v$r~E~F0qqQ>5J<BEP=qHdeSLW{!P-2Hh>urO
zEhYBC!S2=~yn{(wB*#RpmR_uSce>r3jbPC{Dp=->SKIAH=SN-@2tH)8*A*fWg9l1%
z&6;BCLR_=r+Pj!UBIY$b@$k76n5;^8qRfKK#d<3h2t|g-@^7Y;x<dvml@h?F#Gp#f
z5kGANxU^viA7l?s^cP3J*amNEO{SMA5*?kpV<1H(l}%$OtQmA)0Z3BH6|IB&I9<$s
zH~jD=`WsJApf(!&?W!(8ik~#fWdoez@4vlOTMbJi_2=761Q~c$Z8}V{ypd*ey}3~M
z+2uDOzjUC7X_{QX-cILT?&2U5Y|RPCVn5@@!;F#raGb0OMB7EP!B-0`c57qg=Qd5o
z&i&t!cO)(POXXXuL?PQ6jW;BPiEPC4JHIfpC{-9$OeMR+HWSLtHFZf$MC;5_B&fuu
zoGNBsoS}oGXf9ISG^-?;e%_I?IZUK|LCcoOlrisvuJHXEdb8dv*lk+<ob4WVsw1YR
zQ|SdxG3{(?jFT=jYB8)N#h*<3gW#-=<_Emzi~sMeWsqxiW3)iO#EdBA+<yKH>x|*o
zN|TcTy#4qG;Fy;ArUU*NfYR}6rbxTq2@spA_eRb(`V*XYJjbM?46n6;%)8-~L<@^}
z3-LsZ0Z)L4HO{g-{+e->u$bS$8qiG$0x^eM@M_WdExb|mq{;gqZcaX9$M=5yV)jyx
z^`RW~1jzZ>G}cYb?XUKyD+Y_S`|mB`Pw6ccE#_c-_^TF|YwpE+=Qa;~oby~0QPNGv
zsR~;ii<Xx}WQ@X~KZm25p9{ue(R0CVEZ1L=jQ#27PJR2|&Yv&cHj*E7d>WsD>Vy5!
zT1Rqg-S~9HfPkNf&1Jk1O-$hp^84HtRwaNsZy^LEU1>Cy{pTl6qsY~A-cY_g3NFa0
zO8i(5@~2_+gI0lR+V~a$pErO5OX>L|t`Ffnw*^$*qwM>Utdh`<XfDN|Q)XuI7r#DS
zx(jUyC86S!GdM(_sMP-%w12*$wm&zZC?npiu{bO;7>Aj|{baFw%Onbn@U9uQet6f&
zUj6oYgPqBJh{GFiGrq!lQ10cD=mv#7R+|rF+(oxpwF?}I$|}1c50rUm!J%%%%j8|)
z^SzH~$bvW?C<4%}DyfIC4c+|W_<(?Z0S|OYAaV%waw`-d1U~Al-;Dh~?R|MPmG9f{
z9?bJR3z<S0LdLX-NJvD+Y!rzMk$KpPqGTu`^O$+cEW=J{Fq0uNSE$TmMCX2<t>628
z&w9^!*L&7k?>c{+&!?reYVE=E-1l`~!{@r5zU4o0f+sGR#SwjvD>ZL&_9_1iikoV$
zLNOk$fRgE_Om3BpVlf$y)L28saqVJ{uW*zih$$hKTi#ClqVhffhb;sY!_JmGesyXI
z#WV{M*WYzPPGX#kERkM@{{{&zsWv=mGO$rVEGH|6Huz(a_E&Q%;_pkPNmzFzPRs(y
zi{Z!2_8Q~Q4V<eOm71F9^*g)V88~S|tRH0<C6<S>SPZHP3Ok7<;!p5@JLi=@nKAcc
z6shD`;-nIQnkpXqs$O>#^E$O);hQuP!7<r)x=)E_KKvwJrZUuseab9pg+^`>$0D*N
z!tw%NQiZ(d;*AtV55_xE$9k2iH?#gtYy?I0LeNiFy+=aLA%i#<0p>Bcl6?xNZb8d~
zshj|qD=_@ik2NfuXh1H1gCJDx^64eCQQG86LP?*Zrn^@BwwK0VdC}e&EHElGF2;e)
zVNrKm!yhNwAR^vsRS)lzN8xm+j6cvKy7`ezQU(H(eZffetugSY6)29n-$D56Mopy!
z9sHV03u<i*X@ATq=lt2kKPzam3EGhzKI4R)DDC!{aEPo9w`p2|&J+M%p%5qNBpE86
z2@vo6491e>Xg?E063#{i*F|{Uhm$LPA`d_IsRsUqzS-OjiC$T0q^%9zdh>vmN5#Lk
zR^V|Y1R6;!7;}Rr`NAbE3&E%%EoARD<gK(nMpuKK9I)rPs={3IAi9@dK%H!IpcR68
zdC)YnDVi-K7lLqLbLevU6k)5-G2VgC+zI7$lX5USl^LBV<Itado>9u#`r9MhipVa-
zQ<PwKH30n{;j~`F%|o~$72`PB86dsg)oE%qwG2T*$b#Gr_?&gXRA6)<M1bBYyr}8R
zYww>3wmm-`@`H&B!to*2l3dsEP@>21HP%}7JCU3w*|f6$jc{%0_83*<_+oT+eut(F
zwDepQG5`~%lm$SeSyC@+uX3J`{yMgMRwIh#wAscntmH>*-fMlg1@g^>?*oImXo`4d
zaWRYTPkM&u0m-!*qP_W6@0ygzsyl`aMJI1EM?h>=Imk9RpYuc;N&JxIm|6O<ba`F3
z#F@${QBa%sNlZ~JQu(4cv0*#OITlc0&)b;%v0r_Td)$RPIrXMenCt5wz8QHTPH{Ua
zemo}Rytn;h(q+Ul{o79B?Ba0X-rQD^iAjum60Y$=fVQs(I*xiiAiJL;9eZ)mSX;We
z(JHecud;CGRIxOENa)^EQBNdE)KZ>_pAzCaSDU_%rsjs<-xzd%D}>ax#ek_r2hoC-
zGYxr8oC%|qG|3JIhT!oCHi?{2=4JYrZ<q@lRRx|-$`B%QzG*dYNnz!ck1&{clqqQ$
zLZ4HHxDmgF*J^@y;Dxy3;0}eem8QUu-wfRHCT>B$CYV@?dFU*19&ZgHnpQ1dAqm{d
zArF!J6-xT7#Q@zbs<L~M?^1?-hFT~EGlRWTv_^uI`pyyZ#Wig$Z&S#>sd8-F(^LhR
zRyrts1MSP@32H8R_%xV#LfOK=sb&)+X?PD~!lAk|K^{(_W)tE%`QfNQAXzvCbQ+nI
z@zQZZpp=2!w)Jl_5#odl4hD9)3Q1)ghl)%q>@a2!IHF;P?`WV)2)o_Ov@}WE2uc2X
zfsFe?ySlgAg@0Sn2L>jq1nh#75a%F0VE3Zy_7H2}1etU$nY01fqzfP4xrE@e3Gdak
zj<0M&AimlR`E-s_<&I!uJQdPqc&p&QvoihWK^wbsNUP9w80i|Y`$=ctOJ`T)<_dwX
zG-+l1vV0E?0%G-mX$d{OOa2xJP6Bh*az4b1T2aUw&gg_o3*sU!u!AQ`APppd!%w*~
z@~ynfmeX~9H{-{H60`;ltAfRsvXO)KaZWE6f0+TJ)}63b`q^O8u_I1?Wz=QItxa3j
zgvGz+xL=to>9)kw72G!ZT7a2<57pw^W}_(2i2trFtNjv!$uBT4$|=B8rm!kXc(kr{
ziaa+wnTv?mzAEaI|Amz#P;3FY++%TZZms*79Xg6b<>t;55^L688DYwU$Aa9-Swrme
zg_8q5w}SJ^FWFiJbi^LqtPQQgSY;g{za@uu-}PKFc19wo^W0M1cLyUR9EOb@X*T5Y
z^38U*TwlbbZNF57@;TcrJmYW#wK0|?ZQq@&;Esdrv{{w5Kkk?^8|&5}j5f~}j%~HO
z_lij8ThKLMAY5BTHmpp6<`j%KR-#B%LOGrB$VbW$($Y8>xO^BpSQGEF=H65Br>{;2
z7X-uj=^aX1^zxe3t{T<`!ci46mLmd`F8zDIARwX0?qmKyX;f6xPjG92)nz*KmPc@J
zKOtphpPqrDDSm~dd8LtYNx~1t6y!*ysSraQ0!Qh`$S2QQ+r>7*2ha9i=>ykE%5X(B
zn<w}-2*f6}us0G6dHTK^TFT;`M0}kQ=`SE`&8qO2!v5EQP&#mVxD`F#J)bHk#0`(a
z`Om?y$-D<!VX5d?2m<1=`~v=8&Lto<wa6G5`iNQ>)YNR^%RIEVdaShG(Utsp1p78I
z>+8ax%)rcb2O`csCH0Q)5INhR+vT^HxPdPKcsyNa?qo`b2MNcJv&k##TNnc)KxVcy
z85IYAhN;ClK+<eoy`<z*?1Z?P*diGst|cS%Ead|fnZ_}-X1UR10Y`{9H+Zxmr-{^^
zwvWt)!A0=+67;tRowUz+P!Df14~iBLGc}m5*u74|^f_vjGB=VCQIm5p$Plr`$R2f6
zXGxdSb4i|%$8Uu!l8-TBg5MC+u*y?~cwx>nb)8Oi&aF@RuEc1<U9afz={EN68=?pF
zw{Vq-4zdH{$W87aN~cDtOs>9cxU9JFqh~v?=0Z+nHj-achU5A!i#~hNM+4PA!jl5(
zbvM{9y*59?uCKpTGM|ZPEohrKu;<1xnPe0KY1W6yzln(EMuItIo`)@0V;iYW3uhY~
zviVlZGdE+r(PmmQbaAmeW@<Kf=`>+m@k3Z8nmLj(L}XRM0=o0WZbIR}k9Yd?Qp111
zEMfP|F$h`_H9F6sX!yMX^TBXGj3)ugdj`y~Utb{%9%Tc4c(}_?`{q>0)GAxIM;yAS
z%ZrCu3b$_z(+7-X(sVMA3qSC}rfy~GYOPDCpayIdyRPUsB&S5r^B+%<gni`uVbbTw
zF4XFPNMxopd}d$xBWoOHXXr;c6r^*W3L|H3>E|TunVEppl!q|nXM<M)SQ$tIjco2=
z!pwIR;!|7$LT<sKa(%)MuYf#|2%3gpsCyjrduMg_ZB$2-vl=SVbvz^om|<(kpS#h^
zD^<?7Hz#3X4+31PnSBNt%RXjHK4<r1ku%4{m*Vs#GOns|CyZbBjQ?bb@K9y-h&dhM
zt}*wpoB2A=GIsoR{XJQPqsbey<5r;g&@qDrapJ~w)?{w{E%WMIpQ@wuW`9l0`K6)H
z7Sa?eR*GV8S_2~0LE|^mAerl{AD+XD;_1zppx^@(=6XGpD#Gt9%;rX=9X!V+rjsWk
z$Ta0!kcTzGH@V+a*Ye2asjj4!3JJ)w(j_^3?yohP=aS@lBgKNaOBZ5!W@&cR=Tpre
z8(nPj`Nh_wj}VCJgoBh6h5+I4C)X;nWy=Jz=O!MW!#fTOSGbH5Z`dX5#y<0MRsY2m
zpLdwSO$~)nE74$mT&GyP^Czzku>{?b%5m7S98(xhXC>Pwb8NB~?wsOnP>^U)5O2s&
z-hZ7WnNz=lF!8SN0WO=EaS`3*WtNE$T5<^Vv&<8fk&hsBut!CE^Xf?bDGnhb<$JBB
zg{O;Ces^&0cWGpl%0&|!K1CRF{UV>pX(I@+m)ECFCT0lk&Y`U+>vkq<k>F*)hWC^3
z*_Rl$Pa*x1j9jM0;8=?Rbqkf~T{!r(U=IV62O=Vv7$04ux4TbQ@<8$|ZUt+lg&?Pd
z&{4;{<N}}KoaI*53-_&b!_2j)-s_pP*uX)nICJxyn$5kkjfm(G88}+LAF#ipmKj#`
z;~Nwb&+-Re1&%?PK-h}AhRLqlh}}gC@Z9UnhKfbIv94;)GJYG))<`n!_x$|a7pbTQ
zP-)*>qO7fUzcn{XqwkR4Z;+GIkhSmm=d?x59##(Ht{Qyg1E`Gnzlbz?zFR+y8F~Il
zI%@M7$XNbM)6&OtA>rY87X)4Z*(=^>2@$PX@|uNrx=3e(D<MP;m&TZwLioz1>5Uf?
z5G8Z`OljC+FDzg{MoR%3{P|0()b7)&X)B02$P>O0#}w~GSFP5drWO*7pZ*R(bWeAo
zLDUkCO@iT6)g@E{?213d9cFUv_pP{j0#aSiP+X`Xb7`R*w$f6jXCNMhBKQD5sSLrr
zPHLZ=LI`3)Wd0J?;jGhs0<9+msPf@V7m9E?;t4)jihDcLEf`Z^Jonym^Pkpr=BCM)
z;Leqlg+#2RpO%MU@_T|p`Un~AC=?b|-!gY2Pbz%|dsu6;OQhC95m3f%qQO*$iass@
zJY58eMOuj%_@vGyl&jXJ5fU10d)l>2bt#&J3>}|PIvF`*3xllM-G{De6vMh&m2`0}
z^zE!FJwMaV0M{;{@ul#G)MI`qHY3N&#h0pZ`CEpIxua-j?$3&~cM#e>acjrFiYy;%
zwpt%Fy2{QH>&2v=W?z}H!d<nA-~Z(08yW~6L3%g#gowET1?tg|xS5i@=t|mBQ2o=#
zxaV)|Y0_lav}&KY3aT)?<4BcN?w~huuK(;2XpW6s=bCd!#TO_Ren0-JB_i&kQ|gHF
zLz4cu7bkT0I{T#q;{xNx3J^zFPmAj*6M2hoSj-=AylY7Ck#Yz9H=(l~LdTONT^iYX
z5-A)-kNb%XU08bdS<Hd6tZbk~4@|wC+n#*=heodnA;1oJ>iym(MH;Khatu29KoYc)
zXD7e)`n2?N+=j$EcI}w#CF%q}ucdMJuC^bVYi)mP#<S#x39L}2vo8~l1*zD0kFXwz
zppZWE5%Pk&5^dC4p-c-67g;TgcSkh6qlJ~d9pNxJ&1c}e_tdcs;p6+f0w>7~XDJ<r
z?b8@0CLvh)^IIfb0;8g#6f3L!xg8MkLSgT6b0Fb#dAx(U?2QxafDK5ki#?R%96B!5
zr)eUpszpS{5FFB)=prc4`sI}2UDq^9Y5r@I6w*0l=C&}>2~G{`7^~>zJP<SBN6KwM
z7$Vla!~3yA&t%4?J%U}@u9J=j9C$}ssHmZ|TBC2($knj3T1<2dcS2fe_{z`M{s|?@
zX<%T`5j8FXL952pV8xZ5tEW5s{7ggG>7jrD`x>>nCnoUn8XO)SCXF!Adu@If6ldq_
z{AfTpryot)T01aI``Vp}f>Q|Q#yTc+aTs=m+h5+r@FN3YU<qkDhIq^+eF$_xdSsg+
z>WtIttR=5j6d-NZ`^*&Mm8#nTKANf<KB7(9j?8)pa`M$jv#kDpXZTL2nI&6M#ojQ>
zbjY{I@5s$g);1G4DUNvLSyOPCyE}Dd6yv{MkB_&EAgvs8s2Nx#Y3Jf_zwx0NmtCG+
zt|q}-bl&7CXEhG=UZ#H}JscRqqIo=Wg^HAc8c;=Bz}xt@>8h*9O6AVL%(MZ%IMKX{
zy&D%(5L58}?38w~Se5v#9ktKqXRA|#Q1e|wNtWtoBZOyd+S@vP@F~zL(<T-du`-~k
zCeb#Jt3F;Rnrij+{4?QC+32@NBQ?0hdHuNZOD@Zak<@~@`rEzz%M7Y^7nvD_iPUD^
zbjV5!E7JzlT<(cr!ZhCvB)*53N*t6ej1E|9a@0B+aB(6S7O-79sA~AWR?tz1iqz#w
zl0Sv~P#=Fs;)nQh-Wty|@}=an`ZO2~S(!Y76~=bOoo1MY2RS@(fn=YfYI)qws7+i#
zf`Nuk9xv&mqvHTcWR&`Ts#h?sMSdTqx6`MyqY!~}Jzs%n>-~k`T9g~{4DMPNpe`tl
zfdZ4)Iz_GNnF$)UFCLk9VkM>|KbJi;v&IJ{8v3A%tyneR>ObIUkHqusNj<&!{rz46
zUBGwUjGfyK8Tc1ZFIF>gqc@Hzc>Z2Hu$t_-w@<q@DMoQ)d1#`Tk$k?W-!vzQCfQwi
zjxCm0y-=gDQGr+J7!!|?f2;<be%9^BA3X2iz>uA0<;;Vn;GmgP>94Cv#uB+uk-I#b
zXUb6WPd$VdzTCt{EU}G?*tZge?_b)>`n`+%{^R3tz8B(q{m`9TBXn9^De{W1FC=HE
zN^41L{m|>Km3!bsV|s=2a6pOvU~WOwA`@@=S<Hib-I#j6deAbxTI<X`uDCnawt5lj
z#m_!XXLYK{$wD{1+{m_&#U0F5>2#%!J`x=$xoP=|aSI<J$2g%A#MfR^(=j2g6o4!?
zG|Q!!B!R|}7B8>%{i5pON?jnkk$5xlW`N!O9?7T?xdl#KVyYi)Lm6vFPJhPPGgr-?
zHPQa<@7O&DJ0|29EeK&d?Qr&cd+7uyFCWmfP$6}kAb%*cN8u-(@7y3e!X+le1Kh8T
zeEWS{uBV#FIF;-7joH^0_n|$M|5aM5Ts6UGI_w*L*FHUNT>O>g9gnsgQI9JNCH;Hz
zd+ArMl$K0*uGSXB6~ujKNH^WK8#lK{w2wWmVNFSM|12jwnH+JG*5YSCxz~z}+xsvL
zY8Kf9Lt;FM6aL62H_F+CqW)h3N5<>xZItOT?*#?pV?BZH!g+qOx7n9P-uREn{@E1d
zE2Jlyt64JAOt?z#X86o6wk@fjwicJRekFUIUiP)i_Eves&#LKrA5GB>`1{Z4+kZPp
zK0M3L0_5jCAp~*x#u}~li9LdkjIsEjI@Hg!;rEm#7LX{m@)_V)?#Ei0;+Nv{(EW}O
z*COw0HJvoJFX}eg-`@v&t1r!VH|2HsVkFXqLcl^#`YG^Z(i9n(Ira<4v71&^cAHO{
znw!y-G{;A>Xp<BCY?fm9@$Yi@<MqPO6s*TB^j`_-OTNTrw<CG&>^r;XqvDqQ2bOi4
zhd<zavwgGMgBzlR7ljt@8^dX@Q%bni$8Y64OT~q_xcZbc>;4GRF|jduHz=3cOg#*y
z+(ONzruzBb+<xUv(G)e;^>%e5U|_rI!=5+o!>@;BL+}JWHt!;3$@*{eiOx+kRA5Fg
zq~&CKt6+8D|4TZwdClJpHIz7%I2aW^$KUDURyo@jNtztg--Yq{E1&xCOfM7gDBUv0
zGDlBU_nACG8UdF8felMY3qSR`yit)2CN!pA<(71^hX(vNWYIg2Kt%TGL4>ZSo?<#$
z5y75y^4#@^Cti{uKM|W&sq=HIr;HK5bd=S+*+L9dp(oz=cZiD15>+!d?ED^N#3*&l
ztG{2KUnY#<0kibme(d9W`_5{<qUouNRSSP1m>B0vqMW+zJ@F<gPM@rXrY4YyI@ZbT
zr9=Ll56`eu_9v}%Ucx|&w^7~8*df&gVDuvUxdkclulrt?Pf%l{hj~lsyMhzjZn9Lk
z?5m{CVRjl;e4@Bow+QYDi~WmQ@1HZ}?!&lRVYiDD6D0RzxeYukh0@(F%o=C7+bF#?
zjjZ6f%=k9nEvudS)ks6y#nqTLO|xX*W~MgHRV`X=TJ3<=b-rIVf8`h-en<RbUzf)3
zXYZZg4#IO1t2bvQm`PRH+(e$b<up1{8RI2$^xitj9CbH(n7KsEV$SN<M!fb!a)W}8
zwEl(SII|P7u)$UT6`rqAN9_4DxbcHr0OM6eIEP5_$wbfvwmWvqDsUSA=oQ|gOX2%E
z4;sOgzOlG(2`NXbr0|d5$kAAFQtCLW6#p7woiR>0|JrQ8tYX)V_r)EZA2-n0zEKUw
zIUQmFPC-t=Kn#1zNyV?!>nbHF^(nq7D){}DZOTdZqv8v$=f6JDE|cw*Y_j$@<o~o-
z_~MFgO(RvqDW6+wH}A1U^<T?*{~-h8(9s`v-3UBqfo*Cu$1z@fyT>OG>40<~HEjOl
zUhZN$`J!87N^etX&_$M|XYPAeVU&0knj=p}-=Sz1?TpwJXISuCqX_}^BA_%Wo#*V6
z%XC4UU3@S~TSa=R&FSGMCVohlRDAZsgIHP-^uq8!X|5G%qB-<<86Xe~ER8tL?sswv
zVP^&rU!mCZUAd6(lCkT~@pYCYBeP|1t)tMALykqmCK9kr<UcvhczTldFIGA8AcZUz
zta2~$VAntKZ8}w>pGZGpcv834WVTULYrB?d_?rZKes8^c;R23*z?d|7=gP#Tz9@!o
z^m{@9X#D~A<zQBxu4q0;(E9p0Pas><7(vEZ*DsP|sGZB?>iYS$8|hmlJNHS&YaY>F
zm(`o&F8ZXcseDC_ov!wC+J2|R5o2&6Cr<kWGRf#vp_4JPj~*hF3LGAl_UsusZ5u2!
zq+66^0u7)8{bx}gNi2SjgLG_`T>(Q6pJJZAP93}#g)U8Oqt?;|v-CD{pR{Y6U+_X`
z4!9KgR*|gC-|?{A2*mI6l=44F`3j^3%L__EN_>#0CA0ZH#pQHVXUZwB(a#Qe_V<9~
zQy|t43|dzIWtQv!D6(>6BFiW08*+DXV{D-YSPX^7;!5>D=U?JW{w(fJmi$5PEARPi
zt;d4j?#z{M8J%aJKft*)zTG@B%(>$=*j#vE38~{CO_$hUp6~N^!C)hEPpjGyI+O1k
zX;B@<SeM6H&xJRGMFTqZ9Nfq$clF3~41BLwqN@j$tX4u#PQ};tTRS7lyjyBf{4}U{
zIMmwo<TLeV^uM%mcep0pyx&e^K;zxeWmEKL_l7y|9(oKfivAclMgt?6JFXnJD(6Z_
zlR4uM_@p5#rnp-7R?_GxTvi33bZ>y$cH1~Bx<CXX)TT2xV&Bl?ohDT_;nTS8Ymdn&
zRkI3h0yhQx8iAx7DISGMm(k~}#Xaw%vU~&NKdMiZ_ocm2Vkv)zp!;*lnj6x!`OOkW
zY^cZDbNq4mox932Ro{0f>&H2)<^yhSPuF~k-Lt3V0-b+<W*c#A81^oe!or0-;pMz*
zhBvZ%wKC}G%A~Ni_;XW1eg`#kLBDQ@P-pUp@CgBu+!)Tc%=Jvcb;m1NE%}>HTq30X
z`+EK!0J}H$J2oT+nyDoBr#Bu9@Svu(0h4(m59rtvA!6RRQ}@U!lRAl1<aEZJL_}Cq
z+4^Y4zuL9@4(gc1wNE{S7xWlh4_bav&PhP>IvxQ8k_<t@%yrpSUv;V_hEh|U3mJR#
z8Q@oLF2d*UJN*@bmA=4c0-}gMlhx9@q9r?I0Ew;^`&NBt9#+YnygXD~WNuo6OSL=Q
z<(r7S@JeE_sZt4>X$L5@Jl~W$e6_Uks$X#TE2ZV72F}{`<&>c1-(p}THTB43Ih-4a
zK;%k7OxK2=Nb?LVKSJWX@ULFF>G^^6{+rzg!NOgsGJgG3lJhRTlj&z%UDg}Bwok$0
z)$_@z@~7Ptd)L%E7*AY8r0jVvjnzr$3+L(Sr|<&3=;Ftryy8pdXp04(oVjPIm^baz
zoN`W7M2^IO?;-i?d++2``B^E+`jL5?tVc+as}M0g+NZ@fiwGJ)ux943{OvCesIl>T
zw0NSLHEb&ikd&mJ+JkeRq)5l)dD%(iJDCrFPk@FZO_9}Ke8)mEUCPw<W&1U(Z|_F>
zf-0tBy6e6ir}*-GAlC^oh*L{lujG~|h>YusZkv8Z>BuEI%Z!t0#R*+_nzI)9WZux4
z_zlH<W}?ohL>}2Q6!NrQN0yYi*eY-IW~x4dTWb53rwNrsgdTXX<Jy<=cv$Jh>gomo
zX$*&kH+iKY7&^_t87H(dc(yR8lH%cnCJ(JTl!p(j6!-|o*769rJRL@lhqV={RG$gy
zGlkjnBAl|{O+}`fZT>JPy`ZX1aaY=Qk($~l8mK^xyAQ?R)RxVmz;At7e4j*%u%&n`
zB9kdombvqA=21&<*fjkcD`UnV_RqRRlX6f_KO4%|M+flp_p>-@imALmZsaNCAXc0@
zDo$KnbdPjDF>luU>;RvA>uL34SyX#MgcSQ#5_y9et#Gv1mwgci`b(bw?p!+HeIrTr
z250%!lY8tA)eX*}Q$@Gfrhd!;lFAs~dNHcQeC(&iNL^V)!@Zm{mWcwoPlS+nEg>R?
zb4xB-rlE8n$Z`*Put~lcNYJxYL=qpRRA&kMeXttHsyYf0Q*pDaK(>&?+hV15$_+U`
zQfoUK`8fD!(jzDFmggq(!W~*&fW&HkAzNgN$Xd-hK;->7>K@KiQsojqi|tyPc{7Ob
zl+1wbp6q~2=jNmlP?<jO5<Y|+(wra;wIu{einxBZR?Jb2hlr~%FwaDd3NGiP;41Yz
z;!sM~OSnDgAH$_q&4G=zDIjkF(j~Y<iH_?X2*f1JS51BXaANzr=o(wyaQ!314@R#L
zZTNZ>$xM@^>t|!K+i&pROjwS|PsFKi22#&)At^R0PnH=WuWoKS$R7wr-x2yG8z`2Z
zV~}ed?})iMwSM1A4qeVo!()1y?wGM%e~hJWuzb$IGfyg#C!^zQr|r@6r(70fisYg%
zud;Mk5-~)mQPED4>d5KJ$(yjhs|<5{OhtM`vo<3`5SuqR?A3h&GgC;hiRGOMz49fj
z26uiXug<XwIe7hB33L6sJww6F$=8i7E=jqZkM;}}dNWvl`+a-xuS&89d)vu}*O}0f
zca(+}P2{i>`98VdQcx{FA>vL=-)b2PL0@l=XScFbPXDA)@yL!9kyOs^kJt8z^_TpG
zT~nR9l%^SQWD^<L&h=P<1Kn`S@7C5RRRZ?ZYp1*Hy)R6Y>~19@LmMgmShwQ5KCTH@
zJsmy2h{J9I-od)%v^`_Fg4!w>eRXqLG~K<hyI8RXCAw8Q(rgoiQPKgV($6c=x6G(-
z$jY767+r+&A;I>Bso?Qk#AF|707=AYn&fw8u-MEA^~P{t3~PnBon<Ei_S-+aQ@RPQ
znxyC{UV)=rke;vHc4ie$knXWa!ay8qtO%kl?gT<9I2cyz4e2;tITRC4z_1B;4Qnen
zNk8{TI7W!zuhs~M4#XmOb9DWc5tSSYDqFK!{L3npzr3wn?8|cylJ)kXZ3z9hO~VWb
z{l$!f_d0s4cYiY=(tRHO;6sFY`q>d9uIwI(K;iCZkx-)$>!Cxo2+aEPgQrnrZ?8UF
zAqJDf5@V5wxyUzn5$PW}#(WUipSC$vh$n(iG}jJf!sor(i5~D=IDgm^*q3&3A-~@+
zCl|vH+AG7xB4XJ2rO%;CqZ(DVcG>8RP8axIzQZec8jw5s#f5>Kg|*1kK-Pka%l7%*
zC=LM`tsBvZTGKi}<jtIq+WF5=D=3K-kZAdK2Kb497~PNRx?y9-CjqUd9xreX$i2WY
zWzrGzia<oXD|ligSojdSU!ex@yjJAi_|~gMFZ3G;>SmeW4C#HkSxM*QfTRKBU+f29
z!`ow8k^_PGm<WV$avBtDdn=L`LwsSOWxYbwj|B+Gwn>3;A2aG3#x-Hq#*Uc6dw~|K
za+nVLZX;^Z@XegDZ0Fs=;G$wv>WYov;||~2J7+Mo7vG~C9Pk0lyqn#-xQ9>7o}uD+
zqGY_ig%OIORLK$4IJMJN!as~rM@}@c_gQeuD=p&lEC+&<25Y#@3^{v$*bAKSrDhwn
zb6chsMc@iZ?qmF==c<Oc(e^Hjll8Mf_|2R4Nj}S{qZ~i$SFnnbt;5oTW5klQqK;R{
z)zy8jH03NgFk8QP_kJz%ThHsm%<U7-oL}1O&%UAWuT#%)c9T+BlbuDdg<fJ41k;mi
z81J#QzEcW2^FS>dP#~Q)VE*jq7Fg}>u`yP0m$~Q*HxY>RC;50GAiNKL{{jL(BqIzg
zK{`v)370F{1VxAlQvrVVyoR8f%-1pwfm=%t0tvh`-qK(@6Qpe0Ytav@9~x+AV1Y#x
zwC_SCrX?7Ex^v`EAM4RHS?2}>J<s@;<J!T4t({WJx9}grMh9+g6H&1=$@-2^&yUrN
z$22h#hB}kEeG9|mF{OA67OHg!Ng#{jP0h{C(SeqY_x~)Hu*JWYMx*c9VICtzon4#}
z1c4xaNuy&nj<o3v&j}2urTAPE#_In7O0X0n20bg$+w%&&f#)d4%$DFiAZIJKj5ts~
zbi*JoA7J;a5tI&YdkCKB1<5<m>afHS371#C+hm@-+661(>+l5a6V>JXHE}6Ec-=AH
zAV|4_33d2$PF{rTiGoj^tosSxSU7==CS=sZHUnU-BaYw-(3wEVc#TIms4^eR<VH@-
zr<w&Nwv{}INT}F=W($FZYqPqH_Icn6LRJZB2*b^RMgm4T51|<ISBCWhE)6sJ1U*z&
z7l_uHeCowZaQzM)KwC2D<A*X9JfQ+70tX;XQFjmfLkL#|{`rCWZz_)PkGpTkE(V1Z
z-vvNf`3VAx$@L$NizzumaCraq^WVnB{Oip#{i6=$^Z)ksVwa`<g9gUKNakN}_J1%-
z1$dbR{O@Pk{I`8MtF|`~_?I`&szJaJ<a#^9ZO`En8A@Ff!k^tA;NqNN`R6sBFN8N=
z1iMdZ8mt_qf(5Dqzw6~gLmm=V*2=IIB;P2H{oC+yc=g^76F!No2-c8SVJskU=@Y6N
zXhKcSr`r>*pKOYjLHa;WITSIhGDq}6%9Vg!#G!f&)|Ze(!wMRq>LA$ZrNsdeJMff_
zXlX-Wczeea0?QA|w~a8`wg|a4(O!b+1r51X`@6Db@J?U}-;5K7ikSvjNSAw`DrVbA
z_-JNn8~Z<|5*-)-oiuRA$){i-OdtW5848wQR-c%H?LT=Z&@cmAXY;BPf)1Ww#}2if
z2sDgzf{qhG5aEk~Con_3FG%r2^@WwzHAy)Lq>v6FT@~$SVVy+K_zp$EAU&+2VhO4^
z#9^xk<{|{zd4i-GJn9V8+D+&oEjFm@ehC;151Ti4`^TKl%;t|!H^Hq@A`e1&c!r7$
zWla)75QfsT9afg|p{c;Zps56WMc^00h6|wtV~QZ)L&4g)VR6jS7%+wu6wTX7_+juW
zL$LS^3Vu7g5Kvn%Fz}tCkc8x$PldwwAx$`tz2XTDFflASIfj5+CK7RQL0D8DD#C?Q
zfI0^weP7Mr>>pu`^;u~rkgLLaTe&$mYoU-47|Cy8QQW3`9Hq1ZVZnaUIZkJXBfJ%J
zD?9H?!^;qu>=UD9Q|W?0R|Kfzi7yvwgFQfbD1A8GqPrKstm&VyU^E2->#{PvEfO4F
z_d$@d_v3-#c19Ee#mY7WQiA8!n7l|3+~Wu`_akL65U}%aAn5i!9BARe8e}4<SCJ*~
z`n)qmxOWVD<^)IY(D6Gy=iS1<3LF%_*?-J8R}acRln9eiLm&p7C1By7aQj9?FyPoj
z0mj$@9B&{XrK74Uo*-uz6Vj@!gMb`@fd`!+KyiMony^_mg9*A}#yq%gD;o?;D5%m2
zI(`y@euu;DK8bZRLHSQ=0Dov(&asf$yN3l!<uhI|umq8R-1Z=}(F9|(Lyf?=sDFn*
zWq2`P<UI+2ApzPUb?#renZYnJ=l^Ns=RQ-50V6@ImM3ouriS&^O#Sn^0D~60{LiHi
z-P8Xov&jD2>^Jx&{>y{X{{NRdJm~-5zH$?PkSfU?F$ng7&j<uU&_lz-<C?X{bw%6T
z*TG+ilaeP-o{&^HA$jt$l#HURf}*6HnB+-CNy*kbiy8lT!7Z0-4t75O>laiVGvWp>
mV1z!w-P2yt!@<MpIs*35p&#<}{CeQO5$84Z)JxQ`cmD^;z(AG&

diff --git a/doc/gnupg-module-overview.svg b/doc/gnupg-module-overview.svg
index 5b22f0d..f5f52f9 100644
--- a/doc/gnupg-module-overview.svg
+++ b/doc/gnupg-module-overview.svg
@@ -11,7 +11,7 @@
    height="744.09448"
    id="svg5013"
    version="1.1"
-   inkscape:version="0.48.3.1 r9886"
+   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
    sodipodi:docname="gnupg-module-overview.svg">
   <sodipodi:namedview
      pagecolor="#ffffff"
@@ -22,26 +22,31 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1672"
-     inkscape:window-height="978"
+     inkscape:window-width="1920"
+     inkscape:window-height="993"
      id="namedview5247"
-     showgrid="false"
-     inkscape:zoom="1.0964545"
-     inkscape:cx="549.42213"
-     inkscape:cy="371.37197"
+     showgrid="true"
+     inkscape:zoom="1"
+     inkscape:cx="709.79323"
+     inkscape:cy="380.94022"
      inkscape:window-x="0"
      inkscape:window-y="0"
      inkscape:window-maximized="1"
-     inkscape:current-layer="svg5013"
+     inkscape:current-layer="g5086"
      showguides="true"
-     inkscape:guide-bbox="true">
+     inkscape:guide-bbox="true"
+     inkscape:snap-midpoints="true">
     <inkscape:grid
        id="grid3097"
        type="xygrid"
        empspacing="5"
-       visible="true"
+       visible="false"
        enabled="true"
        snapvisiblegridlinesonly="true" />
+    <inkscape:grid
+       type="xygrid"
+       id="grid1421"
+       visible="false" />
   </sodipodi:namedview>
   <metadata
      id="metadata5249">
@@ -51,7 +56,7 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title />
+        <dc:title></dc:title>
       </cc:Work>
     </rdf:RDF>
   </metadata>
@@ -264,11 +269,11 @@
   <text
      y="662.4939"
      x="409.48114"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      id="text3354">
     <tspan
        id="tspan3356"
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">Keyserver</tspan>
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'">Keyserver</tspan>
   </text>
   <path
      inkscape:connector-curvature="0"
@@ -318,12 +323,11 @@
   <text
      id="text5121"
      transform="scale(1.0507543,0.95169727)"
-     style="font-size:13.02898884px;line-height:125%;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.02898884px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="674.47369"
-     y="315.29083"
-     sodipodi:linespacing="125%">
+     y="315.29083">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;line-height:125%;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';text-align:start;writing-mode:lr-tb;text-anchor:start"
        id="tspan4497">gpg-agent</tspan>
   </text>
   <rect
@@ -399,12 +403,12 @@
      d="m 129.94217,317.56143 0,119.95753"
      style="fill:#0093dd;fill-opacity:1;fill-rule:evenodd;stroke:#0093dd;stroke-width:2.75242877;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:none" />
   <rect
-     style="fill:#f0f0fc;fill-opacity:1;stroke:#0093dd;stroke-width:2.06634402;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0"
+     style="fill:#f0f0fc;fill-opacity:1;stroke:#0093dd;stroke-width:4.70740366;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
      id="rect5612"
-     width="403.86743"
-     height="39.392567"
-     x="225.40582"
-     y="130.97597" />
+     width="610"
+     height="135.35706"
+     x="60"
+     y="34.094482" />
   <path
      style="fill:none;stroke:#524646;stroke-width:1;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:0.5,0.5;stroke-dashoffset:0"
      d="m 58.463573,227.2185 928.110467,0 0,382.29175 -928.110467,0 0,-382.29175 z"
@@ -413,8 +417,8 @@
   <text
      id="text5061"
      transform="scale(1.0507332,0.95171638)"
-     style="font-size:13.0976572px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
-     x="518.80000"
+     style="font-size:13.0976572px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+     x="518.79999"
      y="315.28461">
     <tspan
        style="font-size:13.76214409px"
@@ -423,39 +427,39 @@
   <text
      id="text5073"
      transform="scale(1.0507333,0.95171629)"
-     style="font-size:13.02924919px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.02924919px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="395.6857"
      y="315.28461">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4515">gpg</tspan>
   </text>
   <rect
-     rx="13.673332"
-     ry="12.771004"
-     y="548.32782"
-     x="673.75952"
-     height="40.571972"
-     width="133.86456"
+     rx="15.316881"
+     ry="12.760957"
+     y="548.34375"
+     x="673.77545"
+     height="40.540054"
+     width="149.95522"
      id="rect6095"
-     style="fill:#ffa44f;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.55048579;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+     style="fill:#ffa44f;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.58240247;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
   <text
      id="text5105"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="680.94543"
      y="573.11676">
     <tspan
-       style="font-size:12.38593006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12.38593006px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4529">CRL/Certificate Cache</tspan>
   </text>
   <text
      id="text5129"
      transform="scale(1.0507438,0.95170678)"
-     style="font-size:13.02911949px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.02911949px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="830.64813"
      y="317.11887">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4509">scdaemon</tspan>
   </text>
   <rect
@@ -472,10 +476,10 @@
      y="142.0016"
      x="875.88068"
      id="text5135"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica">
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none">
     <tspan
        id="tspan4507"
-       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">Smartcard</tspan>
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'">Smartcard</tspan>
   </text>
   <g
      id="g5153"
@@ -487,40 +491,40 @@
        style="fill:#feff66;fill-rule:evenodd;stroke:#000000;stroke-width:0.283465" />
     <text
        id="text5157"
-       style="font-size:9.94777203px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+       style="font-size:9.94777203px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
        x="21.563971"
        y="247.59825">
       <tspan
-         style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:10px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
          id="tspan4517">watchgnupg</tspan>
     </text>
   </g>
   <text
      id="text5181"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="702.94672"
      y="457.17776">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4527">Private Keys</tspan>
   </text>
   <text
      id="text5199"
      transform="scale(1.0230018,0.97751538)"
-     style="font-size:15.83039284px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
-     x="317.46622"
-     y="158.42787">
+     style="font-size:15.83039284px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+     x="221.6701"
+     y="160.47388">
     <tspan
-       style="font-size:16.51457214px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.51457214px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan5886">GPGME aware Applications</tspan>
   </text>
   <text
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      id="text5632"
      x="710.88654"
      y="153.50237">
     <tspan
-       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan5634">Pinentry</tspan>
   </text>
   <path
@@ -540,20 +544,20 @@
      style="fill:#ffa44f;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.55048579;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
   <text
      id="text5175"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="463.25439"
      y="457.33569">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4521">Public Keys</tspan>
   </text>
   <text
      id="text5089"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="472.05396"
      y="572.03088">
     <tspan
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan4523">dirmngr</tspan>
   </text>
   <rect
@@ -568,11 +572,11 @@
   <text
      y="457.33569"
      x="96.524628"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      id="text5163">
     <tspan
        id="tspan4519"
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">Log Socket</tspan>
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'">Log Socket</tspan>
   </text>
   <path
      sodipodi:nodetypes="cc"
@@ -604,7 +608,7 @@
       <text
          y="258.88663"
          x="393.02432"
-         style="font-size:9.46736145px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
          transform="scale(1.0507438,0.95170677)"
          id="text6209">
         <tspan
@@ -625,11 +629,11 @@
   <text
      y="457.37265"
      x="252.14281"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      id="text6219">
     <tspan
        id="tspan6221"
-       style="font-size:13.76214409px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">Config Files</tspan>
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13.76214409px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'">Config Files</tspan>
   </text>
   <path
      inkscape:connector-curvature="0"
@@ -638,21 +642,21 @@
      style="fill:#0093dd;fill-opacity:1;fill-rule:evenodd;stroke:#0093dd;stroke-width:2.75242877;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:5.50485762, 2.75242881;stroke-dashoffset:0;marker-end:url(#marker6214)"
      sodipodi:nodetypes="cc" />
   <rect
-     rx="13.673332"
-     ry="13.673332"
-     y="636.94879"
-     x="507.69662"
-     height="40.571972"
-     width="97.554695"
+     rx="15.737471"
+     ry="14.935314"
+     y="634.09448"
+     x="507.71835"
+     height="44.316566"
+     width="112.28165"
      id="rect3358"
-     style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.55048579;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+     style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.6172291;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
   <text
      id="text3360"
-     style="font-size:13.69026756px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+     style="font-size:13.69026756px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
      x="509.57916"
      y="661.91278">
     <tspan
-       style="font-size:12.38593006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12.38593006px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans'"
        id="tspan3362">CRLs/Certificates</tspan>
   </text>
   <path
@@ -685,16 +689,15 @@
        y="454.11374" />
     <text
        xml:space="preserve"
-       style="font-size:18.12819099px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:0%;font-family:'Liberation Sans';-inkscape-font-specification:'Liberation Sans';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none"
        x="913.58813"
        y="498.23856"
-       id="text3759"
-       sodipodi:linespacing="125%"><tspan
+       id="text3759"><tspan
          sodipodi:role="line"
          id="tspan3761"
          x="913.58813"
          y="498.23856"
-         style="font-size:23.30767632px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-family:Roboto;-inkscape-font-specification:Roboto">GnuPG</tspan></text>
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:23.30767632px;line-height:1.25;font-family:Roboto;-inkscape-font-specification:Roboto">GnuPG</tspan></text>
     <g
        id="g6169"
        transform="matrix(0.49007212,0,0,0.49007212,836.80821,295.5608)">
@@ -739,12 +742,12 @@
     </g>
     <text
        id="text5079"
-       style="font-size:10.04583168px;fill:#4d4d4d;fill-rule:evenodd;stroke:none;font-family:Palatino-Roman"
-       x="958.4126"
-       y="672.75244">
+       style="font-size:10.04583168px;line-height:0%;font-family:Palatino-Roman;fill:#4d4d4d;fill-rule:evenodd;stroke:none"
+       x="954.4126"
+       y="674.75244">
       <tspan
-         style="font-size:9px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
-         id="tspan4550">2016-02-16</tspan>
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:9px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d"
+         id="tspan4550">2020-09-10</tspan>
     </text>
     <path
        inkscape:connector-curvature="0"
@@ -764,11 +767,11 @@
     <text
        id="text5219"
        transform="scale(1.0657564,0.93830074)"
-       style="font-size:7.41257px;fill:#4d4d4d;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+       style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#4d4d4d;fill-rule:evenodd;stroke:none"
        x="811.75702"
        y="581.03601">
       <tspan
-         style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d"
          id="tspan4544">closely linked</tspan>
     </text>
     <g
@@ -777,12 +780,12 @@
       <text
          y="611.05994"
          x="812.3645"
-         style="font-size:7.41257px;fill:#4d4d4d;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#4d4d4d;fill-rule:evenodd;stroke:none"
          transform="scale(1.0657564,0.93830074)"
          id="text5221">
         <tspan
            id="tspan4546"
-           style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">Assuan protocol</tspan>
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d">Assuan protocol</tspan>
       </text>
       <path
          inkscape:connector-curvature="0"
@@ -800,11 +803,11 @@
     <text
        y="510.38229"
        x="915.55554"
-       style="font-size:10.04583168px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Palatino-Roman"
+       style="font-size:10.04583168px;line-height:0%;font-family:Palatino-Roman;fill:#000000;fill-rule:evenodd;stroke:none"
        id="text6327">
       <tspan
          id="tspan6329"
-         style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">architecture</tspan>
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d">architecture</tspan>
     </text>
     <g
        transform="translate(0,-2)"
@@ -812,12 +815,12 @@
       <text
          y="640.84277"
          x="811.75702"
-         style="font-size:7.41257px;fill:#4d4d4d;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#4d4d4d;fill-rule:evenodd;stroke:none"
          transform="scale(1.0657564,0.93830073)"
          id="text5217">
         <tspan
            id="tspan4548"
-           style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">execute/access</tspan>
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d">execute/access</tspan>
       </text>
       <path
          inkscape:connector-curvature="0"
@@ -841,11 +844,11 @@
       <text
          id="text6350"
          transform="scale(1.0657564,0.93830074)"
-         style="font-size:7.41257px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
          x="832.3197"
          y="664.93915">
         <tspan
-           style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#000000"
            id="tspan6352">process</tspan>
       </text>
       <rect
@@ -860,12 +863,12 @@
       <text
          y="691.21802"
          x="837.2547"
-         style="font-size:7.41257px;fill:#000000;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
          transform="scale(1.0657564,0.93830074)"
          id="text6358">
         <tspan
            id="tspan6360"
-           style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">object</tspan>
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#000000">object</tspan>
       </text>
     </g>
     <g
@@ -880,13 +883,194 @@
       <text
          id="text5065"
          transform="scale(1.0657564,0.93830073)"
-         style="font-size:7.41257px;fill:#4d4d4d;fill-rule:evenodd;stroke:none;font-family:Helvetica"
+         style="font-size:7.41257px;line-height:0%;font-family:Helvetica;fill:#4d4d4d;fill-rule:evenodd;stroke:none"
          x="811.75702"
          y="666.24689">
         <tspan
-           style="font-size:11.00971508px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#4d4d4d;font-family:Droid Sans;-inkscape-font-specification:Droid Sans"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.00971508px;font-family:'Droid Sans';-inkscape-font-specification:'Droid Sans';fill:#4d4d4d"
            id="tspan5067">configure</tspan>
       </text>
     </g>
   </g>
+  <g
+     id="g6225-9"
+     transform="matrix(1.3762144,0,0,1.3762144,276.44855,-270.70587)">
+    <rect
+       style="fill:#feff66;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.40000001;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect6205-9"
+       width="89.450874"
+       height="29.450878"
+       x="78.150215"
+       y="228.74368"
+       ry="3.1429582"
+       rx="3.1429582" />
+    <g
+       id="g6207-0"
+       transform="matrix(1,0,0,1.0478715,-315.61694,-12.101961)">
+      <text
+         y="258.88663"
+         x="393.02432"
+         style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+         transform="scale(1.0507438,0.95170677)"
+         id="text6209-8">
+        <tspan
+           id="tspan6211-1"
+           style="font-size:10px">Kleopatra</tspan>
+      </text>
+    </g>
+  </g>
+  <g
+     id="g6225-9-5"
+     transform="matrix(1.3762144,0,0,1.3762144,131.34497,-269.70587)">
+    <rect
+       style="fill:#feff66;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.40000001;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect6205-9-7"
+       width="89.450874"
+       height="29.450878"
+       x="78.150215"
+       y="228.74368"
+       ry="3.1429582"
+       rx="3.1429582" />
+    <g
+       id="g6207-0-1"
+       transform="matrix(1,0,0,1.0478715,-311.25716,-12.101961)">
+      <text
+         y="258.88663"
+         x="393.02432"
+         style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+         transform="scale(1.0507438,0.95170677)"
+         id="text6209-8-6">
+        <tspan
+           id="tspan6211-1-9"
+           style="font-size:10px">GpgOL</tspan>
+      </text>
+    </g>
+  </g>
+  <g
+     id="g6225-9-5-5"
+     transform="matrix(1.3762144,0,0,1.3762144,425.34497,-270.70587)">
+    <rect
+       style="fill:#feff66;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.40000001;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect6205-9-7-0"
+       width="89.450874"
+       height="29.450878"
+       x="78.150215"
+       y="228.74368"
+       ry="3.1429582"
+       rx="3.1429582" />
+    <g
+       id="g6207-0-1-5"
+       transform="matrix(1,0,0,1.0478715,-314.16368,-12.101961)">
+      <text
+         y="259.82642"
+         x="400.15994"
+         style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+         transform="scale(1.0507438,0.95170678)"
+         id="text6209-8-6-7">
+        <tspan
+           id="tspan6211-1-9-3"
+           style="font-size:10px">KMail</tspan>
+      </text>
+    </g>
+  </g>
+  <g
+     id="g6225-9-7"
+     transform="matrix(1.3762144,0,0,3.3098144,-17.844235,-713.00465)">
+    <rect
+       style="fill:#feff66;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.40000001;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect6205-9-76"
+       width="89.450874"
+       height="29.450878"
+       x="78.150215"
+       y="228.74368"
+       ry="3.1429582"
+       rx="3.1429582" />
+  </g>
+  <g
+     id="g6225-9-9"
+     transform="matrix(1.3762144,0,0,1.3762144,269.34497,-220.70587)">
+    <rect
+       style="fill:#feff66;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:0.40000001;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect6205-9-5"
+       width="89.450874"
+       height="29.450878"
+       x="83.963264"
+       y="231.65021"
+       ry="3.1429582"
+       rx="3.1429582" />
+    <g
+       id="g6207-0-17"
+       transform="matrix(1,0,0,1.0478715,-312.71042,-9.1954371)">
+      <text
+         y="258.88663"
+         x="391.64124"
+         style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+         transform="scale(1.0507438,0.95170678)"
+         id="text6209-8-3">
+        <tspan
+           id="tspan6211-1-0"
+           style="font-size:10px">libkleopatra</tspan>
+      </text>
+    </g>
+  </g>
+  <path
+     sodipodi:nodetypes="cc"
+     inkscape:connector-curvature="0"
+     id="path6047-9-4-7"
+     d="m 385.00002,124.09448 -50.22805,-0.004"
+     style="fill:#0093dd;fill-opacity:1;fill-rule:evenodd;stroke:#0093dd;stroke-width:1.7813257;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:none" />
+  <path
+     style="fill:none;stroke:#0093dd;stroke-width:1.59686565;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     d="M 335.57277,85.890043 V 124.09448"
+     id="path5123-7"
+     inkscape:connector-curvature="0"
+     sodipodi:nodetypes="cc" />
+  <path
+     style="fill:none;stroke:#0093dd;stroke-width:1.59918046;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     d="M 565,84.890044 V 123.20532"
+     id="path5123-7-9"
+     inkscape:connector-curvature="0"
+     sodipodi:nodetypes="cc" />
+  <path
+     sodipodi:nodetypes="cc"
+     inkscape:connector-curvature="0"
+     id="path6047-9-4-7-5"
+     d="m 565.79705,124.09848 -57.53899,-0.004"
+     style="fill:#0093dd;fill-opacity:1;fill-rule:evenodd;stroke:#0093dd;stroke-width:1.90656352;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;marker-end:none" />
+  <path
+     style="fill:none;stroke:#0093dd;stroke-width:5.901;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     d="M 445.32482,84.89917 V 97.821045"
+     id="path5123-7-1"
+     inkscape:connector-curvature="0"
+     sodipodi:nodetypes="cc" />
+  <g
+     id="g6207-0-1-3"
+     transform="matrix(1.3762144,0,0,1.4420958,-443.76161,-266.61075)">
+    <text
+       y="258.88663"
+       x="393.02432"
+       style="font-size:9.46736145px;line-height:0%;font-family:Helvetica;fill:#000000;fill-rule:evenodd;stroke:none"
+       transform="scale(1.0507438,0.95170677)"
+       id="text6209-8-6-9">
+      <tspan
+         id="tspan6211-1-9-8"
+         style="font-size:10px" />
+    </text>
+  </g>
+  <text
+     xml:space="preserve"
+     style="font-style:normal;font-weight:normal;font-size:20.31048965px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.50776219"
+     x="149.51515"
+     y="86.156746"
+     id="text1651"><tspan
+       sodipodi:role="line"
+       id="tspan1649"
+       x="149.51515"
+       y="86.156746"
+       style="text-align:center;text-anchor:middle;stroke-width:0.50776219">Many</tspan><tspan
+       sodipodi:role="line"
+       x="149.51515"
+       y="111.54486"
+       id="tspan1653"
+       style="text-align:center;text-anchor:middle;stroke-width:0.50776219">Others</tspan></text>
 </svg>
diff --git a/doc/gnupg.info b/doc/gnupg.info
index bb476c8..f8df59a 100644
--- a/doc/gnupg.info
+++ b/doc/gnupg.info
@@ -1,7 +1,7 @@
 This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
 
-This is the 'The GNU Privacy Guard Manual' (version 2.2.37-beta27,
-August 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.3.0-beta1658,
+March 2021).
 
    (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
 (C) 2013, 2014, 2015 Werner Koch.
@@ -24,201 +24,203 @@ END-INFO-DIR-ENTRY
 
 Indirect:
 gnupg.info-1: 990
-gnupg.info-2: 305285
+gnupg.info-2: 304843
+gnupg.info-3: 610516
 
 Tag Table:
 (Indirect)
 Node: Top990
-Node: Installation2917
-Node: Invoking GPG-AGENT5266
-Node: Agent Commands7032
-Node: Agent Options8836
-Ref: option --options9116
-Ref: option --homedir9442
-Ref: option --log-file14860
-Ref: option --no-allow-mark-trusted15233
-Ref: option --no-user-trustlist15437
-Ref: option --allow-preset-passphrase15903
-Ref: option --no-allow-loopback-pinentry16056
-Ref: option --extra-socket24409
-Ref: option --enable-ssh-support25875
-Ref: option --ssh-fingerprint-digest28212
-Node: Agent Configuration29869
-Node: Agent Signals35359
-Node: Agent Examples36819
-Node: Agent Protocol37386
-Node: Agent PKDECRYPT39540
-Node: Agent PKSIGN41452
-Node: Agent GENKEY43756
-Node: Agent IMPORT45653
-Node: Agent EXPORT46097
-Node: Agent ISTRUSTED46312
-Node: Agent GET_PASSPHRASE48687
-Node: Agent CLEAR_PASSPHRASE51128
-Node: Agent PRESET_PASSPHRASE51519
-Node: Agent GET_CONFIRMATION52357
-Node: Agent HAVEKEY53029
-Node: Agent LEARN53661
-Node: Agent PASSWD53959
-Node: Agent UPDATESTARTUPTTY54425
-Node: Agent GETEVENTCOUNTER54903
-Node: Agent GETINFO55705
-Node: Agent OPTION56409
-Node: Invoking DIRMNGR59467
-Node: Dirmngr Commands60365
-Node: Dirmngr Options62818
-Ref: Dirmngr Options-Footnote-180957
-Node: Dirmngr Configuration81092
-Node: Dirmngr Signals84222
-Node: Dirmngr Examples85250
-Node: Dirmngr Protocol85932
-Node: Dirmngr LOOKUP86582
-Node: Dirmngr ISVALID87953
-Node: Dirmngr CHECKCRL90526
-Node: Dirmngr CHECKOCSP91583
-Node: Dirmngr CACHECERT92889
-Node: Dirmngr VALIDATE93728
-Node: Invoking GPG94296
-Node: GPG Commands95526
-Node: General GPG Commands96420
-Node: Operational GPG Commands97109
-Ref: option --export-ownertrust114410
-Node: OpenPGP Key Management116523
-Node: GPG Options138482
-Node: GPG Configuration Options139815
-Ref: gpg-option --options153353
-Ref: trust-model-tofu157921
-Node: GPG Key related Options178239
-Node: GPG Input and Output183435
-Node: OpenPGP Options197139
-Node: Compliance Options201867
-Node: GPG Esoteric Options205811
-Ref: GPG Esoteric Options-Footnote-1233533
-Node: Deprecated Options233687
-Node: GPG Configuration235190
-Node: GPG Examples241078
-Node: Unattended Usage of GPG249888
-Node: Programmatic use of GnuPG250519
-Node: Ephemeral home directories251070
-Node: The quick key manipulation interface252377
-Node: Unattended GPG key generation252964
-Node: Invoking GPGSM262283
-Node: GPGSM Commands263152
-Node: General GPGSM Commands263590
-Node: Operational GPGSM Commands264278
-Node: Certificate Management266312
-Node: GPGSM Options271288
-Node: Configuration Options271862
-Ref: gpgsm-option --options272131
-Node: Certificate Options275254
-Ref: gpgsm-option --validation-model278858
-Node: Input and Output279838
-Ref: option --p12-charset280421
-Ref: gpgsm-option --with-key-data281665
-Ref: gpgsm-option --with-validation281939
-Node: CMS Options282817
-Node: Esoteric Options283837
-Node: GPGSM Configuration291070
-Node: GPGSM Examples296738
-Node: Unattended Usage296935
-Node: Automated signature checking297526
-Node: CSR and certificate creation299349
-Node: GPGSM Protocol305285
-Node: GPGSM ENCRYPT306541
-Node: GPGSM DECRYPT309216
-Node: GPGSM SIGN310052
-Node: GPGSM VERIFY311508
-Node: GPGSM GENKEY312024
-Node: GPGSM LISTKEYS313039
-Ref: gpgsm-cmd listkeys313198
-Node: GPGSM EXPORT313951
-Node: GPGSM IMPORT314915
-Node: GPGSM DELETE315656
-Node: GPGSM GETAUDITLOG316163
-Ref: gpgsm-cmd getauditlog316332
-Node: GPGSM GETINFO316676
-Node: GPGSM OPTION317525
-Node: Invoking SCDAEMON320878
-Node: Scdaemon Commands321552
-Node: Scdaemon Options322680
-Node: Card applications332122
-Node: OpenPGP Card332787
-Node: NKS Card333260
-Node: DINSIG Card333586
-Node: PKCS#15 Card333962
-Node: Geldkarte Card334232
-Node: SmartCard-HSM334623
-Node: Undefined Card335219
-Node: Scdaemon Configuration335632
-Node: Scdaemon Examples336670
-Node: Scdaemon Protocol336853
-Node: Scdaemon SERIALNO338372
-Node: Scdaemon LEARN339218
-Node: Scdaemon READCERT340065
-Node: Scdaemon READKEY340467
-Node: Scdaemon PKSIGN340753
-Node: Scdaemon PKDECRYPT341479
-Node: Scdaemon GETATTR342229
-Node: Scdaemon SETATTR342431
-Node: Scdaemon WRITEKEY342636
-Node: Scdaemon GENKEY343338
-Node: Scdaemon RANDOM343541
-Node: Scdaemon PASSWD343764
-Node: Scdaemon CHECKPIN344155
-Node: Scdaemon RESTART345158
-Node: Scdaemon APDU345691
-Node: Specify a User ID346664
-Ref: how-to-specify-a-user-id346822
-Node: Trust Values351680
-Ref: trust-values351809
-Node: Helper Tools352414
-Node: watchgnupg353266
-Ref: option watchgnupg --tcp354088
-Node: gpgv355666
-Node: addgnupghome360865
-Node: gpgconf361561
-Ref: gpgconf-Footnote-1363748
-Node: Invoking gpgconf364046
-Node: Format conventions370738
-Node: Listing components376069
-Node: Checking programs378152
-Node: Listing options380890
-Node: Changing options388596
-Node: Listing global options390298
-Node: Querying versions392278
-Node: Files used by gpgconf394976
-Node: applygnupgdefaults395582
-Node: gpg-preset-passphrase396452
-Node: Invoking gpg-preset-passphrase397487
-Node: gpg-connect-agent398889
-Node: Invoking gpg-connect-agent399603
-Node: Controlling gpg-connect-agent403149
-Node: dirmngr-client409622
-Node: gpgparsemail412973
-Node: gpgtar413286
-Node: gpg-check-pattern418014
-Node: Web Key Service420316
-Node: gpg-wks-client420629
-Node: gpg-wks-server425794
-Node: Howtos431151
-Node: Howto Create a Server Cert431423
-Node: System Notes439836
-Node: W32 Notes441047
-Node: Debugging441469
-Node: Debugging Tools442297
-Node: kbxutil442577
-Node: Debugging Hints444108
-Node: Common Problems445239
-Node: Architecture Details450476
-Node: Component interaction450786
-Ref: fig:moduleoverview450972
-Node: GnuPG-1 and GnuPG-2451079
-Ref: fig:cardarchitecture451369
-Node: Copying451484
-Node: Contributors489008
-Node: Glossary495263
-Node: Option Index497782
-Node: Environment Index579013
-Node: Index584606
+Node: Installation2979
+Node: Invoking GPG-AGENT5328
+Node: Agent Commands7094
+Node: Agent Options8898
+Ref: option --options9178
+Ref: option --homedir9504
+Ref: option --log-file14199
+Ref: option --no-allow-mark-trusted14572
+Ref: option --allow-preset-passphrase14776
+Ref: option --no-allow-loopback-pinentry14929
+Ref: option --extra-socket22320
+Ref: option --enable-ssh-support23694
+Ref: option --ssh-fingerprint-digest26031
+Node: Agent Configuration27688
+Node: Agent Signals33086
+Node: Agent Examples34546
+Node: Agent Protocol35113
+Node: Agent PKDECRYPT37267
+Node: Agent PKSIGN39179
+Node: Agent GENKEY41483
+Node: Agent IMPORT43380
+Node: Agent EXPORT43824
+Node: Agent ISTRUSTED44039
+Node: Agent GET_PASSPHRASE46414
+Node: Agent CLEAR_PASSPHRASE48855
+Node: Agent PRESET_PASSPHRASE49246
+Node: Agent GET_CONFIRMATION50084
+Node: Agent HAVEKEY50756
+Node: Agent LEARN51388
+Node: Agent PASSWD51686
+Node: Agent UPDATESTARTUPTTY52152
+Node: Agent GETEVENTCOUNTER52630
+Node: Agent GETINFO53438
+Node: Agent OPTION54142
+Node: Invoking DIRMNGR57200
+Node: Dirmngr Commands58098
+Node: Dirmngr Options60551
+Ref: Dirmngr Options-Footnote-176634
+Node: Dirmngr Configuration76769
+Node: Dirmngr Signals81647
+Node: Dirmngr Examples82675
+Node: Dirmngr Protocol83357
+Node: Dirmngr LOOKUP84007
+Node: Dirmngr ISVALID85378
+Node: Dirmngr CHECKCRL87951
+Node: Dirmngr CHECKOCSP89008
+Node: Dirmngr CACHECERT90314
+Node: Dirmngr VALIDATE91153
+Node: Invoking GPG91721
+Node: GPG Commands92951
+Node: General GPG Commands93845
+Node: Operational GPG Commands94534
+Ref: option --export-ownertrust111596
+Node: OpenPGP Key Management114121
+Node: GPG Options137346
+Node: GPG Configuration Options138679
+Ref: gpg-option --options151910
+Ref: trust-model-tofu156391
+Node: GPG Key related Options175828
+Node: GPG Input and Output182149
+Node: OpenPGP Options196157
+Node: Compliance Options201960
+Node: GPG Esoteric Options204848
+Ref: GPG Esoteric Options-Footnote-1234255
+Node: Deprecated Options234409
+Node: GPG Configuration235912
+Node: GPG Examples241381
+Node: Unattended Usage of GPG250069
+Node: Programmatic use of GnuPG250700
+Node: Ephemeral home directories251251
+Node: The quick key manipulation interface252558
+Node: Unattended GPG key generation253145
+Node: Invoking GPGSM262464
+Node: GPGSM Commands263333
+Node: General GPGSM Commands263771
+Node: Operational GPGSM Commands264459
+Node: Certificate Management266493
+Node: GPGSM Options271472
+Node: Configuration Options272046
+Ref: gpgsm-option --options272315
+Node: Certificate Options276184
+Ref: gpgsm-option --validation-model279788
+Node: Input and Output280768
+Ref: option --p12-charset281351
+Ref: gpgsm-option --with-key-data282595
+Ref: gpgsm-option --with-validation282869
+Node: CMS Options283747
+Node: Esoteric Options284767
+Node: GPGSM Configuration290280
+Node: GPGSM Examples295583
+Node: Unattended Usage295780
+Node: Automated signature checking296371
+Node: CSR and certificate creation298194
+Node: GPGSM Protocol304843
+Node: GPGSM ENCRYPT306099
+Node: GPGSM DECRYPT308774
+Node: GPGSM SIGN309610
+Node: GPGSM VERIFY311066
+Node: GPGSM GENKEY311582
+Node: GPGSM LISTKEYS312597
+Ref: gpgsm-cmd listkeys312756
+Node: GPGSM EXPORT313509
+Node: GPGSM IMPORT314473
+Node: GPGSM DELETE315214
+Node: GPGSM GETAUDITLOG315721
+Ref: gpgsm-cmd getauditlog315890
+Node: GPGSM GETINFO316234
+Node: GPGSM OPTION317083
+Node: Invoking SCDAEMON320436
+Node: Scdaemon Commands321110
+Node: Scdaemon Options322238
+Node: Card applications331172
+Node: OpenPGP Card331837
+Node: NKS Card332310
+Node: DINSIG Card332636
+Node: PKCS#15 Card333012
+Node: Geldkarte Card333282
+Node: SmartCard-HSM333673
+Node: Undefined Card334269
+Node: Scdaemon Configuration334682
+Node: Scdaemon Examples335720
+Node: Scdaemon Protocol335903
+Node: Scdaemon SERIALNO337422
+Node: Scdaemon LEARN338268
+Node: Scdaemon READCERT339115
+Node: Scdaemon READKEY339517
+Node: Scdaemon PKSIGN339803
+Node: Scdaemon PKDECRYPT340529
+Node: Scdaemon GETATTR341279
+Node: Scdaemon SETATTR341481
+Node: Scdaemon WRITEKEY341686
+Node: Scdaemon GENKEY342388
+Node: Scdaemon RANDOM342591
+Node: Scdaemon PASSWD342814
+Node: Scdaemon CHECKPIN343205
+Node: Scdaemon RESTART344208
+Node: Scdaemon APDU344741
+Node: Specify a User ID345714
+Ref: how-to-specify-a-user-id345872
+Node: Trust Values350730
+Ref: trust-values350862
+Node: Smart Card Tool351467
+Node: gpg-card351813
+Node: Helper Tools381113
+Node: watchgnupg381970
+Ref: option watchgnupg --tcp383327
+Node: gpgv384991
+Node: addgnupghome390198
+Node: gpgconf390896
+Ref: gpgconf-Footnote-1393085
+Node: Invoking gpgconf393383
+Node: Format conventions400424
+Node: Listing components405757
+Node: Checking programs407842
+Node: Listing options410582
+Node: Changing options418080
+Node: Listing global options419784
+Node: Querying versions421557
+Node: Files used by gpgconf424257
+Node: applygnupgdefaults424735
+Node: gpg-preset-passphrase425481
+Node: Invoking gpg-preset-passphrase426518
+Node: gpg-connect-agent427922
+Node: Invoking gpg-connect-agent428638
+Node: Controlling gpg-connect-agent433165
+Node: dirmngr-client439692
+Node: gpgparsemail443045
+Node: gpgtar443360
+Node: gpg-check-pattern447394
+Node: Web Key Service447850
+Node: gpg-wks-client448163
+Node: gpg-wks-server453032
+Node: Howtos458454
+Node: Howto Create a Server Cert458726
+Node: System Notes467139
+Node: W32 Notes468350
+Node: Debugging468772
+Node: Debugging Tools469600
+Node: kbxutil469880
+Node: Debugging Hints471411
+Node: Common Problems472542
+Node: Architecture Details477779
+Node: Component interaction478089
+Ref: fig:moduleoverview478275
+Node: GnuPG-1 and GnuPG-2478382
+Ref: fig:cardarchitecture478672
+Node: Copying478787
+Node: Contributors516311
+Node: Glossary522566
+Node: Option Index525085
+Node: Environment Index610516
+Node: Index615963
 
 End Tag Table
diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1
index d1f9ca2..d1b37ec 100644
--- a/doc/gnupg.info-1
+++ b/doc/gnupg.info-1
@@ -1,7 +1,7 @@
 This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
 
-This is the 'The GNU Privacy Guard Manual' (version 2.2.37-beta27,
-August 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.3.0-beta1658,
+March 2021).
 
    (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
 (C) 2013, 2014, 2015 Werner Koch.
@@ -27,8 +27,8 @@ File: gnupg.info,  Node: Top,  Next: Installation,  Up: (dir)
 Using the GNU Privacy Guard
 ***************************
 
-This is the 'The GNU Privacy Guard Manual' (version 2.2.37-beta27,
-August 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.3.0-beta1658,
+March 2021).
 
    (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
 (C) 2013, 2014, 2015 Werner Koch.
@@ -55,15 +55,16 @@ as the administration and the architecture.
 * Specify a User ID::   How to Specify a User Id.
 * Trust Values::        How GnuPG displays trust values.
 
-* Helper Tools::        Description of small helper tools
-* Web Key Service::     Tools for the Web Key Service
+* Smart Card Tool::     Tool to administrate smart cards.
+* Helper Tools::        Description of small helper tools.
+* Web Key Service::     Tools for the Web Key Service.
 
 * Howtos::              How to do certain things.
 * System Notes::        Notes pertaining to certain OSes.
-* Debugging::           How to solve problems
+* Debugging::           How to solve problems.
 
 * Copying::             GNU General Public License says
-                        how you can copy and share GnuPG
+                        how you can copy and share GnuPG.
 * Contributors::        People who have contributed to GnuPG.
 
 * Glossary::            Short description of terms used.
@@ -305,28 +306,11 @@ the two leading dashes, in the configuration file.
      are however carefully selected to best aid in debugging.
 
 '--debug FLAGS'
-     This option is only useful for debugging and the behavior may
-     change at any time without notice.  FLAGS are bit encoded and may
-     be given in usual C-Syntax.  The currently defined bits are:
-
-     '0 (1)'
-          X.509 or OpenPGP protocol related data
-     '1 (2)'
-          values of big number integers
-     '2 (4)'
-          low level crypto operations
-     '5 (32)'
-          memory allocation
-     '6 (64)'
-          caching
-     '7 (128)'
-          show memory statistics
-     '9 (512)'
-          write hashed data to files named 'dbgmd-000*'
-     '10 (1024)'
-          trace Assuan protocol
-     '12 (4096)'
-          bypass all certificate validation
+     Set debug flags.  All flags are or-ed and FLAGS may be given in C
+     syntax (e.g.  0x0042) or as a comma separated list of flag names.
+     To get a list of all supported flags the single word "help" can be
+     used.  This option is only useful for debugging and the behavior
+     may change at any time without notice.
 
 '--debug-all'
      Same as '--debug=0xffffffff'
@@ -357,14 +341,6 @@ the two leading dashes, in the configuration file.
      Don't detach the process from the console.  This is mainly useful
      for debugging.
 
-'--steal-socket'
-     In '--daemon' mode, gpg-agent detects an already running gpg-agent
-     and does not allow to start a new instance.  This option can be
-     used to override this check: the new gpg-agent process will try to
-     take over the communication sockets from the already running
-     process and start anyway.  This option should in general not be
-     used.
-
 '-s'
 '--sh'
 '-c'
@@ -394,17 +370,6 @@ the two leading dashes, in the configuration file.
      the 'trustlist.txt' file.  This makes it harder for users to
      inadvertently accept Root-CA keys.
 
-'--no-user-trustlist'
-     Entirely ignore the user trust list and consider only the global
-     trustlist ('/etc/gnupg/trustlist.txt').  This implies the *note
-     option --no-allow-mark-trusted::.
-
-'--sys-trustlist-name FILE'
-     Changes the default name for the global trustlist from
-     "trustlist.txt" to FILE.  If FILE does not contain any slashes and
-     does not start with "~/" it is searched in the system configuration
-     directory ('/etc/gnupg').
-
 '--allow-preset-passphrase'
      This option allows the use of 'gpg-preset-passphrase' to seed the
      internal cache of 'gpg-agent' with passphrases.
@@ -482,15 +447,10 @@ the two leading dashes, in the configuration file.
      Defaults to 1.
 
 '--check-passphrase-pattern FILE'
-'--check-sym-passphrase-pattern FILE'
      Check the passphrase against the pattern given in FILE.  When
      entering a new passphrase matching one of these pattern a warning
-     will be displayed.  If FILE does not contain any slashes and does
-     not start with "~/" it is searched in the system configuration
-     directory ('/etc/gnupg').  The default is not to use any pattern
-     file.  The second version of this option is only used when creating
-     a new symmetric key to allow the use of different patterns for such
-     passphrases.
+     will be displayed.  FILE should be an absolute filename.  The
+     default is not to use any pattern file.
 
      Security note: It is known that checking a passphrase against a
      list of pattern or even against a complete dictionary is not very
@@ -519,19 +479,6 @@ the two leading dashes, in the configuration file.
      timeout, however a Pinentry may use its own default timeout value
      in this case.  A Pinentry may or may not honor this request.
 
-'--pinentry-formatted-passphrase'
-     This option asks the Pinentry to enable passphrase formatting when
-     asking the user for a new passphrase and masking of the passphrase
-     is turned off.
-
-     If passphrase formatting is enabled, then all non-breaking space
-     characters are stripped from the entered passphrase.  Passphrase
-     formatting is mostly useful in combination with passphrases
-     generated with the GENPIN feature of some Pinentries.  Note that
-     such a generated passphrase, if not modified by the user, skips all
-     passphrase constraints checking because such constraints would
-     actually weaken the generated passphrase.
-
 '--pinentry-program FILENAME'
      Use program FILENAME as the PIN entry.  The default is installation
      dependent.  With the default configuration the name of the default
@@ -611,17 +558,15 @@ the two leading dashes, in the configuration file.
 
 '--enable-extended-key-format'
 '--disable-extended-key-format'
-     Since version 2.2.22 keys are created in the extended private key
-     format by default.  Changing the passphrase of a key will also
-     convert the key to that new format.  This key format is supported
-     since GnuPG version 2.1.12 and thus there should be no need to
-     disable it.  Anyway, the disable option still allows to revert to
-     the old behavior for new keys; be aware that keys are never
-     migrated back to the old format.  If the enable option has been
-     used the disable option won't have an effect.  The advantage of the
-     extended private key format is that it is text based and can carry
-     additional meta data.  In extended key format the OCB mode is used
-     for key protection.
+     Since version 2.3 keys are created in the extended private key
+     format.  Changing the passphrase of a key will also convert the key
+     to that new format.  This new key format is supported since GnuPG
+     version 2.1.12 and thus there should be no need to disable it.  The
+     disable option allows to revert to the old behavior for new keys;
+     be aware that keys are never migrated back to the old format.
+     However if the enable option has been used the disable option won't
+     have an effect.  The advantage of the extended private key format
+     is that it is text based and can carry additional meta data.
 
 '--enable-ssh-support'
 '--enable-putty-support'
@@ -767,9 +712,7 @@ agent.  By default they may all be found in the current home directory
 
      As a special feature a line 'include-default' will include a global
      list of trusted certificates (e.g.  '/etc/gnupg/trustlist.txt').
-     This global list is also used if the local list is not available;
-     the *note option --no-user-trustlist:: enforces the use of only
-     this global list.
+     This global list is also used if the local list is not available.
 
      It is possible to add further flags after the 'S' for use by the
      caller:
@@ -1401,7 +1344,7 @@ detect a change.
 'KEY'
      Incremented for added or removed private keys.
 'CARD'
-     Incremented for changes of the card readers stati.
+     Incremented for each change of the card reader's status.
 
 
 File: gnupg.info,  Node: Agent GETINFO,  Next: Agent OPTION,  Prev: Agent GETEVENTCOUNTER,  Up: Agent Protocol
@@ -1663,11 +1606,11 @@ off the two leading dashes.
      are however carefully selected to best aid in debugging.
 
 '--debug FLAGS'
-     Set debugging flags.  This option is only useful for debugging and
-     its behavior may change with a new release.  All flags are or-ed
-     and may be given in C syntax (e.g.  0x0042) or as a comma separated
-     list of flag names.  To get a list of all supported flags the
-     single word "help" can be used.
+     Set debug flags.  All flags are or-ed and FLAGS may be given in C
+     syntax (e.g.  0x0042) or as a comma separated list of flag names.
+     To get a list of all supported flags the single word "help" can be
+     used.  This option is only useful for debugging and the behavior
+     may change at any time without notice.
 
 '--debug-all'
      Same as '--debug=0xffffffff'
@@ -1708,9 +1651,9 @@ off the two leading dashes.
      '--use-tor' cannot be overridden by any other command or even by
      reloading dirmngr.  The use of '--no-use-tor' disables the use of
      Tor.  The default is to use Tor if it is available on startup or
-     after reloading dirmngr.  The test on the available of Tor is done
-     by trying to connects to a SOCKS proxy at either port 9050 or
-     9150); if another type of proxy is listening on one of these ports,
+     after reloading dirmngr.  The test on the availability of Tor is
+     done by trying to connect to a SOCKS proxy at either port 9050 or
+     9150; if another type of proxy is listening on one of these ports,
      you should use '--no-use-tor'.
 
 '--standard-resolver'
@@ -1765,8 +1708,9 @@ off the two leading dashes.
      only to this particular keyserver.
 
      Most keyservers synchronize with each other, so there is generally
-     no need to send keys to more than one server.  Somes keyservers use
-     round robin DNS to give a different keyserver each time you use it.
+     no need to send keys to more than one server.  The keyserver
+     'hkp://keys.gnupg.net' uses round robin DNS to give a different
+     keyserver each time you use it.
 
      If exactly two keyservers are configured and only one is a Tor
      hidden service (.onion), Dirmngr selects the keyserver to use
@@ -1774,37 +1718,26 @@ off the two leading dashes.
      a running Tor is done for each new connection.
 
      If no keyserver is explicitly configured, dirmngr will use the
-     built-in default of 'https://keyserver.ubuntu.com'.
+     built-in default of 'hkps://hkps.pool.sks-keyservers.net'.
 
      Windows users with a keyserver running on their Active Directory
-     may use the short form 'ldap:///' for NAME to access this
-     directory.
+     should use 'ldap:///' for NAME to access this directory.  As an
+     alternative it is also possible to add 'gpgNtds=1' as extension
+     (i.e.  after the fourth question mark).
 
      For accessing anonymous LDAP keyservers NAME is in general just a
      'ldaps://ldap.example.com'.  A BaseDN parameter should never be
-     specified.  If authentication is required things are more
-     complicated and two methods are available:
-
-     The modern method (since version 2.2.28) is to use the very same
-     syntax as used with the option '--ldapserver'.  Please see over
-     there for details; here is an example:
-
-                 keyserver ldap:ldap.example.com::uid=USERNAME,ou=GnuPG Users,
-                 dc=example,dc=com:PASSWORD::starttls
-
-     The other method is to use a full URL for NAME; for example:
+     specified.  If authentication is required the value of NAME is for
+     example:
 
                  keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME
                  %2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD
 
      Put this all on one line without any spaces and keep the '%2C' as
      given.  Replace USERNAME, PASSWORD, and the 'dc' parts according to
-     the instructions received from your LDAP administrator.  Note that
+     the instructions received from the LDAP administrator.  Note that
      only simple authentication (i.e.  cleartext passwords) is supported
-     and thus using ldaps is strongly suggested (since 2.2.28 "ldaps"
-     defaults to port 389 and uses STARTTLS). On Windows authentication
-     via AD can be requested by adding 'gpgNtds=1' after the fourth
-     question mark instead of the bindname and password parameter.
+     and thus using ldaps is strongly suggested.
 
 '--nameserver IPADDR'
      In "Tor mode" Dirmngr uses a public resolver via Tor to resolve DNS
@@ -1843,7 +1776,7 @@ off the two leading dashes.
      If the environment variable 'http_proxy' has been set, use its
      value to access HTTP servers.
 
-'--http-proxy [http://]HOST[:PORT]'
+'--http-proxy HOST[:PORT]'
      Use HOST and PORT to access HTTP servers.  The use of this option
      overrides the environment variable 'http_proxy' regardless whether
      '--honor-http-proxy' has been set.
@@ -1860,9 +1793,9 @@ off the two leading dashes.
      LDAP server if the connection using the "proxy" failed.
 
 '--ldapserverlist-file FILE'
-     Read the list of LDAP servers to consult for CRLs and X.509
-     certificates from file instead of the default per-user ldap server
-     list file.  The default value for FILE is
+     Read a list of LDAP servers to consult for CRLs and certificates
+     from file.  This servers from this list are used after any servers
+     set by a client for its session.  The default value for FILE is
      'dirmngr_ldapservers.conf'.
 
      This server list file contains one LDAP server per line in the
@@ -1872,43 +1805,16 @@ off the two leading dashes.
 
      Lines starting with a '#' are comments.
 
+     The only defined flag is 'ldaps' to specify that a TLS connections
+     shall be used.  Flags are comma delimited; unknown flags are
+     ignored.
+
      Note that as usual all strings entered are expected to be UTF-8
      encoded.  Obviously this will lead to problems if the password has
      originally been encoded as Latin-1.  There is no other solution
      here than to put such a password in the binary encoding into the
      file (i.e.  non-ascii characters won't show up readable).(1)
 
-'--ldapserver SPEC'
-     This is an alternative way to specify LDAP servers for CRL and
-     X.509 certificate retrieval.  If this option is used the servers
-     configured in 'dirmngr_ldapservers.conf' (or the file given by
-     '--ldapserverlist-file') are cleared.  Note that
-     'dirmngr_ldapservers.conf' is not read again by a reload signal.
-     However, '--ldapserver' options are read again.
-
-     SPEC is either a proper LDAP URL or a colon delimited list of the
-     form
-
-     HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN:FLAGS:
-
-     with an optional prefix of 'ldap:' (but without the two slashes
-     which would turn this into a proper LDAP URL). FLAGS is a list of
-     one or more comma delimited keywords:
-     'plain'
-          The default: Do not use a TLS secured connection at all; the
-          default port is 389.
-     'starttls'
-          Use STARTTLS to secure the connection; the default port is
-          389.
-     'ldaptls'
-          Tunnel LDAP through a TLS connection; the default port is 636.
-     'ntds'
-          On Windows authenticate the LDAP connection using the Active
-          Directory with the current user.
-
-     Note that in an URL style specification the scheme 'ldaps://'
-     refers to STARTTLS and _not_ to LDAP-over-TLS.
-
 '--ldaptimeout SECS'
      Specify the number of seconds to wait for an LDAP query before
      timing out.  The default are 15 seconds.  0 will never timeout.
@@ -1916,19 +1822,23 @@ off the two leading dashes.
 '--add-servers'
      This option makes dirmngr add any servers it discovers when
      validating certificates against CRLs to the internal list of
-     servers to consult for certificates and CRLs.
-
-     This option is useful when trying to validate a certificate that
-     has a CRL distribution point that points to a server that is not
-     already listed in the ldapserverlist.  Dirmngr will always go to
-     this server and try to download the CRL, but chances are high that
-     the certificate used to sign the CRL is located on the same server.
-     So if dirmngr doesn't add that new server to list, it will often
-     not be able to verify the signature of the CRL unless the
+     servers to consult for certificates and CRLs.  This option should
+     in general not be used.
+
+     This option might be useful when trying to validate a certificate
+     that has a CRL distribution point that points to a server that is
+     not already listed in the ldapserverlist.  Dirmngr will always go
+     to this server and try to download the CRL, but chances are high
+     that the certificate used to sign the CRL is located on the same
+     server.  So if dirmngr doesn't add that new server to list, it will
+     often not be able to verify the signature of the CRL unless the
      '--add-servers' option is used.
 
-     Note: The current version of dirmngr has this option disabled by
-     default.
+     Caveat emptor: Using this option may enable denial-of-service
+     attacks and leak search requests to unknown third parties.  This is
+     because arbitrary servers are added to the internal list of LDAP
+     servers which in turn is used for all unspecific LDAP queries as
+     well as a fallback for queries which did not return a result.
 
 '--allow-ocsp'
      This option enables OCSP support if requested by the client.
@@ -1989,23 +1899,6 @@ off the two leading dashes.
      with care because extensions are usually flagged as critical for a
      reason.
 
-'--ignore-cert FPR|FILE'
-     Entirely ignore certificates with the fingerprint FPR.  As an
-     alternative to the fingerprint a filename can be given in which
-     case all certificates described in that file are ignored.  Any
-     argument which contains a slash, dot or tilde is considered a
-     filename.  Usual filename expansion takes place: A tilde at the
-     start followed by a slash is replaced by the content of 'HOME', no
-     slash at start describes a relative filename which will be searched
-     at the home directory.  To make sure that the FILE is searched in
-     the home directory, either prepend the name with "./" or use a name
-     which contains a dot.  The format of such a file is a list of SHA-1
-     fingerprint, one per line with optional colons between the bytes.
-     Empty lines and lines prefixed with a hash mark are ignored.
-
-     This option is useful as a quick workaround to exclude certain
-     certificates from the system store.
-
 '--hkp-cacert FILE'
      Use the root certificates in FILE for verification of the TLS
      certificates used with 'hkps' (keyserver access over TLS). If the
@@ -2013,8 +1906,10 @@ off the two leading dashes.
      This option may be given multiple times to add more root
      certificates.  Tilde expansion is supported.
 
-     If no 'hkp-cacert' directive is present, dirmngr will use the
-     system CAs.
+     If no 'hkp-cacert' directive is present, dirmngr will make a
+     reasonable choice: if the keyserver in question is the special pool
+     'hkps.pool.sks-keyservers.net', it will use the bundled root
+     certificate for that pool.  Otherwise, it will use the system CAs.
 
    ---------- Footnotes ----------
 
@@ -2028,9 +1923,9 @@ File: gnupg.info,  Node: Dirmngr Configuration,  Next: Dirmngr Signals,  Prev: D
 =================
 
 Dirmngr makes use of several directories when running in daemon mode:
-There are a few configuration files whih control the operation of
-dirmngr.  By default they may all be found in the current home directory
-(*note option --homedir::).
+There are a few configuration files to control the operation of dirmngr.
+By default they may all be found in the current home directory (*note
+option --homedir::).
 
 'dirmngr.conf'
      This is the standard configuration file read by 'dirmngr' on
@@ -2076,24 +1971,71 @@ dirmngr.  By default they may all be found in the current home directory
      will be created by dirmngr if it does not exists but you need to
      make sure that the upper directory exists.
 
-   To be able to see what's going on you should create the configure
-file '~/gnupg/dirmngr.conf' with at least one line:
+   Several options control the use of trusted certificates for TLS and
+CRLs.  Here is an Overview on the use and origin of those Root CA
+certificates:
+
+System
+
+     These System root certificates are used by: FIXME
+
+     The origin of the system provided certificates depends on the
+     platform.  On Windows all certificates from the Windows System
+     Stores 'ROOT' and 'CA' are used.
+
+     On other platforms the certificates are read from the first file
+     found form this list: '/etc/ssl/ca-bundle.pem',
+     '/etc/ssl/certs/ca-certificates.crt', '/etc/pki/tls/cert.pem',
+     '/usr/local/share/certs/ca-root-nss.crt', '/etc/ssl/cert.pem'.
+
+GnuPG
+
+     The GnuPG specific certificates stored in the directory
+     '/etc/gnupg/trusted-certs' are only used to validate CRLs.
+
+OpenPGP keyserver
+
+     For accessing the OpenPGP keyservers the only certificates used are
+     those set with the configuration option 'hkp-cacert'.
+
+OpenPGP keyserver pool
+
+     This is usually only one certificate read from the file
+     '/usr/local/share/gnupg/gnupg/sks-keyservers.netCA.pem'.  If this
+     certificate exists it is used to access the special keyservers
+     'hkps.pool.sks-keyservers.net' (or 'hkps://keys.gnupg.net').
+
+   Please note that 'gpgsm' accepts Root CA certificates for its own
+purposes only if they are listed in its file 'trustlist.txt'.  'dirmngr'
+does not make use of this list - except FIXME.
+
+   To be able to see diagnostics it is often useful to put at least the
+following lines into the configuration file '~/gnupg/dirmngr.conf':
 
      log-file ~/dirmngr.log
+     verbose
+
+   You may want to check the log file to see whether all desired root CA
+certificates are correctly loaded.
 
    To be able to perform OCSP requests you probably want to add the
 line:
 
      allow-ocsp
 
-   To make sure that new options are read and that after the
-installation of a new GnuPG versions the installed dirmngr is running,
-you may want to kill an existing dirmngr first:
+   To make sure that new options are read or that after the installation
+of a new GnuPG versions the right dirmngr version is running, you should
+kill an existing dirmngr so that a new instance is started as needed by
+the otehr components:
 
      gpgconf --kill dirmngr
 
-   You may check the log file to see whether all desired root
-certificates have been loaded correctly.
+   Direct interfaction with the dirmngr is possible by using the command
+
+     gpg-connect-agent --dirmngr
+
+   Enter 'HELP' at the prompt to see a list of commands and enter 'HELP'
+followed by a command name to get help on that command.
 
 
 File: gnupg.info,  Node: Dirmngr Signals,  Next: Dirmngr Examples,  Prev: Dirmngr Configuration,  Up: Invoking DIRMNGR
@@ -2620,16 +2562,11 @@ File: gnupg.info,  Node: Operational GPG Commands,  Next: OpenPGP Key Management
      Locate the keys given as arguments.  This command basically uses
      the same algorithm as used when locating keys for encryption and
      may thus be used to see what keys 'gpg' might use.  In particular
-     external methods as defined by '--auto-key-locate' are used to
-     locate a key if the arguments comain valid mail addresses.  Only
-     public keys are listed.
-
-     The variant '--locate-external-keys' does not consider a locally
-     existing key and can thus be used to force the refresh of a key via
-     the defined external methods.  If a fingerprint is given and and
-     the methods defined by -auto-key-locate define LDAP servers, the
-     key is fetched from these resources; defined non-LDAP keyservers
-     are skipped.
+     external methods as defined by '--auto-key-locate' may be used to
+     locate a key.  Only public keys are listed.  The variant
+     '--locate-external-keys' does not consider a locally existing key
+     and can thus be used to force the refresh of a key via the defined
+     external methods.
 
 '--show-keys'
      This commands takes OpenPGP keys as input and prints information
@@ -2697,11 +2634,11 @@ File: gnupg.info,  Node: Operational GPG Commands,  Next: OpenPGP Key Management
      not to request a confirmation.
 
 '--export'
-     Either export all keys from all keyrings (default keyring and those
-     registered via option '--keyring'), or if at least one name is
-     given, those of the given name.  The exported keys are written to
-     STDOUT or to the file given with option '--output'.  Use together
-     with '--armor' to mail those keys.
+     Either export all keys from all keyrings (default keyrings and
+     those registered via option '--keyring'), or if at least one name
+     is given, those of the given name.  The exported keys are written
+     to STDOUT or to the file given with option '--output'.  Use
+     together with '--armor' to mail those keys.
 
 '--send-keys KEYIDS'
      Similar to '--export' but sends the keys to a keyserver.
@@ -2854,6 +2791,14 @@ File: gnupg.info,  Node: Operational GPG Commands,  Next: OpenPGP Key Management
      This is a GnuPG extension to OpenPGP and in general not very
      useful.
 
+'--unwrap'
+     This command is similar to '--decrypt' with the change that the
+     output is not the usual plaintext but the original message with the
+     decryption layer removed.  Thus the output will be an OpenPGP data
+     structure which often means a signed OpenPGP message.  Note that
+     this command may or may not remove a compression layer which is
+     often found beneath the encryption layer.
+
 '--tofu-policy {auto|good|unknown|bad|ask} KEYS'
      Set the TOFU policy for all the bindings associated with the
      specified KEYS.  For more information about the meaning of the
@@ -3165,6 +3110,26 @@ This section explains the main commands for key management.
           asked to enter the passphrase of the backup key and then for
           the Admin PIN of the card.
 
+     keytotpm
+          Transfer the selected secret subkey (or the primary key if no
+          subkey has been selected) to TPM form.  The secret key in the
+          keyring will be replaced by the TPM representation of that
+          key, which can only be read by the particular TPM that created
+          it (so the keyfile now becomes locked to the laptop containing
+          the TPM). Only certain key types may be transferred to the TPM
+          (all TPM 2.0 systems are mandated to have the rsa2048 and
+          nistp256 algorithms but newer TPMs may have more).  Note that
+          the key itself is not transferred into the TPM, merely
+          encrypted by the TPM in-place, so if the keyfile is deleted,
+          the key will be lost.  Once transferred to TPM representation,
+          the key file can never be converted back to non-TPM form and
+          the key will die when the TPM does, so you should first have a
+          backup on secure offline storage of the actual secret key file
+          before conversion.  It is essential to use the physical system
+          TPM that you have rw permission on the TPM resource manager
+          device (/dev/tpmrm0).  Usually this means you must be a member
+          of the tss group.
+
      delkey
           Remove a subkey (secondary key).  Note that it is not possible
           to retract a subkey, once it has been send to the public (i.e.
@@ -3234,10 +3199,10 @@ This section explains the main commands for key management.
           bring older keys up to date.
 
      save
-          Save all changes to the keyring and quit.
+          Save all changes to the keyrings and quit.
 
      quit
-          Quit the program without updating the keyring.
+          Quit the program without updating the keyrings.
 
      The listing shows you the key with its secondary keys and all user
      IDs.  The primary user ID is indicated by a dot, and selected keys
@@ -3249,7 +3214,7 @@ This section explains the main commands for key management.
 
 '--sign-key NAME'
      Signs a public key with your secret key.  This is a shortcut
-     version of the subcommand "sign" from '--edit'.
+     version of the subcommand "sign" from '--edit-key'.
 
 '--lsign-key NAME'
      Signs a public key with your secret key but marks it as
@@ -3262,7 +3227,7 @@ This section explains the main commands for key management.
      interaction.  The FPR must be the verified primary fingerprint of a
      key in the local keyring.  If no NAMES are given, all useful user
      ids are signed; with given [NAMES] only useful user ids matching
-     one of theses names are signed.  By default, or if a name is
+     one of these names are signed.  By default, or if a name is
      prefixed with a '*', a case insensitive substring match is used.
      If a name is prefixed with a '=' a case sensitive exact match is
      done.
@@ -3315,7 +3280,7 @@ This section explains the main commands for key management.
 '--passwd USER-ID'
      Change the passphrase of the secret key belonging to the
      certificate specified as USER-ID.  This is a shortcut for the
-     sub-command 'passwd' of the edit key menu.  When using together
+     sub-command 'passwd' of the '--edit-key' menu.  When using together
      with the option '--dry-run' this will not actually change the
      passphrase but check that the current passphrase is correct.
 
@@ -3488,6 +3453,12 @@ usually found in the option file.
           For each user-id which has a valid mail address print only the
           fingerprint followed by the mail address.
 
+     sort-sigs
+          With -list-sigs and -check-sigs sort the signatures by keyID
+          and creation time to make it easier to view the history of
+          these signatures.  The self-signature is also listed before
+          other signatures.  Defaults to yes.
+
 '--verify-options PARAMETERS'
      This is a space or comma delimited string that gives options used
      when verifying signatures.  Options can be prepended with a 'no-'
@@ -3524,18 +3495,6 @@ usually found in the option file.
           That is all the AKA lines as well as photo Ids are not shown
           with the signature verification status.
 
-     pka-lookups
-          Enable PKA lookups to verify sender addresses.  Note that PKA
-          is based on DNS, and so enabling this option may disclose
-          information on when and what signatures are verified or to
-          whom data is encrypted.  This is similar to the "web bug"
-          described for the '--auto-key-retrieve' option.
-
-     pka-trust-increase
-          Raise the trust in a signature to full if the signature passes
-          PKA validation.  This option is only meaningful if pka-lookups
-          is set.
-
 '--enable-large-rsa'
 '--disable-large-rsa'
      With -generate-key and -batch, enable the creation of RSA secret
@@ -3583,8 +3542,8 @@ usually found in the option file.
      Add FILE to the current list of keyrings.  If FILE begins with a
      tilde and a slash, these are replaced by the $HOME directory.  If
      the filename does not contain a slash, it is assumed to be in the
-     GnuPG home directory ("~/.gnupg" unless '--homedir' or $GNUPGHOME
-     is used).
+     GnuPG home directory ("~/.gnupg" if '--homedir' or $GNUPGHOME is
+     not used).
 
      Note that this adds a keyring to the current list.  If the intent
      is to use the specified keyring alone, use '--keyring' along with
@@ -3593,16 +3552,16 @@ usually found in the option file.
      If the option '--no-keyring' has been used no keyrings will be used
      at all.
 
-'--primary-keyring FILE'
-     This is a varian of '--keyring' and designates FILE as the primary
-     public keyring.  This means that newly imported keys (via
-     '--import' or keyserver '--recv-from') will go to this keyring.
-
 '--secret-keyring FILE'
      This is an obsolete option and ignored.  All secret keys are stored
      in the 'private-keys-v1.d' directory below the GnuPG home
      directory.
 
+'--primary-keyring FILE'
+     Designate FILE as the primary public keyring.  This means that
+     newly imported keys (via '--import' or keyserver '--recv-from')
+     will go to this keyring.
+
 '--trustdb-name FILE'
      Use FILE instead of the default trustdb.  If FILE begins with a
      tilde and a slash, these are replaced by the $HOME directory.  If
@@ -3754,13 +3713,12 @@ usually found in the option file.
      claim" signatures are always accepted.
 
 '--trusted-key LONG KEY ID OR FINGERPRINT'
-     Assume that the specified key (which should be given as
-     fingerprint) is as trustworthy as one of your own secret keys.
-     This option is useful if you don't want to keep your secret keys
-     (or one of them) online but still want to be able to check the
-     validity of a given recipient's or signator's key.  If the given
-     key is not locally available but an LDAP keyserver is configured
-     the missing key is imported from that server.
+     Assume that the specified key (which must be given as a full 8 byte
+     key ID, a 20 byte, or 32 byte fingerprint) is as trustworthy as one
+     of your own secret keys.  This option is useful if you don't want
+     to keep your secret keys (or one of them) online but still want to
+     be able to check the validity of a given recipient's or signator's
+     key.
 
 '--trust-model {pgp|classic|tofu|tofu+pgp|direct|always|auto}'
      Set what trust model GnuPG should follow.  The models are:
@@ -3873,9 +3831,6 @@ usually found in the option file.
      cert
           Locate a key using DNS CERT, as specified in RFC-4398.
 
-     pka
-          Locate a key using DNS PKA.
-
      dane
           Locate a key using DANE, as specified in
           draft-ietf-dane-openpgpkey-05.txt.
@@ -3891,23 +3846,14 @@ usually found in the option file.
 
      ntds
           Locate the key using the Active Directory (Windows only).
-          This method also allows to search by fingerprint using the
-          command '--locate-external-key'.  Note that this mechanism is
-          actually a shortcut for the mechanism 'keyserver' but using
-          "ldap:///" as the keyserver.
 
      keyserver
-          Locate a key using a keyserver.  This method also allows to
-          search by fingerprint using the command
-          '--locate-external-key' if any of the configured keyservers is
-          an LDAP server.
+          Locate a key using a keyserver.
 
      keyserver-URL
           In addition, a keyserver URL as used in the 'dirmngr'
           configuration may be used here to query that particular
-          keyserver.  This method also allows to search by fingerprint
-          using the command '--locate-external-key' if the URL specifies
-          an LDAP server.
+          keyserver.
 
      local
           Locate the key using the local keyrings.  This mechanism
@@ -3932,8 +3878,8 @@ usually found in the option file.
      This is an offline mechanism to get a missing key for signature
      verification and for later encryption to this key.  If this option
      is enabled and a signature includes an embedded key, that key is
-     used to verify the signature and on verification success that key
-     is imported.  The default is '--no-auto-key-import'.
+     used to verify the signature and on verification success the key is
+     imported.  The default is '--no-auto-key-import'.
 
      On the sender (signing) site the option '--include-key-block' needs
      to be used to put the public part of the signing key as “Key Block
@@ -3963,10 +3909,7 @@ usually found in the option file.
      disabled by removing WKD from the auto-key-locate list or by using
      the option '--disable-signer-uid'.
 
-     4.  If the option 'honor-pka-record' is active, the legacy PKA
-     method is used.
-
-     5.  If any keyserver is configured and the Issuer Fingerprint is
+     4.  If any keyserver is configured and the Issuer Fingerprint is
      part of the signature (since GnuPG 2.1.16), the configured
      keyservers are tried.
 
@@ -3998,7 +3941,10 @@ usually found in the option file.
      keyserver: "hkp"/"hkps" for the HTTP (or compatible) keyservers or
      "ldap"/"ldaps" for the LDAP keyservers.  Note that your particular
      installation of GnuPG may have other keyserver types available as
-     well.  Keyserver schemes are case-insensitive.
+     well.  Keyserver schemes are case-insensitive.  After the keyserver
+     name, optional keyserver configuration options may be provided.
+     These are the same as the global '--keyserver-options' from below,
+     but apply only to this particular keyserver.
 
      Most keyservers synchronize with each other, so there is generally
      no need to send keys to more than one server.  The keyserver
@@ -4042,11 +3988,6 @@ usually found in the option file.
           creator of the key can see when the keys is refreshed.  Thus
           this option is not enabled by default.
 
-     honor-pka-record
-          If '--auto-key-retrieve' is used, and the signature being
-          verified has a PKA record, then use the PKA information to
-          fetch the key.  Defaults to "yes".
-
      include-subkeys
           When receiving a key, include subkeys as potential targets.
           Note that this option is not used with HKP keyservers, as they
@@ -4062,10 +4003,7 @@ usually found in the option file.
           'dirmngr' configuration options instead.
 
      The default list of options is: "self-sigs-only, import-clean,
-     repair-keys, repair-pks-subkey-bug, export-attributes,
-     honor-pka-record".  However, if the actual used source is an LDAP
-     server "no-self-sigs-only" is assumed unless "self-sigs-only" has
-     been explictly configured.
+     repair-keys, repair-pks-subkey-bug, export-attributes".
 
 '--completes-needed N'
      Number of completely trusted users to introduce a new key signer
@@ -4287,11 +4225,30 @@ File: gnupg.info,  Node: GPG Key related Options,  Next: GPG Input and Output,
 
 '--sender MBOX'
      This option has two purposes.  MBOX must either be a complete user
-     id with a proper mail address or just a mail address.  When
-     creating a signature this option tells gpg the user id of a key
-     used to make a signature if the key was not directly specified by a
-     user id.  When verifying a signature the MBOX is used to restrict
-     the information printed by the TOFU code to matching user ids.
+     ID containing a proper mail address or just a plain mail address.
+     The option can be given multiple times.
+
+     When creating a signature this option tells gpg the signing key's
+     user id used to make the signature and embeds that user ID into the
+     created signature (using OpenPGP's "Signer's User ID" subpacket).
+     If the option is given multiple times a suitable user ID is picked.
+     However, if the signing key was specified directly by using a mail
+     address (i.e.  not by using a fingerprint or key ID) this option is
+     used and the mail address is embedded in the created signature.
+
+     When verifying a signature MBOX is used to restrict the information
+     printed by the TOFU code to matching user IDs.  If the option is
+     used and the signature contains a "Signer's User ID" subpacket that
+     information is is also used to restrict the printed information.
+     Note that GnuPG considers only the mail address part of a User ID.
+
+     If this option or the said subpacket is available the TRUST lines
+     as printed by option 'status-fd' correspond to the corresponding
+     User ID; if no User ID is known the TRUST lines are computed
+     directly on the key and do not give any information about the User
+     ID. In the latter case it his highly recommended to scripts and
+     other frontends to evaluate the VALIDSIG line, retrieve the key and
+     print all User IDs along with their validity (trust) information.
 
 '--try-secret-key NAME'
      For hidden recipients GPG needs to know the keys to use for trial
@@ -4349,6 +4306,14 @@ File: gnupg.info,  Node: GPG Input and Output,  Next: OpenPGP Options,  Prev: GP
      before processing is forced to stop by the OS limits.  Defaults to
      0, which means "no limit".
 
+'--chunk-size N'
+     The AEAD encryption mode encrypts the data in chunks so that a
+     receiving side can check for transmission errors or tampering at
+     the end of each chunk and does not need to delay this until all
+     data has been received.  The used chunk size is 2^N byte.  The
+     lowest allowed value for N is 6 (64 byte) and the largest is the
+     default of 27 which creates chunks not larger than 128 MiB.
+
 '--input-size-hint N'
      This option can be used to tell GPG the size of the input data in
      bytes.  N must be a positive base-10 number.  This option is only
@@ -4404,9 +4369,9 @@ File: gnupg.info,  Node: GPG Input and Output,  Next: OpenPGP Options,  Prev: GP
 
      import-export
           Run the entire import code but instead of storing the key to
-          the local keyring write it to the output.  The export options
-          'export-pka' and 'export-dane' affect the output.  This option
-          can be used to remove all invalid parts from a key without the
+          the local keyring write it to the output.  The export option
+          'export-dane' affect the output.  This option can for example
+          be used to remove all invalid parts from a key without the
           need to store it.
 
      merge-only
@@ -4438,6 +4403,10 @@ File: gnupg.info,  Node: GPG Input and Output,  Next: OpenPGP Options,  Prev: GP
           example, this reorders signatures, and strips duplicate
           signatures.  Defaults to yes.
 
+     bulk-import
+          When used with -use-keyboxd do the import within a single
+          transaction.  This is an experimental feature.
+
      import-minimal
           Import the smallest key possible.  This removes all signatures
           except the most recent self-signature on each user ID. This
@@ -4584,12 +4553,6 @@ File: gnupg.info,  Node: GPG Input and Output,  Next: OpenPGP Options,  Prev: GP
           "minimize" before export except that the local copy of the key
           is not modified.  Defaults to no.
 
-     export-pka
-          Instead of outputting the key material output PKA records
-          suitable to put into DNS zone files.  An ORIGIN line is
-          printed before each record to allow diverting the records to
-          the corresponding zone file.
-
      export-dane
           Instead of outputting the key material output OpenPGP DANE
           records suitable to put into DNS zone files.  An ORIGIN line
@@ -4673,12 +4636,18 @@ File: gnupg.info,  Node: OpenPGP Options,  Next: Compliance Options,  Prev: GPG
 '--no-force-v4-certs'
      These options are obsolete and have no effect since GnuPG 2.1.
 
+'--force-aead'
+     Force the use of AEAD encryption over MDC encryption.  AEAD is a
+     modern and faster way to do authenticated encryption than the old
+     MDC method.  See also options '--aead-algo' and '--chunk-size'.
+
 '--force-mdc'
 '--disable-mdc'
      These options are obsolete and have no effect since GnuPG 2.2.8.
-     The MDC is always used.  But note: If the creation of a legacy
-     non-MDC message is exceptionally required, the option '--rfc2440'
-     allows for this.
+     The MDC is always used unless the keys indicate that an AEAD
+     algorithm can be used in which case AEAD is used.  But note: If the
+     creation of a legacy non-MDC message is exceptionally required, the
+     option '--rfc2440' allows for this.
 
 '--disable-signer-uid'
      By default the user ID of the signing key is embedded in the data
@@ -4688,12 +4657,17 @@ File: gnupg.info,  Node: OpenPGP Options,  Next: Compliance Options,  Prev: GPG
      option '--auto-key-retrieve'.
 
 '--include-key-block'
+'--no-include-key-block'
      This option is used to embed the actual signing key into a data
      signature.  The embedded key is stripped down to a single user id
      and includes only the signing subkey used to create the signature
      as well as as valid encryption subkeys.  All other info is removed
      from the key to keep it and thus the signature small.  This option
-     is the OpenPGP counterpart to the 'gpgsm' option '--include-certs'.
+     is the OpenPGP counterpart to the 'gpgsm' option '--include-certs'
+     and allows the recipient of a signed message to reply encrypted to
+     the sender without using any online directories to lookup the key.
+     The default is '--no-include-key-block'.  See also the option
+     '--auto-key-import'.
 
 '--personal-cipher-preferences STRING'
      Set the list of personal cipher preferences to STRING.  Use 'gpg
@@ -4704,6 +4678,15 @@ File: gnupg.info,  Node: OpenPGP Options,  Next: Compliance Options,  Prev: GPG
      most highly ranked cipher in this list is also used for the
      '--symmetric' encryption command.
 
+'--personal-aead-preferences STRING'
+     Set the list of personal AEAD preferences to STRING.  Use 'gpg
+     --version' to get a list of available algorithms, and use 'none' to
+     set no preference at all.  This allows the user to safely override
+     the algorithm chosen by the recipient key preferences, as GPG will
+     only select an algorithm that is usable by all recipients.  The
+     most highly ranked cipher in this list is also used for the
+     '--symmetric' encryption command.
+
 '--personal-digest-preferences STRING'
      Set the list of personal digest preferences to STRING.  Use 'gpg
      --version' to get a list of available algorithms, and use 'none' to
@@ -4761,51 +4744,44 @@ OPENPGP PROGRAMS section below before using one of these options.
 
 '--gnupg'
      Use standard GnuPG behavior.  This is essentially OpenPGP behavior
-     (see '--openpgp'), but with some additional workarounds for common
+     (see '--openpgp'), but with extension from the proposed update to
+     OpenPGP and with some additional workarounds for common
      compatibility problems in different versions of PGP. This is the
      default option, so it is not generally needed, but it may be useful
      to override a different compliance option in the gpg.conf file.
 
 '--openpgp'
      Reset all packet, cipher and digest options to strict OpenPGP
-     behavior.  Use this option to reset all previous options like
-     '--s2k-*', '--cipher-algo', '--digest-algo' and '--compress-algo'
-     to OpenPGP compliant values.  All PGP workarounds are disabled.
+     behavior.  This option implies '--allow-old-cipher-algos'.  Use
+     this option to reset all previous options like '--s2k-*',
+     '--cipher-algo', '--digest-algo' and '--compress-algo' to OpenPGP
+     compliant values.  All PGP workarounds are disabled.
 
 '--rfc4880'
      Reset all packet, cipher and digest options to strict RFC-4880
-     behavior.  Note that this is currently the same thing as
-     '--openpgp'.
+     behavior.  This option implies '--allow-old-cipher-algos'.  Note
+     that this is currently the same thing as '--openpgp'.
 
 '--rfc4880bis'
-     Enable experimental features from proposed updates to RFC-4880.
-     This option can be used in addition to the other compliance
-     options.  Warning: The behavior may change with any GnuPG release
-     and created keys or data may not be usable with future GnuPG
-     versions.
+     Reset all packet, cipher and digest options to strict according to
+     the proposed updates of RFC-4880.
 
 '--rfc2440'
      Reset all packet, cipher and digest options to strict RFC-2440
      behavior.  Note that by using this option encryption packets are
      created in a legacy mode without MDC protection.  This is dangerous
-     and should thus only be used for experiments.  See also option
-     '--ignore-mdc-error'.
+     and should thus only be used for experiments.  This option implies
+     '--allow-old-cipher-algos'.  See also option '--ignore-mdc-error'.
 
 '--pgp6'
-     Set up all options to be as PGP 6 compliant as possible.  This
-     restricts you to the ciphers IDEA (if the IDEA plugin is
-     installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
-     and the compression algorithms none and ZIP. This also disables
-     '--throw-keyids', and making signatures with signing subkeys as PGP
-     6 does not understand signatures made by signing subkeys.
-
-     This option implies '--escape-from-lines'.
+     This option is obsolete; it is handled as an alias for '--pgp7'
 
 '--pgp7'
-     Set up all options to be as PGP 7 compliant as possible.  This is
-     identical to '--pgp6' except that MDCs are not disabled, and the
-     list of allowable ciphers is expanded to add AES128, AES192,
-     AES256, and TWOFISH.
+     Set up all options to be as PGP 7 compliant as possible.  This
+     allowed the ciphers IDEA, 3DES, CAST5,AES128, AES192, AES256, and
+     TWOFISH., the hashes MD5, SHA1 and RIPEMD160, and the compression
+     algorithms none and ZIP. This option implies '--escape-from-lines'
+     and disables '--throw-keyids',
 
 '--pgp8'
      Set up all options to be as PGP 8 compliant as possible.  PGP 8 is
@@ -4817,22 +4793,7 @@ OPENPGP PROGRAMS section below before using one of these options.
 '--compliance STRING'
      This option can be used instead of one of the options above.  Valid
      values for STRING are the above option names (without the double
-     dash) and possibly others as shown when using "help" for STRING.
-
-'--min-rsa-length N'
-     This option adjusts the compliance mode "de-vs" for stricter key
-     size requirements.  For example, a value of 3000 turns rsa2048 and
-     dsa2048 keys into non-VS-NfD compliant keys.
-
-'--require-compliance'
-     To check that data has been encrypted according to the rules of the
-     current compliance mode, a gpg user needs to evaluate the status
-     lines.  This is allows frontends to handle compliance check in a
-     more flexible way.  However, for scripted use the required
-     evaluation of the status-line requires quite some effort; this
-     option can be used instead to make sure that the gpg process exits
-     with a failure if the compliance rules are not fulfilled.  Note
-     that this option has currently an effect only in "de-vs" mode.
+     dash) and possibly others as shown when using "help" for VALUE.
 
 
 File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev: Compliance Options,  Up: GPG Options
@@ -4881,10 +4842,11 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      are however carefully selected to best aid in debugging.
 
 '--debug FLAGS'
-     Set debugging flags.  All flags are or-ed and FLAGS may be given in
-     C syntax (e.g.  0x0042) or as a comma separated list of flag names.
+     Set debug flags.  All flags are or-ed and FLAGS may be given in C
+     syntax (e.g.  0x0042) or as a comma separated list of flag names.
      To get a list of all supported flags the single word "help" can be
-     used.
+     used.  This option is only useful for debugging and the behavior
+     may change at any time without notice.
 
 '--debug-all'
      Set all useful debugging flags.
@@ -4893,6 +4855,17 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      Set stdout into line buffered mode.  This option is only honored
      when given on the command line.
 
+'--debug-set-iobuf-size N'
+     Change the buffer size of the IOBUFs to N kilobyte.  Using 0 prints
+     the current size.  Note well: This is a maintainer only option and
+     may thus be changed or removed at any time without notice.
+
+'--debug-allow-large-chunks'
+     To facilitate in-memory decryption on the receiving site, the
+     largest recommended chunk size is 128 MiB ('--chunk-size 27').
+     This option allows to specify a limit of up to 4 EiB ('--chunk-size
+     62') for experiments.
+
 '--faked-system-time EPOCH'
      This option is only useful for testing; it sets the system time
      back or forth to EPOCH which is the number of seconds elapsed since
@@ -4902,6 +4875,13 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      If you suffix EPOCH with an exclamation mark (!), the system time
      will appear to be frozen at the specified time.
 
+'--full-timestrings'
+     Change the format of printed creation and expiration times from
+     just the date to the date and time.  This is in general not useful
+     and the same information is anyway available in '--with-colons'
+     mode.  These longer strings are also not well aligned with other
+     printed data.
+
 '--enable-progress-filter'
      Enable certain PROGRESS status outputs.  This option allows
      frontends to display a progress indicator while gpg is processing
@@ -4921,9 +4901,7 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
 '--log-file FILE'
 '--logger-file FILE'
      Same as '--logger-fd', except the logger data is written to file
-     FILE.  Use 'socket://' to log to a socket.  Note that in this
-     version of gpg the option has only an effect if '--batch' is also
-     used.
+     FILE.  Use 'socket://' to log to s socket.
 
 '--attribute-fd N'
      Write attribute subpackets to the file descriptor N.  This is most
@@ -5037,16 +5015,26 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      '--version' yields a list of supported algorithms.  If this is not
      used the cipher algorithm is selected from the preferences stored
      with the key.  In general, you do not want to use this option as it
-     allows you to violate the OpenPGP standard.
+     allows you to violate the OpenPGP standard.  The option
      '--personal-cipher-preferences' is the safe way to accomplish the
      same thing.
 
+'--aead-algo NAME'
+     Specify that the AEAD algorithm NAME is to be used.  This is useful
+     for symmetric encryption where no key preference are available to
+     select the AEAD algorithm.  Running 'gpg' with option '--version'
+     shows the available AEAD algorithms.  In general, you do not want
+     to use this option as it allows you to violate the OpenPGP
+     standard.  The option '--personal-aead-preferences' is the safe way
+     to accomplish the same thing.
+
 '--digest-algo NAME'
      Use NAME as the message digest algorithm.  Running the program with
      the command '--version' yields a list of supported algorithms.  In
      general, you do not want to use this option as it allows you to
-     violate the OpenPGP standard.  '--personal-digest-preferences' is
-     the safe way to accomplish the same thing.
+     violate the OpenPGP standard.  The option
+     '--personal-digest-preferences' is the safe way to accomplish the
+     same thing.
 
 '--compress-algo NAME'
      Use compression algorithm NAME.  "zlib" is RFC-1950 ZLIB
@@ -5067,7 +5055,7 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      PGP (all versions) only supports ZIP compression.  Using any
      algorithm other than ZIP or "none" will make the message unreadable
      with PGP. In general, you do not want to use this option as it
-     allows you to violate the OpenPGP standard.
+     allows you to violate the OpenPGP standard.  The option
      '--personal-compress-preferences' is the safe way to accomplish the
      same thing.
 
@@ -5077,7 +5065,10 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      supported algorithms.  Be aware that if you choose an algorithm
      that GnuPG supports but other OpenPGP implementations do not, then
      some users will not be able to use the key signatures you make, or
-     quite possibly your entire key.
+     quite possibly your entire key.  Note also that a public key
+     algorithm must be compatible with the specified digest algorithm;
+     thus selecting an arbitrary digest algorithm may result in error
+     messages from lower crypto layers or lead to security flaws.
 
 '--disable-cipher-algo NAME'
      Never allow the use of NAME as cipher algorithm.  The given name
@@ -5236,6 +5227,14 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      indication of an attack.  Use with great caution; see also option
      '--rfc2440'.
 
+'--allow-old-cipher-algos'
+     Old cipher algorithms like 3DES, IDEA, or CAST5 encrypt data using
+     blocks of 64 bits; modern algorithms use blocks of 128 bit instead.
+     To avoid certain attack on these old algorithms it is suggested not
+     to encrypt more than 150 MiByte using the same key.  For this
+     reason gpg does not allow the use of 64 bit block size algorithms
+     for encryption unless this option is specified.
+
 '--allow-weak-digest-algos'
      Signatures made with known-weak digest algorithms are normally
      rejected with an "invalid digest algorithm" message.  This option
@@ -5257,19 +5256,12 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      signatures made using SHA-1, those key signatures are considered
      invalid.  This options allows to override this restriction.
 
-'--override-compliance-check'
-     The signature verification only allows the use of keys suitable in
-     the current compliance mode.  If the compliance mode has been
-     forced by a global option, there might be no way to check certain
-     signature.  This option allows to override this and prints an extra
-     warning in such a case.  This option is ignored in -batch mode so
-     that no accidental unattended verification may happen.
-
 '--no-default-keyring'
-     Do not add the default keyring to the list of keyrings.  Note that
-     GnuPG needs for almost all operations a keyring.  Thus if you use
-     this option and do not provide alternate keyrings via '--keyring',
-     then GnuPG will still use the default keyring.
+     Do not add the default keyrings to the list of keyrings.  Note that
+     GnuPG will not operate without any keyrings, so if you use this
+     option and do not provide alternate keyrings via '--keyring' or
+     '--secret-keyring', then GnuPG will still use the default public or
+     secret keyrings.
 
 '--no-keyring'
      Do not use any keyring at all.  This overrides the default and all
@@ -5378,31 +5370,24 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      the advanced key generation commands can always be used to specify
      a key algorithm directly.
 
+'--no-auto-trust-new-key'
+     When creating a new key the ownertrust of the new key is set to
+     ultimate.  This option disables this and the user needs to manually
+     assign an ownertrust value.
+
 '--force-sign-key'
      This option modifies the behaviour of the commands
      '--quick-sign-key', '--quick-lsign-key', and the "sign"
      sub-commands of '--edit-key' by forcing the creation of a key
      signature, even if one already exists.
 
-'--forbid-gen-key'
-     This option is intended for use in the global config file to
-     disallow the use of generate key commands.  Those commands will
-     then fail with the error code for Not Enabled.
-
 '--allow-secret-key-import'
      This is an obsolete option and is not used anywhere.
 
 '--allow-multiple-messages'
 '--no-allow-multiple-messages'
-     Allow processing of multiple OpenPGP messages contained in a single
-     file or stream.  Some programs that call GPG are not prepared to
-     deal with multiple messages being processed together, so this
-     option defaults to no.  Note that versions of GPG prior to 1.4.7
-     always allowed multiple messages.  Future versions of GnUPG will
-     remove this option.
-
-     Warning: Do not use this option unless you need it as a temporary
-     workaround!
+     These are obsolete options; they have no more effect since GnuPG
+     2.2.8.
 
 '--enable-special-filenames'
      This option enables a mode in which filenames of the form '-&n',
@@ -5420,7 +5405,7 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
 '--default-preference-list STRING'
      Set the list of default preferences to STRING.  This preference
      list is used for new keys and becomes the default for "setpref" in
-     the edit menu.
+     the '--edit-key' menu.
 
 '--default-keyserver-url NAME'
      Set the default keyserver URL to NAME.  This keyserver will be used
@@ -5448,6 +5433,15 @@ File: gnupg.info,  Node: GPG Esoteric Options,  Next: Deprecated Options,  Prev:
      file would prevent 'gpg' from startup.  Thus it may be used to run
      a syntax check on the configuration file.
 
+'--chuid UID'
+     Change the current user to UID which may either be a number or a
+     name.  This can be used from the root account to run gpg for
+     another user.  If UID is not the current UID a standard PATH is set
+     and the envvar GNUPGHOME is unset.  To override the latter the
+     option '--homedir' can be used.  This option has only an effect
+     when used on the command line.  This option has currently no effect
+     at all on Windows.
+
    ---------- Footnotes ----------
 
    (1) Using a little social engineering anyone who is able to decrypt
@@ -5589,7 +5583,7 @@ Only the 'gpg' program may modify these files.
      of the respective key.  It is suggested to backup those
      certificates and if the primary private key is not stored on the
      disk to move them to an external storage device.  Anyone who can
-     access theses files is able to revoke the corresponding key.  You
+     access these files is able to revoke the corresponding key.  You
      may want to print them out.  You should backup all files in this
      directory and take care to keep this backup closed away.
 
@@ -5622,16 +5616,6 @@ LANGUAGE
      loaded.  If it can't be loaded the Registry is tried and as last
      resort the native Windows locale system is used.
 
-GNUPG_BUILD_ROOT
-     This variable is only used by the regression test suite as a helper
-     under operating systems without proper support to figure out the
-     name of a process' text file.
-
-GNUPG_EXEC_DEBUG_FLAGS
-     This variable allows to enable diagnostics for process management.
-     A numeric decimal value is expected.  Bit 0 enables general
-     diagnostics, bit 1 enables certain warnings on Windows.
-
    When calling the gpg-agent component 'gpg' sends a set of environment
 variables to gpg-agent.  The names of these variables can be listed
 using the command:
@@ -5762,9 +5746,6 @@ Values for FLAG must be space separated.  The supported flags are:
      VALUE spans to the end of the expression.
 -c
      The string match in this part is done case-sensitive.
--t
-     Leading and trailing spaces are not removed from VALUE.  The
-     optional single space after OP is here required.
 
    The filter options concatenate several specifications for a filter of
 the same type.  For example the four options in this example:
@@ -5789,7 +5770,7 @@ The program returns 0 if there are no severe errors, 1 if at least a
 signature was bad, and other error codes for fatal errors.
 
    Note that signature verification requires exact knowledge of what has
-been signed and by whom it has beensigned.  Using only the return code
+been signed and by whom it has been signed.  Using only the return code
 is thus not an appropriate way to verify a signature by a script.
 Either make proper use or the status codes or use the 'gpgv' tool which
 has been designed to make signature verification easy for scripts.
@@ -6333,7 +6314,7 @@ File: gnupg.info,  Node: Certificate Management,  Prev: Operational GPGSM Comman
 
 '--keydb-clear-some-cert-flags'
      This is a debugging aid to reset certain flags in the key database
-     which are used to cache certain certificate stati.  It is
+     which are used to cache certain certificate statuses.  It is
      especially useful if a bad CRL or a weird running OCSP responder
      did accidentally revoke certificate.  There is no security issue
      with this command because 'gpgsm' always make sure that the
@@ -6454,14 +6435,31 @@ in the option file.
      '-vv'.
 
 '--keyserver STRING'
-     This is a deprecated option.  It was used to add an LDAP server to
-     use for X.509 certificate and CRL lookup.  The alias '--ldapserver'
-     existed from version 2.2.28 to 2.2.33 but is now entirely ignored.
+     Add an LDAP server to use for certificate and CRL lookup.  This
+     option can be given multiple times to configure more than one LDAP
+     server.  Note that the 'dirmngr' can in addition be configured with
+     a default list of LDAP servers to be used after those configured
+     with this option.  The syntax of STRING is:
+
+     HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN:FLAGS
 
-     LDAP servers must be given in the configuration for 'dirmngr'.
+     The only defined flag is 'ldaps' to specify that a TLS connections
+     shall be used.  Flags are comma delimited; unknown flags are
+     ignored.
+
+     Note that all parts of that string are expected to be UTF-8
+     encoded.  This may lead to problems if the PASSWORD has originally
+     been encoded as Latin-1; in such a case better configure such an
+     LDAP server using the global configuration of 'dirmngr'.
+
+     Here is an example which uses the default port, no username, no
+     password, and requests a TLS connection:
+
+          --keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE:ldaps
 
 '--policy-file FILENAME'
-     Change the default name of the policy file to FILENAME.
+     Change the default name of the policy file to FILENAME.  The
+     default name is 'policies.txt'.
 
 '--agent-program FILE'
      Specify an agent program to be used for secret key operations.  The
@@ -6696,6 +6694,15 @@ File: gnupg.info,  Node: Esoteric Options,  Prev: CMS Options,  Up: GPGSM Option
 5.2.5 Doing things one usually do not want to do
 ------------------------------------------------
 
+'--chuid UID'
+     Change the current user to UID which may either be a number or a
+     name.  This can be used from the root account to run gpgsm for
+     another user.  If UID is not the current UID a standard PATH is set
+     and the envvar GNUPGHOME is unset.  To override the latter the
+     option '--homedir' can be used.  This option has only an effect
+     when used on the command line.  This option has currently no effect
+     at all on Windows.
+
 '--extra-digest-algo NAME'
      Sometimes signatures are broken in that they announce a different
      digest algorithm than actually used.  'gpgsm' uses a one-pass data
@@ -6707,34 +6714,6 @@ File: gnupg.info,  Node: Esoteric Options,  Prev: CMS Options,  Up: GPGSM Option
      like "digest algo 8 has not been enabled" you may want to try this
      option, with 'SHA256' for NAME.
 
-'--compliance STRING'
-     Set the compliance mode.  Valid values are shown when using "help"
-     for STRING.
-
-'--min-rsa-length N'
-     This option adjusts the compliance mode "de-vs" for stricter key
-     size requirements.  For example, a value of 3000 turns rsa2048 and
-     dsa2048 keys into non-VS-NfD compliant keys.
-
-'--require-compliance'
-     To check that data has been encrypted according to the rules of the
-     current compliance mode, a gpgsm user needs to evaluate the status
-     lines.  This is allows frontends to handle compliance check in a
-     more flexible way.  However, for scripted use the required
-     evaluation of the status-line requires quite some effort; this
-     option can be used instead to make sure that the gpgsm process
-     exits with a failure if the compliance rules are not fulfilled.
-     Note that this option has currently an effect only in "de-vs" mode.
-
-'--ignore-cert-with-oid OID'
-     Add OID to the list of OIDs to be checked while reading
-     certificates from smartcards.  The OID is expected to be in dotted
-     decimal form, like '2.5.29.3'.  This option may be used more than
-     once.  As of now certificates with an extended key usage matching
-     one of those OIDs are ignored during a '--learn-card' operation and
-     not imported.  This option can help to keep the local key database
-     clear of unneeded certificates stored on smartcards.
-
 '--faked-system-time EPOCH'
      This option is only useful for testing; it sets the system time
      back or forth to EPOCH which is the number of seconds elapsed since
@@ -6746,14 +6725,6 @@ File: gnupg.info,  Node: Esoteric Options,  Prev: CMS Options,  Up: GPGSM Option
      that they are included anyway if the key specification for a
      listing is given as fingerprint or keygrip.
 
-'--compatibility-flags FLAGS'
-     Set compatibility flags to work around problems due to
-     non-compliant certificates or data.  The FLAGS are given as a comma
-     separated list of flag names and are OR-ed together.  The special
-     flag "none" clears the list and allows to start over with an empty
-     list.  To get a list of available flags the sole word "help" can be
-     used.
-
 '--debug-level LEVEL'
      Select the debug level for investigating problems.  LEVEL may be a
      numeric value or by a keyword:
@@ -6780,28 +6751,11 @@ File: gnupg.info,  Node: Esoteric Options,  Prev: CMS Options,  Up: GPGSM Option
      are however carefully selected to best aid in debugging.
 
 '--debug FLAGS'
-     This option is only useful for debugging and the behaviour may
-     change at any time without notice; using '--debug-levels' is the
-     preferred method to select the debug verbosity.  FLAGS are bit
-     encoded and may be given in usual C-Syntax.  The currently defined
-     bits are:
-
-     '0 (1)'
-          X.509 or OpenPGP protocol related data
-     '1 (2)'
-          values of big number integers
-     '2 (4)'
-          low level crypto operations
-     '5 (32)'
-          memory allocation
-     '6 (64)'
-          caching
-     '7 (128)'
-          show memory statistics
-     '9 (512)'
-          write hashed data to files named 'dbgmd-000*'
-     '10 (1024)'
-          trace Assuan protocol
+     Set debug flags.  All flags are or-ed and FLAGS may be given in C
+     syntax (e.g.  0x0042) or as a comma separated list of flag names.
+     To get a list of all supported flags the single word "help" can be
+     used.  This option is only useful for debugging and the behavior
+     may change at any time without notice.
 
      Note, that all flags set using this option may get overridden by
      '--debug-level'.
@@ -6911,15 +6865,8 @@ home directory (*note option --homedir::).
      Note that even if a certificate is listed in this file, this does
      not mean that the certificate is trusted; in general the
      certificates listed in this file need to be listed also in
-     'trustlist.txt'.
-
-     This is a global file an installed in the data directory (e.g.
-     '/usr/local/share/gnupg/qualified.txt').  GnuPG installs a suitable
-     file with root certificates as used in Germany.  As new Root-CA
-     certificates may be issued over time, these entries may need to be
-     updated; new distributions of this software should come with an
-     updated list but it is still the responsibility of the
-     Administrator to check that this list is correct.
+     'trustlist.txt'.  This is a global file an installed in the sysconf
+     directory (e.g.  '/etc/gnupg/qualified.txt').
 
      Every time 'gpgsm' uses a certificate for signing or verification
      this file will be consulted to check whether the certificate under
@@ -7093,10 +7040,12 @@ General Parameters:
 Key-Type: ALGO
      Starts a new parameter block by giving the type of the primary key.
      The algorithm must be capable of signing.  This is a required
-     parameter.  The only supported value for ALGO is 'rsa'.
+     parameter.  The supported values for ALGO are 'rsa', 'ecdsa', and
+     'eddsa'.
 
 Key-Length: NBITS
      The requested length of a generated key in bits.  Defaults to 3072.
+     The value is ignored for ECC algorithms.
 
 Key-Grip: HEXSTRING
      This is optional and used to generate a CSR or certificate for an
@@ -7167,3 +7116,16 @@ Hash-Algo: HASH-ALGO
      algorithms are: 'sha1', 'sha256', 'sha384' and 'sha512'; they may
      also be specified with uppercase letters.  The default is 'sha256'.
 
+Authority-Key-Id: HEXSTRING
+     Insert the decoded value of HEXSTRING as authorityKeyIdentifier.
+     If this is not given and an ECC algorithm is used the public part
+     of the certified public key is used as authorityKeyIdentifier.  To
+     inhibit any authorityKeyIdentifier use the special value 'none' for
+     HEXSTRING.
+
+Subject-Key-Id: HEXSTRING
+     Insert the decoded value of HEXSTRING as subjectKeyIdentifier.  If
+     this is not given and an ECC algorithm is used the public part of
+     the signing key is used as authorityKeyIdentifier.  To inhibit any
+     subjectKeyIdentifier use the special value 'none' for HEXSTRING.
+
diff --git a/doc/gnupg.info-2 b/doc/gnupg.info-2
index ac111fd..3ee3c4d 100644
--- a/doc/gnupg.info-2
+++ b/doc/gnupg.info-2
@@ -1,7 +1,7 @@
 This is gnupg.info, produced by makeinfo version 6.5 from gnupg.texi.
 
-This is the 'The GNU Privacy Guard Manual' (version 2.2.37-beta27,
-August 2022).
+This is the 'The GNU Privacy Guard Manual' (version 2.3.0-beta1658,
+March 2021).
 
    (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
 (C) 2013, 2014, 2015 Werner Koch.
@@ -573,31 +573,11 @@ File: gnupg.info,  Node: Scdaemon Options,  Next: Card applications,  Prev: Scda
           says, they are only used as helpers to debug problems.
 
 '--debug FLAGS'
-     This option is only useful for debugging and the behavior may
-     change at any time without notice.  FLAGS are bit encoded and may
-     be given in usual C-Syntax.  The currently defined bits are:
-
-     '0 (1)'
-          command I/O
-     '1 (2)'
-          values of big number integers
-     '2 (4)'
-          low level crypto operations
-     '5 (32)'
-          memory allocation
-     '6 (64)'
-          caching
-     '7 (128)'
-          show memory statistics
-     '9 (512)'
-          write hashed data to files named 'dbgmd-000*'
-     '10 (1024)'
-          trace Assuan protocol.  See also option
-          '--debug-assuan-log-cats'.
-     '11 (2048)'
-          trace APDU I/O to the card.  This may reveal sensitive data.
-     '12 (4096)'
-          trace some card reader related function calls.
+     Set debug flags.  All flags are or-ed and FLAGS may be given in C
+     syntax (e.g.  0x0042) or as a comma separated list of flag names.
+     To get a list of all supported flags the single word "help" can be
+     used.  This option is only useful for debugging and the behavior
+     may change at any time without notice.
 
 '--debug-all'
      Same as '--debug=0xffffffff'
@@ -649,16 +629,15 @@ File: gnupg.info,  Node: Scdaemon Options,  Next: Card applications,  Prev: Scda
 
 '--pcsc-shared'
      Use shared mode to access the card via PC/SC. This is a somewhat
-     dangerous option because Scdaemon assumes exclusivbe access to teh
+     dangerous option because Scdaemon assumes exclusive access to the
      card and for example caches certain information from the card.  Use
      this option only if you know what you are doing.
 
 '--pcsc-driver LIBRARY'
-     Use LIBRARY to access the smartcard reader.  The current default on
-     Unix is 'libpcsclite.so' and on Windows 'winscard.dll'.  Instead of
-     using this option you might also want to install a symbolic link to
-     the default file name (e.g.  from 'libpcsclite.so.1').  A Unicode
-     file name may not be used on Windows.
+     Use LIBRARY to access the smartcard reader.  The current default is
+     'libpcsclite.so'.  Instead of using this option you might also want
+     to install a symbolic link to the default file name (e.g.  from
+     'libpcsclite.so.1').
 
 '--ctapi-driver LIBRARY'
      Use LIBRARY to access the smartcard reader.  The current default is
@@ -684,17 +663,9 @@ File: gnupg.info,  Node: Scdaemon Options,  Next: Card applications,  Prev: Scda
               | gpg-connect-agent --decode | awk '/^D/ {print $2}'
 
 '--card-timeout N'
-     If N is not 0 and no client is actively using the card, the card
-     will be powered down after N seconds.  Powering down the card
-     avoids a potential risk of damaging a card when used with certain
-     cheap readers.  This also allows applications that are not aware of
-     Scdaemon to access the card.  The disadvantage of using a card
-     timeout is that accessing the card takes longer and that the user
-     needs to enter the PIN again after the next power up.
-
-     Note that with the current version of Scdaemon the card is powered
-     down immediately at the next timer tick for any value of N other
-     than 0.
+     This option is deprecated.  In GnuPG 2.0, it used to be used for
+     DISCONNECT command to control timing issue.  Since DISCONNECT
+     command works synchronously, it has no effect.
 
 '--enable-pinpad-varlen'
      Please specify this option when the card reader supports variable
@@ -722,6 +693,16 @@ File: gnupg.info,  Node: Scdaemon Options,  Next: Card applications,  Prev: Scda
      This is mainly useful for debugging or if a application with lower
      priority should be used by default.
 
+'--application-priority NAMELIST'
+     This option allows to change the order in which applications of a
+     card a tried if no specific application was requested.  NAMELIST is
+     a space or comma delimited list of application names.  Unknown
+     names are simply skipped.  Applications not mentioned in the list
+     are put in the former order at the end of the new priority list.
+
+     To get the list of current active applications, use
+              gpg-connect-agent 'scd getinfo app_list' /bye
+
    All the long options may also be given in the configuration file
 after stripping off the two leading dashes.
 
@@ -1263,7 +1244,7 @@ have to do this because our key database stores this encoding as meta
 data.
 
 
-File: gnupg.info,  Node: Trust Values,  Next: Helper Tools,  Prev: Specify a User ID,  Up: Top
+File: gnupg.info,  Node: Trust Values,  Next: Smart Card Tool,  Prev: Specify a User ID,  Up: Top
 
 8 Trust Values
 **************
@@ -1309,10 +1290,733 @@ err
      The program encountered an unknown trust value.
 
 
-File: gnupg.info,  Node: Helper Tools,  Next: Web Key Service,  Prev: Trust Values,  Up: Top
+File: gnupg.info,  Node: Smart Card Tool,  Next: Helper Tools,  Prev: Trust Values,  Up: Top
 
-9 Helper Tools
-**************
+9 Smart Card Tool
+*****************
+
+GnuPG comes with a tool to administrate smart cards and USB tokens.
+This tool is an enhanced version of the '--edit-key' command available
+with 'gpg'.
+
+* Menu:
+
+* gpg-card::             Administrate smart cards.
+
+
+File: gnupg.info,  Node: gpg-card,  Up: Smart Card Tool
+
+9.1 Administrate smart cards.
+=============================
+
+The 'gpg-card' is used to administrate smart cards and USB tokens.  It
+provides a superset of features from 'gpg --card-edit' an can be
+considered a frontend to 'scdaemon' which is a daemon started by
+'gpg-agent' to handle smart cards.
+
+   If 'gpg-card' is invoked without commands an interactive mode is
+used.
+
+   If 'gpg-card' is invoked with one or more commands the same commands
+as available in the interactive mode are run from the command line.
+These commands need to be delimited with a double-dash.  If a
+double-dash or a shell specific character is required as part of a
+command the entire command needs to be put in quotes.  If one of those
+commands returns an error the remaining commands are not anymore run
+unless the command was prefixed with a single dash.
+
+   A list of commands is available by using the command 'help' and a
+brief description of each command is printed by using 'help CMD'.  See
+the section COMMANDS for a full description.
+
+   See the NOTES sections for instructions pertaining to specific cards
+or card applications.
+
+'gpg-card' understands these options:
+
+'--with-colons'
+     This option has currently no effect.
+
+'--status-fd N'
+     Write special status strings to the file descriptor N.  This
+     program returns only the status messages SUCCESS or FAILURE which
+     are helpful when the caller uses a double fork approach and can't
+     easily get the return code of the process.
+
+'--verbose'
+     Enable extra informational output.
+
+'--quiet'
+     Disable almost all informational output.
+
+'--version'
+     Print version of the program and exit.
+
+'--help'
+     Display a brief help page and exit.
+
+'--no-autostart'
+     Do not start the gpg-agent if it has not yet been started and its
+     service is required.  This option is mostly useful on machines
+     where the connection to gpg-agent has been redirected to another
+     machines.
+
+'--no-history'
+     In interactive mode the command line history is usually saved and
+     restored to and from a file below the GnuPG home directory.  This
+     option inhibits the use of that file.
+
+'--agent-program FILE'
+     Specify the agent program to be started if none is running.  The
+     default value is determined by running 'gpgconf' with the option
+     '--list-dirs'.
+
+'--gpg-program FILE'
+     Specify a non-default gpg binary to be used by certain commands.
+
+'--gpgsm-program FILE'
+     Specify a non-default gpgsm binary to be used by certain commands.
+
+'--chuid UID'
+     Change the current user to UID which may either be a number or a
+     name.  This can be used from the root account to run gpg-card for
+     another user.  If UID is not the current UID a standard PATH is set
+     and the envvar GNUPGHOME is unset.  To override the latter the
+     option '--homedir' can be used.  This option has only an effect
+     when used on the command line.  This option has currently no effect
+     at all on Windows.
+
+'gpg-card' understands the following commands, which have options of
+their own.  The pseudo-option '--' can be used to separate command
+options from arguments; if this pseudo option is used on the command
+line the entire command with options and arguments must be quoted, so
+that it is not mixed up with the '--' as used on the command line to
+separate commands.  Note that a short online help is available for all
+commands by prefixing them with "help".  Command completion in the
+interactive mode is also supported.
+
+'AUTHENTICATE [--setkey] [--raw] [< FILE]|KEY]'
+'AUTH'
+     Authenticate to the card.  Perform a mutual autentication either by
+     reading the key from FILE or by taking it from the command line as
+     KEY.  Without the option '--raw' the key is expected to be hex
+     encoded.  To install a new administration key '--setkey' is used;
+     this requires a prior authentication with the old key.  This is
+     used with PIV cards.
+
+'CAFPR [--clear] N'
+     Change the CA fingerprint number N of an OpenPGP card.  N must be
+     in the range 1 to 3.  The option '--clear' clears the specified CA
+     fingerprint N or all of them if N is 0 or not given.
+
+'FACTORY-RESET'
+     Do a complete reset of some OpenPGP and PIV cards.  This command
+     deletes all data and keys and resets the PINs to their default.
+     Don't worry, you need to confirm before the command proceeds.
+
+'FETCH'
+     Retrieve a key using the URL data object of an OpenPGP card or if
+     that is missing using the stored fingerprint.
+
+'FORCESIG'
+     Toggle the forcesig flag of an OpenPGP card.
+
+'GENERATE [--force] [--algo=ALGO{+ALGO2}] KEYREF'
+     Create a new key on a card.  Use '--force' to overwrite an existing
+     key.  Use "help" for ALGO to get a list of known algorithms.  For
+     OpenPGP cards several algos may be given.  Note that the OpenPGP
+     key generation is done interactively unless '--algo' or KEYREF are
+     given.
+
+'KDF-SETUP'
+     Prepare the OpenPGP card KDF feature for this card.
+
+'LANG [--clear]'
+     Change the language info for the card.  This info can be used by
+     applications for a personalized greeting.  Up to 4 two-digit
+     language identifiers can be entered as a preference.  The option
+     '--clear' removes all identifiers.  GnuPG does not use this info.
+
+'LIST [--cards] [--apps] [--info] [--no-key-lookup] [N] [APP]'
+'L'
+     This command reads all information from the current card and
+     display them in a human readable format.  The first section shows
+     generic information vaialable for all cards.  The next section
+     shows information pertaining to keys which depend on the actual
+     card and application.
+
+     With N given select and list the n-th card; with APP also given
+     select that application.  To select an APP on the current card use
+     "-" for N.  The serial number of the card may be used instead of N.
+
+     The option '--cards' lists the serial numbers of available cards.
+     The option '--apps' lists all card applications.  The option
+     '--info' selects a card and prints its serial number.  The option
+     '--no-key-lookup' suppresses the listing of matching OpenPGP or
+     X.509 keys.
+
+'LOGIN [--clear] [< FILE]'
+     Set the login data object of OpenPGP cards.  If FILE is given the
+     data is is read from that file.  This allows to store binary data
+     in the login field.  The option '--clear' deletes the login data
+     object.
+
+'NAME [--clear]'
+     Set the name field of an OpenPGP card.  With option '--clear' the
+     stored name is cleared off the card.
+
+'PASSWD [--reset|--nullpin] [PINREF]'
+     Change or unblock the PINs.  Note that in interactive mode and
+     without a PINREF a menu is presented for certain cards."  In
+     non-interactive mode and without a PINREF a default value i used
+     for these cards.  The option '--reset' is used with TCOS cards to
+     reset the PIN using the PUK or vice versa; the option -NULLPIN is
+     used for these cards to set the intial PIN.
+
+'PRIVATEDO [--clear] N [< FILE]'
+     Change the private data object N of an OpenPGP card.  N must be in
+     the range 1 to 4.  If FILE is given the data is is read from that
+     file.  The option '--clear' clears the data.
+
+'QUIT'
+'Q'
+     Stop processing and terminate 'gpg-card'.
+
+'READCERT [--openpgp] CERTREF > FILE'
+     Read the certificate for key CERTREF and store it in FILE.  With
+     option '--openpgp' an OpenPGP keyblock wrapped in a dedicated CMS
+     content type (OID=1.3.6.1.4.1.11591.2.3.1) is expected and
+     extracted to FILE.  Note that for current OpenPGP cards a
+     certificate may only be available at the CERTREF "OPENPGP.3".
+
+'RESET'
+     Send a reset to the card daemon.
+
+'SALUTATION [--clear]'
+'SALUT'
+     Change the salutation info for the card.  This info can be used by
+     applications for a personalized greeting.  The option '--clear'
+     removes this data object.  GnuPG does not use this info.
+
+'UIF N [on|off|permanent]'
+     Change the User Interaction Flag.  That flags tells whether the
+     confirmation button of a token shall be used.  N must in the range
+     1 to 3.  "permanent" is the same as "on" but the flag can't be
+     changed anmore.
+
+'UNBLOCK'
+     Unblock a PIN using a PUK or Reset Code.  Note that OpenPGP cards
+     prior to version 2 can't use this; instead the 'PASSWD' can be used
+     to set a new PIN.
+
+'URL [--clear]'
+     Set the URL data object of an OpenPGP card.  That data object can
+     be used by by 'gpg''s '--fetch' command to retrieve the full public
+     key.  The option '--clear' deletes the content of that data object.
+
+'VERIFY [CHVID]'
+     Verify the PIN identified by CHVID or the default PIN.
+
+'WRITECERT CERTREF < FILE'
+'WRITECERT --openpgp CERTREF [< FILE|FPR]'
+'WRITECERT --clear CERTREF'
+     Write a certificate to the card under the id CERTREF.  The option
+     '--clear' removes the certificate from the card.  The option
+     '--openpgp' expects an OpenPGP keyblock and stores it encapsulated
+     in a CMS container; the keyblock is taken from FILE or directly
+     from the OpenPGP key identified by fingerprint FPR.
+
+'WRITEKEY [--force] KEYREF KEYGRIP'
+     Write a private key object identified by KEYGRIP to the card under
+     the id KEYREF.  Option '--force' allows overwriting an existing
+     key.
+
+'YUBIKEY CMD ARGS'
+     Various commands pertaining to Yubikey tokens with CMD being:
+     LIST
+          List supported and enabled Yubikey applications.
+     ENABLE USB|NFC|ALL [OTP|U2F|OPGP|PIV|OATH|FIDO2|ALL]
+     DISABLE
+          Enable or disable the specified or all applications on the
+          given interface.
+
+   The support for OpenPGP cards in 'gpg-card' is not yet complete.  For
+missing features, please continue to use 'gpg --card-edit'.
+
+GnuPG has support for PIV cards ("Personal Identity Verification" as
+specified by NIST Special Publication 800-73-4).  This section describes
+how to initialize (personalize) a fresh Yubikey token featuring the PIV
+application (requires Yubikey-5).  We assume that the credentials have
+not yet been changed and thus are:
+Authentication key
+     This is a 24 byte key described by the hex string
+     '010203040506070801020304050607080102030405060708'.
+PIV Application PIN
+     This is the string '123456'.
+PIN Unblocking Key
+     This is the string '12345678'.
+   See the example section on how to change these defaults.  For
+production use it is important to use secure values for them.  Note that
+the Authentication Key is not queried via the usual Pinentry dialog but
+needs to be entered manually or read from a file.  The use of a
+dedicated machine to personalize tokens is strongly suggested.
+
+   To see what is on the card, the command 'list' can be given.  We will
+use the interactive mode in the following (the string _gpg/card>_ is the
+prompt).  An example output for a fresh card is:
+
+     gpg/card> list
+     Reader ...........: 1050:0407:X:0
+     Card type ........: yubikey
+     Card firmware ....: 5.1.2
+     Serial number ....: D2760001240102010006090746250000
+     Application type .: OpenPGP
+     Version ..........: 2.1
+     [...]
+
+   It can be seen by the "Application type" line that GnuPG selected the
+OpenPGP application of the Yubikey.  This is because GnuPG assigns the
+highest priority to the OpenPGP application.  To use the PIV application
+of the Yubikey several methods can be used:
+
+   With a Yubikey 5 or later the OpenPGP application on the Yubikey can
+be disabled:
+
+     gpg/card> yubikey disable all opgp
+     gpg/card> yubikey list
+     Application  USB    NFC
+     -----------------------
+     OTP          yes    yes
+     U2F          yes    yes
+     OPGP         no     no
+     PIV          yes    no
+     OATH         yes    yes
+     FIDO2        yes    yes
+     gpg/card> reset
+
+   The 'reset' is required so that the GnuPG system rereads the card.
+Note that disabled applications keep all their data and can at any time
+be re-enabled (use 'help yubikey').
+
+   Another option, which works for all Yubikey versions, is to disable
+the support for OpenPGP cards in scdaemon.  This is done by adding the
+line
+
+     disable-application openpgp
+
+   to '~/.gnupg/scdaemon.conf' and by restarting scdaemon, either by
+killing the process or by using 'gpgconf --kill scdaemon'.  Finally the
+default order in which card applications are tried by scdaemon can be
+changed.  For example to prefer PIV over OpenPGP it is sufficient to add
+
+     application-priority piv
+
+   to '~/.gnupg/scdaemon.conf' and to restart 'scdaemon'.  This has an
+effect only on tokens which support both, PIV and OpenPGP, but does not
+hamper the use of OpenPGP only tokens.
+
+   With one of these methods employed the 'list' command of 'gpg-card'
+shows this:
+
+     gpg/card> list
+     Reader ...........: 1050:0407:X:0
+     Card type ........: yubikey
+     Card firmware ....: 5.1.2
+     Serial number ....: FF020001008A77C1
+     Application type .: PIV
+     Version ..........: 1.0
+     Displayed s/n ....: yk-9074625
+     PIN usage policy .: app-pin
+     PIN retry counter : - 3 -
+     PIV authentication: [none]
+           keyref .....: PIV.9A
+     Card authenticat. : [none]
+           keyref .....: PIV.9E
+     Digital signature : [none]
+           keyref .....: PIV.9C
+     Key management ...: [none]
+           keyref .....: PIV.9D
+
+   In case several tokens are plugged into the computer, gpg-card will
+show only one.  To show another token the number of the token (0, 1, 2,
+...)  can be given as an argument to the 'list' command.  The command
+'list --cards' prints a list of all inserted tokens.
+
+   Note that the "Displayed s/n" is printed on the token and also shown
+in Pinentry prompts asking for the PIN. The four standard key slots are
+always shown, if other key slots are initialized they are shown as well.
+The _PIV authentication_ key (internal reference _PIV.9A_) is used to
+authenticate the card and the card holder.  The use of the associated
+private key is protected by the Application PIN which needs to be
+provided once and the key can the be used until the card is reset or
+removed from the reader or USB port.  GnuPG uses this key with its
+_Secure Shell_ support.  The _Card authentication_ key (_PIV.9E_) is
+also known as the CAK and used to support physical access applications.
+The private key is not protected by a PIN and can thus immediately be
+used.  The _Digital signature_ key (_PIV.9C_) is used to digitally sign
+documents.  The use of the associated private key is protected by the
+Application PIN which needs to be provided for each signing operation.
+The _Key management_ key (_PIV.9D_) is used for encryption.  The use of
+the associated private key is protected by the Application PIN which
+needs to be provided only once so that decryption operations can then be
+done until the card is reset or removed from the reader or USB port.
+
+   We now generate three of the four keys.  Note that GnuPG does
+currently not use the the _Card authentication_ key; however, that key
+is mandatory by the PIV standard and thus we create it too.  Key
+generation requires that we authenticate to the card.  This can be done
+either on the command line (which would reveal the key):
+
+     gpg/card> auth 010203040506070801020304050607080102030405060708
+
+   or by reading the key from a file.  That file needs to consist of one
+LF terminated line with the hex encoded key (as above):
+
+     gpg/card> auth < myauth.key
+
+   As usual 'help auth' gives help for this command.  An error message
+is printed if a non-matching key is used.  The authentication is valid
+until a reset of the card or until the card is removed from the reader
+or the USB port.  Note that that in non-interactive mode the '<' needs
+to be quoted so that the shell does not interpret it as a its own
+redirection symbol.
+
+Here are the actual commands to generate the keys:
+
+     gpg/card> generate --algo=nistp384 PIV.9A
+     PIV card no. yk-9074625 detected
+     gpg/card> generate --algo=nistp256 PIV.9E
+     PIV card no. yk-9074625 detected
+     gpg/card> generate --algo=rsa2048 PIV.9C
+     PIV card no. yk-9074625 detected
+
+   If a key has already been created for one of the slots an error will
+be printed; to create a new key anyway the option '--force' can be used.
+Note that only the private and public keys have been created but no
+certificates are stored in the key slots.  In fact, GnuPG uses its own
+non-standard method to store just the public key in place of the the
+certificate.  Other application will not be able to make use these keys
+until 'gpgsm' or another tool has been used to create and store the
+respective certificates.  Let us see what the list command now shows:
+
+     gpg/card> list
+     Reader ...........: 1050:0407:X:0
+     Card type ........: yubikey
+     Card firmware ....: 5.1.2
+     Serial number ....: FF020001008A77C1
+     Application type .: PIV
+     Version ..........: 1.0
+     Displayed s/n ....: yk-9074625
+     PIN usage policy .: app-pin
+     PIN retry counter : - 3 -
+     PIV authentication: 213D1825FDE0F8240CB4E4229F01AF90AC658C2E
+           keyref .....: PIV.9A  (auth)
+           algorithm ..: nistp384
+     Card authenticat. : 7A53E6CFFE7220A0E646B4632EE29E5A7104499C
+           keyref .....: PIV.9E  (auth)
+           algorithm ..: nistp256
+     Digital signature : 32A6C6FAFCB8421878608AAB452D5470DD3223ED
+           keyref .....: PIV.9C  (sign,cert)
+           algorithm ..: rsa2048
+     Key management ...: [none]
+           keyref .....: PIV.9D
+
+   The primary information for each key is the _keygrip_, a 40 byte
+hex-string identifying the key.  This keygrip is a unique identifier for
+the specific parameters of a key.  It is used by 'gpg-agent' and other
+parts of GnuPG to associate a private key to its protocol specific
+certificate format (X.509, OpenPGP, or SecureShell).  Below the keygrip
+the key reference along with the key usage capabilities are show.
+Finally the algorithm is printed in the format used by 'gpg'.  At that
+point no other information is shown because for these new keys gpg won't
+be able to find matching certificates.
+
+   Although we could have created the _Key management_ key also with the
+generate command, we will create that key off-card so that a backup
+exists.  To accomplish this a key needs to be created with either 'gpg'
+or 'gpgsm' or imported in one of these tools.  In our example we create
+a self-signed X.509 certificate (exit the gpg-card tool, first):
+
+     $ gpgsm --gen-key -o encr.crt
+        (1) RSA
+        (2) Existing key
+        (3) Existing key from card
+     Your selection? 1
+     What keysize do you want? (3072) 2048
+     Requested keysize is 2048 bits
+     Possible actions for a RSA key:
+        (1) sign, encrypt
+        (2) sign
+        (3) encrypt
+     Your selection? 3
+     Enter the X.509 subject name: CN=Encryption key for yk-9074625,O=example,C=DE
+     Enter email addresses (end with an empty line):
+     > otto@example.net
+     >
+     Enter DNS names (optional; end with an empty line):
+     >
+     Enter URIs (optional; end with an empty line):
+     >
+     Create self-signed certificate? (y/N) y
+     These parameters are used:
+         Key-Type: RSA
+         Key-Length: 2048
+         Key-Usage: encrypt
+         Serial: random
+         Name-DN: CN=Encryption key for yk-9074625,O=example,C=DE
+         Name-Email: otto@example.net
+
+     Proceed with creation? (y/N)
+     Now creating self-signed certificate.  This may take a while ...
+     gpgsm: about to sign the certificate for key: &34798AAFE0A7565088101CC4AE31C5C8C74461CB
+     gpgsm: certificate created
+     Ready.
+     $ gpgsm --import encr.crt
+     gpgsm: certificate imported
+     gpgsm: total number processed: 1
+     gpgsm:               imported: 1
+
+   Note the last step which imported the created certificate.  If you
+you instead created a certificate signing request (CSR) instead of a
+self-signed certificate and sent this off to a CA you would do the same
+import step with the certificate received from the CA. Take note of the
+keygrip (prefixed with an ampersand) as shown during the certificate
+creation or listed it again using 'gpgsm --with-keygrip -k
+otto@example.net'.  Now to move the key and certificate to the card
+start 'gpg-card' again and enter:
+
+     gpg/card> writekey PIV.9D 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+     gpg/card> writecert PIV.9D < encr.crt
+
+   If you entered a passphrase to protect the private key, you will be
+asked for it via the Pinentry prompt.  On success the key and the
+certificate has been written to the card and a 'list' command shows:
+
+     [...]
+     Key management ...: 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+           keyref .....: PIV.9D  (encr)
+           algorithm ..: rsa2048
+           used for ...: X.509
+             user id ..: CN=Encryption key for yk-9074625,O=example,C=DE
+             user id ..: <otto@example.net>
+
+   In case the same key (identified by the keygrip) has been used for
+several certificates you will see several "used for" parts.  With this
+the encryption key is now fully functional and can be used to decrypt
+messages encrypted to this certificate.  TAKE CARE: the original key is
+still stored on-disk and should be moved to a backup medium.  This can
+simply be done by copying the file
+'34798AAFE0A7565088101CC4AE31C5C8C74461CB.key' from the directory
+'~/.gnupg/private-keys-v1.d/' to the backup medium and deleting the file
+at its original place.
+
+   The final example is to create a self-signed certificate for digital
+signatures.  Leave 'gpg-card' using 'quit' or by pressing Control-D and
+use gpgsm:
+
+     $ gpgsm --learn
+     $ gpgsm --gen-key -o sign.crt
+     Please select what kind of key you want:
+        (1) RSA
+        (2) Existing key
+        (3) Existing key from card
+     Your selection? 3
+     Serial number of the card: FF020001008A77C1
+     Available keys:
+        (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384
+        (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256
+        (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048
+        (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048
+     Your selection? 3
+     Possible actions for a RSA key:
+        (1) sign, encrypt
+        (2) sign
+        (3) encrypt
+     Your selection? 2
+     Enter the X.509 subject name: CN=Signing key for yk-9074625,O=example,C=DE
+     Enter email addresses (end with an empty line):
+     > otto@example.net
+     >
+     Enter DNS names (optional; end with an empty line):
+     >
+     Enter URIs (optional; end with an empty line):
+     >
+     Create self-signed certificate? (y/N)
+     These parameters are used:
+         Key-Type: card:PIV.9C
+         Key-Length: 1024
+         Key-Usage: sign
+         Serial: random
+         Name-DN: CN=Signing key for yk-9074625,O=example,C=DE
+         Name-Email: otto@example.net
+
+     Proceed with creation? (y/N) y
+     Now creating self-signed certificate.  This may take a while ...
+     gpgsm: about to sign the certificate for key: &32A6C6FAFCB8421878608AAB452D5470DD3223ED
+     gpgsm: certificate created
+     Ready.
+     $ gpgsm --import sign.crt
+     gpgsm: certificate imported
+     gpgsm: total number processed: 1
+     gpgsm:               imported: 1
+
+   The use of 'gpgsm --learn' is currently necessary so that gpg-agent
+knows what keys are available on the card.  The need for this command
+will eventually be removed.  The remaining commands are similar to the
+creation of an on-disk key.  However, here we select the 'Digital
+signature' key.  During the creation process you will be asked for the
+Application PIN of the card.  The final step is to write the certificate
+to the card using 'gpg-card':
+
+     gpg/card> writecert PIV.9C < sign.crt
+
+   By running list again we will see the fully initialized card:
+
+     Reader ...........: 1050:0407:X:0
+     Card type ........: yubikey
+     Card firmware ....: 5.1.2
+     Serial number ....: FF020001008A77C1
+     Application type .: PIV
+     Version ..........: 1.0
+     Displayed s/n ....: yk-9074625
+     PIN usage policy .: app-pin
+     PIN retry counter : - [verified] -
+     PIV authentication: 213D1825FDE0F8240CB4E4229F01AF90AC658C2E
+           keyref .....: PIV.9A  (auth)
+           algorithm ..: nistp384
+     Card authenticat. : 7A53E6CFFE7220A0E646B4632EE29E5A7104499C
+           keyref .....: PIV.9E  (auth)
+           algorithm ..: nistp256
+     Digital signature : 32A6C6FAFCB8421878608AAB452D5470DD3223ED
+           keyref .....: PIV.9C  (sign,cert)
+           algorithm ..: rsa2048
+           used for ...: X.509
+             user id ..: CN=Signing key for yk-9074625,O=example,C=DE
+             user id ..: <otto@example.net>
+     Key management ...: 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+           keyref .....: PIV.9D  (encr)
+           algorithm ..: rsa2048
+           used for ...: X.509
+             user id ..: CN=Encryption key for yk-9074625,O=example,C=DE
+             user id ..: <otto@example.net>
+
+   It is now possible to sign and to encrypt with this card using gpgsm
+and to use the 'PIV authentication' key with ssh:
+
+     $ ssh-add -l
+     384 SHA256:0qnJ0Y0ehWxKcx2frLfEljf6GCdlO55OZed5HqGHsaU cardno:yk-9074625 (ECDSA)
+
+   As usual use ssh-add with the uppercase '-L' to list the public ssh
+key.  To use the certificates with Thunderbird or Mozilla, please
+consult the Scute manual for details.
+
+   If you want to use the same PIV keys also for OpenPGP (for example on
+a Yubikey to avoid switching between OpenPGP and PIV), this is also
+possible:
+
+     $ gpgsm --learn
+     $ gpg --full-gen-key
+     Please select what kind of key you want:
+        (1) RSA and RSA (default)
+        (2) DSA and Elgamal
+        (3) DSA (sign only)
+        (4) RSA (sign only)
+       (14) Existing key from card
+     Your selection? 14
+     Serial number of the card: FF020001008A77C1
+     Available keys:
+        (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384 (auth)
+        (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256 (auth)
+        (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048 (cert,sign)
+        (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048 (encr)
+     Your selection? 3
+     Please specify how long the key should be valid.
+              0 = key does not expire
+           <n>  = key expires in n days
+           <n>w = key expires in n weeks
+           <n>m = key expires in n months
+           <n>y = key expires in n years
+     Key is valid for? (0)
+     Key does not expire at all
+     Is this correct? (y/N) y
+
+     GnuPG needs to construct a user ID to identify your key.
+
+     Real name:
+     Email address: otto@example.net
+     Comment:
+     You selected this USER-ID:
+         "otto@example.net"
+
+     Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
+     gpg: key C3AFA9ED971BB365 marked as ultimately trusted
+     gpg: revocation certificate stored as '[...]D971BB365.rev'
+     public and secret key created and signed.
+
+     Note that this key cannot be used for encryption.  You may want to use
+     the command "--edit-key" to generate a subkey for this purpose.
+     pub   rsa2048 2019-04-04 [SC]
+           7F899AE2FB73159DD68A1B20C3AFA9ED971BB365
+     uid                      otto@example.net
+
+   Note that you will be asked two times to enter the PIN of your PIV
+card.  If you run 'gpg' in '--expert' mode you will also ge given the
+option to change the usage flags of the key.  The next typescript shows
+how to add the encryption subkey:
+
+     $ gpg --edit-key 7F899AE2FB73159DD68A1B20C3AFA9ED971BB365
+     Secret key is available.
+
+     sec  rsa2048/C3AFA9ED971BB365
+          created: 2019-04-04  expires: never       usage: SC
+          card-no: FF020001008A77C1
+          trust: ultimate      validity: ultimate
+     [ultimate] (1). otto@example.net
+     gpg> addkey
+     Secret parts of primary key are stored on-card.
+     Please select what kind of key you want:
+        (3) DSA (sign only)
+        (4) RSA (sign only)
+        (5) Elgamal (encrypt only)
+        (6) RSA (encrypt only)
+       (14) Existing key from card
+     Your selection? 14
+     Serial number of the card: FF020001008A77C1
+     Available keys:
+        (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384 (auth)
+        (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256 (auth)
+        (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048 (cert,sign)
+        (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048 (encr)
+     Your selection? 4
+     Please specify how long the key should be valid.
+              0 = key does not expire
+           <n>  = key expires in n days
+           <n>w = key expires in n weeks
+           <n>m = key expires in n months
+           <n>y = key expires in n years
+     Key is valid for? (0)
+     Key does not expire at all
+     Is this correct? (y/N) y
+     Really create? (y/N) y
+
+     sec  rsa2048/C3AFA9ED971BB365
+          created: 2019-04-04  expires: never       usage: SC
+          card-no: FF020001008A77C1
+          trust: ultimate      validity: ultimate
+     ssb  rsa2048/7067860A98FCE6E1
+          created: 2019-04-04  expires: never       usage: E
+          card-no: FF020001008A77C1
+     [ultimate] (1). otto@example.net
+
+     gpg> save
+
+   Now you can use your PIV card also with 'gpg'.
+
+
+File: gnupg.info,  Node: Helper Tools,  Next: Web Key Service,  Prev: Smart Card Tool,  Up: Top
+
+10 Helper Tools
+***************
 
 GnuPG comes with a couple of smaller tools:
 
@@ -1333,8 +2037,8 @@ GnuPG comes with a couple of smaller tools:
 
 File: gnupg.info,  Node: watchgnupg,  Next: gpgv,  Up: Helper Tools
 
-9.1 Read logs from a socket
-===========================
+10.1 Read logs from a socket
+============================
 
 Most of the main utilities are able to write their log files to a Unix
 Domain socket if configured that way.  'watchgnupg' is a simple listener
@@ -1344,20 +2048,36 @@ other utilities.  This tool is not available for Windows.
 
 'watchgnupg' is commonly invoked as
 
+     watchgnupg
+
+   which is a shorthand for
+
      watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
 
+   To watch GnuPG running with a different home directory, use
+
+     watchgnupg --homedir DIR
+
 This starts it on the current terminal for listening on the standard
-logging socket (which is either '~/.gnupg/S.log' or
-'/var/run/user/UID/gnupg/S.log').
+logging socket (this is commonly '/var/run/user/UID/gnupg/S.log' or if
+no such user directory hierarchy exists '~/.gnupg/S.log').
 
 'watchgnupg' understands these options:
 
 '--force'
-     Delete an already existing socket file.
+     Delete an already existing socket file.  This option is implicitly
+     used if no socket name has been given on the command line.
+
+'--homedir DIR'
+     If no socket name is given on the command line, pass DIR to gpgconf
+     so that the socket for a GnuPG running with DIR has its home
+     directory is used.  Note that the environment variable GNUPGHOME is
+     ignored by watchgnupg.
 
 '--tcp N'
      Instead of reading from a local socket, listen for connects on TCP
-     port N.
+     port N.  A Unix domain socket can optionally also be given as a
+     second source.  This option does not use a default socket name.
 
 '--time-only'
      Do not print the date part of the timestamp.
@@ -1375,12 +2095,13 @@ logging socket (which is either '~/.gnupg/S.log' or
 Examples
 ********
 
-     $ watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log
+     $ watchgnupg --time-only
 
    This waits for connections on the local socket (e.g.
-'/home/foo/.gnupg/S.log') and shows all log entries.  To make this work
-the option 'log-file' needs to be used with all modules which logs are
-to be shown.  The suggested entry for the configuration files is:
+'/var/run/user/1234/gnupg/S.log') and shows all log entries.  To make
+this work the option 'log-file' needs to be used with all modules which
+logs are to be shown.  The suggested entry for the configuration files
+is:
 
      log-file socket://
 
@@ -1404,8 +2125,8 @@ debugging.
 
 File: gnupg.info,  Node: gpgv,  Next: addgnupghome,  Prev: watchgnupg,  Up: Helper Tools
 
-9.2 Verify OpenPGP signatures
-=============================
+10.2 Verify OpenPGP signatures
+==============================
 
 'gpgv' is an OpenPGP signature verification tool.
 
@@ -1505,8 +2226,8 @@ specified keyrings will be used together.
    The program returns 0 if everything is fine, 1 if at least one
 signature was bad, and other error codes for fatal errors.
 
-9.2.1 Examples
---------------
+10.2.1 Examples
+---------------
 
 gpgv 'pgpfile'
 gpgv 'sigfile' ['datafile']
@@ -1518,8 +2239,8 @@ gpgv 'sigfile' ['datafile']
      data is constructed by cutting off the extension (".asc", ".sig" or
      ".sign") from 'sigfile'.
 
-9.2.2 Environment
------------------
+10.2.2 Environment
+------------------
 
 HOME
      Used to locate the default home directory.
@@ -1527,8 +2248,8 @@ HOME
 GNUPGHOME
      If set directory used instead of "~/.gnupg".
 
-9.2.3 FILES
------------
+10.2.3 FILES
+------------
 
 ~/.gnupg/trustedkeys.gpg
      The default keyring with the allowed keys.
@@ -1538,8 +2259,8 @@ GNUPGHOME
 
 File: gnupg.info,  Node: addgnupghome,  Next: gpgconf,  Prev: gpgv,  Up: Helper Tools
 
-9.3 Create .gnupg home directories
-==================================
+10.3 Create .gnupg home directories
+===================================
 
 If GnuPG is installed on a system with existing user accounts, it is
 sometimes required to populate the GnuPG home directory with existing
@@ -1556,8 +2277,8 @@ existing GnuPG home directories.
 
 File: gnupg.info,  Node: gpgconf,  Next: applygnupgdefaults,  Prev: addgnupghome,  Up: Helper Tools
 
-9.4 Modify .gnupg home directories
-==================================
+10.4 Modify .gnupg home directories
+===================================
 
 The 'gpgconf' is a utility to automatically and reasonable safely query
 and modify configuration files in the '.gnupg' home directory.  It is
@@ -1608,8 +2329,8 @@ provide more guarantees.
 
 File: gnupg.info,  Node: Invoking gpgconf,  Next: Format conventions,  Up: gpgconf
 
-9.4.1 Invoking gpgconf
-----------------------
+10.4.1 Invoking gpgconf
+-----------------------
 
 One of the following commands must be given:
 
@@ -1641,12 +2362,9 @@ One of the following commands must be given:
 
 '--apply-defaults'
      Update all configuration files with values taken from the global
-     configuration file (usually '/etc/gnupg/gpgconf.conf').  Note: This
-     is a legacy mechanism.  Please use global configuraion files
-     instead.
+     configuration file (usually '/etc/gnupg/gpgconf.conf').
 
 '--list-dirs [NAMES]'
-'-L'
      Lists the directories used by 'gpgconf'.  One directory is listed
      per line, and each line consists of a colon-separated list where
      the first field names the directory type (for example 'sysconfdir')
@@ -1678,7 +2396,6 @@ One of the following commands must be given:
                  gpg-connect-agent --dirmngr 'loadswdb --force' /bye
 
 '--reload [COMPONENT]'
-'-R'
      Reload all or the given component.  This is basically the same as
      sending a SIGHUP to the component.  Components which don't support
      reloading are ignored.  Without COMPONENT or by using "all" for
@@ -1693,7 +2410,6 @@ One of the following commands must be given:
      launches all components which are daemons.
 
 '--kill [COMPONENT]'
-'-K'
      Kill the given component that runs as a daemon, including
      'gpg-agent', 'dirmngr', and 'scdaemon'.  A 'component' which does
      not run as a daemon will be ignored.  Using "all" for COMPONENT
@@ -1745,6 +2461,15 @@ One of the following commands must be given:
      'ROOT/home' for the GnuPG home and 'ROOT/usr/local/var/cache/gnupg'
      for internal cache files.
 
+'--chuid UID'
+     Change the current user to UID which may either be a number or a
+     name.  This can be used from the root account to get information on
+     the GnuPG environment of the specified user or to start or kill
+     daemons.  If UID is not the current UID a standard PATH is set and
+     the envvar GNUPGHOME is unset.  To override the latter the option
+     '--homedir' can be used.  This option has currently no effect on
+     Windows.
+
 '-n'
 '--dry-run'
      Do not actually change anything.  This is currently only
@@ -1771,8 +2496,8 @@ One of the following commands must be given:
 
 File: gnupg.info,  Node: Format conventions,  Next: Listing components,  Prev: Invoking gpgconf,  Up: gpgconf
 
-9.4.2 Format conventions
-------------------------
+10.4.2 Format conventions
+-------------------------
 
 Some lines in the output of 'gpgconf' contain a list of colon-separated
 fields.  The following conventions apply:
@@ -1885,8 +2610,8 @@ the locale environment of the 'gpgconf' program.
 
 File: gnupg.info,  Node: Listing components,  Next: Checking programs,  Prev: Format conventions,  Up: gpgconf
 
-9.4.3 Listing components
-------------------------
+10.4.3 Listing components
+-------------------------
 
 The command '--list-components' will list all components that can be
 configured with 'gpgconf'.  Usually, one component will correspond to
@@ -1935,8 +2660,8 @@ PGMNAME
 
 File: gnupg.info,  Node: Checking programs,  Next: Listing options,  Prev: Listing components,  Up: gpgconf
 
-9.4.4 Checking programs
------------------------
+10.4.4 Checking programs
+------------------------
 
 The command '--check-programs' is similar to '--list-components' but
 works on backend programs and not on components.  It runs each program
@@ -2005,8 +2730,8 @@ component COMPONENT.
 
 File: gnupg.info,  Node: Listing options,  Next: Changing options,  Prev: Checking programs,  Up: gpgconf
 
-9.4.5 Listing options
----------------------
+10.4.5 Listing options
+----------------------
 
 Every component contains one or more options.  Options may be gathered
 into option groups to allow the GUI to give visual hints to the user
@@ -2017,10 +2742,6 @@ groups they belong to) in the component COMPONENT, one per line.
 COMPONENT must be the string in the field NAME in the output of the
 '--list-components' command.
 
-   Take care if system-wide options are used: gpgconf may not be able to
-properly show the options and the listed options may have no actual
-effect in case the system-wide options enforced their own settings.
-
    There is one line for each option and each group.  First come all
 options that are not in any group.  Then comes a line describing a
 group.  Then come all options that belong into each group.  Then comes
@@ -2205,8 +2926,8 @@ VALUE
 
 File: gnupg.info,  Node: Changing options,  Next: Listing global options,  Prev: Listing options,  Up: gpgconf
 
-9.4.6 Changing options
-----------------------
+10.4.6 Changing options
+-----------------------
 
 The command '--change-options COMPONENT' will attempt to change the
 options of the component COMPONENT to the specified values.  COMPONENT
@@ -2253,17 +2974,12 @@ the modified configuration file.
 
 File: gnupg.info,  Node: Listing global options,  Next: Querying versions,  Prev: Changing options,  Up: gpgconf
 
-9.4.7 Listing global options
-----------------------------
-
-Some legacy applications look at the global configuration file for the
-gpgconf tool itself; this is the file 'gpgconf.conf'.  Modern
-applications should not use it but use per component global
-configuration files which are more flexible than the 'gpgconf.conf'.
-Using both files is not suggested.
+10.4.7 Listing global options
+-----------------------------
 
-   The colon separated listing format is record oriented and uses the
-first field to identify the record type:
+Sometimes it is useful for applications to look at the global options
+file 'gpgconf.conf'.  The colon separated listing format is record
+oriented and uses the first field to identify the record type:
 
 'k'
      This describes a key record to start the definition of a new
@@ -2309,8 +3025,8 @@ intentionally no feature to change the global option file through
 
 File: gnupg.info,  Node: Querying versions,  Next: Files used by gpgconf,  Prev: Listing global options,  Up: gpgconf
 
-9.4.8 Get and compare software versions.
-----------------------------------------
+10.4.8 Get and compare software versions.
+-----------------------------------------
 
 The GnuPG Project operates a server to query the current versions of
 software packages related to GnuPG. 'gpgconf' can be used to access this
@@ -2385,15 +3101,13 @@ More fields may be added in future to the output.
 
 File: gnupg.info,  Node: Files used by gpgconf,  Prev: Querying versions,  Up: gpgconf
 
-9.4.9 Files used by gpgconf
----------------------------
+10.4.9 Files used by gpgconf
+----------------------------
 
 '/etc/gnupg/gpgconf.conf'
      If this file exists, it is processed as a global configuration
-     file.  This is a legacy mechanism which should not be used tigether
-     with the modern global per component configuration files.  A
-     commented example can be found in the 'examples' directory of the
-     distribution.
+     file.  A commented example can be found in the 'examples' directory
+     of the distribution.
 
 'GNUPGHOME/swdb.lst'
      A file with current software versions.  'dirmngr' creates this file
@@ -2402,13 +3116,10 @@ File: gnupg.info,  Node: Files used by gpgconf,  Prev: Querying versions,  Up: g
 
 File: gnupg.info,  Node: applygnupgdefaults,  Next: gpg-preset-passphrase,  Prev: gpgconf,  Up: Helper Tools
 
-9.5 Run gpgconf for all users
-=============================
-
-This is a legacy script.  Modern application should use the per
-component global configuration files under '/etc/gnupg/'.
+10.5 Run gpgconf for all users
+==============================
 
-   This script is a wrapper around 'gpgconf' to run it with the command
+This script is a wrapper around 'gpgconf' to run it with the command
 '--apply-defaults' for all real users with an existing GnuPG home
 directory.  Admins might want to use this script to update he GnuPG
 configuration files for all users after '/etc/gnupg/gpgconf.conf' has
@@ -2424,8 +3135,8 @@ bypass gpgconf.
 
 File: gnupg.info,  Node: gpg-preset-passphrase,  Next: gpg-connect-agent,  Prev: applygnupgdefaults,  Up: Helper Tools
 
-9.6 Put a passphrase into the cache
-===================================
+10.6 Put a passphrase into the cache
+====================================
 
 The 'gpg-preset-passphrase' is a utility to seed the internal cache of a
 running 'gpg-agent' with passphrases.  It is mainly useful for
@@ -2449,8 +3160,8 @@ It is necessary to allow this passphrase presetting by starting
 
 File: gnupg.info,  Node: Invoking gpg-preset-passphrase,  Up: gpg-preset-passphrase
 
-9.6.1 List of all commands and options
---------------------------------------
+10.6.1 List of all commands and options
+---------------------------------------
 
 'gpg-preset-passphrase' is invoked this way:
 
@@ -2489,8 +3200,8 @@ The following additional options may be used:
 
 File: gnupg.info,  Node: gpg-connect-agent,  Next: dirmngr-client,  Prev: gpg-preset-passphrase,  Up: Helper Tools
 
-9.7 Communicate with a running agent
-====================================
+10.7 Communicate with a running agent
+=====================================
 
 The 'gpg-connect-agent' is a utility to communicate with a running
 'gpg-agent'.  It is useful to check out the commands 'gpg-agent'
@@ -2509,8 +3220,8 @@ connect to a running instance.
 
 File: gnupg.info,  Node: Invoking gpg-connect-agent,  Next: Controlling gpg-connect-agent,  Up: gpg-connect-agent
 
-9.7.1 List of all options
--------------------------
+10.7.1 List of all options
+--------------------------
 
 'gpg-connect-agent' is invoked this way:
 
@@ -2518,6 +3229,28 @@ File: gnupg.info,  Node: Invoking gpg-connect-agent,  Next: Controlling gpg-conn
 
 The following options may be used:
 
+'--dirmngr'
+     Connect to a running directory manager (keyserver client) instead
+     of to the gpg-agent.  If a dirmngr is not running, start it.
+
+'--keyboxd'
+     Connect to a running keybox daemon instead of to the gpg-agent.  If
+     a keyboxd is not running, start it.
+
+'-S'
+'--raw-socket NAME'
+     Connect to socket NAME assuming this is an Assuan style server.  Do
+     not run any special initializations or environment checks.  This
+     may be used to directly connect to any Assuan style socket server.
+
+'-E'
+'--exec'
+     Take the rest of the command line as a program and it's arguments
+     and execute it as an Assuan server.  Here is how you would run
+     'gpgsm':
+           gpg-connect-agent --exec gpgsm --server
+     Note that you may not use options on the command line in this case.
+
 '-v'
 '--verbose'
      Output additional information while running.
@@ -2547,6 +3280,29 @@ The following options may be used:
      'ROOT/home' for the GnuPG home and 'ROOT/usr/local/var/cache/gnupg'
      for internal cache files.
 
+'--chuid UID'
+     Change the current user to UID which may either be a number or a
+     name.  This can be used from the root account to run
+     gpg-connect-agent for another user.  If UID is not the current UID
+     a standard PATH is set and the envvar GNUPGHOME is unset.  To
+     override the latter the option '--homedir' can be used.  This
+     option has only an effect when used on the command line.  This
+     option has currently no effect at all on Windows.
+
+'--no-ext-connect'
+     When using '-S' or '--exec', 'gpg-connect-agent' connects to the
+     Assuan server in extended mode to allow descriptor passing.  This
+     option makes it use the old mode.
+
+'--no-autostart'
+     Do not start the gpg-agent or the dirmngr if it has not yet been
+     started.
+
+'--no-history'
+     In interactive mode the command line history is usually saved and
+     restored to and from a file below the GnuPG home directory.  This
+     option inhibits the use of that file.
+
 '--agent-program FILE'
      Specify the agent program to be started if none is running.  The
      default value is determined by running 'gpgconf' with the option
@@ -2559,32 +3315,10 @@ The following options may be used:
      started if none is running.  This has only an effect if used
      together with the option '--dirmngr'.
 
-'--dirmngr'
-     Connect to a running directory manager (keyserver client) instead
-     of to the gpg-agent.  If a dirmngr is not running, start it.
-
-'-S'
-'--raw-socket NAME'
-     Connect to socket NAME assuming this is an Assuan style server.  Do
-     not run any special initializations or environment checks.  This
-     may be used to directly connect to any Assuan style socket server.
-
-'-E'
-'--exec'
-     Take the rest of the command line as a program and it's arguments
-     and execute it as an Assuan server.  Here is how you would run
-     'gpgsm':
-           gpg-connect-agent --exec gpgsm --server
-     Note that you may not use options on the command line in this case.
-
-'--no-ext-connect'
-     When using '-S' or '--exec', 'gpg-connect-agent' connects to the
-     Assuan server in extended mode to allow descriptor passing.  This
-     option makes it use the old mode.
-
-'--no-autostart'
-     Do not start the gpg-agent or the dirmngr if it has not yet been
-     started.
+'--keyboxd-program FILE'
+     Specify the keybox daemon program to be started if none is running.
+     This has only an effect if used together with the option
+     '--keyboxd'.
 
 '-r FILE'
 '--run FILE'
@@ -2607,8 +3341,8 @@ The following options may be used:
 
 File: gnupg.info,  Node: Controlling gpg-connect-agent,  Prev: Invoking gpg-connect-agent,  Up: gpg-connect-agent
 
-9.7.2 Control commands
-----------------------
+10.7.2 Control commands
+-----------------------
 
 While reading Assuan commands, gpg-agent also allows a few special
 commands to control its operation.  These control commands all start
@@ -2792,6 +3526,9 @@ with a slash ('/').
 '/run FILE'
      Run commands from FILE.
 
+'/history --clear'
+     Clear the command history.
+
 '/bye'
      Terminate the connection and the program.
 
@@ -2801,8 +3538,8 @@ with a slash ('/').
 
 File: gnupg.info,  Node: dirmngr-client,  Next: gpgparsemail,  Prev: gpg-connect-agent,  Up: Helper Tools
 
-9.8 The Dirmngr Client Tool
-===========================
+10.8 The Dirmngr Client Tool
+============================
 
 The 'dirmngr-client' is a simple tool to contact a running dirmngr and
 test whether a certificate has been revoked -- either by being listed in
@@ -2905,8 +3642,8 @@ tested.  The return value of this command is
 
 File: gnupg.info,  Node: gpgparsemail,  Next: gpgtar,  Prev: dirmngr-client,  Up: Helper Tools
 
-9.9 Parse a mail message into an annotated format
-=================================================
+10.9 Parse a mail message into an annotated format
+==================================================
 
 The 'gpgparsemail' is a utility currently only useful for debugging.
 Run it with '--help' for usage information.
@@ -2914,8 +3651,8 @@ Run it with '--help' for usage information.
 
 File: gnupg.info,  Node: gpgtar,  Next: gpg-check-pattern,  Prev: gpgparsemail,  Up: Helper Tools
 
-9.10 Encrypt or sign files into an archive
-==========================================
+10.10 Encrypt or sign files into an archive
+===========================================
 
 'gpgtar' encrypts or signs files into an archive.  It is an gpg-ized tar
 using the same format as used by PGP's PGP Zip.
@@ -3014,31 +3751,6 @@ using the same format as used by PGP's PGP Zip.
      be used to encrypt or sign using the CMS protocol; but that is not
      yet implemented.
 
-'--batch'
-     Use batch mode.  Never ask but use the default action.  This option
-     is passed directly to 'gpg'.
-
-'--yes'
-     Assume "yes" on most questions.  Often used together with '--batch'
-     to overwrite existing files.  This option is passed directly to
-     'gpg'.
-
-'--no'
-     Assume "no" on most questions.  This option is passed directly to
-     'gpg'.
-
-'--require-compliance'
-     This option is passed directly to 'gpg'.
-
-'--status-fd N'
-     Write special status strings to the file descriptor N.  See the
-     file DETAILS in the documentation for a listing of them.
-
-'--with-log'
-     When extracting an encrypted tarball also write a log file with the
-     gpg output to a file named after the extraction directory with the
-     suffix ".log".
-
 '--set-filename FILE'
      Use the last component of FILE as the output directory.  The
      default is to take the directory name from the input filename.  If
@@ -3057,6 +3769,9 @@ using the same format as used by PGP's PGP Zip.
      "-files-from", and "-null" This is an obsolete options because
      those supported tar options can also be given directly.
 
+'--tar COMMAND'
+     This is a dummy option for backward compatibility.
+
 '--version'
      Print version of the program and exit.
 
@@ -3078,54 +3793,12 @@ List the contents of archive 'test1':
 
 File: gnupg.info,  Node: gpg-check-pattern,  Prev: gpgtar,  Up: Helper Tools
 
-9.11 Check a passphrase on stdin against the patternfile
-========================================================
+10.11 Check a passphrase on stdin against the patternfile
+=========================================================
 
 'gpg-check-pattern' checks a passphrase given on stdin against a
 specified pattern file.
 
-   The pattern file is line based with comment lines beginning on the
-_first_ position with a '#'.  Empty lines and lines with only white
-spaces are ignored.  The actual pattern lines may either be verbatim
-string pattern and match as they are (trailing spaces are ignored) or
-extended regular expressions indicated by a '/' or '!/' in the first
-column and terminated by another '/' or end of line.  If a regular
-expression starts with '!/' the match result is reversed.  By default
-all comparisons are case insensitive.
-
-   Tag lines may be used to further control the operation of this tool.
-The currently defined tags are:
-
-'[icase]'
-     Switch to case insensitive comparison for all further patterns.
-     This is the default.
-
-'[case]'
-     Switch to case sensitive comparison for all further patterns.
-
-'[reject]'
-     Switch to reject mode.  This is the default mode.
-
-'[accept]'
-     Switch to accept mode.
-
-   In the future more tags may be introduced and thus it is advisable
-not to start a plain pattern string with an open bracket.  The tags must
-be given verbatim on the line with no spaces to the left or any non
-white space characters to the right.
-
-   In reject mode the program exits on the first match with an exit code
-of 1 (failure).  If at the end of the pattern list the reject mode is
-still active the program exits with code 0 (success).
-
-   In accept mode blocks of patterns are used.  A block starts at the
-next pattern after an "accept" tag and ends with the last pattern before
-the next "accept" or "reject" tag or at the end of the pattern list.  If
-all patterns in a block match the program exits with an exit code of 0
-(success).  If any pattern in a block do not match the next pattern
-block is evaluated.  If at the end of the pattern list the accept mode
-is still active the program exits with code 1 (failure).
-
 
 '--verbose'
      Enable extra informational output.
@@ -3139,7 +3812,7 @@ is still active the program exits with code 1 (failure).
 
 File: gnupg.info,  Node: Web Key Service,  Next: Howtos,  Prev: Helper Tools,  Up: Top
 
-10 Web Key Service
+11 Web Key Service
 ******************
 
 GnuPG comes with tools used to maintain and access a Web Key Directory.
@@ -3152,11 +3825,11 @@ GnuPG comes with tools used to maintain and access a Web Key Directory.
 
 File: gnupg.info,  Node: gpg-wks-client,  Next: gpg-wks-server,  Up: Web Key Service
 
-10.1 Send requests via WKS
+11.1 Send requests via WKS
 ==========================
 
 The 'gpg-wks-client' is used to send requests to a Web Key Service
-provider.  This is usually done to upload a key into a Web Key
+provider.  This is usuallay done to upload a key into a Web Key
 Directory.
 
    With the '--supported' command the caller can test whether a site
@@ -3204,13 +3877,6 @@ or via stdin (one user-id per line).
 for the given user-ids from WKD. The meanwhile preferred format with
 sub-domains is used here.
 
-   'gpg-wks-client' is not commonly invoked directly and thus it is not
-installed in the bin directory.  Here is an example how it can be
-invoked manually to check for a Web Key Directory entry for
-'foo@example.org':
-
-     $(gpgconf --list-dirs libexecdir)/gpg-wks-client --check foo@example.net
-
 'gpg-wks-client' understands these options:
 
 '--send'
@@ -3282,20 +3948,20 @@ invoked manually to check for a Web Key Directory entry for
 
 File: gnupg.info,  Node: gpg-wks-server,  Prev: gpg-wks-client,  Up: Web Key Service
 
-10.2 Provide the Web Key Service
+11.2 Provide the Web Key Service
 ================================
 
-The 'gpg-wks-server' is a server site implementation of the Web Key
+The 'gpg-wks-server' is a server side implementation of the Web Key
 Service.  It receives requests for publication, sends confirmation
 requests, receives confirmations, and published the key.  It also has
 features to ease the setup and maintenance of a Web Key Directory.
 
    When used with the command '--receive' a single Web Key Service mail
 is processed.  Commonly this command is used with the option '--send' to
-directly send the crerated mails back.  See below for an installation
+directly send the created mails back.  See below for an installation
 example.
 
-   The command '--cron' is used for regualr cleanup tasks.  For example
+   The command '--cron' is used for regular cleanup tasks.  For example
 non-confirmed requested should be removed after their expire time.  It
 is best to run this command once a day from a cronjob.
 
@@ -3396,7 +4062,7 @@ address for all configured domains, for example:
        $ cd /var/lib/gnupg/wks/example.net
        $ echo key-submission@example.net >submission-address
 
-   The protocol requires that the key to be published is send with an
+   The protocol requires that the key to be published is sent with an
 encrypted mail to the service.  Thus you need to create a key for the
 submission address:
 
@@ -3405,10 +4071,11 @@ submission address:
 
    The output of the last command looks similar to this:
 
-       sec   rsa2048 2016-08-30 [SC]
+       sec   rsa3072 2016-08-30 [SC]
              C0FCF8642D830C53246211400346653590B3795B
        uid           [ultimate] key-submission@example.net
-       ssb   rsa2048 2016-08-30 [E]
+                     bxzcxpxk8h87z1k7bzk86xn5aj47intu@example.net
+       ssb   rsa3072 2016-08-30 [E]
 
    Take the fingerprint from that output and manually publish the key:
 
@@ -3430,7 +4097,7 @@ webkey's '.procmailrc':
 
 File: gnupg.info,  Node: Howtos,  Next: System Notes,  Prev: Web Key Service,  Up: Top
 
-11 How to do certain things
+12 How to do certain things
 ***************************
 
 This is a collection of small howto documents.
@@ -3442,7 +4109,7 @@ This is a collection of small howto documents.
 
 File: gnupg.info,  Node: Howto Create a Server Cert,  Up: Howtos
 
-11.1 Creating a TLS server certificate
+12.1 Creating a TLS server certificate
 ======================================
 
 Here is a brief run up on how to create a server certificate.  It has
@@ -3652,7 +4319,7 @@ as it is available in GnuPG's private key database.
 
 File: gnupg.info,  Node: System Notes,  Next: Debugging,  Prev: Howtos,  Up: Top
 
-12 Notes pertaining to certain OSes
+13 Notes pertaining to certain OSes
 ***********************************
 
 GnuPG has been developed on GNU/Linux systems and is know to work on
@@ -3681,7 +4348,7 @@ to fix first.  The major problem areas are:
 
 File: gnupg.info,  Node: W32 Notes,  Up: System Notes
 
-12.1 Microsoft Windows Notes
+13.1 Microsoft Windows Notes
 ============================
 
 Current limitations are:
@@ -3697,7 +4364,7 @@ Current limitations are:
 
 File: gnupg.info,  Node: Debugging,  Next: Copying,  Prev: System Notes,  Up: Top
 
-13 How to solve problems
+14 How to solve problems
 ************************
 
 Everyone knows that software often does not do what it should do and
@@ -3719,7 +4386,7 @@ solve the problem at hand.
 
 File: gnupg.info,  Node: Debugging Tools,  Next: Debugging Hints,  Up: Debugging
 
-13.1 Debugging Tools
+14.1 Debugging Tools
 ====================
 
 The GnuPG distribution comes with a couple of tools, useful to help find
@@ -3732,7 +4399,7 @@ and solving problems.
 
 File: gnupg.info,  Node: kbxutil,  Up: Debugging Tools
 
-13.1.1 Scrutinizing a keybox file
+14.1.1 Scrutinizing a keybox file
 ---------------------------------
 
 A keybox is a file format used to store public keys along with meta
@@ -3777,7 +4444,7 @@ should not occur but sometimes things go wrong), run it using
 
 File: gnupg.info,  Node: Debugging Hints,  Next: Common Problems,  Prev: Debugging Tools,  Up: Debugging
 
-13.2 Various hints on debugging
+14.2 Various hints on debugging
 ===============================
 
    * How to find the IP address of a keyserver
@@ -3805,7 +4472,7 @@ File: gnupg.info,  Node: Debugging Hints,  Next: Common Problems,  Prev: Debuggi
 
 File: gnupg.info,  Node: Common Problems,  Next: Architecture Details,  Prev: Debugging Hints,  Up: Debugging
 
-13.3 Commonly Seen Problems
+14.3 Commonly Seen Problems
 ===========================
 
    * Error code 'Not supported' from Dirmngr
@@ -3923,7 +4590,7 @@ File: gnupg.info,  Node: Common Problems,  Next: Architecture Details,  Prev: De
 
 File: gnupg.info,  Node: Architecture Details,  Prev: Common Problems,  Up: Debugging
 
-13.4 How the whole thing works internally
+14.4 How the whole thing works internally
 =========================================
 
 * Menu:
@@ -3934,17 +4601,17 @@ File: gnupg.info,  Node: Architecture Details,  Prev: Common Problems,  Up: Debu
 
 File: gnupg.info,  Node: Component interaction,  Next: GnuPG-1 and GnuPG-2,  Up: Architecture Details
 
-13.4.1 How the components work together
+14.4.1 How the components work together
 ---------------------------------------
 
       [image src="gnupg-module-overview.png" alt="GnuPG modules"]
 
-Figure 13.1: GnuPG module overview
+Figure 14.1: GnuPG module overview
 
 
 File: gnupg.info,  Node: GnuPG-1 and GnuPG-2,  Prev: Component interaction,  Up: Architecture Details
 
-13.4.2 Relationship between GnuPG 1.4 and 2.x
+14.4.2 Relationship between GnuPG 1.4 and 2.x
 ---------------------------------------------
 
 Here is a little picture showing how the different GnuPG versions make
@@ -3952,7 +4619,7 @@ use of a smartcard:
 
 [image src="gnupg-card-architecture.png" alt="GnuPG card architecture"]
 
-Figure 13.2: GnuPG card architecture
+Figure 14.2: GnuPG card architecture
 
 
 File: gnupg.info,  Node: Copying,  Next: Contributors,  Prev: Debugging,  Up: Top
@@ -4846,103 +5513,117 @@ Option Index
 [index]
 * Menu:
 
-* --override-compliance-check:           GPG Esoteric Options.
-                                                              (line 424)
-* add-servers:                           Dirmngr Options.     (line 310)
+* --no-history:                          gpg-card.            (line  59)
+* --no-history <1>:                      Invoking gpg-connect-agent.
+                                                              (line  82)
+* add-servers:                           Dirmngr Options.     (line 273)
+* aead-algo:                             GPG Esoteric Options.
+                                                              (line 225)
 * agent-program:                         GPG Configuration Options.
-                                                              (line 755)
+                                                              (line 728)
 * agent-program <1>:                     Configuration Options.
-                                                              (line  53)
-* agent-program <2>:                     Invoking gpg-connect-agent.
-                                                              (line  42)
-* allow-admin:                           Scdaemon Options.    (line 204)
-* allow-emacs-pinentry:                  Agent Options.       (line 206)
+                                                              (line  70)
+* agent-program <2>:                     gpg-card.            (line  64)
+* agent-program <3>:                     Invoking gpg-connect-agent.
+                                                              (line  87)
+* allow-admin:                           Scdaemon Options.    (line 175)
+* allow-emacs-pinentry:                  Agent Options.       (line 170)
 * allow-freeform-uid:                    GPG Esoteric Options.
-                                                              (line 367)
-* allow-loopback-pinentry:               Agent Options.       (line 188)
-* allow-multiple-messages:               GPG Esoteric Options.
-                                                              (line 560)
+                                                              (line 397)
+* allow-loopback-pinentry:               Agent Options.       (line 152)
 * allow-non-selfsigned-uid:              GPG Esoteric Options.
-                                                              (line 362)
-* allow-ocsp:                            Dirmngr Options.     (line 327)
-* allow-preset-passphrase:               Agent Options.       (line 183)
+                                                              (line 392)
+* allow-ocsp:                            Dirmngr Options.     (line 294)
+* allow-old-cipher-algos:                GPG Esoteric Options.
+                                                              (line 433)
+* allow-preset-passphrase:               Agent Options.       (line 147)
 * allow-secret-key-import:               GPG Esoteric Options.
-                                                              (line 556)
+                                                              (line 587)
 * allow-version-check:                   Dirmngr Options.     (line 138)
 * allow-weak-digest-algos:               GPG Esoteric Options.
-                                                              (line 403)
+                                                              (line 441)
 * allow-weak-key-signatures:             GPG Esoteric Options.
-                                                              (line 419)
+                                                              (line 457)
 * always-trust:                          Deprecated Options.  (line  21)
+* application-priority:                  Scdaemon Options.    (line 190)
 * armor:                                 GPG Input and Output.
                                                               (line   8)
 * armor <1>:                             Input and Output.    (line   8)
 * ask-cert-expire:                       GPG Esoteric Options.
-                                                              (line 521)
+                                                              (line 552)
 * ask-cert-level:                        GPG Configuration Options.
-                                                              (line 360)
+                                                              (line 354)
 * ask-sig-expire:                        GPG Esoteric Options.
-                                                              (line 507)
+                                                              (line 538)
 * assume-armor:                          Input and Output.    (line  14)
 * assume-base64:                         Input and Output.    (line  18)
 * assume-binary:                         Input and Output.    (line  21)
 * attribute-fd:                          GPG Esoteric Options.
-                                                              (line  92)
+                                                              (line 109)
 * attribute-file:                        GPG Esoteric Options.
-                                                              (line  98)
+                                                              (line 115)
+* authenticate:                          gpg-card.            (line  94)
 * auto-check-trustdb:                    GPG Configuration Options.
-                                                              (line 742)
-* auto-expand-secmem:                    Agent Options.       (line 456)
+                                                              (line 715)
+* auto-expand-secmem:                    Agent Options.       (line 400)
 * auto-issuer-key-retrieve:              Certificate Options. (line  62)
 * auto-key-import:                       GPG Configuration Options.
-                                                              (line 578)
+                                                              (line 559)
 * auto-key-locate:                       GPG Configuration Options.
-                                                              (line 509)
+                                                              (line 502)
 * auto-key-retrieve:                     GPG Configuration Options.
-                                                              (line 590)
+                                                              (line 571)
 * base64:                                Input and Output.    (line  11)
 * batch:                                 Agent Options.       (line  48)
 * batch <1>:                             GPG Configuration Options.
                                                               (line  45)
-* batch <2>:                             gpgtar.              (line 104)
 * bzip2-compress-level:                  GPG Configuration Options.
-                                                              (line 334)
+                                                              (line 328)
 * bzip2-decompress-lowmem:               GPG Configuration Options.
-                                                              (line 344)
+                                                              (line 338)
 * c:                                     Dirmngr Options.     (line  87)
 * cache-cert:                            dirmngr-client.      (line  72)
+* cafpr:                                 gpg-card.            (line 102)
 * call-dirmngr:                          Operational GPGSM Commands.
                                                               (line  27)
 * call-protect-tool:                     Operational GPGSM Commands.
                                                               (line  41)
 * card-edit:                             Operational GPG Commands.
-                                                              (line 210)
+                                                              (line 205)
 * card-status:                           Operational GPG Commands.
-                                                              (line 216)
-* card-timeout:                          Scdaemon Options.    (line 180)
+                                                              (line 211)
+* card-timeout:                          Scdaemon Options.    (line 159)
 * cert-digest-algo:                      GPG Esoteric Options.
-                                                              (line 238)
+                                                              (line 265)
 * cert-notation:                         GPG Esoteric Options.
-                                                              (line 124)
+                                                              (line 141)
 * cert-policy-url:                       GPG Esoteric Options.
-                                                              (line 160)
+                                                              (line 177)
 * change-passphrase:                     OpenPGP Key Management.
-                                                              (line 452)
+                                                              (line 472)
 * change-passphrase <1>:                 Certificate Management.
                                                               (line 109)
 * change-pin:                            Operational GPG Commands.
-                                                              (line 219)
-* check:                                 gpg-check-pattern.   (line  56)
-* check-passphrase-pattern:              Agent Options.       (line 260)
+                                                              (line 214)
+* check:                                 gpg-check-pattern.   (line  14)
+* check-passphrase-pattern:              Agent Options.       (line 223)
 * check-signatures:                      Operational GPG Commands.
                                                               (line 140)
 * check-sigs:                            Operational GPG Commands.
                                                               (line 141)
-* check-sym-passphrase-pattern:          Agent Options.       (line 260)
 * check-trustdb:                         Operational GPG Commands.
-                                                              (line 349)
+                                                              (line 344)
+* chuid:                                 GPG Esoteric Options.
+                                                              (line 639)
+* chuid <1>:                             Esoteric Options.    (line   7)
+* chuid <2>:                             gpg-card.            (line  75)
+* chuid <3>:                             Invoking gpgconf.    (line 136)
+* chuid <4>:                             Invoking gpg-connect-agent.
+                                                              (line  64)
+* chunk-size:                            GPG Input and Output.
+                                                              (line  29)
 * cipher-algo:                           GPG Esoteric Options.
-                                                              (line 199)
+                                                              (line 216)
 * cipher-algo <1>:                       CMS Options.         (line  13)
 * clear-sign:                            Operational GPG Commands.
                                                               (line  17)
@@ -4950,67 +5631,69 @@ Option Index
                                                               (line  18)
 * cms:                                   gpgtar.              (line  99)
 * command-fd:                            GPG Esoteric Options.
-                                                              (line 350)
+                                                              (line 380)
 * command-file:                          GPG Esoteric Options.
-                                                              (line 357)
+                                                              (line 387)
 * comment:                               GPG Esoteric Options.
-                                                              (line 103)
-* compatibility-flags:                   Esoteric Options.    (line  57)
-* compliance:                            Compliance Options.  (line  67)
-* compliance <1>:                        Esoteric Options.    (line  18)
+                                                              (line 120)
+* compliance:                            Compliance Options.  (line  60)
 * compliant-needed:                      GPG Configuration Options.
-                                                              (line 717)
+                                                              (line 690)
 * compress-algo:                         GPG Esoteric Options.
-                                                              (line 215)
+                                                              (line 242)
 * compress-level:                        GPG Configuration Options.
-                                                              (line 334)
+                                                              (line 328)
 * connect-quick-timeout:                 Dirmngr Options.     (line 125)
 * connect-timeout:                       Dirmngr Options.     (line 125)
 * create:                                gpgtar.              (line  16)
-* create-socketdir:                      Invoking gpgconf.    (line  96)
-* csh:                                   Agent Options.       (line 146)
+* create-socketdir:                      Invoking gpgconf.    (line  91)
+* csh:                                   Agent Options.       (line 121)
 * csh <1>:                               Dirmngr Options.     (line  87)
-* ctapi-driver:                          Scdaemon Options.    (line 157)
+* ctapi-driver:                          Scdaemon Options.    (line 136)
 * daemon:                                Agent Commands.      (line  27)
 * daemon <1>:                            Dirmngr Commands.    (line  27)
 * daemon <2>:                            Scdaemon Commands.   (line  31)
 * dearmor:                               Operational GPG Commands.
-                                                              (line 403)
+                                                              (line 398)
 * debug:                                 Agent Options.       (line  82)
 * debug <1>:                             Dirmngr Options.     (line  59)
 * debug <2>:                             GPG Esoteric Options.
                                                               (line  47)
-* debug <3>:                             Esoteric Options.    (line  90)
+* debug <3>:                             Esoteric Options.    (line  63)
 * debug <4>:                             Scdaemon Options.    (line  69)
-* debug-all:                             Agent Options.       (line 106)
+* debug-all:                             Agent Options.       (line  89)
 * debug-all <1>:                         Dirmngr Options.     (line  66)
 * debug-all <2>:                         GPG Esoteric Options.
-                                                              (line  53)
-* debug-all <3>:                         Esoteric Options.    (line 117)
-* debug-all <4>:                         Scdaemon Options.    (line  96)
-* debug-allow-core-dump:                 Esoteric Options.    (line 120)
-* debug-allow-core-dump <1>:             Scdaemon Options.    (line 113)
-* debug-assuan-log-cats:                 Scdaemon Options.    (line 122)
-* debug-disable-ticker:                  Scdaemon Options.    (line 109)
-* debug-ignore-expiration:               Esoteric Options.    (line 131)
+                                                              (line  54)
+* debug-all <3>:                         Esoteric Options.    (line  73)
+* debug-all <4>:                         Scdaemon Options.    (line  76)
+* debug-allow-core-dump:                 Esoteric Options.    (line  76)
+* debug-allow-core-dump <1>:             Scdaemon Options.    (line  93)
+* debug-allow-large-chunks:              GPG Esoteric Options.
+                                                              (line  66)
+* debug-assuan-log-cats:                 Scdaemon Options.    (line 102)
+* debug-disable-ticker:                  Scdaemon Options.    (line  89)
+* debug-ignore-expiration:               Esoteric Options.    (line  87)
 * debug-iolbf:                           GPG Esoteric Options.
-                                                              (line  56)
+                                                              (line  57)
+* debug-iolbf <1>:                       GPG Esoteric Options.
+                                                              (line  61)
 * debug-level:                           Agent Options.       (line  57)
 * debug-level <1>:                       Dirmngr Options.     (line  34)
 * debug-level <2>:                       GPG Esoteric Options.
                                                               (line  22)
-* debug-level <3>:                       Esoteric Options.    (line  65)
+* debug-level <3>:                       Esoteric Options.    (line  38)
 * debug-level <4>:                       Scdaemon Options.    (line  40)
-* debug-log-tid:                         Scdaemon Options.    (line 119)
-* debug-no-chain-validation:             Esoteric Options.    (line 127)
-* debug-pinentry:                        Agent Options.       (line 126)
-* debug-quick-random:                    Agent Options.       (line 114)
-* debug-wait:                            Agent Options.       (line 109)
+* debug-log-tid:                         Scdaemon Options.    (line  99)
+* debug-no-chain-validation:             Esoteric Options.    (line  83)
+* debug-pinentry:                        Agent Options.       (line 109)
+* debug-quick-random:                    Agent Options.       (line  97)
+* debug-wait:                            Agent Options.       (line  92)
 * debug-wait <1>:                        Dirmngr Options.     (line  74)
-* debug-wait <2>:                        Scdaemon Options.    (line  99)
-* debug-wait <3>:                        Scdaemon Options.    (line 104)
+* debug-wait <2>:                        Scdaemon Options.    (line  79)
+* debug-wait <3>:                        Scdaemon Options.    (line  84)
 * decode:                                Invoking gpg-connect-agent.
-                                                              (line  95)
+                                                              (line 118)
 * decrypt:                               Operational GPG Commands.
                                                               (line  59)
 * decrypt <1>:                           Operational GPGSM Commands.
@@ -5018,91 +5701,91 @@ Option Index
 * decrypt <2>:                           gpgtar.              (line  29)
 * decrypt-files:                         Operational GPG Commands.
                                                               (line 114)
-* default-cache-ttl:                     Agent Options.       (line 217)
-* default-cache-ttl <1>:                 Agent Options.       (line 226)
+* default-cache-ttl:                     Agent Options.       (line 181)
+* default-cache-ttl <1>:                 Agent Options.       (line 190)
 * default-cert-expire:                   GPG Esoteric Options.
-                                                              (line 527)
+                                                              (line 558)
 * default-cert-level:                    GPG Configuration Options.
-                                                              (line 368)
+                                                              (line 362)
 * default-key:                           GPG Configuration Options.
                                                               (line  10)
 * default-key <1>:                       Input and Output.    (line  34)
 * default-keyserver-url:                 GPG Esoteric Options.
-                                                              (line 589)
+                                                              (line 613)
 * default-new-key-algo STRING:           GPG Esoteric Options.
-                                                              (line 534)
+                                                              (line 565)
 * default-preference-list:               GPG Esoteric Options.
-                                                              (line 584)
+                                                              (line 608)
 * default-recipient:                     GPG Configuration Options.
                                                               (line  19)
 * default-recipient-self:                GPG Configuration Options.
                                                               (line  23)
 * default-sig-expire:                    GPG Esoteric Options.
-                                                              (line 513)
+                                                              (line 544)
 * delete-keys:                           Operational GPG Commands.
-                                                              (line 224)
+                                                              (line 219)
 * delete-keys <1>:                       Certificate Management.
                                                               (line  60)
 * delete-secret-and-public-key:          Operational GPG Commands.
-                                                              (line 244)
+                                                              (line 239)
 * delete-secret-keys:                    Operational GPG Commands.
-                                                              (line 233)
-* deny-admin:                            Scdaemon Options.    (line 204)
+                                                              (line 228)
+* deny-admin:                            Scdaemon Options.    (line 175)
 * desig-revoke:                          OpenPGP Key Management.
                                                               (line 134)
 * detach-sign:                           Operational GPG Commands.
                                                               (line  28)
 * digest-algo:                           GPG Esoteric Options.
-                                                              (line 208)
+                                                              (line 234)
 * directory:                             gpgtar.              (line  76)
-* directory <1>:                         gpg-wks-client.      (line 115)
+* directory <1>:                         gpg-wks-client.      (line 108)
 * directory <2>:                         gpg-wks-server.      (line  50)
 * dirmngr:                               Invoking gpg-connect-agent.
-                                                              (line  54)
+                                                              (line  13)
 * dirmngr-program:                       GPG Configuration Options.
-                                                              (line 762)
+                                                              (line 735)
 * dirmngr-program <1>:                   Configuration Options.
-                                                              (line  59)
+                                                              (line  76)
 * dirmngr-program <2>:                   Invoking gpg-connect-agent.
-                                                              (line  49)
-* disable-application:                   Scdaemon Options.    (line 214)
-* disable-ccid:                          Scdaemon Options.    (line 162)
-* disable-check-own-socket:              Agent Options.       (line 342)
+                                                              (line  94)
+* disable-application:                   Scdaemon Options.    (line 185)
+* disable-ccid:                          Scdaemon Options.    (line 141)
+* disable-check-own-socket:              Agent Options.       (line 288)
 * disable-check-own-socket <1>:          Dirmngr Options.     (line  79)
 * disable-cipher-algo:                   GPG Esoteric Options.
-                                                              (line 246)
+                                                              (line 276)
 * disable-crl-checks:                    Certificate Options. (line  13)
 * disable-dsa2:                          GPG Configuration Options.
-                                                              (line 196)
-* disable-extended-key-format:           Agent Options.       (line 388)
-* disable-http:                          Dirmngr Options.     (line 217)
-* disable-ipv4:                          Dirmngr Options.     (line 211)
-* disable-ipv6:                          Dirmngr Options.     (line 211)
+                                                              (line 190)
+* disable-extended-key-format:           Agent Options.       (line 334)
+* disable-http:                          Dirmngr Options.     (line 207)
+* disable-ipv4:                          Dirmngr Options.     (line 201)
+* disable-ipv6:                          Dirmngr Options.     (line 201)
 * disable-large-rsa:                     GPG Configuration Options.
-                                                              (line 187)
-* disable-ldap:                          Dirmngr Options.     (line 214)
-* disable-mdc:                           OpenPGP Options.     (line  25)
+                                                              (line 181)
+* disable-ldap:                          Dirmngr Options.     (line 204)
+* disable-mdc:                           OpenPGP Options.     (line  30)
 * disable-ocsp:                          Certificate Options. (line  53)
-* disable-pinpad:                        Scdaemon Options.    (line 201)
+* disable-pinpad:                        Scdaemon Options.    (line 172)
 * disable-policy-checks:                 Certificate Options. (line   8)
 * disable-pubkey-algo:                   GPG Esoteric Options.
-                                                              (line 251)
-* disable-scdaemon:                      Agent Options.       (line 336)
-* disable-signer-uid:                    OpenPGP Options.     (line  31)
+                                                              (line 281)
+* disable-scdaemon:                      Agent Options.       (line 282)
+* disable-signer-uid:                    OpenPGP Options.     (line  37)
 * disable-trusted-cert-crl-check:        Certificate Options. (line  24)
-* display:                               Agent Options.       (line 360)
+* display:                               Agent Options.       (line 306)
 * display-charset:                       GPG Configuration Options.
-                                                              (line 281)
+                                                              (line 275)
 * display-charset:iso-8859-1:            GPG Configuration Options.
-                                                              (line 291)
+                                                              (line 285)
 * display-charset:iso-8859-15:           GPG Configuration Options.
-                                                              (line 297)
+                                                              (line 291)
 * display-charset:iso-8859-2:            GPG Configuration Options.
-                                                              (line 294)
+                                                              (line 288)
 * display-charset:koi8-r:                GPG Configuration Options.
-                                                              (line 300)
+                                                              (line 294)
 * display-charset:utf-8:                 GPG Configuration Options.
-                                                              (line 303)
+                                                              (line 297)
 * dry-run:                               GPG Esoteric Options.
                                                               (line   8)
 * dry-run <1>:                           gpgtar.              (line  72)
@@ -5124,32 +5807,32 @@ Option Index
 * dump-secret-keys:                      Certificate Management.
                                                               (line  43)
 * edit-card:                             Operational GPG Commands.
-                                                              (line 209)
+                                                              (line 204)
 * edit-key:                              OpenPGP Key Management.
                                                               (line 139)
 * emit-version:                          GPG Esoteric Options.
-                                                              (line 114)
+                                                              (line 131)
 * enable-crl-checks:                     Certificate Options. (line  13)
 * enable-dsa2:                           GPG Configuration Options.
-                                                              (line 196)
-* enable-extended-key-format:            Agent Options.       (line 388)
+                                                              (line 190)
+* enable-extended-key-format:            Agent Options.       (line 334)
 * enable-issuer-based-crl-check:         Certificate Options. (line  45)
 * enable-large-rsa:                      GPG Configuration Options.
-                                                              (line 187)
+                                                              (line 181)
 * enable-ocsp:                           Certificate Options. (line  53)
-* enable-passphrase-history:             Agent Options.       (line 283)
-* enable-pinpad-varlen:                  Scdaemon Options.    (line 193)
+* enable-passphrase-history:             Agent Options.       (line 242)
+* enable-pinpad-varlen:                  Scdaemon Options.    (line 164)
 * enable-policy-checks:                  Certificate Options. (line   8)
 * enable-progress-filter:                GPG Esoteric Options.
-                                                              (line  69)
-* enable-putty-support:                  Agent Options.       (line 402)
+                                                              (line  88)
+* enable-putty-support:                  Agent Options.       (line 346)
 * enable-special-filenames:              GPG Esoteric Options.
-                                                              (line 571)
+                                                              (line 595)
 * enable-special-filenames <1>:          gpgv.                (line  97)
-* enable-ssh-support:                    Agent Options.       (line 402)
+* enable-ssh-support:                    Agent Options.       (line 346)
 * enable-trusted-cert-crl-check:         Certificate Options. (line  24)
 * enarmor:                               Operational GPG Commands.
-                                                              (line 403)
+                                                              (line 398)
 * encrypt:                               Operational GPG Commands.
                                                               (line  32)
 * encrypt <1>:                           Operational GPGSM Commands.
@@ -5159,27 +5842,27 @@ Option Index
                                                               (line 111)
 * encrypt-to:                            GPG Key related Options.
                                                               (line  35)
-* enforce-passphrase-constraints:        Agent Options.       (line 244)
+* enforce-passphrase-constraints:        Agent Options.       (line 208)
 * escape-from-lines:                     GPG Esoteric Options.
-                                                              (line 276)
+                                                              (line 306)
 * exec:                                  Invoking gpg-connect-agent.
-                                                              (line  65)
+                                                              (line  28)
 * exec-path:                             GPG Configuration Options.
-                                                              (line 225)
+                                                              (line 219)
 * exit-on-status-write-error:            GPG Configuration Options.
-                                                              (line 791)
+                                                              (line 764)
 * expert:                                GPG Configuration Options.
-                                                              (line 846)
+                                                              (line 819)
 * export:                                Operational GPG Commands.
-                                                              (line 250)
+                                                              (line 245)
 * export <1>:                            Certificate Management.
                                                               (line  69)
 * export-filter:                         GPG Input and Output.
-                                                              (line 131)
+                                                              (line 143)
 * export-options:                        GPG Input and Output.
-                                                              (line 220)
+                                                              (line 232)
 * export-ownertrust:                     Operational GPG Commands.
-                                                              (line 364)
+                                                              (line 359)
 * export-secret-key-p12:                 Certificate Management.
                                                               (line  82)
 * export-secret-key-p8:                  Certificate Management.
@@ -5187,39 +5870,41 @@ Option Index
 * export-secret-key-raw:                 Certificate Management.
                                                               (line  91)
 * export-secret-keys:                    Operational GPG Commands.
-                                                              (line 268)
+                                                              (line 263)
 * export-secret-subkeys:                 Operational GPG Commands.
-                                                              (line 268)
+                                                              (line 263)
 * export-ssh-key:                        Operational GPG Commands.
-                                                              (line 290)
-* extra-digest-algo:                     Esoteric Options.    (line   7)
-* extra-socket:                          Agent Options.       (line 374)
+                                                              (line 285)
+* extra-digest-algo:                     Esoteric Options.    (line  16)
+* extra-socket:                          Agent Options.       (line 320)
 * extract:                               gpgtar.              (line  19)
+* factory-reset:                         gpg-card.            (line 107)
 * faked-system-time:                     Agent Options.       (line  52)
 * faked-system-time <1>:                 GPG Esoteric Options.
-                                                              (line  60)
-* faked-system-time <2>:                 Esoteric Options.    (line  46)
+                                                              (line  72)
+* faked-system-time <2>:                 Esoteric Options.    (line  27)
 * fast-list-mode:                        GPG Esoteric Options.
-                                                              (line 462)
+                                                              (line 493)
+* fetch:                                 gpg-card.            (line 112)
 * fetch-crl:                             Dirmngr Commands.    (line  52)
 * fetch-keys:                            Operational GPG Commands.
-                                                              (line 333)
+                                                              (line 328)
 * fingerprint:                           Operational GPG Commands.
-                                                              (line 194)
+                                                              (line 189)
 * fixed-list-mode:                       GPG Input and Output.
-                                                              (line 284)
+                                                              (line 290)
 * flush:                                 Dirmngr Commands.    (line  62)
 * for-your-eyes-only:                    GPG Esoteric Options.
-                                                              (line 185)
-* forbid-gen-key:                        GPG Esoteric Options.
-                                                              (line 551)
+                                                              (line 202)
 * force:                                 Dirmngr Options.     (line  93)
-* force <1>:                             watchgnupg.          (line  23)
+* force <1>:                             watchgnupg.          (line  31)
+* force-aead:                            OpenPGP Options.     (line  24)
 * force-crl-refresh:                     Certificate Options. (line  35)
 * force-default-responder:               dirmngr-client.      (line  64)
-* force-mdc:                             OpenPGP Options.     (line  25)
+* force-mdc:                             OpenPGP Options.     (line  30)
 * force-sign-key:                        GPG Esoteric Options.
-                                                              (line 545)
+                                                              (line 581)
+* forcesig:                              gpg-card.            (line 116)
 * forget:                                Invoking gpg-preset-passphrase.
                                                               (line  26)
 * from:                                  gpg-wks-server.      (line  54)
@@ -5227,16 +5912,19 @@ Option Index
                                                               (line 111)
 * full-generate-key:                     OpenPGP Key Management.
                                                               (line 110)
+* full-timestrings:                      GPG Esoteric Options.
+                                                              (line  81)
 * gen-key:                               OpenPGP Key Management.
                                                               (line 104)
 * gen-key <1>:                           Certificate Management.
                                                               (line   8)
 * gen-prime:                             Operational GPG Commands.
-                                                              (line 398)
+                                                              (line 393)
 * gen-random:                            Operational GPG Commands.
-                                                              (line 391)
+                                                              (line 386)
 * gen-revoke:                            OpenPGP Key Management.
                                                               (line 120)
+* generate:                              gpg-card.            (line 119)
 * generate-designated-revocation:        OpenPGP Key Management.
                                                               (line 133)
 * generate-key:                          OpenPGP Key Management.
@@ -5246,15 +5934,17 @@ Option Index
 * generate-revocation:                   OpenPGP Key Management.
                                                               (line 119)
 * gnupg:                                 Compliance Options.  (line  12)
-* gpg:                                   gpgtar.              (line 135)
+* gpg:                                   gpgtar.              (line 110)
 * gpg-agent-info:                        GPG Configuration Options.
-                                                              (line 752)
-* gpg-args:                              gpgtar.              (line 138)
+                                                              (line 725)
+* gpg-args:                              gpgtar.              (line 113)
+* gpg-program:                           gpg-card.            (line  69)
 * gpgconf-list:                          GPG Esoteric Options.
-                                                              (line 605)
+                                                              (line 629)
 * gpgconf-test:                          GPG Esoteric Options.
-                                                              (line 609)
-* grab:                                  Agent Options.       (line 153)
+                                                              (line 633)
+* gpgsm-program:                         gpg-card.            (line  72)
+* grab:                                  Agent Options.       (line 128)
 * group:                                 GPG Key related Options.
                                                               (line  55)
 * header:                                gpg-wks-server.      (line  57)
@@ -5265,13 +5955,14 @@ Option Index
 * help <3>:                              General GPGSM Commands.
                                                               (line  11)
 * help <4>:                              Scdaemon Commands.   (line  14)
-* help <5>:                              watchgnupg.          (line  39)
-* help <6>:                              dirmngr-client.      (line  44)
-* help <7>:                              gpgtar.              (line 150)
-* help <8>:                              gpg-wks-client.      (line 128)
-* help <9>:                              gpg-wks-server.      (line  87)
+* help <5>:                              gpg-card.            (line  50)
+* help <6>:                              watchgnupg.          (line  55)
+* help <7>:                              dirmngr-client.      (line  44)
+* help <8>:                              gpgtar.              (line 128)
+* help <9>:                              gpg-wks-client.      (line 121)
+* help <10>:                             gpg-wks-server.      (line  87)
 * hex:                                   Invoking gpg-connect-agent.
-                                                              (line  91)
+                                                              (line 114)
 * hidden-encrypt-to:                     GPG Key related Options.
                                                               (line  43)
 * hidden-recipient:                      GPG Key related Options.
@@ -5280,53 +5971,56 @@ Option Index
                                                               (line  29)
 * homedir:                               Agent Options.       (line  17)
 * homedir <1>:                           GPG Configuration Options.
-                                                              (line 260)
+                                                              (line 254)
 * homedir <2>:                           Configuration Options.
                                                               (line  16)
 * homedir <3>:                           Scdaemon Options.    (line  13)
 * homedir <4>:                           gpgv.                (line  69)
-* homedir <5>:                           Invoking gpgconf.    (line 120)
+* homedir <5>:                           Invoking gpgconf.    (line 115)
 * homedir <6>:                           Invoking gpg-connect-agent.
-                                                              (line  21)
-* honor-http-proxy:                      Dirmngr Options.     (line 236)
-* http-proxy:                            Dirmngr Options.     (line 240)
-* ignore-cache-for-signing:              Agent Options.       (line 211)
-* ignore-cert:                           Dirmngr Options.     (line 386)
-* ignore-cert-extension:                 Dirmngr Options.     (line 376)
+                                                              (line  43)
+* honor-http-proxy:                      Dirmngr Options.     (line 226)
+* http-proxy:                            Dirmngr Options.     (line 230)
+* ignore-cache-for-signing:              Agent Options.       (line 175)
+* ignore-cert-extension:                 Dirmngr Options.     (line 343)
 * ignore-cert-extension <1>:             Certificate Options. (line  82)
-* ignore-cert-with-oid:                  Esoteric Options.    (line  37)
 * ignore-crc-error:                      GPG Esoteric Options.
-                                                              (line 387)
-* ignore-http-dp:                        Dirmngr Options.     (line 220)
-* ignore-ldap-dp:                        Dirmngr Options.     (line 227)
+                                                              (line 417)
+* ignore-http-dp:                        Dirmngr Options.     (line 210)
+* ignore-ldap-dp:                        Dirmngr Options.     (line 217)
 * ignore-mdc-error:                      GPG Esoteric Options.
-                                                              (line 394)
-* ignore-ocsp-service-url:               Dirmngr Options.     (line 232)
+                                                              (line 424)
+* ignore-ocsp-service-url:               Dirmngr Options.     (line 222)
 * ignore-time-conflict:                  GPG Esoteric Options.
-                                                              (line 373)
+                                                              (line 403)
 * ignore-time-conflict <1>:              gpgv.                (line  63)
 * ignore-valid-from:                     GPG Esoteric Options.
-                                                              (line 380)
+                                                              (line 410)
 * import:                                Operational GPG Commands.
-                                                              (line 304)
+                                                              (line 299)
 * import <1>:                            Certificate Management.
                                                               (line  99)
 * import-filter:                         GPG Input and Output.
-                                                              (line 131)
+                                                              (line 143)
 * import-options:                        GPG Input and Output.
-                                                              (line  45)
+                                                              (line  53)
 * import-ownertrust:                     Operational GPG Commands.
-                                                              (line 370)
+                                                              (line 365)
 * include-certs:                         CMS Options.         (line   7)
-* include-key-block:                     OpenPGP Options.     (line  38)
+* include-key-block:                     OpenPGP Options.     (line  45)
 * input-size-hint:                       GPG Input and Output.
-                                                              (line  29)
+                                                              (line  37)
 * interactive:                           GPG Esoteric Options.
                                                               (line  19)
-* keep-display:                          Agent Options.       (line 365)
-* keep-tty:                              Agent Options.       (line 365)
+* kdf-setup:                             gpg-card.            (line 126)
+* keep-display:                          Agent Options.       (line 311)
+* keep-tty:                              Agent Options.       (line 311)
 * key-origin:                            GPG Input and Output.
-                                                              (line  37)
+                                                              (line  45)
+* keyboxd:                               Invoking gpg-connect-agent.
+                                                              (line  17)
+* keyboxd-program:                       Invoking gpg-connect-agent.
+                                                              (line  99)
 * keydb-clear-some-cert-flags:           Certificate Management.
                                                               (line  52)
 * keyedit:addcardkey:                    OpenPGP Key Management.
@@ -5336,61 +6030,63 @@ Option Index
 * keyedit:addphoto:                      OpenPGP Key Management.
                                                               (line 201)
 * keyedit:addrevoker:                    OpenPGP Key Management.
-                                                              (line 330)
+                                                              (line 350)
 * keyedit:adduid:                        OpenPGP Key Management.
                                                               (line 198)
 * keyedit:bkuptocard:                    OpenPGP Key Management.
                                                               (line 295)
 * keyedit:change-usage:                  OpenPGP Key Management.
-                                                              (line 357)
+                                                              (line 377)
 * keyedit:check:                         OpenPGP Key Management.
                                                               (line 194)
 * keyedit:clean:                         OpenPGP Key Management.
-                                                              (line 343)
+                                                              (line 363)
 * keyedit:cross-certify:                 OpenPGP Key Management.
-                                                              (line 366)
+                                                              (line 386)
 * keyedit:delkey:                        OpenPGP Key Management.
-                                                              (line 306)
+                                                              (line 326)
 * keyedit:delsig:                        OpenPGP Key Management.
                                                               (line 184)
 * keyedit:deluid:                        OpenPGP Key Management.
                                                               (line 211)
 * keyedit:disable:                       OpenPGP Key Management.
-                                                              (line 326)
+                                                              (line 346)
 * keyedit:enable:                        OpenPGP Key Management.
-                                                              (line 326)
+                                                              (line 346)
 * keyedit:expire:                        OpenPGP Key Management.
-                                                              (line 315)
+                                                              (line 335)
 * keyedit:key:                           OpenPGP Key Management.
                                                               (line 148)
 * keyedit:keyserver:                     OpenPGP Key Management.
                                                               (line 228)
 * keyedit:keytocard:                     OpenPGP Key Management.
                                                               (line 284)
+* keyedit:keytotpm:                      OpenPGP Key Management.
+                                                              (line 306)
 * keyedit:lsign:                         OpenPGP Key Management.
                                                               (line 159)
 * keyedit:minimize:                      OpenPGP Key Management.
-                                                              (line 352)
+                                                              (line 372)
 * keyedit:notation:                      OpenPGP Key Management.
                                                               (line 235)
 * keyedit:nrsign:                        OpenPGP Key Management.
                                                               (line 164)
 * keyedit:passwd:                        OpenPGP Key Management.
-                                                              (line 336)
+                                                              (line 356)
 * keyedit:pref:                          OpenPGP Key Management.
                                                               (line 243)
 * keyedit:primary:                       OpenPGP Key Management.
                                                               (line 220)
 * keyedit:quit:                          OpenPGP Key Management.
-                                                              (line 377)
+                                                              (line 397)
 * keyedit:revkey:                        OpenPGP Key Management.
-                                                              (line 312)
+                                                              (line 332)
 * keyedit:revsig:                        OpenPGP Key Management.
                                                               (line 189)
 * keyedit:revuid:                        OpenPGP Key Management.
                                                               (line 217)
 * keyedit:save:                          OpenPGP Key Management.
-                                                              (line 374)
+                                                              (line 394)
 * keyedit:setpref:                       OpenPGP Key Management.
                                                               (line 255)
 * keyedit:showphoto:                     OpenPGP Key Management.
@@ -5400,49 +6096,50 @@ Option Index
 * keyedit:sign:                          OpenPGP Key Management.
                                                               (line 152)
 * keyedit:toggle:                        OpenPGP Key Management.
-                                                              (line 339)
+                                                              (line 359)
 * keyedit:trust:                         OpenPGP Key Management.
-                                                              (line 321)
+                                                              (line 341)
 * keyedit:tsign:                         OpenPGP Key Management.
                                                               (line 168)
 * keyedit:uid:                           OpenPGP Key Management.
                                                               (line 144)
 * keyid-format:                          GPG Configuration Options.
-                                                              (line 627)
+                                                              (line 605)
 * keyring:                               GPG Configuration Options.
-                                                              (line 229)
+                                                              (line 223)
 * keyring <1>:                           gpgv.                (line  38)
 * keyserver:                             Dirmngr Options.     (line 148)
 * keyserver <1>:                         GPG Configuration Options.
-                                                              (line 636)
+                                                              (line 614)
 * keyserver <2>:                         Configuration Options.
                                                               (line  43)
 * keyserver-options:                     GPG Configuration Options.
-                                                              (line 655)
-* kill:                                  Invoking gpgconf.    (line  89)
+                                                              (line 636)
+* kill:                                  Invoking gpgconf.    (line  84)
 * known-notation:                        GPG Esoteric Options.
-                                                              (line 151)
-* launch:                                Invoking gpgconf.    (line  80)
-* lc-ctype:                              Agent Options.       (line 360)
-* lc-messages:                           Agent Options.       (line 360)
-* ldap-proxy:                            Dirmngr Options.     (line 245)
-* ldapserver:                            Dirmngr Options.     (line 275)
-* ldapserverlist-file:                   Dirmngr Options.     (line 256)
-* ldaptimeout:                           Dirmngr Options.     (line 306)
+                                                              (line 168)
+* lang:                                  gpg-card.            (line 129)
+* launch:                                Invoking gpgconf.    (line  76)
+* lc-ctype:                              Agent Options.       (line 306)
+* lc-messages:                           Agent Options.       (line 306)
+* ldap-proxy:                            Dirmngr Options.     (line 235)
+* ldapserverlist-file:                   Dirmngr Options.     (line 246)
+* ldaptimeout:                           Dirmngr Options.     (line 269)
 * learn-card:                            Certificate Management.
                                                               (line 104)
 * legacy-list-mode:                      GPG Input and Output.
-                                                              (line 290)
+                                                              (line 296)
 * limit-card-insert-tries:               GPG Configuration Options.
-                                                              (line 800)
+                                                              (line 773)
+* list:                                  gpg-card.            (line 136)
 * list-archive:                          gpgtar.              (line  39)
 * list-chain:                            Certificate Management.
                                                               (line  32)
 * list-config:                           GPG Esoteric Options.
-                                                              (line 594)
+                                                              (line 618)
 * list-crls:                             Dirmngr Commands.    (line  40)
 * list-gcrypt-config:                    GPG Esoteric Options.
-                                                              (line 602)
+                                                              (line 626)
 * list-keys:                             Operational GPG Commands.
                                                               (line 119)
 * list-keys <1>:                         Certificate Management.
@@ -5481,19 +6178,21 @@ Option Index
                                                               (line  87)
 * list-options:show-user-notations:      GPG Configuration Options.
                                                               (line  99)
+* list-options:sort-sigs:                GPG Configuration Options.
+                                                              (line 138)
 * list-packets:                          Operational GPG Commands.
-                                                              (line 203)
+                                                              (line 198)
 * list-secret-keys:                      Operational GPG Commands.
                                                               (line 130)
 * list-secret-keys <1>:                  Certificate Management.
                                                               (line  24)
 * list-signatures:                       GPG Esoteric Options.
-                                                              (line 450)
+                                                              (line 481)
 * list-sigs:                             GPG Esoteric Options.
-                                                              (line 451)
-* listen-backlog:                        Agent Options.       (line 370)
+                                                              (line 482)
+* listen-backlog:                        Agent Options.       (line 316)
 * listen-backlog <1>:                    Dirmngr Options.     (line 134)
-* listen-backlog <2>:                    Scdaemon Options.    (line 135)
+* listen-backlog <2>:                    Scdaemon Options.    (line 115)
 * load-crl:                              Dirmngr Commands.    (line  44)
 * load-crl <1>:                          dirmngr-client.      (line  80)
 * local-user:                            GPG Key related Options.
@@ -5505,130 +6204,132 @@ Option Index
 * locate-keys:                           Operational GPG Commands.
                                                               (line 170)
 * lock-multiple:                         GPG Configuration Options.
-                                                              (line 780)
+                                                              (line 753)
 * lock-never:                            GPG Configuration Options.
-                                                              (line 784)
+                                                              (line 757)
 * lock-once:                             GPG Configuration Options.
-                                                              (line 776)
-* log-file:                              Agent Options.       (line 159)
+                                                              (line 749)
+* log-file:                              Agent Options.       (line 134)
 * log-file <1>:                          Dirmngr Options.     (line  30)
 * log-file <2>:                          GPG Esoteric Options.
-                                                              (line  86)
+                                                              (line 105)
 * log-file <3>:                          Configuration Options.
-                                                              (line  80)
-* log-file <4>:                          Scdaemon Options.    (line 140)
+                                                              (line  97)
+* log-file <4>:                          Scdaemon Options.    (line 120)
 * log-file <5>:                          gpgv.                (line  59)
 * logger-fd:                             GPG Esoteric Options.
-                                                              (line  82)
+                                                              (line 101)
 * logger-fd <1>:                         gpgv.                (line  56)
+* login:                                 gpg-card.            (line 153)
 * lookup:                                dirmngr-client.      (line  86)
 * lsign-key:                             OpenPGP Key Management.
-                                                              (line 392)
+                                                              (line 412)
 * mangle-dos-filenames:                  GPG Configuration Options.
-                                                              (line 352)
+                                                              (line 346)
 * marginals-needed:                      GPG Configuration Options.
-                                                              (line 721)
-* max-cache-ttl:                         Agent Options.       (line 232)
-* max-cache-ttl-ssh:                     Agent Options.       (line 238)
+                                                              (line 694)
+* max-cache-ttl:                         Agent Options.       (line 196)
+* max-cache-ttl-ssh:                     Agent Options.       (line 202)
 * max-cert-depth:                        GPG Configuration Options.
-                                                              (line 729)
+                                                              (line 702)
 * max-output:                            GPG Input and Output.
                                                               (line  19)
-* max-passphrase-days:                   Agent Options.       (line 278)
-* max-replies:                           Dirmngr Options.     (line 373)
+* max-passphrase-days:                   Agent Options.       (line 237)
+* max-replies:                           Dirmngr Options.     (line 340)
 * min-cert-level:                        GPG Configuration Options.
-                                                              (line 397)
-* min-passphrase-len:                    Agent Options.       (line 248)
-* min-passphrase-nonalpha:               Agent Options.       (line 253)
-* min-rsa-length:                        Compliance Options.  (line  72)
-* min-rsa-length <1>:                    Esoteric Options.    (line  22)
+                                                              (line 391)
+* min-passphrase-len:                    Agent Options.       (line 212)
+* min-passphrase-nonalpha:               Agent Options.       (line 217)
 * multi-server:                          Scdaemon Commands.   (line  26)
 * multifile:                             Operational GPG Commands.
                                                               (line 100)
-* nameserver:                            Dirmngr Options.     (line 203)
+* name:                                  gpg-card.            (line 159)
+* nameserver:                            Dirmngr Options.     (line 193)
 * no:                                    GPG Configuration Options.
                                                               (line  67)
-* no <1>:                                gpgtar.              (line 113)
-* no-allow-external-cache:               Agent Options.       (line 196)
-* no-allow-loopback-pinentry:            Agent Options.       (line 188)
-* no-allow-mark-trusted:                 Agent Options.       (line 167)
+* no-allow-external-cache:               Agent Options.       (line 160)
+* no-allow-loopback-pinentry:            Agent Options.       (line 152)
+* no-allow-mark-trusted:                 Agent Options.       (line 142)
 * no-armor:                              GPG Input and Output.
                                                               (line  12)
 * no-auto-key-import:                    GPG Configuration Options.
-                                                              (line 578)
+                                                              (line 559)
 * no-auto-key-retrieve:                  GPG Configuration Options.
-                                                              (line 590)
+                                                              (line 571)
+* no-auto-trust-new-key:                 GPG Esoteric Options.
+                                                              (line 576)
 * no-autostart:                          GPG Configuration Options.
-                                                              (line 769)
+                                                              (line 742)
 * no-autostart <1>:                      Configuration Options.
-                                                              (line  69)
-* no-autostart <2>:                      Invoking gpg-connect-agent.
-                                                              (line  77)
+                                                              (line  86)
+* no-autostart <2>:                      gpg-card.            (line  53)
+* no-autostart <3>:                      Invoking gpg-connect-agent.
+                                                              (line  78)
 * no-batch:                              GPG Configuration Options.
                                                               (line  45)
-* no-common-certs-import:                Esoteric Options.    (line 168)
+* no-common-certs-import:                Esoteric Options.    (line 124)
 * no-default-keyring:                    GPG Esoteric Options.
-                                                              (line 432)
+                                                              (line 462)
 * no-default-recipient:                  GPG Configuration Options.
                                                               (line  29)
-* no-detach:                             Agent Options.       (line 131)
-* no-detach <1>:                         Scdaemon Options.    (line 131)
+* no-detach:                             Agent Options.       (line 114)
+* no-detach <1>:                         Scdaemon Options.    (line 111)
 * no-encrypt-to:                         GPG Key related Options.
                                                               (line  51)
 * no-expensive-trust-checks:             GPG Esoteric Options.
-                                                              (line 576)
+                                                              (line 600)
 * no-ext-connect:                        Invoking gpg-connect-agent.
-                                                              (line  72)
-* no-grab:                               Agent Options.       (line 153)
+                                                              (line  73)
+* no-grab:                               Agent Options.       (line 128)
 * no-greeting:                           GPG Configuration Options.
-                                                              (line 814)
+                                                              (line 787)
 * no-groups:                             GPG Key related Options.
                                                               (line  73)
+* no-include-key-block:                  OpenPGP Options.     (line  45)
 * no-keyring:                            GPG Esoteric Options.
-                                                              (line 438)
+                                                              (line 469)
 * no-literal:                            GPG Esoteric Options.
-                                                              (line 470)
+                                                              (line 501)
 * no-mangle-dos-filenames:               GPG Configuration Options.
-                                                              (line 352)
+                                                              (line 346)
 * no-options:                            GPG Configuration Options.
-                                                              (line 327)
+                                                              (line 321)
 * no-random-seed-file:                   GPG Configuration Options.
-                                                              (line 808)
+                                                              (line 781)
 * no-secmem-warning:                     GPG Configuration Options.
-                                                              (line 817)
+                                                              (line 790)
 * no-secmem-warning <1>:                 Configuration Options.
-                                                              (line  76)
+                                                              (line  93)
 * no-sig-cache:                          GPG Configuration Options.
-                                                              (line 732)
+                                                              (line 705)
 * no-skip-hidden-recipients:             GPG Key related Options.
-                                                              (line 108)
+                                                              (line 127)
 * no-symkey-cache:                       GPG Esoteric Options.
-                                                              (line 337)
+                                                              (line 367)
 * no-tty:                                GPG Configuration Options.
                                                               (line  58)
-* no-use-standard-socket:                Agent Options.       (line 350)
+* no-use-standard-socket:                Agent Options.       (line 296)
 * no-use-tor:                            Dirmngr Options.     (line  98)
-* no-user-trustlist:                     Agent Options.       (line 172)
 * no-verbose:                            GPG Configuration Options.
                                                               (line  37)
 * not-dash-escaped:                      GPG Esoteric Options.
-                                                              (line 266)
+                                                              (line 296)
 * null:                                  gpgtar.              (line  86)
-* null <1>:                              gpg-check-pattern.   (line  59)
+* null <1>:                              gpg-check-pattern.   (line  17)
 * ocsp:                                  dirmngr-client.      (line  61)
-* ocsp-current-period:                   Dirmngr Options.     (line 368)
-* ocsp-max-clock-skew:                   Dirmngr Options.     (line 360)
-* ocsp-max-period:                       Dirmngr Options.     (line 364)
-* ocsp-responder:                        Dirmngr Options.     (line 334)
-* ocsp-signer:                           Dirmngr Options.     (line 339)
-* only-ldap-proxy:                       Dirmngr Options.     (line 251)
-* openpgp:                               Compliance Options.  (line  19)
+* ocsp-current-period:                   Dirmngr Options.     (line 335)
+* ocsp-max-clock-skew:                   Dirmngr Options.     (line 327)
+* ocsp-max-period:                       Dirmngr Options.     (line 331)
+* ocsp-responder:                        Dirmngr Options.     (line 301)
+* ocsp-signer:                           Dirmngr Options.     (line 306)
+* only-ldap-proxy:                       Dirmngr Options.     (line 241)
+* openpgp:                               Compliance Options.  (line  20)
 * openpgp <1>:                           gpgtar.              (line  95)
 * options:                               Agent Options.       (line  10)
 * options <1>:                           Dirmngr Options.     (line  11)
 * options <2>:                           Dirmngr Options.     (line  16)
 * options <3>:                           GPG Configuration Options.
-                                                              (line 322)
+                                                              (line 316)
 * options <4>:                           Configuration Options.
                                                               (line  10)
 * options <5>:                           Scdaemon Options.    (line   7)
@@ -5637,100 +6338,106 @@ Option Index
 * output <1>:                            Input and Output.    (line  51)
 * output <2>:                            gpgv.                (line  45)
 * output <3>:                            gpgtar.              (line  57)
-* output <4>:                            gpg-wks-client.      (line 104)
+* output <4>:                            gpg-wks-client.      (line  97)
 * output <5>:                            gpg-wks-server.      (line  65)
 * override-session-key:                  GPG Esoteric Options.
-                                                              (line 494)
+                                                              (line 525)
 * p12-charset:                           Input and Output.    (line  24)
 * passphrase:                            GPG Esoteric Options.
-                                                              (line 312)
+                                                              (line 342)
 * passphrase <1>:                        Invoking gpg-preset-passphrase.
                                                               (line  36)
 * passphrase-fd:                         GPG Esoteric Options.
-                                                              (line 291)
-* passphrase-fd <1>:                     Esoteric Options.    (line 136)
+                                                              (line 321)
+* passphrase-fd <1>:                     Esoteric Options.    (line  92)
 * passphrase-file:                       GPG Esoteric Options.
-                                                              (line 301)
+                                                              (line 331)
 * passphrase-repeat:                     GPG Esoteric Options.
-                                                              (line 283)
+                                                              (line 313)
 * passwd:                                OpenPGP Key Management.
-                                                              (line 453)
+                                                              (line 473)
 * passwd <1>:                            Certificate Management.
                                                               (line 110)
-* pcsc-driver:                           Scdaemon Options.    (line 150)
-* pcsc-shared:                           Scdaemon Options.    (line 144)
+* passwd <2>:                            gpg-card.            (line 163)
+* pcsc-driver:                           Scdaemon Options.    (line 130)
+* pcsc-shared:                           Scdaemon Options.    (line 124)
 * pem:                                   dirmngr-client.      (line  58)
 * permission-warning:                    GPG Configuration Options.
-                                                              (line 820)
-* personal-cipher-preferences:           OpenPGP Options.     (line  46)
-* personal-compress-preferences:         OpenPGP Options.     (line  64)
-* personal-digest-preferences:           OpenPGP Options.     (line  55)
-* pgp6:                                  Compliance Options.  (line  44)
-* pgp7:                                  Compliance Options.  (line  54)
-* pgp8:                                  Compliance Options.  (line  60)
+                                                              (line 793)
+* personal-aead-preferences:             OpenPGP Options.     (line  66)
+* personal-cipher-preferences:           OpenPGP Options.     (line  57)
+* personal-compress-preferences:         OpenPGP Options.     (line  84)
+* personal-digest-preferences:           OpenPGP Options.     (line  75)
+* pgp6:                                  Compliance Options.  (line  43)
+* pgp7:                                  Compliance Options.  (line  46)
+* pgp8:                                  Compliance Options.  (line  53)
 * photo-viewer:                          GPG Configuration Options.
-                                                              (line 202)
-* pinentry-formatted-passphrase:         Agent Options.       (line 297)
-* pinentry-invisible-char:               Agent Options.       (line 286)
+                                                              (line 196)
+* pinentry-invisible-char:               Agent Options.       (line 245)
 * pinentry-mode:                         GPG Esoteric Options.
-                                                              (line 322)
-* pinentry-mode <1>:                     Esoteric Options.    (line 145)
-* pinentry-program:                      Agent Options.       (line 310)
-* pinentry-timeout:                      Agent Options.       (line 291)
-* pinentry-touch-file:                   Agent Options.       (line 323)
+                                                              (line 352)
+* pinentry-mode <1>:                     Esoteric Options.    (line 101)
+* pinentry-program:                      Agent Options.       (line 256)
+* pinentry-timeout:                      Agent Options.       (line 250)
+* pinentry-touch-file:                   Agent Options.       (line 269)
 * ping:                                  dirmngr-client.      (line  69)
 * policy-file:                           Configuration Options.
-                                                              (line  50)
+                                                              (line  66)
 * prefer-system-dirmngr:                 Configuration Options.
-                                                              (line  63)
+                                                              (line  80)
 * preserve-permissions:                  GPG Esoteric Options.
-                                                              (line 579)
+                                                              (line 603)
 * preset:                                Invoking gpg-preset-passphrase.
                                                               (line  22)
 * primary-keyring:                       GPG Configuration Options.
-                                                              (line 243)
+                                                              (line 242)
 * print-md:                              Operational GPG Commands.
-                                                              (line 386)
-* q:                                     Invoking gpg-connect-agent.
-                                                              (line  18)
+                                                              (line 381)
+* privatedo:                             gpg-card.            (line 171)
+* q:                                     gpg-card.            (line 177)
+* q <1>:                                 Invoking gpg-connect-agent.
+                                                              (line  40)
 * quick-add-key:                         OpenPGP Key Management.
                                                               (line  69)
 * quick-add-uid:                         OpenPGP Key Management.
-                                                              (line 420)
+                                                              (line 440)
 * quick-gen-key:                         OpenPGP Key Management.
                                                               (line  10)
 * quick-generate-key:                    OpenPGP Key Management.
                                                               (line  10)
 * quick-lsign-key:                       OpenPGP Key Management.
-                                                              (line 398)
+                                                              (line 418)
 * quick-revoke-sig:                      OpenPGP Key Management.
-                                                              (line 435)
+                                                              (line 455)
 * quick-revoke-uid:                      OpenPGP Key Management.
-                                                              (line 427)
+                                                              (line 447)
 * quick-set-expire:                      OpenPGP Key Management.
                                                               (line  60)
 * quick-set-primary-uid:                 OpenPGP Key Management.
-                                                              (line 445)
+                                                              (line 465)
 * quick-sign-key:                        OpenPGP Key Management.
-                                                              (line 398)
+                                                              (line 418)
 * quiet:                                 Agent Options.       (line  45)
 * quiet <1>:                             GPG Configuration Options.
                                                               (line  40)
-* quiet <2>:                             gpgv.                (line  35)
-* quiet <3>:                             Invoking gpgconf.    (line 117)
-* quiet <4>:                             Invoking gpg-connect-agent.
-                                                              (line  18)
-* quiet <5>:                             dirmngr-client.      (line  48)
-* quiet <6>:                             gpgtar.              (line  65)
-* quiet <7>:                             gpg-wks-client.      (line 122)
-* quiet <8>:                             gpg-wks-server.      (line  81)
+* quiet <2>:                             gpg-card.            (line  44)
+* quiet <3>:                             gpgv.                (line  35)
+* quiet <4>:                             Invoking gpgconf.    (line 112)
+* quiet <5>:                             Invoking gpg-connect-agent.
+                                                              (line  40)
+* quiet <6>:                             dirmngr-client.      (line  48)
+* quiet <7>:                             gpgtar.              (line  65)
+* quiet <8>:                             gpg-wks-client.      (line 115)
+* quiet <9>:                             gpg-wks-server.      (line  81)
+* quit:                                  gpg-card.            (line 177)
 * raw-socket:                            Invoking gpg-connect-agent.
-                                                              (line  59)
-* reader-port:                           Scdaemon Options.    (line 168)
+                                                              (line  22)
+* readcert:                              gpg-card.            (line 180)
+* reader-port:                           Scdaemon Options.    (line 147)
 * rebuild-keydb-caches:                  Operational GPG Commands.
-                                                              (line 380)
+                                                              (line 375)
 * receive-keys:                          Operational GPG Commands.
-                                                              (line 313)
+                                                              (line 308)
 * recipient:                             GPG Key related Options.
                                                               (line   8)
 * recipient <1>:                         Input and Output.    (line  46)
@@ -5739,43 +6446,43 @@ Option Index
                                                               (line  22)
 * recursive-resolver:                    Dirmngr Options.     (line 117)
 * recv-keys:                             Operational GPG Commands.
-                                                              (line 314)
+                                                              (line 309)
 * refresh-keys:                          Operational GPG Commands.
-                                                              (line 317)
-* reload:                                Invoking gpgconf.    (line  74)
-* remove-socketdir:                      Invoking gpgconf.    (line 102)
+                                                              (line 312)
+* reload:                                Invoking gpgconf.    (line  70)
+* remove-socketdir:                      Invoking gpgconf.    (line  97)
 * request-origin:                        GPG Esoteric Options.
-                                                              (line 342)
-* request-origin <1>:                    Esoteric Options.    (line 160)
-* require-compliance:                    Compliance Options.  (line  77)
-* require-compliance <1>:                Esoteric Options.    (line  27)
-* require-compliance <2>:                gpgtar.              (line 117)
+                                                              (line 372)
+* request-origin <1>:                    Esoteric Options.    (line 116)
 * require-cross-certification:           GPG Configuration Options.
-                                                              (line 839)
+                                                              (line 812)
 * require-secmem:                        GPG Configuration Options.
-                                                              (line 834)
+                                                              (line 807)
+* reset:                                 gpg-card.            (line 187)
 * resolver-timeout:                      Dirmngr Options.     (line 120)
-* rfc2440:                               Compliance Options.  (line  37)
-* rfc4880:                               Compliance Options.  (line  25)
-* rfc4880bis:                            Compliance Options.  (line  30)
+* rfc2440:                               Compliance Options.  (line  36)
+* rfc4880:                               Compliance Options.  (line  27)
+* rfc4880bis:                            Compliance Options.  (line  32)
 * run:                                   Invoking gpg-connect-agent.
-                                                              (line  82)
+                                                              (line 105)
 * s:                                     Dirmngr Options.     (line  87)
-* s2k-calibration:                       Agent Options.       (line 465)
-* s2k-cipher-algo:                       OpenPGP Options.     (line  74)
-* s2k-count:                             Agent Options.       (line 472)
-* s2k-count <1>:                         OpenPGP Options.     (line  90)
-* s2k-digest-algo:                       OpenPGP Options.     (line  79)
-* s2k-mode:                              OpenPGP Options.     (line  83)
-* scdaemon-program:                      Agent Options.       (line 332)
+* s2k-calibration:                       Agent Options.       (line 409)
+* s2k-cipher-algo:                       OpenPGP Options.     (line  94)
+* s2k-count:                             Agent Options.       (line 416)
+* s2k-count <1>:                         OpenPGP Options.     (line 110)
+* s2k-digest-algo:                       OpenPGP Options.     (line  99)
+* s2k-mode:                              OpenPGP Options.     (line 103)
+* salut:                                 gpg-card.            (line 191)
+* salutation:                            gpg-card.            (line 191)
+* scdaemon-program:                      Agent Options.       (line 278)
 * search-keys:                           Operational GPG Commands.
-                                                              (line 323)
+                                                              (line 318)
 * secret-keyring:                        GPG Configuration Options.
-                                                              (line 248)
-* send:                                  gpg-wks-client.      (line  65)
+                                                              (line 237)
+* send:                                  gpg-wks-client.      (line  58)
 * send <1>:                              gpg-wks-server.      (line  60)
 * send-keys:                             Operational GPG Commands.
-                                                              (line 257)
+                                                              (line 252)
 * sender:                                GPG Key related Options.
                                                               (line  81)
 * server:                                Agent Commands.      (line  23)
@@ -5784,114 +6491,118 @@ Option Index
                                                               (line  24)
 * server <3>:                            Scdaemon Commands.   (line  22)
 * set-filename:                          GPG Esoteric Options.
-                                                              (line 178)
-* set-filename <1>:                      gpgtar.              (line 129)
+                                                              (line 195)
+* set-filename <1>:                      gpgtar.              (line 104)
 * set-filesize:                          GPG Esoteric Options.
-                                                              (line 474)
+                                                              (line 505)
 * set-notation:                          GPG Esoteric Options.
-                                                              (line 124)
+                                                              (line 141)
 * set-policy-url:                        GPG Esoteric Options.
-                                                              (line 160)
-* sh:                                    Agent Options.       (line 146)
+                                                              (line 177)
+* sh:                                    Agent Options.       (line 121)
 * sh <1>:                                Dirmngr Options.     (line  87)
 * show-keyring:                          Deprecated Options.  (line  16)
 * show-keys:                             Operational GPG Commands.
-                                                              (line 185)
+                                                              (line 180)
 * show-notation:                         Deprecated Options.  (line  25)
 * show-photos:                           Deprecated Options.  (line   8)
 * show-policy-url:                       Deprecated Options.  (line  33)
 * show-session-key:                      GPG Esoteric Options.
-                                                              (line 478)
+                                                              (line 509)
 * shutdown:                              Dirmngr Commands.    (line  58)
 * sig-keyserver-url:                     GPG Esoteric Options.
-                                                              (line 170)
+                                                              (line 187)
 * sig-notation:                          GPG Esoteric Options.
-                                                              (line 124)
+                                                              (line 141)
 * sig-policy-url:                        GPG Esoteric Options.
-                                                              (line 160)
+                                                              (line 177)
 * sign:                                  Operational GPG Commands.
                                                               (line   8)
 * sign <1>:                              Operational GPGSM Commands.
                                                               (line  16)
 * sign-key:                              OpenPGP Key Management.
-                                                              (line 388)
+                                                              (line 408)
 * skip-crypto:                           gpgtar.              (line  68)
 * skip-hidden-recipients:                GPG Key related Options.
-                                                              (line 108)
+                                                              (line 127)
 * skip-verify:                           GPG Esoteric Options.
-                                                              (line 442)
+                                                              (line 473)
 * squid-mode:                            dirmngr-client.      (line 101)
-* ssh-fingerprint-digest:                Agent Options.       (line 450)
+* ssh-fingerprint-digest:                Agent Options.       (line 394)
 * standard-resolver:                     Dirmngr Options.     (line 110)
 * status-fd:                             GPG Esoteric Options.
-                                                              (line  74)
-* status-fd <1>:                         gpgv.                (line  52)
-* status-fd <2>:                         Invoking gpgconf.    (line 158)
-* status-fd <3>:                         gpgtar.              (line 120)
-* status-fd <4>:                         gpg-wks-client.      (line 108)
+                                                              (line  93)
+* status-fd <1>:                         gpg-card.            (line  35)
+* status-fd <2>:                         gpgv.                (line  52)
+* status-fd <3>:                         Invoking gpgconf.    (line 162)
+* status-fd <4>:                         gpg-wks-client.      (line 101)
 * status-file:                           GPG Esoteric Options.
-                                                              (line  78)
-* steal-socket:                          Agent Options.       (line 135)
+                                                              (line  97)
 * store:                                 Operational GPG Commands.
                                                               (line  55)
 * subst:                                 Invoking gpg-connect-agent.
-                                                              (line  88)
+                                                              (line 111)
 * supervised:                            Agent Commands.      (line  36)
 * supervised <1>:                        Dirmngr Commands.    (line  33)
 * symmetric:                             Operational GPG Commands.
                                                               (line  42)
-* sys-trustlist-name:                    Agent Options.       (line 177)
-* tar-args:                              gpgtar.              (line 141)
+* tar:                                   gpgtar.              (line 122)
+* tar-args:                              gpgtar.              (line 116)
 * textmode:                              OpenPGP Options.     (line   8)
 * throw-keyids:                          GPG Esoteric Options.
-                                                              (line 257)
-* time-only:                             watchgnupg.          (line  30)
+                                                              (line 287)
+* time-only:                             watchgnupg.          (line  46)
 * tls-debug:                             Dirmngr Options.     (line  69)
 * tofu-default-policy:                   GPG Configuration Options.
-                                                              (line 725)
+                                                              (line 698)
 * tofu-policy:                           Operational GPG Commands.
-                                                              (line 408)
+                                                              (line 411)
 * trust-model:                           GPG Configuration Options.
-                                                              (line 412)
+                                                              (line 405)
 * trust-model:always:                    GPG Configuration Options.
-                                                              (line 493)
+                                                              (line 486)
 * trust-model:auto:                      GPG Configuration Options.
-                                                              (line 502)
+                                                              (line 495)
 * trust-model:classic:                   GPG Configuration Options.
-                                                              (line 420)
+                                                              (line 413)
 * trust-model:direct:                    GPG Configuration Options.
-                                                              (line 485)
+                                                              (line 478)
 * trust-model:pgp:                       GPG Configuration Options.
-                                                              (line 415)
+                                                              (line 408)
 * trust-model:tofu:                      GPG Configuration Options.
-                                                              (line 423)
+                                                              (line 416)
 * trust-model:tofu+pgp:                  GPG Configuration Options.
-                                                              (line 473)
+                                                              (line 466)
 * trustdb-name:                          GPG Configuration Options.
-                                                              (line 253)
+                                                              (line 247)
 * trusted-key:                           GPG Configuration Options.
-                                                              (line 403)
+                                                              (line 397)
 * try-all-secrets:                       GPG Key related Options.
-                                                              (line 100)
+                                                              (line 119)
 * try-secret-key:                        GPG Key related Options.
-                                                              (line  89)
-* ttyname:                               Agent Options.       (line 360)
-* ttytype:                               Agent Options.       (line 360)
+                                                              (line 108)
+* ttyname:                               Agent Options.       (line 306)
+* ttytype:                               Agent Options.       (line 306)
+* uif:                                   gpg-card.            (line 196)
+* unblock:                               gpg-card.            (line 202)
 * ungroup:                               GPG Key related Options.
                                                               (line  70)
+* unwrap:                                Operational GPG Commands.
+                                                              (line 403)
 * update-trustdb:                        Operational GPG Commands.
-                                                              (line 339)
-* url:                                   dirmngr-client.      (line  94)
-* url <1>:                               dirmngr-client.      (line  98)
+                                                              (line 334)
+* url:                                   gpg-card.            (line 207)
+* url <1>:                               dirmngr-client.      (line  94)
+* url <2>:                               dirmngr-client.      (line  98)
 * use-agent:                             GPG Configuration Options.
-                                                              (line 749)
+                                                              (line 722)
 * use-embedded-filename:                 GPG Esoteric Options.
-                                                              (line 194)
-* use-standard-socket:                   Agent Options.       (line 350)
-* use-standard-socket-p:                 Agent Options.       (line 350)
+                                                              (line 211)
+* use-standard-socket:                   Agent Options.       (line 296)
+* use-standard-socket-p:                 Agent Options.       (line 296)
 * use-tor:                               Dirmngr Options.     (line  98)
 * utf8-strings:                          GPG Configuration Options.
-                                                              (line 308)
+                                                              (line 302)
 * utf8-strings <1>:                      gpgtar.              (line  90)
 * v:                                     Dirmngr Options.     (line  25)
 * v <1>:                                 Configuration Options.
@@ -5907,47 +6618,45 @@ Option Index
 * verbose <3>:                           Configuration Options.
                                                               (line  38)
 * verbose <4>:                           Scdaemon Options.    (line  35)
-* verbose <5>:                           watchgnupg.          (line  33)
-* verbose <6>:                           gpgv.                (line  30)
-* verbose <7>:                           Invoking gpg-preset-passphrase.
+* verbose <5>:                           gpg-card.            (line  41)
+* verbose <6>:                           watchgnupg.          (line  49)
+* verbose <7>:                           gpgv.                (line  30)
+* verbose <8>:                           Invoking gpg-preset-passphrase.
                                                               (line  32)
-* verbose <8>:                           Invoking gpg-connect-agent.
-                                                              (line  14)
-* verbose <9>:                           dirmngr-client.      (line  53)
-* verbose <10>:                          gpgtar.              (line  61)
-* verbose <11>:                          gpg-check-pattern.   (line  53)
-* verbose <12>:                          gpg-wks-client.      (line 119)
-* verbose <13>:                          gpg-wks-server.      (line  78)
+* verbose <9>:                           Invoking gpg-connect-agent.
+                                                              (line  36)
+* verbose <10>:                          dirmngr-client.      (line  53)
+* verbose <11>:                          gpgtar.              (line  61)
+* verbose <12>:                          gpg-check-pattern.   (line  11)
+* verbose <13>:                          gpg-wks-client.      (line 112)
+* verbose <14>:                          gpg-wks-server.      (line  78)
 * verify:                                Operational GPG Commands.
                                                               (line  67)
 * verify <1>:                            Operational GPGSM Commands.
                                                               (line  20)
+* verify <2>:                            gpg-card.            (line 212)
 * verify-files:                          Operational GPG Commands.
                                                               (line 108)
 * verify-options:                        GPG Configuration Options.
-                                                              (line 138)
-* verify-options:pka-lookups:            GPG Configuration Options.
-                                                              (line 174)
-* verify-options:pka-trust-increase:     GPG Configuration Options.
-                                                              (line 181)
+                                                              (line 144)
 * verify-options:show-keyserver-urls:    GPG Configuration Options.
-                                                              (line 157)
+                                                              (line 163)
 * verify-options:show-notations:         GPG Configuration Options.
-                                                              (line 153)
+                                                              (line 159)
 * verify-options:show-photos:            GPG Configuration Options.
-                                                              (line 143)
+                                                              (line 149)
 * verify-options:show-policy-urls:       GPG Configuration Options.
-                                                              (line 147)
+                                                              (line 153)
 * verify-options:show-primary-uid-only:  GPG Configuration Options.
-                                                              (line 169)
+                                                              (line 175)
 * verify-options:show-std-notations:     GPG Configuration Options.
-                                                              (line 153)
+                                                              (line 159)
 * verify-options:show-uid-validity:      GPG Configuration Options.
-                                                              (line 161)
+                                                              (line 167)
 * verify-options:show-unusable-uids:     GPG Configuration Options.
-                                                              (line 165)
+                                                              (line 171)
 * verify-options:show-user-notations:    GPG Configuration Options.
-                                                              (line 153)
+                                                              (line 159)
 * version:                               Agent Commands.      (line  10)
 * version <1>:                           Dirmngr Commands.    (line  10)
 * version <2>:                           General GPG Commands.
@@ -5955,176 +6664,49 @@ Option Index
 * version <3>:                           General GPGSM Commands.
                                                               (line   7)
 * version <4>:                           Scdaemon Commands.   (line  10)
-* version <5>:                           watchgnupg.          (line  36)
-* version <6>:                           dirmngr-client.      (line  40)
-* version <7>:                           gpgtar.              (line 147)
-* version <8>:                           gpg-wks-client.      (line 125)
-* version <9>:                           gpg-wks-server.      (line  84)
+* version <5>:                           gpg-card.            (line  47)
+* version <6>:                           watchgnupg.          (line  52)
+* version <7>:                           dirmngr-client.      (line  40)
+* version <8>:                           gpgtar.              (line 125)
+* version <9>:                           gpg-wks-client.      (line 118)
+* version <10>:                          gpg-wks-server.      (line  84)
 * warranty:                              General GPG Commands.
                                                               (line  17)
 * warranty <1>:                          General GPGSM Commands.
                                                               (line  15)
 * weak-digest:                           GPG Esoteric Options.
-                                                              (line 411)
+                                                              (line 449)
 * weak-digest <1>:                       gpgv.                (line  90)
 * with-colons:                           GPG Input and Output.
-                                                              (line 276)
-* with-colons <1>:                       gpg-wks-client.      (line  69)
+                                                              (line 282)
+* with-colons <1>:                       gpg-card.            (line  32)
+* with-colons <2>:                       gpg-wks-client.      (line  62)
 * with-dir:                              gpg-wks-server.      (line  69)
-* with-ephemeral-keys:                   Esoteric Options.    (line  52)
+* with-ephemeral-keys:                   Esoteric Options.    (line  33)
 * with-file:                             gpg-wks-server.      (line  73)
 * with-fingerprint:                      GPG Input and Output.
-                                                              (line 296)
+                                                              (line 302)
 * with-icao-spelling:                    GPG Input and Output.
-                                                              (line 307)
+                                                              (line 313)
 * with-key-data:                         GPG Esoteric Options.
-                                                              (line 446)
+                                                              (line 477)
 * with-key-data <1>:                     Input and Output.    (line  54)
 * with-key-origin:                       GPG Input and Output.
-                                                              (line 315)
+                                                              (line 321)
 * with-keygrip:                          GPG Input and Output.
-                                                              (line 311)
-* with-log:                              gpgtar.              (line 124)
+                                                              (line 317)
 * with-secret:                           GPG Input and Output.
-                                                              (line 326)
+                                                              (line 332)
 * with-secret <1>:                       Input and Output.    (line  78)
 * with-subkey-fingerprint:               GPG Input and Output.
-                                                              (line 300)
+                                                              (line 306)
 * with-validation:                       Input and Output.    (line  60)
 * with-wkd-hash:                         GPG Input and Output.
-                                                              (line 321)
-* xauthority:                            Agent Options.       (line 360)
+                                                              (line 327)
+* writecert:                             gpg-card.            (line 217)
+* writekey:                              gpg-card.            (line 224)
+* xauthority:                            Agent Options.       (line 306)
 * yes:                                   GPG Configuration Options.
                                                               (line  63)
-* yes <1>:                               gpgtar.              (line 108)
-
-
-File: gnupg.info,  Node: Environment Index,  Next: Index,  Prev: Option Index,  Up: Top
-
-Environment Variable and File Index
-***********************************
-
-[index]
-* Menu:
-
-* .gpg-v21-migrated:                     GPG Configuration.   (line  77)
-* ~/.gnupg:                              GPG Configuration.   (line  27)
-* ASSUAN_DEBUG:                          Scdaemon Options.    (line 122)
-* COLUMNS:                               GPG Configuration.   (line 118)
-* com-certs.pem:                         GPGSM Configuration. (line  84)
-* dirmngr.conf:                          Dirmngr Configuration.
-                                                              (line  12)
-* DISPLAY:                               GPGSM OPTION.        (line  21)
-* GNUPGHOME:                             Agent Options.       (line  17)
-* GNUPGHOME <1>:                         GPG Configuration Options.
-                                                              (line 260)
-* GNUPGHOME <2>:                         GPG Configuration.   (line 106)
-* GNUPGHOME <3>:                         Configuration Options.
-                                                              (line  16)
-* GNUPGHOME <4>:                         Scdaemon Options.    (line  13)
-* GNUPGHOME <5>:                         gpgv.                (line  69)
-* GNUPGHOME <6>:                         Invoking gpgconf.    (line 120)
-* GNUPGHOME <7>:                         Invoking gpg-connect-agent.
-                                                              (line  21)
-* GNUPG_BUILD_ROOT:                      GPG Configuration.   (line 130)
-* GNUPG_EXEC_DEBUG_FLAGS:                GPG Configuration.   (line 135)
-* gpg-agent.conf:                        Agent Configuration. (line  11)
-* gpg.conf:                              GPG Configuration.   (line  11)
-* gpgconf.ctl:                           Agent Options.       (line  28)
-* gpgconf.ctl <1>:                       GPG Configuration Options.
-                                                              (line 271)
-* gpgconf.ctl <2>:                       Configuration Options.
-                                                              (line  27)
-* gpgconf.ctl <3>:                       Scdaemon Options.    (line  24)
-* gpgconf.ctl <4>:                       gpgv.                (line  80)
-* gpgconf.ctl <5>:                       Invoking gpgconf.    (line 131)
-* gpgconf.ctl <6>:                       Invoking gpg-connect-agent.
-                                                              (line  32)
-* gpgsm.conf:                            GPGSM Configuration. (line  11)
-* GPG_TTY:                               Invoking GPG-AGENT.  (line  22)
-* GPG_TTY <1>:                           GPGSM OPTION.        (line  23)
-* help.txt:                              GPGSM Configuration. (line  72)
-* HKCU\Software\GNU\GnuPG:DefaultLogFile: Agent Options.      (line 159)
-* HKCU\Software\GNU\GnuPG:HomeDir:       Agent Options.       (line  17)
-* HKCU\Software\GNU\GnuPG:HomeDir <1>:   GPG Configuration Options.
-                                                              (line 260)
-* HKCU\Software\GNU\GnuPG:HomeDir <2>:   Configuration Options.
-                                                              (line  16)
-* HKCU\Software\GNU\GnuPG:HomeDir <3>:   Scdaemon Options.    (line  13)
-* HKCU\Software\GNU\GnuPG:HomeDir <4>:   gpgv.                (line  69)
-* HKCU\Software\GNU\GnuPG:HomeDir <5>:   Invoking gpgconf.    (line 120)
-* HKCU\Software\GNU\GnuPG:HomeDir <6>:   Invoking gpg-connect-agent.
-                                                              (line  21)
-* HOME:                                  GPG Configuration.   (line 103)
-* http_proxy:                            Dirmngr Options.     (line 240)
-* LANGUAGE:                              GPG Configuration.   (line 121)
-* LC_CTYPE:                              GPGSM OPTION.        (line  27)
-* LC_MESSAGES:                           GPGSM OPTION.        (line  29)
-* LINES:                                 GPG Configuration.   (line 118)
-* openpgp-revocs.d:                      GPG Configuration.   (line  91)
-* PATH:                                  GPG Configuration Options.
-                                                              (line 225)
-* PINENTRY_USER_DATA:                    GPG Configuration.   (line 113)
-* PINENTRY_USER_DATA <1>:                GPGSM OPTION.        (line  33)
-* policies.txt:                          GPGSM Configuration. (line  18)
-* private-keys-v1.d:                     Agent Configuration. (line 106)
-* pubring.gpg:                           GPG Configuration.   (line  32)
-* pubring.kbx:                           GPG Configuration.   (line  50)
-* pubring.kbx <1>:                       GPGSM Configuration. (line 100)
-* qualified.txt:                         GPGSM Configuration. (line  33)
-* random_seed:                           GPG Configuration.   (line  88)
-* random_seed <1>:                       GPGSM Configuration. (line 106)
-* S.gpg-agent:                           GPGSM Configuration. (line 111)
-* secring.gpg:                           GPG Configuration.   (line  69)
-* SHELL:                                 Agent Options.       (line 146)
-* sshcontrol:                            Agent Configuration. (line  76)
-* TERM:                                  GPGSM OPTION.        (line  25)
-* trustdb.gpg:                           GPG Configuration.   (line  80)
-* trustlist.txt:                         Agent Configuration. (line  20)
-* XAUTHORITY:                            GPGSM OPTION.        (line  31)
-
-
-File: gnupg.info,  Node: Index,  Prev: Environment Index,  Up: Top
-
-Index
-*****
-
-[index]
-* Menu:
-
-* command options:                       Invoking GPG-AGENT.   (line  6)
-* command options <1>:                   Invoking DIRMNGR.     (line  6)
-* command options <2>:                   Invoking GPG.         (line  6)
-* command options <3>:                   Invoking GPGSM.       (line  6)
-* command options <4>:                   Invoking SCDAEMON.    (line  6)
-* contributors:                          Contributors.         (line  6)
-* DIRMNGR command options:               Invoking DIRMNGR.     (line  6)
-* GPG command options:                   Invoking GPG.         (line  6)
-* GPG-AGENT command options:             Invoking GPG-AGENT.   (line  6)
-* gpgconf.conf:                          Files used by gpgconf.
-                                                               (line  7)
-* GPGSM command options:                 Invoking GPGSM.       (line  6)
-* options, DIRMNGR command:              Invoking DIRMNGR.     (line  6)
-* options, GPG command:                  Invoking GPG.         (line  6)
-* options, GPG-AGENT command:            Invoking GPG-AGENT.   (line  6)
-* options, GPGSM command:                Invoking GPGSM.       (line  6)
-* options, SCDAEMON command:             Invoking SCDAEMON.    (line  6)
-* relax:                                 Agent Configuration.  (line 64)
-* scd-event:                             Scdaemon Configuration.
-                                                               (line 18)
-* SCDAEMON command options:              Invoking SCDAEMON.    (line  6)
-* scdaemon.conf:                         Scdaemon Configuration.
-                                                               (line 11)
-* SIGHUP:                                Agent Signals.        (line 12)
-* SIGHUP <1>:                            Dirmngr Signals.      (line 12)
-* SIGINT:                                Agent Signals.        (line 31)
-* SIGINT <1>:                            Dirmngr Signals.      (line 26)
-* SIGTERM:                               Agent Signals.        (line 26)
-* SIGTERM <1>:                           Dirmngr Signals.      (line 19)
-* SIGUSR1:                               Agent Signals.        (line 34)
-* SIGUSR1 <1>:                           Dirmngr Signals.      (line 29)
-* SIGUSR2:                               Agent Signals.        (line 37)
-* swdb.lst:                              Files used by gpgconf.
-                                                               (line 14)
-* trust values:                          Trust Values.         (line  6)
+* yubikey:                               gpg-card.            (line 229)
 
diff --git a/doc/gnupg.info-3 b/doc/gnupg.info-3
new file mode 100644
index 0000000000000000000000000000000000000000..3bd393147b059677b283056d2d7a857ad66b383f
GIT binary patch
literal 9063
zcmcIpZI9Z<7VgK2KXH%xrMuDMU=wx|T2-PfVNrP#Hoc8*s+BPVYsJ{qHZ**>zx|$>
z<MG<Y9`EfE6j=)yKYr#puXAiYxe?&Mt$)~WHP_z+H?R+b^}%6lSe;;Je_{MrII=Ku
z10Qa+4s60;m)sGvuddc;SP4x0#NbB@FT?2)=AnDEof8ZXcDRO#?H_FKN4SzmhSt_v
z%@vDn{kHS|rZKTY=Lw9Kp<g2+09^I2@oUSt;n#QK+7Z`ValPYLy#*gb#=s0V@!xjH
z;A3#`*LI9lZ(!s*T7yvZwpcAt^bY)+g+2@6x4?NyR|srfVC#3VMdW_4#+~d|55xyx
z&cdA=2_3j*q3y>gQyhR3>`ynacB43SSBIE^?XTYkA?$*+yE#FO^6(u2tOMt;V}1<C
z5(#j<Vg!vK*oZG&w;@Arwg>aW%5xnUyAJasgiIjz{O9P2?85=71o#P<i~k>{wreL(
zAu0*(4Is}eJBCwm2qD;W>8_Fg2|OFA$(uC*ZdbH-oI^o|f}Laguwt;`@`LM(%|y)M
zXn^~5V-E@c&_|tIfBS>h7)?LUn)jnc(;W1z(QGO_W*NJl8@nuOm{xCLHPc0dskQjj
zcmv!0*66~O@YZXjlzwJ==Ff+7e3TQO#2&Z_Aab`pJ`YV4cpBXw?aBbmx0BIi@PgZ$
z_7=BOgy7QPZbKHs7j}ZR&31v$AGmhIoxcr>>jD1II;{`TUyKFMS>K!^K!~xCxvS}T
zZvJ5<chMTHF__*L^=ka9@zM2IHy7P7MX&C{z(2ZS;0s?Ip)Y>D0hpq3yBIa}Z62~?
z7iJ`;{BgPOf)(r=jqLru+o5Z(JmK}gpGX*uH}#)J<Gb(w<MJnd_x+!!*M#|pZUg_&
z(A3SNp*MFf#u<iLH??*4kKufXVd`((?EzPzvvH@m@?4(*+}&Lx(0|`*!d=SmPq9=$
zh5+iB=CU_^ydV6!94f#}hpe9{7YQ#VMtaNOjQX?jaxyg)7=o38k*>ezKu)l0IxLJM
zZO_oFt3C*1PKqk!G)lZwb5O}@9JnWEE<jN>sd{+r?+FoINOM0j=i}Zd1qXpgJDSaT
z;z+YV0)*uQrNKNpA3n?`12t5S2XoF+h%XrltEWKlv;Ipp*qO0X(2K}pbl&B51wR}A
z51Hqn&|9|!ptb@i7g?9x5$HuC?-WE7K?Qodu%nIw2(!vD^%&`!iNS9_6o76OKqLPc
zeBq@95qa2T!(8tafbL!h)I=m7izXEr?INxN?}R=)or=<>4sr^JoZYoFAVg##kQ#zi
zJqw6u9|T<j3E`aBtBxxGRfrlQ4N40jkSa*e7+uz(jay;$9GU7M%_)3YB0%LTN2EH)
zRgq<gq>}@x4pLlJ8CmaJJRovF)j_I?EJGxX98h(TW`Vv*WKmK^Hqov=B&cTP>|Tg0
zT=8gGwZ$*p7OrphhS(ZoXvyLys%QeF3I-me#HgZ*ilp(xyuB9lrcn7Ipz^IzR6P9F
zUw)Qnw9i;mKM(!GeAvBb8~fnJ<6ujTYFV(;*7UY;#wwtPV8^gMkwnXIq(-`^>oq`9
zJKS2n-MMV6CUw1*3?-7B!j~nIl;c_=lt@%bgUWF&5G4{-(x7r&3q*+|4GNhXxWgu%
zL*=*@h!RN_=$j-BD#!J$sff5U_j|6QdW%9dj`xo^vH5zEzF!)uvUR89934s$eT=rq
z&g0&6xWsg#gb_(29}pQv)OwHmkA3UY`~^UGDyhgmB192rGB8c#q&zDr)0k-K#-phk
zf+SOkO$V+3rwse;zKJK}z=^bqGbvB3RT{wu(fiDM)<ccZoYNW5WrN<(g*<bVhtF3Y
zm*!ycc;B;nrPR*IWGqiXe-0$mXwD}QsM7Ln;ne#8$4WQ`s;NB$l*@|GB~`SBdp?4U
zSrdmcQS+!*SxnLO>Mc=saOf6dx6h{%rQ#$TRA>ZkQJW>um(|yQ3e*wtngJ?R`I%AW
z;s1jW`!5{Jx*M0R)oQE6Cad8%bRFy-BUUx6AxbKZ-V3W`fd28;glC&#ie%HoF6V=}
zFN&=t=I67$SDK&7nfWjnk5z^zVv7Dnrz{&qPfp;+VW2!bC8wwI5V;ecZ4DNadP3@E
zQJj3@@DRo8)oVh8&ItktN8GX6Ar(Q3F9!I5<B#6bdYCOnH9a+%zq}H)F<q<1sB$h!
z!_w?fRQ^voF%>`1Otf<9i4(mYpIg%yKB}@y+N2=$^avpPTX94x09A!i3WSsR$#l5j
zDP8tWP!3dnrcHs65rNbKm7htoK;}e3$q5a&>e<%H&!j1k*}v}%Cdr^M4}|f<U)Ka-
zrP8<y44!nE<dfGZ5wFOsXuXtCrPwH59SD~-1*#M~^$Rsz7O32hWIK(yMl~7cr?&_W
z5xta>H@$LxB^{dPu%c-w*uJQ6UYc_ENkZ!e3RWv%rP5RyD+S6}tpM^eV`YKJ3esvh
zxRg<9T<(ooht2|F(NDz6ffO0lXe48&94locmx=JmG76bzEBhSIN6z>PRVvxqt!SGf
zXWe8+@iL5VDZi!%(>&H?9Ffida<5X7id<c<4Q`2E6RKnD+ippmM$FOhVL3nZlcK~_
za7}!rYJ15E5|@y<>Gcf(RTY~QPaa0|Pz9jT)Or;oUb)`@GD4tNF`}6x0==YDQfZU}
zs-vXTh??8caA_{|I+0Y2Xr_i+<3O)rWMmlO3wrfO$w(yo=x^*Jy{K;P_${jrIkad+
W;b?mYrfLx^-ulAtVp&;>(D)xQ^L;A-

literal 0
HcmV?d00001

diff --git a/doc/gnupg.texi b/doc/gnupg.texi
index 3364148..78d4669 100644
--- a/doc/gnupg.texi
+++ b/doc/gnupg.texi
@@ -142,15 +142,16 @@ the administration and the architecture.
 * Specify a User ID::   How to Specify a User Id.
 * Trust Values::        How GnuPG displays trust values.
 
-* Helper Tools::        Description of small helper tools
-* Web Key Service::     Tools for the Web Key Service
+* Smart Card Tool::     Tool to administrate smart cards.
+* Helper Tools::        Description of small helper tools.
+* Web Key Service::     Tools for the Web Key Service.
 
 * Howtos::              How to do certain things.
 * System Notes::        Notes pertaining to certain OSes.
-* Debugging::           How to solve problems
+* Debugging::           How to solve problems.
 
 * Copying::             GNU General Public License says
-                        how you can copy and share GnuPG
+                        how you can copy and share GnuPG.
 * Contributors::        People who have contributed to GnuPG.
 
 * Glossary::            Short description of terms used.
@@ -186,6 +187,7 @@ the administration and the architecture.
 @cindex trust values
 @include trust-values.texi
 
+@include gpg-card.texi
 @include tools.texi
 @include wks.texi
 
@@ -237,5 +239,3 @@ the administration and the architecture.
 
 
 @bye
-
-
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 8766250..41bfb09 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -205,14 +205,14 @@ if used in an options file.
 
 
 @item -v
-@itemx --verbose
+@item --verbose
 @opindex verbose
 Outputs additional information while running.
 You can increase the verbosity by giving several
 verbose commands to @command{gpg-agent}, such as @samp{-vv}.
 
 @item -q
-@itemx --quiet
+@item --quiet
 @opindex quiet
 Try to be as quiet as possible.
 
@@ -256,30 +256,11 @@ however carefully selected to best aid in debugging.
 
 @item --debug @var{flags}
 @opindex debug
-This option is only useful for debugging and the behavior may change at
-any time without notice.  FLAGS are bit encoded and may be given in
-usual C-Syntax. The currently defined bits are:
-
-@table @code
-@item 0  (1)
-X.509 or OpenPGP protocol related data
-@item 1  (2)
-values of big number integers
-@item 2  (4)
-low level crypto operations
-@item 5  (32)
-memory allocation
-@item 6  (64)
-caching
-@item 7  (128)
-show memory statistics
-@item 9  (512)
-write hashed data to files named @code{dbgmd-000*}
-@item 10 (1024)
-trace Assuan protocol
-@item 12 (4096)
-bypass all certificate validation
-@end table
+Set debug flags.  All flags are or-ed and @var{flags} may be given
+in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
+To get a list of all supported flags the single word "help" can be
+used. This option is only useful for debugging and the behavior may
+change at any time without notice.
 
 @item --debug-all
 @opindex debug-all
@@ -316,15 +297,6 @@ Pinentry.  As of now it is only useful when used along with
 Don't detach the process from the console.  This is mainly useful for
 debugging.
 
-@item --steal-socket
-@opindex steal-socket
-In @option{--daemon} mode, gpg-agent detects an already running
-gpg-agent and does not allow to start a new instance. This option can
-be used to override this check: the new gpg-agent process will try to
-take over the communication sockets from the already running process
-and start anyway.  This option should in general not be used.
-
-
 @item -s
 @itemx --sh
 @itemx -c
@@ -366,21 +338,6 @@ Do not allow clients to mark keys as trusted, i.e. put them into the
 @file{trustlist.txt} file.  This makes it harder for users to inadvertently
 accept Root-CA keys.
 
-
-@anchor{option --no-user-trustlist}
-@item --no-user-trustlist
-@opindex no-user-trustlist
-Entirely ignore the user trust list and consider only the global
-trustlist (@file{@value{SYSCONFDIR}/trustlist.txt}).  This
-implies the @ref{option --no-allow-mark-trusted}.
-
-@item --sys-trustlist-name @var{file}
-@opindex sys-trustlist-name
-Changes the default name for the global trustlist from "trustlist.txt"
-to @var{file}.  If @var{file} does not contain any slashes and does
-not start with "~/" it is searched in the system configuration
-directory (@file{@value{SYSCONFDIR}}).
-
 @anchor{option --allow-preset-passphrase}
 @item --allow-preset-passphrase
 @opindex allow-preset-passphrase
@@ -472,17 +429,11 @@ of digits or special characters a warning will be displayed.  Defaults
 to 1.
 
 @item --check-passphrase-pattern @var{file}
-@itemx --check-sym-passphrase-pattern @var{file}
 @opindex check-passphrase-pattern
-@opindex check-sym-passphrase-pattern
 Check the passphrase against the pattern given in @var{file}.  When
 entering a new passphrase matching one of these pattern a warning will
-be displayed.  If @var{file} does not contain any slashes and does not
-start with "~/" it is searched in the system configuration directory
-(@file{@value{SYSCONFDIR}}).  The default is not to use any
-pattern file.  The second version of this option is only used when
-creating a new symmetric key to allow the use of different patterns
-for such passphrases.
+be displayed. @var{file} should be an absolute filename.  The default is
+not to use any pattern file.
 
 Security note: It is known that checking a passphrase against a list of
 pattern or even against a complete dictionary is not very effective to
@@ -514,19 +465,6 @@ user input.  The default value of 0 does not ask the pinentry to
 timeout, however a Pinentry may use its own default timeout value in
 this case.  A Pinentry may or may not honor this request.
 
-@item --pinentry-formatted-passphrase
-@opindex pinentry-formatted-passphrase
-This option asks the Pinentry to enable passphrase formatting when asking the
-user for a new passphrase and masking of the passphrase is turned off.
-
-If passphrase formatting is enabled, then all non-breaking space characters
-are stripped from the entered passphrase.  Passphrase formatting is mostly
-useful in combination with passphrases generated with the GENPIN
-feature of some Pinentries.  Note that such a generated
-passphrase, if not modified by the user, skips all passphrase
-constraints checking because such constraints would actually weaken
-the generated passphrase.
-
 @item --pinentry-program @var{filename}
 @opindex pinentry-program
 Use program @var{filename} as the PIN entry.  The default is
@@ -632,16 +570,15 @@ remote machine.
 @itemx --disable-extended-key-format
 @opindex enable-extended-key-format
 @opindex disable-extended-key-format
-Since version 2.2.22 keys are created in the extended private key
-format by default.  Changing the passphrase of a key will also convert
-the key to that new format.  This key format is supported since GnuPG
-version 2.1.12 and thus there should be no need to disable it.
-Anyway, the disable option still allows to revert to the old behavior
-for new keys; be aware that keys are never migrated back to the old
-format.  If the enable option has been used the disable option won't
-have an effect.  The advantage of the extended private key format is
-that it is text based and can carry additional meta data.  In extended
-key format the OCB mode is used for key protection.
+Since version 2.3 keys are created in the extended private key format.
+Changing the passphrase of a key will also convert the key to that new
+format.  This new key format is supported since GnuPG version 2.1.12
+and thus there should be no need to disable it.  The disable option
+allows to revert to the old behavior for new keys; be aware that keys
+are never migrated back to the old format.  However if the enable
+option has been used the disable option won't have an effect.  The
+advantage of the extended private key format is that it is text based
+and can carry additional meta data.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support
@@ -809,9 +746,7 @@ that this file can't be changed inadvertently.
 
 As a special feature a line @code{include-default} will include a global
 list of trusted certificates (e.g. @file{@value{SYSCONFDIR}/trustlist.txt}).
-This global list is also used if the local list is not available;
-the @ref{option --no-user-trustlist} enforces the use of only
-this global list.
+This global list is also used if the local list is not available.
 
 It is possible to add further flags after the @code{S} for use by the
 caller:
@@ -1537,7 +1472,7 @@ Incremented with any change of any of the other counters.
 @item KEY
 Incremented for added or removed private keys.
 @item CARD
-Incremented for changes of the card readers stati.
+Incremented for each change of the card reader's status.
 @end table
 
 @node Agent GETINFO
diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi
new file mode 100644
index 0000000..c215167
--- /dev/null
+++ b/doc/gpg-card.texi
@@ -0,0 +1,861 @@
+@c card-tool.texi - man page for gpg-card-tool
+@c Copyright (C) 2019 g10 Code GmbH
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file GnuPG.texi.
+
+@include defs.inc
+
+@node Smart Card Tool
+@chapter Smart Card Tool
+
+GnuPG comes with a tool to administrate smart cards and USB tokens.
+This tool is an enhanced version of the @option{--edit-key} command
+available with @command{gpg}.
+
+@menu
+* gpg-card::             Administrate smart cards.
+@end menu
+
+@c
+@c  GPG-CARD-TOOL
+@c
+@manpage gpg-card.1
+@node gpg-card
+@section Administrate smart cards.
+@ifset manverb
+.B gpg-card
+\- Administrate Smart Cards
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-card
+.RI [ options ]
+.br
+.B gpg-card
+.RI [ options ]
+.I command
+.RI {
+.B --
+.I command
+.RI }
+@end ifset
+
+@mansect description
+The @command{gpg-card} is used to administrate smart cards and USB
+tokens.  It provides a superset of features from @command{gpg
+--card-edit} an can be considered a frontend to @command{scdaemon}
+which is a daemon started by @command{gpg-agent} to handle smart
+cards.
+
+If @command{gpg-card} is invoked without commands an interactive
+mode is used.
+
+If @command{gpg-card} is invoked with one or more commands the
+same commands as available in the interactive mode are run from the
+command line.  These commands need to be delimited with a double-dash.
+If a double-dash or a shell specific character is required as part of
+a command the entire command needs to be put in quotes.  If one of
+those commands returns an error the remaining commands are not anymore
+run unless the command was prefixed with a single dash.
+
+A list of commands is available by using the command @code{help} and a
+brief description of each command is printed by using @code{help CMD}.
+See the section COMMANDS for a full description.
+
+See the NOTES sections for instructions pertaining to specific cards
+or card applications.
+
+@mansect options
+@noindent
+@command{gpg-card} understands these options:
+
+@table @gnupgtabopt
+
+@item --with-colons
+@opindex with-colons
+This option has currently no effect.
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}.  This
+program returns only the status messages SUCCESS or FAILURE which are
+helpful when the caller uses a double fork approach and can't easily
+get the return code of the process.
+
+@item --verbose
+@opindex verbose
+Enable extra informational output.
+
+@item --quiet
+@opindex quiet
+Disable almost all informational output.
+
+@item --version
+@opindex version
+Print version of the program and exit.
+
+@item --help
+@opindex help
+Display a brief help page and exit.
+
+@item --no-autostart
+@opindex no-autostart
+Do not start the gpg-agent if it has not yet been started and its
+service is required.  This option is mostly useful on machines where
+the connection to gpg-agent has been redirected to another machines.
+
+@item --no-history
+@opindex --no-history
+In interactive mode the command line history is usually saved and
+restored to and from a file below the GnuPG home directory.  This
+option inhibits the use of that file.
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify the agent program to be started if none is running.  The
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}.
+
+@item --gpg-program @var{file}
+@opindex gpg-program
+Specify a non-default gpg binary to be used by certain commands.
+
+@item --gpgsm-program @var{file}
+@opindex gpgsm-program
+Specify a non-default gpgsm binary to be used by certain commands.
+
+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to run gpg-card for
+another user.  If @var{uid} is not the current UID a standard PATH is
+set and the envvar GNUPGHOME is unset.  To override the latter the
+option @option{--homedir} can be used.  This option has only an effect
+when used on the command line.  This option has currently no effect at
+all on Windows.
+
+@end table
+
+@mansect commands
+@noindent
+@command{gpg-card} understands the following commands, which have
+options of their own.  The pseudo-option @samp{--} can be used to
+separate command options from arguments; if this pseudo option is used
+on the command line the entire command with options and arguments must
+be quoted, so that it is not mixed up with the @samp{--} as used on
+the command line to separate commands.  Note that a short online help
+is available for all commands by prefixing them with ``help''.
+Command completion in the interactive mode is also supported.
+
+@table @gnupgtabopt
+
+@item AUTHENTICATE [--setkey] [--raw] [< @var{file}]|@var{key}]
+@itemx AUTH
+@opindex authenticate
+Authenticate to the card.  Perform a mutual autentication either by
+reading the key from @var{file} or by taking it from the command line
+as @var{key}.  Without the option @option{--raw} the key is expected
+to be hex encoded.  To install a new administration key
+@option{--setkey} is used; this requires a prior authentication with
+the old key.  This is used with PIV cards.
+
+
+@item CAFPR [--clear] N
+@opindex cafpr
+Change the CA fingerprint number N of an OpenPGP card.  N must be in the
+range 1 to 3.  The option @option{--clear} clears the specified
+CA fingerprint N or all of them if N is 0 or not given.
+
+@item FACTORY-RESET
+@opindex factory-reset
+Do a complete reset of some OpenPGP and PIV cards.  This command
+deletes all data and keys and resets the PINs to their default.  Don't
+worry, you need to confirm before the command proceeds.
+
+@item FETCH
+@opindex fetch
+Retrieve a key using the URL data object of an OpenPGP card or if that
+is missing using the stored fingerprint.
+
+@item FORCESIG
+@opindex forcesig
+Toggle the forcesig flag of an OpenPGP card.
+
+@item GENERATE [--force] [--algo=@var{algo}@{+@var{algo2}@}] @var{keyref}
+@opindex generate
+Create a new key on a card.  Use @option{--force} to overwrite an
+existing key.  Use "help" for @var{algo} to get a list of known
+algorithms.  For OpenPGP cards several algos may be given.  Note that
+the OpenPGP key generation is done interactively unless
+@option{--algo} or @var{keyref} are given.
+
+@item KDF-SETUP
+@opindex kdf-setup
+Prepare the OpenPGP card KDF feature for this card.
+
+@item LANG [--clear]
+@opindex lang
+Change the language info for the card.  This info can be used by
+applications for a personalized greeting.  Up to 4 two-digit language
+identifiers can be entered as a preference.  The option
+@option{--clear} removes all identifiers.  GnuPG does not use this
+info.
+
+@item LIST [--cards] [--apps] [--info] [--no-key-lookup] [@var{n}] [@var{app}]
+@itemx L
+@opindex list
+This command reads all information from the current card and display
+them in a human readable format.  The first section shows generic
+information vaialable for all cards.  The next section shows
+information pertaining to keys which depend on the actual card and
+application.
+
+With @var{n} given select and list the n-th card;
+with @var{app} also given select that application.
+To select an @var{app} on the current card use "-" for @var{n}.
+The serial number of the card may be used instead of @var{n}.
+
+The option @option{--cards} lists the serial numbers of available
+cards.  The option @option{--apps} lists all card applications.  The
+option @option{--info} selects a card and prints its serial number.
+The option @option{--no-key-lookup} suppresses the listing of matching
+OpenPGP or X.509 keys.
+
+
+@item LOGIN [--clear] [< @var{file}]
+@opindex login
+Set the login data object of OpenPGP cards.  If @var{file} is given
+the data is is read from that file.  This allows to store binary data
+in the login field.  The option @option{--clear} deletes the login
+data object.
+
+@item NAME [--clear]
+@opindex name
+Set the name field of an OpenPGP card.  With option @option{--clear}
+the stored name is cleared off the card.
+
+@item PASSWD [--reset|--nullpin] [@var{pinref}]
+@opindex passwd
+Change or unblock the PINs.  Note that in interactive mode and without
+a @var{pinref} a menu is presented for certain cards."  In
+non-interactive mode and without a @var{pinref} a default value i used
+for these cards.  The option @option{--reset} is used with TCOS cards
+to reset the PIN using the PUK or vice versa; the option
+@var{--nullpin} is used for these cards to set the intial PIN.
+
+@item PRIVATEDO [--clear] @var{n} [< @var{file}]
+@opindex privatedo
+Change the private data object @var{n} of an OpenPGP card.  @var{n}
+must be in the range 1 to 4.  If @var{file} is given the data is is
+read from that file.  The option @option{--clear} clears the data.
+
+@item QUIT
+@itemx Q
+@opindex quit
+@opindex q
+Stop processing and terminate @command{gpg-card}.
+
+@item READCERT [--openpgp] @var{certref} > @var{file}
+@opindex readcert
+Read the certificate for key @var{certref} and store it in @var{file}.
+With option @option{--openpgp} an OpenPGP keyblock wrapped in a
+dedicated CMS content type (OID=1.3.6.1.4.1.11591.2.3.1) is expected
+and extracted to @var{file}.  Note that for current OpenPGP cards a
+certificate may only be available at the @var{certref} "OPENPGP.3".
+
+@item RESET
+@opindex reset
+Send a reset to the card daemon.
+
+@item SALUTATION [--clear]
+@itemx SALUT
+@opindex salutation
+@opindex salut
+Change the salutation info for the card.  This info can be used by
+applications for a personalized greeting.  The option @option{--clear}
+removes this data object.  GnuPG does not use this info.
+
+@item UIF @var{N} [on|off|permanent]
+@opindex uif
+Change the User Interaction Flag.  That flags tells whether the
+confirmation button of a token shall be used.  @var{n} must in the
+range 1 to 3.  "permanent" is the same as "on" but the flag can't be
+changed anmore.
+
+@item UNBLOCK
+@opindex unblock
+Unblock a PIN using a PUK or Reset Code.  Note that OpenPGP cards
+prior to version 2 can't use this; instead the @command{PASSWD} can be
+used to set a new PIN.
+
+@item URL [--clear]
+@opindex url
+Set the URL data object of an OpenPGP card.  That data object can be
+used by by @command{gpg}'s @option{--fetch} command to retrieve the
+full public key.  The option @option{--clear} deletes the content of
+that data object.
+
+@item VERIFY [@var{chvid}]
+@opindex verify
+Verify the PIN identified by @var{chvid} or the default PIN.
+
+@item WRITECERT @var{certref}  < @var{file}
+@itemx WRITECERT --openpgp @var{certref} [< @var{file}|@var{fpr}]
+@itemx WRITECERT --clear @var{certref}
+@opindex writecert
+Write a certificate to the card under the id @var{certref}.  The
+option @option{--clear} removes the certificate from the card.  The
+option @option{--openpgp} expects an OpenPGP keyblock and stores it
+encapsulated in a CMS container; the keyblock is taken from @var{file}
+or directly from the OpenPGP key identified by fingerprint @var{fpr}.
+
+@item WRITEKEY [--force] @var{keyref} @var{keygrip}
+@opindex writekey
+Write a private key object identified by @var{keygrip} to the card
+under the id @var{keyref}.  Option @option{--force} allows overwriting
+an existing key.
+
+@item YUBIKEY @var{cmd} @var{args}
+@opindex yubikey
+Various commands pertaining to Yubikey tokens with @var{cmd} being:
+@table @var
+@item LIST
+List supported and enabled Yubikey applications.
+@item ENABLE  usb|nfc|all [otp|u2f|opgp|piv|oath|fido2|all]
+@itemx DISABLE
+Enable or disable the specified or all applications on the
+given interface.
+@end table
+
+@end table
+
+@mansect notes (OpenPGP)
+The support for OpenPGP cards in @command{gpg-card} is not yet
+complete.  For missing features, please continue to use @code{gpg
+--card-edit}.
+
+@mansect notes (PIV)
+@noindent
+GnuPG has support for PIV cards (``Personal Identity Verification''
+as specified by NIST Special Publication 800-73-4).  This section
+describes how to initialize (personalize) a fresh Yubikey token
+featuring the PIV application (requires Yubikey-5).  We assume that
+the credentials have not yet been changed and thus are:
+@table @asis
+@item Authentication key
+This is a 24 byte key described by the hex string @*
+@code{010203040506070801020304050607080102030405060708}.
+@item PIV Application PIN
+This is the string @code{123456}.
+@item PIN Unblocking Key
+This is the string @code{12345678}.
+@end table
+See the example section on how to change these defaults.  For
+production use it is important to use secure values for them.  Note that
+the Authentication Key is not queried via the usual Pinentry dialog
+but needs to be entered manually or read from a file.  The use of a
+dedicated machine to personalize tokens is strongly suggested.
+
+To see what is on the card, the command @code{list} can be given.  We
+will use the interactive mode in the following (the string
+@emph{gpg/card>} is the prompt).  An example output for a fresh card
+is:
+
+@example
+gpg/card> list
+Reader ...........: 1050:0407:X:0
+Card type ........: yubikey
+Card firmware ....: 5.1.2
+Serial number ....: D2760001240102010006090746250000
+Application type .: OpenPGP
+Version ..........: 2.1
+[...]
+@end example
+
+It can be seen by the ``Application type'' line that GnuPG selected
+the OpenPGP application of the Yubikey.  This is because GnuPG assigns
+the highest priority to the OpenPGP application.  To use the PIV
+application of the Yubikey several methods can be used:
+
+With a Yubikey 5 or later the OpenPGP application on the Yubikey can
+be disabled:
+
+@example
+gpg/card> yubikey disable all opgp
+gpg/card> yubikey list
+Application  USB    NFC
+-----------------------
+OTP          yes    yes
+U2F          yes    yes
+OPGP         no     no
+PIV          yes    no
+OATH         yes    yes
+FIDO2        yes    yes
+gpg/card> reset
+@end example
+
+The @code{reset} is required so that the GnuPG system rereads the
+card.  Note that disabled applications keep all their data and can at
+any time be re-enabled (use @kbd{help yubikey}).
+
+Another option, which works for all Yubikey versions, is to disable
+the support for OpenPGP cards in scdaemon.  This is done by adding the
+line
+
+@smallexample
+disable-application openpgp
+@end smallexample
+
+to @file{~/.gnupg/scdaemon.conf} and by restarting scdaemon, either by
+killing the process or by using @kbd{gpgconf --kill scdaemon}.  Finally
+the default order in which card applications are tried by scdaemon can
+be changed.   For example to prefer PIV over OpenPGP it is sufficient
+to add
+
+@smallexample
+application-priority piv
+@end smallexample
+
+to @file{~/.gnupg/scdaemon.conf} and to restart @command{scdaemon}.
+This has an effect only on tokens which support both, PIV and OpenPGP,
+but does not hamper the use of OpenPGP only tokens.
+
+With one of these methods employed the @code{list} command of
+@command{gpg-card} shows this:
+
+@example
+gpg/card> list
+Reader ...........: 1050:0407:X:0
+Card type ........: yubikey
+Card firmware ....: 5.1.2
+Serial number ....: FF020001008A77C1
+Application type .: PIV
+Version ..........: 1.0
+Displayed s/n ....: yk-9074625
+PIN usage policy .: app-pin
+PIN retry counter : - 3 -
+PIV authentication: [none]
+      keyref .....: PIV.9A
+Card authenticat. : [none]
+      keyref .....: PIV.9E
+Digital signature : [none]
+      keyref .....: PIV.9C
+Key management ...: [none]
+      keyref .....: PIV.9D
+@end example
+
+In case several tokens are plugged into the computer, gpg-card will
+show only one.  To show another token the number of the token (0, 1,
+2, ...) can be given as an argument to the @code{list} command.  The
+command @kbd{list --cards} prints a list of all inserted tokens.
+
+Note that the ``Displayed s/n'' is printed on the token and also
+shown in Pinentry prompts asking for the PIN.  The four standard key
+slots are always shown, if other key slots are initialized they are
+shown as well.  The @emph{PIV authentication} key (internal reference
+@emph{PIV.9A}) is used to authenticate the card and the card holder.
+The use of the associated private key is protected by the Application
+PIN which needs to be provided once and the key can the be used until
+the card is reset or removed from the reader or USB port.  GnuPG uses
+this key with its @emph{Secure Shell} support.  The @emph{Card
+authentication} key (@emph{PIV.9E}) is also known as the CAK and used
+to support physical access applications.  The private key is not
+protected by a PIN and can thus immediately be used.  The @emph{Digital
+signature} key (@emph{PIV.9C}) is used to digitally sign documents.
+The use of the associated private key is protected by the Application
+PIN which needs to be provided for each signing operation.  The
+@emph{Key management} key (@emph{PIV.9D}) is used for encryption.  The
+use of the associated private key is protected by the Application PIN
+which needs to be provided only once so that decryption operations can
+then be done until the card is reset or removed from the reader or USB
+port.
+
+We now generate three of the four keys.  Note that GnuPG does
+currently not use the the @emph{Card authentication} key; however,
+that key is mandatory by the PIV standard and thus we create it too.
+Key generation requires that we authenticate to the card.  This can be
+done either on the command line (which would reveal the key):
+
+@example
+gpg/card> auth 010203040506070801020304050607080102030405060708
+@end example
+
+or by reading the key from a file.  That file needs to consist of one
+LF terminated line with the hex encoded key (as above):
+
+@example
+gpg/card> auth < myauth.key
+@end example
+
+As usual @samp{help auth} gives help for this command.  An error
+message is printed if a non-matching key is used.  The authentication
+is valid until a reset of the card or until the card is removed from
+the reader or the USB port.  Note that that in non-interactive mode
+the @samp{<} needs to be quoted so that the shell does not interpret
+it as a its own redirection symbol.
+
+@noindent
+Here are the actual commands to generate the keys:
+
+@example
+gpg/card> generate --algo=nistp384 PIV.9A
+PIV card no. yk-9074625 detected
+gpg/card> generate --algo=nistp256 PIV.9E
+PIV card no. yk-9074625 detected
+gpg/card> generate --algo=rsa2048 PIV.9C
+PIV card no. yk-9074625 detected
+@end example
+
+If a key has already been created for one of the slots an error will
+be printed; to create a new key anyway the option @samp{--force} can be
+used.  Note that only the private and public keys have been created
+but no certificates are stored in the key slots.  In fact, GnuPG uses
+its own non-standard method to store just the public key in place of
+the the certificate.  Other application will not be able to make use
+these keys until @command{gpgsm} or another tool has been used to
+create and store the respective certificates.   Let us see what the
+list command now shows:
+
+@example
+gpg/card> list
+Reader ...........: 1050:0407:X:0
+Card type ........: yubikey
+Card firmware ....: 5.1.2
+Serial number ....: FF020001008A77C1
+Application type .: PIV
+Version ..........: 1.0
+Displayed s/n ....: yk-9074625
+PIN usage policy .: app-pin
+PIN retry counter : - 3 -
+PIV authentication: 213D1825FDE0F8240CB4E4229F01AF90AC658C2E
+      keyref .....: PIV.9A  (auth)
+      algorithm ..: nistp384
+Card authenticat. : 7A53E6CFFE7220A0E646B4632EE29E5A7104499C
+      keyref .....: PIV.9E  (auth)
+      algorithm ..: nistp256
+Digital signature : 32A6C6FAFCB8421878608AAB452D5470DD3223ED
+      keyref .....: PIV.9C  (sign,cert)
+      algorithm ..: rsa2048
+Key management ...: [none]
+      keyref .....: PIV.9D
+@end example
+
+The primary information for each key is the @emph{keygrip}, a 40 byte
+hex-string identifying the key.  This keygrip is a unique identifier
+for the specific parameters of a key.  It is used by
+@command{gpg-agent} and other parts of GnuPG to associate a private
+key to its protocol specific certificate format (X.509, OpenPGP, or
+SecureShell).  Below the keygrip the key reference along with the key
+usage capabilities are show.  Finally the algorithm is printed in the
+format used by @command {gpg}.  At that point no other information is
+shown because for these new keys gpg won't be able to find matching
+certificates.
+
+Although we could have created the @emph{Key management} key also with
+the generate command, we will create that key off-card so that a
+backup exists.  To accomplish this a key needs to be created with
+either @command{gpg} or @command{gpgsm} or imported in one of these
+tools.  In our example we create a self-signed X.509 certificate (exit
+the gpg-card tool, first):
+
+@example
+$ gpgsm --gen-key -o encr.crt
+   (1) RSA
+   (2) Existing key
+   (3) Existing key from card
+Your selection? 1
+What keysize do you want? (3072) 2048
+Requested keysize is 2048 bits
+Possible actions for a RSA key:
+   (1) sign, encrypt
+   (2) sign
+   (3) encrypt
+Your selection? 3
+Enter the X.509 subject name: CN=Encryption key for yk-9074625,O=example,C=DE
+Enter email addresses (end with an empty line):
+> otto@@example.net
+>
+Enter DNS names (optional; end with an empty line):
+>
+Enter URIs (optional; end with an empty line):
+>
+Create self-signed certificate? (y/N) y
+These parameters are used:
+    Key-Type: RSA
+    Key-Length: 2048
+    Key-Usage: encrypt
+    Serial: random
+    Name-DN: CN=Encryption key for yk-9074625,O=example,C=DE
+    Name-Email: otto@@example.net
+
+Proceed with creation? (y/N)
+Now creating self-signed certificate.  This may take a while ...
+gpgsm: about to sign the certificate for key: &34798AAFE0A7565088101CC4AE31C5C8C74461CB
+gpgsm: certificate created
+Ready.
+$ gpgsm --import encr.crt
+gpgsm: certificate imported
+gpgsm: total number processed: 1
+gpgsm:               imported: 1
+@end example
+
+Note the last step which imported the created certificate.  If you
+you instead created a certificate signing request (CSR) instead of a
+self-signed certificate and sent this off to a CA you would do the
+same import step with the certificate received from the CA.  Take note
+of the keygrip (prefixed with an ampersand) as shown during the
+certificate creation or listed it again using @samp{gpgsm
+--with-keygrip -k otto@@example.net}.  Now to move the key and
+certificate to the card start @command{gpg-card} again and enter:
+
+@example
+gpg/card> writekey PIV.9D 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+gpg/card> writecert PIV.9D < encr.crt
+@end example
+
+If you entered a passphrase to protect the private key, you will be
+asked for it via the Pinentry prompt.  On success the key and the
+certificate has been written to the card and a @code{list} command
+shows:
+
+@example
+[...]
+Key management ...: 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+      keyref .....: PIV.9D  (encr)
+      algorithm ..: rsa2048
+      used for ...: X.509
+        user id ..: CN=Encryption key for yk-9074625,O=example,C=DE
+        user id ..: <otto@@example.net>
+@end example
+
+In case the same key (identified by the keygrip) has been used for
+several certificates you will see several ``used for'' parts.  With
+this the encryption key is now fully functional and can be used to
+decrypt messages encrypted to this certificate.  @sc{Take care:} the
+original key is still stored on-disk and should be moved to a backup
+medium.  This can simply be done by copying the file
+@file{34798AAFE0A7565088101CC4AE31C5C8C74461CB.key} from the directory
+@file{~/.gnupg/private-keys-v1.d/} to the backup medium and deleting
+the file at its original place.
+
+The final example is to create a self-signed certificate for digital
+signatures.  Leave @command{gpg-card} using @code{quit} or by pressing
+Control-D and use gpgsm:
+
+@example
+$ gpgsm --learn
+$ gpgsm --gen-key -o sign.crt
+Please select what kind of key you want:
+   (1) RSA
+   (2) Existing key
+   (3) Existing key from card
+Your selection? 3
+Serial number of the card: FF020001008A77C1
+Available keys:
+   (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384
+   (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256
+   (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048
+   (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048
+Your selection? 3
+Possible actions for a RSA key:
+   (1) sign, encrypt
+   (2) sign
+   (3) encrypt
+Your selection? 2
+Enter the X.509 subject name: CN=Signing key for yk-9074625,O=example,C=DE
+Enter email addresses (end with an empty line):
+> otto@@example.net
+>
+Enter DNS names (optional; end with an empty line):
+>
+Enter URIs (optional; end with an empty line):
+>
+Create self-signed certificate? (y/N)
+These parameters are used:
+    Key-Type: card:PIV.9C
+    Key-Length: 1024
+    Key-Usage: sign
+    Serial: random
+    Name-DN: CN=Signing key for yk-9074625,O=example,C=DE
+    Name-Email: otto@@example.net
+
+Proceed with creation? (y/N) y
+Now creating self-signed certificate.  This may take a while ...
+gpgsm: about to sign the certificate for key: &32A6C6FAFCB8421878608AAB452D5470DD3223ED
+gpgsm: certificate created
+Ready.
+$ gpgsm --import sign.crt
+gpgsm: certificate imported
+gpgsm: total number processed: 1
+gpgsm:               imported: 1
+@end example
+
+The use of @samp{gpgsm --learn} is currently necessary so that
+gpg-agent knows what keys are available on the card.  The need for
+this command will eventually be removed.  The remaining commands are
+similar to the creation of an on-disk key.  However, here we select
+the @samp{Digital signature} key.  During the creation process you
+will be asked for the Application PIN of the card.  The final step is
+to write the certificate to the card using @command{gpg-card}:
+
+@example
+gpg/card> writecert PIV.9C < sign.crt
+@end example
+
+By running list again we will see the fully initialized card:
+
+@example
+Reader ...........: 1050:0407:X:0
+Card type ........: yubikey
+Card firmware ....: 5.1.2
+Serial number ....: FF020001008A77C1
+Application type .: PIV
+Version ..........: 1.0
+Displayed s/n ....: yk-9074625
+PIN usage policy .: app-pin
+PIN retry counter : - [verified] -
+PIV authentication: 213D1825FDE0F8240CB4E4229F01AF90AC658C2E
+      keyref .....: PIV.9A  (auth)
+      algorithm ..: nistp384
+Card authenticat. : 7A53E6CFFE7220A0E646B4632EE29E5A7104499C
+      keyref .....: PIV.9E  (auth)
+      algorithm ..: nistp256
+Digital signature : 32A6C6FAFCB8421878608AAB452D5470DD3223ED
+      keyref .....: PIV.9C  (sign,cert)
+      algorithm ..: rsa2048
+      used for ...: X.509
+        user id ..: CN=Signing key for yk-9074625,O=example,C=DE
+        user id ..: <otto@@example.net>
+Key management ...: 34798AAFE0A7565088101CC4AE31C5C8C74461CB
+      keyref .....: PIV.9D  (encr)
+      algorithm ..: rsa2048
+      used for ...: X.509
+        user id ..: CN=Encryption key for yk-9074625,O=example,C=DE
+        user id ..: <otto@@example.net>
+@end example
+
+It is now possible to sign and to encrypt with this card using gpgsm
+and to use the @samp{PIV authentication} key with ssh:
+
+@example
+$ ssh-add -l
+384 SHA256:0qnJ0Y0ehWxKcx2frLfEljf6GCdlO55OZed5HqGHsaU cardno:yk-9074625 (ECDSA)
+@end example
+
+As usual use ssh-add with the uppercase @samp{-L} to list the public
+ssh key.  To use the certificates with Thunderbird or Mozilla, please
+consult the Scute manual for details.
+
+If you want to use the same PIV keys also for OpenPGP (for example on
+a Yubikey to avoid switching between OpenPGP and PIV), this is also
+possible:
+
+@example
+$ gpgsm --learn
+$ gpg --full-gen-key
+Please select what kind of key you want:
+   (1) RSA and RSA (default)
+   (2) DSA and Elgamal
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+  (14) Existing key from card
+Your selection? 14
+Serial number of the card: FF020001008A77C1
+Available keys:
+   (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384 (auth)
+   (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256 (auth)
+   (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048 (cert,sign)
+   (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048 (encr)
+Your selection? 3
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name:
+Email address: otto@@example.net
+Comment:
+You selected this USER-ID:
+    "otto@@example.net"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
+gpg: key C3AFA9ED971BB365 marked as ultimately trusted
+gpg: revocation certificate stored as '[...]D971BB365.rev'
+public and secret key created and signed.
+
+Note that this key cannot be used for encryption.  You may want to use
+the command "--edit-key" to generate a subkey for this purpose.
+pub   rsa2048 2019-04-04 [SC]
+      7F899AE2FB73159DD68A1B20C3AFA9ED971BB365
+uid                      otto@@example.net
+@end example
+
+Note that you will be asked two times to enter the PIN of your PIV
+card.  If you run @command{gpg} in @option{--expert} mode you will
+also ge given the option to change the usage flags of the key.  The next
+typescript shows how to add the encryption subkey:
+
+@example
+$ gpg --edit-key 7F899AE2FB73159DD68A1B20C3AFA9ED971BB365
+Secret key is available.
+
+sec  rsa2048/C3AFA9ED971BB365
+     created: 2019-04-04  expires: never       usage: SC
+     card-no: FF020001008A77C1
+     trust: ultimate      validity: ultimate
+[ultimate] (1). otto@@example.net
+gpg> addkey
+Secret parts of primary key are stored on-card.
+Please select what kind of key you want:
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+   (5) Elgamal (encrypt only)
+   (6) RSA (encrypt only)
+  (14) Existing key from card
+Your selection? 14
+Serial number of the card: FF020001008A77C1
+Available keys:
+   (1) 213D1825FDE0F8240CB4E4229F01AF90AC658C2E PIV.9A nistp384 (auth)
+   (2) 7A53E6CFFE7220A0E646B4632EE29E5A7104499C PIV.9E nistp256 (auth)
+   (3) 32A6C6FAFCB8421878608AAB452D5470DD3223ED PIV.9C rsa2048 (cert,sign)
+   (4) 34798AAFE0A7565088101CC4AE31C5C8C74461CB PIV.9D rsa2048 (encr)
+Your selection? 4
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+Really create? (y/N) y
+
+sec  rsa2048/C3AFA9ED971BB365
+     created: 2019-04-04  expires: never       usage: SC
+     card-no: FF020001008A77C1
+     trust: ultimate      validity: ultimate
+ssb  rsa2048/7067860A98FCE6E1
+     created: 2019-04-04  expires: never       usage: E
+     card-no: FF020001008A77C1
+[ultimate] (1). otto@@example.net
+
+gpg> save
+@end example
+
+Now you can use your PIV card also with @command{gpg}.
+
+@c @mansect examples
+
+@mansect see also
+@ifset isman
+@command{scdaemon}(1)
+@end ifset
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 39c996b..e94edde 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -355,16 +355,11 @@ numbers 1-9 or "T" for 10 and above to indicate trust signature levels
 Locate the keys given as arguments.  This command basically uses the
 same algorithm as used when locating keys for encryption and may thus
 be used to see what keys @command{@gpgname} might use.  In particular
-external methods as defined by @option{--auto-key-locate} are used to
-locate a key if the arguments comain valid mail addresses.  Only
-public keys are listed.
-
-The variant @option{--locate-external-keys} does not consider a
-locally existing key and can thus be used to force the refresh of a
-key via the defined external methods.  If a fingerprint is given and
-and the methods defined by --auto-key-locate define LDAP servers, the
-key is fetched from these resources; defined non-LDAP keyservers are
-skipped.
+external methods as defined by @option{--auto-key-locate} may be used
+to locate a key.  Only public keys are listed.  The variant
+@option{--locate-external-keys} does not consider a locally existing
+key and can thus be used to force the refresh of a key via the defined
+external methods.
 
 @item --show-keys
 @opindex show-keys
@@ -444,7 +439,7 @@ request a confirmation.
 
 @item --export
 @opindex export
-Either export all keys from all keyrings (default keyring and those
+Either export all keys from all keyrings (default keyrings and those
 registered via option @option{--keyring}), or if at least one name is given,
 those of the given name. The exported keys are written to STDOUT or to the
 file given with option @option{--output}.  Use together with
@@ -630,6 +625,15 @@ with ant release.
 Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
 This is a GnuPG extension to OpenPGP and in general not very useful.
 
+@item --unwrap
+@opindex unwrap
+This command is similar to @option{--decrypt} with the change that the
+output is not the usual plaintext but the original message with the
+decryption layer removed.  Thus the output will be an OpenPGP data
+structure which often means a signed OpenPGP message.  Note that this
+command may or may not remove a compression layer which is often found
+beneath the encryption layer.
+
 @item --tofu-policy @{auto|good|unknown|bad|ask@}  @var{keys}
 @opindex tofu-policy
 Set the TOFU policy for all the bindings associated with the specified
@@ -645,9 +649,9 @@ fingerprint (preferred) or their keyid.
 @end table
 
 
-@c *******************************************
-@c *******  KEY MANGEMENT COMMANDS  **********
-@c *******************************************
+@c ********************************************
+@c *******  KEY MANAGEMENT COMMANDS  **********
+@c ********************************************
 @node OpenPGP Key Management
 @subsection How to manage your keys
 
@@ -998,6 +1002,26 @@ signing.
   select 2 to restore as encryption key.  You will first be asked to enter
   the passphrase of the backup key and then for the Admin PIN of the card.
 
+  @item keytotpm
+  @opindex keyedit:keytotpm
+  Transfer the selected secret subkey (or the primary key if no subkey
+  has been selected) to TPM form.  The secret key in the keyring will
+  be replaced by the TPM representation of that key, which can only be
+  read by the particular TPM that created it (so the keyfile now
+  becomes locked to the laptop containing the TPM).  Only certain key
+  types may be transferred to the TPM (all TPM 2.0 systems are
+  mandated to have the rsa2048 and nistp256 algorithms but newer TPMs
+  may have more). Note that the key itself is not transferred into the
+  TPM, merely encrypted by the TPM in-place, so if the keyfile is
+  deleted, the key will be lost.  Once transferred to TPM
+  representation, the key file can never be converted back to non-TPM
+  form and the key will die when the TPM does, so you should first
+  have a backup on secure offline storage of the actual secret key
+  file before conversion.  It is essential to use the physical system
+  TPM that you have rw permission on the TPM resource manager device
+  (/dev/tpmrm0).  Usually this means you must be a member of the tss
+  group.
+
   @item delkey
   @opindex keyedit:delkey
   Remove a subkey (secondary key). Note that it is not possible to retract
@@ -1075,12 +1099,12 @@ signing.
 
   @item save
   @opindex keyedit:save
-  Save all changes to the keyring and quit.
+  Save all changes to the keyrings and quit.
 
   @item quit
   @opindex keyedit:quit
   Quit the program without updating the
-  keyring.
+  keyrings.
 @end table
 
 @c man:.RS
@@ -1097,7 +1121,7 @@ For possible values of trust, @pxref{trust-values}.
 @item --sign-key @var{name}
 @opindex sign-key
 Signs a public key with your secret key. This is a shortcut version of
-the subcommand "sign" from @option{--edit}.
+the subcommand "sign" from @option{--edit-key}.
 
 @item --lsign-key @var{name}
 @opindex lsign-key
@@ -1113,7 +1137,7 @@ Directly sign a key from the passphrase without any further user
 interaction.  The @var{fpr} must be the verified primary fingerprint
 of a key in the local keyring. If no @var{names} are given, all
 useful user ids are signed; with given [@var{names}] only useful user
-ids matching one of theses names are signed.  By default, or if a name
+ids matching one of these names are signed.  By default, or if a name
 is prefixed with a '*', a case insensitive substring match is used.
 If a name is prefixed with a '=' a case sensitive exact match is done.
 
@@ -1171,7 +1195,7 @@ all affected self-signatures is set one second ahead.
 @opindex passwd
 Change the passphrase of the secret key belonging to the certificate
 specified as @var{user-id}.  This is a shortcut for the sub-command
-@code{passwd} of the edit key menu.  When using together with the
+@code{passwd} of the @option{--edit-key} menu.  When using together with the
 option @option{--dry-run} this will not actually change the passphrase
 but check that the current passphrase is correct.
 
@@ -1376,6 +1400,14 @@ give the opposite meaning.  The options are:
   @opindex list-options:show-only-fpr-mbox
   For each user-id which has a valid mail address print
   only the fingerprint followed by the mail address.
+
+  @item sort-sigs
+  @opindex list-options:sort-sigs
+  With --list-sigs and --check-sigs sort the signatures by keyID and
+  creation time to make it easier to view the history of these
+  signatures.  The self-signature is also listed before other
+  signatures. Defaults to yes.
+
 @end table
 
 @item --verify-options @var{parameters}
@@ -1425,18 +1457,6 @@ the opposite meaning. The options are:
   all the AKA lines as well as photo Ids are not shown with the signature
   verification status.
 
-  @item pka-lookups
-  @opindex verify-options:pka-lookups
-  Enable PKA lookups to verify sender addresses. Note that PKA is based
-  on DNS, and so enabling this option may disclose information on when
-  and what signatures are verified or to whom data is encrypted. This
-  is similar to the "web bug" described for the @option{--auto-key-retrieve}
-  option.
-
-  @item pka-trust-increase
-  @opindex verify-options:pka-trust-increase
-  Raise the trust in a signature to full if the signature passes PKA
-  validation. This option is only meaningful if pka-lookups is set.
 @end table
 
 @item --enable-large-rsa
@@ -1497,7 +1517,7 @@ photo viewers use the @code{PATH} environment variable.
 Add @var{file} to the current list of keyrings. If @var{file} begins
 with a tilde and a slash, these are replaced by the $HOME directory. If
 the filename does not contain a slash, it is assumed to be in the GnuPG
-home directory ("~/.gnupg" unless @option{--homedir} or $GNUPGHOME is
+home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not
 used).
 
 Note that this adds a keyring to the current list. If the intent is to
@@ -1507,19 +1527,18 @@ use the specified keyring alone, use @option{--keyring} along with
 If the option @option{--no-keyring} has been used no keyrings will
 be used at all.
 
-@item --primary-keyring @var{file}
-@opindex primary-keyring
-This is a varian of @option{--keyring} and designates @var{file} as
-the primary public keyring. This means that newly imported keys (via
-@option{--import} or keyserver @option{--recv-from}) will go to this
-keyring.
-
 
 @item --secret-keyring @var{file}
 @opindex secret-keyring
 This is an obsolete option and ignored.  All secret keys are stored in
 the @file{private-keys-v1.d} directory below the GnuPG home directory.
 
+@item --primary-keyring @var{file}
+@opindex primary-keyring
+Designate @var{file} as the primary public keyring. This means that
+newly imported keys (via @option{--import} or keyserver
+@option{--recv-from}) will go to this keyring.
+
 @item --trustdb-name @var{file}
 @opindex trustdb-name
 Use @var{file} instead of the default trustdb. If @var{file} begins
@@ -1677,13 +1696,13 @@ claim" signatures are always accepted.
 
 @item --trusted-key @var{long key ID or fingerprint}
 @opindex trusted-key
-Assume that the specified key (which should be given as fingerprint)
-is as trustworthy as one of your own secret keys. This option is
-useful if you don't want to keep your secret keys (or one of them)
+Assume that the specified key (which must be given
+as a full 8 byte key ID, a 20 byte, or 32 byte fingerprint)
+is as trustworthy as one of
+your own secret keys. This option is useful if you
+don't want to keep your secret keys (or one of them)
 online but still want to be able to check the validity of a given
-recipient's or signator's key.  If the given key is not locally
-available but an LDAP keyserver is configured the missing key is
-imported from that server.
+recipient's or signator's key.
 
 @item --trust-model @{pgp|classic|tofu|tofu+pgp|direct|always|auto@}
 @opindex trust-model
@@ -1791,6 +1810,7 @@ Set what trust model GnuPG should follow. The models are:
   must be enabled explicitly.
 @end table
 
+
 @item --auto-key-locate @var{mechanisms}
 @itemx --no-auto-key-locate
 @opindex auto-key-locate
@@ -1809,9 +1829,6 @@ list.  The default is "local,wkd".
   @item cert
   Locate a key using DNS CERT, as specified in RFC-4398.
 
-  @item pka
-  Locate a key using DNS PKA.
-
   @item dane
   Locate a key using DANE, as specified
   in draft-ietf-dane-openpgpkey-05.txt.
@@ -1825,22 +1842,14 @@ list.  The default is "local,wkd".
   PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
 
   @item ntds
-  Locate the key using the Active Directory (Windows only).  This
-  method also allows to search by fingerprint using the command
-  @option{--locate-external-key}.  Note that this mechanism is
-  actually a shortcut for the mechanism @samp{keyserver} but using
-  "ldap:///" as the keyserver.
+  Locate the key using the Active Directory (Windows only).
 
   @item keyserver
-  Locate a key using a keyserver.  This method also allows to search
-  by fingerprint using the command @option{--locate-external-key} if
-  any of the configured keyservers is an LDAP server.
+  Locate a key using a keyserver.
 
   @item keyserver-URL
   In addition, a keyserver URL as used in the @command{dirmngr}
   configuration may be used here to query that particular keyserver.
-  This method also allows to search by fingerprint using the command
-  @option{--locate-external-key} if the URL specifies an LDAP server.
 
   @item local
   Locate the key using the local keyrings.  This mechanism allows the user to
@@ -1870,7 +1879,7 @@ list.  The default is "local,wkd".
 This is an offline mechanism to get a missing key for signature
 verification and for later encryption to this key.  If this option is
 enabled and a signature includes an embedded key, that key is
-used to verify the signature and on verification success that key is
+used to verify the signature and on verification success the key is
 imported. The default is @option{--no-auto-key-import}.
 
 On the sender (signing) site the option @option{--include-key-block}
@@ -1888,8 +1897,8 @@ local keyring.  The default is @option{--no-auto-key-retrieve}.
 The order of methods tried to lookup the key is:
 
 1. If the option @option{--auto-key-import} is set and the signatures
-includes an embedded key, that key is used to verify the
-signature and on verification success that key is imported.
+includes an embedded key, that key is used to verify the signature and
+on verification success that key is imported.
 
 2. If a preferred keyserver is specified in the signature and the
 option @option{honor-keyserver-url} is active (which is not the
@@ -1903,10 +1912,7 @@ preferred keyserver for data signatures.
 disabled by removing WKD from the auto-key-locate list or by using the
 option @option{--disable-signer-uid}.
 
-4. If the option @option{honor-pka-record} is active, the legacy PKA
-method is used.
-
-5. If any keyserver is configured and the Issuer Fingerprint is part
+4. If any keyserver is configured and the Issuer Fingerprint is part
 of the signature (since GnuPG 2.1.16), the configured keyservers are
 tried.
 
@@ -1939,7 +1945,10 @@ keys on. The format of the @var{name} is a URI:
 "hkp"/"hkps" for the HTTP (or compatible) keyservers or "ldap"/"ldaps"
 for the LDAP keyservers.  Note that your particular installation of
 GnuPG may have other keyserver types available as well. Keyserver
-schemes are case-insensitive.
+schemes are case-insensitive. After the keyserver name, optional
+keyserver configuration options may be provided. These are the same as
+the global @option{--keyserver-options} from below, but apply only to
+this particular keyserver.
 
 Most keyservers synchronize with each other, so there is generally no
 need to send keys to more than one server. The keyserver
@@ -1984,11 +1993,6 @@ are available for all keyserver types, some common options are:
   "web bug": The creator of the key can see when the keys is
   refreshed.  Thus this option is not enabled by default.
 
-  @item honor-pka-record
-  If @option{--auto-key-retrieve} is used, and the signature being
-  verified has a PKA record, then use the PKA information to fetch
-  the key. Defaults to "yes".
-
   @item include-subkeys
   When receiving a key, include subkeys as potential targets. Note that
   this option is not used with HKP keyservers, as they do not support
@@ -2006,10 +2010,7 @@ are available for all keyserver types, some common options are:
 @end table
 
 The default list of options is: "self-sigs-only, import-clean,
-repair-keys, repair-pks-subkey-bug, export-attributes,
-honor-pka-record". However, if
-the actual used source is an LDAP server "no-self-sigs-only" is
-assumed unless "self-sigs-only" has been explictly configured.
+repair-keys, repair-pks-subkey-bug, export-attributes".
 
 
 @item --completes-needed @var{n}
@@ -2276,11 +2277,32 @@ Use @var{name} as the key to sign with. Note that this option overrides
 @item --sender @var{mbox}
 @opindex sender
 This option has two purposes.  @var{mbox} must either be a complete
-user id with a proper mail address or just a mail address.  When
-creating a signature this option tells gpg the user id of a key used
-to make a signature if the key was not directly specified by a user
-id.  When verifying a signature the @var{mbox} is used to restrict the
-information printed by the TOFU code to matching user ids.
+user ID containing a proper mail address or just a plain mail address.
+The option can be given multiple times.
+
+When creating a signature this option tells gpg the signing key's user
+id used to make the signature and embeds that user ID into the created
+signature (using OpenPGP's ``Signer's User ID'' subpacket).  If the
+option is given multiple times a suitable user ID is picked.  However,
+if the signing key was specified directly by using a mail address
+(i.e. not by using a fingerprint or key ID) this option is used and
+the mail address is embedded in the created signature.
+
+When verifying a signature @var{mbox} is used to restrict the
+information printed by the TOFU code to matching user IDs.  If the
+option is used and the signature contains a ``Signer's User ID''
+subpacket that information is is also used to restrict the printed
+information.  Note that GnuPG considers only the mail address part of
+a User ID.
+
+If this option or the said subpacket is available the TRUST lines as
+printed by option @option{status-fd} correspond to the corresponding
+User ID; if no User ID is known the TRUST lines are computed directly
+on the key and do not give any information about the User ID.  In the
+latter case it his highly recommended to scripts and other frontends
+to evaluate the VALIDSIG line, retrieve the key and print all User IDs
+along with their validity (trust) information.
+
 
 @item --try-secret-key @var{name}
 @opindex try-secret-key
@@ -2351,6 +2373,15 @@ works properly with such messages, there is often a desire to set a
 maximum file size that will be generated before processing is forced to
 stop by the OS limits. Defaults to 0, which means "no limit".
 
+@item --chunk-size @var{n}
+@opindex chunk-size
+The AEAD encryption mode encrypts the data in chunks so that a
+receiving side can check for transmission errors or tampering at the
+end of each chunk and does not need to delay this until all data has
+been received.  The used chunk size is 2^@var{n} byte.  The lowest
+allowed value for @var{n} is 6 (64 byte) and the largest is the
+default of 27 which creates chunks not larger than 128 MiB.
+
 @item --input-size-hint @var{n}
 @opindex input-size-hint
 This option can be used to tell GPG the size of the input data in
@@ -2410,9 +2441,9 @@ opposite meaning. The options are:
 
   @item import-export
   Run the entire import code but instead of storing the key to the
-  local keyring write it to the output.  The export options
-  @option{export-pka} and @option{export-dane} affect the output.  This
-  option can be used to remove all invalid parts from a key without the
+  local keyring write it to the output.  The export option
+  @option{export-dane} affect the output.  This option can for example
+  be used to remove all invalid parts from a key without the
   need to store it.
 
   @item merge-only
@@ -2442,6 +2473,10 @@ opposite meaning. The options are:
   keys.  For example, this reorders signatures, and strips duplicate
   signatures.  Defaults to yes.
 
+  @item bulk-import
+  When used with --use-keyboxd do the import within a single
+  transaction.  This is an experimental feature.
+
   @item import-minimal
   Import the smallest key possible. This removes all signatures except
   the most recent self-signature on each user ID. This option is the
@@ -2606,11 +2641,6 @@ opposite meaning.  The options are:
   running the @option{--edit-key} command "minimize" before export except
   that the local copy of the key is not modified. Defaults to no.
 
-  @item export-pka
-  Instead of outputting the key material output PKA records suitable
-  to put into DNS zone files.  An ORIGIN line is printed before each
-  record to allow diverting the records to the corresponding zone file.
-
   @item export-dane
   Instead of outputting the key material output OpenPGP DANE records
   suitable to put into DNS zone files.  An ORIGIN line is printed before
@@ -2709,14 +2739,22 @@ is the default.
 @itemx --no-force-v4-certs
 These options are obsolete and have no effect since GnuPG 2.1.
 
+@item --force-aead
+@opindex force-aead
+Force the use of AEAD encryption over MDC encryption.  AEAD is a
+modern and faster way to do authenticated encryption than the old MDC
+method.  See also options @option{--aead-algo} and
+@option{--chunk-size}.
+
 @item --force-mdc
 @itemx --disable-mdc
 @opindex force-mdc
 @opindex disable-mdc
 These options are obsolete and have no effect since GnuPG 2.2.8.  The
-MDC is always used.  But note: If the creation of a legacy non-MDC
-message is exceptionally required, the option @option{--rfc2440}
-allows for this.
+MDC is always used unless the keys indicate that an AEAD algorithm can
+be used in which case AEAD is used.  But note: If the creation of a
+legacy non-MDC message is exceptionally required, the option
+@option{--rfc2440} allows for this.
 
 @item --disable-signer-uid
 @opindex disable-signer-uid
@@ -2727,14 +2765,19 @@ information can be helpful for verifier to locate the key; see option
 @option{--auto-key-retrieve}.
 
 @item --include-key-block
+@itemx --no-include-key-block
 @opindex include-key-block
+@opindex no-include-key-block
 This option is used to embed the actual signing key into a data
 signature.  The embedded key is stripped down to a single user id and
 includes only the signing subkey used to create the signature as well
 as as valid encryption subkeys.  All other info is removed from the
 key to keep it and thus the signature small.  This option is the
 OpenPGP counterpart to the @command{gpgsm} option
-@option{--include-certs}.
+@option{--include-certs} and allows the recipient of a signed message
+to reply encrypted to the sender without using any online directories
+to lookup the key.  The default is @option{--no-include-key-block}.
+See also the option @option{--auto-key-import}.
 
 @item --personal-cipher-preferences @var{string}
 @opindex personal-cipher-preferences
@@ -2746,6 +2789,16 @@ preferences, as GPG will only select an algorithm that is usable by
 all recipients.  The most highly ranked cipher in this list is also
 used for the @option{--symmetric} encryption command.
 
+@item --personal-aead-preferences @var{string}
+@opindex personal-aead-preferences
+Set the list of personal AEAD preferences to @var{string}.  Use
+@command{@gpgname --version} to get a list of available algorithms,
+and use @code{none} to set no preference at all.  This allows the user
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients.  The most highly ranked cipher in this list is also
+used for the @option{--symmetric} encryption command.
+
 @item --personal-digest-preferences @var{string}
 @opindex personal-digest-preferences
 Set the list of personal digest preferences to @var{string}.  Use
@@ -2816,58 +2869,53 @@ options.
 
 @item --gnupg
 @opindex gnupg
-Use standard GnuPG behavior. This is essentially OpenPGP behavior
-(see @option{--openpgp}), but with some additional workarounds for common
-compatibility problems in different versions of PGP. This is the
-default option, so it is not generally needed, but it may be useful to
-override a different compliance option in the gpg.conf file.
+Use standard GnuPG behavior. This is essentially OpenPGP behavior (see
+@option{--openpgp}), but with extension from the proposed update to
+OpenPGP and with some additional workarounds for common compatibility
+problems in different versions of PGP.  This is the default option, so
+it is not generally needed, but it may be useful to override a
+different compliance option in the gpg.conf file.
 
 @item --openpgp
 @opindex openpgp
 Reset all packet, cipher and digest options to strict OpenPGP
-behavior. Use this option to reset all previous options like
-@option{--s2k-*}, @option{--cipher-algo}, @option{--digest-algo} and
+behavior.  This option implies @option{--allow-old-cipher-algos}.  Use
+this option to reset all previous options like @option{--s2k-*},
+@option{--cipher-algo}, @option{--digest-algo} and
 @option{--compress-algo} to OpenPGP compliant values. All PGP
 workarounds are disabled.
 
 @item --rfc4880
 @opindex rfc4880
 Reset all packet, cipher and digest options to strict RFC-4880
-behavior. Note that this is currently the same thing as
-@option{--openpgp}.
+behavior.  This option implies @option{--allow-old-cipher-algos}.
+Note that this is currently the same thing as @option{--openpgp}.
 
 @item --rfc4880bis
 @opindex rfc4880bis
-Enable experimental features from proposed updates to RFC-4880.  This
-option can be used in addition to the other compliance options.
-Warning: The behavior may change with any GnuPG release and created
-keys or data may not be usable with future GnuPG versions.
+Reset all packet, cipher and digest options to strict according to the
+proposed updates of RFC-4880.
 
 @item --rfc2440
 @opindex rfc2440
 Reset all packet, cipher and digest options to strict RFC-2440
 behavior.  Note that by using this option encryption packets are
 created in a legacy mode without MDC protection.  This is dangerous
-and should thus only be used for experiments.  See also option
+and should thus only be used for experiments.  This option implies
+@option{--allow-old-cipher-algos}.  See also option
 @option{--ignore-mdc-error}.
 
 @item --pgp6
 @opindex pgp6
-Set up all options to be as PGP 6 compliant as possible. This
-restricts you to the ciphers IDEA (if the IDEA plugin is installed),
-3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
-compression algorithms none and ZIP. This also disables
-@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
-does not understand signatures made by signing subkeys.
-
-This option implies @option{--escape-from-lines}.
+This option is obsolete; it is handled as an alias for @option{--pgp7}
 
 @item --pgp7
 @opindex pgp7
-Set up all options to be as PGP 7 compliant as possible. This is
-identical to @option{--pgp6} except that MDCs are not disabled, and the
-list of allowable ciphers is expanded to add AES128, AES192, AES256, and
-TWOFISH.
+Set up all options to be as PGP 7 compliant as possible. This allowed
+the ciphers IDEA, 3DES, CAST5,AES128, AES192, AES256, and TWOFISH.,
+the hashes MD5, SHA1 and RIPEMD160, and the compression algorithms
+none and ZIP.  This option implies @option{--escape-from-lines} and
+disables @option{--throw-keyids},
 
 @item --pgp8
 @opindex pgp8
@@ -2881,24 +2929,7 @@ SHA224, SHA384, and SHA512 digests.
 @opindex compliance
 This option can be used instead of one of the options above.  Valid
 values for @var{string} are the above option names (without the double
-dash) and possibly others as shown when using "help" for @var{string}.
-
-@item --min-rsa-length @var{n}
-@opindex min-rsa-length
-This option adjusts the compliance mode "de-vs" for stricter key size
-requirements.  For example, a value of 3000 turns rsa2048 and dsa2048
-keys into non-VS-NfD compliant keys.
-
-@item --require-compliance
-@opindex require-compliance
-To check that data has been encrypted according to the rules of the
-current compliance mode, a gpg user needs to evaluate the status
-lines.  This is allows frontends to handle compliance check in a more
-flexible way.  However, for scripted use the required evaluation of
-the status-line requires quite some effort; this option can be used
-instead to make sure that the gpg process exits with a failure if the
-compliance rules are not fulfilled.  Note that this option has
-currently an effect only in "de-vs" mode.
+dash) and possibly others as shown when using "help" for @var{value}.
 
 @end table
 
@@ -2958,10 +2989,11 @@ however carefully selected to best aid in debugging.
 
 @item --debug @var{flags}
 @opindex debug
-Set debugging flags. All flags are or-ed and @var{flags} may be given
+Set debug flags.  All flags are or-ed and @var{flags} may be given
 in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
 To get a list of all supported flags the single word "help" can be
-used.
+used. This option is only useful for debugging and the behavior may
+change at any time without notice.
 
 @item --debug-all
 @opindex debug-all
@@ -2972,6 +3004,19 @@ Set all useful debugging flags.
 Set stdout into line buffered mode.  This option is only honored when
 given on the command line.
 
+@item --debug-set-iobuf-size @var{n}
+@opindex debug-iolbf
+Change the buffer size of the IOBUFs to @var{n} kilobyte.  Using 0
+prints the current size.  Note well: This is a maintainer only option
+and may thus be changed or removed at any time without notice.
+
+@item --debug-allow-large-chunks
+@opindex debug-allow-large-chunks
+To facilitate in-memory decryption on the receiving site, the largest
+recommended chunk size is 128 MiB (@code{--chunk-size 27}).  This
+option allows to specify a limit of up to 4 EiB (@code{--chunk-size
+62}) for experiments.
+
 @item --faked-system-time @var{epoch}
 @opindex faked-system-time
 This option is only useful for testing; it sets the system time back or
@@ -2982,6 +3027,14 @@ forth to @var{epoch} which is the number of seconds elapsed since the year
 If you suffix @var{epoch} with an exclamation mark (!), the system time
 will appear to be frozen at the specified time.
 
+@item --full-timestrings
+@opindex full-timestrings
+Change the format of printed creation and expiration times from just
+the date to the date and time.  This is in general not useful and the
+same information is anyway available in @option{--with-colons} mode.
+These longer strings are also not well aligned with other printed
+data.
+
 @item --enable-progress-filter
 @opindex enable-progress-filter
 Enable certain PROGRESS status outputs. This option allows frontends
@@ -3006,9 +3059,7 @@ Write log output to file descriptor @var{n} and not to STDERR.
 @itemx --logger-file @var{file}
 @opindex log-file
 Same as @option{--logger-fd}, except the logger data is written to
-file @var{file}.  Use @file{socket://} to log to a socket.  Note that
-in this version of gpg the option has only an effect if
-@option{--batch} is also used.
+file @var{file}.  Use @file{socket://} to log to s socket.
 
 @item --attribute-fd @var{n}
 @opindex attribute-fd
@@ -3134,17 +3185,28 @@ Use @var{name} as cipher algorithm. Running the program with the
 command @option{--version} yields a list of supported algorithms. If
 this is not used the cipher algorithm is selected from the preferences
 stored with the key. In general, you do not want to use this option as
-it allows you to violate the OpenPGP standard.
+it allows you to violate the OpenPGP standard.  The option
 @option{--personal-cipher-preferences} is the safe way to accomplish the
 same thing.
 
+@item --aead-algo @var{name}
+@opindex aead-algo
+Specify that the AEAD algorithm @var{name} is to be used.  This is
+useful for symmetric encryption where no key preference are available
+to select the AEAD algorithm.  Running @command{@gpgname} with option
+@option{--version} shows the available AEAD algorithms.  In general,
+you do not want to use this option as it allows you to violate the
+OpenPGP standard.  The option @option{--personal-aead-preferences} is
+the safe way to accomplish the same thing.
+
 @item --digest-algo @var{name}
 @opindex digest-algo
 Use @var{name} as the message digest algorithm. Running the program
-with the command @option{--version} yields a list of supported algorithms. In
-general, you do not want to use this option as it allows you to
-violate the OpenPGP standard. @option{--personal-digest-preferences} is the
-safe way to accomplish the same thing.
+with the command @option{--version} yields a list of supported
+algorithms. In general, you do not want to use this option as it
+allows you to violate the OpenPGP standard.  The option
+@option{--personal-digest-preferences} is the safe way to accomplish
+the same thing.
 
 @item --compress-algo @var{name}
 @opindex compress-algo
@@ -3166,17 +3228,22 @@ significant in low memory situations. Note, however, that PGP (all
 versions) only supports ZIP compression. Using any algorithm other
 than ZIP or "none" will make the message unreadable with PGP. In
 general, you do not want to use this option as it allows you to
-violate the OpenPGP standard. @option{--personal-compress-preferences} is the
-safe way to accomplish the same thing.
+violate the OpenPGP standard.  The option
+@option{--personal-compress-preferences} is the safe way to accomplish
+the same thing.
 
 @item --cert-digest-algo @var{name}
 @opindex cert-digest-algo
 Use @var{name} as the message digest algorithm used when signing a
 key. Running the program with the command @option{--version} yields a
-list of supported algorithms. Be aware that if you choose an algorithm
-that GnuPG supports but other OpenPGP implementations do not, then some
-users will not be able to use the key signatures you make, or quite
-possibly your entire key.
+list of supported algorithms.  Be aware that if you choose an
+algorithm that GnuPG supports but other OpenPGP implementations do
+not, then some users will not be able to use the key signatures you
+make, or quite possibly your entire key.  Note also that a public key
+algorithm must be compatible with the specified digest algorithm; thus
+selecting an arbitrary digest algorithm may result in error messages
+from lower crypto layers or lead to security flaws.
+
 
 @item --disable-cipher-algo @var{name}
 @opindex disable-cipher-algo
@@ -3357,6 +3424,15 @@ necessary to get as much data as possible out of that garbled message.
 Be aware that a missing or failed MDC can be an indication of an
 attack.  Use with great caution; see also option @option{--rfc2440}.
 
+@item --allow-old-cipher-algos
+@opindex allow-old-cipher-algos
+Old cipher algorithms like 3DES, IDEA, or CAST5 encrypt data using
+blocks of 64 bits; modern algorithms use blocks of 128 bit instead.
+To avoid certain attack on these old algorithms it is suggested not to
+encrypt more than 150 MiByte using the same key.  For this reason gpg
+does not allow the use of 64 bit block size algorithms for encryption
+unless this option is specified.
+
 @item --allow-weak-digest-algos
 @opindex allow-weak-digest-algos
 Signatures made with known-weak digest algorithms are normally
@@ -3380,21 +3456,13 @@ To avoid a minor risk of collision attacks on third-party key
 signatures made using SHA-1, those key signatures are considered
 invalid.  This options allows to override this restriction.
 
-@item --override-compliance-check
-@opindex --override-compliance-check
-The signature verification only allows the use of keys suitable in the
-current compliance mode.  If the compliance mode has been forced by a
-global option, there might be no way to check certain signature.  This
-option allows to override this and prints an extra warning in such a
-case.  This option is ignored in --batch mode so that no accidental
-unattended verification may happen.
-
 @item --no-default-keyring
 @opindex no-default-keyring
-Do not add the default keyring to the list of keyrings. Note that
-GnuPG needs for almost all operations a keyring. Thus if you use this
-option and do not provide alternate keyrings via @option{--keyring},
-then GnuPG will still use the default keyring.
+Do not add the default keyrings to the list of keyrings. Note that
+GnuPG will not operate without any keyrings, so if you use this option
+and do not provide alternate keyrings via @option{--keyring} or
+@option{--secret-keyring}, then GnuPG will still use the default public or
+secret keyrings.
 
 @item --no-keyring
 @opindex no-keyring
@@ -3519,6 +3587,12 @@ You need to consult the source code to learn the details.  Note that
 the advanced key generation commands can always be used to specify a
 key algorithm directly.
 
+@item --no-auto-trust-new-key
+@opindex no-auto-trust-new-key
+When creating a new key the ownertrust of the new key is set to
+ultimate.  This option disables this and the user needs to manually
+assign an ownertrust value.
+
 @item --force-sign-key
 @opindex force-sign-key
 This option modifies the behaviour of the commands
@@ -3526,28 +3600,13 @@ This option modifies the behaviour of the commands
 sub-commands of @option{--edit-key} by forcing the creation of a key
 signature, even if one already exists.
 
-@item --forbid-gen-key
-@opindex forbid-gen-key
-This option is intended for use in the global config file to disallow
-the use of generate key commands.  Those commands will then fail with
-the error code for Not Enabled.
-
 @item --allow-secret-key-import
 @opindex allow-secret-key-import
 This is an obsolete option and is not used anywhere.
 
 @item --allow-multiple-messages
 @item --no-allow-multiple-messages
-@opindex allow-multiple-messages
-Allow processing of multiple OpenPGP messages contained in a single file
-or stream.  Some programs that call GPG are not prepared to deal with
-multiple messages being processed together, so this option defaults to
-no.  Note that versions of GPG prior to 1.4.7 always allowed multiple
-messages.  Future versions of GnUPG will remove this option.
-
-Warning: Do not use this option unless you need it as a temporary
-workaround!
-
+These are obsolete options; they have no more effect since GnuPG 2.2.8.
 
 @item --enable-special-filenames
 @opindex enable-special-filenames
@@ -3568,7 +3627,7 @@ read/write only. Use this option only if you really know what you are doing.
 @opindex default-preference-list
 Set the list of default preferences to @var{string}. This preference
 list is used for new keys and becomes the default for "setpref" in the
-edit menu.
+@option{--edit-key} menu.
 
 @item --default-keyserver-url @var{name}
 @opindex default-keyserver-url
@@ -3601,6 +3660,23 @@ file and returns with failure if the configuration file would prevent
 @command{@gpgname} from startup.  Thus it may be used to run a syntax check
 on the configuration file.
 
+@c @item --use-only-openpgp-card
+@c @opindex use-only-openpgp-card
+@c Only access OpenPGP card's and no other cards.  This is a hidden
+@c option which could be used in case an old use case required the
+@c OpenPGP card while several cards are available.  This option might be
+@c removed if it turns out that nobody requires it.
+
+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to run gpg for
+another user.  If @var{uid} is not the current UID a standard PATH is
+set and the envvar GNUPGHOME is unset.  To override the latter the
+option @option{--homedir} can be used.  This option has only an effect
+when used on the command line.  This option has currently no effect at
+all on Windows.
+
 @end table
 
 @c *******************************
@@ -3768,7 +3844,7 @@ files; They all live in the current home directory (@pxref{option
   certificates.  The file name corresponds to the OpenPGP fingerprint of
   the respective key.  It is suggested to backup those certificates and
   if the primary private key is not stored on the disk to move them to
-  an external storage device.  Anyone who can access theses files is
+  an external storage device.  Anyone who can access these files is
   able to revoke the corresponding key.  You may want to print them out.
   You should backup all files in this directory and take care to keep
   this backup closed away.
@@ -3812,18 +3888,6 @@ Operation is further controlled by a few environment variables:
   loaded the Registry is tried and as last resort the native Windows
   locale system is used.
 
-  @item GNUPG_BUILD_ROOT
-  @efindex GNUPG_BUILD_ROOT
-  This variable is only used by the regression test suite as a helper
-  under operating systems without proper support to figure out the
-  name of a process' text file.
-
-  @item GNUPG_EXEC_DEBUG_FLAGS
-  @efindex GNUPG_EXEC_DEBUG_FLAGS
-  This variable allows to enable diagnostics for process management.
-  A numeric decimal value is expected.  Bit 0 enables general
-  diagnostics, bit 1 enables certain warnings on Windows.
-
 @end table
 
 When calling the gpg-agent component @command{@gpgname} sends a set of
@@ -3990,9 +4054,6 @@ are:
   @var{VALUE} spans to the end of the expression.
   @item -c
   The string match in this part is done case-sensitive.
-  @item -t
-  Leading and trailing spaces are not removed from @var{VALUE}.
-  The optional single space after @var{op} is here required.
 @end table
 
 The filter options concatenate several specifications for a filter of
@@ -4032,7 +4093,7 @@ The program returns 0 if there are no severe errors, 1 if at least a
 signature was bad, and other error codes for fatal errors.
 
 Note that signature verification requires exact knowledge of what has
-been signed and by whom it has beensigned.  Using only the return code
+been signed and by whom it has been signed.  Using only the return code
 is thus not an appropriate way to verify a signature by a script.
 Either make proper use or the status codes or use the @command{gpgv}
 tool which has been designed to make signature verification easy for
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index ba91aed..50a2595 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -224,7 +224,7 @@ mainly for debugging.
 @item --keydb-clear-some-cert-flags
 @opindex keydb-clear-some-cert-flags
 This is a debugging aid to reset certain flags in the key database
-which are used to cache certain certificate stati.  It is especially
+which are used to cache certain certificate statuses.  It is especially
 useful if a bad CRL or a weird running OCSP responder did accidentally
 revoke certificate.  There is no security issue with this command
 because @command{gpgsm} always make sure that the validity of a certificate is
@@ -347,18 +347,40 @@ Outputs additional information while running.
 You can increase the verbosity by giving several
 verbose commands to @command{gpgsm}, such as @samp{-vv}.
 
+
 @item --keyserver @var{string}
 @opindex keyserver
-This is a deprecated option.  It was used to add an LDAP server to use
-for X.509 certificate and CRL lookup.  The alias @option{--ldapserver}
-existed from version 2.2.28 to 2.2.33 but is now entirely ignored.
+Add an LDAP server to use for certificate and CRL lookup.  This option
+can be given multiple times to configure more than one LDAP server.
+Note that the @command{dirmngr} can in addition be configured with a
+default list of LDAP servers to be used after those configured with
+this option.  The syntax of @var{string} is:
+
+@sc{hostname:port:username:password:base_dn:flags}
+
+The only defined flag is @code{ldaps} to specify that a TLS
+connections shall be used.  Flags are comma delimited; unknown flags
+are ignored.
+
+Note that all parts of that string are expected to be UTF-8 encoded.
+This may lead to problems if the @sc{password} has originally been
+encoded as Latin-1; in such a case better configure such an LDAP server
+using the global configuration of @command{dirmngr}.
+
+Here is an example which uses the default port, no username, no
+password, and requests a TLS connection:
 
-LDAP servers must be given in the configuration for @command{dirmngr}.
+@c man:.RS
+@example
+--keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE:ldaps
+@end example
+@c man:.RE
 
 
 @item --policy-file @var{filename}
 @opindex policy-file
-Change the default name of the policy file to @var{filename}.
+Change the default name of the policy file to @var{filename}.  The
+default name is @file{policies.txt}.
 
 @item --agent-program @var{file}
 @opindex agent-program
@@ -653,6 +675,17 @@ interoperability problems.
 
 @table @gnupgtabopt
 
+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to run gpgsm for
+another user.  If @var{uid} is not the current UID a standard PATH is
+set and the envvar GNUPGHOME is unset.  To override the latter the
+option @option{--homedir} can be used.  This option has only an effect
+when used on the command line.  This option has currently no effect at
+all on Windows.
+
+
 @item --extra-digest-algo @var{name}
 @opindex extra-digest-algo
 Sometimes signatures are broken in that they announce a different digest
@@ -665,37 +698,6 @@ such broken signatures.  If @command{gpgsm} prints an error like
 ``digest algo 8 has not been enabled'' you may want to try this option,
 with @samp{SHA256} for @var{name}.
 
-@item --compliance @var{string}
-@opindex compliance
-Set the compliance mode.  Valid values are shown when using "help" for
-@var{string}.
-
-@item --min-rsa-length @var{n}
-@opindex min-rsa-length
-This option adjusts the compliance mode "de-vs" for stricter key size
-requirements.  For example, a value of 3000 turns rsa2048 and dsa2048
-keys into non-VS-NfD compliant keys.
-
-@item --require-compliance
-@opindex require-compliance
-To check that data has been encrypted according to the rules of the
-current compliance mode, a gpgsm user needs to evaluate the status
-lines.  This is allows frontends to handle compliance check in a more
-flexible way.  However, for scripted use the required evaluation of
-the status-line requires quite some effort; this option can be used
-instead to make sure that the gpgsm process exits with a failure if
-the compliance rules are not fulfilled.  Note that this option has
-currently an effect only in "de-vs" mode.
-
-@item --ignore-cert-with-oid @var{oid}
-@opindex ignore-cert-with-oid
-Add @var{oid} to the list of OIDs to be checked while reading
-certificates from smartcards. The @var{oid} is expected to be in
-dotted decimal form, like @code{2.5.29.3}.  This option may be used
-more than once.  As of now certificates with an extended key usage
-matching one of those OIDs are ignored during a @option{--learn-card}
-operation and not imported.  This option can help to keep the local
-key database clear of unneeded certificates stored on smartcards.
 
 @item --faked-system-time @var{epoch}
 @opindex faked-system-time
@@ -710,14 +712,6 @@ Include ephemeral flagged keys in the output of key listings.  Note
 that they are included anyway if the key specification for a listing
 is given as fingerprint or keygrip.
 
-@item --compatibility-flags @var{flags}
-@opindex compatibility-flags
-Set compatibility flags to work around problems due to non-compliant
-certificates or data.  The @var{flags} are given as a comma separated
-list of flag names and are OR-ed together.  The special flag "none"
-clears the list and allows to start over with an empty list.  To get a
-list of available flags the sole word "help" can be used.
-
 @item --debug-level @var{level}
 @opindex debug-level
 Select the debug level for investigating problems. @var{level} may be
@@ -748,29 +742,11 @@ however carefully selected to best aid in debugging.
 
 @item --debug @var{flags}
 @opindex debug
-This option is only useful for debugging and the behaviour may change
-at any time without notice; using @code{--debug-levels} is the
-preferred method to select the debug verbosity.  FLAGS are bit encoded
-and may be given in usual C-Syntax. The currently defined bits are:
-
-@table @code
-@item 0  (1)
-X.509 or OpenPGP protocol related data
-@item 1  (2)
-values of big number integers
-@item 2  (4)
-low level crypto operations
-@item 5  (32)
-memory allocation
-@item 6  (64)
-caching
-@item 7  (128)
-show memory statistics
-@item 9  (512)
-write hashed data to files named @code{dbgmd-000*}
-@item 10 (1024)
-trace Assuan protocol
-@end table
+Set debug flags.  All flags are or-ed and @var{flags} may be given
+in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
+To get a list of all supported flags the single word "help" can be
+used. This option is only useful for debugging and the behavior may
+change at any time without notice.
 
 Note, that all flags set using this option may get overridden by
 @code{--debug-level}.
@@ -913,15 +889,9 @@ purposes.
 
 Note that even if a certificate is listed in this file, this does not
 mean that the certificate is trusted; in general the certificates listed
-in this file need to be listed also in @file{trustlist.txt}.
-
-This is a global file an installed in the data directory
-(e.g. @file{@value{DATADIR}/qualified.txt}).  GnuPG installs a suitable
-file with root certificates as used in Germany.  As new Root-CA
-certificates may be issued over time, these entries may need to be
-updated; new distributions of this software should come with an updated
-list but it is still the responsibility of the Administrator to check
-that this list is correct.
+in this file need to be listed also in @file{trustlist.txt}. This is a global
+file an installed in the sysconf directory (e.g.
+@file{@value{SYSCONFDIR}/qualified.txt}).
 
 Every time @command{gpgsm} uses a certificate for signing or verification
 this file will be consulted to check whether the certificate under
@@ -1140,10 +1110,12 @@ General Parameters:
 @item Key-Type: @var{algo}
 Starts a new parameter block by giving the type of the primary
 key. The algorithm must be capable of signing.  This is a required
-parameter.  The only supported value for @var{algo} is @samp{rsa}.
+parameter.  The supported values for @var{algo} are @samp{rsa},
+@samp{ecdsa}, and @samp{eddsa}.
 
 @item Key-Length: @var{nbits}
-The requested length of a generated key in bits.  Defaults to 3072.
+The requested length of a generated key in bits.  Defaults to
+3072. The value is ignored for ECC algorithms.
 
 @item Key-Grip: @var{hexstring}
 This is optional and used to generate a CSR or certificate for an
@@ -1216,6 +1188,20 @@ algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and
 @samp{sha512}; they may also be specified with uppercase letters.  The
 default is @samp{sha256}.
 
+@item Authority-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as authorityKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the certified public key is used as authorityKeyIdentifier.  To
+inhibit any authorityKeyIdentifier use the special value @code{none}
+for @var{hexstring}.
+
+@item Subject-Key-Id: @var{hexstring}
+Insert the decoded value of @var{hexstring} as subjectKeyIdentifier.
+If this is not given and an ECC algorithm is used the public part of
+the signing key is used as authorityKeyIdentifier.  To inhibit any
+subjectKeyIdentifier use the special value @code{none} for
+@var{hexstring}.
+
 @end table
 
 @c *******************************************
diff --git a/doc/help.ja.txt b/doc/help.ja.txt
index c503de6..be924c5 100644
--- a/doc/help.ja.txt
+++ b/doc/help.ja.txt
@@ -49,7 +49,7 @@
 # There was a problen accessing the dirmngr.
 動作中のDirmngrへの接続ができなかったか、通信の問題が発生しました。
 
-証明書失効リスト(CRL)を検索し、OCSPの懸賞とLDAPサーバを通じて鍵を検索す
+証明書失効リスト(CRL)を検索し、OCSPの検証とLDAPサーバを通じて鍵を検索す
 るため、システムは、Dirmngrと呼ばれる外部サービス・プログラムを利用しま
 す。Dirmngrは通常、システムサービス(daemon)として実効されます、一般ユー
 ザは気にする必要はありません。問題がある場合、システムは、要求に応じて、
@@ -102,6 +102,25 @@ RSA は署名と暗号化のどちらにも使えます。
 の専門家に相談してください。
 .
 
+.gpg.keygen.cardkey
+カードからどの鍵を使用するか選択する。
+
+リストには、選択の番号、keygrip (16進数の文字列)、カード固有の鍵参照、
+この鍵に使うアルゴリズム、そして、鍵の使用目的(cert, sign, auth, encr)
+が括弧内に示されます。鍵の標準的な使用がわかっている場合には、アスタリ
+スクでマークされます。.
+
+.gpg.keygen.flags
+鍵の機能をトグルする。
+
+選択されたアルゴリズムで可能な機能だけがトグルできます。
+
+すばやく一度ですべての機能を設定するには、'=' の文字を最初の文字として、
+続けて設定する機能の列を入力します: 's' は署名、'e' は暗号化、'a'は認
+証です。無効な文字と不可能な機能は無視されます。このサブメニューはこの
+ショートカットを利用したのちにただちに閉じられます。
+.
+
 
 .gpg.keygen.size
 鍵の長さを入力してください。
@@ -124,10 +143,10 @@ http://www.xkcd.com/538/
 
 
 .gpg.keygen.valid
-プロンプトで示された必要な値を入力してください。ISO形式の日付
-(YYYY-MM-DD)の入力が可能ですが、良いエラー対応が得られないかもしれませ
-ん。システムが与えられた値を期間と解釈することがあります。.
-.
+プロンプトで示された必要な値を入力してください。
+ISO形式の日付(YYYY-MM-DD)の入力が可能ですが、わかりやすいエラーの反応
+が得られないままにシステムが与えられた値を期間と解釈して扱うことがあり
+ます。
 
 .gpg.keygen.valid.okay
 "yes" か "no" で答えてください。
@@ -172,14 +191,14 @@ Q  鍵生成を止める。
 .
 
 .gpg.sign_uid.class
-ある鍵のユーザIDに署名するとき、あなたは、まず、その鍵がそのユーザIDの
-人に属するかどうかを確認しなければなりません。あなたがどれくらいこれを
-慎重に確認したかについて、ほかの人が知ることは有用です。
+ある鍵のユーザIDに署名するとき、まず、その鍵がそのユーザIDの人に属する
+かどうかをあなたは確認しなければなりません。あなたがどれくらいこれを慎
+重に確認したかについて、ほかの人が知ることは有用です。
 
 "0" は、どれくらい慎重に確認したかについて特になにも主張しないことを意味します。
 
-"1" は、あなたは、主張するその人が所有する鍵であると考えるが、その鍵について、
-    確認できなかった、あるいはしなかったことを意味します。これは、ペンネームの
+"1" は、主張するその人が所有する鍵であるとあなたは信じるが、その鍵について、
+    検証できなかった、あるいはしなかったことを意味します。これは、ペンネームの
     ユーザの鍵に署名するような "persona" 確認に有用です。
 
 "2" は、その鍵に対し、通常の検証を行ったことを意味します。たとえば、鍵
@@ -307,6 +326,20 @@ Q  鍵生成を止める。
 意味します。
 .
 
+.gpg.tofu.conflict
+# tofu.c
+
+TOFUが同一(もしくはとてもよく似ている)メールアドレスの別の鍵を検出しま
+した。そのユーザが新しい鍵を作ったかもしれません。この場合には、あなた
+は新しい鍵を安全に信じることができます(が、その人に聞いて確かめましょ
+う)。しかし、また、その鍵が偽造であるか、中間者(MitM)攻撃が行われてい
+るのかもしれません。この場合には、あなたはこの鍵を信じられないものとな
+るように不正としてマークすべきです。ある鍵を信じられないものとなるよう
+にマークするとは、どんな署名も不正と考えられるようになる、その鍵への暗
+号化はフラグが立てられることを意味します。わからなくて今は確認できない
+場合、一度だけ認める、あるいは、一度だけ拒絶するを選択すべきです。
+.
+
 
 .gpgsm.root-cert-not-trusted
 # This text gets displayed by the audit log if
diff --git a/doc/help.txt b/doc/help.txt
index a172176..4d748c4 100644
--- a/doc/help.txt
+++ b/doc/help.txt
@@ -133,16 +133,15 @@ encryption.  This algorithm should only be used in certain domains.
 Please consult your security expert first.
 .
 
+.gpg.keygen.cardkey
+Select which key from the card shall be used.
 
-
-.gpg.keygen.keygrip
-Enter the keygrip of the key to add.
-
-The keygrip is a string of 40 hex digits that identifies a key.  It
-must belong to a secret key or a secret subkey stored in your keyring.
+The listing shows the selection index, the keygrip (a string of hex
+digits), the card specific key reference, the algorithm used for this
+key, and in parentheses the usage of the key (cert, sign, auth, encr).
+If known the standard usage for a key is marked with an asterisk.
 .
 
-
 .gpg.keygen.flags
 Toggle the capabilities of the key.
 
diff --git a/doc/help.zh_CN.txt b/doc/help.zh_CN.txt
index 7b199c2..84d09fc 100644
--- a/doc/help.zh_CN.txt
+++ b/doc/help.zh_CN.txt
@@ -16,30 +16,99 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <https://www.gnu.org/licenses/>.
 
+# Update by bobwxc<bobwxc@yeah.net> 2020
+
+# Note that this help file needs to be UTF-8 encoded.  When looking
+# for a help item, GnuPG scans the help files in the following order
+# (assuming a GNU or Unix system):
+#
+#    /etc/gnupg/help.LL_TT.txt
+#    /etc/gnupg/help.LL.txt
+#    /etc/gnupg/help.txt
+#    /usr/share/gnupg/help.LL_TT.txt
+#    /usr/share/gnupg/help.LL.txt
+#    /usr/share/gnupg/help.txt
+#
+# Here LL_TT denotes the full name of the current locale with the
+# territory (.e.g. "de_DE"), LL denotes just the locale name
+# (e.g. "de").  The first matching item is returned.  To put a dot or
+# a hash mark at the beginning of a help text line, it needs to be
+# prefixed with ". ".  A single dot may be used to terminated ahelp
+# entry.
+
+.#pinentry.qualitybar.tooltip
+# [remove the hash mark from the key to enable this text]
+# This entry is just an example on how to customize the tooltip shown
+# when hovering over the quality bar of the pinentry.  We don't
+# install this text so that the hardcoded translation takes
+# precedence.  An administrator should write up a short help to tell
+# the users about the configured passphrase constraints and save that
+# to /etc/gnupg/help.txt.  The help text should not be longer than
+# about 800 characters.
+This bar indicates the quality of the passphrase entered above.
+
+As long as the bar is shown in red, GnuPG considers the passphrase too
+weak to accept.  Please ask your administrator for details about the
+configured passphrase constraints.
+.
+
+
+.gnupg.agent-problem
+# 无法连接或启动 Gpg-Agent 。
+无法连接到运行的 Gpg-Agent 或与正在运行的 Gpg-Agent 发生通信问题。
+
+本系统使用一个称为 Gpg-Agent (Gpg-代理)的后台进程来处理私钥和请求密
+码。代理通常在用户登录时启动，并在用户在线时运行。如果没有可用的代
+理，系统会尝试动态启动一个代理，但该状态的代理在功能上有一定的限制，
+可能会导致一些小问题。
+
+您可能需要询问管理员以解决该问题。您也可以尝试注销并重新登录来尝试
+解决此问题。无论如何，请通知管理员此错误，因为这表明软件中存在错误。
+.
+
+
+.gnupg.dirmngr-problem
+# 无法连接到 dirmngr
+无法连接到一个运行的 Dirmngr 或与正在运行的 Dirmngr 发生通信问题。
+
+若要查找证书吊销列表（CRL），请执行OCSP验证并通过LDAP服务器查找公钥，
+本系统依赖于名为 Dirmngr 的外部服务程序。Dirmngr 通常作为系统服务
+（守护进程）运行，无需用户管理。当守护进程出现问题时，系统可能会为每
+个请求启动自己的Dirmngr副本，这是一种性能有限的解决方法。
+
+如果遇到此问题，应询问系统管理员如何解决。作为一个临时解决方案，您可
+以尝试在 gpgsm 的配置中禁用 CRL 检查。
+.
+
 
 .gpg.edit_ownertrust.value
-在这里指定的数值完全由您自己决定；这些数值永远不会被输出给任何第三方。
-我们需要它来实现“信任网络”；这跟隐含建立起来的“验证网络”无关。
+#标识前缀为“gpg”的帮助曾经为gpg的硬编码
+#现在可能被此文件中的帮助文本覆盖。
+在这里指定的数值完全由您自己决定；这些数值永远不会被导出给任何第三方。
+我们需要它来实现“信任网络”；这与被隐式创建的“证书验证网络”无关。
 .
 
-.gpg.edit_ownertrust.set_ultimate.okay
-要建立起信任网络，GnuPG 需要知道哪些密钥是可绝对信任的――通常
-就是您拥有私钥的那些密钥。回答“yes”将此密钥设成可绝对信任的
 
+.gpg.edit_ownertrust.set_ultimate.okay
+要建立起信任网络，GnuPG 需要知道哪些密钥是可绝对信任的――通常就是
+您拥有私钥的那些密钥。回答“yes”将此密钥设成可绝对信任的。
 .
 
+
 .gpg.untrusted_key.override
-如果您无论如何要使用这把未被信任的密钥，请回答“yes”。
+如果您坚持要求使用这把未被信任的公钥，请回答“yes”。
 .
 
+
 .gpg.pklist.user_id.enter
-输入您要递送的报文的接收者的用户标识。
+输入您要所发送报文的接收者的用户标识。
 .
 
+
 .gpg.keygen.algo
 选择使用的算法。
 
-DSA (也叫 DSS)即“数字签名算法”(美国国家标准)，只能够用作签名。
+DSA 即“数字签名算法”(曾用于美国国家标准DSS)，只能够用作签名。
 
 Elgamal 是一种只能用作加密的算法。
 
@@ -48,120 +117,174 @@ RSA 可以用作签名或加密。
 第一把密钥(主钥)必须具有签名的能力。
 .
 
+
 .gpg.keygen.algo.rsa_se
-通常来说用同一把密钥签名及加密并不是个好主意。这个算法只在特定的情况
-下使用。请先咨询安全方面的专家。
+通常来说用同一把密钥签名和加密并不是个好主意。这个算法只在特定的情况
+下使用。请事先咨询您的安全指导专家。
 .
 
+
+.gpg.keygen.cardkey
+从卡中选择要使用的密钥。
+
+列表显示了密钥索引，钥柄（keygrip，一个十六进制数字串），卡特别的密
+钥引用，密钥算法。
+括注为密钥允许的用法（cert 验证, sign 签名, auth 授权, encr 加密），
+有星号标记的为密钥的标准用法。
+.
+
+
+.gpg.keygen.flags
+选择密钥的功能。
+
+密钥功能受限于所选算法。
+
+要快速完成功能设置，可以输入“=”作为第一个字符，后跟字母列表；
+指示设置的功能：“s”用于签名，“e”用于加密，而“a”用于身份验证；
+无效字母和不可选的功能将被忽略。
+使用快速设置后，此子菜单将立即结束。
+.
+
+
 .gpg.keygen.size
-请输入密钥的尺寸
+请输入密钥长度。
+
+默认选项通常是个不错的选择。
+
+如果您想使用一个较大的密钥长度，例如4096位，请认真考虑它是否真的对
+你有意义，长密钥可能会降低性能。您可以参考该网页
+    http://www.xkcd.com/538/
 .
 
+
 .gpg.keygen.size.huge.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.keygen.size.large.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.keygen.valid
-请输入提示所要求的数值。
-您可以输入 ISO 日期格式(YYYY-MM-DD)，但是出错时您不会得到友好的响应
-――系统会尝试将给定值解释为时间间隔。
+请按提示输入所要求的数值。
+您可以输入 ISO 日期格式(YYYY-MM-DD)，但出错时您可能不会得到友好的提
+示――系统可能会尝试将其解释为时间间隔。
 .
 
+
 .gpg.keygen.valid.okay
 请回答“yes”或“no”
 .
 
 .gpg.keygen.name
 请输入密钥持有人的名字
+“<”与“>”字符是不允许的。
+例如：ZhangSan
 .
 
+
 .gpg.keygen.email
 请输入电子邮件地址(可选项，但强烈推荐使用)
+例如：zhangsan@example.com
 .
 
+
 .gpg.keygen.comment
 请输入注释(可选项)
+“(”与“)”字符是不允许的。
+通常无需输入注释。
 .
 
+
 .gpg.keygen.userid.cmd
+# （开头来一个空行）—— help.txt要求的
+
 N  修改姓名。
 C  修改注释。
 E  修改电子邮件地址。
-O  继续产生密钥。
-Q  中止产生密钥。
+O  继续生成密钥。
+Q  中止生成密钥。
 .
 
+
 .gpg.keygen.sub.okay
 如果您允许生成子钥，请回答“yes”(或者“y”)。
 .
 
+
 .gpg.sign_uid.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.sign_uid.class
-当您为某把密钥上某个用户标识添加签名时，您必须首先验证这把密钥确实属于
-署名于它的用户标识上的那个人。了解到您曾多么谨慎地对此进行过验证，对其
-他人是非常有用的
+当您对某把密钥上某个用户标识进行签名认证时，您必须首先验证这把密钥
+是否确实属于在用户标识上署名的那个人。而让他人了解您对此进行了多么
+仔细的验证是非常必要的。
 
-“0” 表示您对您有多么仔细地验证这把密钥的问题不表态。
+“0” 表示您对验证这把密钥所属者真实性问题不表态。
 
-“1” 表示您相信这把密钥属于那个声明是主人的人，但是您不能或根本没有验
-      证过。如果您为一把属于类似虚拟人物的密钥签名，这个选择很有用。
+“1” 表示您相信这把密钥属于那个声称是主人的人，但是您不能或根本没
+      有验证过。如果您为一把属于类似虚拟人物的密钥签名，这个选项很
+      有用。
 
-“2” 表示您随意地验证了那把密钥。例如，您验证了这把密钥的指纹，或比对
-      照片验证了用户标识。
+“2” 表示您随意地验证了那把密钥。例如，您验证了这把密钥的指纹，或
+      比对了照片以验证用户标识。
 
-“3” 表示您做了大量而详尽的验证密钥工作。例如，您同密钥持有人验证了密
-      钥指纹，而且通过查验附带照片而难以伪造的证件(如护照)确认了密钥持
-      有人的姓名与密钥上的用户标识一致，最后您还(通过电子邮件往来)验证
-      了密钥上的电子邮件地址确实属于密钥持有人。
+“3” 表示您做了大量而详尽的验证密钥工作。例如，您同密钥持有人直接
+      联系验证了密钥指纹，而且通过查验附带照片且难以伪造的证件（如
+      身份证)确认了密钥持有人的姓名与密钥上的用户标识一致，最后您还
+      （通过电子邮件往来）验证了密钥上的电子邮件地址确实属于密钥持
+      有人。
 
-请注意上述关于验证级别 2 和 3 的说明仅是例子而已。最终还是由您自己决定
-当您为其他密钥签名时，什么是“随意”，而什么是“大量而详尽”。
+请注意上述关于验证级别 2 和 3 的说明仅是例子而已，最终还是由您自己
+决定当您为其他密钥签名时，什么是“随意”，而什么是“大量而详尽”。
 
-如果您不知道应该选什么答案的话，就选“0”。
+如果您不知道应该选什么，请选“0”。
 .
 
+
 .gpg.change_passwd.empty.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.keyedit.save.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.keyedit.cancel.okay
 请回答“yes”或“no”
 .
 
+
 .gpg.keyedit.sign_all.okay
 如果您想要为所有用户标识签名的话就选“yes”
 .
 
+
 .gpg.keyedit.remove.uid.okay
 如果您真的想要删除这个用户标识的话就回答“yes”。
 所有相关认证在此之后也会丢失！
 .
 
 .gpg.keyedit.remove.subkey.okay
-如果可以删除这把子钥，请回答“yes”
+如果要删除这把子钥，请回答“yes”
 .
 
 .gpg.keyedit.delsig.valid
-这是一份在这把密钥上有效的签名；通常您不会想要删除这份签名，
-因为要与这把密钥或拥有这把密钥的签名的密钥建立认证关系可能
-相当重要。
+这是一份在这把密钥上有效的签名；通常您不会想要删除这份签名，因为要
+与“这把密钥”或“拥有这把密钥的签名的密钥”建立认证关系可能相当重
+要。
 .
 
 .gpg.keyedit.delsig.unknown
-这份签名无法被检验，因为您没有相应的密钥。您应该暂缓删除它，
-直到您知道此签名使用了哪一把密钥；因为用来签名的密钥可能与
-其他已经验证的密钥存在信任关系。
+这份签名无法被检验，因为您没有相应的公钥。您应该暂缓删除它，直到您
+知道此签名使用了哪一把密钥；因为用来签名的密钥可能与其他已经验证的
+密钥存在信任关系。
 .
 
 .gpg.keyedit.delsig.invalid
@@ -169,25 +292,25 @@ Q  中止产生密钥。
 .
 
 .gpg.keyedit.delsig.selfsig
-这是一份将密钥与用户标识相联系的签名。通常不应删除这样的签名。
-事实上，一旦删除，GnuPG可能从此就不能再使用这把密钥了。因此，
-只有在这把密钥的第一个自身签名因某些原因失效，而有第二个自身签
-字可用的情况下才这么做。
+这是一份将密钥与用户标识相联系的签名，通常不应删除这样的签名。一旦
+删除，GnuPG 将可能无法再使用这把密钥。因此，只有在这把密钥的第一个
+自签名因某些原因失效，而拥有另一个可用自签名的情况下才这么做。
 .
 
 .gpg.keyedit.updpref.okay
-用现有的首选项更新所有(或选定的)用户标识的首选项。所有受影响的自身签
-字的时间戳都会增加一秒钟。
-
+用现有的首选项更新所有（或选定的）用户标识的首选项。所有受影响的自
+签名的时间戳都会增加一秒钟。
 .
 
+
 .gpg.passphrase.enter
-请输入密码：这是一个秘密的句子 
+# （开头来一个空行）—— help.txt要求的
 
+请输入密码：
 .
 
 .gpg.passphrase.repeat
-请再次输入上次的密码，以确定您到底键入了些什么。
+请再次输入密码，以确认输入了正确的密码。
 .
 
 .gpg.detached_signature.filename
@@ -195,16 +318,15 @@ Q  中止产生密钥。
 .
 
 .gpg.openfile.overwrite.okay
-如果可以覆盖这个文件，请回答“yes”
+如果要覆盖这个文件，请回答“yes”
 .
 
 .gpg.openfile.askoutname
-请输入一个新的文件名。如果您直接按下了回车，那么就会使用显示在括
-号中的默认的文件名。
+请输入一个新的文件名。直接按下回车以使用默认文件名（括号中）。
 .
 
 .gpg.ask_revocation_reason.code
-您应该为这份吊销证书指定一个原因。根据情境的不同，您可以从下列清单中
+您需要为这份吊销证书指定一个原因。根据情况的不同，您可以从下列清单中
 选出一项：
   “密钥已泄漏”
       如果您相信有某个未经许可的人已取得了您的私钥，请选此项。
@@ -213,19 +335,46 @@ Q  中止产生密钥。
   “密钥不再被使用”
       如果您已决定让这把密钥退休，请选此项
   “用户标识不再有效”
-      如果这个用户标识不再被使用了，请选此项；这通常用表明某个电子邮
-      件地址已不再有效。
-
+      如果这个用户标识不再被使用了，请选此项；这通常用表明某个电子
+      邮件地址已不再有效。
 .
 
 .gpg.ask_revocation_reason.text
-您也可以输入一串文字，描述发布这份吊销证书的理由。请尽量使这段文
-字简明扼要。
-键入一空行以结束输入。
+# revoke.c (ask_revocation_reason)
+您也可以输入一串文字，描述发布这份吊销证书的理由，请尽量简明扼要。
+输入一个空行以结束输入。
+.
+
 
+.gpg.tofu.conflict
+# tofu.c
+TOFU 检测到了另一个电子邮件地址相同（或非常相似）的密钥。可能是用户
+创建了一个新的密钥；在这种情况下，您可以放心地信任新密钥（请通过询
+问此人来确认这一点）。但此密钥也可能是伪造的，或者有一个活跃的中间
+人（MitM）攻击；在这种情况下，应该将密钥标记为不受信的，这样它就不
+可信了。将密钥标记为不受信任意味着其任何签名都将被认为是无效的，并
+将标记所有使用该密钥进行的加密。如果您不确定且当前无法检查，则应选
+择接受一次或拒绝一次。
 .
 
 
+.gpgsm.root-cert-not-trusted
+# This text gets displayed by the audit log if
+# a root certificates was not trusted.
+#如果根证书不受信任，审核日志将显示此文本。
+根证书（信任基础）不受信任。根据配置，可能会提示您将根证书标记为受
+信任的，或者您需要手动告诉 GnuPG 信任该证书。记载了受信任证书的
+trustlist.txt 在GnuPG的主目录中。如有疑问，请询问系统管理员是否应信
+任此证书。
+.
+
+
+.gpgsm.crl-problem
+#当CRL或OCSP检查出现问题，审核日志将显示此文本。
+您的配置在检索CRL或执行OCSP检查时出现问题。有很多不同的原因，查看手
+册以了解可能的解决方案。
+.
+
 
 # Local variables:
 # mode: fundamental
diff --git a/doc/help.zh_TW.txt b/doc/help.zh_TW.txt
index 5665b70..d13b433 100644
--- a/doc/help.zh_TW.txt
+++ b/doc/help.zh_TW.txt
@@ -7,239 +7,361 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <https://www.gnu.org/licenses/>.
 
 
+# Note that this help file needs to be UTF-8 encoded.  When looking
+# for a help item, GnuPG scans the help files in the following order
+# (assuming a GNU or Unix system):
+#
+#    /etc/gnupg/help.LL_TT.txt
+#    /etc/gnupg/help.LL.txt
+#    /etc/gnupg/help.txt
+#    /usr/share/gnupg/help.LL_TT.txt
+#    /usr/share/gnupg/help.LL.txt
+#    /usr/share/gnupg/help.txt
+#
+# Here LL_TT denotes the full name of the current locale with the
+# territory (.e.g. "de_DE"), LL denotes just the locale name
+# (e.g. "de").  The first matching item is returned.  To put a dot or
+# a hash mark at the beginning of a help text line, it needs to be
+# prefixed with ". ".  A single dot may be used to terminated ahelp
+# entry.
+
+.#pinentry.qualitybar.tooltip
+# [remove the hash mark from the key to enable this text]
+# This entry is just an example on how to customize the tooltip shown
+# when hovering over the quality bar of the pinentry.  We don't
+# install this text so that the hardcoded translation takes
+# precedence.  An administrator should write up a short help to tell
+# the users about the configured passphrase constraints and save that
+# to /etc/gnupg/help.txt.  The help text should not be longer than
+# about 800 characters.
+本指示條顯示上方輸入的密語的強度。
+
+本處若顯示為紅色，代表該密語強度不足，不能被 GnuPG 接受。請與管理者詢
+問關於密語強度的細節。
+.
+
+
+.gnupg.agent-problem
+# There was a problem accessing or starting the agent.
+無法連接執行中的 Gpg-Agent，或與執行中的 Gpg-Agent 通訊時出現異常。
+
+本系統使用稱為 Gpg-Agent 的背景程式，以代理處理私鑰或詢問密文。該代理
+程式會在使用者登入時執行，並持續執行直到使用者登出為止。若沒有代理程
+式，系統會在執行時嘗試使用一個功能受限的代理程式，該版本的代理程式可能
+會導致一些問題。
+
+您可能需要詢問管理者如何解決這個問題，作為臨時方案，您可以嘗試登出後重
+新登入，並檢查問題是否能改善。即使以上方法有用，也請告知系統管理者，因
+為這代表軟體可能存在瑕疵。
+.
+
+
+.gnupg.dirmngr-problem
+# There was a problen accessing the dirmngr.
+無法連接到執行中的 Dirmngr，或與執行中的 Dirmngr 通訊時出現異常。
+
+為了查詢憑證吊銷列表 (CRL)、執行 OCSP 金鑰驗證、與 LDAP 伺服器查詢金
+鑰，本系統會使用一個外部工具稱為 Dirmngr。Dirmngr 通常會以系統服務（常
+駐程式）的形式執行，使用者無須注意。若此處出現問題，作為臨時方案，系統
+每次在接到請求時會執行內建版本的 Dirmngr，因而導致效能上的限制。
+
+若您遇上這個問題，您可以與系統管理者詢問如何處理。作為暫代方案，您可以
+關閉在 gpgsm 的設定中關閉 CRL 的檢查。
+.
+
+
 .gpg.edit_ownertrust.value
-在這裡指派的數值完全是看妳自己決定; 這些數值永遠不會被匯出給其他人.
-我們需要它來實施信任網絡; 這跟 (自動建立起的) 憑證網絡一點關係也沒有.
+# The help identies prefixed with "gpg." used to be hard coded in gpg
+# but may now be overridden by help texts from this file.
+您可以自由決定是否要設定本值，該值不會輸出到任何第三方。本值只是為了實
+作信任網路而設，與（隱式建立的）憑證網路沒有關係。
 .
 
 .gpg.edit_ownertrust.set_ultimate.okay
-要建立起信任網絡, GnuPG 需要知道哪些金鑰是被徹底信任的 -
-那些金鑰通常就是妳有辦法存取到私鑰的. 回答 "yes" 來將這些
-金鑰設成被徹底信任的
+要建構信任網絡, GnuPG 需要知道哪些是徹底信任的金鑰——通常是指您可以存取
+到私鑰的金鑰。若要設定為徹底信任的金鑰，請回答 "yes"。
 
-.
 
 .gpg.untrusted_key.override
-如果妳無論如何想要使用這把未被信任的金鑰, 請回答 "yes".
+如果您仍要使用這把不受信任的金鑰, 請回答 "yes"。
 .
 
 .gpg.pklist.user_id.enter
-輸入妳要遞送的訊息接收者的使用者 ID.
+請輸入本訊息接收者的使用者 ID。
 .
 
 .gpg.keygen.algo
-請選擇要使用的演算法.
+請選擇要使用的金鑰演算法。
 
-DSA (亦即 DSS) 是數位簽章演算法 (Digital Signature Algorithm),
-祇能用於簽署.
+DSA（又稱 DSS）是數位簽章演算法 (Digital Signature Algorithm)，
+只能用於簽署。
 
-Elgamal 是祇能用於加密的演算法.
+Elgamal 是只能用於加密的演算法。
 
-RSA 可以被用來簽署及加密.
+RSA 可以作為簽署及加密使用。
 
-第一把 (主要的) 金鑰一定要含有能用於簽署的金鑰.
+第一把（主要的）金鑰必須要是能用於簽署的金鑰。
 .
 
 .gpg.keygen.algo.rsa_se
-通常來說用同一把金鑰簽署及加密並不是個好主意.
-這個演算法應該祇被用於特定的情況下.
-請先聯絡妳的安全專家.
+通常來說用同一把金鑰簽署及加密並不是個好主意。這個演算法應該只能用於特
+定的領域。請先聯絡您的安全專家。
+.
+
+.gpg.keygen.cardkey
+請從本卡片選擇要使用的金鑰。
+
+本清單依序顯示選擇索引、鑰柄（十六進位字串）、卡片特定的金鑰參照、該
+金鑰的演算法，括號內會顯示金鑰的用途（cert 證書、sign 簽名、auth 認證
+、encr 加密）。若能得知預設的金鑰用途，會以星號標示。
 .
 
+.gpg.keygen.flags
+切換金鑰的功能。
+
+金鑰可以擁有哪些功能，受限於使用的金鑰演算法。
+
+若要快速設定金鑰的功能，您可以輸入 '=' 後接以下字元組合的字串：
+'s' 簽名、'e' 加密、'a' 認證。無效的字元跟無法設定的功能會被忽略。本子
+選單會在使用此快速設定的方法後立即關閉。
+.
+
+
 .gpg.keygen.size
-請輸入金鑰的尺寸
+請輸入金鑰的大小。
+
+建議的金鑰大小通常是良好的選擇。
+
+若您要使用較大的金鑰大小，例如 4096 位元，請再三考慮是否合理。
+您可以參考以下網址：https://www.xkcd.com/538/。
 .
 
 .gpg.keygen.size.huge.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
+
 .gpg.keygen.size.large.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
+
 .gpg.keygen.valid
-請輸入提示裡所要求的數值.
-妳可以輸入 ISO 日期格式 (YYYY-MM-DD), 但是不會得到良好的錯誤回應 -
-反之, 系統會試著把給定的數值中斷成若干片段.
+請輸入提示裡要求的值。
+輸入 ISO 日期格式 (YYYY-MM-DD) 雖然會被接受，但是因為系統會解析成區
+間，因此不會得到正常的錯誤回應。
+
 .
 
 .gpg.keygen.valid.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
+
 .gpg.keygen.name
-請輸入金鑰持有人的名字
+請輸入金鑰持有人的名字。
+字元 "<" 跟 ">" 不會被接受。
+例：Heinrich Heine
 .
 
+
 .gpg.keygen.email
-請輸入選用 (但強烈建議使用) 的電子郵件位址
+請輸入 Email 地址（非必要，但強烈建議使用）。
+例：heinrichh@duesseldorf.de
 .
 
 .gpg.keygen.comment
-請輸入選用的註釋
+請輸入註釋（非必要）。
+字元 "(" 跟 ")" 不會被接受。
+通常不需要寫入註釋。
 .
 
+
 .gpg.keygen.userid.cmd
-N  修改姓名.
-C  修改註釋.
-E  修改電子郵件位址.
-O  繼續產生金鑰.
-Q  中止產生金鑰.
+# (Keep a leading empty line)
+
+N  修改姓名。
+C  修改註釋。
+E  修改 Email 地址。
+O  繼續產生金鑰。
+Q  中止產生金鑰。
 .
 
 .gpg.keygen.sub.okay
-如果妳覺得產生子鑰可以的話, 就回答 "yes" (或者祇要 "y").
+如果要產生子鑰的話, 請回答 "yes" (或 "y")。
 .
 
 .gpg.sign_uid.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
 .gpg.sign_uid.class
-當妳在某把金鑰上簽署某個使用者 ID, 妳首先必須先驗證那把
-金鑰確實屬於那個使用者 ID 上叫那個名字的人. 這對那些知道
-妳多小心驗證的人來說很有用.
+當您在某把金鑰上簽署某個使用者 ID，您首先必須先驗證那把金鑰確實屬於該使用者
+ID 上所代表的人。可以讓其他人知道您驗證該金鑰的詳細程度。
 
-"0" 表示妳不能提出任何特別的主張來表明
-    妳多仔細驗證那把金鑰
+"0" 表示您不特別聲明您驗證那把金鑰的詳細程度。
 
-"1" 表示妳相信這把金鑰屬於那個主張是主人的人,
-    但是妳不能或沒有驗證那把金鑰.
-    這對那些祇想要 "個人的" 驗證的人來說很有用,
-    因為妳簽署了一把擬似匿名使用者的金鑰.
+"1" 表示您相信這把金鑰屬於那個主張是主人的人，但是您不能，或是完全沒有驗證
+    那把金鑰。這對「人格上」的驗證，亦即簽署化名使用者的金鑰來說是有用的。
 
-"2" 表示妳真的仔細驗證了那把金鑰.
-    例如說, 這能表示妳驗證了這把金鑰的指紋和
-    使用者 ID, 並比對了照片 ID.
+"2" 表示您做了快速的金鑰驗證。例如，這能表示您驗證了這把金鑰的指紋並將使用
+    者 ID 與相片證件對照。
 
-"3" 表示妳真的做了大規模的驗證金鑰工作.
-    例如說, 這能表示妳向金鑰持有人驗證了金鑰指紋,
-    而且妳透過附帶照片而難以偽造的文件 (像是護照)
-    確認了金鑰持有人的姓名與金鑰上使用者 ID 的一致,
-    最後妳還 (透過電子郵件往來) 驗證了金鑰上的
-    電子郵件位址確實屬於金鑰持有人.
+"3" 表示您做了仔細的金鑰驗證。例如，這能表示您當面向金鑰持有人驗證了金鑰指
+    紋，並透過附帶照片而難以偽造的文件（像是護照）確認了金鑰持有人的姓名與
+    金鑰上的使用者 ID 一致，最後您（透過 Email 往來）驗證了金鑰上的 Email
+    位址確實屬於金鑰持有人。
 
-請注意上述關於等級 2 和 3 的例子 "祇是" 例子而已.
-最後, 還是得由妳自己決定當妳簽署其他金鑰時,
-甚麼是 "漫不經心", 而甚麼是 "超級謹慎".
+請注意上述關於等級 2 和 3 的範例 *只是* 範例而已。到頭來還是得由您來決定當
+您簽署其他的金鑰時，「快速」與「仔細」的意義。
 
-如果妳不知道應該選甚麼答案的話, 就選 "0".
+若您不知道正確回答為何，請回答 "0"。
 .
 
 .gpg.change_passwd.empty.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
+
 .gpg.keyedit.save.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
+
 .gpg.keyedit.cancel.okay
-請回答 "yes" 或 "no"
+請回答 "yes" 或 "no"。
 .
 
 .gpg.keyedit.sign_all.okay
-如果妳想要簽署 *所有* 使用者 ID 的話就回答 "yes"
+如果您想要簽署 *所有* 使用者 ID 的話請回答 "yes"。
 .
 
 .gpg.keyedit.remove.uid.okay
-如果妳真的想要刪除這個使用者 ID 的話就回答 "yes".
-所有的憑證在那之後也都會失去!
+如果您真的想要刪除這個使用者 ID 的話請回答 "yes"。
+所有的憑證也會因此刪除！
 .
 
 .gpg.keyedit.remove.subkey.okay
-如果刪除這把子鑰沒問題的話就回答 "yes"
+如果要刪除這把子鑰的話請回答 "yes"。
 .
 
 .gpg.keyedit.delsig.valid
-這是一份在這把金鑰上有效的簽章; 通常妳不會想要刪除這份簽章,
-因為要跟別的金鑰建立起信任連結, 或由這把金鑰所簽署的金鑰憑證
-會是一件相當重要的事.
+這是一份在這把金鑰上有效的簽章；通常您不會想要刪除這份簽章，因為
+建立與該金鑰（或與由該金鑰信任的其他金鑰）的信任連結，會是一件重
+要的事情。
 .
 
 .gpg.keyedit.delsig.unknown
-這份簽章無法被檢驗, 因為妳沒有符合的金鑰. 妳應該延緩刪除它,
-直到妳知道哪一把金鑰被使用了; 因為這把來簽署的金鑰可能透過
-其他已經驗證的金鑰建立了一個信任連結.
+因為您沒有持有對應的金鑰，這份簽章無法被檢驗。
+
+您應該在知道哪一把金鑰被用來簽署前，暫緩刪除簽章的動作；因為這把
+來簽署的金鑰可能透過其他已經驗證的金鑰建立了信任連結。
 .
 
 .gpg.keyedit.delsig.invalid
-這份簽章無效. 把它從妳的鑰匙圈裡移去相當合理.
+這份簽章無效。把它從您的鑰匙圈裡移除是合理的。
 .
 
 .gpg.keyedit.delsig.selfsig
-這是一份和這個金鑰使用者 ID 相繫的簽章. 通常
-把這樣的簽章移除不會是個好點子. 事實上 GnuPG
-可能從此就不能再使用這把金鑰了. 所以祇有在這
-把金鑰的第一個自我簽章因某些原因無效, 而第二
-個還可用的情況下纔這麼做.
+這是一份和這個金鑰使用者 ID 相繫的簽章。通常把這樣的簽章移除不會
+是個好主意。實際上 GnuPG 可能從此就不能再使用這把金鑰了。所以只
+有在這把金鑰的第一個自我簽章因某些原因無效，而第二個還可用的情況
+下才這麼做。
 .
 
 .gpg.keyedit.updpref.okay
-變更所有 (或祇有被選取的那幾個) 使用者 ID 的偏好成現用的偏好清單.
-所有受到影響的自我簽章的時間戳記都會增加一秒鐘.
-
+變更所有 (或只有被選取的那幾個) 使用者 ID 的偏好成現用的偏好清單。
+所有受到影響的自我簽章的時間戳記都會增加一秒鐘。
 .
 
+
 .gpg.passphrase.enter
-請輸入密語; 這是一個秘密的句子 
+# (keep a leading empty line)
 
+請輸入密語; 密語代表為一個秘密的句子。
 .
 
+
 .gpg.passphrase.repeat
-請再次輸入最後的密語, 以確定妳到底鍵進了些甚麼.
+請重新輸入先前的密語, 以確定您到底輸入了什麼。
 .
 
 .gpg.detached_signature.filename
-請給定簽章所要套用的檔案名稱
+請給定簽章所要套用的檔案名稱。
 .
 
 .gpg.openfile.overwrite.okay
-如果覆寫這個檔案沒有問題的話就回答 "yes"
+# openfile.c (overwrite_filep)
+若要覆寫這個檔案的話，請回答 "yes"。
 .
 
 .gpg.openfile.askoutname
-請輸入一個新的檔名. 如果妳直接按下了 Enter, 那麼
-就會使用預設的檔案 (顯示在括號中).
+# openfile.c (ask_outfile_name)
+請輸入一個新的檔名。若直接按下 Enter 則會使用預設的檔案 (顯示在括號
+中)。
 .
 
 .gpg.ask_revocation_reason.code
-妳應該為這份憑證指定一個原因.
-根據情境的不同, 妳應該可以從這個清單中選出一項:
-  "金鑰已經被洩漏了"
-      如果妳相信有某個未經許可的傢伙取得了妳的私鑰的話,
-      就選這個.
-  "金鑰被代換了"
-      如果妳把妳的金鑰換成新的了, 就選這個.
-  "金鑰不再被使用了"
-      如果妳已經撤回了這把金鑰, 就選這個.
-  "使用者 ID 不再有效了"
-      如果這個使用者 ID 不再被使用了, 就選這個;
-      這通常用來表示某個電子郵件位址不再有效了.
+# revoke.c (ask_revocation_reason)
+您應該為這份憑證指定一個原因。根據情境不同，您能夠從這個清單中選擇一
+個：
+  「金鑰已經被洩漏了」
+      使用此選項，若您相信有某個未經許可的人取得了您的私鑰。
+  「金鑰被代換了」
+      使用此選項，如果您把您的金鑰換成新的了。
+  「金鑰不再被使用了」
+      使用此選項，如果您已經撤回了這把金鑰。
+  「使用者 ID 不再有效了」
+      使用此選項，如果這個使用者 ID 已不再使用；這通常用來表示某
+      個 Email 地址已經無效。
 
 .
 
 .gpg.ask_revocation_reason.text
-妳也可以輸入一串文字來描述為甚麼發佈這份撤銷憑證的理由.
-請讓這段文字保持簡明扼要.
-鍵入空白列以結束這段文字.
+# revoke.c (ask_revocation_reason)
+您也可以輸入文字來描述為甚麼發佈這份撤銷憑證的理由。請讓這段文字
+保持簡明扼要。
+請輸入一個空行以結束文字。
+.
 
+.gpg.tofu.conflict
+# tofu.c
+TOFU 偵測到其他的金鑰持有一樣（或是非常類似）的 Email 地址。可能是該使
+用者建立了新的金鑰，若為如此，您可以安全地信任該金鑰（但請與該使用者確
+認）。但也有可能是偽造的金鑰，或是有中間人攻擊 (MitM) 正在進行中，若為
+如此，您應該要標記該不良金鑰，該金鑰將會不受信任。標記一個金鑰為「不受
+信任」代表該金鑰的簽名也會被當成不良簽章，且使用該金鑰加密也會出現警
+告。若您無法確定，並且不能檢查該金鑰，您應選擇「接受一次」或「拒絕一
+次」。
 .
 
+.gpgsm.root-cert-not-trusted
+# This text gets displayed by the audit log if
+# a root certificates was not trusted.
+根憑證（信任的基點）不受信任。根據設定，您可能已被要求需要設定根憑證
+為信任憑證，或是您需要手動告知 GnuPG 信任該憑證。信任憑證的設定在
+GnuPG 的家目錄下的 trustlist.txt。若有疑慮，請詢問系統管理者是否該信
+任此憑證。
+
+
+.gpgsm.crl-problem
+# This text is displayed by the audit log for problems with
+# the CRL or OCSP checking.
+根據您的設定，在取得憑證吊銷列表 (CRL) 或是透過 OCSP 檢查憑證狀態時
+出現問題。該問題的產生有很多因素，請詳閱說明文件以找出可能解法。
 
 
 # Local variables:
-# mode: fundamental
+# mode: default-generic
 # coding: utf-8
 # End:
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index 98fa70c..7fc32b8 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -160,33 +160,11 @@ helpers to debug problems.
 
 @item --debug @var{flags}
 @opindex debug
-This option is only useful for debugging and the behavior may change at
-any time without notice.  FLAGS are bit encoded and may be given in
-usual C-Syntax. The currently defined bits are:
-
-@table @code
-@item 0  (1)
-command I/O
-@item 1  (2)
-values of big number integers
-@item 2  (4)
-low level crypto operations
-@item 5  (32)
-memory allocation
-@item 6  (64)
-caching
-@item 7  (128)
-show memory statistics
-@item 9  (512)
-write hashed data to files named @code{dbgmd-000*}
-@item 10 (1024)
-trace Assuan protocol.
-See also option @option{--debug-assuan-log-cats}.
-@item 11 (2048)
-trace APDU I/O to the card.  This may reveal sensitive data.
-@item 12 (4096)
-trace some card reader related function calls.
-@end table
+Set debug flags.  All flags are or-ed and @var{flags} may be given
+in C syntax (e.g. 0x0042) or as a comma separated list of flag names.
+To get a list of all supported flags the single word "help" can be
+used. This option is only useful for debugging and the behavior may
+change at any time without notice.
 
 @item --debug-all
 @opindex debug-all
@@ -251,17 +229,16 @@ socket.
 @item --pcsc-shared
 @opindex pcsc-shared
 Use shared mode to access the card via PC/SC.  This is a somewhat
-dangerous option because Scdaemon assumes exclusivbe access to teh
+dangerous option because Scdaemon assumes exclusive access to the
 card and for example caches certain information from the card.  Use
 this option only if you know what you are doing.
 
 @item --pcsc-driver @var{library}
 @opindex pcsc-driver
 Use @var{library} to access the smartcard reader.  The current default
-on Unix is @file{libpcsclite.so} and on Windows @file{winscard.dll}.
-Instead of using this option you might also want to install a symbolic
-link to the default file name (e.g. from @file{libpcsclite.so.1}).
-A Unicode file name may not be used on Windows.
+is @file{libpcsclite.so}.  Instead of using this option you might also
+want to install a symbolic link to the default file name
+(e.g. from @file{libpcsclite.so.1}).
 
 @item --ctapi-driver @var{library}
 @opindex ctapi-driver
@@ -295,17 +272,9 @@ To get a list of available CCID readers you may use this command:
 
 @item --card-timeout @var{n}
 @opindex card-timeout
-If @var{n} is not 0 and no client is actively using the card, the card
-will be powered down after @var{n} seconds.  Powering down the card
-avoids a potential risk of damaging a card when used with certain
-cheap readers.  This also allows applications that are not aware of
-Scdaemon to access the card.  The disadvantage of using a card timeout
-is that accessing the card takes longer and that the user needs to
-enter the PIN again after the next power up.
-
-Note that with the current version of Scdaemon the card is powered
-down immediately at the next timer tick for any value of @var{n} other
-than 0.
+This option is deprecated.  In GnuPG 2.0, it used to be used for
+DISCONNECT command to control timing issue.  Since DISCONNECT command
+works synchronously, it has no effect.
 
 @item --enable-pinpad-varlen
 @opindex enable-pinpad-varlen
@@ -339,6 +308,21 @@ This option disables the use of the card application named
 @var{name}.  This is mainly useful for debugging or if a application
 with lower priority should be used by default.
 
+@item --application-priority @var{namelist}
+@opindex application-priority
+This option allows to change the order in which applications of a card
+a tried if no specific application was requested.  @var{namelist} is a
+space or comma delimited list of application names.  Unknown names are
+simply skipped.  Applications not mentioned in the list are put in the
+former order at the end of the new priority list.
+
+To get the list of current active applications, use
+@cartouche
+@smallexample
+    gpg-connect-agent 'scd getinfo app_list' /bye
+@end smallexample
+@end cartouche
+
 @end table
 
 All the long options may also be given in the configuration file after
@@ -774,4 +758,3 @@ length up to N bytes.  If N is not given a default value is used
 @command{gpg2}(1)
 @end ifset
 @include see-also-note.texi
-
diff --git a/doc/tools.texi b/doc/tools.texi
index 6b9a9fe..c48ba4b 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -49,19 +49,30 @@ listener for such a socket.  It ameliorates the output with a time stamp
 and makes sure that long lines are not interspersed with log output from
 other utilities.  This tool is not available for Windows.
 
-
 @noindent
 @command{watchgnupg} is commonly invoked as
 
 @example
+watchgnupg
+@end example
+
+which is a shorthand for
+
+@example
 watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
 @end example
+
+To watch GnuPG running with a different home directory, use
+
+@example
+watchgnupg --homedir DIR
+@end example
 @manpause
 
 @noindent
 This starts it on the current terminal for listening on the standard
-logging socket (which is either @file{~/.gnupg/S.log} or
-@file{/var/run/user/UID/gnupg/S.log}).
+logging socket (this is commonly @file{/var/run/user/UID/gnupg/S.log}
+or if no such user directory hierarchy exists @file{~/.gnupg/S.log}).
 
 @mansect options
 @noindent
@@ -71,12 +82,20 @@ logging socket (which is either @file{~/.gnupg/S.log} or
 
 @item --force
 @opindex force
-Delete an already existing socket file.
+Delete an already existing socket file.  This option is implicitly used
+if no socket name has been given on the command line.
+
+@item --homedir @var{DIR}
+If no socket name is given on the command line, pass @var{DIR} to
+gpgconf so that the socket for a GnuPG running with DIR has its home
+directory is used.  Note that the environment variable @var{GNUPGHOME}
+is ignored by watchgnupg.
 
 @anchor{option watchgnupg --tcp}
 @item --tcp @var{n}
-Instead of reading from a local socket, listen for connects on TCP port
-@var{n}.
+Instead of reading from a local socket, listen for connects on TCP
+port @var{n}.  A Unix domain socket can optionally also be given as a
+second source.  This option does not use a default socket name.
 
 @item --time-only
 @opindex time-only
@@ -101,14 +120,14 @@ Display a brief help page and exit.
 @chapheading Examples
 
 @example
-$ watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log
+$ watchgnupg --time-only
 @end example
 
 This waits for connections on the local socket
-(e.g. @file{/home/foo/.gnupg/S.log}) and shows all log entries.  To
-make this work the option @option{log-file} needs to be used with all
-modules which logs are to be shown.  The suggested entry for the
-configuration files is:
+(e.g. @file{/var/run/user/1234/gnupg/S.log}) and shows all log
+entries.  To make this work the option @option{log-file} needs to be
+used with all modules which logs are to be shown.  The suggested entry
+for the configuration files is:
 
 @example
 log-file socket://
@@ -298,11 +317,8 @@ shall go into the respective configuration file.
 @item --apply-defaults
 Update all configuration files with values taken from the global
 configuration file (usually @file{/etc/gnupg/gpgconf.conf}).
-Note: This is a legacy mechanism.  Please use global configuraion
-files instead.
 
 @item --list-dirs [@var{names}]
-@itemx -L
 Lists the directories used by @command{gpgconf}.  One directory is
 listed per line, and each line consists of a colon-separated list where
 the first field names the directory type (for example @code{sysconfdir})
@@ -336,8 +352,8 @@ force an update of that file this command can be used:
        gpg-connect-agent --dirmngr 'loadswdb --force' /bye
 @end example
 
+
 @item --reload [@var{component}]
-@itemx -R
 @opindex reload
 Reload all or the given component. This is basically the same as
 sending a SIGHUP to the component.  Components which don't support
@@ -354,7 +370,6 @@ may use this command to ensure that they are started.  Using "all" for
 @var{component} launches all components which are daemons.
 
 @item --kill [@var{component}]
-@itemx -K
 @opindex kill
 Kill the given component that runs as a daemon, including
 @command{gpg-agent}, @command{dirmngr}, and @command{scdaemon}.  A
@@ -399,6 +414,16 @@ Try to be as quiet as possible.
 
 @include opt-homedir.texi
 
+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to get information on
+the GnuPG environment of the specified user or to start or kill
+daemons.  If @var{uid} is not the current UID a standard PATH is set
+and the envvar GNUPGHOME is unset.  To override the latter the option
+@option{--homedir} can be used.  This option has currently no effect
+on Windows.
+
 @item -n
 @itemx --dry-run
 Do not actually change anything.  This is currently only implemented
@@ -696,10 +721,6 @@ all options (and the groups they belong to) in the component
 the field @var{name} in the output of the @code{--list-components}
 command.
 
-Take care if system-wide options are used: gpgconf may not be able to
-properly show the options and the listed options may have no actual
-effect in case the system-wide options enforced their own settings.
-
 There is one line for each option and each group.  First come all
 options that are not in any group.  Then comes a line describing a
 group.  Then come all options that belong into each group.  Then comes
@@ -954,12 +975,8 @@ effect.
 @node Listing global options
 @subsection Listing global options
 
-Some legacy applications look at the global configuration file for the
-gpgconf tool itself; this is the file @file{gpgconf.conf}.  Modern
-applications should not use it but use per component global
-configuration files which are more flexible than the
-@file{gpgconf.conf}.  Using both files is not suggested.
-
+Sometimes it is useful for applications to look at the global options
+file @file{gpgconf.conf}.
 The colon separated listing format is record oriented and uses the first
 field to identify the record type:
 
@@ -1100,10 +1117,8 @@ More fields may be added in future to the output.
 @item /etc/gnupg/gpgconf.conf
 @cindex gpgconf.conf
   If this file exists, it is processed as a global configuration file.
-  This is a legacy mechanism which should not be used tigether with
-  the modern global per component configuration files.  A commented
-  example can be found in the @file{examples} directory of the
-  distribution.
+  A commented example can be found in the @file{examples} directory of
+  the distribution.
 
 @item @var{GNUPGHOME}/swdb.lst
 @cindex swdb.lst
@@ -1142,9 +1157,6 @@ More fields may be added in future to the output.
 @end ifset
 
 @mansect description
-This is a legacy script.  Modern application should use the per
-component global configuration files under @file{/etc/gnupg/}.
-
 This script is a wrapper around @command{gpgconf} to run it with the
 command @code{--apply-defaults} for all real users with an existing
 GnuPG home directory.  Admins might want to use this script to update he
@@ -1317,38 +1329,16 @@ gpg-connect-agent [options] [commands]
 The following options may be used:
 
 @table @gnupgtabopt
-@item -v
-@itemx --verbose
-@opindex verbose
-Output additional information while running.
-
-@item -q
-@item --quiet
-@opindex q
-@opindex quiet
-Try to be as quiet as possible.
-
-@include opt-homedir.texi
-
-@item --agent-program @var{file}
-@opindex agent-program
-Specify the agent program to be started if none is running.  The
-default value is determined by running @command{gpgconf} with the
-option @option{--list-dirs}.  Note that the pipe symbol (@code{|}) is
-used for a regression test suite hack and may thus not be used in the
-file name.
-
-@item --dirmngr-program @var{file}
-@opindex dirmngr-program
-Specify the directory manager (keyserver client) program to be started
-if none is running.  This has only an effect if used together with the
-option @option{--dirmngr}.
-
 @item --dirmngr
 @opindex dirmngr
 Connect to a running directory manager (keyserver client) instead of
 to the gpg-agent.  If a dirmngr is not running, start it.
 
+@item --keyboxd
+@opindex keyboxd
+Connect to a running keybox daemon instead of
+to the gpg-agent.  If a keyboxd is not running, start it.
+
 @item -S
 @itemx --raw-socket @var{name}
 @opindex raw-socket
@@ -1366,6 +1356,29 @@ execute it as an Assuan server. Here is how you would run @command{gpgsm}:
 @end smallexample
 Note that you may not use options on the command line in this case.
 
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -q
+@item --quiet
+@opindex q
+@opindex quiet
+Try to be as quiet as possible.
+
+@include opt-homedir.texi
+
+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to run gpg-connect-agent
+for another user.  If @var{uid} is not the current UID a standard PATH
+is set and the envvar GNUPGHOME is unset.  To override the latter the
+option @option{--homedir} can be used.  This option has only an effect
+when used on the command line.  This option has currently no effect at
+all on Windows.
+
 @item --no-ext-connect
 @opindex no-ext-connect
 When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
@@ -1377,6 +1390,32 @@ passing.  This option makes it use the old mode.
 Do not start the gpg-agent or the dirmngr if it has not yet been
 started.
 
+@item --no-history
+@opindex --no-history
+In interactive mode the command line history is usually saved and
+restored to and from a file below the GnuPG home directory.  This
+option inhibits the use of that file.
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify the agent program to be started if none is running.  The
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}.  Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
+
+@item --dirmngr-program @var{file}
+@opindex dirmngr-program
+Specify the directory manager (keyserver client) program to be started
+if none is running.  This has only an effect if used together with the
+option @option{--dirmngr}.
+
+@item --keyboxd-program @var{file}
+@opindex keyboxd-program
+Specify the keybox daemon program to be started if none is running.
+This has only an effect if used together with the option
+@option{--keyboxd}.
+
 @item -r @var{file}
 @itemx --run @var{file}
 @opindex run
@@ -1597,6 +1636,9 @@ string @code{true} or @code{yes}.  The evaluation is done by passing
 @item /run @var{file}
 Run commands from @var{file}.
 
+@item /history --clear
+Clear the command history.
+
 @item /bye
 Terminate the connection and the program.
 
@@ -1799,7 +1841,6 @@ The @command{gpgparsemail} is a utility currently only useful for
 debugging.  Run it with @code{--help} for usage information.
 
 
-
 @c
 @c  GPGTAR
 @c
@@ -1946,36 +1987,6 @@ This option is reserved and shall not be used.  It will eventually be
 used to encrypt or sign using the CMS protocol; but that is not yet
 implemented.
 
-@item --batch
-@opindex batch
-Use batch mode.  Never ask but use the default action.  This option is
-passed directly to @command{gpg}.
-
-@item --yes
-@opindex yes
-Assume "yes" on most questions.  Often used together with
-@option{--batch} to overwrite existing files.  This option is passed
-directly to @command{gpg}.
-
-@item --no
-@opindex no
-Assume "no" on most questions.  This option is passed directly to
-@command{gpg}.
-
-@item --require-compliance
-@opindex require-compliance
-This option is passed directly to @command{gpg}.
-
-@item --status-fd @var{n}
-@opindex status-fd
-Write special status strings to the file descriptor @var{n}.
-See the file DETAILS in the documentation for a listing of them.
-
-@item --with-log
-@opindex with-log
-When extracting an encrypted tarball also write a log file with the
-gpg output to a file named after the extraction directory with the
-suffix ".log".
 
 @item --set-filename @var{file}
 @opindex set-filename
@@ -1999,6 +2010,11 @@ and parse them.  The only supported tar options are "--directory",
 "--files-from", and "--null" This is an obsolete options because those
 supported tar options can also be given directly.
 
+@item --tar @var{command}
+@opindex tar
+This is a dummy option for backward compatibility.
+@c ... to the gpg-zip script we provided in the past
+
 @item --version
 @opindex version
 Print version of the program and exit.
@@ -2065,51 +2081,6 @@ gpgtar --list-archive test1
 @command{gpg-check-pattern} checks a passphrase given on stdin against
 a specified pattern file.
 
-The pattern file is line based with comment lines beginning on the
-@emph{first} position with a @code{#}.  Empty lines and lines with
-only white spaces are ignored.  The actual pattern lines may either be
-verbatim string pattern and match as they are (trailing spaces are
-ignored) or extended regular expressions indicated by a @code{/} or
-@code{!/} in the first column and terminated by another @code{/} or
-end of line.  If a regular expression starts with @code{!/} the match
-result is reversed. By default all comparisons are case insensitive.
-
-Tag lines may be used to further control the operation of this tool.
-The currently defined tags are:
-
-@table @code
-@item [icase]
-Switch to case insensitive comparison for all further patterns.  This
-is the default.
-
-@item [case]
-Switch to case sensitive comparison for all further patterns.
-
-@item [reject]
-Switch to reject mode.  This is the default mode.
-
-@item [accept]
-Switch to accept mode.
-@end table
-
-In the future more tags may be introduced and thus it is advisable not to
-start a plain pattern string with an open bracket.  The tags must be
-given verbatim on the line with no spaces to the left or any non white
-space characters to the right.
-
-In reject mode the program exits on the first match with an exit code
-of 1 (failure).  If at the end of the pattern list the reject mode is
-still active the program exits with code 0 (success).
-
-In accept mode blocks of patterns are used.  A block starts at the
-next pattern after an "accept" tag and ends with the last pattern
-before the next "accept" or "reject" tag or at the end of the pattern
-list.  If all patterns in a block match the program exits with an exit
-code of 0 (success).  If any pattern in a block do not match the next
-pattern block is evaluated.  If at the end of the pattern list the
-accept mode is still active the program exits with code 1 (failure).
-
-
 @mansect options
 @noindent
 
@@ -2131,6 +2102,6 @@ Input is expected to be null delimited.
 
 @mansect see also
 @ifset isman
-@command{gpg-agent}(1),
+@command{gpg}(1),
 @end ifset
 @include see-also-note.texi
diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt
index ef8b233..1ea68dc 100644
--- a/doc/whats-new-in-2.1.txt
+++ b/doc/whats-new-in-2.1.txt
@@ -757,7 +757,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
 ──────────────────────────
 
   Since version 2.1.14 the export and import options have been enhanced
-  to allow the use of /gpg/ to modify a key without first stroing it in
+  to allow the use of /gpg/ to modify a key without first storing it in
   the keyring.  For example:
 
   ┌────
diff --git a/doc/wks.texi b/doc/wks.texi
index b0cd5df..ad239f1 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -57,7 +57,7 @@ Directory.
 
 @mansect description
 The @command{gpg-wks-client} is used to send requests to a Web Key
-Service provider.  This is usually done to upload a key into a Web
+Service provider.  This is usuallay done to upload a key into a Web
 Key Directory.
 
 With the @option{--supported} command the caller can test whether a
@@ -109,15 +109,6 @@ The command @option{--print-wkd-url} prints the URLs used to fetch the
 key for the given user-ids from WKD.  The meanwhile preferred format
 with sub-domains is used here.
 
-@command{gpg-wks-client} is not commonly invoked directly and thus it
-is not installed in the bin directory.  Here is an example how it can
-be invoked manually to check for a Web Key Directory entry for
-@file{foo@@example.org}:
-
-@example
-$(gpgconf --list-dirs libexecdir)/gpg-wks-client --check foo@@example.net
-@end example
-
 @mansect options
 @noindent
 @command{gpg-wks-client} understands these options:
@@ -260,7 +251,7 @@ Display a brief help page and exit.
 @end ifset
 
 @mansect description
-The @command{gpg-wks-server} is a server site implementation of the
+The @command{gpg-wks-server} is a server side implementation of the
 Web Key Service.  It receives requests for publication, sends
 confirmation requests, receives confirmations, and published the key.
 It also has features to ease the setup and maintenance of a Web Key
@@ -268,10 +259,10 @@ Directory.
 
 When used with the command @option{--receive} a single Web Key Service
 mail is processed.  Commonly this command is used with the option
-@option{--send} to directly send the crerated mails back.  See below
+@option{--send} to directly send the created mails back.  See below
 for an installation example.
 
-The command @option{--cron} is used for regualr cleanup tasks.  For
+The command @option{--cron} is used for regular cleanup tasks.  For
 example non-confirmed requested should be removed after their expire
 time.  It is best to run this command once a day from a cronjob.
 
@@ -400,7 +391,7 @@ be the same address for all configured domains, for example:
   $ echo key-submission@@example.net >submission-address
 @end example
 
-The protocol requires that the key to be published is send with an
+The protocol requires that the key to be published is sent with an
 encrypted mail to the service.  Thus you need to create a key for
 the submission address:
 
@@ -412,10 +403,11 @@ the submission address:
 The output of the last command looks similar to this:
 
 @example
-  sec   rsa2048 2016-08-30 [SC]
+  sec   rsa3072 2016-08-30 [SC]
         C0FCF8642D830C53246211400346653590B3795B
   uid           [ultimate] key-submission@@example.net
-  ssb   rsa2048 2016-08-30 [E]
+                bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net
+  ssb   rsa3072 2016-08-30 [E]
 @end example
 
 Take the fingerprint from that output and manually publish the key:
diff --git a/doc/yat2m.c b/doc/yat2m.c
index c7bec33..2d6f54e 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -55,7 +55,7 @@
       .B whateever you want
       @end ifset
 
-    alternativly a special comment may be used:
+    alternatively a special comment may be used:
 
       @c man:.B whatever you want
 
@@ -704,7 +704,7 @@ write_th (FILE *fp)
 
 
 /* Process the texinfo command COMMAND (without the leading @) and
-   write output if needed to FP. REST is the remainer of the line
+   write output if needed to FP. REST is the remainder of the line
    which should either point to an opening brace or to a white space.
    The function returns the number of characters already processed
    from REST.  LEN is the usable length of REST.  TABLE_LEVEL is used to
@@ -724,7 +724,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
     { "url",     0, "\\fB", "\\fR" },
     { "sc",      0, "\\fB", "\\fR" },
     { "var",     0, "\\fI", "\\fR" },
-    { "samp",    0, "\\(aq", "\\(aq"  },
+    { "samp",    0, "\\(oq", "\\(cq"  },
+    { "kbd",     0, "\\(oq", "\\(cq"  },
     { "file",    0, "\\(oq\\fI","\\fR\\(cq" },
     { "env",     0, "\\(oq\\fI","\\fR\\(cq" },
     { "acronym", 0 },
@@ -1197,7 +1198,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
           if (*p == '@' && !strncmp (p+1, "item", 4))
             item_indent = p - line;  /* Set a new indent level.  */
           else if (p - line < item_indent)
-            item_indent = 0;         /* Switch off indention.  */
+            item_indent = 0;         /* Switch off indentation.  */
 
           if (item_indent)
             {
diff --git a/g10/Makefile.am b/g10/Makefile.am
index f885673..eb23573 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -19,10 +19,8 @@
 ## Process this file with automake to produce Makefile.in
 
 EXTRA_DIST = distsigkey.gpg \
-	     ChangeLog-2011 \
-             gpg-w32info.rc gpg.w32-manifest.in \
-             gpgv-w32info.rc gpgv.w32-manifest.in \
-	     test.c t-keydb-keyring.kbx \
+	     ChangeLog-2011 gpg-w32info.rc \
+	     gpg.w32-manifest.in test.c t-keydb-keyring.kbx \
 	     t-keydb-get-keyblock.gpg t-stutter-data.asc \
 	     all-tests.scm
 
@@ -30,10 +28,10 @@ AM_CPPFLAGS =
 
 include $(top_srcdir)/am/cmacros.am
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(SQLITE3_CFLAGS) \
-            $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+            $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = ../kbx/libkeybox.a $(libcommon) ../regexp/libregexp.a
+needed_libs = ../kbx/libkeybox.a $(libcommonpth) ../regexp/libregexp.a
 
 # Because there are no program specific transform macros we need to
 # work around that to allow installing gpg as gpg2.
@@ -52,9 +50,6 @@ noinst_PROGRAMS = gpg
 if !HAVE_W32CE_SYSTEM
 noinst_PROGRAMS += gpgv
 endif
-if MAINTAINER_MODE
-noinst_PROGRAMS += gpgcompose
-endif
 noinst_PROGRAMS += $(module_tests)
 if DISABLE_TESTS
 TESTS =
@@ -90,13 +85,10 @@ endif
 
 
 if HAVE_W32_SYSTEM
-gpg_robjs = $(resource_objs) gpg-w32info.o
-gpgv_robjs = $(resource_objs) gpgv-w32info.o
+resource_objs += gpg-w32info.o
+
 gpg-w32info.o : gpg.w32-manifest
-gpgv-w32info.o : gpgv.w32-manifest
-else
-gpg_robjs =
-gpgv_robjs =
+
 endif
 
 common_source =  \
@@ -108,7 +100,11 @@ common_source =  \
 	      filter.h		\
 	      free-packet.c	\
 	      getkey.c		\
-	      keydb.c keydb.h    \
+	      expand-group.c	\
+	      keydb.h           \
+	      keydb-private.h   \
+              call-keyboxd.c    \
+	      keydb.c           \
 	      keyring.c keyring.h \
 	      seskey.c		\
 	      kbnode.c		\
@@ -130,6 +126,7 @@ common_source =  \
 	      sig-check.c	\
 	      keylist.c 	\
 	      pkglue.c pkglue.h \
+	      objcache.c objcache.h \
 	      ecdh.c
 
 gpg_sources = server.c          \
@@ -140,7 +137,8 @@ gpg_sources = server.c          \
 	      passphrase.c	\
 	      decrypt.c 	\
 	      decrypt-data.c	\
-	      cipher.c		\
+	      cipher-cfb.c	\
+	      cipher-aead.c     \
 	      encrypt.c		\
 	      sign.c		\
 	      verify.c		\
@@ -167,48 +165,39 @@ gpg_SOURCES  = gpg.c \
 	keyedit.c keyedit.h	\
 	$(gpg_sources)
 
-gpgcompose_SOURCES  = gpgcompose.c  $(gpg_sources)
 gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
 	      verify.c
 
-#gpgd_SOURCES = gpgd.c \
-#	       ks-proto.h \
-#	       ks-proto.c \
-#	       ks-db.c \
-#	       ks-db.h \
-#	       $(common_source)
-
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \
-             $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	     $(LIBICONV) $(gpg_robjs) $(extra_sys_libs)
+gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+             $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
+	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpg_LDFLAGS = $(extra_bin_ldflags)
 gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
-              $(GPG_ERROR_LIBS) \
-	      $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs)
+	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
+	      $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpgv_LDFLAGS = $(extra_bin_ldflags)
 
-gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
-             $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	     $(LIBICONV) $(extra_sys_libs)
-gpgcompose_LDFLAGS = $(extra_bin_ldflags)
 
 t_common_ldadd =
 module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter
 t_rmd160_SOURCES = t-rmd160.c rmd160.c
 t_rmd160_LDADD = $(t_common_ldadd)
 t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
-t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+              $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
 	      $(common_source)
-t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+              $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 t_stutter_SOURCES = t-stutter.c test-stubs.c \
 	      $(common_source)
-t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 
 
diff --git a/g10/Makefile.in b/g10/Makefile.in
index 1774106..3d38632 100644
--- a/g10/Makefile.in
+++ b/g10/Makefile.in
@@ -138,178 +138,159 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-noinst_PROGRAMS = gpg$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \
-	$(am__EXEEXT_3)
-@HAVE_W32CE_SYSTEM_FALSE@am__append_8 = gpgv
-@MAINTAINER_MODE_TRUE@am__append_9 = gpgcompose
-@DISABLE_TESTS_FALSE@TESTS = $(am__EXEEXT_3)
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+noinst_PROGRAMS = gpg$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2)
+@HAVE_W32CE_SYSTEM_FALSE@am__append_9 = gpgv
+@DISABLE_TESTS_FALSE@TESTS = $(am__EXEEXT_2)
+@HAVE_W32_SYSTEM_TRUE@am__append_10 = gpg-w32info.o
 subdir = g10
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = gpg.w32-manifest gpgv.w32-manifest
+CONFIG_CLEAN_FILES = gpg.w32-manifest
 CONFIG_CLEAN_VPATH_FILES =
 @HAVE_W32CE_SYSTEM_FALSE@am__EXEEXT_1 = gpgv$(EXEEXT)
-@MAINTAINER_MODE_TRUE@am__EXEEXT_2 = gpgcompose$(EXEEXT)
-am__EXEEXT_3 = t-rmd160$(EXEEXT) t-keydb$(EXEEXT) \
+am__EXEEXT_2 = t-rmd160$(EXEEXT) t-keydb$(EXEEXT) \
 	t-keydb-get-keyblock$(EXEEXT) t-stutter$(EXEEXT)
 PROGRAMS = $(noinst_PROGRAMS)
 am__gpg_SOURCES_DIST = gpg.c keyedit.c keyedit.h server.c gpg.h dek.h \
 	build-packet.c compress.c compress-bz2.c filter.h \
-	free-packet.c getkey.c keydb.c keydb.h keyring.c keyring.h \
-	seskey.c kbnode.c main.h mainproc.c armor.c mdfilter.c \
-	textfilter.c progress.c misc.c rmd160.c rmd160.h options.h \
-	openfile.c keyid.c packet.h parse-packet.c cpr.c plaintext.c \
-	sig-check.c keylist.c pkglue.c pkglue.h ecdh.c pkclist.c \
+	free-packet.c getkey.c expand-group.c keydb.h keydb-private.h \
+	call-keyboxd.c keydb.c keyring.c keyring.h seskey.c kbnode.c \
+	main.h mainproc.c armor.c mdfilter.c textfilter.c progress.c \
+	misc.c rmd160.c rmd160.h options.h openfile.c keyid.c packet.h \
+	parse-packet.c cpr.c plaintext.c sig-check.c keylist.c \
+	pkglue.c pkglue.h objcache.c objcache.h ecdh.c pkclist.c \
 	skclist.c pubkey-enc.c passphrase.c decrypt.c decrypt-data.c \
-	cipher.c encrypt.c sign.c verify.c revoke.c dearmor.c import.c \
-	export.c migrate.c delkey.c keygen.c helptext.c keyserver.c \
-	keyserver-internal.h call-dirmngr.c call-dirmngr.h photoid.c \
-	photoid.h call-agent.c call-agent.h trust.c trustdb.c \
-	trustdb.h tdbdump.c tdbio.c tdbio.h tofu.h tofu.c gpgsql.c \
-	gpgsql.h card-util.c exec.c exec.h key-clean.c key-clean.h \
-	key-check.c key-check.h
+	cipher-cfb.c cipher-aead.c encrypt.c sign.c verify.c revoke.c \
+	dearmor.c import.c export.c migrate.c delkey.c keygen.c \
+	helptext.c keyserver.c keyserver-internal.h call-dirmngr.c \
+	call-dirmngr.h photoid.c photoid.h call-agent.c call-agent.h \
+	trust.c trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h tofu.h \
+	tofu.c gpgsql.c gpgsql.h card-util.c exec.c exec.h key-clean.c \
+	key-clean.h key-check.c key-check.h
 @ENABLE_BZIP2_SUPPORT_TRUE@am__objects_1 = compress-bz2.$(OBJEXT)
 am__objects_2 = build-packet.$(OBJEXT) compress.$(OBJEXT) \
 	$(am__objects_1) free-packet.$(OBJEXT) getkey.$(OBJEXT) \
-	keydb.$(OBJEXT) keyring.$(OBJEXT) seskey.$(OBJEXT) \
-	kbnode.$(OBJEXT) mainproc.$(OBJEXT) armor.$(OBJEXT) \
-	mdfilter.$(OBJEXT) textfilter.$(OBJEXT) progress.$(OBJEXT) \
-	misc.$(OBJEXT) rmd160.$(OBJEXT) openfile.$(OBJEXT) \
-	keyid.$(OBJEXT) parse-packet.$(OBJEXT) cpr.$(OBJEXT) \
-	plaintext.$(OBJEXT) sig-check.$(OBJEXT) keylist.$(OBJEXT) \
-	pkglue.$(OBJEXT) ecdh.$(OBJEXT)
+	expand-group.$(OBJEXT) call-keyboxd.$(OBJEXT) keydb.$(OBJEXT) \
+	keyring.$(OBJEXT) seskey.$(OBJEXT) kbnode.$(OBJEXT) \
+	mainproc.$(OBJEXT) armor.$(OBJEXT) mdfilter.$(OBJEXT) \
+	textfilter.$(OBJEXT) progress.$(OBJEXT) misc.$(OBJEXT) \
+	rmd160.$(OBJEXT) openfile.$(OBJEXT) keyid.$(OBJEXT) \
+	parse-packet.$(OBJEXT) cpr.$(OBJEXT) plaintext.$(OBJEXT) \
+	sig-check.$(OBJEXT) keylist.$(OBJEXT) pkglue.$(OBJEXT) \
+	objcache.$(OBJEXT) ecdh.$(OBJEXT)
 @NO_TRUST_MODELS_FALSE@am__objects_3 = trustdb.$(OBJEXT) \
 @NO_TRUST_MODELS_FALSE@	tdbdump.$(OBJEXT) tdbio.$(OBJEXT)
 @USE_TOFU_TRUE@am__objects_4 = tofu.$(OBJEXT) gpgsql.$(OBJEXT)
 @ENABLE_CARD_SUPPORT_TRUE@am__objects_5 = card-util.$(OBJEXT)
 am__objects_6 = server.$(OBJEXT) $(am__objects_2) pkclist.$(OBJEXT) \
 	skclist.$(OBJEXT) pubkey-enc.$(OBJEXT) passphrase.$(OBJEXT) \
-	decrypt.$(OBJEXT) decrypt-data.$(OBJEXT) cipher.$(OBJEXT) \
-	encrypt.$(OBJEXT) sign.$(OBJEXT) verify.$(OBJEXT) \
-	revoke.$(OBJEXT) dearmor.$(OBJEXT) import.$(OBJEXT) \
-	export.$(OBJEXT) migrate.$(OBJEXT) delkey.$(OBJEXT) \
-	keygen.$(OBJEXT) helptext.$(OBJEXT) keyserver.$(OBJEXT) \
-	call-dirmngr.$(OBJEXT) photoid.$(OBJEXT) call-agent.$(OBJEXT) \
-	trust.$(OBJEXT) $(am__objects_3) $(am__objects_4) \
-	$(am__objects_5) exec.$(OBJEXT) key-clean.$(OBJEXT) \
-	key-check.$(OBJEXT)
+	decrypt.$(OBJEXT) decrypt-data.$(OBJEXT) cipher-cfb.$(OBJEXT) \
+	cipher-aead.$(OBJEXT) encrypt.$(OBJEXT) sign.$(OBJEXT) \
+	verify.$(OBJEXT) revoke.$(OBJEXT) dearmor.$(OBJEXT) \
+	import.$(OBJEXT) export.$(OBJEXT) migrate.$(OBJEXT) \
+	delkey.$(OBJEXT) keygen.$(OBJEXT) helptext.$(OBJEXT) \
+	keyserver.$(OBJEXT) call-dirmngr.$(OBJEXT) photoid.$(OBJEXT) \
+	call-agent.$(OBJEXT) trust.$(OBJEXT) $(am__objects_3) \
+	$(am__objects_4) $(am__objects_5) exec.$(OBJEXT) \
+	key-clean.$(OBJEXT) key-check.$(OBJEXT)
 am_gpg_OBJECTS = gpg.$(OBJEXT) keyedit.$(OBJEXT) $(am__objects_6)
 gpg_OBJECTS = $(am_gpg_OBJECTS)
 am__DEPENDENCIES_1 =
 am__DEPENDENCIES_2 = $(needed_libs) ../common/libgpgrl.a \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpg-w32info.o
 gpg_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(resource_objs) \
 	$(am__DEPENDENCIES_1)
 gpg_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(gpg_LDFLAGS) $(LDFLAGS) -o \
 	$@
-am__gpgcompose_SOURCES_DIST = gpgcompose.c server.c gpg.h dek.h \
-	build-packet.c compress.c compress-bz2.c filter.h \
-	free-packet.c getkey.c keydb.c keydb.h keyring.c keyring.h \
-	seskey.c kbnode.c main.h mainproc.c armor.c mdfilter.c \
-	textfilter.c progress.c misc.c rmd160.c rmd160.h options.h \
-	openfile.c keyid.c packet.h parse-packet.c cpr.c plaintext.c \
-	sig-check.c keylist.c pkglue.c pkglue.h ecdh.c pkclist.c \
-	skclist.c pubkey-enc.c passphrase.c decrypt.c decrypt-data.c \
-	cipher.c encrypt.c sign.c verify.c revoke.c dearmor.c import.c \
-	export.c migrate.c delkey.c keygen.c helptext.c keyserver.c \
-	keyserver-internal.h call-dirmngr.c call-dirmngr.h photoid.c \
-	photoid.h call-agent.c call-agent.h trust.c trustdb.c \
-	trustdb.h tdbdump.c tdbio.c tdbio.h tofu.h tofu.c gpgsql.c \
-	gpgsql.h card-util.c exec.c exec.h key-clean.c key-clean.h \
-	key-check.c key-check.h
-am_gpgcompose_OBJECTS = gpgcompose.$(OBJEXT) $(am__objects_6)
-gpgcompose_OBJECTS = $(am_gpgcompose_OBJECTS)
-gpgcompose_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-gpgcompose_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(gpgcompose_LDFLAGS) \
-	$(LDFLAGS) -o $@
 am__gpgv_SOURCES_DIST = gpgv.c gpg.h dek.h build-packet.c compress.c \
-	compress-bz2.c filter.h free-packet.c getkey.c keydb.c keydb.h \
-	keyring.c keyring.h seskey.c kbnode.c main.h mainproc.c \
-	armor.c mdfilter.c textfilter.c progress.c misc.c rmd160.c \
-	rmd160.h options.h openfile.c keyid.c packet.h parse-packet.c \
-	cpr.c plaintext.c sig-check.c keylist.c pkglue.c pkglue.h \
-	ecdh.c verify.c
+	compress-bz2.c filter.h free-packet.c getkey.c expand-group.c \
+	keydb.h keydb-private.h call-keyboxd.c keydb.c keyring.c \
+	keyring.h seskey.c kbnode.c main.h mainproc.c armor.c \
+	mdfilter.c textfilter.c progress.c misc.c rmd160.c rmd160.h \
+	options.h openfile.c keyid.c packet.h parse-packet.c cpr.c \
+	plaintext.c sig-check.c keylist.c pkglue.c pkglue.h objcache.c \
+	objcache.h ecdh.c verify.c
 am_gpgv_OBJECTS = gpgv.$(OBJEXT) $(am__objects_2) verify.$(OBJEXT)
 gpgv_OBJECTS = $(am_gpgv_OBJECTS)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpgv-w32info.o
 gpgv_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(resource_objs) \
+	$(am__DEPENDENCIES_1)
 gpgv_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(gpgv_LDFLAGS) $(LDFLAGS) \
 	-o $@
 am__t_keydb_SOURCES_DIST = t-keydb.c test-stubs.c gpg.h dek.h \
 	build-packet.c compress.c compress-bz2.c filter.h \
-	free-packet.c getkey.c keydb.c keydb.h keyring.c keyring.h \
-	seskey.c kbnode.c main.h mainproc.c armor.c mdfilter.c \
-	textfilter.c progress.c misc.c rmd160.c rmd160.h options.h \
-	openfile.c keyid.c packet.h parse-packet.c cpr.c plaintext.c \
-	sig-check.c keylist.c pkglue.c pkglue.h ecdh.c
+	free-packet.c getkey.c expand-group.c keydb.h keydb-private.h \
+	call-keyboxd.c keydb.c keyring.c keyring.h seskey.c kbnode.c \
+	main.h mainproc.c armor.c mdfilter.c textfilter.c progress.c \
+	misc.c rmd160.c rmd160.h options.h openfile.c keyid.c packet.h \
+	parse-packet.c cpr.c plaintext.c sig-check.c keylist.c \
+	pkglue.c pkglue.h objcache.c objcache.h ecdh.c
 am_t_keydb_OBJECTS = t-keydb.$(OBJEXT) test-stubs.$(OBJEXT) \
 	$(am__objects_2)
 t_keydb_OBJECTS = $(am_t_keydb_OBJECTS)
 t_keydb_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
 am__t_keydb_get_keyblock_SOURCES_DIST = t-keydb-get-keyblock.c \
 	test-stubs.c gpg.h dek.h build-packet.c compress.c \
-	compress-bz2.c filter.h free-packet.c getkey.c keydb.c keydb.h \
-	keyring.c keyring.h seskey.c kbnode.c main.h mainproc.c \
-	armor.c mdfilter.c textfilter.c progress.c misc.c rmd160.c \
-	rmd160.h options.h openfile.c keyid.c packet.h parse-packet.c \
-	cpr.c plaintext.c sig-check.c keylist.c pkglue.c pkglue.h \
-	ecdh.c
+	compress-bz2.c filter.h free-packet.c getkey.c expand-group.c \
+	keydb.h keydb-private.h call-keyboxd.c keydb.c keyring.c \
+	keyring.h seskey.c kbnode.c main.h mainproc.c armor.c \
+	mdfilter.c textfilter.c progress.c misc.c rmd160.c rmd160.h \
+	options.h openfile.c keyid.c packet.h parse-packet.c cpr.c \
+	plaintext.c sig-check.c keylist.c pkglue.c pkglue.h objcache.c \
+	objcache.h ecdh.c
 am_t_keydb_get_keyblock_OBJECTS = t-keydb-get-keyblock.$(OBJEXT) \
 	test-stubs.$(OBJEXT) $(am__objects_2)
 t_keydb_get_keyblock_OBJECTS = $(am_t_keydb_get_keyblock_OBJECTS)
 t_keydb_get_keyblock_DEPENDENCIES = $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 am_t_rmd160_OBJECTS = t-rmd160.$(OBJEXT) rmd160.$(OBJEXT)
 t_rmd160_OBJECTS = $(am_t_rmd160_OBJECTS)
 t_rmd160_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am__t_stutter_SOURCES_DIST = t-stutter.c test-stubs.c gpg.h dek.h \
 	build-packet.c compress.c compress-bz2.c filter.h \
-	free-packet.c getkey.c keydb.c keydb.h keyring.c keyring.h \
-	seskey.c kbnode.c main.h mainproc.c armor.c mdfilter.c \
-	textfilter.c progress.c misc.c rmd160.c rmd160.h options.h \
-	openfile.c keyid.c packet.h parse-packet.c cpr.c plaintext.c \
-	sig-check.c keylist.c pkglue.c pkglue.h ecdh.c
+	free-packet.c getkey.c expand-group.c keydb.h keydb-private.h \
+	call-keyboxd.c keydb.c keyring.c keyring.h seskey.c kbnode.c \
+	main.h mainproc.c armor.c mdfilter.c textfilter.c progress.c \
+	misc.c rmd160.c rmd160.h options.h openfile.c keyid.c packet.h \
+	parse-packet.c cpr.c plaintext.c sig-check.c keylist.c \
+	pkglue.c pkglue.h objcache.c objcache.h ecdh.c
 am_t_stutter_OBJECTS = t-stutter.$(OBJEXT) test-stubs.$(OBJEXT) \
 	$(am__objects_2)
 t_stutter_OBJECTS = $(am_t_stutter_OBJECTS)
 t_stutter_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -328,24 +309,25 @@ depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
 am__depfiles_remade = ./$(DEPDIR)/armor.Po ./$(DEPDIR)/build-packet.Po \
 	./$(DEPDIR)/call-agent.Po ./$(DEPDIR)/call-dirmngr.Po \
-	./$(DEPDIR)/card-util.Po ./$(DEPDIR)/cipher.Po \
+	./$(DEPDIR)/call-keyboxd.Po ./$(DEPDIR)/card-util.Po \
+	./$(DEPDIR)/cipher-aead.Po ./$(DEPDIR)/cipher-cfb.Po \
 	./$(DEPDIR)/compress-bz2.Po ./$(DEPDIR)/compress.Po \
 	./$(DEPDIR)/cpr.Po ./$(DEPDIR)/dearmor.Po \
 	./$(DEPDIR)/decrypt-data.Po ./$(DEPDIR)/decrypt.Po \
 	./$(DEPDIR)/delkey.Po ./$(DEPDIR)/ecdh.Po \
 	./$(DEPDIR)/encrypt.Po ./$(DEPDIR)/exec.Po \
-	./$(DEPDIR)/export.Po ./$(DEPDIR)/free-packet.Po \
-	./$(DEPDIR)/getkey.Po ./$(DEPDIR)/gpg.Po \
-	./$(DEPDIR)/gpgcompose.Po ./$(DEPDIR)/gpgsql.Po \
-	./$(DEPDIR)/gpgv.Po ./$(DEPDIR)/helptext.Po \
-	./$(DEPDIR)/import.Po ./$(DEPDIR)/kbnode.Po \
-	./$(DEPDIR)/key-check.Po ./$(DEPDIR)/key-clean.Po \
-	./$(DEPDIR)/keydb.Po ./$(DEPDIR)/keyedit.Po \
-	./$(DEPDIR)/keygen.Po ./$(DEPDIR)/keyid.Po \
-	./$(DEPDIR)/keylist.Po ./$(DEPDIR)/keyring.Po \
-	./$(DEPDIR)/keyserver.Po ./$(DEPDIR)/mainproc.Po \
-	./$(DEPDIR)/mdfilter.Po ./$(DEPDIR)/migrate.Po \
-	./$(DEPDIR)/misc.Po ./$(DEPDIR)/openfile.Po \
+	./$(DEPDIR)/expand-group.Po ./$(DEPDIR)/export.Po \
+	./$(DEPDIR)/free-packet.Po ./$(DEPDIR)/getkey.Po \
+	./$(DEPDIR)/gpg.Po ./$(DEPDIR)/gpgsql.Po ./$(DEPDIR)/gpgv.Po \
+	./$(DEPDIR)/helptext.Po ./$(DEPDIR)/import.Po \
+	./$(DEPDIR)/kbnode.Po ./$(DEPDIR)/key-check.Po \
+	./$(DEPDIR)/key-clean.Po ./$(DEPDIR)/keydb.Po \
+	./$(DEPDIR)/keyedit.Po ./$(DEPDIR)/keygen.Po \
+	./$(DEPDIR)/keyid.Po ./$(DEPDIR)/keylist.Po \
+	./$(DEPDIR)/keyring.Po ./$(DEPDIR)/keyserver.Po \
+	./$(DEPDIR)/mainproc.Po ./$(DEPDIR)/mdfilter.Po \
+	./$(DEPDIR)/migrate.Po ./$(DEPDIR)/misc.Po \
+	./$(DEPDIR)/objcache.Po ./$(DEPDIR)/openfile.Po \
 	./$(DEPDIR)/parse-packet.Po ./$(DEPDIR)/passphrase.Po \
 	./$(DEPDIR)/photoid.Po ./$(DEPDIR)/pkclist.Po \
 	./$(DEPDIR)/pkglue.Po ./$(DEPDIR)/plaintext.Po \
@@ -373,11 +355,11 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(gpg_SOURCES) $(gpgcompose_SOURCES) $(gpgv_SOURCES) \
-	$(t_keydb_SOURCES) $(t_keydb_get_keyblock_SOURCES) \
-	$(t_rmd160_SOURCES) $(t_stutter_SOURCES)
-DIST_SOURCES = $(am__gpg_SOURCES_DIST) $(am__gpgcompose_SOURCES_DIST) \
-	$(am__gpgv_SOURCES_DIST) $(am__t_keydb_SOURCES_DIST) \
+SOURCES = $(gpg_SOURCES) $(gpgv_SOURCES) $(t_keydb_SOURCES) \
+	$(t_keydb_get_keyblock_SOURCES) $(t_rmd160_SOURCES) \
+	$(t_stutter_SOURCES)
+DIST_SOURCES = $(am__gpg_SOURCES_DIST) $(am__gpgv_SOURCES_DIST) \
+	$(am__t_keydb_SOURCES_DIST) \
 	$(am__t_keydb_get_keyblock_SOURCES_DIST) $(t_rmd160_SOURCES) \
 	$(am__t_stutter_SOURCES_DIST)
 am__can_run_installinfo = \
@@ -427,8 +409,7 @@ am__tty_colors = { \
   fi; \
 }
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/gpg.w32-manifest.in \
-	$(srcdir)/gpgv.w32-manifest.in $(top_srcdir)/am/cmacros.am \
-	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/am/cmacros.am $(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
@@ -470,9 +451,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -481,6 +464,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -508,9 +492,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -547,13 +532,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -617,10 +605,8 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 EXTRA_DIST = distsigkey.gpg \
-	     ChangeLog-2011 \
-             gpg-w32info.rc gpg.w32-manifest.in \
-             gpgv-w32info.rc gpgv.w32-manifest.in \
-	     test.c t-keydb-keyring.kbx \
+	     ChangeLog-2011 gpg-w32info.rc \
+	     gpg.w32-manifest.in test.c t-keydb-keyring.kbx \
 	     t-keydb-get-keyblock.gpg t-stutter-data.asc \
 	     all-tests.scm
 
@@ -629,7 +615,8 @@ EXTRA_DIST = distsigkey.gpg \
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -640,17 +627,17 @@ AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_10)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
 libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(SQLITE3_CFLAGS) \
-            $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+            $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = ../kbx/libkeybox.a $(libcommon) ../regexp/libregexp.a
+needed_libs = ../kbx/libkeybox.a $(libcommonpth) ../regexp/libregexp.a
 
 # Because there are no program specific transform macros we need to
 # work around that to allow installing gpg as gpg2.
@@ -670,10 +657,6 @@ TESTS_ENVIRONMENT = \
 @NO_TRUST_MODELS_TRUE@trust_source = 
 @USE_TOFU_FALSE@tofu_source = 
 @USE_TOFU_TRUE@tofu_source = tofu.h tofu.c gpgsql.c gpgsql.h
-@HAVE_W32_SYSTEM_FALSE@gpg_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpg_robjs = $(resource_objs) gpg-w32info.o
-@HAVE_W32_SYSTEM_FALSE@gpgv_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpgv_robjs = $(resource_objs) gpgv-w32info.o
 common_source = \
 	      gpg.h             \
 	      dek.h             \
@@ -683,7 +666,11 @@ common_source = \
 	      filter.h		\
 	      free-packet.c	\
 	      getkey.c		\
-	      keydb.c keydb.h    \
+	      expand-group.c	\
+	      keydb.h           \
+	      keydb-private.h   \
+              call-keyboxd.c    \
+	      keydb.c           \
 	      keyring.c keyring.h \
 	      seskey.c		\
 	      kbnode.c		\
@@ -705,6 +692,7 @@ common_source = \
 	      sig-check.c	\
 	      keylist.c 	\
 	      pkglue.c pkglue.h \
+	      objcache.c objcache.h \
 	      ecdh.c
 
 gpg_sources = server.c          \
@@ -715,7 +703,8 @@ gpg_sources = server.c          \
 	      passphrase.c	\
 	      decrypt.c 	\
 	      decrypt-data.c	\
-	      cipher.c		\
+	      cipher-cfb.c	\
+	      cipher-aead.c     \
 	      encrypt.c		\
 	      sign.c		\
 	      verify.c		\
@@ -742,54 +731,44 @@ gpg_SOURCES = gpg.c \
 	keyedit.c keyedit.h	\
 	$(gpg_sources)
 
-gpgcompose_SOURCES = gpgcompose.c  $(gpg_sources)
 gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
 	      verify.c
 
-
-#gpgd_SOURCES = gpgd.c \
-#	       ks-proto.h \
-#	       ks-proto.c \
-#	       ks-db.c \
-#	       ks-db.h \
-#	       $(common_source)
 LDADD = $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
 
-gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \
-             $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	     $(LIBICONV) $(gpg_robjs) $(extra_sys_libs)
+gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+             $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
+	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 
 gpg_LDFLAGS = $(extra_bin_ldflags)
 gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
-              $(GPG_ERROR_LIBS) \
-	      $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs)
+	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
+	      $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 
 gpgv_LDFLAGS = $(extra_bin_ldflags)
-gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
-             $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	     $(LIBICONV) $(extra_sys_libs)
-
-gpgcompose_LDFLAGS = $(extra_bin_ldflags)
 t_common_ldadd = 
 module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter
 t_rmd160_SOURCES = t-rmd160.c rmd160.c
 t_rmd160_LDADD = $(t_common_ldadd)
 t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
-t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+              $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 
 t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
 	      $(common_source)
 
-t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+              $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 
 t_stutter_SOURCES = t-stutter.c test-stubs.c \
 	      $(common_source)
 
-t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 
 all: all-am
@@ -828,8 +807,6 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 gpg.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-gpgv.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpgv.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 
 clean-noinstPROGRAMS:
 	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
@@ -838,10 +815,6 @@ gpg$(EXEEXT): $(gpg_OBJECTS) $(gpg_DEPENDENCIES) $(EXTRA_gpg_DEPENDENCIES)
 	@rm -f gpg$(EXEEXT)
 	$(AM_V_CCLD)$(gpg_LINK) $(gpg_OBJECTS) $(gpg_LDADD) $(LIBS)
 
-gpgcompose$(EXEEXT): $(gpgcompose_OBJECTS) $(gpgcompose_DEPENDENCIES) $(EXTRA_gpgcompose_DEPENDENCIES) 
-	@rm -f gpgcompose$(EXEEXT)
-	$(AM_V_CCLD)$(gpgcompose_LINK) $(gpgcompose_OBJECTS) $(gpgcompose_LDADD) $(LIBS)
-
 gpgv$(EXEEXT): $(gpgv_OBJECTS) $(gpgv_DEPENDENCIES) $(EXTRA_gpgv_DEPENDENCIES) 
 	@rm -f gpgv$(EXEEXT)
 	$(AM_V_CCLD)$(gpgv_LINK) $(gpgv_OBJECTS) $(gpgv_LDADD) $(LIBS)
@@ -872,8 +845,10 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/build-packet.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-agent.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-dirmngr.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-keyboxd.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-util.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher-aead.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher-cfb.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compress-bz2.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compress.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cpr.Po@am__quote@ # am--include-marker
@@ -884,11 +859,11 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdh.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encrypt.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exec.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/expand-group.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/export.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/free-packet.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getkey.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgcompose.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgsql.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgv.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helptext.Po@am__quote@ # am--include-marker
@@ -907,6 +882,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mdfilter.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/objcache.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openfile.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse-packet.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passphrase.Po@am__quote@ # am--include-marker
@@ -1178,8 +1154,10 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/build-packet.Po
 	-rm -f ./$(DEPDIR)/call-agent.Po
 	-rm -f ./$(DEPDIR)/call-dirmngr.Po
+	-rm -f ./$(DEPDIR)/call-keyboxd.Po
 	-rm -f ./$(DEPDIR)/card-util.Po
-	-rm -f ./$(DEPDIR)/cipher.Po
+	-rm -f ./$(DEPDIR)/cipher-aead.Po
+	-rm -f ./$(DEPDIR)/cipher-cfb.Po
 	-rm -f ./$(DEPDIR)/compress-bz2.Po
 	-rm -f ./$(DEPDIR)/compress.Po
 	-rm -f ./$(DEPDIR)/cpr.Po
@@ -1190,11 +1168,11 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/ecdh.Po
 	-rm -f ./$(DEPDIR)/encrypt.Po
 	-rm -f ./$(DEPDIR)/exec.Po
+	-rm -f ./$(DEPDIR)/expand-group.Po
 	-rm -f ./$(DEPDIR)/export.Po
 	-rm -f ./$(DEPDIR)/free-packet.Po
 	-rm -f ./$(DEPDIR)/getkey.Po
 	-rm -f ./$(DEPDIR)/gpg.Po
-	-rm -f ./$(DEPDIR)/gpgcompose.Po
 	-rm -f ./$(DEPDIR)/gpgsql.Po
 	-rm -f ./$(DEPDIR)/gpgv.Po
 	-rm -f ./$(DEPDIR)/helptext.Po
@@ -1213,6 +1191,7 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/mdfilter.Po
 	-rm -f ./$(DEPDIR)/migrate.Po
 	-rm -f ./$(DEPDIR)/misc.Po
+	-rm -f ./$(DEPDIR)/objcache.Po
 	-rm -f ./$(DEPDIR)/openfile.Po
 	-rm -f ./$(DEPDIR)/parse-packet.Po
 	-rm -f ./$(DEPDIR)/passphrase.Po
@@ -1291,8 +1270,10 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/build-packet.Po
 	-rm -f ./$(DEPDIR)/call-agent.Po
 	-rm -f ./$(DEPDIR)/call-dirmngr.Po
+	-rm -f ./$(DEPDIR)/call-keyboxd.Po
 	-rm -f ./$(DEPDIR)/card-util.Po
-	-rm -f ./$(DEPDIR)/cipher.Po
+	-rm -f ./$(DEPDIR)/cipher-aead.Po
+	-rm -f ./$(DEPDIR)/cipher-cfb.Po
 	-rm -f ./$(DEPDIR)/compress-bz2.Po
 	-rm -f ./$(DEPDIR)/compress.Po
 	-rm -f ./$(DEPDIR)/cpr.Po
@@ -1303,11 +1284,11 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/ecdh.Po
 	-rm -f ./$(DEPDIR)/encrypt.Po
 	-rm -f ./$(DEPDIR)/exec.Po
+	-rm -f ./$(DEPDIR)/expand-group.Po
 	-rm -f ./$(DEPDIR)/export.Po
 	-rm -f ./$(DEPDIR)/free-packet.Po
 	-rm -f ./$(DEPDIR)/getkey.Po
 	-rm -f ./$(DEPDIR)/gpg.Po
-	-rm -f ./$(DEPDIR)/gpgcompose.Po
 	-rm -f ./$(DEPDIR)/gpgsql.Po
 	-rm -f ./$(DEPDIR)/gpgv.Po
 	-rm -f ./$(DEPDIR)/helptext.Po
@@ -1326,6 +1307,7 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/mdfilter.Po
 	-rm -f ./$(DEPDIR)/migrate.Po
 	-rm -f ./$(DEPDIR)/misc.Po
+	-rm -f ./$(DEPDIR)/objcache.Po
 	-rm -f ./$(DEPDIR)/openfile.Po
 	-rm -f ./$(DEPDIR)/parse-packet.Po
 	-rm -f ./$(DEPDIR)/passphrase.Po
@@ -1392,8 +1374,8 @@ uninstall-am: uninstall-local
 
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
+
 @HAVE_W32_SYSTEM_TRUE@gpg-w32info.o : gpg.w32-manifest
-@HAVE_W32_SYSTEM_TRUE@gpgv-w32info.o : gpgv.w32-manifest
 
 $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
 
diff --git a/g10/armor.c b/g10/armor.c
index 36215a3..eb2d28b 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -1,4 +1,4 @@
-/* armor.c - Armor flter
+/* armor.c - Armor filter
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
  *               2007 Free Software Foundation, Inc.
  *
@@ -37,17 +37,10 @@
 
 #define MAX_LINELEN 20000
 
-#define CRCINIT 0xB704CE
-#define CRCPOLY 0X864CFB
-#define CRCUPDATE(a,c) do {						    \
-			a = ((a) << 8) ^ crc_table[((a)&0xff >> 16) ^ (c)]; \
-			a &= 0x00ffffff;				    \
-		    } while(0)
-static u32 crc_table[256];
-static byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-			 "abcdefghijklmnopqrstuvwxyz"
-			 "0123456789+/";
-static byte asctobin[256]; /* runtime initialized */
+static const byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                               "abcdefghijklmnopqrstuvwxyz"
+                               "0123456789+/";
+static u32 asctobin[4][256]; /* runtime initialized */
 static int is_initialized;
 
 
@@ -121,9 +114,22 @@ armor_filter_context_t *
 new_armor_context (void)
 {
   armor_filter_context_t *afx;
+  gpg_error_t err;
 
   afx = xcalloc (1, sizeof *afx);
-  afx->refcount = 1;
+  if (afx)
+    {
+      err = gcry_md_open (&afx->crc_md, GCRY_MD_CRC24_RFC2440, 0);
+      if (err != 0)
+	{
+	  log_error ("gcry_md_open failed for GCRY_MD_CRC24_RFC2440: %s",
+		    gpg_strerror (err));
+	  xfree (afx);
+	  return NULL;
+	}
+
+      afx->refcount = 1;
+    }
 
   return afx;
 }
@@ -138,6 +144,7 @@ release_armor_context (armor_filter_context_t *afx)
   log_assert (afx->refcount);
   if ( --afx->refcount )
     return;
+  gcry_md_close (afx->crc_md);
   xfree (afx);
 }
 
@@ -161,35 +168,42 @@ push_armor_filter (armor_filter_context_t *afx, iobuf_t iobuf)
 static void
 initialize(void)
 {
-    int i, j;
-    u32 t;
-    byte *s;
-
-    /* init the crc lookup table */
-    crc_table[0] = 0;
-    for(i=j=0; j < 128; j++ ) {
-	t = crc_table[j];
-	if( t & 0x00800000 ) {
-	    t <<= 1;
-	    crc_table[i++] = t ^ CRCPOLY;
-	    crc_table[i++] = t;
-	}
-	else {
-	    t <<= 1;
-	    crc_table[i++] = t;
-	    crc_table[i++] = t ^ CRCPOLY;
-	}
-    }
-    /* build the helptable for radix64 to bin conversion */
-    for(i=0; i < 256; i++ )
-	asctobin[i] = 255; /* used to detect invalid characters */
+    u32 i;
+    const byte *s;
+
+    /* Build the helptable for radix64 to bin conversion.  Value 0xffffffff is
+       used to detect invalid characters.  */
+    memset (asctobin, 0xff, sizeof(asctobin));
     for(s=bintoasc,i=0; *s; s++,i++ )
-	asctobin[*s] = i;
+      {
+	asctobin[0][*s] = i << (0 * 6);
+	asctobin[1][*s] = i << (1 * 6);
+	asctobin[2][*s] = i << (2 * 6);
+	asctobin[3][*s] = i << (3 * 6);
+      }
 
     is_initialized=1;
 }
 
 
+static inline u32
+get_afx_crc (armor_filter_context_t *afx)
+{
+  const byte *crc_buf;
+  u32 crc;
+
+  crc_buf = gcry_md_read (afx->crc_md, GCRY_MD_CRC24_RFC2440);
+
+  crc = crc_buf[0];
+  crc <<= 8;
+  crc |= crc_buf[1];
+  crc <<= 8;
+  crc |= crc_buf[2];
+
+  return crc;
+}
+
+
 /*
  * Check whether this is an armored file.  See also
  * parse-packet.c for details on this code.
@@ -592,7 +606,7 @@ check_input( armor_filter_context_t *afx, IOBUF a )
 	afx->faked = 1;
     else {
 	afx->inp_checked = 1;
-	afx->crc = CRCINIT;
+	gcry_md_reset (afx->crc_md);
 	afx->idx = 0;
 	afx->radbuf[0] = 0;
     }
@@ -768,7 +782,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
 	    }
 	}
 	afx->inp_checked = 1;
-	afx->crc = CRCINIT;
+	gcry_md_reset (afx->crc_md);
 	afx->idx = 0;
 	afx->radbuf[0] = 0;
     }
@@ -793,14 +807,14 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	      byte *buf, size_t size )
 {
     byte val;
-    int c=0, c2; /*init c because gcc is not clever enough for the continue*/
+    int c;
+    u32 binc;
     int checkcrc=0;
     int rc = 0;
     size_t n = 0;
-    int  idx, i, onlypad=0;
-    u32 crc;
+    int idx, onlypad=0;
+    int skip_fast = 0;
 
-    crc = afx->crc;
     idx = afx->idx;
     val = afx->radbuf[0];
     for( n=0; n < size; ) {
@@ -820,6 +834,122 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	}
 
       again:
+	binc = asctobin[0][c];
+
+	if( binc != 0xffffffffUL )
+	  {
+	    if( idx == 0 && skip_fast == 0
+		&& afx->buffer_pos + (16 - 1) < afx->buffer_len
+		&& n + 12 < size)
+	      {
+		/* Fast path for radix64 to binary conversion.  */
+		u32 b0,b1,b2,b3;
+
+		/* Speculatively load 15 more input bytes.  */
+		b0 = binc << (3 * 6);
+		b0 |= asctobin[2][afx->buffer[afx->buffer_pos + 0]];
+		b0 |= asctobin[1][afx->buffer[afx->buffer_pos + 1]];
+		b0 |= asctobin[0][afx->buffer[afx->buffer_pos + 2]];
+		b1  = asctobin[3][afx->buffer[afx->buffer_pos + 3]];
+		b1 |= asctobin[2][afx->buffer[afx->buffer_pos + 4]];
+		b1 |= asctobin[1][afx->buffer[afx->buffer_pos + 5]];
+		b1 |= asctobin[0][afx->buffer[afx->buffer_pos + 6]];
+		b2  = asctobin[3][afx->buffer[afx->buffer_pos + 7]];
+		b2 |= asctobin[2][afx->buffer[afx->buffer_pos + 8]];
+		b2 |= asctobin[1][afx->buffer[afx->buffer_pos + 9]];
+		b2 |= asctobin[0][afx->buffer[afx->buffer_pos + 10]];
+		b3  = asctobin[3][afx->buffer[afx->buffer_pos + 11]];
+		b3 |= asctobin[2][afx->buffer[afx->buffer_pos + 12]];
+		b3 |= asctobin[1][afx->buffer[afx->buffer_pos + 13]];
+		b3 |= asctobin[0][afx->buffer[afx->buffer_pos + 14]];
+
+		/* Check if any of the input bytes were invalid. */
+		if( (b0 | b1 | b2 | b3) != 0xffffffffUL )
+		  {
+		    /* All 16 bytes are valid. */
+		    buf[n + 0] = b0 >> (2 * 8);
+		    buf[n + 1] = b0 >> (1 * 8);
+		    buf[n + 2] = b0 >> (0 * 8);
+		    buf[n + 3] = b1 >> (2 * 8);
+		    buf[n + 4] = b1 >> (1 * 8);
+		    buf[n + 5] = b1 >> (0 * 8);
+		    buf[n + 6] = b2 >> (2 * 8);
+		    buf[n + 7] = b2 >> (1 * 8);
+		    buf[n + 8] = b2 >> (0 * 8);
+		    buf[n + 9] = b3 >> (2 * 8);
+		    buf[n + 10] = b3 >> (1 * 8);
+		    buf[n + 11] = b3 >> (0 * 8);
+		    afx->buffer_pos += 16 - 1;
+		    n += 12;
+		    continue;
+		  }
+		else if( b0 == 0xffffffffUL )
+		  {
+		    /* byte[1..3] have invalid character(s).  Switch to slow
+		       path.  */
+		    skip_fast = 1;
+		  }
+		else if( b1 == 0xffffffffUL )
+		  {
+		    /* byte[4..7] have invalid character(s), first 4 bytes are
+		       valid.  */
+		    buf[n + 0] = b0 >> (2 * 8);
+		    buf[n + 1] = b0 >> (1 * 8);
+		    buf[n + 2] = b0 >> (0 * 8);
+		    afx->buffer_pos += 4 - 1;
+		    n += 3;
+		    skip_fast = 1;
+		    continue;
+		  }
+		else if( b2 == 0xffffffffUL )
+		  {
+		    /* byte[8..11] have invalid character(s), first 8 bytes are
+		       valid.  */
+		    buf[n + 0] = b0 >> (2 * 8);
+		    buf[n + 1] = b0 >> (1 * 8);
+		    buf[n + 2] = b0 >> (0 * 8);
+		    buf[n + 3] = b1 >> (2 * 8);
+		    buf[n + 4] = b1 >> (1 * 8);
+		    buf[n + 5] = b1 >> (0 * 8);
+		    afx->buffer_pos += 8 - 1;
+		    n += 6;
+		    skip_fast = 1;
+		    continue;
+		  }
+		else /*if( b3 == 0xffffffffUL )*/
+		  {
+		    /* byte[12..15] have invalid character(s), first 12 bytes
+		       are valid.  */
+		    buf[n + 0] = b0 >> (2 * 8);
+		    buf[n + 1] = b0 >> (1 * 8);
+		    buf[n + 2] = b0 >> (0 * 8);
+		    buf[n + 3] = b1 >> (2 * 8);
+		    buf[n + 4] = b1 >> (1 * 8);
+		    buf[n + 5] = b1 >> (0 * 8);
+		    buf[n + 6] = b2 >> (2 * 8);
+		    buf[n + 7] = b2 >> (1 * 8);
+		    buf[n + 8] = b2 >> (0 * 8);
+		    afx->buffer_pos += 12 - 1;
+		    n += 9;
+		    skip_fast = 1;
+		    continue;
+		  }
+	      }
+
+	    switch(idx)
+	      {
+		case 0: val =  binc << 2; break;
+		case 1: val |= (binc>>4)&3; buf[n++]=val;val=(binc<<4)&0xf0;break;
+		case 2: val |= (binc>>2)&15; buf[n++]=val;val=(binc<<6)&0xc0;break;
+		case 3: val |= binc&0x3f; buf[n++] = val; break;
+	      }
+	    idx = (idx+1) % 4;
+
+	    continue;
+	  }
+
+	skip_fast = 0;
+
 	if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
 	    continue;
 	else if( c == '=' ) { /* pad character: stop */
@@ -850,10 +980,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
             if (afx->buffer_pos + 6 < afx->buffer_len
                 && afx->buffer[afx->buffer_pos + 0] == '3'
                 && afx->buffer[afx->buffer_pos + 1] == 'D'
-                && asctobin[afx->buffer[afx->buffer_pos + 2]] != 255
-                && asctobin[afx->buffer[afx->buffer_pos + 3]] != 255
-                && asctobin[afx->buffer[afx->buffer_pos + 4]] != 255
-                && asctobin[afx->buffer[afx->buffer_pos + 5]] != 255
+                && asctobin[0][afx->buffer[afx->buffer_pos + 2]] != 0xffffffffUL
+                && asctobin[0][afx->buffer[afx->buffer_pos + 3]] != 0xffffffffUL
+                && asctobin[0][afx->buffer[afx->buffer_pos + 4]] != 0xffffffffUL
+                && asctobin[0][afx->buffer[afx->buffer_pos + 5]] != 0xffffffffUL
                 && afx->buffer[afx->buffer_pos + 6] == '\n')
               {
                 afx->buffer_pos += 2;
@@ -868,27 +998,20 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	    checkcrc++;
 	    break;
 	}
-	else if( (c = asctobin[(c2=c)]) == 255 ) {
-	    log_error(_("invalid radix64 character %02X skipped\n"), c2);
+	else {
+	    log_error(_("invalid radix64 character %02X skipped\n"), c);
 	    continue;
 	}
-	switch(idx) {
-	  case 0: val =  c << 2; break;
-	  case 1: val |= (c>>4)&3; buf[n++]=val;val=(c<<4)&0xf0;break;
-	  case 2: val |= (c>>2)&15; buf[n++]=val;val=(c<<6)&0xc0;break;
-	  case 3: val |= c&0x3f; buf[n++] = val; break;
-	}
-	idx = (idx+1) % 4;
     }
 
-    for(i=0; i < n; i++ )
-	crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
-    crc &= 0x00ffffff;
-    afx->crc = crc;
     afx->idx = idx;
     afx->radbuf[0] = val;
 
+    if( n )
+      gcry_md_write (afx->crc_md, buf, n);
+
     if( checkcrc ) {
+	gcry_md_final (afx->crc_md);
 	afx->any_data = 1;
 	afx->inp_checked=0;
 	afx->faked = 0;
@@ -911,19 +1034,19 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 		continue;
 	    break;
 	}
-	if( c == -1 )
+	if( !afx->buffer_len )
 	    log_error(_("premature eof (no CRC)\n"));
 	else {
 	    u32 mycrc = 0;
 	    idx = 0;
 	    do {
-		if( (c = asctobin[c]) == 255 )
+		if( (binc = asctobin[0][c]) == 0xffffffffUL )
 		    break;
 		switch(idx) {
-		  case 0: val =  c << 2; break;
-		  case 1: val |= (c>>4)&3; mycrc |= val << 16;val=(c<<4)&0xf0;break;
-		  case 2: val |= (c>>2)&15; mycrc |= val << 8;val=(c<<6)&0xc0;break;
-		  case 3: val |= c&0x3f; mycrc |= val; break;
+		  case 0: val =  binc << 2; break;
+		  case 1: val |= (binc>>4)&3; mycrc |= val << 16;val=(binc<<4)&0xf0;break;
+		  case 2: val |= (binc>>2)&15; mycrc |= val << 8;val=(binc<<6)&0xc0;break;
+		  case 3: val |= binc&0x3f; mycrc |= val; break;
 		}
 		for(;;) {
 		    if( afx->buffer_pos < afx->buffer_len )
@@ -945,7 +1068,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 		if( !afx->buffer_len )
 		    break; /* eof */
 	    } while( ++idx < 4 );
-	    if( c == -1 ) {
+	    if( !afx->buffer_len ) {
 		log_info(_("premature eof (in CRC)\n"));
 		rc = invalid_crc();
 	    }
@@ -957,10 +1080,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 		log_info(_("malformed CRC\n"));
 		rc = invalid_crc();
 	    }
-	    else if( mycrc != afx->crc ) {
-                log_info (_("CRC error; %06lX - %06lX\n"),
-				    (ulong)afx->crc, (ulong)mycrc);
-                rc = invalid_crc();
+	    else if( mycrc != get_afx_crc (afx) ) {
+		log_info (_("CRC error; %06lX - %06lX\n"),
+				    (ulong)get_afx_crc (afx), (ulong)mycrc);
+		rc = invalid_crc();
 	    }
 	    else {
 		rc = 0;
@@ -997,6 +1120,121 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
     return rc;
 }
 
+static void
+armor_output_buf_as_radix64 (armor_filter_context_t *afx, IOBUF a,
+			     byte *buf, size_t size)
+{
+  byte radbuf[sizeof (afx->radbuf)];
+  byte outbuf[64 + sizeof (afx->eol)];
+  unsigned int eollen = strlen (afx->eol);
+  u32 in, in2;
+  int idx, idx2;
+  int i;
+
+  idx = afx->idx;
+  idx2 = afx->idx2;
+  memcpy (radbuf, afx->radbuf, sizeof (afx->radbuf));
+
+  if (size && (idx || idx2))
+    {
+      /* preload eol to outbuf buffer */
+      memcpy (outbuf + 4, afx->eol, sizeof (afx->eol));
+
+      for (; size && (idx || idx2); buf++, size--)
+	{
+	  radbuf[idx++] = *buf;
+	  if (idx > 2)
+	    {
+	      idx = 0;
+	      in = (u32)radbuf[0] << (2 * 8);
+	      in |= (u32)radbuf[1] << (1 * 8);
+	      in |= (u32)radbuf[2] << (0 * 8);
+	      outbuf[0] = bintoasc[(in >> 18) & 077];
+	      outbuf[1] = bintoasc[(in >> 12) & 077];
+	      outbuf[2] = bintoasc[(in >> 6) & 077];
+	      outbuf[3] = bintoasc[(in >> 0) & 077];
+	      if (++idx2 >= (64/4))
+		{ /* pgp doesn't like 72 here */
+		  idx2=0;
+		  iobuf_write (a, outbuf, 4 + eollen);
+		}
+	      else
+		{
+		  iobuf_write (a, outbuf, 4);
+		}
+	    }
+	}
+    }
+
+  if (size >= (64/4)*3)
+    {
+      /* preload eol to outbuf buffer */
+      memcpy (outbuf + 64, afx->eol, sizeof(afx->eol));
+
+      do
+	{
+	  /* idx and idx2 == 0 */
+
+	  for (i = 0; i < (64/8); i++)
+	    {
+	      in = (u32)buf[0] << (2 * 8);
+	      in |= (u32)buf[1] << (1 * 8);
+	      in |= (u32)buf[2] << (0 * 8);
+	      in2 = (u32)buf[3] << (2 * 8);
+	      in2 |= (u32)buf[4] << (1 * 8);
+	      in2 |= (u32)buf[5] << (0 * 8);
+	      outbuf[i*8+0] = bintoasc[(in >> 18) & 077];
+	      outbuf[i*8+1] = bintoasc[(in >> 12) & 077];
+	      outbuf[i*8+2] = bintoasc[(in >> 6) & 077];
+	      outbuf[i*8+3] = bintoasc[(in >> 0) & 077];
+	      outbuf[i*8+4] = bintoasc[(in2 >> 18) & 077];
+	      outbuf[i*8+5] = bintoasc[(in2 >> 12) & 077];
+	      outbuf[i*8+6] = bintoasc[(in2 >> 6) & 077];
+	      outbuf[i*8+7] = bintoasc[(in2 >> 0) & 077];
+	      buf+=6;
+	      size-=6;
+	    }
+
+	  /* pgp doesn't like 72 here */
+	  iobuf_write (a, outbuf, 64 + eollen);
+	}
+      while (size >= (64/4)*3);
+
+      /* restore eol for tail handling */
+      if (size)
+	memcpy (outbuf + 4, afx->eol, sizeof (afx->eol));
+    }
+
+  for (; size; buf++, size--)
+    {
+      radbuf[idx++] = *buf;
+      if (idx > 2)
+	{
+	  idx = 0;
+	  in = (u32)radbuf[0] << (2 * 8);
+	  in |= (u32)radbuf[1] << (1 * 8);
+	  in |= (u32)radbuf[2] << (0 * 8);
+	  outbuf[0] = bintoasc[(in >> 18) & 077];
+	  outbuf[1] = bintoasc[(in >> 12) & 077];
+	  outbuf[2] = bintoasc[(in >> 6) & 077];
+	  outbuf[3] = bintoasc[(in >> 0) & 077];
+	  if (++idx2 >= (64/4))
+	    { /* pgp doesn't like 72 here */
+	      idx2=0;
+	      iobuf_write (a, outbuf, 4 + eollen);
+	    }
+	  else
+	    {
+	      iobuf_write (a, outbuf, 4);
+	    }
+	}
+    }
+
+  memcpy (afx->radbuf, radbuf, sizeof (afx->radbuf));
+  afx->idx = idx;
+  afx->idx2 = idx2;
+}
+
 /****************
  * This filter is used to handle the armor stuff
  */
@@ -1006,7 +1244,7 @@ armor_filter( void *opaque, int control,
 {
     size_t size = *ret_len;
     armor_filter_context_t *afx = opaque;
-    int rc=0, i, c;
+    int rc=0, c;
     byte radbuf[3];
     int  idx, idx2;
     size_t n=0;
@@ -1188,43 +1426,13 @@ armor_filter( void *opaque, int control,
 	    afx->status++;
 	    afx->idx = 0;
 	    afx->idx2 = 0;
-	    afx->crc = CRCINIT;
-
+	    gcry_md_reset (afx->crc_md);
 	}
-	crc = afx->crc;
-	idx = afx->idx;
-	idx2 = afx->idx2;
-	for(i=0; i < idx; i++ )
-	    radbuf[i] = afx->radbuf[i];
-
-	for(i=0; i < size; i++ )
-	    crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
-	crc &= 0x00ffffff;
-
-	for( ; size; buf++, size-- ) {
-	    radbuf[idx++] = *buf;
-	    if( idx > 2 ) {
-		idx = 0;
-		c = bintoasc[(*radbuf >> 2) & 077];
-		iobuf_put(a, c);
-		c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
-		iobuf_put(a, c);
-		c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
-		iobuf_put(a, c);
-		c = bintoasc[radbuf[2]&077];
-		iobuf_put(a, c);
-		if( ++idx2 >= (64/4) )
-		  { /* pgp doesn't like 72 here */
-		    iobuf_writestr(a,afx->eol);
-		    idx2=0;
-		  }
-	    }
-	}
-	for(i=0; i < idx; i++ )
-	    afx->radbuf[i] = radbuf[i];
-	afx->idx = idx;
-	afx->idx2 = idx2;
-	afx->crc  = crc;
+
+	if( size ) {
+	    gcry_md_write (afx->crc_md, buf, size);
+	    armor_output_buf_as_radix64 (afx, a, buf, size);
+        }
     }
     else if( control == IOBUFCTRL_INIT )
       {
@@ -1250,7 +1458,8 @@ armor_filter( void *opaque, int control,
 	if( afx->cancel )
 	    ;
 	else if( afx->status ) { /* pad, write cecksum, and bottom line */
-	    crc = afx->crc;
+	    gcry_md_final (afx->crc_md);
+	    crc = get_afx_crc (afx);
 	    idx = afx->idx;
 	    idx2 = afx->idx2;
 	    if( idx ) {
@@ -1350,221 +1559,3 @@ make_radix64_string( const byte *data, size_t len )
     *p = 0;
     return buffer;
 }
-
-
-/***********************************************
- *  For the pipemode command we can't use the armor filter for various
- *  reasons, so we use this new unarmor_pump stuff to remove the armor
- */
-
-enum unarmor_state_e {
-    STA_init = 0,
-    STA_bypass,
-    STA_wait_newline,
-    STA_wait_dash,
-    STA_first_dash,
-    STA_compare_header,
-    STA_found_header_wait_newline,
-    STA_skip_header_lines,
-    STA_skip_header_lines_non_ws,
-    STA_read_data,
-    STA_wait_crc,
-    STA_read_crc,
-    STA_ready
-};
-
-struct unarmor_pump_s {
-    enum unarmor_state_e state;
-    byte val;
-    int checkcrc;
-    int pos;   /* counts from 0..3 */
-    u32 crc;
-    u32 mycrc; /* the one store in the data */
-};
-
-
-
-UnarmorPump
-unarmor_pump_new (void)
-{
-    UnarmorPump x;
-
-    if( !is_initialized )
-        initialize();
-    x = xmalloc_clear (sizeof *x);
-    return x;
-}
-
-void
-unarmor_pump_release (UnarmorPump x)
-{
-    xfree (x);
-}
-
-/*
- * Get the next character from the ascii armor taken from the IOBUF
- * created earlier by unarmor_pump_new().
- * Return:  c = Character
- *        256 = ignore this value
- *         -1 = End of current armor
- *         -2 = Premature EOF (not used)
- *         -3 = Invalid armor
- */
-int
-unarmor_pump (UnarmorPump x, int c)
-{
-    int rval = 256; /* default is to ignore the return value */
-
-    switch (x->state) {
-      case STA_init:
-        {
-            byte tmp[2];
-            tmp[0] = c;
-            tmp[1] = 0;
-            if ( is_armored (tmp) )
-                x->state = c == '-'? STA_first_dash : STA_wait_newline;
-            else {
-                x->state = STA_bypass;
-                return c;
-            }
-        }
-        break;
-      case STA_bypass:
-        return c; /* return here to avoid crc calculation */
-      case STA_wait_newline:
-        if (c == '\n')
-            x->state = STA_wait_dash;
-        break;
-      case STA_wait_dash:
-        x->state = c == '-'? STA_first_dash : STA_wait_newline;
-        break;
-      case STA_first_dash: /* just need for initialization */
-        x->pos = 0;
-        x->state = STA_compare_header; /* fall through */
-      case STA_compare_header:
-        if ( "-----BEGIN PGP SIGNATURE-----"[++x->pos] == c ) {
-            if ( x->pos == 28 )
-                x->state = STA_found_header_wait_newline;
-        }
-        else
-            x->state = c == '\n'? STA_wait_dash : STA_wait_newline;
-        break;
-      case STA_found_header_wait_newline:
-        /* to make CR,LF issues easier we simply allow for white space
-           behind the 5 dashes */
-        if ( c == '\n' )
-            x->state = STA_skip_header_lines;
-        else if ( c != '\r' && c != ' ' && c != '\t' )
-            x->state = STA_wait_dash; /* garbage after the header line */
-        break;
-      case STA_skip_header_lines:
-        /* i.e. wait for one empty line */
-        if ( c == '\n' ) {
-            x->state = STA_read_data;
-            x->crc = CRCINIT;
-            x->val = 0;
-            x->pos = 0;
-        }
-        else if ( c != '\r' && c != ' ' && c != '\t' )
-            x->state = STA_skip_header_lines_non_ws;
-        break;
-      case STA_skip_header_lines_non_ws:
-        /* like above but we already encountered non white space */
-        if ( c == '\n' )
-            x->state = STA_skip_header_lines;
-        break;
-      case STA_read_data:
-        /* fixme: we don't check for the trailing dash lines but rely
-         * on the armor stop characters */
-        if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
-            break; /* skip all kind of white space */
-
-        if( c == '=' ) { /* pad character: stop */
-            if( x->pos == 1 ) /* in this case val has some value */
-                rval = x->val;
-            x->state = STA_wait_crc;
-            break;
-        }
-
-        {
-            int c2;
-            if( (c = asctobin[(c2=c)]) == 255 ) {
-                log_error(_("invalid radix64 character %02X skipped\n"), c2);
-                break;
-            }
-        }
-
-        switch(x->pos) {
-          case 0:
-            x->val = c << 2;
-            break;
-          case 1:
-            x->val |= (c>>4)&3;
-            rval = x->val;
-            x->val = (c<<4)&0xf0;
-            break;
-          case 2:
-            x->val |= (c>>2)&15;
-            rval = x->val;
-            x->val = (c<<6)&0xc0;
-            break;
-          case 3:
-            x->val |= c&0x3f;
-            rval = x->val;
-            break;
-        }
-        x->pos = (x->pos+1) % 4;
-        break;
-      case STA_wait_crc:
-        if( c == '\n' || c == ' ' || c == '\r' || c == '\t' || c == '=' )
-            break; /* skip ws and pad characters */
-        /* assume that we are at the next line */
-        x->state = STA_read_crc;
-        x->pos = 0;
-        x->mycrc = 0; /* fall through */
-      case STA_read_crc:
-        if( (c = asctobin[c]) == 255 ) {
-            rval = -1; /* ready */
-            if( x->crc != x->mycrc ) {
-                log_info (_("CRC error; %06lX - %06lX\n"),
-                          (ulong)x->crc, (ulong)x->mycrc);
-                if ( invalid_crc() )
-                    rval = -3;
-            }
-            x->state = STA_ready; /* not sure whether this is correct */
-            break;
-        }
-
-        switch(x->pos) {
-          case 0:
-            x->val = c << 2;
-            break;
-          case 1:
-            x->val |= (c>>4)&3;
-            x->mycrc |= x->val << 16;
-            x->val = (c<<4)&0xf0;
-            break;
-          case 2:
-            x->val |= (c>>2)&15;
-            x->mycrc |= x->val << 8;
-            x->val = (c<<6)&0xc0;
-            break;
-          case 3:
-            x->val |= c&0x3f;
-            x->mycrc |= x->val;
-            break;
-        }
-        x->pos = (x->pos+1) % 4;
-        break;
-      case STA_ready:
-        rval = -1;
-        break;
-    }
-
-    if ( !(rval & ~255) ) { /* compute the CRC */
-        x->crc = (x->crc << 8) ^ crc_table[((x->crc >> 16)&0xff) ^ rval];
-        x->crc &= 0x00ffffff;
-    }
-
-    return rval;
-}
diff --git a/g10/build-packet.c b/g10/build-packet.c
index a40ed0d..268bd71 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -42,6 +42,7 @@ static u32 calc_plaintext( PKT_plaintext *pt );
 static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
 static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
 static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
+static int do_encrypted_aead (iobuf_t out, int ctb, PKT_encrypted *ed);
 static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
 static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
 static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
@@ -78,6 +79,49 @@ ctb_pkttype (int ctb)
 }
 
 
+/* Build a keyblock image from KEYBLOCK.  Returns 0 on success and
+ * only then stores a new iobuf object at R_IOBUF; the returned iobuf
+ * can be access with the iobuf_get_temp_buffer and
+ * iobuf_get_temp_length macros.  */
+gpg_error_t
+build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf)
+{
+  gpg_error_t err;
+  iobuf_t iobuf;
+  kbnode_t kbctx, node;
+
+  *r_iobuf = NULL;
+
+  iobuf = iobuf_temp ();
+  for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+    {
+      /* Make sure to use only packets valid on a keyblock.  */
+      switch (node->pkt->pkttype)
+        {
+        case PKT_PUBLIC_KEY:
+        case PKT_PUBLIC_SUBKEY:
+        case PKT_SIGNATURE:
+        case PKT_USER_ID:
+        case PKT_ATTRIBUTE:
+        case PKT_RING_TRUST:
+          break;
+        default:
+          continue;
+        }
+
+      err = build_packet_and_meta (iobuf, node->pkt);
+      if (err)
+        {
+          iobuf_close (iobuf);
+          return err;
+        }
+    }
+
+  *r_iobuf = iobuf;
+  return 0;
+}
+
+
 /* Build a packet and write it to the stream OUT.
  * Returns: 0 on success or on an error code.  */
 int
@@ -106,6 +150,7 @@ build_packet (IOBUF out, PACKET *pkt)
       break;
     case PKT_ENCRYPTED:
     case PKT_ENCRYPTED_MDC:
+    case PKT_ENCRYPTED_AEAD:
       new_ctb = pkt->pkt.encrypted->new_ctb;
       break;
     case PKT_COMPRESSED:
@@ -158,6 +203,9 @@ build_packet (IOBUF out, PACKET *pkt)
     case PKT_ENCRYPTED_MDC:
       rc = do_encrypted_mdc (out, ctb, pkt->pkt.encrypted);
       break;
+    case PKT_ENCRYPTED_AEAD:
+      rc = do_encrypted_aead (out, ctb, pkt->pkt.encrypted);
+      break;
     case PKT_COMPRESSED:
       rc = do_compressed (out, ctb, pkt->pkt.compressed);
       break;
@@ -238,12 +286,15 @@ build_packet_and_meta (iobuf_t out, PACKET *pkt)
 
 
 /*
- * Write the mpi A to OUT.
+ * Write the mpi A to OUT.  If R_NWRITTEN is not NULL the number of
+ * bytes written is stored there.  To only get the number of bytes
+ * which would be written NULL may be passed for OUT.
  */
 gpg_error_t
-gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
+gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
 {
-  int rc;
+  gpg_error_t err;
+  unsigned int nwritten = 0;
 
   if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
     {
@@ -272,9 +323,17 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
       /* gcry_log_debughex (" ", p, (nbits+7)/8); */
       lenhdr[0] = nbits >> 8;
       lenhdr[1] = nbits;
-      rc = iobuf_write (out, lenhdr, 2);
-      if (!rc && p)
-        rc = iobuf_write (out, p, (nbits+7)/8);
+      err = out? iobuf_write (out, lenhdr, 2) : 0;
+      if (!err)
+        {
+          nwritten += 2;
+          if (p)
+            {
+              err = out? iobuf_write (out, p, (nbits+7)/8) : 0;
+              if (!err)
+                nwritten += (nbits+7)/8;
+            }
+        }
     }
   else
     {
@@ -282,23 +341,94 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
       size_t nbytes;
 
       nbytes = DIM(buffer);
-      rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
-      if( !rc )
-        rc = iobuf_write( out, buffer, nbytes );
-      else if (gpg_err_code(rc) == GPG_ERR_TOO_SHORT )
+      err = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
+      if (!err)
+        {
+          err = out? iobuf_write (out, buffer, nbytes) : 0;
+          if (!err)
+            nwritten += nbytes;
+        }
+      else if (gpg_err_code (err) == GPG_ERR_TOO_SHORT )
         {
           log_info ("mpi too large (%u bits)\n", gcry_mpi_get_nbits (a));
-          /* The buffer was too small. We better tell the user about the MPI. */
-          rc = gpg_error (GPG_ERR_TOO_LARGE);
+          /* The buffer was too small.  We better tell the user about
+           * the MPI. */
+          err = gpg_error (GPG_ERR_TOO_LARGE);
         }
     }
 
-  return rc;
+  if (r_nwritten)
+    *r_nwritten = nwritten;
+  return err;
 }
 
 
 /*
- * Write an opaque MPI to the output stream without length info.
+ * Write the mpi A to the output stream OUT as "SOS" (Strange Octet
+ * String).  If R_NWRITTEN is not NULL the number of bytes written is
+ * stored there.  To only get the number of bytes which would be
+ * written, NULL may be passed for OUT.
+ */
+static gpg_error_t
+sos_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
+{
+  gpg_error_t err;
+  unsigned int nwritten = 0;
+
+  if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+    {
+      unsigned int nbits;
+      const unsigned char *p;
+      unsigned char lenhdr[2];
+
+      /* gcry_log_debugmpi ("a", a); */
+      p = gcry_mpi_get_opaque (a, &nbits);
+      /* gcry_log_debug ("   [%u bit]\n", nbits); */
+      /* gcry_log_debughex (" ", p, (nbits+7)/8); */
+
+      if (p && *p)
+        {
+          nbits = ((nbits + 7) / 8) * 8;
+
+          if (nbits >= 8 && !(*p & 0x80))
+            if (--nbits >= 7 && !(*p & 0x40))
+              if (--nbits >= 6 && !(*p & 0x20))
+                if (--nbits >= 5 && !(*p & 0x10))
+                  if (--nbits >= 4 && !(*p & 0x08))
+                    if (--nbits >= 3 && !(*p & 0x04))
+                      if (--nbits >= 2 && !(*p & 0x02))
+                        if (--nbits >= 1 && !(*p & 0x01))
+                          --nbits;
+        }
+
+      lenhdr[0] = nbits >> 8;
+      lenhdr[1] = nbits;
+      err = out? iobuf_write (out, lenhdr, 2) : 0;
+      if (!err)
+        {
+          nwritten += 2;
+          if (p)
+            {
+              err = out? iobuf_write (out, p, (nbits+7)/8) : 0;
+              if (!err)
+                nwritten += (nbits+7)/8;
+            }
+        }
+    }
+  else
+    {
+      log_info ("non-opaque MPI (%u bits) for SOS\n", gcry_mpi_get_nbits (a));
+      err = gpg_error (GPG_ERR_INV_DATA);
+    }
+
+  if (r_nwritten)
+    *r_nwritten = nwritten;
+  return err;
+}
+
+
+/*
+ * Write an opaque string to the output stream without length info.
  */
 gpg_error_t
 gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a)
@@ -464,29 +594,29 @@ static int
 do_key (iobuf_t out, int ctb, PKT_public_key *pk)
 {
   gpg_error_t err = 0;
-  /* The length of the body is stored in the packet's header, which
-     occurs before the body.  Unfortunately, we don't know the length
-     of the packet's body until we've written all of the data!  To
-     work around this, we first write the data into this temporary
-     buffer, then generate the header, and finally copy the contents
-     of this buffer to OUT.  */
-  iobuf_t a = iobuf_temp();
+  iobuf_t a;
   int i, nskey, npkey;
+  u32 pkbytes = 0;
+  int is_v5;
 
-  log_assert (pk->version == 0 || pk->version == 4);
+  log_assert (pk->version == 0 || pk->version == 4 || pk->version == 5);
   log_assert (ctb_pkttype (ctb) == PKT_PUBLIC_KEY
               || ctb_pkttype (ctb) == PKT_PUBLIC_SUBKEY
               || ctb_pkttype (ctb) == PKT_SECRET_KEY
               || ctb_pkttype (ctb) == PKT_SECRET_SUBKEY);
 
-  /* Write the version number - if none is specified, use 4 */
-  if ( !pk->version )
-    iobuf_put ( a, 4 );
-  else
-    iobuf_put ( a, pk->version );
-  write_32 (a, pk->timestamp );
+  /* The length of the body is stored in the packet's header, which
+   * occurs before the body.  Unfortunately, we don't know the length
+   * of the packet's body until we've written all of the data!  To
+   * work around this, we first write the data into this temporary
+   * buffer, then generate the header, and finally copy the content
+   * of this buffer to OUT.  */
+  a = iobuf_temp();
+
+  /* Note that the Version number, Timestamp, Algo, and the v5 Key
+   * material count are written at the end of the function. */
 
-  iobuf_put (a, pk->pubkey_algo );
+  is_v5 = (pk->version == 5);
 
   /* Get number of secret and public parameters.  They are held in one
      array: the public ones followed by the secret ones.  */
@@ -509,12 +639,18 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
           || (pk->pubkey_algo == PUBKEY_ALGO_EDDSA && (i == 0))
           || (pk->pubkey_algo == PUBKEY_ALGO_ECDH  && (i == 0 || i == 2)))
         err = gpg_mpi_write_nohdr (a, pk->pkey[i]);
+      else if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+               || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+               || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+        err = sos_write (a, pk->pkey[i], NULL);
       else
-        err = gpg_mpi_write (a, pk->pkey[i]);
+        err = gpg_mpi_write (a, pk->pkey[i], NULL);
       if (err)
         goto leave;
     }
 
+  /* Record the length of the public key part.  */
+  pkbytes = iobuf_get_temp_length (a);
 
   if (pk->seckey_info)
     {
@@ -524,9 +660,26 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
       /* Build the header for protected (encrypted) secret parameters.  */
       if (ski->is_protected)
         {
-          /* OpenPGP protection according to rfc2440. */
-          iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
-          iobuf_put (a, ski->algo);
+          iobuf_put (a, ski->sha1chk? 0xfe : 0xff); /* S2k usage.  */
+          if (is_v5)
+            {
+              /* For a v5 key determine the count of the following
+               * key-protection material and write it.  */
+              int count = 1;  /* Pubkey algo octet. */
+              if (ski->s2k.mode >= 1000)
+                count += 6;   /* GNU specific mode descriptor.  */
+              else
+                count += 2;   /* Mode and hash algo.  */
+              if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
+                count += 8;   /* Salt.  */
+              if (ski->s2k.mode == 3)
+                count++;      /* S2K.COUNT */
+              if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
+                count += ski->ivlen;
+
+              iobuf_put (a, count);
+            }
+          iobuf_put (a, ski->algo);  /* Pubkey algo octet.  */
           if (ski->s2k.mode >= 1000)
             {
               /* These modes are not possible in OpenPGP, we use them
@@ -557,13 +710,24 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
 
         }
       else /* Not protected. */
-        iobuf_put (a, 0 );
+        {
+          iobuf_put (a, 0 );  /* S2K usage = not protected.  */
+          if (is_v5)
+            iobuf_put (a, 0); /* Zero octets of key-protection
+                               * material follows.  */
+        }
 
       if (ski->s2k.mode == 1001)
-        ; /* GnuPG extension - don't write a secret key at all. */
+        {
+          /* GnuPG extension - don't write a secret key at all. */
+          if (is_v5)
+            write_32 (a, 0); /* Zero octets of key material.  */
+        }
       else if (ski->s2k.mode == 1002)
         {
           /* GnuPG extension - divert to OpenPGP smartcard. */
+          if (is_v5)
+            write_32 (a, 1 + ski->ivlen);
           /* Length of the serial number or 0 for no serial number. */
           iobuf_put (a, ski->ivlen );
           /* The serial number gets stored in the IV field.  */
@@ -577,15 +741,54 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
 
           log_assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
           p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
+          /* For v5 keys we first write the number of octets of the
+           * following encrypted key material.  */
+          if (is_v5)
+            write_32 (a, p? (ndatabits+7)/8 : 0);
           if (p)
             iobuf_write (a, p, (ndatabits+7)/8 );
         }
       else
         {
           /* Non-protected key. */
+          if (is_v5)
+            {
+              unsigned int skbytes = 0;
+              unsigned int n;
+              int j;
+
+              for (j=i; j < nskey; j++ )
+                {
+                  if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+                      || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+                      || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+                    {
+                      if ((err = sos_write (NULL, pk->pkey[j], &n)))
+                        goto leave;
+                    }
+                  else
+                    {
+                      if ( (err = gpg_mpi_write (a, pk->pkey[i], NULL)))
+                        goto leave;
+                    }
+                  skbytes += n;
+                }
+
+              write_32 (a, skbytes);
+            }
+
           for ( ; i < nskey; i++ )
-            if ( (err = gpg_mpi_write (a, pk->pkey[i])))
-              goto leave;
+            if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+                || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+                || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+              {
+                if ((err = sos_write (a, pk->pkey[i], NULL)))
+                  goto leave;
+              }
+            else
+              if ((err = gpg_mpi_write (a, pk->pkey[i], NULL)))
+                goto leave;
+
           write_16 (a, ski->csum );
         }
     }
@@ -594,11 +797,23 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
   if (!err)
     {
       /* Build the header of the packet - which we must do after
-         writing all the other stuff, so that we know the length of
-         the packet */
-      write_header2 (out, ctb, iobuf_get_temp_length(a), 0);
+       * writing all the other stuff, so that we know the length of
+       * the packet */
+      u32 len = iobuf_get_temp_length (a);
+      len += 1; /* version number  */
+      len += 4; /* timestamp  */
+      len += 1; /* algo  */
+      if (is_v5)
+        len += 4; /* public key material count  */
+
+      write_header2 (out, ctb, len, 0);
        /* And finally write it out to the real stream. */
-      err = iobuf_write_temp (out, a);
+      iobuf_put (out, pk->version? pk->version : 4); /* version number  */
+      write_32 (out, pk->timestamp );
+      iobuf_put (out, pk->pubkey_algo);  /* algo */
+      if (is_v5)
+        write_32 (out, pkbytes);        /* public key material count  */
+      err = iobuf_write_temp (out, a);  /* pub and sec key material */
     }
 
   iobuf_close (a); /* Close the temporary buffer */
@@ -618,11 +833,8 @@ do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
   IOBUF a = iobuf_temp();
 
   log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC);
+  log_assert (enc->version == 4 || enc->version == 5);
 
-  /* The only acceptable version.  */
-  log_assert( enc->version == 4 );
-
-  /* RFC 4880, Section 3.7.  */
   switch (enc->s2k.mode)
     {
     case 0: /* Simple S2K.  */
@@ -633,23 +845,26 @@ do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
     default:
       log_bug ("do_symkey_enc: s2k=%d\n", enc->s2k.mode);
     }
-    iobuf_put( a, enc->version );
-    iobuf_put( a, enc->cipher_algo );
-    iobuf_put( a, enc->s2k.mode );
-    iobuf_put( a, enc->s2k.hash_algo );
-    if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
-	iobuf_write(a, enc->s2k.salt, 8 );
-	if( enc->s2k.mode == 3 )
-	    iobuf_put(a, enc->s2k.count);
+  iobuf_put (a, enc->version);
+  iobuf_put (a, enc->cipher_algo);
+  if (enc->version == 5)
+    iobuf_put (a, enc->aead_algo);
+  iobuf_put (a, enc->s2k.mode);
+  iobuf_put (a, enc->s2k.hash_algo);
+  if (enc->s2k.mode == 1 || enc->s2k.mode == 3)
+    {
+      iobuf_write (a, enc->s2k.salt, 8);
+      if (enc->s2k.mode == 3)
+        iobuf_put (a, enc->s2k.count);
     }
-    if( enc->seskeylen )
-	iobuf_write(a, enc->seskey, enc->seskeylen );
+  if (enc->seskeylen)
+    iobuf_write (a, enc->seskey, enc->seskeylen);
 
-    write_header(out, ctb, iobuf_get_temp_length(a) );
-    rc = iobuf_write_temp( out, a );
+  write_header (out, ctb, iobuf_get_temp_length(a));
+  rc = iobuf_write_temp (out, a);
 
-    iobuf_close(a);
-    return rc;
+  iobuf_close (a);
+  return rc;
 }
 
 
@@ -688,8 +903,10 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
     {
       if (enc->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
         rc = gpg_mpi_write_nohdr (a, enc->data[i]);
+      else if (enc->pubkey_algo == PUBKEY_ALGO_ECDH)
+        rc = sos_write (a, enc->data[i], NULL);
       else
-        rc = gpg_mpi_write (a, enc->data[i]);
+        rc = gpg_mpi_write (a, enc->data[i], NULL);
     }
 
   if (!rc)
@@ -753,9 +970,6 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
     if (pt->buf)
       {
         nbytes = iobuf_copy (out, pt->buf);
-        if (nbytes == (size_t)(-1)
-            && (iobuf_error (out) || iobuf_error (pt->buf)))
-            return iobuf_error (out)? iobuf_error (out):iobuf_error (pt->buf);
         if(ctb_new_format_p (ctb) && !pt->len)
           /* Turn off partial body length mode.  */
           iobuf_set_partial_body_length_mode (out, 0);
@@ -821,6 +1035,32 @@ do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
 }
 
 
+/* Serialize the symmetrically AEAD encrypted data packet
+ * (rfc4880bis-03, Section 5.16) described by ED and write it to OUT.
+ *
+ * Note: this only writes only packet's header.  The caller must then
+ * follow up and write the actual encrypted data.  This should be done
+ * by pushing the the cipher_filter_aead.  */
+static int
+do_encrypted_aead (iobuf_t out, int ctb, PKT_encrypted *ed)
+{
+  u32 n;
+
+  log_assert (ctb_pkttype (ctb) == PKT_ENCRYPTED_AEAD);
+
+  n = ed->len ? (ed->len + ed->extralen + 4) : 0;
+  write_header (out, ctb, n );
+  iobuf_writebyte (out, 1); /* Version.  */
+  iobuf_writebyte (out, ed->cipher_algo);
+  iobuf_writebyte (out, ed->aead_algo);
+  iobuf_writebyte (out, ed->chunkbyte);
+
+  /* This is all. The caller has to write the encrypted data */
+
+  return 0;
+}
+
+
 /* Serialize the compressed packet (RFC 4880, Section 5.6) described
    by CD and write it to OUT.
 
@@ -1113,10 +1353,10 @@ build_sig_subpkt_from_sig (PKT_signature *sig, PKT_public_key *pksk)
 
     /* Write the new ISSUER_FPR subpacket.  */
     fingerprint_from_pk (pksk, buf+1, &fprlen);
-    if (fprlen == 20)
+    if (fprlen == 20 || fprlen == 32)
       {
         buf[0] = pksk->version;
-        build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21);
+        build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, fprlen + 1);
       }
 
     /* Write the timestamp.  */
@@ -1418,7 +1658,7 @@ sig_to_notation(PKT_signature *sig)
        - n1 bytes of name data
        - n2 bytes of value data
    */
-  while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
+  while((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, &len, &seq, &crit)))
     {
       int n1,n2;
       struct notation *n=NULL;
@@ -1507,17 +1747,14 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
     {
       iobuf_put( a, 3 );
 
-      /* Version 3 packets don't support subpackets.  Actually we
-       * should never get to here but real life is different and thus
-       * we now use a log_fatal instead of a log_assert here. */
-      if (sig->hashed || sig->unhashed)
-        log_fatal ("trying to write a subpacket to a v3 signature (%d,%d)\n",
-                   !!sig->hashed, !!sig->unhashed);
+      /* Version 3 packets don't support subpackets.  */
+      log_assert (! sig->hashed);
+      log_assert (! sig->unhashed);
     }
   else
     iobuf_put( a, sig->version );
   if ( sig->version < 4 )
-    iobuf_put (a, 5 ); /* Constant */
+    iobuf_put (a, 5 ); /* Constant used by pre-v4 signatures. */
   iobuf_put (a, sig->sig_class );
   if ( sig->version < 4 )
     {
@@ -1547,8 +1784,13 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
   n = pubkey_get_nsig( sig->pubkey_algo );
   if ( !n )
     write_fake_data( a, sig->data[0] );
-  for (i=0; i < n && !rc ; i++ )
-    rc = gpg_mpi_write (a, sig->data[i] );
+  if (sig->pubkey_algo == PUBKEY_ALGO_ECDSA
+      || sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
+    for (i=0; i < n && !rc ; i++ )
+      rc = sos_write (a, sig->data[i], NULL);
+  else
+    for (i=0; i < n && !rc ; i++ )
+      rc = gpg_mpi_write (a, sig->data[i], NULL);
 
   if (!rc)
     {
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 7e60542..fb80489 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1,6 +1,7 @@
 /* call-agent.c - Divert GPG operations to the agent.
  * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
  * Copyright (C) 2013-2015  Werner Koch
+ * Copyright (C) 2020       g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -41,6 +42,7 @@
 #include "../common/status.h"
 #include "../common/shareddefs.h"
 #include "../common/host2net.h"
+#include "../common/ttyio.h"
 
 #define CONTROL_D ('D' - 'A' + 1)
 
@@ -48,6 +50,13 @@
 static assuan_context_t agent_ctx = NULL;
 static int did_early_card_test;
 
+struct confirm_parm_s
+{
+  char *desc;
+  char *ok;
+  char *notok;
+};
+
 struct default_inq_parm_s
 {
   ctrl_t ctrl;
@@ -57,6 +66,7 @@ struct default_inq_parm_s
     u32 *mainkeyid;
     int pubkey_algo;
   } keyinfo;
+  struct confirm_parm_s *confirm;
 };
 
 struct cipher_parm_s
@@ -136,6 +146,7 @@ default_inq_cb (void *opaque, const char *line)
 {
   gpg_error_t err = 0;
   struct default_inq_parm_s *parm = opaque;
+  const char *s;
 
   if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
     {
@@ -151,7 +162,7 @@ default_inq_cb (void *opaque, const char *line)
     {
       if (have_static_passphrase ())
         {
-          const char *s = get_static_passphrase ();
+          s = get_static_passphrase ();
           err = assuan_send_data (parm->ctx, s, strlen (s));
         }
       else
@@ -176,6 +187,27 @@ default_inq_cb (void *opaque, const char *line)
           xfree (pw);
         }
     }
+  else if ((s = has_leading_keyword (line, "CONFIRM"))
+           && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
+           && parm->confirm)
+    {
+      int ask = atoi (s);
+      int yes;
+
+      if (ask)
+        {
+          yes = cpr_get_answer_is_yes (NULL, parm->confirm->desc);
+          if (yes)
+            err = assuan_send_data (parm->ctx, NULL, 0);
+          else
+            err = gpg_error (GPG_ERR_NOT_CONFIRMED);
+        }
+      else
+        {
+          tty_printf ("%s", parm->confirm->desc);
+          err = assuan_send_data (parm->ctx, NULL, 0);
+        }
+    }
   else
     log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
 
@@ -188,41 +220,9 @@ default_inq_cb (void *opaque, const char *line)
 static gpg_error_t
 warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
 {
-  gpg_error_t err;
-  char *serverversion;
-  const char *myversion = strusage (13);
-
-  err = get_assuan_server_version (ctx, mode, &serverversion);
-  if (err)
-    log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
-             GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
-             _("error getting version from '%s': %s\n"),
-             servername, gpg_strerror (err));
-  else if (compare_version_strings (serverversion, myversion) < 0)
-    {
-      char *warn;
-
-      warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
-                           servername, serverversion, myversion);
-      if (!warn)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          log_info (_("WARNING: %s\n"), warn);
-          if (!opt.quiet)
-            {
-              log_info (_("Note: Outdated servers may lack important"
-                          " security fixes.\n"));
-              log_info (_("Note: Use the command \"%s\" to restart them.\n"),
-                        "gpgconf --kill all");
-            }
-          write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
-                                " ", warn, NULL);
-          xfree (warn);
-        }
-    }
-  xfree (serverversion);
-  return err;
+  return warn_server_version_mismatch (ctx, servername, mode,
+                                       write_status_strings2, NULL,
+                                       !opt.quiet);
 }
 
 
@@ -390,22 +390,23 @@ unescape_status_string (const unsigned char *s)
 }
 
 
-/* Take a 20 byte hexencoded string and put it into the provided
-   20 byte buffer FPR in binary format. */
-static int
-unhexify_fpr (const char *hexstr, unsigned char *fpr)
+/* Take a 20 or 32 byte hexencoded string and put it into the provided
+ * FPRLEN byte long buffer FPR in binary format.  Returns the actual
+ * used length of the FPR buffer or 0 on error.  */
+static unsigned int
+unhexify_fpr (const char *hexstr, unsigned char *fpr, unsigned int fprlen)
 {
   const char *s;
   int n;
 
   for (s=hexstr, n=0; hexdigitp (s); s++, n++)
     ;
-  if ((*s && *s != ' ') || (n != 40))
+  if ((*s && *s != ' ') || !(n == 40 || n == 64))
     return 0; /* no fingerprint (invalid or wrong length). */
-  for (s=hexstr, n=0; *s && n < 20; s += 2, n++)
+  for (s=hexstr, n=0; *s && n < fprlen; s += 2, n++)
     fpr[n] = xtoi_2 (s);
 
-  return 1; /* okay */
+  return (n == 20 || n == 32)? n : 0;
 }
 
 /* Take the serial number from LINE and return it verbatim in a newly
@@ -491,13 +492,18 @@ agent_release_card_info (struct agent_card_info_s *info)
   xfree (info->disp_lang); info->disp_lang = NULL;
   xfree (info->pubkey_url); info->pubkey_url = NULL;
   xfree (info->login_data); info->login_data = NULL;
-  info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
-  info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
+  info->cafpr1len = info->cafpr2len = info->cafpr3len = 0;
+  info->fpr1len = info->fpr2len = info->fpr3len = 0;
   for (i=0; i < DIM(info->private_do); i++)
     {
       xfree (info->private_do[i]);
       info->private_do[i] = NULL;
     }
+  for (i=0; i < DIM(info->supported_keyalgo); i++)
+    {
+      free_strlist (info->supported_keyalgo[i]);
+      info->supported_keyalgo[i] = NULL;
+    }
 }
 
 
@@ -525,7 +531,8 @@ learn_status_cb (void *opaque, const char *line)
       xfree (parm->serialno);
       parm->serialno = store_serialno (line);
       parm->is_v2 = (strlen (parm->serialno) >= 16
-                     && xtoi_2 (parm->serialno+12) >= 2 );
+                     && (xtoi_2 (parm->serialno+12) == 0 /* Yubikey */
+                         || xtoi_2 (parm->serialno+12) >= 2));
     }
   else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
     {
@@ -612,6 +619,8 @@ learn_status_cb (void *opaque, const char *line)
                     parm->extcap.ki = abool;
                   else if (!strcmp (p, "aac"))
                     parm->extcap.aac = abool;
+                  else if (!strcmp (p, "bt"))
+                    parm->extcap.bt = abool;
                   else if (!strcmp (p, "kdf"))
                     parm->extcap.kdf = abool;
                   else if (!strcmp (p, "si"))
@@ -629,11 +638,11 @@ learn_status_cb (void *opaque, const char *line)
       while (spacep (line))
         line++;
       if (no == 1)
-        parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
+        parm->fpr1len = unhexify_fpr (line, parm->fpr1, sizeof parm->fpr1);
       else if (no == 2)
-        parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
+        parm->fpr2len = unhexify_fpr (line, parm->fpr2, sizeof parm->fpr2);
       else if (no == 3)
-        parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
+        parm->fpr3len = unhexify_fpr (line, parm->fpr3, sizeof parm->fpr3);
     }
   else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
     {
@@ -661,11 +670,11 @@ learn_status_cb (void *opaque, const char *line)
       if (strncmp (line, "OPENPGP.", 8))
         ;
       else if ((no = atoi (line+8)) == 1)
-        unhexify_fpr (hexgrp, parm->grp1);
+        unhexify_fpr (hexgrp, parm->grp1, sizeof parm->grp1);
       else if (no == 2)
-        unhexify_fpr (hexgrp, parm->grp2);
+        unhexify_fpr (hexgrp, parm->grp2, sizeof parm->grp2);
       else if (no == 3)
-        unhexify_fpr (hexgrp, parm->grp3);
+        unhexify_fpr (hexgrp, parm->grp3, sizeof parm->grp3);
     }
   else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
     {
@@ -675,11 +684,11 @@ learn_status_cb (void *opaque, const char *line)
       while (spacep (line))
         line++;
       if (no == 1)
-        parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
+        parm->cafpr1len = unhexify_fpr (line, parm->cafpr1,sizeof parm->cafpr1);
       else if (no == 2)
-        parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
+        parm->cafpr2len = unhexify_fpr (line, parm->cafpr2,sizeof parm->cafpr2);
       else if (no == 3)
-        parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
+        parm->cafpr3len = unhexify_fpr (line, parm->cafpr3,sizeof parm->cafpr3);
     }
   else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
     {
@@ -730,6 +739,36 @@ learn_status_cb (void *opaque, const char *line)
         parm->kdf_do_enabled = 2;
       xfree (data);
     }
+  else if (keywordlen == 5 && !memcmp (keyword, "UIF-", 4)
+           && strchr("123", keyword[4]))
+    {
+      unsigned char *data;
+      int no = keyword[4] - '1';
+
+      log_assert (no >= 0 && no <= 2);
+      data = unescape_status_string (line);
+      parm->uif[no] = (data[0] != 0xff);
+      xfree (data);
+    }
+  else if (keywordlen == 13 && !memcmp (keyword, "KEY-ATTR-INFO", 13))
+    {
+      if (!strncmp (line, "OPENPGP.", 8))
+        {
+          int no;
+
+          line += 8;
+          no = atoi (line);
+          if (no >= 1 && no <= 3)
+            {
+              no--;
+              line++;
+              while (spacep (line))
+                line++;
+              append_to_strlist (&parm->supported_keyalgo[no], xstrdup (line));
+            }
+        }
+        /* Skip when it's not "OPENPGP.[123]".  */
+    }
 
   return 0;
 }
@@ -776,15 +815,23 @@ agent_scd_learn (struct agent_card_info_s *info, int force)
 
 
 
+struct keypairinfo_cb_parm_s
+{
+  keypair_info_t kpinfo;
+  keypair_info_t *kpinfo_tail;
+};
+
+
 /* Callback for the agent_scd_keypairinfo function.  */
 static gpg_error_t
 scd_keypairinfo_status_cb (void *opaque, const char *line)
 {
-  strlist_t *listaddr = opaque;
+  struct keypairinfo_cb_parm_s *parm = opaque;
+  gpg_error_t err = 0;
   const char *keyword = line;
   int keywordlen;
-  strlist_t sl;
-  char *p;
+  char *line_buffer = NULL;
+  keypair_info_t kpi = NULL;
 
   for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
     ;
@@ -793,52 +840,108 @@ scd_keypairinfo_status_cb (void *opaque, const char *line)
 
   if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
     {
-      sl = append_to_strlist (listaddr, line);
-      p = sl->d;
-      /* Make sure that we only have two tokens so that future
-       * extensions of the format won't change the format expected by
-       * the caller.  */
-      while (*p && !spacep (p))
-        p++;
-      if (*p)
+      /* The format of such a line is:
+       *   KEYPAIRINFO <hexgrip> <keyref> [usage] [keytime] [algostr]
+       */
+      const char *fields[4];
+      int nfields;
+      const char *hexgrp, *keyref, *usage;
+      time_t atime;
+      u32 keytime;
+
+      line_buffer = xtrystrdup (line);
+      if (!line_buffer)
         {
-          while (spacep (p))
-            p++;
-          while (*p && !spacep (p))
-            p++;
-          if (*p)
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
+        goto leave;  /* not enough args - invalid status line - ignore  */
+
+      hexgrp = fields[0];
+      keyref = fields[1];
+      if (nfields > 2)
+        usage = fields[2];
+      else
+        usage = "";
+      if (nfields > 3)
+        {
+          atime = parse_timestamp (fields[3], NULL);
+          if (atime == (time_t)(-1))
+            atime = 0;
+          keytime = atime;
+        }
+      else
+        keytime = 0;
+
+      kpi = xtrycalloc (1, sizeof *kpi);
+      if (!kpi)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      if (*hexgrp == 'X' && !hexgrp[1])
+        *kpi->keygrip = 0; /* No hexgrip.  */
+      else if (strlen (hexgrp) == 2*KEYGRIP_LEN)
+        mem2str (kpi->keygrip, hexgrp, sizeof kpi->keygrip);
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+
+      if (!*keyref)
+        {
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      kpi->idstr = xtrystrdup (keyref);
+      if (!kpi->idstr)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      /* Parse and set the usage.  */
+      for (; *usage; usage++)
+        {
+          switch (*usage)
             {
-              *p++ = 0;
-              while (spacep (p))
-                p++;
-              while (*p && !spacep (p))
-                {
-                  switch (*p++)
-                    {
-                    case 'c': sl->flags |= GCRY_PK_USAGE_CERT; break;
-                    case 's': sl->flags |= GCRY_PK_USAGE_SIGN; break;
-                    case 'e': sl->flags |= GCRY_PK_USAGE_ENCR; break;
-                    case 'a': sl->flags |= GCRY_PK_USAGE_AUTH; break;
-                    }
-                }
+            case 's': kpi->usage |= GCRY_PK_USAGE_SIGN; break;
+            case 'c': kpi->usage |= GCRY_PK_USAGE_CERT; break;
+            case 'a': kpi->usage |= GCRY_PK_USAGE_AUTH; break;
+            case 'e': kpi->usage |= GCRY_PK_USAGE_ENCR; break;
             }
         }
+
+      kpi->keytime = keytime;
+
+      /* Append to the list.  */
+      *parm->kpinfo_tail = kpi;
+      parm->kpinfo_tail = &kpi->next;
+      kpi = NULL;
     }
 
-  return 0;
+ leave:
+  free_keypair_info (kpi);
+  xfree (line_buffer);
+  return err;
 }
 
 
 /* Read the keypairinfo lines of the current card directly from
  * scdaemon.  The list is returned as a string made up of the keygrip,
  * a space and the keyref.  The flags of the string carry the usage
- * bits. */
+ * bits.  If KEYREF is not NULL, only a single string is returned
+ * which matches the given keyref. */
 gpg_error_t
-agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
+agent_scd_keypairinfo (ctrl_t ctrl, const char *keyref, keypair_info_t *r_list)
 {
   gpg_error_t err;
-  strlist_t list = NULL;
+  struct keypairinfo_cb_parm_s parm;
   struct default_inq_parm_s inq_parm;
+  char line[ASSUAN_LINELENGTH];
 
   *r_list = NULL;
   err= start_agent (ctrl, 1);
@@ -847,26 +950,34 @@ agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
   memset (&inq_parm, 0, sizeof inq_parm);
   inq_parm.ctx = agent_ctx;
 
-  err = assuan_transact (agent_ctx, "SCD LEARN --keypairinfo",
+  parm.kpinfo = NULL;
+  parm.kpinfo_tail = &parm.kpinfo;
+
+  if (keyref)
+    snprintf (line, DIM(line), "SCD READKEY --info-only %s", keyref);
+  else
+    snprintf (line, DIM(line), "SCD LEARN --keypairinfo");
+
+  err = assuan_transact (agent_ctx, line,
                          NULL, NULL,
                          default_inq_cb, &inq_parm,
-                         scd_keypairinfo_status_cb, &list);
-  if (!err && !list)
+                         scd_keypairinfo_status_cb, &parm);
+  if (!err && !parm.kpinfo)
     err = gpg_error (GPG_ERR_NO_DATA);
+
   if (err)
-    {
-      free_strlist (list);
-      return err;
-    }
-  *r_list = list;
-  return 0;
+    free_keypair_info (parm.kpinfo);
+  else
+    *r_list = parm.kpinfo;
+  return err;
 }
 
 
 
 /* Send an APDU to the current card.  On success the status word is
- * stored at R_SW.  With HEXAPDU being NULL only a RESET command is
- * send to scd.  HEXAPDU may also be one of these special strings:
+ * stored at R_SW unless R_SQ is NULL.  With HEXAPDU being NULL only a
+ * RESET command is send to scd.  HEXAPDU may also be one of theseo
+ * special strings:
  *
  *   "undefined"       :: Send the command "SCD SERIALNO undefined"
  *   "lock"            :: Send the command "SCD LOCK --wait"
@@ -949,6 +1060,28 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
   return err;
 }
 
+int
+agent_keytotpm (ctrl_t ctrl, const char *hexgrip)
+{
+  int rc;
+  char line[ASSUAN_LINELENGTH];
+  struct default_inq_parm_s parm;
+
+  snprintf(line, DIM(line), "KEYTOTPM %s\n", hexgrip);
+
+  rc = start_agent (ctrl, 0);
+  if (rc)
+    return rc;
+  parm.ctx = agent_ctx;
+  parm.ctrl = ctrl;
+
+  rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
+			NULL, NULL);
+  if (rc)
+    log_log (GPGRT_LOGLVL_ERROR, _("error from TPM: %s\n"), gpg_strerror (rc));
+  return rc;
+}
+
 
 /* Used by:
  *  card_store_subkey
@@ -974,9 +1107,13 @@ agent_keytocard (const char *hexgrip, int keyno, int force,
 
   rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
                         NULL, NULL);
-  status_sc_op_failure (rc);
+  if (rc)
+    return rc;
+
   return rc;
 }
+
+
 
 /* Object used with the agent_scd_getattr_one.  */
 struct getattr_one_parm_s {
@@ -1008,7 +1145,7 @@ getattr_one_status_cb (void *opaque, const char *line)
 
 
 /* Simplified version of agent_scd_getattr.  This function returns
- * only the first occurance of the attribute NAME and stores it at
+ * only the first occurrence of the attribute NAME and stores it at
  * R_VALUE.  A nul in the result is silennly replaced by 0xff.  On
  * error NULL is stored at R_VALUE.  */
 gpg_error_t
@@ -1095,19 +1232,6 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info)
   parm.ctx = agent_ctx;
   rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
                         learn_status_cb, info);
-  if (!rc && !strcmp (name, "KEY-FPR"))
-    {
-      /* Let the agent create the shadow keys if not yet done.  */
-      if (info->fpr1valid)
-        assuan_transact (agent_ctx, "READKEY --card --no-data -- $SIGNKEYID",
-                         NULL, NULL, NULL, NULL, NULL, NULL);
-      if (info->fpr2valid)
-        assuan_transact (agent_ctx, "READKEY --card --no-data -- $ENCRKEYID",
-                         NULL, NULL, NULL, NULL, NULL, NULL);
-      if (info->fpr3valid)
-        assuan_transact (agent_ctx, "READKEY --card --no-data -- $AUTHKEYID",
-                         NULL, NULL, NULL, NULL, NULL, NULL);
-    }
 
   return rc;
 }
@@ -1307,6 +1431,9 @@ agent_scd_serialno (char **r_serialno, const char *demand)
   char *serialno = NULL;
   char line[ASSUAN_LINELENGTH];
 
+  if (r_serialno)
+    *r_serialno = NULL;
+
   err = start_agent (NULL, (1 | FLAG_FOR_CARD_SUPPRESS_ERRORS));
   if (err)
     return err;
@@ -1325,7 +1452,11 @@ agent_scd_serialno (char **r_serialno, const char *demand)
       return err;
     }
 
-  *r_serialno = serialno;
+  if (r_serialno)
+    *r_serialno = serialno;
+  else
+    xfree (serialno);
+
   return 0;
 }
 
@@ -1374,11 +1505,63 @@ agent_scd_readcert (const char *certidstr,
 }
 
 
+/* Callback for the agent_scd_readkey function.  */
+static gpg_error_t
+readkey_status_cb (void *opaque, const char *line)
+{
+  u32 *keytimep = opaque;
+  gpg_error_t err = 0;
+  const char *args;
+  char *line_buffer = NULL;
+
+  /* FIXME: Get that info from the KEYPAIRINFO line.  */
+  if ((args = has_leading_keyword (line, "KEYPAIRINFO"))
+      && !*keytimep)
+    {
+      /* The format of such a line is:
+       *   KEYPAIRINFO <hexgrip> <keyref> [usage] [keytime]
+       *
+       * Note that we use only the first valid KEYPAIRINFO line.  More
+       * lines are possible if a second card carries the same key.
+       */
+      const char *fields[4];
+      int nfields;
+      time_t atime;
+
+      line_buffer = xtrystrdup (line);
+      if (!line_buffer)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 4)
+        goto leave;  /* not enough args - ignore  */
+
+      if (nfields > 3)
+        {
+          atime = parse_timestamp (fields[3], NULL);
+          if (atime == (time_t)(-1))
+            atime = 0;
+          *keytimep = atime;
+        }
+      else
+        *keytimep = 0;
+    }
+
+ leave:
+  xfree (line_buffer);
+  return err;
+}
+
+
 /* This is a variant of agent_readkey which sends a READKEY command
  * directly Scdaemon.  On success a new s-expression is stored at
- * R_RESULT.  */
+ * R_RESULT.  If R_KEYTIME is not NULL the key cresation time of an
+ * OpenPGP card is stored there - if that is not known 0 is stored.
+ * In the latter case it is allowed to pass NULL for R_RESULT.  */
 gpg_error_t
-agent_scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result)
+agent_scd_readkey (ctrl_t ctrl, const char *keyrefstr,
+                   gcry_sexp_t *r_result, u32 *r_keytime)
 {
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
@@ -1386,21 +1569,28 @@ agent_scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result)
   unsigned char *buf;
   size_t len, buflen;
   struct default_inq_parm_s dfltparm;
+  u32 keytime;
 
   memset (&dfltparm, 0, sizeof dfltparm);
   dfltparm.ctx = agent_ctx;
 
-  *r_result = NULL;
-  err = start_agent (NULL, 1);
+  if (r_result)
+    *r_result = NULL;
+  if (r_keytime)
+    *r_keytime = 0;
+  err = start_agent (ctrl, 1);
   if (err)
     return err;
 
   init_membuf (&data, 1024);
-  snprintf (line, DIM(line), "SCD READKEY %s", keyrefstr);
+  snprintf (line, DIM(line),
+            "SCD READKEY --info%s -- %s",
+            r_result? "":"-only", keyrefstr);
+  keytime = 0;
   err = assuan_transact (agent_ctx, line,
                          put_membuf_cb, &data,
                          default_inq_cb, &dfltparm,
-                         NULL, NULL);
+                         readkey_status_cb, &keytime);
   if (err)
     {
       xfree (get_membuf (&data, &len));
@@ -1410,36 +1600,18 @@ agent_scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result)
   if (!buf)
     return gpg_error_from_syserror ();
 
-  err = gcry_sexp_new (r_result, buf, buflen, 0);
+  if (r_result)
+    err = gcry_sexp_new (r_result, buf, buflen, 0);
+  else
+    err = 0;
   xfree (buf);
 
+  if (!err && r_keytime)
+    *r_keytime = keytime;
   return err;
 }
 
 
-/* This can be called for a quick and dirty update/creation of the
- * shadow key stubs.   */
-gpg_error_t
-agent_update_shadow_keys (void)
-{
-  gpg_error_t err;
-
-  err = start_agent (NULL, 1);
-  if (err)
-    return err;
-
-  assuan_transact (agent_ctx, "READKEY --card --no-data -- $SIGNKEYID",
-                   NULL, NULL, NULL, NULL, NULL, NULL);
-  assuan_transact (agent_ctx, "READKEY --card --no-data -- $ENCRKEYID",
-                   NULL, NULL, NULL, NULL, NULL, NULL);
-  assuan_transact (agent_ctx, "READKEY --card --no-data -- $AUTHKEYID",
-                   NULL, NULL, NULL, NULL, NULL, NULL);
-
-  return err;
-}
-
-
-
 
 struct card_cardlist_parm_s {
   int error;
@@ -1492,7 +1664,7 @@ agent_scd_cardlist (strlist_t *result)
 
   memset (&parm, 0, sizeof parm);
   *result = NULL;
-  err = start_agent (NULL, 1);
+  err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
   if (err)
     return err;
 
@@ -1514,6 +1686,172 @@ agent_scd_cardlist (strlist_t *result)
 
 
 
+struct card_keyinfo_parm_s {
+  int error;
+  keypair_info_t list;
+};
+
+/* Callback function for agent_card_keylist.  */
+static gpg_error_t
+card_keyinfo_cb (void *opaque, const char *line)
+{
+  gpg_error_t err = 0;
+  struct card_keyinfo_parm_s *parm = opaque;
+  const char *keyword = line;
+  int keywordlen;
+
+  for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+    ;
+  while (spacep (line))
+    line++;
+
+  if (keywordlen == 7 && !memcmp (keyword, "KEYINFO", keywordlen))
+    {
+      const char *s;
+      int n;
+      keypair_info_t keyinfo;
+      keypair_info_t *l_p = &parm->list;
+
+      while ((*l_p))
+        l_p = &(*l_p)->next;
+
+      keyinfo = xtrycalloc (1, sizeof *keyinfo);
+      if (!keyinfo)
+        {
+        alloc_error:
+          if (!parm->error)
+            parm->error = gpg_error_from_syserror ();
+          return 0;
+        }
+
+      for (n=0,s=line; hexdigitp (s); s++, n++)
+        ;
+
+      if (n != 40)
+        {
+        parm_error:
+          if (!parm->error)
+            parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+          return 0;
+        }
+
+      memcpy (keyinfo->keygrip, line, 40);
+      keyinfo->keygrip[40] = 0;
+
+      line = s;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      if (*line++ != 'T')
+        goto parm_error;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      for (n=0,s=line; hexdigitp (s); s++, n++)
+        ;
+
+      if (!n)
+        goto parm_error;
+
+      keyinfo->serialno = xtrymalloc (n+1);
+      if (!keyinfo->serialno)
+        goto alloc_error;
+
+      memcpy (keyinfo->serialno, line, n);
+      keyinfo->serialno[n] = 0;
+
+      line = s;
+
+      if (!*line)
+        goto parm_error;
+
+      while (spacep (line))
+        line++;
+
+      if (!*line)
+        goto parm_error;
+
+      keyinfo->idstr = xtrystrdup (line);
+      if (!keyinfo->idstr)
+        goto alloc_error;
+
+      *l_p = keyinfo;
+    }
+
+  return err;
+}
+
+
+/* Free a keypair info list.  */
+void
+free_keypair_info (keypair_info_t l)
+{
+  keypair_info_t l_next;
+
+  for (; l; l = l_next)
+    {
+      l_next = l->next;
+      xfree (l->serialno);
+      xfree (l->idstr);
+      xfree (l);
+    }
+}
+
+/* Call the scdaemon to check if a key of KEYGRIP is available, or
+   retrieve list of available keys on cards.  With CAP, we can limit
+   keys with specified capability.  On success, the allocated
+   structure is stored at RESULT.  On error, an error code is returned
+   and NULL is stored at RESULT.  */
+gpg_error_t
+agent_scd_keyinfo (const char *keygrip, int cap,
+                   keypair_info_t *result)
+{
+  int err;
+  struct card_keyinfo_parm_s parm;
+  char line[ASSUAN_LINELENGTH];
+  char *list_option;
+
+  *result = NULL;
+
+  switch (cap)
+    {
+    case                  0: list_option = "--list";      break;
+    case GCRY_PK_USAGE_SIGN: list_option = "--list=sign"; break;
+    case GCRY_PK_USAGE_ENCR: list_option = "--list=encr"; break;
+    case GCRY_PK_USAGE_AUTH: list_option = "--list=auth"; break;
+    default:                 return gpg_error (GPG_ERR_INV_VALUE);
+    }
+
+  memset (&parm, 0, sizeof parm);
+  snprintf (line, sizeof line, "SCD KEYINFO %s",
+            keygrip ? keygrip : list_option);
+
+  err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  err = assuan_transact (agent_ctx, line,
+                         NULL, NULL, NULL, NULL,
+                         card_keyinfo_cb, &parm);
+  if (!err && parm.error)
+    err = parm.error;
+
+  if (!err)
+    *result = parm.list;
+  else
+    free_keypair_info (parm.list);
+
+  return err;
+}
+
 /* Change the PIN of an OpenPGP card or reset the retry counter.
  * CHVNO 1: Change the PIN
  *       2: For v1 cards: Same as 1.
@@ -1744,19 +2082,19 @@ gpg_agent_get_confirmation (const char *desc)
 }
 
 
-/* Return the S2K iteration count as computed by gpg-agent.  */
-gpg_error_t
-agent_get_s2k_count (unsigned long *r_count)
+/* Return the S2K iteration count as computed by gpg-agent.  On error
+ * print a warning and return a default value. */
+unsigned long
+agent_get_s2k_count (void)
 {
   gpg_error_t err;
   membuf_t data;
   char *buf;
-
-  *r_count = 0;
+  unsigned long count = 0;
 
   err = start_agent (NULL, 0);
   if (err)
-    return err;
+    goto leave;
 
   init_membuf (&data, 32);
   err = assuan_transact (agent_ctx, "GETINFO s2k_count",
@@ -1772,24 +2110,84 @@ agent_get_s2k_count (unsigned long *r_count)
         err = gpg_error_from_syserror ();
       else
         {
-          *r_count = strtoul (buf, NULL, 10);
+          count = strtoul (buf, NULL, 10);
           xfree (buf);
         }
     }
-  return err;
+
+ leave:
+  if (err || count < 65536)
+    {
+      /* Don't print an error if an older agent is used.  */
+      if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+        log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+
+      /* Default to 65536 which was used up to 2.0.13.  */
+      count = 65536;
+    }
+
+  return count;
 }
 
 
 
+struct keyinfo_data_parm_s
+{
+  char *serialno;
+  int is_smartcard;
+  int passphrase_cached;
+  int cleartext;
+  int card_available;
+};
+
+
+static gpg_error_t
+keyinfo_status_cb (void *opaque, const char *line)
+{
+  struct keyinfo_data_parm_s *data = opaque;
+  char *s;
+
+  if ((s = has_leading_keyword (line, "KEYINFO")) && data)
+    {
+      /* Parse the arguments:
+       *      0        1        2        3       4          5
+       *   <keygrip> <type> <serialno> <idstr> <cached> <protection>
+       *
+       *      6        7        8
+       *   <sshfpr>  <ttl>  <flags>
+       */
+      const char *fields[9];
+
+      if (split_fields (s, fields, DIM (fields)) == 9)
+        {
+          data->is_smartcard = (fields[1][0] == 'T');
+          if (data->is_smartcard && !data->serialno && strcmp (fields[2], "-"))
+            data->serialno = xtrystrdup (fields[2]);
+          /* '1' for cached */
+          data->passphrase_cached = (fields[4][0] == '1');
+          /* 'P' for protected, 'C' for clear */
+          data->cleartext = (fields[5][0] == 'C');
+          /* 'A' for card is available */
+          data->card_available = (fields[8][0] == 'A');
+        }
+    }
+  return 0;
+}
+
+
 /* Ask the agent whether a secret key for the given public key is
-   available.  Returns 0 if available.  */
-gpg_error_t
+   available.  Returns 0 if not available.  Bigger value is preferred.  */
+int
 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 {
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   char *hexgrip;
 
+  struct keyinfo_data_parm_s keyinfo;
+
+  memset (&keyinfo, 0, sizeof keyinfo);
+
   err = start_agent (ctrl, 0);
   if (err)
     return err;
@@ -1798,11 +2196,25 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
   if (err)
     return err;
 
-  snprintf (line, sizeof line, "HAVEKEY %s", hexgrip);
+  snprintf (line, sizeof line, "KEYINFO %s", hexgrip);
   xfree (hexgrip);
 
-  err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
-  return err;
+  err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
+                         keyinfo_status_cb, &keyinfo);
+  xfree (keyinfo.serialno);
+  if (err)
+    return 0;
+
+  if (keyinfo.card_available)
+    return 4;
+
+  if (keyinfo.passphrase_cached)
+    return 3;
+
+  if (keyinfo.is_smartcard)
+    return 2;
+
+  return 1;
 }
 
 /* Ask the agent whether a secret key is available for any of the
@@ -1815,7 +2227,7 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
   char *p;
   kbnode_t kbctx, node;
   int nkeys;
-  unsigned char grip[20];
+  unsigned char grip[KEYGRIP_LEN];
 
   err = start_agent (ctrl, 0);
   if (err)
@@ -1858,41 +2270,6 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
 
 
 
-struct keyinfo_data_parm_s
-{
-  char *serialno;
-  int cleartext;
-};
-
-
-static gpg_error_t
-keyinfo_status_cb (void *opaque, const char *line)
-{
-  struct keyinfo_data_parm_s *data = opaque;
-  int is_smartcard;
-  char *s;
-
-  if ((s = has_leading_keyword (line, "KEYINFO")) && data)
-    {
-      /* Parse the arguments:
-       *      0        1        2        3       4          5
-       *   <keygrip> <type> <serialno> <idstr> <cached> <protection>
-       */
-      char *fields[6];
-
-      if (split_fields (s, fields, DIM (fields)) == 6)
-        {
-          is_smartcard = (fields[1][0] == 'T');
-          if (is_smartcard && !data->serialno && strcmp (fields[2], "-"))
-            data->serialno = xtrystrdup (fields[2]);
-          /* 'P' for protected, 'C' for clear */
-          data->cleartext = (fields[5][0] == 'C');
-        }
-    }
-  return 0;
-}
-
-
 /* Return the serial number for a secret key.  If the returned serial
    number is NULL, the key is not stored on a smartcard.  Caller needs
    to free R_SERIALNO.
@@ -2088,10 +2465,12 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, char **passwd_nonce_addr,
 
 
 
-/* Call the agent to read the public key part for a given keygrip.  If
-   FROMCARD is true, the key is directly read from the current
-   smartcard. In this case HEXKEYGRIP should be the keyID
-   (e.g. OPENPGP.3). */
+/* Call the agent to read the public key part for a given keygrip.
+ * Values from FROMCARD:
+ *   0 - Standard
+ *   1 - The key is read from the current card
+ *       via the agent and a stub file is created.
+ */
 gpg_error_t
 agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
                unsigned char **r_pubkey)
@@ -2116,8 +2495,10 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
   if (err)
     return err;
 
-  snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
-            hexkeygrip);
+  if (fromcard)
+    snprintf (line, DIM(line), "READKEY --card -- %s", hexkeygrip);
+  else
+    snprintf (line, DIM(line), "READKEY -- %s", hexkeygrip);
 
   init_membuf (&data, 1024);
   err = assuan_transact (agent_ctx, line,
@@ -2206,10 +2587,16 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce,
   snprintf (line, sizeof line, "PKSIGN%s%s",
             cache_nonce? " -- ":"",
             cache_nonce? cache_nonce:"");
+
+  if (DBG_CLOCK)
+    log_clock ("enter signing");
   err = assuan_transact (agent_ctx, line,
                          put_membuf_cb, &data,
                          default_inq_cb, &dfltparm,
                          NULL, NULL);
+  if (DBG_CLOCK)
+    log_clock ("leave signing");
+
   if (err)
     xfree (get_membuf (&data, NULL));
   else
@@ -2588,6 +2975,31 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
 }
 
 
+/* Status callback for handling confirmation.  */
+static gpg_error_t
+confirm_status_cb (void *opaque, const char *line)
+{
+  struct confirm_parm_s *parm = opaque;
+  const char *s;
+
+  if ((s = has_leading_keyword (line, "SETDESC")))
+    {
+      xfree (parm->desc);
+      parm->desc = unescape_status_string (s);
+    }
+  else if ((s = has_leading_keyword (line, "SETOK")))
+    {
+      xfree (parm->ok);
+      parm->ok = unescape_status_string (s);
+    }
+  else if ((s = has_leading_keyword (line, "SETNOTOK")))
+    {
+      xfree (parm->notok);
+      parm->notok = unescape_status_string (s);
+    }
+
+  return 0;
+}
 
 /* Ask the agent to delete the key identified by HEXKEYGRIP.  If DESC
    is not NULL, display DESC instead of the default description
@@ -2600,13 +3012,17 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   struct default_inq_parm_s dfltparm;
+  struct confirm_parm_s confirm_parm;
 
+  memset (&confirm_parm, 0, sizeof confirm_parm);
   memset (&dfltparm, 0, sizeof dfltparm);
   dfltparm.ctrl = ctrl;
+  dfltparm.confirm = &confirm_parm;
 
   err = start_agent (ctrl, 0);
   if (err)
     return err;
+  dfltparm.ctx = agent_ctx;
 
   if (!hexkeygrip || strlen (hexkeygrip) != 40)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -2624,7 +3040,10 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
             force? " --force":"", hexkeygrip);
   err = assuan_transact (agent_ctx, line, NULL, NULL,
                          default_inq_cb, &dfltparm,
-                         NULL, NULL);
+                         confirm_status_cb, &confirm_parm);
+  xfree (confirm_parm.desc);
+  xfree (confirm_parm.ok);
+  xfree (confirm_parm.notok);
   return err;
 }
 
diff --git a/g10/call-agent.h b/g10/call-agent.h
index dbc6e2f..efea7ec 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -41,15 +41,15 @@ struct agent_card_info_s
   char *pubkey_url;  /* malloced. */
   char *login_data;  /* malloced. */
   char *private_do[4]; /* malloced. */
-  char cafpr1valid;
-  char cafpr2valid;
-  char cafpr3valid;
+  char cafpr1len;     /* Length of the CA-fingerprint or 0 if invalid.  */
+  char cafpr2len;
+  char cafpr3len;
   char cafpr1[20];
   char cafpr2[20];
   char cafpr3[20];
-  char fpr1valid;
-  char fpr2valid;
-  char fpr3valid;
+  unsigned char fpr1len; /* Length of the fingerprint or 0 if invalid.  */
+  unsigned char fpr2len;
+  unsigned char fpr3len;
   char fpr1[20];
   char fpr2[20];
   char fpr3[20];
@@ -71,12 +71,28 @@ struct agent_card_info_s
     unsigned int ki:1;     /* Key import available.  */
     unsigned int aac:1;    /* Algorithm attributes are changeable.  */
     unsigned int kdf:1;    /* KDF object to support PIN hashing available.  */
+    unsigned int bt:1;     /* Button for confirmation available.  */
   } extcap;
   unsigned int status_indicator;
   int kdf_do_enabled;      /* Non-zero if card has a KDF object, 0 if not.  */
+  int uif[3];              /* True if User Interaction Flag is on.  */
+  strlist_t supported_keyalgo[3];
 };
 
 
+/* Object to store information from the KEYPAIRINFO or the KEYINFO
+ * status lines.  */
+struct keypair_info_s
+{
+  struct keypair_info_s *next;
+  char keygrip[2 * KEYGRIP_LEN + 1];  /* Stored in hex.  */
+  char *serialno;      /* NULL or the malloced serialno.  */
+  char *idstr;         /* Malloced keyref (e.g. "OPENPGP.1") */
+  unsigned int usage;  /* Key usage flags.  */
+  u32 keytime;         /* Key creation time from the card's DO.  */
+  int algo;            /* Helper to store the pubkey algo.       */
+};
+typedef struct keypair_info_s *keypair_info_t;
 
 /* Release the card info structure. */
 void agent_release_card_info (struct agent_card_info_s *info);
@@ -85,11 +101,19 @@ void agent_release_card_info (struct agent_card_info_s *info);
 int agent_scd_learn (struct agent_card_info_s *info, int force);
 
 /* Get the keypariinfo directly from scdaemon.  */
-gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list);
+gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, const char *keyref,
+                                   keypair_info_t *r_list);
 
 /* Return list of cards.  */
 int agent_scd_cardlist (strlist_t *result);
 
+/* Free a keypair info list.  */
+void free_keypair_info (keypair_info_t l);
+
+/* Return card key information.  */
+gpg_error_t agent_scd_keyinfo (const char *keygrip, int cap,
+                               keypair_info_t *result);
+
 /* Return the serial number, possibly select by DEMAND.  */
 int agent_scd_serialno (char **r_serialno, const char *demand);
 
@@ -102,6 +126,9 @@ gpg_error_t agent_scd_getattr_one (const char *name, char **r_value);
 /* Update INFO with the attribute NAME. */
 int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
 
+/* send the KEYTOTPM command */
+int agent_keytotpm (ctrl_t ctrl, const char *hexgrip);
+
 /* Send the KEYTOCARD command. */
 int agent_keytocard (const char *hexgrip, int keyno, int force,
                      const char *serialno, const char *timestamp);
@@ -122,10 +149,8 @@ int agent_scd_readcert (const char *certidstr,
                         void **r_buf, size_t *r_buflen);
 
 /* Send a READKEY command to the SCdaemon.  */
-gpg_error_t agent_scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result);
-
-/* Update common shadow key stubs.  */
-gpg_error_t agent_update_shadow_keys (void);
+gpg_error_t agent_scd_readkey (ctrl_t ctrl, const char *keyrefstr,
+                               gcry_sexp_t *r_result, u32 *r_keytime);
 
 /* Change the PIN of an OpenPGP card or reset the retry counter. */
 int agent_scd_change_pin (int chvno, const char *serialno);
@@ -150,13 +175,13 @@ gpg_error_t agent_clear_passphrase (const char *cache_id);
 gpg_error_t gpg_agent_get_confirmation (const char *desc);
 
 /* Return the S2K iteration count as computed by gpg-agent.  */
-gpg_error_t agent_get_s2k_count (unsigned long *r_count);
+unsigned long agent_get_s2k_count (void);
 
 /* Check whether a secret key for public key PK is available.  Returns
-   0 if the secret key is available. */
-gpg_error_t agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk);
+   0 if not available, positive value if the secret key is available. */
+int agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk);
 
-/* Ask the agent whether a secret key is availabale for any of the
+/* Ask the agent whether a secret key is available for any of the
    keys (primary or sub) in KEYBLOCK.  Returns 0 if available.  */
 gpg_error_t agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock);
 
@@ -172,7 +197,7 @@ gpg_error_t agent_genkey (ctrl_t ctrl,
                           const char *passphrase, time_t timestamp,
                           gcry_sexp_t *r_pubkey);
 
-/* Read a public key.  */
+/* Read a public key.  FROMCARD may be 0, 1, or 2. */
 gpg_error_t agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
                            unsigned char **r_pubkey);
 
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index f5022c0..21edab6 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -36,8 +36,8 @@
 #include "options.h"
 #include "../common/i18n.h"
 #include "../common/asshelp.h"
+#include "../common/keyserver.h"
 #include "../common/status.h"
-#include "keyserver-internal.h"
 #include "call-dirmngr.h"
 
 
@@ -144,40 +144,9 @@ gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
 static gpg_error_t
 warn_version_mismatch (assuan_context_t ctx, const char *servername)
 {
-  gpg_error_t err;
-  char *serverversion;
-  const char *myversion = strusage (13);
-
-  err = get_assuan_server_version (ctx, 0, &serverversion);
-  if (err)
-    log_error (_("error getting version from '%s': %s\n"),
-               servername, gpg_strerror (err));
-  else if (compare_version_strings (serverversion, myversion) < 0)
-    {
-      char *warn;
-
-      warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
-                           servername, serverversion, myversion);
-      if (!warn)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          log_info (_("WARNING: %s\n"), warn);
-          if (!opt.quiet)
-            {
-              log_info (_("Note: Outdated servers may lack important"
-                          " security fixes.\n"));
-              log_info (_("Note: Use the command \"%s\" to restart them.\n"),
-                        "gpgconf --kill all");
-            }
-
-          write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
-                                " ", warn, NULL);
-          xfree (warn);
-        }
-    }
-  xfree (serverversion);
-  return err;
+  return warn_server_version_mismatch (ctx, servername, 0,
+                                       write_status_strings2, NULL,
+                                       !opt.quiet);
 }
 
 
@@ -240,9 +209,8 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
           err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
                                  NULL, NULL, NULL, NULL, NULL, NULL);
           if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
-            log_error (_("keyserver option \"%s\""
-                         " may not be used in %s mode\n"),
-                       "honor-keyserver-url", "Tor");
+            log_error (_("keyserver option \"honor-keyserver-url\""
+                         " may not be used in Tor mode\n"));
           else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
             err = 0; /* Old dirmngr versions do not support this option.  */
         }
@@ -669,9 +637,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
    don't need to escape the patterns before sending them to the
    server.
 
-   Bit values for FLAGS are:
-   - KEYSERVER_IMPORT_FLAG_QUICK :: dirmngr shall use a shorter timeout.
-   - KEYSERVER_IMPORT_FLAG_LDAP  :: dirmngr shall only use LDAP or NTDS.
+   If QUICK is set the dirmngr is advised to use a shorter timeout.
 
    If R_SOURCE is not NULL the source of the data is stored as a
    malloced string there.  If a source is not known NULL is stored.
@@ -683,8 +649,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
    are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once.  */
 gpg_error_t
 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
-                    keyserver_spec_t override_keyserver,
-                    unsigned int flags,
+                    keyserver_spec_t override_keyserver, int quick,
                     estream_t *r_fp, char **r_source)
 {
   gpg_error_t err;
@@ -709,7 +674,7 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
 
   /* If we have an override keyserver we first indicate that the next
      user of the context needs to again setup the global keyservers and
-     then we send the override keyserver.  */
+     them we send the override keyserver.  */
   if (override_keyserver)
     {
       clear_context_flags (ctrl, ctx);
@@ -730,12 +695,7 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
 
   /* Lump all patterns into one string.  */
   init_membuf (&mb, 1024);
-  put_membuf_str (&mb, "KS_GET");
-  if ((flags & KEYSERVER_IMPORT_FLAG_QUICK))
-    put_membuf_str (&mb, " --quick");
-  if ((flags & KEYSERVER_IMPORT_FLAG_LDAP))
-    put_membuf_str (&mb, " --ldap");
-  put_membuf_str (&mb, " --");
+  put_membuf_str (&mb, quick? "KS_GET --quick --" : "KS_GET --");
   for (idx=0; pattern[idx]; idx++)
     {
       put_membuf (&mb, " ", 1); /* Append Delimiter.  */
@@ -848,14 +808,24 @@ static void
 record_output (estream_t output,
 	       pkttype_t type,
 	       const char *validity,
-	       int pub_key_length,  /* The public key length or -1.  */
-	       int pub_key_algo,    /* The public key algo or -1.    */
-	       const u32 *keyid,    /* 2 ulongs or NULL.             */
-	       u32 creation_date,   /* The creation date or 0.       */
-	       u32 expiration_date, /* The expiration date or 0.     */
-	       const char *userid)  /* The userid or NULL.           */
+	       /* The public key length or -1.  */
+	       int pub_key_length,
+	       /* The public key algo or -1.  */
+	       int pub_key_algo,
+	       /* 2 ulongs or NULL.  */
+	       const u32 *keyid,
+	       /* The creation / expiration date or 0.  */
+	       u32 creation_date,
+	       u32 expiration_date,
+	       const char *userid)
 {
   const char *type_str = NULL;
+  char *pub_key_length_str = NULL;
+  char *pub_key_algo_str = NULL;
+  char *keyid_str = NULL;
+  char *creation_date_str = NULL;
+  char *expiration_date_str = NULL;
+  char *userid_escaped = NULL;
 
   switch (type)
     {
@@ -874,33 +844,77 @@ record_output (estream_t output,
     default:
       log_assert (! "Unhandled type.");
     }
-  es_fprintf (output, "%s:%s:",
-              type_str,
-	      validity ? validity : "");
 
   if (pub_key_length > 0)
-    es_fprintf (output, "%d", pub_key_length);
-  es_fputc (':', output);
+    pub_key_length_str = xasprintf ("%d", pub_key_length);
 
   if (pub_key_algo != -1)
-    es_fprintf (output, "%d", pub_key_algo);
-  es_fputc (':', output);
+    pub_key_algo_str = xasprintf ("%d", pub_key_algo);
 
   if (keyid)
-    es_fprintf (output, "%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
+    keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
+
+  if (creation_date)
+    creation_date_str = xstrdup (colon_strtime (creation_date));
 
-  es_fprintf (output, ":%s:", colon_strtime (creation_date));
-  es_fprintf (output, "%s:::", colon_strtime (expiration_date));
+  if (expiration_date)
+    expiration_date_str = xstrdup (colon_strtime (expiration_date));
 
+  /* Quote ':', '%', and any 8-bit characters.  */
   if (userid)
-    es_write_sanitized (output, userid, strlen (userid), ":", NULL);
-  else
-    es_fputc (':', output);
-  es_fputs (":::::::::\n", output);
+    {
+      int r;
+      int w = 0;
+
+      int len = strlen (userid);
+      /* A 100k character limit on the uid should be way more than
+	 enough.  */
+      if (len > 100 * 1024)
+	len = 100 * 1024;
+
+      /* The minimum amount of space that we need.  */
+      userid_escaped = xmalloc (len * 3 + 1);
+
+      for (r = 0; r < len; r++)
+	{
+	  if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
+	    {
+	      sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
+	      w += 3;
+	    }
+	  else
+	    userid_escaped[w ++] = userid[r];
+	}
+      userid_escaped[w] = '\0';
+    }
 
+  es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
+	      type_str,
+	      validity ?: "",
+	      pub_key_length_str ?: "",
+	      pub_key_algo_str ?: "",
+	      keyid_str ?: "",
+	      creation_date_str ?: "",
+	      expiration_date_str ?: "",
+	      "" /* Certificate S/N */,
+	      "" /* Ownertrust.  */,
+	      userid_escaped ?: "",
+	      "" /* Signature class.  */,
+	      "" /* Key capabilities.  */,
+	      "" /* Issuer certificate fingerprint.  */,
+	      "" /* Flag field.  */,
+	      "" /* S/N of a token.  */,
+	      "" /* Hash algo.  */,
+	      "" /* Curve name.  */);
+
+  xfree (userid_escaped);
+  xfree (expiration_date_str);
+  xfree (creation_date_str);
+  xfree (keyid_str);
+  xfree (pub_key_algo_str);
+  xfree (pub_key_length_str);
 }
 
-
 /* Handle the KS_PUT inquiries. */
 static gpg_error_t
 ks_put_inq_cb (void *opaque, const char *line)
@@ -1042,7 +1056,7 @@ ks_put_inq_cb (void *opaque, const char *line)
 
 /* Send a key to the configured server.  {DATA,DATLEN} contains the
    key in OpenPGP binary transport format.  If KEYBLOCK is not NULL it
-   has the internal representaion of that key; this is for example
+   has the internal representation of that key; this is for example
    used to convey meta data to LDAP keyservers.  */
 gpg_error_t
 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
@@ -1235,72 +1249,6 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
 }
 
 
-/* Ask the dirmngr for PKA info.  On success the retrieved fingerprint
-   is returned in a malloced buffer at R_FPR and its length is stored
-   at R_FPRLEN.  If an URL is available it is stored as a malloced
-   string at R_URL.  On error all return values are set to NULL/0.  */
-gpg_error_t
-gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
-                     unsigned char **r_fpr, size_t *r_fprlen,
-                     char **r_url)
-{
-  gpg_error_t err;
-  assuan_context_t ctx;
-  struct dns_cert_parm_s parm;
-  char *line = NULL;
-
-  memset (&parm, 0, sizeof parm);
-  if (r_fpr)
-    *r_fpr = NULL;
-  if (r_fprlen)
-    *r_fprlen = 0;
-  if (r_url)
-    *r_url = NULL;
-
-  err = open_context (ctrl, &ctx);
-  if (err)
-    return err;
-
-  line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
-  if (!line)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-  if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
-    {
-      err = gpg_error (GPG_ERR_TOO_LARGE);
-      goto leave;
-    }
-
-  err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
-                         NULL, NULL, dns_cert_status_cb, &parm);
-  if (err)
-    goto leave;
-
-  if (r_fpr && parm.fpr)
-    {
-      *r_fpr = parm.fpr;
-      parm.fpr = NULL;
-    }
-  if (r_fprlen)
-    *r_fprlen = parm.fprlen;
-
-  if (r_url && parm.url)
-    {
-      *r_url = parm.url;
-      parm.url = NULL;
-    }
-
- leave:
-  xfree (parm.fpr);
-  xfree (parm.url);
-  xfree (line);
-  close_context (ctrl, ctx);
-  return err;
-}
-
-
 
 /* Ask the dirmngr to retrieve a key via the Web Key Directory
  * protocol.  If QUICK is set the dirmngr is advised to use a shorter
diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
index 429661a..8679777 100644
--- a/g10/call-dirmngr.h
+++ b/g10/call-dirmngr.h
@@ -26,8 +26,7 @@ gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
                                    gpg_error_t (*cb)(void*, int, char *),
                                    void *cb_value);
 gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char *pattern[],
-                                keyserver_spec_t override_keyserver,
-                                unsigned int flags,
+                                keyserver_spec_t override_keyserver, int quick,
                                 estream_t *r_fp, char **r_source);
 gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl,
                                   const char *url, estream_t *r_fp);
@@ -38,9 +37,6 @@ gpg_error_t gpg_dirmngr_dns_cert (ctrl_t ctrl,
                                   estream_t *r_key,
                                   unsigned char **r_fpr, size_t *r_fprlen,
                                   char **r_url);
-gpg_error_t gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
-                                 unsigned char **r_fpr, size_t *r_fprlen,
-                                 char **r_url);
 gpg_error_t gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick,
                                  estream_t *r_key, char **r_url);
 
diff --git a/g10/call-keyboxd.c b/g10/call-keyboxd.c
new file mode 100644
index 0000000..9042c83
--- /dev/null
+++ b/g10/call-keyboxd.c
@@ -0,0 +1,864 @@
+/* call-keyboxd.c - Access to the keyboxd storage server
+ * Copyright (C) 2019  g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
+#include <npth.h>
+
+#include "gpg.h"
+#include <assuan.h>
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "options.h"
+#include "../common/i18n.h"
+#include "../common/asshelp.h"
+#include "../common/host2net.h"
+#include "../common/exechelp.h"
+#include "../common/status.h"
+#include "../kbx/kbx-client-util.h"
+#include "keydb.h"
+
+#include "keydb-private.h"  /* For struct keydb_handle_s */
+
+
+/* Data used to keep track of keybox daemon sessions.  This allows us
+ * to use several sessions with the keyboxd and also to re-use already
+ * established sessions.  Note that gpg.h defines the type
+ * keyboxd_local_t for this structure. */
+struct keyboxd_local_s
+{
+  /* Link to other keyboxd contexts which are used simultaneously.  */
+  struct keyboxd_local_s *next;
+
+  /* The active Assuan context. */
+  assuan_context_t ctx;
+
+  /* The client data helper context.  */
+  kbx_client_data_t kcd;
+
+  /* I/O buffer with the last search result or NULL.  Used if
+   * D-lines are used to convey the keyblocks. */
+  iobuf_t search_result;
+
+  /* This flag set while an operation is running on this context.  */
+  unsigned int is_active : 1;
+
+  /* Flag indicating that a search reset is required.  */
+  unsigned int need_search_reset : 1;
+
+};
+
+
+/* Flag indicating that for example bulk import is enabled.  */
+static unsigned int in_transaction;
+
+
+
+
+/* Deinitialize all session resources pertaining to the keyboxd.  */
+void
+gpg_keyboxd_deinit_session_data (ctrl_t ctrl)
+{
+  keyboxd_local_t kbl;
+  gpg_error_t err;
+
+  while ((kbl = ctrl->keyboxd_local))
+    {
+      ctrl->keyboxd_local = kbl->next;
+      if (kbl->is_active)
+        log_error ("oops: trying to cleanup an active keyboxd context\n");
+      else
+        {
+          kbx_client_data_release (kbl->kcd);
+          kbl->kcd = NULL;
+          if (kbl->ctx && in_transaction)
+            {
+              /* This is our hack to commit the changes done during a
+               * bulk import.  If we won't do that the loss of the
+               * connection would trigger a rollback in keyboxd.  Note
+               * that transactions are not associated with a
+               * connection. */
+              err = assuan_transact (kbl->ctx, "TRANSACTION commit",
+                                     NULL, NULL, NULL, NULL, NULL, NULL);
+              if (err)
+                log_error ("error commiting last transaction: %s\n",
+                            gpg_strerror (err));
+              in_transaction = 0;
+            }
+          assuan_release (kbl->ctx);
+          kbl->ctx = NULL;
+        }
+      xfree (kbl);
+    }
+}
+
+
+/* Print a warning if the server's version number is less than our
+   version number.  Returns an error code on a connection problem.  */
+static gpg_error_t
+warn_version_mismatch (assuan_context_t ctx, const char *servername)
+{
+  return warn_server_version_mismatch (ctx, servername, 0,
+                                       write_status_strings2, NULL,
+                                       !opt.quiet);
+}
+
+
+/* Connect to the keybox daemon and launch it if necessary.  Handle
+ * the server's initial greeting and set global options.  Returns a
+ * new assuan context or an error.  */
+static gpg_error_t
+create_new_context (ctrl_t ctrl, assuan_context_t *r_ctx)
+{
+  gpg_error_t err;
+  assuan_context_t ctx;
+
+  *r_ctx = NULL;
+
+  err = start_new_keyboxd (&ctx,
+                           GPG_ERR_SOURCE_DEFAULT,
+                           opt.keyboxd_program,
+                           opt.autostart, opt.verbose, DBG_IPC,
+                           NULL, ctrl);
+  if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_KEYBOXD)
+    {
+      static int shown;
+
+      if (!shown)
+        {
+          shown = 1;
+          log_info (_("no keyboxd running in this session\n"));
+        }
+    }
+  else if (!err && !(err = warn_version_mismatch (ctx, KEYBOXD_NAME)))
+    {
+      /* Place to emit global options.  */
+
+      if ((opt.import_options & IMPORT_BULK) && !in_transaction)
+        {
+          err = assuan_transact (ctx, "TRANSACTION begin",
+                                 NULL, NULL, NULL, NULL, NULL, NULL);
+          if (err)
+            {
+              log_error ("error enabling bulk import option: %s\n",
+                         gpg_strerror (err));
+            }
+          else
+            in_transaction = 1;
+        }
+
+    }
+
+  if (err)
+    assuan_release (ctx);
+  else
+    *r_ctx = ctx;
+
+  return err;
+}
+
+
+
+
+/* Get a context for accessing keyboxd.  If no context is available a
+ * new one is created and if necessary keyboxd is started.  R_KBL
+ * receives a pointer to the local context object.  */
+static gpg_error_t
+open_context (ctrl_t ctrl, keyboxd_local_t *r_kbl)
+{
+  gpg_error_t err;
+  keyboxd_local_t kbl;
+
+  *r_kbl = NULL;
+  for (;;)
+    {
+      for (kbl = ctrl->keyboxd_local; kbl && kbl->is_active; kbl = kbl->next)
+        ;
+      if (kbl)
+        {
+          /* Found an inactive keyboxd session - return that.  */
+          log_assert (!kbl->is_active);
+
+          kbl->is_active = 1;
+          kbl->need_search_reset = 1;
+
+          *r_kbl = kbl;
+          return 0;
+        }
+
+      /* None found.  Create a new session and retry.  */
+      kbl = xtrycalloc (1, sizeof *kbl);
+      if (!kbl)
+        return gpg_error_from_syserror ();
+
+      err = create_new_context (ctrl, &kbl->ctx);
+      if (err)
+        {
+          xfree (kbl);
+          return err;
+        }
+
+      err = kbx_client_data_new (&kbl->kcd, kbl->ctx, 1);
+      if (err)
+        {
+          assuan_release (kbl->ctx);
+          xfree (kbl);
+          return err;
+        }
+
+      /* For thread-saftey we add it to the list and retry; this is
+       * easier than to employ a lock.  */
+      kbl->next = ctrl->keyboxd_local;
+      ctrl->keyboxd_local = kbl;
+    }
+  /*NOTREACHED*/
+}
+
+
+
+/* Create a new database handle.  A database handle is similar to a
+ * file handle: it contains a local file position.  This is used when
+ * searching: subsequent searches resume where the previous search
+ * left off.  To rewind the position, use keydb_search_reset().  This
+ * function returns NULL on error, sets ERRNO, and prints an error
+ * diagnostic.  Depending on --use-keyboxd either the old internal
+ * keydb code is used (keydb.c) or, if set, the processing is diverted
+ * to the keyboxd. */
+/* FIXME: We should change the interface to return a gpg_error_t.  */
+KEYDB_HANDLE
+keydb_new (ctrl_t ctrl)
+{
+  gpg_error_t err;
+  KEYDB_HANDLE hd;
+
+  if (DBG_CLOCK)
+    log_clock ("keydb_new");
+
+  hd = xtrycalloc (1, sizeof *hd);
+  if (!hd)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  if (!opt.use_keyboxd)
+    {
+      err = internal_keydb_init (hd);
+      goto leave;
+    }
+  hd->use_keyboxd = 1;
+  hd->ctrl = ctrl;
+
+  err = open_context (ctrl, &hd->kbl);
+
+ leave:
+  if (err)
+    {
+      int rc;
+      log_error (_("error opening key DB: %s\n"), gpg_strerror (err));
+      xfree (hd);
+      hd = NULL;
+      if (!(rc = gpg_err_code_to_errno (err)))
+        rc = gpg_err_code_to_errno (GPG_ERR_EIO);
+      gpg_err_set_errno (rc);
+    }
+  return hd;
+}
+
+
+/* Release a keydb handle.  */
+void
+keydb_release (KEYDB_HANDLE hd)
+{
+  keyboxd_local_t kbl;
+
+  if (!hd)
+    return;
+
+  if (DBG_CLOCK)
+    log_clock ("keydb_release");
+  if (!hd->use_keyboxd)
+    internal_keydb_deinit (hd);
+  else
+    {
+      kbl = hd->kbl;
+      if (DBG_CLOCK)
+        log_clock ("close_context (found)");
+      if (!kbl->is_active)
+        log_fatal ("closing inactive keyboxd context %p\n", kbl);
+      kbl->is_active = 0;
+      hd->kbl = NULL;
+      hd->ctrl = NULL;
+    }
+  xfree (hd);
+}
+
+
+/* Take a lock if we are not using the keyboxd.  */
+gpg_error_t
+keydb_lock (KEYDB_HANDLE hd)
+{
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (!hd->use_keyboxd)
+    return internal_keydb_lock (hd);
+
+  return 0;
+}
+
+
+/* Return the keyblock last found by keydb_search() in *RET_KB.
+ *
+ * On success, the function returns 0 and the caller must free *RET_KB
+ * using release_kbnode().  Otherwise, the function returns an error
+ * code.
+ *
+ * The returned keyblock has the kbnode flag bit 0 set for the node
+ * with the public key used to locate the keyblock or flag bit 1 set
+ * for the user ID node.  */
+gpg_error_t
+keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb)
+{
+  gpg_error_t err;
+
+  *ret_kb = NULL;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (DBG_CLOCK)
+    log_clock ("%s enter", __func__);
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_get_keyblock (hd, ret_kb);
+      goto leave;
+    }
+
+  if (hd->kbl->search_result)
+    {
+      err = keydb_parse_keyblock (hd->kbl->search_result,
+                                  hd->last_ubid_valid? hd->last_pk_no  : 0,
+                                  hd->last_ubid_valid? hd->last_uid_no : 0,
+                                  ret_kb);
+      /* In contrast to the old code we close the iobuf here and thus
+       * this function may be called only once to get a keyblock.  */
+      iobuf_close (hd->kbl->search_result);
+      hd->kbl->search_result = NULL;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_VALUE_NOT_FOUND);
+      goto leave;
+    }
+
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s leave%s", __func__, err? " (failed)":"");
+  return err;
+}
+
+
+
+/* Communication object for STORE commands.  */
+struct store_parm_s
+{
+  assuan_context_t ctx;
+  const void *data;   /* The key in OpenPGP binary format.  */
+  size_t datalen;     /* The length of DATA.  */
+};
+
+
+/* Handle the inquiries from the STORE command.  */
+static gpg_error_t
+store_inq_cb (void *opaque, const char *line)
+{
+  struct store_parm_s *parm = opaque;
+  gpg_error_t err = 0;
+
+  if (has_leading_keyword (line, "BLOB"))
+    {
+      if (parm->data)
+        err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
+    }
+  else
+    return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+
+  return err;
+}
+
+
+/* Update the keyblock KB (i.e., extract the fingerprint and find the
+ * corresponding keyblock in the keyring).
+ *
+ * This doesn't do anything if --dry-run was specified.
+ *
+ * Returns 0 on success.  Otherwise, it returns an error code.  Note:
+ * if there isn't a keyblock in the keyring corresponding to KB, then
+ * this function returns GPG_ERR_VALUE_NOT_FOUND.
+ *
+ * This function selects the matching record and modifies the current
+ * file position to point to the record just after the selected entry.
+ * Thus, if you do a subsequent search using HD, you should first do a
+ * keydb_search_reset.  Further, if the selected record is important,
+ * you should use keydb_push_found_state and keydb_pop_found_state to
+ * save and restore it.  */
+gpg_error_t
+keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
+{
+  gpg_error_t err;
+  iobuf_t iobuf = NULL;
+  struct store_parm_s parm = {NULL};
+
+  log_assert (kb);
+  log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_update_keyblock (ctrl, hd, kb);
+      goto leave;
+    }
+
+  if (opt.dry_run)
+    {
+      err = 0;
+      goto leave;
+    }
+
+  err = build_keyblock_image (kb, &iobuf);
+  if (err)
+    goto leave;
+
+  parm.ctx = hd->kbl->ctx;
+  parm.data = iobuf_get_temp_buffer (iobuf);
+  parm.datalen = iobuf_get_temp_length (iobuf);
+  err = assuan_transact (hd->kbl->ctx, "STORE --update",
+                         NULL, NULL,
+                         store_inq_cb, &parm,
+                         NULL, NULL);
+
+ leave:
+  iobuf_close (iobuf);
+  return err;
+}
+
+
+/* Insert a keyblock into one of the underlying keyrings or keyboxes.
+ *
+ * By default, the keyring / keybox from which the last search result
+ * came is used.  If there was no previous search result (or
+ * keydb_search_reset was called), then the keyring / keybox where the
+ * next search would start is used (i.e., the current file position).
+ * In keyboxd mode the keyboxd decides where to store it.
+ *
+ * Note: this doesn't do anything if --dry-run was specified.
+ *
+ * Returns 0 on success.  Otherwise, it returns an error code.  */
+gpg_error_t
+keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
+{
+  gpg_error_t err;
+  iobuf_t iobuf = NULL;
+  struct store_parm_s parm = {NULL};
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_insert_keyblock (hd, kb);
+      goto leave;
+    }
+
+  if (opt.dry_run)
+    {
+      err = 0;
+      goto leave;
+    }
+
+  err = build_keyblock_image (kb, &iobuf);
+  if (err)
+    goto leave;
+
+  parm.ctx = hd->kbl->ctx;
+  parm.data = iobuf_get_temp_buffer (iobuf);
+  parm.datalen = iobuf_get_temp_length (iobuf);
+  err = assuan_transact (hd->kbl->ctx, "STORE --insert",
+                         NULL, NULL,
+                         store_inq_cb, &parm,
+                         NULL, NULL);
+
+ leave:
+  iobuf_close (iobuf);
+  return err;
+}
+
+
+/* Delete the currently selected keyblock.  If you haven't done a
+ * search yet on this database handle (or called keydb_search_reset),
+ * then this function returns an error.
+ *
+ * Returns 0 on success or an error code, if an error occurred.  */
+gpg_error_t
+keydb_delete_keyblock (KEYDB_HANDLE hd)
+{
+  gpg_error_t err;
+  unsigned char hexubid[UBID_LEN * 2 + 1];
+  char line[ASSUAN_LINELENGTH];
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_delete_keyblock (hd);
+      goto leave;
+    }
+
+  if (opt.dry_run)
+    {
+      err = 0;
+      goto leave;
+    }
+
+  if (!hd->last_ubid_valid)
+    {
+      err = gpg_error (GPG_ERR_VALUE_NOT_FOUND);
+      goto leave;
+    }
+
+  bin2hex (hd->last_ubid, UBID_LEN, hexubid);
+  snprintf (line, sizeof line, "DELETE %s", hexubid);
+  err = assuan_transact (hd->kbl->ctx, line,
+                         NULL, NULL,
+                         NULL, NULL,
+                         NULL, NULL);
+
+ leave:
+  return err;
+}
+
+
+/* Clears the current search result and resets the handle's position
+ * so that the next search starts at the beginning of the database.
+ *
+ * Returns 0 on success and an error code if an error occurred.  */
+gpg_error_t
+keydb_search_reset (KEYDB_HANDLE hd)
+{
+  gpg_error_t err;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (DBG_CLOCK)
+    log_clock ("%s", __func__);
+  if (DBG_CACHE)
+    log_debug ("%s (hd=%p)", __func__, hd);
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_search_reset (hd);
+      goto leave;
+    }
+
+  /* All we need is to tell search that a reset is pending.  Note that
+   * keydb_new sets this flag as well.  To comply with the
+   * specification of keydb_delete_keyblock we also need to clear the
+   * ubid flag so that after a reset a delete can't be performed.  */
+  hd->kbl->need_search_reset = 1;
+  hd->last_ubid_valid = 0;
+  err = 0;
+
+ leave:
+  return err;
+}
+
+
+
+/* Status callback for SEARCH and NEXT operaions.  */
+static gpg_error_t
+search_status_cb (void *opaque, const char *line)
+{
+  KEYDB_HANDLE hd = opaque;
+  gpg_error_t err = 0;
+  const char *s;
+  unsigned int n;
+
+  if ((s = has_leading_keyword (line, "PUBKEY_INFO")))
+    {
+      if (atoi (s) != PUBKEY_TYPE_OPGP)
+        err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+      else
+        {
+          hd->last_ubid_valid = 0;
+          while (*s && !spacep (s))
+            s++;
+          if (!(n=hex2fixedbuf (s, hd->last_ubid, sizeof hd->last_ubid)))
+            err = gpg_error (GPG_ERR_INV_VALUE);
+          else
+            {
+              hd->last_ubid_valid = 1;
+              hd->last_uid_no = 0;
+              hd->last_pk_no = 0;
+              s += n;
+              while (*s && !spacep (s))
+                s++;
+              while (spacep (s))
+                s++;
+              if (*s)
+                {
+                  hd->last_uid_no = atoi (s);
+                  while (*s && !spacep (s))
+                    s++;
+                  while (spacep (s))
+                    s++;
+                  if (*s)
+                    hd->last_pk_no = atoi (s);
+                }
+            }
+        }
+    }
+
+  return err;
+}
+
+
+/* Search the database for keys matching the search description.  If
+ * the DB contains any legacy keys, these are silently ignored.
+ *
+ * DESC is an array of search terms with NDESC entries.  The search
+ * terms are or'd together.  That is, the next entry in the DB that
+ * matches any of the descriptions will be returned.
+ *
+ * Note: this function resumes searching where the last search left
+ * off (i.e., at the current file position).  If you want to search
+ * from the start of the database, then you need to first call
+ * keydb_search_reset().
+ *
+ * If no key matches the search description, returns
+ * GPG_ERR_NOT_FOUND.  If there was a match, returns 0.  If an error
+ * occurred, returns an error code.
+ *
+ * The returned key is considered to be selected and the raw data can,
+ * for instance, be returned by calling keydb_get_keyblock().  */
+gpg_error_t
+keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+              size_t ndesc, size_t *descindex)
+{
+  gpg_error_t err;
+  int i;
+  char line[ASSUAN_LINELENGTH];
+  char *buffer;
+  size_t len;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (descindex)
+    *descindex = 0; /* Make sure it is always set on return.  */
+
+  if (DBG_CLOCK)
+    log_clock ("%s enter", __func__);
+
+  if (DBG_LOOKUP)
+    {
+      log_debug ("%s: %zu search descriptions:\n", __func__, ndesc);
+      for (i = 0; i < ndesc; i ++)
+        {
+          char *t = keydb_search_desc_dump (&desc[i]);
+          log_debug ("%s   %d: %s\n", __func__, i, t);
+          xfree (t);
+        }
+    }
+
+  if (!hd->use_keyboxd)
+    {
+      err = internal_keydb_search (hd, desc, ndesc, descindex);
+      goto leave;
+    }
+
+  /* Clear the result objects.  */
+  if (hd->kbl->search_result)
+    {
+      iobuf_close (hd->kbl->search_result);
+      hd->kbl->search_result = NULL;
+    }
+
+  /* Check whether this is a NEXT search.  */
+  if (!hd->kbl->need_search_reset)
+    {
+      /* No reset requested thus continue the search.  The keyboxd
+       * keeps the context of the search and thus the NEXT operates on
+       * the last search pattern.  This is how we always used the
+       * keydb.c functions.  In theory we were able to modify the
+       * search pattern between searches but that is not anymore
+       * supported by keyboxd and a cursory check does not show that
+       * we actually made used of that misfeature.  */
+      snprintf (line, sizeof line, "NEXT");
+      goto do_search;
+    }
+
+  hd->kbl->need_search_reset = 0;
+
+  if (!ndesc)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+  for (i = 0; i < ndesc; i++)
+    if (desc->mode == KEYDB_SEARCH_MODE_FIRST)
+      {
+        /* If any description has mode FIRST, this item trumps all
+         * other descriptions.  */
+        snprintf (line, sizeof line, "SEARCH --openpgp");
+        goto do_search;
+      }
+
+  for ( ; ndesc; desc++, ndesc--)
+    {
+      const char *more = ndesc > 1 ? "--openpgp --more" : "--openpgp";
+
+      switch (desc->mode)
+        {
+        case KEYDB_SEARCH_MODE_EXACT:
+          snprintf (line, sizeof line, "SEARCH %s -- =%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBSTR:
+          snprintf (line, sizeof line, "SEARCH %s -- *%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAIL:
+          snprintf (line, sizeof line, "SEARCH %s -- <%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAILSUB:
+          snprintf (line, sizeof line, "SEARCH %s -- @%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAILEND:
+          snprintf (line, sizeof line, "SEARCH %s -- .%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_WORDS:
+          snprintf (line, sizeof line, "SEARCH %s -- +%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SHORT_KID:
+          snprintf (line, sizeof line, "SEARCH %s -- 0x%08lX", more,
+                    (ulong)desc->u.kid[1]);
+          break;
+
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          snprintf (line, sizeof line, "SEARCH %s -- 0x%08lX%08lX", more,
+                    (ulong)desc->u.kid[0], (ulong)desc->u.kid[1]);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR:
+          {
+            unsigned char hexfpr[MAX_FINGERPRINT_LEN * 2 + 1];
+            log_assert (desc->fprlen <= MAX_FINGERPRINT_LEN);
+            bin2hex (desc->u.fpr, desc->fprlen, hexfpr);
+            snprintf (line, sizeof line, "SEARCH %s -- 0x%s", more, hexfpr);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_ISSUER:
+          snprintf (line, sizeof line, "SEARCH %s -- #/%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_ISSUER_SN:
+        case KEYDB_SEARCH_MODE_SN:
+          snprintf (line, sizeof line, "SEARCH %s -- #%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBJECT:
+          snprintf (line, sizeof line, "SEARCH %s -- /%s", more, desc->u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_KEYGRIP:
+          {
+            unsigned char hexgrip[KEYGRIP_LEN * 2 + 1];
+            bin2hex (desc->u.grip, KEYGRIP_LEN, hexgrip);
+            snprintf (line, sizeof line, "SEARCH %s -- &%s", more, hexgrip);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_UBID:
+          {
+            unsigned char hexubid[UBID_LEN * 2 + 1];
+            bin2hex (desc->u.ubid, UBID_LEN, hexubid);
+            snprintf (line, sizeof line, "SEARCH %s -- ^%s", more, hexubid);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_NEXT:
+          log_debug ("%s: mode next - we should not get to here!\n", __func__);
+          snprintf (line, sizeof line, "NEXT");
+          break;
+
+        case KEYDB_SEARCH_MODE_FIRST:
+          log_debug ("%s: mode first - we should not get to here!\n", __func__);
+          /*fallthru*/
+        default:
+          err = gpg_error (GPG_ERR_INV_ARG);
+          goto leave;
+        }
+
+      if (ndesc > 1)
+        {
+          err = kbx_client_data_simple (hd->kbl->kcd, line);
+          if (err)
+            goto leave;
+        }
+    }
+  while (ndesc);
+
+
+ do_search:
+  hd->last_ubid_valid = 0;
+  err = kbx_client_data_cmd (hd->kbl->kcd, line, search_status_cb, hd);
+  if (!err && !(err = kbx_client_data_wait (hd->kbl->kcd, &buffer, &len)))
+    {
+      hd->kbl->search_result = iobuf_temp_with_content (buffer, len);
+      xfree (buffer);
+      if (DBG_LOOKUP && hd->last_ubid_valid)
+        log_printhex (hd->last_ubid, 20, "found UBID (%d,%d):",
+                      hd->last_uid_no, hd->last_pk_no);
+    }
+
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s leave (%sfound)", __func__, err? "not ":"");
+  return err;
+}
diff --git a/g10/card-util.c b/g10/card-util.c
index 25c284e..36f096f 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -194,13 +194,14 @@ change_pin (int unblock_v2, int allow_admin)
 
 
 static void
-print_sha1_fpr (estream_t fp, const unsigned char *fpr)
+print_shax_fpr (estream_t fp, const unsigned char *fpr, unsigned int fprlen)
 {
   int i;
 
   if (fpr)
     {
-      for (i=0; i < 20 ; i+=2, fpr += 2 )
+      /* FIXME: Fix formatting for FPRLEN != 20 */
+      for (i=0; i < fprlen ; i+=2, fpr += 2 )
         {
           if (i == 10 )
             tty_fprintf (fp, " ");
@@ -214,13 +215,14 @@ print_sha1_fpr (estream_t fp, const unsigned char *fpr)
 
 
 static void
-print_sha1_fpr_colon (estream_t fp, const unsigned char *fpr)
+print_shax_fpr_colon (estream_t fp,
+                      const unsigned char *fpr, unsigned int fprlen)
 {
   int i;
 
   if (fpr)
     {
-      for (i=0; i < 20 ; i++, fpr++)
+      for (i=0; i < fprlen ; i++, fpr++)
         es_fprintf (fp, "%02X", *fpr);
     }
   es_putc (':', fp);
@@ -319,25 +321,25 @@ print_isoname (estream_t fp, const char *text,
 
 /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
 static int
-fpr_is_zero (const char *fpr)
+fpr_is_zero (const char *fpr, unsigned int fprlen)
 {
   int i;
 
-  for (i=0; i < 20 && !fpr[i]; i++)
+  for (i=0; i < fprlen && !fpr[i]; i++)
     ;
-  return (i == 20);
+  return (i == fprlen);
 }
 
 
-/* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */
+/* Return true if the fingerprint FPR consists only of 0xFF. */
 static int
-fpr_is_ff (const char *fpr)
+fpr_is_ff (const char *fpr, unsigned int fprlen)
 {
   int i;
 
-  for (i=0; i < 20 && fpr[i] == '\xff'; i++)
+  for (i=0; i < fprlen && fpr[i] == '\xff'; i++)
     ;
-  return (i == 20);
+  return (i == fprlen);
 }
 
 
@@ -352,6 +354,7 @@ current_card_status (ctrl_t ctrl, estream_t fp,
   int rc;
   unsigned int uval;
   const unsigned char *thefpr;
+  unsigned int thefprlen;
   int i;
   char *pesc;
 
@@ -378,34 +381,33 @@ current_card_status (ctrl_t ctrl, estream_t fp,
   else
     tty_fprintf (fp, "Application ID ...: %s\n",
                  info.serialno? info.serialno : "[none]");
-
   if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
       || strlen (info.serialno) != 32 )
     {
       const char *name1, *name2;
-      if (info.apptype && !ascii_strcasecmp (info.apptype, "openpgp"))
+      if (info.apptype && !strcmp (info.apptype, "openpgp"))
         goto openpgp;
-      else if (info.apptype && !ascii_strcasecmp (info.apptype, "NKS"))
+      else if (info.apptype && !strcmp (info.apptype, "NKS"))
         {
           name1 = "netkey";
           name2 = "NetKey";
         }
-      else if (info.apptype && !ascii_strcasecmp (info.apptype, "DINSIG"))
+      else if (info.apptype && !strcmp (info.apptype, "DINSIG"))
         {
           name1 = "dinsig";
           name2 = "DINSIG";
         }
-      else if (info.apptype && !ascii_strcasecmp (info.apptype, "P15"))
+      else if (info.apptype && !strcmp (info.apptype, "P15"))
         {
           name1 = "pkcs15";
           name2 = "PKCS#15";
         }
-      else if (info.apptype && !ascii_strcasecmp (info.apptype, "GELDKARTE"))
+      else if (info.apptype && !strcmp (info.apptype, "GELDKARTE"))
         {
           name1 = "geldkarte";
           name2 = "Geldkarte";
         }
-      else if (info.apptype && !ascii_strcasecmp (info.apptype, "PIV"))
+      else if (info.apptype && !strcmp (info.apptype, "PIV"))
         {
           name1 = "piv";
           name2 = "PIV";
@@ -421,14 +423,10 @@ current_card_status (ctrl_t ctrl, estream_t fp,
       else
         tty_fprintf (fp, "Application type .: %s\n", name2);
 
-      /* Try to update/create the shadow key here for non-OpenPGP cards. */
-      agent_update_shadow_keys ();
-
       agent_release_card_info (&info);
       xfree (pk);
       return;
     }
-
  openpgp:
   if (!serialno)
     ;
@@ -442,8 +440,6 @@ current_card_status (ctrl_t ctrl, estream_t fp,
   else
     tty_fprintf (fp, "Application type .: %s\n", "OpenPGP");
 
-  /* Try to update/create the shadow key here for OpenPGP cards. */
-  agent_update_shadow_keys ();
 
   if (opt.with_colons)
     {
@@ -506,6 +502,11 @@ current_card_status (ctrl_t ctrl, estream_t fp,
 
           es_fprintf (fp, "kdf:%s:\n", setup);
         }
+      if (info.extcap.bt)
+        {
+          es_fprintf (fp, "uif:%d:%d:%d:\n",
+                      info.uif[0], info.uif[1], info.uif[2]);
+        }
 
       for (i=0; i < 4; i++)
         {
@@ -519,22 +520,25 @@ current_card_status (ctrl_t ctrl, estream_t fp,
         }
 
       es_fputs ("cafpr:", fp);
-      print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
-      print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
-      print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
+      print_shax_fpr_colon (fp, info.cafpr1len? info.cafpr1:NULL,
+                            info.cafpr2len);
+      print_shax_fpr_colon (fp, info.cafpr2len? info.cafpr2:NULL,
+                            info.cafpr2len);
+      print_shax_fpr_colon (fp, info.cafpr3len? info.cafpr3:NULL,
+                            info.cafpr3len);
       es_putc ('\n', fp);
       es_fputs ("fpr:", fp);
-      print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
-      print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
-      print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
+      print_shax_fpr_colon (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len);
+      print_shax_fpr_colon (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len);
+      print_shax_fpr_colon (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len);
       es_putc ('\n', fp);
       es_fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
                (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
                (unsigned long)info.fpr3time);
       es_fputs ("grp:", fp);
-      print_sha1_fpr_colon (fp, info.grp1);
-      print_sha1_fpr_colon (fp, info.grp2);
-      print_sha1_fpr_colon (fp, info.grp3);
+      print_shax_fpr_colon (fp, info.grp1, sizeof info.grp1);
+      print_shax_fpr_colon (fp, info.grp2, sizeof info.grp2);
+      print_shax_fpr_colon (fp, info.grp3, sizeof info.grp3);
       es_putc ('\n', fp);
     }
   else
@@ -563,20 +567,20 @@ current_card_status (ctrl_t ctrl, estream_t fp,
         print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
       if (info.private_do[3])
         print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
-      if (info.cafpr1valid)
+      if (info.cafpr1len)
         {
           tty_fprintf (fp, "CA fingerprint %d .:", 1);
-          print_sha1_fpr (fp, info.cafpr1);
+          print_shax_fpr (fp, info.cafpr1, info.cafpr1len);
         }
-      if (info.cafpr2valid)
+      if (info.cafpr2len)
         {
           tty_fprintf (fp, "CA fingerprint %d .:", 2);
-          print_sha1_fpr (fp, info.cafpr2);
+          print_shax_fpr (fp, info.cafpr2, info.cafpr2len);
         }
-      if (info.cafpr3valid)
+      if (info.cafpr3len)
         {
           tty_fprintf (fp, "CA fingerprint %d .:", 3);
-          print_sha1_fpr (fp, info.cafpr3);
+          print_shax_fpr (fp, info.cafpr3, info.cafpr3len);
         }
       tty_fprintf (fp,    "Signature PIN ....: %s\n",
                    info.chv1_cached? _("not forced"): _("forced"));
@@ -622,25 +626,31 @@ current_card_status (ctrl_t ctrl, estream_t fp,
 
           tty_fprintf (fp, "KDF setting ......: %s\n", setup);
         }
+      if (info.extcap.bt)
+        {
+          tty_fprintf (fp, "UIF setting ......: Sign=%s Decrypt=%s Auth=%s\n",
+                       info.uif[0] ? "on" : "off", info.uif[1] ? "on" : "off",
+                       info.uif[2] ? "on" : "off");
+        }
       tty_fprintf (fp, "Signature key ....:");
-      print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
-      if (info.fpr1valid && info.fpr1time)
+      print_shax_fpr (fp, info.fpr1len? info.fpr1:NULL, info.fpr1len);
+      if (info.fpr1len && info.fpr1time)
         {
           tty_fprintf (fp, "      created ....: %s\n",
                        isotimestamp (info.fpr1time));
           print_keygrip (fp, info.grp1);
         }
       tty_fprintf (fp, "Encryption key....:");
-      print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
-      if (info.fpr2valid && info.fpr2time)
+      print_shax_fpr (fp, info.fpr2len? info.fpr2:NULL, info.fpr2len);
+      if (info.fpr2len && info.fpr2time)
         {
           tty_fprintf (fp, "      created ....: %s\n",
                        isotimestamp (info.fpr2time));
           print_keygrip (fp, info.grp2);
         }
       tty_fprintf (fp, "Authentication key:");
-      print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
-      if (info.fpr3valid && info.fpr3time)
+      print_shax_fpr (fp, info.fpr3len? info.fpr3:NULL, info.fpr3len);
+      if (info.fpr3len && info.fpr3time)
         {
           tty_fprintf (fp, "      created ....: %s\n",
                        isotimestamp (info.fpr3time));
@@ -648,16 +658,17 @@ current_card_status (ctrl_t ctrl, estream_t fp,
         }
       tty_fprintf (fp, "General key info..: ");
 
-      thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
-                info.fpr3valid? info.fpr3 : NULL);
-      /* If the fingerprint is all 0xff, the key has no asssociated
+      thefpr = (info.fpr1len? info.fpr1 : info.fpr2len? info.fpr2 :
+                info.fpr3len? info.fpr3 : NULL);
+      thefprlen = (info.fpr1len? info.fpr1len : info.fpr2len? info.fpr2len :
+                   info.fpr3len? info.fpr3len : 0);
+      /* If the fingerprint is all 0xff, the key has no associated
          OpenPGP certificate.  */
-      if ( thefpr && !fpr_is_ff (thefpr)
-           && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, 20))
+      if ( thefpr && !fpr_is_ff (thefpr, thefprlen)
+           && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, thefprlen))
         {
-          print_pubkey_info (ctrl, fp, pk);
-          if (keyblock)
-            print_card_key_info (fp, keyblock);
+          print_key_info (ctrl, fp, 0, pk, 0);
+          print_card_key_info (fp, keyblock);
         }
       else
         tty_fprintf (fp, "[none]\n");
@@ -677,7 +688,7 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
 {
   int err;
   strlist_t card_list, sl;
-  char *serialno0, *serialno1;
+  char *serialno0 = NULL;
   int all_cards = 0;
   int any_card = 0;
 
@@ -711,7 +722,7 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
         tty_fprintf (fp, "\n");
       any_card = 1;
 
-      err = agent_scd_serialno (&serialno1, sl->d);
+      err = agent_scd_serialno (NULL, sl->d);
       if (err)
         {
           if (opt.verbose)
@@ -721,15 +732,13 @@ card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
         }
 
       current_card_status (ctrl, fp, NULL, 0);
-      xfree (serialno1);
 
       if (!all_cards)
         goto leave;
     }
 
   /* Select the original card again.  */
-  err = agent_scd_serialno (&serialno1, serialno0);
-  xfree (serialno1);
+  err = agent_scd_serialno (NULL, serialno0);
 
  leave:
   xfree (serialno0);
@@ -773,8 +782,7 @@ static int
 change_name (void)
 {
   char *surname = NULL, *givenname = NULL;
-  char *isoname = NULL;
-  char *p;
+  char *isoname, *p;
   int rc;
 
   surname = get_one_name ("keygen.smartcard.surname",
@@ -785,8 +793,7 @@ change_name (void)
     {
       xfree (surname);
       xfree (givenname);
-      rc = gpg_error (GPG_ERR_CANCELED);
-      goto leave;
+      return -1; /*canceled*/
     }
 
   isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
@@ -802,17 +809,14 @@ change_name (void)
       tty_printf (_("Error: Combined name too long "
                     "(limit is %d characters).\n"), 39);
       xfree (isoname);
-      rc = gpg_error (GPG_ERR_TOO_LARGE);
-      goto leave;
+      return -1;
     }
 
   rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname));
   if (rc)
     log_error ("error setting Name: %s\n", gpg_strerror (rc));
 
- leave:
   xfree (isoname);
-  write_sc_op_status (rc);
   return rc;
 }
 
@@ -865,12 +869,14 @@ fetch_url (ctrl_t ctrl)
           rc = keyserver_fetch (ctrl, sl, KEYORG_URL);
           free_strlist (sl);
         }
-      else if (info.fpr1valid)
+      else if (info.fpr1len)
 	{
-          rc = keyserver_import_fprint (ctrl, info.fpr1, 20, opt.keyserver, 0);
+          rc = keyserver_import_fprint (ctrl, info.fpr1, info.fpr1len,
+                                        opt.keyserver, 0);
 	}
     }
 
+  agent_release_card_info (&info);
   return rc;
 }
 
@@ -1173,7 +1179,8 @@ change_cafpr (int fprno)
   char *data;
   const char *s;
   int i, c, rc;
-  unsigned char fpr[20];
+  unsigned char fpr[MAX_FINGERPRINT_LEN];
+  int fprlen;
 
   data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
   if (!data)
@@ -1181,7 +1188,7 @@ change_cafpr (int fprno)
   trim_spaces (data);
   cpr_kill_prompt ();
 
-  for (i=0, s=data; i < 20 && *s; )
+  for (i=0, s=data; i < MAX_FINGERPRINT_LEN && *s; )
     {
       while (spacep(s))
         s++;
@@ -1195,8 +1202,9 @@ change_cafpr (int fprno)
       fpr[i++] = c;
       s += 2;
     }
+  fprlen = i;
   xfree (data);
-  if (i != 20 || *s)
+  if ((fprlen != 20 && fprlen != 32) || *s)
     {
       tty_printf (_("Error: invalid formatted fingerprint.\n"));
       return -1;
@@ -1204,7 +1212,7 @@ change_cafpr (int fprno)
 
   rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
                           fprno==2?"CA-FPR-2":
-                          fprno==3?"CA-FPR-3":"x", fpr, 20);
+                          fprno==3?"CA-FPR-3":"x", fpr, fprlen);
   if (rc)
     log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
   write_sc_op_status (rc);
@@ -1245,9 +1253,8 @@ get_info_for_key_operation (struct agent_card_info_s *info)
 
   memset (info, 0, sizeof *info);
   rc = agent_scd_getattr ("SERIALNO", info);
-  if (!rc)
-    rc = agent_scd_getattr ("APPTYPE", info);
-  if (rc || !info->apptype || ascii_strcasecmp (info->apptype, "openpgp"))
+  if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
+      || strlen (info->serialno) != 32 )
     {
       log_error (_("key operation not possible: %s\n"),
                  rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
@@ -1325,11 +1332,11 @@ static void
 show_card_key_info (struct agent_card_info_s *info)
 {
   tty_fprintf (NULL, "Signature key ....:");
-  print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
+  print_shax_fpr (NULL, info->fpr1len? info->fpr1:NULL, info->fpr1len);
   tty_fprintf (NULL, "Encryption key....:");
-  print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
+  print_shax_fpr (NULL, info->fpr2len? info->fpr2:NULL, info->fpr2len);
   tty_fprintf (NULL, "Authentication key:");
-  print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
+  print_shax_fpr (NULL, info->fpr3len? info->fpr3:NULL, info->fpr3len);
   tty_printf ("\n");
 }
 
@@ -1340,9 +1347,9 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno)
 {
   log_assert (keyno >= 0 && keyno <= 3);
 
-  if ((keyno == 1 && info->fpr1valid)
-      || (keyno == 2 && info->fpr2valid)
-      || (keyno == 3 && info->fpr3valid))
+  if ((keyno == 1 && info->fpr1len)
+      || (keyno == 2 && info->fpr2len)
+      || (keyno == 3 && info->fpr3len))
     {
       tty_printf ("\n");
       log_info ("WARNING: such a key has already been stored on the card!\n");
@@ -1365,12 +1372,11 @@ show_keysize_warning (void)
     return;
   shown = 1;
   tty_printf
-    (_("Note: There is no guarantee that the card "
-       "supports the requested size.\n"
-       "      If the key generation does not succeed, "
-       "please check the\n"
-       "      documentation of your card to see what "
-       "sizes are allowed.\n"));
+    (_("Note: There is no guarantee that the card supports the requested\n"
+       "      key type or size.  If the key generation does not succeed,\n"
+       "      please check the documentation of your card to see which\n"
+       "      key types and sizes are supported.\n")
+     );
 }
 
 
@@ -1637,9 +1643,9 @@ generate_card_keys (ctrl_t ctrl)
   else
     want_backup = 0;
 
-  if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
-       || (info.fpr2valid && !fpr_is_zero (info.fpr2))
-       || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
+  if ( (info.fpr1len && !fpr_is_zero (info.fpr1, info.fpr1len))
+       || (info.fpr2len && !fpr_is_zero (info.fpr2, info.fpr2len))
+       || (info.fpr3len && !fpr_is_zero (info.fpr3, info.fpr3len)))
     {
       tty_printf ("\n");
       log_info (_("Note: keys are already stored on the card!\n"));
@@ -2000,13 +2006,7 @@ factory_reset (void)
 
   /* Then, connect the card again.  */
   if (!err)
-    {
-      char *serialno0;
-
-      err = agent_scd_serialno (&serialno0, NULL);
-      if (!err)
-        xfree (serialno0);
-    }
+    err = agent_scd_serialno (NULL, NULL);
 
  leave:
   if (locked)
@@ -2041,7 +2041,7 @@ gen_kdf_data (unsigned char *data, int single_salt)
 
   p = data;
 
-  s2k_char = encode_s2k_iterations (0);
+  s2k_char = encode_s2k_iterations (agent_get_s2k_count ());
   iterations = S2K_DECODE_COUNT (s2k_char);
   count_4byte[0] = (iterations >> 24) & 0xff;
   count_4byte[1] = (iterations >> 16) & 0xff;
@@ -2096,7 +2096,7 @@ kdf_setup (const char *args)
   struct agent_card_info_s info;
   gpg_error_t err;
   unsigned char kdf_data[KDF_DATA_LENGTH_MAX];
-  int single = (*args != 0);
+  size_t len;
 
   memset (&info, 0, sizeof info);
 
@@ -2113,12 +2113,25 @@ kdf_setup (const char *args)
       goto leave;
     }
 
-  err = gen_kdf_data (kdf_data, single);
-  if (err)
-    goto leave_error;
+  if (!strcmp (args, "off"))
+    {
+      len = 3;
+      memcpy (kdf_data, "\x81\x01\x00", len);
+    }
+  else
+    {
+      int single = 0;
+
+      if (*args != 0)
+        single = 1;
 
-  err = agent_scd_setattr ("KDF", kdf_data,
-                           single ? KDF_DATA_LENGTH_MIN : KDF_DATA_LENGTH_MAX);
+      len = single ? KDF_DATA_LENGTH_MIN: KDF_DATA_LENGTH_MAX;
+      err = gen_kdf_data (kdf_data, single);
+      if (err)
+        goto leave_error;
+    }
+
+  err = agent_scd_setattr ("KDF", kdf_data, len);
   if (err)
     goto leave_error;
 
@@ -2132,7 +2145,48 @@ kdf_setup (const char *args)
   agent_release_card_info (&info);
 }
 
+static void
+uif (int arg_number, const char *arg_rest)
+{
+  struct agent_card_info_s info;
+  int feature_available;
+  gpg_error_t err;
+  char name[100];
+  unsigned char data[2];
+
+  memset (&info, 0, sizeof info);
+
+  err = agent_scd_getattr ("EXTCAP", &info);
+  if (err)
+    {
+      log_error (_("error getting card info: %s\n"), gpg_strerror (err));
+      return;
+    }
+
+  feature_available = info.extcap.bt;
+  agent_release_card_info (&info);
+
+  if (!feature_available)
+    {
+      log_error (_("This command is not supported by this card\n"));
+      tty_printf ("\n");
+      return;
+    }
+
+  snprintf (name, sizeof name, "UIF-%d", arg_number);
+  if ( !strcmp (arg_rest, "off") )
+    data[0] = 0x00;
+  else if ( !strcmp (arg_rest, "on") )
+    data[0] = 0x01;
+  else if ( !strcmp (arg_rest, "permanent") )
+    data[0] = 0x02;
+
+  data[1] = 0x20;
 
+  err = agent_scd_setattr (name, data, 2);
+  if (err)
+    log_error (_("error for setup UIF: %s\n"), gpg_strerror (err));
+}
 
 /* Data used by the command parser.  This needs to be outside of the
    function scope to allow readline based command completion.  */
@@ -2143,7 +2197,7 @@ enum cmdids
     cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
     cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
     cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET, cmdKDFSETUP,
-    cmdKEYATTR,
+    cmdKEYATTR, cmdUIF,
     cmdINVCMD
   };
 
@@ -2175,10 +2229,12 @@ static struct
     { "generate", cmdGENERATE, 1, N_("generate new keys")},
     { "passwd"  , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
     { "verify"  , cmdVERIFY, 0, N_("verify the PIN and list all data")},
-    { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") },
+    { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code")},
     { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")},
-    { "kdf-setup", cmdKDFSETUP, 1, N_("setup KDF for PIN authentication")},
+    { "kdf-setup", cmdKDFSETUP, 1,
+      N_("setup KDF for PIN authentication (on/single/off)")},
     { "key-attr", cmdKEYATTR, 1, N_("change the key attribute")},
+    { "uif", cmdUIF, 1, N_("change the User Interaction Flag")},
     /* Note, that we do not announce these command yet. */
     { "privatedo", cmdPRIVATEDO, 0, NULL },
     { "readcert", cmdREADCERT, 0, NULL },
@@ -2470,6 +2526,14 @@ card_edit (ctrl_t ctrl, strlist_t commands)
           key_attr ();
           break;
 
+        case cmdUIF:
+          if ( arg_number < 1 || arg_number > 3 )
+            tty_printf ("usage: uif N [on|off|permanent]\n"
+                        "       1 <= N <= 3\n");
+          else
+            uif (arg_number, arg_rest);
+          break;
+
         case cmdQUIT:
           goto leave;
 
diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c
new file mode 100644
index 0000000..b14b854
--- /dev/null
+++ b/g10/cipher-aead.c
@@ -0,0 +1,448 @@
+/* cipher-aead.c - Enciphering filter for AEAD modes
+ * Copyright (C) 2018 Werner koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "gpg.h"
+#include "../common/status.h"
+#include "../common/iobuf.h"
+#include "../common/util.h"
+#include "filter.h"
+#include "packet.h"
+#include "options.h"
+#include "main.h"
+
+
+/* The size of the buffer we allocate to encrypt the data.  This must
+ * be a multiple of the OCB blocksize (16 byte).  */
+#define AEAD_ENC_BUFFER_SIZE (64*1024)
+
+
+/* Wrapper around iobuf_write to make sure that a proper error code is
+ * always returned.  */
+static gpg_error_t
+my_iobuf_write (iobuf_t a, const void *buffer, size_t buflen)
+{
+  if (iobuf_write (a, buffer, buflen))
+    {
+      gpg_error_t err = iobuf_error (a);
+      if (!err || !gpg_err_code (err)) /* (The latter should never happen) */
+        err = gpg_error (GPG_ERR_EIO);
+      return err;
+    }
+  return 0;
+}
+
+
+/* Set the nonce and the additional data for the current chunk.  If
+ * FINAL is set the final AEAD chunk is processed.  This also reset
+ * the encryption machinery so that the handle can be used for a new
+ * chunk.  */
+static gpg_error_t
+set_nonce_and_ad (cipher_filter_context_t *cfx, int final)
+{
+  gpg_error_t err;
+  unsigned char nonce[16];
+  unsigned char ad[21];
+  int i;
+
+  switch (cfx->dek->use_aead)
+    {
+    case AEAD_ALGO_OCB:
+      memcpy (nonce, cfx->startiv, 15);
+      i = 7;
+      break;
+
+    case AEAD_ALGO_EAX:
+      memcpy (nonce, cfx->startiv, 16);
+      i = 8;
+      break;
+
+    default:
+      BUG ();
+    }
+
+  nonce[i++] ^= cfx->chunkindex >> 56;
+  nonce[i++] ^= cfx->chunkindex >> 48;
+  nonce[i++] ^= cfx->chunkindex >> 40;
+  nonce[i++] ^= cfx->chunkindex >> 32;
+  nonce[i++] ^= cfx->chunkindex >> 24;
+  nonce[i++] ^= cfx->chunkindex >> 16;
+  nonce[i++] ^= cfx->chunkindex >>  8;
+  nonce[i++] ^= cfx->chunkindex;
+
+  if (DBG_CRYPTO)
+    log_printhex (nonce, 15, "nonce:");
+  err = gcry_cipher_setiv (cfx->cipher_hd, nonce, i);
+  if (err)
+    return err;
+
+  ad[0] = (0xc0 | PKT_ENCRYPTED_AEAD);
+  ad[1] = 1;
+  ad[2] = cfx->dek->algo;
+  ad[3] = cfx->dek->use_aead;
+  ad[4] = cfx->chunkbyte;
+  ad[5] = cfx->chunkindex >> 56;
+  ad[6] = cfx->chunkindex >> 48;
+  ad[7] = cfx->chunkindex >> 40;
+  ad[8] = cfx->chunkindex >> 32;
+  ad[9] = cfx->chunkindex >> 24;
+  ad[10]= cfx->chunkindex >> 16;
+  ad[11]= cfx->chunkindex >>  8;
+  ad[12]= cfx->chunkindex;
+  if (final)
+    {
+      ad[13] = cfx->total >> 56;
+      ad[14] = cfx->total >> 48;
+      ad[15] = cfx->total >> 40;
+      ad[16] = cfx->total >> 32;
+      ad[17] = cfx->total >> 24;
+      ad[18] = cfx->total >> 16;
+      ad[19] = cfx->total >>  8;
+      ad[20] = cfx->total;
+    }
+  if (DBG_CRYPTO)
+    log_printhex (ad, final? 21 : 13, "authdata:");
+  return gcry_cipher_authenticate (cfx->cipher_hd, ad, final? 21 : 13);
+}
+
+
+static gpg_error_t
+write_header (cipher_filter_context_t *cfx, iobuf_t a)
+{
+  gpg_error_t err;
+  PACKET pkt;
+  PKT_encrypted ed;
+  unsigned int blocksize;
+  unsigned int startivlen;
+  enum gcry_cipher_modes ciphermode;
+
+  log_assert (cfx->dek->use_aead);
+
+  blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo);
+  if (blocksize != 16 )
+    log_fatal ("unsupported blocksize %u for AEAD\n", blocksize);
+
+  err = openpgp_aead_algo_info (cfx->dek->use_aead, &ciphermode, &startivlen);
+  if (err)
+    goto leave;
+
+  log_assert (opt.chunk_size >= 6 && opt.chunk_size <= 62);
+  cfx->chunkbyte = opt.chunk_size - 6;
+  cfx->chunksize = (uint64_t)1 << (cfx->chunkbyte + 6);
+  cfx->chunklen = 0;
+  cfx->bufsize = AEAD_ENC_BUFFER_SIZE;
+  cfx->buflen = 0;
+  cfx->buffer = xtrymalloc (cfx->bufsize);
+  if (!cfx->buffer)
+    return gpg_error_from_syserror ();
+
+  memset (&ed, 0, sizeof ed);
+  ed.new_ctb = 1;  /* (Is anyway required for the packet type).  */
+  ed.len = 0; /* fixme: cfx->datalen */
+  ed.extralen    = startivlen + 16; /* (16 is the taglen) */
+  ed.cipher_algo = cfx->dek->algo;
+  ed.aead_algo   = cfx->dek->use_aead;
+  ed.chunkbyte   = cfx->chunkbyte;
+
+  init_packet (&pkt);
+  pkt.pkttype = PKT_ENCRYPTED_AEAD;
+  pkt.pkt.encrypted = &ed;
+
+  if (DBG_FILTER)
+    log_debug ("aead packet: len=%lu extralen=%d\n",
+               (unsigned long)ed.len, ed.extralen);
+
+  write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
+                       cfx->dek->algo, ed.aead_algo);
+  print_cipher_algo_note (cfx->dek->algo);
+
+  if (build_packet( a, &pkt))
+    log_bug ("build_packet(ENCRYPTED_AEAD) failed\n");
+
+  log_assert (sizeof cfx->startiv >= startivlen);
+  gcry_randomize (cfx->startiv, startivlen, GCRY_STRONG_RANDOM);
+  err = my_iobuf_write (a, cfx->startiv, startivlen);
+  if (err)
+    goto leave;
+
+  err = openpgp_cipher_open (&cfx->cipher_hd,
+                             cfx->dek->algo,
+                             ciphermode,
+                             GCRY_CIPHER_SECURE);
+  if (err)
+    goto leave;
+
+  if (DBG_CRYPTO)
+    log_printhex (cfx->dek->key, cfx->dek->keylen, "thekey:");
+  err = gcry_cipher_setkey (cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen);
+  if (err)
+    return err;
+
+  cfx->wrote_header = 1;
+
+ leave:
+  return err;
+}
+
+
+/* Get and write the auth tag to stream A.  */
+static gpg_error_t
+write_auth_tag (cipher_filter_context_t *cfx, iobuf_t a)
+{
+  gpg_error_t err;
+  char tag[16];
+
+  err = gcry_cipher_gettag (cfx->cipher_hd, tag, 16);
+  if (err)
+    goto leave;
+  err = my_iobuf_write (a, tag, 16);
+  if (err)
+    goto leave;
+
+ leave:
+  if (err)
+    log_error ("write_auth_tag failed: %s\n", gpg_strerror (err));
+  return err;
+}
+
+
+/* Write the final chunk to stream A.  */
+static gpg_error_t
+write_final_chunk (cipher_filter_context_t *cfx, iobuf_t a)
+{
+  gpg_error_t err;
+  char dummy[1];
+
+  err = set_nonce_and_ad (cfx, 1);
+  if (err)
+    goto leave;
+
+  gcry_cipher_final (cfx->cipher_hd);
+
+  /* Encrypt an empty string.  */
+  err = gcry_cipher_encrypt (cfx->cipher_hd, dummy, 0, NULL, 0);
+  if (err)
+    goto leave;
+
+  err = write_auth_tag (cfx, a);
+
+ leave:
+  return err;
+}
+
+
+/* The core of the flush sub-function of cipher_filter_aead.   */
+static gpg_error_t
+do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size)
+{
+  gpg_error_t err = 0;
+  int finalize = 0;
+  size_t n;
+
+  /* Put the data into a buffer, flush and encrypt as needed.  */
+  if (DBG_FILTER)
+    log_debug ("flushing %zu bytes (cur buflen=%zu)\n", size, cfx->buflen);
+  do
+    {
+      if (cfx->buflen + size < cfx->bufsize)
+        n = size;
+      else
+        n = cfx->bufsize - cfx->buflen;
+
+      if (cfx->chunklen + cfx->buflen + n >= cfx->chunksize)
+        {
+          size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen);
+          finalize = 1;
+          if (DBG_FILTER)
+            log_debug ("chunksize %ju reached;"
+                       " cur buflen=%zu using %zu of %zu\n",
+                       cfx->chunksize, cfx->buflen,
+                       n1, n);
+          n = n1;
+        }
+
+      memcpy (cfx->buffer + cfx->buflen, buf, n);
+      cfx->buflen += n;
+      buf  += n;
+      size -= n;
+
+      if (cfx->buflen == cfx->bufsize || finalize)
+        {
+          if (DBG_FILTER)
+            log_debug ("encrypting: size=%zu buflen=%zu %s n=%zu\n",
+                       size, cfx->buflen, finalize?"(finalize)":"", n);
+
+          if (!cfx->chunklen)
+            {
+              if (DBG_FILTER)
+                log_debug ("start encrypting a new chunk\n");
+              err = set_nonce_and_ad (cfx, 0);
+              if (err)
+                goto leave;
+            }
+
+          if (finalize)
+            gcry_cipher_final (cfx->cipher_hd);
+          if (DBG_FILTER)
+            {
+              if (finalize)
+                log_printhex (cfx->buffer, cfx->buflen, "plain(1):");
+              else if (cfx->buflen > 32)
+                log_printhex (cfx->buffer + cfx->buflen - 32, 32,
+                              "plain(last32):");
+            }
+
+          /* Take care: even with a buflen of zero an encrypt needs to
+           * be called after gcry_cipher_final and before
+           * gcry_cipher_gettag - at least with libgcrypt 1.8 and OCB
+           * mode.  */
+          err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen,
+                                     NULL, 0);
+          if (err)
+            goto leave;
+          if (finalize && DBG_FILTER)
+            log_printhex (cfx->buffer, cfx->buflen, "ciphr(1):");
+          err = my_iobuf_write (a, cfx->buffer, cfx->buflen);
+          if (err)
+            goto leave;
+          cfx->chunklen += cfx->buflen;
+          cfx->total += cfx->buflen;
+          cfx->buflen = 0;
+
+          if (finalize)
+            {
+              if (DBG_FILTER)
+                log_debug ("writing tag: chunklen=%ju total=%ju\n",
+                           (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total);
+              err = write_auth_tag (cfx, a);
+              if (err)
+                goto leave;
+
+              cfx->chunkindex++;
+              cfx->chunklen = 0;
+              finalize = 0;
+            }
+        }
+    }
+  while (size);
+
+ leave:
+  return err;
+}
+
+
+/* The core of the free sub-function of cipher_filter_aead.   */
+static gpg_error_t
+do_free (cipher_filter_context_t *cfx, iobuf_t a)
+{
+  gpg_error_t err = 0;
+
+  if (DBG_FILTER)
+    log_debug ("do_free: buflen=%zu\n", cfx->buflen);
+
+  if (cfx->buflen)
+    {
+      if (DBG_FILTER)
+        log_debug ("encrypting last %zu bytes of the last chunk\n",cfx->buflen);
+
+      if (!cfx->chunklen)
+        {
+          if (DBG_FILTER)
+            log_debug ("start encrypting a new chunk\n");
+          err = set_nonce_and_ad (cfx, 0);
+          if (err)
+            goto leave;
+        }
+
+      gcry_cipher_final (cfx->cipher_hd);
+      err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen,
+                                 NULL, 0);
+      if (err)
+        goto leave;
+      err = my_iobuf_write (a, cfx->buffer, cfx->buflen);
+      if (err)
+        goto leave;
+      /* log_printhex (cfx->buffer, cfx->buflen, "wrote:"); */
+      cfx->chunklen += cfx->buflen;
+      cfx->total += cfx->buflen;
+
+      /* Get and write the authentication tag.  */
+      if (DBG_FILTER)
+        log_debug ("writing tag: chunklen=%ju total=%ju\n",
+                   (uintmax_t)cfx->chunklen, (uintmax_t)cfx->total);
+      err = write_auth_tag (cfx, a);
+      if (err)
+        goto leave;
+      cfx->chunkindex++;
+      cfx->chunklen = 0;
+    }
+
+  /* Write the final chunk.  */
+  if (DBG_FILTER)
+    log_debug ("creating final chunk\n");
+  err = write_final_chunk (cfx, a);
+
+ leave:
+  xfree (cfx->buffer);
+  cfx->buffer = NULL;
+  gcry_cipher_close (cfx->cipher_hd);
+  cfx->cipher_hd = NULL;
+  return err;
+}
+
+
+/*
+ * This filter is used to encrypt data with an AEAD algorithm
+ */
+int
+cipher_filter_aead (void *opaque, int control,
+                    iobuf_t a, byte *buf, size_t *ret_len)
+{
+  cipher_filter_context_t *cfx = opaque;
+  size_t size = *ret_len;
+  int rc = 0;
+
+  if (control == IOBUFCTRL_UNDERFLOW) /* decrypt */
+    {
+      rc = -1; /* not used */
+    }
+  else if (control == IOBUFCTRL_FLUSH) /* encrypt */
+    {
+      if (!cfx->wrote_header && (rc=write_header (cfx, a)))
+        ;
+      else
+        rc = do_flush (cfx, a, buf, size);
+    }
+  else if (control == IOBUFCTRL_FREE)
+    {
+      rc = do_free (cfx, a);
+    }
+  else if (control == IOBUFCTRL_DESC)
+    {
+      mem2str (buf, "cipher_filter_aead", *ret_len);
+    }
+
+  return rc;
+}
diff --git a/g10/cipher.c b/g10/cipher-cfb.c
similarity index 98%
rename from g10/cipher.c
rename to g10/cipher-cfb.c
index f577c97..3ba8eb7 100644
--- a/g10/cipher.c
+++ b/g10/cipher-cfb.c
@@ -1,4 +1,4 @@
-/* cipher.c - En-/De-ciphering filter
+/* cipher-cfb.c - Enciphering filter for the old CFB mode.
  * Copyright (C) 1998-2003, 2006, 2009 Free Software Foundation, Inc.
  * Copyright (C) 1998-2003, 2006, 2009, 2017 Werner koch
  *
diff --git a/g10/cpr.c b/g10/cpr.c
index bc4b715..5a39913 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -181,6 +181,50 @@ write_status_strings (int no, const char *text, ...)
 }
 
 
+/* Write a status line with code NO followed by the remaining
+ * arguments which must be a list of strings terminated by a NULL.
+ * Embedded CR and LFs in the strings are C-style escaped.  All
+ * strings are printed with a space as delimiter.  */
+gpg_error_t
+write_status_strings2 (ctrl_t dummy, int no, ...)
+{
+  va_list arg_ptr;
+  const char *s;
+
+  (void)dummy;
+
+  if (!statusfp || !status_currently_allowed (no) )
+    return 0;  /* Not enabled or allowed. */
+
+  va_start (arg_ptr, no);
+
+  es_fputs ("[GNUPG:] ", statusfp);
+  es_fputs (get_status_string (no), statusfp);
+  while ((s = va_arg (arg_ptr, const char*)))
+    {
+      if (*s)
+        es_putc (' ', statusfp);
+      for (; *s; s++)
+        {
+          if (*s == '\n')
+            es_fputs ("\\n", statusfp);
+          else if (*s == '\r')
+            es_fputs ("\\r", statusfp);
+          else
+            es_fputc (*(const byte *)s, statusfp);
+        }
+    }
+  es_putc ('\n', statusfp);
+
+  va_end (arg_ptr);
+
+  if (es_fflush (statusfp) && opt.exit_on_status_write_error)
+    g10_exit (0);
+
+  return 0;
+}
+
+
 void
 write_status_text (int no, const char *text)
 {
@@ -328,15 +372,20 @@ write_status_text_and_buffer (int no, const char *string,
             }
           first = 0;
         }
-      for (esc=0, s=buffer, n=len; n; s++, n--)
+      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
         {
           if (*s == '%' || *(const byte*)s <= lower_limit
               || *(const byte*)s == 127 )
             esc = 1;
           if (wrap && ++count > wrap)
-            dowrap=1;
-          if (esc || dowrap)
-            break;
+            {
+              dowrap=1;
+              break;
+            }
+        }
+      if (esc)
+        {
+          s--; n++;
         }
       if (s != buffer)
         es_fwrite (buffer, s-buffer, 1, statusfp);
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index 0046c35..345447d 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -1,7 +1,6 @@
 /* decrypt-data.c - Decrypt an encrypted data packet
  * Copyright (C) 1998-2001, 2005-2006, 2009 Free Software Foundation, Inc.
  * Copyright (C) 1998-2001, 2005-2006, 2009, 2018 Werner Koch
- * Copyright (C) 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -44,7 +43,7 @@ static int decode_filter ( void *opaque, int control, IOBUF a,
 /* Our context object.  */
 struct decode_filter_context_s
 {
-  /* Recounter (max value is 2).  We need it because we do not know
+  /* Redcounter (max value is 2).  We need it because we do not know
    * whether the iobuf or the outer control code frees this object
    * first.  */
   int  refcount;
@@ -215,14 +214,10 @@ aead_checktag (decode_filter_ctx_t dfx, int final, const void *tagbuf)
 
 
 /****************
- * Decrypt the data, specified by ED with the key DEK.  On return
- * COMPLIANCE_ERROR is set to true iff the decryption can claim that
- * it was compliant in the current mode; otherwise this flag is set to
- * false.
+ * Decrypt the data, specified by ED with the key DEK.
  */
 int
-decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
-              int *compliance_error)
+decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
 {
   decode_filter_ctx_t dfx;
   enum gcry_cipher_modes ciphermode;
@@ -230,10 +225,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
   byte *p;
   int rc=0, c, i;
   byte temp[32];
-  unsigned blocksize;
-  unsigned nprefix;
-
-  *compliance_error = 0;
+  unsigned int blocksize;
+  unsigned int nprefix;
 
   dfx = xtrycalloc (1, sizeof *dfx);
   if (!dfx)
@@ -243,8 +236,10 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
   if ( opt.verbose && !dek->algo_info_printed )
     {
       if (!openpgp_cipher_test_algo (dek->algo))
-        log_info (_("%s encrypted data\n"),
-                  openpgp_cipher_algo_mode_name (dek->algo, ed->aead_algo));
+        log_info (_("%s.%s encrypted data\n"),
+                  openpgp_cipher_algo_name (dek->algo),
+                  ed->aead_algo? openpgp_aead_algo_name (ed->aead_algo)
+                  /**/         : "CFB");
       else
         log_info (_("encrypted with unknown algorithm %d\n"), dek->algo );
       dek->algo_info_printed = 1;
@@ -264,24 +259,18 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
   if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode))
     {
       log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
-		 openpgp_cipher_algo_mode_name (dek->algo,ed->aead_algo),
+		 openpgp_cipher_algo_name (dek->algo),
 		 gnupg_compliance_option_string (opt.compliance));
-      *compliance_error = 1;
-      if (opt.flags.require_compliance)
-        {
-          /* We fail early in this case because it does not make sense
-           * to first decrypt everything.  */
-          rc = gpg_error (GPG_ERR_CIPHER_ALGO);
-          goto leave;
-        }
+      rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+      goto leave;
     }
 
   write_status_printf (STATUS_DECRYPTION_INFO, "%d %d %d",
-                       ed->mdc_method, dek->algo, 0);
+                       ed->mdc_method, dek->algo, ed->aead_algo);
 
   if (opt.show_session_key)
     {
-      char numbuf[25];
+      char numbuf[30];
       char *hexbuf;
 
       if (ed->aead_algo)
@@ -424,18 +413,17 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
         {
           log_info (_("WARNING: message was encrypted with"
                       " a weak key in the symmetric cipher.\n"));
-          rc = 0;
+          rc=0;
         }
       else if (rc)
         {
-          log_error("key setup failed: %s\n", gpg_strerror (rc) );
+          log_error ("key setup failed: %s\n", gpg_strerror (rc) );
           goto leave;
         }
 
       if (!ed->buf)
         {
           log_error (_("problem handling encrypted packet\n"));
-          rc = gpg_error (GPG_ERR_INV_PACKET);
           goto leave;
         }
 
@@ -493,11 +481,9 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
       rc = get_output_file ("", 0, ed->buf, &filename, &fp);
       if (! rc)
         {
-          iobuf_t output = iobuf_esopen (fp, "w", 0);
+          iobuf_t output = iobuf_esopen (fp, "w", 0, 0);
           armor_filter_context_t *afx = NULL;
 
-	  es_setbuf (fp, NULL);
-
           if (opt.armor)
             {
               afx = new_armor_context ();
@@ -551,8 +537,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
           || datalen != 20
           || memcmp (gcry_md_read (dfx->mdc_hash, 0), dfx->holdback+2, datalen))
         rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
-      /* log_printhex(dfx->holdback, 22, "MDC message:"); */
-      /* log_printhex(gcry_md_read (dfx->mdc_hash,0), datalen, "MDC calc:"); */
+      /* log_printhex("MDC message:", dfx->holdback, 22); */
+      /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
     }
 
  leave:
@@ -926,7 +912,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a,
       n = fill_buffer (dfx, a, buf, 44, 22);
       if (n == 44)
         {
-          /* We have enough stuff - flush the deferred stuff.  */
+          /* We have enough stuff - flush the holdback buffer.  */
           if ( !dfx->holdbacklen )  /* First time. */
             {
               memcpy (buf, buf+22, 22);
@@ -936,6 +922,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a,
             {
               memcpy (buf, dfx->holdback, 22);
 	    }
+
           /* Fill up the buffer. */
           n = fill_buffer (dfx, a, buf, size, n);
 
@@ -945,7 +932,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a,
           memcpy (dfx->holdback, buf+n, 22 );
           dfx->holdbacklen = 22;
 	}
-      else if ( !dfx->holdbacklen )  /* EOF seen but empty holdback buffer. */
+      else if ( !dfx->holdbacklen ) /* EOF seen but empty holdback. */
         {
           /* This is bad because it means an incomplete hash. */
           n -= 22;
diff --git a/g10/dek.h b/g10/dek.h
index 3654491..88f8bc5 100644
--- a/g10/dek.h
+++ b/g10/dek.h
@@ -1,5 +1,5 @@
 /* dek.h - The data encryption key structure.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 2014, 2017 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -19,6 +19,7 @@
 #ifndef G10_DEK_H
 #define G10_DEK_H
 
+
 typedef struct
 {
   /* The algorithm (e.g., CIPHER_ALGO_AES).  */
diff --git a/g10/delkey.c b/g10/delkey.c
index 13dbcf0..458c451 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -66,15 +66,13 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
 
   *r_sec_avail = 0;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     return gpg_error_from_syserror ();
 
   /* Search the userid.  */
   err = classify_user_id (username, &desc, 1);
-  exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
-                || desc.mode == KEYDB_SEARCH_MODE_FPR16
-                || desc.mode == KEYDB_SEARCH_MODE_FPR20);
+  exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR);
   thiskeyonly = desc.exact;
   if (!err)
     err = keydb_search (hd, &desc, 1, NULL);
@@ -134,7 +132,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
 
   if (!secret && !force)
     {
-      if (have_secret_key_with_kid (keyid))
+      if (have_secret_key_with_kid (ctrl, keyid))
         {
           *r_sec_avail = 1;
           err = gpg_error (GPG_ERR_EOF);
@@ -144,7 +142,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
         err = 0;
     }
 
-  if (secret && !have_secret_key_with_kid (keyid))
+  if (secret && !have_secret_key_with_kid (ctrl, keyid))
     {
       err = gpg_error (GPG_ERR_NOT_FOUND);
       log_error (_("key \"%s\" not found\n"), username);
@@ -154,7 +152,13 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
 
 
   if (opt.batch && exactmatch)
-    okay++;
+    {
+      if (secret && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK
+          && !opt.answer_yes)
+        log_error(_("can't do this in batch mode without \"--yes\"\n"));
+      else
+        okay++;
+    }
   else if (opt.batch && secret)
     {
       log_error(_("can't do this in batch mode\n"));
@@ -169,12 +173,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
     }
   else
     {
-      if (secret)
-        print_seckey_info (ctrl, pk);
-      else
-        print_pubkey_info (ctrl, NULL, pk );
-      tty_printf( "\n" );
-
+      print_key_info (ctrl, NULL, 0, pk, secret);
+      tty_printf ("\n");
       if (thiskeyonly == 1 && !secret)
         {
           /* We need to delete the entire public key despite the use
@@ -239,7 +239,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
               if (thiskeyonly && targetnode != node)
                 continue;
 
-              if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
+              if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
                 continue;  /* No secret key for that public (sub)key.  */
 
               prompt = gpg_format_keydesc (ctrl,
@@ -369,11 +369,6 @@ delete_keys (ctrl_t ctrl, strlist_t names, int secret, int allow_both)
         {
           log_error ("%s: delete key failed: %s\n",
                      names->d, gpg_strerror (err));
-          if (gpg_err_code (err) == GPG_ERR_NO_PIN_ENTRY
-              && opt.batch && secret
-              && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
-            log_info ("(try option \"--yes\" to delete anyway)\n");
-
           return err;
         }
     }
diff --git a/g10/distsigkey.gpg b/g10/distsigkey.gpg
index 4c4db51c9fc8b73e5287cdbd2b698e94852c4739..47d767c6ed7fe4ac88c767ad3875fcc6b7552b3c 100644
GIT binary patch
delta 1305
zcmV+!1?Kv`9@7?onE?$1O)ZOo0SEx98q%d-*vS3q;glD0+02kXq&p^zv9+PP{mB3+
zVc4#rQ$kJ1QSTGDI>t}FHe6ZU8`J187s(AnWwe9fC|Udy+gL)N4wjUF+m_C6eH;T|
z1CqGlj_|-A#~Jzg2x}#+IkfS@qTfC%;};PO|MDG55k*yh2>w8MmtYcLfoy~#DSQSu
zyD1zx2b-L;ijvNrRUd$=4!=(ha>MdaMjlNu@;Y#bg@4FHgCw96V?|@rPW{}!E~pLp
zW-Oe|OYbEj*uDPJOz(KyYcP`+Kz^)OZHS+Ut)Prg`$!3a`)I|+$|q1Wfz%Kf=FP<_
zs^n`HYupfjV|w9+pev$Df81RXApj8p00FcXS7mZ;WpW@(Z)0d6C}e4KbRctSXDNvR
zRRj|O2mn6<8v_Ol2?z%R0tOWb0tpHW1Qr4V0RkQY0vCW5Aq3cIAtS^FUFu#BI<+L5
zInqxh<F*9?UJS$;1ql?PS2h3&2@oWkInqxh<F*KYnFswHs)t&N{%I+i69gw{19Z(6
zxRCb1TPC&hW{I}Jb1jlz=oZq^sv<HREkr|q49mffJU~RJsr|tVXwRl|x&teTgu<kk
z{_cSj!21=WK=#Y6@c+2RI%q8QK2tIaG7Y`ATHcyGllHqhvAetmtDhqqo&vceqAnH)
z<dKPgRNceo19#6aqEqBvQ{PL-VD%R*!Ji}$K=Q$_jjtGs$LRxrGgCF$H$0bLa(AqM
z#I<YUi%~OCcFumpWZ2I_QbW*L?GJ0=R6jJnd79)Ii<P^TTwSMe@jz7#jC}J2@vV}S
zxW=YwCi7!kofe0cV&xVYEuGBNONbqD=0+xeICg5Pa+v`Q1XNHvBLN5i<`8f<(RVtc
zpZnRD33UT2iCgCbBX-!m>k+i#04MJSsO;(bbD8a~CQ!K-QRHFVcMkVlE`k;4M|zLm
zNme3SpiKk^#Pv+ukVL+5kGQ}*>Q$#IgsfffMdlp{GAp`iL~qQ(LiJN1D+pnLDBg^J
zSN)&N?uZ!-H;#Kzx$Xbh@rImcqOi~kmiuiTW_{M|xG9cb1kHW90H9^uc)!o<KTonk
zs}@fJR4V+Y$B~G9)`BMZ1^WM*KD;ca5KMpA=^c85UU+yej{^K_5HLQ53RPc1J1@UA
z2Pl1>puQ+I`7ZfJxdz||VlS=&?CMv4)ZL_CPYRR_$oKBKmnAUr-7^3Y0RRECGEPZJ
zLPa21b#!5CVIU|+Zgo&cAW~&)Wnpt=AWLO=DIh#&ZfR*^Wk6<gX=*NSa%Vn?0Xzf~
z0SEvl0viJb3kL`Z0|XTa2?_-k0s{d60v-VZ7k~u<SPv9g1qlmFkTw7c2@oKEaj=Rr
zy*~!LZwLUuNR({-zJ?r0CBSt9uD?B?GieTv^9Rh{m6b15KTe2_bo1Cb-i%goE^JA|
z$Gn-C)T2o7+iR%QbVNcB>z(b=)P}P>$CFSc4bGK?GZoEqq=3r2J!+Mj@(L~)MTx(0
z&cRze5KuM~)g81lcDQcLWB;Ci3zENS<ABQNSrNO^^0*nwl*OzYL2%NPS(tO|RA=jP
z@e*bW6MA|hUs(-$+|^{-%w4F@Uo*;XoVi46>jsf+)Sj6{?1qx(C?Hv1GJM&!!GUvU
zec7De3sT#LW;1qQEBe^Z(F2ks<g;XTg8=Y<lx+@{pX9Lix$zQpvhGg}?;Df}Y;m|4
PEEg~itFT@LlN1N?wqHPj

delta 2236
zcmZvcc{tSV8pnUXF_sx*Bzi@RK@ph=*@;2c#xmIrV}HpOSw>D%WG!SVyO*hi>_lfW
z3`w?*vV|nZQYt%z!fTw%xz4$+^Y8cm<MUk4_jBI^0?i_IEUZqf<OHw|iU2u)lLBJU
zjK^Jt8tB<>br>O8^iz<=x@$uXE5x>^B^Q9h5Qj-1gLBUj&#JuCBhs~VJ3WO_U7hKe
z@q&NR)sq-(!dsNo{&+@0(lL=*FIPq>>GAL{?2LK4;10rK3mvR9jno4=v6OE<?5VZa
zQF(>rx?S67qBSD)R=E15Ghvw3)-#4@Xvifk8KMEghrgNAp{>hT=@Z>&4Yl!!n=stm
z{rd8c@zG5WyZ+x{3v|BHn1rigBsF3-f&Lh2ZbP`6ru`_Pty9bAhL-?Nc{=5@r%kGm
zvph@f<Xp?Nbzy~VG?;0s;uV|5H&Hn#Mq(oqomETzaI)@8i4<Pbc>DC{EIA}IJhr!m
z5@>?k9xAxvDI3%gQI_E}W;3KgQf8lf@__g-H-T%4PWUu#KY6v^TJ(cn=%~^Nf7J^~
zZB$K0I6}q4aBjIqLl#;K36&C593Q=a<k6E_%6qdJwo^0wbz10X*$9{P!nR<YC)HS$
zTP&{?-K{3nYaT5b(DJ)UzB0G8bgx(YnRNt`%hvrvSlN-01<JcdOnP@|Q+bAr`!5S`
zcBI@bRJsd%l^pK}MeuSSly}p`HgJPFd{03s_U&p#Ot}cQ&Wjb|th+MDEblN8%LXRS
zQO|Y+*lh6r)uEx1Q{EN(oHN*v5qv|97w!57FuAfOAIM1xl4ki+=)vYI<f<72(F$Jr
z6`W50wiq7*MF{-cmC6#__%iv#h_3<I>FCC*_QlioA8;mbRg%d&Ox{lednO4p;CTM&
zPN;sIVjjlIvZK36+kUVC|9zs{hitiJ1_JHnsL@OVo%of;W_!$W5&ZeD*PoTP))gE5
z)f(cH<Od{x3jdLG#9K_fosIC-iAU{Ox+4fDJL|4hGLaIws{Lk?(+%AA?0d$V3A@x{
zk(g7@Wj1++g@>F(1@F!cA!5@u+A=Jc^b&*Gh!mSGPQHI8D2k4g?5-E6w0m~qe?*z)
z3cMU=n47_K5ND;GM9{lmbepa+BF*vulj6^Q3Un35b*}fK?-LTc3IgXo42lzV^2sCN
zO^XqZ3s#A}RPoJ};j0mq-9fH1OL#m#jm_xeaMpago#^UbaV;j8L(57kOXjUaB>hM!
z39t_Lv>6G_qrBvBzrhztlX-W};|iq<rK{8Tb`|9pgpT@M#Jm18Ukq#8$64Py-aK~k
z{_bR%%U3)7z7ll|q~q8gDIFE@kUZPYGmuK1;diH-qI9wSL;rd~;P)Fls0w~yM(coy
zw^)JkBAqHMHodbamaN|>!)$8pH}l&LlZne9&{4i(7j|+qEZS9RjTAgQ#W=AQ7(`Ms
zZM?OGQxFGeAW+*+8heBHvtsGwvBt{BCOcP?71Wf<wB<iBF63Kj5TRKLP~xMgI02Xp
z8wdr*40u40T{}CU43E64OS%wtJNX#O9#@A&%Qb8sq21hCAl=?1Yt<uh-rlYrNV|}0
zE>~QTQU?AZ<_1Vh4_^<LU=O5;2T3|U2g)Y^2eA8Bsyvz3;iuNwB!lg2j``%=V`l|B
zI%%vBCKV#Y!V2T$X3I{Wg(J!P!-Lsg6tHK%WK8SD&r~r~F7aS?VUvwfE;E|n)r!$p
z!Y0txky9Y>gKZ>piQ8AArHx(sqW!L0hnDhmcFIQFXs(`bw8Avkf4MJ_R~L5N{2IaW
zqr3*gtJ+e@43fkOanaT-V1DRfLdM1eyV8mq7B=RlF1_6=%bsyZvF9~9jtf>OS8RP)
zO0H4;6%Fhl2ogVt{ND!8EH){c*2|@&`Wr+wxWjh(&~v9_X#eZ}Q5^}Ix}j@T1RT2p
z)H~5kpHQ0*z>Q4sVIuJ-2SCBUBd;h}Tb)Hawmq#fQp|L_umTgjL>YZ;k-k12($y>=
zQLKIx-|K34k>_|tlewPRNompD)CqOBFK6bcElE-#mij4AVTt-0s@p-RBULi81}9?~
z+S!fsuh{#8xT|sQ&`7RIX=S^c?E$N@>fwb?j$vQ^=&)d=29(ALr!JRg!O7VeX<^&&
zD(d~s$JlQZMW)g_k)+n(H+Z?Ssp(|O@`FX_3vpW0^1C=#MP+6W%hzR1&V;*DdG-_=
z+J$k9<U+8!16CZZ(HpGU{B)Ptr`t}?aq!owFkPr>jGn4ay%uoqzSNBc(E*=FHEuRH
z!H-6BqdDv1M(VVA)5luBv&eX;i?{JZKA4OI3k!r}-$Mus)G3o^z|#VlymN}%U+6qn
zTL{Ayvqq?Pvlx24i?EBKu+2|ZuE)HxUaQ6Y+PSjZ5;}+3?%8}3jTUn?`p%u*UN3Rr
zrkq=VA5!X2P`tO7zqh{^Q&glpM*iG^t$flP2f9MmlJ<f{w<4=mi^eV&cst#5pm6MW
zw*RsNTY0X&Ph{F^eK^Az13LmIk{-<tO@a88{9HoGgj(n4bkeJ|27+4JYk$Z4jt_yI
z<MdZ8YDaD;YF@b$N-qJ1?9Fv8dllB$&ehN$jEi8};rgeyzy--J-nbQ}AeQl&&rfNq
zjdf{*KwN`-w;{b}UG_b)F&T|wUFFZ)Sn{{;e0?p|0J*G(27#w`z9xydf!QeR;LR?l
zOC3hLD`FC6v9xu~hgkyfBGyC1{!0G;3*+K#X3xap4o{4T2nfv27o{ox9GpHnyK<~b
zN8jx-PYz72SLfuE0la$EHs%8ej4!lv3U6O`jxM}oTX;`Lma-gyI$iBa-WIWOrP|<t
FzX4-5=hFZH

diff --git a/g10/ecdh.c b/g10/ecdh.c
index 97d4838..d048951 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -39,7 +39,7 @@ static const struct
   /* Note: Must be sorted by ascending values for QBITS.  */
   {
     { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES    },
-    { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 },
+    { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
 
     /* Note: 528 is 521 rounded to the 8 bit boundary */
     { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }
@@ -82,11 +82,10 @@ pk_ecdh_default_params (unsigned int qbits)
 }
 
 
-/* Extract x-component from the point (SHARED,NSHARED) and strore it
- * in a new buffer at R_SECRET_X.  POINT_NBYTES is the size to
- * represent an EC point which is determined by the public key.
- * SECRET_X_SIZE is the size of x component to represent an integer
- * which is determined by the curve. */
+/* Extract xcomponent from the point SHARED.  POINT_NBYTES is the
+   size to represent an EC point which is determined by the public
+   key.  SECRET_X_SIZE is the size of x component to represent an
+   integer which is determined by the curve. */
 static gpg_error_t
 extract_secret_x (byte **r_secret_x,
                   const char *shared, size_t nshared,
@@ -139,19 +138,92 @@ extract_secret_x (byte **r_secret_x,
 }
 
 
-/* Encrypts/decrypts DATA using a key derived from the ECC shared
-   point (SHARED,NSHARED) using the FIPS SP 800-56A compliant method
-   key_derivation+key_wrapping.  If IS_ENCRYPT is true the function
-   encrypts; if false, it decrypts.  PKEY is the public key and PK_FP
-   the fingerprint of this public key.  On success the result is
-   stored at R_RESULT; on failure NULL is stored at R_RESULT and an
-   error code returned.  */
-gpg_error_t
-pk_ecdh_encrypt_with_shared_point (int is_encrypt,
-                                   const char *shared, size_t nshared,
-                                   const byte pk_fp[MAX_FINGERPRINT_LEN],
-                                   gcry_mpi_t data, gcry_mpi_t *pkey,
-                                   gcry_mpi_t *r_result)
+/* Build KDF parameters */
+/* RFC 6637 defines the KDF parameters and its encoding in Section
+   8. EC DH Algorighm (ECDH).  Since it was written for v4 key, it
+   said "20 octets representing a recipient encryption subkey or a
+   master key fingerprint".  For v5 key, it is considered "adequate"
+   (in terms of NIST SP 800 56A, see 5.8.2 FixedInfo) to use the first
+   20 octets of its 32 octets fingerprint.  */
+static gpg_error_t
+build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
+                  gcry_mpi_t *pkey, const byte pk_fp[MAX_FINGERPRINT_LEN])
+{
+  IOBUF obuf;
+  gpg_error_t err;
+
+  *r_size = 0;
+
+  obuf = iobuf_temp();
+  if (!obuf)
+    return gpg_error_from_syserror ();
+
+  /* variable-length field 1, curve name OID */
+  err = gpg_mpi_write_nohdr (obuf, pkey[0]);
+  /* fixed-length field 2 */
+  iobuf_put (obuf, PUBKEY_ALGO_ECDH);
+  /* variable-length field 3, KDF params */
+  err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2]));
+  /* fixed-length field 4 */
+  iobuf_write (obuf, "Anonymous Sender    ", 20);
+  /* fixed-length field 5, recipient fp (or first 20 octets of fp) */
+  iobuf_write (obuf, pk_fp, 20);
+
+  if (!err)
+    *r_size = iobuf_temp_to_buffer (obuf, kdf_params, 256);
+
+  iobuf_close (obuf);
+
+  if (!err)
+    {
+      if (DBG_CRYPTO)
+        log_printhex (kdf_params, *r_size, "ecdh KDF message params are:");
+    }
+
+  return err;
+}
+
+
+/* Derive KEK with KEK_SIZE into the memory at SECRET_X.  */
+static gpg_error_t
+derive_kek (size_t kek_size,
+            int kdf_hash_algo,
+            byte *secret_x, int secret_x_size,
+            const unsigned char *kdf_params, size_t kdf_params_size)
+{
+  gpg_error_t err;
+  gcry_md_hd_t h;
+
+  log_assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
+
+  err = gcry_md_open (&h, kdf_hash_algo, 0);
+  if (err)
+    {
+      log_error ("gcry_md_open failed for kdf_hash_algo %d: %s",
+                 kdf_hash_algo, gpg_strerror (err));
+      return err;
+    }
+  gcry_md_write(h, "\x00\x00\x00\x01", 4);      /* counter = 1 */
+  gcry_md_write(h, secret_x, secret_x_size);    /* x of the point X */
+  gcry_md_write(h, kdf_params, kdf_params_size);      /* KDF parameters */
+  gcry_md_final (h);
+  memcpy (secret_x, gcry_md_read (h, kdf_hash_algo), kek_size);
+  gcry_md_close (h);
+  /* Clean the tail before returning.  */
+  memset (secret_x+kek_size, 0, secret_x_size - kek_size);
+  if (DBG_CRYPTO)
+    log_printhex (secret_x, kek_size, "ecdh KEK is:");
+  return err;
+}
+
+
+/* Prepare ECDH using SHARED, PK_FP fingerprint, and PKEY array.
+   Returns the cipher handle in R_HD, which needs to be closed by
+   the caller.  */
+static gpg_error_t
+prepare_ecdh_with_shared_point (const char *shared, size_t nshared,
+                                const byte pk_fp[MAX_FINGERPRINT_LEN],
+                                gcry_mpi_t *pkey, gcry_cipher_hd_t *r_hd)
 {
   gpg_error_t err;
   byte *secret_x;
@@ -161,11 +233,12 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt,
   size_t kek_params_size;
   int kdf_hash_algo;
   int kdf_encr_algo;
+  unsigned char kdf_params[256];
+  size_t kdf_params_size;
   size_t kek_size;
-  unsigned char message[256];
-  size_t message_size;
+  gcry_cipher_hd_t hd;
 
-  *r_result = NULL;
+  *r_hd = NULL;
 
   if (!gcry_mpi_get_flag (pkey[2], GCRYMPI_FLAG_OPAQUE))
     return gpg_error (GPG_ERR_BUG);
@@ -202,19 +275,22 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt,
   if (kek_size > gcry_md_get_algo_dlen (kdf_hash_algo))
     return gpg_error (GPG_ERR_BAD_PUBKEY);
 
+  /* Build kdf_params.  */
+  err = build_kdf_params (kdf_params, &kdf_params_size, pkey, pk_fp);
+  if (err)
+    return err;
 
   nbits = pubkey_nbits (PUBKEY_ALGO_ECDH, pkey);
   if (!nbits)
     return gpg_error (GPG_ERR_TOO_SHORT);
 
-  /* Expected size of the x component */
   secret_x_size = (nbits+7)/8;
-
   if (kek_size > secret_x_size)
     return gpg_error (GPG_ERR_BAD_PUBKEY);
 
   err = extract_secret_x (&secret_x, shared, nshared,
-                          (mpi_get_nbits (pkey[1] /* public point */)+7)/8,
+                          /* pkey[1] is the public point */
+                          (mpi_get_nbits (pkey[1])+7)/8,
                           secret_x_size);
   if (err)
     return err;
@@ -228,235 +304,144 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt,
    * a KEK.
    */
 
-
-  /* Build kdf_params.  */
-  {
-    IOBUF obuf;
-
-    obuf = iobuf_temp();
-    /* variable-length field 1, curve name OID */
-    err = gpg_mpi_write_nohdr (obuf, pkey[0]);
-    /* fixed-length field 2 */
-    iobuf_put (obuf, PUBKEY_ALGO_ECDH);
-    /* variable-length field 3, KDF params */
-    err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2]));
-    /* fixed-length field 4 */
-    iobuf_write (obuf, "Anonymous Sender    ", 20);
-    /* fixed-length field 5, recipient fp */
-    iobuf_write (obuf, pk_fp, 20);
-
-    message_size = iobuf_temp_to_buffer (obuf, message, sizeof message);
-    iobuf_close (obuf);
-    if (err)
-      {
-        xfree (secret_x);
-        return err;
-      }
-
-    if(DBG_CRYPTO)
-      log_printhex (message, message_size, "ecdh KDF message params are:");
-  }
-
-  /* Derive a KEK (key wrapping key) using MESSAGE and SECRET_X. */
-  {
-    gcry_md_hd_t h;
-    int old_size;
-
-    err = gcry_md_open (&h, kdf_hash_algo, 0);
-    if (err)
-      {
-        log_error ("gcry_md_open failed for kdf_hash_algo %d: %s",
-                   kdf_hash_algo, gpg_strerror (err));
-        xfree (secret_x);
-        return err;
-      }
-    gcry_md_write(h, "\x00\x00\x00\x01", 4);      /* counter = 1 */
-    gcry_md_write(h, secret_x, secret_x_size);    /* x of the point X */
-    gcry_md_write(h, message, message_size);      /* KDF parameters */
-
-    gcry_md_final (h);
-
-    log_assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
-
-    memcpy (secret_x, gcry_md_read (h, kdf_hash_algo),
-            gcry_md_get_algo_dlen (kdf_hash_algo));
-    gcry_md_close (h);
-
-    old_size = secret_x_size;
-    log_assert( old_size >= gcry_cipher_get_algo_keylen( kdf_encr_algo ) );
-    secret_x_size = gcry_cipher_get_algo_keylen( kdf_encr_algo );
-    log_assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
-
-    /* We could have allocated more, so clean the tail before returning.  */
-    memset (secret_x+secret_x_size, 0, old_size - secret_x_size);
-    if (DBG_CRYPTO)
-      log_printhex (secret_x, secret_x_size, "ecdh KEK is:");
-  }
+  /* Derive a KEK (key wrapping key) using SECRET_X and KDF_PARAMS. */
+  err = derive_kek (kek_size, kdf_hash_algo, secret_x,
+                    secret_x_size, kdf_params, kdf_params_size);
+  if (err)
+    {
+      xfree (secret_x);
+      return err;
+    }
 
   /* And, finally, aeswrap with key secret_x.  */
-  {
-    gcry_cipher_hd_t hd;
-    size_t nbytes;
-
-    byte *data_buf;
-    int data_buf_size;
-
-    gcry_mpi_t result;
-
-    err = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
-    if (err)
-      {
-        log_error ("ecdh failed to initialize AESWRAP: %s\n",
-                   gpg_strerror (err));
-        xfree (secret_x);
-        return err;
-      }
-
-    err = gcry_cipher_setkey (hd, secret_x, secret_x_size);
-    xfree (secret_x);
-    secret_x = NULL;
-    if (err)
-      {
-        gcry_cipher_close (hd);
-        log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
-                   gpg_strerror (err));
-        return err;
-      }
-
-    data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
-    if ((data_buf_size & 7) != (is_encrypt ? 0 : 1))
-      {
-        log_error ("can't use a shared secret of %d bytes for ecdh\n",
-                   data_buf_size);
-        return gpg_error (GPG_ERR_BAD_DATA);
-      }
-
-    data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
-    if (!data_buf)
-      {
-        err = gpg_error_from_syserror ();
-        gcry_cipher_close (hd);
-        return err;
-      }
-
-    if (is_encrypt)
-      {
-        byte *in = data_buf+1+data_buf_size+8;
-
-        /* Write data MPI into the end of data_buf. data_buf is size
-           aeswrap data.  */
-        err = gcry_mpi_print (GCRYMPI_FMT_USG, in,
-                             data_buf_size, &nbytes, data/*in*/);
-        if (err)
-          {
-            log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (err));
-            gcry_cipher_close (hd);
-            xfree (data_buf);
-            return err;
-          }
-
-        if (DBG_CRYPTO)
-          log_printhex (in, data_buf_size, "ecdh encrypting  :");
-
-        err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8,
-                                   in, data_buf_size);
-        memset (in, 0, data_buf_size);
-        gcry_cipher_close (hd);
-        if (err)
-          {
-            log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
-                       gpg_strerror (err));
-            xfree (data_buf);
-            return err;
-          }
-        data_buf[0] = data_buf_size+8;
-
-        if (DBG_CRYPTO)
-          log_printhex (data_buf+1, data_buf[0], "ecdh encrypted to:");
-
-        result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0]));
-        if (!result)
-          {
-            err = gpg_error_from_syserror ();
-            xfree (data_buf);
-            log_error ("ecdh failed to create an MPI: %s\n",
-                       gpg_strerror (err));
-            return err;
-          }
-
-        *r_result = result;
-      }
-    else
-      {
-        byte *in;
-        const void *p;
-
-        p = gcry_mpi_get_opaque (data, &nbits);
-        nbytes = (nbits+7)/8;
-        if (!p || nbytes > data_buf_size || !nbytes)
-          {
-            xfree (data_buf);
-            return gpg_error (GPG_ERR_BAD_MPI);
-          }
-        memcpy (data_buf, p, nbytes);
-        if (data_buf[0] != nbytes-1)
-          {
-            log_error ("ecdh inconsistent size\n");
-            xfree (data_buf);
-            return gpg_error (GPG_ERR_BAD_MPI);
-          }
-        in = data_buf+data_buf_size;
-        data_buf_size = data_buf[0];
-
-        if (DBG_CRYPTO)
-          log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :");
-
-        err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
-                                   data_buf_size);
-        gcry_cipher_close (hd);
-        if (err)
-          {
-            log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
-                       gpg_strerror (err));
-            xfree (data_buf);
-            return err;
-          }
-
-        data_buf_size -= 8;
-
-        if (DBG_CRYPTO)
-          log_printhex (in, data_buf_size, "ecdh decrypted to :");
-
-        /* Padding is removed later.  */
-        /* if (in[data_buf_size-1] > 8 ) */
-        /*   { */
-        /*     log_error ("ecdh failed at decryption: invalid padding." */
-        /*                " 0x%02x > 8\n", in[data_buf_size-1] ); */
-        /*     return gpg_error (GPG_ERR_BAD_KEY); */
-        /*   } */
-
-        err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
-        xfree (data_buf);
-        if (err)
-          {
-            log_error ("ecdh failed to create a plain text MPI: %s\n",
-                       gpg_strerror (err));
-            return err;
-          }
-
-        *r_result = result;
-      }
-  }
+  err = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
+  if (err)
+    {
+      log_error ("ecdh failed to initialize AESWRAP: %s\n",
+                 gpg_strerror (err));
+      xfree (secret_x);
+      return err;
+    }
+
+  err = gcry_cipher_setkey (hd, secret_x, kek_size);
+  xfree (secret_x);
+  secret_x = NULL;
+  if (err)
+    {
+      gcry_cipher_close (hd);
+      log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
+                 gpg_strerror (err));
+    }
+  else
+    *r_hd = hd;
 
   return err;
 }
 
+/* Encrypts DATA using a key derived from the ECC shared point SHARED
+   using the FIPS SP 800-56A compliant method
+   key_derivation+key_wrapping.  PKEY is the public key and PK_FP the
+   fingerprint of this public key.  On success the result is stored at
+   R_RESULT; on failure NULL is stored at R_RESULT and an error code
+   returned.  */
+gpg_error_t
+pk_ecdh_encrypt_with_shared_point (const char *shared, size_t nshared,
+                                   const byte pk_fp[MAX_FINGERPRINT_LEN],
+                                   const byte *data, size_t ndata,
+                                   gcry_mpi_t *pkey, gcry_mpi_t *r_result)
+{
+  gpg_error_t err;
+  gcry_cipher_hd_t hd;
+  byte *data_buf;
+  int data_buf_size;
+  gcry_mpi_t result;
+  byte *in;
+
+  *r_result = NULL;
+
+  err = prepare_ecdh_with_shared_point (shared, nshared, pk_fp, pkey, &hd);
+  if (err)
+    return err;
+
+  data_buf_size = ndata;
+  if ((data_buf_size & 7) != 0)
+    {
+      log_error ("can't use a shared secret of %d bytes for ecdh\n",
+                 data_buf_size);
+      gcry_cipher_close (hd);
+      return gpg_error (GPG_ERR_BAD_DATA);
+    }
+
+  data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
+  if (!data_buf)
+    {
+      err = gpg_error_from_syserror ();
+      gcry_cipher_close (hd);
+      return err;
+    }
+
+  in = data_buf+1+data_buf_size+8;
+
+  /* Write data MPI into the end of data_buf. data_buf is size
+     aeswrap data.  */
+  memcpy (in, data, ndata);
+
+  if (DBG_CRYPTO)
+    log_printhex (in, data_buf_size, "ecdh encrypting  :");
+
+  err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8,
+                             in, data_buf_size);
+  memset (in, 0, data_buf_size);
+  gcry_cipher_close (hd);
+  if (err)
+    {
+      log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
+                 gpg_strerror (err));
+      xfree (data_buf);
+      return err;
+    }
+  data_buf[0] = data_buf_size+8;
+
+  if (DBG_CRYPTO)
+    log_printhex (data_buf+1, data_buf[0], "ecdh encrypted to:");
+
+  result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0]));
+  if (!result)
+    {
+      err = gpg_error_from_syserror ();
+      xfree (data_buf);
+      log_error ("ecdh failed to create an MPI: %s\n",
+                 gpg_strerror (err));
+      return err;
+    }
+
+  *r_result = result;
+  return err;
+}
+
 
 static gcry_mpi_t
-gen_k (unsigned nbits)
+gen_k (unsigned nbits, int little_endian, int is_opaque)
 {
   gcry_mpi_t k;
 
+  if (is_opaque)
+    {
+      unsigned char *p;
+      size_t nbytes = (nbits+7)/8;
+
+      p = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM);
+      if ((nbits % 8))
+        {
+          if (little_endian)
+            p[nbytes-1] &= ((1 << (nbits % 8)) - 1);
+          else
+            p[0] &= ((1 << (nbits % 8)) - 1);
+        }
+      k = gcry_mpi_set_opaque (NULL, p, nbits);
+      return k;
+    }
+
   k = gcry_mpi_snew (nbits);
   if (DBG_CRYPTO)
     log_debug ("choosing a random k of %u bits\n", nbits);
@@ -484,13 +469,21 @@ pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k)
 {
   unsigned int nbits;
   gcry_mpi_t k;
+  int is_little_endian = 0;
+  int require_opaque = 0;
+
+  if (openpgp_oid_is_cv448 (pkey[0]))
+    {
+      is_little_endian = 1;
+      require_opaque = 1;
+    }
 
   *r_k = NULL;
 
   nbits = pubkey_nbits (PUBKEY_ALGO_ECDH, pkey);
   if (!nbits)
     return gpg_error (GPG_ERR_TOO_SHORT);
-  k = gen_k (nbits);
+  k = gen_k (nbits, is_little_endian, require_opaque);
   if (!k)
     BUG ();
 
@@ -502,15 +495,97 @@ pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k)
 
 /* Perform ECDH decryption.   */
 int
-pk_ecdh_decrypt (gcry_mpi_t *result, const byte sk_fp[MAX_FINGERPRINT_LEN],
+pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
                  gcry_mpi_t data,
-                 const char *shared, size_t nshared,
-                 gcry_mpi_t *skey)
+                 const byte *shared, size_t nshared, gcry_mpi_t * skey)
 {
-  if (!data)
-    return gpg_error (GPG_ERR_BAD_MPI);
-  return pk_ecdh_encrypt_with_shared_point (0 /*=decryption*/,
-                                            shared, nshared,
-                                            sk_fp, data/*encr data as an MPI*/,
-                                            skey, result);
+  gpg_error_t err;
+  gcry_cipher_hd_t hd;
+  size_t nbytes;
+  byte *data_buf;
+  int data_buf_size;
+  byte *in;
+  const void *p;
+  unsigned int nbits;
+
+  *r_result = NULL;
+
+  err = prepare_ecdh_with_shared_point (shared, nshared, sk_fp, skey, &hd);
+  if (err)
+    return err;
+
+  p = gcry_mpi_get_opaque (data, &nbits);
+  nbytes = (nbits+7)/8;
+
+  data_buf_size = nbytes;
+  if ((data_buf_size & 7) != 1)
+    {
+      log_error ("can't use a shared secret of %d bytes for ecdh\n",
+                 data_buf_size);
+      gcry_cipher_close (hd);
+      return gpg_error (GPG_ERR_BAD_DATA);
+    }
+
+  data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
+  if (!data_buf)
+    {
+      err = gpg_error_from_syserror ();
+      gcry_cipher_close (hd);
+      return err;
+    }
+
+  if (!p)
+    {
+      xfree (data_buf);
+      gcry_cipher_close (hd);
+      return gpg_error (GPG_ERR_BAD_MPI);
+    }
+  memcpy (data_buf, p, nbytes);
+  if (data_buf[0] != nbytes-1)
+    {
+      log_error ("ecdh inconsistent size\n");
+      xfree (data_buf);
+      gcry_cipher_close (hd);
+      return gpg_error (GPG_ERR_BAD_MPI);
+    }
+  in = data_buf+data_buf_size;
+  data_buf_size = data_buf[0];
+
+  if (DBG_CRYPTO)
+    log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :");
+
+  err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
+                             data_buf_size);
+  gcry_cipher_close (hd);
+  if (err)
+    {
+      log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
+                 gpg_strerror (err));
+      xfree (data_buf);
+      return err;
+    }
+
+  data_buf_size -= 8;
+
+  if (DBG_CRYPTO)
+    log_printhex (in, data_buf_size, "ecdh decrypted to :");
+
+  /* Padding is removed later.  */
+  /* if (in[data_buf_size-1] > 8 ) */
+  /*   { */
+  /*     log_error ("ecdh failed at decryption: invalid padding." */
+  /*                " 0x%02x > 8\n", in[data_buf_size-1] ); */
+  /*     return gpg_error (GPG_ERR_BAD_KEY); */
+  /*   } */
+
+  err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
+  xfree (data_buf);
+  if (err)
+    {
+      log_error ("ecdh failed to create a plain text MPI: %s\n",
+                 gpg_strerror (err));
+      return err;
+    }
+
+  return err;
 }
diff --git a/g10/encrypt.c b/g10/encrypt.c
index a96a779..388c3db 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -1,7 +1,7 @@
 /* encrypt.c - Main encryption driver
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
  *               2006, 2009 Free Software Foundation, Inc.
- * Copyright (C) 2016, 2022 g10 Code GmbH
+ * Copyright (C) 2016 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -47,12 +47,12 @@ static int write_pubkey_enc_from_list (ctrl_t ctrl,
 
 /****************
  * Encrypt FILENAME with only the symmetric cipher.  Take input from
- * stdin if FILENAME is NULL.
+ * stdin if FILENAME is NULL.  If --force-aead is used we use an SKESK.
  */
 int
 encrypt_symmetric (const char *filename)
 {
-  return encrypt_simple( filename, 1, 0 );
+  return encrypt_simple( filename, 1, opt.force_aead);
 }
 
 
@@ -67,109 +67,178 @@ encrypt_store (const char *filename)
 }
 
 
-/* Create an setup DEK structure and print approriate warnings.  The
- * FALLBACK_TO_3DES flag is used to handle the two different ways we
- * use this code.  PK_LIST gives the list of public keys.  Always
- * returns a DEK.  The actual session needs to be added later.  */
-static DEK *
-create_dek_with_warnings (int fallback_to_3des, pk_list_t pk_list)
+/* Encrypt a session key using DEK and store a pointer to the result
+ * at R_ENCKEY and its length at R_ENCKEYLEN.
+ *
+ * R_SESKEY points to the unencrypted session key (.KEY, .KEYLEN) and
+ * the algorithm that will be used to encrypt the contents of the
+ * SKESK packet (.ALGO).  If R_SESKEY points to NULL, then a random
+ * session key that is appropriate for DEK->ALGO is generated and
+ * stored at R_SESKEY.  If AEAD_ALGO is not 0 the given AEAD algorithm
+ * is used for encryption.
+ */
+gpg_error_t
+encrypt_seskey (DEK *dek, aead_algo_t aead_algo,
+                DEK **r_seskey, void **r_enckey, size_t *r_enckeylen)
 {
-  DEK *dek;
+  gpg_error_t err;
+  gcry_cipher_hd_t hd = NULL;
+  byte *buf = NULL;
+  DEK *seskey;
 
-  dek = xmalloc_secure_clear (sizeof *dek);
-  if (!opt.def_cipher_algo)
+  *r_enckey = NULL;
+  *r_enckeylen = 0;
+
+  if (*r_seskey)
+    seskey = *r_seskey;
+  else
     {
-      /* Try to get it from the prefs.  */
-      dek->algo = select_algo_from_prefs (pk_list, PREFTYPE_SYM, -1, NULL);
-      if (dek->algo == -1 && fallback_to_3des)
+      seskey = xtrycalloc (1, sizeof(DEK));
+      if (!seskey)
         {
-          /* The only way select_algo_from_prefs can fail here is when
-           * mixing v3 and v4 keys, as v4 keys have an implicit
-           * preference entry for 3DES, and the pk_list cannot be
-           * empty.  In this case, use 3DES anyway as it's the safest
-           * choice - perhaps the v3 key is being used in an OpenPGP
-           * implementation and we know that the implementation behind
-           * any v4 key can handle 3DES. */
-          dek->algo = CIPHER_ALGO_3DES;
+          err = gpg_error_from_syserror ();
+          goto leave;
         }
-      else if (dek->algo == -1)
+      seskey->algo = dek->algo;
+      make_session_key (seskey);
+      /*log_hexdump( "thekey", c->key, c->keylen );*/
+    }
+
+
+  if (aead_algo)
+    {
+      unsigned int noncelen;
+      enum gcry_cipher_modes ciphermode;
+      byte ad[4];
+
+      err = openpgp_aead_algo_info (aead_algo, &ciphermode, &noncelen);
+      if (err)
+        goto leave;
+
+      /* Allocate space for the nonce, the key, and the authentication
+       * tag (16).  */
+      buf = xtrymalloc_secure (noncelen + seskey->keylen + 16);
+      if (!buf)
         {
-          /* Because 3DES is implicitly in the prefs, this can only
-           * happen if we do not have any public keys in the list.  */
-          dek->algo = DEFAULT_CIPHER_ALGO;
+          err = gpg_error_from_syserror ();
+          goto leave;
         }
 
-      /* In case 3DES has been selected, print a warning if any key
-       * does not have a preference for AES.  This should help to
-       * indentify why encrypting to several recipients falls back to
-       * 3DES. */
-      if (opt.verbose && dek->algo == CIPHER_ALGO_3DES)
-        warn_missing_aes_from_pklist (pk_list);
+      gcry_randomize (buf, noncelen, GCRY_STRONG_RANDOM);
+
+      err = openpgp_cipher_open (&hd, dek->algo,
+                                 ciphermode, GCRY_CIPHER_SECURE);
+      if (!err)
+        err = gcry_cipher_setkey (hd, dek->key, dek->keylen);
+      if (!err)
+        err = gcry_cipher_setiv (hd, buf, noncelen);
+      if (err)
+        goto leave;
+
+      ad[0] = (0xc0 | PKT_SYMKEY_ENC);
+      ad[1] = 5;
+      ad[2] = dek->algo;
+      ad[3] = aead_algo;
+      err = gcry_cipher_authenticate (hd, ad, 4);
+      if (err)
+        goto leave;
+
+      memcpy (buf + noncelen, seskey->key, seskey->keylen);
+      gcry_cipher_final (hd);
+      err = gcry_cipher_encrypt (hd, buf + noncelen, seskey->keylen, NULL,0);
+      if (err)
+        goto leave;
+      err = gcry_cipher_gettag (hd, buf + noncelen + seskey->keylen, 16);
+      if (err)
+        goto leave;
+      *r_enckeylen = noncelen + seskey->keylen + 16;
+      *r_enckey = buf;
+      buf = NULL;
     }
   else
     {
-      if (!opt.expert
-          && (select_algo_from_prefs (pk_list, PREFTYPE_SYM,
-                                      opt.def_cipher_algo, NULL)
-              != opt.def_cipher_algo))
+      /* In the old version 4 SKESK the encrypted session key is
+       * prefixed with a one-octet algorithm id.  */
+      buf = xtrymalloc_secure (1 + seskey->keylen);
+      if (!buf)
         {
-          log_info(_("WARNING: forcing symmetric cipher %s (%d)"
-                     " violates recipient preferences\n"),
-                   openpgp_cipher_algo_name (opt.def_cipher_algo),
-                   opt.def_cipher_algo);
+          err = gpg_error_from_syserror ();
+          goto leave;
         }
-
-      dek->algo = opt.def_cipher_algo;
+      buf[0] = seskey->algo;
+      memcpy (buf + 1, seskey->key, seskey->keylen);
+
+      err = openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1);
+      if (!err)
+        err = gcry_cipher_setkey (hd, dek->key, dek->keylen);
+      if (!err)
+        err = gcry_cipher_setiv (hd, NULL, 0);
+      if (!err)
+        err = gcry_cipher_encrypt (hd, buf, seskey->keylen + 1, NULL, 0);
+      if (err)
+        goto leave;
+      *r_enckeylen = seskey->keylen + 1;
+      *r_enckey = buf;
+      buf = NULL;
     }
 
-  return dek;
-}
+  /* Return the session key in case we allocated it.  */
+  *r_seskey = seskey;
+  seskey = NULL;
 
+ leave:
+  gcry_cipher_close (hd);
+  if (seskey != *r_seskey)
+    xfree (seskey);
+  xfree (buf);
+  return err;
+}
 
-/* *SESKEY contains the unencrypted session key ((*SESKEY)->KEY) and
-   the algorithm that will be used to encrypt the contents of the SED
-   packet ((*SESKEY)->ALGO).  If *SESKEY is NULL, then a random
-   session key that is appropriate for DEK->ALGO is generated and
-   stored there.
 
-   Encrypt that session key using DEK and store the result in ENCKEY,
-   which must be large enough to hold (*SESKEY)->KEYLEN + 1 bytes.  */
-void
-encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
+/* Return the AEAD algo if we shall use AEAD mode.  Returns 0 if AEAD
+ * shall not be used.  */
+aead_algo_t
+use_aead (pk_list_t pk_list, int algo)
 {
-  gcry_cipher_hd_t hd;
-  byte buf[33];
+  int can_use;
 
-  log_assert ( dek->keylen <= 32 );
-  if (!*seskey)
+  if (!opt.flags.rfc4880bis)
     {
-      *seskey=xmalloc_clear(sizeof(DEK));
-      (*seskey)->algo=dek->algo;
-      make_session_key(*seskey);
-      /*log_hexdump( "thekey", c->key, c->keylen );*/
+      if (opt.force_aead)
+        log_info ("Warning: Option %s currently requires option '%s'\n",
+                  "--force-aead", "--rfc4880bis");
+      return 0;
     }
 
-  /* The encrypted session key is prefixed with a one-octet algorithm id.  */
-  buf[0] = (*seskey)->algo;
-  memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
-
-  /* We only pass already checked values to the following function,
-     thus we consider any failure as fatal.  */
-  if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
-    BUG ();
-  if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
-    BUG ();
-  gcry_cipher_setiv (hd, NULL, 0);
-  gcry_cipher_encrypt (hd, buf, (*seskey)->keylen + 1, NULL, 0);
-  gcry_cipher_close (hd);
+  can_use = openpgp_cipher_get_algo_blklen (algo) == 16;
 
-  memcpy( enckey, buf, (*seskey)->keylen + 1 );
-  wipememory( buf, sizeof buf ); /* burn key */
+  /* With --force-aead we want AEAD.  */
+  if (opt.force_aead)
+    {
+      if (!can_use)
+        {
+          log_info ("Warning: request to use AEAD ignored for cipher '%s'\n",
+                    openpgp_cipher_algo_name (algo));
+          return 0;
+        }
+      return default_aead_algo ();
+    }
+
+  /* AEAD does only work with 128 bit cipher blocklength.  */
+  if (!can_use)
+    return 0;
+
+  /* Note the user which keys have no AEAD feature flag set.  */
+  if (opt.verbose)
+    warn_missing_aead_from_pklist (pk_list);
+
+  /* If all keys support AEAD we can use it.  */
+  return select_aead_from_pklist (pk_list);
 }
 
 
 /* Shall we use the MDC?  Yes - unless rfc-2440 compatibility is
- * requested.  Must return 1 or 0. */
+ * requested. */
 int
 use_mdc (pk_list_t pk_list,int algo)
 {
@@ -196,9 +265,9 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   PACKET pkt;
   PKT_plaintext *pt = NULL;
   STRING2KEY *s2k = NULL;
-  byte enckey[33];
+  void *enckey = NULL;
+  size_t enckeylen = 0;
   int rc = 0;
-  int seskeylen = 0;
   u32 filesize;
   cipher_filter_context_t cfx;
   armor_filter_context_t  *afx = NULL;
@@ -250,6 +319,8 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   cfx.dek = NULL;
   if ( mode )
     {
+      aead_algo_t aead_algo;
+
       rc = setup_symkey (&s2k, &cfx.dek);
       if (rc)
         {
@@ -269,23 +340,42 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
                       "due to the S2K mode\n"));
         }
 
+      /* See whether we want to use AEAD.  */
+      aead_algo = use_aead (NULL, cfx.dek->algo);
+
       if ( use_seskey )
         {
-          DEK *dek = NULL;  /* Dummy.  */
+          DEK *dek = NULL;
 
-          seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ());
-          encrypt_seskey( cfx.dek, &dek, enckey );
-          xfree( cfx.dek ); cfx.dek = dek;
+          rc = encrypt_seskey (cfx.dek, aead_algo, &dek, &enckey, &enckeylen);
+          if (rc)
+            {
+              xfree (cfx.dek);
+              xfree (s2k);
+              iobuf_close (inp);
+              release_progress_context (pfx);
+              return rc;
+            }
+          /* Replace key in DEK.  */
+          xfree (cfx.dek);
+          cfx.dek = dek;
         }
 
-      if (opt.verbose)
-        log_info(_("using cipher %s\n"),
-                 openpgp_cipher_algo_name (cfx.dek->algo));
+      if (aead_algo)
+        cfx.dek->use_aead = aead_algo;
+      else
+        cfx.dek->use_mdc = !!use_mdc (NULL, cfx.dek->algo);
 
-      cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo);
+      if (opt.verbose)
+        log_info(_("using cipher %s.%s\n"),
+                 openpgp_cipher_algo_name (cfx.dek->algo),
+                 cfx.dek->use_aead? openpgp_aead_algo_name (cfx.dek->use_aead)
+                 /**/             : "CFB");
     }
 
-  if (do_compress && cfx.dek && cfx.dek->use_mdc
+  if (do_compress
+      && cfx.dek
+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
       && is_file_compressed(filename, &rc))
     {
       if (opt.verbose)
@@ -310,20 +400,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 
   if ( s2k )
     {
-      PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
-      enc->version = 4;
+      /* Fixme: This is quite similar to write_symkey_enc.  */
+      PKT_symkey_enc *enc = xmalloc_clear (sizeof *enc + enckeylen);
+      enc->version = cfx.dek->use_aead ? 5 : 4;
       enc->cipher_algo = cfx.dek->algo;
+      enc->aead_algo = cfx.dek->use_aead;
       enc->s2k = *s2k;
-      if ( use_seskey && seskeylen )
+      if (enckeylen)
         {
-          enc->seskeylen = seskeylen + 1; /* algo id */
-          memcpy (enc->seskey, enckey, seskeylen + 1 );
+          enc->seskeylen = enckeylen;
+          memcpy (enc->seskey, enckey, enckeylen);
         }
       pkt.pkttype = PKT_SYMKEY_ENC;
       pkt.pkt.symkey_enc = enc;
       if ((rc = build_packet( out, &pkt )))
         log_error("build symkey packet failed: %s\n", gpg_strerror (rc) );
       xfree (enc);
+      xfree (enckey);
+      enckey = NULL;
     }
 
   if (!opt.no_literal)
@@ -380,12 +474,15 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 
   /* Register the cipher filter. */
   if (mode)
-    iobuf_push_filter ( out, cipher_filter_cfb, &cfx );
+    iobuf_push_filter (out,
+                       cfx.dek->use_aead? cipher_filter_aead
+                       /**/             : cipher_filter_cfb,
+                       &cfx );
 
   /* Register the compress filter. */
   if ( do_compress )
     {
-      if (cfx.dek && cfx.dek->use_mdc)
+      if (cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead))
         zfx.new_ctb = 1;
       push_compress_filter (out, &zfx, default_compress_algo());
     }
@@ -424,6 +521,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   if (pt)
     pt->buf = NULL;
   free_packet (&pkt, NULL);
+  xfree (enckey);
   xfree (cfx.dek);
   xfree (s2k);
   release_armor_context (afx);
@@ -440,6 +538,17 @@ setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
   int s2kdigest;
 
   defcipher = default_cipher_algo ();
+  if (openpgp_cipher_blocklen (defcipher) < 16
+      && !opt.flags.allow_old_cipher_algos)
+    {
+      log_error (_("cipher algorithm '%s' may not be used for encryption\n"),
+		 openpgp_cipher_algo_name (defcipher));
+      if (!opt.quiet)
+        log_info (_("(use option \"%s\" to override)\n"),
+                  "--allow-old-cipher-algos");
+      return gpg_error (GPG_ERR_CIPHER_ALGO);
+    }
+
   if (!gnupg_cipher_is_allowed (opt.compliance, 1, defcipher,
                                 GCRY_CIPHER_MODE_CFB))
     {
@@ -463,7 +572,7 @@ setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
   (*symkey_s2k)->hash_algo = s2kdigest;
 
   *symkey_dek = passphrase_to_dek (defcipher,
-                                   *symkey_s2k, 1, 0, NULL, 0, &canceled);
+                                   *symkey_s2k, 1, 0, NULL, &canceled);
   if (!*symkey_dek || !(*symkey_dek)->keylen)
     {
       xfree(*symkey_dek);
@@ -476,23 +585,33 @@ setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
 
 
 static int
-write_symkey_enc (STRING2KEY *symkey_s2k, DEK *symkey_dek, DEK *dek,
-                  iobuf_t out)
+write_symkey_enc (STRING2KEY *symkey_s2k, aead_algo_t aead_algo,
+                  DEK *symkey_dek, DEK *dek, iobuf_t out)
 {
-  int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo);
-
+  int rc;
+  void *enckey;
+  size_t enckeylen;
   PKT_symkey_enc *enc;
-  byte enckey[33];
   PACKET pkt;
 
-  enc=xmalloc_clear(sizeof(PKT_symkey_enc)+seskeylen+1);
-  encrypt_seskey(symkey_dek,&dek,enckey);
+  rc = encrypt_seskey (symkey_dek, aead_algo, &dek, &enckey, &enckeylen);
+  if (rc)
+    return rc;
+  enc = xtrycalloc (1, sizeof (PKT_symkey_enc) + enckeylen);
+  if (!enc)
+    {
+      rc = gpg_error_from_syserror ();
+      xfree (enckey);
+      return rc;
+    }
 
-  enc->version = 4;
+  enc->version = aead_algo? 5 : 4;
   enc->cipher_algo = opt.s2k_cipher_algo;
+  enc->aead_algo = aead_algo;
   enc->s2k = *symkey_s2k;
-  enc->seskeylen = seskeylen + 1; /* algo id */
-  memcpy( enc->seskey, enckey, seskeylen + 1 );
+  enc->seskeylen = enckeylen;
+  memcpy (enc->seskey, enckey, enckeylen);
+  xfree (enckey);
 
   pkt.pkttype = PKT_SYMKEY_ENC;
   pkt.pkt.symkey_enc = enc;
@@ -500,83 +619,11 @@ write_symkey_enc (STRING2KEY *symkey_s2k, DEK *symkey_dek, DEK *dek,
   if ((rc=build_packet(out,&pkt)))
     log_error("build symkey_enc packet failed: %s\n",gpg_strerror (rc));
 
-  xfree(enc);
+  xfree (enc);
   return rc;
 }
 
 
-/* Check whether all encryption keys are compliant with the current
- * mode and issue respective status lines.  DEK has the info about the
- * session key and PK_LIST the list of public keys.  */
-static gpg_error_t
-check_encryption_compliance (DEK *dek, pk_list_t pk_list)
-{
-  gpg_error_t err = 0;
-  pk_list_t pkr;
-  int compliant;
-
-  if (! gnupg_cipher_is_allowed (opt.compliance, 1, dek->algo,
-                                 GCRY_CIPHER_MODE_CFB))
-    {
-      log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
-		 openpgp_cipher_algo_name (dek->algo),
-		 gnupg_compliance_option_string (opt.compliance));
-      err = gpg_error (GPG_ERR_CIPHER_ALGO);
-      goto leave;
-    }
-
-  if (!gnupg_rng_is_compliant (opt.compliance))
-    {
-      err = gpg_error (GPG_ERR_FORBIDDEN);
-      log_error (_("%s is not compliant with %s mode\n"),
-                 "RNG",
-                 gnupg_compliance_option_string (opt.compliance));
-      write_status_error ("random-compliance", err);
-      goto leave;
-    }
-
-  compliant = gnupg_cipher_is_compliant (CO_DE_VS, dek->algo,
-                                         GCRY_CIPHER_MODE_CFB);
-
-  for (pkr = pk_list; pkr; pkr = pkr->next)
-    {
-      PKT_public_key *pk = pkr->pk;
-      unsigned int nbits = nbits_from_pk (pk);
-
-      if (!gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, 0,
-                                  pk->pkey, nbits, NULL))
-        log_info (_("WARNING: key %s is not suitable for encryption"
-                    " in %s mode\n"),
-                  keystr_from_pk (pk),
-                  gnupg_compliance_option_string (opt.compliance));
-
-      if (compliant
-          && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
-                                     nbits, NULL))
-        compliant = 0; /* Not compliant - reset flag.  */
-    }
-
-  /* If we are compliant print the status for de-vs compliance.  */
-  if (compliant)
-    write_status_strings (STATUS_ENCRYPTION_COMPLIANCE_MODE,
-                          gnupg_status_compliance_flag (CO_DE_VS),
-                          NULL);
-
-  /* Check whether we should fail the operation.  */
-  if (opt.flags.require_compliance
-      && opt.compliance == CO_DE_VS
-      && !compliant)
-    {
-      compliance_failure ();
-      err = gpg_error (GPG_ERR_FORBIDDEN);
-      goto leave;
-    }
-
- leave:
-  return err;
-}
-
-
 /*
  * Encrypt the file with the given userids (or ask if none is
  * supplied).  Either FILENAME or FILEFD must be given, but not both.
@@ -606,6 +653,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
   progress_filter_context_t *pfx;
   PK_LIST pk_list;
   int do_compress;
+  int compliant;
 
   if (filefd != -1 && filename)
     return gpg_error (GPG_ERR_INV_ARG);  /* Both given.  */
@@ -693,22 +741,129 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
       push_armor_filter (afx, out);
     }
 
-  /* Create a session key (a DEK). */
-  cfx.dek = create_dek_with_warnings (1, pk_list);
+  /* Create a session key. */
+  cfx.dek = xmalloc_secure_clear (sizeof *cfx.dek);
+  if (!opt.def_cipher_algo)
+    {
+      /* Try to get it from the prefs.  */
+      cfx.dek->algo = select_algo_from_prefs (pk_list, PREFTYPE_SYM, -1, NULL);
+      /* The only way select_algo_from_prefs can fail here is when
+         mixing v3 and v4 keys, as v4 keys have an implicit preference
+         entry for 3DES, and the pk_list cannot be empty.  In this
+         case, use 3DES anyway as it's the safest choice - perhaps the
+         v3 key is being used in an OpenPGP implementation and we know
+         that the implementation behind any v4 key can handle 3DES.
+         Note that we do not support v3 keys since version 2.2 so the
+         above description gives only historical background. */
+      if (cfx.dek->algo == -1)
+        {
+          /* If does not make sense to fallback to the rfc4880
+           * required 3DES if we will reject that algo later.  Thus we
+           * fallback to AES anticipating RFC4880bis rules.  */
+          if (opt.flags.allow_old_cipher_algos)
+            cfx.dek->algo = CIPHER_ALGO_3DES;
+          else
+            cfx.dek->algo = CIPHER_ALGO_AES;
+        }
 
-  /* Check compliance etc.  */
-  rc = check_encryption_compliance (cfx.dek, pk_list);
-  if (rc)
-    goto leave;
+      /* In case 3DES has been selected, print a warning if any key
+         does not have a preference for AES.  This should help to
+         identify why encrypting to several recipients falls back to
+         3DES. */
+      if (opt.verbose && cfx.dek->algo == CIPHER_ALGO_3DES)
+        warn_missing_aes_from_pklist (pk_list);
+    }
+  else
+    {
+      if (!opt.expert
+          && (select_algo_from_prefs (pk_list, PREFTYPE_SYM,
+                                      opt.def_cipher_algo, NULL)
+              != opt.def_cipher_algo))
+        {
+          log_info(_("WARNING: forcing symmetric cipher %s (%d)"
+                     " violates recipient preferences\n"),
+                   openpgp_cipher_algo_name (opt.def_cipher_algo),
+                   opt.def_cipher_algo);
+        }
 
-  cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo);
+      cfx.dek->algo = opt.def_cipher_algo;
+    }
 
-  /* Only do the is-file-already-compressed check if we are using a
-     MDC.  This forces compressed files to be re-compressed if we do
-     not have a MDC to give some protection against chosen ciphertext
-     attacks. */
+  if (openpgp_cipher_blocklen (cfx.dek->algo) < 16
+      && !opt.flags.allow_old_cipher_algos)
+    {
+      log_error (_("cipher algorithm '%s' may not be used for encryption\n"),
+		 openpgp_cipher_algo_name (cfx.dek->algo));
+      if (!opt.quiet)
+        log_info (_("(use option \"%s\" to override)\n"),
+                  "--allow-old-cipher-algos");
+      rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+      goto leave;
+    }
 
-  if (do_compress && cfx.dek->use_mdc && is_file_compressed(filename, &rc2))
+  /* Check compliance.  */
+  if (! gnupg_cipher_is_allowed (opt.compliance, 1, cfx.dek->algo,
+                                 GCRY_CIPHER_MODE_CFB))
+    {
+      log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
+		 openpgp_cipher_algo_name (cfx.dek->algo),
+		 gnupg_compliance_option_string (opt.compliance));
+      rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+      goto leave;
+    }
+
+  if (!gnupg_rng_is_compliant (opt.compliance))
+    {
+      rc = gpg_error (GPG_ERR_FORBIDDEN);
+      log_error (_("%s is not compliant with %s mode\n"),
+                 "RNG",
+                 gnupg_compliance_option_string (opt.compliance));
+      write_status_error ("random-compliance", rc);
+      goto leave;
+    }
+
+  compliant = gnupg_cipher_is_compliant (CO_DE_VS, cfx.dek->algo,
+                                         GCRY_CIPHER_MODE_CFB);
+
+  {
+    pk_list_t pkr;
+
+    for (pkr = pk_list; pkr; pkr = pkr->next)
+      {
+        PKT_public_key *pk = pkr->pk;
+        unsigned int nbits = nbits_from_pk (pk);
+
+        if (!gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, 0,
+                                    pk->pkey, nbits, NULL))
+          log_info (_("WARNING: key %s is not suitable for encryption"
+                      " in %s mode\n"),
+                    keystr_from_pk (pk),
+                    gnupg_compliance_option_string (opt.compliance));
+
+        if (compliant
+            && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
+                                       nbits, NULL))
+          compliant = 0;
+      }
+
+  }
+
+  if (compliant)
+    write_status_strings (STATUS_ENCRYPTION_COMPLIANCE_MODE,
+                          gnupg_status_compliance_flag (CO_DE_VS),
+                          NULL);
+
+  cfx.dek->use_aead = use_aead (pk_list, cfx.dek->algo);
+  if (!cfx.dek->use_aead)
+    cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
+
+  /* Only do the is-file-already-compressed check if we are using a
+   * MDC or AEAD.  This forces compressed files to be re-compressed if
+   * we do not have a MDC to give some protection against chosen
+   * ciphertext attacks. */
+  if (do_compress
+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
+      && is_file_compressed (filename, &rc2))
     {
       if (opt.verbose)
         log_info(_("'%s' already compressed\n"), filename);
@@ -729,10 +884,11 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
     goto leave;
 
   /* We put the passphrase (if any) after any public keys as this
-     seems to be the most useful on the recipient side - there is no
-     point in prompting a user for a passphrase if they have the
-     secret key needed to decrypt.  */
-  if(use_symkey && (rc = write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out)))
+   * seems to be the most useful on the recipient side - there is no
+   * point in prompting a user for a passphrase if they have the
+   * secret key needed to decrypt.  */
+  if (use_symkey && (rc = write_symkey_enc (symkey_s2k, cfx.dek->use_aead,
+                                            symkey_dek, cfx.dek, out)))
     goto leave;
 
   if (!opt.no_literal)
@@ -775,7 +931,10 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
     cfx.datalen = filesize && !do_compress ? filesize : 0;
 
   /* Register the cipher filter. */
-  iobuf_push_filter (out, cipher_filter_cfb, &cfx);
+  iobuf_push_filter (out,
+                     cfx.dek->use_aead? cipher_filter_aead
+                     /**/             : cipher_filter_cfb,
+                     &cfx);
 
   /* Register the compress filter. */
   if (do_compress)
@@ -802,7 +961,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
       /* Algo 0 means no compression. */
       if (compr_algo)
         {
-          if (cfx.dek && cfx.dek->use_mdc)
+          if (cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead))
             zfx.new_ctb = 1;
           push_compress_filter (out,&zfx,compr_algo);
         }
@@ -876,15 +1035,45 @@ encrypt_filter (void *opaque, int control,
     {
       if ( !efx->header_okay )
         {
-          efx->header_okay = 1;
-
-          efx->cfx.dek = create_dek_with_warnings (0, efx->pk_list);
-
-          rc = check_encryption_compliance (efx->cfx.dek, efx->pk_list);
-          if (rc)
-            return rc;
-
-          efx->cfx.dek->use_mdc = use_mdc (efx->pk_list,efx->cfx.dek->algo);
+          efx->cfx.dek = xmalloc_secure_clear ( sizeof *efx->cfx.dek );
+          if ( !opt.def_cipher_algo  )
+            {
+              /* Try to get it from the prefs. */
+              efx->cfx.dek->algo =
+                select_algo_from_prefs (efx->pk_list, PREFTYPE_SYM, -1, NULL);
+              if (efx->cfx.dek->algo == -1 )
+                {
+                  /* Because 3DES is implicitly in the prefs, this can
+                     only happen if we do not have any public keys in
+                     the list.  */
+                  efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+                }
+
+              /* In case 3DES has been selected, print a warning if
+                 any key does not have a preference for AES.  This
+                 should help to identify why encrypting to several
+                 recipients falls back to 3DES. */
+              if (opt.verbose
+                  && efx->cfx.dek->algo == CIPHER_ALGO_3DES)
+                warn_missing_aes_from_pklist (efx->pk_list);
+	    }
+          else
+            {
+	      if (!opt.expert
+                  && select_algo_from_prefs (efx->pk_list,PREFTYPE_SYM,
+                                             opt.def_cipher_algo,
+                                             NULL) != opt.def_cipher_algo)
+		log_info(_("forcing symmetric cipher %s (%d) "
+			   "violates recipient preferences\n"),
+			 openpgp_cipher_algo_name (opt.def_cipher_algo),
+			 opt.def_cipher_algo);
+
+	      efx->cfx.dek->algo = opt.def_cipher_algo;
+	    }
+
+          efx->cfx.dek->use_aead = use_aead (efx->pk_list, efx->cfx.dek->algo);
+          if (!efx->cfx.dek->use_aead)
+            efx->cfx.dek->use_mdc = !!use_mdc (efx->pk_list,efx->cfx.dek->algo);
 
           make_session_key ( efx->cfx.dek );
           if (DBG_CRYPTO)
@@ -897,13 +1086,18 @@ encrypt_filter (void *opaque, int control,
 
           if(efx->symkey_s2k && efx->symkey_dek)
             {
-              rc=write_symkey_enc(efx->symkey_s2k,efx->symkey_dek,
-                                  efx->cfx.dek,a);
-              if(rc)
+              rc = write_symkey_enc (efx->symkey_s2k, efx->cfx.dek->use_aead,
+                                     efx->symkey_dek, efx->cfx.dek, a);
+              if (rc)
                 return rc;
             }
 
-          iobuf_push_filter (a, cipher_filter_cfb, &efx->cfx);
+          iobuf_push_filter (a,
+                             efx->cfx.dek->use_aead? cipher_filter_aead
+                             /**/                  : cipher_filter_cfb,
+                             &efx->cfx);
+
+          efx->header_okay = 1;
         }
       rc = iobuf_write (a, buf, size);
 
@@ -962,9 +1156,11 @@ write_pubkey_enc (ctrl_t ctrl,
       if ( opt.verbose )
         {
           char *ustr = get_user_id_string_native (ctrl, enc->keyid);
-          log_info (_("%s/%s encrypted for: \"%s\"\n"),
+          log_info (_("%s/%s.%s encrypted for: \"%s\"\n"),
                     openpgp_pk_algo_name (enc->pubkey_algo),
                     openpgp_cipher_algo_name (dek->algo),
+                    dek->use_aead? openpgp_aead_algo_name (dek->use_aead)
+                    /**/         : "CFB",
                     ustr );
           xfree (ustr);
         }
@@ -988,7 +1184,7 @@ write_pubkey_enc (ctrl_t ctrl,
 static int
 write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out)
 {
-  if (opt.throw_keyids && (PGP6 || PGP7 || PGP8))
+  if (opt.throw_keyids && (PGP7 || PGP8))
     {
       log_info(_("option '%s' may not be used in %s mode\n"),
                "--throw-keyids",
diff --git a/g10/exec.c b/g10/exec.c
index bf0d8f2..f612c85 100644
--- a/g10/exec.c
+++ b/g10/exec.c
@@ -17,64 +17,29 @@
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
  */
 
-/*
-   FIXME: We should replace most code in this module by our
-   spawn implementation from common/exechelp.c.
- */
-
-
 #include <config.h>
 #include <stdlib.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#ifndef EXEC_TEMPFILE_ONLY
-#include <sys/wait.h>
-#endif
 #ifdef HAVE_DOSISH_SYSTEM
 # ifdef HAVE_WINSOCK2_H
 #  include <winsock2.h>
 # endif
 # include <windows.h>
 #endif
-#include <fcntl.h>
-#include <unistd.h>
 #include <string.h>
-#include <errno.h>
 
 #include "gpg.h"
 #include "options.h"
 #include "../common/i18n.h"
-#include "../common/iobuf.h"
-#include "../common/util.h"
-#include "../common/membuf.h"
-#include "../common/sysutils.h"
 #include "exec.h"
 
 #ifdef NO_EXEC
-int
-exec_write(struct exec_info **info,const char *program,
-	       const char *args_in,const char *name,int writeonly,int binary)
-{
-  log_error(_("no remote program execution supported\n"));
-  return GPG_ERR_GENERAL;
-}
-
-int
-exec_read(struct exec_info *info) { return GPG_ERR_GENERAL; }
-int
-exec_finish(struct exec_info *info) { return GPG_ERR_GENERAL; }
-int
-set_exec_path(const char *path) { return GPG_ERR_GENERAL; }
-
-#else /* ! NO_EXEC */
-
+int set_exec_path(const char *path) { return GPG_ERR_GENERAL; }
+#else
 #if defined (_WIN32)
 /* This is a nicer system() for windows that waits for programs to
    return before returning control to the caller.  I hate helpful
    computers. */
-static int
+int
 w32_system(const char *command)
 {
   if (!strncmp (command, "!ShellExecute ", 14))
@@ -205,501 +170,4 @@ set_exec_path(const char *path)
     return 0;
 #endif
 }
-
-/* Makes a temp directory and filenames */
-static int
-make_tempdir(struct exec_info *info)
-{
-  char *tmp=opt.temp_dir,*namein=info->name,*nameout;
-
-  if(!namein)
-    namein=info->flags.binary?"tempin" EXTSEP_S "bin":"tempin" EXTSEP_S "txt";
-
-  nameout=info->flags.binary?"tempout" EXTSEP_S "bin":"tempout" EXTSEP_S "txt";
-
-  /* Make up the temp dir and files in case we need them */
-
-  if(tmp==NULL)
-    {
-#if defined (_WIN32)
-      int err;
-
-      tmp=xmalloc(MAX_PATH+2);
-      err=GetTempPath(MAX_PATH+1,tmp);
-      if(err==0 || err>MAX_PATH+1)
-	strcpy(tmp,"c:\\windows\\temp");
-      else
-	{
-	  int len=strlen(tmp);
-
-	  /* GetTempPath may return with \ on the end */
-	  while(len>0 && tmp[len-1]=='\\')
-	    {
-	      tmp[len-1]='\0';
-	      len--;
-	    }
-	}
-#else /* More unixish systems */
-      tmp=getenv("TMPDIR");
-      if(tmp==NULL)
-	{
-	  tmp=getenv("TMP");
-	  if(tmp==NULL)
-	    {
-#ifdef __riscos__
-	      tmp="<Wimp$ScrapDir>.GnuPG";
-	      mkdir(tmp,0700); /* Error checks occur later on */
-#else
-	      tmp="/tmp";
-#endif
-	    }
-	}
-#endif
-    }
-
-  info->tempdir=xmalloc(strlen(tmp)+strlen(DIRSEP_S)+10+1);
-
-  sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
-
-#if defined (_WIN32)
-  xfree(tmp);
-#endif
-
-  if (!gnupg_mkdtemp(info->tempdir))
-    log_error(_("can't create directory '%s': %s\n"),
-	      info->tempdir,strerror(errno));
-  else
-    {
-      info->flags.madedir=1;
-
-      info->tempfile_in=xmalloc(strlen(info->tempdir)+
-				strlen(DIRSEP_S)+strlen(namein)+1);
-      sprintf(info->tempfile_in,"%s" DIRSEP_S "%s",info->tempdir,namein);
-
-      if(!info->flags.writeonly)
-	{
-	  info->tempfile_out=xmalloc(strlen(info->tempdir)+
-				     strlen(DIRSEP_S)+strlen(nameout)+1);
-	  sprintf(info->tempfile_out,"%s" DIRSEP_S "%s",info->tempdir,nameout);
-	}
-    }
-
-  return info->flags.madedir? 0 : GPG_ERR_GENERAL;
-}
-
-/* Expands %i and %o in the args to the full temp files within the
-   temp directory. */
-static int
-expand_args(struct exec_info *info,const char *args_in)
-{
-  const char *ch = args_in;
-  membuf_t command;
-
-  info->flags.use_temp_files=0;
-  info->flags.keep_temp_files=0;
-
-  if(DBG_EXTPROG)
-    log_debug("expanding string \"%s\"\n",args_in);
-
-  init_membuf (&command, 100);
-
-  while(*ch!='\0')
-    {
-      if(*ch=='%')
-	{
-	  char *append=NULL;
-
-	  ch++;
-
-	  switch(*ch)
-	    {
-	    case 'O':
-	      info->flags.keep_temp_files=1;
-	      /* fall through */
-
-	    case 'o': /* out */
-	      if(!info->flags.madedir)
-		{
-		  if(make_tempdir(info))
-		    goto fail;
-		}
-	      append=info->tempfile_out;
-	      info->flags.use_temp_files=1;
-	      break;
-
-	    case 'I':
-	      info->flags.keep_temp_files=1;
-	      /* fall through */
-
-	    case 'i': /* in */
-	      if(!info->flags.madedir)
-		{
-		  if(make_tempdir(info))
-		    goto fail;
-		}
-	      append=info->tempfile_in;
-	      info->flags.use_temp_files=1;
-	      break;
-
-	    case '%':
-	      append="%";
-	      break;
-	    }
-
-	  if(append)
-            put_membuf_str (&command, append);
-	}
-      else
-        put_membuf (&command, ch, 1);
-
-      ch++;
-    }
-
-  put_membuf (&command, "", 1);  /* Terminate string.  */
-
-  info->command = get_membuf (&command, NULL);
-  if (!info->command)
-    return gpg_error_from_syserror ();
-
-  if(DBG_EXTPROG)
-    log_debug("args expanded to \"%s\", use %u, keep %u\n",info->command,
-	      info->flags.use_temp_files,info->flags.keep_temp_files);
-
-  return 0;
-
- fail:
-  xfree (get_membuf (&command, NULL));
-  return GPG_ERR_GENERAL;
-}
-
-/* Either handles the tempfile creation, or the fork/exec.  If it
-   returns ok, then info->tochild is a FILE * that can be written to.
-   The rules are: if there are no args, then it's a fork/exec/pipe.
-   If there are args, but no tempfiles, then it's a fork/exec/pipe via
-   shell -c.  If there are tempfiles, then it's a system. */
-
-int
-exec_write(struct exec_info **info,const char *program,
-           const char *args_in,const char *name,int writeonly,int binary)
-{
-  int ret = GPG_ERR_GENERAL;
-
-  if(opt.exec_disable && !opt.no_perm_warn)
-    {
-      log_info(_("external program calls are disabled due to unsafe "
-		 "options file permissions\n"));
-
-      return ret;
-    }
-
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-  /* There should be no way to get to this spot while still carrying
-     setuid privs.  Just in case, bomb out if we are. */
-  if ( getuid () != geteuid ())
-    BUG ();
-#endif
-
-  if(program==NULL && args_in==NULL)
-    BUG();
-
-  *info=xmalloc_clear(sizeof(struct exec_info));
-
-  if(name)
-    (*info)->name=xstrdup(name);
-  (*info)->flags.binary=binary;
-  (*info)->flags.writeonly=writeonly;
-
-  /* Expand the args, if any */
-  if(args_in && expand_args(*info,args_in))
-    goto fail;
-
-#ifdef EXEC_TEMPFILE_ONLY
-  if(!(*info)->flags.use_temp_files)
-    {
-      log_error(_("this platform requires temporary files when calling"
-		  " external programs\n"));
-      goto fail;
-    }
-
-#else /* !EXEC_TEMPFILE_ONLY */
-
-  /* If there are no args, or there are args, but no temp files, we
-     can use fork/exec/pipe */
-  if(args_in==NULL || (*info)->flags.use_temp_files==0)
-    {
-      int to[2],from[2];
-
-      if(pipe(to)==-1)
-	goto fail;
-
-      if(pipe(from)==-1)
-	{
-	  close(to[0]);
-	  close(to[1]);
-	  goto fail;
-	}
-
-      if(((*info)->child=fork())==-1)
-	{
-	  close(to[0]);
-	  close(to[1]);
-	  close(from[0]);
-	  close(from[1]);
-	  goto fail;
-	}
-
-      if((*info)->child==0)
-	{
-	  char *shell=getenv("SHELL");
-
-	  if(shell==NULL)
-	    shell="/bin/sh";
-
-	  /* I'm the child */
-
-	  /* If the program isn't going to respond back, they get to
-             keep their stdout/stderr */
-	  if(!(*info)->flags.writeonly)
-	    {
-	      /* implied close of STDERR */
-	      if(dup2(STDOUT_FILENO,STDERR_FILENO)==-1)
-		_exit(1);
-
-	      /* implied close of STDOUT */
-	      close(from[0]);
-	      if(dup2(from[1],STDOUT_FILENO)==-1)
-		_exit(1);
-	    }
-
-	  /* implied close of STDIN */
-	  close(to[1]);
-	  if(dup2(to[0],STDIN_FILENO)==-1)
-	    _exit(1);
-
-	  if(args_in==NULL)
-	    {
-	      if(DBG_EXTPROG)
-		log_debug("execlp: %s\n",program);
-
-	      execlp(program,program,(void *)NULL);
-	    }
-	  else
-	    {
-	      if(DBG_EXTPROG)
-		log_debug("execlp: %s -c %s\n",shell,(*info)->command);
-
-	      execlp(shell,shell,"-c",(*info)->command,(void *)NULL);
-	    }
-
-	  /* If we get this far the exec failed.  Clean up and return. */
-
-	  if(args_in==NULL)
-	    log_error(_("unable to execute program '%s': %s\n"),
-		      program,strerror(errno));
-	  else
-	    log_error(_("unable to execute shell '%s': %s\n"),
-		      shell,strerror(errno));
-
-	  /* This mimics the POSIX sh behavior - 127 means "not found"
-             from the shell. */
-	  if(errno==ENOENT)
-	    _exit(127);
-
-	  _exit(1);
-	}
-
-      /* I'm the parent */
-
-      close(to[0]);
-
-      (*info)->tochild=fdopen(to[1],binary?"wb":"w");
-      if((*info)->tochild==NULL)
-	{
-          ret = gpg_error_from_syserror ();
-	  close(to[1]);
-	  goto fail;
-	}
-
-      close(from[1]);
-
-      (*info)->fromchild=iobuf_fdopen(from[0],"r");
-      if((*info)->fromchild==NULL)
-	{
-          ret = gpg_error_from_syserror ();
-	  close(from[0]);
-	  goto fail;
-	}
-
-      /* fd iobufs are cached! */
-      iobuf_ioctl((*info)->fromchild, IOBUF_IOCTL_NO_CACHE, 1, NULL);
-
-      return 0;
-    }
-#endif /* !EXEC_TEMPFILE_ONLY */
-
-  if(DBG_EXTPROG)
-    log_debug("using temp file '%s'\n",(*info)->tempfile_in);
-
-  /* It's not fork/exec/pipe, so create a temp file */
-  if( is_secured_filename ((*info)->tempfile_in) )
-    {
-      (*info)->tochild = NULL;
-      gpg_err_set_errno (EPERM);
-    }
-  else
-    (*info)->tochild = gnupg_fopen ((*info)->tempfile_in,binary?"wb":"w");
-  if((*info)->tochild==NULL)
-    {
-      ret = gpg_error_from_syserror ();
-      log_error(_("can't create '%s': %s\n"),
-		(*info)->tempfile_in,strerror(errno));
-      goto fail;
-    }
-
-  ret=0;
-
- fail:
-  if (ret)
-    {
-      xfree (*info);
-      *info = NULL;
-    }
-  return ret;
-}
-
-int
-exec_read(struct exec_info *info)
-{
-  int ret = GPG_ERR_GENERAL;
-
-  fclose(info->tochild);
-  info->tochild=NULL;
-
-  if(info->flags.use_temp_files)
-    {
-      if(DBG_EXTPROG)
-	log_debug ("running command: %s\n",info->command);
-
-#if defined (_WIN32)
-      info->progreturn=w32_system(info->command);
-#else
-      info->progreturn=system(info->command);
-#endif
-
-      if(info->progreturn==-1)
-	{
-	  log_error(_("system error while calling external program: %s\n"),
-		    strerror(errno));
-	  info->progreturn=127;
-	  goto fail;
-	}
-
-#if defined(WIFEXITED) && defined(WEXITSTATUS)
-      if(WIFEXITED(info->progreturn))
-	info->progreturn=WEXITSTATUS(info->progreturn);
-      else
-	{
-	  log_error(_("unnatural exit of external program\n"));
-	  info->progreturn=127;
-	  goto fail;
-	}
-#else
-      /* If we don't have the macros, do the best we can. */
-      info->progreturn = (info->progreturn & 0xff00) >> 8;
-#endif
-
-      /* 127 is the magic value returned from system() to indicate
-         that the shell could not be executed, or from /bin/sh to
-         indicate that the program could not be executed. */
-
-      if(info->progreturn==127)
-	{
-	  log_error(_("unable to execute external program\n"));
-	  goto fail;
-	}
-
-      if(!info->flags.writeonly)
-	{
-	  info->fromchild=iobuf_open(info->tempfile_out);
-          if (info->fromchild
-              && is_secured_file (iobuf_get_fd (info->fromchild)))
-            {
-              iobuf_close (info->fromchild);
-              info->fromchild = NULL;
-              gpg_err_set_errno (EPERM);
-            }
-	  if(info->fromchild==NULL)
-	    {
-              ret = gpg_error_from_syserror ();
-	      log_error(_("unable to read external program response: %s\n"),
-			strerror(errno));
-	      goto fail;
-	    }
-
-	  /* Do not cache this iobuf on close */
-	  iobuf_ioctl(info->fromchild, IOBUF_IOCTL_NO_CACHE, 1, NULL);
-	}
-    }
-
-  ret=0;
-
- fail:
-  return ret;
-}
-
-int
-exec_finish(struct exec_info *info)
-{
-  int ret=info->progreturn;
-
-  if(info->fromchild)
-    iobuf_close(info->fromchild);
-
-  if(info->tochild)
-    fclose(info->tochild);
-
-#ifndef EXEC_TEMPFILE_ONLY
-  if(info->child>0)
-    {
-      if(waitpid(info->child,&info->progreturn,0)!=0 &&
-	 WIFEXITED(info->progreturn))
-	ret=WEXITSTATUS(info->progreturn);
-      else
-	{
-	  log_error(_("unnatural exit of external program\n"));
-	  ret=127;
-	}
-    }
-#endif
-
-  if(info->flags.madedir && !info->flags.keep_temp_files)
-    {
-      if(info->tempfile_in)
-	{
-	  if(unlink(info->tempfile_in)==-1)
-	    log_info(_("WARNING: unable to remove tempfile (%s) '%s': %s\n"),
-		     "in",info->tempfile_in,strerror(errno));
-	}
-
-      if(info->tempfile_out)
-	{
-	  if(unlink(info->tempfile_out)==-1)
-	    log_info(_("WARNING: unable to remove tempfile (%s) '%s': %s\n"),
-		     "out",info->tempfile_out,strerror(errno));
-	}
-
-      if(rmdir(info->tempdir)==-1)
-	log_info(_("WARNING: unable to remove temp directory '%s': %s\n"),
-		 info->tempdir,strerror(errno));
-    }
-
-  xfree(info->command);
-  xfree(info->name);
-  xfree(info->tempdir);
-  xfree(info->tempfile_in);
-  xfree(info->tempfile_out);
-  xfree(info);
-
-  return ret;
-}
 #endif /* ! NO_EXEC */
diff --git a/g10/exec.h b/g10/exec.h
index 1cb1c72..6b24d1c 100644
--- a/g10/exec.h
+++ b/g10/exec.h
@@ -20,32 +20,7 @@
 #ifndef _EXEC_H_
 #define _EXEC_H_
 
-#include <unistd.h>
-#include <stdio.h>
-
-#include "../common/iobuf.h"
-
-struct exec_info
-{
-  int progreturn;
-  struct
-  {
-    unsigned int binary:1;
-    unsigned int writeonly:1;
-    unsigned int madedir:1;
-    unsigned int use_temp_files:1;
-    unsigned int keep_temp_files:1;
-  } flags;
-  pid_t child;
-  FILE *tochild;
-  iobuf_t fromchild;
-  char *command,*name,*tempdir,*tempfile_in,*tempfile_out;
-};
-
-int exec_write(struct exec_info **info,const char *program,
-	       const char *args_in,const char *name,int writeonly,int binary);
-int exec_read(struct exec_info *info);
-int exec_finish(struct exec_info *info);
 int set_exec_path(const char *path);
+int w32_system(const char *command);
 
 #endif /* !_EXEC_H_ */
diff --git a/g10/expand-group.c b/g10/expand-group.c
new file mode 100644
index 0000000..ec9c8a2
--- /dev/null
+++ b/g10/expand-group.c
@@ -0,0 +1,88 @@
+/* expand-group.c - expand GPG group definitions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "keydb.h"
+
+int
+expand_id (const char *id, strlist_t *into, unsigned int flags)
+{
+  struct groupitem *groups;
+  int count=0;
+
+  for (groups = opt.grouplist; groups; groups=groups->next)
+    {
+      /* need strcasecmp() here, as this should be localized */
+      if (strcasecmp (groups->name,id) == 0)
+	 {
+	   strlist_t each,sl;
+
+	   /* This maintains the current utf8-ness */
+	   for (each = groups->values; each; each=each->next)
+	     {
+	       sl = add_to_strlist (into, each->d);
+	       sl->flags = flags;
+	       count++;
+	     }
+
+	   break;
+	 }
+    }
+
+  return count;
+}
+
+/* For simplicity, and to avoid potential loops, we only expand once -
+ * you can't make an alias that points to an alias.  If PREPEND_INPUT
+ * is true each item from INPUT is prepended to the new list; if it is
+ * false the original item from INPUT is only added if no group
+ * existed for it. */
+strlist_t
+expand_group (strlist_t input, int prepend_input)
+{
+  strlist_t output = NULL;
+  strlist_t sl, rover;
+
+  for (rover = input; rover; rover = rover->next)
+    {
+      if ((rover->flags & PK_LIST_FROM_FILE))
+        continue;
+      if (!expand_id (rover->d, &output, rover->flags))
+        {
+          /* Didn't find any groups, so use the existing string unless
+           * we will anyway add it due to the prepend flag.  */
+          if (!prepend_input)
+            {
+              sl = add_to_strlist (&output, rover->d);
+              sl->flags = rover->flags;
+            }
+        }
+      if (prepend_input)
+        {
+          sl = add_to_strlist (&output, rover->d);
+          sl->flags = rover->flags;
+        }
+    }
+
+  return output;
+}
diff --git a/g10/export.c b/g10/export.c
index e98af59..98c4623 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -42,6 +42,7 @@
 #include "trustdb.h"
 #include "call-agent.h"
 #include "key-clean.h"
+#include "pkglue.h"
 
 
 /* An object to keep track of subkeys. */
@@ -92,10 +93,9 @@ static int do_export_stream (ctrl_t ctrl, iobuf_t out,
                              strlist_t users, int secret,
                              kbnode_t *keyblock_out, unsigned int options,
 			     export_stats_t stats, int *any);
-static gpg_error_t print_pka_or_dane_records
+static gpg_error_t print_dane_records
 /**/                 (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
-                      const void *data, size_t datalen,
-                      int print_pka, int print_dane);
+                      const void *data, size_t datalen);
 
 
 static void
@@ -108,7 +108,7 @@ cleanup_export_globals (void)
 }
 
 
-/* Option parser for export options.  See parse_options fro
+/* Option parser for export options.  See parse_options for
    details.  */
 int
 parse_export_options(char *str,unsigned int *options,int noisy)
@@ -126,7 +126,6 @@ parse_export_options(char *str,unsigned int *options,int noisy)
       {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
        N_("remove as much as possible from key during export")},
 
-      {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
       {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
 
       {"backup", EXPORT_BACKUP, NULL,
@@ -147,14 +146,18 @@ parse_export_options(char *str,unsigned int *options,int noisy)
   int rc;
 
   rc = parse_options (str, options, export_opts, noisy);
-  if (rc && (*options & EXPORT_BACKUP))
+  if (!rc)
+    return 0;
+
+  /* Alter other options we want or don't want for restore.  */
+  if ((*options & EXPORT_BACKUP))
     {
-      /* Alter other options we want or don't want for restore.  */
       *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
                    | EXPORT_SENSITIVE_REVKEYS);
       *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
-                    | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
+                    | EXPORT_DANE_FORMAT);
     }
+
   return rc;
 }
 
@@ -408,7 +411,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options,
   if (rc)
     return rc;
 
-  if ( opt.armor && !(options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT)) )
+  if ( opt.armor && !(options & EXPORT_DANE_FORMAT) )
     {
       afx = new_armor_context ();
       afx->what = secret? 5 : 1;
@@ -493,10 +496,8 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node)
       keyid_from_pk (node->pkt->pkt.public_key, kid);
       break;
 
-    case KEYDB_SEARCH_MODE_FPR16:
-    case KEYDB_SEARCH_MODE_FPR20:
     case KEYDB_SEARCH_MODE_FPR:
-      fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
+      fingerprint_from_pk (node->pkt->pkt.public_key, fpr, &fprlen);
       break;
 
     default:
@@ -515,14 +516,8 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node)
         result = 1;
       break;
 
-    case KEYDB_SEARCH_MODE_FPR16:
-      if (!memcmp (desc->u.fpr, fpr, 16))
-        result = 1;
-      break;
-
-    case KEYDB_SEARCH_MODE_FPR20:
     case KEYDB_SEARCH_MODE_FPR:
-      if (!memcmp (desc->u.fpr, fpr, 20))
+      if (fprlen == desc->fprlen && !memcmp (desc->u.fpr, fpr, desc->fprlen))
         result = 1;
       break;
 
@@ -567,6 +562,8 @@ match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk)
       log_error ("no curve name\n");
       return gpg_error (GPG_ERR_UNKNOWN_CURVE);
     }
+  if (!strcmp (curve_str, "Ed448"))
+    is_eddsa = 1;
   oidstr = openpgp_curve_to_oid (curve_str, NULL, NULL);
   if (!oidstr)
     {
@@ -606,7 +603,7 @@ match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk)
 }
 
 
-/* Return a canonicalized public key algoithms.  This is used to
+/* Return a canonicalized public key algorithms.  This is used to
    compare different flavors of algorithms (e.g. ELG and ELG_E are
    considered the same).  */
 static enum gcry_pk_algos
@@ -750,10 +747,8 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
       err = match_curve_skey_pk (key, pk);
       if (err)
         goto leave;
-      if (!err)
-        err = gcry_sexp_extract_param (key, NULL, "q",
-                                       &pub_params[0],
-                                       NULL);
+      else
+        err = sexp_extract_param_sos (key, "q", &pub_params[0]);
       if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0])))
         err = gpg_error (GPG_ERR_BAD_PUBKEY);
 
@@ -764,9 +759,7 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
         {
           gcry_mpi_release (pk->pkey[sec_start]);
           pk->pkey[sec_start] = NULL;
-          err = gcry_sexp_extract_param (key, NULL, "d",
-                                         &pk->pkey[sec_start],
-                                         NULL);
+          err = sexp_extract_param_sos (key, "d", &pk->pkey[sec_start]);
         }
 
       if (!err)
@@ -978,15 +971,31 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
       value = gcry_sexp_nth_data (list, ++idx, &valuelen);
       if (!value || !valuelen)
         goto bad_seckey;
-      if (is_enc)
+      if (is_enc
+          || pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+          || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+          || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
         {
-          void *p = xtrymalloc (valuelen);
-          if (!p)
-            goto outofmem;
-          memcpy (p, value, valuelen);
-          skey[skeyidx] = gcry_mpi_set_opaque (NULL, p, valuelen*8);
+          unsigned int nbits = valuelen*8;
+          const unsigned char *p = value;
+
+          if (*p && nbits >= 8 && !(*p & 0x80))
+            if (--nbits >= 7 && !(*p & 0x40))
+              if (--nbits >= 6 && !(*p & 0x20))
+                if (--nbits >= 5 && !(*p & 0x10))
+                  if (--nbits >= 4 && !(*p & 0x08))
+                    if (--nbits >= 3 && !(*p & 0x04))
+                      if (--nbits >= 2 && !(*p & 0x02))
+                        if (--nbits >= 1 && !(*p & 0x01))
+                          --nbits;
+
+          skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, nbits);
           if (!skey[skeyidx])
             goto outofmem;
+          if (is_enc)
+            gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
+          else
+            gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER2);
         }
       else
         {
@@ -1028,11 +1037,11 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   /* log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); */
   /* log_debug ("XXX is_protected=%d\n", is_protected); */
   /* log_debug ("XXX protect_algo=%d\n", protect_algo); */
-  /* log_printhex (iv, ivlen, "XXX iv"); */
+  /* log_printhex ("XXX iv", iv, ivlen); */
   /* log_debug ("XXX ivlen=%d\n", ivlen); */
   /* log_debug ("XXX s2k_mode=%d\n", s2k_mode); */
   /* log_debug ("XXX s2k_algo=%d\n", s2k_algo); */
-  /* log_printhex (s2k_salt, sizeof s2k_salt, "XXX s2k_salt"); */
+  /* log_printhex ("XXX s2k_salt", s2k_salt, sizeof s2k_salt); */
   /* log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); */
   /* for (idx=0; skey[idx]; idx++) */
   /*   { */
@@ -1043,7 +1052,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   /*         void *p; */
   /*         unsigned int nbits; */
   /*         p = gcry_mpi_get_opaque (skey[idx], &nbits); */
-  /*         log_printhex ( p, (nbits+7)/8, NULL); */
+  /*         log_printhex (NULL, p, (nbits+7)/8); */
   /*       } */
   /*     else */
   /*       gcry_mpi_dump (skey[idx]); */
@@ -1110,7 +1119,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
       /*         void *p; */
       /*         unsigned int nbits; */
       /*         p = gcry_mpi_get_opaque (skey[idx], &nbits); */
-      /*         log_printhex (p, (nbits+7)/8, NULL); */
+      /*         log_printhex (NULL, p, (nbits+7)/8); */
       /*       } */
       /*     else */
       /*       gcry_mpi_dump (skey[idx]); */
@@ -1144,7 +1153,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   /* Check that the first secret key parameter in SKEY is encrypted
      and that there are no more secret key parameters.  The latter is
      guaranteed by the v4 packet format.  */
-  if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE))
+  if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_USER1))
     goto bad_seckey;
   if (npkey+1 < DIM (skey) && skey[npkey+1])
     goto bad_seckey;
@@ -1224,7 +1233,7 @@ print_status_exported (PKT_public_key *pk)
  * passphrase-protected.  Otherwise, store secret key material in the
  * clear.
  *
- * CACHE_NONCE_ADDR is used to share nonce for multple key retrievals.
+ * CACHE_NONCE_ADDR is used to share nonce for multiple key retrievals.
  */
 gpg_error_t
 receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
@@ -1323,7 +1332,7 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor,
   if (opt.verbose)
     log_info (_("writing to '%s'\n"), iobuf_get_fname_nonnull (out));
 
-  if ((options & (EXPORT_PKA_FORMAT|EXPORT_DANE_FORMAT)))
+  if ((options & EXPORT_DANE_FORMAT))
     {
       with_armor = 0;
       out_help = iobuf_temp ();
@@ -1360,7 +1369,7 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor,
     }
   err = 0;
 
-  if (out_help && pk)
+  if (out_help && pk && (options & EXPORT_DANE_FORMAT))
     {
       const void *data;
       size_t datalen;
@@ -1369,10 +1378,7 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor,
       data = iobuf_get_temp_buffer (out_help);
       datalen = iobuf_get_temp_length (out_help);
 
-      err = print_pka_or_dane_records (out,
-                                       keyblock, pk, data, datalen,
-                                       (options & EXPORT_PKA_FORMAT),
-                                       (options & EXPORT_DANE_FORMAT));
+      err = print_dane_records (out, keyblock, pk, data, datalen);
     }
 
  leave:
@@ -1463,13 +1469,12 @@ apply_drop_subkey_filter (ctrl_t ctrl, kbnode_t keyblock,
 }
 
 
-/* Print DANE or PKA records for all user IDs in KEYBLOCK to OUT.  The
- * data for the record is taken from (DATA,DATELEN).  PK is the public
- * key packet with the primary key. */
+/* Print DANErecords for all user IDs in KEYBLOCK to OUT.  The data
+ * for the record is taken from (DATA,DATELEN).  PK is the public key
+ * packet with the primary key. */
 static gpg_error_t
-print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
-                           const void *data, size_t datalen,
-                           int print_pka, int print_dane)
+print_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
+                    const void *data, size_t datalen)
 {
   gpg_error_t err = 0;
   kbnode_t kbctx, node;
@@ -1514,32 +1519,14 @@ print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk,
         continue;
 
       xfree (mbox);
-      mbox = mailbox_from_userid (uid->name);
+      mbox = mailbox_from_userid (uid->name, 0);
       if (!mbox)
         continue;
 
       domain = strchr (mbox, '@');
       *domain++ = 0;
 
-      if (print_pka)
-        {
-          es_fprintf (fp, "$ORIGIN _pka.%s.\n; %s\n; ", domain, hexfpr);
-          print_utf8_buffer (fp, uid->name, uid->len);
-          es_putc ('\n', fp);
-          gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
-          xfree (hash);
-          hash = zb32_encode (hashbuf, 8*20);
-          if (!hash)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          len = strlen (hexfpr)/2;
-          es_fprintf (fp, "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n\n",
-                      hash, 6 + len, len, hexfpr);
-        }
-
-      if (print_dane && hexdata)
+      if (1)
         {
           es_fprintf (fp, "$ORIGIN _openpgpkey.%s.\n; %s\n; ", domain, hexfpr);
           print_utf8_buffer (fp, uid->name, uid->len);
@@ -1628,7 +1615,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
       if (node->pkt->pkttype == PKT_COMMENT)
         continue;
 
-      /* Skip ring trust packets - they should not ne here anyway.  */
+      /* Skip ring trust packets - they should not be here anyway.  */
       if (node->pkt->pkttype == PKT_RING_TRUST)
         continue;
 
@@ -1814,6 +1801,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
                 {
                   if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
                     goto leave;
+                  write_status_error ("export_keys.secret", err);
                   skip_until_subkey = 1;
                   err = 0;
                 }
@@ -1914,17 +1902,16 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
     stats = &dummystats;
   *any = 0;
   init_packet (&pkt);
-  kdbhd = keydb_new ();
+  kdbhd = keydb_new (ctrl);
   if (!kdbhd)
     return gpg_error_from_syserror ();
 
-  /* For the PKA and DANE format open a helper iobuf and for DANE
+  /* For the DANE format open a helper iobuf and
    * enforce some options.  */
-  if ((options & (EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT)))
+  if ((options & EXPORT_DANE_FORMAT))
     {
       out_help = iobuf_temp ();
-      if ((options & EXPORT_DANE_FORMAT))
-        options |= EXPORT_MINIMAL | EXPORT_CLEAN;
+      options |= EXPORT_MINIMAL | EXPORT_CLEAN;
     }
 
   if (!users)
@@ -2098,9 +2085,9 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
           break;
         }
 
-      if (out_help)
+      if (out_help && (options & EXPORT_DANE_FORMAT))
         {
-          /* We want to write PKA or DANE records.  OUT_HELP has the
+          /* We want to write DANE records.  OUT_HELP has the
            * keyblock and we print a record for each uid to OUT. */
           const void *data;
           size_t datalen;
@@ -2109,10 +2096,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
           data = iobuf_get_temp_buffer (out_help);
           datalen = iobuf_get_temp_length (out_help);
 
-          err = print_pka_or_dane_records (out,
-                                           keyblock, pk, data, datalen,
-                                           (options & EXPORT_PKA_FORMAT),
-                                           (options & EXPORT_DANE_FORMAT));
+          err = print_dane_records (out, keyblock, pk, data, datalen);
           if (err)
             goto leave;
 
@@ -2161,24 +2145,157 @@ key_to_sshblob (membuf_t *mb, const char *identifier, ...)
   va_start (arg_ptr, identifier);
   while ((a = va_arg (arg_ptr, gcry_mpi_t)))
     {
-      err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
-      if (err)
-        break;
-      if (!strcmp (identifier, "ssh-ed25519")
-          && buflen > 5 && buf[4] == 0x40)
+      if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
         {
-          /* We need to strip our 0x40 prefix.  */
-          put_membuf (mb, "\x00\x00\x00\x20", 4);
-          put_membuf (mb, buf+5, buflen-5);
+          unsigned int nbits;
+          const unsigned char *p;
+
+          p = gcry_mpi_get_opaque (a, &nbits);
+          buflen = (nbits + 7) / 8;
+
+          if (!strcmp (identifier, "ssh-ed25519")
+              && buflen > 1 && p[0] == 0x40)
+            {
+              /* We need to strip our 0x40 prefix.  */
+              put_membuf (mb, "\x00\x00\x00\x20", 4);
+              put_membuf (mb, p+1, buflen-1);
+            }
+          else
+            {
+              unsigned char c;
+
+              c = buflen >> 24;
+              put_membuf (mb, &c, 1);
+              c = buflen >> 16;
+              put_membuf (mb, &c, 1);
+              c = buflen >> 8;
+              put_membuf (mb, &c, 1);
+              c = buflen;
+              put_membuf (mb, &c, 1);
+              put_membuf (mb, p, buflen);
+            }
         }
       else
-        put_membuf (mb, buf, buflen);
-      gcry_free (buf);
+        {
+          err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
+          if (err)
+            break;
+          put_membuf (mb, buf, buflen);
+          gcry_free (buf);
+        }
     }
   va_end (arg_ptr);
   return err;
 }
 
+
+static gpg_error_t
+export_one_ssh_key (estream_t fp, PKT_public_key *pk)
+{
+  gpg_error_t err;
+  const char *identifier = NULL;
+  membuf_t mb;
+  void *blob;
+  size_t bloblen;
+
+  init_membuf (&mb, 4096);
+
+  switch (pk->pubkey_algo)
+    {
+    case PUBKEY_ALGO_DSA:
+      identifier = "ssh-dss";
+      err = key_to_sshblob (&mb, identifier,
+                            pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3],
+                            NULL);
+      break;
+
+    case PUBKEY_ALGO_RSA:
+    case PUBKEY_ALGO_RSA_S:
+      identifier = "ssh-rsa";
+      err = key_to_sshblob (&mb, identifier, pk->pkey[1], pk->pkey[0], NULL);
+      break;
+
+    case PUBKEY_ALGO_ECDSA:
+      {
+        char *curveoid;
+        const char *curve;
+
+        curveoid = openpgp_oid_to_str (pk->pkey[0]);
+        if (!curveoid)
+          err = gpg_error_from_syserror ();
+        else if (!(curve = openpgp_oid_to_curve (curveoid, 0)))
+          err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+        else
+          {
+            if (!strcmp (curve, "nistp256"))
+              identifier = "ecdsa-sha2-nistp256";
+            else if (!strcmp (curve, "nistp384"))
+              identifier = "ecdsa-sha2-nistp384";
+            else if (!strcmp (curve, "nistp521"))
+              identifier = "ecdsa-sha2-nistp521";
+
+            if (!identifier)
+              err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+            else
+              err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
+          }
+        xfree (curveoid);
+      }
+      break;
+
+    case PUBKEY_ALGO_EDDSA:
+      if (openpgp_oid_is_ed25519 (pk->pkey[0]))
+        {
+          identifier = "ssh-ed25519";
+          err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
+        }
+      else if (openpgp_oid_is_ed448 (pk->pkey[0]))
+        {
+          identifier = "ssh-ed448";
+          err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
+        }
+      else
+        err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+      break;
+
+    case PUBKEY_ALGO_ELGAMAL_E:
+    case PUBKEY_ALGO_ELGAMAL:
+      err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
+      break;
+
+    default:
+      err = GPG_ERR_PUBKEY_ALGO;
+      break;
+    }
+
+  if (err)
+    goto leave;
+
+  blob = get_membuf (&mb, &bloblen);
+  if (blob)
+    {
+      struct b64state b64_state;
+
+      es_fprintf (fp, "%s ", identifier);
+      err = b64enc_start_es (&b64_state, fp, "");
+      if (err)
+        {
+          xfree (blob);
+          goto leave;
+        }
+
+      err = b64enc_write (&b64_state, blob, bloblen);
+      b64enc_finish (&b64_state);
+
+      es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL));
+      xfree (blob);
+    }
+
+ leave:
+  xfree (get_membuf (&mb, NULL));
+  return err;
+}
+
 /* Export the key identified by USERID in the SSH public key format.
    The function exports the latest subkey with Authentication
    capability unless the '!' suffix is used to export a specific
@@ -2193,14 +2310,9 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
   u32 curtime = make_timestamp ();
   kbnode_t latest_key, node;
   PKT_public_key *pk;
-  const char *identifier = NULL;
-  membuf_t mb;
   estream_t fp = NULL;
-  struct b64state b64_state;
   const char *fname = "-";
 
-  init_membuf (&mb, 4096);
-
   /* We need to know whether the key has been specified using the
      exact syntax ('!' suffix).  Thus we need to run a
      classify_user_id on our own.  */
@@ -2356,72 +2468,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
   if (DBG_LOOKUP)
     log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (pk, NULL));
 
-  switch (pk->pubkey_algo)
-    {
-    case PUBKEY_ALGO_DSA:
-      identifier = "ssh-dss";
-      err = key_to_sshblob (&mb, identifier,
-                            pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3],
-                            NULL);
-      break;
-
-    case PUBKEY_ALGO_RSA:
-    case PUBKEY_ALGO_RSA_S:
-      identifier = "ssh-rsa";
-      err = key_to_sshblob (&mb, identifier, pk->pkey[1], pk->pkey[0], NULL);
-      break;
-
-    case PUBKEY_ALGO_ECDSA:
-      {
-        char *curveoid;
-        const char *curve;
-
-        curveoid = openpgp_oid_to_str (pk->pkey[0]);
-        if (!curveoid)
-          err = gpg_error_from_syserror ();
-        else if (!(curve = openpgp_oid_to_curve (curveoid, 0)))
-          err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
-        else
-          {
-            if (!strcmp (curve, "nistp256"))
-              identifier = "ecdsa-sha2-nistp256";
-            else if (!strcmp (curve, "nistp384"))
-              identifier = "ecdsa-sha2-nistp384";
-            else if (!strcmp (curve, "nistp521"))
-              identifier = "ecdsa-sha2-nistp521";
-
-            if (!identifier)
-              err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
-            else
-              err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
-          }
-        xfree (curveoid);
-      }
-      break;
-
-    case PUBKEY_ALGO_EDDSA:
-      if (!openpgp_oid_is_ed25519 (pk->pkey[0]))
-        err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
-      else
-        {
-          identifier = "ssh-ed25519";
-          err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL);
-        }
-      break;
-
-    case PUBKEY_ALGO_ELGAMAL_E:
-    case PUBKEY_ALGO_ELGAMAL:
-      err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
-      break;
-
-    default:
-      err = GPG_ERR_PUBKEY_ALGO;
-      break;
-    }
-
-  if (!identifier)
-    goto leave;
-
   if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-"))
     fp = es_fopen ((fname = opt.outfile), "w");
   else
@@ -2433,26 +2479,9 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
       goto leave;
     }
 
-  es_fprintf (fp, "%s ", identifier);
-  err = b64enc_start_es (&b64_state, fp, "");
-  if (!err)
-    {
-      void *blob;
-      size_t bloblen;
-
-      blob = get_membuf (&mb, &bloblen);
-      if (blob)
-        {
-          err = b64enc_write (&b64_state, blob, bloblen);
-          xfree (blob);
-          if (err)
-            goto leave;
-        }
-      err = b64enc_finish (&b64_state);
-    }
+  err = export_one_ssh_key (fp, pk);
   if (err)
     goto leave;
-  es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL));
 
   if (es_ferror (fp))
     err = gpg_error_from_syserror ();
@@ -2469,7 +2498,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
  leave:
   if (fp != es_stdout)
     es_fclose (fp);
-  xfree (get_membuf (&mb, NULL));
   release_kbnode (keyblock);
   return err;
 }
diff --git a/g10/filter.h b/g10/filter.h
index d2f6c3f..b2ef382 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -61,7 +61,7 @@ typedef struct {
 
     byte radbuf[4];
     int idx, idx2;
-    u32 crc;
+    gcry_md_hd_t crc_md;
 
     int status; 	    /* an internal state flag */
     int cancel;
@@ -69,8 +69,6 @@ typedef struct {
     int pending_lf;	    /* used together with faked */
 } armor_filter_context_t;
 
-struct unarmor_pump_s;
-typedef struct unarmor_pump_s *UnarmorPump;
 
 
 struct compress_filter_context_s {
@@ -88,15 +86,52 @@ struct compress_filter_context_s {
 typedef struct compress_filter_context_s compress_filter_context_t;
 
 
-typedef struct {
-    DEK *dek;
-    u32 datalen;
-    gcry_cipher_hd_t cipher_hd;
-    unsigned int wrote_header : 1;
-    unsigned int short_blklen_warn : 1;
-    unsigned long short_blklen_count;
-    gcry_md_hd_t mdc_hash;
-    byte enchash[20];
+typedef struct
+{
+  /* Object with the key and algo */
+  DEK *dek;
+
+  /* Length of the data to encrypt if known - 32 bit because OpenPGP
+   * requires partial encoding for a larger data size.  */
+  u32 datalen;
+
+  /* The current cipher handle.  */
+  gcry_cipher_hd_t cipher_hd;
+
+  /* Various processing flags.  */
+  unsigned int wrote_header : 1;
+  unsigned int short_blklen_warn : 1;
+  unsigned long short_blklen_count;
+
+  /* The encoded chunk byte for AEAD.  */
+  byte chunkbyte;
+
+  /* The decoded CHUNKBYTE.  */
+  uint64_t chunksize;
+
+  /* The chunk index for AEAD.  */
+  uint64_t chunkindex;
+
+  /* The number of bytes in the current chunk.  */
+  uint64_t chunklen;
+
+  /* The total count of encrypted plaintext octets.  Note that we
+   * don't care about encrypting more than 16 Exabyte. */
+  uint64_t total;
+
+  /* The hash context and a buffer used for MDC.  */
+  gcry_md_hd_t mdc_hash;
+  byte enchash[20];
+
+  /* The start IV for AEAD encryption.   */
+  byte startiv[16];
+
+  /* Using a large buffer for encryption makes processing easier and
+   * also makes sure the data is well aligned.  */
+  char *buffer;
+  size_t bufsize;  /* Allocated length.  */
+  size_t buflen;   /* Used length.       */
+
 } cipher_filter_context_t;
 
 
@@ -135,9 +170,6 @@ armor_filter_context_t *new_armor_context (void);
 void release_armor_context (armor_filter_context_t *afx);
 int push_armor_filter (armor_filter_context_t *afx, iobuf_t iobuf);
 int use_armor_filter( iobuf_t a );
-UnarmorPump unarmor_pump_new (void);
-void        unarmor_pump_release (UnarmorPump x);
-int         unarmor_pump (UnarmorPump x, int c);
 
 /*-- compress.c --*/
 gpg_error_t push_compress_filter (iobuf_t out, compress_filter_context_t *zfx,
@@ -149,6 +181,10 @@ gpg_error_t push_compress_filter2 (iobuf_t out,compress_filter_context_t *zfx,
 int cipher_filter_cfb (void *opaque, int control,
                        iobuf_t chain, byte *buf, size_t *ret_len);
 
+/*-- cipher-aead.c --*/
+int cipher_filter_aead (void *opaque, int control,
+                        iobuf_t chain, byte *buf, size_t *ret_len);
+
 /*-- textfilter.c --*/
 int text_filter( void *opaque, int control,
 		 iobuf_t chain, byte *buf, size_t *ret_len);
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 4df8896..6d7b349 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -30,6 +30,22 @@
 #include "options.h"
 
 
+/* Run time check to see whether mpi_copy does not copy the flags
+ * properly.   This was fixed in version 1.8.6.  */
+static int
+is_mpi_copy_broken (void)
+{
+  static char result;
+
+  if (!result)
+    {
+      result = !gcry_check_version ("1.8.6");
+      result |= 0x80;
+    }
+  return (result & 1);
+}
+
+
 /* This is mpi_copy with a fix for opaque MPIs which store a NULL
    pointer.  This will also be fixed in Libggcrypt 1.7.0.  */
 static gcry_mpi_t
@@ -40,6 +56,17 @@ my_mpi_copy (gcry_mpi_t a)
       && !gcry_mpi_get_opaque (a, NULL))
     return NULL;
 
+  if (is_mpi_copy_broken ())
+    {
+      int flag_user2 = a? gcry_mpi_get_flag (a, GCRYMPI_FLAG_USER2) : 0;
+      gcry_mpi_t b;
+
+      b = gcry_mpi_copy (a);
+      if (b && flag_user2)
+        gcry_mpi_set_flag (b, GCRYMPI_FLAG_USER2);
+      return b;
+    }
+
   return gcry_mpi_copy (a);
 }
 
@@ -77,11 +104,6 @@ free_seckey_enc( PKT_signature *sig )
   xfree(sig->hashed);
   xfree(sig->unhashed);
 
-  if (sig->pka_info)
-    {
-      xfree (sig->pka_info->uri);
-      xfree (sig->pka_info);
-    }
   xfree (sig->signers_uid);
 
   xfree(sig);
@@ -235,20 +257,6 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s)
 
 
 
-static pka_info_t *
-cp_pka_info (const pka_info_t *s)
-{
-  pka_info_t *d = xmalloc (sizeof *s + strlen (s->email));
-
-  d->valid = s->valid;
-  d->checked = s->checked;
-  d->uri = s->uri? xstrdup (s->uri):NULL;
-  memcpy (d->fpr, s->fpr, sizeof s->fpr);
-  strcpy (d->email, s->email);
-  return d;
-}
-
-
 PKT_signature *
 copy_signature( PKT_signature *d, PKT_signature *s )
 {
@@ -264,7 +272,6 @@ copy_signature( PKT_signature *d, PKT_signature *s )
 	for(i=0; i < n; i++ )
 	    d->data[i] = my_mpi_copy( s->data[i] );
     }
-    d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL;
     d->hashed = cp_subpktarea (s->hashed);
     d->unhashed = cp_subpktarea (s->unhashed);
     if (s->signers_uid)
@@ -472,7 +479,6 @@ free_packet (PACKET *pkt, parse_packet_ctx_t parsectx)
       break;
     case PKT_ENCRYPTED:
     case PKT_ENCRYPTED_MDC:
-    case PKT_ENCRYPTED_AEAD:
       free_encrypted (pkt->pkt.encrypted);
       break;
     case PKT_PLAINTEXT:
diff --git a/g10/getkey.c b/g10/getkey.c
index 4642174..bc9e826 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -36,6 +36,7 @@
 #include "../common/i18n.h"
 #include "keyserver-internal.h"
 #include "call-agent.h"
+#include "objcache.h"
 #include "../common/host2net.h"
 #include "../common/mbox-util.h"
 #include "../common/status.h"
@@ -60,7 +61,7 @@ struct getkey_ctx_s
      search or not.  A search that is exact requires that a key or
      subkey meet all of the specified criteria.  A search that is not
      exact allows selecting a different key or subkey from the
-     keyblock that matched the critera.  Further, an exact search
+     keyblock that matched the criteria.  Further, an exact search
      returns the key or subkey that matched whereas a non-exact search
      typically returns the primary key.  See finish_lookup for
      details.  */
@@ -112,6 +113,7 @@ static struct
 typedef struct keyid_list
 {
   struct keyid_list *next;
+  byte fprlen;
   char fpr[MAX_FINGERPRINT_LEN];
   u32 keyid[2];
 } *keyid_list_t;
@@ -132,15 +134,6 @@ static int pk_cache_disabled;
 #if MAX_UID_CACHE_ENTRIES < 5
 #error we really need the userid cache
 #endif
-typedef struct user_id_db
-{
-  struct user_id_db *next;
-  keyid_list_t keyids;
-  int len;
-  char name[1];
-} *user_id_db_t;
-static user_id_db_t user_id_db;
-static int uid_cache_entries;	/* Number of entries in uid cache. */
 
 static void merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock);
 static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
@@ -262,112 +255,6 @@ user_id_not_found_utf8 (void)
 
 
 
-/* Return the user ID from the given keyblock.
- * We use the primary uid flag which has been set by the merge_selfsigs
- * function.  The returned value is only valid as long as the given
- * keyblock is not changed.  */
-static const char *
-get_primary_uid (KBNODE keyblock, size_t * uidlen)
-{
-  KBNODE k;
-  const char *s;
-
-  for (k = keyblock; k; k = k->next)
-    {
-      if (k->pkt->pkttype == PKT_USER_ID
-	  && !k->pkt->pkt.user_id->attrib_data
-	  && k->pkt->pkt.user_id->flags.primary)
-	{
-	  *uidlen = k->pkt->pkt.user_id->len;
-	  return k->pkt->pkt.user_id->name;
-	}
-    }
-  s = user_id_not_found_utf8 ();
-  *uidlen = strlen (s);
-  return s;
-}
-
-
-static void
-release_keyid_list (keyid_list_t k)
-{
-  while (k)
-    {
-      keyid_list_t k2 = k->next;
-      xfree (k);
-      k = k2;
-    }
-}
-
-/****************
- * Store the association of keyid and userid
- * Feed only public keys to this function.
- */
-static void
-cache_user_id (KBNODE keyblock)
-{
-  user_id_db_t r;
-  const char *uid;
-  size_t uidlen;
-  keyid_list_t keyids = NULL;
-  KBNODE k;
-
-  for (k = keyblock; k; k = k->next)
-    {
-      if (k->pkt->pkttype == PKT_PUBLIC_KEY
-	  || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-	{
-	  keyid_list_t a = xmalloc_clear (sizeof *a);
-	  /* Hmmm: For a long list of keyids it might be an advantage
-	   * to append the keys.  */
-          fingerprint_from_pk (k->pkt->pkt.public_key, a->fpr, NULL);
-	  keyid_from_pk (k->pkt->pkt.public_key, a->keyid);
-	  /* First check for duplicates.  */
-	  for (r = user_id_db; r; r = r->next)
-	    {
-	      keyid_list_t b;
-
-	      for (b = r->keyids; b; b = b->next)
-		{
-		  if (!memcmp (b->fpr, a->fpr, MAX_FINGERPRINT_LEN))
-		    {
-		      if (DBG_CACHE)
-			log_debug ("cache_user_id: already in cache\n");
-		      release_keyid_list (keyids);
-		      xfree (a);
-		      return;
-		    }
-		}
-	    }
-	  /* Now put it into the cache.  */
-	  a->next = keyids;
-	  keyids = a;
-	}
-    }
-  if (!keyids)
-    BUG (); /* No key no fun.  */
-
-
-  uid = get_primary_uid (keyblock, &uidlen);
-
-  if (uid_cache_entries >= MAX_UID_CACHE_ENTRIES)
-    {
-      /* fixme: use another algorithm to free some cache slots */
-      r = user_id_db;
-      user_id_db = r->next;
-      release_keyid_list (r->keyids);
-      xfree (r);
-      uid_cache_entries--;
-    }
-  r = xmalloc (sizeof *r + uidlen - 1);
-  r->keyids = keyids;
-  r->len = uidlen;
-  memcpy (r->name, uid, r->len);
-  r->next = user_id_db;
-  user_id_db = r;
-  uid_cache_entries++;
-}
-
 
 /* Disable and drop the public key cache (which is filled by
    cache_public_key and get_pubkey).  Note: there is currently no way
@@ -437,7 +324,7 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
       return 0;
     }
 
-  /* First try the new ISSUER_FPR info.  */
+  /* First try the ISSUER_FPR info.  */
   fpr = issuer_fpr_raw (sig, &fprlen);
   if (fpr && !get_pubkey_byfprint (ctrl, pk, NULL, fpr, fprlen))
     return 0;
@@ -524,7 +411,7 @@ get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
       }
     else
       {
-        ctx.kr_handle = keydb_new ();
+        ctx.kr_handle = keydb_new (ctrl);
         if (!ctx.kr_handle)
           {
             rc = gpg_error_from_syserror ();
@@ -558,42 +445,6 @@ leave:
 }
 
 
-/* Same as get_pubkey but if the key was not found the function tries
- * to import it from LDAP.  FIXME: We should not need this but swicth
- * to a fingerprint lookup.  */
-gpg_error_t
-get_pubkey_with_ldap_fallback (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
-{
-  gpg_error_t err;
-
-  err = get_pubkey (ctrl, pk, keyid);
-  if (!err)
-    return 0;
-
-  if (gpg_err_code (err) != GPG_ERR_NO_PUBKEY)
-    return err;
-
-  /* Note that this code does not handle the case for two readers
-   * having both openpgp encryption keys.  Only one will be tried.  */
-  if (opt.debug)
-    log_debug ("using LDAP to find a public key\n");
-  err = keyserver_import_keyid (ctrl, keyid,
-                                opt.keyserver, KEYSERVER_IMPORT_FLAG_LDAP);
-  if (gpg_err_code (err) == GPG_ERR_NO_DATA
-      || gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
-    {
-      /* Dirmngr returns NO DATA is the selected keyserver
-       * does not have the requested key.  It returns NO
-       * KEYSERVER if no LDAP keyservers are configured.  */
-      err = gpg_error (GPG_ERR_NO_PUBKEY);
-    }
-  if (err)
-    return err;
-
-  return get_pubkey (ctrl, pk, keyid);
-}
-
-
 /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
  * account nor does it merge in the self-signed data.  This function
  * also only considers primary keys.  It is intended to be used as a
@@ -605,7 +456,7 @@ get_pubkey_with_ldap_fallback (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
  * Return the public key in *PK.  The resources in *PK should be
  * released using release_public_key_parts().  */
 int
-get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
+get_pubkey_fast (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
 {
   int rc = 0;
   KEYDB_HANDLE hd;
@@ -633,7 +484,7 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
   }
 #endif
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     return gpg_error_from_syserror ();
   rc = keydb_search_kid (hd, keyid);
@@ -682,7 +533,7 @@ get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig)
   size_t fprlen;
   kbnode_t keyblock;
 
-  /* First try the new ISSUER_FPR info.  */
+  /* First try the ISSUER_FPR info.  */
   fpr = issuer_fpr_raw (sig, &fprlen);
   if (fpr && !get_pubkey_byfprint (ctrl, NULL, &keyblock, fpr, fprlen))
     return keyblock;
@@ -707,7 +558,7 @@ get_pubkeyblock (ctrl_t ctrl, u32 * keyid)
   memset (&ctx, 0, sizeof ctx);
   /* No need to set exact here because we want the entire block.  */
   ctx.not_allocated = 1;
-  ctx.kr_handle = keydb_new ();
+  ctx.kr_handle = keydb_new (ctrl);
   if (!ctx.kr_handle)
     return NULL;
   ctx.nitems = 1;
@@ -749,7 +600,7 @@ get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
   memset (&ctx, 0, sizeof ctx);
   ctx.exact = 1; /* Use the key ID exactly as given.  */
   ctx.not_allocated = 1;
-  ctx.kr_handle = keydb_new ();
+  ctx.kr_handle = keydb_new (ctrl);
   if (!ctx.kr_handle)
     return gpg_error_from_syserror ();
   ctx.nitems = 1;
@@ -767,9 +618,11 @@ get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
 
   if (!err)
     {
-      err = agent_probe_secret_key (/*ctrl*/NULL, pk);
-      if (err)
-	release_public_key_parts (pk);
+      if (!agent_probe_secret_key (/*ctrl*/NULL, pk))
+        {
+          release_public_key_parts (pk);
+          err = gpg_error (GPG_ERR_NO_SECKEY);
+        }
     }
 
   return err;
@@ -887,6 +740,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
   int rc = 0;
   int n;
   strlist_t r;
+  strlist_t namelist_expanded = NULL;
   GETKEY_CTX ctx;
   KBNODE help_kb = NULL;
   KBNODE found_key = NULL;
@@ -915,6 +769,9 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
     }
   else
     {
+      namelist_expanded = expand_group (namelist, 1);
+      namelist = namelist_expanded;
+
       /* Build the search context.  */
       for (n = 0, r = namelist; r; r = r->next)
 	n++;
@@ -936,13 +793,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
 	  if (err)
 	    {
 	      xfree (ctx);
-	      return gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      rc = gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      goto leave;
 	    }
 	  if (!include_unusable
 	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
 	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_LONG_KID
-	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
-	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
 	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
             {
               ctx->items[n].skipfnc = skip_unusable;
@@ -952,12 +808,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
     }
 
   ctx->want_secret = want_secret;
-  ctx->kr_handle = keydb_new ();
+  ctx->kr_handle = keydb_new (ctrl);
   if (!ctx->kr_handle)
     {
       rc = gpg_error_from_syserror ();
       getkey_end (ctrl, ctx);
-      return rc;
+      goto leave;
     }
 
   if (!ret_kb)
@@ -977,7 +833,18 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
   release_kbnode (help_kb);
 
   if (retctx) /* Caller wants the context.  */
-    *retctx = ctx;
+    {
+      if (ctx->extra_list)
+        {
+          for (r=ctx->extra_list; r->next; r = r->next)
+            ;
+          r->next = namelist_expanded;
+        }
+      else
+        ctx->extra_list = namelist_expanded;
+      namelist_expanded = NULL;
+      *retctx = ctx;
+    }
   else
     {
       if (ret_kdbhd)
@@ -988,6 +855,8 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
       getkey_end (ctrl, ctx);
     }
 
+ leave:
+  free_strlist (namelist_expanded);
   return rc;
 }
 
@@ -1007,7 +876,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
  *                          considered.  Note: the local key ring is
  *                          consulted even if local is not in the
  *                          auto-key-locate option list!
- *    GET_PUBKEY_NO_LOCAL - Only the auto key locate functionaly is
+ *    GET_PUBKEY_NO_LOCAL - Only the auto key locate functionality is
  *                          used and no local search is done.
  *
  * If RETCTX is not NULL, then the constructed context is returned in
@@ -1056,12 +925,10 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
   int rc;
   strlist_t namelist = NULL;
   struct akl *akl;
-  int is_mbox, is_fpr;
-  KEYDB_SEARCH_DESC fprbuf;
+  int is_mbox;
   int nodefault = 0;
   int anylocalfirst = 0;
   int mechanism_type = AKL_NODEFAULT;
-  size_t fprbuf_fprlen = 0;
 
   /* If RETCTX is not NULL, then RET_KDBHD must be NULL.  */
   log_assert (retctx == NULL || ret_kdbhd == NULL);
@@ -1083,30 +950,6 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
       is_mbox = 1;
     }
 
-  /* If we are called due to --locate-external-key Check whether NAME
-   * is a fingerprint and then try to lookup that key by configured
-   * method which support lookup by fingerprint.  FPRBUF carries the
-   * parsed fingerpint iff IS_FPR is true.  */
-  is_fpr = 0;
-  if (!is_mbox && mode == GET_PUBKEY_NO_LOCAL)
-    {
-      if (!classify_user_id (name, &fprbuf, 1)
-          && (fprbuf.mode == KEYDB_SEARCH_MODE_FPR16
-              || fprbuf.mode == KEYDB_SEARCH_MODE_FPR20
-              || fprbuf.mode == KEYDB_SEARCH_MODE_FPR))
-        {
-          /* Note: We should get rid of the FPR16 because we don't
-           * support v3 keys anymore.  However, in 2.3 the fingerprint
-           * code has already been reworked and thus it is
-           * questionable whether we should really tackle this here.  */
-          if (fprbuf.mode == KEYDB_SEARCH_MODE_FPR16)
-            fprbuf_fprlen = 16;
-          else
-            fprbuf_fprlen = 20;
-          is_fpr = 1;
-        }
-    }
-
   /* The auto-key-locate feature works as follows: there are a number
    * of methods to look up keys.  By default, the local keyring is
    * tried first.  Then, each method listed in the --auto-key-locate is
@@ -1184,7 +1027,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
      retrieval has been enabled, we try to import the key. */
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
       && mode != GET_PUBKEY_NO_AKL
-      && (is_mbox || is_fpr))
+      && is_mbox)
     {
       /* NAME wasn't present in the local keyring (or we didn't try
        * the local keyring).  Since the auto key locate feature is
@@ -1210,8 +1053,6 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 	    case AKL_LOCAL:
               if (mode == GET_PUBKEY_NO_LOCAL)
                 {
-                  /* Note that we get here in is_fpr more, so there is
-                   * no extra check for it required.  */
                   mechanism_string = "";
                   rc = GPG_ERR_NO_PUBKEY;
                 }
@@ -1232,88 +1073,41 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 	      break;
 
 	    case AKL_CERT:
-              if (is_fpr)
-                {
-                  mechanism_string = "";
-                  rc = GPG_ERR_NO_PUBKEY;
-                }
-              else
-                {
-                  mechanism_string = "DNS CERT";
-                  glo_ctrl.in_auto_key_retrieve++;
-                  rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
-                  glo_ctrl.in_auto_key_retrieve--;
-                }
-              break;
+	      mechanism_string = "DNS CERT";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
 
 	    case AKL_PKA:
-              if (is_fpr)
-                {
-                  mechanism_string = "";
-                  rc = GPG_ERR_NO_PUBKEY;
-                }
-              else
-                {
-                  mechanism_string = "PKA";
-                  glo_ctrl.in_auto_key_retrieve++;
-                  rc = keyserver_import_pka (ctrl, name, &fpr, &fpr_len);
-                  glo_ctrl.in_auto_key_retrieve--;
-                }
-              break;
+	      /* This is now obsolete.  */
+	      break;
 
 	    case AKL_DANE:
-              if (is_fpr)
-                {
-                  mechanism_string = "";
-                  rc = GPG_ERR_NO_PUBKEY;
-                }
-              else
-                {
-                  mechanism_string = "DANE";
-                  glo_ctrl.in_auto_key_retrieve++;
-                  rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
-                  glo_ctrl.in_auto_key_retrieve--;
-                }
+	      mechanism_string = "DANE";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
 	    case AKL_WKD:
-              if (is_fpr)
-                {
-                  mechanism_string = "";
-                  rc = GPG_ERR_NO_PUBKEY;
-                }
-              else
-                {
-                  mechanism_string = "WKD";
-                  glo_ctrl.in_auto_key_retrieve++;
-                  rc = keyserver_import_wkd (ctrl, name, 0, &fpr, &fpr_len);
-                  glo_ctrl.in_auto_key_retrieve--;
-                }
+	      mechanism_string = "WKD";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_wkd (ctrl, name, 0, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
 	    case AKL_LDAP:
-              if (is_fpr)
-                {
-                  mechanism_string = "";
-                  rc = GPG_ERR_NO_PUBKEY;
-                }
-              else
-                {
-                  mechanism_string = "LDAP";
-                  glo_ctrl.in_auto_key_retrieve++;
-                  rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len);
-                  glo_ctrl.in_auto_key_retrieve--;
-                }
-              break;
+	      mechanism_string = "LDAP";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
 
 	    case AKL_NTDS:
 	      mechanism_string = "NTDS";
 	      glo_ctrl.in_auto_key_retrieve++;
-              if (is_fpr)
-                rc = keyserver_import_fprint_ntds (ctrl,
-                                                   fprbuf.u.fpr, fprbuf_fprlen);
-              else
-                rc = keyserver_import_ntds (ctrl, name, &fpr, &fpr_len);
+	      rc = keyserver_import_ntds (ctrl, name, &fpr, &fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
@@ -1326,25 +1120,8 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 		{
 		  mechanism_string = "keyserver";
 		  glo_ctrl.in_auto_key_retrieve++;
-                  if (is_fpr)
-                    {
-                      rc = keyserver_import_fprint (ctrl,
-                                                    fprbuf.u.fpr, fprbuf_fprlen,
-                                                    opt.keyserver,
-                                                    KEYSERVER_IMPORT_FLAG_LDAP);
-                      /* Map error codes because Dirmngr returns NO
-                       * DATA if the keyserver does not have the
-                       * requested key.  It returns NO KEYSERVER if no
-                       * LDAP keyservers are configured.  */
-                      if (gpg_err_code (rc) == GPG_ERR_NO_DATA
-                          || gpg_err_code (rc) == GPG_ERR_NO_KEYSERVER)
-                        rc = gpg_error (GPG_ERR_NO_PUBKEY);
-                    }
-                  else
-                    {
-                      rc = keyserver_import_mbox (ctrl, name, &fpr, &fpr_len,
-                                                  opt.keyserver);
-                    }
+		  rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
+                                              opt.keyserver);
 		  glo_ctrl.in_auto_key_retrieve--;
 		}
 	      else
@@ -1361,21 +1138,8 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 		mechanism_string = akl->spec->uri;
 		keyserver = keyserver_match (akl->spec);
 		glo_ctrl.in_auto_key_retrieve++;
-                if (is_fpr)
-                  {
-                    rc = keyserver_import_fprint (ctrl,
-                                                  fprbuf.u.fpr, fprbuf_fprlen,
-                                                  opt.keyserver,
-                                                  KEYSERVER_IMPORT_FLAG_LDAP);
-                    if (gpg_err_code (rc) == GPG_ERR_NO_DATA
-                        || gpg_err_code (rc) == GPG_ERR_NO_KEYSERVER)
-                      rc = gpg_error (GPG_ERR_NO_PUBKEY);
-                  }
-                else
-                  {
-                    rc = keyserver_import_mbox (ctrl, name,
-                                                &fpr, &fpr_len, keyserver);
-                  }
+		rc = keyserver_import_name (ctrl,
+                                            name, &fpr, &fpr_len, keyserver);
 		glo_ctrl.in_auto_key_retrieve--;
 	      }
 	      break;
@@ -1384,31 +1148,25 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 	  /* Use the fingerprint of the key that we actually fetched.
 	   * This helps prevent problems where the key that we fetched
 	   * doesn't have the same name that we used to fetch it.  In
-	   * the case of CERT and PKA, this is an actual security
+	   * the case of CERT, this is an actual security
 	   * requirement as the URL might point to a key put in by an
 	   * attacker.  By forcing the use of the fingerprint, we
 	   * won't use the attacker's key here. */
-	  if (!rc && (fpr || is_fpr))
+	  if (!rc && fpr)
 	    {
 	      char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
 
-              if (is_fpr)
-                {
-                  log_assert (fprbuf_fprlen <= MAX_FINGERPRINT_LEN);
-                  bin2hex (fprbuf.u.fpr, fprbuf_fprlen, fpr_string);
-                }
-              else
-                {
-                  log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
-                  bin2hex (fpr, fpr_len, fpr_string);
-                }
+	      log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
+
+	      free_strlist (namelist);
+	      namelist = NULL;
+
+	      bin2hex (fpr, fpr_len, fpr_string);
 
 	      if (opt.verbose)
 		log_info ("auto-key-locate found fingerprint %s\n",
 			  fpr_string);
 
-	      free_strlist (namelist);
-	      namelist = NULL;
 	      add_to_strlist (&namelist, fpr_string);
 	    }
 	  else if (!rc && !fpr && !did_akl_local)
@@ -1458,8 +1216,17 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 
   if (retctx && *retctx)
     {
-      log_assert (!(*retctx)->extra_list);
-      (*retctx)->extra_list = namelist;
+      GETKEY_CTX ctx = *retctx;
+      strlist_t sl;
+
+      if (ctx->extra_list)
+        {
+          for (sl=ctx->extra_list; sl->next; sl = sl->next)
+            ;
+          sl->next = namelist;
+        }
+      else
+        ctx->extra_list = namelist;
       (*retctx)->found_via_akl = mechanism_type;
     }
   else
@@ -1508,7 +1275,7 @@ subkey_is_ok (const PKT_public_key *sub)
   return ! sub->flags.revoked && sub->flags.valid && ! sub->flags.disabled;
 }
 
-/* Return true if KEYBLOCK has only expired encryption subkyes.  Note
+/* Return true if KEYBLOCK has only expired encryption subkeys.  Note
  * that the function returns false if the key has no encryption
  * subkeys at all or the subkeys are revoked.  */
 static int
@@ -1546,7 +1313,11 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
 {
   kbnode_t n;
 
-  new->creation_time = 0;
+  if ((new->key.pubkey_usage & PUBKEY_USAGE_ENC) == 0)
+    new->creation_time = 0;
+  else
+    new->creation_time = new->key.timestamp;
+
   for (n = find_next_kbnode (new_keyblock, PKT_PUBLIC_SUBKEY);
        n; n = find_next_kbnode (n, PKT_PUBLIC_SUBKEY))
     {
@@ -1562,11 +1333,15 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
         new->creation_time = sub->timestamp;
     }
 
+  /* When new key has no encryption key, use OLD key.  */
+  if (new->creation_time == 0)
+    return 1;
+
   for (n = find_next_kbnode (new_keyblock, PKT_USER_ID);
        n; n = find_next_kbnode (n, PKT_USER_ID))
     {
       PKT_user_id *uid = n->pkt->pkt.user_id;
-      char *mbox = mailbox_from_userid (uid->name);
+      char *mbox = mailbox_from_userid (uid->name, 0);
       int match = mbox ? strcasecmp (name, mbox) == 0 : 0;
 
       xfree (mbox);
@@ -1584,7 +1359,9 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
       if (! uid_is_ok (&old->key, old->uid) && uid_is_ok (&new->key, uid))
         return -1;	/* Validity of the NEW key is better.  */
 
-      if (old->validity < new->validity)
+      if (new->validity != TRUST_EXPIRED && old->validity < new->validity)
+        return -1;	/* Validity of the NEW key is better.  */
+      if (old->validity == TRUST_EXPIRED && new->validity != TRUST_EXPIRED)
         return -1;	/* Validity of the NEW key is better.  */
 
       if (old->validity == new->validity && uid_is_ok (&new->key, uid)
@@ -1611,10 +1388,16 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
   struct getkey_ctx_s *ctx = NULL;
   int is_mbox;
   int wkd_tried = 0;
+  PKT_public_key pk0;
+
+  log_assert (ret_keyblock != NULL);
 
   if (retctx)
     *retctx = NULL;
 
+  memset (&pk0, 0, sizeof pk0);
+  pk0.req_usage = pk? pk->req_usage : 0;
+
   is_mbox = is_valid_mailbox (name);
   if (!is_mbox && *name == '<' && name[1] && name[strlen(name)-1]=='>'
       && name[1] != '>'
@@ -1630,16 +1413,13 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
  start_over:
   if (ctx)  /* Clear  in case of a start over.  */
     {
-      if (ret_keyblock)
-        {
-          release_kbnode (*ret_keyblock);
-          *ret_keyblock = NULL;
-        }
+      release_kbnode (*ret_keyblock);
+      *ret_keyblock = NULL;
       getkey_end (ctrl, ctx);
       ctx = NULL;
     }
   err = get_pubkey_byname (ctrl, mode,
-                           &ctx, pk, name, ret_keyblock,
+                           &ctx, &pk0, name, ret_keyblock,
                            NULL, include_unusable);
   if (err)
     {
@@ -1649,10 +1429,9 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
   /* If the keyblock was retrieved from the local database and the key
    * has expired, do further checks.  However, we can do this only if
    * the caller requested a keyblock.  */
-  if (is_mbox && ctx && ctx->found_via_akl == AKL_LOCAL && ret_keyblock)
+  if (is_mbox && ctx && ctx->found_via_akl == AKL_LOCAL)
     {
       u32 now = make_timestamp ();
-      PKT_public_key *pk2 = (*ret_keyblock)->pkt->pkt.public_key;
       int found;
 
       /* If the key has expired and its origin was the WKD then try to
@@ -1662,9 +1441,9 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
        * Unfortunately that does not yet work because KEYUPDATE is
        * only updated during import iff the key has actually changed
        * (see import.c:import_one).  */
-      if (!wkd_tried && pk2->keyorg == KEYORG_WKD
-          && (pk2->keyupdate + 3*3600) < now
-          && (pk2->has_expired || only_expired_enc_subkeys (*ret_keyblock)))
+      if (!wkd_tried && pk0.keyorg == KEYORG_WKD
+          && (pk0.keyupdate + 3*3600) < now
+          && (pk0.has_expired || only_expired_enc_subkeys (*ret_keyblock)))
         {
           if (opt.verbose)
             log_info (_("checking for a fresh copy of an expired key via %s\n"),
@@ -1674,17 +1453,30 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
           found = !keyserver_import_wkd (ctrl, name, 0, NULL, NULL);
           glo_ctrl.in_auto_key_retrieve--;
           if (found)
-            goto start_over;
+            {
+              release_public_key_parts (&pk0);
+              goto start_over;
+            }
         }
     }
 
   if (is_mbox && ctx)
     {
-      /* Rank results and return only the most relevant key.  */
+      /* Rank results and return only the most relevant key for encryption.  */
       struct pubkey_cmp_cookie best = { 0 };
       struct pubkey_cmp_cookie new = { 0 };
       kbnode_t new_keyblock;
 
+      copy_public_key (&new.key, &pk0);
+      if (pubkey_cmp (ctrl, name, &best, &new, *ret_keyblock) >= 0)
+        {
+          release_public_key_parts (&new.key);
+          free_user_id (new.uid);
+        }
+      else
+        best = new;
+      new.uid = NULL;
+
       while (getkey_next (ctrl, ctx, &new.key, &new_keyblock) == 0)
         {
           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
@@ -1710,6 +1502,7 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
             }
           new.uid = NULL;
         }
+
       getkey_end (ctrl, ctx);
       ctx = NULL;
       free_user_id (best.uid);
@@ -1717,49 +1510,55 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 
       if (best.valid)
         {
-          if (retctx || ret_keyblock)
+          ctx = xtrycalloc (1, sizeof **retctx);
+          if (! ctx)
+            err = gpg_error_from_syserror ();
+          else
             {
-              ctx = xtrycalloc (1, sizeof **retctx);
-              if (! ctx)
-                err = gpg_error_from_syserror ();
+              ctx->kr_handle = keydb_new (ctrl);
+              if (! ctx->kr_handle)
+                {
+                  err = gpg_error_from_syserror ();
+                  xfree (ctx);
+                  ctx = NULL;
+                  if (retctx)
+                    *retctx = NULL;
+                }
               else
                 {
-                  ctx->kr_handle = keydb_new ();
-                  if (! ctx->kr_handle)
-                    {
-                      err = gpg_error_from_syserror ();
-                      xfree (ctx);
-                      ctx = NULL;
-                      if (retctx)
-                        *retctx = NULL;
-                    }
-                  else
-                    {
-                      u32 *keyid = pk_keyid (&best.key);
-                      ctx->exact = 1;
-                      ctx->nitems = 1;
-                      ctx->items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
-                      ctx->items[0].u.kid[0] = keyid[0];
-                      ctx->items[0].u.kid[1] = keyid[1];
-
-                      if (ret_keyblock)
-                        {
-                          release_kbnode (*ret_keyblock);
-                          *ret_keyblock = NULL;
-                          err = getkey_next (ctrl, ctx, NULL, ret_keyblock);
-                        }
-                    }
+                  u32 *keyid = pk_keyid (&best.key);
+                  ctx->exact = 1;
+                  ctx->nitems = 1;
+                  ctx->items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+                  ctx->items[0].u.kid[0] = keyid[0];
+                  ctx->items[0].u.kid[1] = keyid[1];
+
+                  release_kbnode (*ret_keyblock);
+                  *ret_keyblock = NULL;
+                  err = getkey_next (ctrl, ctx, NULL, ret_keyblock);
                 }
             }
 
           if (pk)
-            {
-              release_public_key_parts (pk);
-              *pk = best.key;
-            }
+            *pk = best.key;
           else
             release_public_key_parts (&best.key);
+          release_public_key_parts (&pk0);
         }
+      else
+        {
+          if (pk)
+            *pk = pk0;
+          else
+            release_public_key_parts (&pk0);
+        }
+    }
+  else
+    {
+      if (pk)
+        *pk = pk0;
+      else
+        release_public_key_parts (&pk0);
     }
 
   if (err && ctx)
@@ -1900,7 +1699,7 @@ get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf,
  *
  * FPRINT is a byte array whose contents is the fingerprint to use as
  * the search term.  FPRINT_LEN specifies the length of the
- * fingerprint (in bytes).  Currently, only 16 and 20-byte
+ * fingerprint (in bytes).  Currently, only 16, 20, and 32-byte
  * fingerprints are supported.
  *
  * FIXME: We should replace this with the _byname function.  This can
@@ -1915,7 +1714,7 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
   if (r_keyblock)
     *r_keyblock = NULL;
 
-  if (fprint_len == 20 || fprint_len == 16)
+  if (fprint_len == 32 || fprint_len == 20 || fprint_len == 16)
     {
       struct getkey_ctx_s ctx;
       KBNODE kb = NULL;
@@ -1926,14 +1725,14 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
       ctx.not_allocated = 1;
       /* FIXME: We should get the handle from the cache like we do in
        * get_pubkey.  */
-      ctx.kr_handle = keydb_new ();
+      ctx.kr_handle = keydb_new (ctrl);
       if (!ctx.kr_handle)
         return gpg_error_from_syserror ();
 
       ctx.nitems = 1;
-      ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
-	: KEYDB_SEARCH_MODE_FPR20;
+      ctx.items[0].mode = KEYDB_SEARCH_MODE_FPR;
       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+      ctx.items[0].fprlen = fprint_len;
       if (pk)
         ctx.req_usage = pk->req_usage;
       rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
@@ -1964,13 +1763,14 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
  * Like get_pubkey_byfprint, PK may be NULL.  In that case, this
  * function effectively just checks for the existence of the key.  */
 gpg_error_t
-get_pubkey_byfprint_fast (PKT_public_key * pk,
+get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key * pk,
 			  const byte * fprint, size_t fprint_len)
 {
   gpg_error_t err;
   KBNODE keyblock;
 
-  err = get_keyblock_byfprint_fast (&keyblock, NULL, fprint, fprint_len, 0);
+  err = get_keyblock_byfprint_fast (ctrl,
+                                    &keyblock, NULL, fprint, fprint_len, 0);
   if (!err)
     {
       if (pk)
@@ -1990,7 +1790,8 @@ get_pubkey_byfprint_fast (PKT_public_key * pk,
  * it may have a value of NULL, though.  This allows to do an insert
  * operation on a locked keydb handle.  */
 gpg_error_t
-get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
+get_keyblock_byfprint_fast (ctrl_t ctrl,
+                            kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
                             const byte *fprint, size_t fprint_len, int lock)
 {
   gpg_error_t err;
@@ -2006,10 +1807,8 @@ get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
 
   for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
     fprbuf[i] = fprint[i];
-  while (i < MAX_FINGERPRINT_LEN)
-    fprbuf[i++] = 0;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     return gpg_error_from_syserror ();
 
@@ -2027,11 +1826,11 @@ get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
       keydb_disable_caching (hd);
     }
 
-  /* Fo all other errors we return the handle.  */
+  /* For all other errors we return the handle.  */
   if (r_hd)
     *r_hd = hd;
 
-  err = keydb_search_fpr (hd, fprbuf);
+  err = keydb_search_fpr (hd, fprbuf, fprint_len);
   if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     {
       if (!r_hd)
@@ -2091,7 +1890,7 @@ parse_def_secret_key (ctrl_t ctrl)
 
       if (! hd)
         {
-          hd = keydb_new ();
+          hd = keydb_new (ctrl);
           if (!hd)
             return NULL;
         }
@@ -2149,10 +1948,12 @@ parse_def_secret_key (ctrl_t ctrl)
               continue;
             }
 
-          err = agent_probe_secret_key (ctrl, pk);
-          if (! err)
-            /* This is a valid key.  */
-            break;
+          if (agent_probe_secret_key (ctrl, pk))
+            {
+              /* This is a valid key.  */
+              err = 0;
+              break;
+            }
         }
       while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
 
@@ -2499,7 +2300,7 @@ parse_key_usage (PKT_signature * sig)
   size_t n;
   byte flags;
 
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_FLAGS, &n);
   if (p && n)
     {
       /* First octet of the keyflags.  */
@@ -2597,7 +2398,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
   uid->help_key_usage = parse_key_usage (sig);
 
   /* Ditto for the key expiration.  */
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
   if (p && buf32_to_u32 (p))
     uid->help_key_expire = keycreated + buf32_to_u32 (p);
   else
@@ -2606,7 +2407,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
   /* Set the primary user ID flag - we will later wipe out some
    * of them to only have one in our keyblock.  */
   uid->flags.primary = 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
   if (p && *p)
     uid->flags.primary = 2;
 
@@ -2618,16 +2419,16 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
   /* Now build the preferences list.  These must come from the
      hashed section so nobody can modify the ciphers a key is
      willing to accept.  */
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_SYM, &n);
   sym = p;
   nsym = p ? n : 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_AEAD, &n);
   aead = p;
   naead = p ? n : 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_HASH, &n);
   hash = p;
   nhash = p ? n : 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_COMPR, &n);
   zip = p;
   nzip = p ? n : 0;
   if (uid->prefs)
@@ -2665,19 +2466,19 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
 
   /* See whether we have the MDC feature.  */
   uid->flags.mdc = 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
   if (p && n && (p[0] & 0x01))
     uid->flags.mdc = 1;
 
   /* See whether we have the AEAD feature.  */
   uid->flags.aead = 0;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
   if (p && n && (p[0] & 0x02))
     uid->flags.aead = 1;
 
   /* And the keyserver modify flag.  */
   uid->flags.ks_modify = 1;
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n);
   if (p && n && (p[0] & 0x80))
     uid->flags.ks_modify = 0;
 }
@@ -2836,10 +2637,22 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
 			xrealloc (pk->revkey, sizeof (struct revocation_key) *
 				  (pk->numrevkeys + sig->numrevkeys));
 
-		      for (i = 0; i < sig->numrevkeys; i++)
-			memcpy (&pk->revkey[pk->numrevkeys++],
-				&sig->revkey[i],
-				sizeof (struct revocation_key));
+		      for (i = 0; i < sig->numrevkeys; i++, pk->numrevkeys++)
+                        {
+                          pk->revkey[pk->numrevkeys].class
+                            = sig->revkey[i].class;
+                          pk->revkey[pk->numrevkeys].algid
+                            = sig->revkey[i].algid;
+                          pk->revkey[pk->numrevkeys].fprlen
+                            = sig->revkey[i].fprlen;
+                          memcpy (pk->revkey[pk->numrevkeys].fpr,
+                                  sig->revkey[i].fpr, sig->revkey[i].fprlen);
+                          memset (pk->revkey[pk->numrevkeys].fpr
+                                  + sig->revkey[i].fprlen,
+                                  0,
+                                  sizeof (sig->revkey[i].fpr)
+                                  - sig->revkey[i].fprlen);
+                        }
 		    }
 
 		  if (sig->timestamp >= sigdate)
@@ -2902,7 +2715,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
 
       key_usage = parse_key_usage (sig);
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
       if (p && buf32_to_u32 (p))
 	{
 	  key_expire = keytimestamp + buf32_to_u32 (p);
@@ -3052,7 +2865,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
 		   * reason to check that an ultimately trusted key is
 		   * still valid - if it has been revoked the user
 		   * should also remove the ultimate trust flag.  */
-		  if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
+		  if (get_pubkey_fast (ctrl, ultimate_pk, sig->keyid) == 0
 		      && check_key_signature2 (ctrl,
                                                keyblock, k, ultimate_pk,
 					       NULL, NULL, NULL, NULL) == 0
@@ -3392,7 +3205,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
 
   subpk->pubkey_usage = key_usage;
 
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
   if (p && buf32_to_u32 (p))
     key_expire = keytimestamp + buf32_to_u32 (p);
   else
@@ -3419,8 +3232,8 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
       /* We do this while() since there may be other embedded
        * signatures in the future.  We only want 0x19 here. */
 
-      while ((p = enum_sig_subpkt (sig->hashed,
-				   SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
+      while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_SIGNATURE,
+                                   &n, &seq, NULL)))
 	if (n > 3
 	    && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
 	  {
@@ -3444,8 +3257,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
 
       /* It is safe to have this in the unhashed area since the 0x19
        * is located on the selfsig for convenience, not security. */
-
-      while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
+      while ((p = enum_sig_subpkt (sig, 0, SIGSUBPKT_SIGNATURE,
 				   &n, &seq, NULL)))
 	if (n > 3
 	    && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
@@ -3544,7 +3356,11 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
 		  memcpy (&pk->revoked, &rinfo, sizeof (rinfo));
 		}
 	      if (main_pk->has_expired)
-		pk->has_expired = main_pk->has_expired;
+		{
+		  pk->has_expired = main_pk->has_expired;
+		  if (!pk->expiredate || pk->expiredate > main_pk->expiredate)
+		    pk->expiredate = main_pk->expiredate;
+		}
 	    }
 	}
       return;
@@ -3598,7 +3414,7 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
  *
  * In case the primary key is not required, select a suitable subkey.
  * We need the primary key if PUBKEY_USAGE_CERT is set in REQ_USAGE or
- * we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG is set in
+ * we are in PGP7 mode and PUBKEY_USAGE_SIG is set in
  * REQ_USAGE.
  *
  * If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
@@ -3625,7 +3441,7 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
  *
  *  1. No requested usage and no primary key requested
  *     Examples for this case are that we have a keyID to be used
- *     for decrytion or verification.
+ *     for decryption or verification.
  *  2. No usage but primary key requested
  *     This is the case for all functions which work on an
  *     entire keyblock, e.g. for editing or listing
@@ -3660,10 +3476,10 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
   req_usage &= USAGE_MASK;
 
   /* Request the primary if we're certifying another key, and also if
-   * signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 do
+   * signing data while --pgp7 is on since pgp 7 do
    * not understand signatures made by a signing subkey.  PGP 8 does. */
   req_prim = ((req_usage & PUBKEY_USAGE_CERT)
-              || ((PGP6 || PGP7) && (req_usage & PUBKEY_USAGE_SIG)));
+              || (PGP7 && (req_usage & PUBKEY_USAGE_SIG)));
 
 
   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
@@ -3722,6 +3538,7 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
       kbnode_t nextk;
       int n_subkeys = 0;
       int n_revoked_or_expired = 0;
+      int last_secret_key_avail = 0;
 
       /* Either start a loop or check just this one subkey.  */
       for (k = foundk ? foundk : keyblock; k; k = nextk)
@@ -3779,11 +3596,23 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
 	      continue;
 	    }
 
-          if (want_secret && agent_probe_secret_key (NULL, pk))
+          if (want_secret)
             {
-              if (DBG_LOOKUP)
-                log_debug ("\tno secret key\n");
-              continue;
+              int secret_key_avail = agent_probe_secret_key (NULL, pk);
+
+              if (!secret_key_avail)
+                {
+                  if (DBG_LOOKUP)
+                    log_debug ("\tno secret key\n");
+                  continue;
+                }
+
+              if (secret_key_avail > last_secret_key_avail)
+                {
+                  /* Use this key.  */
+                  last_secret_key_avail = secret_key_avail;
+                  latest_date = 0;
+                }
             }
 
 	  if (DBG_LOOKUP)
@@ -3876,7 +3705,7 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
       xfree (tempkeystr);
     }
 
-  cache_user_id (keyblock);
+  cache_put_keyblock (keyblock);
 
   return latest_key ? latest_key : keyblock; /* Found.  */
 }
@@ -4028,93 +3857,66 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
 }
 
 
-/* If a default key has been specified, return that key.  If a card
- * based key is also available as indicated by FPR_CARD not being
- * NULL, return that key if suitable.  */
 gpg_error_t
 get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
                             const byte *fpr_card, size_t fpr_len)
 {
   gpg_error_t err;
   strlist_t namelist = NULL;
-  const char *def_secret_key;
 
-  def_secret_key = parse_def_secret_key (ctrl);
+  const char *def_secret_key = parse_def_secret_key (ctrl);
 
   if (def_secret_key)
     add_to_strlist (&namelist, def_secret_key);
   else if (fpr_card)
     {
-      err = get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
-      if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
-        {
-          if (opt.debug)
-            log_debug ("using LDAP to find public key for current card\n");
-          err = keyserver_import_fprint (ctrl, fpr_card, fpr_len,
-                                         opt.keyserver,
-                                         KEYSERVER_IMPORT_FLAG_LDAP);
-          if (!err)
-            err = get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
-          else if (gpg_err_code (err) == GPG_ERR_NO_DATA
-                   || gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
-            {
-              /* Dirmngr returns NO DATA is the selected keyserver
-               * does not have the requested key.  It returns NO
-               * KEYSERVER if no LDAP keyservers are configured.  */
-              err = gpg_error (GPG_ERR_NO_PUBKEY);
-            }
-        }
+      int rc = get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
 
       /* The key on card can be not suitable for requested usage.  */
-      if (gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY)
+      if (rc == GPG_ERR_UNUSABLE_PUBKEY)
         fpr_card = NULL;        /* Fallthrough as no card.  */
       else
-        return err;  /* Success or other error.  */
+        return rc;
     }
 
-  if (!fpr_card || (def_secret_key && *def_secret_key
-                    && def_secret_key[strlen (def_secret_key)-1] == '!'))
-    {
-      err = key_byname (ctrl, NULL, namelist, pk, 1, 0, NULL, NULL);
-    }
+  if (!fpr_card
+      || (def_secret_key && def_secret_key[strlen (def_secret_key)-1] == '!'))
+    err = key_byname (ctrl, NULL, namelist, pk, 1, 0, NULL, NULL);
   else
     { /* Default key is specified and card key is also available.  */
       kbnode_t k, keyblock = NULL;
 
       err = key_byname (ctrl, NULL, namelist, pk, 1, 0, &keyblock, NULL);
-      if (err)
-        goto leave;
-      for (k = keyblock; k; k = k->next)
-        {
-          PKT_public_key *pk_candidate;
-          char fpr[MAX_FINGERPRINT_LEN];
-
-          if (k->pkt->pkttype != PKT_PUBLIC_KEY
-              &&k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
-            continue;
-
-          pk_candidate = k->pkt->pkt.public_key;
-          if (!pk_candidate->flags.valid)
-            continue;
-          if (!((pk_candidate->pubkey_usage & USAGE_MASK) & pk->req_usage))
-            continue;
-          fingerprint_from_pk (pk_candidate, fpr, NULL);
-          if (!memcmp (fpr_card, fpr, fpr_len))
-            {
-              release_public_key_parts (pk);
-              copy_public_key (pk, pk_candidate);
-              break;
-            }
-        }
+      if (!err)
+        for (k = keyblock; k; k = k->next)
+          {
+            PKT_public_key *pk_candidate;
+            char fpr[MAX_FINGERPRINT_LEN];
+
+            if (k->pkt->pkttype != PKT_PUBLIC_KEY
+                &&k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+              continue;
+
+            pk_candidate = k->pkt->pkt.public_key;
+            if (!pk_candidate->flags.valid)
+              continue;
+            if (!((pk_candidate->pubkey_usage & USAGE_MASK) & pk->req_usage))
+              continue;
+            fingerprint_from_pk (pk_candidate, fpr, NULL);
+            if (!memcmp (fpr_card, fpr, fpr_len))
+              {
+                release_public_key_parts (pk);
+                copy_public_key (pk, pk_candidate);
+                break;
+              }
+          }
       release_kbnode (keyblock);
     }
 
- leave:
   free_strlist (namelist);
+
   return err;
 }
-
-
 
 /*********************************************
  ***********  User ID printing helpers *******
@@ -4124,67 +3926,40 @@ get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
  * this string must be freed by xfree.  If R_NOUID is not NULL it is
  * set to true if a user id was not found; otherwise to false.  */
 static char *
-get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len,
-                    int *r_nouid)
+get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode)
 {
-  user_id_db_t r;
-  keyid_list_t a;
-  int pass = 0;
+  char *name;
+  unsigned int namelen;
   char *p;
 
-  if (r_nouid)
-    *r_nouid = 0;
+  log_assert (mode != 2);
 
-  /* Try it two times; second pass reads from the database.  */
-  do
+  name = cache_get_uid_bykid (keyid, &namelen);
+  if (!name)
     {
-      for (r = user_id_db; r; r = r->next)
-	{
-	  for (a = r->keyids; a; a = a->next)
-	    {
-	      if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
-		{
-                  if (mode == 2)
-                    {
-                      /* An empty string as user id is possible.  Make
-                         sure that the malloc allocates one byte and
-                         does not bail out.  */
-                      p = xmalloc (r->len? r->len : 1);
-                      memcpy (p, r->name, r->len);
-                      if (r_len)
-                        *r_len = r->len;
-                    }
-                  else
-                    {
-                      if (mode)
-                        p = xasprintf ("%08lX%08lX %.*s",
-                                       (ulong) keyid[0], (ulong) keyid[1],
-                                       r->len, r->name);
-                      else
-                        p = xasprintf ("%s %.*s", keystr (keyid),
-                                       r->len, r->name);
-                      if (r_len)
-                        *r_len = strlen (p);
-                    }
-
-                  return p;
-		}
-	    }
-	}
+      /* Get it so that the cache will be filled.  */
+      if (!get_pubkey (ctrl, NULL, keyid))
+        name = cache_get_uid_bykid (keyid, &namelen);
     }
-  while (++pass < 2 && !get_pubkey (ctrl, NULL, keyid));
 
-  if (mode == 2)
-    p = xstrdup (user_id_not_found_utf8 ());
-  else if (mode)
-    p = xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
+  if (name)
+    {
+      if (mode)
+        p = xasprintf ("%08lX%08lX %.*s",
+                       (ulong) keyid[0], (ulong) keyid[1], namelen, name);
+      else
+        p = xasprintf ("%s %.*s", keystr (keyid), namelen, name);
+
+      xfree (name);
+    }
   else
-    p = xasprintf ("%s [?]", keystr (keyid));
+    {
+      if (mode)
+        p = xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
+      else
+        p = xasprintf ("%s [?]", keystr (keyid));
+    }
 
-  if (r_nouid)
-    *r_nouid = 1;
-  if (r_len)
-    *r_len = strlen (p);
   return p;
 }
 
@@ -4192,7 +3967,7 @@ get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len,
 char *
 get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
 {
-  char *p = get_user_id_string (ctrl, keyid, 0, NULL, NULL);
+  char *p = get_user_id_string (ctrl, keyid, 0);
   char *p2 = utf8_to_native (p, strlen (p), 0);
   xfree (p);
   return p2;
@@ -4202,7 +3977,7 @@ get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
 char *
 get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
 {
-  return get_user_id_string (ctrl, keyid, 1, NULL, NULL);
+  return get_user_id_string (ctrl, keyid, 1);
 }
 
 
@@ -4210,7 +3985,31 @@ get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
 char *
 get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid)
 {
-  return get_user_id_string (ctrl, keyid, 2, rn, r_nouid);
+  char *name;
+  unsigned int namelen;
+
+  if (r_nouid)
+    *r_nouid = 0;
+
+  name = cache_get_uid_bykid (keyid, &namelen);
+  if (!name)
+    {
+      /* Get it so that the cache will be filled.  */
+      if (!get_pubkey (ctrl, NULL, keyid))
+        name = cache_get_uid_bykid (keyid, &namelen);
+    }
+
+  if (!name)
+    {
+      name = xstrdup (user_id_not_found_utf8 ());
+      namelen = strlen (name);
+      if (r_nouid)
+        *r_nouid = 1;
+    }
+
+  if (rn && name)
+    *rn = namelen;
+  return name;
 }
 
 
@@ -4231,49 +4030,36 @@ get_user_id_native (ctrl_t ctrl, u32 *keyid)
    returned string, which must be freed using xfree, may not be NUL
    terminated.  To determine the length of the string, you must use
    *RN.  */
-char *
-get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn)
+static char *
+get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t fprlen, size_t *rn)
 {
-  user_id_db_t r;
-  char *p;
-  int pass = 0;
+  char *name;
 
-  /* Try it two times; second pass reads from the database.  */
-  do
+  name = cache_get_uid_byfpr (fpr, fprlen, rn);
+  if (!name)
     {
-      for (r = user_id_db; r; r = r->next)
-	{
-	  keyid_list_t a;
-	  for (a = r->keyids; a; a = a->next)
-	    {
-	      if (!memcmp (a->fpr, fpr, MAX_FINGERPRINT_LEN))
-		{
-                  /* An empty string as user id is possible.  Make
-                     sure that the malloc allocates one byte and does
-                     not bail out.  */
-		  p = xmalloc (r->len? r->len : 1);
-		  memcpy (p, r->name, r->len);
-		  *rn = r->len;
-		  return p;
-		}
-	    }
-	}
+      /* Get it so that the cache will be filled.  */
+      if (!get_pubkey_byfprint (ctrl, NULL, NULL, fpr, fprlen))
+        name = cache_get_uid_byfpr (fpr, fprlen, rn);
     }
-  while (++pass < 2
-	 && !get_pubkey_byfprint (ctrl, NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
-  p = xstrdup (user_id_not_found_utf8 ());
-  *rn = strlen (p);
-  return p;
+
+  if (!name)
+    {
+      name = xstrdup (user_id_not_found_utf8 ());
+      *rn = strlen (name);
+    }
+
+  return name;
 }
 
 /* Like get_user_id_byfpr, but convert the string to the native
    encoding.  The returned string needs to be freed.  Unlike
    get_user_id_byfpr, the returned string is NUL terminated.  */
 char *
-get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr)
+get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr, size_t fprlen)
 {
   size_t rn;
-  char *p = get_user_id_byfpr (ctrl, fpr, &rn);
+  char *p = get_user_id_byfpr (ctrl, fpr, fprlen, &rn);
   char *p2 = utf8_to_native (p, rn, 0);
   xfree (p);
   return p2;
@@ -4489,7 +4275,7 @@ key_origin_string (int origin)
    the secret key is valid; this check merely indicates whether there
    is some secret key with the specified key id.  */
 int
-have_secret_key_with_kid (u32 *keyid)
+have_secret_key_with_kid (ctrl_t ctrl, u32 *keyid)
 {
   gpg_error_t err;
   KEYDB_HANDLE kdbhd;
@@ -4498,7 +4284,7 @@ have_secret_key_with_kid (u32 *keyid)
   kbnode_t node;
   int result = 0;
 
-  kdbhd = keydb_new ();
+  kdbhd = keydb_new (ctrl);
   if (!kdbhd)
     return 0;
   memset (&desc, 0, sizeof desc);
@@ -4528,7 +4314,7 @@ have_secret_key_with_kid (u32 *keyid)
               log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
                           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 
-              if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
+              if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
 		result = 1; /* Secret key available.  */
 	      else
 		result = 0;
diff --git a/g10/gpg.c b/g10/gpg.c
index bd65612..4ca2dcf 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1,4 +1,4 @@
-/* gpg.c - The GnuPG utility (main for gpg)
+/* gpg.c - The GnuPG OpenPGP tool
  * Copyright (C) 1998-2020 Free Software Foundation, Inc.
  * Copyright (C) 1997-2019 Werner Koch
  * Copyright (C) 2015-2021 g10 Code GmbH
@@ -37,6 +37,7 @@
 # endif
 # include <windows.h>
 #endif
+#include <npth.h>
 
 #define INCLUDED_BY_MAIN_MODULE 1
 #include "gpg.h"
@@ -60,6 +61,7 @@
 #include "../common/asshelp.h"
 #include "call-dirmngr.h"
 #include "tofu.h"
+#include "objcache.h"
 #include "../common/init.h"
 #include "../common/mbox-util.h"
 #include "../common/shareddefs.h"
@@ -102,6 +104,7 @@ enum cmd_and_opt_values
     oBatch	  = 500,
     oMaxOutput,
     oInputSizeHint,
+    oChunkSize,
     oSigNotation,
     oCertNotation,
     oShowNotation,
@@ -198,6 +201,7 @@ enum cmd_and_opt_values
     oWithSubkeyFingerprint,
     oWithICAOSpelling,
     oWithKeygrip,
+    oWithKeyScreening,
     oWithSecret,
     oWithWKDHash,
     oWithColons,
@@ -222,6 +226,8 @@ enum cmd_and_opt_values
     oDebugLevel,
     oDebugAll,
     oDebugIOLBF,
+    oDebugSetIobufSize,
+    oDebugAllowLargeChunks,
     oStatusFD,
     oStatusFile,
     oAttributeFD,
@@ -238,14 +244,13 @@ enum cmd_and_opt_values
     oRFC4880,
     oRFC4880bis,
     oOpenPGP,
-    oPGP6,
     oPGP7,
     oPGP8,
     oDE_VS,
-    oMinRSALength,
     oRFC2440Text,
     oNoRFC2440Text,
     oCipherAlgo,
+    oAEADAlgo,
     oDigestAlgo,
     oCertDigestAlgo,
     oCompressAlgo,
@@ -280,6 +285,7 @@ enum cmd_and_opt_values
     oAlwaysTrust,
     oTrustModel,
     oForceOwnertrust,
+    oNoAutoTrustNewKey,
     oSetFilename,
     oForYourEyesOnly,
     oNoForYourEyesOnly,
@@ -299,6 +305,7 @@ enum cmd_and_opt_values
     oShowPhotos,
     oNoShowPhotos,
     oPhotoViewer,
+    oForceAEAD,
     oS2KMode,
     oS2KDigest,
     oS2KCipher,
@@ -335,6 +342,7 @@ enum cmd_and_opt_values
     oAllowFreeformUID,
     oNoAllowFreeformUID,
     oAllowSecretKeyImport,
+    oAllowOldCipherAlgos,
     oEnableSpecialFilenames,
     oNoLiteral,
     oSetFilesize,
@@ -348,7 +356,6 @@ enum cmd_and_opt_values
     oShowSessionKey,
     oOverrideSessionKey,
     oOverrideSessionKeyFD,
-    oOverrideComplianceCheck,
     oNoRandomSeedFile,
     oAutoKeyRetrieve,
     oNoAutoKeyRetrieve,
@@ -357,6 +364,7 @@ enum cmd_and_opt_values
     oUseAgent,
     oNoUseAgent,
     oGpgAgentInfo,
+    oUseKeyboxd,
     oMergeOnly,
     oTryAllSecrets,
     oTrustedKey,
@@ -370,9 +378,11 @@ enum cmd_and_opt_values
     oDefaultPreferenceList,
     oDefaultKeyserverURL,
     oPersonalCipherPreferences,
+    oPersonalAEADPreferences,
     oPersonalDigestPreferences,
     oPersonalCompressPreferences,
     oAgentProgram,
+    oKeyboxdProgram,
     oDirmngrProgram,
     oDisableDirmngr,
     oDisplay,
@@ -401,18 +411,14 @@ enum cmd_and_opt_values
     oNoRequireCrossCert,
     oAutoKeyLocate,
     oNoAutoKeyLocate,
-    oAllowMultisigVerification,
     oEnableLargeRSA,
     oDisableLargeRSA,
     oEnableDSA2,
     oDisableDSA2,
-    oAllowMultipleMessages,
-    oNoAllowMultipleMessages,
     oAllowWeakDigestAlgos,
     oAllowWeakKeySignatures,
     oFakedSystemTime,
     oNoAutostart,
-    oPrintPKARecords,
     oPrintDANERecords,
     oTOFUDefaultPolicy,
     oTOFUDBFormat,
@@ -426,17 +432,17 @@ enum cmd_and_opt_values
     oRequestOrigin,
     oNoSymkeyCache,
     oUseOnlyOpenPGPCard,
+    oFullTimestrings,
     oIncludeKeyBlock,
     oNoIncludeKeyBlock,
+    oChUid,
     oForceSignKey,
-    oForbidGenKey,
-    oRequireCompliance,
 
     oNoop
   };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_group (300, N_("@Commands:\n ")),
 
@@ -563,6 +569,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aShowKeys,  "show-key", "@"), /* alias */
 
 
+
   ARGPARSE_header ("Monitor", N_("Options controlling the diagnostic output")),
 
   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@@ -574,6 +581,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
   ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
   ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
+  ARGPARSE_s_u (oDebugSetIobufSize, "debug-set-iobuf-size", "@"),
+  ARGPARSE_s_u (oDebugAllowLargeChunks, "debug-allow-large-chunks", "@"),
   ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
   ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
   ARGPARSE_conffile (oOptions, "options", N_("|FILE|read options from FILE")),
@@ -614,11 +623,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
   ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
-  ARGPARSE_s_n (oPGP6, "pgp6", "@"),
+  ARGPARSE_s_n (oPGP7, "pgp6", "@"),
   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
   ARGPARSE_s_n (oPGP8, "pgp8", "@"),
   ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
-  ARGPARSE_p_u (oMinRSALength, "min-rsa-length", "@"),
 #ifndef NO_TRUST_MODELS
   ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
 #endif
@@ -626,6 +634,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oPhotoViewer,  "photo-viewer", "@"),
   ARGPARSE_s_s (oKnownNotation, "known-notation", "@"),
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+  ARGPARSE_s_s (oKeyboxdProgram, "keyboxd-program", "@"),
   ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
   ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
   ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
@@ -656,6 +665,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
   ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
   ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
+  ARGPARSE_s_s (oPersonalAEADPreferences, "personal-aead-preferences","@"),
   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
   ARGPARSE_s_s (oPersonalCompressPreferences,
                                          "personal-compress-preferences", "@"),
@@ -683,6 +693,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
   ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
   ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
+  ARGPARSE_s_n (oNoAutoTrustNewKey, "no-auto-trust-new-key", "@"),
 #endif
 
 
@@ -736,6 +747,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
   ARGPARSE_s_n (oMangleDosFilenames,      "mangle-dos-filenames", "@"),
   ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
+  ARGPARSE_s_i (oChunkSize, "chunk-size", "@"),
   ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
   ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
   ARGPARSE_s_n (oListOnly, "list-only", "@"),
@@ -745,7 +757,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
   ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
 
-
   ARGPARSE_header ("ImportExport",
                    N_("Options controlling key import and export")),
 
@@ -776,6 +787,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_header ("Keylist", N_("Options controlling key listings")),
 
   ARGPARSE_s_s (oListOptions,   "list-options", "@"),
+  ARGPARSE_s_n (oFullTimestrings, "full-timestrings", "@"),
   ARGPARSE_s_n (oShowPhotos,   "show-photos", "@"),
   ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
   ARGPARSE_s_n (oShowPolicyURL,      "show-policy-url", "@"),
@@ -790,13 +802,13 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
   ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
   ARGPARSE_s_n (oWithKeygrip,     "with-keygrip", "@"),
+  ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"),
   ARGPARSE_s_n (oWithSecret,      "with-secret", "@"),
   ARGPARSE_s_n (oWithWKDHash,     "with-wkd-hash", "@"),
   ARGPARSE_s_n (oWithKeyOrigin,   "with-key-origin", "@"),
   ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
   ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
   ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
-  ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
   ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
   ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
   ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
@@ -834,10 +846,16 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
   ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
   ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
+  ARGPARSE_s_n (oForceAEAD, "force-aead", "@"),
   ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
   ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
   ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
   ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
+  /* Options to override new security defaults.  */
+  ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
+  ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
+  ARGPARSE_s_n (oAllowOldCipherAlgos, "allow-old-cipher-algos", "@"),
+  ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
   ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
   ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
   ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
@@ -849,18 +867,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oDisableCipherAlgo,  "disable-cipher-algo", "@"),
   ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
   ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
+  ARGPARSE_s_s (oAEADAlgo,   "aead-algo", "@"),
   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
-  ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
-  /* Options to override new security defaults.  */
-  ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
-  ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
-  ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
-  ARGPARSE_s_n (oAllowMultisigVerification,
-                "allow-multisig-verification", "@"),
-  ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
-  ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
-
 
 
   ARGPARSE_header (NULL, N_("Options for unattended use")),
@@ -891,9 +900,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oLCctype,    "lc-ctype",   "@"),
   ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
   ARGPARSE_s_s (oXauthority, "xauthority", "@"),
+  ARGPARSE_s_s (oChUid,      "chuid",      "@"),
   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
-  ARGPARSE_s_n (oForbidGenKey,  "forbid-gen-key", "@"),
-  ARGPARSE_s_n (oRequireCompliance, "require-compliance", "@"),
+  ARGPARSE_s_n (oUseKeyboxd,    "use-keyboxd", "@"),
   /* Options which can be used in special circumstances. They are not
    * published and we hope they are never required.  */
   ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"),
@@ -903,10 +912,10 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_header (NULL, ""),  /* Stop the header group.  */
 
-
   /* Aliases.  I constantly mistype these, and assume other people do
      as well. */
   ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
+  ARGPARSE_s_s (oPersonalAEADPreferences,   "personal-aead-prefs", "@"),
   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
   ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
 
@@ -947,6 +956,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
   ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
   ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "allow-multisig-verification", "@"),
+  ARGPARSE_s_n (oNoop, "allow-multiple-messages", "@"),
+  ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
 
 
   ARGPARSE_group (302, N_(
@@ -1006,12 +1018,8 @@ static int utf8_strings =
 #endif
   ;
 static int maybe_setuid = 1;
-
-/* Collection of options used only in this module.  */
-static struct {
-  unsigned int forbid_gen_key;
-} mopt;
-
+static unsigned int opt_set_iobuf_size;
+static unsigned int opt_set_iobuf_size_used;
 
 static char *build_list( const char *text, char letter,
 			 const char *(*mapf)(int), int (*chkf)(int) );
@@ -1024,6 +1032,9 @@ static void add_keyserver_url( const char *string, int which );
 static void emergency_cleanup (void);
 static void read_sessionkey_from_fd (int fd);
 
+/* NPth wrapper function definitions. */
+ASSUAN_SYSTEM_NPTH_IMPL;
+
 
 static char *
 make_libversion (const char *libname, const char *(*getfnc)(const char*))
@@ -1074,6 +1085,18 @@ build_list_cipher_algo_name (int algo)
 }
 
 static int
+build_list_aead_test_algo (int algo)
+{
+  return openpgp_aead_test_algo (algo);
+}
+
+static const char *
+build_list_aead_algo_name (int algo)
+{
+  return openpgp_aead_algo_name (algo);
+}
+
+static int
 build_list_md_test_algo (int algo)
 {
   /* By default we do not accept MD5 based signatures.  To avoid
@@ -1094,16 +1117,16 @@ build_list_md_algo_name (int algo)
 static const char *
 my_strusage( int level )
 {
-  static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
+  static char *digests, *pubkeys, *ciphers, *zips, *aeads, *ver_gcry;
   const char *p;
 
-  switch (level)
-    {
+  switch( level ) {
       case  9: p = "GPL-3.0-or-later"; break;
       case 11: p = "@GPG@ (@GNUPG@)";
 	break;
       case 13: p = VERSION; break;
       case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
+
       case 17: p = PRINTABLE_OS_NAME; break;
       case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
 
@@ -1157,13 +1180,20 @@ my_strusage( int level )
 	p = ciphers;
 	break;
       case 36:
+	if (!aeads)
+          aeads = build_list ("AEAD: ", 'A',
+                              build_list_aead_algo_name,
+                              build_list_aead_test_algo);
+	p = aeads;
+	break;
+      case 37:
 	if( !digests )
 	    digests = build_list(_("Hash: "), 'H',
                                  build_list_md_algo_name,
                                  build_list_md_test_algo );
 	p = digests;
 	break;
-      case 37:
+      case 38:
 	if( !zips )
 	    zips = build_list(_("Compression: "),'Z',
                               compress_algo_to_string,
@@ -1188,6 +1218,7 @@ build_list (const char *text, char letter,
   membuf_t mb;
   int indent;
   int i, j, len;
+  int limit;
   const char *s;
   char *string;
 
@@ -1198,7 +1229,8 @@ build_list (const char *text, char letter,
   len = 0;
   init_membuf (&mb, 512);
 
-  for (i=0; i <= 110; i++ )
+  limit = (letter == 'A')? 4 : 110;
+  for (i=0; i <= limit; i++ )
     {
       if (!chkf (i) && (s = mapf (i)))
         {
@@ -1320,11 +1352,9 @@ set_debug (const char *level)
   if (opt.debug)
     parse_debug_flag (NULL, &opt.debug, debug_flags);
 
-  /* Make sure that we are --verbose in debug mode.  */
-  if (opt.debug && !opt.verbose)
-    opt.verbose = 1;
-  if (opt.debug && opt.quiet)
-    opt.quiet = 0;
+  if (opt_set_iobuf_size || opt_set_iobuf_size_used)
+    log_debug ("iobuf buffer size is %uk\n",
+               iobuf_set_buffer_size (opt_set_iobuf_size));
 }
 
 
@@ -1912,16 +1942,10 @@ list_config(char *items)
 }
 
 
-/* List options and default values in the GPG Conf format.  This is a
-   new tool distributed with gnupg 1.9.x but we also want some limited
-   support in older gpg versions.  The output is the name of the
-   configuration file and a list of options available for editing by
-   gpgconf.  */
+/* List default values for use by gpgconf.  */
 static void
-gpgconf_list (const char *configfile)
+gpgconf_list (void)
 {
-  char *configfile_esc = percent_escape (configfile, NULL);
-
   es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
   es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
 
@@ -1931,11 +1955,12 @@ gpgconf_list (const char *configfile)
              get_default_pubkey_algo ());
   /* This info only mode tells whether the we are running in de-vs
    * compliance mode.  This does not test all parameters but the basic
-   * conditions like a proper RNG and Libgcrypt.  */
+   * conditions like a proper RNG and Libgcrypt.  AS of now we always
+   * return 0 because this version of gnupg has not yet received an
+   * appoval. */
   es_printf ("compliance_de_vs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
-             opt.compliance==CO_DE_VS && gnupg_rng_is_compliant (CO_DE_VS));
+             0 /*gnupg_rng_is_compliant (CO_DE_VS)*/);
 
-  xfree (configfile_esc);
 }
 
 
@@ -2035,6 +2060,8 @@ parse_list_options(char *str)
        NULL},
       {"show-only-fpr-mbox",LIST_SHOW_ONLY_FPR_MBOX, NULL,
        NULL},
+      {"sort-sigs", LIST_SORT_SIGS, NULL,
+       NULL},
       {NULL,0,NULL,NULL}
     };
 
@@ -2159,7 +2186,7 @@ static struct gnupg_compliance_option compliance_options[] =
     { "rfc4880bis", oRFC4880bis },
     { "rfc4880",    oRFC4880 },
     { "rfc2440",    oRFC2440 },
-    { "pgp6",       oPGP6 },
+    { "pgp6",       oPGP7 },
     { "pgp7",       oPGP7 },
     { "pgp8",       oPGP8 },
     { "de-vs",      oDE_VS }
@@ -2172,11 +2199,29 @@ static struct gnupg_compliance_option compliance_options[] =
 static void
 set_compliance_option (enum cmd_and_opt_values option)
 {
+  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
+
   switch (option)
     {
     case oRFC4880bis:
       opt.flags.rfc4880bis = 1;
-      /* fall through.  */
+      opt.compliance = CO_RFC4880;
+      opt.flags.dsa2 = 1;
+      opt.flags.require_cross_cert = 1;
+      opt.rfc2440_text = 0;
+      opt.allow_non_selfsigned_uid = 1;
+      opt.allow_freeform_uid = 1;
+      opt.escape_from = 1;
+      opt.not_dash_escaped = 0;
+      opt.def_cipher_algo = 0;
+      opt.def_aead_algo = 0;
+      opt.def_digest_algo = 0;
+      opt.cert_digest_algo = 0;
+      opt.compress_algo = -1;
+      opt.s2k_mode = 3; /* iterated+salted */
+      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+      break;
     case oOpenPGP:
     case oRFC4880:
       /* This is effectively the same as RFC2440, but with
@@ -2191,12 +2236,14 @@ set_compliance_option (enum cmd_and_opt_values option)
       opt.escape_from = 1;
       opt.not_dash_escaped = 0;
       opt.def_cipher_algo = 0;
+      opt.def_aead_algo = 0;
       opt.def_digest_algo = 0;
       opt.cert_digest_algo = 0;
       opt.compress_algo = -1;
       opt.s2k_mode = 3; /* iterated+salted */
       opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
       opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+      opt.flags.allow_old_cipher_algos = 1;
       break;
     case oRFC2440:
       opt.compliance = CO_RFC2440;
@@ -2207,21 +2254,26 @@ set_compliance_option (enum cmd_and_opt_values option)
       opt.escape_from = 0;
       opt.not_dash_escaped = 0;
       opt.def_cipher_algo = 0;
+      opt.def_aead_algo = 0;
       opt.def_digest_algo = 0;
       opt.cert_digest_algo = 0;
       opt.compress_algo = -1;
       opt.s2k_mode = 3; /* iterated+salted */
       opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
       opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+      opt.flags.allow_old_cipher_algos = 1;
       break;
-    case oPGP6:  opt.compliance = CO_PGP6;  break;
     case oPGP7:  opt.compliance = CO_PGP7;  break;
     case oPGP8:  opt.compliance = CO_PGP8;  break;
-    case oGnuPG: opt.compliance = CO_GNUPG; break;
+    case oGnuPG:
+      opt.compliance = CO_GNUPG;
+      opt.flags.rfc4880bis = 1;
+      break;
 
     case oDE_VS:
       set_compliance_option (oOpenPGP);
       opt.compliance = CO_DE_VS;
+      opt.def_aead_algo = 0;
       /* We divert here from the backward compatible rfc4880 algos.  */
       opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
       opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
@@ -2233,13 +2285,8 @@ set_compliance_option (enum cmd_and_opt_values option)
 }
 
 
-static void
-gen_key_forbidden (void)
-{
-  write_status_failure ("gen-key", gpg_error (GPG_ERR_NOT_ENABLED));
-  log_error (_("This command is not allowed while in %s mode.\n"),
-             "forbid-gen-key");
-}
+
+
 
 
 /* This function called to initialized a new control object.  It is
@@ -2263,13 +2310,14 @@ gpg_deinit_default_ctrl (ctrl_t ctrl)
   gpg_dirmngr_deinit_session_data (ctrl);
 
   keydb_release (ctrl->cached_getkey_kdb);
+  gpg_keyboxd_deinit_session_data (ctrl);
 }
 
 
 int
 main (int argc, char **argv)
 {
-    ARGPARSE_ARGS pargs;
+    gpgrt_argparse_t pargs;
     IOBUF a;
     int rc=0;
     int orig_argc;
@@ -2299,12 +2347,14 @@ main (int argc, char **argv)
     const char *trustdb_name = NULL;
 #endif /*!NO_TRUST_MODELS*/
     char *def_cipher_string = NULL;
+    char *def_aead_string = NULL;
     char *def_digest_string = NULL;
     char *compress_algo_string = NULL;
     char *cert_digest_string = NULL;
     char *s2k_cipher_string = NULL;
     char *s2k_digest_string = NULL;
     char *pers_cipher_list = NULL;
+    char *pers_aead_list = NULL;
     char *pers_digest_list = NULL;
     char *pers_compress_list = NULL;
     int eyes_only=0;
@@ -2320,7 +2370,9 @@ main (int argc, char **argv)
     ctrl_t ctrl;
 
     static int print_dane_records;
-    static int print_pka_records;
+    static int allow_large_chunks;
+    static const char *homedirvalue;
+    static const char *changeuser;
 
 
 #ifdef __riscos__
@@ -2334,9 +2386,9 @@ main (int argc, char **argv)
     gnupg_reopen_std (GPG_NAME);
     trap_unaligned ();
     gnupg_rl_initialize ();
-    set_strusage (my_strusage);
+    gpgrt_set_strusage (my_strusage);
     gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
-    log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_NO_REGISTRY);
+    log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
 
     /* Make sure that our subsystems are ready.  */
     i18n_init();
@@ -2368,6 +2420,7 @@ main (int argc, char **argv)
     opt.bz2_compress_level = -1; /* defaults to standard compress level */
     /* note: if you change these lines, look at oOpenPGP */
     opt.def_cipher_algo = 0;
+    opt.def_aead_algo = 0;
     opt.def_digest_algo = 0;
     opt.cert_digest_algo = 0;
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
@@ -2379,19 +2432,24 @@ main (int argc, char **argv)
     opt.max_cert_depth = 5;
     opt.escape_from = 1;
     opt.flags.require_cross_cert = 1;
-    opt.import_options = IMPORT_REPAIR_KEYS;
+    opt.import_options = (IMPORT_REPAIR_KEYS
+                          | IMPORT_COLLAPSE_UIDS
+                          | IMPORT_COLLAPSE_SUBKEYS);
     opt.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
                                             | IMPORT_SELF_SIGS_ONLY
+                                            | IMPORT_COLLAPSE_UIDS
+                                            | IMPORT_COLLAPSE_SUBKEYS
                                             | IMPORT_CLEAN);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
-    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+    opt.keyserver_options.options = 0;
     opt.verify_options = (LIST_SHOW_UID_VALIDITY
                           | VERIFY_SHOW_POLICY_URLS
                           | VERIFY_SHOW_STD_NOTATIONS
                           | VERIFY_SHOW_KEYSERVER_URLS);
     opt.list_options   = (LIST_SHOW_UID_VALIDITY
+                          | LIST_SORT_SIGS
                           | LIST_SHOW_USAGE);
 #ifdef NO_TRUST_MODELS
     opt.trust_model = TM_ALWAYS;
@@ -2405,10 +2463,11 @@ main (int argc, char **argv)
     opt.keyid_format = KF_NONE;
     opt.def_sig_expire = "0";
     opt.def_cert_expire = "0";
-    gnupg_set_homedir (NULL);
     opt.passphrase_repeat = 1;
     opt.emit_version = 0;
     opt.weak_digests = NULL;
+    opt.compliance = CO_GNUPG;
+    opt.flags.rfc4880bis = 1;
 
     /* Check special options given on the command line.  */
     orig_argc = argc;
@@ -2416,7 +2475,7 @@ main (int argc, char **argv)
     pargs.argc = &argc;
     pargs.argv = &argv;
     pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-    while (gnupg_argparse (NULL, &pargs, opts))
+    while (gpgrt_argparse (NULL, &pargs, opts))
       {
 	switch (pargs.r_opt)
           {
@@ -2436,7 +2495,11 @@ main (int argc, char **argv)
             break;
 
           case oHomedir:
-            gnupg_set_homedir (pargs.r.ret_str);
+            homedirvalue = pargs.r.ret_str;
+            break;
+
+          case oChUid:
+            changeuser = pargs.r.ret_str;
             break;
 
           case oNoPermissionWarn:
@@ -2448,6 +2511,9 @@ main (int argc, char **argv)
     pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
 
 #ifdef HAVE_DOSISH_SYSTEM
+    /* FIXME: Do we still need this?  No: gnupg_homedir calls
+     * make_filename which changes the slashed anyway.  IsDBCSLeadByte still
+     * needed?  See bug #561.  */
     if ( strchr (gnupg_homedir (), '\\') ) {
       char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
       const char *s;
@@ -2485,6 +2551,11 @@ main (int argc, char **argv)
     assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
     setup_libassuan_logging (&opt.debug, NULL);
 
+    /* Change UID and then set the homedir.  */
+    if (changeuser && gnupg_chuid (changeuser, 0))
+      log_inc_errorcount (); /* Force later termination.  */
+    gnupg_set_homedir (homedirvalue);
+
     /* Set default options which require that malloc stuff is ready.  */
     additional_weak_digest ("MD5");
     parse_auto_key_locate (DEFAULT_AKL_LIST);
@@ -2505,10 +2576,10 @@ main (int argc, char **argv)
     check_permissions (gnupg_homedir (), 0);
 
     /* The configuraton directories for use by gpgrt_argparser.  */
-    gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-    gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+    gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+    gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
-    while (gnupg_argparser (&pargs, opts, GPG_NAME EXTSEP_S "conf"))
+    while (gpgrt_argparser (&pargs, opts, GPG_NAME EXTSEP_S "conf" ))
       {
 	switch (pargs.r_opt)
 	  {
@@ -2544,11 +2615,11 @@ main (int argc, char **argv)
               configname = NULL;
             break;
 
-            /* case oOptions:
-             * case oNoOptions:
-             * We will never see these options here because
-             * gpgrt_argparse handles them for us.
-             */
+            /* case oOptions: */
+            /* case oNoOptions: */
+            /* We will never see these options here because
+             * gpgrt_argparse handles them for us.  */
+            /* break */
 
 	  case aListConfig:
 	  case aListGcryptConfig:
@@ -2666,6 +2737,10 @@ main (int argc, char **argv)
             opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
             break;
 
+          case oChunkSize:
+            opt.chunk_size = pargs.r.ret_int;
+            break;
+
 	  case oQuiet: opt.quiet = 1; break;
 	  case oNoTTY: tty_no_terminal(1); break;
 	  case oDryRun: opt.dry_run = 1; break;
@@ -2691,6 +2766,11 @@ main (int argc, char **argv)
 	  case oGpgAgentInfo:
 	    obsolete_option (configname, pargs.lineno, "gpg-agent-info");
             break;
+
+          case oUseKeyboxd:
+            opt.use_keyboxd = 1;
+            break;
+
           case oReaderPort:
 	    obsolete_scdaemon_option (configname, pargs.lineno, "reader-port");
             break;
@@ -2736,6 +2816,15 @@ main (int argc, char **argv)
 
           case oDebugIOLBF: break; /* Already set in pre-parse step.  */
 
+          case oDebugSetIobufSize:
+            opt_set_iobuf_size = pargs.r.ret_ulong;
+            opt_set_iobuf_size_used = 1;
+            break;
+
+          case oDebugAllowLargeChunks:
+            allow_large_chunks = 1;
+            break;
+
 	  case oStatusFD:
             set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
             break;
@@ -2774,6 +2863,10 @@ main (int argc, char **argv)
             opt.with_keygrip = 1;
             break;
 
+	  case oWithKeyScreening:
+            opt.with_key_screening = 1;
+            break;
+
 	  case oWithSecret:
             opt.with_secret = 1;
             break;
@@ -2787,7 +2880,7 @@ main (int argc, char **argv)
             break;
 
 	  case oSecretKeyring:
-	    obsolete_option (configname, pargs.lineno, "secret-keyring");
+            /* Ignore this old option.  */
             break;
 
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
@@ -2841,6 +2934,7 @@ main (int argc, char **argv)
             opt.def_recipient_self = 0;
             break;
 	  case oHomedir: break;
+          case oChUid: break;  /* Command line only (see above).  */
 	  case oNoBatch: opt.batch = 0; break;
 
           case oWithTofuInfo: opt.with_tofu_info = 1; break;
@@ -2885,6 +2979,8 @@ main (int argc, char **argv)
 	      }
 	    break;
 
+          case oNoAutoTrustNewKey: opt.flags.no_auto_trust_new_key = 1; break;
+
           case oCompliance:
 	    {
 	      int compliance = gnupg_parse_compliance_option
@@ -2900,15 +2996,12 @@ main (int argc, char **argv)
           case oRFC2440:
           case oRFC4880:
           case oRFC4880bis:
-          case oPGP6:
           case oPGP7:
           case oPGP8:
           case oGnuPG:
             set_compliance_option (pargs.r_opt);
             break;
 
-	  case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;
-
           case oRFC2440Text: opt.rfc2440_text=1; break;
           case oNoRFC2440Text: opt.rfc2440_text=0; break;
 
@@ -2981,6 +3074,8 @@ main (int argc, char **argv)
 	    break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
 
+	  case oForceAEAD: opt.force_aead = 1; break;
+
           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
           case oIncludeKeyBlock:  opt.flags.include_key_block = 1; break;
           case oNoIncludeKeyBlock: opt.flags.include_key_block = 0; break;
@@ -3082,7 +3177,7 @@ main (int argc, char **argv)
 	    break;
 	  case oSender:
             {
-              char *mbox = mailbox_from_userid (pargs.r.ret_str);
+              char *mbox = mailbox_from_userid (pargs.r.ret_str, 0);
               if (!mbox)
                 log_error (_("\"%s\" is not a proper mail address\n"),
                            pargs.r.ret_str);
@@ -3136,6 +3231,9 @@ main (int argc, char **argv)
 	  case oCipherAlgo:
             def_cipher_string = xstrdup(pargs.r.ret_str);
             break;
+	  case oAEADAlgo:
+            def_aead_string = xstrdup (pargs.r.ret_str);
+            break;
 	  case oDigestAlgo:
             def_digest_string = xstrdup(pargs.r.ret_str);
             break;
@@ -3286,10 +3384,6 @@ main (int argc, char **argv)
 		   N_("show revoked and expired user IDs in signature verification")},
 		  {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
 		   N_("show only the primary user ID in signature verification")},
-		  {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
-		   N_("validate signatures with PKA data")},
-		  {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
-		   N_("elevate the trust of signatures with valid PKA data")},
 		  {NULL,0,NULL,NULL}
 		};
 
@@ -3361,7 +3455,6 @@ main (int argc, char **argv)
 	  case oFastListMode: opt.fast_list_mode = 1; break;
 	  case oFixedListMode: /* Dummy */ break;
           case oLegacyListMode: opt.legacy_list_mode = 1; break;
-	  case oPrintPKARecords: print_pka_records = 1; break;
 	  case oPrintDANERecords: print_dane_records = 1; break;
 	  case oListOnly: opt.list_only=1; break;
 	  case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
@@ -3422,6 +3515,9 @@ main (int argc, char **argv)
           case oPersonalCipherPreferences:
 	    pers_cipher_list=pargs.r.ret_str;
 	    break;
+          case oPersonalAEADPreferences:
+	    pers_aead_list = pargs.r.ret_str;
+	    break;
           case oPersonalDigestPreferences:
 	    pers_digest_list=pargs.r.ret_str;
 	    break;
@@ -3429,6 +3525,7 @@ main (int argc, char **argv)
 	    pers_compress_list=pargs.r.ret_str;
 	    break;
           case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
+          case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str;  break;
           case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
 	  case oDisableDirmngr: opt.disable_dirmngr = 1;  break;
           case oWeakDigest:
@@ -3545,15 +3642,6 @@ main (int argc, char **argv)
 	  case oEnableDSA2: opt.flags.dsa2=1; break;
 	  case oDisableDSA2: opt.flags.dsa2=0; break;
 
-          case oAllowMultisigVerification:
-	  case oAllowMultipleMessages:
-	    opt.flags.allow_multiple_messages=1;
-	    break;
-
-	  case oNoAllowMultipleMessages:
-	    opt.flags.allow_multiple_messages=0;
-	    break;
-
           case oAllowWeakDigestAlgos:
             opt.flags.allow_weak_digest_algos = 1;
             break;
@@ -3562,8 +3650,8 @@ main (int argc, char **argv)
             opt.flags.allow_weak_key_signatures = 1;
             break;
 
-          case oOverrideComplianceCheck:
-            opt.flags.override_compliance_check = 1;
+          case oAllowOldCipherAlgos:
+            opt.flags.allow_old_cipher_algos = 1;
             break;
 
           case oFakedSystemTime:
@@ -3596,12 +3684,8 @@ main (int argc, char **argv)
             opt.flags.use_only_openpgp_card = 1;
             break;
 
-          case oForbidGenKey:
-            mopt.forbid_gen_key = 1;
-            break;
-
-          case oRequireCompliance:
-            opt.flags.require_compliance = 1;
+          case oFullTimestrings:
+            opt.flags.full_timestrings = 1;
             break;
 
 	  case oNoop: break;
@@ -3612,7 +3696,7 @@ main (int argc, char **argv)
             else
               {
                 pargs.err = ARGPARSE_PRINT_ERROR;
-                /* The argparse fucntion calls a plain exit and thus
+                /* The argparse function calls a plain exit and thus
                  * we need to print a status here.  */
                 write_status_failure ("option-parser",
                                       gpg_error(GPG_ERR_GENERAL));
@@ -3621,7 +3705,7 @@ main (int argc, char **argv)
 	  }
       }
 
-    gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+    gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
     if (log_get_errorcount (0))
       {
@@ -3633,26 +3717,15 @@ main (int argc, char **argv)
        directly after the option parsing. */
     if (cmd == aGPGConfList)
       {
-        /* Note: Here in gpg 2.2 we need to provide a proper config
-         * file even if that file does not exist.  This is because
-         * gpgconf checks that an absolute filename is provided.  */
-        if (!last_configname)
-          last_configname= make_filename (gnupg_homedir (),
-                                          GPG_NAME EXTSEP_S "conf", NULL);
-        gpgconf_list (last_configname);
+        gpgconf_list ();
         g10_exit (0);
       }
     xfree (last_configname);
-    last_configname = NULL;
 
     if (print_dane_records)
       log_error ("invalid option \"%s\"; use \"%s\" instead\n",
                  "--print-dane-records",
                  "--export-options export-dane");
-    if (print_pka_records)
-      log_error ("invalid option \"%s\"; use \"%s\" instead\n",
-                 "--print-pks-records",
-                 "--export-options export-pka");
     if (log_get_errorcount (0))
       {
         write_status_failure ("option-checking", gpg_error(GPG_ERR_GENERAL));
@@ -3666,31 +3739,34 @@ main (int argc, char **argv)
     if( greeting )
       {
 	es_fprintf (es_stderr, "%s %s; %s\n",
-                    strusage(11), strusage(13), strusage(14) );
-	es_fprintf (es_stderr, "%s\n", strusage(15) );
+                    gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14));
+	es_fprintf (es_stderr, "%s\n", gpgrt_strusage(15) );
       }
 #ifdef IS_DEVELOPMENT_VERSION
     if (!opt.batch)
       {
 	const char *s;
 
-	if((s=strusage(25)))
+	if((s=gpgrt_strusage(25)))
 	  log_info("%s\n",s);
-	if((s=strusage(26)))
+	if((s=gpgrt_strusage(26)))
 	  log_info("%s\n",s);
-	if((s=strusage(27)))
+	if((s=gpgrt_strusage(27)))
 	  log_info("%s\n",s);
       }
 #endif
 
-    /* FIXME: We should use logging to a file only in server mode;
-       however we have not yet implemetyed that.  Thus we try to get
-       away with --batch as indication for logging to file
-       required. */
-    if (logfile && opt.batch)
+    /* Init threading which is used by some helper functions.  */
+    npth_init ();
+    assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
+    gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
+
+    if (logfile)
       {
         log_set_file (logfile);
-        log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
+        log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+                               | GPGRT_LOG_WITH_TIME
+                               | GPGRT_LOG_WITH_PID ));
       }
 
     if (opt.verbose > 2)
@@ -3700,7 +3776,10 @@ main (int argc, char **argv)
 	log_info(_("WARNING: program may create a core file!\n"));
 
     if (opt.flags.rfc4880bis)
-	log_info ("WARNING: using experimental features from RFC4880bis!\n");
+      {
+        if (opt.verbose)
+          log_info ("Note: RFC4880bis features are enabled.\n");
+      }
     else
       {
         opt.mimemode = 0; /* This will use text mode instead.  */
@@ -3762,29 +3841,12 @@ main (int argc, char **argv)
 	g10_exit(2);
       }
 
-    /* We allow overriding the compliance check only in non-batch mode
-     * so that the user has a chance to see the message.  */
-    if (opt.flags.override_compliance_check && opt.batch)
-      {
-        opt.flags.override_compliance_check = 0;
-        log_info ("Note: '%s' ignored due to batch mode\n",
-                  "--override-compliance-check");
-      }
-
     set_debug (debug_level);
-    gnupg_set_compliance_extra_info (opt.min_rsa_length);
     if (DBG_CLOCK)
       log_clock ("start");
 
     /* Do these after the switch(), so they can override settings. */
-    if(PGP6)
-      {
-        /* That does not anymore work because we have no more support
-           for v3 signatures.  */
-	opt.escape_from=1;
-	opt.ask_sig_expire=0;
-      }
-    else if(PGP7)
+    if (PGP7)
       {
         /* That does not anymore work because we have no more support
            for v3 signatures.  */
@@ -3803,6 +3865,13 @@ main (int argc, char **argv)
 	if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
 	    log_error(_("selected cipher algorithm is invalid\n"));
     }
+    if (def_aead_string)
+      {
+	opt.def_aead_algo = string_to_aead_algo (def_aead_string);
+	xfree (def_aead_string); def_aead_string = NULL;
+	if (openpgp_aead_test_algo (opt.def_aead_algo))
+          log_error(_("selected AEAD algorithm is invalid\n"));
+      }
     if( def_digest_string ) {
 	opt.def_digest_algo = string_to_digest_algo (def_digest_string);
 	xfree(def_digest_string); def_digest_string = NULL;
@@ -3863,6 +3932,9 @@ main (int argc, char **argv)
        keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
       log_error(_("invalid personal cipher preferences\n"));
 
+    if (pers_aead_list && keygen_set_std_prefs (pers_aead_list, PREFTYPE_AEAD))
+      log_error(_("invalid personal AEAD preferences\n"));
+
     if(pers_digest_list &&
        keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
       log_error(_("invalid personal digest preferences\n"));
@@ -3871,6 +3943,21 @@ main (int argc, char **argv)
        keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
       log_error(_("invalid personal compress preferences\n"));
 
+    /* Check chunk size.  Please fix also the man page if you change
+     * the default.  The limits are given by the specs.  */
+    if (!opt.chunk_size)
+      opt.chunk_size = 27; /* Default to the suggested max of 128 MiB.  */
+    else if (opt.chunk_size < 6)
+      {
+        opt.chunk_size = 6;
+        log_info (_("chunk size invalid - using %d\n"), opt.chunk_size);
+      }
+    else if (opt.chunk_size > (allow_large_chunks? 62 : 27))
+      {
+        opt.chunk_size = (allow_large_chunks? 62 : 27);
+        log_info (_("chunk size invalid - using %d\n"), opt.chunk_size);
+      }
+
     /* We don't support all possible commands with multifile yet */
     if(multifile)
       {
@@ -3921,7 +4008,7 @@ main (int argc, char **argv)
     /* Check our chosen algorithms against the list of legal
        algorithms. */
 
-    if(!GNUPG)
+    if(!GNUPG && !opt.flags.rfc4880bis)
       {
 	const char *badalg=NULL;
 	preftype_t badtype=PREFTYPE_NONE;
@@ -3932,6 +4019,12 @@ main (int argc, char **argv)
 	    badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
 	    badtype = PREFTYPE_SYM;
 	  }
+	else if(opt.def_aead_algo
+	   && !algo_available(PREFTYPE_AEAD, opt.def_aead_algo, NULL))
+	  {
+	    badalg = openpgp_aead_algo_name (opt.def_aead_algo);
+	    badtype = PREFTYPE_AEAD;
+	  }
 	else if(opt.def_digest_algo
 		&& !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
 	  {
@@ -3961,6 +4054,12 @@ main (int argc, char **argv)
 			 badalg,
                           gnupg_compliance_option_string (opt.compliance));
 		break;
+	      case PREFTYPE_AEAD:
+		log_info (_("AEAD algorithm '%s'"
+                            " may not be used in %s mode\n"),
+                          badalg,
+                          gnupg_compliance_option_string (opt.compliance));
+		break;
 	      case PREFTYPE_HASH:
 		log_info (_("digest algorithm '%s'"
                             " may not be used in %s mode\n"),
@@ -3986,6 +4085,7 @@ main (int argc, char **argv)
      * is not.  This is us being nice to the user informing her early
      * that the chosen algorithms are not available.  We also check
      * and enforce this right before the actual operation.  */
+    /* FIXME: We also need to check the AEAD algo. */
     if (opt.def_cipher_algo
 	&& ! gnupg_cipher_is_allowed (opt.compliance,
 				      cmd == aEncr
@@ -4043,8 +4143,10 @@ main (int argc, char **argv)
     /* Add the keyrings, but not for some special commands.  We always
      * need to add the keyrings if we are running under SELinux, this
      * is so that the rings are added to the list of secured files.
-     * We do not add any keyring if --no-keyring has been used.  */
-    if (default_keyring >= 0
+     * We do not add any keyring if --no-keyring or --use-keyboxd has
+     * been used.  */
+    if (!opt.use_keyboxd
+        && default_keyring >= 0
         && (ALWAYS_ADD_KEYRINGS
             || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
       {
@@ -4056,13 +4158,21 @@ main (int argc, char **argv)
       }
     FREE_STRLIST(nrings);
 
+    /* In loopback mode, never ask for the password multiple times.  */
     if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
-      /* In loopback mode, never ask for the password multiple
-	 times.  */
       {
 	opt.passphrase_repeat = 0;
       }
 
+    /* If no pinentry is expected shunt
+     * gnupg_allow_set_foregound_window to avoid useless error
+     * messages on Windows.  */
+    if (opt.pinentry_mode != PINENTRY_MODE_ASK)
+      {
+        gnupg_inhibit_set_foregound_window (1);
+      }
+
+
     if (cmd == aGPGConfTest)
       g10_exit(0);
 
@@ -4227,7 +4337,7 @@ main (int argc, char **argv)
 	else if(opt.s2k_mode==0)
 	  log_error(_("you cannot use --symmetric --encrypt"
 		      " with --s2k-mode 0\n"));
-	else if(PGP6 || PGP7)
+	else if (PGP7)
 	  log_error(_("you cannot use --symmetric --encrypt"
 		      " in %s mode\n"),
 		    gnupg_compliance_option_string (opt.compliance));
@@ -4288,7 +4398,7 @@ main (int argc, char **argv)
 	else if(opt.s2k_mode==0)
 	  log_error(_("you cannot use --symmetric --sign --encrypt"
 		      " with --s2k-mode 0\n"));
-	else if(PGP6 || PGP7)
+	else if (PGP7)
 	  log_error(_("you cannot use --symmetric --sign --encrypt"
 		      " in %s mode\n"),
 		    gnupg_compliance_option_string (opt.compliance));
@@ -4526,25 +4636,18 @@ main (int argc, char **argv)
                     }
                 }
             }
-          if (mopt.forbid_gen_key)
-            gen_key_forbidden ();
-          else
-            quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
+          quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
           xfree (username);
         }
         break;
 
       case aKeygen: /* generate a key */
-        if (mopt.forbid_gen_key)
-          gen_key_forbidden ();
-	else if( opt.batch )
-          {
+	if( opt.batch ) {
 	    if( argc > 1 )
 		wrong_args("--generate-key [parameterfile]");
 	    generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
-          }
-	else
-          {
+	}
+	else {
             if (opt.command_fd != -1 && argc)
               {
                 if( argc > 1 )
@@ -4557,13 +4660,11 @@ main (int argc, char **argv)
               wrong_args ("--generate-key");
             else
               generate_keypair (ctrl, 0, NULL, NULL, 0);
-          }
+	}
 	break;
 
       case aFullKeygen: /* Generate a key with all options. */
-        if (mopt.forbid_gen_key)
-          gen_key_forbidden ();
-	else if (opt.batch)
+	if (opt.batch)
           {
 	    if (argc > 1)
               wrong_args ("--full-generate-key [parameterfile]");
@@ -4611,10 +4712,7 @@ main (int argc, char **argv)
                    }
                 }
             }
-          if (mopt.forbid_gen_key)
-            gen_key_forbidden ();
-          else
-            keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
+          keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
         }
 	break;
 
@@ -4748,14 +4846,12 @@ main (int argc, char **argv)
 	for( ; argc; argc--, argv++ )
 	    append_to_strlist2( &sl, *argv, utf8_strings );
 	rc = keyserver_fetch (ctrl, sl, opt.key_origin);
-	free_strlist (sl);
 	if(rc)
           {
             write_status_failure ("fetch-keys", rc);
             log_error ("key fetch failed: %s\n",gpg_strerror (rc));
-            if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
-              g10_exit (1); /* In this case return 1 and not 2.  */
           }
+	free_strlist(sl);
 	break;
 
       case aExportSecret:
@@ -4863,42 +4959,55 @@ main (int argc, char **argv)
 
       case aGenRandom:
 	{
-	    int level = argc ? atoi(*argv):0;
-	    int count = argc > 1 ? atoi(argv[1]): 0;
-	    int endless = !count;
-
-	    if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
-		wrong_args("--gen-random 0|1|2 [count]");
-
-	    while( endless || count ) {
-		byte *p;
-                /* Wee need a multiple of 3, so that in case of
-                   armored output we get a correct string.  No
-                   linefolding is done, as it is best to levae this to
-                   other tools */
-		size_t n = !endless && count < 99? count : 99;
-
-		p = gcry_random_bytes (n, level);
+          int level = argc ? atoi(*argv):0;
+          int count = argc > 1 ? atoi(argv[1]): 0;
+          int endless = !count;
+          int hexhack = (level == 16);
+
+          if (hexhack)
+            level = 1;
+
+          if (argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0)
+            wrong_args ("--gen-random 0|1|2 [count]");
+
+          while (endless || count)
+            {
+              byte *p;
+              /* We need a multiple of 3, so that in case of armored
+               * output we get a correct string.  No linefolding is
+               * done, as it is best to leave this to other tools */
+              size_t n = !endless && count < 99? count : 99;
+              size_t nn;
+
+              p = gcry_random_bytes (n, level);
 #ifdef HAVE_DOSISH_SYSTEM
-		setmode ( fileno(stdout), O_BINARY );
+              setmode ( fileno(stdout), O_BINARY );
 #endif
-                if (opt.armor) {
-                    char *tmp = make_radix64_string (p, n);
-                    es_fputs (tmp, es_stdout);
-                    xfree (tmp);
-                    if (n%3 == 1)
-                      es_putc ('=', es_stdout);
-                    if (n%3)
-                      es_putc ('=', es_stdout);
-                } else {
-                    es_fwrite( p, n, 1, es_stdout );
+              if (hexhack)
+                {
+                  for (nn = 0; nn < n; nn++)
+                    es_fprintf (es_stdout, "%02x", p[nn]);
+                }
+              else if (opt.armor)
+                {
+                  char *tmp = make_radix64_string (p, n);
+                  es_fputs (tmp, es_stdout);
+                  xfree (tmp);
+                  if (n%3 == 1)
+                    es_putc ('=', es_stdout);
+                  if (n%3)
+                    es_putc ('=', es_stdout);
+                }
+              else
+                {
+                  es_fwrite( p, n, 1, es_stdout );
                 }
-		xfree(p);
-		if( !endless )
-		    count -= n;
+              xfree(p);
+              if (!endless)
+                count -= n;
 	    }
-            if (opt.armor)
-              es_putc ('\n', es_stdout);
+          if (opt.armor || hexhack)
+            es_putc ('\n', es_stdout);
 	}
 	break;
 
@@ -5045,7 +5154,7 @@ main (int argc, char **argv)
 
 	  policy = parse_tofu_policy (argv[0]);
 
-	  hd = keydb_new ();
+	  hd = keydb_new (ctrl);
 	  if (! hd)
             {
               write_status_failure ("tofu-driver", gpg_error(GPG_ERR_GENERAL));
@@ -5070,8 +5179,6 @@ main (int argc, char **argv)
 
 	      if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
 		     || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
-		     || desc.mode == KEYDB_SEARCH_MODE_FPR16
-		     || desc.mode == KEYDB_SEARCH_MODE_FPR20
 		     || desc.mode == KEYDB_SEARCH_MODE_FPR
 		     || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
 		{
@@ -5213,12 +5320,14 @@ g10_exit( int rc )
     {
       keydb_dump_stats ();
       sig_check_dump_stats ();
+      objcache_dump_stats ();
       gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
       gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
     }
   if (opt.debug)
     gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
 
+  gnupg_block_all_signals ();
   emergency_cleanup ();
 
   rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
diff --git a/g10/gpg.h b/g10/gpg.h
index 1bad551..d4e66e7 100644
--- a/g10/gpg.h
+++ b/g10/gpg.h
@@ -42,14 +42,15 @@
 #define MAX_EXTERN_MPI_BITS 16384
 
 /* The maximum length of a binary fingerprints.  This is used to
-   provide a static buffer and will be increased if we need to support
-   longer fingerprints.
-   Warning: At some places we still use 20 instead of this macro. */
-#define MAX_FINGERPRINT_LEN 20
+ * provide a static buffer and will be increased if we need to support
+ * longer fingerprints.  Warning: At some places we have some
+ * assumption on a 20 byte fingerprint.
+ * Watch out for FIXME(fingerprint) */
+#define MAX_FINGERPRINT_LEN 32
 
 /* The maximum length of a formatted fingerprint as returned by
-   format_hexfingerprint().  */
-#define MAX_FORMATTED_FINGERPRINT_LEN 50
+ * format_hexfingerprint().  */
+#define MAX_FORMATTED_FINGERPRINT_LEN 60
 
 
 /*
@@ -59,16 +60,19 @@
 /* Object used to keep state locally to server.c . */
 struct server_local_s;
 
+/* Object used to keep state locally to call-keyboxd.c .  */
+struct keyboxd_local_s;
+typedef struct keyboxd_local_s *keyboxd_local_t;
+
 /* Object used to keep state locally to call-dirmngr.c .  */
 struct dirmngr_local_s;
 typedef struct dirmngr_local_s *dirmngr_local_t;
 
 /* Object used to describe a keyblock node.  */
-typedef struct kbnode_struct *KBNODE;   /* Deprecated use kbnode_t. */
-typedef struct kbnode_struct *kbnode_t;
+typedef struct kbnode_struct *KBNODE;   /* Deprecated use kbnode_t. */typedef struct kbnode_struct *kbnode_t;
 
 /* The handle for keydb operations.  */
-typedef struct keydb_handle *KEYDB_HANDLE;
+typedef struct keydb_handle_s *KEYDB_HANDLE;
 
 /* TOFU database meta object.  */
 struct tofu_dbs_s;
@@ -95,6 +99,9 @@ struct server_control_s
   /* Local data for call-dirmngr.c  */
   dirmngr_local_t dirmngr_local;
 
+  /* Local data for call-keyboxd.c  */
+  keyboxd_local_t keyboxd_local;
+
   /* Local data for tofu.c  */
   struct {
     tofu_dbs_t dbs;
diff --git a/g10/gpg.w32-manifest.in b/g10/gpg.w32-manifest.in
index 24484db..8c98dc5 100644
--- a/g10/gpg.w32-manifest.in
+++ b/g10/gpg.w32-manifest.in
@@ -8,11 +8,10 @@
     />
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
   <application>
-    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><!-- 10 -->
-    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
-    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
-    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
     <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><!-- Vista -->
+    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
+    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
+    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
   </application>
 </compatibility>
 </assembly>
diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
deleted file mode 100644
index d82995d..0000000
--- a/g10/gpgcompose.c
+++ /dev/null
@@ -1,3089 +0,0 @@
-/* gpgcompose.c - Maintainer tool to create OpenPGP messages by hand.
- * Copyright (C) 2016 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <errno.h>
-
-#define INCLUDED_BY_MAIN_MODULE 1
-#include "gpg.h"
-#include "packet.h"
-#include "keydb.h"
-#include "main.h"
-#include "options.h"
-
-static int do_debug;
-#define debug(fmt, ...) \
-  do { if (do_debug) log_debug (fmt, ##__VA_ARGS__); } while (0)
-
-/* --encryption, for instance, adds a filter in front of out.  There
-   is an operator (--encryption-pop) to end this.  We use the
-   following infrastructure to make it easy to pop the state.  */
-struct filter
-{
-  void *func;
-  void *context;
-  int pkttype;
-  int partial_block_mode;
-  struct filter *next;
-};
-
-
-/* Hack to ass CTRL to some functions.  */
-static ctrl_t global_ctrl;
-
-
-static struct filter *filters;
-
-static void
-filter_push (iobuf_t out, void *func, void *context,
-             int type, int partial_block_mode)
-{
-  gpg_error_t err;
-  struct filter *f = xmalloc_clear (sizeof (*f));
-  f->next = filters;
-  f->func = func;
-  f->context = context;
-  f->pkttype = type;
-  f->partial_block_mode = partial_block_mode;
-
-  filters = f;
-
-  err = iobuf_push_filter (out, func, context);
-  if (err)
-    log_fatal ("Adding filter: %s\n", gpg_strerror (err));
-}
-
-static void
-filter_pop (iobuf_t out, int expected_type)
-{
-  gpg_error_t err;
-  struct filter *f = filters;
-
-  log_assert (f);
-
-  if (f->pkttype != expected_type)
-    log_fatal ("Attempted to pop a %s container, "
-               "but current container is a %s container.\n",
-               pkttype_str (f->pkttype), pkttype_str (expected_type));
-
-  if (f->pkttype == PKT_ENCRYPTED)
-    {
-      err = iobuf_pop_filter (out, f->func, f->context);
-      if (err)
-        log_fatal ("Popping encryption filter: %s\n", gpg_strerror (err));
-    }
-  else
-    log_fatal ("FILTERS appears to be corrupted.\n");
-
-  if (f->partial_block_mode)
-    iobuf_set_partial_body_length_mode (out, 0);
-
-  filters = f->next;
-  xfree (f);
-}
-
-/* Return if CIPHER_ID is a valid cipher.  */
-static int
-valid_cipher (int cipher_id)
-{
-  return (cipher_id == CIPHER_ALGO_IDEA
-          || cipher_id == CIPHER_ALGO_3DES
-          || cipher_id == CIPHER_ALGO_CAST5
-          || cipher_id == CIPHER_ALGO_BLOWFISH
-          || cipher_id == CIPHER_ALGO_AES
-          || cipher_id == CIPHER_ALGO_AES192
-          || cipher_id == CIPHER_ALGO_AES256
-          || cipher_id == CIPHER_ALGO_TWOFISH
-          || cipher_id == CIPHER_ALGO_CAMELLIA128
-          || cipher_id == CIPHER_ALGO_CAMELLIA192
-          || cipher_id == CIPHER_ALGO_CAMELLIA256);
-}
-
-/* Parse a session key encoded as a string of the form x:HEXDIGITS
-   where x is the algorithm id.  (This is the format emitted by gpg
-   --show-session-key.)  */
-struct session_key
-{
-  int algo;
-  int keylen;
-  char *key;
-};
-
-static struct session_key
-parse_session_key (const char *option, char *p, int require_algo)
-{
-  char *tail;
-  struct session_key sk;
-
-  memset (&sk, 0, sizeof (sk));
-
-  /* Check for the optional "cipher-id:" at the start of the
-     string.  */
-  errno = 0;
-  sk.algo = strtol (p, &tail, 10);
-  if (! errno && tail && *tail == ':')
-    {
-      if (! valid_cipher (sk.algo))
-        log_info ("%s: %d is not a known cipher (but using anyways)\n",
-                  option, sk.algo);
-      p = tail + 1;
-    }
-  else if (require_algo)
-    log_fatal ("%s: Session key must have the form algo:HEXCHARACTERS.\n",
-               option);
-  else
-    sk.algo = 0;
-
-  /* Ignore a leading 0x.  */
-  if (p[0] == '0' && p[1] == 'x')
-    p += 2;
-
-  if (strlen (p) % 2 != 0)
-    log_fatal ("%s: session key must consist of an even number of hexadecimal characters.\n",
-               option);
-
-  sk.keylen = strlen (p) / 2;
-  sk.key = xmalloc (sk.keylen);
-
-  if (hex2bin (p, sk.key, sk.keylen) == -1)
-    log_fatal ("%s: Session key must only contain hexadecimal characters\n",
-               option);
-
-  return sk;
-}
-
-/* A callback.
-
-   OPTION_STR is the option that was matched.  ARGC is the number of
-   arguments following the option and ARGV are those arguments.
-   (Thus, argv[0] is the first string following the option and
-   argv[-1] is the option.)
-
-   COOKIE is the opaque value passed to process_options.  */
-typedef int (*option_prcessor_t) (const char *option_str,
-                                  int argc, char *argv[],
-                                  void *cookie);
-
-struct option
-{
-  /* The option that this matches.  This must start with "--" or be
-     the empty string.  The empty string matches bare arguments.  */
-  const char *option;
-  /* The function to call to process this option.  */
-  option_prcessor_t func;
-  /* Documentation.  */
-  const char *help;
-};
-
-/* Merge two lists of options.  Note: this makes a shallow copy!  The
-   caller must xfree() the result.  */
-static struct option *
-merge_options (struct option a[], struct option b[])
-{
-  int i, j;
-  struct option *c;
-
-  for (i = 0; a[i].option; i ++)
-    ;
-  for (j = 0; b[j].option; j ++)
-    ;
-
-  c = xmalloc ((i + j + 1) * sizeof (struct option));
-  memcpy (c, a, i * sizeof (struct option));
-  memcpy (&c[i], b, j * sizeof (struct option));
-  c[i + j].option = NULL;
-
-  if (a[i].help && b[j].help)
-    c[i + j].help = xasprintf ("%s\n\n%s", a[i].help, b[j].help);
-  else if (a[i].help)
-    c[i + j].help = a[i].help;
-  else if (b[j].help)
-    c[i + j].help = b[j].help;
-
-  return c;
-}
-
-/* Returns whether ARG is an option.  All options start with --.  */
-static int
-is_option (const char *arg)
-{
-  return arg[0] == '-' && arg[1] == '-';
-}
-
-/* OPTIONS is a NULL terminated array of struct option:s.  Finds the
-   entry that is the same as ARG.  Returns -1 if no entry is found.
-   The empty string option matches bare arguments.  */
-static int
-match_option (const struct option options[], const char *arg)
-{
-  int i;
-  int bare_arg = ! is_option (arg);
-
-  for (i = 0; options[i].option; i ++)
-    if ((! bare_arg && strcmp (options[i].option, arg) == 0)
-        /* Non-options match the empty string.  */
-        || (bare_arg && options[i].option[0] == '\0'))
-      return i;
-
-  return -1;
-}
-
-static void
-show_help (struct option options[])
-{
-  int i;
-  int max_length = 0;
-  int space;
-
-  for (i = 0; options[i].option; i ++)
-    {
-      const char *option = options[i].option[0] ? options[i].option : "ARG";
-      int l = strlen (option);
-      if (l > max_length)
-        max_length = l;
-    }
-
-  space = 72 - (max_length + 2);
-  if (space < 40)
-    space = 40;
-
-  for (i = 0; ; i ++)
-    {
-      const char *option = options[i].option;
-      const char *help = options[i].help;
-
-      int l;
-      int j;
-      char *tmp;
-      char *formatted;
-      char *p;
-      char *newline;
-
-      if (! option && ! help)
-        break;
-
-      if (option)
-        {
-          const char *o = option[0] ? option : "ARG";
-          l = strlen (o);
-          fprintf (stdout, "%s", o);
-        }
-
-      if (! help)
-        {
-          fputc ('\n', stdout);
-          continue;
-        }
-
-      if (option)
-        for (j = l; j < max_length + 2; j ++)
-          fputc (' ', stdout);
-
-#define BOLD_START "\033[1m"
-#define NORMAL_RESTORE "\033[0m"
-#define BOLD(x) BOLD_START x NORMAL_RESTORE
-
-      if (! option || options[i].func)
-        tmp = (char *) help;
-      else
-        tmp = xasprintf ("%s " BOLD("(Unimplemented.)"), help);
-
-      if (! option)
-        space = 72;
-      formatted = format_text (tmp, space, space + 4);
-      if (!formatted)
-        abort ();
-
-      if (tmp != help)
-        xfree (tmp);
-
-      if (! option)
-        {
-          printf ("\n%s\n", formatted);
-          break;
-        }
-
-      for (p = formatted;
-           p && *p;
-           p = (*newline == '\0') ? newline : newline + 1)
-        {
-          newline = strchr (p, '\n');
-          if (! newline)
-            newline = &p[strlen (p)];
-
-          l = (size_t) newline - (size_t) p;
-
-          if (p != formatted)
-            for (j = 0; j < max_length + 2; j ++)
-              fputc (' ', stdout);
-
-          fwrite (p, l, 1, stdout);
-          fputc ('\n', stdout);
-        }
-
-      xfree (formatted);
-  }
-}
-
-/* Return value is number of consumed argv elements.  */
-static int
-process_options (const char *parent_option,
-                 struct option break_options[],
-                 struct option local_options[], void *lcookie,
-                 struct option global_options[], void *gcookie,
-                 int argc, char *argv[])
-{
-  int i;
-  for (i = 0; i < argc; i ++)
-    {
-      int j;
-      struct option *option;
-      void *cookie;
-      int bare_arg;
-      option_prcessor_t func;
-      int consumed;
-
-      if (break_options)
-        {
-          j = match_option (break_options, argv[i]);
-          if (j != -1)
-            /* Match.  Break out.  */
-            return i;
-        }
-
-      j = match_option (local_options, argv[i]);
-      if (j == -1)
-        {
-          if (global_options)
-            j = match_option (global_options, argv[i]);
-          if (j == -1)
-            {
-              if (strcmp (argv[i], "--help") == 0)
-                {
-                  if (! global_options)
-                    show_help (local_options);
-                  else
-                    {
-                      struct option *combined
-                        = merge_options (local_options, global_options);
-                      show_help (combined);
-                      xfree (combined);
-                    }
-                  g10_exit (0);
-                }
-
-              if (parent_option)
-                log_fatal ("%s: Unknown option: %s\n", parent_option, argv[i]);
-              else
-                log_fatal ("Unknown option: %s\n", argv[i]);
-            }
-
-          option = &global_options[j];
-          cookie = gcookie;
-        }
-      else
-        {
-          option = &local_options[j];
-          cookie = lcookie;
-        }
-
-      bare_arg = strcmp (option->option, "") == 0;
-
-      func = option->func;
-      if (! func)
-        {
-          if (bare_arg)
-            log_fatal ("Bare arguments unimplemented.\n");
-          else
-            log_fatal ("Unimplemented option: %s\n",
-                       option->option);
-        }
-
-      consumed = func (bare_arg ? parent_option : argv[i],
-                       argc - i - !bare_arg, &argv[i + !bare_arg],
-                       cookie);
-      i += consumed;
-      if (bare_arg)
-        i --;
-    }
-
-  return i;
-}
-
-/* The keys, subkeys, user ids and user attributes in the order that
-   they were added.  */
-PACKET components[20];
-/* The number of components.  */
-int ncomponents;
-
-static int
-add_component (int pkttype, void *component)
-{
-  int i = ncomponents ++;
-
-  log_assert (i < sizeof (components) / sizeof (components[0]));
-  log_assert (pkttype == PKT_PUBLIC_KEY
-              || pkttype == PKT_PUBLIC_SUBKEY
-              || pkttype == PKT_SECRET_KEY
-              || pkttype == PKT_SECRET_SUBKEY
-              || pkttype == PKT_USER_ID
-              || pkttype == PKT_ATTRIBUTE);
-
-  components[i].pkttype = pkttype;
-  components[i].pkt.generic = component;
-
-  return i;
-}
-
-static void
-dump_component (PACKET *pkt)
-{
-  struct kbnode_struct kbnode;
-
-  if (! do_debug)
-    return;
-
-  memset (&kbnode, 0, sizeof (kbnode));
-  kbnode.pkt = pkt;
-  dump_kbnode (&kbnode);
-}
-
-/* Returns the first primary key in COMPONENTS or NULL if there is
-   none.  */
-static PKT_public_key *
-primary_key (void)
-{
-  int i;
-  for (i = 0; i < ncomponents; i ++)
-    if (components[i].pkttype == PKT_PUBLIC_KEY)
-      return components[i].pkt.public_key;
-  return NULL;
-}
-
-/* The last session key (updated when adding a SK-ESK, PK-ESK or SED
-   packet.  */
-static DEK session_key;
-
-static int user_id (const char *option, int argc, char *argv[],
-                    void *cookie);
-static int public_key (const char *option, int argc, char *argv[],
-                       void *cookie);
-static int sk_esk (const char *option, int argc, char *argv[],
-                   void *cookie);
-static int pk_esk (const char *option, int argc, char *argv[],
-                   void *cookie);
-static int encrypted (const char *option, int argc, char *argv[],
-                      void *cookie);
-static int encrypted_pop (const char *option, int argc, char *argv[],
-                          void *cookie);
-static int literal (const char *option, int argc, char *argv[],
-                    void *cookie);
-static int signature (const char *option, int argc, char *argv[],
-                      void *cookie);
-static int copy (const char *option, int argc, char *argv[],
-                 void *cookie);
-
-static struct option major_options[] = {
-  { "--user-id", user_id, "Create a user id packet." },
-  { "--public-key", public_key, "Create a public key packet." },
-  { "--private-key", NULL, "Create a private key packet." },
-  { "--public-subkey", public_key, "Create a subkey packet." },
-  { "--private-subkey", NULL, "Create a private subkey packet." },
-  { "--sk-esk", sk_esk,
-    "Create a symmetric-key encrypted session key packet." },
-  { "--pk-esk", pk_esk,
-    "Create a public-key encrypted session key packet." },
-  { "--encrypted", encrypted, "Create a symmetrically encrypted data packet." },
-  { "--encrypted-mdc", encrypted,
-    "Create a symmetrically encrypted and integrity protected data packet." },
-  { "--encrypted-pop", encrypted_pop,
-    "Pop the most recent encryption container started by either"
-    " --encrypted or --encrypted-mdc." },
-  { "--compressed", NULL, "Create a compressed data packet." },
-  { "--literal", literal, "Create a literal (plaintext) data packet." },
-  { "--signature", signature, "Create a signature packet." },
-  { "--onepass-sig", NULL, "Create a one-pass signature packet." },
-  { "--copy", copy, "Copy the specified file." },
-  { NULL, NULL,
-    "To get more information about a given command, use:\n\n"
-    "  $ gpgcompose --command --help to list a command's options."},
-};
-
-static struct option global_options[] = {
-  { NULL, NULL, NULL },
-};
-
-/* Make our lives easier and use a static limit for the user name.
-   10k is way more than enough anyways... */
-const int user_id_max_len = 10 * 1024;
-
-static int
-user_id_name (const char *option, int argc, char *argv[], void *cookie)
-{
-  PKT_user_id *uid = cookie;
-  int l;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s USER_ID\n", option);
-
-  if (uid->len)
-    log_fatal ("Attempt to set user id multiple times.\n");
-
-  l = strlen (argv[0]);
-  if (l > user_id_max_len)
-    log_fatal ("user id too long (max: %d)\n", user_id_max_len);
-
-  memcpy (uid->name, argv[0], l);
-  uid->name[l] = 0;
-  uid->len = l;
-
-  return 1;
-}
-
-static struct option user_id_options[] = {
-  { "", user_id_name,
-    "Set the user id.  This is usually in the format "
-    "\"Name (comment) <email@example.org>\"" },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --user-id \"USERID\" | " GPG_NAME " --list-packets" }
-};
-
-static int
-user_id (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  gpg_error_t err;
-  PKT_user_id *uid = xmalloc_clear (sizeof (*uid) + user_id_max_len);
-  int c = add_component (PKT_USER_ID, uid);
-  int processed;
-
-  processed = process_options (option,
-                               major_options,
-                               user_id_options, uid,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! uid->len)
-    log_fatal ("%s: user id not given", option);
-
-  err = build_packet (out, &components[c]);
-  if (err)
-    log_fatal ("Serializing user id packet: %s\n", gpg_strerror (err));
-
-  debug ("Wrote user id packet:\n");
-  dump_component (&components[c]);
-
-  return processed;
-}
-
-static int
-pk_search_terms (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  KEYDB_HANDLE hd;
-  KEYDB_SEARCH_DESC desc;
-  kbnode_t kb;
-  PKT_public_key *pk = cookie;
-  PKT_public_key *pk_ref;
-  int i;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s KEYID\n", option);
-
-  if (pk->pubkey_algo)
-    log_fatal ("%s: multiple keys provided\n", option);
-
-  err = classify_user_id (argv[0], &desc, 0);
-  if (err)
-    log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
-
-  hd = keydb_new ();
-
-  err = keydb_search (hd, &desc, 1, NULL);
-  if (err)
-    log_fatal ("looking up '%s': %s\n", argv[0], gpg_strerror (err));
-
-  err = keydb_get_keyblock (hd, &kb);
-  if (err)
-    log_fatal ("retrieving keyblock for '%s': %s\n",
-               argv[0], gpg_strerror (err));
-
-  keydb_release (hd);
-
-  pk_ref = kb->pkt->pkt.public_key;
-
-  /* Copy the timestamp (if not already set), algo and public key
-     parameters.  */
-  if (! pk->timestamp)
-    pk->timestamp = pk_ref->timestamp;
-  pk->pubkey_algo = pk_ref->pubkey_algo;
-  for (i = 0; i < pubkey_get_npkey (pk->pubkey_algo); i ++)
-    pk->pkey[i] = gcry_mpi_copy (pk_ref->pkey[i]);
-
-  release_kbnode (kb);
-
-  return 1;
-}
-
-static int
-pk_timestamp (const char *option, int argc, char *argv[], void *cookie)
-{
-  PKT_public_key *pk = cookie;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s TIMESTAMP\n", option);
-
-  errno = 0;
-  pk->timestamp = parse_timestamp (argv[0], &tail);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  return 1;
-}
-
-#define TIMESTAMP_HELP \
-  "Either as seconds since the epoch or as an ISO 8601 formatted " \
-  "string (yyyymmddThhmmss, where the T is a literal)."
-
-static struct option pk_options[] = {
-  { "--timestamp", pk_timestamp,
-    "The creation time.  " TIMESTAMP_HELP },
-  { "", pk_search_terms,
-    "The key to copy the creation time and public key parameters from."  },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --public-key $KEYID --user-id \"USERID\" \\\n"
-    "  | " GPG_NAME " --list-packets" }
-};
-
-static int
-public_key (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  iobuf_t out = cookie;
-  PKT_public_key *pk;
-  int c;
-  int processed;
-  int t = (strcmp (option, "--public-key") == 0
-           ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY);
-
-  (void) option;
-
-  pk = xmalloc_clear (sizeof (*pk));
-  pk->version = 4;
-
-  c = add_component (t, pk);
-
-  processed = process_options (option,
-                               major_options,
-                               pk_options, pk,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! pk->pubkey_algo)
-    log_fatal ("%s: key to extract public key parameters from not given",
-               option);
-
-  /* Clear the keyid in case we updated one of the relevant fields
-     after accessing it.  */
-  pk->keyid[0] = pk->keyid[1] = 0;
-
-  err = build_packet (out, &components[c]);
-  if (err)
-    log_fatal ("serializing %s packet: %s\n",
-               t == PKT_PUBLIC_KEY ? "public key" : "subkey",
-               gpg_strerror (err));
-
-  debug ("Wrote %s packet:\n",
-         t == PKT_PUBLIC_KEY ? "public key" : "subkey");
-  dump_component (&components[c]);
-
-  return processed;
-}
-
-struct signinfo
-{
-  /* Key with which to sign.  */
-  kbnode_t issuer_kb;
-  PKT_public_key *issuer_pk;
-
-  /* Overrides the issuer's key id.  */
-  u32 issuer_keyid[2];
-  /* Sets the issuer's keyid to the primary key's key id.  */
-  int issuer_keyid_self;
-
-  /* Key to sign.  */
-  PKT_public_key *pk;
-  /* Subkey to sign.  */
-  PKT_public_key *sk;
-  /* User id to sign.  */
-  PKT_user_id *uid;
-
-  int class;
-  int digest_algo;
-  u32 timestamp;
-  u32 key_expiration;
-
-  byte *cipher_algorithms;
-  int cipher_algorithms_len;
-  byte *digest_algorithms;
-  int digest_algorithms_len;
-  byte *compress_algorithms;
-  int compress_algorithms_len;
-
-  u32 expiration;
-
-  int exportable_set;
-  int exportable;
-
-  int revocable_set;
-  int revocable;
-
-  int trust_level_set;
-  byte trust_args[2];
-
-  char *trust_scope;
-
-  struct revocation_key *revocation_key;
-  int nrevocation_keys;
-
-  struct notation *notations;
-
-  byte *key_server_preferences;
-  int key_server_preferences_len;
-
-  char *key_server;
-
-  int primary_user_id_set;
-  int primary_user_id;
-
-  char *policy_uri;
-
-  byte *key_flags;
-  int key_flags_len;
-
-  char *signers_user_id;
-
-  byte reason_for_revocation_code;
-  char *reason_for_revocation;
-
-  byte *features;
-  int features_len;
-
-  /* Whether to corrupt the signature.  */
-  int corrupt;
-};
-
-static int
-sig_issuer (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  KEYDB_HANDLE hd;
-  KEYDB_SEARCH_DESC desc;
-  struct signinfo *si = cookie;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s KEYID\n", option);
-
-  if (si->issuer_pk)
-    log_fatal ("%s: multiple keys provided\n", option);
-
-  err = classify_user_id (argv[0], &desc, 0);
-  if (err)
-    log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
-
-  hd = keydb_new ();
-
-  err = keydb_search (hd, &desc, 1, NULL);
-  if (err)
-    log_fatal ("looking up '%s': %s\n", argv[0], gpg_strerror (err));
-
-  err = keydb_get_keyblock (hd, &si->issuer_kb);
-  if (err)
-    log_fatal ("retrieving keyblock for '%s': %s\n",
-               argv[0], gpg_strerror (err));
-
-  keydb_release (hd);
-
-  si->issuer_pk = si->issuer_kb->pkt->pkt.public_key;
-
-  return 1;
-}
-
-static int
-sig_issuer_keyid (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  KEYDB_SEARCH_DESC desc;
-  struct signinfo *si = cookie;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s KEYID|self\n", option);
-
-  if (si->issuer_keyid[0] || si->issuer_keyid[1] || si->issuer_keyid_self)
-    log_fatal ("%s given multiple times.\n", option);
-
-  if (strcasecmp (argv[0], "self") == 0)
-    {
-      si->issuer_keyid_self = 1;
-      return 1;
-    }
-
-  err = classify_user_id (argv[0], &desc, 0);
-  if (err)
-    log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
-
-  if (desc.mode != KEYDB_SEARCH_MODE_LONG_KID)
-    log_fatal ("%s is not a valid long key id.\n", argv[0]);
-
-  keyid_copy (si->issuer_keyid, desc.u.kid);
-
-  return 1;
-}
-
-static int
-sig_pk (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s COMPONENT_INDEX\n", option);
-
-  errno = 0;
-  i = strtoul (argv[0], &tail, 10);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  if (i >= ncomponents)
-    log_fatal ("%d: No such component (have %d components so far)\n",
-               i, ncomponents);
-  if (! (components[i].pkttype == PKT_PUBLIC_KEY
-         || components[i].pkttype == PKT_PUBLIC_SUBKEY))
-    log_fatal ("Component %d is not a public key or a subkey.", i);
-
-  if (strcmp (option, "--pk") == 0)
-    {
-      if (si->pk)
-        log_fatal ("%s already given.\n", option);
-      si->pk = components[i].pkt.public_key;
-    }
-  else if (strcmp (option, "--sk") == 0)
-    {
-      if (si->sk)
-        log_fatal ("%s already given.\n", option);
-      si->sk = components[i].pkt.public_key;
-    }
-  else
-    log_fatal ("Cannot handle %s\n", option);
-
-  return 1;
-}
-
-static int
-sig_user_id (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s COMPONENT_INDEX\n", option);
-  if (si->uid)
-    log_fatal ("%s already given.\n", option);
-
-  errno = 0;
-  i = strtoul (argv[0], &tail, 10);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  if (i >= ncomponents)
-    log_fatal ("%d: No such component (have %d components so far)\n",
-               i, ncomponents);
-  if (! (components[i].pkttype != PKT_USER_ID
-         || components[i].pkttype == PKT_ATTRIBUTE))
-    log_fatal ("Component %d is not a public key or a subkey.", i);
-
-  si->uid = components[i].pkt.user_id;
-
-  return 1;
-}
-
-static int
-sig_class (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s CLASS\n", option);
-
-  errno = 0;
-  i = strtoul (argv[0], &tail, 0);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  si->class = i;
-
-  return 1;
-}
-
-static int
-sig_digest (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s DIGEST_ALGO\n", option);
-
-  errno = 0;
-  i = strtoul (argv[0], &tail, 10);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  si->digest_algo = i;
-
-  return 1;
-}
-
-static int
-sig_timestamp (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s TIMESTAMP\n", option);
-
-  errno = 0;
-  si->timestamp = parse_timestamp (argv[0], &tail);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  return 1;
-}
-
-static int
-sig_expiration (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int is_expiration = strcmp (option, "--expiration") == 0;
-  u32 *i = is_expiration ? &si->expiration : &si->key_expiration;
-
-  if (! is_expiration)
-    log_assert (strcmp (option, "--key-expiration") == 0);
-
-  if (argc == 0)
-    log_fatal ("Usage: %s DURATION\n", option);
-
-  *i = parse_expire_string (argv[0]);
-  if (*i == (u32)-1)
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-
-  return 1;
-}
-
-static int
-sig_int_list (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int nvalues = 1;
-  char *values = xmalloc (nvalues * sizeof (values[0]));
-  char *tail = argv[0];
-  int i;
-  byte **a;
-  int *n;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s VALUE[,VALUE...]\n", option);
-
-  for (i = 0; tail && *tail; i ++)
-    {
-      int v;
-      char *old_tail = tail;
-
-      errno = 0;
-      v = strtol (tail, &tail, 0);
-      if (errno || old_tail == tail || (tail && !(*tail == ',' || *tail == 0)))
-        log_fatal ("Invalid value passed to %s (%s).  "
-                   "Expected a list of comma separated numbers\n",
-                   option, argv[0]);
-
-      if (! (0 <= v && v <= 255))
-        log_fatal ("%s: %d is out of range (Expected: 0-255)\n", option, v);
-
-      if (i == nvalues)
-        {
-          nvalues *= 2;
-          values = xrealloc (values, nvalues * sizeof (values[0]));
-        }
-
-      values[i] = v;
-
-      if (*tail == ',')
-        tail ++;
-      else
-        log_assert (*tail == 0);
-    }
-
-  if (strcmp ("--cipher-algos", option) == 0)
-    {
-      a = &si->cipher_algorithms;
-      n = &si->cipher_algorithms_len;
-    }
-  else if (strcmp ("--digest-algos", option) == 0)
-    {
-      a = &si->digest_algorithms;
-      n = &si->digest_algorithms_len;
-    }
-  else if (strcmp ("--compress-algos", option) == 0)
-    {
-      a = &si->compress_algorithms;
-      n = &si->compress_algorithms_len;
-    }
-  else
-    log_fatal ("Cannot handle %s\n", option);
-
-  if (*a)
-    log_fatal ("Option %s given multiple times.\n", option);
-
-  *a = values;
-  *n = i;
-
-  return 1;
-}
-
-static int
-sig_flag (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int range[2] = {0, 255};
-  char *tail;
-  int v;
-
-  if (strcmp (option, "--primary-user-id") == 0)
-    range[1] = 1;
-
-  if (argc <= 1)
-    {
-      if (range[0] == 0 && range[1] == 1)
-        log_fatal ("Usage: %s 0|1\n", option);
-      else
-        log_fatal ("Usage: %s %d-%d\n", option, range[0], range[1]);
-    }
-
-  errno = 0;
-  v = strtol (argv[0], &tail, 0);
-  if (errno || (tail && *tail) || !(range[0] <= v && v <= range[1]))
-    log_fatal ("Invalid value passed to %s (%s).  Expected %d-%d\n",
-               option, argv[0], range[0], range[1]);
-
-  if (strcmp (option, "--exportable") == 0)
-    {
-      si->exportable_set = 1;
-      si->exportable = v;
-    }
-  else if (strcmp (option, "--revocable") == 0)
-    {
-      si->revocable_set = 1;
-      si->revocable = v;
-    }
-  else if (strcmp (option, "--primary-user-id") == 0)
-    {
-      si->primary_user_id_set = 1;
-      si->primary_user_id = v;
-    }
-  else
-    log_fatal ("Cannot handle %s\n", option);
-
-  return 1;
-}
-
-static int
-sig_trust_level (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-  char *tail;
-
-  if (argc <= 1)
-    log_fatal ("Usage: %s DEPTH TRUST_AMOUNT\n", option);
-
-  for (i = 0; i < sizeof (si->trust_args) / sizeof (si->trust_args[0]); i ++)
-    {
-      int v;
-
-      errno = 0;
-      v = strtol (argv[i], &tail, 0);
-      if (errno || (tail && *tail) || !(0 <= v && v <= 255))
-        log_fatal ("Invalid value passed to %s (%s).  Expected 0-255\n",
-                   option, argv[i]);
-
-      si->trust_args[i] = v;
-    }
-
-  si->trust_level_set = 1;
-
-  return 2;
-}
-
-static int
-sig_string_arg (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  char *p = argv[0];
-  char **s;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s STRING\n", option);
-
-  if (strcmp (option, "--trust-scope") == 0)
-    s = &si->trust_scope;
-  else if (strcmp (option, "--key-server") == 0)
-    s = &si->key_server;
-  else if (strcmp (option, "--signers-user-id") == 0)
-    s = &si->signers_user_id;
-  else if (strcmp (option, "--policy-uri") == 0)
-    s = &si->policy_uri;
-  else
-    log_fatal ("Cannot handle %s\n", option);
-
-  if (*s)
-    log_fatal ("%s already given.\n", option);
-
-  *s = xstrdup (p);
-
-  return 1;
-}
-
-static int
-sig_revocation_key (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  struct signinfo *si = cookie;
-  int v;
-  char *tail;
-  PKT_public_key pk;
-  struct revocation_key *revkey;
-
-  if (argc < 2)
-    log_fatal ("Usage: %s CLASS KEYID\n", option);
-
-  memset (&pk, 0, sizeof (pk));
-
-  errno = 0;
-  v = strtol (argv[0], &tail, 16);
-  if (errno || (tail && *tail) || !(0 <= v && v <= 255))
-    log_fatal ("%s: Invalid class value (%s).  Expected 0-255\n",
-               option, argv[0]);
-
-  pk.req_usage = PUBKEY_USAGE_SIG;
-  err = get_pubkey_byname (NULL, GET_PUBKEY_NO_AKL,
-                           NULL, &pk, argv[1], NULL, NULL, 1);
-  if (err)
-    log_fatal ("looking up key %s: %s\n", argv[1], gpg_strerror (err));
-
-  si->nrevocation_keys ++;
-  si->revocation_key = xrealloc (si->revocation_key,
-                                 si->nrevocation_keys
-                                 * sizeof (*si->revocation_key));
-  revkey = &si->revocation_key[si->nrevocation_keys - 1];
-
-  revkey->class = v;
-  revkey->algid = pk.pubkey_algo;
-  fingerprint_from_pk (&pk, revkey->fpr, NULL);
-
-  release_public_key_parts (&pk);
-
-  return 2;
-}
-
-static int
-sig_notation (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int is_blob = strcmp (option, "--notation") != 0;
-  struct notation *notation;
-  char *p = argv[0];
-  int p_free = 0;
-  char *data;
-  int data_size;
-  int data_len;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s [!<]name=value\n", option);
-
-  if ((p[0] == '!' && p[1] == '<') || p[0] == '<')
-    /* Read from a file.  */
-    {
-      char *filename = NULL;
-      iobuf_t in;
-      int prefix;
-
-      if (p[0] == '<')
-        p ++;
-      else
-        {
-          /* Remove the '<', which string_to_notation does not
-             understand, and preserve the '!'.  */
-          p = xstrdup (&p[1]);
-          p_free = 1;
-          p[0] = '!';
-        }
-
-      filename = strchr (p, '=');
-      if (! filename)
-        log_fatal ("No value specified.  Usage: %s [!<]name=value\n",
-                   option);
-      filename ++;
-
-      prefix = (size_t) filename - (size_t) p;
-
-      errno = 0;
-      in = iobuf_open (filename);
-      if (! in)
-        log_fatal ("Opening '%s': %s\n",
-                   filename, errno ? strerror (errno): "unknown error");
-
-      /* A notation can be at most about a few dozen bytes short of
-         64k.  Since this is relatively small, we just allocate that
-         much instead of trying to dynamically size a buffer.  */
-      data_size = 64 * 1024;
-      data = xmalloc (data_size);
-      log_assert (prefix <= data_size);
-      memcpy (data, p, prefix);
-
-      data_len = iobuf_read (in, &data[prefix], data_size - prefix - 1);
-      if (data_len == -1)
-        /* EOF => 0 bytes read.  */
-        data_len = 0;
-
-      if (data_len == data_size - prefix - 1)
-        /* Technically, we should do another read and check for EOF,
-           but what's one byte more or less?  */
-        log_fatal ("Notation data doesn't fit in the packet.\n");
-
-      iobuf_close (in);
-
-      /* NUL terminate it.  */
-      data[prefix + data_len] = 0;
-
-      if (p_free)
-        xfree (p);
-      p = data;
-      p_free = 1;
-      data = &p[prefix];
-
-      if (is_blob)
-        p[prefix - 1] = 0;
-    }
-  else if (is_blob)
-    {
-      data = strchr (p, '=');
-      if (! data)
-        {
-          data = p;
-          data_len = 0;
-        }
-      else
-        {
-          p = xstrdup (p);
-          p_free = 1;
-
-          data = strchr (p, '=');
-          log_assert (data);
-
-          /* NUL terminate the name.  */
-          *data = 0;
-          data ++;
-          data_len = strlen (data);
-        }
-    }
-
-  if (is_blob)
-    notation = blob_to_notation (p, data, data_len);
-  else
-    notation = string_to_notation (p, 1);
-  if (! notation)
-    log_fatal ("creating notation: an unknown error occurred.\n");
-  notation->next = si->notations;
-  si->notations = notation;
-
-  if (p_free)
-    xfree (p);
-
-  return 1;
-}
-
-static int
-sig_big_endian_arg (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  char *p = argv[0];
-  int i;
-  int l;
-  char *bytes;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s HEXDIGITS\n", option);
-
-  /* Skip a leading "0x".  */
-  if (p[0] == '0' && p[1] == 'x')
-    p += 2;
-
-  for (i = 0; i < strlen (p); i ++)
-    if (!hexdigitp (&p[i]))
-      log_fatal ("%s: argument ('%s') must consist of hex digits.\n",
-                 option, p);
-  if (strlen (p) % 2 != 0)
-      log_fatal ("%s: argument ('%s') must contain an even number of hex digits.\n",
-                 option, p);
-
-  l = strlen (p) / 2;
-  bytes = xmalloc (l);
-  hex2bin (p, bytes, l);
-
-  if (strcmp (option, "--key-server-preferences") == 0)
-    {
-      if (si->key_server_preferences)
-        log_fatal ("%s given multiple times.\n", option);
-      si->key_server_preferences = bytes;
-      si->key_server_preferences_len = l;
-    }
-  else if (strcmp (option, "--key-flags") == 0)
-    {
-      if (si->key_flags)
-        log_fatal ("%s given multiple times.\n", option);
-      si->key_flags = bytes;
-      si->key_flags_len = l;
-    }
-  else if (strcmp (option, "--features") == 0)
-    {
-      if (si->features)
-        log_fatal ("%s given multiple times.\n", option);
-      si->features = bytes;
-      si->features_len = l;
-    }
-  else
-    log_fatal ("Cannot handle %s\n", option);
-
-  return 1;
-}
-
-static int
-sig_reason_for_revocation (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-  int v;
-  char *tail;
-
-  if (argc < 2)
-    log_fatal ("Usage: %s REASON_CODE REASON_STRING\n", option);
-
-  errno = 0;
-  v = strtol (argv[0], &tail, 16);
-  if (errno || (tail && *tail) || !(0 <= v && v <= 255))
-    log_fatal ("%s: Invalid reason code (%s).  Expected 0-255\n",
-               option, argv[0]);
-
-  if (si->reason_for_revocation)
-    log_fatal ("%s given multiple times.\n", option);
-
-  si->reason_for_revocation_code = v;
-  si->reason_for_revocation = xstrdup (argv[1]);
-
-  return 2;
-}
-
-static int
-sig_corrupt (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct signinfo *si = cookie;
-
-  (void) option;
-  (void) argc;
-  (void) argv;
-  (void) cookie;
-
-  si->corrupt = 1;
-
-  return 0;
-}
-
-static struct option sig_options[] = {
-  { "--issuer", sig_issuer,
-    "The key to use to generate the signature."},
-  { "--issuer-keyid", sig_issuer_keyid,
-    "Set the issuer's key id.  This is useful for creating a "
-    "self-signature.  As a special case, the value \"self\" refers "
-    "to the primary key's key id.  "
-    "(RFC 4880, Section 5.2.3.5)" },
-  { "--pk", sig_pk,
-    "The primary keyas an index into the components (keys and uids) "
-    "created so far where the first component has the index 0." },
-  { "--sk", sig_pk,
-    "The subkey as an index into the components (keys and uids) created "
-    "so far where the first component has the index 0.  Only needed for "
-    "0x18, 0x19, and 0x28 signatures." },
-  { "--user-id", sig_user_id,
-    "The user id as an index into the components (keys and uids) created "
-    "so far where the first component has the index 0.  Only needed for "
-    "0x10-0x13 and 0x30 signatures." },
-  { "--class", sig_class,
-    "The signature's class.  Valid values are "
-    "0x10-0x13 (user id and primary-key certification), "
-    "0x18 (subkey binding), "
-    "0x19 (primary key binding), "
-    "0x1f (direct primary key signature), "
-    "0x20 (key revocation), "
-    "0x28 (subkey revocation), and "
-    "0x30 (certification revocation)."
-  },
-  { "--digest", sig_digest, "The digest algorithm" },
-  { "--timestamp", sig_timestamp,
-    "The signature's creation time.  " TIMESTAMP_HELP "  0 means now.  "
-    "(RFC 4880, Section 5.2.3.4)" },
-  { "--key-expiration", sig_expiration,
-    "The number of days until the associated key expires.  To specify "
-    "seconds, prefix the value with \"seconds=\".  It is also possible "
-    "to use 'y', 'm' and 'w' as simple multipliers.  For instance, 2y "
-    "means 2 years, etc.  "
-    "(RFC 4880, Section 5.2.3.6)" },
-  { "--cipher-algos", sig_int_list,
-    "A comma separated list of the preferred cipher algorithms (identified by "
-    "their number, see RFC 4880, Section 9).  "
-    "(RFC 4880, Section 5.2.3.7)" },
-  { "--digest-algos", sig_int_list,
-    "A comma separated list of the preferred algorithms (identified by "
-    "their number, see RFC 4880, Section 9).  "
-    "(RFC 4880, Section 5.2.3.8)" },
-  { "--compress-algos", sig_int_list,
-    "A comma separated list of the preferred algorithms (identified by "
-    "their number, see RFC 4880, Section 9)."
-    "(RFC 4880, Section 5.2.3.9)" },
-  { "--expiration", sig_expiration,
-    "The number of days until the signature expires.  To specify seconds, "
-    "prefix the value with \"seconds=\".  It is also possible to use 'y', "
-    "'m' and 'w' as simple multipliers.  For instance, 2y means 2 years, "
-    "etc.  "
-    "(RFC 4880, Section 5.2.3.10)" },
-  { "--exportable", sig_flag,
-    "Mark this signature as exportable (1) or local (0).  "
-    "(RFC 4880, Section 5.2.3.11)" },
-  { "--revocable", sig_flag,
-    "Mark this signature as revocable (1, revocations are ignored) "
-    "or non-revocable (0).  "
-    "(RFC 4880, Section 5.2.3.12)" },
-  { "--trust-level", sig_trust_level,
-    "Set the trust level.  This takes two integer arguments (0-255): "
-    "the trusted-introducer level and the degree of trust.  "
-    "(RFC 4880, Section 5.2.3.13.)" },
-  { "--trust-scope", sig_string_arg,
-    "A regular expression that limits the scope of --trust-level.  "
-    "(RFC 4880, Section 5.2.3.14.)" },
-  { "--revocation-key", sig_revocation_key,
-    "Specify a designated revoker.  Takes two arguments: the class "
-    "(normally 0x80 or 0xC0 (sensitive)) and the key id of the "
-    "designatured revoker.  May be given multiple times.  "
-    "(RFC 4880, Section 5.2.3.15)" },
-  { "--notation", sig_notation,
-    "Add a human-readable notation of the form \"[!<]name=value\" where "
-    "\"!\" means that the critical flag should be set and \"<\" means "
-    "that VALUE is a file to read the data from.  "
-    "(RFC 4880, Section 5.2.3.16)" },
-  { "--notation-binary", sig_notation,
-    "Add a binary notation of the form \"[!<]name=value\" where "
-    "\"!\" means that the critical flag should be set and \"<\" means "
-    "that VALUE is a file to read the data from.  "
-    "(RFC 4880, Section 5.2.3.16)" },
-  { "--key-server-preferences", sig_big_endian_arg,
-    "Big-endian number encoding the keyserver preferences. "
-    "(RFC 4880, Section 5.2.3.17)" },
-  { "--key-server", sig_string_arg,
-    "The preferred keyserver.  (RFC 4880, Section 5.2.3.18)" },
-  { "--primary-user-id", sig_flag,
-    "Sets the primary user id flag.  (RFC 4880, Section 5.2.3.19)" },
-  { "--policy-uri", sig_string_arg,
-    "URI of a document that describes the issuer's signing policy.  "
-    "(RFC 4880, Section 5.2.3.20)" },
-  { "--key-flags", sig_big_endian_arg,
-    "Big-endian number encoding the key flags. "
-    "(RFC 4880, Section 5.2.3.21)" },
-  { "--signers-user-id", sig_string_arg,
-    "The user id (as a string) responsible for the signing.  "
-    "(RFC 4880, Section 5.2.3.22)" },
-  { "--reason-for-revocation", sig_reason_for_revocation,
-    "Takes two arguments: a reason for revocation code and a "
-    "user-provided string.  "
-    "(RFC 4880, Section 5.2.3.23)" },
-  { "--features", sig_big_endian_arg,
-    "Big-endian number encoding the feature flags. "
-    "(RFC 4880, Section 5.2.3.24)" },
-  { "--signature-target", NULL,
-    "Takes three arguments: the target signature's public key algorithm "
-    " (as an integer), the hash algorithm (as an integer) and the hash "
-    " (as a hexadecimal string).  "
-    "(RFC 4880, Section 5.2.3.25)" },
-  { "--embedded-signature", NULL,
-    "An embedded signature.  This must be immediately followed by a "
-    "signature packet (created using --signature ...) or a filename "
-    "containing the packet."
-    "(RFC 4880, Section 5.2.3.26)" },
-  { "--hashed", NULL,
-    "The following attributes will be placed in the hashed area of "
-    "the signature.  (This is the default and it reset at the end of"
-    "each signature.)" },
-  { "--unhashed", NULL,
-    "The following attributes will be placed in the unhashed area of "
-    "the signature (and thus not integrity protected)." },
-  { "--corrupt", sig_corrupt,
-    "Corrupt the signature." },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --public-key $KEYID --user-id USERID \\\n"
-    "  --signature --class 0x10 --issuer $KEYID --issuer-keyid self \\\n"
-    "  | " GPG_NAME " --list-packets"}
-};
-
-static int
-mksubpkt_callback (PKT_signature *sig, void *cookie)
-{
-  struct signinfo *si = cookie;
-  int i;
-
-  if (si->key_expiration)
-    {
-      char buf[4];
-      buf[0] = (si->key_expiration >> 24) & 0xff;
-      buf[1] = (si->key_expiration >> 16) & 0xff;
-      buf[2] = (si->key_expiration >>  8) & 0xff;
-      buf[3] = si->key_expiration & 0xff;
-      build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
-    }
-
-  if (si->cipher_algorithms)
-    build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM,
-                      si->cipher_algorithms,
-                      si->cipher_algorithms_len);
-
-  if (si->digest_algorithms)
-    build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH,
-                      si->digest_algorithms,
-                      si->digest_algorithms_len);
-
-  if (si->compress_algorithms)
-    build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR,
-                      si->compress_algorithms,
-                      si->compress_algorithms_len);
-
-  if (si->exportable_set)
-    {
-      char buf = si->exportable;
-      build_sig_subpkt (sig, SIGSUBPKT_EXPORTABLE, &buf, 1);
-    }
-
-  if (si->trust_level_set)
-    build_sig_subpkt (sig, SIGSUBPKT_TRUST,
-                      si->trust_args, sizeof (si->trust_args));
-
-  if (si->trust_scope)
-    build_sig_subpkt (sig, SIGSUBPKT_REGEXP,
-                      si->trust_scope, strlen (si->trust_scope));
-
-  for (i = 0; i < si->nrevocation_keys; i ++)
-    {
-      struct revocation_key *revkey = &si->revocation_key[i];
-      gpg_error_t err = keygen_add_revkey (sig, revkey);
-      if (err)
-        {
-          u32 keyid[2];
-          keyid_from_fingerprint (global_ctrl, revkey->fpr, 20, keyid);
-          log_fatal ("adding revocation key %s: %s\n",
-                     keystr (keyid), gpg_strerror (err));
-        }
-    }
-
-  /* keygen_add_revkey sets revocable=0 so be sure to do this after
-     adding the rev keys.  */
-  if (si->revocable_set)
-    {
-      char buf = si->revocable;
-      build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, &buf, 1);
-    }
-
-  keygen_add_notations (sig, si->notations);
-
-  if (si->key_server_preferences)
-    build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS,
-                      si->key_server_preferences,
-                      si->key_server_preferences_len);
-
-  if (si->key_server)
-    build_sig_subpkt (sig, SIGSUBPKT_PREF_KS,
-                      si->key_server, strlen (si->key_server));
-
-  if (si->primary_user_id_set)
-    {
-      char buf = si->primary_user_id;
-      build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, &buf, 1);
-    }
-
-  if (si->policy_uri)
-    build_sig_subpkt (sig, SIGSUBPKT_POLICY,
-                      si->policy_uri, strlen (si->policy_uri));
-
-  if (si->key_flags)
-    build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS,
-                      si->key_flags, si->key_flags_len);
-
-  if (si->signers_user_id)
-    build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID,
-                      si->signers_user_id, strlen (si->signers_user_id));
-
-  if (si->reason_for_revocation)
-    {
-      int len = 1 + strlen (si->reason_for_revocation);
-      char *buf;
-
-      buf = xmalloc (len);
-
-      buf[0] = si->reason_for_revocation_code;
-      memcpy (&buf[1], si->reason_for_revocation, len - 1);
-
-      build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len);
-
-      xfree (buf);
-    }
-
-  if (si->features)
-    build_sig_subpkt (sig, SIGSUBPKT_FEATURES,
-                      si->features, si->features_len);
-
-  return 0;
-}
-
-static int
-signature (const char *option, int argc, char *argv[], void *cookie)
-{
-  gpg_error_t err;
-  iobuf_t out = cookie;
-  struct signinfo si;
-  int processed;
-  PKT_public_key *pk;
-  PKT_signature *sig;
-  PACKET pkt;
-  u32 keyid_orig[2], keyid[2];
-
-  (void) option;
-
-  memset (&si, 0, sizeof (si));
-  memset (&pkt, 0, sizeof (pkt));
-
-  processed = process_options (option,
-                               major_options,
-                               sig_options, &si,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (ncomponents)
-    {
-      int pkttype = components[ncomponents - 1].pkttype;
-
-      if (pkttype == PKT_PUBLIC_KEY)
-        {
-          if (! si.class)
-            /* Direct key sig.  */
-            si.class = 0x1F;
-        }
-      else if (pkttype == PKT_PUBLIC_SUBKEY)
-        {
-          if (! si.sk)
-            si.sk = components[ncomponents - 1].pkt.public_key;
-          if (! si.class)
-            /* Subkey binding sig.  */
-            si.class = 0x18;
-        }
-      else if (pkttype == PKT_USER_ID)
-        {
-          if (! si.uid)
-            si.uid = components[ncomponents - 1].pkt.user_id;
-          if (! si.class)
-            /* Certification of a user id and public key packet.  */
-            si.class = 0x10;
-        }
-    }
-
-  pk = NULL;
-  if (! si.pk || ! si.issuer_pk)
-    /* No primary key specified.  Default to the first one that we
-       find.  */
-    {
-      int i;
-      for (i = 0; i < ncomponents; i ++)
-        if (components[i].pkttype == PKT_PUBLIC_KEY)
-          {
-            pk = components[i].pkt.public_key;
-            break;
-          }
-    }
-
-  if (! si.pk)
-    {
-      if (! pk)
-        log_fatal ("%s: no primary key given and no primary key available",
-                   "--pk");
-      si.pk = pk;
-    }
-  if (! si.issuer_pk)
-    {
-      if (! pk)
-        log_fatal ("%s: no issuer key given and no primary key available",
-                   "--issuer");
-      si.issuer_pk = pk;
-    }
-
-  if (si.class == 0x18 || si.class == 0x19 || si.class == 0x28)
-    /* Requires the primary key and a subkey.  */
-    {
-      if (! si.sk)
-        log_fatal ("sig class 0x%x requires a subkey (--sk)\n", si.class);
-    }
-  else if (si.class == 0x10
-           || si.class == 0x11
-           || si.class == 0x12
-           || si.class == 0x13
-           || si.class == 0x30)
-    /* Requires the primary key and a user id.  */
-    {
-      if (! si.uid)
-        log_fatal ("sig class 0x%x requires a uid (--uid)\n", si.class);
-    }
-  else if (si.class == 0x1F || si.class == 0x20)
-    /* Just requires the primary key.  */
-    ;
-  else
-    log_fatal ("Unsupported signature class: 0x%x\n", si.class);
-
-  sig = xmalloc_clear (sizeof (*sig));
-
-  /* Save SI.ISSUER_PK->KEYID.  */
-  keyid_copy (keyid_orig, pk_keyid (si.issuer_pk));
-  if (si.issuer_keyid[0] || si.issuer_keyid[1])
-    keyid_copy (si.issuer_pk->keyid, si.issuer_keyid);
-  else if (si.issuer_keyid_self)
-    {
-      PKT_public_key *pripk = primary_key();
-      if (! pripk)
-        log_fatal ("--issuer-keyid self given, but no primary key available.\n");
-      keyid_copy (si.issuer_pk->keyid, pk_keyid (pripk));
-    }
-
-  /* Changing the issuer's key id is fragile.  Check to make sure
-     make_keysig_packet didn't recompute the keyid.  */
-  keyid_copy (keyid, si.issuer_pk->keyid);
-  err = make_keysig_packet (global_ctrl,
-                            &sig, si.pk, si.uid, si.sk, si.issuer_pk,
-                            si.class, si.digest_algo,
-                            si.timestamp, si.expiration,
-                            mksubpkt_callback, &si, NULL);
-  log_assert (keyid_cmp (keyid, si.issuer_pk->keyid) == 0);
-  if (err)
-    log_fatal ("Generating signature: %s\n", gpg_strerror (err));
-
-  /* Restore SI.PK->KEYID.  */
-  keyid_copy (si.issuer_pk->keyid, keyid_orig);
-
-  if (si.corrupt)
-    {
-      /* Set the top 32-bits to 0xBAD0DEAD.  */
-      int bits = gcry_mpi_get_nbits (sig->data[0]);
-      gcry_mpi_t x = gcry_mpi_new (0);
-      gcry_mpi_add_ui (x, x, 0xBAD0DEAD);
-      gcry_mpi_lshift (x, x, bits > 32 ? bits - 32 : bits);
-      gcry_mpi_clear_highbit (sig->data[0], bits > 32 ? bits - 32 : 0);
-      gcry_mpi_add (sig->data[0], sig->data[0], x);
-      gcry_mpi_release (x);
-    }
-
-  pkt.pkttype = PKT_SIGNATURE;
-  pkt.pkt.signature = sig;
-
-  err = build_packet (out, &pkt);
-  if (err)
-    log_fatal ("serializing public key packet: %s\n", gpg_strerror (err));
-
-  debug ("Wrote signature packet:\n");
-  dump_component (&pkt);
-
-  free_seckey_enc (sig);
-  release_kbnode (si.issuer_kb);
-  xfree (si.revocation_key);
-
-  return processed;
-}
-
-struct sk_esk_info
-{
-  /* The cipher used for encrypting the session key (when a session
-     key is used).  */
-  int cipher;
-  /* The cipher used for encryping the SED packet.  */
-  int sed_cipher;
-
-  /* S2K related data.  */
-  int hash;
-  int mode;
-  int mode_set;
-  byte salt[8];
-  int salt_set;
-  int iterations;
-
-  /* If applying the S2K function to the passphrase is the session key
-     or if it is the decryption key for the session key.  */
-  int s2k_is_session_key;
-  /* Generate a new, random session key.  */
-  int new_session_key;
-
-  /* The unencrypted session key.  */
-  int session_key_len;
-  char *session_key;
-
-  char *password;
-};
-
-static int
-sk_esk_cipher (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "integer|IDEA|3DES|CAST5|BLOWFISH|AES|AES192|AES256|CAMELLIA128|CAMELLIA192|CAMELLIA256";
-  int cipher;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (strcasecmp (argv[0], "IDEA") == 0)
-    cipher = CIPHER_ALGO_IDEA;
-  else if (strcasecmp (argv[0], "3DES") == 0)
-    cipher = CIPHER_ALGO_3DES;
-  else if (strcasecmp (argv[0], "CAST5") == 0)
-    cipher = CIPHER_ALGO_CAST5;
-  else if (strcasecmp (argv[0], "BLOWFISH") == 0)
-    cipher = CIPHER_ALGO_BLOWFISH;
-  else if (strcasecmp (argv[0], "AES") == 0)
-    cipher = CIPHER_ALGO_AES;
-  else if (strcasecmp (argv[0], "AES192") == 0)
-    cipher = CIPHER_ALGO_AES192;
-  else if (strcasecmp (argv[0], "TWOFISH") == 0)
-    cipher = CIPHER_ALGO_TWOFISH;
-  else if (strcasecmp (argv[0], "CAMELLIA128") == 0)
-    cipher = CIPHER_ALGO_CAMELLIA128;
-  else if (strcasecmp (argv[0], "CAMELLIA192") == 0)
-    cipher = CIPHER_ALGO_CAMELLIA192;
-  else if (strcasecmp (argv[0], "CAMELLIA256") == 0)
-    cipher = CIPHER_ALGO_CAMELLIA256;
-  else
-    {
-      char *tail;
-      int v;
-
-      errno = 0;
-      v = strtol (argv[0], &tail, 0);
-      if (errno || (tail && *tail) || ! valid_cipher (v))
-        log_fatal ("Invalid or unsupported value.  Usage: %s %s\n",
-                   option, usage);
-
-      cipher = v;
-    }
-
-  if (strcmp (option, "--cipher") == 0)
-    {
-      if (si->cipher)
-        log_fatal ("%s given multiple times.", option);
-      si->cipher = cipher;
-    }
-  else if (strcmp (option, "--sed-cipher") == 0)
-    {
-      if (si->sed_cipher)
-        log_fatal ("%s given multiple times.", option);
-      si->sed_cipher = cipher;
-    }
-
-  return 1;
-}
-
-static int
-sk_esk_mode (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "integer|simple|salted|iterated";
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (si->mode)
-    log_fatal ("%s given multiple times.", option);
-
-  if (strcasecmp (argv[0], "simple") == 0)
-    si->mode = 0;
-  else if (strcasecmp (argv[0], "salted") == 0)
-    si->mode = 1;
-  else if (strcasecmp (argv[0], "iterated") == 0)
-    si->mode = 3;
-  else
-    {
-      char *tail;
-      int v;
-
-      errno = 0;
-      v = strtol (argv[0], &tail, 0);
-      if (errno || (tail && *tail) || ! (v == 0 || v == 1 || v == 3))
-        log_fatal ("Invalid or unsupported value.  Usage: %s %s\n",
-                   option, usage);
-
-      si->mode = v;
-    }
-
-  si->mode_set = 1;
-
-  return 1;
-}
-
-static int
-sk_esk_hash_algorithm (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "integer|MD5|SHA1|RMD160|SHA256|SHA384|SHA512|SHA224";
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (si->hash)
-    log_fatal ("%s given multiple times.", option);
-
-  if (strcasecmp (argv[0], "MD5") == 0)
-    si->hash = DIGEST_ALGO_MD5;
-  else if (strcasecmp (argv[0], "SHA1") == 0)
-    si->hash = DIGEST_ALGO_SHA1;
-  else if (strcasecmp (argv[0], "RMD160") == 0)
-    si->hash = DIGEST_ALGO_RMD160;
-  else if (strcasecmp (argv[0], "SHA256") == 0)
-    si->hash = DIGEST_ALGO_SHA256;
-  else if (strcasecmp (argv[0], "SHA384") == 0)
-    si->hash = DIGEST_ALGO_SHA384;
-  else if (strcasecmp (argv[0], "SHA512") == 0)
-    si->hash = DIGEST_ALGO_SHA512;
-  else if (strcasecmp (argv[0], "SHA224") == 0)
-    si->hash = DIGEST_ALGO_SHA224;
-  else
-    {
-      char *tail;
-      int v;
-
-      errno = 0;
-      v = strtol (argv[0], &tail, 0);
-      if (errno || (tail && *tail)
-          || ! (v == DIGEST_ALGO_MD5
-                || v == DIGEST_ALGO_SHA1
-                || v == DIGEST_ALGO_RMD160
-                || v == DIGEST_ALGO_SHA256
-                || v == DIGEST_ALGO_SHA384
-                || v == DIGEST_ALGO_SHA512
-                || v == DIGEST_ALGO_SHA224))
-        log_fatal ("Invalid or unsupported value.  Usage: %s %s\n",
-                   option, usage);
-
-      si->hash = v;
-    }
-
-  return 1;
-}
-
-static int
-sk_esk_salt (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "16-HEX-CHARACTERS";
-  char *p = argv[0];
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (si->salt_set)
-    log_fatal ("%s given multiple times.", option);
-
-  if (p[0] == '0' && p[1] == 'x')
-    p += 2;
-
-  if (strlen (p) != 16)
-    log_fatal ("%s: Salt must be exactly 16 hexadecimal characters (have: %zd)\n",
-               option, strlen (p));
-
-  if (hex2bin (p, si->salt, sizeof (si->salt)) == -1)
-    log_fatal ("%s: Salt must only contain hexadecimal characters\n",
-               option);
-
-  si->salt_set = 1;
-
-  return 1;
-}
-
-static int
-sk_esk_iterations (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "ITERATION-COUNT";
-  char *tail;
-  int v;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  errno = 0;
-  v = strtol (argv[0], &tail, 0);
-  if (errno || (tail && *tail) || v < 0)
-    log_fatal ("%s: Non-negative integer expected.\n", option);
-
-  si->iterations = v;
-
-  return 1;
-}
-
-static int
-sk_esk_session_key (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "HEX-CHARACTERS|auto|none";
-  char *p = argv[0];
-  struct session_key sk;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (si->session_key || si->s2k_is_session_key
-      || si->new_session_key)
-    log_fatal ("%s given multiple times.", option);
-
-  if (strcasecmp (p, "none") == 0)
-    {
-      si->s2k_is_session_key = 1;
-      return 1;
-    }
-  if (strcasecmp (p, "new") == 0)
-    {
-      si->new_session_key = 1;
-      return 1;
-    }
-  if (strcasecmp (p, "auto") == 0)
-    return 1;
-
-  sk = parse_session_key (option, p, 0);
-
-  if (si->session_key)
-    log_fatal ("%s given multiple times.", option);
-
-  if (sk.algo)
-    si->sed_cipher = sk.algo;
-
-  si->session_key_len = sk.keylen;
-  si->session_key = sk.key;
-
-  return 1;
-}
-
-static int
-sk_esk_password (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct sk_esk_info *si = cookie;
-  char *usage = "PASSWORD";
-
-  if (argc == 0)
-    log_fatal ("Usage: --sk-esk %s\n", usage);
-
-  if (si->password)
-    log_fatal ("%s given multiple times.", option);
-
-  si->password = xstrdup (argv[0]);
-
-  return 1;
-}
-
-static struct option sk_esk_options[] = {
-  { "--cipher", sk_esk_cipher,
-    "The encryption algorithm for encrypting the session key.  "
-    "One of IDEA, 3DES, CAST5, BLOWFISH, AES (default), AES192, "
-    "AES256, TWOFISH, CAMELLIA128, CAMELLIA192, or CAMELLIA256." },
-  { "--sed-cipher", sk_esk_cipher,
-    "The encryption algorithm for encrypting the SED packet.  "
-    "One of IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, "
-    "AES256 (default), TWOFISH, CAMELLIA128, CAMELLIA192, or CAMELLIA256." },
-  { "--mode", sk_esk_mode,
-    "The S2K mode.  Either one of the strings \"simple\", \"salted\" "
-    "or \"iterated\" or an integer." },
-  { "--hash", sk_esk_hash_algorithm,
-    "The hash algorithm to used to derive the key.  One of "
-    "MD5, SHA1 (default), RMD160, SHA256, SHA384, SHA512, or SHA224." },
-  { "--salt", sk_esk_salt,
-    "The S2K salt encoded as 16 hexadecimal characters.  One needed "
-    "if the S2K function is in salted or iterated mode." },
-  { "--iterations", sk_esk_iterations,
-    "The iteration count.  If not provided, a reasonable value is chosen.  "
-    "Note: due to the encoding scheme, not every value is valid.  For "
-    "convenience, the provided value will be rounded appropriately.  "
-    "Only needed if the S2K function is in iterated mode." },
-  { "--session-key", sk_esk_session_key,
-    "The session key to be encrypted by the S2K function as a hexadecimal "
-    "string.  If this is \"new\", then a new session key is generated."
-    "If this is \"auto\", then either the last session key is "
-    "used, if the was none, one is generated.  If this is \"none\", then "
-    "the session key is the result of applying the S2K algorithms to the "
-    "password.  The session key may be prefaced with an integer and a colon "
-    "to indicate the cipher to use for the SED packet (making --sed-cipher "
-    "unnecessary and allowing the direct use of the result of "
-    "\"" GPG_NAME " --show-session-key\")." },
-  { "", sk_esk_password, "The password." },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --sk-esk foobar --encrypted \\\n"
-    "  --literal --value foo | " GPG_NAME " --list-packets" }
-};
-
-static int
-sk_esk (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  gpg_error_t err;
-  int processed;
-  struct sk_esk_info si;
-  DEK sesdek;
-  DEK s2kdek;
-  PKT_symkey_enc *ske;
-  PACKET pkt;
-
-  memset (&si, 0, sizeof (si));
-
-  processed = process_options (option,
-                               major_options,
-                               sk_esk_options, &si,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! si.password)
-    log_fatal ("%s: missing password.  Usage: %s PASSWORD", option, option);
-
-  /* Fill in defaults, if appropriate.  */
-  if (! si.cipher)
-    si.cipher = CIPHER_ALGO_AES;
-
-  if (! si.sed_cipher)
-    si.sed_cipher = CIPHER_ALGO_AES256;
-
-  if (! si.hash)
-    si.hash = DIGEST_ALGO_SHA1;
-
-  if (! si.mode_set)
-    /* Salted and iterated.  */
-    si.mode = 3;
-
-  if (si.mode != 0 && ! si.salt_set)
-    /* Generate a salt.  */
-    gcry_randomize (si.salt, 8, GCRY_STRONG_RANDOM);
-
-  if (si.mode == 0)
-    {
-      if (si.iterations)
-        log_info ("%s: --iterations provided, but not used for mode=0\n",
-                  option);
-      si.iterations = 0;
-    }
-  else if (! si.iterations)
-    si.iterations = 10000;
-
-  memset (&sesdek, 0, sizeof (sesdek));
-  /* The session key is used to encrypt the SED packet.  */
-  sesdek.algo = si.sed_cipher;
-  if (si.session_key)
-    /* Copy the unencrypted session key into SESDEK.  */
-    {
-      sesdek.keylen = openpgp_cipher_get_algo_keylen (sesdek.algo);
-      if (sesdek.keylen != si.session_key_len)
-        log_fatal ("%s: Cipher algorithm requires a %d byte session key, but provided session key is %d bytes.",
-                   option, sesdek.keylen, si.session_key_len);
-
-      log_assert (sesdek.keylen <= sizeof (sesdek.key));
-      memcpy (sesdek.key, si.session_key, sesdek.keylen);
-    }
-  else if (! si.s2k_is_session_key || si.new_session_key)
-    /* We need a session key, but one wasn't provided.  Generate it.  */
-    make_session_key (&sesdek);
-
-  /* The encrypted session key needs 1 + SESDEK.KEYLEN bytes of
-     space.  */
-  ske = xmalloc_clear (sizeof (*ske) + sesdek.keylen);
-
-  ske->version = 4;
-  ske->cipher_algo = si.cipher;
-
-  ske->s2k.mode = si.mode;
-  ske->s2k.hash_algo = si.hash;
-  log_assert (sizeof (si.salt) == sizeof (ske->s2k.salt));
-  memcpy (ske->s2k.salt, si.salt, sizeof (ske->s2k.salt));
-  if (! si.s2k_is_session_key)
-    /* 0 means get the default.  */
-    ske->s2k.count = encode_s2k_iterations (si.iterations);
-
-
-  /* Derive the symmetric key that is either the session key or the
-     key used to encrypt the session key.  */
-  memset (&s2kdek, 0, sizeof (s2kdek));
-
-  s2kdek.algo = si.cipher;
-  s2kdek.keylen = openpgp_cipher_get_algo_keylen (s2kdek.algo);
-
-  err = gcry_kdf_derive (si.password, strlen (si.password),
-                         ske->s2k.mode == 3 ? GCRY_KDF_ITERSALTED_S2K
-                         : ske->s2k.mode == 1 ? GCRY_KDF_SALTED_S2K
-                         : GCRY_KDF_SIMPLE_S2K,
-                         ske->s2k.hash_algo, ske->s2k.salt, 8,
-                         S2K_DECODE_COUNT (ske->s2k.count),
-                         /* The size of the desired key and its
-                            buffer.  */
-                         s2kdek.keylen, s2kdek.key);
-  if (err)
-    log_fatal ("gcry_kdf_derive failed: %s", gpg_strerror (err));
-
-
-  if (si.s2k_is_session_key)
-    {
-      ske->seskeylen = 0;
-      session_key = s2kdek;
-    }
-  else
-    /* Encrypt the session key using the s2k specifier.  */
-    {
-      DEK *sesdekp = &sesdek;
-
-      /* Now encrypt the session key (or rather, the algorithm used to
-         encrypt the SED plus the session key) using ENCKEY.  */
-      ske->seskeylen = 1 + sesdek.keylen;
-      encrypt_seskey (&s2kdek, &sesdekp, ske->seskey);
-
-      /* Save the session key for later.  */
-      session_key = sesdek;
-    }
-
-  pkt.pkttype = PKT_SYMKEY_ENC;
-  pkt.pkt.symkey_enc = ske;
-
-  err = build_packet (out, &pkt);
-  if (err)
-    log_fatal ("Serializing sym-key encrypted packet: %s\n",
-               gpg_strerror (err));
-
-  debug ("Wrote sym-key encrypted packet:\n");
-  dump_component (&pkt);
-
-  xfree (si.session_key);
-  xfree (si.password);
-  xfree (ske);
-
-  return processed;
-}
-
-struct pk_esk_info
-{
-  int session_key_set;
-
-  int new_session_key;
-
-  int sed_cipher;
-  int session_key_len;
-  char *session_key;
-
-  int throw_keyid;
-
-  char *keyid;
-};
-
-static int
-pk_esk_session_key (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct pk_esk_info *pi = cookie;
-  char *usage = "HEX-CHARACTERS|auto|none";
-  char *p = argv[0];
-  struct session_key sk;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (pi->session_key_set)
-    log_fatal ("%s given multiple times.", option);
-  pi->session_key_set = 1;
-
-  if (strcasecmp (p, "new") == 0)
-    {
-      pi->new_session_key = 1;
-      return 1;
-    }
-
-  if (strcasecmp (p, "auto") == 0)
-    return 1;
-
-  sk = parse_session_key (option, p, 0);
-
-  if (pi->session_key)
-    log_fatal ("%s given multiple times.", option);
-
-  if (sk.algo)
-    pi->sed_cipher = sk.algo;
-
-  pi->session_key_len = sk.keylen;
-  pi->session_key = sk.key;
-
-  return 1;
-}
-
-static int
-pk_esk_throw_keyid (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct pk_esk_info *pi = cookie;
-
-  (void) option;
-  (void) argc;
-  (void) argv;
-
-  pi->throw_keyid = 1;
-
-  return 0;
-}
-
-static int
-pk_esk_keyid (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct pk_esk_info *pi = cookie;
-  char *usage = "KEYID";
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (pi->keyid)
-    log_fatal ("Multiple key ids given, but only one is allowed.");
-
-  pi->keyid = xstrdup (argv[0]);
-
-  return 1;
-}
-
-static struct option pk_esk_options[] = {
-  { "--session-key", pk_esk_session_key,
-    "The session key to be encrypted by the S2K function as a hexadecimal "
-    "string.  If this is not given or is \"auto\", then the current "
-    "session key is used.  If there is no session key or this is \"new\", "
-    "then a new session key is generated.  The session key may be "
-    "prefaced with an integer and a colon to indicate the cipher to use "
-    "for the SED packet (making --sed-cipher unnecessary and allowing the "
-    "direct use of the result of \"" GPG_NAME " --show-session-key\")." },
-  { "--throw-keyid", pk_esk_throw_keyid,
-    "Throw the keyid." },
-  { "", pk_esk_keyid, "The key id." },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --pk-esk $KEYID --encrypted --literal --value foo \\\n"
-    "  | " GPG_NAME " --list-packets"}
-};
-
-static int
-pk_esk (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  gpg_error_t err;
-  int processed;
-  struct pk_esk_info pi;
-  PKT_public_key pk;
-
-  memset (&pi, 0, sizeof (pi));
-
-  processed = process_options (option,
-                               major_options,
-                               pk_esk_options, &pi,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! pi.keyid)
-    log_fatal ("%s: missing keyid.  Usage: %s KEYID", option, option);
-
-  memset (&pk, 0, sizeof (pk));
-  pk.req_usage = PUBKEY_USAGE_ENC;
-  err = get_pubkey_byname (NULL, GET_PUBKEY_NO_AKL,
-                           NULL, &pk, pi.keyid, NULL, NULL, 1);
-  if (err)
-    log_fatal ("%s: looking up key %s: %s\n",
-               option, pi.keyid, gpg_strerror (err));
-
-  if (pi.sed_cipher)
-    /* Have a session key.  */
-    {
-      session_key.algo = pi.sed_cipher;
-      session_key.keylen = pi.session_key_len;
-      log_assert (session_key.keylen <= sizeof (session_key.key));
-      memcpy (session_key.key, pi.session_key, session_key.keylen);
-    }
-
-  if (pi.new_session_key || ! session_key.algo)
-    {
-      if (! pi.new_session_key)
-        /* Default to AES256.  */
-        session_key.algo = CIPHER_ALGO_AES256;
-      make_session_key (&session_key);
-    }
-
-  err = write_pubkey_enc (global_ctrl, &pk, pi.throw_keyid, &session_key, out);
-  if (err)
-    log_fatal ("%s: writing pk_esk packet for %s: %s\n",
-               option, pi.keyid, gpg_strerror (err));
-
-  debug ("Wrote pk_esk packet for %s\n", pi.keyid);
-
-  xfree (pi.keyid);
-  xfree (pi.session_key);
-
-  return processed;
-}
-
-struct encinfo
-{
-  int saw_session_key;
-};
-
-static int
-encrypted_session_key (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct encinfo *ei = cookie;
-  char *usage = "HEX-CHARACTERS|auto";
-  char *p = argv[0];
-  struct session_key sk;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s %s\n", option, usage);
-
-  if (ei->saw_session_key)
-    log_fatal ("%s given multiple times.", option);
-  ei->saw_session_key = 1;
-
-  if (strcasecmp (p, "auto") == 0)
-    return 1;
-
-  sk = parse_session_key (option, p, 1);
-
-  session_key.algo = sk.algo;
-  log_assert (sk.keylen <= sizeof (session_key.key));
-  memcpy (session_key.key, sk.key, sk.keylen);
-  xfree (sk.key);
-
-  return 1;
-}
-
-static struct option encrypted_options[] = {
-  { "--session-key", encrypted_session_key,
-    "The session key to be encrypted by the S2K function as a hexadecimal "
-    "string.  If this is not given or is \"auto\", then the last session key "
-    "is used.  If there was none, then an error is raised.  The session key "
-    "must be prefaced with an integer and a colon to indicate the cipher "
-    "to use (this is format used by \"" GPG_NAME " --show-session-key\")." },
-  { NULL, NULL,
-    "After creating the packet, this command clears the current "
-    "session key.\n\n"
-    "Example: nested encryption packets:\n\n"
-    "  $ gpgcompose --sk-esk foo --encrypted-mdc \\\n"
-    "  --sk-esk bar --encrypted-mdc \\\n"
-    "  --literal --value 123 --encrypted-pop --encrypted-pop | " GPG_NAME" -d" }
-};
-
-static int
-encrypted (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  int processed;
-  struct encinfo ei;
-  PKT_encrypted e;
-  cipher_filter_context_t *cfx;
-
-  memset (&ei, 0, sizeof (ei));
-
-  processed = process_options (option,
-                               major_options,
-                               encrypted_options, &ei,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! session_key.algo)
-    log_fatal ("%s: no session key configured\n"
-               "  (use e.g. --sk-esk PASSWORD or --pk-esk KEYID).\n",
-               option);
-
-  memset (&e, 0, sizeof (e));
-  /* We only need to set E->LEN, E->EXTRALEN (if E->LEN is not
-     0), and E->NEW_CTB.  */
-  e.len = 0;
-  e.new_ctb = 1;
-
-  /* Register the cipher filter. */
-
-  cfx = xmalloc_clear (sizeof (*cfx));
-
-  /* Copy the session key.  */
-  cfx->dek = xmalloc (sizeof (*cfx->dek));
-  *cfx->dek = session_key;
-
-  if (do_debug)
-    {
-      char *buf;
-
-      buf = xmalloc (2 * session_key.keylen + 1);
-      debug ("session key: algo: %d; keylen: %d; key: %s\n",
-             session_key.algo, session_key.keylen,
-             bin2hex (session_key.key, session_key.keylen, buf));
-      xfree (buf);
-    }
-
-  if (strcmp (option, "--encrypted-mdc") == 0)
-    cfx->dek->use_mdc = 1;
-  else if (strcmp (option, "--encrypted") == 0)
-    cfx->dek->use_mdc = 0;
-  else
-    log_fatal ("%s: option not handled by this function!\n", option);
-
-  cfx->datalen = 0;
-
-  filter_push (out, cipher_filter_cfb, cfx, PKT_ENCRYPTED, cfx->datalen == 0);
-
-  debug ("Wrote encrypted packet:\n");
-
-  /* Clear the current session key.  */
-  memset (&session_key, 0, sizeof (session_key));
-
-  return processed;
-}
-
-static struct option encrypted_pop_options[] = {
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --sk-esk PASSWORD \\\n"
-    "    --encrypted-mdc \\\n"
-    "      --literal --value foo \\\n"
-    "    --encrypted-pop | " GPG_NAME " --list-packets" }
-};
-
-static int
-encrypted_pop (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  int processed;
-
-  processed = process_options (option,
-                               major_options,
-                               encrypted_pop_options,
-                               NULL,
-                               global_options, NULL,
-                               argc, argv);
-  /* We only support a single option, --help, which causes the program
-   * to exit.  */
-  log_assert (processed == 0);
-
-  filter_pop (out, PKT_ENCRYPTED);
-
-  debug ("Popped encryption container.\n");
-
-  return processed;
-}
-
-struct data
-{
-  int file;
-  union
-  {
-    char *data;
-    char *filename;
-  };
-  struct data *next;
-};
-
-/* This must be the first member of the struct to be able to use
-   add_value!  */
-struct datahead
-{
-  struct data *head;
-  struct data **last_next;
-};
-
-static int
-add_value (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct datahead *dh = cookie;
-  struct data *d = xmalloc_clear (sizeof (struct data));
-
-  d->file = strcmp ("--file", option) == 0;
-  if (! d->file)
-    log_assert (strcmp ("--value", option) == 0);
-
-  if (argc == 0)
-    {
-      if (d->file)
-        log_fatal ("Usage: %s FILENAME\n", option);
-      else
-        log_fatal ("Usage: %s STRING\n", option);
-    }
-
-  if (! dh->last_next)
-    /* First time through.  Initialize DH->LAST_NEXT.  */
-    {
-      log_assert (! dh->head);
-      dh->last_next = &dh->head;
-    }
-
-  if (d->file)
-    d->filename = argv[0];
-  else
-    d->data = argv[0];
-
-  /* Append it.  */
-  *dh->last_next = d;
-  dh->last_next = &d->next;
-
-  return 1;
-}
-
-struct litinfo
-{
-  /* This must be the first element for add_value to work!  */
-  struct datahead data;
-
-  int timestamp_set;
-  u32 timestamp;
-  char mode;
-  int partial_body_length_encoding;
-  char *name;
-};
-
-static int
-literal_timestamp (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct litinfo *li = cookie;
-
-  char *tail = NULL;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s TIMESTAMP\n", option);
-
-  errno = 0;
-  li->timestamp = parse_timestamp (argv[0], &tail);
-  if (errno || (tail && *tail))
-    log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
-  li->timestamp_set = 1;
-
-  return 1;
-}
-
-static int
-literal_mode (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct litinfo *li = cookie;
-
-  if (argc == 0
-      || ! (strcmp (argv[0], "b") == 0
-            || strcmp (argv[0], "t") == 0
-            || strcmp (argv[0], "u") == 0))
-    log_fatal ("Usage: %s [btu]\n", option);
-
-  li->mode = argv[0][0];
-
-  return 1;
-}
-
-static int
-literal_partial_body_length (const char *option, int argc, char *argv[],
-                             void *cookie)
-{
-  struct litinfo *li = cookie;
-  char *tail;
-  int v;
-  int range[2] = {0, 1};
-
-  if (argc <= 1)
-    log_fatal ("Usage: %s [0|1]\n", option);
-
-  errno = 0;
-  v = strtol (argv[0], &tail, 0);
-  if (errno || (tail && *tail) || !(range[0] <= v && v <= range[1]))
-    log_fatal ("Invalid value passed to %s (%s).  Expected %d-%d\n",
-               option, argv[0], range[0], range[1]);
-
-  li->partial_body_length_encoding = v;
-
-  return 1;
-}
-
-static int
-literal_name (const char *option, int argc, char *argv[], void *cookie)
-{
-  struct litinfo *li = cookie;
-
-  if (argc <= 0)
-    log_fatal ("Usage: %s NAME\n", option);
-
-  if (strlen (argv[0]) > 255)
-    log_fatal ("%s: name is too long (%zd > 255 characters).\n",
-               option, strlen (argv[0]));
-
-  li->name = argv[0];
-
-  return 1;
-}
-
-static struct option literal_options[] = {
-  { "--value", add_value,
-    "A string to store in the literal packet." },
-  { "--file", add_value,
-    "A file to copy into the literal packet." },
-  { "--timestamp", literal_timestamp,
-    "The literal packet's time stamp.  This defaults to the current time." },
-  { "--mode", literal_mode,
-    "The content's mode (normally 'b' (default), 't' or 'u')." },
-  { "--partial-body-length", literal_partial_body_length,
-    "Force partial body length encoding." },
-  { "--name", literal_name,
-    "The literal's name." },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --literal --value foobar | " GPG_NAME " -d"}
-};
-
-static int
-literal (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  gpg_error_t err;
-  int processed;
-  struct litinfo li;
-  PKT_plaintext *pt;
-  PACKET pkt;
-  struct data *data;
-
-  memset (&li, 0, sizeof (li));
-
-  processed = process_options (option,
-                               major_options,
-                               literal_options, &li,
-                               global_options, NULL,
-                               argc, argv);
-
-  if (! li.data.head)
-    log_fatal ("%s: no data provided (use --value or --file)", option);
-
-  pt = xmalloc_clear (sizeof (*pt) + (li.name ? strlen (li.name) : 0));
-  pt->new_ctb = 1;
-
-  if (li.timestamp_set)
-    pt->timestamp = li.timestamp;
-  else
-    /* Default to the current time.  */
-    pt->timestamp = make_timestamp ();
-
-  pt->mode = li.mode;
-  if (! pt->mode)
-    /* Default to binary.  */
-    pt->mode = 'b';
-
-  if (li.name)
-    {
-      strcpy (pt->name, li.name);
-      pt->namelen = strlen (pt->name);
-    }
-
-  pkt.pkttype = PKT_PLAINTEXT;
-  pkt.pkt.plaintext = pt;
-
-  if (! li.partial_body_length_encoding)
-    /* Compute the amount of data.  */
-    {
-      pt->len = 0;
-      for (data = li.data.head; data; data = data->next)
-        {
-          if (data->file)
-            {
-              iobuf_t in;
-              int overflow;
-              off_t off;
-
-              in = iobuf_open (data->filename);
-              if (! in)
-                /* An error opening the file.  We do error handling
-                   below so just break here.  */
-                {
-                  pt->len = 0;
-                  break;
-                }
-
-              off = iobuf_get_filelength (in, &overflow);
-              iobuf_close (in);
-
-              if (overflow || off == 0)
-                /* Length is unknown or there was an error
-                   (unfortunately, iobuf_get_filelength doesn't
-                   distinguish between 0 length files and an error!).
-                   Fall back to partial body mode.  */
-                {
-                  pt->len = 0;
-                  break;
-                }
-
-              pt->len += off;
-            }
-          else
-            pt->len += strlen (data->data);
-        }
-    }
-
-  err = build_packet (out, &pkt);
-  if (err)
-    log_fatal ("Serializing literal packet: %s\n", gpg_strerror (err));
-
-  /* Write out the data.  */
-  for (data = li.data.head; data; data = data->next)
-    {
-      if (data->file)
-        {
-          iobuf_t in;
-          errno = 0;
-          in = iobuf_open (data->filename);
-          if (! in)
-            log_fatal ("Opening '%s': %s\n",
-                       data->filename,
-                       errno ? strerror (errno): "unknown error");
-
-          iobuf_copy (out, in);
-          if (iobuf_error (in))
-            log_fatal ("Reading from %s: %s\n",
-                       data->filename,
-                       gpg_strerror (iobuf_error (in)));
-          if (iobuf_error (out))
-            log_fatal ("Writing literal data from %s: %s\n",
-                       data->filename,
-                       gpg_strerror (iobuf_error (out)));
-
-          iobuf_close (in);
-        }
-      else
-        {
-          err = iobuf_write (out, data->data, strlen (data->data));
-          if (err)
-            log_fatal ("Writing literal data: %s\n", gpg_strerror (err));
-        }
-    }
-
-  if (! pt->len)
-    {
-      /* Disable partial body length mode.  */
-      log_assert (pt->new_ctb == 1);
-      iobuf_set_partial_body_length_mode (out, 0);
-    }
-
-  debug ("Wrote literal packet:\n");
-  dump_component (&pkt);
-
-  while (li.data.head)
-    {
-      data = li.data.head->next;
-      xfree (li.data.head);
-      li.data.head = data;
-    }
-  xfree (pt);
-
-  return processed;
-}
-
-static int
-copy_file (const char *option, int argc, char *argv[], void *cookie)
-{
-  char **filep = cookie;
-
-  if (argc == 0)
-    log_fatal ("Usage: %s FILENAME\n", option);
-
-  *filep = argv[0];
-
-  return 1;
-}
-
-static struct option copy_options[] = {
-  { "", copy_file, "Copy the specified file to stdout." },
-  { NULL, NULL,
-    "Example:\n\n"
-    "  $ gpgcompose --copy /etc/hostname\n\n"
-    "This is particularly useful when combined with gpgsplit." }
-};
-
-static int
-copy (const char *option, int argc, char *argv[], void *cookie)
-{
-  iobuf_t out = cookie;
-  char *file = NULL;
-  iobuf_t in;
-
-  int processed;
-
-  processed = process_options (option,
-                               major_options,
-                               copy_options, &file,
-                               global_options, NULL,
-                               argc, argv);
-  if (! file)
-    log_fatal ("Usage: %s FILE\n", option);
-
-  errno = 0;
-  in = iobuf_open (file);
-  if (! in)
-    log_fatal ("Error opening %s: %s.\n",
-               file, errno ? strerror (errno): "unknown error");
-
-  iobuf_copy (out, in);
-  if (iobuf_error (out))
-    log_fatal ("Copying data to destination: %s\n",
-               gpg_strerror (iobuf_error (out)));
-  if (iobuf_error (in))
-    log_fatal ("Reading data from %s: %s\n",
-               argv[0], gpg_strerror (iobuf_error (in)));
-
-  iobuf_close (in);
-
-  return processed;
-}
-
-int
-main (int argc, char *argv[])
-{
-  const char *filename = "-";
-  iobuf_t out;
-  int preprocessed = 1;
-  int processed;
-  ctrl_t ctrl;
-
-  opt.ignore_time_conflict = 1;
-  /* Allow notations in the IETF space, for instance.  */
-  opt.expert = 1;
-
-  global_ctrl = ctrl = xcalloc (1, sizeof *ctrl);
-
-  keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
-                      KEYDB_RESOURCE_FLAG_DEFAULT);
-
-  if (argc == 1)
-    /* Nothing to do.  */
-    return 0;
-
-  if (strcmp (argv[1], "--output") == 0
-      || strcmp (argv[1], "-o") == 0)
-    {
-      filename = argv[2];
-      log_info ("Writing to %s\n", filename);
-      preprocessed += 2;
-    }
-
-  out = iobuf_create (filename, 0);
-  if (! out)
-    log_fatal ("Failed to open stdout for writing\n");
-
-  processed = process_options (NULL, NULL,
-                               major_options, out,
-                               global_options, NULL,
-                               argc - preprocessed, &argv[preprocessed]);
-  if (processed != argc - preprocessed)
-    log_fatal ("Didn't process %d options.\n", argc - preprocessed - processed);
-
-  iobuf_close (out);
-
-  return 0;
-}
-
-/* Stubs duplicated from gpg.c.  */
-
-int g10_errors_seen = 0;
-
-/* Note: This function is used by signal handlers!. */
-static void
-emergency_cleanup (void)
-{
-  gcry_control (GCRYCTL_TERM_SECMEM );
-}
-
-void
-g10_exit( int rc )
-{
-  gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
-
-  emergency_cleanup ();
-
-  rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
-  exit (rc);
-}
-
-void
-keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
-	      strlist_t commands, int quiet, int seckey_check)
-{
-  (void) ctrl;
-  (void) username;
-  (void) locusr;
-  (void) commands;
-  (void) quiet;
-  (void) seckey_check;
-}
-
-void
-show_basic_key_info (ctrl_t ctrl, KBNODE keyblock, int made_from_sec)
-{
-  (void)ctrl;
-  (void)keyblock;
-  (void)made_from_sec;
-}
-
-int
-keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
-                       int rc, kbnode_t keyblock, kbnode_t node,
-		       int *inv_sigs, int *no_key, int *oth_err,
-		       int is_selfsig, int print_without_key, int extended)
-{
-  (void) ctrl;
-  (void) fp;
-  (void) rc;
-  (void) keyblock;
-  (void) node;
-  (void) inv_sigs;
-  (void) no_key;
-  (void) oth_err;
-  (void) is_selfsig;
-  (void) print_without_key;
-  (void) extended;
-  return 0;
-}
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 4e9c35d..82fbf8f 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -1,6 +1,6 @@
 /* gpgv.c - The GnuPG signature verify utility
  * Copyright (C) 1998-2020 Free Software Foundation, Inc.
- * Copyright (C) 1998-2019 Werner Koch
+ * Copyright (C) 1997-2019 Werner Koch
  * Copyright (C) 2015-2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
@@ -72,7 +72,7 @@ enum cmd_and_opt_values {
 };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (300, N_("@\nOptions:\n ")),
 
   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@@ -172,14 +172,14 @@ my_strusage( int level )
 int
 main( int argc, char **argv )
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int rc=0;
   strlist_t sl;
   strlist_t nrings = NULL;
   ctrl_t ctrl;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("gpgv", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
@@ -210,7 +210,7 @@ main( int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparser (&pargs, opts, NULL))
+  while (gpgrt_argparser (&pargs, opts, NULL))
     {
       switch (pargs.r_opt)
         {
@@ -255,7 +255,7 @@ main( int argc, char **argv )
 	}
     }
 
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (log_get_errorcount (0))
     g10_exit(2);
@@ -299,10 +299,13 @@ g10_exit( int rc )
  * We have to override the trustcheck from pkclist.c because
  * this utility assumes that all keys in the keyring are trustworthy
  */
-int
-check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
+gpg_error_t
+check_signatures_trust (ctrl_t ctrl, kbnode_t kblock,
+                        PKT_public_key *pk, PKT_signature *sig)
 {
   (void)ctrl;
+  (void)kblock;
+  (void)pk;
   (void)sig;
   return 0;
 }
@@ -420,33 +423,23 @@ keyserver_any_configured (ctrl_t ctrl)
 }
 
 int
-keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
+keyserver_import_keyid (u32 *keyid, void *dummy, int quick)
 {
   (void)keyid;
   (void)dummy;
-  (void)flags;
+  (void)quick;
   return -1;
 }
 
 int
 keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
-			 struct keyserver_spec *keyserver, unsigned int flags)
+			 struct keyserver_spec *keyserver, int quick)
 {
   (void)ctrl;
   (void)fprint;
   (void)fprint_len;
   (void)keyserver;
-  (void)flags;
-  return -1;
-}
-
-int
-keyserver_import_fprint_ntds (ctrl_t ctrl,
-                              const byte *fprint, size_t fprint_len)
-{
-  (void)ctrl;
-  (void)fprint;
-  (void)fprint_len;
+  (void)quick;
   return -1;
 }
 
@@ -457,28 +450,20 @@ keyserver_import_cert (const char *name)
   return -1;
 }
 
-int
-keyserver_import_pka (const char *name,unsigned char *fpr)
-{
-  (void)name;
-  (void)fpr;
-  return -1;
-}
-
 gpg_error_t
-keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
+keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
                       unsigned char **fpr, size_t *fpr_len)
 {
   (void)ctrl;
   (void)name;
-  (void)flags;
+  (void)quick;
   (void)fpr;
   (void)fpr_len;
   return GPG_ERR_BUG;
 }
 
 int
-keyserver_import_mbox (const char *name,struct keyserver_spec *spec)
+keyserver_import_name (const char *name,struct keyserver_spec *spec)
 {
   (void)name;
   (void)spec;
@@ -530,7 +515,7 @@ import_included_key_block (ctrl_t ctrl, kbnode_t keyblock)
  * No encryption here but mainproc links to these functions.
  */
 gpg_error_t
-get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek)
+get_session_key (ctrl_t ctrl, struct pubkey_enc_list *k, DEK *dek)
 {
   (void)ctrl;
   (void)k;
@@ -549,14 +534,12 @@ get_override_session_key (DEK *dek, const char *string)
 
 /* Stub: */
 int
-decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
-              int *compliance_error)
+decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
 {
   (void)ctrl;
   (void)procctx;
   (void)ed;
   (void)dek;
-  (void)compliance_error;
   return GPG_ERR_GENERAL;
 }
 
@@ -586,14 +569,13 @@ check_secret_key (PKT_public_key *pk, int n)
  */
 DEK *
 passphrase_to_dek (int cipher_algo, STRING2KEY *s2k, int create, int nocache,
-                   const char *tmp, unsigned int flags, int *canceled)
+                   const char *tmp, int *canceled)
 {
   (void)cipher_algo;
   (void)s2k;
   (void)create;
   (void)nocache;
   (void)tmp;
-  (void)flags;
 
   if (canceled)
     *canceled = 0;
@@ -706,12 +688,12 @@ dotlock_remove_lockfiles (void)
 {
 }
 
-gpg_error_t
+int
 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 {
   (void)ctrl;
   (void)pk;
-  return gpg_error (GPG_ERR_NO_SECKEY);
+  return 0;
 }
 
 gpg_error_t
@@ -734,22 +716,6 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
 }
 
 gpg_error_t
-gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
-                     unsigned char **r_fpr, size_t *r_fprlen,
-                     char **r_url)
-{
-  (void)ctrl;
-  (void)userid;
-  if (r_fpr)
-    *r_fpr = NULL;
-  if (r_fprlen)
-    *r_fprlen = 0;
-  if (r_url)
-    *r_url = NULL;
-  return gpg_error (GPG_ERR_NOT_FOUND);
-}
-
-gpg_error_t
 export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
                       const void *prefix, size_t prefixlen,
                       export_stats_t stats,
diff --git a/g10/gpgv.w32-manifest.in b/g10/gpgv.w32-manifest.in
deleted file mode 100644
index b7a2120..0000000
--- a/g10/gpgv.w32-manifest.in
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
-<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-<description>GNU Privacy Guard (OpenPGP verify tool)</description>
-<assemblyIdentity
-    type="win32"
-    name="GnuPG.gpgv"
-    version="@BUILD_VERSION@"
-    />
-<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
-  <application>
-    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><!-- 10 -->
-    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
-    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
-    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
-    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><!-- Vista -->
-  </application>
-</compatibility>
-</assembly>
diff --git a/g10/import.c b/g10/import.c
index b2d5c1d..8e82ede 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -177,9 +177,15 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {"fast-import",IMPORT_FAST,NULL,
        N_("do not update the trustdb after import")},
 
+      {"bulk-import",IMPORT_BULK, NULL,
+       N_("enable bulk import mode")},
+
       {"import-show",IMPORT_SHOW,NULL,
        N_("show key during import")},
 
+      {"show-only", (IMPORT_SHOW | IMPORT_DRY_RUN), NULL,
+       N_("show key but do not actually import") },
+
       {"merge-only",IMPORT_MERGE_ONLY,NULL,
        N_("only accept updates to existing keys")},
 
@@ -202,9 +208,10 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {"repair-keys", IMPORT_REPAIR_KEYS, NULL,
        N_("repair keys on import")},
 
-      /* No description to avoid string change: Fixme for 2.3 */
-      {"show-only", (IMPORT_SHOW | IMPORT_DRY_RUN), NULL,
-       NULL},
+      /* Hidden options which are enabled by default and are provided
+       * in case of problems with the respective implementation.  */
+      {"collapse-uids", IMPORT_COLLAPSE_UIDS, NULL, NULL},
+      {"collapse-subkeys", IMPORT_COLLAPSE_SUBKEYS, NULL, NULL},
 
       /* Aliases for backward compatibility */
       {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
@@ -218,20 +225,8 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {NULL,0,NULL,NULL}
     };
   int rc;
-  int saved_self_sigs_only;
-
-  /* We need to set a flag indicating wether the user has set
-   * IMPORT_SELF_SIGS_ONLY or it came from the default.  */
-  saved_self_sigs_only = (*options & IMPORT_SELF_SIGS_ONLY);
-  saved_self_sigs_only &= ~IMPORT_SELF_SIGS_ONLY;
 
   rc = parse_options (str, options, import_opts, noisy);
-
-  if (rc && (*options & IMPORT_SELF_SIGS_ONLY))
-    opt.flags.expl_import_self_sigs_only = 1;
-  else
-    *options |= saved_self_sigs_only;
-
   if (rc && (*options & IMPORT_RESTORE))
     {
       /* Alter other options we want or don't want for restore.  */
@@ -411,7 +406,10 @@ read_key_from_file_or_buffer (ctrl_t ctrl, const char *fname,
       goto leave;
     }
 
+  /* We do the collapsing unconditionally although it is expected that
+   * clean keys are provided here.  */
   collapse_uids (&keyblock);
+  collapse_subkeys (&keyblock);
 
   clear_kbnode_flags (keyblock);
   if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
@@ -604,7 +602,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp,
   gpg_error_t err;
   iobuf_t inp;
 
-  inp = iobuf_esopen (fp, "rb", 1);
+  inp = iobuf_esopen (fp, "rb", 1, 0);
   if (!inp)
     {
       err = gpg_error_from_syserror ();
@@ -746,6 +744,13 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
     log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc));
 
   release_kbnode (secattic);
+
+  /* When read_block loop was stopped by error, we have PENDING_PKT left.  */
+  if (pending_pkt)
+    {
+      free_packet (pending_pkt, NULL);
+      xfree (pending_pkt);
+    }
   return rc;
 }
 
@@ -941,14 +946,12 @@ read_block( IOBUF a, unsigned int options,
   skip_sigs = 0;
   while ((rc=parse_packet (&parsectx, pkt)) != -1)
     {
-      if (rc && ((gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
-                 || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
+      if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
                  && (pkt->pkttype == PKT_PUBLIC_KEY
                      || pkt->pkttype == PKT_SECRET_KEY)))
         {
           in_v3key = 1;
-          if (gpg_err_code (rc) != GPG_ERR_UNKNOWN_VERSION)
-            ++*r_v3keys;
+          ++*r_v3keys;
           free_packet (pkt, &parsectx);
           init_packet (pkt);
           continue;
@@ -1320,6 +1323,24 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock)
 		      problem=1;
 		    }
 		}
+	      else if(prefs->type==PREFTYPE_AEAD)
+		{
+		  if (openpgp_aead_test_algo (prefs->value))
+		    {
+                      /* FIXME: The test below is wrong.  We should
+                       * check if ...algo_name yields a "?" and
+                       * only in that case use NUM.  */
+		      const char *algo =
+                        (openpgp_aead_test_algo (prefs->value)
+                         ? num
+                         : openpgp_aead_algo_name (prefs->value));
+		      if(!problem)
+			check_prefs_warning(pk);
+		      log_info(_("         \"%s\": preference for AEAD"
+				 " algorithm %s\n"), user, algo);
+		      problem=1;
+		    }
+		}
 	      else if(prefs->type==PREFTYPE_HASH)
 		{
 		  if(openpgp_md_test_algo(prefs->value))
@@ -1412,7 +1433,7 @@ impex_filter_getval (void *cookie, const char *propname)
         {
           if (!uid->mbox)
             {
-              uid->mbox = mailbox_from_userid (uid->name);
+              uid->mbox = mailbox_from_userid (uid->name, 0);
             }
           result = uid->mbox;
         }
@@ -1442,7 +1463,7 @@ impex_filter_getval (void *cookie, const char *propname)
         }
       else if (!strcmp (propname, "sig_created_d"))
         {
-          result = datestr_from_sig (sig);
+          result = dateonlystr_from_sig (sig);
         }
       else if (!strcmp (propname, "sig_algo"))
         {
@@ -1485,7 +1506,7 @@ impex_filter_getval (void *cookie, const char *propname)
         }
       else if (!strcmp (propname, "key_created_d"))
         {
-          result = datestr_from_pk (pk);
+          result = dateonlystr_from_pk (pk);
         }
       else if (!strcmp (propname, "expired"))
         {
@@ -1893,7 +1914,7 @@ import_one_real (ctrl_t ctrl,
     }
 
 
-  if (!uidnode )
+  if (!uidnode)
     {
       if (!silent)
         log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@@ -1920,14 +1941,19 @@ import_one_real (ctrl_t ctrl,
         return 0;
     }
 
-  /* Remove all non-self-sigs if requested.  Noe that this is a NOP if
+  /* Remove all non-self-sigs if requested.  Note that this is a NOP if
    * that option has been globally set but we may also be called
    * latter with the already parsed keyblock and a locally changed
    * option.  This is why we need to remove them here as well.  */
   if ((options & IMPORT_SELF_SIGS_ONLY))
     remove_all_non_self_sigs (&keyblock, keyid);
 
-  collapse_uids(&keyblock);
+  /* Remove or collapse the user ids.  */
+  if ((options & IMPORT_COLLAPSE_UIDS))
+    collapse_uids (&keyblock);
+
+  if ((options & IMPORT_COLLAPSE_SUBKEYS))
+    collapse_subkeys (&keyblock);
 
   /* Clean the key that we're about to import, to cut down on things
      that we have to clean later.  This has no practical impact on the
@@ -1974,12 +2000,13 @@ import_one_real (ctrl_t ctrl,
 	  }
     }
 
-  if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
+  /* Delete invalid parts and bail out if there are no user ids left.  */
+  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
     {
       if (!silent)
         {
-          log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
-          if (!opt.quiet )
+          log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+          if (!opt.quiet)
             log_info(_("this may be caused by a missing self-signature\n"));
         }
       stats->no_user_id++;
@@ -2049,7 +2076,7 @@ import_one_real (ctrl_t ctrl,
     goto leave;
 
   /* Do we have this key already in one of our pubrings ? */
-  err = get_keyblock_byfprint_fast (&keyblock_orig, &hd,
+  err = get_keyblock_byfprint_fast (ctrl, &keyblock_orig, &hd,
                                     fpr2, fpr2len, 1/*locked*/);
   if ((err
        && gpg_err_code (err) != GPG_ERR_NO_PUBKEY
@@ -2131,7 +2158,7 @@ import_one_real (ctrl_t ctrl,
       /* We are ready.  */
       if (!err && !opt.quiet && !silent)
         {
-          char *p = get_user_id_byfpr_native (ctrl, fpr2);
+          char *p = get_user_id_byfpr_native (ctrl, fpr2, fpr2len);
           log_info (_("key %s: public key \"%s\" imported\n"),
                     keystr(keyid), p);
           xfree(p);
@@ -2225,7 +2252,7 @@ import_one_real (ctrl_t ctrl,
            * very likely means that no update happened.  */
           if (!err && !opt.quiet && !silent)
             {
-              char *p = get_user_id_byfpr_native (ctrl, fpr2);
+              char *p = get_user_id_byfpr_native (ctrl, fpr2, fpr2len);
               if (n_uids == 1 )
                 log_info( _("key %s: \"%s\" 1 new user ID\n"),
                           keystr(keyid),p);
@@ -2289,7 +2316,7 @@ import_one_real (ctrl_t ctrl,
 
           if (!opt.quiet && !silent)
             {
-              char *p = get_user_id_byfpr_native (ctrl, fpr2);
+              char *p = get_user_id_byfpr_native (ctrl, fpr2, fpr2len);
               log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
               xfree(p);
             }
@@ -2340,13 +2367,13 @@ import_one_real (ctrl_t ctrl,
   if (mod_key)
     {
       revocation_present (ctrl, keyblock_orig);
-      if (!from_sk && have_secret_key_with_kid (keyid))
+      if (!from_sk && have_secret_key_with_kid (ctrl, keyid))
         check_prefs (ctrl, keyblock_orig);
     }
   else if (new_key)
     {
       revocation_present (ctrl, keyblock);
-      if (!from_sk && have_secret_key_with_kid (keyid))
+      if (!from_sk && have_secret_key_with_kid (ctrl, keyid))
         check_prefs (ctrl, keyblock);
     }
 
@@ -2577,6 +2604,7 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
         {
           char countbuf[35];
 
+          /* FIXME: Support AEAD */
           /* Note that the IVLEN may be zero if we are working on a
              dummy key.  We can't express that in an S-expression and
              thus we send dummy data for the IV.  */
@@ -2985,7 +3013,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
                  _("rejected by import screener"));
       release_kbnode (keyblock);
       return 0;
-  }
+    }
 
   if (opt.verbose && !for_migration)
     {
@@ -3156,7 +3184,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
 
 
 /* Return the recocation reason from signature SIG.  If no revocation
- * reason is availabale 0 is returned, in other cases the reason
+ * reason is available 0 is returned, in other cases the reason
  * (0..255).  If R_REASON is not NULL a malloced textual
  * representation of the code is stored there.  If R_COMMENT is not
  * NULL the comment from the reason is stored there and its length at
@@ -3181,7 +3209,7 @@ get_revocation_reason (PKT_signature *sig, char **r_reason,
     *r_comment = NULL;
 
   /* Skip over empty reason packets.  */
-  while ((reason_p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
+  while ((reason_p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
                                       &reason_n, &reason_seq, NULL))
          && !reason_n)
     ;
@@ -3402,7 +3430,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
     }
 
   /* Read the original keyblock. */
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     {
       rc = gpg_error_from_syserror ();
@@ -3414,9 +3442,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
     size_t an;
 
     fingerprint_from_pk (pk, afp, &an);
-    while (an < MAX_FINGERPRINT_LEN)
-      afp[an++] = 0;
-    rc = keydb_search_fpr (hd, afp);
+    rc = keydb_search_fpr (hd, afp, an);
   }
   if (rc)
     {
@@ -3530,7 +3556,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
   kbnode_t bsnode = NULL;  /* Subkey binding signature node.  */
   u32 bsdate = 0;          /* Timestamp of that node.   */
   kbnode_t rsnode = NULL;  /* Subkey recocation signature node.  */
-  u32 rsdate = 0;          /* Timestamp of tha node.  */
+  u32 rsdate = 0;          /* Timestamp of that node.  */
   PKT_signature *sig;
   int rc;
   kbnode_t n;
@@ -3800,7 +3826,8 @@ delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
       else if (node->pkt->pkttype == PKT_SIGNATURE
                && !node->pkt->pkt.signature->flags.exportable
                && !(options&IMPORT_LOCAL_SIGS)
-               && !have_secret_key_with_kid (node->pkt->pkt.signature->keyid))
+               && !have_secret_key_with_kid (ctrl,
+                                             node->pkt->pkt.signature->keyid))
         {
           /* here we violate the rfc a bit by still allowing
            * to import non-exportable signature when we have the
@@ -3925,7 +3952,7 @@ remove_all_non_self_sigs (kbnode_t *keyblock, u32 *keyid)
  * Returns: True if the keyblock has changed.
  */
 int
-collapse_uids( kbnode_t *keyblock )
+collapse_uids (kbnode_t *keyblock)
 {
   kbnode_t uid1;
   int any=0;
@@ -4038,6 +4065,113 @@ collapse_uids( kbnode_t *keyblock )
 }
 
 
+/*
+ * It may happen that the imported keyblock has duplicated subkeys.
+ * We check this here and collapse those subkeys along with their
+ * binding self-signatures.
+ * Returns: True if the keyblock has changed.
+ */
+int
+collapse_subkeys (kbnode_t *keyblock)
+{
+  kbnode_t kb1, kb2, sig1, sig2, last;
+  int any = 0;
+
+  for (kb1 = *keyblock; kb1; kb1 = kb1->next)
+    {
+      if (is_deleted_kbnode (kb1))
+	continue;
+
+      if (kb1->pkt->pkttype != PKT_PUBLIC_SUBKEY
+          && kb1->pkt->pkttype != PKT_SECRET_SUBKEY)
+	continue;
+
+      /* We assume just a few duplicates and use a straightforward
+       * algorithm.  */
+      for (kb2 = kb1->next; kb2; kb2 = kb2->next)
+	{
+	  if (is_deleted_kbnode (kb2))
+	    continue;
+
+          if (kb2->pkt->pkttype != PKT_PUBLIC_SUBKEY
+              && kb2->pkt->pkttype != PKT_SECRET_SUBKEY)
+	    continue;
+
+          if (cmp_public_keys (kb1->pkt->pkt.public_key,
+                               kb2->pkt->pkt.public_key))
+            continue;
+
+          /* We have a duplicated subkey. */
+          any = 1;
+
+          /* Take subkey-2's signatures, and attach them to subkey-1. */
+          for (last = kb2; last->next; last = last->next)
+            {
+              if (is_deleted_kbnode (last))
+                continue;
+
+              if (last->next->pkt->pkttype != PKT_SIGNATURE)
+                break;
+            }
+
+          /* Snip out subkye-2 */
+          find_prev_kbnode (*keyblock, kb2, 0)->next = last->next;
+
+	  /* Put subkey-2 in place as part of subkey-1 */
+          last->next = kb1->next;
+          kb1->next = kb2;
+          delete_kbnode (kb2);
+
+          /* Now dedupe kb1 */
+          for (sig1 = kb1->next; sig1; sig1 = sig1->next)
+            {
+              if (is_deleted_kbnode (sig1))
+                continue;
+
+              if (sig1->pkt->pkttype != PKT_SIGNATURE)
+                break;
+
+              for (sig2 = sig1->next, last = sig1;
+                   sig2;
+                   last = sig2, sig2 = sig2->next)
+                {
+                  if (is_deleted_kbnode (sig2))
+                    continue;
+
+                  if (sig2->pkt->pkttype != PKT_SIGNATURE)
+                    break;
+
+                  if (!cmp_signatures (sig1->pkt->pkt.signature,
+                                       sig2->pkt->pkt.signature))
+                    {
+                      /* We have a match, so delete the second
+                         signature */
+                      delete_kbnode (sig2);
+                      sig2 = last;
+                    }
+                }
+            }
+        }
+    }
+
+  commit_kbnode (keyblock);
+
+  if (any && !opt.quiet)
+    {
+      const char *key="???";
+
+      if ((kb1 = find_kbnode (*keyblock, PKT_PUBLIC_KEY)) )
+	key = keystr_from_pk (kb1->pkt->pkt.public_key);
+      else if ((kb1 = find_kbnode (*keyblock, PKT_SECRET_KEY)) )
+	key = keystr_from_pk (kb1->pkt->pkt.public_key);
+
+      log_info (_("key %s: duplicated subkeys detected - merged\n"), key);
+    }
+
+  return any;
+}
+
+
 /* Check for a 0x20 revocation from a revocation key that is not
    present.  This may be called without the benefit of merge_xxxx so
    you can't rely on pk->revkey and friends. */
@@ -4065,7 +4199,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
 	      u32 keyid[2];
 
 	      keyid_from_fingerprint (ctrl, sig->revkey[idx].fpr,
-                                      MAX_FINGERPRINT_LEN, keyid);
+                                      sig->revkey[idx].fprlen, keyid);
 
 	      for(inode=keyblock->next;inode;inode=inode->next)
 		{
@@ -4083,9 +4217,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
                        * itself?  */
                       gpg_error_t err;
 
-		      err = get_pubkey_byfprint_fast (NULL,
+		      err = get_pubkey_byfprint_fast (ctrl, NULL,
                                                       sig->revkey[idx].fpr,
-                                                      MAX_FINGERPRINT_LEN);
+                                                      sig->revkey[idx].fprlen);
 		      if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY
                           || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY)
 			{
@@ -4101,13 +4235,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
 				       tempkeystr,keystr(keyid));
 			      keyserver_import_fprint (ctrl,
                                                        sig->revkey[idx].fpr,
-                                                       MAX_FINGERPRINT_LEN,
+                                                       sig->revkey[idx].fprlen,
                                                        opt.keyserver, 0);
 
 			      /* Do we have it now? */
-			      err = get_pubkey_byfprint_fast (NULL,
+			      err = get_pubkey_byfprint_fast (ctrl, NULL,
 						     sig->revkey[idx].fpr,
-						     MAX_FINGERPRINT_LEN);
+                                                     sig->revkey[idx].fprlen);
 			    }
 
 			  if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY
diff --git a/g10/kbnode.c b/g10/kbnode.c
index 9ed6caf..93035e8 100644
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@@ -415,13 +415,14 @@ dump_kbnode (KBNODE node)
         {
           PKT_public_key *pk = node->pkt->pkt.public_key;
 
-          log_printf ("  keyid=%08lX a=%d u=%d %c%c%c%c\n",
+          log_printf ("  keyid=%08lX a=%d u=%d %c%c%c%c%c\n",
                       (ulong)keyid_from_pk( pk, NULL ),
                       pk->pubkey_algo, pk->pubkey_usage,
                       pk->has_expired? 'e':'.',
                       pk->flags.revoked? 'r':'.',
                       pk->flags.valid?    'v':'.',
-                      pk->flags.mdc?   'm':'.');
+                      pk->flags.mdc?   'm':'.',
+                      pk->flags.aead?  'a':'.');
         }
       else
         log_printf ("\n");
diff --git a/g10/key-check.c b/g10/key-check.c
index 45f384b..b370cc1 100644
--- a/g10/key-check.c
+++ b/g10/key-check.c
@@ -587,9 +587,19 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
                   char buffer[1024];
                   size_t len;
                   char *printable;
-                  gcry_mpi_print (GCRYMPI_FMT_USG,
-                                  buffer, sizeof (buffer), &len,
-                                  sig->data[i]);
+                  if (gcry_mpi_get_flag (sig->data[i], GCRYMPI_FLAG_OPAQUE))
+                    {
+                      const byte *sigdata;
+                      unsigned int nbits;
+
+                      sigdata = gcry_mpi_get_opaque (sig->data[i], &nbits);
+                      len = (nbits+7)/8;
+                      memcpy (buffer, sigdata, len);
+                    }
+                  else
+                    gcry_mpi_print (GCRYMPI_FMT_USG,
+                                    buffer, sizeof (buffer), &len,
+                                    sig->data[i]);
                   printable = bin2hex (buffer, len, NULL);
                   log_debug ("        %d: %s\n", i, printable);
                   xfree (printable);
diff --git a/g10/key-clean.c b/g10/key-clean.c
index f66a0db..9320428 100644
--- a/g10/key-clean.c
+++ b/g10/key-clean.c
@@ -37,8 +37,8 @@
 
 /*
  * Mark the signature of the given UID which are used to certify it.
- * To do this, we first revmove all signatures which are not valid and
- * from the remain ones we look for the latest one.  If this is not a
+ * To do this, we first remove all signatures which are not valid and
+ * from the remaining we look for the latest one.  If this is not a
  * certification revocation signature we mark the signature by setting
  * node flag bit 8.  Revocations are marked with flag 11, and sigs
  * from unavailable keys are marked with flag 12.  Note that flag bits
@@ -192,7 +192,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
           const byte *p;
           u32 expire;
 
-          p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
+          p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL );
           expire = p? sig->timestamp + buf32_to_u32(p) : 0;
 
           if (expire==0 || expire > curtime )
@@ -500,7 +500,7 @@ clean_one_subkey_dupsigs (ctrl_t ctrl, kbnode_t subkeynode)
     log_debug ("\tchecking subkey %08lX for dupsigs\n",
                (ulong) keyid_from_pk (pk, NULL));
 
-  /* First check that the choosen flag has been set.  Note that we
+  /* First check that the chosen flag has been set.  Note that we
    * only look at plain signatures so to keep all revocation
    * signatures which may carry important information.  */
   for (node = subkeynode->next;
@@ -519,7 +519,7 @@ clean_one_subkey_dupsigs (ctrl_t ctrl, kbnode_t subkeynode)
     }
 
   if (!any_choosen)
-    return 0; /* Ooops no choosen flag set - we can't decide.  */
+    return 0; /* Ooops no chosen flag set - we can't decide.  */
 
   for (node = subkeynode->next;
        node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
diff --git a/g10/key-clean.h b/g10/key-clean.h
index a0fb769..c4f1649 100644
--- a/g10/key-clean.h
+++ b/g10/key-clean.h
@@ -23,7 +23,7 @@
 
 #include "gpg.h"
 
-/* No explict cleaning.  */
+/* No explicit cleaning.  */
 #define KEY_CLEAN_NONE      0
 /* Remove only invalid subkeys (ie. missing key-bindings) */
 #define KEY_CLEAN_INVALID   1
diff --git a/g10/keydb-private.h b/g10/keydb-private.h
new file mode 100644
index 0000000..1b661a4
--- /dev/null
+++ b/g10/keydb-private.h
@@ -0,0 +1,186 @@
+/* keydb-private.h - Common definitions for keydb.c and call-keyboxd.c
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef G10_KEYDB_PRIVATE_H
+#define G10_KEYDB_PRIVATE_H
+
+#include <assuan.h>
+#include "../common/membuf.h"
+
+
+/* Ugly forward declarations.  */
+struct keyring_handle;
+typedef struct keyring_handle *KEYRING_HANDLE;
+struct keybox_handle;
+typedef struct keybox_handle *KEYBOX_HANDLE;
+
+
+/* This is for keydb.c and only used in non-keyboxd mode. */
+#define MAX_KEYDB_RESOURCES 40
+
+/* This is for keydb.c and only used in non-keyboxd mode. */
+typedef enum
+  {
+    KEYDB_RESOURCE_TYPE_NONE = 0,
+    KEYDB_RESOURCE_TYPE_KEYRING,
+    KEYDB_RESOURCE_TYPE_KEYBOX
+  } KeydbResourceType;
+
+/* This is for keydb.c and only used in non-keyboxd mode. */
+struct resource_item
+{
+  KeydbResourceType type;
+  union {
+    KEYRING_HANDLE kr;
+    KEYBOX_HANDLE kb;
+  } u;
+  void *token;
+};
+
+
+/* This is a simple cache used to return the last result of a
+ * successful fingerprint search.  This works only for keybox
+ * resources because (due to lack of a copy_keyblock function) we need
+ * to store an image of the keyblock which is fortunately instantly
+ * available for keyboxes.   Only used in non-keyboxd mode.  */
+enum keyblock_cache_states {
+  KEYBLOCK_CACHE_EMPTY,
+  KEYBLOCK_CACHE_PREPARED,
+  KEYBLOCK_CACHE_FILLED
+};
+
+struct keyblock_cache {
+  enum keyblock_cache_states state;
+  byte fpr[MAX_FINGERPRINT_LEN];
+  byte fprlen;
+  iobuf_t iobuf; /* Image of the keyblock.  */
+  int pk_no;
+  int uid_no;
+  /* Offset of the record in the keybox.  */
+  int resource;
+  off_t offset;
+};
+
+
+/* The definition of the KEYDB_HANDLE as used internally by keydb.c and
+ * the newer call-keyboxd.  */
+struct keydb_handle_s
+{
+  /* Flag set if this handles pertains to call-keyboxd.c.  */
+  int use_keyboxd;
+
+  /* BEGIN USE_KEYBOXD */
+  /* (These fields are only valid if USE_KEYBOXD is set.) */
+
+  /* A shallow pointer with the CTRL used to create this handle.  */
+  ctrl_t ctrl;
+
+  /* Connection info which also keeps the local state.  (This points
+   * into the CTRL->keybox_local list.) */
+  keyboxd_local_t kbl;
+
+  /* Various flags.  */
+  unsigned int last_ubid_valid:1;
+
+  /* The UBID of the last returned keyblock.  */
+  unsigned char last_ubid[UBID_LEN];
+
+  /* The ordinals from the last search operations; valid if
+   * last_ubid_valid is set.  */
+  int last_uid_no;
+  int last_pk_no;
+
+  /* END USE_KEYBOXD */
+
+  /* BEGIN !USE_KEYBOXD */
+  /* (The remaining fields are only valid if USE_KEYBOXD is cleared.)  */
+
+  /* When we locked all of the resources in ACTIVE (using keyring_lock
+   * / keybox_lock, as appropriate).  */
+  int locked;
+
+  /* If this flag is set a lock will only be released by
+   * keydb_release.  */
+  int keep_lock;
+
+  /* The index into ACTIVE of the resources in which the last search
+     result was found.  Initially -1.  */
+  int found;
+
+  /* Initially -1 (invalid).  This is used to save a search result and
+     later restore it as the selected result.  */
+  int saved_found;
+
+  /* The number of skipped long blobs since the last search
+     (keydb_search_reset).  */
+  unsigned long skipped_long_blobs;
+
+  /* If set, this disables the use of the keyblock cache.  */
+  int no_caching;
+
+  /* Whether the next search will be from the beginning of the
+     database (and thus consider all records).  */
+  int is_reset;
+
+  /* The "file position."  In our case, this is index of the current
+     resource in ACTIVE.  */
+  int current;
+
+  /* The number of resources in ACTIVE.  */
+  int used;
+
+  /* Cache of the last found and parsed key block (only used for
+     keyboxes, not keyrings).  */
+  struct keyblock_cache keyblock_cache;
+
+  /* Copy of ALL_RESOURCES when keydb_new is called.  */
+  struct resource_item active[MAX_KEYDB_RESOURCES];
+
+  /* END !USE_KEYBOXD */
+};
+
+
+/*-- keydb.c --*/
+
+
+gpg_error_t keydb_parse_keyblock (iobuf_t iobuf, int pk_no, int uid_no,
+                                  kbnode_t *r_keyblock);
+
+/* These are the functions call-keyboxd diverts to if the keyboxd is
+ * not used.  */
+
+gpg_error_t internal_keydb_init (KEYDB_HANDLE hd);
+void internal_keydb_deinit (KEYDB_HANDLE hd);
+gpg_error_t internal_keydb_lock (KEYDB_HANDLE hd);
+
+gpg_error_t internal_keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
+gpg_error_t internal_keydb_update_keyblock (ctrl_t ctrl,
+                                            KEYDB_HANDLE hd, kbnode_t kb);
+gpg_error_t internal_keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
+gpg_error_t internal_keydb_delete_keyblock (KEYDB_HANDLE hd);
+gpg_error_t internal_keydb_search_reset (KEYDB_HANDLE hd);
+gpg_error_t internal_keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                                   size_t ndesc, size_t *descindex);
+
+
+
+
+
+#endif /*G10_KEYDB_PRIVATE_H*/
diff --git a/g10/keydb.c b/g10/keydb.c
index e538fe4..3938d7e 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1,6 +1,6 @@
 /* keydb.c - key database dispatcher
  * Copyright (C) 2001-2013 Free Software Foundation, Inc.
- * Coyrright (C) 2001-2015 Werner Koch
+ * Copyright (C) 2001-2015 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -38,25 +38,10 @@
 #include "keydb.h"
 #include "../common/i18n.h"
 
+#include "keydb-private.h"  /* For struct keydb_handle_s */
+
 static int active_handles;
 
-typedef enum
-  {
-    KEYDB_RESOURCE_TYPE_NONE = 0,
-    KEYDB_RESOURCE_TYPE_KEYRING,
-    KEYDB_RESOURCE_TYPE_KEYBOX
-  } KeydbResourceType;
-#define MAX_KEYDB_RESOURCES 40
-
-struct resource_item
-{
-  KeydbResourceType type;
-  union {
-    KEYRING_HANDLE kr;
-    KEYBOX_HANDLE kb;
-  } u;
-  void *token;
-};
 
 static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
 static int used_resources;
@@ -68,73 +53,6 @@ static void *primary_keydb;
 /* Whether we have successfully registered any resource.  */
 static int any_registered;
 
-/* This is a simple cache used to return the last result of a
-   successful fingerprint search.  This works only for keybox resources
-   because (due to lack of a copy_keyblock function) we need to store
-   an image of the keyblock which is fortunately instantly available
-   for keyboxes.  */
-enum keyblock_cache_states {
-  KEYBLOCK_CACHE_EMPTY,
-  KEYBLOCK_CACHE_PREPARED,
-  KEYBLOCK_CACHE_FILLED
-};
-
-struct keyblock_cache {
-  enum keyblock_cache_states state;
-  byte fpr[MAX_FINGERPRINT_LEN];
-  iobuf_t iobuf; /* Image of the keyblock.  */
-  int pk_no;
-  int uid_no;
-  /* Offset of the record in the keybox.  */
-  int resource;
-  off_t offset;
-};
-
-
-struct keydb_handle
-{
-  /* When we locked all of the resources in ACTIVE (using keyring_lock
-     / keybox_lock, as appropriate).  */
-  int locked;
-
-  /* If this flag is set a lock will only be released by
-   * keydb_release.  */
-  int keep_lock;
-
-  /* The index into ACTIVE of the resources in which the last search
-     result was found.  Initially -1.  */
-  int found;
-
-  /* Initially -1 (invalid).  This is used to save a search result and
-     later restore it as the selected result.  */
-  int saved_found;
-
-  /* The number of skipped long blobs since the last search
-     (keydb_search_reset).  */
-  unsigned long skipped_long_blobs;
-
-  /* If set, this disables the use of the keyblock cache.  */
-  int no_caching;
-
-  /* Whether the next search will be from the beginning of the
-     database (and thus consider all records).  */
-  int is_reset;
-
-  /* The "file position."  In our case, this is index of the current
-     resource in ACTIVE.  */
-  int current;
-
-  /* The number of resources in ACTIVE.  */
-  int used;
-
-  /* Cache of the last found and parsed key block (only used for
-     keyboxes, not keyrings).  */
-  struct keyblock_cache keyblock_cache;
-
-  /* Copy of ALL_RESOURCES when keydb_new is called.  */
-  struct resource_item active[MAX_KEYDB_RESOURCES];
-};
-
 /* Looking up keys is expensive.  To hide the cost, we cache whether
    keys exist in the key database.  Then, if we know a key does not
    exist, we don't have to spend time looking it up.  This
@@ -273,7 +191,7 @@ kid_not_found_flush (void)
 
 
 static void
-keyblock_cache_clear (struct keydb_handle *hd)
+keyblock_cache_clear (struct keydb_handle_s *hd)
 {
   hd->keyblock_cache.state = KEYBLOCK_CACHE_EMPTY;
   iobuf_close (hd->keyblock_cache.iobuf);
@@ -500,22 +418,22 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
 {
   u32 magic;
   unsigned char verbuf[4];
-  FILE *fp;
+  estream_t fp;
   KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
 
   *r_found = *r_openpgp = 0;
-  fp = gnupg_fopen (filename, "rb");
+  fp = es_fopen (filename, "rb");
   if (fp)
     {
       *r_found = 1;
 
-      if (fread (&magic, 4, 1, fp) == 1 )
+      if (es_fread (&magic, 4, 1, fp) == 1 )
         {
           if (magic == 0x13579ace || magic == 0xce9a5713)
             ; /* GDBM magic - not anymore supported. */
-          else if (fread (&verbuf, 4, 1, fp) == 1
+          else if (es_fread (&verbuf, 4, 1, fp) == 1
                    && verbuf[0] == 1
-                   && fread (&magic, 4, 1, fp) == 1
+                   && es_fread (&magic, 4, 1, fp) == 1
                    && !memcmp (&magic, "KBXf", 4))
             {
               if ((verbuf[3] & 0x02))
@@ -528,7 +446,7 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
       else /* Maybe empty: assume keyring. */
         rt = KEYDB_RESOURCE_TYPE_KEYRING;
 
-      fclose (fp);
+      es_fclose (fp);
     }
 
   return rt;
@@ -540,6 +458,10 @@ keydb_search_desc_dump (struct keydb_search_desc *desc)
   char b[MAX_FORMATTED_FINGERPRINT_LEN + 1];
   char fpr[2 * MAX_FINGERPRINT_LEN + 1];
 
+#if MAX_FINGERPRINT_LEN < UBID_LEN || MAX_FINGERPRINT_LEN < KEYGRIP_LEN
+#error MAX_FINGERPRINT_LEN is shorter than KEYGRIP or UBID length.
+#endif
+
   switch (desc->mode)
     {
     case KEYDB_SEARCH_MODE_EXACT:
@@ -560,34 +482,26 @@ keydb_search_desc_dump (struct keydb_search_desc *desc)
     case KEYDB_SEARCH_MODE_LONG_KID:
       return xasprintf ("LONG_KID: '%s'",
                         format_keyid (desc->u.kid, KF_LONG, b, sizeof (b)));
-    case KEYDB_SEARCH_MODE_FPR16:
-      bin2hex (desc->u.fpr, 16, fpr);
-      return xasprintf ("FPR16: '%s'",
-                        format_hexfingerprint (fpr, b, sizeof (b)));
-    case KEYDB_SEARCH_MODE_FPR20:
-      bin2hex (desc->u.fpr, 20, fpr);
-      return xasprintf ("FPR20: '%s'",
-                        format_hexfingerprint (fpr, b, sizeof (b)));
     case KEYDB_SEARCH_MODE_FPR:
-      bin2hex (desc->u.fpr, 20, fpr);
-      return xasprintf ("FPR: '%s'",
+      bin2hex (desc->u.fpr, desc->fprlen, fpr);
+      return xasprintf ("FPR%02d: '%s'", desc->fprlen,
                         format_hexfingerprint (fpr, b, sizeof (b)));
     case KEYDB_SEARCH_MODE_ISSUER:
       return xasprintf ("ISSUER: '%s'", desc->u.name);
     case KEYDB_SEARCH_MODE_ISSUER_SN:
-      return xasprintf ("ISSUER_SN: '%*s'",
-                        (int) (desc->snlen == -1
-                               ? strlen (desc->sn) : desc->snlen),
-                        desc->sn);
+      return xasprintf ("ISSUER_SN: '#%.*s/%s'",
+                        (int)desc->snlen,desc->sn, desc->u.name);
     case KEYDB_SEARCH_MODE_SN:
-      return xasprintf ("SN: '%*s'",
-                        (int) (desc->snlen == -1
-                               ? strlen (desc->sn) : desc->snlen),
-                        desc->sn);
+      return xasprintf ("SN: '%.*s'",
+                        (int)desc->snlen, desc->sn);
     case KEYDB_SEARCH_MODE_SUBJECT:
       return xasprintf ("SUBJECT: '%s'", desc->u.name);
     case KEYDB_SEARCH_MODE_KEYGRIP:
-      return xasprintf ("KEYGRIP: %s", desc->u.grip);
+      bin2hex (desc[0].u.grip, KEYGRIP_LEN, fpr);
+      return xasprintf ("KEYGRIP: %s", fpr);
+    case KEYDB_SEARCH_MODE_UBID:
+      bin2hex (desc[0].u.ubid, UBID_LEN, fpr);
+      return xasprintf ("UBID: %s", fpr);
     case KEYDB_SEARCH_MODE_FIRST:
       return xasprintf ("FIRST");
     case KEYDB_SEARCH_MODE_NEXT:
@@ -897,26 +811,17 @@ keydb_dump_stats (void)
 }
 
 
-/* Create a new database handle.  A database handle is similar to a
-   file handle: it contains a local file position.  This is used when
-   searching: subsequent searches resume where the previous search
-   left off.  To rewind the position, use keydb_search_reset().  This
-   function returns NULL on error, sets ERRNO, and prints an error
-   diagnostic. */
-KEYDB_HANDLE
-keydb_new (void)
+/* keydb_new diverts to here in non-keyboxd mode.  HD is just the
+ * calloced structure with the handle type initialized.  */
+gpg_error_t
+internal_keydb_init (KEYDB_HANDLE hd)
 {
-  KEYDB_HANDLE hd;
+  gpg_error_t err = 0;
   int i, j;
   int die = 0;
   int reterrno;
 
-  if (DBG_CLOCK)
-    log_clock ("keydb_new");
-
-  hd = xtrycalloc (1, sizeof *hd);
-  if (!hd)
-    goto leave;
+  log_assert (!hd->use_keyboxd);
   hd->found = -1;
   hd->saved_found = -1;
   hd->is_reset = 1;
@@ -958,28 +863,21 @@ keydb_new (void)
   keydb_stats.handles++;
 
   if (die)
-    {
-      keydb_release (hd);
-      gpg_err_set_errno (reterrno);
-      hd = NULL;
-    }
-
- leave:
-  if (!hd)
-    log_error (_("error opening key DB: %s\n"),
-               gpg_strerror (gpg_error_from_syserror()));
+    err = gpg_error_from_errno (reterrno);
 
-  return hd;
+   return err;
 }
 
 
+/* Free all non-keyboxd resources owned by the database handle.
+ * keydb_release diverts to here.  */
 void
-keydb_release (KEYDB_HANDLE hd)
+internal_keydb_deinit (KEYDB_HANDLE hd)
 {
   int i;
 
-  if (!hd)
-    return;
+  log_assert (!hd->use_keyboxd);
+
   log_assert (active_handles > 0);
   active_handles--;
 
@@ -1001,19 +899,17 @@ keydb_release (KEYDB_HANDLE hd)
     }
 
   keyblock_cache_clear (hd);
-  xfree (hd);
 }
 
 
 /* Take a lock on the files immediately and not only during insert or
  * update.  This lock is released with keydb_release.  */
 gpg_error_t
-keydb_lock (KEYDB_HANDLE hd)
+internal_keydb_lock (KEYDB_HANDLE hd)
 {
   gpg_error_t err;
 
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
+  log_assert (!hd->use_keyboxd);
 
   err = lock_all (hd);
   if (!err)
@@ -1029,7 +925,7 @@ keydb_lock (KEYDB_HANDLE hd)
 void
 keydb_disable_caching (KEYDB_HANDLE hd)
 {
-  if (hd)
+  if (hd && !hd->use_keyboxd)
     hd->no_caching = 1;
 }
 
@@ -1051,6 +947,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
   if (!hd)
     return NULL;
 
+  if (hd->use_keyboxd)
+    return "[keyboxd]";
+
   if ( hd->found >= 0 && hd->found < hd->used)
     idx = hd->found;
   else if ( hd->current >= 0 && hd->current < hd->used)
@@ -1174,6 +1073,8 @@ unlock_all (KEYDB_HANDLE hd)
  * Note: it is only possible to save a single save state at a time.
  * In other words, the save stack only has room for a single
  * instance of the state.  */
+/* FIXME(keyboxd): This function is used only at one place - see how
+ * we can avoid it.  */
 void
 keydb_push_found_state (KEYDB_HANDLE hd)
 {
@@ -1205,6 +1106,8 @@ keydb_push_found_state (KEYDB_HANDLE hd)
 
 /* Restore the previous save state.  If the saved state is NULL or
    invalid, this is a NOP.  */
+/* FIXME(keyboxd): This function is used only at one place - see how
+ * we can avoid it.  */
 void
 keydb_pop_found_state (KEYDB_HANDLE hd)
 {
@@ -1231,8 +1134,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
 
 
 
-static gpg_error_t
-parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
+/* Parse the keyblock in IOBUF and return at R_KEYBLOCK.  */
+gpg_error_t
+keydb_parse_keyblock (iobuf_t iobuf, int pk_no, int uid_no,
                       kbnode_t *r_keyblock)
 {
   gpg_error_t err;
@@ -1273,10 +1177,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
               init_packet (pkt);
               continue;
             }
-          /* Unknown version maybe due to v5 keys - we treat this
-           * error different.  */
-          if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION)
-            err = gpg_error (GPG_ERR_INV_KEYRING);
+          err = gpg_error (GPG_ERR_INV_KEYRING);
           break;
         }
 
@@ -1372,6 +1273,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
 
 
 /* Return the keyblock last found by keydb_search() in *RET_KB.
+ * keydb_get_keyblock divert to here in the non-keyboxd mode.
  *
  * On success, the function returns 0 and the caller must free *RET_KB
  * using release_kbnode().  Otherwise, the function returns an error
@@ -1381,17 +1283,11 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
  * with the public key used to locate the keyblock or flag bit 1 set
  * for the user ID node.  */
 gpg_error_t
-keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
+internal_keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
 {
   gpg_error_t err = 0;
 
-  *ret_kb = NULL;
-
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  if (DBG_CLOCK)
-    log_clock ("keydb_get_keybock enter");
+  log_assert (!hd->use_keyboxd);
 
   if (hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED)
     {
@@ -1403,15 +1299,14 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
 	}
       else
 	{
-	  err = parse_keyblock_image (hd->keyblock_cache.iobuf,
+	  err = keydb_parse_keyblock (hd->keyblock_cache.iobuf,
 				      hd->keyblock_cache.pk_no,
 				      hd->keyblock_cache.uid_no,
 				      ret_kb);
 	  if (err)
 	    keyblock_cache_clear (hd);
 	  if (DBG_CLOCK)
-	    log_clock (err? "keydb_get_keyblock leave (cached, failed)"
-		       : "keydb_get_keyblock leave (cached)");
+	    log_clock ("%s leave (cached mode)", __func__);
 	  return err;
 	}
     }
@@ -1436,7 +1331,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
                                    &iobuf, &pk_no, &uid_no);
         if (!err)
           {
-            err = parse_keyblock_image (iobuf, pk_no, uid_no, ret_kb);
+            err = keydb_parse_keyblock (iobuf, pk_no, uid_no, ret_kb);
             if (!err && hd->keyblock_cache.state == KEYBLOCK_CACHE_PREPARED)
               {
                 hd->keyblock_cache.state     = KEYBLOCK_CACHE_FILLED;
@@ -1459,57 +1354,13 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
   if (!err)
     keydb_stats.get_keyblocks++;
 
-  if (DBG_CLOCK)
-    log_clock (err? "keydb_get_keyblock leave (failed)"
-               : "keydb_get_keyblock leave");
   return err;
 }
 
 
-/* Build a keyblock image from KEYBLOCK.  Returns 0 on success and
- * only then stores a new iobuf object at R_IOBUF.  */
-static gpg_error_t
-build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf)
-{
-  gpg_error_t err;
-  iobuf_t iobuf;
-  kbnode_t kbctx, node;
-
-  *r_iobuf = NULL;
-
-  iobuf = iobuf_temp ();
-  for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
-    {
-      /* Make sure to use only packets valid on a keyblock.  */
-      switch (node->pkt->pkttype)
-        {
-        case PKT_PUBLIC_KEY:
-        case PKT_PUBLIC_SUBKEY:
-        case PKT_SIGNATURE:
-        case PKT_USER_ID:
-        case PKT_ATTRIBUTE:
-        case PKT_RING_TRUST:
-          break;
-        default:
-          continue;
-        }
-
-      err = build_packet_and_meta (iobuf, node->pkt);
-      if (err)
-        {
-          iobuf_close (iobuf);
-          return err;
-        }
-    }
-
-  keydb_stats.build_keyblocks++;
-  *r_iobuf = iobuf;
-  return 0;
-}
-
-
 /* Update the keyblock KB (i.e., extract the fingerprint and find the
  * corresponding keyblock in the keyring).
+ * keydb_update_keyblock diverts to here in the non-keyboxd mode.
  *
  * This doesn't do anything if --dry-run was specified.
  *
@@ -1524,20 +1375,16 @@ build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf)
  * you should use keydb_push_found_state and keydb_pop_found_state to
  * save and restore it.  */
 gpg_error_t
-keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
+internal_keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
 {
   gpg_error_t err;
   PKT_public_key *pk;
   KEYDB_SEARCH_DESC desc;
   size_t len;
 
-  log_assert (kb);
-  log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (!hd->use_keyboxd);
   pk = kb->pkt->pkt.public_key;
 
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
-
   kid_not_found_flush ();
   keyblock_cache_clear (hd);
 
@@ -1554,8 +1401,11 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
 
   memset (&desc, 0, sizeof (desc));
   fingerprint_from_pk (pk, desc.u.fpr, &len);
-  if (len == 20)
-    desc.mode = KEYDB_SEARCH_MODE_FPR20;
+  if (len == 20 || len == 32)
+    {
+      desc.mode = KEYDB_SEARCH_MODE_FPR;
+      desc.fprlen = len;
+    }
   else
     log_bug ("%s: Unsupported key length: %zu\n", __func__, len);
 
@@ -1580,6 +1430,7 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
         err = build_keyblock_image (kb, &iobuf);
         if (!err)
           {
+            keydb_stats.build_keyblocks++;
             err = keybox_update_keyblock (hd->active[hd->found].u.kb,
                                           iobuf_get_temp_buffer (iobuf),
                                           iobuf_get_temp_length (iobuf));
@@ -1597,6 +1448,7 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
 
 
 /* Insert a keyblock into one of the underlying keyrings or keyboxes.
+ * keydb_insert_keyblock diverts to here in the non-keyboxd mode.
  *
  * Be default, the keyring / keybox from which the last search result
  * came is used.  If there was no previous search result (or
@@ -1607,13 +1459,12 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
  *
  * Returns 0 on success.  Otherwise, it returns an error code.  */
 gpg_error_t
-keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
+internal_keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
 {
   gpg_error_t err;
   int idx;
 
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
+  log_assert (!hd->use_keyboxd);
 
   kid_not_found_flush ();
   keyblock_cache_clear (hd);
@@ -1650,6 +1501,7 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
         err = build_keyblock_image (kb, &iobuf);
         if (!err)
           {
+            keydb_stats.build_keyblocks++;
             err = keybox_insert_keyblock (hd->active[idx].u.kb,
                                           iobuf_get_temp_buffer (iobuf),
                                           iobuf_get_temp_length (iobuf));
@@ -1672,12 +1524,11 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
  *
  * Returns 0 on success or an error code, if an error occurs.  */
 gpg_error_t
-keydb_delete_keyblock (KEYDB_HANDLE hd)
+internal_keydb_delete_keyblock (KEYDB_HANDLE hd)
 {
   gpg_error_t rc;
 
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
+  log_assert (!hd->use_keyboxd);
 
   kid_not_found_flush ();
   keyblock_cache_clear (hd);
@@ -1730,6 +1581,9 @@ keydb_locate_writable (KEYDB_HANDLE hd)
   if (!hd)
     return GPG_ERR_INV_ARG;
 
+  if (hd->use_keyboxd)
+    return 0;  /* No need for this here.  */
+
   rc = keydb_search_reset (hd); /* this does reset hd->current */
   if (rc)
     return rc;
@@ -1781,6 +1635,9 @@ keydb_rebuild_caches (ctrl_t ctrl, int noisy)
 {
   int i, rc;
 
+  if (opt.use_keyboxd)
+    return;  /* No need for this here.  */
+
   for (i=0; i < used_resources; i++)
     {
       if (!keyring_is_writable (all_resources[i].token))
@@ -1803,38 +1660,33 @@ keydb_rebuild_caches (ctrl_t ctrl, int noisy)
 }
 
 
-/* Return the number of skipped blocks (because they were to large to
+/* Return the number of skipped blocks (because they were too large to
    read from a keybox) since the last search reset.  */
 unsigned long
 keydb_get_skipped_counter (KEYDB_HANDLE hd)
 {
-  return hd ? hd->skipped_long_blobs : 0;
+  /*FIXME(keyboxd): Do we need this?  */
+  return hd && !hd->use_keyboxd? hd->skipped_long_blobs : 0;
 }
 
 
 /* Clears the current search result and resets the handle's position
  * so that the next search starts at the beginning of the database
  * (the start of the first resource).
+ * keydb_search_reset diverts to here in the non-keyboxd mode.
  *
  * Returns 0 on success and an error code if an error occurred.
  * (Currently, this function always returns 0 if HD is valid.)  */
 gpg_error_t
-keydb_search_reset (KEYDB_HANDLE hd)
+internal_keydb_search_reset (KEYDB_HANDLE hd)
 {
   gpg_error_t rc = 0;
   int i;
 
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
+  log_assert (!hd->use_keyboxd);
 
   keyblock_cache_clear (hd);
 
-  if (DBG_CLOCK)
-    log_clock ("keydb_search_reset");
-
-  if (DBG_CACHE)
-    log_debug ("keydb_search: reset  (hd=%p)", hd);
-
   hd->skipped_long_blobs = 0;
   hd->current = 0;
   hd->found = -1;
@@ -1862,6 +1714,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
 
 /* Search the database for keys matching the search description.  If
  * the DB contains any legacy keys, these are silently ignored.
+ * keydb_search diverts to here in the non-keyboxd mode.
  *
  * DESC is an array of search terms with NDESC entries.  The search
  * terms are or'd together.  That is, the next entry in the DB that
@@ -1879,20 +1732,16 @@ keydb_search_reset (KEYDB_HANDLE hd)
  * The returned key is considered to be selected and the raw data can,
  * for instance, be returned by calling keydb_get_keyblock().  */
 gpg_error_t
-keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
-              size_t ndesc, size_t *descindex)
+internal_keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                       size_t ndesc, size_t *descindex)
 {
-  int i;
   gpg_error_t rc;
   int was_reset = hd->is_reset;
   /* If an entry is already in the cache, then don't add it again.  */
   int already_in_cache = 0;
+  int fprlen;
 
-  if (descindex)
-    *descindex = 0; /* Make sure it is always set on return.  */
-
-  if (!hd)
-    return gpg_error (GPG_ERR_INV_ARG);
+  log_assert (!hd->use_keyboxd);
 
   if (!any_registered)
     {
@@ -1900,26 +1749,11 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
       return gpg_error (GPG_ERR_NOT_FOUND);
     }
 
-  if (DBG_CLOCK)
-    log_clock ("keydb_search enter");
-
-  if (DBG_LOOKUP)
-    {
-      log_debug ("%s: %zd search descriptions:\n", __func__, ndesc);
-      for (i = 0; i < ndesc; i ++)
-        {
-          char *t = keydb_search_desc_dump (&desc[i]);
-          log_debug ("%s   %d: %s\n", __func__, i, t);
-          xfree (t);
-        }
-    }
-
-
   if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
       && (already_in_cache = kid_not_found_p (desc[0].u.kid)) == 1 )
     {
       if (DBG_CLOCK)
-        log_clock ("keydb_search leave (not found, cached)");
+        log_clock ("%s leave (not found, cached)", __func__);
       keydb_stats.notfound_cached++;
       return gpg_error (GPG_ERR_NOT_FOUND);
     }
@@ -1927,12 +1761,17 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   /* NB: If one of the exact search modes below is used in a loop to
      walk over all keys (with the same fingerprint) the caching must
      have been disabled for the handle.  */
+  if (desc[0].mode == KEYDB_SEARCH_MODE_FPR)
+    fprlen = desc[0].fprlen;
+  else
+    fprlen = 0;
+
   if (!hd->no_caching
       && ndesc == 1
-      && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
-          || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
-      && hd->keyblock_cache.state  == KEYBLOCK_CACHE_FILLED
-      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
+      && fprlen
+      && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED
+      && hd->keyblock_cache.fprlen == fprlen
+      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, fprlen)
       /* Make sure the current file position occurs before the cached
          result to avoid an infinite loop.  */
       && (hd->current < hd->keyblock_cache.resource
@@ -1942,13 +1781,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
     {
       /* (DESCINDEX is already set).  */
       if (DBG_CLOCK)
-        log_clock ("keydb_search leave (cached)");
+        log_clock ("%s leave (cached)", __func__);
 
       hd->current = hd->keyblock_cache.resource;
       /* HD->KEYBLOCK_CACHE.OFFSET is the last byte in the record.
          Seek just beyond that.  */
-      keybox_seek (hd->active[hd->current].u.kb,
-                   hd->keyblock_cache.offset + 1);
+      keybox_seek (hd->active[hd->current].u.kb, hd->keyblock_cache.offset + 1);
       keydb_stats.found_cached++;
       return 0;
     }
@@ -1980,9 +1818,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
             rc = keybox_search (hd->active[hd->current].u.kb, desc,
                                 ndesc, KEYBOX_BLOBTYPE_PGP,
                                 descindex, &hd->skipped_long_blobs);
-          while (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
-                 || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
-            ;
+          while (rc == GPG_ERR_LEGACY_KEY);
           break;
         }
 
@@ -2013,8 +1849,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   keyblock_cache_clear (hd);
   if (!hd->no_caching
       && !rc
-      && ndesc == 1 && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
-                        || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
+      && ndesc == 1
+      && fprlen
       && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
     {
       hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
@@ -2024,17 +1860,17 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
          within the record.  */
       hd->keyblock_cache.offset
         = keybox_offset (hd->active[hd->current].u.kb) - 1;
-      memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);
+      memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, fprlen);
+      hd->keyblock_cache.fprlen = fprlen;
     }
 
   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND
-      && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID && was_reset
+      && ndesc == 1
+      && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
+      && was_reset
       && !already_in_cache)
     kid_not_found_insert (desc[0].u.kid);
 
-  if (DBG_CLOCK)
-    log_clock (rc? "keydb_search leave (not found)"
-                 : "keydb_search leave (found)");
   if (!rc)
     keydb_stats.found++;
   else
@@ -2105,12 +1941,13 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
  * off.  If you want to search the whole database, then you need to
  * first call keydb_search_reset().  */
 gpg_error_t
-keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
+keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr, size_t fprlen)
 {
   KEYDB_SEARCH_DESC desc;
 
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_FPR;
-  memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN);
+  memcpy (desc.u.fpr, fpr, fprlen);
+  desc.fprlen = fprlen;
   return keydb_search (hd, &desc, 1, NULL);
 }
diff --git a/g10/keydb.h b/g10/keydb.h
index 0f8d711..ed58b94 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -29,11 +29,17 @@
 /* What qualifies as a certification (key-signature in contrast to a
  * data signature)?  Note that a back signature is special and can be
  * made by key and data signatures capable subkeys.) */
-#define IS_CERT(s)       (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \
-                         || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s))
+#define IS_CERT(s)       (IS_KEY_SIG(s)       \
+                          || IS_UID_SIG(s)    \
+                          || IS_SUBKEY_SIG(s) \
+                          || IS_KEY_REV(s)    \
+                          || IS_UID_REV(s)    \
+                          || IS_SUBKEY_REV(s) \
+                          || IS_ATTST_SIGS(s) )
 #define IS_SIG(s)        (!IS_CERT(s))
 #define IS_KEY_SIG(s)    ((s)->sig_class == 0x1f)
 #define IS_UID_SIG(s)    (((s)->sig_class & ~3) == 0x10)
+#define IS_ATTST_SIGS(s) ((s)->sig_class == 0x16)
 #define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
 #define IS_BACK_SIG(s)   ((s)->sig_class == 0x19)
 #define IS_KEY_REV(s)    ((s)->sig_class == 0x20)
@@ -164,6 +170,41 @@ is_in_klist (struct key_item *k, PKT_signature *sig)
 }
 
 
+/*-- call-keyboxd.c --*/
+
+/* Release all open contexts to the keyboxd.  */
+void gpg_keyboxd_deinit_session_data (ctrl_t ctrl);
+
+/* Create a new database handle.  Returns NULL on error, sets ERRNO,
+ * and prints an error diagnostic. */
+KEYDB_HANDLE keydb_new (ctrl_t ctrl);
+
+/* Release a keydb handle.  */
+void keydb_release (KEYDB_HANDLE hd);
+
+/* Take a lock if we are not using the keyboxd.  */
+gpg_error_t keydb_lock (KEYDB_HANDLE hd);
+
+/* Return the keyblock last found by keydb_search.  */
+gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb);
+
+/* Update the keyblock KB.  */
+gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
+
+/* Insert a keyblock into one of the storage system.  */
+gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
+
+/* Delete the currently selected keyblock.  */
+gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
+
+/* Clears the current search result and resets the handle's position.  */
+gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
+
+/* Search the database for keys matching the search description.  */
+gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                          size_t ndesc, size_t *descindex);
+
+
 
 /*-- keydb.c --*/
 
@@ -182,17 +223,6 @@ gpg_error_t keydb_add_resource (const char *url, unsigned int flags);
 /* Dump some statistics to the log.  */
 void keydb_dump_stats (void);
 
-/* Create a new database handle.  Returns NULL on error, sets ERRNO,
-   and prints an error diagnostic. */
-KEYDB_HANDLE keydb_new (void);
-
-/* Free all resources owned by the database handle.  */
-void keydb_release (KEYDB_HANDLE hd);
-
-/* Take a lock on the files immediately and not only during insert or
- * update.  This lock is released with keydb_release.  */
-gpg_error_t keydb_lock (KEYDB_HANDLE hd);
-
 /* Set a flag on the handle to suppress use of cached results.  This
    is required for updating a keyring and for key listings.  Fixme:
    Using a new parameter for keydb_new might be a better solution.  */
@@ -207,18 +237,6 @@ void keydb_pop_found_state (KEYDB_HANDLE hd);
 /* Return the file name of the resource.  */
 const char *keydb_get_resource_name (KEYDB_HANDLE hd);
 
-/* Return the keyblock last found by keydb_search.  */
-gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
-
-/* Update the keyblock KB.  */
-gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
-
-/* Insert a keyblock into one of the underlying keyrings or keyboxes.  */
-gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
-
-/* Delete the currently selected keyblock.  */
-gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
-
 /* Find the first writable resource.  */
 gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd);
 
@@ -229,13 +247,6 @@ void keydb_rebuild_caches (ctrl_t ctrl, int noisy);
    read from a keybox) since the last search reset.  */
 unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
 
-/* Clears the current search result and resets the handle's position.  */
-gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
-
-/* Search the database for keys matching the search description.  */
-gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
-                          size_t ndesc, size_t *descindex);
-
 /* Return the first non-legacy key in the database.  */
 gpg_error_t keydb_search_first (KEYDB_HANDLE hd);
 
@@ -246,16 +257,19 @@ gpg_error_t keydb_search_next (KEYDB_HANDLE hd);
    key id.  */
 gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
 
-/* This is a convenience function for searching for keys with a long
-   (20 byte) fingerprint.  */
-gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
+/* This is a convenience function for searching for keys by
+ * fingerprint.  */
+gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr, size_t fprlen);
 
 
 /*-- pkclist.c --*/
 void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
-int  check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
+gpg_error_t check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock,
+                                    PKT_public_key *pk, PKT_signature *sig);
 
 void release_pk_list (PK_LIST pk_list);
+int expand_id (const char *id, strlist_t *into, unsigned int flags);
+strlist_t expand_group (strlist_t input, int prepend_input);
 int  build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
 gpg_error_t find_and_check_key (ctrl_t ctrl,
                                 const char *name, unsigned int use,
@@ -267,7 +281,8 @@ int  algo_available( preftype_t preftype, int algo,
 int  select_algo_from_prefs( PK_LIST pk_list, int preftype,
 			     int request, const struct pref_hint *hint);
 int  select_mdc_from_pklist (PK_LIST pk_list);
-void warn_missing_mdc_from_pklist (PK_LIST pk_list);
+aead_algo_t select_aead_from_pklist (pk_list_t pk_list);
+void warn_missing_aead_from_pklist (PK_LIST pk_list);
 void warn_missing_aes_from_pklist (PK_LIST pk_list);
 
 /*-- skclist.c --*/
@@ -277,21 +292,19 @@ gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr,
                            SK_LIST *ret_sk_list, unsigned use);
 
 /*-- passphrase.h --*/
-
-/* Flags for passphrase_to_dek */
-#define GETPASSWORD_FLAG_SYMDECRYPT  1
-
-
-unsigned char encode_s2k_iterations (int iterations);
 int  have_static_passphrase(void);
 const char *get_static_passphrase (void);
 void set_passphrase_from_string(const char *pass);
 void read_passphrase_from_fd( int fd );
 void passphrase_clear_cache (const char *cacheid);
+DEK *passphrase_to_dek_ext(u32 *keyid, int pubkey_algo,
+                           int cipher_algo, STRING2KEY *s2k, int mode,
+                           const char *tryagain_text,
+                           const char *custdesc, const char *custprompt,
+                           int *canceled);
 DEK *passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
                         int create, int nocache,
-                        const char *tryagain_text, unsigned int flags,
-                        int *canceled);
+                        const char *tryagain_text, int *canceled);
 void set_next_passphrase( const char *s );
 char *get_last_passphrase(void);
 void next_to_last_passphrase(void);
@@ -323,14 +336,10 @@ gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
 /* Return the public key with the key id KEYID and store it at PK.  */
 int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
 
-/* Same as get_pubkey but with auto LDAP fetch.  */
-gpg_error_t get_pubkey_with_ldap_fallback (ctrl_t ctrl,
-                                           PKT_public_key *pk, u32 * keyid);
-
 /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
    account nor does it merge in the self-signed data.  This function
    also only considers primary keys.  */
-int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
+int get_pubkey_fast (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
 
 /* Return the entire keyblock used to create SIG.  This is a
  * specialized version of get_pubkeyblock.  */
@@ -395,13 +404,14 @@ int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
 /* This function is similar to get_pubkey_byfprint, but it doesn't
    merge the self-signed data into the public key and subkeys or into
    the user ids.  */
-gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk,
+gpg_error_t get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key *pk,
                                       const byte *fprint, size_t fprint_len);
 
 /* This function is similar to get_pubkey_byfprint, but it doesn't
    merge the self-signed data into the public key and subkeys or into
    the user ids.  */
-gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock,
+gpg_error_t get_keyblock_byfprint_fast (ctrl_t ctrl,
+                                        kbnode_t *r_keyblock,
                                         KEYDB_HANDLE *r_hd,
                                         const byte *fprint, size_t fprint_len,
                                         int lock);
@@ -409,7 +419,7 @@ gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock,
 
 /* Returns true if a secret key is available for the public key with
    key id KEYID.  */
-int have_secret_key_with_kid (u32 *keyid);
+int have_secret_key_with_kid (ctrl_t ctrl, u32 *keyid);
 
 /* Parse the --default-key parameter.  Returns the last key (in terms
    of when the option is given) that is available.  */
@@ -457,8 +467,7 @@ char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
 char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
 char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid);
 char *get_user_id_native (ctrl_t ctrl, u32 *keyid);
-char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
-char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
+char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr, size_t fprlen);
 
 void release_akl(void);
 int akl_empty_or_only_local (void);
@@ -532,7 +541,9 @@ unsigned nbits_from_pk( PKT_public_key *pk );
 char *mk_datestr (char *buffer, size_t bufsize, u32 timestamp);
 #define MK_DATESTR_SIZE 11
 
+const char *dateonlystr_from_pk (PKT_public_key *pk);
 const char *datestr_from_pk( PKT_public_key *pk );
+const char *dateonlystr_from_sig( PKT_signature *sig );
 const char *datestr_from_sig( PKT_signature *sig );
 const char *expirestr_from_pk( PKT_public_key *pk );
 const char *expirestr_from_sig( PKT_signature *sig );
@@ -543,6 +554,7 @@ const char *colon_datestr_from_pk (PKT_public_key *pk);
 const char *colon_datestr_from_sig (PKT_signature *sig);
 const char *colon_expirestr_from_sig (PKT_signature *sig);
 byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+void fpr20_from_pk (PKT_public_key *pk, byte array[20]);
 char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
 char *format_hexfingerprint (const char *fingerprint,
                              char *buffer, size_t buflen);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 1cb62de..d07ec65 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -299,11 +299,11 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
           PKT_public_key *pk = keyblock->pkt->pkt.public_key;
           const unsigned char *s;
 
-          s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
+          s = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
           if (s && *s)
             tty_fprintf (fp, "             [primary]\n");
 
-          s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+          s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
           if (s && buf32_to_u32 (s))
             tty_fprintf (fp, "             [expires: %s]\n",
                          isotimestamp (pk->timestamp + buf32_to_u32 (s)));
@@ -1013,7 +1013,8 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 					 node->pkt->pkt.user_id,
 					 NULL,
 					 pk,
-					 0x13, 0, 0, 0,
+					 0x13,
+                                         0, 0,
 					 keygen_add_std_prefs, primary_pk,
                                          NULL);
 	      else
@@ -1021,7 +1022,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 					 node->pkt->pkt.user_id,
 					 NULL,
 					 pk,
-					 class, 0,
+					 class,
 					 timestamp, duration,
 					 sign_mk_attrib, &attrib,
                                          NULL);
@@ -1146,7 +1147,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
           if (err)
             log_log ((gpg_err_code (err) == GPG_ERR_CANCELED
                       || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
-                     ? GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
+                     ? GPGRT_LOGLVL_INFO : GPGRT_LOGLVL_ERROR,
                      _("key %s: error changing passphrase: %s\n"),
                        keystr_with_sub (keyid, subid),
                        gpg_strerror (err));
@@ -1174,6 +1175,8 @@ fix_keyblock (ctrl_t ctrl, kbnode_t *keyblockp)
 
   if (collapse_uids (keyblockp))
     changed++;
+  if (collapse_subkeys (keyblockp))
+    changed++;
   if (key_check_all_keysigs (ctrl, 1, *keyblockp, 0, 1))
     changed++;
   reorder_keyblock (*keyblockp);
@@ -1245,7 +1248,7 @@ enum cmdids
 #endif /*!NO_TRUST_MODELS*/
   cmdSHOWPREF,
   cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
-  cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD,
+  cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdKEYTOTPM, cmdBKUPTOCARD,
   cmdCLEAN, cmdMINIMIZE, cmdGRIP, cmdNOP
 };
 
@@ -1296,6 +1299,8 @@ static struct
     N_("add a key to a smartcard")},
   { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
     N_("move a key to a smartcard")},
+  { "keytotpm", cmdKEYTOTPM, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
+    N_("convert a key to TPM form using the local TPM")},
   { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
     N_("move a backup key to a smartcard")},
 #endif /*ENABLE_CARD_SUPPORT */
@@ -1454,7 +1459,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
     {
       have_anyseckey = !agent_probe_any_secret_key (ctrl, keyblock);
       if (have_anyseckey
-          && !agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key))
+          && agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key))
         {
           /* The primary key is also available.   */
           have_seckey = 1;
@@ -1794,6 +1799,47 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	    }
 	  break;
 
+	case cmdKEYTOTPM:
+	  /* FIXME need to store the key and not commit until later */
+	  {
+	    kbnode_t node = NULL;
+	    switch (count_selected_keys (keyblock))
+	      {
+	      case 0:
+		if (cpr_get_answer_is_yes
+                    ("keyedit.keytocard.use_primary",
+                     /* TRANSLATORS: Please take care: This is about
+                        moving the key and not about removing it.  */
+                     _("Really move the primary key? (y/N) ")))
+		  node = keyblock;
+		break;
+	      case 1:
+		for (node = keyblock; node; node = node->next)
+		  {
+		    if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+			&& node->flag & NODFLG_SELKEY)
+		      break;
+		  }
+		break;
+	      default:
+		tty_printf (_("You must select exactly one key.\n"));
+		break;
+	      }
+	    if (node)
+	      {
+		PKT_public_key *xxpk = node->pkt->pkt.public_key;
+		char *hexgrip;
+
+		hexkeygrip_from_pk (xxpk, &hexgrip);
+		if (!agent_keytotpm (ctrl, hexgrip))
+		  {
+		    redisplay = 1;
+		  }
+		xfree (hexgrip);
+	      }
+	  }
+	  break;
+
 	case cmdKEYTOCARD:
 	  {
 	    KBNODE node = NULL;
@@ -2289,7 +2335,7 @@ quick_find_keyblock (ctrl_t ctrl, const char *username, int want_secret,
   *r_keyblock = NULL;
 
   /* Search the key; we don't want the whole getkey stuff here.  */
-  kdbhd = keydb_new ();
+  kdbhd = keydb_new (ctrl);
   if (!kdbhd)
     {
       /* Note that keydb_new has already used log_error.  */
@@ -2324,7 +2370,8 @@ quick_find_keyblock (ctrl_t ctrl, const char *username, int want_secret,
           /* We require the secret primary key to set the primary UID.  */
           node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
           log_assert (node);
-          err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key);
+          if (!agent_probe_secret_key (ctrl, node->pkt->pkt.public_key))
+            err = gpg_error (GPG_ERR_NO_SECKEY);
         }
     }
   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
@@ -2400,68 +2447,6 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
 }
 
 
-/* Helper to find the UID node for namehash.  On success, returns the UID node.
-   Otherwise, return NULL. */
-kbnode_t
-find_userid_by_namehash (kbnode_t keyblock, const char *namehash)
-{
-  byte hash[NAMEHASH_LEN];
-  kbnode_t node = NULL;
-
-  if (!namehash)
-    goto leave;
-
-  if (strlen (namehash) != NAMEHASH_LEN * 2)
-    goto leave;
-
-  if (hex2bin (namehash, hash, NAMEHASH_LEN) < 0)
-    goto leave;
-
-  for (node = keyblock; node; node = node->next)
-    {
-      if (node->pkt->pkttype == PKT_USER_ID)
-	{
-	  namehash_from_uid (node->pkt->pkt.user_id);
-	  if (!memcmp (node->pkt->pkt.user_id->namehash, hash, NAMEHASH_LEN))
-	    break;
-        }
-    }
-
- leave:
-  return node;
-}
-
-
-/* Helper to find the UID node for uid.  On success, returns the UID node.
-   Otherwise, return NULL. */
-kbnode_t
-find_userid (kbnode_t keyblock, const char *uid)
-{
-  kbnode_t node = NULL;
-  size_t uidlen;
-
-  if (!keyblock || !uid)
-    goto leave;
-
-  /* First try to find UID by namehash. */
-  node = find_userid_by_namehash (keyblock, uid);
-  if (node)
-    goto leave;
-
-  uidlen = strlen (uid);
-  for (node = keyblock; node; node = node->next)
-    {
-      if (node->pkt->pkttype == PKT_USER_ID
-          && uidlen == node->pkt->pkt.user_id->len
-          && !memcmp (node->pkt->pkt.user_id->name, uid, uidlen))
-        break;
-    }
-
- leave:
-  return node;
-}
-
-
 /* Unattended revocation of a keyid.  USERNAME specifies the
    key. UIDTOREV is the user id revoke from the key.  */
 void
@@ -2472,6 +2457,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
   kbnode_t keyblock = NULL;
   kbnode_t node;
   int modified = 0;
+  size_t revlen;
   size_t valid_uids;
 
 #ifdef HAVE_W32_SYSTEM
@@ -2484,7 +2470,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
   if (err)
     goto leave;
 
-  /* To make sure that we do not revoke the last valid UID, we first
+  /* Too make sure that we do not revoke the last valid UID, we first
      count how many valid UIDs there are.  */
   valid_uids = 0;
   for (node = keyblock; node; node = node->next)
@@ -2493,35 +2479,40 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
                    && !node->pkt->pkt.user_id->flags.expired);
 
   /* Find the right UID. */
-  node = find_userid (keyblock, uidtorev);
-  if (node)
+  revlen = strlen (uidtorev);
+  for (node = keyblock; node; node = node->next)
     {
-      struct revocation_reason_info *reason;
-
-      /* Make sure that we do not revoke the last valid UID.  */
-      if (valid_uids == 1
-          && ! node->pkt->pkt.user_id->flags.revoked
-          && ! node->pkt->pkt.user_id->flags.expired)
+      if (node->pkt->pkttype == PKT_USER_ID
+          && revlen == node->pkt->pkt.user_id->len
+          && !memcmp (node->pkt->pkt.user_id->name, uidtorev, revlen))
         {
-          log_error (_("cannot revoke the last valid user ID.\n"));
-          err = gpg_error (GPG_ERR_INV_USER_ID);
-          goto leave;
-        }
+          struct revocation_reason_info *reason;
 
-      reason = get_default_uid_revocation_reason ();
-      err = core_revuid (ctrl, keyblock, node, reason, &modified);
-      release_revocation_reason_info (reason);
-      if (err)
-        goto leave;
-      err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
-      if (err)
-        {
-          log_error (_("update failed: %s\n"), gpg_strerror (err));
+          /* Make sure that we do not revoke the last valid UID.  */
+          if (valid_uids == 1
+              && ! node->pkt->pkt.user_id->flags.revoked
+              && ! node->pkt->pkt.user_id->flags.expired)
+            {
+              log_error (_("cannot revoke the last valid user ID.\n"));
+              err = gpg_error (GPG_ERR_INV_USER_ID);
+              goto leave;
+            }
+
+          reason = get_default_uid_revocation_reason ();
+          err = core_revuid (ctrl, keyblock, node, reason, &modified);
+          release_revocation_reason_info (reason);
+          if (err)
+            goto leave;
+          err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
+          if (err)
+            {
+              log_error (_("update failed: %s\n"), gpg_strerror (err));
+              goto leave;
+            }
+
+          revalidation_mark (ctrl);
           goto leave;
         }
-
-      revalidation_mark (ctrl);
-      goto leave;
     }
   err = gpg_error (GPG_ERR_NO_USER_ID);
 
@@ -2622,9 +2613,7 @@ find_by_primary_fpr (ctrl_t ctrl, const char *fpr,
   *r_kdbhd = NULL;
 
   if (classify_user_id (fpr, &desc, 1)
-      || !(desc.mode == KEYDB_SEARCH_MODE_FPR
-           || desc.mode == KEYDB_SEARCH_MODE_FPR16
-           || desc.mode == KEYDB_SEARCH_MODE_FPR20))
+      || desc.mode != KEYDB_SEARCH_MODE_FPR)
     {
       log_error (_("\"%s\" is not a fingerprint\n"), fpr);
       err = gpg_error (GPG_ERR_INV_NAME);
@@ -2640,19 +2629,9 @@ find_by_primary_fpr (ctrl_t ctrl, const char *fpr,
 
   /* Check that the primary fingerprint has been given. */
   fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen);
-  if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16
-      && !memcmp (fprbin, desc.u.fpr, 16))
-    ;
-  else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR
-           && !memcmp (fprbin, desc.u.fpr, 16)
-           && !desc.u.fpr[16]
-           && !desc.u.fpr[17]
-           && !desc.u.fpr[18]
-           && !desc.u.fpr[19])
-    ;
-  else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20
-                            || desc.mode == KEYDB_SEARCH_MODE_FPR)
-           && !memcmp (fprbin, desc.u.fpr, 20))
+  if (desc.mode == KEYDB_SEARCH_MODE_FPR
+      && fprlen == desc.fprlen
+      && !memcmp (fprbin, desc.u.fpr, fprlen))
     ;
   else
     {
@@ -2952,7 +2931,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
               if (keyid_cmp (pksigtorevkid, sig->keyid))
                 continue; /* Ignore non-matching signatures.  */
 
-              n->flag &= ~NODFLG_MARK_B; /* Clear flag used by cmp_signode. */
+              n->flag &= ~NODFLG_MARK_B; /* Clear flag used by cm_signode. */
               sigarray[sigcount++] = n;
             }
 
@@ -3022,7 +3001,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
 
       err = make_keysig_packet (ctrl, &sig, primarypk,
                                 unode? unode->pkt->pkt.user_id : NULL,
-                                NULL, pksigtorev, 0x30, 0, 0, 0,
+                                NULL, pksigtorev, 0x30, 0, 0,
                                 sign_mk_attrib, &attrib, NULL);
       if (err)
         {
@@ -3210,8 +3189,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr,
 
           /* Parse the fingerprint.  */
           if (classify_user_id (subkeyfprs[idx], &desc, 1)
-              || !(desc.mode == KEYDB_SEARCH_MODE_FPR
-                   || desc.mode == KEYDB_SEARCH_MODE_FPR20))
+              || desc.mode != KEYDB_SEARCH_MODE_FPR)
             {
               log_error (_("\"%s\" is not a proper fingerprint\n"),
                          subkeyfprs[idx] );
@@ -3461,8 +3439,8 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
 	  const byte *pref_ks;
 	  size_t pref_ks_len;
 
-	  pref_ks = parse_sig_subpkt (selfsig->hashed,
-				      SIGSUBPKT_PREF_KS, &pref_ks_len);
+	  pref_ks = parse_sig_subpkt (selfsig, 1,
+                                      SIGSUBPKT_PREF_KS, &pref_ks_len);
 	  if (pref_ks && pref_ks_len)
 	    {
 	      tty_printf ("     ");
@@ -3532,7 +3510,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
 	    }
 
 	  keyid_from_pk (pk, keyid);
-          have_seckey = !agent_probe_secret_key (ctrl, pk);
+          have_seckey = agent_probe_secret_key (ctrl, pk);
 
           if (node->pkt->pkttype == PKT_PUBLIC_KEY)
             es_fputs (have_seckey? "sec:" : "pub:", fp);
@@ -3639,6 +3617,8 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
 		}
 	      if (uid->flags.mdc)
 		es_fputs (",mdc", fp);
+	      if (uid->flags.aead)
+		es_fputs (",aead", fp);
 	      if (!uid->flags.ks_modify)
 		es_fputs (",no-ks-modify", fp);
 	    }
@@ -3815,7 +3795,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
 
 		    algo = gcry_pk_algo_name (pk->revkey[i].algid);
 		    keyid_from_fingerprint (ctrl, pk->revkey[i].fpr,
-					    MAX_FINGERPRINT_LEN, r_keyid);
+					    pk->revkey[i].fprlen, r_keyid);
 
 		    user = get_user_id_string_native (ctrl, r_keyid);
 		    tty_fprintf (fp,
@@ -3986,7 +3966,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
  * a secret key.  This function may be called with KEYBLOCK containing
  * secret keys and thus the printing of "pub" vs. "sec" does only
  * depend on the packet type and not by checking with gpg-agent.  If
- * PRINT_SEC ist set "sec" is printed instead of "pub".  */
+ * PRINT_SEC is set "sec" is printed instead of "pub".  */
 void
 show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec)
 {
@@ -4295,7 +4275,7 @@ menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
       return 0;
     }
 
-  err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
+  err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x13, 0, 0,
                             keygen_add_std_prefs, pk, NULL);
   if (err)
     {
@@ -4606,13 +4586,14 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
       xfree (answer);
 
       fingerprint_from_pk (revoker_pk, revkey.fpr, &fprlen);
-      if (fprlen != 20)
+      if (fprlen != 20 && fprlen != 32)
 	{
 	  log_error (_("cannot appoint a PGP 2.x style key as a "
 		       "designated revoker\n"));
 	  continue;
 	}
 
+      revkey.fprlen = fprlen;
       revkey.class = 0x80;
       if (sensitive)
 	revkey.class |= 0x40;
@@ -4659,7 +4640,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
 	    continue;
 	}
 
-      print_pubkey_info (ctrl, NULL, revoker_pk);
+      print_key_info (ctrl, NULL, 0, revoker_pk, 0);
       print_fingerprint (ctrl, NULL, revoker_pk, 2);
       tty_printf ("\n");
 
@@ -4678,7 +4659,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
       break;
     }
 
-  rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
+  rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, 0x1F, 0, 0,
 			   keygen_add_revkey, &revkey, NULL);
   if (rc)
     {
@@ -5170,10 +5151,10 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
 		  int action;
 
 		  /* See whether this signature has the primary UID flag.  */
-		  p = parse_sig_subpkt (sig->hashed,
+		  p = parse_sig_subpkt (sig, 1,
 					SIGSUBPKT_PRIMARY_UID, NULL);
 		  if (!p)
-		    p = parse_sig_subpkt (sig->unhashed,
+		    p = parse_sig_subpkt (sig, 0,
 					  SIGSUBPKT_PRIMARY_UID, NULL);
 		  if (p && *p)	/* yes */
 		    action = selected ? 0 : -1;
@@ -5386,7 +5367,7 @@ menu_set_keyserver_url (ctrl_t ctrl, const char *url, kbnode_t pub_keyblock)
 		  const byte *p;
 		  size_t plen;
 
-		  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen);
+		  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
 		  if (p && plen)
 		    {
 		      tty_printf ("Current preferred keyserver for user"
@@ -6061,7 +6042,7 @@ menu_revsig (ctrl_t ctrl, kbnode_t keyblock)
 	}
       else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
 	       && ((sig = node->pkt->pkt.signature),
-		   have_secret_key_with_kid (sig->keyid)))
+		   have_secret_key_with_kid (ctrl, sig->keyid)))
 	{
 	  if ((sig->sig_class & ~3) == 0x10)
 	    {
@@ -6100,7 +6081,7 @@ menu_revsig (ctrl_t ctrl, kbnode_t keyblock)
 	}
       else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
 	       && ((sig = node->pkt->pkt.signature),
-		   have_secret_key_with_kid (sig->keyid)))
+		   have_secret_key_with_kid (ctrl, sig->keyid)))
 	{
 	  if ((sig->sig_class & ~3) == 0x10)
 	    {
@@ -6202,7 +6183,7 @@ reloop:			/* (must use this, because we are modifying the list) */
 	}
       rc = make_keysig_packet (ctrl, &sig, primary_pk,
 			       unode->pkt->pkt.user_id,
-			       NULL, signerkey, 0x30, 0, 0, 0,
+			       NULL, signerkey, 0x30, 0, 0,
                                sign_mk_attrib, &attrib, NULL);
       free_public_key (signerkey);
       if (rc)
@@ -6285,7 +6266,7 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
              mksubpkt argument to make_keysig_packet */
           attrib.reason = (struct revocation_reason_info *)reason;
 
-          rc = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x30, 0,
+          rc = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x30,
                                    timestamp, 0,
                                    sign_mk_attrib, &attrib, NULL);
           if (rc)
@@ -6415,7 +6396,7 @@ menu_revkey (ctrl_t ctrl, kbnode_t pub_keyblock)
     return 0;
 
   rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk,
-			   0x20, 0, 0, 0,
+			   0x20, 0, 0,
 			   revocation_reason_build_cb, reason, NULL);
   if (rc)
     {
@@ -6477,7 +6458,7 @@ menu_revsubkey (ctrl_t ctrl, kbnode_t pub_keyblock)
 
 	  node->flag &= ~NODFLG_SELKEY;
 	  rc = make_keysig_packet (ctrl, &sig, mainpk, NULL, subpk, mainpk,
-				   0x28, 0, 0, 0, sign_mk_attrib, &attrib,
+				   0x28, 0, 0, sign_mk_attrib, &attrib,
                                    NULL);
 	  if (rc)
 	    {
diff --git a/g10/keyedit.h b/g10/keyedit.h
index 1aa95c1..b6e5b58 100644
--- a/g10/keyedit.h
+++ b/g10/keyedit.h
@@ -35,6 +35,7 @@
 
 #define NODFLG_MARK_B (1<<11)   /* Temporary mark in key listing code.  */
 
+
 /*-- keyedit.c --*/
 void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 		   strlist_t commands, int quiet, int seckey_check );
diff --git a/g10/keygen.c b/g10/keygen.c
index 80d65c4..bde0f32 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1,6 +1,7 @@
 /* keygen.c - Generate a key pair
  * Copyright (C) 1998-2007, 2009-2011  Free Software Foundation, Inc.
- * Copyright (C) 2014, 2015, 2016  Werner Koch
+ * Copyright (C) 2014, 2015, 2016, 2017, 2018  Werner Koch
+ * Copyright (C) 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -46,10 +47,11 @@
 #include "../common/mbox-util.h"
 
 
-/* The default algorithms. You should also check that the value
-   is inside the bounds enforced by ask_keysize and gen_xxx.  See also
-   get_keysize_range which encodes the allowed ranges.  */
-#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
+/* The default algorithms.  If you change them, you should ensure the
+   value is inside the bounds enforced by ask_keysize and gen_xxx.
+   See also get_keysize_range which encodes the allowed ranges.  The
+   default answer in ask_algo also needs to be adjusted.  */
+#define DEFAULT_STD_KEY_PARAM  "ed25519/cert,sign+cv25519/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
 
 /* When generating keys using the streamlined key generation dialog,
@@ -59,6 +61,7 @@ const char *default_expiration_interval = "2y";
 /* Flag bits used during key generation.  */
 #define KEYGEN_FLAG_NO_PROTECTION 1
 #define KEYGEN_FLAG_TRANSIENT_KEY 2
+#define KEYGEN_FLAG_CREATE_V5_KEY 4
 
 /* Maximum number of supported algorithm preferences.  */
 #define MAX_PREFS 30
@@ -83,7 +86,9 @@ enum para_name {
   pKEYCREATIONDATE, /* Same in seconds since epoch.  */
   pEXPIREDATE,
   pKEYEXPIRE, /* in n seconds */
+  pSUBKEYCREATIONDATE,
   pSUBKEYEXPIRE, /* in n seconds */
+  pAUTHKEYCREATIONDATE,  /* Not yet used.  */
   pPASSPHRASE,
   pSERIALNO,
   pCARDBACKUPKEY,
@@ -91,6 +96,9 @@ enum para_name {
   pKEYSERVER,
   pKEYGRIP,
   pSUBKEYGRIP,
+  pVERSION,     /* Desired version of the key packet.  */
+  pSUBVERSION,  /* Ditto for the subpacket.  */
+  pCARDKEY      /* The keygrips have been taken from active card (bool).  */
 };
 
 struct para_data_s {
@@ -100,6 +108,7 @@ struct para_data_s {
     union {
         u32 expire;
         u32 creation;
+        int abool;
         unsigned int usage;
         struct revocation_key revkey;
         char value[1];
@@ -127,6 +136,9 @@ struct opaque_data_usage_and_pk {
 };
 
 
+/* FIXME: These globals vars are ugly.  And using MAX_PREFS even for
+ * aeads is useless, given that we don't expects more than a very few
+ * algorithms.  */
 static int prefs_initialized = 0;
 static byte sym_prefs[MAX_PREFS];
 static int nsym_prefs;
@@ -134,21 +146,25 @@ static byte hash_prefs[MAX_PREFS];
 static int nhash_prefs;
 static byte zip_prefs[MAX_PREFS];
 static int nzip_prefs;
-static int mdc_available,ks_modify;
+static byte aead_prefs[MAX_PREFS];
+static int naead_prefs;
+static int mdc_available;
+static int ks_modify;
+static int aead_available;
 
 static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
                                      const char *algostr, const char *usagestr,
                                      const char *expirestr,
                                      int *r_algo, unsigned int *r_usage,
                                      u32 *r_expire, unsigned int *r_nbits,
-                                     const char **r_curve,
-                                     char **r_keygrip);
+                                     const char **r_curve, int *r_version,
+                                            char **r_keygrip, u32 *r_keytime);
 static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
                                  struct output_control_s *outctrl, int card );
 static int write_keyblock (iobuf_t out, kbnode_t node);
 static gpg_error_t gen_card_key (int keyno, int algo, int is_primary,
                                  kbnode_t pub_root, u32 *timestamp,
-                                 u32 expireval);
+                                 u32 expireval, int keygen_flags);
 static unsigned int get_keysize_range (int algo,
                                        unsigned int *min, unsigned int *max);
 
@@ -331,6 +347,8 @@ set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
 	  log_info(_("too many digest preferences\n"));
 	else if(type==3)
 	  log_info(_("too many compression preferences\n"));
+	else if(type==4)
+	  log_info(_("too many AEAD preferences\n"));
 	else
 	  BUG();
 
@@ -351,10 +369,10 @@ set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
 int
 keygen_set_std_prefs (const char *string,int personal)
 {
-    byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
-    int nsym=0, nhash=0, nzip=0, val, rc=0;
+    byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS], aead[MAX_PREFS];
+    int nsym=0, nhash=0, nzip=0, naead=0, val, rc=0;
     int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
-    char dummy_string[20*4+1]; /* Enough for 20 items. */
+    char dummy_string[25*4+1]; /* Enough for 25 items. */
 
     if (!string || !ascii_strcasecmp (string, "default"))
       {
@@ -388,6 +406,11 @@ keygen_set_std_prefs (const char *string,int personal)
 	      strcat(dummy_string,"S7 ");
 	    strcat(dummy_string,"S2 "); /* 3DES */
 
+            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+	      strcat(dummy_string,"A2 ");
+            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_EAX))
+	      strcat(dummy_string,"A1 ");
+
             if (personal)
               {
                 /* The default internal hash algo order is:
@@ -441,7 +464,7 @@ keygen_set_std_prefs (const char *string,int personal)
               }
 
             /* In case we have no compress algo at all, declare that
-               we prefer no compresssion.  */
+               we prefer no compression.  */
             if (!any_compress)
               strcat(dummy_string,"Z0 ");
 
@@ -480,6 +503,11 @@ keygen_set_std_prefs (const char *string,int personal)
 		if(set_one_pref(val,3,tok,zip,&nzip))
 		  rc=-1;
 	      }
+	    else if ((val=string_to_aead_algo (tok)))
+	      {
+		if (set_one_pref (val, 4, tok, aead, &naead))
+		  rc = -1;
+	      }
 	    else if (ascii_strcasecmp(tok,"mdc")==0)
 	      mdc=1;
 	    else if (ascii_strcasecmp(tok,"no-mdc")==0)
@@ -525,6 +553,29 @@ keygen_set_std_prefs (const char *string,int personal)
 		    opt.personal_cipher_prefs[i].value = 0;
 		  }
 	      }
+	    else if (personal == PREFTYPE_AEAD)
+	      {
+		xfree(opt.personal_aead_prefs);
+
+		if (!naead)
+		  opt.personal_aead_prefs = NULL;
+		else
+		  {
+		    int i;
+
+		    opt.personal_aead_prefs=
+		      xmalloc(sizeof(prefitem_t *)*(naead+1));
+
+		    for (i=0; i<naead; i++)
+		      {
+			opt.personal_aead_prefs[i].type = PREFTYPE_AEAD;
+			opt.personal_aead_prefs[i].value = sym[i];
+		      }
+
+		    opt.personal_aead_prefs[i].type = PREFTYPE_NONE;
+		    opt.personal_aead_prefs[i].value = 0;
+		  }
+	      }
 	    else if(personal==PREFTYPE_HASH)
 	      {
 		xfree(opt.personal_digest_prefs);
@@ -577,7 +628,9 @@ keygen_set_std_prefs (const char *string,int personal)
 	    memcpy (sym_prefs,  sym,  (nsym_prefs=nsym));
 	    memcpy (hash_prefs, hash, (nhash_prefs=nhash));
 	    memcpy (zip_prefs,  zip,  (nzip_prefs=nzip));
+	    memcpy (aead_prefs, aead,  (naead_prefs=naead));
 	    mdc_available = mdc;
+            aead_available = !!naead;
 	    ks_modify = modify;
 	    prefs_initialized = 1;
 	  }
@@ -586,6 +639,7 @@ keygen_set_std_prefs (const char *string,int personal)
     return rc;
 }
 
+
 /* Return a fake user ID containing the preferences.  Caller must
    free. */
 PKT_user_id *
@@ -599,8 +653,8 @@ keygen_get_std_prefs(void)
 
   uid->ref=1;
 
-  uid->prefs=xmalloc((sizeof(prefitem_t *)*
-		      (nsym_prefs+nhash_prefs+nzip_prefs+1)));
+  uid->prefs = xmalloc ((sizeof(prefitem_t *)*
+                         (nsym_prefs+naead_prefs+nhash_prefs+nzip_prefs+1)));
 
   for(i=0;i<nsym_prefs;i++,j++)
     {
@@ -608,6 +662,12 @@ keygen_get_std_prefs(void)
       uid->prefs[j].value=sym_prefs[i];
     }
 
+  for (i=0; i < naead_prefs; i++, j++)
+    {
+      uid->prefs[j].type = PREFTYPE_AEAD;
+      uid->prefs[j].value = aead_prefs[i];
+    }
+
   for(i=0;i<nhash_prefs;i++,j++)
     {
       uid->prefs[j].type=PREFTYPE_HASH;
@@ -623,8 +683,9 @@ keygen_get_std_prefs(void)
   uid->prefs[j].type=PREFTYPE_NONE;
   uid->prefs[j].value=0;
 
-  uid->flags.mdc=mdc_available;
-  uid->flags.ks_modify=ks_modify;
+  uid->flags.mdc = mdc_available;
+  uid->flags.aead = aead_available;
+  uid->flags.ks_modify = ks_modify;
 
   return uid;
 }
@@ -637,7 +698,7 @@ add_feature_mdc (PKT_signature *sig,int enabled)
     int i;
     char *buf;
 
-    s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
+    s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
     /* Already set or cleared */
     if (s && n &&
 	((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
@@ -670,6 +731,91 @@ add_feature_mdc (PKT_signature *sig,int enabled)
     xfree (buf);
 }
 
+
+static void
+add_feature_aead (PKT_signature *sig, int enabled)
+{
+  const byte *s;
+  size_t n;
+  int i;
+  char *buf;
+
+  s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
+  if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02))))
+    return; /* Already set or cleared */
+
+  if (!s || !n)
+    { /* Create a new one */
+      n = 1;
+      buf = xmalloc_clear (n);
+    }
+  else
+    {
+      buf = xmalloc (n);
+      memcpy (buf, s, n);
+    }
+
+  if (enabled)
+    buf[0] |= 0x02; /* AEAD supported */
+  else
+    buf[0] &= ~0x02;
+
+  /* Are there any bits set? */
+  for (i=0; i < n; i++)
+    if (buf[i])
+      break;
+
+  if (i == n)
+    delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
+  else
+    build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
+
+  xfree (buf);
+}
+
+
+static void
+add_feature_v5 (PKT_signature *sig, int enabled)
+{
+  const byte *s;
+  size_t n;
+  int i;
+  char *buf;
+
+  s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
+  if (s && n && ((enabled && (s[0] & 0x04)) || (!enabled && !(s[0] & 0x04))))
+    return; /* Already set or cleared */
+
+  if (!s || !n)
+    { /* Create a new one */
+      n = 1;
+      buf = xmalloc_clear (n);
+    }
+  else
+    {
+      buf = xmalloc (n);
+      memcpy (buf, s, n);
+    }
+
+  if (enabled)
+    buf[0] |= 0x04; /* v5 key supported */
+  else
+    buf[0] &= ~0x04;
+
+  /* Are there any bits set? */
+  for (i=0; i < n; i++)
+    if (buf[i])
+      break;
+
+  if (i == n)
+    delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
+  else
+    build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
+
+  xfree (buf);
+}
+
+
 static void
 add_keyserver_modify (PKT_signature *sig,int enabled)
 {
@@ -681,7 +827,7 @@ add_keyserver_modify (PKT_signature *sig,int enabled)
   /* The keyserver modify flag is a negative flag (i.e. no-modify) */
   enabled=!enabled;
 
-  s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
+  s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n );
   /* Already set or cleared */
   if (s && n &&
       ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
@@ -731,6 +877,14 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
       delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
     }
 
+  if (naead_prefs)
+    build_sig_subpkt (sig, SIGSUBPKT_PREF_AEAD, aead_prefs, naead_prefs);
+  else
+    {
+      delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD);
+      delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_AEAD);
+    }
+
   if (nhash_prefs)
     build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
   else
@@ -749,6 +903,8 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
 
   /* Make sure that the MDC feature flag is set if needed.  */
   add_feature_mdc (sig,mdc_available);
+  add_feature_aead (sig, aead_available);
+  add_feature_v5 (sig, opt.flags.rfc4880bis);
   add_keyserver_modify (sig,ks_modify);
   keygen_add_keyserver_url(sig,NULL);
 
@@ -844,11 +1000,13 @@ keygen_add_revkey (PKT_signature *sig, void *opaque)
   struct revocation_key *revkey = opaque;
   byte buf[2+MAX_FINGERPRINT_LEN];
 
+  log_assert (revkey->fprlen <= MAX_FINGERPRINT_LEN);
   buf[0] = revkey->class;
   buf[1] = revkey->algid;
-  memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN);
+  memcpy (buf + 2, revkey->fpr, revkey->fprlen);
+  memset (buf + 2 + revkey->fprlen, 0, sizeof (revkey->fpr) - revkey->fprlen);
 
-  build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN);
+  build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+revkey->fprlen);
 
   /* All sigs with revocation keys set are nonrevocable.  */
   sig->flags.revocable = 0;
@@ -875,7 +1033,7 @@ make_backsig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pk,
   cache_public_key (sub_pk);
 
   err = make_keysig_packet (ctrl, &backsig, pk, NULL, sub_pk, sub_psk, 0x19,
-                            0, timestamp, 0, NULL, NULL, cache_nonce);
+                            timestamp, 0, NULL, NULL, cache_nonce);
   if (err)
     log_error ("make_keysig_packet failed for backsig: %s\n",
                gpg_strerror (err));
@@ -983,7 +1141,7 @@ write_direct_sig (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
 
   /* Make the signature.  */
   err = make_keysig_packet (ctrl, &sig, pk, NULL,NULL, psk, 0x1F,
-                            0, timestamp, 0,
+                            timestamp, 0,
                             keygen_add_revkey, revkey, cache_nonce);
   if (err)
     {
@@ -1038,7 +1196,7 @@ write_selfsigs (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
 
   /* Make the signature.  */
   err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, psk, 0x13,
-                            0, timestamp, 0,
+                            timestamp, 0,
                             keygen_add_std_prefs, pk, cache_nonce);
   if (err)
     {
@@ -1098,7 +1256,7 @@ write_keybinding (ctrl_t ctrl, kbnode_t root,
   oduap.usage = use;
   oduap.pk = sub_pk;
   err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
-                            0, timestamp, 0,
+                            timestamp, 0,
                             keygen_add_key_flags_and_expire, &oduap,
                             cache_nonce);
   if (err)
@@ -1172,19 +1330,10 @@ ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo)
   if (err)
     goto leave;
 
-  l2 = gcry_sexp_find_token (list, "q", 0);
-  if (!l2)
-    {
-      err = gpg_error (GPG_ERR_NO_OBJ);
-      goto leave;
-    }
-  array[1] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
-  gcry_sexp_release (l2);
-  if (!array[1])
-    {
-      err = gpg_error (GPG_ERR_INV_OBJ);
-      goto leave;
-    }
+  err = sexp_extract_param_sos (list, "q", &array[1]);
+  if (err)
+    goto leave;
+
   gcry_sexp_release (list);
 
   if (algo == PUBKEY_ALGO_ECDH)
@@ -1265,11 +1414,13 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
 
 
 /* Create a keyblock using the given KEYGRIP.  ALGO is the OpenPGP
-   algorithm of that keygrip.  */
+ * algorithm of that keygrip.  If CARDKEY is true the key is expected
+ * to already live on the active card.  */
 static int
-do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
+do_create_from_keygrip (ctrl_t ctrl, int algo,
+                        const char *hexkeygrip, int cardkey,
                         kbnode_t pub_root, u32 timestamp, u32 expireval,
-                        int is_subkey)
+                        int is_subkey, int keygen_flags)
 {
   int err;
   PACKET *pkt;
@@ -1293,18 +1444,25 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
 
 
   /* Ask the agent for the public key matching HEXKEYGRIP.  */
-  {
-    unsigned char *public;
+  if (cardkey)
+    {
+      err = agent_scd_readkey (ctrl, hexkeygrip, &s_key, NULL);
+      if (err)
+        return err;
+    }
+  else
+    {
+      unsigned char *public;
 
-    err = agent_readkey (ctrl, 0, hexkeygrip, &public);
-    if (err)
-      return err;
-    err = gcry_sexp_sscan (&s_key, NULL,
-                           public, gcry_sexp_canon_len (public, 0, NULL, NULL));
-    xfree (public);
-    if (err)
-      return err;
-  }
+      err = agent_readkey (ctrl, 0, hexkeygrip, &public);
+      if (err)
+        return err;
+      err = gcry_sexp_sscan (&s_key, NULL, public,
+                               gcry_sexp_canon_len (public, 0, NULL, NULL));
+      xfree (public);
+      if (err)
+        return err;
+    }
 
   /* Build a public key packet.  */
   pk = xtrycalloc (1, sizeof *pk);
@@ -1316,7 +1474,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
     }
 
   pk->timestamp = timestamp;
-  pk->version = 4;
+  pk->version = (keygen_flags & KEYGEN_FLAG_CREATE_V5_KEY)? 5 : 4;
   if (expireval)
     pk->expiredate = pk->timestamp + expireval;
   pk->pubkey_algo = algo;
@@ -1383,7 +1541,7 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
     }
 
   pk->timestamp = timestamp;
-  pk->version = 4;
+  pk->version = (keygen_flags & KEYGEN_FLAG_CREATE_V5_KEY)? 5 : 4;
   if (expireval)
     pk->expiredate = pk->timestamp + expireval;
   pk->pubkey_algo = algo;
@@ -1591,16 +1749,27 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
     curve = "Curve25519";
   else if (!ascii_strcasecmp (curve, "ed25519"))
     curve = "Ed25519";
+  else if (!ascii_strcasecmp (curve, "cv448"))
+    curve = "X448";
+  else if (!ascii_strcasecmp (curve, "ed448"))
+    curve = "Ed448";
 
   /* Note that we use the "comp" flag with EdDSA to request the use of
      a 0x40 compression prefix octet.  */
-  if (algo == PUBKEY_ALGO_EDDSA)
+  if (algo == PUBKEY_ALGO_EDDSA && !strcmp (curve, "Ed25519"))
     keyparms = xtryasprintf
       ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
        strlen (curve), curve,
        (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
          && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
         " transient-key" : ""));
+  else if (algo == PUBKEY_ALGO_EDDSA && !strcmp (curve, "Ed448"))
+    keyparms = xtryasprintf
+      ("(genkey(ecc(curve %zu:%s)(flags comp%s)))",
+       strlen (curve), curve,
+       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+        " transient-key" : ""));
   else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
     keyparms = xtryasprintf
       ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))",
@@ -1608,6 +1777,13 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
        (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
          && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
         " transient-key" : ""));
+  else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "X448"))
+    keyparms = xtryasprintf
+      ("(genkey(ecc(curve %zu:%s)(flags comp%s)))",
+       strlen (curve), curve,
+       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+        " transient-key" : ""));
   else
     keyparms = xtryasprintf
       ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
@@ -1763,8 +1939,14 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
     }
 
   /* Mask the possible usage flags.  This is for example used for a
-   * card based key.  */
+   * card based key.  For ECDH we need to allows additional usages if
+   * they are provided. */
   possible = (openpgp_pk_algo_usage (algo) & mask);
+  if (algo == PUBKEY_ALGO_ECDH)
+    possible |= (current & (PUBKEY_USAGE_ENC
+                            |PUBKEY_USAGE_CERT
+                            |PUBKEY_USAGE_SIG
+                            |PUBKEY_USAGE_AUTH));
 
   /* However, only primary keys may certify. */
   if (subkey)
@@ -1781,10 +1963,11 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
   for (;;)
     {
       tty_printf("\n");
-      tty_printf(_("Possible actions for a %s key: "),
-                 (algo == PUBKEY_ALGO_ECDSA
+      tty_printf(_("Possible actions for this %s key: "),
+                 (algo == PUBKEY_ALGO_ECDH
+                  || algo == PUBKEY_ALGO_ECDSA
                   || algo == PUBKEY_ALGO_EDDSA)
-                 ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo));
+                 ? "ECC" : openpgp_pk_algo_name (algo));
       print_key_flags(possible);
       tty_printf("\n");
       tty_printf(_("Current allowed actions: "));
@@ -1896,7 +2079,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
   algo = get_pk_algo_from_canon_sexp (public, publiclen);
   xfree (public);
 
-  return map_pk_gcry_to_openpgp (algo);
+  return map_gcry_pk_to_openpgp (algo);
 }
 
 
@@ -1908,17 +2091,20 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
  * algorithm is stored at R_SUBKEY_ALGO.  If R_KEYGRIP is given, the
  * user has the choice to enter the keygrip of an existing key.  That
  * keygrip is then stored at this address.  The caller needs to free
- * it. */
+ * it.  If R_CARDKEY is not NULL and the keygrip has been taken from
+ * an active card, true is stored there; if R_KEYTIME is not NULL the
+ * creation time of that key is then stored there.  */
 static int
 ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
-          char **r_keygrip)
+          char **r_keygrip, int *r_cardkey, u32 *r_keytime)
 {
   gpg_error_t err;
   char *keygrip = NULL;
+  u32 keytime = 0;
   char *answer = NULL;
+  int cardkey = 0;
   int algo;
   int dummy_algo;
-  char *p;
 
   if (!r_subkey_algo)
     r_subkey_algo = &dummy_algo;
@@ -1927,50 +2113,49 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
 
 #if GPG_USE_RSA
   if (!addmode)
-    tty_printf (_("   (%d) RSA and RSA (default)\n"), 1 );
+    tty_printf (_("   (%d) RSA and RSA%s\n"), 1, "");
 #endif
 
   if (!addmode && opt.compliance != CO_DE_VS)
-    tty_printf (_("   (%d) DSA and Elgamal\n"), 2 );
+    tty_printf (_("   (%d) DSA and Elgamal%s\n"), 2, "");
 
   if (opt.compliance != CO_DE_VS)
-    tty_printf (_("   (%d) DSA (sign only)\n"), 3 );
+    tty_printf (_("   (%d) DSA (sign only)%s\n"), 3, "");
 #if GPG_USE_RSA
-  tty_printf (_("   (%d) RSA (sign only)\n"), 4 );
+  tty_printf (_("   (%d) RSA (sign only)%s\n"), 4, "");
 #endif
 
   if (addmode)
     {
       if (opt.compliance != CO_DE_VS)
-        tty_printf (_("   (%d) Elgamal (encrypt only)\n"), 5 );
+        tty_printf (_("   (%d) Elgamal (encrypt only)%s\n"), 5, "");
 #if GPG_USE_RSA
-      tty_printf (_("   (%d) RSA (encrypt only)\n"), 6 );
+      tty_printf (_("   (%d) RSA (encrypt only)%s\n"), 6, "");
 #endif
     }
   if (opt.expert)
     {
       if (opt.compliance != CO_DE_VS)
-        tty_printf (_("   (%d) DSA (set your own capabilities)\n"), 7 );
+        tty_printf (_("   (%d) DSA (set your own capabilities)%s\n"), 7, "");
 #if GPG_USE_RSA
-      tty_printf (_("   (%d) RSA (set your own capabilities)\n"), 8 );
+      tty_printf (_("   (%d) RSA (set your own capabilities)%s\n"), 8, "");
 #endif
     }
 
 #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
-  if (opt.expert && !addmode)
-    tty_printf (_("   (%d) ECC and ECC\n"), 9 );
-  if (opt.expert)
-    tty_printf (_("  (%d) ECC (sign only)\n"), 10 );
+  if (!addmode)
+    tty_printf (_("   (%d) ECC (sign and encrypt)%s\n"), 9, _(" *default*") );
+  tty_printf (_("  (%d) ECC (sign only)\n"), 10 );
   if (opt.expert)
-    tty_printf (_("  (%d) ECC (set your own capabilities)\n"), 11 );
-  if (opt.expert && addmode)
-    tty_printf (_("  (%d) ECC (encrypt only)\n"), 12 );
+    tty_printf (_("  (%d) ECC (set your own capabilities)%s\n"), 11, "");
+  if (addmode)
+    tty_printf (_("  (%d) ECC (encrypt only)%s\n"), 12, "");
 #endif
 
   if (opt.expert && r_keygrip)
-    tty_printf (_("  (%d) Existing key\n"), 13 );
+    tty_printf (_("  (%d) Existing key%s\n"), 13, "");
   if (r_keygrip)
-    tty_printf (_("  (%d) Existing key from card\n"), 14 );
+    tty_printf (_("  (%d) Existing key from card%s\n"), 14, "");
 
   for (;;)
     {
@@ -1979,7 +2164,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
       xfree (answer);
       answer = cpr_get ("keygen.algo", _("Your selection? "));
       cpr_kill_prompt ();
-      algo = *answer? atoi (answer) : 1;
+      algo = *answer? atoi (answer) : 9;  /* Default algo is 9 */
 
       if (opt.compliance == CO_DE_VS
           && (algo == 2 || algo == 3 || algo == 5 || algo == 7))
@@ -2035,13 +2220,13 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           break;
 	}
       else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
-               && opt.expert && !addmode)
+               && !addmode)
         {
           algo = PUBKEY_ALGO_ECDSA;
           *r_subkey_algo = PUBKEY_ALGO_ECDH;
           break;
 	}
-      else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
+      else if ((algo == 10 || !strcmp (answer, "ecc/s")))
         {
           algo = PUBKEY_ALGO_ECDSA;
           *r_usage = PUBKEY_USAGE_SIG;
@@ -2054,7 +2239,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           break;
 	}
       else if ((algo == 12 || !strcmp (answer, "ecc/e"))
-               && opt.expert && addmode)
+               && addmode)
         {
           algo = PUBKEY_ALGO_ECDH;
           *r_usage = PUBKEY_USAGE_ENC;
@@ -2066,8 +2251,8 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           for (;;)
             {
               xfree (answer);
-              answer = cpr_get ("keygen.keygrip", _("Enter the keygrip: "));
-              cpr_kill_prompt ();
+              answer = tty_get (_("Enter the keygrip: "));
+              tty_kill_prompt ();
               trim_spaces (answer);
               if (!*answer)
                 {
@@ -2094,7 +2279,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
       else if ((algo == 14 || !strcmp (answer, "cardkey")) && r_keygrip)
         {
           char *serialno;
-          strlist_t keypairlist, sl;
+          keypair_info_t keypairlist, kpi;
           int count, selection;
 
           err = agent_scd_serialno (&serialno, NULL);
@@ -2107,7 +2292,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
           tty_printf (_("Serial number of the card: %s\n"), serialno);
           xfree (serialno);
 
-          err = agent_scd_keypairinfo (ctrl, &keypairlist);
+          err = agent_scd_keypairinfo (ctrl, NULL, &keypairlist);
           if (err)
             {
               tty_printf (_("error reading the card: %s\n"),
@@ -2117,65 +2302,79 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
 
           do
             {
+              char *authkeyref, *encrkeyref, *signkeyref;
+
+              agent_scd_getattr_one ("$AUTHKEYID", &authkeyref);
+              agent_scd_getattr_one ("$ENCRKEYID", &encrkeyref);
+              agent_scd_getattr_one ("$SIGNKEYID", &signkeyref);
+
               tty_printf (_("Available keys:\n"));
-              for (count=1,sl=keypairlist; sl; sl = sl->next, count++)
+              for (count=1, kpi=keypairlist; kpi; kpi = kpi->next, count++)
                 {
                   gcry_sexp_t s_pkey;
                   char *algostr = NULL;
                   enum gcry_pk_algos algoid = 0;
-                  const char *keyref;
+                  const char *keyref = kpi->idstr;
                   int any = 0;
 
-                  keyref = strchr (sl->d, ' ');
-                  if (keyref)
+                  if (keyref
+                      && !agent_scd_readkey (ctrl, keyref, &s_pkey, NULL))
                     {
-                      keyref++;
-                      if (!agent_scd_readkey (keyref, &s_pkey))
-                        {
-                          algostr = pubkey_algo_string (s_pkey, &algoid);
-                          gcry_sexp_release (s_pkey);
-                        }
+                      algostr = pubkey_algo_string (s_pkey, &algoid);
+                      gcry_sexp_release (s_pkey);
+                    }
+
+                  /* We need to tweak the algo in case GCRY_PK_ECC is
+                   * returned because pubkey_algo_string is not aware
+                   * of the OpenPGP algo mapping.  We need to
+                   * distinguish between ECDH and ECDSA but we can do
+                   * that only if we got usage flags.
+                   * Note: Keep this in sync with parse_key_parameter_part.
+                   */
+                  if (algoid == GCRY_PK_ECC && algostr)
+                    {
+                      if (!strcmp (algostr, "ed25519"))
+                        kpi->algo = PUBKEY_ALGO_EDDSA;
+                      else if (!strcmp (algostr, "ed448"))
+                        kpi->algo = PUBKEY_ALGO_EDDSA;
+                      else if (!strcmp (algostr, "cv25519"))
+                        kpi->algo = PUBKEY_ALGO_ECDH;
+                      else if (!strcmp (algostr, "cv448"))
+                        kpi->algo = PUBKEY_ALGO_ECDH;
+                      else if ((kpi->usage & GCRY_PK_USAGE_ENCR))
+                        kpi->algo = PUBKEY_ALGO_ECDH;
+                      else
+                        kpi->algo = PUBKEY_ALGO_ECDSA;
                     }
-                  /* We use the flags also encode the algo for use
-                   * below.  We need to tweak the algo in case
-                   * GCRY_PK_ECC is returned becuase pubkey_algo_string
-                   * is not aware of the OpenPGP algo mapping.
-                   * FIXME: This is an ugly hack. */
-                  sl->flags &= 0xff;
-                  if (algoid == GCRY_PK_ECC
-                      && algostr && !strncmp (algostr, "nistp", 5)
-                      && !(sl->flags & GCRY_PK_USAGE_ENCR))
-                    sl->flags |= (PUBKEY_ALGO_ECDSA << 8);
-                  else if (algoid == GCRY_PK_ECC
-                      && algostr && !strncmp (algostr, "brainpool", 9)
-                      && !(sl->flags & GCRY_PK_USAGE_ENCR))
-                    sl->flags |= (PUBKEY_ALGO_ECDSA << 8);
-                  else if (algoid == GCRY_PK_ECC
-                           && algostr && !strcmp (algostr, "ed25519")
-                           && !(sl->flags & GCRY_PK_USAGE_ENCR))
-                    sl->flags = (PUBKEY_ALGO_EDDSA << 8);
                   else
-                    sl->flags |= (map_pk_gcry_to_openpgp (algoid) << 8);
+                    kpi->algo = map_gcry_pk_to_openpgp (algoid);
 
-                  tty_printf ("   (%d) %s %s", count, sl->d, algostr);
-                  if ((sl->flags & GCRY_PK_USAGE_CERT))
+                  tty_printf ("   (%d) %s %s %s",
+                              count, kpi->keygrip, keyref, algostr);
+                  if ((kpi->usage & GCRY_PK_USAGE_CERT))
                     {
                       tty_printf ("%scert", any?",":" (");
                       any = 1;
                     }
-                  if ((sl->flags & GCRY_PK_USAGE_SIGN))
+                  if ((kpi->usage & GCRY_PK_USAGE_SIGN))
                     {
-                      tty_printf ("%ssign", any?",":" (");
+                      tty_printf ("%ssign%s", any?",":" (",
+                                  (signkeyref && keyref
+                                   && !strcmp (signkeyref, keyref))? "*":"");
                       any = 1;
                     }
-                  if ((sl->flags & GCRY_PK_USAGE_AUTH))
+                  if ((kpi->usage & GCRY_PK_USAGE_AUTH))
                     {
-                      tty_printf ("%sauth", any?",":" (");
+                      tty_printf ("%sauth%s", any?",":" (",
+                                  (authkeyref && keyref
+                                   && !strcmp (authkeyref, keyref))? "*":"");
                       any = 1;
                     }
-                  if ((sl->flags & GCRY_PK_USAGE_ENCR))
+                  if ((kpi->usage & GCRY_PK_USAGE_ENCR))
                     {
-                      tty_printf ("%sencr", any?",":" (");
+                      tty_printf ("%sencr%s", any?",":" (",
+                                  (encrkeyref && keyref
+                                   && !strcmp (encrkeyref, keyref))? "*":"");
                       any = 1;
                     }
                   tty_printf ("%s\n", any?")":"");
@@ -2187,35 +2386,39 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
               cpr_kill_prompt ();
               trim_spaces (answer);
               selection = atoi (answer);
+              xfree (authkeyref);
+              xfree (encrkeyref);
+              xfree (signkeyref);
             }
           while (!(selection > 0 && selection < count));
 
-          for (count=1,sl=keypairlist; sl; sl = sl->next, count++)
+          for (count=1,kpi=keypairlist; kpi; kpi = kpi->next, count++)
             if (count == selection)
               break;
-          if (!sl)
+          if (!kpi)
             {
               /* Just in case COUNT is zero (no keys).  */
-              free_strlist (keypairlist);
+              free_keypair_info (keypairlist);
               goto ask_again;
             }
 
           xfree (keygrip);
-          keygrip = xstrdup (sl->d);
-          if ((p = strchr (keygrip, ' ')))
-            *p = 0;
-          algo = (sl->flags >>8);
+          keygrip = xstrdup (kpi->keygrip);
+          cardkey = 1;
+          algo = kpi->algo;
+          keytime = kpi->keytime;
+
+          /* In expert mode allow to change the usage flags.  */
           if (opt.expert)
             *r_usage = ask_key_flags_with_mask (algo, addmode,
-                                                (sl->flags & 0xff),
-                                                (sl->flags & 0xff));
+                                                kpi->usage, kpi->usage);
           else
             {
-              *r_usage = (sl->flags & 0xff);
+              *r_usage = kpi->usage;
               if (addmode)
                 *r_usage &= ~GCRY_PK_USAGE_CERT;
             }
-          free_strlist (keypairlist);
+          free_keypair_info (keypairlist);
           break;
 	}
       else
@@ -2228,6 +2431,10 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
   xfree(answer);
   if (r_keygrip)
     *r_keygrip = keygrip;
+  if (r_cardkey)
+    *r_cardkey = cardkey;
+  if (r_keytime)
+    *r_keytime = keytime;
   return algo;
 }
 
@@ -2405,11 +2612,11 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
 # define MY_USE_ECDSADH 0
 #endif
     { "Curve25519",      "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 },
-    { "Curve448",        "Ed448",   "Curve 448",   0/*reserved*/  , 0, 1, 0 },
+    { "X448",            "Ed448",   "Curve 448",   !!GPG_USE_EDDSA, 0, 1, 0 },
     { "NIST P-256",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
     { "NIST P-384",      NULL, NULL,               MY_USE_ECDSADH,  0, 0, 0 },
     { "NIST P-521",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
-    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 1, 0 },
+    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 0, 0 },
     { "brainpoolP384r1", NULL, "Brainpool P-384",  MY_USE_ECDSADH,  1, 1, 0 },
     { "brainpoolP512r1", NULL, "Brainpool P-512",  MY_USE_ECDSADH,  1, 1, 0 },
     { "secp256k1",       NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
@@ -2465,9 +2672,10 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
         }
 
       curves[idx].available = 1;
-      tty_printf ("   (%d) %s\n", idx + 1,
+      tty_printf ("   (%d) %s%s\n", idx + 1,
                   curves[idx].pretty_name?
-                  curves[idx].pretty_name:curves[idx].name);
+                  curves[idx].pretty_name:curves[idx].name,
+                  idx == 0? _(" *default*"):"");
     }
   gcry_sexp_release (keyparms);
 
@@ -2984,7 +3192,7 @@ ask_user_id (int mode, int full, KBNODE keyblock)
 /* Basic key generation.  Here we divert to the actual generation
    routines based on the requested algorithm.  */
 static int
-do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
+do_create (int algo, unsigned int nbits, const char *curve, kbnode_t pub_root,
            u32 timestamp, u32 expiredate, int is_subkey,
            int keygen_flags, const char *passphrase,
            char **cache_nonce_addr, char **passwd_nonce_addr)
@@ -3056,21 +3264,25 @@ generate_user_id (KBNODE keyblock, const char *uidstr)
 }
 
 
-/* Helper for parse_key_parameter_string for one part of the
+/* Helper for parse_key_parameter_part_parameter_string for one part of the
  * specification string; i.e.  ALGO/FLAGS.  If STRING is NULL or empty
  * success is returned.  On error an error code is returned.  Note
  * that STRING may be modified by this function.  NULL may be passed
  * for any parameter.  FOR_SUBKEY shall be true if this is used as a
  * subkey.  If CLEAR_CERT is set a default CERT usage will be cleared;
  * this is useful if for example the default algorithm is used for a
- * subkey.  */
+ * subkey.  If R_KEYVERSION is not NULL it will receive the version of
+ * the key; this is currently 4 but can be changed with the flag "v5"
+ * to create a v5 key.  If R_KEYTIME is not NULL and the key has been
+ * taken from active OpenPGP card, its creation time is stored
+ * there.  */
 static gpg_error_t
 parse_key_parameter_part (ctrl_t ctrl,
                           char *string, int for_subkey, int clear_cert,
                           int *r_algo, unsigned int *r_size,
                           unsigned int *r_keyuse,
-                          char const **r_curve,
-                          char **r_keygrip)
+                          char const **r_curve, int *r_keyversion,
+                          char **r_keygrip, u32 *r_keytime)
 {
   gpg_error_t err;
   char *flags;
@@ -3080,10 +3292,12 @@ parse_key_parameter_part (ctrl_t ctrl,
   int ecdh_or_ecdsa = 0;
   unsigned int size;
   int keyuse;
+  int keyversion = 4;
   int i;
   const char *s;
   int from_card = 0;
   char *keygrip = NULL;
+  u32 keytime = 0;
 
   if (!string || !*string)
     return 0; /* Success.  */
@@ -3185,6 +3399,13 @@ parse_key_parameter_part (ctrl_t ctrl,
                   return gpg_error (GPG_ERR_INV_FLAG);
                 }
             }
+          else if (!ascii_strcasecmp (s, "v5"))
+            {
+              if (opt.flags.rfc4880bis)
+                keyversion = 5;
+            }
+          else if (!ascii_strcasecmp (s, "v4"))
+            keyversion = 4;
           else
             {
               xfree (tokens);
@@ -3199,7 +3420,7 @@ parse_key_parameter_part (ctrl_t ctrl,
    * to read the algo from the current card.  */
   if (from_card)
     {
-      strlist_t keypairlist, sl;
+      keypair_info_t keypairlist, kpi;
       char *reqkeyref;
 
       if (!keyuse)
@@ -3221,7 +3442,7 @@ parse_key_parameter_part (ctrl_t ctrl,
         xfree (serialno);
       }
 
-      err = agent_scd_keypairinfo (ctrl, &keypairlist);
+      err = agent_scd_keypairinfo (ctrl, NULL, &keypairlist);
       if (err)
         {
           log_error (_("error reading the card: %s\n"), gpg_strerror (err));
@@ -3231,70 +3452,76 @@ parse_key_parameter_part (ctrl_t ctrl,
                              ? "$SIGNKEYID":"$ENCRKEYID", &reqkeyref);
 
       algo = 0; /* Should already be the case.  */
-      for (sl=keypairlist; sl && !algo; sl = sl->next)
+      for (kpi=keypairlist; kpi && !algo; kpi = kpi->next)
         {
           gcry_sexp_t s_pkey;
           char *algostr = NULL;
           enum gcry_pk_algos algoid = 0;
-          const char *keyref;
+          const char *keyref = kpi->idstr;
 
           if (!reqkeyref)
             continue; /* Card does not provide the info (skip all).  */
 
-          keyref = strchr (sl->d, ' ');
           if (!keyref)
             continue; /* Ooops.  */
-          keyref++;
           if (strcmp (reqkeyref, keyref))
             continue;  /* This is not the requested keyref.  */
 
           if ((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT))
-              && (sl->flags & (GCRY_PK_USAGE_SIGN|GCRY_PK_USAGE_CERT)))
+              && (kpi->usage & (GCRY_PK_USAGE_SIGN|GCRY_PK_USAGE_CERT)))
             ; /* Okay */
           else if ((keyuse & PUBKEY_USAGE_ENC)
-                   && (sl->flags & GCRY_PK_USAGE_ENCR))
+                   && (kpi->usage & GCRY_PK_USAGE_ENCR))
             ; /* Okay */
           else
             continue; /* Not usable for us.  */
 
-          if (agent_scd_readkey (keyref, &s_pkey))
+          if (agent_scd_readkey (ctrl, keyref, &s_pkey, NULL))
             continue;  /* Could not read the key.  */
 
           algostr = pubkey_algo_string (s_pkey, &algoid);
           gcry_sexp_release (s_pkey);
 
-
           /* Map to OpenPGP algo number.
-           * We need to tweak the algo in case GCRY_PK_ECC is returned
-           * because pubkey_algo_string is not aware of the OpenPGP
-           * algo mapping.  FIXME: This is an ugly hack. */
-          if (algoid == GCRY_PK_ECC
-              && algostr && !strncmp (algostr, "nistp", 5)
-              && !(sl->flags & GCRY_PK_USAGE_ENCR))
-            algo = PUBKEY_ALGO_ECDSA;
-          else if (algoid == GCRY_PK_ECC
-                   && algostr && !strcmp (algostr, "ed25519")
-                   && !(sl->flags & GCRY_PK_USAGE_ENCR))
-            algo = PUBKEY_ALGO_EDDSA;
+           * We need to tweak the algo in case GCRY_PK_ECC is
+           * returned because pubkey_algo_string is not aware
+           * of the OpenPGP algo mapping.  We need to
+           * distinguish between ECDH and ECDSA but we can do
+           * that only if we got usage flags.
+           * Note: Keep this in sync with ask_algo.  */
+          if (algoid == GCRY_PK_ECC && algostr)
+            {
+              if (!strcmp (algostr, "ed25519"))
+                algo = PUBKEY_ALGO_EDDSA;
+              else if (!strcmp (algostr, "ed448"))
+                algo = PUBKEY_ALGO_EDDSA;
+              else if (!strcmp (algostr, "cv25519"))
+                algo = PUBKEY_ALGO_ECDH;
+              else if (!strcmp (algostr, "cv448"))
+                algo = PUBKEY_ALGO_ECDH;
+              else if ((kpi->usage & GCRY_PK_USAGE_ENCR))
+                algo = PUBKEY_ALGO_ECDH;
+              else
+                algo = PUBKEY_ALGO_ECDSA;
+            }
           else
-            algo = map_pk_gcry_to_openpgp (algoid);
+            algo = map_gcry_pk_to_openpgp (algoid);
 
           xfree (algostr);
           xfree (keygrip);
-          keygrip = xtrystrdup (sl->d);
+          keygrip = xtrystrdup (kpi->keygrip);
           if (!keygrip)
             {
               err = gpg_error_from_syserror ();
               xfree (reqkeyref);
-              free_strlist (keypairlist);
+              free_keypair_info (keypairlist);
               return err;
             }
-          if ((endp = strchr (keygrip, ' ')))
-            *endp = 0;
+          keytime = kpi->keytime;
         }
 
       xfree (reqkeyref);
-      free_strlist (keypairlist);
+      free_keypair_info (keypairlist);
       if (!algo || !keygrip)
         {
           err = gpg_error (GPG_ERR_PUBKEY_ALGO);
@@ -3371,15 +3598,21 @@ parse_key_parameter_part (ctrl_t ctrl,
     *r_keyuse = keyuse;
   if (r_curve)
     *r_curve = curve;
+  if (r_keyversion)
+    *r_keyversion = keyversion;
 
   if (r_keygrip)
     *r_keygrip = keygrip;
   else
     xfree (keygrip);
 
+  if (r_keytime)
+    *r_keytime = keytime;
+
   return 0;
 }
 
+
 /* Parse and return the standard key generation parameter.
  * The string is expected to be in this format:
  *
@@ -3392,7 +3625,9 @@ parse_key_parameter_part (ctrl_t ctrl,
  *   dsa2048 := DSA with 2048 bit.
  *   elg2048 := Elgamal with 2048 bit.
  *   ed25519 := EDDSA using curve Ed25519.
+ *   ed448   := EDDSA using curve Ed448.
  *   cv25519 := ECDH using curve Curve25519.
+ *   cv448   := ECDH using curve X448.
  *   nistp256:= ECDSA or ECDH using curve NIST P-256
  *
  * All strings with an unknown prefix are considered an elliptic
@@ -3410,6 +3645,7 @@ parse_key_parameter_part (ctrl_t ctrl,
  *   ecdsa := Use algorithm ECDSA.
  *   eddsa := Use algorithm EdDSA.
  *   ecdh  := Use algorithm ECDH.
+ *   v5    := Create version 5 key (requires option --rfc4880bis)
  *
  * There are several defaults and fallbacks depending on the
  * algorithm.  PART can be used to select which part of STRING is
@@ -3429,11 +3665,15 @@ parse_key_parameter_string (ctrl_t ctrl,
                             int *r_algo, unsigned int *r_size,
                             unsigned int *r_keyuse,
                             char const **r_curve,
+                            int *r_version,
                             char **r_keygrip,
+                            u32 *r_keytime,
                             int *r_subalgo, unsigned int *r_subsize,
                             unsigned int *r_subkeyuse,
                             char const **r_subcurve,
-                            char **r_subkeygrip)
+                            int *r_subversion,
+                            char **r_subkeygrip,
+                            u32 *r_subkeytime)
 {
   gpg_error_t err = 0;
   char *primary, *secondary;
@@ -3446,8 +3686,12 @@ parse_key_parameter_string (ctrl_t ctrl,
     *r_keyuse = 0;
   if (r_curve)
     *r_curve = NULL;
+  if (r_version)
+    *r_version = 4;
   if (r_keygrip)
     *r_keygrip = NULL;
+  if (r_keytime)
+    *r_keytime = 0;
   if (r_subalgo)
     *r_subalgo = 0;
   if (r_subsize)
@@ -3456,8 +3700,12 @@ parse_key_parameter_string (ctrl_t ctrl,
     *r_subkeyuse = 0;
   if (r_subcurve)
     *r_subcurve = NULL;
+  if (r_subversion)
+    *r_subversion = 4;
   if (r_subkeygrip)
     *r_subkeygrip = NULL;
+  if (r_subkeytime)
+    *r_subkeytime = 0;
 
   if (!string || !*string
       || !ascii_strcasecmp (string, "default") || !strcmp (string, "-"))
@@ -3476,12 +3724,13 @@ parse_key_parameter_string (ctrl_t ctrl,
     {
       err = parse_key_parameter_part (ctrl, primary,
                                       0, 0, r_algo, r_size,
-                                      r_keyuse, r_curve, r_keygrip);
+                                      r_keyuse, r_curve, r_version,
+                                      r_keygrip, r_keytime);
       if (!err && part == -1)
         err = parse_key_parameter_part (ctrl, secondary,
                                         1, 0, r_subalgo, r_subsize,
-                                        r_subkeyuse, r_subcurve,
-                                        r_subkeygrip);
+                                        r_subkeyuse, r_subcurve, r_subversion,
+                                        r_subkeygrip, r_subkeytime);
     }
   else if (part == 1)
     {
@@ -3489,25 +3738,25 @@ parse_key_parameter_string (ctrl_t ctrl,
        * part consider this to be the subkey algo.  In case a
        * SUGGESTED_USE has been given and the usage of the secondary
        * part does not match SUGGESTED_USE try again using the primary
-       * part.  Noet thar when falling back to the primary key we need
+       * part.  Note that when falling back to the primary key we need
        * to force clearing the cert usage. */
       if (secondary)
         {
           err = parse_key_parameter_part (ctrl, secondary,
                                           1, 0,
                                           r_algo, r_size, r_keyuse, r_curve,
-                                          r_keygrip);
+                                          r_version, r_keygrip, r_keytime);
           if (!err && suggested_use && r_keyuse && !(suggested_use & *r_keyuse))
             err = parse_key_parameter_part (ctrl, primary,
                                             1, 1 /*(clear cert)*/,
                                             r_algo, r_size, r_keyuse, r_curve,
-                                            r_keygrip);
+                                            r_version, r_keygrip, r_keytime);
         }
       else
         err = parse_key_parameter_part (ctrl, primary,
                                         1, 0,
                                         r_algo, r_size, r_keyuse, r_curve,
-                                        r_keygrip);
+                                        r_version, r_keygrip, r_keytime);
     }
 
   xfree (primary);
@@ -3595,8 +3844,8 @@ get_parameter_algo (ctrl_t ctrl, struct para_data_s *para, enum para_name key,
        * compatibility with the batch key generation.  It would be
        * better to make full use of parse_key_parameter_string.  */
       parse_key_parameter_string (ctrl, NULL, 0, 0,
-                                  &i, NULL, NULL, NULL, NULL,
-                                  NULL, NULL, NULL, NULL, NULL);
+                                  &i, NULL, NULL, NULL, NULL, NULL, NULL,
+                                  NULL, NULL, NULL, NULL, NULL, NULL, NULL);
       if (r_default)
         *r_default = 1;
     }
@@ -3612,7 +3861,7 @@ get_parameter_algo (ctrl_t ctrl, struct para_data_s *para, enum para_name key,
   else if (!ascii_strcasecmp (r->u.value, "ECDH"))
     i = PUBKEY_ALGO_ECDH;
   else
-    i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
+    i = map_gcry_pk_to_openpgp (gcry_pk_map_name (r->u.value));
 
   if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
     i = 0; /* we don't want to allow generation of these algorithms */
@@ -3727,6 +3976,8 @@ parse_revocation_key (const char *fname,
 
       revkey.fpr[i]=c;
     }
+  if (i != 20 && i != 32)
+    goto fail;
 
   /* skip to the tag */
   while(*pn && *pn!='s' && *pn!='S')
@@ -3739,7 +3990,7 @@ parse_revocation_key (const char *fname,
 
   return 0;
 
-  fail:
+ fail:
   log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
   return -1; /* error */
 }
@@ -3752,7 +4003,8 @@ get_parameter_u32( struct para_data_s *para, enum para_name key )
 
   if( !r )
     return 0;
-  if( r->key == pKEYCREATIONDATE )
+  if (r->key == pKEYCREATIONDATE || r->key == pSUBKEYCREATIONDATE
+      || r->key == pAUTHKEYCREATIONDATE)
     return r->u.creation;
   if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
     return r->u.expire;
@@ -3776,6 +4028,14 @@ get_parameter_revkey( struct para_data_s *para, enum para_name key )
 }
 
 static int
+get_parameter_bool (struct para_data_s *para, enum para_name key)
+{
+  struct para_data_s *r = get_parameter (para, key);
+  return (r && r->u.abool);
+}
+
+
+static int
 proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
                      struct output_control_s *outctrl, int card )
 {
@@ -3933,9 +4193,13 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
     return -1;
 
 
-  /* Make KEYCREATIONDATE from Creation-Date.  */
+  /* Make KEYCREATIONDATE from Creation-Date.  We ignore this if the
+   * key has been taken from a card and a keycreationtime has already
+   * been set.  This is so that we don't generate a key with a
+   * fingerprint different from the one stored on the OpenPGP card. */
   r = get_parameter (para, pCREATIONDATE);
-  if (r && *r->u.value)
+  if (r && *r->u.value && !(get_parameter_bool (para, pCARDKEY)
+                            && get_parameter_u32 (para, pKEYCREATIONDATE)))
     {
       u32 seconds;
 
@@ -4007,6 +4271,8 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
         { "Keygrip",        pKEYGRIP },
         { "Key-Grip",       pKEYGRIP },
         { "Subkey-grip",    pSUBKEYGRIP },
+        { "Key-Version",    pVERSION },
+        { "Subkey-Version", pSUBVERSION },
         { NULL, 0 }
     };
     IOBUF fp;
@@ -4152,12 +4418,19 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
 		break;
 	    }
 	}
-	r = xmalloc_clear( sizeof *r + strlen( value ) );
-	r->lnr = lnr;
-	r->key = keywords[i].key;
-	strcpy( r->u.value, value );
-	r->next = para;
-	para = r;
+
+        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+                                      || keywords[i].key == pSUBVERSION))
+          ; /* Ignore version unless --rfc4880bis is active.  */
+        else
+          {
+            r = xmalloc_clear( sizeof *r + strlen( value ) );
+            r->lnr = lnr;
+            r->key = keywords[i].key;
+            strcpy( r->u.value, value );
+            r->next = para;
+            para = r;
+          }
     }
     if( err )
 	log_error("%s:%d: %s\n", fname, lnr, err );
@@ -4193,7 +4466,7 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
 static struct para_data_s *
 quickgen_set_para (struct para_data_s *para, int for_subkey,
                    int algo, int nbits, const char *curve, unsigned int use,
-                   const char *keygrip)
+                   int version, const char *keygrip, u32 keytime)
 {
   struct para_data_s *r;
 
@@ -4240,6 +4513,25 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
       para = r;
     }
 
+  if (opt.flags.rfc4880bis)
+    {
+      r = xmalloc_clear (sizeof *r + 20);
+      r->key = for_subkey? pSUBVERSION : pVERSION;
+      snprintf (r->u.value, 20, "%d", version);
+      r->next = para;
+      para = r;
+    }
+
+  if (keytime)
+    {
+      r = xmalloc_clear (sizeof *r);
+      r->key = for_subkey? pSUBKEYCREATIONDATE : pKEYCREATIONDATE;
+      r->u.creation = keytime;
+      r->next = para;
+      para = r;
+
+    }
+
   return para;
 }
 
@@ -4299,7 +4591,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
     desc.mode = KEYDB_SEARCH_MODE_EXACT;
     desc.u.name = uid;
 
-    kdbhd = keydb_new ();
+    kdbhd = keydb_new (ctrl);
     if (!kdbhd)
       goto leave;
 
@@ -4333,29 +4625,31 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
           || !strcmp (usagestr, "-")))
     {
       /* Use default key parameters.  */
-      int algo, subalgo;
+      int algo, subalgo, version, subversion;
       unsigned int size, subsize;
       unsigned int keyuse, subkeyuse;
       const char *curve, *subcurve;
       char *keygrip, *subkeygrip;
+      u32 keytime, subkeytime;
 
       err = parse_key_parameter_string (ctrl, algostr, -1, 0,
-                                        &algo, &size, &keyuse, &curve,
-                                        &keygrip,
+                                        &algo, &size, &keyuse, &curve, &version,
+                                        &keygrip, &keytime,
                                         &subalgo, &subsize, &subkeyuse,
-                                        &subcurve, &subkeygrip);
+                                        &subcurve, &subversion,
+                                        &subkeygrip, &subkeytime);
       if (err)
         {
           log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
           goto leave;
         }
 
-      para = quickgen_set_para (para, 0, algo, size, curve, keyuse,
-                                keygrip);
+      para = quickgen_set_para (para, 0, algo, size, curve, keyuse, version,
+                                keygrip, keytime);
       if (subalgo)
         para = quickgen_set_para (para, 1,
                                   subalgo, subsize, subcurve, subkeyuse,
-                                  subkeygrip);
+                                  subversion, subkeygrip, subkeytime);
       if (*expirestr)
         {
           u32 expire;
@@ -4380,24 +4674,25 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
   else
     {
       /* Extended unattended mode.  Creates only the primary key. */
-      int algo;
+      int algo, version;
       unsigned int use;
       u32 expire;
       unsigned int nbits;
       const char *curve;
       char *keygrip;
+      u32 keytime;
 
       err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr,
                                      &algo, &use, &expire, &nbits, &curve,
-                                     &keygrip);
+                                     &version, &keygrip, &keytime);
       if (err)
         {
           log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
           goto leave;
         }
 
-      para = quickgen_set_para (para, 0, algo, nbits, curve, use,
-                                keygrip);
+      para = quickgen_set_para (para, 0, algo, nbits, curve, use, version,
+                                keygrip, keytime);
       r = xmalloc_clear (sizeof *r + 20);
       r->key = pKEYEXPIRE;
       r->u.expire = expire;
@@ -4422,6 +4717,16 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
       para = r;
     }
 
+  if (!ascii_strcasecmp (algostr, "card")
+      || !ascii_strncasecmp (algostr, "card/", 5))
+    {
+      r = xmalloc_clear (sizeof *r);
+      r->key = pCARDKEY;
+      r->u.abool = 1;
+      r->next = para;
+      para = r;
+    }
+
   proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
 
  leave:
@@ -4554,8 +4859,11 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
     {
       int subkey_algo;
       char *key_from_hexgrip = NULL;
+      int cardkey;
+      u32 keytime;
 
-      algo = ask_algo (ctrl, 0, &subkey_algo, &use, &key_from_hexgrip);
+      algo = ask_algo (ctrl, 0, &subkey_algo, &use,
+                       &key_from_hexgrip, &cardkey, &keytime);
       if (key_from_hexgrip)
         {
           r = xmalloc_clear( sizeof *r + 20 );
@@ -4582,6 +4890,21 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
           r->next = para;
           para = r;
 
+          r = xmalloc_clear (sizeof *r);
+          r->key = pCARDKEY;
+          r->u.abool = cardkey;
+          r->next = para;
+          para = r;
+
+          if (cardkey)
+            {
+              r = xmalloc_clear (sizeof *r);
+              r->key = pKEYCREATIONDATE;
+              r->u.creation = keytime;
+              r->next = para;
+              para = r;
+            }
+
           xfree (key_from_hexgrip);
         }
       else
@@ -4649,7 +4972,10 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
                     {
                       /* Need to switch to a different curve for the
                          encryption key.  */
-                      curve = "Curve25519";
+                      if (!strcmp (curve, "Ed25519"))
+                        curve = "Curve25519";
+                      else
+                        curve = "X448";
                     }
                   r = xmalloc_clear (sizeof *r + strlen (curve));
                   r->key = pSUBKEYCURVE;
@@ -4713,11 +5039,12 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
     }
   else /* Default key generation.  */
     {
-      int subalgo;
+      int subalgo, version, subversion;
       unsigned int size, subsize;
       unsigned int keyuse, subkeyuse;
       const char *curve, *subcurve;
       char *keygrip, *subkeygrip;
+      u32 keytime, subkeytime;
 
       tty_printf ( _("Note: Use \"%s %s\""
                      " for a full featured key generation dialog.\n"),
@@ -4729,11 +5056,11 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
                    , "--full-generate-key" );
 
       err = parse_key_parameter_string (ctrl, NULL, -1, 0,
-                                        &algo, &size, &keyuse, &curve,
-                                        &keygrip,
+                                        &algo, &size, &keyuse, &curve, &version,
+                                        &keygrip, &keytime,
                                         &subalgo, &subsize,
-                                        &subkeyuse, &subcurve,
-                                        &subkeygrip);
+                                        &subkeyuse, &subcurve, &subversion,
+                                        &subkeygrip, &subkeytime);
       if (err)
         {
           log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
@@ -4741,11 +5068,11 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
         }
       para = quickgen_set_para (para, 0,
                                 algo, size, curve, keyuse,
-                                keygrip);
+                                version, keygrip, keytime);
       if (subalgo)
         para = quickgen_set_para (para, 1,
                                   subalgo, subsize, subcurve, subkeyuse,
-                                  subkeygrip);
+                                  subversion, subkeygrip, subkeytime);
 
       xfree (keygrip);
       xfree (subkeygrip);
@@ -4961,11 +5288,13 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
   PKT_public_key *sub_psk = NULL;
   struct revocation_key *revkey;
   int did_sub = 0;
-  u32 timestamp;
+  u32 keytimestamp, subkeytimestamp, authkeytimestamp, signtimestamp;
   char *cache_nonce = NULL;
   int algo;
   u32 expire;
   const char *key_from_hexgrip = NULL;
+  int cardkey;
+  unsigned int keygen_flags;
 
   if (outctrl->dryrun)
     {
@@ -5018,11 +5347,35 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
   start_tree (&pub_root);
 
-  timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
-  if (!timestamp)
-    timestamp = make_timestamp ();
-
-  /* Note that, depending on the backend (i.e. the used scdaemon
+  cardkey = get_parameter_bool (para, pCARDKEY);
+
+  /* In the case that the keys are created from the card we need to
+   * take the timestamps from the card.  Only in this case a
+   * pSUBKEYCREATIONDATE or pAUTHKEYCREATIONDATE might be defined and
+   * then we need to use that so that the fingerprint of the subkey
+   * also matches the pre-computed and stored one on the card.  In
+   * this case we also use the current time to create the
+   * self-signatures.  */
+  keytimestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
+  if (!keytimestamp)
+    keytimestamp = make_timestamp ();
+  subkeytimestamp = cardkey? get_parameter_u32 (para, pSUBKEYCREATIONDATE) : 0;
+  if (!subkeytimestamp)
+    subkeytimestamp = keytimestamp;
+  authkeytimestamp = cardkey? get_parameter_u32 (para, pAUTHKEYCREATIONDATE): 0;
+  if (!authkeytimestamp)
+    authkeytimestamp = keytimestamp;
+
+  signtimestamp = cardkey? make_timestamp () : keytimestamp;
+
+  /* log_debug ("XXX: cardkey ..: %d\n", cardkey); */
+  /* log_debug ("XXX: keytime ..: %s\n", isotimestamp (keytimestamp)); */
+  /* log_debug ("XXX: subkeytime: %s\n", isotimestamp (subkeytimestamp)); */
+  /* log_debug ("XXX: authkeytim: %s\n", isotimestamp (authkeytimestamp)); */
+  /* log_debug ("XXX: signtime .: %s\n", isotimestamp (signtimestamp)); */
+
+  /* Fixme: Check that this comment is still valid:
+     Note that, depending on the backend (i.e. the used scdaemon
      version), the card key generation may update TIMESTAMP for each
      key.  Thus we need to pass TIMESTAMP to all signing function to
      make sure that the binding signature is done using the timestamp
@@ -5034,23 +5387,32 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
   algo = get_parameter_algo (ctrl, para, pKEYTYPE, NULL );
   expire = get_parameter_u32( para, pKEYEXPIRE );
   key_from_hexgrip = get_parameter_value (para, pKEYGRIP);
+  if (cardkey && !key_from_hexgrip)
+    BUG ();
+
+  keygen_flags = outctrl->keygen_flags;
+  if (get_parameter_uint (para, pVERSION) == 5)
+    keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
+
   if (key_from_hexgrip)
-    err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
-                                  pub_root, timestamp, expire, 0);
+    err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, cardkey,
+                                  pub_root,
+                                  keytimestamp,
+                                  expire, 0, keygen_flags);
   else if (!card)
     err = do_create (algo,
                      get_parameter_uint( para, pKEYLENGTH ),
                      get_parameter_value (para, pKEYCURVE),
                      pub_root,
-                     timestamp,
+                     keytimestamp,
                      expire, 0,
-                     outctrl->keygen_flags,
+                     keygen_flags,
                      get_parameter_passphrase (para),
                      &cache_nonce, NULL);
   else
     err = gen_card_key (1, algo,
-                        1, pub_root, &timestamp,
-                        expire);
+                        1, pub_root, &keytimestamp,
+                        expire, keygen_flags);
 
   /* Get the pointer to the generated public key packet.  */
   if (!err)
@@ -5069,15 +5431,15 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
   if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
     err = write_direct_sig (ctrl, pub_root, pri_psk,
-                            revkey, timestamp, cache_nonce);
+                            revkey, signtimestamp, cache_nonce);
 
   if (!err && (s = get_parameter_value (para, pUSERID)))
     {
       err = write_uid (pub_root, s );
       if (!err)
         err = write_selfsigs (ctrl, pub_root, pri_psk,
-                              get_parameter_uint (para, pKEYUSAGE), timestamp,
-                              cache_nonce);
+                              get_parameter_uint (para, pKEYUSAGE),
+                              signtimestamp, cache_nonce);
     }
 
   /* Write the auth key to the card before the encryption key.  This
@@ -5091,10 +5453,10 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     {
       err = gen_card_key (3, get_parameter_algo (ctrl, para,
                                                  pAUTHKEYTYPE, NULL ),
-                          0, pub_root, &timestamp, expire);
+                          0, pub_root, &authkeytimestamp, expire, keygen_flags);
       if (!err)
         err = write_keybinding (ctrl, pub_root, pri_psk, NULL,
-                                PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
+                                PUBKEY_USAGE_AUTH, signtimestamp, cache_nonce);
     }
 
   if (!err && get_parameter (para, pSUBKEYTYPE))
@@ -5103,20 +5465,26 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
       s = NULL;
       key_from_hexgrip = get_parameter_value (para, pSUBKEYGRIP);
+
+      keygen_flags = outctrl->keygen_flags;
+      if (get_parameter_uint (para, pSUBVERSION) == 5)
+        keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
+
       if (key_from_hexgrip)
-        err = do_create_from_keygrip (ctrl, subkey_algo, key_from_hexgrip,
-                                      pub_root, timestamp,
+        err = do_create_from_keygrip (ctrl, subkey_algo,
+                                      key_from_hexgrip, cardkey,
+                                      pub_root, subkeytimestamp,
                                       get_parameter_u32 (para, pSUBKEYEXPIRE),
-                                      1);
+                                      1, keygen_flags);
       else if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
         {
           err = do_create (subkey_algo,
                            get_parameter_uint (para, pSUBKEYLENGTH),
                            get_parameter_value (para, pSUBKEYCURVE),
                            pub_root,
-                           timestamp,
+                           subkeytimestamp,
                            get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
-                           s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags,
+                           s? KEYGEN_FLAG_NO_PROTECTION : keygen_flags,
                            get_parameter_passphrase (para),
                            &cache_nonce, NULL);
           /* Get the pointer to the generated public subkey packet.  */
@@ -5136,13 +5504,14 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
         }
       else
         {
-          err = gen_card_key (2, subkey_algo, 0, pub_root, &timestamp, expire);
+          err = gen_card_key (2, subkey_algo, 0, pub_root,
+                              &subkeytimestamp, expire, keygen_flags);
         }
 
       if (!err)
         err = write_keybinding (ctrl, pub_root, pri_psk, sub_psk,
                                 get_parameter_uint (para, pSUBKEYUSAGE),
-                                timestamp, cache_nonce);
+                                signtimestamp, cache_nonce);
       did_sub = 1;
     }
 
@@ -5156,7 +5525,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     {
       KEYDB_HANDLE pub_hd;
 
-      pub_hd = keydb_new ();
+      pub_hd = keydb_new (ctrl);
       if (!pub_hd)
         err = gpg_error_from_syserror ();
       else
@@ -5196,9 +5565,13 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
           pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
 
-	  update_ownertrust (ctrl, pk,
-                             ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
-                              | TRUST_ULTIMATE ));
+          keyid_from_pk (pk, pk->main_keyid);
+          register_trusted_keyid (pk->main_keyid);
+
+          if (!opt.flags.no_auto_trust_new_key)
+            update_ownertrust (ctrl, pk,
+                               ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
+                                | TRUST_ULTIMATE ));
 
           gen_standard_revoke (ctrl, pk, cache_nonce);
 
@@ -5259,18 +5632,21 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
                          const char *expirestr,
                          int *r_algo, unsigned int *r_usage, u32 *r_expire,
                          unsigned int *r_nbits, const char **r_curve,
-                         char **r_keygrip)
+                         int *r_version, char **r_keygrip, u32 *r_keytime)
 {
   gpg_error_t err;
   int algo;
   unsigned int use, nbits;
   u32 expire;
   int wantuse;
+  int version = 4;
   const char *curve = NULL;
 
   *r_curve = NULL;
   if (r_keygrip)
     *r_keygrip = NULL;
+  if (r_keytime)
+    *r_keytime = 0;
 
   nbits = 0;
 
@@ -5285,9 +5661,9 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
 
   err = parse_key_parameter_string (ctrl, algostr, for_subkey? 1 : 0,
                                     usagestr? parse_usagestr (usagestr):0,
-                                    &algo, &nbits, &use, &curve,
-                                    r_keygrip,
-                                    NULL, NULL, NULL, NULL, NULL);
+                                    &algo, &nbits, &use, &curve, &version,
+                                    r_keygrip, r_keytime,
+                                    NULL, NULL, NULL, NULL, NULL, NULL, NULL);
   if (err)
     {
       if (r_keygrip)
@@ -5353,6 +5729,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
   *r_usage = use;
   *r_expire = expire;
   *r_nbits = nbits;
+  *r_version = version;
   return 0;
 }
 
@@ -5376,10 +5753,13 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
   const char *curve = NULL;
   u32 cur_time;
   char *key_from_hexgrip = NULL;
+  u32 keytime = 0;
+  int cardkey = 0;
   char *hexgrip = NULL;
   char *serialno = NULL;
   char *cache_nonce = NULL;
   char *passwd_nonce = NULL;
+  int keygen_flags = 0;
 
   interactive = (!algostr || !usagestr || !expirestr);
 
@@ -5439,7 +5819,8 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
 
   if (interactive)
     {
-      algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip);
+      algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip, &cardkey,
+                       &keytime);
       log_assert (algo);
 
       if (key_from_hexgrip)
@@ -5461,11 +5842,16 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
     }
   else /* Unattended mode.  */
     {
+      int version;
+
       err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
                                      &algo, &use, &expire, &nbits, &curve,
-                                     &key_from_hexgrip);
+                                     &version, &key_from_hexgrip, &keytime);
       if (err)
         goto leave;
+
+      if (version == 5)
+        keygen_flags |= KEYGEN_FLAG_CREATE_V5_KEY;
     }
 
   /* Verify the passphrase now so that we get a cache item for the
@@ -5487,8 +5873,11 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
   /* Start creation.  */
   if (key_from_hexgrip)
     {
-      err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
-                                    keyblock, cur_time, expire, 1);
+      err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, cardkey,
+                                    keyblock,
+                                    keytime? keytime : cur_time,
+                                    expire, 1,
+                                    keygen_flags);
     }
   else
     {
@@ -5504,7 +5893,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
         passwd = NULL;
 
       err = do_create (algo, nbits, curve,
-                       keyblock, cur_time, expire, 1, 0,
+                       keyblock, cur_time, expire, 1, keygen_flags,
                        passwd, &cache_nonce, &passwd_nonce);
     }
   if (err)
@@ -5552,6 +5941,7 @@ generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock,
   PKT_public_key *sub_pk = NULL;
   int algo;
   struct agent_card_info_s info;
+  int keygen_flags = 0;  /* FIXME!!! */
 
   log_assert (keyno >= 1 && keyno <= 3);
 
@@ -5622,7 +6012,8 @@ generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock,
 
   /* Note, that depending on the backend, the card key generation may
      update CUR_TIME.  */
-  err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire);
+  err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire,
+                      keygen_flags);
   /* Get the pointer to the generated public subkey packet.  */
   if (!err)
     {
@@ -5668,10 +6059,11 @@ write_keyblock( IOBUF out, KBNODE node )
 }
 
 
-/* Note that timestamp is an in/out arg. */
+/* Note that timestamp is an in/out arg.
+ * FIXME: Does not yet support v5 keys.   */
 static gpg_error_t
 gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
-              u32 *timestamp, u32 expireval)
+              u32 *timestamp, u32 expireval, int keygen_flags)
 {
 #ifdef ENABLE_CARD_SUPPORT
   gpg_error_t err;
@@ -5745,7 +6137,7 @@ gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
     }
 
   pk->timestamp = *timestamp;
-  pk->version = 4;
+  pk->version = (keygen_flags & KEYGEN_FLAG_CREATE_V5_KEY)? 5 : 4;
   if (expireval)
     pk->expiredate = pk->timestamp + expireval;
   pk->pubkey_algo = algo;
diff --git a/g10/keyid.c b/g10/keyid.c
index 69d85da..522cc9c 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -68,12 +68,12 @@ pubkey_letter( int algo )
 }
 
 /* Return a string describing the public key algorithm and the
-   keysize.  For elliptic curves the functions prints the name of the
+   keysize.  For elliptic curves the function prints the name of the
    curve because the keysize is a property of the curve.  The string
    is copied to the supplied buffer up a length of BUFSIZE-1.
    Examples for the output are:
 
-   "rsa2048"  - RSA with 2048 bit
+   "rsa3072"  - RSA with 3072 bit
    "elg1024"  - Elgamal with 1024 bit
    "ed25519"  - ECC using the curve Ed25519.
    "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
@@ -83,12 +83,15 @@ pubkey_letter( int algo )
    If the option --legacy-list-mode is active, the output use the
    legacy format:
 
-   "2048R" - RSA with 2048 bit
+   "3072R" - RSA with 3072 bit
    "1024g" - Elgamal with 1024 bit
    "256E"  - ECDSA using a curve with 256 bit
 
    The macro PUBKEY_STRING_SIZE may be used to allocate a buffer with
-   a suitable size.*/
+   a suitable size.  Note that a more general version of this function
+   exists as get_keyalgo_string.  However, that has no special
+   treatment for the old and unsupported Elgamal which we here print as
+   xxxNNNN.  */
 char *
 pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
 {
@@ -136,19 +139,21 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
 }
 
 
-/* Hash a public key.  This function is useful for v4 fingerprints and
-   for v3 or v4 key signing. */
+/* Hash a public key.  This function is useful for v4 and v5
+ * fingerprints and for v3 or v4 key signing. */
 void
 hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
 {
-  unsigned int n = 6;
+  unsigned int n;
   unsigned int nn[PUBKEY_MAX_NPKEY];
   byte *pp[PUBKEY_MAX_NPKEY];
   int i;
   unsigned int nbits;
   size_t nbytes;
   int npkey = pubkey_get_npkey (pk->pubkey_algo);
+  int is_v5 = pk->version == 5;
 
+  n = is_v5? 10 : 6;
   /* FIXME: We can avoid the extra malloc by calling only the first
      mpi_print here which computes the required length and calling the
      real mpi_print only at the end.  The speed advantage would only be
@@ -175,15 +180,39 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
             }
           else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
             {
-              const void *p;
+              const char *p;
+              int is_sos = 0;
+
+              if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER2))
+                is_sos = 2;
 
               p = gcry_mpi_get_opaque (pk->pkey[i], &nbits);
-              pp[i] = xmalloc ((nbits+7)/8);
+              pp[i] = xmalloc ((nbits+7)/8 + is_sos);
               if (p)
-                memcpy (pp[i], p, (nbits+7)/8);
+                memcpy (pp[i] + is_sos, p, (nbits+7)/8);
               else
                 pp[i] = NULL;
-              nn[i] = (nbits+7)/8;
+              if (is_sos)
+                {
+                  if (*p)
+                    {
+                      nbits = ((nbits + 7) / 8) * 8;
+
+                      if (nbits >= 8 && !(*p & 0x80))
+                        if (--nbits >= 7 && !(*p & 0x40))
+                          if (--nbits >= 6 && !(*p & 0x20))
+                            if (--nbits >= 5 && !(*p & 0x10))
+                              if (--nbits >= 4 && !(*p & 0x08))
+                                if (--nbits >= 3 && !(*p & 0x04))
+                                  if (--nbits >= 2 && !(*p & 0x02))
+                                    if (--nbits >= 1 && !(*p & 0x01))
+                                      --nbits;
+                    }
+
+                  pp[i][0] = (nbits >> 8);
+                  pp[i][1] = nbits;
+                }
+              nn[i] = (nbits+7)/8 + is_sos;
               n += nn[i];
             }
           else
@@ -201,12 +230,22 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
         }
     }
 
-  gcry_md_putc ( md, 0x99 );     /* ctb */
-  /* What does it mean if n is greater than 0xFFFF ? */
-  gcry_md_putc ( md, n >> 8 );   /* 2 byte length header */
-  gcry_md_putc ( md, n );
-  gcry_md_putc ( md, pk->version );
-
+  if (is_v5)
+    {
+      gcry_md_putc ( md, 0x9a );     /* ctb */
+      gcry_md_putc ( md, n >> 24 );  /* 4 byte length header */
+      gcry_md_putc ( md, n >> 16 );
+      gcry_md_putc ( md, n >>  8 );
+      gcry_md_putc ( md, n       );
+      gcry_md_putc ( md, pk->version );
+    }
+  else
+    {
+      gcry_md_putc ( md, 0x99 );     /* ctb */
+      gcry_md_putc ( md, n >> 8 );   /* 2 byte length header */
+      gcry_md_putc ( md, n );
+      gcry_md_putc ( md, pk->version );
+    }
   gcry_md_putc ( md, pk->timestamp >> 24 );
   gcry_md_putc ( md, pk->timestamp >> 16 );
   gcry_md_putc ( md, pk->timestamp >>  8 );
@@ -214,6 +253,15 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
 
   gcry_md_putc ( md, pk->pubkey_algo );
 
+  if (is_v5)
+    {
+      n -= 10;
+      gcry_md_putc ( md, n >> 24 );
+      gcry_md_putc ( md, n >> 16 );
+      gcry_md_putc ( md, n >>  8 );
+      gcry_md_putc ( md, n       );
+    }
+
   if(npkey==0 && pk->pkey[0]
      && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
     {
@@ -232,20 +280,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
 }
 
 
-static gcry_md_hd_t
-do_fingerprint_md( PKT_public_key *pk )
-{
-  gcry_md_hd_t md;
-
-  if (gcry_md_open (&md, DIGEST_ALGO_SHA1, 0))
-    BUG ();
-  hash_public_key(md,pk);
-  gcry_md_final( md );
-
-  return md;
-}
-
-
 /* fixme: Check whether we can replace this function or if not
    describe why we need it.  */
 u32
@@ -472,70 +506,93 @@ keystr_from_desc(KEYDB_SEARCH_DESC *desc)
     case KEYDB_SEARCH_MODE_SHORT_KID:
       return keystr(desc->u.kid);
 
-    case KEYDB_SEARCH_MODE_FPR20:
+    case KEYDB_SEARCH_MODE_FPR:
       {
 	u32 keyid[2];
 
-	keyid[0] = buf32_to_u32 (desc->u.fpr+12);
-	keyid[1] = buf32_to_u32 (desc->u.fpr+16);
+        if (desc->fprlen == 32)
+          {
+            keyid[0] = buf32_to_u32 (desc->u.fpr);
+            keyid[1] = buf32_to_u32 (desc->u.fpr+4);
+          }
+        else if (desc->fprlen == 20)
+          {
+            keyid[0] = buf32_to_u32 (desc->u.fpr+12);
+            keyid[1] = buf32_to_u32 (desc->u.fpr+16);
+          }
+        else if (desc->fprlen == 16)
+          return "?v3 fpr?";
+        else /* oops */
+          return "?vx fpr?";
 	return keystr(keyid);
       }
 
-    case KEYDB_SEARCH_MODE_FPR16:
-      return "?v3 fpr?";
-
     default:
       BUG();
     }
 }
 
 
+/* Compute the fingerprint and keyid and store it in PK.  */
+static void
+compute_fingerprint (PKT_public_key *pk)
+{
+  const byte *dp;
+  gcry_md_hd_t md;
+  size_t len;
+
+  if (gcry_md_open (&md, pk->version == 5 ? GCRY_MD_SHA256 : GCRY_MD_SHA1, 0))
+    BUG ();
+  hash_public_key (md, pk);
+  gcry_md_final (md);
+  dp = gcry_md_read (md, 0);
+  len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+  log_assert (len <= MAX_FINGERPRINT_LEN);
+  memcpy (pk->fpr, dp, len);
+  pk->fprlen = len;
+  if (pk->version == 5)
+    {
+      pk->keyid[0] = buf32_to_u32 (dp);
+      pk->keyid[1] = buf32_to_u32 (dp+4);
+    }
+  else
+    {
+      pk->keyid[0] = buf32_to_u32 (dp+12);
+      pk->keyid[1] = buf32_to_u32 (dp+16);
+    }
+  gcry_md_close( md);
+}
+
+
 /*
- * Get the keyid from the public key and put it into keyid
- * if this is not NULL. Return the 32 low bits of the keyid.
+ * Get the keyid from the public key PK and store it at KEYID unless
+ * this is NULL.  Returns the 32 bit short keyid.
  */
 u32
 keyid_from_pk (PKT_public_key *pk, u32 *keyid)
 {
-  u32 lowbits;
   u32 dummy_keyid[2];
 
   if (!keyid)
     keyid = dummy_keyid;
 
-  if( pk->keyid[0] || pk->keyid[1] )
-    {
-      keyid[0] = pk->keyid[0];
-      keyid[1] = pk->keyid[1];
-      lowbits = keyid[1];
-    }
-  else
-    {
-      const byte *dp;
-      gcry_md_hd_t md;
-
-      md = do_fingerprint_md(pk);
-      if(md)
-	{
-	  dp = gcry_md_read ( md, 0 );
-	  keyid[0] = buf32_to_u32 (dp+12);
-	  keyid[1] = buf32_to_u32 (dp+16);
-	  lowbits = keyid[1];
-	  gcry_md_close (md);
-	  pk->keyid[0] = keyid[0];
-	  pk->keyid[1] = keyid[1];
-	}
-      else
-	pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
-    }
+  if (!pk->fprlen)
+    compute_fingerprint (pk);
 
-  return lowbits;
+  keyid[0] = pk->keyid[0];
+  keyid[1] = pk->keyid[1];
+
+  if (pk->fprlen == 32)
+    return keyid[0];
+  else
+    return keyid[1];
 }
 
 
 /*
- * Get the keyid from the fingerprint.	This function is simple for most
- * keys, but has to do a keylookup for old stayle keys.
+ * Get the keyid from the fingerprint.  This function is simple for
+ * most keys, but has to do a key lookup for old v3 keys where the
+ * keyid is not part of the fingerprint.
  */
 u32
 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
@@ -546,7 +603,7 @@ keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
   if( !keyid )
     keyid = dummy_keyid;
 
-  if (fprint_len != 20)
+  if (fprint_len != 20 && fprint_len != 32)
     {
       /* This is special as we have to lookup the key first.  */
       PKT_public_key pk;
@@ -556,7 +613,8 @@ keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
       rc = get_pubkey_byfprint (ctrl, &pk, NULL, fprint, fprint_len);
       if( rc )
         {
-          log_error("Oops: keyid_from_fingerprint: no pubkey\n");
+          log_printhex (fprint, fprint_len,
+                        "Oops: keyid_from_fingerprint: no pubkey; fpr:");
           keyid[0] = 0;
           keyid[1] = 0;
         }
@@ -566,8 +624,16 @@ keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
   else
     {
       const byte *dp = fprint;
-      keyid[0] = buf32_to_u32 (dp+12);
-      keyid[1] = buf32_to_u32 (dp+16);
+      if (fprint_len == 20)  /* v4 key */
+        {
+          keyid[0] = buf32_to_u32 (dp+12);
+          keyid[1] = buf32_to_u32 (dp+16);
+        }
+      else  /* v5 key */
+        {
+          keyid[0] = buf32_to_u32 (dp);
+          keyid[1] = buf32_to_u32 (dp+4);
+        }
     }
 
   return keyid[1];
@@ -582,7 +648,7 @@ keyid_from_sig (PKT_signature *sig, u32 *keyid)
       keyid[0] = sig->keyid[0];
       keyid[1] = sig->keyid[1];
     }
-  return sig->keyid[1];
+  return sig->keyid[1];  /*FIXME:shortkeyid*/
 }
 
 
@@ -640,7 +706,7 @@ mk_datestr (char *buffer, size_t bufsize, u32 timestamp)
  *    Format is: yyyy-mm-dd
  */
 const char *
-datestr_from_pk (PKT_public_key *pk)
+dateonlystr_from_pk (PKT_public_key *pk)
 {
   static char buffer[MK_DATESTR_SIZE];
 
@@ -648,14 +714,36 @@ datestr_from_pk (PKT_public_key *pk)
 }
 
 
+/* Same as dateonlystr_from_pk but with a global option a full iso
+ * timestamp is returned.  In this case it shares a static buffer with
+ * isotimestamp(). */
 const char *
-datestr_from_sig (PKT_signature *sig )
+datestr_from_pk (PKT_public_key *pk)
+{
+  if (opt.flags.full_timestrings)
+    return isotimestamp (pk->timestamp);
+  else
+    return dateonlystr_from_pk (pk);
+}
+
+
+const char *
+dateonlystr_from_sig (PKT_signature *sig )
 {
   static char buffer[MK_DATESTR_SIZE];
 
   return mk_datestr (buffer, sizeof buffer, sig->timestamp);
 }
 
+const char *
+datestr_from_sig (PKT_signature *sig )
+{
+  if (opt.flags.full_timestrings)
+    return isotimestamp (sig->timestamp);
+  else
+    return dateonlystr_from_sig (sig);
+}
+
 
 const char *
 expirestr_from_pk (PKT_public_key *pk)
@@ -664,6 +752,10 @@ expirestr_from_pk (PKT_public_key *pk)
 
   if (!pk->expiredate)
     return _("never     ");
+
+  if (opt.flags.full_timestrings)
+    return isotimestamp (pk->expiredate);
+
   return mk_datestr (buffer, sizeof buffer, pk->expiredate);
 }
 
@@ -675,6 +767,10 @@ expirestr_from_sig (PKT_signature *sig)
 
   if (!sig->expiredate)
     return _("never     ");
+
+  if (opt.flags.full_timestrings)
+    return isotimestamp (sig->expiredate);
+
   return mk_datestr (buffer, sizeof buffer, sig->expiredate);
 }
 
@@ -686,6 +782,10 @@ revokestr_from_pk( PKT_public_key *pk )
 
   if(!pk->revoked.date)
     return _("never     ");
+
+  if (opt.flags.full_timestrings)
+    return isotimestamp (pk->revoked.date);
+
   return mk_datestr (buffer, sizeof buffer, pk->revoked.date);
 }
 
@@ -760,6 +860,7 @@ colon_expirestr_from_sig (PKT_signature *sig)
 }
 
 
+
 /*
  * Return a byte array with the fingerprint for the given PK/SK
  * The length of the array is returned in ret_len. Caller must free
@@ -768,27 +869,51 @@ colon_expirestr_from_sig (PKT_signature *sig)
 byte *
 fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
 {
-  const byte *dp;
-  size_t len;
-  gcry_md_hd_t md;
+  if (!pk->fprlen)
+    compute_fingerprint (pk);
 
-  md = do_fingerprint_md(pk);
-  dp = gcry_md_read( md, 0 );
-  len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
-  log_assert( len <= MAX_FINGERPRINT_LEN );
   if (!array)
-    array = xmalloc ( len );
-  memcpy (array, dp, len );
-  pk->keyid[0] = buf32_to_u32 (dp+12);
-  pk->keyid[1] = buf32_to_u32 (dp+16);
-  gcry_md_close( md);
+    array = xmalloc (pk->fprlen);
+  memcpy (array, pk->fpr, pk->fprlen);
 
   if (ret_len)
-    *ret_len = len;
+    *ret_len = pk->fprlen;
   return array;
 }
 
 
+/*
+ * Get FPR20 for the given PK/SK into ARRAY.
+ *
+ * FPR20 is special form of fingerprint of length 20 for the record of
+ * trustdb.  For v4key, having fingerprint with SHA-1, FPR20 is the
+ * same one.  For v5key, FPR20 is constructed from its fingerprint
+ * with SHA-2, so that its kid of last 8-byte can be as same as
+ * kid of v5key fingerprint.
+ *
+ */
+void
+fpr20_from_pk (PKT_public_key *pk, byte array[20])
+{
+  if (!pk->fprlen)
+    compute_fingerprint (pk);
+
+  if (!array)
+    array = xmalloc (pk->fprlen);
+
+  if (pk->fprlen == 32)         /* v5 fingerprint */
+    {
+      memcpy (array +  0, pk->fpr + 20, 4);
+      memcpy (array +  4, pk->fpr + 24, 4);
+      memcpy (array +  8, pk->fpr + 28, 4);
+      memcpy (array + 12, pk->fpr +  0, 4); /* kid[0] */
+      memcpy (array + 16, pk->fpr +  4, 4); /* kid[1] */
+    }
+  else                          /* v4 fingerprint */
+    memcpy (array, pk->fpr, 20);
+}
+
+
 /* Return an allocated buffer with the fingerprint of PK formatted as
  * a plain hexstring.  If BUFFER is NULL the result is a malloc'd
  * string.  If BUFFER is not NULL the result will be copied into this
@@ -799,19 +924,19 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
 char *
 hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen)
 {
-  unsigned char fpr[MAX_FINGERPRINT_LEN];
-  size_t len;
+  if (!pk->fprlen)
+    compute_fingerprint (pk);
 
-  fingerprint_from_pk (pk, fpr, &len);
   if (!buffer)
     {
-      buffer = xtrymalloc (2 * len + 1);
+      buffer = xtrymalloc (2 * pk->fprlen + 1);
       if (!buffer)
         return NULL;
     }
-  else if (buflen < 2*len+1)
+  else if (buflen < 2 * pk->fprlen + 1)
     log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen);
-  bin2hex (fpr, len, buffer);
+
+  bin2hex (pk->fpr, pk->fprlen, buffer);
   return buffer;
 }
 
@@ -839,8 +964,22 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
 	       /* Half way through we add a second space.  */
 	       + 1);
     }
+  else if (hexlen == 64 || hexlen == 50)  /* v5 fingerprint */
+    {
+      /* The v5 fingerprint is commonly printed truncated to 25
+       * octets.  We accept the truncated as well as the full hex
+       * version here and format it like this:
+       * 19347 BC987 24640 25F99 DF3EC 2E000 0ED98 84892 E1F7B 3EA4C
+       */
+      hexlen = 50;
+      space = 10 * 5 + 9 + 1;
+    }
   else  /* Other fingerprint versions - print as is.  */
     {
+      /* We truncated here so that we do not need to provide a buffer
+       * of a length which is in reality never used.  */
+      if (hexlen > MAX_FORMATTED_FINGERPRINT_LEN - 1)
+        hexlen = MAX_FORMATTED_FINGERPRINT_LEN - 1;
       space = hexlen + 1;
     }
 
@@ -853,7 +992,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
     {
       for (i = 0, j = 0; i < 40; i ++)
         {
-          if (i && i % 4 == 0)
+          if (i && !(i % 4))
             buffer[j ++] = ' ';
           if (i == 40 / 2)
             buffer[j ++] = ' ';
@@ -863,9 +1002,20 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
       buffer[j ++] = 0;
       log_assert (j == space);
     }
+  else if (hexlen == 50)  /* v5 fingerprint */
+    {
+      for (i=j=0; i < 50; i++)
+        {
+          if (i && !(i % 5))
+            buffer[j++] = ' ';
+          buffer[j++] = fingerprint[i];
+        }
+      buffer[j++] = 0;
+      log_assert (j == space);
+    }
   else
     {
-      strcpy (buffer, fingerprint);
+      mem2str (buffer, fingerprint, space);
     }
 
   return buffer;
@@ -874,7 +1024,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
 
 
 /* Return the so called KEYGRIP which is the SHA-1 hash of the public
-   key parameters expressed as an canoncial encoded S-Exp.  ARRAY must
+   key parameters expressed as an canonical encoded S-Exp.  ARRAY must
    be 20 bytes long.  Returns 0 on success or an error code.  */
 gpg_error_t
 keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
@@ -968,18 +1118,18 @@ gpg_error_t
 hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip)
 {
   gpg_error_t err;
-  unsigned char grip[20];
+  unsigned char grip[KEYGRIP_LEN];
 
   *r_grip = NULL;
   err = keygrip_from_pk (pk, grip);
   if (!err)
     {
-      char * buf = xtrymalloc (20*2+1);
+      char * buf = xtrymalloc (KEYGRIP_LEN * 2 + 1);
       if (!buf)
         err = gpg_error_from_syserror ();
       else
         {
-          bin2hex (grip, 20, buf);
+          bin2hex (grip, KEYGRIP_LEN, buf);
           *r_grip = buf;
         }
     }
diff --git a/g10/keylist.c b/g10/keylist.c
index af0ce9d..e222259 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -45,6 +45,7 @@
 #include "../common/zb32.h"
 #include "tofu.h"
 #include "../common/compliance.h"
+#include "../common/pkscreening.h"
 
 
 static void list_all (ctrl_t, int, int);
@@ -165,60 +166,78 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
     list_one (ctrl, list, 1, 0);
 }
 
-char *
-format_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
+
+/* Helper for print_key_info and print_key_info_log.  */
+static char *
+format_key_info (ctrl_t ctrl, PKT_public_key *pk, int secret)
 {
   u32 keyid[2];
   char *p;
   char pkstrbuf[PUBKEY_STRING_SIZE];
-  char *info;
+  char *result;
 
   keyid_from_pk (pk, keyid);
-  p = get_user_id_native (ctrl, keyid);
 
-  info = xtryasprintf ("sec  %s/%s %s %s",
-                       pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
-                       keystr (keyid), datestr_from_pk (pk), p);
+  /* If the pk was chosen by a particular user ID, that is the one to
+     print.  */
+  if (pk->user_id)
+    p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
+  else
+    p = get_user_id_native (ctrl, keyid);
 
+  result = xtryasprintf ("%s  %s/%s %s %s",
+                         secret? (pk->flags.primary? "sec":"ssb")
+                         /* */ : (pk->flags.primary? "pub":"sub"),
+                         pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
+                         keystr (keyid), datestr_from_pk (pk), p);
   xfree (p);
-
-  return info;
+  return result;
 }
 
+
+/* Print basic information about a public or secret key.  With FP
+ * passed as NULL, the tty output interface is used, otherwise output
+ * is directed to the given stream.  INDENT gives the requested
+ * indentation; if that is a negative value indentation is suppressed
+ * for the first line.  SECRET tells that the PK has a secret part.
+ * FIXME: This is similar in use to print_key_line and thus both
+ * functions should eventually be united.
+ */
 void
-print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
+print_key_info (ctrl_t ctrl, estream_t fp,
+                int indent, PKT_public_key *pk, int secret)
 {
-  char *p = format_seckey_info (ctrl, pk);
-  tty_printf ("\n%s\n", p);
-  xfree (p);
+  int indentabs = indent >= 0? indent : -indent;
+  char *info;
+
+  /* Note: Negative values for INDENT are not yet needed. */
+
+  info = format_key_info (ctrl, pk, secret);
+
+  if (!fp && indent >= 0)
+    tty_printf ("\n");  /* (Backward compatibility to old code) */
+  tty_fprintf (fp, "%*s%s\n", indentabs, "",
+               info? info : "[Ooops - out of core]");
+
+  xfree (info);
 }
 
-/* Print information about the public key.  With FP passed as NULL,
-   the tty output interface is used, otherwise output is directed to
-   the given stream.  */
+
+/* Same as print_key_info put print using the log functions at
+ * LOGLEVEL.  */
 void
-print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)
+print_key_info_log (ctrl_t ctrl, int loglevel,
+                    int indent, PKT_public_key *pk, int secret)
 {
-  u32 keyid[2];
-  char *p;
-  char pkstrbuf[PUBKEY_STRING_SIZE];
+  int indentabs = indent >= 0? indent : -indent;
+  char *info;
 
-  keyid_from_pk (pk, keyid);
+  info = format_key_info (ctrl, pk, secret);
 
-  /* If the pk was chosen by a particular user ID, that is the one to
-     print.  */
-  if (pk->user_id)
-    p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
-  else
-    p = get_user_id_native (ctrl, keyid);
+  log_log (loglevel, "%*s%s\n", indentabs, "",
+           info? info : "[Ooops - out of core]");
 
-  if (!fp)
-    tty_printf ("\n");
-  tty_fprintf (fp, "%s  %s/%s %s %s\n",
-               pk->flags.primary? "pub":"sub",
-               pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
-               keystr (keyid), datestr_from_pk (pk), p);
-  xfree (p);
+  xfree (info);
 }
 
 
@@ -319,8 +338,7 @@ show_policy_url (PKT_signature * sig, int indent, int mode)
   int seq = 0, crit;
   estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
 
-  while ((p =
-	  enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
+  while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit)))
     {
       if (mode != 2)
 	{
@@ -360,9 +378,7 @@ show_keyserver_url (PKT_signature * sig, int indent, int mode)
   int seq = 0, crit;
   estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
 
-  while ((p =
-	  enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
-			   &crit)))
+  while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit)))
     {
       if (mode != 2)
 	{
@@ -452,12 +468,8 @@ show_notation (PKT_signature * sig, int indent, int mode, int which)
             write_status_text (STATUS_NOTATION_FLAGS,
                                nd->flags.critical && nd->flags.human? "1 1" :
                                nd->flags.critical? "1 0" : "0 1");
-          if (!nd->flags.human && nd->bdat && nd->blen)
-            write_status_buffer (STATUS_NOTATION_DATA,
-                                 nd->bdat, nd->blen, 250);
-          else
-            write_status_buffer (STATUS_NOTATION_DATA,
-                                 nd->value, strlen (nd->value), 50);
+	  write_status_buffer (STATUS_NOTATION_DATA,
+			       nd->value, strlen (nd->value), 50);
 	}
     }
 
@@ -512,7 +524,7 @@ list_all (ctrl_t ctrl, int secret, int mark_secret)
   if (opt.check_sigs)
     listctx.check_sigs = 1;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     rc = gpg_error_from_syserror ();
   else
@@ -536,8 +548,6 @@ list_all (ctrl_t ctrl, int secret, int mark_secret)
 	{
           if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
             continue;  /* Skip legacy keys.  */
-          if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
-            continue;  /* Skip keys with unknown versions.  */
 	  log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
 	  goto leave;
 	}
@@ -728,6 +738,37 @@ print_key_data (PKT_public_key * pk)
     }
 }
 
+
+/* Various public key screenings.  (Right now just ROCA).  With
+ * COLON_MODE set the output is formatted for use in the compliance
+ * field of a colon listing.
+ */
+static void
+print_pk_screening (PKT_public_key *pk, int colon_mode)
+{
+  gpg_error_t err;
+
+  if (is_RSA (pk->pubkey_algo) && pubkey_get_npkey (pk->pubkey_algo))
+    {
+      err = screen_key_for_roca (pk->pkey[0]);
+      if (!err)
+        ;
+      else if (gpg_err_code (err) == GPG_ERR_TRUE)
+        {
+          if (colon_mode)
+            es_fprintf (es_stdout, colon_mode > 1? " %d":"%d", 6001);
+          else
+            es_fprintf (es_stdout,
+                        "      Screening: ROCA vulnerability detected\n");
+        }
+      else if (!colon_mode)
+        es_fprintf (es_stdout, "      Screening: [ROCA check failed: %s]\n",
+                    gpg_strerror (err));
+    }
+
+}
+
+
 static void
 print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
 {
@@ -847,12 +888,12 @@ print_subpackets_colon (PKT_signature * sig)
 
       seq = 0;
 
-      while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
+      while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit)))
 	print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
 
       seq = 0;
 
-      while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
+      while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit)))
 	print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
     }
 }
@@ -898,7 +939,7 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
 
 
 /* Order two signatures.  We first order by keyid and then by creation
- * time.  This is currently only used in keyedit.c  */
+ * time.  */
 int
 cmp_signodes (const void *av, const void *bv)
 {
@@ -942,14 +983,168 @@ cmp_signodes (const void *av, const void *bv)
 }
 
 
+/* Helper for list_keyblock_print.  */
+static void
+list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
+                      struct keylist_context *listctx)
+{
+          /* (extra indentation to keep the diff history short)  */
+	  PKT_signature *sig = node->pkt->pkt.signature;
+	  int rc, sigrc;
+	  char *sigstr;
+          char *reason_text = NULL;
+          char *reason_comment = NULL;
+          size_t reason_commentlen;
+          int reason_code = 0;
+
+	  if (listctx->check_sigs)
+	    {
+	      rc = check_key_signature (ctrl, keyblock, node, NULL);
+	      switch (gpg_err_code (rc))
+		{
+		case 0:
+		  listctx->good_sigs++;
+		  sigrc = '!';
+		  break;
+		case GPG_ERR_BAD_SIGNATURE:
+		  listctx->inv_sigs++;
+		  sigrc = '-';
+		  break;
+		case GPG_ERR_NO_PUBKEY:
+		case GPG_ERR_UNUSABLE_PUBKEY:
+		  listctx->no_key++;
+		  return;
+		default:
+		  listctx->oth_err++;
+		  sigrc = '%';
+		  break;
+		}
+
+	      /* TODO: Make sure a cached sig record here still has
+	         the pk that issued it.  See also
+	         keyedit.c:print_and_check_one_sig */
+	    }
+	  else
+	    {
+	      rc = 0;
+	      sigrc = ' ';
+	    }
+
+	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
+	      || sig->sig_class == 0x30)
+            {
+              sigstr = "rev";
+              reason_code = get_revocation_reason (sig, &reason_text,
+                                                   &reason_comment,
+                                                   &reason_commentlen);
+            }
+	  else if ((sig->sig_class & ~3) == 0x10)
+	    sigstr = "sig";
+	  else if (sig->sig_class == 0x18)
+	    sigstr = "sig";
+	  else if (sig->sig_class == 0x1F)
+	    sigstr = "sig";
+	  else
+	    {
+	      es_fprintf (es_stdout, "sig                             "
+		      "[unexpected signature class 0x%02x]\n",
+		      sig->sig_class);
+	      return;
+	    }
+
+	  es_fputs (sigstr, es_stdout);
+	  es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
+		  sigrc, (sig->sig_class - 0x10 > 0 &&
+			  sig->sig_class - 0x10 <
+			  4) ? '0' + sig->sig_class - 0x10 : ' ',
+		  sig->flags.exportable ? ' ' : 'L',
+		  sig->flags.revocable ? ' ' : 'R',
+		  sig->flags.policy_url ? 'P' : ' ',
+		  sig->flags.notation ? 'N' : ' ',
+		  sig->flags.expired ? 'X' : ' ',
+		  (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
+						  0) ? '0' +
+		  sig->trust_depth : ' ', keystr (sig->keyid),
+		  datestr_from_sig (sig));
+	  if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
+	    es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
+	  es_fprintf (es_stdout, "  ");
+	  if (sigrc == '%')
+	    es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
+	  else if (sigrc == '?')
+	    ;
+	  else if (!opt.fast_list_mode)
+	    {
+	      size_t n;
+	      char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
+	      print_utf8_buffer (es_stdout, p, n);
+	      xfree (p);
+	    }
+	  es_putc ('\n', es_stdout);
+
+	  if (sig->flags.policy_url
+	      && (opt.list_options & LIST_SHOW_POLICY_URLS))
+	    show_policy_url (sig, 3, 0);
+
+	  if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
+	    show_notation (sig, 3, 0,
+			   ((opt.
+			     list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
+			   +
+			   ((opt.
+			     list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
+			    0));
+
+	  if (sig->flags.pref_ks
+	      && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
+	    show_keyserver_url (sig, 3, 0);
+
+          if (reason_text && (reason_code || reason_comment))
+            {
+              es_fprintf (es_stdout, "      %s%s\n",
+                          _("reason for revocation: "), reason_text);
+              if (reason_comment)
+                {
+                  const byte *s, *s_lf;
+                  size_t n, n_lf;
+
+                  s = reason_comment;
+                  n = reason_commentlen;
+                  s_lf = NULL;
+                  do
+                    {
+                      /* We don't want any empty lines, so we skip them.  */
+                      for (;n && *s == '\n'; s++, n--)
+                        ;
+                      if (n)
+                        {
+                          s_lf = memchr (s, '\n', n);
+                          n_lf = s_lf? s_lf - s : n;
+                          es_fprintf (es_stdout, "         %s",
+                                      _("revocation comment: "));
+                          es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
+                          es_putc ('\n', es_stdout);
+                          s += n_lf; n -= n_lf;
+                        }
+                    } while (s_lf);
+                }
+            }
+
+          xfree (reason_text);
+          xfree (reason_comment);
+
+	  /* fixme: check or list other sigs here */
+}
+
+
 static void
 list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
                      struct keylist_context *listctx)
 {
   int rc;
-  KBNODE kbctx;
-  KBNODE node;
+  kbnode_t node;
   PKT_public_key *pk;
+  u32 *mainkid;
   int skip_sigs = 0;
   char *hexgrip = NULL;
   char *serialno = NULL;
@@ -964,6 +1159,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
     }
 
   pk = node->pkt->pkt.public_key;
+  mainkid = pk_keyid (pk);
 
   if (secret || opt.with_keygrip)
     {
@@ -999,6 +1195,9 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
   if (opt.with_key_data)
     print_key_data (pk);
 
+  if (opt.with_key_screening)
+    print_pk_screening (pk, 0);
+
   if (opt.with_key_origin
       && (pk->keyorg || pk->keyupdate || pk->updateurl))
     {
@@ -1013,9 +1212,11 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
       es_putc ('\n', es_stdout);
     }
 
-
-  for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+  for (node = keyblock; node; node = node->next)
     {
+      if (is_deleted_kbnode (node))
+        continue;
+
       if (node->pkt->pkttype == PKT_USER_ID)
 	{
 	  PKT_user_id *uid = node->pkt->pkt.user_id;
@@ -1062,7 +1263,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
               char *mbox, *hash, *p;
               char hashbuf[32];
 
-              mbox = mailbox_from_userid (uid->name);
+              mbox = mailbox_from_userid (uid->name, 0);
               if (mbox && (p = strchr (mbox, '@')))
                 {
                   *p++ = 0;
@@ -1140,153 +1341,43 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
             es_fprintf (es_stdout, "      Keygrip = %s\n", hexgrip);
 	  if (opt.with_key_data)
 	    print_key_data (pk2);
+          if (opt.with_key_screening)
+            print_pk_screening (pk2, 0);
 	}
       else if (opt.list_sigs
 	       && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
 	{
-	  PKT_signature *sig = node->pkt->pkt.signature;
-	  int sigrc;
-	  char *sigstr;
-          char *reason_text = NULL;
-          char *reason_comment = NULL;
-          size_t reason_commentlen;
-
-	  if (listctx->check_sigs)
-	    {
-	      rc = check_key_signature (ctrl, keyblock, node, NULL);
-	      switch (gpg_err_code (rc))
-		{
-		case 0:
-		  listctx->good_sigs++;
-		  sigrc = '!';
-		  break;
-		case GPG_ERR_BAD_SIGNATURE:
-		  listctx->inv_sigs++;
-		  sigrc = '-';
-		  break;
-		case GPG_ERR_NO_PUBKEY:
-		case GPG_ERR_UNUSABLE_PUBKEY:
-		  listctx->no_key++;
-		  continue;
-		default:
-		  listctx->oth_err++;
-		  sigrc = '%';
-		  break;
-		}
-
-	      /* TODO: Make sure a cached sig record here still has
-	         the pk that issued it.  See also
-	         keyedit.c:print_and_check_one_sig */
-	    }
-	  else
-	    {
-	      rc = 0;
-	      sigrc = ' ';
-	    }
-
-	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
-	      || sig->sig_class == 0x30)
+          if ((opt.list_options & LIST_SORT_SIGS))
             {
-              sigstr = "rev";
-              get_revocation_reason (sig, &reason_text,
-                                     &reason_comment, &reason_commentlen);
-            }
-	  else if ((sig->sig_class & ~3) == 0x10)
-	    sigstr = "sig";
-	  else if (sig->sig_class == 0x18)
-	    sigstr = "sig";
-	  else if (sig->sig_class == 0x1F)
-	    sigstr = "sig";
-	  else
-	    {
-	      es_fprintf (es_stdout, "sig                             "
-		      "[unexpected signature class 0x%02x]\n",
-		      sig->sig_class);
-	      continue;
-	    }
-
-	  es_fputs (sigstr, es_stdout);
-	  es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
-		  sigrc, (sig->sig_class - 0x10 > 0 &&
-			  sig->sig_class - 0x10 <
-			  4) ? '0' + sig->sig_class - 0x10 : ' ',
-		  sig->flags.exportable ? ' ' : 'L',
-		  sig->flags.revocable ? ' ' : 'R',
-		  sig->flags.policy_url ? 'P' : ' ',
-		  sig->flags.notation ? 'N' : ' ',
-		  sig->flags.expired ? 'X' : ' ',
-		  (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
-						  0) ? '0' +
-		  sig->trust_depth : ' ', keystr (sig->keyid),
-		  datestr_from_sig (sig));
-	  if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
-	    es_fprintf (es_stdout, " %s", expirestr_from_sig (sig));
-	  es_fprintf (es_stdout, "  ");
-	  if (sigrc == '%')
-	    es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
-	  else if (sigrc == '?')
-	    ;
-	  else if (!opt.fast_list_mode)
-	    {
-	      size_t n;
-	      char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
-	      print_utf8_buffer (es_stdout, p, n);
-	      xfree (p);
-	    }
-	  es_putc ('\n', es_stdout);
+              kbnode_t n;
+              unsigned int sigcount = 0;
+              kbnode_t *sigarray;
+              unsigned int idx;
 
-	  if (sig->flags.policy_url
-	      && (opt.list_options & LIST_SHOW_POLICY_URLS))
-	    show_policy_url (sig, 3, 0);
+              for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+                sigcount++;
+              sigarray = xcalloc (sigcount, sizeof *sigarray);
 
-	  if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
-	    show_notation (sig, 3, 0,
-			   ((opt.
-			     list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
-			   +
-			   ((opt.
-			     list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
-			    0));
-
-	  if (sig->flags.pref_ks
-	      && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
-	    show_keyserver_url (sig, 3, 0);
-
-          if (reason_text)
-            {
-              es_fprintf (es_stdout, "      %s%s\n",
-                          _("reason for revocation: "), reason_text);
-              if (reason_comment)
+              sigcount = 0;
+              for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
                 {
-                  const byte *s, *s_lf;
-                  size_t n, n_lf;
+                  if (!keyid_cmp (mainkid, n->pkt->pkt.signature->keyid))
+                    n->flag |= NODFLG_MARK_B;  /* Is a self-sig.  */
+                  else
+                    n->flag &= ~NODFLG_MARK_B;
 
-                  s = reason_comment;
-                  n = reason_commentlen;
-                  s_lf = NULL;
-                  do
-                    {
-                      /* We don't want any empty lines, so we skip them.  */
-                      for (;n && *s == '\n'; s++, n--)
-                        ;
-                      if (n)
-                        {
-                          s_lf = memchr (s, '\n', n);
-                          n_lf = s_lf? s_lf - s : n;
-                          es_fprintf (es_stdout, "         %s",
-                                      _("revocation comment: "));
-                          es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
-                          es_putc ('\n', es_stdout);
-                          s += n_lf; n -= n_lf;
-                        }
-                    } while (s_lf);
+                  sigarray[sigcount++] = node = n;
                 }
-            }
+              /* Note that NODE is now at the last signature.  */
 
-          xfree (reason_text);
-          xfree (reason_comment);
+              qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
 
-	  /* fixme: check or list other sigs here */
+              for (idx=0; idx < sigcount; idx++)
+                list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
+              xfree (sigarray);
+            }
+          else
+            list_signature_print (ctrl, keyblock, node, listctx);
 	}
     }
   es_putc ('\n', es_stdout);
@@ -1329,7 +1420,7 @@ list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock)
 	  if (uid->flags.expired || uid->flags.revoked)
             continue;
 
-          mbox = mailbox_from_userid (uid->name);
+          mbox = mailbox_from_userid (uid->name, 0);
           if (!mbox)
             {
               ec = gpg_err_code_from_syserror ();
@@ -1361,7 +1452,7 @@ print_revokers (estream_t fp, PKT_public_key * pk)
 
 	  es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
 	  p = pk->revkey[i].fpr;
-	  for (j = 0; j < 20; j++, p++)
+	  for (j = 0; j < pk->revkey[i].fprlen; j++, p++)
 	    es_fprintf (fp, "%02X", *p);
 	  es_fprintf (fp, ":%02x%s:\n",
                       pk->revkey[i].class,
@@ -1396,6 +1487,9 @@ print_compliance_flags (PKT_public_key *pk,
 		  gnupg_status_compliance_flag (CO_DE_VS));
       any++;
     }
+
+  if (opt.with_key_screening)
+    print_pk_screening (pk, 1+any);
 }
 
 
@@ -1440,8 +1534,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
       if (rc)
         log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
       /* In the error case we print an empty string so that we have a
-       * "grp" record for each and subkey - even if it is empty.  This
-       * may help to prevent sync problems.  */
+       * "grp" record for each primary and subkey - even if it is
+       * empty.  This may help to prevent sync problems.  */
       hexgrip = hexgrip_buffer? hexgrip_buffer : "";
     }
   stubkey = 0;
@@ -1686,7 +1780,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
           char *reason_text = NULL;
           char *reason_comment = NULL;
           size_t reason_commentlen;
-          int reason_code = 0;  /* init to silence cc warning.  */
+          int reason_code = 0;  /* Init to silence compiler warning.  */
 
 	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
 	      || sig->sig_class == 0x30)
@@ -2072,9 +2166,9 @@ print_fingerprint (ctrl_t ctrl, estream_t override_fp,
         {
           if (!i)
             ;
-          else if (!(i%8))
+          else if (!(i%10))
             tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, "");
-          else if (!(i%4))
+          else if (!(i%5))
             tty_fprintf (fp, "  ");
           else
             tty_fprintf (fp, " ");
@@ -2113,6 +2207,9 @@ print_card_serialno (const char *serialno)
  * pub   dsa2048 2007-12-31 [SC] [expires: 2018-12-31]
  *       80615870F5BAD690333686D0F2AD85AC1E42B367
  *
+ * pub   rsa2048 2017-12-31 [SC] [expires: 2028-12-31]
+ *       80615870F5BAD690333686D0F2AD85AC1E42B3671122334455
+ *
  * Some global options may result in a different output format.  If
  * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and
  * depending on the value a flag character is shown:
diff --git a/g10/keyring.c b/g10/keyring.c
index 8c31ccc..e044cab 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -598,7 +598,7 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
 
     /* Close this one otherwise we will lose the position for
      * a next search.  Fixme: it would be better to adjust the position
-     * after the write opertions.
+     * after the write operations.
      */
     iobuf_close (hd->current.iobuf);
     hd->current.iobuf = NULL;
@@ -638,7 +638,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
 
     /* close this one otherwise we will lose the position for
      * a next search.  Fixme: it would be better to adjust the position
-     * after the write opertions.
+     * after the write operations.
      */
     iobuf_close (hd->current.iobuf);
     hd->current.iobuf = NULL;
@@ -998,8 +998,6 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
         case KEYDB_SEARCH_MODE_LONG_KID:
           need_keyid = 1;
           break;
-        case KEYDB_SEARCH_MODE_FPR16:
-        case KEYDB_SEARCH_MODE_FPR20:
         case KEYDB_SEARCH_MODE_FPR:
           need_fpr = 1;
           break;
@@ -1137,11 +1135,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
           pk = pkt.pkt.public_key;
           ++pk_no;
 
-          if (need_fpr) {
-            fingerprint_from_pk (pk, afp, &an);
-            while (an < 20) /* fill up to 20 bytes */
-              afp[an++] = 0;
-          }
+          if (need_fpr)
+            {
+              fingerprint_from_pk (pk, afp, &an);
+              while (an < 32) /* fill up to 32 bytes */
+                afp[an++] = 0;
+            }
           if (need_keyid)
             keyid_from_pk (pk, aki);
 
@@ -1175,21 +1174,19 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
             break;
 
           case KEYDB_SEARCH_MODE_SHORT_KID:
-            if (pk && desc[n].u.kid[1] == aki[1])
-              goto found;
+            if (pk
+               && ((pk->fprlen == 32 && desc[n].u.kid[1] == aki[0])
+                   || (pk->fprlen != 32 && desc[n].u.kid[1] == aki[1])))
+                goto found;
             break;
           case KEYDB_SEARCH_MODE_LONG_KID:
             if (pk && desc[n].u.kid[0] == aki[0]
                 && desc[n].u.kid[1] == aki[1])
               goto found;
             break;
-          case KEYDB_SEARCH_MODE_FPR16:
-            if (pk && !memcmp (desc[n].u.fpr, afp, 16))
-              goto found;
-            break;
-          case KEYDB_SEARCH_MODE_FPR20:
           case KEYDB_SEARCH_MODE_FPR:
-            if (pk && !memcmp (desc[n].u.fpr, afp, 20))
+            if (pk && desc[n].fprlen >= 16 && desc[n].fprlen <= 32
+                && !memcmp (desc[n].u.fpr, afp, desc[n].fprlen))
               goto found;
             break;
           case KEYDB_SEARCH_MODE_FIRST:
@@ -1479,8 +1476,6 @@ keyring_rebuild_cache (ctrl_t ctrl, void *token, int noisy)
         {
           if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
             continue;  /* Skip legacy keys.  */
-          if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION)
-            continue;  /* Skip keys with unknown version.  */
           log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 45cb936..6d0e7f4 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -21,13 +21,10 @@
 #define _KEYSERVER_INTERNAL_H_
 
 #include <time.h>
+#include "../common/keyserver.h"
 #include "../common/iobuf.h"
 #include "../common/types.h"
 
-/* Flags for the keyserver import functions.  */
-#define KEYSERVER_IMPORT_FLAG_QUICK 1
-#define KEYSERVER_IMPORT_FLAG_LDAP  2
-
 int parse_keyserver_options(char *options);
 void free_keyserver_spec(struct keyserver_spec *keyserver);
 struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
@@ -38,27 +35,20 @@ int keyserver_any_configured (ctrl_t ctrl);
 int keyserver_export (ctrl_t ctrl, strlist_t users);
 int keyserver_import (ctrl_t ctrl, strlist_t users);
 int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
-                             struct keyserver_spec *keyserver,
-                             unsigned int flags);
-int keyserver_import_fprint_ntds (ctrl_t ctrl,
-                                  const byte *fprint, size_t fprint_len);
+                             struct keyserver_spec *keyserver, int quick);
 int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
-                            struct keyserver_spec *keyserver,
-                            unsigned int flags);
+                            struct keyserver_spec *keyserver, int quick);
 gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users);
 gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
 int keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin);
 int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
                            unsigned char **fpr,size_t *fpr_len);
-gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
-                                  unsigned char **fpr,size_t *fpr_len);
-gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name,
-                                  unsigned int flags,
+gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
                                   unsigned char **fpr, size_t *fpr_len);
 int keyserver_import_ntds (ctrl_t ctrl, const char *name,
                            unsigned char **fpr,size_t *fpr_len);
-int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
-                           unsigned char **fpr,size_t *fpr_len,
+int keyserver_import_name (ctrl_t ctrl,
+                           const char *name,unsigned char **fpr,size_t *fpr_len,
                            struct keyserver_spec *keyserver);
 int keyserver_import_ldap (ctrl_t ctrl, const char *name,
                            unsigned char **fpr,size_t *fpr_len);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 1fbe728..0b37180 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -31,7 +31,6 @@
 #include "filter.h"
 #include "keydb.h"
 #include "../common/status.h"
-#include "exec.h"
 #include "main.h"
 #include "../common/i18n.h"
 #include "../common/ttyio.h"
@@ -100,15 +99,13 @@ static struct parse_options keyserver_opts[]=
      N_("automatically retrieve keys when verifying signatures")},
     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
      N_("honor the preferred keyserver URL set on the key")},
-    {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
-     N_("honor the PKA record set on a key when retrieving keys")},
     {NULL,0,NULL,NULL}
   };
 
 static gpg_error_t keyserver_get (ctrl_t ctrl,
                                   KEYDB_SEARCH_DESC *desc, int ndesc,
                                   struct keyserver_spec *override_keyserver,
-                                  unsigned int flags,
+                                  int quick,
                                   unsigned char **r_fpr, size_t *r_fprlen);
 static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
 
@@ -186,16 +183,36 @@ void
 free_keyserver_spec(struct keyserver_spec *keyserver)
 {
   xfree(keyserver->uri);
+  xfree(keyserver->scheme);
+  xfree(keyserver->auth);
+  xfree(keyserver->host);
+  xfree(keyserver->port);
+  xfree(keyserver->path);
+  xfree(keyserver->opaque);
+  free_strlist(keyserver->options);
   xfree(keyserver);
 }
 
 /* Return 0 for match */
 static int
-cmp_keyserver_spec(struct keyserver_spec *one, struct keyserver_spec *two)
+cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
 {
-  return !!ascii_strcasecmp(one->uri, two->uri);
-}
+  if(ascii_strcasecmp(one->scheme,two->scheme)==0)
+    {
+      if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
+	{
+	  if((one->port && two->port
+	      && ascii_strcasecmp(one->port,two->port)==0)
+	     || (!one->port && !two->port))
+	    return 0;
+	}
+      else if(one->opaque && two->opaque
+	      && ascii_strcasecmp(one->opaque,two->opaque)==0)
+	return 0;
+    }
 
+  return 1;
+}
 
 /* Try and match one of our keyservers.  If we can, return that.  If
    we can't, return our input. */
@@ -211,24 +228,40 @@ keyserver_match(struct keyserver_spec *spec)
   return spec;
 }
 
+/* TODO: once we cut over to an all-curl world, we don't need this
+   parser any longer so it can be removed, or at least moved to
+   keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
 
-/* Create a new keyserver object from STRING.  Unless REQUIRE_SCHEME
- * is set a missing scheme is replaced by "hkp://".  The data structure
- * could be much easier but in the past we parsed the URI here for the
- * old 2.0 keyserver helpers - which is not anymore needed.  */
 keyserver_spec_t
-parse_keyserver_uri (const char *string, int require_scheme)
+parse_keyserver_uri (const char *string,int require_scheme)
 {
+  int assume_hkp=0;
   struct keyserver_spec *keyserver;
   const char *idx;
   int count;
+  char *uri, *duped_uri, *options;
 
   log_assert (string);
 
-  keyserver = xcalloc (1, sizeof *keyserver);
+  keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
+
+  duped_uri = uri = xstrdup (string);
+
+  options=strchr(uri,' ');
+  if(options)
+    {
+      char *tok;
+
+      *options='\0';
+      options++;
+
+      while((tok=optsep(&options)))
+	warn_kshelper_option (tok, 0);
+    }
 
   /* Get the scheme */
-  for(idx=string, count=0; *idx && *idx!=':';idx++)
+
+  for(idx=uri,count=0;*idx && *idx!=':';idx++)
     {
       count++;
 
@@ -254,21 +287,162 @@ parse_keyserver_uri (const char *string, int require_scheme)
 	return NULL;
 
       /* Assume HKP if there is no scheme */
-      keyserver->uri = xstrconcat ("hkp://", string, NULL);
+      assume_hkp=1;
+      keyserver->scheme=xstrdup("hkp");
+
+      keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
+      strcpy(keyserver->uri,keyserver->scheme);
+      strcat(keyserver->uri,"://");
+      strcat(keyserver->uri,uri);
     }
   else
     {
-      keyserver->uri = xstrdup (string);
+      int i;
+
+      keyserver->uri=xstrdup(uri);
+
+      keyserver->scheme=xmalloc(count+1);
+
+      /* Force to lowercase */
+      for(i=0;i<count;i++)
+	keyserver->scheme[i]=ascii_tolower(uri[i]);
+
+      keyserver->scheme[i]='\0';
+
+      /* Skip past the scheme and colon */
+      uri+=count+1;
+    }
+
+  if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
+    {
+      log_info ("keyserver option '%s' is obsolete\n",
+                "x-broken-hkp");
+    }
+  else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
+    {
+      /* Canonicalize this to "hkp" so it works with both the internal
+	 and external keyserver interface. */
+      xfree(keyserver->scheme);
+      keyserver->scheme=xstrdup("hkp");
     }
 
+  if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
+    {
+      /* Three slashes means network path with a default host name.
+         This is a hack because it does not crok all possible
+         combinations.  We should better replace all code by the parser
+         from http.c.  */
+      keyserver->path = xstrdup (uri+2);
+    }
+  else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
+    {
+      /* Two slashes means network path. */
+
+      /* Skip over the "//", if any */
+      if(!assume_hkp)
+	uri+=2;
+
+      /* Do we have userinfo auth data present? */
+      for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
+	count++;
+
+      /* We found a @ before the slash, so that means everything
+	 before the @ is auth data. */
+      if(*idx=='@')
+	{
+	  if(count==0)
+	    goto fail;
+
+	  keyserver->auth=xmalloc(count+1);
+	  strncpy(keyserver->auth,uri,count);
+	  keyserver->auth[count]='\0';
+	  uri+=count+1;
+	}
+
+      /* Is it an RFC-2732 ipv6 [literal address] ? */
+      if(*uri=='[')
+	{
+	  for(idx=uri+1,count=1;*idx
+		&& ((isascii (*idx) && isxdigit(*idx))
+                    || *idx==':' || *idx=='.');idx++)
+	    count++;
+
+	  /* Is the ipv6 literal address terminated? */
+	  if(*idx==']')
+	    count++;
+	  else
+	    goto fail;
+	}
+      else
+	for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
+	  count++;
+
+      if(count==0)
+	goto fail;
+
+      keyserver->host=xmalloc(count+1);
+      strncpy(keyserver->host,uri,count);
+      keyserver->host[count]='\0';
+
+      /* Skip past the host */
+      uri+=count;
+
+      if(*uri==':')
+	{
+	  /* It would seem to be reasonable to limit the range of the
+	     ports to values between 1-65535, but RFC 1738 and 1808
+	     imply there is no limit.  Of course, the real world has
+	     limits. */
+
+	  for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
+	    {
+	      count++;
+
+	      /* Ports are digits only */
+	      if(!digitp(idx))
+		goto fail;
+	    }
+
+	  keyserver->port=xmalloc(count+1);
+	  strncpy(keyserver->port,uri+1,count);
+	  keyserver->port[count]='\0';
+
+	  /* Skip past the colon and port number */
+	  uri+=1+count;
+	}
+
+      /* Everything else is the path */
+      if(*uri)
+	keyserver->path=xstrdup(uri);
+      else
+	keyserver->path=xstrdup("/");
+
+      if(keyserver->path[1])
+	keyserver->flags.direct_uri=1;
+    }
+  else if(uri[0]!='/')
+    {
+      /* No slash means opaque.  Just record the opaque blob and get
+	 out. */
+      keyserver->opaque=xstrdup(uri);
+    }
+  else
+    {
+      /* One slash means absolute path.  We don't need to support that
+	 yet. */
+      goto fail;
+    }
+
+  xfree (duped_uri);
   return keyserver;
 
  fail:
   free_keyserver_spec(keyserver);
+
+  xfree (duped_uri);
   return NULL;
 }
 
-
 struct keyserver_spec *
 parse_preferred_keyserver(PKT_signature *sig)
 {
@@ -276,7 +450,7 @@ parse_preferred_keyserver(PKT_signature *sig)
   const byte *p;
   size_t plen;
 
-  p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
   if(p && plen)
     {
       byte *dupe=xmalloc(plen+1);
@@ -293,7 +467,6 @@ parse_preferred_keyserver(PKT_signature *sig)
 static void
 print_keyrec (ctrl_t ctrl, int number,struct keyrec *keyrec)
 {
-  int i;
 
   iobuf_writebyte(keyrec->uidbuf,0);
   iobuf_flush_temp(keyrec->uidbuf);
@@ -332,20 +505,11 @@ print_keyrec (ctrl_t ctrl, int number,struct keyrec *keyrec)
       es_printf ("key %s",keystr(keyrec->desc.u.kid));
       break;
 
-      /* If it gave us a PGP 2.x fingerprint, not much we can do
-	 beyond displaying it. */
-    case KEYDB_SEARCH_MODE_FPR16:
-      es_printf ("key ");
-      for(i=0;i<16;i++)
-	es_printf ("%02X",keyrec->desc.u.fpr[i]);
-      break;
-
-      /* If we get a modern fingerprint, we have the most
-	 flexibility. */
-    case KEYDB_SEARCH_MODE_FPR20:
+    case KEYDB_SEARCH_MODE_FPR:
       {
 	u32 kid[2];
-	keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr,20,kid);
+	keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr, keyrec->desc.fprlen,
+                                kid);
 	es_printf("key %s",keystr(kid));
       }
       break;
@@ -436,8 +600,7 @@ parse_keyrec(char *keystring)
       err = classify_user_id (tok, &work->desc, 1);
       if (err || (work->desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
                   && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
-                  && work->desc.mode != KEYDB_SEARCH_MODE_FPR16
-                  && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
+                  && work->desc.mode != KEYDB_SEARCH_MODE_FPR))
 	{
 	  work->desc.mode=KEYDB_SEARCH_MODE_NONE;
 	  return ret;
@@ -818,8 +981,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
       err = classify_user_id (users->d, &desc, 1);
       if (err || (desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
                   && desc.mode != KEYDB_SEARCH_MODE_LONG_KID
-                  && desc.mode != KEYDB_SEARCH_MODE_FPR16
-                  && desc.mode != KEYDB_SEARCH_MODE_FPR20))
+                  && desc.mode != KEYDB_SEARCH_MODE_FPR))
 	{
 	  log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
 	  continue;
@@ -888,14 +1050,10 @@ keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
       /* Compare requested and returned fingerprints if available. */
       for (n = 0; n < ndesc; n++)
         {
-          if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
+          if (desc[n].mode == KEYDB_SEARCH_MODE_FPR)
             {
-              if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
-                return 0;
-            }
-          else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
-            {
-              if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
+              if (fpr_len == desc[n].fprlen
+                  && !memcmp (fpr, desc[n].u.fpr, desc[n].fprlen))
                 return 0;
             }
           else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
@@ -933,8 +1091,7 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
       err = classify_user_id (users->d, &desc[count], 1);
       if (err || (desc[count].mode    != KEYDB_SEARCH_MODE_SHORT_KID
                   && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
-                  && desc[count].mode != KEYDB_SEARCH_MODE_FPR16
-                  && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
+                  && desc[count].mode != KEYDB_SEARCH_MODE_FPR))
 	{
 	  log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
 	  continue;
@@ -965,16 +1122,18 @@ keyserver_any_configured (ctrl_t ctrl)
 }
 
 
-/* Import all keys that exactly match MBOX */
+/* Import all keys that exactly match NAME */
 int
-keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
+keyserver_import_name (ctrl_t ctrl, const char *name,
                        unsigned char **fpr, size_t *fprlen,
                        struct keyserver_spec *keyserver)
 {
-  KEYDB_SEARCH_DESC desc = { 0 };
+  KEYDB_SEARCH_DESC desc;
 
-  desc.mode = KEYDB_SEARCH_MODE_MAIL;
-  desc.u.name = mbox;
+  memset (&desc, 0, sizeof desc);
+
+  desc.mode = KEYDB_SEARCH_MODE_EXACT;
+  desc.u.name = name;
 
   return keyserver_get (ctrl, &desc, 1, keyserver, 0, fpr, fprlen);
 }
@@ -996,42 +1155,29 @@ keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
 
 
 int
-keyserver_import_fprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len,
-			 struct keyserver_spec *keyserver,
-                         unsigned int flags)
+keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
+			 struct keyserver_spec *keyserver, int quick)
 {
   KEYDB_SEARCH_DESC desc;
 
-  memset (&desc, 0, sizeof(desc));
+  memset(&desc,0,sizeof(desc));
 
-  if(fprint_len==16)
-    desc.mode=KEYDB_SEARCH_MODE_FPR16;
-  else if(fprint_len==20)
-    desc.mode=KEYDB_SEARCH_MODE_FPR20;
+  if (fprint_len == 16 || fprint_len == 20 || fprint_len == 32)
+    desc.mode = KEYDB_SEARCH_MODE_FPR;
   else
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  memcpy (desc.u.fpr, fprint, fprint_len);
-
-  return keyserver_get (ctrl, &desc, 1, keyserver, flags, NULL, NULL);
-}
+    return -1;
 
+  memcpy(desc.u.fpr,fprint,fprint_len);
+  desc.fprlen = fprint_len;
 
-int
-keyserver_import_fprint_ntds (ctrl_t ctrl,
-                              const byte *fprint, size_t fprint_len)
-{
-  struct keyserver_spec keyserver = { NULL, "ldap:///" };
-
-  return keyserver_import_fprint (ctrl, fprint, fprint_len,
-                                  &keyserver, KEYSERVER_IMPORT_FLAG_LDAP);
+  /* TODO: Warn here if the fingerprint we got doesn't match the one
+     we asked for? */
+  return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL);
 }
 
-
 int
 keyserver_import_keyid (ctrl_t ctrl,
-                        u32 *keyid,struct keyserver_spec *keyserver,
-                        unsigned int flags)
+                        u32 *keyid,struct keyserver_spec *keyserver, int quick)
 {
   KEYDB_SEARCH_DESC desc;
 
@@ -1041,14 +1187,14 @@ keyserver_import_keyid (ctrl_t ctrl,
   desc.u.kid[0]=keyid[0];
   desc.u.kid[1]=keyid[1];
 
-  return keyserver_get (ctrl, &desc, 1, keyserver, flags, NULL, NULL);
+  return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL);
 }
 
 
 /* code mostly stolen from do_export_stream */
 static int
 keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
-           int *count)
+           int *count, int fakev3)
 {
   int rc = 0;
   int num = 100;
@@ -1063,7 +1209,7 @@ keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
 
   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
 
-  kdbhd = keydb_new ();
+  kdbhd = keydb_new (ctrl);
   if (!kdbhd)
     {
       rc = gpg_error_from_syserror ();
@@ -1113,24 +1259,47 @@ keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
 
       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
 	{
+	  /* This is to work around a bug in some keyservers (pksd and
+             OKS) that calculate v4 RSA keyids as if they were v3 RSA.
+             The answer is to refresh both the correct v4 keyid
+             (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
+             This only happens for key refresh using the HKP scheme
+             and if the refresh-add-fake-v3-keyids keyserver option is
+             set. */
+	  if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
+	     node->pkt->pkt.public_key->version>=4)
+	    {
+	      (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
+	      v3_keyid (node->pkt->pkt.public_key->pkey[0],
+                        (*klist)[*count].u.kid);
+	      (*count)++;
+
+	      if(*count==num)
+		{
+		  num+=100;
+		  *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
+		}
+	    }
+
 	  /* v4 keys get full fingerprints.  v3 keys get long keyids.
              This is because it's easy to calculate any sort of keyid
              from a v4 fingerprint, but not a v3 fingerprint. */
 
-	  if(node->pkt->pkt.public_key->version<4)
+	  if (node->pkt->pkt.public_key->version < 4)
 	    {
 	      (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
 	      keyid_from_pk(node->pkt->pkt.public_key,
 			    (*klist)[*count].u.kid);
 	    }
 	  else
-	    {
-	      size_t dummy;
+            {
+	      size_t fprlen;
 
-	      (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
-	      fingerprint_from_pk(node->pkt->pkt.public_key,
-				  (*klist)[*count].u.fpr,&dummy);
-	    }
+	      fingerprint_from_pk (node->pkt->pkt.public_key,
+                                   (*klist)[*count].u.fpr, &fprlen);
+              (*klist)[*count].mode = KEYDB_SEARCH_MODE_FPR;
+              (*klist)[*count].fprlen = fprlen;
+            }
 
 	  /* This is a little hackish, using the skipfncvalue as a
 	     void* pointer to the keyserver spec, but we don't need
@@ -1203,6 +1372,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
 {
   gpg_error_t err;
   int count, numdesc;
+  int fakev3 = 0;
   KEYDB_SEARCH_DESC *desc;
   unsigned int options=opt.keyserver_options.import_options;
 
@@ -1216,8 +1386,19 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
      the end here. */
   opt.keyserver_options.import_options|=IMPORT_FAST;
 
-
-  err = keyidlist (ctrl, users, &desc, &numdesc);
+  /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
+     scheme, then enable fake v3 keyid generation.  Note that this
+     works only with a keyserver configured. gpg.conf
+     (i.e. opt.keyserver); however that method of configuring a
+     keyserver is deprecated and in any case it is questionable
+     whether we should keep on supporting these ancient and broken
+     keyservers.  */
+  if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
+     && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
+	 ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
+    fakev3=1;
+
+  err = keyidlist (ctrl, users, &desc, &numdesc, fakev3);
   if (err)
     return err;
 
@@ -1304,6 +1485,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
   if (!tokens)
     return 0;  /* Return success if no patterns are given.  */
 
+  /* Write global options */
+
+  /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
+  /*   es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
+
+  /* Write per-keyserver options */
+
+  /* for(temp=keyserver->options;temp;temp=temp->next) */
+  /*   es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
+
   {
     membuf_t mb;
     strlist_t item;
@@ -1323,6 +1514,8 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
         goto leave;
       }
   }
+  /* FIXME: Enable the next line */
+  /* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
 
   parm.ctrl = ctrl;
   if (searchstr)
@@ -1344,6 +1537,31 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
   else if (err)
     log_error ("error searching keyserver: %s\n", gpg_strerror (err));
 
+  /* switch(ret) */
+  /*   { */
+  /*   case KEYSERVER_SCHEME_NOT_FOUND: */
+  /*     log_error(_("no handler for keyserver scheme '%s'\n"), */
+  /*   	    opt.keyserver->scheme); */
+  /*     break; */
+
+  /*   case KEYSERVER_NOT_SUPPORTED: */
+  /*     log_error(_("action '%s' not supported with keyserver " */
+  /*   	      "scheme '%s'\n"), "search", opt.keyserver->scheme); */
+  /*     break; */
+
+  /*   case KEYSERVER_TIMEOUT: */
+  /*     log_error(_("keyserver timed out\n")); */
+  /*     break; */
+
+  /*   case KEYSERVER_INTERNAL_ERROR: */
+  /*   default: */
+  /*     log_error(_("keyserver internal error\n")); */
+  /*     break; */
+  /*   } */
+
+  /* return gpg_error (GPG_ERR_KEYSERVER); */
+
+
  leave:
   xfree (parm.desc);
   xfree (parm.searchstr_disp);
@@ -1361,7 +1579,7 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
                      int *r_ndesc_used,
                      import_stats_t stats_handle,
                      struct keyserver_spec *override_keyserver,
-                     unsigned int flags,
+                     int quick,
                      unsigned char **r_fpr, size_t *r_fprlen)
 
 {
@@ -1390,15 +1608,14 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
      single request will be rejected only later by gpg_dirmngr_ks_get
      but we are sure that R_NDESC_USED has been updated.  This avoids
      a possible indefinite loop.  */
-  linelen = 24; /* "KS_GET --quick --ldap --" */
+  linelen = 17; /* "KS_GET --quick --" */
   for (npat=npat_fpr=0, idx=0; idx < ndesc; idx++)
     {
       int quiet = 0;
 
-      if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
-          || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+      if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR)
         {
-          n = 1+2+2*20;
+          n = 1+2+2*desc[idx].fprlen;
           if (idx && linelen + n > MAX_KS_GET_LINELEN)
             break; /* Declare end of this chunk.  */
           linelen += n;
@@ -1409,11 +1626,9 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
           else
             {
               strcpy (pattern[npat], "0x");
-              bin2hex (desc[idx].u.fpr,
-                       desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
-                       pattern[npat]+2);
+              bin2hex (desc[idx].u.fpr, desc[idx].fprlen, pattern[npat]+2);
               npat++;
-              if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20)
+              if (desc[idx].fprlen == 20 || desc[idx].fprlen == 32)
                 npat_fpr++;
             }
         }
@@ -1501,18 +1716,23 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
 
       if (!quiet && override_keyserver)
         {
-          log_info (_("requesting key %s from %s\n"),
-                    keystr_from_desc (&desc[idx]), override_keyserver->uri);
+          if (override_keyserver->host)
+            log_info (_("requesting key %s from %s server %s\n"),
+                      keystr_from_desc (&desc[idx]),
+                      override_keyserver->scheme, override_keyserver->host);
+          else
+            log_info (_("requesting key %s from %s\n"),
+                      keystr_from_desc (&desc[idx]), override_keyserver->uri);
         }
     }
 
-  /* Remember now many of search items were considered.  Note that
+  /* Remember how many of the search items were considered.  Note that
      this is different from NPAT.  */
   *r_ndesc_used = idx;
 
   only_fprs = (npat && npat == npat_fpr);
 
-  err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver, flags,
+  err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver, quick,
                             &datastream, &source);
   for (idx=0; idx < npat; idx++)
     xfree (pattern[idx]);
@@ -1520,12 +1740,9 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
   if (opt.verbose && source)
     log_info ("data source: %s\n", source);
 
-
-
   if (!err)
     {
       struct ks_retrieval_screener_arg_s screenerarg;
-      unsigned int options;
 
       /* FIXME: Check whether this comment should be moved to dirmngr.
 
@@ -1539,18 +1756,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
          never accept or send them but we better protect against rogue
          keyservers. */
 
-      /* For LDAP servers we reset IMPORT_SELF_SIGS_ONLY unless it has
-       * been set explicitly.  */
-      options = (opt.keyserver_options.import_options | IMPORT_NO_SECKEY);
-      if (source && (!strncmp (source, "ldap:", 5)
-                     || !strncmp (source, "ldaps:", 6))
-          && !opt.flags.expl_import_self_sigs_only)
-        options &= ~IMPORT_SELF_SIGS_ONLY;
-
       screenerarg.desc = desc;
       screenerarg.ndesc = *r_ndesc_used;
       import_keys_es_stream (ctrl, datastream, stats_handle,
-                             r_fpr, r_fprlen, options,
+                             r_fpr, r_fprlen,
+                             (opt.keyserver_options.import_options
+                              | IMPORT_NO_SECKEY),
                              keyserver_retrieval_screener, &screenerarg,
                              only_fprs? KEYORG_KS : 0,
                              source);
@@ -1566,12 +1777,11 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
    (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
    exact searches.  OVERRIDE_KEYSERVER gives an optional override
    keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
-   fingerprint of a single imported key.  If the FLAG bit
-   KEYSERVER_IMPORT_FLAG_QUICK is set, dirmngr is advised to use a
-   shorter timeout. */
+   fingerprint of a single imported key.  If QUICK is set, dirmngr is
+   advised to use a shorter timeout. */
 static gpg_error_t
 keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
-               struct keyserver_spec *override_keyserver, unsigned int flags,
+               struct keyserver_spec *override_keyserver, int quick,
                unsigned char **r_fpr, size_t *r_fprlen)
 {
   gpg_error_t err;
@@ -1584,7 +1794,7 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
   for (;;)
     {
       err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
-                                 override_keyserver, flags, r_fpr, r_fprlen);
+                                 override_keyserver, quick, r_fpr, r_fprlen);
       if (!err)
         any_good = 1;
       if (err || ndesc_used >= ndesc)
@@ -1667,8 +1877,6 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin)
   strlist_t sl;
   estream_t datastream;
   unsigned int save_options = opt.keyserver_options.import_options;
-  int any_success = 0;
-  gpg_error_t firsterr = 0;
 
   /* Switch on fast-import, since fetch can handle more than one
      import and we don't want each set to rebuild the trustdb.
@@ -1692,25 +1900,13 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin)
 
           import_print_stats (stats_handle);
           import_release_stats_handle (stats_handle);
-          any_success = 1;
         }
       else
-        {
-          log_info (_("WARNING: unable to fetch URI %s: %s\n"),
-                    sl->d, gpg_strerror (err));
-          if (!firsterr)
-            firsterr = err;
-        }
+        log_info (_("WARNING: unable to fetch URI %s: %s\n"),
+                  sl->d, gpg_strerror (err));
       es_fclose (datastream);
     }
 
-  if (!urilist)
-    err = gpg_error (GPG_ERR_NO_NAME);
-  else if (any_success)
-    err = 0;
-  else
-    err = firsterr;
-
   opt.keyserver_options.import_options = save_options;
 
   /* If the original options didn't have fast import, and the trustdb
@@ -1718,7 +1914,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin)
   if (!(opt.keyserver_options.import_options&IMPORT_FAST))
     check_or_update_trustdb (ctrl);
 
-  return err;
+  return 0;
 }
 
 
@@ -1823,43 +2019,10 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
   return err;
 }
 
-/* Import key pointed to by a PKA record. Return the requested
-   fingerprint in fpr. */
-gpg_error_t
-keyserver_import_pka (ctrl_t ctrl, const char *name,
-                      unsigned char **fpr, size_t *fpr_len)
-{
-  gpg_error_t err;
-  char *url;
-
-  err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
-  if (url && *url && fpr && fpr_len)
-    {
-      /* An URL is available.  Lookup the key. */
-      struct keyserver_spec *spec;
-      spec = parse_keyserver_uri (url, 1);
-      if (spec)
-	{
-	  err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0);
-	  free_keyserver_spec (spec);
-	}
-    }
-  xfree (url);
-
-  if (err)
-    {
-      xfree(*fpr);
-      *fpr = NULL;
-      *fpr_len = 0;
-    }
-
-  return err;
-}
-
 
 /* Import a key using the Web Key Directory protocol.  */
 gpg_error_t
-keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
+keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
                       unsigned char **fpr, size_t *fpr_len)
 {
   gpg_error_t err;
@@ -1869,7 +2032,7 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
 
   /* We want to work on the mbox.  That is what dirmngr will do anyway
    * and we need the mbox for the import filter anyway.  */
-  mbox = mailbox_from_userid (name);
+  mbox = mailbox_from_userid (name, 0);
   if (!mbox)
     {
       err = gpg_error_from_syserror ();
@@ -1878,7 +2041,7 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
       return err;
     }
 
-  err = gpg_dirmngr_wkd_get (ctrl, mbox, flags, &key, &url);
+  err = gpg_dirmngr_wkd_get (ctrl, mbox, quick, &key, &url);
   if (err)
     ;
   else if (key)
diff --git a/g10/main.h b/g10/main.h
index 273ddaa..05ec8c2 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -31,7 +31,9 @@
    (i.e. uncompressed) rather than 1 (zip).  However, the real world
    issues of speed and size come into play here. */
 
-#if GPG_USE_AES128
+#if GPG_USE_AES256
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES256
+#elif GPG_USE_AES128
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
 #elif GPG_USE_CAST5
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
@@ -39,6 +41,8 @@
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
 #endif
 
+#define DEFAULT_AEAD_ALGO  AEAD_ALGO_OCB
+
 #define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 #ifdef HAVE_ZIP
@@ -107,7 +111,7 @@ void unregister_secured_file (const char *fname);
 int  is_secured_file (int fd);
 int  is_secured_filename (const char *fname);
 u16 checksum_u16( unsigned n );
-u16 checksum( byte *p, unsigned n );
+u16 checksum( const byte *p, unsigned n );
 u16 checksum_mpi( gcry_mpi_t a );
 u32 buffer_to_u32( const byte *buffer );
 const byte *get_session_marker( size_t *rlen );
@@ -122,8 +126,6 @@ enum gcry_cipher_algos map_cipher_openpgp_to_gcry (cipher_algo_t algo);
 int openpgp_cipher_blocklen (cipher_algo_t algo);
 int openpgp_cipher_test_algo(cipher_algo_t algo);
 const char *openpgp_cipher_algo_name (cipher_algo_t algo);
-const char *openpgp_cipher_algo_mode_name (cipher_algo_t algo,
-                                           aead_algo_t aead);
 
 gpg_error_t openpgp_aead_test_algo (aead_algo_t algo);
 const char *openpgp_aead_algo_name (aead_algo_t algo);
@@ -131,7 +133,6 @@ gpg_error_t openpgp_aead_algo_info (aead_algo_t algo,
                                     enum gcry_cipher_modes *r_mode,
                                     unsigned int *r_noncelen);
 
-pubkey_algo_t map_pk_gcry_to_openpgp (enum gcry_pk_algos algo);
 int openpgp_pk_test_algo (pubkey_algo_t algo);
 int openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use);
 int openpgp_pk_algo_usage ( int algo );
@@ -151,7 +152,7 @@ struct expando_args
   const byte *namehash;
 };
 
-char *pct_expando(const char *string,struct expando_args *args);
+char *pct_expando (ctrl_t ctrl, const char *string,struct expando_args *args);
 void deprecated_warning(const char *configname,unsigned int configlineno,
 			const char *option,const char *repl1,const char *repl2);
 void deprecated_command (const char *name);
@@ -159,12 +160,14 @@ void obsolete_scdaemon_option (const char *configname,
                                unsigned int configlineno, const char *name);
 
 int string_to_cipher_algo (const char *string);
+aead_algo_t string_to_aead_algo (const char *string);
 int string_to_digest_algo (const char *string);
 
 const char *compress_algo_to_string(int algo);
 int string_to_compress_algo(const char *string);
 int check_compress_algo(int algo);
 int default_cipher_algo(void);
+aead_algo_t default_aead_algo(void);
 int default_compress_algo(void);
 void compliance_failure(void);
 
@@ -206,6 +209,8 @@ void write_status_printf (int no, const char *format,
                           ...) GPGRT_ATTR_PRINTF(2,3);
 void write_status_strings (int no, const char *text,
                            ...) GPGRT_ATTR_SENTINEL(0);
+gpg_error_t write_status_strings2 (ctrl_t dummy, int no,
+                                   ...) GPGRT_ATTR_SENTINEL(0);
 void write_status_buffer ( int no,
                            const char *buffer, size_t len, int wrap );
 void write_status_text_and_buffer ( int no, const char *text,
@@ -233,7 +238,9 @@ void display_online_help( const char *keyword );
 
 /*-- encode.c --*/
 gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
-void encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey);
+gpg_error_t encrypt_seskey (DEK *dek, aead_algo_t aead_algo, DEK **r_seskey,
+                            void **r_enckey, size_t *r_enckeylen);
+aead_algo_t use_aead (pk_list_t pk_list, int algo);
 int use_mdc (pk_list_t pk_list,int algo);
 int encrypt_symmetric (const char *filename );
 int encrypt_store (const char *filename );
@@ -334,7 +341,7 @@ gpg_error_t generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock,
 int overwrite_filep( const char *fname );
 char *make_outfile_name( const char *iname );
 char *ask_outfile_name( const char *name, size_t namelen );
-int open_outfile (int inp_fd, const char *iname, int mode,
+int open_outfile (int out_fd, const char *iname, int mode,
                   int restrictedperm, iobuf_t *a);
 char *get_matching_datafile (const char *sigfilename);
 iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx);
@@ -390,7 +397,8 @@ gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
                                   kbnode_t sec_keyblock, int batch, int force,
                                   int only_marked);
 
-int collapse_uids( KBNODE *keyblock );
+int collapse_uids (kbnode_t *keyblock);
+int collapse_subkeys (kbnode_t *keyblock);
 
 int get_revocation_reason (PKT_signature *sig, char **r_reason,
                            char **r_comment, size_t *r_commentlen);
@@ -471,9 +479,10 @@ void show_keyserver_url(PKT_signature *sig,int indent,int mode);
 void show_notation(PKT_signature *sig,int indent,int mode,int which);
 void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk);
 void set_attrib_fd(int fd);
-char *format_seckey_info (ctrl_t ctrl, PKT_public_key *pk);
-void print_seckey_info (ctrl_t ctrl, PKT_public_key *pk);
-void print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk);
+void print_key_info (ctrl_t ctrl, estream_t fp, int indent,
+                     PKT_public_key *pk, int secret);
+void print_key_info_log (ctrl_t ctrl, int loglevel, int indent,
+                     PKT_public_key *pk, int secret);
 void print_card_key_info (estream_t fp, KBNODE keyblock);
 void print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret);
 
@@ -509,8 +518,6 @@ gpg_error_t  card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock);
 int  card_store_subkey (KBNODE node, int use);
 #endif
 
-#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
-
 /*-- migrate.c --*/
 void migrate_secring (ctrl_t ctrl);
 
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 63e39ff..a75755e 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -47,25 +47,6 @@
 #define MAX_NESTING_DEPTH 32
 
 
-/* An object to build a list of keyid related info.  */
-struct kidlist_item
-{
-  struct kidlist_item *next;
-  u32 kid[2];
-  int pubkey_algo;
-  int reason;
-};
-
-/* An object to build a list of symkey packet info.  */
-struct symlist_item
-{
-  struct symlist_item *next;
-  int cipher_algo;
-  int cfb_mode;
-  int other_error;
-};
-
-
 /*
  * Object to hold the processing context.
  */
@@ -105,10 +86,8 @@ struct mainproc_context
   iobuf_t iobuf;    /* Used to get the filename etc. */
   int trustletter;  /* Temporary usage in list_node. */
   ulong symkeys;    /* Number of symmetrically encrypted session keys.  */
-  struct kidlist_item *pkenc_list; /* List of encryption packets. */
-  struct symlist_item *symenc_list; /* List of sym. encryption packets. */
+  struct pubkey_enc_list *pkenc_list; /* List of encryption packets. */
   int seen_pkt_encrypted_aead; /* PKT_ENCRYPTED_AEAD packet seen. */
-  int seen_pkt_encrypted_mdc;  /* PKT_ENCRYPTED_MDC packet seen. */
   struct {
     unsigned int sig_seen:1;      /* Set to true if a signature packet
                                      has been seen. */
@@ -125,7 +104,7 @@ static int literals_seen;
 
 
 /*** Local prototypes.  ***/
-static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
+static int do_proc_packets (CTX c, iobuf_t a);
 static void list_node (CTX c, kbnode_t node);
 static void proc_tree (CTX c, kbnode_t node);
 
@@ -148,24 +127,19 @@ release_list( CTX c )
   release_kbnode (c->list);
   while (c->pkenc_list)
     {
-      struct kidlist_item *tmp = c->pkenc_list->next;
+      struct pubkey_enc_list *tmp = c->pkenc_list->next;
+
+      mpi_release (c->pkenc_list->data[0]);
+      mpi_release (c->pkenc_list->data[1]);
       xfree (c->pkenc_list);
       c->pkenc_list = tmp;
     }
   c->pkenc_list = NULL;
-  while (c->symenc_list)
-    {
-      struct symlist_item *tmp = c->symenc_list->next;
-      xfree (c->symenc_list);
-      c->symenc_list = tmp;
-    }
-  c->symenc_list = NULL;
   c->list = NULL;
   c->any.data = 0;
   c->any.uncompress_failed = 0;
   c->last_was_session_key = 0;
   c->seen_pkt_encrypted_aead = 0;
-  c->seen_pkt_encrypted_mdc = 0;
   xfree (c->dek);
   c->dek = NULL;
 }
@@ -273,14 +247,13 @@ add_signature (CTX c, PACKET *pkt)
   return 1;
 }
 
-
 static gpg_error_t
 symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
 {
   gpg_error_t err;
   gcry_cipher_hd_t hd;
-  enum gcry_cipher_modes ciphermode;
   unsigned int noncelen, keylen;
+  enum gcry_cipher_modes ciphermode;
 
   if (dek->use_aead)
     {
@@ -304,7 +277,7 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
       return gpg_error (GPG_ERR_BAD_KEY);
     }
 
-  err = openpgp_cipher_open (&hd, dek->algo, ciphermode, 1);
+  err = openpgp_cipher_open (&hd, dek->algo, ciphermode, GCRY_CIPHER_SECURE);
   if (!err)
     err = gcry_cipher_setkey (hd, dek->key, dek->keylen);
   if (!err)
@@ -343,8 +316,7 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
     }
   else
     {
-      gcry_cipher_decrypt (hd, seskey, slen, NULL, 0);
-
+      gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 );
       /* Here we can only test whether the algo given in decrypted
        * session key is a valid OpenPGP algo.  With 11 defined
        * symmetric algorithms we will miss 4.3% of wrong passphrases
@@ -370,7 +342,7 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
           goto leave;
         }
       dek->algo = seskey[0];
-      dek->keylen = slen-1;
+      dek->keylen = keylen;
       memcpy (dek->key, seskey + 1, dek->keylen);
     }
 
@@ -378,7 +350,7 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
 
  leave:
   gcry_cipher_close (hd);
-  return 0;
+  return err;
 }
 
 
@@ -402,18 +374,15 @@ proc_symkey_enc (CTX c, PACKET *pkt)
         {
           if (!opt.quiet)
             {
-              /* Note: TMPSTR is only used to avoid i18n changes.  */
-              char *tmpstr = xstrconcat (s, ".", a, NULL);
               if (enc->seskeylen)
-                log_info (_("%s encrypted session key\n"), tmpstr);
+                log_info (_("%s.%s encrypted session key\n"), s, a );
               else
-                log_info (_("%s encrypted data\n"), tmpstr);
-              xfree (tmpstr);
+                log_info (_("%s.%s encrypted data\n"), s, a );
             }
         }
       else
         {
-          log_error (_("encrypted with unknown algorithm %d\n"), algo);
+          log_error (_("encrypted with unknown algorithm %d.%s\n"), algo, a);
           s = NULL; /* Force a goto leave.  */
         }
 
@@ -439,8 +408,7 @@ proc_symkey_enc (CTX c, PACKET *pkt)
         }
       else
         {
-          c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL,
-                                      GETPASSWORD_FLAG_SYMDECRYPT, NULL);
+          c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL, NULL);
           if (c->dek)
             {
               c->dek->symmetric = 1;
@@ -464,12 +432,8 @@ proc_symkey_enc (CTX c, PACKET *pkt)
                                  gpg_strerror (err));
                       if (gpg_err_code (err) != GPG_ERR_BAD_KEY
                           && gpg_err_code (err) != GPG_ERR_CHECKSUM)
-                        log_fatal ("process terminated to be bug compatible\n");
-                      else
-                        write_status_text (STATUS_ERROR,
-                                           "symkey_decrypt.maybe_error"
-                                           " 11_BAD_PASSPHRASE");
-
+                        log_fatal ("process terminated to be bug compatible"
+                                   " with GnuPG <= 2.2\n");
                       if (c->dek->s2k_cacheid[0])
                         {
                           if (opt.debug)
@@ -488,30 +452,15 @@ proc_symkey_enc (CTX c, PACKET *pkt)
     }
 
  leave:
-  /* Record infos from the packet.  */
-  {
-    struct symlist_item  *symitem;
-    symitem = xcalloc (1, sizeof *symitem);
-    if (enc)
-      {
-        symitem->cipher_algo = enc->cipher_algo;
-        symitem->cfb_mode = !enc->aead_algo;
-      }
-    else
-      symitem->other_error = 1;
-    symitem->next = c->symenc_list;
-    c->symenc_list = symitem;
-  }
   c->symkeys++;
   free_packet (pkt, NULL);
 }
 
 
 static void
-proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
+proc_pubkey_enc (CTX c, PACKET *pkt)
 {
   PKT_pubkey_enc *enc;
-  int result = 0;
 
   /* Check whether the secret key is available and store in this case.  */
   c->last_was_session_key = 1;
@@ -522,81 +471,30 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
   if (opt.verbose)
     log_info (_("public key is %s\n"), keystr (enc->keyid));
 
-  if (is_status_enabled())
+  if (is_status_enabled ())
     {
       char buf[50];
-      /* FIXME: For ECC support we need to map the OpenPGP algo number
-         to the Libgcrypt defined one.  This is due a chicken-egg
-         problem: We need to have code in Libgcrypt for a new
-         algorithm so to implement a proposed new algorithm before the
-         IANA will finally assign an OpenPGP identifier.  */
       snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
-		(ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
+                (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
       write_status_text (STATUS_ENC_TO, buf);
     }
 
-  if (!opt.list_only && opt.override_session_key)
+  if (!opt.list_only && !opt.override_session_key)
     {
-      /* It does not make much sense to store the session key in
-       * secure memory because it has already been passed on the
-       * command line and the GCHQ knows about it.  */
-      c->dek = xmalloc_clear (sizeof *c->dek);
-      result = get_override_session_key (c->dek, opt.override_session_key);
-      if (result)
-        {
-          xfree (c->dek);
-          c->dek = NULL;
-	}
-    }
-  else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
-           || enc->pubkey_algo == PUBKEY_ALGO_ECDH
-           || enc->pubkey_algo == PUBKEY_ALGO_RSA
-           || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
-           || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
-    {
-      /* Note that we also allow type 20 Elgamal keys for decryption.
-         There are still a couple of those keys in active use as a
-         subkey.  */
-
-      /* FIXME: Store this all in a list and process it later so that
-         we can prioritize what key to use.  This gives a better user
-         experience if wildcard keyids are used.  */
-      if  (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
-                       || opt.try_all_secrets
-                       || have_secret_key_with_kid (enc->keyid)))
-        {
-          if(opt.list_only)
-            result = GPG_ERR_MISSING_ACTION; /* fixme: Use better error code. */
-          else
-            {
-              c->dek = xmalloc_secure_clear (sizeof *c->dek);
-              if ((result = get_session_key (ctrl, enc, c->dek)))
-                {
-                  /* Error: Delete the DEK. */
-                  xfree (c->dek);
-                  c->dek = NULL;
-		}
-	    }
-	}
-      else
-        result = GPG_ERR_NO_SECKEY;
-    }
-  else
-    result = GPG_ERR_PUBKEY_ALGO;
+      struct pubkey_enc_list *x = xmalloc (sizeof *x);
 
-  if (1)
-    {
-      /* Store it for later display.  */
-      struct kidlist_item *x = xmalloc (sizeof *x);
-      x->kid[0] = enc->keyid[0];
-      x->kid[1] = enc->keyid[1];
+      x->keyid[0] = enc->keyid[0];
+      x->keyid[1] = enc->keyid[1];
       x->pubkey_algo = enc->pubkey_algo;
-      x->reason = result;
+      x->result = -1;
+      x->data[0] = x->data[1] = NULL;
+      if (enc->data[0])
+        {
+          x->data[0] = mpi_copy (enc->data[0]);
+          x->data[1] = mpi_copy (enc->data[1]);
+        }
       x->next = c->pkenc_list;
       c->pkenc_list = x;
-
-      if (!result && opt.verbose > 1)
-        log_info (_("public key encrypted data: good DEK\n"));
     }
 
   free_packet(pkt, NULL);
@@ -608,63 +506,34 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
  * not decrypt.
  */
 static void
-print_pkenc_list (ctrl_t ctrl, struct kidlist_item *list, int failed)
+print_pkenc_list (ctrl_t ctrl, struct pubkey_enc_list *list)
 {
   for (; list; list = list->next)
     {
       PKT_public_key *pk;
-      const char *algstr;
-
-      if (failed && !list->reason)
-        continue;
-      if (!failed && list->reason)
-        continue;
+      char pkstrbuf[PUBKEY_STRING_SIZE];
+      char *p;
 
-      algstr = openpgp_pk_algo_name (list->pubkey_algo);
       pk = xmalloc_clear (sizeof *pk);
 
-      if (!algstr)
-        algstr = "[?]";
       pk->pubkey_algo = list->pubkey_algo;
-      if (!get_pubkey (ctrl, pk, list->kid))
+      if (!get_pubkey (ctrl, pk, list->keyid))
         {
-          char *p;
-          log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
-                    nbits_from_pk (pk), algstr, keystr_from_pk(pk),
+          pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
+
+          log_info (_("encrypted with %s key, ID %s, created %s\n"),
+                    pkstrbuf, keystr_from_pk (pk),
                     strtimestamp (pk->timestamp));
-          p = get_user_id_native (ctrl, list->kid);
+          p = get_user_id_native (ctrl, list->keyid);
           log_printf (_("      \"%s\"\n"), p);
           xfree (p);
         }
       else
         log_info (_("encrypted with %s key, ID %s\n"),
-                  algstr, keystr(list->kid));
+                  openpgp_pk_algo_name (list->pubkey_algo),
+                  keystr(list->keyid));
 
       free_public_key (pk);
-
-      if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
-        {
-          if (is_status_enabled())
-            {
-              char buf[20];
-              snprintf (buf, sizeof buf, "%08lX%08lX",
-                        (ulong)list->kid[0], (ulong)list->kid[1]);
-              write_status_text (STATUS_NO_SECKEY, buf);
-	    }
-	}
-      else if (gpg_err_code (list->reason) == GPG_ERR_MISSING_ACTION)
-        {
-          /* Not tested for secret key due to --list-only mode.  */
-        }
-      else if (list->reason)
-        {
-          log_info (_("public key decryption failed: %s\n"),
-                    gpg_strerror (list->reason));
-          if (gpg_err_source (list->reason) == GPG_ERR_SOURCE_SCD
-              && gpg_err_code (list->reason) == GPG_ERR_INV_ID)
-            print_further_info ("a reason might be a card with replaced keys");
-          write_status_error ("pkdecrypt_failed", list->reason);
-        }
     }
 }
 
@@ -674,12 +543,9 @@ proc_encrypted (CTX c, PACKET *pkt)
 {
   int result = 0;
   int early_plaintext = literals_seen;
-  unsigned int compliance_de_vs = 0;
 
   if (pkt->pkttype == PKT_ENCRYPTED_AEAD)
     c->seen_pkt_encrypted_aead = 1;
-  if (pkt->pkttype == PKT_ENCRYPTED_MDC)
-    c->seen_pkt_encrypted_mdc = 1;
 
   if (early_plaintext)
     {
@@ -694,11 +560,57 @@ proc_encrypted (CTX c, PACKET *pkt)
         log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
       else if (c->symkeys == 1)
         log_info (_("encrypted with 1 passphrase\n"));
-      print_pkenc_list (c->ctrl, c->pkenc_list, 1 );
-      print_pkenc_list (c->ctrl, c->pkenc_list, 0 );
+      print_pkenc_list (c->ctrl, c->pkenc_list);
+    }
+
+  /* Figure out the session key by looking at all pkenc packets. */
+  if (opt.list_only || c->dek)
+    ;
+  else if (opt.override_session_key)
+    {
+      c->dek = xmalloc_clear (sizeof *c->dek);
+      result = get_override_session_key (c->dek, opt.override_session_key);
+      if (result)
+        {
+          xfree (c->dek);
+          c->dek = NULL;
+          log_info (_("public key decryption failed: %s\n"),
+                    gpg_strerror (result));
+          write_status_error ("pkdecrypt_failed", result);
+        }
     }
+  else if (c->pkenc_list)
+    {
+      c->dek = xmalloc_secure_clear (sizeof *c->dek);
+      result = get_session_key (c->ctrl, c->pkenc_list, c->dek);
+      if (is_status_enabled ())
+        {
+          struct pubkey_enc_list *list;
 
-  /* FIXME: Figure out the session key by looking at all pkenc packets. */
+          for (list = c->pkenc_list; list; list = list->next)
+            if (list->result && list->result != -1)
+              {
+                char buf[20];
+                snprintf (buf, sizeof buf, "%08lX%08lX",
+                          (ulong)list->keyid[0], (ulong)list->keyid[1]);
+                write_status_text (STATUS_NO_SECKEY, buf);
+              }
+        }
+
+      if (result)
+        {
+          log_info (_("public key decryption failed: %s\n"),
+                    gpg_strerror (result));
+          write_status_error ("pkdecrypt_failed", result);
+
+          /* Error: Delete the DEK. */
+          xfree (c->dek);
+          c->dek = NULL;
+        }
+    }
+
+  if (c->dek && opt.verbose > 1)
+    log_info (_("public key encrypted data: good DEK\n"));
 
   write_status (STATUS_BEGIN_DECRYPTION);
 
@@ -751,8 +663,7 @@ proc_encrypted (CTX c, PACKET *pkt)
               log_info (_("assuming %s encrypted data\n"), "IDEA");
             }
 
-          c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL,
-                                      GETPASSWORD_FLAG_SYMDECRYPT, &canceled);
+          c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL, &canceled);
           if (c->dek)
             c->dek->algo_info_printed = 1;
           else if (canceled)
@@ -762,10 +673,18 @@ proc_encrypted (CTX c, PACKET *pkt)
         }
     }
   else if (!c->dek)
-    result = GPG_ERR_NO_SECKEY;
+    {
+      if (c->symkeys && !c->pkenc_list)
+        result = gpg_error (GPG_ERR_BAD_KEY);
+
+      if (!result)
+        result = gpg_error (GPG_ERR_NO_SECKEY);
+    }
 
   /* Compute compliance with CO_DE_VS.  */
   if (!result && is_status_enabled ()
+      /* Symmetric encryption and asymmetric encryption voids compliance.  */
+      && (c->symkeys != !!c->pkenc_list )
       /* Overriding session key voids compliance.  */
       && !opt.override_session_key
       /* Check symmetric cipher.  */
@@ -773,32 +692,20 @@ proc_encrypted (CTX c, PACKET *pkt)
       && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo,
                                     GCRY_CIPHER_MODE_CFB))
     {
-      struct kidlist_item *i;
-      struct symlist_item *si;
+      struct pubkey_enc_list *i;
       int compliant = 1;
       PKT_public_key *pk = xmalloc (sizeof *pk);
 
       if ( !(c->pkenc_list || c->symkeys) )
         log_debug ("%s: where else did the session key come from?\n", __func__);
 
-      /* Check that all seen symmetric key packets use compliant
-       * algos.  This is so that no non-compliant encrypted session
-       * key can be sneaked in.  */
-      for (si = c->symenc_list; si && compliant; si = si->next)
-        {
-          if (!si->cfb_mode
-              || !gnupg_cipher_is_compliant (CO_DE_VS, si->cipher_algo,
-                                             GCRY_CIPHER_MODE_CFB))
-            compliant = 0;
-        }
-
-      /* Check that every public key used to encrypt the session key
-       * is compliant.  */
+      /* Now check that every key used to encrypt the session key is
+       * compliant.  */
       for (i = c->pkenc_list; i && compliant; i = i->next)
         {
           memset (pk, 0, sizeof *pk);
           pk->pubkey_algo = i->pubkey_algo;
-          if (get_pubkey (c->ctrl, pk, i->kid) != 0
+          if (get_pubkey (c->ctrl, pk, i->keyid) != 0
               || ! gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0,
                                           pk->pkey, nbits_from_pk (pk), NULL))
             compliant = 0;
@@ -808,18 +715,14 @@ proc_encrypted (CTX c, PACKET *pkt)
       xfree (pk);
 
       if (compliant)
-        compliance_de_vs |= 1;
-    }
+        write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
+                              gnupg_status_compliance_flag (CO_DE_VS),
+                              NULL);
 
+    }
 
   if (!result)
-    {
-      int compl_error;
-      result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek,
-                             &compl_error);
-      if (!result && !compl_error)
-        compliance_de_vs |= 2;
-    }
+    result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
 
   /* Trigger the deferred error.  */
   if (!result && early_plaintext)
@@ -832,10 +735,10 @@ proc_encrypted (CTX c, PACKET *pkt)
            && !pkt->pkt.encrypted->mdc_method
            && !pkt->pkt.encrypted->aead_algo)
     {
-      /* The message has been decrypted but does not carry an MDC.
-       * The option --ignore-mdc-error has also not been used.  To
-       * avoid attacks changing an MDC message to a non-MDC message,
-       * we fail here.  */
+      /* The message has been decrypted but does not carry an MDC or
+       * uses AEAD encryption.  --ignore-mdc-error has also not been
+       * used.  To avoid attacks changing an MDC message to a non-MDC
+       * message, we fail here.  */
       log_error (_("WARNING: message was not integrity protected\n"));
       if (!pkt->pkt.encrypted->mdc_method
           && (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8
@@ -846,7 +749,7 @@ proc_encrypted (CTX c, PACKET *pkt)
            * are rare in practice we print a hint on how to decrypt
            * such messages.  */
           log_string
-            (GPGRT_LOG_INFO,
+            (GPGRT_LOGLVL_INFO,
              _("Hint: If this message was created before the year 2003 it is\n"
                "likely that this message is legitimate.  This is because back\n"
                "then integrity protection was not widely used.\n"));
@@ -870,15 +773,9 @@ proc_encrypted (CTX c, PACKET *pkt)
         log_info(_("decryption okay\n"));
 
       if (pkt->pkt.encrypted->aead_algo)
-        {
-          write_status (STATUS_GOODMDC);
-          compliance_de_vs |= 4;
-        }
+        write_status (STATUS_GOODMDC);
       else if (pkt->pkt.encrypted->mdc_method && !result)
-        {
-          write_status (STATUS_GOODMDC);
-          compliance_de_vs |= 4;
-        }
+        write_status (STATUS_GOODMDC);
       else
         log_info (_("WARNING: message was not integrity protected\n"));
     }
@@ -892,22 +789,15 @@ proc_encrypted (CTX c, PACKET *pkt)
     }
   else
     {
-      if (gpg_err_code (result) == GPG_ERR_BAD_KEY
-          || gpg_err_code (result) == GPG_ERR_CHECKSUM
-          || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
+      if ((gpg_err_code (result) == GPG_ERR_BAD_KEY
+	   || gpg_err_code (result) == GPG_ERR_CHECKSUM
+	   || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
+          && c->dek && *c->dek->s2k_cacheid != '\0')
         {
-          if (c->symkeys)
-            write_status_text (STATUS_ERROR,
-                               "symkey_decrypt.maybe_error"
-                               " 11_BAD_PASSPHRASE");
-
-          if (*c->dek->s2k_cacheid != '\0')
-            {
-              if (opt.debug)
-                log_debug ("cleared passphrase cached with ID: %s\n",
-                           c->dek->s2k_cacheid);
-              passphrase_clear_cache (c->dek->s2k_cacheid);
-            }
+          if (opt.debug)
+            log_debug ("cleared passphrase cached with ID: %s\n",
+                       c->dek->s2k_cacheid);
+          passphrase_clear_cache (c->dek->s2k_cacheid);
         }
       glo_ctrl.lasterr = result;
       write_status (STATUS_DECRYPTION_FAILED);
@@ -916,16 +806,6 @@ proc_encrypted (CTX c, PACKET *pkt)
        * ways to specify the session key (symmmetric and PK). */
     }
 
-
-  /* If we concluded that the decryption was compliant, issue a
-   * compliance status before the end of the decryption status.  */
-  if (compliance_de_vs == (4|2|1))
-    {
-      write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
-                            gnupg_status_compliance_flag (CO_DE_VS),
-                            NULL);
-    }
-
   xfree (c->dek);
   c->dek = NULL;
   free_packet (pkt, NULL);
@@ -937,20 +817,11 @@ proc_encrypted (CTX c, PACKET *pkt)
    * a misplace extra literal data packets follows after this
    * encrypted packet.  */
   literals_seen++;
-
-  /* The --require-compliance option allows to simplify decryption in
-   * de-vs compliance mode by just looking at the exit status.  */
-  if (opt.flags.require_compliance
-      && opt.compliance == CO_DE_VS
-      && compliance_de_vs != (4|2|1))
-    {
-      compliance_failure ();
-    }
 }
 
 
 static int
-have_seen_pkt_encrypted_aead_or_mdc( CTX c )
+have_seen_pkt_encrypted_aead( CTX c )
 {
   CTX cc;
 
@@ -958,8 +829,6 @@ have_seen_pkt_encrypted_aead_or_mdc( CTX c )
     {
       if (cc->seen_pkt_encrypted_aead)
 	return 1;
-      if (cc->seen_pkt_encrypted_mdc)
-	return 1;
     }
 
   return 0;
@@ -972,8 +841,10 @@ proc_plaintext( CTX c, PACKET *pkt )
   PKT_plaintext *pt = pkt->pkt.plaintext;
   int any, clearsig, rc;
   kbnode_t n;
+  unsigned char *extrahash;
+  size_t extrahashlen;
 
-  /* This is a literal data packet.  Bumb a counter for later checks.  */
+  /* This is a literal data packet.  Bump a counter for later checks.  */
   literals_seen++;
 
   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
@@ -1041,7 +912,7 @@ proc_plaintext( CTX c, PACKET *pkt )
         }
     }
 
-  if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead_or_mdc(c))
+  if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead(c))
     {
       /* This is for the old GPG LITERAL+SIG case.  It's not legal
          according to 2440, so hopefully it won't come up that often.
@@ -1063,12 +934,9 @@ proc_plaintext( CTX c, PACKET *pkt )
     {
       log_info (_("WARNING: multiple plaintexts seen\n"));
 
-      if (!opt.flags.allow_multiple_messages)
-        {
-          write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
-          log_inc_errorcount ();
-          rc = gpg_error (GPG_ERR_UNEXPECTED);
-        }
+      write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+      log_inc_errorcount ();
+      rc = gpg_error (GPG_ERR_UNEXPECTED);
     }
 
   if (!rc)
@@ -1090,12 +958,37 @@ proc_plaintext( CTX c, PACKET *pkt )
   if (rc)
     log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
 
+  /* We add a marker control packet instead of the plaintext packet.
+   * This is so that we can later detect invalid packet sequences.
+   * The packet is further used to convey extra data from the
+   * plaintext packet to the signature verification. */
+  extrahash = xtrymalloc (6 + pt->namelen);
+  if (!extrahash)
+    {
+      /* No way to return an error.  */
+      rc = gpg_error_from_syserror ();
+      log_error ("malloc failed in %s: %s\n", __func__, gpg_strerror (rc));
+      extrahashlen = 0;
+    }
+  else
+    {
+      extrahash[0] = pt->mode;
+      extrahash[1] = pt->namelen;
+      if (pt->namelen)
+        memcpy (extrahash+2, pt->name, pt->namelen);
+      extrahashlen = 2 + pt->namelen;
+      extrahash[extrahashlen++] = pt->timestamp >> 24;
+      extrahash[extrahashlen++] = pt->timestamp >> 16;
+      extrahash[extrahashlen++] = pt->timestamp >>  8;
+      extrahash[extrahashlen++] = pt->timestamp      ;
+    }
+
   free_packet (pkt, NULL);
   c->last_was_session_key = 0;
 
-  /* We add a marker control packet instead of the plaintext packet.
-   * This is so that we can later detect invalid packet sequences.  */
-  n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
+  n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK,
+                                      extrahash, extrahashlen));
+  xfree (extrahash);
   if (c->list)
     add_kbnode (c->list, n);
   else
@@ -1167,7 +1060,7 @@ proc_compressed (CTX c, PACKET *pkt)
  * signature or an error code
  */
 static int
-do_check_sig (CTX c, kbnode_t node,
+do_check_sig (CTX c, kbnode_t node, const void *extrahash, size_t extrahashlen,
               PKT_public_key *forced_pk, int *is_selfsig,
 	      int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
 {
@@ -1254,7 +1147,7 @@ do_check_sig (CTX c, kbnode_t node,
 
   /* We only get here if we are checking the signature of a binary
      (0x00) or text document (0x01).  */
-  rc = check_signature2 (c->ctrl, sig, md,
+  rc = check_signature2 (c->ctrl, sig, md, extrahash, extrahashlen,
                          forced_pk,
                          NULL, is_expkey, is_revkey, r_pk);
   if (! rc)
@@ -1263,7 +1156,7 @@ do_check_sig (CTX c, kbnode_t node,
     {
       PKT_public_key *pk2;
 
-      rc = check_signature2 (c->ctrl, sig, md2,
+      rc = check_signature2 (c->ctrl, sig, md2, extrahash, extrahashlen,
                              forced_pk,
                              NULL, is_expkey, is_revkey,
                              r_pk? &pk2 : NULL);
@@ -1428,7 +1321,8 @@ list_node (CTX c, kbnode_t node)
       if (opt.check_sigs)
         {
           fflush (stdout);
-          rc2 = do_check_sig (c, node, NULL, &is_selfsig, NULL, NULL, NULL);
+          rc2 = do_check_sig (c, node, NULL, 0, NULL,
+                              &is_selfsig, NULL, NULL, NULL);
           switch (gpg_err_code (rc2))
             {
             case 0:		          sigrc = '!'; break;
@@ -1510,7 +1404,7 @@ proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
 
   c->ctrl = ctrl;
   c->anchor = anchor;
-  rc = do_proc_packets (ctrl, c, a);
+  rc = do_proc_packets (c, a);
   xfree (c);
 
   return rc;
@@ -1533,7 +1427,7 @@ proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
   c->signed_data.used = !!signedfiles;
 
   c->sigfilename = sigfilename;
-  rc = do_proc_packets (ctrl, c, a);
+  rc = do_proc_packets (c, a);
 
   /* If we have not encountered any signature we print an error
      messages, send a NODATA status back and return an error code.
@@ -1576,7 +1470,7 @@ proc_signature_packets_by_fd (ctrl_t ctrl,
   c->signed_data.data_names = NULL;
   c->signed_data.used = (signed_data_fd != -1);
 
-  rc = do_proc_packets (ctrl, c, a);
+  rc = do_proc_packets (c, a);
 
   /* If we have not encountered any signature we print an error
      messages, send a NODATA status back and return an error code.
@@ -1609,7 +1503,7 @@ proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
   c->ctrl = ctrl;
   c->anchor = anchor;
   c->encrypt_only = 1;
-  rc = do_proc_packets (ctrl, c, a);
+  rc = do_proc_packets (c, a);
   xfree (c);
   return rc;
 }
@@ -1635,7 +1529,7 @@ check_nesting (CTX c)
 
 
 static int
-do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
+do_proc_packets (CTX c, iobuf_t a)
 {
   PACKET *pkt;
   struct parse_packet_ctx_s parsectx;
@@ -1669,7 +1563,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
         {
           switch (pkt->pkttype)
             {
-            case PKT_PUBKEY_ENC:    proc_pubkey_enc (ctrl, c, pkt); break;
+            case PKT_PUBKEY_ENC:    proc_pubkey_enc (c, pkt); break;
             case PKT_SYMKEY_ENC:    proc_symkey_enc (c, pkt); break;
             case PKT_ENCRYPTED:
             case PKT_ENCRYPTED_MDC:
@@ -1715,7 +1609,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
 
             case PKT_SIGNATURE:   newpkt = add_signature (c, pkt); break;
             case PKT_SYMKEY_ENC:  proc_symkey_enc (c, pkt); break;
-            case PKT_PUBKEY_ENC:  proc_pubkey_enc (ctrl, c, pkt); break;
+            case PKT_PUBKEY_ENC:  proc_pubkey_enc (c, pkt); break;
             case PKT_ENCRYPTED:
             case PKT_ENCRYPTED_MDC:
             case PKT_ENCRYPTED_AEAD: proc_encrypted (c, pkt); break;
@@ -1742,7 +1636,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
               break;
             case PKT_USER_ID:     newpkt = add_user_id (c, pkt); break;
             case PKT_SIGNATURE:   newpkt = add_signature (c, pkt); break;
-            case PKT_PUBKEY_ENC:  proc_pubkey_enc (ctrl, c, pkt); break;
+            case PKT_PUBKEY_ENC:  proc_pubkey_enc (c, pkt); break;
             case PKT_SYMKEY_ENC:  proc_symkey_enc (c, pkt); break;
             case PKT_ENCRYPTED:
             case PKT_ENCRYPTED_MDC:
@@ -1801,83 +1695,6 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
 }
 
 
-/* Helper for pka_uri_from_sig to parse the to-be-verified address out
-   of the notation data. */
-static pka_info_t *
-get_pka_address (PKT_signature *sig)
-{
-  pka_info_t *pka = NULL;
-  struct notation *nd,*notation;
-
-  notation=sig_to_notation(sig);
-
-  for(nd=notation;nd;nd=nd->next)
-    {
-      if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
-        continue; /* Not the notation we want. */
-
-      /* For now we only use the first valid PKA notation. In future
-	 we might want to keep additional PKA notations in a linked
-	 list. */
-      if (is_valid_mailbox (nd->value))
-	{
-	  pka = xmalloc (sizeof *pka + strlen(nd->value));
-	  pka->valid = 0;
-	  pka->checked = 0;
-	  pka->uri = NULL;
-	  strcpy (pka->email, nd->value);
-	  break;
-	}
-    }
-
-  free_notation(notation);
-
-  return pka;
-}
-
-
-/* Return the URI from a DNS PKA record.  If this record has already
-   be retrieved for the signature we merely return it; if not we go
-   out and try to get that DNS record. */
-static const char *
-pka_uri_from_sig (CTX c, PKT_signature *sig)
-{
-  if (!sig->flags.pka_tried)
-    {
-      log_assert (!sig->pka_info);
-      sig->flags.pka_tried = 1;
-      sig->pka_info = get_pka_address (sig);
-      if (sig->pka_info)
-        {
-          char *url;
-          unsigned char *fpr;
-          size_t fprlen;
-
-          if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
-                                    &fpr, &fprlen, &url))
-            {
-              if (fpr && fprlen == sizeof sig->pka_info->fpr)
-                {
-                  memcpy (sig->pka_info->fpr, fpr, fprlen);
-                  if (url)
-                    {
-                      sig->pka_info->valid = 1;
-                      if (!*url)
-                        xfree (url);
-                      else
-                        sig->pka_info->uri = url;
-                      url = NULL;
-                    }
-                }
-              xfree (fpr);
-              xfree (url);
-            }
-        }
-    }
-  return sig->pka_info? sig->pka_info->uri : NULL;
-}
-
-
 /* Return true if the AKL has the WKD method specified.  */
 static int
 akl_has_wkd_method (void)
@@ -1891,7 +1708,7 @@ akl_has_wkd_method (void)
 }
 
 
-/* Return the ISSUER fingerprint buffer and its lenbgth at R_LEN.
+/* Return the ISSUER fingerprint buffer and its length at R_LEN.
  * Returns NULL if not available.  The returned buffer is valid as
  * long as SIG is not modified.  */
 const byte *
@@ -1900,8 +1717,8 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
   const byte *p;
   size_t n;
 
-  p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
-  if (p && n == 21 && p[0] == 4)
+  p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &n);
+  if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5)))
     {
       *r_len = n - 1;
       return p+1;
@@ -1958,11 +1775,13 @@ check_sig_and_print (CTX c, kbnode_t node)
 {
   PKT_signature *sig = node->pkt->pkt.signature;
   const char *astr;
-  int rc;
+  gpg_error_t rc;
   int is_expkey = 0;
   int is_revkey = 0;
   char *issuer_fpr = NULL;
   PKT_public_key *pk = NULL;  /* The public key for the signature or NULL. */
+  const void *extrahash = NULL;
+  size_t extrahashlen = 0;
   kbnode_t included_keyblock = NULL;
 
   if (opt.skip_verify)
@@ -2021,6 +1840,8 @@ check_sig_and_print (CTX c, kbnode_t node)
           {
             if (n->next)
               goto ambiguous;  /* We only allow one P packet. */
+            extrahash = n->pkt->pkt.gpg_control->data;
+            extrahashlen = n->pkt->pkt.gpg_control->datalen;
           }
         else
           goto ambiguous;
@@ -2035,6 +1856,9 @@ check_sig_and_print (CTX c, kbnode_t node)
                     && (n->pkt->pkt.gpg_control->control
                         == CTRLPKT_PLAINTEXT_MARK)))
           goto ambiguous;
+        extrahash = n->pkt->pkt.gpg_control->data;
+        extrahashlen = n->pkt->pkt.gpg_control->datalen;
+
         for (n_sig=0, n = n->next;
              n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
           n_sig++;
@@ -2042,14 +1866,12 @@ check_sig_and_print (CTX c, kbnode_t node)
           goto ambiguous;
 
 	/* If we wanted to disallow multiple sig verification, we'd do
-	   something like this:
-
-	   if (n && !opt.allow_multisig_verification)
-             goto ambiguous;
-
-	   However, now that we have --allow-multiple-messages, this
-	   can stay allowable as we can't get here unless multiple
-	   messages (i.e. multiple literals) are allowed. */
+	 * something like this:
+         *
+	 * if (n)
+         *   goto ambiguous;
+         *
+         * However, this can stay allowable as we can't get here.  */
 
         if (n_onepass != n_sig)
           {
@@ -2067,6 +1889,8 @@ check_sig_and_print (CTX c, kbnode_t node)
                     && (n->pkt->pkt.gpg_control->control
                         == CTRLPKT_PLAINTEXT_MARK)))
           goto ambiguous;
+        extrahash = n->pkt->pkt.gpg_control->data;
+        extrahashlen = n->pkt->pkt.gpg_control->datalen;
         for (n_sig=0, n = n->next;
              n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
           n_sig++;
@@ -2079,7 +1903,7 @@ check_sig_and_print (CTX c, kbnode_t node)
         log_error(_("can't handle this ambiguous signature data\n"));
         return 0;
       }
-  }
+  } /* End checking signature packet composition.  */
 
   if (sig->signers_uid)
     write_status_buffer (STATUS_NEWSIG,
@@ -2112,7 +1936,8 @@ check_sig_and_print (CTX c, kbnode_t node)
   if (sig->signers_uid)
     log_info (_("               issuer \"%s\"\n"), sig->signers_uid);
 
-  rc = do_check_sig (c, node, NULL, NULL, &is_expkey, &is_revkey, &pk);
+  rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+                     NULL, &is_expkey, &is_revkey, &pk);
 
   /* If the key is not found but the signature includes a key block we
    * use that key block for verification and on success import it.  */
@@ -2125,14 +1950,17 @@ check_sig_and_print (CTX c, kbnode_t node)
       size_t kblock_len;
 
       included_pk = xcalloc (1, sizeof *included_pk);
-      kblock = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_BLOCK, &kblock_len);
+      kblock = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_BLOCK, &kblock_len);
       if (kblock && kblock_len > 1
           && !get_pubkey_from_buffer (c->ctrl, included_pk,
                                       kblock+1, kblock_len-1,
                                       sig->keyid, &included_keyblock))
         {
-          rc = do_check_sig (c, node, included_pk,
+          rc = do_check_sig (c, node, extrahash, extrahashlen, included_pk,
                              NULL, &is_expkey, &is_revkey, &pk);
+          if (opt.verbose)
+            log_debug ("checked signature using included key block: %s\n",
+                       gpg_strerror (rc));
           if (!rc)
             {
               /* The keyblock has been verified, we now import it.  */
@@ -2155,7 +1983,7 @@ check_sig_and_print (CTX c, kbnode_t node)
       size_t n;
       int any_pref_ks = 0;
 
-      while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
+      while ((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &n, &seq, NULL)))
         {
           /* According to my favorite copy editor, in English grammar,
              you say "at" if the key is located on a web page, but
@@ -2183,11 +2011,10 @@ check_sig_and_print (CTX c, kbnode_t node)
                   free_public_key (pk);
                   pk = NULL;
                   glo_ctrl.in_auto_key_retrieve++;
-                  res = keyserver_import_keyid (c->ctrl, sig->keyid,spec,
-                                                KEYSERVER_IMPORT_FLAG_QUICK);
+                  res = keyserver_import_keyid (c->ctrl, sig->keyid,spec, 1);
                   glo_ctrl.in_auto_key_retrieve--;
                   if (!res)
-                    rc = do_check_sig (c, node, NULL,
+                    rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
                                        NULL, &is_expkey, &is_revkey, &pk);
                   else if (DBG_LOOKUP)
                     log_debug ("lookup via %s failed: %s\n", "Pref-KS",
@@ -2223,55 +2050,17 @@ check_sig_and_print (CTX c, kbnode_t node)
       free_public_key (pk);
       pk = NULL;
       glo_ctrl.in_auto_key_retrieve++;
-      res = keyserver_import_wkd (c->ctrl, sig->signers_uid,
-                                  KEYSERVER_IMPORT_FLAG_QUICK, NULL, NULL);
+      res = keyserver_import_wkd (c->ctrl, sig->signers_uid, 1, NULL, NULL);
       glo_ctrl.in_auto_key_retrieve--;
       /* Fixme: If the fingerprint is embedded in the signature,
        * compare it to the fingerprint of the returned key.  */
       if (!res)
-        rc = do_check_sig (c, node, NULL, NULL, &is_expkey, &is_revkey, &pk);
+        rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
+                           NULL, &is_expkey, &is_revkey, &pk);
       else if (DBG_LOOKUP)
         log_debug ("lookup via %s failed: %s\n", "WKD", gpg_strerror (res));
     }
 
-  /* If the avove methods didn't work, our next try is to use the URI
-   * from a DNS PKA record.  This is a legacy method which will
-   * eventually be removed.  */
-  if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
-      && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
-      && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
-    {
-      const char *uri = pka_uri_from_sig (c, sig);
-
-      if (uri)
-        {
-          /* FIXME: We might want to locate the key using the
-             fingerprint instead of the keyid. */
-          int res;
-          struct keyserver_spec *spec;
-
-          spec = parse_keyserver_uri (uri, 1);
-          if (spec)
-            {
-              if (DBG_LOOKUP)
-                log_debug ("trying auto-key-retrieve method %s\n", "PKA");
-
-              free_public_key (pk);
-              pk = NULL;
-              glo_ctrl.in_auto_key_retrieve++;
-              res = keyserver_import_keyid (c->ctrl, sig->keyid, spec, 1);
-              glo_ctrl.in_auto_key_retrieve--;
-              free_keyserver_spec (spec);
-              if (!res)
-                rc = do_check_sig (c, node, NULL,
-                                   NULL, &is_expkey, &is_revkey, &pk);
-              else if (DBG_LOOKUP)
-                log_debug ("lookup via %s failed: %s\n", "PKA",
-                           gpg_strerror (res));
-            }
-        }
-    }
-
   /* If the above methods didn't work, our next try is to locate
    * the key via its fingerprint from a keyserver.  This requires
    * that the signers fingerprint is encoded in the signature.  */
@@ -2286,28 +2075,31 @@ check_sig_and_print (CTX c, kbnode_t node)
       p = issuer_fpr_raw (sig, &n);
       if (p)
         {
-          /* v4 packet with a SHA-1 fingerprint.  */
           if (DBG_LOOKUP)
             log_debug ("trying auto-key-retrieve method %s\n", "KS");
 
+          /* v4 or v5 packet with a SHA-1/256 fingerprint.  */
           free_public_key (pk);
           pk = NULL;
           glo_ctrl.in_auto_key_retrieve++;
-          res = keyserver_import_fprint (c->ctrl, p, n, opt.keyserver,
-                                         KEYSERVER_IMPORT_FLAG_QUICK);
+          res = keyserver_import_fprint (c->ctrl, p, n, opt.keyserver, 1);
           glo_ctrl.in_auto_key_retrieve--;
           if (!res)
-            rc = do_check_sig (c, node, NULL,
+            rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
                                NULL, &is_expkey, &is_revkey, &pk);
           else if (DBG_LOOKUP)
             log_debug ("lookup via %s failed: %s\n", "KS", gpg_strerror (res));
         }
     }
 
+  /* Do do something with the result of the signature checking.  */
   if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
     {
+      /* We have checked the signature and the result is either a good
+       * signature or a bad signature.  Further examination follows.  */
       kbnode_t un, keyblock;
       int count = 0;
+      int keyblock_has_pk = 0;  /* For failsafe check.  */
       int statno;
       char keyid_str[50];
       PKT_public_key *mainpk = NULL;
@@ -2344,7 +2136,14 @@ check_sig_and_print (CTX c, kbnode_t node)
         {
           int valid;
 
-          if (un->pkt->pkttype==PKT_PUBLIC_KEY)
+          if (!keyblock_has_pk
+              && (un->pkt->pkttype == PKT_PUBLIC_KEY
+                  || un->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+              && !cmp_public_keys (un->pkt->pkt.public_key, pk))
+            {
+              keyblock_has_pk = 1;
+            }
+          if (un->pkt->pkttype == PKT_PUBLIC_KEY)
             {
               mainpk = un->pkt->pkt.public_key;
               continue;
@@ -2386,9 +2185,19 @@ check_sig_and_print (CTX c, kbnode_t node)
             log_printf ("\n");
 
           count++;
+          /* At this point we could in theory stop because the primary
+           * UID flag is never set for more than one User ID per
+           * keyblock.  However, we use this loop also for a failsafe
+           * check that the public key used to create the signature is
+           * contained in the keyring.*/
 	}
 
       log_assert (mainpk);
+      if (!keyblock_has_pk)
+        {
+          log_error ("signature key lost from keyblock\n");
+          rc = gpg_error (GPG_ERR_INTERNAL);
+        }
 
       /* In case we did not found a valid textual userid above
          we print the first user id packet or a "[?]" instead along
@@ -2542,16 +2351,15 @@ check_sig_and_print (CTX c, kbnode_t node)
          how to resolve a conflict.  */
       if (!rc)
         {
-          if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
-            pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
-          rc = check_signatures_trust (c->ctrl, sig);
+          rc = check_signatures_trust (c->ctrl, keyblock, pk, sig);
         }
 
       /* Print extra information about the signature.  */
       if (sig->flags.expired)
         {
           log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
-          rc = GPG_ERR_GENERAL; /* Need a better error here?  */
+          if (!rc)
+            rc = gpg_error (GPG_ERR_GENERAL); /* Need a better error here?  */
         }
       else if (sig->expiredate)
         log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
@@ -2620,14 +2428,6 @@ check_sig_and_print (CTX c, kbnode_t node)
         write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
                               gnupg_status_compliance_flag (CO_DE_VS),
                               NULL);
-      else if (opt.flags.require_compliance
-               && opt.compliance == CO_DE_VS)
-        {
-          compliance_failure ();
-          if (!rc)
-            rc = gpg_error (GPG_ERR_FORBIDDEN);
-        }
-
 
       free_public_key (pk);
       pk = NULL;
@@ -2637,7 +2437,7 @@ check_sig_and_print (CTX c, kbnode_t node)
       if (opt.batch && rc)
         g10_exit (1);
     }
-  else
+  else  /* Error checking the signature. (neither Good nor Bad).  */
     {
       write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
                            (ulong)sig->keyid[0], (ulong)sig->keyid[1],
diff --git a/g10/misc.c b/g10/misc.c
index 0b19e1a..2a431b1 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -70,6 +70,7 @@
 #include "../common/i18n.h"
 #include "../common/zb32.h"
 
+
 /* FIXME: Libgcrypt 1.9 will support EAX.  Until we name this a
  * requirement we hardwire the enum used for EAX.  */
 #define MY_GCRY_CIPHER_MODE_EAX 14
@@ -240,7 +241,7 @@ checksum_u16( unsigned n )
 
 
 u16
-checksum( byte *p, unsigned n )
+checksum (const byte *p, unsigned n)
 {
     u16 a;
 
@@ -256,6 +257,25 @@ checksum_mpi (gcry_mpi_t a)
   byte *buffer;
   size_t nbytes;
 
+  /*
+   * This code can be skipped when gcry_mpi_print
+   * supports opaque MPI.
+   */
+  if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+    {
+      const byte *p;
+      unsigned int nbits;
+
+      p = gcry_mpi_get_opaque (a, &nbits);
+      if (!p)
+        return 0;
+
+      csum = nbits >> 8;
+      csum += (nbits & 0xff);
+      csum += checksum (p, (nbits+7)/8);
+      return csum;
+    }
+
   if ( gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a) )
     BUG ();
   /* Fixme: For numbers not in secure memory we should use a stack
@@ -376,8 +396,9 @@ print_sha1_keysig_rejected_note (void)
   log_info (_("Note: third-party key signatures using"
               " the %s algorithm are rejected\n"),
             gcry_md_algo_name (GCRY_MD_SHA1));
-  print_further_info ("use option \"%s\" to override",
-                      "--allow-weak-key-signatures");
+  if (!opt.quiet)
+    log_info (_("(use option \"%s\" to override)\n"),
+              "--allow-weak-key-signatures");
 }
 
 
@@ -421,7 +442,7 @@ print_further_info (const char *format, ...)
 
   log_info (_("(further info: "));
   va_start (arg_ptr, format);
-  log_logv (GPGRT_LOG_CONT, format, arg_ptr);
+  log_logv (GPGRT_LOGLVL_CONT, format, arg_ptr);
   va_end (arg_ptr);
   log_printf (")\n");
 }
@@ -524,21 +545,6 @@ map_cipher_gcry_to_openpgp (enum gcry_cipher_algos algo)
     }
 }
 
-/* Map Gcrypt public key algorithm numbers to those used by OpenPGP.
-   FIXME: This mapping is used at only two places - we should get rid
-   of it.  */
-pubkey_algo_t
-map_pk_gcry_to_openpgp (enum gcry_pk_algos algo)
-{
-  switch (algo)
-    {
-    case GCRY_PK_EDDSA:  return PUBKEY_ALGO_EDDSA;
-    case GCRY_PK_ECDSA:  return PUBKEY_ALGO_ECDSA;
-    case GCRY_PK_ECDH:   return PUBKEY_ALGO_ECDH;
-    default: return algo < 110 ? (pubkey_algo_t)algo : 0;
-    }
-}
-
 
 /* Return the block length of an OpenPGP cipher algorithm.  */
 int
@@ -569,7 +575,7 @@ openpgp_cipher_blocklen (cipher_algo_t algo)
 
 /****************
  * Wrapper around the libgcrypt function with additional checks on
- * the OpenPGP contraints for the algo ID.
+ * the OpenPGP constraints for the algo ID.
  */
 int
 openpgp_cipher_test_algo (cipher_algo_t algo)
@@ -608,24 +614,6 @@ openpgp_cipher_algo_name (cipher_algo_t algo)
 }
 
 
-/* Same as openpgp_cipher_algo_name but returns a string in the form
- * "ALGO.MODE" if AEAD is not 0.  Note that in this version we do not
- * print "ALGO.CFB" as we do in 2.3 to avoid confusing users.  */
-const char *
-openpgp_cipher_algo_mode_name (cipher_algo_t algo, aead_algo_t aead)
-{
-
-  if (aead == AEAD_ALGO_NONE)
-    return openpgp_cipher_algo_name (algo);
-
-  return map_static_strings ("openpgp_cipher_algo_mode_name", algo, aead,
-                             openpgp_cipher_algo_name (algo),
-                             ".",
-                             openpgp_aead_algo_name (aead),
-                             NULL);
-}
-
-
 /* Return 0 if ALGO is supported.  Return an error if not. */
 gpg_error_t
 openpgp_aead_test_algo (aead_algo_t algo)
@@ -633,20 +621,14 @@ openpgp_aead_test_algo (aead_algo_t algo)
   /* FIXME: We currently have no easy way to test whether libgcrypt
    * implements a mode.  The only way we can do this is to open a
    * cipher context with that mode and close it immediately.  That is
-   * a bit costly.  So we look at the libgcrypt version and assume
-   * nothing has been patched out.  */
+   * a bit costly.  Thus in case we add another algo we need to look
+   * at the libgcrypt version and assume nothing has been patched out.  */
   switch (algo)
     {
     case AEAD_ALGO_NONE:
       break;
 
     case AEAD_ALGO_EAX:
-#if GCRYPT_VERSION_NUMBER < 0x010900
-      break;
-#else
-      return 0;
-#endif
-
     case AEAD_ALGO_OCB:
       return 0;
     }
@@ -750,7 +732,7 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
 #endif
 
     case PUBKEY_ALGO_ELGAMAL:
-      /* Dont't allow type 20 keys unless in rfc2440 mode.  */
+      /* Don't allow type 20 keys unless in rfc2440 mode.  */
       if (RFC2440)
         ga = GCRY_PK_ELG;
       break;
@@ -932,7 +914,7 @@ get_signature_count (PKT_public_key *pk)
 /* Expand %-strings.  Returns a string which must be xfreed.  Returns
    NULL if the string cannot be expanded (too large). */
 char *
-pct_expando(const char *string,struct expando_args *args)
+pct_expando (ctrl_t ctrl, const char *string,struct expando_args *args)
 {
   const char *ch=string;
   int idx=0,maxlen=0,done=0;
@@ -1059,7 +1041,7 @@ pct_expando(const char *string,struct expando_args *args)
 			PKT_public_key *pk=
 			  xmalloc_clear(sizeof(PKT_public_key));
 
-			if (!get_pubkey_fast (pk,args->pksk->main_keyid))
+			if (!get_pubkey_fast (ctrl, pk,args->pksk->main_keyid))
 			  fingerprint_from_pk (pk, array, &len);
 			else
 			  memset (array, 0, (len=MAX_FINGERPRINT_LEN));
@@ -1242,6 +1224,39 @@ string_to_cipher_algo (const char *string)
   return val;
 }
 
+
+/*
+ * Map an AEAD mode string to a an AEAD algorithm number as defined by
+ * rfc4880bis.  Also support the "An" syntax as used by the preference
+ * strings.
+ */
+aead_algo_t
+string_to_aead_algo (const char *string)
+{
+  int result;
+
+  if (!string)
+    result = 0;
+  else if (!ascii_strcasecmp (string, "EAX"))
+    result = 1;
+  else if (!ascii_strcasecmp (string, "OCB"))
+    result = 2;
+  else if ((string[0]=='A' || string[0]=='a'))
+    {
+      char *endptr;
+
+      string++;
+      result = strtol (string, &endptr, 10);
+      if (!*string || *endptr || result < 1 || result > 2)
+        result = 0;
+    }
+  else
+    result = 0;
+
+  return result;
+}
+
+
 /*
  * Wrapper around gcry_md_map_name to provide a fallback using the
  * "Hn" syntax as used by the preference strings.
@@ -1358,6 +1373,18 @@ default_cipher_algo(void)
     return opt.s2k_cipher_algo;
 }
 
+
+aead_algo_t
+default_aead_algo(void)
+{
+  if(opt.def_aead_algo)
+    return opt.def_aead_algo;
+  else if(opt.personal_aead_prefs)
+    return opt.personal_aead_prefs[0].value;
+  else
+    return DEFAULT_AEAD_ALGO;
+}
+
 /* There is no default_digest_algo function, but see
    sign.c:hash_for() */
 
@@ -1392,10 +1419,6 @@ compliance_failure(void)
       ver="OpenPGP (older)";
       break;
 
-    case CO_PGP6:
-      ver="PGP 6.x";
-      break;
-
     case CO_PGP7:
       ver="PGP 7.x";
       break;
@@ -1405,12 +1428,8 @@ compliance_failure(void)
       break;
 
     case CO_DE_VS:
-      /* For de-vs we do not allow any kind of fallback.  */
-      write_status_failure ("compliance-check", gpg_error (GPG_ERR_FORBIDDEN));
-      log_error (_("operation forced to fail due to"
-                   " unfulfilled compliance rules\n"));
-      g10_errors_seen = 1;
-      return;
+      ver="DE-VS applications";
+      break;
     }
 
   log_info(_("this message may not be usable by %s\n"),ver);
@@ -1534,6 +1553,8 @@ optlen(const char *s)
     return strlen(s);
 }
 
+
+/* Note: This function returns true on success.  */
 int
 parse_options(char *str,unsigned int *options,
 	      struct parse_options *opts,int noisy)
diff --git a/g10/objcache.c b/g10/objcache.c
new file mode 100644
index 0000000..8d9ccef
--- /dev/null
+++ b/g10/objcache.c
@@ -0,0 +1,689 @@
+/* objcache.c - Caching functions for keys and user ids.
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gpg.h"
+#include "../common/util.h"
+#include "packet.h"
+#include "keydb.h"
+#include "options.h"
+#include "objcache.h"
+
+/* Note that max value for uid_items is actually the threshold when
+ * we start to look for items which can be removed.  */
+#define NO_OF_UID_ITEM_BUCKETS    107
+#define MAX_UID_ITEMS_PER_BUCKET  20
+
+#define NO_OF_KEY_ITEM_BUCKETS    383
+#define MAX_KEY_ITEMS_PER_BUCKET  20
+
+
+/* An object to store a user id.  This describes an item in the linked
+ * lists of a bucket in hash table.  The reference count will
+ * eventually be used to remove items from the table.  */
+typedef struct uid_item_s
+{
+  struct uid_item_s *next;
+  unsigned int refcount;  /* The reference count for this item.   */
+  unsigned int namelen;   /* The length of the UID sans the nul.  */
+  char name[1];
+} *uid_item_t;
+
+static uid_item_t *uid_table; /* Hash table for with user ids.  */
+static size_t uid_table_size; /* Number of allocated buckets.   */
+static unsigned int uid_table_max;    /* Max. # of items in a bucket.  */
+static unsigned int uid_table_added;  /* # of items added.   */
+static unsigned int uid_table_dropped;/* # of items dropped.  */
+
+
+/* An object to store properties of a key.  Note that this can be used
+ * for a primary or a subkey.  The key is linked to a user if that
+ * exists.  */
+typedef struct key_item_s
+{
+  struct key_item_s *next;
+  unsigned int usecount;
+  byte fprlen;
+  char fpr[MAX_FINGERPRINT_LEN];
+  u32 keyid[2];
+  uid_item_t ui;          /* NULL of a ref'ed user id item.      */
+} *key_item_t;
+
+static key_item_t *key_table; /* Hash table with the keys.      */
+static size_t key_table_size; /* Number of allocated buckents.  */
+static unsigned int key_table_max;    /* Max. # of items in a bucket.  */
+static unsigned int key_table_added;  /* # of items added.   */
+static unsigned int key_table_dropped;/* # of items dropped.  */
+static key_item_t key_item_attic;     /* List of freed items.  */
+
+
+
+/* Dump stats.  */
+void
+objcache_dump_stats (void)
+{
+  unsigned int idx;
+  int len, minlen, maxlen;
+  unsigned int count, attic, empty;
+  key_item_t ki;
+  uid_item_t ui;
+
+  count = empty = 0;
+  minlen = -1;
+  maxlen = 0;
+  for (idx = 0; idx < key_table_size; idx++)
+    {
+      len = 0;
+      for (ki = key_table[idx]; ki; ki = ki->next)
+        {
+          count++;
+          len++;
+          /* log_debug ("key bucket %u: kid=%08lX used=%u ui=%p\n", */
+          /*            idx, (ulong)ki->keyid[0], ki->usecount, ki->ui); */
+        }
+      if (len > maxlen)
+        maxlen = len;
+
+      if (!len)
+        empty++;
+      else if (minlen == -1 || len < minlen)
+        minlen = len;
+    }
+  for (attic=0, ki = key_item_attic; ki; ki = ki->next)
+    attic++;
+  log_info ("objcache: keys=%u/%u/%u chains=%u,%d..%d buckets=%zu/%u"
+            " attic=%u\n",
+            count, key_table_added, key_table_dropped,
+            empty, minlen > 0? minlen : 0, maxlen,
+            key_table_size, key_table_max, attic);
+
+  count = empty = 0;
+  minlen = -1;
+  maxlen = 0;
+  for (idx = 0; idx < uid_table_size; idx++)
+    {
+      len = 0;
+      for (ui = uid_table[idx]; ui; ui = ui->next)
+        {
+          count++;
+          len++;
+          /* log_debug ("uid bucket %u: %p ref=%u l=%u (%.20s)\n", */
+          /*            idx, ui, ui->refcount, ui->namelen, ui->name); */
+        }
+      if (len > maxlen)
+        maxlen = len;
+
+      if (!len)
+        empty++;
+      else if (minlen == -1 || len < minlen)
+        minlen = len;
+    }
+  log_info ("objcache: uids=%u/%u/%u chains=%u,%d..%d buckets=%zu/%u\n",
+            count, uid_table_added, uid_table_dropped,
+            empty, minlen > 0? minlen : 0, maxlen,
+            uid_table_size, uid_table_max);
+}
+
+
+
+/* The hash function we use for the uid_table.  Must not call a system
+ * function.  */
+static inline unsigned int
+uid_table_hasher (const char *name, unsigned namelen)
+{
+  const unsigned char *s = (const unsigned char*)name;
+  unsigned int hashval = 0;
+  unsigned int carry;
+
+  for (; namelen; namelen--, s++)
+    {
+      hashval = (hashval << 4) + *s;
+      if ((carry = (hashval & 0xf0000000)))
+        {
+          hashval ^= (carry >> 24);
+          hashval ^= carry;
+        }
+    }
+
+  return hashval % uid_table_size;
+}
+
+
+/* Run time allocation of the uid table.  This allows us to eventually
+ * add an option to gpg to control the size.  */
+static void
+uid_table_init (void)
+{
+  if (uid_table)
+    return;
+  uid_table_size = NO_OF_UID_ITEM_BUCKETS;
+  uid_table_max = MAX_UID_ITEMS_PER_BUCKET;
+  uid_table = xcalloc (uid_table_size, sizeof *uid_table);
+}
+
+
+static uid_item_t
+uid_item_ref (uid_item_t ui)
+{
+  if (ui)
+    ui->refcount++;
+  return ui;
+}
+
+static void
+uid_item_unref (uid_item_t uid)
+{
+  if (!uid)
+    return;
+  if (!uid->refcount)
+    log_fatal ("too many unrefs for uid_item\n");
+
+  uid->refcount--;
+  /* We do not release the item here because that would require that
+   * we locate the head of the list which has this item.  This will
+   * take too long and thus the item is removed when we need to purge
+   * some items for the list during uid_item_put.  */
+}
+
+
+/* Put (NAME,NAMELEN) into the UID_TABLE and return the item.  The
+ * reference count for that item is incremented.  NULL is return on an
+ * allocation error.  The caller should release the returned item
+ * using uid_item_unref.  */
+static uid_item_t
+uid_table_put (const char *name, unsigned int namelen)
+{
+  unsigned int hash;
+  uid_item_t ui;
+  unsigned int count;
+
+  if (!uid_table)
+    uid_table_init ();
+
+  hash = uid_table_hasher (name, namelen);
+  for (ui = uid_table[hash], count = 0; ui; ui = ui->next, count++)
+    if (ui->namelen == namelen && !memcmp (ui->name, name, namelen))
+      return uid_item_ref (ui);  /* Found.  */
+
+  /* If the bucket is full remove all unrefed items.  */
+  if (count >= uid_table_max)
+    {
+      uid_item_t ui_next, ui_prev, list_head, drop_head;
+
+      /* No syscalls from here .. */
+      list_head = uid_table[hash];
+      drop_head = NULL;
+      while (list_head && !list_head->refcount)
+        {
+          ui = list_head;
+          list_head = ui->next;
+          ui->next = drop_head;
+          drop_head = ui;
+        }
+      if ((ui_prev = list_head))
+        for (ui = ui_prev->next; ui; ui = ui_next)
+          {
+            ui_next = ui->next;
+            if (!ui->refcount)
+              {
+                ui->next = drop_head;
+                drop_head = ui;
+                ui_prev->next = ui_next;
+              }
+            else
+              ui_prev = ui;
+          }
+      uid_table[hash] = list_head;
+      /* ... to here */
+
+      for (ui = drop_head; ui; ui = ui_next)
+        {
+          ui_next = ui->next;
+          xfree (ui);
+          uid_table_dropped++;
+        }
+    }
+
+  count = uid_table_added + uid_table_dropped;
+  ui = xtrycalloc (1, sizeof *ui + namelen);
+  if (!ui)
+    return NULL;  /* Out of core.  */
+  if (count != uid_table_added + uid_table_dropped)
+    {
+      /* During the malloc another thread added an item.  Thus we need
+       * to check again.  */
+      uid_item_t ui_new = ui;
+      for (ui = uid_table[hash]; ui; ui = ui->next)
+        if (ui->namelen == namelen && !memcmp (ui->name, name, namelen))
+          {
+            /* Found.  */
+            xfree (ui_new);
+            return uid_item_ref (ui);
+          }
+      ui = ui_new;
+    }
+
+  memcpy (ui->name, name, namelen);
+  ui->name[namelen] = 0; /* Extra Nul so we can use it as a string.  */
+  ui->namelen = namelen;
+  ui->refcount = 1;
+  ui->next = uid_table[hash];
+  uid_table[hash] = ui;
+  uid_table_added++;
+  return ui;
+}
+
+
+
+/* The hash function we use for the key_table.  Must not call a system
+ * function.  */
+static inline unsigned int
+key_table_hasher (u32 *keyid)
+{
+  /* A fingerprint could be used directly as a hash value.  However,
+   * we use the keyid here because it is used in encrypted packets and
+   * older signatures to identify a key.  Since v4 keys the keyid is
+   * anyway a part of the fingerprint so it quickly extracted from a
+   * fingerprint.  Note that v3 keys are not supported by gpg.  */
+  return keyid[0] % key_table_size;
+}
+
+
+/* Run time allocation of the key table.  This allows us to eventually
+ * add an option to gpg to control the size.  */
+static void
+key_table_init (void)
+{
+  if (key_table)
+    return;
+  key_table_size = NO_OF_KEY_ITEM_BUCKETS;
+  key_table_max  = MAX_KEY_ITEMS_PER_BUCKET;
+  key_table = xcalloc (key_table_size, sizeof *key_table);
+}
+
+
+static void
+key_item_free (key_item_t ki)
+{
+  if (!ki)
+    return;
+  uid_item_unref (ki->ui);
+  ki->ui = NULL;
+  ki->next = key_item_attic;
+  key_item_attic = ki;
+}
+
+
+/* Get a key item from PK or if that is NULL from KEYID.  The
+ * reference count for that item is incremented.  NULL is return if it
+ * was not found.  */
+static key_item_t
+key_table_get (PKT_public_key *pk, u32 *keyid)
+{
+  unsigned int hash;
+  key_item_t ki, ki2;
+
+  if (!key_table)
+    key_table_init ();
+
+  if (pk)
+    {
+      byte fpr[MAX_FINGERPRINT_LEN];
+      size_t fprlen;
+      u32 tmpkeyid[2];
+
+      fingerprint_from_pk (pk, fpr, &fprlen);
+      keyid_from_pk (pk, tmpkeyid);
+      hash = key_table_hasher (tmpkeyid);
+      for (ki = key_table[hash]; ki; ki = ki->next)
+        if (ki->fprlen == fprlen && !memcmp (ki->fpr, fpr, fprlen))
+          return ki; /* Found */
+    }
+  else if (keyid)
+    {
+      hash = key_table_hasher (keyid);
+      for (ki = key_table[hash]; ki; ki = ki->next)
+        if (ki->keyid[0] == keyid[0] && ki->keyid[1] == keyid[1])
+          {
+            /* Found.  We need to check for dups.  */
+            for (ki2 = ki->next; ki2; ki2 = ki2->next)
+              if (ki2->keyid[0] == keyid[0] && ki2->keyid[1] == keyid[1])
+                return NULL;  /* Duplicated keyid - return NULL.  */
+
+            /* This is the only one - return it.  */
+            return ki;
+          }
+    }
+  return NULL;
+}
+
+
+/* Helper for the qsort in key_table_put.  */
+static int
+compare_key_items (const void *arg_a, const void *arg_b)
+{
+  const key_item_t a = *(const key_item_t *)arg_a;
+  const key_item_t b = *(const key_item_t *)arg_b;
+
+  /* Reverse sort on the usecount.  */
+  if (a->usecount > b->usecount)
+    return -1;
+  else if (a->usecount == b->usecount)
+    return 0;
+  else
+    return 1;
+}
+
+
+/* Put PK into the KEY_TABLE and return a key item.  The reference
+ * count for that item is incremented.  If UI is given it is put into
+ * the entry.  NULL is return on an allocation error.  */
+static key_item_t
+key_table_put (PKT_public_key *pk, uid_item_t ui)
+{
+  unsigned int hash;
+  key_item_t ki;
+  u32 keyid[2];
+  byte fpr[MAX_FINGERPRINT_LEN];
+  size_t fprlen;
+  unsigned int count, n;
+
+  if (!key_table)
+    key_table_init ();
+
+  fingerprint_from_pk (pk, fpr, &fprlen);
+  keyid_from_pk (pk, keyid);
+  hash = key_table_hasher (keyid);
+  for (ki = key_table[hash], count=0; ki; ki = ki->next, count++)
+    if (ki->fprlen == fprlen && !memcmp (ki->fpr, fpr, fprlen))
+      return ki;  /* Found  */
+
+  /* If the bucket is full remove a couple of items. */
+  if (count >= key_table_max)
+    {
+      key_item_t list_head, *list_tailp, ki_next;
+      key_item_t *array;
+      int narray, idx;
+
+      /* Unlink from the global list so that other threads don't
+       * disturb us.  If another thread adds or removes something only
+       * one will be the winner.  Bad luck for the drooped cache items
+       * but after all it is just a cache.  */
+      list_head = key_table[hash];
+      key_table[hash] = NULL;
+
+      /* Put all items into an array for sorting.  */
+      array = xtrycalloc (count, sizeof *array);
+      if (!array)
+        {
+          /* That's bad; give up all  items of the bucket.  */
+          log_info ("Note: malloc failed while purging from the key_tabe: %s\n",
+                    gpg_strerror (gpg_error_from_syserror ()));
+          goto leave_drop;
+        }
+      narray = 0;
+      for (ki = list_head; ki; ki = ki_next)
+        {
+          ki_next = ki->next;
+          array[narray++] = ki;
+          ki->next = NULL;
+        }
+      log_assert (narray == count);
+
+      /* Sort the array and put half of it onto a new list.  */
+      qsort (array, narray, sizeof *array, compare_key_items);
+      list_head = NULL;
+      list_tailp = &list_head;
+      for (idx=0; idx < narray/2; idx++)
+        {
+          *list_tailp = array[idx];
+          list_tailp = &array[idx]->next;
+        }
+
+      /* Put the new list into the bucket.  */
+      ki = key_table[hash];
+      key_table[hash] = list_head;
+      list_head = ki;
+
+      /* Free the remaining items and the array.  */
+      for (; idx < narray; idx++)
+        {
+          key_item_free (array[idx]);
+          key_table_dropped++;
+        }
+      xfree (array);
+
+    leave_drop:
+      /* Free any items added in the meantime by other threads.  This
+       * is also used in case of a malloc problem (which won't update
+       * the counters, though). */
+      for ( ; list_head; list_head = ki_next)
+        {
+          ki_next = list_head->next;
+          key_item_free (list_head);
+        }
+    }
+
+  /* Add an item to the bucket.  We allocate a whole block of items
+   * for cache performance reasons.  */
+  if (!key_item_attic)
+    {
+      key_item_t kiblock;
+      int kiblocksize = 256;
+
+      kiblock = xtrymalloc (kiblocksize * sizeof *kiblock);
+      if (!kiblock)
+        return NULL;  /* Out of core.  */
+      for (n = 0; n < kiblocksize; n++)
+        {
+          ki = kiblock + n;
+          ki->next = key_item_attic;
+          key_item_attic = ki;
+        }
+
+      /* During the malloc another thread may have changed the bucket.
+       * Thus we need to check again.  */
+      for (ki = key_table[hash]; ki; ki = ki->next)
+        if (ki->fprlen == fprlen && !memcmp (ki->fpr, fpr, fprlen))
+          return ki;  /* Found  */
+    }
+
+  /* We now know that there is an item in the attic.  */
+  ki = key_item_attic;
+  key_item_attic = ki->next;
+  ki->next = NULL;
+
+  memcpy (ki->fpr, fpr, fprlen);
+  ki->fprlen = fprlen;
+  ki->keyid[0] = keyid[0];
+  ki->keyid[1] = keyid[1];
+  ki->ui = uid_item_ref (ui);
+  ki->usecount = 0;
+  ki->next = key_table[hash];
+  key_table[hash] = ki;
+  key_table_added++;
+  return ki;
+}
+
+
+
+/* Return the user ID from the given keyblock.  We use the primary uid
+ * flag which should have already been set.  The returned value is
+ * only valid as long as the given keyblock is not changed. */
+static const char *
+primary_uid_from_keyblock (kbnode_t keyblock, size_t *uidlen)
+{
+  kbnode_t k;
+
+  for (k = keyblock; k; k = k->next)
+    {
+      if (k->pkt->pkttype == PKT_USER_ID
+	  && !k->pkt->pkt.user_id->attrib_data
+	  && k->pkt->pkt.user_id->flags.primary)
+	{
+	  *uidlen = k->pkt->pkt.user_id->len;
+	  return k->pkt->pkt.user_id->name;
+	}
+    }
+  return NULL;
+}
+
+
+/* Store the associations of keyid/fingerprint and userid.  Only
+ * public keys should be fed to this function.  */
+void
+cache_put_keyblock (kbnode_t keyblock)
+{
+  uid_item_t ui = NULL;
+  kbnode_t k;
+
+ restart:
+  for (k = keyblock; k; k = k->next)
+    {
+      if (k->pkt->pkttype == PKT_PUBLIC_KEY
+	  || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+	{
+          if (!ui)
+            {
+              /* Initially we just test for an entry to avoid the need
+               * to create a user id item for a put.  Only if we miss
+               * key in the cache we create a user id and restart.  */
+              if (!key_table_get (k->pkt->pkt.public_key, NULL))
+                {
+                  const char *uid;
+                  size_t uidlen;
+
+                  uid = primary_uid_from_keyblock (keyblock, &uidlen);
+                  if (uid)
+                    {
+                      ui = uid_table_put (uid, uidlen);
+                      if (!ui)
+                        {
+                          log_info ("Note: failed to cache a user id: %s\n",
+                                    gpg_strerror (gpg_error_from_syserror ()));
+                          goto leave;
+                        }
+                      goto restart;
+                    }
+                }
+            }
+          else /* With a UID we use the update cache mode.  */
+            {
+              if (!key_table_put (k->pkt->pkt.public_key, ui))
+                {
+                  log_info ("Note: failed to cache a key: %s\n",
+                            gpg_strerror (gpg_error_from_syserror ()));
+                  goto leave;
+                }
+            }
+        }
+    }
+
+ leave:
+  uid_item_unref (ui);
+}
+
+
+/* Return the user id string for KEYID.  If a user id is not found (or
+ * on malloc error) NULL is returned.  If R_LENGTH is not NULL the
+ * length of the user id is stored there; this does not included the
+ * always appended nul.  Note that a user id may include an internal
+ * nul which can be detected by the caller by comparing to the
+ * returned length.  */
+char *
+cache_get_uid_bykid (u32 *keyid, unsigned int *r_length)
+{
+  key_item_t ki;
+  char *p;
+
+  if (r_length)
+    *r_length = 0;
+
+  ki = key_table_get (NULL, keyid);
+  if (!ki)
+    return NULL; /* Not found or duplicate keyid.  */
+
+  if (!ki->ui)
+    p = NULL;  /* No user id known for key.  */
+  else
+    {
+      p = xtrymalloc (ki->ui->namelen + 1);
+      if (p)
+        {
+          memcpy (p, ki->ui->name, ki->ui->namelen + 1);
+          if (r_length)
+            *r_length = ki->ui->namelen;
+          ki->usecount++;
+        }
+    }
+
+  return p;
+}
+
+
+/* Return the user id string for FPR with FPRLEN.  If a user id is not
+ * found (or on malloc error) NULL is returned.  If R_LENGTH is not
+ * NULL the length of the user id is stored there; this does not
+ * included the always appended nul.  Note that a user id may include
+ * an internal nul which can be detected by the caller by comparing to
+ * the returned length.  */
+char *
+cache_get_uid_byfpr (const byte *fpr, size_t fprlen, size_t *r_length)
+{
+  char *p;
+  unsigned int hash;
+  u32 keyid[2];
+  key_item_t ki;
+
+  if (r_length)
+    *r_length = 0;
+
+  if (!key_table)
+    return NULL;
+
+  keyid_from_fingerprint (NULL, fpr, fprlen, keyid);
+  hash = key_table_hasher (keyid);
+  for (ki = key_table[hash]; ki; ki = ki->next)
+    if (ki->fprlen == fprlen && !memcmp (ki->fpr, fpr, fprlen))
+      break; /* Found */
+
+  if (!ki)
+    return NULL; /* Not found.  */
+
+  if (!ki->ui)
+    p = NULL;  /* No user id known for key.  */
+  else
+    {
+      p = xtrymalloc (ki->ui->namelen + 1);
+      if (p)
+        {
+          memcpy (p, ki->ui->name, ki->ui->namelen + 1);
+          if (r_length)
+            *r_length = ki->ui->namelen;
+          ki->usecount++;
+        }
+    }
+
+  return p;
+}
diff --git a/dirmngr/ldap-misc.h b/g10/objcache.h
similarity index 52%
rename from dirmngr/ldap-misc.h
rename to g10/objcache.h
index d555caf..edf1295 100644
--- a/dirmngr/ldap-misc.h
+++ b/g10/objcache.h
@@ -1,5 +1,5 @@
-/* ldap-misc.h - Miscellaneous helpers for LDAP functions
- * Copyright (C) 2015, 2021 g10 Code GmbH
+/* objcache.h - Caching functions for keys and user ids.
+ * Copyright (C) 2019 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -18,26 +18,12 @@
  * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
-#ifndef DIRMNGR_LDAP_MISC_H
-#define DIRMNGR_LDAP_MISC_H
+#ifndef GNUPG_G10_OBJCACHE_H
+#define GNUPG_G10_OBJCACHE_H
 
-#ifdef _WIN32
-# include <winsock2.h>
-# include <winldap.h>
-#else
-# ifdef NEED_LBER_H
-#  include <lber.h>
-# endif
-/* For OpenLDAP, to enable the API that we're using. */
-# define LDAP_DEPRECATED 1
-# include <ldap.h>
-#endif
+void objcache_dump_stats (void);
+void cache_put_keyblock (kbnode_t keyblock);
+char *cache_get_uid_bykid (u32 *keyid, unsigned int *r_length);
+char *cache_get_uid_byfpr (const byte *fpr, size_t fprlen, size_t *r_length);
 
-
-gpg_err_code_t ldap_err_to_gpg_err (int code);
-gpg_err_code_t ldap_to_gpg_err (LDAP *ld);
-gpg_error_t ldap_parse_extfilter (const char *string, int silent,
-                                  char **r_base, int *r_scope, char **r_filter);
-
-
-#endif /*DIRMNGR_LDAP_MISC_H*/
+#endif /*GNUPG_G10_OBJCACHE_H*/
diff --git a/g10/openfile.c b/g10/openfile.c
index 6f4e889..12a232a 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -64,7 +64,7 @@ overwrite_filep( const char *fname )
   if ( iobuf_is_pipe_filename (fname) )
     return 1; /* Writing to stdout is always okay.  */
 
-  if ( gnupg_access( fname, F_OK ) )
+  if ( access( fname, F_OK ) )
     return 1; /* Does not exist.  */
 
   if ( !compare_filenames (fname, NAME_OF_DEV_NULL) )
@@ -171,32 +171,34 @@ ask_outfile_name( const char *name, size_t namelen )
  *	2 = use ".sig"
  *      3 = use ".rev"
  *
- * If INP_FD is not -1 the function simply creates an IOBUF for that
- * file descriptor and ignore INAME and MODE.  Note that INP_FD won't
- * be closed if the returned IOBUF is closed.  With RESTRICTEDPERM a
- * file will be created with mode 700 if possible.
- */
+ * With RESTRICTEDPERM a file will be created with mode 700 if
+ * possible.
+ *
+ * If OUT_FD is not -1 the function simply creates an IOBUF for that
+ * file descriptor and ignores INAME and MODE.  Note that OUT_FD won't
+ * be closed if the returned IOBUF is closed.  This is used for gpg's
+ * --server mode.  */
 int
-open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
+open_outfile (int out_fd, const char *iname, int mode, int restrictedperm,
               iobuf_t *a)
 {
   int rc = 0;
 
   *a = NULL;
-  if (inp_fd != -1)
+  if (out_fd != -1)
     {
       char xname[64];
 
-      *a = iobuf_fdopen_nc (inp_fd, "wb");
+      *a = iobuf_fdopen_nc (out_fd, "wb");
       if (!*a)
         {
           rc = gpg_error_from_syserror ();
-          snprintf (xname, sizeof xname, "[fd %d]", inp_fd);
+          snprintf (xname, sizeof xname, "[fd %d]", out_fd);
           log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (rc));
         }
       else if (opt.verbose)
         {
-          snprintf (xname, sizeof xname, "[fd %d]", inp_fd);
+          snprintf (xname, sizeof xname, "[fd %d]", out_fd);
           log_info (_("writing to '%s'\n"), xname);
         }
     }
diff --git a/g10/options.h b/g10/options.h
index b11e91c..958d3fb 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -31,14 +31,9 @@
 #include "../common/compliance.h"
 
 
-/* Object to hold information pertaining to a keyserver; it also
-   allows building a list of keyservers.  For historic reasons this is
-   not a strlist_t.  */
-struct keyserver_spec
-{
-  struct keyserver_spec *next;
-  char *uri;
-};
+/* Declaration of a keyserver spec type.  The definition is found in
+   ../common/keyserver.h.  */
+struct keyserver_spec;
 typedef struct keyserver_spec *keyserver_spec_t;
 
 
@@ -59,6 +54,9 @@ struct
    * progress info and to decide on how to allocate buffers.  */
   uint64_t input_size_hint;
 
+  /* The AEAD chunk size expressed as a power of 2.  */
+  int chunk_size;
+
   int dry_run;
   int autostart;
   int list_only;
@@ -79,6 +77,7 @@ struct
   int with_fingerprint; /* Option --with-fingerprint active.  */
   int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active.  */
   int with_keygrip;     /* Option --with-keygrip active.  */
+  int with_key_screening;/* Option --with-key-screening active.  */
   int with_tofu_info;   /* Option --with-tofu_info active.  */
   int with_secret;      /* Option --with-secret active.  */
   int with_wkd_hash;    /* Option --with-wkd-hash.  */
@@ -88,6 +87,10 @@ struct
   int no_armor;
   int list_packets; /* Option --list-packets active.  */
   int def_cipher_algo;
+  int def_aead_algo;
+  int force_mdc;
+  int disable_mdc;
+  int force_aead;
   int def_digest_algo;
   int cert_digest_algo;
   int compress_algo;
@@ -115,6 +118,7 @@ struct
   int completes_needed;
   int max_cert_depth;
   const char *agent_program;
+  const char *keyboxd_program;
   const char *dirmngr_program;
   int disable_dirmngr;
 
@@ -171,6 +175,7 @@ struct
   const char *def_preference_list;
   const char *def_keyserver_url;
   prefitem_t *personal_cipher_prefs;
+  prefitem_t *personal_aead_prefs;
   prefitem_t *personal_digest_prefs;
   prefitem_t *personal_compress_prefs;
   struct weakhash *weak_digests;
@@ -214,7 +219,6 @@ struct
   unsigned int screen_lines;
   byte *show_subpackets;
   int rfc2440_text;
-  unsigned int min_rsa_length;   /* Used for compliance checks.  */
 
   /* If true, let write failures on the status-fd exit the process. */
   int exit_on_status_write_error;
@@ -233,10 +237,9 @@ struct
     unsigned int use_embedded_filename:1;
     unsigned int utf8_filename:1;
     unsigned int dsa2:1;
-    unsigned int allow_multiple_messages:1;
+    unsigned int allow_old_cipher_algos:1;
     unsigned int allow_weak_digest_algos:1;
     unsigned int allow_weak_key_signatures:1;
-    unsigned int override_compliance_check:1;
     unsigned int large_rsa:1;
     unsigned int disable_signer_uid:1;
     unsigned int include_key_block:1;
@@ -248,14 +251,11 @@ struct
     /* Force the use of the OpenPGP card and do not allow the use of
      * another card.  */
     unsigned int use_only_openpgp_card:1;
+    unsigned int full_timestrings:1;
     /* Force signing keys even if a key signature already exists.  */
     unsigned int force_sign_key:1;
-    /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has
-     * been set by the user and is not the default value.  */
-    unsigned int expl_import_self_sigs_only:1;
-    /* Fail if an operation can't be done in the requested compliance
-     * mode.  */
-    unsigned int require_compliance:1;
+    /* On key generation do not set the ownertrust.  */
+    unsigned int no_auto_trust_new_key:1;
   } flags;
 
   /* Linked list of ways to find a key if the key isn't on the local
@@ -290,6 +290,8 @@ struct
   int only_sign_text_ids;
 
   int no_symkey_cache;   /* Disable the cache used for --symmetric.  */
+
+  int use_keyboxd;       /* Use the external keyboxd as storage backend.  */
 } opt;
 
 /* CTRL is used to keep some global variables we currently can't
@@ -334,7 +336,6 @@ struct {
 #define DBG_TRUST  (opt.debug & DBG_TRUST_VALUE)
 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
 #define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
-#define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
 #define DBG_CLOCK   (opt.debug & DBG_CLOCK_VALUE)
 #define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
 #define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
@@ -351,10 +352,9 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
 #define RFC2440 (opt.compliance==CO_RFC2440)
 #define RFC4880 (opt.compliance==CO_RFC4880)
-#define PGP6    (opt.compliance==CO_PGP6)
 #define PGP7    (opt.compliance==CO_PGP7)
 #define PGP8    (opt.compliance==CO_PGP8)
-#define PGPX    (PGP6 || PGP7 || PGP8)
+#define PGPX    (PGP7 || PGP8)
 
 /* Various option flags.  Note that there should be no common string
    names between the IMPORT_ and EXPORT_ flags as they can be mixed in
@@ -374,6 +374,9 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define IMPORT_REPAIR_KEYS               (1<<11)
 #define IMPORT_DRY_RUN                   (1<<12)
 #define IMPORT_SELF_SIGS_ONLY            (1<<14)
+#define IMPORT_COLLAPSE_UIDS             (1<<15)
+#define IMPORT_COLLAPSE_SUBKEYS          (1<<16)
+#define IMPORT_BULK                      (1<<17)
 
 #define EXPORT_LOCAL_SIGS                (1<<0)
 #define EXPORT_ATTRIBUTES                (1<<1)
@@ -381,7 +384,6 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define EXPORT_RESET_SUBKEY_PASSWD       (1<<3)
 #define EXPORT_MINIMAL                   (1<<4)
 #define EXPORT_CLEAN                     (1<<5)
-#define EXPORT_PKA_FORMAT                (1<<6)
 #define EXPORT_DANE_FORMAT               (1<<7)
 #define EXPORT_BACKUP                    (1<<10)
 
@@ -399,6 +401,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define LIST_SHOW_SIG_SUBPACKETS         (1<<10)
 #define LIST_SHOW_USAGE                  (1<<11)
 #define LIST_SHOW_ONLY_FPR_MBOX          (1<<12)
+#define LIST_SORT_SIGS                   (1<<13)
 
 #define VERIFY_SHOW_PHOTOS               (1<<0)
 #define VERIFY_SHOW_POLICY_URLS          (1<<1)
@@ -408,8 +411,6 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define VERIFY_SHOW_KEYSERVER_URLS       (1<<4)
 #define VERIFY_SHOW_UID_VALIDITY         (1<<5)
 #define VERIFY_SHOW_UNUSABLE_UIDS        (1<<6)
-#define VERIFY_PKA_LOOKUPS               (1<<7)
-#define VERIFY_PKA_TRUST_INCREASE        (1<<8)
 #define VERIFY_SHOW_PRIMARY_UID_ONLY     (1<<9)
 
 #define KEYSERVER_HTTP_PROXY             (1<<0)
@@ -417,7 +418,6 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define KEYSERVER_ADD_FAKE_V3            (1<<2)
 #define KEYSERVER_AUTO_KEY_RETRIEVE      (1<<3)
 #define KEYSERVER_HONOR_KEYSERVER_URL    (1<<4)
-#define KEYSERVER_HONOR_PKA_RECORD       (1<<5)
 
 
 #endif /*G10_OPTIONS_H*/
diff --git a/g10/packet.h b/g10/packet.h
index 7f7608c..b27becc 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -99,11 +99,11 @@ typedef struct
 /* A symmetric-key encrypted session key packet as defined in RFC
    4880, Section 5.3.  All fields are serialized.  */
 typedef struct {
-  /* RFC 4880: this must be 4.  */
+  /* We support version 4 (rfc4880) and 5 (rfc4880bis).  */
   byte version;
-  /* The cipher algorithm used to encrypt the session key.  (This may
-     be different from the algorithm that is used to encrypt the SED
-     packet.)  */
+  /* The cipher algorithm used to encrypt the session key.  Note that
+   * this may be different from the algorithm that is used to encrypt
+   * bulk data.  */
   byte cipher_algo;
   /* The AEAD algorithm or 0 for CFB encryption.  */
   byte aead_algo;
@@ -136,6 +136,17 @@ typedef struct {
 } PKT_pubkey_enc;
 
 
+/* An object to build a list of public-key encrypted session key.  */
+struct pubkey_enc_list
+{
+  struct pubkey_enc_list *next;
+  u32 keyid[2];
+  int pubkey_algo;
+  int result;
+  gcry_mpi_t data[PUBKEY_MAX_NENC];
+};
+
+
 /* A one-pass signature packet as defined in RFC 4880, Section
    5.4.  All fields are serialized.  */
 typedef struct {
@@ -175,24 +186,13 @@ struct revocation_key {
   byte class;
   /* The public-key algorithm ID.  */
   byte algid;
+  /* The length of the fingerprint.  */
+  byte fprlen;
   /* The fingerprint of the authorized key.  */
   byte fpr[MAX_FINGERPRINT_LEN];
 };
 
 
-/* Object to keep information about a PKA DNS record. */
-typedef struct
-{
-  int valid;    /* An actual PKA record exists for EMAIL. */
-  int checked;  /* Set to true if the FPR has been checked against the
-                   actual key. */
-  char *uri;    /* Malloced string with the URI. NULL if the URI is
-                   not available.*/
-  unsigned char fpr[20]; /* The fingerprint as stored in the PKA RR. */
-  char email[1];/* The email address from the notation data. */
-} pka_info_t;
-
-
 /* A signature packet (RFC 4880, Section 5.2).  Only a subset of these
    fields are directly serialized (these are marked as such); the rest
    are read from the subpackets, which are not synthesized when
@@ -213,7 +213,6 @@ typedef struct
     unsigned pref_ks:1;     /* At least one preferred keyserver is present */
     unsigned key_block:1;   /* A key block subpacket is present.  */
     unsigned expired:1;
-    unsigned pka_tried:1;   /* Set if we tried to retrieve the PKA record. */
   } flags;
   /* The key that allegedly generated this signature.  (Directly
      serialized in v3 sigs; for v4 sigs, this must be explicitly added
@@ -240,9 +239,7 @@ typedef struct
   const byte *trust_regexp;
   struct revocation_key *revkey;
   int numrevkeys;
-  int help_counter;          /* Used internally bu some fucntions.  */
-  pka_info_t *pka_info;      /* Malloced PKA data or NULL if not
-                                available.  See also flags.pka_tried. */
+  int help_counter;          /* Used internally bu some functions.  */
   char *signers_uid;         /* Malloced value of the SIGNERS_UID
                               * subpacket or NULL.  This string has
                               * already been sanitized.  */
@@ -305,6 +302,9 @@ typedef struct
     unsigned int ks_modify:1;
     unsigned int compacted:1;
     unsigned int primary:2; /* 2 if set via the primary flag, 1 if calculated */
+                            /* Note that this flag is set in a
+                             * keyblock at max for one User ID and for
+                             * one User Attribute per keyblock.  */
     unsigned int revoked:1;
     unsigned int expired:1;
   } flags;
@@ -387,6 +387,7 @@ typedef struct
   byte    pubkey_algo;
   byte    pubkey_usage;   /* for now only used to pass it to getkey() */
   byte    req_usage;      /* hack to pass a request to getkey() */
+  byte    fprlen;         /* 0 or length of FPR.  */
   u32     has_expired;    /* set to the expiration date if expired */
   /* keyid of the primary key.  Never access this value directly.
      Instead, use pk_main_keyid().  */
@@ -394,6 +395,8 @@ typedef struct
   /* keyid of this key.  Never access this value directly!  Instead,
      use pk_keyid().  */
   u32     keyid[2];
+  /* Fingerprint of the key.  Only valid if FPRLEN is not 0.  */
+  byte    fpr[MAX_FINGERPRINT_LEN];
   prefitem_t *prefs;      /* list of preferences (may be NULL) */
   struct
   {
@@ -485,7 +488,7 @@ typedef struct {
      Note: this is ignored when encrypting.  */
   byte is_partial;
   /* If 0, MDC is disabled.  Otherwise, the MDC method that was used
-     (currently, only DIGEST_ALGO_SHA1 is supported).  */
+     (only DIGEST_ALGO_SHA1 has ever been defined).  */
   byte mdc_method;
   /* If 0, AEAD is not used.  Otherwise, the used AEAD algorithm.
    * MDC_METHOD (above) shall be zero if AEAD is used.  */
@@ -760,58 +763,61 @@ int skip_some_packets (iobuf_t inp, unsigned int n);
 int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
 		     PKT_signature *sig );
 
-/* Given a subpacket area (typically either PKT_signature.hashed or
-   PKT_signature.unhashed), either:
-
-     - test whether there are any subpackets with the critical bit set
-       that we don't understand,
-
-     - list the subpackets, or,
-
-     - find a subpacket with a specific type.
-
-   REQTYPE indicates the type of operation.
-
-   If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
-   whether there are any subpackets that have the critical bit and
-   which GnuPG cannot handle.  If GnuPG understands all subpackets
-   whose critical bit is set, then this function returns simply
-   returns SUBPKTS.  If there is a subpacket whose critical bit is set
-   and which GnuPG does not understand, then this function returns
-   NULL and, if START is not NULL, sets *START to the 1-based index of
-   the subpacket that violates the constraint.
-
-   If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
-   packets are dumped.  Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
-   this function does not check whether the hash is correct; this is
-   merely an indication of the section that the subpackets came from.
-
-   If REQTYPE is anything else, then this function interprets the
-   values as a subpacket type and looks for the first subpacket with
-   that type.  If such a packet is found, *CRITICAL (if not NULL) is
-   set if the critical bit was set, *RET_N is set to the offset of the
-   subpacket's content within the SUBPKTS buffer, *START is set to the
-   1-based index of the subpacket within the buffer, and returns
-   &SUBPKTS[*RET_N].
-
-   *START is the number of initial subpackets to not consider.  Thus,
-   if *START is 2, then the first 2 subpackets are ignored.  */
-const byte *enum_sig_subpkt ( const subpktarea_t *subpkts,
-                              sigsubpkttype_t reqtype,
-                              size_t *ret_n, int *start, int *critical );
+/* Given a signature packet, either:
+ *
+ *   - test whether there are any subpackets with the critical bit set
+ *     that we don't understand,
+ *
+ *   - list the subpackets, or,
+ *
+ *   - find a subpacket with a specific type.
+ *
+ * The WANT_HASHED flag indicates that the hashed area shall be
+ * considered.
+ *
+ * REQTYPE indicates the type of operation.
+ *
+ * If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
+ * whether there are any subpackets that have the critical bit and
+ * which GnuPG cannot handle.  If GnuPG understands all subpackets
+ * whose critical bit is set, then this function returns simply
+ * returns SUBPKTS.  If there is a subpacket whose critical bit is set
+ * and which GnuPG does not understand, then this function returns
+ * NULL and, if START is not NULL, sets *START to the 1-based index of
+ * the subpacket that violates the constraint.
+ *
+ * If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
+ * packets are dumped.  Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
+ * this function does not check whether the hash is correct; this is
+ * merely an indication of the section that the subpackets came from.
+ *
+ * If REQTYPE is anything else, then this function interprets the
+ * values as a subpacket type and looks for the first subpacket with
+ * that type.  If such a packet is found, *CRITICAL (if not NULL) is
+ * set if the critical bit was set, *RET_N is set to the offset of the
+ * subpacket's content within the SUBPKTS buffer, *START is set to the
+ * 1-based index of the subpacket within the buffer, and returns
+ * &SUBPKTS[*RET_N].
+ *
+ * *START is the number of initial subpackets to not consider.  Thus,
+ * if *START is 2, then the first 2 subpackets are ignored.
+ */
+const byte *enum_sig_subpkt (PKT_signature *sig, int want_hashed,
+                             sigsubpkttype_t reqtype,
+                             size_t *ret_n, int *start, int *critical );
 
 /* Shorthand for:
-
-     enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); */
-const byte *parse_sig_subpkt ( const subpktarea_t *buffer,
-                               sigsubpkttype_t reqtype,
-                               size_t *ret_n );
+ *
+ *    enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
+ */
+const byte *parse_sig_subpkt (PKT_signature *sig, int want_hashed,
+                              sigsubpkttype_t reqtype,
+                              size_t *ret_n );
 
 /* This calls parse_sig_subpkt first on the hashed signature area in
-   SIG and then, if that returns NULL, calls parse_sig_subpkt on the
-   unhashed subpacket area in SIG.  */
-const byte *parse_sig_subpkt2 ( PKT_signature *sig,
-                                sigsubpkttype_t reqtype);
+ * SIG and then, if that returns NULL, calls parse_sig_subpkt on the
+ * unhashed subpacket area in SIG.  */
+const byte *parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype);
 
 /* Returns whether the N byte large buffer BUFFER is sufficient to
    hold a subpacket of type TYPE.  Note: the buffer refers to the
@@ -844,9 +850,10 @@ PACKET *create_gpg_control ( ctrlpkttype_t type,
                              size_t datalen );
 
 /*-- build-packet.c --*/
+gpg_error_t build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf);
 int build_packet (iobuf_t out, PACKET *pkt);
 gpg_error_t build_packet_and_meta (iobuf_t out, PACKET *pkt);
-gpg_error_t gpg_mpi_write (iobuf_t out, gcry_mpi_t a);
+gpg_error_t gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *t_nwritten);
 gpg_error_t gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a);
 u32 calc_packet_length( PACKET *pkt );
 void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
@@ -893,22 +900,22 @@ int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest);
  * it and verifying the signature.  FOCRED_PK is usually NULL. */
 gpg_error_t check_signature2 (ctrl_t ctrl,
                               PKT_signature *sig, gcry_md_hd_t digest,
+                              const void *extrahash, size_t extrahashlen,
                               PKT_public_key *forced_pk,
                               u32 *r_expiredate, int *r_expired, int *r_revoked,
                               PKT_public_key **r_pk);
 
 
 /*-- pubkey-enc.c --*/
-gpg_error_t get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek);
+gpg_error_t get_session_key (ctrl_t ctrl, struct pubkey_enc_list *k, DEK *dek);
 gpg_error_t get_override_session_key (DEK *dek, const char *string);
 
 /*-- compress.c --*/
 int handle_compressed (ctrl_t ctrl, void *ctx, PKT_compressed *cd,
 		       int (*callback)(iobuf_t, void *), void *passthru );
 
-/*-- decrypt-data.c --*/
-int decrypt_data (ctrl_t ctrl, void *ctx, PKT_encrypted *ed, DEK *dek,
-                  int *compliance_error);
+/*-- encr-data.c --*/
+int decrypt_data (ctrl_t ctrl, void *ctx, PKT_encrypted *ed, DEK *dek );
 
 /*-- plaintext.c --*/
 gpg_error_t get_output_file (const byte *embedded_name, int embedded_namelen,
@@ -922,7 +929,7 @@ int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
 int make_keysig_packet (ctrl_t ctrl,
                         PKT_signature **ret_sig, PKT_public_key *pk,
 			PKT_user_id *uid, PKT_public_key *subpk,
-			PKT_public_key *pksk, int sigclass, int digest_algo,
+			PKT_public_key *pksk, int sigclass,
 			u32 timestamp, u32 duration,
 			int (*mksubpkt)(PKT_signature *, void *),
 			void *opaque,
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 5fea1ac..bb05eab 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1,7 +1,6 @@
 /* parse-packet.c  - read packets
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- *               2007, 2009, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 1998-2007, 2009-2010 Free Software Foundation, Inc.
+ * Copyright (C) 2014, 2018 Werner Koch
  * Copyright (C) 2015 g10 Code GmbH
  *
  * This file is part of GnuPG.
@@ -18,6 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
  */
 
 #include <config.h>
@@ -188,10 +188,10 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
 }
 
 
-/* Read an external representation (which is possibly an SOS) and
-   return the MPI.  The external format is a 16-bit unsigned value
-   stored in network byte order giving information for the following
-   octets.
+/* Read an external representation of an SOS and return the opaque MPI
+   with GCRYMPI_FLAG_USER2.  The external format is a 16-bit unsigned
+   value stored in network byte order giving information for the
+   following octets.
 
    The caller must set *RET_NREAD to the maximum number of bytes to
    read from the pipeline INP.  This function sets *RET_NREAD to be
@@ -200,12 +200,11 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
    If SECURE is true, the integer is stored in secure memory
    (allocated using gcry_xmalloc_secure).  */
 static gcry_mpi_t
-mpi_read_detect_0_removal (iobuf_t inp, unsigned int *ret_nread, int secure,
-                           u16 *r_csum_tweak)
+sos_read (iobuf_t inp, unsigned int *ret_nread, int secure)
 {
   int c, c1, c2, i;
   unsigned int nmax = *ret_nread;
-  unsigned int nbits, nbits1, nbytes;
+  unsigned int nbits, nbytes;
   size_t nread = 0;
   gcry_mpi_t a = NULL;
   byte *buf = NULL;
@@ -230,10 +229,8 @@ mpi_read_detect_0_removal (iobuf_t inp, unsigned int *ret_nread, int secure,
     }
 
   nbytes = (nbits + 7) / 8;
-  buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
+  buf = secure ? gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes);
   p = buf;
-  p[0] = c1;
-  p[1] = c2;
   for (i = 0; i < nbytes; i++)
     {
       if (nread == nmax)
@@ -243,29 +240,13 @@ mpi_read_detect_0_removal (iobuf_t inp, unsigned int *ret_nread, int secure,
       if (c == -1)
         goto leave;
 
-      p[i + 2] = c;
-
+      p[i] = c;
       nread ++;
     }
 
-  if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
-    a = NULL;
-
-  /* Possibly, it has leading zeros.  */
-  if (a)
-    {
-      nbits1 = gcry_mpi_get_nbits (a);
-      if (nbits > nbits1)
-        {
-          *r_csum_tweak -= (nbits >> 8);
-          *r_csum_tweak -= (nbits & 0xff);
-          *r_csum_tweak += (nbits1 >> 8);
-          *r_csum_tweak += (nbits1 & 0xff);
-        }
-    }
-
+  a = gcry_mpi_set_opaque (NULL, buf, nbits);
+  gcry_mpi_set_flag (a, GCRYMPI_FLAG_USER2);
   *ret_nread = nread;
-  gcry_free(buf);
   return a;
 
  overflow:
@@ -287,9 +268,7 @@ register_known_notation (const char *string)
     {
       sl = add_to_strlist (&known_notations_list,
                            "preferred-email-encoding@pgp.com");
-      sl->flags = 32;
-      sl = add_to_strlist (&known_notations_list, "pka-address@gnupg.org");
-      sl->flags = 21;
+      sl->flags = 32;  /* Length of the string.  */
     }
   if (!string)
     return; /* Only initialized the default known notations.  */
@@ -1326,7 +1305,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       es_fprintf (listfp,
                   ":symkey enc packet: version %d, cipher %d, aead %d,"
-                  "s2k %d, hash %d",
+                  " s2k %d, hash %d",
                   version, cipher_algo, aead_algo, s2kmode, hash_algo);
       if (seskeylen)
         {
@@ -1417,11 +1396,22 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       for (i = 0; i < ndata; i++)
         {
-          if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
+          if (k->pubkey_algo == PUBKEY_ALGO_ECDH)
             {
-              size_t n;
-	      rc = read_size_body (inp, pktlen, &n, k->data+i);
-              pktlen -= n;
+              if (i == 1)
+                {
+                  size_t n;
+                  rc = read_size_body (inp, pktlen, &n, k->data+i);
+                  pktlen -= n;
+                }
+              else
+                {
+                  int n = pktlen;
+                  k->data[i] = sos_read (inp, &n, 0);
+                  pktlen -= n;
+                  if (!k->data[i])
+                    rc = gpg_error (GPG_ERR_INV_PACKET);
+                }
             }
           else
             {
@@ -1449,17 +1439,20 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
 
 
 /* Dump a subpacket to LISTFP.  BUFFER contains the subpacket in
-   question and points to the type field in the subpacket header (not
-   the start of the header).  TYPE is the subpacket's type with the
-   critical bit cleared.  CRITICAL is the value of the CRITICAL bit.
-   BUFLEN is the length of the buffer and LENGTH is the length of the
-   subpacket according to the subpacket's header.  */
+ * question and points to the type field in the subpacket header (not
+ * the start of the header).  TYPE is the subpacket's type with the
+ * critical bit cleared.  CRITICAL is the value of the CRITICAL bit.
+ * BUFLEN is the length of the buffer and LENGTH is the length of the
+ * subpacket according to the subpacket's header.  DIGEST_ALGO is the
+ * digest algo of the signature.  */
 static void
 dump_sig_subpkt (int hashed, int type, int critical,
-		 const byte * buffer, size_t buflen, size_t length)
+		 const byte * buffer, size_t buflen, size_t length,
+                 int digest_algo)
 {
   const char *p = NULL;
   int i;
+  int nprinted;
 
   /* The CERT has warning out with explains how to use GNUPG to detect
    * the ARRs - we print our old message here when it is a faked ARR
@@ -1477,9 +1470,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
   buffer++;
   length--;
 
-  es_fprintf (listfp, "\t%s%ssubpkt %d len %u (",	/*) */
-              critical ? "critical " : "",
-              hashed ? "hashed " : "", type, (unsigned) length);
+  nprinted = es_fprintf (listfp, "\t%s%ssubpkt %d len %u (",	/*) */
+                         critical ? "critical " : "",
+                         hashed ? "hashed " : "", type, (unsigned) length);
+  if (nprinted < 1)
+    nprinted = 1; /*(we use (nprinted-1) later.)*/
   if (length > buflen)
     {
       es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
@@ -1675,6 +1670,30 @@ dump_sig_subpkt (int hashed, int type, int critical,
                     buffer[0] == 3 ? buffer[16] : buffer[3]);
       break;
 
+    case SIGSUBPKT_ATTST_SIGS:
+      {
+        unsigned int hlen;
+
+	es_fputs ("attst-sigs: ", listfp);
+        hlen = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (digest_algo));
+	if (!hlen)
+	  p = "[unknown digest algo]";
+        else if ((length % hlen))
+	  p = "[invalid length]";
+	else
+	  {
+            es_fprintf (listfp, "%u", (unsigned int)length/hlen);
+            while (length)
+              {
+                es_fprintf (listfp, "\n\t%*s", nprinted-1, "");
+                es_write_hexstring (listfp, buffer, hlen, 0, NULL);
+                buffer += hlen;
+                length -= hlen;
+              }
+	  }
+      }
+      break;
+
     case SIGSUBPKT_KEY_BLOCK:
       es_fputs ("key-block: ", listfp);
       if (length && buffer[0])
@@ -1692,6 +1711,7 @@ dump_sig_subpkt (int hashed, int type, int critical,
         }
       break;
 
+
     default:
       if (type >= 100 && type <= 110)
 	p = "experimental / private subpacket";
@@ -1734,6 +1754,7 @@ parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
     case SIGSUBPKT_PREF_KS:
     case SIGSUBPKT_FEATURES:
     case SIGSUBPKT_REGEXP:
+    case SIGSUBPKT_ATTST_SIGS:
       return 0;
     case SIGSUBPKT_SIGNATURE:
     case SIGSUBPKT_EXPORTABLE:
@@ -1746,7 +1767,7 @@ parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
       if (n < 8)
 	break;
       return 0;
-    case SIGSUBPKT_ISSUER_FPR:	/* issuer key ID */
+    case SIGSUBPKT_ISSUER_FPR:	/* issuer key fingerprint */
       if (n < 21)
 	break;
       return 0;
@@ -1826,6 +1847,7 @@ can_handle_critical (const byte * buffer, size_t n, int type)
     case SIGSUBPKT_ISSUER:	/* issuer key ID */
     case SIGSUBPKT_ISSUER_FPR:	/* issuer fingerprint */
     case SIGSUBPKT_PREF_SYM:
+    case SIGSUBPKT_PREF_AEAD:
     case SIGSUBPKT_PREF_HASH:
     case SIGSUBPKT_PREF_COMPR:
     case SIGSUBPKT_KEY_FLAGS:
@@ -1833,6 +1855,7 @@ can_handle_critical (const byte * buffer, size_t n, int type)
     case SIGSUBPKT_FEATURES:
     case SIGSUBPKT_TRUST:
     case SIGSUBPKT_REGEXP:
+    case SIGSUBPKT_ATTST_SIGS:
       /* Is it enough to show the policy or keyserver? */
     case SIGSUBPKT_POLICY:
     case SIGSUBPKT_PREF_KS:
@@ -1852,8 +1875,8 @@ can_handle_critical (const byte * buffer, size_t n, int type)
 
 
 const byte *
-enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
-		 size_t * ret_n, int *start, int *critical)
+enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
+		 size_t *ret_n, int *start, int *critical)
 {
   const byte *buffer;
   int buflen;
@@ -1861,6 +1884,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
   int critical_dummy;
   int offset;
   size_t n;
+  const subpktarea_t *pktbuf = want_hashed? sig->hashed : sig->unhashed;
   int seq = 0;
   int reqseq = start ? *start : 0;
 
@@ -1929,7 +1953,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
 	}
       else if (reqtype < 0) /* List packets.  */
 	dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
-			 type, *critical, buffer, buflen, n);
+			 type, *critical, buffer, buflen, n, sig->digest_algo);
       else if (type == reqtype) /* Found.  */
 	{
 	  buffer++;
@@ -1970,7 +1994,10 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
 
  too_short:
   if (opt.verbose && !glo_ctrl.silence_parse_warnings)
-    log_info ("buffer shorter than subpacket\n");
+    log_printhex (pktbuf->data, pktbuf->len > 16? 16 : pktbuf->len,
+                  "buffer shorter than subpacket (%zu/%d/%zu); dump:",
+                  pktbuf->len, buflen, n);
+
   if (start)
     *start = -1;
   return NULL;
@@ -1985,21 +2012,21 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
 
 
 const byte *
-parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
-		  size_t * ret_n)
+parse_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
+		  size_t *ret_n)
 {
-  return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
+  return enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
 }
 
 
 const byte *
-parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
+parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype)
 {
   const byte *p;
 
-  p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
+  p = parse_sig_subpkt (sig, 1, reqtype, NULL);
   if (!p)
-    p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
+    p = parse_sig_subpkt (sig, 0, reqtype, NULL);
   return p;
 }
 
@@ -2015,24 +2042,26 @@ parse_revkeys (PKT_signature * sig)
   if (sig->sig_class != 0x1F)
     return;
 
-  while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
-				    &len, &seq, NULL)))
+  while ((revkey = enum_sig_subpkt (sig, 1, SIGSUBPKT_REV_KEY,
+                                    &len, &seq, NULL)))
     {
-      if (/* The only valid length is 22 bytes.  See RFC 4880
-	     5.2.3.15.  */
-	  len == 22
-	  /* 0x80 bit must be set on the class.  */
+      /* Consider only valid packets.  They must have a length of
+       * either 2+20 or 2+32 octets and bit 7 of the class octet must
+       * be set.  */
+      if ((len == 22 || len == 34)
           && (revkey[0] & 0x80))
 	{
 	  sig->revkey = xrealloc (sig->revkey,
 				  sizeof (struct revocation_key) *
 				  (sig->numrevkeys + 1));
 
-	  /* Copy the individual fields.  */
 	  sig->revkey[sig->numrevkeys].class = revkey[0];
 	  sig->revkey[sig->numrevkeys].algid = revkey[1];
-	  memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
-
+          len -= 2;
+	  sig->revkey[sig->numrevkeys].fprlen = len;
+	  memcpy (sig->revkey[sig->numrevkeys].fpr, revkey+2, len);
+	  memset (sig->revkey[sig->numrevkeys].fpr+len, 0,
+                  sizeof (sig->revkey[sig->numrevkeys].fpr) - len);
 	  sig->numrevkeys++;
 	}
     }
@@ -2045,7 +2074,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 {
   int md5_len = 0;
   unsigned n;
-  int is_v4 = 0;
+  int is_v4or5 = 0;
   int rc = 0;
   int i, ndata;
 
@@ -2058,8 +2087,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
     }
   sig->version = iobuf_get_noeof (inp);
   pktlen--;
-  if (sig->version == 4)
-    is_v4 = 1;
+  if (sig->version == 4 || sig->version == 5)
+    is_v4or5 = 1;
   else if (sig->version != 2 && sig->version != 3)
     {
       log_error ("packet(%d) with unknown version %d\n",
@@ -2070,7 +2099,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       goto leave;
     }
 
-  if (!is_v4)
+  if (!is_v4or5)
     {
       if (pktlen == 0)
 	goto underflow;
@@ -2081,7 +2110,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
     goto underflow;
   sig->sig_class = iobuf_get_noeof (inp);
   pktlen--;
-  if (!is_v4)
+  if (!is_v4or5)
     {
       if (pktlen < 12)
 	goto underflow;
@@ -2100,7 +2129,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   pktlen--;
   sig->flags.exportable = 1;
   sig->flags.revocable = 1;
-  if (is_v4) /* Read subpackets.  */
+  if (is_v4or5) /* Read subpackets.  */
     {
       if (pktlen < 2)
 	goto underflow;
@@ -2171,49 +2200,62 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   sig->digest_start[1] = iobuf_get_noeof (inp);
   pktlen--;
 
-  if (is_v4 && sig->pubkey_algo)  /* Extract required information.  */
+  if (is_v4or5 && sig->pubkey_algo)  /* Extract required information.  */
     {
       const byte *p;
       size_t len;
 
       /* Set sig->flags.unknown_critical if there is a critical bit
        * set for packets which we do not understand.  */
-      if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
-	  || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
+      if (!parse_sig_subpkt (sig, 1, SIGSUBPKT_TEST_CRITICAL, NULL)
+	  || !parse_sig_subpkt (sig, 0, SIGSUBPKT_TEST_CRITICAL, NULL))
 	sig->flags.unknown_critical = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_CREATED, NULL);
       if (p)
 	sig->timestamp = buf32_to_u32 (p);
       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
 	       && opt.verbose && !glo_ctrl.silence_parse_warnings)
 	log_info ("signature packet without timestamp\n");
 
-      p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
-      if (p)
-	{
-	  sig->keyid[0] = buf32_to_u32 (p);
+      /* Set the key id.  We first try the issuer fingerprint and if
+       * it is a v4 signature the fallback to the issuer.  Note that
+       * only the issuer packet is also searched in the unhashed area.  */
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &len);
+      if (p && len == 21 && p[0] == 4)
+        {
+          sig->keyid[0] = buf32_to_u32 (p + 1 + 12);
+	  sig->keyid[1] = buf32_to_u32 (p + 1 + 16);
+	}
+      else if (p && len == 33 && p[0] == 5)
+        {
+          sig->keyid[0] = buf32_to_u32 (p + 1 );
+	  sig->keyid[1] = buf32_to_u32 (p + 1 + 4);
+	}
+      else if ((p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER)))
+        {
+          sig->keyid[0] = buf32_to_u32 (p);
 	  sig->keyid[1] = buf32_to_u32 (p + 4);
 	}
       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
 	       && opt.verbose && !glo_ctrl.silence_parse_warnings)
 	log_info ("signature packet without keyid\n");
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL);
       if (p && buf32_to_u32 (p))
 	sig->expiredate = sig->timestamp + buf32_to_u32 (p);
       if (sig->expiredate && sig->expiredate <= make_timestamp ())
 	sig->flags.expired = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, NULL);
       if (p)
 	sig->flags.policy_url = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, NULL);
       if (p)
 	sig->flags.pref_ks = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIGNERS_UID, &len);
       if (p && len)
         {
           char *mbox;
@@ -2224,7 +2266,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
               rc = gpg_error_from_syserror ();
               goto leave;
             }
-          mbox = mailbox_from_userid (sig->signers_uid);
+          mbox = mailbox_from_userid (sig->signers_uid, 0);
           if (mbox)
             {
               xfree (sig->signers_uid);
@@ -2232,19 +2274,19 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
             }
         }
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_BLOCK, NULL);
       if (p)
-	sig->flags.notation = 1;
+        sig->flags.key_block = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_BLOCK, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, NULL);
       if (p)
-        sig->flags.key_block = 1;
+	sig->flags.notation = 1;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_REVOCABLE, NULL);
       if (p && *p == 0)
 	sig->flags.revocable = 0;
 
-      p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
+      p = parse_sig_subpkt (sig, 1, SIGSUBPKT_TRUST, &len);
       if (p && len == 2)
 	{
 	  sig->trust_depth = p[0];
@@ -2253,7 +2295,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	  /* Only look for a regexp if there is also a trust
 	     subpacket. */
 	  sig->trust_regexp =
-	    parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
+	    parse_sig_subpkt (sig, 1, SIGSUBPKT_REGEXP, &len);
 
 	  /* If the regular expression is of 0 length, there is no
 	     regular expression. */
@@ -2284,10 +2326,10 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
                   (ulong) sig->keyid[0], (ulong) sig->keyid[1],
                   sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
                   sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
-      if (is_v4)
+      if (is_v4or5)
 	{
-	  parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
-	  parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
+	  parse_sig_subpkt (sig, 1, SIGSUBPKT_LIST_HASHED, NULL);
+	  parse_sig_subpkt (sig, 0, SIGSUBPKT_LIST_UNHASHED, NULL);
 	}
     }
 
@@ -2309,10 +2351,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
       else
 	{
-          void *tmpp;
-
-          tmpp = read_rest (inp, pktlen);
-	  sig->data[0] = gcry_mpi_set_opaque (NULL, tmpp, tmpp? pktlen * 8 : 0);
+	  sig->data[0] =
+	    gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
 	  pktlen = 0;
 	}
     }
@@ -2321,7 +2361,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       for (i = 0; i < ndata; i++)
 	{
 	  n = pktlen;
-	  sig->data[i] = mpi_read (inp, &n, 0);
+          if (sig->pubkey_algo == PUBKEY_ALGO_ECDSA
+              || sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
+            sig->data[i] = sos_read (inp, &n, 0);
+          else
+            sig->data[i] = mpi_read (inp, &n, 0);
 	  pktlen -= n;
 	  if (list_mode)
 	    {
@@ -2412,6 +2456,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
   int npkey, nskey;
   u32 keyid[2];
   PKT_public_key *pk;
+  int is_v5;
+  unsigned int pkbytes; /* For v5 keys: Number of bytes in the public
+                         * key material.  For v4 keys: 0.  */
 
   (void) hdr;
 
@@ -2443,10 +2490,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
       return 0;
     }
   else if (version == 4)
-    {
-      /* The only supported version.  Use an older gpg
-         version (i.e. gpg 1.4) to parse v3 packets.  */
-    }
+    is_v5 = 0;
+  else if (version == 5)
+    is_v5 = 1;
   else if (version == 2 || version == 3)
     {
       /* Not anymore supported since 2.1.  Use an older gpg version
@@ -2464,11 +2510,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
       if (list_mode)
         es_fputs (":key packet: [unknown version]\n", listfp);
-      err = gpg_error (GPG_ERR_UNKNOWN_VERSION);
+      err = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
 
-  if (pktlen < 11)
+  if (pktlen < (is_v5? 15:11))
     {
       log_error ("packet(%d) too short\n", pkttype);
       if (list_mode)
@@ -2480,7 +2526,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       log_error ("packet(%d) too large\n", pkttype);
       if (list_mode)
-        es_fputs (":key packet: [too larget]\n", listfp);
+        es_fputs (":key packet: [too large]\n", listfp);
       err = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -2491,14 +2537,28 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
   max_expiredate = 0;
   algorithm = iobuf_get_noeof (inp);
   pktlen--;
+  if (is_v5)
+    {
+      pkbytes = read_32 (inp);
+      pktlen -= 4;
+    }
+  else
+    pkbytes = 0;
+
   if (list_mode)
-    es_fprintf (listfp, ":%s key packet:\n"
-                "\tversion %d, algo %d, created %lu, expires %lu\n",
-                pkttype == PKT_PUBLIC_KEY ? "public" :
-                pkttype == PKT_SECRET_KEY ? "secret" :
-                pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
-                pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
-                version, algorithm, timestamp, expiredate);
+    {
+      es_fprintf (listfp, ":%s key packet:\n"
+                  "\tversion %d, algo %d, created %lu, expires %lu",
+                  pkttype == PKT_PUBLIC_KEY ? "public" :
+                  pkttype == PKT_SECRET_KEY ? "secret" :
+                  pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
+                  pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
+                  version, algorithm, timestamp, expiredate);
+      if (is_v5)
+        es_fprintf (listfp, ", pkbytes %u\n", pkbytes);
+      else
+        es_fprintf (listfp, "\n");
+    }
 
   pk->timestamp = timestamp;
   pk->expiredate = expiredate;
@@ -2520,10 +2580,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
   if (!npkey)
     {
       /* Unknown algorithm - put data into an opaque MPI.  */
-      void *tmpp = read_rest (inp, pktlen);
-      /* Current gcry_mpi_cmp does not handle a (NULL,n>0) nicely and
-       * thus we avoid to create such an MPI.  */
-      pk->pkey[0] = gcry_mpi_set_opaque (NULL, tmpp, tmpp? pktlen * 8 : 0);
+      pk->pkey[0] = gcry_mpi_set_opaque (NULL,
+                                         read_rest (inp, pktlen), pktlen * 8);
       pktlen = 0;
       goto leave;
     }
@@ -2535,7 +2593,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
                || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
                || (algorithm == PUBKEY_ALGO_ECDH  && (i == 0 || i == 2)))
             {
-              /* Read the OID (i==1) or the KDF params (i==2).  */
+              /* Read the OID (i==0) or the KDF params (i==2).  */
               size_t n;
 	      err = read_size_body (inp, pktlen, &n, pk->pkey+i);
               pktlen -= n;
@@ -2543,7 +2601,12 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
           else
             {
               unsigned int n = pktlen;
-              pk->pkey[i] = mpi_read (inp, &n, 0);
+              if (algorithm == PUBKEY_ALGO_ECDSA
+                  || algorithm == PUBKEY_ALGO_EDDSA
+                  || algorithm == PUBKEY_ALGO_ECDH)
+                pk->pkey[i] = sos_read (inp, &n, 0);
+              else
+                pk->pkey[i] = mpi_read (inp, &n, 0);
               pktlen -= n;
               if (!pk->pkey[i])
                 err = gpg_error (GPG_ERR_INV_PACKET);
@@ -2575,6 +2638,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
       struct seckey_info *ski;
       byte temp[16];
       size_t snlen = 0;
+      unsigned int skbytes;
 
       if (pktlen < 1)
         {
@@ -2591,23 +2655,42 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 
       ski->algo = iobuf_get_noeof (inp);
       pktlen--;
+
+      if (is_v5)
+        {
+          unsigned int protcount = 0;
+
+          /* Read the one octet count of the following key-protection
+           * material.  Only required in case of unknown values. */
+          if (!pktlen)
+            {
+              err = gpg_error (GPG_ERR_INV_PACKET);
+              goto leave;
+            }
+          protcount = iobuf_get_noeof (inp);
+          pktlen--;
+          if (list_mode)
+            es_fprintf (listfp, "\tprotbytes: %u\n", protcount);
+        }
+
       if (ski->algo)
 	{
 	  ski->is_protected = 1;
 	  ski->s2k.count = 0;
 	  if (ski->algo == 254 || ski->algo == 255)
 	    {
-	      if (pktlen < 3)
+              if (pktlen < 3)
 		{
 		  err = gpg_error (GPG_ERR_INV_PACKET);
 		  goto leave;
 		}
-	      ski->sha1chk = (ski->algo == 254);
+
+              ski->sha1chk = (ski->algo == 254);
 	      ski->algo = iobuf_get_noeof (inp);
 	      pktlen--;
 	      /* Note that a ski->algo > 110 is illegal, but I'm not
-	         erroring on it here as otherwise there would be no
-	         way to delete such a key.  */
+	       * erroring out here as otherwise there would be no way
+	       * to delete such a key.  */
 	      ski->s2k.mode = iobuf_get_noeof (inp);
 	      pktlen--;
 	      ski->s2k.hash_algo = iobuf_get_noeof (inp);
@@ -2633,10 +2716,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		}
 
               /* Read the salt.  */
-	      switch (ski->s2k.mode)
+	      if (ski->s2k.mode == 3 || ski->s2k.mode == 1)
 		{
-		case 1:
-		case 3:
 		  for (i = 0; i < 8 && pktlen; i++, pktlen--)
 		    temp[i] = iobuf_get_noeof (inp);
                   if (i < 8)
@@ -2645,7 +2726,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		      goto leave;
                     }
 		  memcpy (ski->s2k.salt, temp, 8);
-		  break;
 		}
 
               /* Check the mode.  */
@@ -2745,7 +2825,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	   *   ski->ivlen = cipher_get_blocksize (ski->algo);
 	   * won't work.  The only solution I see is to hardwire it.
 	   * NOTE: if you change the ivlen above 16, don't forget to
-	   * enlarge temp.  */
+	   * enlarge temp.
+           * FIXME: For v5 keys we can deduce this info!
+           */
 	  ski->ivlen = openpgp_cipher_blocklen (ski->algo);
 	  log_assert (ski->ivlen <= sizeof (temp));
 
@@ -2773,6 +2855,20 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	  memcpy (ski->iv, temp, ski->ivlen);
 	}
 
+      /* Skip count of secret key material.  */
+      if (is_v5)
+        {
+          if (pktlen < 4)
+            {
+              err = gpg_error (GPG_ERR_INV_PACKET);
+              goto leave;
+            }
+          skbytes = read_32 (inp);
+          pktlen -= 4;
+          if (list_mode)
+            es_fprintf (listfp, "\tskbytes: %u\n", skbytes);
+        }
+
       /* It does not make sense to read it into secure memory.
        * If the user is so careless, not to protect his secret key,
        * we can assume, that he operates an open system :=(.
@@ -2787,8 +2883,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
       else if (ski->is_protected)
 	{
-          void *tmpp;
-
 	  if (pktlen < 2) /* At least two bytes for the length.  */
 	    {
               err = gpg_error (GPG_ERR_INV_PACKET);
@@ -2797,14 +2891,14 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 
 	  /* Ugly: The length is encrypted too, so we read all stuff
 	   * up to the end of the packet into the first SKEY
-	   * element.  */
-
-          tmpp = read_rest (inp, pktlen);
+	   * element.
+           * FIXME: We can do better for v5 keys.  */
 	  pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
-						 tmpp, tmpp? pktlen * 8 : 0);
+						 read_rest (inp, pktlen),
+						 pktlen * 8);
           /* Mark that MPI as protected - we need this information for
-             importing a key.  The OPAQUE flag can't be used because
-             we also store public EdDSA values in opaque MPIs.  */
+           * importing a key.  The OPAQUE flag can't be used because
+           * we also store public EdDSA values in opaque MPIs.  */
           if (pk->pkey[npkey])
             gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
 	  pktlen = 0;
@@ -2813,8 +2907,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
       else
 	{
-          u16 csum_tweak = 0;
-
           /* Not encrypted.  */
 	  for (i = npkey; i < nskey; i++)
 	    {
@@ -2826,9 +2918,10 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
                   goto leave;
                 }
               n = pktlen;
-              if (algorithm == PUBKEY_ALGO_EDDSA)
-                pk->pkey[i] = mpi_read_detect_0_removal (inp, &n, 0,
-                                                         &csum_tweak);
+              if (algorithm == PUBKEY_ALGO_ECDSA
+                  || algorithm == PUBKEY_ALGO_EDDSA
+                  || algorithm == PUBKEY_ALGO_ECDH)
+                pk->pkey[i] = sos_read (inp, &n, 0);
               else
                 pk->pkey[i] = mpi_read (inp, &n, 0);
               pktlen -= n;
@@ -2851,7 +2944,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	      goto leave;
 	    }
 	  ski->csum = read_16 (inp);
-          ski->csum += csum_tweak;
 	  pktlen -= 2;
 	  if (list_mode)
             es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
@@ -3321,7 +3413,7 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
 	  pt->name[i] = c;
     }
   /* Fill up NAME so that a check with valgrind won't complain about
-   * reading from uninitalized memory.  This case may be triggred by
+   * reading from uninitialized memory.  This case may be triggred by
    * corrupted packets.  */
   for (; i < namelen; i++)
     pt->name[i] = 0;
@@ -3648,11 +3740,13 @@ create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
   PACKET *packet;
   byte *p;
 
+  if (!data)
+    datalen = 0;
+
   packet = xmalloc (sizeof *packet);
   init_packet (packet);
   packet->pkttype = PKT_GPG_CONTROL;
-  packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
-				     + datalen - 1);
+  packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control + datalen);
   packet->pkt.gpg_control->control = type;
   packet->pkt.gpg_control->datalen = datalen;
   p = packet->pkt.gpg_control->data;
diff --git a/g10/passphrase.c b/g10/passphrase.c
index f94b93c..50bb0e1 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -48,57 +48,6 @@ static char *next_pw = NULL;
 static char *last_pw = NULL;
 
 
-
-/* Pack an s2k iteration count into the form specified in 2440.  If
-   we're in between valid values, round up.  With value 0 return the
-   old default.  */
-unsigned char
-encode_s2k_iterations (int iterations)
-{
-  gpg_error_t err;
-  unsigned char c=0;
-  unsigned char result;
-  unsigned int count;
-
-  if (!iterations)
-    {
-      unsigned long mycnt;
-
-      /* Ask the gpg-agent for a useful iteration count.  */
-      err = agent_get_s2k_count (&mycnt);
-      if (err || mycnt < 65536)
-        {
-          /* Don't print an error if an older agent is used.  */
-          if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
-            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
-          /* Default to 65536 which we used up to 2.0.13.  */
-          return 96;
-        }
-      else if (mycnt >= 65011712)
-        return 255; /* Largest possible value.  */
-      else
-        return encode_s2k_iterations ((int)mycnt);
-    }
-
-  if (iterations <= 1024)
-    return 0;  /* Command line arg compatibility.  */
-
-  if (iterations >= 65011712)
-    return 255;
-
-  /* Need count to be in the range 16-31 */
-  for (count=iterations>>6; count>=32; count>>=1)
-    c++;
-
-  result = (c<<4)|(count-16);
-
-  if (S2K_DECODE_COUNT(result) < iterations)
-    result++;
-
-  return result;
-}
-
-
 int
 have_static_passphrase()
 {
@@ -106,6 +55,7 @@ have_static_passphrase()
           && (opt.batch || opt.pinentry_mode == PINENTRY_MODE_LOOPBACK));
 }
 
+
 /* Return a static passphrase.  The returned value is only valid as
    long as no other passphrase related function is called.  NULL may
    be returned if no passphrase has been set; better use
@@ -221,18 +171,15 @@ read_passphrase_from_fd( int fd )
  * operation.  If CACHEID is not NULL, it will be used as the cacheID
  * for the gpg-agent; if is NULL and a key fingerprint can be
  * computed, this will be used as the cacheid.
- *
- * For FLAGS see passphrase_to_dek;
  */
 static char *
 passphrase_get (int newsymkey, int nocache, const char *cacheid, int repeat,
-                const char *tryagain_text, unsigned int flags, int *canceled)
+                const char *tryagain_text, int *canceled)
 {
   int rc;
   char *pw = NULL;
   char *orig_codeset;
   const char *my_cacheid;
-  const char *desc;
 
   if (canceled)
     *canceled = 0;
@@ -247,11 +194,6 @@ passphrase_get (int newsymkey, int nocache, const char *cacheid, int repeat,
   if (tryagain_text)
     tryagain_text = _(tryagain_text);
 
-  if ((flags & GETPASSWORD_FLAG_SYMDECRYPT))
-    desc = _("Please enter the passphrase for decryption.");
-  else
-    desc = _("Enter passphrase\n");
-
   /* Here we have:
    * REPEAT is set in create mode and if opt.passphrase_repeat is set.
    * (Thus it is not a clean indication that we want a new passphrase).
@@ -263,7 +205,7 @@ passphrase_get (int newsymkey, int nocache, const char *cacheid, int repeat,
    * for a full state analysis and thus this new parameter.
    */
   rc = agent_get_passphrase (my_cacheid, tryagain_text, NULL,
-                             desc,
+                             _("Enter passphrase\n"),
                              newsymkey, repeat, nocache, &pw);
 
   i18n_switchback (orig_codeset);
@@ -321,17 +263,12 @@ passphrase_clear_cache (const char *cacheid)
  * Returns NULL if the user canceled the passphrase entry and if
  * CANCELED is not NULL, sets it to true.
  *
- * If CREATE is true a new passphrase sll be created.  If NOCACHE is
- * true the symmetric key caching will not be used.
- *
- * FLAG bits are:
- *   GETPASSWORD_FLAG_SYMDECRYPT := for symmetric decryption
- */
+ * If CREATE is true a new passphrase will be created.  If NOCACHE is
+ * true the symmetric key caching will not be used.  */
 DEK *
 passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
                    int create, int nocache,
-                   const char *tryagain_text, unsigned int flags,
-                   int *canceled)
+                   const char *tryagain_text, int *canceled)
 {
   char *pw = NULL;
   DEK *dek;
@@ -369,7 +306,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
              call out to gpg-agent and that should not be done during
              option processing in main().  */
           if (!opt.s2k_count)
-            opt.s2k_count = encode_s2k_iterations (0);
+            opt.s2k_count = encode_s2k_iterations (agent_get_s2k_count ());
           s2k->count = opt.s2k_count;
         }
     }
@@ -418,7 +355,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
       /* Divert to the gpg-agent. */
       pw = passphrase_get (create, create && nocache, s2k_cacheid,
                            create? opt.passphrase_repeat : 0,
-                           tryagain_text, flags, canceled);
+                           tryagain_text, canceled);
       if (*canceled)
         {
           xfree (pw);
diff --git a/g10/photoid.c b/g10/photoid.c
index dbef7d7..2c95930 100644
--- a/g10/photoid.c
+++ b/g10/photoid.c
@@ -21,6 +21,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
+#include <unistd.h>
 #ifdef _WIN32
 # ifdef HAVE_WINSOCK2_H
 #  include <winsock2.h>
@@ -233,9 +234,10 @@ int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len)
    make sure it is not too big (see parse-packet.c:parse_attribute).
    Extensions should be 3 characters long for the best cross-platform
    compatibility. */
-char *image_type_to_string(byte type,int style)
+const char *
+image_type_to_string(byte type,int style)
 {
-  char *string;
+  const char *string;
 
   switch(type)
     {
@@ -279,8 +281,6 @@ get_default_photo_command(void)
 #elif defined(__APPLE__)
   /* OS X.  This really needs more than just __APPLE__. */
   return "open %I";
-#elif defined(__riscos__)
-  return "Filer_Run %I";
 #else
   if (!path_access ("xloadimage", X_OK))
     return "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin";
@@ -298,6 +298,322 @@ get_default_photo_command(void)
 }
 #endif
 
+#ifndef DISABLE_PHOTO_VIEWER
+struct spawn_info
+{
+  unsigned int keep_temp_file;
+  char *command;
+  char *tempdir;
+  char *tempfile;
+};
+
+#ifdef NO_EXEC
+static void
+show_photo (const char *command, const char *name, const void *image, u32 len)
+{
+  log_error(_("no remote program execution supported\n"));
+  return GPG_ERR_GENERAL;
+}
+#else /* ! NO_EXEC */
+#include "../common/membuf.h"
+#include "../common/exechelp.h"
+
+/* Makes a temp directory and filenames */
+static int
+setup_input_file (struct spawn_info *info, const char *name)
+{
+  char *tmp = opt.temp_dir;
+  int len;
+#define TEMPLATE "gpg-XXXXXX"
+
+  /* Initialize by the length of last part in the path + 1 */
+  len = strlen (DIRSEP_S) + strlen (TEMPLATE) + 1;
+
+  /* Make up the temp dir and file in case we need them */
+  if (tmp)
+    {
+      len += strlen (tmp);
+      info->tempdir = xmalloc (len);
+    }
+  else
+    {
+#if defined (_WIN32)
+      int ret;
+
+      tmp = xmalloc (MAX_PATH+1);
+      if (!tmp)
+        return -1;
+
+      ret = GetTempPath (MAX_PATH-len, tmp);
+      if (ret == 0 || ret >= MAX_PATH-len)
+	strcpy (tmp, "c:\\windows\\temp");
+      else
+	{
+	  /* GetTempPath may return with \ on the end */
+	  while (ret > 0 && tmp[ret-1] == '\\')
+	    {
+	      tmp[ret-1]='\0';
+	      ret--;
+	    }
+	}
+
+      len += ret;
+      info->tempdir = tmp;
+#else /* More unixish systems */
+      if (!(tmp = getenv ("TMPDIR"))
+          && !(tmp = getenv ("TMP")))
+        tmp = "/tmp";
+
+      len += strlen (tmp);
+      info->tempdir = xmalloc (len);
+#endif
+    }
+
+  if (info->tempdir == NULL)
+    return -1;
+
+  sprintf (info->tempdir, "%s" DIRSEP_S TEMPLATE, tmp);
+
+  if (gnupg_mkdtemp (info->tempdir) == NULL)
+    {
+      log_error (_("can't create directory '%s': %s\n"),
+                 info->tempdir, strerror (errno));
+      return -1;
+    }
+
+  info->tempfile = xmalloc (strlen (info->tempdir) + strlen (DIRSEP_S)
+                               + strlen (name) + 1);
+  if (info->tempfile == NULL)
+    {
+      xfree (info->tempdir);
+      info->tempdir = NULL;
+      return -1;
+    }
+  sprintf (info->tempfile, "%s" DIRSEP_S "%s", info->tempdir, name);
+  return 0;
+}
+
+/* Expands %i or %I in the args to the full temp file within the temp
+   directory. */
+static int
+expand_args (struct spawn_info *info, const char *args_in, const char *name)
+{
+  const char *ch = args_in;
+  membuf_t command;
+
+  info->keep_temp_file = 0;
+
+  if (DBG_EXTPROG)
+    log_debug ("expanding string \"%s\"\n", args_in);
+
+  init_membuf (&command, 100);
+
+  while (*ch != '\0')
+    {
+      if (*ch == '%')
+	{
+	  const char *append = NULL;
+
+	  ch++;
+
+	  switch (*ch)
+	    {
+	    case 'I':
+	      info->keep_temp_file = 1;
+	      /* fall through */
+
+	    case 'i': /* in */
+	      if (info->tempfile == NULL)
+		{
+		  if (setup_input_file (info, name) < 0)
+		    goto fail;
+		}
+	      append = info->tempfile;
+	      break;
+
+	    case '%':
+	      append = "%";
+	      break;
+	    }
+
+	  if (append)
+            put_membuf_str (&command, append);
+	}
+      else
+        put_membuf (&command, ch, 1);
+
+      ch++;
+    }
+
+  put_membuf (&command, "", 1);  /* Terminate string.  */
+
+  info->command = get_membuf (&command, NULL);
+  if (!info->command)
+    return -1;
+
+  if(DBG_EXTPROG)
+    log_debug("args expanded to \"%s\", use %s, keep %u\n", info->command,
+	      info->tempfile, info->keep_temp_file);
+
+  return 0;
+
+ fail:
+  xfree (get_membuf (&command, NULL));
+  return -1;
+}
+
+#ifndef EXEC_TEMPFILE_ONLY
+static void
+fill_command_argv (const char *argv[4], const char *command)
+{
+  argv[0] = getenv ("SHELL");
+  if (argv[0] == NULL)
+    argv[0] = "/bin/sh";
+
+  argv[1] = "-c";
+  argv[2] = command;
+  argv[3] = NULL;
+}
+#endif
+
+static void
+run_with_pipe (struct spawn_info *info, const void *image, u32 len)
+{
+#ifdef EXEC_TEMPFILE_ONLY
+  (void)info;
+  (void)image;
+  (void)len;
+  log_error (_("this platform requires temporary files when calling"
+               " external programs\n"));
+  return;
+#else /* !EXEC_TEMPFILE_ONLY */
+  int to[2];
+  pid_t pid;
+  gpg_error_t err;
+  const char *argv[4];
+
+  err = gnupg_create_pipe (to);
+  if (err)
+    return;
+
+  fill_command_argv (argv, info->command);
+  err = gnupg_spawn_process_fd (argv[0], argv+1, to[0], -1, -1, &pid);
+
+  close (to[0]);
+
+  if (err)
+    {
+      log_error (_("unable to execute shell '%s': %s\n"),
+                 argv[0], gpg_strerror (err));
+      close (to[1]);
+    }
+  else
+    {
+      write (to[1], image, len);
+      close (to[1]);
+
+      err = gnupg_wait_process (argv[0], pid, 1, NULL);
+      if (err)
+        log_error (_("unnatural exit of external program\n"));
+    }
+#endif /* !EXEC_TEMPFILE_ONLY */
+}
+
+static int
+create_temp_file (struct spawn_info *info, const void *ptr, u32 len)
+{
+  if (DBG_EXTPROG)
+    log_debug ("using temp file '%s'\n", info->tempfile);
+
+  /* It's not fork/exec/pipe, so create a temp file */
+  if ( is_secured_filename (info->tempfile) )
+    {
+      log_error (_("can't create '%s': %s\n"),
+                 info->tempfile, strerror (EPERM));
+      gpg_err_set_errno (EPERM);
+      return -1;
+    }
+  else
+    {
+      estream_t fp = es_fopen (info->tempfile, "wb");
+
+      if (fp)
+        {
+          es_fwrite (ptr, len, 1, fp);
+          es_fclose (fp);
+          return 0;
+        }
+      else
+        {
+          int save = errno;
+          log_error (_("can't create '%s': %s\n"),
+                     info->tempfile, strerror(errno));
+          gpg_err_set_errno (save);
+          return -1;
+        }
+    }
+}
+
+static void
+show_photo (const char *command, const char *name, const void *image, u32 len)
+{
+  struct spawn_info *spawn;
+
+  spawn = xmalloc_clear (sizeof (struct spawn_info));
+  if (!spawn)
+    return;
+
+  /* Expand the args */
+  if (expand_args (spawn, command, name) < 0)
+    {
+      xfree (spawn);
+      return;
+    }
+
+  if (DBG_EXTPROG)
+    log_debug ("running command: %s\n", spawn->command);
+
+  if (spawn->tempfile == NULL)
+    run_with_pipe (spawn, image, len);
+  else if (create_temp_file (spawn, image, len) == 0)
+    {
+#if defined (_WIN32)
+      if (w32_system (spawn->command) < 0)
+        log_error (_("system error while calling external program: %s\n"),
+                   strerror (errno));
+#else
+      pid_t pid;
+      gpg_error_t err;
+      const char *argv[4];
+
+      fill_command_argv (argv, spawn->command);
+      err = gnupg_spawn_process_fd (argv[0], argv+1, -1, -1, -1, &pid);
+      if (!err)
+        err = gnupg_wait_process (argv[0], pid, 1, NULL);
+      if (err)
+        log_error (_("unnatural exit of external program\n"));
+#endif
+
+      if (!spawn->keep_temp_file)
+        {
+          if (unlink (spawn->tempfile) < 0)
+            log_info (_("WARNING: unable to remove tempfile (%s) '%s': %s\n"),
+                      "in", spawn->tempfile, strerror(errno));
+
+          if (rmdir (spawn->tempdir) < 0)
+            log_info (_("WARNING: unable to remove temp directory '%s': %s\n"),
+                      spawn->tempdir, strerror(errno));
+        }
+    }
+
+  xfree(spawn->command);
+  xfree(spawn->tempdir);
+  xfree(spawn->tempfile);
+  xfree(spawn);
+}
+#endif
+#endif
+
 
 void
 show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
@@ -314,6 +630,20 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
   u32 len;
   u32 kid[2]={0,0};
 
+  if (opt.exec_disable && !opt.no_perm_warn)
+    {
+      log_info (_("external program calls are disabled due to unsafe "
+                  "options file permissions\n"));
+      return;
+    }
+
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+  /* There should be no way to get to this spot while still carrying
+     setuid privs.  Just in case, bomb out if we are. */
+  if ( getuid () != geteuid ())
+    BUG ();
+#endif
+
   memset (&args, 0, sizeof(args));
   args.pk = pk;
   args.validity_info = get_validity_info (ctrl, NULL, pk, uid);
@@ -326,23 +656,22 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
 
   es_fflush (es_stdout);
 
-  for(i=0;i<count;i++)
-    if(attrs[i].type==ATTRIB_IMAGE &&
-       parse_image_header(&attrs[i],&args.imagetype,&len))
-      {
-	char *command,*name;
-	struct exec_info *spawn;
-	int offset=attrs[i].len-len;
-
 #ifdef FIXED_PHOTO_VIEWER
-	opt.photo_viewer=FIXED_PHOTO_VIEWER;
+  opt.photo_viewer = FIXED_PHOTO_VIEWER;
 #else
-	if(!opt.photo_viewer)
-	  opt.photo_viewer=get_default_photo_command();
+  if (!opt.photo_viewer)
+    opt.photo_viewer = get_default_photo_command ();
 #endif
 
+  for (i=0; i<count; i++)
+    if (attrs[i].type == ATTRIB_IMAGE
+        && parse_image_header (&attrs[i], &args.imagetype, &len))
+      {
+        char *command, *name;
+        int offset = attrs[i].len-len;
+
 	/* make command grow */
-	command=pct_expando(opt.photo_viewer,&args);
+	command = pct_expando (ctrl, opt.photo_viewer,&args);
 	if(!command)
 	  goto fail;
         if (!*command)
@@ -351,8 +680,14 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
             goto fail;
           }
 
-	name=xmalloc(16+strlen(EXTSEP_S)+
-		     strlen(image_type_to_string(args.imagetype,0))+1);
+	name = xmalloc (1 + 16 + strlen(EXTSEP_S)
+                        + strlen (image_type_to_string (args.imagetype, 0)));
+
+	if (!name)
+          {
+            xfree (command);
+            goto fail;
+          }
 
 	/* Make the filename.  Notice we are not using the image
            encoding type for more than cosmetics.  Most external image
@@ -361,36 +696,17 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
            which.  The spec permits this, by the way. -dms */
 
 #ifdef USE_ONLY_8DOT3
-	sprintf(name,"%08lX" EXTSEP_S "%s",(ulong)kid[1],
-		image_type_to_string(args.imagetype,0));
+	sprintf (name,"%08lX" EXTSEP_S "%s", (ulong)kid[1],
+                 image_type_to_string (args.imagetype, 0));
 #else
-	sprintf(name,"%08lX%08lX" EXTSEP_S "%s",(ulong)kid[0],(ulong)kid[1],
-		image_type_to_string(args.imagetype,0));
-#endif
-
-	if(exec_write(&spawn,NULL,command,name,1,1)!=0)
-	  {
-	    xfree(name);
-	    goto fail;
-	  }
-
-#ifdef __riscos__
-        riscos_set_filetype_by_mimetype(spawn->tempfile_in,
-                                        image_type_to_string(args.imagetype,2));
+	sprintf (name, "%08lX%08lX" EXTSEP_S "%s",
+                 (ulong)kid[0], (ulong)kid[1],
+                 image_type_to_string (args.imagetype, 0));
 #endif
 
-	xfree(name);
-
-	fwrite(&attrs[i].data[offset],attrs[i].len-offset,1,spawn->tochild);
-
-	if(exec_read(spawn)!=0)
-	  {
-	    exec_finish(spawn);
-	    goto fail;
-	  }
-
-	if(exec_finish(spawn)!=0)
-	  goto fail;
+        show_photo (command, name, &attrs[i].data[offset], len);
+        xfree (name);
+        xfree (command);
       }
 
   return;
diff --git a/g10/photoid.h b/g10/photoid.h
index fc7ec6f..bbf1f49 100644
--- a/g10/photoid.h
+++ b/g10/photoid.h
@@ -27,7 +27,7 @@
 PKT_user_id *generate_photo_id (ctrl_t ctrl,
                                 PKT_public_key *pk,const char *filename);
 int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
-char *image_type_to_string(byte type,int style);
+const char *image_type_to_string(byte type,int style);
 void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
                   PKT_public_key *pk, PKT_user_id *uid);
 
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 82a8d3b..3926893 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1,6 +1,7 @@
 /* pkclist.c - create a list of public keys
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2020 Free Software Foundation, Inc.
+ * Copyright (C) 1997-2019 Werner Koch
+ * Copyright (C) 2015-2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -16,6 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -36,6 +38,7 @@
 #include "../common/status.h"
 #include "photoid.h"
 #include "../common/i18n.h"
+#include "../common/mbox-util.h"
 #include "tofu.h"
 
 #define CONTROL_D ('D' - 'A' + 1)
@@ -63,8 +66,8 @@ do_show_revocation_reason( PKT_signature *sig )
     int seq = 0;
     const char *text;
 
-    while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
-				 &n, &seq, NULL )) ) {
+    while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
+				 &n, &seq, NULL)) ) {
 	if( !n )
 	    continue; /* invalid - just skip it */
 
@@ -475,7 +478,7 @@ do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel )
 
   if( !opt.batch && !rc )
     {
-      print_pubkey_info (ctrl, NULL,pk);
+      print_key_info (ctrl, NULL, 0, pk, 0);
       print_fingerprint (ctrl, NULL, pk, 2);
       tty_printf("\n");
 
@@ -517,9 +520,10 @@ do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel )
 }
 
 
-/* Write a TRUST_foo status line inclduing the validation model.  */
+/* Write a TRUST_foo status line including the validation model and if
+ * MBOX is not NULL the targeted User ID's mbox.  */
 static void
-write_trust_status (int statuscode, int trustlevel)
+write_trust_status (int statuscode, int trustlevel, const char *mbox)
 {
 #ifdef NO_TRUST_MODELS
   write_status (statuscode);
@@ -532,49 +536,163 @@ write_trust_status (int statuscode, int trustlevel)
     tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
   else
     tm = opt.trust_model;
-  write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
+
+  if (mbox)
+    {
+      char *escmbox = percent_escape (mbox, NULL);
+
+      write_status_strings (statuscode, "0 ", trust_model_string (tm),
+                            " ", escmbox? escmbox : "?", NULL);
+      xfree (escmbox);
+    }
+  else
+    write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
+
 #endif /* NO_TRUST_MODELS */
 }
 
 
-/****************
- * Check whether we can trust this signature.
- * Returns an error code if we should not trust this signature.
- */
-int
-check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
+/* Return true if MBOX matches one of the names in opt.sender_list.  */
+static int
+is_in_sender_list (const char *mbox)
 {
-  PKT_public_key *pk = xmalloc_clear( sizeof *pk );
-  unsigned int trustlevel = TRUST_UNKNOWN;
-  int rc=0;
+  strlist_t sl;
 
-  rc = get_pubkey_for_sig (ctrl, pk, sig, NULL);
-  if (rc)
-    { /* this should not happen */
-      log_error("Ooops; the key vanished  - can't check the trust\n");
-      rc = GPG_ERR_NO_PUBKEY;
-      goto leave;
-    }
+  for (sl = opt.sender_list; sl; sl = sl->next)
+    if (!strcmp (mbox, sl->d))
+      return 1;
+  return 0;
+}
+
+
+/* Check whether we can trust this signature.  KEYBLOCK contains the
+ * key PK used to check the signature SIG.  We need PK here in
+ * addition to KEYBLOCK so that we know the subkey used for
+ * verification.  Returns an error code if we should not trust this
+ * signature (i.e. done by an not trusted key).  */
+gpg_error_t
+check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
+                        PKT_signature *sig)
+{
+  gpg_error_t err = 0;
+  int uidbased = 0;  /* 1 = signer's UID, 2 = use --sender option.  */
+  unsigned int trustlevel = TRUST_UNKNOWN;
+  PKT_public_key *mainpk;
+  PKT_user_id *targetuid;
+  const char *testedtarget = NULL;
+  const char *statusmbox = NULL;
+  kbnode_t n;
 
-  if ( opt.trust_model==TM_ALWAYS )
+  if (opt.trust_model == TM_ALWAYS)
     {
-      if( !opt.quiet )
+      if (!opt.quiet)
         log_info(_("WARNING: Using untrusted key!\n"));
       if (opt.with_fingerprint)
         print_fingerprint (ctrl, NULL, pk, 1);
       goto leave;
     }
 
-  if(pk->flags.maybe_revoked && !pk->flags.revoked)
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  mainpk = keyblock->pkt->pkt.public_key;
+
+  if ((pk->flags.maybe_revoked && !pk->flags.revoked)
+      || (mainpk->flags.maybe_revoked && !mainpk->flags.revoked))
     log_info(_("WARNING: this key might be revoked (revocation key"
 	       " not present)\n"));
 
-  trustlevel = get_validity (ctrl, NULL, pk, NULL, sig, 1);
+  /* Figure out the user ID which was used to create the signature.
+   * Note that the Signer's UID may be not a valid addr-spec but the
+   * plain value from the sub-packet; thus we need to check this
+   * before looking for the matching User ID (our parser makes sure
+   * that signers_uid has only the mbox if there is an mbox).  */
+  if (is_valid_mailbox (sig->signers_uid))
+    uidbased = 1; /* We got the signer's UID and it is an addr-spec.  */
+  else if (opt.sender_list)
+    uidbased = 2;
+  else
+    uidbased = 0;
+  targetuid = NULL;
+  if (uidbased)
+    {
+      u32 tmpcreated = 0; /* Helper to find the lates user ID.  */
+      PKT_user_id *tmpuid;
+
+      for (n=keyblock; n; n = n->next)
+        if (n->pkt->pkttype == PKT_USER_ID
+            && !(tmpuid = n->pkt->pkt.user_id)->attrib_data
+            && tmpuid->created  /* (is valid)  */
+            && !tmpuid->flags.revoked
+            && !tmpuid->flags.expired)
+          {
+            if (!tmpuid->mbox)
+              tmpuid->mbox = mailbox_from_userid (tmpuid->name, 0);
+            if (!tmpuid->mbox)
+              continue;
+
+            if (uidbased == 1)
+              {
+                if (!strcmp (tmpuid->mbox, sig->signers_uid)
+                    && tmpuid->created > tmpcreated)
+                  {
+                    tmpcreated = tmpuid->created;
+                    targetuid = tmpuid;
+                  }
+              }
+            else
+              {
+                if (is_in_sender_list (tmpuid->mbox)
+                    && tmpuid->created > tmpcreated)
+                  {
+                    tmpcreated = tmpuid->created;
+                    targetuid = tmpuid;
+                  }
+              }
+          }
+
+      /* In addition restrict based on --sender.  */
+      if (uidbased == 1 && opt.sender_list
+          && targetuid && !is_in_sender_list (targetuid->mbox))
+        {
+          testedtarget = targetuid->mbox;
+          targetuid = NULL;
+        }
+    }
+
+  if (uidbased && !targetuid)
+    statusmbox = testedtarget? testedtarget : sig->signers_uid;
+  else if (uidbased)
+    statusmbox = targetuid->mbox;
+  else
+    statusmbox = NULL;
+
+  if (opt.verbose && statusmbox)
+    log_info (_("checking User ID \"%s\"\n"), statusmbox);
+
+  trustlevel = get_validity (ctrl, NULL, pk, targetuid, sig, 1);
+  if (uidbased && !targetuid)
+    {
+      /* No user ID given but requested - force an undefined
+       * trustlevel but keep the trust flags.  */
+      trustlevel &= ~TRUST_MASK;
+      trustlevel |= TRUST_UNDEFINED;
+      if (!opt.quiet)
+        {
+          if (testedtarget)
+            log_info (_("option %s given but issuer \"%s\" does not match\n"),
+                      "--sender", testedtarget);
+          else if (uidbased == 1)
+            log_info (_("issuer \"%s\" does not match any User ID\n"),
+                      sig->signers_uid);
+          else if (opt.sender_list)
+            log_info (_("option %s given but no matching User ID found\n"),
+                      "--sender");
+        }
+    }
 
   if ( (trustlevel & TRUST_FLAG_REVOKED) )
     {
-      write_status( STATUS_KEYREVOKED );
-      if(pk->flags.revoked == 2)
+      write_status (STATUS_KEYREVOKED);
+      if (pk->flags.revoked == 2 || mainpk->flags.revoked == 2)
 	log_info(_("WARNING: This key has been revoked by its"
 		   " designated revoker!\n"));
       else
@@ -592,58 +710,6 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
   if ((trustlevel & TRUST_FLAG_DISABLED))
     log_info (_("Note: This key has been disabled.\n"));
 
-  /* If we have PKA information adjust the trustlevel. */
-  if (sig->pka_info && sig->pka_info->valid)
-    {
-      unsigned char fpr[MAX_FINGERPRINT_LEN];
-      PKT_public_key *primary_pk;
-      size_t fprlen;
-      int okay;
-
-
-      primary_pk = xmalloc_clear (sizeof *primary_pk);
-      get_pubkey (ctrl, primary_pk, pk->main_keyid);
-      fingerprint_from_pk (primary_pk, fpr, &fprlen);
-      free_public_key (primary_pk);
-
-      if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
-        {
-          okay = 1;
-          write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
-          log_info (_("Note: Verified signer's address is '%s'\n"),
-                    sig->pka_info->email);
-        }
-      else
-        {
-          okay = 0;
-          write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
-          log_info (_("Note: Signer's address '%s' "
-                      "does not match DNS entry\n"), sig->pka_info->email);
-        }
-
-      switch ( (trustlevel & TRUST_MASK) )
-        {
-        case TRUST_UNKNOWN:
-        case TRUST_UNDEFINED:
-        case TRUST_MARGINAL:
-          if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
-            {
-              trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
-              log_info (_("trustlevel adjusted to FULL"
-                          " due to valid PKA info\n"));
-            }
-          /* fall through */
-        case TRUST_FULLY:
-          if (!okay)
-            {
-              trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
-              log_info (_("trustlevel adjusted to NEVER"
-                          " due to bad PKA info\n"));
-            }
-          break;
-        }
-    }
-
   /* Now let the user know what up with the trustlevel. */
   switch ( (trustlevel & TRUST_MASK) )
     {
@@ -658,9 +724,13 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
       /* fall through */
     case TRUST_UNKNOWN:
     case TRUST_UNDEFINED:
-      write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
-      log_info(_("WARNING: This key is not certified with"
-                 " a trusted signature!\n"));
+      write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel, statusmbox);
+      if (uidbased)
+        log_info(_("WARNING: The key's User ID is not certified with"
+                   " a trusted signature!\n"));
+      else
+        log_info(_("WARNING: This key is not certified with"
+                   " a trusted signature!\n"));
       log_info(_("         There is no indication that the "
                  "signature belongs to the owner.\n" ));
       print_fingerprint (ctrl, NULL, pk, 1);
@@ -669,17 +739,21 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
     case TRUST_NEVER:
       /* This level can be returned by TOFU, which supports negative
        * assertions.  */
-      write_trust_status (STATUS_TRUST_NEVER, trustlevel);
+      write_trust_status (STATUS_TRUST_NEVER, trustlevel, statusmbox);
       log_info(_("WARNING: We do NOT trust this key!\n"));
       log_info(_("         The signature is probably a FORGERY.\n"));
       if (opt.with_fingerprint)
         print_fingerprint (ctrl, NULL, pk, 1);
-      rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+      err = gpg_error (GPG_ERR_BAD_SIGNATURE);
       break;
 
     case TRUST_MARGINAL:
-      write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
-      log_info(_("WARNING: This key is not certified with"
+      write_trust_status (STATUS_TRUST_MARGINAL, trustlevel, statusmbox);
+      if (uidbased)
+        log_info(_("WARNING: The key's User ID is not certified with"
+                 " sufficiently trusted signatures!\n"));
+      else
+        log_info(_("WARNING: This key is not certified with"
                  " sufficiently trusted signatures!\n"));
       log_info(_("         It is not certain that the"
                  " signature belongs to the owner.\n" ));
@@ -687,21 +761,20 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
       break;
 
     case TRUST_FULLY:
-      write_trust_status (STATUS_TRUST_FULLY, trustlevel);
+      write_trust_status (STATUS_TRUST_FULLY, trustlevel, statusmbox);
       if (opt.with_fingerprint)
         print_fingerprint (ctrl, NULL, pk, 1);
       break;
 
     case TRUST_ULTIMATE:
-      write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
+      write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel, statusmbox);
       if (opt.with_fingerprint)
         print_fingerprint (ctrl, NULL, pk, 1);
       break;
     }
 
  leave:
-  free_public_key( pk );
-  return rc;
+  return err;
 }
 
 
@@ -759,55 +832,6 @@ default_recipient (ctrl_t ctrl)
 }
 
 
-static int
-expand_id(const char *id,strlist_t *into,unsigned int flags)
-{
-  struct groupitem *groups;
-  int count=0;
-
-  for(groups=opt.grouplist;groups;groups=groups->next)
-    {
-      /* need strcasecmp() here, as this should be localized */
-      if(strcasecmp(groups->name,id)==0)
-	{
-	  strlist_t each,sl;
-
-	  /* this maintains the current utf8-ness */
-	  for(each=groups->values;each;each=each->next)
-	    {
-	      sl=add_to_strlist(into,each->d);
-	      sl->flags=flags;
-	      count++;
-	    }
-
-	  break;
-	}
-    }
-
-  return count;
-}
-
-/* For simplicity, and to avoid potential loops, we only expand once -
- * you can't make an alias that points to an alias.  */
-static strlist_t
-expand_group (strlist_t input)
-{
-  strlist_t output = NULL;
-  strlist_t sl, rover;
-
-  for (rover = input; rover; rover = rover->next)
-    if (!(rover->flags & PK_LIST_FROM_FILE)
-        && !expand_id(rover->d,&output,rover->flags))
-      {
-	/* Didn't find any groups, so use the existing string */
-	sl=add_to_strlist(&output,rover->d);
-	sl->flags=rover->flags;
-      }
-
-  return output;
-}
-
-
 /* Helper for build_pk_list to find and check one key.  This helper is
  * also used directly in server mode by the RECIPIENTS command.  On
  * success the new key is added to PK_LIST_ADDR.  NAME is the user id
@@ -953,7 +977,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
 
   /* Try to expand groups if any have been defined. */
   if (opt.grouplist)
-    remusr = expand_group (rcpts);
+    remusr = expand_group (rcpts, 0);
   else
     remusr = rcpts;
 
@@ -1023,7 +1047,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
 
           /* Hidden recipients are not allowed while in PGP mode,
              issue a warning and switch into GnuPG mode. */
-          if ((rov->flags & PK_LIST_HIDDEN) && (PGP6 || PGP7 || PGP8))
+          if ((rov->flags & PK_LIST_HIDDEN) && (PGP7 || PGP8))
             {
               log_info(_("option '%s' may not be used in %s mode\n"),
                        "--hidden-recipient",
@@ -1074,7 +1098,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
                   /* Hidden encrypt-to recipients are not allowed while
                      in PGP mode, issue a warning and switch into
                      GnuPG mode. */
-                  if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP6 || PGP7 || PGP8))
+                  if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP7 || PGP8))
                     {
                       log_info(_("option '%s' may not be used in %s mode\n"),
                                "--hidden-encrypt-to",
@@ -1373,10 +1397,9 @@ algo_available( preftype_t preftype, int algo, const struct pref_hint *hint)
 {
   if( preftype == PREFTYPE_SYM )
     {
-      if(PGP6 && (algo != CIPHER_ALGO_IDEA
-		  && algo != CIPHER_ALGO_3DES
-		  && algo != CIPHER_ALGO_CAST5))
-	return 0;
+      if (!opt.flags.allow_old_cipher_algos
+          && openpgp_cipher_blocklen (algo) < 16)
+        return 0;  /* We don't want this one.  */
 
       if(PGP7 && (algo != CIPHER_ALGO_IDEA
 		  && algo != CIPHER_ALGO_3DES
@@ -1418,9 +1441,9 @@ algo_available( preftype_t preftype, int algo, const struct pref_hint *hint)
 	    return 0;
 	}
 
-      if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
-			    && algo != DIGEST_ALGO_SHA1
-			    && algo != DIGEST_ALGO_RMD160))
+      if (PGP7 && (algo != DIGEST_ALGO_MD5
+                   && algo != DIGEST_ALGO_SHA1
+                   && algo != DIGEST_ALGO_RMD160))
 	return 0;
 
 
@@ -1434,8 +1457,8 @@ algo_available( preftype_t preftype, int algo, const struct pref_hint *hint)
     }
   else if( preftype == PREFTYPE_ZIP )
     {
-      if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
-			    && algo != COMPRESS_ALGO_ZIP))
+      if (PGP7 && (algo != COMPRESS_ALGO_NONE
+                   && algo != COMPRESS_ALGO_ZIP))
 	return 0;
 
       /* PGP8 supports all the compression algos we do */
@@ -1475,32 +1498,30 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
       switch(preftype)
 	{
 	case PREFTYPE_SYM:
-	  /* IDEA is implicitly there for v3 keys with v3 selfsigs if
-	     --pgp2 mode is on.  This was a 2440 thing that was
-	     dropped from 4880 but is still relevant to GPG's 1991
-	     support.  All this doesn't mean IDEA is actually
-	     available, of course. */
-          implicit=CIPHER_ALGO_3DES;
-
+	  /* Historical note: IDEA is implicitly there for v3 keys
+	     with v3 selfsigs if --pgp2 mode is on.  This was a 2440
+	     thing that was dropped from 4880 but is still relevant to
+	     GPG's 1991 support.  All this doesn't mean IDEA is
+	     actually available, of course. */
+          if (opt.flags.allow_old_cipher_algos)
+            implicit = CIPHER_ALGO_3DES;
+          else
+            implicit = CIPHER_ALGO_AES;
 	  break;
 
+	case PREFTYPE_AEAD:
+          /* No implicit algo.  */
+          break;
+
 	case PREFTYPE_HASH:
 	  /* While I am including this code for completeness, note
 	     that currently --pgp2 mode locks the hash at MD5, so this
 	     code will never even be called.  Even if the hash wasn't
 	     locked at MD5, we don't support sign+encrypt in --pgp2
 	     mode, and that's the only time PREFTYPE_HASH is used
-	     anyway. -dms
+	     anyway. -dms */
 
-             Because "de-vs" compliance does not allow SHA-1 it does
-             not make sense to assign SHA-1 as implicit algorithm.
-             Instead it is better to use SHA-256 as implicit algorithm
-             (which will be the case for rfc4880bis anyway).  */
-
-          if (opt.compliance == CO_DE_VS)
-            implicit = DIGEST_ALGO_SHA256;
-          else
-            implicit = DIGEST_ALGO_SHA1;
+          implicit=DIGEST_ALGO_SHA1;
 
 	  break;
 
@@ -1574,6 +1595,8 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
       prefs=NULL;
       if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
 	prefs=opt.personal_cipher_prefs;
+      else if(preftype==PREFTYPE_AEAD && opt.personal_aead_prefs)
+	prefs=opt.personal_aead_prefs;
       else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
 	prefs=opt.personal_digest_prefs;
       else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
@@ -1667,9 +1690,36 @@ select_mdc_from_pklist (PK_LIST pk_list)
 }
 
 
-/* Print a warning for all keys in PK_LIST missing the MDC feature. */
+/* Select the AEAD flag from the pk_list.  We can only use AEAD if all
+ * recipients support this feature.  Returns the AEAD to be used or 0
+ * if AEAD shall not be used.  */
+aead_algo_t
+select_aead_from_pklist (PK_LIST pk_list)
+{
+  pk_list_t pkr;
+  int aead;
+
+  if (!pk_list)
+    return 0;
+
+  for (pkr = pk_list; pkr; pkr = pkr->next)
+    {
+      if (pkr->pk->user_id) /* selected by user ID */
+        aead = pkr->pk->user_id->flags.aead;
+      else
+        aead = pkr->pk->flags.aead;
+      if (!aead)
+        return 0;  /* At least one recipient does not support it. */
+    }
+
+  return default_aead_algo (); /* Yes, AEAD can be used. */
+}
+
+
+/* Print a warning for all keys in PK_LIST missing the AEAD feature
+ * flag or AEAD algorithms. */
 void
-warn_missing_mdc_from_pklist (PK_LIST pk_list)
+warn_missing_aead_from_pklist (PK_LIST pk_list)
 {
   PK_LIST pkr;
 
@@ -1678,12 +1728,12 @@ warn_missing_mdc_from_pklist (PK_LIST pk_list)
       int mdc;
 
       if (pkr->pk->user_id) /* selected by user ID */
-        mdc = pkr->pk->user_id->flags.mdc;
+        mdc = pkr->pk->user_id->flags.aead;
       else
-        mdc = pkr->pk->flags.mdc;
+        mdc = pkr->pk->flags.aead;
       if (!mdc)
         log_info (_("Note: key %s has no %s feature\n"),
-                  keystr_from_pk (pkr->pk), "MDC");
+                  keystr_from_pk (pkr->pk), "AEAD");
     }
 }
 
diff --git a/g10/pkglue.c b/g10/pkglue.c
index e053657..cab007f 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -47,6 +47,57 @@ get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt)
 }
 
 
+/* Extract SOS representation from SEXP for PARAM, return the result
+   in R_SOS.  */
+gpg_error_t
+sexp_extract_param_sos (gcry_sexp_t sexp, const char *param, gcry_mpi_t *r_sos)
+{
+  gpg_error_t err;
+  gcry_sexp_t l2 = gcry_sexp_find_token (sexp, param, 0);
+
+  *r_sos = NULL;
+  if (!l2)
+    err = gpg_error (GPG_ERR_NO_OBJ);
+  else
+    {
+      size_t buflen;
+      void *p0 = gcry_sexp_nth_buffer (l2, 1, &buflen);
+
+      if (!p0)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          gcry_mpi_t sos;
+          unsigned int nbits = buflen*8;
+          unsigned char *p = p0;
+
+          if (*p && nbits >= 8 && !(*p & 0x80))
+            if (--nbits >= 7 && !(*p & 0x40))
+              if (--nbits >= 6 && !(*p & 0x20))
+                if (--nbits >= 5 && !(*p & 0x10))
+                  if (--nbits >= 4 && !(*p & 0x08))
+                    if (--nbits >= 3 && !(*p & 0x04))
+                      if (--nbits >= 2 && !(*p & 0x02))
+                        if (--nbits >= 1 && !(*p & 0x01))
+                          --nbits;
+
+          sos = gcry_mpi_set_opaque (NULL, p0, nbits);
+          if (sos)
+            {
+              gcry_mpi_set_flag (sos, GCRYMPI_FLAG_USER2);
+              *r_sos = sos;
+              err = 0;
+            }
+          else
+            err = gpg_error_from_syserror ();
+        }
+      gcry_sexp_release (l2);
+    }
+
+  return err;
+}
+
+
 static byte *
 get_data_from_sexp (gcry_sexp_t sexp, const char *item, size_t *r_size)
 {
@@ -80,7 +131,6 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
 {
   gcry_sexp_t s_sig, s_hash, s_pkey;
   int rc;
-  unsigned int neededfixedlen = 0;
 
   /* Make a sexp from pkey.  */
   if (pkalgo == PUBKEY_ALGO_DSA)
@@ -120,15 +170,16 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
         rc = gpg_error_from_syserror ();
       else
         {
-          rc = gcry_sexp_build (&s_pkey, NULL,
-                                "(public-key(ecc(curve %s)"
-                                "(flags eddsa)(q%m)))",
-                                curve, pkey[1]);
+          const char *fmt;
+
+          if (openpgp_oid_is_ed25519 (pkey[0]))
+            fmt = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))";
+          else
+            fmt = "(public-key(ecc(curve %s)(q%m)))";
+
+          rc = gcry_sexp_build (&s_pkey, NULL, fmt, curve, pkey[1]);
           xfree (curve);
         }
-
-      if (openpgp_oid_is_ed25519 (pkey[0]))
-        neededfixedlen = 256 / 8;
     }
   else
     return GPG_ERR_PUBKEY_ALGO;
@@ -139,9 +190,14 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
   /* Put hash into a S-Exp s_hash. */
   if (pkalgo == PUBKEY_ALGO_EDDSA)
     {
-      if (gcry_sexp_build (&s_hash, NULL,
-                           "(data(flags eddsa)(hash-algo sha512)(value %m))",
-                           hash))
+      const char *fmt;
+
+      if (openpgp_oid_is_ed25519 (pkey[0]))
+        fmt = "(data(flags eddsa)(hash-algo sha512)(value %m))";
+      else
+        fmt = "(data(value %m))";
+
+      if (gcry_sexp_build (&s_hash, NULL, fmt, hash))
         BUG (); /* gcry_sexp_build should never fail.  */
     }
   else
@@ -172,57 +228,87 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
     {
       gcry_mpi_t r = data[0];
       gcry_mpi_t s = data[1];
-      size_t rlen, slen, n;  /* (bytes) */
-      char buf[64];
 
-      log_assert (neededfixedlen <= sizeof buf);
-
-      if (!r || !s)
-        rc = gpg_error (GPG_ERR_BAD_MPI);
-      else if ((rlen = (gcry_mpi_get_nbits (r)+7)/8) > neededfixedlen || !rlen)
-        rc = gpg_error (GPG_ERR_BAD_MPI);
-      else if ((slen = (gcry_mpi_get_nbits (s)+7)/8) > neededfixedlen || !slen)
-        rc = gpg_error (GPG_ERR_BAD_MPI);
-      else
+      if (openpgp_oid_is_ed25519 (pkey[0]))
         {
-          /* We need to fixup the length in case of leading zeroes.
-           * OpenPGP does not allow leading zeroes and the parser for
-           * the signature packet has no information on the use curve,
-           * thus we need to do it here.  We won't do it for opaque
-           * MPIs under the assumption that they are known to be fine;
-           * we won't see them here anyway but the check is anyway
-           * required.  Fixme: A nifty feature for gcry_sexp_build
-           * would be a format to left pad the value (e.g. "%*M"). */
-          rc = 0;
-
-          if (rlen < neededfixedlen
-              && !gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE)
-              && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, r)))
-            {
-              log_assert (n < neededfixedlen);
-              memmove (buf + (neededfixedlen - n), buf, n);
-              memset (buf, 0, neededfixedlen - n);
-              r = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
-            }
-          if (slen < neededfixedlen
-              && !gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
-              && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, s)))
+          size_t rlen, slen, n;  /* (bytes) */
+          char buf[64];
+          unsigned int nbits;
+          unsigned int neededfixedlen = 256 / 8;
+
+          log_assert (neededfixedlen <= sizeof buf);
+
+          if (!r || !s)
+            rc = gpg_error (GPG_ERR_BAD_MPI);
+          else if ((rlen = (gcry_mpi_get_nbits (r)+7)/8) > neededfixedlen || !rlen)
+            rc = gpg_error (GPG_ERR_BAD_MPI);
+          else if ((slen = (gcry_mpi_get_nbits (s)+7)/8) > neededfixedlen || !slen)
+            rc = gpg_error (GPG_ERR_BAD_MPI);
+          else
             {
-              log_assert (n < neededfixedlen);
-              memmove (buf + (neededfixedlen - n), buf, n);
-              memset (buf, 0, neededfixedlen - n);
-              s = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
+              /* We need to fixup the length in case of leading zeroes.
+               * OpenPGP does not allow leading zeroes and the parser for
+               * the signature packet has no information on the use curve,
+               * thus we need to do it here.  We won't do it for opaque
+               * MPIs under the assumption that they are known to be fine;
+               * we won't see them here anyway but the check is anyway
+               * required.  Fixme: A nifty feature for gcry_sexp_build
+               * would be a format to left pad the value (e.g. "%*M"). */
+              rc = 0;
+
+              if (rlen < neededfixedlen
+                  && !gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE)
+                  && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, r)))
+                {
+                  log_assert (n < neededfixedlen);
+                  memmove (buf + (neededfixedlen - n), buf, n);
+                  memset (buf, 0, neededfixedlen - n);
+                  r = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
+                }
+              else if (rlen < neededfixedlen
+                       && gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE))
+                {
+                  const unsigned char *p;
+
+                  p = gcry_mpi_get_opaque (r, &nbits);
+                  n = (nbits+7)/8;
+                  memcpy (buf + (neededfixedlen - n), p, n);
+                  memset (buf, 0, neededfixedlen - n);
+                  gcry_mpi_set_opaque_copy (r, buf, neededfixedlen * 8);
+                }
+              if (slen < neededfixedlen
+                  && !gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
+                  && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, s)))
+                {
+                  log_assert (n < neededfixedlen);
+                  memmove (buf + (neededfixedlen - n), buf, n);
+                  memset (buf, 0, neededfixedlen - n);
+                  s = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
+                }
+              else if (slen < neededfixedlen
+                       && gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE))
+                {
+                  const unsigned char *p;
+
+                  p = gcry_mpi_get_opaque (s, &nbits);
+                  n = (nbits+7)/8;
+                  memcpy (buf + (neededfixedlen - n), p, n);
+                  memset (buf, 0, neededfixedlen - n);
+                  gcry_mpi_set_opaque_copy (s, buf, neededfixedlen * 8);
+                }
             }
+        }
+      else
+        rc = 0;
 
-          if (!rc)
-            rc = gcry_sexp_build (&s_sig, NULL,
-                                  "(sig-val(eddsa(r%M)(s%M)))", r, s);
+      if (!rc)
+        rc = gcry_sexp_build (&s_sig, NULL,
+                              "(sig-val(eddsa(r%M)(s%M)))", r, s);
 
-          if (r != data[0])
-            gcry_mpi_release (r);
-          if (s != data[1])
-            gcry_mpi_release (s);
-        }
+      if (r != data[0])
+        gcry_mpi_release (r);
+      if (s != data[1])
+        gcry_mpi_release (s);
     }
   else if (pkalgo == PUBKEY_ALGO_ELGAMAL || pkalgo == PUBKEY_ALGO_ELGAMAL_E)
     {
@@ -333,18 +419,12 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
     {
       gcry_mpi_t public, result;
       byte fp[MAX_FINGERPRINT_LEN];
-      size_t fpn;
       byte *shared;
       size_t nshared;
 
       /* Get the shared point and the ephemeral public key.  */
       shared = get_data_from_sexp (s_ciph, "s", &nshared);
-      if (!shared)
-        {
-          rc = gpg_error_from_syserror ();
-          goto leave;
-        }
-      public = get_mpi_from_sexp (s_ciph, "e", GCRYMPI_FMT_USG);
+      rc = sexp_extract_param_sos (s_ciph, "e", &public);
       gcry_sexp_release (s_ciph);
       s_ciph = NULL;
       if (DBG_CRYPTO)
@@ -355,13 +435,15 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
         }
 
       result = NULL;
-      fingerprint_from_pk (pk, fp, &fpn);
-      if (fpn != 20)
-        rc = gpg_error (GPG_ERR_INV_LENGTH);
-      else
-        rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/,
-                                                shared, nshared,
-                                                fp, data, pkey, &result);
+      fingerprint_from_pk (pk, fp, NULL);
+
+      if (!rc)
+        {
+          unsigned int nbits;
+          byte *p = gcry_mpi_get_opaque (data, &nbits);
+          rc = pk_ecdh_encrypt_with_shared_point (shared, nshared, fp, p,
+                                                  (nbits+7)/8, pkey, &result);
+        }
       xfree (shared);
       if (!rc)
         {
@@ -382,7 +464,6 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
         resarr[1] = get_mpi_from_sexp (s_ciph, "b", GCRYMPI_FMT_USG);
     }
 
- leave:
   gcry_sexp_release (s_ciph);
   return rc;
 }
@@ -434,10 +515,14 @@ pk_check_secret_key (pubkey_algo_t pkalgo, gcry_mpi_t *skey)
         rc = gpg_error_from_syserror ();
       else
         {
-          rc = gcry_sexp_build (&s_skey, NULL,
-                                "(private-key(ecc(curve %s)"
-                                "(flags eddsa)(q%m)(d%m)))",
-                                curve, skey[1], skey[2]);
+          const char *fmt;
+
+          if (openpgp_oid_is_ed25519 (skey[0]))
+            fmt = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
+          else
+            fmt = "(private-key(ecc(curve %s)(q%m)(d%m)))";
+
+          rc = gcry_sexp_build (&s_skey, NULL, fmt, curve, skey[1], skey[2]);
           xfree (curve);
         }
     }
diff --git a/g10/pkglue.h b/g10/pkglue.h
index 5780e23..308e54f 100644
--- a/g10/pkglue.h
+++ b/g10/pkglue.h
@@ -24,6 +24,8 @@
 
 /*-- pkglue.c --*/
 gcry_mpi_t get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt);
+gpg_error_t sexp_extract_param_sos (gcry_sexp_t sexp, const char *param,
+                                    gcry_mpi_t *r_sos);
 
 int pk_verify (pubkey_algo_t algo, gcry_mpi_t hash, gcry_mpi_t *data,
                gcry_mpi_t *pkey);
@@ -36,16 +38,18 @@ int pk_check_secret_key (pubkey_algo_t algo, gcry_mpi_t *skey);
 gcry_mpi_t  pk_ecdh_default_params (unsigned int qbits);
 gpg_error_t pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k);
 gpg_error_t pk_ecdh_encrypt_with_shared_point
-/*         */  (int is_encrypt, const char *shared, size_t nshared,
+/*         */  (const char *shared, size_t nshared,
                 const byte pk_fp[MAX_FINGERPRINT_LEN],
-                gcry_mpi_t data, gcry_mpi_t *pkey,
+                const byte *data, size_t ndata,
+                gcry_mpi_t *pkey,
                 gcry_mpi_t *out);
 
 int pk_ecdh_encrypt (gcry_mpi_t *resarr, const byte pk_fp[MAX_FINGERPRINT_LEN],
                      gcry_mpi_t data, gcry_mpi_t * pkey);
 int pk_ecdh_decrypt (gcry_mpi_t *result, const byte sk_fp[MAX_FINGERPRINT_LEN],
-                     gcry_mpi_t data, const char *shared, size_t nshared,
-                     gcry_mpi_t *skey);
+                     gcry_mpi_t data,
+                     const byte *frame, size_t nframe,
+                     gcry_mpi_t * skey);
 
 
 #endif /*GNUPG_G10_PKGLUE_H*/
diff --git a/g10/plaintext.c b/g10/plaintext.c
index 3bc8696..3e169d9 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -146,7 +146,6 @@ get_output_file (const byte *embedded_name, int embedded_namelen,
 	}
     }
 
-#ifndef __riscos__
   if (opt.outfp && is_secured_file (es_fileno (opt.outfp)))
     {
       err = gpg_error (GPG_ERR_EPERM);
@@ -168,44 +167,6 @@ get_output_file (const byte *embedded_name, int embedded_namelen,
       log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
       goto leave;
     }
-#else /* __riscos__ */
-  /* If no output filename was given, i.e. we constructed it, convert
-     all '.' in fname to '/' but not vice versa as we don't create
-     directories! */
-  if (!opt.outfile)
-    for (c = 0; fname[c]; ++c)
-      if (fname[c] == '.')
-	fname[c] = '/';
-
-  if (fp || nooutput)
-    ;
-  else
-    {
-      /* Note: riscos stuff is not expected to work anymore.  If we
-         want to port it again to riscos we should do most of the suff
-         in estream.  FIXME: Consider to remove all riscos special
-         cases.  */
-      fp = gnupg_fopen (fname, "wb");
-      if (!fp)
-	{
-	  log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
-	  err = GPG_ERR_CREATE_FILE;
-	  if (errno == 106)
-	    log_info ("Do output file and input file have the same name?\n");
-	  goto leave;
-	}
-
-      /* If there's a ,xxx extension in the embedded filename,
-         use that, else check whether the user input (in fname)
-         has a ,xxx appended, then use that in preference */
-      if ((c = riscos_get_filetype_from_string (embedded_name,
-                                                embedded_namelen)) != -1)
-	filetype = c;
-      if ((c = riscos_get_filetype_from_string (fname, strlen (fname))) != -1)
-	filetype = c;
-      riscos_set_filetype_by_number (fname, filetype);
-    }
-#endif /* __riscos__ */
 
  leave:
   if (err)
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 91dfb77..6e1b089 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -38,7 +38,7 @@
 #include "../common/compliance.h"
 
 
-static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
+static gpg_error_t get_it (ctrl_t ctrl, struct pubkey_enc_list *k,
                            DEK *dek, PKT_public_key *sk, u32 *keyid);
 
 
@@ -72,105 +72,124 @@ is_algo_in_prefs (kbnode_t keyblock, preftype_t type, int algo)
  * which should have been allocated in secure memory by the caller.
  */
 gpg_error_t
-get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
+get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
 {
   PKT_public_key *sk = NULL;
-  int rc;
+  gpg_error_t err;
+  void *enum_context = NULL;
+  u32 keyid[2];
+  int search_for_secret_keys = 1;
+  struct pubkey_enc_list *k;
 
   if (DBG_CLOCK)
     log_clock ("get_session_key enter");
 
-  rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
-  if (rc)
-    goto leave;
-
-  if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets)
+  while (search_for_secret_keys)
     {
       sk = xmalloc_clear (sizeof *sk);
-      sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo.  */
-      if (!(rc = get_seckey (ctrl, sk, k->keyid)))
+      err = enum_secret_keys (ctrl, &enum_context, sk);
+      if (err)
+        break;
+
+      /* Check compliance.  */
+      if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                 sk->pubkey_algo, 0,
+                                 sk->pkey, nbits_from_pk (sk), NULL))
         {
-          /* Check compliance.  */
-          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
-                                     sk->pubkey_algo, 0,
-                                     sk->pkey, nbits_from_pk (sk), NULL))
-            {
-              log_info (_("key %s is not suitable for decryption"
-                          " in %s mode\n"),
-                        keystr_from_pk (sk),
-                        gnupg_compliance_option_string (opt.compliance));
-              rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
-            }
-          else
-            rc = get_it (ctrl, k, dek, sk, k->keyid);
+          log_info (_("key %s is not suitable for decryption"
+                      " in %s mode\n"),
+                    keystr_from_pk (sk),
+                    gnupg_compliance_option_string (opt.compliance));
+          continue;
         }
-    }
-  else if (opt.skip_hidden_recipients)
-    rc = gpg_error (GPG_ERR_NO_SECKEY);
-  else  /* Anonymous receiver: Try all available secret keys.  */
-    {
-      void *enum_context = NULL;
-      u32 keyid[2];
 
-      for (;;)
+      /* FIXME: The list needs to be sorted so that we try the keys in
+       * an appropriate order.  For example:
+       * - On-disk keys w/o protection
+       * - On-disk keys with a cached passphrase
+       * - On-card keys of an active card
+       * - On-disk keys with protection
+       * - On-card keys from cards which are not plugged it.  Here a
+       *   cancel-all button should stop asking for other cards.
+       * Without any anonymous keys the sorting can be skipped.
+       */
+      for (k = list; k; k = k->next)
         {
-          sk = xmalloc_clear (sizeof *sk);
-          rc = enum_secret_keys (ctrl, &enum_context, sk);
-          if (rc)
-            {
-              sk = NULL;  /* enum_secret_keys turns SK into a shallow copy! */
-              rc = GPG_ERR_NO_SECKEY;
-              break;
-            }
-          if (sk->pubkey_algo != k->pubkey_algo)
+          if (!(k->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
+                || k->pubkey_algo == PUBKEY_ALGO_ECDH
+                || k->pubkey_algo == PUBKEY_ALGO_RSA
+                || k->pubkey_algo == PUBKEY_ALGO_RSA_E
+                || k->pubkey_algo == PUBKEY_ALGO_ELGAMAL))
             continue;
-          if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+
+          if (openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC))
+            continue;
+
+          if (sk->pubkey_algo != k->pubkey_algo)
             continue;
+
           keyid_from_pk (sk, keyid);
-          if (!opt.quiet)
-            log_info (_("anonymous recipient; trying secret key %s ...\n"),
-                      keystr (keyid));
-
-          /* Check compliance.  */
-          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
-                                     sk->pubkey_algo, 0,
-                                     sk->pkey, nbits_from_pk (sk), NULL))
+
+          if (!k->keyid[0] && !k->keyid[1])
             {
-              log_info (_("key %s is not suitable for decryption"
-                          " in %s mode\n"),
-                          keystr_from_pk (sk),
-                          gnupg_compliance_option_string (opt.compliance));
-              continue;
+              if (opt.skip_hidden_recipients)
+                continue;
+
+              if (!opt.quiet)
+                log_info (_("anonymous recipient; trying secret key %s ...\n"),
+                          keystr (keyid));
             }
+          else if (opt.try_all_secrets
+                   || (k->keyid[0] == keyid[0] && k->keyid[1] == keyid[1]))
+            {
+              if (!opt.quiet && !(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+                log_info (_("used key is not marked for encryption use.\n"));
+            }
+          else
+            continue;
 
-          rc = get_it (ctrl, k, dek, sk, keyid);
-          if (!rc)
+          err = get_it (ctrl, k, dek, sk, keyid);
+          k->result = err;
+          if (!err)
             {
-              if (!opt.quiet)
-                log_info (_("okay, we are the anonymous recipient.\n"));
-              sk = NULL;
+              if (!opt.quiet && !k->keyid[0] && !k->keyid[1])
+                {
+                  log_info (_("okay, we are the anonymous recipient.\n"));
+                  if (!(sk->pubkey_usage & PUBKEY_USAGE_ENC))
+                    log_info (_("used key is not marked for encryption use.\n")
+                              );
+                }
+              search_for_secret_keys = 0;
               break;
             }
-          else if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED)
+          else if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
             {
-              sk = NULL;
+              search_for_secret_keys = 0;
               break; /* Don't try any more secret keys.  */
             }
         }
-      enum_secret_keys (ctrl, &enum_context, NULL);  /* free context */
+    }
+  enum_secret_keys (ctrl, &enum_context, NULL);  /* free context */
+
+  if (gpg_err_code (err) == GPG_ERR_EOF)
+    {
+      err = gpg_error (GPG_ERR_NO_SECKEY);
+
+      /* Return the last specific error, if any.  */
+      for (k = list; k; k = k->next)
+        if (k->result != -1)
+          err = k->result;
     }
 
- leave:
-  free_public_key (sk);
   if (DBG_CLOCK)
     log_clock ("get_session_key leave");
-  return rc;
+  return err;
 }
 
 
 static gpg_error_t
 get_it (ctrl_t ctrl,
-        PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
+        struct pubkey_enc_list *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
 {
   gpg_error_t err;
   byte *frame = NULL;
@@ -182,7 +201,6 @@ get_it (ctrl_t ctrl,
   char *desc;
   char *keygrip;
   byte fp[MAX_FINGERPRINT_LEN];
-  size_t fpn;
 
   if (DBG_CLOCK)
     log_clock ("decryption start");
@@ -226,10 +244,7 @@ get_it (ctrl_t ctrl,
     goto leave;
 
   if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
-    {
-      fingerprint_from_pk (sk, fp, &fpn);
-      log_assert (fpn == 20);
-    }
+    fingerprint_from_pk (sk, fp, NULL);
 
   /* Decrypt. */
   desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);
@@ -266,6 +281,7 @@ get_it (ctrl_t ctrl,
     {
       gcry_mpi_t decoded;
 
+      /* At the beginning the frame are the bytes of shared point MPI.  */
       err = pk_ecdh_decrypt (&decoded, fp, enc->data[1]/*encr data as an MPI*/,
                              frame, nframe, sk->pkey);
       if(err)
diff --git a/g10/revoke.c b/g10/revoke.c
index 035a2e9..c0a003b 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -217,7 +217,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 
     afx = new_armor_context ();
 
-    kdbhd = keydb_new ();
+    kdbhd = keydb_new (ctrl);
     if (!kdbhd)
       {
         rc = gpg_error_from_syserror ();
@@ -277,12 +277,12 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 
 		fingerprint_from_pk (list->pk, fpr, &fprlen);
 
-		/* Don't get involved with keys that don't have 160
-		   bit fingerprints */
-		if(fprlen!=20)
+		/* Don't get involved with keys that don't have a v4
+		 * or v5 fingerprint */
+		if (fprlen != 20 && fprlen != 32)
 		  continue;
 
-		if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
+		if (!memcmp(fpr,pk->revkey[i].fpr, fprlen))
 		  break;
 	      }
 
@@ -295,7 +295,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 	  {
 	    pk2 = xmalloc_clear (sizeof *pk2);
 	    rc = get_pubkey_byfprint (ctrl, pk2, NULL,
-                                      pk->revkey[i].fpr, MAX_FINGERPRINT_LEN);
+                                      pk->revkey[i].fpr, pk->revkey[i].fprlen);
 	  }
 
 	/* We have the revocation key.  */
@@ -305,18 +305,17 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 
 	    any = 1;
 
-            print_pubkey_info (ctrl, NULL, pk);
+            print_key_info (ctrl, NULL, 0, pk, 0);
 	    tty_printf ("\n");
 
 	    tty_printf (_("To be revoked by:\n"));
-            print_seckey_info (ctrl, pk2);
+            print_key_info (ctrl, NULL, 0, pk2, 1);
 
 	    if(pk->revkey[i].class&0x40)
 	      tty_printf(_("(This is a sensitive revocation key)\n"));
 	    tty_printf("\n");
 
-	    rc = agent_probe_secret_key (ctrl, pk2);
-	    if (rc)
+	    if (!agent_probe_secret_key (ctrl, pk2))
 	      {
 		tty_printf (_("Secret key is not available.\n"));
 		continue;
@@ -343,7 +342,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 	    push_armor_filter (afx, out);
 
 	    /* create it */
-	    rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk2, 0x20, 0,
+	    rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk2, 0x20,
 				     0, 0,
 				     revocation_reason_build_cb, reason,
                                      NULL);
@@ -388,15 +387,18 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 
 		    for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
 		      {
-			if(pk->revkey[i].class==
-			   signode->pkt->pkt.signature->revkey[j].class &&
-			   pk->revkey[i].algid==
-			   signode->pkt->pkt.signature->revkey[j].algid &&
-			   memcmp(pk->revkey[i].fpr,
-				  signode->pkt->pkt.signature->revkey[j].fpr,
-				  MAX_FINGERPRINT_LEN)==0)
+			if (pk->revkey[i].class
+                               == signode->pkt->pkt.signature->revkey[j].class
+                            && pk->revkey[i].algid
+                                == signode->pkt->pkt.signature->revkey[j].algid
+                            && pk->revkey[i].fprlen
+                               == signode->pkt->pkt.signature->revkey[j].fprlen
+                            && !memcmp
+                                 (pk->revkey[i].fpr,
+                                  signode->pkt->pkt.signature->revkey[j].fpr,
+                                  pk->revkey[i].fprlen))
 			  {
-			    revkey=signode->pkt->pkt.signature;
+			    revkey = signode->pkt->pkt.signature;
 			    break;
 			  }
 		      }
@@ -471,7 +473,7 @@ create_revocation (ctrl_t ctrl,
   afx->hdrlines = "Comment: This is a revocation certificate\n";
   push_armor_filter (afx, out);
 
-  rc = make_keysig_packet (ctrl, &sig, psk, NULL, NULL, psk, 0x20, 0,
+  rc = make_keysig_packet (ctrl, &sig, psk, NULL, NULL, psk, 0x20,
                            0, 0,
                            revocation_reason_build_cb, reason, cache_nonce);
   if (rc)
@@ -480,7 +482,7 @@ create_revocation (ctrl_t ctrl,
       goto leave;
     }
 
-  if (keyblock && (PGP6 || PGP7 || PGP8))
+  if (keyblock && (PGP7 || PGP8))
     {
       /* Use a minimal pk for PGPx mode, since PGP can't import bare
          revocation certificates. */
@@ -638,7 +640,7 @@ gen_revoke (ctrl_t ctrl, const char *uname)
     }
 
   /* Search the userid; we don't want the whole getkey stuff here.  */
-  kdbhd = keydb_new ();
+  kdbhd = keydb_new (ctrl);
   if (!kdbhd)
     {
       rc = gpg_error_from_syserror ();
@@ -666,30 +668,26 @@ gen_revoke (ctrl_t ctrl, const char *uname)
 
   rc = keydb_search (kdbhd, &desc, 1, NULL);
   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
-    /* Not ambiguous.  */
     {
+      /* Not ambiguous.  */
     }
   else if (rc == 0)
-    /* Ambiguous.  */
     {
-      char *info;
-
+      /* Ambiguous.  */
       /* TRANSLATORS: The %s prints a key specification which
          for example has been given at the command line.  Several lines
          lines with secret key infos are printed after this message.  */
       log_error (_("'%s' matches multiple secret keys:\n"), uname);
 
-      info = format_seckey_info (ctrl, keyblock->pkt->pkt.public_key);
-      log_error ("  %s\n", info);
-      xfree (info);
+      print_key_info_log (ctrl, GPGRT_LOGLVL_ERROR, 2,
+                          keyblock->pkt->pkt.public_key, 1);
       release_kbnode (keyblock);
 
       rc = keydb_get_keyblock (kdbhd, &keyblock);
       while (! rc)
         {
-          info = format_seckey_info (ctrl, keyblock->pkt->pkt.public_key);
-          log_info ("  %s\n", info);
-          xfree (info);
+          print_key_info_log (ctrl, GPGRT_LOGLVL_INFO, 2,
+                              keyblock->pkt->pkt.public_key, 1);
           release_kbnode (keyblock);
           keyblock = NULL;
 
@@ -714,16 +712,16 @@ gen_revoke (ctrl_t ctrl, const char *uname)
     BUG ();
 
   psk = node->pkt->pkt.public_key;
-  rc = agent_probe_secret_key (NULL, psk);
-  if (rc)
+  if (!agent_probe_secret_key (NULL, psk))
     {
+      rc = gpg_error (GPG_ERR_NO_SECKEY);
       log_error (_("secret key \"%s\" not found: %s\n"),
                  uname, gpg_strerror (rc));
       goto leave;
     }
 
   keyid_from_pk (psk, keyid );
-  print_seckey_info (ctrl, psk);
+  print_key_info (ctrl, NULL, 0, psk, 1);
 
   tty_printf("\n");
   if (!cpr_get_answer_is_yes ("gen_revoke.okay",
diff --git a/g10/seskey.c b/g10/seskey.c
index 1549017..15c210b 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -82,7 +82,6 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
   byte *frame;
   int i,n;
   u16 csum;
-  gcry_mpi_t a;
 
   if (DBG_CRYPTO)
     log_debug ("encode_session_key: encoding %d byte DEK", dek->keylen);
@@ -95,7 +94,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
      output be a multiple of 8 bytes.  */
   if (openpgp_pk_algo == PUBKEY_ALGO_ECDH)
     {
-      /* Pad to 8 byte granulatiry; the padding byte is the number of
+      /* Pad to 8 byte granularity; the padding byte is the number of
        * padded bytes.
        *
        * A  DEK(k bytes)  CSUM(2 bytes) 0x 0x 0x 0x ... 0x
@@ -124,10 +123,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
                    (int) nframe, frame[0], frame[1], frame[2],
                    frame[nframe-3], frame[nframe-2], frame[nframe-1]);
 
-      if (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, nframe, &nframe))
-        BUG();
-      xfree(frame);
-      return a;
+      return gcry_mpi_set_opaque (NULL, frame, 8*nframe);
     }
 
   /* The current limitation is that we can only use a session key
@@ -143,7 +139,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
    *
    *	   0  2  RND(i bytes)  0  A  DEK(k bytes)  CSUM(2 bytes)
    *
-   * (But how can we store the leading 0 - the external representaion
+   * (But how can we store the leading 0 - the external representation
    *  of MPIs doesn't allow leading zeroes =:-)
    *
    * RND are (at least 1) non-zero random bytes.
@@ -195,10 +191,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
   frame[n++] = csum >>8;
   frame[n++] = csum;
   log_assert (n == nframe);
-  if (gcry_mpi_scan( &a, GCRYMPI_FMT_USG, frame, n, &nframe))
-    BUG();
-  xfree (frame);
-  return a;
+  return gcry_mpi_set_opaque (NULL, frame, 8*n);
 }
 
 
diff --git a/g10/sig-check.c b/g10/sig-check.c
index eeaf6f0..8dd18b2 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -37,11 +37,14 @@
 
 static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 				gcry_md_hd_t digest,
+                                const void *extrahash, size_t extrahashlen,
 				int *r_expired, int *r_revoked,
 				PKT_public_key *ret_pk);
 
 static int check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
-                                       gcry_md_hd_t digest);
+                                       gcry_md_hd_t digest,
+                                       const void *extrahash,
+                                       size_t extrahashlen);
 
 
 /* Statistics for signature verification.  */
@@ -64,41 +67,13 @@ sig_check_dump_stats (void)
 }
 
 
-static gpg_error_t
-check_key_verify_compliance (PKT_public_key *pk)
-{
-  gpg_error_t err = 0;
-
-  if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
-                            pk->pubkey_algo, 0, pk->pkey,
-                            nbits_from_pk (pk),
-                            NULL))
-    {
-      /* Compliance failure.  */
-      log_info (_("key %s may not be used for signing in %s mode\n"),
-                 keystr_from_pk (pk),
-                 gnupg_compliance_option_string (opt.compliance));
-      if (opt.flags.override_compliance_check)
-        log_info (_("continuing verification anyway due to option %s\n"),
-                  "--override-compliance-failure");
-      else
-        {
-          log_inc_errorcount (); /* We used log info above.  */
-          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-        }
-    }
-
-  return err;
-}
-
-
-
 /* Check a signature.  This is shorthand for check_signature2 with
    the unnamed arguments passed as NULL.  */
 int
 check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
 {
-  return check_signature2 (ctrl, sig, digest, NULL, NULL, NULL, NULL, NULL);
+  return check_signature2 (ctrl, sig, digest, NULL, 0, NULL,
+                           NULL, NULL, NULL, NULL);
 }
 
 
@@ -124,8 +99,12 @@ check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
  * signature data from the version number through the hashed subpacket
  * data (inclusive) is hashed.")
  *
+ * EXTRAHASH and EXTRAHASHLEN is additional data which is hashed with
+ * v5 signatures.  They may be NULL to use the default.
+ *
  * If FORCED_PK is not NULL this public key is used to verify the
- * signature and no other public key is looked up.
+ * signature and no other public key is looked up.  This is used to
+ * verify against a key included in the signature.
  *
  * If R_EXPIREDATE is not NULL, R_EXPIREDATE is set to the key's
  * expiry.
@@ -145,6 +124,7 @@ check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
 gpg_error_t
 check_signature2 (ctrl_t ctrl,
                   PKT_signature *sig, gcry_md_hd_t digest,
+                  const void *extrahash, size_t extrahashlen,
                   PKT_public_key *forced_pk,
                   u32 *r_expiredate,
 		  int *r_expired, int *r_revoked, PKT_public_key **r_pk)
@@ -192,8 +172,17 @@ check_signature2 (ctrl_t ctrl,
     }
   else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk))
     rc = gpg_error (GPG_ERR_NO_PUBKEY);
-  else if ((rc = check_key_verify_compliance (pk)))
-    ;/* Compliance failure.  */
+  else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+                                 pk->pubkey_algo, 0, pk->pkey,
+                                 nbits_from_pk (pk),
+                                 NULL))
+    {
+      /* Compliance failure.  */
+      log_error (_("key %s may not be used for signing in %s mode\n"),
+                 keystr_from_pk (pk),
+                 gnupg_compliance_option_string (opt.compliance));
+      rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+    }
   else if (!pk->flags.valid)
     {
       /* You cannot have a good sig from an invalid key.  */
@@ -204,7 +193,8 @@ check_signature2 (ctrl_t ctrl,
       if (r_expiredate)
         *r_expiredate = pk->expiredate;
 
-      rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
+      rc = check_signature_end (pk, sig, digest, extrahash, extrahashlen,
+                                r_expired, r_revoked, NULL);
 
       /* Check the backsig.  This is a back signature (0x19) from
        * the subkey on the primary key.  The idea here is that it
@@ -235,38 +225,44 @@ check_signature2 (ctrl_t ctrl,
 
     }
 
-  if (!rc && sig->sig_class < 2 && is_status_enabled ())
-    {
-      /* This signature id works best with DLP algorithms because
-       * they use a random parameter for every signature.  Instead of
-       * this sig-id we could have also used the hash of the document
-       * and the timestamp, but the drawback of this is, that it is
-       * not possible to sign more than one identical document within
-       * one second.	Some remote batch processing applications might
-       * like this feature here.
-       *
-       * Note that before 2.0.10, we used RIPE-MD160 for the hash
-       * and accidentally didn't include the timestamp and algorithm
-       * information in the hash.  Given that this feature is not
-       * commonly used and that a replay attacks detection should
-       * not solely be based on this feature (because it does not
-       * work with RSA), we take the freedom and switch to SHA-1
-       * with 2.0.10 to take advantage of hardware supported SHA-1
-       * implementations.  We also include the missing information
-       * in the hash.  Note also the SIG_ID as computed by gpg 1.x
-       * and gpg 2.x didn't matched either because 2.x used to print
-       * MPIs not in PGP format.  */
-      u32 a = sig->timestamp;
-      int nsig = pubkey_get_nsig (sig->pubkey_algo);
-      unsigned char *p, *buffer;
-      size_t n, nbytes;
-      int i;
-      char hashbuf[20];
+    if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
+	/* This signature id works best with DLP algorithms because
+	 * they use a random parameter for every signature.  Instead of
+	 * this sig-id we could have also used the hash of the document
+	 * and the timestamp, but the drawback of this is, that it is
+	 * not possible to sign more than one identical document within
+	 * one second.	Some remote batch processing applications might
+	 * like this feature here.
+         *
+         * Note that before 2.0.10, we used RIPE-MD160 for the hash
+         * and accidentally didn't include the timestamp and algorithm
+         * information in the hash.  Given that this feature is not
+         * commonly used and that a replay attacks detection should
+         * not solely be based on this feature (because it does not
+         * work with RSA), we take the freedom and switch to SHA-1
+         * with 2.0.10 to take advantage of hardware supported SHA-1
+         * implementations.  We also include the missing information
+         * in the hash.  Note also the SIG_ID as computed by gpg 1.x
+         * and gpg 2.x didn't matched either because 2.x used to print
+         * MPIs not in PGP format.  */
+	u32 a = sig->timestamp;
+	int nsig = pubkey_get_nsig( sig->pubkey_algo );
+	unsigned char *p, *buffer;
+        size_t n, nbytes;
+        int i;
+        char hashbuf[20];  /* We use SHA-1 here.  */
 
       nbytes = 6;
       for (i=0; i < nsig; i++ )
         {
-          if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i]))
+          if (gcry_mpi_get_flag (sig->data[i], GCRYMPI_FLAG_OPAQUE))
+            {
+              unsigned int nbits;
+
+              gcry_mpi_get_opaque (sig->data[i], &nbits);
+              n = (nbits+7)/8 + 2;
+            }
+          else if (gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &n, sig->data[i]))
             BUG();
           nbytes += n;
         }
@@ -287,7 +283,19 @@ check_signature2 (ctrl_t ctrl,
       nbytes -= 6;
       for (i=0; i < nsig; i++ )
         {
-          if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i]))
+          if (gcry_mpi_get_flag (sig->data[i], GCRYMPI_FLAG_OPAQUE))
+            {
+              const byte *sigdata;
+              unsigned int nbits;
+
+              sigdata = gcry_mpi_get_opaque (sig->data[i], &nbits);
+              n = (nbits+7)/8;
+              p[0] = nbits >> 8;
+              p[1] = (nbits & 0xff);
+              memcpy (p+2, sigdata, n);
+              n += 2;
+            }
+          else if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i]))
             BUG();
           p += n;
           nbytes -= n;
@@ -450,6 +458,7 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
 static int
 check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 		     gcry_md_hd_t digest,
+                     const void *extrahash, size_t extrahashlen,
 		     int *r_expired, int *r_revoked, PKT_public_key *ret_pk)
 {
   int rc = 0;
@@ -458,7 +467,8 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
                                                r_expired, r_revoked)))
     return rc;
 
-  if ((rc = check_signature_end_simple (pk, sig, digest)))
+  if ((rc = check_signature_end_simple (pk, sig, digest,
+                                        extrahash, extrahashlen)))
     return rc;
 
   if (!rc && ret_pk)
@@ -473,7 +483,8 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
  * expiration, revocation, etc.  */
 static int
 check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
-                            gcry_md_hd_t digest)
+                            gcry_md_hd_t digest,
+                            const void *extrahash, size_t extrahashlen)
 {
   gcry_mpi_t result = NULL;
   int rc = 0;
@@ -534,8 +545,10 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
     }
   else
     {
-      byte buf[6];
+      byte buf[10];
+      int i;
       size_t n;
+
       gcry_md_putc (digest, sig->pubkey_algo);
       gcry_md_putc (digest, sig->digest_algo);
       if (sig->hashed)
@@ -554,25 +567,59 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 	  gcry_md_putc (digest, 0);
 	  n = 6;
 	}
+      /* Hash data from the literal data packet.  */
+      if (sig->version >= 5
+          && (sig->sig_class == 0x00 || sig->sig_class == 0x01))
+        {
+          /* - One octet content format
+           * - File name (one octet length followed by the name)
+           * - Four octet timestamp */
+          if (extrahash && extrahashlen)
+            gcry_md_write (digest, extrahash, extrahashlen);
+          else /* Detached signature. */
+            {
+              memset (buf, 0, 6);
+              gcry_md_write (digest, buf, 6);
+            }
+        }
       /* Add some magic per Section 5.2.4 of RFC 4880.  */
-      buf[0] = sig->version;
-      buf[1] = 0xff;
-      buf[2] = n >> 24;
-      buf[3] = n >> 16;
-      buf[4] = n >>  8;
-      buf[5] = n;
-      gcry_md_write( digest, buf, 6 );
+      i = 0;
+      buf[i++] = sig->version;
+      buf[i++] = 0xff;
+      if (sig->version >= 5)
+        {
+#if SIZEOF_SIZE_T > 4
+          buf[i++] = n >> 56;
+          buf[i++] = n >> 48;
+          buf[i++] = n >> 40;
+          buf[i++] = n >> 32;
+#else
+          buf[i++] = 0;
+          buf[i++] = 0;
+          buf[i++] = 0;
+          buf[i++] = 0;
+#endif
+        }
+      buf[i++] = n >> 24;
+      buf[i++] = n >> 16;
+      buf[i++] = n >>  8;
+      buf[i++] = n;
+      gcry_md_write (digest, buf, i);
     }
-  gcry_md_final( digest );
+    gcry_md_final( digest );
 
-  /* Convert the digest to an MPI.  */
-  result = encode_md_value (pk, digest, sig->digest_algo );
-  if (!result)
-    return GPG_ERR_GENERAL;
+    /* Convert the digest to an MPI.  */
+    result = encode_md_value (pk, digest, sig->digest_algo );
+    if (!result)
+        return GPG_ERR_GENERAL;
 
-  /* Verify the signature.  */
-  rc = pk_verify (pk->pubkey_algo, result, sig->data, pk->pkey);
-  gcry_mpi_release (result);
+    /* Verify the signature.  */
+    if (DBG_CLOCK && sig->sig_class <= 0x01)
+      log_clock ("enter pk_verify");
+    rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
+    if (DBG_CLOCK && sig->sig_class <= 0x01)
+      log_clock ("leave pk_verify");
+    gcry_mpi_release (result);
 
   if (!rc && sig->flags.unknown_critical)
     {
@@ -592,7 +639,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
 {
   if (uid->attrib_data)
     {
-      if (sig->version >=4)
+      if (sig->version >= 4)
         {
           byte buf[5];
           buf[0] = 0xd1;		   /* packet of type 17 */
@@ -606,7 +653,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
     }
   else
     {
-      if (sig->version >=4)
+      if (sig->version >= 4)
         {
           byte buf[5];
           buf[0] = 0xb4;	      /* indicates a userid packet */
@@ -727,8 +774,8 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
 	  /* The revoker's keyid.  */
           u32 keyid[2];
 
-          keyid_from_fingerprint (ctrl, pk->revkey[i].fpr,
-                                  MAX_FINGERPRINT_LEN, keyid);
+          keyid_from_fingerprint (ctrl, pk->revkey[i].fpr, pk->revkey[i].fprlen,
+                                  keyid);
 
           if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
 	    /* The signature was generated by a designated revoker.
@@ -783,7 +830,7 @@ check_backsig (PKT_public_key *main_pk,PKT_public_key *sub_pk,
     {
       hash_public_key(md,main_pk);
       hash_public_key(md,sub_pk);
-      rc = check_signature_end (sub_pk, backsig, md, NULL, NULL, NULL);
+      rc = check_signature_end (sub_pk, backsig, md, NULL, 0, NULL, NULL, NULL);
       cache_sig_result(backsig,rc);
       gcry_md_close(md);
     }
@@ -969,34 +1016,32 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
     {
       log_assert (packet->pkttype == PKT_PUBLIC_KEY);
       hash_public_key (md, packet->pkt.public_key);
-      rc = check_signature_end_simple (signer, sig, md);
+      rc = check_signature_end_simple (signer, sig, md, NULL, 0);
     }
   else if (IS_BACK_SIG (sig))
     {
       log_assert (packet->pkttype == PKT_PUBLIC_KEY);
       hash_public_key (md, packet->pkt.public_key);
       hash_public_key (md, signer);
-      rc = check_signature_end_simple (signer, sig, md);
+      rc = check_signature_end_simple (signer, sig, md, NULL, 0);
     }
   else if (IS_SUBKEY_SIG (sig) || IS_SUBKEY_REV (sig))
     {
       log_assert (packet->pkttype == PKT_PUBLIC_SUBKEY);
       hash_public_key (md, pripk);
       hash_public_key (md, packet->pkt.public_key);
-      rc = check_signature_end_simple (signer, sig, md);
+      rc = check_signature_end_simple (signer, sig, md, NULL, 0);
     }
   else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
     {
       log_assert (packet->pkttype == PKT_USER_ID);
       if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
-          && sig->timestamp > 1547856000
           && !opt.flags.allow_weak_key_signatures)
         {
           /* If the signature was created using SHA-1 we consider this
            * signature invalid because it makes it possible to mount a
            * chosen-prefix collision.  We don't do this for
-           * self-signatures or for signatures created before the
-           * somewhat arbitrary cut-off date 2019-01-19.  */
+           * self-signatures, though.  */
           print_sha1_keysig_rejected_note ();
           rc = gpg_error (GPG_ERR_DIGEST_ALGO);
         }
@@ -1004,7 +1049,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
         {
           hash_public_key (md, pripk);
           hash_uid_packet (packet->pkt.user_id, md, sig);
-          rc = check_signature_end_simple (signer, sig, md);
+          rc = check_signature_end_simple (signer, sig, md, NULL, 0);
         }
     }
   else
@@ -1066,7 +1111,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
  * signature packet's data structure.
  *
  * TODO: add r_revoked here as well.  It has the same problems as
- * r_expiredate and r_expired and the cache.  */
+ * r_expiredate and r_expired and the cache [nw].  Which problems [wk]? */
 int
 check_key_signature2 (ctrl_t ctrl,
                       kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
diff --git a/g10/sign.c b/g10/sign.c
index f272319..b168438 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -49,22 +49,34 @@
 #define LF "\n"
 #endif
 
+
 /* Bitflags to convey hints on what kind of signayire is created.  */
 #define SIGNHINT_KEYSIG  1
 #define SIGNHINT_SELFSIG 2
 
 
 /* Hack */
-static int recipient_digest_algo=0;
+static int recipient_digest_algo;
+
 
+/* A type for the extra data we hash into v5 signature packets.  */
+struct pt_extra_hash_data_s
+{
+  unsigned char mode;
+  u32 timestamp;
+  unsigned char namelen;
+  char name[1];
+};
+typedef struct pt_extra_hash_data_s *pt_extra_hash_data_t;
 
-/****************
- * Create notations and other stuff.  It is assumed that the stings in
+
+/*
+ * Create notations and other stuff.  It is assumed that the strings in
  * STRLIST are already checked to contain only printable data and have
  * a valid NAME=VALUE format.
  */
 static void
-mk_notation_policy_etc (PKT_signature *sig,
+mk_notation_policy_etc (ctrl_t ctrl, PKT_signature *sig,
 			PKT_public_key *pk, PKT_public_key *pksk)
 {
   const char *string;
@@ -80,7 +92,9 @@ mk_notation_policy_etc (PKT_signature *sig,
   args.pksk = pksk;
 
   /* Notation data. */
-  if (IS_SIG(sig) && opt.sig_notations)
+  if (IS_ATTST_SIGS(sig))
+    ;
+  else if (IS_SIG(sig) && opt.sig_notations)
     nd = opt.sig_notations;
   else if (IS_CERT(sig) && opt.cert_notations)
     nd = opt.cert_notations;
@@ -91,7 +105,7 @@ mk_notation_policy_etc (PKT_signature *sig,
 
       for (item = nd; item; item = item->next)
         {
-          item->altvalue = pct_expando (item->value,&args);
+          item->altvalue = pct_expando (ctrl, item->value,&args);
           if (!item->altvalue)
             log_error (_("WARNING: unable to %%-expand notation "
                          "(too large).  Using unexpanded.\n"));
@@ -107,7 +121,9 @@ mk_notation_policy_etc (PKT_signature *sig,
     }
 
   /* Set policy URL. */
-  if (IS_SIG(sig) && opt.sig_policy_url)
+  if (IS_ATTST_SIGS(sig))
+    ;
+  else if (IS_SIG(sig) && opt.sig_policy_url)
     pu = opt.sig_policy_url;
   else if (IS_CERT(sig) && opt.cert_policy_url)
     pu = opt.cert_policy_url;
@@ -116,7 +132,7 @@ mk_notation_policy_etc (PKT_signature *sig,
     {
       string = pu->d;
 
-      p = pct_expando (string, &args);
+      p = pct_expando (ctrl, string, &args);
       if (!p)
         {
           log_error(_("WARNING: unable to %%-expand policy URL "
@@ -139,7 +155,7 @@ mk_notation_policy_etc (PKT_signature *sig,
     {
       string = pu->d;
 
-      p = pct_expando (string, &args);
+      p = pct_expando (ctrl, string, &args);
       if (!p)
         {
           log_error (_("WARNING: unable to %%-expand preferred keyserver URL"
@@ -159,7 +175,8 @@ mk_notation_policy_etc (PKT_signature *sig,
       char *mbox;
 
       /* For now we use the uid which was used to locate the key.  */
-      if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name)))
+      if (pksk->user_id
+          && (mbox = mailbox_from_userid (pksk->user_id->name, 0)))
         {
           if (DBG_LOOKUP)
             log_debug ("setting Signer's UID to '%s'\n", mbox);
@@ -187,7 +204,7 @@ mk_notation_policy_etc (PKT_signature *sig,
 
 
 /*
- * Put the Key Block subpakcet into SIG for key PKSK.  Returns an
+ * Put the Key Block subpacket into SIG for key PKSK.  Returns an
  * error code on failure.
  */
 static gpg_error_t
@@ -211,7 +228,7 @@ mk_sig_subpkt_key_block (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pksk)
   /* Get the user id so that we know which one to insert into the
    * key.  */
   if (pksk->user_id
-      && (mbox = mailbox_from_userid (pksk->user_id->name)))
+      && (mbox = mailbox_from_userid (pksk->user_id->name, 0)))
     {
       if (DBG_LOOKUP)
         log_debug ("including key with UID '%s' (specified)\n", mbox);
@@ -306,12 +323,16 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
 
 
 /*
- * Helper to hash some parts from the signature
+ * Helper to hash some parts from the signature.  EXTRAHASH gives the
+ * extra data to be hashed into v5 signatures; it may by NULL for
+ * detached signatures.
  */
 static void
-hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
+hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig,
+                          pt_extra_hash_data_t extrahash)
 {
-  byte buf[6];
+  byte buf[10];
+  int i;
   size_t n;
 
   gcry_md_putc (md, sig->version);
@@ -332,14 +353,54 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
       gcry_md_putc (md, 0);
       n = 6;
     }
-  /* Add some magic.  */
-  buf[0] = sig->version;
-  buf[1] = 0xff;
-  buf[2] = n >> 24;         /* (n is only 16 bit, so this is always 0) */
-  buf[3] = n >> 16;
-  buf[4] = n >>  8;
-  buf[5] = n;
-  gcry_md_write (md, buf, 6);
+  /* Hash data from the literal data packet.  */
+  if (sig->version >= 5 && (sig->sig_class == 0x00 || sig->sig_class == 0x01))
+    {
+      /* - One octet content format
+       * - File name (one octet length followed by the name)
+       * - Four octet timestamp */
+      if (extrahash)
+        {
+          buf[0] = extrahash->mode;
+          buf[1] = extrahash->namelen;
+          gcry_md_write (md, buf, 2);
+          if (extrahash->namelen)
+            gcry_md_write (md, extrahash->name, extrahash->namelen);
+          buf[0] = extrahash->timestamp >> 24;
+          buf[1] = extrahash->timestamp >> 16;
+          buf[2] = extrahash->timestamp >>  8;
+          buf[3] = extrahash->timestamp;
+          gcry_md_write (md, buf, 4);
+        }
+      else /* Detached signatures */
+        {
+          memset (buf, 0, 6);
+          gcry_md_write (md, buf, 6);
+        }
+    }
+  /* Add some magic aka known as postscript.  The idea was to make it
+   * impossible to make up a document with a v3 signature and then
+   * turn this into a v4 signature for another document.  The last
+   * hashed 5 bytes of a v4 signature should never look like a the
+   * last 5 bytes of a v3 signature.  The length can be used to parse
+   * from the end. */
+  i = 0;
+  buf[i++] = sig->version;  /* Hash convention version.  */
+  buf[i++] = 0xff;          /* Not any sig type value.   */
+  if (sig->version >= 5)
+    {
+      /* Note: We don't hashed any data larger than 2^32 and thus we
+       * can always use 0 here.  See also note below.  */
+      buf[i++] = 0;
+      buf[i++] = 0;
+      buf[i++] = 0;
+      buf[i++] = 0;
+    }
+  buf[i++] = n >> 24;         /* (n is only 16 bit, so this is always 0) */
+  buf[i++] = n >> 16;
+  buf[i++] = n >>  8;
+  buf[i++] = n;
+  gcry_md_write (md, buf, i);
 }
 
 
@@ -445,10 +506,12 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
       else if (pksk->pubkey_algo == GCRY_PK_RSA
                || pksk->pubkey_algo == GCRY_PK_RSA_S)
         sig->data[0] = get_mpi_from_sexp (s_sigval, "s", GCRYMPI_FMT_USG);
-      else if (openpgp_oid_is_ed25519 (pksk->pkey[0]))
+      else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
+               || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
         {
-          sig->data[0] = get_mpi_from_sexp (s_sigval, "r", GCRYMPI_FMT_OPAQUE);
-          sig->data[1] = get_mpi_from_sexp (s_sigval, "s", GCRYMPI_FMT_OPAQUE);
+          err = sexp_extract_param_sos (s_sigval, "r", &sig->data[0]);
+          if (!err)
+            err = sexp_extract_param_sos (s_sigval, "s", &sig->data[1]);
         }
       else
         {
@@ -462,12 +525,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
 
  leave:
   if (err)
-    {
-      log_error (_("signing failed: %s\n"), gpg_strerror (err));
-      if (gpg_err_source (err) == GPG_ERR_SOURCE_SCD
-          && gpg_err_code (err) == GPG_ERR_INV_ID)
-        print_further_info ("a reason might be a card with replaced keys");
-    }
+    log_error (_("signing failed: %s\n"), gpg_strerror (err));
   else
     {
       if (opt.verbose)
@@ -573,7 +631,7 @@ match_dsa_hash (unsigned int qbytes)
   usable for the pubkey algorithm.  If --personal-digest-prefs isn't
   set, then take the OpenPGP default (i.e. SHA-1).
 
-  Note that Ed25519+EdDSA takes an input of arbitrary length and thus
+  Note that EdDSA takes an input of arbitrary length and thus
   we don't enforce any particular algorithm like we do for standard
   ECDSA. However, we use SHA256 as the default algorithm.
 
@@ -592,13 +650,15 @@ hash_for (PKT_public_key *pk)
     {
       return recipient_digest_algo;
     }
-  else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA
-           && openpgp_oid_is_ed25519 (pk->pkey[0]))
+  else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
     {
       if (opt.personal_digest_prefs)
         return opt.personal_digest_prefs[0].value;
       else
-        return DIGEST_ALGO_SHA256;
+        if (gcry_mpi_get_nbits (pk->pkey[1]) > 256)
+          return DIGEST_ALGO_SHA512;
+        else
+          return DIGEST_ALGO_SHA256;
     }
   else if (pk->pubkey_algo == PUBKEY_ALGO_DSA
            || pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
@@ -691,136 +751,173 @@ print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what)
  * Loop over the secret certificates in SK_LIST and build the one pass
  * signature packets.  OpenPGP says that the data should be bracket by
  * the onepass-sig and signature-packet; so we build these onepass
- * packet here in reverse order
+ * packet here in reverse order.
  */
 static int
 write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
 {
-    int skcount;
-    SK_LIST sk_rover;
+  int skcount;
+  SK_LIST sk_rover;
 
-    for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
-        skcount++;
+  for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
+    skcount++;
 
-    for (; skcount; skcount--) {
-        PKT_public_key *pk;
-        PKT_onepass_sig *ops;
-        PACKET pkt;
-        int i, rc;
+  for (; skcount; skcount--)
+    {
+      PKT_public_key *pk;
+      PKT_onepass_sig *ops;
+      PACKET pkt;
+      int i, rc;
 
-        for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-            if (++i == skcount)
-                break;
-        }
+      for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+        if (++i == skcount)
+          break;
 
-        pk = sk_rover->pk;
-        ops = xmalloc_clear (sizeof *ops);
-        ops->sig_class = sigclass;
-        ops->digest_algo = hash_for (pk);
-        ops->pubkey_algo = pk->pubkey_algo;
-        keyid_from_pk (pk, ops->keyid);
-        ops->last = (skcount == 1);
-
-        init_packet(&pkt);
-        pkt.pkttype = PKT_ONEPASS_SIG;
-        pkt.pkt.onepass_sig = ops;
-        rc = build_packet (out, &pkt);
-        free_packet (&pkt, NULL);
-        if (rc) {
-            log_error ("build onepass_sig packet failed: %s\n",
-                       gpg_strerror (rc));
-            return rc;
+      pk = sk_rover->pk;
+      ops = xmalloc_clear (sizeof *ops);
+      ops->sig_class = sigclass;
+      ops->digest_algo = hash_for (pk);
+      ops->pubkey_algo = pk->pubkey_algo;
+      keyid_from_pk (pk, ops->keyid);
+      ops->last = (skcount == 1);
+
+      init_packet (&pkt);
+      pkt.pkttype = PKT_ONEPASS_SIG;
+      pkt.pkt.onepass_sig = ops;
+      rc = build_packet (out, &pkt);
+      free_packet (&pkt, NULL);
+      if (rc)
+        {
+          log_error ("build onepass_sig packet failed: %s\n",
+                     gpg_strerror (rc));
+          return rc;
         }
     }
 
-    return 0;
+  return 0;
 }
 
+
 /*
- * Helper to write the plaintext (literal data) packet
+ * Helper to write the plaintext (literal data) packet.  At
+ * R_EXTRAHASH a malloced object with the with the extra data hashed
+ * into v5 signatures is stored.
  */
 static int
-write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
+write_plaintext_packet (iobuf_t out, iobuf_t inp,
+                        const char *fname, int ptmode,
+                        pt_extra_hash_data_t *r_extrahash)
 {
-    PKT_plaintext *pt = NULL;
-    u32 filesize;
-    int rc = 0;
+  PKT_plaintext *pt = NULL;
+  u32 filesize;
+  int rc = 0;
 
-    if (!opt.no_literal)
-      pt=setup_plaintext_name(fname,inp);
+  if (!opt.no_literal)
+    pt = setup_plaintext_name (fname, inp);
 
-    /* try to calculate the length of the data */
-    if ( !iobuf_is_pipe_filename (fname) && *fname )
-      {
-        off_t tmpsize;
-        int overflow;
-
-        if( !(tmpsize = iobuf_get_filelength(inp, &overflow))
-            && !overflow && opt.verbose)
-	  log_info (_("WARNING: '%s' is an empty file\n"), fname);
-
-        /* We can't encode the length of very large files because
-           OpenPGP uses only 32 bit for file sizes.  So if the size of
-           a file is larger than 2^32 minus some bytes for packet
-           headers, we switch to partial length encoding. */
-        if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
-          filesize = tmpsize;
-        else
-          filesize = 0;
-
-        /* Because the text_filter modifies the length of the
-         * data, it is not possible to know the used length
-         * without a double read of the file - to avoid that
-         * we simple use partial length packets. */
-        if ( ptmode == 't' || ptmode == 'u' || ptmode == 'm')
-	  filesize = 0;
-      }
-    else
-      filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
-
-    if (!opt.no_literal) {
-        PACKET pkt;
-
-        /* Note that PT has been initialized above in no_literal mode.  */
-        pt->timestamp = make_timestamp ();
-        pt->mode = ptmode;
-        pt->len = filesize;
-        pt->new_ctb = !pt->len;
-        pt->buf = inp;
-        init_packet(&pkt);
-        pkt.pkttype = PKT_PLAINTEXT;
-        pkt.pkt.plaintext = pt;
-        /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
-        if( (rc = build_packet (out, &pkt)) )
-            log_error ("build_packet(PLAINTEXT) failed: %s\n",
-                       gpg_strerror (rc) );
-        pt->buf = NULL;
-        free_packet (&pkt, NULL);
+  /* Try to calculate the length of the data. */
+  if ( !iobuf_is_pipe_filename (fname) && *fname)
+    {
+      off_t tmpsize;
+      int overflow;
+
+      if (!(tmpsize = iobuf_get_filelength (inp, &overflow))
+          && !overflow && opt.verbose)
+        log_info (_("WARNING: '%s' is an empty file\n"), fname);
+
+      /* We can't encode the length of very large files because
+       * OpenPGP uses only 32 bit for file sizes.  So if the size of a
+       * file is larger than 2^32 minus some bytes for packet headers,
+       * we switch to partial length encoding. */
+      if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536))
+        filesize = tmpsize;
+      else
+        filesize = 0;
+
+      /* Because the text_filter modifies the length of the
+       * data, it is not possible to know the used length
+       * without a double read of the file - to avoid that
+       * we simple use partial length packets. */
+      if (ptmode == 't' || ptmode == 'u' || ptmode == 'm')
+        filesize = 0;
     }
-    else {
-        byte copy_buffer[4096];
-        int  bytes_copied;
-
-        while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
-            if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
-                log_error ("copying input to output failed: %s\n",
-                           gpg_strerror (rc));
-                break;
-            }
-        wipememory(copy_buffer,4096); /* burn buffer */
+  else
+    filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
+
+  if (!opt.no_literal)
+    {
+      PACKET pkt;
+
+      /* Note that PT has been initialized above in no_literal mode.  */
+      pt->timestamp = make_timestamp ();
+      pt->mode = ptmode;
+      pt->len = filesize;
+      pt->new_ctb = !pt->len;
+      pt->buf = inp;
+      init_packet (&pkt);
+      pkt.pkttype = PKT_PLAINTEXT;
+      pkt.pkt.plaintext = pt;
+      /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
+      if ((rc = build_packet (out, &pkt)))
+        log_error ("build_packet(PLAINTEXT) failed: %s\n",
+                   gpg_strerror (rc) );
+
+      *r_extrahash = xtrymalloc (sizeof **r_extrahash + pt->namelen);
+      if (!*r_extrahash)
+        rc = gpg_error_from_syserror ();
+      else
+        {
+          (*r_extrahash)->mode = pt->mode;
+          (*r_extrahash)->timestamp = pt->timestamp;
+          (*r_extrahash)->namelen = pt->namelen;
+          /* Note that the last byte of NAME won't be initialized
+           * because we don't need it.  */
+          memcpy ((*r_extrahash)->name, pt->name, pt->namelen);
+        }
+      pt->buf = NULL;
+      free_packet (&pkt, NULL);
     }
-    /* fixme: it seems that we never freed pt/pkt */
+  else
+    {
+      byte copy_buffer[4096];
+      int  bytes_copied;
 
-    return rc;
+      *r_extrahash = xtrymalloc (sizeof **r_extrahash);
+      if (!*r_extrahash)
+        {
+          rc = gpg_error_from_syserror ();
+          goto leave;
+        }
+      /* FIXME: We need to parse INP to get the to be hashed data from
+       * it.  */
+      (*r_extrahash)->mode = 0;
+      (*r_extrahash)->timestamp = 0;
+      (*r_extrahash)->namelen = 0;
+
+      while ((bytes_copied = iobuf_read (inp, copy_buffer, 4096)) != -1)
+        if ((rc = iobuf_write (out, copy_buffer, bytes_copied)))
+          {
+            log_error ("copying input to output failed: %s\n",
+                       gpg_strerror (rc));
+            break;
+          }
+      wipememory (copy_buffer, 4096); /* burn buffer */
+    }
+
+ leave:
+  return rc;
 }
 
+
 /*
- * Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
- * hash which will not be changes here.
+ * Write the signatures from the SK_LIST to OUT. HASH must be a
+ * non-finalized hash which will not be changes here.  EXTRAHASH is
+ * either NULL or the extra data tro be hashed into v5 signatures.
  */
 static int
 write_signature_packets (ctrl_t ctrl,
                          SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
+                         pt_extra_hash_data_t extrahash,
                          int sigclass, u32 timestamp, u32 duration,
 			 int status_letter, const char *cache_nonce)
 {
@@ -841,11 +938,10 @@ write_signature_packets (ctrl_t ctrl,
       if (!sig)
         return gpg_error_from_syserror ();
 
-      if (duration || opt.sig_policy_url
-          || opt.sig_notations || opt.sig_keyserver_url)
-        sig->version = 4;
+      if (pk->version >= 5)
+        sig->version = 5;  /* Required for v5 keys.  */
       else
-        sig->version = pk->version;
+        sig->version = 4;  /* Required.  */
 
       keyid_from_pk (pk, sig->keyid);
       sig->digest_algo = hash_for (pk);
@@ -861,18 +957,13 @@ write_signature_packets (ctrl_t ctrl,
       if (gcry_md_copy (&md, hash))
         BUG ();
 
-      if (sig->version >= 4)
-        {
-          build_sig_subpkt_from_sig (sig, pk);
-          mk_notation_policy_etc (sig, NULL, pk);
-          if (opt.flags.include_key_block && IS_SIG (sig))
-            err = mk_sig_subpkt_key_block (ctrl, sig, pk);
-          else
-            err = 0;
-        }
+      build_sig_subpkt_from_sig (sig, pk);
+      mk_notation_policy_etc (ctrl, sig, NULL, pk);
+      if (opt.flags.include_key_block && IS_SIG (sig))
+        err = mk_sig_subpkt_key_block (ctrl, sig, pk);
       else
-        err = 0;  /* Actually never reached.  */
-      hash_sigversion_to_magic (md, sig);
+        err = 0;
+      hash_sigversion_to_magic (md, sig, extrahash);
       gcry_md_final (md);
 
       if (!err)
@@ -905,78 +996,83 @@ write_signature_packets (ctrl_t ctrl,
 }
 
 
-/* Sign the files whose names are in FILENAME using all secret keys
+/*
+ * Sign the files whose names are in FILENAME usingall secret keys
  * which can be taken from LOCUSR, if this is NULL, use the default
  * secret key.
  * If DETACHED has the value true, make a detached signature.
+ * If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to encrypt the
+ * signed data for these users.  If ENCRYPTFLAG is 2 symmetric encryption
+ * is also used.
  * If FILENAMES->d is NULL read from stdin and ignore the detached mode.
- * If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to
- * encrypt the signed data for these users.  If ENCRYPTFLAG is 2
- * symmetric encryption is also used.
- * If OUTFILE is not NULL; this file is used for output and the
- * function does not ask for overwrite permission; output is then
- * always uncompressed, non-armored and in binary mode.
+ * If OUTFILE is not NULL; this file is used for output and the function
+ * does not ask for overwrite permission; output is then always
+ * uncompressed, non-armored and in binary mode.
  */
 int
 sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 	   int encryptflag, strlist_t remusr, const char *outfile )
 {
-    const char *fname;
-    armor_filter_context_t *afx;
-    compress_filter_context_t zfx;
-    md_filter_context_t mfx;
-    text_filter_context_t tfx;
-    progress_filter_context_t *pfx;
-    encrypt_filter_context_t efx;
-    IOBUF inp = NULL, out = NULL;
-    PACKET pkt;
-    int rc = 0;
-    PK_LIST pk_list = NULL;
-    SK_LIST sk_list = NULL;
-    SK_LIST sk_rover = NULL;
-    int multifile = 0;
-    u32 duration=0;
-
-    pfx = new_progress_context ();
-    afx = new_armor_context ();
-    memset( &zfx, 0, sizeof zfx);
-    memset( &mfx, 0, sizeof mfx);
-    memset( &efx, 0, sizeof efx);
-    efx.ctrl = ctrl;
-    init_packet( &pkt );
-
-    if( filenames ) {
-	fname = filenames->d;
-	multifile = !!filenames->next;
+  const char *fname;
+  armor_filter_context_t *afx;
+  compress_filter_context_t zfx;
+  md_filter_context_t mfx;
+  text_filter_context_t tfx;
+  progress_filter_context_t *pfx;
+  encrypt_filter_context_t efx;
+  iobuf_t inp = NULL;
+  iobuf_t out = NULL;
+  PACKET pkt;
+  int rc = 0;
+  PK_LIST pk_list = NULL;
+  SK_LIST sk_list = NULL;
+  SK_LIST sk_rover = NULL;
+  int multifile = 0;
+  u32 duration=0;
+  pt_extra_hash_data_t extrahash = NULL;
+
+  pfx = new_progress_context ();
+  afx = new_armor_context ();
+  memset (&zfx, 0, sizeof zfx);
+  memset (&mfx, 0, sizeof mfx);
+  memset (&efx, 0, sizeof efx);
+  efx.ctrl = ctrl;
+  init_packet (&pkt);
+
+  if (filenames)
+    {
+      fname = filenames->d;
+      multifile = !!filenames->next;
     }
-    else
-	fname = NULL;
+  else
+    fname = NULL;
 
-    if( fname && filenames->next && (!detached || encryptflag) )
-	log_bug("multiple files can only be detached signed");
+  if (fname && filenames->next && (!detached || encryptflag))
+    log_bug ("multiple files can only be detached signed");
 
-    if(encryptflag==2
-       && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-      goto leave;
+  if (encryptflag == 2
+      && (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek)))
+    goto leave;
 
-    if (opt.ask_sig_expire && !opt.batch)
-      duration = ask_expire_interval(1,opt.def_sig_expire);
-    else
-      duration = parse_expire_string(opt.def_sig_expire);
+  if (opt.ask_sig_expire && !opt.batch)
+    duration = ask_expire_interval(1,opt.def_sig_expire);
+  else
+    duration = parse_expire_string(opt.def_sig_expire);
 
-    /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
-    if( (rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )) )
-	goto leave;
+  /* Note: In the old non-agent version the following call used to
+   * unprotect the secret key.  This is now done on demand by the agent.  */
+  if ((rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )))
+    goto leave;
 
-    if (encryptflag
-        && (rc=build_pk_list (ctrl, remusr, &pk_list)))
-      goto leave;
+  if (encryptflag
+      && (rc = build_pk_list (ctrl, remusr, &pk_list)))
+    goto leave;
 
-    /* prepare iobufs */
-    if( multifile )  /* have list of filenames */
-	inp = NULL; /* we do it later */
-    else {
+  /* Prepare iobufs. */
+  if (multifile)    /* have list of filenames */
+    inp = NULL;     /* we do it later */
+  else
+    {
       inp = iobuf_open(fname);
       if (inp && is_secured_file (iobuf_get_fd (inp)))
         {
@@ -984,418 +1080,464 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
           inp = NULL;
           gpg_err_set_errno (EPERM);
         }
-      if( !inp )
+      if (!inp)
         {
           rc = gpg_error_from_syserror ();
           log_error (_("can't open '%s': %s\n"), fname? fname: "[stdin]",
-                     strerror(errno) );
+                     strerror (errno));
           goto leave;
 	}
 
-        handle_progress (pfx, inp, fname);
+      handle_progress (pfx, inp, fname);
     }
 
-    if( outfile ) {
-        if (is_secured_filename ( outfile )) {
-            out = NULL;
-            gpg_err_set_errno (EPERM);
+  if (outfile)
+    {
+      if (is_secured_filename (outfile))
+        {
+          out = NULL;
+          gpg_err_set_errno (EPERM);
         }
-        else
-          out = iobuf_create (outfile, 0);
-	if( !out )
-	  {
-            rc = gpg_error_from_syserror ();
-	    log_error(_("can't create '%s': %s\n"), outfile, strerror(errno) );
-	    goto leave;
-	  }
-	else if( opt.verbose )
-	    log_info(_("writing to '%s'\n"), outfile );
+      else
+        out = iobuf_create (outfile, 0);
+      if (!out)
+        {
+          rc = gpg_error_from_syserror ();
+          log_error (_("can't create '%s': %s\n"), outfile, gpg_strerror (rc));
+          goto leave;
+        }
+      else if (opt.verbose)
+        log_info (_("writing to '%s'\n"), outfile);
+    }
+  else if ((rc = open_outfile (-1, fname,
+                               opt.armor? 1 : detached? 2 : 0, 0, &out)))
+    {
+      goto leave;
     }
-    else if( (rc = open_outfile (-1, fname,
-                                 opt.armor? 1: detached? 2:0, 0, &out)))
-	goto leave;
-
-    /* prepare to calculate the MD over the input */
-    if( opt.textmode && !outfile && !multifile )
-      {
-	memset( &tfx, 0, sizeof tfx);
-	iobuf_push_filter( inp, text_filter, &tfx );
-      }
 
-    if ( gcry_md_open (&mfx.md, 0, 0) )
-      BUG ();
-    if (DBG_HASHING)
-      gcry_md_debug (mfx.md, "sign");
-
-    /* If we're encrypting and signing, it is reasonable to pick the
-       hash algorithm to use out of the recipient key prefs.  This is
-       best effort only, as in a DSA2 and smartcard world there are
-       cases where we cannot please everyone with a single hash (DSA2
-       wants >160 and smartcards want =160).  In the future this could
-       be more complex with different hashes for each sk, but the
-       current design requires a single hash for all SKs. */
-    if(pk_list)
-      {
-	if(opt.def_digest_algo)
-	  {
-	    if(!opt.expert &&
-	       select_algo_from_prefs(pk_list,PREFTYPE_HASH,
-				      opt.def_digest_algo,
-				      NULL)!=opt.def_digest_algo)
-              log_info(_("WARNING: forcing digest algorithm %s (%d)"
-                         " violates recipient preferences\n"),
-                       gcry_md_algo_name (opt.def_digest_algo),
-                       opt.def_digest_algo );
-	  }
-	else
-	  {
-	    int algo;
-            int conflict = 0;
-	    struct pref_hint hint = { 0 };
-
-	    /* Of course, if the recipient asks for something
-	       unreasonable (like the wrong hash for a DSA key) then
-	       don't do it.  Check all sk's - if any are DSA or live
-	       on a smartcard, then the hash has restrictions and we
-	       may not be able to give the recipient what they want.
-	       For DSA, pass a hint for the largest q we have.  Note
-	       that this means that a q>160 key will override a q=160
-	       key and force the use of truncation for the q=160 key.
-	       The alternative would be to ignore the recipient prefs
-	       completely and get a different hash for each DSA key in
-	       hash_for().  The override behavior here is more or less
-	       reasonable as it is under the control of the user which
-	       keys they sign with for a given message and the fact
-	       that the message with multiple signatures won't be
-	       usable on an implementation that doesn't understand
-	       DSA2 anyway. */
-
-	    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
-	      {
-		if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA
-                    || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
-		  {
-		    int temp_hashlen = (gcry_mpi_get_nbits
-                                        (sk_rover->pk->pkey[1]));
-
-		    if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
-                      {
-                        temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen);
-                        if (!temp_hashlen)
-                          conflict = 1;  /* Better don't use the prefs. */
-                        temp_hashlen = (temp_hashlen+7)/8;
-                        /* Fixup for that funny nistp521 (yes, 521)
-                         * were we need to use a 512 bit hash algo.  */
-                        if (temp_hashlen == 66)
-                          temp_hashlen = 64;
-                      }
-                    else
-                      temp_hashlen = (temp_hashlen+7)/8;
+  /* Prepare to calculate the MD over the input.  */
+  if (opt.textmode && !outfile && !multifile)
+    {
+      memset (&tfx, 0, sizeof tfx);
+      iobuf_push_filter (inp, text_filter, &tfx);
+    }
 
-		    /* Pick a hash that is large enough for our
-		       largest q or matches our Q but if tehreare
-		       several of them we run into a conflict and
-		       don't use the preferences.  */
-
-		    if (hint.digest_length < temp_hashlen)
-                      {
-                        if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
-                          {
-                            if (hint.exact)
-                              conflict = 1;
-                            hint.exact = 1;
-                          }
-                        hint.digest_length = temp_hashlen;
-                      }
-		  }
-	      }
-
-	    if (!conflict
-                && (algo = select_algo_from_prefs (pk_list,PREFTYPE_HASH,
-                                                   -1,&hint)) > 0)
+  if (gcry_md_open (&mfx.md, 0, 0))
+    BUG ();
+  if (DBG_HASHING)
+    gcry_md_debug (mfx.md, "sign");
+
+  /* If we're encrypting and signing, it is reasonable to pick the
+   * hash algorithm to use out of the recipient key prefs.  This is
+   * best effort only, as in a DSA2 and smartcard world there are
+   * cases where we cannot please everyone with a single hash (DSA2
+   * wants >160 and smartcards want =160).  In the future this could
+   * be more complex with different hashes for each sk, but the
+   * current design requires a single hash for all SKs. */
+  if (pk_list)
+    {
+      if (opt.def_digest_algo)
+        {
+          if (!opt.expert
+              && select_algo_from_prefs (pk_list,PREFTYPE_HASH,
+                                         opt.def_digest_algo,
+                                         NULL) != opt.def_digest_algo)
+            {
+              log_info (_("WARNING: forcing digest algorithm %s (%d)"
+                          " violates recipient preferences\n"),
+                        gcry_md_algo_name (opt.def_digest_algo),
+                        opt.def_digest_algo);
+            }
+        }
+      else
+        {
+          int algo;
+          int conflict = 0;
+          struct pref_hint hint = { 0 };
+
+          hint.digest_length = 0;
+
+          /* Of course, if the recipient asks for something
+           * unreasonable (like the wrong hash for a DSA key) then
+           * don't do it.  Check all sk's - if any are DSA or live
+           * on a smartcard, then the hash has restrictions and we
+           * may not be able to give the recipient what they want.
+           * For DSA, pass a hint for the largest q we have.  Note
+           * that this means that a q>160 key will override a q=160
+           * key and force the use of truncation for the q=160 key.
+           * The alternative would be to ignore the recipient prefs
+           * completely and get a different hash for each DSA key in
+           * hash_for().  The override behavior here is more or less
+           * reasonable as it is under the control of the user which
+           * keys they sign with for a given message and the fact
+           * that the message with multiple signatures won't be
+           * usable on an implementation that doesn't understand
+           * DSA2 anyway. */
+          for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
+            {
+              if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA
+                  || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
                 {
-                  /* Note that we later check that the algo is not weak.  */
-                  recipient_digest_algo = algo;
+                  int temp_hashlen = gcry_mpi_get_nbits (sk_rover->pk->pkey[1]);
+
+                  if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+                    {
+                      temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen);
+                      if (!temp_hashlen)
+                        conflict = 1;  /* Better don't use the prefs. */
+                      temp_hashlen = (temp_hashlen+7)/8;
+                      /* Fixup for that funny nistp521 (yes, 521) were
+                       * we need to use a 512 bit hash algo.  */
+                      if (temp_hashlen == 66)
+                        temp_hashlen = 64;
+                    }
+                  else
+                    temp_hashlen = (temp_hashlen+7)/8;
+
+                  /* Pick a hash that is large enough for our largest
+		   * Q or matches our Q.  If there are several of them
+		   * we run into a conflict and don't use the
+		   * preferences.  */
+                  if (hint.digest_length < temp_hashlen)
+                    {
+                      if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+                        {
+                          if (hint.exact)
+                            conflict = 1;
+                          hint.exact = 1;
+                        }
+                      hint.digest_length = temp_hashlen;
+                    }
                 }
-	  }
-      }
+            }
 
-    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
-      gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
+          if (!conflict
+              && (algo = select_algo_from_prefs (pk_list, PREFTYPE_HASH,
+                                                  -1, &hint)) > 0)
+            {
+              /* Note that we later check that the algo is not weak.  */
+              recipient_digest_algo = algo;
+            }
+        }
+    }
 
-    if( !multifile )
-	iobuf_push_filter( inp, md_filter, &mfx );
+  for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+    gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
 
-    if( detached && !encryptflag)
-	afx->what = 2;
+  if (!multifile)
+    iobuf_push_filter (inp, md_filter, &mfx);
 
-    if( opt.armor && !outfile  )
-	push_armor_filter (afx, out);
+  if (detached && !encryptflag)
+    afx->what = 2;
+
+  if (opt.armor && !outfile)
+    push_armor_filter (afx, out);
 
-    if( encryptflag ) {
-	efx.pk_list = pk_list;
-	/* fixme: set efx.cfx.datalen if known */
-	iobuf_push_filter( out, encrypt_filter, &efx );
+  if (encryptflag)
+    {
+      efx.pk_list = pk_list;
+      /* fixme: set efx.cfx.datalen if known */
+      iobuf_push_filter (out, encrypt_filter, &efx);
     }
 
-    if (opt.compress_algo && !outfile && !detached)
-      {
-        int compr_algo=opt.compress_algo;
-
-	/* If not forced by user */
-	if(compr_algo==-1)
-	  {
-	    /* If we're not encrypting, then select_algo_from_prefs
-	       will fail and we'll end up with the default.  If we are
-	       encrypting, select_algo_from_prefs cannot fail since
-	       there is an assumed preference for uncompressed data.
-	       Still, if it did fail, we'll also end up with the
-	       default. */
-
-	    if((compr_algo=
-		select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
-	      compr_algo=default_compress_algo();
-	  }
- 	else if(!opt.expert && pk_list
- 		&& select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
-					  compr_algo,NULL)!=compr_algo)
- 	  log_info(_("WARNING: forcing compression algorithm %s (%d)"
- 		     " violates recipient preferences\n"),
- 		   compress_algo_to_string(compr_algo),compr_algo);
-
-	/* algo 0 means no compression */
-	if( compr_algo )
-	  push_compress_filter(out,&zfx,compr_algo);
-      }
+  if (opt.compress_algo && !outfile && !detached)
+    {
+      int compr_algo = opt.compress_algo;
 
-    /* Write the one-pass signature packets if needed */
-    if (!detached) {
-        rc = write_onepass_sig_packets (sk_list, out,
-                                        opt.textmode && !outfile ? 0x01:0x00);
-        if (rc)
-            goto leave;
+      /* If not forced by user */
+      if (compr_algo==-1)
+        {
+          /* If we're not encrypting, then select_algo_from_prefs
+           * will fail and we'll end up with the default.  If we are
+           * encrypting, select_algo_from_prefs cannot fail since
+           * there is an assumed preference for uncompressed data.
+           * Still, if it did fail, we'll also end up with the
+           * default. */
+          if ((compr_algo = select_algo_from_prefs (pk_list, PREFTYPE_ZIP,
+                                                    -1, NULL)) == -1)
+            {
+              compr_algo = default_compress_algo();
+            }
+        }
+      else if (!opt.expert && pk_list
+               && select_algo_from_prefs (pk_list, PREFTYPE_ZIP,
+					  compr_algo, NULL) != compr_algo)
+        {
+          log_info (_("WARNING: forcing compression algorithm %s (%d)"
+                      " violates recipient preferences\n"),
+                    compress_algo_to_string (compr_algo), compr_algo);
+        }
+
+      /* Algo 0 means no compression. */
+      if (compr_algo)
+        push_compress_filter (out, &zfx, compr_algo);
+    }
+
+  /* Write the one-pass signature packets if needed */
+  if (!detached)
+    {
+      rc = write_onepass_sig_packets (sk_list, out,
+                                      opt.textmode && !outfile ? 0x01:0x00);
+      if (rc)
+        goto leave;
     }
 
-    write_status_begin_signing (mfx.md);
-
-    /* Setup the inner packet. */
-    if( detached ) {
-	if( multifile ) {
-	    strlist_t sl;
-
-	    if( opt.verbose )
-		log_info(_("signing:") );
-	    /* must walk reverse trough this list */
-	    for( sl = strlist_last(filenames); sl;
-			sl = strlist_prev( filenames, sl ) ) {
-                inp = iobuf_open(sl->d);
-                if (inp && is_secured_file (iobuf_get_fd (inp)))
-                  {
-                    iobuf_close (inp);
-                    inp = NULL;
-                    gpg_err_set_errno (EPERM);
-                  }
-		if( !inp )
-		  {
-                    rc = gpg_error_from_syserror ();
-		    log_error(_("can't open '%s': %s\n"),
-			      sl->d,strerror(errno));
-		    goto leave;
-		  }
-                handle_progress (pfx, inp, sl->d);
-		if( opt.verbose )
-                  log_printf (" '%s'", sl->d );
-		if(opt.textmode)
-		  {
-		    memset( &tfx, 0, sizeof tfx);
-		    iobuf_push_filter( inp, text_filter, &tfx );
-		  }
-		iobuf_push_filter( inp, md_filter, &mfx );
-		while( iobuf_get(inp) != -1 )
-		    ;
-		iobuf_close(inp); inp = NULL;
+  write_status_begin_signing (mfx.md);
+
+  /* Setup the inner packet. */
+  if (detached)
+    {
+      if (multifile)
+        {
+          strlist_t sl;
+
+          if (opt.verbose)
+            log_info (_("signing:") );
+          /* Must walk reverse trough this list.  */
+          for (sl = strlist_last(filenames);
+               sl;
+               sl = strlist_prev( filenames, sl))
+            {
+              inp = iobuf_open (sl->d);
+              if (inp && is_secured_file (iobuf_get_fd (inp)))
+                {
+                  iobuf_close (inp);
+                  inp = NULL;
+                  gpg_err_set_errno (EPERM);
+                }
+              if (!inp)
+                {
+                  rc = gpg_error_from_syserror ();
+                  log_error (_("can't open '%s': %s\n"),
+                             sl->d, gpg_strerror (rc));
+                  goto leave;
+                }
+              handle_progress (pfx, inp, sl->d);
+              if (opt.verbose)
+                log_printf (" '%s'", sl->d );
+              if (opt.textmode)
+                {
+                  memset (&tfx, 0, sizeof tfx);
+                  iobuf_push_filter (inp, text_filter, &tfx);
+                }
+              iobuf_push_filter (inp, md_filter, &mfx);
+              while (iobuf_get (inp) != -1)
+                ;
+              iobuf_close (inp);
+              inp = NULL;
 	    }
-	    if( opt.verbose )
-              log_printf ("\n");
+          if (opt.verbose)
+            log_printf ("\n");
 	}
-	else {
-	    /* read, so that the filter can calculate the digest */
-	    while( iobuf_get(inp) != -1 )
-		;
+      else
+        {
+          /* Read, so that the filter can calculate the digest. */
+          while (iobuf_get(inp) != -1)
+            ;
 	}
     }
-    else {
-        rc = write_plaintext_packet (out, inp, fname,
-                                     opt.textmode && !outfile ?
-                                     (opt.mimemode? 'm':'t'):'b');
+  else
+    {
+      rc = write_plaintext_packet (out, inp, fname,
+                                   (opt.textmode && !outfile) ?
+                                   (opt.mimemode? 'm' : 't') : 'b',
+                                   &extrahash);
     }
 
-    /* catch errors from above */
-    if (rc)
-	goto leave;
+  /* Catch errors from above. */
+  if (rc)
+    goto leave;
 
-    /* write the signatures */
-    rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
-                                  opt.textmode && !outfile? 0x01 : 0x00,
-				  0, duration, detached ? 'D':'S', NULL);
-    if( rc )
-        goto leave;
+  /* Write the signatures. */
+  rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,
+                                opt.textmode && !outfile? 0x01 : 0x00,
+                                0, duration, detached ? 'D':'S', NULL);
+  if (rc)
+    goto leave;
 
 
-  leave:
-    if( rc )
-	iobuf_cancel(out);
-    else {
-	iobuf_close(out);
-        if (encryptflag)
-            write_status( STATUS_END_ENCRYPTION );
+ leave:
+  if (rc)
+    iobuf_cancel (out);
+  else
+    {
+      iobuf_close (out);
+      if (encryptflag)
+        write_status (STATUS_END_ENCRYPTION);
     }
-    iobuf_close(inp);
-    gcry_md_close ( mfx.md );
-    release_sk_list( sk_list );
-    release_pk_list( pk_list );
-    recipient_digest_algo=0;
-    release_progress_context (pfx);
-    release_armor_context (afx);
-    return rc;
+  iobuf_close (inp);
+  gcry_md_close (mfx.md);
+  release_sk_list (sk_list);
+  release_pk_list (pk_list);
+  recipient_digest_algo = 0;
+  release_progress_context (pfx);
+  release_armor_context (afx);
+  xfree (extrahash);
+  return rc;
 }
 
 
-
-/****************
- * make a clear signature. note that opt.armor is not needed
+/*
+ * Make a clear signature.  Note that opt.armor is not needed.
  */
 int
 clearsign_file (ctrl_t ctrl,
-                const char *fname, strlist_t locusr, const char *outfile )
+                const char *fname, strlist_t locusr, const char *outfile)
 {
-    armor_filter_context_t *afx;
-    progress_filter_context_t *pfx;
-    gcry_md_hd_t textmd = NULL;
-    IOBUF inp = NULL, out = NULL;
-    PACKET pkt;
-    int rc = 0;
-    SK_LIST sk_list = NULL;
-    SK_LIST sk_rover = NULL;
-    u32 duration=0;
-
-    pfx = new_progress_context ();
-    afx = new_armor_context ();
-    init_packet( &pkt );
-
-    if (opt.ask_sig_expire && !opt.batch)
-      duration = ask_expire_interval (1,opt.def_sig_expire);
-    else
-      duration = parse_expire_string (opt.def_sig_expire);
-
-    /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
-    if( (rc=build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )) )
-	goto leave;
-
-    /* prepare iobufs */
-    inp = iobuf_open(fname);
-    if (inp && is_secured_file (iobuf_get_fd (inp)))
-      {
-        iobuf_close (inp);
-        inp = NULL;
-        gpg_err_set_errno (EPERM);
-      }
-    if( !inp ) {
-        rc = gpg_error_from_syserror ();
-	log_error (_("can't open '%s': %s\n"),
-                   fname? fname: "[stdin]", strerror(errno) );
-	goto leave;
+  armor_filter_context_t *afx;
+  progress_filter_context_t *pfx;
+  gcry_md_hd_t textmd = NULL;
+  iobuf_t inp = NULL;
+  iobuf_t out = NULL;
+  PACKET pkt;
+  int rc = 0;
+  SK_LIST sk_list = NULL;
+  SK_LIST sk_rover = NULL;
+  u32 duration = 0;
+  pt_extra_hash_data_t extrahash = NULL;
+
+  pfx = new_progress_context ();
+  afx = new_armor_context ();
+  init_packet( &pkt );
+
+  if (opt.ask_sig_expire && !opt.batch)
+    duration = ask_expire_interval (1, opt.def_sig_expire);
+  else
+    duration = parse_expire_string (opt.def_sig_expire);
+
+  /* Note: In the old non-agent version the following call used to
+   * unprotect the secret key.  This is now done on demand by the agent.  */
+  if ((rc=build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG)))
+    goto leave;
+
+  /* Prepare iobufs.  */
+  inp = iobuf_open (fname);
+  if (inp && is_secured_file (iobuf_get_fd (inp)))
+    {
+      iobuf_close (inp);
+      inp = NULL;
+      gpg_err_set_errno (EPERM);
     }
-    handle_progress (pfx, inp, fname);
+  if (!inp)
+    {
+      rc = gpg_error_from_syserror ();
+      log_error (_("can't open '%s': %s\n"),
+                 fname? fname: "[stdin]", gpg_strerror (rc));
+      goto leave;
+    }
+  handle_progress (pfx, inp, fname);
 
-    if( outfile ) {
-        if (is_secured_filename (outfile) ) {
-            outfile = NULL;
-            gpg_err_set_errno (EPERM);
+  if (outfile)
+    {
+      if (is_secured_filename (outfile))
+        {
+          outfile = NULL;
+          gpg_err_set_errno (EPERM);
         }
-        else
-          out = iobuf_create (outfile, 0);
-	if( !out )
-	  {
-            rc = gpg_error_from_syserror ();
-	    log_error(_("can't create '%s': %s\n"), outfile, strerror(errno) );
-	    goto leave;
-	  }
-	else if( opt.verbose )
-	    log_info(_("writing to '%s'\n"), outfile );
-    }
-    else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
-	goto leave;
+      else
+        out = iobuf_create (outfile, 0);
 
-    iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
+      if (!out)
+        {
+          rc = gpg_error_from_syserror ();
+          log_error (_("can't create '%s': %s\n"), outfile, gpg_strerror (rc));
+          goto leave;
+        }
+      else if (opt.verbose)
+        log_info (_("writing to '%s'\n"), outfile);
 
+    }
+  else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
     {
-	const char *s;
-	int any = 0;
-	byte hashs_seen[256];
-
-	memset( hashs_seen, 0, sizeof hashs_seen );
-	iobuf_writestr(out, "Hash: " );
-	for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	    int i = hash_for (sk_rover->pk);
-
-	    if( !hashs_seen[ i & 0xff ] ) {
-		s = gcry_md_algo_name ( i );
-		if( s ) {
-		    hashs_seen[ i & 0xff ] = 1;
-		    if( any )
-			iobuf_put(out, ',' );
-		    iobuf_writestr(out, s );
-		    any = 1;
-		}
-	    }
-	}
-	log_assert(any);
-	iobuf_writestr(out, LF );
+      goto leave;
     }
 
-    if( opt.not_dash_escaped )
-      iobuf_writestr( out,
-                      "NotDashEscaped: You need "GPG_NAME
-                      " to verify this message" LF );
-    iobuf_writestr(out, LF );
+  iobuf_writestr (out, "-----BEGIN PGP SIGNED MESSAGE-----" LF);
 
-    if ( gcry_md_open (&textmd, 0, 0) )
-      BUG ();
+  {
+    const char *s;
+    int any = 0;
+    byte hashs_seen[256];
+
+    memset (hashs_seen, 0, sizeof hashs_seen);
+    iobuf_writestr (out, "Hash: " );
     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
-      gcry_md_enable (textmd, hash_for(sk_rover->pk));
+      {
+        int i = hash_for (sk_rover->pk);
 
-    if ( DBG_HASHING )
-      gcry_md_debug ( textmd, "clearsign" );
+        if (!hashs_seen[ i & 0xff ])
+          {
+            s = gcry_md_algo_name (i);
+            if (s)
+              {
+                hashs_seen[ i & 0xff ] = 1;
+                if (any)
+                  iobuf_put (out, ',');
+                iobuf_writestr (out, s);
+                any = 1;
+              }
+          }
+      }
+    log_assert (any);
+    iobuf_writestr (out, LF);
+  }
+
+  if (opt.not_dash_escaped)
+    iobuf_writestr (out,
+                    "NotDashEscaped: You need "GPG_NAME
+                    " to verify this message" LF);
+  iobuf_writestr (out, LF );
+
+  if (gcry_md_open (&textmd, 0, 0))
+    BUG ();
+  for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+    gcry_md_enable (textmd, hash_for(sk_rover->pk));
 
-    copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped,
-                        opt.escape_from);
-    /* fixme: check for read errors */
+  if (DBG_HASHING)
+    gcry_md_debug (textmd, "clearsign");
 
-    /* now write the armor */
-    afx->what = 2;
-    push_armor_filter (afx, out);
+  copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped, opt.escape_from);
+  /* fixme: check for read errors */
 
-    /* Write the signatures.  */
-    rc = write_signature_packets (ctrl, sk_list, out, textmd, 0x01, 0,
-                                  duration, 'C', NULL);
-    if( rc )
-        goto leave;
+  /* Now write the armor. */
+  afx->what = 2;
+  push_armor_filter (afx, out);
 
-  leave:
-    if( rc )
-	iobuf_cancel(out);
-    else
-	iobuf_close(out);
-    iobuf_close(inp);
-    gcry_md_close ( textmd );
-    release_sk_list( sk_list );
-    release_progress_context (pfx);
-    release_armor_context (afx);
-    return rc;
+  /* Prepare EXTRAHASH, so that it can be used for v5 signature.  */
+  extrahash = xtrymalloc (sizeof extrahash);
+  if (!extrahash)
+    {
+      rc = gpg_error_from_syserror ();
+      goto leave;
+    }
+  else
+    {
+      extrahash->mode = 't';
+      extrahash->timestamp = 0;
+      extrahash->namelen = 0;
+    }
+
+  /* Write the signatures.  */
+  rc = write_signature_packets (ctrl, sk_list, out, textmd, extrahash,
+                                0x01, 0, duration, 'C', NULL);
+  if (rc)
+    goto leave;
+
+ leave:
+  if (rc)
+    iobuf_cancel (out);
+  else
+    iobuf_close (out);
+  iobuf_close (inp);
+  gcry_md_close (textmd);
+  release_sk_list (sk_list);
+  release_progress_context (pfx);
+  release_armor_context (afx);
+  xfree (extrahash);
+  return rc;
 }
 
+
 /*
  * Sign and conventionally encrypt the given file.
  * FIXME: Far too much code is duplicated - revamp the whole file.
@@ -1403,167 +1545,182 @@ clearsign_file (ctrl_t ctrl,
 int
 sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
 {
-    armor_filter_context_t *afx;
-    progress_filter_context_t *pfx;
-    compress_filter_context_t zfx;
-    md_filter_context_t mfx;
-    text_filter_context_t tfx;
-    cipher_filter_context_t cfx;
-    IOBUF inp = NULL, out = NULL;
-    PACKET pkt;
-    STRING2KEY *s2k = NULL;
-    int rc = 0;
-    SK_LIST sk_list = NULL;
-    SK_LIST sk_rover = NULL;
-    int algo;
-    u32 duration=0;
-    int canceled;
-
-    pfx = new_progress_context ();
-    afx = new_armor_context ();
-    memset( &zfx, 0, sizeof zfx);
-    memset( &mfx, 0, sizeof mfx);
-    memset( &tfx, 0, sizeof tfx);
-    memset( &cfx, 0, sizeof cfx);
-    init_packet( &pkt );
-
-    if (opt.ask_sig_expire && !opt.batch)
-      duration = ask_expire_interval (1, opt.def_sig_expire);
-    else
-      duration = parse_expire_string (opt.def_sig_expire);
-
-    /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
-    rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG);
-    if (rc)
-	goto leave;
-
-    /* prepare iobufs */
-    inp = iobuf_open(fname);
-    if (inp && is_secured_file (iobuf_get_fd (inp)))
-      {
-        iobuf_close (inp);
-        inp = NULL;
-        gpg_err_set_errno (EPERM);
-      }
-    if( !inp ) {
-        rc = gpg_error_from_syserror ();
-	log_error (_("can't open '%s': %s\n"),
-                   fname? fname: "[stdin]", strerror(errno) );
-	goto leave;
+  armor_filter_context_t *afx;
+  progress_filter_context_t *pfx;
+  compress_filter_context_t zfx;
+  md_filter_context_t mfx;
+  text_filter_context_t tfx;
+  cipher_filter_context_t cfx;
+  iobuf_t inp = NULL;
+  iobuf_t out = NULL;
+  PACKET pkt;
+  STRING2KEY *s2k = NULL;
+  int rc = 0;
+  SK_LIST sk_list = NULL;
+  SK_LIST sk_rover = NULL;
+  int algo;
+  u32 duration = 0;
+  int canceled;
+  pt_extra_hash_data_t extrahash = NULL;
+
+  pfx = new_progress_context ();
+  afx = new_armor_context ();
+  memset (&zfx, 0, sizeof zfx);
+  memset (&mfx, 0, sizeof mfx);
+  memset (&tfx, 0, sizeof tfx);
+  memset (&cfx, 0, sizeof cfx);
+  init_packet (&pkt);
+
+  if (opt.ask_sig_expire && !opt.batch)
+    duration = ask_expire_interval (1, opt.def_sig_expire);
+  else
+    duration = parse_expire_string (opt.def_sig_expire);
+
+  /* Note: In the old non-agent version the following call used to
+   * unprotect the secret key.  This is now done on demand by the agent.  */
+  rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG);
+  if (rc)
+    goto leave;
+
+  /* Prepare iobufs.  */
+  inp = iobuf_open (fname);
+  if (inp && is_secured_file (iobuf_get_fd (inp)))
+    {
+      iobuf_close (inp);
+      inp = NULL;
+      gpg_err_set_errno (EPERM);
     }
-    handle_progress (pfx, inp, fname);
-
-    /* prepare key */
-    s2k = xmalloc_clear( sizeof *s2k );
-    s2k->mode = opt.s2k_mode;
-    s2k->hash_algo = S2K_DIGEST_ALGO;
-
-    algo = default_cipher_algo();
-    if (!opt.quiet || !opt.batch)
-        log_info (_("%s encryption will be used\n"),
-                  openpgp_cipher_algo_name (algo) );
-    cfx.dek = passphrase_to_dek (algo, s2k, 1, 1, NULL, 0, &canceled);
-
-    if (!cfx.dek || !cfx.dek->keylen) {
-        rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
-        log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc) );
-        goto leave;
+  if (!inp)
+    {
+      rc = gpg_error_from_syserror ();
+      log_error (_("can't open '%s': %s\n"),
+                 fname? fname: "[stdin]", gpg_strerror (rc));
+      goto leave;
+    }
+  handle_progress (pfx, inp, fname);
+
+  /* Prepare key.  */
+  s2k = xmalloc_clear (sizeof *s2k);
+  s2k->mode = opt.s2k_mode;
+  s2k->hash_algo = S2K_DIGEST_ALGO;
+
+  algo = default_cipher_algo ();
+  cfx.dek = passphrase_to_dek (algo, s2k, 1, 1, NULL, &canceled);
+
+  if (!cfx.dek || !cfx.dek->keylen)
+    {
+      rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
+      log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
+      goto leave;
     }
 
-    cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo);
+  cfx.dek->use_aead = use_aead (NULL, cfx.dek->algo);
+  if (!cfx.dek->use_aead)
+    cfx.dek->use_mdc = !!use_mdc (NULL, cfx.dek->algo);
 
-    /* now create the outfile */
-    rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
-    if (rc)
-	goto leave;
+  if (!opt.quiet || !opt.batch)
+    log_info (_("%s.%s encryption will be used\n"),
+              openpgp_cipher_algo_name (algo),
+              cfx.dek->use_aead? openpgp_aead_algo_name (cfx.dek->use_aead)
+              /**/             : "CFB");
 
-    /* prepare to calculate the MD over the input */
-    if (opt.textmode)
-	iobuf_push_filter (inp, text_filter, &tfx);
-    if ( gcry_md_open (&mfx.md, 0, 0) )
-      BUG ();
-    if ( DBG_HASHING )
-      gcry_md_debug (mfx.md, "symc-sign");
+  /* Now create the outfile.  */
+  rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
+  if (rc)
+    goto leave;
 
-    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
-      gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
+  /* Prepare to calculate the MD over the input.  */
+  if (opt.textmode)
+    iobuf_push_filter (inp, text_filter, &tfx);
+  if (gcry_md_open (&mfx.md, 0, 0))
+    BUG ();
+  if  (DBG_HASHING)
+    gcry_md_debug (mfx.md, "symc-sign");
 
-    iobuf_push_filter (inp, md_filter, &mfx);
+  for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+    gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
 
-    /* Push armor output filter */
-    if (opt.armor)
-	push_armor_filter (afx, out);
+  iobuf_push_filter (inp, md_filter, &mfx);
+
+  /* Push armor output filter */
+  if (opt.armor)
+    push_armor_filter (afx, out);
 
-    /* Write the symmetric key packet */
-    /*(current filters: armor)*/
+  /* Write the symmetric key packet */
+  /* (current filters: armor)*/
+  {
+    PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
+
+    enc->version = 4;
+    enc->cipher_algo = cfx.dek->algo;
+    enc->s2k = *s2k;
+    pkt.pkttype = PKT_SYMKEY_ENC;
+    pkt.pkt.symkey_enc = enc;
+    if ((rc = build_packet (out, &pkt)))
+      log_error ("build symkey packet failed: %s\n", gpg_strerror (rc));
+    xfree (enc);
+  }
+
+  /* Push the encryption filter */
+  iobuf_push_filter (out,
+                     cfx.dek->use_aead? cipher_filter_aead
+                     /**/             : cipher_filter_cfb,
+                     &cfx);
+
+  /* Push the compress filter */
+  if (default_compress_algo())
     {
-	PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
-	enc->version = 4;
-	enc->cipher_algo = cfx.dek->algo;
-	enc->s2k = *s2k;
-	pkt.pkttype = PKT_SYMKEY_ENC;
-	pkt.pkt.symkey_enc = enc;
-	if( (rc = build_packet( out, &pkt )) )
-	    log_error("build symkey packet failed: %s\n", gpg_strerror (rc) );
-	xfree(enc);
+      if (cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead))
+        zfx.new_ctb = 1;
+      push_compress_filter (out, &zfx,default_compress_algo() );
     }
 
-    /* Push the encryption filter */
-    iobuf_push_filter (out, cipher_filter_cfb, &cfx );
+  /* Write the one-pass signature packets */
+  /* (current filters: zip - encrypt - armor) */
+  rc = write_onepass_sig_packets (sk_list, out, opt.textmode? 0x01:0x00);
+  if (rc)
+    goto leave;
 
-    /* Push the compress filter */
-    if (default_compress_algo())
-      {
-        if (cfx.dek && cfx.dek->use_mdc)
-          zfx.new_ctb = 1;
-        push_compress_filter (out, &zfx,default_compress_algo() );
-      }
+  write_status_begin_signing (mfx.md);
 
-    /* Write the one-pass signature packets */
-    /*(current filters: zip - encrypt - armor)*/
-    rc = write_onepass_sig_packets (sk_list, out,
-                                    opt.textmode? 0x01:0x00);
-    if (rc)
-      goto leave;
+  /* Pipe data through all filters; i.e. write the signed stuff.  */
+  /* (current filters: zip - encrypt - armor) */
+  rc = write_plaintext_packet (out, inp, fname,
+                               opt.textmode ? (opt.mimemode?'m':'t'):'b',
+                               &extrahash);
+  if (rc)
+    goto leave;
 
-    write_status_begin_signing (mfx.md);
-
-    /* Pipe data through all filters; i.e. write the signed stuff */
-    /*(current filters: zip - encrypt - armor)*/
-    rc = write_plaintext_packet (out, inp, fname,
-                                 opt.textmode ? (opt.mimemode?'m':'t'):'b');
-    if (rc)
-	goto leave;
-
-    /* Write the signatures */
-    /*(current filters: zip - encrypt - armor)*/
-    rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
-				  opt.textmode? 0x01 : 0x00,
-				  0, duration, 'S', NULL);
-    if( rc )
-        goto leave;
+  /* Write the signatures.  */
+  /* (current filters: zip - encrypt - armor) */
+  rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,
+                                opt.textmode? 0x01 : 0x00,
+                                0, duration, 'S', NULL);
+  if (rc)
+    goto leave;
 
 
-  leave:
-    if( rc )
-	iobuf_cancel(out);
-    else {
-	iobuf_close(out);
-        write_status( STATUS_END_ENCRYPTION );
+ leave:
+  if (rc)
+    iobuf_cancel (out);
+  else
+    {
+      iobuf_close (out);
+      write_status (STATUS_END_ENCRYPTION);
     }
-    iobuf_close(inp);
-    release_sk_list( sk_list );
-    gcry_md_close( mfx.md );
-    xfree(cfx.dek);
-    xfree(s2k);
-    release_progress_context (pfx);
-    release_armor_context (afx);
-    return rc;
+  iobuf_close (inp);
+  release_sk_list (sk_list);
+  gcry_md_close (mfx.md);
+  xfree (cfx.dek);
+  xfree (s2k);
+  release_progress_context (pfx);
+  release_armor_context (afx);
+  xfree (extrahash);
+  return rc;
 }
 
 
-/****************
+/*
  * Create a v4 signature in *RET_SIG.
  *
  * PK is the primary key to sign (required for all sigs)
@@ -1593,118 +1750,108 @@ make_keysig_packet (ctrl_t ctrl,
                     PKT_signature **ret_sig, PKT_public_key *pk,
 		    PKT_user_id *uid, PKT_public_key *subpk,
 		    PKT_public_key *pksk,
-		    int sigclass, int digest_algo,
+		    int sigclass,
                     u32 timestamp, u32 duration,
 		    int (*mksubpkt)(PKT_signature *, void *), void *opaque,
                     const char *cache_nonce)
 {
-    PKT_signature *sig;
-    int rc=0;
-    int sigversion;
-    gcry_md_hd_t md;
-    u32 pk_keyid[2], pksk_keyid[2];
-    unsigned int signhints;
-
-    log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
-                || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
-                || sigclass == 0x30 || sigclass == 0x28 );
-
+  PKT_signature *sig;
+  int rc = 0;
+  int sigversion;
+  int digest_algo;
+  gcry_md_hd_t md;
+  u32 pk_keyid[2], pksk_keyid[2];
+  unsigned int signhints;
+
+  log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
+              || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
+              || sigclass == 0x30 || sigclass == 0x28 );
+
+  if (pksk->version >= 5)
+    sigversion = 5;
+  else
     sigversion = 4;
-    if (sigversion < pksk->version)
-        sigversion = pksk->version;
 
-    if( !digest_algo )
-      {
-	/* Basically, this means use SHA1 always unless the user
-	   specified something (use whatever they said), or it's DSA
-	   (use the best match).  They still can't pick an
-	   inappropriate hash for DSA or the signature will fail.
-	   Note that this still allows the caller of
-	   make_keysig_packet to override the user setting if it
-	   must. */
-
-	if(opt.cert_digest_algo)
-	  digest_algo=opt.cert_digest_algo;
-	else if(pksk->pubkey_algo == PUBKEY_ALGO_DSA)
-	  digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
-        else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
-                 || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
-          {
-            if (openpgp_oid_is_ed25519 (pksk->pkey[0]))
-              digest_algo = DIGEST_ALGO_SHA256;
-            else
-              digest_algo = match_dsa_hash
-                (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
-          }
-	else
-	  digest_algo = DEFAULT_DIGEST_ALGO;
-      }
+  /* Select the digest algo to use. */
+  if (opt.cert_digest_algo)     /* Forceful override by the user.  */
+    digest_algo = opt.cert_digest_algo;
+  else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA) /* Meet DSA requirements.  */
+    digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
+  else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA) /* Meet ECDSA requirements. */
+    digest_algo = match_dsa_hash
+      (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
+  else if (pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
+    {
+      if (gcry_mpi_get_nbits (pksk->pkey[1]) > 256)
+        digest_algo = DIGEST_ALGO_SHA512;
+      else
+        digest_algo = DIGEST_ALGO_SHA256;
+    }
+  else /* Use the default.  */
+    digest_algo = DEFAULT_DIGEST_ALGO;
 
-    signhints = SIGNHINT_KEYSIG;
-    keyid_from_pk (pk, pk_keyid);
-    keyid_from_pk (pksk, pksk_keyid);
-    if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1])
-      signhints |= SIGNHINT_SELFSIG;
+  signhints = SIGNHINT_KEYSIG;
+  keyid_from_pk (pk, pk_keyid);
+  keyid_from_pk (pksk, pksk_keyid);
+  if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1])
+    signhints |= SIGNHINT_SELFSIG;
 
-    if ( gcry_md_open (&md, digest_algo, 0 ) )
-      BUG ();
+  if (gcry_md_open (&md, digest_algo, 0))
+    BUG ();
 
-    /* Hash the public key certificate. */
-    hash_public_key( md, pk );
+  /* Hash the public key certificate. */
+  hash_public_key (md, pk);
 
-    if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
-      {
-	/* hash the subkey binding/backsig/revocation */
-	hash_public_key( md, subpk );
-      }
-    else if( sigclass != 0x1F && sigclass != 0x20 )
-      {
-	/* hash the user id */
-        hash_uid (md, sigversion, uid);
-      }
-    /* and make the signature packet */
-    sig = xmalloc_clear( sizeof *sig );
-    sig->version = sigversion;
-    sig->flags.exportable=1;
-    sig->flags.revocable=1;
-    keyid_from_pk (pksk, sig->keyid);
-    sig->pubkey_algo = pksk->pubkey_algo;
-    sig->digest_algo = digest_algo;
-    if(timestamp)
-      sig->timestamp=timestamp;
-    else
-      sig->timestamp=make_timestamp();
-    if(duration)
-      sig->expiredate=sig->timestamp+duration;
-    sig->sig_class = sigclass;
-
-    build_sig_subpkt_from_sig (sig, pksk);
-    mk_notation_policy_etc (sig, pk, pksk);
-
-    /* Crucial that the call to mksubpkt comes LAST before the calls
-       to finalize the sig as that makes it possible for the mksubpkt
-       function to get a reliable pointer to the subpacket area. */
-    if (mksubpkt)
-	rc = (*mksubpkt)( sig, opaque );
-
-    if( !rc ) {
-        hash_sigversion_to_magic (md, sig);
-	gcry_md_final (md);
-
-	rc = complete_sig (ctrl, sig, pksk, md, cache_nonce, signhints);
+  if (sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28)
+    {
+      /* Hash the subkey binding/backsig/revocation.  */
+      hash_public_key (md, subpk);
+    }
+  else if (sigclass != 0x1F && sigclass != 0x20)
+    {
+      /* Hash the user id. */
+      hash_uid (md, sigversion, uid);
+    }
+  /* Make the signature packet.  */
+  sig = xmalloc_clear (sizeof *sig);
+  sig->version = sigversion;
+  sig->flags.exportable = 1;
+  sig->flags.revocable = 1;
+  keyid_from_pk (pksk, sig->keyid);
+  sig->pubkey_algo = pksk->pubkey_algo;
+  sig->digest_algo = digest_algo;
+  sig->timestamp = timestamp? timestamp : make_timestamp ();
+  if (duration)
+    sig->expiredate = sig->timestamp + duration;
+  sig->sig_class = sigclass;
+
+  build_sig_subpkt_from_sig (sig, pksk);
+  mk_notation_policy_etc (ctrl, sig, pk, pksk);
+
+  /* Crucial that the call to mksubpkt comes LAST before the calls
+   * to finalize the sig as that makes it possible for the mksubpkt
+   * function to get a reliable pointer to the subpacket area. */
+  if (mksubpkt)
+    rc = (*mksubpkt)(sig, opaque);
+
+  if (!rc)
+    {
+      hash_sigversion_to_magic (md, sig, NULL);
+      gcry_md_final (md);
+      rc = complete_sig (ctrl, sig, pksk, md, cache_nonce, signhints);
     }
 
-    gcry_md_close (md);
-    if( rc )
-	free_seckey_enc( sig );
-    else
-	*ret_sig = sig;
-    return rc;
+  gcry_md_close (md);
+  if (rc)
+    free_seckey_enc (sig);
+  else
+    *ret_sig = sig;
+  return rc;
 }
 
 
 
-/****************
+/*
  * Create a new signature packet based on an existing one.
  * Only user ID signatures are supported for now.
  * PK is the public key to work on.
@@ -1723,97 +1870,101 @@ update_keysig_packet (ctrl_t ctrl,
                       int (*mksubpkt)(PKT_signature *, void *),
                       void *opaque)
 {
-    PKT_signature *sig;
-    gpg_error_t rc = 0;
-    int digest_algo;
-    gcry_md_hd_t md;
-    u32 pk_keyid[2], pksk_keyid[2];
-    unsigned int signhints;
-
-    if ((!orig_sig || !pk || !pksk)
-	|| (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
-	|| (orig_sig->sig_class == 0x18 && !subpk))
-      return GPG_ERR_GENERAL;
-
-    if ( opt.cert_digest_algo )
-      digest_algo = opt.cert_digest_algo;
-    else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA
-             || pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
-             || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
-      digest_algo = orig_sig->digest_algo;
-    else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1
-             || orig_sig->digest_algo == DIGEST_ALGO_RMD160)
-      digest_algo = DEFAULT_DIGEST_ALGO;
-    else
-      digest_algo = orig_sig->digest_algo;
-
-    signhints = SIGNHINT_KEYSIG;
-    keyid_from_pk (pk, pk_keyid);
-    keyid_from_pk (pksk, pksk_keyid);
-    if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1])
-      signhints |= SIGNHINT_SELFSIG;
-
-    if ( gcry_md_open (&md, digest_algo, 0 ) )
-      BUG ();
-
-    /* Hash the public key certificate and the user id. */
-    hash_public_key( md, pk );
-
-    if( orig_sig->sig_class == 0x18 )
-      hash_public_key( md, subpk );
-    else
-      hash_uid (md, orig_sig->version, uid);
-
-    /* create a new signature packet */
-    sig = copy_signature (NULL, orig_sig);
-
-    sig->digest_algo=digest_algo;
-
-    /* We need to create a new timestamp so that new sig expiration
-       calculations are done correctly... */
-    sig->timestamp=make_timestamp();
-
-    /* ... but we won't make a timestamp earlier than the existing
-       one. */
-    {
-      int tmout = 0;
-      while(sig->timestamp<=orig_sig->timestamp)
-        {
-          if (++tmout > 5 && !opt.ignore_time_conflict)
-            {
-              rc = gpg_error (GPG_ERR_TIME_CONFLICT);
-              goto leave;
-            }
-          gnupg_sleep (1);
-          sig->timestamp=make_timestamp();
-        }
-    }
+  PKT_signature *sig;
+  gpg_error_t rc = 0;
+  int digest_algo;
+  gcry_md_hd_t md;
+  u32 pk_keyid[2], pksk_keyid[2];
+  unsigned int signhints = 0;
+
+  if ((!orig_sig || !pk || !pksk)
+      || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
+      || (orig_sig->sig_class == 0x18 && !subpk))
+    return GPG_ERR_GENERAL;
+
+  /* Either use the override digest algo or in the normal case the
+   * original digest algorithm.  However, iff the original digest
+   * algorithms is SHA-1 and we are in gnupg or de-vs compliance mode
+   * we switch to SHA-256 (done by the macro).  */
+  if  (opt.cert_digest_algo)
+    digest_algo = opt.cert_digest_algo;
+  else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA
+           || pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
+           || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
+    digest_algo = orig_sig->digest_algo;
+  else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1
+           || orig_sig->digest_algo == DIGEST_ALGO_RMD160)
+    digest_algo = DEFAULT_DIGEST_ALGO;
+  else
+    digest_algo = orig_sig->digest_algo;
+
+  signhints = SIGNHINT_KEYSIG;
+  keyid_from_pk (pk, pk_keyid);
+  keyid_from_pk (pksk, pksk_keyid);
+  if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1])
+    signhints |= SIGNHINT_SELFSIG;
 
-    /* Note that already expired sigs will remain expired (with a
-       duration of 1) since build-packet.c:build_sig_subpkt_from_sig
-       detects this case. */
+  if (gcry_md_open (&md, digest_algo, 0))
+    BUG ();
 
-    /* Put the updated timestamp into the sig.  Note that this will
-       automagically lower any sig expiration dates to correctly
-       correspond to the differences in the timestamps (i.e. the
-       duration will shrink).  */
-    build_sig_subpkt_from_sig (sig, pksk);
+  /* Hash the public key certificate and the user id. */
+  hash_public_key (md, pk);
 
-    if (mksubpkt)
-      rc = (*mksubpkt)(sig, opaque);
+  if (orig_sig->sig_class == 0x18)
+    hash_public_key (md, subpk);
+  else
+    hash_uid (md, orig_sig->version, uid);
+
+  /* Create a new signature packet.  */
+  sig = copy_signature (NULL, orig_sig);
+
+  sig->digest_algo = digest_algo;
 
-    if (!rc) {
-        hash_sigversion_to_magic (md, sig);
-	gcry_md_final (md);
+  /* We need to create a new timestamp so that new sig expiration
+   * calculations are done correctly... */
+  sig->timestamp = make_timestamp();
 
-	rc = complete_sig (ctrl, sig, pksk, md, NULL, signhints);
+  /* ... but we won't make a timestamp earlier than the existing
+   * one. */
+  {
+    int tmout = 0;
+    while (sig->timestamp <= orig_sig->timestamp)
+      {
+        if (++tmout > 5 && !opt.ignore_time_conflict)
+          {
+            rc = gpg_error (GPG_ERR_TIME_CONFLICT);
+            goto leave;
+          }
+        gnupg_sleep (1);
+        sig->timestamp = make_timestamp();
+      }
+  }
+
+  /* Note that already expired sigs will remain expired (with a
+   * duration of 1) since build-packet.c:build_sig_subpkt_from_sig
+   * detects this case. */
+
+  /* Put the updated timestamp into the sig.  Note that this will
+   * automagically lower any sig expiration dates to correctly
+   * correspond to the differences in the timestamps (i.e. the
+   * duration will shrink).  */
+  build_sig_subpkt_from_sig (sig, pksk);
+
+  if (mksubpkt)
+    rc = (*mksubpkt)(sig, opaque);
+
+  if (!rc)
+    {
+      hash_sigversion_to_magic (md, sig, NULL);
+      gcry_md_final (md);
+      rc = complete_sig (ctrl, sig, pksk, md, NULL, signhints);
     }
 
  leave:
-    gcry_md_close (md);
-    if( rc )
-	free_seckey_enc (sig);
-    else
-	*ret_sig = sig;
-    return rc;
+  gcry_md_close (md);
+  if (rc)
+    free_seckey_enc (sig);
+  else
+    *ret_sig = sig;
+  return rc;
 }
diff --git a/g10/skclist.c b/g10/skclist.c
index d0511ad..c9f7d12 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -31,7 +31,6 @@
 #include "keydb.h"
 #include "../common/util.h"
 #include "../common/i18n.h"
-#include "keyserver-internal.h"
 #include "call-agent.h"
 
 
@@ -132,17 +131,15 @@ build_sk_list (ctrl_t ctrl,
     {
       struct agent_card_info_s info;
       PKT_public_key *pk;
-      char *serialno;
 
       memset (&info, 0, sizeof(info));
       pk = xmalloc_clear (sizeof *pk);
       pk->req_usage = use;
 
       /* Check if a card is available.  If any, use the key as a hint.  */
-      err = agent_scd_serialno (&serialno, NULL);
+      err = agent_scd_serialno (NULL, NULL);
       if (!err)
         {
-          xfree (serialno);
           err = agent_scd_getattr ("KEY-FPR", &info);
           if (err)
             log_error ("error retrieving key fingerprint from card: %s\n",
@@ -150,7 +147,8 @@ build_sk_list (ctrl_t ctrl,
         }
 
       err = get_seckey_default_or_card (ctrl, pk,
-                                        info.fpr1valid? info.fpr1 : NULL, 20);
+                                        info.fpr1len? info.fpr1 : NULL,
+                                        info.fpr1len);
       if (err)
 	{
 	  free_public_key (pk);
@@ -293,17 +291,14 @@ build_sk_list (ctrl_t ctrl,
  * --default-key and --try-secret-key).  Use the following procedure:
  *
  *  1) Initialize a void pointer to NULL
- *  2) Pass a reference to this pointer to this function (CONTEXT)
- *     and provide space for the secret key (SK)
+ *  2) Pass a reference to this pointer to this function (context)
+ *     and provide space for the secret key (sk)
  *  3) Call this function as long as it does not return an error (or
  *     until you are done).  The error code GPG_ERR_EOF indicates the
  *     end of the listing.
  *  4) Call this function a last time with SK set to NULL,
  *     so that can free it's context.
  *
- *  TAKE CARE: When the function returns SK belongs to CONTEXT and may
- *  not be freed by the caller; neither on success nor on error.
- *
  * In pseudo-code:
  *
  *   void *ctx = NULL;
@@ -327,19 +322,15 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
 {
   gpg_error_t err = 0;
   const char *name;
-  int cardkey;    /* We got an encryption fingerprint from the card */
-                  /* in c->info.fpr2.                               */
   kbnode_t keyblock;
   struct
   {
     int eof;
     int state;
-    int cardkey_done;
     strlist_t sl;
-    strlist_t card_list;
-    char *serialno;
-    char fpr2[2 * MAX_FINGERPRINT_LEN + 3 ];
-    struct agent_card_info_s info;
+    keypair_info_t card_keyinfo;
+    keypair_info_t card_keyinfo_list;
+    char fpr2[2 * MAX_FINGERPRINT_LEN + 2 ];
     kbnode_t keyblock;
     kbnode_t node;
     getkey_ctx_t ctx;
@@ -366,8 +357,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
   if (!sk)
     {
       /* Free the context.  */
-      xfree (c->serialno);
-      free_strlist (c->card_list);
+      free_keypair_info (c->card_keyinfo_list);
       release_sk_list (c->results);
       release_kbnode (c->keyblock);
       getkey_end (ctrl, c->ctx);
@@ -390,10 +380,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
           /* Loop over the list of secret keys.  */
           do
             {
-              char *serialno;
-
               name = NULL;
-              cardkey = 0;
               keyblock = NULL;
               switch (c->state)
                 {
@@ -418,94 +405,37 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
                   break;
 
                 case 3: /* Init list of card keys to try.  */
-                  err = agent_scd_cardlist (&c->card_list);
+                  c->card_keyinfo_list = NULL;
+                  err = agent_scd_serialno (NULL, NULL);
                   if (!err)
-                    agent_scd_serialno (&c->serialno, NULL);
-                  c->sl = c->card_list;
+                    {
+                      err = agent_scd_keyinfo (NULL, GCRY_PK_USAGE_ENCR,
+                                               &c->card_keyinfo_list);
+                    }
+                  c->card_keyinfo = c->card_keyinfo_list;
                   c->state++;
                   break;
 
-                case 4: /* Get next item from card list.  */
-                  if (c->sl)
+                case 4: /* Get next item from card keyinfo.  */
+                  if (c->card_keyinfo)
                     {
-                      err = agent_scd_serialno (&serialno, c->sl->d);
-                      if (err)
-                        {
-                          if (opt.verbose)
-                            log_info (_("error getting serial number of card: %s\n"),
-                                      gpg_strerror (err));
-                          c->sl = c->sl->next;
-                          continue;
-                        }
-
-                      xfree (serialno);
-                      err = agent_scd_getattr ("KEY-FPR", &c->info);
-                      if (!err)
-                        {
-                          if (c->info.fpr2valid)
-                            {
-                              c->fpr2[0] = '0';
-                              c->fpr2[1] = 'x';
-                              bin2hex (c->info.fpr2, sizeof c->info.fpr2,
-                                       c->fpr2 + 2);
-                              name = c->fpr2;
-                              cardkey = 1;
-                            }
-                        }
-                      else if (gpg_err_code (err) == GPG_ERR_INV_NAME)
-                        {
-                          /* KEY-FPR not supported by the card - get
-                           * the key using the keygrip.  */
-                          char *keyref;
-                          strlist_t kplist, sl;
-                          const char *s;
-                          int i;
-
-                          err = agent_scd_getattr_one ("$ENCRKEYID", &keyref);
-                          if (!err)
-                            {
-                              err = agent_scd_keypairinfo (ctrl, &kplist);
-                              if (!err)
-                                {
-                                  for (sl = kplist; sl; sl = sl->next)
-                                    if ((s = strchr (sl->d, ' '))
-                                        && !strcmp (s+1, keyref))
-                                      break;
-                                  if (sl)
-                                    {
-                                      c->fpr2[0] = '&';
-                                      for (i=1, s=sl->d;
-                                           (*s && *s != ' '
-                                            && i < sizeof c->fpr2 - 3);
-                                           s++, i++)
-                                        c->fpr2[i] = *s;
-                                      c->fpr2[i] = 0;
-                                      name = c->fpr2;
-                                    }
-                                  else /* Restore error.  */
-                                    err = gpg_error (GPG_ERR_INV_NAME);
-                                  free_strlist (kplist);
-                                }
-                            }
-                          xfree (keyref);
-                        }
-                      if (err)
-                        log_error ("error retrieving key from card: %s\n",
-                                   gpg_strerror (err));
-
-                      c->sl = c->sl->next;
+                      const char *s;
+                      int i;
+
+                      /* Get the key using the keygrip.  */
+                      c->fpr2[0] = '&';
+                      for (i=1, s = c->card_keyinfo->keygrip;
+                           (*s && *s != ' '
+                            && i < sizeof c->fpr2 - 2);
+                           s++, i++)
+                        c->fpr2[i] = *s;
+                      c->fpr2[i] = 0;
+                      name = c->fpr2;
+
+                      c->card_keyinfo = c->card_keyinfo->next;
                     }
                   else
-                    {
-                      serialno = c->serialno;
-                      if (serialno)
-                        {
-                          /* Select the original card again.  */
-                          agent_scd_serialno (&c->serialno, serialno);
-                          xfree (serialno);
-                        }
-                      c->state++;
-                    }
+                    c->state++;
                   break;
 
                 case 5: /* Init search context to enum all secret keys.  */
@@ -557,39 +487,6 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
                      it.  */
                   release_kbnode (c->keyblock);
                   c->keyblock = NULL;
-                  /* If this was a card key we might not yet have the
-                   * public key for it.  Thus check whether the card
-                   * can return the fingerprint of the encryption key
-                   * and we can then find the public key via LDAP.  */
-                  if (cardkey && !c->cardkey_done
-                      && gpg_err_code (err) == GPG_ERR_NO_SECKEY)
-                    {
-                      /* Note that this code does not handle the case
-                       * for two readers having both openpgp
-                       * encryption keys.  Only one will be tried.  */
-                      c->cardkey_done = 1;
-                      if (opt.debug)
-                        log_debug ("using LDAP to find public key"
-                                   " for current card\n");
-                      if (!keyserver_import_fprint
-                          (ctrl, c->info.fpr2, sizeof c->info.fpr2,
-                           opt.keyserver, KEYSERVER_IMPORT_FLAG_LDAP))
-                        {
-                          char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
-
-                          bin2hex (c->info.fpr2, sizeof c->info.fpr2,
-                                   fpr_string);
-                          err = getkey_byname (ctrl, NULL, NULL, fpr_string, 1,
-                                               &c->keyblock);
-                          if (err)
-                            {
-                              release_kbnode (c->keyblock);
-                              c->keyblock = NULL;
-                            }
-                          else
-                            c->node = c->keyblock;
-                        }
-                    }
                 }
               else
                 c->node = c->keyblock;
diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c
index 167a9bb..90ce6e9 100644
--- a/g10/t-keydb-get-keyblock.c
+++ b/g10/t-keydb-get-keyblock.c
@@ -21,9 +21,11 @@
 
 #include "keydb.h"
 
+
 static void
 do_test (int argc, char *argv[])
 {
+  ctrl_t ctrl;
   char *fname;
   int rc;
   KEYDB_HANDLE hd1;
@@ -33,6 +35,7 @@ do_test (int argc, char *argv[])
   (void) argc;
   (void) argv;
 
+  ctrl = xcalloc (1, sizeof *ctrl);
   /* t-keydb-get-keyblock.gpg contains two keys: a modern key followed
      by a legacy key.  If we get the keyblock for the modern key, we
      shouldn't get
@@ -44,7 +47,7 @@ do_test (int argc, char *argv[])
   if (rc)
     ABORT ("Failed to open keyring.");
 
-  hd1 = keydb_new ();
+  hd1 = keydb_new (ctrl);
   if (!hd1)
     ABORT ("");
 
@@ -62,4 +65,5 @@ do_test (int argc, char *argv[])
 
   keydb_release (hd1);
   release_kbnode (kb1);
+  xfree (ctrl);
 }
diff --git a/g10/t-keydb.c b/g10/t-keydb.c
index 5eb8d01..4c78dac 100644
--- a/g10/t-keydb.c
+++ b/g10/t-keydb.c
@@ -25,6 +25,7 @@ static void
 do_test (int argc, char *argv[])
 {
   int rc;
+  ctrl_t ctrl;
   KEYDB_HANDLE hd1, hd2;
   KEYDB_SEARCH_DESC desc1, desc2;
   KBNODE kb1, kb2, p;
@@ -35,16 +36,17 @@ do_test (int argc, char *argv[])
   (void) argc;
   (void) argv;
 
+  ctrl = xcalloc (1, sizeof *ctrl);
   fname = prepend_srcdir ("t-keydb-keyring.kbx");
   rc = keydb_add_resource (fname, 0);
   test_free (fname);
   if (rc)
     ABORT ("Failed to open keyring.");
 
-  hd1 = keydb_new ();
+  hd1 = keydb_new (ctrl);
   if (!hd1)
     ABORT ("");
-  hd2 = keydb_new ();
+  hd2 = keydb_new (ctrl);
   if (!hd2)
     ABORT ("");
 
@@ -101,4 +103,5 @@ do_test (int argc, char *argv[])
   release_kbnode (kb2);
   keydb_release (hd1);
   keydb_release (hd2);
+  xfree (ctrl);
 }
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index a86558b..73a6c2c 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -109,9 +109,7 @@ export_ownertrust (ctrl_t ctrl)
     {
       if (rec.rectype == RECTYPE_TRUST)
         {
-          /* Skip records with no ownertrust set or those with trust
-           * set via --trusted-key.  */
-          if (!rec.r.trust.ownertrust || (rec.r.trust.flags & 1))
+          if (!rec.r.trust.ownertrust)
             continue;
           p = rec.r.trust.fingerprint;
           for (i=0; i < 20; i++, p++ )
@@ -131,7 +129,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
     char *p;
     size_t n, fprlen;
     unsigned int otrust;
-    byte fpr[20];
+    byte fpr[MAX_FINGERPRINT_LEN];
     int any = 0;
     int rc;
 
@@ -173,7 +171,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
 	    continue;
 	}
 	fprlen = p - line;
-	if( fprlen != 32 && fprlen != 40 ) {
+	if( fprlen != 32 && fprlen != 40 && fprlen != 64) {
 	    log_error (_("error in '%s': %s\n"),
                        fname, _("invalid fingerprint") );
 	    continue;
@@ -185,10 +183,12 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
 	}
 	if( !otrust )
 	    continue; /* no otrust defined - no need to update or insert */
-	/* convert the ascii fingerprint to binary */
-	for(p=line, fprlen=0; fprlen < 20 && *p != ':'; p += 2 )
-	    fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
-	while (fprlen < 20)
+	/* Convert the ascii fingerprint to binary */
+	for(p=line, fprlen=0;
+            fprlen < MAX_FINGERPRINT_LEN && *p != ':';
+            p += 2 )
+          fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
+	while (fprlen < MAX_FINGERPRINT_LEN)
 	    fpr[fprlen++] = 0;
 
 	rc = tdbio_search_trust_byfpr (ctrl, fpr, &rec);
@@ -204,7 +204,6 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
                       log_info("setting ownertrust to %u\n", otrust );
                   }
                 rec.r.trust.ownertrust = otrust;
-                rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
                 write_record (ctrl, &rec);
                 any = 1;
               }
diff --git a/g10/tdbio.c b/g10/tdbio.c
index fdb8871..f49f443 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -106,8 +106,8 @@ struct cmp_xdir_struct
 static char *db_name;
 
 /* The handle for locking the trustdb file and a counter to record how
- * often this lock has been taken.  That counter is required becuase
- * dotlock does not implemen recursive locks.  */
+ * often this lock has been taken.  That counter is required because
+ * dotlock does not implement recursive locks.  */
 static dotlock_t lockhandle;
 static unsigned int is_locked;
 
@@ -589,7 +589,7 @@ tdbio_update_version_record (ctrl_t ctrl)
 
 /*
  * Create and write the trustdb version record.
- * This is called with the writelock activ.
+ * This is called with the writelock active.
  * Returns: 0 on success or an error code.
  */
 static int
@@ -1141,7 +1141,7 @@ upd_hashtable (ctrl_t ctrl, ulong table, byte *key, int keylen, ulong newrecnum)
 
               if (rec.r.hlst.next)
                 {
-                  /* read the next reord of the list.  */
+                  /* read the next record of the list.  */
                   rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
                   if (rc)
                     {
@@ -1486,19 +1486,16 @@ tdbio_dump_record (TRUSTREC *rec, estream_t fp)
       es_fprintf (fp, "trust ");
       for (i=0; i < 20; i++)
         es_fprintf (fp, "%02X", rec->r.trust.fingerprint[i]);
-      es_fprintf (fp, ", ot=%d, d=%d, vl=%lu, mo=%d, f=%02x\n",
-                  rec->r.trust.ownertrust,
-                  rec->r.trust.depth, rec->r.trust.validlist,
-                  rec->r.trust.min_ownertrust, rec->r.trust.flags);
+      es_fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust,
+                  rec->r.trust.depth, rec->r.trust.validlist);
       break;
 
     case RECTYPE_VALID:
       es_fprintf (fp, "valid ");
       for (i=0; i < 20; i++)
         es_fprintf(fp, "%02X", rec->r.valid.namehash[i]);
-      es_fprintf (fp, ", v=%d, next=%lu, f=%d, m=%d\n",
-                  rec->r.valid.validity, rec->r.valid.next,
-                  rec->r.valid.full_count, rec->r.valid.marginal_count);
+      es_fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity,
+                  rec->r.valid.next);
       break;
 
     default:
@@ -1634,7 +1631,7 @@ tdbio_read_record (ulong recnum, TRUSTREC *rec, int expected)
       rec->r.trust.ownertrust = *p++;
       rec->r.trust.depth = *p++;
       rec->r.trust.min_ownertrust = *p++;
-      rec->r.trust.flags = *p++;
+      p++;
       rec->r.trust.validlist = buf32_to_ulong(p);
       break;
 
@@ -1729,7 +1726,7 @@ tdbio_write_record (ctrl_t ctrl, TRUSTREC *rec)
       *p++ = rec->r.trust.ownertrust;
       *p++ = rec->r.trust.depth;
       *p++ = rec->r.trust.min_ownertrust;
-      *p++ = rec->r.trust.flags;
+      p++;
       ulongtobuf( p, rec->r.trust.validlist); p += 4;
       break;
 
@@ -1914,12 +1911,9 @@ tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint, TRUSTREC *rec)
 gpg_error_t
 tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
 {
-  byte fingerprint[MAX_FINGERPRINT_LEN];
-  size_t fingerlen;
+  byte fingerprint[20];
 
-  fingerprint_from_pk( pk, fingerprint, &fingerlen );
-  for (; fingerlen < 20; fingerlen++)
-    fingerprint[fingerlen] = 0;
+  fpr20_from_pk (pk, fingerprint);
   return tdbio_search_trust_byfpr (ctrl, fingerprint, rec);
 }
 
diff --git a/g10/tdbio.h b/g10/tdbio.h
index 9452d76..267a379 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -79,7 +79,6 @@ struct trust_record {
         byte depth;
         ulong validlist;
 	byte min_ownertrust;
-        byte flags;
       } trust;
       struct {
         byte namehash[20];
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 2ae4a41..913d498 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -57,10 +57,13 @@ g10_exit( int rc )
  * We have to override the trustcheck from pkclist.c because
  * this utility assumes that all keys in the keyring are trustworthy
  */
-int
-check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
+gpg_error_t
+check_signatures_trust (ctrl_t ctrl, kbnode_t kblock,
+                        PKT_public_key *pk, PKT_signature *sig)
 {
   (void)ctrl;
+  (void)kblock;
+  (void)pk;
   (void)sig;
   return 0;
 }
@@ -178,33 +181,23 @@ keyserver_any_configured (ctrl_t ctrl)
 }
 
 int
-keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
+keyserver_import_keyid (u32 *keyid, void *dummy, int quick)
 {
   (void)keyid;
   (void)dummy;
-  (void)flags;
+  (void)quick;
   return -1;
 }
 
 int
 keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
-			 struct keyserver_spec *keyserver, unsigned int flags)
+			 struct keyserver_spec *keyserver, int quick)
 {
   (void)ctrl;
   (void)fprint;
   (void)fprint_len;
   (void)keyserver;
-  (void)flags;
-  return -1;
-}
-
-int
-keyserver_import_fprint_ntds (ctrl_t ctrl,
-                              const byte *fprint, size_t fprint_len)
-{
-  (void)ctrl;
-  (void)fprint;
-  (void)fprint_len;
+  (void)quick;
   return -1;
 }
 
@@ -215,28 +208,20 @@ keyserver_import_cert (const char *name)
   return -1;
 }
 
-int
-keyserver_import_pka (const char *name,unsigned char *fpr)
-{
-  (void)name;
-  (void)fpr;
-  return -1;
-}
-
 gpg_error_t
-keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
+keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
                       unsigned char **fpr, size_t *fpr_len)
 {
   (void)ctrl;
   (void)name;
-  (void)flags;
+  (void)quick;
   (void)fpr;
   (void)fpr_len;
   return GPG_ERR_BUG;
 }
 
 int
-keyserver_import_mbox (const char *name,struct keyserver_spec *spec)
+keyserver_import_name (const char *name,struct keyserver_spec *spec)
 {
   (void)name;
   (void)spec;
@@ -287,7 +272,7 @@ import_included_key_block (ctrl_t ctrl, kbnode_t keyblock)
  * No encryption here but mainproc links to these functions.
  */
 gpg_error_t
-get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek)
+get_session_key (ctrl_t ctrl, struct pubkey_enc_list *k, DEK *dek)
 {
   (void)ctrl;
   (void)k;
@@ -306,14 +291,12 @@ get_override_session_key (DEK *dek, const char *string)
 
 /* Stub: */
 int
-decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
-              int *compliance_error)
+decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
 {
   (void)ctrl;
   (void)procctx;
   (void)ed;
   (void)dek;
-  (void)compliance_error;
   return GPG_ERR_GENERAL;
 }
 
@@ -343,14 +326,13 @@ check_secret_key (PKT_public_key *pk, int n)
  */
 DEK *
 passphrase_to_dek (int cipher_algo, STRING2KEY *s2k, int create, int nocache,
-                   const char *tmp, unsigned int flags, int *canceled)
+                   const char *tmp, int *canceled)
 {
   (void)cipher_algo;
   (void)s2k;
   (void)create;
   (void)nocache;
   (void)tmp;
-  (void)flags;
 
   if (canceled)
     *canceled = 0;
@@ -463,12 +445,12 @@ dotlock_remove_lockfiles (void)
 {
 }
 
-gpg_error_t
+int
 agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
 {
   (void)ctrl;
   (void)pk;
-  return gpg_error (GPG_ERR_NO_SECKEY);
+  return 0;
 }
 
 gpg_error_t
@@ -491,22 +473,6 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
 }
 
 gpg_error_t
-gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
-                     unsigned char **r_fpr, size_t *r_fprlen,
-                     char **r_url)
-{
-  (void)ctrl;
-  (void)userid;
-  if (r_fpr)
-    *r_fpr = NULL;
-  if (r_fprlen)
-    *r_fprlen = 0;
-  if (r_url)
-    *r_url = NULL;
-  return gpg_error (GPG_ERR_NOT_FOUND);
-}
-
-gpg_error_t
 export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
                       const void *prefix, size_t prefixlen,
                       export_stats_t stats,
diff --git a/g10/tofu.c b/g10/tofu.c
index 9cdcfaa..f490838 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2083,13 +2083,16 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs,
    * policy to ask due to a conflict.  */
   for (iter = conflict_set; iter; iter = iter->next)
     {
+      /* Fixme: Why the check against N+1?  */
       int l = strlen (iter->d);
-      if (!(l == 2 * MAX_FINGERPRINT_LEN
-            || l == 2 * MAX_FINGERPRINT_LEN + 1))
+      if (!(l == 2 * 20
+            || l == 2 * 20 + 1
+            || l == 2 * 32
+            || l == 2 * 32 + 1))
         {
           log_error (_("TOFU db corruption detected.\n"));
-          print_further_info ("fingerprint '%s' is not %d characters long",
-                              iter->d, 2 * MAX_FINGERPRINT_LEN);
+          print_further_info ("fingerprint '%s' is %d characters long",
+                              iter->d, l);
         }
 
       if (l >= 1 && iter->d[l - 1] == '!')
@@ -2128,7 +2131,7 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs,
   /* If two keys have cross signatures, then they are controlled by
    * the same person and thus are not in conflict.  */
   kb_all = xcalloc (sizeof (kb_all[0]), conflict_set_count);
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   for (i = 0, iter = conflict_set;
        i < conflict_set_count;
        i ++, iter = iter->next)
@@ -2468,10 +2471,11 @@ get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk,
   /* See if the key is signed by an ultimately trusted key.  */
   {
     int fingerprint_raw_len = strlen (fingerprint) / 2;
-    char fingerprint_raw[20];
+    char fingerprint_raw[MAX_FINGERPRINT_LEN];
     int len = 0;
 
-    if (fingerprint_raw_len != sizeof fingerprint_raw
+    /* FIXME(fingerprint) */
+    if (fingerprint_raw_len != 20 /*sizeof fingerprint_raw */
         || ((len = hex2bin (fingerprint,
                             fingerprint_raw, fingerprint_raw_len))
             != strlen (fingerprint)))
@@ -3202,7 +3206,7 @@ show_statistics (tofu_dbs_t dbs,
             *p = ' ';
       }
 
-      log_string (GPGRT_LOG_INFO, msg);
+      log_string (GPGRT_LOGLVL_INFO, msg);
       xfree (msg);
 
       if (policy == TOFU_POLICY_AUTO)
@@ -3267,7 +3271,7 @@ show_warning (const char *fingerprint, strlist_t user_id_list)
     log_fatal ("format failed: %s\n",
                gpg_strerror (gpg_error_from_syserror()));
   xfree (tmpmsg);
-  log_string (GPGRT_LOG_INFO, text);
+  log_string (GPGRT_LOGLVL_INFO, text);
   xfree (text);
 
   es_free (set_policy_command);
@@ -3280,7 +3284,7 @@ show_warning (const char *fingerprint, strlist_t user_id_list)
 static char *
 email_from_user_id (const char *user_id)
 {
-  char *email = mailbox_from_userid (user_id);
+  char *email = mailbox_from_userid (user_id, 0);
   if (! email)
     {
       /* Hmm, no email address was provided or we are out of core.  Just
diff --git a/g10/trust.c b/g10/trust.c
index 9749bd7..bd1c894 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -50,6 +50,17 @@ cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
 
 
 void
+register_trusted_keyid (u32 *keyid)
+{
+#ifdef NO_TRUST_MODELS
+  (void)keyid;
+#else
+  tdb_register_trusted_keyid (keyid);
+#endif
+}
+
+
+void
 register_trusted_key (const char *string)
 {
 #ifdef NO_TRUST_MODELS
@@ -267,11 +278,7 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
   (void)pk;
   (void)new_trust;
 #else
-  u32 keyid[2];
-
-  tdb_update_ownertrust (ctrl, pk, new_trust, 0);
-  keyid_from_pk (pk, keyid);
-  tdb_update_utk (keyid, (new_trust & TRUST_ULTIMATE));
+  tdb_update_ownertrust (ctrl, pk, new_trust);
 #endif
 }
 
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1b6da96..a313a42 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -39,9 +39,49 @@
 #include "tofu.h"
 #include "key-clean.h"
 
-static void write_record (ctrl_t ctrl, TRUSTREC *rec);
-static void do_sync(void);
+static u32
+keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
+{
+  u32 dummy_keyid[2];
+  int fprlen;
+
+  if( !keyid )
+    keyid = dummy_keyid;
+
+  /* Problem: We do only use fingerprints in the trustdb but
+   * we need the keyID here to indetify the key; we can only
+   * use that ugly hack to distinguish between 16 and 20
+   * bytes fpr - it does not work always so we better change
+   * the whole validation code to only work with
+   * fingerprints */
+  fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
+
+  if (fprlen != 20)
+    {
+      /* This is special as we have to lookup the key first.  */
+      PKT_public_key pk;
+      int rc;
 
+      memset (&pk, 0, sizeof pk);
+      rc = get_pubkey_byfprint (ctrl, &pk, NULL, fpr, fprlen);
+      if (rc)
+        {
+          log_printhex (fpr, fprlen,
+                        "Oops: keyid_from_fingerprint: no pubkey; fpr:");
+          keyid[0] = 0;
+          keyid[1] = 0;
+        }
+      else
+        keyid_from_pk (&pk, keyid);
+    }
+  else
+    {
+      keyid[0] = buf32_to_u32 (fpr+12);
+      keyid[1] = buf32_to_u32 (fpr+16);
+    }
+
+  return keyid[1];
+}
 
 typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
 
@@ -192,7 +232,7 @@ release_key_array ( struct key_array *keys )
  * before initializing the validation module.
  * FIXME: Should be replaced by a function to add those keys to the trustdb.
  */
-static void
+void
 tdb_register_trusted_keyid (u32 *keyid)
 {
   struct key_item *k;
@@ -217,15 +257,21 @@ tdb_register_trusted_key (const char *string)
     {
       if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
         {
-          tdb_register_trusted_keyid (desc.u.kid);
+          register_trusted_keyid (desc.u.kid);
           return;
         }
-      if (desc.mode == KEYDB_SEARCH_MODE_FPR
-          || desc.mode == KEYDB_SEARCH_MODE_FPR20)
+      if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 20)
         {
           kid[0] = buf32_to_u32 (desc.u.fpr+12);
           kid[1] = buf32_to_u32 (desc.u.fpr+16);
-          tdb_register_trusted_keyid (kid);
+          register_trusted_keyid (kid);
+          return;
+        }
+      if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 32)
+        {
+          kid[0] = buf32_to_u32 (desc.u.fpr);
+          kid[1] = buf32_to_u32 (desc.u.fpr+4);
+          register_trusted_keyid (kid);
           return;
         }
     }
@@ -257,49 +303,6 @@ add_utk (u32 *kid)
 }
 
 
-/* Add/remove KID to/from the list of ultimately trusted keys.  */
-void
-tdb_update_utk (u32 *kid, int add)
-{
-  struct key_item *k, *k_prev;
-
-  k_prev = NULL;
-  for (k = utk_list; k; k = k->next)
-    if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
-      break;
-    else
-      k_prev = k;
-
-  if (add)
-    {
-      if (!k)
-        {
-          k = new_key_item ();
-          k->kid[0] = kid[0];
-          k->kid[1] = kid[1];
-          k->ownertrust = TRUST_ULTIMATE;
-          k->next = utk_list;
-          utk_list = k;
-          if ( opt.verbose > 1 )
-            log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
-        }
-    }
-  else
-    {
-      if (k)
-        {
-          if (k_prev)
-            k_prev->next = k->next;
-          else
-            utk_list = NULL;
-
-          xfree (k->trust_regexp);
-          xfree (k);
-        }
-    }
-}
-
-
 /****************
  * Verify that all our secret keys are usable and put them into the utk_list.
  */
@@ -309,59 +312,26 @@ verify_own_keys (ctrl_t ctrl)
   TRUSTREC rec;
   ulong recnum;
   int rc;
-  struct key_item *k, *k2;
-  int need_revalidation = 0;
+  struct key_item *k;
 
   if (utk_list)
-    return; /* Has already been run.  */
+    return;
 
   /* scan the trustdb to find all ultimately trusted keys */
   for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
-      if ( rec.rectype == RECTYPE_TRUST
-           && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
+      if (rec.rectype == RECTYPE_TRUST
+          && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
         {
-          byte *fpr = rec.r.trust.fingerprint;
-          int fprlen;
           u32 kid[2];
 
-          /* Problem: We do only use fingerprints in the trustdb but
-           * we need the keyID here to indetify the key; we can only
-           * use that ugly hack to distinguish between 16 and 20 bytes
-           * fpr - it does not work always so we better change the
-           * whole validation code to only work with fingerprints */
-          fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
-          keyid_from_fingerprint (ctrl, fpr, fprlen, kid);
+          keyid_from_fpr20 (ctrl, rec.r.trust.fingerprint, kid);
           if (!add_utk (kid))
-            log_info(_("key %s occurs more than once in the trustdb\n"),
-                     keystr(kid));
-          else if ((rec.r.trust.flags & 1))
-            {
-              /* Record marked as inserted via --trusted-key.  Is this
-               * still the case?  */
-              for (k2 = user_utk_list; k2; k2 = k2->next)
-                if (k2->kid[0] == kid[0] && k2->kid[1] == kid[1])
-                  break;
-              if (!k2) /* No - clear the flag.  */
-                {
-                  if (DBG_TRUST)
-                    log_debug ("clearing former --trusted-key %s\n",
-                               keystr (kid));
-                  rec.r.trust.ownertrust = TRUST_UNKNOWN;
-                  rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
-                  write_record (ctrl, &rec);
-                  need_revalidation = 1;
-                }
-            }
+            log_info (_("key %s occurs more than once in the trustdb\n"),
+                      keystr(kid));
         }
     }
 
-  if (need_revalidation)
-    {
-      tdb_revalidation_mark (ctrl);
-      do_sync ();
-    }
-
   /* Put any --trusted-key keys into the trustdb */
   for (k = user_utk_list; k; k = k->next)
     {
@@ -370,7 +340,7 @@ verify_own_keys (ctrl_t ctrl)
           PKT_public_key pk;
 
           memset (&pk, 0, sizeof pk);
-          rc = get_pubkey_with_ldap_fallback (ctrl, &pk, k->kid);
+          rc = get_pubkey (ctrl, &pk, k->kid);
           if (rc)
 	    log_info(_("key %s: no public key for trusted key - skipped\n"),
 		     keystr(k->kid));
@@ -378,7 +348,7 @@ verify_own_keys (ctrl_t ctrl)
 	    {
 	      tdb_update_ownertrust
                 (ctrl, &pk, ((tdb_get_ownertrust (ctrl, &pk, 0) & ~TRUST_MASK)
-                             | TRUST_ULTIMATE ),  1);
+                             | TRUST_ULTIMATE ));
 	      release_public_key_parts (&pk);
 	    }
 
@@ -819,8 +789,7 @@ tdb_get_min_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
  * The key should be a primary one.
  */
 void
-tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust,
-                       int as_trusted_key)
+tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust )
 {
   TRUSTREC rec;
   gpg_error_t err;
@@ -832,24 +801,11 @@ tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust,
   if (!err)
     {
       if (DBG_TRUST)
-        log_debug ("update ownertrust from %u to %u%s\n",
-                   (unsigned int)rec.r.trust.ownertrust, new_trust,
-                   as_trusted_key? " via --trusted-key":"");
+        log_debug ("update ownertrust from %u to %u\n",
+                   (unsigned int)rec.r.trust.ownertrust, new_trust );
       if (rec.r.trust.ownertrust != new_trust)
         {
           rec.r.trust.ownertrust = new_trust;
-          /* Clear or set the trusted key flag if the new value is
-           * ultimate.  This is required so that we know which keys
-           * have been added by --trusted-keys.  */
-          if ((rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
-            {
-              if (as_trusted_key)
-                rec.r.trust.flags |= 1;
-              else
-                rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
-            }
-          else
-            rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
           write_record (ctrl, &rec);
           tdb_revalidation_mark (ctrl);
           do_sync ();
@@ -857,20 +813,14 @@ tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust,
     }
   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     { /* no record yet - create a new one */
-      size_t dummy;
-
       if (DBG_TRUST)
-        log_debug ("insert ownertrust %u%s\n", new_trust,
-                   as_trusted_key? " via --trusted-key":"");
+        log_debug ("insert ownertrust %u\n", new_trust );
 
       memset (&rec, 0, sizeof rec);
       rec.recnum = tdbio_new_recnum (ctrl);
       rec.rectype = RECTYPE_TRUST;
-      fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
+      fpr20_from_pk (pk, rec.r.trust.fingerprint);
       rec.r.trust.ownertrust = new_trust;
-      if ((rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE
-          && as_trusted_key)
-        rec.r.trust.flags = 1;
       write_record (ctrl, &rec);
       tdb_revalidation_mark (ctrl);
       do_sync ();
@@ -919,15 +869,13 @@ update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
     }
   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     { /* no record yet - create a new one */
-      size_t dummy;
-
       if (DBG_TRUST)
         log_debug ("insert min_ownertrust %u\n", new_trust );
 
       memset (&rec, 0, sizeof rec);
       rec.recnum = tdbio_new_recnum (ctrl);
       rec.rectype = RECTYPE_TRUST;
-      fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
+      fpr20_from_pk (pk, rec.r.trust.fingerprint);
       rec.r.trust.min_ownertrust = new_trust;
       write_record (ctrl, &rec);
       tdb_revalidation_mark (ctrl);
@@ -1007,12 +955,10 @@ update_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
   if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     {
       /* No record yet - create a new one. */
-      size_t dummy;
-
       memset (&trec, 0, sizeof trec);
       trec.recnum = tdbio_new_recnum (ctrl);
       trec.rectype = RECTYPE_TRUST;
-      fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
+      fpr20_from_pk (pk, trec.r.trust.fingerprint);
       trec.r.trust.ownertrust = 0;
       }
 
@@ -1230,7 +1176,7 @@ tdb_get_validity_core (ctrl_t ctrl,
           if (sig && sig->signers_uid)
             /* Make sure the UID matches.  */
             {
-              char *email = mailbox_from_userid (user_id->name);
+              char *email = mailbox_from_userid (user_id->name, 0);
               if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
                 {
                   if (DBG_TRUST)
@@ -1491,7 +1437,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
     {
       log_info("force trust for key %s to %s\n",
 	       keystr(kid),trust_value_to_string(opt.force_ownertrust));
-      tdb_update_ownertrust (ctrl, pk, opt.force_ownertrust, 0);
+      tdb_update_ownertrust (ctrl, pk, opt.force_ownertrust);
       ot=opt.force_ownertrust;
     }
   else
@@ -1888,7 +1834,7 @@ search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
 
 /*
  * Scan all keys and return a key_array of all suitable keys from
- * kllist.  The caller has to pass keydb handle so that we don't use
+ * klist.  The caller has to pass keydb handle so that we don't use
  * to create our own.  Returns either a key_array or NULL in case of
  * an error.  No results found are indicated by an empty array.
  * Caller hast to release the returned array.
@@ -2100,7 +2046,7 @@ validate_keys (ctrl_t ctrl, int interactive)
      trust. */
   keydb_rebuild_caches (ctrl, 0);
 
-  kdb = keydb_new ();
+  kdb = keydb_new (ctrl);
   if (!kdb)
     return gpg_error_from_syserror ();
 
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 595f8b2..d52fc53 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -75,13 +75,13 @@ const char *get_validity_string (ctrl_t ctrl,
 
 
 /*-- trustdb.c --*/
+void tdb_register_trusted_keyid (u32 *keyid);
 void tdb_register_trusted_key (const char *string);
 /* Returns whether KID is on the list of ultimately trusted keys.  */
 int tdb_keyid_is_utk (u32 *kid);
 /* Return the list of ultimately trusted keys.  The caller must not
  * modify this list nor must it free the list.  */
 struct key_item *tdb_utks (void);
-void tdb_update_utk (u32 *kid, int add);
 void check_trustdb (ctrl_t ctrl);
 void update_trustdb (ctrl_t ctrl);
 int setup_trustdb( int level, const char *dbname );
@@ -121,7 +121,7 @@ const char *get_ownertrust_string (ctrl_t ctrl,
                                    PKT_public_key *pk, int no_create);
 
 void tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk,
-                            unsigned int new_trust, int as_trusted_key);
+                            unsigned int new_trust);
 int tdb_clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk);
 
 /*-- tdbdump.c --*/
diff --git a/g10/verify.c b/g10/verify.c
index a0f9d42..fc18882 100644
--- a/g10/verify.c
+++ b/g10/verify.c
@@ -69,7 +69,7 @@ verify_signatures (ctrl_t ctrl, int nfiles, char **files )
      * we can do it is by reading one byte from stdin and then unget
      * it; the problem here is that we may be reading from the
      * terminal (which could be detected using isatty() but won't work
-     * when under contol of a pty using program (e.g. expect)) and
+     * when under control of a pty using program (e.g. expect)) and
      * might get us in trouble when stdin is used for another purpose
      * (--passphrase-fd 0).  So we have to break with the behaviour
      * prior to gpg 1.0.4 by assuming that case 3 is a normal
diff --git a/g13/Makefile.in b/g13/Makefile.in
index 7a0a3aa..7f4008b 100644
--- a/g13/Makefile.in
+++ b/g13/Makefile.in
@@ -142,24 +142,24 @@ noinst_PROGRAMS = $(am__EXEEXT_1)
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 subdir = g13
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -325,9 +325,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -336,6 +338,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -363,9 +366,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -402,13 +406,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -477,7 +484,8 @@ EXTRA_DIST = ChangeLog-2011 all-tests.scm
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c
index b160ba3..a69573b 100644
--- a/g13/call-syshelp.c
+++ b/g13/call-syshelp.c
@@ -174,7 +174,7 @@ call_syshelp_release (ctrl_t ctrl)
 
 
 
-/* Staus callback for call_syshelp_find_device.  */
+/* Status callback for call_syshelp_find_device.  */
 static gpg_error_t
 finddevice_status_cb (void *opaque, const char *line)
 {
diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c
index 65d5c25..4bfd927 100644
--- a/g13/g13-syshelp.c
+++ b/g13/g13-syshelp.c
@@ -19,6 +19,7 @@
  */
 
 #include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -90,7 +91,7 @@ enum cmd_and_opt_values {
  };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
 
@@ -220,9 +221,9 @@ set_debug (void)
 
 
 int
-main ( int argc, char **argv)
+main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   gpg_error_t err = 0;
@@ -243,7 +244,7 @@ main ( int argc, char **argv)
 
   early_system_init ();
   gnupg_reopen_std (G13_NAME "-syshelp");
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
 
   log_set_prefix (G13_NAME "-syshelp", GPGRT_LOG_WITH_PREFIX);
@@ -272,7 +273,7 @@ main ( int argc, char **argv)
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -290,8 +291,8 @@ main ( int argc, char **argv)
   maybe_setuid = 0;
 
   /*
-   * Now we are now working under our real uid
-   */
+     Now we are now working under our real uid
+  */
 
   /* Setup malloc hooks. */
   {
@@ -315,8 +316,8 @@ main ( int argc, char **argv)
   ctrl.status_fd = -1; /* No status output. */
 
   /* The configuraton directories for use by gpgrt_argparser.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   argc        = orig_argc;
   argv        = orig_argv;
@@ -328,7 +329,7 @@ main ( int argc, char **argv)
                    | ARGPARSE_FLAG_USER);
 
   while (!no_more_options
-         && gnupg_argparser (&pargs, opts, G13_NAME"-syshelp" EXTSEP_S "conf"))
+         && gpgrt_argparser (&pargs, opts, G13_NAME"-syshelp" EXTSEP_S "conf"))
     {
       switch (pargs.r_opt)
         {
@@ -404,17 +405,18 @@ main ( int argc, char **argv)
           break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);
+
 
   if (!last_configname)
-    opt.config_filename = make_filename (gnupg_homedir (),
-                                         G13_NAME"-syshelp" EXTSEP_S "conf",
-                                         NULL);
+    opt.config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                             G13_NAME"-syshelp" EXTSEP_S "conf",
+                                             NULL);
   else
     {
       opt.config_filename = last_configname;
       last_configname = NULL;
-     }
+    }
 
   if (log_get_errorcount(0))
     g13_exit(2);
diff --git a/g13/g13.c b/g13/g13.c
index 6500916..2bbb453 100644
--- a/g13/g13.c
+++ b/g13/g13.c
@@ -19,6 +19,7 @@
  */
 
 #include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -108,7 +109,7 @@ enum cmd_and_opt_values {
  };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_group (300, N_("@Commands:\n ")),
 
@@ -338,9 +339,9 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
 
 
 int
-main ( int argc, char **argv)
+main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   gpg_error_t err = 0;
@@ -361,9 +362,11 @@ main ( int argc, char **argv)
   struct server_control_s ctrl;
   strlist_t recipients = NULL;
 
+  /*mtrace();*/
+
   early_system_init ();
   gnupg_reopen_std (G13_NAME);
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
 
   log_set_prefix (G13_NAME, GPGRT_LOG_WITH_PREFIX);
@@ -393,9 +396,8 @@ main ( int argc, char **argv)
   orig_argv = argv;
   pargs.argc = &argc;
   pargs.argv = &argv;
-  pargs.flags= 1|(1<<6);  /* Do not remove the args, ignore version.  */
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -417,7 +419,7 @@ main ( int argc, char **argv)
   maybe_setuid = 0;
 
   /*
-   * Now we are now working under our real uid
+   *  Now we are now working under our real uid
    */
 
   /* Setup malloc hooks. */
@@ -442,9 +444,11 @@ main ( int argc, char **argv)
   ctrl.status_fd = -1; /* No status output. */
 
   /* The configuraton directories for use by gpgrt_argparser.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
+  /* We are re-using the struct, thus the reset flag.  We OR the
+   * flags so that the internal intialized flag won't be cleared. */
   argc        = orig_argc;
   argv        = orig_argv;
   pargs.argc  = &argc;
@@ -453,8 +457,9 @@ main ( int argc, char **argv)
                    | ARGPARSE_FLAG_KEEP
                    | ARGPARSE_FLAG_SYS
                    | ARGPARSE_FLAG_USER);
+
   while (!no_more_options
-         && gnupg_argparser (&pargs, opts, G13_NAME EXTSEP_S "conf"))
+         && gpgrt_argparser (&pargs, opts, G13_NAME EXTSEP_S "conf"))
     {
       switch (pargs.r_opt)
         {
@@ -581,7 +586,8 @@ main ( int argc, char **argv)
           break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   /* Construct GPG arguments.  */
   {
@@ -594,9 +600,9 @@ main ( int argc, char **argv)
   }
 
   if (!last_configname)
-    opt.config_filename = make_filename (gnupg_homedir (),
-                                         G13_NAME EXTSEP_S "conf",
-                                         NULL);
+    opt.config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                             G13_NAME EXTSEP_S "conf",
+                                             NULL);
   else
     {
       opt.config_filename = last_configname;
@@ -618,8 +624,8 @@ main ( int argc, char **argv)
   if (greeting)
     {
       fprintf (stderr, "%s %s; %s\n",
-               strusage(11), strusage(13), strusage(14) );
-      fprintf (stderr, "%s\n", strusage(15) );
+               gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14) );
+      fprintf (stderr, "%s\n", gpgrt_strusage(15));
     }
 
   if (may_coredump && !opt.quiet)
@@ -641,7 +647,7 @@ main ( int argc, char **argv)
       log_set_file (logfile);
       log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
                              | GPGRT_LOG_WITH_TIME
-                             | GPGRT_LOG_WITH_PID ));
+                             | GPGRT_LOG_WITH_PID));
     }
 
   if (gnupg_faked_time_p ())
@@ -885,14 +891,14 @@ handle_signal (int signo)
       if (shutdown_pending > 2)
         {
           log_info ("shutdown forced\n");
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13) );
           g13_exit (0);
 	}
       break;
 
     case SIGINT:
       log_info ("SIGINT received - immediate shutdown\n");
-      log_info( "%s %s stopped\n", strusage(11), strusage(13));
+      log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
       g13_exit (0);
       break;
 #endif /*!HAVE_W32_SYSTEM*/
@@ -990,7 +996,7 @@ idle_task (void *dummy_arg)
       /* Here one would add processing of file descriptors.  */
     }
 
-  log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
+  log_info (_("%s %s stopped\n"), gpgrt_strusage(11), gpgrt_strusage(13));
   return NULL;
 }
 
diff --git a/g13/g13tuple.c b/g13/g13tuple.c
index 6693826..746c790 100644
--- a/g13/g13tuple.c
+++ b/g13/g13tuple.c
@@ -144,7 +144,7 @@ ref_tupledesc (tupledesc_t tupledesc)
 
 
 /* Return a pointer to the memory used to store the tuples.  This is
- * the data originally provided to create_tupledesc.  It is higly
+ * the data originally provided to create_tupledesc.  It is highly
  * recommended that the callers uses ref_tupledesc before calling this
  * function and unref_tupledesc when the return data will not anymore
  * be used.  */
diff --git a/g13/mountinfo.c b/g13/mountinfo.c
index ed898b8..50cc153 100644
--- a/g13/mountinfo.c
+++ b/g13/mountinfo.c
@@ -117,7 +117,7 @@ mountinfo_del_mount (const char *container, const char *mountpoint,
   size_t idx;
   mtab_t m;
 
-  /* If a container or mountpint is givem search the RID via the
+  /* If a container or mountpint is given search the RID via the
      standard find function.  */
   if (container || mountpoint)
     {
diff --git a/g13/runner.c b/g13/runner.c
index 138269d..b08d990 100644
--- a/g13/runner.c
+++ b/g13/runner.c
@@ -278,7 +278,7 @@ runner_set_pid (runner_t runner, pid_t pid)
 }
 
 
-/* Register the engine handler fucntions HANDLER and HANDLER_CLEANUP
+/* Register the engine handler functions HANDLER and HANDLER_CLEANUP
    and its private HANDLER_DATA with RUNNER.  */
 void
 runner_set_handler (runner_t runner,
diff --git a/g13/server.c b/g13/server.c
index 7802952..341a6b2 100644
--- a/g13/server.c
+++ b/g13/server.c
@@ -422,7 +422,7 @@ static const char hlp_create[] =
   "CREATE [options] <filename>\n"
   "\n"
   "Create a new container.  On success the OPEN command is \n"
-  "implictly done for the new container.";
+  "implicitly done for the new container.";
 static gpg_error_t
 cmd_create (assuan_context_t ctx, char *line)
 {
diff --git a/kbx/Makefile.am b/kbx/Makefile.am
index 7b0a8a8..fe72860 100644
--- a/kbx/Makefile.am
+++ b/kbx/Makefile.am
@@ -18,16 +18,24 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = mkerrors
+EXTRA_DIST = mkerrors keyboxd-w32info.rc
 
 AM_CPPFLAGS =
 
 include $(top_srcdir)/am/cmacros.am
+if HAVE_W32_SYSTEM
+resource_objs += keyboxd-w32info.o
+endif
 
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
 
-noinst_LIBRARIES = libkeybox.a libkeybox509.a
 bin_PROGRAMS = kbxutil
+noinst_LIBRARIES = libkeybox.a libkeybox509.a
+if BUILD_KEYBOXD
+libexec_PROGRAMS = keyboxd
+else
+libexec_PROGRAMS =
+endif
 
 if HAVE_W32CE_SYSTEM
 extra_libs =  $(LIBASSUAN_LIBS)
@@ -35,6 +43,9 @@ else
 extra_libs =
 endif
 
+common_libs = $(libcommon)
+commonpth_libs = $(libcommonpth)
+
 common_sources = \
 	keybox.h keybox-defs.h keybox-search-desc.h \
 	keybox-util.c \
@@ -46,22 +57,51 @@ common_sources = \
 	keybox-openpgp.c \
 	keybox-dump.c
 
+client_sources = \
+        kbx-client-util.h \
+        kbx-client-util.c
 
-libkeybox_a_SOURCES = $(common_sources)
-libkeybox509_a_SOURCES = $(common_sources)
 
-libkeybox_a_CFLAGS    = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-libkeybox509_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
-                          -DKEYBOX_WITH_X509=1
+libkeybox_a_SOURCES = $(common_sources) $(client_sources)
+libkeybox509_a_SOURCES = $(common_sources) $(client_sources)
+
+libkeybox_a_CFLAGS = $(AM_CFLAGS)
+libkeybox509_a_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1
+
 
 # We need W32SOCKLIBS because the init subsystem code in libcommon
 # requires it - although we don't actually need it.  It is easier
 # to do it this way.
 kbxutil_SOURCES = kbxutil.c $(common_sources)
 kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1
-kbxutil_LDADD   = ../common/libcommon.a \
+kbxutil_LDADD   = $(common_libs) \
                   $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \
                   $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) \
 		  $(NETLIBS)
 
-$(PROGRAMS) : ../common/libcommon.a
+
+keyboxd_SOURCES = \
+	keyboxd.c keyboxd.h   \
+	kbxserver.c           \
+	frontend.c frontend.h \
+	backend.h backend-support.c \
+	backend-cache.c \
+	backend-kbx.c \
+	backend-sqlite.c \
+	$(common_sources)
+
+keyboxd_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 \
+                 $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(SQLITE3_CFLAGS) \
+                 $(INCICONV)
+keyboxd_LDADD = $(commonpth_libs) \
+                $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
+	        $(SQLITE3_LIBS) $(GPG_ERROR_LIBS) \
+                $(LIBINTL) $(NETLIBS) $(LIBICONV) \
+		$(resource_objs)
+keyboxd_LDFLAGS = $(extra_bin_ldflags)
+keyboxd_DEPENDENCIES = $(resource_objs)
+
+
+# Make sure that all libs are build before we use them.  This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(commonpth_libs)
diff --git a/kbx/Makefile.in b/kbx/Makefile.in
index c3a58cb..bb38d49 100644
--- a/kbx/Makefile.in
+++ b/kbx/Makefile.in
@@ -139,25 +139,27 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_9 = keyboxd-w32info.o
 bin_PROGRAMS = kbxutil$(EXEEXT)
+@BUILD_KEYBOXD_TRUE@libexec_PROGRAMS = keyboxd$(EXEEXT)
 subdir = kbx
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -166,8 +168,8 @@ mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)"
-PROGRAMS = $(bin_PROGRAMS)
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
 LIBRARIES = $(noinst_LIBRARIES)
 ARFLAGS = cru
 AM_V_AR = $(am__v_AR_@AM_V@)
@@ -184,11 +186,12 @@ am__objects_1 = libkeybox_a-keybox-util.$(OBJEXT) \
 	libkeybox_a-keybox-update.$(OBJEXT) \
 	libkeybox_a-keybox-openpgp.$(OBJEXT) \
 	libkeybox_a-keybox-dump.$(OBJEXT)
-am_libkeybox_a_OBJECTS = $(am__objects_1)
+am__objects_2 = libkeybox_a-kbx-client-util.$(OBJEXT)
+am_libkeybox_a_OBJECTS = $(am__objects_1) $(am__objects_2)
 libkeybox_a_OBJECTS = $(am_libkeybox_a_OBJECTS)
 libkeybox509_a_AR = $(AR) $(ARFLAGS)
 libkeybox509_a_LIBADD =
-am__objects_2 = libkeybox509_a-keybox-util.$(OBJEXT) \
+am__objects_3 = libkeybox509_a-keybox-util.$(OBJEXT) \
 	libkeybox509_a-keybox-init.$(OBJEXT) \
 	libkeybox509_a-keybox-blob.$(OBJEXT) \
 	libkeybox509_a-keybox-file.$(OBJEXT) \
@@ -196,24 +199,38 @@ am__objects_2 = libkeybox509_a-keybox-util.$(OBJEXT) \
 	libkeybox509_a-keybox-update.$(OBJEXT) \
 	libkeybox509_a-keybox-openpgp.$(OBJEXT) \
 	libkeybox509_a-keybox-dump.$(OBJEXT)
-am_libkeybox509_a_OBJECTS = $(am__objects_2)
+am__objects_4 = libkeybox509_a-kbx-client-util.$(OBJEXT)
+am_libkeybox509_a_OBJECTS = $(am__objects_3) $(am__objects_4)
 libkeybox509_a_OBJECTS = $(am_libkeybox509_a_OBJECTS)
-am__objects_3 = kbxutil-keybox-util.$(OBJEXT) \
+am__objects_5 = kbxutil-keybox-util.$(OBJEXT) \
 	kbxutil-keybox-init.$(OBJEXT) kbxutil-keybox-blob.$(OBJEXT) \
 	kbxutil-keybox-file.$(OBJEXT) kbxutil-keybox-search.$(OBJEXT) \
 	kbxutil-keybox-update.$(OBJEXT) \
 	kbxutil-keybox-openpgp.$(OBJEXT) kbxutil-keybox-dump.$(OBJEXT)
-am_kbxutil_OBJECTS = kbxutil-kbxutil.$(OBJEXT) $(am__objects_3)
+am_kbxutil_OBJECTS = kbxutil-kbxutil.$(OBJEXT) $(am__objects_5)
 kbxutil_OBJECTS = $(am_kbxutil_OBJECTS)
 am__DEPENDENCIES_1 =
 @HAVE_W32CE_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
-kbxutil_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \
+kbxutil_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1)
 kbxutil_LINK = $(CCLD) $(kbxutil_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
+am__objects_6 = keyboxd-keybox-util.$(OBJEXT) \
+	keyboxd-keybox-init.$(OBJEXT) keyboxd-keybox-blob.$(OBJEXT) \
+	keyboxd-keybox-file.$(OBJEXT) keyboxd-keybox-search.$(OBJEXT) \
+	keyboxd-keybox-update.$(OBJEXT) \
+	keyboxd-keybox-openpgp.$(OBJEXT) keyboxd-keybox-dump.$(OBJEXT)
+am_keyboxd_OBJECTS = keyboxd-keyboxd.$(OBJEXT) \
+	keyboxd-kbxserver.$(OBJEXT) keyboxd-frontend.$(OBJEXT) \
+	keyboxd-backend-support.$(OBJEXT) \
+	keyboxd-backend-cache.$(OBJEXT) keyboxd-backend-kbx.$(OBJEXT) \
+	keyboxd-backend-sqlite.$(OBJEXT) $(am__objects_6)
+keyboxd_OBJECTS = $(am_keyboxd_OBJECTS)
+keyboxd_LINK = $(CCLD) $(keyboxd_CFLAGS) $(CFLAGS) $(keyboxd_LDFLAGS) \
+	$(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -238,6 +255,22 @@ am__depfiles_remade = ./$(DEPDIR)/kbxutil-kbxutil.Po \
 	./$(DEPDIR)/kbxutil-keybox-search.Po \
 	./$(DEPDIR)/kbxutil-keybox-update.Po \
 	./$(DEPDIR)/kbxutil-keybox-util.Po \
+	./$(DEPDIR)/keyboxd-backend-cache.Po \
+	./$(DEPDIR)/keyboxd-backend-kbx.Po \
+	./$(DEPDIR)/keyboxd-backend-sqlite.Po \
+	./$(DEPDIR)/keyboxd-backend-support.Po \
+	./$(DEPDIR)/keyboxd-frontend.Po \
+	./$(DEPDIR)/keyboxd-kbxserver.Po \
+	./$(DEPDIR)/keyboxd-keybox-blob.Po \
+	./$(DEPDIR)/keyboxd-keybox-dump.Po \
+	./$(DEPDIR)/keyboxd-keybox-file.Po \
+	./$(DEPDIR)/keyboxd-keybox-init.Po \
+	./$(DEPDIR)/keyboxd-keybox-openpgp.Po \
+	./$(DEPDIR)/keyboxd-keybox-search.Po \
+	./$(DEPDIR)/keyboxd-keybox-update.Po \
+	./$(DEPDIR)/keyboxd-keybox-util.Po \
+	./$(DEPDIR)/keyboxd-keyboxd.Po \
+	./$(DEPDIR)/libkeybox509_a-kbx-client-util.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-blob.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-dump.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-file.Po \
@@ -246,6 +279,7 @@ am__depfiles_remade = ./$(DEPDIR)/kbxutil-kbxutil.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-search.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-update.Po \
 	./$(DEPDIR)/libkeybox509_a-keybox-util.Po \
+	./$(DEPDIR)/libkeybox_a-kbx-client-util.Po \
 	./$(DEPDIR)/libkeybox_a-keybox-blob.Po \
 	./$(DEPDIR)/libkeybox_a-keybox-dump.Po \
 	./$(DEPDIR)/libkeybox_a-keybox-file.Po \
@@ -272,9 +306,9 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(libkeybox_a_SOURCES) $(libkeybox509_a_SOURCES) \
-	$(kbxutil_SOURCES)
+	$(kbxutil_SOURCES) $(keyboxd_SOURCES)
 DIST_SOURCES = $(libkeybox_a_SOURCES) $(libkeybox509_a_SOURCES) \
-	$(kbxutil_SOURCES)
+	$(kbxutil_SOURCES) $(keyboxd_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -342,9 +376,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -353,6 +389,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -380,9 +417,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -419,13 +457,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -488,13 +529,14 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = mkerrors
+EXTRA_DIST = mkerrors keyboxd-w32info.rc
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -505,7 +547,7 @@ AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_9)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
@@ -516,6 +558,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
 noinst_LIBRARIES = libkeybox.a libkeybox509.a
 @HAVE_W32CE_SYSTEM_FALSE@extra_libs = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_libs = $(LIBASSUAN_LIBS)
+common_libs = $(libcommon)
+commonpth_libs = $(libcommonpth)
 common_sources = \
 	keybox.h keybox-defs.h keybox-search-desc.h \
 	keybox-util.c \
@@ -527,23 +571,47 @@ common_sources = \
 	keybox-openpgp.c \
 	keybox-dump.c
 
-libkeybox_a_SOURCES = $(common_sources)
-libkeybox509_a_SOURCES = $(common_sources)
-libkeybox_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-libkeybox509_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
-                          -DKEYBOX_WITH_X509=1
+client_sources = \
+        kbx-client-util.h \
+        kbx-client-util.c
 
+libkeybox_a_SOURCES = $(common_sources) $(client_sources)
+libkeybox509_a_SOURCES = $(common_sources) $(client_sources)
+libkeybox_a_CFLAGS = $(AM_CFLAGS)
+libkeybox509_a_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1
 
 # We need W32SOCKLIBS because the init subsystem code in libcommon
 # requires it - although we don't actually need it.  It is easier
 # to do it this way.
 kbxutil_SOURCES = kbxutil.c $(common_sources)
 kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1
-kbxutil_LDADD = ../common/libcommon.a \
+kbxutil_LDADD = $(common_libs) \
                   $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \
                   $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) \
 		  $(NETLIBS)
 
+keyboxd_SOURCES = \
+	keyboxd.c keyboxd.h   \
+	kbxserver.c           \
+	frontend.c frontend.h \
+	backend.h backend-support.c \
+	backend-cache.c \
+	backend-kbx.c \
+	backend-sqlite.c \
+	$(common_sources)
+
+keyboxd_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 \
+                 $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(SQLITE3_CFLAGS) \
+                 $(INCICONV)
+
+keyboxd_LDADD = $(commonpth_libs) \
+                $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
+	        $(SQLITE3_LIBS) $(GPG_ERROR_LIBS) \
+                $(LIBINTL) $(NETLIBS) $(LIBICONV) \
+		$(resource_objs)
+
+keyboxd_LDFLAGS = $(extra_bin_ldflags)
+keyboxd_DEPENDENCIES = $(resource_objs)
 all: all-am
 
 .SUFFIXES:
@@ -620,6 +688,48 @@ uninstall-binPROGRAMS:
 
 clean-binPROGRAMS:
 	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(libexecdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(libexecdir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
 
 clean-noinstLIBRARIES:
 	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
@@ -638,6 +748,10 @@ kbxutil$(EXEEXT): $(kbxutil_OBJECTS) $(kbxutil_DEPENDENCIES) $(EXTRA_kbxutil_DEP
 	@rm -f kbxutil$(EXEEXT)
 	$(AM_V_CCLD)$(kbxutil_LINK) $(kbxutil_OBJECTS) $(kbxutil_LDADD) $(LIBS)
 
+keyboxd$(EXEEXT): $(keyboxd_OBJECTS) $(keyboxd_DEPENDENCIES) $(EXTRA_keyboxd_DEPENDENCIES) 
+	@rm -f keyboxd$(EXEEXT)
+	$(AM_V_CCLD)$(keyboxd_LINK) $(keyboxd_OBJECTS) $(keyboxd_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
@@ -653,6 +767,22 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbxutil-keybox-search.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbxutil-keybox-update.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbxutil-keybox-util.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-backend-cache.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-backend-kbx.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-backend-sqlite.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-backend-support.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-frontend.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-kbxserver.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-blob.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-dump.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-file.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-init.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-openpgp.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-search.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-update.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keybox-util.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyboxd-keyboxd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-kbx-client-util.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-blob.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-dump.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-file.Po@am__quote@ # am--include-marker
@@ -661,6 +791,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-search.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-update.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox509_a-keybox-util.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox_a-kbx-client-util.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox_a-keybox-blob.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox_a-keybox-dump.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkeybox_a-keybox-file.Po@am__quote@ # am--include-marker
@@ -802,6 +933,20 @@ libkeybox_a-keybox-dump.obj: keybox-dump.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox_a_CFLAGS) $(CFLAGS) -c -o libkeybox_a-keybox-dump.obj `if test -f 'keybox-dump.c'; then $(CYGPATH_W) 'keybox-dump.c'; else $(CYGPATH_W) '$(srcdir)/keybox-dump.c'; fi`
 
+libkeybox_a-kbx-client-util.o: kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox_a_CFLAGS) $(CFLAGS) -MT libkeybox_a-kbx-client-util.o -MD -MP -MF $(DEPDIR)/libkeybox_a-kbx-client-util.Tpo -c -o libkeybox_a-kbx-client-util.o `test -f 'kbx-client-util.c' || echo '$(srcdir)/'`kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libkeybox_a-kbx-client-util.Tpo $(DEPDIR)/libkeybox_a-kbx-client-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbx-client-util.c' object='libkeybox_a-kbx-client-util.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox_a_CFLAGS) $(CFLAGS) -c -o libkeybox_a-kbx-client-util.o `test -f 'kbx-client-util.c' || echo '$(srcdir)/'`kbx-client-util.c
+
+libkeybox_a-kbx-client-util.obj: kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox_a_CFLAGS) $(CFLAGS) -MT libkeybox_a-kbx-client-util.obj -MD -MP -MF $(DEPDIR)/libkeybox_a-kbx-client-util.Tpo -c -o libkeybox_a-kbx-client-util.obj `if test -f 'kbx-client-util.c'; then $(CYGPATH_W) 'kbx-client-util.c'; else $(CYGPATH_W) '$(srcdir)/kbx-client-util.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libkeybox_a-kbx-client-util.Tpo $(DEPDIR)/libkeybox_a-kbx-client-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbx-client-util.c' object='libkeybox_a-kbx-client-util.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox_a_CFLAGS) $(CFLAGS) -c -o libkeybox_a-kbx-client-util.obj `if test -f 'kbx-client-util.c'; then $(CYGPATH_W) 'kbx-client-util.c'; else $(CYGPATH_W) '$(srcdir)/kbx-client-util.c'; fi`
+
 libkeybox509_a-keybox-util.o: keybox-util.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -MT libkeybox509_a-keybox-util.o -MD -MP -MF $(DEPDIR)/libkeybox509_a-keybox-util.Tpo -c -o libkeybox509_a-keybox-util.o `test -f 'keybox-util.c' || echo '$(srcdir)/'`keybox-util.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libkeybox509_a-keybox-util.Tpo $(DEPDIR)/libkeybox509_a-keybox-util.Po
@@ -914,6 +1059,20 @@ libkeybox509_a-keybox-dump.obj: keybox-dump.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -c -o libkeybox509_a-keybox-dump.obj `if test -f 'keybox-dump.c'; then $(CYGPATH_W) 'keybox-dump.c'; else $(CYGPATH_W) '$(srcdir)/keybox-dump.c'; fi`
 
+libkeybox509_a-kbx-client-util.o: kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -MT libkeybox509_a-kbx-client-util.o -MD -MP -MF $(DEPDIR)/libkeybox509_a-kbx-client-util.Tpo -c -o libkeybox509_a-kbx-client-util.o `test -f 'kbx-client-util.c' || echo '$(srcdir)/'`kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libkeybox509_a-kbx-client-util.Tpo $(DEPDIR)/libkeybox509_a-kbx-client-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbx-client-util.c' object='libkeybox509_a-kbx-client-util.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -c -o libkeybox509_a-kbx-client-util.o `test -f 'kbx-client-util.c' || echo '$(srcdir)/'`kbx-client-util.c
+
+libkeybox509_a-kbx-client-util.obj: kbx-client-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -MT libkeybox509_a-kbx-client-util.obj -MD -MP -MF $(DEPDIR)/libkeybox509_a-kbx-client-util.Tpo -c -o libkeybox509_a-kbx-client-util.obj `if test -f 'kbx-client-util.c'; then $(CYGPATH_W) 'kbx-client-util.c'; else $(CYGPATH_W) '$(srcdir)/kbx-client-util.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libkeybox509_a-kbx-client-util.Tpo $(DEPDIR)/libkeybox509_a-kbx-client-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbx-client-util.c' object='libkeybox509_a-kbx-client-util.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libkeybox509_a_CFLAGS) $(CFLAGS) -c -o libkeybox509_a-kbx-client-util.obj `if test -f 'kbx-client-util.c'; then $(CYGPATH_W) 'kbx-client-util.c'; else $(CYGPATH_W) '$(srcdir)/kbx-client-util.c'; fi`
+
 kbxutil-kbxutil.o: kbxutil.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kbxutil_CFLAGS) $(CFLAGS) -MT kbxutil-kbxutil.o -MD -MP -MF $(DEPDIR)/kbxutil-kbxutil.Tpo -c -o kbxutil-kbxutil.o `test -f 'kbxutil.c' || echo '$(srcdir)/'`kbxutil.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/kbxutil-kbxutil.Tpo $(DEPDIR)/kbxutil-kbxutil.Po
@@ -1040,6 +1199,216 @@ kbxutil-keybox-dump.obj: keybox-dump.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kbxutil_CFLAGS) $(CFLAGS) -c -o kbxutil-keybox-dump.obj `if test -f 'keybox-dump.c'; then $(CYGPATH_W) 'keybox-dump.c'; else $(CYGPATH_W) '$(srcdir)/keybox-dump.c'; fi`
 
+keyboxd-keyboxd.o: keyboxd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keyboxd.o -MD -MP -MF $(DEPDIR)/keyboxd-keyboxd.Tpo -c -o keyboxd-keyboxd.o `test -f 'keyboxd.c' || echo '$(srcdir)/'`keyboxd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keyboxd.Tpo $(DEPDIR)/keyboxd-keyboxd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keyboxd.c' object='keyboxd-keyboxd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keyboxd.o `test -f 'keyboxd.c' || echo '$(srcdir)/'`keyboxd.c
+
+keyboxd-keyboxd.obj: keyboxd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keyboxd.obj -MD -MP -MF $(DEPDIR)/keyboxd-keyboxd.Tpo -c -o keyboxd-keyboxd.obj `if test -f 'keyboxd.c'; then $(CYGPATH_W) 'keyboxd.c'; else $(CYGPATH_W) '$(srcdir)/keyboxd.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keyboxd.Tpo $(DEPDIR)/keyboxd-keyboxd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keyboxd.c' object='keyboxd-keyboxd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keyboxd.obj `if test -f 'keyboxd.c'; then $(CYGPATH_W) 'keyboxd.c'; else $(CYGPATH_W) '$(srcdir)/keyboxd.c'; fi`
+
+keyboxd-kbxserver.o: kbxserver.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-kbxserver.o -MD -MP -MF $(DEPDIR)/keyboxd-kbxserver.Tpo -c -o keyboxd-kbxserver.o `test -f 'kbxserver.c' || echo '$(srcdir)/'`kbxserver.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-kbxserver.Tpo $(DEPDIR)/keyboxd-kbxserver.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbxserver.c' object='keyboxd-kbxserver.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-kbxserver.o `test -f 'kbxserver.c' || echo '$(srcdir)/'`kbxserver.c
+
+keyboxd-kbxserver.obj: kbxserver.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-kbxserver.obj -MD -MP -MF $(DEPDIR)/keyboxd-kbxserver.Tpo -c -o keyboxd-kbxserver.obj `if test -f 'kbxserver.c'; then $(CYGPATH_W) 'kbxserver.c'; else $(CYGPATH_W) '$(srcdir)/kbxserver.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-kbxserver.Tpo $(DEPDIR)/keyboxd-kbxserver.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kbxserver.c' object='keyboxd-kbxserver.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-kbxserver.obj `if test -f 'kbxserver.c'; then $(CYGPATH_W) 'kbxserver.c'; else $(CYGPATH_W) '$(srcdir)/kbxserver.c'; fi`
+
+keyboxd-frontend.o: frontend.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-frontend.o -MD -MP -MF $(DEPDIR)/keyboxd-frontend.Tpo -c -o keyboxd-frontend.o `test -f 'frontend.c' || echo '$(srcdir)/'`frontend.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-frontend.Tpo $(DEPDIR)/keyboxd-frontend.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='frontend.c' object='keyboxd-frontend.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-frontend.o `test -f 'frontend.c' || echo '$(srcdir)/'`frontend.c
+
+keyboxd-frontend.obj: frontend.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-frontend.obj -MD -MP -MF $(DEPDIR)/keyboxd-frontend.Tpo -c -o keyboxd-frontend.obj `if test -f 'frontend.c'; then $(CYGPATH_W) 'frontend.c'; else $(CYGPATH_W) '$(srcdir)/frontend.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-frontend.Tpo $(DEPDIR)/keyboxd-frontend.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='frontend.c' object='keyboxd-frontend.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-frontend.obj `if test -f 'frontend.c'; then $(CYGPATH_W) 'frontend.c'; else $(CYGPATH_W) '$(srcdir)/frontend.c'; fi`
+
+keyboxd-backend-support.o: backend-support.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-support.o -MD -MP -MF $(DEPDIR)/keyboxd-backend-support.Tpo -c -o keyboxd-backend-support.o `test -f 'backend-support.c' || echo '$(srcdir)/'`backend-support.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-support.Tpo $(DEPDIR)/keyboxd-backend-support.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-support.c' object='keyboxd-backend-support.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-support.o `test -f 'backend-support.c' || echo '$(srcdir)/'`backend-support.c
+
+keyboxd-backend-support.obj: backend-support.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-support.obj -MD -MP -MF $(DEPDIR)/keyboxd-backend-support.Tpo -c -o keyboxd-backend-support.obj `if test -f 'backend-support.c'; then $(CYGPATH_W) 'backend-support.c'; else $(CYGPATH_W) '$(srcdir)/backend-support.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-support.Tpo $(DEPDIR)/keyboxd-backend-support.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-support.c' object='keyboxd-backend-support.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-support.obj `if test -f 'backend-support.c'; then $(CYGPATH_W) 'backend-support.c'; else $(CYGPATH_W) '$(srcdir)/backend-support.c'; fi`
+
+keyboxd-backend-cache.o: backend-cache.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-cache.o -MD -MP -MF $(DEPDIR)/keyboxd-backend-cache.Tpo -c -o keyboxd-backend-cache.o `test -f 'backend-cache.c' || echo '$(srcdir)/'`backend-cache.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-cache.Tpo $(DEPDIR)/keyboxd-backend-cache.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-cache.c' object='keyboxd-backend-cache.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-cache.o `test -f 'backend-cache.c' || echo '$(srcdir)/'`backend-cache.c
+
+keyboxd-backend-cache.obj: backend-cache.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-cache.obj -MD -MP -MF $(DEPDIR)/keyboxd-backend-cache.Tpo -c -o keyboxd-backend-cache.obj `if test -f 'backend-cache.c'; then $(CYGPATH_W) 'backend-cache.c'; else $(CYGPATH_W) '$(srcdir)/backend-cache.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-cache.Tpo $(DEPDIR)/keyboxd-backend-cache.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-cache.c' object='keyboxd-backend-cache.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-cache.obj `if test -f 'backend-cache.c'; then $(CYGPATH_W) 'backend-cache.c'; else $(CYGPATH_W) '$(srcdir)/backend-cache.c'; fi`
+
+keyboxd-backend-kbx.o: backend-kbx.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-kbx.o -MD -MP -MF $(DEPDIR)/keyboxd-backend-kbx.Tpo -c -o keyboxd-backend-kbx.o `test -f 'backend-kbx.c' || echo '$(srcdir)/'`backend-kbx.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-kbx.Tpo $(DEPDIR)/keyboxd-backend-kbx.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-kbx.c' object='keyboxd-backend-kbx.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-kbx.o `test -f 'backend-kbx.c' || echo '$(srcdir)/'`backend-kbx.c
+
+keyboxd-backend-kbx.obj: backend-kbx.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-kbx.obj -MD -MP -MF $(DEPDIR)/keyboxd-backend-kbx.Tpo -c -o keyboxd-backend-kbx.obj `if test -f 'backend-kbx.c'; then $(CYGPATH_W) 'backend-kbx.c'; else $(CYGPATH_W) '$(srcdir)/backend-kbx.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-kbx.Tpo $(DEPDIR)/keyboxd-backend-kbx.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-kbx.c' object='keyboxd-backend-kbx.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-kbx.obj `if test -f 'backend-kbx.c'; then $(CYGPATH_W) 'backend-kbx.c'; else $(CYGPATH_W) '$(srcdir)/backend-kbx.c'; fi`
+
+keyboxd-backend-sqlite.o: backend-sqlite.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-sqlite.o -MD -MP -MF $(DEPDIR)/keyboxd-backend-sqlite.Tpo -c -o keyboxd-backend-sqlite.o `test -f 'backend-sqlite.c' || echo '$(srcdir)/'`backend-sqlite.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-sqlite.Tpo $(DEPDIR)/keyboxd-backend-sqlite.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-sqlite.c' object='keyboxd-backend-sqlite.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-sqlite.o `test -f 'backend-sqlite.c' || echo '$(srcdir)/'`backend-sqlite.c
+
+keyboxd-backend-sqlite.obj: backend-sqlite.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-backend-sqlite.obj -MD -MP -MF $(DEPDIR)/keyboxd-backend-sqlite.Tpo -c -o keyboxd-backend-sqlite.obj `if test -f 'backend-sqlite.c'; then $(CYGPATH_W) 'backend-sqlite.c'; else $(CYGPATH_W) '$(srcdir)/backend-sqlite.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-backend-sqlite.Tpo $(DEPDIR)/keyboxd-backend-sqlite.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='backend-sqlite.c' object='keyboxd-backend-sqlite.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-backend-sqlite.obj `if test -f 'backend-sqlite.c'; then $(CYGPATH_W) 'backend-sqlite.c'; else $(CYGPATH_W) '$(srcdir)/backend-sqlite.c'; fi`
+
+keyboxd-keybox-util.o: keybox-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-util.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-util.Tpo -c -o keyboxd-keybox-util.o `test -f 'keybox-util.c' || echo '$(srcdir)/'`keybox-util.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-util.Tpo $(DEPDIR)/keyboxd-keybox-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-util.c' object='keyboxd-keybox-util.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-util.o `test -f 'keybox-util.c' || echo '$(srcdir)/'`keybox-util.c
+
+keyboxd-keybox-util.obj: keybox-util.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-util.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-util.Tpo -c -o keyboxd-keybox-util.obj `if test -f 'keybox-util.c'; then $(CYGPATH_W) 'keybox-util.c'; else $(CYGPATH_W) '$(srcdir)/keybox-util.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-util.Tpo $(DEPDIR)/keyboxd-keybox-util.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-util.c' object='keyboxd-keybox-util.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-util.obj `if test -f 'keybox-util.c'; then $(CYGPATH_W) 'keybox-util.c'; else $(CYGPATH_W) '$(srcdir)/keybox-util.c'; fi`
+
+keyboxd-keybox-init.o: keybox-init.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-init.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-init.Tpo -c -o keyboxd-keybox-init.o `test -f 'keybox-init.c' || echo '$(srcdir)/'`keybox-init.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-init.Tpo $(DEPDIR)/keyboxd-keybox-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-init.c' object='keyboxd-keybox-init.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-init.o `test -f 'keybox-init.c' || echo '$(srcdir)/'`keybox-init.c
+
+keyboxd-keybox-init.obj: keybox-init.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-init.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-init.Tpo -c -o keyboxd-keybox-init.obj `if test -f 'keybox-init.c'; then $(CYGPATH_W) 'keybox-init.c'; else $(CYGPATH_W) '$(srcdir)/keybox-init.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-init.Tpo $(DEPDIR)/keyboxd-keybox-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-init.c' object='keyboxd-keybox-init.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-init.obj `if test -f 'keybox-init.c'; then $(CYGPATH_W) 'keybox-init.c'; else $(CYGPATH_W) '$(srcdir)/keybox-init.c'; fi`
+
+keyboxd-keybox-blob.o: keybox-blob.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-blob.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-blob.Tpo -c -o keyboxd-keybox-blob.o `test -f 'keybox-blob.c' || echo '$(srcdir)/'`keybox-blob.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-blob.Tpo $(DEPDIR)/keyboxd-keybox-blob.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-blob.c' object='keyboxd-keybox-blob.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-blob.o `test -f 'keybox-blob.c' || echo '$(srcdir)/'`keybox-blob.c
+
+keyboxd-keybox-blob.obj: keybox-blob.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-blob.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-blob.Tpo -c -o keyboxd-keybox-blob.obj `if test -f 'keybox-blob.c'; then $(CYGPATH_W) 'keybox-blob.c'; else $(CYGPATH_W) '$(srcdir)/keybox-blob.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-blob.Tpo $(DEPDIR)/keyboxd-keybox-blob.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-blob.c' object='keyboxd-keybox-blob.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-blob.obj `if test -f 'keybox-blob.c'; then $(CYGPATH_W) 'keybox-blob.c'; else $(CYGPATH_W) '$(srcdir)/keybox-blob.c'; fi`
+
+keyboxd-keybox-file.o: keybox-file.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-file.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-file.Tpo -c -o keyboxd-keybox-file.o `test -f 'keybox-file.c' || echo '$(srcdir)/'`keybox-file.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-file.Tpo $(DEPDIR)/keyboxd-keybox-file.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-file.c' object='keyboxd-keybox-file.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-file.o `test -f 'keybox-file.c' || echo '$(srcdir)/'`keybox-file.c
+
+keyboxd-keybox-file.obj: keybox-file.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-file.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-file.Tpo -c -o keyboxd-keybox-file.obj `if test -f 'keybox-file.c'; then $(CYGPATH_W) 'keybox-file.c'; else $(CYGPATH_W) '$(srcdir)/keybox-file.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-file.Tpo $(DEPDIR)/keyboxd-keybox-file.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-file.c' object='keyboxd-keybox-file.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-file.obj `if test -f 'keybox-file.c'; then $(CYGPATH_W) 'keybox-file.c'; else $(CYGPATH_W) '$(srcdir)/keybox-file.c'; fi`
+
+keyboxd-keybox-search.o: keybox-search.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-search.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-search.Tpo -c -o keyboxd-keybox-search.o `test -f 'keybox-search.c' || echo '$(srcdir)/'`keybox-search.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-search.Tpo $(DEPDIR)/keyboxd-keybox-search.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-search.c' object='keyboxd-keybox-search.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-search.o `test -f 'keybox-search.c' || echo '$(srcdir)/'`keybox-search.c
+
+keyboxd-keybox-search.obj: keybox-search.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-search.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-search.Tpo -c -o keyboxd-keybox-search.obj `if test -f 'keybox-search.c'; then $(CYGPATH_W) 'keybox-search.c'; else $(CYGPATH_W) '$(srcdir)/keybox-search.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-search.Tpo $(DEPDIR)/keyboxd-keybox-search.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-search.c' object='keyboxd-keybox-search.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-search.obj `if test -f 'keybox-search.c'; then $(CYGPATH_W) 'keybox-search.c'; else $(CYGPATH_W) '$(srcdir)/keybox-search.c'; fi`
+
+keyboxd-keybox-update.o: keybox-update.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-update.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-update.Tpo -c -o keyboxd-keybox-update.o `test -f 'keybox-update.c' || echo '$(srcdir)/'`keybox-update.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-update.Tpo $(DEPDIR)/keyboxd-keybox-update.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-update.c' object='keyboxd-keybox-update.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-update.o `test -f 'keybox-update.c' || echo '$(srcdir)/'`keybox-update.c
+
+keyboxd-keybox-update.obj: keybox-update.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-update.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-update.Tpo -c -o keyboxd-keybox-update.obj `if test -f 'keybox-update.c'; then $(CYGPATH_W) 'keybox-update.c'; else $(CYGPATH_W) '$(srcdir)/keybox-update.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-update.Tpo $(DEPDIR)/keyboxd-keybox-update.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-update.c' object='keyboxd-keybox-update.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-update.obj `if test -f 'keybox-update.c'; then $(CYGPATH_W) 'keybox-update.c'; else $(CYGPATH_W) '$(srcdir)/keybox-update.c'; fi`
+
+keyboxd-keybox-openpgp.o: keybox-openpgp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-openpgp.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-openpgp.Tpo -c -o keyboxd-keybox-openpgp.o `test -f 'keybox-openpgp.c' || echo '$(srcdir)/'`keybox-openpgp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-openpgp.Tpo $(DEPDIR)/keyboxd-keybox-openpgp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-openpgp.c' object='keyboxd-keybox-openpgp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-openpgp.o `test -f 'keybox-openpgp.c' || echo '$(srcdir)/'`keybox-openpgp.c
+
+keyboxd-keybox-openpgp.obj: keybox-openpgp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-openpgp.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-openpgp.Tpo -c -o keyboxd-keybox-openpgp.obj `if test -f 'keybox-openpgp.c'; then $(CYGPATH_W) 'keybox-openpgp.c'; else $(CYGPATH_W) '$(srcdir)/keybox-openpgp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-openpgp.Tpo $(DEPDIR)/keyboxd-keybox-openpgp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-openpgp.c' object='keyboxd-keybox-openpgp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-openpgp.obj `if test -f 'keybox-openpgp.c'; then $(CYGPATH_W) 'keybox-openpgp.c'; else $(CYGPATH_W) '$(srcdir)/keybox-openpgp.c'; fi`
+
+keyboxd-keybox-dump.o: keybox-dump.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-dump.o -MD -MP -MF $(DEPDIR)/keyboxd-keybox-dump.Tpo -c -o keyboxd-keybox-dump.o `test -f 'keybox-dump.c' || echo '$(srcdir)/'`keybox-dump.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-dump.Tpo $(DEPDIR)/keyboxd-keybox-dump.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-dump.c' object='keyboxd-keybox-dump.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-dump.o `test -f 'keybox-dump.c' || echo '$(srcdir)/'`keybox-dump.c
+
+keyboxd-keybox-dump.obj: keybox-dump.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -MT keyboxd-keybox-dump.obj -MD -MP -MF $(DEPDIR)/keyboxd-keybox-dump.Tpo -c -o keyboxd-keybox-dump.obj `if test -f 'keybox-dump.c'; then $(CYGPATH_W) 'keybox-dump.c'; else $(CYGPATH_W) '$(srcdir)/keybox-dump.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/keyboxd-keybox-dump.Tpo $(DEPDIR)/keyboxd-keybox-dump.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='keybox-dump.c' object='keyboxd-keybox-dump.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(keyboxd_CFLAGS) $(CFLAGS) -c -o keyboxd-keybox-dump.obj `if test -f 'keybox-dump.c'; then $(CYGPATH_W) 'keybox-dump.c'; else $(CYGPATH_W) '$(srcdir)/keybox-dump.c'; fi`
+
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
 tags: tags-am
@@ -1129,7 +1498,7 @@ check-am: all-am
 check: check-am
 all-am: Makefile $(PROGRAMS) $(LIBRARIES)
 installdirs:
-	for dir in "$(DESTDIR)$(bindir)"; do \
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1164,8 +1533,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-binPROGRAMS clean-generic clean-noinstLIBRARIES \
-	mostlyclean-am
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+	clean-noinstLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 		-rm -f ./$(DEPDIR)/kbxutil-kbxutil.Po
@@ -1177,6 +1546,22 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-search.Po
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-update.Po
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-util.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-cache.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-kbx.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-sqlite.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-support.Po
+	-rm -f ./$(DEPDIR)/keyboxd-frontend.Po
+	-rm -f ./$(DEPDIR)/keyboxd-kbxserver.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-blob.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-dump.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-file.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-init.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-openpgp.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-search.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-update.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-util.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keyboxd.Po
+	-rm -f ./$(DEPDIR)/libkeybox509_a-kbx-client-util.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-blob.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-dump.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-file.Po
@@ -1185,6 +1570,7 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-search.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-update.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-util.Po
+	-rm -f ./$(DEPDIR)/libkeybox_a-kbx-client-util.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-blob.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-dump.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-file.Po
@@ -1215,7 +1601,7 @@ install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am: install-binPROGRAMS
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
 
 install-html: install-html-am
 
@@ -1247,6 +1633,22 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-search.Po
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-update.Po
 	-rm -f ./$(DEPDIR)/kbxutil-keybox-util.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-cache.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-kbx.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-sqlite.Po
+	-rm -f ./$(DEPDIR)/keyboxd-backend-support.Po
+	-rm -f ./$(DEPDIR)/keyboxd-frontend.Po
+	-rm -f ./$(DEPDIR)/keyboxd-kbxserver.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-blob.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-dump.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-file.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-init.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-openpgp.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-search.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-update.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keybox-util.Po
+	-rm -f ./$(DEPDIR)/keyboxd-keyboxd.Po
+	-rm -f ./$(DEPDIR)/libkeybox509_a-kbx-client-util.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-blob.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-dump.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-file.Po
@@ -1255,6 +1657,7 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-search.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-update.Po
 	-rm -f ./$(DEPDIR)/libkeybox509_a-keybox-util.Po
+	-rm -f ./$(DEPDIR)/libkeybox_a-kbx-client-util.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-blob.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-dump.Po
 	-rm -f ./$(DEPDIR)/libkeybox_a-keybox-file.Po
@@ -1278,23 +1681,24 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS
 
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
-	clean-binPROGRAMS clean-generic clean-noinstLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
+	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+	clean-noinstLIBRARIES cscopelist-am ctags ctags-am distclean \
+	distclean-compile distclean-generic distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-binPROGRAMS install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
-	uninstall-am uninstall-binPROGRAMS
+	uninstall-am uninstall-binPROGRAMS uninstall-libexecPROGRAMS
 
 .PRECIOUS: Makefile
 
@@ -1302,7 +1706,9 @@ uninstall-am: uninstall-binPROGRAMS
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
 
-$(PROGRAMS) : ../common/libcommon.a
+# Make sure that all libs are build before we use them.  This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(commonpth_libs)
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/kbx/backend-cache.c b/kbx/backend-cache.c
new file mode 100644
index 0000000..f30fa7d
--- /dev/null
+++ b/kbx/backend-cache.c
@@ -0,0 +1,1201 @@
+/* backend-cache.c - Cache backend for keyboxd
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+/*
+ * This cache backend is designed to be queried first and to deliver
+ * cached items (which may also be not-found).  A set a maintenance
+ * functions is used used by the frontend to fill the cache.
+ * FIXME: Support x.509
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "keyboxd.h"
+#include "../common/i18n.h"
+#include "../common/host2net.h"
+#include "backend.h"
+#include "keybox-defs.h"
+
+
+/* Standard values for the number of buckets and the threshold we use
+ * to flush items.  */
+#define NO_OF_KEY_ITEM_BUCKETS          383
+#define KEY_ITEMS_PER_BUCKET_THRESHOLD  40
+#define NO_OF_BLOB_BUCKETS              383
+#define BLOBS_PER_BUCKET_THRESHOLD      20
+
+
+/* Our definition of the backend handle.  */
+struct backend_handle_s
+{
+  enum database_types db_type; /* Always DB_TYPE_CACHE.  */
+  unsigned int backend_id;     /* Always the id the backend.  */
+};
+
+
+/* The object holding a blob.  */
+typedef struct blob_s
+{
+  struct blob_s *next;
+  enum pubkey_types pktype;
+  unsigned int refcount;
+  unsigned int usecount;
+  unsigned int datalen;
+  unsigned char *data;        /* The actual data of length DATALEN.  */
+  unsigned char ubid[UBID_LEN];
+} *blob_t;
+
+
+static blob_t *blob_table;                /* Hash table with the blobs.   */
+static size_t blob_table_size;            /* Number of allocated buckets. */
+static unsigned int blob_table_threshold; /* Max. # of items per bucket.  */
+static unsigned int blob_table_added;     /* Number of items added.       */
+static unsigned int blob_table_dropped;   /* Number of items dropped.     */
+static blob_t blob_attic;                 /* List of freed blobs.         */
+
+
+/* A list item to blob data.  This is so that a next operation on a
+ * cached key item can actually work.  Things are complicated because
+ * we do not want to force caching all object before we get a next
+ * request from the client.  To accomplish this we keep a flag
+ * indicating that the search needs to continue instead of delivering
+ * the previous item from the cache.  */
+typedef struct bloblist_s
+{
+  struct bloblist_s *next;
+  unsigned int final_kid:1;     /* The final blob for KID searches. */
+  unsigned int final_fpr:1;     /* The final blob for FPR searches. */
+  unsigned int ubid_valid:1;    /* The blobid below is valid.   */
+  unsigned int subkey:1;        /* The entry is for a subkey.   */
+  unsigned int fprlen:8;        /* The length of the fingerprint or 0.  */
+  char fpr[32];                 /* The buffer for the fingerprint.  */
+  unsigned char ubid[UBID_LEN]; /* The Unique-Blob-ID of the blob.  */
+} *bloblist_t;
+
+static bloblist_t bloblist_attic;  /* List of freed items.  */
+
+/* The cache object.  For indexing we could use the fingerprint
+ * directly as a hash value.  However, we use the keyid instead
+ * because the keyid is used by OpenPGP in encrypted packets and older
+ * signatures to identify a key.  Since v4 OpenPGP keys the keyid is
+ * anyway a part of the fingerprint so it quickly extracted from a
+ * fingerprint.  Note that v3 keys are not supported by gpg.
+ * FIXME: Add support for X.509.
+ */
+typedef struct key_item_s
+{
+  struct key_item_s *next;
+  bloblist_t  blist;       /* List of blobs or NULL for not-found.  */
+  unsigned int usecount;
+  unsigned int refcount;   /* Reference counter for this item.  */
+  u32 kid_h;               /* Upper 4 bytes of the keyid.  */
+  u32 kid_l;               /* Lower 4 bytes of the keyid.  */
+} *key_item_t;
+
+static key_item_t *key_table;            /* Hash table with the keys.    */
+static size_t key_table_size;            /* Number of allocated buckets. */
+static unsigned int key_table_threshold; /* Max. # of items per bucket.  */
+static unsigned int key_table_added;     /* Number of items added.       */
+static unsigned int key_table_dropped;   /* Number of items dropped.     */
+static key_item_t key_item_attic;        /* List of freed items.         */
+
+
+
+
+/* The hash function we use for the key_table.  Must not call a system
+ * function.  */
+static inline unsigned int
+blob_table_hasher (const unsigned char *ubid)
+{
+  return (ubid[0] << 16 | ubid[1]) % blob_table_size;
+}
+
+
+/* Runtime allocation of the key table.  This allows us to eventually
+ * add an option to control the size.  */
+static gpg_error_t
+blob_table_init (void)
+{
+  if (blob_table)
+    return 0;
+  blob_table_size = NO_OF_BLOB_BUCKETS;
+  blob_table_threshold  = BLOBS_PER_BUCKET_THRESHOLD;
+  blob_table = xtrycalloc (blob_table_size, sizeof *blob_table);
+  if (!blob_table)
+    return gpg_error_from_syserror ();
+  return 0;
+}
+
+/* Free a blob.  This is done by moving it to the attic list.  */
+static void
+blob_unref (blob_t blob)
+{
+  void *p;
+
+  if (!blob)
+    return;
+  log_assert (blob->refcount);
+  if (!--blob->refcount)
+    {
+      p = blob->data;
+      blob->data = NULL;
+      blob->next = blob_attic;
+      blob_attic = blob;
+      xfree (p);
+    }
+}
+
+
+/* Given the hash value and the ubid, find the blob in the bucket.
+ * Returns NULL if not found or the blob item if found.  Always
+ * returns the the number of items searched, which is in the case of a
+ * not-found the length of the chain.  */
+static blob_t
+find_blob (unsigned int hash, const unsigned char *ubid,
+           unsigned int *r_count)
+{
+  blob_t b;
+  unsigned int count = 0;
+
+  for (b = blob_table[hash]; b; b = b->next, count++)
+    if (!memcmp (b->ubid, ubid, UBID_LEN))
+      break;
+  if (r_count)
+    *r_count = count;
+  return b;
+}
+
+
+/* Helper for the qsort in key_table_put.  */
+static int
+compare_blobs (const void *arg_a, const void *arg_b)
+{
+  const blob_t a = *(const blob_t *)arg_a;
+  const blob_t b = *(const blob_t *)arg_b;
+
+  /* Reverse sort on the usecount.  */
+  if (a->usecount > b->usecount)
+    return -1;
+  else if (a->usecount == b->usecount)
+    return 0;
+  else
+    return 1;
+}
+
+
+/* Put the blob (BLOBDATA, BLOBDATALEN) into the cache using UBID as
+ * the index.  If it is already in the cache nothing happens.  */
+static void
+blob_table_put (const unsigned char *ubid, enum pubkey_types pktype,
+                const void *blobdata, unsigned int blobdatalen)
+{
+  unsigned int hash;
+  blob_t b;
+  unsigned int count, n;
+  void *blobdatacopy = NULL;
+
+  hash = blob_table_hasher (ubid);
+ find_again:
+  b = find_blob (hash, ubid, &count);
+  if (b)
+    {
+      xfree (blobdatacopy);
+      return;  /* Already got this blob.  */
+    }
+
+  /* Create a copy of the blob if not yet done.  */
+  if (!blobdatacopy)
+    {
+      blobdatacopy = xtrymalloc (blobdatalen);
+      if (!blobdatacopy)
+        {
+          log_info ("Note: malloc failed while copying blob to the cache: %s\n",
+                    gpg_strerror (gpg_error_from_syserror ()));
+          return;  /* Out of core - ignore.  */
+        }
+      memcpy (blobdatacopy, blobdata, blobdatalen);
+    }
+
+  /* If the bucket is full remove a couple of items. */
+  if (count >= blob_table_threshold)
+    {
+      blob_t list_head, *list_tailp, b_next;
+      blob_t *array;
+      int narray, idx;
+
+      /* Unlink from the global list so that other threads don't
+       * disturb us.  If another thread adds or removes something only
+       * one will be the winner.  Bad luck for the dropped cache items
+       * but after all it is just a cache.  */
+      list_head = blob_table[hash];
+      blob_table[hash] = NULL;
+
+      /* Put all items into an array for sorting.  */
+      array = xtrycalloc (count, sizeof *array);
+      if (!array)
+        {
+          /* That's bad; give up all  items of the bucket.  */
+          log_info ("Note: malloc failed while purging blobs from the "
+                    "cache: %s\n", gpg_strerror (gpg_error_from_syserror ()));
+          goto leave_drop;
+        }
+      narray = 0;
+      for (b = list_head; b; b = b_next)
+        {
+          b_next = b->next;
+          array[narray++] = b;
+          b->next = NULL;
+        }
+      log_assert (narray == count);
+
+      /* Sort the array and put half of it onto a new list.  */
+      qsort (array, narray, sizeof *array, compare_blobs);
+      list_head = NULL;
+      list_tailp = &list_head;
+      for (idx=0; idx < narray/2; idx++)
+        {
+          *list_tailp = array[idx];
+          list_tailp = &array[idx]->next;
+        }
+
+      /* Put the new list into the bucket.  */
+      b = blob_table[hash];
+      blob_table[hash] = list_head;
+      list_head = b;
+
+      /* Free the remaining items and the array.  */
+      for (; idx < narray; idx++)
+        {
+          blob_unref (array[idx]);
+          blob_table_dropped++;
+        }
+      xfree (array);
+
+    leave_drop:
+      /* Free any items added in the meantime by other threads.  This
+       * is also used in case of a malloc problem (which won't update
+       * the counters, though). */
+      for ( ; list_head; list_head = b_next)
+        {
+          b_next = list_head->next;
+          blob_unref (list_head);
+        }
+    }
+
+  /* Add an item to the bucket.  We allocate a whole block of items
+   * for cache performance reasons.  */
+  if (!blob_attic)
+    {
+      blob_t b_block;
+      int b_blocksize = 256;
+
+      b_block = xtrymalloc (b_blocksize * sizeof *b_block);
+      if (!b_block)
+        {
+          log_info ("Note: malloc failed while adding blob to the cache: %s\n",
+                    gpg_strerror (gpg_error_from_syserror ()));
+          xfree (blobdatacopy);
+          return;  /* Out of core - ignore.  */
+        }
+      for (n = 0; n < b_blocksize; n++)
+        {
+          b = b_block + n;
+          b->next = blob_attic;
+          blob_attic = b;
+        }
+
+      /* During the malloc another thread might have changed the
+       * bucket.  Thus we need to start over.  */
+      goto find_again;
+    }
+
+  /* We now know that there is an item in the attic.  Put it into the
+   * chain.  Note that we may not use any system call here. */
+  b = blob_attic;
+  blob_attic = b->next;
+  b->next = NULL;
+  b->pktype = pktype;
+  b->data = blobdatacopy;
+  b->datalen = blobdatalen;
+  memcpy (b->ubid, ubid, UBID_LEN);
+  b->usecount = 1;
+  b->refcount = 1;
+  b->next = blob_table[hash];
+  blob_table[hash] = b;
+  blob_table_added++;
+}
+
+
+/* Given the UBID return a cached blob item.  The caller must
+ * release that item using blob_unref.  */
+static blob_t
+blob_table_get (const unsigned char *ubid)
+{
+  unsigned int hash;
+  blob_t b;
+
+  hash = blob_table_hasher (ubid);
+  b = find_blob (hash, ubid, NULL);
+  if (b)
+    {
+      b->usecount++;
+      b->refcount++;
+      return b;  /* Found  */
+    }
+
+  return NULL;
+}
+
+
+
+/* The hash function we use for the key_table.  Must not call a system
+ * function.  */
+static inline unsigned int
+key_table_hasher (u32 kid_l)
+{
+  return kid_l % key_table_size;
+}
+
+
+/* Runtime allocation of the key table.  This allows us to eventually
+ * add an option to control the size.  */
+static gpg_error_t
+key_table_init (void)
+{
+  if (key_table)
+    return 0;
+  key_table_size = NO_OF_KEY_ITEM_BUCKETS;
+  key_table_threshold  = KEY_ITEMS_PER_BUCKET_THRESHOLD;
+  key_table = xtrycalloc (key_table_size, sizeof *key_table);
+  if (!key_table)
+    return gpg_error_from_syserror ();
+  return 0;
+}
+
+/* Free a key_item.  This is done by moving it to the attic list.  */
+static void
+key_item_unref (key_item_t ki)
+{
+  bloblist_t bl, bl2;
+
+  if (!ki)
+    return;
+  log_assert (ki->refcount);
+  if (!--ki->refcount)
+    {
+      bl = ki->blist;
+      ki->blist = NULL;
+      ki->next = key_item_attic;
+      key_item_attic = ki;
+
+      if (bl)
+        {
+          for (bl2 = bl; bl2->next; bl2 = bl2->next)
+            ;
+          bl2->next = bloblist_attic;
+          bloblist_attic = bl;
+        }
+    }
+}
+
+
+/* Given the hash value and the search info, find the key item in the
+ * bucket.  Return NULL if not found or the key item if found.  Always
+ * returns the the number of items searched, which is in the case of a
+ * not-found the length of the chain.  Note that FPR may only be NULL
+ * if FPRLEN is 0. */
+static key_item_t
+find_in_chain (unsigned int hash, u32 kid_h, u32 kid_l,
+               unsigned int *r_count)
+{
+  key_item_t ki = key_table[hash];
+  unsigned int count = 0;
+
+  for (; ki; ki = ki->next, count++)
+    if (ki->kid_h == kid_h && ki->kid_l == kid_l)
+      break;
+  if (r_count)
+    *r_count = count;
+  return ki;
+}
+
+
+/* Helper for the qsort in key_table_put.  */
+static int
+compare_key_items (const void *arg_a, const void *arg_b)
+{
+  const key_item_t a = *(const key_item_t *)arg_a;
+  const key_item_t b = *(const key_item_t *)arg_b;
+
+  /* Reverse sort on the usecount.  */
+  if (a->usecount > b->usecount)
+    return -1;
+  else if (a->usecount == b->usecount)
+    return 0;
+  else
+    return 1;
+}
+
+
+/* Allocate new key items.  They are put to the attic so that the
+ * caller can take them from there.  On allocation failure a note
+ * is printed and an error returned.  */
+static gpg_error_t
+alloc_more_key_items (void)
+{
+  gpg_error_t err;
+  key_item_t kiblock, ki;
+  int kiblocksize = 256;
+  unsigned int n;
+
+  kiblock = xtrymalloc (kiblocksize * sizeof *kiblock);
+  if (!kiblock)
+    {
+      err = gpg_error_from_syserror ();
+      log_info ("Note: malloc failed while adding to the cache: %s\n",
+                gpg_strerror (err));
+      return err;
+    }
+  for (n = 0; n < kiblocksize; n++)
+    {
+      ki = kiblock + n;
+      ki->next = key_item_attic;
+      key_item_attic = ki;
+    }
+  return 0;
+}
+
+
+/* Allocate new bloblist items.  They are put to the attic so that the
+ * caller can take them from there.  On allocation failure a note is
+ * printed and an error returned.  */
+static gpg_error_t
+alloc_more_bloblist_items (void)
+{
+  gpg_error_t err;
+  bloblist_t bl;
+  bloblist_t blistblock;
+  int blistblocksize = 256;
+  unsigned int n;
+
+  blistblock = xtrymalloc (blistblocksize * sizeof *blistblock);
+  if (!blistblock)
+    {
+      err = gpg_error_from_syserror ();
+      log_info ("Note: malloc failed while adding to the cache: %s\n",
+                gpg_strerror (err));
+      return err;
+    }
+  for (n = 0; n < blistblocksize; n++)
+    {
+      bl = blistblock + n;
+      bl->next = bloblist_attic;
+      bloblist_attic = bl;
+    }
+  return 0;
+}
+
+
+/* Helper for key_table_put.  This function assumes that
+ * bloblist_attaci is not NULL.  Returns a new bloblist item.  Be
+ * aware that no system calls may be done - even not log
+ * functions!  */
+static bloblist_t
+new_bloblist_item (const unsigned char *fpr, unsigned int fprlen,
+                   const unsigned char *ubid, int subkey)
+{
+  bloblist_t bl;
+
+  bl = bloblist_attic;
+  bloblist_attic = bl->next;
+  bl->next = NULL;
+
+  if (ubid)
+    memcpy (bl->ubid, ubid, UBID_LEN);
+  else
+    memset (bl->ubid, 0, UBID_LEN);
+  bl->ubid_valid = 1;
+  bl->final_kid = 0;
+  bl->final_fpr = 0;
+  bl->subkey = !!subkey;
+  bl->fprlen = fprlen;
+  memcpy (bl->fpr, fpr, fprlen);
+  return bl;
+}
+
+
+/* If the list of key item in the bucken HASH is full remove a couple
+ * of them.  On error a diagnostic is printed and an error code
+ * return.  Note that the error code GPG_ERR_TRUE is returned if any
+ * flush and thus system calls were done.
+ */
+static gpg_error_t
+maybe_flush_some_key_buckets (unsigned int hash, unsigned int count)
+{
+  gpg_error_t err;
+  key_item_t ki, list_head, *list_tailp, ki_next;
+  key_item_t *array;
+  int narray, idx;
+
+  if (count < key_table_threshold)
+    return 0;  /* Nothing to do.  */
+
+  /* Unlink from the global list so that other threads don't disturb
+   * us.  If another thread adds or removes something only one will be
+   * the winner.  Bad luck for the dropped cache items but after all
+   * it is just a cache.  */
+  list_head = key_table[hash];
+  key_table[hash] = NULL;
+
+  /* Put all items into an array for sorting.  */
+  array = xtrycalloc (count, sizeof *array);
+  if (!array)
+    {
+      /* That's bad; give up all items of the bucket.  */
+      err = gpg_error_from_syserror ();
+      log_info ("Note: malloc failed while purging from the cache: %s\n",
+                gpg_strerror (err));
+      goto leave;
+    }
+  narray = 0;
+  for (ki = list_head; ki; ki = ki_next)
+    {
+      ki_next = ki->next;
+      array[narray++] = ki;
+      ki->next = NULL;
+    }
+  log_assert (narray == count);
+
+  /* Sort the array and put half of it onto a new list.  */
+  qsort (array, narray, sizeof *array, compare_key_items);
+  list_head = NULL;
+  list_tailp = &list_head;
+  for (idx=0; idx < narray/2; idx++)
+    {
+      *list_tailp = array[idx];
+      list_tailp = &array[idx]->next;
+    }
+
+  /* Put the new list into the bucket.  */
+  ki = key_table[hash];
+  key_table[hash] = list_head;
+  list_head = ki;
+
+  /* Free the remaining items and the array.  */
+  for (; idx < narray; idx++)
+    {
+      key_item_unref (array[idx]);
+      key_table_dropped++;
+    }
+  xfree (array);
+  err = gpg_error (GPG_ERR_TRUE);
+
+ leave:
+  /* Free any items added in the meantime by other threads.  This is
+   * also used in case of a malloc problem (which won't update the
+   * counters, though). */
+  for ( ; list_head; list_head = ki_next)
+    {
+      ki_next = list_head->next;
+      key_item_unref (list_head);
+    }
+  return err;
+}
+
+
+/* This is the core of
+ *   key_table_put,
+ *   key_table_put_no_fpr,
+ *   key_table_put_no_kid.
+ */
+static void
+do_key_table_put (u32 kid_h, u32 kid_l,
+                  const unsigned char *fpr, unsigned int fprlen,
+                  const unsigned char *ubid, int subkey)
+{
+  unsigned int hash;
+  key_item_t ki;
+  bloblist_t bl, bl_tail;
+  unsigned int count;
+  int do_find_again;
+  int mark_not_found = !fpr;
+
+  hash = key_table_hasher (kid_l);
+ find_again:
+  do_find_again = 0;
+  ki = find_in_chain (hash, kid_h, kid_l, &count);
+  if (ki)
+    {
+      if (mark_not_found)
+        return; /* Can't put the mark because meanwhile a entry was
+                 * added.  */
+
+      for (bl = ki->blist; bl; bl = bl->next)
+        if (bl->fprlen
+            && bl->fprlen == fprlen
+            && !memcmp (bl->fpr, fpr, fprlen))
+          break;
+      if (bl)
+        return;  /* Already in the bloblist for the keyid  */
+
+      /* Append to the list.  */
+      if (!bloblist_attic)
+        {
+          if (alloc_more_bloblist_items ())
+            return;  /* Out of core - ignore.  */
+          goto find_again; /* Need to start over due to the malloc.  */
+        }
+      for (bl_tail = NULL, bl = ki->blist; bl; bl_tail = bl, bl = bl->next)
+        ;
+      bl = new_bloblist_item (fpr, fprlen, ubid, subkey);
+      if (bl_tail)
+        bl_tail->next = bl;
+      else
+        ki->blist = bl;
+
+      return;
+    }
+
+  /* If the bucket is full remove a couple of items. */
+  if (maybe_flush_some_key_buckets (hash, count))
+    {
+      /* During the function call another thread might have changed
+       * the bucket.  Thus we need to start over.  */
+      do_find_again = 1;
+    }
+
+  if (!key_item_attic)
+    {
+      if (alloc_more_key_items ())
+        return;  /* Out of core - ignore.  */
+      do_find_again = 1;
+    }
+
+  if (!bloblist_attic)
+    {
+      if (alloc_more_bloblist_items ())
+        return;  /* Out of core - ignore.  */
+      do_find_again = 1;
+    }
+
+  if (do_find_again)
+    goto find_again;
+
+  /* We now know that there are items in the attics.  Put them into
+   * the chain.  Note that we may not use any system call here. */
+  ki = key_item_attic;
+  key_item_attic = ki->next;
+  ki->next = NULL;
+
+  if (mark_not_found)
+    ki->blist = NULL;
+  else
+    ki->blist = new_bloblist_item (fpr, fprlen, ubid, subkey);
+
+  ki->kid_h = kid_h;
+  ki->kid_l = kid_l;
+  ki->usecount = 1;
+  ki->refcount = 1;
+
+  ki->next = key_table[hash];
+  key_table[hash] = ki;
+  key_table_added++;
+}
+
+
+/* Given the fingerprint (FPR,FPRLEN) put the UBID into the cache.
+ * SUBKEY indicates that the fingerprint is from a subkey.  */
+static void
+key_table_put (const unsigned char *fpr, unsigned int fprlen,
+               const unsigned char *ubid, int subkey)
+{
+  u32 kid_h, kid_l;
+
+  if (fprlen < 20 || fprlen > 32)
+    return;  /* No support for v3 keys or unknown key versions.  */
+
+  if (fprlen == 20)  /* v4 key */
+    {
+      kid_h = buf32_to_u32 (fpr+12);
+      kid_l = buf32_to_u32 (fpr+16);
+    }
+  else  /* v5 or later key */
+    {
+      kid_h = buf32_to_u32 (fpr);
+      kid_l = buf32_to_u32 (fpr+4);
+    }
+  do_key_table_put (kid_h, kid_l, fpr, fprlen, ubid, subkey);
+}
+
+
+/* Given the fingerprint (FPR,FPRLEN) put a flag into the cache that
+ * this fingerprint was not found.  */
+static void
+key_table_put_no_fpr (const unsigned char *fpr, unsigned int fprlen)
+{
+  u32 kid_h, kid_l;
+
+  if (fprlen < 20 || fprlen > 32)
+    return;  /* No support for v3 keys or unknown key versions.  */
+
+  if (fprlen == 20)  /* v4 key */
+    {
+      kid_h = buf32_to_u32 (fpr+12);
+      kid_l = buf32_to_u32 (fpr+16);
+    }
+  else  /* v5 or later key */
+    {
+      kid_h = buf32_to_u32 (fpr);
+      kid_l = buf32_to_u32 (fpr+4);
+    }
+  /* Note that our not-found chaching is only based on the keyid. */
+  do_key_table_put (kid_h, kid_l, NULL, 0, NULL, 0);
+}
+
+
+/* Given the keyid (KID_H, KID_L) put a flag into the cache that this
+ * keyid was not found. */
+static void
+key_table_put_no_kid (u32 kid_h, u32 kid_l)
+{
+  do_key_table_put (kid_h, kid_l, NULL, 0, NULL, 0);
+}
+
+
+/* Given the keyid or the fingerprint return the key item from the
+ * cache.  The caller must release the result using key_item_unref.
+ * NULL is returned if not found.  */
+static key_item_t
+key_table_get (u32 kid_h, u32 kid_l)
+{
+  unsigned int hash;
+  key_item_t ki;
+
+  hash = key_table_hasher (kid_l);
+  ki = find_in_chain (hash, kid_h, kid_l, NULL);
+  if (ki)
+    {
+      ki->usecount++;
+      ki->refcount++;
+      return ki;  /* Found  */
+    }
+
+  return NULL;
+}
+
+
+/* Return a key item by searching for the keyid.  The caller must use
+ * key_item_unref on it.  */
+static key_item_t
+query_by_kid (u32 kid_h, u32 kid_l)
+{
+  return key_table_get (kid_h, kid_l);
+}
+
+
+/* Return a key item by searching for the fingerprint.  The caller
+ * must use key_item_unref on it.  Note that the returned key item may
+ * not actually carry the fingerprint; the caller needs to scan the
+ * bloblist of the keyitem.  We can't do that here because the
+ * reference counting is done on the keyitem s and thus this needs to
+ * be returned. */
+static key_item_t
+query_by_fpr (const unsigned char *fpr, unsigned int fprlen)
+{
+  u32 kid_h, kid_l;
+
+  if (fprlen < 20 || fprlen > 32 )
+    return NULL;  /* No support for v3 keys or unknown key versions.  */
+
+  if (fprlen == 20)  /* v4 key */
+    {
+      kid_h = buf32_to_u32 (fpr+12);
+      kid_l = buf32_to_u32 (fpr+16);
+    }
+  else  /* v5 or later key */
+    {
+      kid_h = buf32_to_u32 (fpr);
+      kid_l = buf32_to_u32 (fpr+4);
+    }
+
+  return key_table_get (kid_h, kid_l);
+}
+
+
+
+
+
+/* Make sure the tables are initialized.  */
+gpg_error_t
+be_cache_initialize (void)
+{
+  gpg_error_t err;
+
+  err = blob_table_init ();
+  if (!err)
+    err = key_table_init ();
+  return err;
+}
+
+
+/* Install a new resource and return a handle for that backend.  */
+gpg_error_t
+be_cache_add_resource (ctrl_t ctrl, backend_handle_t *r_hd)
+{
+  gpg_error_t err;
+  backend_handle_t hd;
+
+  (void)ctrl;
+
+  *r_hd = NULL;
+  hd = xtrycalloc (1, sizeof *hd);
+  if (!hd)
+    return gpg_error_from_syserror ();
+  hd->db_type = DB_TYPE_CACHE;
+
+  hd->backend_id = be_new_backend_id ();
+
+  /* Just in case make sure we are initialized.  */
+  err = be_cache_initialize ();
+  if (err)
+    goto leave;
+
+  *r_hd = hd;
+  hd = NULL;
+
+ leave:
+  xfree (hd);
+  return err;
+}
+
+
+/* Release the backend handle HD and all its resources.  HD is not
+ * valid after a call to this function.  */
+void
+be_cache_release_resource (ctrl_t ctrl, backend_handle_t hd)
+{
+  (void)ctrl;
+
+  if (!hd)
+    return;
+  hd->db_type = DB_TYPE_NONE;
+
+  /* Fixme: Free the key_table.  */
+
+  xfree (hd);
+}
+
+
+/* Search for the keys described by (DESC,NDESC) and return them to
+ * the caller.  BACKEND_HD is the handle for this backend and REQUEST
+ * is the current database request object.  On a cache hit either 0 or
+ * GPG_ERR_NOT_FOUND is returned.  The former returns the item; the
+ * latter indicates that the cache has known that the item won't be
+ * found in any databases.  On a cache miss GPG_ERR_EOF is
+ * returned.  */
+gpg_error_t
+be_cache_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
+                 KEYDB_SEARCH_DESC *desc, unsigned int ndesc)
+{
+  gpg_error_t err;
+  db_request_part_t reqpart;
+  unsigned int n;
+  blob_t b;
+  key_item_t ki;
+  bloblist_t bl;
+  int not_found = 0;
+  int descidx = 0;
+  int found_bykid = 0;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_CACHE);
+  log_assert (request);
+
+  err = be_find_request_part (backend_hd, request, &reqpart);
+  if (err)
+    goto leave;
+
+  if (!desc)
+    {
+      /* Reset operation.  */
+      request->last_cached_valid = 0;
+      request->last_cached_final = 0;
+      reqpart->cache_seqno.fpr = 0;
+      reqpart->cache_seqno.kid = 0;
+      reqpart->cache_seqno.grip = 0;
+      reqpart->cache_seqno.ubid = 0;
+      err = 0;
+      goto leave;
+    }
+
+  for (ki = NULL, n=0; n < ndesc && !ki; n++)
+    {
+      descidx = n;
+      switch (desc[n].mode)
+        {
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          ki = query_by_kid (desc[n].u.kid[0], desc[n].u.kid[1]);
+          if (ki && ki->blist)
+            {
+              not_found = 0;
+              /* Note that in a bloblist all keyids are the same.  */
+              for (n=0, bl = ki->blist; bl; bl = bl->next)
+                if (n++ == reqpart->cache_seqno.kid)
+                  break;
+              if (!bl)
+                {
+                  key_item_unref (ki);
+                  ki = NULL;
+                }
+              else
+                {
+                  found_bykid = 1;
+                  reqpart->cache_seqno.kid++;
+                }
+            }
+          else if (ki)
+            not_found = 1;
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR:
+          ki = query_by_fpr (desc[n].u.fpr, desc[n].fprlen);
+          if (ki && ki->blist)
+            {
+              not_found = 0;
+              for (n=0, bl = ki->blist; bl; bl = bl->next)
+                if (bl->fprlen
+                    && bl->fprlen == desc[n].fprlen
+                    && !memcmp (bl->fpr, desc[n].u.fpr, desc[n].fprlen)
+                    && n++ == reqpart->cache_seqno.fpr)
+                  break;
+              if (!bl)
+                {
+                  key_item_unref (ki);
+                  ki = NULL;
+                }
+              else
+                reqpart->cache_seqno.fpr++;
+            }
+          else if (ki)
+            not_found = 1;
+          break;
+
+        /* case KEYDB_SEARCH_MODE_KEYGRIP: */
+        /*   ki = query_by_grip (desc[n].u.fpr, desc[n].fprlen); */
+        /*   break; */
+
+        case KEYDB_SEARCH_MODE_UBID:
+          /* This is the quite special UBID mode: If this is
+           * encountered in the search list we will return just this
+           * one and obviously look only into the blob cache.  */
+          if (reqpart->cache_seqno.ubid)
+            err = gpg_error (GPG_ERR_NOT_FOUND);
+          else
+            {
+              b = blob_table_get (desc[n].u.ubid);
+              if (b)
+                {
+                  err = be_return_pubkey (ctrl, b->data, b->datalen,
+                                          b->pktype, desc[n].u.ubid,
+                                          0, 0, 0, 0);
+                  blob_unref (b);
+                  reqpart->cache_seqno.ubid++;
+                }
+              else
+                err = gpg_error (GPG_ERR_EOF);
+            }
+          goto leave;
+
+        default:
+          ki = NULL;
+          break;
+        }
+    }
+
+  if (not_found)
+    {
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      key_item_unref (ki);
+    }
+  else if (ki)
+    {
+      if (bl && bl->ubid_valid)
+        {
+          memcpy (request->last_cached_ubid, bl->ubid, UBID_LEN);
+          request->last_cached_valid = 1;
+          request->last_cached_fprlen = desc[descidx].fprlen;
+          memcpy (request->last_cached_fpr,
+                  desc[descidx].u.fpr, desc[descidx].fprlen);
+          request->last_cached_kid_h = ki->kid_h;
+          request->last_cached_kid_l = ki->kid_l;
+          request->last_cached_valid = 1;
+          if ((bl->final_kid && found_bykid)
+              || (bl->final_fpr && !found_bykid))
+            request->last_cached_final = 1;
+          else
+            request->last_cached_final = 0;
+
+          b = blob_table_get (bl->ubid);
+          if (b)
+            {
+              err = be_return_pubkey (ctrl, b->data, b->datalen,
+                                      PUBKEY_TYPE_OPGP, bl->ubid, 0, 0, 0, 0);
+              blob_unref (b);
+            }
+          else
+            {
+              /* FIXME - return a different code so that the caller
+               * can lookup using the UBID.  */
+              err = gpg_error (GPG_ERR_MISSING_VALUE);
+            }
+        }
+      else if (bl)
+        err = gpg_error (GPG_ERR_MISSING_VALUE);
+      else
+        err = gpg_error (GPG_ERR_NOT_FOUND);
+      key_item_unref (ki);
+    }
+  else
+    err = gpg_error (GPG_ERR_EOF);
+
+ leave:
+  return err;
+}
+
+
+/* Mark the last cached item as the final item.  This is called when
+ * the actual database returned EOF in respond to a restart from the
+ * last cached UBID.  */
+void
+be_cache_mark_final (ctrl_t ctrl, db_request_t request)
+{
+  key_item_t ki;
+  bloblist_t bl, blfound;
+
+  (void)ctrl;
+
+  log_assert (request);
+
+  if (!request->last_cached_valid)
+    return;
+
+  if (!request->last_cached_fprlen) /* Was cached via keyid.  */
+    {
+      ki = query_by_kid (request->last_cached_kid_h,
+                         request->last_cached_kid_l);
+      if (ki && (bl = ki->blist))
+        {
+          for (blfound=NULL; bl; bl = bl->next)
+            blfound = bl;
+          if (blfound)
+            blfound->final_kid = 1;
+        }
+      key_item_unref (ki);
+    }
+  else /* Was cached via fingerprint.  */
+    {
+      ki = query_by_fpr (request->last_cached_fpr,
+                         request->last_cached_fprlen);
+      if (ki && (bl = ki->blist))
+        {
+          for (blfound=NULL; bl; bl = bl->next)
+            if (bl->fprlen
+                && bl->fprlen == request->last_cached_fprlen
+                && !memcmp (bl->fpr, request->last_cached_fpr,
+                            request->last_cached_fprlen))
+              blfound = bl;
+          if (blfound)
+            blfound->final_fpr = 1;
+        }
+      key_item_unref (ki);
+    }
+
+  request->last_cached_valid = 0;
+}
+
+
+/* Put the key (BLOB,BLOBLEN) of PUBKEY_TYPE into the cache.  */
+void
+be_cache_pubkey (ctrl_t ctrl, const unsigned char *ubid,
+                 const void *blob, unsigned int bloblen,
+                 enum pubkey_types pubkey_type)
+{
+  gpg_error_t err;
+
+  (void)ctrl;
+
+  if (pubkey_type == PUBKEY_TYPE_OPGP)
+    {
+      struct _keybox_openpgp_info info;
+      struct _keybox_openpgp_key_info *kinfo;
+
+      err = _keybox_parse_openpgp (blob, bloblen, NULL, &info);
+      if (err)
+        {
+          log_info ("cache: error parsing OpenPGP blob: %s\n",
+                    gpg_strerror (err));
+          return;
+        }
+
+      blob_table_put (ubid, pubkey_type, blob, bloblen);
+
+      kinfo = &info.primary;
+      key_table_put (kinfo->fpr, kinfo->fprlen, ubid, 0);
+      if (info.nsubkeys)
+        for (kinfo = &info.subkeys; kinfo; kinfo = kinfo->next)
+          key_table_put (kinfo->fpr, kinfo->fprlen, ubid, 1);
+
+      _keybox_destroy_openpgp_info (&info);
+    }
+
+}
+
+
+/* Put the a non-found mark for PUBKEY_TYPE into the cache.  The
+ * indices are taken from the search descriptors (DESC,NDESC).  */
+void
+be_cache_not_found (ctrl_t ctrl, enum pubkey_types pubkey_type,
+                    KEYDB_SEARCH_DESC *desc, unsigned int ndesc)
+{
+  unsigned int n;
+
+  (void)ctrl;
+  (void)pubkey_type;
+
+  for (n=0; n < ndesc; n++)
+    {
+      switch (desc->mode)
+        {
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          key_table_put_no_kid (desc[n].u.kid[0], desc[n].u.kid[1]);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR:
+          key_table_put_no_fpr (desc[n].u.fpr, desc[n].fprlen);
+          break;
+
+        default:
+          break;
+        }
+    }
+}
diff --git a/kbx/backend-kbx.c b/kbx/backend-kbx.c
new file mode 100644
index 0000000..eff64cf
--- /dev/null
+++ b/kbx/backend-kbx.c
@@ -0,0 +1,457 @@
+/* backend-kbx.c - Keybox format backend for keyboxd
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "keyboxd.h"
+#include "../common/i18n.h"
+#include "backend.h"
+#include "keybox.h"
+
+
+/* Our definition of the backend handle.  */
+struct backend_handle_s
+{
+  enum database_types db_type; /* Always DB_TYPE_KBX.  */
+  unsigned int backend_id;     /* Always the id of the backend.  */
+
+  void *token;  /* Used to create a new KEYBOX_HANDLE.  */
+  char filename[1];
+};
+
+
+/* Check that the file FILENAME is a valid keybox file which can be
+ * used here.  Common return codes:
+ *
+ * 0              := Valid keybox file
+ * GPG_ERR_ENOENT := No such file
+ * GPG_ERR_NO_OBJ := File exists with size zero.
+ * GPG_ERR_INV_OBJ:= File exists but is not a keybox file.
+ */
+static gpg_error_t
+check_kbx_file_magic (const char *filename)
+{
+  gpg_error_t err;
+  u32 magic;
+  unsigned char verbuf[4];
+  estream_t fp;
+
+  fp = es_fopen (filename, "rb");
+  if (!fp)
+    return gpg_error_from_syserror ();
+
+  err = gpg_error (GPG_ERR_INV_OBJ);
+  if (es_fread (&magic, 4, 1, fp) == 1 )
+    {
+      if (es_fread (&verbuf, 4, 1, fp) == 1
+          && verbuf[0] == 1
+          && es_fread (&magic, 4, 1, fp) == 1
+          && !memcmp (&magic, "KBXf", 4))
+        {
+          err = 0;
+        }
+    }
+  else /* Maybe empty: Let's create it. */
+    err = gpg_error (GPG_ERR_NO_OBJ);
+
+  es_fclose (fp);
+  return err;
+}
+
+
+/* Create new keybox file.  This can also be used if the keybox
+ * already exists but has a length of zero.  Do not use it in any
+ * other cases.  */
+static gpg_error_t
+create_keybox (const char *filename)
+{
+  gpg_error_t err;
+  dotlock_t lockhd = NULL;
+  estream_t fp;
+
+  /* To avoid races with other temporary instances of keyboxd trying
+   * to create or update the keybox, we do the next stuff in a locked
+   * state. */
+  lockhd = dotlock_create (filename, 0);
+  if (!lockhd)
+    {
+      err = gpg_error_from_syserror ();
+      /* A reason for this to fail is that the directory is not
+       * writable. However, this whole locking stuff does not make
+       * sense if this is the case. An empty non-writable directory
+       * with no keybox is not really useful at all. */
+      if (opt.verbose)
+        log_info ("can't allocate lock for '%s': %s\n",
+                  filename, gpg_strerror (err));
+      return err;
+    }
+
+  if ( dotlock_take (lockhd, -1) )
+    {
+      err = gpg_error_from_syserror ();
+      /* This is something bad.  Probably a stale lockfile.  */
+      log_info ("can't lock '%s': %s\n", filename, gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Make sure that at least one record is in a new keybox file, so
+   * that the detection magic will work the next time it is used.
+   * We always set the OpenPGP blobs maybe available flag.   */
+  fp = es_fopen (filename, "w+b,mode=-rw-------");
+  if (!fp)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error creating keybox '%s': %s\n"),
+                 filename, gpg_strerror (err));
+      goto leave;
+    }
+  err = _keybox_write_header_blob (fp, 1);
+  es_fclose (fp);
+  if (err)
+    {
+      log_error (_("error creating keybox '%s': %s\n"),
+                 filename, gpg_strerror (err));
+      goto leave;
+    }
+
+  if (!opt.quiet)
+    log_info (_("keybox '%s' created\n"), filename);
+  err = 0;
+
+ leave:
+  if (lockhd)
+    {
+      dotlock_release (lockhd);
+      dotlock_destroy (lockhd);
+    }
+  return err;
+}
+
+
+
+/* Install a new resource and return a handle for that backend.  */
+gpg_error_t
+be_kbx_add_resource (ctrl_t ctrl, backend_handle_t *r_hd,
+                     const char *filename, int readonly)
+{
+  gpg_error_t err;
+  backend_handle_t hd;
+  void *token;
+
+  (void)ctrl;
+
+  *r_hd = NULL;
+  hd = xtrycalloc (1, sizeof *hd + strlen (filename));
+  if (!hd)
+    return gpg_error_from_syserror ();
+  hd->db_type = DB_TYPE_KBX;
+  strcpy (hd->filename, filename);
+
+  err = check_kbx_file_magic (filename);
+  switch (gpg_err_code (err))
+    {
+    case 0:
+      break;
+    case GPG_ERR_ENOENT:
+    case GPG_ERR_NO_OBJ:
+      if (readonly)
+        {
+          err = gpg_error (GPG_ERR_ENOENT);
+          goto leave;
+        }
+      err = create_keybox (filename);
+      if (err)
+        goto leave;
+      break;
+    default:
+      goto leave;
+    }
+
+  err = keybox_register_file (filename, 0, &token);
+  if (err)
+    goto leave;
+
+  hd->backend_id = be_new_backend_id ();
+  hd->token = token;
+
+  *r_hd = hd;
+  hd = NULL;
+
+ leave:
+  xfree (hd);
+  return err;
+}
+
+
+/* Release the backend handle HD and all its resources.  HD is not
+ * valid after a call to this function.  */
+void
+be_kbx_release_resource (ctrl_t ctrl, backend_handle_t hd)
+{
+  (void)ctrl;
+
+  if (!hd)
+    return;
+  hd->db_type = DB_TYPE_NONE;
+
+  xfree (hd);
+}
+
+
+void
+be_kbx_release_kbx_hd (KEYBOX_HANDLE kbx_hd)
+{
+  keybox_release (kbx_hd);
+}
+
+
+/* Helper for be_find_request_part to initialize a kbx request part.  */
+gpg_error_t
+be_kbx_init_request_part (backend_handle_t backend_hd, db_request_part_t part)
+{
+  part->kbx_hd = keybox_new_openpgp (backend_hd->token, 0);
+  if (!part->kbx_hd)
+    return gpg_error_from_syserror ();
+  return 0;
+}
+
+
+/* Search for the keys described by (DESC,NDESC) and return them to
+ * the caller.  BACKEND_HD is the handle for this backend and REQUEST
+ * is the current database request object.  */
+gpg_error_t
+be_kbx_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
+               KEYDB_SEARCH_DESC *desc, unsigned int ndesc)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  size_t descindex;
+  unsigned long skipped_long_blobs;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  if (!desc)
+    err = keybox_search_reset (part->kbx_hd);
+  else
+    err = keybox_search (part->kbx_hd, desc, ndesc, KEYBOX_BLOBTYPE_PGP,
+                         &descindex, &skipped_long_blobs);
+  if (err == -1)
+    err = gpg_error (GPG_ERR_EOF);
+
+  if (desc && !err)
+    {
+      /* Successful search operation.  */
+      void *buffer;
+      size_t buflen;
+      enum pubkey_types pubkey_type;
+      unsigned char ubid[UBID_LEN];
+
+      err = keybox_get_data (part->kbx_hd, &buffer, &buflen,
+                             &pubkey_type, ubid);
+      if (err)
+        goto leave;
+      /* FIXME: Return the ephemeral flag.  */
+      err = be_return_pubkey (ctrl, buffer, buflen, pubkey_type, ubid,
+                              0, 0, 0, 0);
+      if (!err)
+        be_cache_pubkey (ctrl, ubid, buffer, buflen, pubkey_type);
+      xfree (buffer);
+    }
+
+ leave:
+  return err;
+}
+
+
+/* Seek in the keybox to the given UBID (if UBID is not NULL) or to
+ * the primary fingerprint specified by (FPR,FPRLEN).  BACKEND_HD is
+ * the handle for this backend and REQUEST is the current database
+ * request object.  This does a dummy read so that the next search
+ * operation starts right after that UBID. */
+gpg_error_t
+be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
+             db_request_t request, const unsigned char *ubid)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  size_t descindex;
+  unsigned long skipped_long_blobs;
+  KEYDB_SEARCH_DESC desc;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  memset (&desc, 0, sizeof desc);
+  desc.mode = KEYDB_SEARCH_MODE_UBID;
+  memcpy (desc.u.ubid, ubid, UBID_LEN);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  err = keybox_search_reset (part->kbx_hd);
+  if (!err)
+    err = keybox_search (part->kbx_hd, &desc, 1, 0,
+                         &descindex, &skipped_long_blobs);
+  if (err == -1)
+    err = gpg_error (GPG_ERR_EOF);
+
+ leave:
+  return err;
+}
+
+
+/* Insert (BLOB,BLOBLEN) into the keybox.  BACKEND_HD is the handle
+ * for this backend and REQUEST is the current database request
+ * object.  */
+gpg_error_t
+be_kbx_insert (ctrl_t ctrl, backend_handle_t backend_hd,
+               db_request_t request, enum pubkey_types pktype,
+               const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  ksba_cert_t cert = NULL;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  if (pktype == PUBKEY_TYPE_OPGP)
+    err = keybox_insert_keyblock (part->kbx_hd, blob, bloblen);
+  else if (pktype == PUBKEY_TYPE_X509)
+    {
+      unsigned char sha1[20];
+
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, blob, bloblen);
+      if (err)
+        goto leave;
+      gcry_md_hash_buffer (GCRY_MD_SHA1, sha1, blob, bloblen);
+
+      err = keybox_insert_cert (part->kbx_hd, cert, sha1);
+    }
+  else
+    err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ leave:
+  ksba_cert_release (cert);
+  return err;
+}
+
+
+/* Update (BLOB,BLOBLEN) in the keybox.  BACKEND_HD is the handle for
+ * this backend and REQUEST is the current database request object.  */
+gpg_error_t
+be_kbx_update (ctrl_t ctrl, backend_handle_t backend_hd,
+               db_request_t request, enum pubkey_types pktype,
+               const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  ksba_cert_t cert = NULL;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  /* FIXME: We make use of the fact that we know that the caller
+   * already did a keybox search.  This needs to be made more
+   * explicit.  */
+  if (pktype == PUBKEY_TYPE_OPGP)
+    {
+      err = keybox_update_keyblock (part->kbx_hd, blob, bloblen);
+    }
+  else if (pktype == PUBKEY_TYPE_X509)
+    {
+      unsigned char sha1[20];
+
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, blob, bloblen);
+      if (err)
+        goto leave;
+      gcry_md_hash_buffer (GCRY_MD_SHA1, sha1, blob, bloblen);
+
+      err = keybox_update_cert (part->kbx_hd, cert, sha1);
+    }
+  else
+    err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ leave:
+  ksba_cert_release (cert);
+  return err;
+}
+
+
+/* Delete the blob from the keybox.  BACKEND_HD is the handle for
+ * this backend and REQUEST is the current database request object.  */
+gpg_error_t
+be_kbx_delete (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  /* FIXME: We make use of the fact that we know that the caller
+   * already did a keybox search.  This needs to be made more
+   * explicit.  */
+  err = keybox_delete (part->kbx_hd);
+
+ leave:
+  return err;
+}
diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
new file mode 100644
index 0000000..ae2530d
--- /dev/null
+++ b/kbx/backend-sqlite.c
@@ -0,0 +1,1820 @@
+/* backend-sqlite.c - SQLite based backend for keyboxd
+ * Copyright (C) 2019, 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <sqlite3.h>
+#include <npth.h>
+
+#include "keyboxd.h"
+#include "../common/i18n.h"
+#include "../common/mbox-util.h"
+#include "backend.h"
+#include "keybox-search-desc.h"
+#include "keybox-defs.h"  /* (for the openpgp parser) */
+
+
+
+/* Our definition of the backend handle.  */
+struct backend_handle_s
+{
+  enum database_types db_type; /* Always DB_TYPE_SQLITE.  */
+  unsigned int backend_id;     /* Always the id of the backend.  */
+
+  char filename[1];
+};
+
+
+/* Definition of local request data.  */
+struct be_sqlite_local_s
+{
+  /* The statement object of the current select command.  */
+  sqlite3_stmt *select_stmt;
+
+  /* The column numbers for UIDNO and SUBKEY or 0.  */
+  int select_col_uidno;
+  int select_col_subkey;
+
+  /* The search mode represented by the current select command.  */
+  KeydbSearchMode select_mode;
+
+  /* The flags active when the select was first done.  */
+  unsigned int filter_opgp : 1;
+  unsigned int filter_x509 : 1;
+
+  /* Flag indicating that LASTUBID has a value.  */
+  unsigned int lastubid_valid : 1;
+
+  /* The current description index.  */
+  unsigned int descidx;
+
+  /* The select statement has been executed with success.  */
+  int select_done;
+
+  /* The last row has already been reached.  */
+  int select_eof;
+
+  /* The last UBID found by a select; only valid if LASTUBID_VALID is
+   * set.  This is required to return only one blob in case a search
+   * is done over the user id and the same user id occurs several
+   * times in a blob.  */
+  unsigned char lastubid[UBID_LEN];
+};
+
+
+/* The Mutex we use to protect all our SQLite calls.  */
+static npth_mutex_t database_mutex = NPTH_MUTEX_INITIALIZER;
+/* The one and only database handle. */
+static sqlite3 *database_hd;
+/* A lockfile used make sure only we are accessing the database.  */
+static dotlock_t database_lock;
+
+/* The version of our current database schema.  */
+#define DATABASE_VERSION 1
+
+/* Table definitions for the database.  */
+static struct
+{
+  const char *sql;
+  int special;
+} table_definitions[] =
+  {
+   { "PRAGMA foreign_keys = ON" },
+
+   /* Table to store config values:
+    * Standard name value pairs:
+    *   dbversion = 1
+    *   created = <ISO time string>
+    */
+   { "CREATE TABLE IF NOT EXISTS config ("
+     "name  TEXT NOT NULL UNIQUE,"
+     "value TEXT NOT NULL "
+     ")", 1 },
+
+   /* The actual data; either X.509 certificates or OpenPGP
+    * keyblocks.  */
+   { "CREATE TABLE IF NOT EXISTS pubkey ("
+     /* The 20 octet truncated primary-fpr */
+     "ubid     BLOB NOT NULL PRIMARY KEY,"
+     /* The type of the public key: 1 = openpgp, 2 = X.509.  */
+     "type  INTEGER NOT NULL,"
+     /* The Ephemeral flag as used by gpgsm. Values: 0 or 1. */
+     "ephemeral INTEGER NOT NULL DEFAULT 0,"
+     /* The Revoked flag as set by gpgsm. Values: 0 or 1. */
+     "revoked INTEGER NOT NULL DEFAULT 0,"
+     /* The OpenPGP keyblock or X.509 certificate.  */
+     "keyblob BLOB NOT NULL"
+     ")"  },
+
+   /* Table with fingerprints and keyids of OpenPGP and X.509 keys.
+    * It is also used for the primary key and the X.509 fingerprint
+    * because we want to be able to use the keyid and keygrip.  */
+   { "CREATE TABLE IF NOT EXISTS fingerprint ("
+     /* The fingerprint, for OpenPGP either 20 octets or 32 octets;
+      * for X.509 it is the same as the UBID.  */
+     "fpr  BLOB NOT NULL PRIMARY KEY,"
+     /* The long keyid as a 64 bit blob.  */
+     "kid  BLOB NOT NULL,"
+     /* The keygrip for this key.  */
+     "keygrip BLOB NOT NULL,"
+     /* 0 = primary or X.509, > 0 = subkey.  Also used as
+      * order number for the keys similar to uidno.  */
+     "subkey INTEGER NOT NULL,"
+     /* The Unique Blob ID (possibly truncated fingerprint).  */
+     "ubid BLOB NOT NULL REFERENCES pubkey"
+     ")"  },
+
+   /* Indices for the fingerprint table.  */
+   { "CREATE INDEX IF NOT EXISTS fingerprintidx0 on fingerprint (ubid)"    },
+   { "CREATE INDEX IF NOT EXISTS fingerprintidx1 on fingerprint (fpr)"     },
+   { "CREATE INDEX IF NOT EXISTS fingerprintidx2 on fingerprint (keygrip)" },
+
+   /* Table to allow fast access via user ids or mail addresses.  */
+   { "CREATE TABLE IF NOT EXISTS userid ("
+     /* The full user id - for X.509 the Subject or altSubject.  */
+     "uid  TEXT NOT NULL,"
+     /* The mail address if available or NULL.  */
+     "addrspec TEXT,"
+     /* The type of the public key: 1 = openpgp, 2 = X.509.  */
+     "type  INTEGER NOT NULL,"
+     /* The order number of the user id within the keyblock or
+      * certificates.  For X.509 0 is reserved for the issuer, 1 the
+      * subject, 2 and up the altSubjects.  For OpenPGP this starts
+      * with 1 for the first user id in the keyblock.  */
+     "uidno INTEGER NOT NULL,"
+     /* The Unique Blob ID (possibly truncated fingerprint).  */
+     "ubid BLOB NOT NULL REFERENCES pubkey"
+     ")"  },
+
+   /* Indices for the userid table.  */
+   { "CREATE INDEX IF NOT EXISTS userididx0 on userid (ubid)"     },
+   { "CREATE INDEX IF NOT EXISTS userididx1 on userid (uid)"      },
+   { "CREATE INDEX IF NOT EXISTS userididx3 on userid (addrspec)" },
+
+   /* Table to allow fast access via s/n + issuer DN  (X.509 only).  */
+   { "CREATE TABLE IF NOT EXISTS issuer ("
+     /* The hex encoded S/N.  */
+     "sn TEXT NOT NULL,"
+     /* The RFC2253 issuer DN.  */
+     "dn TEXT NOT NULL,"
+     /* The Unique Blob ID (usually the truncated fingerprint).  */
+     "ubid BLOB NOT NULL REFERENCES pubkey"
+     ")"  },
+   { "CREATE INDEX IF NOT EXISTS issueridx1 on issuer (dn)" }
+
+  };
+
+
+/*-- prototypes --*/
+static gpg_error_t get_config_value (const char *name, char **r_value);
+static gpg_error_t set_config_value (const char *name, const char *value);
+
+
+
+/* Take a lock for accessing SQLite.  */
+static void
+acquire_mutex (void)
+{
+  int res = npth_mutex_lock (&database_mutex);
+  if (res)
+    log_fatal ("failed to acquire database lock: %s\n",
+               gpg_strerror (gpg_error_from_errno (res)));
+}
+
+
+
+/* Release a lock.  */
+static void
+release_mutex (void)
+{
+  int res = npth_mutex_unlock (&database_mutex);
+  if (res)
+    log_fatal ("failed to release database db lock: %s\n",
+               gpg_strerror (gpg_error_from_errno (res)));
+}
+
+
+static void
+show_sqlstr (const char *sqlstr)
+{
+  if (!opt.verbose)
+    return;
+
+  log_info ("(SQL: %s)\n", sqlstr);
+}
+
+
+static void
+show_sqlstmt (sqlite3_stmt *stmt)
+{
+  char *p;
+
+  if (!opt.verbose)
+    return;
+
+  p = sqlite3_expanded_sql (stmt);
+  if (p)
+    log_info ("(SQL: %s)\n", p);
+  sqlite3_free (p);
+}
+
+
+static gpg_error_t
+diag_prepare_err (int res, const char *sqlstr)
+{
+  gpg_error_t err;
+
+  err = gpg_error (gpg_err_code_from_sqlite (res));
+  show_sqlstr (sqlstr);
+  log_error ("error preparing SQL statement: %s\n", sqlite3_errstr (res));
+  return err;
+}
+
+static gpg_error_t
+diag_bind_err (int res, sqlite3_stmt *stmt)
+{
+  gpg_error_t err;
+
+  err = gpg_error (gpg_err_code_from_sqlite (res));
+  show_sqlstmt (stmt);
+  log_error ("error binding a value to an SQL statement: %s\n",
+             sqlite3_errstr (res));
+  return err;
+}
+
+
+static gpg_error_t
+diag_step_err (int res, sqlite3_stmt *stmt)
+{
+  gpg_error_t err;
+
+  err = gpg_error (gpg_err_code_from_sqlite (res));
+  show_sqlstmt (stmt);
+  log_error ("error executing SQL statement: %s\n", sqlite3_errstr (res));
+  return err;
+}
+
+
+/* We store the keyid in the database as an 8 byte blob.  This
+ * function converts it from the usual u32[2] array.  BUFFER is a
+ * caller provided buffer of at least 8 bytes; a pointer to that
+ * buffer is the return value.  */
+static GPGRT_INLINE unsigned char *
+kid_from_u32 (u32 *keyid, unsigned char *buffer)
+{
+  buffer[0] = keyid[0] >> 24;
+  buffer[1] = keyid[0] >> 16;
+  buffer[2] = keyid[0] >> 8;
+  buffer[3] = keyid[0];
+  buffer[4] = keyid[1] >> 24;
+  buffer[5] = keyid[1] >> 16;
+  buffer[6] = keyid[1] >> 8;
+  buffer[7] = keyid[1];
+
+  return buffer;
+}
+
+
+/* Run an SQL reset on STMT.  */
+static gpg_error_t
+run_sql_reset (sqlite3_stmt *stmt)
+{
+  gpg_error_t err;
+  int res;
+
+  res = sqlite3_reset (stmt);
+  if (res)
+    {
+      err = gpg_error (gpg_err_code_from_sqlite (res));
+      show_sqlstmt (stmt);
+      log_error ("error executing SQL reset: %s\n", sqlite3_errstr (res));
+    }
+  else
+    err = 0;
+  return err;
+}
+
+
+/* Run an SQL prepare for SQLSTR and return a statement at R_STMT.  If
+ * EXTRA or EXTRA2 are not NULL these parts are appended to the SQL
+ * statement.  */
+static gpg_error_t
+run_sql_prepare (const char *sqlstr, const char *extra, const char *extra2,
+                 sqlite3_stmt **r_stmt)
+{
+  gpg_error_t err;
+  int res;
+  char *buffer = NULL;
+
+  if (extra || extra2)
+    {
+      buffer = strconcat (sqlstr, extra?extra:"", extra2, NULL);
+      if (!buffer)
+        return gpg_error_from_syserror ();
+      sqlstr = buffer;
+    }
+
+  res = sqlite3_prepare_v2 (database_hd, sqlstr, -1, r_stmt, NULL);
+  if (res)
+    err = diag_prepare_err (res, sqlstr);
+  else
+    err = 0;
+  xfree (buffer);
+  return err;
+}
+
+
+/* Helper to bind a BLOB parameter to a statement.  */
+static gpg_error_t
+run_sql_bind_blob (sqlite3_stmt *stmt, int no,
+                   const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  int res;
+
+  res = sqlite3_bind_blob (stmt, no, blob, bloblen, SQLITE_TRANSIENT);
+  if (res)
+    err = diag_bind_err (res, stmt);
+  else
+    err = 0;
+  return err;
+}
+
+
+/* Helper to bind an INTEGER parameter to a statement.  */
+static gpg_error_t
+run_sql_bind_int (sqlite3_stmt *stmt, int no, int value)
+{
+  gpg_error_t err;
+  int res;
+
+  res = sqlite3_bind_int (stmt, no, value);
+  if (res)
+    err = diag_bind_err (res, stmt);
+  else
+    err = 0;
+  return err;
+}
+
+
+/* Helper to bind a string parameter to a statement.  VALUE is allowed
+ * to be NULL to bind NULL.  */
+static gpg_error_t
+run_sql_bind_ntext (sqlite3_stmt *stmt, int no,
+                    const char *value, size_t valuelen)
+{
+  gpg_error_t err;
+  int res;
+
+  res = sqlite3_bind_text (stmt, no, value, value? valuelen:0,
+                           SQLITE_TRANSIENT);
+  if (res)
+    err = diag_bind_err (res, stmt);
+  else
+    err = 0;
+  return err;
+}
+
+
+/* Helper to bind a string parameter to a statement.  VALUE is allowed
+ * to be NULL to bind NULL.  */
+static gpg_error_t
+run_sql_bind_text (sqlite3_stmt *stmt, int no, const char *value)
+{
+  return run_sql_bind_ntext (stmt, no, value, value? strlen (value):0);
+}
+
+
+/* Helper to bind a string parameter to a statement.  VALUE is allowed
+ * to be NULL to bind NULL.  A non-NULL VALUE is clamped with percent
+ * signs.  */
+static gpg_error_t
+run_sql_bind_text_like (sqlite3_stmt *stmt, int no, const char *value)
+{
+  gpg_error_t err;
+  int res;
+  char *buf;
+
+  if (!value)
+    {
+      res = sqlite3_bind_null (stmt, no);
+      buf = NULL;
+    }
+  else
+    {
+      buf = xtrymalloc (strlen (value) + 2 + 1);
+      if (!buf)
+        return gpg_error_from_syserror ();
+      *buf = '%';
+      strcpy (buf+1, value);
+      strcat (buf+1, "%");
+      res = sqlite3_bind_text (stmt, no, buf, strlen (buf), SQLITE_TRANSIENT);
+    }
+  if (res)
+    err = diag_bind_err (res, stmt);
+  else
+    err = 0;
+  xfree (buf);
+  return err;
+}
+
+
+/* Wrapper around sqlite3_step for use with simple functions.  */
+static gpg_error_t
+run_sql_step (sqlite3_stmt *stmt)
+{
+  gpg_error_t err;
+  int res;
+
+  show_sqlstmt (stmt);
+  res = sqlite3_step (stmt);
+  if (res != SQLITE_DONE)
+    err = diag_step_err (res, stmt);
+  else
+    err = 0;
+  return err;
+}
+
+
+/* Wrapper around sqlite3_step for use with select.  This version does
+ * not print diags for SQLITE_DONE or SQLITE_ROW but returns them as
+ * gpg error codes.  */
+static gpg_error_t
+run_sql_step_for_select (sqlite3_stmt *stmt)
+{
+  gpg_error_t err;
+  int res;
+
+  res = sqlite3_step (stmt);
+  if (res == SQLITE_DONE || res == SQLITE_ROW)
+    err = gpg_error (gpg_err_code_from_sqlite (res));
+  else
+    {
+      /* SQL_OK is unexpected for a select so in this case we return
+       * the OK error code by bypassing the special mapping.  */
+      if (!res)
+        err = gpg_error (GPG_ERR_SQL_OK);
+      else
+        err = gpg_error (gpg_err_code_from_sqlite (res));
+      show_sqlstmt (stmt);
+      log_error ("error running SQL step: %s\n", sqlite3_errstr (res));
+    }
+  return err;
+}
+
+
+/* Run the simple SQL statement in SQLSTR.  If UBID is not NULL this
+ * will be bound to ?1 in SQLSTR.  This command may not be used for
+ * select or other command which return rows.  */
+static gpg_error_t
+run_sql_statement_bind_ubid (const char *sqlstr, const unsigned char *ubid)
+{
+  gpg_error_t err;
+  sqlite3_stmt *stmt;
+
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  if (err)
+    goto leave;
+  if (ubid)
+    {
+      err = run_sql_bind_blob (stmt, 1, ubid, UBID_LEN);
+      if (err)
+        goto leave;
+    }
+
+  err = run_sql_step (stmt);
+  sqlite3_finalize (stmt);
+  if (err)
+    goto leave;
+
+ leave:
+  return err;
+}
+
+
+/* Run the simple SQL statement in SQLSTR.  This command may not be used
+ * for select or other command which return rows.  */
+static gpg_error_t
+run_sql_statement (const char *sqlstr)
+{
+  return run_sql_statement_bind_ubid (sqlstr, NULL);
+}
+
+
+/* Create and initialize a new SQL database file if it does not
+ * exists; else open it and check that all required objects are
+ * available.  */
+static gpg_error_t
+create_or_open_database (const char *filename)
+{
+  gpg_error_t err;
+  int res;
+  int idx;
+  char *value;
+  int dbversion;
+  int setdbversion = 0;
+
+  if (database_hd)
+    return 0;  /* Already initialized.  */
+
+  acquire_mutex ();
+
+  /* To avoid races with other temporary instances of keyboxd trying
+   * to create or update the database, we run the database with a lock
+   * file held. */
+  database_lock = dotlock_create (filename, 0);
+  if (!database_lock)
+    {
+      err = gpg_error_from_syserror ();
+      /* A reason for this to fail is that the directory is not
+       * writable. However, this whole locking stuff does not make
+       * sense if this is the case. An empty non-writable directory
+       * with no database is not really useful at all. */
+      if (opt.verbose)
+        log_info ("can't allocate lock for '%s': %s\n",
+                  filename, gpg_strerror (err));
+      goto leave;
+    }
+
+  if (dotlock_take (database_lock, -1))
+    {
+      err = gpg_error_from_syserror ();
+      /* This is something bad.  Probably a stale lockfile.  */
+      log_info ("can't lock '%s': %s\n", filename, gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Database has not yet been opened.  Open or create it, make sure
+   * the tables exist, and prepare the required statements.  We use
+   * our own locking instead of the more complex serialization sqlite
+   * would have to do and it avoid that we call
+   * npth_unprotect/protect.  */
+  res = sqlite3_open_v2 (filename,
+                         &database_hd,
+                         (SQLITE_OPEN_READWRITE
+                          | SQLITE_OPEN_CREATE
+                          | SQLITE_OPEN_NOMUTEX),
+                         NULL);
+  if (res)
+    {
+      err = gpg_error (gpg_err_code_from_sqlite (res));
+      log_error ("error opening '%s': %s\n", filename, sqlite3_errstr (res));
+      goto leave;
+    }
+  /* Enable extended error codes.  */
+  sqlite3_extended_result_codes (database_hd, 1);
+
+  /* Create the tables if needed.  */
+  for (idx=0; idx < DIM(table_definitions); idx++)
+    {
+      err = run_sql_statement (table_definitions[idx].sql);
+      if (err)
+        goto leave;
+      if (table_definitions[idx].special == 1)
+        {
+          /* Check and create dbversion etc entries.  */
+          err = get_config_value ("dbversion", &value);
+          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+            {
+              dbversion = 0;
+              setdbversion = 1;
+            }
+          else if (err)
+            {
+              log_error ("error reading database version: %s\n",
+                         gpg_strerror (err));
+              err = 0;
+              dbversion = 0;
+            }
+          else if ((dbversion = atoi (value)) < 1)
+            {
+              log_error ("database version %d is not valid\n", dbversion);
+              dbversion = 0;
+            }
+          log_info ("database version: %d\n", dbversion);
+
+          xfree (value);
+          err = get_config_value ("created", &value);
+          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+            log_info ("database created: %.50s\n", "[unknown]");
+          else if (err)
+            log_error ("error getting database creation date: %s\n",
+                       gpg_strerror (err));
+          else
+            log_info ("database created: %.50s\n", value);
+
+          xfree (value);
+          value = NULL;
+        }
+    }
+
+  if (!opt.quiet)
+    log_info (_("database '%s' created\n"), filename);
+
+  if (setdbversion)
+    {
+      err = set_config_value ("dbversion", STR2(DATABASE_VERSION));
+      if (!err)
+        err = set_config_value ("created", isotimestamp (gnupg_get_time ()));
+    }
+
+
+  err = 0;
+
+ leave:
+  if (err)
+    {
+      log_error (_("error creating database '%s': %s\n"),
+                 filename, gpg_strerror (err));
+      dotlock_release (database_lock);
+      dotlock_destroy (database_lock);
+      database_lock = NULL;
+    }
+  release_mutex ();
+  return err;
+}
+
+
+/* Install a new resource and return a handle for that backend.  */
+gpg_error_t
+be_sqlite_add_resource (ctrl_t ctrl, backend_handle_t *r_hd,
+                        const char *filename, int readonly)
+{
+  gpg_error_t err;
+  backend_handle_t hd;
+
+  (void)ctrl;
+  (void)readonly;  /* FIXME: implement read-only mode.  */
+
+  *r_hd = NULL;
+  hd = xtrycalloc (1, sizeof *hd + strlen (filename));
+  if (!hd)
+    return gpg_error_from_syserror ();
+  hd->db_type = DB_TYPE_SQLITE;
+  strcpy (hd->filename, filename);
+
+  err = create_or_open_database (filename);
+  if (err)
+    goto leave;
+
+  hd->backend_id = be_new_backend_id ();
+
+  *r_hd = hd;
+  hd = NULL;
+
+ leave:
+  xfree (hd);
+  return err;
+}
+
+
+/* Release the backend handle HD and all its resources.  HD is not
+ * valid after a call to this function.  */
+void
+be_sqlite_release_resource (ctrl_t ctrl, backend_handle_t hd)
+{
+  (void)ctrl;
+
+  if (!hd)
+    return;
+  hd->db_type = DB_TYPE_NONE;
+
+  xfree (hd);
+}
+
+
+/* Helper for be_find_request_part to initialize a sqlite request part.  */
+gpg_error_t
+be_sqlite_init_local (backend_handle_t backend_hd, db_request_part_t part)
+{
+  (void)backend_hd;
+
+  part->besqlite = xtrycalloc (1, sizeof *part->besqlite);
+  if (!part->besqlite)
+    return gpg_error_from_syserror ();
+  return 0;
+}
+
+
+/* Release local data of a sqlite request part.  */
+void
+be_sqlite_release_local (be_sqlite_local_t ctx)
+{
+  if (ctx->select_stmt)
+    sqlite3_finalize (ctx->select_stmt);
+  xfree (ctx);
+}
+
+
+gpg_error_t
+be_sqlite_rollback (void)
+{
+  opt.in_transaction = 0;
+  if (!opt.active_transaction)
+    return 0;  /* Nothing to do.  */
+
+  if (!database_hd)
+    {
+      log_error ("Warning: No database handle for global rollback\n");
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+
+  opt.active_transaction = 0;
+  return run_sql_statement ("rollback");
+}
+
+
+gpg_error_t
+be_sqlite_commit (void)
+{
+  opt.in_transaction = 0;
+  if (!opt.active_transaction)
+    return 0;  /* Nothing to do.  */
+
+  if (!database_hd)
+    {
+      log_error ("Warning: No database handle for global commit\n");
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+
+  opt.active_transaction = 0;
+  return run_sql_statement ("commit");
+}
+
+
+/* Return a value from the config table.  NAME most not have quotes
+ * etc.  If no error is returned the caller must xfree the value
+ * stored at R_VALUE.  On error NULL is stored there.  */
+static gpg_error_t
+get_config_value (const char *name, char **r_value)
+{
+  gpg_error_t err;
+  sqlite3_stmt *stmt;
+  char *sqlstr;
+  const char *s;
+
+  *r_value = NULL;
+
+  sqlstr = strconcat ("SELECT value FROM config WHERE name='", name, "'", NULL);
+  if (!sqlstr)
+    return gpg_error_from_syserror ();
+
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  xfree (sqlstr);
+  if (err)
+    return err;
+
+  err = run_sql_step_for_select (stmt);
+  if (gpg_err_code (err) == GPG_ERR_SQL_ROW)
+    {
+      s = sqlite3_column_text (stmt, 0);
+      *r_value = xtrystrdup (s? s : "");
+      if (!*r_value)
+        err = gpg_error_from_syserror ();
+      else
+        err = 0;
+    }
+  else if (gpg_err_code (err) == GPG_ERR_SQL_DONE)
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+  else
+    log_assert (err);  /* We'll never see 0 here.  */
+
+  sqlite3_finalize (stmt);
+
+  return err;
+}
+
+
+/* Insert or update a value in the config table.  */
+static gpg_error_t
+set_config_value (const char *name, const char *value)
+{
+  gpg_error_t err;
+  sqlite3_stmt *stmt;
+
+  err = run_sql_prepare ("INSERT OR REPLACE INTO config(name,value)"
+                         " VALUES(?1,?2)", NULL, NULL, &stmt);
+  if (err)
+    return err;
+
+  err = run_sql_bind_text (stmt, 1, name);
+  if (!err)
+    err = run_sql_bind_text (stmt, 2, value);
+  if (!err)
+    err = run_sql_step (stmt);
+
+  sqlite3_finalize (stmt);
+
+  return err;
+}
+
+
+/* Run a select for the search given by (DESC,NDESC).  The data is not
+ * returned but stored in the request item.  */
+static gpg_error_t
+run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
+                      KEYDB_SEARCH_DESC *desc, unsigned int ndesc)
+{
+  gpg_error_t err = 0;
+  unsigned int descidx;
+  const char *extra = NULL;
+  unsigned char kidbuf[8];
+
+
+  descidx = ctx->descidx;
+  if (descidx >= ndesc)
+    {
+      err = gpg_error (GPG_ERR_EOF);
+      goto leave;
+    }
+
+  /* Check whether we can re-use the current select statement.  */
+  if (!ctx->select_stmt)
+    ;
+  else if (ctx->select_mode != desc[descidx].mode)
+    {
+      sqlite3_finalize (ctx->select_stmt);
+      ctx->select_stmt = NULL;
+    }
+  else if (ctx->filter_opgp != ctrl->filter_opgp
+           || ctx->filter_x509 != ctrl->filter_x509)
+    {
+      /* The filter flags changed, thus we can't reuse the statement.  */
+      sqlite3_finalize (ctx->select_stmt);
+      ctx->select_stmt = NULL;
+    }
+
+  ctx->select_mode = desc[descidx].mode;
+  ctx->filter_opgp = ctrl->filter_opgp;
+  ctx->filter_x509 = ctrl->filter_x509;
+
+  /* Prepare the select and bind the parameters.  */
+  if (ctx->select_stmt)
+    {
+      err = run_sql_reset (ctx->select_stmt);
+      if (err)
+        goto leave;
+    }
+  else
+    {
+      if (ctx->filter_opgp && ctx->filter_x509)
+        extra = " AND ( p.type = 1 OR p.type = 2 )";
+      else if (ctx->filter_opgp && !ctx->filter_x509)
+        extra = " AND p.type = 1";
+      else if (!ctx->filter_opgp && ctx->filter_x509)
+        extra = " AND p.type = 2";
+
+      err = 0;
+    }
+
+
+  ctx->select_col_uidno = ctx->select_col_subkey = 0;
+  switch (desc[descidx].mode)
+    {
+    case KEYDB_SEARCH_MODE_NONE:
+      never_reached ();
+      err = gpg_error (GPG_ERR_INTERNAL);
+      break;
+
+    case KEYDB_SEARCH_MODE_EXACT:
+      ctx->select_col_uidno = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, u.uidno"
+                               " FROM pubkey as p, userid as u"
+                               " WHERE p.ubid = u.ubid AND u.uid = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text (ctx->select_stmt, 1, desc[descidx].u.name);
+      break;
+    case KEYDB_SEARCH_MODE_MAIL:
+      ctx->select_col_uidno = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, u.uidno"
+                               " FROM pubkey as p, userid as u"
+                               " WHERE p.ubid = u.ubid AND u.addrspec = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text (ctx->select_stmt, 1, desc[descidx].u.name);
+      break;
+
+    case KEYDB_SEARCH_MODE_MAILSUB:
+      ctx->select_col_uidno = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, u.uidno"
+                               " FROM pubkey as p, userid as u"
+                               " WHERE p.ubid = u.ubid AND u.addrspec LIKE ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text_like (ctx->select_stmt, 1,
+                                      desc[descidx].u.name);
+      break;
+
+    case KEYDB_SEARCH_MODE_SUBSTR:
+      ctx->select_col_uidno = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, u.uidno"
+                               " FROM pubkey as p, userid as u"
+                               " WHERE p.ubid = u.ubid AND u.uid LIKE ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text_like (ctx->select_stmt, 1,
+                                      desc[descidx].u.name);
+      break;
+
+    case KEYDB_SEARCH_MODE_MAILEND:
+    case KEYDB_SEARCH_MODE_WORDS:
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+      break;
+
+    case KEYDB_SEARCH_MODE_ISSUER:
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob"
+                               " FROM pubkey as p, issuer as i"
+                               " WHERE p.ubid = i.ubid"
+                               " AND i.dn = $1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text (ctx->select_stmt, 1,
+                                 desc[descidx].u.name);
+      break;
+
+    case KEYDB_SEARCH_MODE_ISSUER_SN:
+      if (!desc[descidx].snhex)
+        {
+          /* We should never get a binary S/N here.  */
+          log_debug ("%s: issuer_sn with binary s/n\n", __func__);
+          err = gpg_error (GPG_ERR_INTERNAL);
+        }
+      else
+        {
+          if (!ctx->select_stmt)
+            err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
+                                   " p.revoked, p.keyblob"
+                                   " FROM pubkey as p, issuer as i"
+                                   " WHERE p.ubid = i.ubid"
+                                   " AND i.sn = $1 AND i.dn = $2",
+                                   extra, " ORDER BY p.ubid",
+                                   &ctx->select_stmt);
+          if (!err)
+            err = run_sql_bind_ntext (ctx->select_stmt, 1,
+                                      desc[descidx].sn, desc[descidx].snlen);
+          if (!err)
+            err = run_sql_bind_text (ctx->select_stmt, 2,
+                                     desc[descidx].u.name);
+        }
+      break;
+
+    case KEYDB_SEARCH_MODE_SN:
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);  /* FIXME */
+      /* if (has_sn (blob, sn_array? sn_array[n].sn : desc[n].sn, */
+      /*             sn_array? sn_array[n].snlen : desc[n].snlen)) */
+      /*   goto found; */
+      break;
+
+    case KEYDB_SEARCH_MODE_SUBJECT:
+      ctx->select_col_uidno = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, u.uidno"
+                               " FROM pubkey as p, userid as u"
+                               " WHERE p.ubid = u.ubid"
+                               " AND u.uid = $1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_text (ctx->select_stmt, 1,
+                                 desc[descidx].u.name);
+      break;
+
+    case KEYDB_SEARCH_MODE_SHORT_KID:
+      ctx->select_col_subkey = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
+                               " p.revoked, p.keyblob, f.subkey"
+                               " FROM pubkey as p, fingerprint as f"
+                               " WHERE p.ubid = f.ubid AND"
+                               " substr(f.kid,5) = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_blob (ctx->select_stmt, 1,
+                                 kid_from_u32 (desc[descidx].u.kid, kidbuf)+4,
+                                 4);
+      break;
+
+    case KEYDB_SEARCH_MODE_LONG_KID:
+      ctx->select_col_subkey = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
+                               " p.revoked, p.keyblob, f.subkey"
+                               " FROM pubkey as p, fingerprint as f"
+                               " WHERE p.ubid = f.ubid AND f.kid = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_blob (ctx->select_stmt, 1,
+                                 kid_from_u32 (desc[descidx].u.kid, kidbuf),
+                                 8);
+      break;
+
+    case KEYDB_SEARCH_MODE_FPR:
+      ctx->select_col_subkey = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
+                               " p.revoked, p.keyblob, f.subkey"
+                               " FROM pubkey as p, fingerprint as f"
+                               " WHERE p.ubid = f.ubid AND f.fpr = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_blob (ctx->select_stmt, 1,
+                                 desc[descidx].u.fpr, desc[descidx].fprlen);
+      break;
+
+    case KEYDB_SEARCH_MODE_KEYGRIP:
+      ctx->select_col_subkey = 5;
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
+                               " p.keyblob, f.subkey"
+                               " FROM pubkey as p, fingerprint as f"
+                               " WHERE p.ubid = f.ubid AND f.keygrip = ?1",
+                               extra, " ORDER BY p.ubid", &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_blob (ctx->select_stmt, 1,
+                                 desc[descidx].u.grip, KEYGRIP_LEN);
+      break;
+
+    case KEYDB_SEARCH_MODE_UBID:
+      if (!ctx->select_stmt)
+        err = run_sql_prepare ("SELECT ubid, type, ephemeral, revoked, keyblob"
+                               " FROM pubkey as p"
+                               " WHERE ubid = ?1",
+                               extra, NULL, &ctx->select_stmt);
+      if (!err)
+        err = run_sql_bind_blob (ctx->select_stmt, 1,
+                                 desc[descidx].u.ubid, UBID_LEN);
+      break;
+
+    case KEYDB_SEARCH_MODE_FIRST:
+      if (!ctx->select_stmt)
+        {
+          if (ctx->filter_opgp && ctx->filter_x509)
+            extra = " WHERE ( p.type = 1 OR p.type = 2 ) ORDER by ubid";
+          else if (ctx->filter_opgp && !ctx->filter_x509)
+            extra = " WHERE p.type = 1 ORDER by ubid";
+          else if (!ctx->filter_opgp && ctx->filter_x509)
+            extra = " WHERE p.type = 2 ORDER by ubid";
+          else
+            extra = " ORDER by ubid";
+
+          err = run_sql_prepare ("SELECT ubid, type, ephemeral, revoked,"
+                                 " keyblob"
+                                 " FROM pubkey as p",
+                                 extra, NULL, &ctx->select_stmt);
+        }
+      break;
+
+    case KEYDB_SEARCH_MODE_NEXT:
+      err = gpg_error (GPG_ERR_INTERNAL);
+      break;
+
+    default:
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      break;
+    }
+
+ leave:
+  return err;
+}
+
+
+/* Search for the keys described by (DESC,NDESC) and return them to
+ * the caller.  BACKEND_HD is the handle for this backend and REQUEST
+ * is the current database request object.  */
+gpg_error_t
+be_sqlite_search (ctrl_t ctrl,
+                  backend_handle_t backend_hd, db_request_t request,
+                  KEYDB_SEARCH_DESC *desc, unsigned int ndesc)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  be_sqlite_local_t ctx;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_SQLITE);
+  log_assert (request);
+
+  acquire_mutex ();
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+  ctx = part->besqlite;
+
+  if (!desc)
+    {
+      /* Reset */
+      ctx->select_done = 0;
+      ctx->select_eof = 0;
+      ctx->descidx = 0;
+      ctx->lastubid_valid = 0;
+      err = 0;
+      goto leave;
+    }
+
+  if (ctx->select_eof)
+    {
+      /* Still in EOF state.  */
+      err = gpg_error (GPG_ERR_EOF);
+      goto leave;
+    }
+
+  /* Start a global transaction if needed.  */
+  if (!opt.active_transaction && opt.in_transaction)
+    {
+      err = run_sql_statement ("begin transaction");
+      if (err)
+        goto leave;
+      opt.active_transaction = 1;
+    }
+
+
+ again:
+  if (!ctx->select_done)
+    {
+      /* Initial search - run the select.  */
+      err = run_select_statement (ctrl, ctx, desc, ndesc);
+      if (err)
+        goto leave;
+      ctx->select_done = 1;
+    }
+
+  show_sqlstmt (ctx->select_stmt);
+
+  /* SQL select succeeded - get the first or next row. */
+  err = run_sql_step_for_select (ctx->select_stmt);
+  if (gpg_err_code (err) == GPG_ERR_SQL_ROW)
+    {
+      int n;
+      const void *ubid, *keyblob;
+      size_t keybloblen;
+      enum pubkey_types pubkey_type;
+      int is_ephemeral, is_revoked;
+      int pk_no, uid_no;
+
+      ubid = sqlite3_column_blob (ctx->select_stmt, 0);
+      n = sqlite3_column_bytes (ctx->select_stmt, 0);
+      if (!ubid || n < 0)
+        {
+          if (!ubid && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+            err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+          else
+            err = gpg_error (GPG_ERR_DB_CORRUPTED);
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column UBID: No column (n=%d)\n",n);
+          goto leave;
+        }
+      if (n != UBID_LEN)
+        {
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column UBID: Bad value (n=%d)\n",n);
+          err = gpg_error (GPG_ERR_INV_VALUE);
+          goto leave;
+        }
+
+      if (ctx->lastubid_valid && !memcmp (ctx->lastubid, ubid, UBID_LEN))
+        {
+          /* The search has already returned this blob and thus we may
+           * not return this again.  Consider the case that we are
+           * searching for user id "foo" and a keyblock or certificate
+           * has several userids with "foo" in it (or with even a full
+           * mail address in it but with other extra parts).  The code
+           * in gpg and gpgsm expects to see only a single block and
+           * not several of them.  Whether the UIDNO makes any sense
+           * in this case is questionable and we ignore that because
+           * we currently are not able to return several UIDNOs.  */
+          goto again;
+        }
+      memcpy (ctx->lastubid, ubid, UBID_LEN);
+      ctx->lastubid_valid = 1;
+
+      n = sqlite3_column_int (ctx->select_stmt, 1);
+      if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+        {
+          err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column TYPE: %s)\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+      pubkey_type = n;
+
+      n = sqlite3_column_int (ctx->select_stmt, 2);
+      if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+        {
+          err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column EPHEMERAL: %s)\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+      is_ephemeral = !!n;
+
+      n = sqlite3_column_int (ctx->select_stmt, 3);
+      if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+        {
+          err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column REVOKED: %s)\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+      is_revoked = !!n;
+
+      keyblob = sqlite3_column_blob (ctx->select_stmt, 4);
+      n = sqlite3_column_bytes (ctx->select_stmt, 4);
+      if (!keyblob || n < 0)
+        {
+          if (!keyblob && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+            err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+          else
+            err = gpg_error (GPG_ERR_DB_CORRUPTED);
+          show_sqlstmt (ctx->select_stmt);
+          log_error ("error in returned SQL column KEYBLOB: %s\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+      keybloblen = n;
+
+      if (ctx->select_col_uidno)
+        {
+          n = sqlite3_column_int (ctx->select_stmt, ctx->select_col_uidno);
+          if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+            {
+              err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+              show_sqlstmt (ctx->select_stmt);
+              log_error ("error in returned SQL column UIDNO: %s)\n",
+                         gpg_strerror (err));
+              uid_no = 0;
+            }
+          else if (n < 0)
+            uid_no = 0;
+          else
+            uid_no = n + 1;
+        }
+      else
+        uid_no = 0;
+
+      if (ctx->select_col_subkey)
+        {
+          n = sqlite3_column_int (ctx->select_stmt, ctx->select_col_subkey);
+          if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
+            {
+              err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
+              show_sqlstmt (ctx->select_stmt);
+              log_error ("error in returned SQL column SUBKEY: %s)\n",
+                         gpg_strerror (err));
+              goto leave;
+            }
+          else if (n < 0)
+            pk_no = 0;
+          else
+            pk_no = n + 1;
+        }
+      else
+        pk_no = 0;
+
+      err = be_return_pubkey (ctrl, keyblob, keybloblen, pubkey_type,
+                              ubid, is_ephemeral, is_revoked, uid_no, pk_no);
+      if (!err)
+        be_cache_pubkey (ctrl, ubid, keyblob, keybloblen, pubkey_type);
+    }
+  else if (gpg_err_code (err) == GPG_ERR_SQL_DONE)
+    {
+      if (++ctx->descidx < ndesc)
+        {
+          ctx->select_done = 0;
+          goto again;
+        }
+      err = gpg_error (GPG_ERR_EOF);
+      ctx->select_eof = 1;
+    }
+  else
+    {
+      log_assert (err);
+    }
+
+ leave:
+  release_mutex ();
+  return err;
+}
+
+
+
+/* Helper for be_sqlite_store to update or insert a row in the pubkey
+ * table.  */
+static gpg_error_t
+store_into_pubkey (enum kbxd_store_modes mode,
+                   enum pubkey_types pktype, const unsigned char *ubid,
+                   const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  const char *sqlstr;
+  sqlite3_stmt *stmt = NULL;
+
+  if (mode == KBXD_STORE_UPDATE)
+    sqlstr = ("UPDATE pubkey set keyblob = ?3, type = ?2 WHERE ubid = ?1");
+  else if (mode == KBXD_STORE_INSERT)
+    sqlstr = ("INSERT INTO pubkey(ubid,type,keyblob) VALUES(?1,?2,?3)");
+  else /* Auto */
+    sqlstr = ("INSERT OR REPLACE INTO pubkey(ubid,type,keyblob)"
+              " VALUES(?1,?2,?3)");
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 1, ubid, UBID_LEN);
+  if (err)
+    goto leave;
+  err = run_sql_bind_int (stmt, 2, (int)pktype);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 3, blob, bloblen);
+  if (err)
+    goto leave;
+
+  err = run_sql_step (stmt);
+
+ leave:
+  if (stmt)
+    sqlite3_finalize (stmt);
+  return err;
+}
+
+
+/* Helper for be_sqlite_store to update or insert a row in the
+ * fingerprint table.  */
+static gpg_error_t
+store_into_fingerprint (const unsigned char *ubid, int subkey,
+                        const unsigned char *keygrip,
+                        const unsigned char *kid,
+                        const unsigned char *fpr, int fprlen)
+{
+  gpg_error_t err;
+  const char *sqlstr;
+  sqlite3_stmt *stmt = NULL;
+
+  sqlstr = ("INSERT OR REPLACE INTO fingerprint(fpr,kid,keygrip,subkey,ubid)"
+            " VALUES(?1,?2,?3,?4,?5)");
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 1, fpr, fprlen);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 2, kid, 8);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 3, keygrip, KEYGRIP_LEN);
+  if (err)
+    goto leave;
+  err = run_sql_bind_int (stmt, 4, subkey);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 5, ubid, UBID_LEN);
+  if (err)
+    goto leave;
+
+  err = run_sql_step (stmt);
+
+ leave:
+  if (stmt)
+    sqlite3_finalize (stmt);
+  return err;
+}
+
+
+/* Helper for be_sqlite_store to update or insert a row in the userid
+ * table.  If OVERRIDE_MBOX is set, that value is used instead of a
+ * value extracted from UID. */
+static gpg_error_t
+store_into_userid (const unsigned char *ubid, enum pubkey_types pktype,
+                   const char *uid, int uidno, const char *override_mbox)
+{
+  gpg_error_t err;
+  const char *sqlstr;
+  sqlite3_stmt *stmt = NULL;
+  char *addrspec = NULL;
+
+  sqlstr = ("INSERT OR REPLACE INTO userid(uid,addrspec,type,ubid,uidno)"
+            " VALUES(?1,?2,?3,?4,?5)");
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  if (err)
+    goto leave;
+
+  err = run_sql_bind_text (stmt, 1, uid);
+  if (err)
+    goto leave;
+
+  if (override_mbox)
+    err = run_sql_bind_text (stmt, 2, override_mbox);
+  else
+    {
+      addrspec = mailbox_from_userid (uid, 0);
+      err = run_sql_bind_text (stmt, 2, addrspec);
+    }
+  if (err)
+    goto leave;
+
+  err = run_sql_bind_int (stmt, 3, pktype);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 4, ubid, UBID_LEN);
+  if (err)
+    goto leave;
+  err = run_sql_bind_int (stmt, 5, uidno);
+  if (err)
+    goto leave;
+
+  err = run_sql_step (stmt);
+
+ leave:
+  if (stmt)
+    sqlite3_finalize (stmt);
+  xfree (addrspec);
+  return err;
+}
+
+
+/* Helper for be_sqlite_store to update or insert a row in the
+ * issuer table.  */
+static gpg_error_t
+store_into_issuer (const unsigned char *ubid,
+                   const char *sn, const char *issuer)
+{
+  gpg_error_t err;
+  const char *sqlstr;
+  sqlite3_stmt *stmt = NULL;
+  char *addrspec = NULL;
+
+  sqlstr = ("INSERT OR REPLACE INTO issuer(sn,dn,ubid)"
+            " VALUES(?1,?2,?3)");
+  err = run_sql_prepare (sqlstr, NULL, NULL, &stmt);
+  if (err)
+    goto leave;
+
+  err = run_sql_bind_text (stmt, 1, sn);
+  if (err)
+    goto leave;
+  err = run_sql_bind_text (stmt, 2, issuer);
+  if (err)
+    goto leave;
+  err = run_sql_bind_blob (stmt, 3, ubid, UBID_LEN);
+  if (err)
+    goto leave;
+
+  err = run_sql_step (stmt);
+
+ leave:
+  if (stmt)
+    sqlite3_finalize (stmt);
+  xfree (addrspec);
+  return err;
+}
+
+
+/* Store (BLOB,BLOBLEN) into the database.  UBID is the UBID matching
+ * that blob.  BACKEND_HD is the handle for this backend and REQUEST
+ * is the current database request object.  MODE is the store
+ * mode.  */
+gpg_error_t
+be_sqlite_store (ctrl_t ctrl, backend_handle_t backend_hd,
+                 db_request_t request, enum kbxd_store_modes mode,
+                 enum pubkey_types pktype, const unsigned char *ubid,
+                 const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  /* be_sqlite_local_t ctx; */
+  int got_mutex = 0;
+  int in_transaction = 0;
+  int info_valid = 0;
+  struct _keybox_openpgp_info info;
+  ksba_cert_t cert = NULL;
+  char *sn = NULL;
+  char *dn = NULL;
+  char *kludge_mbox = NULL;
+  int uidno;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_SQLITE);
+  log_assert (request);
+
+  /* Fixme: The code below is duplicated in be_ubid_from_blob - we
+   * should have only one function and pass the passed info around
+   * with the BLOB.  */
+
+  if (be_is_x509_blob (blob, bloblen))
+    {
+      log_assert (pktype == PUBKEY_TYPE_X509);
+
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, blob, bloblen);
+      if (err)
+        goto leave;
+    }
+  else
+    {
+      err = _keybox_parse_openpgp (blob, bloblen, NULL, &info);
+      if (err)
+        {
+          log_info ("error parsing OpenPGP blob: %s\n", gpg_strerror (err));
+          err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+          goto leave;
+        }
+      info_valid = 1;
+      log_assert (pktype == PUBKEY_TYPE_OPGP);
+      log_assert (info.primary.fprlen >= 20);
+      log_assert (!memcmp (ubid, info.primary.fpr, UBID_LEN));
+    }
+
+
+  acquire_mutex ();
+  got_mutex = 1;
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+  /* ctx = part->besqlite; */
+
+  if (!opt.active_transaction)
+    {
+      err = run_sql_statement ("begin transaction");
+      if (err)
+        goto leave;
+      if (opt.in_transaction)
+        opt.active_transaction = 1;
+    }
+  in_transaction = 1;
+
+  err = store_into_pubkey (mode, pktype, ubid, blob, bloblen);
+  if (err)
+    goto leave;
+
+  /* Delete all related rows so that we can freshly add possibly added
+   * or changed user ids and subkeys.  */
+  err = run_sql_statement_bind_ubid
+    ("DELETE FROM fingerprint WHERE ubid = ?1", ubid);
+  if (err)
+    goto leave;
+  err = run_sql_statement_bind_ubid
+    ("DELETE FROM userid WHERE ubid = ?1", ubid);
+  if (err)
+    goto leave;
+  if (cert)
+    {
+      err = run_sql_statement_bind_ubid
+        ("DELETE FROM issuer WHERE ubid = ?1", ubid);
+      if (err)
+        goto leave;
+    }
+
+  if (cert)  /* X.509 */
+    {
+      unsigned char grip[KEYGRIP_LEN];
+      int idx;
+
+      err = be_get_x509_keygrip (cert, grip);
+      if (err)
+        goto leave;
+
+      /* Note that for X.509 the UBID is also the fingerprint.  */
+      err = store_into_fingerprint (ubid, 0, grip,
+                                    ubid+12,
+                                    ubid, UBID_LEN);
+      if (err)
+        goto leave;
+
+      /* Now the issuer.  */
+      sn = be_get_x509_serial (cert);
+      if (!sn)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      dn = ksba_cert_get_issuer (cert, 0);
+      if (!dn)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      err = store_into_issuer (ubid, sn, dn);
+      if (err)
+        goto leave;
+
+      /* Loop over the subject and alternate subjects. */
+      uidno = 0;
+      for (idx=0; (xfree (dn), dn = ksba_cert_get_subject (cert, idx)); idx++)
+        {
+          /* In the case that the same email address is in the
+           * subject DN as well as in an alternate subject name
+           * we avoid printing it a second time. */
+          if (kludge_mbox && !strcmp (kludge_mbox, dn))
+            continue;
+
+          err = store_into_userid (ubid, PUBKEY_TYPE_X509, dn, ++uidno, NULL);
+          if (err)
+            goto leave;
+
+          if (!idx)
+            {
+              kludge_mbox = _keybox_x509_email_kludge (dn);
+              if (kludge_mbox)
+                {
+                  err = store_into_userid (ubid, PUBKEY_TYPE_X509,
+                                           dn, ++uidno, kludge_mbox);
+                  if (err)
+                    goto leave;
+                }
+            }
+        } /* end loop over the subjects.  */
+    }
+  else /* OpenPGP */
+    {
+      struct _keybox_openpgp_key_info *kinfo;
+
+      kinfo = &info.primary;
+      err = store_into_fingerprint (ubid, 0, kinfo->grip,
+                                    kinfo->keyid,
+                                    kinfo->fpr, kinfo->fprlen);
+      if (err)
+        goto leave;
+
+      if (info.nsubkeys)
+        {
+          int subkey = 1;
+          for (kinfo = &info.subkeys; kinfo; kinfo = kinfo->next, subkey++)
+            {
+              err = store_into_fingerprint (ubid, subkey, kinfo->grip,
+                                            kinfo->keyid,
+                                            kinfo->fpr, kinfo->fprlen);
+              if (err)
+                goto leave;
+            }
+        }
+
+      if (info.nuids)
+        {
+          struct _keybox_openpgp_uid_info *u;
+
+          uidno = 0;
+          u = &info.uids;
+          do
+            {
+              log_assert (u->off <= bloblen);
+              log_assert (u->off + u->len <= bloblen);
+              {
+                char *uid = xtrymalloc (u->len + 1);
+                if (!uid)
+                  {
+                    err = gpg_error_from_syserror ();
+                    goto leave;
+                  }
+                memcpy (uid, (const unsigned char *)blob + u->off, u->len);
+                uid[u->len] = 0;
+                /* Note that we ignore embedded zeros in the user id;
+                 * this is what we do all over the place.  */
+                err = store_into_userid (ubid, pktype, uid, ++uidno, NULL);
+                xfree (uid);
+              }
+              if (err)
+                goto leave;
+
+              u = u->next;
+            }
+          while (u);
+        }
+    }
+
+ leave:
+  if (in_transaction && !err)
+    {
+      if (opt.active_transaction)
+        ; /* We are in a global transaction.  */
+      else
+        err = run_sql_statement ("commit");
+    }
+  else if (in_transaction)
+    {
+      if (opt.active_transaction)
+        ; /* We are in a global transaction.  */
+      else if (run_sql_statement ("rollback"))
+        log_error ("Warning: database rollback failed - should not happen!\n");
+    }
+  if (got_mutex)
+    release_mutex ();
+  if (info_valid)
+    _keybox_destroy_openpgp_info (&info);
+  if (cert)
+    ksba_cert_release (cert);
+  ksba_free (dn);
+  xfree (sn);
+  xfree (kludge_mbox);
+  return err;
+}
+
+
+/* Delete the blob specified by UBID from the database.  BACKEND_HD is
+ * the handle for this backend and REQUEST is the current database
+ * request object.  */
+gpg_error_t
+be_sqlite_delete (ctrl_t ctrl, backend_handle_t backend_hd,
+                  db_request_t request, const unsigned char *ubid)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  /* be_sqlite_local_t ctx; */
+  sqlite3_stmt *stmt = NULL;
+  int in_transaction = 0;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_SQLITE);
+  log_assert (request);
+
+  acquire_mutex ();
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+  /* ctx = part->besqlite; */
+
+  if (!opt.active_transaction)
+    {
+      err = run_sql_statement ("begin transaction");
+      if (err)
+        goto leave;
+      if (opt.in_transaction)
+        opt.active_transaction = 1;
+    }
+  in_transaction = 1;
+
+  err = run_sql_statement_bind_ubid
+    ("DELETE from userid WHERE ubid = ?1", ubid);
+  if (!err)
+    err = run_sql_statement_bind_ubid
+      ("DELETE from fingerprint WHERE ubid = ?1", ubid);
+  if (!err)
+    err = run_sql_statement_bind_ubid
+      ("DELETE from issuer WHERE ubid = ?1", ubid);
+  if (!err)
+    err = run_sql_statement_bind_ubid
+      ("DELETE from pubkey WHERE ubid = ?1", ubid);
+
+
+ leave:
+  if (stmt)
+    sqlite3_finalize (stmt);
+
+  if (in_transaction && !err)
+    {
+      if (opt.active_transaction)
+        ; /* We are in a global transaction.  */
+      else
+        err = run_sql_statement ("commit");
+    }
+  else if (in_transaction)
+    {
+      if (opt.active_transaction)
+        ; /* We are in a global transaction.  */
+      else if (run_sql_statement ("rollback"))
+        log_error ("Warning: database rollback failed - should not happen!\n");
+    }
+  release_mutex ();
+  return err;
+}
diff --git a/kbx/backend-support.c b/kbx/backend-support.c
new file mode 100644
index 0000000..1821129
--- /dev/null
+++ b/kbx/backend-support.c
@@ -0,0 +1,359 @@
+/* backend-support.c - Supporting functions for the backend.
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "keyboxd.h"
+#include "../common/i18n.h"
+#include "../common/asshelp.h"
+#include "../common/tlv.h"
+#include "backend.h"
+#include "keybox-defs.h"
+
+
+/* Common definition part of all backend handle.  All definitions of
+ * this structure must start with these fields.  */
+struct backend_handle_s
+{
+  enum database_types db_type;
+  unsigned int backend_id;
+};
+
+
+
+/* Return a string with the name of the database type T.  */
+const char *
+strdbtype (enum database_types t)
+{
+  switch (t)
+    {
+    case DB_TYPE_NONE: return "none";
+    case DB_TYPE_CACHE:return "cache";
+    case DB_TYPE_KBX:  return "keybox";
+    case DB_TYPE_SQLITE: return "sqlite";
+    }
+  return "?";
+}
+
+
+/* Return a new backend ID.  Backend IDs are used to identify backends
+ * without using the actual object.  The number of backend resources
+ * is limited because they are specified in the config file.  Thus an
+ * overflow check is not required.  */
+unsigned int
+be_new_backend_id (void)
+{
+  static unsigned int last;
+
+  return ++last;
+}
+
+
+/* Release the backend described by HD.  This is a generic function
+ * which dispatches to the the actual backend.  */
+void
+be_generic_release_backend (ctrl_t ctrl, backend_handle_t hd)
+{
+  if (!hd)
+    return;
+  switch (hd->db_type)
+    {
+    case DB_TYPE_NONE:
+      xfree (hd);
+      break;
+    case DB_TYPE_CACHE:
+      be_cache_release_resource (ctrl, hd);
+      break;
+    case DB_TYPE_KBX:
+      be_kbx_release_resource (ctrl, hd);
+      break;
+    case DB_TYPE_SQLITE:
+      be_sqlite_release_resource (ctrl, hd);
+      break;
+    default:
+      log_error ("%s: faulty backend handle of type %d given\n",
+                 __func__, hd->db_type);
+    }
+}
+
+
+/* Release the request object REQ.  */
+void
+be_release_request (db_request_t req)
+{
+  db_request_part_t part, partn;
+
+  if (!req)
+    return;
+
+  for (part = req->part; part; part = partn)
+    {
+      partn = part->next;
+      be_kbx_release_kbx_hd (part->kbx_hd);
+      be_sqlite_release_local (part->besqlite);
+      xfree (part);
+    }
+}
+
+
+/* Given the backend handle BACKEND_HD and the REQUEST find or
+ * allocate a request part for that backend and store it at R_PART.
+ * On error R_PART is set to NULL and an error returned.  */
+gpg_error_t
+be_find_request_part (backend_handle_t backend_hd, db_request_t request,
+                      db_request_part_t *r_part)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+
+  for (part = request->part; part; part = part->next)
+    if (part->backend_id == backend_hd->backend_id)
+      break;
+  if (!part)
+    {
+      part = xtrycalloc (1, sizeof *part);
+      if (!part)
+        return gpg_error_from_syserror ();
+      part->backend_id = backend_hd->backend_id;
+      if (backend_hd->db_type == DB_TYPE_KBX)
+        {
+          err = be_kbx_init_request_part (backend_hd, part);
+          if (err)
+            {
+              xfree (part);
+              return err;
+            }
+        }
+      else if (backend_hd->db_type == DB_TYPE_SQLITE)
+        {
+          err = be_sqlite_init_local (backend_hd, part);
+          if (err)
+            {
+              xfree (part);
+              return err;
+            }
+        }
+      part->next = request->part;
+      request->part = part;
+    }
+  *r_part = part;
+  return 0;
+}
+
+
+/* Return the public key (BUFFER,BUFLEN) which has the type
+ * PUBKEY_TYPE to the caller.  */
+gpg_error_t
+be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
+                  enum pubkey_types pubkey_type, const unsigned char *ubid,
+                  int is_ephemeral, int is_revoked, int uid_no, int pk_no)
+{
+  gpg_error_t err;
+  char hexubid[2*UBID_LEN+1];
+
+  bin2hex (ubid, UBID_LEN, hexubid);
+  err = status_printf (ctrl, "PUBKEY_INFO", "%d %s %c%c %d %d",
+                       pubkey_type, hexubid,
+                       is_ephemeral? 'e':'-',
+                       is_revoked?   'r':'-',
+                       uid_no, pk_no);
+  if (err)
+    goto leave;
+
+  if (ctrl->no_data_return)
+    err = 0;
+  else
+    err = kbxd_write_data_line(ctrl, buffer, buflen);
+
+ leave:
+  return err;
+}
+
+
+
+/* Return true if (BLOB/BLOBLEN) seems to be an X509 certificate.  */
+int
+be_is_x509_blob (const unsigned char *blob, size_t bloblen)
+{
+  const unsigned char *p;
+  size_t n, objlen, hdrlen;
+  int class, tag, cons, ndef;
+
+  /* An X.509 certificate can be identified by this DER encoding:
+   *
+   *  30 82 05 B8 30 82 04 A0 A0 03 02 01 02 02 07 15 46 A0 BF 30 07 39
+   *  ----------- +++++++++++ ----- ++++++++ --------------------------
+   *  SEQUENCE    SEQUENCE    [0]   INTEGER  INTEGER
+   *              (tbs)            (version) (s/n)
+   *
+   */
+
+  p = blob;
+  n = bloblen;
+  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
+    return 0; /* Not a proper BER object.  */
+  if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
+    return 0; /* Does not start with a sequence.  */
+
+  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
+    return 0; /* Not a proper BER object.  */
+  if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
+    return 0; /* No TBS sequence.  */
+  if (n < 7 || objlen < 7)
+    return 0; /* Too short:  [0], version and min. s/n required.  */
+
+  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
+    return 0; /* Not a proper BER object.  */
+  if (!(class == CLASS_CONTEXT && tag == 0 && cons))
+    return 0; /* No context tag.  */
+
+  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
+    return 0; /* Not a proper BER object.  */
+
+  if (!(class == CLASS_UNIVERSAL && tag == TAG_INTEGER
+        && !cons && objlen == 1 && n && (*p == 1 || *p == 2)))
+    return 0; /* Unknown X.509 version.  */
+  p++;  /* Skip version number.  */
+  n--;
+
+  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
+    return 0; /* Not a proper BER object.  */
+  if (!(class == CLASS_UNIVERSAL && tag == TAG_INTEGER && !cons))
+    return 0;  /* No s/n.  */
+
+  return 1; /* Looks like an X.509 certificate. */
+}
+
+
+/* Return the public key type and the (primary) fingerprint for
+ * (BLOB,BLOBLEN).  r_UBID must point to a buffer of at least UBID_LEN
+ * bytes, on success it receives the UBID (primary fingerprint
+ * truncated 20 octets). R_PKTYPE receives the public key type.  */
+gpg_error_t
+be_ubid_from_blob (const void *blob, size_t bloblen,
+                   enum pubkey_types *r_pktype, char *r_ubid)
+{
+  gpg_error_t err;
+
+  if (be_is_x509_blob (blob, bloblen))
+    {
+      /* Although libksba has a dedicated function to compute the
+       * fingerprint we compute it here directly because we know that
+       * we have the entire certificate here (we checked the start of
+       * the blob and assume that the length is also okay).  */
+      *r_pktype = PUBKEY_TYPE_X509;
+      gcry_md_hash_buffer (GCRY_MD_SHA1, r_ubid, blob, bloblen);
+      err = 0;
+    }
+  else
+    {
+      struct _keybox_openpgp_info info;
+
+      err = _keybox_parse_openpgp (blob, bloblen, NULL, &info);
+      if (err)
+        {
+          log_info ("error parsing OpenPGP blob: %s\n", gpg_strerror (err));
+          err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+        }
+      else
+        {
+          *r_pktype = PUBKEY_TYPE_OPGP;
+          log_assert (info.primary.fprlen >= 20);
+          memcpy (r_ubid, info.primary.fpr, UBID_LEN);
+          _keybox_destroy_openpgp_info (&info);
+        }
+    }
+
+  return err;
+}
+
+
+
+/* Return a certificates serial number in hex encoding.  Caller must
+ * free the returned string.  NULL is returned on error but ERRNO
+ * might not be set if the certificate and thus Libksba is broken.  */
+char *
+be_get_x509_serial (ksba_cert_t cert)
+{
+  const char *p;
+  unsigned long n;
+  char *endp;
+
+  p = (const char *)ksba_cert_get_serial (cert);
+  if (!p)
+    {
+      log_debug ("oops: Libksba returned a certificate w/o a serial\n");
+      return NULL;
+    }
+
+  if (*p != '(')
+    {
+      log_debug ("oops: Libksba returned an invalid s-expression\n");
+      return NULL;
+    }
+
+  p++;
+  n = strtoul (p, &endp, 10);
+  p = endp;
+  if (*p != ':')
+    {
+      log_debug ("oops: Libksba returned an invalid s-expression\n");
+      return NULL;
+    }
+  p++;
+
+  return bin2hex (p, n, NULL);
+}
+
+
+/* Return the keygrip for the X.509 certificate CERT.  The grip is
+ * stored at KEYGRIP which must have been allocated by the caller
+ * with a size of KEYGRIP_LEN.  */
+gpg_error_t
+be_get_x509_keygrip (ksba_cert_t cert, unsigned char *keygrip)
+{
+  gpg_error_t err;
+  size_t n;
+  ksba_sexp_t p;
+  gcry_sexp_t s_pkey;
+
+  p = ksba_cert_get_public_key (cert);
+  if (!p)
+    return gpg_error (GPG_ERR_NO_PUBKEY);
+  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+  if (!n)
+    {
+      ksba_free (p);
+      return gpg_error (GPG_ERR_NO_PUBKEY);
+    }
+  err = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
+  ksba_free (p);
+  if (err)
+    return err;
+
+  if (!gcry_pk_get_keygrip (s_pkey, keygrip))
+    err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+  gcry_sexp_release (s_pkey);
+  return err;
+}
diff --git a/kbx/backend.h b/kbx/backend.h
new file mode 100644
index 0000000..d6178cd
--- /dev/null
+++ b/kbx/backend.h
@@ -0,0 +1,188 @@
+/* backend.h - Definitions for keyboxd backends
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef KBX_BACKEND_H
+#define KBX_BACKEND_H
+
+#include <ksba.h>
+#include "keybox-search-desc.h"
+
+/* Forward declaration of the keybox handle type.  */
+struct keybox_handle;
+typedef struct keybox_handle *KEYBOX_HANDLE;
+
+
+/* The types of the backends.  */
+enum database_types
+  {
+   DB_TYPE_NONE,   /* No database at all (uninitialized etc.).  */
+   DB_TYPE_CACHE,  /* The cache backend (backend-cache.c).    */
+   DB_TYPE_KBX,    /* Keybox type database (backend-kbx.c).   */
+   DB_TYPE_SQLITE  /* SQLite type database (backend-sqlite.c).*/
+  };
+
+
+/* Declaration of the backend handle.  Each backend uses its own
+ * hidden handle structure with the only common thing being that the
+ * first field is the database_type to help with debugging.  */
+struct backend_handle_s;
+typedef struct backend_handle_s *backend_handle_t;
+
+
+/* Private data for sqlite requests.  */
+struct be_sqlite_local_s;
+typedef struct be_sqlite_local_s *be_sqlite_local_t;
+
+
+/* Object to store backend specific database information per database
+ * handle.  */
+struct db_request_part_s
+{
+  struct db_request_part_s *next;
+
+  /* Id of the backend instance this object pertains to.  */
+  unsigned int backend_id;
+
+  /* Local data for a KBX backend or NULL.  */
+  KEYBOX_HANDLE kbx_hd;
+
+  /* Local data for a sqlite backend.  */
+  be_sqlite_local_t besqlite;
+
+  /* For the CACHE backend the indices into the bloblist for each
+   * index type.  */
+  struct {
+    unsigned int fpr;
+    unsigned int kid;
+    unsigned int grip;
+    unsigned int ubid;
+  } cache_seqno;
+};
+typedef struct db_request_part_s *db_request_part_t;
+
+
+/* A database request handle.  This keeps per session search
+ * information as well as a list of per-backend infos.  */
+struct db_request_s
+{
+  unsigned int any_search:1;  /* Any search has been done.  */
+  unsigned int any_found:1;   /* Any object has been found.  */
+  unsigned int last_cached_valid:1; /* see below */
+  unsigned int last_cached_final:1; /* see below */
+  unsigned int last_cached_fprlen:8;/* see below */
+
+  db_request_part_t part;
+
+  /* Counter to track the next to be searched database index.  */
+  unsigned int next_dbidx;
+
+  /* The last UBID found in the cache and the corresponding keyid and,
+   * if found via fpr, the fingerprint.  For the LAST_CACHED_FPRLEN see
+   * above.  The entry here is only valid if LAST_CACHED_VALID is set;
+   * if LAST_CACHED_FINAL is also set, this indicates that no further
+   * database searches are required.  */
+  unsigned char last_cached_ubid[UBID_LEN];
+  u32 last_cached_kid_h;
+  u32 last_cached_kid_l;
+  unsigned char last_cached_fpr[32];
+};
+
+
+
+/*-- backend-support.c --*/
+const char *strdbtype (enum database_types t);
+unsigned int be_new_backend_id (void);
+void be_generic_release_backend (ctrl_t ctrl, backend_handle_t hd);
+void be_release_request (db_request_t req);
+gpg_error_t be_find_request_part (backend_handle_t backend_hd,
+                                  db_request_t request,
+                                  db_request_part_t *r_part);
+gpg_error_t be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
+                              enum pubkey_types pubkey_type,
+                              const unsigned char *ubid,
+                              int is_ephemeral, int is_revoked,
+                              int uidno, int pkno);
+int be_is_x509_blob (const unsigned char *blob, size_t bloblen);
+gpg_error_t be_ubid_from_blob (const void *blob, size_t bloblen,
+                               enum pubkey_types *r_pktype, char *r_ubid);
+char *be_get_x509_serial (ksba_cert_t cert);
+gpg_error_t be_get_x509_keygrip (ksba_cert_t cert, unsigned char *keygrip);
+
+
+/*-- backend-cache.c --*/
+gpg_error_t be_cache_initialize (void);
+gpg_error_t be_cache_add_resource (ctrl_t ctrl, backend_handle_t *r_hd);
+void be_cache_release_resource (ctrl_t ctrl, backend_handle_t hd);
+gpg_error_t be_cache_search (ctrl_t ctrl, backend_handle_t backend_hd,
+                             db_request_t request,
+                             KEYDB_SEARCH_DESC *desc, unsigned int ndesc);
+void be_cache_mark_final (ctrl_t ctrl, db_request_t request);
+void be_cache_pubkey (ctrl_t ctrl, const unsigned char *ubid,
+                      const void *blob, unsigned int bloblen,
+                      enum pubkey_types pubkey_type);
+void be_cache_not_found (ctrl_t ctrl, enum pubkey_types pubkey_type,
+                         KEYDB_SEARCH_DESC *desc, unsigned int ndesc);
+
+
+/*-- backend-kbx.c --*/
+gpg_error_t be_kbx_add_resource (ctrl_t ctrl, backend_handle_t *r_hd,
+                                 const char *filename, int readonly);
+void be_kbx_release_resource (ctrl_t ctrl, backend_handle_t hd);
+
+void be_kbx_release_kbx_hd (KEYBOX_HANDLE kbx_hd);
+gpg_error_t be_kbx_init_request_part (backend_handle_t backend_hd,
+                                      db_request_part_t part);
+gpg_error_t be_kbx_search (ctrl_t ctrl, backend_handle_t hd,
+                           db_request_t request,
+                           KEYDB_SEARCH_DESC *desc, unsigned int ndesc);
+gpg_error_t be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
+                         db_request_t request, const unsigned char *ubid);
+gpg_error_t be_kbx_insert (ctrl_t ctrl, backend_handle_t backend_hd,
+                           db_request_t request, enum pubkey_types pktype,
+                           const void *blob, size_t bloblen);
+gpg_error_t be_kbx_update (ctrl_t ctrl, backend_handle_t backend_hd,
+                           db_request_t request, enum pubkey_types pktype,
+                           const void *blob, size_t bloblen);
+gpg_error_t be_kbx_delete (ctrl_t ctrl, backend_handle_t backend_hd,
+                           db_request_t request);
+
+
+/*-- backend-sqlite.c --*/
+gpg_error_t be_sqlite_add_resource (ctrl_t ctrl, backend_handle_t *r_hd,
+                                    const char *filename, int readonly);
+void be_sqlite_release_resource (ctrl_t ctrl, backend_handle_t hd);
+
+gpg_error_t be_sqlite_init_local (backend_handle_t backend_hd,
+                                  db_request_part_t part);
+void be_sqlite_release_local (be_sqlite_local_t ctx);
+gpg_error_t be_sqlite_rollback (void);
+gpg_error_t be_sqlite_commit (void);
+gpg_error_t be_sqlite_search (ctrl_t ctrl, backend_handle_t hd,
+                              db_request_t request,
+                              KEYDB_SEARCH_DESC *desc, unsigned int ndesc);
+gpg_error_t be_sqlite_store (ctrl_t ctrl, backend_handle_t backend_hd,
+                             db_request_t request, enum kbxd_store_modes mode,
+                             enum pubkey_types pktype,
+                             const unsigned char *ubid,
+                             const void *blob, size_t bloblen);
+gpg_error_t be_sqlite_delete (ctrl_t ctrl, backend_handle_t backend_hd,
+                              db_request_t request, const unsigned char *ubid);
+
+
+#endif /*KBX_BACKEND_H*/
diff --git a/kbx/frontend.c b/kbx/frontend.c
new file mode 100644
index 0000000..c80c9fa
--- /dev/null
+++ b/kbx/frontend.c
@@ -0,0 +1,500 @@
+/* frontend.c - Database fronend code for keyboxd
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "keyboxd.h"
+#include <assuan.h>
+#include "../common/i18n.h"
+#include "../common/userids.h"
+#include "backend.h"
+#include "frontend.h"
+
+
+/* An object to keep infos about the database.  */
+struct
+{
+  enum database_types db_type;
+  backend_handle_t backend_handle;
+} the_database;
+
+
+
+/* Take a lock for reading the databases.  */
+static void
+take_read_lock (ctrl_t ctrl)
+{
+  /* FIXME */
+  (void)ctrl;
+}
+
+
+/* Take a lock for reading and writing the databases.  */
+static void
+take_read_write_lock (ctrl_t ctrl)
+{
+  /* FIXME */
+  (void)ctrl;
+}
+
+
+/* Release a lock.  It is valid to call this even if no lock has been
+ * taken in which case this is a nop.  */
+static void
+release_lock (ctrl_t ctrl)
+{
+  /* FIXME */
+  (void)ctrl;
+}
+
+
+/* Set the database to use.  Depending on the FILENAME suffix we
+ * decide which one to use.  This function must be called at daemon
+ * startup because it employs no locking.  If FILENAME has no
+ * directory separator, the file is expected or created below
+ * "$GNUPGHOME/public-keys.d/".  In READONLY mode the file must exists;
+ * otherwise it is created.  */
+gpg_error_t
+kbxd_set_database (ctrl_t ctrl, const char *filename_arg, int readonly)
+{
+  gpg_error_t err;
+  char *filename;
+  enum database_types db_type = 0;
+  backend_handle_t handle = NULL;
+  unsigned int n;
+
+  /* Do tilde expansion etc. */
+  if (strchr (filename_arg, DIRSEP_C)
+#ifdef HAVE_W32_SYSTEM
+      || strchr (filename_arg, '/')  /* Windows also accepts a slash.  */
+#endif
+      )
+    filename = make_filename (filename_arg, NULL);
+  else
+    filename = make_filename (gnupg_homedir (), GNUPG_PUBLIC_KEYS_DIR,
+                              filename_arg, NULL);
+
+  /* If this is the first call to the function and the request is not
+   * for the cache backend, add the cache backend so that it will
+   * always be the first to be queried.  */
+  if (the_database.db_type)
+    {
+      log_error ("error: only one database allowed\n");
+      err = gpg_error (GPG_ERR_CONFLICT);
+      goto leave;
+    }
+
+  /* Init the cache.  */
+  err = be_cache_initialize ();
+  if (err)
+    goto leave;
+
+  n = strlen (filename);
+  if (db_type)
+    ; /* We already know it.  */
+  else if (n > 4 && !strcmp (filename + n - 4, ".kbx"))
+    db_type = DB_TYPE_KBX;
+  else if (n > 3 && !strcmp (filename + n - 3, ".db"))
+    db_type = DB_TYPE_SQLITE;
+  else
+    {
+      log_error (_("can't use file '%s': %s\n"), filename, _("unknown suffix"));
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  err = gpg_error (GPG_ERR_BUG);
+  switch (db_type)
+    {
+    case DB_TYPE_NONE: /* NOTREACHED */
+      break;
+
+    case DB_TYPE_CACHE:
+      err = be_cache_add_resource (ctrl, &handle);
+      break;
+
+    case DB_TYPE_KBX:
+      err = be_kbx_add_resource (ctrl, &handle, filename, readonly);
+      break;
+
+    case DB_TYPE_SQLITE:
+      err = be_sqlite_add_resource (ctrl, &handle, filename, readonly);
+      break;
+      }
+  if (err)
+    goto leave;
+
+  the_database.db_type = db_type;
+  the_database.backend_handle = handle;
+  handle = NULL;
+
+ leave:
+  if (err)
+    {
+      log_error ("error setting database '%s': %s\n",
+                 filename, gpg_strerror (err));
+      be_generic_release_backend (ctrl, handle);
+    }
+  xfree (filename);
+  return err;
+}
+
+
+/* Release all per session objects.  */
+void
+kbxd_release_session_info (ctrl_t ctrl)
+{
+  if (!ctrl)
+    return;
+  be_release_request (ctrl->db_req);
+  ctrl->db_req = NULL;
+}
+
+
+
+gpg_error_t
+kbxd_rollback (void)
+{
+  return be_sqlite_rollback ();
+}
+
+
+gpg_error_t
+kbxd_commit (void)
+{
+  return be_sqlite_commit ();
+}
+
+
+
+/* Search for the keys described by (DESC,NDESC) and return them to
+ * the caller.  If RESET is set, the search state is first reset.
+ * Only a reset guarantees that changed search description in DESC are
+ * considered.  */
+gpg_error_t
+kbxd_search (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, unsigned int ndesc,
+             int reset)
+{
+  gpg_error_t err;
+  int i;
+  db_request_t request;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter", __func__);
+
+  if (DBG_LOOKUP)
+    {
+      log_debug ("%s: %u search descriptions:\n", __func__, ndesc);
+      for (i = 0; i < ndesc; i ++)
+        {
+          /* char *t = keydb_search_desc_dump (&desc[i]); */
+          /* log_debug ("%s   %d: %s\n", __func__, i, t); */
+          /* xfree (t); */
+        }
+    }
+
+  take_read_lock (ctrl);
+
+  /* Allocate a handle object if none exists for this context.  */
+  if (!ctrl->db_req)
+    {
+      ctrl->db_req = xtrycalloc (1, sizeof *ctrl->db_req);
+      if (!ctrl->db_req)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+  request = ctrl->db_req;
+
+  if (!the_database.db_type)
+    {
+      log_error ("%s: error: no database configured\n", __func__);
+      err = gpg_error (GPG_ERR_NOT_INITIALIZED);
+      goto leave;
+    }
+
+  /* If requested do a reset.  Using the reset flag is faster than
+   * letting the caller do a separate call for an initial reset.  */
+  if (!desc || reset)
+    {
+      switch (the_database.db_type)
+        {
+        case DB_TYPE_CACHE:
+          err = 0; /* Nothing to do.  */
+          break;
+
+        case DB_TYPE_KBX:
+          err = be_kbx_search (ctrl, the_database.backend_handle,
+                               request, NULL, 0);
+          break;
+
+        case DB_TYPE_SQLITE:
+          err = be_sqlite_search (ctrl, the_database.backend_handle,
+                                  request, NULL, 0);
+          break;
+
+        default:
+          err = gpg_error (GPG_ERR_INTERNAL);
+          break;
+        }
+      if (err)
+        {
+          log_error ("error during the %ssearch reset: %s\n",
+                     reset? "initial ":"", gpg_strerror (err));
+          goto leave;
+        }
+      request->any_search = 0;
+      request->any_found = 0;
+      request->next_dbidx = 0;
+      if (!desc) /* Reset only mode */
+        {
+          err = 0;
+          goto leave;
+        }
+    }
+
+  /* Divert to the backend for the actual search.  */
+  switch (the_database.db_type)
+    {
+    case DB_TYPE_CACHE:
+      err = be_cache_search (ctrl, the_database.backend_handle, request,
+                             desc, ndesc);
+      /* Expected error codes from the cache lookup are:
+       *  0 - found and returned via the cache
+       *  GPG_ERR_NOT_FOUND - marked in the cache as not available
+       *  GPG_ERR_EOF - cache miss. */
+      break;
+
+    case DB_TYPE_KBX:
+      err = be_kbx_search (ctrl, the_database.backend_handle, request,
+                           desc, ndesc);
+      break;
+
+    case DB_TYPE_SQLITE:
+      err = be_sqlite_search (ctrl, the_database.backend_handle, request,
+                              desc, ndesc);
+      break;
+
+    default:
+      log_error ("%s: unsupported database type %d\n",
+                 __func__, the_database.db_type);
+      err = gpg_error (GPG_ERR_INTERNAL);
+      break;
+    }
+
+  if (DBG_LOOKUP)
+    log_debug ("%s: searched %s => %s\n", __func__,
+               strdbtype (the_database.db_type), gpg_strerror (err));
+  request->any_search = 1;
+  if (!err)
+    {
+      request->any_found = 1;
+    }
+  else if (gpg_err_code (err) == GPG_ERR_EOF)
+    {
+      if (the_database.db_type == DB_TYPE_CACHE && request->last_cached_valid)
+        {
+          if (request->last_cached_final)
+            goto leave;
+        }
+      request->next_dbidx++;
+      /* FIXME: We need to see which pubkey type we need to insert.  */
+      be_cache_not_found (ctrl, PUBKEY_TYPE_UNKNOWN, desc, ndesc);
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
+
+
+ leave:
+  release_lock (ctrl);
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (%s)", __func__, err? "not found" : "found");
+  return err;
+}
+
+
+
+/* Store; that is insert or update the key (BLOB,BLOBLEN).  MODE
+ * controls whether only updates or only inserts are allowed.  */
+gpg_error_t
+kbxd_store (ctrl_t ctrl, const void *blob, size_t bloblen,
+            enum kbxd_store_modes mode)
+{
+  gpg_error_t err;
+  db_request_t request;
+  char ubid[UBID_LEN];
+  enum pubkey_types pktype;
+  int insert = 0;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter", __func__);
+
+  take_read_write_lock (ctrl);
+
+  /* Allocate a handle object if none exists for this context.  */
+  if (!ctrl->db_req)
+    {
+      ctrl->db_req = xtrycalloc (1, sizeof *ctrl->db_req);
+      if (!ctrl->db_req)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+  request = ctrl->db_req;
+
+  if (!the_database.db_type)
+    {
+      log_error ("%s: error: no database configured\n", __func__);
+      err = gpg_error (GPG_ERR_NOT_INITIALIZED);
+      goto leave;
+    }
+
+  /* Check whether to insert or update.  */
+  err = be_ubid_from_blob (blob, bloblen, &pktype, ubid);
+  if (err)
+    goto leave;
+
+  if (the_database.db_type == DB_TYPE_KBX)
+    {
+      err = be_kbx_seek (ctrl, the_database.backend_handle, request, ubid);
+      if (!err)
+        ; /* Found - need to update.  */
+      else if (gpg_err_code (err) == GPG_ERR_EOF)
+        insert = 1; /* Not found - need to insert.  */
+      else
+        {
+          log_debug ("%s: searching fingerprint failed: %s\n",
+                     __func__, gpg_strerror (err));
+          goto leave;
+        }
+
+      if (insert)
+        {
+          if (mode == KBXD_STORE_UPDATE)
+            err = gpg_error (GPG_ERR_CONFLICT);
+          else
+            err = be_kbx_insert (ctrl, the_database.backend_handle, request,
+                                 pktype, blob, bloblen);
+        }
+      else /* Update.  */
+        {
+          if (mode == KBXD_STORE_INSERT)
+            err = gpg_error (GPG_ERR_CONFLICT);
+          else
+            err = be_kbx_update (ctrl, the_database.backend_handle, request,
+                                 pktype, blob, bloblen);
+        }
+    }
+  else if (the_database.db_type == DB_TYPE_SQLITE)
+    {
+      err = be_sqlite_store (ctrl, the_database.backend_handle, request,
+                             mode, pktype, ubid, blob, bloblen);
+    }
+  else
+    {
+      log_error ("%s: unsupported database type %d\n",
+                 __func__, the_database.db_type);
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+
+
+ leave:
+  release_lock (ctrl);
+  if (DBG_CLOCK)
+    log_clock ("%s: leave", __func__);
+  return err;
+}
+
+
+
+
+/* Delete; remove the blob identified by UBID.  */
+gpg_error_t
+kbxd_delete (ctrl_t ctrl, const unsigned char *ubid)
+{
+  gpg_error_t err;
+  db_request_t request;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter", __func__);
+
+  take_read_write_lock (ctrl);
+
+  /* Allocate a handle object if none exists for this context.  */
+  if (!ctrl->db_req)
+    {
+      ctrl->db_req = xtrycalloc (1, sizeof *ctrl->db_req);
+      if (!ctrl->db_req)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+  request = ctrl->db_req;
+
+  if (!the_database.db_type)
+    {
+      log_error ("%s: error: no database configured\n", __func__);
+      err = gpg_error (GPG_ERR_NOT_INITIALIZED);
+      goto leave;
+    }
+
+  if (the_database.db_type == DB_TYPE_KBX)
+    {
+      err = be_kbx_seek (ctrl, the_database.backend_handle, request, ubid);
+      if (!err)
+        ; /* Found - we can delete.  */
+      else if (gpg_err_code (err) == GPG_ERR_EOF)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
+      else
+        {
+          log_debug ("%s: searching primary fingerprint failed: %s\n",
+                     __func__, gpg_strerror (err));
+          goto leave;
+        }
+      err = be_kbx_delete (ctrl, the_database.backend_handle, request);
+    }
+  else if (the_database.db_type == DB_TYPE_SQLITE)
+    {
+      err = be_sqlite_delete (ctrl, the_database.backend_handle, request, ubid);
+    }
+  else
+    {
+      log_error ("%s: unsupported database type %d\n",
+                 __func__, the_database.db_type);
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+
+
+ leave:
+  release_lock (ctrl);
+  if (DBG_CLOCK)
+    log_clock ("%s: leave", __func__);
+  return err;
+}
diff --git a/kbx/frontend.h b/kbx/frontend.h
new file mode 100644
index 0000000..50ba4a4
--- /dev/null
+++ b/kbx/frontend.h
@@ -0,0 +1,41 @@
+/* frontend.h - Definitions for the keyboxd frontend
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef KBX_FRONTEND_H
+#define KBX_FRONTEND_H
+
+#include "keybox-search-desc.h"
+
+
+gpg_error_t kbxd_set_database (ctrl_t ctrl,
+                               const char *filename_arg, int readonly);
+
+void kbxd_release_session_info (ctrl_t ctrl);
+
+gpg_error_t kbxd_rollback (void);
+gpg_error_t kbxd_commit (void);
+gpg_error_t kbxd_search (ctrl_t ctrl,
+                         KEYDB_SEARCH_DESC *desc, unsigned int ndesc,
+                         int reset);
+gpg_error_t kbxd_store (ctrl_t ctrl, const void *blob, size_t bloblen,
+                        enum kbxd_store_modes mode);
+gpg_error_t kbxd_delete (ctrl_t ctrl, const unsigned char *ubid);
+
+
+#endif /*KBX_FRONTEND_H*/
diff --git a/kbx/kbx-client-util.c b/kbx/kbx-client-util.c
new file mode 100644
index 0000000..bd71cf2
--- /dev/null
+++ b/kbx/kbx-client-util.c
@@ -0,0 +1,466 @@
+/* kbx-client-util.c - Utility functions to implement a keyboxd client
+ * Copyright (C) 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <npth.h>
+#include <assuan.h>
+
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "../common/i18n.h"
+#include "../common/asshelp.h"
+#include "../common/exechelp.h"
+#include "../common/sysutils.h"
+#include "../common/host2net.h"
+#include "kbx-client-util.h"
+
+
+#define MAX_DATABLOB_SIZE (16*1024*1024)
+
+
+
+/* This object is used to implement a client to the keyboxd.  */
+struct kbx_client_data_s
+{
+  /* The used assuan context.  */
+  assuan_context_t ctx;
+
+  /* A stream used to receive data.  If this is NULL D-lines are used
+   * to receive the data. */
+  estream_t fp;
+
+  /* Condition variable to sync the datastream with the command.  */
+  npth_mutex_t mutex;
+  npth_cond_t  cond;
+
+  /* The data received from the keyboxd and an error code if there was
+   * a problem (in which case DATA is also set to NULL.  This is only
+   * used if FP is not NULL.  */
+  char *data;
+  size_t datalen;
+  gpg_error_t dataerr;
+
+  /* Helper variables in case D-lines are used (FP is NULL)  */
+  char *dlinedata;
+  size_t dlinedatalen;
+  gpg_error_t dlineerr;
+};
+
+
+
+static void *datastream_thread (void *arg);
+
+
+
+static void
+lock_datastream (kbx_client_data_t kcd)
+{
+  int rc = npth_mutex_lock (&kcd->mutex);
+  if (rc)
+    log_fatal ("%s: failed to acquire mutex: %s\n", __func__,
+               gpg_strerror (gpg_error_from_errno (rc)));
+}
+
+
+static void
+unlock_datastream (kbx_client_data_t kcd)
+{
+  int rc = npth_mutex_unlock (&kcd->mutex);
+  if (rc)
+    log_fatal ("%s: failed to release mutex: %s\n", __func__,
+               gpg_strerror (gpg_error_from_errno (rc)));
+}
+
+
+
+/* Setup the pipe used for receiving data from the keyboxd.  Store the
+ * info on KCD.  */
+static gpg_error_t
+prepare_data_pipe (kbx_client_data_t kcd)
+{
+  gpg_error_t err;
+  int rc;
+  int inpipe[2];
+  estream_t infp;
+  npth_t thread;
+  npth_attr_t tattr;
+
+  kcd->fp = NULL;
+  kcd->data = NULL;
+  kcd->datalen = 0;
+  kcd->dataerr = 0;
+
+  err = gnupg_create_inbound_pipe (inpipe, &infp, 0);
+  if (err)
+    {
+      log_error ("error creating inbound pipe: %s\n", gpg_strerror (err));
+      return err;  /* That should not happen.  */
+    }
+
+  err = assuan_sendfd (kcd->ctx, INT2FD (inpipe[1]));
+  if (err)
+    {
+      log_error ("sending sending fd %d to keyboxd: %s <%s>\n",
+                 inpipe[1], gpg_strerror (err), gpg_strsource (err));
+      es_fclose (infp);
+      gnupg_close_pipe (inpipe[1]);
+      return 0; /* Server may not support fd-passing.  */
+    }
+
+  err = assuan_transact (kcd->ctx, "OUTPUT FD",
+                         NULL, NULL, NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      log_info ("keyboxd does not accept our fd: %s <%s>\n",
+                gpg_strerror (err), gpg_strsource (err));
+      es_fclose (infp);
+      return 0;
+    }
+
+  kcd->fp = infp;
+
+
+  rc = npth_attr_init (&tattr);
+  if (rc)
+    {
+      err = gpg_error_from_errno (rc);
+      log_error ("error preparing thread for keyboxd: %s\n",gpg_strerror (err));
+      es_fclose (infp);
+      kcd->fp = NULL;
+      return err;
+    }
+  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+  rc = npth_create (&thread, &tattr, datastream_thread, kcd);
+  if (rc)
+    {
+      err = gpg_error_from_errno (rc);
+      log_error ("error spawning thread for keyboxd: %s\n", gpg_strerror (err));
+      npth_attr_destroy (&tattr);
+      es_fclose (infp);
+      kcd->fp = NULL;
+      return err;
+    }
+
+  return 0;
+}
+
+
+/* The thread used to read from the data stream.  This is running as
+ * long as the connection and its datastream exists.  */
+static void *
+datastream_thread (void *arg)
+{
+  kbx_client_data_t kcd = arg;
+  gpg_error_t err;
+  int rc;
+  unsigned char lenbuf[4];
+  size_t nread, datalen;
+  char *data, *tmpdata;
+
+  /* log_debug ("%s: started\n", __func__); */
+  while (kcd->fp)
+    {
+      /* log_debug ("%s: waiting ...\n", __func__); */
+      if (es_read (kcd->fp, lenbuf, 4, &nread))
+        {
+          err = gpg_error_from_syserror ();
+          if (gpg_err_code (err) == GPG_ERR_EAGAIN)
+            continue;
+          log_error ("error reading data length from keyboxd: %s\n",
+                     gpg_strerror (err));
+          gnupg_sleep (1);
+          continue;
+        }
+      if (nread != 4)
+        {
+          err = gpg_error (GPG_ERR_EIO);
+          log_error ("error reading data length from keyboxd: %s\n",
+                     "short read");
+          continue;
+        }
+
+      datalen = buf32_to_size_t (lenbuf);
+      /* log_debug ("keyboxd announced %zu bytes\n", datalen); */
+      if (!datalen)
+        {
+          log_info ("ignoring empty blob received from keyboxd\n");
+          continue;
+        }
+
+      if (datalen > MAX_DATABLOB_SIZE)
+        {
+          err = gpg_error (GPG_ERR_TOO_LARGE);
+          /* Drop connection or what shall we do?  */
+        }
+      else if (!(data = xtrymalloc (datalen+1)))
+        {
+          err = gpg_error_from_syserror ();
+        }
+      else if (es_read (kcd->fp, data, datalen, &nread))
+        {
+          err = gpg_error_from_syserror ();
+        }
+      else if (datalen != nread)
+        {
+          err = gpg_error (GPG_ERR_TOO_SHORT);
+        }
+      else
+        err = 0;
+
+      if (err)
+        {
+          log_error ("error reading data from keyboxd: %s <%s>\n",
+                     gpg_strerror (err), gpg_strsource (err));
+          xfree (data);
+          data = NULL;
+          datalen = 0;
+        }
+      else
+        {
+          /* log_debug ("parsing datastream succeeded\n"); */
+        }
+
+      /* Thread-safe assignment to the result var:  */
+      tmpdata = kcd->data;
+      kcd->data = data;
+      kcd->datalen = datalen;
+      kcd->dataerr = err;
+      xfree (tmpdata);
+      data = NULL;
+
+      /* Tell the main thread.  */
+      lock_datastream (kcd);
+      rc = npth_cond_signal (&kcd->cond);
+      if (rc)
+        {
+          err = gpg_error_from_errno (rc);
+          log_error ("%s: signaling condition failed: %s\n",
+                     __func__, gpg_strerror (err));
+        }
+      unlock_datastream (kcd);
+    }
+  /* log_debug ("%s: finished\n", __func__); */
+
+  return NULL;
+}
+
+
+
+/* Create a new keyboxd client data object and return it at R_KCD.
+ * CTX is the assuan context to be used for connecting the keyboxd.
+ * If dlines is set, communication is done without fd passing via
+ * D-lines.  */
+gpg_error_t
+kbx_client_data_new (kbx_client_data_t *r_kcd, assuan_context_t ctx,
+                     int dlines)
+{
+  kbx_client_data_t kcd;
+  int rc;
+  gpg_error_t err;
+
+  kcd = xtrycalloc (1, sizeof *kcd);
+  if (!kcd)
+    return gpg_error_from_syserror ();
+
+  kcd->ctx = ctx;
+
+  if (dlines)
+    goto leave;
+
+  rc = npth_mutex_init (&kcd->mutex, NULL);
+  if (rc)
+    {
+      err = gpg_error_from_errno (rc);
+      log_error ("error initializing mutex: %s\n", gpg_strerror (err));
+      xfree (kcd);
+      return err;
+    }
+  rc = npth_cond_init (&kcd->cond, NULL);
+  if (rc)
+    {
+      err = gpg_error_from_errno (rc);
+      log_error ("error initializing condition: %s\n", gpg_strerror (err));
+      npth_mutex_destroy (&kcd->mutex);
+      xfree (kcd);
+      return err;
+    }
+
+  err = prepare_data_pipe (kcd);
+  if (err)
+    {
+      npth_cond_destroy (&kcd->cond);
+      npth_mutex_destroy (&kcd->mutex);
+      xfree (kcd);
+      return err;
+    }
+
+ leave:
+  *r_kcd = kcd;
+  return 0;
+}
+
+
+void
+kbx_client_data_release (kbx_client_data_t kcd)
+{
+  estream_t fp;
+
+  if (!kcd)
+    return;
+  fp = kcd->fp;
+  kcd->fp = NULL;
+  es_fclose (fp);  /* That close should let the thread run into an error.  */
+  /* FIXME: Make thread killing explicit.  Otherwise we run in a
+   * log_fatal due to the destroyed mutex. */
+  npth_cond_destroy (&kcd->cond);
+  npth_mutex_destroy (&kcd->mutex);
+  xfree (kcd);
+}
+
+
+/* Send a simple Assuan command to the server.  */
+gpg_error_t
+kbx_client_data_simple (kbx_client_data_t kcd, const char *command)
+{
+  /* log_debug ("%s: sending command '%s'\n", __func__, command); */
+  return assuan_transact (kcd->ctx, command,
+                          NULL, NULL, NULL, NULL, NULL, NULL);
+}
+
+
+/* Send the COMMAND down to the keyboxd associated with KCD.
+ * STATUS_CB and STATUS_CB_VALUE are the usual status callback as used
+ * by assuan_transact.  After this function has returned success
+ * kbx_client_data_wait needs to be called to actually return the
+ * data.  */
+gpg_error_t
+kbx_client_data_cmd (kbx_client_data_t kcd, const char *command,
+                     gpg_error_t (*status_cb)(void *opaque, const char *line),
+                     void *status_cb_value)
+{
+  gpg_error_t err;
+
+  xfree (kcd->dlinedata);
+  kcd->dlinedata = NULL;
+  kcd->dlinedatalen = 0;
+  kcd->dlineerr = 0;
+
+  if (kcd->fp)
+    {
+      /* log_debug ("%s: sending command '%s'\n", __func__, command); */
+      err = assuan_transact (kcd->ctx, command,
+                             NULL, NULL,
+                             NULL, NULL,
+                             status_cb, status_cb_value);
+      if (err)
+        {
+          if (gpg_err_code (err) != GPG_ERR_NOT_FOUND
+              && gpg_err_code (err) != GPG_ERR_NOTHING_FOUND)
+            log_debug ("%s: finished command with error: %s\n",
+                       __func__, gpg_strerror (err));
+          /* Fixme: On unexpected errors we need a way to cancel the
+           * data stream.  Probably it will be best to close and
+           * reopen it.  */
+        }
+    }
+  else /* Slower D-line version if fd-passing is not available.  */
+    {
+      membuf_t mb;
+      size_t len;
+
+      /* log_debug ("%s: sending command '%s' (no fd-passing)\n", */
+      /*            __func__, command); */
+      init_membuf (&mb, 8192);
+      err = assuan_transact (kcd->ctx, command,
+                             put_membuf_cb, &mb,
+                             NULL, NULL,
+                             status_cb, status_cb_value);
+      if (err)
+        {
+          if (gpg_err_code (err) != GPG_ERR_NOT_FOUND
+              && gpg_err_code (err) != GPG_ERR_NOTHING_FOUND)
+            log_debug ("%s: finished command with error: %s\n",
+                       __func__, gpg_strerror (err));
+          xfree (get_membuf (&mb, &len));
+          kcd->dlineerr = err;
+          goto leave;
+        }
+
+      kcd->dlinedata = get_membuf (&mb, &kcd->dlinedatalen);
+      if (!kcd->dlinedata)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+ leave:
+  return err;
+}
+
+
+
+/* Wait for the data from the server and on success return it at
+ * (R_DATA, R_DATALEN). */
+gpg_error_t
+kbx_client_data_wait (kbx_client_data_t kcd, char **r_data, size_t *r_datalen)
+{
+  gpg_error_t err = 0;
+  int rc;
+
+  *r_data = NULL;
+  *r_datalen = 0;
+  if (kcd->fp)
+    {
+      lock_datastream (kcd);
+      if (!kcd->data && !kcd->dataerr)
+        {
+          /* log_debug ("%s: waiting on datastream_cond ...\n", __func__); */
+          rc = npth_cond_wait (&kcd->cond, &kcd->mutex);
+          if (rc)
+            {
+              err = gpg_error_from_errno (rc);
+              log_error ("%s: waiting on condition failed: %s\n",
+                         __func__, gpg_strerror (err));
+            }
+          /* else */
+          /*   log_debug ("%s: waiting on datastream.cond done\n", __func__); */
+        }
+      *r_data = kcd->data;
+      kcd->data = NULL;
+      *r_datalen = kcd->datalen;
+      err = err? err : kcd->dataerr;
+
+      unlock_datastream (kcd);
+    }
+  else
+    {
+      *r_data = kcd->dlinedata;
+      kcd->dlinedata = NULL;
+      *r_datalen = kcd->dlinedatalen;
+      err = kcd->dlineerr;
+    }
+
+  return err;
+}
diff --git a/kbx/kbx-client-util.h b/kbx/kbx-client-util.h
new file mode 100644
index 0000000..07cf78e
--- /dev/null
+++ b/kbx/kbx-client-util.h
@@ -0,0 +1,42 @@
+/* kbx-client-util.c - Defs for utility functions for a keyboxd client
+ * Copyright (C) 2020  g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef GNUPG_KBX_CLIENT_UTIL_H
+#define GNUPG_KBX_CLIENT_UTIL_H 1
+
+
+struct kbx_client_data_s;
+typedef struct kbx_client_data_s *kbx_client_data_t;
+
+gpg_error_t kbx_client_data_new (kbx_client_data_t *r_kcd,
+                                 assuan_context_t ctx, int dlines);
+void kbx_client_data_release (kbx_client_data_t kcd);
+gpg_error_t kbx_client_data_simple (kbx_client_data_t kcd, const char *command);
+gpg_error_t kbx_client_data_cmd (kbx_client_data_t kcd, const char *command,
+                                 gpg_error_t (*status_cb)(void *opaque,
+                                                          const char *line),
+                                 void *status_cb_value);
+gpg_error_t kbx_client_data_wait (kbx_client_data_t kcd,
+                                  char **r_data, size_t *r_datalen);
+
+
+
+
+#endif /*GNUPG_KBX_CLIENT_UTIL_H*/
diff --git a/kbx/kbxserver.c b/kbx/kbxserver.c
new file mode 100644
index 0000000..8a75035
--- /dev/null
+++ b/kbx/kbxserver.c
@@ -0,0 +1,1000 @@
+/* kbxserver.c - Handle Assuan commands send to the keyboxd
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "keyboxd.h"
+#include <assuan.h>
+#include "../common/i18n.h"
+#include "../common/server-help.h"
+#include "../common/userids.h"
+#include "../common/asshelp.h"
+#include "../common/host2net.h"
+#include "frontend.h"
+
+
+
+#define PARM_ERROR(t) assuan_set_error (ctx, \
+                                        gpg_error (GPG_ERR_ASS_PARAMETER), (t))
+#define set_error(e,t) (ctx ? assuan_set_error (ctx, gpg_error (e), (t)) \
+                        /**/: gpg_error (e))
+
+
+
+/* Control structure per connection. */
+struct server_local_s
+{
+  /* We keep a list of all active sessions with the anchor at
+   * SESSION_LIST (see below).  This field is used for linking. */
+  struct server_local_s *next_session;
+
+  /* The pid of the client.  */
+  pid_t client_pid;
+
+  /* Data used to associate an Assuan context with local server data */
+  assuan_context_t assuan_ctx;
+
+  /* The session id (a counter).  */
+  unsigned int session_id;
+
+  /* If this flag is set to true this process will be terminated after
+   * the end of this session.  */
+  int stopme;
+
+  /* If the first both flags are set the assuan logging of data lines
+   * is suppressed.  The count variable is used to show the number of
+   * non-logged bytes.  */
+  size_t inhibit_data_logging_count;
+  unsigned int inhibit_data_logging : 1;
+  unsigned int inhibit_data_logging_now : 1;
+
+  /* This flag is set if the last search command was called with --more.  */
+  unsigned int search_expecting_more : 1;
+
+  /* This flag is set if the last search command was successful.  */
+  unsigned int search_any_found : 1;
+
+  /* The first is the current search description as parsed by the
+   * cmd_search.  If more than one pattern is required, cmd_search
+   * also allocates and sets multi_search_desc and
+   * multi_search_desc_len.  If a search description has ever been
+   * allocated the allocated size is stored at
+   * multi_search_desc_size.  */
+  KEYBOX_SEARCH_DESC search_desc;
+  KEYBOX_SEARCH_DESC *multi_search_desc;
+  unsigned int multi_search_desc_size;
+  unsigned int multi_search_desc_len;
+
+  /* If not NULL write output to this stream instead of using D lines.  */
+  estream_t outstream;
+};
+
+
+/* To keep track of all running sessions, we link all active server
+ * contexts and anchor them at this variable.  */
+static struct server_local_s *session_list;
+
+
+
+
+
+/* Return the assuan contxt from the local server info in CTRL.  */
+static assuan_context_t
+get_assuan_ctx_from_ctrl (ctrl_t ctrl)
+{
+  if (!ctrl || !ctrl->server_local)
+    return NULL;
+  return ctrl->server_local->assuan_ctx;
+}
+
+
+/* If OUTPUT has been used prepare the output FD for use.  This needs
+ * to be called by all functions which will in any way use
+ * kbxd_write_data_line later.  Whether the output goes to the output
+ * stream is decided by this function.  */
+static gpg_error_t
+prepare_outstream (ctrl_t ctrl)
+{
+  int fd;
+
+  log_assert (ctrl && ctrl->server_local);
+
+  if (ctrl->server_local->outstream)
+    return 0;  /* Already enabled.  */
+
+  fd = translate_sys2libc_fd
+    (assuan_get_output_fd (get_assuan_ctx_from_ctrl (ctrl)), 1);
+  if (fd == -1)
+    return 0;  /* No Output command active.  */
+
+  ctrl->server_local->outstream = es_fdopen_nc (fd, "w");
+  if (!ctrl->server_local->outstream)
+    return gpg_err_code_from_syserror ();
+  return 0;
+}
+
+
+/* The usual writen function; here with diagnostic output.  */
+static gpg_error_t
+kbxd_writen (estream_t fp, const void *buffer, size_t length)
+{
+  gpg_error_t err;
+  size_t nwritten;
+
+  if (es_write (fp, buffer, length, &nwritten))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error writing OUTPUT: %s\n", gpg_strerror (err));
+    }
+  else if (length != nwritten)
+    {
+      err = gpg_error (GPG_ERR_EIO);
+      log_error ("error writing OUTPUT: %s\n", "short write");
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+/* A wrapper around assuan_send_data which makes debugging the output
+ * in verbose mode easier.  It also takes CTRL as argument.  */
+gpg_error_t
+kbxd_write_data_line (ctrl_t ctrl, const void *buffer_arg, size_t size)
+{
+  const char *buffer = buffer_arg;
+  assuan_context_t ctx = get_assuan_ctx_from_ctrl (ctrl);
+  gpg_error_t err;
+
+  if (!ctx) /* Oops - no assuan context.  */
+    return gpg_error (GPG_ERR_NOT_PROCESSED);
+
+  /* Write toa file descriptor if enabled.  */
+  if (ctrl && ctrl->server_local && ctrl->server_local->outstream)
+    {
+      unsigned char lenbuf[4];
+
+      ulongtobuf (lenbuf, size);
+      err = kbxd_writen (ctrl->server_local->outstream, lenbuf, 4);
+      if (!err)
+        err = kbxd_writen (ctrl->server_local->outstream, buffer, size);
+      if (!err && es_fflush (ctrl->server_local->outstream))
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("error writing OUTPUT: %s\n", gpg_strerror (err));
+        }
+
+      goto leave;
+    }
+
+  /* If we do not want logging, enable it here.  */
+  if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
+    ctrl->server_local->inhibit_data_logging_now = 1;
+
+  if (0 && opt.verbose && buffer && size)
+    {
+      /* Ease reading of output by limiting the line length.  */
+      size_t n, nbytes;
+
+      nbytes = size;
+      do
+        {
+          n = nbytes > 64? 64 : nbytes;
+          err = assuan_send_data (ctx, buffer, n);
+          if (err)
+            {
+              gpg_err_set_errno (EIO);
+              goto leave;
+            }
+          buffer += n;
+          nbytes -= n;
+          if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
+            {
+              gpg_err_set_errno (EIO);
+              goto leave;
+            }
+        }
+      while (nbytes);
+    }
+  else
+    {
+      err = assuan_send_data (ctx, buffer, size);
+      if (err)
+        {
+          gpg_err_set_errno (EIO);  /* For use by data_line_cookie_write.  */
+          goto leave;
+        }
+    }
+
+ leave:
+  if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
+    {
+      ctrl->server_local->inhibit_data_logging_count += size;
+      ctrl->server_local->inhibit_data_logging_now = 0;
+    }
+
+  return err;
+}
+
+
+
+/* Helper to print a message while leaving a command.  */
+static gpg_error_t
+leave_cmd (assuan_context_t ctx, gpg_error_t err)
+{
+  if (err && opt.verbose)
+    {
+      const char *name = assuan_get_command_name (ctx);
+      if (!name)
+        name = "?";
+      if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
+        log_error ("command '%s' failed: %s\n", name,
+                   gpg_strerror (err));
+      else
+        log_error ("command '%s' failed: %s <%s>\n", name,
+                   gpg_strerror (err), gpg_strsource (err));
+    }
+  return err;
+}
+
+
+
+/* Handle OPTION commands. */
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+
+  if (!strcmp (key, "lc-messages"))
+    {
+      if (ctrl->lc_messages)
+        xfree (ctrl->lc_messages);
+      ctrl->lc_messages = xtrystrdup (value);
+      if (!ctrl->lc_messages)
+        return out_of_core ();
+    }
+  else
+    err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+
+  return err;
+}
+
+
+
+static const char hlp_search[] =
+  "SEARCH [--no-data] [--openpgp|--x509] [[--more] PATTERN]\n"
+  "\n"
+  "Search for the keys identified by PATTERN.  With --more more\n"
+  "patterns to be used for the search are expected with the next\n"
+  "command.  With --no-data only the search status is returned but\n"
+  "not the actual data.  With --openpgp or --x509 only the respective\n"
+  "keys are returned.  See also \"NEXT\".";
+static gpg_error_t
+cmd_search (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int opt_more, opt_no_data, opt_openpgp, opt_x509;
+  gpg_error_t err;
+  unsigned int n, k;
+
+  opt_no_data = has_option (line, "--no-data");
+  opt_more = has_option (line, "--more");
+  opt_openpgp = has_option (line, "--openpgp");
+  opt_x509 = has_option (line, "--x509");
+  line = skip_options (line);
+
+  ctrl->server_local->search_any_found = 0;
+
+  if (!*line)
+    {
+      if (opt_more)
+        {
+          err = set_error (GPG_ERR_INV_ARG, "--more but no pattern");
+          goto leave;
+        }
+      else if (!*line && ctrl->server_local->search_expecting_more)
+        {
+          /* It would be too surprising to first set a pattern but
+           * finally add no pattern to search the entire DB.  */
+          err = set_error (GPG_ERR_INV_ARG, "--more pending but no pattern");
+          goto leave;
+        }
+      else /* No pattern - return the first item.  */
+        {
+          memset (&ctrl->server_local->search_desc, 0,
+                  sizeof ctrl->server_local->search_desc);
+          ctrl->server_local->search_desc.mode = KEYDB_SEARCH_MODE_FIRST;
+        }
+    }
+  else
+    {
+      err = classify_user_id (line, &ctrl->server_local->search_desc, 0);
+      if (err)
+        goto leave;
+    }
+
+  if (opt_more || ctrl->server_local->search_expecting_more)
+    {
+      /* More pattern are expected - store the current one and return
+       * success.  */
+      if (!ctrl->server_local->multi_search_desc_size)
+        {
+          n = 10;
+          ctrl->server_local->multi_search_desc
+            = xtrycalloc (n, sizeof *ctrl->server_local->multi_search_desc);
+          if (!ctrl->server_local->multi_search_desc)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          ctrl->server_local->multi_search_desc_size = n;
+        }
+
+      if (ctrl->server_local->multi_search_desc_len
+          == ctrl->server_local->multi_search_desc_size)
+        {
+          KEYBOX_SEARCH_DESC *desc;
+          n = ctrl->server_local->multi_search_desc_size + 10;
+          desc = xtrycalloc (n, sizeof *desc);
+          if (!desc)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          for (k=0; k < ctrl->server_local->multi_search_desc_size; k++)
+            desc[k] = ctrl->server_local->multi_search_desc[k];
+          xfree (ctrl->server_local->multi_search_desc);
+          ctrl->server_local->multi_search_desc = desc;
+          ctrl->server_local->multi_search_desc_size = n;
+        }
+      /* Actually store.  */
+      ctrl->server_local->multi_search_desc
+        [ctrl->server_local->multi_search_desc_len++]
+        = ctrl->server_local->search_desc;
+
+      if (opt_more)
+        {
+          /* We need to be called aagain with more pattern.  */
+          ctrl->server_local->search_expecting_more = 1;
+          goto leave;
+        }
+      ctrl->server_local->search_expecting_more = 0;
+      /* Continue with the actual search.  */
+    }
+  else
+    ctrl->server_local->multi_search_desc_len = 0;
+
+  ctrl->server_local->inhibit_data_logging = 1;
+  ctrl->server_local->inhibit_data_logging_now = 0;
+  ctrl->server_local->inhibit_data_logging_count = 0;
+  ctrl->no_data_return = opt_no_data;
+  ctrl->filter_opgp = opt_openpgp;
+  ctrl->filter_x509 = opt_x509;
+  err = prepare_outstream (ctrl);
+  if (err)
+    ;
+  else if (ctrl->server_local->multi_search_desc_len)
+    err = kbxd_search (ctrl, ctrl->server_local->multi_search_desc,
+                       ctrl->server_local->multi_search_desc_len, 1);
+  else
+    err = kbxd_search (ctrl, &ctrl->server_local->search_desc, 1, 1);
+  if (err)
+    goto leave;
+
+  /* Set a flag for use by NEXT.  */
+  ctrl->server_local->search_any_found = 1;
+
+ leave:
+  if (err)
+    ctrl->server_local->multi_search_desc_len = 0;
+  ctrl->no_data_return = 0;
+  ctrl->server_local->inhibit_data_logging = 0;
+  return leave_cmd (ctx, err);
+}
+
+
+static const char hlp_next[] =
+  "NEXT [--no-data]\n"
+  "\n"
+  "Get the next search result from a previous search.";
+static gpg_error_t
+cmd_next (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int opt_no_data;
+  gpg_error_t err;
+
+  opt_no_data = has_option (line, "--no-data");
+  line = skip_options (line);
+
+  if (*line)
+    {
+      err = set_error (GPG_ERR_INV_ARG, "no args expected");
+      goto leave;
+    }
+
+  if (!ctrl->server_local->search_any_found)
+    {
+      err = set_error (GPG_ERR_NOTHING_FOUND, "no previous SEARCH");
+      goto leave;
+    }
+
+  ctrl->server_local->inhibit_data_logging = 1;
+  ctrl->server_local->inhibit_data_logging_now = 0;
+  ctrl->server_local->inhibit_data_logging_count = 0;
+  ctrl->no_data_return = opt_no_data;
+  err = prepare_outstream (ctrl);
+  if (err)
+    ;
+  else if (ctrl->server_local->multi_search_desc_len)
+    {
+      /* The next condition should never be tru but we better handle
+       * the first/next transition anyway.  */
+      if (ctrl->server_local->multi_search_desc[0].mode
+          == KEYDB_SEARCH_MODE_FIRST)
+        ctrl->server_local->multi_search_desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+      err = kbxd_search (ctrl, ctrl->server_local->multi_search_desc,
+                         ctrl->server_local->multi_search_desc_len, 0);
+    }
+  else
+    {
+      /* We need to do the transition from first to next here.  */
+      if (ctrl->server_local->search_desc.mode == KEYDB_SEARCH_MODE_FIRST)
+        ctrl->server_local->search_desc.mode = KEYDB_SEARCH_MODE_NEXT;
+
+      err = kbxd_search (ctrl, &ctrl->server_local->search_desc, 1, 0);
+    }
+  if (err)
+    goto leave;
+
+ leave:
+  ctrl->no_data_return = 0;
+  ctrl->server_local->inhibit_data_logging = 0;
+  return leave_cmd (ctx, err);
+}
+
+
+static const char hlp_store[] =
+  "STORE [--update|--insert]\n"
+  "\n"
+  "Insert a key into the database.  Whether to insert or update\n"
+  "the key is decided by looking at the primary key's fingerprint.\n"
+  "With option --update the key must already exist.\n"
+  "With option --insert the key must not already exist.\n"
+  "The actual key material is requested by this function using\n"
+  "  INQUIRE BLOB";
+static gpg_error_t
+cmd_store (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int opt_update, opt_insert;
+  enum kbxd_store_modes mode;
+  gpg_error_t err;
+  unsigned char *value = NULL;
+  size_t valuelen;
+
+  opt_update = has_option (line, "--update");
+  opt_insert = has_option (line, "--insert");
+  line = skip_options (line);
+  if (*line)
+    {
+      err = set_error (GPG_ERR_INV_ARG, "no args expected");
+      goto leave;
+    }
+  if (opt_update && !opt_insert)
+    mode = KBXD_STORE_UPDATE;
+  else if (!opt_update && opt_insert)
+    mode = KBXD_STORE_INSERT;
+  else
+    mode = KBXD_STORE_AUTO;
+
+  /* Ask for the key material.  */
+  err = assuan_inquire (ctx, "BLOB", &value, &valuelen, 0);
+  if (err)
+    {
+      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
+      goto leave;
+    }
+
+  if (!valuelen) /* No data received. */
+    {
+      err = gpg_error (GPG_ERR_MISSING_VALUE);
+      goto leave;
+    }
+
+  err = kbxd_store (ctrl, value, valuelen, mode);
+
+
+ leave:
+  xfree (value);
+  return leave_cmd (ctx, err);
+}
+
+
+static const char hlp_delete[] =
+  "DELETE <ubid> \n"
+  "\n"
+  "Delete a key into the database.  The UBID identifies the key.\n";
+static gpg_error_t
+cmd_delete (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err;
+  int n;
+  unsigned char ubid[UBID_LEN];
+
+  line = skip_options (line);
+  if (!*line)
+    {
+      err = set_error (GPG_ERR_INV_ARG, "UBID missing");
+      goto leave;
+    }
+
+  /* Skip an optional UBID identifier character.  */
+  if (*line == '^' && line[1])
+    line++;
+  if ((n=hex2bin (line, ubid, UBID_LEN)) < 0)
+    {
+      err = set_error (GPG_ERR_INV_USER_ID, "invalid UBID");
+      goto leave;
+    }
+  if (line[n])
+    {
+      err = set_error (GPG_ERR_INV_ARG, "garbage after UBID");
+      goto leave;
+    }
+
+  err = kbxd_delete (ctrl, ubid);
+
+
+ leave:
+  return leave_cmd (ctx, err);
+}
+
+
+
+static const char hlp_transaction[] =
+  "TRANSACTION [begin|commit|rollback]\n"
+  "\n"
+  "For bulk import of data it is often useful to run everything\n"
+  "in one transaction.  This can be achieved with this command.\n"
+  "If the last connection of client is closed before a commit\n"
+  "or rollback an implicit rollback is done.  With no argument\n"
+  "the status of the current transaction is returned.";
+static gpg_error_t
+cmd_transaction (assuan_context_t ctx, char *line)
+{
+  gpg_error_t err = 0;
+
+  line = skip_options (line);
+
+  if (!strcmp (line, "begin"))
+    {
+      /* Note that we delay the actual transaction until we have to
+       * use SQL. */
+      if (opt.in_transaction)
+        err = set_error (GPG_ERR_CONFLICT, "already in a transaction");
+      else
+        {
+          opt.in_transaction = 1;
+          opt.transaction_pid = assuan_get_pid (ctx);
+        }
+    }
+  else if (!strcmp (line, "commit"))
+    {
+      if (!opt.in_transaction)
+        err = set_error (GPG_ERR_CONFLICT, "not in a transaction");
+      else if (opt.transaction_pid != assuan_get_pid (ctx))
+        err = set_error (GPG_ERR_CONFLICT, "other client is in a transaction");
+      else
+        err = kbxd_commit ();
+    }
+  else if (!strcmp (line, "rollback"))
+    {
+      if (!opt.in_transaction)
+        err = set_error (GPG_ERR_CONFLICT, "not in a transaction");
+      else if (opt.transaction_pid != assuan_get_pid (ctx))
+        err = set_error (GPG_ERR_CONFLICT, "other client is in a transaction");
+      else
+        err = kbxd_rollback ();
+    }
+  else if (!*line)
+    {
+      if (opt.in_transaction && opt.transaction_pid == assuan_get_pid (ctx))
+        err = assuan_set_okay_line (ctx, opt.active_transaction?
+                                    "active transaction" :
+                                    "pending transaction");
+      else if (opt.in_transaction)
+        err = assuan_set_okay_line (ctx, opt.active_transaction?
+                                    "active transaction on other client" :
+                                    "pending transaction on other client");
+      else
+        err = set_error (GPG_ERR_FALSE, "no transaction");
+    }
+  else
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER, "unknown transaction command");
+    }
+
+
+  return leave_cmd (ctx, err);
+}
+
+
+
+static const char hlp_getinfo[] =
+  "GETINFO <what>\n"
+  "\n"
+  "Multi purpose command to return certain information.  \n"
+  "Supported values of WHAT are:\n"
+  "\n"
+  "version     - Return the version of the program.\n"
+  "pid         - Return the process id of the server.\n"
+  "socket_name - Return the name of the socket.\n"
+  "session_id  - Return the current session_id.\n"
+  "getenv NAME - Return value of envvar NAME\n";
+static gpg_error_t
+cmd_getinfo (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err;
+  char numbuf[50];
+
+  if (!strcmp (line, "version"))
+    {
+      const char *s = VERSION;
+      err = assuan_send_data (ctx, s, strlen (s));
+    }
+  else if (!strcmp (line, "pid"))
+    {
+      snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
+      err = assuan_send_data (ctx, numbuf, strlen (numbuf));
+    }
+  else if (!strcmp (line, "socket_name"))
+    {
+      const char *s = get_kbxd_socket_name ();
+      if (!s)
+        s = "[none]";
+      err = assuan_send_data (ctx, s, strlen (s));
+    }
+  else if (!strcmp (line, "session_id"))
+    {
+      snprintf (numbuf, sizeof numbuf, "%u", ctrl->server_local->session_id);
+      err = assuan_send_data (ctx, numbuf, strlen (numbuf));
+    }
+  else if (!strncmp (line, "getenv", 6)
+           && (line[6] == ' ' || line[6] == '\t' || !line[6]))
+    {
+      line += 6;
+      while (*line == ' ' || *line == '\t')
+        line++;
+      if (!*line)
+        err = gpg_error (GPG_ERR_MISSING_VALUE);
+      else
+        {
+          const char *s = getenv (line);
+          if (!s)
+            err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
+          else
+            err = assuan_send_data (ctx, s, strlen (s));
+        }
+    }
+  else
+    err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
+
+  return leave_cmd (ctx, err);
+}
+
+
+
+static const char hlp_killkeyboxd[] =
+  "KILLKEYBOXD\n"
+  "\n"
+  "This command allows a user - given sufficient permissions -\n"
+  "to kill this keyboxd process.\n";
+static gpg_error_t
+cmd_killkeyboxd (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+
+  (void)line;
+
+  ctrl->server_local->stopme = 1;
+  assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
+  return 0;
+}
+
+
+static const char hlp_reloadkeyboxd[] =
+  "RELOADKEYBOXD\n"
+  "\n"
+  "This command is an alternative to SIGHUP\n"
+  "to reload the configuration.";
+static gpg_error_t
+cmd_reloadkeyboxd (assuan_context_t ctx, char *line)
+{
+  (void)ctx;
+  (void)line;
+
+  kbxd_sighup_action ();
+  return 0;
+}
+
+
+static const char hlp_output[] =
+  "OUTPUT FD[=<n>]\n"
+  "\n"
+  "Set the file descriptor to write the output data to N.  If N is not\n"
+  "given and the operating system supports file descriptor passing, the\n"
+  "file descriptor currently in flight will be used.";
+
+
+/* Tell the assuan library about our commands. */
+static int
+register_commands (assuan_context_t ctx)
+{
+  static struct {
+    const char *name;
+    assuan_handler_t handler;
+    const char * const help;
+  } table[] = {
+    { "SEARCH",     cmd_search,     hlp_search },
+    { "NEXT",       cmd_next,       hlp_next   },
+    { "STORE",      cmd_store,      hlp_store  },
+    { "DELETE",     cmd_delete,     hlp_delete  },
+    { "TRANSACTION",cmd_transaction,hlp_transaction },
+    { "GETINFO",    cmd_getinfo,    hlp_getinfo },
+    { "OUTPUT",     NULL,           hlp_output },
+    { "KILLKEYBOXD",cmd_killkeyboxd,hlp_killkeyboxd },
+    { "RELOADKEYBOXD",cmd_reloadkeyboxd,hlp_reloadkeyboxd },
+    { NULL, NULL }
+  };
+  int i, j, rc;
+
+  for (i=j=0; table[i].name; i++)
+    {
+      rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+                                    table[i].help);
+      if (rc)
+        return rc;
+    }
+  return 0;
+}
+
+
+/* Note that we do not reset the list of configured keyservers.  */
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+
+  (void)line;
+  (void)ctrl;
+
+  return 0;
+}
+
+
+/* This function is called by our assuan log handler to test whether a
+ * log message shall really be printed.  The function must return
+ * false to inhibit the logging of MSG.  CAT gives the requested log
+ * category.  MSG might be NULL. */
+int
+kbxd_assuan_log_monitor (assuan_context_t ctx, unsigned int cat,
+                         const char *msg)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+
+  (void)cat;
+  (void)msg;
+
+  if (!ctrl || !ctrl->server_local)
+    return 1; /* Can't decide - allow logging.  */
+
+  if (!ctrl->server_local->inhibit_data_logging)
+    return 1; /* Not requested - allow logging.  */
+
+  /* Disallow logging if *_now is true.  */
+  return !ctrl->server_local->inhibit_data_logging_now;
+}
+
+
+/* Startup the server and run the main command loop.  With FD = -1,
+ * use stdin/stdout.  SESSION_ID is either 0 or a unique number
+ * identifying a session. */
+void
+kbxd_start_command_handler (ctrl_t ctrl, gnupg_fd_t fd, unsigned int session_id)
+{
+  static const char hello[] = "Keyboxd " VERSION " at your service";
+  static char *hello_line;
+  int rc;
+  assuan_context_t ctx;
+
+  ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
+  if (!ctrl->server_local)
+    {
+      log_error (_("can't allocate control structure: %s\n"),
+                 gpg_strerror (gpg_error_from_syserror ()));
+      xfree (ctrl);
+      return;
+    }
+  ctrl->server_local->client_pid = ASSUAN_INVALID_PID;
+
+  rc = assuan_new (&ctx);
+  if (rc)
+    {
+      log_error (_("failed to allocate assuan context: %s\n"),
+		 gpg_strerror (rc));
+      kbxd_exit (2);
+    }
+
+  if (fd == GNUPG_INVALID_FD)
+    {
+      assuan_fd_t filedes[2];
+
+      filedes[0] = assuan_fdopen (0);
+      filedes[1] = assuan_fdopen (1);
+      rc = assuan_init_pipe_server (ctx, filedes);
+    }
+  else
+    {
+      rc = assuan_init_socket_server (ctx, fd,
+                                      (ASSUAN_SOCKET_SERVER_ACCEPTED
+                                       |ASSUAN_SOCKET_SERVER_FDPASSING));
+    }
+
+  if (rc)
+    {
+      assuan_release (ctx);
+      log_error (_("failed to initialize the server: %s\n"),
+                 gpg_strerror (rc));
+      kbxd_exit (2);
+    }
+
+  rc = register_commands (ctx);
+  if (rc)
+    {
+      log_error (_("failed to the register commands with Assuan: %s\n"),
+                 gpg_strerror(rc));
+      kbxd_exit (2);
+    }
+
+
+  if (!hello_line)
+    {
+      hello_line = xtryasprintf
+        ("Home: %s\n"
+         "Config: %s\n"
+         "%s",
+         gnupg_homedir (),
+         /*opt.config_filename? opt.config_filename :*/ "[none]",
+         hello);
+    }
+
+  ctrl->server_local->assuan_ctx = ctx;
+  assuan_set_pointer (ctx, ctrl);
+
+  assuan_set_hello_line (ctx, hello_line);
+  assuan_register_option_handler (ctx, option_handler);
+  assuan_register_reset_notify (ctx, reset_notify);
+
+  ctrl->server_local->session_id = session_id;
+
+  /* Put the session int a list.  */
+  ctrl->server_local->next_session = session_list;
+  session_list = ctrl->server_local;
+
+
+  /* The next call enable the use of status_printf.  */
+  set_assuan_context_func (get_assuan_ctx_from_ctrl);
+
+  for (;;)
+    {
+      rc = assuan_accept (ctx);
+      if (rc == -1)
+        break;
+      if (rc)
+        {
+          log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc));
+          break;
+        }
+
+#ifndef HAVE_W32_SYSTEM
+      if (opt.verbose)
+        {
+	  assuan_peercred_t peercred;
+
+          if (!assuan_get_peercred (ctx, &peercred))
+            log_info ("connection from process %ld (%ld:%ld)\n",
+                      (long)peercred->pid, (long)peercred->uid,
+		      (long)peercred->gid);
+        }
+#endif
+      ctrl->server_local->client_pid = assuan_get_pid (ctx);
+
+      rc = assuan_process (ctx);
+      if (rc)
+        {
+          log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc));
+          continue;
+        }
+    }
+
+  if (opt.in_transaction
+      && opt.transaction_pid == ctrl->server_local->client_pid)
+    {
+      struct server_local_s *sl;
+      pid_t thispid = ctrl->server_local->client_pid;
+      int npids = 0;
+
+      /* Only if this is the last connection rollback the transaction.  */
+      for (sl = session_list; sl; sl = sl->next_session)
+        if (sl->client_pid == thispid)
+          npids++;
+
+      if (npids == 1)
+        kbxd_rollback ();
+    }
+
+  assuan_close_output_fd (ctx);
+
+  set_assuan_context_func (NULL);
+  ctrl->server_local->assuan_ctx = NULL;
+  assuan_release (ctx);
+
+  if (ctrl->server_local->stopme)
+    kbxd_exit (0);
+
+  if (ctrl->refcount)
+    log_error ("oops: connection control structure still referenced (%d)\n",
+               ctrl->refcount);
+  else
+    {
+      if (session_list == ctrl->server_local)
+        session_list = ctrl->server_local->next_session;
+      else
+        {
+          struct server_local_s *sl;
+
+          for (sl=session_list; sl->next_session; sl = sl->next_session)
+            if (sl->next_session == ctrl->server_local)
+              break;
+          if (!sl->next_session)
+            BUG ();
+          sl->next_session = ctrl->server_local->next_session;
+        }
+
+      xfree (ctrl->server_local->multi_search_desc);
+      xfree (ctrl->server_local);
+      ctrl->server_local = NULL;
+    }
+}
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
index 9e05de4..9115144 100644
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@@ -15,9 +15,11 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
+
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -30,7 +32,6 @@
 
 #include <gpg-error.h>
 #include "../common/logging.h"
-#include "../common/argparse.h"
 #include "../common/stringhelp.h"
 #include "../common/utf8conv.h"
 #include "../common/i18n.h"
@@ -67,7 +68,7 @@ enum cmd_and_opt_values {
 };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   { 300, NULL, 0, N_("@Commands:\n ") },
 
 /*   { aFindByFpr,  "find-by-fpr", 0, "|FPR| find key using it's fingerprnt" }, */
@@ -104,27 +105,31 @@ int keybox_errors_seen = 0;
 static const char *
 my_strusage( int level )
 {
-    const char *p;
-    switch( level ) {
-      case 11: p = "kbxutil (@GNUPG@)";
-	break;
-      case 13: p = VERSION; break;
-      case 17: p = PRINTABLE_OS_NAME; break;
-      case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
-
-      case 1:
-      case 40:	p =
-	    _("Usage: kbxutil [options] [files] (-h for help)");
-	break;
-      case 41:	p =
-	    _("Syntax: kbxutil [options] [files]\n"
-	      "List, export, import Keybox data\n");
-	break;
-
-
-      default:	p = NULL;
+  const char *p;
+
+  switch (level)
+    {
+    case  9: p = "GPL-3.0-or-later"; break;
+    case 11: p = "kbxutil (@GNUPG@)";
+      break;
+    case 13: p = VERSION; break;
+    case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+    case 1:
+    case 40:	p =
+        _("Usage: kbxutil [options] [files] (-h for help)");
+      break;
+    case 41:	p =
+        _("Syntax: kbxutil [options] [files]\n"
+          "List, export, import Keybox data\n");
+      break;
+
+
+    default:	p = NULL;
     }
-    return p;
+  return p;
 }
 
 
@@ -137,14 +142,14 @@ my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
   /* Map the log levels.  */
   switch (level)
     {
-    case GCRY_LOG_CONT: level = GPGRT_LOG_CONT; break;
-    case GCRY_LOG_INFO: level = GPGRT_LOG_INFO; break;
-    case GCRY_LOG_WARN: level = GPGRT_LOG_WARN; break;
-    case GCRY_LOG_ERROR:level = GPGRT_LOG_ERROR; break;
-    case GCRY_LOG_FATAL:level = GPGRT_LOG_FATAL; break;
-    case GCRY_LOG_BUG:  level = GPGRT_LOG_BUG; break;
-    case GCRY_LOG_DEBUG:level = GPGRT_LOG_DEBUG; break;
-    default:            level = GPGRT_LOG_ERROR; break;
+    case GCRY_LOG_CONT: level = GPGRT_LOGLVL_CONT; break;
+    case GCRY_LOG_INFO: level = GPGRT_LOGLVL_INFO; break;
+    case GCRY_LOG_WARN: level = GPGRT_LOGLVL_WARN; break;
+    case GCRY_LOG_ERROR:level = GPGRT_LOGLVL_ERROR; break;
+    case GCRY_LOG_FATAL:level = GPGRT_LOGLVL_FATAL; break;
+    case GCRY_LOG_BUG:  level = GPGRT_LOGLVL_BUG; break;
+    case GCRY_LOG_DEBUG:level = GPGRT_LOGLVL_DEBUG; break;
+    default:            level = GPGRT_LOGLVL_ERROR; break;
     }
   log_logv (level, fmt, arg_ptr);
 }
@@ -233,7 +238,7 @@ format_keyid ( const char *s, u32 *kid )
 static char *
 read_file (const char *fname, size_t *r_length)
 {
-  FILE *fp;
+  estream_t fp;
   char *buf;
   size_t buflen;
 
@@ -241,7 +246,7 @@ read_file (const char *fname, size_t *r_length)
     {
       size_t nread, bufsize = 0;
 
-      fp = stdin;
+      fp = es_stdin;
       buf = NULL;
       buflen = 0;
 #define NCHUNK 8192
@@ -255,8 +260,8 @@ read_file (const char *fname, size_t *r_length)
           if (!buf)
             log_fatal ("can't allocate buffer: %s\n", strerror (errno));
 
-          nread = fread (buf+buflen, 1, NCHUNK, fp);
-          if (nread < NCHUNK && ferror (fp))
+          nread = es_fread (buf+buflen, 1, NCHUNK, fp);
+          if (nread < NCHUNK && es_ferror (fp))
             {
               log_error ("error reading '[stdin]': %s\n", strerror (errno));
               xfree (buf);
@@ -272,17 +277,17 @@ read_file (const char *fname, size_t *r_length)
     {
       struct stat st;
 
-      fp = gnupg_fopen (fname, "rb");
+      fp = es_fopen (fname, "rb");
       if (!fp)
         {
           log_error ("can't open '%s': %s\n", fname, strerror (errno));
           return NULL;
         }
 
-      if (fstat (fileno(fp), &st))
+      if (fstat (es_fileno(fp), &st))
         {
           log_error ("can't stat '%s': %s\n", fname, strerror (errno));
-          fclose (fp);
+          es_fclose (fp);
           return NULL;
         }
 
@@ -290,14 +295,14 @@ read_file (const char *fname, size_t *r_length)
       buf = xtrymalloc (buflen+1);
       if (!buf)
         log_fatal ("can't allocate buffer: %s\n", strerror (errno));
-      if (fread (buf, buflen, 1, fp) != 1)
+      if (es_fread (buf, buflen, 1, fp) != 1)
         {
           log_error ("error reading '%s': %s\n", fname, strerror (errno));
-          fclose (fp);
+          es_fclose (fp);
           xfree (buf);
           return NULL;
         }
-      fclose (fp);
+      es_fclose (fp);
     }
 
   *r_length = buflen;
@@ -461,16 +466,15 @@ import_openpgp (const char *filename, int dryrun)
 
 
 int
-main( int argc, char **argv )
+main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   enum cmd_and_opt_values cmd = 0;
-  unsigned long from = 0;
-  unsigned long to = ULONG_MAX;
+  unsigned long from = 0, to = ULONG_MAX;
   int dry_run = 0;
 
   early_system_init ();
-  set_strusage( my_strusage );
+  gpgrt_set_strusage( my_strusage );
   gcry_control (GCRYCTL_DISABLE_SECMEM);
   log_set_prefix ("kbxutil", GPGRT_LOG_WITH_PREFIX);
 
@@ -489,7 +493,7 @@ main( int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL,&pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -524,8 +528,7 @@ main( int argc, char **argv )
           break;
 	}
     }
-
-  gnupg_argparse (NULL, &pargs, NULL);
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (to < from)
     log_error ("record number of \"--to\" is lower than \"--from\" one\n");
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index ac259ea..a0ba405 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -62,7 +62,8 @@
            2 = OpenPGP
            3 = X509
    - byte Version number of this blob type
-           1 = The only defined value
+           1 = Blob with 20 byte fingerprints
+           2 = Blob with 32 byte fingerprints and no keyids.
    - u16  Blob flags
           bit 0 = contains secret key material (not used)
           bit 1 = ephemeral blob (e.g. used while querying external resources)
@@ -70,19 +71,36 @@
           certificate
    - u32  The length of the keyblock or certificate
    - u16  [NKEYS] Number of keys (at least 1!) [X509: always 1]
-   - u16  Size of the key information structure (at least 28).
+   - u16  Size of the key information structure (at least 28 or 56).
    - NKEYS times:
+     Version 1 blob:
       - b20  The fingerprint of the key.
              Fingerprints are always 20 bytes, MD5 left padded with zeroes.
       - u32  Offset to the n-th key's keyID (a keyID is always 8 byte)
              or 0 if not known which is the case only for X.509.
+             Note that this separate keyid is not anymore used by
+             gnupg since the support for v3 keys has been removed.
+             We create this field anyway for backward compatibility with
+             old EOL-ed versions.  Eventually we will completely move
+             to the version 2 blob format.
       - u16  Key flags
              bit 0 = qualified signature (not yet implemented}
       - u16  RFU
       - bN   Optional filler up to the specified length of this
              structure.
+     Version 2 blob:
+      - b32  The fingerprint of the key.  This fingerprint is
+             either 20 or 32 bytes.  A 20 byte fingerprint is
+             right filled with zeroes.
+      - u16  Key flags
+             bit 0 = qualified signature (not yet implemented}
+             bit 7 = 32 byte fingerprint in use.
+      - u16  RFU
+      - b20  keygrip
+      - bN   Optional filler up to the specified length of this
+             structure.
    - u16  Size of the serial number (may be zero)
-      -  bN  The serial number. N as giiven above.
+      -  bN  The serial number. N as given above.
    - u16  Number of user IDs
    - u16  [NUIDS] Size of user ID information structure
    - NUIDS times:
@@ -125,7 +143,7 @@
           IDs go here.
    - bN   Space for the keyblock or certificate.
    - bN   RFU.  This is the remaining space after keyblock and before
-          the checksum.  It is not covered by the checksum.
+          the checksum.  Not part of the SHA-1 checksum.
    - b20  SHA-1 checksum (useful for KS synchronization?)
           Note, that KBX versions before GnuPG 2.1 used an MD5
           checksum.  However it was only created but never checked.
@@ -155,6 +173,10 @@
 
 
 #include "../common/gettime.h"
+#include "../common/host2net.h"
+
+
+#define get32(a) buf32_to_ulong ((a))
 
 
 /* special values of the signature status */
@@ -172,15 +194,12 @@ struct membuf {
 };
 
 
-/*  #if MAX_FINGERPRINT_LEN < 20 */
-/*    #error fingerprints are 20 bytes */
-/*  #endif */
-
 struct keyboxblob_key {
-  char   fpr[20];
+  char   fpr[32];
   u32    off_kid;
   ulong  off_kid_addr;
   u16    flags;
+  u16    fprlen;  /* Either 20 or 32 */
 };
 struct keyboxblob_uid {
   u32    off;
@@ -380,10 +399,9 @@ pgp_create_key_part_single (KEYBOXBLOB blob, int n,
   int off;
 
   fprlen = kinfo->fprlen;
-  if (fprlen > 20)
-    fprlen = 20;
   memcpy (blob->keys[n].fpr, kinfo->fpr, fprlen);
-  if (fprlen != 20) /* v3 fpr - shift right and fill with zeroes. */
+  blob->keys[n].fprlen = fprlen;
+  if (fprlen < 20) /* v3 fpr - shift right and fill with zeroes. */
     {
       memmove (blob->keys[n].fpr + 20 - fprlen, blob->keys[n].fpr, fprlen);
       memset (blob->keys[n].fpr, 0, 20 - fprlen);
@@ -533,30 +551,51 @@ release_kid_list (struct keyid_list *kl)
 }
 
 
-
+/* Create a new blob header.  If WANT_FPR32 is set a version 2 blob is
+ * created.  */
 static int
-create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
+create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral,
+                    int want_fpr32)
 {
   struct membuf *a = blob->buf;
   int i;
 
   put32 ( a, 0 ); /* blob length, needs fixup */
   put8 ( a, blobtype);
-  put8 ( a, 1 );  /* blob type version */
-  put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
+  put8 ( a, want_fpr32? 2:1 );  /* blob type version */
+  put16 ( a, as_ephemeral? 6:4 ); /* blob flags */
 
   put32 ( a, 0 ); /* offset to the raw data, needs fixup */
   put32 ( a, 0 ); /* length of the raw data, needs fixup */
 
   put16 ( a, blob->nkeys );
-  put16 ( a, 20 + 4 + 2 + 2 );  /* size of key info */
+  if (want_fpr32)
+    put16 ( a, 32 + 2 + 2 + 20);  /* size of key info */
+  else
+    put16 ( a, 20 + 4 + 2 + 2 );  /* size of key info */
   for ( i=0; i < blob->nkeys; i++ )
     {
-      put_membuf (a, blob->keys[i].fpr, 20);
-      blob->keys[i].off_kid_addr = a->len;
-      put32 ( a, 0 ); /* offset to keyid, fixed up later */
-      put16 ( a, blob->keys[i].flags );
-      put16 ( a, 0 ); /* reserved */
+      if (want_fpr32)
+        {
+          put_membuf (a, blob->keys[i].fpr, blob->keys[i].fprlen);
+          blob->keys[i].off_kid_addr = a->len;
+          if (blob->keys[i].fprlen == 32)
+            put16 ( a, (blob->keys[i].flags | 0x80));
+          else
+            put16 ( a, blob->keys[i].flags);
+          put16 ( a, 0 ); /* reserved */
+          /* FIXME: Put the real grip here instead of the filler.  */
+          put_membuf (a, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20);
+        }
+      else
+        {
+          log_assert (blob->keys[i].fprlen <= 20);
+          put_membuf (a, blob->keys[i].fpr, 20);
+          blob->keys[i].off_kid_addr = a->len;
+          put32 ( a, 0 ); /* offset to keyid, fixed up later */
+          put16 ( a, blob->keys[i].flags );
+          put16 ( a, 0 ); /* reserved */
+        }
     }
 
   put16 (a, blob->seriallen); /*fixme: check that it fits into 16 bits*/
@@ -593,11 +632,14 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
 
   /* space where we write keyIDs and other stuff so that the
      pointers can actually point to somewhere */
-  if (blobtype == KEYBOX_BLOBTYPE_PGP)
+  if (blobtype == KEYBOX_BLOBTYPE_PGP && !want_fpr32)
     {
-      /* We need to store the keyids for all pgp v3 keys because those key
-         IDs are not part of the fingerprint.  While we are doing that, we
-         fixup all the keyID offsets */
+      /* For version 1 blobs, we need to store the keyids for all v3
+       * keys because those key IDs are not part of the fingerprint.
+       * While we are doing that, we fixup all the keyID offsets.  For
+       * version 2 blobs (which can't carry v3 keys) we compute the
+       * keyids in the fly because they are just stripped down
+       * fingerprints.  */
       for (i=0; i < blob->nkeys; i++ )
         {
           if (blob->keys[i].off_kid)
@@ -616,7 +658,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
   if (blobtype == KEYBOX_BLOBTYPE_X509)
     {
       /* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
-         the utf-8 string represenation of them */
+         the utf-8 string representation of them */
       for (i=0; i < blob->nuids; i++ )
         {
           if (blob->uids[i].name)
@@ -648,7 +690,7 @@ create_blob_finish (KEYBOXBLOB blob)
   unsigned char *pp;
   size_t n;
 
-  /* Write a placeholder for the checksum */
+  /* Write placeholders for the checksum.  */
   put_membuf (a, NULL, 20);
 
   /* get the memory area */
@@ -684,7 +726,7 @@ create_blob_finish (KEYBOXBLOB blob)
   }
 
   /* Compute and store the SHA-1 checksum. */
-  gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 20);
+  gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 40);
 
   pp = xtrymalloc (n);
   if ( !pp )
@@ -711,9 +753,27 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
 {
   gpg_error_t err;
   KEYBOXBLOB blob;
+  int need_fpr32 = 0;
 
   *r_blob = NULL;
 
+
+  /* Check whether we need a blob with 32 bit fingerprints. We could
+   * use this always but for backward compatibility we do this only for
+   * v5 keys.  */
+  if (info->primary.version == 5)
+    need_fpr32 = 1;
+  else
+    {
+      struct _keybox_openpgp_key_info *kinfo;
+      for (kinfo = &info->subkeys; kinfo; kinfo = kinfo->next)
+        if (kinfo->version == 5)
+          {
+            need_fpr32 = 1;
+            break;
+          }
+    }
+
   blob = xtrycalloc (1, sizeof *blob);
   if (!blob)
     return gpg_error_from_syserror ();
@@ -756,7 +816,8 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
 
   init_membuf (&blob->bufbuf, 1024);
   blob->buf = &blob->bufbuf;
-  err = create_blob_header (blob, KEYBOX_BLOBTYPE_PGP, as_ephemeral);
+  err = create_blob_header (blob, KEYBOX_BLOBTYPE_PGP,
+                            as_ephemeral, need_fpr32);
   if (err)
     goto leave;
   err = pgp_create_blob_keyblock (blob, image, imagelen);
@@ -780,12 +841,10 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
 }
 
 
-#ifdef KEYBOX_WITH_X509
-
 /* Return an allocated string with the email address extracted from a
    DN.  Note hat we use this code also in ../sm/keylist.c.  */
-static char *
-x509_email_kludge (const char *name)
+char *
+_keybox_x509_email_kludge (const char *name)
 {
   const char *p, *string;
   unsigned char *buf;
@@ -826,6 +885,8 @@ x509_email_kludge (const char *name)
 
 
 
+#ifdef KEYBOX_WITH_X509
+
 /* Note: We should move calculation of the digest into libksba and
    remove that parameter */
 int
@@ -904,7 +965,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
           names = tmp;
         }
       names[blob->nuids++] = p;
-      if (!i && (p=x509_email_kludge (p)))
+      if (!i && (p=_keybox_x509_email_kludge (p)))
         names[blob->nuids++] = p; /* due to !i we don't need to check bounds*/
     }
 
@@ -943,7 +1004,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
   init_membuf (&blob->bufbuf, 1024);
   blob->buf = &blob->bufbuf;
   /* write out what we already have */
-  rc = create_blob_header (blob, KEYBOX_BLOBTYPE_X509, as_ephemeral);
+  rc = create_blob_header (blob, KEYBOX_BLOBTYPE_X509, as_ephemeral, 0);
   if (rc)
     goto leave;
   rc = x509_create_blob_cert (blob, cert);
@@ -1045,7 +1106,7 @@ _keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp)
     {
       u32 val = make_timestamp ();
 
-      /* Update the last maintenance run times tamp. */
+      /* Update the last maintenance run timestamp. */
       blob->blob[20]   = (val >> 24);
       blob->blob[20+1] = (val >> 16);
       blob->blob[20+2] = (val >>  8);
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 2751b4b..0af3aaf 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -99,10 +99,11 @@ struct _keybox_openpgp_key_info
 {
   struct _keybox_openpgp_key_info *next;
   int algo;
+  int version;
   unsigned char grip[20];
   unsigned char keyid[8];
-  int fprlen;  /* Either 16 or 20 */
-  unsigned char fpr[20];
+  int fprlen;  /* Either 16, 20 or 32 */
+  unsigned char fpr[32];
 };
 
 struct _keybox_openpgp_uid_info
@@ -148,6 +149,8 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
                                          const unsigned char *image,
                                          size_t imagelen,
                                          int as_ephemeral);
+char *_keybox_x509_email_kludge (const char *name);
+
 #ifdef KEYBOX_WITH_X509
 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
                               unsigned char *sha1_digest, int as_ephemeral);
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index c36f5be..f20001d 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -156,7 +156,7 @@ _keybox_write_blob (KEYBOXBLOB blob, estream_t fp, FILE *outfp)
 
 
 /* Write a fresh header type blob. */
-int
+gpg_error_t
 _keybox_write_header_blob (estream_t fp, int for_openpgp)
 {
   unsigned char image[32];
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index f07ba8d..48af5c7 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -261,28 +261,7 @@ _keybox_close_file (KEYBOX_HANDLE hd)
 }
 
 
-/* Close all the files associated with the resource identified by TOKEN.  */
-void
-keybox_close_all_files (void *token)
-{
-  KB_NAME resource = token;
-  KEYBOX_HANDLE roverhd;
-  int idx;
-
-  if (!resource)
-    return;
-
-  for (idx=0; idx < resource->handle_table_size; idx++)
-    if ((roverhd = resource->handle_table[idx]) && roverhd->fp)
-      {
-        es_fclose (roverhd->fp);
-        roverhd->fp = NULL;
-      }
-}
-
-
 /*
- * Lock the keybox at handle HD, or unlock if YES is false.
  * Lock the keybox at handle HD, or unlock if YES is false.  TIMEOUT
  * is the value used for dotlock_take.  In general -1 should be used
  * when taking a lock; use 0 when releasing a lock.
diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c
index 8ded683..f5bd1b6 100644
--- a/kbx/keybox-openpgp.c
+++ b/kbx/keybox-openpgp.c
@@ -273,14 +273,17 @@ parse_key (const unsigned char *data, size_t datalen,
   unsigned char hashbuffer[768];
   gcry_md_hd_t md;
   int is_ecc = 0;
+  int is_v5;
+  /* unsigned int pkbytes;  for v5: # of octets of the public key params.  */
   struct keyparm_s keyparm[OPENPGP_MAX_NPKEY];
   unsigned char *helpmpibuf[OPENPGP_MAX_NPKEY] = { NULL };
 
   if (datalen < 5)
     return gpg_error (GPG_ERR_INV_PACKET);
   version = *data++; datalen--;
-  if (version < 2 || version > 4 )
+  if (version < 2 || version > 5 )
     return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
+  is_v5 = version == 5;
 
   /*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/
   data +=4; datalen -=4;
@@ -296,6 +299,15 @@ parse_key (const unsigned char *data, size_t datalen,
     return gpg_error (GPG_ERR_INV_PACKET);
   algorithm = *data++; datalen--;
 
+  if (is_v5)
+    {
+      if (datalen < 4)
+        return gpg_error (GPG_ERR_INV_PACKET);
+      /* pkbytes = buf32_to_uint (data); */
+      data += 4;
+      datalen -= 4;
+    }
+
   switch (algorithm)
     {
     case PUBKEY_ALGO_RSA:
@@ -323,6 +335,7 @@ parse_key (const unsigned char *data, size_t datalen,
       return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
     }
 
+  ki->version = version;
   ki->algo = algorithm;
 
   for (i=0; i < npkey; i++ )
@@ -364,23 +377,24 @@ parse_key (const unsigned char *data, size_t datalen,
 
   /* Note: Starting here we need to jump to leave on error. */
 
-  /* Make sure the MPIs are unsigned.  */
-  for (i=0; i < npkey; i++)
-    {
-      if (!keyparm[i].len || (keyparm[i].mpi[0] & 0x80))
-        {
-          helpmpibuf[i] = xtrymalloc (1+keyparm[i].len);
-          if (!helpmpibuf[i])
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          helpmpibuf[i][0] = 0;
-          memcpy (helpmpibuf[i]+1, keyparm[i].mpi, keyparm[i].len);
-          keyparm[i].mpi = helpmpibuf[i];
-          keyparm[i].len++;
-        }
-    }
+  /* For non-ECC, make sure the MPIs are unsigned.  */
+  if (!is_ecc)
+    for (i=0; i < npkey; i++)
+      {
+        if (!keyparm[i].len || (keyparm[i].mpi[0] & 0x80))
+          {
+            helpmpibuf[i] = xtrymalloc (1+keyparm[i].len);
+            if (!helpmpibuf[i])
+              {
+                err = gpg_error_from_syserror ();
+                goto leave;
+              }
+            helpmpibuf[i][0] = 0;
+            memcpy (helpmpibuf[i]+1, keyparm[i].mpi, keyparm[i].len);
+            keyparm[i].mpi = helpmpibuf[i];
+            keyparm[i].len++;
+          }
+      }
 
   err = keygrip_from_keyparm (algorithm, keyparm, ki->grip);
   if (err)
@@ -419,29 +433,63 @@ parse_key (const unsigned char *data, size_t datalen,
          have a scatter-gather enabled hash function. What we do here
          is to use a static buffer if this one is large enough and
          only use the regular hash functions if this buffer is not
-         large enough. */
-      if ( 3 + n < sizeof hashbuffer )
+         large enough.
+         FIXME: Factor this out to a shared fingerprint function.
+       */
+      if (version == 5)
         {
-          hashbuffer[0] = 0x99;     /* CTB */
-          hashbuffer[1] = (n >> 8); /* 2 byte length header. */
-          hashbuffer[2] = n;
-          memcpy (hashbuffer + 3, data_start, n);
-          gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n);
+          if ( 5 + n < sizeof hashbuffer )
+            {
+              hashbuffer[0] = 0x9a;     /* CTB */
+              hashbuffer[1] = (n >> 24);/* 4 byte length header. */
+              hashbuffer[2] = (n >> 16);
+              hashbuffer[3] = (n >>  8);
+              hashbuffer[4] = (n      );
+              memcpy (hashbuffer + 5, data_start, n);
+              gcry_md_hash_buffer (GCRY_MD_SHA256, ki->fpr, hashbuffer, 5 + n);
+            }
+          else
+            {
+              err = gcry_md_open (&md, GCRY_MD_SHA256, 0);
+              if (err)
+                return err; /* Oops */
+              gcry_md_putc (md, 0x9a );     /* CTB */
+              gcry_md_putc (md, (n >> 24)); /* 4 byte length header. */
+              gcry_md_putc (md, (n >> 16));
+              gcry_md_putc (md, (n >>  8));
+              gcry_md_putc (md, (n      ));
+              gcry_md_write (md, data_start, n);
+              memcpy (ki->fpr, gcry_md_read (md, 0), 32);
+              gcry_md_close (md);
+            }
+          ki->fprlen = 32;
+          memcpy (ki->keyid, ki->fpr, 8);
         }
       else
         {
-          err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
-          if (err)
-            return err; /* Oops */
-          gcry_md_putc (md, 0x99 );     /* CTB */
-          gcry_md_putc (md, (n >> 8) ); /* 2 byte length header. */
-          gcry_md_putc (md, n );
-          gcry_md_write (md, data_start, n);
-          memcpy (ki->fpr, gcry_md_read (md, 0), 20);
-          gcry_md_close (md);
+          if ( 3 + n < sizeof hashbuffer )
+            {
+              hashbuffer[0] = 0x99;     /* CTB */
+              hashbuffer[1] = (n >> 8); /* 2 byte length header. */
+              hashbuffer[2] = (n     );
+              memcpy (hashbuffer + 3, data_start, n);
+              gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n);
+            }
+          else
+            {
+              err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
+              if (err)
+                return err; /* Oops */
+              gcry_md_putc (md, 0x99 );     /* CTB */
+              gcry_md_putc (md, (n >> 8));  /* 2 byte length header. */
+              gcry_md_putc (md, (n     ));
+              gcry_md_write (md, data_start, n);
+              memcpy (ki->fpr, gcry_md_read (md, 0), 20);
+              gcry_md_close (md);
+            }
+          ki->fprlen = 20;
+          memcpy (ki->keyid, ki->fpr+12, 8);
         }
-      ki->fprlen = 20;
-      memcpy (ki->keyid, ki->fpr+12, 8);
     }
 
  leave:
@@ -628,7 +676,7 @@ _keybox_destroy_openpgp_info (keybox_openpgp_info_t info)
   struct _keybox_openpgp_key_info *k, *k2;
   struct _keybox_openpgp_uid_info *u, *u2;
 
-  assert (!info->primary.next);
+  log_assert (!info->primary.next);
   for (k=info->subkeys.next; k; k = k2)
     {
       k2 = k->next;
diff --git a/kbx/keybox-search-desc.h b/kbx/keybox-search-desc.h
index 6298994..9a0df28 100644
--- a/kbx/keybox-search-desc.h
+++ b/kbx/keybox-search-desc.h
@@ -36,23 +36,32 @@ typedef enum {
   KEYDB_SEARCH_MODE_WORDS,
   KEYDB_SEARCH_MODE_SHORT_KID,
   KEYDB_SEARCH_MODE_LONG_KID,
-  KEYDB_SEARCH_MODE_FPR16,
-  KEYDB_SEARCH_MODE_FPR20,
-  KEYDB_SEARCH_MODE_FPR,
+  KEYDB_SEARCH_MODE_FPR,     /* (Length of fpr in .fprlen) */
   KEYDB_SEARCH_MODE_ISSUER,
   KEYDB_SEARCH_MODE_ISSUER_SN,
   KEYDB_SEARCH_MODE_SN,
   KEYDB_SEARCH_MODE_SUBJECT,
   KEYDB_SEARCH_MODE_KEYGRIP,
+  KEYDB_SEARCH_MODE_UBID,
   KEYDB_SEARCH_MODE_FIRST,
   KEYDB_SEARCH_MODE_NEXT
 } KeydbSearchMode;
 
 
-/* Forwward declaration.  See g10/packet.h.  */
+/* Identifiers for the public key types we use in GnuPG.  */
+enum pubkey_types
+  {
+   PUBKEY_TYPE_UNKNOWN = 0,
+   PUBKEY_TYPE_OPGP    = 1,
+   PUBKEY_TYPE_X509    = 2
+  };
+
+
+/* Forward declaration.  See g10/packet.h.  */
 struct gpg_pkt_user_id_s;
 typedef struct gpg_pkt_user_id_s *gpg_pkt_user_id_t;
 
+
 /* A search descriptor.  */
 struct keydb_search_desc
 {
@@ -66,13 +75,16 @@ struct keydb_search_desc
   int (*skipfnc)(void *, u32 *, int);
   void *skipfncvalue;
   const unsigned char *sn;
-  int snlen;  /* -1 := sn is a hex string */
+  unsigned short snlen;
   union {
     const char *name;
-    unsigned char fpr[24];
+    unsigned char fpr[32];
     u32 kid[2]; /* Note that this is in native endianness.  */
-    unsigned char grip[20];
+    unsigned char grip[KEYGRIP_LEN];
+    unsigned char ubid[UBID_LEN];
   } u;
+  byte snhex;   /* SN above is a hexstring and not binary.  */
+  byte fprlen;  /* Only used with KEYDB_SEARCH_MODE_FPR.  */
   int exact;    /* Use exactly this key ('!' suffix in gpg).  */
 };
 
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 263a166..5ff9111 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -66,18 +66,31 @@ blob_get_first_keyid (KEYBOXBLOB blob, u32 *kid)
 {
   const unsigned char *buffer;
   size_t length, nkeys, keyinfolen;
+  int fpr32;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 48)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
+  if (fpr32 && length < 56)
+    return 0; /* blob to short */
 
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18);
-  if (!nkeys || keyinfolen < 28)
+  if (!nkeys || keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
 
-  kid[0] = get32 (buffer + 32);
-  kid[1] = get32 (buffer + 36);
+  if (fpr32 && (get16 (buffer + 20 + 32) & 0x80))
+    {
+      /* 32 byte fingerprint.  */
+      kid[0] = get32 (buffer + 20);
+      kid[1] = get32 (buffer + 20 + 4);
+    }
+  else /* 20 byte fingerprint.  */
+    {
+      kid[0] = get32 (buffer + 20 + 12);
+      kid[1] = get32 (buffer + 20 + 16);
+    }
 
   return 1;
 }
@@ -229,22 +242,23 @@ blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
    For X.509 this is always 1, for OpenPGP this is 1 for the primary
    key and 2 and more for the subkeys.  */
 static int
-blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
+blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr, unsigned int fprlen)
 {
   const unsigned char *buffer;
   size_t length;
   size_t pos, off;
   size_t nkeys, keyinfolen;
-  int idx;
+  int idx, fpr32, storedfprlen;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 40)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
 
   /*keys*/
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18 );
-  if (keyinfolen < 28)
+  if (keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
   pos = 20;
   if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length)
@@ -253,12 +267,19 @@ blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
   for (idx=0; idx < nkeys; idx++)
     {
       off = pos + idx*keyinfolen;
-      if (!memcmp (buffer + off, fpr, 20))
+      if (fpr32)
+        storedfprlen = (get16 (buffer + off + 32) & 0x80)? 32:20;
+      else
+        storedfprlen = 20;
+      if (storedfprlen == fprlen
+          && !memcmp (buffer + off, fpr, storedfprlen))
         return idx+1; /* found */
     }
   return 0; /* not found */
 }
 
+
+/* Helper for has_short_kid and has_long_kid.  */
 static int
 blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
                    int fproff, int fprlen)
@@ -267,31 +288,69 @@ blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
   size_t length;
   size_t pos, off;
   size_t nkeys, keyinfolen;
-  int idx;
+  int idx, fpr32, storedfprlen;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 40)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
 
   /*keys*/
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18 );
-  if (keyinfolen < 28)
+  if (keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
   pos = 20;
   if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length)
     return 0; /* out of bounds */
 
+  if (fpr32)
+    fproff = 0; /* keyid are the high-order bits.  */
   for (idx=0; idx < nkeys; idx++)
     {
       off = pos + idx*keyinfolen;
-      if (!memcmp (buffer + off + fproff, fpr, fprlen))
+      if (fpr32)
+        storedfprlen = (get16 (buffer + off + 32) & 0x80)? 32:20;
+      else
+        storedfprlen = 20;
+      if ((fpr32 || storedfprlen == fproff + fprlen)
+          && !memcmp (buffer + off + fproff, fpr, fprlen))
         return idx+1; /* found */
     }
   return 0; /* not found */
 }
 
 
+/* Returns true if found.  */
+static int
+blob_cmp_ubid (KEYBOXBLOB blob, const unsigned char *ubid)
+{
+  const unsigned char *buffer;
+  size_t length;
+  size_t pos;
+  size_t nkeys, keyinfolen;
+  int fpr32;
+
+  buffer = _keybox_get_blob_image (blob, &length);
+  if (length < 40)
+    return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
+
+  /*keys*/
+  nkeys = get16 (buffer + 16);
+  keyinfolen = get16 (buffer + 18 );
+  if (!nkeys || keyinfolen < (fpr32?56:28))
+    return 0; /* invalid blob */
+  pos = 20;
+  if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length)
+    return 0; /* out of bounds */
+
+  if (!memcmp (buffer + pos, ubid, UBID_LEN))
+    return 1; /* found */
+  return 0;   /* not found */
+}
+
+
 static int
 blob_cmp_name (KEYBOXBLOB blob, int idx,
                const char *name, size_t namelen, int substr, int x509)
@@ -626,18 +685,44 @@ blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
 static inline int
 has_short_kid (KEYBOXBLOB blob, u32 lkid)
 {
+  const unsigned char *buffer;
+  size_t length;
+  int fpr32;
   unsigned char buf[4];
+
+  buffer = _keybox_get_blob_image (blob, &length);
+  if (length < 48)
+    return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
+  if (fpr32 && length < 56)
+    return 0; /* blob to short */
+
   buf[0] = lkid >> 24;
   buf[1] = lkid >> 16;
   buf[2] = lkid >> 8;
   buf[3] = lkid;
-  return blob_cmp_fpr_part (blob, buf, 16, 4);
+
+  if (fpr32)
+    return blob_cmp_fpr_part (blob, buf, 0, 4);
+  else
+    return blob_cmp_fpr_part (blob, buf, 16, 4);
 }
 
 static inline int
 has_long_kid (KEYBOXBLOB blob, u32 mkid, u32 lkid)
 {
+  const unsigned char *buffer;
+  size_t length;
+  int fpr32;
   unsigned char buf[8];
+
+  buffer = _keybox_get_blob_image (blob, &length);
+  if (length < 48)
+    return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
+  if (fpr32 && length < 56)
+    return 0; /* blob to short */
+
   buf[0] = mkid >> 24;
   buf[1] = mkid >> 16;
   buf[2] = mkid >> 8;
@@ -646,13 +731,17 @@ has_long_kid (KEYBOXBLOB blob, u32 mkid, u32 lkid)
   buf[5] = lkid >> 16;
   buf[6] = lkid >> 8;
   buf[7] = lkid;
-  return blob_cmp_fpr_part (blob, buf, 12, 8);
+
+  if (fpr32)
+    return blob_cmp_fpr_part (blob, buf, 0, 8);
+  else
+    return blob_cmp_fpr_part (blob, buf, 12, 8);
 }
 
 static inline int
-has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr)
+has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr, unsigned int fprlen)
 {
-  return blob_cmp_fpr (blob, fpr);
+  return blob_cmp_fpr (blob, fpr, fprlen);
 }
 
 static inline int
@@ -668,6 +757,15 @@ has_keygrip (KEYBOXBLOB blob, const unsigned char *grip)
 }
 
 
+/* The UBID is the primary fingerprint.  For OpenPGP v5 keys only the
+ * leftmost 20 bytes (UBID_LEN) are used.  */
+static inline int
+has_ubid (KEYBOXBLOB blob, const unsigned char *ubid)
+{
+  return blob_cmp_ubid (blob, ubid);
+}
+
+
 static inline int
 has_issuer (KEYBOXBLOB blob, const char *name)
 {
@@ -814,10 +912,6 @@ keybox_search_reset (KEYBOX_HANDLE hd)
 
   if (hd->fp)
     {
-#if HAVE_W32_SYSTEM
-      es_fclose (hd->fp);
-      hd->fp = NULL;
-#else
       if (es_fseeko (hd->fp, 0, SEEK_SET))
         {
           /* Ooops.  Seek did not work.  Close so that the search will
@@ -825,7 +919,6 @@ keybox_search_reset (KEYBOX_HANDLE hd)
           es_fclose (hd->fp);
           hd->fp = NULL;
         }
-#endif
     }
   hd->error = 0;
   hd->eof = 0;
@@ -854,7 +947,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  /* Clear last found result but reord the offset of the last found
+  /* Clear last found result but record the offset of the last found
    * blob which we may need later. */
   if (hd->found.blob)
     {
@@ -889,7 +982,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
 	}
       if (desc[n].skipfnc)
         any_skip = 1;
-      if (desc[n].snlen == -1 && !sn_array)
+      if (desc[n].snhex && !sn_array)
         {
           sn_array = xtrycalloc (ndesc, sizeof *sn_array);
           if (!sn_array)
@@ -949,12 +1042,12 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
         {
           if (!desc[n].sn)
             ;
-          else if (desc[n].snlen == -1)
+          else if (desc[n].snhex)
             {
               unsigned char *sn;
 
               s = desc[n].sn;
-              for (i=0; *s && *s != '/'; s++, i++)
+              for (i=0; *s && *s != '/' && i < desc[n].snlen; s++, i++)
                 ;
               odd = (i & 1);
               snlen = (i+1)/2;
@@ -1084,16 +1177,21 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
               if (pk_no)
                 goto found;
               break;
+
             case KEYDB_SEARCH_MODE_FPR:
-            case KEYDB_SEARCH_MODE_FPR20:
-              pk_no = has_fingerprint (blob, desc[n].u.fpr);
+              pk_no = has_fingerprint (blob, desc[n].u.fpr, desc[n].fprlen);
               if (pk_no)
                 goto found;
               break;
+
             case KEYDB_SEARCH_MODE_KEYGRIP:
               if (has_keygrip (blob, desc[n].u.grip))
                 goto found;
               break;
+            case KEYDB_SEARCH_MODE_UBID:
+              if (has_ubid (blob, desc[n].u.ubid))
+                goto found;
+              break;
             case KEYDB_SEARCH_MODE_FIRST:
               goto found;
               break;
@@ -1151,15 +1249,89 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
 
 
 /*
-   Functions to return a certificate or a keyblock.  To be used after
-   a successful search operation.
-*/
+ * Functions to return a certificate or a keyblock.  To be used after
+ * a successful search operation.
+ */
+
+/* Return the raw data from the last found blob.  Caller must release
+ * the value stored at R_BUFFER.  If called with NULL for R_BUFFER
+ * only the needed length for the buffer and the public key type is
+ * returned.  R_PUBKEY_TYPE and R_UBID can be used to return these
+ * attributes. */
+gpg_error_t
+keybox_get_data (KEYBOX_HANDLE hd, void **r_buffer, size_t *r_length,
+                 enum pubkey_types *r_pubkey_type, unsigned char *r_ubid)
+{
+  const unsigned char *buffer;
+  size_t length;
+  size_t image_off, image_len;
+
+  if (r_buffer)
+    *r_buffer = NULL;
+  if (r_length)
+    *r_length = 0;
+  if (r_pubkey_type)
+    *r_pubkey_type = PUBKEY_TYPE_UNKNOWN;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  if (!hd->found.blob)
+    return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+  switch (blob_get_type (hd->found.blob))
+    {
+    case KEYBOX_BLOBTYPE_PGP:
+      if (r_pubkey_type)
+        *r_pubkey_type = PUBKEY_TYPE_OPGP;
+      break;
+    case KEYBOX_BLOBTYPE_X509:
+      if (r_pubkey_type)
+        *r_pubkey_type = PUBKEY_TYPE_X509;
+      break;
+    default:
+      return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+    }
+
+  buffer = _keybox_get_blob_image (hd->found.blob, &length);
+  if (length < 40)
+    return gpg_error (GPG_ERR_TOO_SHORT);
+  image_off = get32 (buffer+8);
+  image_len = get32 (buffer+12);
+  if ((uint64_t)image_off+(uint64_t)image_len > (uint64_t)length)
+    return gpg_error (GPG_ERR_TOO_SHORT);
+
+  if (r_ubid)
+    {
+      size_t keyinfolen;
+
+      /* We do a quick but sufficient consistency check.  For the full
+       * check see blob_cmp_ubid.  */
+      if (!get16 (buffer + 16)         /* No keys.  */
+          || (keyinfolen = get16 (buffer + 18)) < 28
+          || (20 + (uint64_t)keyinfolen) > (uint64_t)length)
+        return gpg_error (GPG_ERR_TOO_SHORT);
+
+      memcpy (r_ubid, buffer + 20, UBID_LEN);
+    }
+
+  if (r_length)
+    *r_length = image_len;
+  if (r_buffer)
+    {
+      *r_buffer = xtrymalloc (image_len);
+      if (!*r_buffer)
+        return gpg_error_from_syserror ();
+      memcpy (*r_buffer, buffer + image_off, image_len);
+    }
+
+  return 0;
+}
 
 
 /* Return the last found keyblock.  Returns 0 on success and stores a
- * new iobuf at R_IOBUF.  R_UID_NO and R_PK_NO are used to retun the
- * number of the key or user id which was matched the search criteria;
- * if not known they are set to 0. */
+ * new iobuf at R_IOBUF.  R_UID_NO and R_PK_NO are used to return the
+ * index of the key or user id which matched the search criteria; if
+ * not known they are set to 0. */
 gpg_error_t
 keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
                      int *r_pk_no, int *r_uid_no)
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 6e45f3d..ddda52a 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -483,6 +483,17 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
   return rc;
 }
 
+int
+keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+                    unsigned char *sha1_digest)
+{
+  (void)hd;
+  (void)cert;
+  (void)sha1_digest;
+  return -1;
+}
+
+
 #endif /*KEYBOX_WITH_X509*/
 
 /* Note: We assume that the keybox has been locked before the current
diff --git a/kbx/keybox.h b/kbx/keybox.h
index f90ea1c..9bff271 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -70,8 +70,6 @@ int keybox_is_writable (void *token);
 
 KEYBOX_HANDLE keybox_new_openpgp (void *token, int secret);
 KEYBOX_HANDLE keybox_new_x509 (void *token, int secret);
-void keybox_close_all_files (void *token);
-
 void keybox_release (KEYBOX_HANDLE hd);
 void keybox_push_found_state (KEYBOX_HANDLE hd);
 void keybox_pop_found_state (KEYBOX_HANDLE hd);
@@ -83,11 +81,15 @@ gpg_error_t keybox_lock (KEYBOX_HANDLE hd, int yes, long timeout);
 /*-- keybox-file.c --*/
 /* Fixme: This function does not belong here: Provide a better
    interface to create a new keybox file.  */
-int _keybox_write_header_blob (estream_t fp, int openpgp_flag);
+gpg_error_t _keybox_write_header_blob (estream_t fp, int openpgp_flag);
 
 /*-- keybox-search.c --*/
+gpg_error_t keybox_get_data (KEYBOX_HANDLE hd,
+                             void **r_buffer, size_t *r_length,
+                             enum pubkey_types *r_pubkey_type,
+                             unsigned char *r_ubid);
 gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
-                                 int *r_uid_no, int *r_pk_no);
+                                 int *r_pk_no, int *r_uid_no);
 #ifdef KEYBOX_WITH_X509
 int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
 #endif /*KEYBOX_WITH_X509*/
@@ -111,6 +113,8 @@ gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd,
 #ifdef KEYBOX_WITH_X509
 int keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
                         unsigned char *sha1_digest);
+int keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+                        unsigned char *sha1_digest);
 #endif /*KEYBOX_WITH_X509*/
 int keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value);
 
diff --git a/g10/gpgv-w32info.rc b/kbx/keyboxd-w32info.rc
similarity index 82%
rename from g10/gpgv-w32info.rc
rename to kbx/keyboxd-w32info.rc
index 9182fa4..4217474 100644
--- a/g10/gpgv-w32info.rc
+++ b/kbx/keyboxd-w32info.rc
@@ -1,5 +1,5 @@
-/* gpgv-w32info.rc                                           -*- c -*-
- * Copyright (C) 2020 g10 Code GmbH
+/* keyboxd-w32info.rc                                        -*- c -*-
+ * Copyright (C) 2018 g10 Code GmbH
  *
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
@@ -32,9 +32,9 @@
     BEGIN
         BLOCK "040904b0"  /* US English (0409), Unicode (04b0) */
         BEGIN
-            VALUE "FileDescription", L"GnuPG\x2019s OpenPGP verify tool\0"
-            VALUE "InternalName", "gpgv\0"
-            VALUE "OriginalFilename", "gpgv.exe\0"
+            VALUE "FileDescription", L"GnuPG\x2019s public key daemon\0"
+            VALUE "InternalName", "keyboxd\0"
+            VALUE "OriginalFilename", "keyboxd.exe\0"
             VALUE "ProductName",    W32INFO_PRODUCTNAME
             VALUE "ProductVersion", W32INFO_PRODUCTVERSION
             VALUE "CompanyName", W32INFO_COMPANYNAME
@@ -48,5 +48,3 @@
       VALUE "Translation", 0x409, 0x4b0
     END
   END
-
-1 RT_MANIFEST "gpgv.w32-manifest"
diff --git a/kbx/keyboxd.c b/kbx/keyboxd.c
new file mode 100644
index 0000000..be9098c
--- /dev/null
+++ b/kbx/keyboxd.c
@@ -0,0 +1,1814 @@
+/* keyboxd.c  -  The GnuPG Keybox Daemon
+ * Copyright (C) 2000-2020 Free Software Foundation, Inc.
+ * Copyright (C) 2000-2019 Werner Koch
+ * Copyright (C) 2015-2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0+
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <time.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#ifdef HAVE_W32_SYSTEM
+# ifndef WINVER
+#  define WINVER 0x0500  /* Same as in common/sysutils.c */
+# endif
+# include <winsock2.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <sys/socket.h>
+# include <sys/un.h>
+#endif /*!HAVE_W32_SYSTEM*/
+#include <unistd.h>
+#ifdef HAVE_SIGNAL_H
+# include <signal.h>
+#endif
+#include <npth.h>
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#define GNUPG_COMMON_NEED_AFLOCAL
+#include "keyboxd.h"
+#include <assuan.h> /* Malloc hooks and socket wrappers. */
+
+#include "../common/i18n.h"
+#include "../common/sysutils.h"
+#include "../common/asshelp.h"
+#include "../common/init.h"
+#include "../common/gc-opt-flags.h"
+#include "../common/exechelp.h"
+#include "frontend.h"
+
+
+/* Urrgs: Put this into a separate header - but it needs assuan.h first.  */
+extern int kbxd_assuan_log_monitor (assuan_context_t ctx, unsigned int cat,
+                                    const char *msg);
+
+
+enum cmd_and_opt_values
+  {
+    aNull = 0,
+    oQuiet	  = 'q',
+    oVerbose	  = 'v',
+
+    oNoVerbose = 500,
+    aGPGConfList,
+    aGPGConfTest,
+    oOptions,
+    oDebug,
+    oDebugAll,
+    oDebugWait,
+    oNoGreeting,
+    oNoOptions,
+    oHomedir,
+    oNoDetach,
+    oLogFile,
+    oServer,
+    oDaemon,
+    oFakedSystemTime,
+    oListenBacklog,
+    oDisableCheckOwnSocket,
+
+    oDummy
+  };
+
+
+static gpgrt_opt_t opts[] = {
+  ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
+  ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
+
+  ARGPARSE_header (NULL, N_("Options used for startup")),
+
+  ARGPARSE_s_n (oDaemon,  "daemon", N_("run in daemon mode (background)")),
+  ARGPARSE_s_n (oServer,  "server", N_("run in server mode (foreground)")),
+  ARGPARSE_s_n (oNoDetach,  "no-detach", N_("do not detach from the console")),
+  ARGPARSE_s_s (oHomedir,    "homedir",      "@"),
+  ARGPARSE_conffile (oOptions, "options", N_("|FILE|read options from FILE")),
+
+  ARGPARSE_header ("Monitor", N_("Options controlling the diagnostic output")),
+
+  ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+  ARGPARSE_s_n (oQuiet,	  "quiet",     N_("be somewhat more quiet")),
+  ARGPARSE_s_s (oDebug,	    "debug",      "@"),
+  ARGPARSE_s_n (oDebugAll,  "debug-all",  "@"),
+  ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
+  ARGPARSE_s_s (oLogFile,   "log-file",  N_("use a log file for the server")),
+
+  ARGPARSE_header ("Configuration",
+                   N_("Options controlling the configuration")),
+
+  ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
+  ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
+  ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
+
+  ARGPARSE_end () /* End of list */
+};
+
+
+/* The list of supported debug flags.  */
+static struct debug_flags_s debug_flags [] =
+  {
+    { DBG_MPI_VALUE    , "mpi"     },
+    { DBG_CRYPTO_VALUE , "crypto"  },
+    { DBG_MEMORY_VALUE , "memory"  },
+    { DBG_CACHE_VALUE  , "cache"   },
+    { DBG_MEMSTAT_VALUE, "memstat" },
+    { DBG_HASHING_VALUE, "hashing" },
+    { DBG_IPC_VALUE    , "ipc"     },
+    { DBG_CLOCK_VALUE  , "clock"   },
+    { DBG_LOOKUP_VALUE , "lookup"  },
+    { 77, NULL } /* 77 := Do not exit on "help" or "?".  */
+  };
+
+/* The timer tick used for housekeeping stuff.  Note that on Windows
+ * we use a SetWaitableTimer seems to signal earlier than about 2
+ * seconds.  Thus we use 4 seconds on all platforms except for
+ * Windowsce.  CHECK_OWN_SOCKET_INTERVAL defines how often we check
+ * our own socket in standard socket mode.  If that value is 0 we
+ * don't check at all.  All values are in seconds. */
+#if defined(HAVE_W32CE_SYSTEM)
+# define TIMERTICK_INTERVAL         (60)
+# define CHECK_OWN_SOCKET_INTERVAL   (0)  /* Never */
+#else
+# define TIMERTICK_INTERVAL          (4)
+# define CHECK_OWN_SOCKET_INTERVAL  (60)
+#endif
+
+/* The list of open file descriptors at startup.  Note that this list
+ * has been allocated using the standard malloc.  */
+#ifndef HAVE_W32_SYSTEM
+static int *startup_fd_list;
+#endif
+
+/* The signal mask at startup and a flag telling whether it is valid.  */
+#ifdef HAVE_SIGPROCMASK
+static sigset_t startup_signal_mask;
+static int startup_signal_mask_valid;
+#endif
+
+/* Flag to indicate that a shutdown was requested.  */
+static int shutdown_pending;
+
+/* Counter for the currently running own socket checks.  */
+static int check_own_socket_running;
+
+/* Flag to indicate that we shall not watch our own socket. */
+static int disable_check_own_socket;
+
+/* Flag to inhibit socket removal in cleanup.  */
+static int inhibit_socket_removal;
+
+/* Name of the communication socket used for client requests.  */
+static char *socket_name;
+
+/* We need to keep track of the server's nonces (these are dummies for
+ * POSIX systems). */
+static assuan_sock_nonce_t socket_nonce;
+
+/* Value for the listen() backlog argument.  We use the same value for
+ * all sockets - 64 is on current Linux half of the default maximum.
+ * Let's try this as default.  Change at runtime with --listen-backlog.  */
+static int listen_backlog = 64;
+
+/* Name of a config file, which will be reread on a HUP if it is not NULL. */
+static char *config_filename;
+
+/* Keep track of the current log file so that we can avoid updating
+ * the log file after a SIGHUP if it didn't changed.  Malloced. */
+static char *current_logfile;
+
+/* This flag is true if the inotify mechanism for detecting the
+ * removal of the homedir is active.  This flag is used to disable the
+ * alternative but portable stat based check.  */
+static int have_homedir_inotify;
+
+/* Depending on how keyboxd was started, the homedir inotify watch may
+ * not be reliable.  This flag is set if we assume that inotify works
+ * reliable.  */
+static int reliable_homedir_inotify;
+
+/* Number of active connections.  */
+static int active_connections;
+
+/* This object is used to dispatch progress messages from Libgcrypt to
+ * the right thread.  Given that we will have at max only a few dozen
+ * connections at a time, using a linked list is the easiest way to
+ * handle this. */
+struct progress_dispatch_s
+{
+  struct progress_dispatch_s *next;
+  /* The control object of the connection.  If this is NULL no
+   * connection is associated with this item and it is free for reuse
+   * by new connections.  */
+  ctrl_t ctrl;
+
+  /* The thread id of (npth_self) of the connection.  */
+  npth_t tid;
+
+  /* The callback set by the connection.  This is similar to the
+   * Libgcrypt callback but with the control object passed as the
+   * first argument.  */
+  void (*cb)(ctrl_t ctrl,
+             const char *what, int printchar,
+             int current, int total);
+};
+struct progress_dispatch_s *progress_dispatch_list;
+
+
+
+
+/*
+ * Local prototypes.
+ */
+
+static char *create_socket_name (char *standard_name, int with_homedir);
+static gnupg_fd_t create_server_socket (char *name, int cygwin,
+                                        assuan_sock_nonce_t *nonce);
+static void create_directories (void);
+
+static void kbxd_libgcrypt_progress_cb (void *data, const char *what,
+                                        int printchar,
+                                        int current, int total);
+static void kbxd_init_default_ctrl (ctrl_t ctrl);
+static void kbxd_deinit_default_ctrl (ctrl_t ctrl);
+
+static void handle_connections (gnupg_fd_t listen_fd);
+static void check_own_socket (void);
+static int check_for_running_kbxd (int silent);
+
+/* Pth wrapper function definitions. */
+ASSUAN_SYSTEM_NPTH_IMPL;
+
+
+/*
+ * Functions.
+ */
+
+/* Allocate a string describing a library version by calling a GETFNC.
+ * This function is expected to be called only once.  GETFNC is
+ * expected to have a semantic like gcry_check_version ().  */
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+  return xstrconcat (libname, " ", getfnc (NULL), NULL);
+}
+
+
+/* Return strings describing this program.  The case values are
+ * described in Libgpg-error.  The values here override the default
+ * values given by strusage.  */
+static const char *
+my_strusage (int level)
+{
+  static char *ver_gcry;
+  const char *p;
+
+  switch (level)
+    {
+    case  9: p = "GPL-3.0-or-later"; break;
+    case 11: p = "keyboxd (@GNUPG@)";
+      break;
+    case 13: p = VERSION; break;
+    case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+      /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+         reporting address.  This is so that we can change the
+         reporting address without breaking the translations.  */
+    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+    case 20:
+      if (!ver_gcry)
+        ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+      p = ver_gcry;
+      break;
+
+    case 1:
+    case 40: p =  _("Usage: keyboxd [options] (-h for help)");
+      break;
+    case 41: p =  _("Syntax: keyboxd [options] [command [args]]\n"
+                    "Public key management for @GNUPG@\n");
+    break;
+
+    default: p = NULL;
+    }
+  return p;
+}
+
+
+
+/* Setup the debugging.  Note that we don't fail here, because it is
+ * important to keep keyboxd running even after re-reading the options
+ * due to a SIGHUP. */
+static void
+set_debug (void)
+{
+  if (opt.debug && !opt.verbose)
+    opt.verbose = 1;
+  if (opt.debug && opt.quiet)
+    opt.quiet = 0;
+
+  if (opt.debug & DBG_MPI_VALUE)
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+  if (opt.debug & DBG_CRYPTO_VALUE )
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+  gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+  if (opt.debug)
+    parse_debug_flag (NULL, &opt.debug, debug_flags);
+}
+
+
+/* Helper for cleanup to remove one socket with NAME.  */
+static void
+remove_socket (char *name)
+{
+  if (name && *name)
+    {
+      gnupg_remove (name);
+      *name = 0;
+    }
+}
+
+
+/* Cleanup code for this program.  This is either called has an atexit
+   handler or directly.  */
+static void
+cleanup (void)
+{
+  static int done;
+
+  if (done)
+    return;
+  done = 1;
+  if (!inhibit_socket_removal)
+    remove_socket (socket_name);
+}
+
+
+/* Handle options which are allowed to be reset after program start.
+ * Return true when the current option in PARGS could be handled and
+ * false if not.  As a special feature, passing a value of NULL for
+ * PARGS, resets the options to the default.  REREAD should be set
+ * true if it is not the initial option parsing. */
+static int
+parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
+{
+  if (!pargs)
+    { /* reset mode */
+      opt.quiet = 0;
+      opt.verbose = 0;
+      opt.debug = 0;
+      disable_check_own_socket = 0;
+      return 1;
+    }
+
+  switch (pargs->r_opt)
+    {
+    case oQuiet: opt.quiet = 1; break;
+    case oVerbose: opt.verbose++; break;
+
+    case oDebug:
+      parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
+      break;
+    case oDebugAll: opt.debug = ~0; break;
+
+    case oLogFile:
+      if (!reread)
+        return 0; /* not handled */
+      if (!current_logfile || !pargs->r.ret_str
+          || strcmp (current_logfile, pargs->r.ret_str))
+        {
+          log_set_file (pargs->r.ret_str);
+          xfree (current_logfile);
+          current_logfile = xtrystrdup (pargs->r.ret_str);
+        }
+      break;
+
+    case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
+
+    default:
+      return 0; /* not handled */
+    }
+
+  return 1; /* handled */
+}
+
+
+/* Fixup some options after all have been processed.  */
+static void
+finalize_rereadable_options (void)
+{
+}
+
+
+static void
+thread_init_once (void)
+{
+  static int npth_initialized = 0;
+
+  if (!npth_initialized)
+    {
+      npth_initialized++;
+      npth_init ();
+    }
+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
+  /* Now that we have set the syscall clamp we need to tell Libgcrypt
+   * that it should get them from libgpg-error.  Note that Libgcrypt
+   * has already been initialized but at that point nPth was not
+   * initialized and thus Libgcrypt could not set its system call
+   * clamp.  */
+  gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
+}
+
+
+static void
+initialize_modules (void)
+{
+  thread_init_once ();
+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
+}
+
+
+/* The main entry point.  */
+int
+main (int argc, char **argv )
+{
+  gpgrt_argparse_t pargs;
+  int orig_argc;
+  char **orig_argv;
+  char *last_configname = NULL;
+  char *configname = NULL;
+  int debug_argparser = 0;
+  int pipe_server = 0;
+  int is_daemon = 0;
+  int nodetach = 0;
+  char *logfile = NULL;
+  int gpgconf_list = 0;
+  int debug_wait = 0;
+  struct assuan_malloc_hooks malloc_hooks;
+
+  early_system_init ();
+
+  /* Before we do anything else we save the list of currently open
+   * file descriptors and the signal mask.  This info is required to
+   * do the exec call properly.  We don't need it on Windows.  */
+#ifndef HAVE_W32_SYSTEM
+  startup_fd_list = get_all_open_fds ();
+#endif /*!HAVE_W32_SYSTEM*/
+#ifdef HAVE_SIGPROCMASK
+  if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
+    startup_signal_mask_valid = 1;
+#endif /*HAVE_SIGPROCMASK*/
+
+  /* Set program name etc.  */
+  gpgrt_set_strusage (my_strusage);
+  log_set_prefix ("keyboxd", GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
+
+  /* Make sure that our subsystems are ready.  */
+  i18n_init ();
+  init_common_subsystems (&argc, &argv);
+  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+
+  malloc_hooks.malloc = gcry_malloc;
+  malloc_hooks.realloc = gcry_realloc;
+  malloc_hooks.free = gcry_free;
+  assuan_set_malloc_hooks (&malloc_hooks);
+  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+  assuan_sock_init ();
+  assuan_sock_set_system_hooks (ASSUAN_SYSTEM_NPTH);
+  setup_libassuan_logging (&opt.debug, kbxd_assuan_log_monitor);
+
+  setup_libgcrypt_logging ();
+  gcry_set_progress_handler (kbxd_libgcrypt_progress_cb, NULL);
+
+  /* Set default options.  */
+  parse_rereadable_options (NULL, 0); /* Reset them to default values. */
+
+  /* Check whether we have a config file on the commandline */
+  orig_argc = argc;
+  orig_argv = argv;
+  pargs.argc = &argc;
+  pargs.argv = &argv;
+  pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
+  while (gpgrt_argparse (NULL, &pargs, opts))
+    {
+      switch (pargs.r_opt)
+        {
+        case oDebug:
+        case oDebugAll:
+          debug_argparser++;
+          break;
+
+        case oHomedir:
+          gnupg_set_homedir (pargs.r.ret_str);
+          break;
+        }
+    }
+  /* Reset the flags.  */
+  pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
+
+  /* The configuraton directories for use by gpgrt_argparser.  */
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
+
+  argc = orig_argc;
+  argv = orig_argv;
+  pargs.argc = &argc;
+  pargs.argv = &argv;
+  pargs.flags |=  (ARGPARSE_FLAG_RESET
+                   | ARGPARSE_FLAG_KEEP
+                   | ARGPARSE_FLAG_SYS
+                   | ARGPARSE_FLAG_USER);
+
+  while (gpgrt_argparser (&pargs, opts, "keyboxd" EXTSEP_S "conf"))
+    {
+      if (pargs.r_opt == ARGPARSE_CONFFILE)
+        {
+          if (debug_argparser)
+            log_info (_("reading options from '%s'\n"),
+                      pargs.r_type? pargs.r.ret_str: "[cmdline]");
+          if (pargs.r_type)
+            {
+              xfree (last_configname);
+              last_configname = xstrdup (pargs.r.ret_str);
+              configname = last_configname;
+            }
+          else
+            configname = NULL;
+          continue;
+        }
+      if (parse_rereadable_options (&pargs, 0))
+        continue; /* Already handled */
+      switch (pargs.r_opt)
+        {
+        case aGPGConfList: gpgconf_list = 1; break;
+        case aGPGConfTest: gpgconf_list = 2; break;
+        case oDebugWait: debug_wait = pargs.r.ret_int; break;
+        case oNoGreeting: /* Dummy option.  */ break;
+        case oNoVerbose: opt.verbose = 0; break;
+        case oNoOptions: break; /* no-options */
+        case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
+        case oNoDetach: nodetach = 1; break;
+        case oLogFile: logfile = pargs.r.ret_str; break;
+        case oServer: pipe_server = 1; break;
+        case oDaemon: is_daemon = 1; break;
+        case oFakedSystemTime:
+          {
+            time_t faked_time = isotime2epoch (pargs.r.ret_str);
+            if (faked_time == (time_t)(-1))
+              faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
+            gnupg_set_time (faked_time, 0);
+          }
+          break;
+
+        case oListenBacklog:
+          listen_backlog = pargs.r.ret_int;
+          break;
+
+        default:
+          if (configname)
+            pargs.err = ARGPARSE_PRINT_WARNING;
+          else
+            pargs.err = ARGPARSE_PRINT_ERROR;
+          break;
+	}
+    }
+  gpgrt_argparse (NULL, &pargs, NULL);
+
+  if (!last_configname)
+    config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                             "keyboxd" EXTSEP_S "conf",
+                                             NULL);
+  else
+    {
+      config_filename = last_configname;
+      last_configname = NULL;
+    }
+
+
+  if (log_get_errorcount(0))
+    exit (2);
+
+  finalize_rereadable_options ();
+
+  /* Print a warning if an argument looks like an option.  */
+  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
+    {
+      int i;
+
+      for (i=0; i < argc; i++)
+        if (argv[i][0] == '-' && argv[i][1] == '-')
+          log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
+    }
+
+#ifdef ENABLE_NLS
+  /* keyboxd usually does not output any messages because it runs in
+   * the background.  For log files it is acceptable to have messages
+   * always encoded in utf-8.  We switch here to utf-8, so that
+   * commands like --help still give native messages.  It is far
+   * easier to switch only once instead of for every message and it
+   * actually helps when more then one thread is active (avoids an
+   * extra copy step). */
+  bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
+#endif
+
+  if (!pipe_server && !is_daemon && !gpgconf_list)
+    {
+     /* We have been called without any command and thus we merely
+      * check whether an instance of us is already running.  We do
+      * this right here so that we don't clobber a logfile with this
+      * check but print the status directly to stderr.  */
+      opt.debug = 0;
+      set_debug ();
+      check_for_running_kbxd (0);
+      kbxd_exit (0);
+    }
+
+  set_debug ();
+
+  if (atexit (cleanup))
+    {
+      log_error ("atexit failed\n");
+      cleanup ();
+      exit (1);
+    }
+
+  /* Try to create missing directories. */
+  create_directories ();
+
+  if (debug_wait && pipe_server)
+    {
+      thread_init_once ();
+      log_debug ("waiting for debugger - my pid is %u .....\n",
+                 (unsigned int)getpid());
+      gnupg_sleep (debug_wait);
+      log_debug ("... okay\n");
+    }
+
+  if (gpgconf_list == 2)
+    kbxd_exit (0);
+  else if (gpgconf_list)
+    {
+      kbxd_exit (0);
+    }
+
+  /* Now start with logging to a file if this is desired. */
+  if (logfile)
+    {
+      log_set_file (logfile);
+      log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+                             | GPGRT_LOG_WITH_TIME
+                             | GPGRT_LOG_WITH_PID));
+      current_logfile = xstrdup (logfile);
+    }
+
+  if (pipe_server)
+    {
+      /* This is the simple pipe based server */
+      ctrl_t ctrl;
+
+      initialize_modules ();
+
+      ctrl = xtrycalloc (1, sizeof *ctrl);
+      if (!ctrl)
+        {
+          log_error ("error allocating connection control data: %s\n",
+                     strerror (errno) );
+          kbxd_exit (1);
+        }
+      kbxd_init_default_ctrl (ctrl);
+
+      /* kbxd_set_database (ctrl, "pubring.kbx", 0); */
+      kbxd_set_database (ctrl, "pubring.db", 0);
+
+      kbxd_start_command_handler (ctrl, GNUPG_INVALID_FD, 0);
+      kbxd_deinit_default_ctrl (ctrl);
+      xfree (ctrl);
+    }
+  else if (!is_daemon)
+    ; /* NOTREACHED */
+  else
+    { /* Regular daemon mode.  */
+      gnupg_fd_t fd;
+#ifndef HAVE_W32_SYSTEM
+      pid_t pid;
+#endif
+
+      /* Create the sockets.  */
+      socket_name = create_socket_name (KEYBOXD_SOCK_NAME, 1);
+      fd = create_server_socket (socket_name, 0, &socket_nonce);
+
+      fflush (NULL);
+
+#ifdef HAVE_W32_SYSTEM
+
+      (void)nodetach;
+      initialize_modules ();
+
+#else /*!HAVE_W32_SYSTEM*/
+
+      pid = fork ();
+      if (pid == (pid_t)-1)
+        {
+          log_fatal ("fork failed: %s\n", strerror (errno) );
+          exit (1);
+        }
+      else if (pid)
+        { /* We are the parent */
+
+          /* Close the socket FD. */
+          close (fd);
+
+          /* The signal mask might not be correct right now and thus
+           * we restore it.  That is not strictly necessary but some
+           * programs falsely assume a cleared signal mask.  */
+
+#ifdef HAVE_SIGPROCMASK
+          if (startup_signal_mask_valid)
+            {
+              if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
+                log_error ("error restoring signal mask: %s\n",
+                           strerror (errno));
+            }
+          else
+            log_info ("no saved signal mask\n");
+#endif /*HAVE_SIGPROCMASK*/
+
+          *socket_name = 0; /* Don't let cleanup() remove the socket -
+                               the child should do this from now on */
+
+          exit (0);
+          /*NOTREACHED*/
+        } /* End parent */
+
+      /*
+       * This is the child
+       */
+
+      initialize_modules ();
+
+      /* Detach from tty and put process into a new session */
+      if (!nodetach)
+        {
+          int i;
+          unsigned int oldflags;
+
+          /* Close stdin, stdout and stderr unless it is the log stream */
+          for (i=0; i <= 2; i++)
+            {
+              if (!log_test_fd (i) && i != fd )
+                {
+                  if ( ! close (i)
+                       && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
+                    {
+                      log_error ("failed to open '%s': %s\n",
+                                 "/dev/null", strerror (errno));
+                      cleanup ();
+                      exit (1);
+                    }
+                }
+            }
+          if (setsid() == -1)
+            {
+              log_error ("setsid() failed: %s\n", strerror(errno) );
+              cleanup ();
+              exit (1);
+            }
+
+          log_get_prefix (&oldflags);
+          log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
+          opt.running_detached = 1;
+
+          /* Because we don't support running a program on the command
+           * line we can assume that the inotify things works and thus
+           * we can avoid the regular stat calls.  */
+          reliable_homedir_inotify = 1;
+        }
+
+      {
+        struct sigaction sa;
+
+        sa.sa_handler = SIG_IGN;
+        sigemptyset (&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction (SIGPIPE, &sa, NULL);
+      }
+#endif /*!HAVE_W32_SYSTEM*/
+
+      if (gnupg_chdir (gnupg_daemon_rootdir ()))
+        {
+          log_error ("chdir to '%s' failed: %s\n",
+                     gnupg_daemon_rootdir (), strerror (errno));
+          exit (1);
+        }
+
+      {
+        ctrl_t ctrl;
+
+        ctrl = xtrycalloc (1, sizeof *ctrl);
+        if (!ctrl)
+          {
+            log_error ("error allocating connection control data: %s\n",
+                       strerror (errno) );
+            kbxd_exit (1);
+          }
+        kbxd_init_default_ctrl (ctrl);
+        /* kbxd_set_database (ctrl, "pubring.kbx", 0); */
+        kbxd_set_database (ctrl, "pubring.db", 0);
+        kbxd_deinit_default_ctrl (ctrl);
+        xfree (ctrl);
+      }
+
+      log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13));
+      handle_connections (fd);
+      assuan_sock_close (fd);
+    }
+
+  return 0;
+}
+
+
+/* Exit entry point.  This function should be called instead of a
+   plain exit.  */
+void
+kbxd_exit (int rc)
+{
+  /* As usual we run our cleanup handler.  */
+  cleanup ();
+
+  /* at this time a bit annoying */
+  if ((opt.debug & DBG_MEMSTAT_VALUE))
+    gcry_control (GCRYCTL_DUMP_MEMORY_STATS );
+  rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+  exit (rc);
+}
+
+
+/* This is our callback function for gcrypt progress messages.  It is
+ * set once at startup and dispatches progress messages to the
+ * corresponding threads of ours.  */
+static void
+kbxd_libgcrypt_progress_cb (void *data, const char *what, int printchar,
+                            int current, int total)
+{
+  struct progress_dispatch_s *dispatch;
+  npth_t mytid = npth_self ();
+
+  (void)data;
+
+  for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
+    if (dispatch->ctrl && dispatch->tid == mytid)
+      break;
+  if (dispatch && dispatch->cb)
+    dispatch->cb (dispatch->ctrl, what, printchar, current, total);
+}
+
+
+/* If a progress dispatcher callback has been associated with the
+ * current connection unregister it.  */
+static void
+unregister_progress_cb (void)
+{
+  struct progress_dispatch_s *dispatch;
+  npth_t mytid = npth_self ();
+
+  for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
+    if (dispatch->ctrl && dispatch->tid == mytid)
+      break;
+  if (dispatch)
+    {
+      dispatch->ctrl = NULL;
+      dispatch->cb = NULL;
+    }
+}
+
+
+/* Setup a progress callback CB for the current connection.  Using a
+ * CB of NULL disables the callback.  */
+void
+kbxd_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
+                                 int printchar, int current, int total),
+                      ctrl_t ctrl)
+{
+  struct progress_dispatch_s *dispatch, *firstfree;
+  npth_t mytid = npth_self ();
+
+  firstfree = NULL;
+  for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
+    {
+      if (dispatch->ctrl && dispatch->tid == mytid)
+        break;
+      if (!dispatch->ctrl && !firstfree)
+        firstfree = dispatch;
+    }
+  if (!dispatch) /* None allocated: Reuse or allocate a new one.  */
+    {
+      if (firstfree)
+        {
+          dispatch = firstfree;
+        }
+      else if ((dispatch = xtrycalloc (1, sizeof *dispatch)))
+        {
+          dispatch->next = progress_dispatch_list;
+          progress_dispatch_list = dispatch;
+        }
+      else
+        {
+          log_error ("error allocating new progress dispatcher slot: %s\n",
+                     gpg_strerror (gpg_error_from_syserror ()));
+          return;
+        }
+      dispatch->ctrl = ctrl;
+      dispatch->tid = mytid;
+    }
+
+  dispatch->cb = cb;
+}
+
+
+/* Each thread has its own local variables conveyed by a control
+ * structure usually identified by an argument named CTRL.  This
+ * function is called immediately after allocating the control
+ * structure.  Its purpose is to setup the default values for that
+ * structure.  Note that some values may have already been set.  */
+static void
+kbxd_init_default_ctrl (ctrl_t ctrl)
+{
+  ctrl->magic = SERVER_CONTROL_MAGIC;
+}
+
+
+/* Release all resources allocated by default in the control
+   structure.  This is the counterpart to kbxd_init_default_ctrl.  */
+static void
+kbxd_deinit_default_ctrl (ctrl_t ctrl)
+{
+  if (!ctrl)
+    return;
+  kbxd_release_session_info (ctrl);
+  ctrl->magic = 0xdeadbeef;
+  unregister_progress_cb ();
+  xfree (ctrl->lc_messages);
+}
+
+
+/* Reread parts of the configuration.  Note, that this function is
+ * obviously not thread-safe and should only be called from the PTH
+ * signal handler.
+ *
+ * Fixme: Due to the way the argument parsing works, we create a
+ * memory leak here for all string type arguments.  There is currently
+ * no clean way to tell whether the memory for the argument has been
+ * allocated or points into the process's original arguments.  Unless
+ * we have a mechanism to tell this, we need to live on with this. */
+static void
+reread_configuration (void)
+{
+  gpgrt_argparse_t pargs;
+  char *twopart;
+  int dummy;
+
+  if (!config_filename)
+    return; /* No config file. */
+
+  twopart = strconcat ("keyboxd" EXTSEP_S "conf" PATHSEP_S,
+                       config_filename, NULL);
+  if (!twopart)
+    return;  /* Out of core.  */
+
+  parse_rereadable_options (NULL, 1); /* Start from the default values. */
+
+  memset (&pargs, 0, sizeof pargs);
+  dummy = 0;
+  pargs.argc = &dummy;
+  pargs.flags = (ARGPARSE_FLAG_KEEP
+                 |ARGPARSE_FLAG_SYS
+                 |ARGPARSE_FLAG_USER);
+  while (gpgrt_argparser (&pargs, opts, twopart))
+    {
+      if (pargs.r_opt == ARGPARSE_CONFFILE)
+        {
+          log_info (_("reading options from '%s'\n"),
+                    pargs.r_type? pargs.r.ret_str: "[cmdline]");
+        }
+      else if (pargs.r_opt < -1)
+        pargs.err = ARGPARSE_PRINT_WARNING;
+      else /* Try to parse this option - ignore unchangeable ones. */
+        parse_rereadable_options (&pargs, 1);
+    }
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  xfree (twopart);
+  finalize_rereadable_options ();
+  set_debug ();
+}
+
+
+/* Return the file name of the socket we are using for requests.  */
+const char *
+get_kbxd_socket_name (void)
+{
+  const char *s = socket_name;
+
+  return (s && *s)? s : NULL;
+}
+
+
+/* Return the number of active connections. */
+int
+get_kbxd_active_connection_count (void)
+{
+  return active_connections;
+}
+
+
+/* Create a name for the socket in the home directory as using
+ * STANDARD_NAME.  We also check for valid characters as well as
+ * against a maximum allowed length for a Unix domain socket is done.
+ * The function terminates the process in case of an error.  The
+ * function returns a pointer to an allocated string with the absolute
+ * name of the socket used.  */
+static char *
+create_socket_name (char *standard_name, int with_homedir)
+{
+  char *name;
+
+  if (with_homedir)
+    name = make_filename (gnupg_socketdir (), standard_name, NULL);
+  else
+    name = make_filename (standard_name, NULL);
+  if (strchr (name, PATHSEP_C))
+    {
+      log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
+      kbxd_exit (2);
+    }
+  return name;
+}
+
+
+
+/* Create a Unix domain socket with NAME.  Returns the file descriptor
+ * or terminates the process in case of an error.  If CYGWIN is set a
+ * Cygwin compatible socket is created (Windows only). */
+static gnupg_fd_t
+create_server_socket (char *name, int cygwin, assuan_sock_nonce_t *nonce)
+{
+  struct sockaddr *addr;
+  struct sockaddr_un *unaddr;
+  socklen_t len;
+  gnupg_fd_t fd;
+  int rc;
+
+  fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
+  if (fd == ASSUAN_INVALID_FD)
+    {
+      log_error (_("can't create socket: %s\n"), strerror (errno));
+      *name = 0; /* Inhibit removal of the socket by cleanup(). */
+      kbxd_exit (2);
+    }
+
+  if (cygwin)
+    assuan_sock_set_flag (fd, "cygwin", 1);
+
+  unaddr = xmalloc (sizeof *unaddr);
+  addr = (struct sockaddr*)unaddr;
+
+  if (assuan_sock_set_sockaddr_un (name, addr, NULL))
+    {
+      if (errno == ENAMETOOLONG)
+        log_error (_("socket name '%s' is too long\n"), name);
+      else
+        log_error ("error preparing socket '%s': %s\n",
+                   name, gpg_strerror (gpg_error_from_syserror ()));
+      *name = 0; /* Inhibit removal of the socket by cleanup(). */
+      xfree (unaddr);
+      kbxd_exit (2);
+    }
+
+  len = SUN_LEN (unaddr);
+  rc = assuan_sock_bind (fd, addr, len);
+
+  /* Our error code mapping on W32CE returns EEXIST thus we also test
+     for this. */
+  if (rc == -1
+      && (errno == EADDRINUSE
+#ifdef HAVE_W32_SYSTEM
+          || errno == EEXIST
+#endif
+          ))
+    {
+      /* Check whether a keyboxd is already running.  */
+      if (!check_for_running_kbxd (1))
+        {
+          log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
+          log_set_file (NULL);
+          log_error (_("a keyboxd is already running - "
+                       "not starting a new one\n"));
+          *name = 0; /* Inhibit removal of the socket by cleanup(). */
+          assuan_sock_close (fd);
+          xfree (unaddr);
+          kbxd_exit (2);
+        }
+      gnupg_remove (unaddr->sun_path);
+      rc = assuan_sock_bind (fd, addr, len);
+    }
+  if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce)))
+    log_error (_("error getting nonce for the socket\n"));
+  if (rc == -1)
+    {
+      /* We use gpg_strerror here because it allows us to get strings
+         for some W32 socket error codes.  */
+      log_error (_("error binding socket to '%s': %s\n"),
+                 unaddr->sun_path, gpg_strerror (gpg_error_from_syserror ()));
+
+      assuan_sock_close (fd);
+      *name = 0; /* Inhibit removal of the socket by cleanup(). */
+      xfree (unaddr);
+      kbxd_exit (2);
+    }
+
+  if (gnupg_chmod (unaddr->sun_path, "-rwx"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               unaddr->sun_path, strerror (errno));
+
+  if (listen (FD2INT(fd), listen_backlog ) == -1)
+    {
+      log_error ("listen(fd,%d) failed: %s\n", listen_backlog, strerror (errno));
+      *name = 0; /* Inhibit removal of the socket by cleanup(). */
+      assuan_sock_close (fd);
+      xfree (unaddr);
+      kbxd_exit (2);
+    }
+
+  if (opt.verbose)
+    log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
+
+  xfree (unaddr);
+  return fd;
+}
+
+
+/* Check that the directory for storing the public keys exists and
+ * create it if not.  This function won't fail as it is only a
+ * convenience function and not strictly necessary.  */
+static void
+create_public_keys_directory (const char *home)
+{
+  char *fname;
+  struct stat statbuf;
+
+  fname = make_filename (home, GNUPG_PUBLIC_KEYS_DIR, NULL);
+  if (gnupg_stat (fname, &statbuf) && errno == ENOENT)
+    {
+      if (gnupg_mkdir (fname, "-rwxr-x"))
+        log_error (_("can't create directory '%s': %s\n"),
+                   fname, strerror (errno) );
+      else if (!opt.quiet)
+        log_info (_("directory '%s' created\n"), fname);
+    }
+  if (gnupg_chmod (fname, "-rwxr-x"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               fname, strerror (errno));
+  xfree (fname);
+}
+
+
+/* Create the directory only if the supplied directory name is the
+ * same as the default one.  This way we avoid to create arbitrary
+ * directories when a non-default home directory is used.  To cope
+ * with HOME, we compare only the suffix if we see that the default
+ * homedir does start with a tilde.  We don't stop here in case of
+ * problems because other functions will throw an error anyway.*/
+static void
+create_directories (void)
+{
+  struct stat statbuf;
+  const char *defhome = standard_homedir ();
+  char *home;
+
+  home = make_filename (gnupg_homedir (), NULL);
+  if (gnupg_stat (home, &statbuf))
+    {
+      if (errno == ENOENT)
+        {
+          if (
+#ifdef HAVE_W32_SYSTEM
+              ( !compare_filenames (home, defhome) )
+#else
+              (*defhome == '~'
+                && (strlen (home) >= strlen (defhome+1)
+                    && !strcmp (home + strlen(home)
+                                - strlen (defhome+1), defhome+1)))
+               || (*defhome != '~' && !strcmp (home, defhome) )
+#endif
+               )
+            {
+              if (gnupg_mkdir (home, "-rwx"))
+                log_error (_("can't create directory '%s': %s\n"),
+                           home, strerror (errno) );
+              else
+                {
+                  if (!opt.quiet)
+                    log_info (_("directory '%s' created\n"), home);
+                }
+            }
+        }
+      else
+        log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno));
+    }
+  else if ( !S_ISDIR(statbuf.st_mode))
+    {
+      log_error (_("can't use '%s' as home directory\n"), home);
+    }
+  else /* exists and is a directory. */
+    {
+      create_public_keys_directory (home);
+    }
+  xfree (home);
+}
+
+
+
+/* This is the worker for the ticker.  It is called every few seconds
+ * and may only do fast operations. */
+static void
+handle_tick (void)
+{
+  static time_t last_minute;
+  struct stat statbuf;
+
+  if (!last_minute)
+    last_minute = time (NULL);
+
+  /* Code to be run from time to time.  */
+#if CHECK_OWN_SOCKET_INTERVAL > 0
+  if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL))
+    {
+      check_own_socket ();
+      last_minute = time (NULL);
+    }
+#endif
+
+
+  /* Check whether the homedir is still available.  */
+  if (!shutdown_pending
+      && (!have_homedir_inotify || !reliable_homedir_inotify)
+      && gnupg_stat (gnupg_homedir (), &statbuf) && errno == ENOENT)
+    {
+      shutdown_pending = 1;
+      log_info ("homedir has been removed - shutting down\n");
+    }
+}
+
+
+/* A global function which allows us to call the reload stuff from
+ * other places too.  This is only used when build for W32.  */
+void
+kbxd_sighup_action (void)
+{
+  log_info ("SIGHUP received - "
+            "re-reading configuration and flushing cache\n");
+
+  reread_configuration ();
+}
+
+
+/* A helper function to handle SIGUSR2.  */
+static void
+kbxd_sigusr2_action (void)
+{
+  if (opt.verbose)
+    log_info ("SIGUSR2 received - no action\n");
+  /* Nothing to do right now.  */
+}
+
+
+#ifndef HAVE_W32_SYSTEM
+/* The signal handler for this program.  It is expected to be run in
+ * its own thread and not in the context of a signal handler.  */
+static void
+handle_signal (int signo)
+{
+  switch (signo)
+    {
+    case SIGHUP:
+      kbxd_sighup_action ();
+      break;
+
+    case SIGUSR1:
+      log_info ("SIGUSR1 received - printing internal information:\n");
+      /* Fixme: We need to see how to integrate pth dumping into our
+         logging system.  */
+      /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
+      break;
+
+    case SIGUSR2:
+      kbxd_sigusr2_action ();
+      break;
+
+    case SIGTERM:
+      if (!shutdown_pending)
+        log_info ("SIGTERM received - shutting down ...\n");
+      else
+        log_info ("SIGTERM received - still %i open connections\n",
+		  active_connections);
+      shutdown_pending++;
+      if (shutdown_pending > 2)
+        {
+          log_info ("shutdown forced\n");
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13) );
+          cleanup ();
+          kbxd_exit (0);
+	}
+      break;
+
+    case SIGINT:
+      log_info ("SIGINT received - immediate shutdown\n");
+      log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
+      cleanup ();
+      kbxd_exit (0);
+      break;
+
+    default:
+      log_info ("signal %d received - no action defined\n", signo);
+    }
+}
+#endif
+
+/* Check the nonce on a new connection.  This is a NOP unless we
+   are using our Unix domain socket emulation under Windows.  */
+static int
+check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
+{
+  if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
+    {
+      log_info (_("error reading nonce on fd %d: %s\n"),
+                FD2INT(ctrl->thread_startup.fd), strerror (errno));
+      assuan_sock_close (ctrl->thread_startup.fd);
+      xfree (ctrl);
+      return -1;
+    }
+  else
+    return 0;
+}
+
+
+static void *
+do_start_connection_thread (ctrl_t ctrl)
+{
+  static unsigned int last_session_id;
+  unsigned int session_id;
+
+  active_connections++;
+  kbxd_init_default_ctrl (ctrl);
+  if (opt.verbose && !DBG_IPC)
+    log_info (_("handler 0x%lx for fd %d started\n"),
+              (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
+
+  session_id = ++last_session_id;
+  if (!session_id)
+    session_id = ++last_session_id;
+  kbxd_start_command_handler (ctrl, ctrl->thread_startup.fd, session_id);
+  if (opt.verbose && !DBG_IPC)
+    log_info (_("handler 0x%lx for fd %d terminated\n"),
+              (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
+
+  kbxd_deinit_default_ctrl (ctrl);
+  xfree (ctrl);
+  active_connections--;
+  return NULL;
+}
+
+
+/* This is the standard connection thread's main function.  */
+static void *
+start_connection_thread (void *arg)
+{
+  ctrl_t ctrl = arg;
+
+  if (check_nonce (ctrl, &socket_nonce))
+    {
+      log_error ("handler 0x%lx nonce check FAILED\n",
+                 (unsigned long) npth_self());
+      return NULL;
+    }
+
+  return do_start_connection_thread (ctrl);
+}
+
+
+/* Connection handler loop.  Wait for connection requests and spawn a
+ * thread after accepting a connection.  */
+static void
+handle_connections (gnupg_fd_t listen_fd)
+{
+  gpg_error_t err;
+  npth_attr_t tattr;
+  struct sockaddr_un paddr;
+  socklen_t plen;
+  fd_set fdset, read_fdset;
+  int ret;
+  gnupg_fd_t fd;
+  int nfd;
+  int saved_errno;
+  struct timespec abstime;
+  struct timespec curtime;
+  struct timespec timeout;
+#ifdef HAVE_W32_SYSTEM
+  HANDLE events[2];
+  unsigned int events_set;
+#endif
+  int sock_inotify_fd = -1;
+  int home_inotify_fd = -1;
+  struct {
+    const char *name;
+    void *(*func) (void *arg);
+    gnupg_fd_t l_fd;
+  } listentbl[] = {
+    { "std",     start_connection_thread },
+  };
+
+
+  ret = npth_attr_init(&tattr);
+  if (ret)
+    log_fatal ("error allocating thread attributes: %s\n", strerror (ret));
+  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+
+#ifndef HAVE_W32_SYSTEM
+  npth_sigev_init ();
+  npth_sigev_add (SIGHUP);
+  npth_sigev_add (SIGUSR1);
+  npth_sigev_add (SIGUSR2);
+  npth_sigev_add (SIGINT);
+  npth_sigev_add (SIGTERM);
+  npth_sigev_fini ();
+#else
+# ifdef HAVE_W32CE_SYSTEM
+  /* Use a dummy event. */
+  sigs = 0;
+  ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+# else
+  events[0] = INVALID_HANDLE_VALUE;
+# endif
+#endif
+
+  if (disable_check_own_socket)
+    sock_inotify_fd = -1;
+  else if ((err = gnupg_inotify_watch_socket (&sock_inotify_fd, socket_name)))
+    {
+      if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+        log_info ("error enabling daemon termination by socket removal: %s\n",
+                  gpg_strerror (err));
+    }
+
+  if (disable_check_own_socket)
+    home_inotify_fd = -1;
+  else if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd,
+                                                   gnupg_homedir ())))
+    {
+      if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+        log_info ("error enabling daemon termination by homedir removal: %s\n",
+                  gpg_strerror (err));
+    }
+  else
+    have_homedir_inotify = 1;
+
+  FD_ZERO (&fdset);
+  FD_SET (FD2INT (listen_fd), &fdset);
+  nfd = FD2INT (listen_fd);
+  if (sock_inotify_fd != -1)
+    {
+      FD_SET (sock_inotify_fd, &fdset);
+      if (sock_inotify_fd > nfd)
+        nfd = sock_inotify_fd;
+    }
+  if (home_inotify_fd != -1)
+    {
+      FD_SET (home_inotify_fd, &fdset);
+      if (home_inotify_fd > nfd)
+        nfd = home_inotify_fd;
+    }
+
+  listentbl[0].l_fd = listen_fd;
+
+  npth_clock_gettime (&abstime);
+  abstime.tv_sec += TIMERTICK_INTERVAL;
+
+  for (;;)
+    {
+      /* Shutdown test.  */
+      if (shutdown_pending)
+        {
+          if (!active_connections)
+            break; /* ready */
+
+          /* Do not accept new connections but keep on running the
+           * loop to cope with the timer events.
+           *
+           * Note that we do not close the listening socket because a
+           * client trying to connect to that socket would instead
+           * restart a new keyboxd instance - which is unlikely the
+           * intention of a shutdown. */
+          FD_ZERO (&fdset);
+          nfd = -1;
+          if (sock_inotify_fd != -1)
+            {
+              FD_SET (sock_inotify_fd, &fdset);
+              nfd = sock_inotify_fd;
+            }
+          if (home_inotify_fd != -1)
+            {
+              FD_SET (home_inotify_fd, &fdset);
+              if (home_inotify_fd > nfd)
+                nfd = home_inotify_fd;
+            }
+	}
+
+      read_fdset = fdset;
+
+      npth_clock_gettime (&curtime);
+      if (!(npth_timercmp (&curtime, &abstime, <)))
+	{
+	  /* Timeout.  */
+	  handle_tick ();
+	  npth_clock_gettime (&abstime);
+	  abstime.tv_sec += TIMERTICK_INTERVAL;
+	}
+      npth_timersub (&abstime, &curtime, &timeout);
+
+#ifndef HAVE_W32_SYSTEM
+      ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
+                          npth_sigev_sigmask ());
+      saved_errno = errno;
+
+      {
+        int signo;
+        while (npth_sigev_get_pending (&signo))
+          handle_signal (signo);
+      }
+#else
+      ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
+                          events, &events_set);
+      saved_errno = errno;
+
+      /* This is valid even if npth_eselect returns an error.  */
+      if ((events_set & 1))
+	kbxd_sigusr2_action ();
+#endif
+
+      if (ret == -1 && saved_errno != EINTR)
+	{
+          log_error (_("npth_pselect failed: %s - waiting 1s\n"),
+                     strerror (saved_errno));
+          npth_sleep (1);
+          continue;
+	}
+      if (ret <= 0)
+        {
+          /* Interrupt or timeout.  Will be handled when calculating the
+           * next timeout.  */
+          continue;
+        }
+
+      /* The inotify fds are set even when a shutdown is pending (see
+       * above).  So we must handle them in any case.  To avoid that
+       * they trigger a second time we close them immediately.  */
+      if (sock_inotify_fd != -1
+          && FD_ISSET (sock_inotify_fd, &read_fdset)
+          && gnupg_inotify_has_name (sock_inotify_fd, KEYBOXD_SOCK_NAME))
+        {
+          shutdown_pending = 1;
+          close (sock_inotify_fd);
+          sock_inotify_fd = -1;
+          log_info ("socket file has been removed - shutting down\n");
+        }
+
+      if (home_inotify_fd != -1
+          && FD_ISSET (home_inotify_fd, &read_fdset))
+        {
+          shutdown_pending = 1;
+          close (home_inotify_fd);
+          home_inotify_fd = -1;
+          log_info ("homedir has been removed - shutting down\n");
+        }
+
+      if (!shutdown_pending)
+        {
+          int idx;
+          ctrl_t ctrl;
+          npth_t thread;
+
+          for (idx=0; idx < DIM(listentbl); idx++)
+            {
+              if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
+                continue;
+              if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset))
+                continue;
+
+              plen = sizeof paddr;
+              fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd),
+                                        (struct sockaddr *)&paddr, &plen));
+              if (fd == GNUPG_INVALID_FD)
+                {
+                  log_error ("accept failed for %s: %s\n",
+                             listentbl[idx].name, strerror (errno));
+                }
+              else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)))
+                {
+                  log_error ("error allocating connection data for %s: %s\n",
+                             listentbl[idx].name, strerror (errno) );
+                  assuan_sock_close (fd);
+                }
+              else
+                {
+                  ctrl->thread_startup.fd = fd;
+                  ret = npth_create (&thread, &tattr,
+                                     listentbl[idx].func, ctrl);
+                  if (ret)
+                    {
+                      log_error ("error spawning connection handler for %s:"
+                                 " %s\n", listentbl[idx].name, strerror (ret));
+                      assuan_sock_close (fd);
+                      xfree (ctrl);
+                    }
+                }
+            }
+        }
+    }
+
+  if (sock_inotify_fd != -1)
+    close (sock_inotify_fd);
+  if (home_inotify_fd != -1)
+    close (home_inotify_fd);
+  cleanup ();
+  log_info (_("%s %s stopped\n"), gpgrt_strusage(11), gpgrt_strusage(13));
+  npth_attr_destroy (&tattr);
+}
+
+
+
+/* Helper for check_own_socket.  */
+static gpg_error_t
+check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
+{
+  membuf_t *mb = opaque;
+  put_membuf (mb, buffer, length);
+  return 0;
+}
+
+
+/* The thread running the actual check.  We need to run this in a
+ * separate thread so that check_own_thread can be called from the
+ * timer tick.  */
+static void *
+check_own_socket_thread (void *arg)
+{
+  int rc;
+  char *sockname = arg;
+  assuan_context_t ctx = NULL;
+  membuf_t mb;
+  char *buffer;
+
+  check_own_socket_running++;
+
+  rc = assuan_new (&ctx);
+  if (rc)
+    {
+      log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+      goto leave;
+    }
+  assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
+
+  rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
+  if (rc)
+    {
+      log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
+      goto leave;
+    }
+
+  init_membuf (&mb, 100);
+  rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
+                        NULL, NULL, NULL, NULL);
+  put_membuf (&mb, "", 1);
+  buffer = get_membuf (&mb, NULL);
+  if (rc || !buffer)
+    {
+      log_error ("sending command \"%s\" to my own socket failed: %s\n",
+                 "GETINFO pid", gpg_strerror (rc));
+      rc = 1;
+    }
+  else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
+    {
+      log_error ("socket is now serviced by another server\n");
+      rc = 1;
+    }
+  else if (opt.verbose > 1)
+    log_error ("socket is still served by this server\n");
+
+  xfree (buffer);
+
+ leave:
+  xfree (sockname);
+  if (ctx)
+    assuan_release (ctx);
+  if (rc)
+    {
+      /* We may not remove the socket as it is now in use by another
+       * server. */
+      inhibit_socket_removal = 1;
+      shutdown_pending = 2;
+      log_info ("this process is useless - shutting down\n");
+    }
+  check_own_socket_running--;
+  return NULL;
+}
+
+
+/* Check whether we are still listening on our own socket.  In case
+ * another keyboxd process started after us has taken ownership of our
+ * socket, we would linger around without any real task.  Thus we
+ * better check once in a while whether we are really needed.  */
+static void
+check_own_socket (void)
+{
+  char *sockname;
+  npth_t thread;
+  npth_attr_t tattr;
+  int err;
+
+  if (disable_check_own_socket)
+    return;
+
+  if (check_own_socket_running || shutdown_pending)
+    return;  /* Still running or already shutting down.  */
+
+  sockname = make_filename_try (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL);
+  if (!sockname)
+    return; /* Out of memory.  */
+
+  err = npth_attr_init (&tattr);
+  if (err)
+    return;
+  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+  err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
+  if (err)
+    log_error ("error spawning check_own_socket_thread: %s\n", strerror (err));
+  npth_attr_destroy (&tattr);
+}
+
+
+
+/* Figure out whether a keyboxd is available and running.  Prints an
+ * error if not.  If SILENT is true, no messages are printed.  Returns
+ * 0 if the agent is running. */
+static int
+check_for_running_kbxd (int silent)
+{
+  gpg_error_t err;
+  char *sockname;
+  assuan_context_t ctx = NULL;
+
+  sockname = make_filename_try (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL);
+  if (!sockname)
+    return gpg_error_from_syserror ();
+
+  err = assuan_new (&ctx);
+  if (!err)
+    err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
+  xfree (sockname);
+  if (err)
+    {
+      if (!silent)
+        log_error (_("no keyboxd running in this session\n"));
+
+      if (ctx)
+	assuan_release (ctx);
+      return -1;
+    }
+
+  if (!opt.quiet && !silent)
+    log_info ("keyboxd running and available\n");
+
+  assuan_release (ctx);
+  return 0;
+}
diff --git a/kbx/keyboxd.h b/kbx/keyboxd.h
new file mode 100644
index 0000000..3a80f9b
--- /dev/null
+++ b/kbx/keyboxd.h
@@ -0,0 +1,178 @@
+/* keyboxd.h - Global definitions for keyboxd
+ * Copyright (C) 2018 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEYBOXD_H
+#define KEYBOXD_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_KEYBOX
+#include <gpg-error.h>
+
+#include <gcrypt.h>
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "../common/sysutils.h" /* (gnupg_fd_t) */
+
+
+/* A large struct name "opt" to keep global flags */
+EXTERN_UNLESS_MAIN_MODULE
+struct
+{
+  unsigned int debug;  /* Debug flags (DBG_foo_VALUE) */
+  int verbose;         /* Verbosity level */
+  int quiet;           /* Be as quiet as possible */
+  int dry_run;         /* Don't change any persistent data */
+  /* True if we are running detached from the tty. */
+  int running_detached;
+
+  /*
+   * Global state variables.
+   */
+
+  /* Whether a global transaction has been requested along with the
+   * caller's pid and whether a transaction is active.  */
+  pid_t transaction_pid;
+  unsigned int in_transaction : 1;
+  unsigned int active_transaction : 1;
+} opt;
+
+
+/* Bit values for the --debug option.  */
+#define DBG_MPI_VALUE	  2	/* debug mpi details */
+#define DBG_CRYPTO_VALUE  4	/* debug low level crypto */
+#define DBG_MEMORY_VALUE  32	/* debug memory allocation stuff */
+#define DBG_CACHE_VALUE   64	/* debug the caching */
+#define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
+#define DBG_HASHING_VALUE 512	/* debug hashing operations */
+#define DBG_IPC_VALUE     1024  /* Enable Assuan debugging.  */
+#define DBG_CLOCK_VALUE   4096  /* debug timings (required build option).  */
+#define DBG_LOOKUP_VALUE  8192	/* debug the key lookup */
+
+/* Test macros for the debug option.  */
+#define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
+#define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
+#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
+#define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
+#define DBG_CLOCK   (opt.debug & DBG_CLOCK_VALUE)
+#define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
+
+
+/* Declaration of a database request object.  This is used for all
+ * database operation (search, insert, update, delete).  */
+struct db_request_s;
+typedef struct db_request_s *db_request_t;
+
+/* Forward reference for local definitions in command.c.  */
+struct server_local_s;
+
+#if SIZEOF_UNSIGNED_LONG == 8
+# define SERVER_CONTROL_MAGIC 0x6b6579626f786420
+#else
+# define SERVER_CONTROL_MAGIC 0x6b627864
+#endif
+
+/* Collection of data per session (aka connection). */
+struct server_control_s
+{
+  unsigned long magic;/* Always has SERVER_CONTROL_MAGIC.  */
+  int refcount;       /* Count additional references to this object.  */
+
+  /* Private data used to fire up the connection thread.  We use this
+   * structure do avoid an extra allocation for only a few bytes while
+   * spawning a new connection thread.  */
+  struct {
+    gnupg_fd_t fd;
+  } thread_startup;
+
+  /* Private data of the server (kbxserver.c). */
+  struct server_local_s *server_local;
+
+  /* Environment settings for the connection.  */
+  char *lc_messages;
+
+  /* Miscellaneous info on the connection.  */
+  unsigned long client_pid;
+  int client_uid;
+
+  /* The database request object used with a connection.  It is
+   * auto-created as needed.  */
+  db_request_t db_req;
+
+  /* Flags for the current request.  */
+
+  /* If the any of the filter flags are set a search returns only
+   * results with a blob type matching one of these filter flags.  */
+  unsigned int filter_opgp : 1;
+  unsigned int filter_x509 : 1;
+  /* Used by SEARCH and NEXT.  */
+  unsigned int no_data_return : 1;
+
+};
+
+
+/* This is a special version of the usual _() gettext macro.  It
+ * assumes a server connection control variable with the name "ctrl"
+ * and uses that to translate a string according to the locale set for
+ * the connection.  The macro LunderscoreIMPL is used by i18n to
+ * actually define the inline function when needed.  */
+#if defined (ENABLE_NLS) || defined (USE_SIMPLE_GETTEXT)
+#define L_(a) keyboxd_Lunderscore (ctrl, (a))
+#define LunderscorePROTO                                            \
+  static inline const char *keyboxd_Lunderscore (ctrl_t ctrl,       \
+                                                 const char *string)  \
+    GNUPG_GCC_ATTR_FORMAT_ARG(2);
+#define LunderscoreIMPL                                         \
+  static inline const char *                                    \
+  keyboxd_Lunderscore (ctrl_t ctrl, const char *string)         \
+  {                                                             \
+    return ctrl? i18n_localegettext (ctrl->lc_messages, string) \
+      /*     */: gettext (string);                              \
+  }
+#else
+#define L_(a) (a)
+#endif
+
+enum kbxd_store_modes
+  {
+   KBXD_STORE_AUTO = 0, /* Update or insert.    */
+   KBXD_STORE_INSERT,   /* Allow only inserts.  */
+   KBXD_STORE_UPDATE    /* Allow only updates.  */
+  };
+
+
+
+/*-- keyboxd.c --*/
+void kbxd_exit (int rc) GPGRT_ATTR_NORETURN;
+void kbxd_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
+                                      int printchar, int current, int total),
+                           ctrl_t ctrl);
+const char *get_kbxd_socket_name (void);
+int get_kbxd_active_connection_count (void);
+void kbxd_sighup_action (void);
+
+
+/*-- kbxserver.c --*/
+gpg_error_t kbxd_write_data_line (ctrl_t ctrl,
+                                  const void *buffer_arg, size_t size);
+void kbxd_start_command_handler (ctrl_t, gnupg_fd_t, unsigned int);
+
+#endif /*KEYBOXD_H*/
diff --git a/kbx/mkerrors b/kbx/mkerrors
index 629485a..c0bca10 100755
--- a/kbx/mkerrors
+++ b/kbx/mkerrors
@@ -29,7 +29,7 @@ cat <<EOF
  * keybox_strerror:
  * @err:  Error code
  *
- * This function returns a textual representaion of the given
+ * This function returns a textual representation of the given
  * errorcode. If this is an unknown value, a string with the value
  * is returned (Beware: it is hold in a static buffer).
  *
diff --git a/m4/Makefile.am b/m4/Makefile.am
index 3232413..0d1bf14 100644
--- a/m4/Makefile.am
+++ b/m4/Makefile.am
@@ -1,8 +1,6 @@
-EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4  codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4
+EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4  codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4
 
-EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4 pkg.m4
-
-EXTRA_DIST += gnupg-pth.m4
+EXTRA_DIST += ldap.m4 libusb.m4 readline.m4 pkg.m4
 
 EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4
 
diff --git a/m4/Makefile.in b/m4/Makefile.in
index b5829df..cbfff4a 100644
--- a/m4/Makefile.in
+++ b/m4/Makefile.in
@@ -92,16 +92,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -172,9 +171,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -183,6 +184,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -210,9 +212,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -249,13 +252,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -322,9 +328,8 @@ EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 \
 	intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 \
 	wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 \
 	iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 \
-	isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 \
-	progtest.m4 stdint_h.m4 uintmax_t.m4 ldap.m4 libcurl.m4 \
-	libusb.m4 tar-ustar.m4 readline.m4 pkg.m4 gnupg-pth.m4 \
+	lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 \
+	stdint_h.m4 uintmax_t.m4 ldap.m4 libusb.m4 readline.m4 pkg.m4 \
 	gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4 \
 	autobuild.m4 sys_socket_h.m4 socklen.m4 ChangeLog-2011
 all: all-am
diff --git a/m4/codeset.m4 b/m4/codeset.m4
index 223955b..9b019cf 100644
--- a/m4/codeset.m4
+++ b/m4/codeset.m4
@@ -1,5 +1,6 @@
-# codeset.m4 serial 2 (gettext-0.16)
-dnl Copyright (C) 2000-2002, 2006 Free Software Foundation, Inc.
+# codeset.m4 serial 5 (gettext-0.18.2)
+dnl Copyright (C) 2000-2002, 2006, 2008-2014, 2016, 2019-2020 Free Software
+dnl Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
@@ -8,14 +9,16 @@ dnl From Bruno Haible.
 
 AC_DEFUN([AM_LANGINFO_CODESET],
 [
-  AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset,
-    [AC_TRY_LINK([#include <langinfo.h>],
-      [char* cs = nl_langinfo(CODESET); return !cs;],
-      am_cv_langinfo_codeset=yes,
-      am_cv_langinfo_codeset=no)
+  AC_CACHE_CHECK([for nl_langinfo and CODESET], [am_cv_langinfo_codeset],
+    [AC_LINK_IFELSE(
+       [AC_LANG_PROGRAM(
+          [[#include <langinfo.h>]],
+          [[char* cs = nl_langinfo(CODESET); return !cs;]])],
+       [am_cv_langinfo_codeset=yes],
+       [am_cv_langinfo_codeset=no])
     ])
   if test $am_cv_langinfo_codeset = yes; then
-    AC_DEFINE(HAVE_LANGINFO_CODESET, 1,
+    AC_DEFINE([HAVE_LANGINFO_CODESET], [1],
       [Define if you have <langinfo.h> and nl_langinfo(CODESET).])
   fi
 ])
diff --git a/m4/gettext.m4 b/m4/gettext.m4
index cdac014..4f25a27 100644
--- a/m4/gettext.m4
+++ b/m4/gettext.m4
@@ -1,41 +1,39 @@
-# gettext.m4 serial 60 (gettext-0.17)
-dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+# gettext.m4 serial 71 (gettext-0.20.2)
+dnl Copyright (C) 1995-2014, 2016, 2018-2020 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
 dnl
 dnl This file can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
+dnl the GNU General Public License or the GNU Lesser General Public
 dnl License but which still want to provide support for the GNU gettext
 dnl functionality.
 dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
+dnl by the GNU Lesser General Public License, and the rest of the GNU
 dnl gettext package is covered by the GNU General Public License.
 dnl They are *not* in the public domain.
 
 dnl Authors:
 dnl   Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
-dnl   Bruno Haible <haible@clisp.cons.org>, 2000-2006.
+dnl   Bruno Haible <haible@clisp.cons.org>, 2000-2006, 2008-2010.
 
 dnl Macro to add for using GNU gettext.
 
 dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
-dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
-dnl    default (if it is not specified or empty) is 'no-libtool'.
-dnl    INTLSYMBOL should be 'external' for packages with no intl directory,
-dnl    and 'no-libtool' or 'use-libtool' for packages with an intl directory.
+dnl INTLSYMBOL must be one of 'external', 'use-libtool'.
+dnl    INTLSYMBOL should be 'external' for packages other than GNU gettext, and
+dnl    'use-libtool' for the packages 'gettext-runtime' and 'gettext-tools'.
 dnl    If INTLSYMBOL is 'use-libtool', then a libtool library
 dnl    $(top_builddir)/intl/libintl.la will be created (shared and/or static,
 dnl    depending on --{enable,disable}-{shared,static} and on the presence of
-dnl    AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
-dnl    $(top_builddir)/intl/libintl.a will be created.
+dnl    AM-DISABLE-SHARED).
 dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
 dnl    implementations (in libc or libintl) without the ngettext() function
 dnl    will be ignored.  If NEEDSYMBOL is specified and is
 dnl    'need-formatstring-macros', then GNU gettext implementations that don't
 dnl    support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
 dnl INTLDIR is used to find the intl libraries.  If empty,
-dnl    the value `$(top_builddir)/intl/' is used.
+dnl    the value '$(top_builddir)/intl/' is used.
 dnl
 dnl The result of the configuration is one of three cases:
 dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
@@ -57,17 +55,17 @@ dnl
 AC_DEFUN([AM_GNU_GETTEXT],
 [
   dnl Argument checking.
-  ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
+  ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [use-libtool], ,
     [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
-])])])])])
+])])])])
+  ifelse(ifelse([$1], [], [old])[]ifelse([$1], [no-libtool], [old]), [old],
+    [errprint([ERROR: Use of AM_GNU_GETTEXT without [external] argument is no longer supported.
+])])
   ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
     [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
 ])])])])
   define([gt_included_intl],
-    ifelse([$1], [external],
-      ifdef([AM_GNU_GETTEXT_][INTL_SUBDIR], [yes], [no]),
-      [yes]))
-  define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
+    ifelse([$1], [external], [no], [yes]))
   gt_NEEDS_INIT
   AM_GNU_GETTEXT_NEED([$2])
 
@@ -89,13 +87,12 @@ AC_DEFUN([AM_GNU_GETTEXT],
   dnl again, outside any 'if'. There are two solutions:
   dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
   dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
-  dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
-  dnl documented, we avoid it.
+  dnl Since AC_PROVIDE_IFELSE is not documented, we avoid it.
   ifelse(gt_included_intl, yes, , [
     AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
   ])
 
-  dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation.
+  dnl Sometimes, on Mac OS X, libintl requires linking with CoreFoundation.
   gt_INTL_MACOSX
 
   dnl Set USE_NLS.
@@ -123,11 +120,11 @@ AC_DEFUN([AM_GNU_GETTEXT],
     gt_use_preinstalled_gnugettext=no
     ifelse(gt_included_intl, yes, [
       AC_MSG_CHECKING([whether included gettext is requested])
-      AC_ARG_WITH(included-gettext,
+      AC_ARG_WITH([included-gettext],
         [  --with-included-gettext use the GNU gettext library included here],
         nls_cv_force_use_gnu_gettext=$withval,
         nls_cv_force_use_gnu_gettext=no)
-      AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+      AC_MSG_RESULT([$nls_cv_force_use_gnu_gettext])
 
       nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
       if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
@@ -155,12 +152,23 @@ changequote([,])dnl
         fi
 
         AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc],
-         [AC_TRY_LINK([#include <libintl.h>
-$gt_revision_test_code
+         [AC_LINK_IFELSE(
+            [AC_LANG_PROGRAM(
+               [[
+#include <libintl.h>
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
-extern int *_nl_domain_bindings;],
-            [bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings],
+extern int *_nl_domain_bindings;
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_domain_bindings)
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+               ]],
+               [[
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+               ]])],
             [eval "$gt_func_gnugettext_libc=yes"],
             [eval "$gt_func_gnugettext_libc=no"])])
 
@@ -181,35 +189,57 @@ return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_b
             gt_save_LIBS="$LIBS"
             LIBS="$LIBS $LIBINTL"
             dnl Now see whether libintl exists and does not depend on libiconv.
-            AC_TRY_LINK([#include <libintl.h>
-$gt_revision_test_code
+            AC_LINK_IFELSE(
+              [AC_LANG_PROGRAM(
+                 [[
+#include <libintl.h>
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
 extern
 #ifdef __cplusplus
 "C"
 #endif
-const char *_nl_expand_alias (const char *);],
-              [bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
+const char *_nl_expand_alias (const char *);
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias (""))
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+                 ]],
+                 [[
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+                 ]])],
               [eval "$gt_func_gnugettext_libintl=yes"],
               [eval "$gt_func_gnugettext_libintl=no"])
             dnl Now see whether libintl exists and depends on libiconv.
             if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
               LIBS="$LIBS $LIBICONV"
-              AC_TRY_LINK([#include <libintl.h>
-$gt_revision_test_code
+              AC_LINK_IFELSE(
+                [AC_LANG_PROGRAM(
+                   [[
+#include <libintl.h>
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
 extern int _nl_msg_cat_cntr;
 extern
 #ifdef __cplusplus
 "C"
 #endif
-const char *_nl_expand_alias (const char *);],
-                [bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
-               [LIBINTL="$LIBINTL $LIBICONV"
-                LTLIBINTL="$LTLIBINTL $LTLIBICONV"
-                eval "$gt_func_gnugettext_libintl=yes"
-               ])
+const char *_nl_expand_alias (const char *);
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias (""))
+#else
+#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0
+#endif
+$gt_revision_test_code
+                   ]],
+                   [[
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION
+                   ]])],
+                [LIBINTL="$LIBINTL $LIBICONV"
+                 LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+                 eval "$gt_func_gnugettext_libintl=yes"
+                ])
             fi
             CPPFLAGS="$gt_save_CPPFLAGS"
             LIBS="$gt_save_LIBS"])
@@ -243,8 +273,8 @@ return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_a
         dnl Mark actions used to generate GNU NLS library.
         BUILD_INCLUDED_LIBINTL=yes
         USE_INCLUDED_LIBINTL=yes
-        LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV $LIBTHREAD"
-        LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV $LTLIBTHREAD"
+        LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.la $LIBICONV $LIBTHREAD"
+        LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.la $LTLIBICONV $LTLIBTHREAD"
         LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'`
       fi
 
@@ -267,7 +297,7 @@ return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_a
 
     if test "$gt_use_preinstalled_gnugettext" = "yes" \
        || test "$nls_cv_use_gnu_gettext" = "yes"; then
-      AC_DEFINE(ENABLE_NLS, 1,
+      AC_DEFINE([ENABLE_NLS], [1],
         [Define to 1 if translation of program messages to the user's native language
    is requested.])
     else
@@ -301,9 +331,9 @@ return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_a
       fi
 
       dnl For backward compatibility. Some packages may be using this.
-      AC_DEFINE(HAVE_GETTEXT, 1,
+      AC_DEFINE([HAVE_GETTEXT], [1],
        [Define if the GNU gettext() function is already present or preinstalled.])
-      AC_DEFINE(HAVE_DCGETTEXT, 1,
+      AC_DEFINE([HAVE_DCGETTEXT], [1],
        [Define if the GNU dcgettext() function is already present or preinstalled.])
     fi
 
@@ -312,53 +342,24 @@ return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_a
   fi
 
   ifelse(gt_included_intl, yes, [
-    dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL
-    dnl to 'yes' because some of the testsuite requires it.
-    if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then
-      BUILD_INCLUDED_LIBINTL=yes
-    fi
+    dnl In GNU gettext we have to set BUILD_INCLUDED_LIBINTL to 'yes'
+    dnl because some of the testsuite requires it.
+    BUILD_INCLUDED_LIBINTL=yes
 
     dnl Make all variables we use known to autoconf.
-    AC_SUBST(BUILD_INCLUDED_LIBINTL)
-    AC_SUBST(USE_INCLUDED_LIBINTL)
-    AC_SUBST(CATOBJEXT)
-
-    dnl For backward compatibility. Some configure.ins may be using this.
-    nls_cv_header_intl=
-    nls_cv_header_libgt=
-
-    dnl For backward compatibility. Some Makefiles may be using this.
-    DATADIRNAME=share
-    AC_SUBST(DATADIRNAME)
-
-    dnl For backward compatibility. Some Makefiles may be using this.
-    INSTOBJEXT=.mo
-    AC_SUBST(INSTOBJEXT)
-
-    dnl For backward compatibility. Some Makefiles may be using this.
-    GENCAT=gencat
-    AC_SUBST(GENCAT)
-
-    dnl For backward compatibility. Some Makefiles may be using this.
-    INTLOBJS=
-    if test "$USE_INCLUDED_LIBINTL" = yes; then
-      INTLOBJS="\$(GETTOBJS)"
-    fi
-    AC_SUBST(INTLOBJS)
-
-    dnl Enable libtool support if the surrounding package wishes it.
-    INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix
-    AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX)
+    AC_SUBST([BUILD_INCLUDED_LIBINTL])
+    AC_SUBST([USE_INCLUDED_LIBINTL])
+    AC_SUBST([CATOBJEXT])
   ])
 
   dnl For backward compatibility. Some Makefiles may be using this.
   INTLLIBS="$LIBINTL"
-  AC_SUBST(INTLLIBS)
+  AC_SUBST([INTLLIBS])
 
   dnl Make all documented variables known to autoconf.
-  AC_SUBST(LIBINTL)
-  AC_SUBST(LTLIBINTL)
-  AC_SUBST(POSUB)
+  AC_SUBST([LIBINTL])
+  AC_SUBST([LTLIBINTL])
+  AC_SUBST([POSUB])
 ])
 
 
@@ -379,3 +380,7 @@ AC_DEFUN([AM_GNU_GETTEXT_NEED],
 
 dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version])
 AC_DEFUN([AM_GNU_GETTEXT_VERSION], [])
+
+
+dnl Usage: AM_GNU_GETTEXT_REQUIRE_VERSION([gettext-version])
+AC_DEFUN([AM_GNU_GETTEXT_REQUIRE_VERSION], [])
diff --git a/m4/gnupg-pth.m4 b/m4/gnupg-pth.m4
deleted file mode 100644
index 6dc9e0e..0000000
--- a/m4/gnupg-pth.m4
+++ /dev/null
@@ -1,105 +0,0 @@
-dnl GnuPG's check for Pth.
-dnl       Copyright (C) 2003 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-
-# GNUPG_PTH_VERSION_CHECK(REQUIRED)
-# 
-# If the version is sufficient, HAVE_PTH will be set to yes.
-#
-# Taken and modified from the m4 macros which come with Pth.
-AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
-  [
-    _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
-    _req_version="ifelse([$1],,1.2.0,$1)"
-
-    AC_MSG_CHECKING(for PTH - version >= $_req_version)
-    for _var in _pth_version _req_version; do
-        eval "_val=\"\$${_var}\""
-        _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
-        _minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'`
-        _rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'`
-        _micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'`
-        case $_rtype in
-            "a" ) _rtype=0 ;;
-            "b" ) _rtype=1 ;;
-            "." ) _rtype=2 ;;
-        esac
-        _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
-              "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
-        eval "${_var}_hex=\"\$_hex\""
-    done
-    have_pth=no
-    if test ".$_pth_version_hex" != .; then
-        if test ".$_req_version_hex" != .; then
-            if test $_pth_version_hex -ge $_req_version_hex; then
-                have_pth=yes
-            fi
-        fi
-    fi
-    if test $have_pth = yes; then
-       AC_MSG_RESULT(yes)
-       AC_MSG_CHECKING([whether PTH installation is sane])
-       AC_CACHE_VAL(gnupg_cv_pth_is_sane,[
-         _gnupg_pth_save_cflags=$CFLAGS
-         _gnupg_pth_save_ldflags=$LDFLAGS
-         _gnupg_pth_save_libs=$LIBS
-         CFLAGS="$CFLAGS `$PTH_CONFIG --cflags`"
-         LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
-         LIBS="$LIBS `$PTH_CONFIG --libs --all`"
-         AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pth.h>
-                                         ],
-                                         [[ pth_init ();]])],
-                        gnupg_cv_pth_is_sane=yes,
-                        gnupg_cv_pth_is_sane=no)
-         CFLAGS=$_gnupg_pth_save_cflags
-         LDFLAGS=$_gnupg_pth_save_ldflags
-         LIBS=$_gnupg_pth_save_libs
-       ])
-       if test $gnupg_cv_pth_is_sane != yes; then
-          have_pth=no
-       fi
-       AC_MSG_RESULT($gnupg_cv_pth_is_sane)
-    else
-       AC_MSG_RESULT(no)
-    fi    
-  ])
-
-
-
-# GNUPG_PATH_PTH([MINIMUM_VERSION])
-#
-# On return $have_pth is set as well as HAVE_PTH is defined and
-# PTH_CLFAGS and PTH_LIBS are AS_SUBST.
-#
-AC_DEFUN([GNUPG_PATH_PTH],
-[ AC_ARG_WITH(pth-prefix,
-             AC_HELP_STRING([--with-pth-prefix=PFX],
-                           [prefix where GNU Pth is installed (optional)]),
-     pth_config_prefix="$withval", pth_config_prefix="")
-  if test x$pth_config_prefix != x ; then
-     PTH_CONFIG="$pth_config_prefix/bin/pth-config"
-  fi
-  AC_PATH_PROG(PTH_CONFIG, pth-config, no)
-  tmp=ifelse([$1], ,1.3.7,$1)
-  if test "$PTH_CONFIG" != "no"; then
-    GNUPG_PTH_VERSION_CHECK($tmp)
-    if test $have_pth = yes; then      
-       PTH_CFLAGS=`$PTH_CONFIG --cflags`
-       PTH_LIBS=`$PTH_CONFIG --ldflags`
-       PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
-       AC_DEFINE(HAVE_PTH, 1,
-                [Defined if the GNU Pth is available])
-    fi
-  fi
-  AC_SUBST(PTH_CFLAGS)
-  AC_SUBST(PTH_LIBS)
-])
-
diff --git a/m4/isc-posix.m4 b/m4/isc-posix.m4
deleted file mode 100644
index 1319dd1..0000000
--- a/m4/isc-posix.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-# isc-posix.m4 serial 2 (gettext-0.11.2)
-dnl Copyright (C) 1995-2002 Free Software Foundation, Inc.
-dnl This file is free software, distributed under the terms of the GNU
-dnl General Public License.  As a special exception to the GNU General
-dnl Public License, this file may be distributed as part of a program
-dnl that contains a configuration script generated by Autoconf, under
-dnl the same distribution terms as the rest of that program.
-
-# This file is not needed with autoconf-2.53 and newer.  Remove it in 2005.
-
-# This test replaces the one in autoconf.
-# Currently this macro should have the same name as the autoconf macro
-# because gettext's gettext.m4 (distributed in the automake package)
-# still uses it.  Otherwise, the use in gettext.m4 makes autoheader
-# give these diagnostics:
-#   configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX
-#   configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX
-
-undefine([AC_ISC_POSIX])
-
-AC_DEFUN([AC_ISC_POSIX],
-  [
-    dnl This test replaces the obsolescent AC_ISC_POSIX kludge.
-    AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"])
-  ]
-)
diff --git a/m4/lcmessage.m4 b/m4/lcmessage.m4
index eef389d..f67c3d7 100644
--- a/m4/lcmessage.m4
+++ b/m4/lcmessage.m4
@@ -1,15 +1,16 @@
-# lcmessage.m4 serial 4 (gettext-0.14.2)
-dnl Copyright (C) 1995-2002, 2004-2005 Free Software Foundation, Inc.
+# lcmessage.m4 serial 8
+dnl Copyright (C) 1995-2002, 2004-2005, 2008-2014, 2016, 2019-2020 Free
+dnl Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
 dnl
 dnl This file can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
+dnl the GNU General Public License or the GNU Lesser General Public
 dnl License but which still want to provide support for the GNU gettext
 dnl functionality.
 dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
+dnl by the GNU Lesser General Public License, and the rest of the GNU
 dnl gettext package is covered by the GNU General Public License.
 dnl They are *not* in the public domain.
 
@@ -20,11 +21,15 @@ dnl   Ulrich Drepper <drepper@cygnus.com>, 1995.
 
 AC_DEFUN([gt_LC_MESSAGES],
 [
-  AC_CACHE_CHECK([for LC_MESSAGES], gt_cv_val_LC_MESSAGES,
-    [AC_TRY_LINK([#include <locale.h>], [return LC_MESSAGES],
-       gt_cv_val_LC_MESSAGES=yes, gt_cv_val_LC_MESSAGES=no)])
+  AC_CACHE_CHECK([for LC_MESSAGES], [gt_cv_val_LC_MESSAGES],
+    [AC_LINK_IFELSE(
+       [AC_LANG_PROGRAM(
+          [[#include <locale.h>]],
+          [[return LC_MESSAGES]])],
+       [gt_cv_val_LC_MESSAGES=yes],
+       [gt_cv_val_LC_MESSAGES=no])])
   if test $gt_cv_val_LC_MESSAGES = yes; then
-    AC_DEFINE(HAVE_LC_MESSAGES, 1,
+    AC_DEFINE([HAVE_LC_MESSAGES], [1],
       [Define if your <locale.h> file defines LC_MESSAGES.])
   fi
 ])
diff --git a/m4/ldap.m4 b/m4/ldap.m4
index 954f88a..f92bc3c 100644
--- a/m4/ldap.m4
+++ b/m4/ldap.m4
@@ -19,7 +19,7 @@ AC_DEFUN([GNUPG_CHECK_LDAP],
 # something like ./configure LDAPLIBS="-Lfoo -lbar"
 gnupg_have_ldap=no
 AC_ARG_WITH(ldap,
-  AC_HELP_STRING([--with-ldap=DIR],[look for the LDAP library in DIR]),
+  AS_HELP_STRING([--with-ldap=DIR],[look for the LDAP library in DIR]),
   [_ldap_with=$withval])
 
 if test x$_ldap_with != xno ; then
@@ -38,22 +38,22 @@ if test x$_ldap_with != xno ; then
     _ldap_save_libs=$LIBS
     LIBS="$MY_LDAPLIBS $1 $LIBS"
 
-    AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
-    AC_TRY_LINK([
+    AC_MSG_CHECKING([whether LDAP via "$MY_LDAPLIBS" is present and sane])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
 #ifdef _WIN32
 #include <winsock2.h>
 #include <winldap.h>
 #else
 #include <ldap.h>
 #endif
-],[ldap_open("foobar",1234);],
+]],[[ldap_open("foobar",1234);]])],
                 [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
     AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
 
     if test $gnupg_cv_func_ldap_init = no; then
       AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
-      AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[ldap_open("foobar",1234);],
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <lber.h>
+#include <ldap.h>]],[[ldap_open("foobar",1234);]])],
          [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
       AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
     fi
@@ -75,7 +75,8 @@ if test x$_ldap_with != xno ; then
 
        if test "$ac_cv_func_ldap_get_option" != yes ; then
           AC_MSG_CHECKING([whether LDAP supports ld_errno])
-	  AC_TRY_LINK([#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
+	  AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ldap.h>]],
+             [[LDAP *ldap; ldap->ld_errno;]])],
 	     [gnupg_cv_func_ldap_ld_errno=yes],
 	     [gnupg_cv_func_ldap_ld_errno=no])
           AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
diff --git a/m4/libcurl.m4 b/m4/libcurl.m4
deleted file mode 100644
index 49caecc..0000000
--- a/m4/libcurl.m4
+++ /dev/null
@@ -1,253 +0,0 @@
-# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
-#                       [ACTION-IF-YES], [ACTION-IF-NO])
-# ----------------------------------------------------------
-#      David Shaw <dshaw@jabberwocky.com>   May-09-2006
-#
-# Checks for libcurl.  DEFAULT-ACTION is the string yes or no to
-# specify whether to default to --with-libcurl or --without-libcurl.
-# If not supplied, DEFAULT-ACTION is yes.  MINIMUM-VERSION is the
-# minimum version of libcurl to accept.  Pass the version as a regular
-# version number like 7.10.1. If not supplied, any version is
-# accepted.  ACTION-IF-YES is a list of shell commands to run if
-# libcurl was successfully found and passed the various tests.
-# ACTION-IF-NO is a list of shell commands that are run otherwise.
-# Note that using --without-libcurl does run ACTION-IF-NO.
-#
-# This macro #defines HAVE_LIBCURL if a working libcurl setup is
-# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary
-# values.  Other useful defines are LIBCURL_FEATURE_xxx where xxx are
-# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy
-# where yyy are the various protocols supported by libcurl.  Both xxx
-# and yyy are capitalized.  See the list of AH_TEMPLATEs at the top of
-# the macro for the complete list of possible defines.  Shell
-# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also
-# defined to 'yes' for those features and protocols that were found.
-# Note that xxx and yyy keep the same capitalization as in the
-# curl-config list (e.g. it's "HTTP" and not "http").
-#
-# Users may override the detected values by doing something like:
-# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure
-#
-# For the sake of sanity, this macro assumes that any libcurl that is
-# found is after version 7.7.2, the first version that included the
-# curl-config script.  Note that it is very important for people
-# packaging binary versions of libcurl to include this script!
-# Without curl-config, we can only guess what protocols are available,
-# or use curl_version_info to figure it out at runtime.
-
-AC_DEFUN([LIBCURL_CHECK_CONFIG],
-[
-  AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL])
-  AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4])
-  AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6])
-  AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz])
-  AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS])
-  AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN])
-  AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI])
-  AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM])
-
-  AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT])
-  AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP])
-
-  AC_ARG_WITH(libcurl,
-     AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
-     [_libcurl_with=$withval],[_libcurl_with=m4_if([$1],,[yes],[$1])])
-
-  if test "$_libcurl_with" != "no" ; then
-
-     AC_PROG_AWK
-
-     _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'"
-     # More recent versions of curl-config have a direct --vernum
-     # option, but we'd like this code to work with older versions as
-     # well, so just convert --version.
-     _libcurl_vernum_parse="eval $AWK '{printf \"0x%06X\",\$NF}'"
-
-     _libcurl_try_link=yes
-
-     if test -d "$_libcurl_with" ; then
-        LIBCURL_CPPFLAGS="-I$withval/include"
-        _libcurl_ldflags="-L$withval/lib"
-        if test -x "$withval/bin/curl-config" ; then
-          _libcurl_config="$withval/bin/curl-config"
-        else
-          _libcurl_config=
-        fi
-     else
-	AC_PATH_PROG([_libcurl_config],[curl-config])
-     fi
-
-     if test x$_libcurl_config != "x" ; then
-        AC_CACHE_CHECK([for the version of libcurl],
-	   [libcurl_cv_lib_curl_version],
-           [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`])
-
-	_libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
-	_libcurl_wanted=`echo m4_if([$2],,[0],[$2]) | $_libcurl_version_parse`
-
-        if test $_libcurl_wanted -gt 0 ; then
-	   AC_CACHE_CHECK([for libcurl >= version $2],
-	      [libcurl_cv_lib_version_ok],
-              [
-   	      if test $_libcurl_version -ge $_libcurl_wanted ; then
-	         libcurl_cv_lib_version_ok=yes
-      	      else
-	         libcurl_cv_lib_version_ok=no
-  	      fi
-              ])
-        fi
-
-	if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
-           if test x"$LIBCURL_CPPFLAGS" = "x" ; then
-              LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
-           fi
-           if test x"$LIBCURL" = "x" ; then
-              LIBCURL=`$_libcurl_config --libs`
-
-              # This is so silly, but Apple actually has a bug in their
-	      # curl-config script.  Fixed in Tiger, but there are still
-	      # lots of Panther installs around.
-              case "${host}" in
-                 powerpc-apple-darwin7*)
-                    LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
-                 ;;
-              esac
-           fi
-
-	   # All curl-config scripts support --feature
-	   _libcurl_features=`$_libcurl_config --feature`
-
-           # Is it modern enough to have --protocols? (7.12.4)
-	   if test $_libcurl_version -ge 461828 ; then
-              _libcurl_protocols=`$_libcurl_config --protocols`
-           fi
-	else
-           _libcurl_try_link=no
-	fi
-
-	unset _libcurl_wanted
-     fi
-
-     if test $_libcurl_try_link = yes ; then
-
-        # we didn't find curl-config, so let's see if the user-supplied
-        # link line (or failing that, "-lcurl") is enough.
-        LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
-
-        AC_CACHE_CHECK([whether libcurl is usable],
-           [libcurl_cv_lib_curl_usable],
-           [
-           _libcurl_save_cppflags=$CPPFLAGS
-           CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
-           _libcurl_save_libs=$LIBS
-           LIBS="$LIBCURL $LIBS"
-
-           AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <curl/curl.h>]],[[
-/* Try and use a few common options to force a failure if we are
-   missing symbols or cannot link. */
-int x;
-curl_easy_setopt(NULL,CURLOPT_URL,NULL);
-x=CURL_ERROR_SIZE;
-x=CURLOPT_WRITEFUNCTION;
-x=CURLOPT_FILE;
-x=CURLOPT_ERRORBUFFER;
-x=CURLOPT_STDERR;
-x=CURLOPT_VERBOSE;
-]])],[libcurl_cv_lib_curl_usable=yes],[libcurl_cv_lib_curl_usable=no])
-
-           CPPFLAGS=$_libcurl_save_cppflags
-           LIBS=$_libcurl_save_libs
-           unset _libcurl_save_cppflags
-           unset _libcurl_save_libs
-           ])
-
-        if test $libcurl_cv_lib_curl_usable = yes ; then
-
-	   # Does curl_free() exist in this version of libcurl?
-	   # If not, fake it with free()
-
-           _libcurl_save_cppflags=$CPPFLAGS
-           CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
-           _libcurl_save_libs=$LIBS
-           LIBS="$LIBS $LIBCURL"
-
-           AC_CHECK_FUNC(curl_free,,
-  	      AC_DEFINE(curl_free,free,
-		[Define curl_free() as free() if our version of curl lacks curl_free.]))
-
-           CPPFLAGS=$_libcurl_save_cppflags
-           LIBS=$_libcurl_save_libs
-           unset _libcurl_save_cppflags
-           unset _libcurl_save_libs
-
-           AC_DEFINE(HAVE_LIBCURL,1,
-             [Define to 1 if you have a functional curl library.])
-           AC_SUBST(LIBCURL_CPPFLAGS)
-           AC_SUBST(LIBCURL)
-
-           _libcurl_vernum=`echo $_libcurl_version | $_libcurl_vernum_parse`
-
-           AC_DEFINE_UNQUOTED(LIBCURL_VERNUM, $_libcurl_vernum,
-                  [The version of the libcurl library in packed hex form])
-
-           for _libcurl_feature in $_libcurl_features ; do
-	      AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1])
-	      eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes
-           done
-
-	   if test "x$_libcurl_protocols" = "x" ; then
-
-	      # We don't have --protocols, so just assume that all
-	      # protocols are available
-	      _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
-
-	      if test x$libcurl_feature_SSL = xyes ; then
-	         _libcurl_protocols="$_libcurl_protocols HTTPS"
-
-		 # FTPS wasn't standards-compliant until version
-		 # 7.11.0
-		 if test $_libcurl_version -ge 461568; then
-		    _libcurl_protocols="$_libcurl_protocols FTPS"
-		 fi
-	      fi
-	   fi
-
-	   for _libcurl_protocol in $_libcurl_protocols ; do
-	      AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1])
-	      eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes
-           done
-	else
-	   unset LIBCURL
-	   unset LIBCURL_CPPFLAGS
-        fi
-     fi
-
-     unset _libcurl_try_link
-     unset _libcurl_version_parse
-     unset _libcurl_config
-     unset _libcurl_feature
-     unset _libcurl_features
-     unset _libcurl_protocol
-     unset _libcurl_protocols
-     unset _libcurl_version
-     unset _libcurl_vernum
-     unset _libcurl_ldflags
-  fi
-
-  if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
-     # This is the IF-NO path
-     m4_if([$4],,:,[$4])
-  else
-     # This is the IF-YES path
-     m4_if([$3],,:,[$3])
-  fi
-
-  unset _libcurl_with
-])dnl
diff --git a/m4/readline.m4 b/m4/readline.m4
index 0c9619d..2ffbc7b 100644
--- a/m4/readline.m4
+++ b/m4/readline.m4
@@ -14,7 +14,7 @@ dnl found, and sets @LIBREADLINE@ to the necessary libraries.
 AC_DEFUN([GNUPG_CHECK_READLINE],
 [
   AC_ARG_WITH(readline,
-     AC_HELP_STRING([--with-readline=DIR],
+     AS_HELP_STRING([--with-readline=DIR],
 	[look for the readline library in DIR]),
      [_do_readline=$withval],[_do_readline=yes])
 
@@ -30,7 +30,7 @@ AC_DEFUN([GNUPG_CHECK_READLINE],
         _combo="-lreadline${_termcap:+ $_termcap}"
         LIBS="$LIBS $_combo"
 
-        AC_MSG_CHECKING([whether readline via \"$_combo\" is present and sane])
+        AC_MSG_CHECKING([whether readline via "$_combo" is present and sane])
 
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[
 #include <stdio.h>
diff --git a/m4/socklen.m4 b/m4/socklen.m4
index 5e3765a..251960b 100644
--- a/m4/socklen.m4
+++ b/m4/socklen.m4
@@ -1,5 +1,5 @@
-# socklen.m4 serial 4
-dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+# socklen.m4 serial 11
+dnl Copyright (C) 2005-2007, 2009-2020 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
@@ -8,45 +8,69 @@ dnl From Albert Chin, Windows fixes from Simon Josefsson.
 
 dnl Check for socklen_t: historically on BSD it is an int, and in
 dnl POSIX 1g it is a type of its own, but some platforms use different
-dnl types for the argument to getsockopt, getpeername, etc.  So we
-dnl have to test to find something that will work.
+dnl types for the argument to getsockopt, getpeername, etc.:
+dnl HP-UX 10.20, IRIX 6.5, OSF/1 4.0, Interix 3.5, BeOS.
+dnl So we have to test to find something that will work.
 
-dnl On mingw32, socklen_t is in ws2tcpip.h ('int'), so we try to find
-dnl it there first.  That file is included by gnulib's socket_.h, which
-dnl all users of this module should include.  Cygwin must not include
-dnl ws2tcpip.h.
 AC_DEFUN([gl_TYPE_SOCKLEN_T],
-  [AC_REQUIRE([gl_HEADER_SYS_SOCKET])dnl
+  [AC_REQUIRE([gl_CHECK_SOCKET_HEADERS])dnl
    AC_CHECK_TYPE([socklen_t], ,
-     [AC_MSG_CHECKING([for socklen_t equivalent])
-      AC_CACHE_VAL([gl_cv_gl_cv_socklen_t_equiv],
-	[# Systems have either "struct sockaddr *" or
-	 # "void *" as the second argument to getpeername
-	 gl_cv_socklen_t_equiv=
-	 for arg2 in "struct sockaddr" void; do
-	   for t in int size_t "unsigned int" "long int" "unsigned long int"; do
-	     AC_TRY_COMPILE(
-	       [#include <sys/types.h>
-		#include <sys/socket.h>
+     [AC_CACHE_CHECK([for socklen_t equivalent],
+        [gl_cv_socklen_t_equiv],
+        [# Systems have either "struct sockaddr *" or
+         # "void *" as the second argument to getpeername
+         gl_cv_socklen_t_equiv=
+         for arg2 in "struct sockaddr" void; do
+           for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+             AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+                 [[#include <sys/types.h>
+                   #include <sys/socket.h>
 
-		int getpeername (int, $arg2 *, $t *);],
-	       [$t len;
-		getpeername (0, 0, &len);],
-	       [gl_cv_socklen_t_equiv="$t"])
-	     test "$gl_cv_socklen_t_equiv" != "" && break
-	   done
-	   test "$gl_cv_socklen_t_equiv" != "" && break
-	 done
-      ])
-      if test "$gl_cv_socklen_t_equiv" = ""; then
-	AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
-      fi
-      AC_MSG_RESULT([$gl_cv_socklen_t_equiv])
+                   int getpeername (int, $arg2 *, $t *);]],
+                 [[$t len;
+                  getpeername (0, 0, &len);]])],
+               [gl_cv_socklen_t_equiv="$t"])
+             test "$gl_cv_socklen_t_equiv" != "" && break
+           done
+           test "$gl_cv_socklen_t_equiv" != "" && break
+         done
+         if test "$gl_cv_socklen_t_equiv" = ""; then
+           AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+         fi
+        ])
       AC_DEFINE_UNQUOTED([socklen_t], [$gl_cv_socklen_t_equiv],
-	[type to use in place of socklen_t if not defined])],
-     [#include <sys/types.h>
-      #if HAVE_SYS_SOCKET_H
-      # include <sys/socket.h>
-      #elif HAVE_WS2TCPIP_H
-      # include <ws2tcpip.h>
-      #endif])])
+        [type to use in place of socklen_t if not defined])],
+     [gl_SOCKET_HEADERS])])
+
+dnl On mingw32, socklen_t is in ws2tcpip.h ('int'), so we try to find
+dnl it there too.  But on Cygwin, wc2tcpip.h must not be included.  Users
+dnl of this module should use the same include pattern as gl_SOCKET_HEADERS.
+dnl When you change this macro, keep also in sync:
+dnl   - gl_CHECK_SOCKET_HEADERS,
+dnl   - the Include section of modules/socklen.
+AC_DEFUN([gl_SOCKET_HEADERS],
+[
+/* <sys/types.h> is not needed according to POSIX, but the
+   <sys/socket.h> in i386-unknown-freebsd4.10 and
+   powerpc-apple-darwin5.5 required it. */
+#include <sys/types.h>
+#if HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#elif HAVE_WS2TCPIP_H
+# include <ws2tcpip.h>
+#endif
+])
+
+dnl Tests for the existence of the header for socket facilities.
+dnl Defines the C macros HAVE_SYS_SOCKET_H, HAVE_WS2TCPIP_H.
+dnl This macro must match gl_SOCKET_HEADERS.
+AC_DEFUN([gl_CHECK_SOCKET_HEADERS],
+  [AC_CHECK_HEADERS_ONCE([sys/socket.h])
+   if test $ac_cv_header_sys_socket_h = no; then
+     dnl We cannot use AC_CHECK_HEADERS_ONCE here, because that would make
+     dnl the check for those headers unconditional; yet cygwin reports
+     dnl that the headers are present but cannot be compiled (since on
+     dnl cygwin, all socket information should come from sys/socket.h).
+     AC_CHECK_HEADERS([ws2tcpip.h])
+   fi
+  ])
diff --git a/m4/tar-ustar.m4 b/m4/tar-ustar.m4
deleted file mode 100644
index 4ae9e63..0000000
--- a/m4/tar-ustar.m4
+++ /dev/null
@@ -1,43 +0,0 @@
-dnl Check for a tar program that speaks ustar format
-dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
-dnl
-dnl This file is free software, distributed under the terms of the GNU
-dnl General Public License.  As a special exception to the GNU General
-dnl Public License, this file may be distributed as part of a program
-dnl that contains a configuration script generated by Autoconf, under
-dnl the same distribution terms as the rest of that program.
-
-AC_DEFUN([GNUPG_CHECK_USTAR],
-[
-  AC_ARG_WITH(tar,
-     AC_HELP_STRING([--with-tar=PATH],[look for a tar program in PATH]),
-     [_do_tar=$withval])
-
-  if test x$_do_tar != xno ; then
-
-     if test x$_do_tar = x ; then
-        AC_PATH_PROG(TAR,"tar")
-        _mytar=$ac_cv_path_TAR
-     fi
-
-     # Check if our tar is ustar format.  If so, it's good.  TODO: Add some
-     # code to check various options, etc, to try and create ustar
-     # format.
-
-     if test x$_mytar != x ; then
-        AC_MSG_CHECKING([whether $_mytar speaks USTAR])
-        echo hithere > conftest.txt
-        $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null
-        _tar_bad=$?
-        rm conftest.txt
-
-	if test x$_tar_bad = x0 ; then
-	   AC_MSG_RESULT([yes])
-	else
-	   AC_MSG_RESULT([no])
-	fi
-     fi
-  fi
-
-  AM_CONDITIONAL(HAVE_USTAR, test x$_tar_bad = x0)
-])dnl
diff --git a/po/Makevars b/po/Makevars
index 270ac59..d5318a9 100644
--- a/po/Makevars
+++ b/po/Makevars
@@ -9,7 +9,7 @@ top_builddir = ..
 
 # These options get passed to xgettext.
 XGETTEXT_OPTIONS = \
-        --keyword=_ --keyword=N_ --keyword=L_ \
+	--keyword=_ --keyword=N_ --keyword=L_ \
         --flag=gcry_log_debug:1:c-format   \
         --flag=gpgrt_fprintf:2:c-format   \
         --flag=gpgrt_fprintf_unlocked:2:c-format   \
@@ -53,6 +53,7 @@ XGETTEXT_OPTIONS = \
         --flag=xasprintf:1:c-format   \
         --flag=xtryasprintf:1:c-format   \
         --flag=log_debug_with_string:2:c-format   \
+	--flag=status_printf:3:c-format  \
         --flag=print_assuan_status:3:c-format    \
         --flag=vprint_assuan_status:3:c-format   \
 	--flag=agent_print_status:3:c-format     \
@@ -61,10 +62,13 @@ XGETTEXT_OPTIONS = \
 	--flag=ks_printf_help:2:c-format         \
 	--flag=print_further_info:1:c-format     \
 	--flag=write_status_printf:2:c-format    \
+	--flag=gnupg_printf_status:2:c-format    \
+	--flag=kbxd_print_status:3:c-format      \
 	--flag=gpgconf_write_status:2:c-format   \
         --flag=send_status_printf:3:c-format     \
 	--flag=wks_write_status:2:c-format
 
+
 # This is the copyright holder that gets inserted into the header of the
 # $(DOMAIN).pot file.  Set this to the copyright holder of the surrounding
 # package.  (Note that the msgstr strings, extracted from the package's
diff --git a/po/POTFILES.in b/po/POTFILES.in
index eba4c62..61b6f2d 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -27,8 +27,6 @@ common/gettime.c
 common/ksba-io-support.c
 common/ttyio.c
 
-common/argparse.c
-common/logging.c
 common/utf8conv.c
 common/dotlock.c
 common/init.c
@@ -80,9 +78,12 @@ g10/tofu.c
 g10/trustdb.c
 g10/trust.c
 g10/verify.c
+g10/cipher-cfb.c
+g10/cipher-aead.c
 
 kbx/kbxutil.c
 
+scd/app-piv.c
 scd/app-p15.c
 scd/app-nks.c
 scd/app-openpgp.c
@@ -130,3 +131,8 @@ tools/gpgconf-comp.c
 tools/gpgconf.c
 tools/no-libgcrypt.c
 tools/gpg-check-pattern.c
+tools/gpg-card.c
+tools/card-misc.c
+tools/card-keys.c
+tools/card-yubikey.c
+tools/card-call-scd.c
diff --git a/po/ca.gmo b/po/ca.gmo
index c83ce3547c9905055a5da5b726bc3968eaa6e1d7..ea07b00ce59e5fd9320bde24c105fe9cf14bbcec 100644
GIT binary patch
delta 9183
zcmY+~34Bji-pBEiAd(=72(iXLBqGEfyO5wXloqi!A|fGnNhpdxYTuVyOQ}KhK`m*g
zHAS^_R2S9Jn9jpfN{y|wWomRW=JWlZ<Mr~~SATh*-?{gmd$xNc^O}d>_`mtJzxUhl
zl4}jeHa}ykWA$>zH1Nl&sx{_pEpq${1G(lgMv@1{7*h>BsQcPE2RbJ^*EkPgXRiAK
z8)A5@F{#FQO$r4yumr2%ZkK=Lyo8mh|HI`K>li~DrYZ8D>CcY@oQY~@4~F9>F28`~
z$seNH5010f#b7$mHz^cqaAGTJL`P8%{0BziJ!H_Pd|hMcgGof%GJ`N0XS@18p{_fP
zwebh!RudM_EMY5D2M1yVPFBwI%@S9!8#T2@F${~5Hq1X!BMz-+Z%o7r<f*6!rK37J
z+qup80jj-kQ5}AO8bFQucE&oPS3R6S;aS{(W$`=bUDV9{j@koNnCHgW6}5&_P}`&s
z1MnkkhNm$RAEEAR$`4&X6a#Su2H}PV%zrrw+o@=S2T%{ZjarHz?$QWjQ6oroPC!lJ
zdQ^jZu`9lV$@mD{WBW$N(04NflkiOp#p|f0`gbGdUk|Rzu(WCVqBhG&mrq0bVwPbr
zzK`nAUr{5zg=*+$+<*~HjClt4p$2jvHACf_+9gUrEnRo4i5XrB;S{8H=W5gqdr_P4
z6jsE`sGdJSbufT=u7s6QYuX4)V_)=OI%@CCba^3a0H2`lKZh02d(Bn+it0ca7ET?A
zMU5;OwQI9bH_k%!d^KvMhtPu$F$=3Sw=*;YHFIwu``3JlSMXO1@H6IO3*P{}=4wm3
zhJT<&T&fkFz$j$)Og+>{UPN_l9%^d0p$CuQ3>v(I8bEp*W&>Zsidg78iV@`JFdT1S
zYrX%!Q=n6(d0V?nN26YwO;{BVp&I%Eqwy;0bt~1*HWY)Jp_W({(@>i(6D#8~^x!U+
zpF*{J8Dn|A`JIA#9?ce2-WK!lebfvzWGhoNLopR!M`qjHz$mQI!A^NQ<Ucc%ANtg8
zL*0K3wMQb8?Q5QdTAKOjeU`%86c*tlRL>Tq7}F8Aqt@;kcEV69d9zF(?1FQ2kst3n
z@@+Ana*-bR3)aRsdcl4*-BAOWiM%N02-d<oof)s*>o9hbde{>AW|(x;k}O8;`r{ae
zXE6i6!yrtd7n<_!sPh9*dnXtB;3QN#r%^NZ7(+0TkA?O^r><V(`v47~LML)iugN5=
zhO@9bZg%-$)Ltk?y?(bb0R5Rpt#uIAz*-oK$*38~L3Ly!YV&=GY$J0;^Uv~|C>B-?
z4|Yz(I^+vn{uXM@PGViW=jy9<vmI@Mn))87j(MHyocmBSbQ0CUV$>%0-ggycy4xG$
zQB#_XHL(Y32F79xE=G-PKWg(8qaOG#)QpvR&MrY5YA-cIPMMyl`!=E4Id1iuYZNqv
z!992=mPhrhH%8+q48*0Vj;zJ<cnH<tN#`vrO&-?MKA<wHV@cQ$(@;zF3aX=<vAW*3
z_bBLr#m+mZ9+rCEE<rt1-U~x;GM2!3s0S=Uwt?A(tfskvdNG>3V5hpkxf(Tq1E`t#
z0&DVobAy7WGO(B3192Eco`kxvE2`(iP~VA{UHw`NBR}BkKg2ll3#j%=^tK(Yh1xSs
z&>sh(_CPv%gDJf1D(1TjcA$D%h}wiFQ6s;Nq4*nWX@Ysj)KCKIb?SzCa0Y5=W}-U0
z1NEF^sP;}{JpR;&`PU6q)9grFqc&X{ssjbCeidqo_Bv0ZJ|GuS4|t6Auu5OsvCgO^
z%R!BJ36{j=sDZ3OULdo*FY_Nx;Rh=8fXApWS7bkHTZ|yjK&^EFmcu2ej&DR={~l^7
zE@CshgPMWp{?@Lj2aiR~#B|hi7kFJ^6KX{JumYY%?fUQ0gLkkwh77PH>x|kPxtNG^
zQ4c(fnu$x;7=s7ecG_Y?^3JI9`M46juT!W`q0u1wYjZHFp(WS=54!qGm_Qyn*mkrX
zY7H|`GqDJ(;%@Zd39N$Oqn7eNsOze|XkXJd$jo_7M+zQJ<e+a#P&aOJ`P&#tehORQ
zCG=pWblXr%)O{VWI`&3&d_1b1EvN^-i)!aQ>iWCrulL_?h<%?+VoOd0q6d>vn<x{t
zDd(eJuU**0&zLjVf!qvb2Fa6A4;Yha--@{yMZVqnq4ToyvE=zCYMA{;Xc9IepMu(*
zyHO3?LoG@9EStA<_Cs}WlFK)t-t)t#j$T2{MDTEXUn|sR?vEPK81!n_E~TIwwqP`V
zjFa&?*1#dzb}FZ%)_5JNV+T=t=PWkGKTtE+D93Kf5zfu1z48_6?f4yaeWMY~zeYT4
zgx!^^u?hK6Y>hvnrZj$}y)gwff=Mo4jN1LjP`mp+Y7f-Pwe=lPGf;qaaXV`Fe})?9
zgIwl6jzZ;8wt-}9M?N0oaWAIgc`S>b(f0jqfNHQ6>cN?)j;}<u_Yvy;TNsQHW4IP;
zq6Rhq6L7VcLNbL9P#2o9_Sa__EJqrNT`?9tI*sc2a?}(aKuzgY)b}BBoSmT_Sekqo
zcE(Ydg8Na|{fxTL8#mrg)nKed#Y)tPLe$7Fpa)|o*tPG1)yOkZBc6d_xF2ibaV(2h
zu_6A1g;;YUzi{vrs{PnJ-_m%^Knj|w1*o+<h_&$y>OuEV4Ta>}w;%~spM@3Bi`pY=
zP@8oR#^7nxX1t4~uug&f<&%I7$opWd-v8MYH1&n355^%>M?S|2coRMN2=(BoNw&jn
zP;bL<)O}v8j2rP8JcQZ{4{;WHc%@?T4XlHwq~8C#6n?^rFEL6#{xvkk-dJ&}{dJp!
z8c`3I=V2T2Ihcq?Q60I5+LYy{SzF*9+RH#KO_}NTui}QN86JyXeF#=j&=ej-jo>t<
z;1z6xF*B?gsPmgJ8jDafRE+u_+(dOWaHida4X`?SN7SCk!1g!>J-BBk^RKo4oC@{m
z0Y+g}rbYFwQ4MC{JY0xOjtQA%e-|u3y&cD}69&w-uU9wJ{c}-M{uXw@udzE;n`8IX
zh&eQ<DO^WIAN&lJ*L=m8=P?b};tteE+RSAcus=4&o!AY}V{?qAmuWhW4{<MQv+bO3
zJA4kcM8ON}=4|Gr(2<JKs0QA`diXsiVCX{I({`xWZ8U0EZ@~yG#)^0gc~N|S$Av)t
zB0J@CFqC`+2I5v6io3A`dV?0*LMm!47onD53s%A-sJ(Fx%i(QQ$9_ePtj-d<bZMyj
zrl9u7dJMn=sJG@_Y=P&n6$UT${RQMTohT$x;YBrY6tz|tu^-l6W=A>=HPRL6n|f?Y
zejYWFpyl?hNyVDv6H)E0!W2A!F?i3_N3PKKg7t4fK@F#20*=B^T#q%d5NqSdSO#yR
z_QEe%1;ba`2PdGeOT+p&1*_r?)W|=;a`*t%k&>&7$>#Yco<e(EfvxcjYGi?{?KiwF
z_8{+s>d-2zh5J!!`ZrXA7qC2<HTIhyj!j7WV-POF20D#(@k8`#s&7$fgiT(xGmwc5
z$(N%ZbkunnHIfo*?O(5LQ2Auk9@&Q_@nej`PjLX=!-3d+oqelzVsr9e)-nIhDAZqX
zADn^e$Wm0pN1XRjBdfQ;?&@|JO`eKcg3&IYhgyO{tcahXHs5!s_8y_`OWepe1p94d
z{?*fLD*SO7YQ!rs7>lqg9&_gdHrYG~)nG5IgbT4UZbi-9d#EYCj#V-2HJjJR#^h<J
z%{k9YK@Zx2`cm!3rdaIqz|D3yH$<&nPt*vfqaL))o&VDLBgRu7y2akt8a2ZMQSB~6
z?X}~m0ec_2g8%DwYD-}bC&IBBPQ^%EiyqvEdcDqIb-arjVVSLVlhr|WuraE`X&8ZX
zFd5gQ-m-6yrS_Uq+w29+QESo-HI)NVQ=5l+ofcsod<QjS7g4+WI(Eh?Z`g*1poe@3
zw#B`unZ1FD7_!}7-wA{C{x77U3s+-HJcG+I;7@jq*P?do=cuXm-(i0nCSV8h5txF7
zF29LA$>Vq05l=yN^e`sjZEUCWyO=4SZ*nNa;$qYX<^Z<BBj|fguqJu^Lfe7v7)m|~
zwFL993vS0ccoPFKY`2}kNYrL*h-$CD%a@_I4HbW;Pz!%XH5l=x-5gC&4JBfGY>Qfo
zX{gP&3uCa@<-egHc^`hHqK*R=)0n!yy0Vx=jPcX_b1-ARKdF2PKh_Z?iDhbyL$foB
zs7GF#h;;QYsZ70&Zj|rh078R$`Z!7QKGB-!O3dL}zIkSgd%nr0;-6G#ot_+8TYZeY
zoZE{H@n=jUDpA&vg&$#Omq$4-Q<vw;yD00JOWql`DdErzzN*Iix(j`^?#FP{?jJ)m
z=lmk#8Ok}t146IVU_x(7O?Q7^%G!7@Kh>W8FkMGXB{DcS7FlIe8Rrw;H%Oiw`atM-
ziO>er(TI!6;d{hH;t-*?L`MYYv>$XN6Zz!jk!@i9MexFyqr^ZWk#p;bY|6Y~W(4K$
z^#1pzpra2_k@BDMOX4PRg(xCwxobY7JkpgHW4J2^Qm<pH#mvSIoNGyxa&_P1{}QdK
zt3v2l=*Rxcq)@?^@`oZP#!+tJ@^>)DU975VlyBj5B^+~zGrp4jQI_*HDgK|Un?n9P
z(StmOSW8*o03Pc*s;KZGv4RsX<2_<E<t2oU@y_nf5bFB-&d_n{`n!5nO(V_`|0dc~
z|1Gw|DL8~!MQkO18~;X(BD~f3ah^!v1fOy<8*AY)LPtFLD5BV=zJC>~IF7ns@S&@(
ziec30m`W`7mH1!O@FLNLbFUNru0DzKCz^<GD*odt|BmkxFK{xI(9xc_MC>Ql6GMr%
z#FOKHD8zE@YecZSC)v5rT~rq{sH^kjCOl3Y(L(4`sw0gH(%p^9hfto6)9@eon<{mX
zKZ1F_#QtawGl&xI{+}qfapeHYD~TW?k+@HMO6XXj_17_xi}Uar@gn6EJVE?G3?-jM
z3?#lLKSiVyI-;o?O_ZSQA>JZV$e$&2+#p8yO6)0YK>Y%DPSxJu`O)mDit>~fQ#TKn
zVGH~VF30YuBZhJa@#Gjpp$_?KoPY&SPT(`-?J$hk?CMui*Tt5-rUJ<wlC$pQ=guf>
z%DJ6b4mY`aahj;;@@<^c@gmWfC`G;j2jdIa)tzrZ`N`3dx_FW@TK`ul^dly@3&&Fa
zfCwgP6N6lRF6DldUvW99`G&|>fny_4o#^GxSAFWbj@181=>I{XqXyO`{Ji{lm5QDi
zjXiLYuHe{X@%{9temtd4I2t{8+ns;T`K+@S&Ls{LUlCilR>wl(0ue+WN30>doA|Mj
z*i7i)-wtLt<zI0X&cu%i9bXVviLy%E5%;8ke>_!wjdE#XEm4D*L0k2(6%NB;SY5yW
z50XqL*+7h>e4WsdKy)J}6P<`BM_aDTC3HOJ9DozZ18}MD48NM4C8?X~u3JFeQdgdg
z&GdV;G=<*o;xd#&{fcJR?p~rOGOo~XP3ic=qJHr;Vv}>m=Vj%N8{x^HI(BS!L0)c_
zCo6Zt$m~2%Y`&*%?C^Nc<lOONG7GZvJ$c!j$;}>D;F*w@os*rHJuWLdKe#Bb=hq=c
z8`7tiE*hErt>2mrBU%>S9<ef^2MwPn%*^v-kMT^&&B@Cw@MPxajy<v4_l*D7xMvKl
n+cr<^9+#C%Hk`YLXXh8>j>{~_%*zcfn)Yg7MA7x#t4jPAv7U>o

delta 9642
zcmZ|V30&4yzQ^$cu7Kc%D=vRf5KwX7&=f^QEz{gLRFp>~5%d9a@4>XpCCzZdG)q%+
zyEai-TH|D6Y29ixyJgq1v_;Ftn#nT9rulrIbG-SQd+-0%&-d?~|8}<jd8}7^&V*k7
zC^YbCt%~an$1@?uG{Omy#&iocW=liW8dK8DnAW%$t8&djtVj8!=ElU}Ur_g5afZd)
za)LA6IT`zM-6BlEV>r;5fce2)&^^JJ2Amj!dZ6FA2J2Ja?>vrr@u#kQ19g4v7RJy9
z(-x^RBe4}OM4jJ*weSsBK8rPZzxjzoFRq$sFO0)X%Du2LZbjXA1a;lJs0LheR!p)D
z^iYG=4V&NyjKe~tk7fg^VXt5;UQ|8rH<gm@g)NcMHFqOzGJf=MGpYwiFd9E{<?mcM
zyrrFzrdWgXU68h!0jLp~jk<3G*2aCP_Z-E5T6&R0hB96<7B$Cds1}bw^&o)!V|Ma~
z8h9E9;0>&X=`0jE6g6_0sI{|zKic9R)ZBlJ8mX`p#=kO2b80(aOYDe~P&cka{xQe+
zqbmM@VR!>0v0@uzQn425g@aL3GXvGbWvCA9bDl<x#4o7lMYU!8Gf3*uyfmDIJ@H9o
zP|SI}10&iQQymAQ=5#FT#S2ku;}F)ww_N!gssmRs92>W{4N63H_%76Qh6hMCk=%#<
zusXw_o{U5dQ6XwdR%2~EfKBl=tc9PW7Uhqq>!TPxeJx2?2m7EJJ_gmm=~x%%V{l5>
zl2oDM5PEnNwRk>r<*-h+2g#@hbi&%0;mYGt4VZ~)z%o?Nwxbs9anyYmP!0bP)zRqA
z!S@BsIFhMUEI`fKdDPHV=t3{B9bUlkSeXr|XII<9e%<UGPDJ%M2P3cq8FjM?)sa7<
z8um46WJ6PJM?G8=!u<CpX~2o2-Hl;gn6p?1!+KboVl?GWs39MOJj-MvoiQ6xi}W4T
zS925f!e|zbp3?^Pz4t>+We(~&4`CzTZ^}sY*}RBabg!d&bQL|U%8CrmDeA#}P;-}w
zYWNb=bGD)%8~3s!@F?;Ka|{QfNwZ(qAZ$W0fB_Bp6C_+?j-mGG(BAd|8K@V{!vVMr
zH8q!9xo#h0mQ$XDYS?AuA5$^iPF)7_kD1LM8le}kKYpRg5IWnJcC(3@R;&ok*=THr
z%dtHkK=t4=<V!S7xH}GqU;_Fv9?OtD$Q(sY$raS9kK@~}f$eb;rla<c9jFmMkP)yK
z9Hv5x=WQI0AEF-Al5X=Mm@JIK4XCxS6SV;ycJ(Jv-}#5A4d?<k!hgDQ4CAl0&;{$_
zV62SU0TRva3~Y=`Q9as@8i5n2hWrDyXxa@jhV^OsBJ0eQpdS3H^L<R9eA$(2+-avQ
z0TZbofx3PXs-b~W5)J)9RLeehUUyc%%Z^Y2s)1clt9+y@&qUp~606~MY>Ed_Bk&&T
zN9YQwV>Jic#n%P7FJMNIs3kKo0+*u}(|V*0=2_H@H&G9YyW5(98p1qOg9<SgS7KE>
zfNH>ts14|S)N{UcMhwx$$NaY=(Sy68dNL7HuoyKpPoo<6D(Zn}Q7`<-88y`2pMV<r
zJ6+k2QIt1g1>A*t{$6Bxnb&Xt?>Axh*w1DdYKYf6%TX^pg&L8+qJ}nXm>t3-)Lah0
zFr0|GZaS*rOHlj67FYiw)}VaK)nC9s3o34sXhUeu(pQVqQHy05hT;NL!|um$+~Uf+
z-TC9FhMqu;z?Z1!R2yMG!x+@mv_w5;Fh=8y5sbfHTtbEBW*e%-$5Agjk9y!Yn1nS)
z+J<&V^>iF+M2b-jSnukeLru{;&M#5>#;>U7d!tNn-$@<C_^V|;DzpZcp?bU@E8;;^
zPo77<K=V4*!pPC~1s-a{>gt?;(UeQDF0RK&+>h$$Vbt|!QB(12fTROS)EGMgeVo%#
zFJ6rriLIy?KjS=t>e0Jc8-GBp`buN%Z$=b$qTB}6F&}EgR$xcmi5l_1$0W%lW}Mw(
zTcRE`0aMV2I=>Dd#iQ5~hmN<umJ3l2+K;XAw5vB0?3UaX)zD1T6qcYyVlOt-_kWVa
zqv8u}fR!@sTsB1wRS(pIC!=m$jaBe~JO2WDl+U6@=mzRJkrQpX1=gdSik)#7dbk{e
z-~V0`-S`|f!sDnHUO+vl#w7dVWYmKOqOQ+Et(79w_dN%@-~#lp95wW3uqpn6`q~;y
zX3q)X?;Y4HKt*8|LrO(C>ILVg*w5r=Y(lxtRBK1)aHrq77E`(IS!{#fq84jRw!P1X
znxdtyyw`aW1I;;ci9|h*^jVXg8K?$iqxOR(s2=P`jnEl)K6IL0^|7d)c1Er4QK;*4
zFc#O~efS4#jEOnSzdn=xIrhd(WKoz!sG;BF%Fkg8<#$jGx{O+cRj1ou$&RR@&q1y3
zZO${OMHiN9zp@V4Ue}>UYI82*uhsn)747gEcEc9;+NsDweV+4B-}M1kK8AYHPpGe?
z<qSJ=<52Z;P$RS-6Y*nA#tM0MBvP;i<)Hx*Jzy^Oz}=XHU*JHDnrVMl$6z>RAL@a#
zQ1_Lg8h!%xz#FLh<MQqGcVSn`qfs4u6kFk2n1+F$N%Y{Z1@`AR9V00Z!3@kq4|k&G
z@D0=uUP6sb%q+Xn3_*?1gIEPOV_)2kz42?*hLkkh-Zu#usemaZ(Hc16PMk;eytd!I
zI1{xd?nkYGGHi!0U=92l<M29G!<a%lGKsjG@@QmBFu!33%q+4~vlf$hzd1^x)qfeA
zVdY}`qGU{=+#lny*wsIdwJ9G$eXeh#R`W&F*A&7M*J4b-N;nY{FdJLrO4RdS#&CWA
z=Sj5Mzd<#m;vD;eSoA1&LiKzUYHt0g5!r&e?-16<Q`ir`L9K<hbJ=cj4C;kvQ4RUc
znJ|y>|DKA$BvB#!tJQpa<KPAMce@zXqX%7iFQ!sHj2-bBsv*e>?V{}G%*TB^ZzF1I
z((kwbRy_?h!aGs>#L4>^|9T{ssi=>^e;vby42xbg!MPE2{xrtox2P$IEV27REUKYt
z7>zz`g!55rVk7p%r_sZUsFAF=m<OpvDU0ochM`W(Mm_Lxd=USHjGF2Hfc+6UiW!uD
z!gTDp#C~26pzePKHRNAmf2_9D{$+MJYE5lJjo`ZhlHnv3c#A4V;}Beh>+u|_C;o?+
zCR~GU@e>?`QOoRSH5NzcJYL5yP>b!8hi!u+mfI=ngI%bffqgKrgQOG5SEwDT(F(gk
zWT0AFg!<fepl<vCHN=rC?O#6QkT1`4#VFi|8uG(f9pA*N_#sZl&#)KvUKKQ87L#Z$
zU&AK&0oKJIQEMaO5xXHZ!&a2rp?WqEo8c<deb1uS$a`2BFJTN`#m*S9+U|sXush`i
zc!$3KLnL~@HSCYkYxvY~JgTS9VI6!EgF}z)DMvl(dV(z|FUF?02lc#@*c&flb4*@q
z>xZEBi+rrZ`^_p6^=vy<$M@U?=TSZU6(cbAF}oI8qrUq=s268ra3ruL<!4c!<vCQ(
zf5u2mDYXshfj-Jv80bmzCP_D}yw3J44XaQtM74AQ#$g$1E?+_Q=s4EIZ?G@k#CF)5
zl^ceI*cun1ezf+XM)(Z2!I%w<zj}V>2D{kiqF%Jy`4)Dj{2gk}ns2n_$*8rl5i8<B
z)JQy!WAGe~#ZH^-*R%#ZQ9h3yuuhpB@quNGzglu16?)Mw=O?J1MQ^sNIRRrScfbZX
z(v=HPL%$a5;0vfl_crQzU!(48^0@sv(ohW@f}uDkK%ySc$8g+=8TgF5;Com8JL-Ym
zx7e@4kM$`p#}wR-8sbyf5O270ovn7!_Czhp0@Qm}V>|}RNZOMebrpX@t>XGm*tzS9
z>ftohi&mh{zwA7VNtAza<!0OL5T~P_I|qB>UQ~}SJFj3h-fymwOyk5&jKQf-+PMv&
zM|mSQ#h0)VeuV1bHPj-j@sw>~L)2pHiP4ycX}B1*#*U$;`l>tMbi1Y`z_v@Gp-jiR
zI05w;6=DKzLk-y*sMUQ6wc0D}un!)99_3=}jvG)zdm209b=38(pSBJ5qpn+sU3kBF
ziG;n!e2<#rz)rhbUqlV<6->ptyX=N@5B8?K)|KDKyD8V+ZF@Wg)zBSy2Y!G(bp9DT
zQbRGBauEi)k!&MTi_fAqn%}T1M(nW->5H0z`KShMMr~AoMoq~X?2kWS0(RYNx8O;r
z5uJvKxCr$b?sDaGdl`TAtkORF6{MjaI2A*&1S{hb)FN7eE%793F<!&w*nGb&55y44
z`tQV_;r%Lbtaa+y*Ml|oj~SZ(bL32^$t6bH`ru0*;3kh)MqLfeLTw%`2o`&A&45`#
z#Bg3mUDU|wXhS|14--j5V<L^ZRN_-|9j|HrCs46GSmZB<<T|vO3?w>IzJf#WUexAu
zlhDB?7yK_|Q#m(<Tyw3X6Xhxd(;hr}lj|rX=8<cvJ|ec0>-}atq4|A+iebbWLWdt$
z6BS%pb=Al<H3cfTV*@@*%y!p>;|a<WhymnVaVeqW3~@Y|F@hny{|+u#M8%!>ItK7J
z{1XvI{x<4ZNUpEr*3p;p%M{*q71b$kA@n6_(cL<FQK#c^Vm>j5SVY}_W3d1Cz&v6V
zl_Q8=<kQ_veVkMU{~joh5fzD%oNG*sA-WJ+h&sL|^i_=^=2G95NGE1d9*d2LKIA$c
z2#!C=hr~+NaA^1XikM2gK!k9^t>fga<lp=!<#oj0iC2jWL_O}y!4<dNPcit@E)Nj5
z-mh}-&=%R3c#3Gijg^A6ta|d#$&;|X>WN1P9mzNeXA=4^8*@~7+fnB7aqjvrD8FIr
z0*1{kcs%7!K2J%z*-Xm2@LOUAc_iL`#8J4_`bnIh?oN)t!Ibs$o$2aCA$2+)!f7_;
z_k$;B=ktg%PAtSvh!Wxm!QY%rYwG*qts|D?peyv_Ts89H_#m;B&~cg=MZP{*Vpnwa
zDz0&LrTDZ~yAF0-Gc1_>{zsSJ(_l7{Yh%a;Vl849F`B4M-6i6i;8pB;&K{gw?DCJD
z+I}CSUPlumID+@Mij8=K%G&r3%tm(9;ICf?@;vgUIE9!@=y;l#Ohi)VFS@~FlXJ6k
zsJnKoD`(?>5q0$a-{nrmJ6qvVcj4bK*VT_BFL1d|_aMrN45BA7g!qB@g?N*Q<JuaS
zO59D}oY+Rb8J7}!$Y-nnJ_<TITFkGg{~KZn@f`V+#CY<y_#;tF=y-%EqF(>zT#Nhz
zVheGNs6goWPm7twHTp^Z3sIFQB8C&e@vq6r7s($cS`p`o0fdf=L=NYNVl#{-4w0u3
zI*KXtBN+TSo<`oC{5~Rqc#HTe(USW1*cEmBnOIEzJq9vJ{3M;-$qmjwQn!|Pl=3P3
z4?@Q#%FVDLW)bPZTGj@6G*Lq2Q|BXoBF+*Eh;G#HAnqd;5IQ0>|F<6xQP@k=c9pN(
zcCv}PDHJ29Uqvh@Z|$ymAD^ULk<kCBvW)0W-FL)GL^7cxk$5kd=?~tY&xMZ@>xscs
zO(ZVs9LG-TzO<>im%JW%3ic#)>>v`!*AeqoM~u=5j&0;u@f{*X6&$6yhGP&$;R<am
zyD9tuAI6{Y*3sWxoQd6CeitX_kdMTMw=Oj0@5bF(VPJfAlGk^5Z!fVhHz(gK$j_UX
z6mC4vOVo*BI^oNo>Yq2O=>I%-+fC)s3Hw88xr=?-UUpVdR=9~TEG@~b+enG$&gB;5
zdvkL0^1LZNuei{cU3#QNw|Z@UKhM3>3jC>FTzp|%`S&ei<I9H)em|<eZ?11@agopS
z%`Niz^Rx22S^k0?f7Z-!Q=FeQCC}#-6?lGMR`&n8fZD=Y1^I=(R4=};yupMAs|@>}
zPUjcQe0@)$r*35V|Gnex<lNk8{{Q#ntvk!hrd|vw&01NnwBVWgO|oWA;a%aTutjlE
zZeDKD{4D?LPkO-z73KI!=lFWmSBGtdH_PYuvQoWc`{E0a9VtKPTi2?5?PFD<!)%YU
z{9ftjyQ1Ur3%tS>)3dx;1v$k<US6IrC)e-gW!c^p7G-(arL(rzFP*k4s(jO~wH5va
DsImNe

diff --git a/po/ca.po b/po/ca.po
index d7c053d..fec6ac7 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -27,7 +27,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.4.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2005-02-04 02:04+0100\n"
 "Last-Translator: Jordi Mallach <jordi@gnu.org>\n"
 "Language-Team: Catalan <ca@dodds.net>\n"
@@ -36,52 +36,52 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to create a sign and encrypt key? "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Segur que voleu crear una clau de signatura i xifratge? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -89,7 +89,7 @@ msgstr "la contrasenya és invàlida"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -100,25 +100,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "la contrasenya és massa llarga\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -128,301 +116,281 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "la contrasenya és errònia"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "la línia és massa llarga\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "la contrasenya és massa llarga\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Hi ha un caràcter invàlid en el camp *nom*\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "l'MPI és erroni"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "la contrasenya és errònia"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "canvia la contrasenya"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "l'algoritme de protecció %d%s no està suportat\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "no s'ha pogut obrir «%s»: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr ""
 "no s'ha trobat cap anell secret de escrivible: %s\n"
 "\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: no s'ha pogut crear la taula de dispersió: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 #, fuzzy
 msgid "Admin PIN"
 msgstr "Introduïu el nom d'usuari: "
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Repetiu la contrasenya: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Repetiu la contrasenya: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Repetiu la contrasenya: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s: error en escriure el registre de directoris: %s\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Introduïu la contrasenya\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Voleu usar de tota manera aquesta clau?"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -430,7 +398,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "El nom ha de tenir, si més no, 5 caràcters\n"
 msgstr[1] "El nom ha de tenir, si més no, 5 caràcters\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -438,389 +406,394 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Voleu usar de tota manera aquesta clau?"
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Cal una contrasenya per a protegir la clau secreta.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "canvia la contrasenya"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "La clau ha estat substituïda"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
 # Un dels dos és en la llista d'opcions amb --help. Urgh. jm
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "detall"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "una mica més silenciós"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "actualitza la base de dades de confiança"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NOM|el joc de caràcters serà NOM"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
 # Gènere?  Nombre?  ivb
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "no és suportat"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
 # Gènere?  Nombre?  ivb
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "no és suportat"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|usa el mode de contrasenya especificat"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "utilitza el gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Si us plau, informeu sobre els errors a <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "l'algorisme de resum seleccionat no és vàlid\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "s'estan llegint opcions de «%s»\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "Certificat de revocació vàlid"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent no està disponible en aquesta sessió\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "no es pot crear el directori «%s»: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: s'ha creat el directori\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: no s'ha pogut crear el directori: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "ha fallat l'actualització de la clau secreta: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "\t%lu claus es descarta\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent no està disponible en aquesta sessió\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -830,19 +803,19 @@ msgstr ""
 "Opcions:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -850,8 +823,8 @@ msgstr ""
 "@Ordres:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -861,88 +834,87 @@ msgstr ""
 "Opcions:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Cancel·la"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "fitxer d'opcions «%s»: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "error de lectura: %s\n"
 
 # Parts?  Peces?  ivb
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "parts de la clau secreta no estan disponbles\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "error de lectura: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -955,19 +927,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "sí|si"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -980,7 +952,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -990,143 +962,143 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "canvia la contrasenya"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Realment voleu eliminar les claus seleccionades? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "activa una clau"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
 # Parts?  Peces?  ivb
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "parts de la clau secreta no estan disponbles\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "l'algoritme de protecció %d%s no està suportat\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "l'algoritme de protecció %d%s no està suportat\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "l'algoritme de protecció %d%s no està suportat\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "ha fallat l'actualització: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
@@ -1143,34 +1115,34 @@ msgid "problem setting the gpg-agent options\n"
 msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
 
 # bolcats de memòria?  ivb
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "no s'han pogut desactivar els bolcats de memòria: %s\n"
 
 # Indi. ivb
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "AVÍS: el propietari és insegur en %s «%s»\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "ha fallat l'actualització: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "sí|si"
 
@@ -1226,55 +1198,105 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "ha fallat l'actualització: %s\n"
 
 # Destès? ivb
 # Desatès, sí. jm
-#: common/asshelp.c:347
+#: common/asshelp.c:364
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
 msgstr "no es pot fet això en mode desatès\n"
 
-#: common/asshelp.c:430
-#, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr ""
+# Destès? ivb
+# Desatès, sí. jm
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "no es pot fet això en mode desatès\n"
 
 # Destès? ivb
 # Desatès, sí. jm
-#: common/asshelp.c:521
+#: common/asshelp.c:367
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent established\n"
 msgstr "no es pot fet això en mode desatès\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+# Destès? ivb
+# Desatès, sí. jm
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "no es pot fet això en mode desatès\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+# FIXME: preferència? jm
+# Ho discutírem en la llista, segur.  Deu ser als arxius.  ivb
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "AVÍS: %s té preferència sobre %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Useu l'ordre «toggle» abans.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1362,7 +1384,7 @@ msgstr "armadura: %s\n"
 # i s'ha dit que és erroni, igual que «suportat» :) Les alternatives
 # encara no m'agraden massa... jm
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1451,12 +1473,12 @@ msgstr ""
 "No s'han trobat certificats amb confiança no definida.\n"
 "\n"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "Certificat correcte"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "La clau és disponible en: "
@@ -1498,7 +1520,7 @@ msgstr "No hi ha ajuda disponible per a `%s'"
 msgid "ignoring garbage line"
 msgstr "error en l'última línia\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "[no establert]"
@@ -1508,147 +1530,26 @@ msgstr "[no establert]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr ""
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "error de lectura"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "la línia és massa llarga\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "l'argument és invàlid"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "l'armadura és invàlida"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "les ordres entren en conflicte\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "opcions d'importació no vàlides\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-# Gènere?  Nombre?  Passat, futur?  ivb
-# Probablement és una clau, femení. jm
-# Werner FIXME: please add translator comment saying *what* is
-# uncompressed so we know the gender. jm
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "no forçat"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "les ordres entren en conflicte\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "el destinatari predeterminat és desconegut «%s»\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "dades inesperades"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "opcions d'importació no vàlides\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "opcions d'importació no vàlides\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "L'ordre no és vàlida (proveu «help»)\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opcions d'importació no vàlides\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTA: no existeix el fitxer d'opcions predeterminades «%s»\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "fitxer d'opcions «%s»: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1664,134 +1565,135 @@ msgstr "no es pot obrir el fitxer: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "no es pot crear el directori «%s»: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "no s'ha trobat la clau pública %08lX: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "la capçalera d'armadura és invàlida: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "capçalera d'armadura: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "la capçalera de signatura clara és invàlida\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "capçalera d'armadura: "
 
 # És un missatge d'error?  ivb
 # «Anidada» és un castellanisme.  Niuades?  Imbricades (SC)??  ivb
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "signatures en text pla imbricades\n"
 
 # FIXME: un-indiar. jm
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "armadura inesperada:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "la línia escapada amb guió és invàlida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "fi de fitxer prematur (no CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "fi de fitxer prematur (en CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC malformat\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "error de CRC; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "fí de fitxer prematur (al final)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "error en l'última línia\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "no s'han trobat dades OpenPGP vàlides.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "l'armadura és invàlida: la línia és més llarga que %d caràcters\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1799,13 +1701,13 @@ msgstr ""
 "hi ha un caràcter «quoted printable» en l'armadura - probablement s'ha "
 "utilitzat un MTA amb errors\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "no llegible per humans"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1814,27 +1716,27 @@ msgstr ""
 "un nom de notació només pot tenir caràcters imprimibles o espais i acabar "
 "amb el signe «=»\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "un nom de notació d'usuari no pot contenir el caràcter «@»\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "un nom de notació d'usuari no pot contenir el caràcter «@»\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "un valor de notació no pot utilitzar cap caràcter de control\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "un nom de notació d'usuari no pot contenir el caràcter «@»\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1844,156 +1746,135 @@ msgstr ""
 "un nom de notació només pot tenir caràcters imprimibles o espais i acabar "
 "amb el signe «=»\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "AVÍS: s'hi han trobat dades de notació invàlides\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, fuzzy, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "no s'ha pogut posar «%s» en la base de dades de confiança - %s\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Introduïu la contrasenya: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "error en crear l'anell «%s»: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-# FIXME: preferència? jm
-# Ho discutírem en la llista, segur.  Deu ser als arxius.  ivb
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "AVÍS: %s té preferència sobre %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s encara no funciona amb %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Useu l'ordre «toggle» abans.\n"
+msgid "error from TPM: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s encara no funciona amb %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent no està disponible en aquesta sessió\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "genera un certificat de revocació"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "la clau secreta no està disponible"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
 # Destès? ivb
 # Desatès, sí. jm
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "no es pot fet això en mode desatès\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
 
 # Parts?  Peces?  ivb
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "parts de la clau secreta no estan disponbles\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "La vostra selecció? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[no establert]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
@@ -2001,221 +1882,224 @@ msgstr ""
 # Probablement és una clau, femení. jm
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "no forçat"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forçat"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "no hi ha cap clau pública corresponent: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "preferències actualitzades"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "Empremta digital:"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "La generació de claus ha fallat: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "no s'han trobat dades OpenPGP vàlides.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Quina grandària voleu? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "arrodonida fins a %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Aquesta signatura va caducar el %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Seleccioneu quin tipus de clau voleu:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (només signar)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA i ElGamal (predeterminat)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "La selecció és invàlida.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "es descarta: la clau secreta ja és present\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2223,205 +2107,218 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Seleccioneu quin tipus de clau voleu:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr ""
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Seleccioneu la raó de la revocació:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "ha fallat l'actualització: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "es descarta: la clau secreta ja és present\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Signar realment? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "ix del menú"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "les ordres entren en conflicte\n"
 
 # «pantalla» o «ajuda»?  ivb
 # «ajuda», evidentment. jm
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "mostra aquesta ajuda"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "La clau és disponible en: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "canvia la data de caducitat"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "canvia la confiança"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "mostra empremta"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "genera un nou parell de claus"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NOM|usa NOM com a destinatari predeterminat"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "canvia la confiança"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "canvia la confiança"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "les ordres entren en conflicte\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr ""
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr ""
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "L'ordre no és vàlida (proveu «help»)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output no funciona per a aquesta ordre\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "no s'ha pogut obrir «%s»\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(a no ser que especifiqueu la clau per la empremta digital)\n"
-
 # Ahà!  Abans «batch» està tal qual.  Cal unificar.  ivb
 # Fet. jm
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "no es pot fer això en el mode desatès sense «--yes»\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a no ser que especifiqueu la clau per la empremta digital)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2463,9 +2360,9 @@ msgstr "clau"
 msgid "subkey"
 msgstr "Clau pública: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "ha fallat l'actualització: %s\n"
@@ -2490,64 +2387,74 @@ msgstr "hi ha una clau secreta per a la clau pública «%s»!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "utilitzeu l'opció «--delete-secret-keys» per a eliminar-la primer.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"forçar el xifrat asimètric %s (%d) viola les preferències del destinatari\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "no es pot usar un paquet asimètric ESK al estar en mode S2K\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, fuzzy, c-format
-msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "«%s» ja està comprimida\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVÍS: «%s» és un fitxer buit\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "no podeu usar l'algorisme de resum %s mentre esteu en mode %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVÍS: %s és una opció desaconsellada.\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "s'està llegint des de «%s»\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar el xifrat asimètric %s (%d) viola les preferències del destinatari\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVÍS: %s és una opció desaconsellada.\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2556,30 +2463,38 @@ msgstr ""
 "forçar l'algoritme de compressió %s (%d) viola les preferències del "
 "destinatari\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar el xifrat asimètric %s (%d) viola les preferències del destinatari\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s xifrat per a: «%s»\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "dades xifrades amb %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "xifrat amb l'algoritme %d (desconegut)\n"
 
 # És no-wrap?  ivb
 # Com? jm
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2587,74 +2502,11 @@ msgstr ""
 "ATENCIÓ: el missatge s'ha xifrat amb una clau feble durant el xifratge\n"
 "simètric.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problema en tractar amb un paquet xifrat\n"
 
-# Execució de programes remots, o execució remota de programes? jm
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "no hi ha suport per a l'execució remota de programes\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"les crides a programes externs estan inhabilitades per tindre el fitxer "
-"d'opcions permissos insegurs\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"aquesta plataforma necessita fitxers temporals quan es crida a programes "
-"externs\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "no s'ha pogut executar %s «%s»: %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "no s'ha pogut executar %s «%s»: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "s'ha produït un error del sistema en cridar el programa extern: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "s'ha produït una eixida no natural del programa extern\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "no s'ha pogut executar el programa extern\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "no s'ha pogut llegir la resposta del programa extern: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVÍS: no s'ha pogut eliminar el directori temporal «%s»: %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2680,409 +2532,409 @@ msgstr "la clau secreta és inusable"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: es descarta: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "s'està escrivint en «%s»\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr ""
 "clau %08lX: la signatura de la subclau és en el lloc equivocat - es "
 "descarta\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "clau %08lX: clau d'estil PGP 2.x - es descarta\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "AVÍS: no s'ha exportat res\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[No s'ha trobat l'id d'usuari]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "Empremta digital:"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NOM|usa NOM com a clau secreta predeterminada"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NOM|usa NOM com a clau secreta predeterminada"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "La clau invàlida %08lX s'ha fet vàlida amb --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "s'usarà la clau secundària %08lX en lloc de la primària %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "|[fitxer]|crea una signatura"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[fitxer]|crea una signatura en text clar"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "crea una signatura separada"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "xifra dades"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "xifra només amb xifratge simètric"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "desxifra dades (predeterminat)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifica una signatura"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "llista claus"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "llista claus i signatures"
 
 # «de les claus» o «de la clau»?  ivb
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "comprova les signatures de la claus"
 
 # «dactilars» o «digitals»?  ivb
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "llista claus i empremtes digitals"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "llista claus secretes"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "genera un certificat de revocació"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "elimina claus de l'anell públic"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "elimina claus de l'anell secret"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "signa una clau"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "signa una clau localment"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "genera un nou parell de claus"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "signa una clau"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "signa una clau localment"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "signa o edita una clau"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "canvia la contrasenya"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exporta claus"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exporta claus a un servidor de claus"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importa claus d'un servidor de claus"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "cerca claus en un servidor de claus"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "actualitza totes les claus des d'un servidor de claus"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importa/fon claus"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "actualitza la base de dades de confiança"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [fitxers]|imprimeix resums de missatges"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NOM|usa NOM com a clau secreta predeterminada"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NOM|xifra per a NOM"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "no fa cap canvi"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "pregunta abans de sobreescriure"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "crea eixida amb armadura ascii"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "usa el mode de text canònic"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|nivell de compressió N (0 no comprimeix)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importa claus d'un servidor de claus"
 
 # «de les claus» o «de la clau»?  ivb
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "comprova les signatures de la claus"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "llista claus secretes"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NOM|xifra per a NOM"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "usa aquest id per a signar o desxifrar"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3093,7 +2945,7 @@ msgstr ""
 # Crec q (A)lice (orig.), (B)ob (dest.), etc. són noms usats pel Zimmerman
 # en el manual original de PGP.  A, B, C...  ivb
 # En efecte. Idem per a Mallory més endavant. Els deixe com a l'original. jm
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3123,13 +2975,13 @@ msgstr ""
 " --list-keys [noms]         mostra claus\n"
 " --fingerprint [noms]       mostra empremtes digitals\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3149,7 +3001,7 @@ msgstr ""
 # Precissament acabem de parlar d'«implementat a la llista del GNOME
 # i s'ha dit que és erroni, igual que «suportat» :) Les alternatives
 # encara no m'agraden massa... jm
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3157,557 +3009,572 @@ msgstr ""
 "\n"
 "Algoritmes suportats:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Clau pública: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Xifratge: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Dispersió: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compressió: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "forma d'ús: gpg [opcions] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "les ordres entren en conflicte\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 #| msgid "no = sign found in group definition `%s'\n"
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no s'ha trobat cap signe = a la definició de grup «%s»\n"
 
 # Indi. ivb
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "AVÍS: el propietari és insegur en %s «%s»\n"
 
 # Indi. ivb
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "AVÍS: el propietari és insegur en %s «%s»\n"
 
 # Indi. ivb
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVÍS: el propietari és insegur en %s «%s»\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "AVÍS: el propietari del directori envoltant és insegur en %s «%s»\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "AVÍS: el propietari del directori envoltant és insegur en %s «%s»\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "AVÍS: el propietari del directori envoltant és insegur en %s «%s»\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "AVÍS: els permissos del directori envoltant són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "AVÍS: els permissos del directori envoltant són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "AVÍS: els permissos del directori envoltant són insegurs en %s «%s»\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "la URL de política de signatura donada no és vàlida\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "mostra en quin anell de claus està una clau llistada"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTA: %s no és per a ús normal!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "No és una adreça vàlida\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opcions d'importanció no vàlides\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opcions d'importanció no vàlides\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "la URL de política de signatura donada no és vàlida\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "no s'ha pogut fixar l'exec-path a %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d opcions d'exportació no vàlides\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "opcions d'importació no vàlides\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "AVÍS: el programa podria crear un fitxer core!\n"
 
 # FIXME: preferència? jm
 # Ho discutírem en la llista, segur.  Deu ser als arxius.  ivb
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVÍS: %s té preferència sobre %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s no és permés amb %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s no té sentit amb %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algorisme de xifratge triat no és vàlid\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "l'algorisme de resum seleccionat no és vàlid\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "l'algorisme de xifratge triat no és vàlid\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "l'algorisme de resum de certificació seleccionat no és vàlid\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed ha de ser major que 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed ha de ser major que 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth ha d'estar en el rang 1 a 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, fuzzy, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "default-check-level és invàlid; ha de ser 0, 1, 2 o 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, fuzzy, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "default-check-level és invàlid; ha de ser 0, 1, 2 o 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTA: el mode S2K simple (0) no és gens recomanable\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "el mode S2K és invàlid; ha de ser 0, 1 o 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "les preferències per defecte són invàlides\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "les preferències personals de xifrat són invàlides\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "les preferències personals de xifrat són invàlides\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "les preferències personals de digest són invàlides\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "les preferències personals de compressió són invàlides\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "la mida de la clau és invàlida; s'hi usaran %u bits\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s encara no funciona amb %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "no podeu usar l'algorisme de compressió %s mentre esteu en mode %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "AVÍS: s'han donat destinataris (-r) sense usar xifratge de clau pública\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "ha fallat el desxifratge: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "l'enviament al servidor de claus ha fallat: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "la recepció des del servidor de claus ha fallat: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "l'exportació de la clau ha fallat: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "l'exportació de la clau ha fallat: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "ha fallat la cerca al servidor de claus: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "ha fallat el refresc des del servidor de claus: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "no s'ha pogut llevar l'armadura: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Endavant, escriviu el missatge...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "la URL de política de certificació donada no és vàlida\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "la URL de política de signatura donada no és vàlida\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "la URL de política de signatura donada no és vàlida\n"
@@ -3721,7 +3588,7 @@ msgstr "pren les claus d'aquest anell"
 msgid "make timestamp conflicts only a warning"
 msgstr "fes els conflictes de marques de temps només un avís"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|escriu informació d'estat en aquest FD"
 
@@ -3771,301 +3638,320 @@ msgstr "actualitza la base de dades de confiança"
 msgid "do not update the trustdb after import"
 msgstr "actualitza la base de dades de confiança"
 
+# Gènere?  Nombre?  ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "no és suportat"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "mostra empremta"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "mostra empremta"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "la clau secreta és inusable"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "mostra empremta"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "es descarta un bloc de tipus %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "fins ara s'han processat %lu claus\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Nombre total processat: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr " claus noves descartades: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr " claus noves descartades: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "                sense ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              importades: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "          no modificades: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "       ID d'usuaris nous: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "          subclaus noves: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        signatures noves: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "       noves revocacions: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr " claus privades llegides: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "claus privades importades: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "claus privades no canviades: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "              importades: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "        signatures noves: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr " claus privades llegides: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "clau %08lX: sense ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "es descarta «%s»: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "clau %08lX: corrupció de la subclau HKP reparada\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "clau %08lX: s'ha acceptat la ID d'usuari no autosignada «%s»\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "clau %08lX: l'ID no és vàlid\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "açò pot ser causat per l'absència d'autosignatura\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "clau %08lX: no s'ha trobat la clau pública: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "clau %08lX: clau nova - es descarta \n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "no s'ha trobat cap anell escrivible: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "clau %08lX: s'ha importat la clau pública «%s»\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "clau %08lX: no correspon a la nostra còpia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "clau %08lX: «%s» 1 ID d'usuari nou\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "clau %08lX: «%s» 1 signatura nova\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "clau %08lX: «%s» %d signatures noves\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "clau %08lX: «%s» 1 subclau nova\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "clau %08lX: «%s» %d subclaus noves\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "clau %08lX: «%s» %d signatures noves\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "clau %08lX: «%s» %d signatures noves\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "clau %08lX: «%s» no ha estat modificada\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "clau %08lX: s'ha importat la clau secreta\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "es descarta: la clau secreta ja és present\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
@@ -4078,69 +3964,69 @@ msgstr "error mentre s'enviava a «%s»: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "clau %08lX: clau secreta amb xifrat %d no vàlid - es descarta\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "No s'ha especificat cap raó"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "La clau ha estat substituïda"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "La clau ha estat compromesa"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "La clau ja no s'usa"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "L'ID d'usuari ja no és vàlid"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "raó de la revocació: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "comentari de la revocació: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "clau %08lX: falta la clau pública: no es pot aplicar el certificat\n"
 "de revocació\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "clau %08lX: no s'ha trobat el bloc de claus original: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "clau %08lX: no s'ha pogut llegir el bloc de claus original: %s\n"
@@ -4148,22 +4034,22 @@ msgstr "clau %08lX: no s'ha pogut llegir el bloc de claus original: %s\n"
 # O «rebutjara»? ivb
 # Per tots els canvis d'anglicisme «ignorat» -> «es descarta»,
 # «es rebutja» està bé. jm
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "clau %08lX: el certificat de revocació és invàlid: %s: es rebutja\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "clau %08lX: s'ha importat el certificat de revocació «%s»\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "clau %08lX: no hi ha ID per a la signatura\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
@@ -4171,121 +4057,127 @@ msgstr ""
 "«%s»\n"
 "\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "clau %08lX: l'autosignatura no és vàlida en l'id d'usuari «%s»\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "clau %08lX: l'algoritme de clau pública no és suportat\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "clau %08lX: s'ha afegit la signatura de clau directa\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "clau %08lX: no hi ha una subclau per a l'enllaç de la clau\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "clau %08lX: l'enllaç de subclau és invàlid\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "clau %08lX: s'ha eliminat un enllaç de subclau múltiple\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "clau %08lX: no hi ha una subclau per a la clau de revocació\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "clau %08lX: Subclau de revocació no vàlida\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "clau %08lX: s'han eliminat subclaus de revocació múltiples\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "clau %08lX: es descarta l'ID d'usuari '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "clau %08lX: es descarta la subclau\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "clau %08lX: la signatura és inexportable (classe %02x) - es descarta\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr ""
 "clau %08lX: el certificat de revocació és en el lloc equivocat - es "
 "descarta\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "clau %08lX: el certificat de revocació és invàlid: %s - es descarta\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr ""
 "clau %08lX: la signatura de la subclau és en el lloc equivocat - es "
 "descarta\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr ""
 "clau %08lX: la classe de signatura és inesperada (0x%02x) - es descarta\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "clau %08lX: s'ha detectat un ID d'usuari duplicat - es fusiona\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "clau %08lX: s'ha detectat un ID d'usuari duplicat - es fusiona\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "AVÍS: la clau %08lX pot estar revocada: s'adquireix la clau de revocació "
 "%08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVÍS: la clau %08lX pot estar revocada: la clau de revocació %08lX no està "
 "present.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "clau %08lX: s'hi ha afegit el certificat de revocació «%s»\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "clau %08lX: s'ha afegit la signatura de clau directa\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
@@ -4306,19 +4198,19 @@ msgstr "signatura %s, algorisme de resum %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Signatura correcta de \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "es descarta «%s»: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "L'ID d'usuari «%s» està revocat."
 msgstr[1] "L'ID d'usuari «%s» està revocat."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4326,7 +4218,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 signatura no comprovada per falta de clau\n"
 msgstr[1] "1 signatura no comprovada per falta de clau\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4334,53 +4226,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d signatures errònies\n"
 msgstr[1] "%d signatures errònies\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Signatura correcta de \""
 msgstr[1] "Signatura correcta de \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "s'ha creat l'anell «%s»\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "s'ha creat l'anell «%s»\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "error en la lectura de «%s»: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
@@ -4393,7 +4280,7 @@ msgstr "[revocació]"
 msgid "[self-signature]"
 msgstr "[autosignatura]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4405,12 +4292,12 @@ msgstr ""
 "verificar les claus d'altres usuaris (mirant passaports,\n"
 "comprovant empremtes de diferents fonts...)?\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Hi confie marginalment\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Hi confie plenament\n"
@@ -4437,14 +4324,14 @@ msgid "User ID \"%s\" is revoked."
 msgstr "L'ID d'usuari «%s» està revocat."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Segur que encara voleu signarla? (s/N) "
 
 # O no s'ha pogut? ivb
 # FIXME: comprovar context. jm
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  No es pot signar.\n"
 
@@ -4644,77 +4531,77 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Signar realment? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "desa i ix"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "mostra empremta"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Notació de signatura: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "llista claus i ID"
 
 # Per aquesta zona (keyedit) hi ha un cacau d'infinitius i presents...  ivb
 # Yeah, els vaig corregir abans de que enviares la teua correcció. jm
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "tria l'ID d'usuari N"
 
 # Per aquesta zona (keyedit) hi ha un cacau d'infinitius i presents...  ivb
 # Yeah, els vaig corregir abans de que enviares la teua correcció. jm
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "tria l'ID d'usuari N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "revoca signatures"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "signa la clau localment"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Pista: Trieu els ID d'usuari que voleu signar\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "afegeix un ID d'usuari"
 
@@ -4722,145 +4609,149 @@ msgstr "afegeix un ID d'usuari"
 # Si et refereixes a Photo vs. photo, ho deixe en minúscules, que en tot
 # el menú està tot en minúscules. Tb hi ha molts ID vs. id en els msgids
 # i no hem unificat en català. Potser li ho diré a Werner. jm.
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "afegeix un photo ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "esborra un ID d'usuari"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "esborra una clau secundària"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "afegeix una clau de revocació"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr ""
 "Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "No podeu canviar la data de caducitat de les claus v3\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "marca l'ID d'usuari com a primari"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "llista les preferències (expert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "llista les preferències (detallat)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr ""
 "Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr ""
 "Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "canvia la contrasenya"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "canvia la confiança"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Realment voleu revocar tots els ID d'usuari seleccionats? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "revoca un ID d'usuari"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "revoca una clau secundària"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "activa una clau"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "desactiva una clau"
 
 # Igual que dalt.  ivb
 # Idem :) jm
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "mostra el photo ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "La clau secreta està disponible.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "La clau secreta està disponible.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Cal la clau secreta per a fer açò.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4868,314 +4759,319 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "La clau està revocada."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Realment voleu signar tots els ID d'usuari? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Realment voleu signar tots els ID d'usuari? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Pista: Trieu els ID d'usuari que voleu signar\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "la classe de signatura és desconeguda"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Heu de seleccionar al menys un ID d'usuari.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "No podeu esborrar l'últim ID d'usuari!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Realment voleu eliminar tots els ID d'usuari seleccionats? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Realment voleu eliminar aquest ID d'usuari? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Realment voleu esborrar aquesta autosignatura? (s/N)"
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Heu de seleccionar, si més no, una clau.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "no s'ha pogut obrir «%s»: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Heu de seleccionar, si més no, una clau.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Realment voleu eliminar les claus seleccionades? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Realment voleu eliminar aquesta clau? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Realment voleu revocar tots els ID d'usuari seleccionats? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Realment voleu eliminar aquest ID d'usuari? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Realment voleu revocar aquesta clau? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Realment voleu revocar les claus seleccionades? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Realment voleu revocar aquesta clau? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "estableix la llista de preferències"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Realment voleu actualitzar les preferències? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Voleu desar els canvis? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Voleu eixir sense desar? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "La clau no ha canviat, per tant no cal actualització.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "No podeu esborrar l'últim ID d'usuari!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "el valor no és vàlid\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Usuari inexistent.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "No hi ha res que signar amb la clau %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr ""
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s no és un joc de caràcters vàlid\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Resum: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Funcionalitats: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notació: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "No hi ha preferències en un ID d'usuari d'estil PGP 2.x.\n"
 
 # Potser %s haja d'anar darrere de «clau».  ivb
 # És cert. Nova funcionalitat de 1.2.0, IIRC. jm
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Aquesta clau pot ser revocada per la clau %s "
 
 # Potser %s haja d'anar darrere de «clau».  ivb
 # És cert. Nova funcionalitat de 1.2.0, IIRC. jm
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Aquesta clau pot ser revocada per la clau %s "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (sensible)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "no s'ha pogut creat %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[revocada]"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [caduca: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [caduca: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr ""
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " confiança: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Aquesta clau ha estat desactivada"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5183,19 +5079,19 @@ msgstr ""
 "Teniu en compte que la validesa de la clau mostrada no és necessàriament\n"
 "correcta a no ser que torneu a executar el programa.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[revocada]"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5205,19 +5101,19 @@ msgstr ""
 "      causar que una ID d'usuari diferent esdevinga en la primària "
 "assumida.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "No podeu canviar la data de caducitat de les claus v3\n"
 
 # Photo ID com abans.  ivb
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5226,38 +5122,38 @@ msgstr ""
 "AVÍS: Aquesta és una clau d'estil PGP2. Afegir un photo ID pot fer que "
 "algunes versions de PGP rebutgen aquesta clau.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Esteu segur que encara voleu afegir-lo? (s/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "No podeu afegir un photo ID a una clau d'estil PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
 # Aquesta i les següents no haurien de portar (s/N/q) i no (y/N/q)?  ivb
 # Hmm. Sí... (s/N/x) jm
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Voleu esborrar aquesta signatura correcta? (s/N/x)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Voleu esborrar aquesta signatura invàlida? (s/N/x)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Voleu esborrar aquesta signatura desconeguda? (s/N/x)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Realment voleu esborrar aquesta autosignatura? (s/N)"
 
 # Werner FIXME: use ngettext. jm
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5265,37 +5161,37 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "S'ha esborrat %d signatura.\n"
 msgstr[1] "S'ha esborrat %d signatura.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "No s'hi ha eliminat res.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "invàlida"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "L'ID d'usuari «%s» està revocat."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "L'ID d'usuari «%s» està revocat."
 msgstr[1] "L'ID d'usuari «%s» està revocat."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "l'ID d'usuari «%s» ja està revocat\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "l'ID d'usuari «%s» ja està revocat\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5304,43 +5200,43 @@ msgstr ""
 "AVÍS: Aquesta és una clau d'estil PGP 2.x. Afegir un revocador designat pot\n"
 "fer que algunes versions de PGP rebutjen aquesta clau.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "No podeu afegir un revocador designat a una clau d'estil PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Introduïu l'ID d'usuari del revocador designat: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "no es pot nominar a una clau d'estil PGP 2.x com a revocador designat\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "no podeu nominar una clau com el seu propi revocador designat\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "no podeu nominar una clau com el seu propi revocador designat\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "AVÍS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Esteu segur que voleu nominar aquesta clau com a revocador designat? (s/N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5348,269 +5244,274 @@ msgid ""
 msgstr ""
 "Esteu segur que voleu nominar aquesta clau com a revocador designat? (s/N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "S'està canviant la data de caducitat per a una clau secundària.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "S'està canviant la data de caducitat per a una clau primària.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "No podeu canviar la data de caducitat de les claus v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "S'està canviant la data de caducitat per a una clau secundària.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "S'està canviant la data de caducitat per a una clau primària.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr ""
 "AVÍS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Heu de seleccionar exactament un ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "es descarta l'autosignatura v3 en l'id d'usuari «%s»\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Notació de signatura: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Voleu sobreescriure? (s/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "No hi ha cap ID amb l'índex %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "No hi ha cap ID amb l'índex %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "No hi ha cap ID amb l'índex %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "No hi ha cap ID amb l'índex %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID d'usuari: «"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr ""
 "»\n"
 "signat amb la vostra clau %08lX el %s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (no-exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Aquesta signatura va caducar el %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Esteu segur de que encara voleu revocarla? (s/N) "
 
 # (s/N) ivb
 # S! jm
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Voleu crear un certificat de revocació per a aquesta signatura? (s/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Heu signat els següents ID d'usuari:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (no-exportable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   revocat per %08lX el %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Esteu a punt de revocar aquestes signatures:\n"
 
 # (s/N)?  ivb
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Realment voleu crear els certificats de revocació? (s/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "ho hi ha clau secreta\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "l'ID d'usuari «%s» ja està revocat\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "AVÍS: una signatura d'ID d'usuari està datada %d segons en el futur\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "No podeu esborrar l'últim ID d'usuari!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "l'ID d'usuari «%s» ja està revocat\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "l'ID d'usuari «%s» ja està revocat\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "S'està mostrant el photo ID %s de mida %ld per a la clau 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "opcions d'importació no vàlides\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "la preferència %c%lu és duplicada\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "hi ha massa preferències «%c»\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "hi ha massa preferències «%c»\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "hi ha massa preferències «%c»\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "hi ha massa preferències «%c»\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "s'està escrivint una signatura directa\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "s'està escrivint l'autosignatura\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "s'està escrivint la signatura de comprovació de la clau\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "la mida de la clau és invàlida; s'hi usaran %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "la mida de la clau ha estat arrodonida fins a %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "xifra dades"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5624,169 +5525,180 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr ""
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA i ElGamal (predeterminat)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA i ElGamal (predeterminat)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (només signar)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (només signar)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (només xifrar)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (només signar)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA i ElGamal (predeterminat)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (signar i xifrar)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (predeterminat)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (només signar)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (només signar)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Notació de signatura: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "No hi ha cap ID amb l'índex %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: error en llegir el registre lliure: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "desactiva una clau"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "arrodonida fins a %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Quina grandària voleu? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "La grandària sol·licitada és %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Seleccioneu quin tipus de clau voleu:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5802,7 +5714,7 @@ msgstr ""
 "      <n>m = la clau caduca als n mesos\n"
 "      <n>y = la clau caduca als n anys\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5818,42 +5730,42 @@ msgstr ""
 "      <n>m = la signatura caduca als n mesos\n"
 "      <n>y = la signatura caduca als n anys\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Indiqueu la validesa de la clau (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Indiqueu la validesa de la signatura (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "el valor no és vàlid\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s no caduca en absolut\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s no caduca en absolut\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s caduca el %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Aquesta signatura caduca el %s\n"
 
 # Amb «it» es refereix a les dates?  ivb
 # Això vaig entendre jo. jm
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5861,12 +5773,12 @@ msgstr ""
 "El vostre sistema no pot representar dates posteriors a l'any 2038.\n"
 "Tanmateix, les tractarà bé fins l'any 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "És correcte? (s/n)"
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5877,7 +5789,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5894,50 +5806,50 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nom i cognoms: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Hi ha un caràcter invàlid en el camp *nom*\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "El nom no pot començar amb un dígit\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "El nom ha de tenir, si més no, 5 caràcters\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Adreça electrònica: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "No és una adreça vàlida\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comentari: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Hi ha un caràcter invàlid en el camp *comentari*\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Esteu usant el joc de caràcters `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5948,7 +5860,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "No inclogueu l'adreça ni en el camp *nom* ni en el camp *comentari*\n"
 
@@ -5965,35 +5877,35 @@ msgstr "No inclogueu l'adreça ni en el camp *nom* ni en el camp *comentari*\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoXx"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Canvia (N)om, (C)omentari, (E)mail o (X) ix "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Canvia (N)om, (C)omentari, (E)mail o (O) d'acord / (X) ix"
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Canvia (N)om, (C)omentari, (E)mail o (X) ix "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Canvia (N)om, (C)omentari, (E)mail o (O) d'acord / (X) ix"
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Corregiu l'error primer\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -6005,13 +5917,13 @@ msgstr ""
 "nombres primers; açò dóna oportunitat al generador de nombres aleatoris\n"
 "d'aconseguir prou entropia.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "La generació de claus ha fallat: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -6019,70 +5931,70 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "«%s» ja està comprimida\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "Voleu crear la clau de tota manera? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "Voleu crear la clau de tota manera? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "La generació de claus ha estat cancel·lada.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr ""
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "s'està escrivint la clau pública a «%s»\n"
 
 # Potser no hi haja cap anell! ivb
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "no s'ha trobat cap anell públic escrivible: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "s'ha produït un error mentre s'escrivia l'anell públic «%s»: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "s'han creat i signat les claus pública i secreta.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -6092,7 +6004,7 @@ msgstr ""
 "\"--edit-key\" per a generar una clau secundària per a tal propòsit.\n"
 
 # Werner FIXME: Use ngettext. jm
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -6101,7 +6013,7 @@ msgstr ""
 "amb el rellotge)\n"
 
 # Werner FIXME: use ngettext. jm
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6109,52 +6021,52 @@ msgstr ""
 "la clau s'ha creat %lu segons en el futur (salt en el temps o problemes\n"
 "amb el rellotge)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "NOTA: crear subclaus per a claus v3 no és conforme amb OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Les parts secretes de la clau primària no estan disponibles.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Les parts secretes de la clau primària no estan disponibles.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Crear realment? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "mai       "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Política de signatura crítica: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Política de signatura: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notació de signatura crítica: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notació de signatura: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6162,7 +6074,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d signatures errònies\n"
 msgstr[1] "%d signatures errònies\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6170,57 +6082,57 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 signatura no comprovada a causa d'un error\n"
 msgstr[1] "1 signatura no comprovada a causa d'un error\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Anell"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Empremtes digital de la clau primària:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Empremta digital de la subclau:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Empremta digital de la clau primària:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Empremta digital de la subclau:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Empremta digital ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "s'està comprovant l'anell «%s»\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "s'han comprovat %lu claus (%lu signatures)\n"
 msgstr[1] "s'han comprovat %lu claus (%lu signatures)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, fuzzy, c-format
 #| msgid "\t%lu keys updated\n"
 msgid "%lu key cached"
@@ -6228,7 +6140,7 @@ msgid_plural "%lu keys cached"
 msgstr[0] "\t%lu clau actualitzades\n"
 msgstr[1] "\t%lu clau actualitzades\n"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6238,472 +6150,480 @@ msgstr[1] "1 signatura errònia\n"
 
 # Fitxer indi fins final.  Hau!  ivb
 # Grrr. Com em tracten els esclaus ja... jm
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: s'ha creat l'anell\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "la URL de política de signatura donada no és vàlida\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr ""
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, fuzzy, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "%s: no és un ID vàlid\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "s'està sol·licitant la clau %08lX de %s\n"
 msgstr[1] "s'està sol·licitant la clau %08lX de %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "no s'ha trobat la clau «%s»: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "s'està sol·licitant la clau %08lX de %s\n"
 
 # «del servidor», «en el servidor»?  ivb
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "error de servidor de claus"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "es descarta «%s»: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr "s'està sol·licitant la clau %08lX de %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "s'està sol·licitant la clau %08lX de %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "mida extranya per a una clau de sessió xifrada (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "clau de sessió xifrada amb %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "xifrat amb l'algoritme %d (desconegut)\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "xifrat amb l'algoritme %d (desconegut)\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "la clau pública és %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "dades xifrades amb clau pública: bona clau de xifratge (DEK)\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "xifrat amb una clau %2$s de %1$u bits, ID %3$08lX, creada en %4$s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr ""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "xifrat amb una clau %s, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "ha fallat el desxifratge amb la clau pública: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "xifrat amb %lu contrasenyes\n"
 
 # FIXME WK: Use ngettext
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "xifrat amb 1 contrasenya\n"
 
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "ha fallat el desxifratge amb la clau pública: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "dades xifrades amb clau pública: bona clau de xifratge (DEK)\n"
+
 # I no serà «dades xifrades amb %s»?  ivb
 # Sembla que sí, ho marque per a mirar-ho més endavant. jm
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "s'assumeixen dades xifrades amb %s\n"
 
 # L'optimístic és aquell que té una Fe Cega en que Tot Anirà Bé!  ivb
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "El xifratge IDEA no està disponible, s'intentarà utilitzar optimistament %s "
 "en el seu lloc\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "AVÍS: el missatge no tenia protecció d'integritat\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "ha fallat el desxifratge: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "desxifratge correcte\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "AVÍS: el missatge xifrat ha estat manipulat!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "ha fallat el desxifratge: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "NOTA: el remitent ha sol·licitat \"alt secret\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nom del fitxer original='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revocació autònoma: useu \"gpg --import\" per a aplicar-la\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Signatura correcta de \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Signatura INCORRECTA de \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Signatura caducada de \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Signatura correcta de \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "s'ha eliminat la verificació de signatura\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "no es poden tractar aquestes signatures múltiples\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Aquesta signatura va caducar el %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "              alias \""
 
 # «%.*s» no serà una data?  Caldrà «el» al davant.  ivb
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signatura creada el %.*s usant una clau %s ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "              alias \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "La clau és disponible en: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[incert]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "              alias \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "AVÍS: Aquesta clau no ve certificada per una signatura de confiança!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Aquesta signatura va caducar el %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Aquesta signatura caduca el %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binari"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "mode text"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "desconeguda"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "l'algoritme de clau pública és desconegut"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "No s'ha pogut comprovar la signatura: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "no és una signatura separada\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "AVÍS: s'han detectat múltiples signatures. Només es comprovarà la primera.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "signatura autònoma de classe 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "signatura de l'estil antic (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "ha fallat l'actualització de la base de dades de confiança: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "no es pot treballar amb l'algoritme de clau pública %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "l'algoritme de xifratge no és implementat"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "error de lectura: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "error de lectura: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: l'opció «%s» està desaconsellada.\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "si us plau, utilitzeu «%s%s» en el seu lloc\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "AVÍS: %s és una opció desaconsellada.\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6712,7 +6632,7 @@ msgstr "AVÍS: %s és una opció desaconsellada.\n"
 # Gènere?  Nombre?  Passat, futur?  ivb
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "No comprimit"
 
@@ -6720,37 +6640,32 @@ msgstr "No comprimit"
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "No comprimit"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "aquest missatge pot no ser usable per %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "s'estan llegint opcions de «%s»\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "la classe de signatura és desconeguda"
@@ -6776,94 +6691,84 @@ msgid "Enter new filename"
 msgstr "Introduïu el nou nom del fitxer"
 
 # Indi?  ivb
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "s'està escrivint en stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "s'asumeix que hi ha dades signades en «%s»\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "no es pot treballar amb l'algoritme de clau pública %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "AVÍS: la clau de sessió pot estar xifrada simètricament de forma insegura\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notació de signatura crítica: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "el subpaquet de tipus %d té el bit crític activat\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "canvia la contrasenya"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Introduïu la contrasenya\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "s'ha cancel·lat per l'usuari\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (ID de la clau principal %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Realment voleu eliminar les claus seleccionades? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Realment voleu eliminar les claus seleccionades? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6873,7 +6778,7 @@ msgid ""
 "%s"
 msgstr "clau %2$s de %1$u bits, ID %3$08lX, creada en %4$s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6888,35 +6793,83 @@ msgstr ""
 "molt gran!\n"
 "Es recomana una imatge amb una mida aproximada de 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Introduïu el nom del fitxer JPEG per al photo ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "No s'ha pogut obrir la foto «%s»: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "«%s» no és un fitxer JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "És aquesta foto correcta (s/N/x)? "
 
-#: g10/photoid.c:399
+# Execució de programes remots, o execució remota de programes? jm
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "no hi ha suport per a l'execució remota de programes\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"aquesta plataforma necessita fitxers temporals quan es crida a programes "
+"externs\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "no s'ha pogut executar %s «%s»: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "s'ha produït una eixida no natural del programa extern\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "s'ha produït un error del sistema en cridar el programa extern: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVÍS: no s'ha pogut eliminar el directori temporal «%s»: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"les crides a programes externs estan inhabilitades per tindre el fitxer "
+"d'opcions permissos insegurs\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "no s'ha pogut mostrar el photo ID!\n"
@@ -6931,109 +6884,109 @@ msgstr "no s'ha pogut mostrar el photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMxXoO"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "No hi ha cap valor de confiança assignat a:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr ""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = No ho sé\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = NO confie\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Hi confie absolutament\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = torna al menú principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " o = omet aquesta clau\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " x = ix\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "La vostra decisió? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Realment voleu assignar confiança absoluta a aquesta clau? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificats que duen a una clau de confiança absoluta:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Aquesta clau pertany probablement al seu propietari\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Aquesta clau és nostra\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 "No s'han trobat certificats amb confiança no definida.\n"
 "\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -7045,7 +6998,7 @@ msgstr ""
 "«sí» a la següent pregunta\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -7057,146 +7010,161 @@ msgstr ""
 "«sí» a la següent pregunta\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Voleu usar de tota manera aquesta clau?"
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "AVÍS: S'està usant una clau no fiable!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, fuzzy, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "AVÍS: la clau %08lX pot estar revocada: la clau de revocació %08lX no està "
 "present.\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "ID d'usuari: «"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "clau %08lX: no correspon a la nostra còpia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: g10/pkclist.c:696
 #, fuzzy, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "AVÍS: Aquesta clau ha estat revocada pel propietari!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "AVÍS: Aquesta clau ha estat revocada pel propietari!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "      Açò podria significar que la signatura és falsificada.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "AVÍS: Aquesta subclau ha estat revocada pel propietari!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: Aquesta clau ha estat desactivada.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Nota: La clau ha caducat!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "AVÍS: Aquesta clau no ve certificada per una signatura de confiança!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "AVÍS: Aquesta clau no ve certificada per una signatura de confiança!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "    No hi ha res que indique que la signatura pertany al seu propietari.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "AVÍS: La clau NO és de confiança!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "          Probablement la signatura és FALSA.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr "AVÍS: Aquesta clau no ve certificada per signatures prou fiables!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr "AVÍS: Aquesta clau no ve certificada per signatures prou fiables!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "No és segur que la signatura pertanya al seu propietari.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: es descarta: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: es descarta: la clau pública està desactivada\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: es descarta: la clau pública ja està present\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "no s'ha pogut connectar amb «%s»: %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "No heu especificat un ID d'usuari. (podeu usar «-r»)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7204,40 +7172,40 @@ msgstr ""
 "\n"
 "Introduïu l'ID d'usuari. Finalitzeu amb una línia en blanc: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Usuari inexistent.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "es descarta: la clau pública ja s'ha especificat com a destinatari\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "La clau pública està desactivada.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "es descarta: la clau pública ja està establida\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "no hi ha adreces vàlides\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "clau %08lX: sense ID\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "clau %08lX: sense ID\n"
@@ -7249,80 +7217,85 @@ msgstr "les dades no s'han desat; useu l'opció \"--output\" per desar-les\n"
 
 # Indi? ivb
 # Em pense que no. jm
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Signatura separada.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Introduïu el nom del fitxer de dades: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "s'està llegint d'stdin...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "no hi ha dades signades\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "no s'han pogut obrir les dades signades `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "no s'han pogut obrir les dades signades `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "clau %08lX: sense ID\n"
 
 # Indi? ivb
 # Yeh... jm
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "el destinatari és anònim; es provarà la clau secreta %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "clau %08lX: sense ID\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "d'acord, som el destinatari anònim.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "la codificació antiga del DEK no està suportada\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "l'algoritme de xifratge %d%s és desconegut o està desactivat\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTA: no s'ha trobat l'algoritme de xifratge %d en les preferències\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTA: la clau secreta %08lX caduca el %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "NOTA: aquesta clau ha estat revocada!"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "ha fallat build_packet: %s\n"
@@ -7340,48 +7313,48 @@ msgstr "A ser revocada per:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Aquesta és una clau de revocació sensible)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "La clau secreta està disponible.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "s'ha forçat l'eixida d'armadura ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "ha fallat make_keysig_packet: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "no s'han ttrobat claus de revocació per a «%s»\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7390,20 +7363,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
@@ -7416,18 +7389,18 @@ msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7446,39 +7419,39 @@ msgstr ""
 "d'impressió de la vostra màquina podria emmagatzemar les dades i fer-les\n"
 "disponibles a altres!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Seleccioneu la raó de la revocació:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancel·la"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Segurament voleu seleccionar %d ací)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "Introduïu una descripció opcional; finalitzeu amb una línia en blanc:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Raó de la revocació: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(No es va donar una descripció)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "És açò correcte? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "s'hi ha creat una clau feble - reintent\n"
@@ -7491,56 +7464,51 @@ msgstr ""
 "no s'ha pogut evitar una clau feble per a xifratge simètric;\n"
 "hi ha hagut %d intents!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVÍS: conflicte de signatures digest en el missatge\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "AVÍS: conflicte de signatures digest en el missatge\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = mostra més informació\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVÍS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "la clau pública %08lX és %lu segons anterior a la signatura\n"
 msgstr[1] "la clau pública %08lX és %lu segons anterior a la signatura\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7548,7 +7516,7 @@ msgstr[0] "la clau pública %08lX és %lu segons anterior a la signatura\n"
 msgstr[1] "la clau pública %08lX és %lu segons anterior a la signatura\n"
 
 # Werner FIXME: Use ngettext. jm
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7562,7 +7530,7 @@ msgstr[1] ""
 "amb el rellotge)\n"
 
 # Werner FIXME: Use ngettext. jm
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7574,56 +7542,56 @@ msgstr[1] ""
 "la clau s'ha creat %lu segon en el futur (salt en el temps o problemes\n"
 "amb el rellotge)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTA: la clau de signatura %08lX va caducar el %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: aquesta clau ha estat revocada!"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "signatura autònoma de classe 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "signatura autònoma de classe 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "es supossa una signatura incorrecta de la clau %08lX a causa d'un bit crític "
 "desconegut\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "clau %08lX: no hi ha una subclau per al paquet de la subclau de revocació\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr ""
 "clau %08lX: no hi ha una subclau per a la signatura de l'enllaç de la "
 "subclau\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVÍS: no s'ha pogut %%-expandir la notació (massa gran). S'utilitza no "
 "expandida.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7631,7 +7599,7 @@ msgstr ""
 "AVÍS: no s'ha pogut %%-expandir l'url de política (massa gran). S'utilitza "
 "no expandida.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7640,53 +7608,54 @@ msgstr ""
 "AVÍS: no s'ha pogut %%-expandir l'url de política (massa gran). S'utilitza "
 "no expandida.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s signatura de: «%s»\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "forçar l'algoritme de digest %s (%d) viola les preferències del destinatari\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signatura:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "s'utilitzarà xifratge %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "la clau no està marcada com a insegura - no es pot utilitzar amb el GNA "
 "fals!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "es descarta «%s»: duplicat\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "es descarta: la clau secreta ja és present\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "es descarta «%s»: és una clau ElGamal generada per PGP que no és segura per "
 "a signatures!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "registre de confiança %lu, tipus %d: no s'ha pogut escriure: %s\n"
@@ -7700,46 +7669,46 @@ msgstr ""
 "# Llista de valors de confiança assignats, creat el %s\n"
 "# (Utilitzeu «gpg --import-ownertrust» per a restaurar-les)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "la línia és massa llarga\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "importa els valors de confiança"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "error en trobar el registre de confiança: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "error de lectura: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de dades de confiança: no s'ha pogut sincronitzar: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "no es pot crear el directori «%s»: %s\n"
@@ -7749,12 +7718,12 @@ msgstr "no es pot crear el directori «%s»: %s\n"
 msgid "can't lock '%s'\n"
 msgstr "no s'ha pogut obrir «%s»\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "reg de la base de dades de confiança %lu: ha fallat lseek: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
@@ -7772,7 +7741,7 @@ msgid "%s: directory does not exist!\n"
 msgstr "%s: el directori no existeix!\n"
 
 # No em passe! ;)  ivb
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "no s'ha pogut tancar «%s»: %s\n"
@@ -7814,7 +7783,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: error en actualitzar el registre de la versió: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: error en llegir el registre de la versió: %s\n"
@@ -7824,52 +7793,52 @@ msgstr "%s: error en llegir el registre de la versió: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: error en escriure el registre de la versió: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de dades de confiança: ha fallat lseek: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s no és un fitxer de base de dades de confiança\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: registre de versió amb número de registre %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: la versió de fitxer %d és invàlida\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: error en llegir el registre lliure: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: error en escriure el registre de directoris: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: no s'ha pogut posar a zero un registre: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: no s'ha pogut afegir un registre: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: s'ha creat la base de dades de confiança\n"
@@ -7916,10 +7885,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
@@ -7941,7 +7910,7 @@ msgstr "%s: error en escriure el registre de directoris: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
@@ -8113,112 +8082,112 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
 # Werner FIXME: use ngettext. jm
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "S'han esborrat %d signatures.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "xifrat amb %lu contrasenyes\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Política: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8235,124 +8204,124 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "«%s» no és un ID de clau llarg vàlid\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "clau %08lX: s'accepta com a clau fiable\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr ""
 "la clau %08lX apareix més d'una vegada en la base de dades de confiança\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "clau %08lX: no hi ha una clau pública per a la clau fiable - es descarta\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "s'ha marcat la clau com a de confiança absoluta.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "registre de confiança %lu, tipus %d: no s'ha pogut llegir: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "el registre de confiança %lu no és del tipus demanat %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr ""
 "no és necessària una comprovació de la base de dades de confiança\n"
 "\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "la pròxima comprovació de la base de dades de confiança serà el %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 "no és necessària una comprovació de la base de dades de confiança\n"
 "\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "no és necessària una comprovació de la base de dades de confiança\n"
 "\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "no s'ha trobat la clau pública %08lX: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "si us plau, feu un --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "s'està comprovant la base de dades de confiança\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "fins ara s'han processat %lu claus\n"
 msgstr[1] "fins ara s'han processat %lu claus\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8360,46 +8329,46 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "s'han processat %d claus (s'han netejat %d comptes de validesa)\n"
 msgstr[1] "s'han processat %d claus (s'han netejat %d comptes de validesa)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "no s'han trobat claus amb confiança absoluta\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr ""
 "no s'ha trobat la clau pública de la clau amb confiança absoluta %08lX\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "registre de confiança %lu, tipus %d: no s'ha pogut escriure: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "mai       "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8411,43 +8380,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[revocada]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[caducada]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "desconeguda"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "mai       "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8473,20 +8442,31 @@ msgstr "la línia d'entrada %u és massa llarga o hi falta un fí de línia\n"
 msgid "can't open fd %d: %s\n"
 msgstr "no s'ha pogut obrir «%s»: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "AVÍS: el missatge no tenia protecció d'integritat\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "s'estan llegint opcions de «%s»\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8496,129 +8476,225 @@ msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "canvia la contrasenya"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "canvia la contrasenya"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "canvia la contrasenya"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "«%s» ja està comprimida\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "genera un nou parell de claus"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "genera un nou parell de claus"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "elimina claus de l'anell públic"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "La generació de claus ha fallat: %s\n"
+msgstr[1] "La generació de claus ha fallat: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "canvia la contrasenya"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Seleccioneu la raó de la revocació:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "canvia la contrasenya"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Nota: Aquesta clau ha estat desactivada.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "canvia la contrasenya"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Seleccioneu la raó de la revocació:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "elimina claus de l'anell públic"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
@@ -8626,43 +8702,43 @@ msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "canvia la contrasenya"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "l'enviament al servidor de claus ha fallat: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8670,22 +8746,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "canvia la contrasenya"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Seleccioneu la raó de la revocació:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8693,124 +8769,82 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "canvia la contrasenya"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "canvia la contrasenya"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "«%s» ja està comprimida\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "genera un nou parell de claus"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "genera un nou parell de claus"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
-
 # Ídem.  ivb
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "l'URI no és suportada"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "La generació de claus ha fallat: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "La generació de claus ha fallat: %s\n"
-msgstr[1] "La generació de claus ha fallat: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "signatura %s, algorisme de resum %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr ""
@@ -8823,102 +8857,100 @@ msgstr "canvia la contrasenya"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 #, fuzzy
 msgid "|N|Initial New PIN"
 msgstr "Introduïu el nom d'usuari: "
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NOM|usa NOM com a destinatari predeterminat"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NOM|usa NOM com a destinatari predeterminat"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "no usa el terminal en absolut"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "les ordres entren en conflicte\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "ajuda"
@@ -8952,7 +8984,7 @@ msgstr "s'està escrivint la clau secreta a «%s»\n"
 msgid "certificate policy not allowed"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
@@ -8967,7 +8999,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8988,207 +9020,207 @@ msgstr "error en la creació de la contrasenya: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "NOTA: aquesta clau ha estat revocada!"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, fuzzy, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "problema en la lectura del certificat: %s\n"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, fuzzy, c-format
 msgid "certificate not yet valid"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 #, fuzzy
 msgid "intermediate certificate not yet valid"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "problema en la lectura del certificat: %s\n"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "problema en la lectura del certificat: %s\n"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "problema en la lectura del certificat: %s\n"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "problema en la lectura del certificat: %s\n"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "        signatures noves: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "Empremta digital:"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, fuzzy, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 "No s'han trobat certificats amb confiança no definida.\n"
 "\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "Certificat correcte"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, fuzzy, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 "No s'han trobat certificats amb confiança no definida.\n"
 "\n"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, fuzzy, c-format
 msgid "certificate chain too long\n"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, fuzzy, c-format
 msgid "issuer certificate not found"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verifica una signatura"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "certificat duplicat: esborrat"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr ""
 "No s'han trobat certificats amb confiança no definida.\n"
 "\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
@@ -9197,37 +9229,37 @@ msgstr ""
 # Probablement és una clau, femení. jm
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "no forçat"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "no"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "error: l'empremta digital és invàlida\n"
@@ -9243,7 +9275,7 @@ msgstr "error: l'empremta digital és invàlida\n"
 # Se't passava l'argument «*».  printf(3), hieroglyph(7).  ivb
 # Ah!  Prova-ho, no casque alguna cosa :P  ivb
 # Ah, ja veig! Moltes gràcies! Aquest msgstr ha quedat curiós :) jm
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9256,177 +9288,188 @@ msgstr ""
 "«%2$.*1$s»\n"
 "clau %4$s de %3$u bits, ID %5$08lX, creada en %6$s%7$s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "bad certificate"
+msgid "looking for another certificate\n"
+msgstr "el certificat és incorrecte"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "No és una adreça vàlida\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "clau %08lX: l'enllaç de subclau és invàlid\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "error en crear l'anell «%s»: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "La generació de claus ha fallat: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (signar i xifrar)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (només signar)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (només xifrar)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(No es va donar una descripció)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
@@ -9436,264 +9479,258 @@ msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "l'algoritme de dispersió és invàlid «%s»\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Adreça electrònica: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Introduïu l'ID d'usuari. Finalitzeu amb una línia en blanc: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Introduïu el nou nom del fitxer"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr ""
 "Introduïu una descripció opcional; finalitzeu amb una línia en blanc:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 #, fuzzy
 msgid "Enter URIs"
 msgstr "Introduïu el nom d'usuari: "
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "error en la creació de la contrasenya: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "dades xifrades amb %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "xifrat amb una clau %s, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "certificat duplicat: esborrat"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificat duplicat: esborrat"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(No es va donar una descripció)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "llista claus secretes"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "Certificat de revocació vàlid"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "Certificat correcte"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "Certificat correcte"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "no usa el terminal en absolut"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "crea eixida amb armadura ascii"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NOM|usa NOM com a clau secreta predeterminada"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "afegeix aquest anell a la llista"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|usa aquest servidor per a cercar claus"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NOM|usa l'algoritme de xifratge NOM per a les contrasenyes"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NOM|usa l'algoritme de xifratge NOM"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NOM|usa l'algoritme de resum de missatges NOM"
 
 # Mode desatès (SC)  ivb
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "mode desatès: no pregunta mai"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "suposa «sí» en la majoria de les preguntes"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "suposa «no» en la majoria de les preguntes"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9704,88 +9741,123 @@ msgstr ""
 "signa, comprova, xifra o desxifra\n"
 "l'operació predeterminada depén de les dades introduïdes\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "no s'ha pogut connectar amb «%s»: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = omet aquesta clau\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
 # No em passe! ;)  ivb
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "no s'ha pogut tancar «%s»: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Nombre total processat: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "Certificat correcte"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? hi ha problemes en la comprovació de la revocació: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9794,17 +9866,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9815,14 +9887,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9830,53 +9902,59 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "l'algoritme de protecció %d%s no està suportat\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
 
-#: sm/verify.c:463
+# «%.*s» no serà una data?  Caldrà «el» al davant.  ivb
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Signatura creada el %.*s usant una clau %s ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Aquesta signatura va caducar el %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "armadura: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Signatura correcta de \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "              alias \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9903,101 +9981,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificat duplicat: esborrat"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certificat duplicat: esborrat"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificat duplicat: esborrat"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "Empremta digital:"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "Certificat invàlid"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "Certificat de revocació vàlid"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "Certificat correcte"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "error en crear «%s»: %s\n"
@@ -10527,66 +10605,66 @@ msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "S'ha creat el certificat de revocació.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "bad certificate"
 msgid "validate a certificate"
 msgstr "el certificat és incorrecte"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "bad certificate"
 msgid "lookup a certificate"
 msgstr "el certificat és incorrecte"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "Certificat invàlid"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "Certificat correcte"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Introduïu l'ID d'usuari del revocador designat: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10594,70 +10672,70 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "no s'ha pogut connectar amb «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "ha fallat l'actualització: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "Certificat de revocació vàlid"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "NOTA: aquesta clau ha estat revocada!"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "no es pot fer stat de «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
@@ -10668,157 +10746,152 @@ msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
 # Precissament acabem de parlar d'«implementat a la llista del GNOME
 # i s'ha dit que és erroni, igual que «suportat» :) Les alternatives
 # encara no m'agraden massa... jm
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Algoritmes suportats:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|HOST|usa aquest servidor per a cercar claus"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10831,80 +10904,80 @@ msgstr ""
 "@\n"
 "(En la pàgina del man hi ha una llista completa d'ordres i d'opcions)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "forma d'ús: gpg [opcions] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s no és permés amb %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "no s'ha pogut crear l'armadura: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "la línia és massa llarga\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "error: l'empremta digital és invàlida\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "error de lectura: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
@@ -10913,49 +10986,239 @@ msgstr ""
 # Probablement és una clau, femení. jm
 # Werner FIXME: please add translator comment saying *what* is
 # uncompressed so we know the gender. jm
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 #| msgid "not forced"
 msgid "shutdown forced\n"
 msgstr "no forçat"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NOM|el joc de caràcters serà NOM"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NOM|usa NOM com a destinatari predeterminat"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "opcions d'importació no vàlides\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "s'està llegint des de «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "                sense ID: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          host '%s'\n"
+msgstr "                sense ID: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "              importades: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "AVÍS: esteu usant memòria insegura!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "no s'ha pogut llevar l'armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "«%s» no és un fitxer JPEG\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "hi ha massa preferències «%c»\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "s'està escrivint en «%s»\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error en la lectura de «%s»: %s\n"
@@ -10985,51 +11248,31 @@ msgstr "ha fallat l'actualització: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "s'està cercant «%s» al servidor HKP %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "«%s» no és un fitxer JPEG\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " o = omet aquesta clau\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -11118,92 +11361,92 @@ msgstr "no s'han pogut canviar els permissos de «%s»: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "error en crear «%s»: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "Certificat de revocació vàlid"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "Certificat correcte"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "no hi ha anell secret predeterminat: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "error en la creació de la contrasenya: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "NOTA: aquesta clau ha estat revocada!"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11213,68 +11456,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: no s'ha pogut crear la taula de dispersió: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11320,251 +11567,269 @@ msgstr "Certificat de revocació vàlid"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "ix"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FITXER|carrega el mòdul d'extensió especificat"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "la línia és massa llarga\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "Ha fallat el procés de signatura: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "error mentre s'enviava a «%s»: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "la clau pública és %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "error de la xarxa"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "la contrasenya és errònia"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "no s'ha trobat la clau pública"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Useu l'ordre «toggle» abans.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "error en la lectura de «%s»: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "actualitza la base de dades de confiança"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "fitxer d'eixida"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "no s'ha trobat la clau pública"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr ""
 
@@ -11579,117 +11844,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forçar el xifrat asimètric %s (%d) viola les preferències del "
-#~ "destinatari\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "%s: error en escriure el registre de directoris: %s\n"
+msgid "authenticate to the card"
+msgstr "S'ha creat el certificat de revocació.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "cerca claus en un servidor de claus"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NOM|usa NOM com a destinatari predeterminat"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Voleu eixir sense desar? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "canvia la data de caducitat"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "s'està sol·licitant la clau %08lX de %s\n"
+msgid "read a certificate from a data object"
+msgstr "S'ha creat el certificat de revocació.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(No es va donar una descripció)\n"
+msgid "store a certificate to a data object"
+msgstr "S'ha creat el certificat de revocació.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr ""
-#~ "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "canvia la contrasenya"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NOM|el joc de caràcters serà NOM"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NOM|usa NOM com a destinatari predeterminat"
+#~ msgid "use a log file for the server"
+#~ msgstr "cerca claus en un servidor de claus"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+#~ msgid "read error"
+#~ msgstr "error de lectura"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "opcions d'importació no vàlides\n"
+#~ msgid "keyword too long"
+#~ msgstr "la línia és massa llarga\n"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+#~ msgid "missing argument"
+#~ msgstr "l'argument és invàlid"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "l'armadura és invàlida"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "les ordres entren en conflicte\n"
+
+#, fuzzy
+#~ msgid "invalid alias definition"
+#~ msgstr "opcions d'importació no vàlides\n"
 
+# Gènere?  Nombre?  Passat, futur?  ivb
+# Probablement és una clau, femení. jm
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+#~ msgid "out of core"
+#~ msgstr "no forçat"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "s'està llegint des de «%s»\n"
+#~ msgid "invalid meta command"
+#~ msgstr "les ordres entren en conflicte\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "                sense ID: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "el destinatari predeterminat és desconegut «%s»\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "              alias \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "dades inesperades"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          host '%s'\n"
-#~ msgstr "                sense ID: %lu\n"
+#~ msgid "invalid option"
+#~ msgstr "opcions d'importació no vàlides\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "              importades: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "L'ordre no és vàlida (proveu «help»)\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "              alias \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opcions d'importació no vàlides\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "              alias \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTA: no existeix el fitxer d'opcions predeterminades «%s»\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(No es va donar una descripció)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "fitxer d'opcions «%s»: %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "AVÍS: esteu usant memòria insegura!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "no podeu usar %s mentre esteu en mode %s\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "no s'ha pogut crear l'armadura: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "no s'ha pogut executar %s «%s»: %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "no s'ha pogut executar el programa extern\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "no s'ha pogut llegir la resposta del programa extern: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "no s'ha pogut crear l'armadura: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA i ElGamal (predeterminat)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "no s'ha pogut llevar l'armadura: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Voleu eixir sense desar? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11738,8 +12075,8 @@ msgstr ""
 #~ msgstr "no s'ha pogut obrir %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "error en la lectura de «%s»: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11798,12 +12135,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr "error en la creació de la contrasenya: %s\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "no podeu usar %s mentre esteu en mode %s\n"
-
 #~ msgid "male"
 #~ msgstr "home"
 
@@ -13149,9 +13480,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "esborra signatures"
 
-#~ msgid "change the expire date"
-#~ msgstr "canvia la data de caducitat"
-
 #~ msgid "set preference list"
 #~ msgstr "estableix la llista de preferències"
 
@@ -13346,9 +13674,6 @@ msgstr ""
 #~ "NOTA: s'ha detectat una clau primària Elgamal - açò pot trigar un temps "
 #~ "en importar-se\n"
 
-#~ msgid " (default)"
-#~ msgstr " (predeterminat)"
-
 #~ msgid "q"
 #~ msgstr "q"
 
@@ -13624,9 +13949,6 @@ msgstr ""
 #~ msgid "error: no ownertrust value\n"
 #~ msgstr "error: no hi ha cap valor de confiança\n"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (signar i xifrar)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/cs.gmo b/po/cs.gmo
index 3ef8be915db653cfebda89a2facd19cb3adc2444..e3df0650584c15f1f1151b40323f313ad6009c84 100644
GIT binary patch
delta 48617
zcmZ791$b0P-}mv81V|uA0>KF^?(Uu-A-KD{yB0fGad#>1(Bke6#hv0%tWeyY=lk0k
z?yK*+*R%c1%$YOtpP93pz|FH@TI|;&V!OBEMw#aDDjeWA$?$Es<M;(S&dH%Fb)3J}
zI!;!+iiOdCo#O=fI8I4SNWQ{)$N3XmU_8vW!Eq8{2~3LhF$MOv`5CBwHe!h5xXxKy
z@Bnjh!FQwgf|D0hlP_oUolrLpwJxybyD={1=WYIhz5W^1Ucya|lV9zi@<Xr`ZpLi%
z?|ddvmV%6%O~vjQLVh)>!+l6VoSUc_Keqa8ah$~D6Qk<owpOurL`7mWroqLw{FwCt
z2GhUeyVY?rV+f|hFx1RjV@w=_@o^?9lxuAHX$&HN9b@5BOn{$J0}9?|I?jf=zdGuA
zTU0-T&`m;OIf*QI05#JWs0O~EZb-D<aZ+M-R6|u!_qDbTvCg$_!-QPFVDtZ4qwO#e
zNr`2+UT6pL*V+xCKpjs*b-d8#_n?;IxGleJ%fDg~$^&+q8J0$Ewsshd!>uz>5n6?5
zaVN&WyQm30-AVi_lZd^`jHnUjCBF<4;|)}(-eWQh-EC%G2-QGMOohEsYdjlOZ!c!T
z8}_>Y9>-}&J`)bZk*NBy+`XoQT&RZXqAK>sYIqG5p{)B%B*HKe`I@Mu>16Z2q9QfV
zx)GC;KZaHC5hlR``yD3-R>#=r4kHmtVhX0j_0|hmko-H$fY}e25!XTOl>wL@S7A~-
zj~du>RK)xbn(}N|f_ynFisLXpo<IiVI(~;ZIus;Fjkp@7!mg+_n~G|12Wo(KZMolJ
zQ!gW?rn~}bKwZ#-Gf_*i9Tl0&Hvg~92OQBRb(uX0ZIZmGnMPn5?2Ni`D#pW=sE&4{
z26`7&&pB%HX|1JD18t5Pz^}G^5r&c9kLl3&828h^laWLUtc2QhoiIC&M0L0gwbnOK
zYxu@qkIi#e11W|IeM3~Jd!cvcw)`?GqAySbj(gnnmml4X6x1f61_q-#oQ(x=59%C$
zK#e%g39}^mQ1u(22YaF(RMRmIF1GoNr~&UoJvXjnAihFv!fz*tzebwvq#1E})aGh~
z+LY7q8g4`_(fCtljpw5pIEs1jBUZ$$ryVB}`(bn+$2o*C$)7%Byp9^cKd8vPJwyD%
zNyIzrIIXZIPQYEr@;VjHIZiZPKW_$<1k;i)fYGrLYWKH6E#WZKURi=saU0ggJy;48
zTri)e^-&WT<&wxoVh5JR$5;h(Uo;PpVVIfxT1=1EQ6craWCoNRHNzqp56fZ@HbgC5
zC-leR7#qi<_QG6LJ$D}oZMt)q0slpH7;@RnC=9jsO;8~lff~Rv48i@V2wg_iyNPNq
z$`!L|lcOS(7d4=&m>b(719P3ZB=S(O6tm(r%!C1dna!9R^-QmgI#z8_kr;!D+(y(M
z`Wv-*e_#NnzG`-R7SvKzMMbE-E$@u6bpEH3P{)f<GdzoG@C7EonCw6uo7AX~MOy2k
zLfa0DV>i@9Heexqgz+)ebrYEasP-G9HupeGO8?GpBogB`R7lUGDn7yj8105xyW*&N
zm8@-00~~@$aTX@T%@_kup(64ZYH7ZrmN@lIldpiTLfD-|6kLQFz;aXwccC`TVa$&g
zQJXX7Eyu}+4N;MsiaJFHFbt#IHlL=YQENR83*vsvfnTr)X1PQBE0Ab=$K0?5!^nTf
zVp#mH*^C3RDEU<wf&X9}%>K7og5nrSz6@r;iKx);#^iVbRsS`{Lf?BPA9T+($H7B^
zLRJ#Bc9l>KjKa7$9~GGmm>Q3wHs!yl>)%iv1>HBBEIX=xNmPXDU>Y2bitK9CCf?+d
z&>G)Btx^03W>*(Mor3n55~rg=w+&VAF>0nk56zw^irNFUQRUrH6Iy^8;A+f^dr%X2
zi#iQ%qDSUgo&~kLOJg*wg{!b3row=K_(;Xfs8An5mB)H)HdPKxL%uF*<^!=bPQjdb
z6&2CICuaAj#3VZZ#Yt#a*F%M{2Pz^{P$N8vRCMm3I{bpFpZs65+Y6vNtb!@9B`&~U
zQ5~jxY9dnv6^S}F-`<;N{YQ{cgR@Z`ZNfx&220>SsD?5>Gn*zHwf0p}$FDi2#lGl|
z3s3`Jfgaq2s&^B$L~l{2F6cQ+LH|y167{e-Ho`sF07GAx8TZ9H<maNw-=peRf63<n
zuCZ=F5BV*a0k5DsbY7YAWT*ia#TZx`U0)JaNNB{>Q8R6gv2g$f<5*N==Ajzgj*8eN
zRQ(sI`=h=#Gfj+&U=B=%Wic3A*?b>+ecEf*Uk$CHKph;zY<LgVVB9z6^Ew@7CZ7vO
zU?Z%H4>3B1y)`o|hv~_;NAKptF!EP14<>nMj(26$(vE&d{0oveML{a`e{V*d3DrOu
z)PrXnDx@bc3%<pynDT?^urlh2)*H16H(@%wh?>|J)C3ZIG^e2is=ppC2{kyw792u#
z^a%4}&?oa#YXoXQzo3?2FRH=osL=X<HUm$L%I8C!^GH-gI$#J+#Z0&ov!i>FghmqO
zi<wb+)P<U;ioc>Z%{mOlZKxSuM(z6dm=TkGHA@hIDsPP%$T*C^`S$ul%t_w=o420p
z6eJOog2osNJ75&-i`v~Ts==X{09RrV?!$O^4g>K4YGAK$9tM9m5nE?{k6kD)^1}@D
z56sH`b54_(z=f}v0>?T&-ZlRn%aVU$^Lc!HoG|j;uqbZC>i7zaVQF7eJ`4wwKY&HB
zl%J1xDF<UE@>{VcMvLO(xb*KdAfXW6Kn)~XR3E1~PDc&sGwL%SNi-ktnifHAz9y(W
zFdlXP4%DW*Z?6aX`#67-FNhR5$@slZee$XKYOHo$bmNnlPa+X+My=Ut)RNr6IQR?$
z@EfXLv=~0#M|BERc`;0iWl#fZj@r}{FgNZ(?V*>bP5lwIWZ43JT<>Nm6zJo9kaR%p
z{voIttw!zQOQ?oFp*CyUm?j^I%J)F+ks0X0-Kf2B3yb4xdp%byAMbIjgPLIXSgwzE
zQw^d(Go4{wj@oQnQ6oQ%$?!6U;u~vlY#;BVG&}0SRR}fnwy23rM-T4B0W85CR6C7=
zSQ6~#lF(WXv97};<Zq!y{s}d+g2Bedn4SEuHoqAasq3io9W}0x_lcSWHPAe$`qeN8
z4#DKO(dwQjp-{a-t!>nJKHlS(92Jq&s8Hob)eFOvSOc|pdRfP!?q7uJcqi&J<SMG2
ze=sh7L`^6##5-WtpM)+%V05gD8gX;fr_>bGCYy(Pa4bj7;3{fQe8jq#Cccl;0S97r
z{1;VTJb{lh5@%smOqI~bxraTlm(G8kL_SVC3eI48ER@*C`@|ZK%AdlLm^g`f9yCNf
zsFtH<x*0uq0ks5gF$|+8_3?fyE{FQ?8H+7&Keobj$(RuRJL5=b5A4N)_zbmH=|fE<
z>Y$FzNYpXggL<Z4Lv1?W<R%h1F*o^!s0d9$-M0?a{zHt!kQ6@NpA#CQ_xFE2NoXx6
zqC&L{wZ_>!KHl$iRZ+XT7pmT3)F$1IHSi*;!;C4-gC!F8k#B=q+Kj1uoVHj5HQ;5a
z`j=91{#D^E1v(b~sZGaeQ27Yd=4+1HG+j^+sOk3l3d}(MFlvC$F&8FHW6CR`I_!=5
zFk6N?E$1*Czoc=^4Mo$MXLlFt8q^XzMQyUsbf%%QSk%XH`k<CzOM3GFx`kRApA5!O
z)M+S)9;{~b-R<?UsHIrplF&?Fp(@7CXhNGEBgmISjeHX3!(FIIyg}`i#F<RJ>ZnM~
z#>BWBQ{aA7MDAiy49U!zV>RrC?s*c$NR-ZEj@K|$#VuGC-=aDymeuUyKB%?(1NCS=
zi3;&cERHF%`FMZR(HO(XFTv9I02Rs1*-bySu@e0|qe!TuzpSZpm<k<GyLKLG#wStd
z`ZX59h@3v&Kad!V>UcLQq~B2YMdY%d4XE-NSOV{$);@J^A7_+e(UOE3c!Ap0+4Go+
z<xrbt9P0dUwfQfo8K=!_B3A<y;we}GkDwwLFQ57RuZm&h$D@|?3~E3L^7B1_{+-4o
z^rO>e)X1-)8Vo34B2gF>p^g}aTTx5)5%qw|U(gJADC+tV)VcRBWKKm<)E;Vw`EeR*
z0;kZ`vH40uyFFuJV?ERpYYb{&`%t_20XE0)*aw>xF$27ge{m{eaWu5X4~v;4i(A~B
zk^-m+G(pXL6>16J6zBXGAdxMMyZOJ?sFAe^H@kNRMkT)${ctzxk-Hy<;%z*P%}baW
zW-MvG0o6c#R`kQv_y;PY=Wr}WDP;ySsg!GOyhef6ENW>Jfs&|Q-^1qDU@G#rF&+9w
zm<Lrx)aERYiey(*=;xt6^)6x%-bW4K9X7@cWz2`$NY^H&Sm#++Vg@R1viY0Ve^5`r
zH>eMrsF7yVCP6)#^P)bc%cDAOj4`kaM#Fv>9fx2{bjOlV#aXC|t1u8ZqdtcBqxQxt
zR47xG_3<uQ1S-TXYBR1!9nY7jNR}#RA~6KDm$soEbk9(GDn@zlUU8l5BsA0ds0Yh1
z)Mi_Zv2hn_rYBG%zJsyw8J5H^s7G<}3T6VWQP;bnmTVAua4~8Ehft^NA55zApP-_7
zX6HhE=c|O;ge`6PRMbG$p(3;w^_)148t?<uri@a_?1@z9Azuphna~n7kin=3EV1SL
zv4qb5O%iIrQ`vkj7ehV6YoRt%7gWfWp+<fJHGog34nnG!&6NXFl5dV$nqN^%xD~ZG
z9-$`q4Ye0Ss&f7{gQO%B@<Ql~)ltW?7HR+!Pz@YLMdmtcATg?$r7M6s_f2hn9IB%&
zsQXW$KD_*@o6}MVHGwA8IsY1QKMHiiTvVtwp$D&^X7~{`z>pdyQdv=<ERQ;NZBX}5
zL*4&7>R6sZ@3BJ-FhfnVmujHyYg?1^uiZbL0=e8)*oK<%DO5-IPy=;p*)>L;ic+W!
zd!lAE(_Y_*n)xNvo(ZgNz6m8jZO)8X81uU%ije4zda$g+On3#=v2Pu7UQ?ild`8sX
zD2Iwj3rv9nP?4I8I{({I13HBo=s)&);<_e+c~SSd)k&zM?)Jh&)TUX33Go){_`OGc
z8V1%g1I>$yPy^Iv>xLTG64ajBgSqi0YVCvT`#513iP~GEkO;ZX0TNoHkEqR+xq;bK
z^-v)nidxI17!^;TW_AuWz^AAgM`>tGgc?W|)C?m~18s$cus<qtTfNsge`jrlm)2;F
z%nivfE){d38Y+$2BP~%K^g^xuL|eWQwS<RIGyfMgp%jhH(o{k{fZCx3G#(4kzq5pd
zj?+z4C<B|AO;QxK7s{jdNG}Y>ji@K)J5*?sH#H5`M4f{6sDTVY)mw?${pV2w_>PKT
zs%G~57bT(1(*X4#>Vx_Wn2uV4MW~q{Le2aVDugdk_XRXJOPI!58`aTh)T4O~YL8vE
zzCqm|)PnP`HO$z;%sd=5gYKvij<)%w)?KI$FQ5kW0(HOB(lnR|b*^)w_DmzxgodFu
z<s#I;_G2VIXz7|6Wou>DG7_}}?NJTSMeX{{s7TyKMaHMK`JprxD#Qs;OH~}T=Iu}e
zn1wn`dr<>>fod;V8xxrbmxLPbggU1aQ6t@t8o(XYT7E=@FhyG*$Ad*sYuXUi(I`~?
zwWt{$MMdymR0N{6GXqV78bC$VXNudKgm&X^s3+A1)Op{H+WqHIOY#6?;#bsZh~C~b
zoDns!GN=Yypm#vlwWtAILe=|(ig1Ds-if<TBnb}%?NBoxgX&-vDrCn|yZi&{oM-E3
zW?BL@vwEn|_d(TPjC!7&wb%VRnZ1z`6_G-yO<5CD>GOX833a#tJ-81Q+PkO$#p-O1
zXBO0XuZLRW0jQ<<9W{UpsD{6zmNZ=#Q!f&=+k2x1FcB4z)#&~6|1%`CtKTAzL?@`L
zS)&M4$hx3z7>DX$J*va2sLdCpn;CdkR0ow%_1mH*HV#$q51YS?8u)v3wPvB+ZAj5W
zz8-4r`=Qo;JZepsqMmFgZ2pJMr|n@ntc!X+3_xwh8L0c#q6aUbBKRIvFL6)Kzt%K&
zPc!2()~=|T&p{7vLp69671~#*T^z5Mxn2}C(?+P74Mfd&DXQLS)O{aOdnQS5lP}Pl
z^RKn3M}d~0JL(utK<$Bjw&GKJJ$4_{VJ1|A<xwH;i0XJG>f7#G)DqlBwG;4*8DJjt
zkgtK7P*0bHcWqIdZ9S@?v#5qY*z&l2%|LUaIxdIW10B#CYE)>~q9SqLUVn{hFSMU&
zuM{e>jnRAl`;$<|3vGpcs1B~9KYqhNjN0EAj0#~W>d96ZwS?{Mbr&`8F{tCX3{~#}
zYJh$N%nz;UkiFzO-AHJymZ3&;1~uZh=)t4|&GjPImZ(iQ9<{ayZ2l=~A|94ho31#j
zJw4*J#G_HCXR*D00yF9SzapWE$p)E@!%_J*s8EeV?TJ-b3a_Ig<QZ%lEP;whJJcQ;
ziJIvW)Y2S9J@Ia191I>}CX^Dr=f4~YUFeLOfs5KS^ROx&$HJIwsQKPr2gArW#-g|Y
z^$5R(TKl)CfrJb*zsk*l8gO2WfwfT)X@=gv|I?3zM!FPLaW@9zZPfXHg<9i)U(H%3
z!zkn{pq8L2s(wFI2jkF#Gf|s+J8DndL`CW&YTyZmbN)5c8pF+_au6!iYcT-tpa$?5
z)sQp7m<II-jzsN+-l&1EMy>HFR0Q6kA`?8)OdvgKNeiRet22_d*Y503foAZ#y|4$h
zhJT|rW7JV*&9b2OMom=2`dTNWHr*=gSu9BYJr=+mqs@J7Q3D;1#c-WVLLIz79k&Ey
zOvU7=220v}Tl7APQ8QnP3gtyqz1OJkkcq~cwT(bctTC$n38;u{LGSYc6$$q>34L6~
z8E0lx0<~84P;1^3HRDmJ2G^i&yoHLu7kfS4coX^ps2MgvwKD{D-(1u{PNA0MEwc2k
z6JvtuARnqieVZSG8u4;eM+Z@Bd)?|c(F`OrMp7P$df-e#E!`fBjdxL}>Lse3IFpR&
zF@w&3aT1zQ8`Q{uMXk+p^uvd!NIXFgen&NwVzMzm<|JPk6{*3fC0d3W&?Ov?zEgah
zsW=I>1nH*IFa0|aB(#>zQ6nFW+MP?#gU3(<dyJ|VIL(AMBPv3rP#>pFP@f5XQF~!2
z>d}1xHL%;L2u7K1+RcLAzyDK_gpOf<)OlWk8o+tfNZ+FxOfbVNQ7P2*_NdJ_0rTNz
z)EAhis5MVD)7)PTHL-4}0Zc>fjomXj|Ak5XMS;$J$ShN_G^*h?sD{R)Ht8PJQoKS%
zB<gI_P<kvxz67d#fOS6Vvt>VOf=^J#F~J<uPvtqBf31Bt3iP=>0kyV=P@%qo>i9Ei
zhFO0z5o&=t-{VmOI)*x)H?RV}!7>;&*KE#_Sc3dH)RKkFGm**Rl2Abv)Yt9~sN*ph
zHGmn`&8UH1K!xrlYH0%Jo86rmHGp!cXM0mry}qb=(`@->RQsn<OX%LW6#^ERkYqru
zb$Qfxz+X^HFc$OUF4XRRiyC<9h33BEr~x*!c^7q@7okqUpQz3G9u?`7i@XDKomwQ+
zVK3AgEkO^SMXlW{)C`g=HX|;Cs^17>;aJp+XQP&GBWg)bpdxr16`60S356^%5lfHp
zb^aqrMCU>SRLEMP8XSx|R<mvSCJZ8f2DO{-*z0~vO(a555h#e-jI~e$nuNM<C2IHY
zK%KI`F@*k|n9Iz_Qlcv4L4~#fY5;vu4NSJz7o(nNCs0qgC#acyLVaq+Ty7#4AGLXl
zp(fN7bvj0)2Y*Lb9h@TJi;qwtdxB9hV1@ZSkBtgxV$_mkMGw|O)$ff(a2l$e^QakK
zLPhEaDl(~7nx!m`DsQ}!^RL7ZdtoVRR~|;4|Hr7^8fTU1C@pH{B~g2#8EP*KK@D&n
zs-r`wncv0S7_!=I#z<6uol%jSyxKK4E~Fq11)EU~A4aX=160U7zncM+KpoR2sJ+q?
zHK2*80k6d<cnKBRYp8*}Mco(hhlyw?YHwt4N$A5P4Anq4)Bt9pp4r>b7jL4D(;d`i
z^<QH`9E=)3VN@jQp-$0A)cu>#gI7^|;IqxgTWcO@ZXOZ}QF~Ma^HH1d6l#X=FeV1A
zGv_}PHISOt{-`~%7&Y*dsE(eZ_D0n8rlZuT0o6loZr7B%&Kwe2v-7Bszd-GQOdHGq
zDq#fqwx|KFLw(7-g=*+ADwI(-+GB{y7eq~<DrygPuns}(ftl$2`#(ELcsCm=lyNqh
zCssDp+SkXtH~@9yMpOhYqXzH|HM7K<%^DX&t$lUWld>Z!!oQ)OfM>B4e!&hdiDp|&
z1kRvtc#7&c=~mNlQPh{yW~g1=1GOiXqaw8m)!}K>68wW&f`DzNos_8OLrGLbYGG9D
zif$AVy-Dae^vAL|1{Ly4s8A-`ZX%Kg)lgGZLp@Ltn_$b=pz80p*RP_M_ATnuGkAxI
zP$VjH4R>(<HR4|=(C7aw)M+@5n%P&YXQ$cKrBELxT~M2DE^6jSZ2k@^a?y90NM%N?
zeIxV^7`0RrQ1@-x#rfB#+i40klkcbwLU)_BDu)VrPt?+^u=y*f%@|{ksaF7XzMG@k
z>4RE=8TR@*^e2BEbt>**Ao{p_&H0Rl3RN~#B+8>k*dMjorlT6%jq2bs>cR33_30LU
zpP9J_HRBSf0oFl9csOd4FGDTiNn7sTCZPs?pdyiAzxh~=KrKNH^v(zs!Wq^Lw)_;T
z!KbMDKTrcteZV|Xi=sZfDxyw7Bh)}9Bd5W2w%LMvs3%wSgC?YTQ8Q_Rnt3nOrkQ|>
z$ZFJaJdfH7?@$p*e#p!`7ZxPn1oc3hjUGIJ+NAd|sy_d}kkIb*Icy$41yBujN9~0X
zs3qBiiqHd8#Nr<@Yn}zQH^MPLc0rx<6}J3>E%!ZYevB`KYOfc1|NhT%d*Lc-Wbu!g
zkYz=Msu=2cwm^NXc1MMBE^6TCun-3PY3?hD+Ke?&Ps+BaCF)@vfr`v*^#1wZMG|_#
zy+Li7jK@vLYGWSqE-KWUP@Cxrdhi1(Qi)EO`?6pF`Ff}aR&&%|=!qVjfa+%*>KHye
z!THyw3Os4nJ{{_KRI_$LRUD66!;PrWT}KTp<|z}QaMbB(jjA^cwO4*e?Tup?4PT*_
z?jx4OIHz5+R@G0NO*Rm9!wghM`%nXTg<6UPXUq(Xpz@_r9k)mAfsv>PZbj{Z2RIRf
z&YE@?qBi+)EQ9Y|5(-(dbLK%)2DQohqB>ZGdK8~U9j}DvO^1b1Pr5ob-xoE28K@Z^
zvE?^WOZOQyu+R&p{qm^I?e-&~FBB_K6*r(Z*(KDu|AAVf<QL5v7DTOSJ)7@=n!q$v
zB<7(8wiDIfO;kJ1C9_FWU^v-&$T4=E-$-av97Nsl3AK5WT{Z*DhT6Ra&>zdA22dR}
z(~hX;#4z;WY*aftZT=Q&)BZpWFvS&fI*MR&o&TyN)L<7>h)1IyFl%i2CDZ_3*u3vw
zW^W`z59Jk6*E^xw8H`%{Iam{qpdy^?s_8f#>X;YCMD*`eC!q#9*b6S|T+cx5;?t-Z
zJh8^OW;SIe^iW<I^?c}pT4NU#kv~vNcMuhkTc{_g&vi4vB<QMx(j>G-O;I5oglcF8
zYDR}qoAEZr#HcsSQp82=;v}eso1rGs4?Q>@wVBtVj^%CC%>8eg2&cHo`B#Mq3bcEB
zp*miQTB{2-{}Q!ZlixA}Dvug)OANwcsEJHNb+F!+|A`vVHT1=2=!Y+{G`_vX`Oi<H
z&~3A(-B9_(*6Ub|e7rkm#MP|7pk}lHwONm$9$eQ@5&MXWNZh+-K$+1)z9i~&wLm?>
z$Gar7=?<Vm{17$sn17oNGFq#mZu|xH09lOMBWF+@M!V<Z?ZAUt^KjIItAQ;ajM_ts
zPy;`J1<`#%LIX&1-x!H%paW_^BT!592P)(@Q4M`Xb&%|V$%murHAQtW33ZCLV*|W{
zWw7W&vn0PFA5N|_lZ4h{G3t@~81?Cu<dNwxJL*|q3Dv<+)NbC08sKH?SJZ$~{bT+*
zUm5g}AAuUs3e+Aui`q*+Fu%@!mdEDV+yZrO$DtbDhHCH@)<wT3=J)>%QJZQJDpH$K
z9h^mNzK^Jg2K{Tw^PrZf0V*QBP?4Oga{706k<gl7Mh)N%s=?$>%>W`$=ea$qgTbg{
zItx9x4z>Btp_b+aYG84mnR=N}0|>YI`ltwZLst!sAfeCk`PPl7&2|)3@fB)-(Vm+D
zrACD^5;c(Cs3jSXC2&3J7{5hLDAfy7zar{X^v9t-9M>0||4I}je&yr+UpTeFR9x7P
z8u9(tKF%}zj&bnm8xy*(s1B39HIXWY3T-Q!ABXB_GioBIu@HVlJtuO%GfQ0goohPk
zNr5U(K!tugY5;dpYyAZk;@I!a^(<I`d<|5?<E+O}&kMf~=0mLnRwmyE^;|iIin#O9
zw3Emsp_zrDMpgyYaR-|pj@qq@Q0M*(Dx_afYn<+rDGx_|ap{P<J{@D@e$=Tsi)zRD
zY?dM`#w6=DAfdHwiwfazd*Kh%%y*#nz$w(``Wv+weZQE9B|_a_0yUt<sDbuHMQj;r
zuN=Zae1jU`52PK}$@JAU5Qd6CL-gP;sADqQmT$LSvgNN(9S40gW<{-eIjoD#Q4`pW
zdPJW^wf8qF;y&LsA<kbg35_TxYJ?522ev_l?j~xp#rk1pm;)7&@~DQJpk~+&)!{<a
zL^feXJd0&9IUhmVGi^|jS%?{Q{`Znl$o@fvHpIu*JJL+3^0Mf`o~SjRjyZ8JYO}t=
zu9(=@*ZCL6U>NrH^Yw1dZCH~08`PK4{84<JS$GUxg|JyvUneEH)`h5!52BucFHld!
zkZ8W%Jx~bikgtc+a3kt^S$|*e?*TibBJn#a<a<$1#9NpLeFJ>Ge`J$Cz}NL2i$N6V
z<8T}5I6XzpFnx4i@0!*{HP8*c5kPIWy;v2mVL8ka!`J%&>Ww-@J1`esMAi2X^z}ZN
zQlXZ-N+AFHN3C5y3N*4+_QGw{%wxnf<=Ij7TA)tJ6x3<hfr{KU)baX?8eqm)=KgA^
zCGCx2I1UTrY1E#I;l?&I%!+C#0`p=UR73Mnp*?DSh8jq`IHtS=>cQ0p%j0C!roDw~
zFLsb=F9)i_R;cd{qfirc_mNPj9-wacVJoBzHu*ZJnfAppI2%3qH)`|w#We%TY^`eT
zjrt6ji#nDkZ2mr0ARjlLcW<~(V-jj;AS$%WP#vDK<<BrS`S>BmG}hdx%~b+5fu^Wq
z*$=f86K(l!>lO5#7SzBJ$M<zU>-?7?p&LsiFq@(_hLazHk$A`&E1|FV-*Tvh`F!~K
z0Aq0dK_Xx8A4I&w=;XhnLLHFU*Zbj?8OM_Ei+9mKiLY}WA7eE7cXlN;Av}m0*<*}}
z36q&6NQ2t_5vZBALw_8GwQwv}!+WT`lP}b4+7765zYt5~1JoYLoZOtQ-stMstt26D
zqCy&+!h|XZ29mFX`kZfp`kv4a^@N*%8t7`&5^Y00H;$qr^9D8G@2F##$YTap9<@Y+
zJe+^6`5zQ$mtRCR{2BF#OpwydG!JT57eVdX4yfysQ1`7x4_?Az_#X9)&zs6bs5I)i
z@*9TX71RI{rFPBQl}>HezB+2{2BIn~M0Io;wRxUm0EVP7Aq+)Dpfc*5H$WZRZm0;%
zL4B!RhB^gTP*2>Kr~$@u)0&1uF)jtAt#wchw@0mAAJh!?puR|aLWMSGIuqLRn3DWJ
z^xy*2ME0X1dLO-CJkpy1Bto_0<|PqKq9f`N>7qtD+vYc-*8Vgq0uL}2#>!weWm41<
z7Dp{nE1RE=VdQtCBK93U=%0~Yj~S2w@$(-E&9Dqsz;UQ2+%?oQI(jDa#L9!(r0r2_
zJRh~$ZlN|;jLhb~qF9Q22keaNu?D8hVg}R;RevjH(fNNuB7%a1S$&<R*a)@D_o0^H
zBL0GRQ3I@>&4h9VD#ZIx_3xpU@Pjo*cDqMV5v+{Gu@!3RmZA60|M!tl12<7$6kef@
zQ{fzDla#|0<m;i9sxPYkSk$NF0@QQkJnFbQInCO}#4=<{p`IUOQF~||>J<Hp-oO77
zl*=?!2(^hiph7erwOjY2mf{xb!zOxe6PetoJrjoIu|9fmIqJvqW2l*4wZ1{EeXKmb
z-v5bqNFL6=j>kp{CgFXog1z#Zj*em$@~==MPM*&kvy!MMUtQG4={i)1pQ4VdUw$*N
zl&JC|sLfj)wS@gp5j>Wk^RLj{pg<22r+}%L4s~2Ap$5<jwacgAcHDtlk{$(3gr=hE
zuSe~PKT+48q6QwbkZCt3Dq?l9IreZ#=zRW#8qr(SCJHEQDkep3ntZ5G_Cg)ciKsPS
ziJIXR)Bv8N);L-bGof%COTIPE#<w^GClobH?Zz$U>kOhG501yps0yWu`+9#>aulPI
zKY@zSIaEYGpq4I8nE6&)6IE|K>d7}1eQ`c2B8yN<a2R9aGh}bM&Sw&8C}Fr+^GNhQ
zLQ&;&P$4^s3h5(MgZ?GVKr*487qw9l8IHPt6KWIRL~Y`rlIECaMSa}&z(Ae<Q6%zH
zFbx%=Q#cUYlrqQg5vqgts3%<7(q@y^L_If_VLp6@)i6zju{TDNKaOD-uZ(G@238<H
z6vOD>IZL7l21lAuR<e$;?nB-133Uu3%9??6MSWZ^L_G)gp`MJdu>j^QX9n61)&5RY
zgg#<8rYq0+*B68~B<kSrsD`3eFkd9{qdwI-qB<Ii3f&@9Lt9aidw|-sp%u-N<UmEF
zA!^O1+VWkf`yQhrnXnS)-=9R8N@h(fTf3pwdKzlRo6&=JP!A}d%H{!+8e5UigL*K{
zK}Fy&s)Hz1%xTGkI%O3x3bsW*>{P`y6}wTO<FyF&=-q|dbSF?xtcR#g_Y4nUP*wAx
zbpiDulen6%GZ;sqK9mBho6Vaa_mOXd+JqTvn21H79`yrV652$^Y(bowCSMn8QoaC-
z<9jTM`D*z(Gq49LAG5Yu+j6KU=Lpm${0k>w<~k<iJ8>HM$2b(-y7v70)$?`wQIHlD
zvW2J+pF?e;H>lm8rM@};^)V0m!5HboUnsQxXkfk_M>aC`7N8zfM^K@^joLe3Fc^ax
zdmniG{SOk_Jo!*-T^7T!2kMK%7S!h3i@ER?=EmSAX01!3>J7s}I1cqhJcfFH+(s>J
zP*Za~6BZ=j61|`Q^KHRN)b5Pd%&bu!)POpmA~6FMp|hwNInB)vo5@hSyfJEqBQO^J
zhI*v0vhJ~-NA0bL=>7ih)53g61fU+VSy8*WItJkYR7A$3&hc5)%wn}PA6~_9KTFXJ
z_2f&_+HBg2s6A2xbsQ(7HsPPB&G!&p-H@Y=89-gs+73iL2R5Q2@&Famcx_DsnNY{G
z465PQsDaHxos#RQj=rNll#;eH`P`_}RRuM%#_c%&(MfcnKppf&H82Ua=9^HT=NC{N
zzCtw|+}=ExvY|FpDOBidq4q#~RC~)%n{YR(!^^1C^awSO^c`HYdGd8IYhE1HQE$|f
zaR#=*>o@{Sb@X)_<4II`mQLoI%rvY=K2K*~?>{av0f&(9-o@AHgzvFBw(M%YjBZEO
zkL`9dUpm`ja|%wNW|F<T*;J*_L%stl663HOuEsEYk9q{>@8RpL$IiG2Q}#5Q_7LVJ
z{|&=1cQ3P~Jy4Ny7m?7~-9*hiNpG|33!$E5Em7xx5^8VkLoLla)G-X{V@^dRRwUmC
zOW+aI9*X{pIW2{87Wvw!`(Gi~T_>oo*`*~=0~mxlUJFoPDtDo72<T^acY3@^z6$D#
zM5g|}-v2Rre$;^0q3*wry6y}xA4;)M6Dfq+^ldRnpZ}9d=sVhC)Mh${8pt)&G5d@P
zRpx=lR;coYsL-EBJ(yy!mo(#|sN>Zcb>DW>lD);!SbUIKnqM(H{X2VX!E-FnIZi*=
zjJW#{^Bh=!dM+GCJ&<0a9z;op+8?J;51>J)fvrG&MqIV|uER`Z7NP20#*X+M-7pdz
zel;H&e_%24&TwDvW+{$Z(?J*qPop;BEz|?*D{5xxMwl-sT~Qx0dvH9~7-`DyVPWz)
zMwuT-I$#a*n?`Z|i<5{x+H_nNHG`3u1-D}uK178s{TN^GuhToC_Qr11v5G#{EJZ_9
z$fscgJd1TP>p1iC!U)s^Z=p76=y=vdo2JQla}1}V&i#AT2n$Ux5tx9L$=}2>n02B#
zMm;f-{9<f|Pq7qMp5*JS#;K^i5H{KT{4g4;kYA75GrsN=Gs3*6Po)W{wfz$n`cJ41
z%S<&7oC&B<enfSgXPOz<0Mz$|Q>dAzo^IB75Nhu{N6k27hKW#Z)UkIblW0lej5Y5}
z^B|godUE}+cADku{pWRVVlB$c%{DGXMe3u?SDa%8vIJHB85PmWznK9{K`q^7<QVe#
zKi7n&Jf7x4H=Kas^UMS292WEA35NO@F0#n%iJqvvvjywpdu)i+7MnF*hhgMj;3v$n
z#GIZ?OU)^$i2*wQ14z)mGaM7+Xq=2o@Ndk&%zVryS#CmE47GMGFf-0TeLNq;AsBUq
z`BWT<VdVFsBH*kvAuom6OM@}J&i^?Q>F^U~Mb9eJQ6<!F?SVQK8&MIskMS^cwK<kK
zQ3DFcU$BQQe~z)qf4BKqznceKC~Dx@(Tzi*K8YY~kIAq<DiX6W6>h{7co~!6dsO}4
zKg?IRR2WD;FX{;zj(YS~N43`k)z1Kof#XmgN;Ci9{Ob$EX$tg3A?g})979nvu8P|I
zL$D_vM}<0Ut!ZEg>i%u02);n=>ICb|^PoDad<<$J8&Lh6L47ZHw2t$y89D3C$dh79
zvRP5buQDpMb5S!qiwfxt)U*CyR0p9O%!f)TOijKc>O*Ui&96g6@FJ?cx2O-H^zKH}
zaTU}zmS(6AqhC-J=GpvFn}3R0yZD<-$Kj|Cp*E;z`vTN?KZf=2IVzH6H=CvGi~4k&
zi+WPJ+exUSw^$HEx0o5!Mm5wA^@LoAn&~A}hhMQM=Gkf@)(y31rlR)18r1#!FdIHZ
zUyQ%aJhBrZ4=mT|KteM*fZ6dm>QgTHc5@oaqC(vpwfk41Hs#-_0Y}|o%8R2W(g(E!
z3sLnBqdv6$LA4)kr-@WPOr!JPh=f8i6gATM-V1C>)Mk5w9?ZMTM4%StAwK{WnGM#5
zsHID?+YGokYLj(EMP@W=AWKjKJb)Q>{vVRiE)LpbW>5z89O#0Y`8-s^XKnr+s^j!~
z%^x__$N1!1qK;WV)Bwkzo{alYGf%e9M7jcM!hO(t{-=^q$d{l-c*gn+^*JB7-<*=X
zs9jwJwHG?020k6Ngr`s;|AgA@$qtwZ6hTFxCTe1xQP<}l;QZ@c?xsMy^cw1T1RgZ!
zv=|m9UkkOFCZjsuhT03aQ8P_+$b1%5MCHe!zCRp5wfh1UG0$PMd267SVC-SnG`x-i
zo$t%&-CU@UM?GS8b0&;Mz6dHp<xtOwHmGAe8g-l&q8>0eP!oHLaWVL)iEtWJJC#w9
zZ0M3uNcv+uT!m_Q4=O}=P;2WPGm%Mvnt55&jE0~Z+Jb85lFj@5>Fb1%PlZLXIhMqQ
z7=#Z{d&_-KqB4mL$Ia(<AIwYsG?u_9C(I1Xpk~$xJ=hD?zzozt{zQfJo4ua$q={?^
zRCycJCLD{3z%FFqu5+A(LiiXJa_5wZKw8wAmqCTLBWf?KKs9t9^&kp4Z8m8I)ZXZY
z9-NC>sy)bq#<_voq`A(Rej1_o@Ba-Yq2sU!wf1{31n*)Je2;1<_^f$8WJhh%MyOLW
z3H9LFg&NQUtc{`P%o6rQU7v=E=pIyiKIi#x)A>(9LeK8jsEQL%n{gZJ_#MJx_#D-7
z)(a-|O;EdiGHTBpMeUi#s9hiZq6vK=)Ib}dj^QZO=3I>4fB$PA2{rHxwTa?fGRLQ=
zwH<1SW}ud64JuL>P&0Xt8feI6vpI{QCe$1C1e}jr%5A6t+(JeC<7LjjMiz3#e5@8n
zU8sZ_P&-ryV^IyRLUnW=HPEkE6f^y0HyP@IG!_-9gQ)uNQJd9s)wEL$wHNwc<@_tO
z%P3HX4^SiZzh-XCilxZc#^U%J7Q`E<fhV|b>W8Bu(i%0e(WoWZhB|hSF$}ZbFzt0h
z)!*onP{Wr|Hzc@e8YqKh$oIq|xEnRl&!`Wng15|vQybL4SD|+QN!0Z>r~#(BZLEkI
zNFUVk-i10v?rRb{R;ljTU5%RIBvgkdP@#%(*Mu$~Dx{529gRe7!mX%~KehQ3f13_!
zpf>d|)PVj#J<$HbV4eTxB-DX(&&((bs^Lzkna@S7-8EE%V%|3)FN*58IqLqIs3+qg
z)Xcu2c6rtZro0@gd?>2^M)dyv?=}e!1u-AmHAl^)HY%i}QF~%N>PdG6HITqZW`IRd
z4gP}KtV>aw^&lq4e^K|x_{S`14pe0OU^boqtt3475H%zJ$7ZBOPy^_I+ALF0OS1*_
z>Gl#MF!YJpGc8b0%E{=#Q>gZyqn04`zvcl|0d<Urq4)QHD@ka?=TU3)8P#Fhr{-8i
zqRKm<_R0*@(p<nW40>kjRYfgbPwNs}egX9){ebEx?sN00Sm-(DUk{dw6lhblKy9wR
zs8g{7^`Ubg<KkCTDC4{^=RPk+lJAb{co(+Be^HUC`qD&dCThlqtxr%9iSx=eGb`}Q
zgswU2yw5{D%kQC%OVZb7ZL6X}-x+o6enTzM9`ru@QRhGOjTvBh)cvDS<$F<|hR;w>
z!eIBUX)rU^qM#0HCTmfVxP=N?z&kVZ9H^zJg&rJ?s=o-M<2lq!ucJ1x^WJ>k=SD4Q
zDby)wjjhm~K|&pWNBzuJ^Mm=FPBW}b{twhhzo9xx_|dFo1V$y_6tyI+F$Ru9)t`x)
zzy{Q*xPgk;XPZy<$r}mRDMUgQ8ljF+e~gAJP%~eP+B{b<5MQH0_#HK)RG-ZNN~31p
z9yRcZs6BKCbqYLR%$}%;0px!}@Bjawr6knRZq%lDfVv^}S99D-qB<IYn$ZI5arBUX
zi`t~|znQ&|6;-bW>a+|*eW>j~?Sadv{-S*6!KU+{g@iUwBh+S^j%skX^%6#qe};-s
zo*(9i(<WG+{2J5%KcgBB<<}XiUmCS!V^Mo!Cu#tPQ3HH~-t!;o<LA9G0u{1OsI^*y
z8qitPOg^ACRc>ED?-Q&Qs==kG$X&4cuc-So`T2Q&0I7g_60Sf+;wZ+!dwzbbKZ!RK
z=-HhuiWymJ)D4qROR)~U$IIqJqnZI%Lk+Ai>Qrn&-FFvjqZ7^CUk5etai~Z5KGa@$
z8_hK%O6>3FJ=b}y%}~2~0#?G!wmeFJpZ5z!PSgXb4XR#0)DkR2ed9TVI%YRf9mR@n
z>gB?4@^#Q3XS*b{yBDEGxEnQtm#7C#oEWCVBB+sfM}>Sj7Q;)J%ZG1JfqqUAEECf#
z#jsd@-o5e%DneIL?ZuC6EP?t|bvxU{Le#OkfLikpsIOAV<M?^MRMtd2$$FxeYBk2j
z`>2NBpl0j|G83tSWyudkE!`<=)L^qYiz1P8ona(OQ(+Zq4PT<xJZW4%?>C?-sF2M>
zZO&_05tGC-18sxa%@a@q+iuHWV^#8rL;SqIBW{lx$X@FQET*6Tv&T0#c0$c$Icg>s
zQ3HvRz>K&cDrAFD1KohSeiQYv95<n#_rs_H>KIN#?Ty`70`Fl;Oqa;dyXhmbgwFp^
z5{kePR6{Wno823M`c#~Ux^WYZ#LL(P8z(WI#U|v#lbT2@LUnu+b>C~$-U>-(_D&hp
zz<Z*r#3~Z{MspiAv!GBDiNdIJ-3IkcpM=`wt5KWwG%ECuZ9ZOdvsbdALR|?J$>FH>
zx1b{U2vcC<6r6u;l7cDxydOeCQQzmUp+=s_V>V$S)G_LcTB7NwC)+{PDR_-K9XV5)
zJ<<|2@TI6PDyLB$2c|OZ6-7n5M=H+08d^hvZn%j$UeQwfdA~g7L0zwkI+lY_GoOz-
zB|A`GGVh`W{2jISo;1ct)EAsC=)n=FdMi-(A9qP;X0K2oNs!h&K=PqNT^Y3px}nx|
zBx<j$LGKd`<B?CC&RoxmTGHwmqWY)-%(dm4Py>97ny?$3-p~6BfkLPdmd8@Mfa>@V
zYR1<vCcZ;G2YfS_U0eXQ#@$g%vlundv#9&tqb~+$G#!Ru0QsUAL+3w&geq3WlGp*Y
z1nW?n>lQ|0Kqk{rRn%sxff~rKs7<@mmOn(@pD?po^U|n^^+tVqu0~zIf+=<Wqh>KP
zNRJ9lZS;l)Ym#4K%fF*$m@cc?WYsZ@{1j9N7g4)DAe%WYVW^4K!-Uuqb^kcjrr&|y
zfB!Q|cDpN4A09nWBOHfna3?A<Z&0DjpTo>J3{}59s)J#u52fEwdt)tXmtRC};@CM&
zM2n&#(HdQ?%@h*4VLC>~ov4r=Ms3QMsD^@a8OxytHVm~%ccFIkZB)b2a+@b=F4Roh
zqaHw;t^c5he9}Cef9>8Pc}&AqP$M0U+C<w?=k_)h!r;6ngcVR<Bz{4ihH0n)U&jU*
zEuR@+bJPImpf>d$)YAIpH|1IKbN;o)l_}5~E=BF~tElt-5Y=$h0_MgXsC-@2OoyQ+
zunyznA=IbnHPnaEchn}$U(oEWju=jU8fqX{ToP4DIEBm}sD^5I6lzU3qfWso)VJgh
zs7)Hbu-UXltsPMv&c)Su88_pQB4%j{6g3fUj5@BfP#^E^pCr_g{){aW5@8f<iduqJ
zsF99E?UBu>kX}O#^c(5{ld-s2(=ZGs-xLF|J8Dz*#}+sNtKeIt9oH!xW{y!CR47-X
zLcbfe7jB@AQDC?UaXQq1il8FV5}V*S)T8)0dN8nrnQ0c(v1@>8ZxrhJu?@Zd{>Nhy
z3Pr+_X46zc<%gppup6~E?%C@JOPNqtMs+w6_35}2Revvf@B!)=M=Naxng_L%4KO7R
z$1FU5oE0Q=d@iAO`B&7ZTK)(#(q5<~T8?U9FKUxLMjfkIWlX5UP~~M&o46xt=6z91
zwj7J#aa82|BRT&%*V##EbG1c<Xas6TTdZeMGkJnqibQ2iq;jJM)E*U~X{clQCu(mz
zKt(9HoH+&AP<x>TY6*Ln<NRw=EucUiMup}HDwHwHn>Ejcx*-zPU{};$8IPLrBGgQe
zpa%NJ=2KQM<&{v!upjEvaXo4x4=cE)L!XLfMyXK^)JKJAl+CY4b$lE3<ok-{Fi$1(
z_1Z<%--&u+-a{>cUuCnDL8#DIMn!fkDq_oA654FnP@xa5VnP^(`uuKyI@evX1g=8O
z^cm_LC#h<VZ8@w+ehO;u+(p&*R5RC`qayn|#=+C5iMY2&XiXASHv`Ft+JsF|9nV4i
z0C5pjFQ|r}_xJayQ4Qrp%_tl_SRXZz{-}W-N8SIyn!BcHzcbRl>#QQ7^L`H%I^SAm
zty5tl^5s$A30q(wE<$y<2DPh?q0aNasE(7>Hj!zE+SIc#61Sn2)~AlyoY^tGKL6{J
z(D56JT8dTJ0PmtYC|1{8Z;IN4BdzOEA-sk$Fm655VJMa-Ul_GSBT$=kD{9TJqaqup
zK9SM+k0hZA!!QU}pdzu|mS08f-fvhCb2l)%xFgOZzX(-7yrG#uQ|v;1CTbH#Z)BDt
z0hT6T(&k5@+lGQIB*HO8V^gsy>QipK&2PsF<R79oQSK&YX=<V()Cu(<nuMC!A=Hw5
zLk%EXQ?vUEqc&w9)P#06^>e*9zM?=krfFu@s3B_ej6sEV8*0rDq6Tmi_2Bt|nt8_N
zW{t~YZSs>*p?`upc1c>83DriOsv#H)XS8t5xn4?vKD7>@I=F~>lD$Wr`?xLbra^UF
zAN9rLSJa-^YRm7S1{$N4c^;%eMWO=gz5%HE%Tb&2tV<#xiRY+O5UsTdQCd_7ZBVCR
zHfp9DQK7qlO)+{KGn4k1fc!7$!HKB*)}!t_j@n~SP@6M$TN4qt9tk~oenpLN6Y99#
zLM=hEcBY}SsLj(1HS!gxQ*#70!)K_yki5NF%5YSNeNm70d8i2<L{02(lXsnv4rTzk
zQJbY1>Os>PE8`GUL+5Szd(;v|?`Td#X4JWEiJI{g)I@$q4eT;%bNY8O_Z31-xB(W_
z`5!|<9}0(2=lL^gCb>GBwXBJ1urumIX%?!Zy{Lixg;DS;`k_x3^MxiVYG4tl0rbG)
zxE%F_eS{J8@1*K#M%otj0Gf?@P@F@pY1D3JO_QNES5Z_bYoi9z3pKzAs9nDu^_+N&
zTB6k5P5b3gk?UvkbJ117X%gC0FHz6xbUn--Xoi~c0#wM3pz6Ov%^+b<Gs9}AdV^2{
zScVnxGHN1edYLt^gBs9i)I`_!;`|pQ@ec)h;H2+uj#)KSg@LG!H=~y3J}RWi`k0WG
z!_MRfp!Ui$jE_ZsF?*>x)+FBq)!r6V1fQV>;@_9^ueHzC*NnV5>U>T?b+ik$7oOPi
zSp7_7@}Xwh19krrEQ?oB51iEf&Bt&PR0QUuB6I<@DL<j^&*Tp9^Zvg^tA~*k9726F
zi8aui+YG3gN1{eN2z8v6qh@px_5AQ-B05${QS~ZXd!Qma2TS1*tb~Ds%md1;M?xJA
zK{YfNwYfH<8oG#jfP6u9oOH0+jA5vHO|64aPt5tKN9<12<~)n>@Uit9YCyq5y!BkC
z2nnr8RaArRQ6U|TTFbqtCAfqd`A1af$_zETzBj7=Leu~*qYu81%5T;K_-i}9{GlZ8
z{Jg7kKHEg&bA$6bo%BlY-@m7FA_|uKbCf6?LB&+usMk^&xkg!TwaBXr?~l~YLEXEQ
zUm~5Bw@%G48XnEPO}J-1WghBu=f0hk>$Q#iQPPS^9<E0vujh{wO$lBPd0*s)b5wdw
zBYIUcI2Y*b0cF?eK(AQTYiAqoY0XNVHPk6>syJV)yD2-weOl%Q)L}0>X~`F*4R@Wr
z`3IHwhfW+m@Vvj*ox})Z5{2W~pUUCf+=IGo17|j6r%|sSTzf~p8t=uX=zsssXeXAD
zcJ<OzFbDO*xks<6Jb#?4R7y`r=P8K8g^V=(!ZyyItnmLGmEYM=N5^Xv1Bl0aG}l-1
ze!{hXDR0et19kW#U;e+LlCiH4>O`TuA_F+j1k+;??pZ>4G2XMHDE_=csFau+T}6R(
zbvwd@xQdEL?F`nCzDu2nlxL#;c+&Bx|ML|=zKR_{AG}O`y-IU`R_gu5eP_w1W5R1l
z_tx)U_HnT_l|R_Z{F`Ck*B-9@d^M%v<m9v4Ybw{V`uWOF<7sTi{4vr0^SaH9GjOd8
zbyD)~z&nPmYv<3orXZo+^{wdSHI=s0%x2s}=Syg07k<S}m<jb7%YE6&|9tV!dN{dk
z{yF!Kv4aVvegyAtOmZHT7nu89hkpykDQs^jLt~S<5XepCdB388S+?az+{nMA;RN!o
z&->@Ap}lt}&ZUk%2lx|rCoTB})YH@R3~ko3GrmEa8OS%s_I&<0GpH1m8~0;XZhUAP
zd~16MrMwc?^?JiidR3x<5TccqYhk?gipPDw@s3U#HjvIh>gBc97cqdcKkH%(-Sjj5
zeDXSp?Oi@}GLeRAaI;=*us-h?lz%0kn46FD{!G~lJD^&2(8VclNV$i6N!nELUOLtz
zHw2^DC}gLvp`_i@T+l0w_jWr=<@IW28|^})6RDh%nWd*}5%u^x1<q3H)FwZP>w0Cv
z{aj1MHNCDgIQ}HwSwi}-x5WI%pYq#g;KiJL+%T9CSLWs>yrbI@9-{mZ`5=2^dCGf}
z@6X$hYkGa3a(8k(H!ryzwxlsv`2cW6+qkG!Y@7C>mnB@+>raEjUj%UeqUCek!#7xG
zBhy)DuVp4i4aleCo(i-v%1-Mx`J1$Li~DNuPbhh-Z{g-!T&PXOL{wZ&X^fxSz&7}t
zo8t4<YbXuppgw;k!b!kA{p=uhtr2a#pz+bl@H#`CYq)~?dWCUs4X*1;UjtwIf6omc
zX@EcKc6NEI@Fk4=2+}L*@CMiUF6Mo0rOtTXdi9~9W;7bX`xyBw+;fxkQr-(lhcbae
z+_%}@n~5^LO3~(Q(rHQ0;~Ry;*BS3C8l!5-&3bL4lS*{(z+|2Cwo`xAr`~b$>1k*K
zuCP(bMu&H7y+3W6t8BglbuQD^eoSWTkD`6IIsZvxJ5^u$*3i;cD5nDZnoFm8@$J<~
zPopJloko-&r0hKTFSgTsl+ELPjCxgg=c4=^{dn)^KO0CVGt2w)2=fCsH>Bob1fltz
zcR2<X*M`h{C;u5w*;CulGCEAjJsW9!B-euMB+}YJ6rh8|bbiB@=jFci_L|!Jjr%Y8
z(|>s`Tv3UA?WWNP(!WwZoCfsjMVf!R$@`kcpni~=W3tX^Tjv4|CZ}E%-kYeC5Pze?
zC0x%(dYiq!HT6z%eLMMrE~89Fg|!rBqtZ9biubtjn4SF`uKz~*J_F+$uJ;v2J-#kG
zjcxuW@^?C%&eV%en@Pye;r+}GvNLUl^6qE{F_!xs>bobfHy8fp9fuC|%Ekq~npp#A
za5>j|aB~q`_O~6}L^{dAdy%=t``^F#FFyx5hqxy$X5u}8d$-y4RVjdc^eCMF_l)E*
z1+}R3^Hrb5o0F+b0|jj15X!c4Q*JweJv6q3doxi-FMrA(QTC7RWDNCVF>t*`k)B6A
z{ap1YX}zvdZ=;?+3CMKd-Im6(@E*rNQgE>jo&9`eCclmj4s%_vlvsm$u_=2+`affL
z#*=?y2Nj0_ETv9I?r+6g-&jua{@-g#vIPNCJPV@et+P;<o8O?H9eEH9?X<1)55hUS
z?Vw^&Zx{_-<$Zt|#lQiSb;a-8pN@MjYo>O#3%NFxtX>%mPD}<g&0bfLJAz6F?8OaS
z9M1da>oNnGP2-`IJ+<Wrxj2M(G&{gZt~a5LFq;qOo>ZhmC|}P#x9}?0f4;78t(1)v
zWv=66XRQjoY^@_yx@RlZX7-=#i0|6#3n@!O!)++9Z9A?`{nEU5am~jL_BQ#u)T_mP
z1$iI0_t(Qq-a5oTH3LX%2QiTbAK05!cQom;ltrP@VBUHSV>at)RIj-Bf==>t?H@ak
z9bCW0`{94u`AD5Vc<Y}*I?6o*xwkIuUUqGzFf!pby%De2^l3cEHNA@QK5si|MY=c*
zezf&;oxk1ac>WV=mAxUqmirUpcHW(-v(dJflEHZYI8zljkeN(_`k6S83a@GS9%i9T
zul(dc(s@#w-)jeQggX2ie$FN8^ygZ0JD^i^w1c-^V|f2#2lko!Mo@nq`ON;Te*$hA
zLqTDdfS**IcT|qT#WK9l&{zbGwBx<sj(RM0Vv?`S_37NZfI6$VU$1_ocT@g{%{Snl
z=A>hB&mqz)(9gE>9n0$L>_Q4p&`=Tv@Hdr<(!dz<znM0j<aTdF=Z53FtJzr<qqCg6
zQ`yc`{S<BK)q=9`T;m@RbQ05^UQ@VMg!d-y??^kpP~Ouep;s$O<*3}$mv>#;iT9%Y
z&tD8`3O6;iov1j#rhRQEw<zORs?H+X8cQ3Cx#uPMzP6t_Tu(uHecjB<?McNyd3XH(
zI-JkNwA^%+o5zu^N1c%j?7y$IG+vYINw{|}?=4(xO}&#0rXl&;<mY2@d(#B!->?H!
z(H}bhdcB~qJLce>pK$YUHF|%CQV2KMPCay#g|~i}T7ZUrzWS0bZR@n8GhgmGf(3Y=
zq5jWTe0$F*3ffcWBKcSPbw&z097hAif7V3)xlI18Gajill8tNMh{OQiO>9T1nv(_|
za$T=PT>DBssqL^gWov1}pRyFFmxq2Xla50=2@`J3y`%O2PT&bQ_q1WzfM>{;<i`8F
zJ=`#jMz>L(nDW$={e1BoaPP0c5>s}L#<ozmmmOeR>K-FKopOF{>J<9VeXs1Gr%~S<
z|F2XyLFR89h9jxajSkn-$j{es(q*_-5i>B8t<=@40q<Be{+7;CbKk)KM93jMn|t&s
zL7fkF5F=EVc1r5}7a>#bKR3Ol;nG~>ACYukU@-==gB$nTItxkrQTCihm;L9ymXxQW
z%%A&m)5d$!SsCbloNQ-Il7GZe|7F8t4Sg3p$c<g7P}t7sckD`;USsHBHR%JGioxiW
z9z$(|Pf1U<<r%4$)22Id{RHW(baIb-f45QS#{JzXi%<Tg8cW7|74IC3v@Q(<+d=5s
zDDMwzF{!$prgn1M5Z?Q!F#`wLA*!Zc2kEjhU7h9n8B_GX|Hk2d{*tcuwS_u)$p_f{
zU!?#0ibH=3?KQe_on2&RQfVcg=Hl;kT#GBKXh^RTTw82!XvDRIl-K0?C$8P6zFrNj
zx42%M0UjowlXoJfU6y-0P|h#!oddi*+~1tCx?JC>1=1^kP6ktO(000xd<Dvn(2-ti
zd3U$hKGE3ES0C<~Nn;s!59D2f{Lj}~@_MbLtrooRaQ{|&Z+ouopzN6rs9sIEn24MG
zY=v|<|38gAA-(cH`2eoxppn?zmyCvP^1eV?e?+vIdL^+FWqK`V)_Se8ZJQiFLlGVC
z{IgSW)_*RhVNeBWd=CcmUTPa!&z&`CJRfB{NFT+=ysMMGNGC(FKJB!(^~pNz8Pp@{
z<l?=UdsEnJlPJ#}js61}g<gxPkerKg@d)`hG~`cOuc4F=z*UqLpsY7HyEYn&7-%Q*
zKVL~mce2-1=0|=i_tj^BA1Ggqr|=<d?u*L&%h^uOQy8DYT%z()ZpuqK8jbTCeWx(j
zuF_aC(o=csb&C7?Ql6T(UTL^buOBqr7IShvw=H|*y~5XD%6gJcVEZf@Nrg;w5=n<k
zxG^D(b>JOBrPx?Z*Qh+rHq_TP)Rgk&w&Mk)H+v8BDXx~Kb`(nVx=E{llh19k4*w$r
z=R9Rm>=Xu&*6S}?x<>Ewc{if|9@NX95TvJ0T3b(L&uOC=qse1OG{e?ip#SF`%V>Be
zl^#&(JL%;#_VbmQ8yb<xZU+~WYiaDwsuNCr!hbp%O#NU6u$wwJY-jbX6RBICcQf9%
zX|I~M9TqbN4P~R_iy9@fx`Fp>hqEZ3LOKnN{z*qA$oJ-5g?f{??=6itv;(?K!+A9-
z`}%-gxwaP*anEV4Kg3zISC_VaU>2AEJf?7xZRA%f>3~(R3#GQQlCD7c0_y2CjdXn)
zIBsY5nl|(*OdG#Yz6z6LJnHF{#^CIt?7y#p)KgzhH7>m5orDI*+kwPm#y?*bDPP7r
zw{5Th13E>$%XB=z4zwos-?#VvZU^-9eusOvG58wTmHMCTM7HWD?=n=rZflmb9ZaIa
zI~rR=p8rwH|6ZkRXDV33yCV&jr|cwt=3R(Ebg=c0a(xBqX0$bvYkFO<)~4OqOmLdM
zZPm4-8IA?*04i`}f710R`$40F7|dJpYkm%Z^3gQ*m1{#Of6Mg=bdZ8{7s^uep2PL+
zw!?ee7vtx>-l6d6&9yoDY3mXf_#YEFZ+X|TH$12O9dG{CbSH$eK{WjH)zzjaa!vn!
zmtJS_B=0*6WG_xdy;c~Uzj1+0|D-r|+_`i*iT8DG+Cssv`14heS$5}IE#6xgL_Iq0
z!^PB;^T)K#|Mhh)a8;D)ALpF`R0IS|thAg|yj1FX*)Ei+iJ66nkkwkI180=O<($*G
zkRXYcn*BGkq@2{u$gXQ<hBcX4CSs{wv~o@DqIT2NO>N7{Z1?-lc@L5K-{;fAbNfA)
znR(}Z4<tI10efTTB15X-R<M$GP$yBXp<U=l$eoA30DURBwd6oGaVCM?6h9wpx4N<k
z03?kDENLb3OMDSk+{9i?j-+Ri-%`v%FL6D58wWPbKp!KAk+YHbZSYU%8A$nS7LvBg
z&0Nw_oGWBg23SmDSM)*X)#zs`@MY-z;caTjCFDrj25&~MqWE(vCjI^J<s#G7pq1#)
z!V?wdTiH+c-wSXyO#~dEf&6K#7j6ykN#x&=lkrPhp_)F9{TZ>VXlmfEC$|rFTh&Zr
z_rsTie;=QKJ#c$4k~I7uQ@7??oY@q41TICNjC6@-H-)0}0G0xL8o3ua158Wg{}G!7
z@CtYiIRSj*;q`DgxQ+pzAV*SLuwO*gxLd()Qx}sX5Azs(&Sbmc+ew!6G{6*9;86-}
z!M;=3C!>(Kzk?sId}+joGh7F-M`20hX*3@BC48yEHBjHepNH=^`TXyrh@=rD_oGOR
zf+}I4npXNRA$b6IhTs2cqDJC(!vm=EE;%{K670j&>!=2i;OVN)0sPCz|4iEQ`e(vF
zVzgDSOE>gZB%TDgkb<q%Ak#_8P{Zye{sTNqHMkROj4Bo8UL13%^*#BEz`cb05uT5J
z1AZ?#?)~or@Od0D`UQ|5-iz;F6nmJfexq6Z3iMAIW(NiG(05YsOfVjJwYoE3p!55N
zE*+;<o*GIzh7n7J!}9!J3urKaLlo(V>;+#9KSS|EKrg7o<@nA4Bk3lZ9zy03kI}{W
zZiPF8I|&Q&mQdqsa@x_O5TB$@s@`|#6Jj6cW#D4@1u`jeg2G3T7pq4yo#bj_qg@2w
zbE;y}4631KQurwLh1lb1JPE!8o&v{cEtnJ7y}^u@HRS!jTwTR9RY-!{0K5!fmWtg7
zc(A&ii<HlgJcxfL{v+g01%DKtf?q@ag;*Q(^SOw6<a_ueJ%ayDrPti4ipszgbcf&u
zz-e6lhxpdvn<0bH_Y8Fj{5Bk;kzm(TY#oju*b-IvulUcU#w4)&l<y}nY1obQI7|$x
ziMyVpoj810#|XX#kHL2VQ`^W4<i99z27XBs@g-xAiWZ1_hujo=H_>nbdI?feYd8f?
z!)_<*lT(J2<N=?6|0em<w(dCQtH3A7=i%0B;^TnUaBE+|PGx{q=+oU2Y`x$L8A5}{
zqL&bpGzR-4_#jOr&B0%;hL3vqUJLvd*nR#!nmi0>CP~vs>I?T!1IUEA#7_XOAl{Bb
z8u3c-pAzebJP&?JHIw+B;A6B}Hi3S|m#=C*jokwOa(p#8I7d>n2gO$+_o+hHqMrx9
z1z!eu2=RFJHjHyi@|mB;3&}qUCK=uip8)qEeo32%twq|%f8#qJDd{G942brL{^gP1
z5Zt4J57I0FJAq~+0lk6$EPO>wyB_~b*l#K9802Dn*)(nm<|T@!Fu*<dZo$q%m-Mc}
z>-Z%NMb5#uQvTnL_JEQVFoTAEik(XL0&a_Q8ACh@<}y|24*YjvFKm``JGFkMxun_6
z{L+4nSU$PK@XsaBeg1b-Bo}9fDk_01@l{FybeyCH70XtGUWk7c{1pCsRFnPa&(L_4
zvd?4KbHG1>zcYFVc%2$de(sc1Gms`*2qZ}Wx~xBrU;+c&??QOrDPW^t2&Mqm!KJAJ
z5;B0er2Qn%qxnPVpOP<WIQBL8r=fR)e~}F!oBTEW<pu5^WtEOQDKY@LnS{wSnLv{w
z^j^sMBo#`KqF=FV;axNt2<AidLr6!(Um$-uc8s=D<8nAgUV057J}vf#$7G-vycn*b
z*b;(sC?aVLTnev&pMuXN=BL1`T)`r+G1^3fvl!?z^5zl0lvrODaW;VS)iAH4cLMVv
z*qh<6<c}nVz>8J0aR8|s7Z0csZjXK|@gDH6a2Q-Ah0h?_1F#DF6EKpN;{SpC`RFeq
z>xl0lZh$>3i#DT+s8t50=0bv_P-<0h19A)YQ2hOwz9U2QB)J3ngZP@$Xo{!H7|yTJ
z-$7msW;8ipVauOX%tzMY{|Meg-Bs9kBM&n`syzQ60A%C1w%M)hNs&VUB~_sJMqj7m
z_aYm~xs6yOu@{ju$e)e>4(x;Ik{%@IM&#pQ|EjM3YGUhD-8~H8zJL2kdQCZB!Ieb9
zaAZ3Q788rn0uo+;i*a0we@ZNXe2xY}VV8kPSNcczz3?(Pi#r%2`7^v7661dULOwxL
zN$)V>!l>$g%_gx6;A3zB0}a4VAn_}3{jens!k3Qx3pKvMHvzpCy~4dhzRMy05IM>C
z6IGwq<hO!rF6GNXihoP6n1mYvJ|!oEURH7-`grt+N|v#<6qR%@ITP{Epm6}X5!(y)
zE9~XSde{%{hS)Ip|AzerJs*~TcyKC#Jva_fa4g_NY>lD5q1bxtBsnR1ZxUm)5A0}V
zcTh4H>_Kv`1Mf7$UPaQQ$_^5{iQLzb2l4He@Ba~spN%6%I|yu3(_RGlb2wKOn2Q_>
zH-di^OtH#)o~wBh?gO7qp#pMtQa1=TD^?i!mZ~FNSE9G60kn(B-$tIK;0O{W{ewcY
z@TJLD5c@wgI)=1}r;|9F*g*6*$(3{;+ztCKHMr~K%Y(`eg6~PK<>Z#DU@b9s{arzD
z4-Jcv0{~nPAdAAA@V$q94b4YkS71x}2x%hc;_nOpK%S)Q!1ln-hb8r4pj&8i7<)gM
zttwx}22pQg0=xg0IH#+G+2|WclJp$>0R>MbO}$1T)pSx5rapCLg5J`|&NaGchPu}#
zuDazaGaL@OR#KeNL}rEQEi((tEJKF9g^{rJCrq(F6pog;Vb#@r17;}nCrH2_3>%rA
z=9MEME84F9{#9#4>xtg7aLh5}<?X^=a8jh!Zhob8?HjLLQXk@<LrV&IC;1G&udK3X
z{gE|WTGYpHm?r9%G!98f_xTMugwHIuj7i=K%U8c+^Cg*`vWMguUY|E?g#B`&tV~aL
zV<OjMd9sYmP*Q#JkyR~fe>^^{Ui*2Ps9pBU5A_WvcBVLcTZub#XKIRAms;cT2Frbu
zg5%3PX27`F9|(K>zR)=1<}vv><B~@B7};l*89B03u~in}3MTr4Ms_qS3YcgXarb;4
zLuDJ~W~EV7Z2Bfy#_is4u|E<veEzVv$V!SUsPu)+$yvsvz@%P9#a5AXbw^<(claMu
z*n@kD4$kvE#PAGz-IXHs%!%G0kK^~JC2yE>>`L)|y0arsJSool!*i6K89CzfB-t<I
zi}ua~`C`5}*X#3meUtv5`{ra`F9x@9?kW=PMf-5EWvKBCD->p_ctgdO$NtqLI@!lO
zBI4v&A|u|J>J>Th_HX54wX@$RlG5xQQ$<>0DD2_#?X6Qq`_!;i&N4BBl?H3Uat=-v
z8(Y|Be=*2jF-r_OQ_k4zvgEQ&at_TB8#U*^Jz{md{my;jSLf(lu~oD8&l7V}-8JWn
zlo#?)GCfXdt#~`twjLM%aEzs*k4Wc<vIHxLmU}}XF4r0Pgy`JDd2*R}S)AK+m)!N_
zKGoYI7Q@NL_O#_<Ub?&P-8JX+xo#)rc@Y%OrWN9D-Cj^HcG>r=5}D4ct3<biv?9xG
zVnl*vQSk27V!Q6FSt};%>6sy8V$fgCsx+cAIi21V<HSYbNYH1PWo1T%Sr)NEtY*VB
zf>x0~$Z`sLEf%0h&Q@-Q`L*_sczo+cqTad4^!eoT3tFK_nS8#%Q}3MpP^0MF-V7EM
zOPsu>W^ac5UL$LYFR!)k5)6+oviLI53Ktb;F#wZzJw|{9#@dfw$;@q{Ty!-{E!?5d
z?Q%HxYPx2R$RC+IJb%1=KgQ<`DJXD`d?3aq*egC3m)d=Hih<6;onlvlJ@a$%s$=dE
z?X?zaEjd;D#LJ0x@&VCW=RVtA4v79edH?-E%YD`9#Ev50sv^J7XBF{|7YF^3NySF)
zkdedeQ3u55Jy5FIWej(xk?!b?h_GaRyl$p^m*c8)^X#MFinE;I--=!$(OopTj&)F&
zS`P+x3p8DoyoA#faT*Sbt3*w~_4y-mhgV0J2|H`lj;mJwpyfVI`NI7EcAkQf<3?SE
z$&!ffiPq!*4>IIV%f3_XJ_^>s(EOa}ea0DAJ;pJ<6C+w_*}3-a<Ki5fe^PV8a5K7R
z8~dg`ni<+R?UCjiu!kKp67V&wWgK^BKP@U04*E-?6$3wsczgR#Vnp9!D^%t`E&OyF
zedFt1`=7@}C#TEL;$4v-uPPX=So)JlbrMd9KAOAT+h3j(dCsQa#4ydCAhcx7Fzoa)
zEyLL;w3m~d50kYog|jPFdnWN5pH)~{W>lG;hB}|&YpAQTDhzj2%c*Rqb-u9I2%ope
z%Tle9yRW-HN7g^)-Uf~V?gZ~yS+QAWx+j6NaIp4VlKsGST7k1MNBdDY$8)s-!YR$u
zx}`Z=CumFKo%=0qRr)FCL507purhWU+`viGxWL!2JlZbcFK=8?RB9T5px<S6DD+Os
z_g57MO$js&w*s>m<$ewVqtL1{A_0GuKj_=ANFu7rk=}4`bu>7GZ`U@Zp8d!3pxG4m
z%2`^blRQf^&h4HzYV4@|EF<8L@Bm6I*#y0cufYnpdGx6}7cA9UWH>piwOlPR>azRh
z>t~20=ixQ{)0LS%GvF_=WJc-f?w~(<2bZkXhPHK*w`w<v44=9FvDldq;Y{%PIg<VM
zu5DUpd-FCeaCXpNWfca^u-fb*Mrm2Y@(ptuS2+DX(8eS<FYeHi6726j(SCNif2Muf
z&ffFAb_Qj6#Juum&?Bd*Xjm&3u)Xb=*3nM?N;|{e`h}M0#Q$5H+sa;Ct6gW;p49Tr
z=6trQEcVS)7rC?Vq;{R|ln8xef}PMt&#*VP)YF|AE%Xb7v$v(bU$;FedMCR>ivD=p
zXN?VW8kWmdFIRYk1I6BxqIY!OPtm)zbF#YV9fecfRi7<76%|(&GM)UuppKUw?(&No
zJ?)X*^lnbiZhEMd^GP55YV9J{rN<vOt0GM=l;N|~%5HqUp^l4fdPVJme)@YEs>L6c
zeNvpA=GV`0`t;ZTBOLyQkgf5~$}GLLus^$8@9%WILVq@~V^tt%7Wpe0>iAEt2R4qT
zrp}hD^y~zu^EG-P-kzMJrzEd`tm!z4I5Ttf8^xfCU_)J4-uuQntEkvl$zJT?6GWv^
zvHr0t-a<}8f5nDH>TL2?u*#n;cMmA?B5^kV1Y(ABY@~ij?{2vdkk4YJ5jjdR8bkf*
zDcPTl*1L6$MwwbZ_}FH~ZHj~f8y1zRB`EUsC8^z6BBz{L@^;C4Six)6l<Yh@LEkRA
zM0c_(9&IVztJXhunlmd{sHeBE+mz`2?O7#yw)0zwzM+NPDx{~``-A%D&etK`)LI)X
z&)DI`Z+;GJnVH)#eeAFsssoJ+yu3jS&Si2&y4w_1G;G&S)i1rWT4CK2F2c*oYOCX8
z92wDFt(?8$4~0UdL0;u(nzMPTo+<iXJF?-P+)>qXzcKlo&Kbw%=ly*Hh{g@M9aNZM
zi_chxYxF6iO>{EGSBKxY>H2$G*K39q<ou6fZrC0>LpPieGjy-0X?%Ft^&1wB9X7O@
z)!b0m_`18}P?eLgDHd1Vq*lk)QtXj8MVf<3%u>I54hAFK!6HWGwGWzAzh9L~(}oRo
KUYMyLiT^K8{6&WV

delta 50096
zcmY)11$b0PzsK<t!DG0?1_|yGoCFIJ+}+*XIk**fD^RQy*A{p8;#M4r6)jTqet$dD
z_vzi|?)#aUGiUTaXE!Nu-;4=bJTu6>mB4?d!>dwk$4P~~N;yvac#d;wq)HtpWTWHc
z!1!1cOJZyv#~Fx8$&cLRILC1TCd4+I9VZzMz?3*0)8cxYKa1+;nbCD(Z*iQw6l6qQ
zsAuhMoo27E$8fISv-uQT9j6TW%9s<UVFlcesu%B9(_U$0K29^#fIC@7Vsgi2<RsMb
zuht9JSE!i;{^mFtFbq|%lC>SiCqD|a;cN`UgP0zlVrC55X4(n2R>J_w+hZd7clwaf
z68(UQakb6wM^(IwTFMuw2IFow4d%l%<fAbJJ7ORX!X!8zHQ=966WD`l|GvHc54sw0
z$PULzf#H}PYoM0QMK$mPs=<{QihEHF-Nh96!J1&F$>*?^x3<Jg)Ek0HaRnyAJv&){
z&ESHq_{JKz%git{MsYn76W}=1z!qRCTxs)%Q4RiX%OBZtzuk^gjPhXA3PfW{?2g*H
ziMv^UB^FVjCESP^@c_of$EX><#j2Qij~P&FEI@uOCdd1zmHdjSFvDK65|OC;8(}&e
zf*QzAsCq|S5?M*yw-ti+IZk8pd2l37M%|ETzv-Ybs-b46dLys~-bJlY{sU$uqA(fx
zMyRdpZSxcC_2pJ~2Z=OPIE&Tr1!_-A9(0`C*Z_m@2TYCgP#tYU&HN;4NgrY;`W!N*
z$HL^xqJq}N47d^%W2cdraGg&i)Ihq!X2c~>OIa5+kRhn+bFma|#p3u8!?EBIQ?Co=
zBR>u`q1~7cZ(>ILj$xSbs2N~1X4LubLP8a1V0!!wGvN*Npx-gOr>G!{wD~$V-xC$p
zV^J}*7&GHW)QqpA?)#1jF%geT^^+OX(7zK+LKQoz0H;{jqn7jxDp+3G^1u_06G1*Z
zYDS$=_s_tzxE*uhHB?7&PMR3Vfm+crsOwG9Rfm&FC|K5^miQ>D!?>qRc_!2fMW8xr
ziRx%9X2F%H`_H2~e1?TE__SG>@~D9}Lv6(vRQ<K5S$_|SBNPPSpBRjP+r0l7GvfHD
z2Tpd3how-#Sp_vv*SY|+li!XC)<<|9{m+`MxsBS|SE&1won!s;lc;cx4-y=L<?$58
z@uAb-&A`&0H)cl-pfGCX%3>t8!Zx@9Cu86RCWSv@OkKZd2GkL?0^=|au6Ic&y0@d2
z^b#sa-eC-kbBU9H!B_^{Vh&t`n!$C<iSaI*Pro8qjr>T=ikC1OI#<lhv!i057HWmu
zt|YYd6Hy({!w_7DNpUa6!Yderw^6b10#z^mRr4H3hndM2Lv`31HKD1fz2Ashv8$*7
ze85CH{|T;{CCY@Vm=lv@ZA^k)Q7beWlj0K0hdWRMdx81!J!)mLvEiC|eN-@xL_OkH
zqE6EeR1Dn2oI3yhH%t)aL)}mfV`DE=v=2t@)e_VSt+D0%Fp&I1RL5^oGYq|H+KWI<
zpfReQUZ@qDYh8u0=-=5%q9h(f&BX5y$0>q^FfsN-t;{%72OBUop2d{-7beFzx6Fek
zJ*r+IEQEDYTQ>z&Z;^F7x*FjH5^CrvYKddsHlKcJP%DxJHGs;fJ?>@mKca%~5c=a=
zWKW%ss1*#nV>(WP;p8)-g0nFe#C3OAe=XfZ3UrJT-Zf9Q+89NC7HY3=VPQ;g&qRGR
z79&3xqj3kSeyscE{;F7l{1j9$p2gz$8Ovee2j)35^nq)FXbJ`8xiAOy0J)1=`k;qq
zDKlU&`O>I8uW9qmF&+8t7#C-twr&yX{_B_kU!hjU?~z&2WT>Dl=8{l_DwqbFqk?QG
z>V_Gp75W7;;1$%;enCZXj6cmD=fE)XZBSb>5p@c7VJQBIxiQXTQ?CeWqHc2%3W`an
z7+7g9974_LHEMugumA=>F*7KO8fbe=hJ#VjJqu&v&$tTLp;oB=Q&txTVR=ma%v<g{
zO-N*>U>ItKt57pPi)HZv=E1Db&5|}kMSl-Wfm2WuSdCi2!>Fi#fEr-xzf8S6sDVVI
z>UYJYI{)KHsKcKyE&hs&@iJ-;`@S$MGZD2Czu5dPo4<-`@EK}AF<zP#@n9+Pg;DJc
z!eE?++WRG#g#Mi^Br@VjjD@dJBmYMgFz}TbKnBc7J_6HYS8RaOu?fDwMp*f^ndvI5
zNB%UbJnW6BKLY*8-$GZ3dn7#g2(=Zl-kJ_`qspUE1M7^6iQedoLop$aK+SMA2H{%N
z40oYc<P0jdo}gAL#^0uX+P_)<gcKB@Kr^j?3Z`b53j3oPnq~7V?e)W`hHjxc_=sAW
zgzwCNN?|<mbub&Yz%e)p>tmAl=8@j*J?rnGU;qV~a6T&N4q^nx`CuN&6|o3;7YpDH
z)ZV_rBbe`_c|d)_bma5@V<u1+)m|^u184_og+F3;40S)5^IZjXVGwE{%TZ6b)2N_~
z``Mh^teAp)b=1r{p*oy{d2pxA|Ap!x<cqmp9Myg^)C9(1UUc`8&<NjPN-Xr%G+Ya{
z^g}TfPP6&-sNma=8t6kzgn{4811BBkB3~Ibu)&xE7u)hPn3eoDj79%Wmha{~=RwW1
zD(W<J#Vj}zJ-FAF-$4y5rsLy%mM249Z;D!hp{V;eVE|smKzxY)_!brPAJO~${|kvE
z6r}U<@jk%{qk^&`Du|k3TI_%eaXf0pviKUiVmI<z(Su=rKHeEe;bii?QTNC2_wmL+
zMyx=-rSdL`wIm|&nXQmLhL2N|d<QInd$2fu#bH=9rjIu^cBA(46IQ|8v3#7`=%U)a
zgj&Jc{Jus5aj_)^^UYQR>WOX{64Ob9;#Jh%enRb8nz%mRAd5yd)DQI`vjlbhINrk#
z$QYdK@qC<y<nIQU4vGgF8)IV12cwSnbkr8E3G{Kjd$fmwU<yuRY`kGBKEO2OzuNLt
zK|bCf&4`NrNK}+}#(X#r2`c9dYGp2?wlE;r#6~jIKq{j5Gz7b5X5%Q(%r~PNzJiKg
zzYvoTL*;9rf~z-ra6T$lc40|8XRn9E_wgRnf~X*@j*77+sEPKrj&kjVnW&MkK^?a(
zm>Pe#zC=BG0~7dopLEGkGmk>eq!)VdM;y#n>_N3tED>9S^-){a%sL769C3G%(8#Z#
zW|lOuu{h=;-_qu%qheq?>b&2_<oFRa&;&_L{oI(Fd^6P6O|@=7t<+gm4BSVKqw9Pj
zp(XK2YL+TKs$v=p#k{CJt7YwgYG5d;<GH90o!?OH9Ki&588x9Nr~wBjGvygD4*77*
zrE?NVLQC5n6?}tG50X)+8T^KdiOX0YeUtk*ov;zs#N(*))G2(NvDg=@qm$Cdxeqn4
z0~So><5a?*upIuSJpDWQQ~NljaVS>6L#QWKP#QDCROlgJ1T~X}7=hg|5;tOge2c9x
zb6Owo52F)N6Zspp_hB9%@3-h$s4bd=uJ(8@2_2W0sLz0mp+4ScdnD>(wLNMD=3qWN
zgj$)8sQZ$pGaXdM^5h3%Qq@BR*-g|Ien72IV0yE)v(j_^Gf=RN0!8y5sETnjm>WG<
zi+oX3hf^>uuE%|N7PZ$?GWs~}aVcuRfnlb8G1T>jsMF8|6;nUh{Ms<izs~0g3KT3?
zP*0|>wnA_wbG)*n23Q;Qu{qq9Z$))@3-zfMnAx0?La422fqHZ=v))53y(f!V(dsS<
zH82>9`*8kIAFEHZng>pTY-UReSgWI=zcYGpw9Wr)ukS-`!A;bRGiEpSN};x*B`Wxa
zpa$$7CQ*>YE7S^P%3*?}GOFSj)C!$Jo%b84EqI4oiNrb049lZ}c{KLGn7Pb{SASFx
zZbPlaQ&f;=&h72Tb$XCc^sYhe@m<uT*vVs7CIglvTNAw>Rv1D4Dwf6MdCgKbMRoK8
zR>9q<jso%->!7YLMxBQ9=>7b6@|$xUhDEqA0E^;QRL8GTOPZ&Exp4sMvtT8v{3Mpb
zL<P;B*Tr$<=c4XUA8wZ(Rc{Dp!TnfTOZLnb<SJxlTpvqNJ{GmaM==^dp_VYJu=)HS
zg%RWrptj1dh#62ttWAD8>U2Fp%{Zv2X|EV+CAy-kCHjd(1U^G`oV}QNQguX)_&3z`
zPpI==lt|TS=#C1ag&2;<QNip}!d%adiuT6VNvN&fiwfeuOK|>Mk_as6<MhMssF6Lz
ztDJ^Z5oT}SMVjCYEoDwe6l&mIQCqMbwROIweY`*W6-S5v>w_9l-!dj>S6~eCN6-&X
zmErvBL*yI<Bk%<t#vWzO%nFq=-*{T01~wiQoV!q4a|b72!YDJ4#i$i|g4(J?<;@Dz
zz{2E5*!*rxNB)INB8)`*3g*dF2z3k_pq6+jYRT84KHctP2);!Pz`vpo-+cKr!?-xx
zy2QHHx(zdP{h-Z1x4Iul#OH!<CG+8u2=$=If_fB}L46!IKy};&)sc%aaXiMssThFs
zQT0}$>TSn(cnI}ba}E^~PPBI=T_+ETLgZ_smUt2>2=}2rUcaN3vSwwo5>rt@bQJZ3
z`+|z{<W)?plt9h21L}D)9TjYwFbGd#BD{_PdStyMp^w`ySQ_J2H9=MdHG@8=>%&lc
zHW@v*2^9+$P{->7dOtm@86#2O`5L2wu$L`gidxyd7^L%miG(_OfLi*OsFBC5Zh|ul
zhLVp$54J~jG#)je6{wXsZp$BGDe}HG%>89iAIB|Gu{031VjI!b$S;#n$Nn`<!)Z~$
zRTR~67u42FLG9rI)C}IBW*EDciG{SNr4B=1EQ#9MQt0g%b>BwRiX5%Q`PTs6Q=mP|
zP}}TbWmLXDs)Hq{2DYO<tX`r{Nmv~-@MzRP+oI}^L#@nW^x#3%iakIL(5Y)yCV5@X
zzm_hX0v)$ns0N0i8kmFXXeVk#?xMa4C8}qFC<1j~ZB*0`w@$a$m!W379o5fS)IgtG
zgWUS&IOIlk*c`PLBT*F>p=Q1x6(b)o0s1yDL75o!VU-?>VN=xeWC3QygQ$*QppI$0
zhGs<)qdv~vf+Vyg)i5o#M=jMj)VW`d8qjvsxxHww$7p1hFcfuPNmNHoZTTQntjt3N
z-wD*QyN6lu12Rz832khas5~mjnxIBD1$7Emp}uq;NA3MrjKKU&OmOu^t<XBu7Ck@(
zSJI{?hRUH<vMXvUr(z8J4O8g+?<S!UUPaCLmDRtQ8AvkJ4D+J)vIZ8xcBqwGYOn9I
z*Kb<iSYtOgTb2gZP99XORLA7>@3bJHy&q&REJE$!2Gq>2pk@@Wh1r@Ss0U9S)PM${
zj@cB{X*!Nt$qyKaSz4M{2uFR`wLrznP;?_n>?Wb(_8qmvnOm8Lo1#ubZ`6$wP(if{
zRsRy|G<-u1C~Ir8WmQly)ERZ(IMipr&#0}~j9P(9tvUbN>qiuL&t)5PV{+797O=KM
zbub_G?RYOL*#5Now>9^NqPDUKY6WVbCNL5e#Pe<bSL^AvuIcar1sajl&NL7oHJ~i0
z^IZxRJY7*Unu!X|&8UH$$MX0dHKCI2O}q6`TiY8opgHJ04X9Ia&n2NH3Fu&!C@01y
zUj((prBO@X2^9mgQ3E-GI$qCF15DM?G*|((LOoIK&PN^F-KYV-Kn)<UlZi1mBMB{K
zG<vW-YEQ?bI{FoL!%fso|3)okvd(5D@}UM=9W|o?s1KKA=smWmApMGZfF<l=o&#x+
z2bt^SBcVMihXL3abxb;-mU=vD1}jkmy@u-GJ!*g{yBZ@=18j?`_XBFlSE5$pI(qO6
zY9&&4Q$L))VkESLjZo1)4)q+^hno3C)Igr2wjyqKQ@;QzNL!#cCQvc68MQ*EP+RdQ
zDh7gk*yjj($k)JZI{!UMXhe%p=XVe4hUcg~5AJF9ssw5Ptx*k6LCtI%s@`?f0OIsA
z14xHjk>aQoYmPdWqft-HCFp9;u9DD_`Svz9q(ya58r5M()E>`55AH?H@D8ej&!{a+
z+sD)^iORP_J;=tQ2CyEzD~cZS&--xx2?8guuZaN<YEQ#a!PD60r`r5)s1Bc@j#+R&
z(_j|VeUa$Fwx|^xi>kL8wWWtq6TW8k>(BYu%yaZNH&#TAup??|N1$$4Zm*w3&FmFw
zW+4O2jKfj&nxXC+kBW&kHh%)OHP2C75M!VT>QI-2j#~}XjYCis7NZAu+44V7Oa2|z
zaf(6aTW}<5Mf#xHnTHzS5%l0A)P!OUwp)vewbH0|+!iF%@Hl&68ET{lQ3JY(ih*ya
zhO!JXOB;#ms1@q^NK}LCQSDtub@bZiLs)6GmkncKW#lu#b!wZ0(;T&Aol#G=A5eR?
z(_TM|YWN1~xV}f#OFz^Ms3uk--v<>t2T(!#9u<6PhnWGEK@a(km|5q4f;Yj>`=}dl
zq4qMtaFZ{Fnn^cQkWEH4xD~Zh*HNeCt-YRdgjtbDRJ~59m6>Yu+fXt02j-@K=M#xC
zm~Et4qHd@Lr=eD42P!76qN4h5)K(-NWu9=kFqnLE)Qr2MI-Y0C_o60n78N5eusWs~
z&G|1%q7#XjxDt!wdeq+jh3YtPjQLL|Sx|eJ6XRkv)Cx32tynMAz!swF{fhDND(Vsc
z6t$&3W6jnj9?SXnr=TnaYM>(OhF+)+MxzI(qN02gdV>qKGOtks4jyM_RvGmq?2mes
zuS9)z+{V}#GTsa%IjX(f;|U@qYEhsY`=MgsXVeUCptj;GY9%uMU_Q+vQ8THF+RKip
zcE+NDat&%CH*NU~)Yc`KU}B*FYO5N#B(ztfP)oPUdH@w{*R9S(^9zJ9EJS%T)O~YN
z1Kooq@D3{2(oQnRtQ@Ld6;yjYQCl__^@YdXWGfs*?a^b@N_<Bxan8x+#%R=sQx8-F
zi%~(h-R6&@W_}MffCN*_iWNr1Qf<^q^+tVaPD3W_I)_PUPyawI=||Lv1E!h=^Pp~Q
zj#{B1sOz&(TeB0j0{2nv#F%F8^PmP&4fO@2FDm*cVi0ae?|=V4MnVnVLER8zy2)op
z?Rj-nN1d%RQ3KkI<?%Y|fs}rR+2d-c4tk=F-Eh>vf3j{z?fvhV%6tAvXa-4VnmsIx
ze&qY1R%8%*a0;rSjn?Cshx}dC1QO0NTUQ7*ptd*(XW$G>Kih1@Hq->JqN_cAM?%q=
zaE^)Mg6JXN05!0IsCqx5mUt&>WiF#WUf-ZT0|Mrn7zsz7?M`ddz`CPWa29%S4=ToP
z&*l7UPlD!|^IrsYj9Q_BW-Kb`R-(4%vc3Kl70sdZ%{h-keWMwI3c@X@`yZet=D)xU
zAQNf=Rk0{`Sit$$17ZaQs(1y}@F!G5o*zxLRzq#Y2-J$qMm4k@i{M3D9=y<8&x6|I
zny3j5LLJ+csDAFEw!q(AWIo43QF~hlwbWfu$7BNPNwydDgnW;M(X-eLr~&HOcEM;I
zg;97O6`U!4GQSIIiQ2LisFgWj^X@$o`nmiY>X;;4VuC6QY9I}*{ZS*HjhguuR6}P`
zQT`J3KnYrE29y@{oG6IiB}dioV9UoN{khIk658|aw!$B%CHjimd(Sen6;&{t{18;|
z{EC{<LsWgA<z|2xQ29ty%(OzCh96Ktx()N=ee{0+PqxBzR0y?KZP0_$P<yx;HS(LN
zfqp^nz<xGAUROcQv=M3xd!u4yB5DPHLT%Ar)R*1Ms1<vHiCq%0SDN3=q(LoJW>kZv
zQOB#1E$@R`;;E<^F0t1SqgLWJYKuOjf->1JW<WJj_jN=a!$GK6T86In{tO9??7pq=
z9@Su)Rb~K1Pz}^VHP9M0gNdjo-5S*WJ25t%L9N^sR1iC>&4luyPERzdy)LUc|9U{U
z6nJnMYQ~4r7jL7M@E*oMXN~z@5EHe;@lhRRL=RR$)$fYMa3ZRm6Q~)VMy=cj)JmmT
z>zcg{Uu%M+E~>(C)SfR#?fGHUbKwc9gWz>$1#+P3MWbS(6KY`dP#vs8t-wjlhu=^^
znRmVEr@l)<9SlNsuo$(ZM^Fu2LVe6WL3Q*GYHyQoFiTkrHK0DIt(<|1p<hs2bO_b%
zee}mT8_fy_q1tydlhBRDP+z&KqoTMG>cgcMs(}@#0h~f@*>lv=#@}RSlnCRHFN#{~
zvZw)cMXk&v)alxVy8khHbp8W3o8ZWast|=*x}Hb{XA0^GxDmC4k5LV#+G2vSBI?1_
z12yxp7!Q|X0Io+pH+G?x{%>o_t%@C&-|djl%sQfu-4CcGU54uT0BXelp!Zb#YRZeC
z2HG99C6iEFc^oy6zpxy}{>==yDr$uXquLpZN$KBNW(#(yfc#Zd1Fujsi?_`fiVDtf
z)Cx2}ZOvHJQm;cj=}u!Pe!>EnYP-3w25JR*qXw`5UCnG82_3sXP><FRsHG0uVNOK@
zY(st&cEabVnb+TG>i0o)xE$5qQPj8J=cwrahKiLuyUYsZNA*{47w2C~--7}z{WMfV
zt5FY>)2NlWgE8<k`lHWob4p@j1@eheOWhQ;#4AuMxe>J@$5HLQN3|Dck6Ez{dpQ5P
zP?`eWPzP0^3u=brP%*FqbxQs~E!`W`z=QUh?+-aqr==+>2BuoKqJsJwY9KN8nFm&0
z)Cx3oZ9#9;%on1TY#(ax-=cTK`^^m*P+v?+p!U2As^N*KPq!VY`yZmVGT8x>k3wA^
zfSSm1)cySZAG7q=Y=t)%iwmg_np2Pwb(~702dko1rW@wQiKv<EK?T=U)K-2+b&%|k
zdC-KTJ_ReGCfWj-pzDkzp=h3mTGC^vsD6yvnxMm`JQUSHBx(ifVIYo0bu<gLQd@2Q
z9P0j;s4ek5Vg?$9dZI>Ph|YgC5{mZbsE%i%mTITXKSJ$cz)@3P2(>jWQ8Vq2iiv5c
z6<CKlrk7A3P9IT^+R$TWq6M%p`IeZ8{+%C5c<?YP2p^%M{TnLy{EwRlOi@%reNcNo
z9<>F(p;qKEYK4-WFngQ}6$5239DAZBw%V3oMpqYNoHSpDi=!IskBa71w)`e)V98FI
z&+Xi(m5M}tShYnx^ZTGyaxrS)7qJM&J8kYOhYG&B7#BO8=KO1q`cfdrqn74J)Sg~J
zJ;C0iVkG++^UQC6`N<DQE%k4x*tw1#{DfMmlxNL-xlmtB8lxUeZBRkmPrp?1keEh+
zI@*kSf;~Y6Q_wlH_gPS%3AL>~QT3*xz7hS3TDe=Ofd&6=R;Uc>v~)nl$QV>iEXA03
z$|a#ayMU$fDQb^$o;Sf&A9X_yR0s1>9iKwY=rw99KA}4DTrhiH9JOMdQ0>jbDR>yw
zUY(0(Vy;Ufih|Xs2H#>{{DKOqT$fA-O;L~7QK;i|3f18&)OilPZ1TBKK^Kjh*g#u8
z4YgJ4Q3E@Vv`_qBG0~hG^#!6as$yGIP>n~$!WPt)TtE-LK<#1hRg=$x8hAxi@D4^z
zXgzA6+fW0)Wc>$2)qm=1ro)n`k+nc|I0Y5G>oF3aqRw~r>n2ueq6Rt+6;x|b6WD_a
z=3}TQ=?&CC@1s`aE9&`?=mrDV`Oiv14OLPBc0on+WYoylqmIof)WGhd8gy=&8KpoC
ztOTmOHEIB^%}+zc&KmUKANKk;bag}gKTMEh!`kHQpk}fL)$y;W^M4Zc#Ji8`;EOE}
zzGcpPCRCI+K}}$Qbsj2ccc2Gvqn;biZO*@zJovU*lH#a6u8ASo1+_9Rs^cZ7Xx@qH
z=n-l~eD9d04aHFMg;4D_KuvHg>Xa<O06d1;noD<F6a9Zspbj$LH8U%L9`e;ur=SPw
zoG(GG#0k`r-?P`_+%r*M7<Ihbp|)-+Y9Q-SkL;VM0mZp*2A<v}p_!IK&8Q}-gRZuG
z3~H(8pf9dQKU{}paTA8)N7NqYeqi#=t#h#i<-el_9P-c@j+&6$goL7ZH0lXA2Q|W9
zQ7du|HJ~TxL7zwFSf)cg>!VS}YA9-nm!W2U0@cBv*5E(Qec`B2)8@!$gv;MlG94a5
z4;OBsV&FR}Xi_{j<t0%;)eP0}P%MlqQ3JSVjrqh3Br7U5s-f=difV7N&2K^PpZ~o`
zLJj&q_3{2Snd}%vejIA)e@A^<JwPq_OVm;qcxF0igL>wVLdD7sRM0*}tw`W=V?NXX
z>SIY9g5LALhlB=j8};an^_K~jf~dW1i3+Ous0I(A8hVQLG5Ce~?+5Ks173$(!TqRq
zZ=$x;|E1acG^mv+i{A6!iiGxT2<mvvN8NY?)zJ&o6D#2>6AM{TPqIk#U_Dgq^hYiA
zY}5dLL)ANv8o(2q_j_%gD=A)c{uNxgDA4D1l(ix1+27SxoQoRZI@EwpqE_k^s)Mv|
z%#s(xQsnESj@<&(gifI9ze5FehPV82KOg?f=v&Tz6$<wM?c@EcQX%hXhzspeBcAZy
z$N39aU@*@3V3uwfYL5@1R_YPzcm;hl`2wg3G{z!0#^w*$>(8x;+<(k328*F8_O@<7
zo!e)qFD6+(`FQ^Uf@Y|g*nsNzF=}8TpUv~bgBo}-o3Dd<@bo|(yG5uKIf>dL_r1Lk
z|BDH-;;0I3FbJojqIxl^p>wFE{EAxQ>|f2EH$ZL00MsLPDk>NkqE=!fY71|mR_Y^C
zkDvd(nW)Z=YOn?>h=!sE7o!^5kNPmWXs<s(1!bJ?rh~Mo4l1B#)&@1>VW{9-iyHVz
zjEA2vEB*65%-7pc9#jKSs7G-t^x#m`arw!X@3Y=S1>;B5%B1!&^(vz7Z;v{zqfqUx
zwjM(T;X|xX|IRlOnqfU(U+<&1BdWu}sJ&f)T9GxVtvQ97!3XSxety2*E$W8~%9W@U
zIEh-ZN2o{qXVeM=`kVfWp{tQrB~ckWVg=leh0rgCuXpK+p&mdDP)j-jwe;&z13hfZ
zAE1YPNK8{d59+H}15~h1!0xyOpJ7-mU)PBsks!9OH~MR0Y4VeB3ZBQg*fNe;!mk)g
zK1Ez(G1P#XptfQ>YRT85R_qei!*@6ntHd+cA7C-^aRXel6j1?YCJj(g+#fwS#g=bG
zeaM_cJ?sC*@|Y#i*Lxg$pgs*(p^ot_)Xb9ynZ2%ry1x}_CC8$+YNJa+dvy`3<4dfF
zk-@%BDV%^h&u1|&K0(z_72@kXE#at`XpP$2DX0PNwdH@KRwiwHQ(gvDuRrP-x+_U&
zsm`L7_9ZHs<0mj9ErDvFEo#pvU<59~qIe%Qle7uVOiQ8KX@~`IFlxq|QCoA<>YK<r
z5ZB2}LKo_y9u$MI68?;O@VrGem_D&-uq+lNKM*yrO{f*Rf~xo0UQd|B<SU{k*a@R>
z0($TwX43h8M?wQgozz&`+8*^lnv6QHyKVk5Mw9nXW@4r~D!RL&mUIrP!@airHU^Q8
zmE4%bni0MK{zrZinn6v}dF_nag5kD&z4bV%qx-0V#Y^Gqe8R%0`|_tWu}}dc$@fA9
z>95xBSeJbHRIH#6PgZo}Qg9`;ulH9e_b?9mSExPxgjFzg8ei|9a_@w9$^V1r@kUx-
z?@zJoJZ9y#q6T&Y129gg*@7gf=r4qtXd{e;eL^|^bw~`Mpaxz-1x@C3CR&@Io(I#h
zEM7syM(XtDc(q3zyZP3$s0Wf?2D4J>Fdq4esAF9R^*y6A>cKZG1Lt2O{gDFg(JIsf
zWjktR9->D43U&PAW;6pUj@qIgs6AhVilHN@hM%K8bYh2@nTDZ)IVUP;o1m_ba7pOK
zpU{Ixu>?LwJ^M3d^7XDzIO@SN2_x`0Y5;LFo2?5+JqOC7wyqoM`gBxB`%tlS3u9x<
zEM^7WU=mt^NYweRf;z9QP%AJI^=)?!>J%JDeVW}v4e&dv;oz+1Ng8ggh-$YnYU?_n
zCa?kZ1?CyDvaXXpn_1f87|Mli=)q~InQTTa>1EV+#W$z{#LaFR%7pRBH$^=eyQ2m=
z!RD8v_I@8~pjR*uzhiox|G*q(5A&e*sGiM_#R&52QA_p;J@^mC#1uKrfI?9-ER50U
zq8_oQP+RgD^}q_tWrDRaYKy0$_s{>GBcb5>g1RwRZeQ=82Wo;{$uGrPm@tnSP&-up
zUr>8|6U$+oyuMCztcHs6O{gt6g8lIVYJipVnSswkS4+H!gl@Qm3Gj*a3+huWIKNrK
zNGwUd9_m!gL2bn*)ct2s-yiOyPE(EoCPs>(o`}(?t?GoTKcoQXUmZ-NKo5>XsPp;;
z6(rv<3JVrA50D|KAX<VtMt`6_Gkn9%K(nJ_s0nI?hN1?z8MPJXQ1w5fRwiR1&cA{t
zZz1zwsf-@-b1?*Wpk{i~`Vh7E-*F+vENo84a-2&3GFHQOMNCKAQCoB$HQ<n<=9Cpc
zJ@_iQB=j-51Qn&XQ0Mg>YG4VAnev>d=q-!d!_KHB+<|(uo<TiF-k|CwD{l5U0yTho
zs0Y<3+>UEdTjI7UVU}n#>Ub?h#l%ijg<GhRe?v8#zN8sgC2UE)4eEHFKn>^-DuzCx
zCJ-25VkR?cCEKBn=Wt}gt}~y6I^KlZ+Y_jn#E3K>I@xd@`E58HYnC#5d>Mz5|A>>Y
ze`#|)b{SvqZ%BT?7?e*&wKo&B5<5{3w8vOT=RbK_Q?Ul>iB}JOu_bCH+Ms4W4g+u_
zDya6L8oGfBs(^Cl$ypFp-W0V0Q&20p8r9xO)IeTfPWpFJMw#fZh<fz)Lq+dTsE#h8
z&i8B7=X{~^=9E-Mos#;f6`G1eFna}a{8po$Cp%CNwkN3IOkUBn*8yEUnKqKBfse5w
z7OiCRqwy~JYgit4Mw<tae`V8fS&XK<7e?TIEQY>S%+C)ct^H72yV2&KqwdRCmGiH2
z*`ul%;g6Vx{Atv4;W?JXG}X)_vk4X=|08N9mr)&Ns%}=W6-JVuhWg%c5$j>H8m7JO
zsP7j`Q6F~KYPhDumlSAegKC<F(xaBPIx3pSq4sP6YQ>JDV#29q$}^)LV6{<8JpyCl
zX4IbVwBAC+f=_MpKnit9cqoX*Q0$B$I2qgEVpMR&s$*6l52}N1sAIGkb^NxYKVCvV
zypF1O3w7**>YA9yj0(zd)Pu~eK|&*}j|XrNmc^3w%!kh?97g^f>YGvD`X;)U;y&^h
zQ9(MhfmyLlSb_XgRM6&cXz~M5`NLQn0~&d^)^%EtC{Do=oQ-#EzF%Xrx4)wH`YkF*
z%QW%z{%aPqQA?hwsrlKiHjW_w47HM7o7s<997z5gYDJ=(o9lznd;S-a&@s7!dQik{
zVZP&K$MQb>rqa5qrTO~&ww0+@skNDTchpu)LT$y*s8~9P`n0=>dNMvm#nLxa(8q5>
zu<HC5BcU%CLr~E_2J_+y%!k*o1O~P>^`cS7sW$2}V+!WRpHX{#)n0#tg~{h=XM(gX
zDnA3Ya%a%{-~Yal(1`N4H^-|fYN_U+W^@co;R96EXX;>PSQP`ww?fUZhjp}d9xB+@
zp@Qu=>a*k=YNg+G;QTAPQ+6~_Ult?D*Fl}@IjEUk!t@xkldrR%Ey;>{Qa<l&8cy8B
z#84{K@oaz!%BiSeT!*Uv5jB9&u4aqNb>;l)K{Jp7Ey-HclHNcy@CJ2WgS(lAbD;*-
z26bwdqUs$%eTdz+`Om0tK*_qBiDkk#<O`wNFNNMy=aSH#4?=zJ&qsB*9o6tP)RXEx
zDwqO#n59pHih+En2D_kwa1`qKu@Fn*delH(qGIeD>cJMPr|HKnNkWgxrq~Xb;us9*
z<?A%X8L0BVaUnMD?d$zVr@r8Q@^$<8I$f}6UtjNE*IkABvic1hV9kE!OX)gnNj{{%
znLsZjmRx5X2@e-GqE_HM>O<%iMqtqaX2gSVBl#`31ltTW!5U|fd8U^_)$fPe%I&BX
z`V+Nf=?0q_H$?@zi`n$~zlwy;|7FaNF@~5eDS|qF^--r`B38!TSPJ9W*r|d#B|~v8
zE<kN*!J#I$YNH--V^CXr7*+ovdjI_opJC>P%BU#qgx7E;24L6WzTUqbKL|CTcc=!k
zj4;>BqCT8zpeEv?+F6H+g)6A2e~gNuz>#JkY0=g3DoH|1)y=vZRsIMSEJ;V12U1nk
zX&H_>R$EY8^$qozQDL;%lF6tQJ7)7Au@c8N&loe%!DG#b+N!afe?15;QlLHggt{@~
zII|VCQ4gH)r~z$4eMa23`GMojimXA^yMvuE_7A?^Sm=ZL%=iuU1dThvlvhA)<@gEg
zRWOOG6e#!}qaH{xCz_e%MtxHmh%@mRPQoUWO!;3}lzfrN<_DENsOaB=I(`YKn2u|r
zCNK@PRR=KwU%4c-ba|%wdVjy)7b}rJiZwCeG_wV5QCqYK8{u`VkKxnJ4-!*RGklB+
z&P+4R%5=cy<QJljxiixYuncMi+_@yGlK2y&FnpFdJ}#CgzZP5Idn|+XXZt#<aUm)O
zD$X%KSj@m`<aeSzyaMK$0hUC4=*&fJ?FCfFe)GKjxlVNwdce#@Ev4^#({TyZz{a4y
zFkC^+JjVjF$Kz44^AR=UG(VaZYK}VZ3$Qg_vzA<F9ze@c53D$gB<H^$iB1&!iFL5n
zV&iJmUi$uI@^w)IS%)h3Ut*TDK576zqPFf1hGF)lzRnq}iIXwiGV={;6PEDfs~Hxe
ze<$@yUnc_Vpn_&LHpDB~81wyN_I4^pkUxk2VEk3))WlnDqQ4-<ro0K#zS9<yV@I5Z
zqwpRkTVp;=KclN9OuN?XSy|L~ynYyo%Wyb8!h+a-of*JlR50B|Ep^8AW~*ADj^QTM
z3S7q==(E9WRW4MJ)<&I%85=nNg-9HxKwlufVK64xXa<xH`;)JYDnE-sc-!V*pq^;o
zPy-LyWPjm+A>^Ym6*fk#!~jf(GcYawwu$qfg2WXHbi*4=fPS0Jk61}i9i+nm%#Ug?
z5;dSE7#F)>0ql=jsr9Ju1CLOT>~E+U=iOpXSxf9qezi+NOC7q^G|&>&z+BW4o<lA1
z2h^iD|F5RJ6KWvSQ5|hSef}RqP3SIa;9oElgMKr|E;s6U4#9ZnZX}^4-Hm#-pF(x~
z4fP?CahnO2DyUDj9yUJ}wS-$y4PHXkkG<UtAP;H)(U=6Apgx3pqw38wdDl5;3m&8P
zF#ZlRfa0hbw?YNg0#vXb!Up&hwWMWtnmz4<dP2@cb#M_2<5x_N;k(TJ4N+S%48wH(
zw~|mtH&LI{iFTVMtAPrdUZ|N&!koAmeeo>n5q%!@TnO7^CNKzdkza}WP`ipc1%7+Y
z3g<xueM?M7|IPvu8tGnp;UClt^6oPuZ-|Oo7xf{v1l7Sl)XKa<Ep4*>=6gYL)IjT_
z%EzK&Y%O~5C2EU94sibUjVGLhmZXz)G3v&PsF?T%6<pa4niVO78b}k=(hfp>YA!|v
z?+Mfdd=8nJXGOJB57q8?n_qv3^RJHYQV<6dA2#21)1r=70n`A?qMnEYP&2=bij|m0
z%#8D*>Q_N6c@xwC$60?y4e&7Pbi70bbKIk@S&A%2&B&{v8XkjM^3A9yzl>Ue_o$c%
zK4xZ?1$DhH>NxgA1?3FXsW^-}o*z*kZXw4_5Jsc6podFB!7vv!)ALvoW1TShDAX5*
zL8yj*L9N(zRL};UG+R&(bvinr&h-@31Qwu{d@m}9A7CK9N3D?Sf67FAI@CEWgE~eH
zQ6ry)n%O$klkp^KiEp7AigVg5Wl~g>7sQ0v3iaUWhgzX|m>74UR^}Wsao6!XV`fwg
zwI|(B4NbQB-55dsCKkukXU&ICLkuCm2o+o#P<wn2t75=8b1WO79?hGu6h1~xG~4f*
zpv%u<BoxIBP<uZF)!-`BQs1=KL(ZEe&X3;us9+p|T8VY23G703a09jUZ%`|d^n$s+
zFlvRHVp00%&t}@FM(t_Li)JPzP(jiTJvbS)XB$utoHM8aXSifKs)iasZ%m0ZP%*Fp
z6X69^^gl+m<9C_!uLnga3GGQW)ZUIjo!@n+0bRkm7<|R-Wm{CeF{pZ*P)mCQ)o_}t
z=2Na1>H#$pRc{R{I4_~L>h4v}e+d%tu9*Q;L@oVb)M;3cTDk|QAc}e2oPsda7Su%z
zWFYETu0RFrKGdoC19gAg8z!c*qskjt$K2rjYp=FYpuIYYTC!KDnIybvMw$n8OdFzR
zGy}C_yHL-Cm#E_x`wugaoTx1*j~ZYr)TiuZTfPuAupKT5t-wuGhbeEF4ho}|s5$C1
z{D8%AJ8I@1upp+qZ3a>UReuy}1=phndKVQVaqgIY3ZOdfg&MFsi-d06g=O#&mc(p#
z&4*G))C`uRZa9Zpq4%hPCBJ93BnnHD?}rh%3)S9NRQ*!-O}nj853=RR{jPJFL=*-7
z56m~6Xw-^~Lj~tCjKmM9kr#ewPDMl1_2H-iZnWM+4J6hhbM7mlj_EMeBX}cf>;A&R
zI{%(OO@|FoOEnj@bcazZ^B1b4q>oKdmP0i#(B{{nI=GLD@`O*!fQq4>cx^F04o0;<
z88xAu=>7fwR}#f2$o|yqU3=6L%||WyDb#6rgK8ktGZTz8Q5{b}Mg1;Ye$AFAcy8*K
zLPdQS^x%B-ZaKP|$s-ba&?NuMbQpnp^0h$?WFBgOCs6~4{lWxme$-0UKs|T{pawh_
zwWWJeTN&%6S;2DXA>SJ{p;<3E|C+%`3N(Pvs9;I=$^>6o)W}^dhigzl_ZIaC4Sj7I
zY=mlXFnS+Is0Y^#)Ui(Z#*`OA4Y)ZfX2!j7O@~`3(6PE=FMLJ?OW0d8^A;FEei5qP
z9jpJ}=8>8i)o^J{fE`iKl_97Yn2B2Q)u_{T36o-C_no;R2WsgeQ0Kf2md9nN;QI?(
zW2*ONC5EF`<~VAG@2x36n3+bPX4oFJQZrD;@hoa(5`8qM!;L1P2hVU+gNsqe>@;di
zUZQSD@{d{iDyRVtLVc|6u;s5%E0gAvc><O~wbuyi;5gJo?x0p8__KG#T&FMz&Ad5k
z#ADEdn@~4gz&Pmp#mqDS6|{L!pZ~2;G1D6rOLMRd9z%7U>#O<EZ8TOTKONQXef0kO
zUkSdM|NfT)HIRH57we-wR9c}%JOs5;D^V+S#O5EPW*+mqxt<kuO3GtQ?1hSrfvAt)
zr5F$QV0xZE&IuBl!3)#?;`7tH_B0$d;zp>TS%Zr5=cwZt>f`4<6-_WU`Q@mfT8HZJ
z2<kMvK;4(r*U$TNMl`Cw(dhm6e|{mM8D2mSenmBu#?Q|i0|imn8>3Fe7}TfRLDX@)
zjp{Ja-_QHuQvek+ZBa3_2-V&Z>n$ut{=L7S`TPIHWB7T0DbyY-ap5=A2>oK3hQm-d
zR6*_COjJx9LJi;yYJgu*TNW0}&wC6bP%BUqHNZirm0X6}!UwVV|9_wn#*A%dmID=B
z?NR4=0j9<Es3+N3REI%vOvA-c`PQfgr(;9hih3f(k84&cHwKfBMjgjSsP7ZAT@o7k
zIn)iGP<xd;o>{^wsQhTu40fWn;6CcKqzy3lRm8gF+oJ})A2slcsQdp$O)N{GpZC$;
z2o+=Q6cRe8Tdns{K^Pq5=l!!^1yI*VqP}o!M0M~ORqr!ut3reQyx)Y%ppIc<R0k7L
z^)_K7Ud33LBE(Op!FAG+(8!9TR-hZI!^x-)ccDIv-lCQ|Q+%@(wK1;`Pc|%uM-!MW
z@lWLEJ$^Y*D^(xW-c0KO)HkG;UR_3>*w4}Vt%-_-zNn5DqL%Oy>PhzwwP)Fq_<6s}
zwL&%A6E)+-sEM4z3h0;AY++^VC{z&dMy-f{GC!v*{X1DnXfL~=_G&&x;W^ZjB};Ci
zwgFZqKMys~$Eer|PGJUC7**Z_tK(d(iO*2Sv1CePUsN!!M^`g?K|(Xhl*-Jc7HS|P
zQ6t`tS~4fK8E9VA^~P8jr=dQqPN9M{aT+tj;#i7&OAN&osOUdt%l*=F{>xHOF0E;3
z0xF7+pguO!c+8FYaV+^d*bQ%6tA+YG&B*UZtwg$XrsHT-hdoeRG6NMmM^T@G?@$vc
zlAiOgMA!6w-fud~P+M^cwIWUi6I3}+dsYYafEk2}`dO%F`gYU+F53JzRO}?rXqLP%
zDn`1azES;zTG8_^2?dLPn4kC4stW4kbvbGV_ff$ZBa=B!#ZUulj(QSKLha>l)G7Ib
zB{6qqGw^Px&x*OI4lkqHi=D-+xLcBh8tRXFRIWrV)$gb;mEZ04R9VgOtc03z2UM_)
zLe*P?8t`#c3_P<Y%;x9)CR7wXl-EGj>xta&Ix|V=L9q+9WOq?NQu$;zOPm4~3&l}e
zP!kn1{ZaSr#f134UjK;N(lj~zyg&8U#3ba~p~_v<0Jos`@BiN<p)V3Ka+)Pff(nv~
zsE#M2X1p8&a3AV<a2gfOe!0xvmOyPy7fginQL(fEHSim#c6@UCIlh<*Gwb}PB@r9T
zV_d9`s@MoiV_(#k>_i3G6V!1_n8!5K2o+RKQ3IQT>iCE)e~mf?>GGNwsEvx1G3e@>
z%1#pM;7?SPCeCM;s4OZbI%92|Wy_zVW|}C!3ARX#AU_P%@B!2V=RGReauzV{wnm+v
znWzb_FTnXvO5y|sYVaQFGz1qkPqg}|2Bx86;y7xc_fQ>#gqsyAk6OVAsF}}1)!&C|
z{~9L1*Ql8BFJz)WOCip`qQ4~tTH0x-71@Q_qsOQlo?#peDQr4OfeO~Ls3%}+>mt;^
zuA!a}@r#&Kk{{JhLz^Fp>gQ*dgdV{cP%{rGYWAv*bsXxr>_QLTLe1nmD(VvyGXn@i
zO{5tr*e0XS`&Lwt{)t-Qbj8gVlB%dv<aQ*XCEJLN@Fr>og-e(jbVr?r8K_veX3Kp`
znwZFl+Vg=Jfa_5o<GWDp-ay?KGs5I^p=RCynSkqzCZS_C5A`v;0kt9*QPCV2X@apd
zMw0J{YH%%9$IGY~$y~}b+!VFvKcKdBDeAnRMg{jfYsS**hx1pP#A+@~!mU`OjM=kS
zsJ%^E*4$Vf)zL6i2ivebo<o03Ud}9i8q@&Gp!U2oDi)@pX1*1Z;9d0S{C^}7ACpI!
zD9(o3<NVkPqp%vTvE^S;4Th9A$1Wc#7J8wUek>{$enuU$%cvE8jT%_23T8!equY#v
zdL;A=-;N%<j9RJ>sG!MI(KJ{K^`IGnI)+<ND{>DNGs!ENe05Y1jzz`BI@I-hsI5&A
zZThPj&H2{@p&JDr9FJ;vHEPeUq4v<HvN;9WPy?!r`tTWmite9K1G|aZn!qaNzKp1t
zs)~97_Qcq@!j`YE;+m+vK!F;*gIe0as^()eH)<fAQL!)+^)ujE)Dr)Nnn0>*#)7B`
zR6{NO5Y)`)q9*b?YDGSyeuB#7RyRRW3AF`%QBgkw6$2+wLG%ZPqHhhev>8x)S`oFU
z%~1D`L&d@h)XaCFCUy%ouy{31zOdD8LqZ)+M}0gVM~(a&s>9^9%nXX68t92yk)Le-
zII80hsF^0J?dSb7A<?L>-?LHmFQA^7pD_Sa*71IE;qU*DC`LhB)KV@(EzurSaJ@k-
zb(Xqj$?Bm#UVEW}X&jcq1E`tCsAqyVFP10Y0xRQc)HkJnQ1uJd*LBX{KoXkiAq>Vx
zsF}P+Z9&ckW+0KMVC#qKcr$8-&r$U<H}v!VcYva(b}FDIR3AOq6E%<-sDa)?@9+PE
z8<~bGp*k3Y>fiwCJby+lU5dtLuZv(Z@-5N(s~C(&eg~?<Bd8$0gE|#{O-#r6QO9~X
zDu_3st0g)|LVKIMsR_m?)SmT39kcnUtvG;<@E=qMb()#${ZT=<7`1Z8F)sQvHys6F
zCGuHO1L%Va&K1o$|Jv&l6lliZP)i!#!h9v`iJJLH)D6o}!Fmh}<2O{$7Ha9|{ljUU
zQS}2_nE_|VZsc2{g6<+}>F=UG{eoJ%rl3}9Kkpwx8HSNuc#5i+y^Z<Qs*lQ##Aw`z
zikWYyt?;xpD^eKsplO7f&}7sW9K!(o2Nmow+nFFN?UK-pMx$=rg}U)2YD+S=HyzhO
zMePXGmK{MYac~E-=P6J#&yQNETBrf`Lp^xrp;r13s@_LbJ8rU$=0~pPsJ+>a8sQVv
z=XY2qbKI(9Ao(_!3VWeGw5FmuT8et29k$o+qCV}up$3q(v-v_&3l%G)k#g5rPeM_9
z4Ha~6QA?Jxi@7lxbweLi)GorLxEpmkE}>TDZ`3!Q@UCV{+M{MV9JRtrusL2uO{7RS
zeGI#N?Iz)&pebrEhoWwri(1O<sObFzwIW%%+fPH(%toM&;aXITJVUjUtcMA*Jg9;9
zMV+RZm>74V_uv0LPeRAZucz7jFjU7)QP2JnsF|*`9!1Uck<BOTWd;<E3bHn+2U1V0
zilb5OUAE<)P+Jz*oAa+@l#7Idtvzbwvr#kKfZB@dsNjs($81pv)FZhK>i(IiV|W&I
z{{8!!2^B+aZBtZx{ZZcwmZJJO-q(-6|3%^+1^yVbpP%E0@h}2|Q3I=n8o&@Ni5pQ*
z%GX#9v-dXx?TLC&Eki~74NQW;1I!kOp#~I%TG8eMIRD-~r$8f|i#i1dQ8Rms+Or%3
zO$W75OE=2qf42Fns37}<dVu8~WMZNdYR0QjD|QZb|98{`Lfye;hK*1a$D;<Y0W0Gj
z)J$>?F?-$uHNzRGU_6OBX76ozIwqu!>Z7(|ENTV!VOM;CiisveO%S^4NGNCyVQu^!
z)j_6VX68*$dpim>upOx5_!QM}!r^AGBT?n8P^V!cs{TpT{hzS{<{n|5F9WcI&i`*D
zG{g6(V9Pqv+}IG?lm7wB<2y`&B}SR!SsyjS{;21{M%1Y|j@q)%)^wxIN>#uzl=s3a
zxE;NJ|2Os+({OH7LzPg$(Gu0raMbhQ7u0b)jvjo0suw)gm=pB`tc;1UJu0?_U_zX2
zU5(nhy_ksSkMop-qVhYc!Q|uYryA-((HZr87=ar33e?iRLj`Td@uq%N)Br}J59;+}
z48EjdUvJL*k1r&T$#3&`tAFo{d%Q0{9L-H}IFHS7ODrC#q_6VMNjhz820-gcxLE<J
zR~*}0eXfUae+}LT=w&kZAEu1wl#`4)b$EBMb@>N1^m3hwTx>z(dIgcr%1wXsX1kpq
zsI-9h8XAe9>@l6{wSxD0-int%I!eZ%x=^nh_5R@fje5Uu|0C|XiEnv7qwa3%R-jC;
zWz^5=Z|C2P8`O3^3ibL<W)nB<wv|=(f&3h<ALm*F2HcFsLh1M{>0h~~R|)bN$@5%t
zK5_4622&k*4*kDZf9@Slz3eWD#J1D3G(4Va)v0`za=q43HiL9Hb#_z!n6fnF_4l{`
z{!gR*Z5yH9yBM6!m&3Al68CBA8tH7P*IowTW@W_xzGl<lep|T)BkxRlFr5`6ot|sU
zxFJ992pSEiktrC$&1JZLlDbbw>ys`Y<=gDw#BuUjZKq_NMZ6PJKY0xHzZ{uYWa9JI
zi~lU=WTO*4MZJHPdppMBS}_Ltg+|KThKf_C5bw!czr^(|bh4CpF56CZ+F8uC;@mff
zdV28*?o8l1|DKI=ns&0s_+R|<b2)_xsPH?p(W?(P)g-O#3R{+evH<Grv7I#V)@0`7
zo7p;rx!#6%ORlA)JU8zGyf<-uAf4vpUC<7wqRWLLbbNvvPB3D<7ICoxdA+)k?#Ok$
zTyAVjI-k836ZzL$oF%rg+O~W=?PRoV>Aqp4%h7pCuJ2L-FFopS(w=wz`e@}pVmj5R
zP>aGa-ji$t=NX`0mwCsxGrY{T2c#SD<{_wm!Hs`pgs<1A2hwKUz-uel-`IOTGRVTV
z%`=*`sp2}PNj#>~W^U%w)=5CR4C(r$Q{zGgbB~*IA^&)t^PO_N=28~Q`?ww8Ag=Qt
z$(^yh*HfN`x@9RVL)}Egz)O4I2=X=TJ+uG!{IeI;@Q>W2*Lem~lpFg{IUngeltt+R
zuj01;5U%CnnqDhOpP|#Pc9w-G;~%+kdfCoeGN`8H3;w6C8Cw4wbn=5O^rLb~8f-{K
z{=kdV&JJce*KboEm%81#hc8S{Q5u{|Iv-_4$)}($AMf7RJ=<wF+Bm}dGS`aRGF3Q4
z`?t{b(C7@?Ng65)r1Bx&RVlkjz7p5NXtV)o{(UO%YaZ!5l<l?oQ0iadN?poFQ{J0<
z8QcF}$Ec?dtZ5Y1=k06nqsVp6+0LiXNKP))C%@LtLM`}^PQgtZDUT+-)z*K)z;>zv
zFMYhe;o1OuO=VYU?-BRCQHEClZ3p3Y?rTc9ULL-GI_<eB4kNF^yD@LQTKuP>bmV`t
zH{7C8zW6w|$S1L7jmb|ZeS;1fa(@Qi{&e!+SBTAT<5~{dKJxE%?f)t=ZFpBCJ)TAy
zP$4!ACZw~|c0i@MR+@d*YXTkq_Z3OzAoow=ot$fX?8O)4^$O&^t@fT}c4B|helPlR
zchJEo-b=_-`cK10xbZpfrCd8sL-V=zjr<|<`FW4DjmM>IEsa*9!4ssz=<Fr=2(G`S
zUQyaD$3!yo)~f{V45w@h>9w)g|J>ZTn1a<*ZpOudwqgFP(f?i>xTaTp8gI<?O5{)3
z>w|55U7tY5<!R$7*L|sb+Sb`f{zv-Ii$A&ZpBG=${@_9dD(e*km&Tl)XL3SqOaxVr
z(tIRC{P*>q#3Z`WtGDf1-}27d=KFC^b?RrOtdQ=d#ShdU#r4*d_vAW1e>q8QkNL@G
zBd=Ei>LsM!MecKB@IRXv_hj2yMk?K->;~4LazERl_fGpi3%Gug`Wbj<<oasLU-DjO
zI~YoP=NQCY)awlOlao(N{Ycv$f5=QP*9o?jl*>$|r#O+a>r`G~uX#x8)su$wx?yg1
zdQrZDI)i9*x$RunyHc+aZN0<0wywU?KA_G%+lK0O)EBcBB=XZhWp4QIE2(WTH`kKb
zbSmobXSSSUbUc#EpZ_y>-8+oNU*SDF%h9&YX!7-FV><O~Q|Ah845N(?`d}W+`yCa3
zwKq+nVl<6}k*{JqE>E33)M?L+nJ8;Pz7pw-G;*Et*LGHZ-1C@g^(c=+8-1yBfV^Hg
zu#ri6e~RR1KF6)g|2*U!Oe0HdBkgJA8t-b9Rl|Q@kI6^T$UfXn;X3^Hm4kaLQun(p
zyFh*wotLwn4<gSWg>+)kR{`EvO}mPJK5}@c;$n3wUE|%3{0LlYZyrgbg_u!0JD4N3
zlOoi)$$OS9PffZO_uS|Hzeum6Je$2nk@sh957+&9uOlBTHvPXKai0eHNB*4ew!^-*
zgOk?XTua2Y$<%GaK<?P`uNaqsuV6;;a17TMU@*rn0rx!M`c(42b8jSdj#8!{dk@n_
z57JllK{}VWUX{2hp-u0k!c^X^?SQJP5w6vw!Rp*NpSNCBFo=5pzFsJ8&-`VsH6#1b
zwsD$!=g>wnRwg~~MWmbS#+tUV^|qn3T+p9+>B+TKr2l=@rlDX4^2|1<@)M-DQr4CF
zrKsDKv|hz%>l+=eoE|zq;q-{f{%%}qR;Jcix~}}6As--pfU?ZIOLND3+d_J#G5tUF
z%Fuc$$^xj<gLG;;vMjd#9C{6+jl%TNkg{vki%oit87==WplPfR6@KQ%8eGup4Hqxr
zEN_lqh+siFNkYA8yqofVNLdLQD`Y#&MOg;wEHn)}`^oFo%Q^x7w&`Kqr`P&eMA}?#
z@TcQHDTu`g`R$Bzia{Nt(q}shRW3{UYRYTbL2klyyc1DpD%YOafv9dCd*4E96!)E{
zy^IX--<N((;Qb1kl1kGUL~|OuZAYeS<@G<jvhxnGH@@KdXgh%Nq!-d@JKkBDStmLf
zP2JwKH$XR%AIEze*V1D!?|)xDHtpV_u{Acszw+vRUHZ>VMsn>JyQH~E52Z#Ed%YF)
zo6}h$@-6Y8xt%|I$hR}z2^gR+ou9VtzQM87NkUzIVe3TcE5Jn>O~v~#7f)b+Zqo0d
zr`g8Vk`JYPp>5<nH`cTRN=Uh0`VFmKJ$TQg!=hYYjCyUe_bDA|?<>gwrqb?FeFY4#
zg^g(}FO8QZzn+_V;%q9#pzPmQT<Wx<;X5?&i|ydwYf0^3+FGa6#%}JPOI^K++xqG3
zR=%ZPXO{|1?1l7pAbD&9Ey=gx=HcX%QYRU8`KL*p9przr_hhq;r?!pOBY(uU(}ud8
zs5jNteaW?>v=Q6pgSf}-XERr9r%SlG6csm8ev$_C%FKHxt5ASCYi-%@l<D_Y`|JR+
z*z#I*px0!ZSGodijiB8u|5?cq)C<(F0QCBmOgkD{t>veaXx<eW9lzIf2H6I`(8y=f
z!)YjuEz`Z*NvBtW7k}d0`3d<W?cUcJ+u?mX$@sL}l7Yn`AB6GwCup55G+5W(U~Xg2
z$&a)%h(}>*(h<0wcNeZDBJbKpDRQ!t9!_~m23?YTJlgC*8Gn1g=|QLUDf`a5Ect5W
z|9z!XBM+HDX^h}PBo#(sTk=zA<UaYs)UHSVDEWz8D@7+0xTib$Ib6?1{tNk?%r-0U
zn+&cS^(t_!H~F{R8xLdQV9NC>%su=ubhG{|xuG~2z1C3i9&f$U8vggci|DWs^}15B
z4o^|9H}~G9^Lkv<s|w|1X}me<)Rg&?o<^q|siW5?>uV$H&npoltA@Yu-p{+0t(1li
z9&$~uwv?@+p*E!R(5YUjxL%sKukHLEWj#p$OueeunR|VBKc-G=-apv3;@kFj>G^+~
z5l`pF8C1|K%3dr(`F=Xe#!U}sY%GoH^^|%CDIdV~Q(QYox+nL{BLDB}6!i~Kz6--_
zd%8A|viIcqOCL^a?j5CH0q&u&mhHT`t$cxeTdw^@11oVJ?~}ZTQFk0SUL?JXv|fiv
zzowoKOP!Ew-6%h6E;(^&CyMKO{Ykn5?}entVLB${rlRtFGJ5fc=KuF9X$SI!Ynw<v
zr{Pbelher|YF(ksgYEGO<*T{Ahx=>WRZ>Hn$;YL<HR;)uS0<l^yk2u~EdK<xlZFeO
z8AMupVG0-L*#Xtz+HlG@@J`RoxosVP(j}?$6ZzSsuPe<v7wJr_L<7`o8}B*{FqHQ9
zaD5(zkUx*+W#Z3CPD9IiujA$rW|)r3acHC=m9JCQg!g+pvtgtIDeu7bfz<nv_rI?I
z>O|4_LfVSS``_1F%CeA8%zb(#<z9d4zSZ+z@726#QK2;zqe+KRDFzj;P_~?WAv>d`
zr1eT~XYiH5+@MYfb;B8WZ?322eTlqYT}j8LT(94`r#*FV($-Mkofx?LR5x<*PcDw3
z@**xYqS4&;rrdURDY#ygn@iY^)!<B<{zw}ixn~I1^-96LkI)Y{*!!Q^x`EW~!nMux
zRU#()zmvpIbh>~GQMPhB8q2Accpatu6%D7OOt1X5j?y8v(H-3X|6Vrl%e}MgeV4hf
z8GY%MjIt8c`SS0tfNRrGW8NQa<FTzjbHhhEU&2k#?9FkwHpX_`mxiv>&<Ngf=uEGw
z)N8~&V<^i(y&uURx9#b=hq6cZ{>M81|Gvi1*bFYj;$4`VW^z+nTTylT(`Zxbgmce+
zu9YEOj(SJvxE<H@%8y+rZ%x@2-bqOBqK;mEwy)dV+lTx(%H30Ru*Z%()Hafrd=NL5
zp~7h@53voL=6Y{$Q#|pw?<x5dT>tm=e~q09d{ouBz~{`(A^}169j??ss3BGat3jzE
zP(XGn;#zMqH_1(A<_@z#Vr}T7S`{NG>V1d{ajBxxpi!<Mi!#ZRicb;LY85KDJr^jp
zAd8~?pF3y5i1yX*$CvLr-+s>h&ben22!F$8FTTY*_de(v@$0I5^RRzF<>{d&m7Am9
z|6k%L;YxzNg2T6}(mLe)=+O7OwA#0eppyuagU!eAe<RTSV0Y~O$iBe#R28cfd7er>
zL^bnlr5mE;-ghQ1LU=j}o+ikf%0T9uNTLr2@;sOX2c!RN>5Qf6&rOH0Sc`NE(j}Dg
z6{)vDFC#(|cmVGtx|gtNK_}rYWQEv#qSCKJCt*ACJF+rMSp_yvKu^Y|8vTCgR^qH6
zCXhb2uE*$BMmH+wtpuNstT#s6klzh<QFFhA0Ox~$z$OD%VRtq5|Ak;4N$SvzME3Wr
zVlG79i^T6_oS<K;{B5E|I84h5{21f+N%ku&QY83{0OzWpe<R=}$Rs$}oD4P83LR8b
z>c(Q1f$Ov6QuYt|<B)Yqcn85ol6)45*~o@5Zh*fR*%0i8!A~Z+$;?Wi?}EF)W^fZ&
z1KxrT;=2#u5>{-XO5TLLm?AHMK94>F^+Pf2g76W%&VxUQLjeAE3MjxKtXAU*WCs{;
zK)(#xWALl-b7eN*1>|oalW+|F9b(Oe{t>#FSbl6*z_-WuJ+J}WNBF0kp2MRUj#h!B
z;AyoYk{_t#L$NspzB7Sd0E@ACSS9QZUxI8+Rt)L;II>@`3P<o=O>zkjf}_Bp$X)rl
zX}EHF3gIgl{#+%$5qdTOu2PPuJvglBozNz1o`L>SHRm+Om*JBFi<RG#$j%|ha$;xT
zPWZhPKSti0FU9Z+G*jT0!@mKYtDM(k_yqj7$Q}X5DEY<6pH%@@LmNmU;b!!o!~Y7~
z8<2Nod=klzF_!QMNnP+$a1BM)uS3{_>bH98^p_8CJV(vwD25U?5wtr&PJ^yhD|QR=
zLio)jIRp9U&?~SpRAH~ee*}I=qV=GJhZtW>%)i3lAwM@?3sa*UCZG&39)iJj(unaZ
zj3*H|gw0W~hViAyw~)9CxR=Bl<F}D_0y8j4CFEb(dVe)T%A@d`u(j|x8T8K0Q(;Du
zpeG4Ok-%27lWHA@iO3}!L_W^@u6i$|E|#5<zDYO<H-Tr%^3XMa@~@A4g6E2?Xwpu?
zJJ`L0d>Q-~@Mp5tBcQJ{9)tWna1G<jRpy<HcQKZr$#>05l)Fa>K1VqNKIP4a&zU6e
ziQ(N8_6@in+ufck9fqxhtH9H+`v6)mW!P+o{1Mqe_{)iP2FXh)>`lfOFiw%9i18Wn
zyP6MUcqfVse5qDJjyJ-8gmHJU2FJIMorJxFT?Fl@cpH5NYGJ0U;;w-{j@=XBtMIRr
zM_w=fiOt>c39n-1`LS|ZhoYE(KUalZkN#1xANuQ+Yy#B>u@m5<YPE(zyJB;fDrN`t
z@94{weh7&>;6DcWb;LUfT7MeMTL`bku@u4CDnUMuKc(vD)C@869Rnkh0rId95x6%t
z68;Zbf{%naK0gDmRpW<=n}OdW-$0JPgI~!#^Q{VSB}Oa2`&9u)pqo_kl>{nhyo00@
z;ft^vqU<bW0qpLC-lb;xd-yZK$H+Pe-3{12sVe9Ty-ekt=}({8zCR=UMhX8xf<-E^
z^6`H0;s};p!kOqT=rbg^RV9@2cae|8rVspss<^?}NH`C=6j_T}iRFw-v0owcZzIUf
zC<5SO64zk(GV+7q0%Q)x=V9|P{KLr3V!WI24gzGLOwJJBNh<M9Y}-@J8VqhnJ`4LK
zva6ZoB4jPt1)=qi!n{DB>CiJ(v}qXKimXhnh!nrZco8@il<=Zjq2VN1g6xp8-3c!!
zP{LFaj#aC61qDbLtqOdV@j3FdW;V>kVH|-PFlwh9rT!D-(@EH#;J;yf6E+4m_bBI?
z$e#uKWAhi1zYO06-2rH`N-RxfwrSv(*d>u4l0VhD8HeAJU>|}xIJ^hH6odbU4u|^G
zY|7Ao1K(YWptI0TR<l_S?Sy`wS_K<E0A^qz{5I@6VRuBv1TH1MSJ43IuMqx*paY?|
z5#(X`KH!BogegkGb<k?Y{Xhw~qSslaKM?3V{N6zSHvG9Va2DK#-I1*EWNZaF^0D*Q
zza*<tY1c}itFs)&qkoGa67E;QhpQqg(UlQ!8~RGn&v<s))VCO$Bgh&__7L)~p)=5}
z#9l&${H!VAD}ts}f}f)7tCD<5A<r_7pt}OQxiTq1B)m?*&#@bY{?A|#`B3aikR3x;
z1n*!!TNc51Cq6^Khom#GAK78K{~y3v!XD^FIR6?&oWv5A5ww)?ACZ5>csKMF>_)@i
zM1mr887Nh8<hT^P6wE`mMi#9gN7<iGoX+si%RBSi7~M$1p5ST{=7J5X0O_}z@m%m;
z?AGJd4W9vOcifJAzAOZK9(YJ4dkEPP#uM=$jBHp|aYq>k(XS;={ZB}AvvOL5K+j72
z9?9-Tb}vERhJQ*08A;$6@|ECU;TPi*$7URK3w9D(6`iYm{zQ&?Y+qC3EsPuG^M6nY
zTt)v!Ird1$@xES-?f~3T=zNl{f>tww=LoW0`Sm6F5_In)KMQ^;x+ruZNrkk>e;@n;
z<lT^;0nU@(Ym{&)iv2jhn;!bc!#_tL3FBGnQwT5!hjBP(U@v0{g=ymJgUx5?H>vSw
z#MlH%xB_~Z9H*<8A1b-m|8*#a6YN}^52@Kqfc^scMVT@DpH;%O$a)drA*Fjl(btgG
zssu9W$;4ZLUl9Efe5=4tj9)_TqVIsb{z?S>q&2XN0AX;KdIUcw*ckLX8SlgR*XSfn
zQTpehd92PDWOt(944tKHp3f?z0)8j@TZxr{XDDVnf8E{pG)!L<FDlJ^=m_uug3rdO
zmVieY@5>5!0ZH$|PeXS$@|&=GMEU0-D@Ar1F~3oTRw|t&s}$dtRX9yP|9c430ioJa
zO3epv<lU9<NrJT!^f6@BpoA9a7HC&&?jg}x6d_>_c!T2Q_$dkssqsqUG!o~xj0^DJ
zF%f1rmAs)07O3Fuaq5Yo58VaG9#k`t0e8qRz&doxq0QK~7tL=r<!Vd!KQ(P>Lvv|!
z&eKhzdCN0fMg7=W7wSbZGp^U#iKuSR3+v@Z#3-|ZR@^dULkoPmt``*shU#fUt1_(H
z;b83v3L_lQ#|0~mkP$rYG47&^zBAB0tM3Sd-8>(?$PAZ9Ya{V=?4@_PQ|f2R!oDLu
z9?aAIn4;5$KTxz($Z|Y`fLUQAg7K_5nc?OS-J>G#z5L!%FtPu%W?6RM$)1+aw_<TC
zT&dTXwFSPVP4219d)L00-$i9J1A4%S8wI|?m?L(H9{nVzE2U+J^?6n>sF#^~B4!4f
zn_jqHbUp4_VMj~#L4~nF&BdvSxy_5WloU4a+WS;~$t>zHqeEi45eP)hSWF*M7#pGo
zY%`{Z?YJH?;^kHP*r~Hf6pz*}z473bdNXS3mQ?GN2_tHR<EE*{tBg2bOxh$G&|`^6
z#E!;eo+N6{O_;Gb<;Sc#v!sB|0VY;>N~Wq;np9xK<rLcT#uDY_rWq*KBSF)M5w^-K
zuaO=F`Y6voV3#LC)RgwKE7FbXWslo>jFRTbl4MHeM#V-jXwPfja<D<1I@^p|6_!`f
z36p19a{f!F96HupSI=L!BVKJ4R?zgc%@-Vg|Kw32J1M74X^Ci*Leevr&0~dQW;DGT
zc9=S>cohXjEhDIh6QMFQ>h{hPf6$x-?L>c}yZ5ydn>)IH=_NuP+<Ap!QV;i|QR3y!
zT`Rr$c~8NdA2G{WLAPm&cvQG^r-{dfJ8Fg)-Klp-W*k&lGV*7!LGq~>p)#v7VJBj4
z{2I|uoGV)-7B|X*R;<bl6!^;RaF|$fu~{dBwU0|TE3EVM<55ed(L;8?bha5{pfhm2
z=-_NOgyqgI6JKdvyao1VH0zA1rFvnk!2M-~n4L2`XeNz#dO_mRM2sz4!Qxkjjd+5<
z=|xByK`Wq7zxYD0k)7q$;<^5XiD6|{oItYci}i_PVT<+hs7bVdJEleqIK_S7TCpkL
zd0?S9-#xgH-$q(2LqyGTTecc!6mv18JCEFy^I#fgQf;J|`==X3OO772jF^0)R+tma
z4*RTdx*8*zUT3#zk;oIh+T`VSD0^w$t8Njy{T<V-kTG(uTO@irqZf+?r~MMq-95Zm
ztnAocwTs+rj(&~k?>P5~r#qRo^JKYk+t!12xYC_?zc^F44J(A6-_wf4WVM-6e4(_!
zi7XNW+$SCpt|&~<Y2mn4o^E$JS9Y`>i&e?V%ZDPLg|lF#xZN#!OoYU^Xd)bzLC0Fr
zP`EOx57X&_sCT@`4lnSreKR(dk;-A|PB_8JUGliNMH`)NuC~3I?nchZwu%dUZIk|f
zBRZX%#D`r^*h5~q|7;RPZl~2^c&<D98L>@s`>quWH8-_hOcYMnL86;Gb)(4FoZ1)I
zCQrX0cC>e!{#R59_xxAIoZNb^&*(cd$l+B@&(XQ`^!Q6APu2qodePR8cbpZjunT<u
z#%1cb+2dwre9DY;kET6%0azS@rY{j@6L~=cRxA=UYMrLn#efm!{J0qnv$Z2pyE1Bo
z3bG8%`DS^7O`%lY;o(hu?dxL309rhtpXe@kVZ`PDagV+(KFw`cZbhohsC>5X{#9)5
zV}5T>Wp<N$*E?dM-(MJW*Y6Z-@|=bb#9-(B55!yUo)5)%mh59O)9<ePMEpXySA8Y|
z?VNiLh<vB`uxRIedO*x_mK_u`-Lt<G+l902fN1Z$cR&=l{0F#a_|unxut5VQ*{U&1
zPX-x;Q>*ldooL-?#Z#-YUXtF807acQaZCac>%<#_@nfz9y1FS0PTw@tMM5t+9=o;C
zs)*XjR3o(vbt;dFE7JFae`9gNP2oq+$h!?3kNLeBdAEl2ouPvjiUh54ORmmP_t~Rj
znt#-Hs+2VxzXklK5}f^Ci=Q~5qoS{K(@`<l?Q%@KS}?87P$7+Qs<G`-pl6FW=rzIA
zs+I=M$2yZ*3VdaW01qVnylg$YCim@p|L3CbcirjPQhm>Y`wC-w7Tn`*Xy;#@=kmXj
z_CDSH%P9Zj1*50)ir~50^3)IVl`Tl?8f`8l*28A3$_^x|>DtXJ<Q<|e)mRrcLT1QG
zjQ3wNX{s5dN$QMfqNTx#7wfGXO}&Og%J7=Tj!Msn-MY~TkRWU)bhf%xW5?o|ON6`$
zOt)(i0jGYD)}uabCSsA6<<%zFhNvA&tqK+EVWTRTS{VqpEN3GIZ2r`w?+xW#CE6gC
zOs(`%^9rhAohUwF*CkV{;>4;pYS3nKTY7bjQYgs|n&H}#0^fAIj^_}narhs=+PUwH
z_wN^l-&-C#*|NNK8IPhdvr^Tjvu}dGhr4xxe}pJ9<>gOKIIDql5|zngo)>cK#xN5P
zS!thR6a7V}44$5uWU{t8<V{enUV@ilGKd2cuC~Iqvu%#Qw_A9*|G}I-cBU<O-^#UT
znV5MjUaGsTSNq-0?za(tYe#3v0)LLHE$|QQ?_PYbKetDp%&Un<T2>p>?Un|!Ce<i6
zo;$7CKaGRs8GoMN{mAu?=~5JFU6xu^W7K)QAm0ac5RUS^s5S#(R?BE<2&Xo<gJ1Gr
zCdSolUO^f1>`cgO0OvT*I%$SEt~m;;J-;yhC9f(55%lEd6?VvL>y;tSOAeq=!g+D4
ze~@$DSgnJT+UgIu6JGXD$?eFwEbX`)$gXl;o8#}9o4&N%@tVJV?(k%7T~bz*i0gsY
zCZ13<q0Xz;CfTzb^K9e|AxmzuT6uGE?t9aJw8YTU*A^CULr4~#-fSlQrY<na+IZ6T
zp7(~3%P&~o*WKN**T1-(v+9t4y4&-xf0EWs9^Gn3)Mg?$7k=XJ=3G5c%PVMY^2wKh
zSrd1r&d~a}$*=rR<_=0<VanxwmK#mN7dBOqZ7*ZDpU|!p1G6+g^g!HzU;A2fR%=>;
zGb2~))?V&)^{||cdD>8?K2LkVsm|BBxYP2r!QFe(?_~x%Bbqc>rp%lzXYW~BiJR!B
z^%I@a%OG1yk8vnCuTJ;(bZ_gg-6))e1GPezdBxfdq>rPi#sFKUt!7{3xX>9aG~L}+
zr2W!=rh0TO%T@mvyiU0W)p-rHD$~rgk3MVG1n<>)(dpVN&Xh{6qkCbo_N|~hNX0YM
z1L`6~2eT75rdDlUv1h?jofb>9Hu46Odp>jC75I){iGGZ|JGw;Mo^!$RUQh3jw&@l4
z(u<e1#y_wj8r__;w4S2>5A6E3%1WIcBeZkeQ6seVd2aVn+L&Bt^+*10?wkuWJICES
zR+}W8FRt--cNdM<_G(V!B<(amoxh}q*4_Ep<yw2U!^PTfIy(0?b5gClOnXVVk6xjj
zl3$-%$4Owe-k8}3wS4M{8tg)Y6I7o*dFr%FI2n_zO+kx~WO7%m^e*!9k`xUY<yL|3
z{}0i+A@#el*-=^>BW+>!v|rHF7Rgytri~nuz8J|XM&@1>_TCn;2nPhW5G8i@moc;V
z%e2Ye=yJ2AA+<_=_6S7edE2tsxvfI$=KiEy+m_!^K4b5-SL-!OzZ$KVGv{=zv(v3c
zdu2fSe3q{>bpq7N10b{Q-Q6`>nZI+fZnSP>LFk|=KG|{Eni|&5KgoG2sh#c2oTn8!
kljmvQy8M2FTH$uC(^7ut^y{<%Zm;V!OSn1p+P<8B0aoD#XaE2J

diff --git a/po/cs.po b/po/cs.po
index 30c4dd2..b8603e1 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -38,7 +38,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg2 2.2.22\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2020-08-31 18:53+02:00\n"
 "Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
 "Language-Team: Czech <gnupg-i18n@gnupg.org>\n"
@@ -48,56 +48,56 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "získání zámku pinetry se nezdařilo: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Zrušit"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Ano"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_Ne"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Uložit do správce hesel"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Opravdu chcete učinit heslo na obrazovce viditelným?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Zviditelnit heslo"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Skrýt heslo"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -108,7 +108,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -116,22 +116,9 @@ msgstr ""
 "Kvalita textu zde zadaného.\n"
 "Na podrobnosti ohledně kritérií se zeptejte svého správce."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Heslo je příliš dlouhé"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Kvalita:"
 
@@ -141,102 +128,96 @@ msgstr "Kvalita:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Kvalita textu zde zadaného.\n"
 "Na podrobnosti ohledně kritérií se zeptejte svého správce."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 "Prosím, zadejte váš PIN, aby pro tuto relaci mohl být odemknut tajný klíč"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
 "Prosím, zadejte vaše heslo, aby pro tuto relaci mohl být odemknut tajný klíč"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Heslo:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "neshodují se – zkuste to znovu"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (pokus %d z %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Znovu:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN je příliš dlouhý"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Heslo je příliš dlouhé"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Neplatný znak v PINu"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN je příliš krátký"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Špatný PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Špatné heslo"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "chyba při získání sériového čísla karty: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Prosím, vložte toto heslo znovu"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -248,61 +229,51 @@ msgstr ""
 "Prosím, zadejte heslo, abyste ochránili importovaný objekt uvnitř systému "
 "GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "SSH klíče delší než %d bitů nejsou podporovány\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "nelze vytvořit „%s“: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "nelze otevřít „%s“: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "nalezena karta se sériovým číslem: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "na kartě není autentizační klíč pro SSH: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nenalezen žádný vhodný klíč karty: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "chyba při získávání seznamu karet: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -311,20 +282,20 @@ msgstr ""
 "Proces SSH si vyžádal použití klíče%%0A  %s%%0A  (%s)%%0APřejete si to "
 "povolit?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Povolit"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Zakázat"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Prosím, vložte heslo pro SSH klíč%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -333,91 +304,87 @@ msgstr ""
 "Prosím, vložte heslo, abyste ochránil(a) přijatý tajný klíč%%0A   %s%%0A   %s"
 "%%0Auvnitř úložiště klíčů gpg-agenta"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "ze socketu se nepodařilo se vytvořit proud (stream): %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Prosím, vložte kartu se sériovým číslem"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Prosím, vyjměte kartu a vložte jinou se sériovým číslem"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "PIN správce"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Resetační kód"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Potvrďte tlačítkem na kartě nebo bezpečnostním zařízení."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Pro vstup použijte klávesnici čtečky."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Zopakujte resetační kód"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Zopakujte tento PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Zopakujte tento PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Resetační kód nebyl správně zopakován; zkuste to znovu"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK nebyl zopakován správně; zkuste to znovu"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN nebyl zopakován správně; zkuste to znovu"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Prosím, vložte PIN%s%s%s, abyste odemkli kartu"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "chyba při zápisu do %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "chyba při vytváření dočasného souboru: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "chyba při zápisu do dočasného souboru: %s\n"
+
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Vložte nové heslo"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Použít přesto tento klíč"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Nezadali jste heslo!%0APrázdné heslo není dovoleno."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -426,11 +393,11 @@ msgstr ""
 "Nezadali jste heslo – toto je obecně špatný nápad!%0AProsím, potvrďte, že si "
 "žádnou ochranu svého klíče nepřejete."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Ano, ochrana není třeba"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
@@ -438,7 +405,7 @@ msgstr[0] "Heslo by mělo být dlouhé alespoň %u znak."
 msgstr[1] "Heslo by mělo být dlouhé alespoň %u znaky."
 msgstr[2] "Heslo by mělo být dlouhé alespoň %u znaků."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -448,232 +415,243 @@ msgstr[1] "Heslo by mělo obsahovat alespoň %u číslice nebo %%0Azvláštní z
 msgstr[2] ""
 "Heslo by mělo obsahovat alespoň %u číslic nebo %%0Azvláštních znaků."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "Heslo by nemělo být známým slovem nebo se shodovat%%0As určitým vzorem."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Varování: Zadali jste nebezpečné heslo."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Použít přesto tento klíč"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Pro ochranu svého nového klíče,%0Aprosím, zadejte heslo"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Prosím, zadejte nové heslo"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Volby užitečné při ladění"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "poběží v režimu démona (na pozadí)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "poběží v režimu serveru (na popředí)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "poběží v režimu dohledu"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "neodpojovat se od konzole"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "vypisovat příkazy ve stylu sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "vypisovat příkazy ve stylu csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|SOUBOR|načíst volby ze SOUBORU"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Volby ovlivňující diagnostický výstup"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "upovídaný režim"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "být o trochu víc tichý"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|SOUBOR|protokol z režimu serveru se zapíše do SOUBORU"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Volby ovlivňující nastavení"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "nepoužívat SCdémona"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PROGRAM|použít PROGRAM jako SCdaemon program"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PROGRAM|použít PROGRAM jako SCdaemon program"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NÁZEV|přijímat některé příkazy přes NÁZEV"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorovat požadavky na změnu TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorovat požadavky na změnu X displeje"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "zapnout podporu pro OpenSSH"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGORITMUS|ukazovat otisky SSH pomocí ALGORITMU"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "zapnout podporu pro PuTTY"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Volby ovlivňující bezpečnost"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|zahodit zapamatované PINy po N sekundách"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|zahazovat klíče SSH po N sekundách"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|nastavit maximální životnost dočasné paměti pro PINy na N sekund"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N| nastavit maximální životnost klíčů SSH na N sekund"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "nepoužívat paměť PINů na podepisování"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "nedovolit použít vnější úložiště na hesla"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "nedovolit klientům označovat klíče za „důvěryhodné“"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "umožnit přednastavení hesla"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Volby vynucující politiku hesel"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "nedovolit obejití politiky hesel"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|nastavit minimální vyžadovanou délku nových hesel na N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|vyžaduje alespoň N nepísmenných znaků v novém hesle"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|SOUBOR|prověřovat nová hesla proti vzorům v SOUBORU"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|omezit platnost hesla na N dnů"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "nedovolit opakovat stará hesla"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Volby ovlivňující bezpečnost"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "znemožnit volajícímu přebít pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "neuzurpovat si klávesnici a myš"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PROGRAM|použít PROGRAM jako PIN-Entry program"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|nastavit časový limit pro Pinentry na N sekund"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "umožnit zadání hesla skrze Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "Chyby v programu, prosím, oznamujte (anglicky) na <@EMAIL@>,\n"
 "připomínky k překladu hlaste na <gnupg-i18n@gnupg.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Použití: @GPG_AGENT@ [volby] (-h pro nápovědu)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -681,136 +659,131 @@ msgstr ""
 "Syntaxe: @GPG_AGENT@ [volby] [příkaz [argumenty]]\n"
 "Správa tajných klíčů pro @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "zadána neplatná úroveň ladění „%s“\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "vybraný hashovací algoritmus je neplatný\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "čtou se možnosti z „%s“\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Poznámka: „%s“ není uvažovaná možnost\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "socket nelze vytvořit: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "název socketu „%s“ je příliš dlouhý\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent již běží – nový nebude spuštěn\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "chyba při získávání soli pro socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "chyba při přilepování socketu na „%s“: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "přístupová práva „%s“ nelze nastavit: %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "naslouchá se na socketu „%s“\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "nelze vytvořit adresář „%s“: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "adresář „%s“ vytvořen\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "volání stat() na „%s“ selhalo: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "„%s“ nelze použít jako domovský adresář\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "chyba při čtení soli z deskriptoru %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "obsluha 0x%lx pro fd %d spuštěna\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "obsluha 0x%lx pro fd %d ukončena\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "SSH obsluha 0x%lx pro fd %d spuštěna\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "SSH obsluha 0x%lx pro fd %d ukončena\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect selhala: %s – čeká se 1 s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s pozastaveno\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "v této relaci neběží žádný gpg-agent\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -818,11 +791,11 @@ msgstr ""
 "@Volby:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Použití: gpg-preset-passphrase [volby] KEYGRIP (-h pro nápovědu)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -830,8 +803,8 @@ msgstr ""
 "Syntaxe: gpg-preset-passphrase [volby] KEYGRIP\n"
 "Správa dočasné paměti pro hesla\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -839,8 +812,8 @@ msgstr ""
 "@Příkazy:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -850,11 +823,11 @@ msgstr ""
 "Volby:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Použití: gpg-protect-tool [VOLBY] (-h pro nápovědu)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -862,15 +835,15 @@ msgstr ""
 "Syntaxe: gpg-protect-tool [volby] [argumenty]\n"
 "Nástroj na správu tajných klíčů\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Prosím, vložte heslo, abyste zpřístupnili objekt PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Prosím, vložte heslo, abyste ochránili nový objekt PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -878,7 +851,7 @@ msgstr ""
 "Prosím, zadejte heslo, abyste ochránili importovaný objekt uvnitř systému "
 "GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -886,53 +859,52 @@ msgstr ""
 "Prosím, vložte heslo nebo PIN\n"
 "potřebný pro dokončení této operace."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "zrušeno\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "chyba při ptaní se na heslo: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "chyba při otevírání „%s“: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "soubor „%s“, řádek %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "ignorováno sdělení „%s“ z „%s“, řádku %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "systémový důvěryhodný seznam „%s“ není dostupný\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "chybný otisk v „%s“, řádek %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "neplatný příznak klíče v „%s“, řádek %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "chyba při čtení „%s“, řádek %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "chyba při čtení seznamu důvěryhodných kořenových certifikátů\n"
@@ -945,7 +917,7 @@ msgstr "chyba při čtení seznamu důvěryhodných kořenových certifikátů\n
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -954,11 +926,11 @@ msgstr ""
 "Věříte bezmezně, že%%0A  „%s“%%0Ařádně ověřuje identitu uživatele při "
 "vydávání certifikátu?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Ano"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Ne"
@@ -971,7 +943,7 @@ msgstr "Ne"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -982,35 +954,35 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "V pořádku"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Špatně"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "Poznámka: Toto heslo nikdy nebylo změněno.%0AProsím, nyní jej změňte."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr "Toto heslo se nezměnilo%%0Aod %.4s-%.2s-%.2s. Prosím, nyní jej změňte."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Změnit heslo"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Změním jej později"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -1018,11 +990,11 @@ msgid ""
 msgstr ""
 "Opravdu chcete smazat klíč určený pomocí keygripu%%0A  %s%%0A  %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Smazat klíč"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1030,92 +1002,92 @@ msgstr ""
 "Pozor: Tento klíč je též veden jako klíč pro SSH!\n"
 "Smazání tohoto klíče může odebrat schopnost přistupovat ke vzdáleným strojům."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA vyžaduje, aby délka hashe byla násobkem 8 bitů\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s klíč používá nebezpečný (%ubitový) hash\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zubitový hash není platný pro %ubitový %s klíč\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontrola vytvořeného podpisu se nepodařila: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "tajné části klíče nejsou dostupné\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "algoritmus %d (%s) veřejného klíče není podporován\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "ochranný algoritmus %d (%s) není podporován\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "ochranný algoritmus %d (%s) není podporován\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "chyba při vytváření roury: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "chyba při vytváření proudu pro rouru: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "chyba při rozdvojování procesu: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "čekání na konec procesu %d se nezdařilo: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "chyba při spouštění „%s“: pravděpodobně není nainstalován\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "chyba v běhu „%s“: návratový kód %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "chyba v běhu „%s“: násilně ukončeno\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "čekání na ukončení procesu se nezdařilo: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "chyba při získání návratového kódu procesu %d: %s\n"
@@ -1130,35 +1102,35 @@ msgstr "nelze se připojit k „%s“: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problém v nastavování voleb gpg-agenta\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "nemohu vypnout vytváření core souborů: %s\n"
 
 # TODO: i18n of first %s
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Varování: vlastnictví %s „%s“ není nastaveno bezpečně\n"
 
 # TODO: i18n of first %s
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Varování: přístupová práva %s „%s“ nejsou bezpečná\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "čekání, až se soubor „%s“ stane přístupným…\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "přejmenování „%s“ na „%s“ se nezdařilo: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ano"
 
@@ -1212,50 +1184,98 @@ msgstr "při pokusu alokovat %lu bajtů došla bezpečná paměť"
 msgid "out of core while allocating %lu bytes"
 msgstr "při pokusu alokovat %lu bajtů došla paměť"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "chyba při alokování dostatečného množství paměti: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: zastaralý parametr „%s“ – neúčinkuje\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "VAROVÁNÍ: „%s%s“ je zastaralý parametr – neúčinkuje\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "neznámý ladicí příznak „%s“ se ignoruje\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "čeká se na dirmngr… (%d s)\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "čeká se, až naběhne %s… (%d s)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "čeká se, až naběhne %s… (%d s)\n"
+
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to %s established\n"
-msgstr "spojení k programu %s ustanoveno\n"
+msgid "connection to the dirmngr established\n"
+msgstr "spojení na dirmngr ustanoveno\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "spojení na dirmngr ustanoveno\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "spojení na dirmngr ustanoveno\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "žádný dirmngr neběží – spouští se „%s“\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "spojení na agenta je v omezeném režimu\n"
+
+#: common/asshelp.c:725
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "gpg-agent neběží – spouští se „%s“\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "chyba při získávání verze z „%s“: %s\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:731
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "spojení na agenta je v omezeném režimu\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "server „%s“ je starší než my (%s < %s)"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "žádný dirmngr neběží – spouští se „%s“\n"
+msgid "WARNING: %s\n"
+msgstr "VAROVÁNÍ: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Poznámka: Zastaralé servery mohou postrádat důležité bezpečnostní opravy.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Poznámka: Restartovat je můžete příkazem „%s“.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1325,7 +1345,7 @@ msgid "algorithm: %s"
 msgstr "algoritmus: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "nepodporovaný algoritmus: %s"
@@ -1400,11 +1420,11 @@ msgstr "Řetěz certifikátů je platný"
 msgid "Root certificate trustworthy"
 msgstr "Kořenový certifikát je důvěryhodný"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "pro certifikát nebyl nalezen žádný CRL"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "dostupný CRL je příliš starý"
 
@@ -1441,7 +1461,7 @@ msgstr "Nápověda pro „%s“ není dostupná.'"
 msgid "ignoring garbage line"
 msgstr "ignoruji řádek s nepořádkem"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[neuvedeno]"
 
@@ -1450,134 +1470,26 @@ msgstr "[neuvedeno]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "neplatný radix64 znak %02x byl přeskočen\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argument nebyl očekáván"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "chyba při čtení"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "klíčové slovo je příliš dlouhé"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "postrádám argument"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "neplatný argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "neplatný příkaz"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "neplatný definice aliasu"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "nedostatek paměti"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "neplatný příkaz"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "neznámý příkaz „%s“\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "neočekávaná data"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "neplatný parametr"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "postrádám argument u volby „%.50s“\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "neplatný argument u volby „%.50s“\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "volba „%.50s“ nečeká argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "neplatný příkaz „%.50s“\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "volba „%.50s“ není jednoznačná\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "příkaz „%.50s“ není jednoznačný\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "neplatný parametr „%.50s“\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Poznámka: neexistuje implicitní soubor s možnostmi „%s“\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "soubor s možnostmi „%s“: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1593,132 +1505,133 @@ msgstr "iconv_open selhala: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "převod z „%s“ na „%s“ se nezdařil: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "nebylo možné vytvořit dočasný soubor „%s“: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "chyba při zápisu do „%s“: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "odstraňuji starý zamykací soubor (vytvořil %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "čekám na zámek (drží ho %d%s) %s…\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(uváznutí?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "zámek „%s“ nebyl vytvořen: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "čekám na zámek %s…\n"
 
 # První argument je název knihovny
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s je příliš stará (potřeba %s, přítomna %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "ASCII kódování: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "neplatná hlavička ASCII kódování: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "ASCII hlavička: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "neplatná hlavička podpisu v čitelném formátu\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "neznámá ASCII hlavička: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "vnořené podpisy v čitelném formátu\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "neočekávaný ASCII armor: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "nesprávné označení řádku mínusy: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "neplatný radix64 znak %02X byl přeskočen\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "předčasný konec souboru (žádné CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "předčasný konec souboru (žádné CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "špatný formát CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Chyba CRC; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "předčasný konec souboru (v patičce)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "chyba v patičce\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "nenalezena žádná platná data ve formátu OpenPGP.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "neplatné kódování ASCII: řádek je delší než %d znaků\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1727,12 +1640,12 @@ msgstr ""
 "špatný MTA\n"
 
 # TODO: Pluralize
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ nečitelné pro lidi (%zu bajtů: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1741,377 +1654,373 @@ msgstr ""
 "symbolické jméno smí obsahovat pouze písmena, číslice, tečky nebo podtržítka "
 "a musí končit znakem „=“\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "zápis jména uživatele musí obsahovat znak „@“\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "jméno uživatele nesmí obsahovat více než jeden znak „@“\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "hodnota nemůže obsahovat žádné kontrolní znaky\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "jméno uživatele nesmí obsahovat znak „=“\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "jméno uživatele musí obsahovat pouze tisknutelné znaky nebo mezery\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "VAROVÁNÍ: nalezen neplatný formát zápisu data\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "předání dotazu %s klientovi se nezdařilo\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Vložte heslo: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "chyba při získávání verze z „%s“: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "server „%s“ je starší než my (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "VAROVÁNÍ: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Poznámka: Zastaralé servery mohou postrádat důležité bezpečnostní opravy.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s není v souladu s režimem %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Poznámka: Restartovat je můžete příkazem „%s“.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "chyba při čtení z %s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s není v souladu s režimem %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problém s agentem: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "v této relaci neběží žádný dirmngr\n"
 
-#: g10/call-dirmngr.c:243
-#, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#: g10/call-dirmngr.c:212
+#, fuzzy, c-format
+#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "volba serveru s klíči „%s“ se nesmí používat v režimu %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD používá zapamatované výsledky"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "To neběží"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor není řádně nastaven"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS není řádně nastaveno"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "nepřijatelné přesměrování HTTP serverem"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "nepřijatelné přesměrování HTTP serverem bylo odklizeno"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "server používá neplatný certifikát"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Poznámka: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP karta není dostupná: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Nalezena OpenPGP karta číslo %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "nelze provést v dávkovém režimu\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Tento příkaz je dostupný pouze pro karty verze 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Resetační kód není nebo už není dostupný\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Váš výběr? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[není nastaveno]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Pan"
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Paní"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "není vyžadováno"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "vyžadováno"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Chyba: V současné verzi je povolenou pouze plain ASCII.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Chyba: Znak „<“ nelze použít.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Chyba: Více mezer není povoleno.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Příjmení držitele karty: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Jméno (křestní) držitele karty: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Chyba: jméno a příjmení je příliš dlouhé (limit je %d znaků).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL pro získání veřejného klíče: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "chyba při čtení „%s“: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "chyba při zápisu do „%s“: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Login (jménu účtu): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Privátní DO data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Jazykové předvolby: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Chyba: neplatná délka řetězce s předvolbami.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Chyba: neplatný znak v řetězci s předvolbami\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Oslovení (M = Pan, F = Paní, nebo mezera): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Chyba: neplatná odpověď.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Otisk CA: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Chyba: chybně utvořené otisk.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "operace s klíčem není možná: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "toto není OpenPGP karta"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "chyba při získání informací o aktuálním klíči: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Přepsat existující klíč? (a/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Poznámka: Nelze zaručit, že karta podporuje požadovanou velikost.\n"
 "          Pokud generování klíče neuspěje, prosím, nahlédněte do "
 "dokumentace\n"
 "          své karty, kde se dozvíte, jaké velikosti jsou dovoleny.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Jakou délku klíče si přejete? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "zaokrouhleno na %u bitů\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "velikost klíče %s musí být v intervalu %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Mění se atribut kartového klíče pro: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Podepisovací klíč\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Šifrovací klíč\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Autentizační klíč\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Prosím, vyberte druh klíče, který chcete:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Neplatný výběr.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Karta bude nyní přenastavena na generování klíče dlouhého %u bitů\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Karta bude nyní přenastavena na generování klíče typu: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "chyba při změně atributu klíče %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "chyba při získání informací o kartě: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Tento příkaz není touto kartou podporován\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Vytvořit zálohu šifrovacího klíče mimo kartu? (A/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Poznámka: na kartě jsou již klíče uloženy!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Přepsat existující klíče? (a/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2122,186 +2031,202 @@ msgstr ""
 "   PIN = „%s“     PIN správce = „%s“\n"
 "Měli byste je změnit příkazem --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Prosím, vyberte druh klíče, který chcete generovat:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Podepisovací klíč\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Šifrovací klíč\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Autentizační klíč\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Prosím vyberte, kam uložit klíč:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "Volání KEYTOCARD selhalo: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Poznámka: Tento příkaz zničí všechny klíče uložené na kartě!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Pokračovat (a/N) "
 
 # The code expects non-localized "yes"
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Opravdu obnovit tovární nastavení (zadejte „yes“) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "chyba při nastavování KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "chyba při nastavování KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "ukončit toto menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "zobraz příkazy správce"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "ukázat tuto pomoc"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "vypiš všechna dostupná data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "změní jméno majitele karty"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "změní URL pro získání klíče"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "získá klíč specifikovaný v URL karty"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "změnit login name"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "změnit jazykové předvolby"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "změní oslovení držitele karty"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "vypsat otisk certifikační autority"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "zapnout/vypnout požadování PINu při každé self-sign operaci"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "vytvořit nový pár klíčů"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "nabídka pro změnu anebo odblokování PINu"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "ověř PIN a vypiš všechna data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "odblokovat PIN pomocí resetačního kódu"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "zničit všechny klíče a data"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "nastavit KDF pro autentizaci kódem PIN"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "změnit atribut klíče"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "změnit důvěryhodnost vlastníka klíče"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/karta> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "pouze příkazy správce\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "příkazy správce jsou povoleny\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "příkazy správce nejsou povoleny\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Neplatný příkaz (zkuste „help“)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output pro tento příkaz není platný\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "„%s“ nelze otevřít\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "klíč „%s“ nenalezen: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "chyba při čtení bloku klíče: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "klíč „%s“ nenalezen\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(dokud neurčíte klíč jeho otiskem)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "bez parametru „--yes“ to nelze v dávkovém režimu provést\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(dokud neurčíte klíč jeho otiskem)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2344,9 +2269,9 @@ msgstr "klíče"
 msgid "subkey"
 msgstr "podklíče"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "aktualizace selhala: %s\n"
@@ -2372,61 +2297,73 @@ msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr ""
 "abyste ho smazal(a), použijte nejprve parametr „--delete-secret-key“.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"VAROVÁNÍ: vyžádaná symetrická šifra %s (%d) nevyhovuje předvolbám příjemce\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "chyba při vytváření hesla: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "v režimu S2K nelze použít symetrický ESK paket\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "použití šifry: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "„%s“ je již zkomprimován\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "VAROVÁNÍ: soubor „%s“ je prázdný\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "šifrovací algoritmus „%s“ se nesmí používat v režimu %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "šifrovací algoritmus „%s“ se nesmí používat v režimu %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "hashovací algoritmus „%s“ se nesmí používat v režimu %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "VAROVÁNÍ: klíč %s není vhodný pro šifrování v režimu %s\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "čte se z „%s“\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"VAROVÁNÍ: vyžádaná symetrická šifra %s (%d) nevyhovuje předvolbám příjemce\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "VAROVÁNÍ: klíč %s není vhodný pro šifrování v režimu %s\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2435,97 +2372,44 @@ msgstr ""
 "VAROVÁNÍ: vyžádaný komprimační algoritmus %s (%d) nevyhovuje předvolbám "
 "příjemce\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vyžádaná symetrická šifra %s (%d) nevyhovuje předvolbám příjemce\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s zašifrovaný pro: „%s“\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "volba „%s“ se nesmí používat v režimu %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s zašifrovaná data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "zašifrováno neznámým algoritmem %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "VAROVÁNÍ: zpráva byla zašifrována slabým klíčem v symetrické šifře.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problém se zašifrovaným paketem\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "spuštění externího programu není podporováno\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"volání externích programů je zakázáno, protože file permissions nejsou\n"
-"nastaveny nebezpečně\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"na této platformě jsou při volání externích programů vyžadovány\n"
-"dočasné soubory (temp files)\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "nelze spustit program „%s“: %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "nelze spustit shell „%s“: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "systémová chyba při volání externího programu: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "neočekávaný konec externího programu\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "nelze spustit externí program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "nelze přečíst odpověď externího programu: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "VAROVÁNÍ: nelze smazat dočasný soubor (%s) „%s“: %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "VAROVÁNÍ: nelze smazat dočasný adresář „%s“: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "exportovat podpisy, které jsou označeny jako jen místní (local-only)"
@@ -2546,380 +2430,380 @@ msgstr "odstranit nepoužitelné části z klíče při exportu"
 msgid "remove as much as possible from key during export"
 msgstr "odstranit při exportu z klíče vše, co lze"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "použít záložní formát klíče GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " – přeskočeno"
 
 # g10/import.c:766 g10/openfile.c:261#, c-format
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "zapisuje se do „%s“\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "klíč %s: tělo klíče je na kartě – přeskočeno\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "exportování tajného klíče není povoleno\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "klíč %s: PGP 2.x klíč – přeskočeno\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "VAROVÁNÍ: nebylo nic vyexportováno\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "chyba při vytváření „%s“: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[ID uživatele nenalezeno]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "„%s“ automaticky získáno přes %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "chyba při získávání „%s“ přes %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Chybí otisk"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "zjišťuje se nová kopie zastaralého klíče skrze %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "tajný klíč „%s“ nenalezen: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(zkontrolujte argument volby „%s“)\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Pozor: jako výchozí klíč se nepoužije „%s“: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "jako výchozí tajný klíč pro podepisování se použije „%s“\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "všechny hodnoty předány „%s“ se ignorují\n"
 
 # c-format
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Neplatný klíč %s změněn na platný pomocí --always-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "používám podklíč %s místo primárního klíče %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "platné hodnoty pro volbu „%s“:\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "vytvořit podpis"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "vytvořit podpis v čitelném dokumentu"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "vytvořit podpis oddělený od dokumentu"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "Å¡ifrovat data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "šifrování pouze se symetrickou šifrou"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dešifrovat data (implicitně)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifikovat podpis"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "vypsat seznam klíčů"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "vypsat seznam klíčů a podpisů"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "vypsat a zkontrolovat podpisy klíčů"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "vypsat seznam klíčů a otisků"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "vypsat seznam tajných klíčů"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "vytvořit nový pár klíčů"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "rychle vytvořit nový pár klíčů"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "rychle přidat novou identitu uživatele"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "rychle odvolat identitu uživatele"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "rychle nastavit nové datum konce platnosti"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "komplexní vytvoření páru klíčů"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "vytvořit revokační certifikát"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "odstranit klíč ze souboru veřejných klíčů"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "odstranit klíč ze souboru tajných klíčů"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "rychle podepsat klíč"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "rychle lokálně podepsat klíč"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
 msgstr "rychle odvolat identitu uživatele"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "podepsat klíč"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "podepsat klíč lokálně"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "podepsat nebo modifikovat klíč"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "změnit heslo"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportovat klíče"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportovat klíče na server klíčů"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importovat klíče ze serveru klíčů"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "vyhledat klíče na serveru klíčů"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "aktualizovat všechny klíče ze serveru klíčů"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importovat/sloučit klíče"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "vytisknout stav karty"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "změnit data na kartě"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "změnit PIN karty"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "aktualizovat databázi důvěry"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "vypsat hash zprávy"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "pracovat v režimu serveru"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|HODNOTA|nastavit TOFU politiku klíči"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NÁZEV|použít NÁZEV jako implicitní tajný klíč"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|JMÉNO|šifrovat rovněž pro uživatele s ID JMÉNO"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|nastavit e-mailový alias"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "použít chování striktně podle OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "neprovádět žádné změny"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "vyžádat potvrzení před přepsáním"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Volby ovlivňující bezpečnost"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Volby ovlivňující diagnostický výstup"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "vytvořit výstup zapsaný v ASCII"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|SOUBOR|zapsat výstup do SOUBORU"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "použít kanonický textový režim"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|nastavit úroveň komprese na N (0 – žádná)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Volby ovlivňující interaktivitu a vymáhání"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|METODA|používat METODU pro dohledávání klíčů podle e-mailové adresy"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "importovat chybějící klíč z podpisu"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "zahrnovat veřejný klíč do podpisů"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "zakázat veškerý přístup k dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Volby ovlivňující nastavení"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "vypsat seznam tajných klíčů"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|ID_UŽIVATELE|šifrovat pro ID_UŽIVATELE"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|ID_UŽIVATELE|použít toto ID_UŽIVATELE pro podepsání nebo dešifrování"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2927,7 +2811,7 @@ msgstr ""
 "@\n"
 "(Pro úplný seznam všech příkazů a voleb nahlédněte do manuálové stránky.)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2947,11 +2831,11 @@ msgstr ""
 " --list-keys [jména]        ukázat klíče\n"
 " --fingerprint [jména]      ukázat otisky\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Použití: @GPG@ [možnosti] [soubory] (-h pro nápovědu)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2961,7 +2845,7 @@ msgstr ""
 "Podepisuje, ověřuje, šifruje nebo dešifruje.\n"
 "Výchozí operace závisí na vstupních datech.\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2969,79 +2853,79 @@ msgstr ""
 "\n"
 "Podporované algoritmy:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Veřejný klíč: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Å ifra: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Komprese: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "použití: %s [přepínače] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "konfliktní příkazy\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no = podpis nalezen v definici skupiny „%s“\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr ""
 "VAROVÁNÍ: vlastnictví domovského adresáře „%s“ není nastaveno bezpečně\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr ""
 "VAROVÁNÍ: vlastnictví konfiguračního souboru „%s“ není nastaveno bezpečně\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr ""
 "VAROVÁNÍ: vlastnictví rozšiřujícího modulu „%s“ není nastaveno bezpečně\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "VAROVÁNÍ: přístupová práva pro domovský adresář „%s“ nejsou bezpečná\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 "VAROVÁNÍ: přístupová práva pro konfigurační soubor „%s“ nejsou bezpečná\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "VAROVÁNÍ: přístupová práva rozšiřujícímu modulu „%s“ nejsou bezpečná\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "VAROVÁNÍ: vlastnictví adresáře s domovským adresářem „%s“ není nastaveno "
 "nebezpečně\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3049,21 +2933,21 @@ msgstr ""
 "VAROVÁNÍ: vlastnictví adresáře „%s“ s konfiguračním souborem není nastaveno "
 "nebezpečně\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "VAROVÁNÍ: vlastnictví adresáře „%s“ s rozšiřujícím modulem není nastaveno "
 "nebezpečně\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "VAROVÁNÍ: přístupová práva k adresáři „%s“ s domovským adresářem nejsou "
 "nastavena bezpečně\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3071,7 +2955,7 @@ msgstr ""
 "VAROVÁNÍ: přístupová práva k adresáři „%s“ s konfiguračním souborem nejsou "
 "nastavena bezpečně\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
@@ -3079,449 +2963,465 @@ msgstr ""
 "nastavena bezpečně\n"
 
 # c-format
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "neznámá konfigurační položka „%s“\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "zobrazovat ID fotografií během výpisu klíčů"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "ukazovat údaje o účelu klíče při výpisu klíčů"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "ukazovat URL politik během výpisu podpisů"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "ukazovat všechny poznámky během výpisu podpisů"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "ukazovat poznámky IETF standardu během vypisování podpisů"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "ukazovat uživatelské poznámky během výpisu podpisů"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "ukazovat URL upřednostňovaného serveru klíčů při výpisu podpisů"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "ukazovat platnost ID uživatelů při výpisu klíčů"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "ukazovat odvolané a prošlé ID uživatelů při výpisu klíčů"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "ukazovat odvolané a prošlé podklíče při výpisu klíčů"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "ukazovat název souboru s klíči při výpisu klíčů"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "ukazovat data expirace během výpisu podpisů"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "neznámá TOFU politika „%s“\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(možnosti lze vypsat příkazem „help“)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Tento příkaz není v režimu %s dovolen.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Poznámka: %s není pro normální použití!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "„%s“ není platná doba expirace podpisu\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "„%s“ není správná e-mailová adresa\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "neplatný režim pinentry „%s“\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "neplatný původ požadavku „%s“\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "„%s“ není platná znaková sada\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "nelze zpracovat URL serveru klíčů\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: neplatný parametr pro server klíčů\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "neplatný parametr pro server klíčů\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: neplatný parametr pro import\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "neplatný parametr pro import\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "neplatná volba filtru: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: neplatný parametr pro export\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "neplatný parametr pro export\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: neplatný parametr pro výpis\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "neplatný parametr pro výpis\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "zobrazovat ID fotografií při ověřování podpisu"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "ukazovat URL politik při ověřování podpisu"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "ukazovat všechny poznámky při ověřování podpisu"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "ukazovat poznámky IETF standardu při ověřování podpisu"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "ukazovat uživatelské poznámky při ověřování podpisu"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "ukazovat URL upřednostňovaného serveru klíčů při ověřování podpisu"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "ukazovat platnost ID uživatele při ověřování podpisu"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "ukazovat odvolané a prošlé ID uživatelů při ověřování podpisů"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "ukazovat jen primární ID uživatele při ověřování podpisu"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "ověřovat podpisy s daty PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "vyzvednout důvěru podpisů s platnými daty PKA"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: neplatný parametr pro ověření\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "neplatný parametr pro ověření\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "nelze nastavit exec-path na %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: neplatný seznam auto-key-locate\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "neplatný seznam auto-key-locate\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "neplatný argument u volby „%.50s“\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "VAROVÁNÍ: program může vytvořit soubor core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "VAROVÁNÍ: %s přepíše %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "Není dovoleno používat %s s %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s nedává s %s smysl!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "VAROVÁNÍ: pracuji s podvrženým systémovým časem: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "nelze spustit s nebezpečnou pamětí vzhledem k %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vybraný kompresní algoritmus je neplatný\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "vybraný hashovací algoritmus je neplatný\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "položka completes-needed musí být větší než 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "položka marginals-needed musí být větší než 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "položka max-cert-depth musí být v rozmezí od 1 do 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr ""
 "neplatná implicitní úroveň certifikace (default-cert-level); musí být 0, 1, "
 "2 nebo 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr ""
 "neplatná minimální úroveň certifikace (min-cert-level); musí být 0, 1, 2 "
 "nebo 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Poznámka: jednoduchý režim S2K (0) je důrazně nedoporučován\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "neplatný režim S2K; musí být 0, 1 nebo 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "neplatné implicitní předvolby\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "neplatné uživatelské předvolby pro šifrování\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "neplatné uživatelské předvolby pro šifrování\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "neplatné uživatelské předvolby pro hashování\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "neplatné uživatelské předvolby pro komprimaci\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "neplatná délka klíče; použiji %u bitů\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s dosud není funkční s %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "šifrovací algoritmus „%s“ se nesmí používat v režimu %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "kompresní algoritmus „%s“ se nesmí používat v režimu %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "nemohu inicializovat databázi důvěry: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "VAROVÁNÍ: specifikován adresát (-r) bez použití šifrování s veřejným klíčem\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symetrické šifrování „%s“ se nepovedlo: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "nelze použít --symmetric --encrypt s příkazem --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "nelze použít --symmetric --encrypt v režimu %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "nelze použít --symmetric --sign --encrypt s příkazem --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "nelze použít --symmetric --sign --encrypt v režimu %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "odeslání na keyserver se nezdařilo: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "získání dat z serveru klíčů se nezdařilo: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "export klíče se nepodařil: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "export jako SSH klíč se nepodařil: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "hledání na serveru klíčů se nezdařilo: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "obnovení dat na serveru klíčů se nezdařilo: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "dekódování z ASCII formátu selhalo: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "kódování do ASCII formátu selhalo: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "neplatný hashovací algoritmus „%s“\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "chyba při rozboru názvu klíče „%s“: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "„%s“ nevypadá jako platné ID klíče, otisk klíče nebo keygrip\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "POZOR: nezadán žádný příkaz. Váš záměr bude odhadnut…\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Začněte psát svou zprávu…\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "zadané URL pro certifikační politiku je neplatné\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "zadané URL pro podepisovací politiku je neplatné\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "zadané URL preferovaného serveru klíčů je neplatné\n"
@@ -3534,7 +3434,7 @@ msgstr "|SOUBOR|brát klíče z klíčenky (keyringu) SOUBOR"
 msgid "make timestamp conflicts only a warning"
 msgstr "pouze varování při konfliktu časového razítka"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|zapsat informace o stavu do tohoto FD"
 
@@ -3580,128 +3480,140 @@ msgid "do not update the trustdb after import"
 msgstr "neaktualizovat databázi důvěry po importu"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "zapnout podporu pro PuTTY"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "při importu ukázat klíč"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "při importu ukázat klíč"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "přijímat aktualizace pouze u existujících klíčů"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "odstranit z klíče po importu nepoužitelné části"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "odstranit po importu z klíče vše, co lze"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "ignorovat podpisy klíče, které nepodepisují samy sebe"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "spustit importní filtry a exportovat klíč okamžitě"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "předpokládat vstup ve formátu zálohy klíčů GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "při importu opravit klíče"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "blok typu %d byl přeskočen\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu klíče byly doposud zpracovány\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Celkový počet zpracovaných klíčů: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "           přeskočeny klíče PGP2: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "           přeskočeny nové klíče: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "                bez ID uživatele: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                     importováno: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                       beze změn: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "               nová ID uživatelů: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "                   nové podklíče: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "                    nové podpisy: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "             nové revokace klíčů: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "            přečtené tajné klíče: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "         importované tajné klíče: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "           tajné klíče nezměněny: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "                   neimportováno: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "              odstraněné podpisy: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "       odstraněné uživatelské ID: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3710,168 +3622,174 @@ msgstr ""
 "VAROVÁNÍ: klíč %s obsahuje předvolby pro nedostupné\n"
 "algoritmy na těchto ID uživatelů:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": předvolby pro šifrovací algoritmus %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": předvolby pro šifrovací algoritmus %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": předvolby pro podepisovací algoritmus %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": předvolby pro komprimační algoritmus %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "velmi doporučujeme aktualizaci nastavení vašich preferencí a\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "distribuci tohoto klíče aby jste předešel problémům s neshodou algoritmů\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "nelze aktualizovat předvolby s: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "klíč %s: chybí identifikátor uživatele\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "klíč %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "zamítnut kontrolou při importu"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "klíč %s: poškození PKS podklíče opraveno\n"
 
 # c-format
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "klíč %s: přijat id uživatele \"%s\",který není podepsán jím samým\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "klíč %s: chybí platný identifikátor uživatele\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "může to být způsobeno chybějícím podpisem klíče jím samým\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "klíč %s: veřejný klíč nenalezen: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "klíč %s: nový klíč - přeskočen\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "nenalezen zapisovatelný soubor klíčů (keyring): %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "chyba při zápisu souboru klíčů (keyring) „%s“: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "klíč %s: veřejný klíč „%s“ importován\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "klíč %s: neodpovídá naší kopii\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "klíč %s: „%s“ 1 nový identifikátor uživatele\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "klíč %s: „%s“ %d nových identifikátorů uživatele\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "klíč %s: „%s“ 1 nový podpis\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "klíč %s: „%s“ %d nových podpisů\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "klíč %s: „%s“ 1 nový podklíč\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "klíč %s: „%s“ %d nových podklíčů\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "klíč %s: „%s“ %d podpisů odstraněno\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "klíč %s: „%s“ %d podpisů odstraněno\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "klíč %s: „%s“ %d ID uživatele odstraněno\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "klíč %s: „%s“ %d ID uživatele odstraněno\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "klíč %s: „%s“ beze změn\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "klíč %s: tajný klíč importován\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "klíč %s: tajný klíč již existuje\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "klíč %s: chyba při odesílání dat agentovi: %s\n"
@@ -3884,198 +3802,205 @@ msgstr "klíč %s: chyba při odesílání dat agentovi: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "Pro migraci „%s“ u každé karty spusťte: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "tajný klíč %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "import tajných klíčů není povolen\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "klíč %s: tajný klíč s neplatnou šifrou %d – přeskočeno\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Důvod nebyl specifikován"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Klíč je nahrazen"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Klíč byl zkompromitován"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Klíč se již nepoužívá"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Identifikátor uživatele již neplatí"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "důvod pro revokaci: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "revokační poznámka: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "klíč %s: chybí veřejný klíč – nemohu aplikovat revokační certifikát\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "klíč %s: nemohu najít originální blok klíče: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "klíč %s: nemohu číst originální blok klíče: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "klíč %s: neplatný revokační certifikát: %s – zamítnuto\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "klíč %s: „%s“ revokační certifikát importován\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "klíč %s: neexistuje id uživatele pro podpis\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "klíč %s: nepodporovaný algoritmus veřejného klíče u uživatelského ID „%s“\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "klíč %s neplatný podpis klíče jím samým u uživatelského ID „%s“\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "klíč %s: nepodporovaný algoritmus veřejného klíče\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "klíč %s: neplatný podpis klíče jím samým (direct key signature)\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "klíč %s: neexistuje podklíč pro vázání klíčů\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "klíč %s: neplatná vazba podklíče\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "klíč %s: smazána vícenásobná vazba podklíče\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "klíč %s: neexistuje podklíč pro odvolání klíče\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "klíč %s: neplatný odvolací podklíč\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "klíč %s: vícenásobná odvolání podklíče smazáno\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "klíč %s: přeskočen identifikátor uživatele „%s“\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "klíč %s: podklíč přeskočen\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "klíč %s: podpis není exportovatelný (třída %02X) - přeskočeno\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "klíč %s: revokační certifikát na špatném místě - přeskočeno \n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "klíč %s: neplatný revokační certifikát: %s - přeskočen\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "klíč %s: podpis podklíče na špatném místě - přeskočeno \n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "klíč %s: neočekávaná podpisová třída (0x%02X) - přeskočeno\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "klíč %s: objeven duplikovaný identifikátor uživatele - sloučen\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "klíč %s: objeven duplikovaný identifikátor uživatele - sloučen\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "VAROVÁNÍ: klíč %s může být odvolán: zkouším získat revokační klíč %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "VAROVÁNÍ: klíč %s může být odvolán: revokační klíč %s nenalezen.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "klíč %s: „%s“ přidán revokační certifikát\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "klíč %s: podpis klíče jím samým (direct key signature) přidán\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "chyba při alokování paměti: %s\n"
@@ -4099,13 +4024,13 @@ msgstr "karta nepodporuje hashovací algoritmus %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Dobrý podpis od"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "key %s: %s\n"
 msgid "key %s:\n"
 msgstr "klíč %s: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 #| msgid_plural "User ID \"%s\": %d signatures removed\n"
@@ -4115,7 +4040,7 @@ msgstr[0] "Uživatelské ID „%s“: odstraněn %d podpis\n"
 msgstr[1] "Uživatelské ID „%s“: odstraněny %d podpisy\n"
 msgstr[2] "Uživatelské ID „%s“: odstraněno %d podpisů\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
@@ -4123,7 +4048,7 @@ msgstr[0] "%d podpis neověřen, protože chybí klíč\n"
 msgstr[1] "%d podpisy neověřeny, protože chybí klíče\n"
 msgstr[2] "%d podpisů neověřeno, protože chybí klíče\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
@@ -4131,7 +4056,7 @@ msgstr[0] "%d špatný podpis\n"
 msgstr[1] "%d špatné podpisy\n"
 msgstr[2] "%d špatných podpisů\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4140,44 +4065,39 @@ msgstr[0] "Dobrý podpis od"
 msgstr[1] "Dobrý podpis od"
 msgstr[2] "Dobrý podpis od"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "chyba při vytváření schránky na klíče (keybox) „%s“: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "chyba při vytváření souboru klíčů (keyring) „%s“: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "schránka na klíče (keybox) „%s“ vytvořena\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "soubor klíčů (keyring) „%s“ vytvořen\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "zdroj bloku klíče „%s“: %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "chyba při otevírání databáze klíčů: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "selhalo obnovení vyrovnávací paměti klíčů: %s\n"
@@ -4190,7 +4110,7 @@ msgstr "[odvolání]"
 msgid "[self-signature]"
 msgstr "[podpis klíče jím samým]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4202,12 +4122,12 @@ msgstr ""
 "kontrolou otisků z různých zdrojů…)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Důvěřuji částečně\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Důvěřuji úplně\n"
@@ -4239,12 +4159,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Uživatelské ID „%s“ je odvoláno."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Jste si jistý(á), že stále chcete podepsat tento klíč? (a/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Nelze podepsat.\n"
 
@@ -4419,189 +4339,193 @@ msgstr "Velmi pečlivě jsem ověřil tento klíč.\n"
 msgid "Really sign? (y/N) "
 msgstr "Skutečně podepsat? (a/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "podepsání selhalo: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "K dispozici je jen kontrolní součet klíče nebo je klíč na kartě - passphrase "
 "nelze změnit.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "klíč %s: chyba při měnění hesla: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "uložit a ukončit"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "vypsat otisk klíče"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "ukázat keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "vypsat seznam klíčů a id uživatelů"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "vyberte identifikátor uživatele N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "vyberte podklíč N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "kontrolovat podpisy"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "podepsat vybrané ID uživatele [* níže jsou uvedeny relevantní příkazy]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "podepsat vybrané uživatelské ID lokálně"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "podepsat vybrané uživatelské ID důvěryhodným podpisem"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "podepsat vybraná uživatelská ID neodvolatelným podpisem"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "přidat identifikátor uživatele"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "přidat fotografický ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "smazat vybrané ID uživatele"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "přidat podklíč"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "přidat klíč na kartu"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "přesunout klíč na kartu"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "přesunout záložní klíč na kartu"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "smazat vybrané podklíče"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "přidat revokační klíč"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "smazat podpisy z vybraných uživatelských ID"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "změnit datum expirace pro klíč nebo vybrané podklíče"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "označit vybrané uživatelské ID jako primární"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "vypsat seznam předvoleb (pro experty)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "vypsat seznam předvoleb (podrobně)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "nastavit sadu preferencí pro vybrané uživatelské ID"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "nastavit URL preferovaného serveru klíčů pro vybraná uživatelská ID"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "zadat poznámku pro vybraná uživatelská ID"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "změnit heslo"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "změnit důvěryhodnost vlastníka klíče"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revokovat podpisu na vybraných uživatelských ID"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revokovat vybrané uživatelské ID"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revokovat klíč nebo vybrané podklíče"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "nastavit klíč jako platný (enable)"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "nastavit klíč jako neplatný (disable)"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "ukázat vybrané fotografické ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "směstnat nepoužitelná ID uživatelů a odstranit z klíče nepoužitelné podpisy"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "směstnat nepoužitelná ID uživatelů a odstranit z klíče všechny podpisy"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Tajný klíč je dostupný.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Tajné podklíče jsou dostupné.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Pro provedení této operace je potřeba tajný klíč.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4612,286 +4536,291 @@ msgstr ""
 "  s „t“ pro důvěryhodný podpis (tsign) nebo „nr“ pro neodvolatelný\n"
 "  podpis (nrsign) nebo libovolnou jejich kombinací (ltsign, tnrsign, atd.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Klíč je odvolán."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Opravdu podepsat všechna textová ID uživatele? (a/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Opravdu podepsat všechny id uživatele? (a/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Nápověda: Vyberte id uživatele k podepsání\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Neznámý typ podpisu „%s“\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tento příkaz není v režimu %s dovolen.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Musíte vybrat alespoň jeden id uživatele.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Použijte příkaz „%s“.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Nemůžete smazat poslední id uživatele!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Opravdu odstranit všechny vybrané id uživatele? (a/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Opravdu odstranit tento id uživatele? (a/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Opravdu přesunout primární klíč? (a/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Musíte vybrat právě jeden klíč.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Příkaz očekává jméno souboru jako argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Nelze otevřít „%s“: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Chyba při čtení záložního klíče z „%s“: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Musíte vybrat alespoň jeden klíč.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Opravdu chcete smazat vybrané klíče? (a/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Opravdu chcete smazat tento klíč? (a/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Opravdu odvolat všechna vybraná ID uživatele? (a/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Opravdu odvolat toto ID uživatele? (a/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Opravdu chcete odvolat celý klíč? (a/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Opravdu chcete odvolat vybrané podklíče? (a/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Opravdu chcete odvolat tento podklíč? (a/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Důvěryhodnost vlastníka nelze měnit je-li používána databáze důvěry "
 "poskytnutá uživatelem\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Nastavit seznam předvoleb:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Opravdu aktualizovat předvolby pro vybraný id uživatele? (a/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Opravdu aktualizovat předvolby? (a/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Uložit změny? (a/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Ukončit bez uložení? (a/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Klíč nebyl změněn, takže není potřeba jej aktualizovat.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "poslední platné ID uživatele nelze odvolat.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "odvolání ID uživatele se nepodařilo: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "nastavení primárního ID uživatele se nepodařilo: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "„%s“ není otisk\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "„%s“ není primární otisk\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Neplatné ID uživatele „%s“: %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Žádný identifikátor uživatele neodpovídá."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nic na podepsání.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Nepodepsáno vámi.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontrola vytvořeného podpisu se nepodařila: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "„%s“ není platná doba expirace\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "„%s“ není řádný otisk\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "podklíč „%s“ nenalezen\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Hash: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Vlastnosti: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Keyserver bez modifikace"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Preferovaný keyserver: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Poznámky: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Uživatelský ID formátu PGP 2.x nemá žádné předvolby\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "V %s byl následující klíč odvolán %s klíčem %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Tento klíč může být odvolán %s klíčem %s "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(citlivá informace)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "vytvořen: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "odvolán: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "platnost skončila: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "platnost skončí: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "použití: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "číslo karty: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "důvěra: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "platnost: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Tento klíč byl označen za neplatný (disabled)"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4900,17 +4829,17 @@ msgstr ""
 "být nutně správné, dokud znova nespustíte program.\n"
 
 # status
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "odvolán"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "platnost skončila"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4919,17 +4848,17 @@ msgstr ""
 "VAROVÁNÍ: žádné uživatelské ID nebylo označeno jako primární.  Tento příkaz\n"
 "              může způsobit, že za primární bude považováno jiné user ID.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "POZOR: Vašemu šifrovacímu podklíči brzy vyprší platnost.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Dobu platnosti také můžete změnit.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4938,35 +4867,35 @@ msgstr ""
 "VAROVÁNÍ: Toto je PGP2 klíč. Přidání fotografického ID může v některých\n"
 "         verzích PGP vést k odmítnutí tohoto klíče.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Jste si jistý, že jej chcete stále přidat? (a/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Neměli by jste přidávat fotografický ID k PGP2 klíči.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Smazat tento dobrý podpis? (a/N/u)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Smazat tento neplatný podpis? (a/N/u)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Smazat tento neznámý podpis? (a/N/u)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Opravdu smazat tento podpis podepsaný sebou samým? (a/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
@@ -4974,20 +4903,20 @@ msgstr[0] "Smazán %d podpis.\n"
 msgstr[1] "Smazány %d podpisy.\n"
 msgstr[2] "Smazáno %d podpisů.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nic nebylo smazáno.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "neplatný"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Uživatelské ID „%s“ směstnáno: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
@@ -4995,17 +4924,17 @@ msgstr[0] "Uživatelské ID „%s“: odstraněn %d podpis\n"
 msgstr[1] "Uživatelské ID „%s“: odstraněny %d podpisy\n"
 msgstr[2] "Uživatelské ID „%s“: odstraněno %d podpisů\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Uživatelské ID „%s“: je již minimalizované\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Uživatelské ID „%s“: je již odstraněné\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5014,271 +4943,277 @@ msgstr ""
 "VAROVÁNÍ: Toto je PGP2 klíč. Přidání pověřeného odvolatele může v některých\n"
 "          verzích PGP vést k odmítnutí tohoto klíče.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "K PGP2 klíči byste neměli přidávat pověřeného odvolatele.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Vložte identifikátor pověřeného odvolatele: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "klíč formátu PGP 2.x nelze pověřit odvoláním\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "klíč nelze pověřit odvoláním sama sebe\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "tento klíč již byl určen jako odvolatel\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "VAROVÁNÍ: ustanovení klíče pověřeným odvolatelem je nevratná operace!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Jste si jistí, že tento klíč chcete pověřit odvoláním? (a/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "Jste si jistí, že chcete změnit dobu expirace více podklíčům? (a/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Měním dobu expirace podklíče.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Měním dobu expirace primárního klíče.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Nemůžete změnit dobu platnosti klíče verze 3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Mění se účel podklíče.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Mění se účel primárního klíče.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "podepisovací podklíč %s je již křížově certifikován\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "podklíč %s nepodepisuje, a tak není třeba jej křížově certifikovat\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Prosím, vyberte právě jeden id uživatele .\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "přeskočen v3 podpis klíče jím samým u uživatelského id „%s“\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Vložte URL preferovaného serveru klíčů: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Jste si jistý(á), že jej chcete přepsat? (a/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Jste si jistý(á), že jej chcete smazat? (a/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Vložte poznámku: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Pokračovat (a/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Neexistuje identifikátor uživatele s indexem %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Neexistuje uživatelské ID s hashem %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Neexistuje podklíč s ID klíče „%s“.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Neexistuje podklíč s indexem %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID uživatele: „%s“\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "podepsáno vaším klíčem %s v %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (neexportovatelné)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Platnost podpisu vyprší %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Jste si jisti, že jej chcete stále odvolat? (a/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Vytvořit pro tento podpis odvolací certifikát? (a/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Podepsal(a) jste následující identifikátory uživatele: %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (neodvolatelné)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "odvoláno vaším klíčem %s v %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Chystáte se odvolat tyto podpisy:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Opravdu vytvořit odvolací certifikáty? (a/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "neexistuje tajný klíč\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "pokus odvolat ID neuživatele: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "uživatelské ID „%s“ je již odvoláno\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "VAROVÁNÍ: podpis ID uživatele je datován %d sekund v budoucnosti\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Poslední platné ID uživatele nelze odvolat.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Klíč %s je již odvolán.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Podklíč %s je již odvolán.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Zobrazuji %s fotografický ID o velikosti %ld pro klíč %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "neplatný argument u volby „%s“\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "duplicita předvolby „%s“\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "příliš mnoho předvoleb pro šifrování\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "příliš mnoho předvoleb pro vzorkování\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "příliš mnoho předvoleb pro komprimaci\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "příliš mnoho předvoleb pro šifrování\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "neplatná položka „%s“ v řetězci s předvolbami\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "zapisuji podpis klíče jím samým (direct signature)\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "zapisuji podpis klíče sebou samým\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "zapisuji „key-binding“ podpis\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "neplatná délka klíče; použiji %u bitů\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "délka klíče zaokrouhlena na %u bitů\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5286,19 +5221,19 @@ msgstr ""
 "VAROVÁNÍ: některé OpenPGP programy nedokáží zacházet s DSA klíčem s takto "
 "dlouhým hashem\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Podepisování"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certifikování"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Šifrování"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentizace"
 
@@ -5312,161 +5247,180 @@ msgstr "Autentizace"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Pro klíč %s lze provést: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Aktuálně povolené akce: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Zapnout/vypnout schopnost podepisovat\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Zapnout/vypnout schopnost Å¡ifrovat\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Zapnout/vypnout schopnost autentizovat\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Konec\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA a RSA (implicitní)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA a Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (pouze pro podpis)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (pouze pro podpis)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (pouze pro šifrování)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (pouze pro šifrování)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (nastavit si vlastní použití)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (nastavit si vlastní použití)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC a ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) podepisovat, Å¡ifrovat\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
+
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (pouze pro podpis)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (nastavit si vlastní použití)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (pouze pro šifrování)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) Existující klíč\n"
 
-#: g10/keygen.c:1973
-#, c-format
-msgid "  (%d) Existing key from card\n"
+#: g10/keygen.c:2158
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "  (%d) Klíč existující na kartě\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Vložte keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Není platným keygripem (očekáváno 40 šestnáctkových číslic)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Klíč s takovým keygripem neexistuje\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "chyba při čtení z karty: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Sériové číslo karty: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Dostupné klíče:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "zaokrouhleno na %u bitů\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "klíč %s může mít délku v intervalu %u až %u bitů.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Jakou délku podklíče si přejete? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Požadovaná délka klíče je %u bitů.\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Prosím, vyberte, kterou eliptickou křivku chcete:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5482,7 +5436,7 @@ msgstr ""
 "      <n>m = doba platnosti klíče skončí za n měsíců\n"
 "      <n>y = doba platnosti klíče skončí za n let\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5498,38 +5452,38 @@ msgstr ""
 "      <n>m = doba platnosti podpisu skončí za n měsíců\n"
 "      <n>y = doba platnosti podpisu skončí za n let\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Klíč je platný po? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Podpis je platný pro? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "neplatná hodnota\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Platnost klíče nikdy neskončí\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Platnost podpisu nikdy neskončí\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Platnost klíče skončí v %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Platnost podpisu skončí v %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5537,11 +5491,11 @@ msgstr ""
 "Váš systém neumí zobrazit data po roce 2038.\n"
 "V každém případě budou data korektně zpracovávána do roku 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Je to správně (a/N)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5556,7 +5510,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5572,49 +5526,49 @@ msgstr ""
 "    „Magda Prochazkova (student) <magda@domena.cz>“\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Jméno a příjmení: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Neplatný znak ve jméně\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Znaky „%s“ a „%s“ se ve jméně nesmí objevit\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Jméno nemůže začínat číslicí\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Jméno musí být dlouhé alespoň 5 znaků\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-mailová adresa: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Neplatná e-mailová adresa\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Komentář: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Neplatný znak v komentáři\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Používáte znakovou sadu „%s“.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5625,7 +5579,7 @@ msgstr ""
 "    „%s“\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Do pole jméno nebo komentář nepište, prosím, e-mailovou adresu.\n"
 
@@ -5640,33 +5594,33 @@ msgstr "Do pole jméno nebo komentář nepište, prosím, e-mailovou adresu.\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "jJkKeEPpUu"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Změnit (J)méno, (K)omentář, (E)-mail nebo (U)končit? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "Změnit (J)méno, (K)omentář, (E)-mail, (P)okračovat dál nebo (U)končit "
 "program? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Změnit (J)méno, (E)-mail nebo (U)končit? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Změnit (J)méno, (E)-mail, (P)okračovat dál nebo (U)končit? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Nejdřív, prosím, opravte chybu\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5679,13 +5633,13 @@ msgstr ""
 "používat disky); díky tomu má generátor lepší šanci získat dostatek "
 "entropie.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Vytvoření klíče se nepodařilo: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5696,64 +5650,64 @@ msgstr ""
 "    „%s“\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Pokračovat (A/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Klíč pro „%s“ již existuje\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Přesto vytvořit? (a/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "přesto se vytváří\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "Poznámka: Pro komplexní tvorbu klíče použijte „%s %s“.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Vytváření klíče bylo zrušeno.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "záložní soubor „%s“ nelze vytvořit: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Poznámka: záloha klíče z karty uložena do „%s“\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "veřejný klíč se zapisuje do „%s“\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "nenalezen zapisovatelný soubor veřejných klíčů (pubring): %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "chyba při zápisu do souboru veřejných klíčů „%s“: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "veřejný a tajný klíč byly vytvořeny a podepsány.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5761,7 +5715,7 @@ msgstr ""
 "Tento klíč nemůže být použitý pro šifrování. K vytvoření\n"
 "sekundárního klíče pro tento účel můžete použít příkaz „--edit-key“.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5769,7 +5723,7 @@ msgstr ""
 "klíč byl vytvořen %lu sekund v budoucnosti (došlo ke změně času nebo\n"
 "je problém se systémovým časem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5777,50 +5731,50 @@ msgstr ""
 "klíč byl vytvořen %lu sekund v budoucnosti (došlo ke změně času nebo\n"
 "je problém se systémovým časem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "Poznámka: vytvoření podklíčů pro klíče v3 není v souladu s OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Tajné části primárního klíče nejsou dostupné.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Tajná část primárního klíče jsou uloženy na kartě.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Opravdu vytvořit? (a/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "nikdy     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kritická podepisovací politika: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Podepisovací politika: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Kriticky preferovaný keyserver: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritická podepisovací notace: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Podepisovací notace: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
@@ -5828,7 +5782,7 @@ msgstr[0] "%d dobrý podpis\n"
 msgstr[1] "%d dobré podpisy\n"
 msgstr[2] "%d dobrých podpisů\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
@@ -5836,7 +5790,7 @@ msgstr[0] "%d podpis neověřen, protože došlo k chybě\n"
 msgstr[1] "%d podpisy neověřeny, protože došlo k chybám\n"
 msgstr[2] "%d podpisů neověřeno, protože došlo k chybám\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
@@ -5844,42 +5798,42 @@ msgstr[0] "Pozor: %lu klíč přeskočen kvůli jeho přílišné velikosti\n"
 msgstr[1] "Pozor: %lu klíče přeskočeny kvůli jejich přílišné velikosti\n"
 msgstr[2] "Pozor: %lu klíčů přeskočeno kvůli jejich přílišné velikosti\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Soubor klíčů (keyring)"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Otisk primárního klíče:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "         Otisk podklíče:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "  Otisk primárního klíče:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "          Otisk podklíče:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "          Otisk klíče ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "  Sériové číslo karty ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "zapamatovává se soubor klíčů „%s“\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
@@ -5887,7 +5841,7 @@ msgstr[0] "%lu klíčů již uloženo v keši (%lu podpis)\n"
 msgstr[1] "%lu klíčů již uloženo v keši (%lu podpisy)\n"
 msgstr[2] "%lu klíčů již uloženo v keši (%lu podpisů)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
@@ -5895,7 +5849,7 @@ msgstr[0] "%lu klíč uložen v keši"
 msgstr[1] "%lu klíče uloženy v keši"
 msgstr[2] "%lu klíčů uloženo v keši"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
@@ -5903,58 +5857,54 @@ msgstr[0] " (%lu podpis)\n"
 msgstr[1] " (%lu podpisy)\n"
 msgstr[2] " (%lu podpisů)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: soubor klíčů (keyring) vytvořen\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "přebít nastavení proxy pro dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "zahrnout do výsledku hledání odvolané klíče"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "zahrnout podklíče, když se hledá podle ID klíče"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "přebít nastavení časového limitu pro dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "automaticky získávat klíče při ověřování podpisů"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "respektovat URL upřednostňovaných serverů klíčů daného klíče"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "respektovat PKA záznamy klíče při získávání klíčů"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "zneplatněn"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Vložte číslo (čísla), „N“ pro další, nebo „Q“ pro konec > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "neplatný protokol serveru klíčů (naše %d!=obsluha %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "„%s“ není ID klíče: přeskočeno\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
@@ -5962,131 +5912,144 @@ msgstr[0] "aktualizuje se %d klíč z %s\n"
 msgstr[1] "aktualizují se %d klíče z %s\n"
 msgstr[2] "aktualizuje se %d klíčů z %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "VAROVÁNÍ: nelze aktualizovat klíč %s prostřednictvím %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "klíč „%s“ nebyl na serveru klíčů nalezen\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "klíč nebyl na serveru klíčů nalezen\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "požaduji klíč %s z %s serveru %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "požaduji klíč %s z %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "není znám žádný server s klíči\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "přeskočen „%s“: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "posílám klíč %s na %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "požaduje se klíč z „%s“\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "VAROVÁNÍ: URI %s nelze získat: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "podivná velikost šifrovacího klíče pro sezení (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s zašifrovaný klíč sezení\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "zašifrováno neznámým algoritmem %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "heslo (passphrase) generováno s použitím neznámého algoritmu %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "veřejný klíč je %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "data zašifrována veřejným klíčem: správný DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "zašifrována %u-bitovým %s klíčem, ID %s, vytvořeným %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      „%s“\n"
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
 # [kw]
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "zašifrováno %s klíčem, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "dešifrování veřejným klíčem selhalo: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "VAROVÁNÍ: zachyceno více prostých textů\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "zašifrováno s heslem %lu\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "zašifrováno jedním heslem\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "dešifrování veřejným klíčem selhalo: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "data zašifrována veřejným klíčem: správný DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "předpokládám %s šifrovaných dat\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "algoritmus IDEA není dostupný; optimisticky se jej pokusíme nahradit "
 "algoritmem %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "VAROVÁNÍ: zpráva nebyla chráněna proti porušení její integrity\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -6095,316 +6058,311 @@ msgstr ""
 "Pokyn: Pokud tato zpráva byla vytvořena před rokem 2003, je pravděpodobné,\n"
 "že je legitimní. Tehdy se totiž ochrana integrity příliš nepoužívala.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Dešifrování lze vynutit volbou „%s“.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "vynucené dešifrování selhalo!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "dešifrování o.k.\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "VAROVÁNÍ: se zašifrovanou zprávou bylo manipulováno!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "dešifrování selhalo: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr ""
 "Poznámka: odesílatel považoval data za důvěrná („for-your-eyes-only“)\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "původní jméno souboru='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "samostatný revokační certifikát – použijte „gpg --import“, chcete-li jej "
 "užít\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "nenalezen žádná podpis\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ŠPATNÝ podpis od „%s“"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Podpis s vypršenou platností od „%s“"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Dobrý podpis od „%s“"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verifikace podpisu potlačena\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "neumím pracovat s těmito nejednoznačnými daty\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Podpis vytvořen %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               použití %s klíče %s\n"
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Podpis vytvořen %s pomocí klíče %s s ID uživatele %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               vydavatel „%s“\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Klíč k dispozici na: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Poznámka: Použijte „%s“ pro využití těchto údajů\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[nejistý]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                alias „%s“"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "POZOR: Tento klíč se nehodí na podepisování v režimu %s\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Platnost podpisu skončila %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Platnost podpisu skončí %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "podpis %s, hashovací algoritmus %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binární formát"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "textový formát"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "neznámý formát"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", algoritmus klíče"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "POZOR: nejedná se o oddělený podpis. Soubor „%s“ NEBYL ověřen!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Nemohu ověřit podpis: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "toto není podpis oddělený od dokumentu\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "VAROVÁNÍ: detekováno více podpisů. Kontrolován bude pouze první.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "samostatný podpis třídy 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "podpis starého typu (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "volání fstat nad „%s“ selhalo v %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) selhal v %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "VAROVÁNÍ: používám experimentální algoritmus veřejného klíče %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "VAROVÁNÍ: Podepisovací a šifrovací klíče Elgamal se nedoporučují\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "VAROVÁNÍ: používám experimentální šifrovací algoritmus %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "VAROVÁNÍ: používám experimentální hashovací algoritmus %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "VAROVÁNÍ: vyžádaný algoritmus %s není doporučen\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Poznámka: podpisy používající algoritmus %s jsou zamítány\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr ""
 "Poznámka: podpisy klíče třetí strany používající algoritmus %s jsou "
 "zamítány\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(nahlášená chyba: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(nahlášená chyba: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(podrobnosti: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: použití parametru „%s“ se nedoporučuje\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "VAROVÁNÍ: používání parametru „%s“ se nedoporučuje\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "použijte místo něj „%s%s“ \n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "VAROVÁNÍ: používání příkaz „%s“ se nedoporučuje - nepoužívejte jej\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: „%s“ je v tomto souboru zastaralý – účinkuje pouze v %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "VAROVÁNÍ: „%s%s“ je zastaralý parametr – neúčinkuje kromě v %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Nezkomprimováno"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "nezkomprimováno|nic"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "tato zpráva nemusí být s %s použitelná\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "nejednoznačná volba „%s“\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "neznámá volba „%s“\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "U veřejného klíče ECDSA se očekává, že v kódování SEC bude délka násobkem 8 "
 "bitů\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "neznámý slabý hashovací algoritmus „%s“\n"
@@ -6427,86 +6385,75 @@ msgstr "%s: neznámá přípona\n"
 msgid "Enter new filename"
 msgstr "Vložte nový název souboru"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "zapisuji do standardního výstupu\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "v „%s“ se předpokládají podepsaná data\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "nemohu pracovat s algoritmem veřejného klíče %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "VAROVÁNÍ: potencionálně nebezpečně symetricky zašifrován klíč sezení\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Neznámá kritická notace podpisu: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "podpacket typu %d má nastavený kritický bit\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problém s agentem: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Prosím, zadejte nové heslo"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Vložit heslo\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "zrušeno uživatelem\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ID hlavního klíče %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Prosím, zadejte heslo, abyste odemkli tajný klíč OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Prosím, zadejte heslo, abyste mohli importovat tajný klíč OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Prosím, zadejte heslo, abyste mohli exportovat tajný podklíč OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Prosím, zadejte heslo, abyste mohli exportovat tajný klíč OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Opravdu chcete trvale smazat tajný klíč podklíče OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Opravdu chcete trvale smazat tajný klíč OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6521,7 +6468,7 @@ msgstr ""
 "vytvořen %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6535,34 +6482,79 @@ msgstr ""
 "klíči - velký obrázek bude mít za následek velmi velký veřejný klíč !\n"
 "Vhodná velikost obrázku je asi 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Vložte jméno JPEG souboru s fotografickým ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "nelze otevřít JPEG soubor „%s“: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Tento JPEG je opravdu velký (%d bajtů)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Jste si jistý(á), že jej chcete použít? (a/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "„%s“ není soubor ve formátu JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Je tato fotografie správná (a/N/u)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "spuštění externího programu není podporováno\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"na této platformě jsou při volání externích programů vyžadovány\n"
+"dočasné soubory (temp files)\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "nelze spustit shell „%s“: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "neočekávaný konec externího programu\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systémová chyba při volání externího programu: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "VAROVÁNÍ: nelze smazat dočasný soubor (%s) „%s“: %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "VAROVÁNÍ: nelze smazat dočasný adresář „%s“: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"volání externích programů je zakázáno, protože file permissions nejsou\n"
+"nastaveny nebezpečně\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "nelze zobrazit photo ID!\n"
@@ -6577,52 +6569,52 @@ msgstr "nelze zobrazit photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMuUsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Není přiřazena žádná hodnota důvěry:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  alias „%s“\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Nakolik důvěřujete tvrzení, že tento klíč patří uvedenému uživateli?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Nevím nebo neřeknu\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = Nedůvěřuji\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Důvěřuji absolutně\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = zpět do hlavního menu\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = přeskočit tento klíč\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  u = ukončit\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6631,44 +6623,44 @@ msgstr ""
 "Minimální úroveň důvěry tohoto klíče je: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Vaše rozhodnutí? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Opravdu chcete nastavit pro tento klíč absolutní důvěru? (a/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certifikáty vedoucí k finálnímu důvěryhodnému klíči:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: Nic nenaznačuje tomu, že tento klíč patří uvedenému uživateli\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: Je zde částečná důvěra, že tento klíč patří uvedenému uživateli\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Tento klíč pravděpodobně náleží uvedenému uživateli\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Tento klíč náleží nám (máme odpovídající tajný klíč)\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: Tento klíč je špatný! Byl označen jako nedůvěryhodný!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6678,7 +6670,7 @@ msgstr ""
 "Pokud *skutečně* víte, co děláte, můžete na\n"
 "následující otázku odpovědět ano.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6688,143 +6680,163 @@ msgstr ""
 "v uživatelském ID. Pokud *skutečně* víte, co děláte, můžete na\n"
 "následující otázku odpovědět ano.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Použít přesto tento klíč? (a/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "VAROVÁNÍ: Je použit nedůvěryhodný klíč!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "VAROVÁNÍ: tento klíč může být revokován (revokační klíč nenalezen)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "ID uživatele: „%s“\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "zadána volba „%s“, ale chybí volba „%s“\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "klíč %s: neodpovídá naší kopii\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "zadána volba „%s“, ale chybí volba „%s“\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "VAROVÁNÍ: Tento klíč byl revokován klíčem s pověřením k revokaci!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "VAROVÁNÍ: Tento klíč byl revokován svým vlastníkem!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         To může znamenat, že podpis je padělaný.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "VAROVÁNÍ: Tento podklíč byl revokován svým vlastníkem!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Poznámka: Tento klíč byl označen jako neplatný (disabled).\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Poznámka: Podepisovatelova ověřená adresa je „%s“\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Poznámka: Podepisovatelova adresa „%s“ se neshoduje s DNS záznamem\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "úroveň důvěry opravena na PLNOU, kvůli platné PKA informaci\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "úroveň důvěry opravena na ŽÁDNOU, kvůli špatné PKA informaci\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Poznámka: Skončila platnost tohoto klíče!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "VAROVÁNÍ: Tento klíč není certifikován důvěryhodným podpisem!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "VAROVÁNÍ: Tento klíč není certifikován důvěryhodným podpisem!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Nic nenaznačuje tomu, že tento podpis patří vlastníkovi klíče.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "VAROVÁNÍ: NEDŮVĚŘUJEME tomuto klíči!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Tento podpis je pravděpodobně PADĚLANÝ.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"VAROVÁNÍ: Tento klíč není certifikován dostatečně důvěryhodnými podpisy!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "VAROVÁNÍ: Tento klíč není certifikován dostatečně důvěryhodnými podpisy!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Není jisté, zda tento podpis patří vlastníkovi.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: přeskočeno: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: přeskočeno: veřejný klíč je neplatný (disabled)\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: přeskočeno: veřejný klíč je již obsažen v databázi\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "nelze zašifrovat pro „%s“\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "zadána volba „%s“, ale nezadány žádné platné výchozí klíče\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "zadána volba „%s“, ale chybí volba „%s“\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Nezadali jste identifikátor uživatele (můžete použít \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Aktuální příjemci:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6832,40 +6844,40 @@ msgstr ""
 "\n"
 "Napište identifikátor uživatele (user ID). Ukončete prázdným řádkem: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Takový identifikátor uživatele neexistuje.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "přeskočeno: veřejný klíč je už nastaven podle implicitního adresáta\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Veřejný klíč je neplatný (disabled).\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "přeskočeno: veřejný klíč je již nastaven\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "neznámý implicitní adresát „%s“\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "žádné platné adresy\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Poznámka: klíči %s chybí vlastnost %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Poznámka: klíči %s chybí předvolby pro %s\n"
@@ -6876,76 +6888,82 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "data nebyla uložena; k jejich uložení použijte parametr příkazu „--output“\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Podpis oddělený od dokumentu.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Prosím, vložte název datového souboru: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "čtu standardní vstup…\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "chybí podepsaná data\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "nelze otevřít podepsaná data „%s“\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "nelze otevřít podepsaná data na deskriptoru=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "klíč %s se nehodí na rozšifrování v režimu %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonymní adresát; zkusí se tajný klíč %s…\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "klíč %s se nehodí na rozšifrování v režimu %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "dobrá, my jsme anonymní adresát.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "staré kódování DEK není podporováno\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "šifrovací algoritmus %d%s je neznámý nebo je zneplatněn\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "VAROVÁNÍ: v předvolbách příjemce nenalezen šifrovací algoritmus %s\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Poznámka: platnost tajného klíče %s skončila v %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Poznámka: klíč byl odvolán"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "selhalo vytvoření paketu (build_packet): %s\n"
@@ -6963,37 +6981,37 @@ msgstr "Revokován:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Toto je citlivý revokační klíč)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Tajný klíč není dostupný.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Vytvořit pro tento klíč pověřený revokační certifikát? (a/N)"
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "nařízen výstup do formátu ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "vytvoření podepisovacího paketu (make_keysig_packet) selhalo: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Revokační certifikát vytvořen.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "pro „%s“ nebyl nalezen žádný revokační klíč\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Toto je revokační certifikát pro OpenPGP klíč:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7003,7 +7021,7 @@ msgstr ""
 "veřejně prohlašuje, že klíč by se již neměl používat. Jednou zveřejněný\n"
 "odvolací certifikát již nelze vzít zpět."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7017,7 +7035,7 @@ msgstr ""
 "Podrobnosti naleznete v manuálu GnuPG u popisu příkazu\n"
 "„gpg --generate-revocation“."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7029,12 +7047,12 @@ msgstr ""
 "certifikátu\n"
 "odstraňte tuto dvojtečku textovým editorem."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "odvolací certifikát uložen jako „%s.rev“\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "tajný klíč „%s“ nenalezen\n"
@@ -7047,16 +7065,16 @@ msgstr "tajný klíč „%s“ nenalezen\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "„%s“ odpovídá více tajným klíčům:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "chyba při prohledávání souboru klíčů (keyring): %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Vytvořit pro tento klíč revokační certifikát? (a/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7075,37 +7093,37 @@ msgstr ""
 "na vašem počítači může ukládat data určená k tisku a zpřístupnit je\n"
 "jiným uživatelům!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Prosím vyberte důvod revokace:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Zrušit"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Pravděpodobně zda chcete vybrat %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Můžete vložit další popis. Ukončete prázdným řádkem:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Důvod revokace: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Nebyl zadán Žádný popis)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Je důvod revokace vybrán správně? (a/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "vytvořen slabý klíč – zkouším znovu\n"
@@ -7117,47 +7135,42 @@ msgstr ""
 "nemohu se vyvarovat slabého klíče pro symetrickou šifru; operaci jsem zkusil "
 "%d krát!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s klíč %s používá nebezpečný (%zubitový) hash\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "%s klíč %s vyžaduje hash o délce %zu nebo více bitů (hash je %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "klíč %s se nesmí používat v režimu %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "VAROVÁNÍ: konflikt hashe podpisu ve zprávě\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "klíč %s se nesmí používat v režimu %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "VAROVÁNÍ: podepisovací podklíč %s není křížově certifikován\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "více informací naleznete na adrese %s\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "VAROVÁNÍ: podepisovací podklíč %s má neplatnou křížovou certifikaci\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7165,7 +7178,7 @@ msgstr[0] "veřejný klíč %s je o %lu sekundu novější než podpis\n"
 msgstr[1] "veřejný klíč %s je o %lu sekundy novější než podpis\n"
 msgstr[2] "veřejný klíč %s je o %lu sekund novější než podpis\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7173,7 +7186,7 @@ msgstr[0] "veřejný klíč %s je o %lu den novější než podpis\n"
 msgstr[1] "veřejný klíč %s je o %lu dny novější než podpis\n"
 msgstr[2] "veřejný klíč %s je o %lu dnů novější než podpis\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7189,7 +7202,7 @@ msgstr[2] ""
 "klíč %s byl vytvořen %lu sekund v budoucnosti (došlo ke změně času nebo\n"
 "je problém s hodinami)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7204,51 +7217,51 @@ msgstr[2] ""
 "klíč %s byl vytvořen %lu dnů v budoucnosti (došlo ke změně času nebo\n"
 "je problém s hodinami)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Poznámka: podpisovému klíči %s skončila platnost v %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Poznámka: podpisový klíč %s byl odvolán\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "špatný podpis klíče klíčem %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "špatný podpis dat klíčem %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "předpokládám špatný podpis klíčem %s, protože je nastaven neznámý kritický "
 "bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "klíč %s: neexistuje podklíč pro revokaci podklíče\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "klíč %s: podklíč který je svázán s podpisem neexistuje\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "VAROVÁNÍ: nelze %%-expandovat notaci (příliš dlouhé). Použity "
 "neexpandované.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7256,7 +7269,7 @@ msgstr ""
 "VAROVÁNÍ: nemohu %%-expandovat URL politiky (příliš dlouhé). Použity "
 "neexpandované.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7265,12 +7278,12 @@ msgstr ""
 "VAROVÁNÍ: nemohu %%-expandovat URL preferovaného keyservery (příliš dlouhé). "
 "Použity neexpandované.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s podpis od: „%s“\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7278,40 +7291,41 @@ msgstr ""
 "VAROVÁNÍ: vyžádaný hashovací algoritmus %s (%d) nevyhovuje předvolbám "
 "příjemce\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "podepisuji:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "bude použito šifrování %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "klíč není označen jako nedostatečně bezpečný – nemohu jej použít s falešným "
 "RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "přeskočen „%s“: duplikován\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "přeskočeno: tajný klíč je už v databázi\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "toto je PGP klíč vygenerovaný podle algoritmu Elgamal,\n"
 "podpisy vytvořené tímto klíčem nejsou bezpečné!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "záznam důvěry %lu, typ %d: zápis selhal: %s\n"
@@ -7325,43 +7339,43 @@ msgstr ""
 "# Seznam přidělených hodnot důvěry, vytvořen %s\n"
 "# (Použijte „gpg --import-ownertrust“ k jeho obnově)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "chyba v „%s“: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "řádek je příliš dlouhý"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "sloupec schází"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "neplatný otisk"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "schází hodnota důvěryhodnosti vlastníka"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "chyba při hledání záznamu důvěryhodnosti v „%s“: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "chyba při čtení v „%s“: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "databáze důvěry: synchronizace selhala %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "pro „%s“ nelze vytvořit zámek\n"
@@ -7371,12 +7385,12 @@ msgstr "pro „%s“ nelze vytvořit zámek\n"
 msgid "can't lock '%s'\n"
 msgstr "„%s“ nelze zamknout\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "záznam v databázi důvěry %lu: lseek() se nepodařil: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "záznam v databázi důvěry %lu: zápis se nepodařil (n=%d): %s\n"
@@ -7391,7 +7405,7 @@ msgstr "transakce s databází důvěry je příliš dlouhá\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: adresář neexistuje!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "k „%s“ nelze přistoupit: %s\n"
@@ -7432,7 +7446,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: chyba při aktualizaci záznamu verze: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: chyba při čtení záznamu verze: %s\n"
@@ -7442,52 +7456,52 @@ msgstr "%s: chyba při čtení záznamu verze: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: chyba při zápisu záznamu verze: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "databáze důvěry: procedura lseek() selhala: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "databáze důvěry: procedura read() (n=%d) selhala: %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: není soubor databáze důvěry\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: záznam verze s číslem %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: neplatná verze souboru %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: chyba při čtení volného záznamu: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: chyba při zápisu adresářového záznamu: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: vynulování záznamu selhalo: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: přidání záznamu selhalo: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Chyba: Databáze důvěry je poškozena.\n"
@@ -7527,10 +7541,10 @@ msgstr "nepodporovaná verze databáze TOFU: %s\n"
 msgid "TOFU DB error"
 msgstr "Chyba databáze TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "chyba při čtení databáze TOFU: %s\n"
@@ -7550,7 +7564,7 @@ msgstr "chyba při inicializaci databáze TOFU: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "chyba při otevírání databáze TOFU „%s“: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "chyba při aktualizaci databáze TOFU: %s\n"
@@ -7731,18 +7745,18 @@ msgstr "(D)obrý, (P)řijmout jednou, (N)eznámý, (O)dmítnout jednou, špa(T)n
 msgid "Defaulting to unknown.\n"
 msgstr "Použije se výchozí volba neznámý.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Zjištěno poškození databáze TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "chyba při měnění politiky TOFU: %s\n"
 
 # These strings are used as an argument in "Verified 2 signatures in past %s."
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
@@ -7750,7 +7764,7 @@ msgstr[0] "%lld~roku"
 msgstr[1] "%lld~roků"
 msgstr[2] "%lld~roků"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
@@ -7758,7 +7772,7 @@ msgstr[0] "%lld~měsíce"
 msgstr[1] "%lld~měsíců"
 msgstr[2] "%lld~měsíců"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
@@ -7766,7 +7780,7 @@ msgstr[0] "%lld~týdne"
 msgstr[1] "%lld~týdnů"
 msgstr[2] "%lld~týdnů"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
@@ -7774,7 +7788,7 @@ msgstr[0] "%lld~dne"
 msgstr[1] "%lld~dnů"
 msgstr[2] "%lld~dnů"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
@@ -7782,7 +7796,7 @@ msgstr[0] "%lld~hodiny"
 msgstr[1] "%lld~hodin"
 msgstr[2] "%lld~hodin"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
@@ -7790,7 +7804,7 @@ msgstr[0] "%lld~minuty"
 msgstr[1] "%lld~minut"
 msgstr[2] "%lld~minut"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
@@ -7798,26 +7812,26 @@ msgstr[0] "%lld~sekundy"
 msgstr[1] "%lld~sekund"
 msgstr[2] "%lld~sekund"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Ověřeno 0~podpisů a zašifrováno 0~zpráv."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Ověřeno 0 podpisů."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Zašifrováno 0 zpráv."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(politika: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7825,7 +7839,7 @@ msgstr ""
 "Pozor: ještě musíme vidět zprávu podepsanou tímto klíčem a identitou "
 "uživatele!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7833,17 +7847,17 @@ msgstr ""
 "Pozor: viděli jsme pouze jednu zprávu podepsanou tímto klíčem a identitou\n"
 "uživatele!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Pozor: ještě je třeba zašifrovat zprávu tímto klíčem!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Pozor: tímto klíčem jste zašifrovali pouze jednu zprávu!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7876,110 +7890,110 @@ msgstr[2] ""
 "  %s\n"
 "k označení, že je špatný.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "chyba při otevírání databáze TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "POZOR: Šifruje se pro %s, kterýžto nemá neodvolané identity uživatele\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "„%s“ není platný dlouhý keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "klíč %s: akceptován jako důvěryhodný klíč\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "klíč %s se v databázi důvěry vyskytuje více než jednou\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "klíč %s: nenalezen veřejný klíč k důvěryhodnému klíči – přeskočeno\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "klíč %s označen jako absolutně důvěryhodný.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "záznam důvěry %lu, typ pož. %d: čtení selhalo: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "záznam důvěry %lu není požadovaného typu %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Databázi důvěry můžete zkusit znovu vytvořit pomocí těchto příkazů:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Pokud to nebude fungovat, prosím, nahlédněte do návodu\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "nelze použít neznámý model důvěry (%d) – předpokládáme použití modelu %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "použití modelu důvěry %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "není nutné kontrolovat databázi důvěry\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "další kontrola databáze důvěry v %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "není nutné kontrolovat databázi důvěry s modelem „%s“\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "není nutné aktualizovat databázi důvěry s modelem „%s“\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "veřejný klíč %s nebyl nalezen: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "prosím proveďte --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontroluji databázi důvěry\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
@@ -7987,7 +8001,7 @@ msgstr[0] "zpracován %d klíč"
 msgstr[1] "zpracovány %d klíče"
 msgstr[2] "zpracováno %d klíčů"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
@@ -7995,17 +8009,17 @@ msgstr[0] " (vymazáno %d počítadlo platnosti)\n"
 msgstr[1] " (vymazána %d počítadla platnosti)\n"
 msgstr[2] " (vymazáno %d počítadel platnosti)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "žádný absolutně důvěryhodný klíč nebyl nalezen\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "veřejný klíč k absolutně důvěryhodnému klíči %s nebyl nalezen\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8013,28 +8027,28 @@ msgstr ""
 "hloubka: %d  platných: %3d  podepsaných: %3d  důvěra: %d-, %dq, %dn, %dm, "
 "%df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "nelze aktualizovat záznam v databázi důvěry: chyba při zápisu: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "nedefinována"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "žádná"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "částečná"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "plná"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "absolutní"
 
@@ -8046,40 +8060,40 @@ msgstr "absolutní"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "14 překladateli, podívej se na trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ revokován  ]"
 
 # TODO: use context to distinguish gender
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ prošlý(á)  ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[  neznámá   ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[nedefinovaná]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[   nikdy    ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[  částečná  ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[    plná    ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  absolutní ]"
 
@@ -8104,19 +8118,31 @@ msgstr "vstupní řádek %u je příliš dlouhý nebo na konci chybí znak LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "nemohu otevřít deskriptor %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "VAROVÁNÍ: zpráva nebyla chráněna proti porušení její integrity\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "nejednoznačná volba „%s“\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "nastavit příznaky ladění"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "zapnout úplné ladění"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Použití: kbxutil [volby] [soubory] (-h pro nápovědu)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8127,75 +8153,200 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sČíslo: %s%%0ADržitel: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Zbývá pokusů: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Prosím vložte PIN"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Prosím, zadejte resetační kód karty"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Prosím vložte PIN"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Prosím, zadejte resetační kód karty"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Prosím, zadejte PIN správce"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Prosím, zadejte kód pro odblokování (PUK) standardních klíčů."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "funkce PIN callback skončila chybou: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN pro CHV%d je příliš krátký; minimální délka je %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN pro CHV%d je příliš krátký; minimální délka je %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "klíč již existuje\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "existující klíč bude přepsán\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generování nového klíče\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "nový klíč se zapisuje\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nelze uložit klíč: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "odpověď neobsahuje modulus RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "odpověď neobsahuje veřejný exponent RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "odpověď neobsahuje veřejný klíč EC\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "prosím počkejte než bude klíč vygenerován…\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generování klíče se nezdařilo\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "generování klíče dokončeno (%d sekunda)\n"
+msgstr[1] "generování klíče dokončeno (%d sekundy)\n"
+msgstr[2] "generování klíče dokončeno (%d sekund)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "odpověď neobsahuje veřejný klíč\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Prosím, zadejte PIN klíče určeného na tvorbu kvalifikovaných podpisů."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Prosím, zadejte PIN správce"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Prosím, zadejte kód pro odblokování (PUK) standardních klíčů."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Prosím, zadejte PIN pro standardní klíče."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "schází RSA modulus nebo nemá velikost %d bitů\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "schází veřejný RSA exponent nebo je delší než %d bitů\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "funkce PIN callback skončila chybou: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN ještě nebyl změněn\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN ještě nebyl změněn\n"
 
 # TRANSLATORS: Do not translate the "|*|" prefixes but keep
 # them verbatim at the start of the string.  */
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Prosím, zadejte nový PIN pro standardní klíče."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|Prosím, zadejte nový kód pro odblokování (PUK) standardních klíčů."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Prosím, zadejte nový PIN klíče určeného na tvorbu kvalifikovaných podpisů."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8203,7 +8354,7 @@ msgstr ""
 "|NP|Prosím, zadejte nový kód pro odblokování (PUK) klíče určeného na tvorbu "
 "kvalifikovaných podpisů."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8211,47 +8362,27 @@ msgstr ""
 "|NP|Prosím, zadejte kód pro odblokování (PUK) klíče určeného na tvorbu "
 "kvalifikovaných podpisů."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "chyba při získání nového PINu: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "uložení otisku se nezdařilo: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "uložení data vytvoření se nezdařilo: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "chyba při získání CHV z karty\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "odpověď neobsahuje modulus RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "odpověď neobsahuje veřejný exponent RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "odpověď neobsahuje veřejný klíč EC\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "odpověď neobsahuje veřejný klíč\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "čtení veřejného klíče se nezdařilo: %s\n"
@@ -8259,43 +8390,43 @@ msgstr "čtení veřejného klíče se nezdařilo: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sČíslo: %s%%0ADržitel: %s%%0APočítadlo: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "použije se výchozí PIN jako %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "použití výchozího PINu jako %s selhalo: %s – vypínám jeho budoucí použití\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Prosím, odemkněte kartu"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN pro CHV%d je příliš krátký; minimální délka je %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "ověření CHV%d se nezdařilo: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "karta je trvale uzamčena!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8307,20 +8438,20 @@ msgstr[1] ""
 msgstr[2] ""
 "Do trvalého uzamčení karty zůstává %d pokusů na zadání PINu správce\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "přístup k příkazům správce není nakonfigurován\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Prosím vložte PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Prosím, zadejte resetační kód karty"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Resetační kód je příliš krátký; minimální délka je %d\n"
@@ -8328,121 +8459,78 @@ msgstr "Resetační kód je příliš krátký; minimální délka je %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Nový resetační kód"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nový PIN správce"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Nový PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Prosím, zadejte PIN správce a nový PIN správce"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Prosím, zadejte PIN a nový PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "chyba při čtení aplikačních dat\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "chyba při čtení otisku DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "klíč již existuje\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "existující klíč bude přepsán\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generování nového klíče\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "nový klíč se zapisuje\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "chybí časové razítko vytvoření\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "schází RSA prime %s nebo nemá velikost %d bitů\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "nelze uložit klíč: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "nepodporovaná křivka\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "prosím počkejte než bude klíč vygenerován…\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generování klíče se nezdařilo\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generování klíče dokončeno (%d sekunda)\n"
-msgstr[1] "generování klíče dokončeno (%d sekundy)\n"
-msgstr[2] "generování klíče dokončeno (%d sekund)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "neplatná struktura OpenPGP karty (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "otisk na kartě se neshoduje s požadovaným\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "karta nepodporuje hashovací algoritmus %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "dosud vytvořené podpisy: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "ověření PIN správce je nyní prostřednictvím tohoto příkazu zakázáno\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "přístup na %s se nezdařil – vadná OpenPGP karta?\n"
@@ -8454,59 +8542,63 @@ msgstr "||Prosím, zadejte svůj PIN na klávesnici čtečky"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Prvotní nový PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "pracovat ve více serverové režimu (na popředí)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|ÚROVEŇ|nastaví ladicí úroveň na ÚROVEŇ"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|SOUBOR|zapisovat protokol do SOUBORU"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|připojit se na čtečku na portu N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "NÁZEV|použít NÁZEV jako ovladač ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "NÁZEV|použít NÁZEV jako ovladač PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "nepoužívat vnitřní ovladač CCID"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|odpojovat se od karty po N sekundách nečinnosti"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "nepoužívat klávesnici čtečky"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "používat vstup o proměnné délce na klávesnici čtečky"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "zakázat používání správcovských příkazů karty"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Použití: @SCDAEMON@ [volby] (-h pro nápovědu)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8514,38 +8606,32 @@ msgstr ""
 "Syntaxe: scdaemon [volby] [příkaz [argumenty]]\n"
 "Démon pro čipové karty (smartcard) pro @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "prosím, použijte volbu „--daemon“, chcete-li nechat běžet program na pozadí\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "obsluha pro deskriptor %d spuštěna\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "obsluha pro deskriptor %d ukončena\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "chyba při zjišťování informací o použití klíče: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "certifikátem vyžadovaný ověřovací model: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "řetězený"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "jednovrstvý"
 
@@ -8578,7 +8664,7 @@ msgstr "Poznámka: nekritické certifikační politiky nejsou dovoleny"
 msgid "certificate policy not allowed"
 msgstr "certifikační politika není dovolena"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "otisk se nepodařilo získat\n"
@@ -8593,7 +8679,7 @@ msgstr "hledám vydavatele na jiném místě\n"
 msgid "number of issuers matching: %d\n"
 msgstr "počet odpovídajících vydavatelů: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "authorityInfoAccess nelze získat: %s\n"
@@ -8613,207 +8699,207 @@ msgstr "počet odpovídajících certifikátů: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "hledání klíče pouze ve vyrovnávací paměti dirmngr neuspělo: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "alokace popisovače keyDB se nezdařila\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certifikát byl odvolán"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "status certifikáty není znám"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "prosím, ujistěte se, že „dirmngr“ je správně nainstalován\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontrola CRL se nezdařila: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certifikát s chybnou platností: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certifikát ještě nenabyl platnosti"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "kořenový certifikát ještě nezačal platit"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "mezilehlý certifikát ještě nezačal platit"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certifikátu vypršela platnost"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "kořenový certifikát je prošlý"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "mezilehlý certifikát je prošlý"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "chybí povinné atributy certifikátu: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certifikát s neplatnou platností"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "podpis nebyl vytvořen v době životnosti certifikátu"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certifikát nebyl vytvořen v době životnosti vydavatele"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "mezilehlý certifikát nebyl vytvořen v době životnosti vydavatele"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (       podpis vytvořen "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (   certifikát vytvořen "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (   certifikát planý od "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (   vydavatel platný od "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "otisk=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "kořenový certifikát byl nyní označen za důvěryhodný\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "v gpg-agentu není povoleno interaktivní označování za důvěryhodný\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interaktivní označovaní jako důvěryhodný je pro tuto relaci zakázáno\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "VAROVÁNÍ: datum vytvoření podpisu není známo – předpokládám současnost"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "v certifikátu nebyl nalezen vydavatel"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "certifikát podepsaný sám sebou má ŠPATNÝ podpis"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "kořenový certifikát není označen jako důvěryhodný"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontrola seznamu důvěry se nepodařila: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "řetěz certifikátů je příliš dlouhý\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "certifikát vydavatele nebyl nalezen"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certifikát má ŠPATNÝ podpis"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "nalezen jiný možný odpovídající certifikát autority – zkusí se znovu"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "řetěz certifikátů je delší než dovoluje CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certifikát je v pořádku\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "mezilehlý certifikát je v pořádku\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "kořenový certifikát je v pořádku\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "přepínám do řetězeného modelu"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "použit ověřovací model: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%ubitový hash není platná pro %ubitový %s klíč\n"
 
 # Yet another expression for `not enough memory' :)
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "nedostatek paměti\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(toto je algoritmus MD2)\n"
@@ -8822,27 +8908,27 @@ msgstr "(toto je algoritmus MD2)\n"
 # none serial, none date
 # #-#-#-#-#  cs.po (dirmngr 1.0.3)  #-#-#-#-#
 # status
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "žádný"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Chyba – neplatné kódování]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Chyba – nedostatek paměti]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Chyba – Žádné jméno]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Chyba – neplatné DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8856,133 +8942,144 @@ msgstr ""
 "sériové číslo %s, ID 0x%08lX,\n"
 "vytvořen %s, platnost vyprší %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "žádné použití klíče není určeno – předpokládají se všechna použití\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "chyba při zjišťování informací o použití klíče: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "certifikát neměl být použit pro certifikování\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certifikát neměl být použit pro podepsání OCSP odpovědi\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certifikát neměl použit pro šifrování\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certifikát neměl být použit pro podepsání\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certifikát není použitelný pro šifrování\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certifikát není použitelný pro podepisování\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "vyhledá certifikát"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "řádek %d: neplatný algoritmus\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "řádek %d: neplatná délka klíče %u (platná je %d až %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "řádek %d: nezadán žádný název subjektu\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "řádek %d: neplatný název subjektu „%.*s“\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "řádek %d: neplatný název subjektu „%s“ na pozici %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "řádek %d: neplatná e-mailová adresa\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "řádek %d: neplatné sériové číslo\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "řádek %d: neplatný název vydavatele „%.*s“\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "řádek %d: neplatný název vydavatele „%s“ na pozici %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "řádek %d: zadáno neplatné datum\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "řádek %d: chyba při získávání podpisového klíče podle keygripu „%s“: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "řádek %d: zadán neplatný algoritmus hashe\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "řádek %d: neplatný identifikátor klíče autority\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "řádek %d: neplatný identifikátor klíče subjektu\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "řádek %d: neplatná syntaxe rozšíření\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "řádek %d: chyba při čtení klíče „%s“ z karty: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "řádek %d: chyba při získávání klíče podle keygripu „%s“: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "řádek %d: generování klíče se nepodařilo: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8990,45 +9087,45 @@ msgstr ""
 "Žádost o certifikát dokončíte tím, že zadáte heslo pro klíč, který jste "
 "právě vytvořili, ještě jednou.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Existující klíč\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Klíč existující na kartě\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Možné způsoby užití %s klíče:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) podepisovat, Å¡ifrovat\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) podepisovat\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) Å¡ifrovat\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Zadejte X.509 jméno subjektu: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Nebylo zadáno Žádné jméno\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Neplatné jméno subjektu „%.*s“\n"
@@ -9038,245 +9135,238 @@ msgstr "Neplatné jméno subjektu „%.*s“\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Neplatné jméno subjektu „%s“\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "25 délka předešlého řetězce: see certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Zadejte e-mailovou adresu"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (ukončete prázdným řádkem):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Zadejte DNS jména"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (volitelné; ukončete prázdným řádkem):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Zadejte (několik) URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Vytvořit sám sebou podepsaný certifikát? (a/N)"
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Budou použity tyto parametry:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "chyba při vytváření dočasného souboru: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Nyní se vytváří sám sebou podepsaný certifikát. "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Nyní se vytváří žádost o certifikát. "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "To může chvíli trvat…\n"
 
 # Ready ve významu finished po vygenerování certifikátu
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Hotovo.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Hotovo. Nyní byste měli tuto žádost poslat svojí CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "problém se zdroji: nedostatek paměti\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s zašifrovaná data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(toto je algoritmus RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(toto nevypadá jako zašifrovaná zpráva)\n"
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
 # [kw]
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "zašifrováno %s klíčem, ID %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certifikát „%s“ nebyl nenalezen: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "chyba při zamykání schránky na klíče: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "zdvojený certifikát „%s“ smazán\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certifikát „%s“ smazán\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "smazání certifikátu „%s“ se nezdařilo: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "(nebyli zadáni Žádní platní příjemci)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "vypsat seznam externích klíčů"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "vypsat řetěz certifikátů"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importovat certifikáty"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "exportovat certifikáty"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "zaregistrovat čipovou kartu"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "předat příkaz do dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "vyvolat gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "vůbec nepoužívat terminál"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|počet certifikátů, které zahrnout"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|SOUBOR|vzít politiky ze SOUBORU"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "předpokládat vstup ve formátu PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "předpokládat vstup ve formátu Base-64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "předpokládat vstup v binárním formátu"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "vytvářet výstup zakódovaný pomocí Base-64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|ID_UŽIVATELE|použít ID_UŽIVATELE jako implicitní tajný klíč"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|SOUBOR|přidat klíčenku na seznam klíčenek"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|použít tento server pro dohledávání klíčů"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "stahovat chybějící certifikáty vydavatelů"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NÁZEV|používat kódování NÁZEV pro PKCS#12 hesla"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "nikdy nenahlížet do CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "neprověřovat kořenové certifikáty proti CRL"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "kontrolovat platnost pomocí OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "nekontrolovat politiky certifikátu"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NÁZEV|použít šifrovací algoritmus NÁZEV"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NÁZEV|použít hashovací algoritmus NÁZEV"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "dávkový režim: nikdy se neptat"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "předpokládat ano na většinu otázek"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "předpokládat ne na většinu otázek"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|SOUBOR|zapisovat auditní protokol do SOUBORU"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Použití: @GPGSM@ [možnosti] [soubory] (-h pro pomoc)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9286,87 +9376,123 @@ msgstr ""
 "Podepisuje, ověřuje, šifruje nebo dešifruje pomocí protokolu S/MIME.\n"
 "Výchozí operace závisí na vstupních datech.\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Poznámka: nebude možné šifrovat pro „%s“: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "neznámý model ověřování „%s“\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: nebyl zadán název stroje\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: zadáno heslo bez uživatele\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: přeskakuji tento řádek\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "nelze rozebrat serveru klíčů\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importují se běžné certifikáty „%s“\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "nelze podepsat pomocí „%s“: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "neplatný příkaz (neexistuje žádný implicitní příkaz)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "celkem zpracováno: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "chyba při ukládání certifikátu\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "základní kontrola certifikátu selhala – neimportováno\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "chyba při získání uložených příznaků: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "chyba při importování certifikátu: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "chyba při čtení vstupu: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "v této relaci neběží žádný dirmngr\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "chyba při otevírání databáze klíčů: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problém při hledání existujícího certifikátu: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "chyba při hledání zapisovatelné keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "chyba při ukládání certifikátu: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problém při opakovaném hledání certifikátu: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "chyba při ukládání příznaků: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Chyba – "
 
@@ -9375,17 +9501,17 @@ msgstr "Chyba – "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY nebyla nastavena – použiji možná chybnou implicitní hodnotu\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "nesprávně formátovaný otisk v „%s“, řádek %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "neplatný kód země v „%s“, řádek %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9402,7 +9528,7 @@ msgstr ""
 "\n"
 "%s%sJste si skutečně jisti, že to chcete udělat?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9411,7 +9537,7 @@ msgstr ""
 "Vezměte na vědomí, že tento software není oficiálně schválený k vytváření "
 "nebo ověřování takových podpisů.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9422,55 +9548,62 @@ msgstr ""
 "„%s“\n"
 "Vezměte na vědomí, že tento certifikát NEVYTVOŘÍ kvalifikovaný podpis!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "hashovací algoritmus %d (%s) podepisovatele %d není podporován; použiji %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "hashovací algoritmus použitý pro podepisovatele %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "kontrola kvalifikovaného certifikátu selhala: %s\n"
 
-#: sm/verify.c:463
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Podpis vytvořen %s pomocí klíče %s s ID uživatele %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Podpis vytvořen "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[datum neudáno]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "algoritmus:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 "neplatný podpis: atribut otisku zprávy se neshoduje s vypočteným otiskem\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Dobrý podpis od"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "          alias"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Toto je kvalifikovaný podpis\n"
@@ -9496,104 +9629,104 @@ msgid "can't release lock on the certificate cache: %s\n"
 msgstr "zámek keše certifikátů nelze uvolnit: %s\n"
 
 # TODO: plural
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "%u certifikátů bude z keše vyřazeno\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "certifikát „%s“ nelze rozebrat: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certifikát „%s“ je již zapamatován\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "zaveden důvěryhodný certifikát „%s“\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certifikát „%s“ zaveden\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "        otisk SHA1 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "vydavatel ="
 
 # XXX: align with msgid "   issuer ="
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  subjekt ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "chyba při zavádění certifikátu „%s“: %s\n"
 
 # XXX: Align with msgid "runtime cached certificates:"
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "     trvale zavedených certifikátů: %u\n"
 
 # XXX: Align with msgid "permanently loaded certificates:"
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "za běhu zapamatovaných certifikátů: %u\n"
 
 # XXX: Align with msgid "permanently loaded certificates:"
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "         důvěryhodných certifikátů: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certifikát již v keši\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certifikát uložen do keše\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "chyba při ukládání certifikátu do keše: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "neplatný řetězec otisku SHA1 „%s“\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "chyba při stahování certifikátu určeného sériovým číslem: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "chyba při stahovaní certifikátu určeného subjektem: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "v certifikátu nebyl nalezen vydavatel\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "chyba při zjišťování authorityKeyIdentifier: %s\n"
@@ -10124,55 +10257,55 @@ msgstr "Přístup k CRL není možný kvůli režimu Tor\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "dohledání certifikátu nemožné kvůli vypnutému %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "místo CRL použije OCSP"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "zjistí, jestli dirmngr běží"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "přidá certifikát do keše"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "ověří platnost certifikátu"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "vyhledá certifikát"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "hledá pouze mezi lokálně uloženými certifikáty"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "u --lookup očekává URL"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "zavede CRL do dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "zvláštní režim pro použití se Squidem"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "očekává certifikáty ve formátu PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "vynutí použití výchozího OCSP odpovídače"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Použití: dirmngr-client [volby] [cert_soubor|vzor] (-h pro nápovědu)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10184,215 +10317,211 @@ msgstr ""
 "Proces vrátí 0, pokud je certifikát platný, 1, pokud není platný nebo jiný\n"
 "chybový kód značící obecné selhání.\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "chyba při čtení certifikátu ze standardního vstupu: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "chyba při čtení certifikátu z „%s“: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certifikát je příliš velký, než aby dával smysl\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "k dirmngr se nelze připojit: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "hledání selhalo: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "zavádění CRL „%s“ selhalo: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "démon dirmngr běží\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "ověření platnosti certifikátu selhalo: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "certifikát je platný\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "certifikát byl odvolán\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "kontrola certifikátu selhala: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "obdržen status: „%s“\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "chyba při zápisu kódování base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "nepodporovaný dotaz „%s“\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "očekáván absolutní název souboru\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "hledá se „%s“\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "vypíše obsah CRL keše"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|SOUBOR|zavede CRL ze SOUBORU do keše"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|stáhne CRL z URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "vypne dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "vyprázdní keš"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "povolí kontrolu verze softwaru po síti"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|nevrací více jak N položek na jeden dotaz"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "směrovat veškerý síťový provoz skrz Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Nastavení serverů klíčů"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|používat server klíčů na URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|SOUBOR|pro HKP přes TLS použije certifikáty CA ze SOUBORU"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Nastavení HTTP serverů"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "zakáže použití HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignoruje HTTP distribuční místa CRL "
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|všechny HTTP požadavky přesměruje na URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "používat systémové nastavení HTTP proxy"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Nastavení používaných LDAP serverů"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "zakáže použití LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignoruje LDAP distribuční místa CRL"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|STROJ|pro LDAP dotazy použije STROJ"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "nepoužije náhradní stroje s --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|použít tento server pro dohledávání klíčů"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|SOUBOR|načte seznam LDAP serverů ze SOUBORU"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "na seznam serverů přidá nové servery nalezené v místech distribuce CRL"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|nastaví časový limit pro LDAP na N sekund"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Nastavení OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "povolí odesílání OCSP dotazů"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignoruje URL služby OCSP uvedené v certifikátu"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|použije OCSP odpovídače na URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|OTISK|OCSP odpovědi podepsané podle OTISKU"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "vynutí zavedení zastaralých CRL"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10401,11 +10530,11 @@ msgstr ""
 "@\n"
 "(Úplný seznam příkazů a voleb naleznete v „info“ manuálu.)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Použití: @DIRMNGR@ [volby] (-h pro nápovědu)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10413,114 +10542,296 @@ msgstr ""
 "Syntaxe: @DIRMNGR@ [volby] [příkaz [argumenty]]\n"
 "Přístup k serveru s klíči, CRL a OCSP z @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "platné úrovně ladění jsou: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "použití: %s [volby] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "dvojtečky v názvu socketu jsou nepřípustné\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "stahování CRL z „%s“ selhalo: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "zpracování CRL z „%s“ selhalo: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: řádek je příliš dlouhý – přeskočen\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: zjištěn neplatný otisk\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: chyba čtení: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: nepořádek na konci řádku ignorován\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "přijat SIGHUP – konfigurace bude znovu načtena a keš vyprázdněna\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "přijat SIGUSR2 – žádná akce nedefinována\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "přijat SIGTERM – vypíná se…\n"
 
 # TODO: plural
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "přijat SIGTERM – stále aktivních spojení: %d\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "vypnutí vynuceno\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "přijat SIGINT – okamžité vypnutí\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "přijat signál č. %d – žádná akce nedefinována\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "vrátí všechny hodnoty v záznamově orientovaném formátu"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NÁZEV|ignoruje část se strojem a připojí se skrze NÁZEV"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NÁZEV|připojí se ke strojí NÁZEV"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|připojí se na port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|JMÉNO|pro autentizaci použije JMÉNO uživatele"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|HESLO|pro autentizaci použije HESLO"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "heslo získá z $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|ŘETĚZEC|dotáže se na DN ŘETĚZEC"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|ŘETĚZEC|jako filtrující výraz použije ŘETĚZEC"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|ŘETĚZEC|vrátí atribut ŘETĚZEC"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Použití: dirmngr_ldap [volby] [URL] (-h pro nápovědu)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntaxe: dirmngr_ldap [volby] [URL]\n"
+"Vnitřní LDAP pomůcka pro pro Dirmngr.\n"
+"Rozhraní a volby se mohou bez upozornění změnit.\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "neplatné číslo portu %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "ve výsledku se hledá atribut „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "chyba při zápisu na standardní výstup: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          dostupný atribut „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "atribut „%s“ nenalezen\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "nalezen atribut „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "zpracovává se URL „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          uživatel „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          heslo „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          stroj „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filtr „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          atribut „%s“\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "v „%s“ chybí název stroje\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "u dotazu „%s“ nezadán žádný atribut\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "POZOR: použije se pouze první atribut\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "Inicializace LDAP u „%s:%d“ selhala: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "Inicializace LDAP u „%s:%d“ selhala: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "Inicializace LDAP u „%s:%d“ selhala: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "napojení k „%s:%d“ selhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "hledávání „%s“ neuspělo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "„%s“ není LDAP URL\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "„%s“ není platné LDAP URL\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "chyba přístupu k „%s“: status HTTP %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL „%s“ přesměrováno na „%s“ (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "příliš mnoho přesměrování\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "přesměrování změněno na „%s“\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "chyba při tisknutí řádku protokolu: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "chyba při čtení protokolu z ldapové obálky č. %d: %s\n"
@@ -10550,51 +10861,31 @@ msgstr "čekání na ldapovou obálku %d selhalo: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldapová obálka %d se zasekla – bude zabita\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "v názvu stroje je neplatný znak 0x%02x – nepřidáno\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "na seznam LDAP serverů se přidává „%s:%d“\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "funkce malloc selhala: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "„%s“ není LDAP URL\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "„%s“ není platné LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: chybný vzor „%s“\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search přesáhl omezení velikosti serveru\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: zadáno heslo bez uživatele\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: přeskakuji tento řádek\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10680,92 +10971,92 @@ msgstr "hašování OCSP odpovědi pro „%s“ selhalo: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "nepodepsáno výchozím OCSP certifikátem podepisovatele"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "alokování prvku seznamu selhalo: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "chyba při zjišťování ID odpovídače: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "žádný vhodný certifikát pro ověření OCSP odpovědi nebyl nalezen\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "certifikát vydavatele nenalezen: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "volající nevrátil cílový certifikát\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "volající nevrátil vydávající certifikát\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "alokace OCSP kontextu selhala: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "žádný výchozí OCSP odpovídač nedefinován\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "žádný výchozí OCSP podepisovatel nedefinován\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "použije se výchozí OCSP odpovídač „%s“\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "použije se OCSP odpovídač „%s“\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "chyba při zjišťování OCSP stavu cílového certifikátu: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "stav certifikátu je: %s (nyní=%s, příště=%s)\n"
 
 # status
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "dobrý"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certifikát byl odvolán kdy: %s, důvod: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP odpovídač vrátil stav v budoucnosti\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP odpovídač vrátil ne současný stav\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP odpovídač vrátil příliš starý stav\n"
@@ -10775,67 +11066,71 @@ msgstr "OCSP odpovídač vrátil příliš starý stav\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "volání assuan_inquire(%s) selhalo: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "chybí ldapserver (LDAP server)"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "v ID certifikátu chybí serialno (sériové číslo)"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "volání assuan_inquire selhalo: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "volání fetch_cert_by_url selhalo: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "chyba při odesílání dat: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "volání start_cert_fetch selhalo: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "volání fetch_next_cert selhalo: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies (max. odpovědí) %d překročeno\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "řídící strukturu nelze alokovat: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "alokace kontextu assuan selhala: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "inicializace serveru selhala: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "registrace příkazu u Assuanu selhala: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "problém příjmu Assuanu: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "zpracování Assuanu se nezdařilo: %s\n"
@@ -10878,51 +11173,57 @@ msgstr "řetěz certifikátů je v pořádku\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certifikát neměl být použit pro podepsání CRL\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "stručný výstup"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "vypisovat data v šestnáctkové soustavě"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "dekódovat přijaté datové řádky"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "připojit se k dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "připojit se k dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NÁZEV|připojit se na socket Assuanu s NÁZVEM"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADRESA|připojit se na socket Assuanu na ADRESE"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "spustit server Assuan zadaný na příkazové řádce"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "nepoužívat rozšířený režim připojení"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|SOUBOR|spustit příkazy ze SOUBORU při startu"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "spustit /subst při startu"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Použití: @GPG@-connect-agent [volby] (-h pro nápovědu)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10930,173 +11231,189 @@ msgstr ""
 "Syntaxe: @GPG@-connect-agent [volby]\n"
 "Připojí se na běžícího agenta a odesílá příkazy\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "volba „%s“ vyžaduje program a volitelné argumenty\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "volba „%s“ ignorovaná kvůli „%s“\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "přijímání řádku se nezdařilo: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "řádek je příliš dlouhý – přeskočen\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "řádek zkrácen, protože obsahoval znak \\0\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "neznámý příkaz „%s“\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "odesílání řádku selhalo: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "v této relaci neběží žádný dirmngr\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "chyba při odesílání standardního parametru: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "veřejný klíč je %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Soukromé klíče"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Čipové karty"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Síť"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Pole pro heslo"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Komponenta není vhodná pro spuštění"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Konfigurační soubor komponenty %s je rozbitý\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Poznámka: Podrobnosti získáte příkazem „%s%s“.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Selhalo externí ověření komponenty %s"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Vezměte na vědomí, že určení skupiny se ignoruje\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "chyba při uzavírání „%s“\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "chyba při rozboru „%s“\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "vypsat všechny komponenty"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "zkontrolovat všechny programy"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|KOMPONENTA|vypsat volby"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|KOMPONENTA|změnit volby"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|KOMPONENTA|zkontrolovat volby"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "aplikovat globální implicitní hodnoty"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|SOUBOR|aktualizovat konfigurační soubory pomocí SOUBORU"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "získat adresáře s nastavením @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "vypsat globální konfigurační soubor"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "zkontrolovat globální konfigurační soubor"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "dotázat se databázi verzí softwaru"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "znovu načíst všechny nebo zadané komponenty"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "spustit zadanou komponentu"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "zabít zadanou komponentu"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "použít jako výstupní soubor"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "provést změny za běhu, pokud to lze"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Použití: @GPGCONF@ [volby] (-h pro nápovědu)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11104,15 +11421,15 @@ msgstr ""
 "Syntaxe: @GPGCONF@ [volby]\n"
 "Spravuje konfigurační volby nástrojů, které patří do systému @GNUPG@\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Potřebuji jeden argument určující komponentu"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Komponenta nenalezena"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Žádné argumenty nejsou povoleny"
 
@@ -11129,149 +11446,230 @@ msgstr ""
 "Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
 "Prověří heslo zadané na vstupu proti souboru se vzory\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "vyžádaná symetrická šifra %s (%d) nevyhovuje předvolbám příjemce\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Poznámka: na kartě jsou již klíče uloženy!\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Poznámka: na kartě jsou již klíče uloženy!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "chyba při zápisu do dočasného souboru: %s\n"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Přepsat existující klíče? (a/N) "
 
-#~ msgid "use a log file for the server"
-#~ msgstr "použít pro server soubor s protokolem"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Nalezena OpenPGP karta číslo %s\n"
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|SOUBOR|zapisovat protokol režimu server do SOUBORU"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "run without asking a user"
-#~ msgstr "běží bez dotazování se uživatele"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "povolit dohledávání PKA (dotazy na DNS)"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Volby ovlivňující podobu výstupu"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "přidá certifikát do keše"
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Volby ovlivňující použití Toru"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
-#~ msgid "LDAP server list"
-#~ msgstr "Seznam LDAP serverů"
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "nastavit KDF pro autentizaci kódem PIN"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "požaduji klíč %s z %s serveru %s\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: nebyl zadán název stroje\n"
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "přidá certifikát do keše"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "nelze rozebrat serveru klíčů\n"
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "přidá certifikát do keše"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "vrátí všechny hodnoty v záznamově orientovaném formátu"
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NÁZEV|ignoruje část se strojem a připojí se skrze NÁZEV"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NÁZEV|připojí se ke strojí NÁZEV"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|připojí se na port N"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "změnit heslo"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|JMÉNO|pro autentizaci použije JMÉNO uživatele"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "nalezena karta se sériovým číslem: %s\n"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|HESLO|pro autentizaci použije HESLO"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "na kartě není autentizační klíč pro SSH: %s\n"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "heslo získá z $DIRMNGR_LDAP_PASS"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Prosím, vyjměte kartu a vložte jinou se sériovým číslem"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|ŘETĚZEC|dotáže se na DN ŘETĚZEC"
+#~ msgid "use a log file for the server"
+#~ msgstr "použít pro server soubor s protokolem"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|ŘETĚZEC|jako filtrující výraz použije ŘETĚZEC"
+#~ msgid "connection to %s established\n"
+#~ msgstr "spojení k programu %s ustanoveno\n"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|ŘETĚZEC|vrátí atribut ŘETĚZEC"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "gpg-agent neběží – spouští se „%s“\n"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Použití: dirmngr_ldap [volby] [URL] (-h pro nápovědu)\n"
+#~ msgid "argument not expected"
+#~ msgstr "argument nebyl očekáván"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Syntaxe: dirmngr_ldap [volby] [URL]\n"
-#~ "Vnitřní LDAP pomůcka pro pro Dirmngr.\n"
-#~ "Rozhraní a volby se mohou bez upozornění změnit.\n"
+#~ msgid "read error"
+#~ msgstr "chyba při čtení"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "neplatné číslo portu %d\n"
+#~ msgid "keyword too long"
+#~ msgstr "klíčové slovo je příliš dlouhé"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "ve výsledku se hledá atribut „%s“\n"
+#~ msgid "missing argument"
+#~ msgstr "postrádám argument"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "chyba při zápisu na standardní výstup: %s\n"
+#~ msgid "invalid argument"
+#~ msgstr "neplatný argument"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          dostupný atribut „%s“\n"
+#~ msgid "invalid command"
+#~ msgstr "neplatný příkaz"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "atribut „%s“ nenalezen\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "neplatný definice aliasu"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "nalezen atribut „%s“\n"
+#~ msgid "out of core"
+#~ msgstr "nedostatek paměti"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "zpracovává se URL „%s“\n"
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "neplatný příkaz"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          uživatel „%s“\n"
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "neznámý příkaz „%s“\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          heslo „%s“\n"
+#, fuzzy
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "neočekávaná data"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          stroj „%s“\n"
+#~ msgid "invalid option"
+#~ msgstr "neplatný parametr"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          port %d\n"
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "postrádám argument u volby „%.50s“\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN „%s“\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "volba „%.50s“ nečeká argument\n"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        filtr „%s“\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "neplatný příkaz „%.50s“\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          atribut „%s“\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "volba „%.50s“ není jednoznačná\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "v „%s“ chybí název stroje\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "příkaz „%.50s“ není jednoznačný\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "u dotazu „%s“ nezadán žádný atribut\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "neplatný parametr „%.50s“\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "POZOR: použije se pouze první atribut\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Poznámka: neexistuje implicitní soubor s možnostmi „%s“\n"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "Inicializace LDAP u „%s:%d“ selhala: %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "soubor s možnostmi „%s“: %s\n"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "napojení k „%s:%d“ selhalo: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "nelze spustit program „%s“: %s\n"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "hledávání „%s“ neuspělo: %s\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "nelze spustit externí program\n"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: chybný vzor „%s“\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "nelze přečíst odpověď externího programu: %s\n"
+
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "ověřovat podpisy s daty PKA"
+
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "vyzvednout důvěru podpisů s platnými daty PKA"
+
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC a ECC\n"
+
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "respektovat PKA záznamy klíče při získávání klíčů"
+
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Poznámka: Podepisovatelova ověřená adresa je „%s“\n"
+
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Poznámka: Podepisovatelova adresa „%s“ se neshoduje s DNS záznamem\n"
+
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "úroveň důvěry opravena na PLNOU, kvůli platné PKA informaci\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "úroveň důvěry opravena na ŽÁDNOU, kvůli špatné PKA informaci\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|SOUBOR|zapisovat protokol režimu server do SOUBORU"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "chybí ldapserver (LDAP server)"
+#~ msgid "run without asking a user"
+#~ msgstr "běží bez dotazování se uživatele"
+
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "povolit dohledávání PKA (dotazy na DNS)"
+
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Volby ovlivňující podobu výstupu"
+
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Volby ovlivňující použití Toru"
+
+#~ msgid "LDAP server list"
+#~ msgstr "Seznam LDAP serverů"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "Poznámka: starý implicitní soubor s možnostmi „%s“ ignorován\n"
@@ -11326,8 +11724,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "%s nelze otevřít pro zápis: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "chyba při čtení z %s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "chyba při zápisu do %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "chyba při zavírání chyba %s: %s\n"
@@ -11443,12 +11841,6 @@ msgstr ""
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "volání listen() selhalo: %s\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "čeká se na dirmngr… (%d s)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "spojení na dirmngr ustanoveno\n"
-
 #~ msgid "What keysize do you want for the Signature key? (%u) "
 #~ msgstr "Jakou délku klíče pro podepisování si přejete? (%u) "
 
diff --git a/po/da.gmo b/po/da.gmo
index 15aee8fd1403cbdcc360277af7426068d2f70dfa..bd56db93415a0634703029aff34991d15eb3f02f 100644
GIT binary patch
delta 28658
zcmYk_1#}fx0><%qNg!B&03k?#hr2sLf&`c1TAbnmLXcA6;aXe*#oaZ~AO#A=-J!S@
zD^jdD?EicBvZr&-^mlEp-<b#7-951+-ixvEJU5d0&2YHV#c`Yv^vmfu=i)lfle$WE
zoD$s~Coh)7Q0$2DT#mB@gNd(=aGWE!ACu$69*&a=7h?w8iD~gFs{Xgu6g|Chk5kYD
zoZ8l|ScrmSu(&F)@mE-hc(z`SlMlOMHT(rt?jEXvkVwZ#h$T@S47YxdsfqVNm7C<%
z!w77`5me9b+xS-uBp%Y+adKlm%!bV{GY-WdT!!9}Vj|*KF)2R80DO-r(Lc&GoF20f
z55*wbcUlurfxf5)CSV%ef_d;1s>h#D<x=-?oQzli)q#4b@|~>1t@Ewht>>-JF&X6(
z^mQDMrYao)HINe(uZ$_Mo=xwFTEh{j8ChuEj2h{F%!(IKQ~VKCUr;||A<RX*4ramu
z_&v_+=Xkt5|42e&5>oc3Gnf@M!iuP=>VTSwahM%rQ60L8sqmwXr})uvDiAM#Ww1A<
z$4#h)Pop~e3N_QI2QdF?C~SbqXp1U12DQd(Pz|0!H@-!UEY(kDhKi!%)or{Z1`{8M
znwjaC1DBx&auPMOuP`~r^9(c%g`j#GhAP;~#z$C}pgOt_L-3wWcMURA?#BG2mqK;C
z3#P$|s1B_{jd(9=1|Fg|t0(bbv*u~B014Sq4K%U#K~4Qs)J*KbBKQESVhA&+iaJ;$
zQG3XP>2N&8$5ogXV=x1rLT13@JSV`r$MGHFIE^trR>C%z7nh?tb{=)^;|w+Dz6fel
z4MrW$Rj3YLKy~OdY6%hyGc%AD{fQSw?X^%$O8ZWA0;x%8j_I)vYU-wAT-;#uf5nu<
zPoqZi05!F~!>JV0q8g}!nxV$10sM?QH9JrpJdPU3Ym7(xPUaD2&GVq9sxE4CG)KKa
zdZ0Qs2(>hGQ61TiS@1Nf;Wt<gKchNOW+eLoBT>(<LoLa1)Bql%M<b6r%Ir!vmLOgf
zHANAq{6W@eRKuH46&%LQcn`B-ywPU2=SRhxpdWfryM6@5!`Z0%7msHCixb#HLNR=V
znlkqoGo`h$B=KRWJ@6Zr#-~^lbB%SJD%cOha1WM6XPns+<**FVu9yT@p+9a%&B)$y
z%)c^jk&p@h!33CmyqUW67(~1&>Xq38HIiYdkw>G}b|<RB6R4$of-2|yYz7pBS%_A|
zc-RRw)4e<dG*zono8k=SLT7?G@3~PUuZ1c%81vvV)Y6<qEyWX?9&e%<Kv678dKjvs
zeNi3z1@*>Uk2)QmLj>XyxQv>Cn>Y)7CYkd+2bF#gbD;lZGm-+R5jMnd?1BYxBWlL(
zpf=k()M-jN#dNqJYNl!+GvIN$5KzySppH{4s^U|a0q@~L^qXo%x(u}xdu{x@jsJt1
z5#MR1!E~sRmcR;F7uB)ps3l*Gfja*?2xwOy$E<i4wMpVnHysN^<!41rb!p6pP0)>_
zQ8TmB=AW_YPf>d*@eF1YQ)6-rL3N}6CZ>I-GJ!yBh#EmhRKcOBhG(EgvKCeD0O~z(
z$)>+XJr^+3j66H4gB4Kq^umNV5_97e<e)jb(9@Jac(hsL1*nSmq1N;!Y6-HkA+-6z
zQ61=pDmNHY;2hLiZ$y<piJHl0m=jaXHZxTgmEH<f&&b)#e`NyEw!jT6Nc^iUSnwC~
zE^mwhq_;<3j6_w`7gOR~)JS7cBRz!b$T^&kuTTS;I>&e!dlFASm-%-Sm^9a%(~ZbR
zcW$66h?r+yAQQ0~@#9z@Q&MYL?1Fq}oK;vFb1yK*t`pWKJ|7$6Q`AgUT<AFMusdeJ
zGadpN3A{j^)8vaxM~b7?ssrl5DX1mbiFfc0#&xk57W17Tete0kFvn7}xvF9+(p#dY
zx*uxSk43$JX4`zvVw<oNwY&GD8oq^k(Ii@CUd1J`DDm#7DPDqFstp)~w^66yEova{
z<))rWn2C5#8=q$5d(f@(e}{n9&Uc0RdIe)v;*Bv44#Gq@3pIje)~%?uKY$^44Ydj1
zTZ32HHzDdYgrNr119RY9bnE;dATWrjypO7={c6+jP}J_8i>YxF=Eq}L06$`S%(KP}
zpayEnTcIEJM|F4*Y5)^Z1N{Xv;(GM{{y(h%3HMPId_s*RXsxNBFzSt05j8W7P#qg+
z)2Cp3;!80eu19q&7IWi8?1Db)c<o|$tc=^yqXcI?l|xNb#gj1%m!a19KIX+#8_egp
zGHM2fV1C?$+8ehqI|gqwQ(g`W6OTZ3Xfdjuy%>zoH!}ZPWB*NN1~Q?hrUYieW|#*(
z*Z|j}DspW$yWNeNnK0~(^-)W>%X$S95r2z;=oe#-b4qIi{TeMm##9nCRexYUe2zK|
z>9-h5p_Zl*y0M3iPqz81Pz@ij`FBtQ^WAEG*rZ1-T|?Af`Uwl+3=aYN;2g$Ctoo~Y
zvFyZx#6Mse%oA%~KwYp1@hzyCc!WA`@wS=MlLspi?}lNx3B&OvYJerSn|j-0ZQ`Dp
z1ga7E%bI_O>FJMHpY#P7im$L7=HF?47xX}_<u=s$zHigx|Hey(cs)#m*RTS<#hh4b
zm)UFWk+{cMNkCJ67R#b*x0#wStVz5#mcie#G=9M_4BcaP@j$Ff{10r1iGDYGr!A_3
zqftw|)p{Q_gTZ?>P!Ej|(5{U{$Hn<Xb!g5$v&oKP9O94B7yrR@_!@^}vOidNoQb)x
z#eOrzqcJn_?WncBjz42k3ai8OFc<AR_X%i(fd@@b>tIRZLogHWz-)LOGos%ivqafY
zr=uno#UC*VZos6t2V3E3On?Or8$+#?(W8vIHlYRTm~_Mx_#<i!Ct?t;!sNII)xbH_
z^Y<_=KF9d@FY4IoFNRbu097tMCd8bm_eRkp%zp_29Z1k-n~$1_m#7gHIBM4F2h{GJ
zgE{aJrow+PF~&b;I-CmCa9#|+Qr4=NmUtu7(ni|&qGQazD%eFr0z8gd+e@gaeuHid
zK5i-~fg!{j*my6jKzsrQ<7rgKAKLu%C(KAop=PiP>Z3ITHDl2p0vgGD^ubuv2zS`@
zyQmI*LN%P`q*?Rgn3Z^Y)aDw8xp5b&p+~3zd_{FA<0&)1#+ZzFTMR%?9|EBShNF(x
z9?XTGPz`23ZPv6B79d_5HI*LBfOAmgcA{qBGHUPqgE=wI8MArwqh4r@Fg1?B^g92G
z351cb7qu6B&YB*FqDIyWHIk*M5g)`j_yn~%U!ocgIA=CzR%=OAL$y#d(h*DHAXLY<
zdDB_{%eKHXtKWGuMQKn4^I}r0g{rV6>Nxhte7FELBPUVk{V}S+#23s9C<|(;>!D`2
zHI~PDn1lA6n*@R|-bFK_^vKjWB~cYOLG6JkOo&r$`g|-ze24WZYA?AjnHedG1&P<i
zlsFtUW53w=R`e+2I023DE(YUkR7Hs{o6VLLHTCsS9qEr6=}fGOJ5X!w`=?o|yr_=W
z!Fbply_*&D6Ca0paL1plzaD%*LUs(iVk#(!nt|r14h=v}`Bc<q+m3F$h^qK4s$9CO
zrej4h4e_SvojKGDPemQ`m8gNoTxI?f5jaYM*7_3afw!oJg07j5Ng-52jZq^Xglb?B
zs-wT5Ue#AooAry$cV9Q<Ls6%y73z48Lp>kku?0@rjF+g6q`hHA7>ep?3rvl@QTY=v
z9j?Pvcns6xJuHCEP1BKrsPy`%8SH`Hr9*YVvx7i-0vAvfy+-vk;FcMA2~_^~=#K+Y
zYdgX^8MUT!F*zPb<=;Xz@C3Ei{<lrJBB+^ak2Q4uM-$MLoI^K$vhj3xOv9B?Q{TZl
z9<vbNgc{LB8~=<U#53JBzkteNM&ct-duuuBG@QgF=-g919(F!~xWtQM7?#E|I0!X$
zJJAm>p*GnyRK>3`5L5nTmM8~m2Fjr}S$%Y4OU#TO)Ql`aE!}P`L;KD(0=Y5GeY19z
zQOBkqYVC)h8jMDbWIJj%-$pg~7B%vO56l$jKy|DMX2LF*4JV*xdJAU7>*!Iy_o4a0
zkrPW0Z--fME~??ZSQhW1D$4Z8?1gHma&=K1?TdONPC$+DH`JcGg4!dmP&1nOvFUKR
z$IQRpU@b_{)J{T;XoZdML`~T_R0YpaBTxUgnXw|M4zxyfY^05^#q7k-Sl?q+;u)Wq
z&DaGK6OVqv{Hx*RB*@*E123Yc^ebxQAy3U(Hb<2kXq}Ggz*@|MXD|bPK|P=TnVE@D
z)KWA>?S+Bp#)TdN-YG^+*<I9#UC+%_g`m!T3CxA{FfR^5HM|Bj($nb1cbE@T|6^vT
zD&`~}g=%;{s)PGb^?2?O&>l$o!u(047#1bo9rNQ7)C1>GBY1^sFy%|r(XtpyyeSsI
z8K`mxQT0AT)sy6v`B;@hEpa3=aE~*JfJVF$OW_|T!}(%$zcx!!0dtez6}3sDQB!;x
zi{Mk#(qwvLX0j9(BHjdx;ds<c?8B1y1e5FhXZzRe-cneFjJl}JG8-%49n`MP`qs=u
zdDK$1v3gJ)nTHz44%CcYK)pHNpq@|h&UCZ@YL9im47Be|B%rlfk6M$n7=X@ub9@qG
zFwyLo9Lu3PP#;rbFHDAGPz}z(Al!lR@ieMqS1=X6!PJ=e1M{zp90ZbLMbz3hKuy&^
zRL_^A9@vK}cMVnUDXPJskLEZP!Fa?gqDEK~wFG@on|vj@@hGakzdthnJ_O=?G9!wI
zafoNb1egak;^H>H2C95#48d-wO*R(QkqxLBJc%Lr3H4q`{n>2FFicFm9je~Q&&+=k
z0;5RKn$1M@^jA!WmoWwYi)k?77t>HSRKwxuhh0%4>WQj&9BKgbQT47u9oHkM0X#!>
z?1hJb)+p6iGv%2uJ@J~T2fCsgCu1?(gzCscOoYCU%ln_8Bt=zN6*FKD)LKtM4P+(i
z`Gc4iKci;IliKC-9=l?wP1p<7zzoz>ZbWUq8>k2Wwee&=rd%%6W(&7A$4ta~p`M?P
znyG!L4n9QHlf>7h8S^-~3Fyrhj_OfQ)DlcU&A<i>#Pg`lbRRW^sr_8uy%K_2f=sBj
z&5qTu7*@t1s2M$kIwki}1A32Xbp8Y5xV&qe2lWOkj|DLjH6u%{hfyz}C#ZLQD*pae
zyF47#u?W=6EkbqtH`JT&HmU=G{$`*BQ01FrKH7IC63`~wg(`R!wRSI1Gn0US-@+e@
zqSmquCdB5b8S9AZ_z2V{+=`m&Q>c3WMb(=mzRUZ*$cNq~LytB~a{^kUpHNe@2$jAC
zHG=b~7m{BBQ&BQ&LDUR=hiW(qb($uk-V^h&Fm6EAe-|~N_z6wCNJ1CuPeL;i)T2?T
z9?wNh?N-!rx`EnEFR>)L6PYz^hH;2TqIP$GEQK3T&pk#h)fdzZ<qj|dYJr;Zp94JR
z_$(qpJ^K^&`SeR{(hFlK@vf)}R-pFAWt*NLiRnmX)CgOmHsJ`=8+00K26mx3_yX0z
z97$c?_d`1m0Zn;?btr0t(@|@75{u$f)C^<}ba}saby3G`6l$qfp&O5&cjTz@Ur?{)
zJju){DvDaFD(FT}8v<%z7;4vUL+#@0sHJ&l)3YRZdEfcfP&3gBi{N6^$S+|<{EV8(
z@+r(xc0-jPiR#F&sPcP|&FgXgBA_Yv2{Jt{h^n9!PR4Ply^uDg=};xqXSyfq7;Qss
z(!Ws^rwumezC3DkjzOK0wW#;X5gY&8E9Wm>D${UQR7Lesn`Sub)w~fk)jLpYdL6Yi
z{;ADOWkWad@~Ek8iyG-bRKp`t<rkyYelM2CPne1Jow8}n+O$D6*c-Jc2BFUVWK4;(
zP;0#bHL_Ev24A5Y1Jau3@}bhpqv~sJ(>tKveEm_IaWZ=JE<Qv+72icS`i7WYoCS3(
z3!{!@HPq6yMQyGLsD^f;K1LT%9lnEFqQ|J`3Z*k0tATFfEm0luq~rYSO%+XorhYeS
z%ATPbNSNL%MM+dcKcJ>^2qwh^sERhCX6!KP+i(?q@dk$D9W0JHG8kK9S>m%YaQ^ji
zxkQ3qt&dO*`MXWeGol(Og>I~e+5^2&=XxHh!)Gu%KC`CGXv&pE)z=B#I1F{VmY`1C
zZVv%Hco$1z!c1mu!%@4rGit<>P)oEP_25Yxe}$U4<e5!96|n{JuBatAjGCFGS<DM3
zGipZip^l{|ihvqehC0vtQM>&;sskZejTKN0cfxWw0oCynsN?$vb!xI?GgDj__54`W
za~rTJp2td<FT1y69;Y_}P01)!g^N&Ab_6xGcTt<p$zk$yqc&xI)Y5cDosOaC##yMP
z+>V;DOQ`zaqRJ)9Y3k33DfRuYNI)NhW~d5#pkAS)Q6rm!dhjS}W^Q8z^vh*7X%$ol
z`=H7%#2zk=r;V4(W2QU;Ka#%%HL#6&UCuSycTNyc2Uh1ZJ>P>m-`7#c)0N+(r?ZAy
zo1!Y}XPu5(!cC|b&3!C^84I|)f1%L~)xlXdeh57(7^k4AC=3ILe~+4puBh`n95sb=
zQF|p8HN_WE9e8cyfrU&wKWfv}M6G=*>j=~muR=X{rV!^}o8%b@dV!=UY|eE?)Djdz
z6|9VEupR1KFcj6H)u_F40QFhEY10FXn33l}J=X#C+;G&cUyFMFdJ)dQM)b~R1Q#_K
zRjuu;gRQfzTTl(3LOuToHFNQbndeiY8ZKz#bx=#(1vRrC)br5_Xo@zW*7_o<!k4Hw
zV_<Rfc`kuky9kWLd8qP9OPE)69@I>QqMmDl`h0s(BVL2r8`m%+29`8S>nTh?4c5eZ
z*cEHxZd6Ybl`<7(LGAJysB_*IHKj{X4IM|lvfrVWG+U@y>zb%HW)y15=c8s~J2FEa
z=Oh7bvM1I!rOl7X^r%;CK2!s3QRjXlYHut>H*Q1C;Gd|5zMwjgql`(fje0}&MxCl9
zsQM0}Tj&23flv}slr=s64mFkitus(BlFg_YIExAKGbX_J<;)VLK#j1vwF7EX4nfV-
zX7qlXP&0f36Y2ct2{UV067?~vit1@I8y{@rlTj6IvGMB|m$<9E%V~!3urap7vbYm9
zun(x8c*QEXy#Ly5H&py6dWsWpDw?S-f&N6hq1HYMwKsl7jd%@e?P5_KJ&szs8|cQj
zsHsm?$#kqNYRSS;^)*M$WN*~&pH_+UUz)%=5;T>MQ9XWx>S4ifv(_C^o9ibmgsV`$
zY_6eZ<UXo{Nh+HqNQ;Sy7efso9My1p)T?|1s=hguJ!Zs5NGMOj8PqE?c@^`@tciN(
zk3*g3b=G6nN2nR`uWF822x?|(p+?vWHS!-($90NLUx(VXhdcx{f+wiW6;#b^!Z3_O
zyc4Q|2-F*L6zbJF4a?wi)cL-L+SNhT&891ln#tZ+3^!mEypQ!UUk#V{KVA0>BT$Eg
zQ>d?6hMML@(H5%_kH(~U8?`rHqB{BkHPWoL%t(r(ro08JV_i{Gy$W?)e@6}EJnH!;
z$lmZc!L`kr<wb3ls;DV#iAAtCYOPkHI&cvy;SJPz&s@j68Ec`YbRcS~7oqZZp=S62
zs-C3ZnRd!z2A%%~1T=+Fs3~5Cm2op>$M>iaWUOmCS`^j6?@-6D1FE5JxCUopW2{im
zym)@G9z_l418QdS*LOKJbp9(7&>Lzh>NxE~y-2QF|3!5muz}f(SyAV^Dkj0vsOO?l
zGq@48X%FI3e1w{ri4D!Bj6sz@fgT0!6VUGdiWxCoBXge1VO`>_QE$Y}sPd;!yZa%k
zqdtwzu}p_L#^0ev*c{dINYrzqur@A0H$H33`PbAXX<|B1617H+Q5B6u{f?iE+C0-y
z9bJn$1xHaGxsDp~Th!8|X==*nM>p{*s19^O4R9!GKuel({`G?RodkIkwMJi1BP-m@
z?1|c_<JBA|<7n)TshXP(k3voH77WKfQ3K1+!tAYTsHGZ!dbN+U@%0`8YIrwlvt38+
z);QmrDb0tfxDD$2KMHm1wqh$hgnH#>Z)qB;g?fH4s=*c3Skz1&viZkQGvIkmKvNUg
z%KU=Kg*rYZa1}Pda`*+ctIM`_IU{f;YKGFbF*8;Sw-E1&>X5sw%L&8EsOLsw3%rRs
zU8UQ(oGCj0!wJ+OA*j81paV7}zTEl=^}?vv!R7SAL6{Anqh>7S52nGgs3mHT#c?tg
z#KWki_<%1lOGgIi;&0SDX$Coeg*%%mo`%{?+fXxb7B$t+P;Wq|i}`bXAi9aB!T1=8
zn#yq0tF|qc#M#z!s15~mHE+mp)Dks7@8ACqBA}mC^H5*6qo@Zyqt?7=H}gtukJ_Az
zQ6syAItB5&n~zoqYA-cJ4Il~=;$+kS=33XGPSI}k=-6B%Aitt^XQl}AKxHgUyfGHV
z@u(5*MIEDeIE$%F)5FX_Oi$B+)2Q?R991rEFEb-KQ1!G$&DgA7oc~|~TW!J#)VY6*
z8rd7vM<rgQ*`&d!5f-rVI@V4$eJHxgUx<2sFY1kW9<>J^qdJzNw@J_4+hdMNc@pB0
zQ5RLP8EOeeU{CxFwR`hMxtx|b4x8X3tcn%-m>17@tU`Ptmc@st8Oz?+oT8Q(MtnY2
zz?&Wdp#(DZGn=9%79c(v_24$tae9v0-9i1$u`7>SvKFXK>p`7{*{Hp=7qwTO;dhw%
zN3#@BsQ1ZC)C_rc63|EJBx+4+4=@dNMSTsUQ7@9Es1a?kzCvxnLO+=X+hcy>Q&4+o
zFKX@oLTxtxf#w)zMWug-bj0IC63|GZQ6t@9<F~LBao<7a6<Ze7!EUIIjK%qQ7{_DB
z!7lH=Bl-$U6R*nB*1(b249{SB%rnGvI0AEO=yM3D-~nuafkREfA5ig?sF8ifLYQ}$
zS^L&lm-u#6xrD>b09s>P;-jz<K0+-)z7gi@=RwtX65X2mF9hmghLJ938b+d~DDEh;
zS#qG(zB5+C88&_swMi3>Hk+;@mLonM+u<>+gZamp-+UfaN6w+@$ugFuSAhrut#LPM
zb7UB2*0vJr{P#sQv>G+FcTlG!!+6uNYM98y-+-Vt^RS=ITJJ`G;*Zb=Utk7&jgv9O
z1kV2r0?Q_t-9BQXnc|(O2A<h?s!1;IzdBh1Ymt5#bvm+5HdFdNmLa|tmHrqtgBhoo
z0aZlpu}-KxHXgNkH%(zv=)t=r=*5$9sxc3?BwpOcXId9wLekgT_%`bws9!oKt#?pg
z)qhbhxFple=FN^OR|(Z#6AuARQ9BI8t{8xWY<xVb;5>|vD^VldjM|Kkumy%pH&g#3
z>fCQdE!|@*f$3+MP1hJT6Qfb>c~%q9`TPx2;uV|m0@V@UnP!axu>kQhs5Oj0<xfP-
z$XrxCD^XK_(E1QH<q4wAQWQXaoEjoa>2Z45ggvP9eiiisNjb~BB1@qf9E5t8&qMv}
zjzKlJ1GTv>qfW_H)O*5zHpdIIpgItanwhSsfh_dKJ-iqQXsY7=VqT@CP!%=6iZ}%I
zZP<@`Wu8Ed_!fra6VyAu&>U0o0Msja4Qj~_pqA<ss$)KLO@}gIM%s76325p&S_fk;
z;xka+|KCwRD4wGmbIvnUTpjf$?1mcI8q}`7g=#R_d{aIgb*z8DI5^(Mr=a)u|E~lz
zvQwxjzJuz}J8O~!rUThfBWsN+KfuN(pmy~N)NjI_s3p9JIt3q4OO<?~nW2KH0kvJo
z`PXKdYcqDEI`AAdf;fxJCM$vZ%vQ$QI0-dFH&7jlzu3%3X3Rl69JR?JP*Xk*^)Xw4
z+DltdGj@Kl#~i2lOUwgd))rWl0{u}_w;t8dIqOr@i2RqDnaGM7X$fmx%uBorY6)kd
zKF^0xo9{U`Mz?2~N$8L2*(ywmM^KyW3hLMHeN;sO%gs41jhcaO)@W2m_o0^H0j5Bo
z6=r6FQ5`6Ws;>=duXx4~(3I~$EyZcnNME8G6RkAyyqK7H6;wryP*XY>-8ddKfVHTZ
zIgWbKJhld`G94~}I*!eerSdpK3Fx@3M(yT{s0V{qn<XfLdM`wvj_E4Y=DLphM!43P
zy^<T%v6iTr7=@aFH8%b`YJh*CI^e%nan4^}0(zhhYF9>~DqfH2@iOWs)mzk>W?5%O
zS`XEcNYsdDqMqA=8qf{YW=yc&ygv$~W~{We8kVAcrx5`iw<)N1@=8<>cc=i~LXAA_
z2GfB$*qZnt)LPy^btKM4(}A3*0oAwmM|FH2>W9ZM)J%Ou@4x?-d6OAIHPr8cj;IP_
ztyfVGenoB0{F_Y$Vdzi16IREbsPF$y)LwXtei$5M1{i`$FN_*!{TO@xJCL9k$Y@M}
zb5J8#j_T<#)Ka`ctzoh)<|kVb)Gi)^VYnIN;Vaa+|AaavskfTbQwcTGy-}Nf+*Z!N
z8d^w#&iet>i{m3|&4Yh6$FmYDzYl6E*Pxc@Ppp7ntrcQT`bg^<tV;eF)C{KCW@fB9
z>NwZ)5KxbXq8glq+WiMmFO-L<5xTaUkrzhIL_^efJ<7({p?3Rm)MmVm+I(M8Z_*q)
z%#1Wg)z=@@o@cd9xP<Cq{GDd)OIp9jTBHv}J#Y$>;3w3~CHl>Dv><9`s-yN!f2@LY
zQE$9^sPaL(%s@&Z^?95Y1T+<6QER;owX1Jg{db#@<U_4xV^sby)NxydYVe%(EozUX
z-D5Ue8Pw_d9`(+jf;yfDvAE9vO9C2MuHVgX!N#axyE9NzcLFst&R)~O0;prz1U2Gm
zsHND8dVhSd@gn<7N4ujsJ{>jCJ*ZRg3~SQ9llTv_iJGGtnvd%7NeoAy{pR<2Rn+F3
ziW<Rs)J$B#>gYOP8mNg{<DXCsue0fwu?%tlgXXz#^pqx{8v*rb6>5!+pb9=ijV#Y0
zV+Yh;n2-8Z`vkQa{SKQyU}VOI#QULk{Rz|(r95JmBn(x5Th!?peT4I`-M)?lc^Wmc
zSE${a;i%cQRZ&yk0kxSHqSp8fs@yA^9&*flq-vqge+$%%{fIgpGf)k$M!j!NAM==u
zdnD+A_m~D#9yg!gf~X40pz@od^84EO6x54kJ*p%7QG4krx-rcO^IRyZ15Hpf(jB#F
z`S1Uj3U*>V63(F3><SjcI48}nEsff2y--WF0DW)|YDD`mE<VHr_#CxFA5eQF*(sOf
z!jh=xLs6&A)0}{&emLrQEJyY1DryscMUANNY4f6Ljrx7i5A}kYf_i>6YUxg(o_~+(
zK)N$#CW@ju+6cAD2VxwZ|Fs0Pi8iCA=nN*p`>3A3LiIGwSu^4as0PDP<vOAEL?6_i
zSdKcjhfy>35w(ePo-=R8wx}1_5G<$jKbe4fej2rgpHRCr>v=O()luiV3l?Jzm!fxu
zE|`&gMJ-wWi{`mzs1bTlGq3@*hYnfqqV~*JOhNlj&?WODG8d{NWl(G188!6_Q6HZZ
zs44foY?dGdixV$~+Efv!b3Y69qB)A{z<UhGz(36lHb(80X6R9%4S_)Hgf(#hHo`-w
zDNKLG<kv)Xpe1UC`k_8vb5T<sgW5y)Q3FYP)yzy4R6UWXatl#QdhROcUp@Xvf{s_-
zYi7->qejpRwWbSg`aV<zk5E$_a@~xuCTgbIqjvWcR7W<U_Q-wI=6i+u0h9WMnZaB)
zIRDz^m25(PR8Oa(*64TCT3<v><p*oBn`RT{Ld`@iRQX7oJ_a>_H5h<bP@DN7s-sD6
znHehWA)wvd3H3%Ak6MZas9n3s=08Sl&VbvdqGG5$@;z!vrlUHt4%NU})Y5!K&2Y*)
z<`1(~Q7^Ec(GNW<2&kg9s9k;+wOiBOH6tjAs-P39;$Kh|A3}BT25O|i_e{CUSeAHy
zERV5R8sA%s{bl}EtT!^F9%mZ?ZHCjRir=A@Ajy5R>&u{ad2iG=U=8X$aUa#ukEj_8
zeqcU2rBG`<9JT9LVL5z`>RA4VW=SJ3m(KrG0y;jsP@C`pY9{<1nYAm6$%xlPO<gNg
z2M3@=xDqu3k8OVH$7UvqpqA_h>m<}M-iGSPGt8;;pZ9O`S#6A(;$^6rIE$+I5hlV^
zPt0k^irSP_P!)DXP4ObsQr^HJ81&SXpNX2mZCDfkLCr{+XPkc>qd^3;1naOiUO?^E
zEYHoWxdv);bwM4+NvI#0n@|m&LX9ZyKPDcI+Qb7<^-e?`+h0-jJi-i^_yy-*Q=jjJ
znW`ojpZHMJM`k=~Etg>hJci$4;+LkvR;Z<!ikhKisPnxU^<w)2wO5X!8oY^mRewb{
z=6dBZ4cB;OHd7R;;AGV2cq6KT?Kb~7sv{3kGm!hWS&C|?io2uA&%*S$2DM3#qL%7D
zYKcSMn7vfZLqIQx_Nb9ZqLyGFY6*^^_QFfl)W`qVyohq6rnVx6Vpr7Eu0U<x<EW*H
z`_^pgGN}5Rp*lDe_1^GIC!iP4I`qN4*8NzS_#v!>iQk!u>th)438)HAqIUTM)QFS5
zH#3qSb(-p<@_V8-^K8^i97dMd<9s2YJ&@{y89@cq107MvZ8B=NuR&FK%H}^oePn_@
znm1c{RJoC;k*-2Fo<_~w3sm{!pG<l=ETr?_nt;}B8g|3oSOar^Hk+p(YH5DPhBy=T
zae0Dn%=pEOtOBaxUZ_(w3pJ3#r~$sfa+vn3`Q|jo^0e<vBB1ko#+sOg&`4@vChUP7
za4Kpk-l0B5Wn4bq8EJ^>P$cTP6{w{+hWfZYM(vUGK0e+VZHC%YebD>g|NWVO8d`#G
zJc!y%4^UH{$k#lO6Ll=ZY`huz5$}cm*capAVAM!Qpvvz@b?gS#MIS#O?@zV{em)-W
zRE;D-J=}^eETn&M{X^}y*_8(f2l;xF9Dkdaj=V!Q?Fr$_l*@=IaX&@tQ7$=gUH+sM
z<8Dg%toZF(;>Y~&C-E_f<9VPP;hDC9JUl#w^zSJ>+cxy=K{=SThU7P<Tze%D9}h3F
zxUC~2akaObG#%H5c#4D!++!$n*uy^xQ^6!mfTJnUny{`g;+K(kjZ=^C8`Z@1j50}>
z=Wycs<@*emlb?oiJ5g6B?r2-jCd%u2PhNeSzlUf3B<%Ttz#kNhHD#PVw!mG|byeVA
zMgD8zjctW{Njpoqom3nLM`8*4oSw--*(Ib+B|M98H21eFiogi+LaA$mALp+gkwdoP
zLElPY7w+>sc$<m~*b0^sZekm{L_R0gxx@3il8~N=`yAm>q#xm##CV-}S3FF)&g8$g
z&kyuI$NEPTSVZCc+=;l`QutR2)hC>iX?79b$NhtCXap6GA>J4Ndz~jum)>rvbPTvU
zbL(i=rA}SG)KS5Pw-N8D^RKhq#3mAS(%ObT+6og}my+Ix@OCVROL=BIo%H?Bvz^FW
zph~y`DWk7tGs+yHOaSKM&S>lJPMYT!5kB|MP41OEu#R|A!aXRcYmLF#LEcRAj&Pq*
zMZ|pw_n_?esOy!%DM;Q0%J?x0JIMP;dTQcJu(mCGjpw-d-+v*4Z^!?yUx}Bn@kLam
ztFN`V)ughcDVvwHWmNhTiL3BmZhl{QufhB?x$3viT_L>=`5#E@<t@SdCm?czJHLG>
z6XD;vuXF2aidAf0W}DWCO7>D|PSX7e>$_2qyxW+7QO6^Elk|?n?{bfzTmjpOc%)Y(
zttIh`9txf!Fpb2Ugj3j!vw#O;NYnc}E8!a4->!rN%2T!t`R}-YBhQC>KK1Y`+j**n
z$e#(RsqdnFHk7oy-1`3OYRm1pr^5D%hq3>OEBOlXA8{8C>eBoCZyU}{#aGGC!JUq@
z9`@M{HopcApo8Bo{W;<xX~RjIL3k$LALlnB3%Nbqhsg|~$7`r~5%Kxly7t=&6)r`1
zG3nR2f1<&-+=B@JOS(SKy4n+-OC8Gyw<3SLodNIH$y<UtC{x0h^`A;0A-ArdY{5>%
zGxMN+v4q>SbHtz0&}HIFxF2w5@IJ+;$kUaOw3d|VjB{+A`YoZa=oD^#c{{Jkzks@0
zX#MYzpeq~UuO{gI=Q1k&NZv>aZ?k14+lJzh)|<4nl&nv98tGM0e?ls4%la^rF79vF
zLDGFF7l04Bb8~yTlRKY#29dkmy7*<~y(ZguE#d=6xn|=@sq{D%l_6dO%h~eDu`%T;
zGLT)Q4<)|?;Wvcma;GP(D-|~44$=Cz<01V_(lwt%b@&l!lWbw7Pa)n2hf(2UC2&pT
zKF+<5w1GH^21Zlv+f{`44eoQK>9@tV>jd>a;F%2EUG@FfRmC=z8xNZ#=Q9uM+R6Pr
zmGmO-2hv)2Q_VjX+A{OVk0hzDt*5#zbCUc!+&yUQ7n`T77u=0W`(Epxnum+y2MWgg
zr%*NulqTMs!W9VXDofdXgy-3~(vEPyv>j3WJa+{fPl&y#;|#vS-~UriWjzB)SVyHb
zZNt^6cqD0qNc-<KowV89)yVHdMm6pwJk#Jm9ob8~j(sR2;q=szo45w4tFiTG(svV{
ztM%7)oJvMhd0BkVJ%9p#bMGSjh=M~Y^Cxj#!NgM#<_|cIAJ1gru0gqC#QWF=(h>fN
zv}5>`XWA0hm5s7ZFgx+3m{;w8XCL~7%<Mc6$o=i=syrKyR?t>djr2Y?eFD!lBQFhh
zBmFyDrYf!>-i7qkHmwQv<o=6ii{S+inGLvg?ImHf2|6cn7V(7KkGcD+BV65VS&PHp
zRXA743nt+Z_bK8fi1)?MJQt7SG?4gd;>C&UI!<_)2|6X`5YV4azFjlE)l5RHec&Y(
zoZ+ET+?%+cQKsCqUJ=Q?t5=uY>7-WqRt0vaL?BN`aVI9fKklZ?6Y^FNo<n{n{FSto
zIGgldguh*5c_yEYr?nR4nKY!Qz^$Ye<!>*%|MpNA6=bu8u3MW^NY^qRxPvRX6OeZd
z&r`kwcP;LQr1?{}kS(8y_(z`kc1@wof3Mayve4U(eS6H{fn-#Wj6@gVUn%s@f1e`!
zg1lSYl_}SfGSj*B$6Gh1B0Vk6rLpqd&A89nhDT8*mi(dQ*WuYf)Sp%(N$aSCHH`b)
z^@k0Vv7-sLm2}1ilv{)Ea4h*{sGv3R&GwnUu`c&|`)oAspzJ{#SF!m#Q<rCwU_bPP
z5J+VUOrXFYgn#7jq0;tBM!^N7^|T#LKwN)L)|Hd=q117Tv=zjkpqslg_h$0$c}uYu
z2<!ThI*yW8llWh>?@YBB2~57Tn#{>IEZPy*72lRq_#e^|(P$F<nF?>&GRo66o_H7T
zBqr*t;o0&wEavgdEN`6k|AoM13UB28k$VUg^EZ;-f1yuhTG>&DsuI$5T_dd*Wh)ad
zNq8^mDTt4t%s#?rNH0hH0eKaPmmvO?ym1(VYi&IVJ)G{NBvvOOi%ndmN^GO&sHBBW
z&r5g^c~!Z`lGcX1J!z|nPos`Mxx0~86Te-B2=KR*-piMA(+Sn4?wN$AaC@?lu$6={
z_ymVhc%yB64{2A4524@=jHIy>q?INA8NMa1YYg!!gs0htnh;-M>sU`(ZJv)$xk}#B
zeE98i4YdBc){`)gLIWurz+H)lpW8x{NY6-G1a}&nc8UB9q^IUS&8_P<?pV@&Y{N>s
zLU=Lx?Ri#LZo*$}I4kk^{OzUpDr6r@OzdY0jiaH8=x?%}ri5=2K1#WoRFItT7Qz9T
z0>ij>QzkjjWx`0}dnh-Sd=FM6y+7#-i6`QoY6s%h*P||XZ4&cPunOVr+_MPlI!5>y
zm31PXnTJwh5b*`vxd=y+uWJr@;|XsjUDqeuzzduIvyHd0`9p{wCeO3pCTzA17PP(~
z{kY95O~Ims^Kob4!A-<Z;7H;Jur2X)*pp{hb3dX3?YJ`#PDU9G@*?r&gx8_2Ox#zs
z{?*A`&ciVzY*3E9hLQg5ifaSqNxMX)hitqV@gVL*oT84@p({I$=;~#kUu~lQ|7S|d
z4Y#ql{Oy%<mx2vd5s6)>{EDsU|4$I8&s~u84%nKq-3eF1THN0*e>!oC_;mYxQ|h`y
zXHrt2823e6b^_^XZ8(YE|69oXz(ZTOKiS@=B3z6@>uf<a($3~7+??=f+t78&j3n*e
zfAZtf$Q#n0U~TRPgrAZhK-uBwM_LqN@BaUez$Xg4C-K|Wk8nrQEB_~LF!7T#+LE*b
zRPvcS4x?Ua%k<{qJmmMoPL$0_{zvkj+e%Ydci|h#74@b4w?x+3k>s%jc3byhf9|p5
z523QTHa&vMFLS@NaWRQ|7HR3Q9VX?OR?6TS!hMajYuKFhDC#OpxR3ty7(zx%BD(6(
z+opI_BP9J_?r+y3(*EE<T`NdW&d3WBA4P@#U?{#f+0HBbTnC;x&)u8&Tgp7fUBq=w
z#Em){w|UUdR@~8Msz3+w5|gJZE9M}tupS~_!ImFv%m3^x#b1H&On355psv&0=ZME6
zeuFyVaO?jlXeVjgxIOPEFx*x$h=fJNTT$pGX$9~K@qVP2!NsIaBz%xN4VCB$BkdLC
zbbTegIq|&Q*=f*?x{?|kmyP!$Z!l%Ky!+4DPUs8w0$Y)Cwo!N+1#fb9rf?fPOWG}E
za;-HurAXIxpE5--kd7rK?SeN|e<RINrQXRrn~Jm;4Au<b7_I+Z0&z*mPi7^;x?1qi
z7Vh+fXOLEn@K!20Nq9C5T_xPxmR0$;<m<|52k^q0-`dEQEoq85tIX)l_?wZriG-iH
z?^EC`_g3z&JnT!yT9Y1V9}KhR`Bnk(a@<9z!_PK0kN5!ckJwJxN4$)qTvy7K#>$lO
zv?7q1JBWrR@<0v}OHv@EefT$PV)AvJGI;-kSp|oa-<D^-s50Vrs4G6t?<c)0@oL2X
zBEFjZ&x8wb$0hD2kIUmcvJHG8aXFbMDfsRBk$4pMCK7Uyud6KO>!?Bd+;`-kCB6c6
z6|v=hA->0k?_*ZVAEI1(ykX0>(E6_<(U*I%dERM2W;|QKCh<RI#fIa-*QEbO**0WM
zA}uN5{-i~qu3C7&J{w_@oMg;gDay_!eH?YvBK<!8N!dC2aqyPAJ_RO_ke0$9D3FNw
zK`cq$QqtEGE=*b+!sEEVT}5p82NIUs#J{M#I_VoI|Lyvl@GsoIlhB_0RXCb5S~Bmy
z=_PeNATyl%R|>zO@&8_blm0vDlX>uj&8tVa3-@VmT^mWiK$#K5<1?7gCfUi1C3$`T
z_g}W`bN%^mC<)&#o^zfPk05Y~dm06ED3NQwZSW}hQ*HQ9n^%=`;e@x?^iP!8p@(eU
zKiKqx_&sS~@Qn9a@Ay^HT)*3b#fd(mKqCqVFp58HL-B3T|Fz|x+jtpk2<1lE@ItGK
zrYC)~t>Yo_TjXt^t+nC*DRhwnugUC5qd{aY<KAxb3z2t;^u8EuJ6V(PZErXxU(bGV
zr@8x8jJegXk>51W!1FN?g97{lBYL<y_2?ZH(WZL`cgN0sJ4D1p4(*X<+OfF_rw#Zu
zAm;bEq48tFme=u}_F`;M%>Gqvvd4s;SsH)Z=PT!9e!Y6aCuYHoNj}rs-kuVZ<xY@a
zy2!{Lk?wwxoufKObaY4ca7T6M-m^z!o5&yCKXmREQ}F&n-)Rf?l#2;|e9jepFPSS<
zOvxv~zSBBCA089*&kwGc#V^(-ifQ#F);G4MkL#pwbi25&KC$=Wx_0@+u1)BA<BA>?
z;0p40_wEqcw?ky?tN_=-WYPSu^Aw29kkPfoC;D7wS9olxEUxgB(eF#SzKcB=>M9f`
zx@vjXzp>3LxK{b4>KqZ(A<EtNkL8h3y(8N6jc~V#(3qoQKUQ}2Nf+C!gKJWP*gQR5
zi+z17_lS)4eCG;|4Ty5>&J+7^p=*1B=)G%PA7W>(brtiCeX_x|#V7jOX4ksdT`?}d
zIMJIbx{@c4>fFuUy>t6+9U`MTx9{9hqmJFV&DG7%6%}1~f~)$9?7Lh(v7Pt0PWVRG
z{=+pk)^ERSp)2<M0atXA*kKo3IsIav{pp(F7k%c2Yd~zXo36!iW8>a;<?x9PeCSI1
j|B>f>=n4vozWmvhHMZs#S8m_vaW0=4vF}_y7n1xB82L-A

delta 31845
zcma*w2Yij^<NyEr#E!iQ;TREnkJ!Yny+<h_M?@lt44XrXmMTg~ORZW}qlk*CmeLxn
zy-KU4R;j94Tm4_}b6shDKELnx|NGsK$DQZ3?(4qxIf;Hh-#gPXA6lN-`%9km^Bk_m
z862l5<}2?wSu#0Jwr)ywoT_n-QwghKee92!U5>L53ld*3+;I-z4$O;F;~l3EF2LfL
zf<^EIs{UKnYze-&*C}TLPD|?`tWLp+SVtAu_zi4MyjY^+RK`Kr2Irv4okL#-k{l;1
z@oK0BHneuf!o-K6%Dw5+OAl<q*Ql2NV&e}nH}QNU9H#=7!7|tdOW|lNi;Gat?X{jq
z_52a$$3i1byfS7Z-T^ftuVPu=?~Ej%3YKCq{2X)P8O)B?u>d|qwLHft$0>~!P%r3&
z${&ns;CKwc6<85>qMrK$RW8eD$0>ns^s0hT0(zjAHNiU5y2kpA^*rXG{1enrXCGr;
zP#6`jjrlOtruRhkI1x3Xv#lSEalF2sZXqFvjBl|p-axfD!&qZUWL-Lqu_O+~e)tXs
z;0?@y8OJ$JAm&Fkum-BWmRJM_pn5(IHG+%BG5#8&JtPF<ZCkL=crzt6Q7>qZs$d9)
z;$&=y`%qJsVS;H`X;epAp{8OO>V@yw^sT54oI|al7hVE-aVZ+&#<o}#qftXR&Bhno
z_!n4^^rNUXat*ZzAESCya-w;z73L-07xkhzEQar)%B9%2_lylZM76ZQB-4Np)C1kI
z3MQf|T7epo{iudqLiO}1s^=wNH><ogYAtlfsu+gq*c|Jp$jE!0g9J1JkFh3}c*Aj8
zV-M7JSz=v>s_=6R#BVVRUP4XHO)QRCCYzp@L(Vj(A@;;(*c=z44zvqcmG?V2rkDez
zG3r2xK`pjzSOG7g8klpcX;2;1&^JeoKzGc9!%&Mb$>vW+ExviEk^B@ja)&V^UdO_`
z-?>dd`_lhS(~}aYiW_1L?2egm8ft{zMfG4WYCGM>V9fZI=}2YFOuQeK#=)qOdK<MS
z=Aq7&HRx5#QVD2oPNN!f5A~q`H1pyr*qC@7R0Bq0JzR%+{x{T=WSnj~P#V?qCYTTV
zU<k&dM(AUkpE{lKSHWW>=*2fsbLscCS!~6y4DnDbi;*@y2h$V(9QA^)Ff*P&z2F?y
z!5df`OU*DN)(17BZ(&{BF@y2f>U=;#0}Ou0aoS-xw!%%=1RrA~tT)rFiP5P2zY=re
zCCr5PP$TlxrU%S2`@KB+linURa=lO|?_4hdom6X3J=uY!@EB@t|3X!mX||cWGN^L(
zuo8AeP1ShR2z-PZ>b0nmyNs1F>$_%A*TWLTJy;dJZxT?!ZCDY{qoyR=95WSVQ0bwl
z9>iiT9D{1;M%1D@iG}bQ=0ew8v&!>eN#cd^eQbcO@svsTI>p{IbK4ZvlcA^{&cYVB
z0;}Qgs39vl&n&j;sO{7V)!-=9NKHYFzzWQZKcjZj9aOzp=9_b(7%tWRZ$v<g?mXtf
zr#7A=*~H7EUeFNr!k(y}#$zbHjrs8~=ETdG8}DNQ%t*I`Fc7synxPuj77J+q_a~qR
zj6luR9CYK?s8xT_=4buDqz9v>qBZ(qS5$>PPz@Q1IdCGXA+xYBE<=_30@bi1=q*Ix
zDghOIfjS3rFEBl<jD?A}LiIch)xdG6iq>LQ+=&(NdwdfgVsG>=<dDL%s5P+kLsS1A
z)YM-1knt~0pv)q(2wS2WG7QxaFKW&{#6aAHDt`nuq_?mf=3i_^rZFmg0IHs;*b?8j
z`RB13ac7AsSA7ZNpN)7g60)NQ(_w-wFcLLXi%>n@g6i>pERH9UI-UEd9?e~9Jd1I}
zi!U<`n~mD8n~)vtoJTz$>;1?aB(ty$35T#N7F=!)oG6?`{1a?|6<3(;7l|E+FTw8k
zCu$^`ujHFC#-Lts9Gl}^EP-`anQhw})gbS90-C$Es0x0-GU!^(!o#wd(M7L6<{K;V
zJZntFG1i%=MYjR9mcBs^{m-b~a0_)Xy|DS2KQZwV$fEZ;<q4<(El~$eJl4P^SPM^}
zhCIt!Gk5t>FKmU{9sRHrPQ?oN36{juHvZVggVvd;XpNf6NNlYAKb}Ak314CWUczkn
zH>w9&*BgtV)<Ol;;tWMC%Kp~z=udnhYL~3Sig*guP`?eP0TpmOBias&@_y&LPtA*e
zL#=kdjb_^w#45zAVO0#nVmJrYgH5O*{}$8ZFQ^7zLUrICs+_aQ%zZx8$kn#CL*M=%
zNI*Rqi>lxQ)JeDoH8ML;4ZCR5A7U2b{+rEQ=0i0s5H$r2a3~JJws-<tV(}CcAB@e2
zZ%$$SRq+E7nqbx~W{%roCE^pXF0R9>coj7w1wS)uqZI}dACDUHl~@B$q8gNWtEnd#
z3li^+n&M%YAK%)__-k7%CZRO$Le1F~?1p(#O+^u??KBnh;3|y7&rxfk)HY)i)X?|C
z+&B~);yCMeR7W16Myj0mbJOzf$aZihTbE)X;ycidr)>Oz&Cj{rys!c)zcs37kysli
zqo(c)ER4Tmb$p6ibCthfr=fQPfkp&M>@Y(=0M+6-*anYcO$_+bj6_G&c8kHrDu+5?
zj$;!n_?0;Ud!c%`7^~rT*a4rR>TSEzr`MTBKrKCwT`|Kh^M{7s*qHb{Y>lT-YogfK
zW`DOsrN`nl+=c-dy4!p#_rr3;m!cNicQ&45j~Ve0Y^1S>AfTaHh3)VxHpDXDm?JkF
zn-E`yTE!PpFE013IeO!<H1YkY2Hr%?agn{ocBl~?k3qN@wP??v<8|?4pJ|b6zgc8e
zF$2k+Fdg>5K<tBW;3(uB&ND2JyAPNlzKNxX7yr(5s2R>6J_1`~y6;W-cBl@HM6X)<
z8G*WZ6-%P~p!p1Fh9!s(MYVheR>aL%3(up@i~NVocfKI(PrNqz<9zEf>pE+yb@w60
zU)$sm3Hk6mY7XzC_Giw+<^&7ET*T|5Dt-ksVt34feK8vjMwLrIm79!NaTe;_ScoC`
zJ!-9`Kf?TLD0&?+J(`c2tAkhpT}RE?T?w@vdteTXMKyQ=>cw+0J1(_uKyBw8SQ*dQ
zc&1~fW2I2_)b$cjOIxGnxGQSNhoc+kqAJ>gMe(SO-^5VjS&o~NtsQDg!cpZHpnAL&
zHIi4c06s&FT;3C=L*4)aek9buvRK<@^hY&l6zawEu_C6R*1`p>ju}syk*bS&kq6a*
zv8V<uLUr&2=D}Z3BXtMs>nwUfpaBW>Pnp#@3iZO}sJY#RRq;Di&z@p&EO^?KtAhoJ
zcf))bjpc9>mcg}H4UeNv!t_6wgRB@f(f)5pK#O7m*1}X&&u*f6;yz<~9E#eOLr{w}
z1`Fae%!|vcpP^oK0Q2J|tcQ<L4X=6Dq<53N-x+EXCZdLDKC0jv%!LQAF#d?@(S6jS
zD)OTlkylXrelY5V)3FjRMGf^~)Ks2Bjr0?2igkWs{59vJ3FyI(uo!N`BKQO9!F#A}
zl>3}X4@8YnU28NJBEAGQBHK_yeiRF!-_K^m3ZvpRt!;m1{MEyOB<R5eR7G#27TXHc
zVmpR`_z>08{J)qJtuCseucPLCF>1>8qZ<4>X2u7odS0M*MbLRufA{l@zaD&@1f9w2
zP!*iSV)y{nu>2Ry&{x8u#JiyzhodT<gT9`l8h8`~@II>HIe#@@Oe&#9It;ZdMtTWo
zNM1)BBp+aLT!ngYFKYE)M!h)yMe|`(9rfa#s27e$y>J<-;XAM-{)8p)Z&befk||#w
z%M<tZC!jSj9aSL37C3Cv@1h!1<g)2;eN=<{q84QWD*qi+gV&>`@O#wMTt;=kxndep
z4VB&%S<GH1mOv>I=A#<09o2(VsEY2RTAKZ;Ne{tH#CxLVxW6?DHMb*C+i|r`{{mI-
zKGd4Jh$@%!H;s^&FBt^dk}wc85*yHsKiK#qRD()fGeh3QIv7inJ_F0(CL2G4nyTm6
z90RVKp7+OK;*(IjV-4oy{mxGWRM8F0h`D|@A4&yLL)9JA<8ag>8-beBnV1_lqNZdw
zs^@3XA8(=?AE8FL@C`E(4N+6o3%v~qj37_}w_t6&fSR*{f0*sl8ufzCs22}G^<+9~
zHE%|}ct5J==TJlZ7}daXH_c+Kj~c1huq;lw$@m8m*g%3jiFNS_hG5M<&BzQxy?72b
z!Y!zZ?qMbjxMj+fM6H=ts0I(f$~Y3$<5f2Q8_Y@k=Ua@w9=J(D70h_s40&x-Pr9H^
zx>(fEe}wAkb{jv8T3lCA&%5rJ5vhh6(N>rP6Hw2;j+*KPs1EG(+Jvj9A<cT%SOZ%V
ze-$g@3RFeMP!(OUK0*y;u6w4zbx|YK1Kl_eRer1WFscDpQT2MW-Z%R<1l8kSsG&+i
z9Uya2i)Smk@ki8DJVliY{L73$ebi#@fjSrBu{_SeN|=gz@fB1@{U7-1^E%ZDXpXv~
zhU|4LhZ|5YK7%@7o}nr#`p~SESFkqmIIM-MQB&|Us(kiGrUR8wFYJVxs!>=U=c4cL
z|3?U@r_N(jaVb<qZLm6y#=N)=)$?7biY{V3d~VZ2o|ybTs3{qT>d;CI!DFZq_J3-=
zV+LbE?f<?6G?a;`7tTTT>|4}GJj1$J=9y{804zW}5nJKgsI_teL$T;{GZp<&BQX|L
z|3d5MSd{n==nWunpMVPH{M(##RWKLv4p;>HV@({3>e)tA`Ln1gdW@Qyz!&BVM_VjJ
zyf+rac+?0^$3R?+>cEZ{?EgFjPLNOxuVQ}8;JAF>{feL(7=)^@2^PlQHa!8=(3z+?
zUV<92eW-@tL6y($GUb9%<w8*J8{p#iFKsI?37K&ws)xy_sn~^@^LwZl<@a;>R&g10
z6K{)pK{Wc|R8$YAVFp}{I*Qk$Mqr!GKZq*-yO)6G;wI_@^iOA6Ruwg*9Z~t?Q3u8X
zEQw#E8h#m7@jc9mnbNy_Q&SMt@H(gl^~QWS5;dYTP$S@7O+YW+i~5lH1J$EDsEV^@
zFg+-a#fg_k?c-NaJ%~j$EFQDq2dF7nj(Wi%RQW$pyCFA!OjL&&qMP?SeF$i^k43d?
zGiJp@m<`Wj9lVNqQL#*>AuUjA!h`DJ1XMjAqUQbt>P5G(9%kdeTF_!`g?djER?_GH
zR03M1TTl-kwDD`Gf=(8fZ&4PpRzpoeE7TMXMUCM5s0Mz8s^<!7BwhY4-$_^m)u5KB
zsTqW&dA~D-KyLg5wdi)BhV~X}5#2>i%_G#DKgTwhEvw7-2Z<i2MYaev<R7DU)jm|m
zenfTTE@};A&*t)dyq838H4?fK(9le=u0hS!A=HP&W7MuFlif71BdWsJQ77dh^vyNu
z%>M(`k%Bo~zN7sW)Qd->%FRSg-TE9Z{{Bl~FA16O4r(qRqt-ydoMy;MVO8QyP(wN#
zHPmmTD%y;y_<PjB@;mArapkhR0X0Q+P$SdNrpM)C|EmYHNyv`7P!%1v-b9T|w%q2$
zRZ-jQ71Vjq2Wwyy>IF+s9s1VBZ=*)CKpxYeP*j6^p+<DLmw>j}0@PyKfOYX4YVHc;
zHEW<UYIWDddKiUzZWU^ZwxdSqH&llT<ugOx8nt`+p&B+1^=Z4yrh9J@s82$0epA69
z)S7q?mA)6%5WfPZhXJTX*aWrDJEBHlG^&B?Q4PF|{#d-A8S?VhhNup9LPpx_Oedhv
z?=`3qIFI_U$zI58vryE*<3Tr0L0`{N<+r1b?rW%BbO*IY(iJx415x!iLLEejsKxsM
zR?z<6VlytFJ{&Rxn31T2YRGG-xt)v6@N?8qK1a=E*&?QVQ&dCZQRT;?_WLr_kbi}0
z@J-b7MT)wd+1mdt31~6=fLbh0pv(8UUJ<p85>a!y8ddQR*b<+k7H9Kf=0!tL2g?*2
zUv2#c_2OSq_2evW)=Xpc>dcNNpc8EbYEC~u?Seh1p}L4}e2yC0Vs6v05Y$?ULiKzR
zs>iEP4cmiy@o%X5@|Q4cqb4>b9$SL_uNQA3L34K!)u5}WeR>;pE~G1I_H|a&S}2Kn
zK`5$0gVBu>QO_;2>040s9k%IbP>cBnYO$s(<uzw@y;7#)9_S`x1ZtHhqYjc)sQtbJ
zHRp#=b9fa?VD8eUr!`Ow3PXK(jYW0fEo_CeQO}=2HS~^`fSW-2Ak(rS)XCNmHCN%N
zA$<=ul$%id{XFVL*~*xqErV)c3set#pk5Gz`Yf4*>2NZ(z_(E6g7>fuWDIusesO4o
znu_tLqj(nTMe9*5--mj^1$5&h)S4+=)|>;)Pz@f5+D-3Scc98$M%9<2obP$BQ<i`h
zSsT>;3`adU4eR12)Lh>{t^S<lO^<7#)<QS*?Q0wV05x)-qw2YieKB_hGX*iIk=cs=
z+W!X#Xh=??j?jRL<^^q0`+q2EkuE_sV7K)e>cu%KxqSanQ3LhD1k`?Ch?=VJP(%F?
z^?a4e=DF_JTl;?uf#!G;)w04>%!pJ(RoDtOWU;8BorYR`t8D%;)FOS1nwp$d&29-s
zH}OWOsqBv$vGJ%8UxZ$LTy7(v7aT#wucJP%ooc4S{HP<h5~^oSQRU)LBl9MP;wR`k
z;m~)&RX62ZVyuhbDQ)~p4Kw2TYO?>I@?f8ure{5Bxtw#v6HpE4RNJ)NgIWV`puSqI
zw&{DUzgl0QMkuh3u^ws)dtyDDfg!jL8=@1!{#TD0g_wk4sDf)z6<x*bn69oFiQK4N
zP!2VOp{SFsA8Lrlp`Ke{<Eb`&3N^KNQEMhcJ!5$<0nKqon=lep(TAwH+>Uy|aa6^3
zP>U!>eRIInL^Y%-s^Y$==O>|_TY@?lzCumm5mY^wQ02T%1M}fi3{_Dp)LIybI@`zD
z^bM$?JAiu7uc3L)joLMBP|uG+y?CBY-(u6RSe-_uToI$!scjQFqh1`1s$eQ==vUhO
z6x53k+xQ=-HIk{Z8L6VE=WC)yq62EJB%tb>g*sU`puP{B!phqJS(~_g{}fse^}u@6
z*?#~vRA*2__m_=lX=*AggQ~Cv>SH?^H4^Wm7Tp0Xfq$dcj62lSR~OZw9@s_uKZ!tl
z+>e^`0?katl~LQMJL({ri29ze9`(Z0sO{$0+^mVJsI}Asb<|EkP07cok=lbA!851^
zJwV^T|L1IBzSWk+8f1i^uSckZ<$cr$Y(O{eMh)>L)Qd8=G!3YZO7Dd_g2$t_?Rr#w
z$FM#=M>Vu=EB3#JIINW!nhB^AY9XrUUtm_eivD;PHFwWZJ*&~$*a5XzBT*x?5cR3|
z4Qgcfp+1iDw=q*&67?Zht&P{Tu$fJWK(%-@s-i_Uz85nR{~i0_9qftiUNN7VD^NYV
zglb^%wl3d)pxhl5Pr*8P9W}xw+L`YK-Ms`f=lxKNA_>*w_fT`T6xGttP;<5q-FN|Y
z4!GKzh6SUhsxqp+=BSbEi`o_AumR3TjpPYbgT22HPzwV(m^to*T2$d!9p_*c{1!DL
zM^FuXgqni%9nFvyM|Gew>c#C*pAo}Q^-ac1xEY(`cH}(qI?o6+B%xL(^I?*JTBY-?
zTdc=XBXS$H%`$X0BU2mI!`7&t4@7O_F*bcZYEf=Pb>I|gZT*eG+W+Ocm|w9vqblf$
zS}d`sGkYAWfwNFAK7?A$f1?&%`L1Rt`(kb4?_(=Gf?cs-H<$0fD~Q65#J8b7Ei-rL
zoZ$UVTLNuxBId&HP($?-s->4uYamAt(-Sx9fNFtiSU1#A&p~a|HK>k!iF*DNYHc_@
z&6E{D#jBxLL)wZ!P3()Bt9MZi*on<?A8Max>t#MIYomtLgBt4TsQgu^AwG(#=P~L<
z!M)9zXowoYey9<i*_-{}lE6X|g7G4%2mXCbON*fzSQoYZI-p+E9oM24dt!xG&4KfV
zH3ik7OQ?}4)Ys+vC!Q*(gJ~>kH?8f<{?{u0h6H&Y)qp3cZ#Fslnf+Z2a}tk3Jvb57
zvky?^KE)My95pf{Uo(sHLsa>#)+4CJeGT>5kkQ-U?B}xBnS?f|6LBHx!ELD3eGJvW
z8>nrWae&#!bx}QRj%xU;sOMs_1HOfB`~fv`k5COL8D^%)+k}7)gcwYRqfv`zJgVS4
z)GkOtHDoWU#}`mjlWw3XUkKgAtD+jv8P&s~s1D6QoeyiQ`;jT~I=>N6&x#H*i=qx{
zdo{<|7>C2q74CAbV=QWM_4b&deiK^|Ux(`9UDP5gI@nBEd(@HM&&DUA8uBjs_Wwo#
zTD50TL+gq#71u<4H|&ktes5uaT!1=ypP*jk9%7#Fj9MdOtkY2=y1?cyMvcTi)CgV1
z?Arg&31}N-jdVF{Fc=%-G1ThLJ=En)#z@pi{fS!LS)yFd7HouS&^>H|g`>@LeXuX_
z&8S_LbC}C{7ki)%qHE}FLLel@<@=9FM_Z4e4vwH$mopqYVHw<wp?Dp&T`R_!7k5KV
z*%+*YtFRjWf|`<C!(Gl@tcOKh{2mc+MzT!;`(N8-O@bNn!>C1e4>cm$6V1?<!(7Dc
zV`glJZtRX(a0F^-C!&tvMOYV4T5}|shP6hWoD)$~J}b#<PNr=n=quJ4)EdYz!aNXy
zS_5&|5SO5a{%2GV^NcjRqdA5U?}=Jmvr!%R6tm*@s1E#Ky@uLdkG%x6oeGXJ)<fTF
zMLjSHYv3HLg?mvwe1_UyHAcIf_Ziaes1f*cjA=mDvF2PTk1E#`H6nvh^(;b__nsi2
z{eIgfWFBYEgCNwtuZkM7W~f!$1=YhS8=r1nZqs+5oBW?p&p$(*lsU(nwGf0lusR~?
zUS}`?ZJTkZxt)PpH1kl4X(z_vL)2;>GQs7%hTmc@EX@?Q#_^aB_hKvj2^(RliDtwG
zqIT5>*aXjFs6PJ#CYjIgeyBz90anG`sG+`x+Fs>fH><o8Y8#G2O<gi-(QZfWij%0d
z^bECD%Dv%oI^k=msrVGN=#OC@?f(Y^WR}ThPNt!@(<;=*<Z;vpok#WPmbLN}vj~Tw
zUbqCS;6c<HdWL$Td#YJ%p{Q*=0G0kWdexHk1k{t`sGk01<3-*yzYRA+9l4`Xi)J;d
zA>ZI)O!t<{c^f~%ZdiGm`Lg*2wk5s``(U=|=DS}6s=;ffv;Q^Mr%6yj=WSC#J8VjH
znT=mU^(<tD*`7mCbH5Nf<9*bNTfSpDun-3l{~DWP>6vB<BC!MU?Wp>)%wmza3Dlj%
z?_$^o=i++Q5H+1`7Rw;il&ruuc+|!N-ZhJ~C2G-4KrOPpI0!S&F-PrC>`Ht)YAxiL
zYwGFmCD4(CH8=ntqo$<KduDFEsQteQwHvNr0}PyJc1a&p!zN=k7vFNRKJhQ-o4J0B
znTVH8Hop;7#Nx!O;B54EB=8G?3#iq;lhZ^e-~-gul>5NMyW$MuQ?WhfU0}+Gp@#H*
z)Cu{UO%GaVMzAlcLlaPIY&mL;?L|&duk!~1Jy`5RbMW-FM&N6t$J_WZ>p9Fy`foOV
z&-yp!B|Xa`V<76ls)jn?UO_G1fi~ZZzQ6y?C7>Z%jJa_YX2)$dz8Cck=?rGUOQ?~$
zi5jWWi_O8*6E*Z(Q2YKiYU+ZPn9qjZs6{siH4?iqxAy%N0{Sp`h&mecFEtIRh-ye9
z)Eu`%9ZaK8bGQc8qXVdNS5YH#A61{T%uGQsYZKJa4@6DLTj<rN)OrG%(*vk@!H>+o
zuYo#9VlWivpk90mb*BG?`dXfKxp`q8^dnvs)!-Va2KGlcjzcwI5o(0?ENB0#M~`em
zxfN!}UPB$Jb5Iqn!)AB}^%+rgrTK6PLiIQVTVQk4Hk^*C_c*GabgRtN1)`=b7}c;o
ztGuQ~BT3MHUxb>1oz~N+Bl9NedqAPp=3}%Kx`|IhJ@*m%PDE7C(tT{UZwTszL(z?k
zP(%L}X245cn{XYqT63&1Jqtz+aXnOnI$0x7pW_oyJ==zP@VJd%LG6MUs1K>UpO`7E
zjH<s2YHdWJM#wvjfGXUM>dAeZQDCiUKr2)a`k@xtY}6W9jQZI93bp?;turIl1J$re
zs87>{s5SKsYRE63KGdEg^>`is^=8P*qqbFl)C2Rao3R%0!>FN4zrnnqoV6LMNBvME
zF&5R+nby@<iTEzm6#j|982G71z{{`E1bUJ%0@cF9z6^fVLiM!hM)Osy0cx?eM|~Ua
zjjC`WYF~efS}W(R{+mpLYoVs159Y%p)JRXqVBYVnBcKXTqP|o<Ma_Ms&8A>8)R216
zjb5yeOKti&%t8DCs%IHe%n(;XH}QI?j=YLGkjA1$>{ImWBsxSu-bVEx?-sKw8lmPe
z9JLMKL9O!7QRN?@rl!be=Dg^Pdch3Txv>lN8FCr5hH`8*4Qz^<%E+zke+|h@o3I=;
zH2YBp#qTzrE7d$u9kp0{qAGqDi{TfjFBCtb<~q|h)8ksGhIB{ucr@y{WK_q#-p2mV
zOyGACv?}jeozG2=vZJ<NYt&~$e^kSU+x%oykB_5XoN>GP7_W(%(s`%`>_ENv0;=c!
zUl^-+3FyIYs73TTY7RG}Ui2fX<<1WCJ)sz?!Wiou)N@-g7hXj@{}3}_@h{C<2}Z4f
zL6{!jKy}Rfmd#j#>fuh*6dXexB==CCewn^9EzW~_K^@f4_eYhVfNgOpY7zf|O|jTc
zm(v6XphkKbYL|V2tTnH*kASw(T~v!o>@urA1T|D0P>U=9buO$y&Goma6YQ?dFZHz<
z$=;}udlN%(z4f+Dud&<Y_r})R|6T$b!u_ZrdxUC`v&VdKsDf%(E7Xf$L#_U|Q3uTi
z)X?ukHSi2-1n#3orpz~Hq*`ML@dz7ViuttvcM{MXpG2+7yQu9_<XbaT9Z(fUp{8UJ
z>P4GS4LW4=pP)KYaj#h;eXSF*J?Se@<?munEWXcv|F1$oJ?Vy8jKffiY$3M7ov5MC
zwBJlg2&!lOP!)PnBeo8;Hhw~_{&WY7<xw5$j5=S&*z}bL?DzkJB<O_?tO4Jd7c@ex
z+5xC-HWBslx&?J0T}OQ@&i}n>NPBEZd<-gm8)_tPqeiCGLDRslSdaMFgI?3)tt4n}
zE~5^Zz(e-;c~nnkqgtMd>gh#P!*U-sf7`8wT5J<gFZvqQ;5*m?gN~T*`%$Q=`wZ2A
zV_pJ!!E<~COCL2ah(*o$V$_R|+VrQW9+p35o*RM<h|fYb=pbs>{DCT$`?%>yN9$Xt
zweU6STd_Ci39~wbu`3BJu{$on)_5Cra@9R)reqN61yfMl>=V>(IBLCz>REwPX3j%V
zyC({@?_Wm^{SstNd7U2#Xfb6yZ62tET5LTq2fm4Va6W42Qc#~6M^Fv8jM^3cKbZ7l
zsPZ*XAG@6}D@LK7A8GUF`tsR-8*Re(sE^%isMY#6YIO&naXD`6hN?IT)qpvuky(ve
zyvI<_|Am<`>sd2(`LH(e#;C<R0@dKPSef@bI|*pp{fU~xqCc9i(G5^NY>XMvgZ>ze
zn!AyxwKEG{xE1yMHq<segPI!WC-dS`sD}1JEzWW1RS!23&>a1Y`l4|kbspq6XDSFr
z&FL$s3PzwBumIh-8P(7esMY@%Ghn%&&DyGh8nF(T4F{nb9``f*UoA~0!4G$$TD;p9
zyn<Q_cTsDk)GuZ~w?K{9C{&ME+4x@6HolKKQ7fG{Yp5;i#Os5NaVV-opPcuaxjs#T
zR`m;1g{3c;bD%laW^5;*dj8q3riW)y+cL{V^IT0-&wHarW*Ta-Ewg@!S{r9kBXJA$
zWi`F`l4(gn)FNqynvyYC3s<A2;%C&<Jit1b>#|vVtx@MhJnCRtfoi}BY=JjWBU|l?
zSwl6g^)WZ;-cSPV2z0|9xD2!4Bh(Q4T{Q)(q8bv48mU)NYi1(qh)qVV?(a}T`vNsW
z6@D}I^gxxHjGFRPq~TuYJOOR1+}BJGDx>DQA8L_!Q4g*{4e?o253^i1BUJ)5WgSor
zh(Rr~<)}ru5p&^b)Cm5DTK%ry75DNFj|9}yj;J{rkDBYbs28PLkDwOkZ>SOQzhTN(
zL8Z4qO~DY%j>)JFtVB)eLDa}RMwJixgL8oQJFN+5F8ZQYZw#uyYScmW9jc;xs5KIB
z(@aHYR6~ZMUN8$aB|A`S;siFs41b!Funnds9*(Lf621DgTS`Ey^+!|>9-t}+x@9Wv
ziK=)qs(}kp<xZl?rMqo@FQ|o0i6>$M+-kjt&52jNV@5OywFcg~!~R#rpOK&`IEY&H
zPf)A8>Rt0;F$A@3mZKWF4K+e1Q6EwdQFGnoo>}#Su`%&=s9#wAKuu|d`({ygL>=8@
z?z8{3_*Rghk@y-lcTZ9KGs|CQ=!&8mSO?WZ4{8Kf+x*k0k+_4JvQiI>?NA*`LN#P9
z>czifd(7v3Xoh$oY9wZ%Dqe+J#ivla;UcOB=^vR2%c6$(HPl=##EEzuRle(EGlEIj
zj`(`ih&(~<qIyrv6nKXc=s?08)FS&8^}RmxQ?s~&Q5CjB9jP&>7tTQSXpfEiJu{2A
zE^2PuqPA@UYLTwO;`lvk1a2TB<#qBuH@`SELJi4u)B$t`wO=oy8=s-3An<Q9*KIMB
z_;BomTTm~|@WM=82x<h|qV|6;%!rYwwG@ZNwg0CO&`Grt-FOr=hj&nmEr0`5Ew7E4
zu?K2x^hf2#qZ%?3HA2TwQ*{efZ(f%v-v~9boozf0i|~Hu4FXyuOHix&6ly;|LVbe?
z^7Hd8$|k6h>42KDUZ^Qsjaoa0QB!pVb#P@$=jWS>;#i+}E7VlHfm-YzqgQizk$`qV
z;q<1$+Nd7(L!J3?sBbLO&<__`mtsre%TfFLcT~kyGWa=7FcS6rC#VtKgBpQ9P$QHz
zqo4Wjf2w3O1=^uje-dg$R-o3vkElg+AJv0mnN0a+s1b@rRrn^VBWrE`e$<hB2b*DF
zW>YQ<HF8rjd;NTKzK#S9-67Nix6qA6viSKHRRh#q#$q%sz_ysl-_N(0x}v6L2zJMK
z)Q8c2bmMbW$BJb&FK&<8hKXJR8k!ZT9v;HR_z?9eRVSOD@4$&d?f3Q8-%&jd&TiIB
zTl5f*K~2R;)EX$9!;DBZRD(L8o_hl|72eeZ^rF3}Me+nSq_uOJMb+6l1hqK5=*Evw
zQ?Um%<kwJ(FhedgWkpf(+L#{OV<zl^8L$u1QLi(AfaZ89s%6`;Gya15?pHOp8LBW;
z1K&j#K2oh*i9{M{RdP+^uA0vLpWU5PA$y%C+=nvXzm%q|FZuj&-nJDL;lVZ(T1257
zwxAzP%|m(|@zb`lo|L~#T7b%sU&KCtp0u=U1L5y&d@1FAunp7*=qjTj;0j{>IrFKY
zE`=+Rn4ZG>$auuv+diau4C5|p<2xwxgs_`uu5!<}FQSNZg>V+~KgK;u;0h&NnOkQ~
z+7&{XoJ72Zc=<&FC%JzhQP*$WWo@sX@Zj$@yo>NFy!eE#l=<-hW|Lo-d!Q|+oXT`&
zA@O3i(W6MyG*9Op&#9-DN%uP6kT8PC5EA`u19XU_T{oyizsdfBJF&2>upQ-f&BAEX
z!U<0#{DN><>PhhB^7ka3o5B4lc^T}muOP1g<-#=oa|o=lg|k!e3mblwbT1Y4#9O2d
z!eA=+$-ej;X;(<oH4N+X?AwG(VLI-?lv~5|Ge}D!9!q?LefDR{S10e8=Hzu-$sc5%
zqF@JGs5t3wQRp6JW^?Bt@3AdQ)cMtx8%%mV+p|+PtuV%L7w7rM<hQozdQR68TaULk
z1qPA%1-DMHz1W8b#^PoQJtplV;sb~eed*<OdEsr+GjZ#BhrE7-7f_$BuW%7*-MDM;
zY+d4KFzp&k;EVKjO|B<0`K8K_+weK;MP9;756-mV*GVr*cqF#4FO4ET&*qQg*|!J}
zw+;M}GV6)|O?rF6lYQxoe<FdWBu?jENM+5r*Abpf;bGk0Doh$*Se)mmYZ1@<MtW)T
zf8m}<-bn5?q?ff*v5|CLJ1D2Cr@{G_GJKPFrV{^53rwHo3n*NK2mP@tcR?O{N<n>m
zzI^dpneXaIegp20D7(+5{YehLoB00WIqjJ@$kzu=C+bSO>hW9(=|?H+-9l<-BD#XO
zAG}mh-)LXs9&hsr`u@HD7-foa*QcWWw)|dYat)-?hNP!mhl%qWp0l4i_?GVEqWtgV
zXTxWF|8VM&_zs!+c#Yv+LOeeO-o;9`@@lx|rAoh|{8aLFbtnBN?p4HZk=_^s>=c+1
z=I86A^U>jSqKvK#KIcyDlEcd<jqj_WKGD;zk~Xl4yez!_JK~?%w4Qp6ZQ4v6#$CuZ
zCnw=klq;?>+>`7x^>6@nZMDxS`2^uqoy#2w#8N?ZEJ@ohP_Q%cDL9dWBdMqs@r$?(
zH*vS1Y*q4ClRpU$W7@?p{Z41nlCeBKA!8opgSl@Lf1mpjY0bFz@Ey$gm4do*@PgB1
zUgU1Ytt+0qw{Qx1W2m4halRfoD>0b6F5wlVU!#o1y*fWKQ&!iPq%R`8oH8{jTh7+0
zZwzVIV(o!c3QfXvc!8X7!cjb&|D~C{VIS6mv&c`o8c^mkW&4m&;iWRl=bNUJkFt01
zefvNtJ|sTW#=V)T;3f&}NT@<ZEqP!xrd>@4bbINAN<T*VUEB{}Dz}650Mc~r=dML(
z%Gl@Tz4Sca>wUkHbTQ9*olInI=Khk5Wjyqpj3Kt73B)J(s^nJ*((`cZxu3W_<Sn&%
z+pTS=rw0XUaqIV?cWnAl%I+gAEBUW+zsEh8yz!d<-^j>Kfe%S&h`P!%Dmm~T4aq}z
z3gIxyy?p7{6kRct`GCBM+!wg3Q28B&ZC!nBXFetEd&*xyUHeF1<)zRZBKrQTt1XHC
z*pEs=a2AE1QD!{h95iGZ@&|(dxC)W3s}x?hm1pD`7vW;qk36-Z8PApAo<n+Z;%5kZ
z|FW%XNrJ9dxYtr(pf5&m$nRh)RZ^@i-<^tA+4Qdom$QwiMt*tXn<=X=_hX3XCI0et
zj29OnVV2IovlJLaLI>`tR5+iEt2oO(;cqMcgtQmjV@T&u8qQ^&D?!D@Nz>Jc@Cef1
zRXLO7`#r}7oxPM#yDk$bNx3TNn15aR{{V1`hwqYj1dmYo7t&LFxoj=+H<Ndi_y$|i
zDB}7>P1iSsUo}DB&oZ{h+pP;Ro}7+0{yOEuRgZnY^EEHMNxVKUD$4yE1<TqOJ;wm@
z!bsarx$J~>JtC~@XX^*ZuTD;?8e?CSkGc{_8*Iy{d^mYqh~FUWdw&WAnvi&q2U`;^
zKsb~Fuj4h+-XpCMg-cVJuF9lM;nsD6a_K4ekZ>yHjuYN!U&ilg&YzU~mb`r2(@1Yb
z9otD;NM7v>w*UNLm;V(9T1DbcGFwo%7<YQYUy@#${6BFe`D;jf!@l4R!n#TkpG&^3
ztCZ0-#Nd2KnL~t!lfRm~giSAvxAYzOZ(E5?_tB0@;wk)zt+Xle&$(YCK9dr)3BPI^
zp$Eos|4CZ1B3uQ?Th4vamg!{8NbldZb$(5`r`rFzveJkc?oBqXwA<YAq&2q>pChj(
zF9{&+71D;0UzczMX`AhH{Yjrd+E3hfNIydQT<lL=*M0Jvk#?LofBA5{*=^+sBviHG
zCWJ?kscQ!2rPXCftAPd71JWDVvMQ62aAxi}!Y$QE%If-sw2ydx1M%yGYm;`)=KV!E
zx7Ob>GAeQF`jz{ZeX-)bDEudRgGqbSmQlJcepmNhpBw)9nbD?4Q+_SsE94Bf&z2^h
zlMZ}Hy&DOCtoc7iOOotE4Q;`Pq_yI~8K^6S2i~zQSNs9#pJF=7ZzEiuyluqC;#tz>
z+j>-XBz0HDX_U)g>u5myXTn*%v}Uw@$yyRiQ8*8-pn_JUZ{>cAf~QE&$6eG`5J~>e
z<o#vie&mfKzJ+*O@{*|IP44U54M~e3Ega`iCJXlf!d1C_`~LuibnPHxJ&Dr^55bGv
zpHQ)`2rBp(yJOl_hw^QRY~n6KNBoFiCHxL$^5acgHi&w3y-9u<>T7B1B#D0m^=0vE
zflZ9E5AnBEryvjX!2TFXB{#7(<@*w@WS`?tpUxS=WcjXF$lJ{wL_!dGi8f;$9w5Ci
z4b`=h@Fku9m3VO#oA~{|E%O!1PX)TFlOAZxylvCYlU|QXXOs6U_ZY&5$UA}6xC`<E
zUE^>U>1Xj1>_T2e?r#a7(ceI#xcSqxbCUZ#GU{Mo?r%t6hrM}l02Ot{tmH><A0R#L
zYEE2N9?E~n9YjMbQnod>u4=@8B>f9+U03b1cL{rAZK2`5Ec2rn1s+iNeewcH`hxg0
z!bb=v@v;SkS73T7K14Vl;qNh%9U;}i9|?W`E5W%)o5S<%$^V;jHAp{zmrP@NIKv5i
zNP#va9>g`6g1V*?zR&%ODeRmky^hK9{fs2<8}6f2UWYPoa=R!KJa<yRyj~Zt*7!E1
z?0vjONnH_?jxa&zYtq+}zQ^YMVAIFj7R)1F)u#PL+FYByh_rmv(~0MGePC7i5Ov+=
zpO>6C5*HKMMdCohfAGKtD#&KX=``^H#HZPZPgrx?d_VG=lh&2{E9$t0HK{Lz{H3;R
zKP%b3Ybp8Pa{H%eX&1K@-5{YLFUpP|a91Tg7k)(AOe(ldIPGdd*vpGQ$1h3jfd?ql
z-WJ$Kp01pv|89cLN%H3sPUK$4ou544(efsR_bI~lJ}*nVrjmA;hw9Lf3Y2l%ydQ1Z
z`V@Rl+H&H7FFp5y@L5|)Dg2mcTa)&fa*YU=!f$N8w+0DqNq9nma;R&x!CAn|`;b<{
zR_-SL8s&8z<o=HIuZjEN2;za1ElHW9I7-iv_8#|q(#jHFfxGPUUm3klS02t_Ur>oc
zHF;pIjqk?ZHare@@X$4kry^Yel-E^&^w&shL|!uC3HF)4$jeK5FYfiE_2GV>XFR00
zq+G2G%>N|<-MLFpXfe00^0oqn#}a<QLv<)~gnJWrZQ_$jZ%lqS;=0yZ(+=6Qlxfc$
zYSR;``w{UL*ulQ1s}|8HDyqzVn9Q^*&OUVgrL>$p)QtlDZK001lKhFJM{;lEnQgd?
zJDR-8c$|85U9kRO>s4A4(&#@&4tF{h*)iNpfeq-k1+!Dh9pdF|1q6NnnkK&@FYUTd
z`90j3NNd79+m@eh>ls75IpL3ZU@7`jCRO`?AU#-4;&l>^;{??8#6D<Z9O^bu$d1S`
zD(q{+pWCwSc{VfQR@`sfyzfX$CcKk78+U2)=5iOL!@m9xCDNB*H146&c|5S3@IhO_
zGQzJA{*F7&ra7ePYHPh`9fY~LLn!x$De})x7iouWxvjjTB=4G`KW&^QV>JnB*V{Jy
zE+%t#CgVpQyhFKml&?oP8}=r>DQP=x`H`eAAZ>}QD3tWKxId(fuJwe6@LV(8NZdnt
zZ+#M?h!nxRxF1*I8{9<+Z=!H^hN>bS<xab{l2?ujR*|rpa3FaVDYu%mKyHV4W;jo{
z9rsrIU>DLS5#LRt-1^n#E`ft2rsw{h@COuZO!(!iBQKalUICjJi@k`CrkscSGwz9$
z(NzJ*^MW79*YyT@{ke68U`f*7BR?DQraJ#~@xUz-ijX-1bv2|XDTIIJu5K$bISe~-
zk9}EMS{LHYD4WTaJ#Sx_mM^<=7o*<7FFkuk`(M{$Yfdt2Qb<<=o2Kw??%d?vB<&<G
zc}hGF@o2)It3vM2$UDS~U&Y)c?I&D~^szV^m)QD#Chrkxx_tXzfv)<&l|aF~+%I3P
zh(F`uVEd5rJ|&!yv<5U_D&a!hpW5d>Bflcyp4>OM7ji%3u0Yu?<n8{q9<Q^V$j3Gz
z%z9sM;M&VWKXFgt&cdh!Q-QAhwkIcXCwW7;A8_jz#eTNT670sk#m1A!PrG{Xo*qPI
zrz^xlBBQ=7^qIAG`jpzkMrQOj@7mN|Ho=qV9vzz$?~WZA;~o?i7d9|5Ix;cRlTgmz
zal74RgTl+XO~J^B7<X(;^yvS}2#X1Kw}_4i8x|J*?-Mq`UDgvbD1LNY;(tHbVpL?p
z+)W9My<OCX|D}*G@BgKJrr`h3K4qwVz5?N%!C^_!i7z$Z6O(c`p<DXq_Who4cX(K0
zn7<R0;Qlu$!IO{>85`q{@{E2tM@b_iqodseJ?^9gPx#!Xqt532_o>0L@%7v#gAz)n
z<QbhmeM-~ug9E&tc#k_W!5tIpjz|iN4~t3kc-)CY!V>x6Vd&$--3du?ak24<3BHtg
z&+sHqLL#k7h#cdo?9Xg)wHfToq&4mcPmCu%EKw~9kM*eHL~0l`$m0pG=#Go_ge6ez
z5YM0}J>l=J?|VKxc2LqVPfVhDE_Se)eBav>W8DcfX{4H@S0=c_XmMC{bnM8vUnUot
zn=3U#N@{YmEM<qqj!?^~Jt;n(x=iCW(2+3-o_N!t*ci{;-b;(5JX+d0-Q0330$uKu
zRx3sY=Z)~a-q%>qs5s9cI+(KK`_)+jhN*&*L6vJ&O(>~x3L7>sG9oE9DZzhk|5ImD
zx}4tZSJ;#2d%(PKWMtwHch@Q%>bZjwQe0=}_*IYgj0j6KO-qbVN?_RyrY8|GVTnoc
zbjSC=h_L9$aCfJ+O?{I+_uZf71_mWn8W@>KEt=$t?l#Q{R&)=F_fT1QO0IL|(x<$3
z;X=9;@8x5zih45MGbmQm#ol4?!}J)#=7}LAF+S2WA~GgIX$dJUuGUMJGdeOX!OiN6
zjA3KN#>`E+{!Sq$GR8DyQ0%amJDzgq`bbw`Y@7=IQ^rKo#wO*p8(XvGqWY0)Lt<>K
zJ32NdA|>ymZRu)8vQ~L_SiBi!XV`xwxLKF(|E$hG<-pUU=^C41|7RVUsbTZ{Q<uN<
zpU?f*6wP|!{mjpGAbm!+Cq6zlK9&DP)hDjhD;ZtMc?S9Bg1PZTyTihVGB2!Y7F)~i
z?b^A+lbEkq_rJ3e88bN6-}zr2>CmD_i!N!;3=A{#s3(%g6n0h5<Qe4|l$7X6z7XKb
zUp{PLw6AKWG2HDLmFS6&35#~e#m7d(hYe$<65?W6ty(;(OAEU`^~*9SGH!?`o_KPr
zqOSG<p8sR%q%E4%8RQo*=Vw?<MC1r}cw~&n?TOHj5p2qr&KTd>8I=^{PKpWl#3w|>
zM~?Wf+}Mc!pYu~sM(G6ok4jraB}679|5Dx6)*PV!b1C1c_kU}juh9S6KIPIrU!jCV
zHYlgmOU;jpPpweHRW(Ci+eA;e=bs}qxx-Xfk-(sYN;XgHazrHOWppH`$H4fch{WU`
zA+Dzd()!0{@|~KyzX(d$y*Blgx~`4slP@%I6-}+v$kiz@V~h5CrgmwYysNG&!0YCS
zisGc?88fbld$uJqMr^Yf_nvJr2~jk~o|tZT0=XPi(FvZ)?$#r81n=1v5$%bMW4k6Q
zImR6s73Fb9kLD*kKVi>GYL7{bkByG@#Q#%Gcx;qCI$N?kc}SZnoP$Fx@kMlSdfY?k
zCbj+h*7%CF>)(24W+I;)Vd2ReUv&khE_u~8(m%B2P}Zk=geN9CGJ=CEoSub6B_?@j
zfvKNqh>QtO*t5!H4%6p?hr=d1CTZ9(K3Wn}^AC0{PglBq5;f2WCW`=z(bqCs%T$<t
z*K?<)M!L>c3}7E{pvJTL;>`fiAzHwwroJ=ZwZp%tPNrBl6Qa{$_gc2LJ8^_3addcO
zgn#nPWv+_J!<V^^r+Pke<x3YpRZ-MN!+qnS2HL}UuIp^RRQ|70m;2QpvS-x@Hv>Cj
z&#HK88NxJ~ar|d{3|5QuaKz|nN_ccsSJLNla>b8b8%q3pR-4XLbaR^PxVE#In7Z#{
zSHTRa{u^9_)35$wv&%0;6~x7I>TsB8x6;BmW|*j{0#<6}#Jf4d6ZJvrTORSLo3^-q
zNSBLGKo0PK&+p`k+g$G!agt2?=&bJme`%OfUu<)2b_M&UOB2n?Pb<wwV`MaEUBthG
zn)>l}*V3E?%sX|W(+(}HXxf^X+Uh%3`ShX81M8Io#2v>M2j8SQ|3jMZIV}?V)_-5(
zpBi`AH9vi*oyW9!w$rY)W<N1FdH=hCFVA|SfAW*#uBkbE+a)G8ich)t7*DGAgll=m
z44%QBq0y;<Ke{UUr4B#m%9THP+-+C(<OU;Lnd|sYeXR|uHwV9_AR?Y=cZUtObM2dI
zo#yewd|yxeo#ZMbT>1a=Ve=92A5W)Eg(mu?$CJHxT)}nt2=lcziZg)YIf``<&sP@v
zIpFU^r4@+Yvx?1|pv^EiJ}lYwhpS-f$~&%#>HG%`i5xtbY2lM$|9w}tlD-cs;{WHG
PO<Sv}MgDS~&iVfV?zx~b

diff --git a/po/da.po b/po/da.po
index 299e153..d912710 100644
--- a/po/da.po
+++ b/po/da.po
@@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2017-11-02 17:39+0100\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -24,58 +24,58 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "kunne ikke indhente pinentry-lås: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "_O.k."
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "_Afbryd"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_Yes"
 msgstr "_O.k."
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_No"
 msgstr "_O.k."
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 #, fuzzy
 #| msgid "|pinentry-label|_Cancel"
 msgid "|pinentry-label|_Save in password manager"
 msgstr "_Afbryd"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "Enter new passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -83,7 +83,7 @@ msgstr "Indtast ny adgangsfrase"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -94,7 +94,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -105,22 +105,9 @@ msgstr ""
 "specialtegn. Spørg din administrator om mere præcis information om\n"
 "hvordan man anvender sikre adgangskoder."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Adgangsfrase er for lang"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Kvalitet:"
 
@@ -130,7 +117,7 @@ msgstr "Kvalitet:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Denne række indikerer kvaliteten for ovenstående angivne adgangskode.\n"
@@ -139,7 +126,7 @@ msgstr ""
 "specialtegn. Spørg din administrator om mere præcis information om\n"
 "hvordan man anvender sikre adgangskoder."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -147,7 +134,7 @@ msgstr ""
 "Indtast venligst din PIN, så at den hemmelige nøgle kan låses op for denne "
 "session"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -155,82 +142,76 @@ msgstr ""
 "Indtast din adgangsfrase, så at den hemmelige nøgle kan låses op for denne "
 "session"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Adgangsfrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "matcher ikke - prøv igen"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (forsøg %d af %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN er for lang"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Adgangsfrase er for lang"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Ugyldige tegn i PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN er for kort"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Ugyldig PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Ugyldig adgangsfrase"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "fejl ved indhentelse af serielnummer for kort: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Genindtast venligst denne adgangsfrase"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -242,65 +223,54 @@ msgstr ""
 "Indtast venligst adgangsfrasen for at beskytte det importeret objekt inden i "
 "GnuPG-systemet."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh-nøgler større end %d bit er ikke understøttet\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "kan ikke oprette »%s«: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "kan ikke åbne »%s«: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "detekteret kort med S/N: %s\n"
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-#| msgid "error getting default authentication keyID of card: %s\n"
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "fejl ved indhentelse af standard-keyID for godkendelses af kort: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "ingen egnet kortnøgle fundet: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting list of cards: %s\n"
 msgstr "fejl ved indhentelse af gemte flag: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -309,20 +279,20 @@ msgstr ""
 "En ssh-proces anmodte om brugen af nøgle%%0A  %s%%0A  (%s)%%0AØnsker du at "
 "tillade dette"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Tillad"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Nægt"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Indtast venligst adgangsfrasen for ssh-nøglen%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -331,94 +301,90 @@ msgstr ""
 "Indtast venligst en adgangsfrase for at beskytte den modtaget hemmelige nøgle"
 "%%0A   %s%%0A   %s%%0Ainden i gpg-agentens nøglelager"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "kunne ikke oprette strøm fra sokkel: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Indsæt venligst kortet med serielnummeret"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Fjern venligst det aktuelle kort og indsæt det med serielnummeret"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Administrator-PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Nulstillingskode"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0ABrug læserens numeriske tastatur for indtastning."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Gentag denne nulstillingskode"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Gentag denne PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Gentag denne PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Nulstillingskode er ikke korrekt gentaget; prøv igen"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK er ikke korrekt gentaget; prøv igen"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN er ikke korrekt gentaget; prøv igen"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Indtast venligst PIN'en%s%s%s for at låse kortet op"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "fejl ved skrivning til »%s«: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fejl ved oprettelse af midlertidig fil: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "fejl ved skrivning til midlertidig fil: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Indtast ny adgangsfrase"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Brug denne alligevel"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "Du har ikke indtastet en adgangsfrase!%0AEn tom adgangsfrase er ikke tilladt."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -427,11 +393,11 @@ msgstr ""
 "Du har ikke indtastet en adgangsfrase - dette er generelt en dårlig ide!"
 "%0ABekræft venligst at du ikke ønsker beskyttelse på din nøgle."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Ja, beskyttelse er ikke krævet"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -439,7 +405,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Navn skal være mindst 5 bogstaver langt\n"
 msgstr[1] "Navn skal være mindst 5 bogstaver langt\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -457,7 +423,7 @@ msgstr[1] ""
 "Advarsel: Du har indtastet en usikker adgangsfrase.%%0AEn adgangsfrase skal "
 "indeholde mindst %u cifre eller%%0specielle tegn."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase may not "
@@ -467,7 +433,7 @@ msgstr ""
 "Advarsel: Du har indtastet en usikker adgangsfrase.%%0AEn adgangsfrase må "
 "ikke være en kendt term eller matche%%0Aet bestemt mønster."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 #, fuzzy
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -480,234 +446,245 @@ msgstr ""
 "Advarsel: Du har indtastet en usikker adgangsfrase.%%0AEn adgangsfrase skal "
 "være mindst %u tegn langt."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Brug denne alligevel"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Indtast venligst adgangsfrasen %0Afor at beskytte din nye nøgle"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Indtast venligst den nye adgangsfrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Tilvalg nyttige for fejlsøgning"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "kør i dæmontilstand (baggrunden)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "kør i servertilstand (forgrunden)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "run in server mode"
 msgid "run in supervised mode"
 msgstr "kør i servertilstand"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "frakobl ikke fra konsollen"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "kommandoresultat i sh-stil"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "kommandoresultat i csh-stil"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FIL|læs tilvalg fra FIL"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Tilvalg der kontrollerer det diagnostiske resultat"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "uddybende"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "vær mindre uddybende"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|skriv servertilstandslogge til FIL"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Tilvalg der kontrollerer konfigurationen"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "brug ikke SCdaemon'en"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|brug PGM som SCdaemon-program"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|brug PGM som SCdaemon-program"
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|forbind til Assuansokkel NAVN"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorer forespørgsler om at ændre TTY'en"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorer forespørgsler om at ændre X-skærmen"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "enable ssh-agent emulation"
 msgid "enable ssh support"
 msgstr "aktiver ssh-agent-emulering"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr ""
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Tilvalg der kontrollerer sikkerheden"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|udløb mellemlagrede PIN'er efter N sekunder"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|udløb SSH-nøgler efter N sekunder"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|angive maksimal livsforløb for PIN-mellemlager til N sekunder"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|angive maksimal livsforløb for SSH-nøgle til N sekunder"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "brug ikke PIN-mellemlageret når der underskrives"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 #| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
 msgstr "tillad ikke genbrug af gamle adgangsfraser"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 #, fuzzy
 #| msgid "allow clients to mark keys as \"trusted\""
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "tillad klienter at markere nøgler som »trusted« (troværdige)"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "tillad forhåndsindstilling af adgangsfrase"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Tilvalg der fremtvinger en adgangsfrasepolitik"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "tillad ikke omgåelse af adgangsfrasepolitikken"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|angiv minimal krævet længde for nye adgangsfraser til N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|kræv mindst N ikkealfanumeriske tegn for en ny adgangsfrase"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|kontroller nye adgangsfraser mod mønstre i FIL"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|giv adgangsfrasen udløb efter N dage"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "tillad ikke genbrug af gamle adgangsfraser"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Tilvalg der kontrollerer sikkerheden"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "fang ikke tastatur og mus"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|brug PGM som PIN-Entry-program"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|angive maksimal livsforløb for PIN-mellemlager til N sekunder"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Rapporter venligst fejl til <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Brug: gpgconf [tilvalg] (-h for hjælp)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -719,148 +696,143 @@ msgstr ""
 "Syntaks: gpg-agent [tilvalg] [kommando [parametre]]\n"
 "Hemmelig nøglehåndtering for GnuPG\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "invalid debug-level '%s' given\n"
 msgstr "ugyldigt fejlsøgningsniveau »%s« angivet\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "valgt sammendragsalgoritme er ugyldig\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "læser tilvalg fra »%s«\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "ADVARSEL: »%s« er en forældet indstilling\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "kan ikke oprette sokkel: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 #| msgid "socket name `%s' is too long\n"
 msgid "socket name '%s' is too long\n"
 msgstr "sokkelnavnet »%s« er for langt\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "en gpg-agent kører allerede - starter ikke en ny\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "fejl ved indhentelse af nonce for soklen\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error binding socket to '%s': %s\n"
 msgstr "fejl ved binding af sokkel til »%s«: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 #| msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Advarsel: usikre rettigheder på %s »%s«\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
 msgstr "lytter på sokkel »%s«\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "kan ikke oprette mappe »%s«: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 #| msgid "directory `%s' created\n"
 msgid "directory '%s' created\n"
 msgstr "mappe »%s« oprettet\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 #| msgid "stat() failed for `%s': %s\n"
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() mislykkedes for »%s«: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 #| msgid "can't use `%s' as home directory\n"
 msgid "can't use '%s' as home directory\n"
 msgstr "kan ikke bruge »%s« som hjemmemappe\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "fejl ved læsning af nonce på fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "håndtering 0x%lx for fd %d startet\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "håndtering 0x%lx for fd %d termineret\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh-håndtering 0x%lx for fd %d startet\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh-håndtering 0x%lx for %d termineret\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 #| msgid "pth_select failed: %s - waiting 1s\n"
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "pth_select mislykkeds: %s - venter 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s stoppet\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "ingen gpg-agent kører i denne session\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -868,11 +840,11 @@ msgstr ""
 "@Indstillinger:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Brug: gpg-preset-passphrase [tilvalg] KEYGRIP (-h for hjælp)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -880,8 +852,8 @@ msgstr ""
 "Syntaks: gpg-preset-passphrase [tilvalg] KEYGRIP\n"
 "Adgangskode for mellemlagervedligeholdelse\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -889,8 +861,8 @@ msgstr ""
 "@Kommandoer:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -900,11 +872,11 @@ msgstr ""
 "Tilvalg:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Brug: gpg-protect-tool [tilvalg] (-h for hjælp)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -912,17 +884,17 @@ msgstr ""
 "Syntaks: gpg-protect-tool [tilvalg] [parametre]\n"
 "Vedligeholdelsesværktøj for hemmelig nøgle\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr ""
 "Indtast venligst adgangsfrasen for at fjerne beskyttelsen på PKCS#12-"
 "objektet."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Indtast venligst adgangsfrasen for at beskytte det nye PKCS#12-objekt."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -930,7 +902,7 @@ msgstr ""
 "Indtast venligst adgangsfrasen for at beskytte det importeret objekt inden i "
 "GnuPG-systemet."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -938,60 +910,59 @@ msgstr ""
 "Indtast venligst adgangsfrasen eller PIN'en\n"
 "krævet for at færdiggøre denne handling."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "afbrudt\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "fejl ved oprettelse af adgangsfrasen: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 #| msgid "error opening `%s': %s\n"
 msgid "error opening '%s': %s\n"
 msgstr "fejl ved åbning af »%s«: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 #| msgid "file `%s', line %d: %s\n"
 msgid "file '%s', line %d: %s\n"
 msgstr "fil »%s«, linje %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 #| msgid "statement \"%s\" ignored in `%s', line %d\n"
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "udtryk »%s« ignoreret i »%s«, linje %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 #| msgid "system trustlist `%s' not available\n"
 msgid "system trustlist '%s' not available\n"
 msgstr "troværdig liste for systemet »%s« er ikke tilgængelig\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 #| msgid "bad fingerprint in `%s', line %d\n"
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "ugyldigt fingeraftryk i »%s«, linje %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 #| msgid "invalid keyflag in `%s', line %d\n"
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "ugyldigt nøgleflag i »%s«, linje %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 #| msgid "error reading `%s', line %d: %s\n"
 msgid "error reading '%s', line %d: %s\n"
 msgstr "fejl ved læsning af »%s«, linje %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "fejl ved læsning af liste over betroede rodcertifikater\n"
@@ -1004,7 +975,7 @@ msgstr "fejl ved læsning af liste over betroede rodcertifikater\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -1013,11 +984,11 @@ msgstr ""
 "Stoler du fuldstændig på at%%0A  \"%s\"%%0Akorrekt certificerer "
 "brugercertifikater?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Ja"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Nej"
@@ -1030,7 +1001,7 @@ msgstr "Nej"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -1042,20 +1013,20 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Korrekt"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Forkert"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "Bemærk: Denne adgangsfrase er aldrig blevet ændret.%0AÆndr den nu."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -1064,15 +1035,15 @@ msgstr ""
 "Denne adgangsfrase er ikke blevet ændret%%0Asiden %.4s-%.2s-%.2s. Ændr den "
 "nu."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Ændr adgangsfrasen"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Jeg ændrer den senere"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -1080,113 +1051,113 @@ msgid ""
 "%%0A?"
 msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 #| msgid "enable key"
 msgid "Delete key"
 msgstr "aktiver nøgle"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA kræver at hashlængden skal gå op i 8 bit\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s-nøglen bruger en usikker (%u bit) hash\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, fuzzy, c-format
 #| msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "en %u-bit-hash er ikke gyldig for en %u-bit %s-nøgle\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontrol af oprettet underskrift mislykkedes: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "hemmelige nøgledele er ikke tilgængelige\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "beskyttelsesalgoritme %d%s er ikke understøttet\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "beskyttelsesalgoritme %d%s er ikke understøttet\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "beskyttelsesalgoritme %d%s er ikke understøttet\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "fejl ved oprettelse af datakanal: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "fejl ved oprettelse af datakanal: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "fejl ved forgrening af proces: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "ventning på at proces %d skulle terminere mislykkedes: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 #| msgid "error running `%s': probably not installed\n"
 msgid "error running '%s': probably not installed\n"
 msgstr "fejl ved kørsel af »%s«: sikkert ikke installeret\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error running '%s': exit status %d\n"
 msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 #| msgid "error running `%s': terminated\n"
 msgid "error running '%s': terminated\n"
 msgstr "fejl ved kørsel af »%s«: termineret\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "ventning på at proces %d skulle terminere mislykkedes: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "fejl ved indhentelse af afslutningskode for proces %d: %s\n"
@@ -1202,35 +1173,35 @@ msgstr "kan ikke forbinde til »%s«: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problem ved angivelse af indstillinger for gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "kan ikke slå kernedump fra: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Advarsel: usikker ejerskab på %s »%s«\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Advarsel: usikre rettigheder på %s »%s«\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 #| msgid "waiting %d seconds for the agent to come up\n"
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "venter %d sekunder på at agenten kommer frem\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ja"
 
@@ -1284,57 +1255,104 @@ msgstr "ikke nok kerne i sikker hukommelse under allokering af %lu byte"
 msgid "out of core while allocating %lu bytes"
 msgstr "ikke nok kerne under allokering af %lu byte"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "fejl ved allokering af nok hukommelse: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: forældet indstilling »%s« - den har ingen effekt\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting %d seconds for the agent to come up\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "venter %d sekunder på at agenten kommer frem\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
 #| msgid "waiting %d seconds for the agent to come up\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "venter %d sekunder på at agenten kommer frem\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting %d seconds for the agent to come up\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "venter %d sekunder på at agenten kommer frem\n"
+
+#: common/asshelp.c:364
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
 msgstr "kan ikke forbinde til dirmngr - forsøger reserve\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
 #, fuzzy, c-format
-#| msgid "no running gpg-agent - starting one\n"
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "ingen kørende gpg-agent - starter en\n"
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the keyboxd established\n"
+msgstr "kan ikke forbinde til dirmngr - forsøger reserve\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:367
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent established\n"
 msgstr "kan ikke forbinde til dirmngr - forsøger reserve\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:485
 #, fuzzy, c-format
 #| msgid "no running dirmngr - starting `%s'\n"
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
 msgstr "ingen kørende dirmngr - starter »%s«\n"
 
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "kan ikke forbinde til dirmngr - forsøger reserve\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "fejl ved oprettelse af nøglering »%s«: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "ADVARSEL: %s overskriver %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Brug venligst kommandoen »toggle« først.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1403,7 +1421,7 @@ msgid "algorithm: %s"
 msgstr "algoritme: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "ikke understøttet algoritme: %s"
@@ -1478,11 +1496,11 @@ msgstr "Certifikatkæde er gyldig"
 msgid "Root certificate trustworthy"
 msgstr "Rodcertifikat er troværdigt"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "ingen CRL fundet for certifikat"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "den tilgængelige CRL er for gammel"
 
@@ -1520,7 +1538,7 @@ msgstr "Ingen hjælp tilgængelig for »%s«."
 msgid "ignoring garbage line"
 msgstr "ignorerer affaldslinje"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[ingen]"
 
@@ -1529,139 +1547,26 @@ msgstr "[ingen]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "ugyldigt radix64-tegn %02x udeladt\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "parameter var ikke forventet"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "læsefejl"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "nøgleord er for langt"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "manglende parameter"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid value\n"
-msgid "invalid argument"
-msgstr "ugyldig værdi\n"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "ugyldig kommando"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "ugyldig aliasdefinition"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "ikke nok kerne"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "ugyldig kommando"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command `%s'\n"
-msgid "unknown meta command"
-msgstr "ukendt kommando »%s«\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "uventet panser: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "ugyldig indstilling"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "manglende parameter for indstilling »%.50s«\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "manglende parameter for indstilling »%.50s«\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "tilvalg »%.50s« forventer ikke et argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "ugyldig kommando »%.50s«\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "tilvalg »%.50s« er tvetydigt\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "kommando »%.50s« er tvetydig\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "ugyldigt tilvalg »%.50s«\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "BEMÆRK: Ingen standardfil for tilvalg »%s«\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "tilvalgsfil »%s«: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' not available\n"
@@ -1679,147 +1584,148 @@ msgstr "iconv_open mislykkedes: %s:\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "konvertering fra »%s« til »%s« mislykkedes: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 #| msgid "failed to create temporary file `%s': %s\n"
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "kunne ikke oprette midlertidig fil »%s«: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 #| msgid "error writing to `%s': %s\n"
 msgid "error writing to '%s': %s\n"
 msgstr "fejl ved skrivning til »%s«: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "fjerner stale-låsfil (oprettet af %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "venter på lås (holdt af %d%s) %s ...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(baglås?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 #| msgid "lock `%s' not made: %s\n"
 msgid "lock '%s' not made: %s\n"
 msgstr "lås »%s« er ikke udført: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "venter på lås %s ...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s er for gammel (kræver %s, har %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "panser: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "ugyldigt panserhoved: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "panserhoved: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "ugyldigt clearsig-hoved\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "ukendt panserhoved: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "indlejrede underskrifter i klartekst\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "uventet panser: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "ugyldig striplet undvegen linje: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "ugyldigt radix64-tegn %02x udeladt\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "for tidlig eof (ingen CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "for tidlig eof (i CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "ugyldig udformet CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC-fejl; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "for tidlig eof (i trailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "fejl i trailerlinje\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "ingen gyldige OpenPGP-data fundet.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "ugyldigt panser: linje længere end %d tegn\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "citeret udskrivingstegn i panser - måske på grund af en fejlbehæftet MTA\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "kan ikke læses af mennesker"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1828,28 +1734,28 @@ msgstr ""
 "et notationsnavn må kun have udskrivningstegn eller mellemrum og skal "
 "sluttes med et »=«\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "et brugernotationsnavn skal indeholde tegnet »@«\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "et notationsnavn må ikke indeholde mere end et »@«-tegn\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "en notationsværdi må ikke bruge nogen kontroltegn\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "et notationsnavn må ikke indeholde mere end et »@«-tegn\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1859,381 +1765,374 @@ msgstr ""
 "et notationsnavn må kun have udskrivningstegn eller mellemrum og skal "
 "sluttes med et »=«\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "ADVARSEL: Ingen notationsdata fundet\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "kunne ikke proxy %s-forespørgsel til klient\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 #, fuzzy
 #| msgid "Enter passphrase\n"
 msgid "Enter passphrase: "
 msgstr "Indtast adgangsfrase\n"
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "fejl ved oprettelse af nøglering »%s«: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s virker endnu ikke med %s\n"
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "ADVARSEL: %s overskriver %s\n"
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "fejl ved læsning fra %s: %s\n"
 
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Brug venligst kommandoen »toggle« først.\n"
-
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s virker endnu ikke med %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem med agenten: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 #| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
 msgstr "ingen gpg-agent kører i denne session\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "du kan ikke bruge %s i tilstanden %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "Tor is not properly configured"
 msgstr "ugyldig fingeraftryk"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "DNS is not properly configured"
 msgstr "ugyldig fingeraftryk"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "opret et tilbagekaldscertifikat"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "panser: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP-kort er ikke tilgængeligt: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGP-kortnr. %s detekteret\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "kan ikke udføre dette i jobtilstand\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Denne kommando er kun tilgængelig for version 2-kort\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Nulstillingskode er ikke eller ikke mere tilgængelig\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Dit valg? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[ikke indstillet]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "ikke tvunget"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "tvunget"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Fejl: Kun ren ASCII er tilladt i øjeblikket.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Fejl: Tegnet »<« må ikke bruges.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Fejl: Dobbelt mellemrum er ikke tilladt.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Kortholders efternavn: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Kortholders fornavn: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Fejl: Kombineret navn er for langt (begrænsningen er på %d tegn).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "Adresse hvor offentlig nøgle skal hentes: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "fejl ved læsning af »%s«: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 #| msgid "error writing `%s': %s\n"
 msgid "error writing '%s': %s\n"
 msgstr "fejl ved skrivning af »%s«: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Loginddata (kontonavn): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Private DO-data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Sprogpræferencer: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Fejl: ugyldig længde for præferencestreng.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Fejl: ugyldige tegn i præferencestreng.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Fejl: ugyldigt svar.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA-fingeraftryk: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Fejl: Ugyldigt formateret fingeraftryk.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "nøglehandling er ikke mulig: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "ikke et OpenPGP-kort"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "fejl ved indhentelse af aktuel nøgleinformation: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Erstat eksisterende nøgle? (j/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "BEMÆRK: Der er ingen garanti for at kortet understøtter den ønskede\n"
 "        størrelse. Hvis nøgleoprettelsen ikke lykkes, så kontroller\n"
 "        dokumentationen for dit kort for at se hvilke størrelser, der\n"
 "        er tilladt.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Hvilken nøglestørrelse ønsker du? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "afrundet op til %u bit\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s nøglestørrelser skal være i intervallet %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) Underskriftsnøgle\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Krypteringsnøgle\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Godkendelsesnøgle\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 #| msgid "   (%d) DSA and Elgamal\n"
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA og Elgamal\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Ugyldigt valg.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Kortet vil nu blive omkonfigureret til at oprette en nøgle på %u bit\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, fuzzy, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Kortet vil nu blive omkonfigureret til at oprette en nøgle på %u bit\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 #| msgid "error changing size of key %d to %u bits: %s\n"
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "fejl ved ændring af størrelsen på nøglen %d til %u bit: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "fejl ved indhentelse af aktuel nøgleinformation: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Denne kommando er ikke tilladt i tilstanden %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 "Lav sikkerhedskopi et andet sted end på kortet for krypteringsnøglen? (J/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 #| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: keys are already stored on the card!\n"
 msgstr "BEMÆRK: Nøgler er allerede gemt på kortet!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Erstat eksisterende nøgler (j/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, fuzzy, c-format
 #| msgid ""
 #| "Please note that the factory settings of the PINs are\n"
@@ -2248,196 +2147,210 @@ msgstr ""
 "   PIN = »%s«     Admin-PIN = »%s«\n"
 "Du bør ændre dem med kommandoen --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Vælg venligst hvilken slags nøgle der skal oprettes:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Underskriftsnøgle\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Krypteringsnøgle\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Godkendelsesnøgle\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Vælg venligst hvor nøglen skal gemmes:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 #| msgid "read failed: %s\n"
 msgid "KEYTOCARD failed: %s\n"
 msgstr "læsning mislykkedes: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 #| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "BEMÆRK: Nøgler er allerede gemt på kortet!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Sign it? (y/N) "
 msgid "Continue? (y/N) "
 msgstr "Underskriv? (j/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "fejl ved lukning af %s: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error closing %s: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "fejl ved lukning af %s: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "afslut denne menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "vis administratorkommandoer"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "vis denne hjælpetekst"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "vis alle tilgængelige data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "ændr kortholders navn"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "ændr adresse for at indhente nøgle"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "hent nøglen angivet i kortadressen"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "ændr logindnavnet"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "ændr sprogpræferencerne"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "ændr kortholders køn"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "ændr et CA-fingeraftryk"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "skift force PIN-flag for underskriften"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "opret nye nøgler"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menu til at ændre eller fjerne blokering for PIN'en"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verificer PIN'en og vis alle data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "fjern blokering for PIN'en med en nulstillingskode"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr ""
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "ændr ejertroværdigheden"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "ændr ejertroværdigheden"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Kommandoer kun for administratoren\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Administratorkommandoer er tilladt\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Administratorkommandoer er ikke tilladt\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Ugyldig kommando (prøv »help«)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output virker ikke for denne kommando\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "kan ikke åbne »%s«\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "nøglen »%s« blev ikke fundet: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "fejl ved læsning af nøgleblok: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "nøglen »%s« blev ikke fundet: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(med mindre du angiver nøglen med fingeraftryk)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "kan ikke udføre dette i jobtilstand uden »--yes«\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(med mindre du angiver nøglen med fingeraftryk)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2478,9 +2391,9 @@ msgstr ""
 msgid "subkey"
 msgstr "Pubkey: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "opdatering mislykkedes: %s\n"
@@ -2505,68 +2418,80 @@ msgstr "der er en hemmelig nøgle for offentlig nøgle »%s«!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "brug tilvalget »--delete-secret-keys« for at slette den først.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"ADVARSEL: Tvang for symmetrisk chiffer %s (%d) overtræder modtagerens "
-"præferencer\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "fejl ved oprettelse af adgangsfrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "kan ikke bruge en symmetrisk ESK-pakke på grund af S2K-tilstanden\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "bruger chiffer %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "»%s« allerede komprimeret\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "ADVARSEL: »%s« er en tom fil\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm `%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "du må ikke bruge sammendragsalgoritmen »%s« i tilstanden %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "læser fra »%s«\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ADVARSEL: Tvang for symmetrisk chiffer %s (%d) overtræder modtagerens "
+"præferencer\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2575,28 +2500,36 @@ msgstr ""
 "ADVARSEL: Tvang for komprimeringsalgoritme %s (%d) overtræder modtagerens "
 "præferencer\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"tvang for symmetrisk chiffer %s (%d) overtræder modtagerens præferencer\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s krypteret for: »%s«\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruge %s i tilstanden %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
-msgstr "%s krypterede data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s krypterede data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "krypteret med ukendt algoritme %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2604,74 +2537,11 @@ msgstr ""
 "ADVARSEL: Besked blev krypteret med en svag nøgle i den symmetriske "
 "chiffer.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem ved håndtering af krypteret pakke\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "kørsel via eksternt program er ikke understøttet\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"kald fra eksterne programmer er deaktiveret på grund af usikre rettigheder "
-"for indstillingsfil\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"denne platform kræver midlertidige filer når der kaldes eksterne programmer\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-#| msgid "unable to execute program `%s': %s\n"
-msgid "unable to execute program '%s': %s\n"
-msgstr "kan ikke køre program »%s«: %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-#| msgid "unable to execute shell `%s': %s\n"
-msgid "unable to execute shell '%s': %s\n"
-msgstr "kan ikke køre skal »%s«: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "systemfejl under kald af eksternt program: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "unaturlig afslutning på eksternt program\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "kan ikke køre eksternt program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "kan ikke læse svar fra eksternt program: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "ADVARSEL: kan ikke fjerne midlertidig fil (%s) »%s«: %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "ADVARSEL: kan ikke fjerne midlertidig mappe »%s«: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "eksportunderskrifter som er markeret som kun lokale"
@@ -2692,404 +2562,404 @@ msgstr "fjern nøgledele der ikke kan bruges under eksport"
 msgid "remove as much as possible from key during export"
 msgstr "fjern så meget som muligt fra nøglen under eksport"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: udelod: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "skriver til »%s«\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "nøgle %s: nøglemateriale på kort - udeladt\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "eksport af hemmelige nøgler er ikke tilladt\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "nøgle %s: nøgle i PGP 2.x-stil - udeladt\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "ADVARSEL: intet blev eksporteret\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "fejl ved oprettelse af »%s«: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Bruger-id blev ikke fundet]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 #| msgid "automatically retrieved `%s' via %s\n"
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "hentede automatisk »%s« via %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "fejl ved indhentelse af »%s« via %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Ingen fingeraftryk"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "(check argument of option '%s')\n"
 msgstr "manglende parameter for indstilling »%.50s«\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NAME|brug NAVN som hemmelig standardnøgle"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NAME|brug NAVN som hemmelig standardnøgle"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Ugyldig nøgle %s gjort gyldig med --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "bruger undernøgle %s i stedet for primær nøgle %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "valid values for option '%s':\n"
 msgstr "manglende parameter for indstilling »%.50s«\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "opret en underskrift"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "opret en underskrift i klartekst"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "opret en separat underskrift"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "krypter data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "krypter kun med symmetrisk chiffer"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "afkrypter data (standard)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "godkend en underskrift"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "vis nøgler"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "vis nøgler og underskrifter"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "vis og kontroller nøgleunderskrifter"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "vis nøgler og fingeraftryk"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "vis hemmelige nøgler"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "opret et tilbagekaldscertifikat"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "fjern nøgler fra den offentlige nøglering"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "fjern nøgler fra den hemmelige nøglering"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "underskriv en nøgle"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "underskriv en nøgle lokalt"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "opret et nyt nøglepar"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "underskriv en nøgle"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "underskriv en nøgle lokalt"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "underskriv eller rediger en nøgle"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "ændr en adgangsfrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "eksporter nøgler"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "eksporter nøgler til en nøgletjener"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importer nøgler fra en nøgleserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "søg efter nøgler på en nøgleserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "opdater alle nøgler fra en nøgleserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importer/sammenføj nøgler"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "udskriv kortstatus"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "ændr data på et kort"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "ændr et korts PIN"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "opdater troværdighedsdatabasen"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "vis beskedsammendrag"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "kør i servertilstand"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|brug NAVN som hemmelig standardnøgle"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|krypter også til bruger-id-NAVN"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|opsæt e-post-aliasser"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "brug streng OpenPGP-opførsel"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "lav ingen ændringer"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "spørg før overskrivning"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Tilvalg der kontrollerer sikkerheden"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Tilvalg der kontrollerer det diagnostiske resultat"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "opret ascii-pansrede uddata"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|skriv resultat til FIL"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "brug kanonisk teksttilstand"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|sæt komprimeringsniveauet til N (0 deaktiverer)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Tilvalg der kontrollerer interaktiviteten og tvang"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|brug MEKANISMER til at finde nøgler efter postadresser"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importer nøgler fra en nøgleserver"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "vis og kontroller nøgleunderskrifter"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "deaktiver al adgang til dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Tilvalg der kontrollerer konfigurationen"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "vis hemmelige nøgler"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|krypter for BRUGER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|brug BRUGER-ID til at underskrive eller afkryptere"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3097,7 +2967,7 @@ msgstr ""
 "@\n"
 "(Se manualsiden for en fuldstændig liste over alle kommandoer og tilvalg)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3127,14 +2997,14 @@ msgstr ""
 " --list-keys [navne]        vis nøgler\n"
 " --fingerprint [navne]      vis fingeraftryk\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
 
 # Skal alt dette oversættes eller er det tilvalgene?
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3149,7 +3019,7 @@ msgstr ""
 "Sign, check, encrypt eller decrypt\n"
 "standardhandling afhænger af inddata\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3157,82 +3027,82 @@ msgstr ""
 "\n"
 "Understøttede algoritmer:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pubkey: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Chiffer: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Komprimering: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] %s\n"
 msgstr "brug: gpgsm [tilvalg] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "kommandoer er i konflikt\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 #| msgid "no = sign found in group definition `%s'\n"
 msgid "no = sign found in group definition '%s'\n"
 msgstr "ingen = tegn fundet i gruppedefinition »%s«\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on homedir `%s'\n"
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "ADVARSEL: Usikker ejerskab af hjemmemappe »%s«\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on configuration file `%s'\n"
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "ADVARSEL: Usikker ejerskab på konfigurationsfil »%s«\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on extension `%s'\n"
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "ADVARSEL: Usikker ejerskab på udvidelse »%s«\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on homedir `%s'\n"
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "ADVARSEL: Usikre rettigheder på hjemmemappe »%s«\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on configuration file `%s'\n"
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "ADVARSEL: Usikre rettigheder på konfigurationsfil »%s«\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on extension `%s'\n"
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "ADVARSEL: Usikre rettigheder på udvidelse »%s«\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "ADVARSEL: Usikkert indelukket mappeejerskab på hjemmemappe »%s«\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
@@ -3241,19 +3111,19 @@ msgid ""
 msgstr ""
 "ADVARSEL: Usikkert indelukket mappeejerskab på konfigurationsfil »%s«\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "ADVARSEL: Usikkert indelukket mappeejerskab på udvidelse »%s«\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "ADVARSEL: Usikre indelukkede mapperettigheder på hjemmemappe »%s«\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory permissions on configuration file `"
@@ -3263,470 +3133,487 @@ msgid ""
 msgstr ""
 "ADVARSEL: Usikre indelukkede mapperettigheder på konfigurationsfil »%s«\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "ADVARSEL: Usikkert indelukket mapperettigheder på udvidelse »%s«\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 #| msgid "unknown configuration item `%s'\n"
 msgid "unknown configuration item '%s'\n"
 msgstr "ukendt konfigurationspunkt »%s«\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "vis billed-id'er under nøglevisninger"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 #| msgid "show user ID validity during key listings"
 msgid "show key usage information during key listings"
 msgstr "vis bruger-id-validitet under nøglevisninger"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "vil politikadresser under underskriftvisninger"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "vis alle notationer under underskriftvisninger"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "vis IETF-standardnotationer under underskriftvisninger"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "vis brugerangivne notationer under underskriftvisninger"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "vis foretrukne nøgleserveradresser under underskriftvisninger"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "vis bruger-id-validitet under nøglevisninger"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "vis tilbagekaldte og udløbne bruger-id'er i nøglevisninger"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "vis tilbagekaldte og udløbne undernøgler i nøglevisninger"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "vis nøgleringsnavnet i nøglevisninger"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "vis udløbsdatoer under underskriftvisninger"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "ukendt tilvalg »%s«\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Denne kommando er ikke tilladt i tilstanden %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "BEMÆRK: %s er ikke til normal brug!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "»%s« er ikke et gyldigt underskriftudløb\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 #| msgid "line %d: not a valid email address\n"
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "linje %d: ikke en gyldig e-post-adresse\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid pinentry mode '%s'\n"
 msgstr "ugyldig landekode i »%s«, linje %d\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid request origin '%s'\n"
 msgstr "manglende parameter for indstilling »%.50s«\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid character set\n"
 msgid "'%s' is not a valid character set\n"
 msgstr "»%s« er ikke et gyldigt tegnsæt\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "kunne ikke fortolke nøgleserveradresse\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: ugyldige indstillinger for nøgleserver\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "ugyldige indstillinger for nøgleserver\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: ugyldige importindstillinger\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "ugyldige importindstillinger\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "ugyldige listeindstillinger\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: ugyldige eksportindstillinger\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "ugyldige eksportindstillinger\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: ugyldige listeindstillinger\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "ugyldige listeindstillinger\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "vis billed-id'er under underskriftverificering"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "vis politikadresser under underskriftverificering"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "vis alle notationer under underskriftverificering"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "vis IETF-standardnotationer under underskriftverificering"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "vis brugerangivne notationer under underskriftverificering"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "vis foretrukne nøgleserveradresser under underskriftverificering"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "vis bruger-id-validitet under underskriftverificering"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "vis tilbagekaldte og udløbne bruger-id'er i underskriftverificering"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "vis kun den primære bruger-id i underskriftverificering"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "valider underskrifter med PKA-data"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "hæv troværdigheden for underskrifter med gyldige PKA-data"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: ugyldige verificeringsindstillinger\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "ugyldige verificeringsindstillinger\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "kunne ikke angive kørselssti til %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: ugyldig liste for auto-key-locate\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "ugyldig liste for auto-key-locate\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+#| msgid "missing argument for option \"%.50s\"\n"
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "manglende parameter for indstilling »%.50s«\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "ADVARSEL: program kan oprette en kernefil!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "ADVARSEL: %s overskriver %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s ikke tilladt med %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s er meningsløs sammen med %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "ADVARSEL: kører med forfalsket systemtid: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "vil ikke køre med usikker hukommelse på grund af %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valgt chifferalgoritme er ugyldig\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "valgt sammendragsalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valgt komprimeringsalgoritme er ugyldig\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "valgt algoritme for certifikationssammendrag er ugyldig\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed skal være større end 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed skal være større end 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth skal være i intervallet fra 1 til 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "ugyldigt default-cert-level; skal være 0, 1, 2 eller 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "ugyldigt min-cert-level; skal være 1, 2 eller 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "BEMÆRK: simpel S2K-tilstand (0) frarådes på det skarpeste\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "ugyldig S2K-tilstand; skal være 0, 1 eller 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "ugyldige standardpræferencer\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "ugyldige præferencer for personlig chiffer\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "ugyldige præferencer for personlig chiffer\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ugyldige præferencer for personlig sammendrag\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "ugyldige præferencer for personlig komprimering\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "nøglestørrelse er ugyldig; bruger %u bit\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s virker endnu ikke med %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "du må ikke bruge komprimeringsalgoritmen »%s« i tilstanden %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "kunne ikke initialisere TrustDB: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "ADVARSEL: modtagere (-r) angivet uden brug af offentlig nøglekryptering\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 #| msgid "symmetric encryption of `%s' failed: %s\n"
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symmetrisk kryptering af »%s« mislykkedes: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "du kan ikke bruge --symmetric --encrypt med --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "du kan ikke bruge --symmetric --encrypt i tilstanden %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "du kan ikke bruge --symmetric --sign --encrypt med --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "du kan ikke bruge --symmetric --sign --encrypt i tilstanden %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "nøgleserver send mislykkedes: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "nøgleserver modtag mislykkedes: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "nøgleeksport mislykkedes: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "nøgleeksport mislykkedes: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "nøgleserver søg mislykkedes: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "nøgleserver opdater mislykkedes: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "fjernelse af panser mislykkedes: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "påklædning af panser mislykkedes: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "ugyldig hash-algoritme »%s«\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error parsing key specification '%s': %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "GÃ¥ til sagen og skriv meddelelsen ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "den angivne adresse for certifikatpolitik er ugyldig\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "den angivne adresse for underskriftpolitik er ugyldig\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "den angivne adresse for foretrukken nøgleserver er ugyldig\n"
@@ -3739,7 +3626,7 @@ msgstr "|FILE|tag nøglerne fra nøgleringsFILEN"
 msgid "make timestamp conflicts only a warning"
 msgstr "giv kun tidsstempelkonflikter en advarsel"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|skriv statusinformation til denne FD"
 
@@ -3788,135 +3675,145 @@ msgid "do not update the trustdb after import"
 msgstr "opdater ikke trustdb efter import"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr ""
+
+#: g10/import.c:184
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "vis nøglefingeraftryk"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "vis nøglefingeraftryk"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "accepter kun opdateringer til eksisterende nøgler"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "fjern ubrugelige dele fra nøgle efter import"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "fjern så meget som muligt fra nøgle efter import"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 #, fuzzy
 #| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
 msgstr "antag inddata er i binært format"
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "vis nøglefingeraftryk"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "     udelader bloktype %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "     %lu-nøgler behandlet\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr " Totalt antal behandl.: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "   udeladte nye nøgler: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "   udeladte nye nøgler: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "      w/o bruger-id'er: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "           importerede: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "              uændrede: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "       nye bruger-id'er: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "       nye undernøgler: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "     nye underskrifter: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "  nye nøgletilbagekald: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr " hemmelige nøgler læst: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr " hemmel. nøgler import: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "hemmel. nøgler uændret: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "      ikke importerede: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "  underskrifter ryddet: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "   bruger-id'er ryddet: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3925,171 +3822,177 @@ msgstr ""
 "ADVARSEL: nøgle %s indeholder præferencer for utilgængelige\n"
 "algoritmer på disse bruger-id'er:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "        »%s«: præference for chifferalgoritme %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "        »%s«: præference for chifferalgoritme %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "        »%s«: præference for sammendragsalgortime %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "        »%s«: præference for komprimeringsalgortime %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "det anbefales på det stærkeste, at du opdaterer dine præferencer og\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "gendistribuerer denne nøgle for at undgå potentielle problemer med rod i\n"
 "algoritmen\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "du kan opdatere dine præferencer med: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "nøgle %s: ingen bruger-id\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s: %s\n"
 msgstr "udelod »%s«: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "nøgle %s: korruption af PKS-undernøgle er repareret!\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "nøgle %s: accepteret ikke egenunderskrevet bruger-id »%s«\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "nøgle %s: ingen gyldige bruger-id'er\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "dette kan skyldes en manglende egenunderskrift\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "nøgle %s: offentlig nøgle blev ikke fundet: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "nøgle %s: ny nøgle - udeladt\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "ingen skrivbar nøglering fundet: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "fejl ved skrivning af nøglering »%s«: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "nøgle %s: offentlig nøgle »%s« importeret\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "nøgle %s: stemmer ikke med vores kopi\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "nøgle %s: »%s« 1 ny bruger-id\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "nøgle %s: »%s« %d nye bruger-id'er\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "nøgle %s: »%s« 1 ny underskrift\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "nøgle %s: »%s« %d nye underskrifter\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "nøgle %s: »%s« 1 ny undernøgle\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "nøgle %s: »%s« %d nye undernøgler\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "nøgle %s: »%s« %d underskrift renset\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "nøgle %s: »%s« %d underskrifter renset\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "nøgle %s: »%s« %d bruger-id renset\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "nøgle %s: »%s« %d bruger-id'er renset\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "nøgle %s: »%s« ikke ændret\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "nøgle %s: hemmelig nøgle importeret\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "udelod: hemmelig nøgle er allerede til stede\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "key %s: error sending to agent: %s\n"
@@ -4103,203 +4006,210 @@ msgstr "fejl under afsendelse af %s-kommando: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key %s: %s\n"
 msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "import af hemmelige nøgler er ikke tilladt\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "nøgle %s: hemmelig nøgle med ugyldig chiffer %d - udeladt\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Ingen årsag angivet"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Nøglen er blevet afløst"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Nøglen er blevet kompromitteret"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Nøglen bruges ikke længere"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Bruger-id er ikke længere gyldigt"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "Ã¥rsag for tilbagekald: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "tilbagekaldskommentar: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "nøgle %s: ingen offentlig nøgle - kan ikke anvende tilbagekaldscertifikat\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "nøgle %s: kan ikke lokalisere original nøgleblok: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "nøgle %s: kan ikke læse original nøgleblok: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "nøgle %s: ugyldigt tilbagekaldscertifikat: %s - afvist\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "nøgle %s: »%s« tilbagekaldscertifikat importeret\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "nøgle %s: ingen bruger-id for underskrift\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "nøgle %s: ikke understøttet offentlig nøglealgoritme på bruger-id »%s«\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "nøgle %s: ugyldig egenunderskrift på bruger-id »%s«\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "nøgle %s: ikke understøttet offentlig nøglealgoritme\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "nøgle %s: ugyldig direkte nøgleunderskrift\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "nøgle %s: ingen undernøgle for nøglebinding\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "nøgle %s: ugyldig undernøglebinding\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "nøgle %s: fjernet flerundernøglebinding\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "nøgle %s: ingen undernøgle for nøgletilbagekald\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "nøgle %s: ugyldig undernøgletilbagekald\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "nøgle %s: fjernet flerundernøgletilbagekald\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "nøgle %s: udeladt bruger-id »%s«\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "nøgle %s: udeladt undernøgle\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr ""
 "nøgle %s: underskrift der ikke kan eksporteres (klasse 0x%02X) - udeladt\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "nøgle %s: tilbagekaldscertifikat på forkert sted - udeladt\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "nøgle %s: ugyldigt tilbagekaldscertifikat: %s - udeladt\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "nøgle %s: undernøgleunderskrift på forkert sted - udeladt\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "nøgle %s: uventet underskriftklasse (0x%02X) - udeladt\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "nøgle %s: duplikeret bruger-id detekteret - sammenføjet\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "nøgle %s: duplikeret bruger-id detekteret - sammenføjet\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "ADVARSEL: nøgle %s kan tilbagekaldes: henter tilbagekaldsnøgle %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "ADVARSEL: nøgle %s kan tilbagekaldes: tilbagekaldsnøgle %s er ikke til "
 "stede.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "nøgle %s: »%s« tilbagekaldscertifikat tilføjet\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "nøgle %s: direkte nøgleunderskrift tilføjet\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 #| msgid "error allocating enough memory: %s\n"
 msgid "error allocating memory: %s\n"
@@ -4324,13 +4234,13 @@ msgstr "kort understøtter ikke sammendragsalgoritme %s\n"
 msgid " (reordered signatures follow)"
 msgstr "God underskrift fra"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s:\n"
 msgstr "udelod »%s«: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
@@ -4338,7 +4248,7 @@ msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Bruger-id »%s«: %d underskrift fjernet\n"
 msgstr[1] "Bruger-id »%s«: %d underskrift fjernet\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4346,7 +4256,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 underskrift er ikke kontrolleret på grund af en manglende nøgle\n"
 msgstr[1] "1 underskrift er ikke kontrolleret på grund af en manglende nøgle\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4354,7 +4264,7 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d ugyldige underskrifter\n"
 msgstr[1] "%d ugyldige underskrifter\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4362,50 +4272,44 @@ msgid_plural "%d signatures reordered\n"
 msgstr[0] "God underskrift fra"
 msgstr[1] "God underskrift fra"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 #| msgid "error creating keybox `%s': %s\n"
 msgid "error creating keybox '%s': %s\n"
 msgstr "fejl ved oprettelse af nøgleboks »%s«: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "fejl ved oprettelse af nøglering »%s«: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 #| msgid "keybox `%s' created\n"
 msgid "keybox '%s' created\n"
 msgstr "nøgleboks »%s« oprettet\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "nøglering »%s« oprettet\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 #| msgid "keyblock resource `%s': %s\n"
 msgid "keyblock resource '%s': %s\n"
 msgstr "nøgleblokressource »%s«: %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
-msgid "error opening key DB: %s\n"
-msgstr "fejl ved åbning af »%s«: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "kunne ikke genbygge nøgleringsmellemlager: %s\n"
@@ -4418,7 +4322,7 @@ msgstr "[tilbagekald]"
 msgid "[self-signature]"
 msgstr "[egenunderskrift]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4429,12 +4333,12 @@ msgstr ""
 "andre brugers nøgler\n"
 "(ved at kigge på pas, kontrollere fingeraftryk fra andre kilder etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Marginal troværdighed\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Fuld troværdighed\n"
@@ -4466,12 +4370,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Bruger-id »%s« er tilbagekaldt."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Er du sikker på, at du stadig vil underskrive (j/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Kunne ikke underskrive.\n"
 
@@ -4654,199 +4558,203 @@ msgstr "Jeg har omhyggeligt kontrolleret denne nøgle.\n"
 msgid "Really sign? (y/N) "
 msgstr "Underskriv? (j/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "underskrift mislykkedes: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Nøgle har kun stump eller ikkekort nøgleposter - ingen adgangsfrase at "
 "ændre.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "fejl ved oprettelse af adgangsfrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "gem og afslut"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "vis nøglefingeraftryk"
 
 # key grip
 # chiefly  ( US ) See also grip the person in charge of moving and setting up camera
 # tracks and scenery in a film or television studio
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 #| msgid "Enter the keygrip: "
 msgid "show the keygrip"
 msgstr "Indtst nøglegrebet: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "vis nøgle og bruger-id'er"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "vælg bruger-id N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "vælg undernøgle N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "kontroller underskrifter"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "underskriv valgte bruger-id'er [* se nedenfor for relaterede kommandoer]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "underskriv valgte bruger-id'er lokalt"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "underskriv valgte bruger-id'er med en troværdighedsunderskrift"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "underskriv bruger-id'er md en underskrift der ikke kan kaldes tilbage"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "tilføj bruger-id"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "tilføj billed-id"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "slet valgte bruger-id'er"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "tilføj en undernøgle"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "tilføj en nøgle til et smartkort"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "flyt en nøgle til et smartkort"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "flyt en sikkerhedskopinøgle til et smartkort"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "slet valgte undernøgler"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "tilføj en tilbagekaldsnøgle"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "slet underskrifter fra de valgte bruger-id'er"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "ændr udløbsdatoen for nøglen eller valgte undernøgler"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "marker den valgte bruger-id som primær"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "vis præferencer (ekspert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "vis præferencer (uddybende)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "angiv præferenceliste for de valgte bruger-id'er"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "angiv den foretrukne nøgleserveradresse for de valgte bruger-id'er"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "angiv en notation for de valgte bruger-id'er"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "ændr adgangsfrasen"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "ændr ejertroværdigheden"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "tilbagekald underskrifter på de valgte bruger-id'er"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "tilbagekald valgte bruger-id'er"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "tilbagekald nøgle eller valgte undernøgler"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "aktiver nøgle"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "deaktiver nøgle"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "vis valgte billed-id'er"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "komprimer ubrugelige bruger-id'er og fjern ubrugelige underskrifter fra nøgle"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "komprimer ubrugelige bruger-id'er og fjern alle underskrifter fra nøgle"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Hemmelig nøgle er tilgængelig.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Hemmelig nøgle er tilgængelig.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Har brug for den hemmelige nøgle for dette.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 #, fuzzy
 #| msgid ""
 #| "* The `sign' command may be prefixed with an `l' for local signatures "
@@ -4867,304 +4775,309 @@ msgstr ""
 "tnrsign\n"
 "  etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Nøglen er tilbagekaldt."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Vil du gerne underskrive alle bruger-id'er (j/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Vil du gerne underskrive alle bruger-id'er (j/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Fif: Vælg bruger-id'erne at underskrive\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "Unknown signature type '%s'\n"
 msgstr "Ukendt underskrifttype »%s«\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Denne kommando er ikke tilladt i tilstanden %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Du skal vælge mindst en bruger-id.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Du kan ikke slette den sidste bruger-id!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Vil du virkelig fjerne alle valgte bruger-id'er? (j/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Vil du virkelig fjerne denne bruger-id? (j/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Vil du virkelig flytte den primære nøgle? (j/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Du skal vælge præcis en nøgle.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Kommando forventer en filnavnsparameter\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 #| msgid "Can't open `%s': %s\n"
 msgid "Can't open '%s': %s\n"
 msgstr "Kan ikke åbne »%s«: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 #| msgid "Error reading backup key from `%s': %s\n"
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Fejl ved læsning af sikkerhedskopinøgle fra »%s«: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Du skal vælge mindst en nøgle.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Vil du virkelig slette denne nøgle? (j/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Vil du virkelig tilbagekalde alle valgte bruger-id'er? (j/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Vil du virkelig tilbagekalde dette bruger-id? (j/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Vil du virkelig tilbagekalde hele nøglen? (j/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Vil du virkelig tilbagekalde de valgte undernøgler? (j/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Vil du virkelig tilbagekalde denne undernøgle? (j/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Ejertroværdighed kan ikke indstilles, når der bruges en brugerleveret "
 "troværdighedsdatabase\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Angiv præferenceliste til:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Opdater præferencerne for de valgte bruger-id'er (j/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Opdater præferencerne? (j/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Gem ændringer? (j/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Afslut uden at gemme? (j/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Nøgle ikke ændret så ingen opdatering krævet.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Du kan ikke slette den sidste bruger-id!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "kontrol af troværdighedslisten mislykkedes: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "kontrol af troværdighedslisten mislykkedes: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "ugyldig fingeraftryk"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 #| msgid "failed to get the fingerprint\n"
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "kunne ikke indhente fingeraftrykket\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "ugyldig værdi\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Ingen sådan bruger-id.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "Nothing to sign with key %s\n"
 msgid "Nothing to sign.\n"
 msgstr "Intet at underskrive med nøgle %s\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Ikke underskrevet af dig.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontrol af oprettet underskrift mislykkedes: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "»%s« er ikke et gyldigt underskriftudløb\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "ugyldig fingeraftryk"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "nøglen »%s« blev ikke fundet: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Sammendrag: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Funktioner: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Nøgleserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Fortrukken nøgleserver: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notationer: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Der er ingen præferencer på en bruger-id i PGP 2.x-stil.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Den følgende nøgle blev tilbagekaldt den %s af %s nøgle %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Denne nøgle er tilbagekaldt af %s nøgle %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensitiv)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "oprettet: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "tilbagekaldt: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "udløbet: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "udløber: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "brug: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "kortnr.: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "troværdighed: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validitet: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Denne nøgle er blevet deaktiveret"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5172,17 +5085,17 @@ msgstr ""
 "Bemærk venligst at den viste nøglevaliditet ikke nødvendigvis er\n"
 "korrekt med mindre du genstarter programmet.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "tilbagekaldt"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "udløbet"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5191,18 +5104,18 @@ msgstr ""
 "ADVARSEL: Intet bruger-id er blevet markeret som primær. Denne kommando\n"
 "        kan medføre at et anden bruger-id bliver den formodede primære.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Du kan ikke ændre udløbsdatoen for en v3-nøgle\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5212,35 +5125,35 @@ msgstr ""
 "medføre at\n"
 "          nogle version af PGP afviser denne nøgle.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Er du sikker på, at du stadig ønsker at tilføje den? (j/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Du må ikke tilføje et billed-id til en nøgle i PGP2-stil.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Sådant et bruger-id findes allerede på denne nøgle!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Slet denne gode underskrift? (j/N/a)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Slet denne ugyldige underskrift? (j/N/a)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Slet denne ukendte underskrift? (j/n/a)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Virkelig slette denne egenunderskrift? (j/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5248,20 +5161,20 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Slettede %d underskrift.\n"
 msgstr[1] "Slettede %d underskrift.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Intet slettet.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "ugyldig"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Bruger-id »%s« komprimeret: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "User ID \"%s\": %d signature removed\n"
@@ -5269,17 +5182,17 @@ msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Bruger-id »%s«: %d underskrift fjernet\n"
 msgstr[1] "Bruger-id »%s«: %d underskrift fjernet\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Bruger-id »%s«: allerede minimeret\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Bruger-id »%s«: allerede ryddet\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5289,44 +5202,44 @@ msgstr ""
 "tilbagekalder\n"
 "          kan medføre at nogle versioner af PGP afviser denne nøgle.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Du må ikke tilføje en dedikeret tilbagekalder til en nøgle i PGP 2.x-stil.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Indtast bruger'id for den dedikerede tilbagekalder: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "kan ikke udpege en nøgle i PGP 2.x-stil som dedikeret tilbagekalder\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "du kan ikke udpege en nøgle som dets egen dedikerede tilbagekalder\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "denne nøgle er allerede blevet dedikeret som en tilbagekalder\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "ADVARSEL: Udpegning af en nøgle som en dedikeret tilbagekalder kan ikke "
 "fortrydes!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Er du sikker på, at du ønsker at udpege denne nøgle som en dedikeret "
 "tilbagekalder? (j/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5337,243 +5250,249 @@ msgstr ""
 "Er du sikker på, at du ønsker at udpege denne nøgle som en dedikeret "
 "tilbagekalder? (j/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Ændrer udløbstidspunkt for en undernøgle.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Ændrer udløbstidspunkt for den primære nøgle.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Du kan ikke ændre udløbsdatoen for en v3-nøgle\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Ændrer udløbstidspunkt for en undernøgle.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Ændrer udløbstidspunkt for den primære nøgle.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "underskriftsundernøgle %s er allerede krydscertificeret\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "undernøgle %s underskriver ikke og skal derfor ikke være krydscertificeret\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Vælg venligst præcis en bruger-id.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "udelader v3 egenunderskrift på bruger-id »%s«\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Indtast din foretrukne nøglerserveradresse: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Er du sikker på, at du ønsker at erstatte den? (j/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Er du sikker på, at du ønsker at slette den? (j/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Indtast notationen: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Fortsæt? (j/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Ingen bruger-id med indeks %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Ingen bruger-id med hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Ingen undernøgle med indeks %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Ingen undernøgle med indeks %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "bruger-id: »%s«\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "underskrevet af din nøgle %s den %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (kan ikke eksporteres)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Denne underskrift udløb den %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Er du sikker på, at du ønsker at tilbagekalde den? (j/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Opret et tilbagekaldscertifikat for denne underskrift? (j/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Du har underskrevet disse bruger-id'er på nøgle %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (kan ikke tilbagekaldes)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "tilbagekaldt af din nøgle %s på %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Du er i gang med at tilbagekalde disse underskrifter:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Opret tilbagekaldscertifikaterne? (j/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "ingen hemmelig nøgle\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "bruger-id »%s« er allerede tilbagekaldt\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "ADVARSEL: En bruger-id-underskrift er dateret %d sekunder inde i fremtiden\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Du kan ikke slette den sidste bruger-id!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Nøgle %s er allerede tilbagekaldt.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Undernøgle %s er allerede tilbagekaldt.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Viser %s billed'id med størrelse %ld for nøgle %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid value for option '%s'\n"
 msgstr "manglende parameter for indstilling »%.50s«\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 #| msgid "preference `%s' duplicated\n"
 msgid "preference '%s' duplicated\n"
 msgstr "præference »%s« duplikeret\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "for mange chifferpræferencer\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "for mange sammendragpræferencer\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "for mange komprimeringspræferencer\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "for mange chifferpræferencer\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 #| msgid "invalid item `%s' in preference string\n"
 msgid "invalid item '%s' in preference string\n"
 msgstr "ugyldigt punkt »%s« i præferencestreng\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "skriver direkte underskrift\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "skriver egenunderskrift\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "skriver underskrift for nøglebinding\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "nøglestørrelse er ugyldig; bruger %u bit\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "nøglestørrelse afrundet op til %u bit\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5581,19 +5500,19 @@ msgstr ""
 "ADVARSEL: Nogle OpenPGP-programmer kan ikke håndtere en DS-nøgle med denne\n"
 "sammendragsstørrelse\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Underskriv"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certificer"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Krypter"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Godkend"
 
@@ -5607,173 +5526,187 @@ msgstr "Godkend"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "UuKkGfAa"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Mulige handligner for en %s-nøgle: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Aktuelt tilladte handlinger: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Skift evnen til at underskrive\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Skift evnen til at kryptere\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Skift evnen til at godkende\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Afsluttet\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA og RSA (standard)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA og Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (kun underskriv)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (kun underskriv)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (kun krypter)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (kun krypter)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (angiv dine egne evner)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (angiv dine egne evner)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-#| msgid "   (%d) DSA and Elgamal\n"
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA og Elgamal\n"
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) underskriv, krypter\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (kun underskriv)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (set your own capabilities)\n"
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (angiv dine egne evner)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (kun krypter)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key\n"
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Eksisterende nøgle\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Eksisterende nøgle fra kort\n"
 
 # key grip
 # chiefly  ( US ) See also grip the person in charge of moving and setting up camera
 # tracks and scenery in a film or television studio
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Indtst nøglegrebet: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Ikke et gyldigt nøglegreb (forventer 40 hex cifre)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Ingen nøgle med dette nøglegreb\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "fejl ved læsning af kort: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Serielnummer for kortet: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Tilgængelige nøgler:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "afrundet op til %u bit\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s nøgler kan være mellem %u og %u bit lange.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Hvilken nøglestørrelse ønsker du for undernøglen? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Ønsket nøglestørrelse er %u bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5789,7 +5722,7 @@ msgstr ""
 "      <n>m = nøgle udløber om n måneder\n"
 "      <n>y = nøgle udløber om n år\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5805,38 +5738,38 @@ msgstr ""
 "      <n>m = underskriften udløber om n måneder\n"
 "      <n>y = underskriften udløber om n år\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Nøgle er gyldig for? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Underskrift er gyldig for? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "ugyldig værdi\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Nøglen udløber aldrig\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Underskriften udløber aldrig\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Nøglen udløber den %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Underskriften udløber den %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5844,11 +5777,11 @@ msgstr ""
 "Dit system kan ikke vise datoer efter 2038.\n"
 "Det vil dog blive korrekt håndteret op til 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Er dette korrekt? (j/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5862,7 +5795,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5878,50 +5811,50 @@ msgstr ""
 "    »Heinrich Heine (digteren) <heinrichh@duesseldorf.de>«\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Fødselsnavn: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Ugyldige bogstaver i navn\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Navn må ikke starte med et tal\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Navn skal være mindst 5 bogstaver langt\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-post-adresse: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Ikke en gyldig e-post-adresse\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Kommentar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Ugyldigt tegn i kommentar\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Du bruger tegnsættet »%s«.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5932,7 +5865,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Placer ikke e-post-adressen i fødselsnavnet eller kommentaren\n"
 
@@ -5947,35 +5880,35 @@ msgstr "Placer ikke e-post-adressen i fødselsnavnet eller kommentaren\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Ændr (N)avn, (K)ommentar, (E)-post eller afslut(Q)? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Ændr (N)avn, (K)ommentar, (E)post eller (O)kay/afslut(Q)? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Ændr (N)avn, (K)ommentar, (E)-post eller afslut(Q)? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Ændr (N)avn, (K)ommentar, (E)post eller (O)kay/afslut(Q)? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Ret venligst fejlen først\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5987,13 +5920,13 @@ msgstr ""
 "under oprettelse af primtallet; dette giver det vilkårlig\n"
 "taloprettelsesprogram en bedre mulighed for at opnå nok entropi.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Nøgleoprettelse mislykkedes: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -6001,72 +5934,72 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 #| msgid "key already exists\n"
 msgid "A key for \"%s\" already exists\n"
 msgstr "nøgle findes allerede\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Use this key anyway? (y/N) "
 msgid "Create anyway? (y/N) "
 msgstr "Brug denne nøgle alligevel? (j/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "generating new key\n"
 msgid "creating anyway\n"
 msgstr "opretter ny nøgle\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Nøgleoprettelse annulleret.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 #| msgid "can't create backup file `%s': %s\n"
 msgid "can't create backup file '%s': %s\n"
 msgstr "kan ikke oprette sikkerhedskopifil »%s«: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 #| msgid "NOTE: backup of card key saved to `%s'\n"
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "BEMÆRK: sikkerhedskopi af kortnøgle gemt på »%s«\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "skriver offentlig nøgle til »%s«\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "ingen skrivbar offentlig nøglering fundet: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "fejl ved skrivning af offentlig nøglering »%s«: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "offentlig og hemmelig nøgle oprettet og underskrevet.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -6074,7 +6007,7 @@ msgstr ""
 "Bemærk at denne nøgle ikke kan bruges til kryptering. Du kan bruge\n"
 "kommandoen »--edit-key« til at oprette en undernøgle til dette formål.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -6082,7 +6015,7 @@ msgstr ""
 "nøgle er blevet oprettet %lu sekund i fremtiden (tidsforskydning eller "
 "urproblem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6090,52 +6023,52 @@ msgstr ""
 "nøgle er blevet oprettet %lu sekunder i fremtiden (tidsforskydning eller "
 "urproblem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "BEMÆRK: Oprettelse af undernøgler for v3-nøgler overholder ikke OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Hemmelige dele for primær nøgle er ikke tilgængelige.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Hemmelige dele for primær nøgle gemmes på kortet.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Vil du virkelig oprette? (j/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "aldrig    "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kritisk underskriftspolitik: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Underskriftspolitik: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Kritisk foretrukken nøgleserver: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritisk underskriftnotation: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Underskriftsnotation: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6143,7 +6076,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d ugyldige underskrifter\n"
 msgstr[1] "%d ugyldige underskrifter\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6151,50 +6084,50 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 underskrift er ikke kontrolleret på grund af en fejl\n"
 msgstr[1] "1 underskrift er ikke kontrolleret på grund af en fejl\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Nøglering"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primær nøglefingeraftryk:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Undernøglefingeraftryk:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Primær nøglefingeraftryk:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "  Undernøglefingeraftryk:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "    Nøglefingeraftryk ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "   Serielnr. for kort ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 #| msgid "caching keyring `%s'\n"
 msgid "caching keyring '%s'\n"
 msgstr "mellemlagrer nøglering »%s«\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
@@ -6202,14 +6135,14 @@ msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu nøgler mellemlagret indtil nu (%lu underskrifter)\n"
 msgstr[1] "%lu nøgler mellemlagret indtil nu (%lu underskrifter)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6217,58 +6150,54 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 ugyldig underskrift\n"
 msgstr[1] "1 ugyldig underskrift\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: nøglering oprettet\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "inkluder tilbagekaldte nøgler i søgeresultater"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "inkluder undernøgler når der søges efter nøgle-id"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "hent automatisk nøgler når der verificeres underskrifter"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "overhold den foretrukne nøglerserveradresse angivet på nøglen"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "overhold PKA-posten angivet på en nøgle når der hentes nøgler"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "deaktiveret"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Indtal tal, N)æste eller Q) for Afslut > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "ugyldig nøgleserverprotokol (os %d!=håndtag %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "»%s« er ikke et nøgle-id: udelader\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
@@ -6276,305 +6205,318 @@ msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "opdaterer %d nøgler fra %s\n"
 msgstr[1] "opdaterer %d nøgler fra %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "ADVARSEL: Kan ikke opdatere nøgle %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "nøgle »%s« blev ikke fundet på nøgleserver\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "nøgle blev ikke fundet på nøgleserver\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "anmoder om nøgle %s fra %s server %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "anmoder om nøgle %s fra %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
 msgstr "ingen nøgleserverhandling!\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "udelod »%s«: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "sender nøgle %s til %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 #| msgid "requesting key %s from %s\n"
 msgid "requesting key from '%s'\n"
 msgstr "anmoder om nøgle %s fra %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "ADVARSEL: kan ikke hente URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "underlig størrelse for en krypteret sessionsnøgle (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s krypteret sessionsnøgle\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "krypteret med ukendt algoritme %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "adgangsfrase oprettet med ukendt sammendragsalgoritme %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "offentlig nøgle er %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "krypterede data for offentlig nøgle: god DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "krypteret med %u-bit %s nøgle, id %s, oprettet %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      »%s«\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "krypteret med %s nøgle, id %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "afkryptering af offentlig nøgle mislykkedes: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "ADVARSEL: flere klartekster set\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "krypteret med %lu adgangsfraser\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "krypteret med 1 adgangsfrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "afkryptering af offentlig nøgle mislykkedes: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "krypterede data for offentlig nøgle: god DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "antager %s krypterede data\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "IDEA-chiffer utilgængelig, forsøger optimistisk at bruge %s i stedet for\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "ADVARSEL: besked var ikke integritetsbeskyttet\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "afkryptering mislykkedes: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "afkryptering okay\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "ADVARSEL: krypteret besked er blevet manipuleret!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "afkryptering mislykkedes: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "BEMÆRK: afsender anmodte om »for-your-eyes-only«\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "oprindeligt filnavn=»%.*s«\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "uafhængig tilbagekald - brug »gpg --import« for at anvende\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "ingen underskrift fundet\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "UGYLDIG underskrift fra »%s«"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Udløbet underskrift fra »%s«"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "God underskrift fra »%s«"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "underskriftverificering undertrykt\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "kan ikke håndtere disse tvetydige underskriftdata\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Underskrift lavet %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               bruger %s nøgle %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Underskrift lavet %s med %s nøgle-id %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "       også kendt som »%s«"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Nøgle tilgængelig på: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[usikker]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "       også kendt som »%s«"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "ADVARSEL: Denne nøgle er ikke certificeret med en troværdig underskrift!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Underskrift udløbet %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Underskrift udløber %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s underskrift, sammendragsalgoritme %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binær"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "tekstilstand"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "ukendt"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "algorithm: %s"
 msgid ", key algorithm "
 msgstr "algoritme: %s"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Kan ikke kontrollere underskrift: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "ikke en frakoblet underskrift\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
@@ -6582,152 +6524,147 @@ msgstr ""
 "ADVARSEL: flere underskrifter detekteret. Kun den første vil blive "
 "kontrolleret.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "uafhængig underskrift for klasse 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "gammeldags (PGP 2.x) underskrift\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 #| msgid "fstat of `%s' failed in %s: %s\n"
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat for »%s« mislykkedes i %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) mislykkedes i %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "ADVARSEL: bruger eksperimentel offentlig nøglealgoritme %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "ADVARSEL: Elgamalnøgler for underskriv+krypter er forældede\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "ADVARSEL: bruger eksperimentel chifferalgoritme %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "ADVARSEL: bruger eksperimentel sammendragsalgoritme %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "ADVARSEL: sammendragsalgoritme %s er forældet\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s underskrift, sammendragsalgoritme %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s underskrift, sammendragsalgoritme %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s)\n"
 msgstr "læsefejl i »%s«: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "læsefejl i »%s«: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: forældet indstilling »%s«\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "ADVARSEL: »%s« er en forældet indstilling\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "brug venligst »%s%s« i stedet for\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "ADVARSEL: »%s« er en forældet kommando - brug den ikke\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 #| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: forældet indstilling »%s« - den har ingen effekt\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Ukomprimeret"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "ukomprimeret|ingen"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "denne besked kan nok ikke bruges af %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 #| msgid "ambiguous option `%s'\n"
 msgid "ambiguous option '%s'\n"
 msgstr "tvetydigt tilvalg »%s«\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown option '%s'\n"
 msgstr "ukendt tilvalg »%s«\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, fuzzy, c-format
 #| msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "DSA kræver at hashlængden skal gå op i 8 bit\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6752,64 +6689,53 @@ msgstr "%s: ukendt suffiks\n"
 msgid "Enter new filename"
 msgstr "Indtast nyt filnavn"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "skriver til stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "antager underskrevne data i »%s«\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "kan ikke håndtere offentlig nøglealgoritme %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "ADVARSEL: potentiel usikker symmetrisk krypteret sessionsnøgle\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritisk underskriftnotation: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "underpakke af typen %d har kritiske bitsæt\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem med agenten: %s\n"
+#: g10/passphrase.c:208
+msgid "Enter passphrase\n"
+msgstr "Indtast adgangsfrase\n"
 
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Indtast venligst den nye adgangsfrase"
-
-#: g10/passphrase.c:253
-msgid "Enter passphrase\n"
-msgstr "Indtast adgangsfrase\n"
-
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "afbrudt af bruger\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (hovednøgle-id %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 #| msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
@@ -6817,37 +6743,37 @@ msgstr ""
 "Indtast venligst adgangsfrasen for at fjerne beskyttelsen på PKCS#12-"
 "objektet."
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Indtast venligst adgangsfrasen for at beskytte det nye PKCS#12-objekt."
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Indtast venligst adgangsfrasen for at beskytte det nye PKCS#12-objekt."
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Indtast venligst adgangsfrasen for at beskytte det nye PKCS#12-objekt."
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 #| msgid "%u-bit %s key, ID %s, created %s"
 msgid ""
@@ -6858,7 +6784,7 @@ msgid ""
 "%s"
 msgstr "%u-bit %s nøgle, id %s, oprettet %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6872,36 +6798,83 @@ msgstr ""
 "stort billede, vil din nøgle også blive meget stor!\n"
 "En billede på 240x288 er en god størrelse.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Indtast JPEG-filnavn for billed-id: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 #| msgid "unable to open JPEG file `%s': %s\n"
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "kan ikke åbne JPEG-fil »%s«: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Denne JPEG er virkelig stor (%d byte) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Er du sikker på, at du vil benytte billedet (j/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 #| msgid "`%s' is not a JPEG file\n"
 msgid "'%s' is not a JPEG file\n"
 msgstr "»%s« er ikke en JPEG-fil\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Er dette billede korrekt (j/N/a)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "kørsel via eksternt program er ikke understøttet\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"denne platform kræver midlertidige filer når der kaldes eksterne programmer\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+#| msgid "unable to execute shell `%s': %s\n"
+msgid "unable to execute shell '%s': %s\n"
+msgstr "kan ikke køre skal »%s«: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "unaturlig afslutning på eksternt program\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systemfejl under kald af eksternt program: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "ADVARSEL: kan ikke fjerne midlertidig fil (%s) »%s«: %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "ADVARSEL: kan ikke fjerne midlertidig mappe »%s«: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"kald fra eksterne programmer er deaktiveret på grund af usikre rettigheder "
+"for indstillingsfil\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "kan ikke vise billed-id!\n"
@@ -6917,54 +6890,54 @@ msgstr "kan ikke vise billed-id!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iIhHaAsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Ingen tillidsværdi tildelt til:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  også kendt som »%s«\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Hvor stor er din tillid til at denne nøgle rent faktisk tilhører den "
 "navngivne ejer?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Jeg ved det ikke eller vil ikke sige det\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = Jeg stoler IKKE på denne nøgle\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Jeg stoler fuldstændig på denne nøgle\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  h = tilbage til hovedmenuen\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = udelad denne nøgle\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  a = afslut\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6973,48 +6946,48 @@ msgstr ""
 "Minimumstroværdighedsniveau for denne nøgle er: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Dit valg? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Vil du virkelig gerne give denne nøgle ultimativ troværdighed? (j/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certifikater der fører til en ultimativ troværdig nøgle:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Der er ingen garanti for, at denne nøgle tilhører den navngivne bruger\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Der er begrænset garanti for, at denne nøgle tilhører den navngivne "
 "bruger\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Denne nøgle tilhører sikkert den navngivne bruger\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Denne nøgle tilhører os\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 #| msgid "root certificate has now been marked as trusted\n"
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "rodcertifikat er nu blevet markeret som troværdig\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -7029,7 +7002,7 @@ msgstr ""
 "i bruger-id'et. Hvis du *virkelig* ved hvad du gør,\n"
 "så kan du besvare det næste spørgsmål med ja.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -7039,101 +7012,119 @@ msgstr ""
 "i bruger-id'et. Hvis du *virkelig* ved hvad du gør,\n"
 "så kan du besvare det næste spørgsmål med ja.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Brug denne nøgle alligevel? (j/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "ADVARSEL: Bruger nøgle uden troværdighed!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "ADVARSEL: Denne nøgle kan tilbagekaldes (tilbagekaldsnøgle er ikke til "
 "stede)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "bruger-id: »%s«\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "linje %d: ugyldig algoritme\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "nøgle %s: stemmer ikke med vores kopi\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "linje %d: ugyldig algoritme\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 "ADVARSEL: Denne nøgle er blevet tilbagekaldt af dens designmæssige "
 "tilbagekalder!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "ADVARSEL: Denne nøgle er blevet tilbagekaldt af dets ejer!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Dette kan betyde at underskriften er forfalsket.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "ADVARSEL: Denne undernøgle er blevet tilbagekaldt af dens ejer!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Bemærk: Denne nøgle er blevet deaktiveret.\n"
 
-#: g10/pkclist.c:613
-#, fuzzy, c-format
-#| msgid "Note: Verified signer's address is `%s'\n"
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Bemærk: Verificeret underskriftsejers adresse er »%s«\n"
-
-#: g10/pkclist.c:620
-#, fuzzy, c-format
-#| msgid "Note: Signer's address `%s' does not match DNS entry\n"
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Bemærk: Underskriftejers adresse »%s« matcher ikke DNS-post\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-"troværdighedsniveau justeret til FULL på grund af gyldig PKA-information\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-"troværdighedsniveau justeret til NEVER på grund af ugyldig PKA-information\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Bemærk: Denne nøgle er forældet!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"ADVARSEL: Denne nøgle er ikke certificeret med en troværdig underskrift!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "ADVARSEL: Denne nøgle er ikke certificeret med en troværdig underskrift!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Intet tyder på at denne signatur tilhører ejeren.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ADVARSEL: Vi tror IKKE på denne nøgle!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Signaturen er formentlig FORFALSKET.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"ADVARSEL: Denne nøgle er ikke certificeret med tilstrækkelig troværdige "
+"underskrifter!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7141,53 +7132,53 @@ msgstr ""
 "ADVARSEL: Denne nøgle er ikke certificeret med tilstrækkelig troværdige "
 "underskrifter!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Det er ikke sikkert at signaturen tilhører ejeren.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: udelod: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: udelod: offentlig nøgle er slået fra\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: udelod: offentlig nøgle er allerede til stede\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "kan ikke forbinde til »%s«: %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Du angav ikke et bruger-id. (du kan bruge »-r«)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Aktuelle modtagere:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7195,40 +7186,40 @@ msgstr ""
 "\n"
 "Indtast bruger-id'et. Slut med en tom linje: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Ingen sådan bruger-id.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "udeladt: offentlig nøgle er allerede valgt som standardmodtager\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Offentlig nøgle er slået fra.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "udelod: offentlig nøgle er allerede angivet\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "ukendt standardmodtager »%s«\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "ingen gyldige adresser\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Bemærk: nøgle %s har ingen %s-funktion\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Bemærk: nøgle %s har ingen præference for %s\n"
@@ -7238,80 +7229,86 @@ msgstr "Bemærk: nøgle %s har ingen præference for %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data ej gemt; brug tilvalg »--output« for at gemme\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Frakoblet underskrift.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Indtast navn for datafil: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "læser stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "ingen underskrevne data\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "kan ikke åbne underskrevne data »%s«\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "kan ikke åbne underskrevne data fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certifikat kan ikke bruges til kryptering\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonym modtager; prøver hemmelig nøgle %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "certificate is not usable for encryption\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "certifikat kan ikke bruges til kryptering\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "okay, vi er den anonyme modtager.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "gammel kodning for DEK'en er ikke understøttet\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "chifferalgoritme %d%s er ukendt eller deaktiveret\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "ADVARSEL: chifferalgoritme %s ikke fundet i modtagerpræferencer\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 #| msgid "NOTE: secret key %s expired at %s\n"
 msgid "Note: secret key %s expired at %s\n"
 msgstr "BEMÆRK: hemmelig nøgle %s udløb den %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "BEMÆRK: nøgle er blevet tilbagekaldt"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet mislykkedes: %s\n"
@@ -7329,48 +7326,48 @@ msgstr "Tilbagekaldes af:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Dette er en sensitiv tilbagekaldsnøgle)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Hemmelig nøgle er tilgængelig.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Opret et designet tilbagekaldscertifikat for denne nøgle? (j/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII-pansret resultat er tvunget.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet mislykkedes: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Tilbagekaldscertifikat oprettet.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "ingen tilbagekaldsnøgler fundet for »%s«\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 #| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Opret et tilbagekaldscertifikat for denne nøgle? (j/N) "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7379,20 +7376,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Tilbagekaldscertifikat oprettet.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7406,17 +7403,17 @@ msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "fejl ved oprettelse af nøglering »%s«: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Opret et tilbagekaldscertifikat for denne nøgle? (j/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7435,37 +7432,37 @@ msgstr ""
 "forsigtig: Dit udskrivningssystem kan gemme dataene og gøre dem\n"
 "tilgængelige for andre!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Vælg venligst årsagen for tilbagekaldet:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Afbryd"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Du vil sikkert vælge %d her)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Indtast en valgfri beskrivelse; afslut den med en tom linje:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Årsag for tilbagekald: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Ingen beskrivelse angivet)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Er dette okay? (j/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "svag nøgle oprettet - prøver igen\n"
@@ -7475,51 +7472,46 @@ msgstr "svag nøgle oprettet - prøver igen\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "kan ikke undgå svag nøgle for symmetrisk chiffer: prøvede %d gange!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, fuzzy, c-format
 #| msgid "%s key uses an unsafe (%u bit) hash\n"
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s-nøglen bruger en usikker (%u bit) hash\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, fuzzy, c-format
 #| msgid "DSA key %s requires a %u bit or larger hash\n"
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "DSA-nøgle %s kræver en %u bit eller større hash\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "ADVARSEL: konflikt for underskriftssammendrag i besked\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "du kan ikke bruge %s i tilstanden %s\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "ADVARSEL: konflikt for underskriftssammendrag i besked\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "ADVARSEL: underskriftsundernøgle %s er ikke krydscertificeret\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "se venligst %s for yderligere information\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "ADVARSEL: underskriftsundernøgle %s har en ugyldig krydscertificering\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
@@ -7527,7 +7519,7 @@ msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "offentlig nøgle %s er %lu sekund nyere end underskrift\n"
 msgstr[1] "offentlig nøgle %s er %lu sekund nyere end underskrift\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
@@ -7535,7 +7527,7 @@ msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "offentlig nøgle %s er %lu sekund nyere end underskrift\n"
 msgstr[1] "offentlig nøgle %s er %lu sekund nyere end underskrift\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7550,7 +7542,7 @@ msgstr[1] ""
 "nøgle %s blev oprettet %lu sekund inde i fremtiden (tidsforskydning eller et "
 "problem med uret)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7564,54 +7556,54 @@ msgstr[1] ""
 "nøgle %s blev oprettet %lu sekund inde i fremtiden (tidsforskydning eller et "
 "problem med uret)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s expired %s\n"
 msgid "Note: signature key %s expired %s\n"
 msgstr "BEMÆRK: underskriftnøgle %s udløb %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s has been revoked\n"
 msgid "Note: signature key %s has been revoked\n"
 msgstr "BEMÆRK: underskriftnøgle %s er blevet tilbagekaldt\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "uafhængig underskrift for klasse 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "uafhængig underskrift for klasse 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "antager ugyldig underskrift fra nøgle %s på grund af en ukendt kritisk del\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "nøgle %s: ingen undernøgle til tilbagekaldsunderskrift for undernøgle\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "nøgle %s: ingen undernøgle til bindingsunderskrift for undernøgle\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "ADVARSEL: kan ikke %%-udvide notation (for stor). Bruger uden udvidelse.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7619,7 +7611,7 @@ msgstr ""
 "ADVARSEL: kan ikke %%-udvide politikadresse (for stor). Bruger uden "
 "udvidelse.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7628,12 +7620,12 @@ msgstr ""
 "ADVARSEL: kan ikke %%-udvide foretrukken nøgleserveradresse (for stor). "
 "Bruger uden udvidelse.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s-underskrift fra: »%s«\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7641,38 +7633,39 @@ msgstr ""
 "ADVARSEL: tvang af sammendragsalgoritme %s (%d) overtræder "
 "modtagerpræferencer\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "underskriver:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s-kryptering vil blive brugt\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "nøgle er ikke markeret som usikker - kan ikke bruge den med falsk RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "udelod »%s«: duplikeret\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "udelod: hemmelig nøgle er allerede til stede\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "dette er en PGP-oprettet Elgamalnøgle som ikke er sikker for underskrifter!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "stol på post %lu, type %d: skrivning mislykkedes: %s\n"
@@ -7686,46 +7679,46 @@ msgstr ""
 "# Liste over tildelte troværdige værdier, oprettede %s\n"
 "# (Brug »gpg --import-ownertrust« for at gendanne dem)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error in '%s': %s\n"
 msgstr "fejl i »%s«: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "linje for lang"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "kolon mangler"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "ugyldig fingeraftryk"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "værdi for ejertroværdighed mangler"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 #| msgid "error finding trust record in `%s': %s\n"
 msgid "error finding trust record in '%s': %s\n"
 msgstr "fejl under forsøg på at finde troværdighedspost i »%s«: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "read error in '%s': %s\n"
 msgstr "læsefejl i »%s«: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: synkronisering mislykkedes: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 #| msgid "can't create lock for `%s'\n"
 msgid "can't create lock for '%s'\n"
@@ -7737,12 +7730,12 @@ msgstr "kan ikke oprette lås for »%s«\n"
 msgid "can't lock '%s'\n"
 msgstr "kan ikke låse »%s«\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek mislykkedes: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: skrivning mislykkedes (n=%d): %s\n"
@@ -7757,7 +7750,7 @@ msgstr "transaktion for trustdb er for stor\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: mappe findes ikke!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't access '%s': %s\n"
@@ -7800,7 +7793,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: fejl ved opdatering af versionspost: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: fejl ved læsning af versionspost: %s\n"
@@ -7810,52 +7803,52 @@ msgstr "%s: fejl ved læsning af versionspost: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: fejl ved skrivning af versionspost: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek mislykkedes: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: læsning mislykkedes (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: ikke en trustdb-fil\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versionspost med recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: ugyldig filversion %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: fejl ved læsning af fri post: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: fejl ved skrivning af mappepost: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: mislykkedes med at nulle en post: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: mislykkedes med at vedhæfte en post: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Fejl: trustdb er ødelagt.\n"
@@ -7897,10 +7890,10 @@ msgstr "ikke understøttet algoritme: %s"
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error reading TOFU database: %s\n"
@@ -7924,7 +7917,7 @@ msgstr "%s: fejl ved skrivning af mappepost: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "fejl ved åbning af »%s«: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error updating TOFU database: %s\n"
@@ -8103,112 +8096,112 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error changing TOFU policy: %s\n"
 msgstr "fejl ved oprettelse af datakanal: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Slettede %d underskrifter.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "krypteret med %lu adgangsfraser\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "validity: %s"
 msgid "(policy: %s)"
 msgstr "validitet: %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8225,115 +8218,115 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error opening TOFU database: %s\n"
 msgstr "fejl under afsendelse af %s-kommando: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "»%s« er ikke et gyldigt nøgle-id\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "nøgle %s: accepteret som troværdig nøgle\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "nøgle %s fremgår mere end en gang i trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "nøgle %s: ingen offentlig nøgle for troværdig nøgle - udeladt\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "nøgle %s markeret som ultimativ troværdig\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "troværdighedspost %lu, req-type %d: læsning mislykkedes: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "troværdighedspost %lu er ikke af den anmodne type %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Du kan forsøge at genskabe trustdb med kommandoerne:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Hvis det ikke virker, så se venligst manualen\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "kan ikke bruge ukendt troværdighedsmodel (%d) - antager %s "
 "troværdighedsmodel\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "bruger %s troværdighedsmodel\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "intet behov for kontrol af trustdb\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "næste kontrol af trustdb sker den %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 #| msgid "no need for a trustdb check with `%s' trust model\n"
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "intet behov for kontrol af trustdb med troværdighedsmodellen »%s«\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 #| msgid "no need for a trustdb update with `%s' trust model\n"
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "intet behov for en opdatering af trustdb med troværdighedsmodellen »%s«\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "offentlig nøgle %s blev ikke fundet: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "udfør venligst en --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrollerer trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
@@ -8341,7 +8334,7 @@ msgid_plural "%d keys processed"
 msgstr[0] "     %lu-nøgler behandlet\n"
 msgstr[1] "     %lu-nøgler behandlet\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8349,17 +8342,17 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d nøgler behandlet (%d validiteter ryddet)\n"
 msgstr[1] "%d nøgler behandlet (%d validiteter ryddet)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "ingen ultimativ troværdige nøgler fundet\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "offentlig nøgle for ultimativ troværdig nøgle %s blev ikke fundet\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8367,28 +8360,28 @@ msgstr ""
 "dybde: %d  gyldig: %3d  underskrevet: %3d  troværdighed: %d-, %dq, %dn, %dm, "
 "%df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "kan ikke opdatere trustdb-versionspost: skrivning mislykkedes: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "ej defineret"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "aldrig"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "fuld"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultimativ"
 
@@ -8400,43 +8393,43 @@ msgstr "ultimativ"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 #, fuzzy
 #| msgid "10 translator see trustdb.c:uid_trust_string_fixed"
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 oversætter se trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[   tilb.]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ udløbet]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[  ukendt]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  ej def]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never"
 msgid "[  never ]"
 msgstr "aldrig"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginal]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  fuld  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ ultim. ]"
 
@@ -8461,19 +8454,31 @@ msgstr "inddatalinje %u er for lang eller mangler LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "kan ikke åbne fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "ADVARSEL: besked var ikke integritetsbeskyttet\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option `%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "tvetydigt tilvalg »%s«\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "sæt aflusningstilvalg"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "aktiver fuld fejlsøgning"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Brug: kbxutil [tilvalg] [filer] (-h for hjælp)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8484,19 +8489,146 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Indtast venligst PIN'en"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Indtast venligst nulstillingskoden for kortet"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Indtast venligst PIN'en"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Indtast venligst nulstillingskoden for kortet"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Indtast venligst administrator-PIN'en"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Indtast venligst PIN Unblocking Code (PUK) for standardnøglerne."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-tilbagekald returnerede fejl: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minimumlængde er %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minimumlængde er %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "nøgle findes allerede\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "eksisterende nøgle vil blive erstattet\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "opretter ny nøgle\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "skriver ny nøgle\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "kunne ikke gemme nøglen: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "svar indeholder ikke RSA modulus'erne\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "svar indeholder ikke den RSA-offentlige eksponent\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public key\n"
+msgstr "svar indeholder ikke den RSA-offentlige eksponent\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "vent venligst mens nøglen bliver oprettet ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "oprettelse af nøgle mislykkedes\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "nøgleoprettelse færdig (%d sekunder)\n"
+msgstr[1] "nøgleoprettelse færdig (%d sekunder)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "svar indeholder ikke data for offentlig nøgle\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Indtast venligst PIN'en for nøglen til at oprette kvalificerede "
@@ -8504,56 +8636,55 @@ msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Indtast venligst administrator-PIN'en"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Indtast venligst PIN Unblocking Code (PUK) for standardnøglerne."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Indtast venligst PIn'en for standardnøglerne."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA-modulus mangler eller har ikke størrelsen %d bit\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA offentlig eksponent mangler eller større end %d bit\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN-tilbagekald returnerede fejl: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN'en er endnu ikke ændret\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN'en er endnu ikke ændret\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Indtast venligst en ny PIN for standardnøglerne."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Indtast venligst en ny PIN Unblocking Code (PUK) for standardnøglerne."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Indtast venligst en ny PIN for nøglen til at oprette kvalificerede "
 "underskrifter."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8561,7 +8692,7 @@ msgstr ""
 "|NP|Indtast venligst en ny PIN Unblocking Code (PUK) for nøglen til at "
 "oprette kvalificerede underskrifter."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8569,48 +8700,27 @@ msgstr ""
 "|P|Indtast venligst PIN Unblocking Code (PUK) for nøglen til at oprette "
 "kvalificerede underskrifter."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "fejl ved indhentelse af ny PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "kunne ikke gemme fingeraftrykket: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "kunne ikke gemme oprettelsesdatoen: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "fejl ved indhentelse af CHV-status fra kort\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "svar indeholder ikke RSA modulus'erne\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "svar indeholder ikke den RSA-offentlige eksponent\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the RSA public exponent\n"
-msgid "response does not contain the EC public key\n"
-msgstr "svar indeholder ikke den RSA-offentlige eksponent\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "svar indeholder ikke data for offentlig nøgle\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
@@ -8618,46 +8728,46 @@ msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "bruger standard-PIN som %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "kunne ikke bruge standard-PIN som %s: %s - deaktiverer yderligere "
 "standardbrug\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
 msgstr "||Indtast venligst PIN'en"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN for CHV%d er for kort; minimumlængde er %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "verificering af CHV%d mislykkedes: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "kort er permanent låst!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8666,20 +8776,20 @@ msgid_plural ""
 msgstr[0] "%d PIN-forsøg for administrator før kort permanent låses\n"
 msgstr[1] "%d PIN-forsøg for administrator før kort permanent låses\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "adgang til administratorkommandoer er ikke konfigureret\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Indtast venligst PIN'en"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Indtast venligst nulstillingskoden for kortet"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Nulstillingskode er for kort; minimumlængde er %d\n"
@@ -8687,116 +8797,73 @@ msgstr "Nulstillingskode er for kort; minimumlængde er %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Ny nulstillingskode"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Ny administrator-PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Ny PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Indtast venligst administrator-PIN'en og ny administrator-PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Indtast venligst PIN'en og ny PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "fejl ved læsning af programdata\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "fejl ved læsning af fingeraftryk DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "nøgle findes allerede\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "eksisterende nøgle vil blive erstattet\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "opretter ny nøgle\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "skriver ny nøgle\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "oprettelsestidsstempel mangler\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA-primtal %s mangler eller har ikke størrelsen %d bit\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "kunne ikke gemme nøglen: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported curve\n"
 msgstr "ikke understøttet algoritme: %s"
 
-#: scd/app-openpgp.c:4263
+#: scd/app-openpgp.c:4991
 #, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "vent venligst mens nøglen bliver oprettet ...\n"
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ugyldig struktur for OpenPGP-kort (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "oprettelse af nøgle mislykkedes\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "nøgleoprettelse færdig (%d sekunder)\n"
-msgstr[1] "nøgleoprettelse færdig (%d sekunder)\n"
-
-#: scd/app-openpgp.c:4311
-#, c-format
-msgid "invalid structure of OpenPGP card (DO 0x93)\n"
-msgstr "ugyldig struktur for OpenPGP-kort (DO 0x93)\n"
-
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "fingeraftryk på kort matcher ikke den anmodte\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "kort understøtter ikke sammendragsalgoritme %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "underskrifter oprettet indtil videre: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8804,7 +8871,7 @@ msgstr ""
 "verifikation af administrator-PIN er i øjeblikket forbudt via denne "
 "kommando\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "kan ikke tilgå %s - ugyldig OpenPGP-kort?\n"
@@ -8816,61 +8883,65 @@ msgstr "||Indtast venligst din PIN på læserens numeriske tastatur"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Oprindelig ny PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "kør i flerservertilstand (forgrund)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|angiv fejlsøgningsniveau til NIVEAU"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|skriv en log til FIL"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|forbind til læser på port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|brug NAVN som ct-API-driver"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|brug NAVN som PC/SC-driver"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "brug ikke den interne CCID-driver"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|frakobl kortet efter N sekunder inaktivitet"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "brug ikke en læsers numeriske tastatur"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "nægt brugen af kommandoer for administratorkort"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Brug: gpgconf [tilvalg] (-h for hjælp)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 #, fuzzy
 #| msgid ""
 #| "Syntax: scdaemon [options] [command [args]]\n"
@@ -8882,7 +8953,7 @@ msgstr ""
 "Syntaks: scdaemon [tilvalg] kommando [parametre]]\n"
 "Smartcard-dæmon for GnuPG\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, fuzzy, c-format
 #| msgid ""
 #| "please use the option `--daemon' to run the program in the background\n"
@@ -8890,32 +8961,26 @@ msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "brug venligst tilvalget »--daemon« til at køre programmet i baggrunden\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "håndtering for fd %d startet\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "håndtering for fd %d termineret\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "fejl ved indhentelse af nøglebrugsinformation: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "anmodt om valideringsmodel af certifikat: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "kæde"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "skal"
 
@@ -8950,7 +9015,7 @@ msgstr "bemærk: ikkekritisk certifikatpolitik er ikke tilladt"
 msgid "certificate policy not allowed"
 msgstr "certifikatpolitik er ikke tilladt"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "kunne ikke indhente fingeraftrykket\n"
@@ -8965,7 +9030,7 @@ msgstr "slår udsteder op på ekstern placering\n"
 msgid "number of issuers matching: %d\n"
 msgstr "antallet af udstedere der matcher: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8986,234 +9051,234 @@ msgstr "antallet af matchende certifikater: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngr cache-only-nøgleopslag mislykkedes: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "kunne ikke allokere keyDB-håndtag\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certifikat er blevet tilbagekaldt"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "status for certifikatet er ukendt"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "sikr dig at »dirmngr« er korrekt installeret\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontrol af CRL'en mislykkedes: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certifikat med ugyldig validitet: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certifikat er endnu ikke gyldigt"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "rodcertifikat er endnu ikke gyldigt"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "mellemliggende certifikat er endnu ikke gyldigt"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certifikat er udløbet"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "rodcertifikat er udløbet"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "mellemliggende certifikat er udløbet"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "krævede certifikatattributter mangler: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certifikat med ugyldig validitet"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "underskrift blev ikke oprettet under certifikatets livsforløb"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certifikat blev ikke oprettet under udsteders livsforløb"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 "mellemliggende certifikat blev ikke oprettet under udsteders livsforløb"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (underskr. oprettet den "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certifkat oprettet den "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certifikat gyldigt fra "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (   udsteder gyldig fra "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "fingeraftryk=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "rodcertifikat er nu blevet markeret som troværdig\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interaktiv markering som troværdig er ikke aktiveret i gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interaktiv markering som troværdig deaktiveret for denne session\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "ADVARSEL: oprettelsestidspunkt for underskrift er ukendt - antager aktuelt "
 "tidspunkt"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "ingen udsteder fundet i certifikat"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "egenunderskrevet certifikat har en UGYLDIG underskrift"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "rodcertifikat er ikke markeret som troværdig"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontrol af troværdighedslisten mislykkedes: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "certifikatkæde er for lang\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "udstedercertifikat blev ikke fundet"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certifikat har en UGYLDIG underskrift"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "fandt et andet mulig matchende CA-certifikat - prøver igen"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "certifikatkæde er længere end tilladt af CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certifikat er gyldigt\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "mellemliggende certifikat er gyldigt\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "rodcertifikat er gyldigt\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "skifter til kædemodel"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "valideringsmodel brugt: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "en %u-bit-hash er ikke gyldig for en %u-bit %s-nøgle\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "uden for kerne\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(dette er MD2-algoritmen)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "ingen"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Fejl - ugyldig kodning]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Fejl - ikke nok kerne]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Fejl - intet navn]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Fejl - ugyldig DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9228,145 +9293,156 @@ msgstr ""
 "S/N %s, id 0x%08lX,\n"
 "oprettet %s, udløber %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "ingen nøglebrug angivet - antager alle mulige brug\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "fejl ved indhentelse af nøglebrugsinformation: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "certifikat burde ikke være brugt for certificering\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certifikat burde ikke være brugt for OCSP-svarunderskrivning\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certifikat burde ikke være brugt for kryptering\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certifikat burde ikke være brugt for underskrift\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certifikat kan ikke bruges til kryptering\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certifikat kan ikke bruges til underskrivning\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "Included certificates"
+msgid "looking for another certificate\n"
+msgstr "Inkluderede certifikater"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "linje %d: ugyldig nøglelængde %u (gyldige er %d til %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "linje %d: intet emnenavn angivet\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "linje %d: ugyldig etiket for emnenavn »%.*s«\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "linje %d: ugyldigt emnenavn »%s« på position %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "linje %d: ikke en gyldig e-post-adresse\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid serial number\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "linje %d: ugyldig etiket for emnenavn »%.*s«\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "linje %d: ugyldigt emnenavn »%s« på position %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid date given\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "linje %d: fejl ved indhentelse af nøgle med nøglegreb »%s«: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid authority-key-id\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject-key-id\n"
 msgstr "linje %d: ugyldigt emnenavn »%s« på position %d\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid extension syntax\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 #| msgid "line %d: error reading key `%s' from card: %s\n"
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "linje %d: fejl ved læsning af nøgle »%s« fra kort: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "linje %d: fejl ved indhentelse af nøgle med nøglegreb »%s«: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "linje %d: nøgleoprettelse mislykkedes: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9374,45 +9450,45 @@ msgstr ""
 "For at færdiggøre denne certifikatanmodning så indtast venligst "
 "adgangsfrasen for nøglen du netop oprettede endnu en gang.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Eksisterende nøgle\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Eksisterende nøgle fra kort\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Mulige handlinger for en %s-nøgle:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) underskriv, krypter\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) underskriv\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) krypter\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Indtast X.509-emnenavnet: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Intet emnenavn angivet\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 #| msgid "Invalid subject name label `%.*s'\n"
 msgid "Invalid subject name label '%.*s'\n"
@@ -9423,254 +9499,247 @@ msgstr "Ugyldig etiket for emnenavn »%.*s«\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 #| msgid "Invalid subject name `%s'\n"
 msgid "Invalid subject name '%s'\n"
 msgstr "Ugyldigt emnenavn »%s«\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "19"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Indtast e-post-adresse"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (slut med en tom linje):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Indtast DNS-navne"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (valgfrit; slut med en tom linje):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Indtast URI'er"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 #| msgid "Create a designated revocation certificate for this key? (y/N) "
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Opret et designet tilbagekaldscertifikat for denne nøgle? (j/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "fejl ved oprettelse af midlertidig fil: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 #, fuzzy
 #| msgid "self-signed certificate has a BAD signature"
 msgid "Now creating self-signed certificate.  "
 msgstr "egenunderskrevet certifikat har en UGYLDIG underskrift"
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Now creating certificate request.  This may take a while ...\n"
 msgid "Now creating certificate request.  "
 msgstr "Opretter certifikatforespørgsel. Dette kan tage et stykke tid ...\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Klar. Du skal nu sende denne forespørgsel til din CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "ressourceproblem: ikke nok kerne\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s krypterede data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(dette er RC2-algoritmen)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(dette ser ikke ud til at være en krypteret besked)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "krypteret med %s nøgle, id %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 #| msgid "certificate `%s' not found: %s\n"
 msgid "certificate '%s' not found: %s\n"
 msgstr "certifikat »%s« blev ikke fundet: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "fejl ved låsning af nøgleboks: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "duplikeret certifikat »%s« slettet\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' deleted\n"
 msgstr "certifikat »%s« slettet\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "sletning af certifikat »%s« mislykkedes: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "ingen gyldige modtagere angivet\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "vis eksterne nøgler"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "vis certifikatkæde"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importer certifikater"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "eksporter certifikater"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "registrer et smartkort"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "send en kommando til dirmngr'en"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "opstart gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "brug overhovedet ikke terminalen"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|antal certifikater der skal inkluderes"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|tag politikinformation fra FIL"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "antag inddata er i PEM-format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "antag inddata er i base-64-format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "antag inddata er i binært format"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "opret base-64-kodet resultat"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|brug BRUGER-ID som hemmelig standardnøgle"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|tilføj nøglering til nøgleringslisten"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|brug denne nøgleserver til at slå nøgler op"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "hent manglende udstedercertifikater"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|brug kodnings-NAVN for PKCS#12-adgangsfraser"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "konsulter aldrig en CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "kontroller ikke CRL'er for rodcertifikater"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "kontroller validitet med OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "kontroller ikke certifikatpolitikker"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|brug chifferalgoritme NAVN"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|brug beskedsammendragsalgoritme NAVN"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "kørselstilstand: spørg aldrig"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "forvent ja til de fleste spørgsmål"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "forvent nej til de fleste spørgsmål"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|skriv en revisionslog til FIL"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgsm [options] [files]\n"
@@ -9685,91 +9754,128 @@ msgstr ""
 "Sign, check, encrypt eller decrypt med S/MIME-protokollen\n"
 "standardhandling afhænger af inddata\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 #| msgid "NOTE: won't be able to encrypt to `%s': %s\n"
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "BEMÆRK: kan ikke kryptere til »%s«: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 #| msgid "unknown validation model `%s'\n"
 msgid "unknown validation model '%s'\n"
 msgstr "ukendt valideringsmodel »%s«\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: intet værtsnavn angivet\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: adgangskode angivet uden bruger\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: udelader denne linje\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "kunne ikke fortolke nøgleserver\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 #| msgid "importing common certificates `%s'\n"
 msgid "importing common certificates '%s'\n"
 msgstr "importerer gængse certifikater »%s«\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 #| msgid "can't sign using `%s': %s\n"
 msgid "can't sign using '%s': %s\n"
 msgstr "kan ikke underskrive med »%s«: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "ugyldig kommando (der er ingen implict kommando)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "samlet antal behandlede: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "fejl ved lagring af certifikat\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "grundlæggende certifikatkontroller mislykkedes - ikke importeret\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "fejl ved indhentelse af gemte flag: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "fejl under import af certifikat: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "fejl ved læsning af inddata: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "ingen gpg-agent kører i denne session\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+#| msgid "error opening `%s': %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "fejl ved åbning af »%s«: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problem under udkig efter eksisterende certifikat: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "fejl under søgning efter skrivbar keyDB (nøgledatabase): %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problem under gensøgning af certifikat: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "fejl ved lagring af flag: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Fejl - "
 
@@ -9778,19 +9884,19 @@ msgstr "Fejl - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY er ikke blevet angivet - bruger måske fejlbehæftet standard\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 #| msgid "invalid formatted fingerprint in `%s', line %d\n"
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "ugyldigt formateret fingeraftryk i »%s«, linje %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid country code in '%s', line %d\n"
 msgstr "ugyldig landekode i »%s«, linje %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9807,7 +9913,7 @@ msgstr ""
 "\n"
 "%s%sEr du sikker på, at det er hvad du ønsker?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9816,7 +9922,7 @@ msgstr ""
 "Bemærk, at dette program ikke officielt er godkendt til at oprette eller "
 "verificere sådanne underskrifter.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9827,39 +9933,45 @@ msgstr ""
 "»%s«\n"
 "Bemærk, at dette certifikat IKKE vil oprette en kvalificeret underskrift!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "hashalgoritme %d (%s) for underskriver %d er ikke understøttet; bruger %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "hashalgoritme brugt for underskriver %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "kontrollerer for kvalificeret certifikat mislykkedes: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Underskrift lavet %s med %s nøgle-id %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Underskrift lavet "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[dato ikke angivet]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algoritme: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9867,17 +9979,17 @@ msgstr ""
 "ugyldig underskrift: attribut for beskedsammendag matcher ikke den "
 "beregnede\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "God underskrift fra"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "     også kendt som"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Dette er en kvalificeret underskrift\n"
@@ -9904,117 +10016,117 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "problem under udkig efter eksisterende certifikat: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, fuzzy, c-format
 #| msgid "looking up issuer from the Dirmngr cache\n"
 msgid "dropping %u certificates from the cache\n"
 msgstr "slår udsteder op fra Dirmngr-mellemlageret\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "kan ikke oprette »%s«: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' already cached\n"
 msgstr "certifikat »%s« slettet\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "trusted certificate '%s' loaded\n"
 msgstr "duplikeret certifikat »%s« slettet\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' loaded\n"
 msgstr "certifikat »%s« slettet\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 #| msgid "fingerprint=%s\n"
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "fingeraftryk=%s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error loading certificate '%s': %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 #| msgid "Included certificates"
 msgid "permanently loaded certificates: %u\n"
 msgstr "Inkluderede certifikater"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "    runtime cached certificates: %u\n"
 msgstr "antallet af matchende certifikater: %d\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "antallet af matchende certifikater: %d\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 #| msgid "  (certificate created at "
 msgid "certificate already cached\n"
 msgstr "  (certifkat oprettet den "
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate cached\n"
 msgstr "certifikat er gyldigt\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error caching certificate: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "ugyldig fingeraftryk"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by subject: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 #| msgid "no issuer found in certificate"
 msgid "no issuer found in certificate\n"
 msgstr "ingen udsteder fundet i certifikat"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting authorityKeyIdentifier: %s\n"
@@ -10590,71 +10702,71 @@ msgstr "certifikat »%s« blev ikke fundet: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "certifikat »%s« blev ikke fundet: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 #| msgid "  (certificate created at "
 msgid "add a certificate to the cache"
 msgstr "  (certifkat oprettet den "
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "Included certificates"
 msgid "validate a certificate"
 msgstr "Inkluderede certifikater"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup a certificate"
 msgstr "Inkluderede certifikater"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup only locally stored certificates"
 msgstr "Inkluderede certifikater"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "load a CRL into the dirmngr"
 msgstr "send en kommando til dirmngr'en"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 #| msgid "export certificates"
 msgid "expect certificates in PEM format"
 msgstr "eksporter certifikater"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Indtast bruger'id for den dedikerede tilbagekalder: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10662,238 +10774,234 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error reading certificate from stdin: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading certificate from '%s': %s\n"
 msgstr "fejl ved læsning fra %s: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "kan ikke forbinde til »%s«: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "opdatering mislykkedes: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "validation of certificate failed: %s\n"
 msgstr "sletning af certifikat »%s« mislykkedes: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate is valid\n"
 msgstr "certifikat er gyldigt\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked\n"
 msgstr "certifikat er blevet tilbagekaldt"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "certificate check failed: %s\n"
 msgstr "sletning af certifikat »%s« mislykkedes: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "fejl ved skrivning af hemmelig nøglering »%s«: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported inquiry '%s'\n"
 msgstr "ikke understøttet algoritme: %s"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 #| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|kør kommandoer fra FIL ved opstart"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "shutdown the dirmngr"
 msgstr "send en kommando til dirmngr'en"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Konfiguration for nøgleservere"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|brug nøgleserver på adressen"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Konfiguration for HTTP-servere"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "brug systemets HTTP-proxyopsætning"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Konfiguraiton af LDAP-servere der skal bruges"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|brug denne nøgleserver til at slå nøgler op"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 #| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FIL|læs tilvalg fra FIL"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|angive maksimal livsforløb for PIN-mellemlager til N sekunder"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Konfiguration for OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 #, fuzzy
 #| msgid "allow PKA lookups (DNS requests)"
 msgid "allow sending OCSP requests"
 msgstr "tillad PKA-opslag (DNS-forespørgsler)"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 #| msgid "|URL|use keyserver at URL"
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|brug nøgleserver på adressen"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10906,13 +11014,13 @@ msgstr ""
 "@\n"
 "(Se manualsiden for en fuldstændig liste over alle kommandoer og tilvalg)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Brug: gpgconf [tilvalg] (-h for hjælp)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -10924,126 +11032,327 @@ msgstr ""
 "Syntaks: gpg-agent [tilvalg] [kommando [parametre]]\n"
 "Hemmelig nøglehåndtering for GnuPG\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "valid debug levels are: %s\n"
 msgstr "ugyldigt fejlsøgningsniveau »%s« angivet\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] "
 msgstr "brug: gpgsm [tilvalg] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s ikke tilladt med %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' failed: %s\n"
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "konvertering fra »%s« til »%s« mislykkedes: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 #| msgid "line too long - skipped\n"
 msgid "%s:%u: line too long - skipped\n"
 msgstr "linje er for lang - udeladt\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "ugyldig fingeraftryk"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "%s:%u: read error: %s\n"
 msgstr "læsefejl i »%s«: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 #| msgid "not forced"
 msgid "shutdown forced\n"
 msgstr "ikke tvunget"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|forbind til Assuansokkel NAVN"
+
+#: dirmngr/dirmngr_ldap.c:111
+#, fuzzy
+#| msgid "|N|connect to reader at port N"
+msgid "|N|connect to port N"
+msgstr "|N|forbind til læser på port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "ugyldige importindstillinger\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+#| msgid "error writing to %s: %s\n"
+msgid "error writing to stdout: %s\n"
+msgstr "fejl ved skrivning til »%s«: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+#| msgid "certificate `%s' not found: %s\n"
+msgid "attribute '%s' not found\n"
+msgstr "certifikat »%s« blev ikke fundet: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "læser fra »%s«\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "      w/o bruger-id'er: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          pass '%s'\n"
+msgstr "       også kendt som »%s«"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          host '%s'\n"
+msgstr "      w/o bruger-id'er: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "      ikke importerede: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "            DN '%s'\n"
+msgstr "       også kendt som »%s«"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          attr '%s'\n"
+msgstr "       også kendt som »%s«"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+#| msgid "%s:%u: no hostname given\n"
+msgid "no host name in '%s'\n"
+msgstr "%s:%u: intet værtsnavn angivet\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: Using untrusted key!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "ADVARSEL: Bruger nøgle uden troværdighed!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "fjernelse af panser mislykkedes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+#| msgid "`%s' is not a JPEG file\n"
+msgid "'%s' is not an LDAP URL\n"
+msgstr "»%s« er ikke en JPEG-fil\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error accessing '%s': http status %u\n"
 msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 #| msgid "too many cipher preferences\n"
 msgid "too many redirections\n"
 msgstr "for mange chifferpræferencer\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "skriver til »%s«\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 #| msgid "error writing to %s: %s\n"
 msgid "error printing log line: %s\n"
 msgstr "fejl ved skrivning til »%s«: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
@@ -11075,54 +11384,33 @@ msgstr "ventning på at proces %d skulle terminere mislykkedes: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 #| msgid "sending key %s to %s server %s\n"
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "sender nøgle %s til %s server %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "malloc failed: %s\n"
 msgstr "select mislykkedes: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
-msgid "'%s' is not an LDAP URL\n"
-msgstr "»%s« er ikke en JPEG-fil\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: adgangskode angivet uden bruger\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: udelader denne linje\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -11220,103 +11508,103 @@ msgstr "kontrol af troværdighedslisten mislykkedes: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 #| msgid "receiving line failed: %s\n"
 msgid "allocating list item failed: %s\n"
 msgstr "modtagelse af linje mislykkedes: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 #| msgid "error getting new PIN: %s\n"
 msgid "error getting responder ID: %s\n"
 msgstr "fejl ved indhentelse af ny PIN: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, fuzzy, c-format
 #| msgid "certificate should not have been used for OCSP response signing\n"
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "certifikat burde ikke være brugt for OCSP-svarunderskrivning\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 #| msgid "issuer certificate not found"
 msgid "issuer certificate not found: %s\n"
 msgstr "udstedercertifikat blev ikke fundet"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, fuzzy, c-format
 #| msgid "error reading list of trusted root certificates\n"
 msgid "caller did not return the target certificate\n"
 msgstr "fejl ved læsning af liste over betroede rodcertifikater\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 #| msgid "error storing certificate\n"
 msgid "caller did not return the issuing certificate\n"
 msgstr "fejl ved lagring af certifikat\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 #| msgid "failed to allocate keyDB handle\n"
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "kunne ikke allokere keyDB-håndtag\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "ingen hemmelig standardnøglering: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, fuzzy, c-format
 #| msgid "using default PIN as %s\n"
 msgid "using default OCSP responder '%s'\n"
 msgstr "bruger standard-PIN som %s\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "bruger chiffer %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "fejl ved lagring af certifikat: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certifikat er blevet tilbagekaldt"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11327,76 +11615,80 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "afsendelse af linje mislykkedes: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 #| msgid "sending line failed: %s\n"
 msgid "assuan_inquire failed: %s\n"
 msgstr "afsendelse af linje mislykkedes: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "select mislykkedes: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error sending data: %s\n"
 msgstr "fejl under afsendelse af %s-kommando: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "start_cert_fetch failed: %s\n"
 msgstr "select mislykkedes: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_next_cert failed: %s\n"
 msgstr "select mislykkedes: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 #| msgid "cannot allocate outfile string: %s\n"
 msgid "can't allocate control structure: %s\n"
 msgstr "kan ikke allokere outfile-streng: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 #| msgid "failed to create stream from socket: %s\n"
 msgid "failed to allocate assuan context: %s\n"
 msgstr "kunne ikke oprette strøm fra sokkel: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "kunne ikke initialisere TrustDB: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 #| msgid "failed to store the creation date: %s\n"
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "kunne ikke gemme oprettelsesdatoen: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11448,57 +11740,63 @@ msgstr "certifikat er gyldigt\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certifikat burde ikke være brugt for underskrift\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "stille"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "vis data ud hex-kodet"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "afkod modtagne datalinjer"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "connect to the dirmngr"
 msgstr "send en kommando til dirmngr'en"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "pass a command to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "send en kommando til dirmngr'en"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|forbind til Assuansokkel NAVN"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|NAME|forbind til Assuansokkel NAVN"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "kør Assuanserveren angivet på kommandolinjen"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "brug ikke udvidet forbindelsestilstand"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|kør kommandoer fra FIL ved opstart"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "kør /subst ved opstart"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 #| msgid "Usage: gpg-connect-agent [options] (-h for help)"
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Brug: gpg-connect-agent [tilvalg] (-h for hjælp)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-connect-agent [options]\n"
@@ -11510,196 +11808,212 @@ msgstr ""
 "Syntaks: gpg-connect-agent [tilvalg]\n"
 "Forbind til en kørende agent og send kommandoer\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "tilvalg »%s« kræver et program og valgfrie parametre\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "tilvalg »%s« ignoreret på grund af »%s«\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "modtagelse af linje mislykkedes: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "linje er for lang - udeladt\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "linje forkortet på grund af indlejret Nul-tegn\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 #| msgid "unknown command `%s'\n"
 msgid "unknown command '%s'\n"
 msgstr "ukendt kommando »%s«\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "afsendelse af linje mislykkedes: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "ingen gpg-agent kører i denne session\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "fejl under afsendelse af standardtilvalg: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "offentlig nøgle er %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr ""
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 #| msgid "Bad Passphrase"
 msgid "Passphrase Entry"
 msgstr "Ugyldig adgangsfrase"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 #| msgid "Component not found"
 msgid "Component not suitable for launching"
 msgstr "Komponent blev ikke fundet"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Ekstern verifikation af komponent %s mislykkedes"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Brug venligst kommandoen »toggle« først.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Ekstern verifikation af komponent %s mislykkedes"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Bemærk at gruppespecifikationer ignoreres\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error closing '%s'\n"
 msgstr "fejl ved lukning af %s: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "fejl i »%s«: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "vis alle komponenter"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "kontroller alle programmer"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|vis indstillinger"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|ændr indstillinger"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|kontroller indstillinger"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "anvend globale standardværdier"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|tag politikinformation fra FIL"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 #, fuzzy
 #| msgid "get the configuration directories for gpgconf"
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "hent konfigurationsmapperne for gpgconf"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "vis global konfigurationsfil"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "kontroller global konfigurationsfil"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "opdater troværdighedsdatabasen"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 #, fuzzy
 #| msgid "list all components"
 msgid "reload all or a given component"
 msgstr "vis alle komponenter"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 #, fuzzy
 #| msgid "list all components"
 msgid "launch a given component"
 msgstr "vis alle komponenter"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 #, fuzzy
 #| msgid "list all components"
 msgid "kill a given component"
 msgstr "vis alle komponenter"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "brug som uddatafil"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "aktiver ændringer ved kørselstid, hvis muligt"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Brug: gpgconf [tilvalg] (-h for hjælp)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgconf [options]\n"
@@ -11711,15 +12025,15 @@ msgstr ""
 "Syntaks: gpgconf [tilvalg]\n"
 "Håndter konfigurationsindstillinger for værktøjer i GnuPG-systemet\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Kræver en kompomentparameter"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Komponent blev ikke fundet"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Ingen parameter tilladt"
 
@@ -11735,136 +12049,257 @@ msgstr ""
 "Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
 "Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "tvang for symmetrisk chiffer %s (%d) overtræder modtagerens præferencer\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "BEMÆRK: Nøgler er allerede gemt på kortet!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "fejl ved skrivning til midlertidig fil: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "BEMÆRK: Nøgler er allerede gemt på kortet!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "brug en logfil for serveren"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Erstat eksisterende nøgler (j/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|skriv en servertilstandslog til FIL"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "OpenPGP-kortnr. %s detekteret\n"
 
-#, fuzzy
-#~| msgid "Quit without saving? (y/N) "
-#~ msgid "run without asking a user"
-#~ msgstr "Afslut uden at gemme? (j/N) "
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "tillad PKA-opslag (DNS-forespørgsler)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Tilvalg der kontrollerer formatet for resultatet"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~| msgid "Options controlling the security"
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Tilvalg der kontrollerer sikkerheden"
-
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP-serverliste"
+#| msgid "  (certificate created at "
+msgid "authenticate to the card"
+msgstr "  (certifkat oprettet den "
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "anmoder om nøgle %s fra %s server %s\n"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: intet værtsnavn angivet\n"
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr ""
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "kunne ikke fortolke nøgleserver\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~| msgid "|NAME|connect to Assuan socket NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|forbind til Assuansokkel NAVN"
+#| msgid "  (certificate created at "
+msgid "read a certificate from a data object"
+msgstr "  (certifkat oprettet den "
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~| msgid "|N|connect to reader at port N"
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|forbind til læser på port N"
+#| msgid "  (certificate created at "
+msgid "store a certificate to a data object"
+msgstr "  (certifkat oprettet den "
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "ændr en adgangsfrase"
+
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "detekteret kort med S/N: %s\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "ugyldige importindstillinger\n"
+#~| msgid "error getting default authentication keyID of card: %s\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr ""
+#~ "fejl ved indhentelse af standard-keyID for godkendelses af kort: %s\n"
+
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Fjern venligst det aktuelle kort og indsæt det med serielnummeret"
+
+#~ msgid "use a log file for the server"
+#~ msgstr "brug en logfil for serveren"
 
 #, fuzzy
-#~| msgid "error writing to %s: %s\n"
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "fejl ved skrivning til »%s«: %s\n"
+#~| msgid "no running gpg-agent - starting one\n"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "ingen kørende gpg-agent - starter en\n"
+
+#~ msgid "argument not expected"
+#~ msgstr "parameter var ikke forventet"
+
+#~ msgid "read error"
+#~ msgstr "læsefejl"
+
+#~ msgid "keyword too long"
+#~ msgstr "nøgleord er for langt"
+
+#~ msgid "missing argument"
+#~ msgstr "manglende parameter"
 
 #, fuzzy
-#~| msgid "certificate `%s' not found: %s\n"
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "certifikat »%s« blev ikke fundet: %s\n"
+#~| msgid "invalid value\n"
+#~ msgid "invalid argument"
+#~ msgstr "ugyldig værdi\n"
+
+#~ msgid "invalid command"
+#~ msgstr "ugyldig kommando"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "ugyldig aliasdefinition"
+
+#~ msgid "out of core"
+#~ msgstr "ikke nok kerne"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "læser fra »%s«\n"
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "ugyldig kommando"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "      w/o bruger-id'er: %lu\n"
+#~| msgid "unknown command `%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "ukendt kommando »%s«\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          pass '%s'\n"
-#~ msgstr "       også kendt som »%s«"
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "uventet panser: "
+
+#~ msgid "invalid option"
+#~ msgstr "ugyldig indstilling"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "manglende parameter for indstilling »%.50s«\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "tilvalg »%.50s« forventer ikke et argument\n"
+
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "ugyldig kommando »%.50s«\n"
+
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "tilvalg »%.50s« er tvetydigt\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "kommando »%.50s« er tvetydig\n"
+
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "ugyldigt tilvalg »%.50s«\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          host '%s'\n"
-#~ msgstr "      w/o bruger-id'er: %lu\n"
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "BEMÆRK: Ingen standardfil for tilvalg »%s«\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "      ikke importerede: %lu\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "tilvalgsfil »%s«: %s\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "            DN '%s'\n"
-#~ msgstr "       også kendt som »%s«"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "du kan ikke bruge %s i tilstanden %s\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          attr '%s'\n"
-#~ msgstr "       også kendt som »%s«"
+#~| msgid "unable to execute program `%s': %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "kan ikke køre program »%s«: %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "kan ikke køre eksternt program\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "kan ikke læse svar fra eksternt program: %s\n"
+
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "valider underskrifter med PKA-data"
+
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "hæv troværdigheden for underskrifter med gyldige PKA-data"
 
 #, fuzzy
-#~| msgid "%s:%u: no hostname given\n"
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "%s:%u: intet værtsnavn angivet\n"
+#~| msgid "   (%d) DSA and Elgamal\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA og Elgamal\n"
+
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "overhold PKA-posten angivet på en nøgle når der hentes nøgler"
 
 #, fuzzy
-#~| msgid "WARNING: Using untrusted key!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "ADVARSEL: Bruger nøgle uden troværdighed!\n"
+#~| msgid "Note: Verified signer's address is `%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Bemærk: Verificeret underskriftsejers adresse er »%s«\n"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+#~| msgid "Note: Signer's address `%s' does not match DNS entry\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Bemærk: Underskriftejers adresse »%s« matcher ikke DNS-post\n"
+
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr ""
+#~ "troværdighedsniveau justeret til FULL på grund af gyldig PKA-information\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr ""
+#~ "troværdighedsniveau justeret til NEVER på grund af ugyldig PKA-"
+#~ "information\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|skriv en servertilstandslog til FIL"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "omdøbelse af »%s« til »%s« mislykkedes: %s\n"
+#~| msgid "Quit without saving? (y/N) "
+#~ msgid "run without asking a user"
+#~ msgstr "Afslut uden at gemme? (j/N) "
+
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "tillad PKA-opslag (DNS-forespørgsler)"
+
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Tilvalg der kontrollerer formatet for resultatet"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "fjernelse af panser mislykkedes: %s\n"
+#~| msgid "Options controlling the security"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Tilvalg der kontrollerer sikkerheden"
+
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP-serverliste"
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11924,8 +12359,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "kunne ikke åbne %s for skrivning: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "fejl ved læsning fra %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "fejl ved skrivning til »%s«: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "fejl ved lukning af %s: %s\n"
@@ -11987,12 +12422,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " bruger certifikat-id 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "du kan ikke bruge %s i tilstanden %s\n"
-
 #~ msgid "male"
 #~ msgstr "mand"
 
@@ -12048,11 +12477,6 @@ msgstr ""
 #~ msgstr "fejl ved skrivning af offentlig nøglering »%s«: %s\n"
 
 #, fuzzy
-#~| msgid "waiting %d seconds for the agent to come up\n"
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "venter %d sekunder på at agenten kommer frem\n"
-
-#, fuzzy
 #~| msgid "error closing %s: %s\n"
 #~ msgid "error looking up: %s\n"
 #~ msgstr "fejl ved lukning af %s: %s\n"
diff --git a/po/de.gmo b/po/de.gmo
index 336072e207f5c4ea07b9f3a0d00246161582fb9d..7d99bb96d32935360278b5c7fd88354c1c1f394c 100644
GIT binary patch
delta 58183
zcmZ781-Mnk8}IRT&Y`<IHr?HE;LzP5Af3`J4GWO&5-9;eQb3SKTDlvQQjqSFmiztf
zcf9xi-2FVq&&;e@vnJk|wLxI?g*YQd#r3Zzi1e+;XI(VUONH|*c;1|tq$jA<^M-Bn
zyj(aOOW@BKEyVL4Vp8(2wtL<YjP<MMCB%!E3?E=h4BO#(X)!G-UmEqCCYZ?ce6PPN
zn1uPcu*xoY*DwS57cQS<r`?#tSs7`-YljJNpvzBk*B4`6%6FsMeTGFa!!FA=!SX!c
zn@l1%7tUc74Bc%NtD_z;5>w$EWMaI{sFCk;{(;HKzd+TCwa3intcaSCHkc6yqw4)2
zeG<D!#K$X`10Q2%OupA<AOf?KZ;L5#igOjlB7XqW;aTS^OiVt>KAZZSsCv~gH8w`I
z*AIO)xR^u|+==n<JjTY`uKXpc$1#4h5oAF<pgQWl)~F5-K()6BbK<Y48M}wN{}rl!
z{QcJ9toxaNHB^-X-PqDO$T`co9@W5c%!c<-OOWt@=LIkas^RLWcG@_HqNaWhR>EIU
zvGN|(vDgQhe>I%^pcNEGt$A5gc|%v;2TPJ4h8b}uDw=PimhN9?yhApF=`j=K1uzXZ
z#u(V&`3-8xCi^66kywY7&^zpTg`hGjsD@%@oQ>+xZqx{`q8fOE=`lHbP#r6Ys@Dp&
z#zRrpS7I|fjw3PqQLFF&Od^7U^QZ?UK4v$RMBUH=>*7w-c8Yi0rmzfZrs|`nxFc!_
zM!5VOcl{UVA=FG<#oG7*8Hn#yKVc1jg>kqr8`a=)RJ86vjr6+HJL!4F$fw7w*c3JL
zQJ51~VHUiETB6UW_EMg*0Tx8XToX*C{oj*>dNvt#!x{|W5mW~rU|EcI+VjG(8tNb!
zhgyogSOBl0+KG3@W-t#b2I`__wm)hh3tjnMOt1ZamqZ4Pan^dC8w2FOK&@pz)Kt%O
z`IRnz5VZ@gU_5+@nvqE7Y({dS?yHLl@hjAG2BA8-5PePEE?02N8G7D&nhw>0a;O_x
zVg&lA5$!<**IiUQF)rAFlLr;NwJ;BML_K&8Dn@pqX72n2=3f<_QlJN<y=ZGy3N_^o
zQ5~4;%D12%cpCM<mzWllU9xkbC~B=+V{oKcl>9<WikDFxe}-C`q?eh0-4K4+O*zIQ
z-w)&BNSB|9>hTYl7<XVyJd1hpI;x{_e>ZcYg0TuJhWergI1~TC4X7oX?2}WpE<`nS
z2n*s{tbw_%a2DVoj2_~7`%xV{dDXmv>c~CR172YnOnA-n+G7Kpf;;daR=;jblJJJ-
zMIrB(BcUEvMNLTujE<90yJ0q_#f_K{&tqh~hYj%wmdA>J+V_MBsDW(5-1q>iVDi6g
z-?u>>OdBzW_WunMnt_-%ZHfz^I#d%i(k`e64?s=XB-C0iz^J$x<KQk#k0(&|o?&tf
zxn;W|CGtS8Jf_7Sm|6RODhW;97EFN`F%dpTO;MD;Eofq+8Z3xOuqJAT+Mzl$91Gwa
zRL4%BmhuAT!Wg%0<V7(9`8F7z=X+yFq{BI=nfMhob+<4TCb(la<iTj<>tRN0idw4S
zs2Q5z$`@j6^7~N_K8qTlch}lWiyA;l4DSDWBs69Ho#QYn`MFpc7o$dU6N_Wgd$tSe
zVrKFkP!E`bTDrBUnK_P{v3sZ)4ZUyml44Qvh3_-}TD$HPsNzuPY*Y__K{a#)HO03v
z27W?KVYCO<ft;9?d_9*RjGDnE7zxj!I&cZ2;Um;@Uq4{}i;#%)(4w;>7A8LlHFf*3
z48Fh!EcnP?(_f?3dM6gc=cuU9@z}m6G{x%V=U^qggAthfiRYEV?wAAD`Xs_h{DBoQ
z*;6}sT3}RF#LCzYbK)M<0rVI(<zdgPetL{eKEKOHV0!YkF$VTVE!|Mm{o61B`lm=}
zYHp&Y^bN+xl+Ud~F4Th}P(juLRlhgp!m+4e+>DyqE0_iUMy+wI7q&zdFgN)wm>uUK
zLGOD9N#v#A9x9lUzqFA?pkkscDh9^5@+GJdoyG)s1q<O5)BrNRvW`~9WaOJ-Jp3A?
z;Am8PlW>*x|4I^?s`{@v?XVwe%H#cG<&7~b`N61>F2zK66f58j%!irY*wi*e?SihT
z^JD^QAj?oQxd$~fH!z|0f3mk$F(;}cl~6Zy!lXD7^}zX<7T4n<JcC-xUhix~V^K5m
zqswn``E!_@@;j&wdGBpzQlej$d_fXws2|3~Nf;l$$0YbOX2OH0pnQZ0@fE6r(LUIS
z0~jD*3Uyx#Oo@F_Yd;;eM0@c|y#0asZ%!iOBkP0<Q8Vxn8)4c{R^A_V!vze(y#Ja7
zF+jd3YKa=79yr34FF<v8H>#tDP_c6ZL-E1C%)dtRm;%i}$Y(nklA>lHGp4|zsD|sI
zrm{P#{y5bA3sEE9fXVPErovmOc4*m-a@6%asCFv*B=msRs3{tPYH&5i#675k;y8}M
zx7Zkmg@gpp{y#84{%_Q_iyUh8bD@H>F-G7*EQo(%aZDT*5?l(uHVO8j*T)siLdC>(
ze1M;@7~YE%5?q?}k!>UuP!DL0;kW{|1b0veRoo~c!SkUcs$-q7Bu>Y)cnaC>zW0=b
zZb%Z<W}+Nw#LZFLYCI|?cA)CraQRsLE`%PK2Mb{%%#V{%9ovgqvZ#D*QhOOtOHm88
zG_8VppCgfkqH-##ryEh*?JDY|dX9N8RSfG$b=1k%9aa84s@@5Vif=JBdNFOJX)qhv
zQW(Gvs2LxJnRveUldEtBb>jz2gUMsr4MkDguQ4iCd{i{gMFrC@sI&hVYJ|UIMSO?>
z%pcokvK}f1Mj=!0ZAV`t{)>bj5Is&v@GDmyRD&f^ug|KeZC49buO2Ge2cVADsi>g+
z0Tr~HP;0yw7vNv0B^egiJcvEW$BGx?2YWaqo=xcjoWh0Us0NzGx8NF#Rmg95`A7*Y
zs>`B+?;EU*d$ArSNEi})&9+BfUy8%=7AgqaC9;@VoX8LHYEp2Sf(Do+F;jv=P;2%H
z)uAj&LcBJ(1=X>XNo@^Fpkk*PDkg@bg6(J2{Z~*^9XXj@&xtq5e~HAs7w#vwH7}nc
z#B0KZ)~E;ULPh;`3?57=ZLO1{);KT5!m=0_Yhg5Ofm(tNsMzR(ils^J`fAj!*o5k+
ze};s%)h8@~*;82*H%D!&_NWHuqqgG;REPdRZNF!zktR=VGf@uJ@K>k-%y9Y5E`Jjh
zLy^-2gVXnNkWlbc$I{pmRbde-+7F^e`WGtbo}fk?Ijxx(Rh|j8{Yqj0%cJ&rJJhZk
z;ar4z2kgS!TI?evGy`u@Bgz!825RCE)~GwGp~vZ1GmMem)-t}cG^(RrQ3Du@8o*)a
z6U;+CQ3fk7kD9Sgn26_lGfC)WuoBhN-%vOFg?TZ4Mq9(O&Q_=y8-`lrnW$~L1~oIk
zpk{0zs@^F~hqq8m7dexe5`8t0kAxmv72{wBR73qxUns_)Ml=_7GVXEZ7ce^cd#Db-
zKuvA>%odEfP%%>&6@(p7u`vd<R2wq0|MfQem4YsqIE(Gy5vcNuI2Q9}4e{#WHoS!~
zvxRtl@hNt~_Sr+cYIp{9@}<sU`L<Y&{5q_HuTTeDshl?8>N$N|>rNDCWD_s~7hxIv
z3w2~>$Q9zX#YWg3ccMm?F}KCS7pS-7NYs+;Le0oi)GkV!$F^Mq)QQ^@^}3(qlhBkL
zMs2@WsHw`D*KVwYI#`BaW&8=-sUGSb@MS&=zFw%corIdPC8#yenLi}>rL`t1$a|ye
zEyCctWHX8S6r4dlICB9zfGXe~^6gMDkhx%p*Aa`MdcFiz|19eIbJQ-0RLCBj4wWy5
z3dWYG80w1gafV&@y`?0y?e?L1_z?9TPgdB<tDzp)2lbj=g4#YOQA_j|Rlj%<JL|hT
ze?l$Aebfx6C~ECg#PAS)J%CxX|2Gt~lj;iUX#CfiqPT6Z!Wf{umdp1*)f<OelBKAT
zKEVLSEMZfd6BRp^P(e8uHGto+Fh0TH`#)1j3!ZAIilb0db{uss{ElhyC2FJz>Av1-
z6;bs^VqH9jI#1G+3h{d30xX5`OIxtkM%_08wHx-Juc(a?VLdI6TGIijx7uvf)bGI3
z_z=rujxx4OdSC_e>rqqu2DK|Pl(h#pz?$S|q8@n5nX8=D>sOBbujpP$fr8@_*27O&
z9P5-13I0!~iKq@7MooFN3brfipk6XQs(dk)#fPZa$XzkS8;3nm_rFI)eep_GuR$f>
zf@wAdIw<y`f-6d88+l&T6t+N3{Q|6xXHZj_riy)`Xo?Z!=b)D44^)TJRkiOGoiHQ$
zJ*WZS#^6%=)ody%qNb=nM&LfwgTt!ZNmdp$vdO6HXHW-Af*Q7KDx-qyYb=6`P)m2&
zU5{GRc0)mDJ5+G`vq-3C$58KrXV?a#*9!4EU{~yq7g1|lt9D56mtw>5GTZ1XYV9}G
zwI%!ub;3ohX9LQEnu!6ZCEbTb@e_KA*TVI!r$riAl()yoR2Yq6I1%-7nu_1xT0DUH
zzpxR%#mwY0G_(#@#SG*Jqo#NfPQ-Jlj<jrK_pQWm?U(Z;bWkK{Y}>FLDnA6%<66`M
z&R{xxiwf2hU)t11pq8R5>aDp1<KYHW2litNe1keS8aA=FWN*pyy`ipPoO32-rF@~w
zA9kKY9i7)P5k5mjbL6IWrUy{(`@*OWRK*zB1fyVkjE-GV=Sx5IRdFN<Rs0rX;v&@B
zYc*;nuA-(ib~9VMe5hFHgbLF6sBL=%wJY*8cQb+tvL&b!@-iycUSse`Zo&T7NGrCm
zgQq(x2q$A4T#g#)W>k-lq2Aw@u^iq(1zYx(Hh{XQ>&;M0*BJvi88v{PQQPkvYAHfm
z`IboC%DzMvLv5Sds0u!+BlA!*v<fxln@}g^X;g4NMa4$!)*-<M=0V+G8`Y66s2P~z
z%2#7q@`rsAY9MACd!J`Ro%v-@GtmSUTzybew+c0aQ>c!7LOm#1TMM>=sE&MvTB32N
zrTi83-hYVtwj9#VV!}^GLL*6wdSEFG#fGST`X#CZGf)j2LCw$&R7c{pw_q)aTGMte
zKMnPu?Wp_Dpx$~>zp~v^3fYdn*Or8i%r&SHy+Vy3ZU<{1A8HCKV*op&Mm!PK;T5PE
z+>4sx8<-P6qB@YRqun2Y+O};_+j1P{(Ei^+LP2&9b>k=0uE^fWEP=XS9W?{3P!H;d
z>gY`8X4G!EjOuXo&NiT&sCt!9Gtm(hOA9f9_WvppirSr60*_%yjM~Kxp7NNTd}q{y
zXQB4-1`Oa%RLopQ&B$9!i}AbKOyxtJ3pG$P+zQpv!RTu$*O1T@9zorB7xkd1-K;z#
zDu~LWzI66N&B%Dv+j1f5ggk<pp=YSzi_+aXRumOub+G{UM8(3=?(F{v5?3iuu%+%{
zQ}hLDjV7XkZ8z$ic!HYBq&;mdi=o~XEl?wChw9)k)QD$0SEB~B2Q^dIPy>C_ll`wA
zC+%fZnG1`PuZfz<aj1%mQT6sYFFT)L0?H%xwt7iXu~P)~pvtINXzj{Jp@MQ2YR1<1
zBs3-GQ6r7k$JVR}>cpytdT>9~3{65!<w4Z;yN!h~;nz0hRZy`s2o*EqP_eWT%iwd=
zOcv;COW-#pp$E)B^=zec59+|VgzDHwRF8A?GwY%n8i3mOi%}guiCT&msE)?&Zv)DS
zim}S5cT9U^DSfXO2~F8d)RZknP5o|Ea9&2m!YgN%0rsFTQD^^9)Y>j{{)W2$PgE?t
zLj_~}fi}Q$s1AM^%=>(0au+6|9=HV6q1~tkPNN#UhdLiZ23hdsMvbUGYNWkTGcXM~
z*}P4t0sV`Lfn<ZNBPCGncExNw-y20jQT;P&YR+IZyoQ?MJE*mcJH(cvIO-(ph}xD@
zP#xQi+K!J<Gm~VfwOb0c-&>+OIt|r<b?9qN50lUoKE(jWVpnKQbD<v87<Ge>8sT@S
zDf|^R0~b*peTC{k>R}c;l~DI}LB-fe)X6s&b$%=z#{Sp#*-n9i?*zuezfm_nM{U38
z!|g%YP!Fht>Tpj~kWNO8cmt}#SDYautixGQ^{b&`p#y5h=Z>Jq0TMeX(9~Q*J@6xH
zN>hDf+oTHWKpBSW*i6*OSEH8ZD60NzRIsKWY1bQ|Vy8E1#wMaVx*Qb~r+gB6;0p|3
zf>Ad01yCJof!gOoQ8%ncZO2onrTZ7vflQ;V;o7K?^+(m4i|W7;=S@^cKA@J;Pcp`)
zusACETc8e<L8z%-kD9tGs2kp*Mv!W(J-9q-?Ym<DXQLjl4ORa<YJhK1^^%RVd>Lc_
zzSoL`)^IFpYS&-@51?Y>4k|X@q1HCucsnr*qw<|xek$sL`%&BO9;&_2305x!2FORC
zX0jC~*ZY4Y39an{)QEp^UPX;O%0#;{1FFIDs3~rWsz20SUx6Cw5!BM$M~yh%B&$~p
zbzd7)?2J;L=X*;?XpIh_mf$*SzrIIp!yJ?C#)hct12BN!y7JAaDZh+*@JlR+DW=$r
z)Izn>8`Z&u7{J}=YeavN2(B$E=u%C!hDx9sZjCA*g6ime)JQg=g6|Rrr+S)AZ3@(b
z!co_op*l7e)!xsjnLRp<{jasZOMxB`Yr0j)fqFnijEWslCu0xiVAK?jMV)}lP)m5x
zU4MXj&_Aec8GnY=D}`G7ZdeVc&0zoQ^?Qv1tyTP)Za1KM+yVnQ8g+fS^EB$dcc>W1
z^{wR_q6RVn6`ZS313ZnIx!0)O6K9rPFYJ@h6g5Rv9D{oBYL`EUnyR;`m`MDc{T56`
z)C^5PHMj;fBNtFH@)9-DxU+3(@}o|^su&jsqXy(pB%udyau@zUZMO%gk%Y{#;0a(I
z^3|~fF2E@G2S(su7>?=Z+F9Qc6$5=y9h!xa@E26aw_ptI|KCYyYW_w|<tJ1yWtnFc
zOJjWUtxz57jauvRsI^~!YWO7T{&T4MpO6Q5ap&6-ra%RG2~=#fz|`9R14*dovr*gR
zBI@W2{obZLA4VhJ8r6Z$sD?&3m!aw(#b8XJMwn}XEln-d4D`d`H!aivR$}na|L!EA
z2LC{f=wH+baxb*<2-I4(Ma9M#)Y`2@E!`#5jD2(_T4ceM(^(gbalJnl#a~eOJw#tU
zjrW87IzB(@0X<RMZZ@joB2+XVaQTO*nTWU8MxF%~d|#mI^+CO~=AxGNFlu0bq1unX
z#Ac-E6867>q&@|T@;<27=QPxa_M_J7Dr(B!pgI)uM{6)I>b{n!`a@9HzeVke?Wh6X
zM70xXsoj?r)sb3DeOr^h6lm=yqNaK)s-Y{cqPNWQSx{?P9reHts0R&mu0VC@G*-sP
zr~|0*a%;B@#vwl%wY$FcNvNTX&f};C|3<BGtQFQ^A=F6fVkzu{VYmS`Gg~l#$58D(
zaz<Kd`#u$FKs8ap+8fm|e=&*4Bu?Q>Y`)5({UvH?KB7jH>L**{VyGEvhzi<)7{CRn
z4(>+9!e6K<|BRZk6szsETo`rW)kb2(_Xd&B*}f9h!%e6e_yYqNy2g5(0kuSRG5Fd=
zbzlXmqsLJ}_sE%It*vooRK4z~;GBVlaT^xW{(nY7(V6*YYv>Eq2>YTsG6yx1y;uUT
zqK@KZ>#SZCRKs0R?Mz1n@jlejyhhDT^!3(G4lGW-A_m|8!<C?532My`pho%xwO>>G
zVh^f^T8h4?_xlXgS|3JD`Jbo<|BD)7z6~~09Z>s!I;um*QQP-V^sAG2L!uIv-)K=g
z5zCUlfLgm`n`~wZqVn}o-`{(nPP9>24(Fjda>Mxv)!~$zZRAB!OH~gQ{k=D{|J9S}
z6zHH>=_>AX6|cGSPpAha*<x#%6V*^{)Kc|8t^EwtcgDS_B{`2;lJ{5yvv0LnYK<Dm
zw5{xaHL!+);J!uWAEOS4c-w576hTF8Th!D~L3Ln1>cM}bmMp<`3))hsrEGz!Hx`4z
zimHDcW8-_Dghn3iS6j<;s5L5vn#vle8S0E0*$50C9H<%Dh|%#VDoD?x+Ix!n794Gd
zm8Zve<ik+|tckkr_avdIn1Gsr<*4Y~j|#5O7{H`Et%0JbT~P(K4SS+uVIHc3>)iF<
zQ0+cMJt*ofyFVT3{`|;5eD6yVIuZw<8W@Wj$vljPn^9A_8}s8m)Cg1Vwp~*Y1LVIz
zJ*Xds;xyC@&cw+03+ns8R@4mthDo*mFOkp#o?-x#?Xeq+VM+20Q4P*Sjrcp%6z)aM
z*x#r%4%utv>73<J<zJ!Jehexoe?l$Y8BERdy}Kl|rjhsA4H;2EQXcidUZ@7<qk6sv
z_2BcU8F`KcFyn6)w2e?5^il0DM$PbE)cvP1F8+<adiaWj);!UEo6=gSsq2Ya+bO6e
z`4QFNZq!JwV<e1pz@|Pr>H!&0_Z2}+d397QHN<?_9d-W?2i*Jr5CuB>@1mwU)<GLd
zTvT)yM$JS7sso)+Gc*ph?Y5xqzl8yecF1BR8!BHGbt1Mwod<JKZ^5I7eD|G=0yUWH
zutjGR)QG>qShxUnfc%6y7j8LY9I@ERhnmSRQNcM7HG?xy4_=Sz;62n##6D`fBa=@;
z70RI2v_EPozD2G1X;epEVMUC4%sTo7YHCNKw%HU^!#}zFZ!UiWb^jYw&?Pu-X2oEP
zlp>*#w?eJS6x0-NLVZCvkLfVvg#Eri2Gos>Q8O_Z)qy3b5$;B<{oknV_zpGI2~XNg
zmqneVeX+gv{|_X(P!R2u&A`{F8>XWkycdIOi~3d^?X*RG3RJArK+RNb)C2pVmSQq$
zAZt-east)f9n?7!?TluI{g;wNWC{vnBrJ*AE@iL^)<#YJT+|Hxg_`Q9XKjYkq8hA@
zn(7v)2M=`Rb5QkHyX*T=OML?i^L+0k2~Amnb2gQgQ6p%J`l2xswQV+`Mtav7^SniW
z9@J7bK^<gcQ8TgL<&U98{t9(oB)MQQPz8g3|E~oJP4Pg~jSErRWE*NE_fZdscG1?Z
z5UQb;sHK|W^7~M+^cuCs87|qtYNFa{gIbCasO$4CvHzozI7orE%Snuhk5Iw&76X{}
zvQ1e8YDSu&IyxCuZw0F1Q>X{sLmfm>f48@1O4JPGN9}_8sE&5}o&B$=o=t()b}MQv
zucOMJqh7!9|F9X!im}NzLM=sm)C0$()_$dPzbn6iYVTiE{rFd`<AqR1a4nyN-pege
z6?&k~@|ma(9Y#&n6PHhZ)z-W;s=PC*qq9&W+l-ot<EU+U8#O~A*KFHnMa4)p)C~E3
zNN6g?Vlmu|dOttI04BR`Q(g=e#hp;QWd!Qr8jHnoH>$z+s91?}!|p4Ailr{70nSIw
z=pH2KeeV(p1<@lcf+_#Bk<~+$4@H%)!4h~I6$9!1vRzRZRX!5c!9A!My^NZ{`>5?4
z_olr=(x7IzG8WeUA520c*nqn632Hlj#u%9BmaSo0XMWU7RY0x1kA-jnY9`O4W-#<`
z`>vQBbz-(aE!7AN;9?B^`TyTY=*CMJ4I|&SlP(S_$^#g{;;08TL2cJ*sG!@7dJCRG
z?V?Z4ly|INF;s_|qh@Y27Q`*+Yl<F`(211bu2sx~3Z90jVCju|;C$y^j6(hnYAqjQ
zIgE7AmaZ}?2z#UMpNM+!CR96jP|uBdpZ%{9=eutO#Zet;iCX(1sF_)fiuONnDn@=_
z4bMW2d^c9Yhp6@nJhTI<Br5p2qaL^rE8+oEFvfc1+Z5(~WDl-}Iw(50{CHGHmZL^`
z(Um_&t!a$M*1=q;2Q@)O{{++*m#wIJ`%qtCZlhu*?h|`%Zl6Sef-0!B?&R_#Q6pK3
znvu1rjvYfa_!!ktyr&ktd9V!mPN@C98Wk(&Q1zofvzW?>>R2h%!Q@va5tT#}R0rCi
zMmhv_pv=Sou0l0*%;le;qB-t!>tG(#uBnddSSwU}!%$N_7uB&{uKYIA0pI)V3KG1q
zAjydVDmFv)a44#wX{Z?Z2^-)=)JSr^v<DYP?f+`1;A?}rf3Pc`f`!R1M+NtFOsoC>
zKA7N_*{>`*i=%?71qN^e>Ht}d3dUbiGjkuc{XU~kz7(%*hH|4iPzTlFPN)Zdi<+7B
zs2M(uxp=;JmxM-`_#cbXJQ$071Ju&AMn!igRKvfZMs^GXcpVjdpD_#Od1Eut5H;o9
zQP*dog83k7fUnWlh|;~ak<~&4+YpzZi;CvMs1ClyVD!GTlQK7IWTjD4-^7*oMs;u`
zhT?Y^hI6q3E<hdWf4^h@>tIOr-U@0sM`0<-ccMn{(V5|cjj$@}yI?QWi8m6}!NsT<
z+JWlO1q|S0)b@+>(a!#&sG#ifk^QfOVJZb0`DWA<o^yUc-I(E%O<4_85Dh>*a2*El
zC@K~nqE5Id|5|wt)Gn!xYPSn&#%E$N+~<=}Pd+*WpRJ+tsE)Njt=%Zp)NevHcpmkj
zS1zBNiB`R0s0VdK&D=C>id(S~CJqS=E=@Dk%gygWLTfSzwG?|%`}_rJZ4-xDL-|nq
zyAi4*T~RNQiKqwfMcwxt)$v4OW^q(UTViP(g#kQ(bkz6mkWf^{i4+<Pws2H%bV9v6
z7NfS&F;v6<pc+gSIW+iZ#LHlL^7BwZ_a|y8UZQ3qPL$AKEEGn~bWK!wFAV<wzquqd
zRU1(wyAr&>xqym^L{Y5+`A|1DMRi~#>Ks^!3bx&-eSHZ7_yiT4aifI>mn;{mV>M9q
zI$(0`f8Q0%K~3>GRD%al2g^0*b5t-!j&AkxpgLF{)uC3XnH=rhgnH25sHORUWid^R
z&|na@!r<TknL<KSyan^)O;kgPV}=H|Q+ccx!jX(6DPJEeH2CLwpI}MK!(-dX2F3~1
z-!1gMMa|6AxHhB9P(gbDwWPN(_#H7`s2_Y#iFjHI)*SWVkyr>fxbpj`wF`@H^|GM0
zQ5k1<SN=U}=C-)}DR=!oDp->yupq3C8py;1zD4~J3Yt>z9*bkcgrQywoQ`Gi1*(Gu
z6WN1nVodUbQ4bvJT;$w}8pvtqXH;zEPHan30~K>^eG<Ab0d>PFjEBFYzNJ1u^*l|I
z(BPR}&*`J?`w10PM^W#L+o+{{feO~tNp0#Ypk}Ncs@@FLjQWd6=w+}U)!;K!(8Nt<
zBg>51R;5ruR0kE+eNY{ojyfj}qJr=yYHgz?w+9qN)oX;Bv5BaG&c=ZD{~;1;;2x@h
zNGWXlWJ3i_RaBIBLe(3C>c|q*NDsR5=ct1ycFIsM9fqUow?N%L2=#85jg@dcrq}!b
z9SQX;RVo{CR*XwN0(IcjM)kNas@_s8hwD)@_Zl^o=~CMRDxjjjIch2Upr(Els^c3_
z?OfD#p6}fxp^?AD>X<A|Xz*{vw!_-w_oIR=aoW(}TQL`^LtRiKn}-Uft<D=*n0%Cg
zbub)@lJAJx-ixsZUO;~YiHhlLjgDYx@}E#W4o`2<-x>RnUxQsSQ-;vsFS%x*V&fEQ
zYHvC}pkgRdMhngysC-4#0oM%m8ydYbvj01i_>lrlO}tEY_7_0C-#eok9)gPIS*Ru1
zg(dNCtcmF|+sW1gOOfAz8u1HM@a4#2_qRaJ)EErl+AO|J;VB9fOpjcJq*-mhmqMLb
zjZkYm9J}FCY>tVtaWZ0W)UG&$n&R82AWW9smZ~^vS9EmwSy+Vp0iQ%(5}!~pkUNJ}
ztcP0TVW^S+j9TkUsD@u*0F&gj@*=32s*jrLuBe$9iQ)JgDkwv8*$gJd;QkLMp$1!_
zX5br_UyA|qr(OATSDq@jy@X0(1+I5Mb#yIi<k#HwczLYj#ZgP!8cX0P)H$;k>8S7h
zNg_bO8`MlB%WL^6s44A)t#K@>p@*mwFHSz2v24zos44F4T!h*+Cs60YZLEli^V_-7
z6!U5S4<?}puSFdgH&8+H0b^nM0=AFyI3rLUtAm>I?id@#qTU^|FfE?J06s_UsssgX
zM(R2TqW=E5x0r<1?1w@&m0K~C{9We*Y)t+!*2YSOc~A%^8S263ir9hj7plXLQ3um|
zY=)VOhI-v`Bre2PcpqmLWB;pXLyLz7e?7ko6%+?hQ+XewW0Dd!GXYFTz9edUHb?y;
zwFkDu0jTrg56p#?OIka9QTZkK1)f1|+pOX2e{HXR;kL~dp`!f=YK@<}e5_J-Bo{>O
zg7T=fZH0O*4?vB41}4NssDW%m9Z;819e;=#SnSdkti?;S|20)zDNqc|K~+48>ewUH
zfs;5QH26!g5~!1_9I7K<qv}sbbz~!|V<%BBnL8L2bC<CLsxTHKKLCSYaC{QMsYb;>
zlCri9bD<v8$T=RhR6Cp>Q6nx{&Z4^t>ZLLO)sa!CDPM?snVmpA@EU6SB`j~d$<I$h
z2SWqY{_l*MvRTfRs1fYI>bM`(k@yuX+UuYmI1$z1WvCgwjQX+~siG}uZq$r@ftsP-
z$P)YB1QI$JmZ5rj6Se(bpiac(m25keLQQpZ)P5d@TI+SF186^L316b7IAdkYH^(C6
zr(g^`gzCsyjHdnnl!T)BEmp=DRYHTm!B7v&lV6Ey@Cnw(tX1v1;Sg*~{u*kn%T^2Z
zs^WOmIdB2XV7%&~!GChCF6v!z39Dd^8nn;z`8!+o9dA48t@RY^VAh&8BLh*}Y&<r`
z8K{mvMjb?jYgr7{N9Bj32DA{hl<P4#L#UCz#A+C?Hv3;e*OY|Tus7;Nn}nLOWvB+P
zqk`rm>WoiW$I5G>%DbRCJ^{6q`%&kHSJ%EN#X!YQO;n7`Lv`pxUG{$g5+5nhn&z!%
z@Aa0bAo?CP^+!-W536qmP*WR@iWwi(ktx^;*P^y<yapEBg;D28byUoJg;8)&1K%o+
zpx`0}E3hQ`Uxa$=aR)ZUZVheZ2T>h*=Pc03W}++VZ8!lV@C<4u6EwDMmIF1DH8D72
zsIT=Cd=d(pJ*clnF~7750n{!ijT(7-RD<83)^t9m#h-Bvp293Rq=^k^DeAsssHMG!
zYCp88?V_Zp`hGDI+BU7Q15QW1W<Q`BNYl(7Tmp5V)JH}82#kYAQB(T6yZ#u1G1A;d
zSQB;q8&pTWL%qb-Bj<?kg|-Owrc+QBzr_nU6FaxGrSMvX2LJwEI8LGbC{D&NTZaaJ
zQ|Z3*F)D_hV^&Pp#ztBd6>MEF63#<)WD&;D{@?B{96*iuC~5}ox_pebb~I<f0Oh5e
zEl@!=%w1oGn&O?PcFv;Od5W631nunp2vl&l!W7#7lSt@`#|qR9`%wqTT~)yJ?QN>V
zQQNCJZo{!S0?U47?}7uU>t|6j5vPOAU@5FcevtDR>HtdFk^QgWYezy;whq;^-!XuZ
zJK0)g#<%4Ap$?`Vo$UepFgy7dSQk@wv9<4kIuDkhw)a(3$KrLh6SX=jhNg98|EuEf
z6zJ`gpqqVbt&BSR$6!fZjS+Ys6|C92+jqGps0S=Ym0v`)7qy3N(+F%vejw^Cdl_|Z
zMDA%PWTl?$f4!v|Q=pUZ8`OyAqNeZw>h1U%wT3Z!Sx1YZwqJMD1E-))%)_V?&g*S&
z&HSi+UmUfa8=->HM?Gh)5?bTmUBN5VgVOe~D6QfA3bkK{qh@BM%b!Gj)A<JjnBr^u
zvRVQ)pz7EP+n}x=K*iP_RLA{veQl&)I>%!%E^J5b+gGTlj@Hk%PihP!pB_~&GpYkE
zQ3umVR0qGqn79Mg@xyoypJ6!e?;rfG$o?M?>dl~_2Wn~}4YUdca1QyNs0YLxWWksR
z8;~D{3c8D^BRbn)%MZs!<j-Rh%r(T`cH>aNdja*lEJGDT?7v@0C>leF1)WS)Q4P$)
z;rI#_gnftE0ki>!k}o&h?E)M{{srnh=s&`iZUL4fzZDhzA5pPU^c!1(PMFmX;TMx6
zvg65-c4EC773zIO#gwBhNWMYM%vw}1T|=$y2h@}&7-ME~7Ijv`q+D-~+SYwh9axMp
z@I3nINZcTiA4A64ZyXfF^5i>XG+c*Tvu&uTe}f95q~mO)bx{xKg1T=uYCB#-%|M*-
zcD~d_T_1$nb$iCU{r`XhZHEjKY&X<It#L=xZrF{<@G-{5C=)H82(>+PIm=;yd}CC{
z2cp{j1{H*BQQPn$YI}d0$lAssk!zA2JS8#ML(~m>P-po)JjD`4o@__-g(>z0;w@_C
zKBM-3{;4)YolwC!9)mN1TEaNf?EDBv%~)@rgpS^YsI@(eiuOCGDT*=Owpl^cRCYtv
z{{=N8S5W82E7VBi&akgu#Zl$uQQNQuDpoq9?i-4l3I9710TR0~Io?3^_#JBBXP;@7
z#(3oGqmI&cs0U0(-M7YFKZJ_*%NQLKeQQgR1`CtVg6e2<ET#AVI1;LO7+c|4oQ(x%
z*)J+jICFm&8vM6jreHg+zsD#nNz2)x-VfxzniJ~v#OQNvI}bv&_ZzByrg`=*n1DJ5
z?qgQ%{}S`<_1hM2(%>-EwrR7#ew8{1E08~mWiZ}C`#qq#_%->xsF*3T$acwKRK4w}
zUGfnN>G}_L<aR}E-({GC=X*OzD9Z1<3P~5+n%73H(RkGMTkm{|RmtaC63V|9$AN?O
z@E=rARsGSHv@fnB{~hXJs=U<N>4s&=ug2it|9eV8Up$g53l0A3HpNg6UWD2OhtOkY
zp1S<A<@PI@WGn0!BHyFx-@%j^d!<EtHdHV-a{0j+pZrf)0C%or|0~FzQ=sUNvdX^w
zW<+hPa;Tu`i`qVGupnMVZMXP8**>m<mB<gkqPQ0|!uP192w!dY`KS|cqs!k}&Hi7;
z$WpGcDc`r&Dt<&wWxk(n>YAa>fp1VVvdHBRJ8xqZ%0t)LK&oSad?(cR{RvnRS78l&
zjv7E|f4%j*A8K3eM(y)Qs9!SW{l&i94M7Fvc+7~4u_hiuHJD_BeaCByUCD36?U;UJ
zsJ95Op=N04CYzCisG#<vZ4M3odmlAXBlrc?(~qdBE4Rg_bQJ1_U8sg4ZM6qg#}?$b
zV^d7A&3=ENAL<;~f@<d_>UyE=_B*H3aj^FPa}s)Bw_j}=Z9=W}du)l>cGygeM?Lrw
zet~IsT8I0hW@-;=X=3lPpe%&i6+=<G<t&cH)VpoQmSIZm|5qgHb0OXy+pq0V4K6|j
z;bYX21om1-+hR%bKVciZhnl(S`)mNSup#*?*a!>!W(Uti>`ndwDhQkJXJ)kjr;^ar
zo<%j3?0}tItx@^?s40$f&>HH7dOIF>`SgdZgTt`2>SF{(I&Aq0sHGT%>iAyNjQ@+i
zPN)h;Y>kGY&i;L<seFn3Fy&GECNu-blTUoirgRaGBmWSo>V19Og0l1}JJ2ShUb8z;
zYySu}GgVI80Dd^l{?|y}Q1A!VIAb%B^{nlNZWx8~c}V--VoZ-qaUveZyV&5Ibv*pM
zUGIhpx@o8Zox^Gv>4LpmYGd#naDn}=sVQ;MdejfK6eqATCcI=Z(G_)uuRxt#*HI%&
zaM?Oq7Ijc{M+Mt5jDyde-tX3txY&pC2-H9}`6N{FGRDTc&ezVcKkPt?kGfvbSs!(B
zwnn{v`(av~h8b`@>OFq}b#6RC-5=$O{lX*>#wG8kA`yc`PE3eJP!+3TENqP04ehZ8
zZa^JCAy;jRGh;FG9Z<VyG4{kaSQa~8v+Jv!cTh)t;CgULe6JJ<ZHMuw?Y0AR;#16y
zsczUvDxn_S64T)*SH2u|F6==qNwhz0Kt)jlDTive4yMA9sCIt9yxRW<UBMgFdpXr#
z_P_$D?Nl8z;Y8F@{etmvFKP|XVP^aXwFIee+5^H-9c_(Tl93pJD_r?~%*gY-n71tW
z@}fpQ8UwfiHC5+b{sk(?68>!us)~y0PN<G-MtwK@9Tn7}w{07i!U*zRusp88l=uRJ
z|NdW`I~EjKPz~fkHP{G4aS(REq1X!Vy6aW$+R}AFP5lDY0do>Hb20DPyQ3Pay^*LG
zT8_2x^*#2#&iab??bm8wqmI-wsBKp0fyF>a)D+G{m2X8o@DZxRsUF%ARX}y1GZw@Z
z7=hPNv6SYKb+`&DXa_y=t*4tPP{r4-LgB~uI_-b~%D1A{@^@4$d_b*vx+nHEy)r6@
zd!YvOBWk4QP$z7<r&hly@~zkV26cU(PeS`Q-ZR^$*-_iDEH=h3P%*L&^?<z3t>>*#
zUo7UMqWo9XNp}QO;CpvH@e7-|f~YSvjZgy^i2?Likx;N4a|KafT2Hg0rnVL;s{5n1
z&uq+vn^3`d3l&TuuWag5V-fOSq7I(vSO-_39{ds2k@T;FGvj+TN$AKNhxPD0DoV5d
zV@GjUj3B=O_25^iU6THd>mVxMA0y*ZR7Zb8b?`8%BX>~S`(F%T;<xVoUzmi}vM%a|
z0jRg%cUT>Fqoz96JDZ6dsD`Scj@Z^NKL`_(pN?v81t!2#r~~IF1~BS-JG!%CVy$gB
z34Lp=hkD;nL~Wmos3l19!KSt}YGi{^9h-v+wmTSsi9gyeI=?`j3oB6v)oawtE9xh^
z9*$p<pNhdh|M!qYWeSr2Yr)eR6_i7q-(m2jg6il6)NY9L+02Vtg1V?6^-)Ledek=j
z+nJo-InsSKQSJ5c!u;T`PG?e}wOxdo+LNe}-^TP9C&bG0p|($DRFI89J#aT_gwIj?
zJWFU;aLVhVmZTqQ<|d(LW)-S~|AhKs!8OSi78Z=os;IT<;rtdA6WdX1dKtAFKBEqz
zw2{JsOHdEhkrAj4Y(x#{2I{1X9oYub95sO97=e3y5}N9eC^mwWsHv=j>iJNNg)=c5
z{(xoi7-|OMM78=AQL)e))q%yR4xDg)K;54$nsu}uYDWA~By?dhs=?!^4n&G><@r!k
z+XU6{G}K6UpqA)~%O{OtGgAfC!H%eUt5Gw09reJlm|?-~7(fQd@BfkraG@q@n{`L6
z&1BR!oV}=Ex#)b4dT^RpVZq?4gnGbWRL6fny&Fzq0RMIQw6U$c7V3T<%jj%fK|&9F
zfEr=yIF_%BYH$!1!xgC4?@bI~^0@Zk;;0#FfeNl~u_FG3<uGeJ8$cK5R8%Z&#A4e2
zS4e2>634foD(~!%IuBN(di)QT$FvEogKbeu_8sa7KZWXG%!JlXS=9BusCL$(X7a5w
zRiZHa^ZyYfv{vn%vr#=fii+0fsA$id*lg>Zjk<muH3Kn|gau!}Wl(4QP*iNKLbZP$
zb+SfDY6H%ll>M)fH=`f|C!%gVfdPDnT7neG!h&zbN~j=ef?BfvSQ&pp9W<}7CT2@+
z?es^D_(x2Khf#0I2kv^x6zqRZQKb}i!ACt{9jd_-sHqQ4X(P$uY=Alkd{hS)q8dK#
zu75(!V3t&2!K1t;DkvwTW^5N~pr3padO)_+7EE<9J^6m93Ug80=^$zeqNlM3hNGgs
z6KV#hppNEUsE)lsbtq}tu;91j%BT)ZMYXpFwKRTMz!JGoQ`8VOq5-H8EJHPP!sY)(
z?UGFCtOK=C2hG>0@+GKtPNJ6R8EPgoqz?<e<{P2D5iLRL`QCLB8iAL=D&|2o*cLUy
z>8PG=!RYuG#>R)vcc=$N&1gYZ9Fvmof_j&XM71{$OXCsLwv3)h_p$$KkZ3}|FjR%B
zsO^+0vo+WVHTC0BOSKEj;9b;OX3G*5{6%aB)H$&WHNv;3Z#)IET04zVOFF^11*`LX
z?-mKIN#1N0&Am|#?Le*RKd33plike>s(d=O$786a%AdnJ+8DLXCZVE#6KZLGN4;wz
z<+O7o4f=5@XhT8`_C__d8uivY=X{PDN!(o4u|n95e0OY!*D)Fv&K(x~9gfmioBRgU
zQbfvQ_ou=D`LY-b+vH*Y>tN_XK@42%Dy%^T-APn1eMXHSUEZ+ZSFY-)k+s9LI1W{R
zC5GW2s5QTiykxvs`K<l)s94K|s^2u9Z)-Y<0zF_eHo(77=R%SEcCvNHs^piVM*0lX
z;5*ceB`aW-MlDr))cx~NOK}d>p${&ft)Ly%b$k+<qOqu+EkfOJ3KfiRQ0GCBLiT_!
zQPDmewPYKyBtAwhQTD>NbhVw`P%}IcgTae6$lt}v=ocztHx5Nj>5teL52JdVzNl@x
z+NfReC2CvFLT$@mQ3JS*iuzBec8V6WbEGMTlOKl~*dbKMpCb43=f8?u#k!~w_|Bym
zLH-yjYGakKk!42Z%cHhabJPRIqhjH(yM7NfqoE}&X!D^4)EU*mIT-x^e>+`4q;P9E
zD{4y1qDJVW-fk;VQ-1?Bl?h5&43t21=u6a8_d&gem!Sr94YeD>N?Xv?N5$GG4F3C{
z>qsbwenUn31Jw456=5C7j*5l)sHvan%D1`lTNs1#3}tKva-$BWny8UZLbbad%i%dJ
zgGtM>|0|JbOrjY6fIs3DT#duZg#~|;C|7w~yKvOIp&e>u(_Mb6^EPV65>&7emPB><
zE7W}xQ61Xm%CA*m|7*L1R<x-tf(giXLIu+h)X}>YwZ@N7Gm*WLeZ}g8TB`M^cAlWN
zU53hb!Zkr%UxZqcYp8mOs@PIgsp4D3ffVQn-i?~N(5hCk45|Ztu_CTQ9URZG4W_Ra
z7W|(}qfyr%p&nSEdRXvx!+Ky{@&`~$nyiKeZDCXlwf0HqV3~m078g<5EN)F}s2VCi
z7R%#)R4_)bWzk(48<OvaitdA`;ChAiF>P&I^FF90-ip=m1*$`SsXDesO|c~f!?8Wy
z#ILYQ-LT*v(O!>gAay;9g@&lL^ijdJ1l8aHtb?~uyQNTlo3Re4{2bJ_JdO;+_dbx&
zROD-5FNZIkgHR{meAL0Q8}*>OsP}sGFRbGMRB%;5wbKhVL-Q~`p23uO3(MhW)C`ns
zsJzctClUb)&Y{-&6{f<hjclzdprW`ZDtKn0zDgZKEy)K|M<W_r(6&Lv$O6>1K80%c
zAD7Smr46VK2LJxw021oya@0#@8wT()>S%q3dSLt}Ho`Kf5p{C;(WsgE857|dR0r;$
zwqw$!787Mq`7WrXnuWn%|8FD_px`DZ!?0#{Ln^F5z7lHWlTiD9A11_msO|O<wYCMD
zTL->EJzy|uY38B^b_g|7cQCkwE!h8x)<6pzSvAy+eNam<9d)MvjM4BED#|aTMi`}~
zHCzPM&KIcjVL0mDuopw|F$VA%M#cE8?8Hpo%C`q*q(BcYiyBEwRJ6}PP5lWhgP$-G
zmTqm^wLGfc5Y$?4L9O+5REH9@v5tnLqP`nyM!t9Xqdo~u#XHm*#%pU8@}oxD0;}L8
zSANMEshy2HAL_xiQA^bi)zO`(bK^6rof7S>UPnw$eky9I{Z%9sWWS+$cm*qCjIV5j
z^-$YtA}Z)Mp<>_+s{R|)iI=%Um=_t_pz3u*E#WAaUyO0c??UaS6Ua&HdoM_6%JOxz
z2HQDjqSo#=)LI|J==cV;Bq5zFnDSvb`TD34Pe;8wPNF&<y|cBO9~Bd=P(eEhi)#NL
zAfX%obr*_vv6n?JRKqJ#OLG@Bb<w-pSEvlA{ofPS@Mcsj+(gw+)y-zM6sjX%pq}HS
zmh4w7!1KMEB<5g}?l$%7P$%9ymrvKjrm_>Nd<@pYpHWNj88x-Jds>u-qrQkVM@{uq
z)V|+@+J-k!NB6%N{P#c7_p<#Rj(Sb@LIurA)QB#jj?VbKE#Cljgib*%#TC@Hi`mCI
zS`F2K4yYNMi`rcqQA>Fibwr1K&Hh*L6#F_X_(!Ds;zaTvPz{gmYZbSmmf{I2x^wok
zk#@sM<fouw<q~Qs{y-fxQTp4+v!S+QJxq&3Q8TlkKl@)%`Wpp0;r>Kzi^KzLpXbK7
z<O|>^EQh`E2&%#GfwsmSQ1=f*)!&4Qfdi;uyX(r+4zgd6<Uw_yf=@yfJ7FE1h&m6h
zy9%#S2S$p)_HDQlY6ixlruZmoN<X54E7uUK*AdxX-YV2m-go6mhg!@uLd~2%hJ-qB
z3Iq5YgD00e8N*QxG(kOR94ZL6qo(>M>WfR9VHO*eP-{CJ6`Wg8+xrgc<&<K$)z5=0
zh3|DBp{W~-F>oiU;lrq?eua8)*a&-YK~(fMMU8M6Y5==YG4dCtz_j03JH=5CZjU<X
z2BCs-24>X$UqeD8IE%V5=12>Y%&2@tXDbYlAB>vn?@>|xJ8FsEptf1YQ5JkPQTx6p
z>iS$viHA@FzJ<X*|C4OA1z~wqPg|j;t}klpm!eLzbEsg7Gsem*qPAxr=UNPqzlVBI
z^szQGnVgkS?Q}%7|0DY9$vF}UFxog9SxT%$z9DKv%TXgagPN)LsE!sG9~S)I^OaHC
zwHE3DJ|@KNsHHrKI#=Gie7*@5W6dV8|Fs{-QlKMo1?mB(P$P>r(Hba=8hJO=^<`Ke
zZ(wCCILV@Z2r8;~p-#FelWi$7p<<&lYM`T0K{{tL(OZ_pDGD@#1XFATWl<d)f{KCf
zQ6t`pTFVotk-f)?n0czb1-qhVbQPAy8>l5rJIy*)0~NgAqGooRPeNZfZeakEOt+pD
z!RX|>qN27R>Y$o}nt|1*CAy6oNue1w($1*slTkBz2z8!3K|Lq(OxsOGQM<?QNJ3v6
zR-jI#C(eZ5+8Px_jkFDF<Wo>1+JS2D0mjADv+Vv{*pz%-)Dr%T+Mf4Ou@Un->p(@U
zqW#~Ggo0}?YQzsv2h1zf_DVI|MpPWNRJ~Ebv>6xTV^qf`&9Rr#c5F#L%3S+a{S|7Y
z15g9qiaI&}#Rl5{dFR=77>%0ZO{fl>MRn{wDws0Nw<EeNYNlqQMz#$#BUex(jQ+jF
zQh5w+PmE3ZTGUMLK+W7e4F3CnDHqt<6~h1*nxY;s1XXb{YGy8AHoSp)VDyDHl|@hw
z>VWldF@Aynpn|%_A`7}9sQeF@49}piBliIbMfq#ggW~;Q2S^Ik3=~G)&;m6x{ayJY
z)QFCtI`kSfgBccE&_<vJ(g@Yg5Y)l54Aqefi`oBrPe)#29mtBB(sCGq?NAk$p<>~p
z^A&2FCHOHc_-DE*VNCL;QPF-CljBQg?4_2^f(a-ugSD{!Qr{l<BL(W&LDcqnjXE%L
zFSC8!1vQeD7za<Hz7btRbu8U-`&L{U6O(U;+LnV*+i*SVV7iQorN9bT-zT9SwL{&|
z9|O1+71gIOE`CHUQLL5rn@L$v4fn@*xDZu;9V!;Cp<*ZLDvS22Sd#o;)WNjP<^6Xg
zw04DmvbAjMoQj%}9atV8qK@FatL;G@FcbN2oxh?U_!lZh60NZlvm|PX>tH18gP}M8
z`NHFSgGuNJJ&EdB;<fy?I5t3)FGfZ6ebkzV|7;`bg_?mMQ8Rc919;u}8Pk#vtg|JK
zK+RBV)C^4t%Kks%3c}XA?{ugc>EN7&3c~%UC3=M#Y4%?%Mw+44bRKHt+fgIFiE1bE
z28;dzs2OXDilq@4eE%;eq3?d@P+z?=ZM1z}8w2DAqIShR)K{sUs0N;+8cedu%1fe_
ztOsg@3sLv|j@o`7us>$p92We8iQi-J@BjTnLfa?ymN2h1CPzj8U<}}P)CjMjX5u|6
z7_)D+j#NM`O(zUK7<Cf<j{54BXq$Dc0_wg#sNFMV8~a~3o})kqNwn>D#ur3Y=!g2M
z^($&yzCqQ?`>Socrp|%bo$}dO3#09@1FI40n@~?w$0wl%vJ<sbS9h@gb)-hxX;YOO
zb)hzDD*K~?Y&mMmPohTn5)}ivc9|_vC*%z0YD`Z404f%4pq46hx3!ZMwKO$+5<0QE
zqYjeMsD^$-ZI_*>BYGc3#uFHZ=TP-8x%_L?(fbZH!X$gFqlHj2+#Q4MqGoU>HbMVB
z3B67$?6qhejN0d`P)l$VwU(LpSuC`|5b}-b&FZN9jwa@$r}NcY_gNB!^MdlS(Fk73
zhEebT|0LrO$P$(PUzmz-|L1CRF3i>t`E24^K^ope11Bjvjm>EEYxl5ZJm|mA2g(My
zObqJG<X-)u)Lz_EkNhywPh3ZeleZ81zr1_cJPJ?INC|%WP<g3_={^^559L4eqfa*K
z{>a0paPKH=N!|36Kjx<{_v%y9J<M|U-<#Zjm~#H{H1BKLDC^V9a;`>a3P)3TlLqFv
zG7d5CIX}l;qY0hGX=Dj?8&Izj9hl6$y=c4<bx-iaKX?`V@JEQehU81~Ggm*9pL1>O
zqCVqiThIx8R@2Z}E?%J0P-Odhx%koNB@fKW^;*>B55IYrx%n2?Ao$TsD7t&73Z`?R
z74<t)zZe}Yg*Dyvsa!8cdjlf#{H`>%S$FU`%}sSN1r76W5_%)arzf3=%3WwI4L>Pp
z=qlx}NUxybjnwOg<6Yx1Ne||pSk#N_$`%A$|9}6v!@Un_BRKwTbRaf245eTSMVYuU
zCS}twDeAL`Yg_oa6TFGH8TE(Isl<8+*TY=7>c-)ro7{tcBVUQS!}<B|Q<n4?I-pM~
zpBr=1<ET6+v%4uP7da5U@;rb)tmcj6dQ#QlhK$tT>N@pN1$;Je-+b-~r!)EtB0ZdX
zdE7(uQof9z*|d>~^1GDRBmWm^e;1Wc(9k*>y-GR?m9kNx4rP5QYf0Hbtj|MM@-v8=
zR&(<h{Ka*^9?S0$kk~_A{&;8b^BbPyo{Q9t=Q^Vc3G`sf`5GRKKaW>Gf2NE7=Z_t@
z*q0xDp7ZcSJWL<H@_GM|)@i0se?6R^#dKJoeq3M3Pd&=Q@ILqcz_kms)tZhJq--bG
zic*(9OzC~*`nISY2p%%iDO{%p`Rt}6<tWpqi0epw^2KT3dv4NaD&<M}sY*UI_4(%@
zy)AahE934Bp?)H+_o350qR!YmA^4AdmZsM4-05?5ksDe#cc0|0#pJJWP2VtI;4hT*
z<mW2ayYiz?1<Geok1rwKX3|?+8^4i{%+EzeQ58#5-j;h)knc%eADe6vF}d+26<T6{
zF2<x%f71GlBOgLO5<mK!qx_k>Hi!8<#eHS$lGmF&-;{%&Yz&ouP|(}U^)Zx9;F?Z{
zYIGtCWqYFV{5EbBm$??;0R!Db_$L&-H&p8Bu8-%&f;5nin>SO=zi1l#4ClXkJ5Aue
z*VO66wKH}p_}>Yx-VbzuuV3C7er|GQ8$Wd;F@F95QLl(wMBR~zhqR-i_LLRi+AtNm
z&m78f^PoyRWDxagkS|1o`dp%XJ)O(Pz5jg@a=j5h@u>Tmdm6gV6r}D)Di!s)VFrc2
zV{IyJ`0q|<T-Ug=GpUo4{7lmPqoKk77dL`3{#>uO%sn(0Cj6g!bl(WwOWRwy=d!z2
zicaYhWLVgLp%{y%^!{l|)s*ycF;z;SK0i{X5C43qcZtVLa!pvN{r5i2m*M&&_n6i0
zVgu?&q6>>$TbH=rhWl5NU(OF-b3K1F|Ka<nSCUT5;HRv6V0qH|%%@^a8k$c-`gA5g
z)^%b4<@!A1rz7e9+?$G@Xta0Q-5;#LfA%rJcHFB^58AqAN#E<}8taE^xG90_z*H)o
zplrEo$R{5`1C8DFa;`)CddM3_Sw@#1Oh?jiPc+x=DDD|YSu0#fc|soi4fSi04hta^
zPtvmn{9JQ4^rxX8xS<~TYg9Tx<-Ozwk=Ey1b%1ndSjT;(Nzb4Y-|$m`doJ^!1pI8F
zUKsgrs1y9?K0f97i9-5UuKlE=V3n(Imxl6lqdq_JK>l>E_bWgD`<cUyr?{~iKc%=(
zh`fF^#rN9(`)N-43D^JoRME(JMqdi%k>;DEmz;K=QpX=a;VKe+sSw7`I!1ra-8r1b
z2a;dU^}_sA=7&GQ@9m;opVexFjwYeOOI*uG<NTEbuMzhoru+r@Mbur0-;r-mx(e48
z+U@$U#?R}Xo7Yew106Vy`t+dDR#fgnga3Wb(m*(MWALL-Wb)r}eFFJVcV8p&9cZTl
z*BZEb=}9*wosv4EXj7ky)GHm8=Vu`ChKqT)NuMHA*i4VRQkI|e2!8$~KiDn@|C^C}
zzNSo{QFK(F_SD<QJ;z9==XzG$%!5mC{VV+MGmhsBbor_p|5Ddb4p+E@UPj`kNA8Zs
zq}Nkt5f5nQ>ZT)|gYxCv(;JWQ;6J$UfV*b_`9Jx|@;?twOuhVc>?HN}@uQDl$Tb+-
z6?CO{Q>mE7<qLCzKJj^AICY1RKTV_j6SQ7QS4Y>Ea{U_~sLvtlrFFAeiF_jJb;N_*
z6UO~#Fe&-^ky!r*WNuUWle>X(uc3SBEE-)&`M)$go%B>1p8P)#Ro!O%G~n7{Ivvh^
z)3F!zCs9_EAN{g224#QH&T-Q9X+xg~+S#dBkv`#640R99N9BwB%;V<+*WOSuD?j_)
z=$erJo1gUjba9OZ8{t3QxTiASVo=xqE5tUg-nVpOFwd#V^IlWu|9%x%MB`hjRE-OV
zXjq>!Sb}_E8vPDux^i9Xs(Rd0gKO1ES5;$ty71GApSIME!u2UQmj@Q$!8dRv`32Oi
zhA}ZX{!CnmNkjb3j`s_N`^oR%XBzqL+^A1Y(y91)?Pei5o$c(>_pFL{k-Gd|h!?@V
z(MY#KeRh#P%+C-WI-L9Nao<;5<KId4z1?K~B-4hA|9vKs-o_2x_^C(XR(`s>DeOnt
z3m%dgBQx@))Sb`$DM&}ctPDV(vW6Fd>D|4xxKAJcCW$wk`YWO^{u?xu%iS~!>rrVr
zWn-wA&fV}8_Txb{Xecr_$Hs%?bC6y|L;5`Bo`kNQsFb}TuTNIj#$xWt$<Ivkv8eYG
zb*AX6h(0$c{F-zp(kJ;T?WR`O^tr?Jm#(2a++2o+n$ti}_wYZt7LT$x7~<|NM+fWh
z6Q8o3u46sv)Czt&knc=+aQ$zS(C;nivyui=QK1hv>QkF*Uyz>S9@K*y-|?VXlr80Y
zV$!*(zkur_a5UwK7)Tsf|FU~<AL_Q@rxVvMP;V`rtfloYM@FA3G*pAM{zbk2KC`IY
zn)2RMF2qj<^7-88(onagyLUVHjHBK=ZX8J2d+KDTu0EORNKEqADbLGbHoNjVl&8}A
zS0d4g3W>27H!P!}MpRDCPdNEA<n>8~8>rWqdK2-#PkbKUicueR4JRj`g$HGE6;@KW
zrE8-X<)x_iGe2i3tDtW+`mH#9hVVdr{^m!&sWqDX04nY!eUAs|vx%G9a8Fy;;GdMg
zcj@Ci_#f)%e;w4Kyb$;E8*yGT(y94*Mp~c7bSM*b_3;b3hhA`vgi|S-OV{M#3wc-p
z@>!`@$(4^)L;SR$?3OE2V;N}pgUeUr0sCFs-DyXkDO_7bdMxPy)*1fYX(}C~kpD#x
z{3iek&{KVMZz0Ny)93{(;d(rd4(Zc@a-RmDxcZ%}K`%RH5!^i1)%%-r{!X3OmiqdP
zAfJT1KKr~G`z9pt6Hs-#m3XCGGr4FcyX(I$4WfLk%NHQso5!Ydk8rnouPB>GotJcV
zqkCK#XFMJ`jBAr<_bfN0pw3#-f9m&Mc2MahKabp4*0~m^Q`VcCI=Qi{xPyD>d{@?k
zI<5atW9I>1RgwPv%$$Uf0HODGD1ih>Kt)7w#n2-Vnt)QhNlub$Ztjiu-q04!TCib{
zI;emR6-7ivJr+RSSh26}+S@8BAojk3|L>eLH@N}!eRn>e$;>>@?<v#E2?2~t%70vu
z@;LD`jD1KNF?wdeA8+J-!TGM_dy;++-CF}LHw|L&UUD1WjX=o-D6T_bCaDgi5h@}*
zKpX~bHL}^H9gKn3;WtN)x7{Y8C8dtUr;M$k=wGcJ&}+~zgwLk%9~50nd8}!P3jtk<
zqSo-9BEJ(}i2PjR%=_eDg5R0+LX4gX{as=q@*jYIkT@6KCFuX1REOR0-vN6rm|eu$
z^Nq63q^H7AJ}%`A1a?vW(bS~CIHlPGQTQh{xdOfp5y~at^y9A%sRnxk`KyRm<47W$
zX?QUR*XlFSaHFI%X$eX@qi7JI=gI3Y65DYk1LrECEi%ow8tknm&p*>mc@4~1(l%iJ
ziTsV=XB)lqjlmnh<l$%{JPN-c&D#SwVgl-j(4~M{lIn0F3NJ@lM}RZQXX*&QgqR35
z@Pg2@so@9Y_oHVuaVWG-;Jz@}LU<bynuWfPN$-Gv4Do|n1E{9pkWa&S77A7p3n@Q|
zV3Bc18@-fx8CV_k8@dizhChq+BJi!@Ux@4hjAi23_h3el{*{;rr<r{1L?e7Tsf*yf
z#Py(FHGm69KZ4i6II0!2L-8i)r_h`Q<OdKF;YTtDaQ=AGbC5d+eZ3986dj9<y}9sD
z)#Lvy0Nr7nhtMQq9%UUCP!k>QBb`Wm1WXojBSv#cb?8g_5{}sL@5IQzjiKX6FEM!^
z$;_bq5Achy!GBzmGRLbR{eKG{ZGkWz#*2VXAg@Cujyy+vhWK}4djz_Xo(N8dp5#x*
znHN#Y$E%cwDC_VK()E<{pf5&d0r3>*XBoX3v&3LW)|%#c8KsxNs3YD8@I6Csj&M4P
zbcjN~+T?XP3tkJ-cS*Y^Dc_5(B5?e-3|`oWE*nQj5D!Aj$GOdhS9>gwr4S@awh#~C
z*>D6tA%0G|7-j!7&fH^!#z6Z4xxvPnOOY80ri*Vc<#x(H6NiCIgte6C68{G7b<*32
z1m4~;ehY?{;oYy~7m`06&MO!@j=T<2iSNS;5cguV1LeEn{egkI$xG-T8|Nha0(9vx
z5MwJbG!I-B=}$)A<zQBLdHVl(fG<G!86`RlBc6f42I76t&H&h!{1%jM1NRuTuYK?N
zN4-3a!{1E$DZChIcjQ}woe%Cf%2DIYbex$=ywH?y)W-Dsvk>3_l<Wqq!_Aaiq3l77
zK2DrSj8fL&eLqPFK|9LOel&7tBbNxbnbuf}vAu@g4dYLcpJL>Wr(An865UX?hja<)
zdnmh%G&$UWbNaBp$Ot|Na}oyDqCkhoz;`7M1JmEoHeskM_<x(S#;u|}kMss;Ysvr4
zw_i<9`3b@47}4QzVjClL7x|L`mQ#xtlbrekel8AtXlnK!lg`iz2<M?Ih|H<T+zRe}
z%H_zcCtt54I^U!`THAjV&?f*M&`NQnALWxNHv=>gB^My@BIVxX?<U^@x(-K^UJ89B
z#(yHFBX=t0UFhi!wwm%5^8Jz7N1Uv6Let@L@)BNH*I$1tO@wU*unoXcVj+xn0Jq`T
zMtJ8!yAoyD(6`{g-!Sw%^!;Fd(~eP|1a=<jC8Qrgy2$8^Lz_?h9{Ks;b*Qa`aIGmU
z&<ad=!8B<Aunzr5yBeBLK}iyR1jKZlyANGYf;*aY4GvsK{wr`FlCLp#&Nb;m?{6O?
zxD%!heNdo-V*vY1`48hnA<8zQYzp+(!Q4&FY@+@;eTtF!hjH>sbgl<G-q2T&rc&-l
zg&%~s-_uR|7m-<ufiXtV^MD^SP`n<n4sRj&f@#K=jKbZ<xr^Z|XwM@59&r#dUy}AC
zwjv)yHaSc%g&W{~QVU3jc}CguIFgRCr%6wT7bh+uKa<!M+#t$(j3Zj^8Ok%@O-9)u
z($>bgi^*?5XLnN`OImMiXgM7=fvG*tcvnc1*ns{DaR3IE0p0;`IkfFQzTxK=@Jlf`
z2CNPr;6!qG0eV+s_%V}ezKxBak-f*@uhE}lz5=j2NqQ)Nh!HBsfs+xMOl*CK_gbWy
z_%6KeD4d2v8RR2I`9ku?BcDxq6loc8ExHroH4jJs?;=xmi1ND;&NsDdgWzq%`w+h0
z(1wvdho+yPCx?e{{5RvkoiL6Ar_e3Xr$cj`T!YNZ#I4ZxC(eJ5BDfJyZ)4z3l&m7(
z6VNh4`wv1v%IAZ7oc!rVX={|~pnq9Jhs%iHA(M&2`_VIvbfR%;F6r6eUqDYUVy#|)
zbhwDZ9GKeyZ$|knVg|sED5s-L68pp7gwe(D65%2E$Kd?e5I%*s56lLl4mZH-NjeDr
zR^pqK-=v&NdMuHUFwgA=;j2uI4q~7Vfjfvhh-p4J<r@_Dq1+0|Cx{XU?<ZYg43g!q
zQn2QOzn%0~Bex0qhs2raeS$avJLBMw)NkNZDU37<GEGy@fO##-yU;2+jD!9UXeW|h
zfr7TsZXvECUXSdP&~*63$oB=i5aa)bejTwBdVVv`{AhGu19rN81Gxji2@r1rkVE-f
zgo~lAF-{!?@OR?VV1lG?qp-g*xC7_QkQ+gKpZu%HoQdo>W8@QX^C|1F7uvIaHswv|
zh1jXBKwu+`%@iUizlro|1G*N4Kan4W^8TdX5X0nkSVNivUx&v~rn8rz=V<5$(DN&L
zMndm}{!a{U9_5ALPJ(t172T@W|MdvGi@>`u@&R@tJ=1tkHe~^dZiN0T!lxPIcOpCk
zT0Q0Nq}PGJ7k+Q@qlmCm&Lh>~8FcI5nDR}OF9pyW+69vSUy6ZJ4?+_ea0JCyp>!&q
z>ffJxhH_hQj^S(gMC0Up<eQ=V8OkfcY}HIcjh}cwS77kfB-y>--+^<Ye#OzDH3p_7
z0bJ<U5U(~~Z-sXYaW0C^0$&CGLyYNA3Vku@L7Y9Fd^?Zo{}@lJ^heL1#!iAY4y+Ef
z=L6VEyx17J)i9!_d?E(tVdxzcOa%8J@pfV&?1KKLkx9^gL$){c)4>f!z90E8j{OV3
zQ>61L@9}le{)7;q(Fm=Dae_x->HzFOd=}aecn7I*PaF}@W<h(4bPL$G;k6>pA?}3!
zH*iyoLtjzW;Y-pxO=~>?{}`W~@`Ubx9UdUQ0jL>*VIveHEk@`zcwa-Gjo|S_t;bFn
z!04-#by!Y~el|vY3I`6HoJ$-E;T7~5F^|0%UH_=%hYqV?&H|{zdnoz?<hiD-X<-!K
z1?_3=1V)dc#S&qc$@GAJm7)I*uJ<9%WI*eRoicDcv?thEq-CFgsKfODI+H&e!D^Ua
z;J_g0LBLl*yPI@9!ru_nz`aST!?R%TL^csV1$!2;Q{7YR+t<CeCbjktkdGsA9+1-v
z>>UuRh>0*5{udMm5T7^nJG7f79Drt%?*Q#&tWCwcZ;^Q!-R<yTxxw{;e$eF4CmpMQ
z!|x4*6rgX3k0G=iq3ekX@DxB3;2(f~H09)Q66G~XgtKVhfk{=>tn1Nvxxtj9V+ok+
zaP|-AZ<FTeT}FpK2sS6qM`;-bw<j6967XPnUy|zJ5PPBMJ%jn2^4IV>LHiAwLOu~D
zl1ar-TPk!A2YMNq`INnocx8AF#$^bW0lLb7#-Q+7gmoBzKt1^#<kP{uMcOjS&{GDd
zvEQLXhsiiy4CWG?D@K<^)S(Uf&og<i{(B)l0{By+4oisbP5xfeI^wTJspkJe{uC5{
zhSAZ+a3ART<nKW77l!sFhE6c~8OZd(k@oN}Hnc8@Tjn%s*B0hbm@$MZQ1*hhM0m(g
zQXVi4wKR@2BP|AdSE4Dw{S56*VsEg=<KS<`kX8{u|77B0;OmTzCljZfDgZ-JmI&_v
zTx6PeJoF6+?SuIW3fm<a)cAA2>QIi+FHk&}Xd9ZQ-%F*=AnI^G^dFMtb^Ct@ahUPw
zRhWOr@YBS6gx13UI}ZE><=1HqglE9tOIk*3PksVXha&J(!F@;6;Rn)1$o}aUQ>J1=
z7)QE5pGCg*HN#9KBVk-_K%b$wBMx<fb|p2xz<@5LJe~YNc-Nxz6Y|%SE{3kd2IG*<
zPo^UG;K(he*1HVP@om(myoO>OHUSzANUysep=hcBJ_7$Nlw3mUkm_&}`Oh%86x<SM
z{d}_ba|yf`p`Q)Euc^o{hW{q?6AVq0ti=3ph0uo>z8Ap1$m<YC!8)9nM*bV}3rr2-
z@D~^*XT#e|`B=)Uh%bR(heNj*=ZBDfgscvKCBMYvuf~oJHTstMJqlJ+xD4U|@~0SK
z4H$`2&w<h5M)Dc({*98^#u-ijyHUCVdA*+W#F4Yfe+d0Fa4%~R;Z}HmqGK@WGRgv7
z-u%B711?d(oS3BeBowtpNlWNyfcKF9fP5YbLKw&=|1kLq=vR?%j_hK}8OGu5&~;dt
zRG~O>N1<1TF3ov#`kl=A2%Hb&JM!xhdWZ4@2)%(a9X1<9I=>r3HSj`US|M{Z>Ay((
zVEh^IojjRsUq6^;HMhqX*#om<1M5C_7mf|Y<591anPNADz|uf46etckwq^&5YvRsf
zn2Ja&?yDK`$i$<n1F_g)km^V@ZfBP!Yp#hozPY;UNB)vpFri?4U9U&G)V=sfr)~E>
za+YXO77WD=Vq2fbeiS{kW1e_Uc4@9Xes+PK6APAy?MOJZA~!o$m%qL1QOSr2<Hj|@
zDHwPlTxvVvlIV)+I8y4W=CXa=s_m^L8gAO&iCCz!UvAIUN!uM=yC&<Lg;lM9G&{Df
za7TNoQ462Q(aHHw<h8WRqLC`QBoHlyaQ_n>p>KQbi7ql@P^nWEs0qafZTtMGoM!Db
z!VX9B?d+Ic>cpLrcwPGQ+1qNKzgmd=x)Yx7!OywR_p0l=tH-fJ!RVR>;x$pnu89T1
z<yx%LSwWJSk{tt(55d&RDYeTY(QU(b%}r|?j@Y_y!htHsE)Ons!rRVyH7~VC4oz=I
zs^h^(*zTJh>ubj&c4Vm&jRs4dZJXaHPg5CHV#v0vcTQ`*?XREw(z4_D2+qc_-5`eL
zZIxdKn%UzEX4t`SFs^mzkz|)f!cJz&)C669TO~T$4MhVRm0dc}E@NalrK5B$w(a`y
zpUuRSYkv@f>vsRAZ{1V>`Dc$Ag++EnAm&+K;l%A?#|cwOJr+yr?)#%--EDsyUpMZ+
zSzR*y!Kxc1zM>izqqNsbC%^8+1G$|IvpVDi@V=zNDXFyM6;54?gW0*kl8QrQV_x@a
zX>zo7tfpFz+-+kIUMA{({nNSjN--skwhqRw{ay6G_AOE9juYaSv<2GHV0dXD6fDI^
zAQ~uP?8ZiWqth-8mIvd$!ayh#S>`YgbnSvMnj>O|BH{AUc2!_`u&SoY4msiSc!lQa
z=>kl(O&8C*-=>RirQ5QF*p%k})<&dT9d&Q?tqGRdd3h^vH@lRE?5lohFX~d`6~UNV
z(?Kk6HpN*HOPNs@dAXz8uA_LxN(E%AkGqJTE<YY>=KkJWykJ$82BTHs^5~LKX`tF(
z;17-1B74D{SyLBf7KW)yI1uuCvBC*eGc6fo_IO{)2b2X$SR<GmMw$w(&`l98ckE@s
zctxZpuDdc=;;8Q~mi^S$VIs@j+fUrnvitwTx_kC8vCkSlN3Rv0A2h5Uwi82va@|HT
z1_mR~8^w7{yzs!dF`DUC3>O__Ye&zNfic@xF<yOsoEUi+vHwUh$*mnBj!qqJrjedy
z3AckZKzTG6Utw2ABYLuG4=`S;D;JH_#N0bZiBT=p=7}P!Ls>A&YS_3~>h(!|Fi~8z
zc(xOdYqbnN<Be|E<O-RZm_f;~rb7M@Dt7Fs!xW7(z5OL1!2BtRN1`iW&<cIr`IE$X
zExMmpQykPYp(+p#lsi>UnD&TNQ7VnO@6Qs0o4Gwt6Ss?_nk?qt94m{|gc)&x8vF~>
zPXShX9MazE<;s0>zStsq2E(OZ9lY6o=rndK7m7<-b_~!?!KGThG!PHik>WFGGqt}$
zEbMs1j&%PL6thGt(?ecoX1c4-5Zy(OikfhxH=7$~S6*TXELH0(#oW3Je$P@bR*Gu(
zw2){cCMH~_4T>YnOH)cB;jrm3QyH3tMsZ?sR+3<>LQlrSK<ct8(WmebK{HJMKcafL
zY0Jql^=_58#+@A&ol@P^Q86{Oledi7#WkTyJ6Ppyj#ZITM_J3no9fYJqNUoqOw3a~
zmWv)1Yr8vgxoDS`p+|d7wLPcM9d(xYBC}a6UdpUe-&`m<w~9MjO@QIRzUlVANbGCY
zCSad3bvE6fXaUvy3h}9$I$DfTd#(^;I_M5h8mW5u&U6P{DV~*XzdG?~s%o}Y{NWD1
zUfeF#?i<D6R!sa@M6U#Tw^lo^7oF6?bs|$0tP|(8@@f&TsVZiwW~)!u3EO>VohTCi
z<SdP_M(ItYDiANJV4+x%n30)o?+xO|wDed_F-;d!-8PCIZu5;|P5R)9NH`MB(^MzQ
z;LodxhWdKzidMvwsEIKhf?@lVNL1akSv>A8zefxeZCS*80lO*~)BB}+`xY@Zt+QUU
z0*F@NVF`07Smup#_lpNax#*(ji$B`^`C_w(>iMPqJlX1@${!RLxcwdyuZW%vQ^(s<
zy_N9H8i$tG4X8S~;_9~EiOAb_@y;XP=8C#Z#syQtsfvWv8dvm8H$%lMsAC=xdnJ8+
z@}uHfOO@>qi{`Rc`!+asvEan8a-`PGOfj2z6Fi&0*VcNvCZ?7*$JN(6L|6634iQ(2
zc8YBG@}0sFZt9cb9ji@=<29H~OM8C1Z`X@&EIW|gUj88`kUY8Fm!1>nS#7cJ9e_yv
z4sb`mC>Dt!oLs^-Tc6DaS>x!P5{*%(B*G~u5)CpR{ZkA6rl>P-6`kEJFNr*>FUwz8
zyUz;8*~x3^#)Z`zuIlYqMc>YWXi0^}X;RX$LbZKObk{%DdB;oj)N7)Ty7x8lM|aP>
z**g*ooaq_&_SeN~p)%eOz1!G1k?>GGfI`mDNLg8~oAZV^L3Go-QR*LwSb}S)*a|a?
z-T7~dSbD!`e2E@kOUfL^`lyDbs~YFoN&Nxw{Ci^ZWX2bpW|PKcm1@$oDS8lUP-0DG
z(C9_33CPWQUknue1C@@gkKfC5!+Jf@e|+JrX+@J}Ezu{iB{K?U&vuXbKx9~cgPilR
z=&Vj!CpxGZAB)NEgCC2Zgc|Xw7^xoqRQ$#5^O+bY)T-U$7x$viMV57JsdwsR=kq6W
zw9@ak#L-i4i%iM<%oKjIUyt_&Yu(Hr+N%flh+2`ahVB(lyB+t5&N9tghE@K4(WO%$
z=<SPodg{(F>+BJEX2!V44Q)1LYT@itR+%$~mJC!^hxC-zj?i2TE%t2MO5@amAH>C3
zW--)6=BRq>2XRa;XKUTU-khxta8J>vm<C`48+>_%T~sh_g0g-TAN41*iu&oAMm@4W
zE*rN^th*omC{7gW=1kEsYf>mu90=ucl1o`tw92EUCl~t72^WVVC6#&rPjOagP=oP^
z?X9XsZr7hhK<3bWp6P}@)*X5z^UHn}V@2`oQ)U$wO<LtIPTchTa>^=0kFuLE8oh>V
zSkn%{=!*Izn-i|Nk~zz(nUOJFPxm)5)au??MLSYvuZYw{?HPr0y<>x#et<Ey=MS+-
z*#|^wo5T2L9T1~?X&;(4L$V@u+W~QgI7Ve16cgGUl{f6@yrW0hM-3k}eE8sDN4X^j
z#XYI%RPS`X{01!9iNEMA7fvZKb@J$q7f<$)vij}i#rk-kfH;R>%<XrwzSkzS2FJ|s
zXO>TDRA|664!_~rW1VnKd?mvqp`?d;$CAgk)7xj>TpS5hM4d2a_n5oSlD~)+6a71H
z0^ZHtpC$|RB~#@$mp$fkV{N?C>MO9`z$b*t166@gGV929-=KrBAvO&VE2#+8Z;!>C
zP}p382WT5twv@9}Mur^RDp}bq)w;Rtt@(>HWRGr5e9#wS?SpqAcDH264W6@8T1tI?
zR`Hhd1oc`=nPs%wr0$0;<w}`3i1Sytlyl`EcW!HWQ@Yw&LdSjINe*_;>n!u6s_QD-
zt4HpYoh+`mYGG$NK)u>kb{nLx!?VqGnEjm<HKZHRp50I<O5U|tUDZ`~NVDnfsQXb@
zxkNM{8;Mi(K$-e>jO^gf?=HVc&9cK>1NCVlK;o!ETQ2M}#bJk<?VmY{^yOI}^vj)M
z_Xb;zPgQ^2Bs0_({pCIVa*F*Pwx=iErdM){V>?>rl(WOEbT7}Ams%|yTMwV=iYV7m
z)sNOm&CVWHpbB$kZd2Y-gJ_3mb7iOhm7L>i${HlQ9VTLU^9RWTnd6zj{=ifA9y!9D
zH(2hmS|qvUo;*}KR;ysLtL|e*%eB%CA1ha;b%jI2crD?Co1p$2B`2jeHgC}w*}p}i
zvExoyO&=rs4Q?RV%W9&fPSb%H&riuNwG$Ba;uzVpL7z)^%@oP5swo9>n))Rq+gh0^
zlhpo@?C#bV$Ve)8QYX<F-f1AwyWT_$=V!V@Cdv`%O&ZFroF-GnB=3!)kf)3wxA+*7
zrG^DL%&72YuU%ThA*0-3G*v|7=7Hl#X!UwetDApSK9s$bZHcL^Z%yj;sj{Pr6v^5q
z?et5LJhq|QYUoTkP%W4)yEl@~o-PX-O91+)4`#}A_06HEKI)hmvhN|#vzw66)knQB
zL-uJzeLv$6`(qk;zz3*xGi8@XQo?@kMv|vAdzMThc_>V$tN5&BX$^HBnk84IsUH{1
zzqm)8Du;-iQ-al_yk68VB>q4NN9Y8<BLkK3;8OY~&XRDNoag4vm&HO|zChlPlQfc>
z%JKH))Nc%zA~jUcxyW_0r>a~icdIpv<Ynsm#WG8U7t4@Zu*zz!)|@N5a!kB@G1GAK
zG}%V&T`VWL;U)5!v`&ov<YAvTBf@cGg*(=fr;6H&054?W^7`$ec#xaKe1~<#36Hip
z?{b9XxsP3Oez2@ep8%a`C{R<(Fw&LenqjZ3u|q5}qdELI_B8zz#HkXeQB>^2qxBoh
z{pZspd}U2^rNN`#QGY9wpPlG0F!ltdX`t9i(Q|%UARLbd?3~8+CpXz-pOi+1`#`ze
zA(~E(<w1Fw@TQvTP$}D~pF^^>3RcRKTC&MEE@=-{%AzKM>i&?-Q5T0~@59L5)Q-_K
z>;)m&_b}c~+SD+0c9k5Wb6M))DmmsbRE`=DrV~BD^sv0Z&wUb>$Lm}>OLz0le{!xZ
zh{$LYX?J@>c9kB!g*UF~Q`*`+IV#(yb~)@ljn>yIhnl@q-ZG$o!N==n*xOQcPsPYL
z*?LCVDPz?QBV>1V)G~Qyi=<6S6$Gqq?$%|pMVj6WA6+GTxLa1q=hB6(YR;E8xtmwZ
z$*HxIoZ@JpMqe75K8pGKixW0)a&}H$h401WV5rQ=HE(nbHNA@EX=04Gs`6-{s>;WW
z_uuOBlOF5z#+}e>SJpqwGeOTVW0lFqzG|Q0lsZ-REXRL2)e}hVzgUj68K8P0<MDw_
zvK%(8kUT5YxJ%^B4pW?Pm}^M9x<-%qycuO7r(8w)^X|Co5*cWbyqLSkUdQ?3kbP&#
zS~=Ak_&+v>>a|Yxa@`x{#?)DJysO8dFKc>^1!~It+jF^oFk2b7^X&Tb^|IhC^xi3;
zs{Y|}rgR18hosG@>}J`k$ueDjGlOsQ&9YU$#D?W>U-jF0{HTuBZ!hERE5UN#yICF-
zUA#MZ9(STrda3cS5>qd4lq3H;xBcy`a_`<MUrtk%n`En8-UBOWZv7UjpCs!y#$z05
z7^2>s*89`Oim0xFd*dcKFuh@6c6V)+#m(~zW);mTnl#Fu5aV@Ie}iCADrJ%2Oo+>g
z^ROB9ah3asyr&rUY}$*lu3bN3`|`M*XxvKf?2QkYo_@V^>XU=r*F0I~c~6#oZCa|N
zvb=tyntrFW)sBs_t@`{CxuP`(JnmyGV62oZxhnLi?AnSsowVLu@u=LFk!a$$+Vi;V
z=ic#{9NBotb3cDvO4-l=>f0T%sIfG0ryQvda+&Jmo$SQxcgo`%nC^!=<?z%I$%C4)
z!pTBE{KxG<-c~e7uh~4hl{pnW+4sS_vHCEYsfy}luN*yjI70e8Q^+YlmbkxrRCD@{
zWvUzM4?VW+sFz)vOplN2<>gjit_#Zop*UkTR_Q-bMYxc0wzbWZZ_KTFPNt_fU6%j$
zitO83PuIq#i>doxk!#(+tFn(gv7yH~mkcy}EQ5%p!3lG+;?PU4(-~8^7jq0Ym)x@8
zO7Ak^p7XlwDLWK|i`jwnEaJI3`GDhYcthUVHV^qm^R~Yghf~<25^WN*$Maeo)(^#%
zYWi+j*;{X1M;vK(&YZ%Dx$6Gi^4X><hC26i`Dh#eWu0j@%A4w$?y+CUYlI4(WVPtu
zcbtAr?wdC$TK{nUP0ncj$;6uk+=!Mr)R_HPUE#_eYWJ6Ns#-r+c5UClvX?oWSvf$a
zsPLV#uNtyPMpc`=a)A5k9ywgJp2mu)*Gq2j`t?_}+$XzblvkJM`R^P#`{V?*^)1<X
z5EF%)1TC4FLYF2QPTv`fsGdq5Lfy4b?s8B3N>-$~uYM<o%U1sGZjK!)>qj{(-6zG|
z2|vo4g??9Hj8?hd{Ul37kFh*2=M{R-%e*evFw28segEORYFJ(Ui~N@g{VMH*3U$q|
za*VqBSFT<Af0fxy$5D^p<WSY?H#yjQjxPL7woPl1wEwI7Gp+V&`a#*kJ@26WUbLli
zSx`dE41dume5lwuuhroqr>9$)ZmTS7gvgq0E`))a7-tt>qh_lyt*wkU{`+?QMsDqT
ztOVVn)>d6cckDRcD|b>`I?<KOIRCgGcCm&FReG0<skYs$nVp-C^@dUI2D({ySnjl5
zR%$b~eX!Npy}rMdE!_RtR)M7^=URVJ59C_yo0+>)<{+!TdM4M}lx6EHKM&qjT=26?
zRbY^HN5c}LS`W5z8cSmaTkqyg=3@_abMymwU;Wv&I#7R;cl4{IV<74Q&(O`($2RrU
zWIQ=$h}Eolmfp<hH?wG{F~hAqHFUT&yJ;6yA7gb?q2X3bck6KLwanf}d_33dSFp-^
zFz<CL25uXptIB_YvP`t~E<paR*Ve0A+~t2Z`M6nsJ!EPe|0<*%t<n!<`YnMouJ?#u
z8Hl^b6<RNd-t>Z5r0DjjJ;f|k{!4n$(NF2y-2GFmt7NWs$8P8nZy_rvE{p0%cyBE-
zS8hh?_9Cmkjed(sJg95FT0Y%+p~ZM@#LT$d>DGYsq(Wb}V1_k8=+o9^Gp(NP+cT|K
zQq_QYR#<&C&&ud;v%f^`|I#Vm63<-!c%IcU-A7ict4@&}GdS}2%cHtrp0!m?JJlNH
z-h8UHSY$S?aVm4Zby}_-n_+uy#OpggS9*2S4QQ9^-=gs0fhg|*o9A2I+a^sXXNX>O
z-S_5OC23t~(?GP?2{LKDM&+BV*Fx?Ir(0{%24N+sA6PuRX-+3KE~#-oDsxD4Uw5pX
zsVaPim64w3_p=*6!#Y>w7cf!nd32_upXU8Op5;H!PmDx)m1nQ>_i6@j*!`)}YL_~s
zpg6`s)lBdSQO0$cPZVr)-krIjXLV;~s%F*J;EdTCug{j=9a-^*_&ca@H4De7)z&wO
z`Srw^*2(I<Gp$x`&6!rJ&{r7_q57?!&BfbP$N8U7_{5-hDR+6)`d+AlxRrDGdwnp@
z%F;d%Ug>Zp<D-M_aj$DtZ`<nP-c)04${29SYyF&tI~;eX8dfp$d^fh%T5$Ryt=-UC
z$&DSW_O5=>aLNq-GidUb-`K!M6mi$pTDOawq9EsXeJ<03L?5HQBli&=^G`a*`lsbL
z-2^p#wbfa5Ty0gmTUJ|_NcGi4)^K(H#n$O=&L!5J!ri;Z8ZF#0msx#MPtY@m<B3^Q
z%!RPZo)FeAWQoVYh66z*r+M12grjFXKT|Ea%6diQyMwQ`gm6!*vtE*chOLgXW0b+_
zY0S^hxA}FQSZ-#@JnsNetiPIL+1y6{C#;#$?!fD;(P>@Ge#b0K98G4C3pwtJ8?F0f
zKkth`0dH^KdBl7J;E=34pA)M0A;8{XJ=DSM7v6Bhr7D{RMm@j58al*#^*zN2hHUS{
zfOpXG9yz_!z5n9B)Ze)s_00zB-(~|1tG92mvege8thODQE_Oka!xE<>_xGEuwL*2j
z%W6^LznHTKaQ|n%=}jT5U;e!_q<7*9JFK}!W_xJwjI8H_28NSf&+}+7ty5iji`B82
z_bgqc^J{BE3?`oQXHRa@^HugZ9=Xi=Uc^zq(mVa>=eaT-A$-54dZOld@xKe`qhrIe
zC>*u(R?BINDX(sgj|WHJW;wO`PNqNp&?Wx+hhtCG%@QkR_lbHFps9V`p^g6P*88t2
z7`y%yYFc@JQ207h^<tvLMr&v@e~hW)Hd+OP$C?M;hKcBXayfGUF5768h+6Y?Wumv0
z=?)r?0q;u;>rcbSmr225Z-O_hlLlfI+6G+0enJC}-Tp@c7W&d?O-W_SDmH{wlOwF)
zbh=}^U*2wQm&u#aeVeQfhn$u9yV$c;`CV34ujGNK?<xM58*|(btFCuh@2DkrS>4(n
n%G4w5ySuDWBWIXF+jLawk$cD&otznSrsUcUdQ|Vbt@8f^?-mdT

delta 54256
zcmYh^1)Nn?+xPK3GxX41!lAo|uA#fjA*355rD4;JbSOw80@5KMAq^6Olt@V3AYD>|
z@cjPgT0S4o=RMDNt+n@Fd9Ae%-pV_2OoFlJ<NMbVN1N^O85qm+(&Ft3o>wp2^S&Ra
zQqOz3#q;vuGc1Yew|ZWz5YKCdDag0m=6T0(2qwYGKX_hBY>H{H52nYdF25et&T-TC
z{v=V5g6P}rLNR9}XK&Q?saO>EyZql+k$j#Vo|hMUV>MiYy6*w1p-ekHkMVesm;!4$
z+hHotr{^Se;~eK^=V?qy`6JAXF@CiBayhGFBFfuiF6@t4aT#X9pD{Z=M%9yImzf{q
zlCOqIY2Ry1LQ~Wgli?(nUxK=EAEv=ms0#0+DonE5^U`5%Oo%lw9yZ71*ag$#2-E-;
zqUt~3u3ti5J$_0eHKy1@Wmph3Wi3$^bVXG-9y8z~R7Lwx&s}srcgEXm<=LGTFdO%M
zhFXHLm=qW8W&YEV*z9in)%gfD!dO3fUKPxMiLo=PV?$6K8}ITfP!(=Ol^;gkcMD75
z6Vwdk-e)se54CjN_xYCaDbN&7$1J!M)v==(2k&AAe2#T6>3-{2J1k88drXBlQ8W4;
z)sajGY$hU6&o{%2I26^P#Xbq$cnEXiO?N}QgPzxde105_Ut(rVa)?OAVyK1&qAFaB
zy8i&y#|(#g7W<-RZUt(FwxeeDBx*_hJFeg#cSG_cc4IEo3`AmGY>8Uy4XBEbV|;v%
zpJ4b=YbXb5CQ6}#wlQkty`8hLIQeauo%X$_Bs8*AoFWRoGMEj!qAHk)>hXHaibqkw
z_XO3U=s(+i0W43x6qZIGbq?%C-S-j;VZ!4!u!@*b`@b!TEL<3iYT$cRkI%aDm#8UD
zbHes@8B_<`U;rngmT(PfijTVdRhR!874->DT8w2wM(!2E%(U;dCZPw%qK?q{m<iXT
zmf$REhMv28ic?lz1l7?-s1EdZ<+Cu7{ASdE{=(n@ezAJWV0y~iqMwh%C=zOLGb$)9
zqNeOI=EK;ht-<1`rT7#z)xA&+Z*k>kPz~KjbvWJ`Yp5XRAYUK#{18-ov(GU9#YpU+
zKvVP_)#Et7+L9DNJ<tRL*c0R8bWDH?U49*^!#|>8;{t}`L(GqFP#w*2)~t-V$+tbr
z{408=QSdvi!-P2DoUQTKs0#LD1irvpnEkxxRmFZ7JH+$$qB?f$f_VYefm^60e1hdL
z{zcF0fOT;y{@{~1OrpwfykK<0CF@W!R8SVe*cgS{4Q)|t=VKCFgwb&`Ho+ZO5fd?*
zJlGgDfYF#2w_-KCjdjt_d)W>iA9GQ#8Wr6aFg1Qa%}}Z<HnO6qhAX0G>QhXCoiQek
z!1y=;6$|rF_x*^e@B}LQ?;!2@UV^JOqLQe!Z-$z(k*E$V!KAngHA81m_x*;d@FOP2
zRM%{V@}oLb6ANKGRLAC_mT)m@X3k?y?f<YpEE@A-A}-WNZL4;unHY<jx^<WqucD&&
zZ;XZMu3NNcLoHQJ)C@I7?Sd{C52vCU{sz<GaZKxzxKBbOh<U>vNQauT3eJY83frSb
zG7!t+2-Jx7VF`SNiv9vOZHB6#8u}bR!6}#q*Pv$Z2>P1Z8zgk&E7W#OcFWeVHtNO}
z&i<&5PDfSr9cro%VjR4JneZ-ZiNbH&S{KCN(xPT^Bu2xHx0!!+U>gOR%HycuIfq5@
z7Ai{9{Lk}>U^mnhF2izo1|u=a9eW)&M6LM(ERLr!KgPLhzXM8QP4WY<3Ld)4{6~_A
z_a`qNtc}_QQ?NAdz{>a<b>Nh_XG>5UtCDYwI!G3wrv3zKCU2td54mq^p9qytj~Ou^
z#=-hN39VfVR0Z=eF|I?+%s$kVUO)xs-|l+c2i8z}RBV(%-CrLyLme?Q&c;}{6SLs~
z)Dl0ytmtQcXlqgfb5bw}GvEr;)Ez<H_y%)h`bQQMHBm9p0aZQ{<KTMK0Cr+wJc$}W
z*kkKxHq?<`5(#qOYe*sn1?_P)c0)~3iYLqlmOxGQSyXx2rxsLYQ6ubx8u=8ggiEmi
z{)w8=)XyyX^P|p_+NhxJjOn!hN0HE!EJaP_Wz>yNPz}a;ZV%)^MSB%ggDo*V_Ql0G
z3)NuZ7dA6BFfsX#E<ecS=b$>U3RBa*cYuVZ<QkU8*Qkn0{AEE?7ZZ_hh1!0-F$+$>
zn7AI3;1BNlan#b>#Ju<cwFG%y^2ai)ho9m1=r<=3{>nz$2|p!22~~a@^+37TtRF6L
zF2(@)<(M50p&ESb%HzDTj^)A>lovw9Mhy(b#;6WQy<z?}((V+*$5E(}&Oj}}a#Y28
zQB!sqb^l9L1>tXPM$%(S@<mWbbRASZ-CTZ{yFMRNQN9IL|EagkzozIO1*$OR-}c_l
zjk(Ad!*SRSqwpcd#>($(2I``=RWDTVeT9+u2S#Avy>0JCs9iM;wG^AMFkbLU<R=mL
zA6xs<c$oZfERIz^*wT!^wB(ng8rp|CpkjWsC8&hjhM!{|obSqyp*r{+OJQm+B>1Q4
zCYYYQKaqs?_i9XyXHX-5h>HG{AtAx-R1%f%j%sL{%kM_Tz;)D!VuxA-Wl<gNjcIT@
zs@`*`rSZZ-G$7wgOhN_uP*YP5)#LV<6sMpLrlpt<Pog^V4{D@=XjWbub>A?IiL3Av
z+=v?KFPH<LU;tA^5AiZ+|Cb=4?bIA~!${PF-(x!b83T9^bzhtqHdFag(Om--d~Gov
z4nYlQB38x)7{FUt0HejUdWv9N+V`51(1V>Z8umwRw;`wohhuX578Bxbmp_FH+W%oV
zzD12RI{$oTA!b1>!9iyneyR2(Ul#+o4}DGHO%hWvVH~SqF>0-TLIv4FtcE$mE#DU-
z$!~J`7g(2kfw&=F100EE@B-@jWbs105!e6~gy&JQk~n^d@6{$zHGYWK2<M_^<PmBq
zx+k!X&BeClvn8|+PQr@h*I)*Gii(}Yi7Y0Hpa#$mRnIh3kneQYZ{SVx2@?Au9?RlA
zPaNVkqu^~4YoJk5^9xKy`E1l0uR*QtL5zzRFah2|y=Gsa?t71lon*<ZJOZ@~N~1a!
zh1x}9d=iC7Y(hot9n{o3My+Y)<Q6pfQ5|W6+HM0-BU^$R`EgXmPf)ufO$y7GLFK!k
zVrdEna5E}){BtDAlK9izkUgbEcWu-NJEMZHA8MpioZq<ewWy9CL>*8kP`l@zGiIug
z;Mt!Ab<*ZXjl3l?5Z{|jB0#}b9LiE$KvmQ*4NHT)P(eDt`7P?8I*01`6V%A^r8OI&
z&WXV;zXml^XHe(KJ4}TMKT$`CwwxsNKvmRHJOH(JtDHwsQ*{@$w(n5eG-*1UkyNOe
z%7MDC2xh?Qs3q&>9Eo~<9%_a*VthsWFC;Xz*HAwg9-~GSlHPip4OLzWV`Cjuhoexh
z)d^SxXQ5{5I4T(5q7IzUfDI@D6(bE$OXj1mx7s)o-S7rBz}gu?f^WN}IG+4_tcPPV
zhIqH|B6h(aGlh6HFl%Nz>3XB`JFo&q&tm6BHPit&6E*TB7{I+**#BCS>l8%dODu;)
zvW5g-p98QR`L);q6KAs#4MdG}4eBj<3AJ=dvfIp5MD3!!sBO0zv*BS>5I#oD#3wm?
z+kVw@*c1&#J-7hXz^_;py__Lld#Hvw^Vg$-@Ca&+Z=z=E4QlO2<O&J?I9-N{_M@o#
zUZS20&mH15#H>CE1>0auk6+_YxD&PJgY$%Vo$*Ul&)=Z#&z9G&S4QoYC{)A!Tz(!Z
zD7T_wX+P@V`qN$i8?%%5Q{=NAMq)t<x}z>EMm2a0^;&&{+D4i3+Y;46o$XVdCs9if
zUcjcd6zcg-SUQBG9km4K3%b`gvNXOIC}e9?3bj2x#Q^ql`5Er|8q`u8L5(<Jgx!}1
zHKnz&GImCFcmrxzTt>}6;=&dy#ZdS4#<<%5J4on2IE-3?>!_LVir5GXp|)u+?2XT`
z47Mw3!MF@H6X&rSCMjkOwZI7Sb5Ton0(DeBK+Q~o;v8VAxC{xs&4ytl9>7W%t%OZw
zb<{rYhqduLR70<w<x1N1NvNRRjT-R-)OJo(DkS)4%=TE4{9-JNSJ2m#re%TjV0+Zd
zVkWA58<xk9SPsjV3GpW2XjBF9%etvY-PaivBj2O;{{@#%9cd%3h?==Rs2ScA$^NfN
z;(ruq3JaFA9|%1$lKfiKT0KT}sBn4voiGeDlRt;*_*+zk*(%sfG)2wOWQ@cMsD@Ki
zv;(R!s>4ew`gX(rDA2yoTFG`pb5sybz@oSXwPp|9^)!_&+N(MTqSksfDv1BUw)h4I
zVDl>0vGdrJe9WpL-f!%RHa-cRL?x@+nsr2NlPRbXY(<UyBbLCbH9~@aSRI8P|8Ezn
zW4miw@IJ)o<m1+|-;jw>M{aT)g%NlNx1$E=536lIjaH$8>@+G$L+jX-X2r?mqfi~W
zgL*JuU0brIsC_>Vbrc_S`LKExOA(lr@+O!8hoORVF>*5c-eD4&`WL9TV2=9sE4Mgm
zO{-%|9Ex%9s`F3h3+D&S&h^+0?7o7|(x{WKD(YR+6m?$oz+~Fk6G`a3y%-bX7F0ur
zFb1B+*mx0jq~1W?_ZW5GM-0a}4ejNV95o}AQ8U>ei{X6K44*><V~j>@Pulk?kx=x1
zg_?<rs9=iM*iO3gsAzAAij~o*k#0a8ESFG0_Xgu*q9!)d0II`<F&>u33Ro8vW3$lL
z2zI#}j$lUe=P`h9P$Nk7sco~;sMl#%=Qz}F!)2%--08~iq26}UqpU+|Q0?SIO?_ch
z$LmJ1{}r7*C{S=r!2qsDHFO%)p@*n5KS5I~&yCu@RZ-7RLcNw(p=NL&YQ|op&WE(k
ztl{dYdfTI7YeX~lzZ%{`f!5{%>Zet#<~D+2s1epi#X@`3RCmKr9D`ch@fd6vHS*V}
z8Hv}zI#3F=WL;28IMe0#`XtoApQs8xqTX7CKeKJp4YloNpiaWes42|Y(mGxm^?Xaz
zO!dP6euWz8PE?04pl0d`Y9`~gvV+dgNkSDgK~?ZMYJW~gP0<gi9^Xf8pX9CW!Ca_a
z@Ts#i>iQtm3`|8ev;sB5`<=H@yCX)MV0*q-l!Qjq6m{blsF|3H3YwFc7=J@W@dGT0
zZ?O~>ZfgfjZ_G*lD^$Y=QQP(g2JivuH6OQ~%}7>Eul-+^gr=$`>Kqu1>d;hFPglF^
zmr+yr8q;I4_SR5gRC#?=?DRwh<6_i|Y{wjU5_J;3M$J&V4#b@He*_8jtOIIW497ya
z2o(!wF%si+v|y`&nxWCCCEAG!wnwNSOWVn2vJz@3J7RR4f*RONR0r3guMr<6A%918
z<S}Z5u{v8%vttSJWl+I15OsZqyS~YJ)OiiHWPhRVi`m6uB^#>#VyIZF--Z3JAo_v=
zP0d);$k(DqbOW_C3A@@slp8g5by3@{18RRSLT%rZs2KT(iiLRHY-x(2Vx=*b!<nd=
zI^WH=DgHo#DlXjJc0&!+nzlhzG#nKRYfukfLG6m@pIgTYpq8!?s>6Lz&ric}T!#wo
zou~m{LCwS?pM<6~W)FKXfLha1&K{^Ecqs<|1cQq1$IkGc_I!5KnwCS&L=<XUPeQHv
zQkUQDJcsJ2|A2&g6tkCAkP_9Q{K)&+tA+}qey9;GK#g=Ks$-W>2h=~P5moMO6}LjI
z@eovp7NI(L2DKaRAv5B8N&46n6~<UxD2JNj>ZqyjgNlWPsE(XOZL=4s4rc0W71l+~
z&>+-QFGVfcK~#rdqB@ZD3yZbfm{$A00f_(?dZN~JI;x@Fs0VJLM*0plmFfH0Oq4)%
z^i$M`Mxb6gYfwRa8WmH~`rAR48g(9ILG6wbn4I>#S|s$IZii~H7i!x~Ku!57)JTq?
z*8UBup=1NBqa~cJP#qnMx^FdV>W`pi<Shm;%|M%xQs}FpW+XI~gHZ?0cc}B=4^)R<
zpgIyh$d)7r>i&kPU>$+Fz6BLKzoKU90cuHN47OOvi)ybP2C&y)_P?fl1_fH9J*fSB
z6%{<;Lu~EyqRxjFsF)ays(3wWWEW8}@)p&B>_e>s<xn%y95rLZQBl7Fb%O32%Kq2d
zy{14@mSLDZPzKdN8&rc6QER;w19%NJ!jGs1Qd5scRt9z7XD&Yu)$x_64xGZ^jADR%
zxIf&2AvbEjmPG|$V^k0garq4{e*x8CoDsI&@}erNih8aU25>BD23MlC<<F=ky^R|1
z8>gRfq>a2L2Ds1}RpCU;fJ;#i9CX(oqehxwl#MJOYQ&9E_xY&jR-t0zxXa%|Elv1n
zTY}6;Q2Sma3B^D!)Pvu+8}?#={AE}E9yR6Z##qC}F@k(6)QrqV)w2WD!T(_ZqmQ)#
zWkuar1{G^<Fst_e2okFJJ9ps#s;4(m9eRg~fltP{sYXq0D^x?HP}i5C*7_8xzL(B~
z<E_D5sPgKldfQ`6+V{qh2*;_;`KYN|i8|>Hq1NuDyB>RjRg?_14fCV!Yk}(66s&<8
zP%-o#wM6+RS`bE|Iywyf0ErbObi-li6V!t#C)t|TMCJRTrfxMV*p8v1`Uz^rl1{c=
zlLvLZ5o%@zqwf0_)$nnbe?FQ0uWgrNik)x~Sdn~t)D*2oZNn3&8Tkvfe-nRcBh8Bn
z)_SOut}`aU`KSS{K{b5NmA^#|Aof&?mF!d5hxI6ENI^;b7GvN|ERFY2Yn*MGHCzRw
zk#CFYU?+@&6HzlT8?_78p*r>(>b|F#2oq1YZJrsmq$Pb4TDv-^ij`Ldqfrm6LpAUd
z2Jkp4iXWnaDd7y8nOvw2S3~WBai|k<GwMjciF${mnrUy@>ZtR^Z$Ls7c5!}*dT<kJ
z&2OMakZhJMMN!lev_!q#2BStY9krAzQ1$Ic4eSnTAjxN2d3IEg)<j~#_j-`fTFpVN
z)n3%p-FCi51yj;FW(h1#z7-b3uTjsPMRoKImci6>E!d(kCi&s0`^KZ{TZ<{R|Id<0
zNWnvQ!#}90$vDquqBtt}I-wpMi+V|Yk6QEJQ9<{@<-@+Rk*7sPdrj1g^+CnbRMbqZ
z$Aa4bCrD_-A5m+X;%l4If~X!>Monc`)PwU;_iuOCPos9pOVkW}GT-Vci+Zjpsv{Fo
zOSTd9L*xkh3YIG*;$y4@R&fec!}(ATHgx&HsF5s2HMq-p8`ZJ6-`H=#9H@h-H)^dH
zq3Yj{+J0wH19<uk`(KGz3oQl$sEVqgM$!Sbmg6xDkD!9>I0o<!)brjVGbI)vn;$iR
zHmG18hw9Ka{1R{BEbP75x9t#fiLFgSR0r~-*1Q&K1YJ>4{Uru)6RLw}QTM$>EnSkO
zHbZ$)uifgX6R;gBW~QQ!`rW7w9`i|PDj#D2lP|L#7ey^i2h@2m1J!|Ds35wIs?b|*
zOOzLNy%8!%2cq`<BGfOP3#eF#yTYC?g&LUOoP;{yqeie2brSAJ9T*=_H|G1+Dz1;J
zXaMTB-*>1bxr~~TC#ZT7t+YQg=0=rwbWXtF(Tohx_s)^fKK8z|hKi$>pgHROJ`lCW
z>rhjD7}fA?)Cg0ovKgw4Iu{0@I<yJ3jSpi@yoyyY=V}Ym-dJAy|3?yv>JO-?O})nQ
zB~aU>F>2d%MFrOgR7W;D&!9T|1U2%w-&;M|P|;omb-r{!b*Mk;-1riM|NhTP5^8wA
zyKocL;5*csCR%IP3!|2z5o+xRpw{|Z)RLUQqWB&a^%3iAAZ;<Y)~Jpyb@{y*{P+KF
zlF;^uz22g=2x{tEqdGPR)!;T%P~OG>Cfs0aSpaokQ&fisq3&OZ@$du&PfFBMzCbNe
z_(t}>rZW9To0`(7KN>YeO<hOSOpL|YxBxZ9-=ZqqhuUVpyYjzKQ=MRwjW~e1UIDel
zEl@Ks5KG{kP3(X5=nMsV@E&S6{Egan88=%D)I@cxHR^g_RD}yr4Qxj}|Es%x3pIf7
zEq3zdL_J>|V_{9yE@<SFP&5xijc6lkyZnr*@FD7;_y+@+ajP2<hLUfAn!#2W9fzTQ
zFN{V_@l@0Rm!TT`5d(M|^_(AloBgAaOsEQ5p+?>o6*N;&Q?>!M#wSrH+9P*8<quX~
z61DctP(kUV8d!mvi36zTZ=zx&bbGLazL%eb8mNexiPl&MXQ5s`M^PPlf@&b~4r`zY
z>ZQ^gHPWt_0DV+LQ&DTY9yO!)Q5}lA)0Q+Rrq=#1OF}(tiov53qmf^PTHEEQ2KJ!N
zgI`fod>1vf&r#<>oFDD^Qm78JK`q@#)Xc6#4QMqgn9pDi+V?J#PzR##vZ=|8+Gh1p
z6%4}wE<?r0K`f0|QTL_UZ8KN}1LWJGPR22)ncRh%@~5caO}EE(Rb}+Gotl#f$Nm@>
zM`2N%hQTFpK0yUh^1U{~vZxNVL{04gRKs&n9Y2W*;^(ND3j4`+O&ZjFMSpU?|39Zd
zYc&bA#)nZIyN{JI`aT;$P1Mv6LT$e>sEU`k{0^5tk9z(Q>imec-%N*!r3loFG}-Ul
znvJ1AORxrY68?+|n%7tuQys7e>!4<&H>v|)p+>qDg9j1n==}>d^_dRZZfSxY$dANs
zcn=lyjr~LRKp#|tOHmabMEz{OhuRhIP(hUUu+2~bRD+FB!PWycfT^e@S%<3c2<qUu
zhnkW1sB<F45%=efPe^DRWyES&05#=<QB%DiHN_`UGxI-Gg^7<^g;`JyN21DGqVDhQ
zu1`dbbOmb7_oH^vTVw`(Fa9wbK~Buih3cs7G#C{NYn^9M(f$(EkqkduFxE!RM1Pl`
zjvDz+)XZH$#Xy4NuEVJNBQc-$e^U|~!9-NWt57H01yltgC*124m2Zo>J_j|DeW>Rz
zpr-z%yB`0f{lTL+YIl@F?Xs4r80v}v?f)4hG)0?HGjJN!!;n*UV;WS&<xveaLmfzi
zFgbpS8u1F$NRObR`zk6n!hf+K&xKl|dZ_Yt=&OR!B=iGfKE}i2sD>_~g656OCpm2u
z6htjeB~(W{qmJHDsQo?@75&RmC+csg8T;V!InLNp);Yue*M-3psOR6JM!E~Nz0RYi
z>KSU^ru@~`yd-J{+Mz}|0E^?ds1xow1~ArH3&tF%s4s^K!YWt-hn;2rtD+qgXzfp;
zmf&yHjO03JQ``)-*1b{tdmI+UZKwe}cIBzgTX|J1N%?S8eY;RW{m7N4zhE6}=9AEr
z^+8S5Xw-IGjd~65KuzT>RL@gfw4T>SJvRZ>v9B=>u1Br$PUlI~%v?t;Y3kqXKr4=#
zIll)9P1!dXfrn62{WmH|KDlI5SsFD{pP?S?jrt|C7<EvsLdC+57{K$Wlk*koK+FBR
z#Zo=gHtvS(3g4S&32z(f#&f6+y+uu3hRfEm`luNihuSS`Q8Dr}>ZNoCV_<?Swq(h%
z0{J|sCF+HWtp%w2w_<+n|7#@FaDuBgq6kz&rBMyFMXmX8)X3MPD!hu*FxEAz@GI2F
z_G1-%jGCb$f7rQE78O&yQS~py%CzqtC86z<;JP(f2(_Q<x_occNT;GYvIezne|OiP
zp_VNE4eMY5R6{LMK|K}qgJT!!zQd^4x`)1kBFRl#n}Qf1UkkOCpS%2c)XBFB6~$Lj
zOBDZ>8zE|@%Ay9++&LUIkmVR`7&U|UQ0=C;&HmRuEOOiace!4u{k|C$JintJO!z+w
zvO=hlR6<309n{OF4aUSlsE&_B&CmkWxw07pcnnqFeV31S$G0fYd&fpl8?~LfI)|fr
zIvZ8-7Ssq&p*s59m8ZIE9V&#nuQDolTVVjFyX%|W^+Tu_`okyDh(w$}ZDg%b9q57@
znU9Lvxu_9uaODS3=fP!EY$U$t2I8!Z3hK`>fHP6&$`;fT96-&C|BQsr_?Y+YK*@-j
zqC%*K8>4#K1J%&is2SOYn&R`QHGYVyIQ|2hfl{a_Z;Wwq2x^HYpmxV}q<-JKL_#Bb
zjscAR(4sdhD##k6W?~p>%ICQ2yHUI05o$lDePl~m3DuD{sOX=DT9VzUj$cHboUbsA
z_J7RB)<7oIg_5Wa)x=P2iDB3VD`5xJ+5bIijc>brvL{wv3(HVG2G!w%&IhOgC4Oqb
zTmnDQ{;x?wJ?w&-^3kXfe}e(sirTLiQ11fonFV14YKlKaZNFit2Ie~tpq_hxI+&6@
zx0or1YHtAg0TMGvC<Zp8g60&e`~{}Rq%W-E2rN#%IcgWoaqdKQ<Qi&<qy1&iWkS_g
z!R0%l4yN&_j&A>p{okC#bqcCr>6bS3V=xZ+d8jF0hMMYos0LEMvUfspRE3|Tf_5RQ
zBm10pQ5}f)+Wv*bf*2s*8`XiCui5_!q8}+xu-r$jZHhM*RCQ1l4nS435Toz_R>V)<
zT8G=9X7CGC#nVtzyd4z-zoI(+)|IFH+m@`LPeR+P4(h={sD_rJ_U92)EL=rxx0e{e
zxbN&oWggTL)j)NiE9$<ns1AJN@;{)?l~bttZlPZ1{yUdQ@ZN$Y6Y9oVsGw?t>X46`
zspY5!&SLN=#q#9i{bSp%E^0u-Q1`Dw1@&*(AcWY(QsgUr4F1ckzBiIYDK4BrjUawV
zsP{MKK+Qnr(9q!2l|YR&3bo${qLyqas-a(;AFwd_JYk{1bD*trx^pj<<@zHmrTw2L
zT4*r1x}bt_K9;~Y*b)mx5B197Ow_@09`!puEJkQ>Dib)fIm@Ct)WkU!wf0+4Gj|RZ
z6Ax5Q`(EOh_CNvD0n`e$&wF76u0ZYI-%<NHMl73w{HUpoLLITaF}S9vpq+{7aR;j7
zmr(b`j2-G_z@+G_!XhLzrL9m8PCy08deljH1hv+`qy8lG52}M{;)Dj@33X60(iOEN
z(@^KbZq$7@P&1Y++y<Hf1LW(5hx)+^dQqSXrnn26P(4433c?qtmrugD_F!&QhijqA
z`=Rcifg0&1SAHG!{Cm_)rHU6CJZB1`1~e$1Z$0~l0*!bTCcu5DnK*-5%h#w8WQ`vh
z{83pDwIuyeBVCGW;4ms^|3EF}OH_wqB(Me}P~}Zf1McLLs7Yc9eulqeT`Zo^Iy4c>
zkY9@G$PLtp5+<@B%HwQ^MJOMP>ewbMhS#tlrbrwb{BOUi<4E#9qL#)llf<?|ZwyWy
zD%!7Of6SOP)a#C4V@Zsa%wnP<YQ#;PJyFp;0kw@6yZn!+^W<05Z^ygX6;mY-&WP`g
zAyJfq?@)h`xQ;prpQBE&)F~_<ftu>(sHGW>rSMy<jkiz-QNffpV_%?VU<+!bk5Khy
zNM$ou4FlT$JxORvr=#}iI#k0a@pHV3TAIeGLxcZ1{Z`a2h@Hl!HXCX?HAOAa5Y#SM
z<MO|u1{gD~oik-oYu^)d)4n&GgdW_F>ftj~hf;lF6&Jw(`A<>h15r~y2Q}sEQ898D
zOJnqO7K9a0GZlrJIUm*0WvC<i5c(>3N+N)X)7ynYsPfNH=fiNUgsV{<eTo`k`hZ=p
ziRySiRE#V{&E)T>4!*?zCd^<nPym&0lY#xOsT@T?8(f0gm(em>5M@J6Re5JeRKt^<
zJ5by94(fNn2ds>FGue6Y1uE!fV}3k>IxpU!j^L!3eLE6MX10A<)ft8ASQpe(kH>hp
z1oduMk2-MfV*ul1v0ao4H4|O&1I|Rvz>KUmbE`0v{BO?7K8Yv_uA%mQv1~LD!Zt!R
zcrd#iJilUG-G|!W53mWQ$PpU+?}K{aO!AlT9(K<e8vN66lU%m;pP^=MB*w<|sG0D0
zkjOydJZk&B##k6Tcc|A26QlNjAIyU{P!%P}WBF3pn0yzkjr&kXbHco4any{oL7fW|
zU48{}()!*>5{l}psI~kXwfz$3vk~V;y@ZORqPV8Z_e6Dk6skijP$%85s2Pf$-vt}$
zzBZ_ijYjQ?wHQ<T|11dw$z@bW;uWw5a-up?6V<T}SOte+OgxM_a86-yOjOW*c+^03
zXawryTZh_i2T<)ib_NO&Gur?4mB1Mo7k@=X^B)+F2_mc`X;4d081<5Bi~6P02esW+
zp?1$v)Jy0As^O5rHiNmHWl?KiAAODFa}qVNAF3k<P*EOM#2PMx>iMUrshx;A7q+3+
z_Bv|jVimQS%7R+!(x~&`Q&fj%p|;&})V4lel>MKc#8V2iMhT1A$O~c;@@-HDPCwNC
zU4feF3of6qxE-zKFb?GdQ5_kL3gRWGpk9qtaThki=p{mfKi`{`VE?Pa#T3-X-?1g;
zDH$644-coH*8DkE#}cJ%X2xJS@;~8d3@vT%hH+Sp{AH|&S<2W?xGt!d(ITvezoBL%
zr(f23S^}desDSF}H>d;X4l0<UMOwZ9YD9HVyP`E}hWesLz6@*NPpE?@ZaG`ROsF6(
zjYY8$2KWCI5_)hIYWo~UHT)J8R4K|^&x@eevIpt_S%VdDD=K#0qGF_S1?$iN)N6Mo
zDwr>0DGaY@F;o?qdEe_xLLFG=JdT>$KQTB(m8>Hrur=jTsQvpRD#~x5g6%abW)fGn
zlP@b?AfE@-aI`9+-bO5kP4ER4)c&tg)nZ_nb31AVo}=D+39E&Ak=PjZE|`njW*boV
zokh*mGt|%Zgw-upDxvoOG}QGKsOUe48t?;5N&8-`8n%`hP`e=l*J4A|_6n_OBhHC>
zur8*;?x+UFp?1##)ct!<yX6kH#}u`!!$VQeFGdYyHwORv{|h7(<<V+~2LB;ZP1IC2
zbM`<rI12TW`UXqmW1NAx>x6o<aWBroMs;n<@8e|h+3JM`|9*ij_$B#@^+SXIMCELK
z_J0@!7byq^3F?dvZ(t*eKt*?BjD}-S9hr#Q@5^2Jdeq3apqA#0%m0Pi1&JEkYdX8L
z8Y+gmH1zF;X%uKGSE4G~g{tTh>d1YM0nFLRqPGSr==!6!(G1l6>rf}>8FxKyW1G=z
zsNGWpcVKTEiMjnIcIK}~-LMNa6K}8%X8+V2fI3)?q7I_OQPz<b7$83Z6|AdK+wLi9
zsWLYW_1@qYsQl;6tp2^2lf3_ggf66RZu`G0>ZDqTs^}uBW8p1qWK~cn+elQ*9C0T2
z%${q4g(;tgnei}|!UxXmEp0co$Nbv=-;&U8wu`6+)3vhbt&i%+C@hY<um!$Corn!v
z+c_};bs`=>y_C+Q*8C%Cgvs03h|8hQi(aTD9fyUr|F@FRwtIkTFubiDkrh!V+7OJ1
z>rnfB8)_e)Lj~tMR6{x2SxhuS<$IzUnvV+FW6oQsZTb%e|M_2*_Et~<^$Vvf25>4S
z#0{ts?Zejio4a13gDpuj)C|o*ZQIkRV7`soHE&V7>;vk)(2mwlDfHDqD-t@PdZBtc
z4Ryw^M)h<Hp2aJueZQfT{U&^j)5tgPY%}o)bv<pDQ12^jiW%@PR7@oAYQGU{Vk7eN
zyR!ck<<BT+h~>Ijw9mm$$=|^!EZg0p|0}Fb{uWNhf}dM39z;cd>>d`(bx;i~#u4}m
z6@&wN+Cj7xhmo(;%eOT;*vo?JIga5%-QIRUTtLmpd(_)5c^}&iO;NEi2esdiV)hVz
zG4*BbG4~gtUPsEC^s`vl>%5POp=AASNelTT^d7J7Y~k$b9EJMHH3!w;evE^Ep{DjD
z>b0F=fc^QuA!>V0Lj3|djargRs31=<&^lZcH88(72{kYo_2717UwZ$bMx1w$9m%~>
z*XN_Q*>%)zi8I(nSOIk+evX>@38?7*15;wWA@&EFtf+hhCe!|}WeKk>2DmT~)$^}W
z!M6;x-HxM9#^)FxGY+*s^%g*NtS9RJt*9gXD*nP!{Ea%Ae`cv;;3L$G{e?xf|FaFZ
zscDJzx!|K_;8)cC4jW<7TM#u<olq~SS*W$#joP-CQ8V)qi(`(FHiK<Z_pd~a{4{E&
z?qN>a_o9um?UoO9p*V(PLsV?ELOs|AH4~FDfSXZkcn;O!$EbauezX~Z3CUMOotRBg
z^^Ze6w-kf>e-{az@h4IHKK2;<5t#(5lW&PylGRuQH=|Ct`&b5(jkV_*Vr%lB;XM2a
zTVd2Vb0>BopJu%MFc~|Z{U3uhdPqSJF1(mvKPKBww2C%hd&(0}vh6tl>yf{Jn$ql(
z?e$v^Z&FWp)UVvSU)nj*33V>~faUNX{2a?p4fVdjbyEof1yAN_woN*tZd{2a@E#V{
z_30MvO;JbjOjInaMn(ArcRkt+Tl><erRtB`ehZyfP&1l(W~et5+xsLMkhq1au;?sX
z+qSrY{AkRAg=bqu&9FTAuTTwKK}C1i9Gj`E7>p6rZrF?-GjrMHugtX{9?|C6pELY%
zB=o>(OoOjcQJ>^1i|X>Id<RT~vr(_<m8f95jM@cHQSXrWU)%P|gNl__sORTm1Rh5H
z0puOBoqey+eET8M7B#Xps3mxedLaJ-JNeq9@^kT9MsxzT&H5~~^0lZLyos8z_>1fu
zh(OImJ(nNooP*W0|2LD+2>!tUrdezwDTVrzO*2%Fzr!kc9krdZFR}gI2zB3A7#HuL
zg75`q#_**UjQOz^c^`M;NnEV`KYp22oMX9-yca5JH)C6Ti`B5j3j3wB5`!~@#VF7J
zt=-=l)xq`H9baQhY`@a}hmAv6mVCzVY`eF?;NSnZki=(Pc!xu<=_>b=47EGbt+q96
zi>=7dK#lkXs=>%L_RoOEqdNKr>UxgvZR-1BRq_i_!G0ID3renK|BojzcCAfKf^`;z
zEwCZw15w-X6sp45>n*q%V+HaPuri)Rz2B2=uo<g|>d02q06t<9thmvBS1iC5<X>*|
zL%lvE8f>y4JA#_px2Pp3x!Ecjfvw3OclkV9Y-;<XD!Pbz>lNN=`AMh_-a}1!o^7FC
zBz8yT*P%|_$36-5Jm(KKl8&emuS0d@9x8fsZMT0M-vB3)KaT2P;~k;FzmjDE9%HL#
z-D$!0beA1WWp~?KvpY8D{%=q-@i(f&e*Ha`_zr)k-~+1SOM5NK)Bj|z&6-I4UIWaC
zjd3y##Jd<{pL+?RuBYE`11OJrIgQ2|xD}UU$bsOJ^ZTEKrs6MDkMbY14vfVp@+VL;
zlJ$@s#jQ~X&|K8-f#aAP-=Pki?1$Y;3*(bt?c9Ot$WiQzZ-eDNzgUjgFO#9pNzSiO
z2hK{Dzv8@)NhyDWdX2_AYQG<{VJ7lbP_OH*sB>U6#=`{|6IWvb+=OvxpMNFNez%`Q
z-FO4z;uBQVzegP$)mUI1D05M<u?uwqen9P(Vn2s^y>JSa$B(G%<&T>~PzT*M)KZ*7
zUq31XCv02QM@{7z%!!*&Be{xd_!VZrG$*aRG;04hMlHocjDx381G$9ysdX3AV(L>?
zPf^rTG(W}uSH)8(&}(%Qs=;HZZE_Q{V8&l;DyyQ_v=!=Q)B_c4BTz4~<(M9iqw0Nt
z>Ttr-wloDXl6+%S`P|d&f8Dr)0tMeS)C@$N3H1Wl8WmI{Q5Ek%P2D9_!&!c{A0kyz
zLEH=T;988t%UBW9p0$ImHEMuEQL!+`C!vZKVkqvzPIwSoW1e$%eJX0HHle2aHU>|;
z^EOlUuo&gjQT6?dikU}P7fW8SBYZM8BmX0|ML)$w+fIW~YrY;8#lO4q52ywU{$?X>
zgIbbFs19sI?UKhBiJ2~0J?&5(o{9>>eW)dUhmlzF_uzHk8$zNE1?w<?A5d$P{<1Yx
z4z;!&F$aE$s(3r<hsAx=NK;+0bD|^a{-vlNr^is&V_miF+8DJhdtws3|HqSvqF@1%
z^<JSG=y%O}{vGO<%}tDlA%9r(CcxC>BT?6zp=NFn>W9ce)J*-10ep&zkwn)mUkkIU
z!OuzP*X(Rek9$zt<r?O}cc^`v<Aw!M71Y$X#iF<vHKO0J9zI1iT>hqYq!a1{orTr$
z7u0Jw^(_Xh==_{SCESdW_!iZ0iQBdtI$^MbF24t(bNvCTqt8$sjQ>CDNN&^#SrOA<
z6lzJnK;5?hb+GOHANyZZ7xRvdJS*xPsEpbsEl?Hp!(=!KRnZdEpNx*8w(n&Opm*2q
z&w$zuMNq#3dSF@Hff~qL)C^|))3*_{{L^|g1S7d{47JbW+_QtGF%~A@3Dx0+s6Q+2
z#-^C?zRg%ytV;eXRBYVDRQL~SrcykxjzwS@^4)zBI&i*61>Ggoks1EbwpAI_Zs>yw
zuGtulJ5Wn>2sL9bP$P@;$o79BRC!|zHiU|m?@{gCMh(bM{@C_wP1IEOM@{ttRF5~I
zX5trA$I?8psjiI*vL2}CW;=JH*7y(9QvHJp>da5=oT-S~wgZrk_})qqI(ROjMilLt
zomd4iBl%INk$sCA$uAg*@t@n&)<KP=GioLmp$2dQ<Kj)!x$y+cW2zT66U{NVHvB9S
z>d`(_Lr+m1N%fam1y#WpsHt0onwc}M{4r{3Q@*qg)J5Gt6xFens1x)m>iKxDtevtL
z{QG}8k<b)<jq2e}UBG`(Q=9L#jl3ahpU*^%a191<A1WwsqLwJ+jqQR6%tpQ%s-9k`
z0nR}kM0?TK6u%>(sZ00PDy)I(aX04z)PpCm9KJ*~RP=9Kx-O{vY*al*QD^>3)Y~)P
zJFB+?sw3l2GxPmB_P>JbCIyu-?|b{%`~@o7cQ~)2f+^%5t2jGq$=aZP3r=?)Lhbjr
zs18^7V6We9s19yKE!Az*45a<Y{#Oq_{b&_UMcr@!Rna?CM=E(?!D#P{TAHcOeW;GT
zKm}*&kg#BfqMTEl`%u?kqDCGO8Wuc&y7(k=QLqvfG-olm_NcYX7Zw&AX%pvIjHG-k
z>bX}Kz>Lwtf>U1slaTL;3ewT2kuSljcn<Zt{v>)>@Smjm^+~9rC8&{}L>)NKP`}ZV
z#IWlXQ8UvMRsJ2SflH_gU!kTvS4<m7L+3D5aDRuv*g!r1(ysen)>t-$b+IfL`lEvH
z2h^0^MRhQ1Y-^xCDu@Q7f_E|M`T^ALd4h_Gf^n?D4ygNQqGDz{>fLY`gMa^5Al!Ns
ziTX9$3)O)gs0#0)mL_*xvoUIhhNDKb6cq!%phot}<+H^L3m$B>Q5_hFI#(9D@)MYW
z^M`-A%+@GXe4EOesQ2^;)O-5`s==5Etil|qiW;IS9*OGUN{o$XFdklZ-b2N}YgBCI
zOc)kCN19{szyIk=LKRLzEx`_~fNxO`mQEBF{L$DGb^Qct`@~Ib6;?$}`5;sbtiy76
z5w(P=l7t0+U4M!?7uKN$_GgkXKe(+jCAEsGq1JM+b0yX!e-^bAfn*lNZBZ3{k6Oz+
zs31(A+|3NCd?a?jA5lw`F@<%s8fte9P2pSAub@CLp<}4`^<P*K<EIP@{#mU7s=~IY
ziWZ>WatBav!5gR!#Y`0z{0EHXunGAM7z<;i4h#MaPlUR^4F+($Pa-afRj9SuhH>yu
zcf$)*P$f-cF;EHB(T<oBXP~z28cdJBpzeQyVHikjGm;tg&Zv*7zY}UV_<cy|fu*Rm
zJBw=IJvPE@pV+=1iaNQrVkLZl)v-W28{rU4M}7=yhL$^zqn745>io!--lo1K5_7&c
z&J}D$9mQ8M1ttwx4|Ai|su?QyMxplo0aQbGP(d0mgDp`cmLfk8HPzctOLfKhH)^I+
zX4HUv{-+lbwJ7L=RdFBc!8n<0YV%_h`G%-nvJSP)uAp|o9n?0=m^m!?Yqts}CEpgc
zEeD_mv=kNfJ5fva5`+K#U#cu&!GB0x88y<;m>9puG`JTPe3wxbCe3OGPZ?B4yE><1
zB>5juLHq_a^2FIJpC7fms$*&Fhrz%9Ym2+#94aUtqoVnf>^9;is2-2O%DBqqpQ0K{
zn#0VCn)<4kNcW?D1<ysr&L-4S{fUaTG&$M-3Yv;JZB5#uVqi9EWGApLK1T&<g<KY#
zeNi*C2o(dHP$%Ri)QI1qVkK2>Tbd};%nd`8e}~!yf9CdW+q|GaCsmR>Hq!d23j1LN
zoQFEmuAtr#>GIkPb-?B17vuL>DW9De&rwSmn%|ZxCu%@VTz;r?wNFAlyNKF$AqA|*
zxlu2ddZ?)%=E|3%w$l;RRK7>eM81L+T;)+m@leznZ$ypw32N!`6|yDjhpNZlOhWte
zPj?{@VN1{gb;B&w)E`5gh<~Gw;<ANp#zvy<+lOlS6{?|}MeMm=*p~cKY>zRD+VyTo
ztoYt$5)HZV6zgN9Vz!3!P|>;#6)ZPV2Tpi#+YOCT+ixl==#IO5tP<AIim0HQfC}op
z*aRP=wsGZ>nsN4jUlQuTBGg*{g^K=SrNV+gPJ5$*Y7c6kU%^%wQrccFZLlNxW7ri7
zl(FZ(LB+sD)DnI~#Z;!UR$nCy{`-GzNoXyXp{DwR%g2ngo|iz4q%&$J7NNG)Q4HWM
zXS8y5GG;+FTou(|PfU(8Py<+nimg-VtHO6A)IjF)cHlHc%|t(}fjeD3Mg?oII%=)E
zVp?2;TB=>B2L43FM7)ajOR797c6y_Z?jKMm;qMjM{~B?!O16(Hqblz1@=H)7If`1d
zr>KJ^U1fXO<i`N{I;bPIC+er$c+|kQqfXEpF8>c|MzU71Bf4r8-=@3;1=@yRqPF37
zm%oKt`*>BY1Gz9jJ__~v9fZ1nCRV~dsF6pjW<SG=qjpy<)Dn-uq_`bb?@6D8*5U!`
zBurV|rl=@t&6=Vb=!F{50@Q<tP*Z;kW1&~WIv5)@qeW5mbwWKq4s}j!Le1zQ)Vbh4
zBB8a*Q!~s9#V8D5bBu{YF%FJFH9XC^4mF|^sNM1rHTA`7*-6<Mqmf^OdU<U?-FFXl
zWM`@!Tx#E|PC`8yhU)nq)P8+}nwfNUEMEh)c7ssm3s5m}46EU5)QHQ~wFX+DmSh~3
z!;`4<B0)WSt_J4P{vYTHR-oQyXHjeW2o+Q@>RSiWVO8?AP$QayT9RK-LG}i9#wTsy
zwk_&l>WtCxThx8uqn7Td^0e>$k3@V7X=vLgA?jsR7_}SvqGsef=S9>~#b{(R78_%e
zFM(Quil}YY7fa(@)X2}Hwq2se*72I?tKu(6Xl<6G*5(>&Dx){C*vO2E;=0c9sMqvQ
zs0Lo6W~%U~wnVj1GuQ()qvNp_E=8RKPf;;fIEwwRhFeG3gY!`p?M6-Qc~k=*P#r7P
z)Pl1u>NnhI{06t7mZo7di|%hw`9r9wj^EtMb739w4NwDL)|~yXssELN0Ny}V9NNN`
zA_8?TM4@J66zVKriaLT1qxSm^)Qlwm%z~>HYG8v=C+Sv~e~UU%3$?VR@_iDD{`IJy
zK0$RLZY$evWl+1KIqHa>f(ohwI2ygyVZr|yZVYPe6SuMZ%A;m(04n;oVF2G?6-?FE
zV#sezLTk|u6*SXOBi@WUIId!PjMdI&Bs;33wNNAPf?DfEsQtbj6X0$fgD0^MHfV3>
z$Pv^M|B5{Cd-qA`f%F|L2J)eTtsbg;0w%++Ff*>l40sOf;VaZhS+%2GZ;3h|Mq?yy
zM9si+)XYY7vKj4wCAI(OlF*H3QQIzQXIsMtsPYl0VA+qFx@V{k6z^hF+6+G-KLm9k
zeT`bOqo||yEoz1{bhUG%7AiKzVqxw7pGat*ze2qna(1&D%c7=!0BWk|p^oB{s0x2W
z1#h(O)?gA;gB4Lh+6^_JX{ZkWf{KY}sNl`_Is0D~RVSf_`=Qom5^CQrLrwW^)QNW!
z^<bJF*0Ca}d}C)X43M9UI&jvaX67C$regNAZCwDhL`{3L|8*peqd+5EhQX1cf-G7u
z>sSWV)E2=K*bWsVi(L6d)Rac=ZI(sVI}kPU+0GwO&tF0<Y0^HvHC&;Oy&eakdOiv3
z;1N{MQ}nf-mqX1|7mR^E=EJe5inn1Be1;lG^e^mOD1gd$LM`bm)Pc6eC!wjmj2c1G
zes*JR)CdQmu5ZGI_yBdXMfSJgoPY|-pHT-?;sLge3!v7zA?m$919g6^!18z*)p0-F
zK<jyJRL>@$)^rtWqz6%JbqO_s7=!HhdqLDeG!V6P+psJ?KrL0S!Pc=TR4^_<&Ez4}
z?}jHB(EiUj#Clc%V{>63DhNlRVqiXM2DYP?<QZxt<%Zfw`=hRZjhfQ4sPo`&R6~h|
z+3u)_+6`Zzeiv-P%-a8d2NN7X#DYdx5jEnTm;k>)?Si$~9DhYERleaCT%A#CKMA$(
z4`VfajT%t75w<OBpmswaREMWydD`diX0{-SH!{pyM7|=b1GljTCK?sywZayd2=|~y
zavC*~1f%U_YlMx+k3&WGRn&P9cZ>yZ1S&>apvs4!uOoCh361a-YP+NvYin2<HL|X#
zVEGm`@(UOb6OOYPONW~3>ZlP8#f&%~1GooO{~xIPqK&s8EIOY3uOJ#kfr97<)RaBM
z9QX=#W(Ovi^-;k!8a36MP_NfpsE%cu7#93rHd|w3@>@|Ik2}eNuoNoa3RB{=Nvx%g
z)KwHH>bE$5L3QLl>LB?G^@AkgWP7kUY6|P4$_JrhXBn!4zo3HmA54X*r&v%&pk|^b
z>bYJ%39Z%FsGc1|P2F2mhths&OHvdg$w#5?`x-UXKRf?K&0vhFVZnc+sw9S!KZx25
zr%@fb>kOG@c|Q$_#9Szhb+9Tb2IiqUwi6Yt_fQ8)#_2YKRv4fB7}OHXLUrgj%!02_
z^`@O++ch6*d$va%Sd)=p<nR9^p$A@|9!NFQqCYokpGRQ;r@HbDn1K9M)C@hsx)^Jg
zH4udf$qz^EqUosE*n<kbH>jA(HCqQ5`>zFwvJ`wBEZ|S2sGg>nV>3_&E0XVyI+8b`
zD!z~Ec#64ZX;cGkQL!-xb%O3eE$LZ|hOaOb-(fxN{|_W8W8Hbyk-1ot{6$oG=C3TO
zyQ0>3FKPsTp*ouNYn!=R7$D!uIRev@Uy54N{TMt~P&1NfKKoy5TZ4oOMx%c7?LkHH
zJ!gsq7Ic+ROY#M3q-#(yaSe5_r2WQ5UJ^Cpwy1i>qN05ZYR0ajc0t%e_P-9G><g{o
zL8yJd0@dSRP&Yn9J(zrv{ZcB03eKLWjxR#pe+dWRJNy*;F1F}DiP{afu?;>&b-ck6
z-x`>{#J$B(6+S>kb(W>JB%M)Hw+a<>7qA>YLoG?6Ww!r2q4Kj(GkXkmz=bZid|A{k
z8Q`4bljuRg7S#63yuuEczNmv|3g*LA7#txgxZa^=Ak()N1NBieH4rs`g{UR^%^AMZ
z>Mi4Jf~mOf_avdUnuwa>wWx~Dq8faIIzUo?XFV@~DaqHtXxIsLf_BH~H~_<N7;2;=
zU4AhtMwX*a#sf%4eeXI6RhW8}O<^HyM!qE$!5>lE?m3pgoU1L$+hYj%uCe$(?z2t%
ziqGtr{M_bZC_Rkp%Cvm5DLc-!GNi|HP5=J6H;GIOx}2QvJBDzQ2QIsZR&Y}U-;y!-
zX~ly_@K>(!zaM*txc>rqHi?&u{4DoO1a6?bJ>P#niPRa&wR`4J&lq>1pHJ^!(dbMX
z3E_dsxDCg<8=6qLPP;Xf&*MRTnjx=;;HN6-aGtNo_utPX8jI~Z6NmfmyXSPh5$%0O
zS#!#kbC18k-PoT-pYuITLyfsumP+(#@}Gx~QFefbZ}3cJD(Xr8OZWUk%CFLig*=nP
zJ$n^--vmDuxxYU3|NBYHy?djv{y%ZUP#SHhhxzWN!PY$ZGZj~I4=i#Oe$91#>hMfv
zz8ATkf@>XkrUZ4A=9wPunJkp;`A>sC+M`}a?ytzTw84(E{*&DZMsRa~8VFEvDth~t
z3KvmUfCqB$KoiQcah*8y(zy;DA%B~DE>K4_?(fgF-R{~wuBGOg30$kgSN}0e5ArRz
zFB2Z%dRm{%Argx80;F5G&O}n_&s3J*<)3i<F=aEj_utPW5{v0rIN##j``?dFw*lO%
zvm+*cL*wgtUZ0z^lY;d3)a@UoU;qWpxT!DSom_}Vh2L>;FzH-Wtd~?CD!7hk$*1Ld
zJ?>3O`a3sTE_tJ<N1rV`_pM7$MgAHoZ!Pr|QYYMibl;e0{7O6QD$q>SA>EuCnlnB6
z=v}aZ?=HTZC|^Ot|NSI)jhyGXN?aJo^);kl%q%xK$;=I#qWL}O=3TD5#u9vMxz>vD
z<P7d!i(9y!n(`m{cBf_j-7jyRt68ljpsX3+J>1_$&rr`EuAgF<`gCC$4)AOvp1a5O
ze?M*c>$QUE&Rnd<Lmzk`IydRFjJ!q}hX?vm*>&>&ei~6$fqZiAUqiY*4NT;ljC$%)
z#^3qowRHCn=h+qHU!s1o4srEwrp#8()jFPvUQ)?2ZhXX7pDBF*q<jvQ@>gYf)k)_j
z-I4OsRMe7hZW`i<_OkJ9Mt&D&$DMqabH6?__@*YEoom-HBiHn)t?@T^Jw3+78X7Vm
zezSRv__n68yLeI^;=a$^y}BoabWyI)r?S$np}ySrBl%}MqmN$l>qxh815#N{cW-UV
zg7e>mkzI2=;`jLffAZ3qRowKPZ#nMCNWLLguX4|28qP*V>q(#D+Bov*N%Nb}E5!Fp
z^7<sElcV@{bB#Wv{O5l=tG`}ijos(<;wFA|c;C{Iv)r_d@*k-9D*i!P6pfE2oz_+C
z9`n+ZKgacPbaE5V>xbVS@~1Epd41~f?9bHyCwZT1W$`3+2glzO(sP48x42M>iUQoM
z&sc8ex0v^iMy{%1@+En2BF5yqgYR2L6G_<vo}1!Erf2y9;<e$Ko4D1Lui*Y9uI^{t
zGees?CO7>1(NB_pKV`Ua0T0G-547XqFuwCCo5;5qo#yA07oY2~uq4;?lSQ9#!O?L7
zQFes%QSM2Cwdqh7tfs;6@!Prte_xwdm~;;-_nQ3MsLPipf0J}t8rthRoSFNt^ITcV
z`L`c~AO4cU;O8m>+v)C$;@NqwT)(~e?dav;{vq1`=@>;#D%!~n%NW%dE^KuVp2zJ}
z)Yx?<6Zf5^f*#y^jC=KY$Nl`g_U3Y}yj#XTT$`?o-1n91n6lOQHsGE)%J9h+%g!I~
z8jVz?k|cbmx(5bhcFH4N<6n_(OS&EgxE7a+vQx=wz8l@>ROvF(v+0aJqxc@7PJNE^
zOgGoTvedDddk!fY_1Qti_bG_McO_-bx#7Q`JX~MTw>#fXe7kW^sH-d$_hxYQoTl+%
z?%8Kpl$rR%b*7{9-+H6dF~2uA4ddZEZaRPFrt+==-B^|U0Irv%v2_@Nd3bOE_nala
zn$9es(cefHBmM8^7SGk7&cUv1Jom)snNRr6<=dG$Ht63cU;OVA&LlLDmhTuIxXg|E
z2R8alBwgN3Wm_xqc2O3MhV@xTL;6EuDH>hJH$PwgO;~R(^~~X0m-J-H{{3VQCRqRS
zu4Fb9B<IGd^!z5@$>gh%uSRE5($E6R>eGSOs83QVjHFzj{M@&n@>Zyi{=BVEW%6&a
zH+7|RomY7ZIx?F40~dc@9tz^Qigm+WzUio(e`?`1aJ{ZiNAxK}`B=)1V@7wa8tGMB
zt4TwXsV5)hPh4l({HNjLqziLzX0E*^?YD3hsNyLUw&dYoxZ!)gC26n$qfEe!(MccV
zo|4>O#C0Sd<q`ksw33ZnqtofglmFCRjPyLNPsO%8&);(B6^&)@A1?-tB&DDo51pfy
zUfdW(<@`VI8`r=vt|ca4io&;)b*6)*`Cj0;?NnNWvO(OVPZQFYN#En%Vx<4UXyiAz
z4z1%keFFObUhE1Nic?7jE`CWmA>Z?Ks6RJUA+65`9_ULYiI6|hdX;c3&(!5R$=##-
z`ca4eF!&|cXHotu`Py!_o{(=$`9{}?aN5|Y_3ubQGAiY7t_=Ru1ywYfn|E`=6CTJx
z1rJf5WUjH<T+?SD`Gs72%JceE#^cnppKnvHZDRB(`SRCldS7#W5%<R7*-Th~>wZ@r
zn83v|e5<=gRM9cg`*?6SH~q%79V&F6X_$@cvG{J}dy9J#<9|OJDbwd5ja}rspFICj
zftR2AF1gNj(f%LqZtOy12bhUd+;D>ibCDiub$G2wucquAUwvkw{;aG|Ij;R>NpC!L
zU38T{rM@&=>qEXF-&%a*F_Tf$|2yBNeB<c+KTTq@d#ELLqq5DeLNSuEirn+>X9T0@
zLq#zu;~x|S|8+)P%R>2ON%?dd|AO>WzU%31LdtUTEkuX(cX{gb3!VK(=l@S+hEiCW
zhx93qeJRh2Yk5GQ`FtnvtwY&fcc04hQ0c#)HgxJP_t&9p6ZNg8j{klZyL*@M{CC`!
zo%{XEBvMhZ<Uf@TbxWd$C%BpE>M9$@wa+N$-*69pF7kXUDvCqpN%%hI>$~Six_kO_
zy*=p)7(spSUHO)n-pmS<6Zu<Qehhs`&GVm-Z{+$@g!|KxPCz@&tx4|%gKI;2qRaot
zGha}*KBHY-Z`|_@@CUo({ls(6sHcY;QzYpz{3AZ^Fb^#vbBBsPqoO3FxANc@45Tp+
z>9c|KJ+A-zdEgpQz982kc%~`O4kq7~FaI?~@bl4Gj%yWYI4k$=!_hp?-^}dIiB1e&
z<>A-dzLSgJ(8w<LP(rIC_<y^&5q@yJ|BBKmz6<};k<vV`PaVDuDeucS3uT$9?<8dv
zsQb`=2GN;zKl=2dIv2lojn3u<{=)>X0S(>ZT2ZcTp^_6+wvK!;%9FTztB{^g`BT?0
zw|XDA=YL$!MtMxWcipuwDSz)8AEz7LXXf{tV)+y3$$vi`srWMAZhZCm=v4Y3_eN0Z
z62AOJ<-yN(T<IEmi6gkb9`}98)lIJaQ|v<rZrLN=5&T8<DhBka!xWF_hNbj61tW<4
zpH97Y4e7q*R5XQqLbzU%bO@E4;km5t{*I(S=l&wxlfcc?&+hr*YLL%S?oCblA=kI-
zAG1y4p&C@if7Ied$HUxk4*#J1TPo5&O<dv{$Vd6VpO2J3;(8Ve{>SwzJpY%w?-~uX
zB>f3C#CY5@l8&fPr^pYWybRxR8vjZzyhnWoQCOe5&QW<>(yLLQ`;?s_|B(h?Q?`)w
zUY-jhAB_sbNl$Y3=HcFrls~jby&K%CPh74aqWmQHw;=z5uV0&sl_;1<1y#A>IU}sa
zay%o?e|_VHx`$OkYrdL*##Hh@64&v(F7Ro>w>S4Lr+hv2wC4LYb?6h|K7C4)|AXs4
zP;Y&%C)0aqJr{;?VH};<fdTTT-2+F-7v%e#YXd1y!FL|lTDvVdjcfYEclRrOoqP3Z
zO+zm!?|}Ne;k%fI<M7N6+%t>(HWz>1Rtnp3^XIPOv-Iv657u>~Pr&u3uHsMKJ*t%d
zp~E}PHx<{i@_bo$kFH(foA^H+i_f*|)LWGM(_`>s@o(ugG;*6{ej4tFm1!s|H_x=o
z!T+0!2d}vi732PYKM5!w=`y=%^aS@Dz-5eBpLm$SJ(qzx_gFE%L#ZSm1+l5%DmNV^
ztxs-xyMhXC@EypvCY{-7mxBK{2G{@ozsjxzF3M`{&p9uP47i{u3NEiG3M$}6Dw>Ld
zE24&)si_0JGfd39GrlteLMED}bz6<>lx3!$rQK{LJ>`~)?U_qiYTnGUEGx6`R<}&+
z`=58tFhkwj?|#qk_xPOi>}NmcMFlo50|nd*=l!8`8s%Q_IoRZ4qQd6`z;gIK58h`e
z3-~rj>nuH>JWmD<im(*nG#d)<fUyDc`3N=~<<G!xf%4y>e^9n&I^?xL4f3bJKQ5g#
zAnB3N)qw)qpnjDMF6!%0Hh;}_Ul_Zg6a#t`0Um+yYw27lZbiAhC`jl8y_G0mgo6pv
z;W9Yy2!060fWH<zubeA|NNgB<&jI}wxES$XgWM{P?0pc7lUeS8lOr(x0Q@E3O@{JV
z)Lp2*B6UQNGT7LGeZddGIgx}6_?zUv3EPFx6Oaer?NQzaUI@(jw;9Yh7=DHT`O?rp
z`K$~$NIE!xWL5!3%ODTQ79W>#;q-IJLqMgkDkRntI*UQyhj0-RxD-^XvwSIyM}Xm#
znQe#R94HTuaO{@l>msrrCIbjx4<Xq&8QcxqHb`<kbT2?APFevyp#O!m>1X;u`)5P=
z7Mw4Vt%`w@{=ipYkPccYjZF{ok0s#8A&7uV&|6^t9jFVm4P*iWl5RnH6Zqp0a3o?p
z1HE$4CE)*D2SG0s-b40Zf^Gyp55;oSKQS`|1JDW1h6C$>A0wfA;Up8b0{(^;-G}<q
zD0c*|k%5nZ*9U?2M)Z=<7jOo)_*a>hx-kgU1K1XdM`5VLNWhIyIDtSnLFu4$s6wZW
z?2UVZYL;Y~#8K3j%W@QS{so_rFa)wBnaE*De>VS{TWBps(3@fKU_^_B@qIFwC{I9n
zx=ij))Z0Qg4|El10r+Wfx)5|fl3f9MN+xXsjYr}iLjD|*7$bcQ6;8$ee+uMFnbAp^
zKzk_tXe!|HDS6Mq(JLsofUE|NPNUuuc6KDD%9h^`SrmfZ3%z~7V`$X<kWH2i87PzL
z2OR<P>R@mj%*~)7@WJV;Fqi_~O32noK?a<qpgbLT08Y06*F(1qffVQ;kU<^;@4O83
zPv~p}3iufQ76HFP*?`Rg(7I?ieGP?L&{8l500rbgQ9uoxc1O8F)@MV{3+F3<i{SWX
z>HJ|yh0S>AgrGfIdKS6`V3feu4=Bfi_bTd_L*t(XMmz*QFe{OL2(Cw&3L^yH4r+i_
zgF2vJgG3JjJ0e(bX^;SYw`@R?On9I4_fOEDpf?5b&mp@R^%dg&*AWE`_$eICmd3vz
znN8B^-=rf^{Rw;l+k(V$0<HcIHXoyI2Yo%F7lcX@5*1L0q_0Rn>k#K_;17st-amT7
z@QkPcdP0y2#j9nYAQ!`ey6~M2hfjch2!{fapfBKg$mhe)7WlzG6F1=^3}!&D5AX(X
zo{%x-!hfYqwC?XRD`7DjSOTSNDI6zhJMi6b@-%{skovcv?m?gwU}uzPfZCzgT?RqX
z{P%+$kl<X%havG7z#9ZT0R_PZ)>-~HSht*&!H&YgF_g!G-wEYm(qI92v!t#ddu7Y7
zgY!PnxgG&3r0xXRZAGGA0k1&sM&J$L-3q)Pf!~DvZs2%=@fR=@h7;f*2SF6j9WW?I
z`3&eg(y7op0tb;W4RQfR5jwL_9wd87k@}P2s|<l}02SZ`K8nP9i0=@$gK3CXKw%&p
zJ|vCzO68fLi@^U8x|?CR54s^(3L61_Bs~f8t*GA)`+VSJ)cZoFOC6!N0D1x@!N>dX
zS+@a7hfx>+d`~(a6x6XyLiW$d^4pTy;kbt^zXjR{I`0DW;P_f3x&b&EK9|GakMQ@u
z2woxe1^E`bwb0oFS%X;rsZv-0gAiN`2ONeP6yp)l3nKwPfbWw@egocllt)9a1^D|Q
z{}Dc3MqK~{odu-Q?+c*qft!J~kf*`-T>Ld3%T74*!NFw&dQAor4wgajEcnT2*|!LE
zH|oEFe-r3P@CBSe*^VFt_5E<T6F#OvUjZ)><q(XAd=Yq0ftL$;33R6btHjOZB+v<F
zcc29dB_MlY@GkH}ly%TakWEE$8&MW;2Ixibf65@Uge@RP(%&Gv2l_<_@-yfMklg{@
zbtwM;-g3me3TV#%YB(Ja;cuo3Bm#v)sMo>CYLo?>fMKdE-+`9o!=@|nKAF({&=s&4
z3G6~S1@>>k#sPV2l*h}&gibvI=LPlaEDu9TKoOh@n2CBX8A#Lz!Y~`Wv%oaeyMTTM
z2TR~I8gx5!SAus1cn<YJ(7yy<xd_|=<!fLw3gz9<`v~%pz<VJd3462sGobW3viS)N
zKUk@7bPej=K&yZn%F|&`kMerZpMsfNZZjQVmjgX1dE*h}VFYLgUM_TF;JXmPLtq8}
z3FxMRw*}=&(Z#pJaTgd30lJ}?2&1zo3wRPV56bINcETV8A0p5x$Ogf-0ho*ORiN(y
z1$-s#Yv7B?<gNo%CI45+llvb&Uc)d=1~?1{eV~v5<rdPRa5@<nD-A_mz#g=6BXsUU
zLIZ&U3XpIT_!pqt0p;HzC-8MI>PH~I3Uq!jkvhxIQ2YS60F0x+uVD~^l|d!TY{=h%
z^KnwJ35l)*4wmwTu*s2jW5G+5dN0CGz)MKrBybwAIiUSd2m@r)N47qsP%NE`I>eUc
zFwR9`8WJgmtPov$LfWhV|0yJJG{Q$M%C{kbcV!a0U=x7e4B1O&9MS)cz-|zphVUBD
z)u7p+b_BRd8f&PZkS*LRgS-JcQObq03rNray&84`UPK@Vc;7*1D}07v8~8==cN6T*
z@%Kn!U+MS@&{N<MC<YL;0Lr@~0trWBrOlVnRZvcbe5cgm;0=&T^hdcH<N^4)19UA=
zLHSWoK%HeU6!T%oWb0ZXSOAy>=_MFX1b;SYp&YyA!VEU8fOkSK54P2Cb`9k3p!}fJ
zn*+NM(&qr!zXRQB1RjX;dFW&U?-JjD_e&+=_W*<f9)zQ3;q(C*d@3DYgoF8z_eA{(
z$P+=2K<7>H=EBAaKdrzQa6NcaA-fEnalqrKw}5@Ch*&?MZuWl?f(SSTnhzWSgJLM&
z0tY9-zXaM1^^KsfKz22p33v%~J9tZj)uun6gl;;VzYKYd^eu$Fz&{DzdGNkKeKnG;
zD~1CBb0qx*0X{%^2$Uy+PJyfe26v(EgzOX9!X?u270{F5*&r9N4EQ+owgKaSc?ft9
zlF_ApH0r6)e-g4$(P;mR5I%%TJ%W7!Cllb{cbUv;$oiwc2s8wz;9v^$L$De)b0FUU
zMn5>N0=l5n0KOmma|rxCcp+GedRtlFFZ%yRR2sqT1cOW%QeYM^2gU~wC;`cAL|MQk
z)OP{Lp#C-NvLXAsOtu*O*T5^6y0!4P809-ar$8qK@=1_?58qb!asuaz_rDIobSQ0y
zuoq@^2y(#>!Kc!xA?2ULE))78Scm{_S^pi(GMUsrC2uT(Ccwu_sCR*n=TJ@q*1ZG8
zY%m8RfoM1l!7>Qz!4pt{GLy-453-v6><5{E7hoF&KRrPgg1!OU6_C9O|5t)4mafvr
zjo@#F4xr9*Ian}j_o2K5O1+^l3K=Jg1mM7ja)vbS0v1PkG3YVLi$~Bl(0v+uPs)}@
zp<F8EJ0-8183l(OWCBt{e-GtT7`qU(A|jb&Y5b&Aj)OcFcmtfh1mk_6HPF9G_F6o6
zEzq??V0Q@RVKQh}(DA5yq4yZ<mrDNU;F;@R(1kGiRtiMDZ^S$h^>ifh4dmi`!3fBf
zA>no4zYh9_OyCgY^^nh%^$e6R$Oe5NdAG_KyCC}&$<(DmAsdda14F>$KrhN)fWH;x
z3Iy8^qX2j>gYJ-y8WC8)aqx~Kc>%vd<^fhgmV~+n+dYtR@HWBUG59zLycsB99)9zp
zWfCeCQ0O8vYl*D30$V}hR~WTLS-@=QTtN9Wa3Si6kUawDPXSNE$7S%_z(>ERhNUk@
zEA<cVnp&T`JFkB0?g0(0_ADh08(uk2>hIduX|C0xs%l1hd8S%WlCRqIa<$Oqu(@rn
zu%K}4*k+ZWRx@VMM9t9jGNZ=pS3SC`CbK?i|AP9!{>=Kv_IK(Q_Hd1iBWOmsX14`g
z{>+A>``gj_a|bf&6JO1uR!e=>{_YLht4TC2OZ8Pcy<V-n{@K^NH$3zD<>>mxgI(Lo
zNLsmCZu8r$mUJImHlB2>Uwx=+!zTyp3CXFycqpa*?L)2VcOPoiU_D$E-QYdeGpeEC
zM0s?>_|r36B<g;{<H{;f%Qe4N=GV%t4G*2Wl+f_(4|8G~7XJEP411iCG`5_QW2{yo
z;}(=S9lB=p_Nlh=azpd^)ZXd7-fFo=^QpSWuexpivI@1JxJ1?9xyEWK_V~3tbw-7z
zmbz?uCF~5%)b!d6bdg>4L*%vjeBKJf=F`|q3b{32^*L*`Y%2yuWiz8lX0qyaX^^UA
z6<S%PFfnB+TN6dn+uHo5e$che<?>YX&!Wg(r28z*aN3>d9p4|5b_Vli6*0u!7ebHW
z)E%nF>vwu|H7zSE-Iu182Q=01Q5`N%sm-O9d33we!4Afd5;i546m~+7nWGl6vO8Ux
z*%|z{SVCf0%T{E4JX){ji;T2#{#Yw=nZ}fBVsfzG5=k0=Fp+GH9`5#3ArN|@EMOSu
zHMPuUl$+Dbsrxi^l8||HO|5qND^zftNJkI2OErV%C6h#jIaA2rh>iU#g)HVbrjmas
zyrvu37E|UijGBJvY}KzBZl?}2bQL;CHMB(m&4<xevk*=1?N=R|Uv=u<fZu8<37S=F
z=1@6xwN#9$+f%On8*SdN7kOJ@bSrJgRt+IZd`%y+HGy3mLZbNMA>@$4mkcNED9;>8
za--NcV@M1B_!!bVfqh?0Zsn(^lEv}dH<$E@Y3B&IMdQUJ(iVHoxyaYr$QHr_W#lQs
zM``4?1a@{2nZd6!$T-5c`$!^TNdeM^{p2TOnI}Ldq`1Z6O-s+t?T-<}DBIknPDj8K
z@LAc#0O`d}1jvOrF~}HMtd<K^q%&((P1H=kQxAwaP-V`UGMhOQY<f+#ttK=Rg42Vo
ztHy$`9wP~CV>NN|UW>`EN?UWx%mFINDb9myD^FfRW<?EjX;n6VaD4qnz-LZ*F&%CG
z0G3a1Osi}zXSq6Ua=y8Y*@|W4{d(hI5-VR$X7Nv#lelOewTgUbRlH6wkG_w59m8TD
zBBxl-wd87Ey_OuH{e-chVZ<@nF_dVaO|8^w)anXNhrn+*wJOm(@O-@gI&vUNbvbQ5
zF^QeJQ#97%)Ps50jNnl4^BYJE>Da_C^SC2>m!IB9w$pgcZ^PO!CG3vJNp7oPFNLhw
z?;A)b_Sxg)E`Hk+q>QlZwvYtgZ43D%nrA&jmc>$x!rpD9y`aapk)5rznrhJszsIAx
zJi3Fg-cAM(evFez(R}o7ay?;37AT!qVHHVYpYI{YV5iR~S{6#%;{F3ewR?=vB9$}4
z%4fbp4wLi%mX_{!%F!16C3Jnh3ekaLNX1C9G5g4U?EF4*H+yYAITu^tG~BwwV9z#^
z_K8M7*F|)P*O6s&z!?X7jZ&u>!5IX9WmsmIZFZZ}6`Dx_-5zjZ!*D@_&hug@^fFB~
z0xr#GwS=}IIg6Y2*5I<h&d}7>Kk0^Me3Y2-Z1n5c6$Zb71=8jX;%^t+-J13(vu(@Y
zAQ^n!8)Ok_E%pd>C0ec-hR5IuZ;_7_e)%9duS5qqF-OS?g+FtQOeCzNKWWeNJ|tNR
zyW=EL*_o3hnf>D=d4#R|h+N@2PLXAVeOg13`OP1b9)!PnnmA+GoO5I>KX;C#6F%@O
z605Ko-;jBUrgz_P)!{VfXu!Mq@oxyNGuI2&kA{7#{06L@U`LLdSyUA2$neT>>UNLS
z@*hl!3uhHx6S66_1=m{0qDG7#1_=JKL;5^rl~_P_!;|2~fCNVuli+_Yki5a#V(g@1
zAN3j@hhcMDEdkwDihUpE+G4FNfR!#q=22jF@tYUO^sa`6sDCua!t{AP*yOqOJ5oa0
zhxR?y9l5IJTqKtgA~}5W_as?icmF^hX8nF7`%^UYfQ#HwLVF4S;z!brVr_Bz&m<>?
zHU36cG3|G3ggbvH$H_Ey6QLbhe?q&m>S&tIIuLrAdnvu1a{Nx|QG`DnLovetila}l
zx2&``>lsgHk^!tXo))$lnALx9*1%kKz|g$@xqbT&<cH$v)+n~74PC&B66rkFxeaa2
zl(saNyW7(D3G3R1#&dfT&8O_i4z%<5oKnr<vIVe1YkFq*ZY1ttfxozenHM$O$AU^@
z$FkI9+Ka`fQk9h@)9YJ?J>ho64yVvA>_Rf_Jm^1!6IU=1&b*3Mc?=EnK^%@Q+{k#(
zj`UH=4y4db_FW1cAp#8Kwp3b0`Db0|x>)v5I?YJNq2Vj5a5e7o`7{^iKmoRV-D+Xq
z^`?DT=M37D?@g!KG&LvPCk~hhUDe*W%P^<Ohz#15Z_YsXwkWohRT$2)3O0HwP2wH<
z&~s7j{01eS;TMm_vg90k4Zkyo4vPva9vnoU<{JmoRZ5&X4VNiwp?;P-l%`{4&L2uM
zBe-u5rTzYMb>=Xd0h^p*G$lewa+eRISNNVh`juk!HHG0XjHH@k#aSW)v+lnj>mg(4
ztu%G4Cv?BeDDfMPtb$BzE|oT2_gneS0(xU~GVII_cW9*=?l__3`P4~td_)5uEv7x=
zL;ZrzW$TM+kG@R|wK`zne$u>evn}c6YDk5pPNiL%I*g-dr;~_Qut%oRDZRsuz$L_q
z5gaeFQcIi~PUfZt`gziH>Wkt}&!qih!@b16nn$AuTQQ&3#f75!S<3}9w<#?9#{$}&
zRpO5@YtKTkwk@D)m<6q|;hL#1aUo3$vrISlH)BC-OjyCX0Fyr5MmvUCrj6Z3yM|e&
z=cjEE{UQ>~V3(R1np(q4X}7SU>1#zZ7PNY^7huT0Dy8$I`7IT+A7Lk)bXHxy`A|R?
z;=VIe#|~PnVRGXY;Zqli$Ah^2<KhRNU#$(e#p@xf(20p-b671IMVd6gK;WP+mx^Ps
zL~+;iYvNRe<Iu#>e3_OBPQ6-l`tsBQ%}^Wp;2S7z4fj>jhkAzf<c!fhc&_LeUx(JX
zNiWBBJDW{&(e_mHu?iRcwtwRzxMzEf#$9%->%VA;6HO4UVUyhS!4Xq~XYD-mDKRfi
zwFT@B942_DA*0}n0?nChz9|Cost|mJXa;Mo(-d~mO<n9^onAX|GG-#CcC(F1Q-cvS
z9S=Xv8GM96r2<`|>HM5d4@b8Sb%}b7=FnU^Kj^2k3ENXe-zpaSgNi<O*h)1^LB!O?
zojEiVnj!XP|DVOR0ToX<M|Vpo0DrBT?j{i{;hq|L7iksgR&%l=OK7_>wE;sd)cxTd
zFo451a&3uqXBp%4qqog1;ZKW?O}UZgCxizQ1GV->S{#nf)-S;v?!1I{YtBnyEhp19
ztkV*j)?BbYJ|a^#`6fEG8DsNJbaZor43@f-c4?+mxRkDH#yGK*<~3ueb@cAA8@{8C
zcA_&Q0^{X_sfgC&vx6XcvKMftwBynd+J-Pyo5oq4j5oAq9$qdCvD~Pf?CxbaaV{>W
zt)p1?m6Wl&R?=?lqm}d?Hl<2w$?sW3<D=O(chW@m%$?NAKe>~xk0n`b+5L2VUGVXj
zm8E;K{C>P2%zYK34gX>*%u<UqA7~Y>iDE9xITSH%+>P5EF0AFIhh$ck`GEZITy-eb
z{+%!0WeuGa6;o29`)!LK*h<^u?L(8P&Bv}@OFKrH$KBkubb87(yXc8#JAyZ0M+f@&
zzP0qG_=qi^Pke%Qqmg6816yd3!s@ot1Rk@MZi<SJJU}i#N4w5#+St(tcp8f?m=mbP
zecrr+ImP}VPMyYG5xYi{&0mN#J)7-$o_64OK2OgQp8X<yH=14Afzg?;gC@o{ZN1#K
zkCwJzKfFnwWV^Ow1pB{DYuMipQ)@5G8GKK%Yr0SDq+$p#GelVv56#e8WgovyzYe=Q
z@(!IBzHso|cPXV!Qa0)^Ee_Y#9Hv7Pni_+52s<+w&;D-?(_u|YJnIM@95tdT941VG
z6XC<#N<c5w%CYl^y<XMaUb|M|()8}>{qwECWzX0#+BF;77~X%CHptYHvWkGeR-ITO
z8sasa;zg}n!Id{IpUVDmjHdJpM@3)A87mxPl4`08=SW09@ZKNLyA^)?1dWMpzMGu?
zgr>C?18a6!<8~}DgQcFK4|b3bV|fB;MzvUee*XL!+Jo|TXK823XMaIACq`a|`u$8R
z8Ge1i?#PM8ZvTb8%x7PscN2!Iac4H*GA&|<FH?8dF`DR*h))>!rlwWkaue`79aeVF
z722DZU7>?X;w;T5#d#<;P;qMFjq>Jiv~UEvTb(A(D<P<Micd+AhmSm&((&m*bE0K<
z6&Ym}4h{Fv3WH7koxZiLSQ!+ZQ5d|YX>yOLz?Y+PcrL-`5lzR}C%0x^TdjOqw318X
z%>yNP&anNlO8?mEV8`)aVwJ~8f*8%v4CMH4@XN@^Yq3^>*D5pwXMF%Fm=WUpqWO}+
z;u4vuj>cUsG#!naoS$W0tVM%Zw|M0PHZnnpW0&HU)D|+F&N?S3qu9uFn#w#0N>8i1
zDJ)x`pycr15|q}_@!{p5vDHaR67SbmxlDLblHzUoM`1gblcret+3w0!Bp&lhQ`4q7
zy;>Td-$SX7<E^ul0ffDntxV&cbCk!GOf<A9(NfLn7PD8*(+ZE6&7~Ty_n5$Z(?F$r
zOfP&N#D|!yg7Al!nR=+rJ~cn|F=oe5Wjsl>gk^@>e5&wohbc3aPGJRg3SN;}`Q}v!
zbAjbwt&C&|!<Be>cZl#MIiXp{+Kg1%vt3s!TiDW(%G##I&D2p!Mz}U@lyWjkTprlS
zkFj&<qm`Hz?Bxl{#AfS>x0<MYZ)J@xr6<RK6Piv^!X0AH8nHFVD+Rx9rm~pu&t@s7
zWB8ZXE3XrFXo2!V$~be65ZAm=e^?}oy)#Pb$W9Ga;`s7~%4#|?KVUa^<>1jMd{>H%
zF<*Y_@nMTbXZU<ggJQnG)RK}3<|}M?nbOGGmn-}E08J?*O&@y}+m$Yfwo1PfPmG9<
zJz#$w)%3B)R*FN?z%h<dt~L+k;H6eGu)6S^gz4C(uRYmTi(HGL&y}GKMP@8V{!eP6
zO%YpyWhyJJR6J~)OWDxj&$mLeRiC?*5xj+4sU``Lmpyj7u3U%n%Yo12b{{?;Vp_`0
z%@#mioE>^OJEJR|TB{Cx+z7857Vl9~+lT9#uOFK1f`N|@@hD}{{6)WVd$d*D7R(*q
z;Eq~lPZXb4r#J}zVwsW{#d_YV^x=zcRXPxM?JA`^!+*-wlAm3vL=hf$oAN#3gZ`%E
z5_WQ_lEByBp*#}D>}!-+yvqa1Cc@7%<$Z;H^swUXV$KC)xGFX&G1}<<Io09^1)`hy
z=tq<_v@UIi`1+cbRcJmlv4g0yrWO^I%xJu&xM1S=@bzEKsCHyGZ8|svu$U*}+Y-J{
z{MkkE#KI~0MJ0c<w%c5oU*ZI5G9GBbF6Rq?i`j`2E%=p5%xGM)ab^o9_GGLB^Xi~$
z6>fIqQDx|)Li3Z8==tC$C%0PZ!SgvhPId=oG(4dDaZ2FLnji3)n>kqK!${isSeNxm
z3X5B>EW8REIkd#(-&6^Hmx6vMhOc=LydK1*kI!ANY$GW%@p22EeA*wj7~Xn=GJ>>f
zzVGl+8<ngm_T&@FK~}R_`Mr;MIN>Cb8@=4?Fm9OE;@<B<TZ20&?qkX!@%4&Lc}hv<
zyPi^dMkmXi9(^uuyy8qUj~)K=bINm+z2Bg0WgA{p(%8RVR8EFYA$(a@(%Jg$I2sP`
zREF_Kw<}!;8~2j(KwVMeb}?4CDq&*amVutdUJ!Zqt2*{;wHQYq?s;OIur|<bZgnj9
znq^7xl7HhP;_mR5_Q^p9cmW5`!q6ef=Dn<FtyNva&uPL(*ikT>GX8HvG)wXS-8TF*
zp%$s3n=4&dT0TEJv_na0>e%mgDEWNePNkIaoZZS>v~T48BJZF6Qk#Jv45G92W{*kM
abFWguw(eC9v#45{#P;mNAobp_%>6$j<l6TD

diff --git a/po/de.po b/po/de.po
index 7785043..f3d5c67 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,10 +7,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg-2.1.0\n"
+"Project-Id-Version: gnupg-2.3.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2022-04-25 18:05+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2021-02-26 14:44+0100\n"
 "Last-Translator: Werner Koch <wk@gnupg.org>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
@@ -19,58 +19,58 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "Die Sperre für das Pinentry kann nicht gesetzt werden: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "_Abbrechen"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "_Ja"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "_Nein"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "Im Passwordmanager _speichern"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr ""
-"Möchten Sie das eingegebene Passwort wirklich auf dem Bildschirm sichtbar "
+"Möchten Sie die eingegebene Passphrase wirklich auf dem Bildschirm sichtbar "
 "machen?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
-msgstr "Das Passwort sichtbar machen"
+msgstr "Die Passphrase sichtbar machen"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
-msgstr "Das Passwort unsichtbar machen"
+msgstr "Passphrase unsichtbar machen"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr "Vorschlag"
 
@@ -81,24 +81,13 @@ msgstr "Vorschlag"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
-msgstr "Einen Vorschlag für ein gutes Passwort erzeugen."
-
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "(Leerzeichen sind nicht Bestandteil des Passwortes)"
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "Das Passwort ist nicht erlaubt"
+msgstr "Einen Vorschlag für eine gute Passpharse erzeugen."
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Qualität:"
 
@@ -108,14 +97,14 @@ msgstr "Qualität:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
-"Die Qualität des Passwortes, welches Sie oben eingegeben haben.\n"
+"Die Qualität der Passphrase, die Sie oben eingegeben haben.\n"
 "Bitte fragen sie Ihren Systembeauftragten nach den\n"
 "Kriterien für die Messung der Qualität."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -123,90 +112,84 @@ msgstr ""
 "Bitte geben Sie Ihre PIN ein, so daß der geheime Schlüssel benutzt werden "
 "kann"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
-"Bitte geben Sie Ihr Passwort ein, so daß der geheime Schlüssel benutzt "
+"Bitte geben Sie Ihre Passphrase ein, so daß der geheime Schlüssel benutzt "
 "werden kann."
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
-msgstr "Passwort:"
+msgstr "Passphrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "Keine Übereinstimmung - bitte nochmal versuchen."
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (Versuch %d von %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Nochmal:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "Die PIN ist zu lang"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
-msgstr "Das Passwort ist zu lang!"
+msgstr "Das Mantra (Passphrase) ist zu lang!"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Ungültige Zeichen in der PIN!"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "Die PIN ist zu kurz!"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Falsche PIN!"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
-msgstr "Falsches Passwort!"
+msgstr "Falsche Passphrase!"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr "Hinweis: Anfrage vom Webbrowser."
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr "Hinweis: Anfrage von einem anderen Rechner."
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "Fehler beim Holen der Karten-Seriennummer: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
-msgstr "Bitte geben Sie das Passwort noch einmal ein:"
+msgstr "Bitte geben Sie die Passphrase noch einmal ein:"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
@@ -215,7 +198,7 @@ msgstr ""
 "Bitte geben Sie die Passphrase ein, um das importierte Objekt im %s System "
 "zu schützen."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
@@ -223,55 +206,45 @@ msgstr ""
 "Dieser (Unter-)Schlüssel ist nicht mit einer Passphrase geschützt.\n"
 "Bitte geben Sie eine neue Passphrase für den Export an."
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "SSH Schlüssel von mehr als %d Bits werden nicht unterstützt\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "'%s' kann nicht erzeugt werden: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "'%s' kann nicht geöffnet werden: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "Erkannte Karte hat die Seriennummer: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "Auf der Karte ist kein Authentisierungsschlüssel für SSH: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "keine passender Kartenschlüssel gefunden: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "Fehler beim Holen der Liste der Karten: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -280,368 +253,378 @@ msgstr ""
 "Ein SSH Processs möchte folgenden Schlüssel verwenden:%%0A  %s%%0A  "
 "(%s)%%0AErlauben Sie dies?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Erlauben"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Verweigern"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr ""
-"Bitte geben Sie das Passwort für den SSH-Schlüssel%%0A  %F%%0A  (%c)%%0Aein."
+"Bitte geben Sie die Passphrase für den SSH-Schlüssel%%0A  %F%%0A  "
+"(%c)%%0Aein."
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr ""
-"Bitte geben Sie ein Passwort ein, um den empfangenen geheimen\n"
+"Bitte geben Sie eine Passphrase ein, um den empfangenen geheimen\n"
 "Schlüssel%%0A   %s%%0A  %s%%0Aim Schlüsselspeicher des Gpg-Agenten zu "
 "schützen."
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "Das Erzeugen eines Datenstroms aus dem Socket schlug fehl: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Bitte legen Sie die Karte mit der folgenden Seriennummer ein"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-"Bitte entfernen Sie die vorhanden Karte und legen Sie die mit der folgenden "
-"Seriennummer ein:"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Admin-PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Rückstellcode"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Bitte die Bestätigungstaste des Tokens drücken."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Zur Eingabe die Tastatur des Kartenlesers verwenden."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Rückstellcode bitte wiederholen"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "PUK bitte wiederholen"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "PIN bitte wiederholen"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Rückstellcode wurde nicht richtig wiederholt; noch einmal versuchen"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK wurde nicht richtig wiederholt; noch einmal versuchen"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN wurde nicht richtig wiederholt; noch einmal versuchen"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Bitte geben Sie die PIN%s%s%s ein, um die Karte zu entsperren"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "Fehler beim Schreiben auf eine \"Pipe\": %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "Fehler beim Erstellen einer temporären Datei: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
-msgid "Enter new passphrase"
-msgstr "Neues Passwort eingeben"
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "Fehler beim Schreiben auf eine temporäre Datei: %s\n"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Diese trotzdem benutzen"
+#: agent/genkey.c:154
+msgid "Enter new passphrase"
+msgstr "Neue Passphrase eingeben"
 
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
-"Sie haben kein Passwort eingegeben!%0AEine leeres Passwort ist nicht erlaubt."
+"Sie haben keine Passphrase eingegeben!%0AEine leere Passphrase ist nicht "
+"erlaubt."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
-"Sie möchten kein Passwort - Dies ist nicht unbedingt zu empfehlen!%0A\n"
-"Bitte bestätigen Sie, daß sie auf den lokalen Schutz Ihres privaten\n"
-"Schlüssels verzichten."
+"Sie möchten keine Passphrase - Dies ist *nicht* zu empfehlen!%0ABitte\n"
+"bestätigen Sie, daß sie auf jeden Schutz Ihres privaten Schlüssels\n"
+"verzichten."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Ja, ein Schutz ist nicht notwendig"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
-msgstr[0] "Ein Passwort sollte mindestens %u Zeichen lang sein."
-msgstr[1] "Ein Passwort sollte mindestens %u Zeichen lang sein."
+msgstr[0] "Eine Passphrase sollte mindestens %u Zeichen lang sein."
+msgstr[1] "Eine Passphrase sollte mindestens %u Zeichen lang sein."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 msgstr[0] ""
-"Ein Passwort sollte mindestens %u Sonderzeichen oder eine Ziffer enthalten."
+"Eine Passphrase sollte mindestens %u Sonderzeichen oder%%0Aeine Ziffer "
+"enthalten."
 msgstr[1] ""
-"Ein Passwort sollte mindestens %u Sonderzeichen oder Ziffern enthalten."
+"Eine Passphrase sollte mindestens %u Sonderzeichen oder%%0AZiffern enthalten."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
-"Ein Passwort sollte kein bekanntes Wort sein oder nach bekannten Regeln "
-"aufgebaut sein."
+"Eine Passphrase sollte kein bekanntes Wort sein oder%%0Anach bekannten "
+"Regeln aufgebaut sein."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
-msgstr "WARNUNG: Sie haben ein offensichtlich unsicheres Passwort eingegeben."
+msgstr ""
+"WARNUNG:  Sie haben eine offensichtlich unsichere%0APassphrase eingegeben."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Diese trotzdem benutzen"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
-msgstr "Bitte geben Sie das Passwort ein,%0Aum Ihren Schlüssel zu schützen."
+msgstr "Bitte geben Sie die Passphrase ein,%0Aum Ihren Schlüssel zu schützen."
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
-msgstr "Bitte geben Sie das Passwort ein:"
+msgstr "Bitte geben Sie die Passphrase ein:"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr "Optionen zum Start des Programms"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "Im Daemon Modus ausführen"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "Im Server Modus ausführen"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "Im \"Supervised\" Modus ausführen"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "Im Vordergrund laufen lassen"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "Ausgabe für /bin/sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "Ausgabe für /bin/csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Optionen zur Einstellung der Diagnoseausgaben"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "Detaillierte Informationen"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "Reduzierte Informationen"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Optionen zur Einstellung der Konfiguration"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "Den SCdaemon-basierten Kartenzugriff nicht nutzen"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|Benutze PGM als SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|Benutze PGM als SCdaemon"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|Einige Kommandos über NAME annehmen"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "Ignoriere Anfragen, das TTY zu wechseln"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "Ignoriere Anfragen, das X-Display zu wechseln"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "SSH Unterstützung einschalten"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "Verwende ALGO für SSH Fingerabdrücke"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "PuTTY Unterstützung einschalten"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Optionen zur Einstellung der Sicherheit"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
-msgstr "|N|Lösche unbenutzte Passwörter nach N Sekunden aus dem Cache"
+msgstr "|N|Lasse PINs im Cache nach N Sekunden verfallen"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
-msgstr "|N|Lösche unbenutzte SSH Passwörter nach N Sekunden aus dem Cache"
+msgstr "|N|lasse SSH Schlüssel im Cache nach N Sekunden verfallen"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
-msgstr "|N|Lösche Passwörter nach N Sekunden aus dem Cache"
+msgstr "|N|setze die maximale Lebensdauer von PINs im Cache auf N Sekunden"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
-msgstr "|N|Lösche SSH Passwörter nach N Sekunden aus dem Cache"
+msgstr "|N|setze die maximale Lebenszeit von SSH Schlüsseln auf N Sekunden"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
-msgstr "Benutze den Passwort Cache nicht beim Signieren"
+msgstr "Benutze PINs im Cache nicht beim Signieren"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "Verbiete die Verwendung eines externen Passwordmanagers"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "Verbiete Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
-msgstr "Erlaube ein \"preset\" der Passwörter"
+msgstr "Erlaube ein \"preset\" von Passphrases"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
-msgstr "Optionen für Passwort Regeln"
+msgstr "Optionen für eine Passphrase-Policy"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
-msgstr "Einhaltung der Passwort Regeln erzwingen"
+msgstr "Einhaltung der Passphrase-Policy erzwingen"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
-msgstr "|N|setze die kleinste erlaubte Länge von Passwörtern auf N"
+msgstr "|N|setze die kleinste erlaubte Länge von Passphrasen auf N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
-msgstr "|N|Verlange mindestens N Nicht-Buchstaben für ein neues Passwort"
+msgstr "|N|Verlange mindestens N Nicht-Buchstaben für eine neue Passphrase"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
-msgstr "|DATEI|Prüfe neue Passwörter gegen die Regeln in DATEI"
+msgstr "|DATEI|Prüfe neue Passphrases gegen die Regelen in DATEI"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
-msgstr "|N|Lasse das Passwort nach N Tagen verfallen"
+msgstr "|N|Lasse die Passphrase nach N Tagen verfallen"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
-msgstr "Verbiete die Wiedernutzung alter Passwörter."
+msgstr "Verbiete die Wiedernutzung alter Passphrases."
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr "Optionen für das Pinentry"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr "Niemals das Pinentry benutzen"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "Aufrufer darf das Pinentry nicht ersetzen"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "Tastatur und Maus \"grabben\""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|Benutze PGM as PIN-Entry"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|Setze die Pinentry Zeitüberschreitung auf N Sekunden"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
-msgstr "Erlaube die Eingabe eines Passwortes über Emacs"
+msgstr "Erlaube die Eingabe einer Passphrase über Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "Berichte über Programmfehler bitte in englisch an <@EMAIL@>.\n"
 "Sinn- oder Schreibfehler in den deutschen Texten bitte an <de@li.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Gebrauch: @GPG_AGENT@ [Optionen] [Kommando [Argumente]]"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -649,136 +632,131 @@ msgstr ""
 "Syntax: @GPG_AGENT@ [Optionen] [Befehl [Argumente]]\n"
 "Verwaltung von geheimen Schlüsseln für @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "ungültige Debugebene `%s' angegeben\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "Optionen werden aus '%s' gelesen\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Hinweis: `%s' wird nicht als Option betrachtet\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "Socket kann nicht erzeugt werden: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "Der Name des Sockets `%s' ist zu lang\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr "Versuche den Socket des laufenden %s zu übernehmen\n"
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "Ein gpg-agent läuft bereits - ein weiterer wird nicht gestartet\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "Fehler beim Ermitteln der \"Nonce\" dieses Sockets\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Zugriffsrechte für '%s' können nicht gesetzt werden: %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "Es wird auf Socket `%s' gehört\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "Verzeichnis `%s' erzeugt\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat()-Aufruf für `%s' fehlgeschlagen: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "Die Datei `%s' kann nicht als Home-Verzeichnis benutzt werden\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "Fehler beim Lesen der \"Nonce\" von FD %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "Handhabungsroutine 0x%lx für fd %d gestartet\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "Handhabungsroutine 0x%lx für den fd %d beendet\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "SSH-Handhabungsroutine 0x%lx für fd %d gestartet\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "SSH-Handhabungsroutine 0x%lx für fd %d beendet\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s angehalten\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "Der gpg-agent läuft nicht für diese Session\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -786,20 +764,20 @@ msgstr ""
 "@Optionen:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Aufruf: gpg-preset-passphrase [Optionen] KEYGRIP (-h für Hilfe)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 "Syntax: gpg-preset-passphrase [Optionen] KEYGRIP\n"
-"Pflege des Passwortpuffers\n"
+"Kennwortpuffer-Pflege\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -807,8 +785,8 @@ msgstr ""
 "@Befehle:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -818,11 +796,11 @@ msgstr ""
 "Optionen:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Aufruf: gpg-protect-tool [Optionen] (-h für Hilfe)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -830,81 +808,80 @@ msgstr ""
 "Syntax: gpg-protect-tool [Optionen] [Argumente]\n"
 "Werkzeug zum Bearbeiten von geheimen Schlüsseln\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
-msgstr "Bitte geben Sie das Passwort zum Entsperren des PKCS#12 Objekts ein."
+msgstr "Bitte geben Sie die Passphrase zum Entsperren des PKCS#12 Objekts ein."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr ""
-"Bitte geben Sie das Passwort zum Schützen des neuen PKCS#12 Objekts ein."
+"Bitte geben Sie die Passphrase zum Schützen des neuen PKCS#12 Objekts ein."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
-"Bitte geben Sie das Passwort ein, um das importierte Objekt im GnuPG System "
-"zu schützen."
+"Bitte geben Sie die Passphrase ein, um das importierte Objekt im GnuPG "
+"System zu schützen."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr ""
-"Die Eingabe des Passwortes bzw. der PIN\n"
+"Die Eingabe der Passphrase bzw. der PIN\n"
 "wird benötigt, um diese Aktion auszuführen."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "Vom Benutzer abgebrochen\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
-msgstr "Fehler bei der Abfrage des Passwortes: %s\n"
+msgstr "Fehler bei der Abfrage der Passphrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "Fehler beim Öffnen von `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "Datei `%s', Zeile %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr ""
 "Anweisung \"%s\" in `%s', Zeile %d\n"
 " ignoriert\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr ""
 "Systemliste der vertrauenswürdigen Zertifikate '%s' ist nicht vorhanden\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "fehlerhafter Fingerabdruck in `%s', Zeile %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "Ungültiges Schlüsselflag in `%s', Zeile %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "Fehler beim Lesen von `%s', Zeile %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "Fehler beim Lesen der Liste vertrauenswürdiger Wurzelzertifikate\n"
@@ -917,7 +894,7 @@ msgstr "Fehler beim Lesen der Liste vertrauenswürdiger Wurzelzertifikate\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -927,11 +904,11 @@ msgstr ""
 "\"%%0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja"
 "\"."
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Ja"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Nein"
@@ -944,7 +921,7 @@ msgstr "Nein"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -956,39 +933,39 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Korrekt"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Falsch"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
-"Hinweis: Dieses Passwort wurde noch nie geändert.%0ABitte ändern Sie es "
+"Hinweis: Diese Passphrase wurde noch nie geändert/%0ABitte ändern Sie sie "
 "jetzt."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
-"Dieses Passwort wurde seit dem %.4s-%.2s-%.2s nicht%%0A\n"
+"Diese Passphrase wurde seit dem %.4s-%.2s-%.2s nicht%%0A\n"
 "mehr geändert.  Bitte ändern Sie sie jetzt."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
-msgstr "Das Passwort ändern"
+msgstr "Die Passphrase ändern"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Ich werde sie später ändern"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -997,11 +974,11 @@ msgstr ""
 "Möchten Sie den Schlüssel mit dem \"Keygrip\"%%0A  %s%%0A  %%C%%0Awirklich "
 "entfernen?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Schlüssel löschen"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1010,93 +987,93 @@ msgstr ""
 "Das Löschen dieses Schlüssels kann Ihren Zugriff auf entfernte Rechner\n"
 "behindern."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "Für DSA muß die Hashlänge ein Vielfaches von 8 Bit sein\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s-Schlüssel verwendet ein unsicheres (%u-Bit) Hashverfahren\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 "Ein %zu-Bit Hashverfahren ist für einen %u-Bit %s Schlüssel nicht möglich\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "Prüfung der erstellten Signatur ist fehlgeschlagen: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "Teile des geheimen Schlüssels sind nicht vorhanden\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "Public-Key-Verfahren %d (%s) wird nicht unterstützt\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "Schutzverfahren %d (%s) wird nicht unterstützt\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "Schutzverfahrenshash %d (%s) wird nicht unterstützt\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "Fehler beim Erzeugen einer \"Pipe\": %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "Fehler beim Erzeugen eines \"streams\" zu einer \"pipe\": %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "Fehler beim \"Forken\" des Prozess: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "Das Warten auf die Beendigung des Prozesses %d schlug fehl: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "Fehler bei Ausführung von `%s': wahrscheinlich nicht installiert\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "Fehler bei Ausführung von `%s': Endestatus %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "Fehler bei Ausführung von `%s': beendet\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "Das Warten auf die Beendigung von Prozessen schlug fehl: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "Fehler beim Holen des Exitwerte des Prozesses %d: %s\n"
@@ -1111,33 +1088,33 @@ msgstr "Verbindung zu '%s' kann nicht aufgebaut werden: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "Beim Setzen der gpg-agent Optionen ist ein Problem aufgetreten\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "core-dump-Dateierzeugung kann nicht abgeschaltet werden: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "WARNUNG: Unsichere Besitzrechte für %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "Warte bis auf die Datei '%s' zugegriffen werden kann ...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "umbenennen von `%s' nach `%s' schlug fehl: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ja"
 
@@ -1192,50 +1169,92 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr "Kein Speicher mehr vorhanden, als %lu Byte zugewiesen werden sollten"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "Fehler beim Zuteilen genügenden Speichers: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat keine Wirkung\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "WARNUNG: \"%s%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "Unbekanntes Debug Flag '%s' wird ignoriert\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
-msgstr "Warte bis der %s bereit ist ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "Warte bis der Dirmngr bereit ist ... (%ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, c-format
-msgid "connection to %s established\n"
-msgstr "Verbindung zum %s aufgebaut\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "Warte bis der Keyboxd bereit ist ... (%ds)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:351
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "Kein aktiver gpg-agent - `%s' wird gestartet\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "Warte bis der gpg-agent bereit ist ... (%ds)\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the dirmngr established\n"
+msgstr "Verbindung zum Dirmngr aufgebaut\n"
+
+#: common/asshelp.c:366
+#, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "Verbindung zum Keyboxd aufgebaut\n"
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr "Verbindung zum gpg-agent aufgebaut\n"
+
+#: common/asshelp.c:485
+#, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "Kein aktiver %s - `%s' wird gestartet\n"
+
+#: common/asshelp.c:588
+#, c-format
+msgid "connection to the agent is in restricted mode\n"
 msgstr "Verbindung zum gpg-agent ist im eingeschränkten Modus.\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "Fehler beim Holen der Version von '%s': %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "Der Server '%s' is älter als wir selbst (Version %s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "WARNUNG: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Hinweis: Wichtige Sicherheits-Fixes können in veralteten Servern fehlen.\n"
+
+#: common/asshelp.c:742
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "Kein aktiver Dirmngr - `%s' wird gestartet\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Hinweis: Der Befehl \"%s\" startet diese Server neu.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1305,7 +1324,7 @@ msgid "algorithm: %s"
 msgstr "Verfahren: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "Nicht unterstütztes Verfahren: %s"
@@ -1380,11 +1399,11 @@ msgstr "Zertifikatkette gültig"
 msgid "Root certificate trustworthy"
 msgstr "Wurzelzertifikat vertrauenswürdig"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "Keine CRL für das Zertifikat gefunden"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "Die vorhandene CRL ist zu alt"
 
@@ -1421,7 +1440,7 @@ msgstr "Keine Hilfe für '%s' vorhanden."
 msgid "ignoring garbage line"
 msgstr "Zeile mit nicht identifizierten Zeichen wird ignoriert"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[keine]"
 
@@ -1430,130 +1449,25 @@ msgstr "[keine]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
-"Sorry, --batch wurde angegeben - Lesen von der Eingabe ist nicht möglich\n"
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
-"Sorry, --no-tty wurde angegeben - Lesen von der Eingabe ist nicht möglich\n"
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
-msgstr "Zu viele Fehler; hat keinen Zweck mehr\n"
+msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
-msgstr "Control-D (Strg-D) erkannt\n"
-
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "Argument nicht erwartet"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "Lesefehler"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "Schlüsselwort ist zu lang"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "Fehlendes Argument"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "Ungültiges Argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "Ungültiger Befehl"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "Ungültige Alias-Definition"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "Zugriffsrechte nicht ausreichend"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "Nicht genügend Speicher"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "Ungültige Meta-Anweisung"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "Unbekannte Meta-Anweisung"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "Unerwartete Meta-Anweisung"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "Ungültige Option"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "Fehlendes Argument für Option \"%.50s\"\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "Ungültiges Argument für Option \"%.50s\"\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "Option \"%.50s\" erwartet kein Argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Ungültiger Befehl \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "Option \"%.50s\" ist mehrdeutig\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "Befehl \"%.50s\" ist mehrdeutig\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "Ungültige Option \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Hinweis: Keine voreingestellte Optionendatei '%s' vorhanden\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "Optionendatei '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
 msgstr ""
-"Hinweis: Option \\\"--%s\\\" aufgrund der globalen Konfiguration ignoriert\n"
 
 #: common/utf8conv.c:123
 #, c-format
@@ -1570,131 +1484,132 @@ msgstr "iconv_open fehlgeschlagen: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "Umwandlung von `%s' in `%s' schlug fehl: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "Die temporäre Datei `%s' kann nicht erstellt werden: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "Fehler beim Schreiben von %s: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "eine übriggebliebene Sperrdatei wird entfernt (erzeugt von %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "warte auf die Freigabe der Sperre (gehalten von %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(Deadlock?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "Dateisperre %s konnte nicht eingerichtet werden: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "Warten auf die Freigabe der Dateisperre `%s' ...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "Die Bibliothek %s ist nicht aktuell (benötige %s, habe %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "ASCII-Hülle: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "Ungültige ASCII-Hülle"
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "ASCII-Hülle: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "Ungültige Klartextsignatur-Einleitung\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "Unbekannter Header in der ASCII-Hülle: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "verschachtelte Klartextsignatur\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "Unerwartete ASCII-Hülle: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "Ungültige mit Bindestrich \"escapte\" Zeile: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "Ungültiges \"radix64\" Zeichen %02x übersprungen\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "vorzeitiges Dateiende (keine Prüfsumme)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "vorzeitiges Dateiende (innerhalb der Prüfsumme)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "Falsch aufgebaute Prüfsumme\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Prüfsummenfehler; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "vorzeitiges Dateiende (im Nachsatz)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "Fehler in der Nachsatzzeile\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "Keine gültigen OpenPGP-Daten gefunden.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "ungültige ASCII-Hülle: Zeile ist länger als %d Zeichen\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1702,12 +1617,12 @@ msgstr ""
 "\"quoted printable\" Zeichen in der ASCII-Hülle gefunden - möglicherweise\n"
 " war ein fehlerhafter Email-Transporter(\"MTA\") die Ursache\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ Nicht als Klartext darstellbar (%zu bytes: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1716,283 +1631,273 @@ msgstr ""
 "Ein \"notation\"-Name darf nur Buchstaben, Zahlen, Punkte oder Unterstriche "
 "enthalten und muß mit einem '=' enden\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen nicht verwenden\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen maximal einmal verwenden\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "Ein \"notation\"-Wert darf keine Kontrollzeichen verwenden\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "Ein \"notation\"-Wert darf das '='-Zeichen nicht verwenden\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
 "Ein \"notation\"-Name darf nur Buchstaben, Zahlen, Punkte oder Unterstriche "
 "enthalten\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "WARNUNG: Ungültige \"Notation\"-Daten gefunden\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "Die %s \"inquiry\" konnte nicht an den Client weitergeleitet werden\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
-msgstr "Geben Sie das Passwort ein: "
-
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "Fehler beim Holen der Version von '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "Der Server '%s' is älter als wir selbst (Version %s < %s)"
+msgstr "Geben Sie die Passphrase ein: "
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "WARNING: %s\n"
-msgstr "WARNUNG: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Hinweis: Wichtige Sicherheits-Fixes können in veralteten Servern fehlen.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s is nicht konform mit dem %s Modus\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Hinweis: Der Befehl \"%s\" startet diese Server neu.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "Fehler beim Lesen von %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s is nicht konform mit dem %s Modus\n"
+msgid "problem with the agent: %s\n"
+msgstr "Problem mit dem Agenten: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "Der Dirmngr läuft nicht für diese Session\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
-msgstr "Die Schlüsselserveroption \"%s\" ist im %s-Modus nicht erlaubt.\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
+msgstr ""
+"Die Schlüsselserveroption \"honor-keyserver-url\" ist im Tor-Modus nicht "
+"erlaubt.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD Abfrage wurde aus dem Cache bedient"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Der Tor Dienst läuft nicht"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Der Tor Dienst ist falsch konfiguriert"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS is falsch konfiguriert"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "HTTP Weiterleitung kann nicht akzeptiert werden"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "HTTP Weiterleitung wurde gesäubert"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "Der Server benutzt eine ungültiges Zertifikat"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Hinweis: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP Karte ist nicht vorhanden: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGP Karte Nr. %s erkannt\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "Dies kann im Batchmodus nicht durchgeführt werden.\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Dieser Befehl ist nur für Karten ab Version 2 möglich.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Der Rückstellcode ist nicht vorhanden\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Ihre Auswahl? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[nicht gesetzt]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Hr."
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Fr."
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "nicht zwingend"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "zwingend"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Fehler: Nur reines ASCII ist derzeit erlaubt.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Fehler: Das Zeichen \"<\" kann nicht benutzt werden.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Fehler: Doppelte Leerzeichen sind nicht erlaubt.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Familienname des Kartenbesitzers:"
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Vorname des Kartenbesitzers:"
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 "Fehler: Der zusammengesetzte Name ist zu lang (Grenze beträgt %d Zeichen).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL um den öffentlichen Schlüssel zu holen: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "Fehler beim Lesen von `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "Fehler beim Schreiben von %s: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Logindaten (Kontenname): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Geheime DO-Daten: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Spracheinstellungen"
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Fehler: Ungültige Länge der Einstellungs-Zeichenfolge.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Fehler: Ungültige Zeichen in der Einstellungs-Zeichenfolge\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Anrede (M=Hr., F=Fr. oder Leerzeichen): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Fehler: ungültige Antwort.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA-Fingerabdruck: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Fehler: ungültig geformter Fingerabdruck.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Schlüsseloperation nicht möglich: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "Keine gültige OpenPGP-Karte"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "Fehler beim Holen der aktuellen Schlüsselinfo: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Vorhandenen Schlüssel ersetzen? (j/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Hinweis: Es kann nicht sichergestellt werden, daß die Karte die "
 "angeforderte\n"
@@ -2000,100 +1905,102 @@ msgstr ""
 "         fehlschlagen, so ziehen Sie bitte die Dokumentation Ihrer Karte\n"
 "         zu Rate.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Welche Schlüssellänge wünschen Sie? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "aufgerundet auf %u Bit\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s-Schlüssellängen müssen im Bereich %u-%u sein\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Ändern des Schlüsselattributs für den: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Signatur-Schlüssel\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Verschlüsselungs-Schlüssel\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Authentisierungs-Schlüssel\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Bitte wählen Sie, welche Art von Schlüssel Sie möchten:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Ungültige Auswahl.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 "Die Karte wird nun rekonfiguriert, um einen Schlüssel von %u Bit zu "
 "erzeugen\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Die Karte wird nun rekonfiguriert für einen Schlüssel des Typs: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "Fehler beim Ändern der Attributs des Schlüssels %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "Fehler beim Holen der aktuellen Schlüsselinfo: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Dieser Befehl wird von dieser Karte nicht unterstützt.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 "Sicherung des Verschlüsselungsschlüssel außerhalb der Karte erstellen? (J/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Hinweis: Auf der Karte sind bereits Schlüssel gespeichert!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Vorhandene Schlüssel ersetzen? (j/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2104,187 +2011,198 @@ msgstr ""
 "   PIN = '%s'     Admin-PIN = '%s'\n"
 "Sie sollten sie mittels des Befehls --change-pin ändern\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Bitte wählen Sie die Art des Schlüssel, der erzeugt werden soll:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Signatur-Schlüssel\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Verschlüsselungs-Schlüssel\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Authentisierungs-Schlüssel\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Wählen Sie den Speicherort für den Schlüssel:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "Das KEYTOCARD Kommando schlug fehl: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
-"Hinweis: Dieses Kommando zerstört alle auf der Karte gespeicherten "
+"Hinweis: Dieses Kommando zerstörrt alle auf der Karte gespeicherten "
 "Schlüssel!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Fortsetzen? (j/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Möchten Sie die Karte wirklich komplett löschen? (\"yes\" eingeben) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "Fehler beim Einstellen der KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "Fehler beim Einstellen des UIF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "Menü verlassen"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "Zeige Admin-Befehle"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "Diese Hilfe zeigen"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "Alle vorhandenen Daten auflisten"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "Kartenbesitzernamen ändern"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "Schlüssel-holen-URL ändern"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "Holen des Schlüssels mittels der URL auf der Karte"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "Ändern der Logindaten"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "Ändern der Spracheinstellungen"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "Ändern der Anrede des Kartenbesitzers"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "Ändern des CA-Fingerabdrucks"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "Umschalten des \"Signature-force-PIN\"-Schalters"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "neue Schlüssel erzeugen"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "Menü für Ändern oder Entsperren der PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "überprüfe die PIN und liste alle Daten auf"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "die PIN mit dem Rückstellcode wieder freigeben"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "alle Schlüssel und Daten löschen"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
-msgstr "Einrichten der KDF zur Authentifizierung"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
+msgstr "Einrichten der KDF zur Authentifizierung (on/single/off)"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "Das Schlüsselattribut ändern"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr "Das User Interaction Flag (UIF) ändern"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "nur-Admin Befehl\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Admin-Befehle sind erlaubt\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Admin-Befehle sind nicht erlaubt\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Ungültiger Befehl (versuchen Sie's mal mit \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output funktioniert nicht bei diesem Befehl\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "'%s' kann nicht geöffnet werden\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "Schlüssel \"%s\" nicht gefunden: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "Fehler beim Lesen des Schlüsselblocks: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "Schlüssel \"%s\" nicht gefunden\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(es sei denn, Sie geben den Schlüssel mittels Fingerprint an)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(es sei denn, Sie geben den Schlüssel mittels Fingerprint an)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2328,9 +2246,9 @@ msgstr "Schlüssel"
 msgid "subkey"
 msgstr "Unterschlüssel"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "Änderung fehlgeschlagen: %s\n"
@@ -2358,66 +2276,78 @@ msgstr ""
 "Verwenden Sie zunächst den Befehl \"--delete-secret-key\", um ihn zu "
 "entfernen.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"WARNUNG: Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren "
-"%s (%d) verletzt die Empfängervoreinstellungen\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
-msgstr "Fehler beim Erzeugen des Passwortes: %s\n"
+msgstr "Fehler beim Erzeugen der Passphrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr ""
 "Aufgrund des S2K-Modus kann ein symmetrisches ESK Paket nicht benutzt "
 "werden\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
-msgstr "benutze Cipher %s\n"
+msgid "using cipher %s.%s\n"
+msgstr "benutze Cipher %s.%s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "`%s' ist bereits komprimiert\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "WARNUNG: '%s' ist eine leere Datei.\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr ""
+"Das Verschlüsselungsverfahren %s darf nicht zum Verschlüsseln verwendet "
+"werden.\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr "(benutze Option \"%s\" zum hinwegsetzen)\n"
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "Das Verschlüsselungsverfahren %s darf im %s Modus nicht verwendet werden.\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "Die Benutzung der Hashmethode %s ist im %s Modus nicht erlaubt.\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:727
 #, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgid "reading from '%s'\n"
+msgstr "Lesen von '%s'\n"
+
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
 msgstr ""
-"WARNUNG: Schlüssel %s ist zur Verschlüsselung im %s Modus nicht geeignet.\n"
+"WARNUNG: Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren "
+"%s (%d) verletzt die Empfängervoreinstellungen\n"
 
-#: g10/encrypt.c:679
+#: g10/encrypt.c:838 sm/encrypt.c:766
 #, c-format
-msgid "reading from '%s'\n"
-msgstr "Lesen von '%s'\n"
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr ""
+"WARNUNG: Schlüssel %s ist zur Verschlüsselung im %s Modus nicht geeignet.\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2426,99 +2356,45 @@ msgstr ""
 "WARNUNG: Erzwungenes Kompressionsverfahren %s (%d) verletzt die "
 "Empfängervoreinstellungen.\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s verschlüsselt für: %s\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) "
+"verletzt die Empfängervoreinstellungen\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1159
+#, c-format
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
+msgstr "%s/%s.%s verschlüsselt für: \"%s\"\n"
+
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "Die Benutzung der Option \"%s\" ist im %s-Modus nicht erlaubt.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "%s encrypted data\n"
-msgstr "%s verschlüsselte Daten\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s.%s verschlüsselte Daten\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "Mit unbekanntem Verfahren verschlüsselt %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "WARNUNG: Botschaft wurde mit einem unsicheren Schlüssel verschlüsselt.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "Problem beim Bearbeiten des verschlüsselten Pakets\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "Ausführen von externen Programmen wird nicht unterstützt\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"Ausführen von externen Programmen ist ausgeschaltet, da die Dateirechte "
-"nicht sicher sind\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"Diese Plattform benötigt temporäre Dateien zur Ausführung von externen\n"
-"Programmen\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "Ausführen des Programms `%s' nicht möglich: %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "Ausführen der Shell `%s' nicht möglich: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "Fehler beim Aufruf eines externen Programms: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "ungewöhnliches Ende eines externen Programms\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "Externes Programm konnte nicht aufgerufen werden\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "Die Ausgabe des externen Programms konnte nicht gelesen werden: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr ""
-"WARNUNG: die temporäre Datei (%s) `%s' konnte nicht entfernt werden: %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "WARNUNG: Temporäres Verzeichnis `%s' kann nicht entfernt werden: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "Exportiere auch Signaturen die als nicht exportfähig markiert sind"
@@ -2539,372 +2415,372 @@ msgstr "Unbrauchbare Teile des Schlüssel während des Exports entfernen"
 msgid "remove as much as possible from key during export"
 msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "Das GnuPG Datensicherungsformat für Schlüssel benutzen"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - übersprungen"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "Schreiben nach '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "Schlüssel %s: Schlüsselmaterial ist auf einer Karte - übersprungen\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "Exportieren geheimer Schlüssel ist nicht erlaubt\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "Schlüssel %s: PGP 2.x-artiger Schlüssel - übersprungen\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "WARNUNG: Nichts exportiert\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "Fehler beim Erstellen von `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[User-ID nicht gefunden]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "`%s' automatisch via %s geholt\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "Fehler beim automatischen holen von `%s' über `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Kein Fingerabdruck vorhanden"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 "Prüfe auf eine aktuellere Kopie eines abgelaufenen Schlüssels über %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "Geheimer Schlüssel \"%s\" nicht gefunden: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(Prüfe das Argument der Option '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr ""
 "WARNUNG: \"%s\" wird nicht als voreingestellter geheimer Schlüssel benutzt: "
 "%s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "\"%s\" wird als voreingestellter geheimer Signaturschlüssel benutzt\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "Alle für '%s' angegebenen Werte wurden ignoriert\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Ungültiger Schlüssel %s, gültig gemacht per --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "der Unterschlüssel %s wird anstelle des Hauptschlüssels %s verwendet\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "Gültige Argumente für Option '%s':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "Eine Signatur erzeugen"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "Eine Klartextsignatur erzeugen"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "Eine abgetrennte Signatur erzeugen"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "Daten verschlüsseln"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "Daten symmetrisch verschlüsseln"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "Daten entschlüsseln (Voreinstellung)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "Signatur prüfen"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "Liste der Schlüssel"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "Liste der Schlüssel und ihrer Signaturen"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "Signaturen der Schlüssel auflisten und prüfen"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "Liste der Schlüssel und ihrer \"Fingerabdrücke\""
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "Liste der geheimen Schlüssel"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "Ein neues Schlüsselpaar erzeugen"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "Schnell ein neues Schlüsselpaar erzeugen"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "Schnell eine neue User-ID anfügen"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "Schnell eine User-ID widerrufen"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "Schnell ein neues Ablaufdatum setzen"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "Ein neues Schlüsselpaar erzeugen (alle Optionen)"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "Ein Schlüsselwiderruf-Zertifikat erzeugen"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "Schlüssel aus dem öff. Schlüsselbund entfernen"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "Schlüssel aus dem geh. Schlüsselbund entfernen"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "Schlüssel schnell signieren"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "Schlüssel schnell nur für diesen Rechner signieren"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "Schnell eine Schlüsselsignatur widerrufen"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "Schlüssel signieren"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "Schlüssel nur für diesen Rechner signieren"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "Signieren oder bearbeiten eines Schlüssels"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
-msgstr "Das Passwort ändern"
+msgstr "Die Passphrase ändern"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "Schlüssel exportieren"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "Schlüssel zu einem Schlü.server exportieren"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "Schlüssel von einem Schlü.server importieren"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "Schlüssel auf einem Schlü.server suchen"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "alle Schlüssel per Schlü.server aktualisieren"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "Schlüssel importieren/kombinieren"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "den Karten-Status ausgeben"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "Daten auf einer Karte ändern"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "PIN einer Karte ändern"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "Ändern der \"Trust\"-Datenbank"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "Hashwerte für die Dateien ausgeben"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "Im Server Modus ausführen"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|WERT|Setze die TOFU-Politik für einen Schlüssel"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|NAME als voreingestellten Schlüssel benutzen"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|Auch an NAME verschlüsseln"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|Email Alias festlegen"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "OpenPGP-Verhalten strikt beachten"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "Keine wirklichen Änderungen durchführen"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "vor Überschreiben nachfragen"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr "Optionen für die Eingabe"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr "Optionen für die Ausgabe"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "Ausgabe mit ASCII-Hülle versehen"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|DATEI|Ausgabe auf DATEI schreiben"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "Textmodus benutzen"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|Kompressionsstufe auf N setzen (0=keine)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr "Optionen für den Schlüsselimport und -export"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MECHANISMEN|Benutze MECHANISMEN um Schlüssel über die Mailadresse "
 "aufzufinden."
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "Schlüssel aus der Signatur importieren"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "Schlüssel mit in die Signatur packen"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "Jeglichen Zugriff auf den Dirmngr verhindern"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr "Optionen für das Auflisten der Schlüssel"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
 msgstr "Optionen zur Auswahl der Schlüssel"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|Verschlüsseln für USER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|Mit USER-ID signieren bzw. entschlüsseln"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr "Optionen für die Verwendung in Scripts"
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr "Weitere Optionen"
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2913,7 +2789,7 @@ msgstr ""
 "(Auf der \"man\"-Seite ist eine vollständige Liste aller Befehle und "
 "Optionen)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2933,11 +2809,11 @@ msgstr ""
 " --list-keys [Namen]        Schlüssel anzeigen\n"
 " --fingerprint [Namen]      \"Fingerabdrücke\" anzeigen\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Aufruf: @GPG@ [Optionen] [Dateien] (-h für Hilfe)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2947,7 +2823,7 @@ msgstr ""
 "Signieren, prüfen, verschlüsseln, entschlüsseln.\n"
 "Die voreingestellte Operation ist abhängig von den Eingabedaten\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2955,75 +2831,75 @@ msgstr ""
 "\n"
 "Unterstützte Verfahren:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Öff. Schlüssel: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Verschlü.: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Komprimierung: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "Aufruf: %s [Optionen] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "Widersprüchliche Befehle\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "Kein '='-Zeichen in der Gruppendefinition gefunden `%s'\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "WARNUNG: Unsicheres Besitzverhältnis des Home-Verzeichnis `%s'\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "WARNUNG: Unsicheres Besitzverhältnis der Konfigurationsdatei `%s'\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "WARNUNG: Unsicheres Besitzverhältnis auf die Erweiterung `%s'\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `%s'\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "WARNUNG: Unsichere Zugriffsrechte der Konfigurationsdatei `%s'\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "WARNUNG: Unsichere Zugriffsrechte auf die Erweiterung `%s'\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses für Home-"
 "Verzeichnis `%s'\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3031,20 +2907,20 @@ msgstr ""
 "WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses der "
 "Konfigurationsdatei '%s'\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses `%s'\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses des Home-"
 "Verzeichnisses `%s'\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3052,462 +2928,474 @@ msgstr ""
 "WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses der "
 "Konfigurationsdatei '%s'\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses auf "
 "Erweiterung `%s'\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "Unbekanntes Konfigurationselement `%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "Anzeigen der Foto-ID in den Schlüssellisten"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "Schlüsselverwendungszwecke mit den Schlüsseln anlisten"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "Richtlinien-URL mit den Signaturen anlisten"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "Alle Notationen mit den Signaturen anlisten"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "Standard Notationen mit den Signaturen anlisten"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "Benutzer-Notationen mit den Signaturen anlisten"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "Bevorzugten Schlüsselserver mit den Signaturen anlisten"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "Zeige Gültigkeit der User-ID in den Schlüssellisten"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "Zeige widerrufene und verfallene User-ID in den Schlüssellisten"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "Zeige widerrufene und verfallene Unterschlüssel in den Schlüssellisten"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "Anzeigen des Schlüsselbundes, in dem ein Schlüssel drin ist"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "Das Ablaufdatum mit den Signaturen anlisten"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "Unbekannte TOFU Regel '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(\"help\" um mögliche Werte anzuzeigen)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Dieser Befehl ist im %s-Modus nicht erlaubt.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Hinweis: %s ist nicht für den üblichen Gebrauch gedacht!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "`%s' ist kein gültiges Signaturablaufdatum\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "\"%s\" ist keine gültige E-Mailadresse\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "Ungültiger Subjekt-Name '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "Ungültiges \"Herkunft\"-Argument '%s'\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "`%s' ist kein gültiger Zeichensatz\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: ungültige Schlüsselserver-Option\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "Ungültige Schlüsselserver-Option\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: ungültige Import-Option\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "Ungültige Import-Option\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "Ungültige Filter-Option: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: ungültige Export-Option.\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "Ungültige Export-Option\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: ungültige Listen-Option.\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "Ungültige Listen-Option\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "Foto-ID während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "Richtlinien-URLs während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "Alle Notationen während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "Standard-Notationen während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "Benutzer-Notationen während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 "Die URL für den bevorzugten Schlüsselserver während der Signaturprüfung "
 "anzeigen"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "Die Gültigkeit der User-ID während der Signaturprüfung anzeigen"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "Zeige widerrufene und verfallene User-IDs während der Signaturprüfung"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "Zeige nur die Haupt-User-ID während der Signaturprüfung"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "Prüfe Signaturgültigkeit mittels PKA-Daten"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "Werte das Vertrauen zu Signaturen durch gültige PKA-Daten auf"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: ungültige Überprüfungs-Option.\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "Ungültige Überprüfungs-Option\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "Der Ausführungspfad konnte nicht auf %s gesetzt werden.\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: ungültige \"auto-key-locate\"-Liste\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "ungültige \"auto-key-locate\"-Liste\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "Ungültiges Argument für Option \"%.50s\"\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "WARNUNG: %s ersetzt %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s zusammen mit %s ist nicht erlaubt!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s zusammen mit %s ist nicht sinnvoll!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "Startet nicht mit unsicherem Speicher, wegen Option %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "Das ausgewählte AEAD-Verfahren ist ungültig\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "Das ausgewählte Komprimierungsverfahren ist ungültig\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed müssen größer als 0 sein\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed müssen größer als 1 sein\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth muß im Bereich 1 bis 255 liegen\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "ungültiger \"default-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "ungültiger \"min-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Hinweis: Vom \"simple S2K\"-Modus (0) ist strikt abzuraten\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "ungültiger \"simple S2K\"-Modus; Wert muß 0, 1 oder 3 sein\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "ungültige Standard-Voreinstellungen\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "ungültige private Verschlüsselungsvoreinstellungen\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "ungültige private AEAD-Voreinstellungen\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ungültige private Hashvoreinstellungen\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "ungültige private Komprimierungsvoreinstellungen\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr "Ungültige \"Chunk\"-Größe; %d wird verwendet\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s arbeitet noch nicht mit %s zusammen\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "Das AEAD-Verfahren %s darf im %s Modus nicht verwendet werden.\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "Die Benutzung des Komprimierverfahren %s ist im %s Modus nicht erlaubt.\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "WARNUNG: Empfänger (-r) angegeben ohne Verwendung von Public-Key-Verfahren\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "Symmetrische Entschlüsselung von `%s' fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 "--symmetric --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet werden\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "Im %s Modus kann --symmetric --encrypt nicht verwendet werden.\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "--symmetric --sign --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet "
 "werden\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 "Im %s Modus kann --symmetric --sign --encrypt nicht verwendet werden.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "Senden an Schlüsselserver fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "Empfangen vom Schlüsselserver fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "Schlüsselexport fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "Schlüsselexport im SSH Format fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "Suche auf dem Schlüsselserver fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "Refresh vom Schlüsselserver fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "Entfernen der ASCII-Hülle ist fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "Anbringen der ASCII-Hülle ist fehlgeschlagen: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "Ungültiges Hashverfahren '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "Fehler in der Schlüsselangabe '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 "'%s\" sieht nicht nach einer gültigen Schlüssel-ID, einem Fingerabdruck oder "
 "einem \"Keygrip\" aus\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 "WARNING:  Kein Kommando angegeben.  Versuche zu raten was gemeint ist ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Auf geht's - Botschaft eintippen ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "Die angegebene Zertifikat-Richtlinien-URL ist ungültig\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "Die angegebene Signatur-Richtlinien-URL ist ungültig\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "Die angegebene URL des bevorzugten Schlüsselserver ist ungültig\n"
@@ -3520,7 +3408,7 @@ msgstr "|DATEI|Schlüssel aus der Schlüsselbund DATEI nehmen"
 msgid "make timestamp conflicts only a warning"
 msgstr "differierende Zeitangaben sind kein Fehler"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|Statusinfo auf FD (Dateihandle) ausgeben"
 
@@ -3566,128 +3454,136 @@ msgid "do not update the trustdb after import"
 msgstr "ändern Sie die \"Trust\"-Datenbank nach dem Import nicht"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr "Bulk-Importmodus einschalten"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "Schlüssel beim Import anzeigen"
 
-#: g10/import.c:184
+#: g10/import.c:187
+msgid "show key but do not actually import"
+msgstr "Schlüssel anzeigen aber nicht importieren"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "Nur Änderungen bereits existierender Schlüssel vornehmen"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "entferne nach dem Import unbrauchbare Teile des Schlüssels"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "nach dem Import soviel wie möglich aus dem Schlüssel entfernen"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "Ignoriere Signaturen die keine Eigenbeglaubigungen sind"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "Import-Filter anwenden und Schlüssel direkt exportieren"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "Eingabedaten sind im GnuPG Datensicherungsformat für Schlüssel"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "Schlüssel beim Import reparieren"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "überspringe den Block vom Typ %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu Schlüssel bislang bearbeitet\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Anzahl insgesamt bearbeiteter Schlüssel: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "             ignorierte PGP-2 Schlüssel: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "              ignorierte neue Schlüssel: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "                           ohne User-ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                             importiert: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                            unverändert: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "                          neue User-IDs: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "                    neue Unterschlüssel: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "                        neue Signaturen: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "                neue Schlüsselwiderrufe: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "             gelesene geheime Schlüssel: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "           geheime Schlüssel importiert: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "                unveränderte geh. Schl.: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "                       nicht importiert: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    Signaturen bereinigt: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      User-IDs bereinigt: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3696,170 +3592,175 @@ msgstr ""
 "WARNUNG: Schlüssel %s hat Einstellungen zu nicht verfügbaren\n"
 "Verfahren für folgende User-ID:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": Einstellungen des Verschlüsselungsverfahren %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": Einstellungen des AEAD-Verfahrens %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": Einstellungen der Hashmethode %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": Einstellungen der Komprimierungsverfahren %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "es ist extrem empfehlenswert Ihre Einstellungen zu ändern und\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "diesen Schlüssel wieder zu verteilen, um mögliche Probleme durch unpassende "
 "Verfahrenskombinationen zu vermeiden\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "Sie können Ihren Einstellungen mittels \"gpg --edit-key %s updpref save\" "
 "ändern\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "Schlüssel %s: Keine User-ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "Schlüssel %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "vom Import-Aufpasser zurückgewiesen"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "Schlüssel %s: PKS Unterschlüsseldefekt repariert\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "Schlüssel %s: Nicht eigenbeglaubigte User-ID `%s' übernommen\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "Schlüssel %s: Keine gültigen User-IDs\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "dies könnte durch fehlende Eigenbeglaubigung verursacht worden sein\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "Schlüssel %s: Öffentlicher Schlüssel nicht gefunden: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "Schlüssel %s: neuer Schlüssel - übersprungen\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "kein schreibbarer Schlüsselbund gefunden: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "Fehler beim Schreiben des Schlüsselbundes `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "Schlüssel %s: Öffentlicher Schlüssel \"%s\" importiert\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "Schlüssel %s: Stimmt nicht mit unserer Kopie überein\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "Schlüssel %s: \"%s\" 1 neue User-ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "Schlüssel %s: \"%s\" %d neue User-IDs\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "Schlüssel %s: \"%s\" 1 neue Signatur\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "Schlüssel %s: \"%s\" %d neue Signaturen\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "Schlüssel %s: \"%s\" 1 neuer Unterschlüssel\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "Schlüssel %s: \"%s\" %d neue Unterschlüssel\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "Schlüssel %s: \"%s\" %d User-ID bereinigt\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "Schlüssel %s: \"%s\" %d User-IDs bereinigt\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "Schlüssel %s: \"%s\" nicht geändert\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "Schlüssel %s: geheimer Schlüssel importiert\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "Schlüssel %s: geheimer Schlüssel bereits vorhanden\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "Schlüssel %s: Fehler beim Senden zum gpg-agent: %s\n"
@@ -3872,208 +3773,214 @@ msgstr "Schlüssel %s: Fehler beim Senden zum gpg-agent: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 "Um '%s' zu migrieren sollte für jede Smartcard \"%s\" aufgerufen werden.\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "Geheimer Schlüssel %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "Importieren geheimer Schlüssel ist nicht erlaubt\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr ""
 "Schlüssel %s: geheimer Schlüssel mit ungültiger Verschlüsselung %d - "
 "übersprungen\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Kein Grund angegeben"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Schlüssel ist überholt"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Hinweis: Dieser Schlüssel ist nicht mehr sicher"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Schlüssel wird nicht mehr benutzt"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "User-ID ist nicht mehr gültig"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "Grund für Widerruf: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "Widerruf-Bemerkung: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "Schlüssel %s: Kein öffentlicher Schlüssel - der Schlüsselwiderruf kann nicht "
 "angebracht werden\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "Schlüssel %s: der originale Schlüsselblock wurde nicht gefunden: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "Schlüssel %s: Lesefehler im originalen Schlüsselblock: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - zurückgewiesen\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat importiert\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "Schlüssel %s: Keine User-ID für Signatur\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren für User-ID \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "Schlüssel %s: Ungültige Eigenbeglaubigung für User-ID \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "Schlüssel %s: Ungültige \"direct-key\"-Signatur\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindung\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "Schlüssel %s: Ungültige Unterschlüssel-Anbindung\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "Schlüssel %s: Mehrfache Unterschlüssel-Anbindung entfernt\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "Schlüssel %s: Kein Unterschlüssel für Schlüsselwiderruf\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "Schlüssel %s: Ungültiger Unterschlüsselwiderruf\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "Schlüssel %s: Mehrfacher Unterschlüsselwiderruf entfernt\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "Schlüssel %s: User-ID übersprungen \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "Schlüssel %s: Unterschlüssel übersprungen\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr ""
 "Schlüssel %s: Nicht exportfähige Signatur (Klasse %02x) - übersprungen\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "Schlüssel %s: Widerrufzertifikat an falschem Platz - übersprungen\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - übersprungen\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr ""
 "Schlüssel %s: Unterschlüssel-Widerrufzertifikat an falschem Platz - "
 "übersprungen\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "Schlüssel %s: unerwartete Signaturklasse (0x%02x) - übersprungen\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "Schlüssel %s: Doppelte User-ID entdeckt - zusammengeführt\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "Schlüssel %s: Doppelte Unterschlüssel entdeckt - zusammengeführt\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "WARNUNG: Schlüssel %s ist u.U. widerrufen: hole Widerrufschlüssel %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "WARNUNG: Schlüssel %s ist u.U. widerrufen: Widerrufschlüssel %s ist nicht "
 "vorhanden\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat hinzugefügt\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "Schlüssel %s: \"direct-key\"-Signaturen hinzugefügt\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "Fehler beim Allozieren von Speicher: %s\n"
@@ -4097,40 +4004,40 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (neu geordnete Signaturen folgen)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "Schlüssel %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d doppelte Signatur entfernt\n"
 msgstr[1] "%d doppelte Signaturen entfernt\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d Beglaubigung wegen fehlendem Schlüssel nicht geprüft\n"
 msgstr[1] "%d Beglaubigungen wegen fehlender Schlüssel nicht geprüft\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d falsche Beglaubigung\n"
 msgstr[1] "%d falsche Beglaubigungen\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d Signatur neu eingeordnet\n"
 msgstr[1] "%d Signaturen neu eingeordnet\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4139,37 +4046,32 @@ msgstr ""
 "WARNUNG: Es wurden Fehler gefunden aber nur Eigenbeglaubigungen geprüft; um "
 "alle Beglaubigungen zu prüfen das Kommando '%s' verwenden.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "Die \"Keybox\" `%s' konnte nicht erstellt werden: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "Fehler beim Erzeugen des Schlüsselbundes `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "Die \"Keybox\" `%s' wurde erstellt\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "Schlüsselbund `%s' erstellt\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "Schlüsselblockhilfsmittel`%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "Fehler beim Öffnen der Schlüsseldatenbank: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "Schlüsselbund-Cache konnte nicht neu erzeugt werden: %s\n"
@@ -4182,7 +4084,7 @@ msgstr "[Widerruf]"
 msgid "[self-signature]"
 msgstr "[Eigenbeglaubigung]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4195,12 +4097,12 @@ msgstr ""
 "unterschiedlichen Quellen ...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Ich vertraue ihm marginal\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Ich vertraue ihm vollständig\n"
@@ -4232,12 +4134,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "User-ID \"%s\" ist widerrufen."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Wollen Sie ihn immer noch beglaubigen? (j/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Beglaubigen ist nicht möglich.\n"
 
@@ -4415,194 +4317,198 @@ msgstr "Ich habe diesen Schlüssel sehr sorgfältig überprüft.\n"
 msgid "Really sign? (y/N) "
 msgstr "Wirklich signieren? (j/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "Beglaubigung fehlgeschlagen: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
-"Der Schlüssel enthält nur \"stub\"- oder \"on-card\"-Schlüsselelemente- kein "
-"Passwort ist zu ändern.\n"
+"Der Schlüssel enthält nur \"stub\"- oder \"on-card\"-Schlüsselelemente- "
+"keine Passphrase ist zu ändern.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
-msgstr "Schlüssel %s: Fehler beim Ändern des Passwortes: %s\n"
+msgstr "Schlüssel %s: Fehler beim Ändern der Passphrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "speichern und Menü verlassen"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "Fingerabdruck des Schlüssels anzeigen"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "\"Keygrip\" des Schlüssels anzeigen"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "Schlüssel und User-IDs auflisten"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "User-ID N auswählen"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "Unterschlüssel N auswählen"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "Signaturen prüfen"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "die ausgewählten User-IDs beglaubigen [* für verwandte Befehle s.u.]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "Die ausgewählte User-ID nur für diesen Rechner beglaubigen"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "Die ausgewählte User-ID mit einer \"Trust\"-Signatur beglaubigen"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "die ausgewählten User-IDs unwiderrufbar beglaubigen"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "Eine User-ID hinzufügen"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "Eine Foto-ID hinzufügen"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "ausgewählte User-IDs entfernen"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "einen Unterschlüssel hinzufügen"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "der Smartcard einen Schlüssel hinzufügen"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "einen Schlüssel auf die Smartcard schieben"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "eine Sicherungskopie des Schlüssels auf die Smartcard schieben"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "ausgewählte Unterschlüssel entfernen"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "Einen Widerrufschlüssel hinzufügen"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "Beglaubigungen der ausgewählten User-IDs entfernen"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr ""
 "das Verfallsdatum des Schlüssel oder ausgewählter Unterschlüssels ändern"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "User-ID als Haupt-User-ID kennzeichnen"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "Liste der Voreinstellungen (für Experten)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "Liste der Voreinstellungen (ausführlich)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "ändern der Voreinstellungsliste der ausgewählten User-IDs"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "Setze die URL des bevorzugten Schlüsselservers für die ausgewählten User-IDs"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "Eine Notation für die ausgewählten User-IDs setzen"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
-msgstr "Das Passwort ändern"
+msgstr "Die Passphrase ändern"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "Den \"Ownertrust\" ändern"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "Beglaubigungen der ausgewählten User-IDs widerrufen"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "Ausgewählte User-ID widerrufen"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "Schlüssel oder ausgewählten Unterschlüssel widerrufen"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "Schlüssel anschalten"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "Schlüssel abschalten"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "ausgewählte Foto-IDs anzeigen"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "unbrauchbare User-IDs verkleinern und unbrauchbare Signaturen aus dem "
 "Schlüssel entfernen"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "unbrauchbare User-IDs verkleinern und alle Signaturen aus dem Schlüssel "
 "entfernen"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Geheimer Schlüssel ist vorhanden.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Geheimer Unterschlüssel ist vorhanden.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Hierzu wird der geheime Schlüssel benötigt.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4615,288 +4521,293 @@ msgstr ""
 "Signaturen\n"
 " (\"nrsign\"), oder jede Kombination davon (\"ltsign\", \"tnrsign\", etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Schlüssel wurde widerrufen."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Wirklich alle textbasierten User-IDs beglaubigen? (j/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Wirklich alle User-IDs beglaubigen? (j/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Tip: Wählen Sie die User-IDs, die beglaubigt werden sollen\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Unbekannter Signaturtyp `%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Dieser Befehl ist im %s-Modus nicht erlaubt.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Zumindestens eine User-ID muß ausgewählt werden.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Benutze den '%s' Befehl.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Möchten Sie alle ausgewählten User-IDs wirklich entfernen? (j/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Diese User-ID wirklich entfernen? (j/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Den Hauptschlüssel wirklich verschieben? (j/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Sie müssen genau einen Schlüssel auswählen.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Befehl benötigt einen Dateinamen als Argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "'%s' kann nicht geöffnet werden: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Fehler beim Lesen der Sicherungskopie des Schlüssels von `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Zumindestens ein Schlüssel muß ausgewählt werden.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Möchten Sie die ausgewählten Schlüssel wirklich entfernen? (j/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Möchten Sie diesen Schlüssel wirklich entfernen? (j/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Möchten Sie wirklich alle ausgewählten User-IDs widerrufen? (j/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Diese User-ID wirklich widerrufen? (j/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Möchten Sie diesen Schlüssel wirklich vollständig widerrufen? (j/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr ""
 "Möchten Sie die ausgewählten Unterschlüssel wirklich widerrufen? (j/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Möchten Sie diesen Schlüssel wirklich widerrufen? (j/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "\"Owner trust\" kann nicht gesetzt werden, wenn eine anwendereigene 'Trust'-"
 "Datenbank benutzt wird\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Setze die Liste der Voreinstellungen auf:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Möchten Sie die Voreinstellungen der ausgewählten User-IDs wirklich ändern? "
 "(j/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Die Voreinstellungen wirklich ändern? (j/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Änderungen speichern? (j/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Beenden ohne zu speichern? (j/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Schlüssel ist nicht geändert worden, also ist kein Speichern nötig.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Die letzte User-ID kann nicht widerrufen werden!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "Fehler beim Widerrufen der User-ID: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "Fehler beim Setzen der Haupt-User-ID: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" ist kein Fingerabdruck\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "\"%s\" ist nicht der Fingerabdruck des Hauptschlüssels\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Ungültige User-ID '%s': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Keine passende User-ID"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nichts zu beglaubigen\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Nicht von Ihnen signiert.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "Fehler beim Widerruf der Schlüsselsignatur: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' ist kein gültiges Ablaufdatum\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\" ist kein gültiger Fingerabdruck\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "Unterschlüssel \"%s\" nicht gefunden\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Eigenschaften: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Bevorzugter Schlüsselserver:"
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "\"Notationen\": "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x-artige Schlüssel haben keine Voreinstellungen.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Der folgende Schlüssel wurde am %s von %s Schlüssel %s widerrufen\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Dieser Schlüssel kann von %s-Schlüssel %s widerrufen werden"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(empfindlich)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "erzeugt: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "widerrufen: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "verfallen: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "verfällt: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "Nutzung: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "Kartennummer:"
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "Vertrauen: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "Gültigkeit: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Hinweis: Dieser Schlüssel ist abgeschaltet"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4904,18 +4815,18 @@ msgstr ""
 "Bitte beachten Sie, daß ohne einen Programmneustart die angezeigte\n"
 "Schlüsselgültigkeit nicht notwendigerweise korrekt ist.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "widerrufen"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "verfallen"
 
 # translated by wk
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4924,17 +4835,17 @@ msgstr ""
 "WARNUNG: Keine User-ID ist als primär markiert.  Dieser Befehl kann\n"
 "dazu führen, daß eine andere User-ID als primär angesehen wird.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "WARNUNG: Ihr Unterschlüssel zum Verschlüsseln wird bald verfallen.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Bitte erwägen Sie, dessen Verfallsdatum auch zu ändern.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4944,72 +4855,72 @@ msgstr ""
 "könnte\n"
 "         bei einigen PGP-Versionen zur Zurückweisung des Schlüssels führen.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Wollen Sie ihn immer noch hinzufügen? (j/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Sie können einem PGP2-artigen Schlüssel keine Foto-ID hinzufügen.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Solch eine User-ID ist bereits für den Schlüssel vorhanden!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Diese korrekte Beglaubigung entfernen? (j/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Diese ungültige Beglaubigung entfernen= (j/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Diese unbekannte Beglaubigung entfernen? (j/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Eigenbeglaubigung wirklich entfernen? (j/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d Beglaubigung entfernt.\n"
 msgstr[1] "%d Beglaubigungen entfernt.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nichts entfernt.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "ungültig"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "User-ID \"%s\" bereits verkleinert: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "User-ID \"%s\": %d Signatur entfernt\n"
 msgstr[1] "User-ID \"%s\": %d Signaturen entfernt\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "User-ID \"%s\": bereits minimiert\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "User-ID \"%s\": bereits sauber\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5019,282 +4930,287 @@ msgstr ""
 "         Widerrufers könnte bei einigen PGP-Versionen zur Zurückweisung\n"
 "         des Schlüssels führen.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Sie können einem PGP2-artigen Schlüssel keine vorgesehenen Widerrufer "
 "hinzufügen.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Geben sie die User-ID des designierten Widerrufers ein: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "Ein PGP 2.x-artiger Schlüssel kann nicht als vorgesehener Widerrufer "
 "eingetragen werden\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "Ein Schlüssel kann nicht sein eigener vorgesehener Widerrufer werden\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "Dieser Schlüssel wurde bereits als ein Widerrufer vorgesehen\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "WARNUNG: Einen Schlüssel als vorgesehenen Widerrufer zu deklarieren, kann "
 "nicht rückgangig gemacht werden!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Möchten Sie diesen Schlüssel wirklich als vorgesehenen Widerrufer festlegen? "
 "(j/N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr ""
 "Möchten Sie wirklich die Verfallsdaten aller Unterschlüssel ändern? (j/N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Ändern des Verfallsdatums des Unterschlüssels.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Ändern des Verfallsdatums des Hauptschlüssels.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Sie können das Verfallsdatum eines v3-Schlüssels nicht ändern\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Ändern des Schlüsselverwendungszweckes des Unterschlüssels.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Ändern des Schlüsselverwendungszweckes des Hauptschlüssels.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "Signaturunterschlüssel %s ist bereits rücksigniert\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "Unterschlüssel %s ist des Signieren nicht mächtig und braucht deshalb keine "
 "Rücksignatur\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Bitte genau eine User-ID auswählen.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "Überspringen der v3 Eigenbeglaubigung von User-ID \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Geben Sie die URL Ihres bevorzugten Schlüsselservers ein: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Wollen Sie ihn wirklich ersetzen? (j/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Wollen Sie ihn wirklich löschen? (j/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Geben Sie die \"Notation\" ein: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Fortfahren (j/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Keine User-ID mit Index %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Keine User-ID mit Hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Kein Unterschlüssel mit Schlüssel-ID '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Kein Unterschlüssel mit Index %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "User-ID: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   beglaubigt durch Ihren Schlüssel %s am %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (nicht-exportierbar)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Diese Signatur ist seit %s verfallen.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Wollen Sie ihn immer noch widerrufen? (j/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Ein Widerrufszertifikat für diese Signatur erzeugen (j/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Sie haben folgende User-IDs des Schlüssels %s beglaubigt:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (unwiderrufbar)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "widerrufen durch Ihren Schlüssel %s um %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Es werden nun folgende Beglaubigungen entfernt:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Wirklich ein Signatur-Widerrufszertifikat erzeugen? (j/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "Kein geheimer Schlüssel\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "Versuch eine nicht-User-ID zu widerrufen: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "User-ID \"%s\" ist bereits widerrufen\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "WARNUNG: Eine User-ID-Signatur datiert mit %d Sekunden aus der Zukunft\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Die letzte User-ID kann nicht widerrufen werden!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Schlüssel %s ist bereits widerrufen\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Unterschlüssel %s ist bereits widerrufen\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Anzeigen einer %s Foto-ID (Größe %ld) für Schlüssel %s (User-ID %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "Ungültiges Argument für Option '%s'\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "Voreinstellung `%s' ist doppelt\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "zu viele Verschlüsselungeinstellungen\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "zu viele Hashvoreinstellungen\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "zu viele Komprimierungsvoreinstellungen\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr "zu viele AEAD-Einstellungen\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "Ungültiges Feld `%s' in der Voreinstellungszeichenkette\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "Die \"Direct Key Signature\" wird geschrieben\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "Die Eigenbeglaubigung wird geschrieben\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "Schreiben der \"key-binding\" Signatur\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "Ungültige Schlüssellänge; %u Bit werden verwendet\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "Schlüssellänge auf %u Bit aufgerundet\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5302,19 +5218,19 @@ msgstr ""
 "WARNUNG: Einige OpenPGP-Programme können einen DSA-Schlüssel dieser "
 "Digestlänge nicht verwenden\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Signieren"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Zertif."
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Verschl."
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Authentisierung"
 
@@ -5328,161 +5244,166 @@ msgstr "Authentisierung"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsVvAaQq"
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
-msgstr "Mögliche Vorgänge eines %s-Schlüssels: "
+msgid "Possible actions for this %s key: "
+msgstr "Mögliche Aktionen für diesen %s Schlüssel: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Derzeit erlaubte Vorgänge: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Umschalten der Signaturnutzbarkeit\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Umschalten der Verschlüsselungsnutzbarkeit\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Umschalten der Authentisierungsnutzbarkeit\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Beenden\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
-msgstr "   (%d) RSA und RSA (voreingestellt)\n"
+msgid "   (%d) RSA and RSA%s\n"
+msgstr "   (%d) RSA und RSA%s\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
-msgstr "   (%d) DSA und Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
+msgstr "   (%d) DSA und Elgamal%s\n"
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
-msgstr "   (%d) DSA (nur signieren/beglaubigen)\n"
+msgid "   (%d) DSA (sign only)%s\n"
+msgstr "   (%d) DSA (nur signieren)%s\n"
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
-msgstr "   (%d) RSA (nur signieren/beglaubigen)\n"
+msgid "   (%d) RSA (sign only)%s\n"
+msgstr "   (%d) RSA (nur signieren)%s\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
-msgstr "   (%d) Elgamal (nur verschlüsseln)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
+msgstr "   (%d) Elgamal (nur verschlüsseln)%s\n"
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
-msgstr "   (%d) RSA (nur verschlüsseln)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
+msgstr "   (%d) RSA (nur verschlüsseln)%s\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
-msgstr "   (%d) DSA (Nutzung selber einstellbar)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
+msgstr "   (%d) DSA (Nutzung selber einstellbar)%s\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
-msgstr "   (%d) RSA (Nutzung selber einstellbar)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
+msgstr "   (%d) RSA (Nutzung selber einstellbar)%s\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "  (%d) ECC und ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ECC (signieren, verschlüsseln)%s\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr " *standard*"
+
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (nur signieren)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "  (%d) ECC (Nutzung selber einstellbar)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
+msgstr "  (%d) ECC (Nutzung selber einstellbar)%s\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
-msgstr "  (%d) ECC (nur verschlüsseln)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
+msgstr "  (%d) ECC (nur verschlüsseln)%s\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
-msgstr "   (%d) Vorhandener Schlüssel\n"
+msgid "  (%d) Existing key%s\n"
+msgstr "   (%d) Vorhandener Schlüssel%s\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
-msgstr "   (%d) Vorhandener Schlüssel auf der Karte\n"
+msgid "  (%d) Existing key from card%s\n"
+msgstr "   (%d) Vorhandener Schlüssel auf der Karte%s\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Geben Sie den \"Keygrip\" ein: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Kein gültiger \"Keygrip\" (40 Hex-Ziffern werden erwartet)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Kein Schlüssel mit diesem \"Keygrip\"\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "Fehler beim Lesen von der Karte: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Karten-Seriennummer: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Vorhandene Schlüssel:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "gerundet auf %u Bit\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s-Schlüssel können zwischen %u und %u Bit lang sein.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Welche Schlüssellänge wünschen Sie für den Unterschlüssel? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Die verlangte Schlüssellänge beträgt %u Bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Bitte wählen Sie, welche elliptische Kurve Sie möchten:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5498,7 +5419,7 @@ msgstr ""
 "      <n>m = Schlüssel verfällt nach n Monaten\n"
 "      <n>y = Schlüssel verfällt nach n Jahren\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5514,38 +5435,38 @@ msgstr ""
 "      <n>m = Schlüssel verfällt nach n Monaten\n"
 "      <n>y = Schlüssel verfällt nach n Jahren\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Wie lange bleibt der Schlüssel gültig? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Wie lange bleibt die Beglaubigung gültig? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "Ungültiger Wert.\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Schlüssel verfällt nie\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Signature verfällt nie\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Key verfällt am %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signatur verfällt am %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5553,11 +5474,11 @@ msgstr ""
 "Ihr Rechner kann Daten jenseits des Jahres 2038 nicht anzeigen.\n"
 "Trotzdem werden Daten bis 2106 korrekt verarbeitet.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Ist dies richtig? (j/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5571,7 +5492,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5587,49 +5508,49 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Ihr Name (\"Vorname Nachname\"): "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Ungültiges Zeichen im Namen\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Die Zeichen '%s' und '%s' dürfen in einem Namen nicht vorkommen\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Der Name darf nicht mit einer Ziffer beginnen.\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Der Name muß min. 5 Zeichen lang sein.\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Email-Adresse: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Diese Email-Adresse ist ungültig\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Kommentar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Ungültiges Zeichen im Kommentar.\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Sie benutzen den Zeichensatz `%s'\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5640,7 +5561,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Bitte keine Emailadressen als Namen oder Kommentar verwenden\n"
 
@@ -5655,31 +5576,31 @@ msgstr "Bitte keine Emailadressen als Namen oder Kommentar verwenden\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKkEeFfAa"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (A)bbrechen? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (F)ertig/(A)bbrechen? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Ändern: (N)ame, (E)-Mail oder (A)bbrechen? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Ändern: (N)ame, (E)-Mail oder (F)ertig/(A)bbrechen? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Bitte beseitigen Sie zuerst den Fehler\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5690,13 +5611,13 @@ msgstr ""
 "unterstützen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas\n"
 "tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Schlüsselerzeugung fehlgeschlagen: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5707,64 +5628,64 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Fortsetzen? (J/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Ein Schlüssel für \"%s\" existiert bereits\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Trotzdem erzeugen? (j/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "wird trotzdem erzeugt\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "Hinweis: \"%s %s\" ruft den erweiterten Dialog auf.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Schlüsselerzeugung abgebrochen.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "Sicherungsdatei '%s' kann nicht erzeugt werden: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Hinweis: Sicherung des Kartenschlüssels wurde auf `%s' gespeichert\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "schreiben des öffentlichen Schlüssels nach '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "kein schreibbarer öffentlicher Schlüsselbund gefunden: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "Fehler beim Schreiben des öff. Schlüsselbundes `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "Öffentlichen und geheimen Schlüssel erzeugt und signiert.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5773,7 +5694,7 @@ msgstr ""
 "werden kann.  Sie können aber mit dem Befehl \"--edit-key\" einen\n"
 "Unterschlüssel für diesem Zweck erzeugen.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5781,7 +5702,7 @@ msgstr ""
 "Der Schlüssel wurde %lu Sekunde in der Zukunft erzeugt (Zeitreise oder Uhren "
 "stimmen nicht überein)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5789,309 +5710,313 @@ msgstr ""
 "Der Schlüssel wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
 "Uhren stimmen nicht überein)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "Hinweis: Unterschlüssel für v3-Schlüssel sind nicht OpenPGP-konform\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Geheime Teile des Hauptschlüssels sind nicht vorhanden.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Geheime Teile des Hauptschlüssels sind auf der Karte gespeichert.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Wirklich erzeugen? (j/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "niemals   "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Entscheidende Beglaubigungsrichtlinie: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Beglaubigungsrichtlinie: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Entscheidender bevorzugter Schlüsselserver"
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Entscheidender Beglaubigungs-\"Notation\": "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Beglaubigungs-\"Notation\": "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d korrekte Signatur\n"
 msgstr[1] "%d korrekte Signaturen\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "%d Beglaubigung aufgrund eines Fehlers nicht geprüft\n"
 msgstr[1] "%d Beglaubigungen aufgrund von Fehlern nicht geprüft\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "WARNUNG: %lu Schlüssel übersprungen, da er zu groß ist\n"
 msgstr[1] "WARNUNG: %lu Schlüssel übersprungen, da sie zu groß sind\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Schlüsselbund"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Haupt-Fingerabdruck  ="
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "Unter-Fingerabdruck  ="
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Haupt-Fingerabdruck  ="
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr " Unter-Fingerabdruck  ="
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "  Schl.-Fingerabdruck ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Kartenseriennr. ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "Puffern des Schlüsselbundes `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu Schlüssel bislang gepuffert (%lu Beglaubigung)\n"
 msgstr[1] "%lu Schlüssel bislang gepuffert (%lu Beglaubigungen)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu Schlüssel gepuffert"
 msgstr[1] "%lu Schlüssel gepuffert"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu Beglaubigung)\n"
 msgstr[1] " (%lu Beglaubigungen)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: Schlüsselbund erstellt\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "In Dirmngr gesetzte Proxy Optionen ersetzen"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "Widerrufene Schlüssel in den Suchergebnissen aufführen"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "Unterschlüssel in der Suche über Schlüssel-IDs aufführen"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "In Dirmngr gesetzte Zeitüberschreitungsoptionen ersetzen"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "Schlüssel für die Signaturprüfung automatisch holen"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr ""
 "Die im Schlüssel enthaltene bevorzugte URL für Schlüsselserver beachten"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "Die im Schlüssel enthaltenen PKA-Daten beim Schlüsselholen beachten"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "abgeschaltet"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Eingabe von Nummern, Nächste (N) oder Abbrechen (Q) > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "Ungültiges Schlüsselserverprotokoll (wir %d!=Handhabungsroutine %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" ist keine Schlüssel-ID: überspringe\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "%d Schlüssel wird per %s aktualisiert\n"
 msgstr[1] "%d Schlüssel werden per %s aktualisiert\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "WARNUNG: Schlüssel %s kann per %s nicht aktualisiert werden: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "Schlüssel \"%s\" wurde auf dem Schlüsselserver nicht gefunden\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "Schlüssel wurde auf dem Schlüsselserver nicht gefunden\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "fordere Schlüssel %s von %s-Server %s an\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "fordere Schlüssel %s von %s an\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "Kein Schlüsselserver bekannt\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "übersprungen \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "sende Schlüssel %s auf %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "fordere Schlüssel von %s an\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "WARNUNG: die URI %s kann nicht geholt werden: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "Seltsame Länge für einen verschlüsselten Sitzungsschlüssel (%d)\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
 #, c-format
-msgid "%s encrypted session key\n"
-msgstr "%s verschlüsselter Sitzungsschlüssel\n"
+msgid "%s.%s encrypted session key\n"
+msgstr "%s.%s verschlüsselter Sitzungsschlüssel\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, c-format
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "Mit unbekanntem Verfahren verschlüsselt %d.%s\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
-msgstr "Das Passwort wurde mit unbekanntem Hashverfahren %d erstellt\n"
+msgstr "Passphrase wurde mit unbekanntem Hashverfahren %d erstellt\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "Öffentlicher Schlüssel ist %s\n"
 
-#: g10/mainproc.c:599
+#: g10/mainproc.c:524
 #, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "Mit öffentlichem Schlüssel verschlüsselte Daten: Korrekte DEK\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
+msgstr "verschlüsselt mit %s Schlüssel, ID %s, erzeugt %s\n"
 
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "verschlüsselt mit %u-Bit %s Schlüssel, ID %s, erzeugt %s\n"
-
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
-# [kw]
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "verschlüsselt mit %s Schlüssel, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "WARNUNG: Mehr als ein Klartext erkannt\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
-msgstr "Verschlüsselt mit %lu Passwörtern\n"
+msgstr "Verschlüsselt mit %lu Passphrases\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
-msgstr "Verschlüsselt mit einem Passwort\n"
+msgstr "Verschlüsselt mit einer Passphrase\n"
+
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: %s\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "Mit öffentlichem Schlüssel verschlüsselte Daten: Korrekte DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "vermutlich %s-verschlüsselte Daten\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA-Verschlüsselung nicht verfügbar; versucht wird stattdessen %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr ""
 "WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -6101,280 +6026,280 @@ msgstr ""
 "vermutlich eine legitime Botschaft sein.  Die kann vermutet werden, da\n"
 "vor diesem Zeitpunkt ein Integritätsschutz nur selten verwendet wurde.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Mit der Option '%s' kann trotzdem entschlüsselt werden.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "Entschlüsselungs-Fehler erzwungen!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "Entschlüsselung erfolgreich\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "WARNUNG: Verschlüsselte Botschaft ist manipuliert worden!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "Entschlüsselung fehlgeschlagen: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr ""
 "Hinweis: Der Absender verlangte Vertraulichkeit(\"for-your-eyes-only\")\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "Ursprünglicher Dateiname='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "Einzelner Widerruf - verwenden Sie \"gpg --import\", um ihn anzuwenden\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "Keine Signatur gefunden\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "FALSCHE Signatur von \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Verfallene Signatur von \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Korrekte Signatur von \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "Signaturüberprüfung unterdrückt\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "diese mehrdeutige Signaturdaten können nicht bearbeitet werden\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signatur vom %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               mittels %s-Schlüssel %s\n"
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
-msgstr "Signatur vom %s mittels %s-Schlüssel ID %s\n"
+msgstr "Signatur vom %s mittels %s Schlüssel ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               Aussteller \"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Schlüssel erhältlich bei: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Hinweis: Benutze '%s' um diese Information zu verwenden\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[ungewiß]  "
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                    alias \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "WARNUNG: Dieser Schlüssel ist zum Signieren im %s Modus nicht geeignet.\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Diese Signatur ist seit %s verfallen.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Diese Signatur verfällt am %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s Signatur, Hashmethode %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "Binäre"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "Textmodus"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "unbekannt"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", Schlüsselverfahren "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 "WARNUNG: Keine abgetrennte Signatur; die Datei '%s' wurde NICHT überprüft!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Signatur kann nicht geprüft werden: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "keine abgetrennte Signatur\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "WARNUNG: Mehrfache Signaturen erkannt.  Es wird nur die erste geprüft.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "Einzelne Signatur der Klasse 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "Signatur nach alter (PGP 2.x) Art\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat von `%s' schlug fehl in %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) schlug fehl in %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "WARNUNG: Verwendung des experimentellen Public-Key-Verfahrens %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "WARNUNG: Die Verwendung von Elgamal sign+encrypt Schlüsseln ist nicht "
 "ratsam\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "WARNING: Verwendung des experimentellen Verschlüsselungsverfahren %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "WARNUNG: Verwendung des experimentellen Hashverfahrens %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "WARNUNG: Die Verwendung des Hashverfahrens %s ist nicht ratsam\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Hinweis: %s basierte Signaturen werden zurückgewiesen.\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr ""
 "Hinweis: Beglaubigungen von Dritten basierend auf dem %s Algorithmus werden "
 "zurückgewiesen.\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(gemeldeter Fehler: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(gemeldeter Fehler: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(weitere Infos: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: mißbilligte Option \"%s\".\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "WARNUNG: \"%s\" ist eine mißbilligte Option.\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "Bitte benutzen Sie stattdessen \"%s%s\".\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr ""
 "WARNUNG: \"%s\" ist ein nicht ratsamer Befehl - verwenden Sie ihn nicht.\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s:%u: Die Option \"%s\" is veraltet - sie hat eine Wirkung nur in %s.\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6382,43 +6307,38 @@ msgstr ""
 "WARNUNG: \"%s%s\" ist eine veraltete Option - sie hat eine Wirkung nur\n"
 "in %s.\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "nicht komprimiert"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "unkomprimiert|kein|keine"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr "Operation abgebrochen wegen nicht erfüllter Compliance.\n"
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "Diese Botschaft könnte für %s unbrauchbar sein\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "Mehrdeutige Option '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "Unbekannte Option '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "Der öffentliche ECDSA Schlüssel muß ein Vielfaches von 8 Bit als Länge "
 "haben\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "Unbekanntes schwache Hashverfahren '%s'\n"
@@ -6441,95 +6361,89 @@ msgstr "%s: unbekannte Dateinamenerweiterung\n"
 msgid "Enter new filename"
 msgstr "Neuen Dateinamen eingeben"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "Schreiben auf die Standardausgabe\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "die unterzeichneten Daten sind wohl in '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "dieses Public-Key Verfahren %d kann nicht benutzt werden\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "WARNUNG: Möglicherweise unsicherer symmetrisch verschlüsselter "
 "Sitzungsschlüssel\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Unbekannte Entscheidende Beglaubigungs-\"Notation\": "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "Im Unterpaket des Typs %d ist das \"critical bit\" gesetzt\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "Problem mit dem Agenten: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "Bitte geben Sie zur Entschlüsselung das Passwort ein"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
-msgstr "Geben Sie das Passwort ein\n"
+msgstr "Geben Sie die Passphrase ein\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "Abbruch durch Benutzer\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (Hauptschlüssel-ID %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr ""
-"Sie benötigen ein Passwort, um den geheimen OpenPGP Schlüssel zu entsperren:"
+"Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu "
+"entsperren:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr ""
-"Sie benötigen ein Passwort, um den geheimen OpenPGP Schlüssel zu importieren:"
+"Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu "
+"importieren:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
-"Sie benötigen ein Passwort, um den geheimen OpenPGP Unterschlüssel zu "
+"Sie benötigen eine Passphrase, um den geheimen OpenPGP Unterschlüssel zu "
 "exportieren:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr ""
-"Sie benötigen ein Passwort, um den geheimen OpenPGP Schlüssel zu exportieren:"
+"Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu "
+"exportieren:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Möchten Sie den ausgewählten geheimen OpenPGP Unterschlüssel wirklich "
 "dauerhaft entfernen? (j/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr ""
 "Möchten Sie den ausgewählten geheimen OpenPGP Schlüssel wirklich dauerhaft "
 "entfernen? (j/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6545,7 +6459,7 @@ msgstr ""
 "%s"
 
 # translated by wk
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6560,34 +6474,80 @@ msgstr ""
 "wir Ihr Schlüssel leider auch sehr groß werden.  Ein Bild der Größe\n"
 "240x288 Pixel ist eine gute Wahl.\n"
 
-#: g10/photoid.c:99
-msgid "Enter JPEG filename for photo ID: "
-msgstr "Dateiname mit JPEG für die Foto-ID eingeben: "
+#: g10/photoid.c:100
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Dateiname mit JPEG für die Foto-ID eingeben: "
+
+#: g10/photoid.c:121
+#, c-format
+msgid "unable to open JPEG file '%s': %s\n"
+msgstr "JPEG-Datei `%s' kann nicht geöffnet werden: %s\n"
+
+#: g10/photoid.c:132
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Diese JPEG-Datei ist echt groß (%d Byte)!\n"
+
+#: g10/photoid.c:134
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Wollen Sie es wirklich benutzen? (j/N) "
+
+#: g10/photoid.c:150
+#, c-format
+msgid "'%s' is not a JPEG file\n"
+msgstr "`%s' ist keine JPEG-Datei\n"
+
+#: g10/photoid.c:169
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Ist dieses Bild richtig? (j/N) "
+
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "Ausführen von externen Programmen wird nicht unterstützt\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"Diese Plattform benötigt temporäre Dateien zur Ausführung von externen\n"
+"Programmen\n"
 
-#: g10/photoid.c:120
+#: g10/photoid.c:506
 #, c-format
-msgid "unable to open JPEG file '%s': %s\n"
-msgstr "JPEG-Datei `%s' kann nicht geöffnet werden: %s\n"
+msgid "unable to execute shell '%s': %s\n"
+msgstr "Ausführen der Shell `%s' nicht möglich: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:517 g10/photoid.c:594
 #, c-format
-msgid "This JPEG is really large (%d bytes) !\n"
-msgstr "Diese JPEG-Datei ist echt groß (%d Byte)!\n"
+msgid "unnatural exit of external program\n"
+msgstr "ungewöhnliches Ende eines externen Programms\n"
 
-#: g10/photoid.c:133
-msgid "Are you sure you want to use it? (y/N) "
-msgstr "Wollen Sie es wirklich benutzen? (j/N) "
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "Fehler beim Aufruf eines externen Programms: %s\n"
 
-#: g10/photoid.c:149
+#: g10/photoid.c:600
 #, c-format
-msgid "'%s' is not a JPEG file\n"
-msgstr "`%s' ist keine JPEG-Datei\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr ""
+"WARNUNG: die temporäre Datei (%s) `%s' konnte nicht entfernt werden: %s\n"
 
-#: g10/photoid.c:168
-msgid "Is this photo correct (y/N/q)? "
-msgstr "Ist dieses Bild richtig? (j/N) "
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "WARNUNG: Temporäres Verzeichnis `%s' kann nicht entfernt werden: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"Ausführen von externen Programmen ist ausgeschaltet, da die Dateirechte "
+"nicht sicher sind\n"
 
-#: g10/photoid.c:399
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "Die Foto-ID kann nicht angezeigt werden!\n"
@@ -6602,106 +6562,106 @@ msgstr "Die Foto-ID kann nicht angezeigt werden!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Es ist kein \"trust value\" zugewiesen für:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Wie sicher sind Sie, daß dieser Schlüssel wirklich dem angegebenen Besitzer "
 "gehört?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Weiß nicht so recht\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = Nein, ihm traue ich NICHT\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Ich vertraue ihm absolut\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr " m = Zurück zum Menü\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr " s = diesen Schlüssel überspringen\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr " q = verlassen\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr "Die minimale Trust-Ebene für diesen Schlüssel beträgt: %s\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Ihre Auswahl? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Wollen Sie diesem Schlüssel wirklich ultimativ vertrauen? (j/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Zertifikate führen zu einem letztlich vertrauenswürdigen Schlüssel:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Es gibt keine Garantie, daß dieser Schlüssel wirklich dem angegebenen "
 "Besitzer gehört.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Es gibt nur eine beschränkte Garantie, daß dieser Schlüssel wirklich dem "
 "angegebenen Besitzer gehört.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Dieser Schlüssel gehört wahrscheinlich dem angegebenen Besitzer\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr ""
 "Dieser Schlüssel gehört uns (da wir nämlich den geheimen Schlüssel dazu "
 "haben)\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 "%s: Der Schlüssel ist gefälscht!  Er wurde als nicht vertrauenswürdig "
 "markiert.\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6711,7 +6671,7 @@ msgstr ""
 "markiert.  Wenn Sie *wirklich* wissen, was Sie tun, können Sie die\n"
 "nächste Frage mit ja beantworten.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6721,79 +6681,85 @@ msgstr ""
 "Genannten gehört. Wenn Sie *wirklich* wissen, was Sie tun,\n"
 "können Sie die nächste Frage mit ja beantworten\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Diesen Schlüssel trotzdem benutzen? (j/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "WARNUNG: Ein Schlüssel ohne gesichertes Vertrauen wird benutzt!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "WARNUNG: Dieser Schlüssel ist u.U. widerrufen: Widerrufschlüssel ist nicht "
 "vorhanden\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "Prüfe User-ID: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "Option '%s' angegeben aber Herausgeber \"%s\" paßt nicht\n"
+
+#: g10/pkclist.c:684
+#, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "Herausgeber \"%s\" paßt zu keiner User-ID\n"
+
+#: g10/pkclist.c:687
+#, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "Option '%s' angegeben aber keine passende User-ID gefunden\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 "WARNUNG: Dieser Schlüssel wurde vom vorgesehen Widerrufer widerrufen!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "WARNUNG: Dieser Schlüssel wurde von seinem Besitzer widerrufen!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Das könnte bedeuten, daß die Signatur gefälscht ist.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "WARNUNG: Dieser Unterschlüssel wurde von seinem Besitzer widerrufen!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Hinweis: Dieser Schlüssel wurde abgeschaltet.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Hinweis: Überprüfte Adresse des Unterzeichners ist `%s'\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Hinweis: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "\"Trust\"-Ebene auf VOLLSTÄNDIG geändert (wg. gültiger PKA-Info)\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "\"Trust\"-Ebene auf NIEMALS geändert (wg. falscher PKA-Info)\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Hinweis: Dieser Schlüssel ist verfallen!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"WARNUNG: Die User-ID des Schlüssels trägt keine vertrauenswürdige Signatur!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
@@ -6801,17 +6767,26 @@ msgstr ""
 "         Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen "
 "Besitzer gehört.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "WARNUNG: Wir haben KEIN Vertrauen zu diesem Schlüssel!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Die Signatur ist wahrscheinlich eine FÄLSCHUNG.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"WARNUNG: Die User-ID des Schlüssels ist nicht durch hinreichend "
+"vertrauenswürdige Signaturen zertifiziert!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -6819,53 +6794,53 @@ msgstr ""
 "WARNUNG: Dieser Schlüssel ist nicht durch hinreichend vertrauenswürdige "
 "Signaturen zertifiziert!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr ""
 "         Es ist nicht sicher, daß die Signatur wirklich dem vorgeblichen "
 "Besitzer gehört.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: übersprungen: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: übersprungen: öffentlicher Schlüssel ist abgeschaltet\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: übersprungen: öffentlicher Schlüssel bereits vorhanden\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "Verschlüsseln an '%s' ist nicht möglich\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "Option '%s' ohne gültige Standardschlüssel angegeben\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "Option '%s' ohne Verwendung der Option '%s' angegeben\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr ""
 "Sie haben keine User-ID angegeben (Sie können die Option \"-r\" verwenden).\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Derzeitige Empfänger:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6873,41 +6848,41 @@ msgstr ""
 "\n"
 "Geben Sie die User-ID ein. Beenden mit einer leeren Zeile: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Keine solche User-ID vorhanden.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "übersprungen: öffentlicher Schlüssel bereits als Standardempfänger gesetzt\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Öffentlicher Schlüssel ist abgeschaltet.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "übersprungen: öffentlicher Schlüssel bereits gesetzt\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "Unbekannter voreingestellter Empfänger \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "Keine gültigen Adressaten\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Hinweis: Schlüssel %s besitzt nicht die %s Eigenschaft\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Hinweis: Schlüssel %s hat keine Einstellung für %s\n"
@@ -6918,78 +6893,83 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "Daten wurden nicht gespeichert; verwenden Sie dafür die Option \"--output\"\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Abgetrennte Beglaubigungen.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Bitte geben Sie den Namen der Datendatei ein: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "lese stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "keine signierten Daten\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "kann signierte Datei '%s' nicht öffnen.\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "kann signierte Daten auf fd=%d nicht öffnen: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "Schlüssel \"%s\" ist zum Entschlüsseln im %s Modus nicht geeignet.\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "Ungenannter Empfänger; Versuch mit geheimen Schlüssel %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "Der Schlüssel ist zum Entschlüsseln nicht gekennzeichnet.\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "Alles klar, wir sind der ungenannte Empfänger.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "alte Kodierung des DEK wird nicht unterstützt\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "Verschlüsselungsverfahren %d%s ist unbekannt oder abgeschaltet\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "WARNUNG: Das Verschlüsselungsverfahren %s wurde nicht in den "
 "Empfängereinstellungen gefunden\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Hinweis: geheimer Schlüssel %s verfällt am %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Hinweis: Schlüssel wurde widerrufen"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "\"build_packet\" fehlgeschlagen: %s\n"
@@ -7007,38 +6987,38 @@ msgstr "Schlüssel soll widerrufen werden von:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Dies ist ein \"sensitiver\" Widerrufsschlüssel)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Geheimer Schlüssel ist nicht vorhanden.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr ""
 "Ein vorgesehenes Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Ausgabe mit ASCII Hülle erzwungen\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "\"make_keysig_packet\" fehlgeschlagen: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Widerrufzertifikat erzeugt.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "keine Widerrufsschlüssel für \"%s\" gefunden\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Dies ist ein Widerrufszertifikat für den OpenPGP Schlüssel:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7049,7 +7029,7 @@ msgstr ""
 "nicht möglich, ein einmal veröffentlichtes Widerrufszertifikat wieder\n"
 "zurückzuziehen."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7064,7 +7044,7 @@ msgstr ""
 "mit angeben zu können.  Weitere Informationen finden Sie im GnuPG\n"
 "Handbuch unter der Beschreibung des gpg Kommandos \"--generate-revocation\"."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7075,12 +7055,12 @@ msgstr ""
 "unten eingefügt.  Vor dem Import dieses Widerrufszertifikats\n"
 "entfernen Sie bitte diesen Doppelpunkt mittels eines Texteditors."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Widerrufzertifikat wurde als '%s.rev' gespeichert.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "Geheimer Schlüssel \"%s\" nicht gefunden\n"
@@ -7093,17 +7073,17 @@ msgstr "Geheimer Schlüssel \"%s\" nicht gefunden\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "'%s' trifft auf mehrere geheime Schlüssel zu:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "Fehler beim Suchen im Schlüsselbund: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Ein Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
 
 # translated by wk
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7123,38 +7103,38 @@ msgstr ""
 "Drucksystem kann unter Umständen eine Kopie anderen Nutzern zugänglich\n"
 "machen.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Grund für den Widerruf:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Abbruch"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Wahrscheinlich möchten Sie hier %d auswählen)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "Geben Sie eine optionale Beschreibung ein. Beenden mit einer leeren Zeile:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Grund für Widerruf: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Keine Beschreibung angegeben)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Ist das OK? (j/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "Unsicherer Schlüssel erzeugt - neuer Versuch\n"
@@ -7166,49 +7146,44 @@ msgstr ""
 "Trotz %d-fachen Versuches konnte die Erzeugung eines unsicheren Schlüssels "
 "für sym. Verschlüsselung nicht vermieden werden!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s-Schlüssel %s verwendet ein unsicheres (%zu-Bit) Hashverfahren\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "%s-Schlüssel %s benötigt einen mindestens %zu Bit langen Hash (Hash ist %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WARNUNG: Widersprechende Hashverfahren in der signierten Botschaft\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, c-format
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr ""
 "Schlüssel \"%s\" darf zum Signieren im %s Modus nicht verwendet werden.\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr "Die Prüfung wird aufgrund der Option %s weiter durchgeführt\n"
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "WARNUNG: Signaturunterschlüssel %s hat keine Rücksignatur\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "Siehe %s für weitere Infos\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "WARNUNG: Signaturunterschlüssel %s hat eine ungültige Rücksignatur\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7216,14 +7191,14 @@ msgstr[0] "Öffentlicher Schlüssel %s ist %lu Sekunde jünger als die Signatur\
 msgstr[1] ""
 "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Signatur\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "Öffentlicher Schlüssel %s ist %lu Tag jünger als die Signatur\n"
 msgstr[1] "Öffentlicher Schlüssel %s ist %lu Tage jünger als die Signatur\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7236,7 +7211,7 @@ msgstr[1] ""
 "Schlüssel %s wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
 "Uhrenproblem)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7248,55 +7223,55 @@ msgstr[1] ""
 "Schlüssel %s wurde %lu Tage in der Zukunft erzeugt (Zeitreise oder "
 "Uhrenproblem)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Hinweis: Signaturschlüssel %s ist am %s verfallen\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Hinweis: Signaturschlüssel %s wurde widerrufen\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "Falsche Schlüsselsignatur von Schlüssel %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "Falsche Datensignatur von Schlüssel %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "Vermutlich eine FALSCHE Signatur von Schlüssel %s, wegen unbekanntem "
 "\"critical bit\"\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselwiderruf-"
 "Beglaubigung\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr ""
 "Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindungs-"
 "Beglaubigung\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "WARNUNG: \"Notation\" kann nicht %%-erweitert werden (zu groß). Verwende "
 "\"unerweiterte\".\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7304,7 +7279,7 @@ msgstr ""
 "WARNUNG: Richtlinien-URL kann nicht %%-erweitert werden (zu groß). Verwende "
 "\"unerweiterte\".\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7313,12 +7288,12 @@ msgstr ""
 "WARNUNG: URL für bevorzugten Schlüsselserver kann nicht %%-erweitert werden "
 "(zu groß). Verwende \"unerweiterte\".\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s Signatur von: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7326,40 +7301,40 @@ msgstr ""
 "WARNUNG: Erzwingen des Hashverfahrens %s (%d) verstößt gegen die "
 "Empfängervoreinstellungen\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signiere:"
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
-msgstr "%s Verschlüsselung wird verwendet\n"
+msgid "%s.%s encryption will be used\n"
+msgstr "%s.%s Verschlüsselung wird verwendet\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "Schlüssel ist nicht als unsicher gekennzeichnet - er ist nur mit einem\n"
 "echten Zufallsgenerator verwendbar\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "übersprungen \"%s\": doppelt\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "übersprungen: geheimer Schlüssel bereits vorhanden\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "Dies ist ein durch PGP erzeugter Elgamal-Schlüssel. Das ist für Signaturen "
 "NICHT sicher genug!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "Vertrauenssatz %lu, Typ %d: Schreiben fehlgeschlagen: %s\n"
@@ -7373,43 +7348,43 @@ msgstr ""
 "# Liste der zugewiesenen \"Ownertrust\" Werte, erzeugt am %s\n"
 "# (\"gpg --import-ownertrust\" um sie zu restaurieren)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "Fehler in `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "Zeile ist zu lang"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "Doppelpunkt fehlt"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "ungültiger Fingerabdruck"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "\"Ownertrust\"-Wert fehlt"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "Fehler beim Suchen des \"Trust records\" in `%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "Lesefehler in `%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "\"Trust-DB\": sync fehlgeschlagen: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "Datei `%s' konnte nicht gesperrt werden\n"
@@ -7419,12 +7394,12 @@ msgstr "Datei `%s' konnte nicht gesperrt werden\n"
 msgid "can't lock '%s'\n"
 msgstr "'%s' kann nicht gesperrt werden\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb Satz %lu: lseek fehlgeschlagen: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb Satz %lu: write fehlgeschlagen (n=%d): %s\n"
@@ -7439,7 +7414,7 @@ msgstr "trustdb Transaktion zu groß\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: Verzeichnis existiert nicht!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "kann auf `%s' nicht zugreifen: %s\n"
@@ -7480,7 +7455,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: Fehler beim Ändern des Versionsatzes: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: Fehler beim Lesen des Versionsatzes: %s\n"
@@ -7490,52 +7465,52 @@ msgstr "%s: Fehler beim Lesen des Versionsatzes: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: Fehler beim Schreiben des Versionsatzes: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek fehlgeschlagen: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: keine trustdb Datei\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: version record with recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: invalid file version %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: Fehler beim Lesen eines freien Satzes: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: Fehler beim Schreiben eines Verzeichnis-Satzes: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: konnte einen Satz nicht Nullen: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: konnte Satz nicht anhängen: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Fehler: Die Vertrauensdatenbank ist fehlerhaft\n"
@@ -7576,10 +7551,10 @@ msgstr "Nicht unterstützte TOFU Datenbank Version: %s\n"
 msgid "TOFU DB error"
 msgstr "TOFU (Trust on First Use) database error"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "Fehler beim Lesen der TOFU Datenbank: %s\n"
@@ -7599,7 +7574,7 @@ msgstr "Fehler beim Initialisieren der TOFU Datenbank: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "Fehler beim Öffner der TOFU Datenbank '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "Fehler beim Schreiben der TOFU Datenbank: %s\n"
@@ -7670,92 +7645,92 @@ msgstr "dieser Schlüssel"
 #, c-format
 msgid "Verified %d message."
 msgid_plural "Verified %d messages."
-msgstr[0] "%d überprüfte Nachricht."
-msgstr[1] "%d überprüfte Nachrichten."
+msgstr[0] "%d überprüfte Botschaft."
+msgstr[1] "%d überprüfte Botschaften."
 
 #: g10/tofu.c:1827
 #, c-format
 msgid "Encrypted %d message."
 msgid_plural "Encrypted %d messages."
-msgstr[0] "%d Nachricht wurde verschlüsselt."
-msgstr[1] "%d Nachrichten wurden verschlüsselt."
+msgstr[0] "%d Botschaft wurde verschlüsselt."
+msgstr[1] "%d Botschaften wurden verschlüsselt."
 
 #: g10/tofu.c:1834
 #, c-format
 msgid "Verified %d message in the future."
 msgid_plural "Verified %d messages in the future."
-msgstr[0] "%d Nachricht in der Zukunft signiert."
-msgstr[1] "%d Nachrichten in der Zukunf signiert."
+msgstr[0] "%d Botschaft in der Zukunft signiert."
+msgstr[1] "%d Botschaften in der Zukunft signiert."
 
 #: g10/tofu.c:1838
 #, c-format
 msgid "Encrypted %d message in the future."
 msgid_plural "Encrypted %d messages in the future."
-msgstr[0] "%d Nachricht in der Zukunft verschlüsselt."
-msgstr[1] "%d Nachrichten in der Zukunft verschlüsselt."
+msgstr[0] "%d Botschaft in der Zukunft verschlüsselt."
+msgstr[1] "%d Botschaften in der Zukunft verschlüsselt."
 
 #: g10/tofu.c:1852
 #, c-format
 msgid "Messages verified over the past %d day: %d."
 msgid_plural "Messages verified over the past %d days: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Tages überprüft wurden: %d."
-msgstr[1] "Nachrichten die innerhalb der letzten %d Tage überprüft wurden: %d."
+"Botschaften die innerhalb des letzten %d Tages überprüft wurden: %d."
+msgstr[1] "Botschaften die innerhalb der letzten %d Tage überprüft wurden: %d."
 
 #: g10/tofu.c:1858
 #, c-format
 msgid "Messages encrypted over the past %d day: %d."
 msgid_plural "Messages encrypted over the past %d days: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Tages verschlüsselt wurden: %d."
+"Botschaften die innerhalb des letzten %d Tages verschlüsselt wurden: %d."
 msgstr[1] ""
-"Nachrichten die innerhalb der letzten %d Tage verschlüsselt wurden: %d."
+"Botschaften die innerhalb der letzten %d Tage verschlüsselt wurden: %d."
 
 #: g10/tofu.c:1868
 #, c-format
 msgid "Messages verified over the past %d month: %d."
 msgid_plural "Messages verified over the past %d months: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Monats überprüft wurden: %d."
+"Botschaften die innerhalb des letzten %d Monats überprüft wurden: %d."
 msgstr[1] ""
-"Nachrichten die innerhalb der letzten %d Monate überprüft wurden: %d."
+"Botschaften die innerhalb der letzten %d Monate überprüft wurden: %d."
 
 #: g10/tofu.c:1874
 #, c-format
 msgid "Messages encrypted over the past %d month: %d."
 msgid_plural "Messages encrypted over the past %d months: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Monats verschlüsselt wurden: %d."
+"Botschaften die innerhalb des letzten %d Monats verschlüsselt wurden: %d."
 msgstr[1] ""
-"Nachrichten die innerhalb der letzten %d Monate verschlüsselt wurden: %d."
+"Botschaften die innerhalb der letzten %d Monate verschlüsselt wurden: %d."
 
 #: g10/tofu.c:1884
 #, c-format
 msgid "Messages verified over the past %d year: %d."
 msgid_plural "Messages verified over the past %d years: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Jahres überprüft wurden: %d."
+"Botschaften die innerhalb des letzten %d Jahres überprüft wurden: %d."
 msgstr[1] ""
-"Nachrichten die innerhalb der letzten %d Jahre überprüft wurden: %d."
+"Botschaften die innerhalb der letzten %d Jahre überprüft wurden: %d."
 
 #: g10/tofu.c:1890
 #, c-format
 msgid "Messages encrypted over the past %d year: %d."
 msgid_plural "Messages encrypted over the past %d years: %d."
 msgstr[0] ""
-"Nachrichten die innerhalb des letzten %d Jahres verschlüsselt wurden: %d."
+"Botschaften die innerhalb des letzten %d Jahres verschlüsselt wurden: %d."
 msgstr[1] ""
-"Nachrichten die innerhalb der letzten %d Jahre verschlüsselt wurden: %d."
+"Botschaften die innerhalb der letzten %d Jahre verschlüsselt wurden: %d."
 
 #: g10/tofu.c:1898
 #, c-format
 msgid "Messages verified in the past: %d."
-msgstr "Nachrichten die in der Vergangenheit überprüft wurden: %d."
+msgstr "Botschaften die in der Vergangenheit überprüft wurden: %d."
 
 #: g10/tofu.c:1902
 #, c-format
 msgid "Messages encrypted in the past: %d."
-msgstr "Nachricht die in der Vergangenheit verschlüsselt wurden: %d."
+msgstr "Botschaften die in der Vergangenheit verschlüsselt wurden: %d."
 
 #. TRANSLATORS: Please translate the text found in the source
 #. * file below.  We don't directly internationalize that text so
@@ -7786,115 +7761,115 @@ msgstr "(G)ut, einmal (A)kzeptieren, (U)nbekannt, einmal ab(L)ehnen, (F)alsch?"
 msgid "Defaulting to unknown.\n"
 msgstr "Als Voreinstellung wird 'Unbekannt' verwendet.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "TOFU Datenbank ist defekt.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "Fehler beim Ändern der TOFU Richtlinie: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~Jahr"
 msgstr[1] "%lld~Jahre"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~Monat"
 msgstr[1] "%lld~Monate"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~Woche"
 msgstr[1] "%lld Wochen"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~Tag"
 msgstr[1] "%lld~Tage"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~Stunde"
 msgstr[1] "%lld~Stunden"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~Minute"
 msgstr[1] "%lld~Minuten"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~Sekunde"
 msgstr[1] "%lld~Sekunden"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr "%s: 0~Signaturen und 0~Nachrichten verschlüsselt."
+msgstr "%s: 0~Signaturen und 0~Botschaften verschlüsselt."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: 0~Signaturen überprüft."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
-msgstr "0 Nachrichten verschlüsselt."
+msgstr "0 Botschaften verschlüsselt."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(Richtlinie: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 "WARNUNG: Wir müssen noch eine mit diesem Schlüssel und User-ID signierte "
-"Nachricht sehen.\n"
+"Botschaft sehen.\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
-"WARNUNG: Wir haben nur eine einzige mit diesem Schlüssel signierte Nachricht "
+"WARNUNG: Wir haben nur eine einzige mit diesem Schlüssel signierte Botschaft "
 "gesehen.\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
-"WARNUNG: Sie müssen noch eine verschlüselte Nachricht an diesen Schlüssel "
+"WARNUNG: Sie müssen noch eine verschlüselte Botschaft an diesen Schlüssel "
 "senden!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
-"WARNUNG: Sie haben nur eine verschlüsselte Nachricht an diesen Schlüssel "
+"WARNUNG: Sie haben nur eine verschlüsselte Botschaft an diesen Schlüssel "
 "erstellt!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7910,7 +7885,7 @@ msgid_plural ""
 "to mark it as being bad.\n"
 msgstr[0] ""
 "WARNUNG: Falls sie glauben, mehr mit diesem Schlüssel und dieser\n"
-"User-ID signierte Nachricht erhalten zu haben, so kann es sich bei\n"
+"User-ID signierte Botschaft erhalten zu haben, so kann es sich bei\n"
 "diesem Schlüssel um eine Fälschung handeln!  Prüfen Sie die\n"
 "Email-Adresse genau auf kleine Abweichungen.  Falls Ihnen der\n"
 "Schlüssel suspekt erscheint, benutzen Sie\n"
@@ -7918,122 +7893,122 @@ msgstr[0] ""
 "um den Schlüssel als Fälschung zu markieren.\n"
 msgstr[1] ""
 "WARNUNG: Falls sie glauben, mehr mit diesem Schlüssel und diesen\n"
-"User-IDs signierte Nachrichten erhalten zu haben, so kann es sich\n"
+"User-IDs signierte Botschaften erhalten zu haben, so kann es sich\n"
 "bei diesem Schlüssel um eine Fälschung handeln!  Prüfen Sie die\n"
 "Email-Adressen genau auf kleine Abweichungen.  Falls Ihnen der\n"
 "Schlüssel suspekt erscheint, benutzen Sie\n"
 "   %s\n"
 "um den Schlüssel als Fälschung zu markieren.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "Fehler beim Öffnen der TOFU Datenbank: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "WARNUNG: Es wird an %s verschlüsselt, welcher nur widerrufene User-IDs hat.\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' ist keine gültige lange Schlüssel-ID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "Schlüssel %s: Als vertrauenswürdiger Schlüssel akzeptiert\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "Schlüssel %s tritt mehr als einmal in der \"trustdb\" auf\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "Schlüssel %s: kein öffentlicher Schlüssel für den vertrauenswürdigen "
 "Schlüssel - übersprungen\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "Schlüssel %s ist als ultimativ vertrauenswürdig gekennzeichnet\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "trust record %lu, req type %d: read failed: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "Vertrauenssatz %lu ist nicht von der angeforderten Art %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 "Sie können versuchen die Vertrauensdatenbank durch folgende Befehle\n"
 "wiederherzustellen:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Falls dies nicht funktioniert, sehen Sie bitte im Handbuch nach\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "kann unbekanntes Vertrauensmodell nicht verwenden (%d) - verwende "
 "Vertrauensmodell %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "verwende Vertrauensmodell %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "\"Trust-DB\"-Überprüfung nicht nötig\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "nächste \"Trust-DB\"-Pflichtüberprüfung am %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "\"Trust-DB\"-Überprüfung ist beim `%s'-Vertrauensmodell nicht nötig\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "\"Trust-DB\"-Änderung ist beim `%s'-Vertrauensmodell nicht nötig\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "Öffentlicher Schlüssel %s nicht gefunden: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "Bitte ein --check-trustdb durchführen\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "\"Trust-DB\" wird überprüft\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
@@ -8041,24 +8016,24 @@ msgstr[0] "%d Schlüssel bislang bearbeitet"
 msgstr[1] "%d Schlüssel bislang bearbeitet"
 
 # translated by wk
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (%d Validity Zähler gelöscht)\n"
 msgstr[1] " (%d Validity Zähler gelöscht)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "keine ultimativ vertrauenswürdigen Schlüssel gefunden\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "öff. Schlüssel des ultimativ vertrauten Schlüssel %s nicht gefunden\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8066,30 +8041,30 @@ msgstr ""
 "Tiefe: %d  gültig: %3d  signiert: %3d  Vertrauen: %d-, %dq, %dn, %dm, %df, "
 "%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "\"Trust-DB\"-Versions-Satz kann nicht geändert werden: Schreiben "
 "fehlgeschlagen: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "unbestimmt"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "niemals"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "vollständig"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultimativ"
 
@@ -8101,39 +8076,39 @@ msgstr "ultimativ"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "13"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ widerrufen]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ verfallen ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ unbekannt ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[undefiniert]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[  niemals  ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[  marginal ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[vollständig]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ ultimativ ]"
 
@@ -8158,19 +8133,29 @@ msgstr "Eingabezeile %u ist zu lang oder es fehlt ein LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "fd=%d kann nicht geöffnet werden: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "WARNUNG: Verschlüsseln ohne Integritätsschutz ist gefährlich!\n"
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "Tip: Die Option '%s' nicht benutzen.\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "Debug Flags setzen"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "Alle Debug Flags setzen"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Aufruf: kbxutil [Optionen] [Dateien] (-h für Hilfe)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8181,19 +8166,130 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNummer: %s%%0ABesitzer: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Verbliebene Versuche: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Bitte die Globale PIN eingeben"
+
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Bitte geben Sie die Globale PIN Ihrer PIV Karte an"
+
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr "|N|Bitte die neue PIN eingeben"
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Bitte geben Sie die PIN Ihrer PIV Karte ein"
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|N|Bitte geben Sie den neuen Unblocking-Key ein"
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Bitte geben Sie den PIN Unblocking Key (PUK) Ihrer PIV Karte ein"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-Callback meldete Fehler: %s\n"
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN ist zu kurz; die Mindestlänge beträgt %d\n"
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN ist zu lang; die Maximallänge beträgt %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr "PIN hat ungültige Zeichen; es sind nur Ziffern erlaubt\n"
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "Schlüssel existiert bereits\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "Existierender Schlüssel wird ersetzt werden\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "neue Schlüssel werden erzeugt\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "der neue Schlüssel wird geschrieben\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "Speichern des Schlüssels fehlgeschlagen: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "Antwort enthält den öffentlichen RSA-Exponenten nicht\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "Der EC Schlüssel fehlt in der Antwort\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "Bitte warten, der Schlüssel wird erzeugt ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "Schlüsselerzeugung fehlgeschlagen\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Schlüsselerzeugung abgeschlossen (%d Sekunde)\n"
+msgstr[1] "Schlüsselerzeugung abgeschlossen (%d Sekunden)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "Die Antwort enthält keine öffentliche Schlüssel-Daten\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Bitte geben Sie die PIN für den Schlüssel zur Erstellung qualifizierter "
@@ -8201,58 +8297,55 @@ msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Bitte die Admin-PIN eingeben."
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|P|Bitte geben Sie den PIN Entsperrcode (PUK) für den Standard-Schlüssel ein."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Bitte die PIN für den Standard-Schlüssel eingeben."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "Der RSA Modulus fehlt oder ist nicht %d Bits lang\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "Der öffentliche Exponent fehlt oder ist zu groß (mehr als %d Bit)\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN-Callback meldete Fehler: %s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
+msgstr "Tip: Die PIN wurde noch nicht aktiviert."
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "Die Nullpin wurde noch nicht geändert\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Bitte eine neue PIN für den Standard-Schlüssel eingeben."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Bitte geben Sie einen neuen PIN Entsperrcode (PUK) für den Standard-"
 "Schlüssel ein."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Bitte geben Sie eine neue PIN für den Schlüssel zur Erstellung "
 "qualifizierter Signaturen ein."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8260,7 +8353,7 @@ msgstr ""
 "|NP|Bitte geben Sie einen neuen PIN Entsperrcode (PUK) für den Schlüssel zur "
 "Erstellung qualifizierter Signaturen ein."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8268,47 +8361,27 @@ msgstr ""
 "|N|Bitte geben Sie den PIN Entsperrcode (PUK) für den Schlüssel zur "
 "Erstellung qualifizierter Signaturen ein."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "Fehler beim Abfragen einer neuen PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "Der Fingerabdruck kann nicht gespeichert werden: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "Das Erzeugungsdatum konnte nicht gespeichert werden: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "Antwort enthält den öffentlichen RSA-Exponenten nicht\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "Der EC Schlüssel fehlt in der Antwort\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "Die Antwort enthält keine öffentliche Schlüssel-Daten\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
@@ -8316,44 +8389,44 @@ msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNummer: %s%%0ABesitzer: %s%%0AAnzahl: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "Die Standard PIN wird für %s benutzt\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "Die Standard PIN für %s konnte nicht benutzt werden: %s - Die Standard PIN "
 "wird nicht weiter benutzt\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Bitte entsperren Sie die Karte"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN für CHV%d ist zu kurz; die Mindestlänge beträgt %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "Prüfung des CHV%d fehlgeschlagen: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "Karte ist dauerhaft gesperrt!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8361,20 +8434,20 @@ msgid_plural ""
 msgstr[0] "Noch %d Admin-PIN-Versuch, bis die Karte dauerhaft gesperrt ist\n"
 msgstr[1] "Noch %d Admin-PIN-Versuche, bis die Karte dauerhaft gesperrt ist\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Bitte die PIN eingeben"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Der Rückstellcode ist zu kurz; die Mindestlänge beträgt %d\n"
@@ -8382,114 +8455,72 @@ msgstr "Der Rückstellcode ist zu kurz; die Mindestlänge beträgt %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Neuer Rückstellcode"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Neue Admin-PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Neue PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "|A|Bitte die Admin-PIN sowie die neue Admin-PIN eingeben."
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Bitte die PIN sowie die neue PIN eingeben"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "Fehler beim Lesen der Anwendungsdaten\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "Fehler beim Lesen des Fingerabdrucks DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "Schlüssel existiert bereits\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "Existierender Schlüssel wird ersetzt werden\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "neue Schlüssel werden erzeugt\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "der neue Schlüssel wird geschrieben\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "Erzeugungsdatum fehlt\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "Die RSA Primzahl %s fehlt oder ist nicht %d Bits lang\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "Speichern des Schlüssels fehlgeschlagen: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "Nicht unterstützte Kurve\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "Bitte warten, der Schlüssel wird erzeugt ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "Schlüsselerzeugung fehlgeschlagen\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Schlüsselerzeugung abgeschlossen (%d Sekunde)\n"
-msgstr[1] "Schlüsselerzeugung abgeschlossen (%d Sekunden)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "Ungültige Struktur der OpenPGP-Karte (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "Der Fingerabdruck auf der Karte entspricht nicht dem angeforderten.\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "Die Hashmethode %s wird von der Karte nicht unterstützt\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "Anzahl bereits erzeugter Signaturen: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8497,7 +8528,7 @@ msgstr ""
 "Die Überprüfung der Admin PIN ist momentan durch einen Befehl verboten "
 "worden\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "Kann auf %s nicht zugreifen - ungültige OpenPGP-Karte?\n"
@@ -8509,59 +8540,63 @@ msgstr "||Bitte die PIN auf der Tastatur des Kartenlesers eingeben"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Erstmalige neue PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "Im Multiserver Modus ausführen"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|NAME|Die Debugstufe auf NAME setzen"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|DATEI|Schreibe Logs auf DATEI"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|Verbinde mit dem Leser auf Port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|Benutze NAME als CT-API Treiber"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|Benutze NAME als PC/SC Treiber"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "Den internen CCID Treiber nicht benutzen"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|Schalte die Karte nach N Sekunden Inaktivität ab"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "Die Tastatur des Kartenlesers nicht benutzen"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "Variable Längeneingabe für die Kartenlesertastatur benutzen"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr "|LIST|Anwendungprioritäten auf LIST setzen"
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "Verweigere die Benutzung von \"Admin\"-Befehlen"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Gebrauch: @SCDAEMON@ [Optionen] (-h für Hilfe)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8569,39 +8604,33 @@ msgstr ""
 "Syntax: @SCDAEMON@ [Optionen] [Befehl [Argumente]]\n"
 "Smartcard Daemon für @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "Bitte die Option `--daemon' nutzen, um das Programm im Hintergund "
 "auszuführen\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "Handhabungsroutine für fd %d gestartet\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "Handhabungsroutine für den fd %d beendet\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "Fehler beim Holen der Schlüsselbenutzungsinformationen: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "Durch Zertifikat angefordertes Gültigkeitsmodell: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "Kette"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "Schale"
 
@@ -8634,7 +8663,7 @@ msgstr "Hinweis: Die unkritische Zertifikatsrichtlinie ist nicht erlaubt"
 msgid "certificate policy not allowed"
 msgstr "Die Zertifikatsrichtlinie ist nicht erlaubt"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "Kann den Fingerprint nicht ermitteln\n"
@@ -8649,7 +8678,7 @@ msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n"
 msgid "number of issuers matching: %d\n"
 msgstr "Anzahl der übereinstimmenden Herausgeber: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "authorityInfoAccess kann nicht geholt werden: %s\n"
@@ -8669,243 +8698,243 @@ msgstr "Anzahl der übereinstimmenden Zertifikate: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "Schlüsselsuche im Cache des Dirmngr schlug fehl: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "Kann keinen KeyDB Handler bereitstellen\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "Das Zertifikat wurde widerrufen"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "Der Status des Zertifikats ist nicht bekannt"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 "Bitte vergewissern Sie sich, daß der \"dirmngr\" richtig installiert ist\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "Die CRL konnte nicht geprüft werden: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "Zertifikat mit unzulässiger Gültigkeit: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "Das Zertifikat ist noch nicht gültig"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "Das Wurzelzertifikat ist noch nicht gültig"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "Das Zwischenzertifikat ist noch nicht gültig"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "Das Zertifikat ist abgelaufen"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "Das Wurzelzertifikat ist abgelaufen"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "Das Zwischenzertifikat ist abgelaufen"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "Notwendige Zertifikatattribute fehlen: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "Zertifikat mit unzulässiger Gültigkeit"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "Die Signatur wurde nicht in der Gültigkeitszeit des Zertifikat erzeugt"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 "Das Zertifikat wurde nicht während der Gültigkeitszeit des Herausgebers "
 "erzeugt"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 "Das Zwischenzertifikat wurde nicht während der Gültigkeitszeit des "
 "Herausgebers erzeugt"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (    Signatur erzeugt am "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (  Zertifikat erzeugt am "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (  Zertifikat gültig von "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  ( Herausgeber gültig von "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "Fingerprint=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "Das Wurzelzertifikat wurde nun als vertrauenswürdig markiert\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 "Interaktives vertrauenswürdig-Markieren ist in gpg-agent ausgeschaltet\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 "Interaktives vertrauenswürdig-Markieren ist in dieser Sitzung ausgeschaltet\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "WARNUNG: Der Erzeugungszeitpunkt der Signatur ist nicht bekannt - Nehme die "
 "aktuelle Zeit an"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "Im Zertifikat ist kein Herausgeber enthalten"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "Das Wurzelzertifikat ist nicht als vertrauenswürdig markiert"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "Der Zertifikatkette ist zu lang\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "Herausgeberzertifikat nicht gefunden"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "Das Zertifikat hat eine FALSCHE Signatur"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche "
 "nochmal"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "Das Zertifikat ist korrekt\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Das Zwischenzertifikat ist korrekt\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "Das Wurzelzertifikat ist korrekt\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "Umgeschaltet auf das Kettenmodell"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "Benutztes Gültigkeitsmodell: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 "Ein %u-Bit Hashverfahren ist für einen %u-Bit %s Schlüssel nicht möglich\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "Nicht genügend Speicher\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(Dies ist der MD2 Algorithmus)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "keine"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Fehler - Ungültige Kodierung]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Fehler - Nicht genügend Speicher]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Fehler - Kein Name]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Fehler - Ungültiger DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8914,189 +8943,199 @@ msgid ""
 "S/N %s, ID 0x%08lX,\n"
 "created %s, expires %s.\n"
 msgstr ""
-"Bitte geben Sie das Passwort an, um den geheimen Schlüssel des X.509 "
+"Bitte geben Sie die Passphrase an, um den geheimen Schlüssel des X.509 "
 "Zertifikats:\n"
 "\"%s\"\n"
 "S/N %s, ID 0x%08lX,\n"
 "gültig von %s bis %s\n"
 "zu entsperren.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 "Schlüsselverwendungszweck nicht vorhanden - für alle Zwecke akzeptiert\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "Fehler beim Holen der Schlüsselbenutzungsinformationen: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "Das Zertifikat hätte nicht zum Zertifizieren benutzt werden sollen\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 "Das Zertifikat hätte nicht zum Signieren von OCSP Antworten benutzt werden "
 "sollen\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "Das Zertifikat hätte nicht zum Verschlüsseln benutzt werden sollen\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "Das Zertifikat hätte nicht zum Signieren benutzt werden sollen\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "Das Zertifikat kann nicht zum Verschlüsseln benutzt werden\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "Das Zertifikat kann nicht zum Signieren benutzt werden\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr "schaue nach einem anderen Zertifikat\n"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "Zeile %d: Ungültiges Verfahren\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "Zeile %d: Ungültige Schlüssellänge %u (gültig Werte: %d bis %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "Zeile %d: Kein Subjekt-Name angegeben\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "Zeile %d: ungültiger Subjekt-Name-Label `%.*s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "Zeile %d: ungültige Betreffbezeichnung `%s' in Spalte %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Zeile %d: Keine gültige E-Mailadresse\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "Zeile %d: Ungültige Seriennummer\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "Zeile %d: ungültiger Issuer-Name-Label `%.*s'\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "Zeile %d: ungültiger Herausgeber `%s' in Spalte %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "Zeile %d: Ungültiges Datum\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "Zeile %d: Fehler beim Holen des Signaturschlüssels per \"Keygrip\" `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "Zeile %d: Ungültiges Hashverfahren\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "Zeile %d: Ungültige Authentisierungsschlüssel-ID\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "Zeile %d: ungültige \"Subject-Key-Id\"\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "Zeile %d: Ungültiger Syntax der Extension\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "Zeile %d: Fehler beim Lesen des Schlüssels `%s' von der Karte: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "Zeile %d: Fehler beim Holen des Schlüssels per \"Keygrip\" `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Zeile %d: Schlüsselerzeugung schlug fehl: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 "Um die Zertifikatsanforderung fertigzustellen, geben Sie nun bitte\n"
-"noch einmal das Passwort des soeben erzeugten Schlüssels ein.\n"
+"noch einmal die Passphrase des soeben erzeugten Schlüssels ein.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Vorhandener Schlüssel\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Vorhandener Schlüssel auf der Karte\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Mögliche Vorgänge eines %s-Schlüssels:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) signieren, verschlüsseln\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) signieren\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) verschlüsseln\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Bitte geben sie den Namen des X.509 Subjekts ein: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Kein Subjekt-Name angegeben\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Ungültiger Subjekt-Name-Label `%.*s'\n"
@@ -9106,242 +9145,236 @@ msgstr "Ungültiger Subjekt-Name-Label `%.*s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Ungültiger Subjekt-Name `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "25"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Email-Adresse eingeben"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (Beenden mit einer leeren Zeile):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "DNS Namen eingeben"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (Optional. Beenden mit einer leeren Zeile):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Bitte geben Sie die URIs ein"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Ein eigenbeglaubigtes Zertifikat erzeugen? (j/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Verwendete Parameter:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "Fehler beim Erstellen einer temporären Datei: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Das eigenbeglaubigte Zertifikat wird erzeugt.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Die Zertifikatsanforderung wird erzeugt.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Dies kann einen Moment dauern ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Fertig.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Fertig.  Sie sollten nun diese Anforderung an die CA senden.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "Resourcenproblem: Nicht genügend Hauptspeicher\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "%s.%s verschlüsselte Daten\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(Dies ist der RC-2 Algorithmus)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
-msgstr "(dies ist wahrscheinlich keine verschlüsselte Nachricht)\n"
+msgstr "(dies ist wahrscheinlich keine verschlüsselte Botschaft)\n"
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
 # [kw]
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
-msgstr "verschlüsselt an %s Schlüssel, ID %s\n"
+msgstr "verschlüsselt an %s Schlüssel %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "Zertifikat `%s' nicht gefunden: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "Fehler beim Sperren der Keybox: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Doppeltes Zertifikat `%s' gelöscht\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "Zertifikat `%s' gelöscht\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "Fehler beim Löschen des Zertifikats \"%s\": %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "Keine gültigen Empfänger angegeben\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "Externe Schlüssel anzeigen"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "Schlüssel mit Zertifikatekette anzeigen"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "Zertifikate importieren"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "Zertifikate exportieren"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "Smartcard registrieren"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "Das Kommando an den Dirmngr durchreichen"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "Rufe das gpg-protect-tool auf"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "das Terminal gar nicht benutzen"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|Sende N Zertifikate mit"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|DATEI|Richtlinieninformationen DATEI entnehmen"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "Eingabedaten sind im PEM Format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "Eingabedaten sind im Basis-64 Format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "Eingabedaten sind im Binärformat"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "Ausgabe im Basis-64 Format erzeugen"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|USER-ID als voreingestellten Schlüssel benutzen"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|DATEI|DATEI als öffentlichen Schlüsselbund mitbenutzen"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|Schlüssel bei diesem Server nachschlagen"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "Fehlende Zertifikate automatisch holen"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
-msgstr "|NAME|Benutze die Kodierung NAME für PKCS#12 Passwörter"
+msgstr "|NAME|Benutze die Kodierung NAME für PKCS#12 Passphrasen"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "Niemals eine CRL konsultieren"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "CRL bei Wurzelzertifikaten nicht überprüfen"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "Die Gültigkeit mittels OCSP prüfen"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "Zertifikatsrichtlinien nicht überprüfen"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|Verschlüsselungsverfahren NAME benutzen"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|Hashverfahren NAME benutzen"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "Stapelmodus: Keine Abfragen"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "\"Ja\" als Standardantwort annehmen"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "\"Nein\" als Standardantwort annehmen"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|DATEI|Schreibe ein Audit-Log auf DATEI"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Aufruf: @GPGSM@ [Optionen] [Dateien] (-h für Hilfe)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9350,87 +9383,122 @@ msgstr ""
 "Syntax: @GPGSM@ [Optionen] [Dateien]\n"
 "Signieren, prüfen, ver- und entschlüsseln mittels S/MIME Protokoll\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Hinweis: Verschlüsselung für `%s' wird nicht möglich sein: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "Unbekanntes Gültigkeitsmodell '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: Kein Server-Name angegeben\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: Passwort ohne Benutzer\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr "%s:%u: Unbekanntes Flag '%s' wird  nicht beachtet\n"
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: Zeile wird übersprungen\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "Importiere allgemeine Zertifikate: %s\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "Signieren mit `%s' nicht möglich: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "Ungültiger Befehl (Es gibt keinen implizierten Befehl)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "gesamte verarbeitete Anzahl: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "Fehler beim Speichern des Zertifikats\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "Fehler beim Holen der gespeicherten Flags: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "Fehler beim Importieren des Zertifikats: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "Fehler beim Lesen der Eingabe: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "Der Keyboxd läuft nicht für diese Session\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "Fehler beim Öffnen der Schlüsseldatenbank: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "Problem bei der Suche nach vorhandenem Zertifikat: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "Fehler bei der Suche nach einer schreibbaren KeyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "Fehler beim Speichern des Zertifikats: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "Problem bei Wiederfinden des Zertifikats: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "Fehler beim Speichern der Flags: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Fehler - "
 
@@ -9441,17 +9509,17 @@ msgstr ""
 "GPG_TTY wurde nicht gesetzt - ein (möglicherweise falscher) Standardwert "
 "wird deshalb verwendet\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "Der Fingerabdruck in `%s', Zeile %d is fehlerhaft formatiert\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "Ungültiger Landescode in `%s', Zeile %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9468,7 +9536,7 @@ msgstr ""
 "\n"
 "%s%sSind Sie wirklich sicher, daß Sie dies möchten?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9477,7 +9545,7 @@ msgstr ""
 "Bitte beachten Sie, daß diese Software nicht offiziell zur Erzeugung\n"
 "oder Prüfung von qualifizierten Signaturen zugelassen ist.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9489,57 +9557,62 @@ msgstr ""
 "zu erzeugen. Bitte beachten Sie, daß dies KEINE qualifizierte\n"
 "Signatur erzeugen wird."
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "Hashverfahren %d (%s) wird für Unterzeichner %d nicht unterstützt; %s wird "
 "benutzt\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "Benutztes Hashverfahren für Unterzeichner %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "Prüfung auf ein qualifiziertes Zertifikats fehlgeschlagen: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s/%s Signatur mittels %s Schlüssel %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signatur erzeugt am "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[Datum nicht vorhanden]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "Verfahren:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
-"Ungültige Signatur: Nachricht entspricht nicht dem Prüfwert in der "
-"Nachricht.\n"
+"Ungültige Signatur: Botschaft entspricht nicht dem Prüfwert in der "
+"Botschaft.\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Korrekte Signatur von"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                alias"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Dies ist eine qualifizierte Signatur.\n"
@@ -9570,100 +9643,100 @@ msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 "Sperre für den Zertifikatzwischenspeicher kann nicht freigegeben werden: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "%u Zertifikate werden aus dem Zertifikatzwischenspeicher entfernt\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "Zertifikat `%s' kann nicht zerlegt werden: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "Zertifikat `%s' ist bereits im Zwischenspeicher\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Vertrauenswürdiges Zertifikat `%s' wurde geladen\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "Zertifikat `%s' wurde geladen\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1 Fingerabdruck=%s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   Issuer ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  Subjekt ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "Fehler beim Laden des Zertifikats `%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "   dauerhaft geladene Zertifikate: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr " zwischengespeicherte Zertifikate: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "    vertrauenswürdige Zertifikate: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "Zertifikat ist bereits im Zwischenspeicher\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "Zertifikat wurde zwischengespeichert\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "Fehler beim Zwischenspeichern des Zertifikats: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "ungültiger SHA1 Fingerabdruck `%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "Fehler beim Holen des Zertifikats mittels Seriennummer: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "Fehler beim Holen des Zertifikats mittels Subject: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "Im Zertifikat ist kein Herausgeber enthalten\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "Fehler beim Holen des \"authorityKeyIdentifier\": %s\n"
@@ -10207,56 +10280,56 @@ msgstr "CRL Zugriff ist im Tor Modus nicht möglich\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "Zertifikatsuche ist nicht möglich da %s abgeschaltet ist\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "OCSP anstatt CRL benutzen"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "Teste ob der dirmngr noch läuft"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "Ein Zertifikat dem Zwischenspeicher zufügen"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "Zertifikat prüfen"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "Zertifikat auffinden"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "Nur lokal gespeicherte Zertifikate auffinden"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "Eine URL wird für --lookup erwartet"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "CRL in den Dirmngr laden"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "Sondermodus für Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "Zertifikate werden im PEM Format erwartet"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "Die Nutzung des voreingestellten OCSP Responder erzwingen"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Gebrauch: dirmngr-client [Optionen] [Zertdatei|Muster] (-h für Hilfe)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10269,215 +10342,211 @@ msgstr ""
 "The Prozess gibt 0 zurück wenn das Zertifikat gültig ist, 1 wenn es nicht\n"
 "gültig ist und weitere Werte bei anderen Fehlern.\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "Fehler beim Lesen des Zertifikats von der Standardeingabe: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "Fehler beim Lesen des Zertifikats von `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "Zertifikat ist zu groß um Sinnvoll zu sein\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "Verbindung zum Dirmngr nicht möglich: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "Aufsuchen fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "Laden der CRL von `%s' fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "Ein dirmngr ist vorhanden und aktiv\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "Prüfung des Zertifikats fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "Zertifikat ist gültig\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "Zertifikat wurde widerrufen\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "Zertifikatprüfung fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "Erhielt Status: `%s'\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "Fehler beim Schreiben der Base-64 Darstellung: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "Nicht unterstützte INQUIRY `%s'\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "Absoluter Dateiname erwartet\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "Auffinden von `%s'\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "Den Inhalt des CRL Zwischenspeichers anzeigen"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|DATEI|Lade die CRL aus der DATEI in den Zwischenspeicher"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|Hole eine CRL von dieser URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "Den Dirmngr herunterfahren"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "Den Zwischenspeicher löschen"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "Online Softwareversionstest erlauben"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zurückgeben"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr "Netzwerkbezogene Optionen"
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "Netzzugriff nur über Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Konfiguration der Schlüsselserver"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "Benutze Schlüsselserver unter der URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|DATEI|Benutze die CA Zertifikate in DATEI für HKP über TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Konfiguration für HTTP Server"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "Sperre die Benutzung von HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "Übergehe HTTP CRL Distribution Points"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|Leite alle HTTP Anfragen über URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "Benutze die HTTP Proxy Einstellung des Systems"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Konfiguration der zu nutzenden LDAP-Server"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "Sperre die Benutzung von LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "Übergehe LDAP CRL Distribution Points"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|Benutze HOST für LDAP Anfragen"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "Keine Benutzung der Rückgriffshosts mit --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|Schlüssel bei diesem Server nachschlagen"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|DATEI|Lese die LDAP Serverliste aus DATEI"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "Füge neue Server aus den CRL Distribution Points der Serverliste hinzu"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|Setze die LDAP Zeitüberschreitung auf N Sekunden"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Konfiguration zu OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "OCSP Anfragen erlauben"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "Übergehe im Zertifikat enthaltene OCSP Service URLs"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|Benutze den OCSP Responder mit dieser URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|OCSP Antwort ist durch FPR signiert"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "Laden von abgelaufenen CRLs erzwingen"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10487,11 +10556,11 @@ msgstr ""
 "(Im \"info\"-Handbuch findet sich eine vollständige Liste aller Kommandos "
 "und Optionen)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Gebrauch: @DIRMNGR@ [Optionen]"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10499,115 +10568,295 @@ msgstr ""
 "Syntax: @DIRMNGR@ [Optionen] [Kommando [Argumente]]\n"
 "Keyserver, CRL und OCSP Zugriff für @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "Gültige Debugebenen sind: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "Aufruf: %s [Optionen] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "Doppelpunkte sind im Namen des Sockets nicht erlaubt\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "Holen der CRL von `%s' fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "Verarbeitung der CRL von `%s' fehlgeschlagen: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: Zeile ist zu lang - übergangen\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: ungültiger Fingerabdruck erkannt\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: Lesefehler: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: Müll am Ende der Zeile wird ignoriert\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 "SIGHUP empfangen - lese die Konfiguration erneut und lösche die "
 "Zwischenspeicher\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 empfangen - keine Aktion definiert\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM empfangen - wird heruntergefahren ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM empfangen - immer noch %d Verbindungen aktiv\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "Herunterfahren wurde erzwungen\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT empfangen - wird sofort heruntergefahren\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "Signal %d empfangen - keine Aktion definiert\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "Alle Werte in einem Record Format zurückgeben"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|Host Teil ignorieren und über NAME verbinden"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr "Eine TLS Verbindung erzwingen"
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|Verbinde mit dem Host NAME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|Verbinde mit dem Port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|Benutze NAME zur Authentifizierung"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "Benutze Passwort PASS zur Authentifizierung"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "Nimm das Passwort von $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|Frage den DN STRING ab"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|Benutze STRING als Filterausdruck"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|Gib das Attribut STRING zurück"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Gebrauch: dirmngr_ldap [Optionen] [URL] (-h für Hilfe)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Gebrauch: dirmngr_ldap [Optionen] [URL] (-h für Hilfe)\n"
+"Internes LDAP-Hilfsprogramm für Dirmngr.\n"
+"Interface und Optionen können sich mit jedem Release ändern.\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "Ungültige Portnummer %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "Absuchen des Ergebnisses nach Attribut `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "Fehler beim Schreiben auf Standardausgabe: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "        verfügbare Attribute `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "Attribut `%s' nicht gefunden\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "Attribut `%s' gefunden\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "Verarbeiten der URL `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "           Benutzer `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "           Passwort `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "               Host `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "               Port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "                 DN `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "             Filter `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "           Attribut `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "Kein Hostname in `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "Kein Attribut für Abfrage `%s' angegeben\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "WARNUNG: Es wird nur das erste Attribut benutzt\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP Initialisierung von `%s:%d' fehlgeschlagen: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP Initialisierung nach `%s' fehlgeschlagen: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP Initialisierung nach `%s' durchgeführt\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "Anbindung an `%s:%d' fehlgeschlagen: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "Suche mit `%s' fehlgeschlagen: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "`%s' ist kein LDAP URL\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "`%s' ist ein ungültiger LDAP URL\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "Fehler beim Zugreifen auf `%s': HTTP Status %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "zu viele verschachtelte Umleitungen\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "\"Redirection\" geändert auf '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "Fehler beim Schreiben einer Logzeile: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "Fehler beim Lesen des Logs vom LDAP Wrapper %d: %s\n"
@@ -10637,51 +10886,31 @@ msgstr "Warten auf den LDAP Wrapper %d fehlgeschlagen: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "LDAP Wrapper %d versackt - abgeschossen\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "Ungültiges Zeichen 0x%02X im Hostnamen - nicht hinzugefügt\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "`%s:%d' wird der LDAP Serverliste hinzugefügt\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc() fehlgeschlagen: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "`%s' ist kein LDAP URL\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "`%s' ist ein ungültiger LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: Ungültiges Muster `%s'\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search erreichte die Größengrenze des Servers\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: Passwort ohne Benutzer\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u: Unbekanntes Flag '%s' wird ignoriert\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: Zeile wird übersprungen\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10767,92 +10996,92 @@ msgstr "Hashen der OCSP Antwort für `%s' fehlgeschlagen: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "Nicht durch voreingestelltes OCSP \"Signer-Zertifikat\" signiert"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "malloc() fehlgeschlagen: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "Fehler beim Holen der Responder-ID: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 "Kein benutzbares Zertifikat zur Überprüfung der OCSP Antwort gefunden\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "Herausgeberzertifikat nicht gefunden: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "Aufrufer gab das Ziel Zertifikat nicht zurück\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "Aufrufer gab das Issuer Zertifikat nicht zurück\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "Fehler beim Bereitstellen eines OCSP Kontext: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "Kein  voreingestellter OCSP Responder definiert\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "Kein voreingestellter OCSP \"Signer\" definiert\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "Der voreingestellte OCSP Responder `%s' wird benutzt\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "Der OCSP Responder `%s' wird benutzt\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "Fehler beim Holen des OCSP Status für das Zielzertifikat: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "Zertifikatstatus ist: %s  (this=%s  next=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "Gut"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "Zertifikat wurde widerrufen am: %s wegen: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP Responder gab einen Status in der Zukunft zurück\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP Responder gab einen nicht aktuellen Status zurück\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP Responder gab einen zu alten Status zurück\n"
@@ -10862,67 +11091,71 @@ msgstr "OCSP Responder gab einen zu alten Status zurück\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) fehlgeschlagen: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "LDAP Server fehlt"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "Seriennummer fehlt in der Cert-ID"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire fehlgeschlagen: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url() fehlgeschlagen: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "Fehler beim Senden der Daten: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch fehlgeschlagen: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert fehlgeschlagen: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d überschritten\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "Fehler beim Erzeugen der Kontrollstruktur: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "Fehler beim Bereitstellen eines Assuan Kontext: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "Fehler beim Initialisieren des Servers: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "Fehler beim Registrieren der Kommandos gegen Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan accept Problem: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan Verarbeitung fehlgeschlagen: %s\n"
@@ -10968,51 +11201,55 @@ msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 "Das Zertifikat hätte nicht zum Signieren einer CRL benutzt werden sollen\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "Reduzierte Informationen"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "Druckdaten hexkodiert ausgeben"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "Dekodiere empfangene Datenzeilen"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "Mit dem Dirmngr verbinden"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr "Mit dem Keyboxd verbinden"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|Verbinde mit dem Assuan-Server an Adresse ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "Starten des auf der Kommandozeile angegebenen Assuan-Server"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "Den \"extended connect\"-Modus nicht nutzen"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|DATEI|Beim Starten Kommandos aus DATEI lesen"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "Nach dem Starten \"/subst\" ausführen"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Aufruf: @GPG@-connect-agent [Optionen] (-h für Hilfe)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -11020,173 +11257,186 @@ msgstr ""
 "Syntax: @GPG@-connect-agent [Optionen]\n"
 "Mit einem laufenden Agenten verbinden und Befehle senden\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "Option \"%s\" erfordert ein Programm und evtl. Argumente\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "Option \"%s\" wird wegen \"%s\" nicht beachtet\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "Empfangen der Zeile schlug fehl: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "Zeile zu lang - übersprungen\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "Zeile wegen enthaltenem Nul-Zeichen gekürzt\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "unbekannter Befehl `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "Senden der Zeile schlug fehl: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "Der Keyboxd läuft nicht für diese Session\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "Fehler beim Senden der Standardoptionen: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr "Öffentliche Schlüssel"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Geheime Schlüssel"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartcard"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Netz"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
-msgstr "Passwort Eingabe"
+msgstr "Passphrase Eingabe"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Komponente unterstützt kein direktes starten"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Die Konfigurationsdatei der Komponente %s ist defekt\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Hinweis: Für Details bitte das Kommando \"%s%s\" verwenden.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Die externe Überprüfung der Komponente %s war nicht erfolgreich"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Beachten Sie, daß Gruppenspezifiaktionen ignoriert werden\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "Fehler beim Schließen von '%s'\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "Fehler beim Hashen von '%s'\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "Liste aller Komponenten"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "Prüfe alle Programme"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|KOMPONENTE|Zeige die Optionen an"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|KOMPONENTE|Ändere die Optionen"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|KOMPONENTE|Prüfe die Optionen"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "Wende die gobalen Voreinstellungen an"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|DATEI|Konfigurationsdateien mittels DATEI ändern"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "Hole die Einstellungsverzeichnisse von @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "Zeige die globale Konfigurationsdatei an"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "Prüfe die globale Konfigurationsdatei"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "Abfrage der Datenbank mit Softwareversionen"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "\"reload\" an alle oder eine Komponente senden"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "Die angegebene Komponente starten"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "\"kill\" an eine Komponente senden"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "Als Ausgabedatei benutzen"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "Aktiviere Änderungen zur Laufzeit; falls möglich"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Gebrauch: @GPGCONF@ [Optionen] (-h für Hilfe)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11194,15 +11444,15 @@ msgstr ""
 "Syntax: @GPGCONF@ {Optionen]\n"
 "Verwalte Konfigurationsoptionen für Programme des @GNUPG@ Systems\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Benötige ein Komponentenargument"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Komponente nicht gefunden"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Argumente sind nicht erlaubt"
 
@@ -11216,153 +11466,233 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 "Syntax: gpg-check-pattern [optionen] Musterdatei\n"
-"Das von stdin gelesene Passwort gegen die Musterdatei prüfen\n"
+"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) "
-#~ "verletzt die Empfängervoreinstellungen\n"
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Hinweis: Schlüssel %s ist bereits auf der Karte gespeichert!\n"
+
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Hinweis: Auf der Karte sind bereits Schlüssel gespeichert!\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Vorhandenen Schlüssel %s ersetzen? (j/N) "
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr "%s Karte Nr. %s erkannt\n"
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+"User Interaction Flag ist auf \"%s\" gesetzt - Änderung nicht möglich\n"
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+"WARNUNG: Das Setzen des User Interaction Flags auf \"%s\" kann\n"
+"         nur durch ein \"factory-reset\" rückgängig gemacht werden!\n"
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr "Bitte \"uif --yes %d %s\" benutzen\n"
+
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr "Gegen die Karte authentifizieren"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr "Ein Reset an den SCdaemon senden"
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "Einrichten der KDF zur Authentifizierung"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr "Ein privates Datenobjekt ändern"
+
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr "Ein Zertifikat aus einem Datenobjekt lesen"
+
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr "Ein Zertifikat in einem Datenobjekt speichern"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr "Privaten Schlüssel in einem Datenobjekt speichern"
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr "Verwaltungskommandos für Yubikeys"
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr "Verwaltung der Kommandohistorie"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "Fehler beim Schreiben auf eine temporäre Datei: %s\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "Die Passphrase ändern"
+
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "Erkannte Karte hat die Seriennummer: %s\n"
+
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "Auf der Karte ist kein Authentisierungsschlüssel für SSH: %s\n"
+
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr ""
+#~ "Bitte entfernen Sie die vorhanden Karte und legen Sie die mit der "
+#~ "folgenden Seriennummer ein:"
 
 #~ msgid "use a log file for the server"
 #~ msgstr "Logausgaben in eine Datei umlenken"
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
-
-#~ msgid "run without asking a user"
-#~ msgstr "Ausführung ohne Benutzernachfrage"
+#~ msgid "connection to %s established\n"
+#~ msgstr "Verbindung zum %s aufgebaut\n"
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "Erlaube PKA Zugriffe (DNS Anfragen)"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "Kein aktiver gpg-agent - `%s' wird gestartet\n"
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Optionen zum Einstellen der Ausgabeformate"
+#~ msgid "argument not expected"
+#~ msgstr "Argument nicht erwartet"
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Optionen zur Benutzung von Tor"
+#~ msgid "read error"
+#~ msgstr "Lesefehler"
 
-#~ msgid "LDAP server list"
-#~ msgstr "Liste der LDAP Server"
+#~ msgid "keyword too long"
+#~ msgstr "Schlüsselwort ist zu lang"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "fordere Schlüssel %s von %s-Server %s an\n"
+#~ msgid "missing argument"
+#~ msgstr "Fehlendes Argument"
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: Kein Server-Name angegeben\n"
+#~ msgid "invalid argument"
+#~ msgstr "Ungültiges Argument"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
+#~ msgid "invalid command"
+#~ msgstr "Ungültiger Befehl"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "Alle Werte in einem Record Format zurückgeben"
+#~ msgid "invalid alias definition"
+#~ msgstr "Ungültige Alias-Definition"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAME|Host Teil ignorieren und über NAME verbinden"
+#~ msgid "permission error"
+#~ msgstr "Zugriffsrechte nicht ausreichend"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|Verbinde mit dem Host NAME"
+#~ msgid "out of core"
+#~ msgstr "Nicht genügend Speicher"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|Verbinde mit dem Port N"
+#~ msgid "invalid meta command"
+#~ msgstr "Ungültige Meta-Anweisung"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|Benutze NAME zur Authentifizierung"
+#~ msgid "unknown meta command"
+#~ msgstr "Unbekannte Meta-Anweisung"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "Benutze Passwort PASS zur Authentifizierung"
+#~ msgid "unexpected meta command"
+#~ msgstr "Unerwartete Meta-Anweisung"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "Nimm das Passwort von $DIRMNGR_LDAP_PASS"
+#~ msgid "invalid option"
+#~ msgstr "Ungültige Option"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|Frage den DN STRING ab"
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "Fehlendes Argument für Option \"%.50s\"\n"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|Benutze STRING als Filterausdruck"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "Option \"%.50s\" erwartet kein Argument\n"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|Gib das Attribut STRING zurück"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Ungültiger Befehl \"%.50s\"\n"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Gebrauch: dirmngr_ldap [Optionen] [URL] (-h für Hilfe)\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "Option \"%.50s\" ist mehrdeutig\n"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Gebrauch: dirmngr_ldap [Optionen] [URL] (-h für Hilfe)\n"
-#~ "Internes LDAP-Hilfsprogramm für Dirmngr.\n"
-#~ "Interface und Optionen können sich mit jedem Release ändern.\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "Befehl \"%.50s\" ist mehrdeutig\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "Ungültige Portnummer %d\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "Ungültige Option \"%.50s\"\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "Absuchen des Ergebnisses nach Attribut `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Hinweis: Keine voreingestellte Optionendatei '%s' vorhanden\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "Fehler beim Schreiben auf Standardausgabe: %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "Optionendatei '%s': %s\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "        verfügbare Attribute `%s'\n"
+#~ msgid "Note: ignoring option \"--%s\" due to global config\n"
+#~ msgstr ""
+#~ "Hinweis: Option \\\"--%s\\\" aufgrund der globalen Konfiguration "
+#~ "ignoriert\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "Attribut `%s' nicht gefunden\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "Die Schlüsselserveroption \"%s\" ist im %s-Modus nicht erlaubt.\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "Attribut `%s' gefunden\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "Ausführen des Programms `%s' nicht möglich: %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "Verarbeiten der URL `%s'\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "Externes Programm konnte nicht aufgerufen werden\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "           Benutzer `%s'\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr ""
+#~ "Die Ausgabe des externen Programms konnte nicht gelesen werden: %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "           Passwort `%s'\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "Prüfe Signaturgültigkeit mittels PKA-Daten"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "               Host `%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "Werte das Vertrauen zu Signaturen durch gültige PKA-Daten auf"
 
-#~ msgid "          port %d\n"
-#~ msgstr "               Port %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "  (%d) ECC und ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                 DN `%s'\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "Die im Schlüssel enthaltenen PKA-Daten beim Schlüsselholen beachten"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "             Filter `%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Hinweis: Überprüfte Adresse des Unterzeichners ist `%s'\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "           Attribut `%s'\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Hinweis: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "Kein Hostname in `%s'\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "\"Trust\"-Ebene auf VOLLSTÄNDIG geändert (wg. gültiger PKA-Info)\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "Kein Attribut für Abfrage `%s' angegeben\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "\"Trust\"-Ebene auf NIEMALS geändert (wg. falscher PKA-Info)\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "WARNUNG: Es wird nur das erste Attribut benutzt\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "LDAP Initialisierung von `%s:%d' fehlgeschlagen: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Ausführung ohne Benutzernachfrage"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "Anbindung an `%s:%d' fehlgeschlagen: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "Erlaube PKA Zugriffe (DNS Anfragen)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "Suche mit `%s' fehlgeschlagen: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Optionen zum Einstellen der Ausgabeformate"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: Ungültiges Muster `%s'\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Optionen zur Benutzung von Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "LDAP Server fehlt"
+#~ msgid "LDAP server list"
+#~ msgstr "Liste der LDAP Server"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "Hinweis: Alte voreingestellte Optionendatei '%s' wurde ignoriert\n"
@@ -11418,8 +11748,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "%s kann nicht zum Schreiben geöffnet werden: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "Fehler beim Lesen von %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "Fehler beim Schreiben von %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "Fehler beim Schließen von %s: %s\n"
@@ -11481,11 +11811,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " mittels Zertifikat ID 0x%08lX\n"
 
-#, fuzzy
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "Die Schlüsselserveroption \"%s\" ist im %s-Modus nicht erlaubt.\n"
-
 #~ msgid "male"
 #~ msgstr "männlich"
 
@@ -11498,6 +11823,11 @@ msgstr ""
 #~ msgid "Sex ((M)ale, (F)emale or space): "
 #~ msgstr "Geschlecht: (Männlich (M), Weiblich (F) oder Leerzeichen): "
 
+#, fuzzy
+#~| msgid "error writing public keyring '%s': %s\n"
+#~ msgid "error setting policy for key %s, user id \"%s\": %s"
+#~ msgstr "Fehler beim Schreiben des öff. Schlüsselbundes `%s': %s\n"
+
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "Lediglich SHA-1 wird bei OCSP Antworten unterstützt\n"
 
@@ -11517,6 +11847,11 @@ msgstr ""
 #~ msgstr "Fehler beim Schreiben des Schlüssels: %s\n"
 
 #, fuzzy
+#~| msgid "error setting TOFU binding's trust level to %s\n"
+#~ msgid "error setting TOFU binding's policy to %s\n"
+#~ msgstr "Fehler beim Setzen der TOFU Binding Vertrauensstufe auf %s\n"
+
+#, fuzzy
 #~| msgid ""
 #~| "Verified %ld message signed by \"%s\"\n"
 #~| "in the past %s."
@@ -11526,10 +11861,10 @@ msgstr ""
 #~ msgid "%s: Verified %ld~signature in the past %s."
 #~ msgid_plural "%s: Verified %ld~signatures in the past %s."
 #~ msgstr[0] ""
-#~ "%ld überprüfte Nachricht von \"%s\"\n"
+#~ "%ld überprüfte Botschaft von \"%s\"\n"
 #~ "in den letzten %s."
 #~ msgstr[1] ""
-#~ "%ld überprüfte Nachrichten von \"%s\"\n"
+#~ "%ld überprüfte Botschaften von \"%s\"\n"
 #~ "in den letzten %s."
 
 #, fuzzy
@@ -11542,21 +11877,15 @@ msgstr ""
 #~ msgid "Encrypted %ld~message in the past %s."
 #~ msgid_plural "Encrypted %ld~messages in the past %s."
 #~ msgstr[0] ""
-#~ "%ld überprüfte Nachricht von \"%s\"\n"
+#~ "%ld überprüfte Botschaft von \"%s\"\n"
 #~ "in den letzten %s."
 #~ msgstr[1] ""
-#~ "%ld überprüfte Nachrichten von \"%s\"\n"
+#~ "%ld überprüfte Botschaften von \"%s\"\n"
 #~ "in den letzten %s."
 
 #~ msgid "no keyserver known (use option --keyserver)\n"
 #~ msgstr "Kein Schlüsselserver bekannt (Option --keyserver verwenden)\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "Warte bis der Dirmngr bereit ist ... (%ds)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "Verbindung zum Dirmngr aufgebaut\n"
-
 #~ msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 #~ msgstr ""
 #~ "WARNUNG: '%s' sollte eine lange Schlüssel-ID oder ein Fingerabdruck sein\n"
@@ -11730,8 +12059,8 @@ msgstr ""
 
 #~ msgid "%ld message signed"
 #~ msgid_plural "%ld messages signed"
-#~ msgstr[0] "%ld Nachricht signiert"
-#~ msgstr[1] "%ld Nachrichten signiert"
+#~ msgstr[0] "%ld Botschaft signiert"
+#~ msgstr[1] "%ld Botschaften signiert"
 
 #~ msgid " over the past %ld week."
 #~ msgid_plural " over the past %ld weeks."
@@ -11739,7 +12068,7 @@ msgstr ""
 #~ msgstr[1] " innerhalb der letzten %ld Wochen."
 
 #~ msgid "Have never verified a message signed by key %s!\n"
-#~ msgstr "Es wurde noch keine Nachricht mit dem Schlüssel %s überprüft!\n"
+#~ msgstr "Es wurde noch keine Botschaft mit dem Schlüssel %s überprüft!\n"
 
 #~ msgid ""
 #~ "Failed to collect signature statistics for \"%s\"\n"
@@ -11749,7 +12078,7 @@ msgstr ""
 #~ "werden\n"
 
 #~ msgid "The most recent message was verified %s ago."
-#~ msgstr "Die neueste Nachricht wurde vor %s überprüft."
+#~ msgstr "Die neueste Botschaft wurde vor %s überprüft."
 
 #~ msgid "GPG Agent"
 #~ msgstr "GPG Agent"
@@ -11784,7 +12113,7 @@ msgstr ""
 #~ "%u-bit %s key, ID %s,\n"
 #~ "created %s%s.\n"
 #~ msgstr ""
-#~ "Sie benötigen ein Passwort, um den geheimen OpenPGP Schlüssel zu "
+#~ "Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu "
 #~ "entsperren.\n"
 #~ "Benutzer: \"%.*s\"\n"
 #~ "%u-bit %s Schlüssel, ID %s, erzeugt %s%s\n"
@@ -12240,9 +12569,6 @@ msgstr ""
 #~ msgid "keyserver communications error: %s\n"
 #~ msgstr "Schlüsselserver-Datenübertragunsfehler: %s\n"
 
-#~ msgid "connection to agent established (%ds)\n"
-#~ msgstr "Verbindung zum gpg-agent aufgebaut (%ds)\n"
-
 #~ msgid "connection to the dirmngr established (%ds)\n"
 #~ msgstr "Verbindung zum Dirmngr aufgebaut (%ds)\n"
 
diff --git a/po/el.gmo b/po/el.gmo
index 3b0f85519a855b56ea65100fac64b5dd19a197ec..8ebf6ffa29ab89659987a8fb1a53c7f8020170df 100644
GIT binary patch
delta 9207
zcmYk=2Yk-g9>?*M#EjU9*q%g$5L<-Ah+Q#bw`z-3kqEVUY}#t6tybz5U9_ZDl^8`S
ziE)iqua=e$qi$=oZpZz6pL5ce^SVFp^E>}_*8iX9_P-|semD}~y;dU63PaiGXH0nv
zE^JIqe`A8ms@0f7;pBK23vkZQ7)t(IWn;==u?Txzw6nc)m~)OZ16y<c0j!1oRg7tG
zjMvnqq6bgKGPv61JDoXLn)W*`&l_nB_b}ne|4cjniN-Og`>e$hxYy;MV{!5yQ1^f0
z+Jmba(~swyx>PD~U@>Y$+fWZYi52k%GHByh%^3P%B9MESL=3~Ru6-HmynV>zn6Hpa
zjfpbG1JzI+Y>&Y>OgYatQ(ePq)YNXnVt5R>hq;6r@!zNmBdQxy5*wo))CtwmvCbvV
z4^a2ZMs@fWY5;|6*cq#jUiEMwm1l4v2H`p9HPp=9M(u%u%yS)#MXlio)HYd#`EV!J
z$9>oU@1m{?=O3Nl6$_vj3*y3>%zt4jOKFJ14AcX!qL$)!)CfbkS|e!e9Eh5U1*jXY
z!*;kC6YwrJ!&<eCq3<RIo8lTQikDGK^?hyTUk?ssSlTpgP@AQX%SR!7Fw-#*-$Qk1
zH)_ORqHc5@S7V;K+ymF62J$UxhWzT;B`S|vx_GRFUA$CEP)SAY&e^C7)}c1x9t^>=
zsGi?Kb?_0E!UD{<*0d7l$2RD}PN=;z#^tL}1K5kY{wS72??u<}BdP=cLv<j81=Psu
zpmuF{)P-rNp3g>&bQ5~;2ONS0W9$s2pl0rMWZ#-Byn#PrK0jklH}nnAYc9mvHN1lw
z@k1<xMH=yHVp-HkI-)xEB5G=vpa-|(bZ(e~8bGHwV_04@97AxGa~lSeAH@=Q1sm)A
zzfFZsnJV#im-a=yHZNmY+=RN(0Sv<nsMqZw>PEp$><m@KAoA9zO_zkFaXNZ%rOWrA
z?t2!i@O*Qdih5q0Evmc*rsI34U0jiWG!y-hCbJmZ;~8YuO=xr5p^m7{`2zAkvzUMM
z$<0AsADm$KN?Uw}d^GA+G`n2GxA+oybPL<V-Pn@+9BK`NNm^ku<P9^kF#&gATl@u$
zAJfW7d}~Y`PuGK!Q5{=_>|3)RHIRF)882^+iDoB-V?We;J`=0pR^%IE&Y+g)3F<AV
z!_$gk0uI0=)YR{A?FUhNC<nXaRn+yh`ABHSlCcQB(avi(#XB?<rs1GFa2oZxT*Y#D
z3(KQF^QOEKYEQ(YUc)5Jha*sHo{AN4A!;C7P$NH$>d4=yy%XbQA=yXf8Dtxnxu_c-
zc3#Fv^1Ch%PPDI8b*x5vAJqA?P#s%^n(|Ck$8I|RaF*;~XRbP`gWh;5+U?J}hOwv%
z7o(<h3s%BR)C^p}2)vIPSx85_`QlO6J%{SZSS*CEqIUZl<P!4{>N?ZOcOS2bq>@11
z0o9R37=~|Q0X&X+a1Iv7JE$A{<&5ZTJCum(Kq}V4`KYDXh3Zf?>OMcAmLh)_J&*N|
z^Hq%LhBY`a3N^x&sHxxY@*7x07j`u!0861BSQgnHrY^FqW-{tUID(quyh+x|s1CG1
z%}9T&#PiK$Div`JYAyF-LCi*-cm*|*Us2zQpl-H35{r?yK(%+nsyG^TzvZY7XQKAX
z5%kB~sE*x3Zy=Q*-Vrr~qE3iG^|TRc2701yG!2X5E2t$}i@NRr>eG4^_2B!cB`Vs(
zb}R;UpDq}M6Hw=6^kDuq!YmrJ$-YEA_z9{#w5Qz@^_+<qPWxcgi05H-+=%MXDb&*4
zK@FsMFa9KBFlqp0kQd2R!xEU@i}}~4n@5AbQ0twCF_`=&mcl1k7>oC|J+Fj1zZq%?
z24j63hZ^}-=NZ(4e?`r-e;@nc!cLEuibhl)OJXn7t{;US9EUNu95u32sG0d08(`qG
z_JPe&Gm(sSa0%)@hp`r(a>swiCFBv$+0E|VMWr?k*HJw$-q(I$Vo~kM7>z4X9X*0t
z!<(ozEc(3dP%ZS3x5qL#3d`eM)Ol}WemsPlxzEs}zjt@2Xe|o&vln_$c^rmfCv1qx
z=)rZU8y!HMcMQwp6|9L5Q5~q<-#)l0>ORk-&L5B38w)T%@BhnGVrh5{J$M{7)!(Bw
zWzYcoT18{3pD{g<KATSm8uOSuY>@3>nIZPPuFgrQnajY6cm}mZcTh7KI+P!#UMg`^
z__mn0aUA}Jn&Q#Pb}d(80{IDSg$0J$rRj*e@if#7t;MEz9-CpY;dWqMuqycijKdGG
zEdGREt#RHF`YFUl!=sprdQkn5_H~(v+H8kWQ~U_|`kIJQY*<W3_M<t8i5UI@vxF(A
z^Nye%Tx_&GuLEkpZ;fXDwYwkCppjHhu^nlTdf*(?CwVW1;djWJWb%#SPc8Px>UaVp
z@E5Fyp{e#hiKrQwi_P%}MxlS2?Pzow^WT+*i8Qcp%xBmhBggVf7t=5VucJ24W7P4$
zbUU&hsOvYm{8!Y}w_qKM;7oiG7bB}@@{YGZNM1ngp)4;I50&zqr3;#33G9f|Z~$s;
zzjBtGU^|eA-DqEqUGRI<8plqw*AKus<mt$&m`A7q4w}U09J5f@dqXDM%`gIc&@cyQ
z;uUO-&rY#xw*lkHzrg1(WUBo#rePBK0?eo5_zZr76?i+M7{y}pcGK-rT*i3vkQu%o
zJYJJTMX$qan1DO58vcS>vvMp^6YPsxyVaP0M^GaUm}%dJ8rYD$FY-p3r5KD4P*Y!U
z7K6c5?2RWeQ15@(Z2Ou-qaH96YvOBIA3s5D!u!|@%QLSnaUAOX-tF>lky$m7bM4G+
z#IxkzxqR0=JHt<K0PS7o^K;GX$NQ)Xwp(bY=IfX27pvUMc9+)2a$GP2wd>!&?ilcj
zoq^t{P3Xl$Jc}^_T(ii|R1)()lJ=#j0si5PT*5U~Xy{5sPQZb<4mCx8qIPM|*X`8q
zM2-AMtc}r2?Ph!)W5~B)IDUm4@Nd)-bXaEJmVp>az8$rPE-qvKwT5+;+XwW)f#i#^
z72d~+%uIt7{AwZZzLIwto3FBO$EQdiO^en1fx+|0Dw*+X*a!F+HGuAK*iHQ*W{}ri
zYu}3VYgzvxG&Ehu=NI3^G)!F24@lgP53uD1JGHSJ?Tu!mrZgaf<-inFUVvVxL+SVd
z25jPE<Ihhp)N8l<Eq)ne&}O@YGrX>H9`(S;EqwQJ8zy1dt#&F$V-51Xs2hEUx=|dx
zE{pFwPvCy?8(0E2ykqyy4lG7~26y8%)N{Nm-sP2`;{TpqyL4<yz5>JW0@lEX7=mH%
z^Krsh=Ui+{eh%AV>1}rN4n%#>CZPuxU>kfJlkpx-;rXV=c3;KhU^E93nK!->W+F0+
z<{>u6RUg{d@-hx0&%49^%@~f;$me564A^P^CUnIF@~Nl+e&X7rGwqkJH#X4w|1OmX
zPWT$*G0#W#CsP8dJ=M7!Ym)Cnjre<PhP8Itw;%-vknh3H7|J|H;V|rpORy5&!X(VM
zhu@n#-}Ir<93NpfY`B-v;!CIph3&Ji&j>6)z8iJJENqA&AKM3a#IEG;qaN@lYAL(0
zA%^3tSPvhf22$-4=3i^ui;5mR8+F5r*a(9T*pakBjchrNzz5EL2kquMjsdja!1{O#
z+32QhmNg4A$cG-X?|<IIc7~%5Gyios(APCALXCJoYJ~nr><6b0HYQ(->cB<pj?IqR
zzYR+<jywnT1q}Su&O}cfO}+&qvE(uPw#1?KO3!0n9ztak4Vt>mSQsB+2h4Na=3P-8
z>yPTdX4KjiIbpx`jj$8>bZm;Bqo%mvXLbOw*oAxwYGzMidkpZNv?J++b!m7LYvBd#
zgZ`)Nl=ek+Xff&rSFs5Oe{TP(C84f=4=3S&P!H^N+AiG|)Ijr{v46G;qL#|*p^`zR
z2ZrNAtc<0zZ3mh-SD=UXdl-vFbL^k#cBrLF!+v-iOJl@Y{-Xpo#T3lKAz1UAz5aEq
zuJ`|>Yj}XIIU)MIUF)$}mHa&{ju%i5x{32J{(}9XaTv8X0{_i_?Znooy^x98Blj>B
zTVAvS+lkr}mvFG&|5le+2R}9m4&=bQmsw{lbcG#@qp%O=U>mIVg<aDz7)`zdHI>(}
zE|&Px&SYz>Mm`+Fa0xcXoz6R0gy);ctM+}3!DR9U7=?GSGlqU;Kf%MW75P$}fR``^
zJN?Ig>*rt{@|CEmK7r%0#x?urIs-MsXR!u`e9in<qSAtjHpd_=j6?AiOvf(x7Y@hH
z-`FYLjs3_2ulxRUpXtWzwI^5EVKH@RW0U_=UZnN{Z7OdOb#2}2Ygoy@d5A^sgeuf$
z64l8o6CtjB0*2DA(w_RysHKTh!&8N~(|kf`y4w*mICmMYCsc-#e~)#w{<)<&mD)rM
z2j9n9_zU(Rf~l(v#-rHD<@#}=a-A6K>RYIPNX#MEbY~DMwJfHGJI|NqK7S}#DMCB5
zEGH}^wAqFckBMNSFHxGP<ZjTDy7tGEr*2q-`U+waF@R&E@og-H^N2U8=aza@e9xaq
zrIBl`%}Lq=`-rhbCJ{@hl;oH;j!FWNPF@_}As!O{A`TMI5)C-ElF)|UL=2;T1Cvli
zujW)gp1+66IpQbcTjC=k+?~X?$P9P&m$1027oc5bqs8~3Y0j}&BCl(^iM&9jF>Rsl
zx&=6hwvz6gaej<nAB~2tVK*kblhss)`fZ%1gfg4pL-tSU$?-~LyivX~k-Rg}i7bLx
zPQ5AmrWwl+M+lXv#IHK=Iw!qMsElzYI*ZWO+joSI6K%a*yPBpDt;v7GX81KW!AaPk
zc%9flz6<|Nj3UYrmx*ZFH=uVWm2fIqgh~|oNaB)Beeb`jDYQMp-(7oIEJ~ZoWa2en
zjelt4yJOnodcxneH>J+sEZ>jPzg^oEP0U`BE*yM@P-#YdLwrE2A_fxiL~ePPN)^t1
zgDB*#Nx)BO-{wxzXSY9XkuDd9i33DYC6w+Qe_rdKTl&#3pJX!fX*U0J2mHwYqCU^%
zB8Hew<l&gge~CC(&qsX;QIKdrJRnXJDvK>9jdRnf-_rB@lC;2M#9d+lx&D7)AL1hU
zNunR25=Pr7B7nMw*iN({&n-Vv(WhEPpYWO-oB!1DKWMA}RPHTC@-mHc@l|Yy`|(xm
zfGQEx3lp;lmFI{^>Pu1oMQpqpU1>w!gnBVzooic6TU%EzLH!=}^EUUIY$_FKtcdk+
zGX~)s_5|O*pYv~s%QtdN<$0nGk&k>eK8IbgojYEWdTwb+TNFtlVh+)Z81Fle`A;D^
zL<AC*iD%snMp9Rq?Q+$>AjYXeSwoa3y1L_~pE|E4?e~d-uB|*)Bm9Zww5x;>9ktFc
z`BHxAIE8+Yq+%<40X=v}2PhpazW>akY7#M*_?Wmrtm9mjg~V4xAbC|{DY1rFO{^tU
zyj%Ha2+0#%f-~?0p^`&<M+7NxrD|>k|9q;xmU@0-1yO;R#=WXzBOHu_upF_I`fIp~
z7@_z72O3nOi9})o(Td0|@j8)E>EP^*Y2^8Fk?)B8#iMFo+NQhn7LdQ<>Mvq_@&edR
zCsLOA<>5D&U*?R;9Re~#t8VpMmOrXNX0NE>RhkV;O&>CH%y7@R$tfwx<I_hD@eCQ6
zHX=FQQ)Qf|T9u(uo(UsUM-LjGJkFDz%#o4FW5#>Z(vycJrzejYlAQT*=kTJLwfdLv
z%S;+@v_R(e5s&?s^&34avv|tV&ZV+E*}Jk2X79*8KxAfroV_DwPWC6u0(X{Qw(C$x
z=iDdc%;dl<PT85gFZ=!M-CVTKlQTDaU(W2n>|Gq)m%TqbiyLgqnXUG$oOzyquGycx
aJ!dA3donZje;t;YbZwr0X3+JU0sjZh$q0Y|

delta 9733
zcmZ|U2V7QV|HttQuo4%9iUX8e6cusr4T9uW9Jm((Du$p8x80hGnwA#k$eHD1rdURV
z+tO@U-KbCI%*=MSG+SEv|9tQ3_~h&VfBxsykN5Sv&biOI=DESXKI(V<T|f8bpi)m8
zju(843B{4+jcMm=%!cZ!HD+FIV;bRnEX_49VHNVdb&LtYlc>*q=jb0{^SX|4j$^Sa
z*UiPococgW<2Kiw3p&&_rWz-PqHdVwxB{z^?{Ykjdhlf@zlFNKVm)JMgK3IXnM7=e
zb5Q4ZU=Y6L<md50o^O7opa++(Z!ZkTQRLBB12>{RcmQ>s2i1VD9ZN;p2D(s#)(&gp
zAPmQBq>pAbs$mDQ7JjCBo^S4JU@we9M%VO3+GMiOh0maRZ~!aeIVb<#$;(99DG9?s
z&bL9@X1b$BWGd=&tFa>PL_OySy4BLpC`ez%OV&coaSW=(Ls30&BmbFg{7?f=V|ToT
z<uHzgA`?&}Hwv|OX7i&d?m*4`1=L9SH)j0rr%;F578r#saSZB%tC0W9QGS%h>*$ZS
zusoJ(VoZAsLOrk#YHA)v^>8t&13Mj0qekKn)cq<nW&FEQs6z8%a13_FEy$plPp}h~
zZDvdW_CU?)Fw}$Rpw>n)K8Por{1U1IKVliI(cCtuKB~jLQTG|>rm&X6G>pdphCw|^
zL=90kYD%8KidcYQ_yz{yr>I4F6LozBhEKaC5-VdYs^LRX4V;L<I19Z~`Xq%1s3=Ak
z9ziXhD^Bj;%J!fE>ISW_B6f4~5vT@CMm1nDs%KkKi}pC`b5~IfzlrK-rPki(xy^72
z$yCfn&DkfYq4R4)FR&S2#SwTvFQCqCZ4cwy**P4I>hT0Di}R3CH_K5SIgD!9SE!No
zZErj3!nr=oe-{eXIB}$dF{}%79xJ1NM{5{XB5#En@}9`O%qXNYW({hQet_CFf1(~(
ziG`#4G(qk6c+^x*K;0(~LwUYgM?u@>HPoUzhU(Fe=)%&hNbj7YZXAo6yHTiyFF@UA
zBW7WZXuF74qDG<wxs~yW@xF3RG%~wpDSG$+VG0`hkCAJQPZ#^H?t;2O9_oR6u{&Ny
zO;NpAn<wH@@=d4)){mo+7>Am|Jmf#~GCwp@H!%ilcctAAQAp7@gAe-@d8wIQtPnl;
zEY?PUE^3aAP(2xo>`b!>!?6VG;tf<otFfnfCz)u}6s4nf!Bz~!S8xm->*lsYUz={}
zL{rov>VgBY59$WbqK51&R={#S?3xHcy@;Bk>N}(Mdmq$`Xefqaj*~x$S`!5rjK|y*
z?x%18HOHS~4ZMZwN!6aV=bcdvnTlFG+mUr@_9N@f{EE79i(b|qs1X_C<awwm+ko})
zgj4VSnSxsC-`fs(1gd3295Wmjp+;x}s(}Tl)&8E7e}?*;Paiv?RWXb_0yP5hs4t^&
zsE#ehnp(F76!gLOQ4RSF%i<l>Vk+C$7}{v+qCS{~y3txx0}f#=JcFh2H`D`7Kl|dT
zf%;q%$3)cUXJfGT%@zucsVGKG!I!9p+(F$aB*9KWThs#|c3gl_<m*v4d>b|7-#K~3
z{&r2YML+7hp*q?NS$}36cIWx#MGD$3Kcj}W^#JQ2R0Fb5Be4QCq%R^vXHKBz{2TPg
zJE-gYS-I*+9n|}w6RLg)24a>|zX09!sMttBH$09N@N?86`5ApNbdYUO7?vUL<mBB^
z=f|TOnuZ#IJk)&(FaQstrs#cC2Y<jyST2$A*Mn;%+Bu3rwRk-0M)NQdx1+8*h3d&q
zsF5f;*giN4Ro@*oMahn{QSXO*)O}yW26z(Hpxc8Pf6ZNuA+{&6Sc*Iz)q|eMPBg<X
z2%p0$_!{cP<Z--#>QV4eJI7I2o;()S@C4NLnW!nq#}@d!n}Sy7Imf?I53V!J4s{FE
zgF8F+NA)NLE8=3*s$Y*Td>&ijaa6}{qejLx+`hm%pq@7cH4^UC6q-_a19hVt*cfj+
z7c>}Q%u4b^)N20{n_$pLd!txvL_QH!zZx6jTd0QqjGDsWQFbI^usZn|bZP(3qEL;B
z^%#mpsG&NIy78~5A*?gn{-P3xI^PRjn28#pm8knX=j4Y_Q*{zs<JaiIurYQDV(<a&
z|NazogJGx!q@y0Z6m`R5tcj;kH~a~8ed)1w&4i#Ic};AC;poEQs419@VYmgg+g`^^
z9~y)s-Bb)6$6JevB2-HYQtXAFJC;keL)sG6kR;UH%|i|GPMnM$<eg<Yj_3DAT#g!g
zGr>-A1B@XZfpNG2-I}v26lCB;`<qP+DxZaV;ESk+y^EdDq}g9EI-`0#7wcgWw#ScA
zb6j<jy-y2lN1lwwa3iV#Ne?sr+6LPmwr{}m7(*VKZnxbiY)QTyo8u+a)CADoKG+G_
z%4Qj|am-chi5)Wd^9%D(*Ih(4EHcwxmxBGs4`nj`+Aig%*q+9rS~?E(;0+jsr?3|O
zg+nlGDk~nRV*|W`n(MMzwxLbY+hf#-ZNzB2h>;k={HUSvZVCw$Rw4`Ce2P6VI)^=q
zOR+NE!XOOHwdZT2dNvvL`2$W~ZknB%;aGwCb;v360<t_z&FS_Rn}x{EH12a0TohW(
zupbzVdQd9P!5P>Ze{pO$(>5R(2T)&t8cH+Eu7L#9=V#yoT!u`y37Bm=I13ZW&mo_8
zo5nn)Iu-MA5N^PEcpbZ9)?7Px#n^%T1`fx@kJwl3Qsj%%Y{C0=9=qcoSc6>^%M`C5
zA3M)Z#ZRdFG@h^DoH#j&g0|6ijKLFFAIm;!=d2}mB+o(3-5!j=i>Or}N;jKeSJX)5
zU=r@cN?3lO9r|z_M!p2KhOS~6o^RSOvfC&g^?<q92)APkJcC+<{&{w_x58NR<=7BQ
zocvE@mQ3_wJ92yRB>7)X?pb0-xZ+a#+wVklukkVF9SU;nGCMTCFSl>HmXF(2+8aZ-
z(HhjMFT{Zu`h*>UDX2xb7PYFs!B&3kAjUn0e9}|iSBBY%>R{!3Yji&2A3;SL6><fR
z#Uj)Y1+TKJGy^rX@1c6``?MYMc<e!*i>>eohT|{T3#+cSQ;>pv$Y)|*d>gffept=;
zYYuy?u@9JvW658@IP_o3mSJT2;5G8}b;dAlX6Q3^cYKU1$%n7!Zv?!CkK*GSc+Fzq
zM%#gOoJamHZo!_L?5?=xrjSg<;LSV~_u~{y-oo1pKg63jg1c*I6SmqLt;aO-(C7H~
zA<RSNwVt;PT81y_{5D3*mtVawk-TI(e?wpd4;zT?HBR9g>VeTa=q0{|+Ey)Iv_rWF
zwFpn4ZuA%GMgw=+?R(tu3Lc>THtIc4yvweg6BtPTCBBBgVY>GJ?gG9JsR-F^=WZEx
zBHxX*@H>pc3UsG3w#VL>;J6VVBL5b<VY8R*;+=^V$e%<PZoznb15@#VJ$h#`|C7B1
zzK^jXCz4-b3*t)DoK`5b?}3-G5&2J;gf(Ba-x>3eca_<UYFKEI{Z2^381hw^iD#Vp
zc)CA;d<wSY`Q{jfI`}(wz#7H&SFmBI`X!D9s0N%y_1NsS@A_`ogESAv;7RO@P50St
z=Eg+w9T<jpus??FXZ%@^W-5hf3}E8avVN!sY(;IGZ?H7BIcRSbgRRL|qaOGHCSapO
z_QsE3C-Rdx0V^D~--^>v9oT`I(zAyde?8Feh`r%pY)k$)st0f37_9udeevWvUd9mW
zyS-t5^-9JT<P(sEZ`M1;9JSl+3#?0h-Z49}1=y7Q(lNKKDF3GIaYxipEx=ejkL@t@
zxNX2-97uiyJ7UGR?3Ysl_9S118i|jP)otp%Z6CY}tCJr<t&xw=7i+uUu^*_5<*AsC
zy>O9}pTdX8Kf#Gu_gy=uE3hm1KGYQbjT-XaC+rYEhU&mx?1#5eBirjeyH*yWI^y<F
zXhtFYeLE6^a47i#)R106H7M`{dxMdvo<EJl@HFc44L$bDXEf@8XHipEuf+CrF$R-A
zhPv;wxJCQ_425tirk%9E*RMl0;E-eRDZ76&u?_Vru|B?onyTwK3cH=QfAwy|`Q(Rj
zGRFMdzF~KxJ|Fa<-JU(MjrM;o1r22ZYOZf!J#2W!{sY1w)Pu(3B0PxQG4>;S{W8oT
zKaTCO<ykwlnV3m_3~OVHb9PM(!ExkoqMzG`hn=@yI#Cyl8O@31n1a_(Bav{?zPWaw
z=JZEwh|MqAp&WzF$n#Mnc^oxDUt=wN@MGK17N{wkjMMRLbgReFm+h-^CiW*^f~j}`
zBQfR^yB#NC6!|`k!!K|eMqaUBzgrwX!XWC)eQLK^7$%b^U=F^DO)&B*<FBC~cGcc^
z6NZtWKwtb8%j5UB3~ysUT>P1Rv7E($<k6qoHIR=!<PY$JXZ+__sY;Ge;ty}h{?Oka
zhEXtEi8Nve!G`emay}o@cmHDY2Qdk?a<w)#5mgBt3oPEBmAS61lQ*F}gYp4FqgaE8
zp{_l_z<H0OJl~9<VyRQ{7-b!mi5^5t^6#-PPQq%$Uxbb|gtq25&W*!PgpO9^`d@Y1
zZECtu){#xjpse=^OUrDf>^@9k1fgNyL`8q%2|~wIe4Hrd<m<3J;mbL#?7PQm3NI5=
zoa@TsyW}H@?vyv;LP7_d#PD+T9#wo8|4v*mm$VnYiI1Qr@eL@0ykES>Y|5>jvgk^_
zA9+o9k3jMb#1mw}PMwIRPRDv;7SWTKLmiuggYnmjpGhpEav%{+d4ltySVyY7dtV+S
zN)dxN7eWjn+7NYglH+SayGmPkI`vJ7IAV(GusRV-S;wQAe;wxut#BQch_8rbqKNS2
z19uNz<Nx)zL+vW!CQ(eVF-$O@n}AF2`8+BA>S2!pxchvk%K1x%>{+5JAH2^wQ;+gh
z%8}Td(Eo~APUvWWV{kIjjIv%X_a5t<WSDdP7vyi-I=9*8oP5?f`6_u|BAxtS_#H8c
za(TS>2q(GQ`q7-9=$ssceaIigQBIx6qE5#m9B+&Kt0{MgAaN0EIWY%$>6v-NLE<T*
z5%uwS_ozkTB`1mJTsg`Ea3Qgg(D5OWNcm}R#@Dt}uXKe|mygfu{jcK%Vt}{w&yP0$
z6uqTUTpL2E2hJn@MGPkHr|ui#n)fPpkYh*A&3DT6DeGuOJn58cQudBuf>W^?Z|f?K
zKZ#`WU08-_K{*|3U=lHga1qZ_H<qYCc_r#tYw`YJqGCVJ=@@45ez~2aTuJ-Cw{tSW
zu_3<hT=+9ibn1sw&Tz^)-H|9Hx)GfTeJ|V~ZV~SgwYWAA+Y@ss*C94jeg+p1J19?8
z|5HeGw6vJN@dfH0C0?Ptg&0n`DgHv_5;`6yvZ)Usf+(LQHW0rOeuNH>#ryAl%_yHH
zN)tK6K*BrzLEPXq%1elb#1*1Dq2qI6Jm(WI9K(pclw$}TIpjMrfJmj>0jCjliT8;g
zi74uuV_Vd5++wbyyBn2R6k0ncpLRS#-IK%$@_*xQLdP2N+E@+85^>&I{;vq-ii8$)
z26d^#Z^T7nHqnmy=ZIWl7NMh@=KtO!kK{$7qEmV3o|B=@hy1WC^~;GRlp8tMoWa`U
z_YwX?9?^xmABcTK142iA;*__fA3T3D7p^CC^dUwQ-zwqQM*WwzXwoQGq1+fdJJ&x)
z-hpyHF_Z8i20Pbpru-A-5`D(0dx|<8J+T5lrWeb0l0CQ>f5*GWL*!eCk;E!OM{i;p
z<wUHm3hz;PIJ}o%kBF2=SJ#1ET=lclCS<rWGty^9mN71utG-SQ(23NH<gA%fa{lYN
zdp=ZHs_rhIAm`%L6jw@8PEr{Yk)8i%m#WnxvR%%Zw9E|G^tAMJ*SJ(yZgy%){?2;s
zsx<lMJf9q&nbqDE9+4ehc%|OM5rxb9gatg5IwLhXHz(DVIwL1FD<di0H6<%^LRQk`
zGA1`8X<T}$D<{*Hm70|De=eXldrD?Tc4~W9M0Vlkku`k+a<kJiCb*K*rc6xDQsseB
z$4mSFXB_ea=Tr%Ec@CB=_Z;#Z`QL-#DfH~~?8*Q1N=UW;_Zr=y>^)}-XOI8WH~-46
zu>7O%S1jcnlcATReajf?D&@bl$NxT;XD>J1d?NUPVoF7xm-2Jd7Wg#beAVFH)D(O6
zdx~84+0M}1Ok3TzFnr&oS^-6#{Ur-M1)c+*qLKxk;{3iBJLVT%2&_-@ckz)!B}-LZ
z@~DfeglA95JkA{QruGAE@^@XRTKM;cMZT3v7MINT?A9lA{gIMIF3<k_nz<qOE%FZF
J{Exr#`yb`?p|b!0

diff --git a/po/el.po b/po/el.po
index e004a43..eb46ea9 100644
--- a/po/el.po
+++ b/po/el.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-1.1.92\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2017-09-14 21:14+0300\n"
 "Last-Translator: Dimitris Maroulidis <dmaroulidis@dimitrismaroulidis.com>\n"
 "Language-Team: team@gnome.gr\n"
@@ -18,51 +18,51 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Σίγουρα θέλετε να διαγραφούν τα επιλεγμένα κλειδιά; "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -70,7 +70,7 @@ msgstr "μη έγκυρη φράση κλειδί"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -81,25 +81,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "η φράση κλειδί είναι πολύ μεγάλη\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -109,298 +97,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "κακή φράση κλειδί"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "η γραμμή είναι πολύ μεγάλη\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "η φράση κλειδί είναι πολύ μεγάλη\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Μη έγκυρος χαρακτήρας στο όνομα\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "κακό MPI"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "κακή φράση κλειδί"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "δεν υποστηρίζεται ο αλγόριθμος προστασίας %d%s\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "αδυναμία δημιουργίας του `%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "αδυναμία πρόσβασης στο `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "δε βρέθηκε εγγράψιμη μυστική κλειδοθήκη: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: αδυναμία δημιουργίας hashtable: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Επαναλάβετε τη φράση κλειδί: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Επαναλάβετε τη φράση κλειδί: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Επαναλάβετε τη φράση κλειδί: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "η φράση κλειδί δεν επαναλήφθηκε σωστά. Δοκιμάστε ξανά"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "η φράση κλειδί δεν επαναλήφθηκε σωστά. Δοκιμάστε ξανά"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "η φράση κλειδί δεν επαναλήφθηκε σωστά. Δοκιμάστε ξανά"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "εγγραφή στο  `%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Πληκτρολογήστε τη φράση κλειδί\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Χρήση οπωσδήποτε αυτού του κλειδιού; "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -408,7 +376,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Το όνομα πρέπει να έχει τουλάχιστον 5 χαρακτήρες\n"
 msgstr[1] "Το όνομα πρέπει να έχει τουλάχιστον 5 χαρακτήρες\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -416,382 +384,387 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Χρήση οπωσδήποτε αυτού του κλειδιού; "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Χρειάζεστε μια Φράση κλειδί για να προστατεύσετε το μυστικό κλειδί.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Το κλειδί έχει παρακαμθεί"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "αναλυτικά"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "ήσυχη έξοδος"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "ανανέωση της βάσης δεδομένων εμπιστοσύνης"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|ΟΝΟΜΑ|καθορισμός του σετ χαρακτήρων τερματικού σε ΟΝΟΜΑ"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "δεν υποστηρίζεται"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "δεν υποστηρίζεται"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|χρήση της κατάστασης φράσης κλειδί N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "χρήση του gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Αναφέρετε τα προβλήματα στο <gnupg-bugs@gnu.org>\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "ανάγνωση επιλογών από `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "αδυναμία δημιουργίας του %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "αδυναμία δημιουργίας καταλόγου `%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: κατάλογος δημιουργήθηκε\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "trustdb: read απέτυχε (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: αδυναμία δημιουργίας καταλόγου: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "η ενημέρωση μυστικού απέτυχε: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: παραλείφθηκε: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -801,19 +774,19 @@ msgstr ""
 "Επιλογές:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -821,8 +794,8 @@ msgstr ""
 "@Εντολές:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -832,87 +805,86 @@ msgstr ""
 "Επιλογές:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Ακύρωση"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "τμήματα του μυστικού κλειδιού δεν είναι διαθέσιμα\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -925,19 +897,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "ναι|ναί"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -950,7 +922,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -960,142 +932,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Σίγουρα θέλετε να διαγραφούν τα επιλεγμένα κλειδιά; "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "ενεργοποιεί ένα κλειδί"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "τμήματα του μυστικού κλειδιού δεν είναι διαθέσιμα\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "δεν υποστηρίζεται ο αλγόριθμος προστασίας %d%s\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "δεν υποστηρίζεται ο αλγόριθμος προστασίας %d%s\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "δεν υποστηρίζεται ο αλγόριθμος προστασίας %d%s\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
@@ -1111,33 +1083,33 @@ msgstr "αδυναμία σύνδεσης στο `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "πρόβλημα με τον agent: agent επιστρέφει 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "αδυναμία απενεργοποίησης των core dump: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησία στο %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ναι|ναί"
 
@@ -1192,51 +1164,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "η ενημέρωση απέτυχε: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "η ενημέρωση απέτυχε: %s\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
+
+#: common/asshelp.c:367
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the agent established\n"
 msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το %s παρακάμπτει το %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Παρακαλώ χρησιμοποιείστε την εντολή \"toggle\" πρώτα.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1315,7 +1331,7 @@ msgid "algorithm: %s"
 msgstr "θωράκιση: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1399,12 +1415,12 @@ msgstr "Αυτό το κλειδί έχει λήξει!"
 msgid "Root certificate trustworthy"
 msgstr "κακό πιστοποιητικό"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "κακό πιστοποιητικό"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Κλειδί διαθέσιμο στο: "
@@ -1446,7 +1462,7 @@ msgstr "Δεν υπάρχει διαθέσιμη βοήθεια για `%s'"
 msgid "ignoring garbage line"
 msgstr "σφάλμα στη γραμμή trailer\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "άγνωστο"
@@ -1456,144 +1472,26 @@ msgstr "άγνωστο"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "μη έγκυρος radix64 χαρακτήρας %02x παράβλεψη\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "σφάλμα ανάγνωσης αρχείου"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "η γραμμή είναι πολύ μεγάλη\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "μη έγκυρο όρισμα"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "μη έγκυρη θωράκιση"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "συγκρουόμενες εντολές\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "μη επεξεργασμένο"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "συγκρουόμενες εντολές\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "μη αναμενόμενα δεδομένα"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Μη έγκυρη εντολή  (δοκιμάστε \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "ΣΗΜΕΙΩΣΗ: μη προκαθορισμένο αρχείο επιλογών `%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "αρχείο επιλογών `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1609,131 +1507,132 @@ msgstr "αδυναμία πρόσβασης του αρχείου: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "αδυναμία δημιουργίας καταλόγου `%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "το δημόσιο κλειδί %08lX δεν βρέθηκε: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "θωράκιση: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "μη έγκυρη επικεφαλίδα θωράκισης: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "επικεφαλίδα θωράκισης: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "μη έγκυρη επικεφαλίδα clearsig\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "επικεφαλίδα θωράκισης: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "φωλιασμένες μη κρυπτογραφημένες υπογραφές\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "μη αναμενόμενη θωράκιση:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "μη έγκυρη dash escaped γραμμή: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "μη έγκυρος radix64 χαρακτήρας %02x παράβλεψη\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "πρόωρο τέλος αρχείου (απουσία CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "πρόωρο τέλος αρχείου (εντός CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "λάθος μορφή CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "σφάλμα CRC: %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "πρόωρο τέλος αρχείου (στο Τrailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "σφάλμα στη γραμμή trailer\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "δε βρέθηκαν έγκυρα OpenPGP δεδομένα.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "μη έγκυρη θωράκιση: η γραμμή είναι πάνω από %d χαρακτήρες\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1741,13 +1640,13 @@ msgstr ""
 "εκτυπώσιμος, σε εισαγωγικά, χαρακτήρας στη θωράκιση - ίσως έγινε χρήση "
 "προβληματικού MTA\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "μη αναγνώσιμο"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1756,27 +1655,27 @@ msgstr ""
 "ένα όνομα σημείωσης μπορεί να περιέχει μόνο εκτυπώσιμους χαρακτήρες και κενά "
 "και να λήγει με ένα '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "το όνομα σημείωσης χρήστη πρέπει να περιέχει το '@' χαρακτήρα\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "το όνομα σημείωσης χρήστη πρέπει να περιέχει το '@' χαρακτήρα\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "η τιμή σημείωσης πρέπει να μη χρησιμοποιεί χαρακτήρες control\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "το όνομα σημείωσης χρήστη πρέπει να περιέχει το '@' χαρακτήρα\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1786,370 +1685,354 @@ msgstr ""
 "ένα όνομα σημείωσης μπορεί να περιέχει μόνο εκτυπώσιμους χαρακτήρες και κενά "
 "και να λήγει με ένα '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: βρέθηκαν μη έγκυρα δεδομένα σημείωσης\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Πληκτρολογήστε τη φράση κλειδί: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το %s παρακάμπτει το %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "το %s ακόμα δε λειτουργεί μαζί με το %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Παρακαλώ χρησιμοποιείστε την εντολή \"toggle\" πρώτα.\n"
+msgid "error from TPM: %s\n"
+msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "το %s ακόμα δε λειτουργεί μαζί με το %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "πρόβλημα με τον agent: agent επιστρέφει 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "θωράκιση: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "το μυστικό κλειδί δεν είναι διαθέσιμο"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης (batchmode)\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Αυτή η εντολή απαγορεύετε σε αυτή την κατάσταση %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "τμήματα του μυστικού κλειδιού δεν είναι διαθέσιμα\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Η επιλογή σας; "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "μη επεξεργασμένο"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "κανένα αντίστιχο δημόσιο κλειδί: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "αναωεωμένες επιλογές"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "μη έγκυρος χαρακτήρας στο \"κορδόνι\" της επιλογής\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "μη έγκυρος χαρακτήρας στο \"κορδόνι\" της επιλογής\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Η δημιουργία κλειδιού απέτυχε: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "δε βρέθηκαν έγκυρα OpenPGP δεδομένα.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Τι μέγεθος κλειδιού θα θέλατε; (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "στρογγυλοποιήθηκε έως τα %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Υπογραφή έληξε στις %s.\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Παρακαλώ επιλέξτε τον τύπο του κλειδιού που θέλετε:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (για υπογραφή μόνο)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA και ElGamal (προκαθορισμένο)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Μη έγκυρη επιλογή.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Αυτή η εντολή απαγορεύετε σε αυτή την κατάσταση %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2157,204 +2040,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Παρακαλώ επιλέξτε τον τύπο του κλειδιού που θέλετε:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Υπογραφή έληξε στις %s.\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Σίγουρα να υπογραφεί; "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "τερματισμός αυτού του μενού"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "συγκρουόμενες εντολές\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "απεικόνιση αυτής της βοήθειας"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Κλειδί διαθέσιμο στο: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "αλλαγή της ημερομηνίας λήξης"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "αλλαγή της εμπιστοσύνης ιδιοκτήτη"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "αλλαγή της εμπιστοσύνης ιδιοκτήτη"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "αλλαγή της εμπιστοσύνης ιδιοκτήτη"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "συγκρουόμενες εντολές\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "συγκρουόμενες εντολές\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Μη έγκυρη εντολή  (δοκιμάστε \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output δεν λειτουργεί για αυτή την εντολή\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "αδυναμία πρόσβασης του `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του μπλοκ κλειδιών: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(εκτός εάν προσδιορίσετε ένα κλειδί από αποτύπωμα)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "δεν μπορεί να γίνει αυτό σε κατάσταση δέσμης χωρίς το \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(εκτός εάν προσδιορίσετε ένα κλειδί από αποτύπωμα)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2396,9 +2292,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "ΔημοσΚλειδί:"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
@@ -2424,66 +2320,77 @@ msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr ""
 "χρησιμοποιείστε πρώτα την επιλογή \"--delete-secret-key\" για διαγραφή του.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n"
-"επιλογές του παραλήπτη\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "αδυναμία χρήσης ενός συμμετρικού πακέτου ESK λόγω της κατάστασης S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "χρήση του κρυπταλγόριθμου: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' ήδη συμπιέστηκε\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: `%s' είναι ένα άδειο αρχείο\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "απαγορεύετε η χρήση του αλγόριθμου περίληψης \"%s\" στην κατάσταση %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "ανάγνωση από `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n"
+"επιλογές του παραλήπτη\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2492,28 +2399,37 @@ msgstr ""
 "ο εξαναγκασμός χρήσης του αλγορίθμου συμπίεσης %s (%d) παραβιάζει τις\n"
 "επιλογές του παραλήπτη\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n"
+"επιλογές του παραλήπτη\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s κρυπτογραφήθηκε για: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s κρυπτογραφημένα δεδομένα\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "κρυπτογραφημένο με άγνωστο αλγόριθμο %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2521,72 +2437,11 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το μήνυμα κρυπτογραφήθηκε με αδύναμο κλειδί στο\n"
 "συμμετρικό κρυπταλγόριθμο.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "πρόβλημα στο χειρισμό κρυπτογραφημένου πακέτου\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "δεν υποστηρίζετε η απομακρυσμένη εκτέλεση προγράμματος\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"οι κλήσεις εξωτερικών προγραμμάτων απενεργοποιήθηκαν λόγω ανασφαλών αδειών\n"
-"αρχείου\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"αυτή η πλατφόρμα απαιτεί προσωρ. αρχεία στην κλήση εξωτερικών προγραμμάτων\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "αδυναμία εκτέλεσης του %s \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "αδυναμία εκτέλεσης του %s \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "σφάλμα συστήματος κατά την κλήση εξωτερικού προγράμματος: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "αφύσικη έξοδος του εξωτερικού προγράμματος\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "αδυναμία εκτέλεσης του εξωτερικού προγράμματος\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "αδυναμία ανάγνωσης της απάντησης του εξωτερικού προγράμματος: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής tempfile (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής προσωρινού φακέλου `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2613,405 +2468,405 @@ msgstr "μη χρησιμοποιήσιμο μυστικό κλειδί"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: παραλείφθηκε: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "εγγραφή στο  `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr ""
 "κλειδί %08lX: η υπογραφή του υποκλειδιού σε λάθος σημείο - παραλείφθηκε\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "κλειδί %08lX:  κλειδί τύπου PGP 2.x - παραλείφθηκε\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: δεν έγινε καμμία εξαγωγή\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[User id δεν βρέθηκε]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "το μυστικό κλειδί `%s' δε βρέθηκε: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|ΟΝΟΜΑ|χρήση ΟΝΟΜΑτος σαν προκαθορισμένο μυστικό κλειδί"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|ΟΝΟΜΑ|χρήση ΟΝΟΜΑτος σαν προκαθορισμένο μυστικό κλειδί"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Μη έγκυρο κλειδί %08lX έγινε έγκυρο από το --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "χρήση του δευτερεύοντος κλειδιού %08lX αντί του πρωτεύοντος %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "δημιουργία μιας μη προσαρτημένης υπογραφής"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[αρχείο]|δημιουργία μιας μη κρυπτογραφημένης υπογραφής"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "δημιουργία μιας μη προσαρτημένης υπογραφής"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "κρυπτογράφηση δεδομένων"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "κρυπτογράφηση με χρήση μόνο συμμετρικών αλγορίθμων"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "αποκρυπτογράφηση δεδομένων (προκαθορισμένο)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "επαλήθευση μιας υπογραφής"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "απεικόνιση της λίστας κλειδιών"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "απεικόνιση της λίστας κλειδιών και υπογραφών"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "έλεγχος υπογραφής κλειδιού"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "απεικόνιση της λίστας κλειδιών και αποτυπωμάτων (fingerprints)"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "απεικόνιση της λίστας μυστικών κλειδιών"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "αφαίρεση των κλειδιών από τη δημόσια κλειδοθήκη"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "αφαίρεση των κλειδιών από τη μυστική κλειδοθήκη"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "υπογραφή ενός κλειδιού"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "υπογραφή ενός κλειδιού τοπικά"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "υπογραφή ενός κλειδιού"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "υπογραφή ενός κλειδιού τοπικά"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "υπογραφή ή επεξεργασία ενός κλειδιού"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "εξαγωγή κλειδιών"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "εξαγωγή κλειδιών σε ένα διακομιστή κλειδιών"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "εισαγωγή κλειδιών από ένα διακομιστή κλειδιών"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "αναζήτηση κλειδιών σε ένα διακομιστή κλειδιών"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "ανανέωση όλων των κλειδιών από ένα διακομιστή κλειδιών"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "εισαγωγή/συγχώνευση κλειδιών"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "ανανέωση της βάσης δεδομένων εμπιστοσύνης"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|αλγόρ [αρχεία]| απεικόνιση περιλήψεων των μηνυμάτων"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|ΟΝΟΜΑ|χρήση ΟΝΟΜΑτος σαν προκαθορισμένο μυστικό κλειδί"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|ΟΝΟΜΑ|κρυπτογράφηση για ΟΝΟΜΑ"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "να μη γίνει καμμία αλλαγή"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "ερώτηση πριν την επικάλυψη"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "δημιουργία ascii θωρακισμένης εξόδου"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "χρήση κανονικής κατάστασης κειμένου"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|καθορισμός επιπέδου συμπίεσης N (0 απενεργοποιεί)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "εισαγωγή κλειδιών από ένα διακομιστή κλειδιών"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "έλεγχος υπογραφής κλειδιού"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "απεικόνιση της λίστας μυστικών κλειδιών"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|ΟΝΟΜΑ|κρυπτογράφηση για ΟΝΟΜΑ"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "χρήση αυτής της ταυτότητας (user id) για υπογραφή ή αποκρυπτογράφηση"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3019,7 +2874,7 @@ msgstr ""
 "@\n"
 "(δείτε τη σελίδα man για μια πλήρη λίστα εντολών και επιλογών)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3049,13 +2904,13 @@ msgstr ""
 " --list-keys [ονόματα]        απεικόνιση κλειδιών\n"
 " --fingerprint [ονόματα]      απεικόνιση αποτυπωμάτων (fingerprints)\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3070,7 +2925,7 @@ msgstr ""
 "υπογραφή, έλεγχος, κρυπτογράφηση ή αποκρυπτογράφηση\n"
 "η προκαθορισμένη λειτουργία εξαρτάται από τα δεδομένα εισόδου\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3078,558 +2933,573 @@ msgstr ""
 "\n"
 "Υποστηριζόμενοι αλγόριθμοι:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "ΔημοσΚλειδί:"
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Κρυπταλγόριθμος: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Συμπίεση: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "χρήση: gpg [επιλογές] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "συγκρουόμενες εντολές\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "δεν βρέθηκε το σύμβολο = στον ορισμό της ομάδας \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησία στο %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησία στο %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησία στο %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησίαεσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησίαεσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλής ιδιοκτησίαεσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες εσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες εσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες εσώκλειστου φακέλου στο %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "άγνωστο αντικείμενο ρυθμίσεως \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Δεν βρέθηκε αντίστοιχη υπογραφή στη μυστική κλειδοθήκη\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Δεν βρέθηκε αντίστοιχη υπογραφή στη μυστική κλειδοθήκη\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "το URL πολιτικής υπογραφής που δόθηκε δεν είναι έγκυρο\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "απεικόνιση της κλειδοθήκης στην οποία αναφέρετε το κλειδί"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Δεν βρέθηκε αντίστοιχη υπογραφή στη μυστική κλειδοθήκη\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Αυτή η εντολή απαγορεύετε σε αυτή την κατάσταση %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το %s δεν είναι για κανονική χρήση!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Μη έγκυρη διεύθυνση Email\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "το URL πολιτικής υπογραφής που δόθηκε δεν είναι έγκυρο\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "αδυναμία ορισμού του exec-path σε %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το πρόγραμμα ίσως δημιουργήσει αρχείο core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το %s παρακάμπτει το %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "το %s δεν επιτρέπεται με το %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "το %s δεν έχει καμμία έννοια μαζί με το %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr ""
 "ο επιλεγμένος αλγόριθμος περίληψης για πιστοποίηση\n"
 "δεν είναι έγκυρος\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed πρέπει να είναι μεγαλύτερα από 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed πρέπει να είναι μεγαλύτερα από 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth πρέπει να είναι μεταξύ 1 και 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "μη έγκυρο default-cert-level· πρέπει να είναι 0, 1, 2, ή 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "μη έγκυρο min-cert-level· πρέπει να είναι 0, 1, 2, ή 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "ΣΗΜΕΙΩΣΗ: η απλή S2K κατάσταση (0) πρέπει να αποφεύγεται\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "μη έγκυρη κατάσταση S2K; πρέπει να είναι 0, 1 ή 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "μη έγκυρες προεπιλογές\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού αλγόριθμου περίληψης\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "μη έγκυρες προεπιλογές προσωπικού αλγόριθμου συμπίεσης\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "μη έγκυρο μέγεθος κλειδιού, χρήση %u bits\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "το %s ακόμα δε λειτουργεί μαζί με το %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "απαγορεύετε η χρήση του αλγόριθμου συμπίεσης \"%s\" στην κατάσταση %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: δώθηκαν παραλήπτες (-r) χώρις χρήση κρυπτογράφησης\n"
 "δημοσίου κλειδιού\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "αποκρυπτογράφηση απέτυχε: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "keyserver αποστολή απέτυχε: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "keyserver λήψη απέτυχε: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "εξαγωγή κλειδιού απέτυχε: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "εξαγωγή κλειδιού απέτυχε: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "keyserver αναζήτηση απέτυχε: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "keyserver ανανέωση απέτυχε: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "αποθωράκιση απέτυχε: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Μπορείτε τώρα να εισαγάγετε το μήνυμα σας ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "το URL πολιτικής πιστοποιητικού που δόθηκε δεν είναι έγκυρο\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "το URL πολιτικής υπογραφής που δόθηκε δεν είναι έγκυρο\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "το URL πολιτικής υπογραφής που δόθηκε δεν είναι έγκυρο\n"
@@ -3643,7 +3513,7 @@ msgstr "εξαγωγή των κλειδιών από αυτή τη κλειδο
 msgid "make timestamp conflicts only a warning"
 msgstr "ορισμός των συγκρούσεων ώρας (timestamp) μόνο σαν προειδοποίηση"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|εγγραφή των πληροφοριών κατάστασης στο FD"
 
@@ -3694,299 +3564,315 @@ msgstr "ανανέωση της βάσης δεδομένων εμπιστοσύ
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "δεν υποστηρίζεται"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "απεικόνιση του fingerprint"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "μη χρησιμοποιήσιμο μυστικό κλειδί"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "παράλειψη τμήματος του τύπου %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu κλειδιά έχουν μέχρι τώρα επεξεργαστεί\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Συνολικός αριθμός που επεξεργάστηκαν: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      νέα κλειδιά που παραλείφθηκαν: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      νέα κλειδιά που παραλείφθηκαν: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          χωρίς user ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              εισαχθέντα: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             αμετάβλητα: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          νέα user ID: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           νέα υποκλειδιά: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        νέες υπογραφές: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   νέες ανακλήσεις κλειδιών: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      αναγνωσμένα μυστικά κλειδιά: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  εισαχθέντα μυστικά κλειδιά: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " αμετάβλητα μυστικά κλειδιά: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          μη  εισαχθέντα: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "        νέες υπογραφές: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      αναγνωσμένα μυστικά κλειδιά: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "παραλείφθηκε `%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "κλειδί %08lX: επιδιόρθωση φθαρμένου υποκλειδιού HKP\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "κλειδί %08lX: δεκτό μη ιδιο-υπογεγραμμένο user ID '%s'\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "κλειδί %08lX: δεν έχει έγκυρα user ID\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "αυτό μπορεί να συνέβει από μια απούσα ιδιοϋπογραφή\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "κλειδί %08lX: μυστικό κλειδί που δε βρέθηκε: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "κλειδί %08lX:  νέο κλειδί - παραλείφθηκε\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "δεν βρεθηκε εγγράψιμη κλειδοθήκη: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "κλειδί %08lX: το δημόσιο κλειδί \"%s\" έχει εισαχθεί\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "κλειδί %08lX: δεν ταιριάζει με το αντίγραφο μας\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "κλειδί %08lX: \"%s\" 1 νέο user ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέα user ID\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "κλειδί %08lX: \"%s\" 1 νέα υπογραφή\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέες υπογραφές\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "κλειδί %08lX: \"%s\" 1 νέο υποκλειδί\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέα υποκλειδιά\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέες υπογραφές\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέες υπογραφές\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέα user ID\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "κλειδί %08lX: \"%s\" %d νέα user ID\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "κλειδί %08lX: \"%s\" αμετάβλητο\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "κλειδί %08lX: μυστικό κλειδί εισήχθηκε\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
@@ -3999,207 +3885,213 @@ msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "το μυστικό κλειδί `%s' δε βρέθηκε: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "κλειδί %08lX: μυστικό κλειδί με άκυρο κρυπταλγ. %d - παραλείφθηκε\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Δεν έχει οριστεί αιτία"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Το κλειδί έχει παρακαμθεί"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Το κλειδί έχει εκτεθεί"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Το κλειδί δε χρησιμοποιείται πλέον"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Το User ID δεν είναι πλέον έγκυρο"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "αιτία για ανάκληση:"
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "σχόλιο ανάκλησης:"
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "κλειδί %08lX: όχι δημόσιο κλειδί - αδυναμία εφαρμογής πιστοποιητικού "
 "ανάκλησης\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "κλειδί %08lX: αδυναμία εντοπισμού του αρχικού τμήματος κλειδιού: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "κλειδί %08lX: αδυναμία ανάγνωσης του αρχικού τμήματος κλειδιού: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "κλειδί %08lX: μη έγκυρο πιστοποιητικό ανάκλησης: %s - απόρριψη\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "κλειδί %08lX: \"%s\" πιστοποιητικό ανάκλησης εισήχθηκε\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "κλειδί %08lX: δεν υπάρχει user ID για την υπογραφή\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "κλειδί %08lX: μη υποστηριζόμενος αλγόριθμος δημοσίου κλειδιού στο user id "
 "\"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "κλειδί %08lX: μη έγκυρη ιδιο-υπογραφή στο user id \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "κλειδί %08lX: μη υποστηριζόμενος αλγόριθμος δημοσίου κλειδιού\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "κλειδί %08lX: άμεση υπογραφή κλειδιού προστέθηκε\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "κλειδί %08lX: δεν υπάρχει υποκλειδί για τη δέσμευση κλειδιού\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "κλειδί %08lX: μη έγκυρη δέσμευση υποκλειδιού\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "κλειδί %08lX: αφαιρέθηκε η δέσμευση πολλαπλού υποκλειδιού\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "κλειδί %08lX: δεν υπάρχει υποκλειδί για την ανάκληση κλειδιού\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "κλειδί %08lX: μη έγκυρη ανάκληση υποκλειδιού\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "κλειδί %08lX: αφαιρέθηκε η ανάκληση πολλαπλού υποκλειδιού\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "κλειδί %08lX: παραλείφθηκε user ID '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "κλειδί %08lX: παραλείφθηκε υποκλειδί\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "κλειδί %08lX: μη εξαγόμενη υπογραφή (κλάση %02x) - παραλείφθηκε\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr ""
 "κλειδί %08lX: το πιστοποιητικό ανάκλησης σε λάθος σημείο - παραλείφθηκε\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "κλειδί %08lX: μη έγκυρο πιστοποιητικό ανάκλησης: %s - παραλείφθηκε\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr ""
 "κλειδί %08lX: η υπογραφή του υποκλειδιού σε λάθος σημείο - παραλείφθηκε\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "κλειδί %08lX: μη αναμενώμενη κλάση υπογραφής (0x%02x) - παραλείφθηκε\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "κλειδί %08lX: εντοπίστηκε διπλό user ID - ενώθηκαν\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "κλειδί %08lX: εντοπίστηκε διπλό user ID - ενώθηκαν\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: κλειδί %08lX μπορεί να ανακληθεί: λήψη κλειδιού ανάκλησης "
 "%08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: κλειδί %08lX μπορεί να ανακληθεί: το κλειδί ανάκλησης %08lX\n"
 "δεν είναι παρών.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "κλειδί %08lX: \"%s\" πιστοποιητικό ανάκλησης προστέθηκε\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "κλειδί %08lX: άμεση υπογραφή κλειδιού προστέθηκε\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
@@ -4220,19 +4112,19 @@ msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Καλή υπογραφή από \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "παραλείφθηκε `%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Το user ID \"%s\" ανακαλείτε."
 msgstr[1] "Το user ID \"%s\" ανακαλείτε."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4240,7 +4132,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 υπογραφή δεν ελέγχθηκε λόγω χαμένου κλειδιού\n"
 msgstr[1] "1 υπογραφή δεν ελέγχθηκε λόγω χαμένου κλειδιού\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4248,53 +4140,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d κακές υπογραφές\n"
 msgstr[1] "%d κακές υπογραφές\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Καλή υπογραφή από \""
 msgstr[1] "Καλή υπογραφή από \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "κλειδοθήκη `%s' δημιουργήθηκε\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "κλειδοθήκη `%s' δημιουργήθηκε\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "αποτυχία επαναδόμησης της cache κλειδοθήκης: %s\n"
@@ -4307,7 +4194,7 @@ msgstr "[ανάκληση]"
 msgid "[self-signature]"
 msgstr "[ιδιο-υπογραφή]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4320,12 +4207,12 @@ msgstr ""
 "να κοιτάζει passports και fingerprints από διάφορες πηγές...);\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Έχω μερική εμπιστοσύνη\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Έχω πλήρη εμπιστοσύνη\n"
@@ -4352,12 +4239,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Το user ID \"%s\" ανακαλείτε."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Σίγουρα θέλετε ακόμα να το υπογράψετε; (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Αδυναμία υπογραφής.\n"
 
@@ -4560,213 +4447,217 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Σίγουρα να υπογραφεί; "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "η υπογραφή απέτυχε: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "αποθήκευση και έξοδος"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "απεικόνιση του fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Σημείωση υπογραφής: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "απεικόνιση των κλειδιών και των user ID"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "επιλογή user ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "επιλογή user ID N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "ανάκληση υπογραφών"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "υπογραφή του κλειδιού τοπικά"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Συμβουλή: Επιλέξτε το user ID για υπογραφή\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "προσθήκη ενός user ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "προσθήκη ενός photo ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "διαγραφή ενός user ID"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "διαγραφή ενός δευτερεύοντος κλειδιού"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "προσθήκη ενός κλειδιού ανάκλησης"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr ""
 "Σίγουρα θέλετε να ανανεωθούν οι προεπιλογές για το επιλεγμένο user ID; "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Δεν μπορείτε να αλλάξετε την ημερομηνία λήξης σε ένα v3 κλειδί\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "σημείωση του user ID σαν πρωτεύων"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "απεικόνιση προεπιλογών (ειδικές)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "απεικόνιση επιλογών (αναλυτικά)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr ""
 "Σίγουρα θέλετε να ανανεωθούν οι προεπιλογές για το επιλεγμένο user ID; "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr ""
 "Σίγουρα θέλετε να ανανεωθούν οι προεπιλογές για το επιλεγμένο user ID; "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "αλλαγή της εμπιστοσύνης ιδιοκτήτη"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Σίγουρα θέλετε να ανακληθούν όλα τα επιλεγμένα user ID; "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "ανάκληση ενός user ID"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "ανάκληση ενός δευτερεύοντος κλειδιού"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "ενεργοποιεί ένα κλειδί"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "απενεργοποιεί ένα κλειδί"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "απεικόνιση photo ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Το μυστικό κλειδί είναι διαθέσιμο.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Το μυστικό κλειδί είναι διαθέσιμο.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Απαιτείται το μυστικό κλειδί για να γίνει αυτό.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4774,310 +4665,315 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Το κλειδί ανακλήθηκε."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Σίγουρα να υπογραφούν όλα τα user ID; "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Σίγουρα να υπογραφούν όλα τα user ID; "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Συμβουλή: Επιλέξτε το user ID για υπογραφή\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "άγνωστη κλάση υπογραφής"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Αυτή η εντολή απαγορεύετε σε αυτή την κατάσταση %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Πρέπει να επιλέξετε το λιγότερο ένα user ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Δεν μπορείτε να διαγράψετε το τελευταίο user ID!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Σίγουρα θέλετε να διαγραφούν όλα τα επιλεγμένα user ID; "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Σίγουρα θέλετε να διαγραφεί αυτό το user ID; "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Σίγουρα θέλετε να διαγραφεί αυτό το user ID; "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Πρέπει να επιλέξετε τουλάχιστον ένα κλειδί.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "αδυναμία πρόσβασης στο `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Πρέπει να επιλέξετε τουλάχιστον ένα κλειδί.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Σίγουρα θέλετε να διαγραφούν τα επιλεγμένα κλειδιά; "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Σίγουρα θέλετε να διαγραφεί αυτό το κλειδί; "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθούν όλα τα επιλεγμένα user ID; "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθεί αυτό το user ID; "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθεί αυτό το κλειδί; "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθούν τα επιλεγμένα κλειδιά; "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθεί αυτό το κλειδί; "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "ορισμός απεικόνισης επιλογών"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Σίγουρα θέλετε να ανανεωθούν οι προεπιλογές για το επιλεγμένο user ID; "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Σίγουρα να ανανεωθούν οι προεπιλογές;"
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Αποθήκευση των αλλαγών; "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Τερματισμός χωρίς αποθήκευση; "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Το κλειδί δεν άλλαξε οπότε δεν χρειάζεται ενημέρωση.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Δεν μπορείτε να διαγράψετε το τελευταίο user ID!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "μη έγκυρη τιμή\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Δεν υπάρχει αυτό το user ID.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Τίποτα για να υπογραφεί με το κλειδί  %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   υπογράφθηκε από %08lX στις %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "το %s δεν είναι έγκυρο σετ χαρακτήρων\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Περίληψη: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Δυνατότητε: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Σημείωση: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Δεν υπάρχουν προεπιλογές σε ένα user ID τύπου PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Αυτό το κλειδί μπορεί να ανακληθεί από %s κλειδί "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Αυτό το κλειδί μπορεί να ανακληθεί από %s κλειδί "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (ευαίσθητο)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "αδυναμία δημιουργίας του %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[ανακλημένο]"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [λήγει: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [λήγει: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " εμπιστοσύνη: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " εμπιστοσύνη: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Αυτό το κλειδί έχει απενεργοποιηθεί"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5085,19 +4981,19 @@ msgstr ""
 "Η εγγυρότητα του απεικονιζόμενου κλειδιού δεν είναι απαραίτητα σωστή\n"
 "εκτός και εάν επανακκινήσετε το πρόγραμμα.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[ανακλημένο]"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5106,18 +5002,18 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: δεν έχει σημειωθεί ID χρήστη σαν πρωτεύων.  Αυτή η εντολή\n"
 "              μπορεί να κάνει ένα άλλο ID χρήστη να γίνει το πρωτεύων.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Δεν μπορείτε να αλλάξετε την ημερομηνία λήξης σε ένα v3 κλειδί\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5126,35 +5022,35 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό έιναι ένα κλειδί τύπου PGP2. Η προσθήκη ενός photo ID\n"
 "               μπορεί να κάνει μερικές εκδόσεις PGP να το απορρίψουν.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Σίγουρα ακόμα θέλετε να το προσθέσετε; (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Δεν μπορείτε να προσθέσετε μια photo ID σε ένα κλειδί τύπου PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Διαγραφή αυτής της καλής υπογραφής; (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Διαγραφή αυτής της μη έγκυρης υπογραφής; (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Διαγραφή αυτής της άγνωστης υπογραφής; (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Σίγουρα να διαγραφεί αυτή η ιδιο-υπογραφή; (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5162,38 +5058,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Διαγράφτηκε %d υπογραφή.\n"
 msgstr[1] "Διαγράφτηκε %d υπογραφή.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Τίποτα δεν διαγράφτηκε.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "μη έγκυρη θωράκιση"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Το user ID \"%s\" ανακαλείτε."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Το user ID \"%s\" ανακαλείτε."
 msgstr[1] "Το user ID \"%s\" ανακαλείτε."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "το user ID \"%s\" έχει ήδη ανακληθεί\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "το user ID \"%s\" έχει ήδη ανακληθεί\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5203,40 +5099,40 @@ msgstr ""
 "               καθορισμένου ανακλητή μπορεί να κάνει μερικές εκδόσεις PGP\n"
 "               να το απορρίψουν.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Δεν μπορείτε να προσθέσετε ένα καθορισμένο ανακλητή σε κλειδί τύπου PGP2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Πληκτρολογήστε το user ID του διορισμένου ανακλητή: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "αδυναμία ορισμού ενός κλειδιού τύπου PGP 2.x, σαν διορισμένου ανακλητή\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 "δε μπορείτε να ορίσετε ένα κλειδί σαν το διορισμένο ανακλητή του εαυτού του\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί έχει ανακληθεί από τον ορισμένο ανακλητή!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: εάν ορίσετε ένα κλειδί σαν διορισμένο ανακλητή δεν μπορεί να "
 "επανέλθει!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5244,7 +5140,7 @@ msgstr ""
 "Είστε σίγουροι ότι θέλετε να ορίσετε ένα κλειδί σαν διορισμένο ανακλητή; (y/"
 "N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5253,265 +5149,270 @@ msgstr ""
 "Είστε σίγουροι ότι θέλετε να ορίσετε ένα κλειδί σαν διορισμένο ανακλητή; (y/"
 "N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Αλλαγή ημερομηνίας λήξης για ένα δευτερεύον κλειδί.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Αλλαγή ημερομηνίας λήξης για ένα πρωτεύον κλειδί.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Δεν μπορείτε να αλλάξετε την ημερομηνία λήξης σε ένα v3 κλειδί\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Αλλαγή ημερομηνίας λήξης για ένα δευτερεύον κλειδί.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Αλλαγή ημερομηνίας λήξης για ένα πρωτεύον κλειδί.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το υπογράφων υποκλειδί %08lX δεν έχει κατ' αντιπαράσταση "
 "πιστοποιηθεί\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Πρέπει να επιλέξετε ακριβώς ένα user ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "παραλείφθηκε η v3 ιδιο-υπογραφή στο user id \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Σίγουρα θέλετε ακόμα να το χρησιμοποιήσετε; (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Σίγουρα θέλετε ακόμα να το χρησιμοποιήσετε; (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Σημείωση υπογραφής: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Επικάλυψη (y/N); "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Δεν υπάρχει user ID με δείκτη %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Δεν υπάρχει user ID με δείκτη %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Δεν υπάρχει user ID με δείκτη %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Δεν υπάρχει user ID με δείκτη %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "user ID: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   υπογράφθηκε από %08lX στις %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (μη-εξαγώγιμο)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Αυτή η υπογραφή έληξε στις %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Σίγουρα θέλετε να ανακληθεί αυτό το κλειδί; "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Δημιουργία ενός πιστοποιητικού ανάκλησης για αυτή την υπογραφή; (y/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Έχετε υπογράψει αυτά τα user ID:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (μη-εξαγώγιμο)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   ανακλήθηκε από %08lX στις %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Σκοπεύετε να ανακαλέσετε αυτές τις υπογραφές:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Σίγουρα να δημιουργηθούν τα πιστοποιητικά ανάκλησης; (y/N)"
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "κανένα μυστικό κλειδί\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "το user ID \"%s\" έχει ήδη ανακληθεί\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μια υπογραφή user ID έχει ημερομηνία %d δεύτερα στο μέλλον\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Δεν μπορείτε να διαγράψετε το τελευταίο user ID!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "το user ID \"%s\" έχει ήδη ανακληθεί\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "το user ID \"%s\" έχει ήδη ανακληθεί\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Απεικόνιση %s photo ID μεγέθους %ld για το κλειδί 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "πάρα πολλές `%c' προεπιλογές\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "πάρα πολλές `%c' προεπιλογές\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "πάρα πολλές `%c' προεπιλογές\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "πάρα πολλές `%c' προεπιλογές\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "μη έγκυρος χαρακτήρας στο \"κορδόνι\" της επιλογής\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "εγγραφή άμεσης υπογραφής\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "εγγραφή ιδιο-υπογραφής\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "εγγραφή υπογραφής \"δέσιμου\" κλειδιού\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "μη έγκυρο μέγεθος κλειδιού, χρήση %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "στρογγυλοποίηση του μέγεθος κλειδιού έως %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "κρυπτογράφηση δεδομένων"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5525,169 +5426,179 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA και ElGamal (προκαθορισμένο)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA και ElGamal (προκαθορισμένο)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (για υπογραφή μόνο)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (για υπογραφή μόνο)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA και ElGamal (προκαθορισμένο)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) RSA (υπογραφή και κρυπτογράφηση)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (προκαθορισμένο)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (για υπογραφή μόνο)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Σημείωση υπογραφής: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Δεν υπάρχει user ID με δείκτη %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: σφάλμα στην ανάγνωση της εγγραφής free : %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "απενεργοποιεί ένα κλειδί"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "στρογγυλοποιήθηκε έως τα %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Τι μέγεθος κλειδιού θα θέλατε; (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Το μέγεθος κλειδιού που ζητήθηκε είναι %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Παρακαλώ επιλέξτε τον τύπο του κλειδιού που θέλετε:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5703,7 +5614,7 @@ msgstr ""
 "      <n>m = το κλειδί λήγει σε n μήνες\n"
 "      <n>y = το κλειδί λήγει σε n έτη\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5719,40 +5630,40 @@ msgstr ""
 "      <n>m = το κλειδί λήγει σε n μήνες\n"
 "      <n>y = το κλειδί λήγει σε n έτη\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Το κλειδί είναι έγκυρο για; (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Η υπογραφή έιναι έγκυρη για; (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "μη έγκυρη τιμή\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "το %s δεν λήγει ποτέ\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "το %s δεν λήγει ποτέ\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "το %s λήγει στις %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Υπογραφή λήγει στις %s.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5760,12 +5671,12 @@ msgstr ""
 "Το σύστημα σας δεν μπορεί να απεικονίσει ημερομηνίες πέρα του 2038.\n"
 "Όμως, θα χειρίζονται σωστά έως το 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Είναι αυτό σωστό (y/n); "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5776,7 +5687,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5793,50 +5704,50 @@ msgstr ""
 "    \"Nikolaoy Nikos (toy Ioanni) <nikoln@athens.gr>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Αληθινό Όνομα: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Μη έγκυρος χαρακτήρας στο όνομα\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Το όνομα δεν επιτρέπεται να ξεκινά με αριθμητικό ψηφίο\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Το όνομα πρέπει να έχει τουλάχιστον 5 χαρακτήρες\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Διεύθυνση Email: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Μη έγκυρη διεύθυνση Email\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Σχόλιο: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Μη έγκυρος χαρακτήρας στο σχόλιο\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Χρησιμοποιείτε το `%s' σετ χαρακτήρων.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5847,7 +5758,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Παρακαλώ μην τοποθετείτε την διεύθυνση email στο όνομα ή στο σχόλιο\n"
 
@@ -5862,35 +5773,35 @@ msgstr "Παρακαλώ μην τοποθετείτε την διεύθυνση
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Αλλαγή (N)όνομα, (C)σχόλιο, (E)mail ή (Q)τερματισμός; "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Αλλαγή (N)όνομα, (C)σχόλιο, (E)mail ή (O)εντάξει/(Q)τερματισμός; "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Αλλαγή (N)όνομα, (C)σχόλιο, (E)mail ή (Q)τερματισμός; "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Αλλαγή (N)όνομα, (C)σχόλιο, (E)mail ή (O)εντάξει/(Q)τερματισμός; "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Παρακαλώ, διορθώστε πρώτα το σφάλμα\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5902,13 +5813,13 @@ msgstr ""
 "τους δίσκους) κατα τη διάρκεια υπολογισμού πρώτων αριθμών. Αυτό δίνει\n"
 "στη γεννήτρια τυχαίων αριθμών μια ευκαιρία να μαζέψει αρκετή εντροπία.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Η δημιουργία κλειδιού απέτυχε: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5916,67 +5827,67 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "`%s' ήδη συμπιέστηκε\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 msgid "Create anyway? (y/N) "
 msgstr "Χρήση οπωσδήποτε αυτού του κλειδιού; "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 msgid "creating anyway\n"
 msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Η δημιουργία κλειδιού αναβλήθηκε.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "αδυναμία δημιουργίας του `%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το μυστικό κλειδί %08lX έληξε στις %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "εγγραφή του δημοσίου κλειδιού στο `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "δε βρέθηκε εγγράψιμη δημόσια κλειδοθήκη: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "αδυναμία εγγραφής δημόσιας κλειδοθήκης `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "το δημόσιο και το μυστικό κλειδί δημιουργήθηκαν και υπογράφηκαν.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5987,7 +5898,7 @@ msgstr ""
 "Μπορείτε να χρησιμοποιήσετε την εντολή \"--edit-key\" για να δημιουργηθεί\n"
 "ένα δευτερεύον κλειδί για αυτό το λόγο.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5995,7 +5906,7 @@ msgstr ""
 "το κλειδί δημιουργήθηκε %lu δευτερόλεπτο στο μέλλον (χρονοδίνη ή\n"
 "απλώς πρόβλημα στο ρολόι)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6003,7 +5914,7 @@ msgstr ""
 "το κλειδί δημιουργήθηκε %lu δευτερόλεπτα στο μέλλον (χρονοδίνη ή\n"
 "απλώς πρόβλημα στο ρολόι)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
@@ -6011,46 +5922,46 @@ msgstr ""
 "ΣΗΜΕΙΩΣΗ: η δημιουργία υποκλειδιών για κλειδιά v3 δεν είναι σύμφωνο\n"
 "με το OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Μυστικά τμήματα του κύριου κλειδιού δεν είναι διαθέσιμα.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Μυστικά τμήματα του κύριου κλειδιού δεν είναι διαθέσιμα.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Σίγουρα να δημιουργηθεί; "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "ποτέ     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Πολιτική κρίσιμης υπογραφής: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Πολιτική υπογραφής: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Σημείωση κρίσιμης υπογραφής: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Σημείωση υπογραφής: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6058,7 +5969,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d κακές υπογραφές\n"
 msgstr[1] "%d κακές υπογραφές\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6066,64 +5977,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 υπογραφή δεν ελέγχθηκε λόγο ενός σφάλματος\n"
 msgstr[1] "1 υπογραφή δεν ελέγχθηκε λόγο ενός σφάλματος\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Κλειδοθήκη"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Αποτύπωμα πρωτεύοντος κλειδιού:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Αποτύπωμα υποκλειδιού:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Αποτύπωμα πρωτ. κλειδιού:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Αποτύπωμα υποκλειδιού:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Αποτύπωμα κλειδιού ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "έλεγχος κλειδοθήκης `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu κλειδιά έχουν ελεγχθεί (%lu υπογραφές)\n"
 msgstr[1] "%lu κλειδιά έχουν ελεγχθεί (%lu υπογραφές)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6131,309 +6042,317 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 κακή υπογραφή\n"
 msgstr[1] "1 κακή υπογραφή\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: κλειδοθήκη δημιουργήθηκε\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "το URL πολιτικής υπογραφής που δόθηκε δεν είναι έγκυρο\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "αίτηση κλειδιού %08lX από το %s\n"
 msgstr[1] "αίτηση κλειδιού %08lX από το %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής tempfile (%s) `%s': %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "αίτηση κλειδιού %08lX από το %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "αίτηση κλειδιού %08lX από το %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "μη έγκυρες επιλογές εξαγωγής\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "παραλείφθηκε `%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "υπογράφθηκε με το κλειδί σας %08lX στις %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "αίτηση κλειδιού %08lX από το %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής tempfile (%s) `%s': %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "παράξενο μέγεθος για ένα κλειδί κρυπτογραφημένης συνεδρίας (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s κλειδί κρυπτογραφημένης συνεδρία\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "κρυπτογραφημένο με άγνωστο αλγόριθμο %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "κρυπτογραφημένο με άγνωστο αλγόριθμο %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "δημόσιο κλειδί είναι %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "κρυπτογραφημένα δεδομένα με δημόσιο κλειδί: καλό DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "κρυπτογραφημένο με %u-bit %s κλειδί, ID %08lX, δημιουργήθηκε %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "                γνωστό σαν \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "κρυπτογραφημένο με %s key, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "κρυπτογράφηση με δημόσιο κλειδί απέτυχε: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "κρυπτογραφημένο με %lu φράσεις κλειδιά\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "κρυπτογραφημένο με 1 φράση κλειδί\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "κρυπτογράφηση με δημόσιο κλειδί απέτυχε: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "κρυπτογραφημένα δεδομένα με δημόσιο κλειδί: καλό DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "υπόθεση %s κρυπτογραφημένων δεδομένων\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "Κρυπταλγόριθμος IDEA μη διαθέσιμος, αισιόδοξη προσπάθεια χρήσης του\n"
 "%s αντίθετα\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: δεν προστατεύτηκε η ακεραιότητα του μηύματος\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "αποκρυπτογράφηση απέτυχε: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "αποκρυπτογράφηση OK\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το κρυπτογραφημένο μήνυμα έχει πειραχθεί!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "αποκρυπτογράφηση απέτυχε: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "ΣΗΜΕΙΩΣΗ: ο αποστολέας ζήτησε \"για-τα-μάτια-σας-μόνο\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "αρχικό όνομα αρχείου='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "ανεξάρτητη ανάκληση - χρησιμοποιείστε \"gpg --import\" για εφαρμογή\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Καλή υπογραφή από \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ΚΑΚΗ υπογραφή από \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Ληγμένη υπογραφή από \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Καλή υπογραφή από \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "καταστολή ανάκλησης υπογραφής\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "αδυναμία χειρισμού αυτών των πολλαπλών υπογραφών\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Υπογραφή έληξε στις %s.\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "                γνωστό σαν \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Υπογραφή έγινε στο %.*s με χρήση του κλειδιού%s ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                γνωστό σαν \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Κλειδί διαθέσιμο στο: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[αβέβαιο]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "                γνωστό σαν \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
@@ -6441,205 +6360,200 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί δεν έχει πιστοποιηθεί με εμπιστεύσιμη "
 "υπογραφή!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Υπογραφή έληξε στις %s.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Υπογραφή λήγει στις %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "δυαδικό"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "κατάσταση-κειμένου"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "άγνωστο"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "άγνωστος αλγόριθμος δημοσίου κλειδιού"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Αδυναμία ελέγχου της υπογραφής: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "δεν είναι αποκομμένη υπογραφή\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: εντοπισμός πολλαπλών υπογραφών. Μόνο η πρώτη θα ελεγχθεί.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "ανεξάρτητη υπογραφή κλάσης 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "υπογραφή παλιού στυλ (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "αδυναμία πρόσβασης του αρχείου: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "trustdb: read απέτυχε (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "αδυναμία χειρισμού του αλγόριθμου δημοσίου κλειδιού %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "ο εξαναγκασμός του αλγόριθμου περίληψης %s (%d) παραβιάζει τις\n"
 "προεπιλογές του παραλήπτη\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "μη υλοποιημένος αλγόριθμος κρυπτογράφησης"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "ο εξαναγκασμός του αλγόριθμου περίληψης %s (%d) παραβιάζει τις\n"
 "προεπιλογές του παραλήπτη\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: μη συνειστώμενη επιλογή \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "παρακαλώ χρησιμοποιήστε το \"%s%s\" καλύτερα\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστώμενη επιλογή\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Ασυμπίεστο"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "Ασυμπίεστο"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "αυτό το μήνυμα ίσως δεν μπορεί να χρησιμοποιηθεί από %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "ανάγνωση επιλογών από `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "άγνωστη κλάση υπογραφής"
@@ -6664,93 +6578,83 @@ msgstr "%s: άγνωστη κατάληξη\n"
 msgid "Enter new filename"
 msgstr "Πληκτρολογήστε ένα νέο όνομα αρχείου"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "εγγραφή στην stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "υπόθεση υπογεγραμμένων δεδομένων στο `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "αδυναμία χειρισμού του αλγόριθμου δημοσίου κλειδιού %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: πιθανόν μη ασφαλές κρυπτογραφημένο συμμετρικά κλειδί\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Σημείωση κρίσιμης υπογραφής: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "υποπακέτο τύπου %d έχει ορισμένο το κριτικό bit\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "πρόβλημα με τον agent: agent επιστρέφει 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "αλλαγή της φράσης κλειδί"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Πληκτρολογήστε τη φράση κλειδί\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "ακυρώθηκε από το χρήστη\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (κύριο κλειδί, ID %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Πληκτρολογήστε τη φράση κλειδί· αυτή είναι μια μυστική πρόταση \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Σίγουρα θέλετε να διαγραφούν τα επιλεγμένα κλειδιά; "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Σίγουρα θέλετε να διαγραφούν τα επιλεγμένα κλειδιά; "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6760,7 +6664,7 @@ msgid ""
 "%s"
 msgstr "%u-bit %s κλειδί, ID %08lX, δημιουργία %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6774,35 +6678,81 @@ msgstr ""
 "χρησιμοποιείτε μια μεγάλη εικόνα το κλειδί σας αντίστοιχα θα γίνει μεγάλο!\n"
 "Ιδανίκό μέγεθος για μια εικόνα είναι αυτό κοντά στο 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Πληκτρολογήστε ένα όνομα αρχείου για το photo ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "αδυναμία πρόσβασης του αρχείου: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Σίγουρα θέλετε ακόμα να το χρησιμοποιήσετε; (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" δεν είναι JPEG αρχείο\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Είναι αυτή η φωτογραφία σωστή (y/N/q); "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "δεν υποστηρίζετε η απομακρυσμένη εκτέλεση προγράμματος\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"αυτή η πλατφόρμα απαιτεί προσωρ. αρχεία στην κλήση εξωτερικών προγραμμάτων\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "αδυναμία εκτέλεσης του %s \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "αφύσικη έξοδος του εξωτερικού προγράμματος\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "σφάλμα συστήματος κατά την κλήση εξωτερικού προγράμματος: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής tempfile (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία διαγραφής προσωρινού φακέλου `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"οι κλήσεις εξωτερικών προγραμμάτων απενεργοποιήθηκαν λόγω ανασφαλών αδειών\n"
+"αρχείου\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "αδυναμία απεικόνισης του photo ID!\n"
@@ -6817,106 +6767,106 @@ msgstr "αδυναμία απεικόνισης του photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Δεν δόθηκε αξία εμπιστοσύνης στο:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "                γνωστό σαν \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Αυτό το κλειδί πιθανώς ανήκει στον ιδιοκτήτη\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Δεν ξέρω\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d =  ΔΕΝ έχω εμπιστοσύνη\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Εμπιστεύομαι απόλυτα\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = πίσω στο κυρίως μενού\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " s = παράλειψη αυτού του κλειδιού\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " q = τερματισμός\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Η απόφαση σας; "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Σίγουρα θέλετε αυτό το κλειδί να οριστεί σαν απόλυτης εμπιστοσύνης; "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Πιστοποιητικά που οδηγούν σε ένα κλειδί απόλυτης εμπιστοσύνης:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Δεν υπάρχει ένδειξη ότι η υπογραφή αυτή ανήκει στον ιδιοκτήτη.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Δεν υπάρχει ένδειξη ότι η υπογραφή αυτή ανήκει στον ιδιοκτήτη.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Αυτό το κλειδί πιθανώς ανήκει στον ιδιοκτήτη\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Αυτό το κλειδί ανήκει σε εμάς\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6928,7 +6878,7 @@ msgstr ""
 "να απαντήσετε στην επόμενη ερώτηση καταφατικά\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6940,99 +6890,118 @@ msgstr ""
 "να απαντήσετε στην επόμενη ερώτηση καταφατικά\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Χρήση οπωσδήποτε αυτού του κλειδιού; "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Χρήση κλειδιού χωρίς εμπιστοσύνη!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αυτό το κλειδί μπορεί να ανακληθεί (λείπει το κλειδί "
 "ανάκλησης)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "user ID: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "κλειδί %08lX: δεν ταιριάζει με το αντίγραφο μας\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί έχει ανακληθεί από τον ορισμένο ανακλητή!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί έχει ανακληθεί από τον ιδιοκτήτη του!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Αυτό μπορεί να σημαίνει ότι η υπογραφή είναι πλαστογραφία.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το υποκλειδί έχει ανακληθεί από τον ιδιοκτήτη του!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Σημείωση: Αυτό το κλειδί έχει απενεργοποιηθεί.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Σημείωση: Αυτό το κλειδί έχει λήξει!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί δεν έχει πιστοποιηθεί με εμπιστεύσιμη "
+"υπογραφή!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί δεν έχει πιστοποιηθεί με εμπιστεύσιμη "
 "υπογραφή!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Δεν υπάρχει ένδειξη ότι η υπογραφή ανήκει στον ιδιοκτήτη.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: ΔΕΝ εμπιστευόμαστε αυτό το κλειδί!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Η υπογραφή μάλλον είναι πλαστογραφία.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί δεν έχει πιστοποιηθεί με υπογραφές\n"
+"αρκετής εμπιστοσύνης!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7040,51 +7009,51 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Αυτό το κλειδί δεν έχει πιστοποιηθεί με υπογραφές\n"
 "αρκετής εμπιστοσύνης!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Δεν είναι βέβαιο ότι η υπογραφή ανήκει στον ιδιοκτήτη.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: παραλείφθηκε: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: παραλείφθηκε: το δημόσιο κλειδί έχει απενεργοποιηθεί.\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: παραλείφθηκε: δημόσιο κλειδί είναι ήδη παρόν\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "αδυναμία σύνδεσης στο `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Δεν ορίστηκε ένα user ID. (χρησιμοποιείστε το \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7092,41 +7061,41 @@ msgstr ""
 "\n"
 "Πληκτρολογήστε το user ID. Τέλος με μια άδεια γραμμή: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Δεν υπάρχει αυτό το user ID.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "παραλείφθηκε: δημόσιο κλειδί έχει ήδη οριστεί σαν εξ ορισμού παραλήπτης\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Το δημόσιο κλειδί έχει απενεργοποιηθεί.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "παραλείφθηκε: δημόσιο κλειδί έχει ήδη οριστεί\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "καμμία έγκυρη διεύθυνση\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
@@ -7136,78 +7105,83 @@ msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "δεδομένα δεν αποθηκεύτηκαν. Αποθήκευση με την επιλογή \"--output\"\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Αποκομμένη υπογραφή.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Εισάγετε το όνομα αρχείου δεδομένων: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "ανάγνωση της stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "δεν υπάρχουν υπογεγραμμένα δεδομένα\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "αδυναμία πρόσβασης υπογεγραμμένων δεδομένων `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "αδυναμία πρόσβασης υπογεγραμμένων δεδομένων `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "ανώνυμος παραλήπτης· δοκιμή μυστικού κλειδιού %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "κλειδί %08lX: δεν υπάρχει αυτό το user ID\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "εντάξει, είμαστε ο ανώνυμος παραλήπτης.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "παλαιά κωδικοποίηση του DEK δεν υποστηρίζεται\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "ο αλγόριθμος κρυπτογράφησης %d%s είναι άγνωστος ή απενεργοποιημένος\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "ΣΗΜΕΙΩΣΗ: ο αλγόριθμος κρυπτογράφησης %d δεν είναι στις επιλογές\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το μυστικό κλειδί %08lX έληξε στις %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί έχει ανακληθεί"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet απέτυχε: %s\n"
@@ -7225,48 +7199,48 @@ msgstr "Προς ανάκληση από:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Αυτό είναι ένα ευαίσθητο κλειδί ανάκλησης)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Το μυστικό κλειδί είναι διαθέσιμο.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Δημιουργία ενός πιστοποιητικού ανάκλησης για αυτό το κλειδί; "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Εξαναγκασμός εξόδου σε θωρακισμένο ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet απέτυχε: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "δε βρέθηκαν κλειδιά ανάκλησης για το `%s'\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Δημιουργία ενός πιστοποιητικού ανάκλησης για αυτό το κλειδί; "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7275,20 +7249,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "το μυστικό κλειδί `%s' δε βρέθηκε: %s\n"
@@ -7301,18 +7275,18 @@ msgstr "το μυστικό κλειδί `%s' δε βρέθηκε: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Δημιουργία ενός πιστοποιητικού ανάκλησης για αυτό το κλειδί; "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7331,38 +7305,38 @@ msgstr ""
 "προσοχή το σύστημα εκτύπωσης στο μηχανημά σας μπορεί να αποθηκεύσει την\n"
 "εκτύπωση και να την κάνει διαθέσιμη σε άλλους!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Ακύρωση"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Πιθανών να θέλετε να επιλέξετε το %d εδώ)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Πληκτρολογήστε μια προαιρετική περιγραφή· τέλος με μια άδεια γραμμή:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Αιτία για ανάκληση: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Δεν δώθηκε περιγραφή)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Είναι αυτό εντάξει; "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "δημιουργήθηκε αδύναμο κλειδί - επανάληψη προσπάθειας\n"
@@ -7374,52 +7348,47 @@ msgstr ""
 "αδυναμία αποφυγής αδύναμου κλειδιού για συμμετρικό κρυπταλγόριθμο, δοκιμή "
 "για %d φορές!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: σύγκρουση υπογραφής περίληψης στο μήνυμα\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+#| msgid "you may not use %s while in %s mode\n"
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
+
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το υπογράφων υποκλειδί %08lX δεν έχει κατ' αντιπαράσταση "
 "πιστοποιηθεί\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = απεικόνιση περισσότερων πληροφοριών\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: το υπογράφων υποκλειδί %08lX έχει άκυρη κατ' αντιπαράσταση "
 "πιστοποίηση\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7428,7 +7397,7 @@ msgstr[0] ""
 msgstr[1] ""
 "το δημόσιο κλειδί %08lX είναι %lu δευτερόλεπτο νεότερο από την υπογραφή\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7437,7 +7406,7 @@ msgstr[0] ""
 msgstr[1] ""
 "το δημόσιο κλειδί %08lX είναι %lu δευτερόλεπτο νεότερο από την υπογραφή\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7450,7 +7419,7 @@ msgstr[1] ""
 "το κλειδί δημιουργήθηκε %lu δευτερόλεπτο στο μέλλον (χρονοδίνη ή\n"
 "απλώς πρόβλημα στο ρολόι)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7462,51 +7431,51 @@ msgstr[1] ""
 "το κλειδί δημιουργήθηκε %lu δευτερόλεπτο στο μέλλον (χρονοδίνη ή\n"
 "απλώς πρόβλημα στο ρολόι)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί υπογραφής %08lX έληξε στις %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί έχει ανακληθεί"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "ανεξάρτητη υπογραφή κλάσης 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "ανεξάρτητη υπογραφή κλάσης 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "υπόθεση κακής υπογραφής από κλειδί %08lX λόγω άγνωστου κρίσιμου bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "κλειδί %08lX: κανένα υποκλειδί για το πακέτο ανάκλησης υποκλειδιού\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "κλειδί %08lX: δεν υπάρχει υποκλειδί για τη δέσμευση υποκλειδιού\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία στην %%-ανάπτυξη σημείωσης (πολυ μεγάλη).\n"
 "               Χρήση μη ανεπτυγμένου.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7514,7 +7483,7 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία στη %%-ανάπτυξη του url πολιτικής (πολυ μεγάλο).\n"
 "               Χρήση μη ανεπτυγμένου.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7523,12 +7492,12 @@ msgstr ""
 "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: αδυναμία στη %%-ανάπτυξη του url πολιτικής (πολυ μεγάλο).\n"
 "               Χρήση μη ανεπτυγμένου.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s υπογραφή από: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7536,41 +7505,42 @@ msgstr ""
 "ο εξαναγκασμός του αλγόριθμου περίληψης %s (%d) παραβιάζει τις\n"
 "προεπιλογές του παραλήπτη\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "υπογραφή:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s κρυπτογράφηση θα χρησιμοποιηθεί\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "το κλειδί δεν έχει σημειωθεί σαν ανασφαλές - δεν μπορεί να χρησιμοποιηθεί με "
 "ψεύτικη RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "παραλείφθηκε `%s': αντιγράφτηκε\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "παραλείφθηκε `%s': αυτό είναι δημιουργημένο από PGP κλειδί ElGamal και δεν "
 "είναι ασφαλές για υπογραφές!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "εγγραφή trust %lu, τύπος %d: write απέτυχε: %s\n"
@@ -7584,46 +7554,46 @@ msgstr ""
 "# Λίστα των καθορισμένων τιμών εμπιστοσύνης, δημιουργήθηκε %s\n"
 "# (Χρήση του \"gpg --import-ownertrust\" για επαναφορά τους)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "η γραμμή είναι πολύ μεγάλη\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "εισαγωγή των τιμών εμπιστοσύνης"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "σφάλμα στην εύρεση της εγγραφής εμπιστοσύνης: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sync απέτυχε: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "αδυναμία δημιουργίας του `%s': %s\n"
@@ -7633,12 +7603,12 @@ msgstr "αδυναμία δημιουργίας του `%s': %s\n"
 msgid "can't lock '%s'\n"
 msgstr "αδυναμία πρόσβασης του `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: αποτυχία lseek: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: αποτυχία write (n=%d): %s\n"
@@ -7653,7 +7623,7 @@ msgstr "πολύ μεγάλη συναλλαγή trustdb\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ο φάκελος δεν υπάρχει!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "αδυναμία κλεισίματος του `%s': %s\n"
@@ -7695,7 +7665,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: σφάλμα στην ενημέρωση της εγγραφής έκδοσης: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: σφάλμα στην ανάγνωση της εγγραφής έκδοσης: %s\n"
@@ -7705,52 +7675,52 @@ msgstr "%s: σφάλμα στην ανάγνωση της εγγραφής έκ
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: σφάλμα στην εγγραφή της εγγραφής έκδοσης: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: απέτυχε lseek: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read απέτυχε (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: δεν είναι trustdb αρχείο\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: εγγραφή έκδοσης με recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: μη έγκυρη έκδοση αρχείου %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: σφάλμα στην ανάγνωση της εγγραφής free : %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: αποτυχία στον μηδενισμό μιας εγγραφής: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: αποτυχία στην προσθήκη μιας εγγραφής: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: δημιουργήθηκε η trustdb\n"
@@ -7792,10 +7762,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
@@ -7817,7 +7787,7 @@ msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
@@ -7989,111 +7959,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Διαγράφηκαν %d υπογραφές.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "κρυπτογραφημένο με %lu φράσεις κλειδιά\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Πολιτική: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8110,118 +8080,118 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' δεν είναι έγκυρο μακρύ keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "κλειδί %08lX: αποδοχή σαν κλειδί με εμπιστοσύνη\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "το κλειδί %08lX υπάρχει πάνω από μια φορά στην trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "κλειδί %08lX: κανένα δημόσιο κλειδί για το κλειδί με εμπιστοσύνη - "
 "παράλειψη\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "σημείωση κλειδιού σαν απόλυτης εμπιστοσύνης.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "εγγραφή trust %lu, req τύπος %d: read απέτυχε: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "η εγγραφή trust %lu δεν είναι του ζητούμενου τύπου %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "δεν υπάρχει ανάγκη για έλεγχο της trustdb\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "επόμενος έλεγχος της trustdb θα γίνει στις %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "δεν υπάρχει ανάγκη για έλεγχο της trustdb\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "δεν υπάρχει ανάγκη για έλεγχο της trustdb\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "το δημόσιο κλειδί %08lX δεν βρέθηκε: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "παρακαλώ κάντε ένα --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "έλεγχος της trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu κλειδιά έχουν μέχρι τώρα επεξεργαστεί\n"
 msgstr[1] "%lu κλειδιά έχουν μέχρι τώρα επεξεργαστεί\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8229,46 +8199,46 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d κλειδιά επεξεργάστηκαν (%d μετρήσεις εγγυρότητας πέρασαν)\n"
 msgstr[1] "%d κλειδιά επεξεργάστηκαν (%d μετρήσεις εγγυρότητας πέρασαν)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "δε βρέθηκαν απόλυτα εμπιστεύσιμα κλειδιά\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr ""
 "δε βρέθηκε το δημόσιο κλειδί του απόλυτα εμπιστεύσιμου κλειδιού %08lX\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "εγγραφή trust %lu, τύπος %d: write απέτυχε: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "ποτέ     "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8280,43 +8250,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[ανακλημένο]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[ληγμένο]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "άγνωστο"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "ποτέ     "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8341,20 +8311,31 @@ msgstr "γραμμή εισόδου %u είναι πολύ μεγάλη ή τη
 msgid "can't open fd %d: %s\n"
 msgstr "αδυναμία πρόσβασης στο `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: δεν προστατεύτηκε η ακεραιότητα του μηύματος\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "ανάγνωση επιλογών από `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8364,129 +8345,225 @@ msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθε
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "αλλαγή της φράσης κλειδί"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "αλλαγή της φράσης κλειδί"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "αλλαγή της φράσης κλειδί"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "`%s' ήδη συμπιέστηκε\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "αφαίρεση των κλειδιών από τη δημόσια κλειδοθήκη"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Η δημιουργία κλειδιού απέτυχε: %s\n"
+msgstr[1] "Η δημιουργία κλειδιού απέτυχε: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Σημείωση: Αυτό το κλειδί έχει απενεργοποιηθεί.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "αποτυχία επαναδόμησης της cache κλειδοθήκης: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "αφαίρεση των κλειδιών από τη δημόσια κλειδοθήκη"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
@@ -8494,43 +8571,43 @@ msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "keyserver αποστολή απέτυχε: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8538,22 +8615,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8561,123 +8638,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "αλλαγή της φράσης κλειδί"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "σφάλμα κατά την ανάγνωση του μπλοκ κλειδιών: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: σφάλμα στην ανάγνωση της εγγραφής free : %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "`%s' ήδη συμπιέστηκε\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "δημιουργία ενός νέου ζεύγους κλειδιών"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "μη υποστηριζόμενο URI"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Η δημιουργία κλειδιού απέτυχε: %s\n"
-msgstr[1] "Η δημιουργία κλειδιού απέτυχε: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s υπογραφή, αλγόριθμος περίληψης %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "δε βρέθηκαν έγκυρα OpenPGP δεδομένα.\n"
@@ -8690,101 +8725,99 @@ msgstr "αλλαγή της φράσης κλειδί"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "μη χρήση τερματικού"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "συγκρουόμενες εντολές\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "help"
@@ -8818,7 +8851,7 @@ msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
@@ -8833,7 +8866,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8854,240 +8887,240 @@ msgstr "σφάλμα στη δημιουργία της φράσης κλειδ
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί έχει ανακληθεί"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Αυτό το κλειδί έχει λήξει!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Αυτό το κλειδί έχει λήξει!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Αυτό το κλειδί έχει λήξει!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Αυτό το κλειδί έχει λήξει!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "        νέες υπογραφές: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "κακό πιστοποιητικό"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "απεικόνιση του fingerprint"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "επαλήθευση μιας υπογραφής"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "κακό πιστοποιητικό"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "μη επεξεργασμένο"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "όχι|οχι"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9101,177 +9134,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u-bit %s κλειδί, ID %08lX, δημιουργία %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "κακό πιστοποιητικό"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Μη έγκυρη διεύθυνση Email\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "κλειδί %08lX: μη έγκυρη δέσμευση υποκλειδιού\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "αδυναμία δημιουργίας της κλειδοθήκης `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Η δημιουργία κλειδιού απέτυχε: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (υπογραφή και κρυπτογράφηση)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (για υπογραφή μόνο)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (για κρυπτογράφηση μόνο)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Δεν δώθηκε περιγραφή)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
@@ -9281,261 +9324,255 @@ msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "μη έγκυρος αλγόριθμος  hash `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Διεύθυνση Email: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Πληκτρολογήστε το user ID. Τέλος με μια άδεια γραμμή: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Πληκτρολογήστε ένα νέο όνομα αρχείου"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Πληκτρολογήστε μια προαιρετική περιγραφή· τέλος με μια άδεια γραμμή:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Δημιουργία ενός πιστοποιητικού ανάκλησης για αυτό το κλειδί; "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s κρυπτογραφημένα δεδομένα\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "κρυπτογραφημένο με %s key, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του μπλοκ κλειδιών: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Δεν δώθηκε περιγραφή)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "απεικόνιση της λίστας μυστικών κλειδιών"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "κακό πιστοποιητικό"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "κακό πιστοποιητικό"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "κακό πιστοποιητικό"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "μη χρήση τερματικού"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "δημιουργία ascii θωρακισμένης εξόδου"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|ΟΝΟΜΑ|χρήση ΟΝΟΜΑτος σαν προκαθορισμένο μυστικό κλειδί"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "προσθήκη αυτού του κλειδιού στη λίστα των κλειδοθηκών"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ΔΙΑΚΟΜΙΣΤΗΣ|χρήση αυτού του διακομιστή κλειδιών για αναζήτηση"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|ΟΝΟΜΑ|χρήση αλγόριθμου κρυπτογράφησης ΟΝΟΜΑ για φράσεις κλειδιά"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|ΟΝΟΜΑ|χρήση αλγόριθμου κρυπτογράφησης ΟΝΟΜΑ"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|ΟΝΟΜΑ|χρήση αλγόριθμου περίληψης μηνύματος ΟΝΟΜΑ "
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "κατάσταση batch: να μη γίνονται ερωτήσεις"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "απάντηση ναι στις περισσότερες ερωτήσεις"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "απάντηση όχι στις περισσότερες ερωτήσεις"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9546,87 +9583,122 @@ msgstr ""
 "υπογραφή, έλεγχος, κρυπτογράφηση ή αποκρυπτογράφηση\n"
 "η προκαθορισμένη λειτουργία εξαρτάται από τα δεδομένα εισόδου\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "αδυναμία σύνδεσης στο `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Δεν δώθηκε περιγραφή)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = παράλειψη αυτού του κλειδιού\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "εγγραφή στο  `%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "αδυναμία κλεισίματος του `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Συνολικός αριθμός που επεξεργάστηκαν: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? πρόβλημα στον έλεγχο ανάκλησης: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9635,17 +9707,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9656,14 +9728,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9671,53 +9743,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "δεν υποστηρίζεται ο αλγόριθμος προστασίας %d%s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "απέτυχε ο έλεγχος της υπογραφής που δημιουργήθηκε: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Υπογραφή έγινε στο %.*s με χρήση του κλειδιού%s ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Υπογραφή έληξε στις %s.\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "θωράκιση: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Καλή υπογραφή από \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                γνωστό σαν \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9744,101 +9821,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "αδυναμία δημιουργίας του `%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "απεικόνιση του fingerprint"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "κακό πιστοποιητικό"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
@@ -10367,64 +10444,64 @@ msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "κακό πιστοποιητικό"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "κακό πιστοποιητικό"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "κακό πιστοποιητικό"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "κακό πιστοποιητικό"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Πληκτρολογήστε το user ID του διορισμένου ανακλητή: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10432,226 +10509,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "αδυναμία σύνδεσης στο `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί έχει ανακληθεί"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "αδυναμία λήψης πληροφοριών για το `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Υποστηριζόμενοι αλγόριθμοι:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|ΔΙΑΚΟΜΙΣΤΗΣ|χρήση αυτού του διακομιστή κλειδιών για αναζήτηση"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10664,126 +10736,315 @@ msgstr ""
 "@\n"
 "(δείτε τη σελίδα man για μια πλήρη λίστα εντολών και επιλογών)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "χρήση: gpg [επιλογές] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "το %s δεν επιτρέπεται με το %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "θωράκιση απέτυχε: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "η γραμμή είναι πολύ μεγάλη\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "σφάλμα ανάγνωσης: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "μη επεξεργασμένο"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|ΟΝΟΜΑ|καθορισμός του σετ χαρακτήρων τερματικού σε ΟΝΟΜΑ"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "ανάγνωση από `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "          χωρίς user ID: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "                γνωστό σαν \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "                γνωστό σαν \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "          μη  εισαχθέντα: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "                γνωστό σαν \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "                γνωστό σαν \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Δεν δώθηκε περιγραφή)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: χρήση μη ασφαλούς μνήμης!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "θωράκιση απέτυχε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "θωράκιση απέτυχε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "θωράκιση απέτυχε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "θωράκιση απέτυχε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "αποθωράκιση απέτυχε: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" δεν είναι JPEG αρχείο\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "πάρα πολλές `%c' προεπιλογές\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "εγγραφή στο  `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
@@ -10813,51 +11074,31 @@ msgstr "η ενημέρωση απέτυχε: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "αναζήτηση του \"%s\" από το HKP διακομιστή %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" δεν είναι JPEG αρχείο\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " s = παράλειψη αυτού του κλειδιού\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10945,93 +11186,93 @@ msgstr "απέτυχε ο έλεγχος της υπογραφής που δημ
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "δεν υπάρχει προκαθορισμένη κλειδοθήκη: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "χρήση του κρυπταλγόριθμου: %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "ΣΗΜΕΙΩΣΗ: το κλειδί έχει ανακληθεί"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11041,68 +11282,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "η υπογραφή απέτυχε: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "η υπογραφή απέτυχε: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "αδυναμία δημιουργίας του `%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: αδυναμία δημιουργίας hashtable: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "αποτυχία αρχικοποίησης της TrustDB: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "αποτυχία επαναδόμησης της cache κλειδοθήκης: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11148,251 +11393,269 @@ msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "τερματισμός"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "η γραμμή είναι πολύ μεγάλη\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "η υπογραφή απέτυχε: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "δημόσιο κλειδί είναι %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "σφάλμα δικτύου"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "κακή φράση κλειδί"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "δεν βρέθηκε το δημόσιο κλειδί"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Παρακαλώ χρησιμοποιείστε την εντολή \"toggle\" πρώτα.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "άγνωστο αντικείμενο ρυθμίσεως \"%s\"\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "άγνωστο αντικείμενο ρυθμίσεως \"%s\"\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "ανανέωση της βάσης δεδομένων εμπιστοσύνης"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "χρήση ως αρχείου εξόδου"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "δεν βρέθηκε το δημόσιο κλειδί"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
@@ -11408,115 +11671,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n"
-#~ "επιλογές του παραλήπτη\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "παραλείφθηκε: μυστικό κλειδί ήδη παρών\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "εγγραφή στο  `%s'\n"
+msgid "authenticate to the card"
+msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "αναζήτηση κλειδιών σε ένα διακομιστή κλειδιών"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Τερματισμός χωρίς αποθήκευση; "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "αλλαγή της ημερομηνίας λήξης"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "αίτηση κλειδιού %08lX από το %s\n"
+msgid "read a certificate from a data object"
+msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Δεν δώθηκε περιγραφή)\n"
+msgid "store a certificate to a data object"
+msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "αδυναμία επεξεργασίας του URI του διακομιση κλειδιών\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "αλλαγή της φράσης κλειδί"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|ΟΝΟΜΑ|καθορισμός του σετ χαρακτήρων τερματικού σε ΟΝΟΜΑ"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "αδυναμία εγγραφής μυστικής κλειδοθήκης `%s': %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|ΟΝΟΜΑ|χρήση του ΟΝΟΜΑτος ως προκαθορισμένου παραλήπτη"
+#~ msgid "use a log file for the server"
+#~ msgstr "αναζήτηση κλειδιών σε ένα διακομιστή κλειδιών"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Χρήση: gpg [επιλογές] [αρχεία] (-h για βοήθεια)"
+#~ msgid "argument not expected"
+#~ msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
+#~ msgid "read error"
+#~ msgstr "σφάλμα ανάγνωσης αρχείου"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "η γραμμή είναι πολύ μεγάλη\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "μη έγκυρο όρισμα"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "μη έγκυρη θωράκιση"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "συγκρουόμενες εντολές\n"
+
+#, fuzzy
+#~ msgid "invalid alias definition"
+#~ msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "το κλειδί '%s' δε βρέθηκε: %s\n"
+#~ msgid "out of core"
+#~ msgstr "μη επεξεργασμένο"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "ανάγνωση από `%s'\n"
+#~ msgid "invalid meta command"
+#~ msgstr "συγκρουόμενες εντολές\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "          χωρίς user ID: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                γνωστό σαν \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "μη αναμενόμενα δεδομένα"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "                γνωστό σαν \""
+#~ msgid "invalid option"
+#~ msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "          μη  εισαχθέντα: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Μη έγκυρη εντολή  (δοκιμάστε \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                γνωστό σαν \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "μη έγκυρες επιλογές ειγαγωγής\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                γνωστό σαν \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "ΣΗΜΕΙΩΣΗ: μη προκαθορισμένο αρχείο επιλογών `%s'\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Δεν δώθηκε περιγραφή)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "αρχείο επιλογών `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: χρήση μη ασφαλούς μνήμης!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "θωράκιση απέτυχε: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "αδυναμία εκτέλεσης του %s \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "αδυναμία εκτέλεσης του εξωτερικού προγράμματος\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "αδυναμία ανάγνωσης της απάντησης του εξωτερικού προγράμματος: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "θωράκιση απέτυχε: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA και ElGamal (προκαθορισμένο)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "αποθωράκιση απέτυχε: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Τερματισμός χωρίς αποθήκευση; "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11565,8 +11902,8 @@ msgstr ""
 #~ msgstr "αδυναμία πρόσβασης του %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11621,12 +11958,6 @@ msgstr ""
 #~ msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "απαγορεύετε η χρήση του %s στην κατάσταση %s.\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12935,9 +13266,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "διαγραφή υπογραφών"
 
-#~ msgid "change the expire date"
-#~ msgstr "αλλαγή της ημερομηνίας λήξης"
-
 #~ msgid "set preference list"
 #~ msgstr "ορισμός απεικόνισης επιλογών"
 
@@ -13377,9 +13705,6 @@ msgstr ""
 #~ "χρόνο\n"
 #~ "          για την εισαγωγή του\n"
 
-#~ msgid " (default)"
-#~ msgstr " (προκαθορισμένο)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  δημιουργία: %s λήξη: %s"
 
diff --git a/po/en@boldquot.gmo b/po/en@boldquot.gmo
index 7d2dcf12a5bee30dede36e7414602d9bb1fec8a5..4dde19d06ef114a511ffd6b5add3440b40666791 100644
GIT binary patch
delta 55995
zcmZ792i(o&|M>B9-?zPGMsbXgmF(@dXGT<tA}b1QDe8ozA|n(HEm0|>B9c%UUnx-(
z4N-}VcG2>Gz0P&{J$n4l<9m93uIqDsuJOLcIc{}-AA70bs;>&BzC0_(+yt-Hc@l|p
z@bmVG#OwJJiN~j!n@Eg(Bax_uw_`J0jCnE=iLbE~>0@gXiT`1aHxr3s_yLy2gIE^-
z!tz*ZT}U^=b4d5b;)z5maYM|QjCHy3Ot_KQjg?4$AJc{23J+F_W+N3OuEewOrkI`_
z?>~xl$bTKJ_b@iXvg<>-H@2hw#Jyb9=Ei&28UI8Jw%ZUI7?1XN7801mQgq~RM0erY
zq`ybY<=7ak5N(M@q#stsTVnovrTxSzE{ftuSOdSsDp>UG5P`;6opgUJgHxi<U;)zW
zumWz29>Wr(3%wIUUl}de4$sA2XnogX$_gLlq9m@wBDft3;ukUhC_1vtcf$zEqYbn}
zpSuF>@QrAF^ROnqibm`!^!a0G`MjG#hm)I#zZJD1!w36DZ;nonzJONnE}oAE&?(5j
zIgv<WCA8vpXg&R+W6;pg!jAYNx>kNhJC<_`@weilTS7){bWt@$^Lxbnk=UH{SgedI
z(bc^Vox0zndA5cKmcjGLuYu*T7v{qoqT|phyEnx}4=$d^j(8FqU^aWoMKuPi;7qhb
zucIUU7_Hz3tcXRog^txn%UzDuaSVF@X}l8O#e1;gd!c-4F&EinY)2a^xIH{jAAR65
zyck!a+bPfcA%soPNOeO)d^I`+cf|Cpc>l%ddNdLrV^91A8AvM8?t@VA04&6fnP`Pi
zqN{Z^I?_GSlh}lGnH`BlHSB{<$(>jepTVlQ1D&Ej(E5sf7zS7qU30zh9QXeSF6`O8
z=mXDT5;vk9IEZa9u``iq0d3LqVFEf8Yp@=EjMkH9SBPL$bPaStBYOinkVj(v8m#F4
z-_J!Q%={?yyb2~scSq;)dNkD2V*2Trehb|NA7K$ZibmvbG$QAH9G>ff#Yhi8+qoI-
z=p&f2;HsGMS@ch|r)TdD9cYF=&=<4uHgrU*(Z#hNttWF&IB=?>i?<_QfLEgp&%%<p
z5{=yUJ;dJv-;rShr9KIB)esGN4>SS~#r$PxgIm!Ck79W&@@Y61>Y#Id1*S)ejY&U(
zrSL<v<A>3yDZH2Xm*%3u-WYN$K>B(tjN@Z^8rtLeSOQ-|50GtG2lt>I&Al&J8C{I6
z(KR$09pE(Ne~Bgh!zsHr^;wwnN6?DaV}1M)FT(RaPb50w&6qbMk$4mB;N~xaAE6!j
z3T@yRw#NKlCKAK&BAkJ*;bv^NKTJvfuM&w|q*KkfIG2kyXh;TPUc48};!HHeFQJQQ
zJLbf%@G?Av?Xcy6@I7G?I*=7u8xLY<EP62P`+n%b^b*!^|9`@T`!(z95aJqWhdQ7m
z9fCG|BO0>F=v+RGxp65L!c|xiH=*SY<Jou$-4(^Y37@Xb(E$y|D(?ULxG;3func~H
z#qkIlqJOap=KMBPSQA~v9nc6}iFW9AtcSDEj%`Ax@_np@nTNv2>tH3){jezQCsJHg
zz*%S{UPVLq8J>grz6%dj#XO|DVrA@uPSx#bgeJxON3bC2H_?W-p#waL)>rCq7(jhY
z@Bgk`7_u9p6VM7D!rZtBTj5f4L?^H*Ryq=P!&O*?^et#ZkD*ie1{$GH(W&?qjclRs
zL%B-d6aU6!v?0Se9ETQsAi59@^;>8~yU|epg!wS<(GZ#9Xa^c&H5?Gr_o0zohB@#{
zv;$vb9z1!J_}g&Cv2dmr!Jec$VMCmchVVmdjsIdcW*-k9*Avh={~tENf3OZVIuX7v
z499MypTmy$GiGDcAJ{QCF2zL+F5bWvcnCXS<sZWVbR9Yc<FFG>!kV}pJ%~=BAus$>
zC|?^3l5QE(-OydpAB|WFow^6m=Tn=wIE#zV(9oPfS7+AG;hRlW^nMexp>F8fxDG9!
z!df^7U6gO5q5Tf4;*aPQm;NP8Q7^1bdMsAw@x)>-T>ZPS4*rVH<$1q`k#<AZ#O>%B
zm>u(%p(FYn&%*Dp0se^&pw4fhqkYgLemEAv3788X!m{rF`CPn6#!56)1ApfmEKWj0
ze$F2ue<)TXeIGi~6<8eiV0%1@7vhB{Lud!1yWn>8TzLc?$SY_hw_{`X|4}ZAVdYby
zU}Ll+z0n88U@4r5HuyZ2$94D=et{+Mu0KPB=AaQ-9@Fo{^nN^>{GYK57Wj+!m*%1>
z7i};bt!NS!#`#zjUqH9vT09STp^Ne)+VRBSp@YTI5!b{dc0r%J4$I<1bnX|RQ}q7d
z#QzE|ej?*4?Dh{U6_=n9$n!5>I<N+se-B#z0A^wH)4^;^l5U4i(NMI(=`sIBw8QVA
zk^Bf<J4a8aIG4HjoeW2E3XMR)L`M2tsDwtKE*i3SXvG82P>w^(&qbeKf{u7S8reN~
z4*r1FQy?Rx%c1w1rMR%7K4=4@(GcB_R=67T<976%_!OsLj?9e2<v0!V;vr1pkLb25
znia}7K^Nyx%*G{HACF;EOjXE{k)DhG=r+7Nrk_FA#Af^+^XAM*pK!mTQ&T%v7)dX*
zfzj9kUqh$hXY`;dn>!<YK6FAmHU^vH0xa+T|BMUw`(Nk-75V9ck?4Vr_*!&ZJ&ZQI
z6)kr(rc3j+$OfBX0~~^N@lmv6@1s*zEMKVa0(2_+Vfy?3sF?8px+)(>d%6MLZilft
z{(~1_wfvzYebJL|9Gd?ET5d1q#vBDQ(z~GmGSWnKJRiGY5^uo@DK6%6;kJ4`7We|)
zM!5@Sqz{VoFiE-{T5c#Bp{eL<UW6{Dx6rfy6Lf^%qMs#yU=mvv3XvRuu7O#YGW46d
zaKy*a21*ppNPqQehE~`K{rJ2T-FE%Zas$xSJ{dh)A4eDM%jlxrh>rYyT!6>1Jx(hU
z+*KrlpZ}0ix@hR({b)#E#2NT0TEXzM!s5CQJCoiV(?yDfRoxw3d^4~ozK^}JT=9(b
z$Lvk${S`O?e?S-EjU`fH(JU>Ik?2mwH+TuwD@kbZess?AmI@uJhl5GKgLbTH>9A`$
zqHAXaI)De!#k&@L{yQ|%Mb8fR8{<LJ!%|$ZQxcuaggNh7HY3rG8>7(%wxO&3drTip
z=Y+YggwAnuEP&n7BfB5w!Ryc|xCLDscVju6AMdY5cSUL=7xwfEbX(;;HzWOxrXjkD
zuSK`jO=yMBqucQ{v_pr`?e{l2((}rNNc2GKy%`<AlQI2vOrJp3P%2The3<)2=;G;%
zt#Bl|$X-HM`z~~($I(UiCpzMy$zTOE|3b9moiK?#(IfaqbXQG}zJ&Rl<ZWDd<nBfz
zkfTBv(S?{KeFfgh6pceGI#rP=!;+Q4T%H^4igxsNbO3YE0el?&6Fn!Al|z0{JfHRx
zW4Q33c?$h3Sc&#@2l~Kqtb^yC7v`{gbQBt~Y3Lk3g>KU|Xk^|(BlZDW?lY`_KcG`r
zv<i#di>h2$K?}6uOR*5%f>tyM{X#Jt9nm7R!`oy20nAJKSG2?bq93odt7fFXMK?ir
z#SQ4<T!5~j#Z}q=uFAb+xL8i2b62@q_;jm@BT3(j?&n`(e#i4O68DjQ8hc^&>KTcz
zaXgN}fi*G`*WxGG72DJdC*gE7y&KzNg<7d_pbV`QPP%1i1lC~^Kf^5i8y#_?b~tcK
zU~7_>qDSdG9D?uTFsyq)7~y<$<nLh<JcUkWy*eRMLsDG0z2>0%aT|IRA3_&pp$kJ~
zT3|iWBhZLFfj;*p+Q84)36pg*5<_tW`q{7pU6kLUQ=M5aM6NWt7E(`h;kVg$(A9q!
zEm)#{c(4ZcA>9FO_%SSxZ{P;phpvss8e}9!;8L{Xr5lFw9nt&4(A{%8+VI06ol30c
z!d1E(U0eszlPyo9@IV>#fN6wwa3K2m{$R}CfHrsp{rD~2I2=T6(J2~*mS2V~@L)9A
z#HnEaUB!iqZw6Y?T5OTQk&8}6wPxW2>xoX$&Cwa?u33Ufd^e`QjradWr=(2tFp$A$
zxx3LRc^d1x|KH@I1O9}LpfRmC#KCAp9z_?=2DIFtXvA8#4Ch66bV`P!BfSqD=~}e>
zDZCi7TZIp`*?1G_V%elya&a#g?#E5&gMVOWY|uJ1oI+Rm8gvbuKtJsYwh0lt5L=NR
zi0$wx%*JoAJyvNOB0LgpXCB(_wzlm5?p)+;7aHsveFiOf3|-yj+J{JVL(hSmuqkfF
zW|+|-bf5(q@;lMzHlrUtzsCGh9mAK}f#}+Jwj=xhelETx!x3EHDa_3>Y(sh*o{t4P
zhXbP#njVL)mFLire2j*^SeK0SpZ7bUk(`Zw(b$RESg325k{)PBA5L*`2^ag(ZP=h&
z==l|xo=Y?mYtbn=j@j7gqR{YI^hA3d?QmB2aK8h3K1@M(%{p{#eUFW>M2|3l)J0ra
zU_5#<y%61p&UyZxp<~(TY9ES&@h%*W2XQQR?G-xuE?z<Ucl?xH)a&9f_tpD^DZCWj
zRpXHXr4kFdFcc@yIc;=FM*0T^H(`SREkQ&5(xqXQe}*|p|AijS8JC44J10&eT?seg
zVsyl#`i8Gw^Uz4HM;Gr;Sl9hu;_{5dG%`A&9odaOSni52hn>;LOhLEd>X`l+E0V6%
zFEr2rE07+AZrd4XWLKh7aS;79E!{tSTdsz6X+P0~ivc(iJz%zDK0F-#CHikP@0H<1
zERL3I5$%LUN%zL$I21i-?m&<9x#;(RC0GR4W6BCX<RTY-hI#QI7Qka@!Bc3td{>3<
zfF;n+`3h)cdZ8hmh>dX(8tVP%?kGASY}=mbu2_iahzwx=yU0op3`gWe=q|Vx(?>E^
zBfS<qc)mdwVb;~*3(7g@NNb=S&c=dx5w^vC=wf>k9l(}&e-}D+UtP`qPjZnpD2$*o
zdT?|?r(#U>A@s}TQgktHiuu1{A<{(#hX%@{A+L^hxILbWL(sJ`5tFzOt$$OB3wv?^
z{dmkVB;2Tg?&lV01$U#L=L^v9h^x>@e29kf2pYNaL&E^tp&hviZRkPtJb3}_$mi%3
zrT*o@xvVoRERuofNXMXS;z4vIbI=A~#Z26e&h-wo19`3q&$mP))CY~^By<W_pi{ap
zrgIHXx5MB6aA5@<&`-Vb==OOP-Hv<FPqB(4!iYwoBe)0c=pr<N>oAF5p(D<?Hgx!0
zG=dG$2=_s^<&9X<{l9<<D_Ds({3#l$f6*RacwJazSE3Kzgzkzbqs!y{jaY*GJ!nJ6
z(2nLE8LWZsmW$B#?!q$e|EFVtH_=FZiLTb-qrz9G^609ri_I__{ZJW?Rd5Yf$FI<a
z^N$YOxEdx&*G1P%Z*&SrVR^h4Q-*307ak06ql;z_+S8xV`xUPbA#900*dJ|Ze9WJZ
zuA$e_Mfx4OEl;DLmc?%f9c_t5Xehe)#@)dFw`VVt;Ue3De#<?Cu7xr;W+bw)7rNLU
zLL>AZIz<^bg~e7MU1WpNkWWLWaw+D-kI{kcLp%5zI^cpgv;V!QaB~<@1GGaIqaz)O
z_IMg5@fmE2@1UXl7cE!nmQb!y^rGlsJd69cqvfWdYv(1jopmWLTnwMY8-Jp!I{&R9
zWEIhfbVj$;o#>RjgdVwD(GDI%Ba}HNM6wyW{jNYGb{`t@x6rlpBf4f%|8n7CI{&ut
zm1r0m%IDE3*oiifXKd(Lxo89Q!0Co|>_&7kJ{8@9)^h^gMWt>J9cqhq{6=I-Qi-`-
zIQPrZk?lbD>ru>)dG82wS^^DSBQ$iK&?y*%J~s|s6OTl<p$+|meg;$+7pAy#bQqR)
z|4-t=Me#TqqSw$VID{^me`31y_>g}A+F%E?Lxa%gZ$>*b6+I^wqKj}RI-oz$ftI*4
zbgVvhqWwf)E*#O*=vr8dcH~R6;v#p2ZBz|i-4~;gxdrp!-Ds%qN9XhvbV|NJJ5Yc{
z?)I#Uc5D#3EoWfL(5&IYiVvXsKI`t#)B0!!dZTlD9lGxy!Xz$3=k`Oip}*1c6(@ud
zHbo<N6&iut(T+ZXc3{H<_P>khdop~m@Wim#s-h=g3-loAgl?lN(W$us3*Z#=xjE?e
zdI@c4JKDhaXorhW3XAnZbikLQ9lmQ4Blcn;87`J>=mRIvDae0Mh)fGik{*E0;oWG1
zPog1RkM5RZ=y_6Ua_Cqiv_n16sTqZqpNB5iO{rMmB)WJ?-Wx)80ov0p=$g0*ZE!9o
zaU~l1J!pqAr-bcQ0WIGHT?03vQ};C5fvsr0zo1i|Dtlij*aGdq$mnEr?iQdUT7yRD
zeRRrxLU%#Q`@;cK7Y+GvOs^5N{4%t`kI)YMg|2}r52Oc@O7!5uhHgL~n2L^c8Cq~h
zOrJzYQhI9WKr3|ahhP%Nqif^|bd4-Wr*;c^f*z0Q3e!TmBUW<%kK@Aa_as{38uY=P
zn8ZKOkd}Thlxv1Y<PvnmBcij>k*~uf?nCSQ3k`L#>7jfB^!@-WPy30xxkw+K=!mzV
z75|7nSY}38M9tCk73frrN2g#ex@}jWYvLeUuF%YIzYZozcSG|>p%I^f>7W0<$c10S
zccN2}YgVYJIyx1XViL!oBYFhWbBiv%kI(`9j8=U1L-G7TJK7s<cqF<8reiwN53&CZ
z?M^am=+{`F`0P+&E40F4XlN&(i*Eti@H_GTL9~H?FgKQ;6Hdsg(R%1MY=xeLSE5t+
z;2ie9N9ogK*wD-9{@fZ1{)Tq&yt(0z*`3hEGzXokt(e{oXaq_=93s^My?<473i{k~
zbZWne=|ZVT!bsYni|%T)!YOFzUP8Cerg;B28p2}pLb;Y`!-He`0W?y}&^56g+u=WG
zgxbsx^$kHIlA6Yai|9pkq?^&XIf9;m8IOiPwbnyN)E4dF$e2G1-EL2#Q?eRegr8t9
z%z7+*X}tt<k)DOwI1gL+`M;M7zhIPlJgk9QXooJs95@2)`Do0CGttOAhKBMrw8LMb
z<$lMaSo(?3vFhktw?^mw613jQc)t7p0WN&tHMD`vn8cmvD*qW>8zmQnkX?xMJkbLk
z>4WG|y9N#UVa$VPKN&hu5v`|5^h&h+1gz)&U(SU+{|24wTu+4v)J7xI1s%aabZ&1!
zE1ZRnXeBy;Z)5%+=v0<{I;@SB=+q5Gr*1kLu~#wW#d}=1_`Z(jeJ1>*;{t3<{s{EJ
zXV8vr!IpRgU3}G^4co2<TJAEmzVR{r47x_Ppd<ehU3>)>vi~huV`2F8>V?j23LV)z
zw1KVYn)m@dC-OfRB2feV80~}(WE?tGv(bnxMLYC1THkkQ1WPRn<?Am>g#z8kF!VQ~
zBb<*`v=)7E589Dji^G)ELg&6M8tUuOh8{x8y&ltFq8-nAJ~UV!ZKqLmK#B`{GzB~1
zLi7MSj#gaeh42H07U=fshK}^Q=p?kl$Iv-`2d(cII*`0ChN-H7S){K;BQqM4n3~9i
z6+RnXix-mq2pv(*C1K90qaC{(r{ldi2TQyZR{M+S)Vzvz;3IU7e?$jT=;g3zFT^D2
zOOOtx5@Wcq;5;<stI&|`L_d~~qbFYOrD2WKMUU)(Xa`545txNZT!SvMedrYBT^7!X
z2I#ICfOd2e)^h(po4%kybnZ^01*<F%tGEmL-R=hTk5Y@#HSq;nQNa~qgtgF)^h5_T
z7MtO0^jz41Mk4V_sJ9YcK>LZ#T)2vFN9X1xBs7T)XhjFHDgG1l8^0RvUxCi~cyy%C
zq1$yQ+EBjN!c^2kKi<2bQ=LL1{s^XQcqJE(@GyF$mR}k6e`mBqlhFP92zJAz*b)Ci
z7j4^B;fGbz(5c&jM&@Wt=YKtXjjxIxXw9)LUi>=y-<~{7hQ5X_o?Yn3e?TkBw>qr;
z>S#wgqvymxwA}4zxj8ZaHMF7k(W(48-p{=zM5ZeGr{gaE$;U5^W6AI!nu^Zt3T%W2
z(8YB28)0Of(9jOS^tO%Zh3MMZg6@(N=%OvVHiW(d+QD&X!;hg;_P-PtNiKdv=d$FR
zp<pXauU7PdN$8*3SD+(bkIv<%=oI~kMli>^_@RRitO=&i4KyOxVP2eoMlLm#3oBfN
zZnyRE#$GH!`d4(sIo}HRtD$q;293Z~=;9oQc4!qQ@dNbvAJAQqSRd9_HS~{k7b6`^
zC9dJZ0(YPlKZADUEwqA9<NYJ(NQ!O<Ct@9Rgssq#T#R{e6dK7fSQno}2e=E}RYx(2
z1vlDGioeq3B9n|xXb8JvP8@-LAGjV3@g3+0r=txl!X)lMpZgJ;W1+W0eO=Mr)E$lB
zSTtgfp=)8a`Lv(-G#2<P-YEA@nERIKq8x<I-F;|73(!csiB|L(x<>v&8$AEr@O*Ey
z<F}y=Pemj0Jl4a{F#Y|%@TSnihG@l?V<8-iRxkw%<6~%pOVBxg4-ILq&7ot}(7Ek^
zPDwwszA@-P=3)+9i%#)|&Fp_0*hhvBo<KvMwIzhQ5c*+M1+Abj+JU>!vws0Pb?>0t
zZ!@~OkE4<J1MNVCtsz3$=(Zb;KL6;}RG7o{WVlGa!X%zTPsB3+3+F*E^c<LghHg0;
z@^8?^d)Brv;-*-D^d;!|F$nG0qtT7%+Bu94q-g5B(C~%m+;%}59**|#Np#V@i|&rk
z<NcH9oL;a!Ohq^JyqJQ9ehGHK&1gppz8@mn46UaFT5oDl%(x?FJd9Sb6kT-xi|$8P
z@o#8_r9TK$(g6+eNc7~Jimr*(*Z}vT&lTAbB2f?Rz!k^<`TXa?xql2@6wA?2Z$m?U
z3O!0|eHi}LioQ6K^m;S`HFt*cozaHJVtQ`TZ^i4;RlgHmD>-(BNae=#{;$D>bI~3h
z$xw7H+=Ev51bWb{M<cTfJs*x^4*Uh(Ehn)v=Kd&zz8AV^=b@o~3yshow7#s5sV~Jv
zNiJ;oLi9#Y^nt+^z;WnEA4b>4t7yc&M?-lU9YERL;fqEybk~eT*TjP8+vw^)gm&bt
zJ?wv1V=FEU{ctor5gqvwG<5HyYa#JT=uk;C#22E^U5b8c-hd9|DYSw0=+qrU>nZhV
zn5r&l`u0!R|1PGN$gto(bYwaAhKkCdQ_%#ye=+99JJH=T8S~?_=r&u1N!)`*><{#-
zSMhzJqwUdh1JHW!-N*j7$4`>sLG%{-1!ET)fg|Y1^M4jreFZesJ<z$m9-XqeG5>k=
z`K@R~_G3XT{CSv)bJ6x%qf<LD6)(oc8xNxuu0-c<D;nZs=n<Uji}0yf61`s)-6dVo
z4yDjYJr~m-qI3Rx%&+)m7{Ep7z*3{QFcg!}#q>BDqSffW-H)z`%>5xkHP9(*g-vi2
zdIB!SB<?^%{v*1GD|{7pOA~bQw!)@328nnov4RU1%O>=}pV81&IuJ(K8x84g=-QZ$
zo)6DrBix0KIN!mL-vG@Yg3a)8wBAqAU6J?eklzeT`T2hv7e%-+0}bI*=ziXeeu(Tw
zLwp(?LA`In2(Cq+dk*c`D$IxPp;NdgdIXKs-{{;o{5G77mtZaT|5Ppv;To)u2hh-$
zJQU`t2_{KjjxN$W&?%UXdGJm2q}zn9l}|8<KcPqPS>J{2+6i5BqtG>RAEw+!uW_Nf
z(0%<Q+MyDML+Dzd9UF~C=vj1o{SPg72wgjcj)b*R9j&K#bS&l~{RBFd3$ZP(J;MHX
z?oN~8BCP&>sGu!6XCu*yo<JLZ8y)fCnEnavNU5V??(3tG8I0CD3uoe+=pw%8SQz;j
z>`3~VW2sQ#_hfh?{emvOD#t^EmtqIf<I(N*4jRJm(1tTlgma=inr@9o;wp5J-hqzz
zg?N7hI<;S*9ZjTu2o2UocfnQYH<+nt!MW%nT#YWCgJ=gbehhPb4m#&8V)`;PLSxYm
zO+XK_1!#R6(0aZ`w_z&tr||cFEzo_RLKn><^nuUO#dR9(Ska%u>Mo19N!La@&=4JI
zPxN5929tOvTF-)*-iV%{2ayh@5}Ch*?Nc7@S$(v^-e|~2p&gqQ^H-zWYgbHvi>{T^
zn8Z52hWowHdWN8D;V!%cUqA<P8jHLC^Zpi2s&eQeY=}0{Bjyi6_x&B{+^#@J@P70-
zx=0KD9u`+!Op?9|Jx5ZQ-mYk5-bANx7Z!8>ALqglW&9C3P#NuU3$(%EXk_j|L;NgS
z;Tz}(52L#y^JMt)Sq+_<2IwkpfevgkI<N(p#1)uwweRAhDrTMvk*JP_ybXGP1iG5%
zqX)-Uv;)6JEB+Z4TTe896uOunLp!(?(~B29F*E)O13T+4_P-wzwaM^C2egNmVJ2RS
zSvU&Y<BjOq{yIA6Kg4wM?~vaYTarH$9l(z0@8|%}{U<Eu_UM6k*+1-mdw44uhG+)b
zq31D)8_?}{0R0Te|8H27t<aDUMz`7hXakF)AE3|ujz%nbI;^2?XnT_|iBF`sa521v
zE~35h#=qzyD^DD(xD^`OYp@B<MR&)J=r3qJr7|+p9jl8@U0*cx_o4MIM%&pE)2U-z
zSg=55Xs9_Fx*^yfr(#Duj809RtjzSMTw8QXx}#Gu2VKOQ&_#O~ttUs0%=D*Y4YVWK
z=x50Qq}^0v4i`T7E*jGBq6Kq?p4P)w<oCrS&O;-z23?c~(8X3HS7v%`v_Q}LThU##
z0Im0b=*WLSJ61e*CjSK$`>z=n?Z}vmj&L6u%HwE5dGchY*F+sO<ekv`k?35`K`UH}
zj&OI({}o*uh4O}u)IguR6z#}eSc3Kw&vN0STZ8WJotVVK=qk;dFU(z4v|}C7a)Zzg
z+#b`j(Jvw|qV=suzb||eJ&G>M(`dQ#^JgYf_OK-v_NX5k(z~O}(1yN5r|36qgQW|E
z#n=xW(fw$sS72TI9IdBt!OZloYKfgP*ly?|eyUJr`m5Oog)&p=UnY~UaOiQdBAJQZ
z6sUprJfmpnSP8VDrsygjgf6m)=l~XA64%D`=V(Vx#r&FQg++c5TJBCvKX+CtT&#^Z
zK1J8SshBQMEZnb!&B^bA9xzj|EpCqKe8s~W>Wq$jI(Ei&=z*2HL}<7b+VDVhitbFs
zi@DL4(K+3O7Th2GJ9>7>5YmR|l=VQ%-4dOJeq1j_51tL^;yi{f-eRS~R5e1^Qfg4V
zxDyMIF%K)?bI~p6r`8cP^rz8s<x7XfSreW6E@*|fqHAU*dZaJLg19>7Z$>-(1u}qC
z;!iGYp#0h4!3JoLyP*}{jPCF0m><`o6>LEp`UdUrUuZq&mI=?*i*}EWh~9%f|0JgW
z{_jmLoQp%4#DCF>%a;umHH`K`KO;tBN1TkVmG{x-zd|cMiFUNaIboYsK=T`-`Mt3@
z4#3Lp|Hrv-HE%@c?u+OTXb3aT4JX)H=mFCh^WkODL1+X<VGo>vc5pv7z^diKnz|B=
z>}_a=7GV14e`~pLUmiqPZ;|rhOmBrAr8i(hoR8lB5J%u?yaz`l!(u#v*`$kA2o3c?
z&y8_-B`&~=@o)4qqen&dzahN4VhGi2G{n!NQ?N0nKaKZ)isq^mB2gB5Qm!ewR;Hq%
zU4(`3YqY+f(UUZP<q)a!qg^Yf!pG?-G92k*bX$FhF1p{)gQwzoVT!t-6%Io~nL-!c
zA~d9LqEoaNeeNVCF<B)Xy{*v`^g3*TOH*8UKpaCyP`PSm`in*@w4$5Q5I%%{imgN&
z{tTV-%xWROGFq++y3a?U9hiklT!VISAA0ux5!0yx=f@8NbQQNm7u}_3M6N+2G827p
zC3-Y(LmT=M-T#@@L%CXL$1jfFh<0=)+JRSM{toQs{y)KmBWhM7EUrOlgR{^BXBB!P
z?!jjGBieAynqiIfL?d?%`bB0U+JRTldUj%W{2d)o`&uD?G}iX>e>NAc#<$TU^A~j6
zl&>8MUV>J92R6nR(MWxbcKk1NYARk3%6Gyf=~3uOIUNh*V==u1?eJ<$fBt{Og$KhC
zv?ITvp{i0R*cM%k1JTd#2hotfj`=d!w&;`{zc9@Czi2&G>V~gcm*M54r(q{Ngn4=H
zf_m(Kd)TCY=xGN`pHOH61F$tdfWvS*&cJ#NG84P-9dt?_ZkU<=^ZhP#o9)F5@ej<4
z=Qj$wrye?`J<v6DeIxdNPA(>qaT(r^J@Ei~Ak}RgMlujRcxIs=s~gaA`I>}|_Cu%c
zUUb#Jf`)h>+M(ajffj2T8cw1StKXFU?_z3CMs6H|9vnBK+v)CD@L6;bzJ@NM56}kx
zKu1)mSy&5g(ZzQy+JXDgU9%8#;Tm+!Y(VS#F2#i>T}JZ|qSEN%s*m-s8``nEu|D31
zMrIv4MMu#Alxz_`JDOqz(%sNVj7B5(FuJBTq2&)^9!%wG8CGp!bgt^7bJH^BUyOc!
z--b3k86DxPXob7b0sMe&w_L44Xlq29qxD^c4&-WVg(Hvwr4lc2(UgoY(WCV2>=2?0
z(1tEW=kQkaQ*t&Mx@Bl+|A&_Q65XEvpi|hebtu<9IsonH?PxtSG5zzum$=AB#=B@}
zcA#_g3p&?j+Qhj<LwPOc!1-tg7NDVg6>a!UY=rNji!`fk`1I_9MsO;+tJYvP=TG7<
zE;?fKc45x%!6u|vV;%e%n`5Q+nd#q#F%T`k2D34vL-<nK23?dB&<~fFu>&4O51_go
z!xXf^PNchF%7bM#7lwWV8p=KB1HYkjpR-d)7ejYNB{X6k(5dT%K0gipIDZC>%t|z(
z+t4pIC*u7?=g>~E&g_2|M_n>}paUABe&}Ml9}VqNbTz+@&hdV9ib{70Q_>0>k{*q&
z{^!uhZ9&VOL<d^FYgiNA(E5gTO~o&lWH_R=XaqK+p8?;ZBPiP~tm0N^$9kg&$XLvU
z_hWid;fthSLL+tAMVX0(cn2Et^4&xJaI8jpYKjXhd<~7jUTlvi&?B^dj}Y2n=q?zK
z9xRWdyI>_&#~o;7{zM~MuV)x}M|9DSM$12eo-ePX?WJ~b;R*H)K7~1Yg$AEPN3<55
z(@$dh`<Tvkaj5WYv_ti<G<L@}cn!KHUPRZ@26PR4h;GA!$fss1af*xFWR&k6dR`R`
zc{B9WZU8!W_oEN4LOb?8I<g~Z`O<wd)BoXNbG(Z5BiJ8*N2j9qC1LlBLGyRu6@LEL
zyficYL#8RwshFg|40Mi`qYdtj`M;qZE_qo9WjS>1G{j77jZQ&3Gy;9mb73?ZfjiMf
zIRneO|5tJ0-0VUhIEGe`**A>1BpTXU=#kq2t!Qve-x}{fgx0eJosvyxguX)SD|~tQ
zc&~(>6Bl4=HW&T4xEy~#KLa{n5hBnV>yf?%ec*X?aej>1Sf*e2Q0j-C12fU7cn{r%
zKg4v={$Wit!0*W)i%oFwmF$1#=7}rA$Tpx2e1U$>SGp=RFbZAW&!7)}hIXvPfN(N)
zMi=qDXlNIqYvz445`UrtC^0bXs@7<`HxEpOiXV;{JJ31*8QuS7uMR&*=!JId9&{~i
zLn}OlPQ_V+!T>6x>DFi@dZP!;ZRmD;65Xz^;RU!q#f5WJcyKuRTB0{bq6HsE7uyze
z|L;IYdK}#y1&4&GYJ`ToFS4x?ccAy5LZ91)9&Cp(iMfY{a;a)u7^3dz!7u_{Y!lG4
z|50>A&tnIC1Cy9BEQGQm)+gNu4gLM-h?k=s`4kJ_zi55=uL+-?XJeN8zZ@49tcdRK
zPUz7(09~~=V1B#@9r;XLfXmS-=`lPw7jGc_878sYh!D|HID_<K=<_wM4WEu(v9tUC
z{+RI*W>cW(b)mq;*pu{3?2QMoB{mot?%#qBl70pKc+MUb*36yQo%E}C31*JYOiabT
z=#+eei?Pu4nTf%)pIF6(Ju7oVn8T*%;^~im8s3dAwxwtV`_NG5xG~(Xfd@%nj=3`U
z9&uAB*Y@U2eqPKUM9}(oqpSWm^qeVu3;W->uFZvW+!39t%h5A?80Nt-=oF;T@>9{p
zv@qU(2i+Ch(T*NQw_ovF!!~V=F5+9!U3Di~->bK>|1acXJsI}sCv^Me9uo@IK_f8?
zt@r_S1gm0tZ%pUBEv%txnB;zUbnRS^t#DGj{|>s?kDvq1F_!)BqANN!jJR5~F{T$I
z+VcUJ#B0za_&#)7Jr{ik{R}vOZs%iY1j^nX2Gj|Yq;JGKnWBf#dWxjRg)b1b(7CQ3
z9fbCDCOU#8=q@=LEjm7&6OGXPYtXgvAbQZej(!$wM>~25Jy&wv8NM0SN2f3~G+x|;
zhU{5%j$g+d_#wI$cB3Kt7A^NPR=`|$g{i9+ZHYeL2W@y17Q(4$J&&T_CtgH4o=U9a
z!XAGeZ=A%ur1LX1&9DR-+FsZY`=gPXjV{iO*aEkqBg%7kSSwZ0sq2k?xb?%4xDwsY
z6(_`>|BvC~J~BSUUU>P$%=9mlS%PCo&zO{%{$(<`?#WF5s)ZZTlW<*3=a?LR7Tgm%
zlRpOw;+JRyj$sn>-5b7V)IbM(0cNMTXvalsoQ&OY3y#O)Q!*2G;Vg8Q6uB>qybXHt
z-GFs)6*{-yq1&s}{b4&^gjGq8Ko{jKbQf*FdUy;|hAjC&c(4^3+FP*?K8r)~B>LHK
z)zq*k$DrGF78<$5=vt^VEqs~17+w9hq2(5$i}?+--rZ=s)gNU4dop!?Ff*|MN1%(N
z`t<Mv#ujML7o!jCLGS;DZl63e!uNsm(DVRwk&Z`q#r^2PwhTR2Hb%ckJ6LQci>59Y
z*)v0do6!azM?ZewL$}rM=oBSqh4O>YMK?G45jqt`9||FEgVr+|J7@3(2Mzgmv%>*a
zc21b0mMJcrqbtxq2TVkJwm7Cgj`vUDK=Lch4IQ0`mRo{`_EXHpU(m%_|KTuzaoC3R
zB6JNMLDx>%N5YR{Q&)3g$X-JajE(3b`3#Lr?s;LPP0@<S;>EZgUA$+_&rJU^nTN0?
z>70*-hT5SK8iVeN*U+zS|6+Y?{8)NQQ;AVrc*ajdL$(|}@%CdoEdO{I*$}kn&!HVW
zijJt%6QSYG*q!u!XoH_bD=Y{dxei_2FQ9AV6YT8}{^6o28NHqi2hKFK16#2Z=6NbS
z*bDveNul}AprJjAu8rDHXQqFb%njI;^q=U|ba*C|yBb|f3$ZPJU^*SbXT!*wqanNw
z4gHJQ4ZlD`S$$#nqA?t^Nk4~9$sx2uwVn%KIL4rBX*)XNpV0csFA5R67%w4x52kEj
z9~WJ)>f-QYxSP;WZbR>%{d^eVFl<cvdGshgfR3c}3n7C2(ff~}yWzuV#*1Oj>!KaI
z2K|hf_9FX#Fc;5}aSP^Ml9~QxGIybK`v(rg^IytL|1z1G=#N%LEDiUcMz_^R=$z+X
z79!CLozh3q4(-MS+py5`5b44z!Z)IpE7<=zDR31TSvUkevxnmhycc(3$ydU5I*f+0
z*sGxf9k3GVvFOx2j??fnbV`Q57M@#yPT}WhWXh}zyP<1}3o|C8i)$5D!M#`k6RSc)
z715FOK^NPD=*Q^}EQ0&d4*ZA%@PgOF0W$;r^js2M72Oz3ZResI1wM%xiPhnO{8*Iy
zl2{z8p{uzCdZzcqVmKP@z(lm6*_aC#U|xI<3*a)e+?!~*_c6bp|DST<r`I=VB#N&I
zA#IP2cmx`{XV4LTg^sZN8)42<*nsr^FdI*!p9R@#!(zJ<JufDr16_*c@Doh`_y50h
zQHYGfZ-$YULwj5g{T$CmS9y1Iu|0&2U~{~`6Fs>0V-gFk3j??S-G05%Z^sj&PoPu1
z25Y<jKaV%^zZE)C6>Xp)8uHd?kNcyGa~!%h=3^4qq78hGR(ukTK-u*nzcIEU-3L8@
z9zj3OH)6`8a4#3`$J1yiOK%8M(H$K@3hl_tXhU1kUGNRsky0DOB5i_B<#p&9c?|s)
zy#iemTd_LsK->FsBl|y-i(+qwxh{!zpa)v<WHhvk(T?mv=P<`RVNPqI>C4fECZf;J
zM-QkS=m2xQ8@6Lj>_GZfbU<&un+gqmLWUKbLPJ<&QwVK6^y9e?+T-!)6wF0K{3^Og
zKSZC)yE#}BZMX*-saw%S_&mCsKE|4OB*ldlmE01nhZg9GhHxl4!f|Ls7DhLtyX7$2
z@Y!3#h?=93x(toPWOOa9#j|iT7R0^ix9ik*Tr}sR(*MH2GZ3AlDQL%DLHF?vw8wif
z9nx)Kd(}io)(c%5ccSOQd`zzyw4+<&{ZnWJOT3ppf>VilT-Z==^u`V7BASk_(znov
z>_J!WQS^i?u{}hnIr>>~G5Q7O9(1=XK)35UbS?aZ*;wuUc&=arKmVWM!a4dBU2OS3
z2qABZhI}wO;>nm3m!KnCfp%~^I^u7lC(!{F*bzE(K9(ol7M;?;n8e$$sr&y?E?iu@
z(Sj$?f`vW|R*p7B=ddSQZZLYJPC`dM2VDzGWB$&VK8Qvv=gtt3n&?0WV*2<0%;3UL
zu_b83JJ41AEgH&lyTYPsfvrhjhb{1BbTJ)8*UTw&Emi&~l)D;Tyw74A+>X{?_~WqK
z&ik1C@3w1BhF=VNqdgmo_IPph1I#A<8+sHs+#Nb}2io!H(J9%EcKADVG3MG6)>K90
z!zPi9PH8tZa-;XK|DD?u8Ft_~^ucZDnm80a`;*X6H}pKX0iEM{(Us^F?n2kZQ8YqX
zpN5gPMmyLyrf-fukmAAypGJGM4z1t=w8BH^wmXfk@|t_Yh^|6MIv$O{W7rATqiZ40
zzOWW5q8(|EmYam`qQz(=QaiaYG{0aTJdMs-p3lOzxe%R_;b^2DLAU2Rv}4E73d?*R
zBGV47cqF>-r=uNRj}GihbZUP`BFKOL`9;_cP0@p-AKK6q^nsVro^L`!cmzEsa(o#&
zS`izN?us@z0e$Wjbg^wiPr$FxbL1$xixT^t8uni?E((yYjy~83-CjM=hOS3P_#isx
zucK?_V{|Q?LOWdHt6)d8!=uphv(Twqibm!uOk(B%B18N9mky!9HfTr(p(oain7<kA
z*deq-|DxONoP(i!M|82?g5F<@uANP2#J<FIN73`4!q=g_c9=?%F@y_4KN+2?73hb^
zhv)<UqHCbSH(~C2q8+#mt@s&qWZTek$IuRx{We%1?Z`#wNjV&i(D-lJ|Az7@GTa55
z(78N-hP>3F5W?2z16QF9PDDHKBDz?2V-o*G8!G=@DBl#F%B#?Fcg6H#bP;a(E*0kT
z1Q~|7*x^u74Rn!oLl39{=p2v1R`_^Ke~y00WF83(Hbl4I6=;38pwCUiB))=1^dq#~
z?<p?qVUh2{i0eeJKo`$Fn8c^i3g1RUy$_Ah-|>ExqoJOT=*X@?M?4)Z_d5FA0d$RI
z9SiAH1umScw&)b}N4L>fbWOZ~KDayH{{vm5#g2zHl8uIZG}`d}SRa?8Q}!)dPu>%u
zgAFiA`VwS7{P%xcSa3SJ_+CLP+KE<tGUgZiA#}7Z+M%xK8W@E}W*!>a<!D4diuZp(
z>nrzTsINU5*@0Nu{eLGHHvCL1un}$GbIgtZVt&l^Q}8S_gyqnausOP_N5=biqaB}y
zjd3wr?klu|MSc!HAE<||XrKQJl`vQ9(cN$u?Qy|hLa6Gab9qVhE_Bf?M(6gkn9liY
z7)TRz(e*{^y9=G-XVKmBX1xCmrVL@e-$KC#Xv0^;^aM0ii_kUk4z|Nz(Fis9Jyh5a
zjmRWSf0&`?z&dnlj-e-Djz7X5S{tHkq{AO^|Bs6|o<g_Va&$_zpo`}a_QJDHhHtGy
zFc;~kFdG+R3p|W=tjekITqm?cw_pyOiQb=!`SA5q?0-Y^HW}$qqCL*}XDE0s7A4&Z
z?N~2NpJ3>mjz=qg34MMA8i~))22NoTbNm$+`FZHt=!}*dlH$UiPeez$0h{76G~`wP
z4j;>X(GFaV?v}C9$I(!4K-a_%=m;zQ6Q-tpbQJn&I2Rqj5_D=)>$$MP&(RSj{tY9p
zgQnY{tM(>zZOla%<D2N>`WB5?zSF^q=;CV{9f(ax-;3^s4d`>HkdFHM-?P$xuFpmr
zNTJ(q5n6C5x_CZ9Ba$;CD;<f3=*TZZLpdI8_)+x3YXds9C(wc9&J6W8Lf6DqSi}8)
z2N&s8j(&{3gO2ETbgl|zWu-%QKH7m6XoaKENGw3hZ;AK!qf=2NM^<_&+M)FfL!X;~
zwzC4$|Nh@MTsZfCqM@#mGmN}58j;a4Jr~`-Z=ekxjOjn46?26Sb-_;DzZpHM-$WyI
z1Pfv5+*#?9vnr;4|Ifu-SmCv3&nKcITZKkuKf0*?#+FzvPZpEGuhBw}+N;rqCZKC+
zDO%qybn3oGr}CV<p(Cx)@;BtoN~M39%oAkHA){u#tnha_XhgQ59r+#IUgh(L3Ob{q
z9E(=;JUZvQ(Q;V@LgZ?p5$l7ljq%tJpFtPp-U6wt^x0mlVCZ3a^nrGm#F6NBd=Tx>
zR<wa%(UF!b6e7?D?ZBYuOmynrLd$)Nb|7!z(18okFFM0gTr}h2aWs^lqHEwJ+L5wF
z!s2O*mb(gFgpZ=--a{)sfkvcw(XhDMq5J$cbn2#}i|}Q1KwHrcr?Sop1ujHG-5VY0
zcyzx$k2Z7wT?;viWu?#V3g{ePibiBKx~k`)A$~9BXBN*&|Jc4J+M%1!gX~`H=5Bw2
zi;iS`kFMIfC9)E2a2&c%-$Em^FQ)&*B<YeRL&qCo57L*T=fDfmEog_oMMs`lD%5i>
z`q|O~)8GI5bKya8Gg@#O+Th}tzXd%yze4Bo_jtcd=@6NwXeh5lzcWrnr(^*-CGTP*
z{1pv-&9lS6uEB~aGA416K7h<1{SLZ#4xv*}uuKSP2lQj}PPBuspsRQn+CYJ_Au{dI
zsT_)yn~v#iiFR}s7R1Ck?0-jIhzsYkDmq84&`|b9=jujuWcQ(=dkl@p8<-bAL?gEk
zt?xJV+ijt9Lw+?ZLb@$Fz&>b%ZaX(Cm7e1#$gsz2&=4I&dwg!WFrwCIga)CzB84ux
z#aJA7q8&UG@1H`~PKENJBQ4MlT!ubB939Ba@~LnnE+fMV-a<#R6Z7CPv}3<vT`ZRj
zBkYB4t7|cd)6fyWjG4Fvjo>!SiHFhe11Hc3pF$&EFjXNma2|S+bw?i@hs|+5THzk_
zz}Sn1uyDl?k-F#{_dw71>(ToQV*W-nk_XU`=d2VuUIUF_>LM--#cgOs52K4@RV?rg
zT0x=8q33ncspx<$aWJ;RXV67^5ba3b^TLNrWAsC3FsAoE7AAc!(q1a@Fc;4GDm0`&
zp%ExnCCu%G=#+FoJ9;%blDjbnE<!`U1Z`jwx+eBwI^^g8PN5%0=T;5R_rUUg{@==l
zpH6epP``nWWF5M?zd=KF0_{NQY9T_6(35f~`ur?R;;NYb1l_)WV;gL6emKI%q7ixx
z)8GHU=Au0rm8yr2-x27DpTGjR8r|QU(2o5Rtz09lov!HA-GXkvIcNl5#`IB)b}+MM
z+~(-+XoV>Y^y9)geF!_?GBjkrqYaj+m6iTG-`42bn1hD)ZFD=mkFMt5(25Jz4(apJ
zfwV@?i~iA@&_#M*?X2+oKbDZ;obE+Kd>Y*i<t_+oqAR-kN1>s67VX$Bw82y8r(%gZ
zVG25+YvLNT`~<9r%dt9sgTt`!g{iFczZ5d&!VrP4(FYQBL&F!Kq3ebIIbaNW4%~;X
zm9=Q3-a;EZh)%`d=s?b?7p9~cy14tG=gb&1GWVyr$jQY*%z-arAzX%?@hx;p^3;#3
z77g{SXoMa_8+rqc$ljPvGzblqN6Xhm8|;GV&jxhrQ`5O{yKF*3xepz|?`TL%HVoUQ
zBRbOCqfel#e<RwF<LHM|nMSdrXhXMR6I_5s?o)Iv<ZqnrP%2S@3q#x-T?1F6ADdIq
zk-d&Kum_#HtR|tN+UQhW9n&+>#rY08vY*g_RcjjRX@TyJ{%Ae7Vs7{UQ(U-Rp2z&S
z8PkgklcZ0fyQ56A5RpdcTn|UfO++hx0qyYH=s|P<OX6?n+!tsbMqV53Xgf^*{@<Ip
zaO4l6i(|Dn@IADGqi94jTZGT;x@bBZZSV%PBQv6_&=G!t)|aPcn7XoP$6KLC@a35D
zV{t?*a0j|g7N8y4g;sPjrYp4ybKV)#Aw)a+6gsCH&`9h-*U}H@oafID`@JQ)Cay*!
z^gwo2*#8U2aFJ|B50qT3L+ERxi?9c}itk2u%RF?B7hqG|jaFEsO;{_H(dT-hk(!7u
z-dE6w?m^ea@iwWjh%(!TBlbdcWFyeUH7Dl3gUv|)g;w0CUDy@F(fmiz4(>rCdIF8$
zX>>cE*FJoP)JG$H6*_>2Qd~HK|Dg}&=n#5V0`rlsj?Q6&XeTsM{m{9ei=K?Hp^NH!
zG=il&hV7V*9<{fkQ#B8hxEhUEYA+W)cpUR!*-l|MR7OY829r1(ZRmb<yRJtMly9&R
zo<=_<8+8uPUyYVap&eR?Ms7Q1<3C9KsYJ^zVS5chLo)$gJS))yWhYuuuCBovn2U5z
zbYz!dTf76Ey0_3pcm#buvs;|9=x}sk^D&S6e|^l@ith6h=-lVOC`6_yTJdn4iL=pF
zT)BG~`9;`~^kg)G@1v`J54!mB_6Q9&!49Mcpo?)4rhos}HZE-VTlApF>>1LP(MYsL
zJ9H(wdZ)$v&!Q37fKK7pXoE$2g<a4Z{Q@%@EjJdOqQ}s+vk6n_IpiWq#%c6`NM0N&
zXo`;L8nlBqpdEY=t#BDy(Jpim|AeivX76wyjYikZT(taq=%?rjv}1`r?0;8xzCPh+
zKIfuya~?X<u4sdU(9eK-(27>X^vCFjP{t);N@`(}^rh&O-G<ip3>xyS=t+4D9cZyj
z+5dK+)}^6fHZ~_c43qdQdjDPYflttif5J=foXf&UZbA=~@#r})3)7zo=<{#K{N31w
z^l@}*>!kXIec3HK5?$@n(2=b`NB#vmRrxLt`~N&FL3#i>qFd4Z{5ZN+mZKfmk9PPZ
z+F+$C!j!c_Bb>U53m4C==m?)hL$(eJ;MbTNe?(XLNwnhZeqm&nW0LepY=#e_`~81t
zBz{6Wn74meoORF+4nzi+O3dKG4y=tHK^I%8D?@&LGy;Rr4$eRq-3#c6xfN}2FWO+n
zRpI%w(a<-<OzezV*bUobPi*A=f0zqTrVr8??1E^c0pU+L*P|m?8r_XH_&2(mD-R4O
zUPH8leb5MvMmsbGllUaM{WhQn-S=3D_7ml<4k2%Yj(j-Uz~t!5=!3h_HE|mK@Tf5;
zG&l&8q{pLc<Oy^Qt&aI$plAQTXuahIhsbuoR1-38;lk~)G`b6|=y!B26de-gt`Qpg
zYtRbsMH^Za)9;}N&{4FZvO`1U+G2mw*J4N9f=*50VeJ2WTvQwu=A;%n6*r^%d?C7O
zx1dw-HM-66T@yM|9zEk*q7C1SKKCrz@y*d=Xh+W)9{#Y}2$Q658=eY1okxbNas#^9
ze!xa}&WLcZ^g*}LooL0+qZNLDcI+3t9LrprmHr!&ThI}%K_j^xjmUTCnkal-h<Mc$
z7vAWKE}omw3Liv6{aVcb2wfY;(T?OB8J=r^cH~O*JeY_!Fc00|%Q1;t&@Z`%(W%Qd
zDs(JWg$oO|Mmx|qrf)(+eLq^^0`!1c72Sp|$}iD!c}9m0o{M&<DH_oM(dlSA>(D9s
z7~8o2|KP&?-}L%0qT%QWXJTDki&k_3-B#z`kmbM1nSK>#LywEs{54<tbw_SKNprFK
zbMP~N-&{Y-otyY1yPoS$a}oveXX6F#{}Y}Hybh3AjO*o8w1UFt^6pB0cM5(<{=>9-
zJ@0dP^Y_e&8F*c6^m!^SMZ>;klfRAknb&;E42<{8<8Sv8j3qIMdXu!D$VEeQ$ecjt
z)A1?(S~qbM4~^nIoyuOOu&>rQn0qbBPts^vY#(kV_zi7|OSw0ffz;++b*?$1{_k~^
zve~@bk~e`i|3TYNJWF9;rvi!gq_e2x@;HiV<R7PSbMpTCIuM^TuN@Wo8X3#n5gXo4
zhu<OZp;*^Fl$%N?T88qe#363ZrKfdxU~Q-){m<LU-^e>3h0nYiQ_fc*%Eo{sdeMo_
zBx=&Y`BYjhHe|Wid3F?etGHhR+u~^ISWJFv-f!~z#}f0XY&nTvc>DSpCsBAfjgLfI
z>WpvU4&KwazJ~0>T;Kek#(dV-i$23EPrR3p4)RyXi5p1Qr|t`Q_aeRCLdL%-8RZ=r
z4Q{5=r999shV}{4i@5(fl{TVGCEjbu^VNs<zIe^A1x%ded0*4X+hc@yt{i#aa((8t
zfa~%krcwXn+)It3@O&<I^X?QI?Mh`Y)6igS!vjNNzLj*P+(W#59f^9K*8%VvK}WCR
z`WTJ-y4iOuSCo5&sqbX^4j*K>7=JMe-@%P?bfk6c=~Lu2ixupk@H4#m&`Z2YzOUN@
ziQ8kDI^@4WC;dt`2}k^=!w*pJao%rHwgLlsgEA{(hxYUNli1JAk7LDK;|&iWU-jvj
zuQ@z;KONYPXI@Kq?vvQiQZh@^z}J*1%A4Qd$*)@DzjC0=8|0tO`ylB*;=?zR_BA|3
z!|Qp#*Cq-d;D$e?tirno@4HDq%>7!pj0(zdJt=l_EsdYxnbnkAMLkm}lY@JEN$2D3
zt2lWn@-E|kSIYVt90&E9_nxNGmtzOKxth$fJTQ>!NAWx!njA;jlS*D7or)Dr<9<=f
z&y4rq=b6VTGc4XGnSMP*dLm_gy&tWEBd98|oZc*=150DCa!{c!&;E;I$L@<Z=U!v-
z`_SM%3-KyR-WD2of`<S5nnGd$bynipw`r_cZ1^|IF6G^bx9z82?fB;iD&Q}(6Sh^G
zN-OigC8XbtqvQ8WCiqM8#CqPZ@_wBBtrYePi?6#V&u`UCzrN!6d6XH-yEJ)Oq+>Pd
z`-4dHyGuj+>qz*TNsk^Qb3P?s#1%aJ3im$$&y(|f=s&L(Jj3rMOk`1Z9vvvfh*Por
z4~~-SPSnwWXL|Bp$NMhw576-ocqWdYP*L!GD!PVB9^rxd+?*I28pOR0q|dy*Geo>f
zQNAjbRpkD~TwlWVnO83Ie3iic+<SsLUn4z+_j=lBM%m|Ve>6ARlkqV(-lpI=j9?(P
z;@yshKBIzO6dpu=5Aw?6jdW%=d7HR@gy(XT*O59Ja(@c>+sGTsy|;NUBEJG{l;iyc
z`P0ce^BR+f@t3B7-TxWgnVV<x;F%YH+)L!3;u++9Mdp)~pGjlB&f@toR9=Km_*z5$
z{CLmw^)cV;ugJg1i!-m;?@!I0dXCx`kTd&CE;gq%Uw=khP)lW6T}|0h<mcr2cYK2y
z>(PUST>t!^q4lTy0iHc8j;uzk=WEjZlH0^i-p}*Qw)D?Hxj4wf`~e~T+CqgVcz?&R
z)=}^#hTSWMV;L3Y=6!;a`>5<R`NK(<<GMW0G@;@0Jof_cDzUz~<j>){W~_sM%O>$)
zyl$17IrxRjw$RYsIF-WnDEu^q3dUZSC*7X+Tio;Y5@ny`eI4&>X~<XkSmAh{yP9<S
z`0NI*GkErW%3VhJWu&j5OlB;9I7McD3Qs0uIt}cM6;kg1Ui-P%pNDSe{zA%+<XxMQ
zRwRFJY^Wdi3X;E;yjkdL7I{6XFZcgf=K%73WniiXy=zQ?RlLiQQ3e~4_um))B2nT8
z@~?>x*5dx#q@SR%`V{QQ`&}9x8as0xojaRn-j0=Q<+*a)-^eq*N^)-nbzH;01C}Vo
zMX%W7aa8E*-dON5uKBkk|L--NiU*PIKtl_uv@PX_@@$3pT)Y32y^_4D)SZp<W5*uE
z8I*aH_eVT8HAlTr_q`<eVL@Uh4UFabOWu7b+<-<pVk_?5!$VWJzhd^rsl{f0I5mgw
z)H?2N<bCEfor}#pl_%z%OHC_DpC-Q%?>3}|Qp-E&YdJN)%G(!zK1!UT>`S!Nl`{W*
zt)%>U<PVOSs~oc5VTSS$|B71TTr!sN(1{qk|2}*Toq0Fr|M{OAJ9zF|Dy~i)MJQ8^
zdmrIFl&wZy73zGI4*5Ed_ouwS<^FOT=e5`GFpp4)uZMYm$V2OS_<vOT6@|Vh?*}Rv
z85^%kdNXDG<DjpuJo|jCESqu#8Nm0XFQt()uW{rLC-EE4efgh!@8?NTaZxhQvtbGz
z=e?YC9@3?$%-471@!NkBKZRuC0j_<$$+HV-Y$*4y<CzO%{%P_HbH6OlH>933ueaks
z2UGT1p1B-T%_;OJ54=FZ$MOGvZKHwH6zs(PqC7M?RydBvo{9~2B(FI2@YAP6gBT6#
z$w!`lE^bA`uV7uC_f^FXa&N|&^K&}|n#77N@Phw{uOU>pgzLUEmXD73DnbQAcxEzr
zIe4xRdACquA>IShB{<MyV-InEG<kJ+_A`8i^u!p6^k?`mD%(Rv&r{$y*DJYMhID=2
zJ*jXWdG~O=gN}5GmA*i_759AI96Np!&-1&|6OWMojk0UFx19F_yw4)<w%Gap)aR=s
z&;OK);rb5q^1hrKFY<oRYYHCX-Ie#a*q9F<jumvk9OPH0;yt|k(DB}Ma1qxxlYa}&
zjnD0jom{~)&En{b(gy3Fg+jrXz2J3EAkmzW_&Uh@E-L9l1?N!CS4FNn;YYm3a9uH0
z=)GOB%mw6MPXjNa9}=a=?@v0Lx;~8MkMJ`zpGjPo{%82d(-eAz_nB9F9+(wJ{2Y~R
zrm`of^hVyk?x5@h@`vyq9LtR%3OADfG|&3tN8O2%|Ecp6I`AT8r=|Z4OMzptG7CTA
zKjQ1Q_|Rvu;xqX_{HMHm-AQ+$Ot&)y@W!}S@^kOrnBNd5l7A=lcCzj;e*RcU@6Wt$
zrPnu8Xcq3G(hsPh8HFFEz}uAjnCnVh_oYlr-X(}gRo<N`TaWik+;2qM*HhfTFNS-z
zWvT0a()Us3W9mw`&rg5<@AYdeY(`-UEaP5JDr>>R=@<7qbInhZ63y|=Gx^-iAH#h~
zG=t9EMfugFXVTz%T;IcUkCUEGx?N7%9~669kDJrDIhBfDrNB`NoQFTf$TZ;o6{N@E
z5XyXpXI|G(#~jL?q%-I6Ud7uVMLxwlANN*suUqV>e`@@L^my{O=8W<0M#F2k@ih+&
z#3tw~i+ukYry}g)fp2jg_XpCs{-pn=qI<dj5c!XgH;sE|URm5b^C}fDisM)0A0aZn
z9ys&ojV3&}ksfBJv-yTVrBg^hNx`e}dmgGygC9`tWAe7pn7<5VHrK^?raJbgOl3N}
zhw=+3M^<7hWlnKXnDnLOkLCS2&vqj{jq)k}uLKgA6!;&BB$;J+FQC8!<h@KMTJt~w
z?iDA04i$dFwXa`!-@&slQSKY=T}=Ls<bBDrjmR5p<aoVH{#V@hwTbdmc#r4amE_HE
z{Wa!+Gq10?>FZw_^|gzFx5bJ=4rc|GSEpmSup{Lj;5svQY7J$}Qt^YaL7!R4{jTKy
zLD}d3Q&)SQPp|(1bl_Gh_=t>>WQ~oLdE3{0<aZ-)U+k25C8_8sp4%K7+DFHiaQ`pv
z&7<r?|F69>0gtN47JusAERY2QA#5Rd0|bbWu!x93lt4gP5&~gS5U`W(Bn?S-?Ct<@
zz<{U&`WV58H7X1WB8&(sK`(<K_(w+(1srvhQCv`Q7aTVn5#O(FS3(d*bmqPP_x|7e
zpYJ<4r_Nq=tLokp1xWgmPWA>m$#?{|k0VPWUO9Hj_`jyE#%~e+1!a^@Fa+fWy()Ro
zj(Sxx2z(6ZN1)Z%Ux!^ie1l!F_EEB1iJ6OE4`Q|izr|0%?<iyl_?FI<I#17F8p6RC
zypB^o%6J?;uYGbwQq9YRnvLd4!asvFjj@7z@Tde8+z-a+NNW5ZQ7XXs$nL}ENqhwS
z^XPivGap?#@_b?z!e6J$DS;o4{C#X!VRwc4!p_0zU4;EH@<J8dtc!RQIz<-|)=*TV
zLh5BpV7|xpQP%Exy-wxCi_&q{BA=||bkkJ*eNc0vxgpx1Oant0Plod6jv{_XAqxol
zD71pHNw8h$`x5-qMg{C;d`u^q4SyVbkr;;wuHXXrxy0}>uEj1x`<Cj7-dfXWb`#)N
zH46TY4#FQ|iD*S2KU8-F5u3G6B`HLgpcr5eyn=RM5dLo@`WnC6i5;gO!w=d<+10G%
z$8N;|d%`5*S)Bd^o&Xo?M873SrPdFIzZiZvGm2xzFJm(ks$d>T20||&;b>$NN%j`w
z!%7K^Mg9lu9}X8&<NVEp0Rr6u?niMi4*j9MKm~_LreGTKWfb(Tu70`JE8VNeXAxMC
zum^Ec^-NzuJ`}sD$X7$(z<0eaRQY|ZI_%pq?t`*9xLqr6fbQ2pn(2h?38vspumnAS
zbSL5ol1&67;d^1fKo@&E`fK6qu<eZBbJ!@DO01sX2(SeOzgmN0u@3wibROe09B0Ab
z1Ae0&pH=}$a9of1({&M7s3k^r4!Siu#&q~{f>$9wj|nN5jqV{`SPS?S=%N`P#IDAM
zX{v*+CSWt1{(#Ys&?F2Mw1hvVgUv^FA$AJBLbih-Gf27}`3uDQE52#yuR|xmHRxty
zGYq{!p7rQ9G1gEM(F~^z7>-6c7XEGmC|Hjy9aOnSL5D$KBgmf!_!YL@Q4EHkgpU9C
z*#K_sf4Oo5`r@;dguS)R^hUPM8=^Z#HrS6~3i$s49H?TvmVy+FCCK9h`Kz{R2mdj4
zsn91Vz#?fhx<1$+g>Q<_pYTzz8u?z$hb7zzj91}zvHD&~&_R__{g=#o$Rl_IV7!Nf
z+q5hLpQm-u?~u1;wkgm*YlrRd&52#oC~+rztI+?M0vAIsB1TPL9dHT>Mj^<=;Rg)P
zMV<!#2K*HSD?_i~A!NNtwiMYAWHZ4ojN3vl1KS|y-=1lJNjkm~OxE%ut?i?}5TBvS
z4;ncnGUne6a$q35`b(mog(~<DirGa0w?R8WcS9?nzah!+Myq%n`C9$_m0z6p?}xkq
z`{%Hq3hk!u|7MLGC&GuoZ&1F0QwqsH16SyRG6*mpeNXfg;kOZd4#C{aTESX$2hlyC
z6MhmFM=V2s6S8&0ISwAhE(bbHeIZO@5QpL4pwHnvLOUt4j#<1%qJ0GDjqW3GF7i$I
zDOd=u!cT!kAuFIhT}%|?Ty%?x(VG|wj^f`8R8WV$W-^LAEhx~AAu3JKGf;+2N%kQ0
zQiA<O34lCgyR^-n#E8{JDBbs(?@a<P{2=UlVxOh$6XD+s7gQ6miR9;i-L+F8MlayF
z1z8V_`cr)&m;~O7>=B&nVJG_gl|6+Q;ByP8;4AE&LH3chZHC=?#&;3pYOq32)L-8r
zyn)kj0+}f5As&7un5?T-au-EDPOyH+PY`4bvOD3kbmFn-6ht%r20V&QNhAMp=-Z%Q
z54{n;yJ|2R05b>dPPJ30yb|SM9Gg3#PX6emXY(TgQ?z&}d?vn6Fy4vJ`Fa)q4DCpq
zbmA%aiafiKwSb=kKBbGQ8H~Yr92M|qL><_T?0THDk$()o61<223OYg`h0cY(rjzA6
znv*|@wEQ0Y{|~+jR>Myq<~mS86Xc!M{X1F*R>IM0C2)RS2gt?v4rD)t0jxx=E>`KL
zF}{uQy9C_>Z|jx1S;tW}h4ATM95HVt=jGsI>NkW6PB8c_%I64j3(ji^v=sgm=$%w9
zp|7I<6k3PAccbJlB3E!Tvh&af(EkRXtB@^%KS;vqdJ?}!uOJouCS+0S{I}M^o1je*
z-bXP8d^rJ|fcvm<Aye=S*pz^+bijXT-+acGV7CT3mEc$6*9p6gpn?)@e+hgB`fa*s
zXZ|6_B>bZbj&m`%9C`uHzlE=dS2fcET@MPfNO&3iW`f-hzY^Q)N%X!BJ{NvIK0S5v
zkraDE>yALL=U-W?j~#I#f>#K#l^`dyv_#YIalD;kIul5M3$PhYVg<*c>%iUM>&WlG
z?nS*S*HYxS#Eb_Y1MA44GX6%d%2xiAwF5UISdQ}$f>eR?Nb-B|Y65%@s$b+P=%eX0
zYz`2tJBjup9}E8xcK?93AkjJCF2?hq>Jx7kR6#%NKZkz{|BK-NsD4AZ2BtH@2T7=4
zJ<7j_*$4yPCcqU0Q&0x4;6^<@2K|unU$JXPECnu|Yz?yWHD5`NE?_-$g->Hp^CCtH
z_Je~6K9wTg(}9${GYPV_;}UGgX<Z7kRs{b6Iz#L8SRK{ST*}x`I{cU7{~&R1MK%!M
zeb{V9HU`;ekvt7IhMiHqgmSYkMkUT+JVXcXgYn(So(26%3A_kC1r8+O3X<MU(AV(4
zi18#)K?whEh+hxWkUv1&dYG;LD`!32O%e-bAMiNBMcT05zEB&sA<5sc{R+ipI?*=9
zU34NpvV)8tqo|kkgnq!b3Vk*50~8vmZ6B%s4bfx_4(Uwy;W!S1d5l|tnL5aadNpd1
zRTD(Pmjv95ytVdi3V#8zMDQA&MA;42_Lpl}4ElGF*L<q9K%@?yPxXr^;1AkC>5il8
zfowNU)0F_o(g{Z(4^W^<;6;sm24b6oZY@+nQ*@T*vl-{%6Rmzj>_zxsBgez=12EXB
z3sTN)NVXDr6aj-c-iT}={3ZDAC2@$NvvhD}FR)#u#>l@1uVI`>j6dT0DSRw+6msT|
zA<PnRs$QBT3_OmKuN|D`F+PaH??43sa00epVKb~zQl*;;uEghFbZ>zR8%^ST3hsvP
zFUVSfui?8uz5kn_=#4_br_f@Qt4VeUoq`K=VH<Q&N|udJU88Y4_N%r1Eox<SyaG)R
zV0#n%L*O6Lzf6uFDWIk;%;$P$O9}i1<INaY;9WS)*8v7IK8!9E+4tD{;1wv>J3%i+
zjzRYwbOJt2z=`;5B*~Y$urJU*j=mQ8qv5#W^LKz?-E|RJDk?Ap<0rK2L%qze;=BO4
ztph%fUnPP5q4mn|Mtt@mAC27y*xjuQ?augq_$ufq3RvR!kiP{+x8QU)LKirJAXk7c
zWWxylIP_g;TkH<uyc2pY`aam^pz8?TLSa5=J$#MbL!g4|)e7K03)?Z;rXMjJQ1id5
zQS~mIuGAIx*Yb@xXOcj{Q5<JMFM%dtdoeZvZGRsL@){L!H-7uEnS{O+c|5k=@Y{v|
zB4h)JSu+6PY#h6S3dZRG`!Re2T|In>gH6CcLLUT2z$@5@-&W0sCCnJ#=k@HBte=j(
znRtner+}TpKH=v-9D$p}Pin(_=za_qQsFBk+r+pl<79%)0dGTA4-b$`K{j+e_EFf~
zPpmEYJjr+!w(o^aoS#=y#Pi@q=<bLl|9cE#7%W2liZ(pJSiyG$O$Oi8g%y(gTN3z?
zbwK|fbg!Q2F6bm;eS+=PBrRin74%YU&e1mQC@d5I^S~>>o%R2P@CgPA_TX?3{%(R?
z0zM7iL;xH4DyV{)$bvdxAqhJXv@i4nbX}2WVEY0Xi!7U1sn|cI<NqCcFY=be>V|F2
z!_0J{4*WKXjf`K{<DKw#5J-U!$IrrSgh9fCdWG^eRjMld72KfxZ({rj{4{($$iF7m
zUdA(!dyt(_-+w!)PQeHQ-G#xE@ULL-4)R`lmP&smN#`Pq!|rYDjv||a{s#E3;VTHZ
z0saX5-*o|lplx+gh$Axatwi<!cG9uo`M1YW!D@niMuKZdq@X48o?6$QAY;Khbg}Od
zpeuImpb8d4mts3z>!%a^Y2*owk}r2GS$1ruILZ0cS09H8;t8;W>aL@R))*{9b}r+`
zpo@?VK))QP#n>k!o23)OMkK($1U`+Og7dNa2L63;zLqKZ0peyrz32xcZ_l`9ErKs#
zs+r9o5@y3sMfq3ccjzi5@=W+HU}B@h-!bD$u~YCS@(#q<qZ2N}=P5Nga5Cfy<fZUm
zC>f9mPFDX4LpFw=AY2LU08N5UBv>`H9uDcG@$~}eSk0HA3t@YgwqKy>b;KI4{diY?
zzB$TlV&&#rUDJbIYY*F34R(b>0cR8&VKsnjrpsIIDk}F_O6@JG3VBYmDf0(I;V}KS
z4C`I#3I<Ozsq_azR=T@!<f@=2oUXQV%fQH-p*gwo8q;V~yJt(Qx{X`rintPQc}Sbo
zrEUF6q^1WQ|8D8-3@f)V$LbdJmijEeue>@VJy@Hyt!?kd7DI;&Icd&7o4b5&%i}8!
zR9A+Smv@_GKvr&R1rAs2hubm~X}-N}+s5I>l2G|V(}Q)xw<j6O>Z%>x6uDtXX1rAr
z@K;#Hu7DfCBRi6j*X`fY#%Ow;+f(AIDi57!FNrrMiMm0%_C~f)c9zedWu*r#w<qK&
z4$0IcBfYNb+1rH3s=fHx_99D`Cm9`NZnDvGV8`@e$JmJUU{B1|tX-k1fXAu|dVQrT
z!VFI}L>puw&@=S7trCBruJ3abqMG~smU>V=SB1wa_0IJ8>gMmujBMYH=V19OLtekn
zQdz8!-}2A&1Oi^Sr*8dArBSkJh3Fv*(v94@u?MW=<Xk^>hsfRFMrJ!<fKepsUO4h&
zq?MafV0nGskcy->m*w{RJh2g@>gDoig-Es<hT1GU-QCqHVY7MM*=jEK@*Lx+S-17r
z`-T`PhvysJ<+96-Z`&6P&$r54L8pdlPsl3rczjG(ZBcja!^e~5ox_cb<j@hu+%~b{
zU91)-R9#8A0oLwXPnLXPgptu&Yb(n=E~Zjk<|&?Gg~~iKVWg3s;VmxviFeR>`pO@U
zwGUQRs!c6(M;iNToB#Mk?Xe#{@^GFpGK%H*24z9M(RtacVz^wBZ@BHXLexeLRdsuP
zGhO9gHwj$<S1}trIKbJ$mfKtE4TWR7%FF$;Je(FaS#OXP@>}J8U+Dm=!Zlm27-zJW
zEn>to_Vn?_QNxap6YHYv?-E6fnXH~l$0~1$m6=&hq3LdxvZK7$#gg=DDJDgR$|x<T
z$e0~D(o-F@A1N}P751)H{JXJ{Y9GnB+lW+~AMeK2xV?c2Uuj@kx!YA~O%Csn;1p}}
z__3p=#18jSxzAM|evD<F@=8uBTg}Q1dxZ^3T*cfQ92)IS`PFLTzEY1h%Nr{5SB2Db
z^cJ%{3afn~*X(Sow6Zi)Jq&wKC(+6<3i9l?(uEzH@-yYw*Yy&gn0?2q3&kmnbyeGW
zSh=fIEnkpr!d`TCcP1y)*EOW8h?Pqh7%k=01xA@nxj-b_-}My>#5o>ypt=UFaKv1B
z_(IYDG-2od;xfCYpXd|WSD!X@80)9yWr0cq-cYqw8Sty)tqP(Rx0-ywUlp|P&lcJ7
za?l+{vz8^^05|B#3szle^58JBaB86^6jEW?n7SIZ@QvrEC#H8RJD&N4H&l_w3V1ll
zA#Q>2P2u8z6^HzRY7{I=nzW?xkv-&caaU~0l~qMvby6x^K3A!y!sBC&{1uGcLHmud
zqI<NRdZkz+dY|$Za86-~zskp6byZQMkB8~v6+u<1WOd8gJ12<^BGv12I}>s4gr6RE
znYqDOZpTa!pT{M;STXNR6~yfdxh#Ltbagpiy4AR<)ft~~guJ(_(Mlf87g6^5twukQ
zpdXv_z+-Lx_VyIfzO2eO!#Vv82Qah#`gF@9+l(Cf<_wWsd(%If$vrbfrQEgMcwDxu
z5aYYn&xOS)^3Qfh6#IQX{XF$7SubBme)xpZ-c%RJ;tG-0>L(_8_c}(c)yn8-mM0kE
z>hcE5JZ|~73Nf{d<#KLwLXRuRQ%9;o*Qvb9{l%O)6tb63Tq3{QVQiE;=Zi=?$}ile
zocxs0-F`SA(jr?q7ot^ERX)S=Ryc3p3cuSUlXn|0%RRe|czJxcF;QkcN6ox1>=Dly
zj|%&<YB9x>qxTsx#`xhfd#>o##CfTa(4H_??1_yIhTI%lx#WP+GEvRmqhh<*P`s?|
z&I`pS(TOf=+^9nKPW>v$Cbx=r<){JTQu)!X;?kCCw=~-8>J1TVcUdC-Y}ovzu49E=
zb-O4vW%TdGal8ASVvQl=ju_n&xL|^Qb>lc+3M-Eo=gL9L#SID0+<a9PMI8Qg`Ob1-
z*$0-3d=WnGZa=r6dR<kxLd9j=Mb-6(I#$mA!g$!;_Xm+16%(u~;(-KZyZc0YyUBgx
zmY9}hexE;(sid9&hbXfuP~K4v+Rk56HqIYdmSsL}ddth@{BzADJ5iWzMRTsnu&Gty
z4XPKj>}r?~*rPX!RgtaL)###*GO8@*NP0`0b7Ft6NtB8<>coZ5OZdcD+|ufp%8{GJ
zD!bF8Vy{STICsvw+qrA6sq(P$Y5`@pc=NXA&Ucvee)syq;?=gOjb+zzlspxFpIi}d
zrpD;4=M3ceTg1nP+5mqN%S>6aT}+w4dmx;Hk3FueAX(0|n6VN1tKk%TzA~JpR%gBb
z96A?-{CvA;D;Fo3o#nUNMS-01gh;o`Tbdpr4<(!T+G}=-{$^sa$5}dy)pllJpJ;0y
zF*y^B7A^dt<!XFA*v~&B7MOBlni(6zb*~<nJz$TRB6{$h<g<96TD*0u*bA(Ti`%c*
z&*zsv;N{?kzmX_9LSC~<w6-@qFEY)J+@d};2QErJ-JIn<c|SXQR!;9?c5Lkm6qhMG
z=R@b@=ZkE<U!<rX%fnx`Pwp3K@`|qJ@f0V$ej}+P?R*I8$1}Q{S!f@7QS=dVM}~QB
zqSejs>#4R<xu>VUq$I<BGsC=Cv{TQ;9sUaAI<I1O)%uXziQUbKQT8JTM0=xCAT&*_
z+O!f6TR*$u-m7FDyt~62WNRO@n>_luur6o6@vc5)ojKsAta60fl**|7f@UYF+wl}5
zyV)C}tLW^S;jvUFFiS18bBT1$9X>WM|FW^u)R*71f}FxadwgGWv#>vSQ;ZkkWt#ss
z4`BL*=GBH=en=$9%51a0Jeq9|v?mWRhX^_6eetcm@UUoRUf_1FN#3a8(;b)*evb8D
zzUp;b74&4qM(~r*f?Q_{*N*uzNpAW`)bMfL^JDRpo&1StZA67H@Igb(HmzJ<=Y6Zr
zt9m;1_x71|_2&rP5j*vBF(|6XsNsd<=I9R`<?gDiELR6zRl}mO;rJk6#gv_#{H0hV
zKOSkunH*dxMw#bl@MW)7*g43RE?Oq_@uaU(>fyVgw9LxS$r~y&N11PRhMB|k)I<Z0
zIJ{3!zKF?dzx9>4M96z$MRK#t%Kb&I@=U%eBj)7Kabz)#2c5?Iig?A$P#b!rr&<{`
zB==j+O`C7G{YJQqZah9Gb;C1O5A+P_<-G-FzI?90Y!Ml%tmtFESztzqqQY@whv#25
zCwzg?gNDZubF@6*agMFCf(`fHPi)k@!y=2XYTYY(W><1xgKFCEj4^wfDJN%a`Ae*7
ze^tOL7(T%{baM0$qP6_!xL7BxA4Fv0Y5KW8hyfi`4X3V3<3RF-@yzavAB1I|pVdny
zpAbV5dS~|Po7w9^tM^6Oefrv-6XLjO(r3#tc}7z0hxVjMb&ois_6=ROb$XjEU2~0=
z%}!dVJrR!4e@kwpT6SlYcGALmKBxECVW+^BE^?7+q%}0!7u9aq(!mkczP+WBjjpeV
z4liTaqtn(-_G^*G>;Dh--L?C7Y_hF5BOp#~zHg8Ib$xfY^k39(%MQs#7rQ*!s60cL
zT|0kYTl>>?#>0`3s@1;TY#YY~P~TzOcb;oJ9wqk=G*i^aMXF7o{nXF&*h{0EG_=uI
z4>MaPp4MC|shk#LCd4=Hu%)%mNS3qTH{$ITImWT*|H&=2O-sF9&`-CQ?qOyN*(=Y8
zmecc$foE#3ZQAQ|qW}9kYiZc2lZ_lR++U}uTj$Wc<tdYUSNx>QPMO@R;?TSms@Gn5
zhBo^P^VA0W=4iV|g>g;f|Clyg(q^xd?+!Pb+kudA{aG9C^9(zBzA@BjKi+x2{<JL(
zx81UNlG>wZYPxNj?u(7ny6XR~R=cUNU%1&g5O<b_JMF9ux0+IN--cWFS9IGp-F8y^
z*&6K>!_He{xFc1&eUp%R>y7Tw;dh|?-J?coyMNwjOB(Ib_S5T)>7r>vx83OAXKgUr
zCj9&DwH$N3(MJ5zzPiY1sZ+Nbb8K4b_Tv9yJH2#=aiP3A#*CLyK9MNzf7@s-`=xO^
zKD)zc^=tZUn?8G3q)m6d@Ly@HJ4F5SmO9sz16!Dh_OpL6*2bK*yUrB$%GZt0qt4c2
zC!Eq_J6{q_O87-Xh;J8}A7i$W6PJht`|>3sAne@tj1fY$-UlO9)14&W`q=nd(s|Fe
z=YMKc{cQU^Q+{~FXm^GlT+)M&kcG8I3p;q!XeDH)PDb;TpXtVJy78USr#0ePLSEgQ
zcR=C^BhtS1J7ZaN(is}_WzEf$U)+}4wB-**{nL(ocZ?Z4OGhs0$X}LgcN&TEg{O>I
z85d_BYt!(Z`jh@#UenBMCHd>+7soZ~&*hj}e(z|<n=8)Ro{yIIB$zv5>9R8|o*}<-
zPGb|>o12*{%w;CAqm#@TElz2|ou*x;buy9$p1S0}x@S)^+sW&b%+-zBb(?lQEi$fA
zr|x_&KGx3s?Cg!Yq){(aM=?>(>0rj%(>j>bPwm?!eS2GbZ<<-~FEsCx<~`OP*hzi*
z|4aw(oCrCi3-eI@yIRoX@J;bZ7c*Tx)Wux)E82FOwteZp)3HAkllrs0dU&&J>tl}n
zuj|s|&o@W@@-98uJheZsHqO+Vx3l+OY^q<@Ut&%$&->*K`W@FBDY81p+!XH0)8vT3
m=0mDA?<nknxuy{RUW0DapkEgK|9f-wE67uRHSoWnH~&uvQ~3h`

delta 51363
zcmZ793D}Lr|M>CavG4m%j_mus?>mvL5Ro+{DrqC-RFqPplvG4oQCXrQ+GL4{M2kf9
zt%yV^+Wg+{Gt+hT|DWr3zOR|N=bq&=Gxs@<cz&-R%KOyIc~f5(%JNu(*Q6YYL>c_H
zLn6^9cOvofbW0P7pI0XmweS?Sz;bI6i5!^{iOaD#`BASY5+CC2SQtCMkw}!lL0B4Z
z#Bw+*=9i=WY!9XqKai+TLDo0Jg{IMd(Fy4FS=a>MkNH2aBl%iu6N%b50lVQdXuTiN
zjw-B6B$!X4Ef&Wf(NS13kz(W|tT;FNT67ndp!@_@#B6VcdNrb5u^{DFVhy|%E90|R
z0k>gQ{0VKR`1)X7%tO8#7NP${e-eghEEdHFV*VMl;(J&cccKj*LmMo-A(6NMYhnTH
zj(Kq~7Q<_>4BmxK;Ayn|jq&;ym~zBFlPHD7-=;CFkA`e0+Q3+}!TYd0E<_u8554cR
z=;>(QcS3p9Xa}r9y(`cqxEG7y)9(=f3rM^cD}E9^fzB|;yNN^>ERTh73_7se(Sh9;
z^UtFVu0+c>qxFtpOFW52pyqoal6}ynyY{_QNTet*gb!mST#OEEE9S!Qu{@r}URdP)
zFtAbBi2Tb~5)Y#h{R<sPg^eK+ZPEKL#|!ZebU=$zB&@gztK;EVA@2u?#1QgzaT-2^
z6|wLpb}}|aJDP+xxCpJk5&L5K&D@JOp^<wYjnJEDWOtxTn))sl{2eP4+Y&0)KqJr=
zd*e`atyiE8Z^wN27na4`TSG_H&`7jIH*J4(<`bfiVl(ouV^#W3{7k}`mE<Yn=4*{r
za4g!u9CXCXu`+H&H{VHgKv}nidP!_gz9qK86#5+4fYv*M4Y0uWFtLt!q33@jiAr3!
z7wzC>bi{jN`583Cr9TSix-~k$5tzgo=n^hNL%cQS55)W*=&sMdBkZv%$jlQ>u_FB^
zhLiBdd(lVeQ&<6)qf4*{jnL_sFTOLBH%15A4;{d*vHVeNOa3)<Lcd~q0w0HVT4OoN
zM`EfDiK!&)@HKQ(e1?YXC#-`xcZCj{p-XWY8tNO+j#tO>-DpS0&;jS&9XhIy)yVfn
z@4p@G@3Gy)zbT2e6d0n@=!kQD5|*SMdcy!r;&{x14`Y6OI_6(R2mBVgH}+v}JdSno
zEIQC?dxD*@Ci#(jh`+mcHU(eet5^W<|1_-elV}6)V?+D}FUG2S6N#>P3+Bv}NW6m%
z?8AM*edqv=pi6iX+hM-X5{c2+8)xAgDH5AWborbQ7%O}c22>Q?lnpQ^4n$AGNObK|
zSQr;#R(uTy;9Bg61({7P?2k@h8rH@&*bTqM-k7SrKRkF+Sc8J4=<eQ!rSKm#LM6Wn
zGi!o&+!2k`Wmp`?V0OF<^WpvIUYLj0dkahAN9gYV4(TtI$bTTrs0F(Am!l!O8y&zi
zSOnLj5!#K``y6fXJQl-}Uxx_QMF-Ra8{jB(VDr!=T!cnuFIM;bXFeEqV{I(Rg}&&q
z8ihvUUNm&CVi`Pu?%qEz2VQU}?Di_?QuRP1)E_+s*I-_pg?79EFTm|sCPm^H31^V~
zn{dMgXvjK5FGU-?5}nB;Y=d{9GkOo3<8SEhuXi{^s0-TBbyyZ>Vrg84Ms5qH4DB~0
ztoR#x9E%<aYuFR5I3#*2I?#vFhF(HL{Q>5}udo7sk1kQ}Z^K&G$Mn*ok-QtT;L2}_
zzXN!k0z<hS-8`RS6Fh?M($fD+BpTy5G=$G$JKT+JvG8}{<M>i^&F5n?+=X>9*Z1Lj
zKnv_aej;|kP2Us$wj}cYzy}ZZL{Gs?Y=vvFGyaY~a9SS?OVAU$lJAc`NEV`@{|Jrb
zVYGgxV`1$JqWN-oA=bfM*f&MOwHtyqFb@mit7v52Lqoa`-JE~K>v?_*9hF1(Mr*Ww
zUo=8jVMTllbKp9xf*a8#{t+u<s^ammCf%_*1-D^&d>#$m7PR77tcm4Lggwy%-2<c1
z^1Cq?E=MP@4jbVPbOM=w3InZzKGIttn>>}clteZPuEeD{4h>Q9lSBiXqoLk|mY4ZC
zY^pZs46jCKJ`+3PVyuThpb;%~D(wEc=<}o}x~a$D1)l$@Bn-)7G?e?%iYL(ybDa)1
z)IxWA7qr8nSPpN(MffP%VWVF{WV&M^@>j+DZ81L=9l#PSMgNJ7Bn-*d*dBjJ8*2V*
z*fhPdAo*eF@tc5^@P5pW%ds%N5wCAYm*z0m#(&TysC9-P%dih#fiGifFp1p1g_&NB
zmyv$}E&mq1q22GSAI^_1!X)|UuqtjsJNzk@=Q<k(Rs)Mu-T>Vj-7y3EqXQmzmiRl<
zYbnTwQ_-0|f-b>xXv6QIA={7EKZ7=q`&@`fIV?fGG5Uz^g|;&;=BLE#Phm;QSEKFk
zJV*Qu(NPL)u*4tXbGs(iAm0?H<0u@6$1x{%{xd|NH+rmYKsVnL*cK0BLrne^j(0!w
zRLw@0Vih*ReJK)kN#yxEtbHroO#V)6hF$&%OLG^NA^#lO(R=6vD*O4c1f9@hcpcWl
zr(*es=m1Y+ODvVhl>TXY0G1=4nnA+zy%bB~Zgl3y(cNDnQ>OHBYJujjMLU`u^Bd4T
za0s1I&WzAO8+4!(ur$7jw)-i%G>OcaoKPxJh=c`o(9pC)M|>p~!I|iTX))Hp9q2&*
zMrWGL63Tm`^`>BUT!LkBB|6iOu^OJlB$mvYDN)|@-<*WUX)s#hZuG{N@dDh2Nj!?y
z%atuesxG>_yQ7<LB<982(Fx7K&Nv^Fcm(TVmh7RO#+Zlx6N5>3;~30>x1z`GcC^Dg
zu^7I91#m;m??gB4|1dY6LuZ<mKc9ITE1^s9K{OZNRL7I=jY)hDQ-<&`iCI`6S7=}n
zx>oO^o9sAt!|J(1{w8coepSr>g1yPt%abW_3EqvZaUXhr(Y%=wci|=ICftkel|uP4
zr4l_!bj_D3(GMR-BXR;=ifi+Sfjy2R$yX^52KWGWB)<&H<Im{cDO51*iN@#zMxpJ@
zMmPDoc>NnZOg?|1RHg*Wk~m!`Q{r+8&J_+F^eYm)8H-Z>7`n#G(6#*l^WZ+rk4Mmt
z*<a9lf1!J)XwgvK5IqI0(18s^PtiRo5)DYKLU-+VXlQ;y*R*1>uxaX|0~vuHw~6S?
zo<V269c}m|dOAuM5Bb(;{u*>I&BP?WhVGrzrzF~t_#sxPS|aT3p6Cq6pquX&bfz<-
z3u5^z=)gZfA5b5mr{`!id&x}cXMZL1Nn014`A}pcsl<aMk`%1LJ6MW+XhWBlW@+#S
zbdyeuzJNZcK1Bz95}jF{GQoc6b7FGLFGC}>8-1Sqi6yZ>SqI8)t4_ijx}uNbiRjub
ziEc$h^*y?_f1<~<$OR!HCDBM#L+drh@^}%tWaFZDqxa84BeW9px!XS`VQ9ZbzcBoS
z&L~s4Fybm`c}vWRz0d&<L_b#V$Hw?58maB*W;};Ja59o%LJiS9atXR*DNOmPHl4&c
z{01+<p5-&8KkXLdedPbbK6uZCnG#3vGrR`hs*ows9V=H1Pr3<cel2#utd+uZqZ|5w
zn}g2$8BF3kl{o*d$sr2b;u&m*jVotLe|%2FQRH92(O9TTn9(G3rpwSz$uH2QD_k{1
zrXzZaZbFaUQmlfT(M|Xh8i}&iQsMY@s}@3Z2YTatw1ZEuD<-OEN?Zxu&}aT~bQ5kt
z*Z43Rsk7+X-&G@1`pfCF=x*PN);ojVm%C=B#HCm{MZ(QC8O!05_%5zP*L-rVOo=i0
z5IXX+X#Fa+!}ZSSX&H!id`ryFLpS9bbT7S+KDd5}*Z;t(<Wt4#gb}vI`V?G?URZ>7
z_#yhSdKNuK73zj1x)^=7&x-Cqmmqh&5ZadL{a0hFOg!4rCD>a(etaWKlS(8Tgf(i3
z9*@f~i8sXjBk}q&bSbu=GcM3D)T@Ptv?q4PG3bC-pr>L#8i7KM!d_{L)|-HNJpXG+
z_(0f<F2Nx*5{brPh7HhTdIL_tQ`j0uH3^&XSu_%Ru^Sd{8af(+4aq-_F4;%uqxwfQ
zGWnbF0JGuNB>Xg+f^BglcET*pLntpo&+#qT6JJ6*`aRmNMY#R|x@k9{GyV}h&IMa$
zO8<;`CAJ{H2;1OSm@=egSRik_68*54gO<OJ?eRRe!}hH+CGN**Xao7$#L%Pl#-MxT
zW%T^-i}_M*!;Cwkk-HI%@T#_){~jd%M}Z-%-!6PX7>{kqzk;sSPw0RewGZDDreH<#
zpP~alhc;NHLx{v6G(rzzTil0sT)bm=K=nrlytrd3RQMkSp8Lw3!f6<cZle3K39d%h
z?0CFhx^vj=U89rGwO)#D;)6I6&*DTJ+$9WbFAgG~y=$h#=bVZWDH1-3T3i&?>?-t_
z%tU9f2A%nNY>r*KXG;IDIu#TA-+FXl8+wGzdmOWp&vSA34p|6&<QBuJ*bq12o9F~n
zQ+kH4MoZ95whP^*8NEVCE8~OY2ciS{4!yBX@33Tp&~rZzeH4Ef^O^gEz0?pZQ$7I8
z;}mprE<&D+sl;XyhW;1yQ?Od!@GZ9)x~3Q5P`m?k;eqH6(O;tfU{$W?yd>1CA8my`
z`MRQ?HG|OS#r0U!gFS<UpWBPD0Io(m+JxC~7v{vz&`0VwXuY4%dgn1W=DIX|_!L7U
z(ix59t=JTwLL>Ysx*4<e<9O14q7w;s{}X5=K0`NC-u~f9*B;&NL(#o54V~!<^uh84
zy6MhhJ}fvO%ruD(xDn>X_SgY?qkHU8OgV$~vBDO-ko;au;#qVCB`*udtQGokIyO2T
z{ciXyx(V0C@}uadUDknNK&8=ss-vNAgbuv-K+eCr^Lh&095XSA%h8T@p#wUOKJ)Vr
z3gtD?^V=1@{{i%4c?lZ9_t1#_jy@mCTpl{U2yORDbZ^~tIp^PwS5x5H>_fj=<ro}h
z&=j3vPjoL_iH3R{X5c;O+TMrhj?tO_jz%Q!kT8Ij=#pK7F5#S*e<wx44t_uzIFEj6
zHM$}klX2*=djx$F?ngs-;m|PfR_Ogh(Ma8bNqhpG={j`4`_M?8L?fAZSa{H-s*|vR
z0cZo)q382qG(>NpBR+;6pJKzqjWy6ya9MN=di^#u0<+MLo<}46e)L=PbYvTm?k|;S
zLc$phLMz^kM&faF)9k=P_&K_Zf5aAe4qIZQk>LR|0jraL0`2$%^w@rbN&FH0n9nmR
zM5Hp7^Zd6VVW@_p&w<J4fM%g1T^g_NM??5Kmcyb~hK?Gc<$ck;GalWHi_nO?iPdli
z`Xu}vjnD<7*>j%%h9n%>X!Kazi4AZex)=6fTg-J;*lgX=2u(wmXdSxQPN18t%+(>1
zozSJc3bW!&bYgSR0ltbUXS|t&eu)m`Cv=86#)Oep#pdK&qnl|Gdi{}jeN}X8^lNm<
zensnLzb5RJDroyn(Y@C98qU9)=w=EG&AsT%UqNT|4Z1W1#)bz`O*C}9(PK9nJ>Lt_
z<GTahBj?e*kat{Inx^Pp>5uJj4jQSw<5D5S|4?AVjjj!+p*y;!BhZHKMEAln^v18y
zQ<3$$FtB>)()B|Jd=q;AY|M?XqMLgiI^nO-NSsKKFr?Y94>u;!HEkKa9(@Ea#`I4x
z=<fb0ntOb>zbd+>?a)XJM340Y=$bE%`3=!e(SfFZB;km%-w+xofexrH^7)+ThHj!;
z&>77~XSxm@*ca#n>Th&LohO8bhoNhHJ363+=m2-4r{O3PkyN7ajUhyhFb5afp&`Bq
z4gHPiUU(WE$PV<F{elj#!cC#U-e`nwLqok7U9u0*0iQt!P~_&Y*J@%J&;KPPl3W;%
zuIa;QM;p)^j-WIB6Afj#TS6q7qXWGRozY$Bht4u|6YoOzRF+%AgRB(#Jg9`8j^<d5
z{u39I@N;?;+Tji8vAG`&`4V&{ThO&Xi*{6WVi;)i=rDAk_oDTdqM_e{M&ukOvGk-6
zk(QXUqsvJc%E{;h=Oy%ca1b5PFX%vW-xijn8e0ESbhF-tUSEywolnq6{fI6}w#i{H
z)JFU3gGsz$GUwlrKSF_P^fr2)51^YT_w8ZrYopJHA?Ti%hBmw$o!MvT9yx~&pz0lA
z0PWC-3`Qe%C%WsON1veY-NE^H?S7}gkd>bjZfK2mFaqsx2D;X3Fo|EIGdz!WP>Ob(
zS!=Z36)`^@9r%mr0Cr+JqL?I~J9TH+3^md7+6LWx{n1Tyd(5wh`F&`Ix$X+btv1?V
zSM<JNn8bV02)>9O%WdeAev3}{Y&3P@-C^cEFv*26XoEAbJT69W_#j^Y37u*FsbOYy
z&>8nf>!r~9mY{oLd(0n2mnQeLumly6O`S@#CE*^p0ljfStndyd$?uQlf1x42;GWQN
zGi*qH7#fks(010M1N<K*G3&iyLY2{at<k+U0xNs|?;>HtFU1QR(UBfT2lOYp2g**5
zp+-YH4DDztdi_~+t#_jBorxB>FLYP~Ex!nD_e#u8|B2}&a^tM%Q)uX3M4xn<(6u`g
zujjl!G*lElhIP?;L(qZE#O}BP-9vw&OH_A8*n|Voflk3xlEm{QtgtzH61}m+17S^j
zp!r+S&@Dwb+lT0`K8Z%G$b;e3)IzWKLnAX8t@i@j@%ETM{UGPxV^@4;c)~Trj^wXI
zL$nk<h9993`4v6Cg&qnst&MKhKIoHf4CcqD&<QO=JN`75pF<~*b5__ZRcCPy`%rKx
z1ugIe%!Y@t6&^*`xXSF%aTm-&ek3};t1%bOKqK%NdJ0}e2lhEy?`JHCg&q#aydt`!
zEm9<0yIyF+=51gadc&(|2k&AMx1+oGIJ%h%JQ5;P108TT^b|}-pNOxakMzUnXGqC8
z;Zyb^^m&uIgoF)V6MYE1aTU7e-=H%n`e;~+Cg>6jML*ppqceFJUCQUt_TEP)_8mHr
zVvmLLs^})|f$W7;;(8LU)m(I~-a$k6ZS*g6GZmQ|Y>v&y55uPTBzoT-bf9OkHI{lj
zY_@@zo&23>z5CGiUcnNc|2-rMP;fj}_!|w)h4VrrnxUKTYV^i?(GRJY(KY`P-E_ai
zeC8*@%*&v=y$2ex8_~Tq3ysurtnc~%h=emfkFII)Cqqc<qa*H&hH@-=<5Ot;H{<nP
z=qWjaMxg9dp`AA9eS^?}%s`iHCHh5V3#QyGUy;a%Ip&9ki=!RaL2tY?<|m^wS%h}D
zKKd;>usjRGcfo4tgJ}Y~)(g@0-$#$%Zgc`aFW~%}$nkX814*=@Zs<%#qicB|X2vb(
zX4{TQJc!<(SQspU^~lymColrt%+t{Uy^asz5quOUEJ}srko}pkHU-cD)J50)Vsr*$
z(OvxzCUF%yz&&WaGw9M4UK}D+8~xb52z>&MLifxp^ijV79pHy45{B|8Ok%NT!-$)p
zOEVgM9z22$U_H8t4xtSuo(oG<8@=8S-K3MybH5P%rn3*-3wfRo_qRkRmKsdL0i@6w
zyof#t-$x%9|DYA?ybv1hi#9Y7{qFY?x+MG2h@3>*DfnXenXx8XepU2-Oh1~D38oUC
zlJFcSUJ4yGLziGM`uRQyUE^2LP;W*%{uZ5K@g*TbJ<;dFM07x_&||zAd*A`=g4LIX
zO*#SFd;Z@d;jaD%4Q;7qA>SN5CjHT4GZx)kccBA$ExH>W@JV#$d0r0fR6%!p7xeiu
z8XeHB=yT&CO#l6#7fIOh`|-kIw8KBqH7)o`xZVg|ihk(YPej-H1$0S1!Y23^y6YRh
z8YVIl(`$_mbaBkTgXzEjf0%^FBj@t4TN|UHAC3-eF52Pi=%)M@lUQIySj&27y+P=J
zZ$s-pjd}4SOg|~nrThh5qTDMv|Aw;M$`G1X=#NI1qM^GAjl{i}6X&BLegSRpJ@lA;
z8Owh~L!EzBm~j%l-T__WA!r09VRM|jiu3P?c2nSuN72*p2YT!-d@byO9_YY^qt|aj
z8=Q}J@FsfyC-M3bbOO0ohbLck^!{d;1ACySpkIoFyLk#aqm}4!*@iZF9DPvyjY+(4
zO`H*CkRO6Za2RIADd_iwX=sRNp%Z)-?eHy3;<xC1sjRPuKN_ikHaHBO`ABrr%tS-B
z0$t-B=o9Tkyk6psP~HMv`^(WynL;~w9*x9C^!~%>-pF_}J-}3=E(ts6h(=;KHo!;G
z51*~*Ku)3^6j~cPXpDZS3`S=<7V~2Y?PwOd#>>%&9zzF|XI)s*>R8J2--d)E9E9md
zCuSkP5MA5n&<@^4p9i0yA^si>?P>J6kn62*e@k=#BhaP08;$IX=!BM{n|U`@qyNNy
z5)L5i`Vg9m=rQYyHZTQ~_$<0dKEPIZ0IgSgLx^A(Op+gkJ{j*pBe@<8`OoO)z2NO|
zsybuJ<20B=ZoC!q;8bjavoXB{(Ua&VD)vs8VH<QnL($MqL_3~~4txi?iBF@E%KUCP
zHKoydP2P>)|F5IKwR!+u<IU*6j$voa`d*kp4>a_*p~vqYwBcuBer?R}Mejd>K0k82
zAG`qFOAXP840t~k*6bb%T!LljlW-flX@18>SaM^yu@@SV3FrWxKxeuJ(+?u_(fcbJ
z`U)R}(=q@@lfN6s;Zbzc_fKsKH{6JJxEO8l1N3Y2QS?;&iEg6Wn?r=^p&j-^H{12-
z1ZJU2@+#Wi7WBb$6phGV=yRg@miY5VSrQ(j3$Yv4Lqk3p4fXqIh<Bio`5)R~p{=38
zN@&Mz(ej~a{R#2<40NW?qig;?dWy~=5lkiWeHdm?9qV%8BJ?;-M)$%i(cS27KZ6dW
z{I;+ed!muJHRc~iXTA=N+*jxx$iF=f7_HwH>v;YLk#Ghx(1w?wPq=+(1DQUGAE#)3
zBzk==I+OR%`}d)tKNGL#+Yx^7XojAScIYV^iteGYnDqQVLc$QehDKl)I>JmlL&ef)
z!|l<IE=M0ow_!1S2%Yis=uEeuyZZpTH*$X*HhB$niTa@BqcCLy(@6LQ;wj9F+tH4`
zKsU|Vm@m95G*BO1noj6I$Dohispxs1gYN$4&?oBWXvF@B`D(kvQuf--`S-$P3LN<h
z=uFq6$7?Sds#EB>E%8ZM^A>0XMxisEh|TZ?^a*zelbB;q*o@WCUEdDfgk7*XPT9lx
zx1qHZxb{2HCHMo4NR3ZJh%ZOidIEaBr(+X*9i6~WvApEoP~H_=P<|)c-g<OXpNQq<
z_Jx66o+4q$ZbU;h4Ly!a(U0M^Xef`MBQO407<o_hzWdREJ&Cz+Il9K{qC3#Y97310
z)aT)W)(nkY>Ut7}YymdJO=zh9KsQO*FG46=p^>@*y>SBiO=c1Lpjv|Ng|{$?d(kK7
zZ|DQ9=9ghF^+AvEIOJ5M67xbL@j6=ZQ*=P*(9o6N9|qPJjnH)Tw7i1uk!|RQ(s!5*
z^M4hVtQdA6UkhEL8_>NqAFaOz>w5mbCSk|<4}=*tL_2DQb~F-Q^E=U*FGm|ZfU_~j
z*P+2D(3!oDUGOI~LX8iG=SCZJPfbAEUyPmUKe3gB$0`4z&|w4gJok?I3Fu5`p#xcl
z9@{VD^;77Q<@+WKupZjcP;^tzLcegVN9%1y_tsHNxhV=C4r@~%ljJW(*YdiUzYl%#
zEkSqjSLhPuI}&GzMyd@uk-^bB(TO~V>5kC|9!2{t{w?R<bJ+OX@ZaTbK+pSY=;rwn
zy|KXm!X|5g&ZHB%%X^_8HX|@Q-i8kRZZtyk(dWu*n8Xj!_KwAT-tSUjm)HI-%%CTF
zoW@4)L`V7<+VE<0hC9)Lo{r@uzYhayfY$4bZr)*-#E0YcRq^^JbPpX&k?2Pv*AHQ4
z!_Wa-gU&34?%K!E8Lx=t8`0;%espgXIvOVu?TK#c>oAFP(C5l(bO|=1kx88*;WIw_
zvG72-5DifSwB!EhNUujbdJ>Ju>u8AgqHBB{Z8+bLAp$MYUEUw_;O*!V-H)D*hmrPE
zi7!Yvv(uQwtjELdt&DE6{%9nopdp_duWvw4!wK{}mpKuZuoF6v5$NupjV{Rsbl{(%
zPtM=4wC6wjPoaYf=!F*OfO=pC4#mtk0z2Vo^x6M1y2jtee9@Dk{9<fP`90`>KZyQ_
zPN>k&VKX<!vY!7QBpl&2Xvn9bGhTp6T!Wt1eduRF;#Am#4bc!^h918uXa`S4H=_6b
zh(4H#o(_Aa9opYSOeIM?Lc%@p8oFtAqUFC}IV|!^Xt*IZBR?2D1#_e8(1Co7hB(Ww
z;l2uJdmUo_YV^T$A3D%Cf93oSCUJ;@F4*c!2>m^ni~Kw^<j<m^K8kiw>bLNj&<t(x
zI&{-MjSl3!==bOV^8OzF!eV_)lAnMMV9xKHe>c%v6u4QAp=(?GY}i!2&;}=>4Lywm
zaU*ubvgg8pN1zeB8Etqr8saz6J@5%S@N==e#2;bF>ZeF}yn3NG-iCIx7(Jg`(7kW~
zJ#J?(iFy7EUn*;%OVk}5z*w~2z32cI#QYoRb7d#m-VyZUJoRTx<o_#dmI`Rai_uLr
z0v%8ajns2!2YWF6D8=^V^Zp%<U2k+kQ_%WL&`te0cFV-xMUQ8T^XYF$sl*r(Ik@mV
zI<i+ebbE0#I>PyxGSUNBfktRAI^)052U6LLjPyX8Mf+oY%5RMM7or=Zhp@HxV+YTF
z%gmwRPIOJ*K}Vh?OGf%9q6X-mxC4#I8g!taM2|%?vSy@1UJ9+(Fxn@29U6%T(1<=~
zIsGR-j1|5^ze;7!mJ!Y?x_R26$L(tLN%tVy(3<E@^bz|#x^%yy5z3i8BfW>Jq4_pw
zy`gC2#$n0^?;~M@E74uL4Sf<G#k}|jy5>1@gqf8?XV4Peq{Gqcx1s}n2;Gcp&{MSw
z{mJKVG%`7JhWeFrW~373DQHE34GqQgF^bNPE{krCeuM6XztE+qm@CY@B|3pVXglMh
z51<o#0lVNk=p#OR?o?=?RPHdc`she|p`pAymXD9+GqEM*PoNRlhlcV`bm@xc30A}O
zX9@cJ=z$Jw0{UQk7@he16p3CW-bP23FK<Trn@@lA{62_=^aV6@J7WGAdW;I@3!AkK
z`h>g=UDAcv7`Mjj=Wz`A+W9lmzfWWyI)PN#0vU<6B-*1LO-0Z3QXGOiurJmq7&@4O
zhHg0;q4&|yeunOWpJP6Ip>RDJZG=YPBJ7Q0kR?hb){!uzdodptDx8u2ak)I&Q5!T8
zeKEaj(a_x&U5d@fe}v9FTahrcI_T!R6x}O#q4zIA2fPW>|NZ}K5^lb%MMDHiqc^li
zpKRA)D|`ig4*ZC2t_sC6(jUjIF}=2E<Q_)Xd^H-;FVO*KDjv!!p!K?81<(ID5_UKn
zllUgO)?c6@{w?Nnmk9Z)=&o;tZnA#p%txbZIt#sTHTneo5Pg0eKp)MSN``thG5!6&
z4+&>59v$f{bO0-3`A+OX{scOs=B2`>8;*838-2j6!4|j|?XY0!uqPU!5$l0|TwjIu
z_jqZ}zYV-jK~LO|&ZK&o(C{Vbqj(~^yI(}V$$XBDFiY7`uQ}TAP;82`&<Jfs2Yd)!
zlI$0R`n51gzV8K`e;<iAQjj0-MDw%J5idaZ#+&GKVJA9}FVP6)E*GqdZnjS7SFQ<|
zD--7%U7{D0VTs>F?>~eMv0$ovM*0gyXY5MBBFxE+N6~@&a$zu0Aq*fdx`rjO9d^Xg
zcrVVv6Zi?<Q86R^({S%f;WQ0Ee{{PUbK;BWX-KUk;o9v$H_HjkikT{Bq<^7EcI-`l
zDEh!zfzIG-bZPQe37?X!(R%lx1N;JAsw`E*%<G~Ny$t=+up5yHrV<a6u;Zt(0Iote
z&qmCS-=oikljyPe2d!7WT6iwhNB2w*w8NXx2|a_Z{d?$U`vDz5_UhquT!`8H{BJ_S
zimlNH&6VhrEQN+>F1ndkVFTQT4(uOv4YSn<k!gX>d<;5)N72uOH?cf!Ly!4!G;&31
zvUlh|(Sd|F48t5a4Lubz(Y0EIMreI3--UiGpFx)-bFDDLdg!L?jZWZNw4G^a#Fj+Y
zq3vzQlruR<q78nJ&ZtW5jP#G?gVEjpI2xf>&`^GguHi3egbLOPk*kG1c)FnV2BXJu
zGP;DT(Fkvh9;n0lcci~lU_<%phEP|>T;$uMk+~QhzzyhH&x`r@&`|z>S+ID$Fn}^>
zB<rCaH%A}c-Ox>X7dFOE>ZL*mbJh>XsR_2_!X)g1>(DjNXb?VR8e?7Z<FO?^gO}mg
zX#FM)!~H32P5xbUQ=UgZLuxe2NdM{j81#9wB1OU_co)0kR`fwquyF`|Yc!OXqBq=#
zuKm=Qe;7R#&!7?e0Gs2-=+fnC5<W$f=+ZPmBia?+oT+iK!W6WlhtbWk0=?k_bd!C7
zZl>%_LuhMa74nVHH6DU4(Oh&%HlQIsj_&>n%|hflq4jP-CYnktAmOIihBo+ZxRA)x
zJj|#WI<SuDGk+vHgD22|Za@dN8{Or<VK&U(A|w6#MDn2#T8q!&S7@Z~YH2y=ZyO0W
z)d{qrVy(i=TVN;hz0pVKTr{Lx(cS+w`at;$oj~!{;r!P_BQh8r;A7~Fm!Of^h1Nfh
z#XbKe+k_75VL9@haS@J2JIvlToQ|^SH=<@S-y`O)MjM=r4(Kr~fh({*eu%b{r(M`X
z7ouxlAJc#S-;snLkC&sH@h)`a_oK&i0eU=FV|oVY5}e0DSfPDJ`WK2!!NKGYpdoMG
zA)JmOX!+}C{lXnH(to0IT}RG;W(p=yki=WirFb0e@ZDJc6*{oL(MNICPGN79#SHRQ
z(E-;$XW9lm_x;eBj>7b&L)%?|Mr>`TRJdUe1vYRLo$=pj2#a(MkJMUdLl?#TVD$PV
zw4q1P(7%jEXbaljZ|L`iTwTI*pcu{}-yR3zz7z?c@pZd~2sFnA<S$1z-z;p4d(lU8
zv2NjfcSn!az35WBgzfMn^Z}LcqOkUDa5MS4u^D#j9+qY*`dN{BfrK4x#BP|gN9gDh
zbQj-;-uPZD{}UZx-HXE$a1{Eadj{RShtN<bdWMKpL7#x_(a2nfo~8xJ9!VuWCSgaX
zLqVcOudoMtVk63L#rpUPI?zMt8dmNd8%CGrI&?;N#{2>_GRx8D${zHA_9yx=U7(NO
z899F~NI0^w=#%cr^aaj2TJbEp`6~1c=e`Cy({5M|$6ylYpi8nEJx%-K^}o>PMdeH4
zgA9}8M`9)VPfR1>=2?pF?oH_CI)Fawe?w=O<<jusQ4EvhhoGUHf_At9{m!@#z3&KS
z!Bgld`wgx42fE3V{W$+VGMkXFpewp-hoZaoMs%hrd>R*`OVGN1a2k#$zYUYvVnB%C
zVD!uA4D|j|mxZNjj(!S`M)%rtmvR0r_=$qHSaV>ga4q&GzYH(IztBzAdr-JO3ultw
zfi3a!%fnuohds&f#C}+Ia7N+*yb)ch^Y|iG8<LU!=efIwaQ+=(qbtIn{q#fE@JV#@
ztVj36A#@k#8yXsFj_&eN==BHiFs{XHnfTs6EF*Ch`DcfR_H&O2)<7Rn-O(i;o+9De
z-iEH-gXrh{6PN>+pcPl4pMu+C`7!hq{DKZF|H$yYp#^$8uSPfReDoAOhc4-t=$`ow
z9Z0IgsBqkBqZJ3BGoOhzyb?L5i32g8xH9BxqMNA~Ch=x;@65$ExHMirhHmZxqr(Ji
zpnI(;GSO6`S4bp=#tYY@Bfl3t&kv!;XIb<^^qbE2=&?PGeq$<sReWw>lKicB2TL&z
zZKv3n@V%e`x@67MrU(@YM>rQ9`AT$Vr=rEL2|rx6Ld&m3H`5&SfwBSp4EO{c=y9xr
zxyFV^adUL(#ztqLky?T!=s&T6gy(c0y7v3gz3?Mi@hq0dJmbQe)sA*V_r@T!;~Oy_
zK8&`r2>rgW0v-59bihYr`9GM-NkPGD!_V!d(a;XS#yA2E)f4Du+=3q0UFeMRT^II9
zEp*8SqMvHRaU8ydmtfWFL;3A^ANhUQ2ZxU5{2w8)a(qVm7m7S~Lq_^vF7R8U(qEH%
zV0W(1!47y3eQ;E`F+Aa}MQ1)4llTNW!*$peKgM=g;HK~g7=7_}@(Xbambp0<j>A(o
zhneocPF(mC{TOX`OIXVZ=;>ID9=p%63jT_2!ZNppNOZ>r<ZneIv<$s(8yd;P#EkUs
z{iuyslAW3&;WPgzx(PE)3Ts>j4OM+~?cYMboE|`Td&X^{ULEwlPIxH}LpxrB<?vH{
z7k@?f!kWq9&jGih15eezJ=`!Ht#BuLT;`yk`zvDp7`iF5-w`%b5%j^;9IIlF=*{Q=
zpGH5nx5x5-&<?9i37@L{kyDgP+(p7QT83_}6VVzhjY}{FeGol~Hn17}4+&?`P`9}&
zJdkcgmu4=yG^@~veTfd}e9YIpJ6!LB!~Fc8M8X+-iB`-!HH5S-b|&8){T}cLw#N<V
zBQ!BB?3Mc1m+V9|Lfg^j!RP3}Pot5z;GQtSKIpNZg%eEVzc+lk-HkT<9vX>X(A{2d
zdRU6d*pU1hbd8UpkLsNFg~-&xHsl9mN1Tss@f&ngUwD5Q(A8)^k7BAPiOnSJsOXH~
zP;>xG&|UjI`T!~VKse7WusQiz*aEkq9cOzm{Akq~y>Ax!*|8y(A3`HoZDv^VaWgsp
z_fzmH1)lS!4~5WALn|&sHc8?zdj9jw3i;mXUbqcg;}SH)KVT0mJv&U`YHUgV1#F8)
z&?T+-a2V*=huK8^C|FH_n<dvHVdQnt28W=bnvK?bAMK#ToQ%XpcqI<N6=)=LJQ}VK
zKsWVs*c87*pQz;?3lr&&M)1iL2`lVHcYD6M!8Yhxk4K;J&*MmZ8z<t0kB5Ohg`>&u
zz|T1q4d;bF>B#$JxZVlV4<vMnmtj{tgAO3o`l&F0NtmF4RcL5mn;#w^hcPSpj0NFK
zWDfL^n+IoMb=-~X&{Oi@(;;$ippiR<ZqhOf!&0@y2g#?9fus_77KI!8p_}ebG!k#4
z51^AVU+tN&nFe8H%J0DP_#E2NW;Bv#(a_gh96kka!~*1}qI>009Ey7|mj|)Iv*A;(
zb+lXbQuMhnH0JM%&cT9|KaGCatUw>Zo3JPz!ov6)+HtPuLi?pL8~MtZ6Ki4m_y08^
zVa1N<$8SH(jl<9{664T_%tu4H1D)w9G-B1C4>P+Oo!N`%T4#SDeE9Uiw&bUykM^zT
zX8#|i|NT#{7sE^&qYsv$=%$;3`S5XcrZ1pRxVJDbZbgsfK6I0ndMQkxCwhG#x|goP
zB+f-A@CN#P*#8pe-)DBtCE?j!2`?ny4!v<yET4mhb~!qrO=zS(MMHlO9rz#U<}A51
z?2RUvBtH=C=Qgzcxo9NTF6I1tVIKwU@ih9tX|ybSEDyy-<Znfn;1zV_U!xu8c{$u)
z1$|z0KsV(r=%$>9F5xzG0)L?2eha)3_Cl2u2}4~QGq4M~wilrtPemJCi$-KWI)GfS
zh9zr?e#i`u`I%@3ucP<xKp#Armxo7qbM*WVL!X4HB_y25&uB-vSA+&?p`q%CNxTaE
zSiKJ&@Cr24AEKfB9vyg=mEpct(P8Lk$5b>zOV9y-h3u(RBFC!mv0D~x=%VOV=%$;7
zhVBXUI4(yA`g!yZbZN@G7COEdozQqRQV*b!Sc~qNlUNA<z`UOSysP84Uu?;R0q6tf
zQS^!S7CNx+&~ux4O&D-qbY{)b<1`GN**)l<T8TafcAx|L1|8^M@p`S-i6H$ax{)Y{
zSD_tE_X0kLZl3qi?}(?-h~#=BY|?V*K)az48jo(ed(kf-Z=$E-6ZCkVLia+YH^cK_
zFs59y1tbj7K6H)ptPPv34I1+6(2zfl&Uh{QnQ#!D+5gZ1Cf0=+mx$Ix2htXu;2?CM
zw_$Ufy^izmX4)Prd>bodc`H;b6|IY|S!cANfmi@1p&iUXH|uk;d<z<x&(WEmM^8_K
z^<im7pbw%c>pB09XfXvw;!SkZoI)S1<u-&T*${Luj76UhbJ4x>F1EwJ(MYv<J3L3O
zM%!J69>@34CH)+2=QngOlux}A)}k-^D4m0j>@#%j{zNxZsdqyIjnU7BOVK46hDPFU
zbZO?Gn{h3A-`D7p{t>P9UTA+9dYn_!NVw@<j(&(P$#>|Qo<}25{QWSKe(0Kyi}~r%
zr_m1Apaa^C-hUWv?+>hrg*S#x+7^jOihoKGW;z?4`Ev9LwFh0>G9QG78>4I77ah>e
zX#LmFCHV}ENTy98LKQFv`8w#*G(~s+aC9%s!%Ck2EhIc<C(sd=-5eUc2o2FqXv6c-
zHG3Ofnv>`Z^KA*6tuh+Pi!q7UpwEK`(4~0;t$zR=_!&(9`@fP~!`e1PN7@%Xj+4<2
zSE9T4FuJLVeHfl(HPPom6ZCZSKsVb^^ke!Kw8N?Bsd)<Bgm0nket{`RoNHUyG*!@%
z_J~eEM>-F!w;p}Ke1S$J_x3Q;T4+Riq8(j}Msg+^@^!KN6gr@SABBNb`-t=Jap*#U
zH%vfx>%v&!6Lj<ZjBdJ|JHnDwME61uw8QH$iL=m<uRsU%6?&ZiMC(`E8P>iB`h1wY
zGZoI`VhUXA9q7!?#EQi~4g=_n4qzx6k=xK?_B6WdH=;{+5Z#PLcZG<xLF*4j+rJZ?
z@Jr}Y?@5tJlK2blpzQ8&LsN8SgVBn&$Ncl?$Ty(_IF9L%eiGWLhVF%n(7iAOUDBJd
z4L%w3U!r>|mDm$HY=|DW%g_cVpf}FIB(6Y1xErnaD>}e@pN1LNj$VfDmAf&C3(@x8
zMI-w;8lgYJb^iXx-q27dbY@qgGky@QxCXuPAi8@q?F;#G=-z0DF2NvlSKor}ffv#H
z_QdOF&^=c0v#=*xWBT9!jU!>l)3G7Gimuraw4v;uhXFRgB>79w8Qp}|dl21hE6{d6
zMwjxpSYGgpFwnZ_fVyG&vjo%s{ckP_L;ETk(%rGbDYU^dUxo%dM6W<QoD}o((1u^b
z?6?<m<ALZ=G;(Lq2VLR);bXc3rmQ%Cgd-k_O>qiZ@eOof-(z>o^;OtJ{m~_wi*CYq
z(1Cu7Nz8p9T(24Jhi<kh=#s9A`L7Oe{+&sIuft}mgErU?UEABxV>2gSe+v!WH)y>)
z2Sdm8(EMfS=DP#k3r}K4+>S=5z@gAyeKaD24yD58nMi>j3Xh^|yAgfT?Z^C>_nWXc
z%Ay_hMayqRComn|D=%Ol`~+KI#lzuy{xEDs{wlQI^XR7Cog$Hi#0hkSr!f~6IT9jJ
z4h>mTbYLUUdbeRgoR6OKSFtc|LYM9fwB4NFhWqoOGj58u-yf5h8cxDpd^frWUO+3p
zhmQClI^web3*Xtgq0jVbXo%m!9C#cZ$QiV~Jl_TDqLIB6-2+q63A}+UEr0(%Bodjv
z51($;(3!MB*YXmy!SU$K9z|#VLCo(%H)*yX!d|F`ZqDB5QcXf5_jL4i^ue|>ZHgxu
ziDnd(IvRHWrRa?_(UGpg*7zy9%L^Y1$E-P8uRXd~u0l8M6IcLOp%L1MM&?&E61jg2
z5pIs@|NeIw2|uN#pbfl?Zmvye2Yb<(|A7vm`th)N`k+g5EgGpO&`;0T(HS2_mo(Ff
z5YaN|fa;>{4afA~|9zN*H>`^lK0((i^G_iHP0)r0qBq`zcJv(jh2%5zi^vIdKp7{)
zkLk71rE7&wWH>s3dt?5UlbnCg_a_wSAJGec4r_Q3cBTAA^x3^04dGGDhb2yh=Rp;8
z0)3;`pnKqMG&0N3rQC`x<uS~R)lPH%edN|U9Xhxe9r10L-ZbdizK+h|2Xp{=e+l(l
z;zQ)e;G=jJJq<H|4Uw3O4&;6G82^agU-V3fWXBW<XLb|12cAJIevF3d92%MAZ(-MV
zMUUTg=%#%hbK^mDfIp)33;Z6=cT;RmejvIukD~3ri%v9kj70i#{A?INZM5UTXoach
zad{E#cnA7TC(F6;glmr8e+zmH=b{5xi|(0k&?n(v=;mwsN2oUjX_w#sPr^;L3f)wP
z(eq#Q&#-3I(1yCBGZ~HPNX6?Pqai+p&al*9;TU&D2b4nhz+&{{{T*~^f5mEk|IhPx
z=(sUD!!c-x7GWpch7PE}Kj9o##2(~ZU>Cd(yW%cvk0sBC<2e|O%*2?Vhe`6Q(apFQ
zThV{wcM?8w8?h(#5_H5jpfi66ZD<MlVe=vSfcXJ^u$)7m8wE0j`qj|-9ntbp=rO$m
zUD7$|^*1nOh(04>NdG|Bx@tz|^pf<%Cgi7}p?@9y)H;RUmp5}5Xk9daF}iogV^e$_
zjp!~k^x3n7j$5LecW{=>{Qg%Gb16vTPIN6##)>7fh7mVK2RIn>;tX_V^U$?ii7wHH
zXao<Sk@*w-He4uMh+HK!5*;xo4$77aAsa=34W`g<xAV}@uR=q;1D)a5XoNCl50R*X
z4!8pvp>b%4UqqL1J9-*^K=)LE9GTNk%I4_6dZkEMVFVi58R!6BKs$anUf+$b{W(lO
z`ErH^s$dSvn`3$)=qVb9PG}*z+1^Ck`x5KokC?<%nOvd6R+vG-05pVyFe^?(zc5Te
zLwr9P@&#yzYtRSS*XVt@b7xNf$w)P{z0v6NVhkF=g=l2nM>b(9agc=H>CVRr)$@c+
zaxogpYtfKDjE3+HG!oySyO>>=-Wy4DfIZO;Mxf976t=;)(are}`UtL+&rP1<n+XY@
z@zc=IzK%Au3G?F@Xh%oUHO`qogtQ|%<I(7+-!yd3Jb?~yH9GJ;m<7+FOZyMneu)Cy
zNB@bMBn)vobjCf<0gXo+Sd0!}E2ck$(9q^B7-m!e-OWwV2(?28Fcv*EGtejFo9O-D
zViI!};{01sokT0_g&xP5=-O^V&+$*#9;*}%p}Yn=kza}p@MrW`RV)%B&>a0x>W6u7
zINI)Y=n}jT-BBcSD&5hq6gb1OMZ>Obg@(32`T)5J9q2N27w<wh;Wy~1IfvFOS}d%6
z59~~S3>wiDXvd#oU;Gn|OwZz+e?xzJ@o)^MqYW=d8{QK0N6@wX6P;<X62Y42u5OPu
zcqO`IbI>JNi=K|p(PNmkWH=2~&`mfbMZ%Fih<5lIdOkl!H%p>as8|XObvN|1+<~L<
zB^-zOONW`?jyC)R+Tm6-a>uZs^~!|jLwR%$r7k65hz6h?PDYpFF?0rN&<Dw<XoDxv
zCs+QmAtD!IR`RVd3wA(HQCIAS1JI>-295L&XoP=3B9ltwz94ke6ph4yn4f}nv;e(f
z1-b-V(am`TUGqHU!tv{XM({Fp0ym+Nd=x!Ro6w2=9xa{pRHXPpgM@1|7X6f(hpyoc
zw4-0J8I~y@Lf0SN1NWl?T8P$PhklVcghsBwg`wR#=#mXaAI;OzC0b{m{u4(@IFm9J
z!b~nf8@L(`{dBZ}MVKA8qo-pJddyCtk^38ySg~T*3!Tsij6j!m4qEROOfM;>|NYMi
z5<ZdgR0<!PNp!87pfeqa?(XZ+&@Mn{ya8RJBeDE9EJnUq<q(Nln3wzzbV6g%0n9)r
zw6bz${{O#`_=*D8<|I1O!d1efw-$QdTcNwZC))AdXag_B{2ufPcP^G!su~8~8=dKB
zbZ?~4C3p%wwmYk)!Wy5VzzCG87G_!-UGu@{$MalF;@jwEJcwEGcXa9g#^%_tdT8f*
zbWcr1mtY0DH@-n5RIo-^>Z&OcZiZIa1jnH>doGrL9LxW~7L+%x85*2`?&@dJ^1bN5
z3f2k{tA<9ZIeHw2p`Q)cqmg_99e8R72}ho#cDS((`f1i1bK#Zf5{-{eMI$p8UDI9I
z2v4GWq*9#_u}jd?G#L%`3Uu%6!6g2IM4bQsPj$nMRWSz_`lGvhC^~~XFp1Bi9esd4
z(f&Y>U%7fAa?Q~hPC)OUkJej<F5y9RDYDnkoM?+pG5zQNlSuf5VIjIn)}tf;9J68G
z24Mz8umkxf=n_pvH`fbj{ddp~evMXY7$<~IWGLFtJ?N4z##)~L-6U-AJkG}Ijl!mU
z3*8gnVizpaI5ap4-No0Un`#l-!7l8KzoDn8Rg=)+aP&A&iTOq7L^oi{k$geIU74e4
zxS<@nW-ZY*9g21|6W!GtFee^E>-~y`zId~+C)%M)GYpeB89mnX(feOVCvc=0=igmi
zta(_YuIL^ZkA`XzI+MB4b?8jKMmtWl2m`EuZpJ?7W*(32a2fi*If3q-A}zyx7oneq
z*S6&RJChUz?(+N5V>BOq)UHNDyB>|uVRQiJ(3zBO6&mb{=EtHBqIu|N#|P+XI)O>d
zXdRZi0@`lR6bWZ|6FSm)XsF&n2lNG6@i?}`LTy4rz0m99(fU)-J+uJ(;Z}5F7qpEJ
z8gyc<&`sM9y+3tbyl@w`r{D>6b9{xK*R#<Q?ZR<tiq3Qhy2dlm=fU$>6c3^kIfDhT
zO#86gYoQ$vMhAK`(oZU}h=gmm9u4t+G{mRT%~zyDm|=S~5`!@h-i<ENEcA3dj&^Vm
zo!MDTV(yON30V`XkiQy@#B5Ce``?#HxVt|_Ps4e1?P_-ln{WU+kekq%FGfTDF*@+0
z=uC5T4jq(4J7|Y);(_RZZov$^A2Z{F*va!hn?w`bhdw~^bqV=4(Oa=K<;&5~{uC|R
zHFVe#-OZ!WC*LjT03Sso@+vx@EttfE=y6SS<NW(!P@ROE@Cr1<ccUYJ2@Tn%=n3@3
zq8Ei--Uj^;8H;wf7?Zdj-5UqcNATHLUbcJKQ?1c<ujtPCck|p!fdhCq`Yk$;96dsa
zYonX-Vzj|)WBw6z=~kf)9>&3#>*BB{u0lh<9CP9O*a>%_kuKab6*}nHGd#mbq7BYN
zA23_df&3UP*eeX63AUkpFeY(6I)Dx69{L};SBmrwOW6+HQ<Kp47NZl{nj$ff#0l((
zUHXI(KZu5KA=>adG{lF|J@6O0`6~1c<?YcW8;l;WN$7pgp&fmM9?w(gUdVn)IBltN
zB$5;~MmNs@G}Jev19%KQmMhQ!Y>D}A&?nnjw86ZWhHpNVqRr5~axq%(R&;<5q61oj
zL@JfoNx}~PMnhhtUw9BTL66;S=!{-ML%Rpv)fxRW`}Y+SWBtI0uh%_aydKNWU#;L`
zMi#!*#xj@VG0L`c&C_%**Y4xbpVR+9WC#bc81Fx`vN^b6f4u2=DmCQYA{&ohZrp;O
zaE(9eOKhV4KJrgt4f2o1dm7>j%CF@8@2jALq1+FlxwLanyl_j3(f>xLbLb=!H#~^1
z<9)Hh02<FvdKu;OxY5_;IFoW;T}kKW{*Ju=eLX;DIpbh*QSVs1&+Gl@?+VHWQ}!Hn
zQuAZQTj}&P@6B}7pNnm1#MglT-25SB8@c%#?x{#a<H<i1?>|oY0S56j_f(7b9>7_Y
z`|3#jzO?`Es|<DD$-?@-ONBe=^ipr;y@3vgbK^D|?i6oW7#n<&>%KT$iHf{G<9czf
zjpm-_w9$%tu8;RrqU`Pebof@dHE|X7J94c|df=@8gK-9TQTbLnNYZdgMthD17gAP_
z8>(@`0LrRxeF@huhy&U}{#)woqm3-ozm;nn;<ck(E5$wcbFCNek14;N{1EC@z>Qol
zlOnT;gpbjBq=&@8w58E)G*&m}PjdYy${wNazpoP{7BR5gy!l4;|GZj}n@C+BX4!E8
zoiFEpUx(?ZIO&&ZJGGU9i4<H;rJH!K<3e5<e2I&bN!OrZf|RI51BY-A`7&JZL){Xj
zUy8HkQerCY_*%_<FU0gL<kv_gUZK4P4kAv-diP}EFHdid4H$`Dqz6-BFyZm#17rp7
z^}JV6{yZK3_f;%*vX}chabXhImy!M@`<#a#FYK_dXPDpP@7SF8#j&@h-1!K#U%}N}
zFGcxVysxEa{(E3zUTm35iTspZ&iifZkMJJad7JAynWnF62*XD1?Z<sbx&H4fH8OTK
z2D@?7KirU&O1_>Y?<{k1!!0y+i2T2=ew1|}UyS<8NMA_@Gk6!Jo!*r3JKqvRWBoh1
z_j&SXFeeS%9@~G7-|h8pdui{Zp))k{EEP}i_BE6D50uZPQGQic;v&*DNnb_zE*cuj
zyCxmI#C=tGUrv5KR>gI^pQFC7M|hVaU6pHJ<Aq#HZ=0SlIF9r~E_QdyyylSRIi46!
zXW!!v2SmLqVqNQGBHe`RPtjPb*wIbYdyD)j?(uaQ?^j8Wh!e7`N37e^9p!5PGy6I{
zA`W}J(em01W(jpp^KM6-3&~$f`2p(er{gL#w4C%#u1zOjj`UpK4R}99-d7<8IhFUg
z*y(Y~x5aeoCKAg+y~GVvTEvYnFpxb|dY1AxX!rmgq--FaPa|C>HXLtDlq3Hs*QYbc
zRow57OK+3ki51BE>chR;X#WTDDX#I|Ke6NA^&doqa#ZkjgbOWcC`n~s_fmNQWq;Di
z0Xrt&f<eu|?7Y|VKF1{5QuZVF&5Sei-sib*1os@qHL?78>KBe}pK|{_!cEz!@b9bs
zzX@zj#rfQrE#5GSn=|u%in1BJn=<HUxi=rzb6^Xu`3=O^bOz+B1Z7)DZ>3IQ?8$(x
z!ER2*{XfzKFMeNJq7muqLpCws-%ew`J^90=%h1s~aljR+e~A0qP|knZPQUmih3VG;
zCbllt8_2!$VtF&JK0|pm>Zfj}@B(JhgND|TewJC?!-X~R#=ZC^4fT(MsX)CwG;lq2
zKcud&KdC>TdXICheO$&Hx%RLZsrN)2nAvW;FQLv{GtR$Cyy0s)=}IGodC!VBOvb8|
zw~d`YL3$+VKA7ZM9`3D5D@%E=q@#ad&ys$O!T6fWdkby)+Ri=WVt;LDV^KEZzbSUM
zmWGdUQ#Rf&QZ|?h|9#cs`f}da^1hn)IO=4?#!6DRd~9bIollAPp28+XqHG+@RndRj
z&B}NC!~`l$;pXpRIJZ%$eQdyrUCB@6dK)@>6*FNi?we1YJ>-`%nE7=2Iq9aP|9u_d
zzV5U+IhNf=oqXI=miObl$IwP<1vf4F_l{^`Iw-^Y9&XrAMSocLHG?!i@upuR1BvyN
zWuXmUuhLNuY)PlD@~+F9zr~PvoOb5&?oIkZ%Km*-4Evu(W65JQP>hPR82Mq|50dxa
z(RE`mCFp2AW&CiE_#J%}p~1G4`>IR5_bDHSzIq1|oynggJ%P3^h=cc1aRxGtpY0Mq
z#)`El$Qv8B=yBc`(D*~#bV(d_Uk2i<HRbnGwjD2w*Se8j!nGcB^dRljp`2f*nSPD<
zPsiIyH==GuuKn)%4~Y#}b0&pDx%p!%yv(}=9bUpL^HVP?=?|#Wg8Gf)K=M-F@IQk#
z*)MkbFatUHpSGKlp2ziBIFkGSre3N^Y$zL@6ro@gH+@PgH&AgPjq`tr1+jxET=Pd&
z{$MF_j<PWfuodrp-1jDpcBkw%>i8N!dOzu-)NM-oZ_Gk|MI6wp+{Y`GNK)_>7n;#X
zdD0J&F2H*)1G<$OT}b=-hZ}C9k%G7wJK-zb)0_7Lv5xg_p$&gldx-0gQvM0~o^g^V
z$@iyxC1t*H`?J+b5?4`Blt%f@mFXYkyf}@@8yLh%Zm32B$I(~O*x6%T^EHY5(_H(R
z`+e~zB#G^`^FHrETwBHLOYr8`Y9^lK`a<gF;@%2aFGYp1+;Be^ck{j|c49*xl75dH
zH&DlaH@DWp_?nGXxSoUeO5R7PQwab2T1lC&59sVO-tUv=FQO&tQtyj6*wi%?+!-rg
zLuVU_#7-)FLx(j;-x1nK3@5#mvQK&YdKCTP-d8)W{Th;q`)KR4*!a)1SDI@#lIJI9
z{_X`Qj7Sco{V#bB@@K1D6zn4NTD)l}j-#>HVuNxwWgV&W@9QoGeIxf}r|e0tT^BD@
zqI^H;N|ZlL=Qor7nfG!ATY$3ayc;l}mT?jvXJ!5Qt22prsdNX0ow><ZGrWoN+V~1L
z_<D->{k(fo_D-y4c`X|K_cek+eNX*fl&zw@rL^(i*P>YWS?+&{dR6_|dOwMh6g=~v
zM(>DA;?4KR$c&ARP3PJbl=HWh(y!0Be;DoLqVdAKf8y=F@^yEtb1T=cB;5fU(%xUO
zJhhse|NqzOc<~+vREoyRlJ6G>$Di9LE+Czs`}|`pU;Ikl#0Z>`&hhP+dv2y9U(;e+
zXXE{s;2Ysm;$6T0ouZ-Z;|$x9zK8T?ZdyqCI~uxzh6<Bj!;LpHtNwBAR**i*^?zSK
z#tzKa=UPMV8N|Jl$&cmD--=7W_=`;GS39nC@cCbv%J0$XG#cRdG$-bgKfukuQ*9mT
z1$44L-c%smoBrQx;tc<ZgMWh3fxMso&p=vnzpq}rFQxn@-jyh;NP9ad>)`kQP5+t2
z7&_*c%%=b0?vt_8$GFa4I7?hYNBl1D^q<47rjd_m>{asomyJZ>Shox5rzrn9c5LVW
zQ0ISKuR?it-rvV-4^f`;uh{wY^iQMr)BS&6SJB*l-s5=tIv+Lt0d*VF)HA&KUFGT5
zoA_dE{tVtl{XW!th^wn&`DJ(`y&eg-B(~tkw#%RNri*$J*!!rkn6VaT+&TX<sNZ8p
zRxCzCGpUn_>n%uUqLJO)S2@<diu85VZ%m#1F+SVk{dd|SudUQAMfy0`-}KX9HaB&r
zG5(HXA}emD!l!tU@)u|*fzQMa>QMgg>pbNrxL%2Z|8e~*?*BE``<f1hk}ivvVqWUp
z%|IN}PVy5eZ_T@%^M8>Gf1$72DC|qEPiZ_4>80rF7-hT3pQpp$DSMjqJKUF<d=?ta
zP5OaYw-$9*Qhq$#n)rsgzVdK=6XiRoKZN`*yi@!Ua-tIjGiabI6;3n5i&>6S<oQdL
ziHvx&4GiaP0Q%F&|41Cdy<XrofcFIIK1ca-+8NIKN!sw0q@J%<<PUQF4chI?^`iVu
z-^6k*OyR<G2C){C<afmzwvw;U`!v@kQC^()JgyCo2XQvneC3PvO&_AJui<obhVs$q
z>n!g@bexNO-k{E-<X?~bFR_NgQB=MzHoS+?o#ICR{5$>1&-I^U!<WT6UU-7*yLgx6
zT4nBU6YF^G3*LqPGq8MIJ4CzuXU#-8OuxeZ59!i$@-4}_bbJeTrlZPKo)a#o|F;G=
zejR7jl=}a^@>70y%xs|3kEpW|pJm3r@?!pYUwPVmI}|5ULujN91vzQp0F}0q_EnS7
zK2HPR@SeoG2ZLD`E~WoB8`uBfp0&Jv&8G3X)Hz7HGHo_Ym$Ff5b1v^uw0n%QBcy$u
z2&NJhs604!8ZL1ZX|y&KKBC|mu3tfCEl3}sJO}Be)ZY<j(}(M~@xGGl%P9XmHu4&S
zZcW|mc>5|qzH#i_`~uSH|4-XBxcOQtWy4SCU_KXrjE!6IWzt1W#8*k`-Anps8t57u
zypzUDQ2y_$J>^eQHa_l^P7JIWZ4bf|yeHD%X0GS*Q~NzGbdIBZn?`nX^FGRNr>r}b
zJCGko{+(FIPDXOiXx=p_|M&I1gNPme6U#s3-eJ`9)tt7Al3qjEzpwQEdy&GN+<1fz
z{;$0=kB+L!_HdnhD*?h3<{=C>fiQ<55QaQP0YQd{APCY3MN&x$lB!Tu2?U3rINJ_T
z%4tAFXj(w*)+Wl)c3>36R#7GaX;2>8f;QL=s0{kPQ*{c1-L|WrZ@u;YczdnQ-e>RM
z9_~5!-r9kX3^9R0^y8*rPm^Ff&D;SGHbs`2D?VWSI_Zb_<7Am!Wi(bB%sk{?oO5X4
zYz$Q4`q%{b$53KA+eqNGfd8XP;$ovusnUHvQ$XihO0zXg@nT|=X>tYFQ}`-Oqiw){
zWMaBR^R(e_>u|nK@;T<J5=qh>-b7$Ja&{#3z6KRHpw%F)rrF3_i8zfcLMG$WRBGf}
z^wroer^G<A{sCMb@&@eRU~h-qL%Sa%SHXV-m&f}3XiFHNX5`}g16=yc#UpxZdVnMy
z3D$Hs*RYuN@6nsW51GR6VCzJo%~keA<28LiEZ<e{x{N|?;QHWp6Xz#J)AjfdvK2Ri
zdDG-`z$8caj{D^P7|zwiG_jlY%|>?v`kJIwsSmz}rjfUe{KjBzqUbH?zo~M?I(Bii
zSS-s(^s7vBzt;C@eZbksJCMV0q>*$6ax2{~L>@L>dyqBh{9XJ{)5K*aN#9sr*J0$x
zrlCWofkt4yGX4|B_B44mp;yOOQBI<x7-|!kPiKy~@&|FcDfR%sE$}|B>Op*?&6Q-D
zrn-R9^egZOu&qJHDMZd!z>mdtJHCgEqXW5`qhCdR*LISwg;xO1rI1a)c2ndrY$r{j
zFTkvVH60=09QXu!keKPn1d{GR&PUF~)&thm4V<QOa;Bmen)PIGC3<RJNP#&dzQrV8
zZln$x0Vqz5xYFZbhhdmNvM<rAVS9!3d4tPfT@!l<+iaST(=>ET$54DDGKiduEYM#y
zmDA}ixG726n}}Kj6q_q(Xgc0v5`KX^18yw-5Aof?dZCU-df{W_nQUUerJ2<x=iMfc
zUY^0Osp8p~bRFcXPZM;6bw2XdD!ZT|4QW)<aJs%=5<NnpPv9>ps;ND39~iwY_7rdf
zOraQpV_~gRr<3n-eg5x~P*Xz!H2o34btGC#BL06*ls+TkYH*$4Sy&!7MW#|<wrTVU
z)07Sv3{L>l)%Y$qvH|vDa{Qhe{iAr!|5gkE3N?pYpkIy52bgM#phmw1rZEjp#ov$4
zH(=`tPSY@Rg`dZkuH&ZIZsPZ$55?XLy`RBP$2Q4eqjTD3bLCS=-U-k&3KSafNCKav
z(-ZIoaM#1Lu-yhfNa39%dI=sutfs!ijU>JsMQr4sz~`ZVfPBN`)VOzu*QDP+Q5pw8
z)0irtN$5SJ+e9)GFq&k!6rP3DR02Or@it)Z!WPsQfj^UcOHJ%%gPn++gZ(S8Ylzzt
z|5p>8=q7?Rh3R?}fG1hsMS>ylXx920z5E8Fanr$R8b!gqBwY#SZDbF4kJ*i$F^Fpv
z&HusZe>O6oylvvw|2oD_fZl?$Nqh~Ru7n4Z^kx!%MZ(W1UTA`~_#4>yU{>R+1e0QX
zh3Ij*hImDs7hFvWmJp-qOY9-tq~8BeF`i^G7+`fATd;jalIP9UO5`NiGKn`J8^LSf
z`C!vXJ{A89<Ovafo<ciJA>6J7;ErQ&!iD{fI`^?Yhy6xm#XuaI4zkE6iD12zgfEa}
z904}AdgyT)fqxFR_1LoTPXId>E+g?F*oQ3@cHy6Z*bM$H_+4~AaumKRX>JudRN?x7
zKT9b7g()&g2SeSA{0`s!1dO4`H^}|??g9G<`j^;lrf6?i(_E5{!1rBj=}N`Fi**G#
z7NKi8NL-51@6qr7Aq2I87sonsJqTFSJQ{cry*UYX5>$Y{F8T=5n8rjXoNe&S!Dt%8
z?r56Gx}7Pc*O|n1#daJ{W8D(@pL&A3fusq@jeu{*cme(^>z)LhC0Q1Q8>5dWXb}2K
z;NHVO5PksvK;kuB4dzvvIm0^4I)yyrS+_=(!Cv&Mz(>$mAkVOlKL2-`1htTdFlrh>
zk>wO<fGrDfBFTqSJWfg29|xO)Z7uq2^t(vhl9)blF~EAn97or*4w(&h1-cKsA>RKK
zI*hX?!If|pdT-<&SknoUpqymVG&cq582dS6i=p`oYvR&OfwwVs!ruXGb(2ryM#I&j
zanbA7Ccbp!DpvuzmxeN7O~dH8A@);%8>4@ZUy$qp*6-l&jl9k@@(sBC@O0L@;ZMNF
z>2`yejQ<UCUv3<$E9mrgxR(LUAgG%O9Ez=;0X{>Zrsrtj5Ihe4F+HyFG}OslecYd8
za_cp2*UiLcp^T%EikUcvv$Y3J&_W#RX<&DiB=gblq=C0g6E6}|3hrvNOYuV6P+H?V
zif=q}5wa^XpZqtPSTE~?<^nfIe<K7zuTkI%1JKD%(P0odfIv;pP^bXgX)sTcG)~WA
zA49?$O|t>x>ulB^ArE5{;7Tbv4D3r)>O}AVp(f~Kz&3gl052Gj!q&qy(H*@t{!)_N
zgIosN=#L^b^#V79IBBk~4#i60418yay#o7W<ZyFzH|roh|J8wi4KSPFxg;A8;0^TO
z7~r)8_BTm;kl+olb19sOeiBSa_+EIc!RWl(@oD-Ed7dKY67a`NzR!ri4u4zL6^{d`
zhw=`fofxMQ<ReiX?3$)wyAt1dFqgvzSXU=Oohrq?WUZ+oMKm2o4uSiF&jEKU@rSUV
zMYd+W3b_g2fcW`8N79WLZ;FQh@W(p9=_G$1f1*jQz3s3c!gdndN30joY!307t~K&o
z3hYPk1NI8!SbUY>?`7@7_kQ#OdH!!Oi7y}zVe|mdv;h7cz-Qqaa5e?+ry0M&C$LTd
zzYgCZ_!)dlkr9f0M2?Zfe{Y&ugs(g6ImkF2CVp%M0dZPH(6s<oV(3ERGPnp(CH64(
zzfyQFwm2<gUEi#?V!R%G8@6WPI}&HX8E`jZw^OGU&8$M#be8ptaK&X9J|VCx&L>Q_
zIXHG;%QN8lB%FtS4{|J+=J-e9|2xT(NalmDqp%<QRbV#aYsXC;r!4GoI%aYPWBv-)
zhXi&cAWkzVP;A!UW6U*8ePL`vDO!sp&#`VvlBdzr;5Wc^#g<6}3FM5^0(=o{nhMdS
zX(lylsq+5sf>YB5g54x)i=2Ucjo^j&UZKE+7{t}eB)J~@8Zes98>#ih=r@3AkADyi
z*V7FUA42b7Vq0QT`uyji>@&ui6io*Fdw}cAmAlbr8vhH%)|wbif5xXN#ccO6Vv8tR
zSf!aJCU%{{*1%s4o<**T=Lp_{Qcgf`vu!o8RVQH|0(YVJGeuh=N3bpd_ZSIoGWHL#
z#c2jHe=~M%>uef}`_pOSQ~dgauYYysj|Fu62;NtbubBpR0f+#YYStalPnj#)Z)~@j
zA}``QM>A>oyOL)LYfZm{OVB^U{v>)Kjcg^R6x;L2KSlF!{@W<5=>Wz9bg$_g&H!A7
zuOVwM!7t-e*jAHpA4%SXZ-F)aiUvlZ7vgVe8mo=%Nw^OFbHvm~*EAW-DfFZ841JFE
za6U}(_3%-WoX3$&k}d!hzgn)j6<Pe^3HjH0)|HWrm$PM`23Cv6=9e2)CT_Y(R4(0o
zQpg!itY(qNwl<5rur;Nc$Dij6A38L0a;p=mwQYK&cw5K5NiN56I;7`ybjD8@;&cf4
z3j9vMUsT@lQil$W0`k21p3<Ul$I92YHLxN_U+EC3u_Ggrx}$aFlpReimD|#qEGqZz
ze9JBCw6$8vVVkUExhdUhA&>Bf>fF|fh>ULOA;;^_4VIULy?IW4Aeil>rH9gzT<Ib0
z(mi;>r9rQg9}E;%e)IOEgv!GGZQYgY59KAu{k^Thl@;$hjnsxQ)>Kj1`0MZ8l||?G
zB+5V9B2C_Fi+ysfThx{jx9B&00=c}w_94fUmlyPgLQebiP<tmY;0-zcK-ekvgmVj>
zVL21%CmbwKa^(cV-fZXULa#Hk$m5?)9BpW1i6<C#0{KoDSBWPSDk%(lLSDJuEpDqx
z$Md~ilh{Z{dJ;s(CQeC_7q63B=*^w2L!v%Mu1pZ=^*!MzK9<^3R1}!2PA7<aMd~DP
z(3kIHNAw0<(zGwuw+vSk#hq~mf<AwN6DSG$0)8hgBZJLz@=Co<IN%f%1!j7RoZNsv
z-&Y_HRudECl<H!5GshfUJSyK;<c)5I95lo7E31ZxB*?@0){2^Jfipz6<;_!p0_(h$
znCI1JCEuK7rODG-qPhyqvLcom)JW8`I}``XD9o<pmIj0DqLb?h<~jO)@%ckuHck5i
zey?oZM5L%8B~}evmZpfi<<S&TLpBauCF+hA;xD#(c%F54qN>|oOmVBDokc54iLT<=
zB=ztjtG=bqWs5CB{k^|vV5vt3i7dCOKTLG1CGUO0x=r4(-a4W($BSi2YQ5sIP}X#j
z>~2s{TC5w=$LF0_;?3o5Q+0F2S|J^;Xr#W+6HA0Vx5Zkfatg$$nsU@GtBxGF%eq`n
zt+bNWk&x&uROeDrPsoA0t$}h^nV8nRSYKLNde^M(Y&r+yDW2&oC=HZ`lH`m%Ry&z9
zSDdP$&xONC4@rLDS_^siUd!ni_W4Wov6V%SIoA_CJdeM8uBSYHc(D_eJ@#3R<ahJL
z7&)(8^j@;xil|@B7ln5H=+@5lg$tbt-Ey)?pCnTcSy}4zjUv^ZS>!GAgkxtB4wi<Z
zx9i1cDda@s$~;BBJZIeKAx@qr?2$W<SbGynGiLh2a`{oqt2(@IJt<U=+r%_muDMe*
zReSCfo09AjUx|7#B0fo!FE0~^<$KG;0M+$jvE9nlnS$Qj07oA3Qqk{toY~%TXKta_
zk0TuPdCT-gV+*+o1Khc?<fv$=l2(Y7Zl}oS3F#Zt=lAK|aQXbP{yf3h(W#Zc6^Wwh
zMSE_bxa#(+C9B0otEM;X;eL;L<hO1+t7U8(FGj_mlh~Qb2i6EFJ0;qUWRpaDlzMcn
za0~fTHG8eR{RvS=EqFroPEg065(}!?JXdl-C%dIwqQo<Gz2$TDb%p~0rzqerP*a=O
zJ%n7*)LyH4{Yk8HtFK=c(}WCc7Au<gLLq(G@e6Sk#|(1aZ$&FrdyCj5(o1<T{9&KD
z5%i|<CUiofLcNRnr1b&IhturEa^*I0pX}S#9wT>d7t1q-`GUp%f}oS(gu=X*bRqp(
zOLF-GPO#MP*M@?Uf(%aq1yuek;vu`j8;sp>)X3!(!_ArR@fF2yyi$LDX%Vl4B3x``
z2?yiP^^&Z}8%lCrx`98uJ!20Q&-%sd{0D6O0deamM1K96@JO{&+}a@a>bm$6ieBpS
zPId>SI@xnXU2ibDVQhpq804O5*Tw#=%6~)jwN>RVaneqRn$=5t#6nw^^tBVztarsQ
zA;0Knw^rv4h&Hyo?67d;jfX|0Tr<$VAh!>)bJV6IB2%ce_eHi)3qBCOYO>x5F;qQz
zLZl0|d5pb5sO6uEi9*#pC5o+z=u^Z~<t^glV-`<TY~wDUIA%<I<9>LaeE$4ElItfz
za)wVDK0Y2Z(-V6F;}PZhyf_f@^X3i(a%b}-@zGbS_~L1DBb0q6vU_>wg}p&PsFGly
zAm}Mha+Uf$GkKE}?w#k&E#>()uIMchyM;azSG5Xysrut^p3qQ9fY-G8%V%POXcT`-
zI>l9=sf^FX*;-XCs?`^wi7h>6#B%xl8L_pw_lM7H^PY*nVbt?qi`JHv9$GTZKCL>O
z6N3{TT4LQH`wCu__X+EO7$?WsR#V0AhfWh}sN0%m$v-Drqve2V)|cv`>Q;s=-}c+<
z<@Q=ud)cbCHN~CTwP!y$zqU2Bc4kKRei_{}ogTfiv-+vmYg^~-OQxX#k;F}{<O2<?
zv`F@*G_9nnUJb1VBC>RIidxvndhdU8LW)e;u|a*5Vg-dBlNKlb^n@h3$r0_?ptI>#
z2UXn8DoKbG?oU?Lx>!%U)v@l@a|wzuXmfM~x;v5S=aj8}ca8pJ{U<X}@{eaAS?_hL
z!N~txBambS+9fltvre`6S7VS|^s3cBmQ`cW>oeV&*yqQy(6I#%r%dfptS6$Bsojf@
zEqEmU(EY?*RI|!lBnPi!L>)52YLfWxOhS7T{<||!cey%b<zG4oZ5C>LnbpzK<IuUJ
z*dQbsgdSJ>Z?_`RY3LfaWDdGsJ+;KzD`LZtWElER-T$a{ux4~3QcOhEYw2O=ro^8b
zgYFXYsZCbr=qx0eh5D-e&DJcT7>JtI{+U^5x;(nu8tK*_#?ldX!#Y1P2`!a3?6y)h
zxQ<MkCo+HeV3aN2KV#LBP0B^Ge6^RIEL9&q$!G7g8b^nvjr*<6?td~TDdwcb|5GDU
zqlAmYQD0l~^Bt1a>mOVEurV_yWeCNOI6Rf`!?fh)gE}l%e$HG+`-!UXTWjYp8lJL+
zyn3xwUp;ieDz|@jj*`q#EoG{(ze>J16~!kej<1z`Y_+IR_gQx7KTcD1E}f=iGhwI8
zWotx*d^^Ez9v!3<gA^|{W~k>9_2kq>s2z3f^}OJ^SV{8cPIilbF+eE>s3-XRZe{y^
zW_GG2>`s!|X`kdbSR~6U8{0|p`c(Uye`k^!*T!C^n51fox<8tt<f5%s;}-vHf{M>s
zQH07(x0l=ff5|u{n+v;ntA9O4MKN_ReX3kbx>!x+r=#rZvPDNbSDx%>Kl5)6Qi?&U
zjl1d$C7GcnD4wKSZN(tP?86L|W5%bW1MD{Py#b8IdWKTWP`|D+K8;OKT}IlIEj>g5
z8)bJ<SB<u>h)z-sY&}EGuw>47yV?H_Qn4>i7^GS%{zrbgXjpZeVuqXT56tz;QxVSh
zv59t)s+eeJ*)p|)_l48ia?5Wg+Z*(#)mpwe#eV8%=B-YAC``45VCvd9%^s2X3kR-#
F{{^(?9`yhK

diff --git a/po/en@boldquot.po b/po/en@boldquot.po
index 13b2510..be88b40 100644
--- a/po/en@boldquot.po
+++ b/po/en@boldquot.po
@@ -1,7 +1,7 @@
 # English translations for GNU gnupg package.
-# Copyright (C) 2022 Free Software Foundation, Inc.
+# Copyright (C) 2021 Free Software Foundation, Inc.
 # This file is distributed under the same license as the GNU gnupg package.
-# Automatically generated, 2022.
+# Automatically generated, 2021.
 #
 # All this catalog "translates" are quotation characters.
 # The msgids must be ASCII and therefore cannot contain real quotation
@@ -30,10 +30,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: GNU gnupg 2.2.39\n"
+"Project-Id-Version: GNU gnupg 2.3.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2021-04-07 19:24+0200\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
 "Language: en\n"
@@ -42,56 +42,56 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "failed to acquire the pinentry lock: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Cancel"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Yes"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_No"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Save in password manager"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Do you really want to make your passphrase visible on the screen?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Make passphrase visible"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Hide passphrase"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr "Suggest"
 
@@ -102,24 +102,13 @@ msgstr "Suggest"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr "pinentry.genpin.tooltip"
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "Note: The blanks are not part of the passphrase."
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "Passphrase Not Allowed"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Quality:"
 
@@ -129,11 +118,11 @@ msgstr "Quality:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -141,7 +130,7 @@ msgstr ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -149,82 +138,76 @@ msgstr ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Passphrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "does not match - try again"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (try %d of %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Repeat:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN too long"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Passphrase too long"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Invalid characters in PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN too short"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Bad PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Bad Passphrase"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr "Note: Request from the web browser."
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr "Note: Request from a remote site."
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "error getting serial number of card: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Please re-enter this passphrase"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
@@ -233,7 +216,7 @@ msgstr ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
@@ -241,55 +224,45 @@ msgstr ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh keys greater than %d bits are not supported\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "can't create '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "can't open '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "detected card with S/N: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "no authentication key for ssh on card: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "no suitable card key found: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "error getting list of cards: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -298,20 +271,20 @@ msgstr ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Allow"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Deny"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -320,91 +293,88 @@ msgstr ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "failed to create stream from socket: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Please insert the card with serial number"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Please remove the current card and insert the one with serial number"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Admin PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Reset Code"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Push ACK button on card/token."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Use the reader's pinpad for input."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Repeat this Reset Code"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Repeat this PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Repeat this PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Reset Code not correctly repeated; try again"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK not correctly repeated; try again"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN not correctly repeated; try again"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Please enter the PIN%s%s%s to unlock the card"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error creating temporary file: %s\n"
+
+#: agent/genkey.c:116
 #, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "error writing to pipe: %s\n"
+msgid "error writing to temporary file: %s\n"
+msgstr "error writing to temporary file: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Enter new passphrase"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Take this one anyway"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -413,18 +383,18 @@ msgstr ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Yes, protection is not needed"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "A passphrase should be at least %u character long."
 msgstr[1] "A passphrase should be at least %u characters long."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -434,223 +404,232 @@ msgstr[0] ""
 msgstr[1] ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "A passphrase may not be a known term or match%%0Acertain pattern."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Warning: You have entered an insecure passphrase."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Take this one anyway"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Please enter the passphrase to%0Aprotect your new key"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Please enter the new passphrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr "Options used for startup"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "run in daemon mode (background)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "run in server mode (foreground)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "run in supervised mode"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "do not detach from the console"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh-style command output"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh-style command output"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|read options from FILE"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Options controlling the diagnostic output"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "verbose"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "be somewhat more quiet"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|write server mode logs to FILE"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Options controlling the configuration"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "do not use the SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|use PGM as the SCdaemon program"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|use PGM as the tpm2daemon program"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|accept some commands via NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignore requests to change the TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignore requests to change the X display"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "enable ssh support"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|use ALGO to show ssh fingerprints"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "enable putty support"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Options controlling the security"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|expire cached PINs after N seconds"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|expire SSH keys after N seconds"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|set maximum PIN cache lifetime to N seconds"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|set maximum SSH key lifetime to N seconds"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "do not use the PIN cache when signing"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "disallow the use of an external password cache"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "disallow clients to mark keys as “trusted”"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "allow presetting passphrase"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Options enforcing a passphrase policy"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "do not allow bypassing the passphrase policy"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|set minimal required length for new passphrases to N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|require at least N non-alpha characters for a new passphrase"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|check new passphrases against pattern in FILE"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|expire the passphrase after N days"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "do not allow the reuse of old passphrases"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr "Options controlling the PIN-Entry"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr "never use the PIN-entry"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "disallow caller to override the pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "let PIN-Entry grab keyboard and mouse"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|use PGM as the PIN-Entry program"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|set the Pinentry timeout to N seconds"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "allow passphrase to be prompted through Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Please report bugs to <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Usage: @GPG_AGENT@ [options] (-h for help)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -658,136 +637,131 @@ msgstr ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "invalid debug-level ‘%s’ given\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "selected digest algorithm is invalid\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "reading options from ‘%s’\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Note: ‘%s’ is not considered an option\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "can't create socket: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "socket name ‘%s’ is too long\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr "trying to steal socket from running %s\n"
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "a gpg-agent is already running - not starting a new one\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "error getting nonce for the socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "error binding socket to '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "can't set permissions of '%s': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "listening on socket ‘%s’\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "can't create directory '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "directory ‘%s’ created\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() failed for '%s': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "can't use ‘%s’ as home directory\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "error reading nonce on fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "handler 0x%lx for fd %d started\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "handler 0x%lx for fd %d terminated\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh handler 0x%lx for fd %d started\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh handler 0x%lx for fd %d terminated\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect failed: %s - waiting 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s stopped\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "no gpg-agent running in this session\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -795,11 +769,11 @@ msgstr ""
 "@Options:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -807,8 +781,8 @@ msgstr ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -816,8 +790,8 @@ msgstr ""
 "@Commands:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -827,11 +801,11 @@ msgstr ""
 "Options:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Usage: gpg-protect-tool [options] (-h for help)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -839,15 +813,15 @@ msgstr ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Please enter the passphrase to unprotect the PKCS#12 object."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Please enter the passphrase to protect the new PKCS#12 object."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -855,7 +829,7 @@ msgstr ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -863,53 +837,52 @@ msgstr ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "cancelled\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "error while asking for the passphrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "error opening '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "file '%s', line %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "statement “%s” ignored in '%s', line %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "system trustlist ‘%s’ not available\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "bad fingerprint in '%s', line %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "invalid keyflag in '%s', line %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "error reading '%s', line %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "error reading list of trusted root certificates\n"
@@ -922,7 +895,7 @@ msgstr "error reading list of trusted root certificates\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -931,11 +904,11 @@ msgstr ""
 "Do you ultimately trust%%0A  “%s”%%0Ato correctly certify user "
 "certificates?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Yes"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "No"
@@ -948,7 +921,7 @@ msgstr "No"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -960,20 +933,20 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Correct"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Wrong"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "Note: This passphrase has never been changed.%0APlease change it now."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -982,15 +955,15 @@ msgstr ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Change passphrase"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "I'll change it later"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -999,11 +972,11 @@ msgstr ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Delete key"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1011,92 +984,92 @@ msgstr ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA requires the hash length to be a multiple of 8 bits\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s key uses an unsafe (%u bit) hash\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "a %zu bit hash is not valid for a %u bit %s key\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "checking created signature failed: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "secret key parts are not available\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "public key algorithm %d (%s) is not supported\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "protection algorithm %d (%s) is not supported\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "protection hash algorithm %d (%s) is not supported\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "error creating a pipe: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "error creating a stream for a pipe: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "error forking process: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "waiting for process %d to terminate failed: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "error running '%s': probably not installed\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "error running '%s': exit status %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "error running '%s': terminated\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "waiting for processes to terminate failed: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "error getting exit code of process %d: %s\n"
@@ -1111,33 +1084,33 @@ msgstr "can't connect to '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problem setting the gpg-agent options\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "can't disable core dumps: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Warning: unsafe ownership on %s “%s”\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Warning: unsafe permissions on %s “%s”\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "waiting for file ‘%s’ to become accessible ...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "renaming ‘%s’ to ‘%s’ failed: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes"
 
@@ -1191,50 +1164,91 @@ msgstr "out of core in secure memory while allocating %lu bytes"
 msgid "out of core while allocating %lu bytes"
 msgstr "out of core while allocating %lu bytes"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "error allocating enough memory: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: obsolete option “%s” - it has no effect\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "WARNING: “%s%s” is an obsolete option - it has no effect\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "unknown debug flag ‘%s’ ignored\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
-msgstr "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "waiting for the dirmngr to come up ... (%ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, c-format
-msgid "connection to %s established\n"
-msgstr "connection to %s established\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "waiting for the keyboxd to come up ... (%ds)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:351
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "no running gpg-agent - starting ‘%s’\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "waiting for the agent to come up ... (%ds)\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "connection to agent is in restricted mode\n"
+msgid "connection to the dirmngr established\n"
+msgstr "connection to the dirmngr established\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:366
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "no running Dirmngr - starting ‘%s’\n"
+msgid "connection to the keyboxd established\n"
+msgstr "connection to the keyboxd established\n"
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr "connection to the agent established\n"
+
+#: common/asshelp.c:485
+#, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "no running %s - starting ‘%s’\n"
+
+#: common/asshelp.c:588
+#, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "connection to the agent is in restricted mode\n"
+
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "error getting version from '%s': %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "server ‘%s’ is older than us (%s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "WARNING: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr "Note: Outdated servers may lack important security fixes.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Note: Use the command “%s” to restart them.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1304,7 +1318,7 @@ msgid "algorithm: %s"
 msgstr "algorithm: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "unsupported algorithm: %s"
@@ -1379,11 +1393,11 @@ msgstr "Certificate chain valid"
 msgid "Root certificate trustworthy"
 msgstr "Root certificate trustworthy"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "no CRL found for certificate"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "the available CRL is too old"
 
@@ -1420,7 +1434,7 @@ msgstr "No help available for '%s'."
 msgid "ignoring garbage line"
 msgstr "ignoring garbage line"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[none]"
 
@@ -1429,128 +1443,26 @@ msgstr "[none]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "invalid radix64 character %02x skipped\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr "Sorry, we are in batchmode - can't get input\n"
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr "Sorry, no terminal at all requested - can't get input\n"
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr "too many errors; giving up\n"
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr "Control-D detected\n"
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argument not expected"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "read error"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "keyword too long"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "missing argument"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "invalid argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "invalid command"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "invalid alias definition"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "permission error"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "out of core"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "invalid meta command"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "unknown meta command"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "unexpected meta command"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "invalid option"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "missing argument for option “%.50s”\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "invalid argument for option “%.50s”\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "option “%.50s” does not expect an argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "invalid command “%.50s”\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "option “%.50s” is ambiguous\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "command “%.50s” is ambiguous\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "invalid option “%.50s”\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Note: no default option file ‘%s’\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "option file '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr "Note: ignoring option “--%s” due to global config\n"
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1566,143 +1478,144 @@ msgstr "iconv_open failed: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "conversion from ‘%s’ to ‘%s’ failed: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "failed to create temporary file '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "error writing to '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "removing stale lockfile (created by %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "waiting for lock (held by %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(deadlock?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "lock ‘%s’ not made: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "waiting for lock %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s is too old (need %s, have %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "invalid armor header: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "armor header: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "invalid clearsig header\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "unknown armor header: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "nested clear text signatures\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "unexpected armor: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "invalid dash escaped line: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "invalid radix64 character %02X skipped\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "premature eof (no CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "premature eof (in CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "malformed CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC error; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "premature eof (in trailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "error in trailer line\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "no valid OpenPGP data found.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "invalid armor: line longer than %d characters\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ not human readable (%zu bytes: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1711,375 +1624,367 @@ msgstr ""
 "a notation name must have only printable characters or spaces, and end with "
 "an ‘=’\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "a user notation name must contain the ‘@’ character\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "a notation name must not contain more than one ‘@’ character\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "a notation value must not use any control characters\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "a notation name may not contain an ‘=’ character\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "a notation name must have only printable characters or spaces\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "WARNING: invalid notation data found\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "failed to proxy %s inquiry to client\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Enter passphrase: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "error getting version from '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "server ‘%s’ is older than us (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "WARNING: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "Note: Outdated servers may lack important security fixes.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s is not compliant with %s mode\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Note: Use the command “%s” to restart them.\n"
+msgid "error from TPM: %s\n"
+msgstr "error from TPM: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s is not compliant with %s mode\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem with the agent: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "no dirmngr running in this session\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
-msgstr "keyserver option “%s” may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
+msgstr ""
+"keyserver option “honor-keyserver-url” may not be used in Tor mode\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD uses a cached result"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor is not running"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor is not properly configured"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS is not properly configured"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "unacceptable HTTP redirect from server"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "unacceptable HTTP redirect from server was cleaned up"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "server uses an invalid certificate"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Note: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP card not available: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGP card no. %s detected\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "can't do this in batch mode\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "This command is only available for version 2 cards\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Reset Code not or not anymore available\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Your selection? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[not set]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Mr."
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Ms."
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "not forced"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forced"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Error: Only plain ASCII is currently allowed.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Error: The “<” character may not be used.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Error: Double spaces are not allowed.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Cardholder's surname: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Cardholder's given name: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Error: Combined name too long (limit is %d characters).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL to retrieve public key: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "error reading '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "error writing '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Login data (account name): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Private DO data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Language preferences: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Error: invalid length of preference string.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Error: invalid characters in preference string.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Salutation (M = Mr., F = Ms., or space): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Error: invalid response.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA fingerprint: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Error: invalid formatted fingerprint.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "key operation not possible: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "not an OpenPGP card"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "error getting current key info: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Replace existing key? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "What keysize do you want? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "rounded up to %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s keysizes must be in the range %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Changing card key attribute for: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Signature key\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Encryption key\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Authentication key\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Please select what kind of key you want:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Invalid selection.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "The card will now be re-configured to generate a key of %u bits\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "The card will now be re-configured to generate a key of type: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "error changing key attribute for key %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "error getting card info: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "This command is not supported by this card\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Make off-card backup of encryption key? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Note: keys are already stored on the card!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Replace existing keys? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2090,185 +1995,196 @@ msgstr ""
 "   PIN = ‘%s’     Admin PIN = ‘%s’\n"
 "You should change them using the command --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Please select the type of key to generate:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Signature key\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Encryption key\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Authentication key\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Please select where to store the key:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD failed: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Note: This command destroys all keys stored on the card!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Continue? (y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Really do a factory reset? (enter “yes”) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "error for setup KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "error for setup UIF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "quit this menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "show admin commands"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "show this help"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "list all available data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "change card holder's name"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "change URL to retrieve key"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "fetch the key specified in the card URL"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "change the login name"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "change the language preferences"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "change card holder's salutation"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "change a CA fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "toggle the signature force PIN flag"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "generate new keys"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menu to change or unblock the PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verify the PIN and list all data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "unblock the PIN using a Reset Code"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "destroy all keys and data"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
-msgstr "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
+msgstr "setup KDF for PIN authentication (on/single/off)"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "change the key attribute"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr "change the User Interaction Flag"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Admin-only command\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Admin commands are allowed\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Admin commands are not allowed\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Invalid command  (try “help”)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output doesn't work for this command\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "can't open ‘%s’\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "key “%s” not found: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "error reading keyblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "key “%s” not found\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(unless you specify the key by fingerprint)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "can't do this in batch mode without “--yes”\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(unless you specify the key by fingerprint)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr "Note: The public primary key and all its subkeys will be deleted.\n"
@@ -2306,9 +2222,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "subkey"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "update failed: %s\n"
@@ -2333,61 +2249,71 @@ msgstr "there is a secret key for public key “%s”!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "use option “--delete-secret-keys” to delete it first.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "error creating passphrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "can't use a symmetric ESK packet due to the S2K mode\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
-msgstr "using cipher %s\n"
+msgid "using cipher %s.%s\n"
+msgstr "using cipher %s.%s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "‘%s’ already compressed\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "WARNING: ‘%s’ is an empty file\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "cipher algorithm ‘%s’ may not be used for encryption\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr "(use option “%s” to override)\n"
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "cipher algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "digest algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "WARNING: key %s is not suitable for encryption in %s mode\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "reading from ‘%s’\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "WARNING: key %s is not suitable for encryption in %s mode\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2396,96 +2322,43 @@ msgstr ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s encrypted for: “%s”\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1159
+#, c-format
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
+msgstr "%s/%s.%s encrypted for: “%s”\n"
+
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "option ‘%s’ may not be used in %s mode\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "%s encrypted data\n"
-msgstr "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s.%s encrypted data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "encrypted with unknown algorithm %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem handling encrypted packet\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "no remote program execution supported\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"external program calls are disabled due to unsafe options file permissions\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"this platform requires temporary files when calling external programs\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "unable to execute program '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "unable to execute shell '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "system error while calling external program: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "unnatural exit of external program\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "unable to execute external program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "unable to read external program response: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "WARNING: unable to remove temp directory '%s': %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "export signatures that are marked as local-only"
@@ -2506,366 +2379,366 @@ msgstr "remove unusable parts from key during export"
 msgid "remove as much as possible from key during export"
 msgstr "remove as much as possible from key during export"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "use the GnuPG key backup format"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - skipped"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "writing to ‘%s’\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "key %s: key material on-card - skipped\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "exporting secret keys not allowed\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "key %s: PGP 2.x style key - skipped\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "WARNING: nothing exported\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "error creating '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[User ID not found]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "automatically retrieved ‘%s’ via %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "error retrieving ‘%s’ via %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "No fingerprint"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "checking for a fresh copy of an expired key via %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "secret key “%s” not found: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(check argument of option '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Warning: not using ‘%s’ as default key: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "using “%s” as default secret key for signing\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "all values passed to ‘%s’ ignored\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "using subkey %s instead of primary key %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "valid values for option '%s':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "make a signature"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "make a clear text signature"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "make a detached signature"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "encrypt data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "encryption only with symmetric cipher"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "decrypt data (default)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verify a signature"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "list keys"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "list keys and signatures"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "list and check key signatures"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "list keys and fingerprints"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "list secret keys"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "generate a new key pair"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "quickly generate a new key pair"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "quickly add a new user-id"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "quickly revoke a user-id"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "quickly set a new expiration date"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "full featured key pair generation"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "generate a revocation certificate"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "remove keys from the public keyring"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "remove keys from the secret keyring"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "quickly sign a key"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "quickly sign a key locally"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "quickly revoke a key signature"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "sign a key"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "sign a key locally"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "sign or edit a key"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "change a passphrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "export keys"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "export keys to a keyserver"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "import keys from a keyserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "search for keys on a keyserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "update all keys from a keyserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "import/merge keys"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "print the card status"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "change data on a card"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "change a card's PIN"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "update the trust database"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "print message digests"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "run in server mode"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|set the TOFU policy for a key"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|use NAME as default secret key"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|encrypt to user ID NAME as well"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|set up email aliases"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "use strict OpenPGP behavior"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "do not make any changes"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "prompt before overwriting"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr "Options controlling the input"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr "Options controlling the output"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "create ascii armored output"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|write output to FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "use canonical text mode"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|set compress level to N (0 disables)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr "Options controlling key import and export"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "import missing key from a signature"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "include the public key in signatures"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "disable all access to the dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr "Options controlling key listings"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
 msgstr "Options to specify keys"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|encrypt for USER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|use USER-ID to sign or decrypt"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr "Options for unattended use"
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr "Other options"
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2873,7 +2746,7 @@ msgstr ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2893,11 +2766,11 @@ msgstr ""
 " --list-keys [names]        show keys\n"
 " --fingerprint [names]      show fingerprints\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Usage: @GPG@ [options] [files] (-h for help)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2907,7 +2780,7 @@ msgstr ""
 "Sign, check, encrypt or decrypt\n"
 "Default operation depends on the input data\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2915,73 +2788,73 @@ msgstr ""
 "\n"
 "Supported algorithms:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pubkey: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cipher: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compression: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "usage: %s [options] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "conflicting commands\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no = sign found in group definition ‘%s’\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "WARNING: unsafe ownership on homedir ‘%s’\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "WARNING: unsafe ownership on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "WARNING: unsafe ownership on extension ‘%s’\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "WARNING: unsafe permissions on homedir ‘%s’\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "WARNING: unsafe permissions on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "WARNING: unsafe permissions on extension ‘%s’\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "WARNING: unsafe enclosing directory ownership on homedir ‘%s’\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -2989,19 +2862,19 @@ msgstr ""
 "WARNING: unsafe enclosing directory ownership on configuration file ‘"
 "%s’\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "WARNING: unsafe enclosing directory ownership on extension ‘%s’\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "WARNING: unsafe enclosing directory permissions on homedir ‘%s’\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3009,451 +2882,463 @@ msgstr ""
 "WARNING: unsafe enclosing directory permissions on configuration file ‘"
 "%s’\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "WARNING: unsafe enclosing directory permissions on extension ‘%s’\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "unknown configuration item ‘%s’\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "display photo IDs during key listings"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "show key usage information during key listings"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "show policy URLs during signature listings"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "show all notations during signature listings"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "show IETF standard notations during signature listings"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "show user-supplied notations during signature listings"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "show preferred keyserver URLs during signature listings"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "show user ID validity during key listings"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "show revoked and expired user IDs in key listings"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "show revoked and expired subkeys in key listings"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "show the keyring name in key listings"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "show expiration dates during signature listings"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "unknown TOFU policy ‘%s’\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(use “help” to list choices)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "This command is not allowed while in %s mode.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Note: %s is not for normal use!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "‘%s’ is not a valid signature expiration\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "“%s” is not a proper mail address\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "invalid pinentry mode ‘%s’\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "invalid request origin ‘%s’\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "‘%s’ is not a valid character set\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "could not parse keyserver URL\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: invalid keyserver options\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "invalid keyserver options\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: invalid import options\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "invalid import options\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "invalid filter option: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: invalid export options\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "invalid export options\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: invalid list options\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "invalid list options\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "display photo IDs during signature verification"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "show policy URLs during signature verification"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "show all notations during signature verification"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "show IETF standard notations during signature verification"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "show user-supplied notations during signature verification"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "show preferred keyserver URLs during signature verification"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "show user ID validity during signature verification"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "show revoked and expired user IDs in signature verification"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "show only the primary user ID in signature verification"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "validate signatures with PKA data"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "elevate the trust of signatures with valid PKA data"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: invalid verify options\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "invalid verify options\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "unable to set exec-path to %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: invalid auto-key-locate list\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "invalid auto-key-locate list\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "invalid argument for option “%.50s”\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "WARNING: program may create a core file!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "WARNING: %s overrides %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s not allowed with %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s makes no sense with %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "WARNING: running with faked system time: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "will not run with insecure memory due to %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "selected cipher algorithm is invalid\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "selected AEAD algorithm is invalid\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "selected compression algorithm is invalid\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "selected certification digest algorithm is invalid\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed must be greater than 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed must be greater than 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth must be in the range from 1 to 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "invalid min-cert-level; must be 1, 2, or 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Note: simple S2K mode (0) is strongly discouraged\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "invalid S2K mode; must be 0, 1 or 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "invalid default preferences\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "invalid personal cipher preferences\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "invalid personal AEAD preferences\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "invalid personal digest preferences\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "invalid personal compress preferences\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr "chunk size invalid - using %d\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s does not yet work with %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "AEAD algorithm ‘%s’ may not be used in %s mode\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "compression algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "failed to initialize the TrustDB: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "WARNING: recipients (-r) given without using public key encryption\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symmetric encryption of ‘%s’ failed: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "you cannot use --symmetric --encrypt in %s mode\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "you cannot use --symmetric --sign --encrypt in %s mode\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "keyserver send failed: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "keyserver receive failed: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "key export failed: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "export as ssh key failed: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "keyserver search failed: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "keyserver refresh failed: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "dearmoring failed: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "enarmoring failed: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "invalid hash algorithm ‘%s’\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "error parsing key specification '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 "‘%s’ does not appear to be a valid key ID, fingerprint or keygrip\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Go ahead and type your message ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "the given certification policy URL is invalid\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "the given signature policy URL is invalid\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "the given preferred keyserver URL is invalid\n"
@@ -3466,7 +3351,7 @@ msgstr "|FILE|take the keys from the keyring FILE"
 msgid "make timestamp conflicts only a warning"
 msgstr "make timestamp conflicts only a warning"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|write status info to this FD"
 
@@ -3512,128 +3397,136 @@ msgid "do not update the trustdb after import"
 msgstr "do not update the trustdb after import"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr "enable bulk import mode"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "show key during import"
 
-#: g10/import.c:184
+#: g10/import.c:187
+msgid "show key but do not actually import"
+msgstr "show key but do not actually import"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "only accept updates to existing keys"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "remove unusable parts from key after import"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "remove as much as possible from key after import"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "ignore key-signatures which are not self-signatures"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "run import filters and export key immediately"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "assume the GnuPG key backup format"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "repair keys on import"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "skipping block of type %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu keys processed so far\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Total number processed: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    skipped PGP-2 keys: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      skipped new keys: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          w/o user IDs: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              imported: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             unchanged: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          new user IDs: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           new subkeys: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        new signatures: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   new key revocations: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      secret keys read: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  secret keys imported: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " secret keys unchanged: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          not imported: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    signatures cleaned: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      user IDs cleaned: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3642,167 +3535,172 @@ msgstr ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         “%s”: preference for cipher algorithm %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         “%s”: preference for AEAD algorithm %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         “%s”: preference for digest algorithm %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         “%s”: preference for compression algorithm %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "it is strongly suggested that you update your preferences and\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "re-distribute this key to avoid potential algorithm mismatch problems\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "you can update your preferences with: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "key %s: no user ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "key %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "rejected by import screener"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "key %s: PKS subkey corruption repaired\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "key %s: accepted non self-signed user ID “%s”\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "key %s: no valid user IDs\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "this may be caused by a missing self-signature\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "key %s: public key not found: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "key %s: new key - skipped\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "no writable keyring found: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "error writing keyring '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "key %s: public key “%s” imported\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "key %s: doesn't match our copy\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "key %s: “%s” 1 new user ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "key %s: “%s” %d new user IDs\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "key %s: “%s” 1 new signature\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "key %s: “%s” %d new signatures\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "key %s: “%s” 1 new subkey\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "key %s: “%s” %d new subkeys\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "key %s: “%s” %d signature cleaned\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "key %s: “%s” %d signatures cleaned\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "key %s: “%s” %d user ID cleaned\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "key %s: “%s” %d user IDs cleaned\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "key %s: “%s” not changed\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "key %s: secret key imported\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "key %s: secret key already exists\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "key %s: error sending to agent: %s\n"
@@ -3815,197 +3713,203 @@ msgstr "key %s: error sending to agent: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "To migrate '%s', with each smartcard, run: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "secret key %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "importing secret keys not allowed\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "key %s: secret key with invalid cipher %d - skipped\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "No reason specified"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Key is superseded"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Key has been compromised"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Key is no longer used"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "User ID is no longer valid"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "reason for revocation: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "revocation comment: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "key %s: no public key - can't apply revocation certificate\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "key %s: can't locate original keyblock: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "key %s: can't read original keyblock: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "key %s: invalid revocation certificate: %s - rejected\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "key %s: “%s” revocation certificate imported\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "key %s: no user ID for signature\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "key %s: unsupported public key algorithm on user ID “%s”\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "key %s: invalid self-signature on user ID “%s”\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "key %s: unsupported public key algorithm\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "key %s: invalid direct key signature\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "key %s: no subkey for key binding\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "key %s: invalid subkey binding\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "key %s: removed multiple subkey binding\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "key %s: no subkey for key revocation\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "key %s: invalid subkey revocation\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "key %s: removed multiple subkey revocation\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "key %s: skipped user ID “%s”\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "key %s: skipped subkey\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "key %s: non exportable signature (class 0x%02X) - skipped\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "key %s: revocation certificate at wrong place - skipped\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "key %s: invalid revocation certificate: %s - skipped\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "key %s: subkey signature in wrong place - skipped\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "key %s: unexpected signature class (0x%02X) - skipped\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "key %s: duplicated user ID detected - merged\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "key %s: duplicated subkeys detected - merged\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "WARNING: key %s may be revoked: fetching revocation key %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "WARNING: key %s may be revoked: revocation key %s not present.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "key %s: “%s” revocation certificate added\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "key %s: direct key signature added\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "error allocating memory: %s\n"
@@ -4027,40 +3931,40 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (reordered signatures follow)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "key %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d duplicate signature removed\n"
 msgstr[1] "%d duplicate signatures removed\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d signature not checked due to a missing key\n"
 msgstr[1] "%d signatures not checked due to missing keys\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d bad signature\n"
 msgstr[1] "%d bad signatures\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d signature reordered\n"
 msgstr[1] "%d signatures reordered\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4069,37 +3973,32 @@ msgstr ""
 "Warning: errors found and only checked self-signatures, run ‘%s’ to "
 "check all signatures.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "error creating keybox '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "error creating keyring '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "keybox ‘%s’ created\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "keyring ‘%s’ created\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "keyblock resource '%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "error opening key DB: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "failed to rebuild keyring cache: %s\n"
@@ -4112,7 +4011,7 @@ msgstr "[revocation]"
 msgid "[self-signature]"
 msgstr "[self-signature]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4124,12 +4023,12 @@ msgstr ""
 "(by looking at passports, checking fingerprints from different sources, "
 "etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = I trust marginally\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = I trust fully\n"
@@ -4159,12 +4058,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "User ID “%s” is revoked."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Are you sure you still want to sign it? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Unable to sign.\n"
 
@@ -4339,186 +4238,190 @@ msgstr "I have checked this key very carefully.\n"
 msgid "Really sign? (y/N) "
 msgstr "Really sign? (y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "signing failed: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr "Key has only stub or on-card key items - no passphrase to change.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "key %s: error changing passphrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "save and quit"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "show key fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "show the keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "list key and user IDs"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "select user ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "select subkey N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "check signatures"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "sign selected user IDs [* see below for related commands]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "sign selected user IDs locally"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "sign selected user IDs with a trust signature"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "sign selected user IDs with a non-revocable signature"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "add a user ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "add a photo ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "delete selected user IDs"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "add a subkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "add a key to a smartcard"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "move a key to a smartcard"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr "convert a key to TPM form using the local TPM"
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "move a backup key to a smartcard"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "delete selected subkeys"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "add a revocation key"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "delete signatures from the selected user IDs"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "change the expiration date for the key or selected subkeys"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "flag the selected user ID as primary"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "list preferences (expert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "list preferences (verbose)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "set preference list for the selected user IDs"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "set the preferred keyserver URL for the selected user IDs"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "set a notation for the selected user IDs"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "change the passphrase"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "change the ownertrust"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revoke signatures on the selected user IDs"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revoke selected user IDs"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revoke key or selected subkeys"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "enable key"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "disable key"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "show selected photo IDs"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "compact unusable user IDs and remove unusable signatures from key"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "compact unusable user IDs and remove all signatures from key"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Secret key is available.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Secret subkeys are available.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Need the secret key to do this.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4531,284 +4434,289 @@ msgstr ""
 "signatures\n"
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Key is revoked."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Really sign all text user IDs? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Really sign all user IDs? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Hint: Select the user IDs to sign\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Unknown signature type ‘%s’\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "This command is not allowed while in %s mode.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "You must select at least one user ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Use the ‘%s’ command.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "You can't delete the last user ID!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Really remove all selected user IDs? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Really remove this user ID? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Really move the primary key? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "You must select exactly one key.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Command expects a filename argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Can't open '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Error reading backup key from '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "You must select at least one key.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Do you really want to delete the selected keys? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Do you really want to delete this key? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Really revoke all selected user IDs? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Really revoke this user ID? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Do you really want to revoke the entire key? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Do you really want to revoke the selected subkeys? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Do you really want to revoke this subkey? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Owner trust may not be set while using a user provided trust database\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Set preference list to:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Really update the preferences for the selected user IDs? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Really update the preferences? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Save changes? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Quit without saving? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Key not changed so no update needed.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "cannot revoke the last valid user ID.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "revoking the user ID failed: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "setting the primary user ID failed: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "“%s” is not a fingerprint\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "“%s” is not the primary fingerprint\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Invalid user ID '%s': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "No matching user IDs."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nothing to sign.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Not signed by you.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "revoking the key signature failed: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "‘%s’ is not a valid expiration time\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "“%s” is not a proper fingerprint\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "subkey “%s” not found\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Features: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Preferred keyserver: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notations: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "There are no preferences on a PGP 2.x-style user ID.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "The following key was revoked on %s by %s key %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "This key may be revoked by %s key %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensitive)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "created: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "revoked: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "expired: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "expires: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "usage: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "card-no: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "trust: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validity: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "This key has been disabled"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4816,17 +4724,17 @@ msgstr ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "revoked"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "expired"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4835,17 +4743,17 @@ msgstr ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "WARNING: Your encryption subkey expires soon.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "You may want to change its expiration date too.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4855,72 +4763,72 @@ msgstr ""
 "versions\n"
 "         of PGP to reject this key.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Are you sure you still want to add it? (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "You may not add a photo ID to a PGP2-style key.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Such a user ID already exists on this key!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Delete this good signature? (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Delete this invalid signature? (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Delete this unknown signature? (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Really delete this self-signature? (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Deleted %d signature.\n"
 msgstr[1] "Deleted %d signatures.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nothing deleted.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "invalid"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "User ID “%s” compacted: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "User ID “%s”: %d signature removed\n"
 msgstr[1] "User ID “%s”: %d signatures removed\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "User ID “%s”: already minimized\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "User ID “%s”: already clean\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4930,40 +4838,40 @@ msgstr ""
 "cause\n"
 "         some versions of PGP to reject this key.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "You may not add a designated revoker to a PGP 2.x-style key.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Enter the user ID of the designated revoker: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "cannot appoint a PGP 2.x style key as a designated revoker\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "you cannot appoint a key as its own designated revoker\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "this key has already been designated as a revoker\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
@@ -4971,251 +4879,256 @@ msgstr ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Changing expiration time for a subkey.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Changing expiration time for the primary key.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "You can't change the expiration date of a v3 key\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Changing usage of a subkey.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Changing usage of the primary key.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "signing subkey %s is already cross-certified\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "subkey %s does not sign and so does not need to be cross-certified\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Please select exactly one user ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "skipping v3 self-signature on user ID “%s”\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Enter your preferred keyserver URL: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Are you sure you want to replace it? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Are you sure you want to delete it? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Enter the notation: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Proceed? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "No user ID with index %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "No user ID with hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "No subkey with key ID '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "No subkey with index %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "user ID: “%s”\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "signed by your key %s on %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non-exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "This signature expired on %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Are you sure you still want to revoke it? (y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Create a revocation certificate for this signature? (y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "You have signed these user IDs on key %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (non-revocable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "revoked by your key %s on %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "You are about to revoke these signatures:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Really create the revocation certificates? (y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "no secret key\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "tried to revoke a non-user ID: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "user ID “%s” is already revoked\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "WARNING: a user ID signature is dated %d seconds in the future\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Cannot revoke the last valid user ID.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Key %s is already revoked.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Subkey %s is already revoked.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "invalid value for option ‘%s’\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preference ‘%s’ duplicated\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "too many cipher preferences\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "too many digest preferences\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "too many compression preferences\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr "too many AEAD preferences\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "invalid item ‘%s’ in preference string\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "writing direct signature\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "writing self signature\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "writing key binding signature\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "keysize invalid; using %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "keysize rounded up to %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certify"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Encrypt"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Authenticate"
 
@@ -5229,161 +5142,166 @@ msgstr "Authenticate"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
-msgstr "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
+msgstr "Possible actions for this %s key: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Current allowed actions: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Toggle the sign capability\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Toggle the encrypt capability\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Toggle the authenticate capability\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Finished\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
-msgstr "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
+msgstr "   (%d) RSA and RSA%s\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
-msgstr "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
+msgstr "   (%d) DSA and Elgamal%s\n"
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
-msgstr "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
+msgstr "   (%d) DSA (sign only)%s\n"
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
-msgstr "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
+msgstr "   (%d) RSA (sign only)%s\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
-msgstr "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
+msgstr "   (%d) Elgamal (encrypt only)%s\n"
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
-msgstr "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
+msgstr "   (%d) RSA (encrypt only)%s\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
-msgstr "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
+msgstr "   (%d) DSA (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
-msgstr "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
+msgstr "   (%d) RSA (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC and ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ECC (sign and encrypt)%s\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr " *default*"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (sign only)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
+msgstr "  (%d) ECC (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
-msgstr "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
+msgstr "  (%d) ECC (encrypt only)%s\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
-msgstr "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
+msgstr "  (%d) Existing key%s\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
-msgstr "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
+msgstr "  (%d) Existing key from card%s\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Enter the keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Not a valid keygrip (expecting 40 hex digits)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "No key with this keygrip\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "error reading the card: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Serial number of the card: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Available keys:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "rounded to %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s keys may be between %u and %u bits long.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "What keysize do you want for the subkey? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Requested keysize is %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Please select which elliptic curve you want:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5399,7 +5317,7 @@ msgstr ""
 "      <n>m = key expires in n months\n"
 "      <n>y = key expires in n years\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5415,38 +5333,38 @@ msgstr ""
 "      <n>m = signature expires in n months\n"
 "      <n>y = signature expires in n years\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Key is valid for? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Signature is valid for? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "invalid value\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Key does not expire at all\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Signature does not expire at all\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Key expires at %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signature expires at %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5454,11 +5372,11 @@ msgstr ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Is this correct? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5472,7 +5390,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5488,49 +5406,49 @@ msgstr ""
 "    “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Real name: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Invalid character in name\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "The characters ‘%s’ and ‘%s’ may not appear in name\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Name may not start with a digit\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Name must be at least 5 characters long\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Email address: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Not a valid email address\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comment: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Invalid character in comment\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "You are using the ‘%s’ character set.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5541,7 +5459,7 @@ msgstr ""
 "    “%s”\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Please don't put the email address into the real name or the comment\n"
 
@@ -5556,31 +5474,31 @@ msgstr "Please don't put the email address into the real name or the comment\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Change (N)ame, (E)mail, or (Q)uit? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Please correct the error first\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5592,13 +5510,13 @@ msgstr ""
 "disks) during the prime generation; this gives the random number\n"
 "generator a better chance to gain enough entropy.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Key generation failed: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5609,64 +5527,64 @@ msgstr ""
 "    “%s”\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Continue? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "A key for “%s” already exists\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Create anyway? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "creating anyway\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "Note: Use “%s %s” for a full featured key generation dialog.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Key generation canceled.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "can't create backup file '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Note: backup of card key saved to ‘%s’\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "writing public key to ‘%s’\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "no writable public keyring found: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "error writing public keyring '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "public and secret key created and signed.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5674,319 +5592,325 @@ msgstr ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command “--edit-key” to generate a subkey for this purpose.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Secret parts of primary key are not available.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Secret parts of primary key are stored on-card.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Really create? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "never     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Critical signature policy: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Signature policy: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Critical preferred keyserver: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Critical signature notation: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Signature notation: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d good signature\n"
 msgstr[1] "%d good signatures\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "%d signature not checked due to an error\n"
 msgstr[1] "%d signatures not checked due to errors\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Warning: %lu key skipped due to its large size\n"
 msgstr[1] "Warning: %lu keys skipped due to their large sizes\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Keyring"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primary key fingerprint:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Subkey fingerprint:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Primary key fingerprint:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Subkey fingerprint:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Key fingerprint ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Card serial no. ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "caching keyring ‘%s’\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu keys cached so far (%lu signature)\n"
 msgstr[1] "%lu keys cached so far (%lu signatures)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu key cached"
 msgstr[1] "%lu keys cached"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu signature)\n"
 msgstr[1] " (%lu signatures)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: keyring created\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "override proxy options set for dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "include revoked keys in search results"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "include subkeys when searching by key ID"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "override timeout options set for dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "automatically retrieve keys when verifying signatures"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "honor the preferred keyserver URL set on the key"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "honor the PKA record set on a key when retrieving keys"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "disabled"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Enter number(s), N)ext, or Q)uit > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "invalid keyserver protocol (us %d!=handler %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "“%s” not a key ID: skipping\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "refreshing %d key from %s\n"
 msgstr[1] "refreshing %d keys from %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "WARNING: unable to refresh key %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "key “%s” not found on keyserver\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "key not found on keyserver\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "requesting key %s from %s server %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "requesting key %s from %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "no keyserver known\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "skipped “%s”: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "sending key %s to %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "requesting key from ‘%s’\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "WARNING: unable to fetch URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "weird size for an encrypted session key (%d)\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
+#, c-format
+msgid "%s.%s encrypted session key\n"
+msgstr "%s.%s encrypted session key\n"
+
+#: g10/mainproc.c:385
 #, c-format
-msgid "%s encrypted session key\n"
-msgstr "%s encrypted session key\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "encrypted with unknown algorithm %d.%s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "passphrase generated with unknown digest algorithm %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "public key is %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "public key encrypted data: good DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
+msgstr "encrypted with %s key, ID %s, created %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      “%s”\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "encrypted with %s key, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "public key decryption failed: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "WARNING: multiple plaintexts seen\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "encrypted with %lu passphrases\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "encrypted with 1 passphrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "public key decryption failed: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "public key encrypted data: good DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "assuming %s encrypted data\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "WARNING: message was not integrity protected\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -5996,312 +5920,307 @@ msgstr ""
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Use the option ‘%s’ to decrypt anyway.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "decryption forced to fail!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "decryption okay\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "WARNING: encrypted message has been manipulated!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "decryption failed: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Note: sender requested “for-your-eyes-only”\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "original file name='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "standalone revocation - use “gpg --import” to apply\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "no signature found\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "BAD signature from “%s”"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Expired signature from “%s”"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Good signature from “%s”"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "signature verification suppressed\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "can't handle this ambiguous signature data\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signature made %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               using %s key %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signature made %s using %s key ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               issuer “%s”\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Key available at: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Note: Use ‘%s’ to make use of this info\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[uncertain]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                aka “%s”"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "WARNING: This key is not suitable for signing in %s mode\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Signature expired %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Signature expires %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s signature, digest algorithm %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binary"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "textmode"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "unknown"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", key algorithm "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "WARNING: not a detached signature; file ‘%s’ was NOT verified!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Can't check signature: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "not a detached signature\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "standalone signature of class 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "old style (PGP 2.x) signature\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat of ‘%s’ failed in %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) failed in %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "WARNING: using experimental public key algorithm %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "WARNING: using experimental cipher algorithm %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "WARNING: using experimental digest algorithm %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "WARNING: digest algorithm %s is deprecated\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Note: signatures using the %s algorithm are rejected\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Note: third-party key signatures using the %s algorithm are rejected\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(reported error: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(reported error: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(further info: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: deprecated option “%s”\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "WARNING: “%s” is a deprecated option\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "please use “%s%s” instead\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "WARNING: “%s” is a deprecated command - do not use it\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s:%u: “%s” is obsolete in this file - it only has effect in %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr ""
 "WARNING: “%s%s” is an obsolete option - it has no effect except on %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Uncompressed"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "uncompressed|none"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr "operation forced to fail due to unfulfilled compliance rules\n"
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "this message may not be usable by %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "ambiguous option ‘%s’\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "unknown option ‘%s’\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "unknown weak digest ‘%s’\n"
@@ -6324,85 +6243,76 @@ msgstr "%s: unknown suffix\n"
 msgid "Enter new filename"
 msgstr "Enter new filename"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "writing to stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "assuming signed data in ‘%s’\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "can't handle public key algorithm %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "WARNING: potentially insecure symmetrically encrypted session key\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Unknown critical signature notation: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpacket of type %d has critical bit set\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem with the agent: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "Please enter the passphrase for decryption."
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Enter passphrase\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "cancelled by user\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (main key ID %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Please enter the passphrase to unlock the OpenPGP secret key:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Please enter the passphrase to import the OpenPGP secret key:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Please enter the passphrase to export the OpenPGP secret subkey:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Please enter the passphrase to export the OpenPGP secret key:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Do you really want to permanently delete the OpenPGP secret subkey key:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Do you really want to permanently delete the OpenPGP secret key:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6417,7 +6327,7 @@ msgstr ""
 "created %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6431,34 +6341,77 @@ msgstr ""
 "very large picture, your key will become very large as well!\n"
 "Keeping the image close to 240x288 is a good size to use.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Enter JPEG filename for photo ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "unable to open JPEG file '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "This JPEG is really large (%d bytes) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Are you sure you want to use it? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "‘%s’ is not a JPEG file\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Is this photo correct (y/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "no remote program execution supported\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"this platform requires temporary files when calling external programs\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "unable to execute shell '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "unnatural exit of external program\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "system error while calling external program: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "WARNING: unable to remove temp directory '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"external program calls are disabled due to unsafe options file permissions\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "unable to display photo ID!\n"
@@ -6473,53 +6426,53 @@ msgstr "unable to display photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "No trust value assigned to:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  aka “%s”\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "How much do you trust that this key actually belongs to the named user?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = I don't know or won't say\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = I do NOT trust\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = I trust ultimately\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = back to the main menu\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = skip this key\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = quit\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6528,44 +6481,44 @@ msgstr ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Your decision? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Do you really want to set this key to ultimate trust? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificates leading to an ultimately trusted key:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: There is no assurance this key belongs to the named user\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: There is limited assurance this key belongs to the named user\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "This key probably belongs to the named user\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "This key belongs to us\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: This key is bad!  It has been marked as untrusted!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6575,7 +6528,7 @@ msgstr ""
 "*really* know what you are doing, you may answer the next\n"
 "question with yes.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6585,143 +6538,158 @@ msgstr ""
 "in the user ID.  If you *really* know what you are doing,\n"
 "you may answer the next question with yes.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Use this key anyway? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "WARNING: Using untrusted key!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "WARNING: this key might be revoked (revocation key not present)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "checking User ID “%s”\n"
+
+#: g10/pkclist.c:681
+#, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "option %s given but issuer “%s” does not match\n"
+
+#: g10/pkclist.c:684
+#, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "issuer “%s” does not match any User ID\n"
+
+#: g10/pkclist.c:687
+#, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "option %s given but no matching User ID found\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "WARNING: This key has been revoked by its designated revoker!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "WARNING: This key has been revoked by its owner!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         This could mean that the signature is forged.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "WARNING: This subkey has been revoked by its owner!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Note: This key has been disabled.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Note: Verified signer's address is ‘%s’\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Note: Signer's address ‘%s’ does not match DNS entry\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "trustlevel adjusted to FULL due to valid PKA info\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "trustlevel adjusted to NEVER due to bad PKA info\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Note: This key has expired!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"WARNING: The key's User ID is not certified with a trusted signature!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "WARNING: This key is not certified with a trusted signature!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         There is no indication that the signature belongs to the owner.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "WARNING: We do NOT trust this key!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         The signature is probably a FORGERY.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         It is not certain that the signature belongs to the owner.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: skipped: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: skipped: public key is disabled\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: skipped: public key already present\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "can't encrypt to ‘%s’\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "option ‘%s’ given, but no valid default keys given\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "option ‘%s’ given, but option ‘%s’ not given\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "You did not specify a user ID. (you may use “-r”)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Current recipients:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6729,40 +6697,40 @@ msgstr ""
 "\n"
 "Enter the user ID.  End with an empty line: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "No such user ID.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "skipped: public key already set as default recipient\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Public key is disabled.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "skipped: public key already set\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "unknown default recipient “%s”\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "no valid addressees\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Note: key %s has no %s feature\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Note: key %s has no preference for %s\n"
@@ -6772,76 +6740,81 @@ msgstr "Note: key %s has no preference for %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data not saved; use option “--output” to save it\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Detached signature.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Please enter name of data file: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "reading stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "no signed data\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "can't open signed data ‘%s’\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "can't open signed data fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "key %s is not suitable for decryption in %s mode\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonymous recipient; trying secret key %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "used key is not marked for encryption use.\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "okay, we are the anonymous recipient.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "old encoding of the DEK is not supported\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "cipher algorithm %d%s is unknown or disabled\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "WARNING: cipher algorithm %s not found in recipient preferences\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Note: secret key %s expired at %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Note: key has been revoked"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet failed: %s\n"
@@ -6859,37 +6832,37 @@ msgstr "To be revoked by:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(This is a sensitive revocation key)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Secret key is not available.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Create a designated revocation certificate for this key? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII armored output forced.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet failed: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Revocation certificate created.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "no revocation keys found for “%s”\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "This is a revocation certificate for the OpenPGP key:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6899,7 +6872,7 @@ msgstr ""
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6913,7 +6886,7 @@ msgstr ""
 "a reason for the revocation.  For details see the description of\n"
 "of the gpg command “--generate-revocation” in the GnuPG manual."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -6923,12 +6896,12 @@ msgstr ""
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "revocation certificate stored as ‘%s.rev’\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "secret key “%s” not found\n"
@@ -6941,16 +6914,16 @@ msgstr "secret key “%s” not found\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "‘%s’ matches multiple secret keys:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "error searching the keyring: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Create a revocation certificate for this key? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -6968,37 +6941,37 @@ msgstr ""
 "your media become unreadable.  But have some caution:  The print system of\n"
 "your machine might store the data and make it available to others!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Please select the reason for the revocation:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancel"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Probably you want to select %d here)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Enter an optional description; end it with an empty line:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Reason for revocation: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(No description given)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Is this okay? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "weak key created - retrying\n"
@@ -7008,61 +6981,56 @@ msgstr "weak key created - retrying\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s key %s uses an unsafe (%zu bit) hash\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "key %s may not be used for signing in %s mode\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr "continuing verification anyway due to option %s\n"
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "WARNING: signature digest conflict in message\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "key %s may not be used for signing in %s mode\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "WARNING: signing subkey %s is not cross-certified\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "please see %s for more information\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "WARNING: signing subkey %s has an invalid cross-certification\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "public key %s is %lu second newer than the signature\n"
 msgstr[1] "public key %s is %lu seconds newer than the signature\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "public key %s is %lu day newer than the signature\n"
 msgstr[1] "public key %s is %lu days newer than the signature\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7073,7 +7041,7 @@ msgstr[0] ""
 msgstr[1] ""
 "key %s was created %lu seconds in the future (time warp or clock problem)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7083,55 +7051,55 @@ msgstr[0] ""
 msgstr[1] ""
 "key %s was created %lu days in the future (time warp or clock problem)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Note: signature key %s expired %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Note: signature key %s has been revoked\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "assuming bad signature from key %s due to an unknown critical bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "key %s: no subkey for subkey revocation signature\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "key %s: no subkey for subkey binding signature\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7140,49 +7108,49 @@ msgstr ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s signature from: “%s”\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signing:"
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
-msgstr "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
+msgstr "%s.%s encryption will be used\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "key is not flagged as insecure - can't use it with the faked RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "skipped “%s”: duplicated\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "skipped: secret key already present\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "this is a PGP generated Elgamal key which is not secure for signatures!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "trust record %lu, type %d: write failed: %s\n"
@@ -7196,43 +7164,43 @@ msgstr ""
 "# List of assigned trustvalues, created %s\n"
 "# (Use “gpg --import-ownertrust” to restore them)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "error in '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "line too long"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "colon missing"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "invalid fingerprint"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "ownertrust value missing"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "error finding trust record in '%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "read error in '%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sync failed: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "can't create lock for ‘%s’\n"
@@ -7242,12 +7210,12 @@ msgstr "can't create lock for ‘%s’\n"
 msgid "can't lock '%s'\n"
 msgstr "can't lock ‘%s’\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek failed: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
@@ -7262,7 +7230,7 @@ msgstr "trustdb transaction too large\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: directory does not exist!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "can't access '%s': %s\n"
@@ -7303,7 +7271,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: error updating version record: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: error reading version record: %s\n"
@@ -7313,52 +7281,52 @@ msgstr "%s: error reading version record: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: error writing version record: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek failed: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: not a trustdb file\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: version record with recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: invalid file version %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: error reading free record: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: error writing dir record: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: failed to zero a record: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: failed to append a record: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Error: The trustdb is corrupted.\n"
@@ -7398,10 +7366,10 @@ msgstr "unsupported TOFU database version: %s\n"
 msgid "TOFU DB error"
 msgstr "TOFU DB error"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "error reading TOFU database: %s\n"
@@ -7421,7 +7389,7 @@ msgstr "error initializing TOFU database: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "error opening TOFU database '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "error updating TOFU database: %s\n"
@@ -7592,109 +7560,109 @@ msgstr "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
 msgid "Defaulting to unknown.\n"
 msgstr "Defaulting to unknown.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "TOFU db corruption detected.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "error changing TOFU policy: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~year"
 msgstr[1] "%lld~years"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~month"
 msgstr[1] "%lld~months"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~week"
 msgstr[1] "%lld~weeks"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~day"
 msgstr[1] "%lld~days"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~hour"
 msgstr[1] "%lld~hours"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~minute"
 msgstr[1] "%lld~minutes"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~second"
 msgstr[1] "%lld~seconds"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Verified 0~signatures and encrypted 0~messages."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Verified 0 signatures."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Encrypted 0 messages."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(policy: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Warning: you have yet to encrypt a message to this key!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Warning: you have only encrypted one message to this key!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7721,160 +7689,160 @@ msgstr[1] ""
 "  %s\n"
 "to mark it as being bad.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "error opening TOFU database: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "‘%s’ is not a valid long keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "key %s: accepted as trusted key\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "key %s occurs more than once in the trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "key %s: no public key for trusted key - skipped\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "key %s marked as ultimately trusted\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "trust record %lu, req type %d: read failed: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "trust record %lu is not of requested type %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "You may try to re-create the trustdb using the commands:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "If that does not work, please consult the manual\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "unable to use unknown trust model (%d) - assuming %s trust model\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "using %s trust model\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "no need for a trustdb check\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "next trustdb check due at %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "no need for a trustdb check with ‘%s’ trust model\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "no need for a trustdb update with ‘%s’ trust model\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "public key %s not found: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "please do a --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "checking the trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%d key processed"
 msgstr[1] "%d keys processed"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (%d validity count cleared)\n"
 msgstr[1] " (%d validity counts cleared)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "no ultimately trusted keys found\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "public key of ultimately trusted key %s not found\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "unable to update trustdb version record: write failed: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "undefined"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "never"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "full"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultimate"
 
@@ -7886,39 +7854,39 @@ msgstr "ultimate"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 translator see trust.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ revoked]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ expired]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ unknown]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  undef ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[  never ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginal]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  full  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ultimate]"
 
@@ -7943,19 +7911,29 @@ msgstr "input line %u too long or missing LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "can't open fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "WARNING: encrypting without integrity protection is dangerous\n"
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "Hint: Do not use option %s\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "set debugging flags"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "enable full debugging"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Usage: kbxutil [options] [files] (-h for help)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -7966,72 +7944,180 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNumber: %s%%0AHolder: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Remaining attempts: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
+msgstr "|N|Please enter the new Global-PIN"
+
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Please enter the Global-PIN of your PIV card"
+
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr "|N|Please enter the new PIN"
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Please enter the PIN of your PIV card"
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|N|Please enter the new Unblocking Key"
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||Please enter the Unblocking Key of your PIV card"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN callback returned error: %s\n"
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN is too short; minimum length is %d\n"
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN is too long; maximum length is %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr "PIN has invalid characters; only digits are allowed\n"
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "key already exists\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "existing key will be replaced\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generating new key\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "writing new key\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "failed to store the key: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "response does not contain the RSA modulus\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "response does not contain the RSA public exponent\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "response does not contain the EC public key\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "please wait while key is being generated ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generating key failed\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "key generation completed (%d second)\n"
+msgstr[1] "key generation completed (%d seconds)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "response does not contain the public key data\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Please enter the PIN for the key to create qualified signatures."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Please enter the Admin PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Please enter the PIN for the standard keys."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA modulus missing or not of size %d bits\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA public exponent missing or larger than %d bits\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN callback returned error: %s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
+msgstr "Note: PIN has not yet been enabled."
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "the NullPIN has not yet been changed\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Please enter a new PIN for the standard keys."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Please enter a new PIN for the key to create qualified signatures."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8039,7 +8125,7 @@ msgstr ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8047,47 +8133,27 @@ msgstr ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "error getting new PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "failed to store the fingerprint: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "failed to store the creation date: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "error retrieving CHV status from card\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "response does not contain the RSA modulus\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "response does not contain the RSA public exponent\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "response does not contain the EC public key\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "response does not contain the public key data\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "reading public key failed: %s\n"
@@ -8095,42 +8161,42 @@ msgstr "reading public key failed: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "using default PIN as %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "failed to use default PIN as %s: %s - disabling further default use\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Please unlock the card"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN for CHV%d is too short; minimum length is %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "verify CHV%d failed: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "card is permanently locked!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8138,20 +8204,20 @@ msgid_plural ""
 msgstr[0] "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgstr[1] "%d Admin PIN attempts remaining before card is permanently locked\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "access to admin commands is not configured\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Please enter the PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Please enter the Reset Code for the card"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Reset Code is too short; minimum length is %d\n"
@@ -8159,121 +8225,79 @@ msgstr "Reset Code is too short; minimum length is %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|New Reset Code"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|New Admin PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|New PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Please enter the Admin PIN and New Admin PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Please enter the PIN and New PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "error reading application data\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "error reading fingerprint DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "key already exists\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "existing key will be replaced\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generating new key\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "writing new key\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "creation timestamp missing\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
-msgstr "RSA prime %s missing or not of size %d bits\n"
-
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "failed to store the key: %s\n"
-
-#: scd/app-openpgp.c:3993
-#, c-format
-msgid "unsupported curve\n"
-msgstr "unsupported curve\n"
-
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "please wait while key is being generated ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generating key failed\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "key generation completed (%d second)\n"
-msgstr[1] "key generation completed (%d seconds)\n"
+msgstr "RSA prime %s missing or not of size %d bits\n"
+
+#: scd/app-openpgp.c:4651
+#, c-format
+msgid "unsupported curve\n"
+msgstr "unsupported curve\n"
 
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "invalid structure of OpenPGP card (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "fingerprint on card does not match requested one\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "card does not support digest algorithm %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "signatures created so far: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 "verification of Admin PIN is currently prohibited through this command\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "can't access %s - invalid OpenPGP card?\n"
@@ -8285,59 +8309,63 @@ msgstr "||Please enter your PIN at the reader's pinpad"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Initial New PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "run in multi server mode (foreground)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|set the debugging level to LEVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|write a log to FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|connect to reader at port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|use NAME as ct-API driver"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|use NAME as PC/SC driver"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "do not use the internal CCID driver"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|disconnect the card after N seconds of inactivity"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "do not use a reader's pinpad"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "use variable length input for pinpad"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr "|LIST|change the application priority to LIST"
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "deny the use of admin card commands"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Usage: @SCDAEMON@ [options] (-h for help)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8345,38 +8373,32 @@ msgstr ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "please use the option ‘--daemon’ to run the program in the background\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "handler for fd %d started\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "handler for fd %d terminated\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "error getting key usage information: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "validation model requested by certificate: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "chain"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8409,7 +8431,7 @@ msgstr "Note: non-critical certificate policy not allowed"
 msgid "certificate policy not allowed"
 msgstr "certificate policy not allowed"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "failed to get the fingerprint\n"
@@ -8424,7 +8446,7 @@ msgstr "looking up issuer at external location\n"
 msgid "number of issuers matching: %d\n"
 msgstr "number of issuers matching: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "can't get authorityInfoAccess: %s\n"
@@ -8444,231 +8466,231 @@ msgstr "number of matching certificates: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngr cache-only key lookup failed: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "failed to allocate keyDB handle\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certificate has been revoked"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "the status of the certificate is unknown"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "please make sure that the “dirmngr” is properly installed\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "checking the CRL failed: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certificate with invalid validity: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certificate not yet valid"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "root certificate not yet valid"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "intermediate certificate not yet valid"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certificate has expired"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "root certificate has expired"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "intermediate certificate has expired"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "required certificate attributes missing: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certificate with invalid validity"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "signature not created during lifetime of certificate"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certificate not created during lifetime of issuer"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "intermediate certificate not created during lifetime of issuer"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  signature created at "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certificate created at "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certificate valid from "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     issuer valid from "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "fingerprint=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "root certificate has now been marked as trusted\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interactive marking as trusted not enabled in gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interactive marking as trusted disabled for this session\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "WARNING: creation time of signature not known - assuming current time"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "no issuer found in certificate"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "self-signed certificate has a BAD signature"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "root certificate is not marked trusted"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "checking the trust list failed: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "certificate chain too long\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "issuer certificate not found"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certificate has a BAD signature"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "found another possible matching CA certificate - trying again"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "certificate chain longer than allowed by CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certificate is good\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "intermediate certificate is good\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "root certificate is good\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "switching to chain model"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "validation model used: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "a %u bit hash is not valid for a %u bit %s key\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "out of core\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(this is the MD2 algorithm)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "none"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Error - invalid encoding]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Error - out of core]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Error - No name]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Error - invalid DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8683,132 +8705,142 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "created %s, expires %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "no key usage specified - assuming all usages\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error getting key usage information: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "certificate should not have been used for certification\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certificate should not have been used for OCSP response signing\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certificate should not have been used for encryption\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certificate should not have been used for signing\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certificate is not usable for encryption\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certificate is not usable for signing\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr "looking for another certificate\n"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "line %d: invalid algorithm\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "line %d: invalid key length %u (valid are %d to %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "line %d: no subject name given\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "line %d: invalid subject name label ‘%.*s’\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "line %d: invalid subject name ‘%s’ at pos %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "line %d: not a valid email address\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "line %d: invalid serial number\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "line %d: invalid issuer name label ‘%.*s’\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "line %d: invalid issuer name ‘%s’ at pos %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "line %d: invalid date given\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "line %d: error getting signing key by keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "line %d: invalid hash algorithm given\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "line %d: invalid authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "line %d: invalid subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "line %d: invalid extension syntax\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "line %d: error reading key ‘%s’ from card: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "line %d: error getting key by keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "line %d: key generation failed: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8816,45 +8848,45 @@ msgstr ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Existing key\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Existing key from card\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Possible actions for a %s key:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) sign, encrypt\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) sign\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) encrypt\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Enter the X.509 subject name: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "No subject name given\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Invalid subject name label ‘%.*s’\n"
@@ -8864,240 +8896,234 @@ msgstr "Invalid subject name label ‘%.*s’\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Invalid subject name ‘%s’\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Enter email addresses"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (end with an empty line):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Enter DNS names"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (optional; end with an empty line):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Enter URIs"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Create self-signed certificate? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "These parameters are used:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "error creating temporary file: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Now creating self-signed certificate.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Now creating certificate request.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "This may take a while ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Ready.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Ready.  You should now send this request to your CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "resource problem: out of core\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "%s.%s encrypted data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(this is the RC2 algorithm)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(this does not seem to be an encrypted message)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "encrypted to %s key %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certificate ‘%s’ not found: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "error locking keybox: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "duplicated certificate ‘%s’ deleted\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificate ‘%s’ deleted\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "deleting certificate “%s” failed: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "no valid recipients given\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "list external keys"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "list certificate chain"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "import certificates"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "export certificates"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "register a smartcard"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "pass a command to the dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "invoke gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "don't use the terminal at all"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|number of certificates to include"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|take policy information from FILE"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "assume input is in PEM format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "assume input is in base-64 format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "assume input is in binary format"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "create base-64 encoded output"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|use USER-ID as default secret key"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|add keyring to the list of keyrings"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|use this keyserver to lookup keys"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "fetch missing issuer certificates"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|use encoding NAME for PKCS#12 passphrases"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "never consult a CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "do not check CRLs for root certificates"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "check validity using OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "do not check certificate policies"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|use cipher algorithm NAME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|use message digest algorithm NAME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "batch mode: never ask"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "assume yes on most questions"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "assume no on most questions"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|write an audit log to FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Usage: @GPGSM@ [options] [files] (-h for help)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9107,87 +9133,122 @@ msgstr ""
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
 "Default operation depends on the input data\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Note: won't be able to encrypt to '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "unknown validation model ‘%s’\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: no hostname given\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: password given without user\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr "%s:%u: ignoring unknown flag ‘%s’\n"
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: skipping this line\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "could not parse keyserver\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importing common certificates ‘%s’\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "can't sign using '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "invalid command (there is no implicit command)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "total number processed: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "error storing certificate\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "basic certificate checks failed - not imported\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "error getting stored flags: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "error importing certificate: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "error reading input: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "no keyboxd running in this session\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "error opening key DB: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problem looking for existing certificate: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "error finding writable keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "error storing certificate: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problem re-searching certificate: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "error storing flags: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Error - "
 
@@ -9196,17 +9257,17 @@ msgstr "Error - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY has not been set - using maybe bogus default\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "invalid formatted fingerprint in '%s', line %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "invalid country code in '%s', line %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9223,7 +9284,7 @@ msgstr ""
 "\n"
 "%s%sAre you really sure that you want to do this?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9232,7 +9293,7 @@ msgstr ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9243,54 +9304,59 @@ msgstr ""
 "“%s”\n"
 "Note, that this certificate will NOT create a qualified signature!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "hash algorithm used for signer %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "checking for qualified certificate failed: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s/%s signature using %s key %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signature made "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[date not given]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "algorithm:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 "invalid signature: message digest attribute does not match computed one\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Good signature from"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                aka"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "This is a qualified signature\n"
@@ -9315,100 +9381,100 @@ msgstr "can't acquire write lock on the certificate cache: %s\n"
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "can't release lock on the certificate cache: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "dropping %u certificates from the cache\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "can't parse certificate '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificate ‘%s’ already cached\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "trusted certificate ‘%s’ loaded\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificate ‘%s’ loaded\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1 fingerprint = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   issuer ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  subject ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "error loading certificate '%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "permanently loaded certificates: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    runtime cached certificates: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           trusted certificates: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certificate already cached\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certificate cached\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "error caching certificate: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "invalid SHA1 fingerprint string ‘%s’\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "error fetching certificate by S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "error fetching certificate by subject: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "no issuer found in certificate\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "error getting authorityKeyIdentifier: %s\n"
@@ -9926,55 +9992,55 @@ msgstr "CRL access not possible due to Tor mode\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "certificate search not possible due to disabled %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "use OCSP instead of CRLs"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "check whether a dirmngr is running"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "add a certificate to the cache"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "validate a certificate"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "lookup a certificate"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "lookup only locally stored certificates"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "expect an URL for --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "load a CRL into the dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "special mode for use by Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "expect certificates in PEM format"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "force the use of the default OCSP responder"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -9986,215 +10052,211 @@ msgstr ""
 "The process returns 0 if the certificate is valid, 1 if it is\n"
 "not valid and other error codes for general failures\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "error reading certificate from stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "error reading certificate from '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certificate too large to make any sense\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "can't connect to the dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "lookup failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "loading CRL ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "a dirmngr daemon is up and running\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "validation of certificate failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "certificate is valid\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "certificate has been revoked\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "certificate check failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "got status: ‘%s’\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "error writing base64 encoding: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "unsupported inquiry ‘%s’\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "absolute file name expected\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "looking up ‘%s’\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "list the contents of the CRL cache"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|load CRL from FILE into cache"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|fetch a CRL from URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "shutdown the dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "flush the cache"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "allow online software version check"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|do not return more than N items in one query"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr "Network related options"
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "route all network traffic via Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Configuration for Keyservers"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|use keyserver at URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|use the CA certificates in FILE for HKP over TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Configuration for HTTP servers"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "inhibit the use of HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignore HTTP CRL distribution points"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|redirect all HTTP requests to URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "use system's HTTP proxy setting"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Configuration of LDAP servers to use"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "inhibit the use of LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignore LDAP CRL distribution points"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|use HOST for LDAP queries"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "do not use fallback hosts with --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|use this keyserver to lookup keys"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|read LDAP server list from FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "add new servers discovered in CRL distribution points to serverlist"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|set LDAP timeout to N seconds"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Configuration for OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "allow sending OCSP requests"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignore certificate contained OCSP service URLs"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|use OCSP responder at URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|OCSP response signed by FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "force loading of outdated CRLs"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10204,11 +10266,11 @@ msgstr ""
 "(See the “info” manual for a complete listing of all commands and "
 "options)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Usage: @DIRMNGR@ [options] (-h for help)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10216,113 +10278,293 @@ msgstr ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "valid debug levels are: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "usage: %s [options] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "colons are not allowed in the socket name\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "fetching CRL from ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "processing CRL from ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: line too long - skipped\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: invalid fingerprint detected\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: read error: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: garbage at end of line ignored\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUP received - re-reading configuration and flushing caches\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 received - no action defined\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM received - shutting down ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM received - still %d active connections\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "shutdown forced\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT received - immediate shutdown\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "signal %d received - no action defined\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "return all values in a record oriented format"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|ignore host part and connect through NAME"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr "force a TLS connection"
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|connect to host NAME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|connect to port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|use user NAME for authentication"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|use password PASS for authentication"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "take password from $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|query DN STRING"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|use STRING as filter expression"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|return the attribute STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "invalid port number %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "scanning result for attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "error writing to stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          available attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "attribute ‘%s’ not found\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "found attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "processing url ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          user ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          pass ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          host ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filter ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          attr ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "no host name in ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "no attribute given for query ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "WARNING: using first attribute only\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP init to ‘%s:%d’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP init to ‘%s’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP init to ‘%s’ done\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "binding to ‘%s:%d’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "searching ‘%s’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "‘%s’ is not an LDAP URL\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "‘%s’ is an invalid LDAP URL\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "error accessing '%s': http status %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL ‘%s’ redirected to ‘%s’ (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "too many redirections\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "redirection changed to ‘%s’\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "error printing log line: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error reading log from ldap wrapper %d: %s\n"
@@ -10352,51 +10594,31 @@ msgstr "waiting for ldap wrapper %d failed: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap wrapper %d stalled - killing\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "invalid char 0x%02x in host name - not added\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "adding ‘%s:%d’ to the ldap server list\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc failed: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "‘%s’ is not an LDAP URL\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "‘%s’ is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: invalid pattern ‘%s’\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search hit the size limit of the server\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: password given without user\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u: ignoring unknown flag ‘%s’\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: skipping this line\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10482,91 +10704,91 @@ msgstr "hashing the OCSP response for ‘%s’ failed: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "not signed by a default OCSP signer's certificate"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "allocating list item failed: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "error getting responder ID: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "no suitable certificate found to verify the OCSP response\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "issuer certificate not found: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "caller did not return the target certificate\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "caller did not return the issuing certificate\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "failed to allocate OCSP context: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "no default OCSP responder defined\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "no default OCSP signer defined\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "using default OCSP responder ‘%s’\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "using OCSP responder ‘%s’\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "error getting OCSP status for target certificate: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "certificate status is: %s  (this=%s  next=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "good"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certificate has been revoked at: %s due to: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP responder returned a status in the future\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP responder returned a non-current status\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP responder returned an too old status\n"
@@ -10576,67 +10798,71 @@ msgstr "OCSP responder returned an too old status\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) failed: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver missing"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serialno missing in cert ID"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire failed: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url failed: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "error sending data: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch failed: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert failed: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d exceeded\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "can't allocate control structure: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "failed to allocate assuan context: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "failed to initialize the server: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "failed to the register commands with Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan accept problem: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan processing failed: %s\n"
@@ -10679,51 +10905,55 @@ msgstr "certificate chain is good\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certificate should not have been used for CRL signing\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "quiet"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "print data out hex encoded"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "decode received data lines"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "connect to the dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr "connect to the keyboxd"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|connect to Assuan socket NAME"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|connect to Assuan server at ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "run the Assuan server given on the command line"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "do not use extended connect mode"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|run commands from FILE on startup"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "run /subst on startup"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Usage: @GPG@-connect-agent [options] (-h for help)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10731,173 +10961,186 @@ msgstr ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "option “%s” requires a program and optional arguments\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "option “%s” ignored due to “%s”\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "receiving line failed: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "line too long - skipped\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "line shortened due to embedded Nul character\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "unknown command ‘%s’\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "sending line failed: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "no keybox daemon running in this session\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "error sending standard options: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr "Public Keys"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Private Keys"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartcards"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr "TPM"
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Network"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Passphrase Entry"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Component not suitable for launching"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Configuration file of component %s is broken\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Note: Use the command “%s%s” to get details.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "External verification of component %s failed"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Note that group specifications are ignored\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "error closing ‘%s’\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "error parsing ‘%s’\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "list all components"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "check all programs"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|list options"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|change options"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|check options"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "apply global default values"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|update configuration files using FILE"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "get the configuration directories for @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "list global configuration file"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "check global configuration file"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "query the software version database"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "reload all or a given component"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "launch a given component"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "kill a given component"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "use as output file"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "activate changes at runtime, if possible"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Usage: @GPGCONF@ [options] (-h for help)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -10905,15 +11148,15 @@ msgstr ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Need one component argument"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Component not found"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "No argument allowed"
 
@@ -10928,3 +11171,79 @@ msgid ""
 msgstr ""
 "Syntax: gpg-check-pattern [options] patternfile\n"
 "Check a passphrase given on stdin against the patternfile\n"
+
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Note: key %s is already stored on the card!\n"
+
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Note: Keys are already stored on the card!\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Replace existing key %s ? (y/N) "
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr "%s card no. %s detected\n"
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr "User Interaction Flag is set to “%s” - can't change\n"
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+"Warning: Setting the User Interaction Flag to “%s”\n"
+"         can only be reverted using a factory reset!\n"
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr "Please use “uif --yes %d %s”\n"
+
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr "authenticate to the card"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr "send a reset to the card daemon"
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "setup KDF for PIN authentication"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr "change a private data object"
+
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr "read a certificate from a data object"
+
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr "store a certificate to a data object"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr "store a private key to a data object"
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr "Yubikey management commands"
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr "manage the command history"
diff --git a/po/en@quot.gmo b/po/en@quot.gmo
index a5375de395914f698644d1e26ee39ac7832062a5..2c038a555fa5b8f76e8381ed4967fe0e1b9e91af 100644
GIT binary patch
delta 55989
zcmZ793B1k4|M>B9@3rr;6AlVdl6`mW`<7Bs$kIkcCF0vD3PqL>Z6fW-QYn(HvQ#80
z6(K6gQfbrP|MfaEevcmi^ZT8iGxM3xEbp25oa3td-S<$zBijq64xE)^UV_)^Jc-2F
z_<6fT;<fyV#G}(JO(e#?o=9AP<FF|{gLyI%i7&Af`4ejsiFYu^8;L|Qd>>2WVJwG#
zVnr;qF60~H+2ng;@kAn(xG5IggLSy@M7WUn7^{#!7W0MHha0Ozvylc8SK(PWI_B?*
z*B{2(l)r|ydlVaDxeX!T8{5)<Vls(ZTzC&V;U8$lwi`nS6VMUQMgo&qhR*!;=x!`S
z{uo*>$EIMVXbUtV{qP*TC6+&=^q+W@L{a<@YvR{f6^p(ZBG3qHkiQbk;*{tUSb+RG
ztc34IPhbi1h29FGKL@SX7RzHVw7rp-vcZQ*l*Cn71h->B+#k!2qch8VJItUW+Cf|N
zzP{*yN1^R4!1M8CG-6+%_n$!P=iM9zoZL+OZKyQ`-gtTR=ID&*b7%u^<9T=pU4r~u
z5{V>MK^tz1w$m><1`Yje?10asd*w%TU^%xEe;Y2kH5AlBH&qj~yhkh_j?KuA#dB~K
zy1VzHOZRIu&$bZ3vUo1#HL(Kr!hCpBbUeCblT##mka!k5;BQzTvpG|4sxep<XQ2an
z4V~dfXanD4Wi0w`7+5{D-W6B_$Dr32<5l=J-i?*t3-wdakjSQBJK9mf?cs)c=na?Q
z#kdMRPI-2O5H?05)fEl#)#wu39`m!~_2;7-&`5lQJ@F@GBB?~%_d~-2un-q!p$$Hc
z?$*`lO!q{8!^Y&x?o1@A<0a^l{14B^C$JjsM3?9^+Fr2_!UWGp_grs0+w*@t2}d>=
zz2PZL;wE$ehp{y#b|n(cp$+<cxC>p1HCPuvLfgr+J4CP=x(7O=k-Z6>$oyEo1}l61
z50a>YnIDFcSH&dx?&w;ML_<A2<`>8Odh`^0h(+)?8j-)yh@AUTxUVx7BR>G`=Vo-E
z^D$+`S7X7x=pX1v%X}OL&=kGla?Hlt&>5{pH`hV5oy<Mqfm03LydCgDyc+FzHkQOy
zXymr<A^ukQh5|b%^+{N(25888pb>Z=mM=#;+=g~|94lgxPs4MeHoDe*F+EdkM1DS&
z!Vl1aA4Qj@@MpxoG>Q73#gJnG@*}Y@PKf#G=!hS}68H-G0C^W{;~sRNx%URoK{sP7
zbPtU{CpaDX|HKRY!zG)X+85S*KHAU*tcO2fH$3<AM4}_!jCnH>i8s&zZrLCF5FN-D
zXa^^-73M#XNL+*6a3;QjTd?iHuq64vNF;KRPc<b`o<wUjBm*%oPR4RL3k~s7bQ5jI
zocIM^hDWe1wm1~NCrm;ovJz|IVeEuO4~KK#4}CB##hRY~Pe^!Pv%U-=u89t)Jv!4N
zXvd?_klll><%5_Tmti4%6)WRrwBAuHgTJGvqS#mA)3q5oq3f`!=YJ{*L$@5u;`>+}
zzePjz4_3vTUxx<IM|W|1G(uOQ0~&{QaW*=z&FE6@zzZ<*NSJwTtU|sY7N!40ibN%x
zjYi^SG<5s$Y|QsfxS<;6A>Reh!AsDk8iz(`QY@d31<AjGcKj|n!QasKN*xUosE6tE
z--U!ByD54X+Ta728=uCOxD1`qci050d>c+ff2>OW7PO;B&?S5wjnJp)Qv8fYw$QOq
zugWpv--v?N6u5@t(Tev)pF~5w9&PAjG}NasALczCB2ye4KqIV<17dzE8p-9D0}r4B
z_!9HrZ^wzh9cP>f&-5bLlYB>PfDfS|`~X|wKbVc#C&S0}UFe#>gN^ZTtc?x73*Q&6
z!>;6?!VdT&W@D4@IWagsMWQB&*ReSs!S;C058(kc3|)fp*byh;`M4c@5dDsZyzr?|
zzZMoG-y-I_qNn0YG-4@q>Fz`CPi-b~7KwdmXud;tXV#D5n@u(JdSkSsuISzvhSpEv
z1vnSoly9P;{RXSy59kt?{wXX`FRVp=EY{%m#4{w^{kyR?{*12Wxj%=Qc18EZICKxp
ziRH`D8GVjt;Wt<x|3D{D`<F1#OVCIBbyx)N!d&<Omh=2SMB;f0R-vI9_$%LFaS|Hx
zvrmWep;(>#RCJ~*u{iF*c6b~w!i#<jp&g8#f^q0`Wj;EQm(WOV$3~w2<0OjVIlqUB
zjnIMgMsFB{rEnJ7;j>r~*Wn`Ek0tPqKSG4&q7hjU^KZrcK`cZ0k60E9{7L*vlc+|b
zHD;p?O~S(X5EjMf&||n3&&A#7ru+>Zc;c@xz~bnP&&MQoM(-Pj<!~ap_6yM^+VL0h
z?@Qto1^uz>-|SR;0gXVOfB4dYHPQ0B(fWrl3!D8L%*G`7w&)TKMLV1k%b!OF{2m&~
z57E7I{NEJMWfH$q;7oo;BTz7rk$x^zK_gHH4Ov^X;Q?qU$D{S<q4&Rl&UgbF**$nR
zevh_OAS2`}px2wGNZ8ONXa^(E5Z#M5xEk~0cJw*%DNey0nHh;Ia60D2BbdY=&|_CL
zE7Wg{ZqA{YjW1w5Jb_IxRVhbCdM&O*kKvs${{*@xw%{?$n=>Q*g!>s?np(NSOnRXm
zjKJpj3c3V8q7SNaxiiwwhmPpL#$YpCh!s8m`$%}+|3q)7%ug4LL=SYvH=xJrLA2v-
zXuabxUz)E)cGwi_;}EQa52FLyfi79Ge4)Jy(WU5z>F@tH#)A9MUHK?F(v9eGJBl^%
zZ@dtz=MMw99DVYQN6Vi>>wSi~F-L)n^l2!7%rsF0&%@4`#9OdZio`q;9;?@4h5hI;
z%3Uxc{h&A(ljPf?^@gGmnuhM?r_s%{9)0$Ig3j=3^t0qNCb31K5Xk}P9+-_OL%)TD
zGd_uSP@-@~`m0w{w84(($7dh(*!4r}4M2DMJ?NwLQFPP3h;G_V=*)NELOhA>aC(v8
z?jjld{D*?lMZ*a1MML^L&csjA2Ch3RY_6%;iTswBFH$V*>h9>~n~6Pf2lmDa#WT_$
zv!l`LEAcM;9^HhaN~FT3Symz=(Vc>?@KUT>lF;D2=$hp%6$Vrn2a|sb9ay!};nZ|M
z_s;d`1nx&S?^^W!Z_r2=EfcOc!o%dRNs-{BBs!H1Yu>Y5Mxq}VMxY(Mi|+bkn0_#w
z9oD)Ey2j100Cq<o+5IpN4nvpV7Ibgii52jnczrc`DpH$BIMV&-vC3OMBmIr00lJHC
zK#$dEw83Z5<M;|Xpd;w<`wN}vxfMbrdZ6vzj85S3n13_ozeDy=Dp9mzSo?<P=D8eO
z;&616Ek$?xZgi$6(M|UUI^&|rU?sHtB6Q##F^N6VNAM{0RLzJk#e6REyCi(%evC#S
zN2M^Mi!e#PFaD1u8jm*gdu5gkOI8VMSw7kY9q2f80&~#`d=&iyeNH6L3FSTUJo-<J
zA>o5&5&BuM3LWWA^oEmI8_S;?*06i@Ml@p6(KTL#9@8~wWY(h*dmpX04=dsK=+YIf
z$|g5ajf4#}M?3C=h42=%p-Jc$iaF?vo<;|}J(eHByySmI2mBBE@mi}|M*3THWAs$q
zgl^7-=pK5e8t30#`56Unmfz5|JEwa1bUPo1lb?*9=bvJEhx0NLQ^_yJURa|>M&e7H
zfMalA&5Xni_z8Bw*5`*O;S4nYF}A@<7o@@iW#|RrNw*x0z&cFgKFq?u&>1Icg$GUv
zY(=&Y`Y2t1LvROPgLN(pGkgf0`Fq$He@B<HZtW1MAt@3bues=Xd>4HbA3--|p^HLf
znqyt^*P{`84889Sw1Xe9BPQ!)B!=Sk=x4)DbW?tVE_G(z5V_LmUPvt_;kVhh(A|F&
ztyrR7xUnW)LcTrP@grCfU&oEO7u_3=)Xzv<kIT@3mu?X1cR;USgPxvoXvYtRd@8Y;
zguC=(baNd>pKN&=h8xPF515AN00*L<@At>@jcAA8q94Dd8-)i^8+3_oMC&id=6E=o
zZ0u5S{`!+}^UXvXT8qsyc;uo>QN3w+g7rj~=;r85^whk7NqjrzzmC`cL6@X#voMjt
zXuUhpC0UI1JpXTyXpg7R88o8z1~?dv$iwL7*@)Kr1C3a#7U6l(9bJ;^(3ws}XSx=x
z|2tlc*)79|+8i8BzF0Q-79=K<@H}otZ#<2iuzsu1aSGk#YtTLL9r|fkuyu&oMc9)3
zKx~VPFdM(dc38Ddi12W<p9N^Y@3!ImcPEjzZRqgw=o4tg6X@=)&@M!xEBYK5jZJV1
zHpPtgVF1n1kpB<8Zwvb2^K&dO)ggST9f<CYB^@~b_mcRU0%tI?V_2Kz*qZ#icpet)
z6do82(foLHuRMj$<Rdin#X4uC|GeKGjpQ8ki^eX@#zI}flJr0a`e2I0r6dlb$FP3a
zF!H{bUQ09*Ytbb+iP_k&Tj+Q!`b2vT9dK6naJ@bHe3*isnsw;jI))9gM2|3mR5ub<
zn1DW+o{R29*F1mEFtBWNw-3d^cn4mGhjA=+=@kb0Hufd|D}Kr;>UD8g`x=*oCG3Nq
zstL%1Qi&%?7>e)EHEnolM*0T^qcOq%zkr5%X`ism_hC-*f1;1(jLX6!J10&eUj;Yg
zGw6(OygYpMT7X7!1G;%nVI9wZi7PS^(<$hP4&-C>#tMDI8g@b>GX*_{t7HC0tW3U2
zztBN@tVI4s^w`csBfAP+io@uqY3VD&x8>?shyD|dNesZ@=mTau=EI}WpQ8Un^IjF6
zh{e%*&7&Q$DEZ!49EYM0n%mJw`aJY|zzbLeH(<&JJ|K|`_hDW<j0NxnTJd+ZUcUa}
zJ75X)bG{N9nO<l}Ct@Rf8V&V9^mG&*5RPq6^i({F>4*&A{JY6Y4-AjUZs;kv0n?9U
ztWJI{`r!Er-Go_Jhc75+qcg3E4mcYNVmEAq{m{+!I68r?@%nCb>Atv{^PeP<H7LyB
z9Q47_5nYNg(Ff2km&?%2xH*>pjD^S-85}yOh=#ldI^cF#9*3ZNV<IN;NwodVDH4w4
z5c=_$V@SAA2|drv(FX2BKhGDU-w|I$Bk=(m%5TxgRU8^7&=wuYXtbmI(dWr?=s-S4
zmniiQ3D>grHDQwsL}xk%-4pktGntEa_%deVc66<Gq65ftZMeS$8lg+jNKQhRa3#8=
zdt*M=b?JWi`yUcE&>sENn}8mlm(k<+8Tu(!`T8)U>(Lq9jSlo_G=l3eiC>^I&bT2A
zxI7xc255vYL67AqEa~}QNWunIp&fsUhUy=5#1{<<o9rs|#?k1hcs#lyUf+ZzDBpv2
zbOIe{-r>QT=xOPO_IC%C_53f672ZH2aRA+|#cvE>ohqWcx(+tQZ1h8A0#?N}SOdR6
zJI+5M9OLSkBwq*JGriFzyb&wnWK0>Vr%Cu=coW?;d(e@dLa$dI8A8|sz41!4qY1J6
zA#@MDhHlbt&|~>8`e|AGrZCVJXoQBMn{WJ0oPS65A_Z=;t?0MhBj{czJ1QfQjlIy#
z_5d28_s}KE7#%iSJ#>=|MngUwUCL#c6F)*Hwig}XFX)5|-pu(oQR(I|qx$H8E=FfM
z93Am=OyU#R1m8kK`43vJ)GeW2!)UkYU_6WK<IsB3(Y>=2?Ppzzgqz`$c;OFpSLeSq
zgsd_ekxuBb`X9O^OVLN}Hgtd|&<JIY36X4y9>2b5#HOMlUytskAJ9FM`iF#@>Ac&*
zSE6gsP(F(;!7j9eJY&PaDn#p}51g*(z(%2)aZz+D+Rk_ADJnHC45$q{@KMN;q!RN;
zxb`d1ne9Z+>v7DFd2bJES^^DSLo{?9(Ips!-ZviI6Z50*q8<H>eg;$;AC|aN^cpPf
z`JY6>P4OriqF2x*ID&4Pzhl1igiwAV+F^TiK!ecxZ$<|+4Sh~LiEhGO=!8zA6D{$-
zFtB>qk^U2xlW<0h(Y>%19moN+;Uag0V^kg8-4~;gxdrp!ooJ}<Mc4EtbV>H311P{I
z_juMp2Q~;jmNPMBXx5Oh;X~-T&$=^=v>rNu-ssv6L(lyKn8fAi+J1m`^cPyc@?Bwu
zP0$GTM<Xx}9q4>?02}Y({JV*cQQ(b*Cx*>d4SfPOM;{~|(PMNKx->Uo0i1%~Hy1r#
zOVN(Dqa7SW2V8to*sK?!6Yhf!_>M`;*u;|*xLMvsZ}<*fg8X-f$TY_!`2pw}-idbj
zI2zIo=xI5DK2NIL69(209Z(N+X>LU8FF-fz=2Wck8@hQ)P7Wcv5FKe}bWe;%JDi6}
zT!n^y4?3XCDdBikLhJWH_rPd$=@z2{*oL<I6T0N7a#KUa=I8*1NAE$`ZXr6OHE4u(
zpi6cNJq0E24G)+)XvnX_^d3R$FGoB45FNmu=pLwgUwR^`L=O^nbQ5~RG<2rR(TY1`
z{x@_crKg1fv_#i_2qtj?x<?*E_s9x#X}6+J(33G=X?n<az$%{q@gzKckE0E)L2ulJ
zNj!~)wDkR<UQ;w8m!dPiJ~{`T`8rJEUbMYG(NGtg5$e}RuMfbA^q;tsMEcQ*&Uh=@
z@DJ#XWoL#>)C|q{MVD#<x&-skW4jXF6Nk}yg=U58wJ}M)D_VXd8u6K!{`vp&B>Wn_
z3tfU-vqM8Q(52{uNgRXDXg;Rb7TtUwq7(QLZMe(>@%e!cv^U!EaC8sMz;vV^;QSlf
zT@={S&#^-BIibOpXoJ_Fp}h;;d<)Tz--_1{qaFN>xv}Eh@Pw=ut&1MRmgtl4Ds&0&
zpUe68QM#A{J9-g4pW9-^U(f-bJ1_h(yCb@p=Auir4b!IqjX=o<L!_Fc*ZW7Op!cmn
zm-efeFO-@eX3`qnbXTJdPC-Mr6g@th<Moqh2#YNU^;)1E503f!&`2#u_r!K=i+`gL
zYW+}XZwMNZ)N~SVqUX_>Zb8@PTl5K-@o@N4Yh83kZO{P@kL9z`<F*)GlGW%Y`~-Vp
z)+6Cd>!p~B{A|p|1=!rr|IbMH1*6oXVGmq@4yYUE!0XYGkHCC53ysVpXeeJn2Ydjn
z_bV2~(vO9K)j-#}6}tA9qV3*;=Xw6`BjF9NpdD<%B<@0Y`H$${D7i3%>>_03i5}=o
z??)fCYtWD%#XMN%@i2hOXgiIgSE2Rq!n&US6(k(_SLj;jS`;Es3yn-?bOr;_wY>#x
za5g%lRp<o1j^(G(r7X8N?2Q)a(hWtIZU!2$moa7HJrZudFQa*%2tVn#5F1f`J$mC4
z=s>q(3;Y({eASnPW7h+%cNyB=gqVK<-6LDknIAwmU%@9i|5mK|Wcc*zg|2N1o!J7k
zgKg-Z_#S;u<bNteq9*z=+7X?|cyy`epb=Y!4(Ls^y>HM6mU=qWulIB+ROm{9p&y0L
z@FBFJwdjp|(1GN7CM?MX=-RhILp>7h=mE6eYcYQS9eCEWp~H%3KMkV;QY0MF6zqsk
zq7R^xXv1Zn3qN3JjvlYB=uC%2C!q~Kg0AsfXnQBniR67gELBa+B7XxKnGu-8)I<_C
zxFot3FCzaTI-{H~gf**y4(tk?fs=7AmRK5g`}641yo?UuLv)RQKqpe@#jt5F!X)`i
zkpZR>V@OzW0UGjG(U9#zKbB9TPrTgA!XBxEKC%a*100S<U^XUk4Z6wpqDz!_d3a9L
zM^DWFbfA;)0?+@Fbb=1iwfh&XSan6%#huabb~mAalzIl;6Z_GI3a$(@yZ{|YPjn(<
zu_?|$p9?$DNF-hg?N-4H=|9nlgu8egx;9IZ&?GjZ4IRcN_;)OC^m4e~7hUrS=uDqN
zkLxb9qkOM~rMLk7c<+oZbqbC6d`#K#DiY4{DEdgPxGJ3gPUwIpq33r#cEx4b0slld
zZJSra538o5OScn^%<-7d|62GOUk!brHN!S|@oSuaNAe&A`U<*vcB3=@9&IS!>ahE3
zpabcIJ|_mE^~Ry~=Em|@(2jPXOZjEIo_kG*Of~dR$DRF?k6#+cQs9GV8oIVCu^}Ep
zH&dC{!^}FOp&f$hV;l2NqI+j6dP=@SH*LAKA@uFh0ggvIegs{zcTyyhBz{5Hvg8|~
zVoOZ#R`iBR=%3qHqBGxsuH~ob68(TiFvq(1p@UAWF{YmzXheo#Uc3v9TxuE#8+;l)
zZX4o-&#(yjpV1lTTpzAiN7uMD8iD@k<{Xa>=v7SO`{@1Oqo*RVA?&T{=pX4WMh2Kl
zTuZ_Vx1$X|fevIn+Q6sr`nTvzif#-~#M<Z#TcR_$81vwbXe7sA9ef;};BNF(9mgaV
z++;r~{z{ibCIubQ5O%?wcs=@kU?dvi+tC@$Ks$IEleiPT?+0v#h29M9bwN*4cQk@y
z(TF{Q?uFHs(|_XASmDojp~72X?OULmauB+9Q_+qVqLFw5ZD=35NB%@RJn!vre{Xc)
zx1k+RLnHDm*2R68{{CNha~NR*wBakT5ROF~n1Y4z5wyb>&^3P#4QZ||VPMtKwQY|s
zNk6o`G3Z3*VGdl2F7d`KoPRsmOMy3jhlV_BYY25A^uwqs+Q8-L0PaAa{R`2hdkZ~&
zThQHo5{<-ZbO4pMg$QM%$8H3A|HIo-VGTD>;3oM3llVLOL@fJGcpmgZp96QHp<985
z{3~?xp7m~+aT6>+{!;Y$F$f*l!_iIX-Z_d+q-g5B(D6m++IB`ez78GX<LIV)8$BJL
z$LqhLYkJ}KuoPX<=fxB>^e<q0+=33Y;EoX4rf56u(RNdVV!`dP;6b#3W$31RCwdUw
z#lN5pmVQ4hNqaQJ!_g<-G;~j_#`?Gyy|2j55Q)0z0Qw>m<ny0|YySwkDORANeise(
z@93lSf)B#KT5&lJC%*xW!1=pE{Z44dV==w9=(pkx=&s*|?v)(7L!@$J`ux`<;aapq
zXEGGs3wNUpK88MMHlUH&jXobvVh;QXJuSasC(Qj}2z@Vf(=I?my&jFw9<;rzk7zGN
zq9h4Bz6ib06TM-u6>vN{(+APL@iH2*V`wP<MJG`1<M2hJDSB##qkCdu^i6d4A3+Cl
z)*jBkyRjt+Lw_BbpNP)<1vGR!(7llOBn+q|8sdx4`}&}tnm3^nS%h}50bRNiXgj4o
z4NKJ-&5!$(^Y3O_N`V#kqBG0+S!k#%x)hDk>lb5g{2zK+?!o-H1U+WUF^PN7h@D2i
zdKKRr2HFm-HvnyS@?OrrBYvC$A4KcXFBrSg2z-mqJpaD1>now5?t!lDNOZ~O#qwv-
z`?sMHIfw<Z@aJJE%A@_YLYH=6DkjFq3lE|Vu0q#t8yeyh=p#7S{_v?-61`pxJtbYx
z0j1DLJr(mGplkkXEU$bZOrRS&vDA$u48<gLGd+riXf=9n52AY_^I(WjO?1gxVq?4!
zeF8p%N!*Es{0DRsSNbBHmd5DjZHY~A3=;8FVkHST%VzY(AJNcNITU8t8x84g=-!xt
zJ|C7~L)?wdIN#w=ULP$Vf=%&JwB1k9Q<3+}P~H?v`T2hvi6UH>iH2|ydY-qSA0i*4
zA^sPgLEW#y3~oU0dkP)ctC$bpLzi$*^jkDif1zvN;Op>Yyc93+{7)lc2-jdeJcNe6
z<dLvejWJ373Urg+jxNCr%!6;BPrA+MUik!*cnW<4pY=^Rt{u@$cO$wdreext^a=^x
zjh^ct&;gY=8ba3`9oPsoLQBx&^$uF^2)cI)eH->l4YZx!(Xp6|{A1`+K8bB`?YEqN
z*X~~m+=Mlbg$CN7Yc?Eh=rOe8H_;g%jrmjPKuR4CYhMqI%wV+L**FW|KsRx>6Jh3K
zumkxgPNYJE$0+cL^b@-Is-6rT_QCe#C!ojeEi{DRpdDv^7oHOp(R?d368+IldOJGf
z=i>E^=+f>-2bxHIA3Cgso`U}9H<)Q?#d+u^T#as?!{`7qeh6!PHoE4`WBxKULSxYZ
z-Gx5L7NYHKMBDiiJ%*{wQ{nIZnxp4Fg>IUs(HlNTH`l-Dz>5ADc6T|<O}-X7fClJH
zd!i4PYcYxcL)%#x^PA8o=wW1lsYK>a;rLWUM^+DQus0g=8_|Kyj^(S-<Fz~Hzee}U
zznH|@KZonR&~}EPd*Kee6rV#U@-G(m{OA28JgF+6o3H`eL62BI2tD_=qieeooxzUi
zNpzDI{55Q@I+!HiAAOFbFnwIn$h?6r;chJE`9Dd*5M`VW12_jAadWi8>(I#DjfQv$
z+TiQx43DCxBlEZL<+D1vH1*M4-W;9SJ?O+1ViH$k%H6)3L^aI(Jw&1g8uHfY_3P2y
z{1E!!*oF?^=V;|W!e;A<mfwhO=10&0Zo~BEMW2`%e};*j^(W`w4~be7c%eNy!pkrd
zZ@?_P5!>M?^x6Izy5`@<eDbeQemS<Fd=@%^ozY*>36}pmZ02_81MjlGIscCERtgN!
zOmslcViGr^$L|pO8Ib><uqj)jAs>t$vwP7Fo{qkc-uEjSvE;vD4|PTRn}kVxEJec2
zupZq+pT!IRpqs2Baj@Z*XlSp+#yAf>9Xq2xq3x8)$V?Bc4!U%gqoJRQw)YI$&(@ev
zogiVw0-2$sW@zY!;FUNHJK#}tX=-O>ra$G{pi9ynU5dHrCf<y0+M{SYIdWvCKOJkL
z1Ib1|O9mkQrV?{Wc;nk>NWX~|%o#>n7h6((IVN!d8j&^VraXjhwj#MQ(|e;i`mDbd
zJw*%AcHco~{yjRd;<+>VFQ_<wO-Zz+U>-Wdy=W*;q8;VQlbPNVwb77wM9YVxYdIHf
za2Yzok7N1I=-w!lHw>gEdS4%OAa`I1`cEt&;ig-Ip6^|l#G~jg&6_W*T{U!I9ngA%
z&;g8#`8ntpk>}C&HlW`ZK8YSjH|4)*z4P*CCQ^>D1qnyg4-M&^(dB4I2hb(@1zTh3
z0%0@uLuYg^8tRo;2R}#KDO@l!eX3eu#|(}ex``JR%1nPXd%sX-D*el3@)ZsvE><Kn
zv4aXV(UJd-4zOU+5P=%e&gdq)0lhvMJ-$m~{ta{>pT+V5XN7^Di`MIg-gnJesgRfy
zFDyd$z?zuf9xHy0?%K>^nd#4hhS-$+h?svK-9v}anO7~Inf|ljrRW3eakS%4(2jq=
z!dNg>BFwyev_86~-O!5HM(>U;MjKj>F4-rs{I6)4l9}m`>jvn9rz5&KZ$UTjBj{3X
zK=)GWSWM(Bm6`s@MG`A<;eu!n^iyjT`T&`N1@IY6e|JP1+>JK)H@as^m(EN-(l5k<
z<g?N8?&!pZA`?g@CX%p&XJUnQ=!ic;8~hVJ-zCdrrvI$h25q1R+Td_>z?0B+o<i?i
z8{HE<6)jLU++PjTfB)B(gvVtBCUG*_@H1#b>!Y8cq5l~>V8L=>uUv|*<#p)5#$tY)
zhaR)VvHaCo{vkG_{2-p=`9J&Yu$x<<U$w4^jzm8d??Rto51<d2)tC=Ii5^BHa1wi9
z;qqaC1F$~%XV5*hAC2s3bf6U~aQ<zuDG591i&nT3eS|)PN&Eoa)u-b1WW~(H)#N+i
z-S`~38EYjo6WQ1sZD%g}+*pfO;Q_oDn^g**88a(!{ylCRDKJzYq9HztE<r}+kS~p1
zzbM)s9e6+NiMOLm^&Wamk6<AzS0&tE1Kq4`&`4b!om7SM-<X1@C~(FH(V65qCv3V4
z&?j79^no)G9pFNAhOeQU?f@FnpV5I8JvW?|+L$EY6YY2u`UIVW&2dkPgb#?~Rl^Lr
zqF*$wMH_kq4dLtP675Gj&Z-s~tbvwyMeB`5&-pxb;A=36htL6LRu7S^h~`uEVnHwT
z6kLODx;xN_%tRxy8eM|@=%e{Zw4+?-g^p{W^}3-0A03^I&U^*h;qF-eJ+}4y7pf6v
z)H`}R+R$S3fwKkOy+_c<Bx;6^>!Ew(a&+xSB3~#H_n`xL9qsTlY>&TU5}ThN%KKyb
z_kWBh;Y^=EXY?NWDfK<tK=}(oD4Sp-@`KPwJ%TR9%jgp9Me8SOg^tRjPs$eP^Px-3
z_d^GK9i~73Cz0@h@euk|>M69LJ<*>q{SD{B5X$E0S`WZuI1yd48*7Jw-hsCBG<q67
z!CqM4B0h$(KjzKgcw@>DuB;PAx*i?KduRurU@QCsufb+@Gt>WB?h<^LeBF9sN&dlH
z<m=QA$E-2>MdLEei+7=?XBxVs&!Br~YkkgtP7?blxC{@WBW&CtEWt!{CM(bf&>`%E
zMH+^4-xvMxc>(>j+k@`<%tj%^HPCb44xQ*=wBwu5h~3?Y^Y6&!QIH!~q7RNWXau&!
zipSAS_!qiYN;VE1wnS$%4BZRU(9QP}y2iWEQ*#21P)3tbFAv(@g((v5;!fy52BMp5
z0=nDhq66E8uH^^l=FHhN%)BnTY5Sv}9TU;xHW!V=t7zm7pnIxdvrxYV<{_WzPQv4M
z8M;;z&=5_I<qxBu-y6`5cc3%;6K$|;^Du#iXgl4}(B2%q8*OhMI+5qFC9Xs!luDc;
z(S(AkEyAPpYBZF$p&czm*Ki#gp?zrRPNShM+A`FuiXP8)=n~$6*1JFY3>xW8Xgi-`
z`saT?lknrTKz0aCDRcl$(X}2F^V85!zJxjO5ITS(Xej?gJI>K6JkpC{Px4)`0X~XG
z@I&-eWwg#rWT!~9A<+TvM%R2hHpWDou=|@}GqS_b2A@Ui|Bl(%s%>WaPrVb-Q?LpB
za5;(Xv1YsQ02+-h!9?tc_hHHh%ZDWV6ic)Zp)83$vFf91-!A5Rqo-mp8nMaf(#=Ni
z-;REqA4Vhd3%WV;bqJfY7J5A!UE1CqIR9>r(G+;YWHdyNpquF(G_>DgH9U>3am9{d
zi7rQ%Bo$qT?*9E)8~;U@vUaEN1icL16L+J>c44PfxUilAXLKChB)_6xoeFjiGiZYj
z^jdV+k4Ja;0?dWap_^(2K9AecNZr;YGw~=sjE1~n*HC^ZRwutCMZ%eGM<Z|w+hMM5
zndzTacSS>c2YL$Tq7Rmr(3$K&JNgEVOup`6pl#3)Uxr3t3|jv&^!f4{+FxoX2}AJ}
zF2Wo=LWfVGGg^zT*(Wi7Ear3d3=Nh+2UHhJV|Q$g*P;V|9^FeD(FfEAXoL?VpPH$}
z?<Cxn6?=t|S3^5)imv5lXoSY0H!h6VSD|aa3*BUii!;;z;o&*hpKJ=R!~<xAn)c32
z|1O#SX!&c{m;MvQFUd^*kZEM}W=vAyHgt^^paa?z%lD%L{s#?Zu1mw-seqZ}&qMdh
z`Dg^P(dR-RGy+4>rMV5udHx?H;o7`}-mo2Q;4r2)BO2O*eZuCeiZ;|H<}XFBk4D>>
zhAzodXoNPR?R}4ayk}h&o)d*JHI0I%B(A`%=x0Es%R>Zeq7Rg=(Xr^}d=j(q7}mp@
zSA^%lKy)b{L6>er%pXGcM9#k93rk0AOulYE&cADOW4|!7S!f3@Vk`U!eL&T}GMwi@
zcoF$I=)g8(GdzWE;#yaQ-QFF&?^ZMtPoVYJq4$4__FJw$=idiKi~gZtB)aAgV0~PR
zb?_8AuyY24y>J8C;AC_uUc$5S?U+A=M&c**!BuKtIBqSm2Kh_SFRQ5(3D4(p^vSm;
zUdVBEs8|o(Yy;5qe=R!Gd+<Db3X`}K4fzkqu}YjZC|qxZ-Zu!{ba!GBA4lt@Hj*$z
zN6_7zF*t0dGU&6v4m!hZY>yXX5+6cC`8v7>PM{O1G$hQpBig}D=vS`?(e{?0pPnl*
z%k%##2`j#i?)ERxN9$>H*X9`-cJ0~d%&X%<?1=5~o9G4CWTt<Y%*~jj{3|q~Ij;?0
zTI-_szlDA}eu<qt|CO!_1;a3#3(v*;G3-gc`t_OV|LA-iwjjR)ZJ@vnnTdO_Gr9>s
zK=(|+VVUXwsJ#tdO8x<ygh$aO8$LWUF&`hq!StV~bz>OW1LzvQgl?XX&>8%OZnml;
zLIW40p`L(VUxJ5m7v{>~uk%KRcGljMnHWI%est!|M}<v(75bdH6Vt!{>p>E(@p5#n
zHlfe#_c0G1!2I|P`k?s<-An~WhwC-bCuBWzpgqy!Hv#M7bLb}Ck4ETgw7qgSbN<~#
z)ou<Wx&l3ZBhi^HKqIjQZTJ{^ZcE-0@{Q5_P;?JX#Uw66_s&jiiC@O+Rc;NNy%Rdo
zA-AT&rW-|pGoBh<fNsWT(UEV!ByL5|`BC&(<s1{Nf_{H!g+6k-q7fL6PUu-o;x7Cj
zOY|e!&P}PY;S0q5=#1w^-$ak)59kc?j|(&G5*>v;K<3B%R&;ZnL_gO{-5x#*&PNB@
z9<4tFec;VSmoT+CCcZ*LmNh=CaVhki)<z>!9}QVMwBE&739msn)70ofbdS7(cDw`q
z^gE8W^9TBUBHx7cg!uPANjTy*=!MJC520b`=D8IO?Q_@wUqK^v9NnB{{uee?WpqZD
zqkH8xbm^9$A8s$;aLjo}IL@On{qz4VB&Kp9$zJG%&*7K&Cyv2`cV?!4nM|L%GSk0m
zVH5f!EI2XbFTpnC7hxy-3JYSbNg)EwFiE~IX5n~r!YRy7k(f)O6@H99NJ`xuMtTX3
zAioJcCAIGfGarOLfM%g<`98X~|Dwn1!pY${4#jHZ??N}_b7*8fMI)PI3g_RDH6r1S
zm!YA(AG_jO9Ey3ShR=o(=%$>EuK8j#a<8F#A^YC&Rc#Qu`=_AwUP14B7carD(SDoU
z$NBfkbj5v{iH$f8-2+XgWu||bOgD7ouc0>_L9geW9*$3Gbl2C9`2pxAoq#?M?#1+j
z4U^<Ip~vwsI>7w*v&MBuG`c@r7>0H@7yX=m3+>=LbcssO2=)7-OK^YmJ#;DZ&I}=L
zg0^!Fw#wj7zp?z2S>b_|H9IU()f5RM&>DRp3_`!{T5kTyczqN4VRQ(SSm%LIuQwXn
zvDgUbpqq0$I)P$y!dJ5v=tRb$17CujF?EQ9Av=F=cwjU}AGy8J$lQkB@I2b^QM?#0
zoX6(Di8vZF9}J(4x1yW%74*I%=&3koe)!He0_%}~7Fp6%Vm}Ex{0j|PazS|F^}x2|
zXJR&fgzd1zLm|Zd(2k~H3tWTU@i(-?4i5)sqnmply19!!681(*?ClhWl4!z(HP{q?
z#+F$7(eP)so6sBApdU8h#PWQPg>SXJ(Y^5?-ix22&x1h=!_qvBt;ugfmmtUE;d(7h
z|NgJhB%Jx9=uF;2L!WO^IEKy9P~L|=AGTpO=3E?>q&;>de?MM|d(b^}{u5!~z0mej
zXvAK^Zuk|Z3~`+$VT89~5Av_0Yn|`Oumru(@9PhuyZi%mz!^`4h}A|r7>-_lJo-U2
z<LR*Gb<lxbi+)B-f12|@n8Z^Q49C3BWTt<a%ouc}-(!EQ^lWDOm&x3TKIyJ_K7{gK
z^ojN|y5<MbNSyaVSklqxsdy0+9K$2%z`t1<PF=|tQ<>=>KsI<WJe!+gc`9V%6zq@h
z;1TpVtymV^hYm2;^00Xup&w3H;&hyY4kWoE)W05G!ntUKcB2u^O05h9&C$&@0;}R|
ztc0u4O|uuhF~>{c#`@^T=}0VsDRcm{Z~$&azmipZIedDyiFS`(5lsyt;UjTmELad-
zf<-A`hJIRYL?1LCqtEmo(C-1cUI_yzi}}dc#9Y__^I~)K`O*O$=p|^qp_t$Ee-jDU
zbOJiVrReiuKe~1qtHSwhf}W0>@G@ME9=qJHhU=Zs`YH6uxf<PUAESHZ4|JkcUkjfl
zJuv;>|BoP1hznEDnLdb)_ysJ8tI_kk1#Kwb>M(-_==E0UlJ&qOjzK3dAAN4DMVI2+
zXwEeul9jNQkI-f$tS}7I13^RdAR6+;SOMQaH|IWdZ~Tr)Ecbf2zZtrRE=MCUK9(=Q
z*5qG7?>mkDQLoHe&c6*_M8fmf1ASCphlXk)I)km~Kz>07TI7vz-p@xH9DtsNyU?Y4
z8QmjaVoCfR-4jLDg#ngA`)jg}^UulTe+(w9T_1D+GqDVAM$hX(bRdP+hk-Rimtttl
z&qh0X9ld`SdKz+X2+#T!=y4o^?eRr)LO*Xvg&7py7#g?;4Pi%2;xMd;)6o$xMI*Ku
z4e^)grcG=L4PJ!a-xd7=G7^0<&O-;h4c%iu<N263^=2q&5bY8jh=%Z1OyV>&)Jvo9
zqaFW%c3A1HFo3pb#{<wv+=K3=wRje8K{xGZ*c4OWknlsL%G+TV55yYer=T-@2|dR<
z(c|<P8i9Y}^|LpJ-QF188&{#vg>h(z??(svY`p#%djBs-Wcm5;me5gM^g>T`6OBN3
z=|VJQucA-F_t4|^3mT!bw}#DE2i-G6(9?1U`Yrb{bT90}Y|OJQ?6po<-_QSvBwVA_
z=w>^P?*6jxgpjvELpl_5;xu$-v(W)AMQ8kW^iwo)C(r@qeK+i(D(HaQU=pvuCZ7M>
zNw~RIp_}b}wBmQs9PfpES#%9+qxITg5gd$mbPKu{X2kN9=s@2@BeoxnNRI7cqKz>9
z`+u$_;S*~T+VL~k2-l&Z{1rWZC3b`lpEg*Z{QuC+^fJ0<Hlcgz1h&HS-Vc!+hE2%N
zMcdzr9@nqm=lq-aivl-Sv7K>b=!mb4&OkTODs%=%&;gbGAPl@CI@96kfTy6F@o98V
zy@~np3-lD7KqFUZ7w6v!6?cU-YmVO77u^$MqR*ib`W*cuRbqFjUp?9mUBW@=o*0it
zXbw8TchCWT5%YgW&q{q5Iy?^@Q9HDOK4^m@&<Dj7boal44)_2%)4$MxmHQ|>;aZ}5
zVJf;8o<Ik(8J*alXgj4o4v|Q;B4KC-V;&rd?*6gpX;>Wn06hi&qQ~>xJz-#%q76<&
zBeN6@@ki*A{fZ8>+9zRR?a`&}kDQWJ;vN!73Z6h8k#C_LeUC<>#HV3~7oZ{Rg+^dF
zI?(&jz3_6(A42cT_gUC%mC+|)BlJ1a20cZWWBT`h4I|;_{Y3P}ndtF)2JL7oI>WEg
zb6t3E*sSNHGwy{BcwF>xbV)X&^}ogRcg1}nGL0}vd0(vH`5#Zh4j)F>`gQb)^$j|p
z3ZDlXpabfT9=G9W{rTu-eLG%1jqaTi`$NQPp#$xN?uk)oe{(UFB=HIfL;o?lRv8CE
zNR#Ld-O;@;3SGNJ=m55&4gZL)dD(-ZUNdw6!=iViOZOQ1q+E?gX!}9Vzvuo33f!F~
zz6iVZA~fXJq9L4(-mnbqa5p-DKhQmJ?x7IU?r29N(faqHGhK$(dq3t+qZ280I2G2i
z#o-X*!I<R2cyyCIik{!)=o)XqhIk_8&-pSukUFCs-hm#!C(xyP1HJDfOyVDCM9X~@
z>a|Fbu;S(DjBkoQjL!UROyVK5Ugp;^)M))?==E#RnNC4x_6(+HjMh7im9Wy0u!q{9
z`P9`UT&qdw5<H5Y+tuiv_!g~L;+t^2A-ZI}(V2}!L%tC0cn#LWFVKjTI2zh%j1F)p
zCh;C*LMi^oWkSXE=;k|&Hk9#gXt+9B-Uc1$Aap?E(LL}O8kucqXum)^$~qRVS3%qB
zjt=xzG_tes96$eGBw+`;V}(;_2L+CYA0XC3pO6irtucKJ(I??>bXPwbudhHmdIOE*
zCuqGqC&B<5VHfiKup#{?o+05{9YjN$=VTc11(+m%33~n3=tA^Ua4WjDf5!Z|--U@>
zf$60|+gpf6?k)86d>*go_@47`2y2kA;-zS)ZjbrJXsEWJGx-wRV(}kBgswmv9FIn1
z3A%?iq3!HPmnO%l@B};?3zP4TKDhdyisye?ys!d2ZX3}h`2^jBzhW<}{A2jmdJE<v
zzXG%IHEfQ*p~tVmPhn5>L<e*W=D=C#($2$t_}WjLe?#*o1%`4TI^vu^hl=IVKLxi$
z2i6N+>+8@poq#sH6uo~X`VD6v+QBJI;$P@#DE~{?8?DfYU6~@`$Ztnyx*C0!e}#s;
z)UV-Vxg(|rfHrhpbUONIUV-k3gXj#4oeoP=A3Y6Mp#%FLI)ORp(x#pvVS{g@GdhaS
zxb$zKfg0$sx)@#4ThYz<D7t4hqY*n6&HO!VzOvD5Y|Qm*un{go@B0iHXe#j!i53(j
z{|Frnz}(~~qZMbMp?w+cct0A6Tz`g{mq$a{72WkWpx*~(p-a0So!BSn1akis_CzgA
z|NgJeBn-s}H1yNZ8Ldap@g6i}r_cf9{5v#Q3zOvgqxDnh_4(*hZbX;j1lmraf5Ls|
zp{MQ&O#l0Tca!jjhtW`PL1+FgI^shAhJ1Z=E&HM!-i{u>2coZIlKf%ph*|uf$E+*b
z&NwWDi_m_SWBT|1>?V<3Lv$dS8CmI>)IuY389I|&(4~41v+!f|zR%DBpF)pY$;?n*
z2mR*L8NEIM)88r4fqjsfl}i6InZGHROTqN4tn`=AN;$F;Zps>%#O~+-MxryBjm~^E
z+VB_X+ULv}>eWP_AKlQ14M+FLbaVjEqXYXaXDTcGY|o!7G*k+0xEUsK2)ZZk!SwM&
zH{)0601M>~9n?WL-Nn&6(Sa^Q>wSz4@ONy074u}Jzn1q&k?`D3M@PC5U7Ih^fn?>)
zN^hQ;*pz&G^tmt*t@kq8@E&xR|Ah|t{CrvIO*;UM+|B4FoQF+t1$tlVc&tz~e^~Rn
z=uEFf&+AmQqfO{u_zL}e&nOVqxB=QhceLZ1&>1d4BefTOz~v|y2GklozJ0K(=l@0$
z9VmDm-L;v8vJ$Pa3%Z$Rppkh#=HErn^%3-0|1WxfnZjX>ua2hB0Y8S${B^XQkI}vH
z3#PyS7cUYTtcg}^i&h*E%Tws1a{;=R%i{IjXk>mw*S<v2tn_!rHfU)3VEQux8<Jm&
zM(8VaVx`XF{uGJ2BphiU3-D%i^E`;I^*VIdeusv>e6cXVi_u*?8tv#wOyWoAgXkA@
zA{B~<fww>hItUBmEKL9X|3VU;<JZt9-A?qle2K1AMu{-9(rD;vq7mtgd2t{bxf{@>
zxd&aEg|U1!79sy3I>E2d_H&oaN~J?_Zpkq6R_N{=gofy`SiS~}li!P;ito|QRjO1d
zZ-r-(?}J{y9=(4yI*=F90c?%eKSd{!D9!ozkyx>GXrLB4lUA4quS7#R6kWR+=nOZZ
zyM8Yw@h`Na@@29Tnb;7WVH3=Wm!sbY`lAuP9*y|_QY7qP9{MC(kLl23Gx8Z_LxU~Q
zwQGfja3s2C9zfT4Il5<d#_PYv@-pSZ+BZfw<yGiFC!rHaJx0P%Y(N`2fOhl`8shWM
z4h{4{M}9ln@eK5wzku%U!{`9YmJhZ<2YMYE;c4jo4`X3mhV++8tS8}`A3#S`rb387
zQ*_O*K$m0$I?#L3nLLX*@O^YfAEF(cMDNR}7(!kW-3yh_)6yKhe<W7)`~N%=hJF>g
zc6-s8>_>NZj%0{LA#?zZ&<I_IJ}K`(?_Y^Y+=E8wG`h6KD}@O*$GYUlqQ`kDroaF1
zBT=7%VwFRKozNNIiUn{M8sf*$fqfkP3+<pvm9TVO(akv=-9z_a`caGya4)*){>AhI
z=p4?!73z|3#5Z6IoPs{-wxBaUhMh6*xnbs)pu2e@x@Yc38-5XOcyr7jLMQS&`n)J!
zHCO}P8`)K}!tehWOo3}M8}0Bl^b5isbWdbe3lTaOjX=NXM6|=_&`4}XBk&!%CvsO0
zp{|66z9;(C>u$UTmsd|^rT^lw<ar?ilhCzUgm%0W4c#d$iY04==RkFIuk=GB)gSF}
zA{voL(TTi)4rm|R-p}ZRs$|U&ne$R4a#GM1b6{umxb(nI*dN>DvuK3AM?+oW{1BlF
z&_{G%w8K%+S!hSg(fV(qOR*P|_zSx9sgf6j<I)Wc<sfthcc33W3(;e<6P;;Bt>C%n
z?(c*y)veJd(9O3KU6PaNbEM>jA#&O1Ubq<<P%3dR2}ArOdgD9jr`b2?j7rrG9W+4K
zZZM`F#pqIPiuoVVV_D^*P~HoD4%~^hGY?&gSI~BLU~bR<ZzSwEQ73#CtblH^8kodh
z=;;`ZMr0<s)*I1!d(nn7>V}TWq7S0R=+bmU*M0~(^U3HyAI0?V|9zK)YkLe`vm*7v
z5>!DOXoE(iFBZi6&`-Gq=*%`o4@Un%k5~Enp}lN$>3X9BzYTo^&&HG=i;H80m(XLf
z2OUtp1|d|n(R@F2&F_lkFQR+pQ*>s(p^+%mFzlsjXsFwu0~&$uiP>m`UT+xB|N9g)
zrr<AhW(^vJ(Dz3}o<eu=3e1Vy(B1n!Ho=^YLxb7qX1oNw?=CcQFQE}Qj7Bt9ldw0+
zH{txdiRw_$5U)l@{196Hb}au1o06~DG&FoIdMXy6<?o^c%+)M>(Wrn%>_YT7Uy7cB
zA!vkWpc8mAMZy{UjxI&L=3!**FdzB8=$;rF9g9Y48oKtIu|9r<ZmO~^LIgWvJ@Pl9
zp??Zps%@CWqv#T(^0o{&md894bV1kh67*EufJvN+cJv&2To0lTlpNV1#1+w9-UGdF
z6k2a4x}>k5OY%83!h)^R5lSW6lkj*AM>p5K=!0k#x|X}phW?3GX`PkGMZP0CfF9Te
zZ$OuB8M+BSL+}3)?YLr_u=#qTOEV7hc>W)c1<#@bc^_T-<CqR<+t6@FoJIM~=q}FD
zF3kJ_>_Gl1G=fi|52$7F`XRK#qV2<@ydk<7@4)o$|9XOi9j`+}xHsniLL*V8Ll{tf
zboUNH>yJm*b^$ujwdijD7M*#Sj^PVTd$e9pbQ9i;?w!XlWeDFOk;G5X2gGk^$j|B&
zX4DYvFdH4<RcM1Lw4o=^O}q(P;a}*Ju|?;wXNIEnA3;Aw*JED%pfl&+-MyEB+;|e*
zJinkbE!HIrs0KQqwrE4w$NY3Olq)fbAERskD_XB`*U(-av|dkiV7H(XeWYtD9IsWe
z;x_cy9Kj@(>lUszLvQGTZnEp~Qk;v<<QV#4^E3J!$lE;(q!K#8CTMv#G*Uy+rCpRF
z;kkSx`Z+q&ztGcAsYl3nLmL{6K6vgykLhdZ66`?F^9gi@iJoBq)zATFqa6-I>rX)=
zoO+ssn`a$5!{g{~&Dkq_`K*a9O(S%dXQLsWiVkQoCh-;Y$@Vc;!@L)V8DE4Bs1v$5
zZ$eMkB4mQ8#7+_p;LqrJy~Ad^3@yI}-OW#+1Kf$u;9K;Gndg!a!7^xw8>36n3mxD!
zn2F;s3nySZyb~LG{<o0u0r5||fM@ol;j`dcY(e?s=nM`-bM^@{JRjZ7m!O;W8gzhn
zqY+w&4(K&Z;!gDV{eVWQ>}709`cHHxVaP|L$7}%_!d21z=#4oq4}0Q5^uwbc+TjD3
z#HHwQ-hu9+qp`f;6(K^k(003{ksX7n#w4C3;qf>S&FmW*s)`P*6}ooUqM@IUZrWGT
zj`qa-pJ=^u{X$1w(8%44SK`Cy9y*OKP0K4e|9;9{d}UaZtI(xbf}Y=x&|P~PZK&8)
zVQrhB1L=Vt*AZyPOVIm1L<jzB^z8m&psleb<=0{opXtx}HzeCAa993-Znla8!XD^~
zKI`vBkI{>0!=Iuv{|6mdm4R95f62Tvwk7{0I>T?#CHV{Or_|M9PqaiMep!ly7sjJ&
zxdd%+9Xi9WVtLk}us6!118IWZHxwPn{pj=HC3MqmL(lgYn8efQCM`WUEL{V1V5vSN
ztT+lCz|@$30zF1+&<5W}A23Ivf1sPP(2!8C5xRN1p#!=Bjp)qidbFRD=n~}^n*K3g
zDp8GuyYU8eMhnmxZp1ox9Brt=HQ`uw!wmAiigTdHhh&1kn@YcK&&^-e=kjO6{Q1u}
z=_Onl&1dsS(x2w!WKcc_FZBF>M<c!tQCN)h3L08T<?_6{P~M%22Pl7#UPtmin>T+c
znwW{hVyDm2a49<WHHY$dd7pVbM4f^0nq~YQRbnLV4Wiwo=RX%6&86@z3Kz$__&dnN
zXl}ZZ_Y4|)k;=YW;b5+{pgc*Z<*;42#E;+k2^iPrF_Btat3jIm`G2qD)XnDIhO)cp
z^KZ2O#1bm|`aO_nM?Q;2u86akPWeeHH>2#ouS4-Z%i7YQui>%I?XlzS4EQa|9*Aw-
zO}%LhqD82mN*v+hJVsiZ8`g$4(*GPs`6k}^sC?$th<d&XQ8xx8(ThQJB6B_+oJXV8
zV@K9|jeBpT>{YIpz&1F7HlCrp74J9r{bPv*G`51wPrQBoh?A&%9i0zHd+LPiaVPKT
zq_3s;DCwL3)0y}Bdft0@<%!qwF+lzzG;tI8dbE8Z?_T6LSjqS|p`fBOqr)vUx{Mpz
z#?U@S{%NkiMxza>Q-${$%6whIdv8qhYXK9#alfw_l<hG>+*g6JuSuVIEhJr$%yim+
zlxwLQsr(R$k9l{DopzzI7wKp)w&sQ*vD`+wQ11cWzP^o`&g%qtUC%)KlRiP`zHas%
z>lNi%VcPpGeT5%H<zoKDsC+vYDlm{%aiohVYZ@EaN#!Sa^B_#TLAkGSfyB62r#9uU
zGf2OZO~UK{GvNDZ_ayK2)UCvXUZ>8=IG}@k{v-}^@uS%Aws^q@kgs|S%-39Qyq5uN
z$1|@NxbKtL(J~54)4`Y2DaxDQ;K{FA<69GTUZ=ba@5AIz$D2oy_jO&0jyG_Fugz3G
z#09_KRps4-_nqV)<oX4;oCeC0o)ibUmd?N9p4HTQm3F33CkNL)BcG4Aui})YD7%d7
zU8w78aGcaDURz9~FUA3QaW#eIxM3jahw)r)x+l)ECyhKuJ{239&h?_ypB1m~;GRdR
zb4|QXHvL*eej;^!?TFUK>uD;ng3&z90G7p3<)A@dKKuDLoqkP?Hse|&N-m+pz2Q=#
zBxPIa;4wP>?`sN~g|u0Pd*7t9VzJ|2sJo1JL*DkEezoPF*V6!h<C?IqS~PkNH(W~o
z?KnGrzhr{H%1vzG{W9-IDc?qAzp(hagZlhd&GhRF?q5Kip}b2|mPI}`lfFKPJiog%
z^uLabuUU-f5egro=JU9cn_uGE=l{8Lfj9l<)tr0y-GqrO>MmdarI>Ll*8kpFlI}<w
z^|_}f?{&QIp!^U6zmR+4{0S8mchJzaG%}wX>Tz*m>}U|z+LJ%?`o<9PDn<QjG*+4G
z7n8n}^qE&K%6yf;gIs%zHeVq>hW7^gXiD9u?0*Co+EMTk7v7}e+00-dw&dNGj`q<&
zFDehBya#0!aTJ63n6k}W|Cal5Q`Uht8gP9I<?m89mTPbFewy-1^ihHLe#&Q1cIGuE
z5A!cg2Os}uc4sb@;l?vBzOpBB(C|#kzM$}N>d&GxUuSXu7#c6aAbhQ%{GoWw{K!~t
z`U}dtnK<*BvtwHB)Kj#+kdirPO0gNe`T8T;oL0`E*VWX$k@B3Rf5q2nu`VNclJt-N
znc9`qKg7Lf#hKNN?eH(4CHN(`iCw&(<(_xbKLaIkn49^Mn0{@g!S8r~!?e~>aWvEJ
z6~nQdhH~@%j+%RE>|e^SBVU1ZMeb=##}&EnIo?%cd-EutOZxoS2LH-O;{KR!nVU8E
ziN?0l(VaMr%5|x{m`VlXs4J3h$9p~3d@ZH!Q@n@qzJZQ>Rg4Wz;J&NLw~O~~B%Q&%
zJE(UV^_P?HOP$PE|7eQB{8YY&f*EwMD>g{I|9c(e+Lhcij_XfSe>m@2%(OD)^I}K+
zxK@zzwUo_9U$ZIeNqf2fzcvR@?kfZRJAgzZD!j_O0tIEUA!Yx4@o&8(zNh@!c;f|J
zf0O)UbXJdw9eBS@r$gglhB3G@-1BB^WE=NY;QA)+@l}#*D{13e{vEJHDH6Tnh{w~Q
zugS6EWu*Cc`Tp;99Ssj6-=2=1q|r9iAIiOz;(cxZQ}-&$s?l~fJ`@LbKhC7i!@NJ_
zzG*q?hPEe@;SYw1S#&U#^a0+NP`N&xbikHeyPKP)aDC;RP1B0a`CwWO->G$6-NgIM
zYX*re+?6Mmm8Ydu<o~6-A@A1YhtkSh=xYTnzs%d$aQvOROX;Z#b^iNWMg4Or9~=u`
zb;^E+8OlxkdsB(>6fEba?_%u!d-Jsn=IvPi$A2#D<h~ndxCU($p-y$KeTa8cw>o82
zY4c?U<m+7CpYr~i>nrS>*Jpl*nNK6W9_0N2H*MhNcWCqrDjlQjdm0!XJFiB53w8YC
zpsz06`)q71n|cMAz%lZD=;X|6JmuGs`Gxxq{HNUOc~Uf7l)`iEn2INPuOOd?d}$i<
z^$lhG_TR**kWJi2+SeQ0`y`zW<@zx0xhR(ZOL<|gm*f5hv~%Y5W}N6?>fXRTS753c
zmHyy{=cxE7{{OFc>EK@~cI0|dZn`HnIG)ZH#SZzIX`(po@RNo_{TL0~$w!%gE^bN3
zFJT?-_f^#aa&6|B=jV1RG>#2h;W_^iUqfi{1=5$(Sw05hs|XDY;huXa%fWqxD7%FQ
z3-KP1uE7I6cJ=_*M^ILqd-vf><R`{Rq(8&2p|L$Q^eh!ll3vBdvgGUW?n#3SD7%~V
zP6pCBHu@a-mR$37a~$|+?&o)<C+3s?g}Q6Fwu1M4yw9TSwmA4JY0p;&?mv}^;ra&i
z^1gx#&+~rIG!>8V?!tR~?93aF#s=DB4$5oL@E+cmF!0_C@M+RFQ+^B1i}&q{gIviy
zP2=o~(g*vWjY7p2P4K!qkZ8tCd>!U}2aWJk<;2<4^HrI2NBofY7}AwvgI?Pm>s(0r
zNIG~P{g5a{`IY3eY3qYn|66{B<~@mF>3@cQET+;+ywAMaal`C5<ELn33ynQSqoa8H
zx}CarQ9gwC;8<@AQ5Z$}V(#_DPbU*4|I_9t4B&a{PEY?CmI^0gV^*H;KjQ1Qc+<Yv
z@R{=O|5M*Ge&U?yOr5T0D&VNNSMqahax8Cv6Dj{6?RK>7Fn|77$mq|!Ze`RrQ)xEt
zrqTClpedCfrox-l`-pTE(w9@G1@96>q#Ex|)UC^VDc2j4_qB-YQ)9U2SeLf$B|nuq
zAJJC2e}2;Uf3KfoWeW;ZVL8`&(pYnDPQSR`iS$jBH^Vp1lyfnE4ELqc3<h%t^;eUh
zMThT^zMK0VB|n3F+nn@2D2}u)7pHS^8V$Wnh2vB>7f;2=)aQC%^5by`b@t(z*R`}U
zmwLZ3n6r7m%G)1BF5;b!Ypc1|H4fB2HJ&Cvf%0uRWBmCmi^Li(e8~+1u`&9}qTIij
zstmii;cHyS^??lTO7efv&}6PZK>2*irgQDgD~oGqUZrB9IDSF-w?xL*eP{l>(U==I
zF~aP0G2akqbPD;$sdzOW<EC14_&)VMqHHUj`O8q|kS@kOHSkL6oWp?kP=6uyC`xRj
z&hI1&lkY?MSl*v=Z&&iush{G1N+6L*g?Gp#DJ;u-Ar<bU>_rCAiW>@WtvKa#Y48)$
zzJBI?JNGW7-d9|^nDSAS9pK)Elnpj=yxyk#3$FXxO#LamCvfd5%4WL%8gav!*Oy%M
z^$(r;+D*mVVnd;XX9bPdU|_kh1NH7Bof!wUhPvfw`2N_T_pIVNf2EZ;P2Fez(^fm~
zPw)Q%4B%E8_>h8<6pf9IdD+)g%DYmwHxA0Ok~Fl4`?kc6_A>Anxc(>C7Et&9wRaxS
zQB~an&bc>5LWcwh%}WVAp$JM5=~W0wC<+2jGLvK=nTb<?_=5>zLw{@$jtYo?3N}yy
zFM=pO?4V$8U_nr^04gd9==;u{Ghry!|NZa1wcgun?d*MaKj)rv=I&%AxrL;!>ts98
zNybC5-H5C<@d~j^#s3|3HU5b3HIxZDK|hoa=~WpHZK_wLHGvP~{0OuJ`^&M5!VlQx
zY9A%Lk(mAQYe&o!@JIX<+(04yzz=n<MrC>ilM(jC;C-C3P*%ZVfBDmkYnQ%3s2ON3
zBK-46n=n>z7aql+f_uRv9Z8M%5Tyv5jqGlGp2kPOZ$sAspV{crk!KMz8~$=#P9FRi
z<a@DQhTVng4Z9CcpCIgtkr%4qI$gv%=tNyaL_<+Ag+ygH!5qPM9c#BuuTvrM5_Fsu
z$S3GHtu$4C4{By2H$**@O~4Sw6QKN-Oxz6=GKZk+phb*Lf^9+Hnc!c=6z~e;!#c?f
z_@m&f#Q2op3cA40B8HD~Id-kJZ@!-BjioWO8w<ZICiurX2)}s|SBF4;sO|{j)@q$f
zl8vsaVt}pi3hIMF`1eTkJ$|<myRv=^$Fz;ID_z2u7ZnF=jgYt(aC#j41)Qf7T|<y!
zt?vteE<8WXj;qX!-@s-XR6!X@dP2L9a0Ie(B>Rx@r%DNoLVhRq4@ZhAb^bD8fI!!S
zJ5Vgep)0fls9-nA6ih}wpMpNo)i2U|rF$FsbOH+!wj)j>J<~Ul55R5`^5xK-_&%Tu
zReoQn4*OP&JE5!zZqmvtp*wVtYC2&<f+_d_%tO!blf*qqvT<NMd<X33=wfe0e;NE5
zY@6fv5;h7Z5vx5o6s$$TZ<nH&rvtwOEo0mS$La8Qfj?-+XH`HF9Mxlf6)f&TwZzD(
zqq|4Pm;zr&@G$Z=Oh~~DbgOk?wcr<{OJuwYyHXpbk`B6@fYori6Qf_DwJ}tX0)JQs
zn~m%o>=YbA_7p*;l5`XDmx=WjzD>|yj!uC0pqqxxK=cNA9zgdfV-5V3Yn&d!a0JRx
z@Cyl`-~nXmpvpB2IuQB}K^`aIA#B^C=nFp{9Y6T00JruZtQ>*P_-r6yM{P4D#@6|S
zXp4~zo=q?X{HWJ~Fyj>zq+k?5HWK75ZBrlq3+x&}pQHebq>1P{VSf<55<ZXPqhLAm
zS2Q1ya3?TchTpmBeWj`ns+8&ng;5wz@Cv|qD+!;_vex)KtAqZ8JdN2lfIg=kHo?~<
zc3w>4X84BDKSzP{pxua3+F1vjNP=MqGH^JC!I{XL!0&{=kYEMq6|6?qkz_X`>xXO_
z*n)8ybP!k%Isbd60><n3N-#mobF{XTdP97kDnE;HsKJ>38{|Mw_#yBwKo$IxVzyAg
zEzoAr7okPae~@HI%qkv5zCu5L<yTqzpN)JZ_Ag;S3EE2C|J7m~$H9ldA5iYZsR7Bq
z1{dpsS`%Ol`u6C@!9PLpnFMn)YXvLN?Lv3IPWWX+95)~R)yP&7=O}m(yFSo?>J4E$
zgUT4b2Ym_Wq1s82mCRxfiMA7<Bf5RyEaZ>kr{G#}8GZ^Z3Rw*G>0%NX_eVF67#)eB
z;2{3hKm}{imrg)2Tnk2O#}JiP)iY3r>QACS2<=6%*OUMlj%<szxt$ovx(KB^qWO*_
z@WS`Tu08gd+P((-2a$qG;~ph>b+D~=%Estr9M>ajhf!Cm&jxFQOOZW-a}+kCzgO8)
z_(*)N2NfK`?s;VUv~4x)9$<V2F)jg%^hEv94q+!wLkMJ|j6xOoC19$qTFG4$xshOJ
zBmadU7a+SGK2s+ig-$^t;~&6-*yP3dk49e){R7ae@VlcFqaH9b!M0R8k;;oveu`sF
zC)DvT&Gc-3C13+B9sr+#?~{x-<8zi?#pj?+iIYw|1&7G<BC=ZWGr?zcQKfw`7=xn%
zeo@hZ7m;0ob9dxlz%K#25kNsx=sM^u=sP-DmZLfTB}dEe!v8<;Rj?d>EHPJt3eG^@
zT;0DTbYLYMp;iLt_jQ2&7%xC}GW1|2%5||yH<|G*j6WghR(M;l)O9+JvdM-|2P+fv
zMsf}YA5-5URPYOfYf!#Kkn3??L7<!Azl7dS<r4Zf`mdmC(07bU{wi_>*CA_zK7jro
z_*{%^F8nSMPSKON4ZVU!=pRLvpw53?Exa093E|xoW55>@@C<M}HZEieo(C%tu#OJ+
zv-Ztmd>(f9KqnFWBK(?Rw+d8{r|r*!Z;k#5U9>a*kYf`0(gMd>7z~DX!TB2aD7>wi
zcIetskVV2l@M{TnFZ>d0uOQK09efu2Y<$}5<mXfDFIsm1dIkSwEgC!S90YF?WCKBd
z(b7CkkKlMK#WW|70Ow#cg2W1rLRW$>g6|_=fZeNlRW75*ABkB7d<<Me4wdmAdQ~>?
zTh<O-g<uiR{Rk2U%Sdt?cnJZHfa)8$3OZ>z8Jl+r)|N!CARh(454)eCwMbMQ+`_mF
zs$TJ?LlvBj{eJil@$UwIpZX5rJuuA?K1f0Z51{-u!p0f!HUTaqn1TX$1y||uVd&?K
z-@>jwu@ty;vU`x7rTJoVv;d>f621w8(pNE3umkK(@JST0M+Z{!<|OE@9dE*RwAM91
zR)^rnpi{MeIIE)?nqG_zrNjSb{2wIljmUc9yB(Xg$Sy$kbv#eQjbU??ucKV6i&2UD
zFz%-VcfxofvKK(VQUb4n&wxD%xR|613HlEH-58Gt6@>8rf%s9FjQoD$Mq!5fDQ6TG
zlEgyU2|S8$t~QL?XKTZHBzX_pLnsF6L{Bhop%eL$?PB~GMZK;kbPU@t`V!>tQfR!k
zeI)uFq6rx6)|u|caWn>HjB9}zI>_gGHOi5d5JbUu1YC=}uJ)}2-vwC>@KT*b+4a@-
zgS9LP{l~~lzfxKtUI)*j`neQvr*=@fqv+Zpdl9E8N&sZ)ghP=BD9|ME+!&vp*!DrU
z0;-@AI!p8284t%NQGJKli}1l1$4}vVV6a&iq@3%KYzguN0tRus3fZ;r=i&Pbi9-~f
zse>zff$cIiMt%gmlyMDW+=uU1@X63&$eBNeFgJmd^wQMEz~d-++rg=f@h%*002Ktl
zvDhBMW?)QGrJDpU!DlJD55a3=CUF)8w?g+CvO3^9_|8$E|7W1+h(f_v&|H+uNwyoE
zf-btShjdX&)*YWUG2<%OFW2_htCi95Mr!&lwpYWi2Jb`v204DEfYLOW{d#6M6Zjj(
zYca6EJ8+t<1N3G5DY{0;j$rSDSD;*P2fY+|0lJ@{WAQly9EZ;;l6<EN`v(0+^ySFc
zMdC)z-@62BtBc4~QGtFKKdEJ(>t%i$=Q+r29dH|d#RU3U>y_VC_-sc$0=v(!Tc`_d
z%lKaSFmxCN+~oL>zZOQ<<FpW=3mi+33qcpMfdt<O{REnZ-EN#WLoY+$3EMvCnnKr8
zm=79-@3C7AD!4+e0RGdly+GTXO$-Or{O^dV-i6aey5g={z6$3I5-2!`<8<hG(5l#;
zi%me=-%WzyF-0uIZwEHx(dQ$tf^94Ow%|V(Sx;h?_CPoT$CjXi(K^5m40oc7!gn~>
z1iTOWAUG6W!7BVVXg(rg#`td2vsbdSb?mjotHF38*ev1`dHzEXxJmr9Hq3(Vz~EXc
ze3N94GH%H@m7p`hTaZQJev&EZ4jqGi0(SQjYdt<sGhT-6o`{L_^%9EM26jWYAfEht
z7$h;6i~3D%_%34wKM^z){6H6$P4XW};6v6J{T}EmdZt^T<B9bpwwI8!fbqr9Uf5LE
zHuWhi1OGPQh2ZAsPY9o6pkONwyWkfR<UH_M@M;3s$d^GCOhXpb0kcWijG&#NpP_4s
zyfwBjgUQIc6RQ#S&*=EyLYE>>AyzAFOCM&Y*XqC@p;*QEeLda`zkomrd^mm`VdD%E
z?$RrirKwVd@mFxA_P?6(m++JE^&tPASg$aiirj<j7xn(Pnd%e_CD0uhJPrRQ1|K8u
zpl7M{7m;)pvdY+fgxx`86VYD@|2=#W0Uv@t0ROEnpf@y47lk;kHNM5j?#E6#Ha!1^
zI4W39u&+sQDTx%MAaAdA4GA&|T%e2HLx7gp)rTsW2fZ2FDOx{;;Ljqj8k2mHW682(
zGto)TtG;?UR8WNgPf^|F6j2w0`N+;>{1|jDvL5Ic;WQ8XRAke2V%WH<@UMf<VyECN
z?0$gX3(nRuC4ZN=t)X7@eUUe0T)G0mH!vm4rZ)+@!%sr_7V-tUN{KuJz6Dq#Ch<?q
zxEFQ`K0w}>7+ZD1`S?7eCI?P{T!=g${u?C&GQbH&Tz*`448KIU1lkx{8#<0)CD17B
z)=8^G1<+BNFF+T<_6}`7N7KuRHAegKS-F30f_aA3Kg(*F9&9Q3U%nUjb%jC!XP6vk
zRe)=n%UkHmDfC!M?ac{?Jg3+c_=BNHoPQd|z>dYPVDJ>1Vt*iHrMqK8hl8F-zVhPr
zJ>&Zf=+j@8nMS?xt?TQoS+#zasGR353~7@!O*R}7MtV^GBhg5MmS;Yph<qr~Xpqt>
z=*{<8E}z@-_;Ld!#i7<{wkH~vvf#h?PF6H4$!M({Yi@EJZ%Q&!8QQCp_)o1$e(_VS
zl-U=Rj11W>*+^EhN1jqPYj!+U&#2VK?a6b63qx(}kyVWGVomQYuf*5Nbp_m(&!1_f
z2Q9ZJ<jD<{C%urqCj7!JLS&Yo`$9v$j(wrAT$^H~^lO?PY?>UG9&C@Xs@N3@2Rv3d
z==J3*|EZo5h&ISXpeN&TTY3IKcT2h3J5r2C%{5=We5a`C^IK}+eXb&pmG7PA@vWJ?
zJtMwhE0)#r7l*ulpW|YM{FZ;3ClK(uJ!>9#JwHKKDiZA$G&lOM8TGD}n%dvb1VWTi
z;YAVltZqh*So89MU*oO*eMVYdpEslesm)@!{XS1}+_0!z9xM{6R>e@8bx(J<wDQ<H
z9(Q*&E&Hop#zAw<hQoUealY&`%xGJ__efKDV4(44!;wR>tO8fisiVXbvT{5gAG24x
z&RzcS(bV$gN4v@JU}ILj<jB5MOBE_9rs4oAd6_3u9vf`5uB)}hg&r5P$u02YPPIY>
z9@%q<k>1*yTX2$h(AhG|AC4yx3>T|iDnmnz?d3IpeX{)Uub%lgiSrY97T)0epGEWe
zZ;K&v{xHLBuMna<VSp;y>zn2(^twss3b=CFufZOc-&a^-xxM+`P$aUeu+Tr<!{%2r
z^#)lYzg6h><@d0PTr=dXQAS-^D@i<W56w0X8g`Y+Vr7E;Qw@=1rmDx%H0;f@GBQdi
zGu_QvHkGc)MmO0ZMU0OR6?lX4`V=uE@qAB7Fm7bI|K(J>>=NS<VQ;A;8X56wXUUK1
ziAFYGK1nWhdjmzj{J`Wwx2xEi5ZNceiPnTMqlQgP9^#{ZpQ|wPGz&b1#T-92pVdF&
z6*0(j<#HQv+O#*5C{fe*<$J8@-cW%*98!<co69cAF7bt2GrC*(#rYZPf!JG{i8_Wc
za=86ry0DWQ{7yOY)tN>EyVp#kx?!*EB%T(X$EXX#sgZ?N`+H!aD_^Z=kWItxR42sB
zuyS3#mLXkGvYcIJq{yr?qd+$3B2wk{GNY*t=MvRD>d3VWT9L5*<+eFS*HeVaR~m!t
z(z8XU_|Ez~s^c1+rk4fF4|qc*R&l_uj=!pkg4}8`0{(E&{^!+3C1J1bAv#u;4-6F5
zQu4e3Zp-7BsoE=Y*FbUYq-;+pq=K_$bxrDV#7<SuQSW2U0#l7_wj7TY@NmjQ+!m1=
z#l`8%4fz8lC|I8+_V__!PUQv{g>$^>_!PN(u6$3C$Hz+fix|0s_RdkFZKB=iB5{xC
zc*14xoXk9b*vA%jg{jZS({=GlKtZZnbq(5^$BTzVBd^cx%)z-UPQC=>u9e0jJ87cW
zUpdvql6j}8AZ}O4W%+Zauzd2yb;iYYPWznWWS<sB9eFTIB-lsR8E1>C`nfreJ=tz)
z8x2Img0OF@b0t)q%Z%s^>z2LN8-3&lQ`rR%4lt_8ty4v@G#@uM%9J88re$<8tWJ)9
zhC43T@AK&=s;9|<`9jj#U^Fz<wKA_rG^ulviQdnSQC+n(I-2DPhPcnX!2*w4zE>nB
zwXj^yjZf&&BZsR)R-_A6UWNW#P9X}}!6(j>H8&co<mTBT-cIlfw`pG$5X0i@I2WXq
z6E2);d5fIS*CM~$Blm7G-jEBQF{;RI&luw*e}226$;XLZ|5;<5u)i)56U|EM#Dt5j
zF+-&FlF{mnynw&R$#%(0Mjg9wmROgZ7!0{N$P3;y>MnTENVS{3X>edKm@A%4sNu3k
z56foTMAt`F+i83vJ6&V+k_UDgy;9UhiP_=mLnGO4ag%t?u)BO@j1qSER*`SY#M{JC
zyY21#ZwR?}p=eu`%O>bow~zBGuzH_yrtG~)Tv^qbnlD_G!|6|#A1@M?Jo5`<sNHO_
zh!>GV@Ah*!s*kZES17lD%c&%Ks*~lVUm6eF+wT<p6Ow}A9G*u|^4B99+GpG?u1{)P
z;P?3h8A|F2aDFnvfx@QFg{Go$s=`4|l-FmC_6OvopNx&Bx3Eyou4~q|d;e^tiJDxa
z5l^eg8&n_Va@-N)etX0!u`Ir>x;kA1DxmUQ4yQNIIX3oZkBWRzPaVL>@rfKji@RJM
zSlPrdm)XtMiC09Uieu<}!aH~IrC|?;+Iej|9B<xI(|P-H-U2Ao5ihqzc`|#LljSM$
z`(#mq*(gbGL}wt+S}(pZ*b_q^7xPV-w@FMK%jZNS2d{WsVL`H-Zf%p}^t;6g_PmQY
zE3b}z^jJFgh1|bMq{*)<o6Y5qo5V;tr;3?wudQNwgltpITx#F5S#&jP<a(T?vsip*
z2KGB!!~v5N60>NQvq@dCw}rj!c`?V7H>8=#N$hC#{OlfE#YEALH!EHU3kxkio5O4k
zR>s9WnCs_t%^&b`j3aMV6dfloT_)<<4{Z|}W>fA{pPB<#Ca-$Vav#5`oqa63H#VEr
zbp>(@l${dAyyeK6J46FHy|GzUHr^p_jJ(r6y+bsS_0BYpHgIatpH=FVJ8zHr8CAE;
zZ2R!5qLYx7UKeN9v|9On?bUuN^tAWq<+YBJ2c9tM*{hqF%|w0mh}@C)HtzT^6D`qK
zfIa>V5lm_p2u)T?H#yJ4ap+!g7Zx)aKHwv}WM~_+l|1;qum-c~_&`5lvALE`Sn4>n
zGnG;F(q=oU3-bgcyV_3CQZ#o>^;oJ0n66gad1}r34;eK)YtX34>Me2d$UfQG_Oorx
zwZi`F12INKmTC4!JcZXX%}WfqXt$^;cXTwn%8{MSp7zF0W<Mck?iD}U*M2IhnO)q@
z&B@1X<irQ2MjmGLg;{+Db8It{<M_%8Lw{!<mtXK*ZCTdUtSmR}6Csf)+kYXRu~WYk
zb&Z6`#a`oFvtAvS*ZB-qCs#e9=zV@VUGzkuJ7723FM21m8#W|+^i2IKq}*M_#f9p~
ztCCnbwjQqvESs{E6TTC3<^6rl$|grxKHb+mt2JGLT4v`+7rW?~)N7W$XsL%ciu?jA
ztIzNO^6S3lhs|MTGDkJrfFq9V*yEqj<h4IMB+e7^u4Iu~ZBU^<$5oiYTWH+OteK81
zDR$6oj4y|eo~deUpYJJAMit5ZmU9nh*=aurm(hx6=%lWA(CVq4CcShGGPC4$gUnj-
zq2i)W_ML;w1d)?Hdeo4tK{F#)8BJ(p95++T1AIEMO`R32xB*YHQS*+7EZ)L(tLT|g
z%+U?1X)hgYwl^CbpRwi7vr7EofHiW+Sm)%)5ywPbx$mf0DXn87zQ!r~S;s_=#;S%B
zS0y%(oHvZweRE7$=2@8?Wa=-XU)7Eo9Xe-pILGSPt$U}=w&xeI$E>0n?cHU!r3ZJH
z-R?BoS?XG;5XE-Ir)#*QuCaE`9*HWXYP`ESjdxTOYwJ9@(=^{vTN?0Ia=&4u9q+<r
zx@pueU$wrG4O1Yh>jkdxXtE*QUKww^F8CPvpJ>X<cRcl|{dux6MV#1~4@>+jO}Ul+
zr<!rOAjN2GzmZ~Gm~d*_T|Rqzntg74V{p6`+k5XWTcjTMVs+f3{kJ{4u`wq>hSwV%
z9&2t~`8&<`rHRd>{j~}ZUG`IYZ~lyATJsZnZ^x7uZ+2SDCzI2Ef1LQgy!Ezey%!7m
z?uK&w`Nr^5n{S)u``3SC-z^P!=j}!%JMki;o*8Mu)6_-7!#t@8=gF!zT>fSU{+fAW
z?|ogOy>p7;ivM5JflE5@m9_{NJ^ox9e$?zb#`!!wxhp;1fLHAK(>38XO?ZlNN`w9H
z>be6}{-EE^`BVLNbV`4#=a%%``)t>(#!Jb6)Oa^A>;X%ScJZqHzFNqtD~x7cDn9xu
zj=y^0`GY=O(ua?*XRYA-cTJ8r<G*z)(2#Ga@~`*eH6uHtzd9(+t@mg9@$r#XylA}<
zvT4Or#D8NO{`dx?rChzi81z?qahqPeMZBZ~Z);!vl+oqywBdCU{;&bhH0`pN4ViSB
zHvGH9KWf11oz#Fww@<R&ZkO?z(}X`8uiEe0@_<3F(toe<k)#oyVZZpPG2nN*@oDn#
zKBLxYT5_9~e7tBLeg1q<{bomQ(~);gJf#`W6!x}njp>OQr)kO6=cxKF<KJz{ZJP4J
zgx~7N*FA1d{eyN~(vH7jziOI>Xi{-3PwvU1>nv4Yo_a!GUZJ`w!IXd4n~#tMiRKE`
zp!ZHPmzuJ;vgsXvLc^^a^xs(SzuKhlsBA8dY0Yg~^KZ<Q*seTU|DWv4C7pS;J+Y2C
z?8Nq5(w?W;tJ2KDf1^j2^ytZUY6JepZ;Rh;)T6~FJI#8MZq}uhX4aA88=IT{LSJsv
zm(TszTk>%U_L;5B4o1sAXw0LPOPcdx+5c62d0gcCUW!OpV>3-=?i5SpxVC2TpYGMG
znkRPYml~&Q(Cf<%oz3s<?p@3lW~)EjrOS)EnyVxIcoW&Co4G<Y<xPc5?P31(uXW}&
Xo%uP5|KF6W??RsNJ%RrNP5FNUY2F+6

delta 51336
zcmZ792i(rp|M>Ciwl~?^W$(TBUL|`|3Js-{77dq*giw-}N~DaUXdo&hl8B0ilxQiV
z<%?2&uh(@>k4OLi_4r-i=Q-zdK4-koIiKsg(f#}WgS-bG&zt(HV3tP`ye8&IBueAA
z9TSN@xf6*Or&*dv{PJodQ5%27mRRn!L?TB<A~6h$kstkfBC!MS#6sBRjYOh24#iS<
z6PCj{F~17!XJ;^#_>n{d3bL*Z7n(%}M8~7o=U`LZ9P@u-C-Sw|B@%UTJa)%t(Rx3l
z9aUVPNHCv7J1mAhqNA}yBE`r_SaE)IO>_?yr~Eip!fbDbdNrfn@B+%Oz?yg)R>8$s
z5#PsZcmi#w*oI&|%tO9A7N-BiKoW-NS}cMyWBysR;wCJGyU_-JLK`f!F_9>XwXgtQ
zgn4l|7R76@G~SI);Ayn|E%Ey2m~zCwkSK}8-l8#VfQD=Y+Q7AFgZE>3d<Jc36MEmL
z(chwZ-wx%~q8+g+^)5x1;65yjPrpt4%aT|VD}EF`j?OU0JBdVBERO|o3_7qo(Sh9`
z^GnbMUqQ>aq4kbnD?Eutpw^}k$v)`PUAHL}5-AD{;X_y%7oh`t4|CxUSRQ}FURZc@
z7}#iRO#VeIfrrtEo<j#xaZ89qJM{ixSOM=s2edFn!iw)=4Llqx<lUM`TtdDcPQlq&
z2@Ac;PR3?vM-$No7ozpIU|%f1jeGHCG;&MO2(3jUy9-^?)c3LA?^vPe_E51V8i97$
z8%LmP{W99{PRxhrungvYFLYELjYKPS(+)&uK0Z1Ro0ESXtI>br7ZT2_1Wyq+UmL87
z*P;zPjE;B}R>Aks&36(VP}cWDy(D%Z-wIn}3VjZ2MC+ZxhFD-{m{=#Q;Q1d#qB0lm
zLpyj89r4Gp{1h7EQXhnK-3A@tNKE1kbO~3WA$~9B561kT=&sMdE9|kV$jlSXuoC?z
zE+^rQ_o0u_C$S=~LYLrUG(x|{e6ii3ya_tc0q6j3i{<mM9r-org#N(v1U?Myw83(e
zkHS=468Dm@!!_up_!JG<39O4b_k<3cqf0Ru4fTy^$FIiny=X^2p##plH+0khtCR1G
z-hU_B-y?g8e=`#6C@@67p(D=qQCO1t=naD~i8o*#d<gU7(=opi9q^mz-q?@1@fg;_
zGw498e;n+BwaAb9nE1PUAEe+5T!{s6`X^zHpFkVfjE(SjycnzPOC-ACt(Y?-k$4*&
z*pB_d{pbLWpi6iX+he{@6NxLaH_pK~QY5yK==vESFjn|H45$dYDH~!=9D<&PQRv#G
zun<0jS#b>x!gbgQFJLycaUeQ@DOd+z!|wPk_Qq751L47w!kQE;M|byrEQ$Z15i0Rz
zm|0V_<4$O#24gWCgW2(J%!kv_z3>=X?@cU$AE3Mcd!)ZqBLBfKqn7B}4?{zC4?2Kn
zu`q5xBeWN-_ZiyYc`S-0z6uelhYqL*HpJ2Bz#c=Fa3LC*eOSZupZV*s8|&Z&T<D7)
ztI=pA?n6Vj5=-Mjboc&=Ik4=Zu-mJmOVtC7&_MJQT!VRW4%+ckSQd9;=@f~dNH~M+
z--H{=q9N-T?T<Ei1v-<7*cR_bXS4}h;Q!FwU;l83P*=30>#+>Z!cw>bjofxj8QO11
zSn+@8aV&BqtYJ^I;w91B(1AXLHnbEC^;XP<Ut&f40bQcp--fkrfa#@0BY6*I!B@T|
z{tn=E3Jm2=bn|?IP4Ni2OG|y1NHoE*Xb2Z$d)$ldu+aD6<G4S%<_oYn?!kJP>xb|?
zpe6PoKLNYqyFU>Bb|mut$OjMhL{GsiY>n%%3!X+FIBkxGCFqIW$PYvxB+sCs{{W5T
zVYGh6PhssZK=b9W0@lS`*f&MOwYvmu;4v(SE78boLPNSA-JE~M>v?_-9hF1(MjNz#
zUo=8jVI_P7bKrWcid)bn{u!%as?xErCKq813U0^pxC9N|cC_LdtcB%{hdt2)-2+#m
z<@aDNT!l_xJvPQ&=mavK2m`H(KGItvn>>~1Pa+!ySKx9Si-xG!Nuq%*&`^JjmY4n|
zY^t{C46jCKJ_|eJBCL-;q7g0mYuNqu(C0}{bW@MPvY!8YNf?qvXebY$6;Gla=K3w%
zP#fLtUC|ClU^%=Q7vem$!^Xdd$XtX4$zK)ox5xZ^bO6h+B>gA0kT4`)VFx^oHq_#e
zuxWbZ1>`S7kKcH#jMFhYuEIk2M!dcgU7EvK2me8rp!O+#EW<u{DZYrQ;UseZFU<66
z987*DTK+A1L;KULA1;V4#3cFWuo}LLc6cI|=Q<MxRuhX+-Vogz7hxtGhz@wj8RG9u
zucIIz-iyw3F1iHIp$)%{hU@@Z{}kFl?z15x<*+#UCg>x&7uwF)n4c7{KZzwMe-&+i
z_gUg^h>lWVgT?<0pWC&tCi!MK4M*b;Jcc>3%U>Y^z0qTJBf9w>$9DKNHp1k&aJ&bg
zr|Lm;DOO`++@B&*k3^oo!`ipTZR96obL{$0Sem=BH2LSyjy9nWsO;y%5_Cq7;q_P>
zpN!=@&;kC2t*~SwBmL9#AS_2dHG_obdpVZGz39x3p}W6$Mn?KLwM6sRp&dOK^Bd7U
za0s1I&P<_$w&*~|V<}vVw)+XXG>Oa^PAHWqNWy};XlUA_BfbI)<1F;Sv<U0sE_5J&
zqccrr3FSS}dXq3aF2geT3Odsdu{xf_B$mjUktpx^Z$ZN2G#ssP4|?N^SQg*MBpyZU
z<;oT!RS(_W7onSP6z0V{(Fx7KF1P@bcm(TXmh7ROCYXo*6T?Y(;~30>x1q=FPPD_x
zSQMYf0=O~eccYv3JIsw|(V1rD&u5;-%IFeojppK;>J8+3V-h!E$`BqVF$W9e3Joko
z*XkW~lO4nESR;4H-;C|Zua5cOu{Zhpc`_3H@E&Y~`_cQ0<jqLjjs4I~xDVYc1@mR3
z5<N+D%a@TDfRCaPIgT#Hb@{`<9>r1Qs}=|YoQa*tufX#73%Yj-UJ&*~6LbQj(RLn0
zH~IQ_{Tn<?K7YYfMuKHY{8lg{F^qz<g+d1d3I}h&B9uRZuJH<VZMR|`+>iP32>LPm
zJ6i7?x_62c3FVE@Q_vb6*bwv-O-+$#NMbd*YrjWBa{^t{N=3t_sfP|^BzoK?pfh_G
zo%v3*;gjg;C{--v+o1Vt(7iMZleh-mJE>1dv?cLltWd3Z*xfzR8ID0W->v9OXGNci
z<u9QF--<q<K0r^;(P;J(8R=(#W%Nl~51si4WFo1=10<3ZyoPtN6#LPJ`j=v9@J4i#
zPKZ8_KBzuH2YwQrS>4jX0qAq$j+kG8MrtqmJoyVtV1Y6Yl-*W?gg10UAH@^UwObZ_
z4-M51=-U2;9@D~QLqtlTk*bc?Yl7wRLUhT-M(;uIe+-S#E11vS{vioN`xW|y;RHIP
zjB;VbRnhWRm=k-U10I5YtWL)!I1i1~PINP#MIShsl3_xP&^^)*U9uFW{8XDpVk~}x
z{jg{GjP$47BD|mcIqZW|D`X^&;HP*EzF9FNaS>Lj6rObB(fm5>h*>L#=SFw*0rxOE
z^Jg)MZ&&90yC#PyXosh;JvOP5k^cCcfTPL3gjZt0s$oVG(V4D5KP5j$m#$E?5SdQs
zDY_XwcFVCUZbLWW2{aOAs;9#7>s~#C=q~ie1!xB!VK+?F$VglP-O*?MDs&TWN7wi;
z8mTkr+TUF>BmL!cF}mB|L+hPF@5@~)BheqLq)52g?!a>R1ipjo(KWxLc1B_h&PGRm
z2CZMUPPpC$JuO4fj&F_m$Iwmr8oHM@qYthh<MltW8u?VQx?zOvumJ_vp%)gS9qvFs
zR?ncvsA9daL>Hsa_BqjA=n~|vA41y-z5i-#ox!6WU4nfL;>S0#G^s?gVOXP9=<yhg
zNxU)U=f>+R(52Xp&bUCMP_H%`(w^7_$Djj#89fyT&<GT49QH~xwBC5k<N04l!Uw`O
zbO{cjkw`QNGi-<+(;IO-{)%mIbkndI7o(BbhuyJIv(V8c*oge2=#qVaKB|94Ba^>5
z4=@{UL&8t9N!SjzU}wzIB82in^c>%cJ#i`8(dlUWmf`wLbklA`XZ$mIoG)mVk^UL;
z3T#P!A-2UYF=a?gvq0W>1^Qv}Fk1dPcEI!49y_$jNKD5mXao7$#?Yhn#-MxTMfCjd
zkNJ}A!i+nik-G_v@alG){~jd1qreb0Xdk{H+<@)Kzl5&U33Nb>JB05Eldux`Ptbv%
zMH{TzF+^f08leZU9qvavF4ieLpa!A?UeqZSDtt$Q=e|nka2kfAn`k;V#aGcaI~K2(
z>JoN)x9CK4t(T*l_-h=6XK(@z?-~ZS4~LS^-Yp~X8K+`oiiA(1mKTOKy9zxfv(Op5
zhR*yvw!m%|Wu$*ty%!Vw-v)GG8+(M!dknLZ&vSA34p|U=<QBzyu@SzDYtad&CiM(o
zjh3OCY!A9iGxZ7~t%47bAA%0#d-TS-y~C0XMbG_X=%aW?%xCTs_EICPLir#pkCV{N
zxe$3WrV`so82aDQPr>Sa!?)b#=$c-LBk(TFg$JWQMt_g~gVng6vtOv!Ale#z@^wQ$
zYlfoFi*Z=QgFS<UpW6$u0KSTL^e$$@J(v?eMIWi(p!H6m_0D5%%+)`9_!LDW(gls=
zZP*N-L?iqOx*4+#;CRx1qB9A1|Kn&RK1DZE-htss*8$z_BhbAv1)b^3=!4~Rbkm)|
ze0ag2Fw-PD;KrC2J77objqb5|m~sXiVukHkf&4y9;u&-XB?gCM)*Agdy*4@x{cgAz
z-Gu97`BC)KF6)pmpi*c*HPFyEMhD(|2<PA3IgSE1$1F_ZDzu|L=zxx)&;0yDLwPOq
z{B}d{pNW1fFGC}^360ok^!ZSFSm^jdwB0Mvy><66&c7YMN`Y&$AN^{TV|bWBGjxVM
z(Y<g58tSo_38$iKdq1W-MrVE+jY!^0!T?&KOLh&qgb&C3+bI%u@FUv5dGu4O@ulII
zj75*#T=YqJ01aV<5n<r1(fdcBk-8O=_&7S#_2_{2qmep^Ml$bZ;X#+GLBa+Gp$%M*
zp3jHS5WRtp_$T!E6ums$SQ9-3gQH{6>$js3n1gn-1dZ_K=(p(U$Tl+FUn<d*gfkk7
zR=fp`#G~k@*@Xr1GjtdKj4kmjw!+4v!UJYJ)*$~l+VNKO*nWda{2Be2&oeqiqzabv
z{I?}xs79dAfjiIv%|S=HJYGM5hVV3&!y;FNjvAxoebK#h1G*U(q7hk()o~a4Bs`5q
zsO**OInRG15{~Rj^jJ*BhWHG+7e2;znCq&r*)BpOGzDFv_2_0hj&8EjSBFS;Mwjv`
z%!;$ni9L)Ca3!Xk@ir3r1v-!u=nQj=2_vnBEy%Y)H`7G)`rLSZb@aXHSLl-cf!51@
zP1q|{(e|66d#&#^oPRgbEfg4<`_P%cgwE(2bZH7)8y-Zp(9rcpkKL8%`F;jHzPr#p
zavt3adB=vOX@>5Vf!H1&MkBRvY$}BK9|~-^@pa)eT!gOaNVK8J=w4WX-uNYYDzaW5
z238+kx&i2bZ$|Hb5Od>7baSsqC;TNEiQ_2}hBW)QaAOi((^k=O=p%R$rhkG#clU{C
z?i<4W)zCF<k49n$daP%nYrZJvH%31}2b%hsgd@s+V`!i_I-q*U=X0Vvx`}Q@XS4vF
z>3VcvpQ8_`ztI_W86O(H3|-?p(E&Y!4sb7e8jd0nNhJ#16hhP(b8w+O8sZDl(BFja
zg{RSh>_U&(@8|$4-W(e2jYjBpG}MdGCEJP)_!K&T!ncIIRtrme{`-+ga^VJaO&>x#
z+KAq81fA($Xei6w8Y0mG9q3?mMt7qhIxEmkya(M=S#AptvXbcYpfY+oT3}K7Ph3pG
z&*{-<hc}|fW;z=3W#~+{qicT#?Wo9vFwhp!%g}+|ht^w;hJHI5k+Yb@QWHZ&T4BnL
zhLJFocc2fPrRekEYji-rqXWr(dsvd{X#M`^X1yD|{wlh6K0+h)GrA<%?g)FK4%%NI
zOyZ4qaQ+SXTnb#Hx6t!^5Zyev?+j~S2Yo(Vg6@eaXv3?}nSF}xk+bLks@)X^&>oG*
za5Q3*(Otg;eS&Vfi}UZ=ou<H$m7f%DXoGez676sXy4J5@62C%ccpmMbB<(n}HfX&|
zV}2Ss@E6bl?8bCNF-bmmYI4{Nwb1k07TtUU(M@z`%)cD-`_T?_-5riw9kju2=zW)A
z67NGJ_yT$?-$$49TXe!_qNxh^gqioiBp1e@4bH&wxCp&rYrK8}ooW7i!_4ZUGaiW6
zOQH8IL-)kam_LdxP3|dS2`V9*I+bWg!aZ;!dgD{E!rPc6e;}5hLqlG6YUsE*HX?r+
z8j(lPcGjT-{0@_t^}aBnDrmhn=w2I%RXqQ9ld$2X@xm5#q=(S~{e|v<GSgzH(a>Io
zc62X#eKES$yV3SeMGM>?I;@G7Ux>DQ1!kxJ#55AQaZdC}G;}YZPr7%}wL2BB=bRoI
zDuN!vdT6~%(1Fdui|}Q151m7osNRgQ35TEqorI|*i6tbguq}ELy|MVru%<oG{H<u{
zmZO_(2fC|Iq7f_nKsYtE(dz@y$lQU}dmin0XUzZh0O#LhS8P^z!ZpH9<gY+Ov>ZK#
zAD|KW13kY5XNQ^AK{sn3^hq}c^W&4~gjS#(e-g{jq7%qDC+wAKb2x{6DCkc?OMD))
z;bClzN6|H|`e5j|D`p`-3LW6pm<wm15qJbW1uM~keTLTi1uwvY4~1i130=~bDH5(-
zFSKFvHZTRfVI|tZJD9|s=q^5nZl(frLu6{A1MZHVf@$azaSi%NKa75clz2FN%3g>*
zZ&Lk8*x)tM+31a{(KY`Dok5X#VJVuTOE3ccbh`tc$wTN;E<xMdj85!(bRtC`3FXz$
zP1*z53#r6760X&JbgkY-L-%d;9J-kb&kwf1=HxHKX7~hp-^b`c&tMxY`DoZ|Lohq}
z$!NX%(e_@#;-3GHNfe;qSgi0j8k!1^g-A3<H{aFhjrXA+QZJ%w{sp?}evkRgkB6C;
zMt6G;G-5ZQdua|Dsa4p(^Zx+}XM7%A(_&AAkTyU^+yxEgwdjpcqV?Ct>wC~sate(=
znI}U#ZPELNq63+MF4-&S7m@9la<hC%A|K{h5E?Fqc3c;|v470pfzD(h+Tn)ix9Gs~
zJQcnRR!1L9<I%N#25o;cdi?gH6ZqvR&cBHqPlr8_L>uak&g4pTE$_$7xE<YWJ28o0
zqxUDC2^PotWb2_57>RD?Y3P7n$JuxU=i&H;sc;;!KO5Gj06Ktr=$c=Q&fr>fSI@>I
zu0{v=F<S2wx^#sWg$UI_KXxxfpMay$Ju?S=)Ne!wxFbcvP@cdf7F`@h+!S4!E79k{
zTyy{%&`op*Z7}g%SfV=U^#SN6ors?MXV7mt`_a9SXGyrf6*{rha1st6h0fpw^hvlG
zePH~9R;>GcXt*!h&;<0m-%@l*4xkY^iMDgW3*l$RT4?!I(dn3eG$RvCB|ahHIZiAM
z9W_UnU^x2uJ`r8xm1wB9p&fsV&al|B5TTyvb72BHpw;Lx-iAH!Aa=zX%fluej~zV!
zZ<26V|AU6M<cg4QfgY2A=&`vL-CTF016dQ@iw^iCI`cd)hIXo=yS*#=e7O=G&~4~*
zV>YJ${m%;|?09p$a2W0IFLX^Wcqv?Oj4s6hbnPdgYyCXBBp+Z?JcsW3Mk~WaMqzrb
z(Sa_C`L{9s@Ba^z@Ob206?SVAH1wCF1DlU__&T~Nzr`dLcsZ<PeYD<CbilWx^`FMP
z_yMM$l;~3ajxJH|S2+KMvfL{nG_BDejryaZy9$lOeV7v$pdo%9ZEzEM%)W@_f1shx
zzdFn~iC*uBF7YL31SVn&oWGj$?}+wN;EhMo)9@#H>?*7Yd!Pq8u*=cwH=_+MKs#8A
z-v3d&egvIB?pMQ;uLgR5bIgG~&{HrVMZ(=Y37yd^=y7=;ZSWZSp!ge;SmCueBg{np
z5;TIBVOE@keqWe^hIkG-!Nq8YZ(<U^Mej>xeLeiqNJX^4%g~vRLO0DUG-NNMYrG46
zq8*Rdi@y=dTcT?}4BeC|w1XvRB(|XUA4c~^rnTt-rV{l?*g+>W5|?8`oQHn+yoV0t
zB-%m2b)kbM=!eR1bf(v0eoUbq%|X|A6&lf>&;jLHAC|NRmh}9$CE*B%V*1gES;#+w
zuI+PZ2XCRzgOAV<|A2<}H}tuX>&<X~D|7%O(WScwjqD5PgqEY5c`sI{|HJ_j4j}7>
z5SmKpG3$#qFbR{m7~LaVu{9n<>y_FVBG?s^<VT}V#;Ir|H=rT^1>L-5-wLOy3#L3y
z!%5`E+b|E_i%s!COfNz7B)W-;z8z-R79G$CG_(`Yj_0ET--T}C-_S^9ekYuoQfR%V
z@5Jx_*HhqH%|zFD8#=I`unT706lTx^4gKxt@tcY^{A|pxi}`)%{m0SgM~=<GvglrF
zghpi0=2Td-sT8;bE6^w5`{<@Qjg7IymT+S)G$P~C0X&Y*^fgRBh|ovxA86<+ZVjhp
z5MD|C9vq8D(M>-v^=`P~CbYvvXoFkPugyo%Q}GwNiRx?%5vq@NH~`&j<IoArL6>AD
z+TM2b!E+Ri$T{>mQEYqsd7}&ok5L8ej`h)y-+_jDGaBMuXk@-a8!Y%<Xs|NcaXYkp
z1X_Q5ygmb+=@N9!H>0QMEE2&~BHxZMgBn<m3m2lt=?-)+ycFGw?)FpYK+3-#He*jT
z61T<tL+H%cqmla(-2?e|#sQ=C+hJYL|4<UnU<TUoGV}?zA8jDxgZOcZ=0~B|=c6;(
zgx<d&4gINjJ>RbIgGY1pbhJlL*$8wGU5iQ2|6CG=Xbl>HJ?IECc87|k(1tsp9SuVt
zNVj8AoQ=+S2|Cm5=<Ys<?v30ZhD}}*U7|i{`Djepz!VaGfp`-0;!d=q&(TeDCguz6
z2@Nzrm!>m1&@t$v_g?h8KaB4F=g=qWXK2L!iTUb#!&3Iz%lY@h9TYh7=h2yNK#$ix
zG*rK$=eGDqVa;2j5g3imbOJWV=g}wJAxvV9kHcoHj_&&Q=qBunEpXDuoPQfyM}cd<
z3tfUg(TLRiB!qYvy4K^-^F0ll;_K)HPQ>yO`$Bm)Y)ScKw7m`Jram6a%k2*X8<rwr
z$ZkSIH3dD6%h8YFb!aG$pd&B#X&8A=^uFonz@ETdxC&k4_0e5uWDcQATJp2-Kx>Xh
zE;WvXA$tlN;k#(4|3o)Qna@KgTceS>6uogg`b}mb`k-2d?u9ooiTlte=l{?LTCFd_
zUh0D$<FUx8NF^Q%iNxz@#ZS-yokc@e{y-R5Uo=9~(9`k~x<}qeKa{@5Y?%Mcuw+HC
zBl+6s65WXItp#ZP*RY=F|0@!9oc~~$Q6sdY)@Vng&^4co&U_Wx;6Z#4b9@yVd>ozG
zX6%Y5&<Hj8Iy^VpqI+sQ+WsQ!LjQ^PNO+v`9||2dM9*{Ym>-YMbPhU@73i`3B3}O$
zU9x=NgaOt^I~sv*>N)5ajtywNZRp-QiYYfmp~GQq8eo$A#pqgIAM^L4Prha7F8&f-
zqI^f<4ADrnMJF;mIvJhFbC~WJjo?wV-(uf#{ym3Hz72mbcO!b<*Pxr{3-rbU--S)q
z5S>Y9beH!+KWs)~cDx-O_&sQZ7NF0SHJHR5XnQ}!eBSR<VVBqWKFpvedYrC}PDV%i
z2-@(g=nQwG1N|+Qm-rzJs3BUf3%YqP!z4Zwudj~R-$nP(*C`SMNaXr4%<M9B0N0>1
zOQE~=QFO*H$MP-c^WXrwHwqq&6N&ajH}&<H#D~%6%B$!SY(XQF`jv#w`0PK02TBDr
zL=Dl72cjb#hj#P?8j;u05bs0R_!!!7zMn$`TA{mqAm+h4(IuLWo{oo*_EU+^NjS6L
zFo{`@h22{P-DCsNNK8UQK0jXHh@OVy=y@)EJS<^nbRZ+q-TxrEBpcCze~Lai|A(bK
z|JhH34l1G-TA~B$fthdwX2y}&8Lvd2{V$?x{B6t^IT^|?#x|5sMF+e!`ZGGAg1>~#
z+ycvZ{(F#cgx8=UpMuW#DNN#P=y~0beikHt4V$nL8sfp|@tcHp@MLrgdf(6JgQ>`G
zVb8Qj`<sBNB#F5s+yiUSO|u&<{~gO=;on2Ujj%cS;pi!tA6<_Q<SR79S^fz3RYcqC
z81q-752pLkfv)|7^FN%#Aqu);>r)~0Q!y9$$Iy^3MnioR?V#lU!e>Hrw887qP5U%D
zkWJAa&;jH<9sa>$15A=1j}GAB)0}@d(VG;wS$;y-w%D1lsd}LePCy%a8i(K(?1W{`
zh5?U6BX|qi@PlZG*P?siBXr<rV|npE!;&>fk??r+LT|hs?Pw8tKDVQL;UIe4PGJ)B
z{1v`b)<&1;B6I-PqV?`W2k=zPzkxnicBAbbK|jt@f5k-pb78YoL@Qp5ZmN;!fKq6r
zo<lqM7}JkZ>_9&6-{IKxMkh20t-lQ2)SqGZ4E8R1JX@Yme?v+o#*oOtg(c|7R&wZe
z;Wl)H^D;7}2eK5M>ATVI&<9f1OyPR@Xd7%m`LLLu9bFN951VlPJ8bFsFP%9Q3`W;<
z4m$ErusdeXk}16>E=D6V74zdFbik{l@1r3<jMh6BEs-_ko1l^ChemX)<@BF;C{|dB
zewEsZp4Wru=E<2YQ~J2oL!Wg0(T47d&PN}ytI(y}fJSOBx`%#^`Rv(4y{c&B8ez%?
zdy}xiiRdn!i#`co!MwN`UGqKY%zi*;kR?axpgMZJEjr+V=w`eNJynlkZhRNLe=l19
zM2<|UM0pZfbB2bhqBpjV4vyXwogH0<o|diX5*$Nko+Ve9Knb*+X3>7=1h2=gI1PQo
zf0!#3*77g~j_fydr1^7)21}vk_0aN*u@w$MBQPHg<(ufzeHuNAM({86`H?427+3@J
z!PW<z`0x~oUL+==BioIQv1s0~nR=ihy%HVBEOd#MqYdwf*H5BLSu|g!L=xMgoA@&H
z{yBI#zK&C{c>XYf)KetdQLq`Un7Kfvgy*^jUV;~6UtEDcg8xB7SNDPtp$=$h2cc_v
zL(ET$*B3@#LkIpo_Qs>g67l`7V5amB9s@8R7iOS8E<cWT^agsY-bX|IEgHH+p<o4U
zPPP*ofl27nynt@L5751G7QMfG;V|IVnEw0!fh0U8ccCME7(G6#(I?wS*cyuz3D1Fk
z=;oS<ejGoK-uDF>xwGiflr9<~+5sK#7_@vQTJIIC==uMIgd;qINlX?CYuz5*)tAQn
zO)>u<y6cyqn`|RG^WEsoPowvhE*_qs_0f;(&S=MD(0UJG`uqPYB%Hw>bfhQI&2~YF
zP+kW+k-r$-BXgtc(1s475zAUKM5Hp>;Sh9B+=WJL9{O>;3hnRflAM1#`iFupSgKTr
zz(}<GUbMr7=nS``4gZ3Eh!idz>UBUPI0BpDG&Dl*p!a`<hW<R-ZsjtepAKa>|2{fL
zQQ$NE1~fkz9q}x5Z!AU6|6AxOcpq)(uW0eIVY4+xBRCR&!YSwyjVl)hI2pZvDK^5-
zQzZJ3$d}BN{%3TTVa^ObHqn8sDIa_X9l$Ph4L`^Bcn+_`HWf0Z{}aw7_&)i@6*HxO
z8ctLSrzt!7U9d9d#9ruWNDU$3+TDVF+&+R?aTyN6RoD%)R}LZXjm}^a`hZ!5eoB6Y
zy|G%AOzF@6iCB~TbLi6SK_hwwJ>G??rYDw4)F)xbZO~BlMMpLYvttT<E=)sbJ|C^O
z4%5#CbZ>l%c9^$Xm{4<c?T4V7Z8AE5XVBBJ9<%xR{~-x0?nfK^8{M_Vs)vEpK{wNd
z=y@NB4s1TUhEJoL@niIxPezTfNo%2>3B57BC(uYtK_mAfra%7=kZ@O@!5mn+W;j-r
z(Y3k|jZptsel_~BJPYmkNpyxg&`tRxI)SXULOZ3=h_#RQMcW&NDQ9vUiME(RXY@9<
zz(3I4U$=IMP-nEGvFIAkM3-tA8o77T(0+~9`vX0Wh3bSQ?19!B7QLko=iiaep}>Zo
zM?<|C{h0g$jm&rG66LHL*18_1*A@-sWXyuA&;h)PMsf$bcRs?V_zk*AOVkTr`L3y#
z3L$)!0*}*&*bXnKA3l!zqHF#HHpksq4|6mK-vgSX4c>}faXYrd{0%due+KN0Zpu06
zXULn_1<#_-n|7&2VKenckJ(`KQ|nnY^t;heev96axp7$gLTJ7`dMfIp5$lgG-3avl
zC(uvPm(j><K_mJZx;azlVugH7LPzD%&Cw3Mp+CCG#-PvoN72x3KzH-I=o%kKm!wM5
zup}2p??iY13N&)N(0czM6HO&5Hw&AhFZv)Fi$>r9bVlpYJ+c)W;{kLA7c>t8ZH(^v
z?pOe?#B6vQF2_k|gsQj5lvsd0&`2M}3ZDN4EyJc7fX;9dI`hTY8P{Tc{09wby;foO
zcR?R0qtRWRLOXgKjmQQxlBdum%-K53yc$}+7Z#)c#26BGcsCk>`M3~YM>`zUCY+Az
z(6yW%^9y2rE!yBtbU@!>aZI!gUtmh0?F>iv%y@L|@4@t+|IZ`g$Kwk0d9W89`R8cp
zkE6#kOS`bPNpuN%;ZVE@FU8$B9Ba1^k(hyl$-jh_XX_B^kHXC4-|E2mH?f(5ByPiM
z_ygKufsUcP7CNwt(dWYebZ=aTnQ#I+;5*Qn&Oy)p5_G1oqD!z1ZTCAgVi}!M;f7M3
zLId^D8FxlQI2_$vx1bHpjrr%|^-X9)U!bA?1AQRn?;P4|gMMuHMV|wg;!K=@L$GM7
zOL)fLfJq8&M=L&wZoci<4)b;mkLI4(g8aScv3d(#ibL2Ovvdo`tPOS`KMuFyYV`WV
z?qO-xpc6~&Ct*jwV|#3VVK{zwpyzcdy8Azm<+(2k18jz^C?AbY@L6>8eukd!GiXH0
z^$7J_pygMh?ae|?ODgd;2|GF*3KE4b4tt;pHl}<8Ho!;Ffxd^XVZNTB;Tq`D3`A#i
zb<9siBl9Twpn4NMWk;|Ep276r|5fZ2M%E8~(%p`AaVc8yGj#K1?j6p3Zgi&A(XUk9
zF^M;!OEM2VO|Qr6U!tFu+4_V{SP7HlJ7Q(e|7a41Y6iNym!O+(Bl<bNAD!X1*aiQG
zNo?IWgz{3f!w1ptjIX2jZ9zX3_oAn4KU(h#bdx9gasGW|79(LnHS`#@MR#pKbfzQl
zX-uI@P_}<?G~PgdIVQ2xfDpk}IEVZ-=>319o4Vw{@F~~@{mwXLAm`tY#oZLN!#smR
zg^RH_`I*=czr;3JZ*aIi4yTfT3EhMZhlIUy1NJ2UJPyE9crRWwG%VGJ_$c|aI0_#c
z#`$-Ir-p@}aEc5MYd93$Ja?jdVj((%-RPSCiSFh~mxSvV;bHO<F<S=DjY~5nMvxyh
zBDB9HdIWtyWxgydafuWO*R}z=cAd~?bRYC%_HuMDT!TKr?v3S(&{MDi9oTmCQ}cIh
zh{?;trtOcOqT%S0&P9*k)964_dr0`m{T`iZ{*htkt<i=rN6u+tR?NQ~^IxKy={zQ}
z@~E(Px?o%KL(%I`pqu+0bb<%az4jwA(NyAmNF?%)4j0Oy$E^u^p4*_uXIOM1`s{xc
zebg>OXTBGm$Um6Gs#j!6|2~m!Xgk}k4BrcmpcDNmZHhk%xhjmX3p(=4(UCtJ-HtvF
zj>mkNtHU1Xh(1uRLq7xVK?k}3t-l_9u>FKCU8ym_7U(G(g2m}SaUBWI>3!(h&qPD@
zBwBGPmd6d~ntc`h1Kk_Bt_dAiL_hV~qwVxYzb{;dPUt3dz>mlBm6-Aej7=omG&|AI
zo=2bQxvmYNYL9Nlap-26fX-+ox<_`QOLi9hRLdBfDgCcphG9SQ@1f<TugjGFEg83B
zAM)p~<NO~X(dYV1>0c<)cwDCRf4Q&_ebOC^`Gz-SO8;GM3Vm>FL7#AWZwxapg-P<w
z(HRcKb~p~(<ICuC;x`<Nb;oB)T#pOJbN)RJxo-+HZH+#Vu0_{w8M>BVpfk^Pb2xVG
z&<~a2=q8+kMq&*b$*<7}6}lzd*8tsgS7Q&Hk5}N46bYaC-ER$>@N#sG@5K9YF1q%m
zZVO*dTcf*uBwB9{dc2lke|!h+xX6U?;Aw>KknfM~g(4F(rGKADHFV&qxg@+{6I$UA
zdR%@-pL7Lo5BV18rW}NBrqSqwYX&B90ebv4q67RM{n##aM=0-tb~q0GRDBw0Kb6=)
z!ZrFG4SnM~gEyf|@Cq8*!)OEf?xKDMpMGe0YEpPWtw5iMyRjVpgigdi;`M8NRW#oN
zy*>te`~819i6jMIpcVf@Lz<i%HepM2#P?ted<l)rkLZ94-km9NA@)Wi^d$N`Sc-mz
zY(^vTJzBrSJsdk6gyT(oN}>&3cyHK@)6t4=qPzVpHph-r!gs*C&?Q@qcCZ(X%qeV(
zm8OOdv(ea&{4(r}KcNw;cVFmdIHr11Fq?!O9gJ3;7Iy88=&pSMUGshDdHxHHM6dh(
zD-`ws+VM8*hS{cv`+A|D9e1JS3$X(pMVGwR49@>_64%cN=lcvA`c^YT#X)GOpTLf|
zHRf|X5N6x}jojsEh!<iH{1}a3a#lF^mts5ePomG2FVO*2oXuJfATf4!So_WBjDJ8I
zEHWpAsvBNR{&wty@1Zlv`(XIv``&273(@O8pi5Tkp|FXsM3?AMG-BJ(_A{mCh6;_N
zS4JPjMpSqYea8Qdqp;}1nbN;d<aYGI^*dgQmFHzj|3Z-|=mYDL`5|(%&^3PpUE(9?
z%xgaymN0cIiDneMf(ee*Pv}U0ek>f5l8=W!4{U*%DQ|~muoF(hk+=hYLQl!7PXxb4
z2bk;0ut{5?pDCB&1NbO1kW`}5f^fri=$bu-p8Nf12(v#G^6jw#`SDl<AHnjt0o@~C
zq4(u@I^5SB{S>?j3*f!z0OsKc+=;n7h&7)HpL$KA?V~-g8Wjh{{N(6N^vO3L{jgbz
zZrY9LBl$BdgeTCBGc6457s71h%VJKfjOpM1SC@npTVXD|7<1!bbS+1tGn<E=_jl1H
zJBp35!n5HN48}p^A4QMXN%VUCMWOyx=o4@u`k>p0>Hq%cFbQXxZ*h3AG(|VvK+K2Z
z(3ws`pKuRjUR;PC%a!OR`wg8y+2_Lb>gZB6#Ux&eP9TMzvc=DF{(WZer9h9Pq0G4?
zY{E)tc|SC?<In+3MLU{@)_(?lBCba_=jZ6&IE_gx@qB2f1-gd@qLG;Rd@5X+Pl4xo
zHG1PI^kcc$3n7Gc(Fk3Ej(j%S@dk8&pQ7jacl7=$OXG6`UBcVZ2`opy{l0_lg-=r?
z4E0yY0Zg1m*Y;0z?HVo%A0}haV|gz+fYs=L4xypXxjf_>qa9p|-hT_a>sO$U@Wa>*
zbF2sttW+No&g3z4<ZI9d_MxFVhDpr-Vt5|ZLkHX&4fPl_l+(~n`W)KcKJ@-y(2fhe
z6e83d9q?FWPx0^nNYtX>rBIOgB6>2KWn~Cm2~1M2E;`WO(eao*9cYK|q67F5?KtzQ
z5Q*yOo*97!@fytQ`M--qOA2OUE8LFm+AJ@J2UAUSh6B-adlPzm?m{E5C|-XD-Q5S#
zJ(2NBcn*|72UH&&Xb<%IU6}s&KaZ0rN5LCtN1u8D|3EiS!PQ|ic0iBeQ1pp64jt&@
z=;nF{edO*(zkuXe6HY}1^h;@bbT8b3?eIlRx!I1BaI;i-HLTHabhFJtH`!Zg$bUdX
zn)9{rnNSy<S!49H^hTe2S4Zze2l5~~!R6>c-^Uhs=rzv2o2k_6p+Y0HLjUMB(aGqV
z%|{zrh6Qj3+QAp-+W!&Di@gydQw^PYFHD~vH1w;{rP}=l=id&0qrgbySR0O4do&{B
z&?nsztbuFLNPLCvmBhO6sBMi#DuvE$DcbH4^faACm$bn8&`uq6FAPb=#0+$#Z=xeR
zi9XQ^y%|Q_0BxWr`q?lR9moVU5>LeIE6_c(1D)yjnEs-%A=nsg|7!FHnA8I#yy4a8
zUUW%Lplh0aV~9jKbS4APH6I)E)1ptK9lnMRXfJyIVYIzJ(PLidt+099Arnd^t|8$}
z??*@W0{Vp7iLPzow?o5q&^5jgU7G7+`C{}myp2ZWC>o*M?}Q&(i=j)CME5}V=mf0n
z`G0|g$7~lm!oSf5YitT3>W?;jC%R@&qXYgBo#6@e7-riXB3T=g<S#^@bl0M%=25i%
zMs%Y4F#X^Eoh9Mg7Tyv@+5mmV4~zNf=-yb3ZmRFmC)qjld60c;I31<YC8~>lOm{&$
z?1!G3YtepYq7zw$DcAlB5<byRqa!W-Zm<KUHw#+t0rUa042{SEOyb{YM9OXp9koUy
zc?tT!nSl;uQ}lCmAir+o{ClkOZx1)LKzHj^XoV-x&9fHWbbHZVdkozRh2IMuHpL|Q
zL1@S)paXgijpP=z{;%jBD7+&qS;rlza2~Irz=j_|XSNZo_%%9!eD8+=R7E4w0gc#|
z=&qlMZps(Xy>k$aSoWQvekHX1Zs>$>KsV)+DH2H%ThSSQhjx(oAk3^1TCr2iUx#kC
zS?B;>MML{JCh=GFNm+1L*b9}>C2fUGab(Otf$pi)J0$Gz5A?Vd-yIrkfZli^Ch-O|
zgb$(hUPU|Jjn4S{Xn_yI%v)fR@<C|530NK<MC-2(*HeivNw_=zMrT%LPn<DY@jCRz
zN6|g8F6KW)m*y<G1O@koU0ny=10&G;W}??$LL;^Vo!ALX|M!1|KMEb!#YS8hh(=^4
z+R!R=fCn&%f1xuf{c)(*2;FRh(Fxp!F6Gm)d>uN_&(Hz=itd3zpU@7^pF|rHhISy@
z(L}Vu<7k6h(FT8xX4@A!ERUAALmM83+3_ySjZ>o!p^<wEebBv$h45!gS@Apx8_K;u
zgs=))aS%GNX?PJXM>o;`&`nwA(-6`@=s@qpBrZm;Z;c*DH(Sxq!jfKy=5PLt^Ka;u
zQsA0wN7v{$8nS|)hhtL{z1|Ov%tW-_b7;pqV*VHO*cJIAOr!yJB0ma^&{FgmzK=%a
zH~-AX%~9Y$Xs8ytw*Am2-L;q>pF*E#FQFZO5zEh`6UhH%*ei9g5BZ_k5?{n@_#?K)
zljz>6eK7RfCq*I)1=pb?9FMth9vXpX&{MD$9oS*C-k*2@mi{W7^E&97c1D+O2-@y+
z^#0lCXUAH!{oR<v)aN7|(VyrZDEoB?O>=a_gV0m(2>NK=gg(>%KtDuk9tt0`!_g0)
zE711tj4ni<q+8K7{~et`)o;>EkxFzY;jX_C9pOXhOkP0O@=dhC&(N8jLuX#=a9GPW
z=q9}q-3!yv&G$08RG*`f`zKoTNZ3nt(sKU#lW0zb+p!tGir#n}9cjUD!;jaE&<<`w
zkJ%Gwy+vq<x1&q;EBXy6*LPtcrO?Q9LL)H@-F!1J{r7)MN%$$X8*Shmy6K91A0kj0
zop}dz0OQe3`#2hz*U(6PjxN#v&>2_%AuMToG@`@N$lQRo_c*4KBzBPShM!`EOh1M-
zuZc!r5V|)eqBqV%kKtBy$xfnQM6w<Y_m#wa<h!5)9e_saMsx!6V}9dN&cADam;%pb
zrk{c}FiE~IcEg*{<F^5A;3(QbfuF<LmqRDeAvzSD>3B3UPofi9i*4`=%#0<DrNWJ6
zj)f66Mn^mpZSYp~IWRk3e+ON|@6Z7iKAtK43q{)FJo0-m2VQX^EY0<pBtI7&z#4P{
z`_KuWOOY@%l}?6T*&VGo4t=mZghuFPbkpoX2XF!%SeakKv%VMF&M>s$$(Y2Y=$_bt
z9^-T9X07&X7+|U|2|KtI-GuYe5pInYenua?`F{)NzA^euXDoW27oqp>M~~tE&;gYA
zJ#IeqNjMyRUOa}@+kv#3N*p8MrYiVH7-<J|x88zAVmi9{R$vR<h7Ks>RJdLhUF+`X
z49BC#_-VAGPtiT_C;IVT?0;ctdtiCL|BohNi0(t5Z0pbv{enILOP&q`8jPOfvDgFe
z#jdyq-K53Ogg-;N9Nk0Dp^<qf<_}@|c%$E-iku~q^q;6p!nM63dM`TSXVICzg*Nm#
zx+l(}518VAh5=Pa8*YczAA;7uIhM~ukLgS3^I}W9{sX2AQTD&W+SfosI~ZM(N!S!u
zq7nKYomq)<A+(Lrfew!OThP7p7`oPPqnq^?H1y^E4g>3tZr+>!=KR~y^Asd;Kf0Eu
zW5wh@VZ`mw%{dzL;#_pb3(;e`4&5_*(MW!WE>-69;oERYG;+1kNc6y*IP!cdglsGY
zHaHDkn}uj7*Q24{heqmqw1b>HK8!?FOkziLbB>PX&!A7lH__9u2i;R=VtIv(%;~S`
zO;aSSa3R{@cys`>(T<nK>+8@Ne1ksu5}85+`OybX1vGLs(WUB-=?S5yXd&9(X0+bN
zn8egM5_VW7bLK=QY>LjX1!l#;=of}d(GZV8Lw*<9&?D%B=PmTUBiITvvV`{9pi9>t
zjo>(R&&)+OX)3XbgdZj!#tMIi3yCsWGbh}wt<g<+IXaVRXe5@QyZk-0gCEfW7R?qq
zsDU2muIMJ7gl^8)qX)67=RZsKur{^O&<;c!x&rg#M6{#n=o&9W2l6dC<7_#?T315%
zOmlRA{n3Hngjw)$G}2F_?XSi3|Nq|)NEqU8&^>SrJsvr7h6Y-o1Go$g^<;FZmY_3Q
zitgqQ(M|R_I)Kc%LS!nSPsZNp{dZy#pT+dg|C>p)rr>MzIF`vBDqM`N@%8A;A4Nm?
z5&9XBD^F;+9eS+Bq7k?UbK_H(2bZDuy^ap}M6^iW%&Bw-t@4H$UV-k~sc2}QM%Qoy
zI`ZGqU0gh0*o4*5h_y%SU4m||dDsSDLHE!vXhaI<&z%0N+J@+!nUp^jLjNKKhWHJ1
zcYlgDd@|;97YH+}h|aW4v_HD5uR$A}g|7LVXougR-xCrSggsLmja)A@5>rz#@gmyc
z$7sk;qMN07!OZDLXaj6W{&MuRJc3u^J2)1r7K$@RAGxofoAeMGxlDyKr@u8<MV}AN
z(LIzJOTrM1LpyvJjl@gn40fSQatv)SYmxBasfw<33-mcL0JGpQ^b}o&-Ekat!FA{+
zPZSLi&W%JSm8eL<XLWD1!>gkAVL|ds&?Q-mcDM(V_%piZd5VSO*Ab22U~~dEV?CUQ
zo~C!viJp#@D(>b@@vq%TxJK7TA450ayXaCJL623Q5+QU=&^<5)9Z(9b{{(t^)}j;n
z5p6en$*^RN(9n-SmuRke`cG_%1%IF)8Wl^02AZLvAB3*?4VWFDL_1uJ9<xp8X4-{G
z`~y7&MM{SVG(eYj6k6{twB6@0{ons=B;gb3OLQrILDxEanK0Ap=<aTdhW0vim(N0%
zXiY5NhTi`@8i~I#FV-#_Ce$)I6g@Q)%Vy^P{~L(~6u364(2;(OK6;O%=lySV_vb4Y
zI_`i*<m#Az7=6O6i{;;;OH?2kW?BW^8*S11hM@zvFPRE!yo>@P@DV!G@3A=+E+0Og
zdt#FOt>|Wa6y5c!&`tOnw!mX(J5?)$wQq@T!mH7UJdQ?a2fEaUQY73Ar_e`arHWyM
z!_o3-X!+~d5>KEF)~FPA^)R%27CNvUXvDrjm*_Y2I2NxQHgQ!nl6}yDr>2r{<Qvc%
zPopEtQ6-$$GUyUji?&1~(-Yn0_oGj=7tqKZM8DAFu9`Xhov$Gp>Z{ScGZT}z0*O>A
z@c{{MJcKzgU$wAy#n4?|8<Thu+R<3_iM9wme%sN|9!589!Rq0@Mrggh=zwlRBliq8
z!#$Y(^Z%SR!f~mKZjv78xxE^*;Uj2A3$P=;fo`I|&|_4kW~kp5?O-hW+;|F|&^B}_
zK17e@DRgNI)?(tG|Mnzoa2!5}PoNFdtQ}_7AG?yDf;RX8`XJdCuji-}I%tMIYA;1k
z(-O499cW~}kNF&R!$d1%%8|4u;jX*^y<r-<X3wEZvmFibDKs*b>xC~IebIWu(I;dI
z-4n~uh`onNJc1tUEcL^Zltm}du|DVDXY;KTxJFCS8SX&`@;N$_|3ynS2s3Gec6=E+
zz<be-UqLtX9&C@f8-^#|#pvF-8NF{gUVytAa{hCY_?iND`BC&3ox|){xKY?lrO^nr
zKxfhi-CWnA4L%t2YtR9IhDkh!o~AO5!(M5C*1rhd+}Ec_c*6tev-xGTgHO=`{fbu1
z(j*+G3Ya862)#Z5tv?gpLrZV~?m;J3rD+&IJ#=E7(M@{^dVlKHcwsskx@XZ-@FjX)
z&qRwi3o~vOy##IG9&`yG!6LXFU5bO~^W+>lvAoSg$Boc|UX1jUN=zW(4fD_tufg*8
zKDxHY&>5C&5q5ba%tL-Cx<pr@r(+yCvp3Lz?ZG4-L7#Y8T82H=42{HPnEvm7Cy;P=
zKZBlz57FcI54s7fwh9C3gzo<F=zyL<2fhxS>1Sxfj-nmpY#l;h9vx5<%!J)BGxosF
zp8wt?n&N!)0kS*h&qtfK3EyVNp`lzE-G`o<bLeia)HdvuCg=eBqY=3t9ndsP;xp)R
zeFsy9<|h(v!m{l`h&!M&zZ&geYV;-a#(n6=?RoS=q-Oij;Ydu9zY{(GPobw|Z7e^C
zM(7{3-Lf4x|IJBs=@14mIr<#>$b1hC@d@<Cyd6V>wb6WEbm_*U4KBjr_&#>Us+~gU
z$6+q=_h4t7g+}`0PN~pAmd@dLRYV&cjGoi`(SfXp?nP&G8rx#&E@8&Q(E;3r?x7{<
zUik!F+KjGYPc=u|8;Q1ae~QEq5-(vV%-$`GxCa`-5op7=qiebd-2)rY$Q+5~nYxE1
zD~%qn=IDK+(T*NKkLN4sUf7PFw$#@ok|h3zK4^+v7(&|^9l!vz;tl8krp5fT=#y<N
z+Tbqa^E~lg^ennp@?I3`HAVMS4|G6dkVvHxvq{*&Ml|G~U<W*np8pm-!i=s)L;Eng
zt2bi?Uh4-&e7)}Z;`K;&{>w-%X3E0X_E_d}JVMz{uC*b3AJ^{Z&!5u&J=P^0$fCUe
z%F0Z*;Xu4;36&c0ZkdhGYi`_*A90O8UrM}7{r%*h#G2&i#d{jz%amWi``_0E4u*0+
zgyz%E)Og|66r=wiojyz_8QkyyzK-|D3WI1oKj{^eKgNx|hT$yAeRU(9oBKQQ{`WPL
z&T_`V<f7hB@jkB)pubBg8&27C)JZLf6>p={-*|7Mqk&v(OC!Dp{paQ#lx^YWZ@8xt
z4c$O~cD(-><p&wW)7(=%-g^+|Q0}V}_50HPzpv8NeLD;5{|*)IqSOA~%zGmpUe1m0
z({Sf_!!xnLC%Epb7xz@+{VCUraqUX(X+ayUxo2Fwr!r-4{ink>!>x&{sNacerPBjv
z{U3-kxSPti(Ls`iOEB8AH24f<^|_%sHw>bzD%Y2By=)xNcJkj+XFqLZq5f@L+ZeAM
z<yuMZna;Idyg#IT9QjMAR}r^xy>yDqyCi&!)+c>Q985bJeV@ka#r#RGpP+0mb^m=G
zC$W%$<>t+Y<p1+(O>P2peVAp(r|5hY_xn0bKgCGDNZYCRD40OOFe=^5dp#HO(%@1q
z-a)!14HKk9Z5lX)ACoW5^*+=sPI_saEteAa(vGiJx$pUyo`d`vsl-dP*U&-430ZGy
z7XH2Jw%CA?=tX)s6^0WYUp_!y=DmUUYRZ?;@qb@MV<-E#uQL}Wa(xBq-?Kmb(4&PM
z_Be+51D?hfyf2QuHRH~?)P4zH<$6iV-{gHAJ@dC&iN|8gTuS7pY#8sis6WzsXy+}i
z?`E35t|1ItxOV{e9p(DJuhgj6*%<83P5*F1Rx0^gOx{`M;)Yvk>=5~XUjr!XNWLib
zSCGDf4rcH!LOZ=F<9EI#M#TD)xpxWqQ<#$m?u_lP;dgue+g{rHY3LM<ET-ad-o9q>
z{*m(eG|I2aN?b^~7U`=f-$O$qc-Nw%rQBDQ_b~Dsuo|xC{T%gu&E;K^bTzJhg%!A#
z-Znj9cpT{tE?(r6c|A;e0PoA`><8TCfT(wAtZSVN(oMPkB#pI>9o<a5H_89XJ-!C>
zUP*dnoRDQbV%?tZC|`q^*;nZiaoFRHme*l0%c%1k@AlNGK)yfa2dQ&_j;qqpD$={T
zHjR8a((`%qvq54ud0zz?<h{Jd#!in>{(elSZYHrJ)Jxn*rG?!1JOlZdN{cCfgN6^{
z*OU#R^C_fD$A;r=iE`vW;rcWNxtja^uKgDI-B^*luRh%SKJEWVKE*Y@&LwvJyZ%F|
zP>u?|j&PwB4JE1U>pm(!McH3;a?p;+w`5Q=Fgx#cyw5U;c9i|heY4`symtxrjpUxg
z_*yJqLj6Lq?O)x0bGa!y75;rS_&0%VsJMU|v&9=mb8}|iPf|96cQXdPn0xbaJqNbr
zn%_WtO=Cd5ic_|o^n27PggqJ1HQ3$Bxc^6);KlE2OEe}uE@Tsf{_Qm8JCHw2x-=cV
z9S2;A`iHo$E#>?*ZTiJ8DNMf(GO_is-VpA6ES5Lt>a&zrr+(^A3d=H!9yGL`^kQZ;
zl?$)M8~5Q_8X6b}Q;~Wf)4(|D?x3!(zo@@}dXI9gLtMt2xb~12srPssnAz^U`%!1U
z8RuU$-tZNjbfb|%yywIl?!ao4w~L)WPI?sSKA7ZM9`3D1E6aJmLP!6;7L$I2!T7qD
z_jcO!wUc|s#{SyU#=>mG|J~TxIvW0oo3inKfwJLL`0uMW*H`hrj`!8P$5JO#Y^(%z
z%g1*1(D|fz@2}XDNR)|#xhnc^yIJ{epBPW2N!<K>4Cnh)>JS^SVmI;=xZak|R$>P7
z$0~^h)cKhFat5=2PCp~vjP$>+BiwfpZQc>f?x#*Z?kU6jQQl){BlR*jE&TV6XdyZ%
z&3h_09H62<toxclnxAsguTg=-2FkL~hOd=$)B{`5=}O-9c=K2DiAQN?KJVV7AE4~t
zSEaE3X*8BRLIXvqIERrR=KTQq?&P~OnBsJ_fU>>};57OwOoQzx_f?O2n<>8xef16`
zx{yChdOU5Fjf3}6F$OY)pY0Mq$BMNn$Qv8B=uzHfX?!*}^^2qK%Rqd!q5M9|c4CEi
ztvl&uT<bwc5716s%K3Gg>DS2rbi9*vW9nAo+G*GSlGuPXXHhtUn?Iz&i@aOXVLxV>
zpL$tIZ>3I4>Nkl4$xC^o{|wsXfY|9n4CLg0+HOYrF|N<SQQXgOIZULQ#)h)dNnr{`
zbJHiZaw8Ro&^Z5>cq(=<iEI8T0e^UqI7`_W2H2YSe(qaKqZd(jJ9T^wB7K1LQR+4$
z{WoSI|8gAAO77#8N+c=xk_*jgq&(@_qzmxg$AE65Mpx3l{^5q3Y2*T2gq`sv?&-~Y
zW~^hqTWQ0e)n;>j9_1gA?-?g~lKeo*U!lxbZhy9Vg~U}96roXmb7lHRQ!h@T@<s-6
zk{hbiz%leyBzE=)*L+PR|1{Tr;eKEIIGxx@JDYhA<=SdyUz|6;Rx|Mg*Po$oF7B;}
z^;1;1mK&yXaWC%+V<$GWgY+hD+(@0zxVFy1_<9hlay<v{S9l+xPC@+d>lMm;ZKbnM
zd2c4qzn)6equ%Fnu&HY(m>er!LuXrv#BM5lLx(j<-xb<OTuyp9WuNf&H4pva-dB6B
z{SlIh`)TXb*!VBBSBh&lk?+s@V%~X)<Ph5bg7;8=w#r4p9x`j<O(SqDjjf3d$~}~I
zqRzjsyBYLN+?SoQC%ATfyil3)1Eecc{t%ttLi!ips~Btn%4+a#$beeKNqm@<_2=Jl
zB;KLYT@-fVCST3*X3Fc}OWfe=N#4_W_oD3WSkLm>H2UvrB!l{a`n@PyO?%5}<G-(k
zvF>8-UrN1d{%n1KL<tI>{ZFHJ#U=6P=`k|b#>S>`?NZA5CpPKVr`&%T?c}2ILcCA#
zc3=6rC)T-*>sOHOi2QkP;#@3Gy~@r1|LfIwaVi5UNn>Tm4~T=~&ukNAN$2N2{}{^`
zzfw0b5@)1yeEa2|Tj<Ewl-Smpcz-{9BV0<n<M+Q`X=q%WVLQ@ONpIt(XGnifLzmJ}
zA=0mL<1Nf;U|hSGNgw6<zptNT2j&}atr7PO<=#8UU(1_+^Ob(_uVd1$_FU`e^S=s}
zH__=78sPUdC+3qs$jzszwx0A;bh07dR3O}&{@-ij4F8FPf1J`Gyr2HhKw5LZuU@?S
zQ+_k=%9K^2y<L=b^!xw2|Cz-YI_8(mrvC-N6S31rxXwR=O7x>6ewTOp59?l~kq>BW
zC3*hz+Fvx8esv}NB;~)vjxGF$I^S`<D&^UE{}8Xurab4l*!i^dPovZ6{=cuQXzl>-
zvAlhqkDA^}-9|L^EN^~SdHS^$Ux>}0!n>*8hkCQQx;mB*#+&H%NVp}j9Y3^P{-ifu
z)QiC0PlZK{wHV{h`JX|ZjvZOCC=Jb`P6pRolFp!!z1&wN*1wAM_0(@do%}IA@5lQm
z+aa&_s9TcsF|M!m)8IjFx`@X3hjodpxQz;*;MbHtPeTcOHg-^#@_%3FDL>Bj$`pLZ
z^)I>qk67<3Iv7E^4ED#o)VYU&IHuj?Cs5vocYEjm0vFDquiGi?ORZ06JP+yR=<6rS
z_L4tOho>ofn)KV;mzjJP8q7_4W~^JAy01`vEZmy-hPuA;aQ$7%cTxWm^1t&=_2gn_
z3TDtiH!A$b3@>ImekIR82~1>)H`~DFybZuW8u^aIA>8K$UW0g#r|xr<ucDpHc|SoL
zzLM1Q)tda*Tz`Xh`*OVq|I#n9iVKstFpWX1!zB4V@rL)vH{ksn*CtY4jQ3+)yF4Dm
z2f5}eU#xHX5OsZBPDiIGzY=|&;k}TKb8*ib)R{;A^|=2MuTeOf%Gbw+KW22la%1l}
z`}|!0B{n=b*0IsYxxR;Y39eP){<g7>*FNW6@IM2~$F)PW%U@k3%3=By_J2s1qLXh)
z)}!NFu?rnlq4LAwa{7O3a^qKVM$M@I?<+s$_r%ObI{kn;TW~Qm_LUd&$NS3D=3AjS
zk-CIN>Qa!C1`bl`J<`5vG1?_G@D1;Yyn8U1_2E+bf3tD@PwrXA+t-6MUXMColdeLW
zjnbuTRN9=+do=C-L>d2lJ^eZ!<X_rQd3fwJ-jnzrjn<*U2NXQZ^-JljCFvuS=ODeD
z`n%$6`f&Yr-dAva1?8W`M%FOsHq^bIx32=^o5aq|KSetI|7p7>H(y7kZ1@o!Ea2kL
zv2iQDNV<rL_$ooY`$+#n1KnbSlWDv-<^R4qQ2qpEH^jZtnSnK@?V)&__XPUe#`Ro&
zYH#8~mpIC|Xk;%p@2C7u$}XaENAhFIza8t?$tdo*l6OtY|9$=7AYzCA#PS{7dl~h7
zwV>@Hq+g@#|H?b__$aHZkLTVe36QWa1_*&C36V7ki$S2MAggSGpf3mrLo!JQl9@0w
z0fI}SxLXy8as^bxQb47xHOke3iiitT0TmS}6+~Qsinb^si@e`Ea|dFp?c3LWKJOpz
z`FsxN+;e_sx%bZV%n6{xDDwGRg|QxiA5&m}4Gf|mumyYC1e<8)Hn_hnve@o;r}dkp
zpWu&?w7F)}SOYL~kvnkCqJa}pP-WcbHn<;#GTYf&0<Q-Ai&}|Gtv<0<_kC;ulWQ@}
z*0aS+iET`i%fKGNS7{r~1pldx=^DwC$?w+T+(PnMc2|ic;jae7y+mLZa%Oe<J<Tew
zL#szxLo<;#6Y(Xo1lbs$p>iu%qp!d|gc28%^|#;(kk?^9j{SV(yR`c`@-g`L;0jpp
zi?oCRYDF&os5j31xcH%&nii0x6Tyb=WDg5j{|3D!{D3X|Hnz?b+ED9U4BpU3#PWB-
z<1VF8CfpR<JH+{kF?22dT^z;rVBWI%TriCzXUFH{-Y70E#WwK{>l>{e59nKx)}{;b
zHMfmyxAM5f+(6Nr&>yU|V-veDQY@Nf82VV-+%L`Nv?<`e$lH*EaAc5l8ge7u&PVRC
zU3-wpbp8SUr)c6*o1}L%Z`>Z_=eD8Uwt*I4zOnv;*7g*6UP7;nud;$fdoeU1u#nDN
zyYu^T##3woz?b3o*wy{`M%bP7uuXLZV`wt?o!C|(V-zCitKdgryA|I9*3pq%t<lF)
zKW-CASHsHy=TpcbV3RHKD7Hhk&`~gt!G=C0;Vk$ddXSi@$OMwUhMb3-j;%XvC>NZe
z3Ua2S7u)p&aAjs{o=<^UB)-WeUuvZZ8VV>zE!gP+u!As+BiYyJb+En4`jo|Gvrfhy
z!ZwrUV>AU_niz_&MFx>`kVWRFrV2XU2Dc<h2OCkJfKt1I=C<RPZNj6-W8g;N{{-Jn
ztmm6}q!->#o(VSgJDOQxbKYt5nB_6-hAN+p%D7$Z`b&a7WL=1Sz1ArhNOKxBG?=bW
z+e8mj=rH^>MGbWz?jx(W$DRuAB3mem;96Ll)LG<PY3~065*lhwfT7<5xQ0ZlNyLAw
z5}~h%7!R&9JOj&0TVxUiX4*!duuYkO{_r?3Io3DC%4XP0$?+R%^o!uR|C=!cDAXEm
zgFYTv2r%6iL5=(snDc0G68=7P{xr6p;0z72JN#R88F#=Idx!Y<&<A2~h2F>Fr((Ox
zVk2|f2D|f#B<~Dp3I&QSco>0e==30b8r-$;3~aZ+_fvQ?iC%z*5^Jb8al?qurHF(4
z1NZ{;kC1QLoCfzc@rKO%CqiQY7#dj%bQOBf$T5-328<wCK80r>4VA%<P&^at9oT|q
z6Zm_OZ?TQtV6j&sXJP*a>?-13j{T{LNpu52hQf3`9KagZcaUHJJc70PD=>bGF}SJV
z3=OB?4w5bhvmMzTe%GEx&nP5rIL-go>VLGdki40({cpk88PHa^FNyz)PM5>|NqQp*
zzain@C|+!XjraoWJTNQp)qqL0zGCzk{TK0?I4`(l3YHOL=xgjD)1*27zhFGXqCdd8
zI9|r~4N0E2yH&`mU}+OSjcft0g6DzFAo(Qx>&O!#{uG5?vxRWSRe?KzJ%x>ZL7jV8
zpTvGWvhrdahIX+iB#B_Xk%a3=GKK&LTNCsc4aGkT+mqPx@Q(vK3Z6~k-LMZ^Ivj_8
z9AX3bt?&ove&ld`m($#1=ul<cNBmkw@uRlLRVEn9weov>_YyFYBFB;M<GTy&!{}dQ
zyOE;3U_*0AIuzgc(PdmZ{%x!)$#EaLp<TqKTKz8b{vSY4TX<o#qqzG48=6Z4>(N`2
zU^78Q_#2@QwT&4}HHG_H{8BK6Mshlau4H|_Eo9a`h|9rt0M1~YhWyw}aMzJE0l60N
ztr$<kpRw*qzzLG&QTROcD+sy-{RMD;!hbQm0RP3r8yXMhb(%TGI?OtiJXf%8hnx+2
z(Z_<XMqh?J#yax+-)<AsNAAXGXedRNQlJ^OJiv)0A58HWC1GC)HWk}y^qJ^)kT{K)
z3*l0LO^7*wZs>7jU$D#2ec&ze{-@9$oIMGyf%DLNA>V}!9kdB5NTzIa6Opd9pR~3p
zn%}S{F2fesj<GZTj$rHBd<HiHt`mui?BAI9(UDy~2Iy`Y>H!-XM90ms9|3$G`WgI!
zWD8iojlUQ28r#TmaPPxYS-%4x1|OqaEoK7#H_1K3I#yKD>8<bu7BG#VTpKtLTN4X>
zhCoBl(ZFta4E*=B(%@;Rv)z5nKicLtYus@+5}SuIhDIu<;~dP<?y^DiaXd)_@6<{%
z5B+u;*lL?tPfR(u@%EHrg<e5vhi@;wE0FggbC8APzuv}rS?{tN+z|N}AqaYd0+(5U
zNp^$|gUE{rH1rIGim-hNW(`SW^epy~B)r}>8?e4EcKs=G4>kd=oT7ukzEG=9<nuq!
z27M0LK~Dj&&Vn?y?zV|;=<V>Alk6_!64*h11Zn63a07@_c6SXaRt{(5J3;Ja*e4(d
z+pD|L1ey7-A^b~#eF>gJvMT_*iT<DkUQJ*>o3uL#-UK^`!adLrf$0R_4R5p<lXnw7
zLl2VYcjR0Ie!tE474g^LZ_m1NC4eR<Zv)zlaS}m35;eqbXbQH=@tp!Q1m4NIE(sde
zD)u#NL(M5-Xb*A#+z<R{a5odb8~X`lJJydOU&41$?Ear4=~|38M8ePg@;Klul0T0>
z(Iz+E^Re&7b_m<2tnZ`Q(Zn0N+RE=J@ILy5U@t?C!dC<SZq`10`yw0U`M=I4K8@Us
z(F4Fx75r;}&%*WKz7)KdX8abPz&aKD<M=LtpTV~nSxvD|$uW%hGq#!g@O5K73mKz5
z#E+^ZAV&8QbTxqG7`l>pHe3Rz274I$XB6InEk;XNH?`}H7_UWt1zRidorsfgHk?cB
zChF9una9u#onXBluDle(VFGh-K4H5ZjpH?J1r|JygmcmFLXHB{8vk(oe<gVm$$aoN
z6!v2u3uZ08^Z8K6C=Yv#_S>AnsJ}Aq69PLC5Tj`nD7EV|81rpYN3CrjMeCE~Io4?;
zc?vxPeiK{{wjMN)K+YId;j6}Gs2E+@X3`^;TJQg^I1N2ba6F0HBc~zXAb38$S1E8h
z3W;lLlU$2^6&OROtTg&U^y|QMz<&u1H!%$mA42bFW79BcbN_Qu-m}JJiZ%xP8-S17
zoyVh3xBhk3){YoMf5c}f)gJeLVoNAmT&tNB8~eD$*27;1o<Xk4=LmiorGkK7_SllK
z)g|GD1a3p`V~e&$4rN^i?okrlVC|n^i_tV<zOZ&<>tY*=`Lk%^FZj(DU%$G{A60bx
zFy7aZZ`cO50jLHr$*w!1AF(@n-`Z}mMb_gxNi!MvbI3E1wV_|bW$2$`UxQvuBO8e+
z$M!t(50O0F|0@(Wv=ie_x;JzZX8@j!uQ_Wk!7t*|*jAA6J(9cy-vk?)OasHwi}9z~
z#u{K-12@Efl9;CGh9-bHg1#4?X6~^G&WA|;B)pd-r*JeTNmqb+Swq=cRxezCP`%zn
zUS6I3V&Cc&FLqZGo5{A-lV56~7BrKYHIrZJC~6jOI3!vn#ksEAF{_}HJ80Yhw`0gx
z<aY!9l8R2%k8W(G+NQ|VIv#(4J9ywgH7Z5ADv%<ls_iMVlRB9qTeUkEeg)wMX=KL&
zZ=t8WB-}}7x0KCf_1;%Is*=_+yE^@~c4~cV`E*V4>xDvp+(u3iH9IzMjaNf5Wm|Qi
zy=+?T-`=|VuI+7fex|GzDY;o8*Xz#@R+NRk1#V#=*w@X-3T3FAEZH*NX!^b^`Lt8>
z)Q(3)P4WBf<7=MWU67!9<;ngvmHXTl`kmo&lBhZF+cWWc*;skRdG>1YiB!LLM25QC
z5$~zh@uGpMju(BVj$`ZIV26<FDJTefLm{_AR;Ytp5b%ave<19Zdcyg|?x4}*=qDVk
zNQxUB2z&dw<BPrS^b(JMCUHS;1X<<@hTTA+8^%@U35CjvgPxFAZHgDSB)cKsJa0}C
zXYMLbg6NdumX&z%y7|T4{Fx>s;&avV1d-L$6OQ1csXZknfjRoi1aY@Wzsei*75X?4
zb6-Db+86Cxh3kmYE;s{0pTEcrl!bi(znhVr&5^kU<z6=&aEnR;(>*0_e!ySoD^gvj
z$Z=}T6gjw+Yi}<WRp=}6Mh-)LHbwfitS71yRI5f}Su#i94lr$b3-p>s;*?A(@J8;6
zVydjUXsgc@$)!?X(n2(GI+g}zQ<p=@FAoMeL^t0PEQow&eEyJ^Gc&$`->cfCh*bT2
zsjTOy@>FrB+M6ossT*d=GJRVc@n=V$DwlUA>P8*J#CW~8i)bsg$Pv#bsmAxpc>P6h
zvCYwc?I)T^{m3OEFJ3ntBy#JkyI0Cv^!Tx2ZnFM-vgn-Htf;)yG-2-6JGac6&j(C5
z$``AJa=oI3K2snT3H6H?<Ptr)NE}I4owvw_s_hmzM5X>tHr5}8L@%Mcl#3=p4SGv9
zRx@Xdfz`SD>Z`A2i+-(2&9jh^m6O+v1LsmarPF;y<$>~$I`o#@P~Cc8y4to?UQo|m
z3wMzfQdQez8#R2JbUTH8{&I6`vm>{h?}^-<$6qnWQxUtn=!L3}w#gRi`?+GInp+`y
zsYkcVYCU<LD0Z4g&UTJ3T<ng^9o?7wNox5HnWw+JUZltODDlqrgrk=c4wi=^A6N5H
z@`TIz=(~})*`5+#fjefz0Jp#s_Neq-az{dW_H<uZ9luF<^)2&7y#%%DcF|J5d%Jik
z$tm-d>Gjp(aH4u~iP)q5v{YQAa~=|#WDk=g=*<ss+aWKt{I18H>8)_*6np(R!a<*R
zw%ISXP+W0<&#WrjE7Ek*GO;|~E%A9m<|FCz`^-Va`TWt&Ji+J<>gB%@iK69Mdw!s_
z_TlSAE5urv><xSPq(?kz@%J(>Eqa1yqhe1;^v2YJRYIvHXXI4<$Z8QURGx5Ft6QHC
z4RzHMqE~`G@H<ge$KheBZo4l{Ez;tdM&61!W{2TGz%2>*i}bMPM0cTo`MemOpuc@l
zOc5%uK`cx0g+gYpvF`cjB_am(_^)_e8oVsFiL7!S1b^6PFW#IKFFrREDmF)FF4o+q
z`fj6GsFuGX?om~3oRMntCb2YokS|#3FABQZZYa!K$P_Yfv7|VEzzvrB{l-vKR+Q~2
zqJS=ZRXpHSdV|pq7&Y>FqwrxY^!Q3*AGC6RVR;E}fD&AsUm3UI&-aq7#2ZSA`{Ajb
zds#*wD4y-J`}_xN?3sv<JQUx)Av{WN7B@GGzNyZ>b0S;qy+w4?_hvY=L?dr7a$p>U
zHyGrD@_nZBD_!`e=<Vp5ZQ_uV5Haf)-WBs5?fpPpCe*m@PCI>ar^s~FrF(>{uHPeS
z)c8M((|Xp2qDttDeWI_>RUZjo9o6KZ7^ojPD6)ipbfELJ&`bX!t`s`?h~OW?h&(Dh
zI^Gh#BWCc}M2~C8l_N*Sj_ce*<MS5=lHz_MWc1*x244}2neK@`X0eD0b4y$U`FTBu
z0{Js}XbOXY`lV;@kn5lQmFTOck93;5p6R@w!F%U=^UHav%YuQTpr<r)^O56w=qoX{
zZO}^@@7%CA=qGCo!_!_C;O(pb{FN9dTEt$2ZfWi3CHrsUME%+p-S((Rag^tnSgOt(
z6B}E5BVR<d-yX5|hF(9$=`7U8$N3*Z(RKfE&X>C5Nzp&yfkpB*)mzB()jdM)6l2sF
zN4C@}rOXg|V7#0n)gKe(2z5~%`L%wauFQ58d7UTKruwpjYTH0gjPH@tvyYnBKn`rs
zBfDFl>~1~W?icjU>!Y_ckO!RFvrik9+)TF83_!Pv>ctyUb+Z=o-T#BZM>F`ek!I)_
zp7>Mqj>uJWvY3Q=WJy;)kR>N1R2RSBSf_N6!{YT#xw0xjGul)|#+n(4W}?}f_+!IN
z<v$EF`>P(z3hl32eC`?jxdTm3tqG{Ce0qs5pHG#q)Dx_5XR3Yi!uPX>9mTM-O`V=3
zw`Tp*fhV>%GxW4qpG}sda{qqv*<baLnSJ(GJsf-Leq#Db`_btqRzWiX)l2+0hM)Bb
z|J$*rn`%BwUh~7*XM@mx2+4G5CZNMf(b-2a`>fRG-z<M|ZUAa1^~weE3!xZ;uGK@U
z<r)#4g%q>U_xj8d=}V3bM2dmvLp^1++>&IbqSjJRc~*9f|EbyN4xt*YlbMkLNiiVx
z)@#?v=|VFlJy-vKG9cxsd)|_sw8-}}R}%TMHFpyGGBDo-ngOYm`1ylTXH_~@)>kPN
zqOm%*O?HWlNSYBTIsQkcBh7R)<3BYRaok<^NRM-NJmT9a>0_zt#D=77p^qPyTN7%H
zN@I`8?LTW&;yWz#tqeK;a$r&nOlj)76Y`5TXUCt|&{XSE6ob<p`kGU6@IOvZ4SzU2
zslT3(X==$TQK`z#$flaXDIhd6Q@2DjDP;=PyMfbCZ>sC~5+mONjhqy9W)4&RPft#Y
z$!WDd)5O^rulJwlc>cxsbl`-{P>fIS>9<=s^52@F9!+%?ni=Y7_a7ObVo&~0j8Nri
z&hr1r2vzIg&%L7m$rx1|U%&R_qnf5WrK)v?(_Fp2nb+Z%45ywtobDv6oD65!zd2rM
z#;c=0n5-0&)i_<$)fwsNow?2^p&74+L?^37dCt1XV5JzWM(g1hI{bumcDfpspeJAA
zbdzSr%2a<E;I!A5UFt9*GiW6{X2hB%RmWFllmE|iR+_3e!ujTh!`3$=oLonZxt#Hb
dVXK`=8{@3{7ZX>e<T29>TNft&yg94Se*-bkFJ}M%

diff --git a/po/en@quot.po b/po/en@quot.po
index c0dc34b..b24db9b 100644
--- a/po/en@quot.po
+++ b/po/en@quot.po
@@ -1,7 +1,7 @@
 # English translations for GNU gnupg package.
-# Copyright (C) 2022 Free Software Foundation, Inc.
+# Copyright (C) 2021 Free Software Foundation, Inc.
 # This file is distributed under the same license as the GNU gnupg package.
-# Automatically generated, 2022.
+# Automatically generated, 2021.
 #
 # All this catalog "translates" are quotation characters.
 # The msgids must be ASCII and therefore cannot contain real quotation
@@ -27,10 +27,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: GNU gnupg 2.2.39\n"
+"Project-Id-Version: GNU gnupg 2.3.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2021-04-07 19:24+0200\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
 "Language: en\n"
@@ -39,56 +39,56 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "failed to acquire the pinentry lock: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Cancel"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Yes"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_No"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Save in password manager"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Do you really want to make your passphrase visible on the screen?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Make passphrase visible"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Hide passphrase"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr "Suggest"
 
@@ -99,24 +99,13 @@ msgstr "Suggest"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr "pinentry.genpin.tooltip"
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "Note: The blanks are not part of the passphrase."
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "Passphrase Not Allowed"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Quality:"
 
@@ -126,11 +115,11 @@ msgstr "Quality:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -138,7 +127,7 @@ msgstr ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -146,82 +135,76 @@ msgstr ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Passphrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "does not match - try again"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (try %d of %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Repeat:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN too long"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Passphrase too long"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Invalid characters in PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN too short"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Bad PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Bad Passphrase"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr "Note: Request from the web browser."
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr "Note: Request from a remote site."
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "error getting serial number of card: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Please re-enter this passphrase"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
@@ -230,7 +213,7 @@ msgstr ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
@@ -238,55 +221,45 @@ msgstr ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh keys greater than %d bits are not supported\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "can't create '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "can't open '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "detected card with S/N: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "no authentication key for ssh on card: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "no suitable card key found: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "error getting list of cards: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -295,20 +268,20 @@ msgstr ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Allow"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Deny"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -317,91 +290,88 @@ msgstr ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "failed to create stream from socket: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Please insert the card with serial number"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Please remove the current card and insert the one with serial number"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Admin PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Reset Code"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Push ACK button on card/token."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Use the reader's pinpad for input."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Repeat this Reset Code"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Repeat this PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Repeat this PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Reset Code not correctly repeated; try again"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK not correctly repeated; try again"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN not correctly repeated; try again"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Please enter the PIN%s%s%s to unlock the card"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error creating temporary file: %s\n"
+
+#: agent/genkey.c:116
 #, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "error writing to pipe: %s\n"
+msgid "error writing to temporary file: %s\n"
+msgstr "error writing to temporary file: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Enter new passphrase"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Take this one anyway"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -410,18 +380,18 @@ msgstr ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Yes, protection is not needed"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "A passphrase should be at least %u character long."
 msgstr[1] "A passphrase should be at least %u characters long."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -431,223 +401,232 @@ msgstr[0] ""
 msgstr[1] ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "A passphrase may not be a known term or match%%0Acertain pattern."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Warning: You have entered an insecure passphrase."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Take this one anyway"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Please enter the passphrase to%0Aprotect your new key"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Please enter the new passphrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr "Options used for startup"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "run in daemon mode (background)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "run in server mode (foreground)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "run in supervised mode"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "do not detach from the console"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh-style command output"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh-style command output"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|read options from FILE"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Options controlling the diagnostic output"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "verbose"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "be somewhat more quiet"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|write server mode logs to FILE"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Options controlling the configuration"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "do not use the SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|use PGM as the SCdaemon program"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|use PGM as the tpm2daemon program"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|accept some commands via NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignore requests to change the TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignore requests to change the X display"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "enable ssh support"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|use ALGO to show ssh fingerprints"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "enable putty support"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Options controlling the security"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|expire cached PINs after N seconds"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|expire SSH keys after N seconds"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|set maximum PIN cache lifetime to N seconds"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|set maximum SSH key lifetime to N seconds"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "do not use the PIN cache when signing"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "disallow the use of an external password cache"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "disallow clients to mark keys as “trusted”"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "allow presetting passphrase"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Options enforcing a passphrase policy"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "do not allow bypassing the passphrase policy"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|set minimal required length for new passphrases to N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|require at least N non-alpha characters for a new passphrase"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|check new passphrases against pattern in FILE"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|expire the passphrase after N days"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "do not allow the reuse of old passphrases"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr "Options controlling the PIN-Entry"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr "never use the PIN-entry"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "disallow caller to override the pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "let PIN-Entry grab keyboard and mouse"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|use PGM as the PIN-Entry program"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|set the Pinentry timeout to N seconds"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "allow passphrase to be prompted through Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Please report bugs to <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Usage: @GPG_AGENT@ [options] (-h for help)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -655,136 +634,131 @@ msgstr ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "invalid debug-level ‘%s’ given\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "selected digest algorithm is invalid\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "reading options from ‘%s’\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Note: ‘%s’ is not considered an option\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "can't create socket: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "socket name ‘%s’ is too long\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr "trying to steal socket from running %s\n"
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "a gpg-agent is already running - not starting a new one\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "error getting nonce for the socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "error binding socket to '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "can't set permissions of '%s': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "listening on socket ‘%s’\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "can't create directory '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "directory ‘%s’ created\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() failed for '%s': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "can't use ‘%s’ as home directory\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "error reading nonce on fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "handler 0x%lx for fd %d started\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "handler 0x%lx for fd %d terminated\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh handler 0x%lx for fd %d started\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh handler 0x%lx for fd %d terminated\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect failed: %s - waiting 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s stopped\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "no gpg-agent running in this session\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -792,11 +766,11 @@ msgstr ""
 "@Options:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -804,8 +778,8 @@ msgstr ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -813,8 +787,8 @@ msgstr ""
 "@Commands:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -824,11 +798,11 @@ msgstr ""
 "Options:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Usage: gpg-protect-tool [options] (-h for help)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -836,15 +810,15 @@ msgstr ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Please enter the passphrase to unprotect the PKCS#12 object."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Please enter the passphrase to protect the new PKCS#12 object."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -852,7 +826,7 @@ msgstr ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -860,53 +834,52 @@ msgstr ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "cancelled\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "error while asking for the passphrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "error opening '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "file '%s', line %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "statement “%s” ignored in '%s', line %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "system trustlist ‘%s’ not available\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "bad fingerprint in '%s', line %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "invalid keyflag in '%s', line %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "error reading '%s', line %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "error reading list of trusted root certificates\n"
@@ -919,7 +892,7 @@ msgstr "error reading list of trusted root certificates\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -927,11 +900,11 @@ msgid ""
 msgstr ""
 "Do you ultimately trust%%0A  “%s”%%0Ato correctly certify user certificates?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Yes"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "No"
@@ -944,7 +917,7 @@ msgstr "No"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -956,20 +929,20 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Correct"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Wrong"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "Note: This passphrase has never been changed.%0APlease change it now."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -978,15 +951,15 @@ msgstr ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Change passphrase"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "I'll change it later"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -995,11 +968,11 @@ msgstr ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Delete key"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1007,92 +980,92 @@ msgstr ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA requires the hash length to be a multiple of 8 bits\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s key uses an unsafe (%u bit) hash\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "a %zu bit hash is not valid for a %u bit %s key\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "checking created signature failed: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "secret key parts are not available\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "public key algorithm %d (%s) is not supported\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "protection algorithm %d (%s) is not supported\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "protection hash algorithm %d (%s) is not supported\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "error creating a pipe: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "error creating a stream for a pipe: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "error forking process: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "waiting for process %d to terminate failed: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "error running '%s': probably not installed\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "error running '%s': exit status %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "error running '%s': terminated\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "waiting for processes to terminate failed: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "error getting exit code of process %d: %s\n"
@@ -1107,33 +1080,33 @@ msgstr "can't connect to '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problem setting the gpg-agent options\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "can't disable core dumps: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Warning: unsafe ownership on %s “%s”\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Warning: unsafe permissions on %s “%s”\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "waiting for file ‘%s’ to become accessible ...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "renaming ‘%s’ to ‘%s’ failed: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes"
 
@@ -1187,50 +1160,91 @@ msgstr "out of core in secure memory while allocating %lu bytes"
 msgid "out of core while allocating %lu bytes"
 msgstr "out of core while allocating %lu bytes"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "error allocating enough memory: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: obsolete option “%s” - it has no effect\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "WARNING: “%s%s” is an obsolete option - it has no effect\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "unknown debug flag ‘%s’ ignored\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
-msgstr "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "waiting for the dirmngr to come up ... (%ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, c-format
-msgid "connection to %s established\n"
-msgstr "connection to %s established\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "waiting for the keyboxd to come up ... (%ds)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:351
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "no running gpg-agent - starting ‘%s’\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "waiting for the agent to come up ... (%ds)\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "connection to agent is in restricted mode\n"
+msgid "connection to the dirmngr established\n"
+msgstr "connection to the dirmngr established\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:366
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "no running Dirmngr - starting ‘%s’\n"
+msgid "connection to the keyboxd established\n"
+msgstr "connection to the keyboxd established\n"
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr "connection to the agent established\n"
+
+#: common/asshelp.c:485
+#, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "no running %s - starting ‘%s’\n"
+
+#: common/asshelp.c:588
+#, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "connection to the agent is in restricted mode\n"
+
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "error getting version from '%s': %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "server ‘%s’ is older than us (%s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "WARNING: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr "Note: Outdated servers may lack important security fixes.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Note: Use the command “%s” to restart them.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1300,7 +1314,7 @@ msgid "algorithm: %s"
 msgstr "algorithm: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "unsupported algorithm: %s"
@@ -1375,11 +1389,11 @@ msgstr "Certificate chain valid"
 msgid "Root certificate trustworthy"
 msgstr "Root certificate trustworthy"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "no CRL found for certificate"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "the available CRL is too old"
 
@@ -1416,7 +1430,7 @@ msgstr "No help available for '%s'."
 msgid "ignoring garbage line"
 msgstr "ignoring garbage line"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[none]"
 
@@ -1425,128 +1439,26 @@ msgstr "[none]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "invalid radix64 character %02x skipped\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr "Sorry, we are in batchmode - can't get input\n"
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr "Sorry, no terminal at all requested - can't get input\n"
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr "too many errors; giving up\n"
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr "Control-D detected\n"
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argument not expected"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "read error"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "keyword too long"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "missing argument"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "invalid argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "invalid command"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "invalid alias definition"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "permission error"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "out of core"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "invalid meta command"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "unknown meta command"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "unexpected meta command"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "invalid option"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "missing argument for option “%.50s”\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "invalid argument for option “%.50s”\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "option “%.50s” does not expect an argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "invalid command “%.50s”\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "option “%.50s” is ambiguous\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "command “%.50s” is ambiguous\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "invalid option “%.50s”\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Note: no default option file ‘%s’\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "option file '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr "Note: ignoring option “--%s” due to global config\n"
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1562,143 +1474,144 @@ msgstr "iconv_open failed: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "conversion from ‘%s’ to ‘%s’ failed: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "failed to create temporary file '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "error writing to '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "removing stale lockfile (created by %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "waiting for lock (held by %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(deadlock?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "lock ‘%s’ not made: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "waiting for lock %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s is too old (need %s, have %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "invalid armor header: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "armor header: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "invalid clearsig header\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "unknown armor header: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "nested clear text signatures\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "unexpected armor: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "invalid dash escaped line: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "invalid radix64 character %02X skipped\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "premature eof (no CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "premature eof (in CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "malformed CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC error; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "premature eof (in trailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "error in trailer line\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "no valid OpenPGP data found.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "invalid armor: line longer than %d characters\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ not human readable (%zu bytes: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1707,375 +1620,366 @@ msgstr ""
 "a notation name must have only printable characters or spaces, and end with "
 "an ‘=’\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "a user notation name must contain the ‘@’ character\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "a notation name must not contain more than one ‘@’ character\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "a notation value must not use any control characters\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "a notation name may not contain an ‘=’ character\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "a notation name must have only printable characters or spaces\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "WARNING: invalid notation data found\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "failed to proxy %s inquiry to client\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Enter passphrase: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "error getting version from '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "server ‘%s’ is older than us (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "WARNING: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "Note: Outdated servers may lack important security fixes.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s is not compliant with %s mode\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Note: Use the command “%s” to restart them.\n"
+msgid "error from TPM: %s\n"
+msgstr "error from TPM: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s is not compliant with %s mode\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem with the agent: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "no dirmngr running in this session\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
-msgstr "keyserver option “%s” may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
+msgstr "keyserver option “honor-keyserver-url” may not be used in Tor mode\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD uses a cached result"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor is not running"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor is not properly configured"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS is not properly configured"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "unacceptable HTTP redirect from server"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "unacceptable HTTP redirect from server was cleaned up"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "server uses an invalid certificate"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Note: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP card not available: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGP card no. %s detected\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "can't do this in batch mode\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "This command is only available for version 2 cards\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Reset Code not or not anymore available\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Your selection? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[not set]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Mr."
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Ms."
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "not forced"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forced"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Error: Only plain ASCII is currently allowed.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Error: The “<” character may not be used.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Error: Double spaces are not allowed.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Cardholder's surname: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Cardholder's given name: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Error: Combined name too long (limit is %d characters).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL to retrieve public key: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "error reading '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "error writing '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Login data (account name): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Private DO data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Language preferences: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Error: invalid length of preference string.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Error: invalid characters in preference string.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Salutation (M = Mr., F = Ms., or space): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Error: invalid response.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA fingerprint: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Error: invalid formatted fingerprint.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "key operation not possible: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "not an OpenPGP card"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "error getting current key info: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Replace existing key? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "What keysize do you want? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "rounded up to %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s keysizes must be in the range %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Changing card key attribute for: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Signature key\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Encryption key\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Authentication key\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Please select what kind of key you want:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Invalid selection.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "The card will now be re-configured to generate a key of %u bits\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "The card will now be re-configured to generate a key of type: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "error changing key attribute for key %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "error getting card info: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "This command is not supported by this card\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Make off-card backup of encryption key? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Note: keys are already stored on the card!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Replace existing keys? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2086,185 +1990,196 @@ msgstr ""
 "   PIN = ‘%s’     Admin PIN = ‘%s’\n"
 "You should change them using the command --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Please select the type of key to generate:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Signature key\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Encryption key\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Authentication key\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Please select where to store the key:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD failed: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Note: This command destroys all keys stored on the card!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Continue? (y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Really do a factory reset? (enter “yes”) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "error for setup KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "error for setup UIF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "quit this menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "show admin commands"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "show this help"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "list all available data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "change card holder's name"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "change URL to retrieve key"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "fetch the key specified in the card URL"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "change the login name"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "change the language preferences"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "change card holder's salutation"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "change a CA fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "toggle the signature force PIN flag"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "generate new keys"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menu to change or unblock the PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verify the PIN and list all data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "unblock the PIN using a Reset Code"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "destroy all keys and data"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
-msgstr "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
+msgstr "setup KDF for PIN authentication (on/single/off)"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "change the key attribute"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr "change the User Interaction Flag"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Admin-only command\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Admin commands are allowed\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Admin commands are not allowed\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Invalid command  (try “help”)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output doesn't work for this command\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "can't open ‘%s’\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "key “%s” not found: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "error reading keyblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "key “%s” not found\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(unless you specify the key by fingerprint)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "can't do this in batch mode without “--yes”\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(unless you specify the key by fingerprint)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr "Note: The public primary key and all its subkeys will be deleted.\n"
@@ -2302,9 +2217,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "subkey"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "update failed: %s\n"
@@ -2329,61 +2244,71 @@ msgstr "there is a secret key for public key “%s”!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "use option “--delete-secret-keys” to delete it first.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "error creating passphrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "can't use a symmetric ESK packet due to the S2K mode\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
-msgstr "using cipher %s\n"
+msgid "using cipher %s.%s\n"
+msgstr "using cipher %s.%s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "‘%s’ already compressed\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "WARNING: ‘%s’ is an empty file\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "cipher algorithm ‘%s’ may not be used for encryption\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr "(use option “%s” to override)\n"
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "cipher algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "digest algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "WARNING: key %s is not suitable for encryption in %s mode\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "reading from ‘%s’\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "WARNING: key %s is not suitable for encryption in %s mode\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2392,96 +2317,43 @@ msgstr ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encrypt.c:1159
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s encrypted for: “%s”\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
+msgstr "%s/%s.%s encrypted for: “%s”\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "option ‘%s’ may not be used in %s mode\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "%s encrypted data\n"
-msgstr "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s.%s encrypted data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "encrypted with unknown algorithm %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem handling encrypted packet\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "no remote program execution supported\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"external program calls are disabled due to unsafe options file permissions\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"this platform requires temporary files when calling external programs\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "unable to execute program '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "unable to execute shell '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "system error while calling external program: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "unnatural exit of external program\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "unable to execute external program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "unable to read external program response: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "WARNING: unable to remove temp directory '%s': %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "export signatures that are marked as local-only"
@@ -2502,366 +2374,366 @@ msgstr "remove unusable parts from key during export"
 msgid "remove as much as possible from key during export"
 msgstr "remove as much as possible from key during export"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "use the GnuPG key backup format"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - skipped"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "writing to ‘%s’\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "key %s: key material on-card - skipped\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "exporting secret keys not allowed\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "key %s: PGP 2.x style key - skipped\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "WARNING: nothing exported\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "error creating '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[User ID not found]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "automatically retrieved ‘%s’ via %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "error retrieving ‘%s’ via %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "No fingerprint"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "checking for a fresh copy of an expired key via %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "secret key “%s” not found: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(check argument of option '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Warning: not using ‘%s’ as default key: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "using “%s” as default secret key for signing\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "all values passed to ‘%s’ ignored\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "using subkey %s instead of primary key %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "valid values for option '%s':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "make a signature"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "make a clear text signature"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "make a detached signature"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "encrypt data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "encryption only with symmetric cipher"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "decrypt data (default)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verify a signature"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "list keys"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "list keys and signatures"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "list and check key signatures"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "list keys and fingerprints"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "list secret keys"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "generate a new key pair"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "quickly generate a new key pair"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "quickly add a new user-id"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "quickly revoke a user-id"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "quickly set a new expiration date"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "full featured key pair generation"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "generate a revocation certificate"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "remove keys from the public keyring"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "remove keys from the secret keyring"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "quickly sign a key"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "quickly sign a key locally"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "quickly revoke a key signature"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "sign a key"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "sign a key locally"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "sign or edit a key"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "change a passphrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "export keys"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "export keys to a keyserver"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "import keys from a keyserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "search for keys on a keyserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "update all keys from a keyserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "import/merge keys"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "print the card status"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "change data on a card"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "change a card's PIN"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "update the trust database"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "print message digests"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "run in server mode"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|set the TOFU policy for a key"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|use NAME as default secret key"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|encrypt to user ID NAME as well"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|set up email aliases"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "use strict OpenPGP behavior"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "do not make any changes"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "prompt before overwriting"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr "Options controlling the input"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr "Options controlling the output"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "create ascii armored output"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|write output to FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "use canonical text mode"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|set compress level to N (0 disables)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr "Options controlling key import and export"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "import missing key from a signature"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "include the public key in signatures"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "disable all access to the dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr "Options controlling key listings"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
 msgstr "Options to specify keys"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|encrypt for USER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|use USER-ID to sign or decrypt"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr "Options for unattended use"
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr "Other options"
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2869,7 +2741,7 @@ msgstr ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2889,11 +2761,11 @@ msgstr ""
 " --list-keys [names]        show keys\n"
 " --fingerprint [names]      show fingerprints\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Usage: @GPG@ [options] [files] (-h for help)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2903,7 +2775,7 @@ msgstr ""
 "Sign, check, encrypt or decrypt\n"
 "Default operation depends on the input data\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2911,539 +2783,551 @@ msgstr ""
 "\n"
 "Supported algorithms:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pubkey: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cipher: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compression: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "usage: %s [options] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "conflicting commands\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no = sign found in group definition ‘%s’\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "WARNING: unsafe ownership on homedir ‘%s’\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "WARNING: unsafe ownership on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "WARNING: unsafe ownership on extension ‘%s’\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "WARNING: unsafe permissions on homedir ‘%s’\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "WARNING: unsafe permissions on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "WARNING: unsafe permissions on extension ‘%s’\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "WARNING: unsafe enclosing directory ownership on homedir ‘%s’\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 "WARNING: unsafe enclosing directory ownership on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "WARNING: unsafe enclosing directory ownership on extension ‘%s’\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "WARNING: unsafe enclosing directory permissions on homedir ‘%s’\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr ""
 "WARNING: unsafe enclosing directory permissions on configuration file ‘%s’\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "WARNING: unsafe enclosing directory permissions on extension ‘%s’\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "unknown configuration item ‘%s’\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "display photo IDs during key listings"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "show key usage information during key listings"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "show policy URLs during signature listings"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "show all notations during signature listings"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "show IETF standard notations during signature listings"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "show user-supplied notations during signature listings"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "show preferred keyserver URLs during signature listings"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "show user ID validity during key listings"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "show revoked and expired user IDs in key listings"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "show revoked and expired subkeys in key listings"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "show the keyring name in key listings"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "show expiration dates during signature listings"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "unknown TOFU policy ‘%s’\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(use “help” to list choices)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "This command is not allowed while in %s mode.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Note: %s is not for normal use!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "‘%s’ is not a valid signature expiration\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "“%s” is not a proper mail address\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "invalid pinentry mode ‘%s’\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "invalid request origin ‘%s’\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "‘%s’ is not a valid character set\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "could not parse keyserver URL\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: invalid keyserver options\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "invalid keyserver options\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: invalid import options\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "invalid import options\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "invalid filter option: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: invalid export options\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "invalid export options\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: invalid list options\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "invalid list options\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "display photo IDs during signature verification"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "show policy URLs during signature verification"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "show all notations during signature verification"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "show IETF standard notations during signature verification"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "show user-supplied notations during signature verification"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "show preferred keyserver URLs during signature verification"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "show user ID validity during signature verification"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "show revoked and expired user IDs in signature verification"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "show only the primary user ID in signature verification"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "validate signatures with PKA data"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "elevate the trust of signatures with valid PKA data"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: invalid verify options\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "invalid verify options\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "unable to set exec-path to %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: invalid auto-key-locate list\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "invalid auto-key-locate list\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "invalid argument for option “%.50s”\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "WARNING: program may create a core file!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "WARNING: %s overrides %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s not allowed with %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s makes no sense with %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "WARNING: running with faked system time: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "will not run with insecure memory due to %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "selected cipher algorithm is invalid\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "selected AEAD algorithm is invalid\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "selected compression algorithm is invalid\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "selected certification digest algorithm is invalid\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed must be greater than 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed must be greater than 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth must be in the range from 1 to 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "invalid min-cert-level; must be 1, 2, or 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Note: simple S2K mode (0) is strongly discouraged\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "invalid S2K mode; must be 0, 1 or 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "invalid default preferences\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "invalid personal cipher preferences\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "invalid personal AEAD preferences\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "invalid personal digest preferences\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "invalid personal compress preferences\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr "chunk size invalid - using %d\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s does not yet work with %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "AEAD algorithm ‘%s’ may not be used in %s mode\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "compression algorithm ‘%s’ may not be used in %s mode\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "failed to initialize the TrustDB: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "WARNING: recipients (-r) given without using public key encryption\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symmetric encryption of ‘%s’ failed: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "you cannot use --symmetric --encrypt in %s mode\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "you cannot use --symmetric --sign --encrypt in %s mode\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "keyserver send failed: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "keyserver receive failed: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "key export failed: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "export as ssh key failed: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "keyserver search failed: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "keyserver refresh failed: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "dearmoring failed: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "enarmoring failed: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "invalid hash algorithm ‘%s’\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "error parsing key specification '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "‘%s’ does not appear to be a valid key ID, fingerprint or keygrip\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Go ahead and type your message ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "the given certification policy URL is invalid\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "the given signature policy URL is invalid\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "the given preferred keyserver URL is invalid\n"
@@ -3456,7 +3340,7 @@ msgstr "|FILE|take the keys from the keyring FILE"
 msgid "make timestamp conflicts only a warning"
 msgstr "make timestamp conflicts only a warning"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|write status info to this FD"
 
@@ -3502,128 +3386,136 @@ msgid "do not update the trustdb after import"
 msgstr "do not update the trustdb after import"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr "enable bulk import mode"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "show key during import"
 
-#: g10/import.c:184
+#: g10/import.c:187
+msgid "show key but do not actually import"
+msgstr "show key but do not actually import"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "only accept updates to existing keys"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "remove unusable parts from key after import"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "remove as much as possible from key after import"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "ignore key-signatures which are not self-signatures"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "run import filters and export key immediately"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "assume the GnuPG key backup format"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "repair keys on import"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "skipping block of type %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu keys processed so far\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Total number processed: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    skipped PGP-2 keys: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      skipped new keys: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          w/o user IDs: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              imported: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             unchanged: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          new user IDs: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           new subkeys: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        new signatures: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   new key revocations: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      secret keys read: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  secret keys imported: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " secret keys unchanged: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          not imported: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    signatures cleaned: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      user IDs cleaned: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3632,167 +3524,172 @@ msgstr ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         “%s”: preference for cipher algorithm %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         “%s”: preference for AEAD algorithm %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         “%s”: preference for digest algorithm %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         “%s”: preference for compression algorithm %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "it is strongly suggested that you update your preferences and\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "re-distribute this key to avoid potential algorithm mismatch problems\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "you can update your preferences with: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "key %s: no user ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "key %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "rejected by import screener"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "key %s: PKS subkey corruption repaired\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "key %s: accepted non self-signed user ID “%s”\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "key %s: no valid user IDs\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "this may be caused by a missing self-signature\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "key %s: public key not found: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "key %s: new key - skipped\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "no writable keyring found: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "error writing keyring '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "key %s: public key “%s” imported\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "key %s: doesn't match our copy\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "key %s: “%s” 1 new user ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "key %s: “%s” %d new user IDs\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "key %s: “%s” 1 new signature\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "key %s: “%s” %d new signatures\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "key %s: “%s” 1 new subkey\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "key %s: “%s” %d new subkeys\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "key %s: “%s” %d signature cleaned\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "key %s: “%s” %d signatures cleaned\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "key %s: “%s” %d user ID cleaned\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "key %s: “%s” %d user IDs cleaned\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "key %s: “%s” not changed\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "key %s: secret key imported\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "key %s: secret key already exists\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "key %s: error sending to agent: %s\n"
@@ -3805,197 +3702,203 @@ msgstr "key %s: error sending to agent: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "To migrate '%s', with each smartcard, run: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "secret key %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "importing secret keys not allowed\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "key %s: secret key with invalid cipher %d - skipped\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "No reason specified"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Key is superseded"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Key has been compromised"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Key is no longer used"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "User ID is no longer valid"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "reason for revocation: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "revocation comment: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "key %s: no public key - can't apply revocation certificate\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "key %s: can't locate original keyblock: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "key %s: can't read original keyblock: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "key %s: invalid revocation certificate: %s - rejected\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "key %s: “%s” revocation certificate imported\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "key %s: no user ID for signature\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "key %s: unsupported public key algorithm on user ID “%s”\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "key %s: invalid self-signature on user ID “%s”\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "key %s: unsupported public key algorithm\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "key %s: invalid direct key signature\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "key %s: no subkey for key binding\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "key %s: invalid subkey binding\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "key %s: removed multiple subkey binding\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "key %s: no subkey for key revocation\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "key %s: invalid subkey revocation\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "key %s: removed multiple subkey revocation\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "key %s: skipped user ID “%s”\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "key %s: skipped subkey\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "key %s: non exportable signature (class 0x%02X) - skipped\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "key %s: revocation certificate at wrong place - skipped\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "key %s: invalid revocation certificate: %s - skipped\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "key %s: subkey signature in wrong place - skipped\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "key %s: unexpected signature class (0x%02X) - skipped\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "key %s: duplicated user ID detected - merged\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "key %s: duplicated subkeys detected - merged\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "WARNING: key %s may be revoked: fetching revocation key %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "WARNING: key %s may be revoked: revocation key %s not present.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "key %s: “%s” revocation certificate added\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "key %s: direct key signature added\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "error allocating memory: %s\n"
@@ -4017,40 +3920,40 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (reordered signatures follow)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "key %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d duplicate signature removed\n"
 msgstr[1] "%d duplicate signatures removed\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d signature not checked due to a missing key\n"
 msgstr[1] "%d signatures not checked due to missing keys\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d bad signature\n"
 msgstr[1] "%d bad signatures\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d signature reordered\n"
 msgstr[1] "%d signatures reordered\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4059,37 +3962,32 @@ msgstr ""
 "Warning: errors found and only checked self-signatures, run ‘%s’ to check "
 "all signatures.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "error creating keybox '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "error creating keyring '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "keybox ‘%s’ created\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "keyring ‘%s’ created\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "keyblock resource '%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "error opening key DB: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "failed to rebuild keyring cache: %s\n"
@@ -4102,7 +4000,7 @@ msgstr "[revocation]"
 msgid "[self-signature]"
 msgstr "[self-signature]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4114,12 +4012,12 @@ msgstr ""
 "(by looking at passports, checking fingerprints from different sources, "
 "etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = I trust marginally\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = I trust fully\n"
@@ -4149,12 +4047,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "User ID “%s” is revoked."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Are you sure you still want to sign it? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Unable to sign.\n"
 
@@ -4328,186 +4226,190 @@ msgstr "I have checked this key very carefully.\n"
 msgid "Really sign? (y/N) "
 msgstr "Really sign? (y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "signing failed: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr "Key has only stub or on-card key items - no passphrase to change.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "key %s: error changing passphrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "save and quit"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "show key fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "show the keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "list key and user IDs"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "select user ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "select subkey N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "check signatures"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "sign selected user IDs [* see below for related commands]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "sign selected user IDs locally"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "sign selected user IDs with a trust signature"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "sign selected user IDs with a non-revocable signature"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "add a user ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "add a photo ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "delete selected user IDs"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "add a subkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "add a key to a smartcard"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "move a key to a smartcard"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr "convert a key to TPM form using the local TPM"
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "move a backup key to a smartcard"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "delete selected subkeys"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "add a revocation key"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "delete signatures from the selected user IDs"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "change the expiration date for the key or selected subkeys"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "flag the selected user ID as primary"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "list preferences (expert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "list preferences (verbose)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "set preference list for the selected user IDs"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "set the preferred keyserver URL for the selected user IDs"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "set a notation for the selected user IDs"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "change the passphrase"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "change the ownertrust"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revoke signatures on the selected user IDs"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revoke selected user IDs"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revoke key or selected subkeys"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "enable key"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "disable key"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "show selected photo IDs"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "compact unusable user IDs and remove unusable signatures from key"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "compact unusable user IDs and remove all signatures from key"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Secret key is available.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Secret subkeys are available.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Need the secret key to do this.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4519,284 +4421,289 @@ msgstr ""
 "  a ‘t’ for trust signatures (tsign), an ‘nr’ for non-revocable signatures\n"
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Key is revoked."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Really sign all text user IDs? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Really sign all user IDs? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Hint: Select the user IDs to sign\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Unknown signature type ‘%s’\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "This command is not allowed while in %s mode.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "You must select at least one user ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Use the ‘%s’ command.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "You can't delete the last user ID!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Really remove all selected user IDs? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Really remove this user ID? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Really move the primary key? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "You must select exactly one key.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Command expects a filename argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Can't open '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Error reading backup key from '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "You must select at least one key.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Do you really want to delete the selected keys? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Do you really want to delete this key? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Really revoke all selected user IDs? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Really revoke this user ID? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Do you really want to revoke the entire key? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Do you really want to revoke the selected subkeys? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Do you really want to revoke this subkey? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Owner trust may not be set while using a user provided trust database\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Set preference list to:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Really update the preferences for the selected user IDs? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Really update the preferences? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Save changes? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Quit without saving? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Key not changed so no update needed.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "cannot revoke the last valid user ID.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "revoking the user ID failed: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "setting the primary user ID failed: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "“%s” is not a fingerprint\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "“%s” is not the primary fingerprint\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Invalid user ID '%s': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "No matching user IDs."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nothing to sign.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Not signed by you.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "revoking the key signature failed: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "‘%s’ is not a valid expiration time\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "“%s” is not a proper fingerprint\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "subkey “%s” not found\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Features: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Preferred keyserver: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notations: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "There are no preferences on a PGP 2.x-style user ID.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "The following key was revoked on %s by %s key %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "This key may be revoked by %s key %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensitive)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "created: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "revoked: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "expired: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "expires: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "usage: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "card-no: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "trust: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validity: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "This key has been disabled"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4804,17 +4711,17 @@ msgstr ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "revoked"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "expired"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4823,17 +4730,17 @@ msgstr ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "WARNING: Your encryption subkey expires soon.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "You may want to change its expiration date too.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4843,72 +4750,72 @@ msgstr ""
 "versions\n"
 "         of PGP to reject this key.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Are you sure you still want to add it? (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "You may not add a photo ID to a PGP2-style key.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Such a user ID already exists on this key!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Delete this good signature? (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Delete this invalid signature? (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Delete this unknown signature? (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Really delete this self-signature? (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Deleted %d signature.\n"
 msgstr[1] "Deleted %d signatures.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nothing deleted.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "invalid"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "User ID “%s” compacted: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "User ID “%s”: %d signature removed\n"
 msgstr[1] "User ID “%s”: %d signatures removed\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "User ID “%s”: already minimized\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "User ID “%s”: already clean\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4918,40 +4825,40 @@ msgstr ""
 "cause\n"
 "         some versions of PGP to reject this key.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "You may not add a designated revoker to a PGP 2.x-style key.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Enter the user ID of the designated revoker: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "cannot appoint a PGP 2.x style key as a designated revoker\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "you cannot appoint a key as its own designated revoker\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "this key has already been designated as a revoker\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
@@ -4959,251 +4866,256 @@ msgstr ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Changing expiration time for a subkey.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Changing expiration time for the primary key.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "You can't change the expiration date of a v3 key\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Changing usage of a subkey.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Changing usage of the primary key.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "signing subkey %s is already cross-certified\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "subkey %s does not sign and so does not need to be cross-certified\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Please select exactly one user ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "skipping v3 self-signature on user ID “%s”\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Enter your preferred keyserver URL: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Are you sure you want to replace it? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Are you sure you want to delete it? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Enter the notation: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Proceed? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "No user ID with index %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "No user ID with hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "No subkey with key ID '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "No subkey with index %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "user ID: “%s”\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "signed by your key %s on %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non-exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "This signature expired on %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Are you sure you still want to revoke it? (y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Create a revocation certificate for this signature? (y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "You have signed these user IDs on key %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (non-revocable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "revoked by your key %s on %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "You are about to revoke these signatures:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Really create the revocation certificates? (y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "no secret key\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "tried to revoke a non-user ID: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "user ID “%s” is already revoked\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "WARNING: a user ID signature is dated %d seconds in the future\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Cannot revoke the last valid user ID.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Key %s is already revoked.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Subkey %s is already revoked.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "invalid value for option ‘%s’\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preference ‘%s’ duplicated\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "too many cipher preferences\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "too many digest preferences\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "too many compression preferences\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr "too many AEAD preferences\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "invalid item ‘%s’ in preference string\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "writing direct signature\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "writing self signature\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "writing key binding signature\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "keysize invalid; using %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "keysize rounded up to %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certify"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Encrypt"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Authenticate"
 
@@ -5217,161 +5129,166 @@ msgstr "Authenticate"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
-msgstr "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
+msgstr "Possible actions for this %s key: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Current allowed actions: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Toggle the sign capability\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Toggle the encrypt capability\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Toggle the authenticate capability\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Finished\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
-msgstr "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
+msgstr "   (%d) RSA and RSA%s\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
-msgstr "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
+msgstr "   (%d) DSA and Elgamal%s\n"
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
-msgstr "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
+msgstr "   (%d) DSA (sign only)%s\n"
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
-msgstr "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
+msgstr "   (%d) RSA (sign only)%s\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
-msgstr "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
+msgstr "   (%d) Elgamal (encrypt only)%s\n"
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
-msgstr "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
+msgstr "   (%d) RSA (encrypt only)%s\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
-msgstr "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
+msgstr "   (%d) DSA (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
-msgstr "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
+msgstr "   (%d) RSA (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC and ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ECC (sign and encrypt)%s\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr " *default*"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (sign only)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
+msgstr "  (%d) ECC (set your own capabilities)%s\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
-msgstr "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
+msgstr "  (%d) ECC (encrypt only)%s\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
-msgstr "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
+msgstr "  (%d) Existing key%s\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
-msgstr "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
+msgstr "  (%d) Existing key from card%s\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Enter the keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Not a valid keygrip (expecting 40 hex digits)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "No key with this keygrip\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "error reading the card: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Serial number of the card: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Available keys:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "rounded to %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s keys may be between %u and %u bits long.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "What keysize do you want for the subkey? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Requested keysize is %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Please select which elliptic curve you want:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5387,7 +5304,7 @@ msgstr ""
 "      <n>m = key expires in n months\n"
 "      <n>y = key expires in n years\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5403,38 +5320,38 @@ msgstr ""
 "      <n>m = signature expires in n months\n"
 "      <n>y = signature expires in n years\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Key is valid for? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Signature is valid for? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "invalid value\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Key does not expire at all\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Signature does not expire at all\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Key expires at %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signature expires at %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5442,11 +5359,11 @@ msgstr ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Is this correct? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5460,7 +5377,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5476,49 +5393,49 @@ msgstr ""
 "    “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Real name: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Invalid character in name\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "The characters ‘%s’ and ‘%s’ may not appear in name\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Name may not start with a digit\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Name must be at least 5 characters long\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Email address: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Not a valid email address\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comment: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Invalid character in comment\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "You are using the ‘%s’ character set.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5529,7 +5446,7 @@ msgstr ""
 "    “%s”\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Please don't put the email address into the real name or the comment\n"
 
@@ -5544,31 +5461,31 @@ msgstr "Please don't put the email address into the real name or the comment\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Change (N)ame, (E)mail, or (Q)uit? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Please correct the error first\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5580,13 +5497,13 @@ msgstr ""
 "disks) during the prime generation; this gives the random number\n"
 "generator a better chance to gain enough entropy.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Key generation failed: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5597,64 +5514,64 @@ msgstr ""
 "    “%s”\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Continue? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "A key for “%s” already exists\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Create anyway? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "creating anyway\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "Note: Use “%s %s” for a full featured key generation dialog.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Key generation canceled.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "can't create backup file '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Note: backup of card key saved to ‘%s’\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "writing public key to ‘%s’\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "no writable public keyring found: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "error writing public keyring '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "public and secret key created and signed.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5662,319 +5579,325 @@ msgstr ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command “--edit-key” to generate a subkey for this purpose.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Secret parts of primary key are not available.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Secret parts of primary key are stored on-card.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Really create? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "never     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Critical signature policy: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Signature policy: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Critical preferred keyserver: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Critical signature notation: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Signature notation: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d good signature\n"
 msgstr[1] "%d good signatures\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "%d signature not checked due to an error\n"
 msgstr[1] "%d signatures not checked due to errors\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Warning: %lu key skipped due to its large size\n"
 msgstr[1] "Warning: %lu keys skipped due to their large sizes\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Keyring"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primary key fingerprint:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Subkey fingerprint:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Primary key fingerprint:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Subkey fingerprint:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Key fingerprint ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Card serial no. ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "caching keyring ‘%s’\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu keys cached so far (%lu signature)\n"
 msgstr[1] "%lu keys cached so far (%lu signatures)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu key cached"
 msgstr[1] "%lu keys cached"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu signature)\n"
 msgstr[1] " (%lu signatures)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: keyring created\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "override proxy options set for dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "include revoked keys in search results"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "include subkeys when searching by key ID"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "override timeout options set for dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "automatically retrieve keys when verifying signatures"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "honor the preferred keyserver URL set on the key"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "honor the PKA record set on a key when retrieving keys"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "disabled"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Enter number(s), N)ext, or Q)uit > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "invalid keyserver protocol (us %d!=handler %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "“%s” not a key ID: skipping\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "refreshing %d key from %s\n"
 msgstr[1] "refreshing %d keys from %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "WARNING: unable to refresh key %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "key “%s” not found on keyserver\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "key not found on keyserver\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "requesting key %s from %s server %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "requesting key %s from %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "no keyserver known\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "skipped “%s”: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "sending key %s to %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "requesting key from ‘%s’\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "WARNING: unable to fetch URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "weird size for an encrypted session key (%d)\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
+#, c-format
+msgid "%s.%s encrypted session key\n"
+msgstr "%s.%s encrypted session key\n"
+
+#: g10/mainproc.c:385
 #, c-format
-msgid "%s encrypted session key\n"
-msgstr "%s encrypted session key\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "encrypted with unknown algorithm %d.%s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "passphrase generated with unknown digest algorithm %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "public key is %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "public key encrypted data: good DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
+msgstr "encrypted with %s key, ID %s, created %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      “%s”\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "encrypted with %s key, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "public key decryption failed: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "WARNING: multiple plaintexts seen\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "encrypted with %lu passphrases\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "encrypted with 1 passphrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "public key decryption failed: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "public key encrypted data: good DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "assuming %s encrypted data\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "WARNING: message was not integrity protected\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -5984,311 +5907,306 @@ msgstr ""
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Use the option ‘%s’ to decrypt anyway.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "decryption forced to fail!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "decryption okay\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "WARNING: encrypted message has been manipulated!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "decryption failed: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Note: sender requested “for-your-eyes-only”\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "original file name='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "standalone revocation - use “gpg --import” to apply\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "no signature found\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "BAD signature from “%s”"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Expired signature from “%s”"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Good signature from “%s”"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "signature verification suppressed\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "can't handle this ambiguous signature data\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signature made %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               using %s key %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signature made %s using %s key ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               issuer “%s”\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Key available at: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Note: Use ‘%s’ to make use of this info\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[uncertain]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                aka “%s”"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "WARNING: This key is not suitable for signing in %s mode\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Signature expired %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Signature expires %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s signature, digest algorithm %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binary"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "textmode"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "unknown"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", key algorithm "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "WARNING: not a detached signature; file ‘%s’ was NOT verified!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Can't check signature: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "not a detached signature\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "standalone signature of class 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "old style (PGP 2.x) signature\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat of ‘%s’ failed in %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) failed in %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "WARNING: using experimental public key algorithm %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "WARNING: using experimental cipher algorithm %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "WARNING: using experimental digest algorithm %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "WARNING: digest algorithm %s is deprecated\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Note: signatures using the %s algorithm are rejected\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Note: third-party key signatures using the %s algorithm are rejected\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(reported error: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(reported error: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(further info: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: deprecated option “%s”\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "WARNING: “%s” is a deprecated option\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "please use “%s%s” instead\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "WARNING: “%s” is a deprecated command - do not use it\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: “%s” is obsolete in this file - it only has effect in %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr ""
 "WARNING: “%s%s” is an obsolete option - it has no effect except on %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Uncompressed"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "uncompressed|none"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr "operation forced to fail due to unfulfilled compliance rules\n"
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "this message may not be usable by %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "ambiguous option ‘%s’\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "unknown option ‘%s’\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "unknown weak digest ‘%s’\n"
@@ -6311,85 +6229,76 @@ msgstr "%s: unknown suffix\n"
 msgid "Enter new filename"
 msgstr "Enter new filename"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "writing to stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "assuming signed data in ‘%s’\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "can't handle public key algorithm %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "WARNING: potentially insecure symmetrically encrypted session key\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Unknown critical signature notation: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpacket of type %d has critical bit set\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem with the agent: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "Please enter the passphrase for decryption."
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Enter passphrase\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "cancelled by user\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (main key ID %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Please enter the passphrase to unlock the OpenPGP secret key:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Please enter the passphrase to import the OpenPGP secret key:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Please enter the passphrase to export the OpenPGP secret subkey:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Please enter the passphrase to export the OpenPGP secret key:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Do you really want to permanently delete the OpenPGP secret subkey key:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Do you really want to permanently delete the OpenPGP secret key:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6404,7 +6313,7 @@ msgstr ""
 "created %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6418,34 +6327,77 @@ msgstr ""
 "very large picture, your key will become very large as well!\n"
 "Keeping the image close to 240x288 is a good size to use.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Enter JPEG filename for photo ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "unable to open JPEG file '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "This JPEG is really large (%d bytes) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Are you sure you want to use it? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "‘%s’ is not a JPEG file\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Is this photo correct (y/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "no remote program execution supported\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"this platform requires temporary files when calling external programs\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "unable to execute shell '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "unnatural exit of external program\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "system error while calling external program: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "WARNING: unable to remove temp directory '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"external program calls are disabled due to unsafe options file permissions\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "unable to display photo ID!\n"
@@ -6460,53 +6412,53 @@ msgstr "unable to display photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "No trust value assigned to:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  aka “%s”\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "How much do you trust that this key actually belongs to the named user?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = I don't know or won't say\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = I do NOT trust\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = I trust ultimately\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = back to the main menu\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = skip this key\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = quit\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6515,44 +6467,44 @@ msgstr ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Your decision? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Do you really want to set this key to ultimate trust? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificates leading to an ultimately trusted key:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: There is no assurance this key belongs to the named user\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: There is limited assurance this key belongs to the named user\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "This key probably belongs to the named user\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "This key belongs to us\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: This key is bad!  It has been marked as untrusted!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6562,7 +6514,7 @@ msgstr ""
 "*really* know what you are doing, you may answer the next\n"
 "question with yes.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6572,143 +6524,158 @@ msgstr ""
 "in the user ID.  If you *really* know what you are doing,\n"
 "you may answer the next question with yes.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Use this key anyway? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "WARNING: Using untrusted key!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "WARNING: this key might be revoked (revocation key not present)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "checking User ID “%s”\n"
+
+#: g10/pkclist.c:681
+#, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "option %s given but issuer “%s” does not match\n"
+
+#: g10/pkclist.c:684
+#, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "issuer “%s” does not match any User ID\n"
+
+#: g10/pkclist.c:687
+#, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "option %s given but no matching User ID found\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "WARNING: This key has been revoked by its designated revoker!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "WARNING: This key has been revoked by its owner!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         This could mean that the signature is forged.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "WARNING: This subkey has been revoked by its owner!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Note: This key has been disabled.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Note: Verified signer's address is ‘%s’\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Note: Signer's address ‘%s’ does not match DNS entry\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "trustlevel adjusted to FULL due to valid PKA info\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "trustlevel adjusted to NEVER due to bad PKA info\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Note: This key has expired!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"WARNING: The key's User ID is not certified with a trusted signature!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "WARNING: This key is not certified with a trusted signature!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         There is no indication that the signature belongs to the owner.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "WARNING: We do NOT trust this key!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         The signature is probably a FORGERY.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         It is not certain that the signature belongs to the owner.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: skipped: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: skipped: public key is disabled\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: skipped: public key already present\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "can't encrypt to ‘%s’\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "option ‘%s’ given, but no valid default keys given\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "option ‘%s’ given, but option ‘%s’ not given\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "You did not specify a user ID. (you may use “-r”)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Current recipients:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6716,40 +6683,40 @@ msgstr ""
 "\n"
 "Enter the user ID.  End with an empty line: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "No such user ID.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "skipped: public key already set as default recipient\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Public key is disabled.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "skipped: public key already set\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "unknown default recipient “%s”\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "no valid addressees\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Note: key %s has no %s feature\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Note: key %s has no preference for %s\n"
@@ -6759,76 +6726,81 @@ msgstr "Note: key %s has no preference for %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data not saved; use option “--output” to save it\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Detached signature.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Please enter name of data file: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "reading stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "no signed data\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "can't open signed data ‘%s’\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "can't open signed data fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "key %s is not suitable for decryption in %s mode\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonymous recipient; trying secret key %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "used key is not marked for encryption use.\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "okay, we are the anonymous recipient.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "old encoding of the DEK is not supported\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "cipher algorithm %d%s is unknown or disabled\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "WARNING: cipher algorithm %s not found in recipient preferences\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Note: secret key %s expired at %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Note: key has been revoked"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet failed: %s\n"
@@ -6846,37 +6818,37 @@ msgstr "To be revoked by:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(This is a sensitive revocation key)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Secret key is not available.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Create a designated revocation certificate for this key? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII armored output forced.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet failed: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Revocation certificate created.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "no revocation keys found for “%s”\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "This is a revocation certificate for the OpenPGP key:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6886,7 +6858,7 @@ msgstr ""
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6900,7 +6872,7 @@ msgstr ""
 "a reason for the revocation.  For details see the description of\n"
 "of the gpg command “--generate-revocation” in the GnuPG manual."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -6910,12 +6882,12 @@ msgstr ""
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "revocation certificate stored as ‘%s.rev’\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "secret key “%s” not found\n"
@@ -6928,16 +6900,16 @@ msgstr "secret key “%s” not found\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "‘%s’ matches multiple secret keys:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "error searching the keyring: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Create a revocation certificate for this key? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -6955,37 +6927,37 @@ msgstr ""
 "your media become unreadable.  But have some caution:  The print system of\n"
 "your machine might store the data and make it available to others!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Please select the reason for the revocation:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancel"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Probably you want to select %d here)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Enter an optional description; end it with an empty line:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Reason for revocation: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(No description given)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Is this okay? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "weak key created - retrying\n"
@@ -6995,61 +6967,56 @@ msgstr "weak key created - retrying\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s key %s uses an unsafe (%zu bit) hash\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "key %s may not be used for signing in %s mode\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr "continuing verification anyway due to option %s\n"
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "WARNING: signature digest conflict in message\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "key %s may not be used for signing in %s mode\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "WARNING: signing subkey %s is not cross-certified\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "please see %s for more information\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "WARNING: signing subkey %s has an invalid cross-certification\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "public key %s is %lu second newer than the signature\n"
 msgstr[1] "public key %s is %lu seconds newer than the signature\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "public key %s is %lu day newer than the signature\n"
 msgstr[1] "public key %s is %lu days newer than the signature\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7060,7 +7027,7 @@ msgstr[0] ""
 msgstr[1] ""
 "key %s was created %lu seconds in the future (time warp or clock problem)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7070,55 +7037,55 @@ msgstr[0] ""
 msgstr[1] ""
 "key %s was created %lu days in the future (time warp or clock problem)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Note: signature key %s expired %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Note: signature key %s has been revoked\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "assuming bad signature from key %s due to an unknown critical bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "key %s: no subkey for subkey revocation signature\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "key %s: no subkey for subkey binding signature\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7127,49 +7094,49 @@ msgstr ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s signature from: “%s”\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signing:"
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
-msgstr "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
+msgstr "%s.%s encryption will be used\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "key is not flagged as insecure - can't use it with the faked RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "skipped “%s”: duplicated\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "skipped: secret key already present\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "this is a PGP generated Elgamal key which is not secure for signatures!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "trust record %lu, type %d: write failed: %s\n"
@@ -7183,43 +7150,43 @@ msgstr ""
 "# List of assigned trustvalues, created %s\n"
 "# (Use “gpg --import-ownertrust” to restore them)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "error in '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "line too long"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "colon missing"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "invalid fingerprint"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "ownertrust value missing"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "error finding trust record in '%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "read error in '%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sync failed: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "can't create lock for ‘%s’\n"
@@ -7229,12 +7196,12 @@ msgstr "can't create lock for ‘%s’\n"
 msgid "can't lock '%s'\n"
 msgstr "can't lock ‘%s’\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek failed: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
@@ -7249,7 +7216,7 @@ msgstr "trustdb transaction too large\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: directory does not exist!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "can't access '%s': %s\n"
@@ -7290,7 +7257,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: error updating version record: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: error reading version record: %s\n"
@@ -7300,52 +7267,52 @@ msgstr "%s: error reading version record: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: error writing version record: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek failed: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: not a trustdb file\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: version record with recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: invalid file version %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: error reading free record: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: error writing dir record: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: failed to zero a record: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: failed to append a record: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Error: The trustdb is corrupted.\n"
@@ -7385,10 +7352,10 @@ msgstr "unsupported TOFU database version: %s\n"
 msgid "TOFU DB error"
 msgstr "TOFU DB error"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "error reading TOFU database: %s\n"
@@ -7408,7 +7375,7 @@ msgstr "error initializing TOFU database: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "error opening TOFU database '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "error updating TOFU database: %s\n"
@@ -7578,109 +7545,109 @@ msgstr "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
 msgid "Defaulting to unknown.\n"
 msgstr "Defaulting to unknown.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "TOFU db corruption detected.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "error changing TOFU policy: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~year"
 msgstr[1] "%lld~years"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~month"
 msgstr[1] "%lld~months"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~week"
 msgstr[1] "%lld~weeks"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~day"
 msgstr[1] "%lld~days"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~hour"
 msgstr[1] "%lld~hours"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~minute"
 msgstr[1] "%lld~minutes"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~second"
 msgstr[1] "%lld~seconds"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Verified 0~signatures and encrypted 0~messages."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Verified 0 signatures."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Encrypted 0 messages."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(policy: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Warning: you have yet to encrypt a message to this key!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Warning: you have only encrypted one message to this key!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7707,160 +7674,160 @@ msgstr[1] ""
 "  %s\n"
 "to mark it as being bad.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "error opening TOFU database: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "‘%s’ is not a valid long keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "key %s: accepted as trusted key\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "key %s occurs more than once in the trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "key %s: no public key for trusted key - skipped\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "key %s marked as ultimately trusted\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "trust record %lu, req type %d: read failed: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "trust record %lu is not of requested type %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "You may try to re-create the trustdb using the commands:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "If that does not work, please consult the manual\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "unable to use unknown trust model (%d) - assuming %s trust model\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "using %s trust model\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "no need for a trustdb check\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "next trustdb check due at %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "no need for a trustdb check with ‘%s’ trust model\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "no need for a trustdb update with ‘%s’ trust model\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "public key %s not found: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "please do a --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "checking the trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%d key processed"
 msgstr[1] "%d keys processed"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (%d validity count cleared)\n"
 msgstr[1] " (%d validity counts cleared)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "no ultimately trusted keys found\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "public key of ultimately trusted key %s not found\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "unable to update trustdb version record: write failed: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "undefined"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "never"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "full"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultimate"
 
@@ -7872,39 +7839,39 @@ msgstr "ultimate"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 translator see trust.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ revoked]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ expired]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ unknown]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  undef ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[  never ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginal]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  full  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ultimate]"
 
@@ -7929,19 +7896,29 @@ msgstr "input line %u too long or missing LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "can't open fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "WARNING: encrypting without integrity protection is dangerous\n"
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "Hint: Do not use option %s\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "set debugging flags"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "enable full debugging"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Usage: kbxutil [options] [files] (-h for help)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -7952,72 +7929,180 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNumber: %s%%0AHolder: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Remaining attempts: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
+msgstr "|N|Please enter the new Global-PIN"
+
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Please enter the Global-PIN of your PIV card"
+
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr "|N|Please enter the new PIN"
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Please enter the PIN of your PIV card"
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|N|Please enter the new Unblocking Key"
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||Please enter the Unblocking Key of your PIV card"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN callback returned error: %s\n"
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN is too short; minimum length is %d\n"
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN is too long; maximum length is %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr "PIN has invalid characters; only digits are allowed\n"
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "key already exists\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "existing key will be replaced\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generating new key\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "writing new key\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "failed to store the key: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "response does not contain the RSA modulus\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "response does not contain the RSA public exponent\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "response does not contain the EC public key\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "please wait while key is being generated ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generating key failed\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "key generation completed (%d second)\n"
+msgstr[1] "key generation completed (%d seconds)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "response does not contain the public key data\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Please enter the PIN for the key to create qualified signatures."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Please enter the Admin PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Please enter the PIN for the standard keys."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA modulus missing or not of size %d bits\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA public exponent missing or larger than %d bits\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN callback returned error: %s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
+msgstr "Note: PIN has not yet been enabled."
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "the NullPIN has not yet been changed\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Please enter a new PIN for the standard keys."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Please enter a new PIN for the key to create qualified signatures."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8025,7 +8110,7 @@ msgstr ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8033,47 +8118,27 @@ msgstr ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "error getting new PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "failed to store the fingerprint: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "failed to store the creation date: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "error retrieving CHV status from card\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "response does not contain the RSA modulus\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "response does not contain the RSA public exponent\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "response does not contain the EC public key\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "response does not contain the public key data\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "reading public key failed: %s\n"
@@ -8081,42 +8146,42 @@ msgstr "reading public key failed: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "using default PIN as %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "failed to use default PIN as %s: %s - disabling further default use\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Please unlock the card"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN for CHV%d is too short; minimum length is %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "verify CHV%d failed: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "card is permanently locked!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8124,20 +8189,20 @@ msgid_plural ""
 msgstr[0] "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgstr[1] "%d Admin PIN attempts remaining before card is permanently locked\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "access to admin commands is not configured\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Please enter the PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Please enter the Reset Code for the card"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Reset Code is too short; minimum length is %d\n"
@@ -8145,121 +8210,79 @@ msgstr "Reset Code is too short; minimum length is %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|New Reset Code"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|New Admin PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|New PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Please enter the Admin PIN and New Admin PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Please enter the PIN and New PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "error reading application data\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "error reading fingerprint DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "key already exists\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "existing key will be replaced\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generating new key\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "writing new key\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "creation timestamp missing\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
-msgstr "RSA prime %s missing or not of size %d bits\n"
-
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "failed to store the key: %s\n"
-
-#: scd/app-openpgp.c:3993
-#, c-format
-msgid "unsupported curve\n"
-msgstr "unsupported curve\n"
-
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "please wait while key is being generated ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generating key failed\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "key generation completed (%d second)\n"
-msgstr[1] "key generation completed (%d seconds)\n"
+msgstr "RSA prime %s missing or not of size %d bits\n"
+
+#: scd/app-openpgp.c:4651
+#, c-format
+msgid "unsupported curve\n"
+msgstr "unsupported curve\n"
 
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "invalid structure of OpenPGP card (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "fingerprint on card does not match requested one\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "card does not support digest algorithm %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "signatures created so far: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 "verification of Admin PIN is currently prohibited through this command\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "can't access %s - invalid OpenPGP card?\n"
@@ -8271,59 +8294,63 @@ msgstr "||Please enter your PIN at the reader's pinpad"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Initial New PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "run in multi server mode (foreground)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|set the debugging level to LEVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|write a log to FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|connect to reader at port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|use NAME as ct-API driver"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|use NAME as PC/SC driver"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "do not use the internal CCID driver"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|disconnect the card after N seconds of inactivity"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "do not use a reader's pinpad"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "use variable length input for pinpad"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr "|LIST|change the application priority to LIST"
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "deny the use of admin card commands"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Usage: @SCDAEMON@ [options] (-h for help)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8331,38 +8358,32 @@ msgstr ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "please use the option ‘--daemon’ to run the program in the background\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "handler for fd %d started\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "handler for fd %d terminated\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "error getting key usage information: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "validation model requested by certificate: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "chain"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8395,7 +8416,7 @@ msgstr "Note: non-critical certificate policy not allowed"
 msgid "certificate policy not allowed"
 msgstr "certificate policy not allowed"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "failed to get the fingerprint\n"
@@ -8410,7 +8431,7 @@ msgstr "looking up issuer at external location\n"
 msgid "number of issuers matching: %d\n"
 msgstr "number of issuers matching: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "can't get authorityInfoAccess: %s\n"
@@ -8430,231 +8451,231 @@ msgstr "number of matching certificates: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngr cache-only key lookup failed: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "failed to allocate keyDB handle\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certificate has been revoked"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "the status of the certificate is unknown"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "please make sure that the “dirmngr” is properly installed\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "checking the CRL failed: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certificate with invalid validity: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certificate not yet valid"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "root certificate not yet valid"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "intermediate certificate not yet valid"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certificate has expired"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "root certificate has expired"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "intermediate certificate has expired"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "required certificate attributes missing: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certificate with invalid validity"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "signature not created during lifetime of certificate"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certificate not created during lifetime of issuer"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "intermediate certificate not created during lifetime of issuer"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  signature created at "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certificate created at "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certificate valid from "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     issuer valid from "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "fingerprint=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "root certificate has now been marked as trusted\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interactive marking as trusted not enabled in gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interactive marking as trusted disabled for this session\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "WARNING: creation time of signature not known - assuming current time"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "no issuer found in certificate"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "self-signed certificate has a BAD signature"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "root certificate is not marked trusted"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "checking the trust list failed: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "certificate chain too long\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "issuer certificate not found"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certificate has a BAD signature"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "found another possible matching CA certificate - trying again"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "certificate chain longer than allowed by CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certificate is good\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "intermediate certificate is good\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "root certificate is good\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "switching to chain model"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "validation model used: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "a %u bit hash is not valid for a %u bit %s key\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "out of core\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(this is the MD2 algorithm)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "none"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Error - invalid encoding]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Error - out of core]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Error - No name]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Error - invalid DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8669,132 +8690,142 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "created %s, expires %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "no key usage specified - assuming all usages\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error getting key usage information: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "certificate should not have been used for certification\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certificate should not have been used for OCSP response signing\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certificate should not have been used for encryption\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certificate should not have been used for signing\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certificate is not usable for encryption\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certificate is not usable for signing\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr "looking for another certificate\n"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "line %d: invalid algorithm\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "line %d: invalid key length %u (valid are %d to %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "line %d: no subject name given\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "line %d: invalid subject name label ‘%.*s’\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "line %d: invalid subject name ‘%s’ at pos %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "line %d: not a valid email address\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "line %d: invalid serial number\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "line %d: invalid issuer name label ‘%.*s’\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "line %d: invalid issuer name ‘%s’ at pos %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "line %d: invalid date given\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "line %d: error getting signing key by keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "line %d: invalid hash algorithm given\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "line %d: invalid authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "line %d: invalid subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "line %d: invalid extension syntax\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "line %d: error reading key ‘%s’ from card: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "line %d: error getting key by keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "line %d: key generation failed: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8802,45 +8833,45 @@ msgstr ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Existing key\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Existing key from card\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Possible actions for a %s key:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) sign, encrypt\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) sign\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) encrypt\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Enter the X.509 subject name: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "No subject name given\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Invalid subject name label ‘%.*s’\n"
@@ -8850,240 +8881,234 @@ msgstr "Invalid subject name label ‘%.*s’\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Invalid subject name ‘%s’\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Enter email addresses"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (end with an empty line):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Enter DNS names"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (optional; end with an empty line):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Enter URIs"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Create self-signed certificate? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "These parameters are used:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "error creating temporary file: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Now creating self-signed certificate.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Now creating certificate request.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "This may take a while ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Ready.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Ready.  You should now send this request to your CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "resource problem: out of core\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "%s.%s encrypted data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(this is the RC2 algorithm)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(this does not seem to be an encrypted message)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "encrypted to %s key %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certificate ‘%s’ not found: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "error locking keybox: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "duplicated certificate ‘%s’ deleted\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificate ‘%s’ deleted\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "deleting certificate “%s” failed: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "no valid recipients given\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "list external keys"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "list certificate chain"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "import certificates"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "export certificates"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "register a smartcard"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "pass a command to the dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "invoke gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "don't use the terminal at all"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|number of certificates to include"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|take policy information from FILE"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "assume input is in PEM format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "assume input is in base-64 format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "assume input is in binary format"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "create base-64 encoded output"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|use USER-ID as default secret key"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|add keyring to the list of keyrings"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|use this keyserver to lookup keys"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "fetch missing issuer certificates"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|use encoding NAME for PKCS#12 passphrases"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "never consult a CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "do not check CRLs for root certificates"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "check validity using OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "do not check certificate policies"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|use cipher algorithm NAME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|use message digest algorithm NAME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "batch mode: never ask"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "assume yes on most questions"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "assume no on most questions"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|write an audit log to FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Usage: @GPGSM@ [options] [files] (-h for help)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9093,87 +9118,122 @@ msgstr ""
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
 "Default operation depends on the input data\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Note: won't be able to encrypt to '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "unknown validation model ‘%s’\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: no hostname given\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: password given without user\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr "%s:%u: ignoring unknown flag ‘%s’\n"
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: skipping this line\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "could not parse keyserver\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importing common certificates ‘%s’\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "can't sign using '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "invalid command (there is no implicit command)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "total number processed: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "error storing certificate\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "basic certificate checks failed - not imported\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "error getting stored flags: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "error importing certificate: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "error reading input: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "no keyboxd running in this session\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "error opening key DB: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problem looking for existing certificate: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "error finding writable keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "error storing certificate: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problem re-searching certificate: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "error storing flags: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Error - "
 
@@ -9182,17 +9242,17 @@ msgstr "Error - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY has not been set - using maybe bogus default\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "invalid formatted fingerprint in '%s', line %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "invalid country code in '%s', line %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9209,7 +9269,7 @@ msgstr ""
 "\n"
 "%s%sAre you really sure that you want to do this?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9218,7 +9278,7 @@ msgstr ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9229,54 +9289,59 @@ msgstr ""
 "“%s”\n"
 "Note, that this certificate will NOT create a qualified signature!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "hash algorithm used for signer %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "checking for qualified certificate failed: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s/%s signature using %s key %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signature made "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[date not given]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "algorithm:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 "invalid signature: message digest attribute does not match computed one\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Good signature from"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                aka"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "This is a qualified signature\n"
@@ -9301,100 +9366,100 @@ msgstr "can't acquire write lock on the certificate cache: %s\n"
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "can't release lock on the certificate cache: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "dropping %u certificates from the cache\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "can't parse certificate '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificate ‘%s’ already cached\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "trusted certificate ‘%s’ loaded\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificate ‘%s’ loaded\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1 fingerprint = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   issuer ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  subject ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "error loading certificate '%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "permanently loaded certificates: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    runtime cached certificates: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           trusted certificates: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certificate already cached\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certificate cached\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "error caching certificate: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "invalid SHA1 fingerprint string ‘%s’\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "error fetching certificate by S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "error fetching certificate by subject: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "no issuer found in certificate\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "error getting authorityKeyIdentifier: %s\n"
@@ -9912,55 +9977,55 @@ msgstr "CRL access not possible due to Tor mode\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "certificate search not possible due to disabled %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "use OCSP instead of CRLs"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "check whether a dirmngr is running"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "add a certificate to the cache"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "validate a certificate"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "lookup a certificate"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "lookup only locally stored certificates"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "expect an URL for --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "load a CRL into the dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "special mode for use by Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "expect certificates in PEM format"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "force the use of the default OCSP responder"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -9972,215 +10037,211 @@ msgstr ""
 "The process returns 0 if the certificate is valid, 1 if it is\n"
 "not valid and other error codes for general failures\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "error reading certificate from stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "error reading certificate from '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certificate too large to make any sense\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "can't connect to the dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "lookup failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "loading CRL ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "a dirmngr daemon is up and running\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "validation of certificate failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "certificate is valid\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "certificate has been revoked\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "certificate check failed: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "got status: ‘%s’\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "error writing base64 encoding: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "unsupported inquiry ‘%s’\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "absolute file name expected\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "looking up ‘%s’\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "list the contents of the CRL cache"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|load CRL from FILE into cache"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|fetch a CRL from URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "shutdown the dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "flush the cache"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "allow online software version check"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|do not return more than N items in one query"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr "Network related options"
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "route all network traffic via Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Configuration for Keyservers"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|use keyserver at URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|use the CA certificates in FILE for HKP over TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Configuration for HTTP servers"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "inhibit the use of HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignore HTTP CRL distribution points"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|redirect all HTTP requests to URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "use system's HTTP proxy setting"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Configuration of LDAP servers to use"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "inhibit the use of LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignore LDAP CRL distribution points"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|use HOST for LDAP queries"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "do not use fallback hosts with --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|use this keyserver to lookup keys"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|read LDAP server list from FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "add new servers discovered in CRL distribution points to serverlist"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|set LDAP timeout to N seconds"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Configuration for OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "allow sending OCSP requests"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignore certificate contained OCSP service URLs"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|use OCSP responder at URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|OCSP response signed by FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "force loading of outdated CRLs"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10189,11 +10250,11 @@ msgstr ""
 "@\n"
 "(See the “info” manual for a complete listing of all commands and options)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Usage: @DIRMNGR@ [options] (-h for help)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10201,113 +10262,293 @@ msgstr ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "valid debug levels are: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "usage: %s [options] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "colons are not allowed in the socket name\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "fetching CRL from ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "processing CRL from ‘%s’ failed: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: line too long - skipped\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: invalid fingerprint detected\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: read error: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: garbage at end of line ignored\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUP received - re-reading configuration and flushing caches\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 received - no action defined\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM received - shutting down ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM received - still %d active connections\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "shutdown forced\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT received - immediate shutdown\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "signal %d received - no action defined\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "return all values in a record oriented format"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|ignore host part and connect through NAME"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr "force a TLS connection"
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|connect to host NAME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|connect to port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|use user NAME for authentication"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|use password PASS for authentication"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "take password from $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|query DN STRING"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|use STRING as filter expression"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|return the attribute STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "invalid port number %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "scanning result for attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "error writing to stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          available attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "attribute ‘%s’ not found\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "found attribute ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "processing url ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          user ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          pass ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          host ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filter ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          attr ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "no host name in ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "no attribute given for query ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "WARNING: using first attribute only\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP init to ‘%s:%d’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP init to ‘%s’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP init to ‘%s’ done\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "binding to ‘%s:%d’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "searching ‘%s’ failed: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "‘%s’ is not an LDAP URL\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "‘%s’ is an invalid LDAP URL\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "error accessing '%s': http status %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL ‘%s’ redirected to ‘%s’ (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "too many redirections\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "redirection changed to ‘%s’\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "error printing log line: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error reading log from ldap wrapper %d: %s\n"
@@ -10337,51 +10578,31 @@ msgstr "waiting for ldap wrapper %d failed: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap wrapper %d stalled - killing\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "invalid char 0x%02x in host name - not added\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "adding ‘%s:%d’ to the ldap server list\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc failed: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "‘%s’ is not an LDAP URL\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "‘%s’ is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: invalid pattern ‘%s’\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search hit the size limit of the server\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: password given without user\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u: ignoring unknown flag ‘%s’\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: skipping this line\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10467,91 +10688,91 @@ msgstr "hashing the OCSP response for ‘%s’ failed: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "not signed by a default OCSP signer's certificate"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "allocating list item failed: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "error getting responder ID: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "no suitable certificate found to verify the OCSP response\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "issuer certificate not found: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "caller did not return the target certificate\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "caller did not return the issuing certificate\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "failed to allocate OCSP context: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "no default OCSP responder defined\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "no default OCSP signer defined\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "using default OCSP responder ‘%s’\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "using OCSP responder ‘%s’\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "error getting OCSP status for target certificate: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "certificate status is: %s  (this=%s  next=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "good"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certificate has been revoked at: %s due to: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP responder returned a status in the future\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP responder returned a non-current status\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP responder returned an too old status\n"
@@ -10561,67 +10782,71 @@ msgstr "OCSP responder returned an too old status\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) failed: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver missing"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serialno missing in cert ID"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire failed: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url failed: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "error sending data: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch failed: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert failed: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d exceeded\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "can't allocate control structure: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "failed to allocate assuan context: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "failed to initialize the server: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "failed to the register commands with Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan accept problem: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan processing failed: %s\n"
@@ -10664,51 +10889,55 @@ msgstr "certificate chain is good\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certificate should not have been used for CRL signing\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "quiet"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "print data out hex encoded"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "decode received data lines"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "connect to the dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr "connect to the keyboxd"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|connect to Assuan socket NAME"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|connect to Assuan server at ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "run the Assuan server given on the command line"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "do not use extended connect mode"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|run commands from FILE on startup"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "run /subst on startup"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Usage: @GPG@-connect-agent [options] (-h for help)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10716,173 +10945,186 @@ msgstr ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "option “%s” requires a program and optional arguments\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "option “%s” ignored due to “%s”\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "receiving line failed: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "line too long - skipped\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "line shortened due to embedded Nul character\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "unknown command ‘%s’\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "sending line failed: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "no keybox daemon running in this session\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "error sending standard options: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr "Public Keys"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Private Keys"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartcards"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr "TPM"
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Network"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Passphrase Entry"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Component not suitable for launching"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Configuration file of component %s is broken\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Note: Use the command “%s%s” to get details.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "External verification of component %s failed"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Note that group specifications are ignored\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "error closing ‘%s’\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "error parsing ‘%s’\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "list all components"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "check all programs"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|list options"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|change options"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|check options"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "apply global default values"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|update configuration files using FILE"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "get the configuration directories for @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "list global configuration file"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "check global configuration file"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "query the software version database"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "reload all or a given component"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "launch a given component"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "kill a given component"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "use as output file"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "activate changes at runtime, if possible"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Usage: @GPGCONF@ [options] (-h for help)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -10890,15 +11132,15 @@ msgstr ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Need one component argument"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Component not found"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "No argument allowed"
 
@@ -10913,3 +11155,79 @@ msgid ""
 msgstr ""
 "Syntax: gpg-check-pattern [options] patternfile\n"
 "Check a passphrase given on stdin against the patternfile\n"
+
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Note: key %s is already stored on the card!\n"
+
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Note: Keys are already stored on the card!\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Replace existing key %s ? (y/N) "
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr "%s card no. %s detected\n"
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr "User Interaction Flag is set to “%s” - can't change\n"
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+"Warning: Setting the User Interaction Flag to “%s”\n"
+"         can only be reverted using a factory reset!\n"
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr "Please use “uif --yes %d %s”\n"
+
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr "authenticate to the card"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr "send a reset to the card daemon"
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "setup KDF for PIN authentication"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr "change a private data object"
+
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr "read a certificate from a data object"
+
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr "store a certificate to a data object"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr "store a private key to a data object"
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr "Yubikey management commands"
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr "manage the command history"
diff --git a/po/eo.gmo b/po/eo.gmo
index aae474a59880d493f69390faa6e8cf2e8a772dc6..72d649c74950ff89eabc7f4c65b53f32e5c48c44 100644
GIT binary patch
delta 6366
zcmYk=3w+P@9>?+TY|J+IU2JpNf3vxbv1uA>%xsuTuH}A>5K(g^Nk7RgcS)RZ4kFu8
zT5$-K98x)MhZNP6BXX%+q7>=8-v94+kK^~~^M8K7-{0l?{eHgR-)}w4{x)E1Nq~2{
zTF^4XkrZG|P0S53W&!1~)zoUtnrLGh<65kaN3aHdkGeiE#_DrsIs0KQ=O<wbzK8jE
z*_}_1_21{29=2e{JLh8}7Zzb%JdBO-raPZN@9Ma<a{y{UllfsxW*OGT&6t3PFbS`s
zo)^W<@tB24#xrIx1zk83>tG?)!-MF<8_0hqvX(Isn1-siclF_@%uL2AxCHCtI@Cn|
zjk@nDhGSVqr+#9v9{rmv3LS6+R=~~9UC5-(C)f<n;(b^>&Mrx3RBE3=R?QTl9=ruL
z(=VKNQ3FWw8B-ZsqE@#fdQ~Y5bPeNC515Y1$m_TQKgB#8M&6i&DMSryKQbnB1~oI?
z#PXU5)cF+DlH_9~4ny_#G)Cdv1oE%7SxZAOevCdmf=c04SC3&-q10QV9*~FXu(zv^
zL3KP8)$wxVR`U*OsZOBoyN)Eo1hFofP-3EIJA8}=&Y5}G0N=v@;wdZ_!0u&~n#o@B
z8irq^26zFLk*aJM4WJ1&!F*K8C!<om5VcfmQG4YmYM>W93QA2NPa}&a1~uYL)CGM|
z51xPpxByd8qs)Rd%*Q8Cdt)bRNv@zKRH>o8J`I)W;n)G^qMq*^r@*!5Cp647I@uT%
zV|eG(Q7-C1PhlFqicRqlD#dqEn=PJ?ggWSe+GOKUZ^Lsq7#Cp$yyDvLAer<`Me>r)
zi5RSeU9ln#a`mwoN_`6Q3Y%G|46SqZ-KY$Hh1yitP)kytb<lw7q6Xd>wG<vcfG=UB
z-v1;1f-&b%Gr8^R2~3kgnhYfC=228fi%<jEfXdJwRL4I%Luph!9;;vmYC!p@wIAu~
z9!Al>SxrHy*^2Bpvj;Wu^Qg6~!0`3JWK_pFs7*KswT6$OuAhmze-rvQ8EQ{m!15T%
zM?{$m$Ew&AJ>8f?L5{*;T!?zmE2xflAz3xYP;Ws1J52+L#Y)&512GTVV?Jt=Ex{c8
z663HI>#PZ7p)xrjo&1MTD4;<zc^1{da@4LbcI^jHsXXV}e?fIzrMX?2I4ncG11i;>
zoTFX)Y}Cx>qVC&>m2q2h@~<2A(-48*p+@){DkIVN+kvz~?TtRDx5YzUSA-h)Cs-ZN
zI&Y)ij_?foHZ?~r#ZXjcUqB7G(4!DUVH0X(#h8z~u^NW7u&-ZDXEsLBJ{<LyOhFCg
zMR&dsm8pZM36wYkTiWM0K)p>FsONiaUEyKWh(}{M&PQ#UHR!`4B<tn?Y6d3L&O8ZO
zUXzXLa3bpau@X~ozpLNG#ngSgdwgQd+sKRNnGy<m%_?TuPiH3bO)+Co16qMf`7YE<
z&tWVEwXy??!x-w>uHFwdvnj59p{p07mS`8Uy5=|r>-`UHZEvWC+9XL>8*@-M40Y!x
zqt<Lb`fw2{6U7*ZCy=kXxrzM)*jL#$Gn3oc-M$&)Ilm8e-+8R#Q3%ViGi~DRfw{C#
zL}g|t>UFx{&ZoAud!m=~X;em5VH|EpAAW)A@D|p=SRN`{p_XbGdNnA_p`hKr9#!9g
zT7na(wJeio2htc>Gt(b+ejX;_yO@ZlQ5gtqXWNre1L}@??vt2+3s9T5xE=Y|iH~W}
z7wIhO!8ehQpGn|rqP6XXkvI;u7iKs&BbS<!s4rq1X{vz9sF`P=*18|E&CC+iCO(Y3
zU?wP^{D)A;;+@mX+9Mx1Gs(FLwVA#_b#NUu^1G-HNMuL*x+S5OpgHRP?zjkNBKy@u
zcCzPtqW07{ROV)R6g2ZUP@C=pR4PkQnJLrRS{rq~B`PC*u_;c#P+X6??=93Ce}>vS
zx7_)<U2FzZo$av}=e>ax>Qb13dhgd^L)_-t&tNq5@(<dzjK^&1ZBR3qj*YPplksy*
z3}E10t@XOufpzX~Gx#KG;8T$SduB5Q9}UNmuco<y8c3raHr3f!k9u#^ntG^Bv=+6w
z_Ms;5oof&4X)~3ATB<HM4~HY)E^`&zU~(`1PU!uAoPyS92kODUVttH#$j+!Osy-gc
zrdfgN_?$am_F+1wo{CC+RByZ4T4E~oNtljB$k*6>gL+;}ANCymn;Z&CNdZ>C*PO-J
zkNW#q9;5r(O&5<^^HfyIAHeE3$~g@yQeS~#_&O?s@1Q#V5;cK99`0$zbtouR?N9?5
zh<flsydQUBI9^9(pj>~u343A$^~X_rU^?mxT8z!`5H`Yq0e17HU=8ZIn2AFMxc7e*
z4cbiaVof}ak$4*$VAX+kfSDLWy$9++V^Oc+9Q5G|)LXIxwO3A}2KYPb`IQIRiKL_I
z`Gd%R3ku_DXo5wkRGxAdUPGn6>|nc#E1^1WhRRe|)aILpx^5$C#>J?NmY|+{1GNN+
zLu~3hV-@OSJqo&UDzfp-EMy~_lgLIj$wTdp9;%~_s5Lx{)$mu;OhSj*&D#`}!JZh4
zPq_L#)Wix=8T$}5Q12*(G8F#6I5dygj(n*0_NWUxVl+-db+8!K@tde6IgXm)kEj_(
z4!5b#Lk+wiYAK&bA8taP<C%jLYSD1fod_ObFRYIlwD&-5#(B=|sDYiuAUuzn*=6j8
zfsfkf^+J8f3Y@D^6Ziy`fisw>_x~CNbr3bu&LjuxP#=JaI1ROy8&Ge-d#DE;MP=+F
zYDq#y+03M&Uc0WS_WsxgXSn)))E>Hm>GW^HM%xbCpgt5MP@8Kdrr|+cfPcF43m&uW
zdr`05FPMpmW9<KM48auY%dk1_Lrvs1CZTVvop3w!bfSQQ9<&^_X+A=Y@LSZ(@1S0z
z@W<_!tv*(uJ_41I0&IY@FdmChOL7dgS1zHJEO?w9U?^&$t;do7+7u?zpj5t$0r)PV
zgQ|(6;RF1P_$yI*te|ktRcdj~L!~FMD)oP0GNA$F5vPbZiABW!5Awf^+FYUo5yFk{
zBYVk|q0GR|*Tic?=~0ft4dN(KnQOYZ6UqRI^8YzkQ#H;FQGuhk#sB*izq5%4i6^!G
zHM#H>UL|zAVe$Xo=Jz0>f1Y~_qj56!A#`Y?{+-aWts%A$I-<BP8}+AHhu*N3M6@dR
z91Y^#1<Pri?oPD8vcwspJ@GM7w6uFfxc3)IpAz2_rAI!6{ltqzDDe^THc>$6&}Zxc
z;-5q?@gJh1>vbVz9Xp6GiD!sV&h<rYjBkiAcP%?k*<$O_5JWsjd4Rvg{^)yHp9tjK
zjC<N6U0GXl8gZB4-SZ!3`Tf<EYjfXrSJpQCj`DnB0})I;&GqlU<O09riFb%+i7Ui$
z;v~_JxcBf;dCE1!U|m-h3y6!veZ*4YX<{3ZLGV}0tS5dX{D<bh)s<rzQGd$u1RntZ
z(bg%Rcjcd)eC13p;$>naF_Q=+5_nE|{1@>pkwoZdMN}g6;{Ha2bDejBf{xJ^^E$33
zrV{C{Z4%}Z`g69Dh~&l~JWcE)!icp5UnBnqx-sgwPCVf+@sY-6#Ggb2_v^^g`sYy4
zw{Zz^jnEN7ROg~Nf6e|Ke8H7PWmg`AmE6N>Q0__`BOW2n6Xo5xIvC)}G@DDrP~s1*
zzdop)2pz8ymx+$5a3m6i#AaeQkxJ-jVlk~z|C;y;?saW7sL!K3jF>~*Ar2FJh$+NP
zq6*jOm_`3)II)<hNa)yTF%$59R~Cnea3YHMoH#<19zOR#)%8pr6Nwam$(V<6C-EN9
zjVR0YndtqEpGHJ6QHAJ1>>_l;aM1yL$zS6yyt9-x6b2I|#4p4uqBBvC(D4QFv%kc@
ynd67V53VkLxBtgu|6z6=4G~1UEk8#89I!N{#t&QaYbMrTx+nM2mXf@N4gUw%-LT#O

delta 6694
zcmZwL3w+P@9>?+Tj5B6yZ0us#e;B(kcO#VR%q8T0*Vr)Drd?bTzZ`O@NR6<=;W(n4
zk}RjriCm(jqazX$sicdNbQ9vd-v94+)#E(+K7984e!suV_x{@+UOW@9@LYg*HoW2r
zLrM-XrZ(nQF=h$*o#CoA=5n+#P4HWc!nhb?VlfSM|3K$d=Mv`@?8fysFcm{;8PgNn
zqn>-n>X{9$VmH!;`2f|x53XFDf*wf52G|1|VlFnu5_f%%^NjNvY79|4Ox7ej(^2h=
z!@9;ZW)_)xRFq-@?m{*23C3e^9b4ZRb>9H2kHy#sSECR2B9EAlu?F69<r;NuxjAYE
z)3F+k!9?0O`D8S*Rj3DdVFVsUHFN>hP;i_v8Q20taF%lsGFfH?w#04N3eTgKF2-k<
zpa-(LW*X|f52B}$ZX_e$LUrH@hG7uH_fH{Kr=0A{9Z)amhnkT>T!l|!cWg=}gEz&f
zj+G!|Fk4XrJB(}#^HDwKUpHK*LTeJqTWexdRD<0y5{IIeCJ%#fIr?x7CgLtvzJS4$
zgP2Y|AC79Ufh)H~HQWo;ZdL=&j=-ZrYq!DOxEq;0^A2i6-=YuG=ml+<VVHyu;K#TL
z{}f=%Vy008S;l%*#b;0*+<}^rv#1W-z@`}KaaB{Ej+*L`sN<4{+AM2PJ>7wtnIp(7
zn+vE8SEd)bo`8CBCoI4b*c=aIN4$kSv178`8w*iO;_W1(5uHXoa0?lXX`W&?+fY;k
z>ydYuSI{uhPmx>A1<s(JtIkf-d%9u^oQTb^6j@#K7HW@OLcPBxqhybHrac)Qhu%0A
zN1=B2PFMdXR;Bztw#Ey18`ft2LNNtZZim5`fjaL4Q8Se9%8#OE@M+YZdKK&F{2wQy
z9({-Ec?{jwQuM(NI2QHb8s~P@NDjL4H^`t&C8mK@F)dN|k3w~%0QqN@@<R>pah{O0
zZ!VFkhLvbtn<Nso_N`pG59-0msF|6I>_@W{)$uaaTAo7PcNNue7#{=8TncIl(@^&h
zKs`SLJ^v;nqfNB~E8_{&)SbiX_zUX6Fup3XH3s2G)QiTW8eW8~j#-B~1#hD|@)>H0
z0$IO6496ZA*_!#!ATx%FF1Q(W?7l>eD7cNC$|S5p`A*bGdZHT0Lhbt5u6`wICbzr#
z*H8_gK`qT!SOIIM*_n<`WBxVeZK%+NL8y@rMLk%AVK@(UUkTR07f>C19W^7LqB>Hw
zt=$_5sMFF1b>B2p$5&t!ZgU>=$mn>SLmj8Uc6KRJQB&I=)v;o%h%-<fn~gfpk778!
zhdO>=I74r@OVS*5N-|I#8G^d67&TMgYBCzZ7UvOE13#jUQ>FH{fojhBs1CQm2po>u
zGxwqory;9nR-y)Q7;E7bWE+@Jj+EN#f(+O*lgOk}QDQ61K3qomYt*-94xcYhrrClz
zX79Ul<vZ-}|F)<OWuvBi5!S`+sD|G`AAW@~7<#8IH^Ok8{|qv^Fw$Sa)S%XA5wc&*
zdem+|;jVv(wJBdgH5As#-k*wEigeVH4M!i2Le0c%jKdAc=iltZkzN41os6a?y^G!L
zvoN0W<ERJAP-}J)>){P&Tvz)iRu|OFEJU5A9jN<mVttJ7X6=sZcn)g73(!-=dNP`-
zU8o+OL?2#7btI;{eL;KYSWKXP9@fNXFcx<^PoqxBPp%x2ZkH+%waEvgI{aWd^RKnt
z>TWoT36!hyb!dRiQBySpRX+#S!HuW}_oGI74kIy;;j6wD>ciCr`Tb-vkdLe>MvZ(k
zs^fbzJiBR5P@&Bez?q^CCI$8BEI@s7=b&cd5!9Y|4%wgPJZiVc_cDePY=&YLT!tE0
zDf00&hnzQ2d!$8g`~L188TI^b)Q4sg>Rir1Ey-fk3pV0ocoI1PW>Oz}eG_W4?nTYe
zDb&bsp*CmryX;IhL(R-!=Y6Q_-V!pJl4r3QzK+586KV-6^tEf>2%Avujk-P)HHGt?
zrC5jZHf)G*qrMM6U@}(eXX{&GH06=VQhKI{OeZRqqegHX)zEcJ!KD6lB!Hef@4wr2
zY~27mh5Jz*KZ5FTz(Bis8zNt2(*xBJ4>i*z*a){^yw3koGTKDnqc&I6AluV4RQ(v#
zRLw=bU_Cy9FX8Rjb+9p=aSpONW)EtKLWbDqdtoBwdr<>=(v|mNAKEt;$*AGBL+uU2
z@I2-DsPmgM%x<<Ns9k&rTjLFEhb@NN26C|}<rSzIIe;Pfqcd;>e-~1&#*fN41-&pb
zMP#(5^HDu~45RQB=P?YWd=abS&!{P^G}1QQ1T}yms2Q7vk+>Swk!`5=euQZlI?66d
z_fgD08`TV_A_g~M4cvp;1IMv829CC;z=w?~55k%_7h`cHw#PD8{s#Tukumo9=BWGo
zViIPdI=FNU^RI@VqCzj)jhd0u=);Rx7emI{^Pht1;9aN&#$g05a^*GHj`BX#Qrtkz
zWaE46ecez~KMb{5Gd(hDcmZmvHlU8rG1QIMP$Le^v^{QydT|fb5=_T9T!+<gH|n_~
z$U!lukb_}T#_<<1&OtqQ6xEJ*jZ7k$`0@73)C)DT(O3`Xp_X71*233Z`7CN=*HJST
zk!3qtA1hGqkLuV!R6~WXz7#c}wHU4Qe~644_ypCk$+k<<5Y^L8s1Z*>P5mm=3!g)+
z<-6#^o2d81O|T!L4ygJOsQYGNTYL(&8PEFl*!dG}kK15HF0@09><;XYL$D5RMt#W+
zI4>h3FtL;D479=ql)IrC$U*I`6<8mich`@hHs4i@pnVgTV_#GsHDw(z5l5j$^bqRU
zZE*Elu`}fpt{gMj?x8NI@4^^VgUem{Wz^ofge@>`3jf7}1JKh0=g8<nWUf7SJyFML
zI<~?xOvTT!4MyE-N7@$?C>LT1u6FeYunFZaQF|sj&vvjSYUKS;OF1Er_3uDt78N1*
zGU_-Tz$83{@fetImm~o-BOOtjYy_%<qfrBS0(D#uqGs|l48UE4QX!$=C9mNr;;;Jt
zm#4L4z9b$Y>TwevxnENx<>x7B8smvx#93lHv79JRI)bIdW5k`rZ9KORnR)+dD!`A3
zrwM;j`+p*SCXN#|cwhi3r4siMnkuCzuCdAeX_Ql(BOWDmzNZoK-1iIqKq$Rnu|K)?
z4mtgI-;3zQkeNefw7u-#cpJ%U`ko?QcJ;B`*PVP4Drsj|C+ev1yVTHKUqjtOSAPdq
zA}$bpi2o2<2~tT=jZkkUnYW3rRO3=#e2Z901QUmde-hIPrC~&8;@?CN@g5QG+Abll
z^eXWop-B$o+8ETqI8Rh__lDTZ42Fs-#5^u$66L8T8ExjuTw7dTi8}g9+K&$rfm~<5
z`_t$Ayy5coso&}HmB@cV{&8Xp5kfib_j~YbD(@m*BIXj`6DNr?#8~3@DS^T)S5X&r
z0?X4AWG)fyh*iXF;uWGJF^+hKxI*}orsrQSA4iYwA>WYT@c2`PQ!H@#?=Xmar{Hj6
zHIYj^Oau~*xK<h8AU-9M38k*YZG=wmO(L56y!Xi{<yp)>a0BsY;&xZ}0QMw?5bKFr
zJgBerC&ZgXRbmq{m1s(|Ae4S0iitYhe;C^m70HL8QWvd%4>GNZCy5^kr7A>iZqz4T
zsS&ZrpR+&0U4A@9aG#Qo7(|>PCJ`5jP<Jg6^<RYL=^HW=hzbGBzrMEp-IaBCnds-r
zN%$O5M(iir5K65q{{LmK%8UO(`Jk)wQC>!VBC&)BpnMEpCmtlO5j9<BYH9s*h!sRA
zq4cc9%)kyVFOCwCL@aTdc$X+o3GRhEsF?36@5h!dKN5Endx^nBF!y&t@9+F*P81Ol
z#86@np;VWf{);R9CH|IlmXl5<i};whPW+9yn`lfZeL!6G=lG)t4-ntFvbbgc?BRC>
zh0R11(YtJI^mhRn30X<LZUZ~}5({%C=K1pTa%Uz58=udYs0#yhAv<q;!OW>ee|YV;
zhe{r<btT!|nw{m#$}GwZHVK73SCx~W=bN6Bo9i2w?JF+K&MKQ8o0Qo1*T(aT3w(ve
z;|iw~<c!Pt{|@Nl{>3>H3jXlQZ;zFfcD<b1#NJtyIaz(k&dZ<d?}ooNGb`VhU09S~
S=*yg%n=^$jmM!R(n*2Xs*bVjo

diff --git a/po/eo.po b/po/eo.po
index 91a44a1..255c1c0 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.0.6d\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2002-04-14 14:33+0100\n"
 "Last-Translator: Edmund GRIMLEY EVANS <edmundo@rano.org>\n"
 "Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
@@ -17,52 +17,52 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to create a sign and encrypt key? "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Ĉu vi vere volas krei subskriban kaj ĉifran ŝlosilon? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -70,7 +70,7 @@ msgstr "nevalida pasfrazo"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -81,25 +81,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "pasfrazo estas tro longa\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -109,299 +97,279 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "malbona pasfrazo"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "pasfrazo estas tro longa\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "pasfrazo estas tro longa\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Nevalida signo en nomo\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "malbona MPI"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "malbona pasfrazo"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "ŝanĝi la pasfrazon"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "protekto-metodo %d%s ne estas realigita\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "ne povas krei '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "ne povas malfermi '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "neniu skribebla sekreta ŝlosilaro trovita: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: malsukcesis krei haktabelon: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 #, fuzzy
 msgid "Admin PIN"
 msgstr "Donu la uzantidentigilon: "
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Ripetu pasfrazon: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Ripetu pasfrazon: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Ripetu pasfrazon: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "la pasfrazo ne estis ĝuste ripetita; provu denove"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "la pasfrazo ne estis ĝuste ripetita; provu denove"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "la pasfrazo ne estis ĝuste ripetita; provu denove"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "skribas al '%s'\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Donu pasfrazon\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -409,7 +377,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Nomo devas havi almenaÅ­ 5 signojn\n"
 msgstr[1] "Nomo devas havi almenaÅ­ 5 signojn\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -417,380 +385,385 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Vi bezonas pasfrazon por protekti vian sekretan ŝlosilon.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "ŝanĝi la pasfrazon"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Ŝlosilo estas anstataŭigita."
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "detala eligo"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "iom malpli da informoj"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "aktualigi la fido-datenaron"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NOMO|difini NOMOn kiel la signaron de la terminalo"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "ne realigita"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "ne realigita"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|uzi pasfraz-reĝimon N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "uzi gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Bonvolu raporti cimojn al <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "elektita kompendi-metodo ne validas\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "legas opciojn el '%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "ne povas krei %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "Valida atestilrevoko"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "%s: ne povas krei dosierujon: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: dosierujo kreita\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: ne povas krei dosierujon: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "aktualigo de sekreto malsukcesis: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "\t%lu ŝlosiloj ignoritaj\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -800,19 +773,19 @@ msgstr ""
 "Opcioj:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -820,8 +793,8 @@ msgstr ""
 "@Komandoj:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -831,87 +804,86 @@ msgstr ""
 "Opcioj:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "nuligita de uzanto\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "kiraso: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "sekretaj ŝlosilpartoj ne estas disponataj\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "kiraso: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -924,19 +896,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "jes"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -949,7 +921,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -959,142 +931,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "ŝanĝi la pasfrazon"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Ĉu vi vere volas forviŝi la elektitajn ŝlosilojn? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "ŝalti ŝlosilon"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "sekretaj ŝlosilpartoj ne estas disponataj\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "protekto-metodo %d%s ne estas realigita\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "protekto-metodo %d%s ne estas realigita\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "protekto-metodo %d%s ne estas realigita\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
@@ -1110,33 +1082,33 @@ msgstr "ne povas konektiĝi al '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problemo kun agento: agento redonas 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "ne povas malŝalti kreadon de core-dosieroj: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "aktualigo malsukcesis: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 #, fuzzy
 msgid "yes"
 msgstr "jes"
@@ -1192,51 +1164,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "aktualigo malsukcesis: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "ne povas fari tion en neinteraga reĝimo\n"
+
+#: common/asshelp.c:366
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
 msgstr "ne povas fari tion en neinteraga reĝimo\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "ne povas fari tion en neinteraga reĝimo\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "ne povas fari tion en neinteraga reĝimo\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "ne povas fari tion en neinteraga reĝimo\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "AVERTO: %s nuligas %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1317,7 +1333,7 @@ msgid "algorithm: %s"
 msgstr "kiraso: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1403,12 +1419,12 @@ msgstr ""
 "Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
 "\n"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "Bona atestilo"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Nenia helpo disponata"
@@ -1450,7 +1466,7 @@ msgstr "Nenia helpo disponata por '%s'"
 msgid "ignoring garbage line"
 msgstr "eraro en vostolinio\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "nekonata versio"
@@ -1460,144 +1476,26 @@ msgstr "nekonata versio"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "nevalida signo %02x en bazo 64 ignorita\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "skribas sekretan ŝlosilon al '%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "legeraro ĉe dosiero"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "pasfrazo estas tro longa\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "nevalida argumento"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "nevalida kiraso"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "malkongruaj komandoj\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "nevalida kiraso"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "ne traktita"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "malkongruaj komandoj\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "nekonata implicita ricevonto '%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "neatendita dateno"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "nevalida kiraso"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "nevalida kiraso"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Nevalida komando (provu per \"helpo\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "nevalida kiraso"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTO: mankas implicita opcio-dosiero '%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "opcio-dosiero '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1613,131 +1511,132 @@ msgstr "ne povas malfermi %s: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "%s: ne povas krei dosierujon: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "publika ŝlosilo %08lX ne trovita: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "kiraso: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "nevalida kirasoĉapo: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "kirasoĉapo: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "nevalida ĉapo de klarteksta subskribo\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "kirasoĉapo: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "ingitaj klartekstaj subskriboj\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "neatendita kiraso:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "nevalida strek-eskapita linio: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "nevalida signo %02x en bazo 64 ignorita\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "tro frua dosierfino (nenia CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "tro frua dosierfino (en CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "misformita CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC-eraro; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "tro frua dosierfino (en vosto)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "eraro en vostolinio\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "nevalida kiraso: linio pli longa ol %d signojn\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1745,13 +1644,13 @@ msgstr ""
 "quoted-printable-signo en kiraso - verŝajne cima poŝtotransendilo estis "
 "uzata\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "ne homlegebla"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, fuzzy, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1760,395 +1659,379 @@ msgstr ""
 "notacia nomo devas enhavi nur literojn, ciferojn, punktojn aÅ­ substrekojn "
 "kaj fini per '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, fuzzy, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "notacia valoro ne povas enhavi stirsignojn\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "notacia valoro ne povas enhavi stirsignojn\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "notacia valoro ne povas enhavi stirsignojn\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "notacia valoro ne povas enhavi stirsignojn\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
 "notacia nomo devas enhavi nur literojn, ciferojn, punktojn aÅ­ substrekojn "
 "kaj fini per '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "AVERTO: nevalida notacia dateno trovita\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, fuzzy, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "malsukcesis meti '%s' en fido-datenaron: %s\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Donu pasfrazon: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "AVERTO: %s nuligas %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s ne havas sencon kun %s!\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
+msgid "error from TPM: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s ne havas sencon kun %s!\n"
+msgid "problem with the agent: %s\n"
+msgstr "problemo kun agento: agento redonas 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "krei revokatestilon"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "kiraso: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "sekreta ŝlosilo ne havebla"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "ne povas fari tion en neinteraga reĝimo\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "sekretaj ŝlosilpartoj ne estas disponataj\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Via elekto? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "ne traktita"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "skribas publikan ŝlosilon al '%s'\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "aktualigitaj preferoj"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "nevalida signo en signoĉeno\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "nevalida signo en signoĉeno\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "Fingrospuro:"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Kiun ŝlosilgrandon vi deziras? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "rondigita ĝis %u bitoj\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Bonvolu elekti, kian ŝlosilon vi deziras:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (nur subskribi)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA kaj ElGamal (implicita elekto)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Nevalida elekto.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2156,204 +2039,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Bonvolu elekti, kian ŝlosilon vi deziras:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Kialo por revoko: "
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Ĉu vere subskribi? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "forlasi ĉi tiun menuon"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "malkongruaj komandoj\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "montri ĉi tiun helpon"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Nenia helpo disponata"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "ŝanĝi la daton de eksvalidiĝo"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "ŝanĝi la posedantofidon"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "montri fingrospuron"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "ŝanĝi la posedantofidon"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "ŝanĝi la posedantofidon"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "malkongruaj komandoj\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "malkongruaj komandoj\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Nevalida komando (provu per \"helpo\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output ne funkcias por ĉi tiu komando\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "ne povas malfermi '%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "eraro dum legado de ŝlosilbloko: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr ""
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "ne povas fari tion en neinteraga reĝimo sen \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2394,9 +2290,9 @@ msgstr "ŝlosilo"
 msgid "subkey"
 msgstr "al"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
@@ -2421,157 +2317,117 @@ msgstr "estas sekreta ŝlosilo por la publika ŝlosilo \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "uzu la opcion \"--delete-secret-key\" por forviŝi ĝin unue.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr ""
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, fuzzy, c-format
-msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "'%s' jam densigita\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
 #, fuzzy, c-format
-msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
-msgid "digest algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVERTO: '%s' estas malplena dosiero\n"
+msgid "digest algorithm '%s' may not be used in %s mode\n"
+msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "legas el '%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encrypt.c:1159
 #, fuzzy, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s-ĉifrita por: %s\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s-ĉifritaj datenoj\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "ĉifrita per nekonata metodo %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "AVERTO: mesaĝo estis ĉifrita per malforta ŝlosilo en la simetria ĉifro.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problemo ĉe traktado de ĉifrita paketo\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr ""
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr "%s: eraro dum legado de versiregistro: %s\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "ne povas malfermi %s: %s\n"
-
-#: g10/exec.c:591
-#, fuzzy, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "%s: eraro dum legado de versiregistro: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr ""
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr ""
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr ""
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2596,403 +2452,403 @@ msgstr "neuzebla sekreta ŝlosilo"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: ignorita: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "skribas al '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "ŝlosilo %08lX: revokatestilo en malĝusta loko - ignorita\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "ŝlosilo %08lX: PGP-2.x-stila ŝlosilo - ignorita\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "AVERTO: nenio estis eksportita\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "eraro dum kreado de '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[Uzantidentigilo ne trovita]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "eraro dum kreado de '%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "eraro dum kreado de '%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "Fingrospuro:"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "nevalida kiraso"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan ŝlosilon"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan ŝlosilon"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Nevalida ŝlosilo %08lX validigita per --always-trust\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "uzas flankan ŝlosilon %08lX anstataŭ la ĉefa ŝlosilo %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "nevalida kiraso"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "fari apartan subskribon"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[dosiero]|fari klartekstan subskribon"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "fari apartan subskribon"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "ĉifri datenojn"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "ĉifri nur kun simetria ĉifro"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "malĉifri datenojn (implicita elekto)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "kontroli subskribon"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "listigi ŝlosilojn"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "listigi ŝlosilojn kaj subskribojn"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "kontroli ŝlosilsubskribojn"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "listigi ŝlosilojn kaj fingroŝpurojn"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "listigi sekretajn ŝlosilojn"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "krei revokatestilon"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "forigi ŝlosilojn de la publika ŝlosilaro"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "forigi ŝlosilojn de la sekreta ŝlosilaro"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "subskribi ŝlosilon"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "subskribi ŝlosilon loke"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "krei novan ŝlosilparon"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "subskribi ŝlosilon"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "subskribi ŝlosilon loke"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "subskribi aŭ redakti ŝlosilon"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "ŝanĝi la pasfrazon"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "eksporti ŝlosilojn"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "eksporti ŝlosilojn al ŝlosilservilo"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importi ŝlosilojn de ŝlosilservilo"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "serĉi ŝlosilojn ĉe ŝlosilservilo"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "aktualigi ĉiujn ŝlosilojn de ŝlosilservilo"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importi/kunfandi ŝlosilojn"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "aktualigi la fido-datenaron"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|metodo [dosieroj]|presi mesaĝo-kompendiojn"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan ŝlosilon"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NOMO|ĉifri por NOMO"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "fari neniajn ŝanĝojn"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr ""
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "krei eligon en askia kiraso"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "uzi tekstan reĝimon"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|difini densig-nivelon N (0=nenia)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importi ŝlosilojn de ŝlosilservilo"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "kontroli ŝlosilsubskribojn"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "listigi sekretajn ŝlosilojn"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NOMO|ĉifri por NOMO"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "uzi ĉi tiun uzantidentigilon por subskribi aŭ malĉifri"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3000,7 +2856,7 @@ msgstr ""
 "@\n"
 "(Vidu la manpaĝon por kompleta listo de ĉiuj komandoj kaj opcioj)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3030,13 +2886,13 @@ msgstr ""
 " --list-keys [nomoj]        montri ŝlosilojn\n"
 " --fingerprint [nomoj]      montri fingroŝpurojn\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3051,7 +2907,7 @@ msgstr ""
 "subskribi, kontroli, ĉifri aŭ malĉifri\n"
 "implicita operacio dependas de la enigataj datenoj\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3059,550 +2915,564 @@ msgstr ""
 "\n"
 "Realigitaj metodoj:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr ""
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr ""
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr ""
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 #, fuzzy
 msgid "Compression: "
 msgstr "Komento: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "uzado: gpg [opcioj] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "malkongruaj komandoj\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "%s: nova opcio-dosiero kreita\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Mankas responda subskribo en sekreta ŝlosilaro\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Mankas responda subskribo en sekreta ŝlosilaro\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "montri, en kiu ŝlosilaro estas listigita ŝlosilo"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Mankas responda subskribo en sekreta ŝlosilaro\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTO: %s ne estas por normala uzado!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Nevalida retadreso\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "nevalida kiraso"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "ne povis analizi URI de ŝlosilservilo\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "nevalida ŝlosilaro"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, fuzzy, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, fuzzy, c-format
 msgid "invalid import options\n"
 msgstr "nevalida kiraso"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "nevalida kiraso"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, fuzzy, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, fuzzy, c-format
 msgid "invalid export options\n"
 msgstr "nevalida ŝlosilaro"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "nevalida kiraso"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "nevalida ŝlosilaro"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr ""
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "nevalida kiraso"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "AVERTO: programo povas krei core-dosieron!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVERTO: %s nuligas %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s ne eblas kun %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s ne havas sencon kun %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "elektita ĉifrad-metodo ne validas\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "elektita kompendi-metodo ne validas\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "elektita ĉifrad-metodo ne validas\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, fuzzy, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "elektita kompendi-metodo ne validas\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed devas esti pli granda ol 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed devas esti pli granda ol 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth devas esti inter 1 kaj 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, fuzzy, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "nevalida default-check-level; devas esti 0, 1, 2 aÅ­ 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, fuzzy, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "nevalida default-check-level; devas esti 0, 1, 2 aÅ­ 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTO: simpla S2K-reĝimo (0) estas forte malrekomendata\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "nevalida S2K-reĝimo; devas esti 0, 1 aŭ 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, fuzzy, c-format
 msgid "invalid default preferences\n"
 msgstr "nevalidaj preferoj\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, fuzzy, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "nevalidaj preferoj\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "nevalidaj preferoj\n"
+
+#: g10/gpg.c:3940
 #, fuzzy, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "nevalidaj preferoj\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, fuzzy, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "nevalidaj preferoj\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "ŝlosilgrando nevalida; uzas %u bitojn\n"
+
+#: g10/gpg.c:3995
 #, fuzzy, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ne havas sencon kun %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "malĉifrado malsukcesis: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, fuzzy, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, fuzzy, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "listigo de sekretaj ŝlosiloj malsukcesis: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, fuzzy, c-format
 msgid "key export failed: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, fuzzy, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "get_dir_record: search_record malsukcesis: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, fuzzy, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "listigo de sekretaj ŝlosiloj malsukcesis: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "elkirasigo malsukcesis: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Ektajpu vian mesaĝon ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "la donita gvidlinia URL por atestado ne validas\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
@@ -3617,7 +3487,7 @@ msgstr "Ĉu forviŝi ĉi tiun ŝlosilon de la ŝlosilaro? "
 msgid "make timestamp conflicts only a warning"
 msgstr "malkongruo de tempostampoj"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|skribi statusinformojn al FD (dosierpriskribilo)"
 
@@ -3666,299 +3536,315 @@ msgstr "aktualigi la fido-datenaron"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "ne realigita"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "montri fingrospuron"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "montri fingrospuron"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "neuzebla sekreta ŝlosilo"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "montri fingrospuron"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "ignoras blokon de speco %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu ŝlosiloj jam traktitaj\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "      Nombro traktita entute: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    ignoritaj novaj ŝlosiloj: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "    ignoritaj novaj ŝlosiloj: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "         sen uzantidentigilo: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                  importitaj: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                  neŝanĝitaj: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "      novaj uzantidentigiloj: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           novaj subŝlosiloj: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "            novaj subskriboj: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "         novaj ŝlosilrevokoj: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "   sekretaj ŝlosiloj legitaj: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "sekretaj ŝlosiloj importitaj: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "sekretaj ŝlosiloj neŝanĝitaj: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, fuzzy, c-format
 msgid "          not imported: %lu\n"
 msgstr "                  importitaj: %lu"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "            novaj subskriboj: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "   sekretaj ŝlosiloj legitaj: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "ignoris '%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "ŝlosilo %08lX: mankas subŝlosilo por ŝlosilbindado\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "ŝlosilo %08lX: akceptis ne-mem-subskribitan uzantidentigilon '"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "ŝlosilo %08lX: mankas valida uzantidentigilo\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "tio povas esti kaÅ­zata de mankanta mem-subskribo\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "ŝlosilo %08lX: publika ŝlosilo ne trovita: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "ŝlosilo %08lX: nova ŝlosilo - ignorita\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "neniu skribebla ŝlosilaro trovita: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "ŝlosilo %08lX: publika ŝlosilo importita\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "ŝlosilo %08lX: diferencas de nia kopio\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "ŝlosilo %08lX: 1 nova uzantidentigilo\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "ŝlosilo %08lX: %d novaj uzantidentigiloj\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "ŝlosilo %08lX: 1 nova subskribo\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "ŝlosilo %08lX: %d novaj subskriboj\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "ŝlosilo %08lX: 1 nova subŝlosilo\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "ŝlosilo %08lX: %d novaj subŝlosiloj\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "ŝlosilo %08lX: %d novaj subskriboj\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "ŝlosilo %08lX: %d novaj subskriboj\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "ŝlosilo %08lX: %d novaj uzantidentigiloj\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "ŝlosilo %08lX: %d novaj uzantidentigiloj\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "ŝlosilo %08lX: ne ŝanĝita\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "ŝlosilo %08lX: sekreta ŝlosilo importita\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
@@ -3971,198 +3857,204 @@ msgstr "eraro dum sendo al '%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "ŝlosilo %08lX: sekreta ŝlosilo sen publika ŝlosilo - ignorita\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Nenia kialo specifita"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Ŝlosilo estas anstataŭigita."
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Ŝlosilo estas kompromitita"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Ŝlosilo estas ne plu uzata"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Uzantidentigilo ne plu validas"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, fuzzy, c-format
 msgid "reason for revocation: "
 msgstr "Kialo por revoko: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, fuzzy, c-format
 msgid "revocation comment: "
 msgstr "Komento pri revoko: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "ŝlosilo %08lX: publika ŝlosilo mankas - ne povas apliki revokatestilon\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "ŝlosilo %08lX: ne povas trovi originalan ŝlosilblokon: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "ŝlosilo %08lX: ne povas legi originalan ŝlosilblokon: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "ŝlosilo %08lX: nevalida revokatestilo: %s - malakceptita\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "ŝlosilo %08lX: revokatestilo importita\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "ŝlosilo %08lX: mankas uzantidentigilo por subskribo\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "ŝlosilo %08lX: nerealigita publikŝlosila metodo\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "ŝlosilo %08lX: nevalida mem-subskribo\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "ŝlosilo %08lX: nerealigita publikŝlosila metodo\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "ŝlosilo %08lX: rekta ŝlosilsubskribo aldonita\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "ŝlosilo %08lX: mankas subŝlosilo por ŝlosilbindado\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "ŝlosilo %08lX: nevalida subŝlosila bindado\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "ŝlosilo %08lX: nevalida subŝlosila bindado\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "ŝlosilo %08lX: mankas subŝlosilo por ŝlosilbindado\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "ŝlosilo %08lX.%lu: Valida subŝlosilrevoko\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "ŝlosilo %08lX: nevalida subŝlosila bindado\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "ŝlosilo %08lX: ignoris uzantidentigilon '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "ŝlosilo %08lX: ignoris subŝlosilon\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "ŝlosilo %08lX: neeksportebla subskribo (klaso %02x) - ignorita\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "ŝlosilo %08lX: revokatestilo en malĝusta loko - ignorita\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "ŝlosilo %08lX: nevalida revokatestilo: %s - ignorita\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "ŝlosilo %08lX: revokatestilo en malĝusta loko - ignorita\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "ŝlosilo %08lX: neeksportebla subskribo (klaso %02x) - ignorita\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "ŝlosilo %08lX: trovis ripetitan uzantidentigilon - kunfandita\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "ŝlosilo %08lX: trovis ripetitan uzantidentigilon - kunfandita\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "ŝlosilo %08lX: rekta ŝlosilsubskribo aldonita\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
@@ -4183,19 +4075,19 @@ msgstr "%s-subskribo de: %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Bona subskribo de \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "ignoris '%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Uzantidentigilo \"%s\" estas revokita.\n"
 msgstr[1] "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4203,7 +4095,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 subskribo ne kontrolita pro manko de ŝlosilo\n"
 msgstr[1] "1 subskribo ne kontrolita pro manko de ŝlosilo\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4211,53 +4103,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d malbonaj subskriboj\n"
 msgstr[1] "%d malbonaj subskriboj\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Bona subskribo de \""
 msgstr[1] "Bona subskribo de \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "ŝlosilaro '%s' kreita\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "ŝlosilaro '%s' kreita\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "eraro dum kreado de '%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "eraro dum legado de '%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "malsukcesis rekonstrui ŝlosilaran staplon: %s\n"
@@ -4270,7 +4157,7 @@ msgstr "[revoko]"
 msgid "[self-signature]"
 msgstr "[mem-subskribo]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4283,12 +4170,12 @@ msgstr ""
 "kontrolante fingrospurojn el diversaj fontoj ...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Mi fidas iomete\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Mi plene fidas\n"
@@ -4315,13 +4202,13 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 #, fuzzy
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr ""
 
@@ -4537,211 +4424,215 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Ĉu vere subskribi? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "skribi kaj fini"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "montri fingrospuron"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Subskribo-notacio: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "listigi ŝlosilojn kaj uzantidentigilojn"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "elekti uzantidentigilon N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "elekti uzantidentigilon N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "revoki subskribojn"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "subskribi la ŝlosilon loke"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Sugesto: Elekti la uzantidentigilojn por subskribi\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "aldoni uzantidentigilon"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "aldoni foto-identigilon"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "forviŝi uzantidentigilon"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "al"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "forviŝi flankan ŝlosilon"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 #, fuzzy
 msgid "add a revocation key"
 msgstr "aldoni flankan ŝlosilon"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Ĉu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Vi ne povas ŝanĝi la daton de eksvalidiĝo de v3-ŝlosilo\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "marku uzantidentigilon kiel ĉefan"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "listigi preferojn (spertula)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "listigi preferojn (detale)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Ĉu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "ne povis analizi URI de ŝlosilservilo\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Ĉu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "ŝanĝi la pasfrazon"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "ŝanĝi la posedantofidon"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Ĉu vere forigi ĉiujn elektitajn uzantidentigilojn? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "aldoni uzantidentigilon"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "revoki flankan ŝlosilon"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "ŝalti ŝlosilon"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "malŝalti ŝlosilon"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "montri foto-identigilon"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Sekreta ŝlosilo estas havebla.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Sekreta ŝlosilo estas havebla.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Bezonas la sekretan ŝlosilon por fari tion.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4749,346 +4640,351 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 #, fuzzy
 msgid "Key is revoked."
 msgstr "Ŝlosilo estas revokita.\n"
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Ĉu vere subskribi ĉiujn uzantidentigilojn? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Ĉu vere subskribi ĉiujn uzantidentigilojn? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Sugesto: Elekti la uzantidentigilojn por subskribi\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "nekonata klaso de subskribo"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Vi devas elekti almenaÅ­ unu uzantidentigilon.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Vi ne povas forviŝi la lastan uzantidentigilon!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Ĉu vere forigi ĉiujn elektitajn uzantidentigilojn? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Ĉu vere forigi ĉi tiun uzantidentigilon? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Ĉu vere forigi ĉi tiun uzantidentigilon? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Vi devas elekti almenaŭ unu ŝlosilon.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "ne povas malfermi '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Vi devas elekti almenaŭ unu ŝlosilon.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Ĉu vi vere volas forviŝi la elektitajn ŝlosilojn? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Ĉu vi vere volas forviŝi ĉi tiun ŝlosilon? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Ĉu vere forigi ĉiujn elektitajn uzantidentigilojn? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Ĉu vere forigi ĉi tiun uzantidentigilon? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Ĉu vi vere volas revoki ĉi tiun ŝlosilon? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Ĉu vi vere volas revoki la elektitajn ŝlosilojn? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Ĉu vi vere volas revoki ĉi tiun ŝlosilon? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "agordi liston de preferoj"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Ĉu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Ĉu vere aktualigi la preferojn? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Ĉu skribi ŝanĝojn? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Ĉu fini sen skribi ŝanĝojn? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Ŝlosilo ne ŝanĝita, do aktualigo ne necesas.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Vi ne povas forviŝi la lastan uzantidentigilon!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "nevalida valoro\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Uzantidentigilo ne ekzistas.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Nenio por subskribi per ŝlosilo %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   subskribita per %08lX je %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s ne estas valida signaro\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr ""
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr ""
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notacio: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Ĉi tiu ŝlosilo estas revokebla per %s ŝlosilo %s%s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Ĉi tiu ŝlosilo estas revokebla per %s ŝlosilo %s%s\n"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (sentema)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "ne povas krei %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "rev"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [eksvalidiĝos: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [eksvalidiĝos: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " fido: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " fido: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Ĉi tiu ŝlosilo estas malŝaltita"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 msgstr ""
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "rev"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "eksval"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 msgstr ""
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Vi ne povas ŝanĝi la daton de eksvalidiĝo de v3-ŝlosilo\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5097,36 +4993,36 @@ msgstr ""
 "AVERTO: Ĉi tiu estas PGP2-stila ŝlosilo. Aldono de foto-identigilo eble\n"
 "        kaŭzos, ke iuj versioj de PGP malakceptos la ŝlosilon.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 #, fuzzy
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas aldoni ĝin? (j/n) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Ne eblas aldoni foto-identigilon al PGP2-stila ŝlosilo.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Ĉu forviŝi ĉi tiun bonan subskribon? (j/N/f)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Ĉu forviŝi ĉi tiun nevalidan subskribon? (j/N/f)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Ĉu forviŝi ĉi tiun nekonatan subskribon? (j/N/f)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Ĉu vere forviŝi ĉi tiun mem-subskribon? (j/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5134,37 +5030,37 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Forviŝis %d subskribon.\n"
 msgstr[1] "Forviŝis %d subskribon.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nenio estis forviŝita.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "nevalida"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Uzantidentigilo \"%s\" estas revokita.\n"
 msgstr[1] "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 #, fuzzy
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
@@ -5174,307 +5070,312 @@ msgstr ""
 "AVERTO: Ĉi tiu estas PGP2-stila ŝlosilo. Aldono de foto-identigilo eble\n"
 "        kaŭzos, ke iuj versioj de PGP malakceptos la ŝlosilon.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 #, fuzzy
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Ne eblas aldoni foto-identigilon al PGP2-stila ŝlosilo.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 #, fuzzy
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Donu la ŝlosilgrandon"
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Ŝanĝas la daton de eksvalidiĝo de flanka ŝlosilo.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Ŝanĝas la daton de eksvalidiĝo de la ĉefa ŝlosilo.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Vi ne povas ŝanĝi la daton de eksvalidiĝo de v3-ŝlosilo\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Ŝanĝas la daton de eksvalidiĝo de flanka ŝlosilo.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Ŝanĝas la daton de eksvalidiĝo de la ĉefa ŝlosilo.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Bonvolu elekti precize unu uzantidentigilon.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "ŝlosilo %08lX: nevalida mem-subskribo\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Subskribo-notacio: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Ĉu surskribi (j/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Mankas uzantidentigilo kun indekso %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Mankas uzantidentigilo kun indekso %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Mankas uzantidentigilo kun indekso %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Mankas uzantidentigilo kun indekso %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "uzantidentigilo: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   subskribita per %08lX je %s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr ""
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, fuzzy, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 #, fuzzy
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas aldoni ĝin? (j/n) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 #, fuzzy
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Ĉu krei revokatestilon por ĉi tiu subskribo? (j/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Vi subskribis la sekvajn uzantidentigilojn:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr "subskribi ŝlosilon nerevokeble"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   revokita de %08lX je %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Vi revokos la sekvajn subskribojn:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 #, fuzzy
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Ĉu vere krei la revokatestilojn? (j/N)"
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "mankas sekreta ŝlosilo\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, fuzzy, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Vi ne povas forviŝi la lastan uzantidentigilon!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "nevalida kiraso"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "prefero %c%lu ripetita\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "tro da '%c'-preferoj\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "tro da '%c'-preferoj\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "tro da '%c'-preferoj\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "tro da '%c'-preferoj\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "nevalida signo en signoĉeno\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, fuzzy, c-format
 msgid "writing direct signature\n"
 msgstr "skribas mem-subskribon\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "skribas mem-subskribon\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "skribas ŝlosilbindan subskribon\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "ŝlosilgrando nevalida; uzas %u bitojn\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "ŝlosilgrando rondigita ĝis %u bitoj\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "subskribi"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "ĉifri datenojn"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5488,169 +5389,179 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (nur ĉifri)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA kaj ElGamal (implicita elekto)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA kaj ElGamal (implicita elekto)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (nur subskribi)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (nur subskribi)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (nur ĉifri)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA kaj ElGamal (implicita elekto)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (subskribi kaj ĉifri)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+msgid " *default*"
+msgstr "malĉifri datenojn (implicita elekto)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (nur subskribi)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Subskribo-notacio: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Mankas uzantidentigilo kun indekso %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: eraro dum legado de libera registro: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "malŝalti ŝlosilon"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "rondigita ĝis %u bitoj\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Kiun ŝlosilgrandon vi deziras? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Petita ŝlosilgrando estas %u bitoj\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Bonvolu elekti, kian ŝlosilon vi deziras:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5666,7 +5577,7 @@ msgstr ""
 "      <n>m = ŝlosilo eksvalidiĝos post n monatoj\n"
 "      <n>y = ŝlosilo eksvalidiĝos post n jaroj\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5682,40 +5593,40 @@ msgstr ""
 "      <n>m = ŝlosilo eksvalidiĝos post n monatoj\n"
 "      <n>y = ŝlosilo eksvalidiĝos post n jaroj\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Ŝlosilo validu ...? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Ŝlosilo validu por ...? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "nevalida valoro\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s neniam eksvalidiĝos\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s neniam eksvalidiĝos\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s eksvalidiĝos je %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5723,12 +5634,12 @@ msgstr ""
 "Via sistemo ne povas montri datojn post 2038.\n"
 "Tamen, ĝi estos ĝuste traktata ĝis 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Ĉu tio estas ĝusta (j/n)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5739,7 +5650,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5755,50 +5666,50 @@ msgstr ""
 "    \"Heinrich Heine (la poeto) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Vera nomo: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Nevalida signo en nomo\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Nomo ne povas komenciĝi per cifero\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Nomo devas havi almenaÅ­ 5 signojn\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Retadreso: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Nevalida retadreso\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Komento: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Nevalida signo en komento\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Vi uzas la signaron '%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5809,7 +5720,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Bonvolu ne meti la retadreson en la veran nomon aÅ­ la komenton\n"
 
@@ -5824,35 +5735,35 @@ msgstr "Bonvolu ne meti la retadreson en la veran nomon aÅ­ la komenton\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKkAaBbFf"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Ŝanĝu (N)omon, (K)omenton, (A)adreson, aŭ (F)ini? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Ŝanĝu (N)omon, (K)omenton, (A)adreson, aŭ (B)one/(F)ini? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Ŝanĝu (N)omon, (K)omenton, (A)adreson, aŭ (F)ini? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Ŝanĝu (N)omon, (K)omenton, (A)adreson, aŭ (B)one/(F)ini? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Bonvolu korekti la eraron unue\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5864,13 +5775,13 @@ msgstr ""
 "kreado de la primoj; tio donas al la stokastilo pli bonan ŝancon\n"
 "akiri sufiĉe da entropio.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5878,67 +5789,67 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "'%s' jam densigita\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 msgid "Create anyway? (y/N) "
 msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 msgid "creating anyway\n"
 msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Kreado de ŝlosiloj nuligita.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "ne povas krei '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "NOTO: sekreta ŝlosilo %08lX eksvalidiĝis je %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "skribas publikan ŝlosilon al '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "neniu skribebla publika ŝlosilaro trovita: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "eraro dum skribado de publika ŝlosilaro '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "publika kaj sekreta ŝlosiloj kreitaj kaj subskribitaj.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5947,7 +5858,7 @@ msgstr ""
 "Notu, ke ĉi tiu ŝlosilo ne estas uzebla por ĉifrado. Vi eble volos\n"
 "uzi la komandon \"--edit-key\" por krei flankan ŝlosilon por tiu celo.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5955,7 +5866,7 @@ msgstr ""
 "ŝlosilo estis kreita %lu sekundon en la estonteco (tempotordo aŭ "
 "horloĝeraro)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5963,54 +5874,54 @@ msgstr ""
 "ŝlosilo estis kreita %lu sekundojn en la estonteco (tempotordo aŭ "
 "horloĝeraro)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "NOTO: krei subŝlosilojn por v3-ŝlosiloj ne estas OpenPGP-kongrue\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Sekretaj partoj de ĉefa ŝlosilo ne estas disponataj.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Sekretaj partoj de ĉefa ŝlosilo ne estas disponataj.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Ĉu vere krei? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr ""
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 #, fuzzy
 msgid "Critical signature policy: "
 msgstr "Subskribo-gvidlinioj: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Subskribo-gvidlinioj: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 #, fuzzy
 msgid "Critical signature notation: "
 msgstr "Subskribo-notacio: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Subskribo-notacio: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6018,7 +5929,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d malbonaj subskriboj\n"
 msgstr[1] "%d malbonaj subskriboj\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6026,61 +5937,61 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 subskribo ne kontrolita pro eraro\n"
 msgstr[1] "1 subskribo ne kontrolita pro eraro\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Ŝlosilaro"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 #, fuzzy
 msgid "Primary key fingerprint:"
 msgstr "listigi ŝlosilojn kaj fingroŝpurojn"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 #, fuzzy
 msgid "     Subkey fingerprint:"
 msgstr "     Ŝlosilo-fingrospuro ="
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 #, fuzzy
 msgid " Primary key fingerprint:"
 msgstr "     Ŝlosilo-fingrospuro ="
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 #, fuzzy
 msgid "      Subkey fingerprint:"
 msgstr "     Ŝlosilo-fingrospuro ="
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Ŝlosilo-fingrospuro ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "kontrolas ŝlosilaron '%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu ŝlosiloj kontrolitaj (%lu subskriboj)\n"
 msgstr[1] "%lu ŝlosiloj kontrolitaj (%lu subskriboj)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, fuzzy, c-format
 #| msgid "\t%lu keys updated\n"
 msgid "%lu key cached"
@@ -6088,7 +5999,7 @@ msgid_plural "%lu keys cached"
 msgstr[0] "\t%lu ŝlosiloj aktualigitaj\n"
 msgstr[1] "\t%lu ŝlosiloj aktualigitaj\n"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6096,506 +6007,508 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 malbona subskribo\n"
 msgstr[1] "1 malbona subskribo\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: ŝlosilaro kreita\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "el"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "nevalida ŝlosilaro"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, fuzzy, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "%s: ne valida ŝlosilidentigilo\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
 msgstr[1] "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "nevalida ŝlosilaro"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "ignoris '%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "subskribita per via ŝlosilo %08lX je %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr ""
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
 #, fuzzy, c-format
-msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s-ĉifritaj datenoj\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "ĉifrita per nekonata metodo %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "ĉifrita per nekonata metodo %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "publika ŝlosilo estas %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "publikŝlosile ĉifritaj datenoj: bona DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "ĉifrita per %u-bita %s-ŝlosilo, %08lX, kreita je %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "            alinome \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "ĉifrita per %s-ŝlosilo, %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "publikŝlosila malĉifrado malsukcesis: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, fuzzy, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "Ripetu pasfrazon\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, fuzzy, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "Ripetu pasfrazon\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "publikŝlosila malĉifrado malsukcesis: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "publikŝlosile ĉifritaj datenoj: bona DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "supozas %s ĉifritajn datenojn\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "Ĉifro IDEA ne disponata, optimisme provas uzi %s anstataŭe\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, fuzzy, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "AVERTO: nenio estis eksportita\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "malĉifrado malsukcesis: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "malĉifrado sukcesis\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "AVERTO: ĉifrita mesaĝo estis manipulita!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "malĉifrado malsukcesis: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "NOTO: sendinto petis konfidencon (\"for-your-eyes-only\")\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "originala dosiernomo='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "memstara revoko - uzu \"gpg --import\" por apliki ĝin\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Bona subskribo de \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "MALBONA subskribo de \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Eksvalidiĝinta subskribo de \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Bona subskribo de \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "kontrolo de subskribo estas malŝaltita\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "ne povas trakti ĉi tiujn pluroblajn subskribojn\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "            alinome \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Subskribo farita je %.*s per %s, ŝlosilo %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "            alinome \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, fuzzy, c-format
 msgid "Key available at: "
 msgstr "Nenia helpo disponata"
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[malcerta]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "            alinome \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo ne estas atestita kun fidata subskribo!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, fuzzy, c-format
 msgid "Signature expired %s\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, fuzzy, c-format
 msgid "Signature expires %s\n"
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 #, fuzzy
 msgid "binary"
 msgstr "ĉefa"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr ""
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 #, fuzzy
 msgid "unknown"
 msgstr "nekonata versio"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "nekonata publikŝlosila metodo"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Ne povas kontroli subskribon: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "ne aparta subskribo\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "memstara subskribo de klaso 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "malnovstila subskribo (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "aktualigo de fido-datenaro malsukcesis: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "ne povas trakti publikŝlosilan metodon %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "nerealigita ĉifrad-metodo"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "kiraso: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "kiraso: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, fuzzy, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr ""
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "AVERTO: '%s' estas malplena dosiero\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 #, fuzzy
 msgid "Uncompressed"
 msgstr "ne traktita"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "ne traktita"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, fuzzy, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "ĉi tiu mesaĝo povas ne esti uzebla de PGP 2.x\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "legas opciojn el '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "nekonata klaso de subskribo"
@@ -6620,92 +6533,82 @@ msgstr "%s: nekonata sufikso\n"
 msgid "Enter new filename"
 msgstr "Donu novan dosiernomon"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "skribas al la normala eligo\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "supozas subskribitajn datenojn en '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "ne povas trakti publikŝlosilan metodon %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Subskribo-notacio: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpaketo de speco %d havas ŝaltitan \"critical bit\"\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problemo kun agento: agento redonas 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "ŝanĝi la pasfrazon"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Donu pasfrazon\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "nuligita de uzanto\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (ĉefŝlosilo %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Ĉu vi vere volas forviŝi la elektitajn ŝlosilojn? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Ĉu vi vere volas forviŝi la elektitajn ŝlosilojn? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6715,7 +6618,7 @@ msgid ""
 "%s"
 msgstr "%u-bita %s-ŝlosilo, %08lX, kreita je %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6724,36 +6627,77 @@ msgid ""
 "Keeping the image close to 240x288 is a good size to use.\n"
 msgstr ""
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr ""
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "ne povas malfermi %s: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Ĉu vi estas certa, ke vi ankoraŭ volas subskribi ĝin?\n"
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "%s: ne estas fido-datenaro\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 #, fuzzy
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Ĉu tio estas ĝusta (j/n)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "%s: eraro dum legado de versiregistro: %s\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/photoid.c:582
+#, fuzzy, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "%s: eraro dum legado de versiregistro: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/photoid.c:715
 #, fuzzy, c-format
 msgid "unable to display photo ID!\n"
 msgstr "ne povas malfermi %s: %s\n"
@@ -6768,108 +6712,108 @@ msgstr "ne povas malfermi %s: %s\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMfFsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Nenia fidovaloro atribuita al:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "            alinome \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Ĉi tiu ŝlosilo verŝajne apartenas al la posedanto\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Ne scias\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = Ni NE fidas ĉi tiun ŝlosilon\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Mi fidas absolute\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = reen al la ĉefmenuo\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " s = supersalti ĉi tiun ŝlosilon\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " f = fini\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Via decido? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Ĉu vi vere volas ŝanĝi ĉi tiun ŝlosilon al absoluta fido? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Atestiloj, kiuj kondukas al absolute fidata ŝlosilo:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Estas nenia indiko, ke ĉi tiu ŝlosilo vere apartenas al la posedanto\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Estas nenia indiko, ke ĉi tiu ŝlosilo vere apartenas al la posedanto\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Ĉi tiu ŝlosilo verŝajne apartenas al la posedanto\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Ĉi tiu ŝlosilo apartenas al ni\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 "Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
 "\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6881,7 +6825,7 @@ msgstr ""
 "la sekva demando per \"jes\"\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6893,145 +6837,161 @@ msgstr ""
 "la sekva demando per \"jes\"\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "AVERTO: Uzas nefidatan ŝlosilon!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, fuzzy, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "uzantidentigilo: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "ŝlosilo %08lX: diferencas de nia kopio\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: g10/pkclist.c:696
 #, fuzzy, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Tio povas signifi, ke la subskribo estas falsa.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "AVERTO: Ĉi tiu subŝlosilo estas revokita de sia posedanto!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Noto: Ĉi tiu ŝlosilo estas malŝaltita.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Noto: Ĉi tiu ŝlosilo eksvalidiĝis!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "AVERTO: Ĉi tiu ŝlosilo ne estas atestita kun fidata subskribo!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "AVERTO: Ĉi tiu ŝlosilo ne estas atestita kun fidata subskribo!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Estas nenia indiko, ke la subskribo apartenas al la posedanto.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "AVERTO: Ni NE fidas ĉi tiun ŝlosilon!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         La subskribo verŝajne estas FALSA.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"AVERTO: Ĉi tiu ŝlosilo ne estas atestita kun sufiĉe fidataj subskriboj!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "AVERTO: Ĉi tiu ŝlosilo ne estas atestita kun sufiĉe fidataj subskriboj!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Ne estas certe, ke la subskribo apartenas al la posedanto.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: ignorita: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: ignorita: publika ŝlosilo estas malŝaltita\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: ignorita: publika ŝlosilo jam ĉeestas\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "ne povas konektiĝi al '%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Vi ne specifis uzantidentigilon. (Vi povas uzi \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7039,40 +6999,40 @@ msgstr ""
 "\n"
 "Donu la uzantidentigilon. Finu per malplena linio: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Uzantidentigilo ne ekzistas.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "ignorita: publika ŝlosilo jam difinita kiel implicita ricevonto\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Publika ŝlosilo estas malŝaltita.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "ignorita: publika ŝlosilo jam agordita\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "mankas validaj adresitoj\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
@@ -7082,77 +7042,82 @@ msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "datenoj ne savitaj; uzu la opcion \"--output\" por savi ilin\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Aparta subskribo.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Bonvolu doni la nomon de la dosiero: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "legas la normalan enigon ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "mankas subskribitaj datenoj\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "ne povas malfermi subskribitan dosieron '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "ne povas malfermi subskribitan dosieron '%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "nenomita ricevonto; provas per sekreta ŝlosilo %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "ŝlosilo %08lX: mankas uzantidentigilo\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "bone; ni estas la nenomita ricevonto.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "malnova kodado de DEK ne estas realigita\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "ĉifrad-metodo %d%s estas nekonata aŭ malŝaltita\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTO: sekreta ŝlosilo %08lX eksvalidiĝis je %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 msgid "Note: key has been revoked"
 msgstr "ŝlosilo %08lX: ŝlosilo estas revokita!\n"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, fuzzy, c-format
 msgid "build_packet failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
@@ -7170,49 +7135,49 @@ msgstr ""
 msgid "(This is a sensitive revocation key)\n"
 msgstr ""
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Sekreta ŝlosilo estas havebla.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Ĉu krei revokatestilon por ĉi tiu subskribo? (j/N)"
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr ""
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, fuzzy, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "listigo de ŝlosilblokoj malsukcesis: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 #, fuzzy
 msgid "Revocation certificate created.\n"
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr ""
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Ĉu krei revokatestilon por ĉi tiu subskribo? (j/N)"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7221,19 +7186,19 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
@@ -7246,18 +7211,18 @@ msgstr "ŝlosilo '%s' ne trovita: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Ĉu krei revokatestilon por ĉi tiu subskribo? (j/N)"
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7268,42 +7233,42 @@ msgid ""
 "your machine might store the data and make it available to others!\n"
 msgstr ""
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 #, fuzzy
 msgid "Please select the reason for the revocation:\n"
 msgstr "Kialo por revoko: "
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr ""
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr ""
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 #, fuzzy
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "\n"
 "Donu la uzantidentigilon. Finu per malplena linio: "
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, fuzzy, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Kialo por revoko: "
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr ""
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Ĉu tamen uzi ĉi tiun ŝlosilon? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "malforta ŝlosilo kreita - provas denove\n"
@@ -7314,61 +7279,56 @@ msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
 "ne povas eviti malfortajn ŝlosilojn por simetria ĉifro; provis %d fojojn!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr ""
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = bonvolu montri pli da informoj\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "la publika ŝlosilo estas %lu sekundon pli nova ol la subskribo\n"
 msgstr[1] "la publika ŝlosilo estas %lu sekundon pli nova ol la subskribo\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "la publika ŝlosilo estas %lu sekundon pli nova ol la subskribo\n"
 msgstr[1] "la publika ŝlosilo estas %lu sekundon pli nova ol la subskribo\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7381,7 +7341,7 @@ msgstr[1] ""
 "ŝlosilo estis kreita %lu sekundon en la estonteco (tempotordo aŭ "
 "horloĝeraro)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7393,51 +7353,51 @@ msgstr[1] ""
 "ŝlosilo estis kreita %lu sekundon en la estonteco (tempotordo aŭ "
 "horloĝeraro)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTO: subskribo-ŝlosilo %08lX eksvalidiĝis je %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "ŝlosilo %08lX: ŝlosilo estas revokita!\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "memstara subskribo de klaso 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "memstara subskribo de klaso 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "supozas malbonan subskribon pro nekonata \"critical bit\"\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "ŝlosilo %08lX: mankas subŝlosilo por ŝlosilbindado\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "ŝlosilo %08lX: mankas subŝlosilo por ŝlosilbindado\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, fuzzy, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
 "kompletigo.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7445,7 +7405,7 @@ msgstr ""
 "AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
 "kompletigo.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7454,52 +7414,53 @@ msgstr ""
 "AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
 "kompletigo.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr "NOTO: ĉifrad-metodo %d ne trovita en preferoj\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "subskribas:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s ĉifrado estos aplikata\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "ŝlosilo ne estas markita kiel malsekura - ne povas uzi ĝin kun falsa "
 "stokastilo!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "ignoris '%s': ripetita\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "ignoris '%s': ĉi tio estas PGP-kreita ElGamal-ŝlosilo, kiu ne estas sekura "
 "por subskribado!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "fido-datenaro %lu, speco %d: skribo malsukcesis: %s\n"
@@ -7511,46 +7472,46 @@ msgid ""
 "# (Use \"gpg --import-ownertrust\" to restore them)\n"
 msgstr ""
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "pasfrazo estas tro longa\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "importi posedantofido-valorojn"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "eraro dum legado de dosieruja registro: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "kiraso: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "fido-datenaro: sync malsukcesis: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "ne povas krei '%s': %s\n"
@@ -7560,12 +7521,12 @@ msgstr "ne povas krei '%s': %s\n"
 msgid "can't lock '%s'\n"
 msgstr "ne povas malfermi '%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "fido-datenaro loko %lu: lseek malsukcesis: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "fido-datenaro loko %lu: skribo malsukcesis (n=%d): %s\n"
@@ -7580,7 +7541,7 @@ msgstr "fido-datenaro-transakcio tro granda\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: dosierujo ne ekzistas!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "ne povas fermi '%s': %s\n"
@@ -7621,7 +7582,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: eraro dum aktualigo de versiregistro: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: eraro dum legado de versiregistro: %s\n"
@@ -7631,52 +7592,52 @@ msgstr "%s: eraro dum legado de versiregistro: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: eraro dum skribado de versiregistro: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "fido-datenaro: lseek malsukcesis: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: ne estas fido-datenaro\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versiregistro kun registronumero %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: eraro dum legado de libera registro: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: malsukcesis nuligi registron: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: malsukcesis aldoni registron: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: fido-datenaro kreita\n"
@@ -7718,10 +7679,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
@@ -7743,7 +7704,7 @@ msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
@@ -7914,110 +7875,110 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Forviŝis %d subskribojn.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 msgid "Encrypted 0 messages."
 msgstr "Ripetu pasfrazon\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Gvidlinio: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8034,160 +7995,160 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' ne estas valida longa ŝlosilidentigilo\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "ŝlosilo %08lX: akceptita kiel fidata ŝlosilo\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "ŝlosilo %08lX aperas pli ol unufoje en la fido-datenaro\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "ŝlosilo %08lX: mankas publika ŝlosilo por fidata ŝlosilo - ignorita\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "ŝlosilo markita kiel absolute fidata.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "fido-datenaro loko %lu, petospeco %d: lego malsukcesis: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "fido-registro %lu ne havas petitan specon %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "sekva kontrolo de fido-datenaro je %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "publika ŝlosilo %08lX ne trovita: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr ""
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrolas la fido-datenaron\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu ŝlosiloj jam traktitaj\n"
 msgstr[1] "%lu ŝlosiloj jam traktitaj\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, fuzzy, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "publika ŝlosilo de absolute fidata ŝlosilo %08lX ne trovita\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "publika ŝlosilo de absolute fidata ŝlosilo %08lX ne trovita\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "fido-datenaro %lu, speco %d: skribo malsukcesis: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr ""
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8199,42 +8160,42 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "rev"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "eksval"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "nekonata versio"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr ""
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8259,20 +8220,30 @@ msgstr "enigata linio %u tro longa, aÅ­ mankas linifino\n"
 msgid "can't open fd %d: %s\n"
 msgstr "ne povas malfermi '%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "AVERTO: nenio estis eksportita\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "legas opciojn el '%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8282,129 +8253,225 @@ msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "ŝanĝi la pasfrazon"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Kialo por revoko: "
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "ŝanĝi la pasfrazon"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Kialo por revoko: "
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "ŝanĝi la pasfrazon"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Kialo por revoko: "
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "'%s' jam densigita\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "krei novan ŝlosilparon"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "krei novan ŝlosilparon"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "forigi ŝlosilojn de la publika ŝlosilaro"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Kreado de ŝlosiloj malsukcesis: %s\n"
+msgstr[1] "Kreado de ŝlosiloj malsukcesis: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Kialo por revoko: "
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Noto: Ĉi tiu ŝlosilo estas malŝaltita.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Kialo por revoko: "
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "malsukcesis rekonstrui ŝlosilaran staplon: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "forigi ŝlosilojn de la publika ŝlosilaro"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
@@ -8412,43 +8479,43 @@ msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8456,22 +8523,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Kialo por revoko: "
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8479,123 +8546,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "ŝanĝi la pasfrazon"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "eraro dum legado de ŝlosilbloko: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: eraro dum legado de libera registro: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "'%s' jam densigita\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "krei novan ŝlosilparon"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "krei novan ŝlosilparon"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "nerealigita URI"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Kreado de ŝlosiloj malsukcesis: %s\n"
-msgstr[1] "Kreado de ŝlosiloj malsukcesis: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s-subskribo de: %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
@@ -8608,102 +8633,100 @@ msgstr "ŝanĝi la pasfrazon"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 #, fuzzy
 msgid "|N|Initial New PIN"
 msgstr "Donu la uzantidentigilon: "
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "tute ne uzi la terminalon"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "malkongruaj komandoj\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "helpo"
@@ -8737,7 +8760,7 @@ msgstr "skribas sekretan ŝlosilon al '%s'\n"
 msgid "certificate policy not allowed"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
@@ -8752,7 +8775,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8773,247 +8796,247 @@ msgstr "eraro dum kreado de pasfrazo: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "ŝlosilo %08lX: ŝlosilo estas revokita!\n"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, fuzzy, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "problemo ĉe legado de atestilo: %s\n"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, fuzzy, c-format
 msgid "certificate not yet valid"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 #, fuzzy
 msgid "intermediate certificate not yet valid"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "problemo ĉe legado de atestilo: %s\n"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "problemo ĉe legado de atestilo: %s\n"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "problemo ĉe legado de atestilo: %s\n"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "problemo ĉe legado de atestilo: %s\n"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "            novaj subskriboj: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "Fingrospuro:"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, fuzzy, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 "Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
 "\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "Bona atestilo"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, fuzzy, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 "Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
 "\n"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, fuzzy, c-format
 msgid "certificate chain too long\n"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, fuzzy, c-format
 msgid "issuer certificate not found"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "kontroli subskribon"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "Valida atestilrevoko"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr ""
 "Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
 "\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "ne traktita"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "ne"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9026,176 +9049,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u-bita %s ŝlosilo, ID %08lX, kreita je %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "bad certificate"
+msgid "looking for another certificate\n"
+msgstr "malbona atestilo"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Nevalida retadreso\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "ŝlosilo %08lX: nevalida subŝlosila bindado\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "eraro dum kreado de ŝlosilaro '%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (subskribi kaj ĉifri)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (nur subskribi)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (nur ĉifri)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
@@ -9205,263 +9239,257 @@ msgstr "nevalida kompendi-metodo '%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "nevalida kompendi-metodo '%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Retadreso: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Donu la uzantidentigilon. Finu per malplena linio: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Donu novan dosiernomon"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr ""
 "\n"
 "Donu la uzantidentigilon. Finu per malplena linio: "
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 #, fuzzy
 msgid "Enter URIs"
 msgstr "Donu la uzantidentigilon: "
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Ĉu krei revokatestilon por ĉi tiu subskribo? (j/N)"
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "eraro dum kreado de pasfrazo: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 msgid "Now creating certificate request.  "
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s-ĉifritaj datenoj\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "ĉifrita per %s-ŝlosilo, %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "eraro dum legado de ŝlosilbloko: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "nevalida respondo de agento\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "listigi sekretajn ŝlosilojn"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "Valida atestilrevoko"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "Bona atestilo"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "Bona atestilo"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "tute ne uzi la terminalon"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "krei eligon en askia kiraso"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan ŝlosilon"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "aldoni ĉi tiun ŝlosilaron al la listo de ŝlosilaroj"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SERVILO|uzi ĉi tiun ŝlosilservilon por serĉi ŝlosilojn"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NOMO|uzi ĉifrad-metodon NOMO por pasfrazoj"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NOMO|uzi ĉifrad-metodon NOMO"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NOMO|uzi kompendi-metodon NOMO"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "neinteraga reĝimo: neniam demandi"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "supozi \"jes\" ĉe la plej multaj demandoj"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "supozi \"ne\" ĉe la plej multaj demandoj"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9472,87 +9500,122 @@ msgstr ""
 "subskribi, kontroli, ĉifri aŭ malĉifri\n"
 "implicita operacio dependas de la enigataj datenoj\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "ne povas konektiĝi al '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = supersalti ĉi tiun ŝlosilon\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "ne povis analizi URI de ŝlosilservilo\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "skribas al '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "ne povas fermi '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "      Nombro traktita entute: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "Bona atestilo"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? problemo en kontrolo de revoko: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9561,17 +9624,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9582,14 +9645,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9597,53 +9660,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "protekto-metodo %d%s ne estas realigita\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Subskribo farita je %.*s per %s, ŝlosilo %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Ĉi tiu ŝlosilo eksvalidiĝos je %s.\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "kiraso: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Bona subskribo de \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "            alinome \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr "tio povas esti kaÅ­zata de mankanta mem-subskribo\n"
@@ -9668,101 +9736,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "ne povas krei '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "ripetita atestilo - forviŝita"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "Fingrospuro:"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "Nevalida atestilo"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "Valida atestilrevoko"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "Bona atestilo"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
@@ -10285,65 +10353,65 @@ msgstr "ŝlosilo '%s' ne trovita: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "ŝlosilo '%s' ne trovita: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "bad certificate"
 msgid "validate a certificate"
 msgstr "malbona atestilo"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "bad certificate"
 msgid "lookup a certificate"
 msgstr "malbona atestilo"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "Nevalida atestilo"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "Bona atestilo"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 msgid "force the use of the default OCSP responder"
 msgstr "Donu la ŝlosilgrandon"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10351,226 +10419,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "ne povas konektiĝi al '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "Valida atestilrevoko"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "ŝlosilo %08lX: ŝlosilo estas revokita!\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "ne povas stat-i '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Realigitaj metodoj:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "ne povis analizi URI de ŝlosilservilo\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SERVILO|uzi ĉi tiun ŝlosilservilon por serĉi ŝlosilojn"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "ne povis analizi URI de ŝlosilservilo\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10583,126 +10646,313 @@ msgstr ""
 "@\n"
 "(Vidu la manpaĝon por kompleta listo de ĉiuj komandoj kaj opcioj)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "uzado: gpg [opcioj] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s ne eblas kun %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "enkirasigo malsukcesis: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "pasfrazo estas tro longa\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s: nevalida dosiero-versio %d\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "kiraso: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "ne traktita"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NOMO|difini NOMOn kiel la signaron de la terminalo"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+msgid "invalid port number %d\n"
+msgstr "nevalida kiraso"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+#| msgid "user '%s' not found: %s\n"
+msgid "attribute '%s' not found\n"
+msgstr "uzanto '%s' ne trovita: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "legas el '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "         sen uzantidentigilo: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "            alinome \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "            alinome \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+msgid "          port %d\n"
+msgstr "                  importitaj: %lu"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "            alinome \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "            alinome \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "Averto: uzas malsekuran memoron!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "elkirasigo malsukcesis: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "%s: ne estas fido-datenaro\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "tro da '%c'-preferoj\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "skribas al '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "eraro dum legado de '%s': %s\n"
@@ -10732,51 +10982,31 @@ msgstr "aktualigo malsukcesis: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "serĉas pri \"%s\" ĉe HKP-servilo %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "%s: ne estas fido-datenaro\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " s = supersalti ĉi tiun ŝlosilon\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10865,92 +11095,92 @@ msgstr "ŝanĝo de permesoj de '%s' malsukcesis: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "Valida atestilrevoko"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "Bona atestilo"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "mankas implicita sekreta ŝlosilaro: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "eraro dum kreado de pasfrazo: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "ŝlosilo %08lX: ŝlosilo estas revokita!\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10960,68 +11190,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "ne povas krei '%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: malsukcesis krei haktabelon: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "malsukcesis rekonstrui ŝlosilaran staplon: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11067,251 +11301,269 @@ msgstr "Valida atestilrevoko"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "fini"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "pasfrazo estas tro longa\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "nekonata implicita ricevonto '%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "subskribado malsukcesis: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "eraro dum sendo al '%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "publika ŝlosilo estas %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "reteraro"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "malbona pasfrazo"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "publika ŝlosilo ne trovita"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "eraro dum legado de '%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "%s: nova opcio-dosiero kreita\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "%s: nova opcio-dosiero kreita\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "aktualigi la fido-datenaron"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "uzi dosieron por eligo"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "publika ŝlosilo ne trovita"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
@@ -11327,100 +11579,182 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "ignorita: sekreta ŝlosilo jam ĉeestas\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
+
+#: tools/gpg-card.c:3668
+#, fuzzy
+msgid "authenticate to the card"
+msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+
+#: tools/gpg-card.c:3674
+#, fuzzy
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "ŝanĝi la daton de eksvalidiĝo"
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+msgid "read a certificate from a data object"
+msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+msgid "store a certificate to a data object"
+msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
+
+#, fuzzy
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "ŝanĝi la pasfrazon"
+
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "skribas al '%s'\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "eraro dum skribado de sekreta ŝlosilaro '%s': %s\n"
 
 #, fuzzy
 #~ msgid "use a log file for the server"
 #~ msgstr "serĉi ŝlosilojn ĉe ŝlosilservilo"
 
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Ĉu fini sen skribi ŝanĝojn? "
+#~ msgid "argument not expected"
+#~ msgstr "skribas sekretan ŝlosilon al '%s'\n"
 
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "petas la ŝlosilon %08lX de HKP-ŝlosilservilo %s ...\n"
+#~ msgid "read error"
+#~ msgstr "legeraro ĉe dosiero"
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "ne povis analizi URI de ŝlosilservilo\n"
+#~ msgid "keyword too long"
+#~ msgstr "pasfrazo estas tro longa\n"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NOMO|difini NOMOn kiel la signaron de la terminalo"
+#~ msgid "missing argument"
+#~ msgstr "nevalida argumento"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "nevalida kiraso"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+#~ msgid "invalid command"
+#~ msgstr "malkongruaj komandoj\n"
 
 #, fuzzy
-#~ msgid "invalid port number %d\n"
+#~ msgid "invalid alias definition"
 #~ msgstr "nevalida kiraso"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
+#~ msgid "out of core"
+#~ msgstr "ne traktita"
 
 #, fuzzy
-#~| msgid "user '%s' not found: %s\n"
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "uzanto '%s' ne trovita: %s\n"
+#~ msgid "invalid meta command"
+#~ msgstr "malkongruaj komandoj\n"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "legas el '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "nekonata implicita ricevonto '%s'\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "         sen uzantidentigilo: %lu\n"
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "neatendita dateno"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "            alinome \""
+#~ msgid "invalid option"
+#~ msgstr "nevalida kiraso"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "            alinome \""
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Nevalida komando (provu per \"helpo\")\n"
 
 #, fuzzy
-#~ msgid "          port %d\n"
-#~ msgstr "                  importitaj: %lu"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "nevalida kiraso"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            alinome \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTO: mankas implicita opcio-dosiero '%s'\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "            alinome \""
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "opcio-dosiero '%s': %s\n"
 
 #, fuzzy
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "Averto: uzas malsekuran memoron!\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "enkirasigo malsukcesis: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "enkirasigo malsukcesis: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA kaj ElGamal (implicita elekto)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "elkirasigo malsukcesis: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Ĉu fini sen skribi ŝanĝojn? "
 
 #, fuzzy
 #~ msgid "Note: old default options file '%s' ignored\n"
@@ -11468,8 +11802,8 @@ msgstr ""
 #~ msgstr "ne povas malfermi %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "eraro dum legado de '%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11524,11 +11858,6 @@ msgstr ""
 #~ msgstr "eraro dum kreado de pasfrazo: %s\n"
 
 #, fuzzy
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "Tiu komando ne eblas en la reĝimo %s.\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "en"
 
@@ -12726,9 +13055,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "forviŝi subskribojn"
 
-#~ msgid "change the expire date"
-#~ msgstr "ŝanĝi la daton de eksvalidiĝo"
-
 #~ msgid "set preference list"
 #~ msgstr "agordi liston de preferoj"
 
@@ -13139,10 +13465,6 @@ msgstr ""
 #~ msgid "key %08lX: not a rfc2440 key - skipped\n"
 #~ msgstr "ŝlosilo %08lX: ne estas RFC-2440-ŝlosilo - ignorita\n"
 
-#, fuzzy
-#~ msgid " (default)"
-#~ msgstr "malĉifri datenojn (implicita elekto)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  kreita: %s eksvalidiĝos: %s"
 
@@ -13250,9 +13572,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "fini"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (subskribi kaj ĉifri)\n"
-
 #, fuzzy
 #~ msgid "invalid symkey algorithm detected (%d)\n"
 #~ msgstr "nevalida kompendi-metodo '%s'\n"
diff --git a/po/es.gmo b/po/es.gmo
index 33f1b8c801983568d08657bc00e143bb7c462309..fd10809b8e52e99e2f45474615e9df8b865fb7c9 100644
GIT binary patch
delta 47753
zcmY)11z;6N!>{p8LI?zcyX6G8;7)+x!QI{6DGrOfOK~Y$+}$0DTX8QGx8i!A|C!;v
ze0%TdZ)SFOd}dDqFW<CXL6<fJxwqm(n&xoDjp8`Ta8tPBoC$QC@`IG>I3rg%PAHDT
zg18l<_&Cmgn2`9_)sAx<<E^0#yoHJI4JO5CYaJ&T)1l&}QS~&#c#h*b18u@I%)yNf
z=7#eCQxX4c<0;me2Xk60BLz4eFb)p3@oDz{3RHPVF|W$8@f_<Nrv&j9n1%YC6$HwV
za21s?)do{=Jyc6OV>BFx>hVnLdQ43GI4a+LtFzI>lcPqW0H(%jHocd18pfu6X9Iyu
zcnH(tD^$-DZgQOHSP<i51ZpT7+VlY!i})A}!a0}#SD+fSA64-!)boCu&Hcovda|LL
zgg`9<nXxOXr}I$-tV9)f3`6iX#z&tmj-%%iT60({SX-k;YKV=`wr)X<$T=*HPqr}r
zaR}ttYAP;?s<?`ccf@$a``GjeHhmR_k-iPp!*{5~m1G-3ig~ONs1d4*X|Nr#ww+0+
z4$axd_*WvZhXl1K#&*ZajWtnoI~FxmOHmCwh3feeQ~~}w9495FLp7u<Dqkneh-2;j
zt=NG0H5`ihcAEUVT>`4$9;%?IyG+K+Se5u_)Ck=~jl?TVg#NqD)TBVgbEEE8v^K*O
z#Cu_7oQ_HG5oSZbJ#-e`Tm+I6D30n;6YCJnPkafc$J?kLM%ioDN+_lyUKcg=gHa8c
zhw9K)n|=$65&w*Zu+ToU%laY>a-EF?a&qG|ra<5QW+XyTb5;UXU|S5qNj7~WYQ(Oh
zcFR{(gFFZLU<4+^HmH#qZsW6Ud>baz{y#-Pi{t^Sr|(fc4L)cdEP-)}*Fja(0oBk+
zsC?^e{F3!8hL9fjkZC|}RQ{?Mj$Ke4+JLF4-?>U47{6m;OmWz8vSL0=g{?6Gjz!Jk
zB71)is^Ax>p$|G@hB_^JdyYyUjwx|Irp5!P`u;^X1A%~}CS!I~g=H}xcEp6Z4AbIX
zOoI<m1xG(-hB^)Epeltiv6_uHLp8WF>f9KEI$!=kEyC5u7=N|&776kT>L5zQ8%2w<
zBwoX2s3|J^mzm>Ar~-OoF8mWK;7yFcOefe$K918J)vy64jbl&^n1LF(#U~m6q67|-
z&=UPmInD%ZkBpA<71fY~r%liAVpQS*XUwXPjT*{O)EcRP{@4U-VJj?wdodIvoiz>5
zfmw(*a|x6oFc~Z34a|t4=gd2yHl`y!6g8BqPz^eY(eVMQ;x`xzBcC@@mJkDoXGQJv
zyr?x$3YD)7YOT3_2&5-46*J*(RF58`<~-^JGgR474XA|LPHizVx~P1^Q3b9>E!Lx`
zbKw?h4SmL(80VsCSSe)cT&E%d4b2c#&)1_C;SG$9&Ly**;-E$%7i#G0qt?tARQ^9P
z3Z6u*@=K_x`iyZg(%&XM5e5-2gekQD%MnmPZ7~6kKou|#HB<+!7g0m{0E^&r%!Q$s
zdB<Z@jE{3sBeD^-$gZKL>=SB45?(PQl@sGpzf*xgK5UAbtJ$cbTwy(g35ef974Qxd
zV(hEtZI%Hw0=ZBX*G5gLYvX^SM(hkm!tWRl{n%QrhAa^QRUCqOF&kFK)|dykqo(K;
zYPY1gZcehsSep1BsJVTN`7!wov&w5>81a!<9uK4P$GK^quX~g6FHFL0614cPVIhos
zi<OEcFeZ*c4gGA4z(trDpP`04@oh8ISyA~bqUN}vjkiaw{(cyU^RWP~xb2z(9*_`+
zgfFO}iE+maX)4qrERDKf2UB2s)S?=L%0C}9LYq))=N@Wg1MZqd8w>Lh&xe|#E~qJ)
z;S$iQKZ+sv2D4$jdnRK^R8QMuVw{OdaidK?gX+;&R09L<n=dd)P-~(xs-fL65spMH
z>OU|tx*G_jB(NQ4;0@Fe|Mrhb--GFi-$nH-@PX-ZRxC-p1ZKz4sHxb6$?-fU!B?n;
zM|)^SE)8lVN+1n$o&E%raT2N_t56S|L9Oz~s3G?G*Bnd<Z~^f=s0uHmM&vna1fo7N
z@nooYK2&+-Q1!Gxjl@7Kru{#YfC{>ST0C!1bME`tY`b`vhIl3nz$&OAt%DxyfZCqp
zQ4Lvwn%n)D3SXf*7VnA4pBK{;uZ>Bm-x*|Y%tckO2Ltg4`r<iMg%?o`eT3Ss-%$+>
zdTM$WjA}puRF7+-@^?l(KOEK2S*Q_Mk8Uyoe-ThY|DxibY=#8SOhH*uLstgXv*xG*
zr(iT(hM909j=<Yk2U|TiJ>HM$h~L8k82G}R6D40T{u&yW1Xa8cOX6PCIpF`&tp4Jt
z0y<+D&cI;2glX{|s)5N~nTF&=Ey`x7@~2^D+-BnsP*V`)HRGR~K=#+>hs9Q?A)JNk
z(H4x2_fQRdYvZxs*z*C^u+peS+6gn_P|S*JQ4P3_Iv;%hGwIn-`5L<f0tk#jZJQ~m
zo~=hMx^tKTKcELg-kS7csD`!1QrHJ|e?Ml&d#LB*y))kv3SbcN(ijPApdY$*2`FPj
z)Z!S5v2ZrV#Z{;|-iK<~Nt}nzP*XMLz407&CZ6zvX~;-akC)>Fyo`Fj)kib6Be0D2
z|6!XD^OJcgR6x!Bc&vseu`qf*oAgFFi1=L8S_uAPrm#L%Bt98y;9X>PoxESo2yR6+
z<SsVDF5lE3a$F)1Lc%-Leogq@w7ei{4YWZ`!8Fuj+iUMX#Cyc!{op9|VT!OG@$Zh0
zx2JV|e7xJQ4{EzjL`~UpjE*}ordoK6Koq=!%6QktKVwqje!f25h6JNlaXHM1y-;gs
z73RiGsHu8_S_AJfKBo8c@vip5sE)Kkb#xNC>fvSrTBUbU@ko(OJR53lR6`H;My-ii
zSOnMD`!7)2FP^{YSyt3q3d5LK&DzYScSALNw7-w}{y&+7<Rq-Mp29%lPcaL=NA)}n
z<E(vK6+PG&`!n=&Fd6YA{AMaL=0z>O!q)bv2F^k?d^4(J@1nRSkd&Vmv|o#&ZgjzT
zI2{w?DpUiHpz{5L*)U$9kN5jPNo#Y|2n|6^<#g0`TZbBn&8WFQjLLW3B@ja3A!@Fo
zL^Gy96_5*6aRrQl?N9~v!8kY?)!@0P1|PKPS1>B^r>F+MLyc&f=w_{DL#+`vKY<hk
z+M(utG}gf_*dAjA`FOWse^mN89Eq7?_&8N?6W+(jF@2mK_ypTxlUP1ZIXsCvpc2J4
z@kUsj_)7Hd|Ca=GGUbnBdRiJi#9N?xG#tZmHWtMjm<v<H^>LbGHEfC7P(2EcXXd^N
z<|po=rfNHCB%YvlOOp87UF^Tg1ayYCM=iFgsF65`+Ga0NBa|wEd9WC2arMFoT#5;m
z54Few5}GMYi5jVVs43o$`UZ6$wV0zMBA@nuZUTC+99GAcs0w#tFkZub_!%|lI}`gj
zZSXXz!TFMy)!zzL(NG&-idt+3F*csH>Gx2(=m)xLN&2Kd-d~m0K;0OLDtJBWEp-QV
za70UHrXV-wAl?%T;R@>`)KI5QZbq;cs+=KM$cNu}pboTGDU8vB+5cMQ>4VLj7e&RJ
zqB8bH4e@l;{=S1A{DvB_6dtp<@}n9$5cA+l)ULRPS_4r+Ouk~M5gCPv@%Iqd4DmV=
z)T6Vg9{HtYXs{@D#r;?qbEPtitQ#ud5@Z!S_fZvvrZ$VS6>19SppM#|sFAphMKDGh
zAMfu4D!K&1Ntl8q@gi#RB}r>4Duoq^_d->4)EYaTxnB>p7{{S{yc4V8T`YjP)BAXT
zZQmJH@ha4aK0`g{=FVWw`evvb!?75i!J-%^qmMHRtD_3Ih2EjhWb)-lt&M)DeZADi
zpP+giFS8lB;;0cGjOB4NGJ>w-8|veIkB4J8H~OOvj6J9Z`DgL*zRxS7w$EZz%a5Z9
z{D9i`8MB%Zs*mBsm!hWZU(`XAHk)a1SJeH@m|K(lo`7~i=Imw>)xo^PhoXA03w8e~
zYIP^dVJw3>i29%!wicV=MeK$7a+-#%$1AM<`>3himD^0!BTPsAPK-RJ<#|v&9*CN|
z<CqU4<>hJqe<4(Z3g<J6wgdVTABTQ81(V}+9D<wiFy_y1I`#w863<w`G^`4`sYn<?
zKts6<$Ko|qLs}Iy53WP4_Uot-NE~KXds$R`D5k{Cs0yxN2>w7V$`CfcMzA#M=<SYr
ziLEHa{*Ogq2MKDx32cPlQE#h;g^g{j-K{RB=l*CL-)P-~I_Zw1-W}Ibi}e-i?Ha9!
zdF_Uv>djq*{jZ8jkq{ZHU{tJ)(XlBiV<%L;ffx<Ppk5}^Q6q2^HIg4uQ<f~;3~>$A
zA{>F*mPb${nWU&0iP|m!Eu!(L6Yd~tG2KBe7XM<Vr`b^lN?p_m*&AcvWK>W8Ks9&^
z2H`<0j^|J>xA?_PdLh(Ql|v7@9SNxA6Hwb~BkJhAYyF1$E|<83S$x@0_Zy)a&=)l_
zqftXW4b{+fsKs~&wHBVE2V<5r&u2p#;yUFCsOO#Rjj>pa_@Af(o}yl_QA?RKI|Q|e
z3Zh1;3##G2qZ)7s)xg`Rioc-FhvcQrlvP5l1s4-&|4$>JxnG59`9{<bpGRMOikj0G
zsEX4?m;xH0wqrL`0~Vqd<yq9!eX{X1Wy}axL_OaE^^%&6X|(^(6Hv=PqFNlcta%_e
zYOczo2Ros9HWAgpRj3g<j2glFsBPwyGtY;jo-cvghOJP$Y#geA`_R?mc}74F`jj`T
zJ&Uyn>V9R^khMTn)ECvz8P*-BU2p?cVNeCrp=_vp<xoBEfLbeyFb=M%!2Z{2-A_V6
zJcD5vt)e+dA}}NIPN<4!p|<B%^x%Hfd;A`1M80A$#;;^XDmUtDb`{hJw?H*?puNAo
zl52+W6bX9pDXOAql}&nj)IKkTT7*4NBQhTK)?0)+@lK&e=q+lo1y(T)3q!4`nyBxR
zzoF)SIfmmMmw*;mNL4dLby0IP5w*Auq88N~)KDg^X6CXG>g;cZ>RB691Baq|Jjc2Y
zHA06_4ZMW~@GWY@+^p42&m&M7T3ZKLr=sR+1!{zLqfW$|sDfXh<~&Lblb#7RB4MZw
zG(#=g$*6N?4XU2=NXK305dm$VkeX)bDxucIAk^GXK&^=#SQI~?MkIeNGn7qH1<phr
zRBKTUID*Re9JSgL)HV$$h8nS!=>7fwAOdRP0@QZeh0*XDYRDg=dK{&W>2YGz(B(uu
zR~|KGt*x_BJw1&&df%YdRFb;Jyr}1^V?yo!4g|DlhM{_}71hGiHvZV^)H4l9h??v4
zsDi>#+qVvCpAScMWEE=h{e^1KV~oI{`lcf_(be2_CZGmPK^1%$wYqPjMj)Vp8IcSa
zg?Mh%&=y8bQ7hD3PewIhKWf+fi)vWHhNip{s1fOiD);w>?0@aYZ6v6rk5LVX(#XuA
z2Q_r1(SyxVb2$uE(Rx(=%cvf{M2%eB#%2Vvpc+~p)uG=|?~M7VHFK!3YfhwVBxqkh
zK&|%AsHq5QVqUAMQL8^YYG|vV8rBI_;8^rF$a)#opl_&rAx+H)7e@8GGkS2cOThcm
zK~-=bHDqs42Sso*v!83CdfFD%fWfGtUx3Pg0<{P~+WVQBo3&8}H6l$>L*E}Y<x5cY
zxyJ~22s}a!ZPXT~LAg=evO4O4!KgW2g4$jeQ4RQlDmZOR)3b`Ge4SB?b3Up8+fXBN
z0X1SDkln-Ye_EN7FCS`-I--Vb2I_&$s0yy4D)eb><}@>Uh}S?>&;yl!5~^pLQFDLE
z#=oN)o}!IuKuPre`F~pi9&QXq&HW<O+;2h6=_%CN{hy7eYir^aP!$eBorFtJQ?wWL
z+-3COH`EBGXlL>jMIF)gFoR2=lL9ys)$@bs!8@n|ecGF$O^nJ{5Ou!=s;9$IJzI+E
z@hMck_ZWhn4ra|1L&Y1Tre-j@I>BZW&^FwPS_6+z8RK;{CtM!%5U+|#?}i%kX{d_V
zVJ^Ik8j<LoOgY(54XlqI?1$>mT=Y(DC-%Qq|5XxH&_`6k!JW+_EP!fh9aP0#QEOl-
zdWRY{w3ks8eYW?LbTQ?XM3vVbHL@d6i*GTi-s4@^|H|-)1XbYI)%<2M4eA{bYR!+@
zb|q0KTQk%gPO<lwp~~5a+K#7D`M#hUn5mojA+#cDEzLqr)oGW2cRQd)AX#@aRK-yl
znp?-A9^8VO+b1?2?>Ezv2-Ko$g(`0xYUDPccFzfW|3B0SChlSKxg`jw;x;y6B5J5M
zqt?WEEP;MK%?L%H3T%rSk;$kvv<}tNlc=eAiF&65^fEu|<wtd>461=$O}gt$C!o1l
zhFW|_unNAxf>@%r`FcJO!-<c;LU;^yhDYvW<~|v!Az>H^Yon&L0S2Or8j;bc5nP1k
z@Ba``#s?T11Nxf%pBOdA*-&#?0#$H#Q~|wF`4^!o*o+?Bhg#itQES4#pBX6+s^NuE
z9qor%wEzDkprO8uQ7}q>(}38hg3?>dqxWb<HF!R1D)ys#{unhP{sT<IlcJ_FE2;zK
zQ4Q{gDtA13-~Ss3XboIK&CyrX9HwD+$U>;aRm0jB^ArCA^Wk;WoW>hy8kQdm6R(FV
zcNPZVepJ5WsPbM6WdC~~9AtW&AJxOksKw=?GR{T4j1Hpa@HMJOfrCv21yCc<1a%Jd
zNA-Lz>aDl~)sg4uosuDDggirR%X5*S0_&h29EEydDXM{cP(ytmHT2Pjnu0=6&qbhm
z+6y%W^HFoW8TI^Kdq46p6Awi-xT;G)6?H^aFx<KZ)sVk20{=rDEMddVHfw`1h>u0>
zp4q5!c397&rt%4@oVX)Q!?U5LrYicOJBff+`84$4a#TToS?^(X;-67H$vo0bQ595!
z2I6>JjZ-mfl$nBasES{srZUE8)9}ow#a9VEdjEGLpdp=#%D4qJM;B2;^b+-YjW))d
zTxn2ip)%@-9)N1tXw(R<MGsy^t)-8ssYo~0Y};z62J}bopa1<qKn3nc&EZR%A;CDa
z_zIxDiZ#aEI2|?Tr%;RS8|vgsKHfAS9Myr=SP+Mxw)b9CzE`M49d`odX#eLYpjFxi
zH5GGEBeD)v(0MF?&ux18iROM;)Eu`*^>7+$JMKqS^cgh;$tRiDa{<)Uc0!Hx2y|8P
z5(4Vs71YTVbF$gr`B4q(hWbV{0?Xq(ER9c5i!<jG^DCQvs43fv8ky@h{sr~zI^k5a
zJ2ImhP;4suUxCIXsHFo?J)Vs!U<+z>|BY(EJJkM<KF#DygUT0<N^gwXe!Wq1Ji*@I
zh#HX#sHuLB`l^@uclN*LGVkx^cfPGqi)KEmC#O*lK0!4wXu64KM6Hzys9n$<^;-P{
z^-bs`s$o7eOobt+DXN4X?2DSZIW7TZJdA4b15^v6&NM#-=SB6bBx>#&qNbz=YUD<v
zM&?gckM^QQ>^y2DUSm`Ym}N#RHmbbLs9oijv^N@IEE4*ldOXHvSc4jgW2h1M2elY|
zW}60up`NRb+I}riYiJy5&bOi(cGBLzjVdo-j<*4>lZt=}D1<7YBB}>HP$%3pQ~`@I
z3T{OW-9F5Lk5N5JHrMQm+~^@*3)RD3=!=t4BQ_2FaU%xm_kY_7Xh;vC3ci9K^qFTK
zNQq&@!%+qGNA++ZYNS@6M&=Z1DxcW&!1?BWC@Q@&YKl9f_WxA${`uby0&3Y=RL@_a
z9tc`s)<P(%f%Q-obwc%gEat?$sKxjnszFKqFe6t8^;~(3iH%X^c1BI%M09n~oFJeE
zJV(u0w1sA|cu);0h-z_NjD!PGLpuyr!F<$n8&Thcj-eLo1=PFaDeC#;i%bKGqmJxm
zi`f4f(vc*n2V+pHbpvXMccB{a5Vb4(7n^OA6IDPX^x#m`8dzfEdr$}3ZPW-QSYn<p
zi&|s7Q0L5oC9e7TekTceNjQdTh_lp~4z(sKqK2*~s-o$r5nG3<=rpQ9{>#kj&WK7c
zg_^Sds3D()S_79*4fx~|C`BONpQeTNP(wHhwN0j?hH{;aAG7g)Pz8KN?em1ojiIPD
zP#iU4Ez!H!P$RhmbzogZO}!g=g?X!`M?KgOH3EZB4fqq)vqPvkevF#?@2Hb9(MmJK
zrBNqfUu=m>u{{Q@G9%Cjm47;_;v-18{Qi%CzLf^8Hmf=qwI-^fhN=dt!rrJUn1Y&u
zji`c7qRxjGs1fm5WA=A4j6^&o>KsXjWiStF#0R4H`~Oh_8j{<nf}*cA1qGvqtN<##
z4r(ge+xtUNb37k4GJm5+>?x|D0qe|rKOJfp)JAn^v~>+;a!EK(Kn?hgT5Ortn;ut3
z#XF*UIvus|x1;9#8LG#=8_X0XM~zf5)Jv^Cssm$D<*!6d(G^rVejC~Unv*;Pl+XgT
zXl9@?9zpf&HL9S<o6OLsLESHm0oVq$8@iyrl1)Gl&PJ{NU8rwBS5XZN+-%lZ>dowb
z&1E?fR6%ppfieUW;B-{a*PwcQ7S+Iqs3DHG#jNgJs41$8O7DPrejI8f7Gn@zL`}gx
z^mb?~`(HztW~(tAb)z1tz&@x4#-Uoi9(9zSK)tlCqYjv7sBPxiW=5tID&7V4-k)yM
z528Bq0@d+I?sl_ilB2d=e$<>dMvcTMRFCIkemsFX!TfiaAr3_?%8KZZEm4cIJr=-4
zsB&(h*1#LoR0QudBjZ*kprIOwn(OJPHL(hHB3?($b=+Mhy)Y`h0~W+3r~>bzR(YJ=
z_Q!Tq!v>;8Y6faVmZP@g8RUp}om&Jngi-dGmWQEQ-VOEO8dSsfVjx~bP0elV8`Q}7
z?=@3b1alK_h#I-6s1ZAWx$p_<pbOrowZi@@M!-WtQ`ArmK|MGfqu^oG0d*R+2JWB-
zKcgy2y5DTSDyX&812yN9P`hHc^*ZV#{e)^ziUW+C_J1h?YFSUz5UoOOoAaoQFHr|e
z!h>dQ<iyCt>!YTw85YMrsHxh6T3nA&YsvSJnW9Xn2GmE@GYGwZ|9_cHScj_kZ`2z2
z4>b}g51WE3<3!?pQ3XdoVtSezOA~K`8nNZ5^JD{R`#nHa82_j_dJCd<)!?J-e^t1Y
z1nu*KsQ3d^1ALE}9%e_SN1*1e1*%~qQ59@Kt?q}Y?+<a0n|#Sp-y_0N+qx}kibkOa
z7aw=coF29bw^2QC{xTItMKvrfs^SP#LG4hBbTk&l!}fl_3A0u*q8bv0TCAlo0PCRE
zP!rVD^>qp8K$wgk{1a8taT|YzI?;kong)fUc0*ZILmHt99Do|q8K`q)mrcKqYQQ%e
zk9Eqdg^cJS-K|GJ8Tz3Lnt)nF%drMtMD--&X;X17)V?l*T4YU7&-bzE<4_0C64au-
zf$G3VYoaq|5#~dW_J0EcIuHh+=5!otM0TR)>KtlBo}ns?dDb*AJ*t9gsFCP|8q)Eo
za+aVvbOE*ao?~>3d(KRS2TN=JrzfC-JEM9s3OzUnwYYYpw&8PB&*PsrLmY~_Umdkr
zhoUOph+3?7ZTvfGab~_?8dL|>;BFX8`+qV4^<)vMg1x$dmr)IRgueI%{qQ@MMBj_%
zD2~8v#0T2=dh25>OnS&A)8NL|5vUHWL02c+-vo40Jwgpx<iE{`cu)<>j~=Xo+D=_j
zNA?`lqC1Nk;<u=tC%J4Y$ZKtcdTs>jWL%G0BR4Oz|5ahUE2e@hs5!5MI;q;)^a-d%
zv<}tsvzQ-0q8gCns<9^O`97!yO+!u5PSlV;MU@kH&6J<<8v9=fl}J#=PN)jzqqfme
ztdB3SG?u$=req50WwaDE73)z`@By_w)88-^7D65E^-<+dLM`U~s0RMy+Cbn<)1qux
zgc~)`gVRtA+JahSw@`~I=$4uL0;r?7D{9-$MiqPnHG<Eu4#vK1evRJ_wWijgM#?=%
zKo#6V&2{8EW++pj(u<*{s4Z$lhN6aYrA_|}HRu1J8sKx+JeL{Ofa<92+#6N?1k^TN
zh92$zJp{D)Zlk8+8>(f=@0pDGPz|VL<84qwJP=jjG}LQ*wRJygv0Xyt`+;g;y!)m>
z*-;}|6TN@`XBYv^$s8<(dr|w?_aD=vY^Vq7q0WiXxWb3+ius6Fd}v<3BQQGYCr}N(
z@~@Bc1K*%V;LRh`u_%wtc29*VU2YU1pb=<_8rp%Vme0o!+=OBHw@r`x#7t3oRKD`4
zscC{LXQWMEikj=4Hhvma-hI?pHUFpV|J(%f5>P@1)PXS{^WrTmfeD_OMOhD3;cV1_
zwGQ=t|0JpbS5Q;(12qB(pPPneM~!d|)SBpp8p*lO+5g%WTS(BHKSZrwpBLr?Oo!T5
z`A~D(2DRF!pw9ALsDh588gS31M}29&rYEqbMKvrBYVlP>E!Gw<T~okB5>(J~)Lb7x
z4b^MZi52&i>1h#EMdeTp?uyza<7|90s-m;#JyETZUz>_kqn;~>8ljpl0cGrr8q)Dt
z7FVE#`W*&g;2R&ugNaZ*&yQ+wDb&z5LQTbBEQjM!tNt2lL_eT+SN&&3HXp_$-7P~v
ztGx~e;t14(ld(0f#R{0{t!Y?GR1eo<Av}(1K)^e*cr&6#s0?c4I-^Et4(iN5ggNkw
zNq3zr?|qzhB-F%pcmVZaw-4sQ`PQRYkMx(;av#kIEwk=IjmSCFdGG|)<L@>-@h6i%
z2dezi*hugHZUoeW3z!$*qlPBSXEP;*QQNXEYBBakjmQdAPd=j7Or|g9C!e~QkNEGX
z=gy!S@&YvyQNNn=AUoF5{x40S2F^zf={wZo$ob8@G%8>)@&2f}oQvwgLDXybC2ISo
z`fl>qK;;`|<10}^e;u{z<NPpFR0zHQ`~T(ylwmyTz&MQBZdWiC`ttv@?c$;e2t&Pu
zTA|j$RMa`L3bmN;p+?g2@%1(|pS3w^#3rI%+XsDoU2j4El2Dq2c)q^gA+C>Fl;cnp
z??ey&gE}w#{d~QPEH`Sg)<+F-Z`A#%=)ps%k$iw9@rO+>8OhhX+ge6)O^*hXpq{Np
z4e1qYbbnv(q6$aduY(ad6jk9VR6`%3)<%NJzTRzH8Z|}rQHyb;O`n5WTkBEVeZNaU
zC(=!ffp1ZB?H6FuQ=tkdfcdc^Y7vdZJGc(D$R<Vc^&YM3Q1MHc3*Vv^Ylf)Co|xN*
zDaIhu-7kT@-UB6SG-Co(0jaPK7Q;?B2bW^>=)TSc+=yCaBZ5p%SEJr?S5f=_C29>N
zh+(E89HS6#f?Ditv7+Ap`v_=gW5zT+D1aK$MpzEVVJ*CB?`Mx?)<jLzwsld9X`%H9
zYSBJHP0<(BNtz(GnaWJ4kuHHrwEwFSP=y^)Lp=wzpVwhdyp4r1ZX7f8RZ(-@2i4P+
z7=q_fbNUw5(^zqRop4NyYG_^5+pj+=|3XZm{eOr+LA;NF7#z<$m=QJS?NHlh32ISY
zK~)qfzDf6>Mz9)cZ45wFxD-{<ag2&jQETEI>K&3Xfv@B0$jnPX+pIEbQS?SVIKrkc
zM=jFxsO|L_HByNa8beV%E{Zz9%34QSkD%66q(r8nsZb5An27za)!u^y`8%rOEvSZF
zK@I(D)Z)sP*yJmP+V?H3Lu~p2)DZ7O_3!~|k-kAqRiY%OqeZN(ld%8Ql1U^4;C9sF
z*^e5s^QaT?2A0B?SRL~u_4WSzKL&LY9>ECw57pqXWM;edMGg6JRQh+++9{OW*C~b_
zT>@<gtVf+tNmH01Y=T;R^HHn&0_uqUfZ7$I!6v;os^N37I4(hLyT_<iAJ=0>EIsN+
zy$ICE)<vC+ZZ`s2WaCgL(@|7UFQcX+MTl8U;nrrT5gU#=>(`+2okUgq0#$LMl%|4E
zRKrW7-ZA}AYh@F%mRx5yfubZlM-`kkm3ev8LM_S(s3G2ldaXXN@f4{|yd0__Ls5%#
zA!?CsM@`*h)Nc8TswYtzGa_{{w)TG?0(x*Ps^yDNbH5GszyVy1k<yxjXalNYf$7X@
z&WY-IL)6=FB$mMisMqonRQbu$o5h(EJ;ZBcu=am%n=li#26muUyOY5TeFD^?$&Wgi
z+M@2yw5~;sz+v2m_fZwj$!Ml#BP#zTRQglY_Vvxg{@1okKtKmZ9#lbfuq*aN4c!ye
zqKTZ@Y`b7odKl_ps*Tz;V^I5i4yvI$QO`X=Z9l(Ivv@P27IlwM_P=h-B0(qEe$)x~
z43(ZJiz%oG`VsGlIw8BFFZM^B@dMF=vr#?Wh3esX48ez}4o1mp8kh++HD$B9riJ}T
zP|v5KD&B}%MAuL~4a{aLNQ)}4G#0=%s0tUO7UvGs!So;M0E(5}RFoXY5wC;|@FuE3
z1>GEGbvMM8B#c2FByUg+DVWn#+!QMjAA(vV7f?f=IG5R0<x$TKK{enc>ZSG=HN^>Y
zn}+1YFyd`cC!@QRfLeYMwTk`om?6)KI<XpJZk&sG@B-?=z`SOAWkV0~;-~|rIcj(G
zu+B%Vfn%t8?qX3)lF!>g*QrlHJsE<kXbWm+pP^2+botFtWwlmCRqz{X4(Fj3(^*sn
zZ&BMYw1BTO2uq^MJ&G##8|t}y1+_-le{H=1UYi(+8<SCsZ8|FBY}A~eLiO;ajr)X|
z5lDr4>EywESP!dWvO;F6I^jg(n^B9qRAF<(cg3aJ|LX|ogsWA=yflVlUE=4l1crv2
zZ^vCx@g1mlzz-~r<%*j76L387%NUL=i<t&2!wSToV?8Wb+}Bx*)6rEA!%Fx%ld&Uq
zL!Xjn_5X%?2`xdbg{!E8C{Zb68C1jjpr&LQYS)}a$A>^^qfdlc+`eVZ+G&G2Cnl6(
z|LeguB<KLSj4|;MYX5$;>CwxY2a;nH(!($bmP9?@7`1pup%&>z)Y^H1>fjsH(Vn`T
zdD-Phz5TkCWB;pwaU^J4Z9x_A6^mic@@7%>Kn?X;)Z6kutcIZ#%m@uaHE1*H>_3Yd
zi6j-x_A86(SX<O?=wstkTpL(~+NT>)J-mQ=8{R;jjFBptRh|_!GSyHGX@%NOe_$@W
zkJ=51Dl^ASK^UsSyH$L>e`fR<)i9r`W}Ca&31}`FqY89Ut9d(m@D^%&{y@!jj%udB
zMyMY5LY<sbFdWyTM(PcEFi&;UpjxPH*%wv*6!h2oe;a`~B<w-;{2Xd6Ttn~M3U$Q#
z)-drz)~u+8mqKmJ78nhCVhkLDs%SE5?zf`KIf=@54-0DlzaXHOO2(R|0l87zr7)_1
zv8bbTJ+{T$I0VbqGGE<JV<Y1EYWq5ia0b@LusXiZbDW8za70~SXEesH=j$}YIoMSD
z{|f=V6dKm|_5QP4yHEuLH82NHThz82i(2KoQA7VPYSH>OG+)^wupsdXH~~-KSghB`
zEb2$r;KpXr)<o~m|Dy?L7i>bU`kSb?o~MbK^Dxwz-v%`j6HrI(Zqzn<k9w)ZYHAi?
z1*}MXFzWs})KopS@xW&0yh+`R{hy2*TS-vC7f}WIHa9&lf_ktC>f{=T>iG@p2fRT%
zP75=~FR>T#NG;8x?T>nX9eVH#YB#;YAWYhd{jWuqp_R!HjvC@7s39MNIstdt^jE0e
zkfgOa%PXJ??2Q_^#i;!MVgx2_V@}TIsDo$`YWrP6mE-TWB_sPZAFAR(?abS5C2C|&
zqrL|`wedLZ&7#bT6-cj+IyV+#N<4ttrVp?T#_3=xtdFX2ENZIvqDI<%M4&8zG#$;h
z>5Q5)7q$9lVmR)>I`{)eVx3OD&Op3}Rk2xT^H$q}s`xEd!NOh40W}c|5kHUWXsoW@
zhPqAx0-F0)s0`DvJYK+X^mH?;ya{Rum!VF&tJoN0bT@Xw>cr1t2~6{wIndgo-v5iS
z30^}@O;`_&Ap36^0VP~OjYP7Z<_C~gsJWewD)29?k1>0hk!X+8h#$eySiiS9=@z5P
zJBIl&b|14g%AwvZ<59ckFh*$qe<x5FOZPQHIUJSoDr(MR^)m$&M{TR&*a$D7dX&4r
zStHZ20P#K6PpAgu8eo2K>4@s!5!BqrX7RiF)k;MIy0H{><27n3vJ5o4pgra#J{OgK
z$)?90WYSBZR((I~I#j-Y?ERF3eZ9Zpt&77*KZ2T)@<Z7FiG4XJhL|4C8D<We+gAVK
zzTUq?mI>A48K{CkqJ}un2r6dxxTvpI8%LVeeH#ObM;T?l%EiTC;t8=o=EZHec@#a>
zD(^Vj%=HvhPxn~gqoyLu7;|E^z`Ddgq84MdvA#|b9ELi252HrXXPlXe@~G850(E~q
zrpM=)1rxaAO^-{W_H8@V+iwQyEw&uhfNj_TU!qQ~1{2H=sqIkl->gGWC*C9*UuWHe
zdJCS!1b7!i(EUh26(yNy-s2fi@zSV*YhqMvj%rv(o9?1sqvLFRCThr+p+;~6YL!1h
zy*pA(GU;VdQ#c42Dc9LcKyw>7+3feWs3Bcx<4;jjlzECd$*Q1+au8}{cB6Xo787EE
zspcJ#1wF*epnBdGQ=yAZaS>+M{*OG(^fVu85tTw6xm{7KdM0}C6l(5Xpn8<>ck_j!
z5Nb77Lp5|1YKYgMM({9dN-khZe1pj`{&X5n{Z38=um-B)o~V645A_}J9O{8jsKu3V
zhS`=)QTeA}GTeb`$Ys=`3z})Z7vx2iKL9i00u03y=&FaG2$aOoS*C^EFb?tGQD38%
zqbgc&y@Kpo=Lfby-`VDyQF}~8{4%P7SEyZ*VvcEWWz?D&WZf}`{U1!ie<Y{@ap#(|
zzYc19EJY33CDhP=#H1K9&#Z+)sGfE}jns7X;9gY4cTgi4XTCXMOQN11ih8{-n9u&#
z2%IB9i_U+6d7vb!$GuRibw28g$4%5C`-mzi)*oi*Go$9d45~pLQP0mnmAe-;^gqyp
z85f%EUd|<;)!YjMaTDtGyBA~QRV<EAu?l8g<m-gvAk^wVfEuY!sBN2mv1veFR5?wo
zeNn4_8mc4PQ5|tF67UdshI$DFEipq`9@XORs2<HnP1SMq;A2z+0+*WYRTSeBuZcRy
z+FNJZ^dlHf`V9=h<jcGx<T^zNlqI1h>TR_iOW{)+&+(^O)$OedQ3uQw)K{rk%gwe8
zM-6#<jEqxI+jJIsa35-y+_iqkOxpiRSD3jhjar1wP(!pFwQmohhVnjY&c9g`uQb~-
zH)^D+p-#vFHhltWO{_*8K<7~n{ugs$!c{D8>UYW$(7x@2TE$CHi|!OEW3<&~NW)Qc
z+yS+y`e9Mrg=+YB)CiPVW42#A)Ev)5ZRho<p+AJ0(ue5%-~Yr~YlgHqYBBXi&Fu=*
z_PdK3kx1*zA`M0l@r<bbUJf-<&24-LYQ*NC_WKspB7ceMV5aqE%BrpRb-e|-BzU;7
z09Da`RK+(?Ur2tS<}z%9>0wjUT#iEZa4Bkt_t^La)KEV~J(qN&>2XoidC<<r=WS&F
z>!3JBLM8l+8ltkB%$&AI4b^n?HVic-H&DAF_GYt9v!l-X;;0I$pr&vrdbcU6+)t=A
zk#vih@^F`cj>;aWiWZ}W=rn4`-lHnYvDLg(s-ot;4eFh+95v@hQP00X?ej$2%wh~f
zjbsH>2RfssY7FW*cLf0r)j8CIKHE*fX;6!;IO@TwHoXI?z%i)z{~FYDJ5W<{3qAM+
zHT21L7>l8f+}5au&qNyHI$H^7sQyOvJl;;T2*XeXw?m~*KrN=NSQKBO4xAjj%wmf`
z4Q*3YMI%s0`!+0$&rlU-+HDqX8BC`A-;{t(EEiSbDpZAMQA7U`HA0E@n4UzS=C~uO
z!auMS9zlJ72-<5pkRQW|w?<9Pa@1P5fT|~OA0t5hP8I^nPyw|Vd!jNdM~%!WR0E^!
zHwEWIjYKQ-zQs`a&e`;s2TX$_P#x%nT4OU%&mBRXpg+*njl2g<LJQQ8%|$if9IA)!
zPzOkoLuLp=Q6p3ii(oe!--rc>Uq{V-g2QG_gkd7$bx<SJ6}9;09cKTl=ZEc$ml&6L
z(j%s)Sy2sYXycPni*G+_-~WRu=&QY->ZtjiP!*Nl7uC~+HhvA&aGztQoD9cYvs%lO
z;NeCG)FK&=-nD=_n$Mz6#>mG_gL0$twL#?@VO@!ON1Q?L0fZW%q<@(ytcQBZjYM_i
zfJ;CvdVtzyK_^Vh)1%TWq2{<JYTy2edhn?A394a1Cr!`8Pz`8-dMOP;<zIzbv}aIj
z%=eV(fSZee7D-jqTIh<Jy9KD89YM|66O4ihPMdunjDf^6p}v~sL2a`}s41L>IzKj`
zreZ&8kv>9|m-dXegRWDRKxGp8pfa35&3V+b=D|X!HPRf_lkupAu1D>P+o++Ae$I?U
z7;1>yp$C_s$~}V07wNoNjJYtc_J0Ke8scH7q1l3(^GB#5OmV?9pbUD5cSGfyiY4%f
zy&vtOS!}s6g!B%mk)435crEILyp0;EuNa5=or0H4k1C=v_Cu|ORj7iFqAGlhJuvCt
z<|n4f7(o0DR>04w21Q&pC*n9%1D2uI#8LFe`=}9qjIQP|`4!W$^r*#D61BR!qxSz~
z)KR+?H3g?I0lq@L4Fj&4KRF3QO-)hMe(!`qI1)8gzoW`Oh+1QBuCo8NI1*j+b;7X-
zYUl@|=5UKme}!6n*{_?53!oNV6>A^V_k=~L2H!zVo&OE9*s`HUpgwAG_CnnsdxQP2
z)wq=e_2@pTWuH;o&vVn9*%7FGE-K$j>j5lE{3@!4NpG2W1QsVg8dctD^x#{J!1%XK
z{)R4rs3eR*RX7dRgWag1x`!T&eaD>LIZ%tW9cr!2K`o|}sHur|*Yqq4>iIgTb7Lf`
z1Itk5UqFqt`_U$3xo0Y>hWhT-9aX@1)JtPGYRKNB3JAGx=DHNBA>C2=7o#e=fJN|!
zy<g-Xv&K517V}snKY#z1fKI08SP(rA%)YOWTD?P1bG^uV(%yfEB}q^A(DbA!s$nxQ
z7Vbth<TQGx6tyTl|C;*pV_NP1_BLS(s>MgpA0t09BM}|dfV8MxQ3*9w9Z;)(8fxzU
zLiOwes$m%(`#O8DlQqi|Gs4eNCu@wSJWu^j4gyMOWgVj%#Mh$UUjLvfPWH?cPyp4V
zdZ<-B2(_Q*qMkd4+IEqjn}aJJYHA9jp6h_hHwE2r0>=nw=%c<cb6gVD<Ibq5nThJz
zNmS3jqlPx^OEY3su@LdesEW>_^8G-KOuAR5Bh}GEd@NSS)vwt9YKiY_^I%?7k6WS|
zG!M0nuAvG{@y0C1QmBTxsQepH4Ss@ZSls_igNvZb?}934DQcHIu?D?$&B2lFtr^M=
zs397K`X;j$RlyTfK`Gyv{ap)nkjz9CxEkx@S!{@*?~P+o6+cByan=uJ*HlB*Gsq>N
zIb4P+@E~dkFIyvjG!NuPy#<@0_WwB4$+-u$zaOApE|ET&cnGS(aBFi6AwJT^SD;Qz
z_cQ?&811v^aTuy0JyAU$gT?S5=E2Bc%(g6q+V>4m6^}!m{VPyYaRqgR`+PN1SrEgC
z_e3>(8`1#RxotBf`(|#`MlCiM)r0jmehGDA1$;M0a3S;%ua266-%t&ifvRA$y?+Ds
z^7@8aLveqY1{TEV+W*Z7XlS~iGEPAa>2m8aoBl7VLEli@F@(P*ps6c@-tCA*i4Q`(
zz7JvyyoDO!=ctiM;p6B1VYM_S)BdkdKttObRq#4Yh^J8nJVY(Vcc_MC^Y!yKxDx7R
z)CD8sNL0@!phj>D>gaxi>UoHtX+Rm&NOeWmm%s!9!8jTHaRcgm!8TMw4x;w)b<_w%
ziR9<q@0qa_@wTXP)}yxVCe+-&LRFm6-&9-`HHCd`e7(P)>rJ>uf)-D#$bR0FtT5`V
z?uzQs7}Wg@sNHb~Sv*e606*`UUmlAS?}E*6GnT`|QT)8SrUhz5CZMKxKWgMIM{!Ny
z1qnJ({G<ALze?ppRWuw`@n+PJ-AAnzC(ztaiP|MqFaSrP-ky`JE3Jo7BYGP(g-=jZ
z8r6+vdQigJ2DQ(}qlR=FYUp>Oz9&3Fo%L_fgK49iAuWwMp!(bR2GrZ|5o&6Kg3Q!~
zVqxM{uoAixZNeQ?MZq!51LaZYKzr2U9Eh5Vtr(8Cuowo%G^@WUYB!8Tjlg2ml<Yx`
zq;D+K;OwY1P!&^Z|Bob~MY9sMJ^n=vaje*W-q&aj)YSCCAmu|<v>mm$E}@?LhMJ1B
zaZGwc)NUGXU5t7+96%jhFEG9Ke~P$fs7j-H+8(va7hwrJit2gvcxEl+L^YrZs=)pj
z50|3{_n>-s8}(L<AK#2XHSA7&F!sR@=>5O{*ENCJr_)hWa27Sk-%z_CdqQ)tltrzH
zv8WN5fEwBZs73l3H4?#zOgRy#x&ICI)omJT5$;1jJb|v}_zZy>cpvLy{>0`4`yDkk
z>rwfhqvqBpiJ79L7@K$@)b6N+s<1t3b&o|&!BNyyJwR>4prmH1iX^rBzb6SS24^*D
z?$4r5t~aQW$dt@9q!H@=Y}63%w(<W^6~<3)8eSPSMeR@(k3fy&TGSdjhT3KP{>2Pk
z#uO%FZPd^XL=D+SEQ_~LBatE4+;4&E*$mX$*n%qXCaS>!9zX97ECo>`QUar6b5uE9
z(1WX80-E#Fs1|=g4N<}n(~~l&9yCXtSYxe=P!;aLB=`@8;}6st2v2F&MjO<W%|NAZ
zKuy(kR72d41k|!zsmw?eMZL{Bp@w>zb*oLkit$PRftrH&sZGPnq0(ESp6`$0xCk|(
z|DbkP!Zapc5m~gZGl+n0tVO+S9-@Z!JL<t?X-!3yP;)#C)suawxqOV;rXlIfJE0|N
zTP{NN{0!=)_83*(OH{*CrdK`e|Jnq!eR`nY(~D74atT$DZw9kCGocz<5moUp)Ee21
zdj1h=zbD9Owrh3NBK{r2@C=4y^h{=iDxml0|84}7akvt2FX}8mk7{W^X4CRQsCZ|L
zg-fklF$VEts2*QNt%=vD21O4w4J?Z~`FdIZMDM@<afLuQHv+Pl#TJ1c;+-)iPC_+o
z6RPJ&Q7@w(sQn)`tJz*jQHwPf>g=zNI!PCx7TqCx|1N5Tqh@3OYmw#2X0}ajR1e3Z
zT6zHWwt9nln`O^#8deiE^gU4pFGQV$doc>Wu<0LA4T+b-jBst#+M0ygJ!^BgrsAt4
zXgdVuG(9MT>R}i3U|-ZepM$FSAZjhVKyBMJx%|BU`dv}fn)w?wr9V*TN50(V=pBMu
zW8+cVe6LGDEq{#_(UZsA=!6=&KTtz@*v6luMkID#GuM?-Untt5${B@f*ftEum#Bth
z%V*x6ZBQNUiKWopNT3LT&!{;mkl#!}D^x*q(SsLJL;DUj72h#GrYc}YrU9w}L$Muh
z#G)8n(2Q6Uj8A+lM#F_B?mBC1!Xfl<<1A{?y+)k}@xsjN&5Rm}y6C~dHhmFl1kRyW
z|0`6!z(VG^9H{f4F=|bXMNQc*^#1+dD>mU7YM(|aY<gZ2m9ZbHz!|6mXdkx5FBpK$
zi`Z{Un1J{|)b^Wh-GD0R6zciMs70GPoDt*vaf%YqYV3@ff?22vkD|U<yhJ@1si;{K
zMNmC$hB|oqqbgj9>fsU8VttS5dGcar=*ytal}4zS(p2>B|4jrmC-+f3dWmK518ORY
z7B~C9IjZ2EsJGlaR0ZczJ^YSpK#~$>m6t``?~Cf#GSs5Jh&o3;mSF$uMz)fs2MtgK
z^uk2=C+dOysG)s;8j-Iy9=nwJMwA{Slb#8+s&k-DzTT+vwxW9eFKSUID{Xc`wbHH`
z`UxaxRc}YF>RYHDC5kXD&xMLNK^-9dQFAyO!*LsG^?yPgIO)rnhPOwZ7ZcHgJ5e3J
zfjS4Gx@FCf7C`OmCK!$jP!-)p&G8S^Di1AZdQ=`YGW}3%WdUjp9m9h7#-?W}Z_2NU
z>Og-~17@N|!aYJjbNmfepr?YVpakk9>yFyTb5Sk6jp}Kvihlg>Kl$kwOX4!r)I7)N
z=v&D=7ZY{9R6%X$Nf?65O}guxAfN)HRW>~-fQmOoHDD5I(e1#}co)@>3{_12x~SbT
z7<JO^#$xy$HRt)O8atxi|BFyl{Wmty`~M4p2oma4Gef=*wLSKs=I#z^=%Q6OBa{v`
zgym3cpciVDPeT>FA2pH>QBxLJ!whu>)T(ccdVU6a|NXzi1T-|)QLFqv)DQ*MG!4mY
zEsxsg?X4qF=fFbLZrO#Jf=f323F>Qmq*}&As1eAF%GU^8EuQWKG{keT1Rg|H6s5Ll
zX)4qlRz?*t5jE5YQH$s+s=+zy_&Gk<ITAYq2lKrvV*n%N$EiqoH0jIPr&G8WK{^-z
z`!8;!Arzg2c^C^9lcuYKudx-D=HXQ~zTcV_PmpB*6?CWIxKa2;6luZ4b<MGU<=I7~
zrzKBE(%R6<IOHuGnfZUmP0hEiyJY$e1Nnr}kYlzX?R1kX$l!FK5dK*QXBqdSk(LnO
zQg~&`a`}9>74IZZBtGG!MJ7*9KK%02dz~l$E|;6d%uqO;xN(5Eu9SF^bnX2+JbazZ
zfqW8^=R3ZqAYIM4*NeRTyM^AXflXgc9$!93OtO=J`=x9>N}6iZ-DR{iJ%wnYRHg9Y
zJXC<Vt|Q#5WP;xRX@00J{2~SMn^x~%y{tg~inen7bXtvPH`r%He9EXvo<I0Z<GCUD
zg7mtCk4Iwu|KfqxB;2I%=a`y8wsSKph1Mke^J+|5dGb^yfpx}jxy+rhq(>odJjyvh
z;g3j8Prj9;HMb4RP5w4Y=a~S)<q0>$L)!nk{-zLJO|6Z&8HvJTQ$Pm_e$3|~_p@=o
zEn!^^@DH3z-tOf4PIx%spVtCATKjDN3B+|!>H0ug0(HRF?@hc*A-~(q(+TgV0h#gF
zD-9KNq#*t<!)Zsj7kPB?=5_ucoj+^%-&LRZXky`bpN6;RUL?Z&0}I~mJcPQu^)Dn*
z*8p4DUg9;0hY%mcgZ;^P%=Ro36?WjWoe#g2cNW=a_53D2{Fc^x{mXM}`IO}I8)+|W
zLwl3|0^u3tI{35yYt(u^Ey?`zI`%X0QySBqg1!(h%%>5bEqn&?nM0vHc>XWjft93X
zBitVs;6BRbjqdEkilpr$|4_>6sQsUv-es_@>r1B3e6rYSI7g-(6!4a`^E_Oe&n;Vt
zes#K$Pi+eG=YBy7_O<u;g5$mRQVw4ez1I}(1@rt=>blD_eej;kf5N$um5jGZyv(OH
zVg4M!>BnOoh$pgzKH=e$#7hy6O1KuEf#fUCXQ<6Hm}m5o(ZxRt;nd}`ko&r(^Q^7`
z#Q&t;K=jUk88XeG(v;@DQ;M6p$?Qu7Ex8v)TvrT^%tPcWK)kC-a?aV_RU<79pCmjt
zhI@bWSxVktuX^13$L61C8sj?is31BS+jHYO#^y$Hn@JDzZgJ+>9w@$%M(IjPzIEIy
zjd5)Qds9|vKDvTv?9ZzZ_q*`%<JmscamrNAzX##%|IcjyU%mY{lW_!vowu2Fw*~PP
zq^}};O$qi|MVc=DxftgHjXFm~JNOi_4O?bz|DXS6<DU2L|0XBnb=&F-Wa&i#<w?uQ
zrvwH2(v$jR9%&0xDP?HXdPXIjaANZGw9o6_L7wk#<7v6~RUP2j5rnz*ziTk%yYKmr
zuI}9AA2M+o{?gknHawg>vADN~e77m6JL#jTJTo?+#CLqo^2x`&>7<t+?-|0Q?ej~$
zHT>WI)F#g-o&QaFATE_Zq>>+eT9R)D@ozkwkI#9++esUby0()xfpBj=ugO1)iuv~l
zopV&EE70as_#$QhyzX-UplwhBo}0*xe478OBrYanVIF*9A09?pM;ne}3;tmruE2wz
zDBv^q(^2sc?#KJ3B2_qoyc5V%oA62+sA~gxbuHkt!iK&3uO%7QQpkC3yyT&>w&IV(
zb=~AMf%_}C*Mf?&^YCxvsY6^>b1EB&XSt^@s*Ol*h|yR#A8g}^I?s7#51*ZiaMj`7
z|JMH~8Zm&xzC0XYx6T&|4x+L-eERZv#>3rss6TlsVIn>ew&&N$yPP~9yhZaZ7Z>Or
zWo?7GJlmL$hkUhpt|@8V0{(yfP6}@7;-2?<WqYT{TOQIihtCWex}CgR$oPTudbR;k
z2)E_lZte~9=KjC`scOrch;7N+htCFo`oEL{Lin8J#w-dgMVMc1I7{sV$q45sEjITG
z@z4swf%aY~J=Qm1UHn0+lZVPP*^cZYZ3^Mor2l&LpbT9TDK7&*e>(qB*q>yI#f|!e
zkK!gCTt)_6LFD;)Rp$PJU*eI7>j&0Ue5O#wCZ5?u+DMz{1?6P64N@5cNiS*3Roop-
z532JZKe+y%YnP4lFKRk#xxb#f{6yvKCSI5df++MQAO6;c)0+bGk)~@p)+CRvr+lXK
z%uPP2y(#>Hiq3`d+%%r)rTL#r=B#8mO+tFY&B=HMYmq4<=|!;*g?g}tEw~iv*{OIC
zX(4tvj}Q;CjZj_u4C6%Oeh;4Mfh);(=a-(hB(1-%zV>qYaib*}R+BhlN|oVpz59Zn
zG#wv4x)yQg4Y~gKrHb?1t4R85T*_xU`PSJcekNZ(!WnG-Mz-pHG}E8-RD3qrdwcK<
z&$h!Gl*i>d|B#^tO<H6d5YJ{_NQNbZuaZ8VLPrr!KzJs3?-Aa?{oJ;)5>z&u&sOfW
zBkdnNK|GXj8f?Pn24Vg!E@v2@pI1p=`v1_h#CdNE)6L7I9jCHqRCI?2T2tV!*8%Rw
zAb%z9ALm|0J~c?2Mn#d8hJA_uXCK-^_~$j~mwF!S=c1W5p*@+l5#L4pCAlACG27Z0
zG^PgyU*Qv#bRX39JL$TXSVwTLA@{;4YcpY8v-te1pMR&#`Ip9KCeIA+yYq<@;j@^?
z0TMqFzDA}(Jdxj4qCy6ct}7{iBJUAf_(Ae4<Wr1$!$@n$=bbmF`Ogg-K8(w484-k&
zFhX3e!!H4xDm;{!N-L7cZxft_#7`0~!2`>QpEjAD5rnspFD8fWR@<d3r2V`y5h%?4
zX*OXX4ZBJ>HRY7CWqcql7HK<pZi&w2Ed;jPLYh+OWHL6yo_rGVNoOClWje`d+-?df
zM@4J-{JcJrw+iV8xvwjWEi;7p3gWr=bS3|D(wCFZdujj8`lW(5+^9=Ij(s={5A>t;
z>q*;5zB4$5dt(S+u*0c>Hj<Ws_#)e&${35ZZhS@(K55g_5>G@OD{0gkbf=Qw$EPw0
zvG|Ojuz6H+jt8#tIb$pFC$p|{_|X>D#NIo^^Sb8qIYb%7_~hjtzu9)$6Rt-3Gn@AX
z&sQg2-#o+b#mF$8-h8)(RwsViR<@ppI@`h%llCX^F29UcVO!{4?#(A(6$;*G%V|L;
zCfWPR2`{zjWO2%ne;o0}kr@99wz4WVvofqBJj14^vK2lc-kgH|vhg9r*O0F*4gU2S
zM;=|x$;aRM@m}r8o0z<<$XkW`IY>W(;jVo+Cka(;I01g;v3vI6N%ZUs1yr>?m_j%W
zp9eO7TnfHv?~NrqmgmaiYwkDa)5+#jOY(8AF897rW<kP1S&3{SaFzn{PRYI?uA7c_
z#kPaazccAv<L=LEGr7M}^>ds=u?6u2pRMHELi*3E2H_aL#B*`qhkUyB^Qot1asR1J
zQ+gljSrJ(~lB+wPHQo@Xxov+`c6|WhF}C3MG&CIzeMKR6aSa8`_@zKS-iti^LyF#O
z5Z)%=0?PQEFn|BiSxSDL!Jhv$*3|EGBrzo!Q(y`*)g^NV3R`D07Uo_%;u*L<i_fpu
zed3qMAC0^T@#ocpz<tVEY!h}^KiNi)S2?Ob4-d5_@&w~!N77>cQcx>;v6}`A<ujQ^
z<iJ~07WPY?Y2?|&CyZymalaY*GlIRzcabvtaW4iHZ{+#qd_qW1fNlskDiQd31@W*h
ze+nPQC!LA@@4vlBdrzz=1?YOu^ZbE|Gn3DVUmEn(mYKww#ok+^UUL=2cKl6E=L<Ko
z*u<F>%HJt;rqa@Gq#dPDU8_icKw2=3t7Y?=JN(p3+B!bRc<u_Hc-;8La}5dm{?f6Z
z`DgO{3tR4deIwA-n#^svaSB%xk4%Q~RNBa9yiNLA8~&a2T(;niG%7XE4Iut6&($HW
z>jY`@ZJv`nH;LzullGWrb)6wTnMSYDiLjhV0sG)=9x6m!S9_bbg?LAs)|2#@6x5b@
zH4GqsJX}rQjHK~LNX}fFcP(kJD1QqcB#*8?$v@CGEEDN&AphygM^`sK>3Co^t(?Ut
z0|gBwtrqw9Vk_K=6DVvc`KsFIR9`hJzDJzDgX-)dT$AuvD%wH5E|`mWR@*SLJ4=X{
z)BaCtTeFtL;$+@W#ZL&wBSSJixhPCmMQdZybUm<z6(v0t&z#0uq#dL@{w||aghrkt
z?=tR<BmYNiLwbC??=69aulb)&rEhpBm2F5~EJ&tuWQv1_C}=c=$0U4>ykqQ8-lwq5
zq(#E-sOz(B+*{Ig=}*ITE#~?9JQvm0QH}foeDo*v&O-{VOQuIW<YzPVCG9YUl_tF}
zb|+tYJ_(6$<(?mVyCiw_2b%pTXdm}ZQ$bPNfO({)R%31aJ9Z##B+r2Ns!W<Y$wt=M
zifz=nPyBZ>yrE!S9r%1D{O;$|#G~?gMx&!qaeiBoAK`2^%x$N-%|93K*l=&2sm-U2
zep2GE1beSk>VXM*|J#$+cjXh4!e){(4u@0t9h)aN&o!{m_96Y}m5p-h^4UvTcPbpn
zjg-W5k@u`^*h|7gyw5QIambLFguiSFv9T}lIaI#ij>>E@ZzoOH-xM;1d)p}VH^Om$
zsk|xacgQynuiN|)wu~p_uSz%<jk=2!$+JlNznIN%gMy+HFGBo)eOMJ{vf<*k^_R#u
z)efcZ>pISJ6RDu*FVF2GJ&(<ok!PQiN7p6t@#me+W#ZoRuZ=BOHxK+0E=0TvmF=_*
zJWgR5d1#L<C^`2YQ;@F9+{<Eu&Suii+lC~y4d_H(U1PBXX+zC({9j73g-xZBM^ql)
zKKQ47U>bJebC&y)Y(r+)Jo*F2t33aS!Y1=<AqpNy-eja-;!}Zqw=fHN9@&P>;C^ab
z&LHjoraT;*o7#$BZKj2UtCO(-A6+XcXcXb2gfnq(IF<Frb)-k(GxX=E@%&<2MhEg&
z;`1;0zEfdBOiFw_Wwfw)cIl7RV(}SGg1>FmUJBH;!NwIX!6%FYQrU`J9K-zrq-C}v
zsC>GDxp#?AWy;ycy{$Na@(Yo-0r56GcZv8>)c>V!XEL7{Wb#2>gUNK70&elZH8RE|
z?HFm<iI?IbU7ffe$}>etPfK_|&)&eFS5ET&y!I2`%4Z{alJm^ZD>wgAvonQ<@=}Pd
zs}#PFOs{bj7FVO}y(ARiL%ad`R&sxuZAf%Z!mQ+p#^(Z!{l@+4ID~Rv@l1Zo(Y1l_
z6~Z^Umr{-3`C$Rf{~d0mv4z#-<}Pmbps?(Oqfv;jGIL!eKFsE8M*2lQrO8)-`(?S`
ziE<(nK2A6f;XJnDJ><*Hv&Viu%QNvw`;R=1=J6&8XB6SOMy9b?g0u}3Hkk)M+6Fx0
zUJn~q-Wue2Vk@aYISGk3;WN_aIY~Gw>2=7HmvYt<Z_9Jf|6gBc0v=VB?D3p?lMq5!
zLV$p5*GO1IkmVtWIuJsDKnNII9w3HG_f67cr@Ot~O$ZZS1`)+^85PI-P#K7f0yD!5
z67eGLM8FRR6<PF&h@dzMD6;rH7e?Rj+&&%RGOxa``qZiVSDiXroenFqpYdLY1D#Mx
znvK!~_#qCrGtlD+bxIq8y^FjV+hH}BH1$@qxdQ)>k<)2=qVGn~zryWR+=UVhEn0r<
zs+{^QDz#yFd<h>;7*p<L^c(P+qM{zh+hDY(;1g=pqhObjounV&KZ2L^9<7-WQyTDp
zomf7`X@h<ZvZQMgF_w>9-Ig6^zm)zR*@0~QwxIh!<#$fmrOhJFZTR1%W>l&2S*iL@
zlhZLUgIfCFw*lNKFnftvs%#(eXA@*hkN$w;5*#IMMZO2{11k9Lgu3}Nq9%Sd_8tU#
z0ZW#$c4dGclwZ<eF>&7_-pkn5pu8QQhv^TI6|c1#GzlJoa5Di$!?`VHk<F?Mrr#OI
znFPv#b(Kicw;Z4CEqpSFy&J#oU~7<%A&;azK#bEkJt1GbEhzs6?}IZj&W3vvs5SgP
zvZRLz;1bxTe-Hd7@;lgfv`FBe_}39nQhPARXjfwY7y5HxBk*0s*?@0XY!=x12?z#4
z28APnVG^KII7M;#9B?_Dq*mys!CTRN0!~sR+!x-BZ#UwcVBodb?xoG5J*{w0)9wJ1
zh3{R&UXRZq`4i8r2rmIXgmNv$8|lAHpg63dpNjrl<QK3#Mu1C@KSeL8uL`~z%&)M2
zgsl)vlH$m1(c7@3XTkpf_GF@)a#H@@@b%2-K@_b3MQFc)dlE>}W^^^!i|OC5f=K;7
z5-5Q`RS7HrQ^{ccv0Z`8VtW6m)g=6`V!(S<ykCRK#Ah6__Dh{S{}01Y5$r1*zeT<u
zz^g50fhwg}i~f}a%#<TQzsGMP!Cq7Lcj*5a-a@R7@L}|$RFap2pAF~I&m)Ed*MCJ8
z{{bJw(10O;^LF~bp}!9<QqDa9-$DNb0f)i=pf4%PAUnbM&<&&=jy?<B9&BI2#l$<T
zu=QXBiRTmldE_tT{!6+F$AthTRRVqr<6O1eW0hXo4uHD}{e29OO`sC`U6E_R--h2J
z<m<tmMgI+a0PHPNr(%7A{65&{XlHv#G5$p;8p$XE{|=snaTuHrufukpK)*#V=>hsS
z{GdweZ|EOUvy=AG*aGNw!M8E!)x<b}eXqjYMEe}RL%>eKcCq}%^Em@Z`U}o)C}3aY
znM%G)4Yr;B4e)I6JF(}WZ(xv*@hwFEX96C@_JYFi0`sDZ-GkN#AH?<<xc1;b#$I2H
zAgL`%NwOf7!0!;aBeu>7b;^ICOHv5Ocj*_XWqk|7r}U44e?-NZ%3wp0FH#A7!ocOq
zcAEAS{a5Aw_aewx6{xdH<|M`y$TQF%MSfleVt`fzo5<ipkuRr}GzNP=6}SWVKJ>T2
zA1K|GU?m-aZ^h>WHO3UMRr3DtCFnU1!na(UZp0y7U9Y#X4O9bdC+MTt?xTHzAg{xl
z=ue}+3QSLYFI8~{BfkRwFE&YcgByfgmguH@fvp|>>*Uw$UGN`K{3nV#$m(6>{sf$b
zlcaWVANo;jg(NhRHc8jvvxLrbV9&!d@XaFL9PmvFcL$g>Y~9h9AfF_Lq$0TfeFZv;
zp+BI>^nC#50?Hsrl6s*_QdkMYX}<&aD1$zR-&$hypdCRg=?wZ4#FVrOTst-JF#0p$
z3c3F#firOU4&WI8yXhatQPQR8SJM7TIZE9Tl3GXGMRuUgiN^b^!d8j&ca^|Di8%^+
z0lG0HW)ORvid}(ir`-R^D)>2ocL96}LlB(?FpTbhaFo<Rory$`B~^iB-(=u^@NEq6
zUJLyhY*!Ia(lYD^uoq!3OsH7@q(HkAqojYplaUt#to1bfScbfVq+TSMxJvkblIyB`
zZl&#rez&qs0AGhaj^4m0kHK{{5fw7!Zfx}ekfc>A%X9*C!FdJXS84Yvdq?{Fzzm_k
z1ldo(0{qhHcOuZGYT%o^Xg~fSOv(m)<Ydp%=?MP!$lu978zN~n!6cPoFbTLzdO#21
zl%x&VBn>BtMaZdaN2*Fr>bEOw4zb3-XTf!o252n(Yq9r2Hlzaj%=={g-Wc9hfsQeY
zuW=lOu@`NU_F(@WTrTZ4l*7Q4Bi|zNBr^crx7brvl20J-gy$0DQFIT1>yCT^U6LYF
zmcP7GrJVlCtXpf1p$%zzhB3a>=$9Yux4dHGP2<d1%=UVjDMmAy^UXleoENkVX%5Vb
z$E=@Ws>0D&BFr-zCk&04(df@0k+2;z^8GC%$D>waxW+FxJ}25#1cI@oqG8j1p%)bv
zF7Lg$3p}!M@8<I&Ga9H28R1Z{c0l9MEw8s~EPDC3qVdC53evJeVMFE+GOI14GBDo?
zHFn)Os?Wva3#J=^P#|W+!ZM-J`Tl-J1=F$oqmBG%W=e^(=LV6}=sU4KwXyZ-fnxcb
zGha2v&n|E4P8DL2?jBDSHSOyC0lPX>X_p86X2h5sj>H1tP;`zl`}(qyIhn;Fk`9?c
zqeKo?Wd$S5p(1P>;}c#9K!xdJ{X%|2c^lPct>LROLzR|M6NpuX<1r%?js<*HX3C7(
zP|RE~+Ng|F4)Rr5J~xmf+GchCf3k3I?k#e=IAceMcAY8$HhXbltK@RI_6YHpY<KuX
z@r3C5qfL~9l5ITX&vXw=5(`DoK*%2mRsNd=b4w?SlkJ>8%oKUf!kOZ$+*p-msKg8_
z8snG*qE(jP`Q0q>kgLxY-|B9+a#51%tni6v-6ejJ*}<7sDbk$jF_AHtU5Up0%ssIi
zmTj|cHFhATGKg8#92?WFH8>lVdq+&{XyqIkAjUY8>%^E&GVK;KmB%>Ky|Yg2(A?YW
z#nq|K@g?HC+kUBdOLGP;6PZqjWnxKN?;wWa)$`b=d}re_VYus-i5czPtp665i){9o
zV>usVbs!og5%<a!BCnPEz-sY~=-Iq@-XZh$`PR5af^u*t__%m5+q(<iK@5aEwfoKE
z!WQo4KZ!eaXX!feo)cd$^4%xbi@s?ce3mze5x0X0F#m)2e%)QWNzB%>^P@(E9j@l6
z8i}0TFE)!g;<8xW4jE=JXv{Z*aVyFZH%!B}d|{gdW(O>eq+jM%ZN^fTfB0suJJ%KI
zdY;b=h2+ZGRx}=z+iw4K^&J0Jk(X=QzAA~6b82y2oRwQecbAV9Z7#86<vxp#3M=NT
z8chOZ67U-l&K<WQF_WP?M78K+-eRGSMr&kp-fa4eFD{!}I<c%=-k9>~1v6&2kL?t*
z(j5N#*ip{G-QpT|!W&{ynzL`O*y?WFCo(kWq64Ch(ekiybbMhhdpu$c9z59SpYM+j
za5o<i4e9NC;ZVr(d3T<@aEcF!;R7ffVcYU*1ldrD<XvnAR@vcrWtCA{Ftx~u9}<V1
z^M^!653f8)U1Fu;3?Jf#n)3R)*M1<1MY?yEO5M8;3sdXQMC$OlFk3mbU+{I>9~GV5
z?~jN<V&07F%8E-T)+Npmr8v<~sZ)B}^0rz|{KAd?2}TZ?P#GrYB~e7J1rc^RDl;AM
zktk^0T<4uRC&ew}i1rJGK2hDnT<B;d916&i@7<{uk3n;xcb-2frVnFd&7TH}a39#6
z7NtHOjhlABtHAwS@wwQRsP(qeJo|;{qRC?K{N}XiCO>}VUVTRN)|`fO9Ju}Ggx1<M
zz88nY=3MRR^sW_VFlHK7klIx}k4^O>%Dmid>Drb7gNs7}Ux3rN(DVhG8bgV?Y|5E<
z<-f}0NC$(aKkOA9w|0n@neMI}sm&6p)2=HR?YuHX>*S8VQcDx=($U)Z4sP}o?FeOT
zn)Xcxr%$=op}zSc@UgyD^Gi@r8~2-BJ#K@%1gxW#7@PxVHa`a?X2M=!E;MS5AX^rW
zB;pvXoZku=KC^mWfMuol80_MFR?eIsh=zF?h-@x!bLVRN+xGbBd(bi&=f05EeeJ1g
zt=ov}ib@NMo0gZ3HnufzQYg|*4Msf5`KS0cH3q|SB_npAnu^D%knel=V&~#JwNB66
zsg3L8y!<iC!9T|Pwdj#F8+rNBJXYVZLR_Jk&01!<zLnZR(f7jY%CPg)V*)C<{)t7u
zW|elVqqBIEmhbpCX&=d(Xf5z|EAfa}zJTAP!X@7pr=d|ZobU7WEN4xlw!~SSrge6+
zp4MJXbx&>4o=tT=d_g<ve*L00CC9m8kJd56R1b^O`)#dj8jETLoz+cRu3PxFHmkL>
zrdBI;Rvy%fy8U=gEhlv3Ab;)54IkD%PjwnkXnmdP4866>a$F|d&Yx(Db*JewZF{d!
z(^i(w+iZ36DTYlAR6}_OoWCE}4EM?7TAv*E(|>6Xik#-tE5A*ss$Tnp_ELsBKSLj(
zIghl~v+}9FO<O7I$s6gNpr9$&NtSN!H1~6kW$L>+$dm8AHcV39R`<y^`WVeEYNy+&
zu9l;B6wa_t`Y^YqlRhXtJIs6IZGH25v-%?ac&htoZ~d(I-f(8sYr_O=x8@R^m(*{~
zk6Xd{7T*f|;iwUWsrMArC`Z7EhtyjWR*w(oq4_;ZaUM9Wb$7G#^;h&kiHAp;<(-Wt
z-y?5!D4M71RUKzff4!g4;y^L~c}-iR)Jo2VgvhhxbRD4QxqPf?+xI7r5|5EB3xI@j
z=Xf1?B4c6qnJe`5qF*dr%^j0xKlwN@^<Q|JZXTsCO?S*O`UL0v7`@nCG*&;K?%Xp`
zKkP1>q)*ZYT2a37d232$GGOxikZGev=e<vy1s<q3ChMD8IWx=jHW^+e<#lmt%JdOK
zy!VNGn4^52E)+FtguEQS7)E)Gi0?g9ua)V&oTf7U>!CbQJUgaQI&JE>vLZm$a(SbC
zhca=Zc<@M}sE~6{sVkjc=e#wJi?DBoUMSjd#nh=Sb@{u6uW7>)uUH}#2IO`}t){0;
z!+XrUoih0efQPVxr_igg?wdF2zZUiC$)aLa#wk;L0sh%@)_jgyZuZZfGh8Q>70ggm
lNxWoUZD51s^JX&*zIxaBOuN#Qr?0TA#PGXQX6n0A{|{JWRk;8F

delta 48998
zcmZ791$b3QqqgCd1QH+#1b4EL;K5x32?W>TuEmQxEZn_NC|<m{ySo)DR$PlyTnqfq
zyJz_RUT0rtfA`F+aa%#kxv)NX+RkA2MuHgA96q73948efD&;tT#c`aVAxd?e&Z`_J
z9J^pqoQJV|9Oo(~C4O(U;~c|(F(Dpa<2cFi3Z}%@7>e=Mns`oBI~9$t(}qAE5{BCc
zTdfzYuk7=9>l~*b`AVbm_r)k&g*osQmdCW~O}_T1h8AKV?nQO@r1c&qcU*c-KpB&4
zFy^&ZLye>(X220PeTDTX#wYzgX2bWG5z}wvixn_4c0$!N-MSWoh#$j5wC`LbpecHS
zi7{}KiKj(nEQOlNDyRzEp(^|t)8I-B!4nva*Dwh_Mh(novl&1dOiVly^}HUs>TzcR
zDR4Sw$MvWwyNRmc2`0f<TbN!9MO9P^Rj!V;t986}ne_l>BHs;6ivC*}Ii}gl{Hubz
zB*-eLk+sEW9D)h(II2U}Q5||@<Nn)BMF~*pnNaznuozZDE!}w346a8l*(vL-ZOp%>
z?iC4P=(pW**!)fw)JXGTRjiHb&=Sm#&oMb>*kRVZ1gZnAFa-`lm7jy@a1W{@cTo8P
zb~;X0%-|AGhN{>IyW%iBgDOyKmua9cD&KFYd<U@xrrT|1s0V6FM`1FYgIco9HvWfw
z{<rlrrs268vWICRkQ3GOL6{3?VO%_ksqrdmDL$e`9<<j?X-3pYOIurFVd5iDn{_X0
zAdgUcEABqC7m8v^+ILzIP>)^IW}JcQ$R3lyxq_vMzr*5Kc)vN{y-@kqU|u|q8qrrw
zhp7*kC5=GU+Zxm2c$>Zk)9L(QAdsF1A5gnA)j`McU=*gpR;Z~RV&l_od?RW%A4Bb-
z+o%!0!VH-5kSP~|35nN2wbK^W(eapp_MMeB;jHxqs;BV|n-1hg6{vy{*by`0YE(lP
zFcd#wPE2vcUO=cl&<QnD!%@%Yqv|_@uBQGU0;Mt5QPW^WRC*iKR1QWpv<TJEG0cLG
zQ27$_0?^2^V<D`Dnwin4j{b&WcodcYIeIYQIP<R?F7t6li}_LUGN>NcKwUH)QRjLn
zYI9CREzMr*b=2nigxai`PVfT4GN`5ToHR?D8&$p@=EE^3ng7ZJ_K;8xga2@x*gl+h
z3?kn2l(8eK1AS3bHv&uHVr-2Ma3WSY%^MJJpgOYnj2Za>j7|Izvg@7KsF{rCo;8~z
zC&nZp66;`jjKbeA9RJ2#nCP5&+m*rc#JgiP+>Kc=-k;`WR0J~-Z;hJC38)VJjvCkz
zOo;Az0wDw*qSovq24MX2=KLo|?Sagwd=*jWzaeJEo|p~ip+<B9wdPMyGnL?i=|FBw
zM7$FEV>2Wl?|%ZSa3X5A{*IcWy{Had!@T$g)v?SM&D!Nc%}guQ$bUv{!rd4j@1Rc6
z8`MlBxnyRp1ZwYe#PmA<V+h0|VKr)(Z$YiqHB5+q+w@NuOg!|m8Cf{0qDq(q+oH-3
zLe11->t<BPk6=kWjrlO%Uyf6R_MIpKiP1$(-89tH?L@8FRn&}p#N?Qmt*xodiG?r<
z<Kh6+^KsTCsE+MLmA`~Z@ioT5z^k;WDN8~?4HrSJX)_xigE@$=!x(rA)$o1PjD12i
z?03yv$q7)Ku>uyrS*RsChdM3Jb#sB0#%Q8LuQUHz+Y=-d#&4Jl3*RvB?{-*;_)=7X
zHyDA%ZaPj09Dv$<JFz%E#Il(2mbp(lqNaWTmc!wg9Z#WV{PQi>Om+O*ra&&#8b{c8
z71Zu;jGD5+SOmwRDma1(@H%Q{UZ7?)<{h&Mv!I?A#WYw2wWm6w@(*?iXo`M8ZJvXu
zseOc*@D*x}Q`|L6R1>u%eNnsqcT9`tQ8V`rwUn9enUPjO?TLPv5~tbpb*KTkHwdVQ
zk1#*}i|H}Xebdw0n2dNk)UF<i{x}uW;VhhiyHQhI=WmlfA2Sm_fEn;9YQ*s$a4lm-
z%&qg^fq<rRE~dtfm;%qCdj1SGbpa2}Ok_k&VG~roZm5n-K;>VD+T|xu4c^62{DAW@
z*(1~5HcYAWf0}@1;E6YZA0TWz#bZ-pII5v&)J!zT(%28x@!hDG*Ll>%a}Raw-eDL9
zKQWsyFRJ53QO~PlO4@f?6VRFtK~4QS)QB#i2R~qDO#alYVQEx)V+=qS<KRg2#VM$U
zrlC6cJL;J3L3QvHYCyNp)u#ANKvS3WnJJJPRY5eWrwvde?~18#EUKbqHoo0Hzl5si
z1*(BK&&|NXQ1$(Qf!GGKVfW|E|40J!NvMaJ|1l#Qf|-af#3FbCwK@G?nAdADEKJ<*
zrJ1SXsE##7ZLR^R```d(N1s<_26Le5t%JqTeZ~B1bL=D`BVI%G-0!vNVH(s@RKVQW
z(Z=VYD&BA7|DcvA!5h=jqL_zx7t{<dLXCJY#>c0q4u5rRLdv&h?ZZ($td5DW4`#&)
zm=m|5I`jy`G3cF1FM`U~4g+u+>NL$k4R8l)GhW3k==0vpw40599#lg0tSgqqVK&1F
z)X1Nr@}>D;et?L=VB*y=1~x%IY>CR(29w|f)V;A76XIsn9ypG4%yljjm`lPtEQ8ZN
z8n0q!;%Psbo=!oHcmqzv+o+Ls`E1sDGL|QP+QyUrYu*)gP<vqp*2IgbcSqJQN_Tm0
z6BtawQY?m9zM3^`ja7)x##;CU$?lZ;W~Oi-sv}RZ1@?1%ydAoUQN+KYuI4BoAMdel
zjT*oh)Lz(%SybUY0@{3WeNBe^c!zik^!H&o{Cu1S#4E=z4g79BhKWgkgvsz5Y6+9Y
z^zr_Tmlfj?FNm=)8kMh_jkiVb`R__VJ(_^p)!Q*IK0s}zl=LD$rbn$^J=C6Ph3dd`
z)b3w}+FTb=7nu`a>dk=KwAF09n~l#4@NvDHWj_fXGCV|WlGywXQ%OvX+Dwfw1rEg^
zoQv9AD^MfcZ#`$z@1Q#V5mTWLKhvkiG}dCM8?%0F*T;MHwjx0zpNbmEKJ?&Y9KaF;
z#xWI*4rED4UxHf8Ro1Jh4#o~L9nXO3cuVUT%t?H$jo(5YZ+|z~$9rX_MD;K~Dq~H|
zg+nn7ZnXZ1nxR*ywe*kc<2`<%sF}!snxTBCe5Eig)<P{+FY9<zd3PZJHM|q!;uTay
zk1zp#M2#dUp6PKORC+YV#`>rZw?s|pRMcjhhuR~{Py@Jv+G8J4SAAHBkJCX1$|X>f
zgr}$n5%GPTQ8*K;WBLR>&Ry(*?XX@#AEzQ7L|s%NiA=l>MiO6$x(6PhE~wmz%>YZH
zhj=5@)DOf69q6A4lp^6g=EEdOe4Lh85nJP0)JT#hHEUiT3lr~!TB3ER8MuQwB?*%G
zc<=mjsH?ms=D=~N8Q6h&@d2jM`A?bL6fA<;RGqOL&c&q4h}vA=P-~bXg_)sTsI}dO
z`Vs3YY7;vtO}=ncxk&s08>5zD1BT)`boUZ?ML=u1A(fBQ77wF(oGZ22^-WL>^|$f4
zs7<y5<Kt1Aeg$=U-lIC=N#o;v3sy#@4?@-ZJL+Y1ISuDu7lvP`S%PpZPW&h9D%2D|
zK}}sMkEx&>7WZKZFeT}m(i+dAcJ(v#pnp0O&xFbsftuNdsC!{?I@e^}PlBfEE^1SK
zMfI>udLQqvWICfx!BW)P|AEREkipDE6--XN0cvV{px*z}Py;%OT5A6=AEzshz!Lb;
zC7{h!D5J^P4z+uip&ELH+LYNdnYC+%x>^UJrg9OM#6M9lorIaSs~x8<mcd_9Gj|i!
zPGA-v?@O&XsvUQn4O~QJ@MJZcum)<xgHXqF2^PUmSQPVTGYxk^P3bz+=KX}a>oaFJ
z=@qdw@u^q}FX3oR9_}sgItvMSryiB@D{4=a%3;oPdsKW4YQ%q`rY=@aGsV$ZiFjYs
zR3AaT#$)C(Gf^6~R6|i6J&v_7VQ!ro7Nso#^?U+q&32+@;vdu$rOjh1YL9AoCF%lt
zg6eR=yykgd)cN0m+Wjw4dniplAMYPrlt&F<FzWeQ%%x3nT>*@n->h{>Y(cy`_QuPo
z4plGU<6LIf4@IqM!$M|>Mxid6)u;|%M2*x_*eqFFEJS<}I{e>tR7Y+UVN-?@2rla5
z{mrLv^dp`Z^-d^=L$MYf!oN@>npe#Hz;Ybbv6rY#nVvJL8H~np*ca82fD)!$HPjOI
zLk)Oa3C_QE`D2@qp`_V7wJ;;;y)iA$Lv6-=sHuB^n(9Om=4Dj@Lx|T$b)Y>q!MPX*
zzglCLGVw&#&{D3snX=l1n%2e`pMq^sFN=PtO*#p61+PH8UiYCIzJO}zZ}i8P7#lxe
z5c-xj`QoASc`y*Oxdim`D2SSpA5l{|1GQ#5QB(XDwfQndn&a3SHI>^@Gw}g+PvnR)
zH(LwTJ7ExNuPnyQcox&(C)7>pCNE>&`*~0!ErsfFZPe?t1x8{Q)F#_x)32k>`4jYD
z+_I+QIZ>ynChE!^Y@LJpk!>4l^PMs2uJet6rZi===}2zW6h)w>ydtW{tx=nDIBHKU
zL=PT9HS{;CL%!wA41}T5OQViyV^sOyP;b>em|y4r5&=zBaCy`7JgA17qAKWzYH&Jg
zDYl`O><M~1UcrnkH)`$6p{BMf`eGZ@Qnp7e)gn~6E0{y){{;a}S!hMGMwL-(*3-rp
zpr-Bws)9RM0FzZRr=lvV!#z+PorKE29yKG!(1TA=0}8HeI+z7rO-X42dL1@J9j^hX
z3YMcP*oQiP_fW?xP8HL^;;22-7FBK_>NKpd?zGSUK#lkgs+|w0jwY_k`B$J|RkQo+
zp&A^68qq4$^P{MdKSuBIsb+p)$%fjbC9o(~Lf!qNQ1{0n%!*G@4JWN`j%7ad5HC@k
z^RM@I6B4v$eNZ>z6x39$N1gLis1Dsh9n&xNd5#)pQ&m8fYlCWNluciZ+A9Z8o9;Dg
z#sX`amzu{Vpq^GhO;H!rCL4+B*f!Me{}c5?<15tKXZ*p(iNHpv%{3P_LzhrX6kN+3
zvk26={|PmdGf+#p9b=+<i-1P<H>!s|wati=Tf<QuDTV4_11y4FP&2j?HS$CD`F-nW
zYy3K9sWPGR6+!Kh`bfR5)1H9Ve7JqE3^gO$P#485)KbK&Yc7~<sE$-cjl31=^vp%g
z+)31)_=;NlpnCRYhT0pouoO<g%sT()31~{cpeoK+-|YShs0x~)rf?kUSZ+dH(YH}c
z6SINoU<TA_ia_1%jZstH4mIL&sF|FDnz=3L{r$f)1hi&Pt)UG~12s@rZco&vnrq#G
zs^Bte$zGyH9=nn0cu~}n*0Ax8)?uiQ%tDo0iQYf|J4it1_d05G#A$3sk_$D$DyR{6
zM7_@^qegNCwKQ)~OBm9`bR;jTfmWy=-3Fj$Vkv57j$tgk(1i1^sl7phraGXhS@S%o
zjx<9ZpOL5zZb4Oe4>dD!o0*CWppIo-REI~SI<O42m-eD&@Bw--Msu^2Va;9BP<0Yi
zpciVS6H!yR0kx*5P#t}W>OkTa=ABUzbu3$=_Rb89gR4>Jd>bafQ>YvDHU{Ab)M<$6
zwlocdp+*pi>S=e>OKCD{CN^8Ip*rZ>%H+$4TKh=U6!$<6PDjneR#ZcmP&4=*wb?VY
zHpkp;KtLn^2{qD@sHIqpDsTq1IltKFxqdX8uL^30enc(B5Y!%6j%x4^^x!kpsfpXh
zbf^gGxYk4R^ZUO9bk3Kf*6J@*2b{L1;%umq)kNj%f!h6xP#xHXnvu(>8T%KtDbuzy
zH)3(rl66DP>>O17?U+gD{{{gy=-=L~ac=Ywua9b=AF9AFsF7_)?S(5g?$^O|JUyxd
z70^4Q=pjB5wFj1=_P`F*lAgo7wC{Yd3E4ZE%~S)`;0V+)TaK#mAgbUs^q_AiGv(<~
z`O2bRR!vbO?rxon8u?N5;C)nm{y%a4(-KHSKm{VugY8fw9gA9$6{r!PL*@I7Di_w-
z?3rj(ycKF`MxvHrK5A3%MD2lRsC>!0nCC^iaQ;0c)FD9+dZVU%CaU30m=CX^W+Z-B
zQ&E0Y2b-Y>2ct%`0KIFA+Wj|B^?X6qo1vRYFNx}C<8GXPHQb8??SWs>JJqP&d=1sm
zH~T!ayQ#1Os=_X)hQ`_W3RHcEF#sQ;ZoC)Pe^I9_Ru6NrWpoK>&1$1EwnJ6i6LtJ1
zqi(?6s17~HiWtAA*(;4uOEVd@`L?4*d=owB-^)DDWUYp}u==2u(p_Z}E}=#e*xPKf
ztf&gBp{A+_>YPuo&o`rH>>4UxKp)d^c2vA3YSZ;b?SW|+g@;iy6xi2WpX-DZ(3I3d
zZJKVVkxoP{#d_2YcO2v4zo-!h^)n6SN2S+C4WJ!rvyH~;xCx75K!5Y&c_bDmUI9aO
z{znl|!^<!R9z^x<7{<XTs2O;NnzDEUOvehN@>R$9*bQ~QhohEsHfrhCqUybcDt{l9
zKi)v<r+p_a0S{(J?cU1h-CU@d8Heiea@5EkqHe-OY+l{vk*F!|i?MJ8sv{dw^_{T(
zgDRJBkm-17bhV}}31|k!q26N4P$SrlTElawk^F<|dFWtMac<O7)k1B$-l(OShg!O$
z)?28H>w`7T5c8W`QA0TYg?KQK1Z|ovs42aMCGab%;^ITiacYUm*8x@GWYp4Z!4N!S
zpWjB!fd4Qv;?$^_tb{7p4)qe6G>j=x1-nVmCc1=*KR}Jx8E!g|3pGP^Q1?MM)Xe;h
zdONN~jrcBV={}=oFv$qh;jF0os-nudsQj}P(1<pomf|ne4ET&R6{SZNEP<MdPN*fC
zhT01&FfLv~RroimzOShK=|`D(1=Ik3LbWs2>TV#Q9$m$9_yKkClp1Z;wiBv>$*AKs
zAJxzv>m}5h|AVS0*%&i`{HP_YgMRo6YDQ+F2UjEYxXx)4a2{Z89(+TMAop0acC}F*
z8jcfiJx;|^<IGZAL^b>lwZ;j@n~vv3?fxIogS}BR`ztEn4oso*{}%yG%^TEfG-QIg
z*|MTGNi7V-p{R~cL`~sF^x!qrvHF5qlI#=BIj@WAz!21)S%RwXFluSu=()~+%1LHd
zmPDQBR+t}Wqt^Z$ssi81W@PD59Vmm^Y#p&EjzZl72T{lJEo!$Xn_~A6YO{7iEyZu>
zYDzW{P(_!p2);t4hyQG>idy3?s1eRY9oxgGhQ6VeAl+2^8<?m)(j7I`<4_GRM-A{g
z>LyGyjq_iaK#6IlN4-(!b{tm1g&2)5P@A*RFXs1h2BVhjAZliA*|;;^{MelebxLxh
zIuLDbh3e=~)PUzt=lrXJ9VBRXUqxLcpHLkMoMG;Rbf^MFQTc1z^q#1OCZg7Qv3-6F
zH8YP;YaaBgS%M;1ka#=Po>|}$&`8dr3OqygFl45Qhod%2HPk8Sg?jBSLj7cP8r7i~
zvrI!7P)k$;Jvb1xbn{U8j-opH5Y;g^Xtw#~auL+cR}Qsy%}|@94{8d>qh@3U>ZjTL
zs2RI}nt?YM8{^C|GnEKcUryAiDreK1qh@#jGGN!4U^A>k&BO`R3_L(>#u#%=hf1Of
z)<Nz5HmFTB3H3{@?Wm5Ow$JaN>WeeabRZ+Dd<3d|bxfo4--m#1xEZJlmSQa2j+(jy
zsNMS%HKNe@=2R3yRahT&FSJJwPC|`%9s1%4)C``&nD`X+bHyu6Nc+wg0%|D!Z>EAG
zr~(bJ81_L`v>7$xZK%C+7d2D<3(VT4N9~PB)bma@eKKmz*P-r%3#j@(qpLMczR*-q
z2(>BdqSk%{s)3oP8Q6k(@iA&srdebfDuZgE4XS~0s2N?4s%Ia@!waZQcptU2F&A_G
zb<spDHa%*NTFXJG<2DV|!L_K0Ph$*xi<;t3s0I=(G37F&rnWe06PH81Q<|d6PeFBH
zD{9FuFLBM(ej!04a+aE1oC!76xltWxfSQ@UsN=N^Rl#}m;78QnNU_X3&x@M5CaCBA
zQ8(Wl)C`_S)fdbC-R#B!sAJR^HS+Elh!ZggXQ3{RWvGtcvIZ<SdnX5KWOYy->4jS3
zNvMWbqdI&ay{BS@Np~|6P){47)}$|LEjOV$@)wrHH>e&LU1_GcEvlmKsHvW0<I8OP
zAgcT|)WF_bgIAe7lOCzhb;=UZ+H^-v^-R=Fw+*#7{>J<mYqcp@0yP88P#qYB8rdS$
zo;ZfOTJNH!I>8!qD#~JO;$5%<UdB{9|7F&i0?knkPDWL@0rk`FWz_C}j5>y?*O?je
zpc;%qO?_k3)DJ|}GaYrGY(ve&NsNgPFa|!uxU|oIxn%y_&S$-u>WZjcJOwqib5Jv~
z302`8RE2L*GZwPJq~}ECFO7O$AGP*9P^W4oYR2}VI(!}7Tm-%l&@sue(TuFAbr^bg
zJE{ZcQ5TiZCNuJ^sCX1=#2ryHH4(Mu`%xXajGC#}s2^y8H=B+Z-^}?}#SKZ&%{3ZT
z!A8^?KCtm5Tg>zFsF8F>jeIm}%9q*a`!Im`Q`GK%gE~bCw)!|8OoQ6&B~b%!xRvv-
zo{c9#n`$Yl!c(XQ9-uB5|83^&mjX4?+^7-OM4gJZs41O}+RR%}OLg6*zd*e`L$;e4
z$b`Yf>$n8eP%G3_4YTois0wzYj^kNWN8h5Z(s(<}%O@1I%X6U`Zi$-7F*d#lwS-q~
zdcaQ8@jR%3y5$IHQ#3=(zyQ>mE<%m`57Y>6V_}T9%UoFH(L=loYST?Y?e68MO}7?{
z-~&`W>2{kvQ~)*gEs(w7I#UT~Y7U~-_9|-aUtmED-D5^n2bDeqmA(#(;v-arVSCLc
zu8m3`h3eQr48d!t8G43sG2uR4@tnVO1T=+}P(2@n>iHH_!B?n``RzByG8t-V(pw9l
zW~Mx9DTksitOcl<yNvpQ!~cN&BU;q!xdn#m{Er~u!6m4vI)W;A6=PxSgXSVifZ78Y
z(1RsV4K+bsSkq8@Xgg}nFQ86=&mm(dDqnF_hnl1J{Es1!kAxklDSClACP@yPy^$BS
zC#s@9_C_t4i;?&XYSUdoZK{|@O#U>erHMv0+#5BZIjDA)9O3+{p_3$NZ6BdVp6sZp
zuq;j@-UZbG-(zNE*)W=T9aM$$Q1`|%)CF@D)j;5JbED=)oub~T_GY7w@wVfxNw`Xa
zI`9ECvP>sTdI{88H9&Q2AgY0tsEg|w>Zjh=Cr!SDsGl1Op!Pyj)RMU9!I`Kf++pJv
z^gum-hq{8Z{9#7a0M*l$sGbkDE=KkI7^-7WP#ueV$~0IEwRsz0Df|VM?=tFT_8HaT
z;L~OkyGaS?%FK%DSsv63R6^ZwEzpB~P!-Lz@m;7J?*^))Us0zd<r&kFT&Vi0q6W|w
zb-#?a=^K$#<T|Hp!fn)M`HUXSe%AD`GOD7cs7=-vYvE$lNIs()j(N_U_Y|m2m<M%C
zE86tNsN>xeb>Xc-@9+N|^9I;_s9hTSPt$=MsEeX1YKj}9W@H>{O&6f<hh3<dIfZKY
zC90!w&YOnvqxM2|)Xa89E#XKE*ZKdQfJS%;wQFBu5GK7~mL>ygw`WH+&>c0h@#w+%
zs7<*Kb*^8cZocFf&6MXxJ+F(}<fBkawgp{{>^uSOX5UMuBRNq$E{_^v8`PBbK~+4>
zrmsSEWH<WaS@gs6SOzbnuIe<G&C=FJ#YbBAT;}|jAmKd;+8hP`GB!euWEg7Ku0-8r
zyHPWB4K)+*P#ubQ#mqz|)bT5ay3)I%Hs2D|%pOOL`~|B1;H#W}1@d1t1skER&XK6i
zvH{iLWAtE*Yi8}kP<tf;mEH<<8b+Y%TY`o06siNUt{bzXI#LZa!#!OBDmV>Q;U*iu
zf?Bgrs0y>*@NpVq4UEP$sHuOCaWKwJGv$d<r>Fs{fpMs-eFdt%Td2(%a?5nY&1(bo
zP#tiwBrZY^-a~aD=54ci!qNL98)_{_qps$CsF6KJ)e~~Z{B_>^7)5*{s>A0|r{@7u
zuj}~UHB+1wwFjb5J#TN*$Dr115$ag&Lv`pWs-Z;p%&{zt+6z@t$LvS+;6T*gnTML`
zU8oLR$0U0He;}YWj(6V_%!0a5B2X39LcNwdS_h*x*)&wXJ*W<zM|J2W>X;?@+tgPE
zHRTPlG`gr$w;!|8zVm{B3Z#5sc69|@?!(oKg-DP4$h>BwF^KfBs1DC~?8AR#z%R2=
z7t{JDW@JZE$Mr6%;cuuJNcYstYy_qy-UQuZ1O^k()bB=Ryl*r3Ju@$*Fw9SS9UC8y
zI<|XId*CZ-jSD<Cd#4|&13OSZeqTb>e-|~QasDv_NcRutU&o^u3F>K6)D#Xyo$qDn
zz1dJ}_7b(pf?k-5DGzG5N1~RbJ8Cn|wecgUj=V(eiQt#!X3c=wjJaRBW>Z9wpaxr_
zdOE;nT!gA%9jbvpZ2UcXh$nnyejLwdjY5s^2ULR{P@8rrs{Ym1Bd8_6<r2_Z#CvTn
zp4_M@YlP}ZThz!Wp?3WW8~+p4&~wz1`M)t{Ks8(%)$w|$j`u*-GY{2~?WjHE{z*U;
zJVO--eCy*>z)Yy!-4%mzBzkZf>gBW<RnY;|(p^J!{2Nxpz<1_U)Ilv-cT@*vqTVT+
zFrLo;VFEf17g0A^jQ6HsJZwWeJ66VNsE*x5jXcK(^QU5EQ5_hDx;K`hX6`U%!)K_O
zOa9SZ>7_6a@!shD^ZykD+LQ1nuEmm{Ou-kZf~h_mqp$(-4%VZn8Ordlu`p^zs-W(R
zA5kOjXVZT{<zIv9*g<UKJ^utWf@)vPaq5Oljk5x^Bs);M^%Cl$d5mf(;Hw$22XzWc
zqGqZyYJ|H{o9rbPMb9^LpEN|x)HHO}!;J(q($lC-@g8-d#OJME2Qy(U<g)huLF5Hg
zzJxx$-s2gLp~M@Z)_MSHgbPux;nS!eZvA{s{`{zXt$cl5Zv|sXC_usv)Ny%*TEo<S
zzTVv%g?iozH4}?%`c~9tx`R6RuTkYw#qjmMq@q!Kr90{Z8;9EL`>`P2is71`CW~o|
zLQP#~)Wx(A^|m{L(f9^6)y4dMy_>cps^M9vi|Qb%<8M$)l`_EBy9WxPp4UVV4n@u2
zB9}lJ0=w;l7_of4YaWIgNhxaw)KpHlo<Qw^Z}xez*uLIBA&EpS={VG>T8irM1=QyA
zk7EX!617R)XaaiB0JZ5lqc+_j)I~BI<KhO?8t=F1cTg34#KIUH=<D4>(RhpaPpC~+
zEy&k<rT>JAPsMz=0okms^UwsG0>P}259b(z$*?`HulJ%kYQ2D};11S9pLo8`PuKvL
z;0gQ_yM~y}RW`mEX$RD1o`G7L)u<cs0($iR|3)Ad37!OImuJB$#9h=9oI<^nKBA^H
zO+sJq4Oa<uI%c4rzd-GU#EE<z9p@6LJ=DxP9JN`0M=jBI^#1!l7YJxAAETz)FR{sx
z0M%ePYN{Kc&ht;07w2LLJcl~I@spUfE{qy!J4}m{QA@f3HPF)-ftS%$Pm?D#BPfO{
z&<r)zLs1vU0*r$<FajT;);w!6b6Q%W&iiy!LkDd7P1Fn~NNze<9MxVcR6C=RbN*u!
zSWbdA#YWW2<q>K|-l3*6UJA1(3ZV*?MWwevZPLl8<FyPmQ<tqzQ6qLznu{y8HQG8n
zCFfrwJwSqbdIvR?!Kut{&u^`TYPbigW7APnzZSK*{z09Nn5oUV53`m=r8hzC5f?SU
zMW`Eaof5QGmrx`6YR#0!bfg*vklq`$c?O|oY%=O5oP}j^HU5Bau?SWOH5b=#EJu7j
zs>7d=W9Jm{m>G9R5zvEOsEguXEREr5eZBuJSZCA)bp?x~C!N`RjZwRM3hHXzj1}>z
zO)r$*bi5%(lHL+^?3SVKn{&v_xXuFt`ZZoa1~awEQCDLg)F!Khx|l|wM*0hCDXyb7
z(>H6nFf(IiP<MPsRKBsOhF75)zJ#j(DSH3@zkf#aaw&$|EZtC>sXvy&m8d=O9QD#j
zlF2Mp71X<-7Z$=rHh$g4<774+i9~JEW~h35qn2(NdjJ0K4gzZE5^A#~&thhzFsfih
zRL`5E*1i`i|6p8&2T&JLm#n5^$55O36>8+EvzfPGG?pjc1ob-p9bGkWm4J5VEA(K}
z?4~1yQ1QB`J<tcW+xMWR{sL;xd_Y}HS;Ecpy4Fspr5J`=aRI8m206^qbj`u}SA|na
z(1Ycu^Sci<6Bkeoy+u`&ET^ycKc6drx@dk!9mhkc*X<3P{u%WePnye|nhL06-T;-q
zFY46&oXa)4b~_2$&HlN~gRH12td6?b`rGtnsF9vVKm3Yu&^M2-<BP$lyFCOwm<=_+
zN~nP~$F$fJHLw{j0rhMLYE7=7dKi?~j5rL{(@50jX@?s5O!VMpRE3vN=l&zA!F>75
zrmTRPnW3nQXFjT(RX85qn*<sW=$PO1=mct4KgZUXvVd9pA^0cpqo@mIc0tpz`{*Ga
zRLIx+FQtW}_R0X%5*)yM_znwTw!)@-bEIRgvx0!$az{~X{tnf{Bt^{2ryLd|J`8nb
z?!!X(0JXb4Ma_~_KwV^gFh6cZHTWD=F07b2b`{Y>yfMbt``;y?t9P<>J8B8;q8j=a
zOJV-vX2iWvBb$qA=qzgL14@`1uQY0HD_A?C>Ys!f*f!K&dxC{%--%b!oX>JNn0QlE
z#dlB@CyOuzYoa#MaO<xagZL`cW?YYIU^Ax0hZrB@lrr&DsEelr>bO@&cQ1jS1ZrTx
z(q`?(;3VQ_P`kfbq`CXY;}YU0P<y0nlzExV!}`RZVHB1tV}4p5kBVPFy&F=LHSdDf
z7)^Y6S<e3i0<TDjz`@a`1N%{LsaWNFy}#tDjf;q{M~$#fd0%G=j>c}7s)9KklTa1!
z#k?4+qS+J0P#0A{>q^uBu2*!;+Qg}3D#(kD55M(dZCTlzf>u?`COU~aj;~P1HhEQ3
zz7U2GZ-#nVbww@J5S#uBD*sZ{JLWK^z|$@PZH~vN-JGzR*|o({@BQwm5%)*E16HHn
ziU&|{u`j6dNvoTgi$LxA5m*{`p*FEo!%Tf)RQUl|6WuKYG*y8$O^-^VUJ~_D7tSKo
zu{@6&*&Ed9i1CAor?!Tp@)bvouo3F5*&20|PC)JYZK#>Kj&#IzUJ}sp%2vx<6dh3+
z7vLh6;xMYg_H}%{fA};E)v>Xtt9S=$Y9FIU7Q3$5-I3@a-UfACN2At!C#t?j=>7YD
zzV*yin;Ii{P!uDvKYDO4szbLiDaNdC8c2;XiI+wlt8%E3H$d%$mZ+Cn57d=B&c+v5
zx1smH|35=O=ky;8M4txc*8#z(bD9dZ_N7o2)kfv(fco*gH|iy{5!Hb`sMB*4RX#~W
zbHf(JcEsD_P&|)rTLN_(`8rK-KQ6>{jeWhp*?btE5l`R5*BOKHoBBG9aW*!`&!~4t
z<7U3zfA?!AHY6V0+*~;AP{(c@YIE;G?fM6(cZ6>X&VN|~<yx4LOvH)APvAIg(9-PY
zht|+mX0z5tRX7H<`!}L?`*qaY(bL+jburZ4-xl?bnTR?KyHKa+U2D$2UM?X&n$1@k
zs}LW8%5WC7xt`c~oHpj-$$-4QoGqw|&!g(`ZEHqe5>>7lHo!rskzcdE$7{qBxb4i^
z{)4?qh|%8c)&Zyr)}jYbqmI!F491il%;w61dLDtAk!GkVAB#HHJ8k+4)G0{O(Ol`3
zQT4ff2x#gSVL5z&B`{YfbMgFyI&QzADmaVfeCX&;roqac&D*XQYDQ+FZpbY*egm}$
zKVxO|bTRitCrqdFKY@VG<vJ{nH&6{`?rIvWi(2Ecs43ov74Rj-#bVveQdLAX)CwbT
z4A#RFI10nM`#OVgHP*nKJ@iuJ{X2w!8s3Z5F-}i&AvMI}#OI=>_8O|A{=Lka=S4kl
zhLvz0M&MJ_?hfy5X0RLTC!odH6t7r|_TiUowC~I&5QQ&MH&}tb=KbFpn-O1vTAEn>
z%oJ8f#pj`B;vwo6CVBgtHEoZo?-y){S5Y%jXn?OX4X2>ql9>l`{&ll;CZGzZqB?LL
zwI`BtI`lHBk2*G!QTdLe_DI4(W-4o-@-0T~k!z^(@dlgIR0DOt{DvBk&k(amS`6X*
z7a?H`3GxuC1I|$ME1Dvx5l%s^{dJq3Vwg$qib~&wT8dAo-Ct<9nUS`r^xshFH*I>z
z2y;5hjbJ1?CjCiJ#<kcUpW|?>KhiA4EllpqRXWOyEY}!wv2?TkiXF(m2Q|{{V@-YI
z&^u$8ms68)oH>5c<ISe-<`RfQf!XMXOEDBz-~c><Te18Ev%7sKnl;XZTJsv#F{mZj
zk5lj?*2i&^%qDz*C5b1WY;M|msF`)A5zy4%LhbUDQ%r_3n3?!s)N6J*>MH#Ubqc;=
z2xkA;9K+(M4phR9I23hJy~Nn~&BkL-HR(x_3yy#P$tFZuYoOkCO)&}fz_d6Hb>3HF
zYTRYxS5XZ;Mm6*S)iK{`COskQZJE}_!%;I{6btJ7mnERxJrFg*E#3!gHq@R-{EL~Y
zny9s%ixK!0HKiq|o4AX*fcBy;u=}XjbK)6hW~!qGG79x`#BxkQ`_6s>9=whk`B&7j
zO!%vL%@#!c3^)@t(vz4Cub{44|CweJhogshGt|-zK@DgH>gR^Dm>(aYI+}VG=U)#>
z6VO!GMK$mf>g6*4)8TB?l<z@};JWo2ssm|fn{!_d^)p{TRQ`piO|}np{DS6~{KZin
zX*q}UuT3|T1pORv5Y<57T(ir=F`Rf^)G-}_WpF#HW6nJDqgQ&=Ps;^R9V&sGR;LxV
z#WvUu&tWnwKHt<^d%kO?b{Glj;bzoccwqJXW{zV$RKtBxcl{pJsR&wNI#Luh<&9B4
zfQ&@#frY36{)w8IFX+Lrg{IxIE&*Mcy-`={3RDG;Q62JMWJX>Pwb|OE@~=RR^ag5^
z#$0TEz=%X`uEwZ(dSWV^f?D%6s1BV+m3O}qP{m<O%#^o65AjK;bG{C>i*KNgO^T)F
zbsL8Ip|vDNVs+Hpa~ekA1Jr$xd6}81CaB{(0o8#ym|W-ohzU5iQM>*#rohnO%}9!%
zhj<Ot40S_I<$BDDS5OtkTyB;sCwhoiMRlMv>QpU7ZT6k0ft~Zp`TJ%cWM5%=UK-Pq
zVJK>f7Nd6YNz}_J=}NO%tE1vGP`mk@HP$L~HJ3o`fu5-2x&&3<IrPVm7^d^@tTsK)
zh+3;?YfDtY!Kk%dh1!J2P%{*7jX9=Sk*Rdbqw=+|x~O9~3pG>QP&eZ}oBkGEZHk0z
z%@h?v^|&(XCzb)IW40bO!V9RW4_s$9U0zhaE~qJ8f?DH0QG4nRYC!4Mo1dskq6RP+
zH4{hHbN+R{pOc_nn`(nO&-qX{UNmZL`=ECHLeyLDB5G~pZZsV%gPM^xs7*Q)Jvae%
z-q)Zmw4*lu05xOICeFXkdx}kFm)As%a3X5zx1a~_T4QWB4TYg*CIa;XNDB<Z`KXZ{
zMveR#YG84;m>EuoiWfx9bXAvt3QCQ1F>0izZQOUOnThOJmGs7_&AA#iqBE$q{RdS(
z#WvHyDAdw4!BCuvI<6a0SNvgAJMMV`x<CT9n<*`WYM?)AZ_Gul{Q=ZceMB{sX@{Aq
z>Ztpn52~R}sCUT))E;<>+JxD6nwhD9D&GY;?yfV7fOh2`)Rdk<t>tUf2;=TD1;bHO
z_5<pk7>3#l%TNv6LT$dUsPe(PO?qZjy=5^F+oH<%K=0rG|CNA7xEVe86tyJ5dyIKe
zS8+X5Lt{`KTZWpsBd9$SbFaDS!ch%0M5PZx?XhK83U6a#Ouvs!=n^PQKvP{4)lhHL
z+wONPf!9$Dr`m6Ja}m_$s);&woly<WK{dD!wG@v~GZy=R8AxH&nm0kUHwE3Y1hx>+
zZvTpUt7Sdt>qKBZ)LP9%9k+w1hCZWaAoP%VUIKMo+n}D$M9s`@R0sb>)tlw8nTfin
zflfZm`B%pM_JMQ6^tdo;1Z`29ZZv8Nx1iSig-y?V)WmC}W^4kg1N%`U{2LQs;4w3U
zX;3p%47E919&=5?A`*&_a1yol0msc0hodf#3aA-sfjZw4Q8TmIrr*MZ#Dh+lk$O-a
zs%qmyQJZi*>il0o)$`1?84{f|KR`sH9&|vB^k*ACf$I4yR7ENNFq^fwwJ~asxai#r
zs7<{OHTCaN9m;sh<g1U$=k~UN*{GMtUeu<!hMJ<F(`F4Tq26|VP#xHS>d-~har=tu
zc=9tQJp#4HZBTpVS5&#J)~iUzT<0qR{pb{a)^wmY>PG8|DliANYxkly*=y8D!_Jwd
zibRd1EozCzV=UZ;I`8{Y?}SsRcK$-0D&Ie~WG=t0Mj$Q;wNN8yiQ1H7Q57CTjr1*6
z!_?=^^G>KKU5P4p3$-T#E|`wzMs407P^VxBYG&7<mgFWDrhO;wMYERWPz|?5Wn7Bd
ze3#I>>rqph`I4E5dZ;xXi<+^0s17_u4<@;6@)g7=;%!mSSEK5?jIQqbkiX1v%Y$mT
z2I_(tf|{y%sAF^kHKLcOe4$s&+E+!@(+;&n<FF_0#wM8ms`>GJ8mc36Fcj}x<@{^Y
z`Cc=>m6`@Mr5R9bRu|Qg7N{v3gj)MGsPp{?>MDJO+AFcHo0m^E)Z4E##=u^vj`v5+
z=yD9k1J^nKTAQ;ZsDZDj^B;c0tZ7Y*Al?@>)jLq9;3aBivfVV#+o3ky3e?+gBWkmq
zu)e`!#8clg9j}jCGS?-bO|~306BjWdzOotoZ=2`2Q582rb+9{XQ_e(P&HGXHd_?67
zyJIYddg;_e4Ro4~@5e~uZj8I8!gA;#p%a$FiKqgXF*e4$XBv!$n)-sMbKMZN1pQDm
zI2k>-7j<RdMs3;@_syQEh?=>6$db9vb^`H8xQ<$zXQ-+1|JziU8`V%#)CgTv2Ueh#
z<cy8`KQIkvL;Y-53Du$2sE$lS)q4t6{v(F#{HJ+ndR7Tlpg*di6<884+2=_gnavoD
z+T|@VKK_Eb0hgi5A3$ALuTVc3g*`TVsTpcdjIyp%I_*1G2$VseCuT&^s2&c$5L|%j
z&<51n-$cz+%%`TIG^h)xx{dcnb$kWJ#3!g3d5P*k;4^cI@}c+N|ENJg$E7c7&DWqt
zcn#IDxX*o^-S~qw;Xh`o&!Mi~*QoMIUzm6$YiCsYRMdrY40U{cUYhcuFFF4jQ3MIv
z{jE{we+a7JX4E--g1WgrqNX_gD>D-{Q2Bae1g=6&`E%4-XMJr(Tnn`%15pE8hdMoX
zU%O^%1K*e_D~P&+d!ZWIgvxjiH8VkP%}5HPhj<tK0jHok@&HvX)jN}~BC10}QO9i$
zsy@H>W>aQ!38-f+QByP>wMM5=YyJV%;|w261GP~VjYZvfr>(D07fj-hW+rQ(X0{XR
z2b-y=`cI=e8t}>73vMw2x^M=fDx881aT7Mi1fPvvPz|3!t$Ct<&6QdR)lh5H5{^UF
zw+uBCJFQPpS8$3iW+}@d_k!zmC7|8A5Vbjuqt5$7)ZHKO)x<NP8jiI7h-rzBweeM`
z890l&aN>S5BQJ>>d0#Az>rpr6TlD_-KiT<>SG~<Dp&IOu>glhjr8t7R^IxFWGOLfD
zceAxdb$ltR;ZvyRfxad^8ntwtP#vFd;|Ea}*E>w2^Pk<%&%2o-QA^Mg)sc~?1{T@p
zCs0@IQ`9E%jbS>N6@!S^M9oN3RK6jonVezWV$(08I`kC1|Ndu4Oh511<v^`v1uTV~
zQ8(LqjEjGuruG_YW`h0wyuY<l0M+4&sHts(TFQBt6nCM@UqEffd#H|u2Kbr({=Y;3
zQ$a#g^v7PPkq<;o;bPPsehD@5kXU}+O;!kXFH}Nxs3)o;^UxP}Vkqvxn0OQ8;C)ob
zUc_?!yyrSrY%?YKQRlxNmc{9)if*9R_BLuSq>f`cQU}$rizRTGjXyxGaY&%qOJz|P
zTX)pJmf7^vE&&~rFQ`qFJ;={{_qWAJ;uEk1p2Lb*AlQs}2x?|lqRQVuElqG-v-TxW
zGx~$IJ?fqrf|YR-s+{W=&-5@4YU-MzHqii7hIy#ta|#2{Kg7@bGKp)=Y%PtN+J>mL
z{Smd+BTz51eb&EGOBNX4JF~8npMb8`LZ}}!TA`-uC-mS#)Knfs-CUn+JZAz^aVyjs
zk3rp-%TXP;h}z|EQA?9Np`Z76Q0k(0sW7|V{|^Xgw<bztD$0Wih}S^fWUWxUx({mY
z)?x%+!qS*5u{kvjP&eRU)a!N*Y6-WXX7V$7Fl!Pspo*AI=YKE(ZLUSA&2$U31hJF)
zd0)TTP;1u(^)_6DYG^&`G@L?}dxu)8&}4RVq6X$#=b&b22kOFmfUXKAO>U+#0yWZB
zsHvNcQMea1@|Y>iUdfK?Kz&q&J<)>;P)l_Hb&5WsMqV(bpVJ*%V_&?A+7q=?asG9#
z`=v5_U?XbnZ=-&~Nu1hTL^)8$urq2Vx}hpwg1V|Npa$ZX#?+G?wI}MKeh%n^+MJ8f
z57(fUc0(G@e=Pz>NN9+uL;buza`i>sd}C2dvjkP(4r*=Rp_VAb<LCVuFc0eVM4=jP
zhT8puQA@BBwNzJ7$JRHkS*m<40Zmy4Oot0l6(2&)%mdVnc+#1U{D68s2~}>rjXy*+
z7$?2ycp20ZHAT&2f7ITXhB|(Kpk~f}Pe45j%V4IqGHS{OVFg@a)8C;+k|oUSg=kbo
zolqT|fwAx;Y6dQ#UP^CKGw7Sq?2!_v<K6`6pzDkypeb2~n(`~C4!uR)V5u`1^Pw87
zh|1RkBXAOG?a!k2#3$4eWyx&PBT-A!0o9SwsE!@NFrEK%1T>`|yb1h-lEqx15vVDy
zjhf1FHhmfDEx8*b@E&SYhGjLUr!Fc!5jDm8ZTbt;OD9t{Gm|AT5A8dR2&kb+s5Lx{
z8j(+Svu0UQ$FMmT!=<QWcMmnvkZ|*M%Zh3^7plG%s3rRq)sZczcf@_v5+uoC&wnHV
zZN3hu^FI-_Sq`K2!dFxUS#p|lT?b1MpN86`mrxxG$z^7wGHQk<U;^BT%6G)Zo!sUs
zPnetYub!48K|LRcim$^Ed|>^6af!#yV@8||wFmN`E}F`y4vt0LY}>4lP<tYIUemF1
zsJ%5BJ-9BfYes&K1oiYSYUHu<nU_%n#wT6@b&MLKD(Hc_+vlKe%G;<-7Bjzjo(?s|
z6;OMt7wVM!iW=Y_sE+!%1<czhFX~F{iXNPfs&Ff61Q$@pD@H++9*pWhR@BsXLap^u
z)G0ZHYVaS_u1{ac45$fuh_^*u>FyW;TH|%7wZDei?FkF}dH<QcoT$xs5Y^B#)V+|g
zh`Ca`pf**1)G=O#>hMjhf^mzQ^hT(enuwag4JPh7R|)8S{0+66OB6Hj@4BdpdZ9YD
z1S9Y|sv~KNo3~*d)CgN)S^N!4;zQIDWG-Q*ycVjSvFO45=>7XYcL}IK+LC69o1vDX
z9cn5kqGo6t7RGz1sY?@K_DUI4M+abgT#2PHSt(PlJ|-qU90PHdjW1PP=YJOg4<17u
z!^fzLBDl2K)nTY9tBD@$XVYh+e$qLPnz=`)e14IpTsG7_Q4h7*hNG5t6DGv7=>7ly
zb)SIFuTPYjq7tZ#Jx~=+MqNzXunoS!0Blso{)B`{i1$Gq%SqN1sCo{g%HKh4>eOY;
zj1?)%`PUS;B|&TTGpfP8m<S)D3VuOto<h-PqzzHWwI}M_k481T1vS!hs3r0(XJ#M^
zY6)tgI?x{Vv*f69u6bMSB0+0-9koV5<;@6_VR_;n)Y7y=H9Q{Gz<ks(JA#_(&!`b+
zs$e=2i8>wKP|p{k266^<&%AL7Xyn-|ni14Pji5W~!dZkWunRTCw^1|m!N!9tnV*a@
zpg-xEuq@_4-Hbg@^=&|n_%7-cB&%#rja!v~mS8Mu*Kb1Y@++v3B&uRMm<ttegt}<@
zpr&#<M&L%&48Fxk%uv;IybbE~j6)A@K@IpaGBd6dvznR80;qeS5k}x_R72NMYy26t
z+p|<RBPxfQnck>9GaEIKgIE-w+w`n8O#L-b4fjDU<q}M<_x~{hnxbc@n=W-tbAHRB
z)@~I3h}*CXrv1Sz!H*b3yg%x^k4D`iConAr)-v&M)Xa25Z%1wXAZFJ2e@#G}DOGJh
z@88RdL^V7XRbVIT6x>7Ie4%yBFFfj^)^rx??Rf^Zgno7Xynih>GnOMh0yUGTF%+Mn
zmL#|y=U;1Bh=6uyEmQ@AQB%7Fy%!8>(>y}$T2Fm5m37g3v!O1mS*T6A0W|~1Q4Kz|
z1~o97Ji9fz0q0*gS921y+xw$-_cT=ca@0+A(0Um)(x<3=p$*Lp<wMP2LyW?qsQch3
zYR&JWmL{Z;DPIjWlS3PE{x!0lB&f%)(FfP@)#pV3>(1{SsIerd&wai-_^$Hf_jqlZ
z(!(g&z*iv})>-89jpqk#p6W47+A-pF$h(ZZlU@ENHwlCI2GN*4!^yarZ!t36qauEz
z+WCp^MV>F?`zOz)@GO<B(3CR&JCppSNN0ka{p2lc>kP;CHh)susz!ExlT`cPd<I(M
zk?EAp*qk)}K_q7jmDVIJiyc*bY)E=L8mVp@@FiZK?+07YdGgdCK9=wIPjd2Sv-$t#
z`9SucQ_E(Efx+~wIo}$TSY{hj;a_+*fDZJe@L%*gt*zvH#RF{}S!h6?(tIaU&nN2m
zg>P-*{<h4&gzxffEqPN0*zwOJL7&59-i%9$Z%2O`o67h5=Px?3l}J!5-t)G?LgXDo
zWuuAz%kx{*5r=OozOyKs%+~G8vjv2Qkgq=JCFyj4YagcIVOrb!jM&wVXe5~r@hw99
z9A6!;t(4h7etlN)Ek#56B;a{h(kJqLY3oW)c(Z+;m`*pOY%J6#IbnARJ*jFt!9UNz
z|L;%pkT<TAiD#FHRv=xU)x?9SFoF&}CEp;_=LKosKf6i$m1oH)e}HmpY)1-HHWu;q
zIE*yCOPccM4^9}p+sHSNN`iTqnhMHNL0nsTS)Qf*PXkLRe1_*2NY6x`Iy^f^IemP2
z*3Wj<q);dM?%Ga_Cb0u$(i2}zzM0?GznE>{HV@lUV2dqKp7<l4^&+h{-@dk?viOi^
z{L3odm(DYu>B9}}{B7&Hilxc(e?O7rjpSKJo_*H&KS^W?-@h2u9h+PC_V>>!^0eU_
z-;V4J`G)fy_J1nxPUF3(r#l5_+YYIYv7}!nuMg!%Q0_cwt9X8eubY*`A4v@3dzkM;
zJMwBgjB6WQVJjO&!HWNBv^$-8O+2T~cZ0HlY_7+oou*7A`Rmf5raUjq_YmQ#l<9==
zcs_`Ke}ey~u>AN$;wB1j!kD&!?G(^2C}Q*7!?T`rj(`5e38nB#^r3?4IGe9N`myXG
z;T}BSV(U=)Z0g)enm#4$Kq9aM=|y64{vQ*GVILHukr*`A0k825ros_q)aMX+-r9<O
zB`p{EhTsOA!}Gj^*YW&kZ*Jn0*C&oWZVEr3jw$3TX50J!_b(6E@*tWD9`P^(g{v}(
zJfuw}eodwMEaf?WgyW2+QGM3h4i%uIYi*@*C>KDUZurG^VhPWFBu$@oHtl!fZiW9$
z)hk=sk2dWN8Cy~y5piDq4u2)&f1hBRXYc<~_%)#|f7s^Z&ov!?8s_!y{p==Ol00Ad
zR;9yL_5R6CK%XHr#y@Q2)Uy?Dqi|9?BK{1S|0l#IUmKfWv88;^lm7zGefT!vTbO$K
zke-PAlX&(U@lK?-pc7HHgDTsc_-0>w|Nm$o?B>Bo8{SO8Zp2R$Ps&$6f{mx~%Bar@
z()!zx@lU}xf6`zG>7h1l0bW;Km|g|=Bp}ZM@(v}9Kj(Iq>-^WIp?Uuq)mP$Q$*`HP
zK5O|#^UX@(ndH~U7fTcWjS<!*o|bSSzWVUbK{+=`w^47}3jQ}f8}Sl}m((dfxv0Y(
zNMjfI>hl{3)p%HoOs#FEcBCibd2!;eNk2-bw&EEYc#p%0C$^oRL-`2uPUhJf%FV?>
zJg-dJE%M|h|M$;H0zGyA|3e_xe;(YTP$tqm6pZ>$x(aqB?fYjpjr~H!`uVWie`ar^
zGLXKV4lk#CTx>v{-#<UwI<rt-`_Gw3fM2$$jQ4Y!4A)3Y$oC3~f7qF*Vk`L*Z<1d0
zdjVUn2k|B3&4_ipmGjFs>g_>&Es1}z4W}c25P3cmFQxT=O2T3?=3o?gsC=|-@H*+S
zdH#TBIdLxqCh(168%{?4?BpNIvvhnHkpFkmMiXw#S08>o>;0@H-%Or0r0y4#??>Dh
z-BtWgZ5}kiPqtxGgmol+0clNnrq6R454U+zQStAjWhSi+-wb^9X=oc(I3IbAP`2;?
zsdtR6Z@PZ|YfdB0NVrMn__nty{43v&r02A0pD`|#ucznyJp%8K>$gbTNBQrcv&8#R
zrWASB@J+_I8;z$YZ93smJa5ZaAO5*1XP55(Iy`7h27Ti4-9v#vd=J`Q4`5`C$voBO
z38RAbr0JJbvq(ROTX@!)w4Rg+;g|*6Mp}{<Zp(EdyqLWDBqHB9bX^jk(SaX{Y(stW
z^Du&ni{LZ9Kk?OPzMWb>@~xxNCX{VzpB3cUWE!1H-2eLvhdN@C?nBxIzVQj4rR;vn
zrlYKWCFSm?&}(n?+)iY;N`}-td`y8T;+2RO<a>pDU5VEwtWP&8nMIy1eBToO{+Yt_
zoWu{{RZLB}2AG066Oea0b&MtR6~3_oSpOR&F1M9_uoaCV(@Zj)WduX;Iq@%4bcp9G
zsVJ1MKKfPcX`c1ryPdQn#5eGr&-XB8=Tdhq$~5PBZNi<X<2v7Hp6OFZ=l}ahzaYFs
z#?Ce&HW~jU{)PBR!ukZ#NH5#T`BZqDZ!6mwJ%32Pis(;zdA>_+xej=rLAE1rKHNkH
zZd13n{S5?mlUbi9WX!|EpKTATC=;JpG+K%9UD7)e|A&0D`MxH7n9Uo(^Ma(!qmh)h
z+%7w_lSu!Kd^gDd3vE^8`CHQdH~vg|K<4~B_!q~Jxd`sCm7lX6{E<TXTp>P=XK`#p
z8EN!S(hF;ZHmw+WUy`S-jc1}vbDpmtUdW{VuYHHVIpf?Qb7wN~J1zhF%q9I4ooh-#
zeOeG+NS><1+u?mo#*XJ7QFLPRERb(D(lTQ^(%v(OR6M^*T3f;=NbAM-Ic2@$A4$gV
zAN^**Vls8H9k_0K>3y7+bbj~DNlW3s2_NLyYMZYym9P0v-bPfufVdBJ4<xTX<H@5>
zWsI_EeZT+uPY(+4V4nhf?vbGgm2ac5aN9^3D$PiGUR%)w?+925@;tVARCYJvCZy%$
z`EZ+eB<ZPb{^E2hkmrL*b2r(Z_>oYA%=vlPn+KOjPey^~=<=OFT7K+pE15$h{GB83
zhrd_mjN=*qfS%LOcBClz22tM}^y9meoNaI@dD@Y;3Hj3N{jX175_VBZSJdY#F2iQF
zGNrAe@b}LID&cqQoE<dKl*DK{orHKU@+{|@o4WE7KSDjj2sa|n2*TaS&p(*>zt6WA
zcK=l;a~K7~d6<H)e)H)x1^6Ac|9zrtXa>(;Q|Vw^Q9Z&v$omtW(5E!@=(B}%eY()7
zes^pi>XVSX|NE%@pGbIO6W9Nz!S9*)>weB{A~A3{-(2L4ppk=A=w~ZkMOr-@eq=jx
zin_+z&J?%L##vSOBc6N5A4a4aqe(y|zmhnKcs#;8ZD-<feEQMw3gS=xQ$ZgZT1f+`
z$h*cis*3roWAEo1|J&ZCCnnGL&obKj!Nl$S+b6$aSsoUkP^c~VJC&8-dz^;;;8|Ka
z;%h6rL%cZQbT;pA<QYo`-&4<7!YORNcUCns%jQi=JrDh9e-)L~Bl98K>y|ddISO?o
zeXmW=N4^8Z^=ZvB{t(3ZWb?)(Jj2e+HQShn_<X`&$v>CxRlc9>vlcY2PeZ-`H>wgU
zPKb$#>kkO~*~-#TaWUfl=w}=Arz0Jy-~``Kq<{bDH!|aqr>Sk^InO@W4zHuka$7z(
z>5ceaAfLO5!~hx#u^EpL-beVct#vLL>ymaHH<6YZzkfziK^MyNR|TCMw!?b-l>aG7
zJO|JC3y;n`(hAXmhNOS8g*OuK>Hq)VKi>apxiy87QQ$n^cmHWfWlGvnZME)2{U_Bk
z$+w^9?QQ<k*qCS2sf#}{a3&D`NH_!G0P_Dqr`F&h%FO%z>%Tr^SWiN69_SNDp%{E;
zQ0NDq>C=E`o%!A&tuxQg5dMSke?J?jybtLM`6g!&_3-$AGY}3T{W$r4;8_pt|9b?g
z&`1NOeG}jQRL-9vIG+i><9RXSzY^}wH!<mTDXdSlZM-7sd#K|c=`lH~tqJS%8_$ap
z&SUeLRO%qmf%Hf^^1t&JPDG!{RJP9+XheloiKoI@<}v>wrU^vb{A29wD0L{|oi<(Z
zjg(D8T3=gV85&(jI2K?2xmo9ne*V+v6(iKACy9SiU>c2_B5j&YzfRgw8=gwOQhJUT
zY2a@f%+GUu%HVcYPWpd8`N;p7^8EE-@8>6*e=2|e;KZg;58vT@T?)@4<5x25AafDE
zohj@gZ3acJk!Pr_B(Fw7cn8n*$;h)NID&6uzB6qndXw+5%~PNBexxrWO`jZkwd!-)
zz+WOYfqIaZLT_!{K6X0U_;wl|N=4Ic#f@yIE?bp<7kMk%{8?#mp?y}9HbeLxru_fb
zUj^oo=_mz$ww-EAT5sZmN#9~e6Tk-RK}7{^!$CYN&i6BU6Y^{!4&eL!Q-)`0$lKj^
zBo$@f*y-=3_x~Cyj!VI9lqf^S5FT#gdxm&63YF(ugF+{5gQ|D~&lB=J$+L+VpE|l@
z1-^v|FCy<TJBX{~$zsC^=}b$$-#>ly`@ieST#17E3?O5uou<je7uiuKp@WHR!QE8&
zg8aUG$EjnaS0-&2@i^3V+jexOwGVa7;n}~$-%x*VOwG3kWiIRf_oITEG?q#|;4{j0
z;0HX*bA8rQpax%u_$Awsdc-}pgY~V|D6@z><CK@rMZV2wNS|QxG@%1)iT5JDknsQ3
zzc-QZpLhiLSC*YURMwZu7Vynu8(7J+{(R@sKmps4PK0+*K0ER9gzw`-TUk}Ym8oa6
z?Szs;`3@m|J_hYC<>7lOKSaV79=subL%H~rrtnZZlIuK=L%#I3q6)S{%J(zj1LW0b
zJ>lw<*-5^RxCrapI-X%W>gTVBJD0uX8UI5C=zVkCj;9#y5(>>#LuAw^nDzgi=X<H(
z26^`JEld1>tvC(O_0ezVJis(O?}P)0N2wk@0i-Rblgo*Zr0jUos<;H=Q%M!RX$Vgs
zLozyWhw%4L843;|UW;c%sW1?$<16wFvmH3b^Vt+=WgAo3AoBDfZzyTocz%<#<do^i
zcMadS#NA)WP?+yBb%2cdNNmP;2JsIx{NK+oBB{wUif0W7zoim=5-|Gegi~W(o`3%w
zwBbTDuFq=9{X@Qq)Eke^d1A8u?@81rCYjdpFx*yZQqBLy=2<?z&uwB)jHHs{HeQ;B
zF7lm5rHybehVj)W1La;bKz(l7x=&K}g|~C8|1<lr1{u%TLZ!$&fDC25#drshC(`Dt
zLx(eX3$uxMo}Drmcs8BzMI2A%5A2{+JSKTpk{(FDP@YY+W%cZT=WhWII{d%J&IG)Q
zBHQDs?f@o(7=eIco0c7kfH=w+M-U_eictwDpQ2;u-cHhTb31h33j`S>?&J1U#MW_x
zPjFY%@GMkjP~xb-@LbSA925|6MG?p6AP<N4tM0lXpfk?-zPeR)&i^b`eX33Y->1xP
zq`wv5X{`+GLHV#&yYea+MP1=5+6I0teT_DJ9dngeSHP>(yy@^1os7<Q`f1S&+&^Ia
zP8*s6Xf}@SZslwchCbH8n0(*6wR5HaiZ-IU@#uU9HX?9>c07}9;Ln2pE`dA>W)kfc
zcyH3LR)7EZ4bEpE9Ht}fjAA3>+qKgn7@4P|pQQuc%={yaBrsA0b^#7T`m34W3;!5&
zKLaz7{zPQA!T*B(du)}$I|kWY@XOWv@8l?CUbgf}lv~p^dh!lRibi1Q1C5!XgHrrA
zFjfoS#)+bCTGl_F=FOl#16~dKj$Xtq*sR8XL_cVSw*lNryNmga7#oP;9PLLjpWXQe
z#*HZV*0Onw$7}u1koDFM_F?BuJ??`1BxD_#zovs!b{kg!`YTQ8--=*-D~Af8=m~@s
z@CUNODYX5}9h`2VKMtLB=&ObFV!jssNP0!LG2Tr(m$8ffO2(g|zk$9KofFi*|JCXU
zj{;PSAV;&ck=*=UWDlTx7cEDxq1y$+GwB~izMEhUqb1;7Pp{}}WP|Ak;P83IKOj4T
zwwiXc`u@8xcq_^aX%_)fv=Lwv07X6MpMt*`gUjJR&$uVSbpZb%{hRQA0WLwi7`dX}
z@V*1*q5FxpGaWylf?vgaJ#9Gp(Y6IB-5IGJ_*o2Z6GjFAtkNsq!Tf642yIZIJ=!1P
zt<jiDoPLGjzA8W+%z2CzO{VQeJ`ud466`d-!;b@CCw*<q&l`>6V0c;j>F~N?@O5pZ
znsFBllxT;&kbkTlEr&k}+!tzP&>djLXgxJoes{wAE4%^{xlVomB-~dp@D%+tZ8XK$
z(u)67TF`tIj9&R3Rxug=1o%_o-;BeJ=(f{=bf<q0-lOm?2DhH^2>NT$?@rr~{&lpu
z>d*g*ZbHEzq9TCn8Q%c!Eduxi1EnZjKz}U;9;aW4qM`@s=Yu~6emV0G7_XqsV?Gt#
zUm;(B?&W$RtC_EiG~=HFunBcf|B-oD4CiPHgZmJEOCX~$U?ZCXZV<dP;dQ{!UifX9
zD_X;RH<-a-6fMKybI9+c?+#`OV?_&Soxt3yaZjPsxD(|k04-+nH;g;<htfmZQI5X~
z1HPV&)W+0wH4eYdfpmX3{avjv^IF+|NqztCFy4&fKWJ-cYg++q=Isfv8=qz<{D&C_
z@Sb7(9Bm;h+e+I+;EUns=u-w=kRPudpN!rn+W*3<2lp!YhtVrg@Bi}=C|ZYbB*Cmj
zsWZZ-;0*wHCcFt?eA;SwCEDm9Fu#ZQ3<iJSYKOXkDTlWY`CpI^M%JAL9Ebg5XgT_e
z3Rve~-g|)01bifbhu|;6agKh6ff=n7Coz5v{5kL+(81in{2KTL*jPl{&)nBR?ZVM}
z*n5ll1;`4KO=kQyE%JXY%)TfO!=nlKTY3qonDH(gEI@f6<6>>Fkogxnx^d{8%KR$&
zezbjzZ$&rF_+5<|j|~BT6@Fe~JPbP-+Gh3ri}eZ|4K8K=I0haEP)WN2MMY=CUGy6&
zgE;7d!7t%t7%O6z^R^@Fh@PSo;eQB5(e2vKtBl)$=}W&&o&OVA*&HTkX(N9^c?*D(
z^?V59IRunXe-gam7`%?Tg-&Z~()gpn-Gj65nO{qP2JI?<|3qg$yd?b+FfZe`PW^>L
zj@H3=Lr1Q7?;v}O{%`Qx;Ix{)g82;?xlcQDFtirjBlJgTTUUVlUXO=@FJim{r&}1m
zkE}CoF8CGLX#AzxvsUyv0Zag}6{Ux?lRmn?oFK*^FVQ+(F?tHvE5ZI2gME;%!`89d
z-o1J;uQR_08`py$3T7KvO^taQU~bpZ&O^8ggNl|geq951XhY9}Rn&=oq#nPhF?TZ`
z5sUMNV55>|W1~I1Pr%%akMY>K58Pa2&G4($-~TL!F-j|*0bnHK1t|U<rH|+pU8wtC
z>zz0aon?&Yg1=tNUc|vD9q2;FZ^f#4Ll{rhdLQ9f4L=2!V6aV{zsqs7k$xY-kubl(
zxT5zNdnoUYr+MRWbPJgNwEx3^OZynvpP5hBK`7{DwE6G`qq_u5Z{-o%gWV(PUA<!!
z$Qy6hiiHSHrA?$Mnh5x90KdV|Jz%;qR&+mO^^aD&Xo|X$3pZf!5-lGKe>@In(c0^U
zJk0oIjbE$%HPdft!#|eZq@#Hd16RV_h|)?FzQl2g`9iI*6Wo``mcUmu3jAXFfm)vj
z+qF-$G3PH_diMNNo-S)z_ViNGH2c}LqH%2HXlr2LWUK}+>s#Kew3V>y?J76rW?Uy2
zRG4R3*1&$rK~@ZOYtojNPBk1Nu+vGaJXK@Y*{K5><)@u?(8P*R2QgEfBOPm?lTP>z
z^_kfA{L`16)i_B7b`bl3u}Jox1RVo^B4{O0;Y5I>Q*CEcnO19Z(oGAN?G;r&@*iyl
z3;Ve}YlS<=d(5Bh1{pV9V@-D&n(lsXZM%-zkCU{LcE&Eu>lcJatQTE+sF9_Gu9voE
zxv7*@<yhIkNjClVPuGY}2Q;fazs&00FX-L0Y2}1AO{4xiv~SaYeYPUMv62WJe?VZ_
z$)xWDfi<9CFu+QBPGF_Ij8$i661CRYib@=1{D#833NPc7S(9rW-?3bUv1+omZ>KYk
zV`XaX3_lK8;wP;jTVL<_nIPi$&Wx-RWLQJs&T)nmk~q+W>c&XQQmq<?IP8pCNQ?I%
zn@BiLvec?iId*{ES|>4GX=weVm&n!;Sght%$9Wog&v;fqNV8N($|VaVVmp=cW;w|r
zE$e8S_|-Au=<^)kt#+f}4%rQss5WGNde;vnmQDrBtB=C0c2iCyZL+_<@9=?j-b}Rx
zM49z{f{J%R<&m2X96#O}FYU}<x37ECz8@OR@IoPa3QIN!(a=G<MWVR9e5QxkUo77p
zE*?3uQ%$tC=rcI8>zxF<C+Cb6kBHDeT@=f6PZtRx*N+pQcPOb-ZhH3{a>B5nxB4u0
zU6ost^|FCnexB$dy4&n-MhV=s#aGVwuCiv;c}XYy;(T$3{KHhS+3XnY+$=X!YgG=d
zD6{$nh0>cQ&dVR3a%S3@cy$>+8*mh>+0~k~oylU3%tK|SopO`bIcJWJ(ll(oM7-Fu
zU-sB4H-jOS&860au?$PCgzsQ2DKE7}uOhi-hFIAyT+<*<kv->#SB&AxgzqFgl|$S;
zB!sQh`Ie4~p5UFC`hWy^wO-ou!~c0+^pxMv6@Bxqlxqj-OSx$-DKDMprsKeDKi*H-
zX`W~+j%wj2yt>xACl9+)Y&CkupST62zqsDvaP!q744=D(kMQ6%qVk9%oQ7E{+KlH}
zDKA|kzr8~oC*-g16jr;gZV;$obMEu%Vn*0~p6DgdzfVXpC`;C)Gj1YIW3^O{s}%&b
zYVGQqM4uur?S;GF5J!dM9uPC-`UgavDEG7Jw6Z?d_3P3#zICh>WNbgWK2+KkqGRPS
zHT5;e#(8iEN}jw(++>c7lc(kE#VN-<*b;hS-oe{&P@;t^7K<I74mlVq?(qI4VxW9s
zi5T8SipRy9rhN4&QEkd|pA{3td~-vw{Gds+HN$q2qcBE_r+*>4HH%syA9+PgZIg)7
zjr4O;+)$U2dZaC9`}8RjCtArYDe1LJJU3nK73Td5m5TE7$|vP?s_Zybl}7l_)uL>$
zGdtt>X**@r`(BN2*A?bv({>dn91qTHCy^!pwJ5w~jVKO>tr6wD$mAsAgH_cLtM@qc
z(pe*JZc~tO>$xx0UVQ$BSk=w>(b35r8oBsQQDn%E-WK<_4e!|~`iHwWiuWY{)7{gB
zJadznWXRV)6r+TkzD0~G2v>e4E)J)EF2>58pOZ&&`A*T^h>Lc;<JY-F?4+C;*N@6}
z!cE%ApQzf+O)1Z+CV_0fRgqH_y@9el?q|w2m_v$oq(KRc>?Yi5AG_g}uSALZ85x)E
zgM^2a?*AzCxOV?^=t|ZQ7jFuXx(m2FJ-s&BZI|d{P@>hdC9c)213eH+B>Q)<gk`%$
zuW<WUqyh`ems58Oqo9})?FCk}>?8xO&^*3-QMp;tr7({YmJMvbd6AXnV5_Z3dUDEM
z@sa4LXI4GMG_KTg=svNct!!@^O9#o%OO1lIja~*>%C?d&_hZ6sZlYFlFrtq~1&(Vs
zM?T@XX+AflhzkTfw+pUpRmZ7(XHOnoW>t7rtxeU9YIpOK*mNvPv_f-(T<T<OD_%U>
zDWdiiAcd^XZhpqo^*5^OzMJ%hSd}iSq4<?iTxGGYgdNzFZMMJKp2;t_Y`vd#s&bWE
zEh1OEa|_|caKJZlSu;5_DK=3%4X_uu9LYfL8g5)HhX34lpify(u*nuhN?nMO|ErTF
zPKtJbeR9-WOC1unkhg^&Ez+w`P&ZJh_noA}$*yzL%0#4JbAmChXr!t_e1eu}?L;Qa
z&B2Q(s`Sw=s?Fq;oOY~q^9yy_Htzt}k&DZXFU<bu=*3ueBH?R~YSmmjq>YtG*)w@*
z$y+8Edy8bp3yt>=mzHaoCGx^6jmpl&Buew5I;x?ESMD1gPf0H<+F}&TRd*VDgxqkK
z@xGAn{lVDYu?O2tfuelo-Uuu&ek0h0;SWz5{ll$K8ry~eBV*VVm02t(Di`cekRfH!
z=Dk2YiQW(C8a{j2VX0w-1wGC7VbN0KD!FQ@@mPK@wP}fr%C}r5sWfbPQA}TEypTV_
zjvsC+Gt$+rot~qzloSf$Y-auF#D{5S^CDgr<N?=Y*!Ov3Tfb;;R6_R4TD&jRF+1pS
zfomrvzkA-8)=4g0XIxMaj^ALE%ZE1@73N8NZJ$e#N01l2R`|>T2ZUv&qrH!fvwF^0
zR&6UWs&7Hoy>I+oEl<5IT9TGm4?*+Fh@!N^t(%Q5lAme3G2%UMk>z$@mTom}HwUXk
zQybkPr@kJ-$!UbWb{IXwjoXdK<bykmF`atW+bO$>WXbJBogKI;NmINtY`J}pF<*qu
zdyOOIy?c!(4?CsWPH~`F`GKs-i+Kka(bc2Qe=Z80D}{2rX`X15Wys|^b+@U_P@A9N
zQ5&7FIB0cqMUR%~JLbN9^aNPi##|$BZ;O?1_-#h<7~Uz-7V>J1&sFqLiSDD8M+#P)
zOZft^@k13P|6!`j@_!S*SvbjQC*cIHy0lu31vl@H7o#o$o%nL_;pWkz<fl%)I_hQN
zxDMtB$$$Ro)VA`a&gRGYazTlipD$nTY1WGHt*%CQdBrcym(9@YWA+a>_AxEFp^y3C
z;d04w=3*gd9B*FTwlVFhmy6o0mNc(de-QF`(@y3ZnrIDFPY{Z4yiWBJ(3wQR`ghtD
zQz}m555YguZpkL}?eM#k%<}M}BhA9L(Hq4Jk1jL2DMmrqdy&y499m{h2}>6l?fa)3
zb=%tNct;VciqP^HB6nhad3l*>wCkY0TdrbJ-Yy$$ZtoF2vpFnLHEMl+S(ChYj5)!O
v?~FB{ZWk_`XqJZk&oaA)-Oe)i$k7$%G$H@{Z1Y7!E}3N32-z^%+?4<SeVL(^

diff --git a/po/es.po b/po/es.po
index 3c7e076..96497ce 100644
--- a/po/es.po
+++ b/po/es.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.0.9\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2018-05-25 15:44+0000\n"
 "Last-Translator: emma peel <emma.peel@riseup.net>\n"
 "Language-Team: Spanish <es@li.org>\n"
@@ -21,56 +21,56 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Generator: Poedit 1.8.11\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "no pude conseguir el bloqueo de entrada de pin: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Cancelar"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Sí"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_No"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Guardar en gestor de contraseñas"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "¿De verdad quiere hacer que su frase contraseña se vea en la pantalla?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Mostrar frase contraseña"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Esconder frase contraseña"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -81,28 +81,15 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
 msgstr "barra de calidad, entrada de pin"
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Frase contraseña demasiado larga"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Calidad:"
 
@@ -112,18 +99,18 @@ msgstr "Calidad:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr "barra de calidad, entrada de pin"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 "Por favor introduzca su PIN para desbloquear la clave secreta de esta sesión"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -131,7 +118,7 @@ msgstr ""
 "Por favor introduzca la frase contraseña para desbloquear la clave secreta "
 "de esta sesión"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
@@ -144,50 +131,46 @@ msgstr "PIN:"
 # ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
 # ¿Es que son más listos? :-)
 #
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Frase contraseña:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "no coincide - reinténtelo"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (intento %d de %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Repetir:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN demasiado largo"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Frase contraseña demasiado larga"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Caracteres inválidos en el PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN demasiado corto"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "PIN incorrecto"
 
@@ -200,31 +183,29 @@ msgstr "PIN incorrecto"
 # ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
 # ¿Es que son más listos? :-)
 #
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Frase contraseña errónea"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "error obteniendo el número de serie de la tarjeta: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Por favor vuelva a introducir frase contraseña"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -235,61 +216,51 @@ msgid ""
 msgstr ""
 "Introduzca la frase contraseña para proteger el objeto importado en GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "no pueden usarse claves ssh de más de %d bits\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "no se puede crear '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "no se puede abrir '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "detectada tarjeta con S/N: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "no tenemos clave de certificación para ssh en la tarjeta: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "no se encuentra una clave de tarjeta adecuada: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "error intentando obtener lista de tarjetas: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -298,21 +269,21 @@ msgstr ""
 "Un proceso ssh requirió el uso de la clave%%0A  %s%%0A  (%s)%%0A¿Quiere "
 "permitirlo?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Permitir"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Denegar"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr ""
 "Por favor introduzca la frase contraseña para la clave ssh %%0A %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -321,87 +292,83 @@ msgstr ""
 "Por favor introduzca una frase contraseña para proteger la clave secreta "
 "recibida %%0A  %s%%0A  %s%%0A  en el almacén de claves del agente gpg"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "fallo al crear un flujo desde el socket: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Por favor inserte la tarjeta con número de serie"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Por favor retire tarjeta actual e inserte la que tiene número de serie"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "PIN del Administrador"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Código de Reinicio"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0A Use el teclado del lector como entrada."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Repita este Código de Reinicio"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Repita este PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Repita este PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Código de Reinicio repetido incorrectamente; inténtelo de nuevo"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK repetido incorrectamente; inténtelo de nuevo"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN repetido incorrectamente; inténtelo de nuevo"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Por favor introduzca el PIN%s%s%s para desbloquear la tarjeta"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "error escribiendo en %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error al crear fichero temporal: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "error escribiendo en el fichero temporal: %s\n"
+
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Introduzca nueva frase contraseña"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Tomar esta de todas formas"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
@@ -409,7 +376,7 @@ msgstr ""
 "¡No ha introducido una frase contraseña!%0AnNo se permiten frases contraseña "
 "en blanco."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -418,18 +385,18 @@ msgstr ""
 "No ha introducido una frase contraseña -¡esto es en general una mala idea!"
 "%0Apor favor confirme que no quiere ninguna protección para su clave."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Sí, no se necesita protección"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Una frase contraseña debe tener al menos %u caracter."
 msgstr[1] "Una frase contraseña debe tener al menos %u caracteres."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -441,184 +408,195 @@ msgstr[1] ""
 "Una frase contraseña debe tener al menos %u dígitos o %%0A caracteres "
 "especiales."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "Una frase contraseña no puede ser un término conocido%%0A o ajustarse a "
 "cierto patrón."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Aviso: ha introducido una frase contraseña insegura."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Tomar esta de todas formas"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Por favor introduzca frase contraseña para%0Aproteger su nueva clave"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Por favor escriba la nueva frase contraseña"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Opciones útiles para el depurado"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "ejecutar en modo demonio (segundo plano)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "ejecutar en modo servidor (primer plano)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "ejecutar en modo supervisado"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "no independizarse de la consola"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "salida de datos estilo sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "salida de datos estilo csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|lee opciones desde FICHERO"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Opciones que controlan la salida de diagnósticos"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "prolijo"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "algo más discreto"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|escribir logs en modo servidor en FICHERO"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Opciones que controlan la configuración"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "no usar SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|usar PCM como programa SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|usar PCM como programa SCdaemon"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|aceptar algunos comandos via NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorar peticiones de cambiar el TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorar peticiones de cambiar el display X"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "permitir soporte de ssh-agent"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|usar ALGO para mostrar las huellas digitales de ssh"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "habilitar soporte de putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Opciones que controlan la seguridad"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|los PINs en la caché expiran en N segundos"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|las claves SSH caducan en N segundos"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|establecer vida máxima del caché de PIN en N segundos"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|establecer vida máxima de la clave SSH en N segundos"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "no usar el caché de PINs al firmar"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "no permitir el uso de un cache externo de contraseñas"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "no permitir que los clientes marquen claves como \"confiables\""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "permitir preestablecer frase contraseña"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Opciones que fuerzan una política de frases contraseña"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "no permitir evitar la política de frases contraseña"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|establecer longitud mínima para nuevas frases contraseña en N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|pedir al menos N caracteres no alfabéticos para nuevas contraseñas"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|comprobar nuevas frases contraseña con el patrón en FICHERO"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|frase contraseña caduca tras N días"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "no permite reusar antiguas frases contraseña"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
@@ -626,50 +604,50 @@ msgstr "Opciones que controlan la seguridad"
 
 # usa
 # Vale.
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "usa el agente gpg"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "no permitir que el caller cambie la entrada de pin"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "no acaparar teclado y ratón"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|usar PGM como el programa para entrada de PIN"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|establecer vida máxima de Pinentry en N segundos"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "permitir que Emacs pida la clave"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Por favor, informe de posibles \"bugs\" a <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Uso: @GPG_AGENT@ [opciones] (-h para ayuda)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -677,137 +655,132 @@ msgstr ""
 "Sintaxis: @GPG_AGENT@ [opciones] [orden [argumentos]]\n"
 "Manejo de claves privadas por @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "el nivel de depuración '%s' no es válido\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "el algoritmo de resumen seleccionado no inválido\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "leyendo opciones de '%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Atención: \"%s\" no se considera una opción\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "no se puede crear el socket: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "el nombre de socket '%s' es demasiado largo\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "ya hay un agente gpg ejecutándose - no se inicia otro\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "error obteniendo valor único para el socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "error enlazando el socket con '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "no puedo cambiar los permisos de '%s': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "escuchando en el socket '%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "no se puede crear el directorio '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "creado el directorio '%s'\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() falló para '%s': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "no puede usar '%s' como directorio personal\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "error al leer valor único en el descriptor %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "manejador 0x%lx para descriptor %d iniciado\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "manejador 0x%lx pada descriptor %d finalizado\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "manejador ssh 0x%lx para el descriptor %d iniciado\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "manejador ssh 0x%lx para el descriptor %d finalizado\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect falló: %s - espero 1s\n"
 
 # msgstr "clave %08lX: %d nuevas subclaves\n"
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s detenido\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "no hay un agente gpg ejecutándose en esta sesión\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -815,11 +788,11 @@ msgstr ""
 "@Opciones:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Uso: gpg-preset-passphrase [opciones] KEYGRIP (-h para ayuda)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -831,8 +804,8 @@ msgstr ""
 # Sí, este no he podido ser yo :-) Por cierto, ¿por qué la O no se
 # puede acentuar? ¿demasiado alta?
 # ¿Quién dice que no se puede? :-)
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -840,8 +813,8 @@ msgstr ""
 "@Órdenes:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -851,11 +824,11 @@ msgstr ""
 "Opciones:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Uso: gpg-protect-tool [opciones] (-h para ayuda)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -863,22 +836,22 @@ msgstr ""
 "Sintaxis: gpg-protect-tool [opciones] [args]\n"
 "Herramienta para el mantenimiento de claves secretas\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Introduzca frase contraseña para desproteger el objeto PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Introduzca frase contraseña para proteger el nuevo objeto PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Introduzca la frase contraseña para proteger el objeto importado en GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -886,53 +859,52 @@ msgstr ""
 "Por favor introduzca la frase contraseña o PIN\n"
 "necesarios para completar esta operación."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "cancelado\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "error pidiendo la frase contraseña: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "error abriendo '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "fichero '%s', línea %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "declaración \"%s\" ignorada en '%s', línea %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "la lista de confianza '%s' del sistema no está disponible\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "huella digital incorrecta en '%s', línea %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "opción de clave inválida en '%s', línea %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "error al leer '%s', línea %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "error al leer la lista de certificados raíz fiables\n"
@@ -945,7 +917,7 @@ msgstr "error al leer la lista de certificados raíz fiables\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -954,11 +926,11 @@ msgstr ""
 "¿Confía absolutamente en%%0A  \"%s\"%%0A para certificar correctamentelos "
 "certificados de otros usuarios?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Sí"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "No"
@@ -971,7 +943,7 @@ msgstr "No"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -983,21 +955,21 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Correcto"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Incorrecto"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Nota: Esta frase contraseña nunca ha sido cambiada.%0APor favor hágalo ahora."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -1006,15 +978,15 @@ msgstr ""
 "Esta frase contraseña no se ha cambiado%%0Adesde %.4s-%.2s-%.2s.Por favor "
 "cámbiela ahora."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Cambia la frase contraseña"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "La cambiaré más tarde"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -1023,11 +995,11 @@ msgstr ""
 "¿De verdad quiere borrar la clave identificada con el keygrip%%0A  %s%%0A  "
 "%%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Borrar clave"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1035,92 +1007,92 @@ msgstr ""
 "Cuidado: ¡Esta clave también está listada para usarse con SSH!\n"
 "Borrarla puede remover tu capacidad de acceder a máquinas remotas."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "la clave %s usa un hash inseguro (de %u bits)\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "un hash de %zu bits no vale para %u bits de la clave %s\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "la comprobación de la firma creada falló: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "las partes de la clave privada no están disponibles\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "el algoritmo de llave pública %d (%s) no se puede usar\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "el algoritmo de protección %d (%s) no se puede usar\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "el algoritmo de protección de hash %d (%s) no se puede usar\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "error al crear tubería: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "error al crear stream para una tubería: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "error bifurcando procesos: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "fallo esperando que el proceso %d terminara: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "error al ejecutar '%s': probablemente no está instalado\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "error ejecutando '%s': código de salida %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "error al ejecutar '%s': terminado\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "fallo esperando que el proceso termine: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "error obteniendo código de finalización del proceso: %d %s\n"
@@ -1135,33 +1107,33 @@ msgstr "no se puede conectar con '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problema estableciendo opciones de gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "no se pueden desactivar los volcados de core: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Aviso: propiedad insegura de %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "esperando que el archivo '%s' esté disponible ...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "renombrar '%s' a '%s' falló: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "sí|si"
 
@@ -1215,52 +1187,99 @@ msgstr "agotado núcleo de memoria segura reservando %lu bytes"
 msgid "out of core while allocating %lu bytes"
 msgstr "error de memoria al reservar %lu bytes"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "error reservando memoria: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: opción obsoleta \"%s\" - no tiene efecto\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "ATENCIÓN: \"%s%s\" es una opción obsoleta - no tiene efecto\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "etiqueta de debug '%s' ignorada\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "esperando que el dirmngr arranque... ( %ds)\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the agent to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "esperando que el agente arranque... ( %ds)\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "esperando que el agente arranque... ( %ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
+#, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "conexión establecida al dirmngr\n"
+
+#: common/asshelp.c:366
 #, fuzzy, c-format
-#| msgid "connection to agent established\n"
-msgid "connection to %s established\n"
-msgstr "conexión establecida al agente\n"
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "conexión establecida al dirmngr\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "conexión establecida al dirmngr\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "no hay dirmngr en ejecución - iniciando '%s'\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "la conexión al agente está en modo restringido\n"
+
+#: common/asshelp.c:725
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "no hay gpg-agent en ejecución - iniciando '%s'\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "error intentando averiguar la versión de '%s': %s\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:731
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "la conexión al agente está en modo restringido\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "el servidor '%s' es más viejo que nosotros (%s < %s)"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "no hay dirmngr en ejecución - iniciando '%s'\n"
+msgid "WARNING: %s\n"
+msgstr "ATENCIÓN: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Advertencia: Los servidores no mantenidos pueden carecer de importantes "
+"actualizaciones de seguridad.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Atención: Usa el comando \"%s\" para reiniciarlos.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1330,7 +1349,7 @@ msgid "algorithm: %s"
 msgstr "algoritmo: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "algoritmo no disponible: %s"
@@ -1405,11 +1424,11 @@ msgstr "Cadena de certificados válida"
 msgid "Root certificate trustworthy"
 msgstr "Certificado raíz fiable"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "no se encuentra CRL para el certificado"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "el CRL disponible es demasiado antiguo"
 
@@ -1446,7 +1465,7 @@ msgstr "No hay ayuda disponible para '%s'."
 msgid "ignoring garbage line"
 msgstr "ignorando línea con basura"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[ninguno]"
 
@@ -1455,134 +1474,26 @@ msgstr "[ninguno]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "caracter inválido radix64 %02x omitido\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "parámetro inesperado"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "error de lectura"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "palabra clave demasiado larga"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "falta el parámetro"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "parámetro incorrecto"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "orden inválida"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "definición de alias inválida"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "memoria desbordada"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "orden inválida"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "orden desconocida '%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "datos inesperados"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "opción inválida"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "falta parámetro para la opción \"%.50s\"\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "parámetro incorrecto para la opción \"%.50s\"\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "la opción \"%.50s\" no necesita parámetros\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "orden inválida \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "la opción \"%.50s\" es ambigua\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "la orden \"%.50s\" es ambigua\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opción inválida \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTA: no existe el fichero de opciones predeterminado '%s'\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "fichero de opciones '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1598,131 +1509,132 @@ msgstr "iconv_open falló: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "la conversión de '%s' a '%s' falló: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "no se pudo crear el fichero temporal '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "error escribiendo a '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "borrando fichero de bloqueo residual (creado por %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "esperando al bloqueo (que mantiene %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(¿bloqueo mutuo?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "bloqueo '%s' no hecho: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "esperando al bloqueo %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s es demasiado antiguo (necesita %s, tiene %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "cabecera de armadura inválida: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "cabecera de armadura: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "cabecera de firma clara inválida\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "cabecera de armadura desconocida: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "firmas en texto claro anidadas\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "armadura inesperada: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "Línea con guiones inválida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "caracter inválido radix64 %02X omitido\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "Fin de fichero prematuro (falta suma de comprobación)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "Fin de suma de comprobación prematuro\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "Suma de comprobación mal creada\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Error en suma de comprobación: %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "fin de fichero prematuro (en el cierre)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "error en la línea de cierre\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "no se han encontrados datos OpenPGP válidos\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armadura incorrecta: línea más larga de %d caracteres\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1730,12 +1642,12 @@ msgstr ""
 "caracter \"quoted printable\" en la armadura - probablemente se usó\n"
 "un MTA defectuoso\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ ilegible (%zu bytes: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1744,387 +1656,381 @@ msgstr ""
 "un nombre de notación debe tener sólo caracteres imprimibles o espacios, y "
 "acabar con un '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "un nombre de notación de usuario debe contener el caracter '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "un nombre de notación no debe contener más de un caracter '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "un valor de notación no debe usar ningún caracter de control\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "un nombre de notación no debe contener ningún caracter '='\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
 "un nombre de notación debe tener sólo caracteres imprimibles o espacios\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "ATENCIÓN: encontrados datos de notación inválidos\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "fallo al hacer la petición proxy %s al cliente\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Introduzca la frase contraseña: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "error intentando averiguar la versión de '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "el servidor '%s' es más viejo que nosotros (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "ATENCIÓN: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Advertencia: Los servidores no mantenidos pueden carecer de importantes "
-"actualizaciones de seguridad.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s no funciona con el modo %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Atención: Usa el comando \"%s\" para reiniciarlos.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "error al leer de %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s no funciona con el modo %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problema con el agente: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "no hay agente dirmngr activo en esta sesión\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "option '%s' may not be used in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "no se puede usar la opción '%s' en modo %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "\"%s\" is not a proper fingerprint\n"
 msgid "Tor is not properly configured"
 msgstr "\"%s\" no es una huella digital válida\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "\"%s\" is not a proper fingerprint\n"
 msgid "DNS is not properly configured"
 msgstr "\"%s\" no es una huella digital válida\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "genera un certificado de revocación"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "tarjeta OpenPGP no disponible: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "tarjeta OpenPGP num. %s detectada\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "imposible hacer esto en modo de proceso por lotes\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Esta orden solo está disponible en tarjetas versión 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "No hay Código de Reinicio o ya no está disponible\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Su elección: "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[no establecido]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "no forzado"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forzado"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Error: sólo se permite ASCII sin formato actualmente.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Error: El caracter \"<\" no puede usarse.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Error: no se permiten dobles espacios.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Apellido del titular de la tarjeta: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Nombre del titular de la tarjeta: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Error: nombre combinado demasiado largo (máximo %d caracteres).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL de donde recuperar la clave pública: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "error al leer '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "error al escribir '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Datos de login (nombre de la cuenta): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Datos privados: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Preferencias de idioma: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Error: longitud de la cadena de preferencias inválida.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Error: caracteres inválidos en cadena de preferencias.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Error: respuesta no válida.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Huella digital CA: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Error: formato inválido de huella digital.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "la operación con la clave no es posible: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "no es una tarjeta OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "error obteniendo la información actual de la clave: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "¿Reemplazar la clave existente? (s/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "NOTA: No hay garantía de que la tarjeta permita el uso del tamaño\n"
 "      requerido. Si la generación de clave fracasa, por favor compruebe\n"
 "      la documentación de su tarjeta para ver los tamaños posibles.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "¿De qué tamaño quiere la clave? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "redondeados a %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "los tamaños de claves %s deben estar en el rango %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Cambiando el atributo de la clave de tarjeta por: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Clave de firmado\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Clave de cifrado\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Clave de autentificación\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Por favor seleccione tipo de clave deseado:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Elección inválida.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Ahora la tarjeta se reconfigurará para generar una clave de %u bits\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Ahora la tarjeta se reconfigurará para generar una clave de tipo: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "error cambiando el atributo de clave de la clave %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "error al obtener información de la clave: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Esta orden no se puede usar con esta tarjeta\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 "¿Hacer copia de seguridad externa a la tarjeta de clave de cifrado? (S/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "NOTA: ¡ya hay claves almacenadas en la tarjeta!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "¿Reemplazar las claves existentes? (s/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2135,188 +2041,204 @@ msgstr ""
 "   PIN = '%s'     PIN Administrador = '%s'\n"
 "Debería cambiarlos usando la orden --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Por favor seleccione tipo de clave que generar:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Clave de firmado\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Clave de cifrado\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Clave de autentificación\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Por favor elija donde guardar la clave:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD fallido: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
 "NOTA: ¡Esta orden destruye todas las claves almacenadas en la tarjeta!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "¿Continuar? (s/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "¿Realmente quiere volver a los valores de fábrica? (escriba \"sí\") "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "error de la configuración KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "error de la configuración KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "salir de este menú"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "ver órdenes de administrador"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "muestra esta ayuda"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "listar todos los datos disponibles"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "cambiar el nombre del titular de la tarjeta"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "cambiar URL de donde obtener la clave"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "recuperar la clave especificada en la URL de la tarjeta"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "cambiar nombre de usuario"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "cambiar preferencias de idioma"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "cambiar sexo del titular de la tarjeta"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "cambiar huella digital de una CA"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "cambiar estado de la opción forzar firma del PIN"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "generar nuevas claves"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menú para cambiar o desbloquear el PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verificar PIN y listar todos los datos"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "desbloquear PIN usando Código de Reinicio"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "destruir todas las claves y datos"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "configurar KDF para autentificación de PIN"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "cambia valores de la clave"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "cambia valores de confianza"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/tarjeta> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Órdenes sólo de administrador\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Se permiten órdenes de administrador\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "No se permiten órdenes de administrador\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Orden inválida (pruebe \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output no funciona con esta orden\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "no se puede abrir '%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "clave \"%s\" no encontrada: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "error al leer bloque de claves: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "clave \"%s\" no encontrada\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(excepto si especifica la clave dando su huella digital)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "imposible hacer esto en modo de proceso por lotes sin \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(excepto si especifica la clave dando su huella digital)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2354,9 +2276,9 @@ msgstr "clave"
 msgid "subkey"
 msgstr "subclave"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "actualización fallida: %s\n"
@@ -2381,64 +2303,76 @@ msgstr "¡hay una clave secreta para esta clave pública! \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "use antes la opción \"--delete-secret-key\" para borrarla.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"AVISO: forzar el cifrado simétrico %s (%d) viola las preferencias\n"
-"del destinatario\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "error al crear frase contraseña: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "usando cifrado %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "'%s' ya está comprimido\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "ATENCIÓN '%s' es un fichero vacío\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "no se puede usar el cifrado '%s' en modo %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "no se puede usar el cifrado '%s' en modo %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "no puede usar el resumen '%s' en modo %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:727
+#, c-format
+msgid "reading from '%s'\n"
+msgstr "leyendo desde '%s'\n"
+
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVISO: forzar el cifrado simétrico %s (%d) viola las preferencias\n"
+"del destinatario\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
 #, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
 msgstr ""
 "ATENCIÓN: la clave %s no es adecuada para la encriptación en modo %s\n"
 "\n"
 
-#: g10/encrypt.c:679
-#, c-format
-msgid "reading from '%s'\n"
-msgstr "leyendo desde '%s'\n"
-
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2447,98 +2381,47 @@ msgstr ""
 "AVISO: forzar el algoritmo de compresión %s (%d) va en contra\n"
 "de las preferencias del receptor\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzar el cifrado simétrico %s (%d) viola las preferencias\n"
+"del destinatario\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrado para: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "no se puede usar la opción '%s' en modo %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "datos cifrados %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "cifrado con algoritmo desconocido %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "ATENCIÓN: mensaje cifrado con una clave débil en el cifrado simétrico.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problema trabajando con un paquete cifrado\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "no es posible ejecutar programas remotos\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"llamadas a programas externos inhabilitadas por permisos inseguros de "
-"ficheros.\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"esta plataforma necesita ficheros temporales para llamar a programas "
-"externos\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "no se puede ejecutar el programa '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "no se puede ejecutar el intérprete de órdenes '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "error del sistema llamando al programa externo: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "el programa externo finalizó anormalmente\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "no se puede ejecutar el programa externo\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "no se puede leer la respuesta del programa externo: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVISO: no se puede borrar fichero temporal (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVISO: no se puede borrar el directorio temporal '%s': %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "exportar firmas marcadas como sólo locales"
@@ -2559,378 +2442,378 @@ msgstr "borrar partes inutilizables de la clave al exportar"
 msgid "remove as much as possible from key during export"
 msgstr "borrar tanto como sea posible de la clave al exportar"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "usar el formato de backup de claves GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - omitido"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "escribiendo en '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "clave %s: material de la clave en la tarjeta - omitida\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "no se permite exportar claves secretas\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "clave %s: clave estilo PGP 2.x - omitida\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "ATENCIÓN: no se ha exportado nada\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "error al crear '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[ID de usuario no encontrado]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "'%s' recuperado automáticamente vía %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "error recuperando '%s' vía %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "No hay huella digital"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "clave secreta \"%s\" no encontrada: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(revisar el parámetro de la opción '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Advertencia: no estamos usando '%s' como clave predeterminada: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "usando \"%s\" como clave secreta predeterminada para firmar\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "todos los valores pasados a '%s' ignorados\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Clave %s inválida hecha válida mediante --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "usando subclave %s en vez de clave primaria %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "parámetros válidos para la opción '%s':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "crea una firma"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "crea una firma en texto claro"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "crea una firma separada"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "cifra datos"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "cifra sólo con un cifrado simétrico"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "descifra datos (predefinido)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifica una firma"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "lista claves"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "lista claves y firmas"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "lista y comprueba firmas de las claves"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "lista claves y huellas dactilares"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "lista claves secretas"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "genera un nuevo par de claves"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "genera un nuevo par de claves en modo rápido"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "añade una nueva id de usuario en modo rápido"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "revoca una id de usuario en modo rápido"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "cambia la fecha de caducidad de modo rápido"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "generación de claves con todas las funcionalidades"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "genera un certificado de revocación"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "elimina claves del anillo público"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "elimina claves del anillo privado"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "firma una clave en modo rápido"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "firma una clave localmente en modo rápido"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
 msgstr "revoca una id de usuario en modo rápido"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "firma la clave"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "firma la clave localmente"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "firma o modifica una clave"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "cambia una frase contraseña"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exporta claves"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exporta claves a un servidor de claves"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importa claves desde un servidor de claves"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "busca claves en un servidor de claves"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "actualiza todas las claves desde un servidor de claves"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importa/fusiona claves"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "escribir estado de la tarjeta"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "cambiar datos en la tarjeta"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "cambiar el PIN de la tarjeta"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "actualiza la base de datos de confianza"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "imprime resúmenes de mensaje"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "ejecutar en modo servidor"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|decide la política TOFU de una clave"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|usa NOMBRE como clave secreta por defecto"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|cifra para el ususario NOMBRE también"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|establecer alias de email"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "usar estilo OpenPGP estricto"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "no hace ningún cambio"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "preguntar antes de sobreescribir"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Opciones que controlan la seguridad"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Opciones que controlan la salida de diagnósticos"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "crea una salida ascii con armadura"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|volcar salida en FICHERO"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "usa modo de texto canónico"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|nivel de compresión N (0 desactiva)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Opciones que controlan la interactividad y obligación"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|usa MECANISMOS para encontrar claves por emails"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importa claves desde un servidor de claves"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "lista y comprueba firmas de las claves"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "prohibir todo acceso al dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Opciones que controlan la configuración"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "lista claves secretas"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|cifra para ID-USUARIO"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|usa este identificador para firmar o descifrar"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
@@ -2938,7 +2821,7 @@ msgstr ""
 # página man -> página de manual
 # Vale. ¿del manual mejor?
 # Hmm, no sé, en man-db se usa "de". La verdad es que no lo he pensado.
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2946,7 +2829,7 @@ msgstr ""
 "@\n"
 "(Véase en la página del manual la lista completo de órdenes y opciones)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2966,11 +2849,11 @@ msgstr ""
 " --list-keys [nombres]      muestra las claves\n"
 " --fingerprint [nombres]    muestra las huellas dactilares\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Uso: @GPG@ [opciones] [ficheros] (-h para ayuda)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2980,7 +2863,7 @@ msgstr ""
 "firma, comprueba, cifra o descifra\n"
 "la operación por defecto depende de los datos de entrada\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2988,73 +2871,73 @@ msgstr ""
 "\n"
 "Algoritmos disponibles:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Clave pública: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cifrado: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Resumen: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compresión: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "uso: %s [opciones] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "órdenes incompatibles\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no se encontró el signo = en la definición de grupo '%s'\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "AVISO: propiedad insegura del directorio personal '%s'\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "AVISO: propiedad insegura del fichero de configuración '%s'\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVISO: propiedad insegura de la extensión '%s'\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "AVISO: permisos inseguros del directorio personal '%s'\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "AVISO: permisos inseguros del fichero de configuración '%s'\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVISO: permisos inseguros de la extensión '%s'\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "AVISO: propiedad insegura del directorio contenedor de '%s'\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3062,18 +2945,18 @@ msgstr ""
 "AVISO: propiedad insegura del directorio contenedor del fichero de\n"
 "configuración '%s'\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "AVISO: propiedad insegura del directorio contenedor de la extensión '%s'\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "AVISO: permisos inseguros del directorio contenedor de '%s'\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3081,430 +2964,446 @@ msgstr ""
 "AVISO: permisos inseguros del directorio contenedor del fichero de\n"
 "configuración '%s'\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "AVISO: permisos inseguros del directorio contenedor de la extensión '%s'\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "artículo de configuración desconocido '%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "mostrar foto IDs al listar claves"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "mostrar información de uso de las claves al listarlas"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "mostrar URLS de política al listar firmas"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "mostrar todas las notaciones al listar firmas"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "mostrar notaciones estándar IETF al listar firmas"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "mostrar notaciones personalizadas al listar firmas"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "mostrar URL del servidor de claves preferido al listar firmas"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "mostrar validez de la ID de usuario al listar claves"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "mostar IDs de usuario revocados y caducados al listar firmas"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "mostrar subclaves revocadas y expiradas al listar claves"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "mostrar nombre de los anillos de claves al listar claves"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "mostrar fechas de caducidad al listar firmas"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "política TOFU desconocida '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(usa \"ayuda\" para listar las opciones)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Esta orden no se permite en modo %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTA: ¡%s no es para uso normal!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s' no es una fecha de caducidad de firma válida\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "\"%s\" no es una dirección de email válida\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "modo de entrada de pin inválido '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "origen incorrecto de la consulta '%s'\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' no es un juego de caracteres válido\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "no se puede interpretar la URL del servidor de claves\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opciones del servidor de claves inválidas\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "opciones del servidor de claves inválidas\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opciones de importación inválidas\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opciones de importación inválidas\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opción de filtro inválida: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opciones de exportación inválidas\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opciones de exportación inválidas\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: lista de opciones inválida\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "lista de opciones inválida\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "mostrar foto IDs al verificar firmas"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "mostrar URLs de política al verificar firmas"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "mostrar todas las notaciones al verificar firmas"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "mostrar notaciones estándar IETF al verificar firmas"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "mostrar notaciones personalizadas al verificar firmas"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "mostrar URLs del servidor de claves preferido al verificar firmas"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "mostrar validez del ID de usuario al verificar firmas"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "mostrar IDs de usuario revocados y caducados al verificar firmas"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "mostrar solo ID primario de usuario al verificar firmas"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "validar firmas con datos PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "aumentar confianza en las firmas con datos válidos PKA"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opciones de verificación inválidas\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "opciones de verificación inválidas\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "imposible establecer camino de ejecutables %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: lista de auto-localización de claves inválida\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "lista de auto-localización de claves inválida\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "parámetro incorrecto para la opción \"%.50s\"\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "ATENCIÓN: ¡el programa podría volcar un fichero core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVISO: %s sustituye a %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "¡%s no permitido con %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "¡%s no tiene sentido con %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "AVISO: ejecutándose con hora del sistema falsificada "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "no se ejecutará en memoria insegura por %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "el algoritmo de cifrado seleccionado es inválido\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "el algoritmo de resumen seleccionado no inválido\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "el algoritmo de compresión seleccionado es inválido\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "el algoritmo de certificación por resumen elegido es inválido\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed debe ser mayor que 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed debe ser mayor que 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth debe estar en el rango de 1 a 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "default-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "min-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTA: el modo S2K simple (0) no es nada recomendable\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "modo S2K incorrecto; debe ser 0, 1 o 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferencias por defecto inválidas\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferencias personales de cifrado inválidas\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferencias personales de cifrado inválidas\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferencias personales de algoritmo de resumen inválidas\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferencias personales de compresión inválidas\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "tamaño de clave incorrecto; se usarán %u bits\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s aún no funciona con %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "no se puede usar el cifrado '%s' en modo %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "no puede usar la compresión '%s' en modo %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "inicialización de la base de datos de confianza fallida: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "AVISO: se indicaron receptores (-r) sin clave pública de cifrado\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "el cifrado simétrico de '%s' falló: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "no puede usar --symetric --encrypt con --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "no puede usar --symmetric --encrypt en modo %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "no puede usar --symetric --sign --encrypt con --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "no puede usar --symmetric --sign --encrypt en modo %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "envío al servidor de claves fallido: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "recepción del servidor de claves fallida: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "exportación de clave fallida: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "exportación como clave ssh fallida: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "búsqueda del servidor de claves fallida: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "renovación al servidor de claves fallida: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "eliminación de armadura fallida: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "creación de armadura fallida: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritmo de distribución inválido '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "error al leer la especificación de clave '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "'%s' no parece ser una ID de clave, huella digital o keygrip válido\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
@@ -3515,22 +3414,22 @@ msgstr ""
 # En español no se deja espacio antes de los puntos suspensivos
 # (Real Academia dixit) :)
 # Tomo nota :-). Este comentario déjalo siempre.
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Adelante, teclee su mensaje...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "URL de política de certificado inválida\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "URL de política inválida\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "la URL del servidor de claves preferido no es válida\n"
@@ -3543,7 +3442,7 @@ msgstr "|FILE|tomar las claves del anillo FILE"
 msgid "make timestamp conflicts only a warning"
 msgstr "hacer que los conflictos de fecha-hora sean sólo un aviso"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|escribe información de estado en este descriptor de fichero"
 
@@ -3589,128 +3488,140 @@ msgid "do not update the trustdb after import"
 msgstr "no actualiza la base de datos de confianza después de importar"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "habilitar soporte de putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "mostrar la clave durante la importación"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "mostrar la clave durante la importación"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "sólo aceptar actualizaciones de claves ya existentes"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "borrar partes inútiles de la clave después de importar"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "borrar tanto como sea posible de la clave tras importar"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "ejecutar filtros de importación y exportar clave inmediatamente"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "asumir entrada en formato de backup de clave GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "reparar claves al importar"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "omitiendo bloque de tipo %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu claves procesadas hasta ahora\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Cantidad total procesada: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      omitidas las claves PGP-2: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      omitidas nuevas claves: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          sin identificador: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              importadas: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             sin cambios: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          nuevos identificativos: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           nuevas subclaves: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        nuevas firmas: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   nuevas revocaciones de claves: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      claves secretas leídas: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  claves secretas importadas: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " claves secretas sin cambios: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          no importadas: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    firmas limpiadas: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      IDs de usuario limpiados: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3719,169 +3630,175 @@ msgstr ""
 "AVISO: la clave %s contiene preferencias para algoritmos\n"
 "no disponibles en estos IDs de usuario:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": algoritmo de cifrado preferido %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": algoritmo de cifrado preferido %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": algoritmo de resumen preferido %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": algoritmo de compresión preferido %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "se recomienda encarecidamente que actualice sus preferencias y\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "redistribuya esta clave para evitar potenciales problemas de\n"
 "diferencias en los algoritmos.\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "puede actualizar sus preferencias con: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "clave %s: sin identificador de usuario\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "clave %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "rechazado por el filtro de importación"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "clave %s: reparada la subclave PKS corrompida\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "clave %s: aceptado ID de usuario sin autofirma \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "clave %s: sin identificadores de usuario válidos\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "esto puede ser debido a la ausencia de autofirma\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "clave %s: clave pública no encontrada: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "clave %s: clave nueva - omitida\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "anillo de claves no escribible encontrado: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "error escribiendo anillo '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "clave %s: clave pública \"%s\" importada\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "clave %s: no coincide con nuestra copia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "clave %s: \"%s\" 1 ID de usuario nuevo\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "clave %s: \"%s\" %d nuevos identificadores de usuario\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "clave %s: \"%s\" 1 firma nueva\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "clave %s: \"%s\" %d firmas nuevas\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "clave %s: \"%s\" 1 subclave nueva\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "clave %s: \"%s\" %d subclaves nuevas\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "clave %s: \"%s\" %d firmas limpiadas\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "clave %s: \"%s\" %d firmas limpiadas\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "clave %s: \"%s\" %d identificador de usuario limpiado\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "clave %s: \"%s\" %d identificadores de usuario limpiados\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "clave %s: \"%s\" sin cambios\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "clave %s: clave secreta importada\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "clave %s: clave secreta ya existe\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "clave %s: error enviando al agente: %s\n"
@@ -3894,201 +3811,208 @@ msgstr "clave %s: error enviando al agente: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "Para migrar '%s', para cada smartcard ejecuta: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "clave secreta %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "no se permite importar claves secretas\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "clave %s: clave secreta con cifrado incorrecto %d - omitida\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "No se dio ninguna razón"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "La clave ha sido reemplazada"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "La clave ha sido comprometida"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "La clave ya no está en uso"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "El identificador de usuario ya no es válido"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "razón para la revocación: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "comentario a la revocación: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "clave %s: falta la clave pública - imposible emplear el\n"
 "certificado de revocación\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "clave %s: no puede localizarse el bloque de claves original: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "clave %s: no puede leerse el bloque de claves original: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "clave %s: certificado de revocación inválido: %s - rechazado\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "clave %s: \"%s\" certificado de revocación importado\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "clave %s: no hay identificador de usuario para la firma\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "clave %s: algoritmo de clave pública no disponible para ID \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "clave %s: autofirma inválida para el id \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "clave %s: algoritmo de clave pública no disponible\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "clave %s: firma directa de clave inválida\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "clave %s: no hay subclave que unir a la clave\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "clave %s: unión de subclave inválida\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "clave %s: borrado enlace de subclaves múltiples\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "clave %s: no hay subclave para la revocación de clave\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "clave %s: revocación de subclave inválida\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "clave %s: borrada revocación de subclave múltiple\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "clave %s: omitido ID de usuario \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "clave %s: subclave omitida\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "clave %s: firma no exportable (clase 0x%02X) - omitida\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "clave %s: certificado de revocación en lugar equivocado - omitido\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "clave %s: certificado de revocación no valido: %s - omitido\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "clave %s: firma de subclave en lugar equivocado - omitida\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "clave %s: firma de clase (0x%02X) inesperada - omitida\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "clave %s: detectado usuario duplicado - fusionada\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "clave %s: detectado usuario duplicado - fusionada\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "AVISO: la clave %s puede estar revocada: recuperando clave de revocación %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVISO: la clave %s puede estar revocada: falta clave de revocación %s.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "clave %s: \"%s\" certificado de revocación añadido\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "clave %s: firma directa de clave añadida\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "error al reservar memoria: %s\n"
@@ -4112,13 +4036,13 @@ msgstr "la tarjeta no permite usar el algoritmo de resumen %s\n"
 msgid " (reordered signatures follow)"
 msgstr "revoca firmas"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s:\n"
 msgstr "omitido \"%s\": %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
@@ -4126,21 +4050,21 @@ msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "ID de usuario \"%s\": %d firma borrada\n"
 msgstr[1] "ID de usuario \"%s\": %d firma borrada\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 firma no comprobada por falta de una clave\n"
 msgstr[1] "%d firmas no comprobadas por falta de claves\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d firma incorrecta\n"
 msgstr[1] "%d firmas incorrectas\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4148,44 +4072,39 @@ msgid_plural "%d signatures reordered\n"
 msgstr[0] "Firma correcta de"
 msgstr[1] "Firma correcta de"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "error al crear caja de claves '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "error al crear anillo '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "caja de claves '%s' creada\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "anillo '%s' creado\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "recurso de bloque de claves '%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "error al abrir base de datos de claves: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "fallo reconstruyendo caché del anillo de claves: %s\n"
@@ -4198,7 +4117,7 @@ msgstr "[revocación]"
 msgid "[self-signature]"
 msgstr "[autofirma]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4210,12 +4129,12 @@ msgstr ""
 "pasaportes, comprobando huellas dactilares en diferentes fuentes...)\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Confío un poco\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Confío totalmente\n"
@@ -4245,12 +4164,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "ID de usuario \"%s\" revocado."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "¿Seguro que todavía quiere firmarlo? (s/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Imposible firmar.\n"
 
@@ -4423,188 +4342,192 @@ msgstr "He comprobado esta clave meticulosamente.\n"
 msgid "Really sign? (y/N) "
 msgstr "¿Firmar de verdad? (s/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "firma fallida: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "La clave tiene sólo un apuntador u objetos de clave en la propia tarjeta\n"
 "- no hay frase contraseña que cambiar.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "clave %s: error al cambiar frase contraseña: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "graba y sale"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "muestra huella digital de la clave"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "mostrar el keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "lista clave e identificadores de usuario"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "selecciona identificador de usuario N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "selecciona subclave N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "comprueba firmas"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "firmar IDs seleccionadas [* ver debajo órdenes relacionadas]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "firma localmente los IDs de usuarios elegidos"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "firmar IDs seleccionados con firma de confianza"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "firmar IDs seleccionados con firma no revocable"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "añadir un identificador de usuario"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "añadir un ID fotográfico"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "borrar identificadores de usuario seleccionados"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "añadir una subclave"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "añadir clave a tarjeta"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "mover una clave a la tarjeta"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "mover una clave de respaldo a la tarjeta"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "borrar clave secundaria"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "añadir una clave de revocación"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "borrar firmas de los ID seleccionados"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "cambiar la fecha de caducidad para la clave o subclaves seleccionadas"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "marcar ID de usuario seleccionado como primario"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "mostrar preferencias (experto)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "mostrar preferencias (prolijo)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "establecer preferencias para todos los ID seleccionados"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "establecer URL del servidor de claves preferido por los IDs elegidos"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "establecer notación para los IDs de usuario seleccionados"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "cambia la frase contraseña"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "cambia valores de confianza"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revocar firmas de los identificadores seleccionados"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revocar los identificadores seleccionados"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revoca clave o subclaves seleccionadas"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "habilita clave"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "deshabilita clave"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "mostrar fotos de los ID seleccionados"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "compactar IDs inutilizables y borrar firmas inutilizables de la clave"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "compactar IDs inutilizables y borrar todas las firmas de la clave"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Clave secreta disponible.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Subclaves secretas disponibles.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Se necesita la clave secreta para hacer esto.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4615,291 +4538,296 @@ msgstr ""
 "locales (lsign), una 't' para firmas fiables (tsign), 'nr' para firmas no\n"
 "revocables (nrsign) o cualquier combinación de ellas (ltsign, tnrsign, etc)\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "La clave está revocada."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr ""
 "¿Firmar realmente todos los identificadores de usuario que son sólo texto? "
 "(s/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "¿Firmar realmente todos los IDs de usuario? (s/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Sugerencia: seleccione los identificadores de usuario que firmar\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Clase de firma desconocida '%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Esta orden no se permite en modo %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Debe seleccionar por lo menos un identificador de usuario.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Use la orden '%s')\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "¡No puede borrar el último identificador de usuario!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "¿Borrar realmente todos los identificadores seleccionados? (s/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "¿Borrar realmente este identificador de usuario? (s/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "¿Realmente cambiar de sitio la clave primaria? (s/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Debe seleccionar exactamente una clave.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "La orden espera un nombre de fichero como argumento\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "No se puede abrir '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Error al leer clave de respaldo desde '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Debe seleccionar por lo menos una clave.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "¿De verdad quiere borrar las claves seleccionadas? (s/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "¿De verdad quiere borrar esta clave? (s/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "¿Revocar realmente todos los identificadores seleccionados? (s/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "¿Revocar realmente este identificador de usuario? (s/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "¿De verdad quiere revocar la clave completa? (s/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "¿De verdad quiere revocar las subclaves seleccionadas? (s/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "¿De verdad quiere revocar esta subclave? (s/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "La confianza del propietario no puede establecerse si se está usando\n"
 "una base de datos de confianza propocionada por el usuario\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Establecer lista de preferencias a:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "¿Actualizar realmente las preferencias para los ID seleccionados? (s/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "¿Actualizar realmente las preferencias? (s/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "¿Grabar cambios? (s/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "¿Salir sin grabar? (s/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Clave sin cambios, no se necesita actualización.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "no se puede revocar el último identificador de usuario válido\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "la revocación del identificador de usuario ha fallado: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "la configuración del ID de usuario primario ha fallado: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" no es una huella digital\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr ""
 "\"%s\" no es la huella digital primaria\n"
 "\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Identificador de usuario '%s' no válido : %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "No coincide con ningún identificador de usuario."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nada que firmar.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "No está firmado por usted.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "la comprobación de la firma creada falló: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' no es una fecha de caducidad válida\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\" no es una huella digital válida\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "subclave \"%s\" no encontrada\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Resumen: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Características: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Sevidor de claves no-modificar"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Servidor de claves preferido: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notaciones: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "No hay preferencias en un identificador de usuario estilo PGP 2.x\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "La siguiente clave fue revocada en %s por %s clave %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Esta clave puede ser revocada por %s clave %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(confidencial)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "creado: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "revocada: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "caducó: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "caduca: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "uso: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "num. tarjeta: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "confianza: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validez: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Esta clave está deshabilitada"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4907,17 +4835,17 @@ msgstr ""
 "Ten en cuenta que la validez de clave mostrada no es necesariamente\n"
 "correcta a menos de que reinicies el programa.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "revocada"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "caducada"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4926,17 +4854,17 @@ msgstr ""
 "AVISO: ningún ID de usuario está marcado como principal. Esta orden puede\n"
 "       causar que se tome como principal por defecto otro ID de usuario.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "AVISO: Tu subclave de cifrado caduca pronto.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Puede que también quieras cambiar su fecha de caducidad.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4945,72 +4873,72 @@ msgstr ""
 "AVISO: esta es una clave de tipo PGP2. Añadir un ID fotográfico puede\n"
 "hacer que algunas versiones de PGP rechacen esta clave.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "¿Está seguro de querer añadirla? (s/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "No puede añadir un ID fotográfico a una clave tipo PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "¡Ese ID de usuario ya existe en esta clave!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "¿Borrar esta firma correcta? (s/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "¿Borrar esta firma inválida? (s/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "¿Borrar esta firma desconocida? (s/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "¿Borrar realmente esta autofirma? (s/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d firma borrada.\n"
 msgstr[1] "%d firmas borradas.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "No se borró nada\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "inválida"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "ID de usuario \"%s\" compactado: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "ID de usuario \"%s\": %d firma borrada\n"
 msgstr[1] "ID de usuario \"%s\": %d firmas borradas\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "ID de usuario \"%s\": ya minimizado\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "ID de usuario \"%s\" ya limpiado\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5019,41 +4947,41 @@ msgstr ""
 "AVISO: esta es una clave tipo PGP2. Añadir un revocador designado puede\n"
 "       hacer que algunas versiones de PGP rechacen esta clave.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "No puede añadir un revocador designado a una clave tipo PGP2.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Introduzca el ID de usuario del revocador designado: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "no se puede elegir una clave tipo PGP 2.x como revocador designado\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "no puede elegir una clave como su propio revocador designado\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "esta clave ya ha sido designada como revocadora\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "¡AVISO: no podrá deshacer la elección de clave como revocador designado!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "¿Está seguro de querer elegir esta clave como revocador designado? (s/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
@@ -5061,232 +4989,238 @@ msgstr ""
 "¿Está seguro de querer cambiar la fecha de caducidad para multiples "
 "subclaves? (s/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Cambiando fecha de caducidad de subclave.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Cambiando caducidad de clave primaria.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Cambiando el uso de una subclave.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Cambiando uso de clave primaria.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "la subclave de firmado %s ya está certificada en cruz\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "la subclave %s no firma y así no necesita ser certificada en cruz\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Por favor seleccione exactamente un identificador de usuario.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "omitiendo autofirma V3 para el id \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Introduzca la URL de su servidor de claves preferido: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "¿Seguro que quiere reemplazarlo? (s/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "¿Seguro que quiere borrarlo? (s/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Introduzca la notación: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "¿Continuar? (s/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "No hay ningún identificador de usuario con el índice %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "No hay ID de usuario con hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "No existe una subclave con ID de usuario '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "No existe una subclave con índice %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID de usuario: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "firmada con su clave %s el %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (no exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Esta firma caducó el %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "¿De verdad quiere revocarla? (s/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Ha firmado estos IDs de usuario con la clave %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (no revocable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "revocada por la clave %s el %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Va a revocar las siguientes firmas:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "¿Crear los certificados de revocación realmente? (s/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "no hay clave secreta\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "ha intentado revocar una ID no de usuario: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "ID de usuario \"%s\" ya ha sido revocado\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "AVISO: un ID de usuario tiene fecha %d segundos en el futuro\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "No se puede revocar el último identificador de usuario válido\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "La clave %s ya ha sido revocada.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "La subclave %s ya ha sido revocada.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Mostrando ID fotográfico %s de tamaño %ld para la clave %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "parámetro incorrecto para la opción '%s'\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preferencia '%s' duplicada\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "demasiadas preferencias de cifrado\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "demasiadas preferencias de resumen\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "demasiadas preferencias de compresión\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "demasiadas preferencias de cifrado\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "item incorrecto '%s' en cadena de preferencias\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "escribiendo firma directa\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "escribiendo autofirma\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "escribiendo la firma de comprobación de clave\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "tamaño de clave incorrecto; se usarán %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "tamaño de clave redondeado a %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5294,19 +5228,19 @@ msgstr ""
 "AVISO: ciertos programas OpenPGP no usan claves DSAcon resúmenes de este "
 "tamaño\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Firma"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certificar"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Cifrado"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentificación"
 
@@ -5320,162 +5254,182 @@ msgstr "Autentificación"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "FfCcAaSs"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Posibles accriones para una %s clave: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Acciones permitidas actualmente: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Conmutar la capacidad de firmar\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Conmutar la capacidad de cifrado\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Conmutar la capacidad de autenticación\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Acabado\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA y RSA (por defecto)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA y ElGamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (sólo firmar)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (sólo firmar)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (sólo cifrar)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (sólo cifrar)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (permite elegir capacidades)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (permite elegir capacidades)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC y ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (firmar y cifrar)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr "(por defecto)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (sólo firmar)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) ECC (permite elegir capacidades)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) ECC (sólo cifrar)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Clave existente\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Clave existente de la tarjeta\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Introduzca keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "No es un keygrip válido (se esperaban 40 dígitos hex)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "No hay claves con ese keygrip\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "error al leer la tarjeta: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Número de serie de la tarjeta: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Claves disponibles:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "redondeados a %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "las claves %s pueden tener entre %u y %u bits de longitud.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "¿De qué tamaño quiere la subclave? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "El tamaño requerido es de %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Seleccione el tipo de curva elíptica deseado:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5491,7 +5445,7 @@ msgstr ""
 "      <n>m = la clave caduca en n meses\n"
 "      <n>y = la clave caduca en n años\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5507,38 +5461,38 @@ msgstr ""
 "      <n>m = la clave caduca en n meses\n"
 "      <n>y = la clave caduca en n años\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "¿Validez de la clave (0)? "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Clave válida ¿durante? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valor inválido\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "La clave nunca caduca\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "La firma nunca caduca\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "La clave caduca %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "La firma caduca el %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5546,11 +5500,11 @@ msgstr ""
 "Su sistema no puede mostrar fechas más allá del 2038.\n"
 "Sin embargo funcionará correctamente hasta el 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "¿Es correcto? (s/n) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5564,7 +5518,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5580,49 +5534,49 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nombre y apellidos: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Caracter inválido en el nombre\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Los caracteres '%s' y '%s' no pueden aparecer en el nombre\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "El nombre no puede empezar con un número\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "El nombre debe tener al menos 5 caracteres\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Dirección de correo electrónico: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Dirección inválida\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comentario: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Caracter inválido en el comentario\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Está usando el juego de caracteres '%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5633,7 +5587,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Por favor no ponga la dirección de correo-e en el nombre real o en el "
@@ -5650,31 +5604,31 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcDdVvSs"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (S)alir? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (V)ale/(S)alir? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "¿Cambia (N)ombre, (D)irección o (S)alir? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "¿Cambia (N)ombre, (D)irección o (V)ale/(S)alir? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Por favor corrija primero el error.\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5687,13 +5641,13 @@ msgstr ""
 "generador de números aleatorios mayor oportunidad de recoger suficiente\n"
 "entropía.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Creación de la clave fallida: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5704,64 +5658,64 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "¿Continuar? (S/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Ya existe una clave para \"%s\"\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "¿Crear de todas formas?(s/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "creando de todas formas\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "Nota: Usa \"%s %s\" para el diálogo completo de generación de clave.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Creación de claves cancelada.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "no se puede crear fichero de respaldo '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "NOTA: copia de seguridad de la clave guardada en '%s'\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "escribiendo clave pública en '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "anillo público de claves no escribible encontrado: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "error al escribir en el anillo público '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "claves pública y secreta creadas y firmadas.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5769,7 +5723,7 @@ msgstr ""
 "Tenga en cuenta que esta clave no puede ser usada para cifrar. Puede usar\n"
 "la orden \"--edit-key\" para crear una subclave con este propósito.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5777,7 +5731,7 @@ msgstr ""
 "clave pública creada %lu segundos en el futuro (salto en el tiempo o\n"
 "problemas con el reloj)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5785,623 +5739,627 @@ msgstr ""
 "clave pública creada %lu segundos en el futuro (salto en el tiempo o\n"
 "problemas con el reloj)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "Atención: crear subclaves para claves V3 no sigue el estándar OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Las partes secretas de la clave primaria no están disponibles.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Las partes secretas de la clave primaria se guardan en la tarjeta.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "¿Crear de verdad? (s/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "nunca     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Política de firmas críticas: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Política de firmas: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Servidor de claves crítico preferido: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notación de firmas críticas: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notación de firma: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d firma correcta\n"
 msgstr[1] "%d firmas correctas\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 firma no comprobada por causa de un error\n"
 msgstr[1] "%d firmas no comprobadas por causa de errores\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Advertencia: clave %lu no usada por su gran tamaño\n"
 msgstr[1] "Advertencia: claves %lu no usadas por su gran tamaño\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Anillo de claves"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Huellas dactilares de la clave primaria:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Huella de subclave:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Huella clave primaria:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Huella de subclave:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Huella de clave ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Número de serie de la tarjeta ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "memorizando anillo '%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu clave memorizada hasta ahora (%lu firmas)\n"
 msgstr[1] "%lu claves memorizadas hasta ahora (%lu firmas)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu clave memorizada"
 msgstr[1] "\t%lu claves memrizadas"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu firma)\n"
 msgstr[1] " (%lu firmas)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: anillo creado\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "pasar por encima las opciones de proxy configuradas para dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "incluir claves revocadas en resultados de la búsqueda"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "incluir subclaves al buscar por ID de clave"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "pasar por encima las opciones de timeout configuradas para dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "recuperar automáticamente claves al verificar firmas"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "usar la URL de servidor de claves preferido presente en la clave"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "usar el registro PKA presente en una clave al recuperar claves"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "deshabilitado"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Introduzca número(s), O)tro, o F)in > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "protocolo del servidor de claves inválido (us %d!=handler %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" no es un identificador de clave válido: omitido\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "renovando %d clave desde %s\n"
 msgstr[1] "renovando %d claves desde %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVISO: no se puede renovar la clave %s a traves de %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "clave \"%s\" no encontrada en el servidor\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "clave no encontrada en el servidor\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "solicitando clave %s de %s servidor %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "solicitando clave %s de %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "ningún servidor de claves conocido\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "omitido \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "enviando clave %s a %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "solicitando clave de %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVISO: imposible recuperar URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "tamaño anormal para una clave de sesión cifrada (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s clave de sesión cifrada\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "cifrado con algoritmo desconocido %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "frase contraseña generada con algoritmo de resumen desconocido %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "la clave pública es %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "datos cifrados con la clave pública: DEK correcta\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "cifrado con clave de %u bits %s, ID %s, creada el %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "cifrado con clave %s, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "descifrado de la clave pública fallido: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "AVISO: se observan varios textos en claro\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "cifrado con %lu frases contraseña\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "cifrado con 1 frase contraseña\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "descifrado de la clave pública fallido: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "datos cifrados con la clave pública: DEK correcta\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "suponiendo %s datos cifrados\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "cifrado IDEA no disponible, confiadamente intentamos usar %s en su lugar\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "ATENCIÓN: la intgridad del mensaje no está protegida\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "descifrado fallido: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "descifrado correcto\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "ATENCIÓN: ¡el mensaje cifrado ha sido manipulado!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "descifrado fallido: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Atención: el remitente solicitó \"sólo-para-tus-ojos\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nombre fichero original='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revocación independiente - use \"gpg --import\" para aplicarla\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "no se encontró firma\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Firma INCORRECTA de \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Firma caducada de \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Firma correcta de \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "suprimida la verificación de la firma\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "no puedo manejar estos datos ambiguos en la firma\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Firmado el %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               usando %s clave %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Firmado el %s usando clave %s ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               emisor \"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Clave disponible en: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[incierto]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                alias \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "ATENCIÓN: ¡Esta clave no se puede usar para firmar en modo %s!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Firma caducada en %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "La firma caduca el %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr ""
 "firma %s, algoritmo de resumen %s%s%s\n"
 "\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binaria"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "modotexto"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "desconocido"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", algoritmo de clave pública "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 "ADVERTENCIA: firma no separada; ¡el archivo %s NO ha sido verificado!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Imposible comprobar la firma: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "no es una firma separada\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "AVISO: detectadas múltiples firmas. Sólo la primera se comprueba.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "firma independiente de clase 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "firma al viejo estilo (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat de '%s' falló en %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) falló en %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "AVISO: usando un algoritmo de clave pública experimental %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "AVISO: las firmas Elgamal para firmar y cifrar están obsoletas\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "AVISO: usando algoritmo de cifrado experimental %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "AVISO: usando algoritmo de resumen experimental %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "AVISO: el algoritmo de resumen %s está obsoleto\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Atención: las firmas que usan el algoritmo %s son rechazadas\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "Note: signatures using the %s algorithm are rejected\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Atención: las firmas que usan el algoritmo %s son rechazadas\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(error reportado: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(error reportado: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(más información: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: opción obsoleta \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "ATENCIÓN: \"%s\" es una opción obsoleta\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "por favor use \"%s%s\" en su lugar\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "ATENCIÓN: \"%s\" es una orden obsoleta - no la use\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s:%u: opción obsoleta \"%s\"en este archivo - sólo tiene efecto en %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr ""
 "ATENCIÓN: \"%s%s\" es una opción obsoleta - no tiene efecto excepto en %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Sin comprimir"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "sin_comprimir|ninguno"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "este mensaje podría no ser utilizable por %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "opción ambigua '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "opción desconocida '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "Una clave pública ECDSA debe estar en un encoding SEC múltiplo de 8 bits\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "algoritmo débil de resumen desconocido '%s'\n"
@@ -6424,89 +6382,78 @@ msgstr "%s: sufijo desconocido\n"
 msgid "Enter new filename"
 msgstr "Introduzca nuevo nombre de fichero"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "escribiendo en stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "asumiendo que los datos firmados están en '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "no puedo manejar el algoritmo de clave pública %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "AVISO: clave de sesión cifrada simétricamente potencialmente insegura\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notación de firmas críticas: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "el subpaquete de tipo %d tiene el bit crítico activado\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problema con el agente: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Por favor escriba la nueva frase contraseña"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Introduzca frase contraseña\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "cancelado por el usuario\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ID de clave primaria %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Introduzca frase contraseña para desbloquear la clave secreta OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Introduzca frase contraseña para importar la clave secreta OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Introduzca frase contraseña para exportar la subclave secreta OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Introduzca frase contraseña para exportar la clave secreta OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "De verdad quiere borrar para siempre la subclave secreta de la clave OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "De verdad quiere borrar para siempre la clave secreta OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6521,7 +6468,7 @@ msgstr ""
 "creada el %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6535,34 +6482,79 @@ msgstr ""
 "Si usa una foto muy grande, ¡su clave será también muy grande!\n"
 "Una imagen cercana a 240x288 tiene un tamaño adecuado.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Introduzca nombre del fichero JPEG para ID fotográfico: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "Imposible abrir fichero JPEG '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "¡Este JPEG es realmente grande (%d bytes)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "¿Seguro que quiere usarlo? (s/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s' no es un fichero JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "¿Es correcta la foto? (s/n) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "no es posible ejecutar programas remotos\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"esta plataforma necesita ficheros temporales para llamar a programas "
+"externos\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "no se puede ejecutar el intérprete de órdenes '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "el programa externo finalizó anormalmente\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "error del sistema llamando al programa externo: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVISO: no se puede borrar fichero temporal (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVISO: no se puede borrar el directorio temporal '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"llamadas a programas externos inhabilitadas por permisos inseguros de "
+"ficheros.\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "¡no puedo mostrar ID fotográfico!\n"
@@ -6577,54 +6569,54 @@ msgstr "¡no puedo mostrar ID fotográfico!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "No hay confianza definida para:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  alias \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "¿Qué seguridad tiene de que esta clave pertenece realmente al usuario\n"
 "que se nombra?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = No lo sé o prefiero no decirlo\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = NO tengo confianza\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = confío absolutamente\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = volver al menú principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = saltar esta clave\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = salir\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6633,48 +6625,48 @@ msgstr ""
 "El mínimo nivel de confianza para esta clave es: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "¿Su decisión? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "¿De verdad quiere asignar absoluta confianza a esta clave? (s/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificados que llevan a una clave de confianza absoluta:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: No hay seguridad de que esta clave pertenezca realmente\n"
 "al usuario que se nombra\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Hay poca seguridad de que esta clave pertenezca realmente\n"
 "al usuario que se nombra\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Esta clave probablemente pertenece al usuario que se nombra\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Esta clave nos pertenece\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: ¡Esta clave es mala! ¡Está marcada como no confiable!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6684,7 +6676,7 @@ msgstr ""
 "lo que está haciendo,\n"
 "puede contestar sí a la siguiente pregunta.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6694,95 +6686,121 @@ msgstr ""
 "identificador de usuario. Si *realmente* sabe lo que está haciendo,\n"
 "puede contestar sí a la siguiente pregunta.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "¿Usar esta clave de todas formas? (s/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "ATENCIÓN: ¡Usando una clave no fiable!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "AVISO: la clave puede estar revocada (falta clave de revocación)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "ID de usuario: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr ""
+"se ha dado la opción %s, pero no se ha dado la opción '%s'\n"
+"\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "clave %s: no coincide con nuestra copia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr ""
+"se ha dado la opción %s, pero no se ha dado la opción '%s'\n"
+"\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 "ATENCIÓN: ¡Esta clave ha sido revocada por la persona designada\n"
 "como revocador!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "ATENCIÓN: ¡Esta clave ha sido revocada por su propietario!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Esto puede significar que la firma está falsificada.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "ATENCIÓN: ¡Esta clave ha sido revocada por su propietario!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: Esta clave está deshabilitada.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Nota: la dirección del firmante verificado es '%s'\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Nota: la dirección del firmante '%s' no coincide con la entrada DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "nivel de confianza puesto a TOTAL (información PKA válida)\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "nivel de confianza puesto a NUNCA (información PKA inválida)\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Nota: ¡Esta clave ha caducado!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         No hay indicios de que la firma pertenezca al propietario.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ATENCIÓN: ¡Esta clave NO es de confianza!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         La firma es probablemente una FALSIFICACIÓN.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"ATENCIÓN: ¡Esta clave no está certificada con firmas de suficiente "
+"confianza!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -6790,56 +6808,56 @@ msgstr ""
 "ATENCIÓN: ¡Esta clave no está certificada con firmas de suficiente "
 "confianza!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         No es seguro que la firma pertenezca al propietario.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: omitido: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: omitida: clave pública deshabilitada\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: omitida: clave pública ya presente\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr ""
 "no se puede cifrar a '%s'\n"
 "\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr ""
 "se ha dado la opción %s, pero no se han dado claves predeterminadas válidas\n"
 "\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr ""
 "se ha dado la opción %s, pero no se ha dado la opción '%s'\n"
 "\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "No ha especificado un ID de usuario (puede usar \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Destinatarios actuales:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6847,40 +6865,40 @@ msgstr ""
 "\n"
 "Introduzca ID de usuario. Acabe con una línea vacía: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "ID de usuario inexistente.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "omitida: clave pública ya designada como destinataria por defecto\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Clave pública deshabilitada.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "omitida: clave pública ya establecida\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "desconocido el destinatario predefinido \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "no hay direcciones válidas\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Nota: la clave %s no usa %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Nota: clave %s no tiene preferencias para %s\n"
@@ -6890,76 +6908,82 @@ msgstr "Nota: clave %s no tiene preferencias para %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "datos no grabados; use la opción \"--output\" para grabarlos\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Firma separada.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Introduzca el nombre del fichero de datos: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "leyendo stdin...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "no hay datos firmados\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "imposible abrir datos firmados '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "imposible abrir datos firmados fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "la clave %s no se puede usar para cifrar en modo %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinatario anónimo; probando clave secreta %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "la clave %s no se puede usar para cifrar en modo %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "de acuerdo, somos el destinatario anónimo.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "la antigua codificación de la DEK no puede usarse\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "algoritmo de cifrado %d%s desconocido o desactivado\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTA: el cifrado %s no aparece en las preferencias del receptor\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTA: clave secreta %s caducó el %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "NOTA: la clave ha sido revocada"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "construcción del paquete fallida: %s\n"
@@ -6977,37 +7001,37 @@ msgstr "Será revocado por:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Este es una clave de revocación confidencial)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Clave secreta no disponible.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "se fuerza salida con armadura ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet falló: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Certificado de revocación creado.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "no se encuentran claves de revocación para \"%s\"\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Este es un certificado de revocación para la clave OpenPGP:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7018,7 +7042,7 @@ msgstr ""
 "públicamente que una clave no debería usarse más. No es posible deshacer\n"
 "un certificado de este tipo una vez que se publica."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7034,7 +7058,7 @@ msgstr ""
 "\"\n"
 "en el manual GnuPG."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7045,12 +7069,12 @@ msgstr ""
 "con un editor de texto antes de importar y publicar este certificado\n"
 "de revocación."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "certificado de revocación guardado como '%s.rev'\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "clave secreta \"%s\" no encontrada\n"
@@ -7063,16 +7087,16 @@ msgstr "clave secreta \"%s\" no encontrada\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "'%s' coincide con varias claves secretas:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "error buscando el anillo de claves: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7091,37 +7115,37 @@ msgstr ""
 "de impresión de su máquina podría almacenar los datos y hacerlos accesibles\n"
 "a otras personas!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Por favor elija una razón para la revocación:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancelar"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Probablemente quería seleccionar %d aquí)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Introduzca una descripción opcional; acábela con una línea vacía:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Razón para la revocación: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(No se dió descripción)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "¿Es correcto? (s/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "creada clave débil - reintentando\n"
@@ -7133,64 +7157,59 @@ msgstr ""
 "¡imposible evitar clave débil para cifrado simétrico después de %d "
 "intentos!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "la clave %s %s usa un hash inseguro (de %zu bits)\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "la clave %s %s requiere un resumen de %zu bits o mayor (el resumen es de "
 "%s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "no puede usar la clave %s para firmar en modo %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "AVISO: conflicto con el resumen de la firma del mensaje\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "no puede usar la clave %s para firmar en modo %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "AVISO: la subclave de firmado %s no tiene certificado cruzado\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "por favor vea %s para más información\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVISO: la subclave de cifrado %s tiene un certificado cruzado inválido\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "la clave pública %s es %lu segundo más nueva que la firma\n"
 msgstr[1] "la clave pública %s es %lu segundos más nueva que la firma\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "la clave pública %s es %lu día más nueva que la firma\n"
 msgstr[1] "la clave pública %s es %lu días más nueva que la firma\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7203,7 +7222,7 @@ msgstr[1] ""
 "la clave %s fue creada %lu segundos en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7215,51 +7234,51 @@ msgstr[1] ""
 "la clave %s fue creada %lu segundos en el futuro (viaje en el tiempo\n"
 "o problemas con el reloj)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTA: clave de firmado %s caducada el %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "firma incorrecta de la clave %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "firma incorrecta de la clave %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "asumiendo firma incorrecta de la clave %s por un bit crítico desconocido\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "clave %s: no hay subclave para la firma de revocación de subclave\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "clave %s: no hay subclave para firma de subclave de enlace\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVISO: no puedo expandir el %%- de la url de política . Se usa sin "
 "expandir.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7267,7 +7286,7 @@ msgstr ""
 "AVISO: no puedo expandir el %%- de la url de política (demasiado larga).\n"
 "Se usa sin expandir.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7276,12 +7295,12 @@ msgstr ""
 "AVISO: no puedo expandir el %%- de la URL del servidor de claves\n"
 "preferido. Se usa sin expandir.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s firma de: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7289,37 +7308,38 @@ msgstr ""
 "AVISO: forzar el algoritmo de resumen %s (%d) va en contra de las\n"
 "preferencias del destinatario\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "firmando:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "se usará un cifrado %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "clave no marcada como insegura - no puede usarse con el pseudo RNG\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "\"%s\" omitido: duplicado\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "omitido: clave secreta ya presente\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "¡esta es una clave ElGamal generada por PGP que NO es segura para firmar!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "registro de confianza %lu, tipo %d: fallo escritura: %s\n"
@@ -7333,43 +7353,43 @@ msgstr ""
 "# Lista de valores de confianza asignados, creada %s\n"
 "# (Use \"gpg --import-ownertrust\" para restablecerlos)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "error en '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "línea demasiado larga"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "falta una coma"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "huella digital no válida"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "falta el valor de confianza"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "error intentando encontrar el registro de confianza en '%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "error de lectura '%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de datos de confianza: fallo sincronización: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "no se puede crear el bloqueo para '%s'\n"
@@ -7379,12 +7399,12 @@ msgstr "no se puede crear el bloqueo para '%s'\n"
 msgid "can't lock '%s'\n"
 msgstr "no se puede bloquear '%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "registro base de datos de confianza %lu: lseek fallido: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
@@ -7400,7 +7420,7 @@ msgstr "transacción en la base de datos de confianza demasiado grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ¡el directorio no existe!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "no se puede acceder a '%s': %s\n"
@@ -7441,7 +7461,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: error actualizando el registro de versión: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: error al leer registro de versión: %s\n"
@@ -7451,52 +7471,52 @@ msgstr "%s: error al leer registro de versión: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: error escribiendo registro de versión: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de datos de confianza: fallo lseek: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de datos de confianza: error lectura (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: no es una base de datos de confianza\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: registro de versión con número de registro %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versión del fichero %d inválida\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: error al leer registro libre: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: error escribiendo registro de directorio: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: fallo en poner a cero un registro: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: fallo al añadir un registro: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Error: base de datos de confianza corrupta.\n"
@@ -7536,10 +7556,10 @@ msgstr "version de base de datos TOFU no soportada: %s\n"
 msgid "TOFU DB error"
 msgstr "Error de la base de datos de TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "error al leer la base de datos TOFU: %s\n"
@@ -7559,7 +7579,7 @@ msgstr "error iniciando base de datos TOFU: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "error al abrir base de datos TOFU '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "error al actualizar la base de datos TOFU: %s\n"
@@ -7738,85 +7758,85 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr "Por defecto elegiremos desconocido.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Detectada corrupción en la base de datos TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "error al cambiar la política TOFU: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~año"
 msgstr[1] "%lld~años"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~mes"
 msgstr[1] "%lld~meses"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~semana"
 msgstr[1] "%lld~semanas"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~día"
 msgstr[1] "%lld~días"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~hora"
 msgstr[1] "%lld~horas"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~minuto"
 msgstr[1] "%lld~minutos"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~segundo"
 msgstr[1] "%lld~segundos"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Verificadas 0~firmas y cifrados 0~mensajes."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Verificadas 0 firmas."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Cifrados 0 mensajes."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(política: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7824,7 +7844,7 @@ msgstr ""
 "Advertencia: ¡Todavía no hemos visto ningún mensaje firmado con esta clave e "
 "identificador de usuario/a!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7832,17 +7852,17 @@ msgstr ""
 "Advertencia: ¡sólo hemos visto un mensaje firmado con esta clave e "
 "identificador de usuario!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Advertencia: ¡todavía no has cifrado ningún mensaje para esta clave!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Advertencia: ¡sólo has cifrado un mensaje para esta clave!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7871,139 +7891,139 @@ msgstr[1] ""
 "  %s\n"
 "para marcarla como mala.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "error al abrir base de datos TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "ADVERTENCIA: Cifrando para %s, que no tiene ningún identificador de usuario "
 "no revocado\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' no es un identificador largo de clave válido\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "clave %s: aceptada como clave fiable\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "la clave %s aparece más de una vez en la base de datos de confianza\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "clave %s: clave fiable sin clave pública - omitida\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "clave %s marcada como de confianza absoluta\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "registro de confianza %lu, petición tipo %d: fallo lectura: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "registro de confianza %lu no es del tipo requerido %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 "Puede intentar recrear la base de datos de confianza usando las órdenes:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Si eso no funciona, por favor consulte el manual\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "imposible usar modelo de confianza (%d) - asumiendo el modelo %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "usando %s como modelo de confianza\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "no es necesaria una comprobación de la base de datos de confianza\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "siguiente comprobación de base de datos de confianza el: %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 "no es necesaria una comprobación de la base de datos de confianza\n"
 "con el modelo de confianza '%s'\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "no es necesario comprobar la base de datos de confianza\n"
 "con el modelo '%s'\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "clave pública %s no encontrada: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "por favor haga un --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "comprobando base de datos de confianza\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%d clave procesada"
 msgstr[1] "%d claves procesadas"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (%d validación de cuenta borrada)\n"
 msgstr[1] " (%d validaciones de cuenta borradas)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "no se encuentran claves absolutamente fiables\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "clave pública de la clave absolutamente fiable %s no encontrada\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8011,30 +8031,30 @@ msgstr ""
 "nivel: %d  validez: %3d  firmada: %3d  confianza: %d-, %dq, %dn, %dm, %df, "
 "%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "no se puede actualizar el registro de la versión de la base de datos\n"
 "de confianza: fallo de escritura: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "no definido"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "nunca"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "dudosa"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "total"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "absoluta"
 
@@ -8046,39 +8066,39 @@ msgstr "absoluta"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "13 no apto para supersticiosos"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[  revocada ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[  caducada ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[desconocida]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[no definida]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[ nunca ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[   dudosa  ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[   total   ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  absoluta ]"
 
@@ -8103,19 +8123,31 @@ msgstr "la línea %u es demasiado larga o no tiene avance de línea (LF)\n"
 msgid "can't open fd %d: %s\n"
 msgstr "no se puede abrir fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "ATENCIÓN: la intgridad del mensaje no está protegida\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "opción ambigua '%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "establece los parámetros de depuración"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "habilita depuración completa"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Uso: kbxutil [opciones] [ficheros] (-h para ayuda)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8126,72 +8158,197 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNúmero: %s%%0ATitular: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Intentos disponibles: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Por favor introduzca PIN"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Por favor introduzca PIN"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Por favor introduzca PIN de Administrador"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr ""
+"|P|Por favor introduzca PIN Unblocking Code (PUK) para claves estándar."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "la función de manejo del PIN devolvió un error: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "El PIN para CHV%d es demasiado corto; longitud mínima %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "El PIN para CHV%d es demasiado corto; longitud mínima %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "la clave ya existe\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "la clave existente será reemplazada\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generando nueva clave\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "escribiendo clave nueva\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "fallo al almacenar la clave: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "la respuesta no incluye el módulo RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "la respuesta no incluye el exponente público RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "la respuesta no incluye la clave pública EC\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "por favor, espere mientras se genera la clave ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "la generación de la clave falló\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "generación de clave completada (%d segundo)\n"
+msgstr[1] "generación de clave completada (%d segundos)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "la respuesta no incluye la clave pública\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Introduzca un PIN para la clave que crea firmas cualificadas."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Por favor introduzca PIN de Administrador"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|P|Por favor introduzca PIN Unblocking Code (PUK) para claves estándar."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Por favor, introduzca PIN para claves estándar."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "falta el módulo RSA o no es de %d bits\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "falta el exponente público RSA o es mayor de %d bits\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "la función de manejo del PIN devolvió un error: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "el PIN-Nulo no ha sido cambiado\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "el PIN-Nulo no ha sido cambiado\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Por favor introduzca un nuevo PIN para las claves estándar."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|Introduzca nuevo PIN Unblocking Code (PUK) para claves estándar."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Entre un nuevo PIN para la clave que crea firmas cualificadas."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8199,7 +8356,7 @@ msgstr ""
 "|NP|Por favor introduzca un nuevo PIN Unblocking Code (PUK) para la clave "
 "que crea firmas cualificadas."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8207,47 +8364,27 @@ msgstr ""
 "|P|Introduzca el PIN Unblocking Code (PUK) para que la clave pueda crear "
 "firmas cualificadas."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "error obteniendo nuevo PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "fallo al almacenar la huella digital: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "fallo guardando la fecha de creación: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "error recuperando el estatus CHV de la tarjeta\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "la respuesta no incluye el módulo RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "la respuesta no incluye el exponente público RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "la respuesta no incluye la clave pública EC\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "la respuesta no incluye la clave pública\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "fallo al leer clave pública: %s\n"
@@ -8255,42 +8392,42 @@ msgstr "fallo al leer clave pública: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "usando PIN por defecto %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Por favor desbloquee la tarjeta"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "El PIN para CHV%d es demasiado corto; longitud mínima %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "la verificación CHV%d falló: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "¡la tarjeta está bloqueada permanentemente!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8302,20 +8439,20 @@ msgstr[1] ""
 "%d intentos quedan para PIN de administrador antes de "
 "bloquearpermanentemente la clave\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "el acceso a órdenes de administrador no está configurado\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Por favor introduzca PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Código de Reinicio demasiado corto; longitud mínima %d\n"
@@ -8323,121 +8460,79 @@ msgstr "Código de Reinicio demasiado corto; longitud mínima %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Nuevo Código de Reinicio"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nuevo PIN Administrador"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Nuevo PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Introduzca el PIN de Administrador y el Nuevo PIN de Administrador"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Por favor introduzca el PIN y el Nuevo PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "error al leer datos de la aplicación\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "error al leer huella digital DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "la clave ya existe\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "la clave existente será reemplazada\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generando nueva clave\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "escribiendo clave nueva\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "falta fecha de creación\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "el primo RSA %s falta o no es de %d bits\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "fallo al almacenar la clave: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "curva no soportada\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "por favor, espere mientras se genera la clave ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "la generación de la clave falló\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generación de clave completada (%d segundo)\n"
-msgstr[1] "generación de clave completada (%d segundos)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "estructura de la tarjeta OpenPGP inválida (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "la huella digital en la tarjeta no coincide con la solicitada\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "la tarjeta no permite usar el algoritmo de resumen %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "firmas creadas hasta ahora: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 "actualmente se prohibe verificar el PIN del Administrador con esta orden\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "no se puede acceder a %s - ¿tarjeta OpenPGP inválida?\n"
@@ -8449,59 +8544,63 @@ msgstr "||Por favor introduzca su PIN en el teclado del lector"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Nuevo PIN Inicial"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "ejecutar en modo multi servidor (primer plano)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|poner el nivel de depurado a NIVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|escribir log en FICHERO"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|conectar el lector al puerto N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|usa NOMBRE como driver ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|usa NOMBRE como driver PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "no usa el driverd del CCID interno"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|desconectar la tarjeta después de N segundos de inactividad"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "no usar el teclado del lector"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "usar input the largo variable para el pinpad"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "denegar órdenes de administración de la tarjeta"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Uso: @SCDAEMON@ [opciones] (-h para ayuda)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8509,37 +8608,31 @@ msgstr ""
 "Sintaxis: scdaemon [opciones] [orden [args]]\n"
 "Demonio de la tarjeta inteligente para @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "use la opción '--daemon' para ejecutar el programa en segundo plano\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "manejador del descriptor %d iniciado\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "manejador del descriptor %d terminado\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "error obteniendo información sobre uso de la clave: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "el certificado: %s requiere un modelo de validación"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "cadena"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8572,7 +8665,7 @@ msgstr "Nota: no se permiten políticas no críticas de certificados"
 msgid "certificate policy not allowed"
 msgstr "no se permite política de certificado"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "fallo obteniendo huella digital\n"
@@ -8587,7 +8680,7 @@ msgstr "buscando al emisor en una localización externa\n"
 msgid "number of issuers matching: %d\n"
 msgstr "numero de emisores coincidentes: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "no se ha podido obtener authorityInfoAccess: %s\n"
@@ -8607,232 +8700,232 @@ msgstr "número de certificados coincidentes: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "fallo buscando la clave sólo caché de dirmngr: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "fallo al reservar handle de keyDB\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "el certificado ha sido revocado"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "el estado del certificado es desconocido"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "por favor asegúrese de que \"dirmngr\" está bien instalado\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "la comprobación de CRL falló: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "validez del certificado incorrecta: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "el certificado aún no es válido"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "el certificado raíz no es válido aún"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "el certificado intermedio aún no es válido"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certificado caducado"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "el certificado raíz ha caducado"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "el certificado intermedio ha caducado"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "faltan los atributos requeridos del certificado: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "el certificado tiene una validez incorrecta"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "la firma no se creo durante el tiempo de validez del certificado"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "el certificado no se creo durante el tiempo de validez el emisor"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 "certificado intermedio no creado durante el tiempo de validez del emisor"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  ( firmas creadas en "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certificado creado en "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certificado válido desde "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     emisor válido desde "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "huella digital=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "certificado raíz marcado ahora como fiable\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "marcar interactivamente como fiable no está activado en gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "marcar interactivamente como fíable desactivado en esta sesión\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "AVISO: fecha de creación de firma desconocida - asumo momento actual"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "no se encuentra el emisor de este certificado"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "certificado auto firmado con firma INCORRECTA"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "el certificado raíz no está marcado como fiable"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "la comprobación de la lista de confianza falló: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "cadena de certificados demasiado larga\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "no se encuentra emisor del certificado"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "el certificado tiene una firma INCORRECTA"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "encontrado otro posible certificado de CA coincidente - reintentando"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "cadena de certificados más larga de lo que permite la CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certificado correcto\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "certificado intermedio correcto\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "certificado raíz correcto\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "cambiando al modelo en cadena"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "modelo de validación usado: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "un hash de %u bits no vale para %u bits de la clave %s\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "memoria desbordada\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(es el algoritmo MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "ninguno"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Error - codificación inválida]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Error - core]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Error - Sin nombre]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Error - DN inválido]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8847,134 +8940,145 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "created %s, expires %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "no se especifica uso de la clave - asumiendo todos los usos\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error obteniendo información sobre uso de la clave: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "el certificado no debería haberse usado para certificar\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "el certificado no debería haberse usado para firma en respuesta OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "el certificado no debería haberse usado para cifrar\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "el certificado no debería haberse usado para firmar\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "el certificado no es utilizable para cifrar\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "el certificado no es utilizable para firmar\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "busca un certificado"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "línea %d: algoritmo inválido\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "línea %d: longitud de clave inválida %u (válidas de %d a %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "línea %d: falta nombre de entidad\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "línea %d: etiqueta con nombre de entidad inválida '%.*s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "línea %d: nombre de entidad inválida '%s' en posición %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "línea %d: no es una dirección de email válida\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "línea %d: número de serie inválido\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "línea %d: etiqueta con nombre de emisor no válido '%.*s'\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "línea %d: nombre de emisor no válido '%s' posición %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "línea %d: fecha no válida\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "línea %d: error al obtener clave de firmado con keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "línea %d: algoritmo de hash no válido\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "línea %d: id de autoridad de clave no válido\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr ""
 "línea %d: subject-key-id no válido\n"
 "\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "línea %d: sintaxis de estensión no válida\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "línea %d: error al leer clave '%s' de la tarjeta: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "línea %d: error obteniendo clave con keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "línea %d: generación de clave fallida: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8982,45 +9086,45 @@ msgstr ""
 "Para completar este certificado introduzca por favor la frase contraseñapara "
 "la clave que acaba de crear una vez más.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Clave existente\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Clave existente de la tarjeta\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Posibles acciones para una clave %s:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) firmar, cifrar\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) firmar\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) cifrar\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Introduzca nombre de entidad para X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "No se dió nombre de entidad\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Etiqueta de nombre de entidad no válida '%.*s'\n"
@@ -9030,222 +9134,215 @@ msgstr "Etiqueta de nombre de entidad no válida '%.*s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Nombre de entidad no válido '%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "28 visto por el traductor hasta la comilla inclusive"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Dirección de correo electrónico"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (termine con una línea en blanco):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Introduzca nombres de DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (opcional; acabe con una línea en blanco):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Introduzca URIs"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "¿Crear un certificado auto-firmado? (s/N)"
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Se usan estos parámetros:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "error al crear fichero temporal: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Creando ahora certificado auto firmado. "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Creando ahora petición de certificado. "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Esto puede tardar un poco ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Listo.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Acabado. Debería mandar esta petición a su CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "problema de recursos: memoria desbordada\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "datos cifrados %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(el algoritmo RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(no parece un mensaje cifrado)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "cifrado con clave %s, ID %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certificado '%s' no encontrado: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "error bloqueando keybox: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "certificado duplicado '%s' borrado\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificado '%s' borrado\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "borrado del certificado \"%s\" fallido: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "no se dieron receptores válidos\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "lista claves externas"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "lista de cadenas de certificados"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importa certificado"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "exporta certificado"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "registrar tarjeta inteligente"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "pasar una orden a dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "invocar gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "no usa la terminal en absoluto"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|número de certificados que incluir"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|tomar política de información de FICHERO"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "asumir entrada en formato PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "asumir entrada en formato base-64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "asumir entrada en formato binario"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "crea una salida en base-64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|usa ID-USUARIO como clave secreta por defecto"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|añade este anillo a la lista de anillos"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|usa este servidor para buscar claves"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "recuperar certificados de emisor perdidos"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|usa la codificación NOMBRE para frases contraseña PKCS#12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "nunca consultar una CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "no comprobar CRLs para certificados raíz"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "comprabar validez usando OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "no comprobar políticas de certificados"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|usa el algoritmo de cifrado NOMBRE"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|usa algoritmo de resumen de mensaje NOMBRE"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "proceso por lotes: nunca preguntar"
 
@@ -9255,23 +9352,23 @@ msgstr "proceso por lotes: nunca preguntar"
 # Además una de las acepciones de asumir es "aceptar algo" y suponer
 # viene a ser asumir una idea como propia. Suponer "sí" en casi todas las
 # preguntas no me acaba de gustar.
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "asume \"sí\" en casi todas las preguntas"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "asume \"no\" en casi todas las preguntas"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|escribir inform de auditoría a FICHERO"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Uso: @GPGSM@ [opciones] [ficheros] (-h para ayuda)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9281,87 +9378,123 @@ msgstr ""
 "firma, comprueba, cifra o descifra usando el protocolo S/MIME\n"
 "La operación predeterminada depende de los datos de entrada\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Nota: no se podrá cifrar a '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "modelo de validación desconocido '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: falta el nombre del host\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: se dio contraseña sin usuario\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: omitir esta línea\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "no se puede interpretar el servidor de claves\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importando certificados comunes '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "no puedo firmar usando '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "orden inválida (no hay orden implícita)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "cantidad total procesada: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "error almacenando certificado\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "fallaron comprobaciones básicas sobre el certificado - no importado\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "error obteniendo parámetros almacenados: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "error importando el certificado: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "error al leer la entrada: %s\n"
+
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "no hay agente dirmngr activo en esta sesión\n"
+
+#: sm/keydb.c:595
 #, c-format
-msgid "error reading input: %s\n"
-msgstr "error al leer la entrada: %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "error al abrir base de datos de claves: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problema buscando el certificado existente: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "error obteniendo keyDB para escribir: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "error almacenando certificado: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problema re-buscando el certificado: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "error almacenando parámetros: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Error - "
 
@@ -9370,17 +9503,17 @@ msgstr "Error - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY no tiene valor - usando valor por defecto quizá absurdo\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "formato incorrecto de huella digital en '%s', línea %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "código de país inválido en '%s', línea %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9396,7 +9529,7 @@ msgstr ""
 "\n"
 "%s%sEstá realmente seguro de querer hacer esto?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9405,7 +9538,7 @@ msgstr ""
 "Observe que este programa no está oficialmente aprobado para crear "
 "overificar tales firmas.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9416,54 +9549,60 @@ msgstr ""
 "\"%s\"\n"
 "¡Observe que este certificado NO creará una firma cualificada!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "resumen %d (%s) para firmante %d no puede utilizarse; usando %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "algoritmo de hash usado para el firmante %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "la comprobación de la firma cualificada falló: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Firmado el %s usando clave %s ID %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Firmado el "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[no hay fecha]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algoritmo: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr "firma inválida: el resumen del mensaje no coincide con el calculado\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Firma correcta de"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                alias"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Es una firma cualificada\n"
@@ -9489,100 +9628,100 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "no puedo desactivar el bloqueo en la cache de certificados: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "quitando %u certificados del almacén\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "no puedo leer el certificado '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "el certificado '%s' ya estaba almacenado\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certificado fiable '%s' borrado\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificado '%s' cargado\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  huella digital SHA1 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   emisor ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "   asunto ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "error al cargar certificado '%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "    certificados cargados permanentemente: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "certificados almacenados para esta sesión: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "                   certificados confiados: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certificado ya almacenado\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certificado almacenado\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "error al almacenar certificado: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "huella digital SHA1 no válida '%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "error al descargar certificado con S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "error al descargar certificado por asunto: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "no se encuentra el emisor de este certificado\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "error al obtener authorityKeyIdentifier: %s\n"
@@ -10115,55 +10254,55 @@ msgstr ""
 "búsqueda de certificado imposible a causa de que %s está deshabilitado\n"
 "\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "usar OCSP en lugar de CRLs"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "verifica si hay un dirmngr corriendo"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "añadir un certificado a la cache"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "valida el certificado"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "busca un certificado"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "busca sólo en los certificados almacenados localmente"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "espera recibir una URL con --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "cargar un CRL en el dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "modo especial para usar con Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "esperar recibir certificados en formato PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "forzar el uso del contestador OCSP predeterminado"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Uso: dirmngr-client  [opciones] [fichero|patrón] (-h para ayuda)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10175,213 +10314,209 @@ msgstr ""
 "El proceso devuelve 0 si el certificado es válido, 1 si no lo es\n"
 "y otros códigos de error para fallos generales\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "error al leer certificado de stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "error al leer certificado de '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certificado demasiado grande para ser correcto\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "no se puede conectar con el dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "ha fallado la búsqueda: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "ha fallado la carga del CRL '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "hay un demonio dirmngr en ejecución\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "ha fallado la validación del certificado: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "certificado correcto\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "el certificado ha sido revocado\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "ha fallado el chequeo del certificado: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "obtenido el estado '%s'\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "error al escribir con encoding base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "pregunta no soportada '%s'\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "espero la ruta absoluta del archivo\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "buscando '%s'\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "listar los contenidos del cache CRL"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|carga CRL de FILE en la cache"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|carga un CRL de una URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "apaga el dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "descargar la memoria cache"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "permitir el chequeo online de versiones de software"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|no devolver más de N items en una consulta"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "enrutar todo el tráfico a través de Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Configuración para servidores de claves"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|usar servidor de claves en URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|usar los certificados CA en FILE para HKP a través de TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Configuración de servidores HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "inhibir el uso de HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignorar puntos de distribución CRL HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|redirigir todos los pedidos HTTP a URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "usar configuración del proxy HTTP del sistema"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Configuración de servidores LDAP que se usará"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "inhibir el uso de LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignorar puntos de distribución CRL LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|usar HOST para las consultas LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "no usar hosts de reserva con --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|usa este servidor para buscar claves"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|lee lista de servidores LDAP de FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "añadir nuevos servidores descubiertos en los puntos de distribución CRL a la "
 "lista de servidores"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|establecer vida máxima de LDAP en N segundos"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Configuración de OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "permitir el envío de búsquedas OSCP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignorar URLs de servicio contenidas en los certificados OSCP"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|usar contestador OSCP en la URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|respuesta OCSP firmada por FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "forzar la carga de CRLs caducados"
 
@@ -10389,7 +10524,7 @@ msgstr "forzar la carga de CRLs caducados"
 # página man -> página de manual
 # Vale. ¿del manual mejor?
 # Hmm, no sé, en man-db se usa "de". La verdad es que no lo he pensado.
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10398,11 +10533,11 @@ msgstr ""
 "@\n"
 "(Véase en la página del manual la lista completa de órdenes y opciones)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Uso: @DIRMNGR@ [opciones] (-h para ayuda)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10410,114 +10545,296 @@ msgstr ""
 "Sintaxis: @DIRMNGR@ [opciones] [orden [argumentos]]\n"
 "Acceso al servidor de claves, CRL y OCSP para @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "los niveles de debug válidos son: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "uso: %s [opciones] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "los dos puntos(:) no están permitidos en el nombre del socket\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "fallo al intentar descargar CRL desde '%s': %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "falló el procesamiento CRL desde '%s': %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: línea demasiado larga - omitida\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: se detectó huella digital no válida\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: error de lectura: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: ignorada la basura al final de la línea\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUP recibido - releyendo y haciendo correr las caches\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 recibido - ninguna acción definida\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM recibido - apagando ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM recibido - todavía %d conexiones activas\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "apagado forzado\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT recibido - apagado inmediato\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "señal %d recibida - ninguna acción definida\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "devuelve todos los valores en un formato orientado a record"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|ignorar la parte del host y conectar con el NAME"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|conectar al host NAME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|conectar al puerto N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|usa NOMBRE como destinatario por defecto"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|usar la contraseña PASS para autentificación"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "tomar el password de $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|preguntar DN STRING"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|usar FRASE como expresión de filtro"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|devuelve el atributo STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Uso: dirmngr_ldap [opciones] [URL] (-h para ayuda)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntaxis: dirmngr_ldap [opciones] [URL]\n"
+"Ayudante interno de LDAP para Dirmngr\n"
+"La interfaz y las opciones pueden cambiar sin previo aviso\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "número de puerto inválido %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "resultado del scanning para el atributo '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "error al escribir a stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          atributo disponible '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "atributo \"%s\" no encontrado\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "atributo \"%s\" encontrado\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "procesando url '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "       usuario '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "         pasar '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          host '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "        puerto %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filtro '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "           atr '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "no hay hostname en '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "no se ha dado ningún atributo para la consulta '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "ATENCIÓN: ¡se está usando sólo el primer atributo!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "Inicialización LDAP a '%s:%d' ha fallado: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "Inicialización LDAP a '%s:%d' ha fallado: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "Inicialización LDAP a '%s:%d' ha fallado: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "ha fallado el binding con '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "ha fallado la búsqueda '%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s' no es una URL LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "'%s' no es una URL LDAP válida\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "error mientras se accedía '%s': http status %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL '%s' redirigida a '%s' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "demasiadas redirecciones\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to '%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "escribiendo en '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "error al escribir la entrada de bitácora: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "error al leer desde el wrapper de ldap %d: %s\n"
@@ -10547,51 +10864,31 @@ msgstr "error al esperar el wrapper %d de ldap: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "el wrapper %d de ldap está parado - matándolo\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "caracter incorrecto 0x%02x en el nombre de host - no añadido\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "añadiendo '%s:%d' a la lista de servidores ldap\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "ha fallado malloc: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s' no es una URL LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "'%s' no es una URL LDAP válida\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: patrón '%s' incorrecto\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search ha llegado al límite de tamaño del servidor\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: se dio contraseña sin usuario\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: omitir esta línea\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10678,93 +10975,93 @@ msgstr "ha fallado el hashing de la respuesta OCSP para '%s': %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "no firmada por un certificado predeterminado de firma OCSP"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "fallo al colocar item en la lista: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "error intentando obtener identificador de responder: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 "no se ha encontrado un certificado adecuado para verificar la respuesta "
 "OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "no se encuentra el emisor de este certificado: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "el caller no devolvió el certificado del target\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "el caller no devolvió el certificado emisor\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "fallo al asignar el contexto OCSP: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "no hay un OCSP responder predeterminado\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "no hay ningún firmante OCSP predeterminado definido\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "usar el contestador OCSP predeterminado '%s'\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "usar OCSP responder '%s'\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "error al obtener status OCSP para certificado de destino: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "el status del certificado es: %s (esta=%s próxima=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "bien"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "el certificado ha sido revocado el: %s a causa de: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "el OCSP respondor ha devuelto un estado en el futuro\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "el OCSP respondor ha devuelto un estado no actual\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "el OCSP respondor ha devuelto un estado demasiado antiguo\n"
@@ -10774,67 +11071,71 @@ msgstr "el OCSP respondor ha devuelto un estado demasiado antiguo\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "ha fallado assuan_inquire(%s): %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "falta el ldapserver"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "falta el número de serie en el ID del certificado"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "ha fallado assuan_inquire: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "ha fallado fetch_cert_by_url: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "error al enviar datos: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "ha fallado start_cert_fetch: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "ha fallado fetch_next_cert: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "se ha excedido el número de respuestas(max_replies) %d\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "no puedo colocar la estructura de control: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "fallo al reservar el contexto assuan: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "ha fallado la inicialización del servidor: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "fallo en las órdenes de registro con Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "problema de aceptación Assuan: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "ha fallado el procesado Assuan: %s\n"
@@ -10877,51 +11178,57 @@ msgstr "cadena de certificados es buena\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "el certificado no debería haberse usado para firmas CRL\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "silencioso"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "escribir datos de salida en hexadecimal"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "decodificar líneas de datos recibidos"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "conecta al dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "conecta al dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|conectar al socket Assuan NOMBRE"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|conectar al servidor Assuan en ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "ejecutar el servidor Assuan indicando en línea de órdenes"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "no usar el modo de conexión extendido"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|ejecuta órdenes de FICHERO al empezar"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "ejecutar /subst al empezar"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Uso: @GPG@-connect-agent [opciones] (-h para ayuda)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10929,64 +11236,80 @@ msgstr ""
 "Sintaxis:  @GPG@-connect-agent [opciones]\n"
 "Conectar a un agente que se está ejecutando y mandar órdenes\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "la opción \"%s\" necesita un programa y parámetros opcionales\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "la opción \"%s\" se ignora por \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "fallo recibiendo la línea: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "línea demasiado larga -omitida\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "línea acortada por culpa del caracter Nul incluído\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "orden desconocida '%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "fallo mandando la línea: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "no hay agente dirmngr activo en esta sesión\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "error enviando opciones estándar: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "la clave pública es %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Claves privados"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartcards"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Red"
 
@@ -10999,114 +11322,114 @@ msgstr "Red"
 # ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
 # ¿Es que son más listos? :-)
 #
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Frase contraseña"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Componente no adecuando para lanzamiento"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Verificación externa del componente %s fallida"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Note: Use the command \"%s\" to restart them.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Atención: Usa el comando \"%s\" para reiniciarlos.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Verificación externa del componente %s fallida"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Note que las especificación de grupo se ignoran\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "error al cerrar '%s'\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "error al leer '%s'\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "listar todos los componentes"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "comprobar todos los programas"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|lista de opciones"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|cambiar opciones"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|comprobar opciones"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "aplicar valores globales por defecto"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|actualizar los archivos de configuración usando ARCHIVO"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "obtener directorios de configuración para @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "listar fichero de configuración global"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "comprobar fichero global de configuración"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "consulta la base de datos de versiones de software"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "listar todos los componentes, o uno en particular"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "iniciar un componente en particular"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "matar un componente particular"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "usa como fichero de salida"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "activar cambios en tiempo de ejecución, si es posible"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Uso: @GPGCONF@ [opciones] (-h para ayuda)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11114,15 +11437,15 @@ msgstr ""
 "Sintaxis: @GPGCONF@ [opciones]\n"
 "Administra opciones de configuración de las herramientas GnuPG\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Necesita un argumento de un componente"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Componente no encontrado"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "No se permiten parámetros"
 
@@ -11140,151 +11463,238 @@ msgstr ""
 "Compara frase contraseña dada en entrada estándar con un fichero de "
 "patrones\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forzar el cifrado simétrico %s (%d) viola las preferencias\n"
-#~ "del destinatario\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "NOTA: ¡ya hay claves almacenadas en la tarjeta!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "error escribiendo en el fichero temporal: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "NOTA: ¡ya hay claves almacenadas en la tarjeta!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "usar un fichero log para el servidor"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "¿Reemplazar las claves existentes? (s/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|escribir un log en modo servidor en FICHERO"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "tarjeta OpenPGP num. %s detectada\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "arrancar sin preguntar a un usuario"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "permitir búsquedas PKA (peticiones DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Opciones que controlan el formato de la salida"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Opciones que controlan el uso de Tor"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "añadir un certificado a la cache"
 
-#~ msgid "LDAP server list"
-#~ msgstr "lista de servidores LDAP"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "configurar KDF para autentificación de PIN"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "añadir un certificado a la cache"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "añadir un certificado a la cache"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "solicitando clave %s de %s servidor %s\n"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: falta el nombre del host\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "cambia una frase contraseña"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "no se puede interpretar el servidor de claves\n"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "detectada tarjeta con S/N: %s\n"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "devuelve todos los valores en un formato orientado a record"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "no tenemos clave de certificación para ssh en la tarjeta: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAME|ignorar la parte del host y conectar con el NAME"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr ""
+#~ "Por favor retire tarjeta actual e inserte la que tiene número de serie"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|conectar al host NAME"
+#~ msgid "use a log file for the server"
+#~ msgstr "usar un fichero log para el servidor"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|conectar al puerto N"
+#, fuzzy
+#~| msgid "connection to agent established\n"
+#~ msgid "connection to %s established\n"
+#~ msgstr "conexión establecida al agente\n"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|usa NOMBRE como destinatario por defecto"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "no hay gpg-agent en ejecución - iniciando '%s'\n"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|usar la contraseña PASS para autentificación"
+#~ msgid "argument not expected"
+#~ msgstr "parámetro inesperado"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "tomar el password de $DIRMNGR_LDAP_PASS"
+#~ msgid "read error"
+#~ msgstr "error de lectura"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|preguntar DN STRING"
+#~ msgid "keyword too long"
+#~ msgstr "palabra clave demasiado larga"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|usar FRASE como expresión de filtro"
+#~ msgid "missing argument"
+#~ msgstr "falta el parámetro"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|devuelve el atributo STRING"
+#~ msgid "invalid argument"
+#~ msgstr "parámetro incorrecto"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Uso: dirmngr_ldap [opciones] [URL] (-h para ayuda)\n"
+#~ msgid "invalid command"
+#~ msgstr "orden inválida"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Syntaxis: dirmngr_ldap [opciones] [URL]\n"
-#~ "Ayudante interno de LDAP para Dirmngr\n"
-#~ "La interfaz y las opciones pueden cambiar sin previo aviso\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "definición de alias inválida"
+
+#~ msgid "out of core"
+#~ msgstr "memoria desbordada"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "orden inválida"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "orden desconocida '%s'\n"
+
+#, fuzzy
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "datos inesperados"
+
+#~ msgid "invalid option"
+#~ msgstr "opción inválida"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "falta parámetro para la opción \"%.50s\"\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "la opción \"%.50s\" no necesita parámetros\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "número de puerto inválido %d\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "orden inválida \"%.50s\"\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "resultado del scanning para el atributo '%s'\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "la opción \"%.50s\" es ambigua\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "la orden \"%.50s\" es ambigua\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "error al escribir a stdout: %s\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opción inválida \"%.50s\"\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          atributo disponible '%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTA: no existe el fichero de opciones predeterminado '%s'\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "atributo \"%s\" no encontrado\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "fichero de opciones '%s': %s\n"
+
+#, fuzzy
+#~| msgid "option '%s' may not be used in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "no se puede usar la opción '%s' en modo %s\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "atributo \"%s\" encontrado\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "no se puede ejecutar el programa '%s': %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "procesando url '%s'\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "no se puede ejecutar el programa externo\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "       usuario '%s'\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "no se puede leer la respuesta del programa externo: %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "         pasar '%s'\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "validar firmas con datos PKA"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          host '%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "aumentar confianza en las firmas con datos válidos PKA"
 
-#~ msgid "          port %d\n"
-#~ msgstr "        puerto %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC y ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN '%s'\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "usar el registro PKA presente en una clave al recuperar claves"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        filtro '%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Nota: la dirección del firmante verificado es '%s'\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "           atr '%s'\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Nota: la dirección del firmante '%s' no coincide con la entrada DNS\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "no hay hostname en '%s'\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "nivel de confianza puesto a TOTAL (información PKA válida)\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "no se ha dado ningún atributo para la consulta '%s'\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "nivel de confianza puesto a NUNCA (información PKA inválida)\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "ATENCIÓN: ¡se está usando sólo el primer atributo!\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|escribir un log en modo servidor en FICHERO"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "Inicialización LDAP a '%s:%d' ha fallado: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "arrancar sin preguntar a un usuario"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "ha fallado el binding con '%s:%d': %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "permitir búsquedas PKA (peticiones DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "ha fallado la búsqueda '%s': %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Opciones que controlan el formato de la salida"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: patrón '%s' incorrecto\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Opciones que controlan el uso de Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "falta el ldapserver"
+#~ msgid "LDAP server list"
+#~ msgstr "lista de servidores LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "NOTA: se ignora el antiguo fichero de opciones predefinidas '%s'\n"
@@ -11344,8 +11754,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "no se puede abrir %s para escribir: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "error al leer de %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "error escribiendo en %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "error cerrando %s: %s\n"
@@ -11407,12 +11817,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " usando el certificado ID 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "option '%s' may not be used in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "no se puede usar la opción '%s' en modo %s\n"
-
 #~ msgid "male"
 #~ msgstr "hombre"
 
@@ -11461,12 +11865,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "sólo SHA-1 es compatible para las respuestas OCSP\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "esperando que el dirmngr arranque... ( %ds)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "conexión establecida al dirmngr\n"
-
 #~ msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 #~ msgstr ""
 #~ "Atención: '%s' debería ser un identificador largo de usuario o una huella "
@@ -13036,9 +13434,6 @@ msgstr ""
 #~ "NOTA: detectada clave primaria Elgamal - puede llevar algo de tiempo "
 #~ "importarla\n"
 
-#~ msgid " (default)"
-#~ msgstr "(por defecto)"
-
 #~ msgid "Really sign? "
 #~ msgstr "¿Firmar de verdad? "
 
@@ -13328,9 +13723,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "salir"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (firmar y cifrar)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/et.gmo b/po/et.gmo
index 96d59dd7f73ca61566f2045d67cb3c639f48bb5a..02618204561d80d777d36663e6b6ebfe66af7748 100644
GIT binary patch
delta 9169
zcmYk=2V9od*~jq%4jdq;;1(Vb6cpTh;@$(}-bfx02PmM48hy}c+=_e8YJ4^8HN=q^
zceRbt7;D=YwHjkwb!BNA(<bll&pEyy?@uni=Q{T~^9J+P=l;9T`1`JxDZJWnZ1ppy
z3Wf$5li+VmU?tTWb3BS1Phc^wd4lE1|6R?P$`}%D?~8YKb*4JsbZ)~ATz>>>qkoJs
zU5)XXdKC2H=~xlhx%@-t1*|~*Lzfq+ZVb;bQOJL$Ge6=n1NEGZSOyQd{BtZ#eh>Bh
z=dM1qhB3o=zo|!|Dkqkqdh{OZg`Z(Kev5S4_{ADS8%#9v4ATuGagwWFiMsA%WN^$i
z<W^(ijPXD$s)1cG6jPP+ely)wtV0d$dl-VJk!P5{qk8;1>c;4r#+1cos2BA_HFT0Q
z&-nrBd0(I!d<WHmpjvjs8lX=t97UlE&c{H!=)8^^nFpvfP@HkDi%n2-I0m&$)?!io
z5F6mf*bpC~?u+7wuJ41z(1*owegfkkL}3LL&2by*g;!Bi@e8VlVce}AG;@wZjl?|E
z12<u3+=Yqw2wP+AI>yj;GXY!SdJM*|P*Zic4&$#Em!Ml(G#yckWsu9qB5g1;umrw?
zYR~~xkFTH}bQ9NM;d(p+H={ao3pGN1_3ac@K}}r?jKJPL3S}r{qE_c@)D4?Zi|`<Z
z;g_hE-$6C-8J5FhjJM`A0t2ukdax&I?PR!oEvf^DQ1_q0vgrGptGJJ9z^|wVgfW5Y
zSzXkseFb&nL{!UXqk6gnJ$MgOuy`XoLK9FUw;Wlw<`{m9_pzv-G3Oc=bkJumHL-K}
z5Y^+SSQ1M$Wou$3R8M-K8a5d<w0Y>k_i+XfynyOJ&*sK3y(SIAaINz_3?)B>W$-dK
z)Bb-zfkv5_7Iu{mMQxjfSP6Ha9&`jF@e*pgJw-hzw51)P8W>340k!Couma9N53X_f
zLDX}<#2DUh9#BxrOS43k*TO7(2epdB`Js^*j#Qat*cHzsqi)K#u?^~hTAbsM|I9Le
z=#zT^b$@80T`Qfi3;B4|Ry6xv#VuSw9^cls@Bp?WzlfT{P?Gl88rflHHYVae?1Vp}
z@ncxIh;NN)&fE23FREc{k#%bhqdM}q1N~*^n0QuF6b?u2^IVL<-N-k@oJUR3bJQ-V
z%iBUQ5l3PYYUua5`lF~dbOB$%tEl_y@R87nd9f63=<KtLVh<HTR2+3D&Y`x;RjiD6
zunPJ!ZptH2YoY~e8zx~<9D|zkOstCYQ5|_3)$?<xhWw6NJB@ryB<sj@L6(7;gL?1@
z=T}&r{E^E;yV-436Jx0#gt~qfs$pwUL!OUn*lp*3oMpS)k*kSnpsxi5t@gpLViM}c
zWvC&28zV3uH3F9~8ox*NEUbrJd@WG-4M8<z5|+dzsMWq6xy5{hy3h11c#h9hr;teA
z9o3M<7>PTv7@k4B_yU&3ho}eq=8W!T8`KTefK057Z=t4QKdM1rpq}$j)KmoY*87<M
z<^=^~`eH3kj79Zu4Ql8QyZl=$r5pPgQwYnUURViP9;O~Lt!64}Bb-DHagiizHB<xI
zqDEu{M(}<!l|neKN6qCSERJ8GF1(ED$xo>7L||WAUmZip+oJ0GVhtRRdfqBjgY!{q
z<s|y!160Evqpt*oK=z0#%A+o5glcJ1)ClxPJ?IS##zm+p+K9UE2<p>%74_opQBxG$
z&o-<P>N&kJ4yT~5+t!cqR}YU-p+$BD_2TEK`ttqlnyByWhEddyM)i0u*2Jx-2AxGs
z-9uDIN)O;yGKQi$P!ZWkCKk(J)&Ry|i*7Cz`a*4Xp1@G@+gJ{tV-S`eXj>kEy1q4P
z3PxiC%trNmxAQ#e#Xq4&+JBIJagfvFqo5u&z_K_1wd%*B2eYveu0r+fENWz)U_&f1
z*uJn0Y9zc^7xPfhIf1qDtULb;=8;Dav5VcepF$lfZlYRVdZ_)tG(pvSF&<Z=8hR2n
zhqqC47(C22s5W}YyJAHgi&bzA>bmV1fX7iI_h<Cz_uWGZnv0;}_C^mXZ;s`$CpJbe
zdT<l!K}S&6oyID7858g+ssYtT*cZ1#J!cr|`W)2Sn1_Y5{})ndLd8<_;2G3V-$gCT
zz>#)a#bXOUWBOq|>hne!^BtZ<t&!cy_Cs?N)u1a_760Y(u+g@@zOy$r@^Qg<3Yw!G
z*d8ys3&K*|4H!XvZ>)xySQ%HMUi<-Sf1g1$><Mb>B44!)NWu!_nOF_yqZaqO=nJQC
zf<h#IgK6mRwL>=+)q@2t-;H|V8H~bzp!T&%wGF6&S{r?w(=eKRr^`P>Ez+Mb2E)@B
zf4!gsZ`JA_jk;k9s)rj<EkB5w!!J>*`<}Dn7~7z37)E_ER>#*+9ovE)Jc1g*>!=R=
zhOroy&iLzvt<&w0rJzo%#4h+L24a!1cK?<^HJ~bLsC%KdXD&9y1L(mgSPVnP+1*nS
zo0E4!T|WzJ;6WdS;uLP6UUVNz;xlZ9{^RY`v_$n_1lGivs0Zx9IJ}7J*{`S%PMHbz
zZ^uaNN<PZvdr=L&kM+?Pm0^Fa_D4M^4O`=KEEsZk{vK-kJjVnK%CsZW0@bii7=Wp$
z=VahcT!$^O)kHfb(@@V{kE|h|*+-!i6@Nv|`7I2_-%*P)c#@sddZ>Lp2z6Z+YR;FU
z8nzQF;X$m6f5AX3lx25O2x`O<P$SqMOKAV+QcwdHIX9q&au2F!$5A(agW5jDvTc1l
z>bf4NhNfUgoa^$>F_-)iYE5P2*!$O_8h98l@qY7=!ZkcT*>1PZQ*46{qjtwxR8Q_<
z1AL10G43@xBEwMIaSCcNugCL#{4tBVfALg1rF*e7`F-cF=qpD>&@}r&h{k&4%`hIv
zp?ba!%j0p>cD#%l`X4Y91E$-NsDf%}1Jw12SR4nTR{dzymvJ4|!u``3e-DM5RA|5Y
zzhPe-iE4Q-T!rItHu}x5|FW5bYUm%a13trE*kY!A(L&T5A4g5u18j@I40mTtLN#E$
zkAix78ug$bQLDR2u6>ag^T>B$1U8<<_a6tKrs5sci*KOjv^K5O8W@SaaTor8Pf=^&
z?wfWohs?1y@lj~Si4oWuH@Op6QA6)P*EX;wYFiCN)z3n`a1Uz8uQ=~w2KmpZMV<1N
zo%1ZzcV!NGF%Mg!?-_-L6dKI44;q7-yU7@WOHkW!3+e&yV>Et(F?a(#SY*DPvg)Y&
zJ76&!hT-T%jo2KlgNHCt`~MyVwIptV-PftuhI}>-#gnK-8oto}3DyWTW$m#dPDJg7
zg;*1hpcdyntc<^5JFK+G?vmlCsm#R~?f-2Q)WS0uhqqCyJb1BvP%Ks@Z;jeM!%!oT
z;p$gnb@F}K7%yWb3|?aIuZenLB5FiOVI)q%QM})*q!5okV-t*AYJd3*Mm1yyM&V&B
zhSyOKyo>5-z%o0uRZ$H|!dQGAHFDdr4jw`e-b3w*;(3g}dX_*zE$@yR(%GmNZ^8uJ
zkGkO&>IDJI?cCQ!jYvN%gsJGkv6zU9P(yzXdt&ekJ4M5t^H(tbdSJe*xPmpvi>$O$
zk$`I8Kn%vosGiS7&FwDKP@h0ucMa9>=gzWxJk;}e)RYawk~j;sR+g+{{QW5$qC!19
zjDdIqwI&{-&X-(m&zHiw<n>WQpMq6zDr(5rphoZ*sv%#aI`ku|A(htH>${;kp5~*V
zZL}2i!jDirx`bLJk5MlOS!)}RfKlX0&K%UDU5f=HfsM(pIm@oIFYbow$TTd9Gq3{s
z=1}NGVKeFh53w8uthWyi$6DlFP(8~*4gFFqgL_d!e+28}RaakXgKbD8Y6J$M8k&ot
zxED)n{~x2E9$rMv?PJtPl-g)VAOVBOd!u&AaBPGNU49%jQjf4525+(>+7}y;zmE0r
zT`YmuQ4P6|1^d73X8vVMMKjcDKY-2fJ5-Otx7a_=lTa_n#g=#qwTR4C`@mYLMb;lZ
zI1P1vBSzpEtcZ6|9WmS3&OS__pvBM_b>VQVf-|rZZa_`RehkNRs0KVht)1BIc2)O6
zP00|{VxE8+spY5_{|P;K6ZKsG9gM#oSe1f5wnXjYHrO27qef(=^IeQ0zk(XV|DqrE
z<wsZ4vCm@aQuk+97L$o_x|m}pQO}muf3^)#m{{yCP_J@{n&j1pFjqeX%TuqTE9ECR
zh)`o+KF*MQN@yB86EnG%Pl91a3yxRG?^3F#@BfRV4F&DdMx1;XYvYgDj|io#V>F(^
zo-Pk}-lT4lE5A+oe~CBAJK#1#M{SGg=dLSAU%dZSGR^ULq7oO(CpuD2CH_Td%M2wd
z5E1SH{V8kfPJ8KrwJ5J9UMEI!Zan@EmczNkcFHdfE$)K%zeb^{tF6OD+HM~clZbqx
z38AAb=kzVmkw|2bvxm(d;wkY5;wUkgXvn!WgqJeQ#H3RG7L!oNE5vj^-hYt7MdF{t
zE#f00%3XAxa+)hIz|yW<jCvhgEoK(B;an4<h^xDeSBYlSl_zw}!(=R5knw+4{OErM
zNn=-W0KM*FRaK<?0N+r;F`M|Zpk#ma=X?ak>#puK@?Jzw@@Qfe<yKfQ%&2X6lF%`o
z_(><0bJ0RVM~1VTvlMj$3(oMz0(Apiy{e`W9mxNUt?>r7#Mf~Iv7FdKz90Wej3p`)
zUlH-tZ$V!!g(wQg2pw_c>BQe{TJTq_iW8`NhQGLaeL#Y#(=nA;T2SH#b^m})xS8;G
z^{ptMrK}Is@2>8$2Ide+Z%%e0bhIYEAwD415~GL~#EWAug&3~gK$LX%B;p^bf6rYM
zizBGhSM|klg2E9Z*j2p3`C*#>7sqfa-XfWbSMXPN!jJqn%5z;V8WA&y!kp9b1JT@-
zi&D-biW3cqpNVsXj%5}zk!!Ok-_iSrlC;Is#3N!PxsMn`{EhrGVmP5AlDe@(A<7=&
zeWES-i{n0pG?y&G1kSzn()s^T*Wjhx7eca-$~m|M8{=VIg56O^H02;-7NKJZQJwM%
z%)}g3x}zhxemR8@n_S&8>N>e{8Oo0-|HbA$^96;fREA@H+=YR-!Cp}C^K*WNxqK_<
zbPOZv5=F_^;SlVDo!$8a$}f&~)WwmMB;F(j5IF_cG5!-sjuRz_YQ$jofON__X1iSF
zuZe6GIMx$Yh(7Log_o{tNB#FiaaUIbV+ns^74<qIi5{Bg1qCVpm~@Il)MsLQ9ETo!
zs1qDLECv6AO2s5%4)F<biP*%oI_4ACh!W&Ah!w<oVjZ!O(Ba$7j}(&Un1?g*PlS#O
z#CJrX5_i;iQNaJcRNhEAfLKjbCEnm!HL)p<#$>Ead`NjIt|i83|KFoRM?BGum_oEC
zUK}lSA)%wYb0AJ655UC*XXu2p2z4{ub@QlO<jRw=0eLa(>#kktSC~IE{qkp4>s~0o
ze2v|HD+A&h<`0NVi)o#jnU#{Bk><&sI$?r0Co4V0lafAhj5o^@lkJI(c{R>6B|UR|
za*j9KljY@1x;G=oGcn7X>do?Iq<Hf`=@k{6UwcFuzx<?;&x+(9^?vQQ@`tpR`F+ML
zkL{d&>QnpB@#)!K&*|;ysafg&|J-rO*^_gUC!}Y1J((GvDaqM6lQYLp&h}&{Cy!0`
gc)i?{GdVlQo0gn^BX3mc{Ea($`Q`uihp+wq51pZZ6#xJL

delta 9792
zcmaLc30#)N+Q;z$%>Z{?LJ_$^Kon8XT+kE{7c?=~QqvUW5g$Q77I%F#3sWmK*IY`?
z7AsGSm6eqhX`Qmg&S~E)J#Ds~^jKL(-{1e4;myx^m;2MjcV_Nw=9-xswR?|*zV}*a
z;M2&u8x6;OA;z@9i4Bd(2sLJVYqc7)w4E`jxD3O%<{`X{`jZL9MB`hi`@VCAC)#?F
zGsigv2XNhD?2Iqs5Mu)7pYDP_NyfC|#5mLg%bja5iu!}j!>AX3>gwlE*Eef#41F+Z
zNRt_hop2HA{9cU2Bd-1dHs$^1ECszdEZJTdkCUipVhrv;-FOgn-5aP5eC@2;!FJF?
zB`pKn;uws_3S^9C6RKm+U>u%MJMTA_bhH<yAlWs;kv^Gn^l&R`1P8G>zVGVayLv>5
zosw8=!ug&^-%KtlBePNWZNg^w0O~!5Frc2EpddrZmyAQraTcn_<4_|AApe=W`JoQJ
zjk$OZ8(<C#MUFsaZW3zkEaXQT?nTZ0hp0@2cP9V!C?wF@4O8%PoQ%401M;7Fkso3B
zPYlO%*bwV>F{U?0qF$JXnwlci2v?v6@PPAeR3?5yJ+Dz3`5#Q-GP;+Ald&J}M3Q1Y
z!@gKQ-I&HW1U0AQQ7>MES{nzjDZc9JAEO5FBSv6MSKFav)PRSfo-;Z?VGD&hI1n3?
z290DaDn%8jDY+G!;XaJT7cde(M=i=TsOuY%KJAtc*aG{bIzA57!5P>R7hrHo*HO5X
zh6Cu~A=KhI?&{&)?Fc%e9?%_|;b2$47S(}Ss1B?^jchk+(H=(K_XVosXHWxe-Xr+F
zfSEvH8Vw6kbM_f3b#;0&3QWf@@LH_L2dG~!JHmk(b`GyYjkpl&<5DE+=4RADo<nu)
zD^zAfd)t9}xHyFQ&!*6d6Nma3!@4jZU<(Yt!WxUssdq=Ed?@lPGYJ`t*^FAGucLO&
zAE*~LXW{5MT~PadAZjWLQO~KyHoV{5PC?t|3DlyiL5=7~^e~JS8JttpgZrcAZW5~F
z%TdqSf#n#JX&3QYR3_d;9%VwZf}dQIiOjB9iNXE<90jHR6XaSGl5M}$*{BCpqh9zV
z=HjQQDQe%}*2m&X>UW?zn4Ci=F$Xn;)yRM5VSXr6XD|!f4WQqHC=}>7LkRm6`KXx(
zSs{Ayd)N-cxu`3qqDC?W*_q}JjK?=I34ca)v=w`rZ<5JGO;Isw7wpC+_$W@sn!y2^
z`gROUC(=-hC>uv(9_j(RP$_#48)1VXc1=X1K16A#_I{}So`?Dnjl(ur>FVoHYhoX^
z#F_wwdK5lH&GF|LgXd5qi5hB0-VfE0*{H>HFS1U})5v-=XHgICcBOR)DkGC!y&5%T
z+c6nmb?t%E6x7r3VK(K7sGeQpEOFk5%FuRH2lt^?`)jU#0(D<Vp3P_!#!^p2Wnduc
zm(f(zz*b;et=oMRbmLJ}M^0dUyntFv^@kfnA59YK#&XnywxBxjEXLtG7>2)~UTChe
zAD$T0eO;VmQTH#zmfANvDRidc0BQ=pM0Ml>>Os*X>=g7uy|Bo+98;)oLp|_iRLZ||
z^=2dOn&^dfXdjFk=#|L&GgC2__nZ4EXuF(7rMAZ?>ljoA%2AnEgG%ZBNb1b1s5$=z
z!|?*@x^Pym29kjKKJ-PkUxQ7s+_f*qKzkZ?P|yPpV<S9?S|q126x)ok9g4*W>U~{3
z7j=F*s-u2X2C7ld*@uns8PpUVMGf!=Y>o}al7GE8ZmgZ7EL4xDqaL&rJK(*j>yDvD
z@)If(^{=)sPC>QjqNZq?b0O;cupaf?C$J;Fh3e4nSCfCuUCcFhB>k~2^?|4n3`KUL
z8IO^87hZ->pgv4*IDbZssO302$0^v5dVf^MN1(1RMNPqa?1p;+6tp_ucb-SRIAOd^
zbvM+D`#DFVMpS^!a0P1BZ$l6FV0S!>8rbis%y<**2doe3ePyUj1U6AfqwoUiK|f<>
z{M}v9@mgcnQXh+2?O$RSjGSm6)E`r+&p@?r!cKSu)zQ<aDQr2(W+Dq)Q=g2U_WuG3
zt!UVWZSZkas@_ID_$(@g3D?;_sN|r|Ux^-;qB67=^_;t0{aMshy@fsSYxFR7vYmn~
zyj1&tBn3TSJgNi5s28t9J@5dw#bc-k{)D<dY>Hho(O8FiTkMJP=-~v^6fDG8+=<$4
z&tsnuI)v!~8WN_m<?w23iG8No56~!7he|L8SG)RN=Mm=#)SR0FJ9RxUhpG>C|6b=2
zR7Xx=JFMd)|N7Fkr=XtYptfC+tKWv|(9@{z!7)t7bEvuQG~IS=B1TbPfO_zH)NVL{
z%G^<m!&6v@4f&z=szUOw8#mCP3--AaZ=y#0gR3`~VHZ;hszbwF-G@okZ^C4J2({SW
zcZT}y6m&whk3_Bdg_wx<_{qOsbd&~dr*AO<&!aNaZl)bsCTi}-p>|7|a~G;ZZ(|Gm
z2GyYps1YU=*|jhbmHO$Z>#I>6-Vvan7al>S^prahU2OkoH2@pXehWt6R#XS>Moq=L
zsJRcDWlS&ZhaS$wFx-Nja2NK*H&EAym)I!}WKsyHp%5G3Y^;w<FauYirsgHo2)@LQ
zSg+JRARRkUACDT@a%_ZKu^;ZmA^5eccP+CWosC_!|L>>JlnXvVJ?KZ&jjd+8l%vj<
zp|;)in2H-w8L2^a><zpWe?UFwEbc+C-2MsaFltIdE9`UQFkbsVgMxZI5jE#U*cex!
zM!p#}r%$222ggy@okPue%Szj^PN*+iCZ^#8R7O{$w&50RkB_4=_z6bveiK$@JJ8G-
zk4j}aYGk>n8)u-l*IL*980xyeqdIyD2V%oHwmuq{Qm;ZSwzH`FW9Qlq=3wA&G*nXf
z7<1>@-H<rnb|?q6J4T^KQik1dF*0}N5p0DgQQ!LWsKp$&fWHle7&8cUfAd9lO1olH
z>a(587m@##G;E}yIX;N#_yTIxo<@z_TWsen7xlfEf-P`9>b^Co=j=gs^dM@xzJlR+
z9J}MU*ap2N_Lo`TCFI|u!B2x0$12o|_hJmbiyQC^UXLreJ`)=(wH+OX1E?>-;aG!u
zQRFf^$GNDKS70`7#=-ajreIuvr|N}ys0S@Tt?omp7k!UwF?G3J3(w&g>Yt*fqT3Dj
z#f7Lv_XKJUe1%tG>W%!X2`)yhfzoQbn723shbZ*r#Fy9)6IR#@reS;Pt56+$6t%5B
zbM4_b*%zjxQa;sLihLr>BGj%rg_`qosP9UHmHcADD7-@Ze+h-lX*h^_&`+qj`!_bh
z7OU)bOhP@N2PR;DOvFO;@D|jR{RMUZQ4GVA*cQJ>Wvsz!`=!moEbad?3iQN0g4)+V
zpi&=kGymv-Ls5(C9&CuuVkdkJwfcWW?S{x(?3@ooEzUC3^Qy5w?#6ih2gYL9tqg$o
zn`8>=;c)DLvrwyiGwMMPqegZFmCBQ-44ifC(QE9KWnd55r=UJWn^E^aihAKIsEmG%
zarhesrcj7xg=s{KuqW<Cb>MSUkI$h}8MDqlC<*o8L8z2Y#3Wpc$#?*jvE$eUe?br1
z-)471E^0u<w~>GKcohvw<qN16e}t)c2DN?S*V`8iLe2RsY>Ml#4&IF(?!_#86_xV(
z?A<&ZjvaBk^JP?rf8Id;b)wZqyV?h!rl1(r!%f&2A48?^CDfdrM5Wklve!kUI-cPi
zg&KJgYO1zjeS9AEzM~k5zXT{~gy*mUw%u&kLJI1Fp{VnDn1-{l1@1<D$(}@|{2f#V
z&!ajLwZ#r79o3QXsOwjvMt%<}lY!SMXz`s!jVSVVyEsx&H(Z74KrzPSTIYULrryP1
zCbrte7wsH{dhtrsK%T;S_zXs24G!1-|CmB+8dA2|MKcKX;7OQ*E3g&r$7p;VBk>#5
z6#ao+vGsP_o`*fCPeFaaHlv<*2%F<KsI_w*+i3qc*<t546_trR)b=RGhIlJ#cWlS*
z_*YlIfV!^J9d@w|N2PQfcEbahj;AmJWA3yaNk&~a3K#KyGmnB+`@b*)+wHU?nuMLH
zuf_g&2(Q4<U3L*=qDD3owa7N0hfkpv*@qa5m+ZC~OhjFuiRzdi^-ua{8wKs}S5S-N
z80yAfu?<GuWv8e+wxm7++hQTAL)EAe)nG8isMUTRHB}LN>>7$eWiT5xrE~X?e~-dC
z8ngx;MLqa+48`xT4*rO}@iZz^o$t0z#CYnfP$S!iA$Tc2KF8W)tr|HrnBRgW`=dzn
z{|RLVYW&1C#A}2W-ZE}#OYjTNG{t<>ylPP~rNLDUX1RX2qXpOXa^)_R=TSaLsB<wy
z7Hz$W&nWA7k@uTxX;>MoG7`!<w8w`Kms9^9hvQ6C+Wt-GV5<lJWo#<vrc&;!Mvm^(
z^}p)wwN;Z%Sw{sikMbb=kl0N*@EnC}3C;H%G>jx}C3MWjTZp=@emgcKG&QBcE9?)x
zUFKn;%w1O>|4Mx#kxO|8-azPhmpBqE@oPGS{P*R8#WY-rFX0l@B)$L<_&VxXNLl;3
z_836@X)15Ih9=av6Z}#PF4EfTGHKJnXTmHXh7yZt`xy28F(Y9<v6{xwL?-1zcT;~S
zP3A`Z;HV+$5@R?QO<Y6tBocIz<7*;=7)Q*dJ&njA%G8FfiT;#zT(9}p@d2?qSh8E_
zE6US|$B9sGs6Ae-E&PWUsPjwBoFNVnCy18ZSBNVwx}U1KR6jWO5w-6RHt2`G*#n4O
zL=-n(f;!q${sKE-S3>_Q=4L`iN1Tkah;+(x)p*fyyDN`(*Z+h1%eF0G*s{T6mpl0w
zHGVOeV(Rzccf?G}4e{b5o=R=+ujBj-cXABoQP($ql4}#?wCT7Jr`sZbH{c10R6Jq}
zCl=wS#8ToJf<J$lRN4n(?GZ=eAy*m5IsMumg*Om82pxYX#!}uGtnpQK?W(SEZTuO9
zfB$nQ?xQlwov5W}ZNWK-YojR-!KK7K#MMMS+P)!9x$BlVui)G=S5Bs^L!aMuuH2S#
zFoPpp!zTP)S8@D7Or!oFMiAX77h??O6O###*hAYCq7mh_sAG%8Y;|76IUVCI`gbbx
zKG9tJf0#R&=<I~gy9-a_4A(w^a)~SJ^cBQ@VldH<xQh6hI7hrf#BpsC>`g4DoIu=3
zc`Gg__EMg$@fT3hak<5u$NOlzo_Lh<PGSP(H2fD)Md-MNsGz+u5lQ(yVmon`s6*&@
z!(vLgM!$03Cc=nHVl)xVe<UZLpnMb2i8xN=5;{&2(>Xr^<1v<al5!TIqmudq*qHE9
z?t^oPB;qLXBauRTSL}s44qJkMFANN(v7Ck;?&L=2A==gvYpDMX|3c{4OuZep!YM>f
zu$4dQQf@|QL6^|xBYq)1A{G)EwBJQk5eo<%4K)83AJtUuCz`p&XD>S0#@$p0>(hQS
zaTDcKcg;K4j`}4;I8jYx)Aj@L6w#5;kxU#5mh^-7&*H*ugpNGoI^tVZIPRwXOItL4
z%9l~@jQ!m8cTw*{c|9?o2qCU^*WXF`C(3W?9@lmoZ90ZxBV45q%e_<{!4>!`)*geX
z?<6J?8wef4h&hzUVrw-7kNwZZUs-2JVnGLQ!02o*xx!yq;+2*Z&+ianJkLwkiBUS?
zE16b4zpV0qJ$KPf`|Bn>7!v6&_7!*q`IY$*Cb44uAK6i@6DvG-#$Q_E&Gi=-dsBU0
zRfVr${R8bYF6;8=dG4HETHf1>PppXFf4qHB;{KcSVjB<g&GSvGs`Pojd6mBMlKf(?
zth}_aJbzY%sVd2zTI};GOTBVme!>5^fYyq#(vk{aZ!fW8|D6-thBU6K@Rt;N)BI&K
zeC299IO*3*0{@+de1Az*aiy1ETwLTYpP64#nLo>4;VY{6&$PJfipp!ADXaAP%KiWE
zW&hXX(mHr~`JT_e|KPM^AyI!mtg@=W%P%RI<tqs0aP=}TrYOIns*<D@Rru(&_vf{|
zxN`jpUv{k0Xq)}I-`+4YznHNH)A^EbWAgspw_ewD!kn5t#oSe!#aVv3;MF`{QsS$q
ztn!L#_W0-cEAtDOz>C|9s|tMu`JTPmchSvrNK;isWiZ9(?;H`*%)YwBJG{$3eR{dS
MQfVHx>!XnW0<tG8bpQYW

diff --git a/po/et.po b/po/et.po
index e866795..42e2f5f 100644
--- a/po/et.po
+++ b/po/et.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.2.2\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2004-06-17 11:04+0300\n"
 "Last-Translator: Toomas Soome <Toomas.Soome@microlink.ee>\n"
 "Language-Team: Estonian <et@li.org>\n"
@@ -15,51 +15,51 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8-bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -67,7 +67,7 @@ msgstr "vigane parool"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -78,25 +78,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "liiga pikk parool\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -106,298 +94,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "halb parool"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "rida on liiga pikk\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "liiga pikk parool\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Lubamatu sümbol nimes\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "halb MPI"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "halb parool"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "muuda parooli"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "kaitse algoritm %d%s ei ole toetatud\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "`%s' ei õnnestu luua: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "`%s' ei õnnestu avada: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "kirjutatavat salajaste võtmete hoidlat pole: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: paisktabeli loomine ebaõnnestus: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Korrake parooli: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Korrake parooli: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Korrake parooli: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "parooli ei korratud õieti; proovige uuesti"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "parooli ei korratud õieti; proovige uuesti"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "parooli ei korratud õieti; proovige uuesti"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "viga parooli loomisel: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "kirjutan faili `%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Sisestage parool\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Kasutan seda võtit ikka? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -405,7 +373,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Nimes peab olema vähemalt 5 sümbolit\n"
 msgstr[1] "Nimes peab olema vähemalt 5 sümbolit\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -413,382 +381,387 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Kasutan seda võtit ikka? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Te vajate oma salajase võtme kaitsmiseks parooli.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "muuda parooli"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Võti on asendatud"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "ole jutukas"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "ole mõnevõrra vaiksem"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "uuenda usalduse andmebaasi"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NIMI|terminali kooditabel on NIMI"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "ei ole toetatud"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "ei ole toetatud"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|kasuta parooli moodi N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "kasuta gpg-agenti"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Palun saatke veateated aadressil <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "valitud lühendi algoritm ei ole lubatud\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "loen võtmeid failist `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "%s ei õnnestu luua: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: kataloog on loodud\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: kataloogi ei õnnestu luua: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: jätsin vahele: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -798,19 +771,19 @@ msgstr ""
 "Võtmed:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -818,8 +791,8 @@ msgstr ""
 "@Käsud:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -829,87 +802,86 @@ msgstr ""
 "Võtmed:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Katkesta"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "viga lugemisel: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "viga lugemisel: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -922,19 +894,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "jah"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -947,7 +919,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -957,142 +929,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "muuda parooli"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "luba võti"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "kaitse algoritm %d%s ei ole toetatud\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "kaitse algoritm %d%s ei ole toetatud\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "kaitse algoritm %d%s ei ole toetatud\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
@@ -1108,33 +1080,33 @@ msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "probleem agendiga: agent tagastas 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "ei õnnestu blokeerida mälupildi salvestamist: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "jah"
 
@@ -1189,51 +1161,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "seda ei saa teha pakettmoodis\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "seda ei saa teha pakettmoodis\n"
+
+#: common/asshelp.c:367
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the agent established\n"
 msgstr "seda ei saa teha pakettmoodis\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "seda ei saa teha pakettmoodis\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "seda ei saa teha pakettmoodis\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "HOIATUS: %s määrab üle %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Palun kasutage kõigepealt käsku \"toggle\".\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1312,7 +1328,7 @@ msgid "algorithm: %s"
 msgstr "pakend: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1396,12 +1412,12 @@ msgstr "See võti on aegunud!"
 msgid "Root certificate trustworthy"
 msgstr "halb sertifikaat"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "halb sertifikaat"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Võtme leiate: "
@@ -1443,7 +1459,7 @@ msgstr "`%s' kohta abiinfo puudub"
 msgid "ignoring garbage line"
 msgstr "viga lõpetaval real\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "tundmatu"
@@ -1453,144 +1469,26 @@ msgstr "tundmatu"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "kirjutan salajase võtme faili `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "viga faili lugemisel"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "rida on liiga pikk\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "vigane argument"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "vigane pakend"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "vastuolulised käsud\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "vigased impordi võtmed\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "ei töödeldud"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "vastuolulised käsud\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "tundmatu vaikimisi saaja `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "ootamatud andmed"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "vigased impordi võtmed\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "vigased impordi võtmed\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Vigane käsklus (proovige \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "vigased impordi võtmed\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "MÄRKUS: vaikimisi võtmete fail `%s' puudub\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "võtmete fail `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1606,144 +1504,145 @@ msgstr "faili ei õnnestu avada: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "ei leia avalikku võtit %08lX: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "pakend: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "vigane pakendi päis: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "pakendi päis: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "vigane avateksti allkirja päis\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "pakendi päis: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "avateksti allkirjad üksteise sees\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "ootamatu pakend:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "vigane kriipsudega märgitud rida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "enneaegne faililõpp (puudub CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "enneaegne faililõpp (poolik CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "vigane CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC viga; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "enneaegne faililõpp (lõpetaval real)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "viga lõpetaval real\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "ei leia OpenPGP andmeid.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "vigane pakend: rida on pikem, kui %d sümbolit\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "kvooditud sümbol pakendis - tõenäoliselt on kasutatud vigast MTA programmi\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "pole inimese poolt loetav"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1752,27 +1651,27 @@ msgstr ""
 "noteerimise nimes võivad olla ainult trükitavad sümbolid või tühikud\n"
 "ning lõpus peab olema '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "kasutaja noteerimise nimi peab sisaldama '@' märki\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "kasutaja noteerimise nimi peab sisaldama '@' märki\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "noteerimise väärtus ei või sisaldada kontroll sümboleid\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "kasutaja noteerimise nimi peab sisaldama '@' märki\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1782,370 +1681,354 @@ msgstr ""
 "noteerimise nimes võivad olla ainult trükitavad sümbolid või tühikud\n"
 "ning lõpus peab olema '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "HOIATUS: leidsin vigased noteerimise andmed\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Sisestage parool: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "viga võtmehoidla `%s' loomisel: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "HOIATUS: %s määrab üle %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s ei tööta veel koos %s-ga\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Palun kasutage kõigepealt käsku \"toggle\".\n"
+msgid "error from TPM: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s ei tööta veel koos %s-ga\n"
+msgid "problem with the agent: %s\n"
+msgstr "probleem agendiga: agent tagastas 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "%s ei ole moodis %s lubatud.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "pakend: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "salajane võti ei ole kättesaadav"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "seda ei saa teha pakettmoodis\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "See käsklus ei ole %s moodis lubatud.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Teie valik? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "ei töödeldud"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "vastavat avalikku võtit pole: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "uuendatud eelistused"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "lubamatu sümbol eelistuste sõnes\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "lubamatu sümbol eelistuste sõnes\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "näita sõrmejälge"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Võtme genereerimine ebaõnnestus: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "ei leia OpenPGP andmeid.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Millist võtmepikkust te soovite? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "ümardatud üles %u bitini\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Allkiri aegus %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (ainult allkirjastamiseks)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA ja ElGamal (vaikimisi)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Vigane valik.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "See käsklus ei ole %s moodis lubatud.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2153,204 +2036,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Allkiri aegus %s\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Palun valige tühistamise põhjus:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Allkirjastan tõesti? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "välju sellest menüüst"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "vastuolulised käsud\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "näita seda abiinfot"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Võtme leiate: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "muuda aegumise kuupäeva"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "muuda omaniku usaldust"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "näita sõrmejälge"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NIMI|kasuta NIME vaikimisi saajana"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "muuda omaniku usaldust"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "muuda omaniku usaldust"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "vastuolulised käsud\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "vastuolulised käsud\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Vigane käsklus (proovige \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "võti --output ei tööta selle käsuga\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "`%s' ei õnnestu avada\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "viga võtmebloki lugemisel: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(kui te just ei määra võtit sõrmejäljega)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "pakettmoodis ei õnnestu seda teha võtmeta \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(kui te just ei määra võtit sõrmejäljega)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2392,9 +2288,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "Avalik võti: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
@@ -2419,64 +2315,75 @@ msgstr "avaliku võtme \"%s\" jaoks on salajane võti!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "selle kustutamiseks kasutage võtit \"--delete-secret-keys\".\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "S2K moodi tõttu ei saa sümmeetrilist ESK paketti kasutada\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "kasutan Å¡iffrit %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' on juba pakitud\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "HOIATUS: `%s' on tühi fail\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "Å¡ifri algoritm \"%s\" ei ole moodis %s lubatud\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "Å¡ifri algoritm \"%s\" ei ole moodis %s lubatud\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "sõnumilühendi algoritm \"%s\" ei ole moodis %s lubatud\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "loen failist `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2484,100 +2391,46 @@ msgid ""
 msgstr ""
 "pakkimise algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s krüptitud kasutajale: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "%s ei ole moodis %s lubatud.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s krüpteeritud andmed\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "krüpteeritud tundmatu algoritmiga %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "HOIATUS: teade on krüptitud sümmeetrilise šifri nõrga võtmega.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "probleem krüptitud paketi käsitlemisel\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "mittelokaalse programmi käivitamist ei toetata\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"väliste programmide käivitamine on blokeeritud, kuna seadete failil on\n"
-"ebaturvalised õigused\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"see platvorm nõuab väliste programmide käivitamiseks ajutiste failide "
-"kasutamist\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "süsteemi viga välise programmi kasutamisel: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "väline programm lõpetas erandlikult\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "välist programmi ei õnnestu käivitada\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "ei õnnestu lugeda välise programmi vastust: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "HOIATUS: ei õnnestu eemaldada ajutist kataloogi `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2605,405 +2458,405 @@ msgstr "mittekasutatav salajane võti"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: jätsin vahele: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "kirjutan faili `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "võti %08lX: alamvõtme allkiri on vales kohas - jätan vahele\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "võti %08lX: PGP 2.x stiilis võti - jätsin vahele\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "HOIATUS: midagi ei eksporditud\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "viga `%s' loomisel: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[Kasutaja id puudub]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "viga `%s' loomisel: %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "viga `%s' loomisel: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "näita sõrmejälge"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "salajast võtit `%s' ei leitud: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Vigane võti %08lX muudeti kehtivaks võtme --allow-non-selfsigned-uid "
 "kasutamisega\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "kasutan sekundaarset võtit %08lX primaarse võtme %08lX asemel\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "loo eraldiseisev allkiri"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[fail]|loo avateksti allkiri"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "loo eraldiseisev allkiri"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "krüpteeri andmed"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "krüpteerimine kasutades ainult sümmeetrilist šifrit"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dekrüpteeri andmed (vaikimisi)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "kontrolli allkirja"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "näita võtmeid"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "näita võtmeid ja allkirju"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "kontrolli võtmete allkirju"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "näita võtmeid ja sõrmejälgi"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "näita salajasi võtmeid"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "eemalda võtmed avalike võtmete hoidlast"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "eemalda võtmed salajaste võtmete hoidlast"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "allkirjasta võti"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "allkirjasta võti lokaalselt"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "allkirjasta võti"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "allkirjasta võti lokaalselt"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "allkirjasta või toimeta võtit"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "muuda parooli"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "ekspordi võtmed"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "ekspordi võtmed võtmeserverisse"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "impordi võtmed võtmeserverist"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "otsi võtmeid võtmeserverist"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "uuenda võtmeid võtmeserverist"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "impordi/mesti võtmed"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "uuenda usalduse andmebaasi"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [failid]|trüki teatelühendid"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NIMI|krüpti NIMEle"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "ära tee mingeid muutusi"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "küsi enne ülekirjutamist"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "loo ascii pakendis väljund"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "kasuta kanoonilist tekstimoodi"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|määra pakkimise tase N (0 blokeerib)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "impordi võtmed võtmeserverist"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "kontrolli võtmete allkirju"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "näita salajasi võtmeid"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NIMI|krüpti NIMEle"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "kasuta seda kasutaja IDd"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3011,7 +2864,7 @@ msgstr ""
 "@\n"
 "(Kõikide käskude ja võtmete täieliku kirjelduse leiate manualist)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3041,13 +2894,13 @@ msgstr ""
 " --list-keys [nimed]        näita võtmeid\n"
 " --fingerprint [nimed]      näita sõrmejälgi\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3062,7 +2915,7 @@ msgstr ""
 "allkirjasta, kontrolli, krüpti ja dekrüpti\n"
 "vaikimisi operatsioon sõltub sisendandmetest\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3070,551 +2923,566 @@ msgstr ""
 "\n"
 "Toetatud algoritmid:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Avalik võti: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Å iffer: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Räsi: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Pakkimine: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "kasuta: gpg [võtmed] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "vastuolulised käsud\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "grupi definitsioonis \"%s\" puudub sümbol =\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "tundmatu seade \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "antud allkirja poliisi URL on vigane\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "näita millisesse võtmehoidlasse näidatud võti kuulub"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "See käsklus ei ole %s moodis lubatud.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "MÄRKUS: %s ei ole tavapäraseks kasutamiseks!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Selline e-posti aadress ei ole lubatud\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "ei saa parsida võtmeserveri URI\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: vigased impordi võtmed\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: vigased impordi võtmed\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "antud allkirja poliisi URL on vigane\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "exec-path väärtuseks ei õnnestu seada %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: vigased ekspordi võtmed\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "vigased impordi võtmed\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "HOIATUS: programm võib salvestada oma mälupildi!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "HOIATUS: %s määrab üle %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s ja %s ei ole koos lubatud!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s ja %s ei oma koos mõtet!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valitud Å¡ifri algoritm ei ole lubatud\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "valitud lühendi algoritm ei ole lubatud\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valitud Å¡ifri algoritm ei ole lubatud\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "valitud sertifikaadi lühendi algoritm ei ole lubatud\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed peab olema suurem, kui 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed peab olema suurem, kui 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth peab olema vahemikus 1 kuni 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "vigane vaikimisi-sert-tase; peab olema 0, 1, 2 või 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "vigane min-sert-tase; peab olema 1, 2 või 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "MÄRKUS: lihtne S2K mood (0) ei soovitata kasutada\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "vigane S2K mood; peab olema 0, 1 või 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "vigased vaikimisi eelistused\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "vigased isikliku Å¡ifri eelistused\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "vigased isikliku Å¡ifri eelistused\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "vigased isikliku lühendi eelistused\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "vigased isikliku pakkimise eelistused\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "vigane võtme suurus; kasutan %u bitti\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ei tööta veel koos %s-ga\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "Å¡ifri algoritm \"%s\" ei ole moodis %s lubatud\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "pakkimise algoritm \"%s\" ei ole moodis %s lubatud\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "HOIATUS: määrati saajad (-r) aga ei kasutata avaliku võtme krüptograafiat\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "lahtikrüpteerimine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "%s ei ole moodis %s lubatud.\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "%s ei ole moodis %s lubatud.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "võtmeserverilt lugemine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "võtme eksport ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "võtme eksport ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "võtmeserveri otsing ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "võtmeserveri uuendamine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "lahtipakendamine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Kirjutage nüüd oma teade ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "antud sertifikaadi poliisi URL on vigane\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "antud allkirja poliisi URL on vigane\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "antud allkirja poliisi URL on vigane\n"
@@ -3628,7 +3496,7 @@ msgstr "võta võtmed sellest võtmehoidlast"
 msgid "make timestamp conflicts only a warning"
 msgstr "teata ajatemplite konfliktist ainult hoiatusega"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FP|kirjuta olekuinfo sellesse failipidemesse"
 
@@ -3679,300 +3547,316 @@ msgstr "uuenda usalduse andmebaasi"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "ei ole toetatud"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "näita sõrmejälge"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "näita sõrmejälge"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "mittekasutatav salajane võti"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "näita sõrmejälge"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "jätan bloki tüübiga %d vahele\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu võtit on seni töödeldud\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Töödeldud kokku: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr " vahele jäetud uusi võtmeid: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr " vahele jäetud uusi võtmeid: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "    puudub kasutaja ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "            imporditud: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "              muutmata: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "       uusi kasutajaid: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "      uusi alamvõtmeid: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "         uusi allkirju: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "      uusi tühistamisi: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr " loetud salajasi võtmeid: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr " salajasi võtmeid imporditud: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " muutmata salajasi võtmeid: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "       pole imporditud: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "         uusi allkirju: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr " loetud salajasi võtmeid: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "võti %08lX: kasutaja ID puudub\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "`%s' jätsin vahele: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "võti %08lX: HKP alamvõtme rike parandatud\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr ""
 "võti %08lX: aktsepteerisin iseenda poolt allakirjutamata kasutaja ID '%s'\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "võti %08lX: puudub kehtiv kasutaja ID\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "see võib olla põhjustatud puuduvast iseenda allkirjast\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "võti %08lX: avalikku võtit ei leitud: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "võti %08lX: uus võti - jätsin vahele\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "ei leia kirjutatavat võtmehoidlat: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "võti %08lX: avalik võti \"%s\" on imporditud\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "võti %08lX: ei sobi meie koopiaga\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "võti %08lX: \"%s\" 1 uus kasutaja ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "võti %08lX: \"%s\" 1 uus allkiri\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "võti %08lX: \"%s\" 1 uus alamvõti\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "võti %08lX: \"%s\" %d uut alamvõtit\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "võti %08lX: \"%s\" ei muudetud\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "võti %08lX: salajane võti on imporditud\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
@@ -3985,200 +3869,206 @@ msgstr "viga teate saatmisel serverile `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "salajast võtit `%s' ei leitud: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "võti %08lX: salajane võti vigase šifriga %d - jätsin vahele\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Põhjus puudub"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Võti on asendatud"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Võti on kompromiteeritud"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Võti ei ole enam kasutusel"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Kasutaja ID ei ole enam kehtiv"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "tühistamise põhjus: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "tühistamise kommentaar: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "võti %08lX: avalik võti puudub - tühistamise sertifikaati ei saa rakendada\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "võti %08lX: ei leia algset võtmeblokki: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "võti %08lX: ei õnnestu lugeda algset võtmeblokki: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "võti %08lX: vigane tühistamise sertifikaat: %s - lükkasin tagasi\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "võti %08lX: \"%s\" tühistamise sertifikaat imporditud\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "võti %08lX: allkirjal puudub kasutaja ID\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "võti %08lX: mittetoetatud avaliku võtme algoritm kasutajaga \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "võti %08lX: kasutajal \"%s\" on vigane iseenda allkiri\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "võti %08lX: mittetoetatud avaliku võtme algoritm\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "võti %08lX: lisatud vahetu võtme allkiri\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "võti %08lX: võtmeseosel puudub alamvõti\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "võti %08lX: vigane alamvõtme seos\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "võti %08lX: vigane mitme alamvõtme seos\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "võti %08lX: võtme tühistamiseks puudub alamvõti\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "võti %08lX: vigane alamvõtme tühistamine\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "võti %08lX: eemaldasin mitme alamvõtme tühistamise\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "võti %08lX: jätsin vahele kasutaja ID '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "võti %08lX: jätsin alamvõtme vahele\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "võti %08lX: mitte eksporditav allkiri (klass %02x) - jätan vahele\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "võti %08lX: tühistamise sertifikaat on vales kohas - jätan vahele\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "võti %08lX: vigane tühistamise sertifikaat: %s - jätan vahele\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "võti %08lX: alamvõtme allkiri on vales kohas - jätan vahele\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "võti %08lX: ootamatu allkirja klass (0x%02x) - jätan vahele\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "võti %08lX: tuvastasin dubleeritud kasutaja ID - mestisin\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "võti %08lX: tuvastasin dubleeritud kasutaja ID - mestisin\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "HOIATUS: võti %08lX võib olla tühistatud: laen tühistamise võtit %08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "HOIATUS: võti %08lX võib olla tühistatud: tühistamise võtit %08lX pole.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "võti %08lX: \"%s\" tühistamise sertifikaat lisatud\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "võti %08lX: lisatud vahetu võtme allkiri\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
@@ -4199,19 +4089,19 @@ msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Korrektne allkiri kasutajalt \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "`%s' jätsin vahele: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Kasutaja ID \"%s\" on tühistatud."
 msgstr[1] "Kasutaja ID \"%s\" on tühistatud."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4219,7 +4109,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 allkiri jäi testimata, kuna võti puudub\n"
 msgstr[1] "1 allkiri jäi testimata, kuna võti puudub\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4227,53 +4117,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d halba allkirja\n"
 msgstr[1] "%d halba allkirja\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Korrektne allkiri kasutajalt \""
 msgstr[1] "Korrektne allkiri kasutajalt \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "võtmehoidla `%s' on loodud\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "võtmehoidla `%s' on loodud\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "viga `%s' loomisel: %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "viga `%s' lugemisel: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
@@ -4286,7 +4171,7 @@ msgstr "[tühistamine]"
 msgid "[self-signature]"
 msgstr "[iseenda allkiri]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4299,12 +4184,12 @@ msgstr ""
 "passe, kontrollige erinevatest allikatest näpujälgi...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Usaldan vähesel määral\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Usaldan täiesti\n"
@@ -4331,12 +4216,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Kasutaja ID \"%s\" on tühistatud."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Olete kindel, et soovite seda ikka allkirjastada? (j/e) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Ei saa allkirjastada.\n"
 
@@ -4537,210 +4422,214 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Allkirjastan tõesti? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "allkirjastamine ebaõnnestus: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "salvesta ja välju"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "näita sõrmejälge"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Allkirja noteerimine: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "näita võtit ja kasutaja IDd"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "vali kasutaja ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "vali kasutaja ID N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "tühista allkirjad"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "allkirjasta võti lokaalselt"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Vihje: Valige allkirjastamiseks kasutaja\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "lisa kasutaja ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "lisa foto ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "kustuta kasutaja ID"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "kustuta sekundaarne võti"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "lisa tühistamise võti"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "v3 võtme aegumise aega ei saa muuta.\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "märgi kasutaja ID primaarseks"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "näita eelistusi (ekspert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "näita eelistusi (detailsena)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "ei saa parsida võtmeserveri URI\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "muuda parooli"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "muuda omaniku usaldust"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Kas tühistan tõesti kõik valitud kasutaja IDd? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "tühista kasutaja ID"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "tühista sekundaarne võti"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "luba võti"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "blokeeri võti"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "näita foto ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Salajane võti on kasutatav.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Salajane võti on kasutatav.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Selle tegamiseks on vaja salajast võtit.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4748,309 +4637,314 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Võti on tühistatud."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Kas allkirjastan tõesti kõik kasutaja IDd? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Kas allkirjastan tõesti kõik kasutaja IDd? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Vihje: Valige allkirjastamiseks kasutaja\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "tundmatu allkirja klass"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "See käsklus ei ole %s moodis lubatud.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Te peate valima vähemalt ühe kasutaja ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Viimast kasutaja ID ei saa kustutada!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Kas kustutan tõesti kõik kasutaja IDd? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Kas eemaldan tõesti selle kasutaja ID? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Kas eemaldan tõesti selle kasutaja ID? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Te peata valima vähemalt ühe võtme.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "`%s' ei õnnestu avada: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Te peata valima vähemalt ühe võtme.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Kas te tõesti soovite seda võtit kustutada? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Kas tühistan tõesti kõik valitud kasutaja IDd? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Kas tühistan tõesti selle kasutaja ID? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Kas te tõesti soovite seda võtit tühistada? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Kas te tõesti soovite valitud võtmeid tühistada? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Kas te tõesti soovite seda võtit tühistada? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "sea eelistuste nimekiri"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Kas tõesti uuendan seaded? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Salvestan muutused? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Väljun salvestamata? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Võtit ei muudetud, seega pole uuendamist vaja.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Viimast kasutaja ID ei saa kustutada!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "vigane väärtus\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Tundmatu kasutaja ID.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Võtmega %08lX pole midagi allkirjastada\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   allkirjastanud %08lX %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s ei ole lubatud kooditabel\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Teatelühend: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Omadused: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Noteering: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x stiilis kasutaja ID ei oma seadeid.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Selle võtme võib olla tühistanud %s võti "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Selle võtme võib olla tühistanud %s võti "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (tundlik)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "%s ei õnnestu luua: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[tühistatud] "
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [aegub: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [aegub: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " usaldus: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " usaldus: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "See võti on blokeeritud"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5058,19 +4952,19 @@ msgstr ""
 "Tuleb tähele panna et kuni te pole programmi uuesti käivitanud, ei pruugi\n"
 "näidatud võtme kehtivus olla tingimata korrektne.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[tühistatud] "
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5079,18 +4973,18 @@ msgstr ""
 "HOIATUS: ühtegi kasutaja ID pole märgitud primaarseks.  See käsklus võib\n"
 "              põhjustada muu kasutaja ID primaarseks määramist.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "v3 võtme aegumise aega ei saa muuta.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5099,35 +4993,35 @@ msgstr ""
 "HOIATUS: See on PGP2-stiilis võti. Foto ID lisamine võib sundida mõningaid\n"
 "         PGP versioone seda võtit tagasi lükkama.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Olete kindel, et soovite seda ikka lisada? (j/E) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Foto IDd ei saa PGP2 võtmele lisada.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Kustutan selle korrektse allkirja? (j/E/v)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Kustutan selle vigase allkirja? (j/E/v)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Kustutan selle tundmatu allkirja? (j/E/v)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Kas tõesti kustutan selle iseenda allkirja? (j/E)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5135,38 +5029,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Kustutatud %d allkiri.\n"
 msgstr[1] "Kustutatud %d allkiri.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Midagi ei kustutatud.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "vigane pakend"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Kasutaja ID \"%s\" on tühistatud."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Kasutaja ID \"%s\" on tühistatud."
 msgstr[1] "Kasutaja ID \"%s\" on tühistatud."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5175,41 +5069,41 @@ msgstr ""
 "HOIATUS: See on PGP2-stiilis võti. Määratud tühistaja lisamine võib\n"
 "         põhjustada mõningaid PGP versioone seda võtit tagasi lükkama.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "PGP 2.x-stiili võtmele ei saa määratud tühistajat lisada.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Sisestage määratud tühistaja kasutaja ID: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "PGP 2.x stiilis võtit ei saa nimetada määratud tühistajaks\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "te ei saa nimetada võtit iseenda määratud tühistajaks\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "HOIATUS: See võti on määratud tühistaja poolt tühistatud!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "HOIATUS: võtme seadmist määratud tühistajaks ei saa tagasi võtta!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Olete kindel, et soovite seda võtit seada määratud tühistajaks? (j/E): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5217,262 +5111,267 @@ msgid ""
 msgstr ""
 "Olete kindel, et soovite seda võtit seada määratud tühistajaks? (j/E): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Muudan sekundaarse võtme aegumise aega.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Muudan primaarse võtme aegumise aega.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "v3 võtme aegumise aega ei saa muuta.\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Muudan sekundaarse võtme aegumise aega.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Muudan primaarse võtme aegumise aega.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "HOIATUS: allkirjastamise alamvõti %08lX ei ole rist-sertifitseeritud\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Palun valige täpselt üks kasutaja ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "jätan kasutaja \"%s\" v3 iseenda allkirja vahele\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Allkirja noteerimine: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Kirjutan üle (j/E)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Kasutaja ID numbriga %d puudub\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Kasutaja ID numbriga %d puudub\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Kasutaja ID numbriga %d puudub\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Kasutaja ID numbriga %d puudub\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "kasutaja ID: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   allkirjastanud %08lX %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (mitte-eksporditav)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "See allkiri aegub %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Olete kindel, et soovite seda ikka tühistada? (j/E) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Loon sellele allkirjale tühistamise sertifikaadi? (j/E) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Te olete allkirjastanud järgnevad kasutaja IDd:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (mitte-eksporditav)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   tühistanud %08lX %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Te asute tühistama järgmisi allkirju:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Kas tõesti loon tühistamise sertifikaadid? (j/E) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "salajast võtit pole\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "HOIATUS: kasutaja ID allkirja ajatempel on %d sekundit tulevikus\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Viimast kasutaja ID ei saa kustutada!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Näitan %s foto IDd suurusega %ld, võti 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "vigased impordi võtmed\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "liiga palju `%c' eelistusi\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "liiga palju `%c' eelistusi\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "liiga palju `%c' eelistusi\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "liiga palju `%c' eelistusi\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "lubamatu sümbol eelistuste sõnes\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "kirjutan otsese allkirja\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "kirjutan iseenda allkirja\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "kirjutan võtit siduva allkirja\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "vigane võtme suurus; kasutan %u bitti\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "võtme suurus ümardatud üles %u bitini\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "krüpteeri andmed"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5486,169 +5385,179 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (ainult krüptimiseks)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA ja ElGamal (vaikimisi)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA ja ElGamal (vaikimisi)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (ainult allkirjastamiseks)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (ainult allkirjastamiseks)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (ainult krüptimiseks)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA ja ElGamal (vaikimisi)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) RSA (allkirjastamiseks ja krüptimiseks)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (vaikimisi)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (ainult allkirjastamiseks)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Allkirja noteerimine: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Kasutaja ID numbriga %d puudub\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: viga vaba kirje lugemisel: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "blokeeri võti"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "ümardatud üles %u bitini\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Millist võtmepikkust te soovite? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Soovitud võtmepikkus on %u bitti\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5664,7 +5573,7 @@ msgstr ""
 "      <n>m = võti aegub n kuuga\n"
 "      <n>y = võti aegub n aastaga\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5680,40 +5589,40 @@ msgstr ""
 "      <n>m = allkiri aegub n kuuga\n"
 "      <n>y = allkiri aegub n aastaga\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Võti on kehtiv kuni? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Allkiri on kehtiv kuni? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "vigane väärtus\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s ei aegu kunagi\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s ei aegu kunagi\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s aegub %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Allkiri aegub %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5721,12 +5630,12 @@ msgstr ""
 "Teie süsteem ei saa esitada kuupäevi peale aastat 2038.\n"
 "Siiski käsitletakse neid korrektselt aastani 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "On see õige (j/e)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5737,7 +5646,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5753,50 +5662,50 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Pärisnimi: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Lubamatu sümbol nimes\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Nimi ei või alata numbriga\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Nimes peab olema vähemalt 5 sümbolit\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-posti aadress: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Selline e-posti aadress ei ole lubatud\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Kommentaar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Lubamatu sümbol kommentaaris\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Te kasutate kooditabelit `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5807,7 +5716,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Ärge palun kirjutage e-posti aadressi pärisnimesse ega kommentaari\n"
 
@@ -5822,35 +5731,35 @@ msgstr "Ärge palun kirjutage e-posti aadressi pärisnimesse ega kommentaari\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKkEeOoVv"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (V)älju? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (O)k/(V)älju? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (V)älju? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (O)k/(V)älju? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Palun parandage kõigepealt viga\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5862,13 +5771,13 @@ msgstr ""
 "kasutada kettaid jne), see annaks juhuarvude generaatorile võimaluse\n"
 "koguda paremat entroopiat.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Võtme genereerimine ebaõnnestus: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5876,67 +5785,67 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "`%s' on juba pakitud\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 msgid "Create anyway? (y/N) "
 msgstr "Kasutan seda võtit ikka? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 msgid "creating anyway\n"
 msgstr "genereeri uus võtmepaar"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Võtme genereerimine katkestati.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "`%s' ei õnnestu luua: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "MÄRKUS: salajane võti %08lX aegus %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "kirjutan avaliku võtme faili `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "kirjutatavat avalike võtmete hoidlat pole: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "viga avaliku võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "avalik ja salajane võti on loodud ja allkirjastatud.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5946,64 +5855,64 @@ msgstr ""
 "Krüptimiseks tuleb genereerida teine võti, seda saate teha\n"
 "kasutades võtit \"--edit-key\".\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr "võti loodi %lu sekundit tulevikus (ajahüpe või kella probleem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "MÄRKUS: v3 võtmetele alamvõtmete loomine ei ole OpenPGP ühilduv\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Primaarse võtme salajased komponendid ei ole kättesaadavad.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Primaarse võtme salajased komponendid ei ole kättesaadavad.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Loon tõesti? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "mitte kunagi"
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kriitiline allkirja poliitika: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Allkirja poliitika: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kriitiline allkirja noteerimine: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Allkirja noteerimine: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6011,7 +5920,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d halba allkirja\n"
 msgstr[1] "%d halba allkirja\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6019,64 +5928,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 allkiri jäi vea tõttu kontrollimata\n"
 msgstr[1] "1 allkiri jäi vea tõttu kontrollimata\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Võtmehoidla"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primaarse võtme sõrmejälg:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "    Alamvõtme sõrmejälg:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Primaarse võtme sõrmejälg:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "     Alamvõtme sõrmejälg:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Võtme sõrmejälg ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "kontrollin võtmehoidlat `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "kontrollitud %lu võtit (%lu allkirja)\n"
 msgstr[1] "kontrollitud %lu võtit (%lu allkirja)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6084,508 +5993,511 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 halb allkiri\n"
 msgstr[1] "1 halb allkiri\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: võtmehoidla on loodud\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "antud allkirja poliisi URL on vigane\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "vigased ekspordi võtmed\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "küsin võtit %08lX võtmeserverist %s\n"
 msgstr[1] "küsin võtit %08lX võtmeserverist %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "küsin võtit %08lX võtmeserverist %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "küsin võtit %08lX võtmeserverist %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "vigased ekspordi võtmed\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "`%s' jätsin vahele: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "allkirjastatud teie võtmega %08lX %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "küsin võtit %08lX võtmeserverist %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "veider suurus krüptitud sessiooni võtme jaoks (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s krüpteeritud sessiooni võti\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "krüpteeritud tundmatu algoritmiga %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "krüpteeritud tundmatu algoritmiga %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "avalik võti on %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "avaliku võtmega krüpteeritud andmed: hea DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "krüpteeritud %u-bitise %s võtmega, ID %08lX, loodud %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "                 ka \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "krüpteeritud %s võtmega, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "avaliku võtmega lahtikrüpteerimine ebaõnnestus: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "krüpteeritud kasutades %lu parooli\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "krüpteeritud ühe parooliga\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "avaliku võtmega lahtikrüpteerimine ebaõnnestus: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "avaliku võtmega krüpteeritud andmed: hea DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "eeldan %s krüpteeritud andmeid\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA Å¡iffer pole saadaval, loodan kasutada selle asemel %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "HOIATUS: teate kooskõlalisus ei ole tagatud\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "lahtikrüpteerimine ebaõnnestus: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "lahtikrüpteerimine õnnestus\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "HOIATUS: krüpteeritud teadet on muudetud!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "lahtikrüpteerimine ebaõnnestus: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "MÄRKUS: saatja nõudis \"ainult-teie-silmadele\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "algne failinimi on='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "eraldiseisev tühistus - realiseerimiseks kasutage \"gpg --import\"\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Korrektne allkiri kasutajalt \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "HALB allkiri kasutajalt \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Aegunud allkiri kasutajalt \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Korrektne allkiri kasutajalt \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "allkirja kontroll jäeti ära\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "neid allkirju ei õnnestu töödelda\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Allkiri aegus %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "                 ka \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Allkirja lõi %.*s kasutades %s võtit ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                 ka \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Võtme leiate: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[ebakindel]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "                 ka \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "HOIATUS: Seda võtit ei ole sertifitseeritud usaldatava allkirjaga!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Allkiri aegus %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Allkiri aegub %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binaarne"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "tekstimood"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "tundmatu"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "tundmatu avaliku võtme algoritm"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Allkirja ei saa kontrollida: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "ei ole eraldiseisev allkiri\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "HOIATUS: leidsin mitu allkirja. Kontrollitakse ainult esimest.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "eraldiseisev allkiri klassiga 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "vana stiili (PGP 2.x) allkiri\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "faili ei õnnestu avada: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "ei oska käsitleda avaliku võtme algoritmi %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "realiseerimata Å¡ifri algoritm"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "viga lugemisel: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "viga lugemisel: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: ebasoovitav võti \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "palun kasutage selle asemel \"%s%s\"\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Pakkimata"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "Pakkimata"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "see teade ei pruugi olla programmiga %s kasutatav\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "loen võtmeid failist `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "tundmatu allkirja klass"
@@ -6610,95 +6522,85 @@ msgstr "%s: tundmatu suffiks\n"
 msgid "Enter new filename"
 msgstr "Sisestage uus failinimi"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "kirjutan standardväljundisse\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "eeldan allkirjastatud andmeid failis `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "ei oska käsitleda avaliku võtme algoritmi %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "HOIATUS: tõenäoliselt ebaturvaline sümmeetriliselt krüpteeritud sessiooni "
 "võti\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kriitiline allkirja noteerimine: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "alampaketil tüübiga %d on kriitiline bitt seatud\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "probleem agendiga: agent tagastas 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "muuda parooli"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Sisestage parool\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "katkestatud kasutaja poolt\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (peamise võtme ID %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Palun sisestage parool; see on salajane tekst \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6708,7 +6610,7 @@ msgid ""
 "%s"
 msgstr "%u-bitine %s võti, ID %08lX, loodud %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6722,35 +6624,82 @@ msgstr ""
 "väga suurt pilti, on ka kõti väha suur!\n"
 "Mõistlik pildi suurus võiks olla umbes 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Sisestage foto ID jaoks JPEG faili nimi: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "faili ei õnnestu avada: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\": ei ole JPEG fail\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "On see foto õige (j/E/v)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "mittelokaalse programmi käivitamist ei toetata\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"see platvorm nõuab väliste programmide käivitamiseks ajutiste failide "
+"kasutamist\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "väline programm lõpetas erandlikult\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "süsteemi viga välise programmi kasutamisel: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "HOIATUS: ei õnnestu eemaldada ajutist kataloogi `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"väliste programmide käivitamine on blokeeritud, kuna seadete failil on\n"
+"ebaturvalised õigused\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "foto ID ei saa näidata!\n"
@@ -6765,104 +6714,104 @@ msgstr "foto ID ei saa näidata!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iItTvVjJ"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Usalduse väärtus puudub:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "                 ka \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "See võti kuulub tõenäoliselt omanikule\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Ei tea\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = EI usalda\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Usaldan absoluutselt\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " t = tagasi põhimenüüsse\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " j = jäta see võti vahele\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " v = välju\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Teie otsus? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Kas te tõesti soovite seda võtit absoluutselt usaldada? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Sertifikaadid täiesti usaldatava võtmeni:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%08lX: Ei ole midagi, mis näitaks, et see võti kuulub omanikule\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%08lX: Ei ole midagi, mis näitaks, et see võti kuulub omanikule\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "See võti kuulub tõenäoliselt omanikule\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "See võti kuulub meile\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6874,7 +6823,7 @@ msgstr ""
 "võite järgnevale küsimusele vastata jaatavalt\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6886,93 +6835,110 @@ msgstr ""
 "võite järgnevale küsimusele vastata jaatavalt\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Kasutan seda võtit ikka? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "HOIATUS: Kasutan mitteusaldatavat võtit!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "HOIATUS: see võti võib olla tühistatud (tühistamise võtit pole)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "kasutaja ID: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "võti %08lX: ei sobi meie koopiaga\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "HOIATUS: See võti on määratud tühistaja poolt tühistatud!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "HOIATUS: See võti on omaniku poolt tühistatud!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         See võib tähendada, et allkiri on võltsing.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "HOIATUS: See alamvõti on omaniku poolt tühistatud!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Märkus: See võti on blokeeritud.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Märkus: See võti on aegunud!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "HOIATUS: Seda võtit ei ole sertifitseeritud usaldatava allkirjaga!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "HOIATUS: Seda võtit ei ole sertifitseeritud usaldatava allkirjaga!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Ei ole midagi, mis näitaks, et allkiri kuulub omanikule.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "HOIATUS: Me EI usalda seda võtit!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Allkiri on tõenäoliselt VÕLTSING.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"HOIATUS: Seda võtit ei ole sertifitseeritud piisavalt usaldatava "
+"allkirjaga!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -6980,51 +6946,51 @@ msgstr ""
 "HOIATUS: Seda võtit ei ole sertifitseeritud piisavalt usaldatava "
 "allkirjaga!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Ei ole kindel, et allkiri kuulub omanikule.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: jätsin vahele: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: jätsin vahele: avalik võti on blokeeritud\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Te ei määranud kasutaja IDd. (võite kasutada võtit \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7032,40 +6998,40 @@ msgstr ""
 "\n"
 "Sisestage kasutaja ID.  Lõpetage tühja reaga: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Tundmatu kasutaja ID.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "jätsin vahele: avalik võti on juba vaikimisi saaja\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Avalik võti on blokeeritud.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "kehtivaid aadresse pole\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "võti %08lX: kasutaja ID puudub\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "võti %08lX: kasutaja ID puudub\n"
@@ -7075,78 +7041,83 @@ msgstr "võti %08lX: kasutaja ID puudub\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "andmeid ei salvestatud; salvestamiseks kasutage võtit \"--output\"\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Eraldiseisev allkiri.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Palun sisestage andmefaili nimi: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "loen standardsisendit ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "allkirjastatud andmeid pole\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "allkirjastatud andmete avamine ebaõnnestus `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "allkirjastatud andmete avamine ebaõnnestus `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "võti %08lX: kasutaja ID puudub\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonüümne saaja; proovin salajast võtit %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "võti %08lX: kasutaja ID puudub\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "ok, me oleme anonüümne teate saaja.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "vana DEK kodeerimine ei ole toetatud\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "šifri algoritm %d%s on tundmatu või blokeeritud\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "MÄRKUS: šifri algoritm %d puudub eelistustes\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "MÄRKUS: salajane võti %08lX aegus %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "MÄRKUS: võti on tühistatud"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet ebaõnnestus: %s\n"
@@ -7164,50 +7135,50 @@ msgstr "Tühistaja:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(See on tundlik tühistamise võti)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Salajane võti on kasutatav.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Väljundis sunnitakse kasutama ASCII vormingut.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet ebaõnnestus: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr ""
 "`%s' jaoks pole tühistamise võtmeid\n"
 "\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7216,20 +7187,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "salajast võtit `%s' ei leitud: %s\n"
@@ -7242,18 +7213,18 @@ msgstr "salajast võtit `%s' ei leitud: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7274,38 +7245,38 @@ msgstr ""
 "trükisüsteem\n"
 "võib salvestada need andmed ja teha teistele kättesaadavaks! \n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Palun valige tühistamise põhjus:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Katkesta"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Tõenäoliselt soovite siin valida %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Sisestage mittekohustuslik kirjeldus. Lõpetage tühja reaga:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Tühistamise põhjus: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Kirjeldust ei antud)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "On see hästi? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "loodi nõrk võti - proovin uuesti\n"
@@ -7317,62 +7288,57 @@ msgstr ""
 "sümmeetrilises šifris ei õnnestu vältida nõrga võtme kasutamist; proovisin "
 "%d korda!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "%s ei ole moodis %s lubatud.\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "HOIATUS: allkirja lühend on teatega konfliktne\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+#| msgid "you may not use %s while in %s mode\n"
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "%s ei ole moodis %s lubatud.\n"
+
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "HOIATUS: allkirjastamise alamvõti %08lX ei ole rist-sertifitseeritud\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = esita palun täiendavat infot\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "HOIATUS: allkirjastamise alamvõtmel %08lX on vigane rist-sertifikaat\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "avalik võti %08lX on %lu sekund uuem, kui allkiri\n"
 msgstr[1] "avalik võti %08lX on %lu sekund uuem, kui allkiri\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "avalik võti %08lX on %lu sekund uuem, kui allkiri\n"
 msgstr[1] "avalik võti %08lX on %lu sekund uuem, kui allkiri\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7381,7 +7347,7 @@ msgid_plural ""
 msgstr[0] "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
 msgstr[1] "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7389,51 +7355,51 @@ msgid_plural ""
 msgstr[0] "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
 msgstr[1] "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "MÄRKUS: allkirja võti %08lX aegus %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "MÄRKUS: võti on tühistatud"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "eraldiseisev allkiri klassiga 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "eraldiseisev allkiri klassiga 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "eeldan tundmatu kriitilise biti tõttu võtmel %08lX vigast allkirja\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "võti %08lX: alamvõtme tühistamise paketile puudub alamvõti\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "võti %08lX: alamvõtme allkirjaga sidumiseks puudub alamvõti\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "HOIATUS: noteerimise %%-asendus ebaõnnestus (liiga suur). Kasutan "
 "kompaktset.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7441,7 +7407,7 @@ msgstr ""
 "HOIATUS: poliisi urli %%-asendus ebaõnnestus (liiga suur). Kasutan "
 "kompaktset.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7450,52 +7416,53 @@ msgstr ""
 "HOIATUS: poliisi urli %%-asendus ebaõnnestus (liiga suur). Kasutan "
 "kompaktset.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s allkiri kasutajalt: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "allkirjastan:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "kasutatakse %s krüpteerimist\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "võti ei ole märgitud ebaturvaliseks - sellega ei saa võlts RNGd kasutada!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "`%s' jätsin vahele: duplikaat\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "jätsin vahele: avalik võti on juba olemas\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "jätsin `%s' vahele: see on PGP genereeritud ElGamal võti,\n"
 "mis ei ole allkirjades kasutamiseks turvaline!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "usalduse kirje %lu, tüüp %d: kirjutamine ebaõnnestus: %s\n"
@@ -7509,46 +7476,46 @@ msgstr ""
 "# Omistatud usalduse väärtuste loend, loodud: %s\n"
 "# (Taastamiseks kasutage \"gpg --import-ownertrust\")\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "rida on liiga pikk\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "impordi usalduse väärtused"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "viga usalduse kirje otsimisel: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "viga lugemisel: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sync ebaõnnestus: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "`%s' ei õnnestu luua: %s\n"
@@ -7558,12 +7525,12 @@ msgstr "`%s' ei õnnestu luua: %s\n"
 msgid "can't lock '%s'\n"
 msgstr "`%s' ei õnnestu avada\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb kirje %lu: lseek ebaõnnestus: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
@@ -7578,7 +7545,7 @@ msgstr "trustdb transaktsioon on liiga suur\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: kataloogi ei ole!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "`%s' ei õnnestu sulgeda: %s\n"
@@ -7620,7 +7587,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: viga versioonikirje uuendamisel: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: viga versioonikirje lugemisel: %s\n"
@@ -7630,52 +7597,52 @@ msgstr "%s: viga versioonikirje lugemisel: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: viga versioonikirje kirjutamisel: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek ebaõnnestus: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: ei ole trustdb fail\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versioonikirje kirje numbriga %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: vigane faili versioon %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: viga vaba kirje lugemisel: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: kirje nullimine ebaõnnestus: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: kirje lisamine ebaõnnestus: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: trustdb on loodud\n"
@@ -7717,10 +7684,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
@@ -7742,7 +7709,7 @@ msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
@@ -7914,111 +7881,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Kustutatud %d allkirja.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "krüpteeritud kasutades %lu parooli\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Poliis: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8035,116 +8002,116 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' ei ole kehtiv pikk võtmeID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "võti %08lX: aktsepteerin usaldusväärse võtmena\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "võti %08lX esineb trustdb failis enam kui korra\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "võti %08lX: usaldataval võtmel pole avalikku võtit - jätsin vahele\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "võti on märgitud abslouutselt usaldatuks.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "usalduse kirje %lu, päringu tüüp %d: lugemine ebaõnnestus: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "usalduse kirje %lu ei oma soovitud tüüpi %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "trustdb kontrolliks puudub vajadus\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "trustdb järgmine kontroll %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "trustdb kontrolliks puudub vajadus\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "trustdb kontrolliks puudub vajadus\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "ei leia avalikku võtit %08lX: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "palun tehke --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrollin trustdb faili\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu võtit on seni töödeldud\n"
 msgstr[1] "%lu võtit on seni töödeldud\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8152,45 +8119,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d võtit töödeldud (%d kehtivust puhastatud)\n"
 msgstr[1] "%d võtit töödeldud (%d kehtivust puhastatud)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "absoluutselt usaldatavaid võtmeid pole\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "puudub absoluutselt usaldatava võtme %08lX avalik võti\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "usalduse kirje %lu, tüüp %d: kirjutamine ebaõnnestus: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "mitte kunagi"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8202,43 +8169,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[tühistatud] "
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[aegunud] "
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "tundmatu"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "mitte kunagi"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8263,20 +8230,31 @@ msgstr "sisendrida %u on liiga pikk või seavahetus puudub\n"
 msgid "can't open fd %d: %s\n"
 msgstr "`%s' ei õnnestu avada: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "HOIATUS: teate kooskõlalisus ei ole tagatud\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "loen võtmeid failist `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8286,129 +8264,225 @@ msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "muuda parooli"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "muuda parooli"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "muuda parooli"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "`%s' on juba pakitud\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "genereeri uus võtmepaar"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "genereeri uus võtmepaar"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "eemalda võtmed avalike võtmete hoidlast"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Võtme genereerimine ebaõnnestus: %s\n"
+msgstr[1] "Võtme genereerimine ebaõnnestus: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "muuda parooli"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Palun valige tühistamise põhjus:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "muuda parooli"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Märkus: See võti on blokeeritud.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "muuda parooli"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Palun valige tühistamise põhjus:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "eemalda võtmed avalike võtmete hoidlast"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
@@ -8416,43 +8490,43 @@ msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "muuda parooli"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8460,22 +8534,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "muuda parooli"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Palun valige tühistamise põhjus:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8483,123 +8557,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "muuda parooli"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "muuda parooli"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "viga võtmebloki lugemisel: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: viga vaba kirje lugemisel: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "`%s' on juba pakitud\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "genereeri uus võtmepaar"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "genereeri uus võtmepaar"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "mittetoetatud URI"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Võtme genereerimine ebaõnnestus: %s\n"
-msgstr[1] "Võtme genereerimine ebaõnnestus: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "ei leia OpenPGP andmeid.\n"
@@ -8612,101 +8644,99 @@ msgstr "muuda parooli"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NIMI|kasuta NIME vaikimisi saajana"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NIMI|kasuta NIME vaikimisi saajana"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "ära kasuta terminali"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "vastuolulised käsud\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "help"
@@ -8740,7 +8770,7 @@ msgstr "kirjutan salajase võtme faili `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
@@ -8755,7 +8785,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8776,240 +8806,240 @@ msgstr "viga parooli loomisel: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "MÄRKUS: võti on tühistatud"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "kirjutan salajase võtme faili `%s'\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "See võti on aegunud!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "See võti on aegunud!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "See võti on aegunud!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "See võti on aegunud!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "         uusi allkirju: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "halb sertifikaat"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "näita sõrmejälge"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "kontrolli allkirja"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "halb sertifikaat"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "ei töödeldud"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "ei"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9022,177 +9052,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u-bitti %s võti, ID %08lX, loodud %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "halb sertifikaat"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Selline e-posti aadress ei ole lubatud\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "võti %08lX: vigane alamvõtme seos\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "viga võtmehoidla `%s' loomisel: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Võtme genereerimine ebaõnnestus: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (allkirjastamiseks ja krüptimiseks)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (ainult allkirjastamiseks)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (ainult krüpteerimiseks)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Kirjeldust ei antud)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "vigane räsialgoritm `%s'\n"
@@ -9202,261 +9242,255 @@ msgstr "vigane räsialgoritm `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "vigane räsialgoritm `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "E-posti aadress: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Sisestage kasutaja ID.  Lõpetage tühja reaga: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Sisestage uus failinimi"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Sisestage mittekohustuslik kirjeldus. Lõpetage tühja reaga:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "viga parooli loomisel: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s krüpteeritud andmed\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "krüpteeritud %s võtmega, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "viga võtmebloki lugemisel: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Kirjeldust ei antud)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "näita salajasi võtmeid"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "halb sertifikaat"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "halb sertifikaat"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "halb sertifikaat"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "ära kasuta terminali"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "loo ascii pakendis väljund"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "lisa see võtmehoidla võtmehoidlate nimekirja"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|kasuta seda võtmeserverit"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NIMI|kasuta paroolidega Å¡ifri algoritmi NIMI"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NIMI|kasuta Å¡ifri algoritmi NIMI"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NIMI|kasuta teatelühendi algoritmi NIMI"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "pakettmood: ära küsi kunagi"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "eelda enamus küsimustele jah vastust"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "eelda enamus küsimustele ei vastust"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9467,87 +9501,122 @@ msgstr ""
 "allkirjasta, kontrolli, krüpti ja dekrüpti\n"
 "vaikimisi operatsioon sõltub sisendandmetest\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " j = jäta see võti vahele\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "ei saa parsida võtmeserveri URI\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "kirjutan faili `%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "`%s' ei õnnestu sulgeda: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Töödeldud kokku: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? probleem tühistamise kontrollimisel: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9556,17 +9625,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9577,14 +9646,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9592,53 +9661,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "kaitse algoritm %d%s ei ole toetatud\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Allkirja lõi %.*s kasutades %s võtit ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Allkiri aegus %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "pakend: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Korrektne allkiri kasutajalt \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                 ka \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9665,101 +9739,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "`%s' ei õnnestu luua: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "näita sõrmejälge"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "halb sertifikaat"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "viga parooli loomisel: %s\n"
@@ -10284,64 +10358,64 @@ msgstr "võtit '%s' ei leitud: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Tühistamise sertifikaat on loodud.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "halb sertifikaat"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "halb sertifikaat"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "halb sertifikaat"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "halb sertifikaat"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Sisestage määratud tühistaja kasutaja ID: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10349,226 +10423,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "eelistus %c%lu on duplikaat\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "MÄRKUS: võti on tühistatud"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "ei õnnestu lugeda `%s' atribuute: %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Toetatud algoritmid:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "ei saa parsida võtmeserveri URI\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|HOST|kasuta seda võtmeserverit"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "ei saa parsida võtmeserveri URI\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10581,126 +10650,315 @@ msgstr ""
 "@\n"
 "(Kõikide käskude ja võtmete täieliku kirjelduse leiate manualist)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "kasuta: gpg [võtmed] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s ja %s ei ole koos lubatud!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "pakendamine ebaõnnestus: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "rida on liiga pikk\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "viga: vigane sõrmejälg\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "viga lugemisel: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "ei töödeldud"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NIMI|terminali kooditabel on NIMI"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NIMI|kasuta NIME vaikimisi saajana"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "vigased impordi võtmed\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "loen failist `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "    puudub kasutaja ID: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "                 ka \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "                 ka \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "       pole imporditud: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "                 ka \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "                 ka \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "HOIATUS: kasutan ebaturvalist mälu!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "lahtipakendamine ebaõnnestus: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\": ei ole JPEG fail\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "liiga palju `%c' eelistusi\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "kirjutan faili `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "viga `%s' lugemisel: %s\n"
@@ -10730,51 +10988,31 @@ msgstr "uuendamine ebaõnnestus: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "otsin \"%s\" HKP serverist %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\": ei ole JPEG fail\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " j = jäta see võti vahele\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10862,93 +11100,93 @@ msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "võtit '%s' ei leitud: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "genereeri tühistamise sertifikaat"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "puudub salajaste võtmete vaikimisi võtmehoidla: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "kasutan Å¡iffrit %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "viga parooli loomisel: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "MÄRKUS: võti on tühistatud"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10958,68 +11196,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "allkirjastamine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "allkirjastamine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "`%s' ei õnnestu luua: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: paisktabeli loomine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11065,251 +11307,269 @@ msgstr "eelistus %c%lu on duplikaat\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "välju"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FAIL|lae laiendusmoodul FAIL"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "rida on liiga pikk\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "tundmatu vaikimisi saaja `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "allkirjastamine ebaõnnestus: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "viga teate saatmisel serverile `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "avalik võti on %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "võrgu viga"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "halb parool"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "ei leia avalikku võtit"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Palun kasutage kõigepealt käsku \"toggle\".\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "viga `%s' lugemisel: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "tundmatu seade \"%s\"\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "tundmatu seade \"%s\"\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "uuenda usalduse andmebaasi"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "kasuta väljundfailina"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "ei leia avalikku võtit"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "kirjutan salajase võtme faili `%s'\n"
@@ -11325,114 +11585,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "kirjutan faili `%s'\n"
+msgid "authenticate to the card"
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "otsi võtmeid võtmeserverist"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NIMI|kasuta NIME vaikimisi saajana"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Väljun salvestamata? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "muuda aegumise kuupäeva"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "küsin võtit %08lX võtmeserverist %s\n"
+msgid "read a certificate from a data object"
+msgstr "Tühistamise sertifikaat on loodud.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Kirjeldust ei antud)\n"
+msgid "store a certificate to a data object"
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "ei saa parsida võtmeserveri URI\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "muuda parooli"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NIMI|terminali kooditabel on NIMI"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NIMI|kasuta NIME vaikimisi saajana"
+#~ msgid "use a log file for the server"
+#~ msgstr "otsi võtmeid võtmeserverist"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+#~ msgid "argument not expected"
+#~ msgstr "kirjutan salajase võtme faili `%s'\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "vigased impordi võtmed\n"
+#~ msgid "read error"
+#~ msgstr "viga faili lugemisel"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "rida on liiga pikk\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "vigane argument"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "vigane pakend"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "vastuolulised käsud\n"
+
+#, fuzzy
+#~ msgid "invalid alias definition"
+#~ msgstr "vigased impordi võtmed\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "võtit '%s' ei leitud: %s\n"
+#~ msgid "out of core"
+#~ msgstr "ei töödeldud"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "loen failist `%s'\n"
+#~ msgid "invalid meta command"
+#~ msgstr "vastuolulised käsud\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "    puudub kasutaja ID: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "tundmatu vaikimisi saaja `%s'\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                 ka \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "ootamatud andmed"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "                 ka \""
+#~ msgid "invalid option"
+#~ msgstr "vigased impordi võtmed\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "       pole imporditud: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Vigane käsklus (proovige \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                 ka \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "vigased impordi võtmed\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                 ka \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "MÄRKUS: vaikimisi võtmete fail `%s' puudub\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Kirjeldust ei antud)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "võtmete fail `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "HOIATUS: kasutan ebaturvalist mälu!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "%s ei ole moodis %s lubatud.\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "pakendamine ebaõnnestus: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "välist programmi ei õnnestu käivitada\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "ei õnnestu lugeda välise programmi vastust: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "pakendamine ebaõnnestus: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA ja ElGamal (vaikimisi)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "lahtipakendamine ebaõnnestus: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Väljun salvestamata? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11481,8 +11816,8 @@ msgstr ""
 #~ msgstr "%s ei õnnestu avada: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "viga `%s' lugemisel: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11537,12 +11872,6 @@ msgstr ""
 #~ msgstr "viga parooli loomisel: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "%s ei ole moodis %s lubatud.\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12809,9 +13138,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "kustuta allkirjad"
 
-#~ msgid "change the expire date"
-#~ msgstr "muuda aegumise kuupäeva"
-
 #~ msgid "set preference list"
 #~ msgstr "sea eelistuste nimekiri"
 
@@ -13238,9 +13564,6 @@ msgstr ""
 #~ "MÄRKUS: Tuvastasin Elgamal primaarvõtme - importimine võib võtta mõne "
 #~ "aja\n"
 
-#~ msgid " (default)"
-#~ msgstr " (vaikimisi)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  loodud: %s aegub: %s"
 
diff --git a/po/fi.gmo b/po/fi.gmo
index 195cd296d2643f1a088b37024f2a0dd6d61428b4..16bc166661215e3c7e983c57f95bc38807463463 100644
GIT binary patch
delta 9162
zcmYk>2Y6Lgy2kO9&><ltgkEye2qlCXS_DGxy>~)5gak++2_RAqy(1vOgeJ(0qKpg|
zLXlCVC=4P^aR9+#1{o9tm8%0HddK^J&sxmGe*DgFeQWQt_G)`4#8X!T_k0%UyBSt=
zqv6;dU`%xk4>qQLpfN#JRcp-gC~`c3CAsDYtVI4K+L&rsF2;T@-r3DL!MVt}13Pm4
zQB1(VSYx^w<1>vY=*F|L3KqD0zw;tirv8D;i`6oQHcS-qpXtI!JZ7TW*@9vCuFF5c
zQ1ZK|_Mf`?@Hk^eaevc@LJdx=MU7|=>V_X<P5cTOv<awf41F*$NE@a*M&dMAzX5gK
z5oB`Am&jL*sbh=>YNI;X4a0GQa_(<tyNUwT)b7D@cnWF5TtSWachnbS>KaoXTcU2%
z3)RtS&UMbcsP-<PI{Y<i0KxU_j5R@@dN`IsS6q%k_^I<IYG&@E_CP7-xgj=3t>Hw}
zHp$20xF4I~5p0Uzp}rTzhpz97CDDhaaCv>^KbXQRRJ6h!s2kouEyXXW5mw;a8bM3v
zSkz1`Lp8V+yWks`jNf4!OlV*XeK%9EHEzNXyoy??ZyGTFx^ZcSrA^ZbwONL`JOk;2
znTw_IPpA$ZLXG%3s-at0fJGb825v(Q<Th%C0vg*Ts*YN^B#gj5J_=zJvQWEoA?gcT
zQJe5ER=`WBo_~$%;A5<aC7ExnX#|$QPUyj2sJ)Zv@_f_)-bH=?LoAQJzqyKgs1E#!
z>Och+P$O%I+O-2vU!02S`9jo4ccKUHVk(wOv@<jXHFN8ceQS>4S9lML2N-j%nSX#j
zbGf-)!w0AlKf*FtwgrzSRz;1ZC#qx9QB%7PJ@{vwOM@3t1L)Pt7?#(hVFk>0?!j>K
z4>1g{VM{&#_bJdR6Psjr=?K(gvl6S~PE<ojF%mDM9=AuRhQeR4GZcqG<Q-9)t{+y$
zx#+=HU49tV?j?-n{^mXf^*od<s=OX%<DXEwxF#Q(iBU+ES&QB9JTmL1Qd`@ho~X?^
z3Hi^g<wLLBi>U91C)>T!8M~5CMm>t=psTozE6C&9*&ZIk_T-<U)-ar;1GYh)FtZSo
zaUXWZAJGIbtz5*r#<b$@y0I74v3z9Tn)grx`Mx9L<;gMe?4&3hg?i5CV=V4M-XZ2Z
zYKfkro`QzltsExf80?3d`hBkc1JoY6hy(Bj>iZ3NNodBrSQa;T@!3uBHWk5CeBe%;
zLp?4xuo`}i)iIEHQyziZ6G^DYupbu3iKsQt!Wy_7HIO$^BR_}g$nU7Vljvh1*+-@;
zvJK2)RKq8nSFslPcP<a_ZXc_<SeyExsOuM?I+l-`@<LR{?l^yQmhWL_t}d#Bz9b6T
z?ZaHfG}IT@qNemsjKD(F3|z(-e25xZg`RfvC854I9MzF&SO(XicKaseE9L;|d#0Da
z9iOR1A(^}fsw1m0690%L@igkj7cmqcpc?p(Gp4ugP<K=ZvM>RcqL$(yszVo0?R<+`
ziV}TvKi0pMzhF#%tjCEA)CgZiP5pZ={|d|Mi+znLf)!CWtcq+8(+F8sGYj<~oJ37=
zv3}NQR0rCjW@I!*aDOw4LQUL+TFZB_6kb4Gcnvj@pHT0Kp#HYL7M3G#hpO+7aX1;(
zULLB$g{Zx95(Du*s$<`yuQY`qo)J}4LS2xE>S+tq3=BdwGzUX)6>5pLpuTq$^=iF=
zy75EQ5`_%39ZN*D(+BI|4AgZy1~UH|;V~+-$*!Yr{1jDRX^`C$jh)>wiu!S=5ih~I
zxE<A@v#6zefEq~XV16WHIBEb@kO#@s#xTqt%=~N9EulhhsBO*@7*2i%E8<fO#?T?Q
z=Mkvu+n|<U95%rm)W~-^&!cYq6KbXdhuRwlJ3T%M8c`E0kAqRWJ_9|NgNc}j8rfOY
z%=~~&vGg!|!?viI@M1$;hic~pCg53j{uf+F9y8o-cHcn?4XC(<>Uro0`+{kXs`p|%
zZbWtTBx()spw=*Cr0q}wddRzB70kfuxEOWa>sSJhqh{_5di3+|0R^o^@F@F54=Qhk
zm9Q5!Loa%8E2^QRsOwH)b-af4@e!&6(WC8+Tcg?;iMl=)wKtYw5k3DaDKw|zW%S@_
z)Kq_i+LS?K>|+&=qXLW>h%Kq#KbDywe}LL67021fv>tlMJ7OeyQA@MTo!{^BPq3|z
z6OSoqEt{p<pH`Dl9XN(H@n5K=DKg$pT^+1J-V1f(NvOwbK5FfEq1wBKdLIOPZATK(
zLp}sGBQK&an!-8?YTy7)!W%B{GQoBv6Sd|W(1S-&Z_1mlzI2+saZ_wWy%)9V@|~wq
z*FQqdMC3$k&xy>xhl-h0=rJomt>s>qpL6+b45i+r+szn;dMetY)^s{*M9VQ2cVHBr
zcKJPLNQS*nB5JSn%wYaic!>%%_!jCpzKQ)YjOoxD&x=7g9d(0+sHfvCtc%xBBQG-9
zo=?Q0<Rh>Zj>Q*n3u>=jLtS6aH^n}u?Xe6MJ+KrG!M2!!8p-RZ8-Ij)8oouXab%|L
z_+ZqoUyY^lP3(;Oum?Ut-pZz9mhDghCXxFtQ_v;~nQGTC2Gzqss0P=drhXS{s*j*%
z>KvBEz-jh}Rw(Mmaj5S%MlLZK$OB_;p!Ql)w%xpAFh<Y+Tnc*g?L@8pA?Ic1L-bG|
zoMStZfDz=$SOLdkIh=vo1Ithy*p8aftEhHwV`DVA?v0D3_52T}poUT~9A~0#uo~;*
zJE+I)I>zG@)JS5d+Z%R64|xi9#D%Dt`zy}GTUZN+&9J|S%ttNhRxIfY;5nzz63=k8
zP6W=fJ&(oO<c%;0hod@_hT3!+u_7Kvb?7Q;q`%@HXs_~1_WkkxY`f++unOlZ&atoT
zhUn9j^>7ub*nxZ=w#1VdhreMs#>};wuq9R}AA{v_4o2cStbqHmDxN_t!EJ1VKcHqJ
zVV>J#^O%2Ctf8VF9zf;)MD?@;%aezZI3EvTS8PtA-8&z9<NG)a%Pep|D^TriMGfE#
zj>U)A3;Qj!FSP9oX|M$qA5)<Q0vFje9*Jsr1-^#YP$QnX*sgINYA<|&eX;lw`+N_<
zf#i9p`g>R=fazaqH(%#v_9>f%dVlQpQP7C4V;78GZZDXGb;!43BA&)3_#5hl(r|_S
z-Xzo%A8;N=#$?W+9?zaD?GlZ^VDc=Sg>$hk`hKRMhND*5$7nEW>eHMHP;0sc!*Cy}
z=O1B1{5N_qcD0?M&dyXUMg4rNi7PQ4-^QkR1zW1GW!Bh#40b|ovPIYi3vd)(MeXv$
zm+h;#C#u6EQ5{`}t#LOd;9b<FuC&&6r~ztbdtz<OL*3^n`hWlbj6w(%-=a3(Q!I~>
z>+Iv0h|%OjF$m{iWn6(Za3`wa;~0bYP$Mq8-gcxuMv`~JGMI+?ehyC1TCJuKi$9@8
zQsotXr^g|vDc^+p!aG<JPhkXJK#k;k)E+6a!9AYXfP4(<y0xhDd$BRzarKq+n19{4
z1qIf^j7Igmz<C(;g)7(yOKr3bCt(xvNvN6Ijzw@Udaw{v@pBxHEnc;M(Ab9RSh;-r
zcqZqw{`IMtOoeW=8JppG)RY!2u+MLO)QtwA2fe5zS&ACrZqyW?#me{qt6{NCcI1($
zr5S?SOLI_rWy2=sKaj#nDjMP`ERBy*GZC=ap7)?`5RGc6lgl%(D*0+ugS${2zk>Sy
z@7NS;Zm~-{0M+637>E0O6!c>G0=4-bqi#@RtKHr0QRhdZmTDH(!R=TNKXyLC>g18z
z><g_8sv|Q|9ovCL@giyye~y|7-z^F$6rP|O82*~w{WDQFSmiv7mB??SrubJ3!|?5P
zq;aSv?2OfL7HX|GqJF5ILJjOLmdD^7{_p!tBn1x@O`U^KQ!@i2@HGs@4^Shzgl+K`
z)J(K|-7Y~Yb|asMsy~C;OFug6?6iNP8H?J?Y1mBf%1sm&QgI2BaKInz1#3}LcLFuC
zhu9jU|Hv;Nn1briPHc&vU?diM!wx78wWM891IlvdqdIsD%W!{lkAmLCkDQ)2?G*OF
z8q}v@Ra}DMxC7haK~zIOqt-NXmtE5YRC}GAQ&An;f*R0K)XY9Wp9(>5*<Buw<;WXg
z2TaB&T#VYqyD%ER#CSAs`~Tc$`UlvlSJgg!a5SXuj4k><r}H_9Ivq@uX=KY9KYwZ=
ziV~~c1+kRp6Lra>i3+ZM25J-P=tlVm97?oO#dF7L%I_0emM+9RuH~g?*yH|VJoz`2
z8fpEX9c?LS$0l;}9ZbL<aUc;+S;sj15PP}2rt=nc(_ER=F#kg=BJYSh2pyVw9RuBU
z{^Z&H$CK%KoJ>^Zg5^Xf$`gp639b7GLXTdAYhV!N-o#7KHCT`GM&d<c4Cf{zt7R(U
z65@5r&kk*B|NUoDXyIxba8WSjBg8bKkZ4ZmD9<^)6LcgK+2ndO*#_nj!2@DGAchf5
zIrl2zrObn6CQ$wg`=O2j#Owg>f0)9j#J9w4;s6olE;>&+&6QVRs4JJGUdMKeS%7Uh
z*PJNk>h9nTLcdv8B6KXn6fE!0_z@hy_%liLqR?@O@VbkYSD}0#=P2P=NL=!l?8hL^
zM^L=!>SmJnCVG*_5P6jK&hSq&Rv}IjI%X3;>BM?2T1n{0bar=^rEZA-48OrrH`vvy
z>LsEh`4en||G*dUMI246Ctf2zh@TS~L^a|n5l=mDaO0a#A&SB=LWlmMkxpE(sp;dK
zLfvD^zqnj4q!8+K%pzX)m-wLW@6Z{y5rMA0HRZFE!-(Hq-8D_jyCi)$*_F`IhWID3
zm&hl^5=q3fV>g9ZuH8)NS8E-~_z~{$XZE!`nz~vp7bl3LM2HfO0h}MH^?!EgZ#zp#
zX5n@G)tv|+{}1IQE*FW!T%suFbo?*T%9V>#UPqK7niBse&JjA+TFg|g&8Gad?mvR0
z9iAe-BgT;H--Sbozmb1Tj3RVIQkOv#q3j|4Otd3^cHE<o=8{!dpL0u}JO3MXO`gkr
z<w#aixfs`AGkg!%U=P$0LphjOK<F4w)S~<fW?`->-O-8s1<Lw4venhCrLMCphf)5X
z@@F>pnF|zZP+1cj;~N-+o9zYu&rkTQ;PUO9(=n20NE9b8z~R^zySVf9DL*^fQ&)$i
z46%q9Oyv5nWB#X*94AT>(Zn#<Kssd|3tg`A7etN<9Gi&hL|=El@^ja<r~V;P%GFiJ
z+C(6cN4<_nqNmn*g+Jy0_c=uo>a(x|PC^ep&<T#77XQB+RqRJBCjLTPCbn{|j^)Ic
zL}~Ik;uT^OQ9x`Vboh4hkxKFu*Wo<;E1}~e@h>7si96z+74ZL_D{rA(g4jsZAm-3k
zU2K8lFa@g-`zgPS`NTv$|97d-5l?g{W)K~SXGfAQBy{v}4#BD9C2+O>jQt0Pip8j#
z>#kcyzRH!SV-xa{*k2cNYzQdIztaK==SBA@QdlW&SHOl6b($6qu9FtqW<pkWYI<gx
zCui1_Dc;=d^i)r3`qYWuY)@>Cr*`c4I-VKnS(8(8y*Zw2FK5!dnYo^++1?4>Y;R_&
zx9~5$qe2Q3Mu!Cy_8YUmc;UDSfq@%#PwZV-Grgc*@{E+p>AAVn|J!z^H`9}oGC3tZ
z^S`Zo(>+;}y`C8<Ik_n*nOV8HDH$nTG(9UPeM(B<fxOz~3lrWN7f^WQ?V!N_2jmuh
A(f|Me

delta 9775
zcmZ|U2Ygmlp2qQ$fRKcq&|7YLAata+&;tm95ULno$QuZRBqVPrg1$izL_t6>(nSe_
zQf6EcP!LcluE?OW7OV))D2_N5SX{xC`91GB%rfro`S{QGoO91T_q2Nnxcf}_@ejj;
zpGQ}G!jPT~Go~@#UCo#-;l^xis9Ix66O3tz3owE<f5Li{UrIEl5x#@E?~*ez$(ECy
zeVzAWKib`ot?+dmWK7Wf=o)lOHl_g=#-chba<0Joly^CgqaOUZD_=vkk4Z6xF_<<;
zmC3{wI3IQWIgG{=uKW?!;`!z(89g{6)i#XBiIjU`6WoNl@gS<*Y19BNIx9A_1N2af
z)&-m5D2&HqWR9i`HLzDO4!=}A&o{R<w++*f)iuMAF_|Lta6M`U2eCGub>;6|IV#O=
zNi5dndM9LTCIhu1Gg0@IVGQm>J?97pHPSE1$Z*z6#-a8&9W~;ys2K#2|I9XiXn<!h
z1FvCK?8`xs!%-_Y5p{Ov@uLkshuZs(Q7aYMiuJEVCXw3qn1;7w7V5?|$baT_enjAp
z7>U=g8dhv=OjnFXJ#Z*$Yo?=SxCAwUoz63;mG}kKU-dSu|3EVJ7+yMNVNcwGEQ&dY
zJ+Mk!V`|_a)Siw*J$OFqZ0yHcc+!<WMNQy)jKU`E?0`~H6TSo0&&VK|wPa>tf2_eW
zXeODcB`QX3$zvFUyD=7D!)QE@I+RyX?W?nVdRv-d9qfY|_*m2cr(#{a4?|nJicDoH
z_M?YKP>1IWSB~spXV4tgK?jV%fv!9OHGmnY0W3ky>>1RdJ&wBX0&3t_P!p})G4#Bk
z8Bb<174uMgb`G_46*@5sY>O9g0#@P!)U&glVgD|65AQ+EcnVg*Qe@T5GSoy4qXzah
zYGuQ_+KGC2e;E7Un@j^P9O-5Z=fZr1buhBKH5O}A?tohI!AM_bA~G5CB<hg<8THou
zih5ve4vzY1je6hvqqcGis-MN!nCF{yWc1qXLmj%Ks2P2a9!78?LwkzqxDRUYCZYzu
z5Y^8nEW#$e>>*x>T8X!ju1r{Z=#y)DA-ijqV(9%pOh!xp8Pe8-^|s&Y-lz^1qaOGY
zX5i<jElTNQ%bB>8@@CWkQ~NSV?2FpM#mIl=d46c6u3$PQ^kduu$YkqJhA`e!<fCSG
zaYFRq4>18FY19r|qGob0@@AUN7>{pbGX8`bXanA9zDcGRYK!tvZ^1KI6JNkAJUTFF
zmp*}M=|UUSA?l4IaVV;Tr%_AxAy&t#gY21Tg!&M*LDly}z3)R&AEL3?7z3`n3UwxS
zV_iHNBvXmZ$EZC%k4^9zY9{pu+nM)74P++j@N7rUsX2h0H**!$ar+_GL8ukUa^=OS
zE!&8xc+%AeFO$(oBk!<Fo`f3N7-zooA=C<OL=A8^>a@S*%3q@H3ma-zv_8gCPC~6f
zf7BmFlTZ^|f=zX9cazbLr%(g=606`1)M2VJ%oxUKl2JDnp*mWN8o(ip!}l=)e?~pf
z+-W~NO;Go>c4ngPpNDnz-fSV$ii-WHE%*vGkQ=Cu8V$Ew&>8i>>CT0iMtK9O!#7Y%
ze#w<%M%Xja87ojf5H-;u$oVsqFoWlt9c1*nTt+Qz$GfbfPy;AJt;7n{lI}p3&YVQ;
z`8ODeH&E>&Ik}ohBI^6l164l;YhsbBUx>jJDmIZ(hsUux{snbNE@L=09%Tm<i&2z&
zxN-*SdJbx!xu_LbjOu4M*1%U#TXYIF!M|f|teVOC>%noEc8}6gBhEo}REo`TJF4Bg
zsG0nLT8S#7?Ss=$^%<xwn(Um1`aY~i^}7$7<2$GUT_4T*Ywwzju`}s|6)E>e&0sL{
zCYo^=ja#uE?n8Z;PCI`>&8Y5JyT@r*jdCB<z=xyS7ofIaHMYm{AQ_#`v(Dd84^A9s
zm%2Ub!9ATLP&3NL7+iun^&8N`a_oS|Q4_n4S{ZM={eX2tJ+Bb862USuZOFWa>gXqI
zh1Xq!<`axrNjVdB+P}iq7=5?xs1LTJJQY=6hAr>}YM_@<TUd9ZU5RvTNI45Vz5n--
zX+XsWY>azROLYd-@m16kCf;LzQR$1iJ_J21K&{Y9R6ko?`4DQW-ocJ|5j~8}vRjaj
zmG%CQAfpb(p$3qLdhk+Ihx@T9zKiPc2UPord+nKNgcT?^#ZDNH9*#$C!90w`EvUEc
zRh$^cfUrxDiUE^YA}UHzhiJ!S`~Dt5kMdcJ!(UK))+pOvAAl-nVK00HZ^x6!n`>@h
zB98Ri3Cuz5{gar0hcMWL%y}|;zzx*i#O2s>chrFHLA{Q}sI#&j^`N&<Gcr?b`&9HO
z4o0oibku_uqVC_0)A6(`cb&@mYbkwG?TiAbC0~vj`F7OdIfY4h6+LX6YY$@&)b(7{
zz*b{hJcc^NSDi`IZ2M8D6)Sb_oW}ZlRD3{1UHln!2C6emmD5n=K3EI0P^Wt)>NVSp
zn!tOg8Gnr$=nd5APs+393}-&7-!-T+wlnB5AE7#|Ji~q%df;7@XQDo#$FM5ChkC$y
z)azC`-_EELYUYzr*VkZ0Jb+#C2zJM7s6*PRz_t$-kcpt;X{>@fFcSBn4%MrunV3S`
zaRTaf8iYCnrKo}LMQz=;7=^dZ<X~e>9D-v|hjJ@wKtE$Qz5nfs>><m?He6VU8sUqm
z4liLXtW<25x<2ZGX;>Y7SO*JH4_=JAe-$zo^Co6t*ML2Y>rsdPFed8#|CCG&6=5ZI
zuj@G5IqyV|>v^bwEXP=U3hUqztcmZV&cIiw0sMwq(T=m+8NzmyvrsGgI7ab&vzJUA
zd=+cs2dD>pi!HIrY&+sE*n;vH)N8c}>*2HL;j7pW&!bi@d5$q;O*-oJdkGuiIn)5I
zV^II5({wIhB22l@UhvJcBVUB6G+c=~d@rL0bOM{>6|9S~^X-5-qTZJAxRw59qrRMt
z9<Y1f6*aID)OTjZ1FU~NGCN$w>)4m_XV?YfSe_J|fLfV_sMEa`^`OJ3t@{My@O#us
z)+)6RNI`8uAMA<4P%E(<JK>9^+@Oj}RHR|d0$c8d8fgx$!BV7&sq>)y8&4T_qkImB
zVWWlo`GM20BOXKbcO5l>ltuid1@FY6_&hel--2X1lSzHZcHl$p@j+C_7jZLoT5M<h
z0rsPO8P%@y5`MWrKX%7`I7-)Dea6GAKp20=L><0uOYK{B7F$yeMm}O^)CC7p@gV9o
zJc%0Nb?ksikJ=B@1l0Sx0yESOt6<DBYb>&;CJps^?nG_T0j!3naV~y}&DC`Da@+9&
z)N8aCwe%;PU!eB%8b)Ky$Lz=xPy-!_9xg(iiEYl;F_Q8*Y>MAt3yfG{KU^KKi-tOl
zOb;%UqYl{x)M5D<Ct}By?wgG@DDTAfcn~$v?@{+huCjmV3`8C3S*QU$hFaO3n2MKC
z&uRQP?X*;F$*AK&sKYo8wPdBJ_jC;=;C`%%pJ08wi29O+t+pM<Vj|@X)Qo4K2C@v}
zupG5jCs6mF!C(%VZ^<O#T^x1IWDZ8-K2*auF#<1OEPji%vC0$nY<Q^qM`LT8k7~Ee
zT|b5GD2JEX`VOe}nPseh7c%px(1`as-$UJS8QWs=leXir*q-vks1<t!E8r>g@Ex3t
zKVmj!uC@OnasV~3mh0?mIT2e@Ub>F;*Ms&`(GmZK+M~Gj_Prg9dQcI1_#kR4wxVYE
z25M=)My*uj2K$MP#}1TxqP8S}b#WcG!sjs@&jrb}A#(wvFlM7&iKeIqJx~uwM|CvG
zm6u>c%Fm%XJcgmeg<8qRo9rp?hT76X)PVnpDR>$iWAG{&9lDs!_5oe70p%=IgSn`^
zDnoq_Ucof{${GEXZPyb!Q$GPUkTs}*9m0xu33YgXM6JYc=+paOXN&D%HpXya4e9~U
zI^V;3l+Dw2iR)uD#kSZK`=PdQGB(08)Ly@UdV4OQR_?ZEZ2!$s_xD6k@BfHUhCN0t
z&1#IrgIEhcLCxqp?1go=+LaiM+JaIXgd1G_Ur}eNM!9tWR-$}A>M$>I_51Kao^QS*
z(+vx^*#^5%OZPcyX4U>+_b?sPDL;T3&=Kr{7cmawx7$P750feTQ4?C`d=V2Ue~LQ&
z=2_NXd)kVOJ`7`#Z?egDu0Sp60c?UFpk{mp_5Rm*j(;h`L{vXHn2IY=d;KzMuTP-*
z{mdD$!w$Ip4%S~Y&7?w0zQ|dQ;gpYIO?(6U;#rKx#yjol?uD9B0QGHOi(y!qALsFA
zTB%Bs4)iafoc%Ff`~Mkvw$|hlV~DqiG-3faH6@miuZ2F;$0vp0@Q2=aFbnm=r8>0J
zTcFgM{2V+;G$XWv>C|;4&XHGoUHd<Qilw0<e}^NlREHQu+)nvB9EQ_SujYRfN_^x(
zzgkb?+9dKlR7vVUS-;k?&7stryizeShx`Ein0SVK@GzMPgqD9Z6(fkp2&I|0oT%u^
z>#!Q3ttkk#us_P+d7{v@(=QxvQoftWAioJ05lSBrCqg-1>oC^82MzA0VhA3?2T+^%
z8bslrQE47|y;e6<KgtIvyyGfrQr<{BMp=jMX6i+q(gxx_VlXkEx=&HxA2R~x5|2_j
zlITT#io2<glPdF&evpn56^T(?YebA8IuVJwNV-VqwH!;#roIi)mnc*nHYECxR|>uV
z%6vpTstif5*4M;jVlNTS4L8%to0;EvgED_An=8bA;!C0~_f5g2x7<&WfAz3wH!%Ny
zP5N~9Bc3MebK`C9atiqi<n<2~?Fjv^m}P`gbIigSL|gK+Re4KV=knuR`@d3t!`1~2
zAGuI^+Fg8+(l8>AG9NZ`iI_&d8s3`XDcl_WJzSsaE{?*Xl=bPJ=;}lfbxIFmj?MD>
zAw48f@QAfsn2(<mrNk@5<3vm9`{T_NN9Iqi(4TAi(%prNh)smjdqgIAe(?#VWLK}k
z3R`7XV|mbB;ENji`@XvtqSLJf^7=<3eU1lVDe(tlG*OAVZ-{RRr3WmgJJ%Mtd@6Y*
z{Zg{Z<(rZZt>AE1QHIymiu5Znner}-BHEMB!zSn>vIvhTr|w>&I{B5TwANzQJMZM0
z(l|@#SF^L^YwP{L!(B{rw!l|i!^=3;)sH8i@AA6bo!CPRBzh8e5<d~wh<_*IXj>Dz
z68Do&B%UI_9v2eNk)NsgXH!tR-C};jXQ_LTc!B&DVm$da_@6`xp|qSRroILdP5wh-
zBXO0eKq#HIm;&19&;Bz+1Q8%c5~1~v=Hfo`4-+kjFNh36=`TbM*N0;~#u6`)PbZWD
zly_nc!cV>%&LWbDQ^fZ~8ujh4Gb$aom>)4Xkjf%59o@wzoJXizMXaFwANWT?=}F27
z*Z}V(`i5%xcRlhkgbs8*b$;S!;uB&Xp?_c4N|X@y5lU6H|F@>a6m}3XuJX_=7aO~q
zDqt1rmk|$>Z|T~+j|r4-BO-~#L~rW;PP|MsCzMi&cSAY-;Q2FXxPed_O58*IO$E|6
z>c6sClS{rH`BvD|wckp)8~N45Tq2AZ?b<&@{s;1J>mFD4ICV;cu{u7Y56gB6|AtHO
zzwl-nKzR#sH?f9Lx`UWSJ`)?NB9!(VjvrECP*Qd?uiwbtUTSgflzgusKW}ccDC2ov
zsxI863;z7cMRN-S|L3(^ZrW2Zc~@ApYwXYVvV8$xlu0UH{cG>~4U>vJcO|zV-<zGA
zm*-9LdnLvG?A1F{y3}j^Ki9c4r=X~-7oSudzvqjT=}CK*4UMfaz(2=7xg_BC{Br{S
zqI_STS6EaqrN}oU%9P~$Cgu6PK!I1}_htXD2GkZ87UUQEyLw5*d!D+xX;_Vt;@tcx
z-sIfEss18W9-R1MrSbn<hgrVde9xDc=bxTiG_4>vP*VK+1qrn%_T~BhpG&{HdC#=$
z%Hh4$J`gDJh1MmsFfCn`ms=bt$qy9x)NhoTezbgUz#lkTezZKF(S=%-6bF2(^KwSU
zYoTu5Hp@q?FTWrV@J-Vr-I^WD*_gIx-Q&qI!%Om}7tpuQE0{XXpEtwj^ZdEqtb$yx
zxTK&cm)jVIZR2O>ZJT^A)U6(Pvvpp{biXgOdWW`Uho$_>_%xP(u9Gisiu#?A>(i>n
IZm%Bx51z0pd;kCd

diff --git a/po/fi.po b/po/fi.po
index aa6e528..917e2ed 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -22,7 +22,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.2.2\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2004-06-16 22:40+0300\n"
 "Last-Translator: Tommi Vainikainen <Tommi.Vainikainen@iki.fi>\n"
 "Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
@@ -31,51 +31,51 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Haluatko varmasti poistaa valitut avaimet? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -83,7 +83,7 @@ msgstr "väärä salasana"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -94,25 +94,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "salasana on liian pitkä\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -122,298 +110,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "väärä salasana"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "rivi on liian pitkä\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "salasana on liian pitkä\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Nimessä on epäkelpo merkki\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "MPI ei kelpaa"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "väärä salasana"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "muuta salasanaa"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "kirjoitettavissa olevaa salaista avainrengasta ei löydy: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: hajautustaulukon luonti ei onnistu: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Toista salasana: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Toista salasana: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Toista salasana: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "kirjoitetaan kohteeseen \"%s\"\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Syötä salasana\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -421,7 +389,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Nimen täytyy olla vähintään 5 merkkiä pitkä\n"
 msgstr[1] "Nimen täytyy olla vähintään 5 merkkiä pitkä\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -429,383 +397,388 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Tarvitset salasanan suojaamaan salaista avaintasi.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "muuta salasanaa"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Avain on uusittu"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "monisanainen"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "ole jonkinverran hiljaisempi"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "päivitä luottamustietokanta"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "ei tuettu"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "ei tuettu"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|käytä salasanoissa toimintatapaa N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "käytä gpg-agentia"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "Ilmoita ohjelmistovioista (englanniksi) osoitteeseen <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "valittu tiivistealgoritmi ei kelpaa\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "luetaan asetukset tiedostosta \"%s\"\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "ei voida luoda kohdetta %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: hakemisto luotu\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: hakemistoa ei voi luoda: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "salaisen päivitys epäonnistui: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: ohitettu: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -815,19 +788,19 @@ msgstr ""
 "Valitsimet:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -835,8 +808,8 @@ msgstr ""
 "@Komennot:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -846,87 +819,86 @@ msgstr ""
 "Valitsimet:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Peru"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "lukuvirhe: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "lukuvirhe: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -939,19 +911,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "kyllä|kylla|joo"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -964,7 +936,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -974,142 +946,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "muuta salasanaa"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Haluatko varmasti poistaa valitut avaimet? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "ota avain käyttöön"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "päivitys epäonnistui: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
@@ -1125,33 +1097,33 @@ msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "core-tiedostojen luontia ei voi estää: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "päivitys epäonnistui: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "kyllä|kylla|joo"
 
@@ -1206,51 +1178,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "päivitys epäonnistui: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
 msgstr "tätä ei voi tehdä eräajossa\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "tätä ei voi tehdä eräajossa\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "tätä ei voi tehdä eräajossa\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "tätä ei voi tehdä eräajossa\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "tätä ei voi tehdä eräajossa\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "VAROITUS: %s korvaa %s:n\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Käytä ensin komentoa \"toggle\".\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1329,7 +1345,7 @@ msgid "algorithm: %s"
 msgstr "ascii-koodaus: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1413,12 +1429,12 @@ msgstr "Tämä avain on vanhentunut!"
 msgid "Root certificate trustworthy"
 msgstr "virheellinen varmenne"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "virheellinen varmenne"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Avain saatavilla kohteessa: "
@@ -1460,7 +1476,7 @@ msgstr "Ei ohjetta aiheesta \"%s\""
 msgid "ignoring garbage line"
 msgstr "virhe trailer-rivissä\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "tuntematon "
@@ -1470,144 +1486,26 @@ msgstr "tuntematon "
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "virhe tiedostoa luettaessa"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "rivi on liian pitkä\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "virheellinen argumentti"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "virheellinen ascii-koodaus"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "ristiriitainen komento\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "virheelliset tuontivalitsimet\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "ei käsitelty"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "ristiriitainen komento\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "odottamatonta dataa"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "virheelliset tuontivalitsimet\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "virheelliset tuontivalitsimet\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Komento ei kelpaa (kirjoita \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "virheelliset tuontivalitsimet\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "HUOM: Ei oletusasetustiedostoa \"%s\"\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "asetustiedosto \"%s\": %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1623,131 +1521,132 @@ msgstr "ei voi avata tiedostoa: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "julkista avainta %08lX ei löydy: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "ascii-koodaus: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "epäkelpo ascii-koodausotsake: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "ascii-koodausotsake: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "epäkelpo selkotekstisen allekirjoituksen otsikko\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "ascii-koodausotsake: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "sisäkkäisiä tekstimuotoisia allekirjoituksia\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "odottamaton ascii-koodaus:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "epäkelpo viiva rivin lopussa: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "ennenaikainen tiedoston loppu (ei CRC:tä)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "ennenaikainen tiedoston loppu (CRC:ssä)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "väärinmuotoiltu CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC-virhe; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "Ennenaikainen tiedoston loppu (Trailerissa)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "virhe trailer-rivissä\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "epäkelpo ascii-koodaus: yli %d merkkiä pitkä rivi\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1756,13 +1655,13 @@ msgstr ""
 "viallista\n"
 "MTA:ta on käytetty\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "ei ihmisten luettavissa"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1771,27 +1670,27 @@ msgstr ""
 "notaation nimen täytyy sisältää vain tulostettavia merkkejä tai "
 "välilyöntejä, ja sen täytyy loppua merkkiin \"=\"\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "käyttäjänotaatin täytyy sisältää \"@\"-merkki\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "käyttäjänotaatin täytyy sisältää \"@\"-merkki\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "notaatiosssa ei saa olla erikoismerkkejä\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "käyttäjänotaatin täytyy sisältää \"@\"-merkki\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1801,370 +1700,354 @@ msgstr ""
 "notaation nimen täytyy sisältää vain tulostettavia merkkejä tai "
 "välilyöntejä, ja sen täytyy loppua merkkiin \"=\"\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "VAROITUS: löydettiin väärin muotoiltua notaatiodataa\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Syötä salasana: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "VAROITUS: %s korvaa %s:n\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s ja %s eivät vielä toimi yhdessä\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Käytä ensin komentoa \"toggle\".\n"
+msgid "error from TPM: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s ja %s eivät vielä toimi yhdessä\n"
+msgid "problem with the agent: %s\n"
+msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "luo mitätöintivarmenne"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "ascii-koodaus: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "salaista avainta ei löydy"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "tätä ei voi tehdä eräajossa\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Valintasi? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "ei käsitelty"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "ei vastaavaa julkista avainta: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "päivitä valinnat"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Valinnassa on luvaton merkki\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Valinnassa on luvaton merkki\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "näytä sormenjälki"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Avaimen luonti epäonnistui: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Minkä kokoisen avaimen haluat? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "pyöristetty %u bittiin\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Allekirjoitus vanheni %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Valitse millaisen avaimen haluat:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (vain allekirjoitus)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA ja ElGamal (oletus)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Valinta ei kelpaa.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "ohitetaan: salainen avain on jo paikalla\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2172,204 +2055,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Valitse millaisen avaimen haluat:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Allekirjoitus vanheni %s\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Valitse mitätöinnin syy:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "päivitys epäonnistui: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "ohitetaan: salainen avain on jo paikalla\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Varmastiko allekirjoita? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "ulos tästä valikosta"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "ristiriitainen komento\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "näytä tämä ohje"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Avain saatavilla kohteessa: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "muuta voimassoloaikaa"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "muuta luottamusastetta"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "näytä sormenjälki"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "luo uusi avainpari"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "muuta luottamusastetta"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "muuta luottamusastetta"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "ristiriitainen komento\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "ristiriitainen komento\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Komento ei kelpaa (kirjoita \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output ei toimi yhdessä tämän komennon kanssa\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "tiedostoa \"%s\" ei voi avata\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "virhe luettaessa avainlohkoa: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(ellet määritä avainta sormenjäljen perusteella)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "ei onnistu eräajossa ilman \"--yes\"-valitsinta\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(ellet määritä avainta sormenjäljen perusteella)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2411,9 +2307,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "JulkAvain: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "päivitys epäonnistui: %s\n"
@@ -2438,91 +2334,109 @@ msgstr "julkiselle avaimelle \"%s\" löytyy vastaava salainen avain!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "käytä valitsinta \"--delete-secret-keys\" poistaaksesi se ensin.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "symmetristä ESK-pakettia ei voi käyttää S2K-tilan vuoksi\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "käytetään salakirjoitusalgoritmia %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "\"%s\" on jo pakattu\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "VAROITUS: \"%s\" on tyhjä tiedosto\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "tiivistealgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "luetaan kohteesta \"%s\"\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "valittu pakkausalgoritmi %s (%d) ei ole vastaanottajan suosima\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s salattu vastaanottajalle: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s salattua dataa\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "salattu tuntemattomalla algoritmilla %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2530,72 +2444,11 @@ msgstr ""
 "VAROITUS: viesti salattiin symmetrisessä salaimessa \n"
 "esiintyvällä heikolla avaimella.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "ongelma käsiteltäessä salattua pakettia\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "etäohjelman suorittamista ei tueta\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"ulkoisen ohjelman kutsuminen poistettu käytöstä johtuen turvattomista \n"
-"asetustiedoston oikeuksista\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"tämä ympäristö vaatii väliaikaistiedoston kutsuttaessa ulkoisia ohjelmia\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "järjestelmävirhe kutsuttaessa ulkoista ohjelmaa: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "ulkoisen ohjelman luonnoton päättyminen\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "ulkoista ohjelmaa ei voi suorittaa\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "ulkoisen ohjelman vastausta ei voi lukea: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "VAROITUS: väliaikaishakemistoa \"%s\" ei voi poistaa: %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2621,405 +2474,405 @@ msgstr "salaista avainta ei voi käyttää"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: ohitettu: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "kirjoitetaan kohteeseen \"%s\"\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "avain %08lX: aliavaimen allekirjoitus väärässä paikassa - ohitetaan\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "avain %08lX: PGP 2.x -muodon avain - ohitetaan\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "VAROITUS: mitään ei viety\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "virhe luotaessa \"%s\": %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[Käyttäjätunnusta ei löytynyt]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "virhe luotaessa \"%s\": %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "virhe luotaessa \"%s\": %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "näytä sormenjälki"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "salaista avainta \"%s\" ei löydy: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Epäkelpo avain %08lX hyväksytty valitsimella --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr ""
 "käytetään toissijaista avainta %08lX ensisijaisen avaimen %08lX sijasta\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "tee erillinen allekirjoitus"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[tiedosto]|tee selkokielinen allekirjoitus"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "tee erillinen allekirjoitus"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "salaa tiedot"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "salaa vain symmetrisellä salaimella"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "avaa tiedot (oletus)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "tarkista allekirjoitus"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "näytä avaimet"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "näytä avaimet allekirjoituksineen"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "tarkista avainten allekirjoitukset"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "näytä avaimet sormenjälkineen"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "näytä salaiset avaimet"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "luo mitätöintivarmenne"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "poista avaimet julkisten avainten renkaasta"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "poista avaimet salaisten avainten renkaasta"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "allekirjoita avain"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "allekirjoita avain paikallisesti"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "luo uusi avainpari"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "allekirjoita avain"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "allekirjoita avain paikallisesti"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "allekirjoita tai muokkaa avainta"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "muuta salasanaa"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "vie avaimia"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "vie avaimia palvelimelle"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "nouda avaimia avainpalvelimelta"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "etsi avaimia avainpalvelimelta"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "päivitä kaikki avaimet avainpalvelimelta"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "nouda/liitä avaimia"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "päivitä luottamustietokanta"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [tiedostot]|tulosta viestien tiivisteet"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NIMI|salaa vastaanottajalle NIMI"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "älä tee muutoksia"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "kysy ennen ylikirjoittamista"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "tuota ascii-koodattu tuloste"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "käytä tekstimuotoa"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|aseta pakkausaste N (0 poistaa käytöstä)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "nouda avaimia avainpalvelimelta"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "tarkista avainten allekirjoitukset"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "näytä salaiset avaimet"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NIMI|salaa vastaanottajalle NIMI"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "käytä tätä käyttäjätunnusta allekirjoittamiseen ja avaamiseen"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3028,7 +2881,7 @@ msgstr ""
 "(Katso täydellinen luettelo kaikista komennoista ja valitsimista man-"
 "sivuilta)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3057,13 +2910,13 @@ msgstr ""
 " --list-keys [nimet]        näytä avaimet\n"
 " --fingerprint [nimet]      näytä sormenjäljet\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3078,7 +2931,7 @@ msgstr ""
 "allekirjoita, tarkista, salaa tai avaa\n"
 "oletustoiminto riippuu syötteestä\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3086,552 +2939,567 @@ msgstr ""
 "\n"
 "Tuetut algoritmit:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "JulkAvain: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Salaus: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Tiiviste: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Pakkaus: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "käyttö: gpg [valitsimet] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "ristiriitainen komento\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "=-merkkiä ei löytynyt ryhmämäärityksessä \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "tuntematon asetus \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "näytä mihin avainrenkaaseen tulostettu avain kuuluu"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "HUOM: %s ei ole normaaliin käyttöön!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Sähköpostiosoite ei kelpaa\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "exec-polkua kohteeseen %s ei voi asettaa\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: virheelliset vientivalitsimet\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "VAROITUS: ohjelma voi luoda core-tiedoston!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "VAROITUS: %s korvaa %s:n\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s ja %s eivät ole sallittuja yhdessä!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s ja %s yhdessä on järjetöntä!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valittu salausalgoritmi ei kelpaa\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "valittu tiivistealgoritmi ei kelpaa\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valittu salausalgoritmi ei kelpaa\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "valittu varmenteen tiivistealgoritmi ei kelpaa\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed täytyy olla suurempi kuin 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed täytyy olla suurempi kuin 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth tulee olla välillä 1-255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "default-cert-level ei kelpaa; täytyy olla 0, 1, 2 tai 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "min-cert-level ei kelpaa; täytyy olla 1, 2 tai 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr ""
 "HUOM: yksinkertaista S2K-tilaa (0) ei todellakaan suositella käytettäväksi\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "virheellinen S2K-tila; täytyy olla 0, 1 tai 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "virheelliset oletusarvoiset valinnat\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "virheelliset henkilökohtaiset tiivisteen valinnat\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "virheelliset henkilökohtaiset pakkausvalinnat\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "avaimen koko on virheellinen, käytetään %u bittiä\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ja %s eivät vielä toimi yhdessä\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "pakkausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "VAROITUS: vastaanottajia (-r) annettu käyttämättä julkisen avaimen salausta\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "avaus epäonnistui: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "avainpalvelimelta vastaanotto epäonnistui: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "avaimen vienti epäonnistui: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "avaimen vienti epäonnistui: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "avainpalvelimelta etsiminen epäonnistui: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "avainpalvelimen päivitys epäonnistui: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "ascii-koodauksen purku epäonnistui: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Kirjoita viestisi...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "annettu varmennekäytännön URL on virheellinen\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
@@ -3645,7 +3513,7 @@ msgstr "ota avaimet tästä avainrenkaasta"
 msgid "make timestamp conflicts only a warning"
 msgstr "käsittele aikaleimakonfliktit pelkkinä varoituksina"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|tilatiedot kirjoitetaan FD:iin"
 
@@ -3696,301 +3564,318 @@ msgstr "päivitä luottamustietokanta"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "ei tuettu"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "näytä sormenjälki"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "näytä sormenjälki"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "salaista avainta ei voi käyttää"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "näytä sormenjälki"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "ohitetaan tyypin %d lohko\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "tähän mennessä käsitelty %lu avainta\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Kaikkiaan käsitelty: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      ohitetaan uudet avaimet: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      ohitetaan uudet avaimet: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          ilman käyttäjätunnuksia: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              tuotu: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             muuttamatonta: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          uusia käyttäjätunnuksia: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           uusia aliavaimia: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        uusia allekirjoituksia: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   uusia avainten mitätöintejä: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      luettuja salaisia avaimia: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  tuotuja salaisia avaimia: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " muuttamattomia salaisia avaimia: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          ei tuotu: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "        uusia allekirjoituksia: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      luettuja salaisia avaimia: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "avain %08lX: ei käyttäjätunnusta\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "ohitetaan \"%s\": %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr ""
 "avain %08lX: käyttäjätunnus \"%s\" hyväksytty ilman omaa allekirjoitusta\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "avain %08lX: ei voimassaolevia käyttäjätunnuksia\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "tämän voi aiheuttaa puuttuva oma-allekirjoitus\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "avain %08lX: julkista avainta ei löydetty: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "avain %08lX: uusi avain - ohitetaan\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "kirjoitettavissa olevaa avainrengasta ei löydy: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "avain %08lX: julkinen avain \"%s\" tuotu\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "avain %08lX: ei vastaa omaa kopiotamme\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "avain %08lX: \"%s\" 1 uusi käyttäjätunnus\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "avain %08lX: \"%s\" 1 uusi allekirjoitus\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "avain %08lX: \"%s\" 1 uusi aliavain\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "avain %08lX: \"%s\" %d uutta aliavainta\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "avain %08lX: \"%s\" ei muutoksia\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "avain %08lX: salainen avain tuotu\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "ohitetaan: salainen avain on jo paikalla\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
@@ -4003,202 +3888,208 @@ msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "salaista avainta \"%s\" ei löydy: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "avain %08lX: avaimella on epäkelpo salain %d - ohitetaan\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Ei eriteltyä syytä"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Avain on uusittu"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Avain on murrettu"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Avain ei ole enää käytössä"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Käyttäjätunnus ei ole enää käytössä"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "mitätöinnin syy: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "mitätöintikommentti: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "avain %08lX: ei julkista avainta - mitätöintivarmennetta ei voida käyttää\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "avain %08lX: alkuperäistä avainlohkoa ei löydy: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "avain %08lX. alkuperäisen avainlohko lukeminen ei onnistu: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "avain %08lX: pätemätön mitätöintivarmenne: %s - hylätty\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "avain %08lX: mitätöintivarmenne \"%s\" tuotu\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "avain %08lX: allekirjoitukselle ei ole käyttäjätunnusta\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "avain %08lX: julkisen avaimen algoritmia \"%s\" ei tueta\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "avain %08lX: epäkelpo oma-allekirjoitus käyttäjätunnuksella \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "avain %08lX: julkisen avaimen algoritmia ei tueta\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "avain %08lX: lisättiin suora avainallekirjoitus\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "avain %08lX: ei aliavainta avainten riippuvuuksiin\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "avain %08lX: pätemätön aliavainriippuvuus\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "avain %08lX: moninkertainen aliavainriippuvuus poistettu\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "avain %08lX: ei aliavainta avainten mitätöintiä varten\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "avain %08lX: epäkelpo aliavaimen mitätöinti\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "avain %08lX: useiden aliavainten mitätöinti poistettu\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "avain %08lX: käyttäjätunnus ohitettu '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "avain %08lX: aliavain ohitettu\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr ""
 "avain %08lX: allekirjoitusta ei voida viedä (luokka %02x) - ohitetaan\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "avain %08lX: mitätöintivarmenne väärässä paikassa - ohitetaan\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "avain %08lX: epäkelpo mitätöintivarmenne: %s - ohitetaan\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "avain %08lX: aliavaimen allekirjoitus väärässä paikassa - ohitetaan\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "avain %08lX: odottamaton allekirjoitusluokka (0x%02X) - ohitetaan\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "avain %08lX: käyttäjätunnuksen kaksoiskappale havaittu - liitetty\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "avain %08lX: käyttäjätunnuksen kaksoiskappale havaittu - liitetty\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "VAROITUS: avain %08lX saattaa olla mitätöity: haetaan mitätöintiavain %08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "VAROITUS: avain %08lX saattaa olla mitätöity: mitätöintiavainta %08lX \n"
 "ei saatavilla.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "avain %08lX: \"%s\"-mitätöintivarmenne lisätty\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "avain %08lX: lisättiin suora avainallekirjoitus\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
@@ -4220,19 +4111,19 @@ msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Allekirjoitus täsmää lähettäjään \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "ohitetaan \"%s\": %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Käyttäjätunnus \"%s\" on mitätöity."
 msgstr[1] "Käyttäjätunnus \"%s\" on mitätöity."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4240,7 +4131,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 allekirjoitus jätetty tarkistamatta puuttuvan avaimen vuoksi\n"
 msgstr[1] "1 allekirjoitus jätetty tarkistamatta puuttuvan avaimen vuoksi\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4248,53 +4139,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d väärää allekirjoitusta\n"
 msgstr[1] "%d väärää allekirjoitusta\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Allekirjoitus täsmää lähettäjään \""
 msgstr[1] "Allekirjoitus täsmää lähettäjään \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "avainrengas \"%s\" luotu\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "avainrengas \"%s\" luotu\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "virhe luotaessa \"%s\": %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
@@ -4307,7 +4193,7 @@ msgstr "[mitätöinti]"
 msgid "[self-signature]"
 msgstr "[oma-allekirjoitus]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4320,12 +4206,12 @@ msgstr ""
 "lähteistä...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Luotan osittain\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Luotan täysin\n"
@@ -4352,12 +4238,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Käyttäjätunnus \"%s\" on mitätöity."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Haluatko varmasti edelleen allekirjoittaa? (k/E) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Allekirjoittaminen ei onnistu.\n"
 
@@ -4559,210 +4445,214 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Varmastiko allekirjoita? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "allekirjoitus epäonnistui: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "tallenna ja lopeta"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "näytä sormenjälki"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Allekirjoitusnotaatio: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "näytä avaimet ja käyttäjätunnukset"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "valitse käyttäjätunnus N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "valitse käyttäjätunnus N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "mitätöi allekirjoitus"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "allekirjoita avain paikallisesti"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Vihje: Valitse allekirjoitettavat käyttäjätunnukset\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "lisää käyttäjätunnus"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "lisää valokuva"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "poista käyttäjätunnus"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "poista toissijainen avain"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "lisää mitätöintiavain"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "merkitse käyttäjätunnus ensisijaiseksi"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "näytä valinnat (asiantuntija)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "näytä valinnat (monisanaisesti)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "muuta salasanaa"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "muuta luottamusastetta"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Varmastiko mitätöi kaikki valitut käyttäjätunnukset? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "mitätöi käyttäjätunnus"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "mitätöi toissijainen avain"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "ota avain käyttöön"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "poista avain käytöstä"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "näytä valokuvatunniste"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Salainen avain on saatavilla.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Salainen avain on saatavilla.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Tähän tarvitaan salainen avain.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4770,309 +4660,314 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Avain on mitätöity."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Varmastiko allekirjoita kaikki käyttäjätunnukset?"
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Varmastiko allekirjoita kaikki käyttäjätunnukset?"
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Vihje: Valitse allekirjoitettavat käyttäjätunnukset\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "tuntematon allekirjoitusluokka"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Sinun täytyy valita ainakin yksi käyttäjätunnus.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Et voi poistaa viimeistä käyttäjätunnusta!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Varmastiko poista kaikki valitut käyttäjätunnukset? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Varmastiko poista tämä käyttäjätunnus? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Varmastiko poista tämä käyttäjätunnus? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Sinun täytyy valita ainakin yksi avain.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Sinun täytyy valita ainakin yksi avain.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Haluatko varmasti poistaa valitut avaimet? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Haluatko varmasti poistaa tämän avaimen? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Varmastiko mitätöi kaikki valitut käyttäjätunnukset? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Varmastiko mitätöi tämä käyttäjätunnus? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Haluatko varmasti mitätöidä tämän avaimen? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Haluatko varmasti mitätöidä valitut avaimet? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Haluatko varmasti mitätöidä tämän avaimen? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "näytä valinnat"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Varmastiko päivitä valinnat? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Tallenna muutokset? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Lopeta tallentamatta muutoksia?"
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Päivitystä ei tarvita, koska avain ei ole muuttunut.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Et voi poistaa viimeistä käyttäjätunnusta!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "arvo ei kelpaa\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Käyttäjätunnusta ei löydy.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Avaimelle %08lX ei löydy mitään mitä allekirjoittaa\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   %08lX allekirjoitti tämän %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s ei kelpaa merkistöksi\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Tiiviste: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Ominaisuudet: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notaatio: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x -muodon käyttäjätunnukselle ei ole valintoja.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Tämä avain voidaan mitätöidä %s-avaimella "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Tämä avain voidaan mitätöidä %s-avaimella "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (luottamuksellinen)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "ei voida luoda kohdetta %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[mitätöity] "
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [vanhenee: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [vanhenee: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " luottamus: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " luottamus: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Tämä avain on poistettu käytöstä"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5080,19 +4975,19 @@ msgstr ""
 "Huomioi, että tässä näytetty voimassaolo ei ole välttämättä\n"
 "ajan tasalla jollet käynnistä ohjelmaa uudelleen\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[mitätöity] "
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5101,18 +4996,18 @@ msgstr ""
 "VAROITUS: mitään käyttäjätunnusta ei ole merkitty ensisijaiseksi.  Tämän \n"
 "komennon johdosta eri käyttäjätunnus voi tulla oletetuksi ensisijaiseksi.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5121,35 +5016,35 @@ msgstr ""
 "VAROITUS: Tämä on PGP2-muodon avain.  Valokuvan lisääminen voi\n"
 "          saada jotkin PGP:n versiot hylkäämään avaimen.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Haluatko edelleen varmasti lisätä sen? (k/E) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Et voi lisätä valokuvaa PGP2-muodon avaimeen.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Poistetaanko tämä kelvollinen allekirjoitus? (k/E/l)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Poistetaanko tämä epäkelpo allekirjoitus? (k/E/l)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Poistetaanko tämä tuntematon allekirjoitus? (k/E/l)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Varmastiko poista oma-allekirjoitus? (k/E)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5157,38 +5052,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d allekirjoitus poistettu.\n"
 msgstr[1] "%d allekirjoitus poistettu.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Mitään ei poistettu.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "virheellinen ascii-koodaus"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Käyttäjätunnus \"%s\" on mitätöity."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Käyttäjätunnus \"%s\" on mitätöity."
 msgstr[1] "Käyttäjätunnus \"%s\" on mitätöity."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5198,41 +5093,41 @@ msgstr ""
 "voi\n"
 "          saada jotkin PGP:n versiot hylkäämään avaimen.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Et voi lisätä määrättyä mitätöijää PGP 2.x -muodon avaimeen.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Syötä määrätyn mitätöijän käyttäjätunnus: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "PGP 2.x -avainta ei voi nimetä määrätyksi mitätöijäksi\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "et voi nimittää avainta sen omaksi määrätyksi mitätöijäksi\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "VAROITUS: Tämän avaimen nimetty mitätöijä on mitätöinyt avaimen!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "VAROITUS: avaimen nimittämistä määrätyksi mitätöijäksi ei voi perua!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Haluatko varmasti nimittää tämän avaimen määrätyksi mitätöijäksi? (k/E): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5240,266 +5135,271 @@ msgid ""
 msgstr ""
 "Haluatko varmasti nimittää tämän avaimen määrätyksi mitätöijäksi? (k/E): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Muutetaan toissijaisen avaimen vanhentumisaikaa.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Muutetaan ensisijaisen avaimen vanhentumisaikaa.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Muutetaan toissijaisen avaimen vanhentumisaikaa.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Muutetaan ensisijaisen avaimen vanhentumisaikaa.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "VAROITUS: allekirjoitusaliavain %08lX ei ole ristiinvarmennettu\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Valitse tasan yksi käyttäjätunnus!\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "ohitetaan v3-muodon oma-allekirjoitus käyttäjätunnukselle \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Haluatko varmasti käyttää sitä (k/E)? "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Haluatko varmasti käyttää sitä (k/E)? "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Allekirjoitusnotaatio: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Ylikirjoita (k/E)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "käyttäjätunnus: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   %08lX allekirjoitti tämän %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (vientiin kelpaamaton)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Tämä allekirjoitus vanheni %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Haluatko varmasti mitätöidä sen? (k/E) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Luodaanko tälle alekirjoitukselle mitätöintivarmenne? (k/E) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Olet allekirjoittanut seuraavat käyttäjätunnukset:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (vientiin kelpaamaton)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   %08lX mitätöi tämän %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Olet mitätöimässä seuraavat allekirjoitukset:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Varmastiko luo mitätöintivarmenteet? (k/E) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "salainen avain ei ole saatavilla\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "VAROITUS: käyttäjätunnuksen allekirjoitus on päivätty %d sekuntin päähän "
 "tulevaisuuteen\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Et voi poistaa viimeistä käyttäjätunnusta!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Näytetään valokuva %s, kokoa %ld avaimelle 0x%08lX\n"
 "(käyttäjätunnus %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "virheelliset tuontivalitsimet\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "liian monta \"%c\" valintaa\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "liian monta \"%c\" valintaa\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "liian monta \"%c\" valintaa\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "liian monta \"%c\" valintaa\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "Valinnassa on luvaton merkki\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "kirjoitetaan suora allekirjoitus\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "kirjoitetaan oma-allekirjoitus\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "kirjoitetaan avaimen varmentava allekirjoitus\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "avaimen koko on virheellinen, käytetään %u bittiä\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "avaimen koko on pyöristetty %u bittiin\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "salaa tiedot"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5513,169 +5413,179 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (vain salaus)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA ja ElGamal (oletus)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA ja ElGamal (oletus)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (vain allekirjoitus)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (vain allekirjoitus)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (vain salaus)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA ja ElGamal (oletus)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) RSA (salaus ja allekirjoitus)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (oletusarvo)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (vain allekirjoitus)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Allekirjoitusnotaatio: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "poista avain käytöstä"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "pyöristetty %u bittiin\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Minkä kokoisen avaimen haluat? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Halutun avaimen koko on %u bittiä\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Valitse millaisen avaimen haluat:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5691,7 +5601,7 @@ msgstr ""
 "     <n>m = Avain vanhenee n kuukauden kuluttua\n"
 "     <n>y = Avain vanhenee n vuoden kuluttua\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5707,40 +5617,40 @@ msgstr ""
 "     <n>m = Allekirjoitus vanhenee n kuukauden kuluttua\n"
 "     <n>y = Allekirjoitus vanhenee n vuoden kuluttua\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Avain on voimassa? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Allekirjoitus on voimassa? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "arvo ei kelpaa\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s ei vanhene koskaan\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s ei vanhene koskaan\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s vanhenee %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Allekirjoitus vanhenee %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5748,12 +5658,12 @@ msgstr ""
 "Järjestelmäsi ei osaa näyttää päiväyksiä kuin vuoteen 2038.\n"
 "Se kuitenkin käsittelee päiväykset oikein vuoteen 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Onko tämä oikein (k/e) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5764,7 +5674,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5782,50 +5692,50 @@ msgstr ""
 "     \"Matti Meikäläinen (nuorempi) <matti.meikalainen@osoite.fi>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Oikea nimi: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Nimessä on epäkelpo merkki\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Nimi ei voi alkaa numerolla\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Nimen täytyy olla vähintään 5 merkkiä pitkä\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Sähköpostiosoite: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Sähköpostiosoite ei kelpaa\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Huomautus: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Huomautuksessa on epäkelpo merkki\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Käytät merkistöä \"%s\".\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5836,7 +5746,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Älä syötä sähköpostiosoitetta nimen tai huomautuksen paikalle\n"
 
@@ -5851,35 +5761,35 @@ msgstr "Älä syötä sähköpostiosoitetta nimen tai huomautuksen paikalle\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnHhSsOoLl"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (L)opeta?"
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (O)k/(L)opeta?"
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (L)opeta?"
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (O)k/(L)opeta?"
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Ole hyvä ja korjaa ensin virhe\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5891,13 +5801,13 @@ msgstr ""
 "alkulukujen luomisen aikana, tämä antaa satunnaislukugeneraattorille\n"
 "paremmat mahdollisuudet kerätä riittävästi entropiaa.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Avaimen luonti epäonnistui: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5905,67 +5815,67 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "\"%s\" on jo pakattu\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 msgid "Create anyway? (y/N) "
 msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 msgid "creating anyway\n"
 msgstr "luo uusi avainpari"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Avaimen luonti keskeytetty.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "HUOM: salainen avain %08lX vanheni %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "kirjoitan julkisen avaimen kohteeseen \"%s\"\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "kirjoitettavissa olevaa julkista avainrengasta ei löydy: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "virhe kirjoitettaessa julkiseen avainrenkaaseen \"%s\": %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "julkinen ja salainen avain on luotu ja allekirjoitettu.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5974,7 +5884,7 @@ msgstr ""
 "Huomaa, että tätä avainta ei voida käyttää salaamiseen.  Käytä komentoa\n"
 "\"--edit-key\" luodaksesi toissijaisen avaimen salaustarkoitukseen.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5982,7 +5892,7 @@ msgstr ""
 "avain on luotu %lu sekunti tulevaisuudessa (on tapahtunut aikahyppy tai\n"
 "kellon kanssa on ongelmia)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5990,52 +5900,52 @@ msgstr ""
 "avain on luotu %lu sekuntia tulevaisuudessa (on tapahtunut aikahyppy tai\n"
 "kellon kanssa on ongelmia)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "HUOM: v3-aliavainten luonti ei ole OpenPGP:n mukaista\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Ensisijaisen avaimen salaiset osat eivät ole saatavilla.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Ensisijaisen avaimen salaiset osat eivät ole saatavilla.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Haluatko varmasti luoda? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "ei koskaan"
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kriittinen allekirjoituskäytäntö: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Allekirjoituskäytäntö: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kriittinen allekirjoitusnotaatio: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Allekirjoitusnotaatio: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6043,7 +5953,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d väärää allekirjoitusta\n"
 msgstr[1] "%d väärää allekirjoitusta\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6051,64 +5961,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 allekirjoitus jätetty tarkistamatta virheen vuoksi\n"
 msgstr[1] "1 allekirjoitus jätetty tarkistamatta virheen vuoksi\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Avainrengas"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Ensisijaisen avaimen sormenjälki:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Aliavaimen sormenjälki:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Ensisijaisen avaimen sormenjälki:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Aliavaimen sormenjälki:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Avaimen sormenjälki ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "tarkistetaan avainrengasta \"%s\"\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "käsiteltiin %lu avainta (%lu allekirjoitusta)\n"
 msgstr[1] "käsiteltiin %lu avainta (%lu allekirjoitusta)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6116,367 +6026,375 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 väärä allekirjoitus\n"
 msgstr[1] "1 väärä allekirjoitus\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: avainrengas luotu\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "virheelliset vientivalitsimet\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "pyydetään avainta %08lX kohteesta %s\n"
 msgstr[1] "pyydetään avainta %08lX kohteesta %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "pyydetään avainta %08lX kohteesta %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "pyydetään avainta %08lX kohteesta %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "virheelliset vientivalitsimet\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "ohitetaan \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "allekirjoitettu avaimellasi %08lX %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "pyydetään avainta %08lX kohteesta %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "outo koko salatulle istuntoavaimelle (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s-salattu istuntoavain\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "salattu tuntemattomalla algoritmilla %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "salattu tuntemattomalla algoritmilla %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "julkinen avain on %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "julkisella avaimella salattu data: DEK kelpaa\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "salattu %u-bittisella %s-avaimella, tunnus %08lX, luotu %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "                aka \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "salattu %s-avaimella, tunnus %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "julkisen avaimen avaus epäonnistui: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "salattu %lu salasanalla\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "salattu yhdellä salasanalla\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "julkisen avaimen avaus epäonnistui: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "julkisella avaimella salattu data: DEK kelpaa\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "oletettavasti %s-salattua dataa\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "IDEA-salain ei käytettävissä, yritetään optimistisesti \n"
 "käyttää sen sijaan salainta %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "VAROITUS: viestin eheyttä ei oltu suojattu\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "avaus epäonnistui: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "avaus onnistui\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "VAROITUS: salattua viestiä on muokattu!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "avaus epäonnistui: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "HUOM: lähettäjä määrittää \"vain-sinun-silmillesi\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "alkuperäisen tiedoston nimi=\"%.*s\"\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "itsenäinen mitätöinti - käytä \"gpg --import\" ottaaksesi käyttöön\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Allekirjoitus täsmää lähettäjään \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "VÄÄRÄ allekirjoitus lähettäjältä \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Vanhentunut allekirjoitus lähettäjältä \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Allekirjoitus täsmää lähettäjään \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "allekirjoituksen varmistus vaiennetaan\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "näitä allekirjoituksia ei voi käsitellä\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Allekirjoitus vanheni %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "                aka \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr ""
 "Allekirjoitus tehty %.*s käyttämällä %s-algoritmia avaintunnuksella %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                aka \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Avain saatavilla kohteessa: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[ei tiedossa]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "                aka \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "VAROITUS: Tätä avainta ei ole varmennettu luotettavalla allekirjoituksella!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Allekirjoitus vanheni %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Allekirjoitus vanhenee %s\n"
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binääri"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "teksti"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "tuntematon "
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "tuntematon julkisen avaimen algoritmi"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Allekirjoitusta ei voi tarkistaa: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "allekirjoitus ei ole erillinen\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
@@ -6484,150 +6402,145 @@ msgstr ""
 "VAROITUS: useita allekirjoituksia havaittu.  Vain ensimmäisen voi "
 "tarkistaa.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "itsenäinen allekirjoitus luokkaa 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "vanhan tyylin (PGP 2.x) allekirjoitus\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "ei voi avata tiedostoa: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "julkisen avaimen algorimin %d käsittely ei onnistu\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "salausalgoritmi ei ole käytössä"
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "lukuvirhe: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "lukuvirhe: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: paheksuttava valitsin \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "käytä valitsinta \"%s%s\" sen sijaan\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "pakkaamaton"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "pakkaamaton"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "%s ei kenties voi käsitellä tätä viestiä\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "luetaan asetukset tiedostosta \"%s\"\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "tuntematon allekirjoitusluokka"
@@ -6652,93 +6565,83 @@ msgstr "%s: tuntematon pääte\n"
 msgid "Enter new filename"
 msgstr "Syötä uusi tiedostonimi"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "kirjoitetaan vakiotulosteeseen\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "data kohteessa \"%s\" oletetaan allekirjoitetuksi\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "julkisen avaimen algorimin %d käsittely ei onnistu\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "VAROITUS: mahdollisesti turvaton symmetrisesti salattu istuntoavain\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kriittinen allekirjoitusnotaatio: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "tyypin %d alipaketilla on kriittinen bitti asetettuna\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "muuta salasanaa"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Syötä salasana\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "käyttäjän peruma\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (pääavaimen tunnus %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Haluatko varmasti poistaa valitut avaimet? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Haluatko varmasti poistaa valitut avaimet? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6748,7 +6651,7 @@ msgid ""
 "%s"
 msgstr "%u-bittinen %s-avain, tunnus %08lX, luotu %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6763,35 +6666,81 @@ msgstr ""
 "käytät erittäin suurta kuvaa, myös avaimesta tulee erittäin suuri!\n"
 "Kuvan koon ollessa suunnilleen 240x288, on koko sopiva käyttöön.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Syötä JPEG-tiedostonimi valokuvatunnisteelle: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "ei voi avata tiedostoa: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Haluatko varmasti käyttää sitä (k/E)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" ei ole JPEG-tiedosto\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Onko tämä oikein (k/E/l)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "etäohjelman suorittamista ei tueta\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"tämä ympäristö vaatii väliaikaistiedoston kutsuttaessa ulkoisia ohjelmia\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "ulkoisen ohjelman luonnoton päättyminen\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "järjestelmävirhe kutsuttaessa ulkoista ohjelmaa: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "VAROITUS: väliaikaishakemistoa \"%s\" ei voi poistaa: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"ulkoisen ohjelman kutsuminen poistettu käytöstä johtuen turvattomista \n"
+"asetustiedoston oikeuksista\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "valokuvatunnistetta ei voi näyttää!\n"
@@ -6806,108 +6755,108 @@ msgstr "valokuvatunnistetta ei voi näyttää!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMlLoO"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Luottamusarvoa ei ole asetettu seuraavalle:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "                aka \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Tämä avain todennäköisesti kuuluu haltijalle\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = En tiedä\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = EN luota\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Luotan ehdottomasti\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = takaisin päävalikkoon\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " o = ohita tämä avain\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " l = lopeta\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Valintasi? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Haluatko varmasti luottaa tähän avaimeen ehdottomasti? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Varmennepolku ehdottomasti luotettuun julkiseen avaimeen:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
 "haltijalleen.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
 "haltijalleen.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Tämä avain todennäköisesti kuuluu haltijalle\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Tämä on oma avain\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6919,7 +6868,7 @@ msgstr ""
 "kysymykseen kyllä\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6931,80 +6880,87 @@ msgstr ""
 "kysymykseen kyllä\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "VAROITUS: Käytettyyn avaimeen ei luoteta!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "VAROITUS: tämä avain saattaa olla mitätöity (mitätöintiavainta ei "
 "saatavilla)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "käyttäjätunnus: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "avain %08lX: ei vastaa omaa kopiotamme\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "VAROITUS: Tämän avaimen nimetty mitätöijä on mitätöinyt avaimen!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "VAROITUS: Tämän avaimen haltija on mitätöinyt avaimen!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Tämä voi merkitä sitä, että allekirjoitus on väärennös.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "VAROITUS: Haltija on mitätöinyt tämän aliavaimen!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Huom: Tämä avain on poistettu käytöstä\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Huom: Tämä avain on vanhentunut!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"VAROITUS: Tätä avainta ei ole varmennettu luotettavalla allekirjoituksella!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "VAROITUS: Tätä avainta ei ole varmennettu luotettavalla allekirjoituksella!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
@@ -7012,17 +6968,28 @@ msgstr ""
 "         Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
 "haltijalleen.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "VAROITUS: Tähän avaimeen EI luoteta!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Allekirjoitus on luultavasti VÄÄRENNÖS.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"VAROITUS: Tätä avainta ei ole varmennettu tarpeeksi luotettavalla \n"
+"allekirjoituksella!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7030,51 +6997,51 @@ msgstr ""
 "VAROITUS: Tätä avainta ei ole varmennettu tarpeeksi luotettavalla \n"
 "allekirjoituksella!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Ei ole varmaa, että allekirjoitus kuuluu haltijalle.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: ohitettu: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s ohitettu: julkinen avain on poistettu käytöstä\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: ohitettu: julkinen avain on jo olemassa\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Et määritellyt käyttäjätunnusta. (voit käyttää valitsinta \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7082,40 +7049,40 @@ msgstr ""
 "\n"
 "Syötä käyttäjätunnus.  Lopeta tyhjällä rivillä: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Käyttäjätunnusta ei löydy.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "ohitettu: julkinen avain on jo asetettu oletusvastaanottajaksi\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Julkinen avain on poistettu käytöstä\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "ohitettu: julkinen avain on jo asetettu\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "ei kelvollisia vastaanottajia\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "avain %08lX: ei käyttäjätunnusta\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "avain %08lX: ei käyttäjätunnusta\n"
@@ -7126,78 +7093,83 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "dataa ei ole tallennettu, käytä valitsinta \"--output\" tallentaaksesi\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Erillinen allekirjoitus.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Anna datatiedoston nimi: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "luetaan vakiosyötettä ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "ei allekirjoitettua dataa\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "allekirjoitetun datan \"%s\" avaaminen ei onnistu\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "allekirjoitetun datan \"%s\" avaaminen ei onnistu\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "avain %08lX: ei käyttäjätunnusta\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "nimetön vastaanottaja; yritän käyttää salaista avainta %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "avain %08lX: ei käyttäjätunnusta\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "ok, nimetön vastaanottaja olet sinä.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "vanhaa DEK-koodaus ei tueta\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "salausalgoritmi %d%s on tuntematon tai poistettu käytöstä\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "HUOM: salausalgoritmia %d ei löydy valinnoista\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "HUOM: salainen avain %08lX vanheni %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "HUOM: avain on mitätöity!"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet epäonnistui: %s\n"
@@ -7215,48 +7187,48 @@ msgstr "Mitätöinnin tekee:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Tämä on arkaluonteinen mitätöintiavain)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Salainen avain on saatavilla.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Luo tälle avaimelle mitätöintivarmenne? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII-koodattu tuloste määritetty.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet epäonnistui: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "mitätöintiavainta ei löydy avaimelle \"%s\"\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Luo tälle avaimelle mitätöintivarmenne? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7265,20 +7237,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "salaista avainta \"%s\" ei löydy: %s\n"
@@ -7291,18 +7263,18 @@ msgstr "salaista avainta \"%s\" ei löydy: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Luo tälle avaimelle mitätöintivarmenne? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7322,38 +7294,38 @@ msgstr ""
 "tulostusjärjestelmä saattaa tallentaa datan ja saattaa sen muiden "
 "saataville!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Valitse mitätöinnin syy:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Peru"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Todennäköisesti haluat valita %d tässä)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Syötä vapaaehtoinen kuvaus; lopeta tyhjään riviin:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Mitätöinnin syy: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Kuvausta ei annettu)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Kelpaako tämä? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "luotu avain on heikko - yritän uudestaan\n"
@@ -7365,63 +7337,58 @@ msgstr ""
 "heikon avaimen luomista symmetriselle salaimelle ei voitu välttää; \n"
 "yritettiin %d kertaa!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "VAROITUS: allekirjoitustiiviste ei täsmää viestin kanssa\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+#| msgid "you may not use %s while in %s mode\n"
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
+
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "VAROITUS: allekirjoitusaliavain %08lX ei ole ristiinvarmennettu\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = näytä lisätietoja\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "VAROITUS: allekirjoitusaliavaimella %08lX on epäkelpo ristiinvarmennus\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
 msgstr[1] "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
 msgstr[1] "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7434,7 +7401,7 @@ msgstr[1] ""
 "avain on luotu %lu sekunti tulevaisuudessa (on tapahtunut aikahyppy tai\n"
 "kellon kanssa on ongelmia)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7446,53 +7413,53 @@ msgstr[1] ""
 "avain on luotu %lu sekunti tulevaisuudessa (on tapahtunut aikahyppy tai\n"
 "kellon kanssa on ongelmia)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "HUOM: allekirjoitusavain %08lX vanheni %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "HUOM: avain on mitätöity!"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "itsenäinen allekirjoitus luokkaa 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "itsenäinen allekirjoitus luokkaa 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "Epäkelpo allekirjoitus avaimelta %08lX oletettavasti johtuen tuntemattomasta "
 "\"critical bit\":istä\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "avain %08lX: ei vastaavaa aliavainta aliavaimen mitätöintipaketille\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "avain %08lX: ei aliavainta aliavaimen liitosallekirjoitukselle\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "VAROITUS: %%-laajennus ei onnistu (liian suuri).  Käytetään "
 "laajentamatonta.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7500,7 +7467,7 @@ msgstr ""
 "VAROITUS: käytäntö-url:n %%-laajennus ei onnistu (liian suuri). \n"
 "Käytetään laajentamatonta.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7509,53 +7476,54 @@ msgstr ""
 "VAROITUS: käytäntö-url:n %%-laajennus ei onnistu (liian suuri). \n"
 "Käytetään laajentamatonta.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s-allekirjoitus lähettäjältä: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "allekirjoitetaan:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "käytetään %s-salausta\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "avainta ei ole merkitty turvattomaksi - sitä ei voida käyttää jäljitellyn\n"
 "satunnaislukugeneraattorin kanssa!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "ohitetaan \"%s\": kopio\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "ohitetaan: salainen avain on jo paikalla\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "ohitetaan \"%s\": tämä on PGP:n luoma ElGamal-avain, jolla ei voi "
 "allekirjoittaa turvallisesti!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "luottamustietue %lu, tyyppi %d: kirjoittaminen epäonnistui: %s\n"
@@ -7569,46 +7537,46 @@ msgstr ""
 "# Luettelo annettuista luottamusarvoista, luotu %s\n"
 "# (Käytä \"gpg --import-ownertrust\" palauttaaksesi ne)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "rivi on liian pitkä\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "tuo luottamusasteet"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "virhe etsittäessä luottamustietuetta: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "lukuvirhe: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: synkronointi epäonnistui: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
@@ -7618,12 +7586,12 @@ msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
 msgid "can't lock '%s'\n"
 msgstr "tiedostoa \"%s\" ei voi avata\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek epäonnistui: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: kirjoittaminen epäonnistuin (n=%d): %s\n"
@@ -7638,7 +7606,7 @@ msgstr "trustdb-tapahtuma on liian suuri\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: hakemistoa ei ole olemassa!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"
@@ -7680,7 +7648,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: virhe päivitettäessä versiotietuetta: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: virhe luettaessa versiotietuetta: %s\n"
@@ -7690,52 +7658,52 @@ msgstr "%s: virhe luettaessa versiotietuetta: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: virhe kirjoitettaessa versiotietuetta: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek epäonnistui: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: ei ole trustdb-tiedosto\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versiotietue tietuenumerolla %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: tiedostoversio %d ei kelpaa\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: tietueen nollaaminen epäonnistui: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: tietueeseen lisääminen epäonnistui: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: trustdb luotu\n"
@@ -7777,10 +7745,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
@@ -7802,7 +7770,7 @@ msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
@@ -7974,111 +7942,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "%d allekirjoitusta poistettu.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "salattu %lu salasanalla\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Käytäntö: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8095,117 +8063,117 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "\"%s\" ei kelpaa pitkänä avaintunnuksena\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "avain %08lX: hyväksytty luotettuna avaimena\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "avain %08lX esiintyy trustdb:ssä useammin kuin kerran\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "avain %08lX: luotetulle avaimelle ei löydy julkista avainta - ohitetaan\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "Avain on määritelty ehdottoman luotettavaksi.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "luottamustietue %lu, pyyntötyyppi %d: luku epäonnistui: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "luottamustietue %lu ei ole pyydettyä tyyppiä %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "trustdb:n tarkistusta ei tarvita\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "seuraava trustdb tarkistus %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "trustdb:n tarkistusta ei tarvita\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "trustdb:n tarkistusta ei tarvita\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "julkista avainta %08lX ei löydy: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "tee --check-trustdb, kiitos\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "tarkistetaan trustdb:tä\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "tähän mennessä käsitelty %lu avainta\n"
 msgstr[1] "tähän mennessä käsitelty %lu avainta\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8213,45 +8181,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d avainta käsitelty (%d kelpoisuuslaskuria tyhjätty)\n"
 msgstr[1] "%d avainta käsitelty (%d kelpoisuuslaskuria tyhjätty)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "ehdottomasti luotettavia avaimia ei löytynyt\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "ehdottomasti luotettu julkinen avain %08lX ei löytynyt\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "luottamustietue %lu, tyyppi %d: kirjoittaminen epäonnistui: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "ei koskaan"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8263,43 +8231,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[mitätöity] "
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[vanhentunut] "
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "tuntematon "
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "ei koskaan"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8324,20 +8292,31 @@ msgstr "syöterivi %u on liian pitkä tai rivinvaihto puutuu\n"
 msgid "can't open fd %d: %s\n"
 msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "VAROITUS: viestin eheyttä ei oltu suojattu\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "luetaan asetukset tiedostosta \"%s\"\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8347,129 +8326,225 @@ msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "muuta salasanaa"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "muuta salasanaa"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "muuta salasanaa"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "\"%s\" on jo pakattu\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "luo uusi avainpari"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "luo uusi avainpari"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "poista avaimet julkisten avainten renkaasta"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Avaimen luonti epäonnistui: %s\n"
+msgstr[1] "Avaimen luonti epäonnistui: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "muuta salasanaa"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Valitse mitätöinnin syy:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "muuta salasanaa"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Huom: Tämä avain on poistettu käytöstä\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "muuta salasanaa"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Valitse mitätöinnin syy:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "poista avaimet julkisten avainten renkaasta"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
@@ -8477,43 +8552,43 @@ msgstr "avainlohkojen poisto epäonnistui: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "muuta salasanaa"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8521,22 +8596,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "muuta salasanaa"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Valitse mitätöinnin syy:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8544,124 +8619,82 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "muuta salasanaa"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "muuta salasanaa"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "virhe luettaessa avainlohkoa: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "\"%s\" on jo pakattu\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "luo uusi avainpari"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "luo uusi avainpari"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI-muotoa ei tueta"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "avainlohkojen poisto epäonnistui: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Avaimen luonti epäonnistui: %s\n"
-msgstr[1] "Avaimen luonti epäonnistui: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
 # Ensimmäinen %s on binary, textmode tai unknown, ks. alla
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
@@ -8674,101 +8707,99 @@ msgstr "muuta salasanaa"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "älä käytä lainkaan päätettä"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "ristiriitainen komento\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "apua"
@@ -8802,7 +8833,7 @@ msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 msgid "certificate policy not allowed"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
@@ -8817,7 +8848,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8838,240 +8869,240 @@ msgstr "virhe luotaessa salasanaa: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "HUOM: avain on mitätöity!"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Tämä avain on vanhentunut!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Tämä avain on vanhentunut!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Tämä avain on vanhentunut!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Tämä avain on vanhentunut!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "        uusia allekirjoituksia: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "virheellinen varmenne"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "näytä sormenjälki"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "luo mitätöintivarmenne"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "tarkista allekirjoitus"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "virheellinen varmenne"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "ei käsitelty"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "ei"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9084,177 +9115,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u-bittinen %s-avain, tunnus %08lX, luotu %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "virheellinen varmenne"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Sähköpostiosoite ei kelpaa\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "avain %08lX: pätemätön aliavainriippuvuus\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Avaimen luonti epäonnistui: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (salaus ja allekirjoitus)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (vain allekirjoitus)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (vain salaus)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Kuvausta ei annettu)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
@@ -9264,261 +9305,255 @@ msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Sähköpostiosoite: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Syötä käyttäjätunnus.  Lopeta tyhjällä rivillä: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Syötä uusi tiedostonimi"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Syötä vapaaehtoinen kuvaus; lopeta tyhjään riviin:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Luo tälle avaimelle mitätöintivarmenne? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "virhe luotaessa salasanaa: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s salattua dataa\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "salattu %s-avaimella, tunnus %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "virhe luettaessa avainlohkoa: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Kuvausta ei annettu)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "näytä salaiset avaimet"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "virheellinen varmenne"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "virheellinen varmenne"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "virheellinen varmenne"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "älä käytä lainkaan päätettä"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "tuota ascii-koodattu tuloste"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "lisää tämä avainrengas avainrenkaiden luetteloon"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|PALVELIN|käytä tätä palvelinta avainten etsimiseen"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NIMI|käytä salasanoihin salausalgoritmia NIMI"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NIMI|käytä salausalgoritmia NIMI"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NIMI|käytä viestintiivistealgoritmia NIMI"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "eräajo: älä kysy mitään"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "oleta myönteinen vastaust useimpiin kysymyksiin"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "oleta kielteinen vastaust useimpiin kysymyksiin"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9529,87 +9564,122 @@ msgstr ""
 "allekirjoita, tarkista, salaa tai avaa\n"
 "oletustoiminto riippuu syötteestä\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = ohita tämä avain\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "kirjoitetaan kohteeseen \"%s\"\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Kaikkiaan käsitelty: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "luo mitätöintivarmenne"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? mitätöinnin tarkistuksessa ongelmia: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9618,17 +9688,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9639,14 +9709,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9654,53 +9724,59 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr ""
+"Allekirjoitus tehty %.*s käyttämällä %s-algoritmia avaintunnuksella %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Allekirjoitus vanheni %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "ascii-koodaus: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Allekirjoitus täsmää lähettäjään \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                aka \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9727,101 +9803,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "näytä sormenjälki"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "virheellinen varmenne"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "luo mitätöintivarmenne"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
@@ -10348,64 +10424,64 @@ msgstr "avainta \"%s\" ei löydy: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Mitätöintivarmenne luotu.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "virheellinen varmenne"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "virheellinen varmenne"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "virheellinen varmenne"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "virheellinen varmenne"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Syötä määrätyn mitätöijän käyttäjätunnus: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10413,226 +10489,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "päivitys epäonnistui: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "valinta %c%lu on kopio\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "HUOM: avain on mitätöity!"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "tiedoston \"%s\" tilaa ei voi lukea: %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Tuetut algoritmit:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|PALVELIN|käytä tätä palvelinta avainten etsimiseen"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10646,126 +10717,315 @@ msgstr ""
 "(Katso täydellinen luettelo kaikista komennoista ja valitsimista man-"
 "sivuilta)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "käyttö: gpg [valitsimet] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s ja %s eivät ole sallittuja yhdessä!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "ascii-koodaaminen epäonnistui: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "rivi on liian pitkä\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "virhe: sormenjälki on väärä\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "lukuvirhe: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "ei käsitelty"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "luetaan kohteesta \"%s\"\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "          ilman käyttäjätunnuksia: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "                aka \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "                aka \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "          ei tuotu: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "                aka \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "                aka \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "VAROITUS: käytetään suojaamatonta muistia!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "ascii-koodauksen purku epäonnistui: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" ei ole JPEG-tiedosto\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "liian monta \"%c\" valintaa\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "kirjoitetaan kohteeseen \"%s\"\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
@@ -10795,51 +11055,31 @@ msgstr "päivitys epäonnistui: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" ei ole JPEG-tiedosto\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " o = ohita tämä avain\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10927,93 +11167,93 @@ msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "avainta \"%s\" ei löydy: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "luo mitätöintivarmenne"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "salaiselle avainrenkaalle ei ole asetettu oletusarvoa: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "käytetään salakirjoitusalgoritmia %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "virhe luotaessa salasanaa: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "HUOM: avain on mitätöity!"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11023,68 +11263,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "allekirjoitus epäonnistui: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "allekirjoitus epäonnistui: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: hajautustaulukon luonti ei onnistu: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11130,251 +11374,269 @@ msgstr "valinta %c%lu on kopio\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "lopeta|sulje"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "avainlohkojen poisto epäonnistui: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "rivi on liian pitkä\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "allekirjoitus epäonnistui: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "julkinen avain on %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "verkkovirhe"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "väärä salasana"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "julkista avainta ei löydy"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Käytä ensin komentoa \"toggle\".\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "tuntematon asetus \"%s\"\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "tuntematon asetus \"%s\"\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "päivitä luottamustietokanta"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "käytä tulostustiedostona"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "julkista avainta ei löydy"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
@@ -11390,113 +11652,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "kirjoitetaan kohteeseen \"%s\"\n"
+msgid "authenticate to the card"
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "etsi avaimia avainpalvelimelta"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Lopeta tallentamatta muutoksia?"
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "muuta voimassoloaikaa"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "pyydetään avainta %08lX kohteesta %s\n"
+msgid "read a certificate from a data object"
+msgstr "Mitätöintivarmenne luotu.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Kuvausta ei annettu)\n"
+msgid "store a certificate to a data object"
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "muuta salasanaa"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+#~ msgid "use a log file for the server"
+#~ msgstr "etsi avaimia avainpalvelimelta"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+#~ msgid "argument not expected"
+#~ msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "virheelliset tuontivalitsimet\n"
+#~ msgid "read error"
+#~ msgstr "virhe tiedostoa luettaessa"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "rivi on liian pitkä\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "virheellinen argumentti"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "virheellinen ascii-koodaus"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "ristiriitainen komento\n"
+
+#, fuzzy
+#~ msgid "invalid alias definition"
+#~ msgstr "virheelliset tuontivalitsimet\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "avainta \"%s\" ei löydy: %s\n"
+#~ msgid "out of core"
+#~ msgstr "ei käsitelty"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "luetaan kohteesta \"%s\"\n"
+#~ msgid "invalid meta command"
+#~ msgstr "ristiriitainen komento\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "          ilman käyttäjätunnuksia: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                aka \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "odottamatonta dataa"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "                aka \""
+#~ msgid "invalid option"
+#~ msgstr "virheelliset tuontivalitsimet\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "          ei tuotu: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Komento ei kelpaa (kirjoita \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                aka \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "virheelliset tuontivalitsimet\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                aka \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "HUOM: Ei oletusasetustiedostoa \"%s\"\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Kuvausta ei annettu)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "asetustiedosto \"%s\": %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "VAROITUS: käytetään suojaamatonta muistia!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "ascii-koodaaminen epäonnistui: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "ulkoista ohjelmaa ei voi suorittaa\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "ulkoisen ohjelman vastausta ei voi lukea: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "ascii-koodaaminen epäonnistui: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA ja ElGamal (oletus)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "ascii-koodauksen purku epäonnistui: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Lopeta tallentamatta muutoksia?"
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11545,8 +11883,8 @@ msgstr ""
 #~ msgstr "tiedostoa %s ei voi avata: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11601,12 +11939,6 @@ msgstr ""
 #~ msgstr "virhe luotaessa salasanaa: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12910,9 +13242,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "poista allekirjoitus"
 
-#~ msgid "change the expire date"
-#~ msgstr "muuta voimassoloaikaa"
-
 #~ msgid "set preference list"
 #~ msgstr "näytä valinnat"
 
@@ -13345,9 +13674,6 @@ msgstr ""
 #~ "HUOM: Elgamal-ensisijainen avain havaittu - tämän tuominen voi kestää "
 #~ "hetken\n"
 
-#~ msgid " (default)"
-#~ msgstr " (oletusarvo)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX luotu: %s vanhenee: %s"
 
diff --git a/po/fr.gmo b/po/fr.gmo
index a8256fcce1bd27fdb1a8ffecc4c5f9e518430dc6..ce3c63d21aba444e7d7eaef4acc426dba7701c1f 100644
GIT binary patch
delta 43033
zcmaIf1$<P;!~gr;O|W3W9TtMSy99!}yF+jiBslGXA}v-VP~6?!rFe07hvM#1?0&vG
z!*jX!FX#1~zGvo)%h^qU-?RO6tjz~vIXB|_PjYb;jOKEs#A8KVuK6)su7N$3>T*S&
z=5po07+4GoVRX04)f1BtA2{9RI*b!B0XCoEawWwcm<C5-3S5pU@gGcxcTL=JeX<FO
zXS!TLJjjO1Py<z<t#z<XpM~*BUvJ|F?enXcm-LTV2(!&H@ithN_+OY4uVN((n5}${
z%T<?v8XS#ka4yEgU8oTrvEIRC#Q#I(OE|}v$66gV^3IqZhobT=#dvrSv*9Joi2idK
zutOjlfmm1r6Jb+KgFS5e1PmlT8)M@dOpLow4V*_c_!?C{$vpEs2dbg6m>fG}b{vix
z;Cgga!QTW_;WbQ)Z%`E_nr{kbvzE8EvJOPe&}185Z9RgTiF>G}`i5#S-U8F%RH%5-
z1<b#uzPx?V#6IYY+B8E^Q#Z%D4mA_|F$12*0Q`*Vc+`c=B4)-4*cS`nZq(AfN6kp!
zBGZvVi<o~+O<fYwW4L`V5wj9si|OzhHpB0z{LL1-T)D9?#=)hS3b&v-asfF=u8)`*
z^DZ&<H$g4IAk2g-9ReEZdDN7>!i*TO)THOZGQ_K42^@#1@dT=4&oBc9E;Ho{qB_tF
zmF}SOEyN%^glhOHdeKR^+)PCQ)Kb*8@%A=86t%`vQB%JbGvi*=j6Fe>3tVB&e+E=T
zMNl1WhRQe4#^+jhBOP^IHwkDHx>uS4sWF&%3DivdimG5C>Qo#-t>t6Ph5oBdgZWXL
zxFKqZ!cj9i5>@|v8{dtZk;|Ay=l=_VEF`2{Z3>h}jkpD>1AS0aISXUqevFByQG4Jz
zs)0CbjM*?d@rrl_dto5fTx+Jj73L;B0`t?pYa4-T_yQ|piFKx-;nql0gL6<*x&qtb
zQ5=hT*PG3^7uC^Q7z3kjFncHvHFMcfujr~61zV!ifIvF}WpNkgK);Qqhj}n3@zz)g
z$75E!irFygCNrYEs3~uZIt9H@GZl#%`5e@YuEl707~|mSP0YX6;+D<mx7n<1LR14e
zQ9W;rT8jRt8JLS|a5pBzs~8nuqV~oIOpNiim>I~7Nr;!leApD#k#Sp?|NI1|kf4zt
zM~(0^Y8PkRYF<E<QOBk!YDR`)bX<?xoI6lcej7E#Pi*>kj7>cKHq-IEsJ&7P)xj`_
zfGQY<nyO`}o^8icxDVAqzwNv(u`njWo~RiaftryusHs1RDexI4!x%fv3<Y6f;)PLD
z-yQYb8Ds;~P(9j!s^BOF-~-f5yhb&cc&9o4B~bBp=#OJiOECd8GmB9Tt-(V0Hx|SX
zsF}{W%XiEjS5pENNSKLQn|oLUll^TrVI3?^d?;4MJ*fO~cANJ^eJn|QGHTCUz!K=$
z!{-VHV_f_lHM5g3HO|J^I{&+DhGVGBcnvl3@2Dvc*lVV|9L6W!1U1qy)XWUQc(~X;
z-->GB82a`CD*t!X$P?}}OI`+})4r=cflSy9wMJ7=Q+pb<**>B+Wv2b+-Ci4W6OTaU
zTZnq$97C<?C)5%qIAGFqp$60xHGuY50Q;j8L|_d8_4FJj#fPZP=sswUReVfGJQ+^G
z;;0wZd7Ga4AG0S)V|vm%p+-Cw%i#jdgO5?0H{~I-S@RxZ{*#kXlLYm=GivIFp=M$M
zs$<tt`Cg$q66>%z&$&<yRlqdZ6zAYTR70tbn3>3j8hH&HZ*Akh9%25~@OTo`z;e_K
z9K<qs6ID^Vqh=EoMy+*4)M;sq8L&G>!^x-)&qgn<N98+*T9PNIC5?8>JTK@F$V@^5
zRE9zJ!3+!_z7suo2vzY>REKV&j@LU>hy0J50VGD%lLs}hYN-6}QRRO@b!a?lpw1Ek
zs$dVM#IyFnOH>6hPMC^=P(3e+s;Dc*#KD*i$Kda{6&qpclV*g|F%$6}sHMA$YA4z$
z-`;Rs=?Un(c0y%bf;#V~P-`0dwAtl3P)k%7)nGX0!Re@qk7IUxY2&HRn3)a60;G4u
zyf_;*LuW9X&i``)@kmI1*7PhpDqab7I+~z5=Abs)V$6j*Pz^uD92obUNiTs}iFd_R
zI0ZG3O{l$c0khy2^wPd7<9YL-0;=JzSRNhp;z7)V4^R~(yI?+EOJQu{RnZR{qn<a%
z#5fca;B?edtwwcZJI=zZ=#(SS|DrjkyRjSbsFzH`eNZEtf@AR@s)G8L&64%TO2jwV
z_%{qDUi^xA{tMP2z8y<q+^Z(NIu0g2`YQ9UwT^SmtWg!LPJA%d!&9iK%6Q#$peD8<
zehbx+vNy~du`Oz;hNC*X47Eotq00N;G<zr~>Ull9gF|jQjMmMk*e%wXgs!(u#fLEw
z@kf{xzoV8WDW&3KR*a5CQO`qcyeVpPg`zqz7_})^Vm`cr(J;=xX26LZ0$Q7@s5Neg
zYIr2-y)XxZ@Gz>vXP6F?-8J#zsCWnT;waRbufS5c8?`4~_sr?Zh_Q&4Mh(QNZUfCR
zF$rO)9uC8lI0m(gmst;?UQG8fC%!_B(0ku>xEgwi_r_n`yb)3LBzkD3KCiVUa-1F4
zp9Iv?rI-O9S>rx3$Eg4+Jron-C`^WP?DK7yoA_f)jVT_R87PWcn(F9}?NKA{f|`MW
zm_X-$1c9_9%tTH7-`4Y}3Z9^5!2gM<ARWdho)^`za;T1Vw&{Z~2JuLYjx$jmTZGy0
z05-x`*oF38Ri2t-vIX@Z)-#vu4{V3E@CCB$uF}t$R?P5%w<XTNDj4mhd0*5)#iwBi
z-p5Lq^_A&h1O^iyfqC!<Iyw$t2o%Arugz4p#azTEVF5gV+SQ*?Z^9&R%-WYi?dmYp
z2<M^l??Ki30rj;z!&|fYN}y)AA!^3M-ZKB`35+8_n`ooWcn9ke|B9-(_B(SdyJLLf
z<FO+yKy9u#?@fi-Q1NQ0HSUD*u#Zh2ftiUfLbZ4DJ@cQJz!&=<*9SAQhM1M~-!TiW
z!_s&Sl|S`I^Cqih9gDe1KaSb(8|rjq{bXjYk+l~lC4D@4ahYQij@k@&Q6q5uXELNh
zj)|)z7Q{xVO*amU;3h1OFEJSw`fO&Z7OJD&QG09w_Q3RC?6+mq9&j!YC_y0lSF>5l
zV}9b}P*Z;ZgYYhDMA5&Q<5~#I67Pe-xC6`KSJVuId^Zh*V|C(lQJe9lwW!Oj4mhr%
z1hiQ;p+<HW>tKM}?fZpeb1X%C8dk(BsQf`5x9`nY3zZ&$WpF2sK$oA}H*+IV=?hUy
z`4DwF;`=M^@M%UsBO8PzaW!h{o?}%^8^!ILp)f2?d<6#MBh=Jq<pV?==#KSp8){Pr
zMl&5PfU2(zYRdmY&BP%LrhQj@exIs_>!8l>1XPc2U@)eQ;r1P?)~H=O1+_U3U?F^o
z8bIa%^Sl9SGY++GL@nukRL4@pbi4XuFgohdRsx#(C#drsFP57x|7<W+#YJPgeIK_S
zF$(b!=!au56-MF^T#E;=KpfM-&zO;T#<*tW)lhrMLCwhgxNgTan!p7TG=*&fO~Dmd
zg7`($ND{?!`*wSIRD2Mo!?mae&S6^oj2cL)_+}<TumJIHsCWM&48%>S4*V0}al2X&
z_>Y7DY@EOtYVBqnU>%O}$TuDn;(SbwTQCux#RT{W)zDW|y>Sw{eZQbchB1hHF&1WZ
z2q<GARK|)J6YHQ}!7WfD9*df~-B=j!qE1PwL}sSCqei+Kwbu7AB_>a7*1QnvST@DX
z_y?v&XDtD}kxpS8e1sa=M^q1ECvp3}WG2TD;+au<q>D|Th+g9JFa_?j-o(VjKcn_g
z{G{f2X;eGSkO4ccE(A1%eNa7`fZ9}RQEPe<z4!{%K>TE8WI0jsDyY-a9#w7`Cc#6f
zH{vbS%>0Mi{kfByV_6TA>--NPpo(Up8r+7O`fI2)jg`WTBppU2UIf+AVARaDKo9ms
zEzJN_gBwugAERc#mC`hv3$+BzFq_W*aGS6WHDy;(6}(2h^E0P1ySfExriP(9ItP`1
zFX}X0MlXIr4JcJ=)4?LBnW>H16Wvhnkum6~;5Gs}HrG+d!Y_^4ECo?}p*5;NAJk@D
zVBKh+A4HAxDyo53s1C;Q8grvIac$H9hS>C3Ue3Qpx|;;;{`VLk-D%CHONhmYr$fDZ
zn`2g-j%w&2>Nx$2UVMgH^Em0u$TMRa;-yhD(h7Ave?fI*d^*SUY=zBm9W_;-Pz93&
znT86X((9u3Mi0~`n}?dAZKw~Ilc*QcC)A91)0;P6K~%>&p!Uvhm=EVV1hmHIF&JZI
zFq^0vYG#I`mShKN6TLufp41u5)K)+(T}O<9V^JfUgzDfL)QAsRuc12f64gN`Ad}no
zTP`nZ#7$5S23W^i7o(PDCo115)LwXrs?eR;Y{C?%^pdEVsDbKuZ`2YjM7_xNAniD=
zdjxcBKBGR@^Jg(@-x{^n-B4>k9ZTaS)C?rgYC0N%It7hT4R%94pNx9r?M5~D6g4w}
z*~}7T!xTFIl?iBV+o4{)Ls7eT9BL%%P$S%jI`7v}BYBTnn)um`<xmavMZF<spf>4#
z>upr|Z>Xh7l7qcL`>tFBG=f&B9`?2INb53GNA{o!o<UXg7<DZDa+*Dm8#R#ns7)4u
z>QE$B#LcMV?#gBA2|`D^wip48I21JlzhiWaL@mJ#)F%4}wfmo;8cvnl?E1>65l5iv
znStuSE>wrFqn73!YDQA#al5=&BoF6bYt)zoH831iU<In@`%yFU5H&Ktyk>3FqB>p~
z^-hmKZQ7}*_sDAW9ZS@vJ&Bs(I~WT;p*C^Ue4Kw(oH3v2Sy@ztt<cvY>k3qd&Y(u{
z9yQVg`OQcQphjFDb)0*lZy>1p_oHU=4r=CN7cl8X9Rga*hNzKtM@{8u)LLyo_4Fco
z@dIkck`^=#mPMVKHmLmLQB%DE)!<cBeNhXU4(CK2$C{}29EX5*^E51gn^05x6gA?+
zg-r!TQ5CjE9j`H{3O1qgokn%^oqe9Dh>4d(b*MRNMuwpmXCh1ExONfH+MGtc5+9<b
zK4no8FN12JH|iKpLshf^HR5Ba4!=MxO|oL9fr6-f4NyxJj><P4)zR&kQRn|E0gcF0
z++@gxDo_u#c71Go5^AY7qh{<B=EkR}B}rAnl&ge#-Wk34yG>t$nz19O8M%i+wC{>l
z(o~Qe)w8Cko)1Kgd?IRdZ9x^hh^pwDO;1+JbgVFHiE5#*JZgp}qUzmjpI=1P;|b>c
ztD-CfG<9XsxBF2I4o5v-h?<ez7!B{B-V=|l?@{jsPigaElNa^8JgR(c)UNM}$~O(w
zu_L89|5XS)BSC9lq>NdLuBeXuh3e^c^x_@++%LrB%Z@5n54E-<Y<xXx01r@mDQa0$
zUv|_I)<T_%PGudFVFC%7x-B;2zo>?zmoo)(p=PKqYR$W2S)7NOnFpu}W0W_0CJ$;4
z)Ig22GipixME%6I2;<@<hk!QUL)3`lRWJ_<qDD|2wYfsE7LLba_%BAqG!@;hV9bam
zus!NcxDd7G+fg04ivIWk)!{FwnQ&59GE-Lw)x%b(4E<0)=}bo*&y}bz68lkWcnMWu
z^vb4uY*hY27=V?~i*-?(xEE?KOhuil4M>L_*BJsDVPF;WW-5-F;?AfKp&6(SEJRhb
z!+Hz#CiAaqI-C!+1ocoO{sn!X38;>*MlIn!)BtW_Je~i*YNq0JsI@AOTKkTur5T5s
znXT5-s7>|A8n?Rn;j{o2COsUrluJ-Ec^pgP3sk*1YnW4157X1Ws~G`R_?r@N32Ma0
zQ6s#Inz95nO};#+cYXuZ8V*B^Xcnr06Q~(@huQ=2YMGJeL49GVjvCNlbTl<n38>+f
zsEW>@rpi;>WK4s4UI;bCO;IBoidxe}sB(Ky9e9PB`lNNt(&j{!Z;X2G*!ZG4oPYK7
zC<*G(15^Xwt(oeYZ!R@ZFOVsyB|3m{@FA+)2W#AVX2~+422c~#(XOZ^7>j;*0=;;q
z9_L>bydgoxtZ#Z6gle!NY6^RyDx8E`igl=toI-8NH|WJA4NQZDQTZC9W~eV}ppmE#
zvDK*e&0&Xt*77atm6@)g=|E1@Ow>Uy4nXaN8K~286!pgYfa*ZnMy8|XQ1ykPraBV!
zd>d+y-N1tA-`ITIJH-fS?Yg5zIu|vvJ*W=cMU5a<6Z7K9ggTyWQ28dJD&CB$=Q?VW
z#cpbjT`+11>Z0oDjYV<1Nq1bwY=-Bk;}+P=jIapmIEA7bnuS_|J(wSFpq4B_b2HW1
zPz_f?jc_1phSp;dypG!JNm`iGl?^NC{Ffn6kq0BO44y@;RpORrM)IQKwNYOx!%(|>
z2x^U|S~sIQcpf#<*Qgnd-O9YmbD)lORn)O<gUM;%HIRTZPPPv=qZ&AcTD$x9c|dD3
z6IoGfTn+gO<r;vR`aiJ{?n3RA_o$9%Xk*HiMs={QjSoggn`8k2?e?RnUHK6;#X)UN
z#~Pv<?2Fobi_nW_P)qg(HGq_%ro+Wi`CDRa{1Y|e8K@=Oh+2x{p`3qB;cXH$HQ!Mq
zO5Dy&Sr*hxRKytA95uBaP!$eA9j6&KeG>)}KaJWmckJ^h?afT2LCruh)Fy1$-Z4Fj
zBtZq2qjvoc)aJR1TJty^Ovi#y&kLfawmGT;{ZZv7+UE;VAK%AOFRG`gfqlm47^kC|
zxg-t&?b=|}h<c)q%V_lCDpUg}(SwgrGxijtU_dAHaT|!5(iEsA$%S5Qh|1p&i{oTe
zJ?BsZbS@ImRJl8wsY#Do%hIUyR@R|5eKG31|AShZXQ&4Jx|k8CMU@Xm-yT3s`JbqP
zF2{U$1KE3yD}GngP!ZHrHARi2GsZ;+RpD6Fnyp67&|_4?vBJy}Wkv0cQmCnKjOu7V
z^vBt#nOuOXe-|dy`9DKI-&h`?cIRu<ceH?TQ$cZ52U?>(#ePFg;bPS3S%%u2r%_XS
z71e<#-OLQ6N1dA5sPey}7w2PA+IQ`@3D;3?u5YN36zFb#TCIsX*UeB3PC|8P2Wrn;
zL(RlHRQUuwOhc7Xn=~AiJ_@xIdr>oa6McXGCwWiPU`Z^`gGQ*en}e$01Zrj;+qfsf
z#8aa>S`f7tYFXQ(_RcTps|U3dCr~r<7WKYK(2Mi0wG8fMK8;$V3Qj?dbUUg8cTiLJ
z4RsuYdYiQ@jC#}6Ms2FWs2A8q)JSjH=U-9nWbb3@sgC-x+OrSmU%PS`30l)FsHxqK
zI<HqzBYciJZZZ0r%@h~4SrcL<3_{IZSJX^xK#lMis-91%dSdl6Gmr_DUfv;~0*z1^
zx}!!o8a48{s1EH!ee7OGZO%CT&8s%p+7`9R{y;Un0reiZjoS4A157+UY9^|o2JVCt
zP{Z?3Q@j&Z;123T<qK-fvJW&<TLo3HH)`sa+V~~ZTF3mw44??ATy@kY?TT8O;TR3q
zBAeE6Z6y$sgo~&(`xiA**RQ4{c~E<y3aX+WsES9S&hawTXU8toCOnUtu_vfa7n3E{
zROdmZ>qkBftS$Qf{@+9b`k0-Es`wykM()|TYmliR4Juz=)C|=}y`Z|G-u;76n{Yg;
z;RC1<Ke6$|gUu2ZN2PbbL=J&S0vg#;)SB-_t=$dO2&4UGrZxo@Azlf!XNI6Q<#g2f
zo{L5C5~^H+A!aXRLd|Gh)X0aS_Si;rw1!6r6v9uap5+;8*0w1seH0eMeW;4Qqc&mg
zVJ5vbszb9-Bj1EN9oJBA#3!hkNi^Jav=XYLgNAedHFeubP>+sb0NzHe*;DIx)X3xi
zZkDJj79idkwdv-fK9)~ne*A!Xk7WPDta%Oe5)Vhs%s5oJ1%I%{`aC{Ef?fz$QEU4Q
zy%=qTX(%)5bTmipjUlMxHVgIYJz{-`$`^H{=}<P*jMYJPY$$4mwxTxsO^1Mb{sp!6
z=|`Eh55}m(J7NfSLoLk))LyxX+9MxP4Wu1y8m^6Mpbu(bGi`hks=;HZC4YpP0VnAg
zQ*n75M?!a0#hyRS2(w`Y;tf#eel}_ook2C^8Ef8rnNg=B9Mw=H>P550#?PP{et|l!
zsmJ;9@#jAT)RWq%iU*<IU~5nxtJhI$`2e+<0>+y?kRP=ab<m4psHGcg<4aL9a0Jz%
zv#1WeMAa96g6iS?6(FG9SQks<SX747s6Fu()sd)?W>W^D-e5tfkz_-?c*>v`8=}hh
zL%ncjpgOPvwaG7|-ZRfJNasKHMEj<*Rza<4D0=ZP)M?mkpC3W(g}Yb}<4!Ui3`I2%
zjyjG*QF~<us{BTqehBrxxP^{3U6Q{{PxGO6ZyoevU(`9CiW=b()RgZ+jqoz6fiI{I
zC7NtDaWHCTnxdArCu(WtqV~*ojD@!+bN)4z&q>fGdylHH<P_862IwW;2{Yj+)X3JO
zJ`;|j_RMQkL+PfPsji8NcSY@`>8K7ILQVZ03`F-d&c9|L{xnl@PSk_)s3~iJ9_)mE
z*cHoRchsA4v-Jg*B%W!y=~z3|-Wh{>Kg>pTU?*yT7f}Ow=@9S|h(5#Y?kuQRWgXOU
z`W-c8%Tb%?G-@WETNBST<w~N~v;(T4+33Zss3p6CTH1FuJ^3uN<W4aHs;~(b!6B%I
zccKd3Ms?r|YO2%CHd9y|wY$5cDjsj+n^5^Kpz4h}$IM7hY)ZTyR={=03_Gs>2<V+3
zd#;(<q^RBB9JQOrqSkBy>J_>V)xby8Cd@p~bg+uGJE}vIu@vq=FMdIFDAj!PA}WX3
zb^ap=Xf5ZWcJXD@i2WCsin3xO;x(`=E=BE)=cpNSFEkaWM6GFA)C@MY>4Q*9vIMnh
z_o4>$Na;HN(HEJuO^510DO688p^n`IRK-hB$7(lv@giz-eMBuq;>D&z1yT8Gp&IUB
z<G-P1bSkR8Rp|Tu-$4R;H(x;&jIqQ_tryD>4?!KL;iwL7K;^%Q1KoTXU21++GisTc
z^8M)I|NNJmjzwAF=C5_}iwM+!0#=#<cvo`%wT7ih(3H1DP0>hH&)3@Yqc;8u^%)Rz
zl^JOPRQ{UQKB#iDP)oGM#*f<P_pl1-u~r)!u6E3BTtGri9z4YYSYnOa_fN8VVtL|w
zP!&gCYdV?^b-pX2(i@|uGy=6JMx#2m*m?rBr0-Bmm1>=t!4eJuW$c2gFcS0NLe!LB
zM19eSvfjKh^Pn0kiQ47$ZTbLI`9Cl&PD6EU8LGkksE_r#Ha+$R^Wt+d5m3)UP#HVh
z_$bsndOfOxyU~jeP)iVfqe;(;dc`(E)iWHmyH}y=JC53<&ul#ACKJzw>@~+#iGW7b
z67}7zFRI{Z)Q8Us)JV3Y8aR*odEqN+@5I<_W+FRk25MQ`pf+hQjExJh60XDH_yr?$
z{)cRF`~I@&N7UL?+iJcKbU-yYAGJA;qFzj|un?x(W`3p87`0@Ru^%2r-;8c|yBZMh
zj9QX?s3kj#D*q9y(Y`D94)gB*74s6`h~@Ah>O&>xPP0~BQByerwI>#1T0D!j@SU~7
zF7pDKirUOOu_(Sl9p{{XyIsN99UV2Wj(|RNUZHxHVYm6iq-I!{_;l3fIfr_)eMNO3
z?H;o<)llWzqh2u6Q8Ts1rr$;{@kD#g`=ubNW7YO@{<X`8kf4sNMXlLOYnpwgBh^ux
zZZvADH(_&ph<YJa*l#vr59@5yk{!d+_!?C%{{gcE?a)hn)B(p#;R+J8W+zYu-=jv9
z@}T(%rzQpyAC1~{$5Bi164l{2|CkPzKz&TN#{e9PdOjAlw{}@Cqh{!>qXaioe#pEU
zgAbcMP#;xr1bT1_w!rP!7*iZEr=vG&a}7i7@=561v^bFXQCxu)kD89ZLoIRAW9F1O
zH3?`5x}iQ^XQ48j#TXd#xcS^pgcXSQKuzT~RQ{(np7w<K+p={~dt;9E7;5Q0q8HPh
zG&3B6yk8twM*{j#=#9!S8ucNx67^MSKi0<UsE+17WqRHm>k$9ddIps*<7u<Y`=L6r
z1GS_NF&f4>W8#T1t<HaOUw|(hn1&34usF^^&A@f6ix03m7C&nm7=_xjCs5xZW1lm}
zI18$LOVrZLM9tJn8^41Z@N3Mf^B?`Z$(RrIf(St!w+@&D$D>BF6xGmqjDoMQ27bVD
zSmA=(RT;;i>bZnks;@Sl>!R5Mby3H-4?1ZHOedgM>`p9;7cn8Gyks)wK`-%os2S>Q
z)BnPF#J8c2;W5mGA5iBz(`B<{%}`T63bnM67!#LW=KSk(dJ_rN@GzFaBv;JwYm6G<
zpQt6cfdw(&RkIm8p<YnyunIoG-dO0G+f^S|p`J&%Zr*?;QE%9OSPEBM=lp9EJtaXi
z5PZY@(AXHY1Z_|w8I9`sUMz-}F%BlWX*!Y~QxorkUL1vbPpm+#{YljM_rGP{8)?u>
zyo5tQo1r<Xfe6$TjzX>7cGSo4GYrQ6P(3ep+f+ON)uA=0&G-~`O0wNCzc*-vdXLOR
zZOUV)C5-W}+t&dn3jsA)8MWs9Q6m|P?Qj)pvn0A}zETxIz4@x5@^?b5rGuK<Q8*2E
zVM}au&z%2l*1M>^66d~eMjTfW0v$-GiyGNZ)Smc?dT|6kFt6yMsF5{AoraNE6*r+a
zq2EI@<%v+Q?!u_|M;Fx64nx&98&~6D^!@$ceveE86H&))6KaGfP)qX^)nm_NvnO((
z*0Mf^V|Pr6w^8N4+2@I$n4hTfpf+`9)J&~H?Tu|%)FE)4fX;Q&r)GrtQM<V{X2(^i
zCAx|_*D;@&sm_f7#M_`BhM_v#1J%GE7>LVl`VQ2a@C@oJ-ADBO?|-CuZq~RsY7@3Z
zjj#`DFHEqmMRn*DYEOJc%~aYKrh}!hJn?W;J)1B#9!G7`t2iH%ymY&|;`W!Ee|^|w
zd1ZEQE7Tg#L5<)9w!~N17HhvY`8H#F;_p$%v-unIp*0aTvSU~j-=OwX&bQ{{HVoCl
z*{EZA|E*&Rrg&%0aUE2F=@^1nF&NXlH#5=_(-0qkn%e1@30I(&<{WAdd_tXucpuD+
zl|{w7qdL66#;-U8(vlGSqsf>HRZ&yaObkXnUyXW`oklen@X77_H(+^D=`*nsUcg}V
z{%3Z7E7b1qkA652^&vI|wRFw{0@{30KAU5g7K4cA$FtZFYhd;-Zr?v38i-?wzd*eq
zov-FIV+n2~{tR_I=YKOFN+(fEm*~4WuKlqV@qbL*p?4nNH=1@>nFo8YHpX&$T$`~4
z>eDTW$K(5OYKAR{&%>7J@$>jjM;kmsJQ9D!=KdaE2d`sq;!&e`d~eiWQ15}&==<OQ
zxlBOkJ6=?eZz_wUHf1kN?B;VD^W*+#9#<&opQ3wwo2*3)k8kFNqxQr+)C*^?O}~nI
zF?~SIXp8`l@BHULwO0g7It1Dh(Av#c0zN~1TxO5y@qLQrM;)V47>rX<d*lkLqu;HC
zVwo8XNA2!ysI`89+9M@ndwj>R59&Rz9vw~PW&5B=95bR`sNFr@#^<4?Y!~WyJw$yd
z#f|InZPJveZ?lzAn{@zc)6GN;Y%^+U-GLt8tGO!bcn=EnIIcBJ?R*k6qPp=tuF}{K
zHPzcuFQBvu%pM3vP33UZ?p=oZlstr*(*ICz$_xojN9v*WP9Ic9cB0yemdN8frr8rY
zW@Keah{}U7)M@C2n)30ePr2Es9&bQ3d=d4Ad}j?z?D4%fvS9+!JEPu!4r+=1Le0nt
zRJn(!?+<=X5|8h<)bUa0It6M3A@~ROw0^;^#D^vI_}+YPa5?cN$;?beOYU)HXC}Mi
z2-2se@VJIy`jqB$EyJe7qone<T4QU}3_Ax1G$xQOwdwJ2)Q8VZ)E9<Fs8?ymG#*zO
zY=xTg1=b4~LOi<HOl?)v0J@`IU~^IBPNGgp{Ink5UsTMCWoh5ljew?nBPzpb)Th`h
z)Ko`H=kdKdGhh+o4N+@70XySP)TYZ4Wa_DcTC(=285oF~Sx<V?v8<@g+!*8N`~Oe^
zTC+&ZfQwOIAdaI(?#^I(TpX3&A2l<pZ2Sr8xTVQxc6nVaL3}or!|PZPgEE=p*9A3@
zC0LyHU3Um*O4DRE$Ey}<m-j_Y;S8I81oditg&IMsEM_JupiW5-tbyaPAl^oOLrR*}
ztbHizi^^Wq$M{WjY7&T*&Exyu^=O8X#NVUN>&Wb8ZO@}#B*}7^W7GjPqIIZ|e@5-{
z+&Rt2JD~Q^B5aGVF&rD@^7y{S|AU&@l({+os-Qt`kLwp4jr}knkH`1Z>rkvl+@06s
z`<h+@D-fTL%J&3yDnj#leBU9@Vi@t_`OTYjIqKu~F?K|60gvw=DvreI#N!ln%$hGN
z=y7!?;S_2&mnmd=JRF0GzelZUp~7ZLd!c4vFGgU@B4(`zSr4LbW{Y}U3wYiPm!qec
z$F&7lp_Zt<Q`}TI3w1u9U^A>(!i;bc`g&f{e2R^<x=VR{U(fquPx9ZymRKj)%+v-{
zJ<&@W+o3wNA9dUll`%`{bR(c$x(&5vt`M`9RdEr~p{VEC%9?ZB9ZM14fVp_#yhVLz
zr7v$bRU7mtJ`VkG5@yD!I2ZTgZERb?*N)>VU(tMc{EERmSdCh<m#8VuSjpp>jNz!B
zN2_e!2dz=x6DFbd$U|$vDyIBU)GptKI$aMiCnl?Ej$uX2>pTAhbgnm}j?oj;=XgLh
za|(j6Kk+b(iH}g9e($WF>gKZ|F6wzIRQW8J9Lt~=n_)8i6_el;jIZ;*hJXt0Lw)X_
z#CUiSW8))?iyu(=qSY|@5}-z&0(Cq)qF%jQP&4%qdtgXSb80rBzWsi)@p82|{~GZa
z0y?KFP`f-{ZBtPV)N=>*W}Jnoa6hKOJE&K+r;afx{y{t^>V2>o1Mvl_W3IYp338)e
za4qU`{`Kx3LV^m+M!nlFqOan5W(Ja?I+797VL4O>I-n~0!@2^s#;2^`F*os?_02b_
z7N}SECe$1BO?}S4mq4lpW_OoFRWKMsaSf)$#0|{|3ZtHPKz*uBMs?r{dhr`-3DYz(
z4P-*iSS|EmI1a)d);A6T9gm2{=2bcq)#Edm1O1wq-JAz&5O0r~q0Oi_;T_Z|$=cMs
zP<o=KdKqf>UqO9ki`L8>+nlJ=6^6>^EFhq@J%`#H|DhT#-P|0<a8$-Ms5jOv)X0;x
zFz@ijs0JosFz!Ir_Z787K`l)@1XXWGR0k#_^*OHNHo?D@d65)F9mjsC&A1Y^W=}9W
zW^QecRUV8>yejGxG{u&<40YaPwlOnR0<{S{pgP(Qy*LMbfBwIRfR^AEYBR=YYra5a
zz)Zx8Vl!-wTI=1YslAJ;FkYysurO+`G(vTF0P37?LA?h~p*Hyw)C>f*BVFge5dn=f
z0<~Gzp(;Lw#qa~R#(eEPz8{_b!m`94qLv~@2aj*+yP+Chi`pa4F+C>hXyPSNo3kTo
zVBOKtR8J+K29IM(e2Y3B@j96i6+?X=XojkA32G*eqsqNP&0NyXW&rt7Yh4@lCLDxb
zoQm2@+fd(t9(U&aYg47~Vm4P3)UKX@nyM?P2I6-$9Vmht;ZRJ7dr%c!z?K*oX1*PF
zM}4ojjCzm62{%iT9`zn6j;g;&xMO}aiX=fZaSSzeu5RWSW<!m%DQZ^_LcRMJp?;oU
zkBRX<YR0~zW++p4^P;MXrHF@PIb4kzz&q4T<aK(O&CnXPd8VNDz&6wxT|%wBtEZXL
zHmLORm=3q1j@dQT(tSZ~=427ZGN_SuMs2$JsLgvBv!N5Um)T@_u{Q}}sN-`FHC0J^
zo1Pa$EyX}gfb&r^u^Cm-epCZ5QJXenAF~9lF_`#d>m}6QNY>X^zvHSvK<Bd^YO4C6
zUa^}|J-v@wngsn!yaH;oMW8w~4t;M#)Kc9+EkV@&X5`sW&)cA8=ugypV>t%t^M5-5
zP5n*ONZbR=rpbX?^AJ=89Z~rvq8i?0<JVDZ`5m>Ha}6}l+o4|NV^A}?3pJpZ*a}nq
z!V=NG%ORi<FF|dRi&$0}el=^@+Bym~vJI#TFQayOOuLDLQSpALdRC!2@D^2HhCwFY
z2}6iaM@O6ECV|SBWUyJg)~I7R3w=v~)rlwg&HQ-Y8r6XXsPqe{W0+xxDc=H16Q7Pc
zCD&0M2^?ycq%<mjzoDFejeI=`dd1#BO>OWnbDY|vPQ!TXYSgFQaa0Eq4>uoL6;UG}
zi)v^;>Xf|0!kFrJV|~=-8;dHx^LM634Za{jBT4*+=~*Z$<80JS97pZ$L?g_rx(aG!
zBT!4S169v$)Sihx(kxw0)J!x$o%^X6j2BSlk~pKx?k<jMpc|^;MW_*-LoHE^(WWD%
zQ8P9IwHdddUOZP&o6vuZ89;v2^Dxv*j6-#73#$ALo9@K^)2wj;)G=#~+AM!zQM`(J
zp(Gw_rnVHSp>C)b&>YmU+J~BfTNoXqjWfUD2t>Un(x8?uJL)r`7sl7;|DObO?B=3&
z<#E*Jh&SFeR0TT|AAr5^0cr%zCYW-gQ8Ts$wWjw`Gnq8fOnG&zM0}KupGPf8{E3<&
z&R<;un(E%DbG{rkWfxFu_6;@SVw23;bw(}83RHu4(KkbXnKdni8bDhdhO<x|Oh4JQ
zQyVpNzoS>@e;I*#coelM(oQj(tUSghKGeo1pqA(q#zFt7W=a#FI?@#T<Db|NV@xx@
z)M|}wh<C*HcpSB41*UWUb-rs8P>&ppit|u2uoQLtPNN!rf!ahtGt637LRHiaRelU=
z)2%^u=nO_f|Cwgwu~4t>(ijt)&E))RtvcEavr$uh4z<Sqv&>Jq`A};%4YefKFc_1~
zHk++6s^T_S3mxleRQ{kjX0NnFEyZZmfVRzX%;)!W60|F$%r$G78nuQMFbxhyb!aYX
zkDS7i_!;$SS9G5FwCs(_KMA#@8&P{D=6sK@!y%{+4Mm-nJq`h#--lQg<1aABu>}SY
zAB{R4lTkCX&-w<{P|!ltfe_RS$w6)Ab*LG8fGU?|kr_}URK7^mOgIM#r~_|NJxaaU
z^t2pmO^0JbT#6-d7i#2RP#r6_#N=y_dex4^VBCjVTK}bHFBC-`?=GlM$u-E{a$FAx
zXbPh&GY?8z`=WZf8iVi->I+HK<z^`|SnFal(ubhl{kKs|6n};91>-7#+O#!MOWYf4
z;#f?l^M8wgX25TydGqB!f8sq*Q`rYK6Dv?teiAiPFHkd)c$Jyrde&jqji^0y57n`R
zt4+KdDjtE^Y2UR_0X$><jv7JsHD=8kSjVHz{ZZ7KUO^qRfVE~Vi=$rIoltAP5Y@p4
zsC*gMnRXhYmU0;S{{GKC0$NMYdegI<ScZ5D>pWCN_fQ>6zrl2%25QY6)cax!>P2%4
z^{y|w(bP8vb=-Dgd3=qPvB)OQzs~K@O=bjhP-}ex)q&TjDJ-zrbg(VzIE_P%@DP^6
zfGws&HBsdUq0$$i_RM3{635tTHeo(g`951Y|C+L`Bvi+@sPFS3+sqm_#^%HaV+*{6
zV=;KUsqhr)-TxnI27`8(fz&`X_zP;cFGjU<!^V^CGy|*Y5b&Kt)T?wQYL^~Cj)&`C
z)TVRqvY!o@oOpRmhOJNy4M25ZA(q0^sM8bgZ}WA%Eb3#uA?gh|6SYLn3j*5Rg?F2g
zG(mj`4MlCrrKnSI0X3yD_n0ZHg=%OLssrayOZFXuvCLjGgF{dwUxwNv_fT)Z*!z6-
zI<CqD;*sE>7ssQfbRB9&uA*k>BdVhr_nUWpB~%APQRx#fK5j$};E?qhYEQ&JU@VBL
zw=tI2`R_v@EeX3&=kgZn1rhI{$M?Sp+Zy!(*@aq~yQuU36?F{L|6|hYqL!>HDt#2H
zW7|=i@CGKpuc&t79il_D?<zwe5ZhrA?1M3IENbefqCSjHpw>S6VY8`%P^Y0WY6&Kw
z2X~-4_%}wy`xt=FP#yb-jWP2P&c70d5D3Bb)(_}Myx38*#-*?!aR+tYFJT>wcg$?E
zP}F;2igh3A!|XY#W5te}hC@;LCZRU#?&F;Q+61232c=GUe1B!K6E-D%FY3jU=A@a4
z=9q|hBx)v>qE5kn)C}Fg8kqEydEs=h&OojCDb(J0hGj7RX~%pytasYu`zuwmQERpk
zwPuGf7$2afF!LERqI_7Kcr(-tPP6GpP$PSbS_<!3^E?Qn5U+z(un}sB7CHnprN>Y&
ziYVvI$7XTV)b+5=K%M7<SP4I&PD#jl^Yyw5RwmvL)uH{U<N6l$1}%EQ45%Y&ssBK2
zLgyHPo&>(4rn>t@GXrZ-FNm|KhErZL=eGtnBHjlz<)=|I7W1-M+nlHwXoMQTFx0?S
zqfXg<)KWyh;>+i_G7!)%uVo!>-HzHDFHv74Lav&%?T4!HFshvEnmKj_P;a(6m<AW3
z*7^WysUBkm%yivs>TvY^{J+{JoJD<1Cb(gyxE$)dk3~({64aVLMNQoc)F$-aH1CIE
zs6EmO^{uxH#>EJXz@exa{e)V&GPl@UI{%#sB*qn}soaN}y8Eap3%qSQk{30iDySDt
zH`FHj6ZMANi27Xr7qygW@0fa8T1R3T(l=mP{D8in|BL@?)+_=wrE^eId>%DrvF@79
zQx~<iJuwJpV`<!ndbdZpXZAo2)ShXGMR64BE8aoWE8BD5)R*f%=U-n8s*|88`3?0(
zTaKE_e^CuRN4+8AKQIM@P$MmanxR3cdgh^)<N|7@UZLI>i60uXqmFeMRC}!+I%eud
zlAssK7W?1~sw1CKOOx-BIaZZXGteJZ!6F+!iF$Q^Mjht_k4?F%sNLQM^+jh8md6>W
zeE&K&kn)My<@HdTaFlf?YD6zkJr8(lrZx-e_%%f@{)MV|Giu4cp&Bm#%zOs4L9Kl!
z)Mj3ZS~BMq0re!=b5mh$)S8V(9ix9x1s_<mzA*W_qB^h$^+LLZdI4p9X*$pg)uElJ
z&jSBf=0#KswZ{fw0@`<NB%sZ47`2(Ayf(kjuYmeWHVNb4U8I2P4eD4$dt+uMi8U|k
zeNhc{Jm;Wh;xy__nCz`t>K3T?!5H-Y?|&V!4_=`*O`3P+c$GzUs5QpI1*qe>7Ii$&
zS-+u1nEAcg{k>3|b`F-p{ix&V|H15?yr`LLj)isprw~vNPot(X$w$+XR;b-Q9Q96L
zf?Bgns1dk6nePcDP%~8lbqfAM?Uf^_WBdp;!`}bQQZ_|(Xf`@JX2%I=O)jB!eeBPs
zKsnTlVlXQGAkN2csE*D1V)E@rO}*=@iPu5Bvd5xk>Hs#t7g!T3d^2y%Dc?B%8A#Yg
zf-1a=n)0aM&3UbeN^g!zAB3u4FKTlo;A@KZLSxkPPN<L973llUh&rwr-G06S)<$*g
zcU1aLx8vvgiu8yCy_sI3mLiqMWNd?)!l~F5PhlS{>F4L`z$Q#W{3~iE6Z!l3UN~Ni
zM!X>ERbA5B6!mf3A2oob4gp`osHsX7#n1PmsDO&M!K^q2wW+qC_P{mNNd2Rl=QYtw
zd;lun3~YwGu_vaE=I8sCJpuJzSb#d-&K?5#u(*w0^hP(9MxE!@sE(|}5WI-Nm?DOs
zZ&Nl!eM*i-b!;K3!^crG_Yt+*a|QVM_EJaG46H(4&5r9j0cCuHI(}JWng(m2*0vu;
z#Sz#B$D#7QMNNIOSbo0Uod<PFx}rKX6V=crn|==q5l<A`)L#vY`o8}YsKA4DsPp|F
zYV)Lu<L5g@RZtamLapUgR0Eq)`A?w--=H79$GZ3*>b+1Su9@K(sJ(R+HA86w*@Qa(
zRS9TU_C>A9D)izB8-IZriN}p+Mo<uS3c{>^qoz18zS-54QSsiW5wAhb@IzDw(j+kX
zLecl<f8z<LM+Z<Hd5N0hj0w$@RzZCz4M6Rcm8d=O6up=@k)Q9=un=l9w?vg6gF4>p
z(D!~p&1~$%W)Brh?C1C@8c2e^Ff78sco~~ulO%q=^S>FBDIL4u8`SY>nbf2&MtvOb
zL49~Vwq{6XM%ofp|7cVP|3;mXr^z_~Iwpb1{d}K-VW^QU#)^0v%V6>pX7@Kk&BR>m
zS=1hglG4xjKdGJ>^(LH)8u?q)Oe9a`=X*7mLM?GmRC=UCKx?!G)zC}SJ3L=%(~<V5
zr5TT^a0lvLe#e?RjhTVQs7)Dx94prt)ClLJHtj#C2JfNodxY1|_r1c&LO@en7F9uW
zOpASNd@AZ=cOACIgQ$wLq%~_;4cid^6HDN0)Q3~<bbh`Mv##hSo;?bmklcR}S?AB`
z;Y?TL@1OJce3?EHj;Rt7r{X}=Rf=?7zj*i^kPZ8h{}SOTe&(6}JKYAal3vM{-GY2h
z`Tn1f6d`Xx;?L<oFn4qAF66Dv=a0*=6|KelWV&f9+m5|#Wo{acXVZ^S>1}SlF8t3`
z`lrr#dGY^CxqIB(eoEg=qvJ@MMO}Aoy~P|Gh@>}jRUy`at%TnbPJ)ZLQ&ULSXe!)C
zoNraWt2>oWB0Pndc6KAm{J7?kcM<W4wi9`%qn-_?CDUozc0#CNhOIo5%oT_y!-ZrB
zu$6_;Kzv5ki30s?!`TSytysvG%}Tr$&#DsF%O)jd`77S8t<<M$KJmdkFG&aZ>~i%b
z%twRcx@;>@rWIs9#DkUGp@jKJaDAX+UHkC>cYK?_EzkVPca5}#R6c_|bxDiM^Txz;
z)8RwJE0AY4b$uYbm$0r&gyZnMApicrm5t2RN%-A7a~&tlzdi9?!PZ*j`D{nhizgeX
zXcy1MVms20@;njYK7@~ue!w>L4|z}0!FpJndSekj!E;Wb>lgAy)#m$^%%M2VHZYk?
zx*ihG&a-eTkB&`<pQi8v@{S<wqs>>H^ya3B%R~A}p6e~C&;6gT=tRm>URPA?Mm}dE
zfn8LPmFbvA;f}<s@SqzmCgXG(&Q1C`;ssIH37+5M{&7ts&wlP#wnMuKdw3pBnPSvE
zlsh^1QqpzRvGR4(ah<o3PGtCT&9~u1bm|j{SEy(a_f*?~W>l`X;$Jq-C$=j;WtI~!
zO}-eInX-p}REPt3-imxnY<sEc>_C0~pCR#Y3hBy+W5~G4j$|ll|JcsFv}wwxSL|ZS
z)lh>}xSg;r{!NjKf2-meY2!-U$i0;NHfh<Yt0-lDTyY%|l2Ji??muj50BPCD+}u|3
z!FFIBp0Rmq@$6SR6oiqa^UDoaRpM=FJPh~R&PHHnp81o9@2I}NjH)W`+d7@t1Xhz!
z1ee;LCBZ@z+HE^ffM<Ql(}%kq4b-F32izI#bCO+$Y=u2Zze@Ub`)nuA_;*IGT`Ei3
z7wR5u^M3GW{^!t8JPH+7E%r)Ad={B=Qt&)!$0(3l6?6Z%_;%&`Y9srp)XTF5<lks3
z&&%_zJpY$xhe)qQdU@LFN%*NPcTVe{la2C%Onb->hYb3r5`#Md=|3*MZ@B8xKy?cL
zL*5gFI}k2NdLi2>ek$`_f0CxF1?lz4qpKU?Oq7dZ>ugKjZKRcT2+SwY*7jPN$B}l^
z#`$5_6_e*TsPr6Z&!}XyGI2fRnXY|2??(8WiMkpPzfZoIlzBl~FT(M7{wtlCZacJs
zJguqE>BIwm_V8V9!l7iSYa1UzYGvZJxU<@VnJAc?TbG-1jVLqN#!V_en$zHSo=vy)
zDt#t(mM32=!cT1e_q6XSNu-d?*q=s<kfDUlaE{9R5l&^NEuHPe5gLf#89#Tritzjf
z@j2Y9hz}wDmO3K1w~~K1>FH_wBH=QanYQ9mUlj7z^wVc8S1uwq@L%pxWZ;(_F8<*Y
z|4)WEuN3-?N*hv962kjQ??j#wgqIOMjAc}bz1~NTADe)E#cv9DatptquFl*UZ1^lS
z>gqteH?8Pj8tLjmEBs4l-_?fnUy1vvWjh7waTw{kws7a5o<8(u0C{v3;7$;gd2K+#
zHy)1kCG(pi!Uw51rLBA+KIhpT+o8VXzfPVC++BH=kxKb~@4J%O#^dwsD0c>1M>tP+
z5pRn1DL>WLbu<d&KhJ}=+!t+cgKcGZ$ymTvXsTzslkdkB!E;?7ZGQdRtJQ=vQu#N+
z{ASB{)g~T5xDjdJDL>WLF^#+v^tn2eJBIC%DZ-v7?H&cTk$wyt6Xzch@~_GGFsI=|
zWUS1yFk2uh>3hl3p8FRXsKK+(n3%gc`ODhQcEzYXTTT9`Jad*&U?~;r>O-QgJ$MmY
zk>MGce_VBKC5pG8Tvp<-?86GyfuvQVd=y)!lFO6!JNbWH19&!oI6uKSuDwL&Q{W8u
zTr!@e!Rz=Zxs&mXWY<j0!maC93N9zlH%x6SjmNWCEL9IWtg9*MgRnJsS5?5ZggTe=
zd^`6m%D1LWKD}2{^Pn&ZJ#1xvV=m%Zl!<36$oQB-1&OcX?n#9!$n%!;dp!Sfsdx<X
zedX5Go4Xi!bWNm80O|bN)m4>y<BxJWe^V)09Vh=tR0(@sq(NQv$@7xu;l!^~!FTLS
z8o$$X)uxe*_~QyBUw<N%xmVlHTqJEg_iXYGp{(|GRjl@-&_e=`x!rche<Jf*GAE*f
zH>C69l<z7>q3)#pLwr4rZm}cGM!Dg>H_Bn#<UDIJYRXF~U6(0!&DJ!=B>m5S``J9x
z@dah$Q1cg?_cpl}6HoF#xp_;GFNbY?G5I@ir_(oeUA=6<17xaCd?XL~^@OV$@wxbl
zPUR<!-yrz@g-%n_U;9dOW*Evc!dn>LO!ADib!D|~v8EwkOzOErSzQOQNmSbJOroyY
zHscfAOImJBL#E%jClVh<yrM0<p71+U%vF|fUq-eZ7vKasQ4$Z~HJiU3<;xJ)wS#91
z=xiIctMP{@z_kTS;yi9I8R~KCy2G7=${%nqrIHrDR1PYYCnR2mbbl(<uL#m{54Gj?
z5#D3-ULlXJ!nQ4iQ*b+(D0rN^yHdDvQ=xve*Yz(IU8BG$3a7wH+=B_%#2w_z!maD6
zo)L~qIHNCxUxHHhZ_=mY3_2Ryb}BDvlgYE0c-JU){g;ub>jd|0GH;?o`i;wvs|oR^
zG~AYazjLo7o|p=rV=wLlJnPI|mQJLzbp=v5D&gkjdqSOSxK9w@K)&SMy3YCKGl2v=
z)K!Pde!k8U|HqDUge^2Ta_-Os&X1#5ho=e1m4;$Zxc?&8Now0kT56i+pL+jqueqcq
zpgUE$_mO8icP`T2+1C16Rrmw->>=NO-0g_}s(mxnR$P?^-8{HTqm#)PoA6S?MG42^
zPQd-+I%0>Zct*~{6&z;k`9wX9$s2+PNniI<2b8}u_4+Q#mGfuc<|T76GXJ=S{{IT(
zqQG0*U>)oBpE{#*y-A<KJ)C;lQ~nKQ&XVVgt?QKa0?r~mE_X9JtpA05*FXxz=0QRV
z#pFRJd_<)+N%L^e;m%9^t{ve4!U?%^lh==DWyn9-4qzO4YLLE`=d)~Qmyk!-TwA`E
zO@B?gGoJtaYYYF&g9<iNd<uN#ZqD-;R5+1v6PxcjX-f#FCrwu)Tj2~kqU*J_gsp2W
z<#lyY=O{bU#?$CGT*+)<W!OSEH<`9l!6Ta<lZO8MDUb54C*GKfl2cJpo);o*kgZhD
zb#<VQ3bw<k$UlVeU$&mDl$}EU%R0Abi0JA^!|%uxg^khFj-V20pGmuI<B5Li$Wbb|
z$g@1S$vzJ!9E~zD$(NNoA@OCl{zl~8O*{3-dxi8<+`jk5V+u?saT=DhnR&#YQt&mA
zv<0@&h4xt?@@BW;N#q+$e1;k#-y8Bz#&M)Qq``57H;{IKyO|o~+D+L{w!CBOc8%ge
zX5VA;pUz}R$4vaV8c_JMEp(T}<22CTKAcW^Y#Pw@iG0y%SXUR)`R%)_2hTRq(09rt
zC7ywF{T4Ki#vhkRAs!a9y;H#*-2ah&RcRFFe@(&Fjl%o5+mO@*b(JIiGT{l7U&uX?
zGCyBgej30i>iUJoM^Z+ko<O;3`rPb7;tn2O;6W{00slJ^u6ShN&jehLxd%|I{y=G^
zt-ZSKEPvAGyEalT1!WG}j@fLk;>2H){u|cBI`|t8+uL&2bp9XFKy7Ya_jxc<nTVGn
z9!8iy1b3AnK90K)4Hcz~uGrlB7|9Uw=-Pp0c($2)Ht|e6b4VMGx}q{0qp52?^-Lo^
zhkVXq68_-MLdNnuh#+wv2HKfeMS6Y;9ztD{Y-R7PEy%Acv3;JOy4KsWN)IO7lDs!b
z|8d2mzGEg2^G{$94YnY|W-7TyuH<BRhJ$S*!+G{Q;fCakWgAjujkp8pKw33Io;;N6
zPrfXK2V#1jl~+c4J)vw_TW3Ye%+&keO&~25|F~9Ds5%*Ukd~8Yy7JrS?Wnkl9dRbo
z58L!h<h#Q&UFC2-d77B0s~j$|Wt7y*=2Q5E@BC3o94e?p&pzAHoyR*A8pwT$^r~b|
zX?w1Mx`GV<+y5@3kyX^06<1T&Ia_ZK_4Ootno=owR;we853-}wuiH2CptOzWrojR~
z_0~(_G`6Bqguim{v@_7qb|YV8yn*KDdnHu1H7Pvcr?BD=sp%l4$J5FNC2*~vwfc6L
zJ$bg8@Ce(3_q4Xsww{{wDK>nTav50oe8fBXYT>PtmW1<U>OtX6CehWF4wSN;C`o#B
z^1PtZQshfbo*S44JM-)}?mWax;E$^>aa|KJ5smGqg9~|nlkjrVvvL1PI17Jn=ej_q
zFe=wo7q^+9>o}I?K0@I*wn8uQ3>0ibz8$0$x1HQix~^u#`}6!BjisQ|H*hrZAns8%
zukxKH{VC<Q>gW4RWPHfO;v`Jqp@)apaWrYGXs8w8nWUA#A6G*1Cgu4lD*j3xPs#TN
z`=GA>2>)$@t}l3%y8&f%c`1{WyE}QD&HU#958{%b>j?K1!j(yXhZ%@hqf$RQperSv
z-D@ifApRfW9Nbm7`3oYhR^)v~*>OBuLRxODL_H}<3$-(Fob)&3y`$gn=-Oo~SNLBl
z=wwH6{HJt18_Yd~v~N`S2bJiGLHsxsk0m^Y^!VJ5xqn;@2u!y1ZKM<J3Fjb9eaWLw
z6<vjS;FHRV^5jo4m8OAc#Me?;PFrD>pDNx)_!fD3+fi*K?~f}cvviHf-#m|rK{ihs
z@&t0{qW*HUxlW%dYiy|-gqIMW#DhtMb*;3cG%<dFA&`Q~a?wCXtj!&6J3p3i4$@O$
zL&|TWp@G~TC=<)pvw}_+v2~xPoE<-ZEJ2~hWXw;74TQT<U@#f|sjvcRC%GLeOHEwY
zFrNQOyaz^7(Is1{o&}Rv*Abp);C{tD{-@`6$zPE?>GbC&)rfTG;ZW{Mgmta7-m-;W
z+TORo52WScc^^8ds|%GMqp~@qrR7;9@hNx`2XGJKSyDQ^9Y;{+Z|+aFzN7kcv+-1t
zkHq0*h)%(e#7~nU7Zo1kuEMjuq@|}aUH!;cg!>iYNb;8={V4f#C8gXixJ!-UY@S88
zjb$e7Aa#Y1wu}7Li0{{@$|DkWtupxj`;1HvsQky3mpm11BXRL}p6mLLJUOW&GtR*a
zHqRi!Uhd(xj;^GyBmW}Oeq7xM_||_IJ$Y{*+{G{4k0?0P<_u)|($j(8xw~@D<}Pb1
zj!xOv<nM^vNIQeNR+1-~3Htv0JR#3A+A^bY7SI3CZ(}A9DZ*&h*q*PT&|DrKrlNkN
zJ>l7U(#mrGL*7iJ<>1+GgkRe-$!$ZYNl!!BK|Is78$(Rc_us{IGzDc!lg~xCnZ8x@
zAY6lt=_sgclpfma25D=!{kb2Iww!!{6x_+(n|#^mTyH8YPI^buE)Wmp*431>zbLnq
z=MzXvhPpzzuakEO&lknAiC4(@%=hcDiaegfeUiHvx2`c{{SVvI<TTs8R#c&@Iwkkm
zT2j%>8{%#3vy+r7Lt1yr3?scY_d4P?$-f*gP`)sE+7Q3Zv++8Ry4n!=ah;*E4cv*z
z6x*Ku1U$U;Q=WoU_LciRd4lm3{<!WFj-Y&F8cIb+^4dCnJeRlrCx2w}fdS4DTlGeY
z=nA6v9kN6r-45TiowQFp??XZa&sx*$P2&E<ukdW=Pu(j;dP?f)N1jO13)tr7kxy3%
z$~5HJZsKqBE23E>rXo{|AFUC;KzKbBMYDxk65jdK^GNcvvyGOtdGcXhD%LfEa7LT|
zzDe@^H!bN4Y`H4FysW`5WX#T8oP^{w^qkJ@AyZ>ACn8*v^u)H3`lNp(?@{7@JkL&k
zU0+E%LB4`a_)Fpoh!5q~6`y?3Dfb6?bCTzhNp`KH?gRQ!WDgHMkT{l%r%7ByI2Q%_
z6V_FkLaoTRm^&%)dE`$=-ap8*hVWbR{Y9Rp+`1Bxc8jn!d^9>V9v@IPFX=yDNr*cE
zWN1ib;Z){EUBTSL6|h%;Ex4Xa3J^|7UR@&yr=_7*++#>P$Nii<Ylz3Au8cO{TC7Cc
zL2g}5tOWVTTx48q6B5#y*;G)QyRI)Q?+ZH%zml&dX@8S98x8m7Ud6LD<o(LCZKT)4
zG1!rONqO#}z8_aTo|PnT5;{|dav?l#s4pdL$)WECFKt7k$mp^i%4F?AS`AxMHu5dx
z&cU+=woFBvPgx4nKq~4x!@Yq9A8}tKZ47zSb2lSTG(1cCQ-=pXt}qf$5%Htf*}3nK
z;ScT~S1F!fr_!EuCZBDvJ>e;~j!UFHCjJ)%ZrO5oNxQ6@bPsoO(&KO!piDF3zITv^
zN|TbQ<xic_gWII*3bNC9f&$UVlar3*p^}iF@?Rxy6rSfJZ%dvvw`Hf1XC&z@DWhvX
zcY2<0B0l5C9}(0f@c|u3%L85Y3CFM%e5CL_?hd4NChY|U&)UkAw*%p^Hg96`{kXmp
zcuRf%P%e!0!{kXpI3|9>S-!Tsysd4C{`B;Tt*AR0eka_~v%cN*N1o{3vemtrGW5(8
zS!Pz2GOZ#adiY`iF7N+bt$MfW*riqLE}>pM?%29lMCkvLr$czp2vbdqS>^L|Yt^&o
z|B|I!c#jBghPFS~+^c7(X>R@0S=-$)+jZ;`@gt$~oGos@av>p+ljc=h-(vn3cjT;v
zao6u%n8|;A-ery5>vt~S<sUCB+^dGeT6GQew(r<GG;Dp3HS1EPDO<Xxw_{kx2yaBV
zdQmh(+f3eej3KmbQE!Hx0qfJ9Na7#a=q&%AW}-w^Ji9J3=-j*Y#m*mzwZ8J5U;NfT
zxEB(;Yuk=Jx`wsy(V|P+R^7Z!!n;Lu3=iws%-f`1?W)ZJDuvO_uvT5XRn=05&@SER
zb-VB$-m<2Y$<VG<8)hu5t=E?Jc5T(q+onUSu=b(eJ{==Eg!hW@hJ{CTY!kZP`({-1
z6#thdBZI%BSikD?p7@iC#&O3<*sfy_X8ZqLjPS57{Wf=r<4zlU^ZXR<-`q+6Kg*;>
z=v}X{wgH=iQn@R-Q*{h$+cB*D|6z7EcTDXLjx*UmhdbTmN7>!$(}jh$(dd;uqC=?H
zcGDZ$GlD(Qv1f<Swv%_~aHpBPDTlk)=D?ipTYj5k<#mtun|!)}yZ7W41>GT=&lYsQ
zjx~8%h&wQ9&xp1Rd~%);cS27@_~bN2-HA6J2yxGiHhGGlyVT^iRotZ#s;@r{PrEZ<
z^V}-#?Vin%)!oJYCx5E#{<1ms|I^mB#zs*^;hr<Cg)OwS<rx<`l$JtT`TzvdL=pr7
zB(#*401<67>`v**?rfRafg+2vLDXnO2#*^i$_5ZzAch9vh$IGg^#>sVA81S<n4pP?
ziXbro2??G%v)$baf1385yZ4^+o$q|#{nP9UIE&)pN_e->p_XBX)^Z;z{j_xzv<#=4
zeyD?D?jMtEBL_kO%i^-BpcBgT$rpliFg^{G!yc!H8*JU&?2uQ?4TDkaFxz2Rz;Kp{
zzv{3ZXxRpMQxRo0w1^!xRMI&cF6WN$>CPppZ3f-V(O2Ouq@t}*s1#RPYNr_vF$YyQ
zCmPxd^-vwLO+(d!L3N`Rv~`QQt7@vL`@$xZ#|-F9H^0m+q(x{}AFRi6pJo`cg{E%V
zLD^mN|9FW*+o61{X8OA1J_%v=2ps=nI}}VZBON}Se{|{*Usoev%l8NTYBw{B`R(R^
zekZJi3T?g4%a*lCrsUL6v0zDSQ}d$M4mkrIE%VyiX!tIu%@eVGFh{8S;dy#zKg4oH
z$3Yk(794~<^zT84L$wx&$c$vl*>qxd`NBNLcDGtvTdPi~^jlMjzqjW=UZF2+NDfK@
zax+Br5tuPGu+9jZx-<Qp7z>LWwDiU<Gi<NxQk&;BEflMcz|Z355g6ii)JCqkc-eft
z!Q-b%c8gs{p^-vIp$MLF*wjp+k6;c?;liT)!A$kC)TbOkhmXSxu&r%H>yqY0QI|xl
ztnS}A(bT%BJH3{LXU6w`d*p5IlBzLbTusz_y1CaDXPOgb4T?G~W0uTsUF!CO7db+Y
zKZdwc+%S7uL&LQC>1xC5#+mii^$m3X6wghOD#bo=G7+n^60yVu(RT($@9&2(s|S+F
z3TEr{Q^KqRR(IG4uq|Zm>`H#h=8$#6h<;eUAjAUXcOlFUW_?aV&RIF;U`GNhD_TUi
z&8(BCy&r0@Si-@5&)h&<!#I>qA?BWg6;w$OKymXtj3UqH@OvJ$T!iaDMgsEk$7;6E
zHdqfss=vxj)z92Y#!0^fw<k9y<GwE4$1!Oh0iFfULMk8U?kIgSmcE#c#4jOC#2ibZ
z<#%CUo~WFTrQ&oI4ihu(!vlKd0rUWsJ%no`Xl?;+%B34cSXLsgsF=U)>DDrjd(6UW
zMBEz#j?*x7VFqKsU6yiwJfM!h=n*x@iZNg@a-XS5#Yj1gsal$0soiEW&h{8EJvnWg
zjfmEx)BTCK-6QI1Fn`ojQxPB5;ADEO24D7y$BS^B*XC37P=J**O$ST2gL;T>qn{RI
zZ!xWZ5ue3OIMXH8mI%+}M)`{H(2kez9*nltASWup9oQ#96}u1MNZQnnG*Xa-GsW8$
zJ{a#zc8~0ZW~Ut}8Fw5=7heulO2wWCo)kwbloFwK;y9XX<B>cn-GV1_1@>Y>-08*T
zw6hOCC>62SafrCO7YjyP3~NwREv8>US0(U%&Gd`E_n=p-e*?W#y$>&WMA>YtAEx?~
zaZB?_RrZMPSvW=fa|pY<X)p$=NL)~zT9a`Pt%>0^h5C--l|1S@ft!IEPT>!V=st~Q
zV)bb}R?4oGjGJL+K2k$K_fBJf37t#g7AVQ`FU{CsGc%~}Yg9aBUBv=LzO<OH=^R`-
zyL92YOnrl$JTZ78Kl=_(mOnWHs$cRXQv<E}9-l+1{}EZ!&s@i?V#N)dNqcW#ZT^G^
zb1dRCUgjOFV)4oT=*3@fmqKfQLp8U`uZI{^em3wvP4xx!PRITv?hLqeX8yI(qOE^m
z7u1-#u`#@vDHh>J0`ppOn@x%LShDl32dcVZ>g#Ih*FVv#)agC^`g3T+9G7mWMN;)=
zV9Au_5s&ZSG;uG1BhjymhDT5;R^P=!YP^e=3&$}72AQH9Z&t5Br`Y`ojw0nTUV>>n
z28N$Shzl5`Y+T}#u6XvcGCp6}LzJbWVyI%$w?mcoe9>O4{3ZB5kw(*dCCV_I#SN4$
z?<UT#$&k)36ZVJ<*}2K4$xmGKR_`(Cj)@ri<AIUNH~C}OFH+9Oz_CUJU2PK`US&p=
zYm|(3O7K`P2JL6_RGXJIiGHu5ic?<Y(adE{QCEWbG%k^Y%&=@xcEm_a*=J{MPPDm2
z)Rid{#nK7NB)UCbc|Yx;R+(}O>zfv|3_5ZUY8-US&YVbX<;r2$Hh=NF<j&@W(G-Q8
wNlmS>kL5%M;%U+ZGaXOGGMh3bv1z&o%LfO)I5O5MN$MJmG+DYoN%<=GKN3J>UH||9

delta 44295
zcma&v1$0%{!tVW*1cC*3-wE#SmJr<C9fEs;%fgB~6nA$i#ofKQl;SQe#a+Jtv*+X-
z-uHfE+`GnE{Y_ib=h{0d^lUvGu=8Aidoy07UmdQ{D2|f?^A>iTqtP6vQiM_+r|oRV
z$%gH)2u{bSK8|w%6BEBa$8nD18;p;8<~mLiJddgI879XV^Gy92tfh>u)7&Nuw9dxd
zJg^N5r~(^LGv9Ga5wC;UaW<C66R2_t7MKPqVGQE!P#x@H9fwJYFGUS>uUD55*o2R$
zo+n!9IB78ls$eaQi`_5_4#o7i9@F4u%!r>*&!<^rEQ$fdYhwazfvK?<CdBEA)4sEo
zfC`>QP1QA2h3`-mre5qgsjwi%!MYd|+hQW@iR$P$RL57L8aQL~AD}w?1(RW#C61F7
zi=(Tl>Oeph^g>lQ6$5cKs-n}V2k%+GS(7d`>3OYHF$3k=qo#f`YUHbI{$A@f)WF^@
zbzCPNfmqATngyadlFh~|pem?i(>vJok*JxPidvct)&r;+x`^rU0Y=9d%guliVO8P<
zu`G^U&iv;iaFzsZ4*wNqsywKUltqoa6{bbkrZ2(F#P?$m{*8?>_DWN}6Xqm75@X?Z
zOo_)(1Ad5V@1sjVBZ<Gt^e_h&B3>Oc;uuuJzoXXdPt1V+tIc!SQBzp~(_>52l8r`n
zd;zNdomdjDU@=U##_TD#9s!M@7i!98p(@&k+5?YldbG8sTn<b_dJR-ZdZGvCp=N9^
zYRRtK_)8m)wa)B`G^iyif(+1gDiP2Kd!Qbig?f>!M>TX1wfi5T%K5K1@hsK~sE)Qn
zbzqE5UxC5IkD>+?b%S|62kIEs!W^{kL=aFzOHjN27;5Tnp{Di|s^a(?O*|)R#>%5A
z>WG<etj*to+Wlux4L?H7Y^>kRG0%%Jh=*WK+IK1wPy++4voS02ZFmhIU>w}H$xQh<
z%t`zs=EcmvQwKK1a<~=)@SW9fvuQ96Y9>=)Yb=891Okf)Xm{q`VtQH)qY>|k+B}0$
zBb|d<nq3$f&thG?jHNL9R`XdAj_Tk-%#P==Jo;=ir=}uiA>MNv^RG>`hy+df2~<ZO
zphn=g-HbdACMF(;QLqrk!VuI_R71^BI3~qms0QYtI(`DR6i-nz5O;@ZFXs;CKLH69
zN$|&Jm=xP!A{>mGff=X{{Em6>6sjZ6PO}72F&oihm>D~u_S7_ti#t#QJ%yT)Hy9Pu
zxVy}*%!-=w>ZmDhXw$o3OyW~fJzs<=a6hVpH&LhJEougm?KU0Df+dLO!Mqrbg>eNY
z#Cxb2aX%7J#hyK8>Puj9;*C)=(FZj{Q?MYeKu!G}oBzTZeXr?ITGaDJFgn&n%|r`S
zgTqlTwzVeiI+qDVBH=5lA>VywY7(Ow@?ZhXf%&lwYO3d9FrLD)7<0c_n%Y>1_$bsS
zJcvc{4OYTj2Tb{a7_9Sugg|jJq8v1vrVJJ%-W|)}28@mGQEMLMkeRXAsHMq{$}fsR
zSP3=qE~qK*i<<Jy7!OaP26_|I(7yAUfHq0u!=^wcOhvpXdiMhAfi9?#55u(h8)_3>
zL2a(vs3nSe#7uPvYO}RPZOZ8whzC$Jb06LG1QH%KFPx&NHE)Mn!=W~PK59g#P$Rg4
z`S2;GLC-PM(NdU%cs<l+?1uh01T{0Ga0afya#;E}^RJBY$IYhLh#J{7)QG=hX-sf}
zb;AazsT_+baS<lNeW;HAg_^mysF_G`(sZmcs$6qad;L+zdHzY}Ukz;~AvK=D1^73r
zp>e0oOe{u?e6Nk4xAEtwhJ8+(29l#@AU~GGs;GJ<qxQ%O)KYIl9p4i!fpi4!U=)n<
zhv{)_RDm?8r6`Qqu?~9h7tDyuQ2A$U`ZJ79Jm3r`2@|9CP%>0UvSTbPh3be~lYpis
z3{}w})QIMw9@v7a;1sGuw^1W}kE$TfS@S{)LZz2LJzo!1Z+Fa&<52bN!WeiKv(UbC
zoxlhZqMmb{`Zy6i_!Ki>jPqu*<v}*A(+;(UIWL%oYohi@SJbiHf|{8(sOM8&H0QrG
zYKe!SHvJ+@rt^QC06lT;qbiPb$!xYfsCXD=#gR6?8P&j5%!fXg%?~UEP&3#bRo`&b
z4E=^F@Q{t)L7ke{n1S}4#8=EFEP*+Q*FrTs471^Kn|=v16OVk=?Eajn5miC$q0X2I
zr=kb<*z{Ydjzs>`ywDP(@|&QWi-1c&6>P)+yn-?DKKkJ+oBs|I5l?Z=tYse5T9!q1
zq$bY8aMY5-`^#7lyAq#=9*lk63@qn$=6?bSO-N7$&rxd_>xTKlPze>EhQWBz#uMJ8
zG2%6`I4(z(dx(QE?JcwB%TP;n5369(+x$3&ZBa9|=eFy3JMfr<mL&APV>)sjOA-Hq
zff#bvtXWIcl8ivD@n%#-cTk%u#yyjt8%c7Sp}!A5UEk*;op^-@rv7EtBQAl2WIV(q
z_yx6A2_KplMh1*ZyZ|ac*v9K)a^fve9T|w)q^mFwUO~N2VmvZ45FfQv<xxvs8`Z8m
zf`E4OTug&UP!&GKAWZbw#0#O~Vd%k;7#~++3EYk8@GB<6G*8T4Dvq&<SF|=n?V%1B
zMdyDA0UeLgm=c#;52M~>_fRj8=co~;d}=ye0X@XSaR5_16;)5Xzs(Zlur@|@Xbh^O
z%TOJC=#}*k_{SW(+^CEem;gs&Qk-k^w_;A>k1!P`d2VK)0BUI}VkB&Z8gV-ez&@y%
z8jgWD3pMq-B<(xr38;d{s2TA2*Hn-i^`Vmk)v=POj<vPv127u#i5L}Up*pr0wS)(-
zK0e2eSnh>6HJefC(OxqDBMG!5P#yn9Hmp<p6>l*Ndd;YC9G1a9ZQS#Q9ZkF=md6dK
zj(x&ljQ!SZvTB%(_z*0F8&EU&6mwwmcdUOt0u|qx-8>jG5TA?L@i6AWH>i<id~bGh
zSyaUXFfp!1t?@xjh&NGF{RZ`YBGCu4cZ#6OwZ&RE^aJy+im#H88sDR)Jn=`?4>O}S
z)l^i48*TgoYHeR&T>NU&V}CN6Gb?5#y*B2?AvS$8YG5}pGsbj3n-@qy3?ZQf>P@!9
zdKWcio-bxitD`CyfXQ)<^%y20ejh#f)y7kOHRTFm3esz$^1EU(bSDwWPhbsdlikBY
z810)`^H5Amd^Bo?mY_y-2(@|NV|VQJ-MosQVlLvD93SsM8lv{dOw5b-Fcl{8@zMLn
zbqWyBh#F!E9F2PQp1@#??d#+HFsX*x)zeT79Kb602Gu~QpK%;2{|ai4M2qC(9asUZ
zNxU%@!Hrl#L->b4ITEr(HV^bfz3G;q(vM<EjKhn36xKvd-3?Uw2h4;;qWE}EMHni+
z5;d?3SR8%%wW($<1S??#7NdP<KY^n79fPrGG#~GA8-VJ-A*_utqx*Pwb4%37MxrX*
zf*SD?)J!CgVd@D(HM|UUj31ynoGZZON1&_Yx0!%;>oe4@OcK+_`y*E<Y6SgI`KwTy
z@rpHSEVHJCus7+QQ5|`N+Dl1e`*@FY31r!wHmLgA#_{p)rRi~eT<<RuwvymS#%@fB
z`*A4V!o%1yuIX5&cs|~b*;=TE`XQUhS&N#9b2t_w#WyoI2{oW=SPUa4FarohZSsf&
zu1Q!&LJ$eJFg^Mv^l<_)6KW(CQ8UmDHDmKIHeSRycpue)x7ZXjCi3xqc#X79vCgxu
zwEpfAh|2?eQLoT*sLk~d^(OO4?Bo6LNQ`PI3r5GH=#OPF8dkvotcNNWhAP(+W8h%a
zD|Z}f33sDr&V5dxAc1&E%<-s*nyUGzk={U^+xSU+yf2V)s8?zj>Nt+ZjJO4Lu5Y1U
zMBgwLCQfDsmLAo?A{Z0PVW`f39Rhmi&$1Z@&_nzz>J9hO8Z)_%_lrX&)Fui><#$2N
z)EHEQ3sEEAfSSpjsE%Dm?X9<{rH!9L?Qs6`5l}^SP_M}DHa-D$TvnqVe2$4RAf=g^
zw5XYAfI5yYs=>9W`i`L*x{sQA|5T=<`7sgkO6afi-;#i)tUdbTP}GtPM=il#)Ck|A
zMjj)zX|OPA>f550Vv>#TMm6vd_54@VD?X3MZ07c;j!r~ZJzPyd51dAwg8S&fD1l}q
z8BrZ9g_?=RsF~`AIu$ce&mBgcmdB{m5G%-ZECjW=JE6)CL2c6YL7aaD_SpjGP$PYa
zYTyg1gGtjEi=cLIW7G)7+w_&Fk)A}Yy-!*n@5gumYO|%rBA5;Jrfr9raamf|G<1#x
z9i!*y!4IfUy`<^P$n#)o;+0Tq+Y#gANK{AWpgOkI=08TwRHXFgxggYlN}|%6qV~i9
zmw-0aTGSLBMtyi(L%oP1WiT_61@*=YL3Jz~wX4UWz9Fqat?_LP#>5%T9;%0$nMtT6
zIf~jtpHO?p&6LSZZ4K1gMPOu{g&NrcR0nsWMts5g2-T6#s3l97*~k0at}LjTYK=-C
zZk=QO4dao13@PV2e-Y3g_>8JBAdA^d=~3zBQ8Up1)$_rqCD?#^gPlS(^a6Ei{Ii<V
zQ3AF0oltAt4>k46P<!AIhUonJWHVC{imIq1>NE_o=`&Hs>j0|3=cuWVm)&$E7pmgQ
zs8?+V)TZr)8o*4{z*eD7(IM0TZeVWOcRnhBS#y{Mnxfu_Ls6S%we=XPf(NK2`G(pP
ziE^3_mqRUCQycGVorLPh3e<DkQT3cdSLg950j+)FTxKN2P$O)J8gXCL7m<0Wo<BmJ
zcfZ`G!t|(3TO2j=wy2pHjZtwLY6<3}+Bt#R{V#HJ{?!3b9#cVO)X00GDw>b#$bMAM
zZ=?3Y2h_}@&TEcqQPdJOMl~=BRen8c07p?X^9;3A{`t(3r_IOtSI;Yxpm%vM)Nz`F
z+6!k<FO-L<<M|S`d;Rm9DNl+4#B-t=EQZ?swNVZAz??V*)!{>^cJ81$>hBgXfvl*W
z)<6~PiJE~a=)ujXnYfHP=WkIBW-VwMDutTj7N{8=XVZ6}*7_=H2413OIG~VOLN_k~
z^|&s2uor47XP_E9g!**5hg$Qvh0PM=MK#zERpD?{hu5Kw=~+~R-%)!eSrPLh%8#1y
zj>v#rXBq)jume@$UDTT?W>Hf?e$>oVM|HFZD*sm---Fr{H&HVZxtJM9O4L#nM;+(t
zsHJU-n)*53IOp#G0X6UrbxxBNHx=bYjkpr3$6ZiMGZQ_y1=Zjc)X4uum5W=#bhHSn
zV+~Oq9)ikWjVgZ$Q_{Zk-X<grHfvP?HD%RMo2MgcN#>#+JZ|%!p@(>s5R;w}HRTmh
z4TqryHWu~#2Gk5*M|J!Qx+;*Mq*?2Ns0Zt!DjI0hXQDRIHq;WGLvIDB8A=dpDlUM^
zuZyZ@2&$fy=-o>;eh)Q}Z=sz3C<HvE%nKu<H81J~5sdoK>1xx5p(>n++U2WJ<*uSS
z61BAXNhb?xt$U%Sel_aYT|{;4BYMzN#x(^(${5?D9-M+&tD`pl5;cN!WzFU(g{rVU
zYGx*&Ht`CZe-<?p?@;9e%bAADpyHiSdug&uKx@1nOW|$Q)TAqKDlCh7k#s@riE*fr
zu0$=tDb#1ceT<EXDwu(!M>SLxl^%f_z%bNaSd7)tJwu=ffxwF92a3j6jCd>5W?6)4
z_y9)2o2U-nLybIgB{Ng0P#r3V%5R2oaR}=8O+_u`YSfbLMe1{%e+g)+-=H2yRoT39
zbE1cM5!5Dagj)MSs2Q1!>gaaVh~A@KJZY+!H)IXe%#OmSxC7OZgQ)thdFA|lBcKO^
zs+yixN3CTzYUHy~p9Nb{BRGv(yE~|nd_#3Sdo@#WFlvcfp*GtH)FxbqnxQM!e=(iT
zf0XKGQ)R<K#A{+f9EV!NBd95ThQ%>v4O4L?)aeOFmFtIkvn@a^%@K@)w`~3k)C?r7
zX$G7XT}@>}0(!6y>Rmq{Rl#Z0=6Pu2?@%L-UCVT!1Zsv_qxQ-W)XXeGeWBTl8u2UC
z%tfzlI+_YqPiSq<za9uDK?Nt;0xM8Ua2hr8x2UyGT*o|^8#T2pP)jokwFl;7EIf&-
z?;2`mUZKh-u504OQ5|ntm-DZNToUAREQe=MFPJ3t%vzR4RooU;aWCrx)Y>jb4dg7U
z!~dX`Dt3MIi;XJiAzlOZe7JRtOF%tbjB4;0YAWBNDoohG?DpKKO;ruGd&AL#(@_m>
zLoMYs)J%OqjWB*g^P!dl^+GC-TH*+df$ky#>cBeG3|v4Deny>&6phT(Rzw}sUZ@T%
zM0NBqs=^1TDURRR<QGQmsV0~ohhaY4iCX)Y$n&lf*u;!11l567s1c0CBDfrNj_;vn
zAVE`8aRF3CjZvFz9BPy8L(RxVR6XyoFve|W(kodzV@7@dpGZKPXFKZHJwP>-s<~N$
z5Y%r#nxNKh3TmoXqZ&Sr8sQhz4CQHIj&WmDho+;B-D)h02T*$~dP{!4K>JQj0$QtS
zs44x;#?Pa^bUsJza=%ul;iT3As6A2}HPY^==f|Pm^=nb*{}ieNH&Dm=4XS+1FwVao
z$VfmL<xmYZN3C%$RQ_z#jO;|M^-a{&2edZ7CoGEED-o!HEJl^zi|XKA8~={lBSCG<
zW-s4{^RHdmlLSriLR5p7Q4PIAElt|CKHg1P4RzeQp~}rdb#w=MJBBfd2edN-N`_jp
zJgB9ph+4X)s2Lg1&NW{Wr;?y4TaKE6BNz>@qo(R1YKDB;+wX{|^t`Aku8JCQGn+pY
zH4}4DGq4>C<7HHb;&w34WpW8<*B3@@o))MzAB+0-y3pqTj;ioF>PzYeRKxK)n&;D?
z22c_8qH2$Nz7Iylv8b8*6}4&ipa$f=B%tFGy_2ahE9!kv3_aKa)!<O{#kr^{T!4{r
z4@SpBs3|^!YUmz%Frc$3pACx=uZXH=Br;&v8ACu*w;456S5a&G7PU7Lb}{+EsPvYo
z7t2soM^>Une$?haMC}FtuBN`cs1aAkJU9%s3AbU8&i^d}+C;wHOvUL@Q&<T#qJ|h7
zyP!JYqSkUgYUZw?I`RdzbjiA#y^#aeu?naTx5G#{0X3sjF+S}(>j>z<1E{IIg4!f^
zF&BP9Rgg8@bf5-miMpevayn{6vrwCMKWZ<XM0MaTYDN-7nA21e^?YY^Jp`r@&}R7E
z7C4PsijS!LL_N$Kt^n$EbVlv|VW<z0`51t!u>fvEb?60Z#uE25^%p?RR5jEavvW_*
zzk0Hi1nuq<Hsc|x11Wo%sV<CKq8_M*XJQ%r9W}DgsOK~FHZxZm6>n_geNfL$LJeSz
z^+0dVzc$}h61)|mraDs}Gj&x_AIqIlYdstD;cnD(uTdjS)Ymjv3^kzos5KsldNa;I
zZN8(ZP5l`)!1QiEQy>)8KzCFHQ&C?kx1)CNNz__@Lrtkqe{;SAQ6tNXk+CX9!rG`!
z+yKjCJJgJALhZ3ns6FOJ9$-e867|BUfU2-DYV-8A>C;gUtg`tBP@DD!YN}tMIu>i7
z`MA!G+PqCsOE<~78TCs46Pa25{SQl^7e;Q>lr^;R9;g|ahnj(XsE)lxm5VjVd<bPk
zb+jI8YI~u|FG5ZIB^!@4*mSr6s(d9(qVwN@fF2x%QE)wKmu^Mv?n|h(x`X;6@(tC2
z97D|7mq(qRuBeJfq23!SP#-e8P@C=oYKESm_E@x`%sA~kIS44DB<f?e1;)h5s0tTY
z_o9~QCTdDwqB@drn0Z0vKz$~ZKy9{asD_522Dr+`FQJy;GrG#i@QdkT4b({5qSkaU
zYH8-8Msx&qO0Hocj5^%xiIS+z*8p{{n_*#`j(YAq>J&Xh&0zcyW}u};aQ?N4B1q6$
zjY97W1l6$@Ha+=BlU@OfkUj)e(H_($``4xijxrr;j2d|l)G3&adLynv&CEqqN288r
zGpVN~Mw_YYi|WuAjE)OXQ@+}|2Q~6@sHKT9#=H+Qqh_WV>f?Mo=EW_j_rx>Q62}_r
z<9(xMN6k!Cmw+B@iBWM9>fFylt?e50;1Se|=Mn1tkaC<k4JA=)*%-BHM_HGn${j{^
z=qYN(;*B>Q3q{S4+na!P_dL{^??kQn74%1Eg88@FQBX@#5w%BpqRLG`RlE(=;1kq9
zVofv+Bu3R=47J1!Py-%?)aN=|2}~s6E~>)tNoGWIuq^RosPi0Wve`7DsGf(T-e@yX
zr{OlLp-5BAdm|7P4@EWH40RkQ*z{$XP3Qk00Uf)Ss9hR3)&470)Y{cUZJvIpHD8K)
z5gkGg-a;*v^Q(y`Lv^?aYIAl*&By{&hgPCGd_?N}KP8|yU94%Q!JMcms)=fFFlv)7
zz!3Zk)v=V*&0Yz{XvAxvHftl)i>wQ3#Jx~2pz-LzC8*~Qqxbv&V*=_~)EQ>?r$aSd
z7}eAIs1XjZPDiczM)craRKtEVO}Rv<y^<4aV?$I2H=<70PSj_~*_oVwZKlU0r~;o^
zCL;mrd}c*$%9g0(<Dxd%eDvTU)cJmZ8sQt%(nOzaj&nNHNb{rGsgLSdcT~M|XLJ5F
zMcYXT#IvZWe}x*cXO7uyg)xA5Gt|^}LT%0-sET)^25=cY_yjXx^ton0xl!K}DxmgS
zH`I(TbP1@zJ*dt1H>%;J^UM<D!8pWgpm!$F`?+n?r=uEPfxfsC{csPK#sjD~YSj70
zU@T6&H>yMKRswqA+(f-VUZ6S<Yk?VAMpT0#=)wA^)6f_7DqVuwBUe$!@(XHYK?}_c
zl(4ozJvRZhwA+z(T;~M=4++s1nYGJ;TH`XP^bV-CAB&pOHCPBQq8g61*fg9QwQ1|2
z%J)LmGu_5_p{D*is-A!)K29T@|GWgWmXlCZ`6oulzfn{89<|$xEj0~vM!nm|p(;Fp
z+GMX#GmvnZu?VUI&9MXyM-LuBb>I<Zr+p{(a<lfuQESx!RncNp1;?>IKF3m6ZiVUS
zIMi-mfU0mOYU%Ew*7hrEM$)b{>7l5lX^c7rebLo}O9|-soJOtnJ=CfAj2?`)%Iu9i
zsHv@vYPcJ!+*nk@i*0;2>YQIh)%OJTY3H-ryowW|o-4JQ^RKCENJ2>*h&m1XQ9b+@
z_3lo##>eUJ!*8#!An_w>&6IvehyRsWXF3+V-p9F5elyg7N^dX&Xoza3KWb*@qh{#v
z2G=C~Z4=^cG#Q1g&9EW`M_4bQ_DbsCe4J|72J_)Itc=gG3>MvF>K%$YT`N&Dv=cQW
zmryhKk4r#3iTb-S2Wm;`pr(2tY6j-n{L`ok-=IER{5P8!D~S3Y&>EFK8MXF@(7U9l
z7uaXiQbgTiPLG>{fC>boHd{SZ!2zfaj7C+s3RU5C48+f<j-=dbzkH%bSOWE2ebmQ!
zADg}i^#a?48sJr=oXgyq1P`j=a;O=pjUMcedU4FP=|@p-%IBzxl5aO13q>{D!p4W7
zj_pF!i|ssW)4f2Ii?T!Mw4Z^1GD@Rnq7iC}B2WcKqCR9+phmbA)$lotfge$uEAmb=
zgBejXQ`y=SwS?U;CN9A8xDJQYzVm@V1iHI?ynib74Qg|g-)%nkTcH}9kJ`OQQ6u{Y
z3t*}}=2t6qP)juh``}^Jb0zlrc>kJS8;nhSFKVgJpsN?c8v>f5xckhM=Rj3l4YjLB
zVt%}gxiRK`^JWaj;>3re*7h)}o;#?`_#HKaSq_*Ps)*V<ov}JjJiz%^;4TSzm*+ib
zj#E7>Onf}*y>J|ZG2oDCurlhyXDq6t`>+^(K)oOGA2yq>3##53s1EHyE#YI-^S(!1
z^QOvw#7t>LR7QXF;0Dy*IEOmtk5MnER7XumDxubPjCBX9BTrD9Hp4NqB-ODA@u8>}
z+g;Qqj_DpZfx;L<LL1Z?u0*ZTU+6*pIIMT-0#R!kirNbuP#vCxMer~Nqt8h*<t0%|
z5{ByNP*lf$LoK~~oq#^=KH372PMOV@$65uo+1e@Y!w)8?SL^1}W-pvXRs0QoG20*J
zPeA6x2E->~EPRIAe4kLKAo>~aK=}Sgpg#%0xCVD)5Vk*S)^;3f6CFlP{R7m;Z~Sv6
zzZ^y*J_sA(Xe^75P&1k1yeZ!t6`zKc@EB&%`A>MkY>p7r)O11*PDf4gHVnX<sF6Rj
z`92rT-Uvc{2P}j&um-B5OHm!afHm>8wd^HRZZ>*<|NoqTc4w~3roqM-h4@e#AA^C!
zH(D>CDt?PaG2s>a{U2))Z-iA;9!sKg)oj*K)G-}`I?nUZRRxy_Xl>&CX{IU&6|ajL
zaU0aG9bnT}pf=|=)I0tL>donY%?u<Js-X%P8Czpj?1-gt7gj*uzc~M@sPbQCZMvi4
zOHg~@IO_cVjhcZt*UkCOjircJLVeMggetcTJ$M2&L(gn_j2q^aoC7tG5X^xcZ*cx~
zuIG@TH9L=*dgrED+o-5_d}`Ep!z@@Ci=(D?Eb923L5<MwmRW+Ds3~57+KjhQFQyE)
z&G(6B*pv7gmp~l?Y3`T;eNk_|O{iDxb1Z>@cg-ehj(US_M*UEE2DJoNQ3LV0XF6U0
z^**SAI)0;39hr&x7{7xabe;QVssmBSsub$Orw{7IF%>=d8)`3Hz(n{2HHFRtvvfI8
zr=$f2V;5A%H=yc$f$C7Yhh{T2M`ql077z#};}6t}B;F&lt3yz0I1oKJ57ppa)SCZ`
z8cC$bKHk60o(8oCMx&N$9clpkQRQ!;mhug1W}PQK&Mck(JOr8%{{waYb38THM{Sm&
zs2N#@ZSgp2WVxT2hPtDk`vn7WJ!&tVLmlhys25I_zs)A>joRF!F%RuKYYFHDatF1x
zpHLMh_{YatkHt|Pc#diy+H-T<vY<v7idvfHs1El+?TJOG=T2f5e26Kq&cEjQaCB8*
z41q$p47ICoqoyj&3)9masPkL{HL}iF5$9l5e2iL}gfGqUEsdJu_81-Kq93k6b#x7C
z1`fRB{Kp~iz-GKdy>bIyneTwPQ9Z7YTHBte%{L3x@r|fGaLW1&)uHIGP5A<-8ES~?
zU?0@i^OdN2Ug(#}F$qL@V|HgkTui(=cEY!)FBmP~nq4~^YY@MN*D%{VGb2&on-S&5
zW~A50R=5L;W9kpaCfJ7fT-0%m?0z&26hVFK4adSb3%##q)MktK$$SjgK#gE1>R6pX
zb?`gtd>8m^%DWg!d@ly0-xo7ur7$(|rl^^BT>=>hOhmnUx1rwUH&AQ%7B!_AznXY$
zRL@7+_#V`ze2FR-|C^~N7`0czQ2A3(Z@|r{_MT&Vo&QANO~zm>PsR=m#z=gf(5Wbm
zIu%XO4|}6N-TI@}_9SX^KEZex*~izrSCZfb;zhA4#_{#_{zau`IDz;D^#1$*mVUn8
z50kODnT&I&b2}oEulLhx6KX9#VkK-6+1LA}bu}vf6&qj$e_!vX+EUaWd4XFoG>WO`
zGwMStB&x5|6o+Foo&Sdfv^&d2^L0*OFC2&^qpOF!!LR~8#h#cihOhUV%o@~t;wEYj
zL=Euup8sIfRChq7FTq4U{OE>x@pVjJCyexrv3<?o{~u34n{P8}DzBq9$p_RDB#C3v
zb75TKl`#!AMZG76VrHCx+U+|~OZm~pL*x2-KUIfd9nwdmPTifjzOHwz|0O}2FK0Z{
z<J#77sF5E=?e;kF&Dxhnjc_XJL*+E;y%8;enc5tv^a-c|okZ>SM>hTey>Hlrt{Hjp
zgudQSuQ1fE?T-4^y8yL&&!INqYt+bMCNdqXi~9UugnFZ0#tlsIN7R5;CGmAa@C<6o
z<0kd>zOZ^>Y2wpd0-DO}sNL)&Gi#d)HKo;1d!rw!Bdbvlo<?;fesa@LW7M%7f*RQ@
z^v6T!odML8KSF&PzD0G|jh@0ZoDKC#t!QnHC5R8k__!bS%DjZyRDYvpByCFbTyfMF
zjrtfB+oH~SH`D-T;z&Ght&z%CZ&?2PKY=!6luzyJtj3L~scP);b+R&*2k{r;F9OXm
z>lx(h{hoggTacbTjVV6~bqwF5I$9&GulGZ$9qLWG8TDp;g(WdtI?Xiaud6q}8lqmA
z7g1}MB)#c*G1Q*ugnDo`>U7-1V)zYpu8U?cQ#}}!KNt0Bw;Q#z7f^51m#9zMv>91q
z+IN}|=zyb8Yy1|qW{ESIwaSB<fpVxR{R1_n?@()<KC_wnYN(}Zis>*MwK->^Mt&OA
z;iy?mdKvV7|L<!PwxW*NGt{y3WHp<u1C}Gc5p}FSp+=BDo0;0Ks2{D?qTVC7P@CF6
zyP3JnsPuZMH>->4`0DJOf9>*1B<OS8$zk5rsWCs%E~r=RGHiseQQrru<z#PQC#;6E
za0WiZDL5>b89<WUW=UJ3J~Ni1PR%>ifP(XI{x#xJdCacfgPNjuSP}E)HShjG*oF85
ztcA7nnJHa`dj0_pz-0M-y}x>yf&GccE8y$>d0_(9Bz^<SVy=RwTpyPJ$G~}wZLxVF
zU#BykK)p%}754Rh-1f$H#Mj|aOj5+xnT>N$YhAFYuhR{ipf>SYREHB3^L2u87;0dL
zQ8VgS+{}PmjX(qmGqE(rDq*aJ-l@eUq(4I)&xygl&NeI>VwUJFs=}-#%@Xy&#>6jU
zAIuwSJB~exCn;r|fUR}@{Y(2g;be5eW_SlRRVB-qil$lLpgL5etU2e4QET}P)$wxW
z%#w}AWyG(c(g&9}$Mz_eARfH}r-%1S1uU-f-?yUKOxrOM1s<XwKEsUoFD}F+m3*B$
zxC8YDoKx9+MqI>T;*qPEr7DBkT>Wu69!9;G8do*ve;exi!85F^^IyE0*(768U#+g8
zc6XfW=2#WO?8LjEj^8}gi{u*S!I(A7=?Ou7TsK1<-#*wE4`B=}QPX_LRkYSaS04&t
z1XLg#Re_7ia0YsC6Y5=m5%nSS9OI#XE%RJbj6yse>ia=9RJ|oIHdaQ}-xyV{9ahF}
zwK)GemwQRj8!c9CGgZa0JMo#Q;}THE*ZZxv7Aig)^}e`=t<blw+1+hW^(;l@UqYRZ
zH<%KW)ibZ=f~Z$>y?U+*bS7aW3Byop8?(Oo!cZDjVI9;G497IM8TE?(6IK2#>P42V
zfti_ls0KQqW@0d^LlZCv*I{Zr=MqqbFRck1nuZEl+oHaROvgHS4E1T2x{-N>HbQ+U
z4M%nGIELW|48$gl%>V|W@;9K$-$J$P1~oBjTn4o^ZBSFy1$}WG4#J7nxJ}Ken2dV!
z?L>9(1!lv*W@Zyt#j3=ALGLRbwRBE%b2`c)uXxv)L_kw~47KY&pgt_pwJ_(k66#cp
zMU^{%TGLlp29vZj4L8ML;^R=|{y=?(d_#>mUn}#<?v1K{69()2Un8IjlZTl#2|>l1
zqee6W)q%~Z3ZL0{P;2vwu7^5?(^0S3lc*(%*2a7jDuX&rRWUZUNA3Q;*i7gD7y*5J
zW@>Ausv*W9J{;B4>FB{ds7-VW^<w&l+JqU}nePdqn1Ogb)GK%pYK?EAX4bd8sV@h5
zh}S_^o1_;3^>`-gd|yWO_&I8KN9$l_AOw}(3pLWosJ(I))zRmu7gWNI=BrtCtWNxQ
zEQS7^%u-auVB+IDasJit84|Qf0y>+oUIkF`MyO3W0yVM;sHxtHYVaARz<6EEX~=;Z
zP<^a`{V**aLCwT7)N`@BnwiVr)iooiL4wx0E9wn64?VaQwVAG>zVSruX7)fyYai6E
z-hi5^52yxmb~hcUiyGh}On|pg^}In1D7zbOKK1Hg8xppnj#cUi^8%@bT9Wpt28Lik
z+<}^j*Qn!{p@$h^J=Esyj{&#{^;xkV6X9LdSFew#nQ_zfG;gGGSb~HOSQ=NOdj1kM
z1KE3-J<tR-#ZyshzXdgti`W9cpk}gZZ<9U_gNScNz45N1mh1zviCrgQAG4c_qej>U
zb=>BocI_q1g1&vt=E{yeiML0cnmg9`{mkhojT%5J)KaX%_;?OABM(sZy~2Dt|Ec<$
ziff^!ej*0rVXOZDGorGn<JSXqJg1^&Y$@v1`T*781Ov^|grMR*P{(u;szZBFoBIK#
zp?xO~n^0?!7c~R*Q3WQUj?FIAl=%!YFOXEI-JBh@6g5yIia>qnEI>WK1+^FM*m#t|
z=Eaj6_1qxz{`dbD*@WY$wSI<r(<L8bdRzmw$@-wCd=+YB*ReT98)}xY18OFwqL$zw
zY5>uOnfxl&UZ?>t7{>Wmg@;Md)W1jV?ySF<co?dpS*Q-&MpYPhxQW-nP~sy{Gj|eo
z?)^rXC9Q%wo}*D6K95!KJBDDDkxZ>RFma^GIDk5zaYva7DxwOGKpmswsE&L=HJEL*
zDIbO!`Fzx?_Yc%sXB}gXTTRqy8DO1_`i{8WC7=%Yjy0cVc~LXb57p2H)bYB5nwe<h
zj3rUWtRL$6m8b^)LXFUOyy;kVRJk#znb?jxT|N`cE8HzWKqKpcT9Xy1icX_8&l}W-
zO|pq*CPGo~g<mij51^j&n`Cx<MpOfhPz_H;4QL-~#@?bjl5Mhg#$2Zd0qw>ms5jFQ
z)Fym^S_;n;livU}6a7&gTY{SM6E^)LYK;S@nvPUK?Uf-|7>}X`;`^(4A!Wf7I{#G&
zXv7^bDo(~&I2!|S6>6=vqCOk=FA#aZ{U${nyR4{9SP#|VIj8|##t!H|-Ph@X-BBHW
zjCwBd3}#5@Ka_yhup4UX7Ne&4Pt;F1iDsI3Gt_3Bi<+@psHydtWzKtk)C@I8JwFQ7
zks}z4?@&unV76(m3%Z(;g#@&QCr~5!7k|M_bIcm9M>TW<^)8P$*L*tW!`j5_pq^iY
z#qb=)#MtvpJSFPGsv&A-C!l6@-aLE$ACb_PgrxI*oq9MG{qY}cgKto4+h~F5z$jGy
z8q|n4p^n#IsD?hG_DHscW@&4p-k^O^1DKAQ!5s@-GZoiKh(bcFMP{UlQ19%D7z5j&
zmL}ZhuS8AlP1KskTI~I4)+vTsq9v#$c!<?8%@SYl67)dru`Q_j_qqgB;4f>orRG5w
zwMllNj?rV($Pz6xpW_u!o3S}+3Hzd!ZZW3D8>o(bMST`zU2eXt)<u0qn}+%@bI%jd
z120i)8Fz)*ByBL5_<YnzZlg{~%9ZArmcmNJJEN9nCq~D|sE)rz%~0x9rlG1Bk9cQP
z`e3A8*V#xwJvxVa5yf0>mLM24l|4`oY(;&JKSHhHXVi#OtufElL+_go^&Z)d>hL`b
z#^`I!a}_ZG@y=LG=YJ@H;w0=x_1sx!3T8#Ua;su6jzsN&<EZ2M9d+(=tv8>RJy4r)
z4QfCqFfRIUFsCI6>Ql9lwJUo6`ya~*==1y<YR$e`vu!jVCXG;^1v^k{`3yCciGDM?
zJQHd!RK;r87BxfLQ8RHJ^(OS+WPZU>5p|rap{s(w5YQf2fts>os2TYeHTBtlH#V`3
zM|E@$s$>7yc&g1NUKzC~23l8Juc8JJd5c-PoLe~mTEq4v#KI-01~;Lm_#SFa6K*x{
z@KDsA7>MfNKJ+dHs=-{_%nPRpDt``YN&iB1G|G1K14uz@zwMlV72HFDdiE97fs8xM
z+Sfz9U?yQp+>Uy4rQB&MY>hgW)3FSm#0nU1mpR{!Q3L3MTH@tcQsq!H7|Y#ldRPqg
zZf=Jf;X*8p_fQ?mw8vCXAC*1;Q{h3>8s9~2#(=%%`D&<7y~$VwPouv7r`TtfI1e@<
z?lvIMl)!eJfJyh83Rj|DEEiBy_yskRj0a499n@|fglcH3jlV*TEYm?#z8>n;I~=uX
z7o#@o7UZ<J&KUyQeE*<6L}DH?KV;^{q{J(uM%V_`kx5trccb1HUs1a|=V9|E?SWdN
zqo~at=ZG0d9#s8}P<v%C=GFOMN5DJPs42{J)HKiu)$m%>nq9$QOm@snVMEl&hoJVz
zZq%Fd0qS@K9XIE{E_#T!L(S-D)QoIG@8|zn0_y2E)Q3Xg3Dd)3sPy)zsT+qH!2;`H
z)TVlBjdjvgoEx<nt70HdL+$=;sQ1GYY>0(VasKr&IgNnUWEblEUqWrVFE%~vY4c_)
zjY@Bc>ev+2CftI0HD5wC^aRzhWPg~Sl!{|w;#Dykwn5EMw?FLpUq(VQ5^ke5)o0YJ
zGxr&@nM$EfM>uLpR--RoLUs5m`r~(uj{av&N8@4x;vqIZ2erhftZ~k{=6Aid&Y3l@
zhxI5h0}J9ytcjV=n|Jy^)O%uw^#N8Q9_NB-urVrs9BQ*}!y0(srWd&A>;0pcEwB;k
zJ6r;K0VTd<rlbz)ypBPw)iq3rSuUFy3PGKUMyNMuPppa?P%k3qiZL&0leI<dnP0FZ
zuEO&84@O3}z*V!B#ZYV641<+{n#z5sDL;wY-EUEQAorgpy#;EdV^K@84VAwW)xa~X
zh%Zq~RqUFX*;dF>yUtt!`dGb)YAE_&#=NMCnxIB79(CR~p+@i!waIc`H^-_L#vncb
z18@{pz-g#@?x2o&+#6<3)x}gg|HBDrQ!GXA?!|E8$!?mZ8IM84PorKeFHjvRbjzIk
zj#!`gRMe6@N0rZb+w6sks2S>s8sH+-CO?INwD0)cF>93$Rj?%LcyzWdwq8YTrkHol
zj5Wim#HXPue2983<vnv;YhZQaT~RZ50JVgVuq>v%&-vG@v?Bpc<r-A{Eb3!5&I2>m
zB~kB(vFM#C)LK75&Dh_l<D2rK`9e|<wRf7JzE!uw*w_sta4>2n-#z5~>ztQ(WY(}c
z1{3d#iEt-sD$k>)?k(z#min>jPzY*d4NzabT+}9;i~6uSgvIa`>XhYtV(RH)o%zHy
z$KoIfr6}P4)VydaqLyMPYD(9mruaT;>XJV*r==xo=7yj?wwIwk3m&8119AQ~d!-2K
zv!XNVyWvXIX?x%j(7BEDkC}mjs5f16)D+G{HLwKZ;4##Lf1*bA0W~A}pPPE>p_XDS
zYG#(B-XEu|cTvxOKz$gwiT^cI6^weZbVg;2M0I2%YAK$eX2f}6%!+!a*F(K2yQ0di
zM7?<Sp+3xRU>W>~Di{3H*atcGuJaoKZMMhOWUtH!DxrGX26fzqqmI{h^x$h$#R*=U
zC25Ficrp6pJ}ikxQJXgU8?!W3P#x)sg>?Sc6VTc`!PJ=ct$DDNbp+~x6Q~aOy)&nx
z80rNx0<|a3qdJuAz4=UNj`}9F4z-7FV0?`C!R&$b7()9_3j&pK3F_Vd3S(i&NAo~6
z)bVMBTH6Tg1l0Rr73vs%MRg?mC-bK3i8=+lQ0M+BrpFAQO?nk{wMqID(D7M_+QoZO
zuTY;a=J>@z9lu=GhNw@yUr@XJJZh7EMZG@)znTV`qxQ@M)XeQf&E#9ut2p~N&cEK}
z5#P*i-GkcA_fW?u@^{noY#5Drd(;d?pia#})E;?{I-ZI67q>cIl~HRy3U!K3p_bqZ
zYEuXJm~y3jTtDx*A4GyO4&!3{it5NhUsLcPYO256cnv>4?}yfS)XW^hy7(NcVVOvN
z-d{jWx9&#oz)&+BIkKPkSeA7OD5EhdLvdBGAGMj{`TKd-zCJ3y9ahBEsI`5Mn&Na(
z%m}NaK23+C(s!Zu#ADP8E@xCf@9F4)S&6&-ZD1wp!ON(%35aImHBhHxBx;HeVki8B
zy|8U`)6v_Qn0SU5X39&TUOW{r3N}OSv9{LX$mwvMB?L6m3#c9?3ouh!7WD$@X5-^f
zn{6v<v)x7Q5&xKGMzW*w`=SSzqRJh?#`qNVv0g5gpZ7Co7kYpH_Xh!;`)61jW5hNU
zRIqly3Z#!kt@RZQMV~l+-VdwNs4p19F$r!#b?gkPL+_E1Ize&G3|2>-hLKoG=l=i!
z6^IhgOj&-^OjJTmc^}j<-GJ)ACDi-iJNjen_<l}HOoS@e7qt}gQKw-ms)Mgl9ZZwJ
zv{w{eWpp5*if5zN`Y>wKI0^l{AHU^Lo2>)txXna$cpGX>AE7FaoXC_<g}%f?&<{&t
zEi8w6Z_Gu_^wUIsu6MI#N^GX83u@QSLT$z)sHORW9!!zM#EYTcWR0-^4nv)qUDlXM
z%@j95)i=Y&524C`L(OddWSoEP_D;!6!A+<a%PrK}#ZPWJQXDn45vUoPiTcnwjvC2l
z)C?9*;phGIY=tU64%6Xps29*x)J(=qY4%PLmw+DZkAra;HpGmn%zI%NCRI9i#C@pK
zk}b7qC<3))bFEiVBaZL!^L}cUK<%aOsM9bXbs7$$Ud3);py@yZ)OWIBs8{D{)Gm(`
zWJX#GgNP5u-nbI=Mhr@0M%V*2;@PMf+=r^?jg1#bYuf36n%Q5GnQ@(c1hh*ZT7%M=
z5jR0?s@|v<$t2VWmZLV^NmPSRP@6JVdOz={V>Z-`l|wz>0t2z1jnBpS#J6Azeg2;y
zpo+6)Fl$mBTN0m)#qb^K<1=qYKktWCH}oN{>(@y9VDckklDz+{<j4DgBM^;zUHlCn
zXEEW;oY&K&HzTY;oN^<3^S!_2UPrJS8K3P#%Gt<0mWO?G(7E=L#}YfsxPM%W$<ItZ
zn|^w31mz3U&|CbKvM0#vz`d0CI?7KWFCX#J$%%|7vd~u8kHiwBO|~7&%*#8Jcw_FC
zJp7%zE_q3DAwA%Gq|;)`#zFDjRm4hDsvb2Jqr~r&SU_#Mj^az(LRNf5nvcypPT9lU
zHEezaVf`6e{gLGYv>uuGACwQEzM`b1Cmt2o@%$=U*Fi2Cg+DbHNMc<I#iu}j?we%j
z%1&6<FXTPuPQpWae}+=|4)XR8{*AO0+&8JT2d?1Om792f!e4kU8RaVzkIg-9%FChg
z^&jv1KdupW7*lzoFeQue)N)#RO_;v};|!*@!ldbXN*X@}I_-ESGj}xGQ~gYof^Zko
z_}R+Y$8$9(o1b_s>a9$k$DhqxnT+hVGF8}*%m4~5Abl@>Bz_Oy;E!wMPvMf3TS~tE
zSh%hgR2-H2JdNsFf*wpl8})3O(sjk;%bWKaLa%g1=kCYDuWbX{h<_!V?xzRGkye)S
zIVo3<@N@etL1!Z2c9{6b^E`K(v<x&po%9KG^ye$ow(s!8+?mTm{uKPxK0NKGMjKJd
zcb<$vetSkbipD2WZZv7dY^9YcKaI3I<R7xn>WzKYwwULq#uxDXFv_|I3Ful!11Twx
zg`4k14u8GG`HS!v?o2e=+7$Etvl40i{TgSIO^ZwT$3U);=0o{iq%EX@6Wq;7YfJn)
z_43zaoSi(M61iOG0tJqd!T-EJGVH`4?gC2Sx=sF0?p8dcYpV4W`4_p{la`J_@WY+c
znM(Ikb|hswnFhRn;xmlA0hG;vf#g-=ZcKQt58W<7Bsx8AjQU`l!Gpis#>1)jGvW1i
zmehf4w&JTa6qE3NDhi{_5uVrOA)cD>9KuHlkD*+RpPnC1I6v)u!?G>~*AOU7A%{B^
zcQ#v*DvM(u^s(+zIeVq1@{M$00gd|+*2OOY{>PP`_)DJon=+TUb!DTjv9uAJbay}h
zSYy(i;<n)&r1he3chVEs(Jr;-p~A!DO{9{%lsih94|vJe5r_P4#1rCh%B8b)jwGMI
ziR8T=@@!u-AlG?Gpge`v+uk)LK8?FSX`xgyi}ZS?u+xx=bu}P9oc#DyxSaemgtL%0
zmAp^3Oeb64EXv-ZT(GS}&tKqfN4errLKQVv8R$#Fl2q2rKCGNdbRr&xk^b}bz{a0=
z-=qGN`f&}W>bo@el)EuCU8dv}(v}b}fWL9;N<h3jElwu<mT-E?eIz`e{2JV&dG^Rp
zJ<&6|ve~p{luu&na=l+5Og3LQsB8uu($}(z6yWQDlb^!T39mK}IDcVd$`z$tWx{Le
z$P&u*;?`9Jzwlfg?t|oiC7y>eBk(!T{lndd@E;f}66c5?V7>n@i2U6`=Or1sK695L
z9usR*$vncbxsww<fV%iwS56l0t~_(zK6iym&ym-V#sdjYp!^E%36y(B+Hl&6OW8x-
z8u)j^di}H{gWr^RuOKqF6B<lfYz|vZD$!Nf;8dhsIF$_{J`!Wv{D-9XrJ?7fkLQlc
zv-`+<LRtpmovF7f<tq|?NBGC3zXa#>;vQf-@Qw#`RVQtYO-n$$FqI7?P1hm9{6OR6
zp=@!=)K{GJWT@-(PYqnBOm^;Wlv}~`yG;@P4wyIKI`eJe__pEJ#JiDKkODbzFAeqK
z)|G=%wI+PVmQ`8=@vJnw880irUNubv&TQ)AXA`FdjsJnC@Db%FP%e!=M*~SLOTsuR
z<!1!%H3;t#=Qn50Y{D%`U5t;Zth%lEDsf%^a?j!UImBDp8CvemVdL7tRkiw4u07=v
zlfRs@QS~1EadoBQEZoT%Wm22IlXx%%itwPW$;3}^>w3W5fJ*q0(OFBl4IM7Xvp+7?
zt!l1PW*R22vo@Q$;t&p|9+$t!?!2c|E)vdD(If7kuUkZZ=T1+#>^85rHJUBh%66zU
z6{jJuC-qGw?FP^Aqrby%Zu$QbWAl+;(mr#UIG6T6F9v#@kh?C4_qhEC7p0P;wxKzs
z@iU6|%1Qc3IvYq#e@SU3>3@*Foytd(o}Bz3%xBA+r}(jsbX^%K8$teNo=wFM!QSiX
zPlczF(T4*3QpCx`eTnd4(k9S=u7<XvDmJdPN|dQX`V8&`#PzeqJv_#9y2jZ0a}oZ7
zG95_&osP6|Re-`CM*NyWpQ-2{ZhkNEpQ{7$D%`DYWeEwt;$B7t(|Pt+?rr4FwE23l
zC3z=o9g(S9*D9V_NSS)vrRl^&;%+SdagKx&R1$@7Zo>K*ZW8f>R5F-?k#HsH4X7|P
z;WUKfar0Mxoz|4oHHomU9n_&;V)ypO__jcN7j<mpxmviLIu7tmV!|J^{<X;HNuf<t
zz^`$gzwpyfqaRJ-3#9Gj-fJrrepI0AH}cho<2+N6dmWJq)T1k{Eu&v(%(G#opS9r~
zKKcQj>lg_oc&Mvt;wnjpuGvluH%ZPs-zgi%By#zEh{La;oTl_g*H~MuFI7b5F<n==
z``SJ{C9NWP6K(krEaWZ43lpQ-@LTF>XP+s;iiMHhp6;Zw&#Bm7ny@t#<d?KgIop^r
z645{<3dc}{D-I83B)_~ZbK6!@isyP!ZVu%O;2z@qJ!$?Q{dk)b*Y%8N{wBPd^kk%u
z!-14H7YC*{2}Nz;AITvU=wS;5@(_RV-pP&yDOa3(md&e<4M_JRzbfe$3IDjtllF+l
z1MG|{JuNdahH_gd*9-?0q=GI4@{w`aKAePteRwzp4^JaMAL&g<yJbgzjPeP+-*)ut
z5ncRV(AiC?8<g0<y_Kg%aX+TySmJ94>$*yrmE5~+m&PldyDDWmkbat0x7j=oVgAau
z!{1N$UcZokpF0Zo8&VEx@pLsIf&U(W_i96fU8pPob+w`LROBaRcvtW=d9x^6h_J4q
z#K%&00O8Es^@!_QK>m>*Wo+HWN$*ZtSKC2v`+hvI(LVH%imv}Blh>jeB0kewC0`tD
zIYqbFG%=S-FY|08yg~W--0A4>kLw15I78Ydp7+Chlr5l{)A%D4;EK-!$0$&jct>1B
z<J<8clkNRyLmq5RBiFe9;tr$CIm+k?BX5}rI>kwgPkt2As+0B?{<seD%r)+RNpoXS
zXaIrUJWz|ox0Jd{2bS6gqSM>9gmX|XDJJL6O`5K%lKZADyN~B`5wFD^MtuXx4#80>
z{L{69@D$3fifq^aN8U3Mi_wX2Drm#~zpt3&_ap!KPZ>i<yGz+WZCX4!6OA%y>2Ndd
ztacfCQ!a$OB)FFHuLxJrr(JUjw<9r}p623#-rUV8kb!hv-R<adlb_FqmF`P?Ch=XA
zJww^j_~YtEdKTg(aWnUG%Ko^vQ~w=qUElPL<TnE6Q2)Yko>I96^3W&Jbn)+ty;o}f
z`GIgDoBoCdl5t0;>?ZCX*LxdYOrxo6I0et#v;&H7pKprp6cX1_@Gg-~+$(?TX({qX
z(ZC&Bb8@_8A6C**I+NRWPVr=v&&fTGXU1R??)>EEVhNV0fW4NHKAv_q@UQ&zpL}t)
z(95qsaxp*goIH5nrZuH-SMCaw)pdsk{`WPHw0JbMm2zEdW>3n;qOQiI6(Q{`E+MT7
zbx$R|lm0IcLw>4kf*s8Zo3@`qy6#wK5ME^SMpMypX5(Kf)s>R;C)~HVU)%B%Y+08w
z4JjXqTUSAwen=U*8d1@1?w)kuZ=0s{TT~R6cqaVHZ8x(sn2LNUJJdFG!&;KGYLxG2
z<JYNEmoMc@5k6)IxE?nX*ZaqrX$zGmT$PNPwwL4S<xwj0CI1!aX@2V1NaA&f54UCc
zqXXV+Ica~|`jpU|^z4|^j`%$JS;?PI2d_n<{gzaajD&Z%jl|Lvcw{Sm%!6?m@_uZ<
zy~vKL5FX(!L0&5yM){>Q@E3P|8th^_(1W^yNNd3z%H4rFbRDORzdEY(AL+-Ok`Z7>
zv4_kQr1S5F{&SW3Plyj`8eB-jF8SrTOHlrUE!%@~3FyE@@_$@IsJB1)S4cl*6Pu9#
zkIsKAD!alRg$9GT(@>xXg*Vy?{-E*}l>5%zf%F|%2IJU{kE8Nmh?k|@9-fIxyf&tz
zPF-nnEBQY*PhW2;-yKQ!uKz3^NJs&2imM=3XCi~KijC{vRO!k@<GL#Ga2XnjOu19s
zx#>(G9f(AJbDYGjD-C5<QAc?kP2LF9HH*7|&i@w@7E!@T64vn0@5G-FzD?mMG_saF
zT_dUF9`TOcJt<R~^y{QAvlS+$1DVP5=eaoCbqMRqO1VyWfwW&pt4TO6Y3XTewSL=i
zkHBdX!zrL^Hx*X14}T+ml7_bvuTOqi;??Yol(G#+r?N8CG0Z++%;xiNW}I@iOdy?m
zL74=U)ioCRFFZMaYyNB5LdvMjL!A}iny-IQaIxenVjt!YL^!)ll2e;XHrNIo!b8dP
zrLiB^XX<{&{Repq?eirlpOAPVZub}4>mVWpd1@<#yHQ{l7QyyB#Ge&$mJr^H>3`IW
zXDHK$`yq9-VszQ@9PxjsOP3$vRy_CPT4@92sHZb|U9|o`u3vd5oXEenLl3CXmqIIu
zFXw@H#19ajOIj(yJE{0L?#|p_e`+KrqaQ|m3-{l)BRhD0k}Y$GXa9Rm*)z!B4IsXc
z<j7QikVgjEBB!j6No)4gV@2)rFKqRSuH@O9woFpeo7(1%lNL(epQL@E8)*o~vU#=|
z*GW!>4~cCsH{<(p4I(^)3NqNV`-E?*3<Yx7N}^y4(%w-f&;P90c}=-jH24tbQ%2WE
zTc!zhCGpn#-!<U>|J?h#Yv%?9bCFqy$^3x5DD2t_su6EMrMj9>*&3cXXY-Uc(dN~m
z9DfMN8OZHX9pwGWJ&JfR^-Z_s)_Z^A*OOd3sPKX9VKL%|DY%G&1+fPWohGj)Vf_pC
zwiug=b!8&2FnR5WA0hsQd#!EYk}Z=6BWS!R<+f11KV>>ohda$SNZc7j#sMsdxwwaL
zm*t+$t?NByZ`$&ENGn5yJ*apw{<xyphFep)u3W_P@=OKFrR9EalD+@DukXO?DL8~X
zCih+nWFspR;o;mruGO~De{r7;EAM~}-=~oQlz&A$6P>BXeZzJt3w7#B#d4k{Z4u#r
zu!T3>uK#r+4;fJfDq8SU!~8e5oUPpRNGptqxg*&MRq0R~oJ`t_pVB5$`Td_dsd5>~
zPfrKFQ&!jS_zz`5^&KefPYtFfT!#wQaeuId=i18Nkfv)CWq!f!np)D@6Q4}D1C5O5
zZb({3;tvR)q>dA|9zE+rcsli!BYz;eZTUwe+dxVlOhv|zE2Zt&Hqu5?Sre>j%c{(u
z<j=BY(h|SL^L_9WUZGqx#ktRrHk*boQ}!!yU4I%~=Lm^2D7=C@hi$xptu%m#zSuN9
z)QmeTc_Vl@33;Em6A`{Z=f+X)BzFzU)TOT4Sb<wtLhgB#iN>>&YzH=Yb6Ee#RMM76
zFzfR>6?`Im3a8tGv#ly$>_-|E?V(J4(qi!ZAZ2o`q>&$2Jo5L@k)A&ium#VjpuDaz
zgoo%?gE6=VP<Xc;^?n}8M&>kI&=jYWqy<y17tXK^rKZzsdF~MDJ$WtzcPVaN*Lgm_
ztuw!^D;DMRaR0d6WVS$4Dh;C2`ouTb%Ck`F5$U?Vla`l8Y7qY$Bh!d4_c`vNrigRE
z)^(6HU6b)F&-v4MCE`W!8ELh7ej#@ZeFx6RL%XQ769re17|r%>K7}_D*Y%BuPLkis
zM4c?QOd+1#Pq}a07b#nU{EzmTZRCxn-WufTDo^+V^`zw4G~B;=%d!5O$e3gwN=@N*
z+%xS+wwh=E^Uutb+ejt4D%y(I(y_$U@#7jqIHS!wO<q*Wm*Ke*gfr4`WeUEh{;GOF
z@1NV;MM*eLq3(DXk5EBETt>VW`5kQo8A!WKh2?A~$a11m<{;@WxPPTw5#k{<^yA7-
zUCp?s^2}M>LOBojD#C6|3f?2*7kby8L|yfX$D^X^q@Cw}M%okdmQb;-e&jbIy$a!^
zgm+VsuDsNB(sr~V@h+ryB>xj-7x8Q&+o_J;(ws2;$%zs6;lnmD8wG3gP+{VUc`yX~
zQE4dQmfX62<C*B(bLrG3;@8Qa%yY?kt}f{(NZX-;KV6UP;4a}^%5<mfbA1Qa)rf>S
z+-0fgJnDL6@c#3tO;hA9Wp2}vID}W*4oxK7pE6VI424jpB@J~Yy*Z{MJ(vcs+VY8r
zw;*q*eg^W8F^0%-Dk#Ym)#l-J#H$d0OrEYOIE-{%!>FV>@n^(e65mPu8h5zO-)Egd
z+7{cPca)pLy_hszZD}`vwp@QIYHZS+x!9DuJohQ?&D_CsB8UoepstJDZ>XdK70=<`
zM?4>S>rvNP+u?dNP>%Q&?xVKR=GNl2u1oq3+=<E?QPB%M&9&P0eh_KpY{9Xl_q7$P
z%ti82+seAyGD_E#lJuqckn$Vo#5Kx3_2#evu{&vh+Gn@w-}vREKs;OdC@Pz2J7Ax2
zVvs-EMmCdIo%k87Nkzj*FNk$8FO}ZKx5WElQd`d(;vcvhk@n*{Phcf&ZqiX3%!84r
z^rd|ug3KJYhgEn`S26Mj(78jDPr$mRLw$F=Lw;P!uE+kA$;{o2^oo9){AWG!of2to
ziYcAv7T)w=?s}h1E9bBCsa~pPh$mxsScIofmmb|cU3zu)v~1qBd5d-(+eNes3(pkY
z@pwEL)3wUvF$LST>Fnv!xnrOImC?L&D^KZ;ZJKv#-f?=4O+JaUlnxE`coRcI|67GE
z;mH`*xn=i0T_a3QQ@Sop#9hFxp|1Rotp7gh&HI1prYZRU(@kZlN8SRh!df@)(J|tu
zQG|8gv~uAmpQ`^y``*E8IRBSf`l;MctxsvZF!831i!(-wXDbeC<!RMCqIq;DUHJ5~
zem+T(r3?4itae>GdwR9&*wND>%+n)0tktHA%bWUS%l_X2KRuh{f26kV(!H=JC|!8a
zrW`8|MA{T%-O7}kE}cvm$*oCO!n$V&_cU+Ss(V;?xF<up@C=?-UBbdWox4PMIyH}I
z+1694N=>>D(Y;S}r%IQIu)>~NZNs{UdD^Lrr%jLM-J5rg2n+K>v~3>2Kf>4`-CKFW
zdvxvErF%rUH>G=6w;o~P5%e#-UEi?m(b+Rx<y*Vn+z$U=Wmg{@)m6oF?#mLhG=wDN
zlTa^|B~6n+5<o|a&;Y4WD3q_Z*w*^;_Ga_S?t7c}kpyTP9Ea*?KaA;c1v{{{v~@vI
zOzWKvbg)@y2bF#(9jsW|T1TyARG8|ZV>_Pv-rLQFrZf6qa_>F&oO{mi{C?;CwQL)W
zF^ofX<P&q=ZCBG6i#F3_oT)b6+rzZ2(ju^rnwp!yz<e{a+lQ#<-7%?+A@$3Uq)U7t
zMy$r;W<QJ0&AnrI$p^K=g|8l*c`LK@ZrzLTiiF@RWln~ldiBFv8o+{@NiWiFJ<hz{
zkv*@Sx$4@4*(bArfx4E3arudmn9>cKS$=X%gAFf!bNa~E^MlIp&)=B=bmY(Pbe4=9
z_}f=LHFEpq6Xl{~GF)9!5%ZqrRe=p8nTE*|ch<lz;B9qKDW=vz8;CDYhb2>L6Vk=3
z$lQgk_AFTyHPNNVT+_Aro<{gB&s+y}{F&>(6)T$Hq*CT3s9$$_=*D?#7tx3<KAH=U
zDeZCAr#k)v9Lu$_`?@iAF++7+ga#rHE&9~B9;LUe?(jg$ztau_C75djn=E3)4)f4_
zSUV%)wsh%Eu-r^nt-wE<sb(>B5EV=3!=w`NwHx5^BCfB5&x>O#;W^SQZ?%|aO7I}x
zAQDvX*8U!5;D%%AtWP&$a?KX^tcEWX(zveLvM9QNY-Ab*y5R??T7LS()9YXo)a2GR
zGm)Px@z^c!BAMb>Gkb_1TL-ngYa=`)iZ;QGC8cazzl_N-O&T|im{_gK)IZV%w5VFQ
zZ5dM5UqQlO;6GXiSBt|s2xxQ>5r(5{K1yYpup6mu_sAE@TF4TF3k;K=-wic<-&WWl
zCdFY3bXu-q$lF)wR>Fu`w1wJ^YB_RALQ>k$?3q|H)}mq)Iai(%UrfM*$`T(Oxz_R_
zg?yI_JzNlgdO{$bOTr!HSAZVl=Iy=EDAx7D*+OxBAAFUFkpZYx#Kj#@590d!poj36
z27wB)6Fv-!hHt`p5c?j4=8)z=3?awj$UXNU+_3o&NjGj@vxY`pgrS)SHr?np!v&vU
zvbOWq&J9_cF4c#pwBYy?bc+_S0f$+J8mCFij9F?TT;LjN7d9?>U;|8Z5%a;8msVL0
z{?{Q`e>K82ibuwqBNFYTiTy0*eH(sUSgh$uWJ76lb~ijx$3E6F*=7+Iha(`??}6PR
zPWHnbe*1p-4SyyDpA`?MpcKSU9*0IECLMsKAkt6538k#Pt)+EgOWWsYYwM!cwx-s0
zaeo>X7xJbfFqyygL#XDP55rA-;4qYme;kH7A{vjtRC2ec#kvvIk#@J!KBR({MCM?E
z(Kt4;)Nf69GU*A`+v|30KsV0v)K6ZBJ((}zbEW3VwFwnm>(RTrEhg#NyR4DpPb+Qm
zCH!N1SIGGP6?jh1Ck|Y0W02mdq#CwpG?PYYcN)b5BVd!|6UH(o)&EN<{KB&^i!U32
zDpB%Nct6BD&y#7zY9G_Q#^!H-hSXgnTO2W$?+!^5RY9e$gTs`aNsE6Tg*U;oZV9YW
z+vOl2#oV{dq-hf8u+h{aI(ld{6|qNCqesPS&qGm>_~-<@HAmE3fJZ}v@dnk?bB28p
zAX3#)0mqD}fzg<#QxeTlnnWVaq-eYW3ua}~Op1QEU;|627Gg;HTNS59!#3n()zw@y
zj(NJTGm85(u1YGyPKsr|k8Yaqe@Dep1^wd{1|~hH`kwT6O6o)EZpfrL{%*skNi*fW
zXUVh<W(VT#9rN$7X_8sUtccyHYS_}*c<GOh1u$3ay9g0z8%sc6CM~sHzG-|ea3IOc
zhj{i9JOCk2PxuQ%q@pUR=FpOVuK5FacWM*r5$4kxdw3GFW@GZ0gd6HTdc|#x#pC>5
zg-}r%BK?K@?qU)_I^0!EXt|hIPX@!{!W^R3i(SjfeP!iY9l;A!$6-d)6|kAq6S3qr
zauLLqEksOfkh%7CEU2gCc8LQjU*wB_=1`a?4YH80Fvw+ohe?i!Wl8cxsK&1n*2BS(
zLgvInTAcBdJ2A-jU2>qX(v8Ws4IXD2-MVUMjDKqesjZBfhJjYLHv*v6N+PxSL)*y-
z-oJx1@%1~%`f7;|EzY`Wq<yxOXBugn?T)7S&{3$Um_OT_1Ttyq9PtrZFk1}mAcreN
z>Jf4(%unwnJz~Rm$*+}8W>_qy+fG0ul1P)L?I}G5ffJ@hbFSowkV$K967!DZs84hl
zgDq<IlXIaq+4jMdfT+VM1`DklUIXB0RgjnXU`<>)K(@oIf=@{Gn60?&De@PkEl|&~
z^{k$HEtf0N*gju+kh~-!hscxV<q6Yi@iOLEX40QBPCZZV1^)NrWF|j;oP@;SadNKs
zhFqN3RJ|@fbS(1hiboLG$U#8k+=uzlDKbqYPLa!`Bj{t#FQz1zQ@XR0isTu(apOua
z&)NQ#L?AiIv*o>eNIie<m*neW>uJ(LrZph$9SIg$^k8b?Q%{rXvfuA~bToxEKsvE-
zOrcTU`wLQ0InE$E!tm15q-J7^O0oA9(j4OdIzy&(=5lH@_|4*x7``MJ{*Z7dOv1P}
z;U~_J!7_YwkB)$k1_m}Cx{Fls<*$<kV(aT<QIR<LJMyq1I^HJjg<}67hz4TbAIWru
zZ-0+8i&x$wZ%pBDIApST_cA#K;`F~sebJzn?H#Jh0Y?HJDR$GkO&x1GC0%+T#SaCW
z$*(ZkbADghru=q5W7A3?A0h;U9vpYiO&vFPtlB7V)KvT$lqpZBZl8)D0REj<<zLGG
z1j^cq+@yn}fIrwUKAk9a;js<=!Z4w{ktp|<#-(Cl<*~8k#KTh|rHX&=PEsYFCd!wJ
z_&1i3QhsffQp!&iD=mCxSou}6H-Ag&K#s`!cnDYq*&vTV#HFxu4G}k&C@&ZB#g$4U
sKUAd@^Pg2JW&8(~%76G>)k>$J)yiHFXKIv}i8wP|NrAXHLwT|Azhe=%h5!Hn

diff --git a/po/fr.po b/po/fr.po
index b7bfe1c..d72bb36 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.1\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2021-05-19 00:01+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2017-11-02 17:40+0100\n"
 "Last-Translator: David Prévot <david@tilapin.org>\n"
 "Language-Team: French <traduc@traduc.org>\n"
 "Language: fr\n"
@@ -18,59 +18,59 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 "X-Generator: Lokalize 1.5\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "impossible d'obtenir le verrou pinentry : %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Annuler"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|Code personnel :"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 #, fuzzy
 #| msgid "|pinentry-label|_Cancel"
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Annuler"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr ""
 "Voulez-vous vraiment supprimer de façon permanente la clef secrète OpenPGP :"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -78,7 +78,7 @@ msgstr "phrase de passe incorrecte"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -89,7 +89,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -97,22 +97,9 @@ msgstr ""
 "La qualité du texte entré ci-dessus.\n"
 "Veuillez demander à votre administrateur des précisions sur les critères."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Phrase secrète trop longue"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Qualité :"
 
@@ -122,13 +109,13 @@ msgstr "Qualité :"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "La qualité du texte entré ci-dessus.\n"
 "Veuillez demander à votre administrateur des précisions sur les critères."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -136,7 +123,7 @@ msgstr ""
 "Veuillez entrer votre code personnel, afin de débloquer la clef secrète "
 "pendant cette session"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -144,82 +131,76 @@ msgstr ""
 "Veuillez entrer votre phrase secrète, afin de débloquer la clef secrète "
 "pendant cette session"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Phrase secrète :"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "ne correspond pas — veuillez réessayer"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (essai %d sur %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Répéter :"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "Code personnel trop long"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Phrase secrète trop longue"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Caractères incorrects dans le code personnel"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "Code personnel trop court"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Mauvais code personnel"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Mauvaise phrase secrète"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "erreur de lecture du numéro de série de la carte : %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Veuillez répéter cette phrase secrète"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -231,62 +212,52 @@ msgstr ""
 "Veuillez entrer la phrase secrète pour protéger l'objet importé dans le "
 "système GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "les clefs SSH plus grandes que %d bits ne sont pas prises en charge\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "impossible de créer « %s » : %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "impossible d'ouvrir « %s » : %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "carte détectée avec le numéro de série : %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "aucune clef d'authentification pour SSH sur la carte : %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "aucune clef de carte convenable n'a été trouvée : %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting list of cards: %s\n"
 msgstr "erreur de lecture des options stockées : %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -295,20 +266,20 @@ msgstr ""
 "Un processus SSH demande à utiliser la clef%%0A  %s%%0A  (%s)%%0AVoulez-vous "
 "l'autoriser ?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Autoriser"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Refuser"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Veuillez entrer la phrase secrète pour la clef SSH%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -317,89 +288,85 @@ msgstr ""
 "Veuillez entrer une phrase secrète pour protéger la clef secrète%%0A   %s"
 "%%0A   %s%%0Areçue dans l'espace de stockage de clefs de gpg-agent"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "échec de création du flux à partir de cette socket : %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Veuillez insérer la carte de numéro de série"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Veuillez retirer la carte présente et insérer celle de numéro de série"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Code personnel d'administration"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "CDP"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Code de réinitialisation"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0AUtilisez le pavé numérique du lecteur en entrée."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Répétez ce code de réinitialisation"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Répétez ce code de déblocage personnel"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Répétez ce code personnel"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr ""
 "les codes de réinitialisation ne correspondent pas ; veuillez réessayer"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr ""
 "les codes de déblocage personnels ne correspondent pas ; veuillez réessayer"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "Les codes personnels ne correspondent pas ; veuillez réessayer"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Veuillez entrer le code personnel%s%s%s pour déverrouiller la carte"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "erreur d'écriture sur %s : %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "erreur de création du fichier temporaire : %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "erreur d'écriture du fichier temporaire : %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Entrez la nouvelle phrase secrète"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "La prendre quand même"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
@@ -407,7 +374,7 @@ msgstr ""
 "Aucune phrase secrète n'a été entrée.%0AUne phrase secrète vide n'est pas "
 "autorisée."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -416,18 +383,18 @@ msgstr ""
 "Aucune phrase secrète n'a été entrée — c'est souvent une mauvaise idée."
 "%0AVeuillez confirmer que vous ne voulez aucune protection pour la clef."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Oui, aucune protection n'est nécessaire"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Une phrase secrète devrait contenir au moins %u caractère."
 msgstr[1] "Une phrase secrète devrait contenir au moins %u caractères."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -439,7 +406,7 @@ msgstr[1] ""
 "Une phrase secrète devrait contenir au moins %u chiffres%%0Aou caractères "
 "spéciaux."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, fuzzy, c-format
 #| msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
@@ -447,217 +414,228 @@ msgstr ""
 "Une phrase secrète ne devrait ni être un mot commun,%%0Ani correspondre à un "
 "certain schéma."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Avertissement : une phrase secrète non sécurisée a été entrée."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "La prendre quand même"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Veuillez entrer la phrase secrète%0Apour protéger la nouvelle clef"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Veuillez entrer la nouvelle phrase secrète"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Options pratiques pour le débogage"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "exécuter en mode démon (arrière-plan)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "exécuter en mode serveur (premier plan)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "run in server mode"
 msgid "run in supervised mode"
 msgstr "exécuter en mode serveur"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "ne pas détacher de la console"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sortie de commandes à la sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "sortie de commandes à la csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FICHIER|lire les options depuis le FICHIER"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Options contrôlant la sortie de diagnostique"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "bavard"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "devenir beaucoup plus silencieux"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FICHIER|écrire les journaux serveur dans le FICHIER"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Options contrôlant la configuration"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "ne pas utiliser le SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PROG|utiliser PROG comme SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PROG|utiliser PROG comme SCdaemon"
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|connect to host NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NOM|se connecter à l'hôte NOM"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorer les demandes de modification du TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorer les demandes de modification d'aff. X"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "activer la prise en charge de SSH"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "activer la prise en charge de putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Options contrôlant la sécurité"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|oublier les codes personnels après N secondes"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|oublier les clefs SSH après N secondes"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|définir la durée maximale du cache de code personnel à N secondes"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|définir la durée maximale du cache de clef SSH à N secondes"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "ne pas utiliser le cache de code pour signer"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 #| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
 msgstr "ne pas autoriser la réutilisation d'anciennes phrases secrètes"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "ne pas marquer les clefs comme de confiance"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "permettre de préconfigurer la phrase secrète"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Options d'application d'une politique de phrase secrète"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "pas de contournement de politique de phrase secrète"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|définir la taille minimale des nouvelles phrases secrètes à N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 "|N|nécessiter au moins N caractères non alphabétiques pour les nouvelles "
 "phrases secrètes"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 "|FICHIER|vérifier la nouvelle phrase secrète par rapport aux motifs du "
 "FICHIER"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|la phrase secrète expire après N jours"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "ne pas autoriser la réutilisation d'anciennes phrases secrètes"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Options contrôlant la sécurité"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "ne pas capturer le clavier et la souris"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PROG|utiliser PROG pour entrer le code personnel"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 #, fuzzy
 #| msgid "|N|set LDAP timeout to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|définir le temps d'expiration de LDAP à N secondes"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
@@ -665,21 +643,21 @@ msgstr ""
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "Veuillez signaler toutes anomalies sur <@EMAIL@> (en anglais)\n"
 "et tout problème de traduction à <traduc@traduc.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Utilisation : dirmngr @GPG_AGENT@ (-h pour l'aide)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -687,140 +665,135 @@ msgstr ""
 "Syntaxe : @GPG_AGENT@ [options] [commande [arguments]]\n"
 "Gestionnaire de clefs secrètes pour @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "niveau de débogage « %s » incorrect\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "la fonction de hachage sélectionnée est incorrecte\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "lecture des options de « %s »\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Remarque : « %s » n'est pas considéré comme une option\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "impossible de créer la socket : %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "le nom de la socket « %s » est trop long\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr ""
 "une instance de gpg-agent fonctionne déjà —\n"
 "pas de démarrage d'une nouvelle instance\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "erreur de lecture du « nonce » de la socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "erreur de lien de la socket à « %s » : %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 #| msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Avertissement : les droits de %s ne sont pas sûrs « %s »\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "écoute sur la socket « %s »\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "impossible de créer le répertoire « %s » : %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "répertoire « %s » créé\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "échec de stat() pour « %s » : %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "impossible d'utiliser « %s » comme répertoire personnel\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "erreur de lecture du « nonce » sur le descripteur %d : %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "gestionnaire 0x%lx pour le descripteur %d démarré\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "gestionnaire 0x%lx pour le descripteur %d terminé\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "gestionnaire SSH 0x%lx pour le descripteur %d démarré\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "gestionnaire SSH 0x%lx pour le descripteur %d terminé\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "échec de npth_pselect : %s — attente 1 s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s arrêté\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr ""
 "aucune instance de gpg-agent n'est en cours d'exécution dans cette session\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -828,12 +801,12 @@ msgstr ""
 "@Options :\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 "Utilisation : gpg-preset-passphrase [options] KEYGRIP (-h pour l'aide)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -841,8 +814,8 @@ msgstr ""
 "Syntaxe : gpg-preset-passphrase [options] KEYGRIP\n"
 "Maintenance du cache des mots de passe\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -850,8 +823,8 @@ msgstr ""
 "@Commandes :\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -861,11 +834,11 @@ msgstr ""
 "Options :\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Utilisation : gpg-protect-tool [options] (-h pour l'aide)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -873,16 +846,16 @@ msgstr ""
 "Syntaxe : gpg-protect-tool [options] [arguments]\n"
 "Outils de maintenance des clefs secrètes\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Veuillez entrer la phrase secrète pour déprotéger l'objet PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr ""
 "Veuillez entrer la phrase secrète pour protéger le nouvel objet PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -890,7 +863,7 @@ msgstr ""
 "Veuillez entrer la phrase secrète pour protéger l'objet importé dans le "
 "système GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -898,53 +871,52 @@ msgstr ""
 "Veuillez entrer la phrase secrète ou le code personnel\n"
 "nécessaires pour terminer cette opération."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "annulé\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "erreur de demande de la phrase secrète : %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "erreur d'ouverture de « %s » : %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "fichier « %s », ligne %d : %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "déclaration « %s » ignorée dans « %s », ligne %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "le système de liste de confiance « %s » n'est pas disponible\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "mauvaise empreinte dans « %s », ligne %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "option de clef incorrecte dans « %s », ligne %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "erreur de lecture de « %s », ligne %d : %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "erreur de lecture de la liste de certificats racine de confiance\n"
@@ -957,7 +929,7 @@ msgstr "erreur de lecture de la liste de certificats racine de confiance\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -966,11 +938,11 @@ msgstr ""
 "Attribuez-vous une confiance ultime%%0A  « %s »%%0Apour certifier "
 "correctement les certificats de l'utilisateur ?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Oui"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Non"
@@ -983,7 +955,7 @@ msgstr "Non"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -995,22 +967,22 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Exact"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Faux"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Remarque : cette phrase secrète n'a jamais été modifiée.%0AVeuillez la "
 "modifier maintenant."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -1019,15 +991,15 @@ msgstr ""
 "Cette phrase secrète n'a pas été modifiée%%0Adepuis le %.4s-%.2s-%.2s. "
 "Veuillez la modifier maintenant."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Modifier la phrase secrète"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Je la modifierai plus tard"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -1035,11 +1007,11 @@ msgid ""
 "%%0A?"
 msgstr "Voulez-vous vraiment supprimer les clefs sélectionnées ? (o/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Supprimer la clef"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1049,95 +1021,95 @@ msgstr ""
 "Supprimer cette clef pourrait vous empêcher d’accéder à des machines "
 "distantes."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA nécessite que la taille du hachage soit un multiple de 8 bits\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "la clef %s utilise un hachage non sûr (%u bits)\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 "un hachage de %1$zu bits n'est pas valable pour une clef %3$s de %2$u bits\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "échec de vérification de la signature créée : %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "des parties de la clef secrète ne sont pas disponibles\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "l'algorithme de clef publique %d (%s) n'est pas pris en charge\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "l'algorithme de protection %d (%s) n'est pas pris en charge\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr ""
 "l'algorithme de protection de hachage %d (%s) n'est pas pris en charge\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "erreur de création d'un tube : %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "erreur de création d'un flux pour un tube : %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "erreur de création de processus fils : %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "échec d'attente de fin du processus %d : %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "erreur d'exécution de « %s » : il n'est sans doute pas installé\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "erreur d'exécution de « %s » : code de retour %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "erreur d'exécution de « %s » : terminé\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "échec d'attente de fin du processus %d : %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "erreur de lecture du code de retour du processus %d : %s\n"
@@ -1152,34 +1124,34 @@ msgstr "impossible de se connecter à « %s » : %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problème de configuration des options de gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "impossible d'empêcher la génération de fichiers « core » : %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Avertissement : le propriétaire de %s n'est pas sûr « %s »\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Avertissement : les droits de %s ne sont pas sûrs « %s »\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "attente pour permettre à l'agent d'arriver… (%d s)\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "impossible de renommer « %s » en « %s » : %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "oui"
 
@@ -1233,54 +1205,100 @@ msgstr "hors limite de la mémoire sécurisée lors de l'allocation de %lu octe
 msgid "out of core while allocating %lu bytes"
 msgstr "hors limite lors de l'allocation de %lu octets"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "erreur d'allocation de suffisamment de mémoire : %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s : %u : option « %s » obsolète — non prise en compte\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "Attention : « %s%s » est une option obsolète — non prise en compte\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "attente pour permettre au dirmngr d'arriver… (%d s)\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the agent to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "attente pour permettre à l'agent d'arriver… (%d s)\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "attente pour permettre à l'agent d'arriver… (%d s)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
+#, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "connexion au dirmngr établie\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "connexion au dirmngr établie\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "connexion au dirmngr établie\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "pas d'instance de Dirmngr en cours d'exécution — démarrage de « %s »\n"
+
+#: common/asshelp.c:588
 #, fuzzy, c-format
 #| msgid "connection to agent established\n"
-msgid "connection to %s established\n"
+msgid "connection to the agent is in restricted mode\n"
 msgstr "connexion à l'agent établie\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring '%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "erreur de création du porte-clefs « %s » : %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
-"pas d'instance de gpg-agent en cours d'exécution — démarrage de « %s »\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-#| msgid "connection to agent established\n"
-msgid "connection to agent is in restricted mode\n"
-msgstr "connexion à l'agent établie\n"
+#| msgid "WARNING: "
+msgid "WARNING: %s\n"
+msgstr "Attention : "
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "pas d'instance de Dirmngr en cours d'exécution — démarrage de « %s »\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Veuillez d'abord utiliser la commande « toggle ».\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1350,7 +1368,7 @@ msgid "algorithm: %s"
 msgstr "algorithme : %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "algorithme non pris en charge : %s"
@@ -1425,11 +1443,11 @@ msgstr "Chaîne de certificats correcte"
 msgid "Root certificate trustworthy"
 msgstr "Certificat racine digne de confiance"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "aucune liste de révocations trouvée pour le certificat"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "la liste de révocations de certificat est trop vieille"
 
@@ -1466,7 +1484,7 @@ msgstr "Pas d'aide disponible pour « %s »."
 msgid "ignoring garbage line"
 msgstr "ligne inutile ignorée"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[aucun]"
 
@@ -1475,134 +1493,26 @@ msgstr "[aucun]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "caractère %02x incorrect en radix64, ignoré\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argument inattendu"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "erreur de lecture"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "mot-clef trop long"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "argument manquant"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "argument incorrect"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "commande incorrecte"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "définition d'alias incorrecte"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "hors limite"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "commande incorrecte"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "commande « %s » inconnue\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "données inattendues"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "option incorrecte"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "argument manquant pour l'option « %.50s »\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "argument incorrect pour l'option « %.50s »\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "l'option « %.50s » n'attend pas d'argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "commande « %.50s » incorrecte\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "l'option « %.50s » est ambiguë\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "la commande « %.50s » est ambiguë\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "option « %.50s » incorrecte\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Remarque : pas de fichier d'options par défaut « %s »\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "fichier d'options « %s » : %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1618,131 +1528,132 @@ msgstr "échec de iconv_open : %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "impossible de convertir « %s » en « %s » : %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "impossible de créer le fichier temporaire « %s » : %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "erreur d'écriture sur « %s » : %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "suppression du vieux fichier verrou (créé par %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "attente du verrou (appartenant à %d%s) %s…\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(peut-être un verrou mort) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "verrou « %s » non effectif : %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "attente du verrou %s…\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s est trop ancien (nécessaire : %s, utilisé : %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armure : %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "en-tête d'armure incorrect : "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "en-tête d'armure : "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "en-tête de signature en texte clair incorrect\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "en-tête d'armure inconnu : "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "signatures en texte clair imbriquées\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "armure inattendue : "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "ligne protégée par « - » incorrecte : "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "caractère %02X incorrect en radix64, ignoré\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "fin de fichier prématurée (pas de CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "fin de fichier prématurée (dans le CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC mal défini\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "erreur de CRC ; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "fin de fichier prématurée (dans le pied)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "erreur dans la ligne de pied\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "aucune donnée OpenPGP valable n'a été trouvée.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armure incorrecte : ligne plus longue que %d caractères\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1750,13 +1661,13 @@ msgstr ""
 "caractère Quoted-Printable dans l'armure provenant sans\n"
 "doute d'un serveur de courriers électroniques défectueux\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "non lisible par l'utilisateur"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1765,28 +1676,28 @@ msgstr ""
 "un nom de notation ne doit contenir que des caractères imprimables ou des "
 "espaces, et se terminer avec « = »\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "un nom de notation d'utilisateur doit contenir un caractère « @ »\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "un nom de notation ne doit pas contenir plus d'un caractère « @ »\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "une valeur de notation ne doit utiliser aucun caractère de contrôle\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "un nom de notation ne doit pas contenir plus d'un caractère « @ »\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1796,353 +1707,344 @@ msgstr ""
 "un nom de notation ne doit contenir que des caractères imprimables ou des "
 "espaces, et se terminer avec « = »\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "Attention : des données de notation incorrectes ont été trouvées.\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "échec de transfert de la demande %s au client\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Entrez la phrase secrète : "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring '%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "erreur de création du porte-clefs « %s » : %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s ne fonctionne pas encore avec %s\n"
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "WARNING: "
-msgid "WARNING: %s\n"
-msgstr "Attention : "
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "erreur de lecture de %s : %s\n"
 
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Veuillez d'abord utiliser la commande « toggle ».\n"
-
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s ne fonctionne pas encore avec %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problème avec l'agent : %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 #| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
 msgstr ""
 "aucune instance de gpg-agent n'est en cours d'exécution dans cette session\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "impossible d'utiliser %s en mode %s.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "Tor is not properly configured"
 msgstr "« %s » n’est pas une empreinte\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "DNS is not properly configured"
 msgstr "« %s » n’est pas une empreinte\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "générer un certificat de révocation"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armure : %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "la carte OpenPGP n'est pas disponible : %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "carte OpenPGP nº %s détectée\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "impossible de faire cela en mode automatique\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Cette commande n'est disponible que pour les cartes en version 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "le code de réinitialisation n'est plus disponible\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Quel est votre choix ? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[non positionné]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "non forcé"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forcé"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Erreur : seul l'ASCII standard est permis pour l'instant.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Erreur : le caractère « < » ne peut pas être utilisé.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Erreur : les espaces doubles ne sont pas permises.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Nom du détenteur de la carte : "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Prénom du détenteur de la carte : "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Erreur : nom combiné trop long (limité à %d caractères).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL pour récupérer la clef publique : "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "erreur de lecture de « %s » : %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "erreur d'écriture de « %s » : %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Données d'identification (nom du compte) : "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Données DO privées : "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Préférences de langue : "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Erreur : taille incorrecte de la chaîne de préférences.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Erreur : caractères incorrects dans la chaîne de préférences.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Erreur : réponse incorrecte.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "empreinte de l'autorité de certification : "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Erreur : formatage incorrect de l'empreinte.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "opération sur la clef impossible : %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "ce n'est pas une carte OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr ""
 "erreur de lecture des renseignements actuellement contenus\n"
 "dans la clef : %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Faut-il remplacer la clef existante ? (o/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Remarque : Il n'y a aucune garantie que la carte gère la taille demandée.\n"
 "           En cas d'échec de génération de la clef, veuillez vérifier les\n"
 "           tailles permises dans la documentation de la carte.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Quelle taille de clef désirez-vous ? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "arrondie à %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "les tailles de clefs %s doivent être dans l'intervalle %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) Clef de signature\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Clef de chiffrement\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Clef d'authentification\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Sélectionnez le type de clef désiré :\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Choix incorrect.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 "La carte sera maintenant reconfigurée pour générer une clef de %u bits\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, fuzzy, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 "La carte sera maintenant reconfigurée pour générer une clef de %u bits\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 #| msgid "error changing size of key %d to %u bits: %s\n"
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "erreur de modification de taille de clef %d en %u bits : %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
@@ -2150,27 +2052,29 @@ msgstr ""
 "erreur de lecture des renseignements actuellement contenus\n"
 "dans la clef : %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Cette commande n'est pas permise en mode %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 "Faut-il faire une sauvegarde hors carte de la clef de chiffrement ? (O/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Remarque : les clefs sont déjà stockées sur la carte.\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Faut-il remplacer les clefs existantes ? (o/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2181,198 +2085,212 @@ msgstr ""
 "   code personnel = « %s »     code personnel d'admin. = « %s ».\n"
 "Vous devriez les modifier avec la commande --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Veuillez sélectionner le type de clef à générer :\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Clef de signature\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Clef de chiffrement\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Clef d'authentification\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Veuillez sélectionner l'endroit où stocker la clef :\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "échec de KEYTOCARD : %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 #| msgid "Note: keys are already stored on the card!\n"
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Remarque : les clefs sont déjà stockées sur la carte.\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Continue? (Y/n) "
 msgid "Continue? (y/N) "
 msgstr "Faut-il continuer ? (O/n) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "erreur de fermeture de %s : %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error closing %s: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "erreur de fermeture de %s : %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "quitter ce menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "afficher les commandes d'administration"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "afficher cette aide"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "afficher toutes les données disponibles"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "modifier le nom du détenteur de la carte"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "modifier l'URL pour récupérer la clef"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "récupérer la clef indiquée dans l'URL de la carte"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "modifier l'identifiant de connexion"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "modifier les préférences de langue"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "modifier le sexe du détenteur de la carte"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "modifier une empreinte d'autorité de certification"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 "inverser le paramètre obligeant à entrer le code personnel pour les\n"
 "signatures"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "générer de nouvelles clefs"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menu pour modifier ou déverrouiller le code personnel"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "vérifier le code personnel et afficher toutes les données"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "débloquer le code personnel en utilisant un code de réinitialisation"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use user NAME for authentication"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NOM|utiliser le NOM d'utilisateur pour authentif."
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "modifier la confiance du propriétaire"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "modifier la confiance du propriétaire"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/carte> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "La commande n'est utilisable qu'en mode administration\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Les commandes d'administration sont permises\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Les commandes d'administration ne sont pas permises\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Commande incorrecte (essayez « help »)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output n'est pas compatible avec cette commande\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "impossible d'ouvrir « %s »\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "clef « %s » introuvable : %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "erreur de lecture du bloc de clef : %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "clef « %s » introuvable : %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(à moins d'indiquer la clef par son empreinte)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "impossible de faire cela en mode automatique sans « --yes »\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(à moins d'indiquer la clef par son empreinte)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2410,9 +2328,9 @@ msgstr "clef"
 msgid "subkey"
 msgstr "sous-clef"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "échec de la mise à jour : %s\n"
@@ -2438,65 +2356,77 @@ msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr ""
 "utiliser d'abord l'option « --delete-secret-keys » pour la supprimer.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"Attention : forcer le chiffrement symétrique %s (%d) est en\n"
-"            désaccord avec les préférences du destinataire\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "erreur de création de la phrase secrète : %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "impossible d'utiliser un paquet ESK symétrique en mode S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "utilisation de l'algorithme de chiffrement %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "« %s » est déjà compressé\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "Attention : « %s » est un fichier vide\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm '%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "impossible d'utiliser l'algorithme de hachage « %s » en mode %s.\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:727
+#, c-format
+msgid "reading from '%s'\n"
+msgstr "lecture de « %s »\n"
+
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"Attention : forcer le chiffrement symétrique %s (%d) est en\n"
+"            désaccord avec les préférences du destinataire\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
 msgstr "Attention : « %s%s » est une option obsolète — non prise en compte\n"
 
-#: g10/encrypt.c:679
-#, c-format
-msgid "reading from '%s'\n"
-msgstr "lecture de « %s »\n"
-
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2505,28 +2435,37 @@ msgstr ""
 "Attention : forcer l'algorithme de compression %s (%d) est en\n"
 "            désaccord avec les préférences du destinataire\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forcer le chiffrement symétrique %s (%d) est en désaccord\n"
+"avec les préférences du destinataire\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s chiffré pour : « %s »\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "impossible d'utiliser %s en mode %s.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "données chiffrées avec %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "chiffré avec l'algorithme inconnu %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2534,82 +2473,18 @@ msgstr ""
 "Attention : le message a été chiffré avec une clef faible pendant le\n"
 "            chiffrement symétrique.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problème de gestion des paquets chiffrés\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "aucun programme d'exécution à distance n'est pris en charge\n"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
+msgstr "exporter les signatures marquées comme locales seulement"
 
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"les appels aux programmes externes sont désactivés car les droits\n"
-"du fichier d'options ne sont pas sûrs\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"cette plateforme a besoin de fichiers temporaires pour appeler des\n"
-"programmes externes\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "impossible d'exécuter le programme « %s » : %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "impossible d'exécuter l'interpréteur de commandes « %s » : %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "erreur système pendant l'appel du programme externe : %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "sortie non naturelle du programme externe\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "impossible d'exécuter le programme externe\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "impossible de lire la réponse du programme externe : %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr ""
-"Attention : impossible de supprimer le fichier temporaire\n"
-"            (%s) « %s » : %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr ""
-"Attention : impossible de supprimer le répertoire temporaire « %s » :\n"
-"            %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr "exporter les signatures marquées comme locales seulement"
-
-#: g10/export.c:121
-msgid "export attribute user IDs (generally photo IDs)"
-msgstr "exporter les attributs d'identité (en général les photos d'identité)"
+#: g10/export.c:121
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "exporter les attributs d'identité (en général les photos d'identité)"
 
 #: g10/export.c:123
 msgid "export revocation keys marked as \"sensitive\""
@@ -2623,397 +2498,397 @@ msgstr "supprimer les parties inutilisables de la clef pendant l'exportation"
 msgid "remove as much as possible from key during export"
 msgstr "supprimer autant que possible de la clef pendant l'exportation"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " — ignoré"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "écriture de « %s »\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "clef %s : matériel de clef sur la carte — ignorée\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "il est interdit d'exporter les clefs secrètes\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "clef %s : clef de type PGP 2.x — ignorée\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "Attention : rien n'a été exporté\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "erreur de création de « %s » : %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[identité introuvable]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "« %s » automatiquement récupéré par %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "erreur de récupération de « %s » avec %s : %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Aucune empreinte"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "clef secrète « %s » introuvable : %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "(check argument of option '%s')\n"
 msgstr "argument manquant pour l'option « %.50s »\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NOM|utiliser le NOM comme clef secrète par défaut"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NOM|utiliser le NOM comme clef secrète par défaut"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "La clef incorrecte %s a été rendue valable par\n"
 "--allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr ""
 "utilisation de la sous-clef %s à la place de la clef\n"
 "principale %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "valid values for option '%s':\n"
 msgstr "argument incorrect pour l'option « %.50s »\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "faire une signature"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "faire une signature en texte clair"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "faire une signature détachée"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "chiffrer les données"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "chiffrement symétrique seulement"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "déchiffrer les données (défaut)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "vérifier une signature"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "afficher les clefs"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "afficher les clefs et les signatures"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "afficher et vérifier les signatures de clefs"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "afficher les clefs et les empreintes"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "afficher les clefs secrètes"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "générer une nouvelle paire de clefs"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "générer rapidement une nouvelle paire de clefs"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "générer rapidement une nouvelle paire de clefs"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "générer rapidement une nouvelle paire de clefs"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "générer rapidement une nouvelle paire de clefs"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "générer une paire de clefs complètes"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "générer un certificat de révocation"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "supprimer les clefs du porte-clefs public"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "supprimer les clefs du porte-clefs secret"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "signer rapidement une clef"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "signer rapidement une clef localement"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "générer rapidement une nouvelle paire de clefs"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "signer une clef"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "signer une clef localement"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "signer ou éditer une clef"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "modifier une phrase secrète"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exporter les clefs"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exporter les clefs vers un serveur de clefs"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importer les clefs d'un serveur de clefs"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "chercher les clefs avec un serveur de clefs"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "mettre à jour les clefs depuis un serveur"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importer ou fusionner les clefs"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "afficher l'état de la carte"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "modifier les données d'une carte"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "modifier le code personnel d'une carte"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "mettre la base de confiance à jour"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "indiquer les fonctions de hachage"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "exécuter en mode serveur"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NOM|utiliser le NOM comme clef secrète par défaut"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NOM|chiffrer aussi pour l'identité NOM"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|configurer les alias d'adresse"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "utiliser le comportement strict d'OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "ne rien modifier"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "demander avant d'écraser un fichier"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Options contrôlant la sécurité"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Options contrôlant la sortie de diagnostique"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "créer une sortie ASCII avec armure"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FICHIER|écrire la sortie dans le FICHIER"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "utiliser le mode texte canonique"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|niveau de compression N (0 désactive)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Options contrôlant l'interactivité et la mise en application"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MÉCANISMES|utiliser les MÉCANISMES pour localiser les clefs"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importer les clefs d'un serveur de clefs"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "afficher et vérifier les signatures de clefs"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "désactiver tous les accès au dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Options contrôlant la configuration"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "afficher les clefs secrètes"
 
 # NOTE: Extra initial space to realign the output (maybe wchar issue)
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|IDENTITÉ| chiffrer pour l'IDENTITÉ"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|IDENTITÉ| utiliser l'IDENTITÉ pour signer ou déchiffrer"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3022,7 +2897,7 @@ msgstr ""
 "(Consultez la page de manuel pour obtenir une liste complète des commandes\n"
 "et options)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3052,11 +2927,11 @@ msgstr ""
 " --list-keys [noms]         montrer les clefs\n"
 " --fingerprint [noms]       montrer les empreintes\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Utilisation : @GPG@ [options] [fichiers] (-h pour l'aide)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -3066,7 +2941,7 @@ msgstr ""
 "Signer, vérifier, chiffrer ou déchiffrer\n"
 "L'opération par défaut dépend des données entrées\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3074,87 +2949,87 @@ msgstr ""
 "\n"
 "Algorithmes pris en charge :\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Clef publique : "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Chiffrement : "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hachage : "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compression : "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "utilisation : %s [options] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "commandes en conflit\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "aucun signe = trouvé dans la définition du groupe « %s »\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr ""
 "Attention : le propriétaire du répertoire personnel « %s »\n"
 "            n'est pas sûr\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr ""
 "Attention : le propriétaire du fichier de configuration « %s »\n"
 "            n'est pas sûr\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr ""
 "Attention : le propriétaire de l'extension « %s »\n"
 "            n'est pas sûr\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr ""
 "Attention : les droits du répertoire personnel « %s »\n"
 "            ne sont pas sûrs\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 "Attention : les droits du fichier de configuration « %s »\n"
 "            ne sont pas sûrs\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr ""
 "Attention : les droits de l'extension « %s »\n"
 "            ne sont pas sûrs\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "Attention : le propriétaire du répertoire contenant le répertoire personnel\n"
 "            « %s » n'est pas sûr\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3162,21 +3037,21 @@ msgstr ""
 "Attention : le propriétaire du répertoire contenant le fichier de\n"
 "            configuration « %s » n'est pas sûr\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "Attention : le propriétaire du répertoire contenant l'extension\n"
 "            « %s » n'est pas sûr\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "Attention : les droits du répertoire contenant le répertoire personnel\n"
 "            « %s » ne sont pas sûrs\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3184,467 +3059,483 @@ msgstr ""
 "Attention : les droits du répertoire contenant le fichier de configuration\n"
 "            « %s » ne sont pas sûrs\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "Attention : les droits du répertoire contenant l'extension\n"
 "            « %s » ne sont pas sûrs\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "élément de configuration « %s » inconnu\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "montrer les photos d'identité en affichant les clefs"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "indiquer les informations sur l'utilisation en affichant les clefs"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "montrer les URL de politique en affichant les signatures"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "montrer toutes les notations en affichant les signatures"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "utiliser les notations aux normes IETF en affichant les signatures"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 "utiliser les notations fournies par l'utilisateur en affichant les signatures"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr ""
 "montrer les URL des serveurs de clefs favoris en affichant les signatures"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "indiquer la validité de l'identité en affichant les clefs"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "montrer les identités révoquées et expirées en affichant les clefs"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "indiquer les sous-clefs révoquées et expirées en affichant les clefs"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "montrer le nom du porte-clefs en affichant les clefs"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "montrer les dates d'expiration en affichant les signatures"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option '%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "option « %s » inconnue\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Cette commande n'est pas permise en mode %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Remarque : %s n'est pas pour une utilisation normale.\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "« %s » n'est pas une date d'expiration de signature valable\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 #| msgid "line %d: not a valid email address\n"
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "ligne %d : ce n'est pas une adresse électronique valable\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "mode pinentry « %s » incorrect\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "invalid request origin '%s'\n"
 msgstr "argument incorrect pour l'option « %.50s »\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "« %s » n'est pas un jeu de caractères valable\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "impossible d'analyser l'URL du serveur de clefs\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s : %d : les options du serveur de clefs sont incorrectes\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "les options du serveur de clefs sont incorrectes\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s : %d : options d'importation incorrectes\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "options d'importation incorrectes\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "options de liste incorrectes\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s : %d : options d'exportation incorrectes\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "options d'exportation incorrectes\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s : %d : options de liste incorrectes\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "options de liste incorrectes\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "montrer les photos d'identité en vérifiant les signatures"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "montrer les URL de politique en vérifiant les signatures"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "montrer toutes les notations en vérifiant les signatures"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "utiliser les notations aux normes IETF en vérifiant les signatures"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 "utiliser les notations fournies par l'utilisateur en vérifiant les signatures"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 "montrer les URL des serveurs de clefs favoris en vérifiant les signatures"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "indiquer la validité de l'identité en vérifiant les signatures"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 "montrer les identités révoquées et expirées en vérifiant les signatures"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "ne montrer que l'identité principale en vérifiant les signatures"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "valider les signatures avec les données PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "augmenter la confiance des signatures avec des données PKA valables"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s : %d : options de vérification incorrectes\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "options de vérification incorrectes\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "impossible de configurer le chemin d'exécution à %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s : %d : liste de recherche automatique de clef incorrecte\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "liste de recherche automatique de clef incorrecte\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "argument incorrect pour l'option « %.50s »\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "Attention : le programme pourrait créer un fichier « core ».\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "Attention : %s remplace %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s n'est pas permis avec %s.\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s n'a aucun sens avec %s.\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "Attention : exécution avec un système de temps contrefait : "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "ne sera pas exécuté avec une mémoire non sécurisée à cause de %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algorithme de chiffrement sélectionné est incorrect\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "la fonction de hachage sélectionnée est incorrecte\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "l'algorithme de compression sélectionné est incorrect\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "la fonction de hachage de certification sélectionnée est incorrecte\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "« completes-needed » doit être supérieur à 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "« marginals-needed » doit être supérieur à 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "« max-cert-depth » doit être compris entre 1 et 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "« default-cert-level » incorrect ; doit être 0, 1, 2 ou 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "« min-cert-level » incorrect ; doit être , 1, 2 ou 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Remarque : le mode S2K simple (0) est fortement déconseillé\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "mode S2K incorrect ; doit être 0, 1 ou 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "préférences par défaut incorrectes\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "préférences personnelles de chiffrement incorrectes\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "préférences personnelles de chiffrement incorrectes\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "préférences personnelles de hachage incorrectes\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "préférences personnelles de compression incorrectes\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "taille incorrecte ; utilisation de %u bits\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ne fonctionne pas encore avec %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm '%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "impossible d'utiliser l'algorithme de compression « %s » en mode %s.\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "impossible d'initialiser la base de confiance : %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "Attention : les destinataires (-r) indiqués n'utilisent pas\n"
 "            de clef publique pour le chiffrement\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "échec du chiffrement symétrique de « %s » : %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "impossible d'utiliser --symmetric --encrypt avec --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "impossible d'utiliser --symmetric --encrypt en mode %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "impossible d'utiliser --symmetric --sign --encrypt avec --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "impossible d'utiliser --symmetric --sign --encrypt en mode %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "échec d'envoi vers le serveur de clefs : %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "échec de réception depuis le serveur de clefs : %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "échec d'exportation de la clef : %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "échec d'exportation de la clef : %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "échec de recherche au sein du serveur de clefs : %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "échec de rafraîchissement par le serveur de clefs : %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "échec de déconstruction d'une armure : %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "échec de construction d'une armure : %s \n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algorithme de hachage « %s » incorrect\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 #| msgid "error loading certificate '%s': %s\n"
 msgid "error parsing key specification '%s': %s\n"
 msgstr "erreur de chargement du certificat « %s » : %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Vous pouvez taper votre message…\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "l'URL de politique de certification donnée est incorrecte\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "l'URL de politique de signature donnée est incorrecte\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "l'URL du serveur de clefs favori qui a été donnée est incorrecte\n"
@@ -3657,7 +3548,7 @@ msgstr "|FICHIER|prendre les clefs dans le porte-clefs FICHIER"
 msgid "make timestamp conflicts only a warning"
 msgstr "convertir les conflits de date en avertissements"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|écrire l'état sur ce descripteur"
 
@@ -3706,134 +3597,146 @@ msgstr "ne pas mettre à jour la base de confiance après l'importation"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "activer la prise en charge de putty"
+
+#: g10/import.c:184
+#, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "afficher l'empreinte de la clef"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "afficher l'empreinte de la clef"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "n'accepter que les mises à jour des clefs existantes"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "nettoyer les parties inutilisables de la clef après l'importation"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "supprimer autant que possible de la clef après l'importation"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 #, fuzzy
 #| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
 msgstr "entrée supposée au format binaire"
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "afficher l'empreinte de la clef"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "un bloc de type %d a été ignoré\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu clefs traitées jusqu'à présent\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "      Quantité totale traitée : %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "     nouvelles clefs ignorées : %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "     nouvelles clefs ignorées : %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "                sans identité : %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                    importées : %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                non modifiées : %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          nouvelles identités : %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "         nouvelles sous-clefs : %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "         nouvelles signatures : %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "nouvelles révocations de clef : %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "          clefs secrètes lues : %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "     clefs secrètes importées : %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " clefs secrètes non modifiées : %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "                non importées : %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "         signatures nettoyées : %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "          identités nettoyées : %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3842,168 +3745,174 @@ msgstr ""
 "Attention : la clef %s contient des préférences pour des\n"
 "            algorithmes indisponibles pour ces identités :\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "            « %s » : préférence pour l'algorithme de chiffrement %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "            « %s » : préférence pour l'algorithme de chiffrement %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "            « %s » : préférence pour l'algorithme de hachage %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "            « %s » : préférence pour l'algorithme de compression %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "vous devriez mettre à jour vos préférences et redistribuer cette\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr "clef pour éviter d'éventuels problèmes d'algorithmes non appropriés\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "vous pouvez mettre à jour vos préférences avec :\n"
 "gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "clef %s : pas d'identité\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "clef %s : %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "rejetée par le filtre d’importation"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "clef %s : corruption de sous-clef PKS réparée\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "clef %s : identité « %s » non autosignée acceptée\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "clef %s : pas d'identité valable\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "cela pourrait provenir d'une autosignature manquante\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "clef %s : clef publique introuvable : %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "clef %s : nouvelle clef — ignorée\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "aucun porte-clefs accessible en écriture n'a été trouvé : %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "erreur d'écriture du porte-clefs « %s » : %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "clef %s : clef publique « %s » importée\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "clef %s : ne correspond pas à notre copie\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "clef %s : « %s » 1 nouvelle identité\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "clef %s : « %s » %d nouvelles identités\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "clef %s : « %s » 1 nouvelle signature\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "clef %s : « %s » %d nouvelles signatures\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "clef %s : « %s » 1 nouvelle sous-clef\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "clef %s : « %s » %d nouvelles sous-clefs\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "clef %s : « %s » %d signature nettoyée\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "clef %s : « %s » %d signatures nettoyées\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "clef %s : « %s » %d identité nettoyée\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "clef %s : « %s » %d identités nettoyées\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "clef %s : « %s » n'est pas modifiée\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "clef %s : clef secrète importée\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "clef %s : la clef secrète clef existe déjà\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "clef %s : erreur d'envoi à l'agent : %s\n"
@@ -4016,203 +3925,210 @@ msgstr "clef %s : erreur d'envoi à l'agent : %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "clef secrète %s : %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "impossible d'importer des clefs secrètes\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "clef %s : clef secrète avec chiffrement %d incorrect — ignorée\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Aucune cause indiquée"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "La clef a été remplacée"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "La clef a été compromise"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "La clef n'est plus utilisée"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "L'identité n'est plus valable"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "cause de révocation : "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "commentaire de révocation : "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "clef %s : pas de clef publique — impossible d'appliquer le certificat\n"
 "          de révocation\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "clef %s : impossible de trouver le bloc de clef d'origine : %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "clef %s : impossible de lire le bloc de clef d'origine : %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "clef %s : certificat de révocation incorrect : %s — rejeté\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "clef %s : « %s » certificat de révocation importé\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "clef %s : pas d'identité pour la signature\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "clef %s : algorithme à clef publique non géré avec l'identité « %s »\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "clef %s : autosignature de l'identité « %s » incorrecte\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "clef %s : algorithme à clef publique non pris en charge\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "clef %s : signature directe de clef incorrecte\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "clef %s : pas de sous-clef pour relier la clef\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "clef %s : lien à la sous-clef incorrect\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "clef %s : suppression de lien multiple aux sous-clefs\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "clef %s : pas de sous-clef pour révoquer la clef\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "clef %s : révocation de sous-clef incorrecte\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "clef %s : suppression de la révocation de sous-clefs multiples\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "clef %s : identité « %s » ignorée\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "clef %s : sous-clef ignorée\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "clef %s : signature non exportable (classe 0x%02X) — ignorée\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "clef %s : certificat de révocation au mauvais endroit — ignoré\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "clef %s : certificat de révocation incorrect : %s — ignoré\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "clef %s : signature de sous-clef au mauvais endroit — ignorée\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "clef %s : classe de signature inattendue (0x%02X) — ignorée\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "clef %s : identités en double détectées — fusionnées\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "clef %s : identités en double détectées — fusionnées\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "Attention : la clef %s est peut-être révoquée :\n"
 "            récupération de la clef de révocation %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "Attention : la clef %s est peut-être révoquée :\n"
 "            la clef de révocation %s est absente.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "clef %s : ajout du certificat de révocation « %s »\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "clef %s : ajout de la signature directe de clef\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "erreur d'allocation de mémoire : %s\n"
@@ -4236,13 +4152,13 @@ msgstr "la carte ne gère pas l'algorithme de hachage %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Bonne signature de"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "key %s: %s\n"
 msgid "key %s:\n"
 msgstr "clef %s : %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
@@ -4250,7 +4166,7 @@ msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Identité « %s » : %d signature supprimée\n"
 msgstr[1] "Identité « %s » : %d signature supprimée\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4258,7 +4174,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 signature non vérifiée à cause d'une clef manquante\n"
 msgstr[1] "1 signature non vérifiée à cause d'une clef manquante\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4266,7 +4182,7 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d mauvaises signatures\n"
 msgstr[1] "%d mauvaises signatures\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4274,45 +4190,39 @@ msgid_plural "%d signatures reordered\n"
 msgstr[0] "Bonne signature de"
 msgstr[1] "Bonne signature de"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "erreur de création du trousseau local « %s » : %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "erreur de création du porte-clefs « %s » : %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "le trousseau local « %s » a été créé\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "le porte-clefs « %s » a été créé\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "ressource de bloc de clef « %s » : %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-#| msgid "error opening '%s': %s\n"
-msgid "error opening key DB: %s\n"
-msgstr "erreur d'ouverture de « %s » : %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "échec de reconstruction du cache de porte-clefs : %s\n"
@@ -4325,7 +4235,7 @@ msgstr "[révocation]"
 msgid "[self-signature]"
 msgstr "[autosignature]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4336,12 +4246,12 @@ msgstr ""
 "vérifier les clefs des autres utilisateurs (en regardant les passeports, en\n"
 "vérifiant les empreintes depuis diverses sources, etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = je fais très légèrement confiance\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = je fais entièrement confiance\n"
@@ -4373,12 +4283,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "L'identité « %s » est révoquée."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Voulez-vous vraiment toujours la signer ? (o/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr " Impossible de signer.\n"
 
@@ -4552,199 +4462,203 @@ msgstr "J'ai complètement vérifié cette clef.\n"
 msgid "Really sign? (y/N) "
 msgstr "Voulez-vous vraiment signer ? (o/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "échec de la signature : %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "La clef ne possède que des éléments partiels ou stockés sur carte\n"
 "— pas de phrase secrète à modifier.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "clef %s : erreur de modification de la phrase secrète : %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "enregistrer et quitter"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "afficher l'empreinte de la clef"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 #| msgid "Enter the keygrip: "
 msgid "show the keygrip"
 msgstr "Entrez le keygrip : "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "afficher la clef et les identités"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "sélectionner l'identité N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "sélectionner la sous-clef N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "vérifier les signatures"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "signer les identités sélectionnées [* voir ci-dessous les commandes "
 "similaires]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "signer les identités sélectionnées localement"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "signer les identités sélectionnées avec une signature de confiance"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "signer les identités sélectionnées avec une signature non révocable"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "ajouter une identité"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "ajouter une photo d'identité"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "supprimer les identités sélectionnées"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "ajouter une sous-clef"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "ajouter une clef à une carte à puce"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "déplacer une clef vers une carte à puce"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "déplacer une clef de sauvegarde vers une carte à puce"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "supprimer les sous-clefs sélectionnées"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "ajouter une clef de révocation"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "supprimer les signatures des identités sélectionnées"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr ""
 "modifier la date d'expiration de la clef ou des sous-clefs sélectionnées"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "marquer l'identité sélectionnée comme principale"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "afficher les préférences (expert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "afficher les préférences (bavard)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "définir la liste de préférences pour les identités sélectionnées"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "définir le serveur de clefs favori pour les identités sélectionnées"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "définir une notation pour les identités sélectionnées"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "modifier la phrase secrète"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "modifier la confiance du propriétaire"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "révoquer les signatures des identités sélectionnées"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "révoquer les identités sélectionnées"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "révoquer la clef ou des sous-clefs sélectionnées"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "activer la clef"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "désactiver la clef"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "montrer les photos d'identité sélectionnées"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "compacter les identités inutilisables et supprimer les\n"
 "            signatures inutilisables de la clef"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "compacter les identités inutilisables et supprimer toutes\n"
 "            les signatures de la clef"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "La clef secrète est disponible.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "La clef secrète est disponible.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "La clef secrète est nécessaire pour faire cela.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4756,298 +4670,303 @@ msgstr ""
 "  confiance (tsign), « nr » pour les signatures non révocables\n"
 "  (nrsign), ou toute combinaison possible (ltsign, tnrsign, etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "La clef est révoquée."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Voulez-vous vraiment signer toutes les identités ? (o/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Voulez-vous vraiment signer toutes les identités ? (o/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Conseil : sélectionner les identités à signer\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Type de signature « %s » inconnu\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Cette commande n'est pas permise en mode %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Vous devez sélectionner au moins une identité.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Vous ne pouvez pas supprimer la dernière identité.\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Faut-il vraiment supprimer toutes les identités sélectionnées ? (o/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Faut-il vraiment supprimer cette identité ? (o/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Faut-il vraiment déplacer la clef principale ? (o/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Vous devez sélectionner exactement une clef.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "La commande attend un nom de fichier comme argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Impossible d'ouvrir « %s » : %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Erreur de lecture de la clef de sauvegarde sur « %s » : %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Vous devez sélectionner au moins une clef.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Voulez-vous vraiment supprimer les clefs sélectionnées ? (o/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Voulez-vous vraiment supprimer cette clef ? (o/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 "Voulez-vous vraiment révoquer toutes les identités sélectionnées ? (o/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Voulez-vous vraiment révoquer cette identité ? (o/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Voulez-vous vraiment révoquer toute la clef ? (o/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Voulez-vous vraiment révoquer les sous-clefs sélectionnées ? (o/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Voulez-vous vraiment révoquer cette sous-clef ? (o/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "La confiance du propriétaire pourrait ne pas être définie à partir de\n"
 "la base de confiance d'un tiers\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Définir la liste de préférences en :\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Faut-il vraiment mettre à jour les préférences pour les\n"
 "identités sélectionnées ? (o/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Faut-il vraiment mettre à jour les préférences ? (o/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Faut-il enregistrer les modifications ? (o/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Faut-il quitter sans enregistrer ? (o/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "La clef n'a pas été modifiée donc la mise à jour est inutile.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Vous ne pouvez pas supprimer la dernière identité.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "échec de vérification de la liste de confiance : %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "échec de vérification de la liste de confiance : %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "« %s » n’est pas une empreinte\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "« %s » n’est pas l’empreinte principale\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "valeur incorrecte\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Pas d’identités correspondantes."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Rien à signer.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Non signée par vous.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "échec de vérification de la signature créée : %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "'%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "« %s » n'est pas une date d'expiration de signature valable\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "« %s » n’est pas une empreinte\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "clef « %s » introuvable : %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Hachage : "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Fonctionnalités : "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Serveur de clefs sans modification"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Serveur de clefs favori : "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notations : "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Il n'y a pas de préférences dans une identité de type PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "La clef suivante a été révoquée le %s par la clef %s %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Cette clef peut être révoquée par la clef %s %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensible)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "créé : %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "révoquée : %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "expirée : %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "expire : %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "utilisation : %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "nº de carte : "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "confiance : %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validité : %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Cette clef a été désactivée"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5055,17 +4974,17 @@ msgstr ""
 "Veuillez remarquer que la validité affichée pour la clef n'est pas\n"
 "forcément correcte avant d'avoir relancé le programme.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "révoquée"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "expirée"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5075,17 +4994,17 @@ msgstr ""
 "commande\n"
 "            risque de rendre une autre identité principale par défaut.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "Attention : votre sous-clef de chiffrement expire bientôt.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Vous pourriez modifier aussi sa date d’expiration.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5094,36 +5013,36 @@ msgstr ""
 "Attention : c'est une clef de type PGP 2. Ajouter une photo d'identité\n"
 "            peut forcer certaines versions de PGP à rejeter cette clef.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Voulez-vous vraiment toujours l'ajouter ? (o/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr ""
 "Vous ne devriez pas ajouter de photo d'identité à une clef de type PGP 2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Cette identité existe déjà pour cette clef.\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Supprimer cette bonne signature ? (o/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Supprimer cette signature incorrecte ? (o/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Supprimer cette signature inconnue ? (o/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Faut-il vraiment supprimer cette autosignature ? (o/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5131,20 +5050,20 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d signature supprimée.\n"
 msgstr[1] "%d signature supprimée.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Rien n'a été supprimé.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "incorrecte"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Identité « %s » compactée : %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "User ID \"%s\": %d signature removed\n"
@@ -5152,17 +5071,17 @@ msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Identité « %s » : %d signature supprimée\n"
 msgstr[1] "Identité « %s » : %d signature supprimée\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Identité « %s » : déjà minimisée\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Identité « %s » : déjà nettoyée\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5171,46 +5090,46 @@ msgstr ""
 "Attention : c'est une clef de type PGP 2.x. Ajouter un révocateur désigné\n"
 "            peut forcer certaines versions de PGP à rejeter cette clef.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Vous ne pouvez pas ajouter de révocateur désigné à une clef de type PGP 2."
 "x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Entrez l'identité du révocateur désigné : "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "impossible d'utiliser une clef de type PGP 2.x comme révocateur désigné.\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 "vous ne pouvez pas utiliser une clef comme son propre révocateur désigné\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "cette clef à déjà été désignée comme un révocateur\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "Attention : l'établissement d'une clef comme révocateur désigné\n"
 "            est irréversible.\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Voulez-vous vraiment rendre cette clef comme révocateur désigné ? (o/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5220,248 +5139,254 @@ msgid ""
 msgstr ""
 "Voulez-vous vraiment rendre cette clef comme révocateur désigné ? (o/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Modification de la date d'expiration d'une sous-clef.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Modification de la date d'expiration de la clef principale.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Vous ne pouvez pas modifier la date d'expiration d'une clef v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Modification de la date d'expiration d'une sous-clef.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Modification de la date d'expiration de la clef principale.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "la sous-clef de signature %s a déjà une certification croisée\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "la sous-clef %s ne signe pas et n'a donc pas besoin de certification "
 "croisée\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Veuillez sélectionner exactement une identité.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "l'autosignature v3 de l'identité « %s » a été ignorée\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Entrez l'URL de votre serveur de clefs favori : "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Voulez-vous vraiment le remplacer ? (o/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Voulez-vous vraiment le supprimer ? (o/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Entrez la notation : "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Faut-il continuer ? (o/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Pas d'identité d'indice %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Pas d'identité avec le hachage %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Pas de sous-clef d'indice %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Pas de sous-clef d'indice %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "identité : « %s »\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "signée par votre clef %s le %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Cette signature a expiré le %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Voulez-vous vraiment toujours la révoquer ? (o/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr ""
 "Faut-il créer un certificat de révocation pour cette signature ? (o/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Vous avez signé ces identités sur la clef %s :\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (non révocable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "révoquée par votre clef %s le %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Vous êtes sur le point de révoquer ces signatures :\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Faut-il vraiment créer les certificats de révocation ? (o/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "pas de clef secrète\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "l'identité « %s »\" est déjà révoquée.\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "Attention : une signature d'identité date de %d secondes dans le futur\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Vous ne pouvez pas supprimer la dernière identité.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "La clef %s est déjà révoqué.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "La sous-clef %s est déjà révoquée.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Affichage de la photo d'identité %s de taille %ld pour la clef\n"
 "%s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "invalid value for option '%s'\n"
 msgstr "argument incorrect pour l'option « %.50s »\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "préférence « %s » en double\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "trop de préférences de chiffrement\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "trop de préférences de hachage\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "trop de préférences de compression\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "trop de préférences de chiffrement\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "élément « %s » incorrect dans la chaîne de préférences\n"
 
 # g10/keygen.c:123 ???
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "écriture de la signature directe\n"
 
 # g10/keygen.c:123 ???
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "écriture de l'autosignature\n"
 
 # g10/keygen.c:161 ???
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "écriture de la signature de lien à la clef\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "taille incorrecte ; utilisation de %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "taille arrondie à %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5469,19 +5394,19 @@ msgstr ""
 "Attention : certains programmes OpenPGP ne peuvent pas gérer\n"
 "            de clef DSA avec cette taille de hachage\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Signer"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certifier"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Chiffrer"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Authentifier"
 
@@ -5495,162 +5420,180 @@ msgstr "Authentifier"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsCcAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Actions possibles pour une clef %s : "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Actions actuellement permises : "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Inverser la capacité de signature\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Inverser la capacité de chiffrement\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Inverser la capacité d'authentification\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Terminé\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA et RSA (par défaut)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA et Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (signature seule)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (signature seule)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (chiffrement seul)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (chiffrement seul)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (indiquez vous-même les capacités)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (indiquez vous-même les capacités)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC et ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) signer, chiffrer\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (signature seule)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (indiquez vous-même les capacités)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (chiffrement seul)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) Clef existante\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Clef existante sur la carte\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Entrez le keygrip : "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Ce n'est pas un keygrip valable (40 chiffres hexadécimaux attendus)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Pas de clef avec ce keygrip\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "erreur de lecture de la carte : %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Numéro de série de la carte : %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Clefs disponibles :\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "arrondie à %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "les clefs %s peuvent faire une taille comprise entre %u et %u bits.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Quelle taille de clef désirez-vous pour la sous-clef ? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "La taille demandée est %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Sélectionnez le type de courbe elliptique désiré :\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5666,7 +5609,7 @@ msgstr ""
 "      <n>m = la clef expire dans n mois\n"
 "      <n>y = la clef expire dans n ans\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5683,38 +5626,38 @@ msgstr ""
 "      <n>m = la signature expire dans n mois\n"
 "      <n>y = la signature expire dans n ans\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Pendant combien de temps la clef est-elle valable ? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Pendant combien de temps la signature est-elle valable ? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valeur incorrecte\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "La clef n'expire pas du tout\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "La signature n'expire pas du tout\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "La clef expire le %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "La signature expire le %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5722,11 +5665,11 @@ msgstr ""
 "Le système ne peut pas afficher les dates au-delà de 2038.\n"
 "Cependant, la gestion des dates sera correcte jusqu'en 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Est-ce correct ? (o/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5740,7 +5683,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5756,49 +5699,49 @@ msgstr ""
 "   « Heinrich Heine (le poète) <heinrichh@duesseldorf.de> »\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nom réel : "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Caractère incorrect dans le nom\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Le nom ne doit pas commencer par un chiffre\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Le nom doit contenir au moins cinq caractères\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Adresse électronique : "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Ce n'est pas une adresse électronique valable\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Commentaire : "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Caractère incorrect dans le commentaire\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Vous utilisez le jeu de caractères « %s ».\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5809,7 +5752,7 @@ msgstr ""
 "    « %s »\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Ne mettez pas d'adresse électronique dans le nom réel ou dans le "
@@ -5826,34 +5769,34 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcAaOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr ""
 "Changer le (N)om, le (C)ommentaire, l'(A)dresse électronique ou (Q)uitter ? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "Changer le (N)om, le (C)ommentaire, l'(A)dresse électronique\n"
 "ou (O)ui/(Q)uitter ? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Changer le (N)om, l’(A)dresse électronique ou (Q)uitter ? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Changer le (N)om, l'(A)dresse électronique ou (O)ui/(Q)uitter ? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Veuillez d'abord corriger l'erreur\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5865,13 +5808,13 @@ msgstr ""
 "pendant la génération de nombres premiers ; cela donne au générateur de\n"
 "nombres aléatoires une meilleure chance d'obtenir suffisamment d'entropie.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Échec de génération de la clef : %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5882,66 +5825,66 @@ msgstr ""
 "   « %s »\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Faut-il continuer ? (O/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Une clef pour « %s » existe déjà\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Faut-il quand même créer ? (o/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "création quand même\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Remarque : Utilisez « %s %s » pour une fenêtre de dialogue de génération de "
 "clef complète.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "La génération de clef a été annulée.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "impossible de créer le fichier de sauvegarde « %s » : %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Remarque : sauvegarde de la clef de la carte dans « %s »\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "écriture de la clef publique dans « %s »\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "aucun porte-clefs public accessible en écriture n'a été trouvé : %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "erreur d'écriture du porte-clefs public « %s » : %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "les clefs publique et secrète ont été créées et signées.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5950,7 +5893,7 @@ msgstr ""
 "pouvez\n"
 "utiliser la commande « --edit-key » pour générer une sous-clef à cette fin.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5958,7 +5901,7 @@ msgstr ""
 "la clef a été créée %lu seconde dans le futur (faille temporelle ou\n"
 "problème d'horloge)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5966,53 +5909,53 @@ msgstr ""
 "la clef a été créée %lu secondes dans le futur (faille temporelle ou\n"
 "problème d'horloge)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "Remarque : la création de sous-clefs pour des clefs v3 n'est pas compatible\n"
 "           avec OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Les parties secrètes de la clef principale ne sont pas disponibles.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr ""
 "Les parties secrètes de la clef principale sont stockées sur la carte.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Faut-il vraiment la créer ? (o/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "jamais    "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Politique de signature critique : "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Politique de signature : "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Serveur de clefs critique favori : "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notation de signature critique : "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notation de signature : "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6020,7 +5963,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d mauvaises signatures\n"
 msgstr[1] "%d mauvaises signatures\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6028,7 +5971,7 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 signature non vérifiée à cause d'une erreur\n"
 msgstr[1] "1 signature non vérifiée à cause d'une erreur\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, fuzzy, c-format
 #| msgid "Warning: %lu key(s) skipped due to their large size\n"
 msgid "Warning: %lu key skipped due to its large size\n"
@@ -6036,42 +5979,42 @@ msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Attention : %lu clefs ignorées en raison de leur grande taille\n"
 msgstr[1] "Attention : %lu clefs ignorées en raison de leur grande taille\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Porte-clefs"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Empreinte de clef principale :"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "   Empreinte de la sous-clef :"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Empreinte clef princip. :"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr " Empreinte de sous-clef :"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr " Empreinte de la clef ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr " Nº de série de carte ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "mise en cache du porte-clefs « %s »\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
@@ -6079,7 +6022,7 @@ msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu clefs mises en cache pour l'instant (%lu signatures)\n"
 msgstr[1] "%lu clefs mises en cache pour l'instant (%lu signatures)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, fuzzy, c-format
 #| msgid "flush the cache"
 msgid "%lu key cached"
@@ -6087,7 +6030,7 @@ msgid_plural "%lu keys cached"
 msgstr[0] "vider le cache"
 msgstr[1] "vider le cache"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6095,60 +6038,54 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 mauvaise signature\n"
 msgstr[1] "1 mauvaise signature\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s : porte-clefs créé\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "inclure les clefs révoquées dans les résultats de recherche"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "inclure les sous-clefs en cherchant par identifiant de clef"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "récupérer les clefs automatiquement en vérifiant les signatures"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "respecter l'URL de serveur de clefs favori indiqué dans la clef"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-"respecter l'enregistrement PKA positionné sur une clef en récupérant les "
-"clefs"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "désactivée"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Entrez le ou les nombres, (S)uivant, ou (Q)uitter > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "protocole de serveur de clefs incorrect (nous %d!=gestionnaire %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "« %s » n'est pas un identifiant de clef : ignoré\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
@@ -6156,305 +6093,318 @@ msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "rafraîchissement de %d clefs à partir de %s\n"
 msgstr[1] "rafraîchissement de %d clefs à partir de %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr ""
 "Attention : impossible de rafraîchir la clef %s\n"
 "            avec %s : %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "clef « %s » introuvable sur le serveur de clefs\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "clef introuvable sur le serveur de clefs\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "demande de la clef %s sur le serveur %s %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "requête de la clef %s sur %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
 msgstr "pas d'action pour le serveur de clefs.\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "« %s » a été ignorée : %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "envoi de la clef %s à %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "requête de la clef sur « %s »\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "Attention : impossible de récupérer l'URI %s : %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "taille étonnante pour une clef de session chiffrée (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "clef de session chiffrée %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "chiffré avec l'algorithme inconnu %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "phrase secrète générée avec l'algorithme de hachage %d inconnu\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "la clef publique est %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr ""
-"données chiffrées par clef publique : bonne clef de chiffrement (DEK)\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr ""
 "chiffré avec une clef %2$s de %1$u bits, identifiant %3$s, créée le %4$s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      « %s »\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "chiffré avec une clef %s, identifiant %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "échec du déchiffrement par clef publique : %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "Attention : plusieurs textes en clair ont été vus\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "chiffré avec %lu phrases secrètes\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "chiffré avec 1 phrase secrète\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "échec du déchiffrement par clef publique : %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr ""
+"données chiffrées par clef publique : bonne clef de chiffrement (DEK)\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "les données sont supposées chiffrées avec %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "L'algorithme IDEA n'est pas disponible, essai avec %s\n"
 "qui fonctionnera peut-être avec un peu de chance\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "Attention : l'intégrité du message n'était pas protégée\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "échec du déchiffrement : %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "le déchiffrement a réussi\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "Attention : le message chiffré a été manipulé.\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "échec du déchiffrement : %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Remarque : l'expéditeur a demandé « à votre seule attention »\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nom de fichier original : « %.*s »\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "révocation autonome — utilisez « gpg --import » pour l'appliquer\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "aucune signature trouvée\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "MAUVAISE signature de « %s »"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Signature expirée de « %s »"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Bonne signature de « %s »"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "vérification de signature supprimée\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "impossible de traiter ces données ambiguës de signature\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signature faite le %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               avec la clef %s %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signature faite le %s avec la clef %s d'identifiant %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "                alias « %s »"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Clef disponible sur : "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[doute]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                alias « %s »"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "Attention : cette clef n'est pas certifiée avec une signature de confiance.\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "La signature a expiré le %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "La signature expire le %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "signature %s, algorithme de hachage %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binaire"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "mode texte"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "inconnu"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", algorithme de clef "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Impossible de vérifier la signature : %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "la signature n'est pas détachée\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
@@ -6462,111 +6412,111 @@ msgstr ""
 "Attention : plusieurs signatures ont été détectées.\n"
 "            Seule la première sera vérifiée.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "signature autonome de classe 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "signature d'un ancien type (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "échec du fstat de « %s » dans %s : %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "échec de fstat(%d) dans %s : %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr ""
 "Attention : utilisation de l'algorithme expérimental à clef publique %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "Attention : Les clefs de signature et chiffrement Elgamal sont "
 "déconseillées\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr ""
 "Attention : utilisation de l'algorithme expérimental de chiffrement %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "Attention : utilisation de l'algorithme expérimental de hachage %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "Attention : l'algorithme de hachage %s est déconseillé\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Remarque : les signatures utilisant l’algorithme %s sont rejetées\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "Note: signatures using the %s algorithm are rejected\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Remarque : les signatures utilisant l’algorithme %s sont rejetées\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "%s:%u: read error: %s\n"
 msgid "(reported error: %s)\n"
 msgstr "%s : %u : erreur de lecture : %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in '%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "erreur de lecture dans « %s » : %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s : %d : option « %s » déconseillée\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "Attention : « %s » est une option déconseillée\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "veuillez plutôt utiliser « %s%s »\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "Attention : « %s » est une commande déconseillée — ne l'utilisez pas\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s : %u : « %s » est obsolète dans ce fichier — n’est prise en compte que "
 "dans %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6574,43 +6524,38 @@ msgstr ""
 "Attention : « %s%s » est une option obsolète — non prise en compte à part "
 "dans %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Non compressé"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "non compressé|non|sans"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "ce message ne sera pas utilisable par %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "option « %s » ambiguë\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "option « %s » inconnue\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "une clef publique ECDSA est censée être dans un encodage SEC multiple de "
 "8 bits\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type '%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6634,99 +6579,88 @@ msgstr "%s : suffixe inconnu\n"
 msgid "Enter new filename"
 msgstr "Entrez le nouveau nom de fichier"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "écriture vers la sortie standard\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "les données signées sont supposées être dans « %s »\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "impossible de gérer l'algorithme à clef publique %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "Attention : la clef de session chiffrée de manière symétrique risque\n"
 "            de ne pas être sécurisée\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notation de signature critique : "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "un sous-paquet de type %d possède un bit critique\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problème avec l'agent : %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Veuillez entrer la nouvelle phrase secrète"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Entrez la phrase secrète\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "annulé par l'utilisateur\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (identifiant de clef principale %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr ""
 "Veuillez entrer la phrase secrète pour déverrouiller la clef secrète "
 "OpenPGP :"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr ""
 "Veuillez entrer la phrase secrète pour importer la clef secrète OpenPGP :"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
 "Veuillez entrer la phrase secrète pour exporter la sous-clef secrète "
 "OpenPGP :"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr ""
 "Veuillez entrer la phrase secrète pour exporter la clef secrète OpenPGP :"
 
 # NOTE:  s/subkey key/subkey/
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Voulez-vous vraiment supprimer de façon permanente la sous-clef secrète "
 "OpenPGP :"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr ""
 "Voulez-vous vraiment supprimer de façon permanente la clef secrète OpenPGP :"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6741,7 +6675,7 @@ msgstr ""
 "créée le %7$s%8$s.\n"
 "%9$s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6755,34 +6689,83 @@ msgstr ""
 "clef publique. Si l'image est très grosse, la clef le sera aussi.\n"
 "Une taille de l'ordre de 240x288 est conseillée.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Entrez le nom du fichier JPEG pour la photo d'identité : "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "impossible d'ouvrir le fichier JPEG « %s » : %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Ce JPEG est vraiment très grand (%d octets).\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Voulez-vous vraiment l'utiliser ? (o/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "« %s » n'est pas un fichier JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Cette photo est-elle correcte (o/N/q) ? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "aucun programme d'exécution à distance n'est pris en charge\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"cette plateforme a besoin de fichiers temporaires pour appeler des\n"
+"programmes externes\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "impossible d'exécuter l'interpréteur de commandes « %s » : %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "sortie non naturelle du programme externe\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "erreur système pendant l'appel du programme externe : %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr ""
+"Attention : impossible de supprimer le fichier temporaire\n"
+"            (%s) « %s » : %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr ""
+"Attention : impossible de supprimer le répertoire temporaire « %s » :\n"
+"            %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"les appels aux programmes externes sont désactivés car les droits\n"
+"du fichier d'options ne sont pas sûrs\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "impossible d'afficher la photo d'identité.\n"
@@ -6797,54 +6780,54 @@ msgstr "impossible d'afficher la photo d'identité.\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "rRmMqQiI"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Pas de valeur de confiance définie pour :\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  alias « %s »\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Quelle confiance portez-vous au fait que cette\n"
 "clef appartienne bien à l'utilisateur nommé ?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = je ne sais pas ou n'ai pas d'avis\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = je ne fais PAS confiance\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = j'attribue une confiance ultime\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = retour au menu principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  i = ignorer cette clef\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = quitter\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6853,50 +6836,50 @@ msgstr ""
 "Le niveau de confiance minimal pour cette clef est : %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Quelle est votre décision ? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr ""
 "Voulez-vous vraiment attribuer une confiance ultime à cette clef ? (o/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificats conduisant vers une clef de confiance ultime :\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s : aucune assurance que la clef appartienne vraiment à l'utilisateur "
 "nommé.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s : faible assurance que la clef appartienne vraiment à l'utilisateur "
 "nommé.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Cette clef appartient sans doute à l'utilisateur nommé\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Cette clef nous appartient\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 #| msgid "root certificate has now been marked as trusted\n"
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "le certificat racine a maintenant été marqué de confiance\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -6912,7 +6895,7 @@ msgstr ""
 "faites, vous pouvez répondre oui à la prochaine question.\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6923,152 +6906,172 @@ msgstr ""
 "faites, vous pouvez répondre oui à la prochaine question.\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Faut-il quand même utiliser cette clef ? (o/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "Attention : utilisation d'une clef sans confiance.\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "Attention : cette clef est peut-être révoquée (clef de révocation absente)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "identité : « %s »\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "line %d: invalid date given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "ligne %d : date donnée incorrect\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "clef %s : ne correspond pas à notre copie\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "line %d: invalid date given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "ligne %d : date donnée incorrect\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "Attention : cette clef a été révoquée par son révocateur désigné.\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "Attention : cette clef à été révoquée par son propriétaire.\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr ""
 "            Cela pourrait signifier que la signature est contrefaite.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "Attention : cette sous-clef à été révoquée par son propriétaire.\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Remarque : cette clef a été désactivée.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Remarque : l'adresse vérifiée du signataire est « %s »\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-"Remarque : l'adresse du signataire « %s » ne correspond pas à l'entrée DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "confiance ajustée à TOTALE car les renseignements PKA sont conformes\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "confiance ajustée à JAMAIS à cause de mauvais renseignements PKA\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Remarque : cette clef a expiré.\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"Attention : cette clef n'est pas certifiée avec une signature de confiance.\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "Attention : cette clef n'est pas certifiée avec une signature de confiance.\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "            Rien n'indique que la signature appartient à son propriétaire.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "Attention : nous n'avons PAS confiance en cette clef.\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "            La signature est sans doute CONTREFAITE.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"Attention : cette clef n'a pas suffisamment de signatures de confiance.\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "Attention : cette clef n'a pas suffisamment de signatures de confiance.\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr ""
 "            Aucune certitude que la signature appartienne à son "
 "propriétaire.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s : ignoré : %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s : ignoré : la clef publique est désactivée\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s : ignoré : clef publique déjà présente\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to '%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "impossible de se connecter à « %s » : %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 #| msgid "line %d: invalid date given\n"
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "ligne %d : date donnée incorrect\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 #| msgid "line %d: invalid date given\n"
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "ligne %d : date donnée incorrect\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Vous n'avez pas indiqué d'identité (vous pouvez utiliser « -r »).\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Destinataires actuels :\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7076,41 +7079,41 @@ msgstr ""
 "\n"
 "Entrez l'identité, en terminant par une ligne vide : "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Cette identité n'existe pas.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "ignoré : la clef publique est déjà définie en destinataire par défaut\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "La clef publique est désactivée.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "ignoré : clef publique déjà activée\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "destinataire par défaut « %s » inconnu\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "pas de destinataire valable\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Remarque : la clef %s n'a pas de fonctionnalité %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Remarque : la clef %s n'a pas de préférence pour %s\n"
@@ -7122,80 +7125,86 @@ msgstr ""
 "les données ne sont pas enregistrées ; utilisez l'option « --output » pour\n"
 "les enregistrer\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Signature détachée.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Entrez le nom du fichier de données : "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "lecture de l'entrée standard…\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "pas de données signées\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "impossible d'ouvrir les données signées « %s »\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "impossible d'ouvrir les données signées fd=%d : %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "le certificat n'est pas utilisable pour le chiffrement\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinataire anonyme ; essai avec clef secrète %s…\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "certificate is not usable for encryption\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "le certificat n'est pas utilisable pour le chiffrement\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "d'accord, nous sommes le destinataire anonyme.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr ""
 "l'ancien encodage de la clef de chiffrement (DEK) n'est pas pris en charge\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "l'algorithme de chiffrement %d%s est inconnu ou désactivé\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "Attention : l'algorithme de chiffrement %s est introuvable\n"
 "            dans les préférences du destinataire\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Remarque : la clef secrète %s a expiré le %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Remarque : la clef a été révoquée"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "échec de build_packet : %s\n"
@@ -7213,47 +7222,47 @@ msgstr "À révoquer par :\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(c'est une clef de révocation sensible)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "La clef secrète est disponible.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr ""
 "Faut-il créer un certificat de révocation désigné pour cette clef ? (o/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "sortie forcée avec armure ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "échec de make_keysig_packet : %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Certificat de révocation créé.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "aucune clef de révocation trouvée pour « %s »\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Ceci est un certificat de révocation pour la clef OpenPGP :"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 #, fuzzy
 #| msgid ""
 #| "Use it to revoke this key in case of a compromise or loss of\n"
@@ -7272,7 +7281,7 @@ msgstr ""
 "encore accessible, créer un nouveau certificat de révocation\n"
 "est préférable afin d’indiquer la cause de révocation."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 #, fuzzy
 #| msgid ""
 #| "To avoid an accidental use of this file, a colon has been inserted\n"
@@ -7288,13 +7297,13 @@ msgstr ""
 "Supprimez ce deux-points avec un éditeur de texte avant\n"
 "d’utiliser ce certificat de révocation."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Certificat de révocation créé.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7308,17 +7317,17 @@ msgstr "clef secrète « %s » introuvable : %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring '%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "erreur de création du porte-clefs « %s » : %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Faut-il créer un certificat de révocation pour cette clef ? (o/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7339,38 +7348,38 @@ msgstr ""
 "d'impression\n"
 "utilisé pourrait stocker ces données et les rendre accessibles à d'autres.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "choisissez la cause de la révocation :\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Annuler"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Vous devriez sûrement sélectionner %d ici)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "Entrez une description facultative, en terminant par une ligne vide :\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Cause de révocation : %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Aucune description donnée)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Est-ce d'accord ? (o/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "clef faible générée — nouvel essai\n"
@@ -7382,51 +7391,46 @@ msgstr ""
 "impossible d'éviter une clef faible pour le chiffrement symétrique :\n"
 "%d essais ont eu lieu.\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "la clef %s %s utilise un hachage non sûr (%zu bits)\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "la clef %s %s nécessite un hachage d'au moins %zu bits (le hachage est %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "Attention : conflit de hachage de signature dans le message\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "impossible d'utiliser %s en mode %s.\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "Attention : conflit de hachage de signature dans le message\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 "Attention : la sous-clef de signature %s n'a pas de certificat croisé\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "veuillez consulter %s pour plus de renseignements\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "Attention : la sous-clef de signature %s a un certificat croisé incorrect\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
@@ -7436,7 +7440,7 @@ msgstr[0] ""
 msgstr[1] ""
 "la clef publique %s est plus récente de %lu seconde que la signature\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
@@ -7446,7 +7450,7 @@ msgstr[0] ""
 msgstr[1] ""
 "la clef publique %s est plus récente de %lu seconde que la signature\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7461,7 +7465,7 @@ msgstr[1] ""
 "la clef %s a été créée %lu seconde dans le futur\n"
 "(faille temporelle ou problème d'horloge)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7475,47 +7479,47 @@ msgstr[1] ""
 "la clef %s a été créée %lu seconde dans le futur\n"
 "(faille temporelle ou problème d'horloge)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Remarque : la clef de signature %s a expiré le %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Remarque : la clef de signature %s a été révoquée\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "signature autonome de classe 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "signature autonome de classe 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "la signature de la clef %s est supposée être fausse car un bit\n"
 "critique est inconnu\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "clef %s : pas de sous-clef pour la signature de révocation de sous-clef\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "clef %s : pas de sous-clef pour la signature de lien à la sous-clef\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
@@ -7523,7 +7527,7 @@ msgstr ""
 "            la notation (chaîne trop grande).\n"
 "            Utilisation de la version non expansée.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7532,7 +7536,7 @@ msgstr ""
 "            l'URL de politique (chaîne trop grande).\n"
 "            Utilisation de la version non expansée.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7542,12 +7546,12 @@ msgstr ""
 "            l'URL du serveur de clef favori (chaîne trop grande).\n"
 "            Utilisation de la version non expansée.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s signature de : « %s »\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7555,40 +7559,41 @@ msgstr ""
 "Attention : forcer l'algorithme de hachage %s (%d) est en\n"
 "            désaccord avec les préférences du destinataire\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signature :"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "le chiffrement %s sera utilisé\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "la clef n'est pas marquée comme non sécurisée — elle ne peut pas être\n"
 "utilisée avec le soi-disant générateur de nombres aléatoires.\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "« %s » a été ignorée : en double\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "ignoré : clef secrète déjà présente\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "c'est une clef Elgamal générée par PGP qui n'est pas sûre pour les "
 "signatures."
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "enregistrement de confiance %lu, type %d : échec d'écriture : %s\n"
@@ -7602,43 +7607,43 @@ msgstr ""
 "# Liste de valeurs de confiance définies, créée le %s\n"
 "# (utilisez « gpg --import-ownertrust » pour les restaurer)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "erreur dans « %s » : %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "ligne trop longue"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "deux-points manquant"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "empreinte incorrecte"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "valeur de confiance au propriétaire manquante"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "impossible de trouver l'enregistrement de confiance dans « %s » : %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "erreur de lecture dans « %s » : %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de confiance : échec de synchronisation : %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "impossible de créer un verrou pour « %s »\n"
@@ -7648,12 +7653,12 @@ msgstr "impossible de créer un verrou pour « %s »\n"
 msgid "can't lock '%s'\n"
 msgstr "impossible de verrouiller « %s »\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "enregistrement de base de confiance %lu : échec de lseek : %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
@@ -7669,7 +7674,7 @@ msgstr "transaction de base de confiance trop grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s : le répertoire n'existe pas.\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "impossible d'accéder à « %s » : %s\n"
@@ -7710,7 +7715,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s : erreur de mise à jour de l'enregistrement de version : %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s : erreur de lecture d'enregistrement de version : %s\n"
@@ -7720,52 +7725,52 @@ msgstr "%s : erreur de lecture d'enregistrement de version : %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s : erreur d'écriture de l'enregistrement de version : %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de confiance : échec de lseek : %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de confiance : échec de lecture (n=%d) : %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s : ce n'est pas un fichier de base de confiance\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s : enregistrement de version avec le numéro %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s : version %d du fichier incorrecte\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s : erreur de lecture d'enregistrement libre : %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s : erreur d'écriture de l'enregistrement de répertoire: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s : échec de mise à zéro d'un enregistrement : %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s : impossible d'ajouter un enregistrement : %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Erreur : la base de confiance est corrompue\n"
@@ -7807,10 +7812,10 @@ msgstr "algorithme non pris en charge : %s"
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error reading TOFU database: %s\n"
@@ -7834,7 +7839,7 @@ msgstr "erreur d'initialisation de l'objet lecteur : %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "erreur d'ouverture de « %s » : %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error updating TOFU database: %s\n"
@@ -8013,112 +8018,112 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error changing TOFU policy: %s\n"
 msgstr "erreur de création d'un tube : %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "%d signatures supprimées\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "chiffré avec %lu phrases secrètes\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "validity: %s"
 msgid "(policy: %s)"
 msgstr "validité : %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8135,117 +8140,117 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error opening TOFU database: %s\n"
 msgstr "erreur d'envoi de données : %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "« %s » n'est pas un identifiant valable de clef longue\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "clef %s : acceptée comme clef de confiance\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "la clef %s apparaît plusieurs fois dans la base de confiance\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "clef %s : pas de clef publique pour la clef de confiance — ignorée\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "clef %s marquée de confiance ultime.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr ""
 "enregistrement de confiance %lu, type de requête %d : échec de lecture : %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "l'enregistrement de confiance %lu n'est pas du type %d demandé\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 "Vous pourriez essayer de recréer la base de confiance avec les commandes :\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Si cela ne fonctionne pas, veuillez consulter le mode d'emploi\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "impossible d'utiliser ce modèle de confiance inconnu (%d) —\n"
 "     utilisation du modèle de confiance %s à la place\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "utilisation du modèle de confiance %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "inutile de vérifier la base de confiance\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "la prochaine vérification de la base de confiance aura lieu le %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 "inutile de vérifier la base de confiance avec le modèle de\n"
 "     confiance « %s »\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "inutile de mettre à jour la base de confiance avec le modèle de\n"
 "     confiance « %s »\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "clef publique %s introuvable : %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "veuillez faire un --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "vérification de la base de confiance\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
@@ -8253,7 +8258,7 @@ msgid_plural "%d keys processed"
 msgstr[0] "%lu clefs traitées jusqu'à présent\n"
 msgstr[1] "%lu clefs traitées jusqu'à présent\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8261,17 +8266,17 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d clefs traitées (%d comptes de validité réinitialisés)\n"
 msgstr[1] "%d clefs traitées (%d comptes de validité réinitialisés)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "aucune clef de confiance ultime n'a été trouvée\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "la clef publique de la clef de confiance ultime %s est introuvable\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8279,30 +8284,30 @@ msgstr ""
 "profondeur : %d  valables : %3d  signées : %3d\n"
 "     confiance : %d i., %d n.d., %d j., %d m., %d t., %d u.\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "impossible de mettre à jour l'enregistrement de version de la\n"
 "base de confiance : échec d'écriture : %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "indéfinie"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "jamais"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginale"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "totale"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultime"
 
@@ -8314,41 +8319,41 @@ msgstr "ultime"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "11 le traducteur a bien lu ce qu'il fallait :)"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ révoquée]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ expirée ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ inconnue]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[indéfinie]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never"
 msgid "[  never ]"
 msgstr "jamais"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginale]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  totale ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  ultime ]"
 
@@ -8375,19 +8380,31 @@ msgstr ""
 msgid "can't open fd %d: %s\n"
 msgstr "impossible d'ouvrir le descripteur %d : %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "Attention : l'intégrité du message n'était pas protégée\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "option « %s » ambiguë\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "activer les options de débogage"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "activer le débogage complet"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Utilisation : kbxutil [options] [fichiers] (-h pour l'aide)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8398,19 +8415,152 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Veuillez entrer le code personnel"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Veuillez entrer le code personnel"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Veuillez entrer le code personnel d'administration"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr ""
+"|P|Veuillez entrer le code de déblocage personnel (CDP) pour les clefs "
+"standards."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "le rappel du code personnel a renvoyé une erreur : %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+"le code personnel pour CHV%d est trop court ; la taille minimale\n"
+"est %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+"le code personnel pour CHV%d est trop court ; la taille minimale\n"
+"est %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "la clef existe déjà\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "la clef existante sera remplacée\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "génération d'une nouvelle clef\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "écriture d'une nouvelle clef\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "impossible de stocker la clef : %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "la réponse ne contient pas le module RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "la réponse ne contient pas l'exposant public RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the EC public point\n"
+msgid "response does not contain the EC public key\n"
+msgstr "la réponse ne contient pas le point public EC\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "veuillez patienter pendant la génération de la clef…\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "échec de génération de la clef\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "la génération de clef est terminé (%d secondes)\n"
+msgstr[1] "la génération de clef est terminé (%d secondes)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "la réponse ne contient pas les données de clef publique\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Veuillez entrer le code personnel pour permettre à la clef de créer des "
@@ -8418,59 +8568,58 @@ msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Veuillez entrer le code personnel d'administration"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|P|Veuillez entrer le code de déblocage personnel (CDP) pour les clefs "
 "standards."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Veuillez entrer le code personnel pour les clefs standards."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "le module RSA est manquant ou sa taille n'est pas de %d bits\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "l'exposant public RSA est manquant ou plus grand que %d bits\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "le rappel du code personnel a renvoyé une erreur : %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "le code personnel nul n'a pas encore été modifié\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "le code personnel nul n'a pas encore été modifié\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Veuillez entrer un nouveau code personnel pour les clefs standards."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Veuillez entrer un nouveau code de déblocage personnel (CDP) pour les "
 "clefs standards."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Veuillez entrer un nouveau code personnel pour permettre à la clef de "
 "créer des signatures qualifiées."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8478,7 +8627,7 @@ msgstr ""
 "|NP|Veuillez entrer un nouveau code de déblocage personnel (CDP) pour "
 "permettre à la clef de créer des signatures qualifiées."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8486,48 +8635,27 @@ msgstr ""
 "|P|Veuillez entrer le code de déblocage personnel (CDP) pour permettre à la "
 "clef de créer des signatures qualifiées."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "erreur de lecture du nouveau code personnel : %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "impossible de stocker l'empreinte : %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "impossible de stocker la date de création : %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "erreur de récupération de l'état CHV de la carte\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "la réponse ne contient pas le module RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "la réponse ne contient pas l'exposant public RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the EC public point\n"
-msgid "response does not contain the EC public key\n"
-msgstr "la réponse ne contient pas le point public EC\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "la réponse ne contient pas les données de clef publique\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "échec de lecture de clef publique : %s\n"
@@ -8535,48 +8663,48 @@ msgstr "échec de lecture de clef publique : %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "utilisation du code personnel par défaut en tant que %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "impossible d'utiliser le code personnel par défaut en tant que %s :\n"
 "%s — désactivation de la prochaine utilisation par défaut\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
 msgstr "||Veuillez entrer le code personnel"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 "le code personnel pour CHV%d est trop court ; la taille minimale\n"
 "est %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "échec de vérification CHV%d : %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "la carte est irrémédiablement bloquée.\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8589,20 +8717,20 @@ msgstr[1] ""
 "il reste %d tentatives de code personnel d'administration\n"
 "avant que la carte ne soit irrémédiablement bloquée\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Veuillez entrer le code personnel"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8612,120 +8740,77 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Nouveau code de réinitialisation"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nouveau code personnel d'administration"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Nouveau code personnel"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr ""
 "||Veuillez entrer le code personnel d'administration et le nouveau code "
 "personnel d'administration"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Veuillez entrer le code personnel et le nouveau code personnel"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "erreur de lecture des données d'application\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "erreur de lecture de l'empreinte DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "la clef existe déjà\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "la clef existante sera remplacée\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "génération d'une nouvelle clef\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "écriture d'une nouvelle clef\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "la date de création est manquant\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 "le nombre premier RSA %s est manquant ou sa taille n'est pas de\n"
 "%d bits\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "impossible de stocker la clef : %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI non pris en charge"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "veuillez patienter pendant la génération de la clef…\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "échec de génération de la clef\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "la génération de clef est terminé (%d secondes)\n"
-msgstr[1] "la génération de clef est terminé (%d secondes)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "structure de carte OpenPGP incorrecte (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "l'empreinte de la carte ne correspond pas à celle demandée\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "la carte ne gère pas l'algorithme de hachage %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "signatures créées jusqu'à présent : %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8733,7 +8818,7 @@ msgstr ""
 "la vérification du code personnel d'administration est actuellement\n"
 "interdite avec cette commande\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr ""
@@ -8747,59 +8832,63 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Nouveau code personnel initial"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "exécuter en mode multiserveur (premier plan)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|NIVEAU|définir le niveau de débogage à NIVEAU"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FICHIER|écrire un journal dans le FICHIER"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|se connecter au lecteur par le port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NOM|utiliser NOM comme pilote ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NOM|utiliser NOM comme pilote PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "ne pas utiliser le pilote CCID interne"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|déconnecter la carte après N secondes d'inactivité "
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "ne pas utiliser de pavé numérique du lecteur"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "utiliser une entrée de taille variable pour le pavé numérique"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "refus d'utiliser les commandes d'administration de la carte"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Utilisation : @SCDAEMON@ [options] (-h pour l'aide)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8807,39 +8896,33 @@ msgstr ""
 "Syntaxe : scdaemon [options] [commande [arguments]]\n"
 "Démon de carte à puce pour @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "veuillez utiliser l'option « --daemon » pour exécuter le programme\n"
 "en arrière-plan\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "gestionnaire pour le descripteur %d démarré\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "gestionnaire pour le descripteur %d terminé\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "erreur de lecture des renseignements d'utilisation de clef : %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "modèle de validation demandé par le certificat : %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "chaîne"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "invite"
 
@@ -8873,7 +8956,7 @@ msgstr "Remarque : politique de certificat non critique non autorisée"
 msgid "certificate policy not allowed"
 msgstr "politique de certificat non autorisée"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "impossible d'obtenir l'empreinte\n"
@@ -8888,7 +8971,7 @@ msgstr "recherche d'émetteur à l'extérieur\n"
 msgid "number of issuers matching: %d\n"
 msgstr "nombre d'émetteurs correspondants : %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "impossible d'obtenir authorityInfoAccess : %s\n"
@@ -8908,239 +8991,239 @@ msgstr "nombre de certificats correspondants : %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "échec de recherche de clef seulement dans le cache du dirmngr : %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "impossible d'allouer la gestion de base de clefs\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "le certificat a été révoquée"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "l'état du certificat est inconnu"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "veuillez vous assurer que le « dirmngr » est correctement installé\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "échec de vérification de la liste de révocations de certificat : %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certificat avec validité incorrecte : %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certificat pas encore valable"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "certificat racine pas encore valable"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "certificat intermédiaire pas encore valable"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "le certificat a expiré"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "le certificat racine a expiré"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "le certificat intermédiaire a expiré"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "des attributs nécessaires du certificat sont manquants : %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certificat avec validité incorrecte"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "signature non créée pendant la durée de vie du certificat"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certificat non créé pendant la durée de vie de l'émetteur"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 "certificat intermédiaire non créé pendant la durée de vie de l'émetteur"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (       signature créée le "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (       certificat créé le "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certificat valable depuis "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (  émetteur valable depuis "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "empreinte=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "le certificat racine a maintenant été marqué de confiance\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "marquage de confiance interactif non activé dans gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "marquage de confiance interactif désactivé pour cette session\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "Attention : date de création de la signature inconnue — date supposée "
 "actuelle"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "aucun émetteur trouvé dans le certificat"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "certificat autosigné avec une mauvaise signature"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "le certificat racine n'est pas marqué de confiance"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "échec de vérification de la liste de confiance : %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "chaîne de certificats trop longue\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "certificat d'émetteur introuvable"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certificat avec une mauvaise signature"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "un autre certificat d'autorité de certification pouvant correspondre a été "
 "trouvé — nouvel essai"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 "chaîne de certificats plus longue que celle autorisée par l'autorité de "
 "certification (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "le certificat est correct\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "le certificat intermédiaire est correct\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "le certificat racine est correct\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "basculement en modèle chaîne"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "modèle de validation utilisé : %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 "un hachage de %1$u bits n'est pas valable pour une clef %3$s de %2$u bits\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "hors limite\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(c'est l'algorithme MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "aucun"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Erreur — encodage incorrect]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Erreur — hors limite]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Erreur — pas de nom]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Erreur — DN incorrect]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9156,137 +9239,148 @@ msgstr ""
 "numéro de série %s, identifiant 0x%08lX,\n"
 "créé le %s, expire le %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 "aucune utilisation de clef indiquée — toutes les utilisations sont "
 "supposées\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erreur de lecture des renseignements d'utilisation de clef : %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "le certificat n'aurait pas dû être utilisé pour la certification\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 "le certificat n'aurait pas dû être utilisé pour la signature de réponse "
 "OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "le certificat n'aurait pas dû être utilisé pour le chiffrement\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "le certificat n'aurait pas dû être utilisé pour la signature\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "le certificat n'est pas utilisable pour le chiffrement\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "le certificat n'est pas utilisable pour la signature\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "rechercher un certificat"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "ligne %d : algorithme incorrect\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "ligne %d : taille %u de clef incorrecte (%d à %d possible)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "ligne %d : aucun nom de sujet donné\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "ligne %d : étiquette de nom de sujet « %.*s » incorrecte\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "ligne %d : nom de sujet « %s » incorrect à la position %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "ligne %d : ce n'est pas une adresse électronique valable\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "ligne %d : numéro de série incorrect\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "ligne %d : étiquette de nom d'émetteur « %.*s » incorrecte\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "ligne %d : nom d'émetteur « %s » incorrect à la position %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "ligne %d : date donnée incorrect\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "ligne %d : erreur de lecture de clef de signature par keygrip « %s » : %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "ligne %d : algorithme de hachage donné incorrect\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "ligne %d : authority-key-id incorrect\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "ligne %d : subject-key-id incorrect\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "ligne %d : syntaxe d'extension incorrecte\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "ligne %d : erreur de lecture de la clef « %s » sur la carte : %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "ligne %d : erreur de lecture de clef par keygrip « %s » : %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "ligne %d : échec de génération de la clef : %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9294,45 +9388,45 @@ msgstr ""
 "Pour terminer cette demande de certificat, veuillez entrer encore une fois "
 "la phrase secrète pour la clef que vous venez de créer.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Clef existante\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Clef existante sur la carte\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Actions possibles pour une clef %s :\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) signer, chiffrer\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) signer\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) chiffrer\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Entrez le nom de sujet X.509 : "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Aucun nom de sujet donné\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Étiquette de nom de sujet « %.*s » incorrecte\n"
@@ -9342,242 +9436,237 @@ msgstr "Étiquette de nom de sujet « %.*s » incorrecte\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Nom de sujet « %s » incorrect\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "15"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Entrez l'adresse électronique"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (terminez par une ligne vide) :\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Entrez les noms de DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (facultatif, terminez par une ligne vide) :\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Entrez les URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Faut-il créer un certificat autosigné ? (o/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Ces paramètres seront utilisés :\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "erreur de création du fichier temporaire : %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Création de certificat autosigné. "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Création de la demande de certificat. "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Cela risque de prendre un peu de temps…\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Prêt.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Prêt. Vous devriez maintenant envoyer cette demande à l'autorité de "
 "certification.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "problème de ressources : hors limite\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "données chiffrées avec %s.%s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(c'est l'algorithme RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(ça ne ressemble pas à un message chiffré)\n"
 
-#: sm/decrypt.c:958
-#, c-format
+#: sm/decrypt.c:868
+#, fuzzy, c-format
+#| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "chiffré avec une clef %s, identifiant %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certificat « %s » introuvable : %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "erreur de verrouillage du trousseau local : %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "certificat en double « %s » supprimé\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificat « %s » supprimé\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "échec de suppression du certificat « %s » : %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "aucune destinataire valable donnée\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "afficher les clefs externes"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "afficher la chaîne de certificats"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importer les certificats"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "exporter les certificats"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "enregistrer une carte à puce"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "passer une commande au dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "appeler gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "ne pas utiliser du tout le terminal"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|nombre de certificats à inclure"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FICHIER|prendre renseignements de politique du FICHIER"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "entrée supposée au format PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "entrée supposée au format base-64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "entrée supposée au format binaire"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "créer une sortie encodée en base-64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|IDENTITÉ| utiliser IDENTITÉ comme clef secr. par défaut"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FICHIER|ajouter le trousseau à la liste de trousseaux"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|utiliser ce serveur pour rechercher les clefs"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "récupérer certificats d'émetteur manquants"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NOM|utiliser l’encodage NOM pour les phrases secrète PKCS#12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "ne pas consulter liste de révocations de cert."
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "ne pas vérifier les listes de révocations de certificat racine"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "vérifier la validité avec OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "ne pas vérifier les politiques de certificat"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NOM|utiliser l'algorithme de chiffrement NOM"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NOM|utiliser l'algorithme de hachage NOM"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "mode automatique : aucune question"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "oui comme réponse à la plupart des questions"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "non comme réponse à la plupart des questions"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FICHIER|écrire un journal d'audit dans le FICHIER"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Utilisation : @GPGSM@ [options] [fichiers] (-h pour l'aide)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9587,87 +9676,125 @@ msgstr ""
 "Signer, vérifier, chiffrer ou déchiffrer en utilisant le protocole S/MIME\n"
 "L'opération par défaut dépend des données entrées\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Remarque : ne sera pas capable de chiffrer à « %s » : %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "modèle de validation « %s » inconnu\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s : %u : aucun nom d'hôte donné\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s : %u : mot de passe donné sans utilisateur\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s : %u : ignorer cette ligne\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "impossible d'analyser le serveur de clefs\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importation des certificats commun « %s »\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "impossible de signer en utilisant « %s » : %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "commande incorrecte (il n'y a pas de commande implicite)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "quantité totale traitée : %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "erreur de stockage du certificat\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "échec des vérifications de base du certificat — non importé\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "erreur de lecture des options stockées : %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "erreur d'importation du certificat : %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "erreur de lecture de l'entrée : %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr ""
+"aucune instance de gpg-agent n'est en cours d'exécution dans cette session\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+#| msgid "error opening '%s': %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "erreur d'ouverture de « %s » : %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problème de recherche de certificat existant : %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "impossible de trouver une base de clefs inscriptible : %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "erreur de stockage du certificat : %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problème de nouvelle recherche de certificat : %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "erreur de stockage des options : %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Erreur — "
 
@@ -9678,17 +9805,17 @@ msgstr ""
 "GPG_TTY n'a pas été définie — utilisation de valeurs par défaut "
 "potentiellement inappropriées\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "formatage incorrect de l'empreinte dans « %s », ligne %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "code de pays incorrect dans « %s », ligne %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9706,7 +9833,7 @@ msgstr ""
 "\n"
 "%s%sVoulez-vous vraiment faire cela ?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9715,7 +9842,7 @@ msgstr ""
 "Remarquez que ce programme n'est pas officiellement approuvé pour créer ou "
 "vérifier de telles signatures.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9727,40 +9854,46 @@ msgstr ""
 "« %s »\n"
 "Remarquez que ce certificat ne va pas créer de signature qualifiée."
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "l'algorithme de hachage %d (%s) pour le signataire %d n'est pas pris en "
 "charge ; utilisation de %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "algorithme de hachage utilisé pour le signataire %d : %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "échec de vérification de certificat qualifié : %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Signature faite le %s avec la clef %s d'identifiant %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signature faite le "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[date non donnée]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algorithme : %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9768,17 +9901,17 @@ msgstr ""
 "signature incorrecte : l'attribut de hachage du message ne correspond pas à "
 "celui calculé\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Bonne signature de"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                alias"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "C'est une signature qualifiée\n"
@@ -9805,101 +9938,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "impossible de libérer le verrou du cache de certificat : %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "abandon de %u certificats du cache\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "impossible d'analyser le certificat « %s » : %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificat « %s » déjà en cache\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certificat de confiance « %s » chargé\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificat « %s » chargé\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  empreinte SHA1 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr " émetteur ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "    sujet ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "erreur de chargement du certificat « %s » : %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "certificats chargés de façon permanente : %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "      certificats actuellement en cache : %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 #| msgid "    runtime cached certificates: %u\n"
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "      certificats actuellement en cache : %u\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certificat déjà en cache\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certificat en cache\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "erreur de mise en cache du certificat : %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "chaîne « %s » d'empreinte SHA1 incorrecte\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "erreur de récupération du certificat par numéro de série : %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "erreur de récupération du certificat par sujet : %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "aucun émetteur trouvé dans le certificat\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "erreur de lecture d'authorityKeyIdentifier : %s\n"
@@ -10466,56 +10599,56 @@ msgstr ""
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "recherche de certificats impossible car %s est désactivé\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "utiliser OCSP au lieu des listes de révocations de certificat"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "vérifier si une instance de dirmngr fonctionne"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "ajouter un certificat au cache"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "valider un certificat"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "rechercher un certificat"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "rechercher seulement les certificats localement"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "exiger une URL pour --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "charger une liste de rév. de cert. dans dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "mode spécial pour être utilisé par Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "attendre les certificats au format PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "forcer utilisation du répondeur OCSP par défaut"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Utilisation : dirmngr-client [options] [fic_cert|motif] (-h pour l'aide)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10528,224 +10661,220 @@ msgstr ""
 "Le processus renvoie 0 si le certificat est valable, 1 s'il est\n"
 "incorrect et d'autres codes d'erreurs pour les problèmes globaux\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "erreur de lecture du certificat sur l'entrée standard : %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "erreur de lecture du certificat sur « %s » : %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certificat trop grand pour être possible\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "impossible de se connecter au dirmngr : %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "échec de la recherche : %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr ""
 "échec de chargement de la liste de révocations de certificat « %s » : %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "un démon dirmngr fonctionne et est disponible\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "échec de validation du certificat : %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "le certificat est valable\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "le certificat a été révoquée\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "échec de vérification du certificat : %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "état obtenu : « %s »\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "erreur d'écriture en encodage base64 : %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "demande « %s » non prise en charge\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "nom de fichier absolu attendu\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "recherche de « %s »\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "afficher le contenu du cache de la liste de révocations de certificat"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr ""
 "|FICHIER|charger la liste de révocations de certificat du FICHIER dans le "
 "cache"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|récupérer une liste de révocations de certificat d'une URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "arrêter le dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "vider le cache"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|ne pas renvoyer plus de N éléments dans une requête"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Configuration pour les serveurs de clefs"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|utiliser le serveur de clefs à l'URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FICHIER|utiliser les certificats de CA dans FICHIER pour HKP par TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Configuration pour les serveurs HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "interdire l'utilisation d'HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 "ignorer les points de distribution de liste de révocations de certificat en "
 "HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|rediriger toutes les requêtes HTTP vers l'URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "utiliser la configuration de serveur mandataire (proxy) du système"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Configuration des serveurs LDAP à utiliser"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "interdire l'utilisation de LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 "ignorer les points de distribution de liste de révocations de certificat en "
 "LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HÔTE|utiliser l'HÔTE pour les requêtes LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "ne pas utiliser d'hôtes de repli avec --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|utiliser ce serveur pour rechercher les clefs"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FICHIER|lire la liste de serveurs LDAP depuis le FICHIER"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "ajouter les nouveaux serveurs découverts dans les points de distribution de "
 "liste de révocations de certificat à la liste de serveurs"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|définir le temps d'expiration de LDAP à N secondes"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Configuration pour OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "permettre l'envoi de requêtes OCSP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignorer les URL de service OCSP contenues dans le certificat"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|utiliser le répondeur OCSP à l'URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|EMPR|réponse OCSP signée par EMPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "forcer le chargement des listes de révocations de certificat obsolètes"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10755,11 +10884,11 @@ msgstr ""
 "(Consultez le manuel « info » pour obtenir une liste complète des commandes\n"
 "et options)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Utilisation : @DIRMNGR@ [options] (-h pour l'aide)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10768,116 +10897,298 @@ msgstr ""
 "Serveur de clefs, liste de révocations de certificat et accès OCSP pour "
 "@GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "les niveaux de débogage possibles sont : %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "utilisation : %s [options] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "les deux-points ne sont pas permis dans le nom de socket\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr ""
 "échec de récupération de liste de révocations de certificat sur « %s » : %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr ""
 "échec du traitement de liste de révocations de certificat sur « %s » : %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s : %u : ligne trop longue — ignorée\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s : %u : empreinte incorrecte détectée\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s : %u : erreur de lecture : %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s : %u : fin de ligne inutile ignorée\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUP reçu — relecture de la configuration et vidage des caches\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 reçu — aucune action définie\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM reçu — arrêt…\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM reçu — encore %d connexions actives\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "arrêt forcé\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT reçu — arrêt immédiat\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "signal %d reçu — aucune action définie\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "renvoyer toutes les valeurs au format enreg."
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NOM|ignorer l'hôte et se connecter par NOM"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NOM|se connecter à l'hôte NOM"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|se connecter au port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NOM|utiliser le NOM d'utilisateur pour authentif."
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|MDP|utiliser le mot de passe MDP pour authentif."
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "prendre le mot de passe de $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|CHAÎNE|demander la CHAÎNE DN"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|CHAÎNE|utiliser la CHAÎNE comme expression de filtre"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|CHAÎNE|renvoyer l'attribut CHAÎNE"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Utilisation : dirmngr_ldap [options] [URL] (-h pour l'aide)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntaxe : dirmngr_ldap [options] [URL]\n"
+"Assistant LDAP interne pour Dirmngr\n"
+"L'interface et les options pourraient changer sans prévenir\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "numéro de port %d incorrect\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "examen de résultat pour l'attribut « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "erreur d'écriture sur la sortie standard : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          attribut « %s » disponible\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "attribut « %s » introuvable\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "attribut « %s » trouvé\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "traitement de l'URL « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "  utilisateur « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr " mot de passe « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "         hôte « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "         port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "           DN « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "       filtre « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "     attribut « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "aucun nom d'hôte donné dans « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "pas d'attribut donné pour la requête « %s »\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "Attention : utilisation du premier attribut seulement\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "échec d'initialisation de LDAP à « %s : %d » : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "échec d'initialisation de LDAP à « %s : %d » : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "échec d'initialisation de LDAP à « %s : %d » : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "échec du lien de « %s : %d » : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "échec de recherche de « %s » : %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "« %s » n'est pas une URL LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "« %s » est une URL LDAP incorrecte\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "erreur d'accès à « %s » : état HTTP %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL « %s » redirigée vers « %s » (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "trop de redirections\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to '%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "écriture de « %s »\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "erreur d'affichage de ligne du journal : %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erreur de lecture du journal par l'enveloppe LDAP %d : %s\n"
@@ -10907,51 +11218,31 @@ msgstr "échec d'attente de l'enveloppe LDAP %d : %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "enveloppe LDAP %d à l'arrêt — le processus va être tué\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "caractère 0x%02x incorrect dans le nom d'hôte — non ajouté\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "ajout de « %s : %d » à la liste de serveurs LDAP\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "échec de malloc : %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "« %s » n'est pas une URL LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "« %s » est une URL LDAP incorrecte\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch : motif « %s » incorrect\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search a atteint la taille limite du serveur\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s : %u : mot de passe donné sans utilisateur\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s : %u : ignorer cette ligne\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -11038,92 +11329,92 @@ msgstr "échec de hachage de la réponse OCSP pour « %s » : %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "non signée par un certificat de signataire OCSP par défaut"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "erreur d'allocation d'élément de liste : %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "erreur de lecture de l'identifiant de répondeur : %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 "aucun certificat convenable n'a été trouvée pour vérifier la réponse OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "certificat d'émetteur introuvable : %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "l'appelant n'a pas renvoyé le certificat cible\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "l'appelant n'a pas renvoyé le certificat émetteur\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "échec d'allocation du contexte OCSP : %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "aucun répondeur OCSP par défaut défini\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "aucun signataire OCSP par défaut défini\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "utilisation du répondeur OCSP « %s » par défaut\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "utilisation du répondeur OCSP « %s »\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "erreur de lecture de l'état OCSP pour le certificat cible : %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "l'état du certificat est : %s  (celui-ci=%s  prochain=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "correct"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "le certificat a été révoquée le : %s à cause de : %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "le répondeur OCSP a renvoyé un état dans le futur\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "le répondeur OCSP a renvoyé un état non actuel\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "le répondeur OCSP a renvoyé un trop vieil état\n"
@@ -11133,67 +11424,71 @@ msgstr "le répondeur OCSP a renvoyé un trop vieil état\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "échec d'assuan_inquire(%s) : %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver manquant"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serialno manquant dans l'identifiant de certificat"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "échec d'assuan_inquire : %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "échec de fetch_cert_by_url : %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "erreur d'envoi de données : %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "échec de start_cert_fetch : %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "échec de fetch_next_cert : %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d dépassé\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "impossible d'allouer une structure de contrôle : %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "échec d'allocation du contexte Assuan : %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "impossible d'initialiser le serveur : %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "impossible d'enregistrer les commandes avec Assuan : %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "problème d'accept_assuan : %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "problème de traitement Assuan : %s\n"
@@ -11243,51 +11538,57 @@ msgstr ""
 "le certificat n'aurait pas dû être utilisé pour signer une liste de "
 "révocations de certificat\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "silencieux"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "afficher les données encodées au format hexadécimal"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "décoder les lignes de données reçues"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "se connecter au dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "se connecter au dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NOM|se connecter à la socket Assuan NOM"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADR|se connecter au serveur Assuan à ADR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "exécuter le serveur Assuan donné en ligne de commande"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "ne pas utiliser le mode de connexion étendu"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FICHIER|exécuter les commandes du FICHIER au démarrage"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "exécuter /subst au démarrage"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Utilisation : @GPG@-connect-agent [options] (-h pour l'aide)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -11295,191 +11596,208 @@ msgstr ""
 "Syntaxe : @GPG@-connect-agent [options]\n"
 "Se connecter à un agent en fonctionnement et envoyer des commandes\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "l'option « %s » nécessite un programme et des arguments facultatifs\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "option « %s » ignorée à cause de « %s »\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "échec de réception de ligne : %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "ligne trop longue — ignorée\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "ligne raccourcie à cause de caractère NULL inclus\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "commande « %s » inconnue\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "échec d'envoi de ligne : %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr ""
+"aucune instance de gpg-agent n'est en cours d'exécution dans cette session\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "erreur d'envoi d'options standards : %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 #, fuzzy
 #| msgid "GPG for OpenPGP"
 msgid "OpenPGP"
 msgstr "GPG pour OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 #, fuzzy
 #| msgid "GPG for S/MIME"
 msgid "S/MIME"
 msgstr "GPG pour S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "la clef publique est %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 #, fuzzy
 #| msgid "Smartcard Daemon"
 msgid "Smartcards"
 msgstr "Démon de carte à puce"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "erreur de réseau"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 #| msgid "PIN and Passphrase Entry"
 msgid "Passphrase Entry"
 msgstr "Entrée de code personnel et de phrase secrète"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Composant non convenable pour le lancement"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Échec de vérification externe du composant %s"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Veuillez d'abord utiliser la commande « toggle ».\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Échec de vérification externe du composant %s"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Remarquez que les spécifications de groupe sont ignorées\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 #| msgid "error closing '%s': %s\n"
 msgid "error closing '%s'\n"
 msgstr "erreur de fermeture de « %s » : %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error hashing '%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "erreur du hachage de « %s » : %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "afficher tous les composants"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "vérifier tous les programmes"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPOSANT|afficher les options"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPOSANT|modifier les options"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPOSANT|vérifier les options"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "appliquer les valeurs par défaut globales"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FICHIER|prendre renseignements de politique du FICHIER"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "aff. répertoires de configuration pour @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "afficher le fichier de configuration globale"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "vérifier le fichier de configuration globale"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "mettre la base de confiance à jour"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "recharger tous les composants ou celui donné"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "lancer un composant donné"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "tuer un composant donné"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "utiliser comme fichier de sortie"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "activer modif. pendant l'exécution si possible"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Utilisation : @GPGCONF@ [options] (-h pour l'aide)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11487,15 +11805,15 @@ msgstr ""
 "Syntaxe : @GPGCONF@ [options]\n"
 "Gérer les options de configuration pour les outils du système @GNUPG@\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Un argument de composant nécessaire"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Composant introuvable"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Aucun argument permis"
 
@@ -11512,153 +11830,247 @@ msgstr ""
 "Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
 "ficmotif\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forcer le chiffrement symétrique %s (%d) est en désaccord\n"
-#~ "avec les préférences du destinataire\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Remarque : les clefs sont déjà stockées sur la carte.\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "erreur d'écriture du fichier temporaire : %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Remarque : les clefs sont déjà stockées sur la carte.\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "utiliser un fichier journal pour le serveur"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Faut-il remplacer les clefs existantes ? (o/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FICHIER|écrire un journal serveur dans le FICHIER"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "carte OpenPGP nº %s détectée\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "exécuter sans demander à l'utilisateur"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "permettre les recherches PKA (requêtes DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Options contrôlant le format de sortie"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~| msgid "Options controlling the security"
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Options contrôlant la sécurité"
-
-#~ msgid "LDAP server list"
-#~ msgstr "liste de serveurs LDAP"
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "ajouter un certificat au cache"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "demande de la clef %s sur le serveur %s %s\n"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s : %u : aucun nom d'hôte donné\n"
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use user NAME for authentication"
+msgid "setup KDF for PIN authentication"
+msgstr "|NOM|utiliser le NOM d'utilisateur pour authentif."
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "impossible d'analyser le serveur de clefs\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "renvoyer toutes les valeurs au format enreg."
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "ajouter un certificat au cache"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NOM|ignorer l'hôte et se connecter par NOM"
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "ajouter un certificat au cache"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NOM|se connecter à l'hôte NOM"
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|se connecter au port N"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NOM|utiliser le NOM d'utilisateur pour authentif."
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|MDP|utiliser le mot de passe MDP pour authentif."
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "modifier une phrase secrète"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "prendre le mot de passe de $DIRMNGR_LDAP_PASS"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "carte détectée avec le numéro de série : %s\n"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|CHAÎNE|demander la CHAÎNE DN"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "aucune clef d'authentification pour SSH sur la carte : %s\n"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|CHAÎNE|utiliser la CHAÎNE comme expression de filtre"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr ""
+#~ "Veuillez retirer la carte présente et insérer celle de numéro de série"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|CHAÎNE|renvoyer l'attribut CHAÎNE"
+#~ msgid "use a log file for the server"
+#~ msgstr "utiliser un fichier journal pour le serveur"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Utilisation : dirmngr_ldap [options] [URL] (-h pour l'aide)\n"
+#, fuzzy
+#~| msgid "connection to agent established\n"
+#~ msgid "connection to %s established\n"
+#~ msgstr "connexion à l'agent établie\n"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
+#~ msgid "no running gpg-agent - starting '%s'\n"
 #~ msgstr ""
-#~ "Syntaxe : dirmngr_ldap [options] [URL]\n"
-#~ "Assistant LDAP interne pour Dirmngr\n"
-#~ "L'interface et les options pourraient changer sans prévenir\n"
+#~ "pas d'instance de gpg-agent en cours d'exécution — démarrage de « %s »\n"
+
+#~ msgid "argument not expected"
+#~ msgstr "argument inattendu"
+
+#~ msgid "read error"
+#~ msgstr "erreur de lecture"
+
+#~ msgid "keyword too long"
+#~ msgstr "mot-clef trop long"
+
+#~ msgid "missing argument"
+#~ msgstr "argument manquant"
+
+#~ msgid "invalid argument"
+#~ msgstr "argument incorrect"
+
+#~ msgid "invalid command"
+#~ msgstr "commande incorrecte"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "définition d'alias incorrecte"
+
+#~ msgid "out of core"
+#~ msgstr "hors limite"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "commande incorrecte"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "commande « %s » inconnue\n"
+
+#, fuzzy
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "données inattendues"
+
+#~ msgid "invalid option"
+#~ msgstr "option incorrecte"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "numéro de port %d incorrect\n"
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "argument manquant pour l'option « %.50s »\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "examen de résultat pour l'attribut « %s »\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "l'option « %.50s » n'attend pas d'argument\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "erreur d'écriture sur la sortie standard : %s\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "commande « %.50s » incorrecte\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          attribut « %s » disponible\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "l'option « %.50s » est ambiguë\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "la commande « %.50s » est ambiguë\n"
+
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "option « %.50s » incorrecte\n"
+
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Remarque : pas de fichier d'options par défaut « %s »\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "attribut « %s » introuvable\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "fichier d'options « %s » : %s\n"
+
+#, fuzzy
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "impossible d'utiliser %s en mode %s.\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "attribut « %s » trouvé\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "impossible d'exécuter le programme « %s » : %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "traitement de l'URL « %s »\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "impossible d'exécuter le programme externe\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "  utilisateur « %s »\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "impossible de lire la réponse du programme externe : %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr " mot de passe « %s »\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "valider les signatures avec les données PKA"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "         hôte « %s »\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "augmenter la confiance des signatures avec des données PKA valables"
 
-#~ msgid "          port %d\n"
-#~ msgstr "         port %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC et ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "           DN « %s »\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr ""
+#~ "respecter l'enregistrement PKA positionné sur une clef en récupérant les "
+#~ "clefs"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "       filtre « %s »\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Remarque : l'adresse vérifiée du signataire est « %s »\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "     attribut « %s »\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Remarque : l'adresse du signataire « %s » ne correspond pas à l'entrée "
+#~ "DNS\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "aucun nom d'hôte donné dans « %s »\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr ""
+#~ "confiance ajustée à TOTALE car les renseignements PKA sont conformes\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "pas d'attribut donné pour la requête « %s »\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "confiance ajustée à JAMAIS à cause de mauvais renseignements PKA\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "Attention : utilisation du premier attribut seulement\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FICHIER|écrire un journal serveur dans le FICHIER"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "échec d'initialisation de LDAP à « %s : %d » : %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "exécuter sans demander à l'utilisateur"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "échec du lien de « %s : %d » : %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "permettre les recherches PKA (requêtes DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "échec de recherche de « %s » : %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Options contrôlant le format de sortie"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch : motif « %s » incorrect\n"
+#, fuzzy
+#~| msgid "Options controlling the security"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Options contrôlant la sécurité"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "ldapserver manquant"
+#~ msgid "LDAP server list"
+#~ msgstr "liste de serveurs LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr ""
@@ -11715,8 +12127,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "impossible d'ouvrir %s en écriture : %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "erreur de lecture de %s : %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "erreur d'écriture sur %s : %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "erreur de fermeture de %s : %s\n"
@@ -11778,12 +12190,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " en utilisant le certificat d'identifiant 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "impossible d'utiliser %s en mode %s.\n"
-
 #~ msgid "male"
 #~ msgstr "masculin"
 
@@ -11841,12 +12247,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "seul SHA-1 est pris en charge pour les réponses\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "attente pour permettre au dirmngr d'arriver… (%d s)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "connexion au dirmngr établie\n"
-
 #, fuzzy
 #~| msgid "error closing %s: %s\n"
 #~ msgid "error looking up: %s\n"
diff --git a/po/gl.gmo b/po/gl.gmo
index 9a56913f64cfeddfa46d95c741da586dc916b9c0..95e6ce4848eee079dbdc5950e31bf3a4cf6c9635 100644
GIT binary patch
delta 9116
zcmY+~33yJ|zQ^&Egd|8v#4LCt5s4(ktSCVeB<9vUH6bL5XcF`An&)}0;oxYiI#5E(
z(b7p#b+sHydrphPMNzbMJLx(1`+L{&+}{24pU+xr@4e==!=t+|`v38TzxSK+CDs|P
zt$xNtVu?^=lKhRiTUDjTY_ClocVIBjoW;uIFGU+u9Uq|H3yHDDJJX%RoHH?%=eA;f
zyoQ~P@tW{D_QipyHYd6KYUf_8LiuMde*<~f_{SQ<f2J-!60sYqBU7<FZglzAF`WEK
zRQ+GM@}F=p?VIqr#?;_OK59hEPz~<Jn)o3yXmb^5+mwj24cEgc@;y=Ig{bFVL?*?&
zi@aj4pa+BF-3(y`^6ARcz8UBWCZVQw8HVA@$h+ok)QG=Dy;!22F%ei5)ld?uqdlGD
zoGVcE?Lh`>K0$T#9%{xS5}1GWFoi@X%*7Dg=RAs<nbW8}a2u1cGH+`QJ7G1Ph=I5o
z8{>=E1ka$}^XG@2PsU&zils0&iTMvDQ9waUoQZ1i2x=)Vqel1$HG-<tB2!Q^F%nhb
zH0+4;Fa^(G8!X$v82W6w;?p=8%i%kyr8?1o`B%f=QJ_szhv8|nv_R!EkhaZWER9Q0
z9a@hX@!wDteSjPBI;P?DhISwyp=RhRYKb1BmacjuV`^aoF9|i&9kn~NQ7=qGZNd#$
z5#K`f{1Xhvi&zP7q1N<27=(40e-9?1_D(mKpNJa3M%4Q|F#^2@UBM|-2fjvi;1OzM
zVJxJMRb$kPJy1Q*MvZhfdhjF;!`rAC>e|%K+zZIQHQVqSp29#sW8P@y8=%(|H@9o}
z8EV8Aunc~W%$E5LHIl>@wqw0fdt@AXa5+w=!o8>gB(a{Xrs;?kaiVh>Rv^C<%i|$@
zO6UJH2|8s;wz9jl6;>uc3ajC4R7G1c3X4%|c>z_?PpBCRYHd$X3~JLg#40!#JvhPT
zH=yc$3+vFnIZZ-6e~8MLVXGG464VU*8~M*9v!y%ZSY(#XAyh~1p{6{ftug#(lKGK}
z<52G(MD3BA*a<^Z?9%i>uL|apScGR#J?q=fnD$tJTDybT0l!5~mWk$OI`+~-ew=sY
zn_@QckQzLW>d?=~zBJY8jRw#SIUr^!*2ecz8L!Us6$;eDAa)er43mUfk^!h)zY@c6
zI}XKt7=q#SLgh74d!_+CgRM~SuRzVzaV(3!q4q#2J{F-^v!mDENTfi=qZL-ibd1Do
zm-nLfz-H93+lPU861B!>u?F74IvB{bYUGKijtoWZm37E=F|Q)4ZLVwnRdEyxE1P31
zc6Iq8)CXuW#^E7XeihZxpHWjDkzqTQ<{acKM9t7*R0lVsHuqtd_kKY_4c|wNtYoI0
z+DNQLJ{~m_oiPSSphma^wfXj;-uoQYp_^C+1G?C~R1PUJ^-%9kK-IGaQ?%bdAfX=l
zceTf>8U~YZjcPaz!!a9GL6LJ4s-pK%9k_wooR3jUlF-d|C>2%DbEtNvJJ(^1&fA+L
zH09@f1;+e}Wy#m<&L}Vm)j&gJc}*u|)yzuN0l18s+Q=T(mZ%2%p-$6y)J(2K&DdM0
z89$4qXy4o*p$G4ydS1Gx{T@W4%AdwC?B~k!urB#Is0v?4b@)@%9=VME=-<nBs3evq
zAMNt>QTMx`S3T`cLNhQLRnZzOhkwN=+>aXJ-%-cs2UNpBoHZ>;Eb0T+1y#=ojK^iD
z=iWgL<RWS&9-`U}f0p^zjrz~pwdw54!rGKiMpe88>*3p|4qZj9eL!zJk~l0uJ^?j=
zWaMC&wpbn)q1Jv2>ce!vd8s$^Ux9+h6ljgZ``8ad9IEHdP%rdGEx}}LjEhktKkB@W
z5#&qvb$bUj<w>Xxv~Xsk1~vrs{46gC?e=x(!M|WrJcb(KBh(C4>u0}YO;HVxLe0oZ
zOvWRqdhTL<eB|!O^yeA!-7x{LU;_*pVC(U=CXqxzHtNPoOvLw5J-vro%dmlVMp|Mu
z^8L|+MW`iOhg#FUsG0i=gYXV&27g2kRvzSL1bNSEGF?FqR_1|8*bG;qUO0iO=oV@!
zA7CT~47MHjpgPbE)o?DVo&~7qx1o0Xe$;V3h|TdZdUXCDlF(F_A7XcBbJX$bi=F)F
zBDN%dawz5G1D<mqm@GRJsaT!+L!DEd8=S??v)GR3?qCy4%I3>R`zD)2P27XE@eHcM
z2hNaTwmc3s@=Vk*%SD~{6{w{<gwc2lD`CiRJA=^}PCgY?e;<s($>_}|vDp=r$+4R%
z3DtpqSPP3#4X#CPq9fP{Z=y~^wGnm`c0=tIFREj^u_2yA?XeOg?aVep)iYou^RKm-
zPl1l%QPl1~k2-Fpa&5)coSCQwrePI)1%0OlJ>(yu8mg3MO-0RY0cumPa^*)+d+cr=
z^Iw-l^eFpn&%{vjYcK?NU_9<YRdC5!@_9RgMyUHkFc=qN8(f8L@pIGw!$#Yg>V!e$
zr(p=r^^#D7t1tz(q1Nb%GhmFJ%2=#Nd3Q|2DX2Bxg=+XHrs4_IW(^r@N7xay*=C^1
zi%~QEJ!-Fb1K0p*B<i9z#TeAou0S2DS5a&IA?i3iLhX&<arRF@F{r6bz=fEN>39cY
zu+a<lcSm2;z{aEM--xv5HTy_tB<I}&-=T+mXo21B^_`ihbDfL&bk0Q0$XaZH$51oz
z3#wtiLc3{WQA^YnOXEb;z-D8l&i@t?8qr~_gBP5?qbiCjvZo*&HFYD<gHy2+Zox))
z1DRD*WxQ>80cxrCU_<;Gf5XrTERP?Zoyd&PzNt9L_N)b}!44RRxu{K)k7{5qYByg)
zjmU4ZZ72cPQDHCC6yKU+H({BncB(T_GdIlTr#jc7S8Mks3GLGBsM8QR&5k$~^}!jA
z6>*l!Z*U%P<zHY8?%%{vEIHloi3rqyGO!8eyZlQSMgG)u=0A?a9SUk;g&7<@Y=SHC
zBsRtVOjAc(fj#j{Y=QAJt=Xs<*^C)@9EV`oEPG7zu`&70*a6R?1|Bh+iZV%L%w`I4
zJw{^U9NS=L)QhXIGag4RMY*~5FB<JJ%8&O@oAJ;*Tk*dzfqb?3c4pI2du0apz!MmY
zRlE!ACTWYB`q8KvS&Led_pky!LM=h*g~sqrF&@-ZFU4}W2}|K?I0z4*j&=AV`xlMA
z7*BpJM&VJcg5E16v^jo7RT#e5_N*4_G^C?m7>&`m9Bbfy48qS*YkUbcrGKE7rpXff
z+incDC%+ff&JUQ5rI-4a(rbE>@KCT5HNuavK7NJqSZbNAs4><hKOQULR@81kfT{Q;
zs)LcsZ3k0OBOHR7!HKB)mb&t{v6jyNSrXN`aUWGdnHBci+yFJw)>sV(pw?_WYDTu8
z2alrm%(tlbA7eT6u!Gg%WE_qCuoWK1Wb|9bo}hixh=e*Y6;;6o48|j<20uoP<PLVl
z607Yd?1dW9Jk)!8QB!{&6EK9M6o)NP^<+60I`^Wt0XHs^XpDht?bNr#^5pZdBu+y$
zFdMt!E7%<$;Ydv5=+wtIu@U|QHNtZ1?Wst?hUA||b!01QW<Orf{A<mxxd(qiO>OiB
zYZ_`3j>MX{3^mnnpej6t_3(EL!`O{>%A2D<`Jt$eXJcuck9uzvYV&@yk@;^%;xq;7
zvHy#9b2Y}w<TEe{vr$vI617x^u{mDA6b#*DJJ=1?p)sh2HljN4DQaNfqXrbV*><#<
zmxQKb2<pLUsD`$qrs@=G#1BvnhHkM9q@g-I4mHvpSPEalaNL7E@qLWI@>^}kV^OE3
zJ*q?A9Cu>@YAJSNSv-t7*C$aka1U!>^}pET_7rN*%s{RAepH1wP#p-`X03{m<P)$u
zc0$!V94pbjSwuoT-;O#iuc3DNIZQ;)b~_VYF@<~)>bZlchX098Fl>ii<1~DVd=FIl
zVtg5oVN=ZctDVWsn5grAo`ha7JMEXLCAK0v3!ldKFav+b)|md1osl`%g8V+z``@7&
zh@mxgZ~%tjY?ohw4avWQnvvTor+pLniY=(`%*1w-=b~>$Fp&H?)TX?QI&Ke99rWz7
zQ$GZ?`DUV)>UFGzr_dj7qw2YfsrV!M&VP$n?NsKXD%gxV6`!CVcIQWD)b*CdBvJN>
zON;SDo*w36B20akR-RMs`|J5)S5}AoOoG2nd5wp{3hqV`YJ|GdN#DbML`xO?>H3)T
z5kk}6k?`^?-!QY4(3M6025P#WTy06{V>gX^Z(ssG(E2}1CW4Hvq4*(YxO{czx0L0(
zG_&rzW|7x4Zns(Ak|^2JJ?Dyj4Cg1i-S>N-5%=d4Y2-)HzIjAcAO;duh)7pKZ_@hQ
zPWn@YairG}6NsVQYmKausfcrk9i*RJIvu(u656P`5_u*R4-qdA-u?X0hecO;Zt53@
zt`uS%`EcA#{77&B%zH$Cq9OOz5;>$fKxP=}E7%QnJwr?;{WhK@ZV^|BVxpFN=Csa#
zj>{~-FqaPIAzj-nW){YBuL)7omHi7Z6U`{AMCh7_Ss3BVF+%cVNozCfI!I)@XO*ww
z$Nb+WF-<wH*~EYOQuaqL9<D|5AFgaX`Ak9|s2E~3X&phT@m*E<`GHGM#fQWSo>@rf
z8tv@pEUOp$`fl+L1r$ExZm4Jq(T@E8U@QD5K82HT2(gOTLjC}rBSsO`i3>zL<$Q_F
z46Kbu30;qgk(B-2m!sqQJ+A9{3V*_%eL4Flp0bqbnoKPBrTB*?{F>;%y$yuFD{o2q
zB<b?Rzg^iye23`5y);5s8{!*cFR?)r_Z*2<#FOha6191FBT?GD^tAI$_fQ-Tq%8Ky
zOZYzVE>Vuq)r0%}iOufa0XU!XiFgTr)kD68qu>vc^Lz#NM^l(i1h|*)lWy+PfuvUw
z`lZ!`_<{J8(6z#1#`0_d>FY#4((Ujg;tny0y#B$eH*sF;e}WiH=&DI!E)hW5L+l~i
zkbiRBBr(!umS8>Z&HdB;-zZBaKgyMr!^M=%#%0(T|AtF26MY*uij4k7`s5lwBAWba
z9D_wqZeV-ztuc();>wp%mhRHwr0<gc+~q%W*2D(fdl}2%CR^@n-<%>-(H8jrM+7AY
z5y?bJ9^Qz3u?ME2t|W`^XIskRNtGey5PgW@?zu6fj}fJbXrhlR&m+yZv{H0g@0TPB
zeOdl33nPiH?y<^F-EL2OPXxQNYFLNxBi8Bxt|+22`9;1Qzl5E_pYnW6!RN6Ce&^P}
zbkP%Boh-gTz0D<knD~O&#KXE45?>Le$j1;Xi2`Ch@gkvX7x5hFUvN3jz~h9jGsHC_
zL>b@38q|G~#^3*x-b^}(SVz<#rchZuY>L@91gjGJNH4{8L@w$7CUhkd8N>vl1M%c)
z!E+-BU7d6gbUlmXFc6peO6)%=D_MfFsqVQ2<QKVgAvPu-guV12*DBJXe#OnAGXsjx
z#_sZ4b1be&aoPAkV%m(zFBq0LcBH3p@|ZC>MFn}oJj3$F<>nN4>J)n7>I{$fOvuY0
zomG@m=qbqIPF~K~BG0&joDn$%Ib(<A6bE<vvTSj~!IOiEe;NLb-<r6Qor{-@d^e#Z
z)lSJu8l6RLBMP!Sg?VE>+O68N{(rrmtiu1REsxCbe9!Ql!lJyfSw&d|dHKa@YwkxB
KuidpS;C}(JQE^HD

delta 9591
zcmZwM2Yi)9zQ*xM=mA0sgicO^Aq@zjg(eVbp?9RiAvuIdNMcSP6vL6KATA|TQHnIP
zvaW#ZDn&uOBI>%XAPS<c2(}e<Su3dA-*aZz%e{BskN<pU=6&Dk^9JzOzlBzu3k`f2
zRe6Kq+7n_-6YO2vn0BGY<Tp~OF`b$l(+WFdb)Lz^`s9o5Fs3m+h<b0g^Mvz5=M86r
z1nTCw4%iy!V}D};rh<ej_!l<Bh!!@V;_QbFD9>@0p&H)k@&{4xzmBwJK1cpDwG)kL
ziS1GMy%>cHU4AV_(!P0$gc?5XZd|}g<bTAbI6BF`=tn)b9Mypx&ZDRfzK5E$e_}JN
zm26BrrXpiALr@(n!8qKia@se?Na(>&kl8g=Q;eZ)lY$-`ff|7y>*5-h-{bNxp_b%b
zjKFV@KG3qAkz~|+Logb%QSFpsKt0_`LLPRWM^*R}s>cz`qehT{n$k)9PzP6H79PY}
zc*9wp4WpT>huS;s_|XQvsI^~*nyC}5nE$FIE>h4AKf(4`pQlKgK^WXD{HRX80&Czw
ztc^#p3%-VGuu7U;n&zkx_CO6F+qn`o69-WBy^_ZK_apIF3VLFFy4fAaB7--Z@J>95
zbuc8|E>$F|;r6IaRfv(e*yY!w2Cxsq@Euf#{*D@O<+iq-ngJ4<DQJy-@Dyq!wV4i0
zQ7UR_`eHQtFc#-w6mCIn%KfP4UqNlgkFg$JM|C`cX^lh=#$a32k_P&ds79g?Jy?p`
zJeytq1Zo7AP!(LoXuRq2(H(3D5>OrJf!fUDQJc05_1+_>j_*ee^bPdr{6}?UeJE&$
znxajpsXKxk2=fJA!sra9F2tB0P$T@clU>7@&Nd&5H7W0e%(Cf?8ps?}$F`$p_Aq+z
zJuC}h{eLFWkb=^##;^^{TC9gBobO^?@>fw)9@>qsA=X0%VTL06&n!conrBcAzJaRe
zGmOJuQA-)ihEhG<u?g*);Usi?3Q(JF0cwQ%(1XWa{$o_d*HLR%kDaQHcSY4R8jJBA
z)C^?xu$y;2_9y=wvT7!@r|n1v1~lbkNN~^0M}4CYqbj(GYA8L^p7Xm=OS8k}-^3N<
z>)&NNwiEf!9OZ|W?k4uaWPWIdW?^4^RD~fN_g?gykCnMht7@<gJEJ*fVq5efgEgCx
z6KKw1JXWI?o$C}#z~RWZ$CRR$WH)NpU%&|b5~tt|)J#v{%&UAxzkuB|^C%ce!7@|@
z=TTEtC(D>{?2Xz3BT*lo8LoT|>U1o_#<&KX;C`1sjoJfOFa~d6Rg7Xiw8RYqB$|?F
ziyFx=)X3+cI#Pk!EFU5J&s;<Hk!d}^Ry@<W2wPCT$>m=_E!9~}!q9>C`BYR#Gf^`h
zm_$N7TkYKIJcgR0v#1VULGA8JgKWMrYGj>J?+?XVI2~irkD7^c)UV~IQ3HGjo8b-Q
zy?|*n*!CzLYjR^SYL|~g+B7Ao7muSV`V`fXnnUcdYL3;(_dzu{1S4@K>b)}OF4X&{
zQ62soTkG6Z8EV&}J!)zOqbkZnHMHEh4OPLjsHuM6<wJ+rJ(7r(DDQ}BpbN5%%y4Ac
z%@)+@xP+R~gyBg0rWXk{=tYfuA!-V@pr-11)KtHRHSlZHb3dUrQS=D=9cYOv?~4)W
zb>+pFNPZQnzGpBT&tO2C;}VHbtjQ5j&%!YbTe^G(>i%d{N5`UOU^c3vN3jk*iE(%Y
zRnG^gQ*#5=aKtFPBx$G**XU8qzbY!EAQ?BJ9z2d3$w#P}xQ=SL(P&$qfm)go&U;Yb
zg~h0f_h1UXi0aUnsHLkl#ttMME0b?OhWXbBI#a;OGFcdf>rf5sL4A;pIX}j_<g46m
z*SHbZCZCS#cn{R`lTk~s7~5evYBQd4Ud3qg(SfnH1Bs|9?}+L^rgIc(WVxspR-$(M
zHuT^=?0~PLM)(_Q=9-VQAF%GIhW)4+*@A8GWmG+Z?@6>K@tb>~)p)*Q<i}zvet~IN
zZ-T9;54Ivd6IH$iTjFU{M}I&qWy6VfMtY$-Gz~pih7EBWHqrTij)bP{9aP0Xqoy)(
zlKq28U)22}=)q#t43(oQ+UxSiu|D}T*b)DM9*m!C>*<AhZy?gJnT-1Lr&&Nk6;)s}
zJc+9466%HPsNG+Ciap;Em_fcSdT<bG>Stjru0tKSgP0Y<FCpwgzPXoj@{_Rv`Q_7?
znE;9HBpTyk=Q-y!XLz=~pMse@*B9I4gQzd$F;vHE<k%%hLe)3Wnd{1zU~tBq$1$LS
z3nVlp-=U6Uq|g4+=!9BhFE+=u7=wR8559qscopOECdOg>bdEIkM&+MDy>|{hcoo%d
zcrNp=U73_?dpr_#qYz_p1-8Hn)Mk7O+u|>%W0f|;?&fUNrdy9m_yVTmXQ(~ZFwZVY
zKU6)1s3qK*$NcL&pP@j<=yTM$ZFY~XIL$c~lPO<|TDv2t=g*=C!)DrsQk~;aOY#8f
zbnJEIXHc6nB;R(ZQ-DN23Z|kyBu`*1d=}N<No<K%osDMM5%fdd_hWT@47=lA?15KM
zBTOi;Gc^gTkzb3oa0}MPz+MtPNj!sE!|$C9SU^o>S4_biR7X~$*77K-;WOA9FQRsN
zT#+5&MARlNN0q;dn(0dS+P%~O`{?|4BcV;Q7&W!KQG4JRYOUWz9mB9<yGNR0Rq~xt
zQ`r+A#8T{w#&3^fKWs`iA2qO*sQUkaYVQ?{(fR+}J#Z5}+=wr+r=gc~D(ZVshS9hI
zH6s<+3D2TtqV{ata13hGc111GGz`O4sDW)lowftmnD)(^BogpTXT%&^QAdoWd;-?R
z1?a&wn1u(hEnY`f&9o}D4L^!ns*{+G-{N(QpUc{ZFe~%yjHJwG{?)U=B<{emsHrVO
zZK9>923|((<{wcbidkSA>WLeuFc&q&zuspzp{LAF^%Sg6`COM@<E+4rl)qHQ{AZB(
znSw-2UuZ`>4mCydupVx7`Tfq*uKZJM%KcwZyIG%8Rh)zx&=hQsOI`kXj3fUcCZV~X
zL@XxX&rZeuxCTGK4p^|r9?#u4ocvd)HSfOIT8f&Hr*QyYz{!}f#2(Y7*iQGc7hc9-
z2bbDU_mlvM4cvGVHR8-=w!z7$7x!X+yntGYJC@tOsN9WlA-sp$jDLB+R{RsDl27AE
zXl5s%_DVSp!;9DgTdlBrBruAErhXA7VFl{Nw^5reY^7a-SmfhnI-sU{C)U9~Vhwx|
zC*o=BgDoDie^JTDWbzdlhi6d7@Oxx$1WfoUTVV@S&)Q=GPC&h|2%F<B)LNgyYIp^;
z##d2O8uhSUlKz-UelgyKFCz_^YQMAJhgj57PDhW<|8pd?$<AYI{07zIW~*&QS*RIW
zi7|K(<MA~1#;;HvOlRY$gQHO+^rL2Q6{^0SuKab>p1X{}^Iv(bt-yn|xX~L`(Qs^p
zg{YZXiJFlE=)p6nJ@Xx^1Ci_Ol5{|IxDV#zEbNLGunoqr(;H(y4F3H;n?!XA9zZp;
z1~q~|<6wLX+hVizb|k}54K6^PhV7V&@1gckWp;FMlQ~B@7hoFqAIEn1_6Fu(Q(kqW
z{l<5|D&(_J4Gh5{Sd2sQ1m<GoCc9MgP#t>$HL~|H1#4}#U%m`fNAgfJx(4gvQ>f=&
z-pu-IO245%MsBg2uN^icKMpm;b1@w^pk6$M5qJ$X)s-Hxe@0A2b-Xo(;Rw`wldu}D
z#*VlN)!{b-Bw|S1#QGSs)&4=EHEJp+qSk5|X5dcjiRV!rZ1kw@P-j#_Ij9b7L=EUL
z>NH(Mbu{!bI}<6W=K@(I)KETZsy1K~Jc?@YJZi*|+iZ`!VJP`osB>S0kvJcR<0_2C
z4^bVzhB__b+ii!^QRO3%r3jcp65$jqL!IaK*b1M=ruZ4^m{r+fH_ZUlnlD6+@Bpd<
zXPj411NafuP~Dxj-ZrS29*ydFJ|^n?&mo~*z71RASE!k2__&?wo~Wr?glf0~+v7#l
z8b|K3{~p)`RXzsy;6vB}(|6mM%th6|9XsP2*q8QARi5sOgYiyWfdlXqcEhN>c1DI`
zC-P;e3Z6wZ@GWYITI{nO7>?@ja@6<aDVINj+9RK!W~km1%zq+@wj@+A-dT#7<kzF_
zpTny78)}nQsj$bdDXPPRFb-FuI<g<Nbnjv;evhG8@AtNz2H2Z??C+U>eGqae(A2KS
z6g-7GCf6_obyczie-7hkDK{1o1@3`6u>s}UgpEiCTseLIU)Km%J|S4D`RB^Bn04H|
zN%}CchG<28wR@qqduAEdp-eNzuZrORE7Gk(;uR%syY%@TMf4>!Q(AvrJ9z&Bu5j%e
zejA#~6kbI?K8YU^bqRg>?xjp$t`@{j(q3XYX<ZF1hEIqYOZjA%zs2t;(=~_KNcszW
z7#|`6#qQ>36y8hdZ>YNF5!Zt$`=QZ#>3W^0%`=VNb7Sys%C-<OuB;JhUGEUuz#kD2
z+&hg=6SuB@Av%9tuep*xBB#Ra;$iLV@kA794uW}@m_T|7>Y7Db*A{1}GX=k;e17mQ
zn-WtgD{=Wa_uL2M|D^VpQ!tRw$Keo>LwX@<r!OIW2eFRyBI3V@LF5|{x)$RwLch&^
zA)<&}LRT8)l?eSCKr%7N7XSNaf697lmnKp46ETBW>TZ{!PJphbh-{)a&)$Le;acKf
zr2AkNzDi_}u7kStAu1-mB*H1b{n|?2=L!OEl9=coXouCv>nPs3w!6gJ_&L#%XA<xe
zViTdO7iH<hOq(@}F?il7OCqWhW$xZ|(%-ps8?AqHGG7s`xuL6o_(w3sZz#%6knVwe
z3d~MduCLfgm)^v^v80FNV4@4@DmVfkBPJ59i0Oo`ySeuR4j^u5{c}hhCu(v-pVw)`
zWuh7RKKM7{T_Th45apCVNX#I#efhYVPl=V}eMAUxjC>~QYJo4~K%yJzE<_K~dx;lR
z!8Qu+A$AkGRui*bI#|FDev6tN#Qnr$x7~{;-H}M8TvuyL@aG=NGhF`9xc#>GhPbra
zHwTCa;w@snyOB&<SN?4;-9_3<*~h^<{04JQ!KvIEN;DyK6=8Q`mCXi!6)U-nvW4!M
z1g-xw6waieD{<C6e2bGL3MrpP>~e);Fr4T~q!7BQ5-WIS170G|5s^eRWxC!cej^r;
z{~9ObduSIBY7pZntcgvDPNW}4UDZgpK|c{k<dXjjF2za28PZ3IjYM@qS2^(qqB~JU
z=o-(neTiFFUDAKm{0}CYk~xLzF$||*TjFQZYj8H|8b>rFAH4AIB&HHINWX--st_LX
zkGSWaC10QPR=h~mQjq^A2G{>_GV94~b}#%$T31z<55su!BVGO)=>>X#>mEz+4=`yi
zeLJJc+(ld=^lt^5-OX6+p!IK0VLviQ+zoM_cz}4G$m9NlI2TtD`$+d9%1Gb3DwBAT
z7(iKP1?g;zb<gxCUqX7G%a6wADEr2apZ|kF<{&YO8<E5V?m>!ze*ux->j&2?OYmnj
zKj-l5T35FJwtGt6e_K6?<R2yfE6yeEBg~<l@mZDnC*&l1dXLQXB>D4l3p|Ad`SX&)
zjK||i(v1<i;VZ~4o>x@zAMf4v(xJ-<`$MAK!@e9(j<>`cW)l46>62obDB*GU@(K$)
zrFr@Jo@qYMY`-t3{Gr6o_0#_6KJQL1EbiioPw>YdI-VGka42-}+3>!;xxVb#B|eXD
zZi%nBz?<(WDlW_|_Rb13vkSb_@_n9?LQk>JoAdu3pwwSfSm5_{@g(>Uy*6Q4wc7@L
z@{q^t&nxg2|KCyjxs#nYz4$-hx%JMW0ok8~)Mu!Le*1Ke5)3fGA7;vjEou1g%nYxe
zzRxNu_T_quZ#~On<*B}bF&cfav7ACrk+<0E24Czuo_c7(+N;r>f@9~s*#)<T?RDcU
o3^N6^N99Gc^LRbq*DBv@hwLx$mhaqCx4g&Bs)xq!*;VPk0hoR1r~m)}

diff --git a/po/gl.po b/po/gl.po
index 80ed267..2ed0e25 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.2.4\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2003-12-04 11:39+0100\n"
 "Last-Translator: Jacobo Tarrio <jtarrio@trasno.net>\n"
 "Language-Team: Galician <gpul-traduccion@ceu.fi.udc.es>\n"
@@ -15,52 +15,52 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to create a sign and encrypt key? "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "¿Seguro que quere crear unha chave para asinar e cifrar? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -68,7 +68,7 @@ msgstr "contrasinal incorrecto"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -79,25 +79,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "contrasinal demasiado longo\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -107,299 +95,279 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "contrasinal erróneo"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "liña longa de máis\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "contrasinal demasiado longo\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Caracter non válido no nome\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "MPI erróneo"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "contrasinal erróneo"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "cambia-lo contrasinal"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "o algoritmo de protección %d%s non está soportado\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "non se pode crear `%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "non se puido abrir `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "non se atopou un chaveiro privado no que se poida escribir: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: fallo ao crear unha táboa hash: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 #, fuzzy
 msgid "Admin PIN"
 msgstr "Introduza o ID de usuario: "
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Repita o contrasinal: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Repita o contrasinal: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Repita o contrasinal: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "erro escribindo no chaveiro `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "escribindo a `%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Introduza o contrasinal\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "¿Empregar esta chave de tódolos xeitos?"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -407,7 +375,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "O nome debe ter alomenos 5 caracteres\n"
 msgstr[1] "O nome debe ter alomenos 5 caracteres\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -415,234 +383,244 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "¿Empregar esta chave de tódolos xeitos?"
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Necesita un contrasinal para protexe-la súa chave secreta.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "cambia-lo contrasinal"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 msgid "Options used for startup"
 msgstr "habilitar depuración total"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "A chave é obsoleta"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "lareto"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "ser un pouquiño máis calado"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "actualiza-la base de datos de confianza"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|axusta-lo xogo de caracteres do terminal a NOME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "non está soportado"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "non está soportado"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|emprega-lo modo de contrasinal N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "emprega-lo gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
@@ -650,150 +628,145 @@ msgstr ""
 "Por favor, informe dos erros no programa a <gnupg-bugs@gnu.org>,\n"
 "e dos erros na traducción a <proxecto@trasno.net>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "o algoritmo de resumo seleccionado non é válido\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "lendo as opcións de `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "non foi posible crear %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "Revocación de certificado válida"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent non está dispoñible nesta sesión\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "non se pode crea-lo directorio `%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: directorio creado\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: non foi posible crear un directorio: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "o segredo da actualización fallou: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "\t%lu chaves omitidas\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent non está dispoñible nesta sesión\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -803,19 +776,19 @@ msgstr ""
 "Opcións:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -823,8 +796,8 @@ msgstr ""
 "@Comandos:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -834,87 +807,86 @@ msgstr ""
 "Opcións:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Cancelar"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "erro de lectura: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "hai partes da chave secreta non dispoñibles\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "erro de lectura: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -927,19 +899,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "si|sim"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -952,7 +924,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -962,142 +934,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "cambia-lo contrasinal"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "¿Seguro de que quere borra-las chaves seleccionadas? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "habilitar unha chave"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "hai partes da chave secreta non dispoñibles\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "o algoritmo de protección %d%s non está soportado\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "o algoritmo de protección %d%s non está soportado\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "o algoritmo de protección %d%s non está soportado\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "a actualización fallou: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
@@ -1113,33 +1085,33 @@ msgstr "non se puido conectar a `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "non é posible deshabilita-los volcados de 'core': %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "a actualización fallou: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "si|sim"
 
@@ -1194,51 +1166,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "a actualización fallou: %s\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "a actualización fallou: %s\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "a actualización fallou: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "non se pode facer iso no modo por lotes\n"
+
+#: common/asshelp.c:366
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
 msgstr "non se pode facer iso no modo por lotes\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "non se pode facer iso no modo por lotes\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "non se pode facer iso no modo por lotes\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "non se pode facer iso no modo por lotes\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "AVISO: %s fai que se ignore %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1319,7 +1335,7 @@ msgid "algorithm: %s"
 msgstr "armadura: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1405,12 +1421,12 @@ msgstr ""
 "Non se atoparon certificados con confianza non definida.\n"
 "\n"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "Certificado correcto"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Chave dispoñible en: "
@@ -1452,7 +1468,7 @@ msgstr "Non hai axuda dispoñible para `%s'"
 msgid "ignoring garbage line"
 msgstr "error nunha liña adicional\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "descoñecido"
@@ -1462,144 +1478,26 @@ msgstr "descoñecido"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "carácter radix64 non válido %02x omitido\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "gravando a chave secreta en `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "erro de lectura de ficheiro"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "liña longa de máis\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "argumento non válido"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "armadura non válida"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "comandos conflictivos\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "opcións de importación non válidas\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "non procesado"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "comandos conflictivos\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "destinatario por defecto `%s' descoñecido\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "datos inesperados"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "opcións de importación non válidas\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "opcións de importación non válidas\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Comando incorrecto (tente \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opcións de importación non válidas\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTA: non existe o ficheiro de opcións por defecto `%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "ficheiro de opcións `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1615,131 +1513,132 @@ msgstr "non se puido abrir un ficheiro: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "non se pode crea-lo directorio `%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "erro escribindo no chaveiro `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "non se atopou a chave pública %08lX: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "cabeceira de armadura non válida: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "cabeceira de armadura: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "cabeceira de sinatura en claro non válida\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "cabeceira de armadura: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "sinaturas en texto claro aniñadas\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "armadura inesperada:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "liña escapada cunha barra non válida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "carácter radix64 non válido %02x omitido\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "fin de ficheiro prematura (non hai CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "fin de ficheiro prematura (no CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC mal formado\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Erro de CRC; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "fin de ficheiro prematura (nas liñas adicionais)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "error nunha liña adicional\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "non se atoparon datos OpenPGP válidos.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armadura incorrecta: liña máis longa ca %d caracteres\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1747,13 +1646,13 @@ msgstr ""
 "carácter quoted-printable na armadura - seguramente empregouse un MTA con "
 "erros\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "non lexible por humanos"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1762,27 +1661,27 @@ msgstr ""
 "un nome de notación só debe ter caracteres imprimibles ou espacios, e debe "
 "rematar en '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "un nome de notación de usuario debe conte-lo carácter '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "un nome de notación de usuario debe conte-lo carácter '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "un valor de notación non pode empregar ningún carácter de control\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "un nome de notación de usuario debe conte-lo carácter '@'\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1792,370 +1691,354 @@ msgstr ""
 "un nome de notación só debe ter caracteres imprimibles ou espacios, e debe "
 "rematar en '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "AVISO: atopáronse datos de notación non válidos\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, fuzzy, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "erro ao pór '%s' na base de datos de confianza: %s\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Introduza o contrasinal: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "erro ao crea-lo chaveiro `%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "AVISO: %s fai que se ignore %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "¡%s aínda non traballa con %s!\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
+msgid "error from TPM: %s\n"
+msgstr "erro lendo `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "¡%s aínda non traballa con %s!\n"
+msgid "problem with the agent: %s\n"
+msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent non está dispoñible nesta sesión\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "non se pode empregar %s no modo %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "xerar un certificado de revocación"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "a chave secreta non está dispoñible"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "non se pode facer iso no modo por lotes\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Non se admite este comando no modo %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "hai partes da chave secreta non dispoñibles\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "¿A súa selección? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "non procesado"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "non hai unha chave pública correspondente: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "erro escribindo no chaveiro `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "preferencias actualizadas"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "caracter non válido na cadea de preferencias\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "caracter non válido na cadea de preferencias\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "Pegada dactilar:"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "A xeración da chave fallou: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "non se atoparon datos OpenPGP válidos.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "¿Qué tamaño de chave quere? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "redondeado a %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "A sinatura caducou o %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Por favor, seleccione o tipo de chave que quere:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (só asinar)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA e ElGamal (por defecto)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Selección non válida.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Non se admite este comando no modo %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "omítese: a chave secreta xa está presente\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2163,205 +2046,218 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Por favor, seleccione o tipo de chave que quere:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "A sinatura caducou o %s\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Por favor, escolla o motivo da revocación:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "a actualización fallou: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "omítese: a chave secreta xa está presente\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "¿Asinar de verdade? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "saír deste menú"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "comandos conflictivos\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "amosar esta axuda"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Chave dispoñible en: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "cambia-la fecha de expiración"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "cambia-la confianza sobre o dono"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "amosar fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "xerar un novo par de chaves"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "cambia-la confianza sobre o dono"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "cambia-la confianza sobre o dono"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "comandos conflictivos\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "comandos conflictivos\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Comando incorrecto (tente \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output non traballa con este comando\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "non se puido abrir `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "erro ao le-lo bloque de chaves: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(a menos que especifique a chave por pegada dactilar)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr ""
 "iso non se pode facer no modo de procesamento por lotes sen \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a menos que especifique a chave por pegada dactilar)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2403,9 +2299,9 @@ msgstr "chave"
 msgid "subkey"
 msgstr "Pública: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "a actualización fallou: %s\n"
@@ -2430,64 +2326,74 @@ msgstr "¡hai unha chave secreta para a chave pública \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "empregue a opción \"--delete-secret-keys\" para borrala primeiro.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "non se pode empregar un paquete simétrico ESK debido ao modo S2K\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, fuzzy, c-format
-msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' xa está comprimido\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVISO: `%s' é un ficheiro baleiro\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar o algoritmo de resumo \"%s\" no modo %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "lendo de `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2496,100 +2402,46 @@ msgstr ""
 "forza-lo algoritmo de compresión %s (%d) viola as preferencias do "
 "destinatario\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrado para: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar %s no modo %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "datos cifrados con %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "cifrado cun algoritmo descoñecido %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "AVISO: cifrouse a mensaxe cunha chave feble no cifrado simétrico.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problema ao manexa-lo paquete cifrado\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "non se soporta a execución remota de programas\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"as chamadas a programas externos están desactivadas debido a opcións de "
-"permisos de ficheiros non seguras\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"esta plataforma precisa de ficheiros temporais ao chamar a programas "
-"externos\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "non se puido executar %s \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "non se puido executar %s \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "erro do sistema ao chamar a un programa externo: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "saída non natural do programa externo\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "non se puido executar un programa externo\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "non se puido le-la resposta do programa externo: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVISO: non se puido elimina-lo directorio temporal `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2615,404 +2467,404 @@ msgstr "chave secreta non utilizable"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: omitido: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "escribindo a `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "chave %08lX: sinatura da sub-chave nun lugar incorrecto - omitida\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "chave %08lX: chave estilo PGP 2.x - omitida\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "AVISO: non se exportou nada\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "erro ao crear `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[Non se atopou o id de usuario]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "erro ao crear `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "erro ao crear `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "Pegada dactilar:"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "non se atopou a chave secreta `%s': %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NOME|empregar NOME coma chave secreta por defecto"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NOME|empregar NOME coma chave secreta por defecto"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Chave %08lX non válida convertida en válida por --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "emprégase a chave secundaria %08lX no canto da primaria %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "facer unha sinatura separada"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[ficheiro]|facer unha sinatura en texto claro"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "facer unha sinatura separada"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "cifrar datos"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "cifrar só con cifrado simétrico"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "descifrar datos (por defecto)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verificar unha sinatura"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "ve-la lista de chaves"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "ve-la lista de chaves e sinaturas"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "verifica-las sinaturas das chaves"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "ve-la lista de chaves e pegadas dactilares"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "ve-la lista de chaves secretas"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "xerar un certificado de revocación"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "borrar chaves do chaveiro público"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "borrar chaves do chaveiro secreto"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "asinar unha chave"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "asinar unha chave localmente"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "xerar un novo par de chaves"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "asinar unha chave"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "asinar unha chave localmente"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "asinar ou editar unha chave"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "cambia-lo contrasinal"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportar chaves"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportar chaves a un servidor de chaves"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importar chaves dun servidor de chaves"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "buscar chaves nun servidor de chaves"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "actualizar tódalas chaves dun servidor de chaves"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importar/mesturar chaves"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "actualiza-la base de datos de confianza"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [ficheiros]|visualizar resumos de mensaxes"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NOME|empregar NOME coma chave secreta por defecto"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NOME|cifrar para NOME"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "non facer ningún cambio"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "avisar antes de sobrescribir"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "crear saída con armadura en ascii"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "usar modo de texto canónico"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|axusta-lo nivel de compresión a N (0 desactiva)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importar chaves dun servidor de chaves"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "verifica-las sinaturas das chaves"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "ve-la lista de chaves secretas"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NOME|cifrar para NOME"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "empregar este id de usuario para asinar ou descifrar"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3020,7 +2872,7 @@ msgstr ""
 "@\n"
 "(Vexa a páxina man para un listado completo de comandos e opcións)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3050,13 +2902,13 @@ msgstr ""
 " --list-keys [nomes]        amosa-las chaves\n"
 " --fingerprint [nomes]      amosa-las pegadas dactilares\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3071,7 +2923,7 @@ msgstr ""
 "asinar, verificar, cifrar ou descifrar\n"
 "a operación por defecto depende dos datos de entrada\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3079,551 +2931,566 @@ msgstr ""
 "\n"
 "Algoritmos soportados:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pública: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cifra: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compresión: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "uso: gpg [opcións] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "comandos conflictivos\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "non se atopou un signo = na definición do grupo \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr " creouse un novo ficheiro de configuración `%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "o URL de normativa de sinaturas dado non é válido\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "amosar en que chaveiro está unha chave listada"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Non se admite este comando no modo %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTA: ¡%s non é para uso normal!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Non é un enderezo de e-mail válido\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "non se puido analisa-lo URI do servidor de chaves\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opcións de importación non válidas\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opcións de importación non válidas\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "o URL de normativa de sinaturas dado non é válido\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "non se puido estabrecer exec-path a %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: opcións de exportación non válidas\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "opcións de importación non válidas\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "AVISO: ¡o programa pode crear un ficheiro 'core'!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVISO: %s fai que se ignore %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "¡%s non se admite con %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "¡%s non ten sentido empregándoo con %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "o algoritmo de cifrado seleccionado non é válido\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "o algoritmo de resumo seleccionado non é válido\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "o algoritmo de cifrado seleccionado non é válido\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "o algoritmo de resumo de certificación seleccionado non é válido\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed debe ser superior a 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed debe ser superior a 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth debe valer entre 1 e 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, fuzzy, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "nivel de comprobación por defecto non válido; debe ser 0, 1, 2 ou 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, fuzzy, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "nivel de comprobación por defecto non válido; debe ser 0, 1, 2 ou 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTA: desaconséllase encarecidamente o modo S2K simple (0)\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "modo S2K non válido; debe ser 0, 1 ou 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferencias por defecto non válidas\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferencias de cifrado personais non válidas\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferencias de cifrado personais non válidas\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferencias de resumo personais non válidas\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferencias de compresión personais non válidas\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "tamaño de chave non válido; empregando %u bits\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "¡%s aínda non traballa con %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "non se pode empregar o algoritmo de compresión \"%s\" no modo %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "AVISO: deronse destinatarios (-r) sen empregar cifrado de chave pública\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "o descifrado fallou: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "non se pode empregar %s no modo %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "non se pode empregar %s no modo %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "o envío ao servidor de chaves fallou: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "a recepción do servidor de chaves fallou: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "a exportación da chave fallou: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "a exportación da chave fallou: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "a busca no servidor de chaves fallou fallou: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "a actualización no servidor de chaves fallou: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "non se puido quita-la armadura: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Escriba a súa mensaxe ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "o URL de normativa de certificación dado non é válido\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "o URL de normativa de sinaturas dado non é válido\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "o URL de normativa de sinaturas dado non é válido\n"
@@ -3637,7 +3504,7 @@ msgstr "toma-las chaves deste chaveiro"
 msgid "make timestamp conflicts only a warning"
 msgstr "converte-los conflictos de selo de data nun aviso"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|DF|escribi-la información de estado a este DF"
 
@@ -3688,299 +3555,315 @@ msgstr "actualiza-la base de datos de confianza"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "non está soportado"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "amosar fingerprint"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "amosar fingerprint"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "chave secreta non utilizable"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "amosar fingerprint"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "pasando por alto un bloque de tipo %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu chaves procesadas hasta polo momento\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Número total procesado: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "novas chaves omitidas: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "novas chaves omitidas: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "   sin IDs de usuario: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "           importadas: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "          sin cambios: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr " novos IDs de usuario: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "     novas sub-chaves: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "         novas sinaturas: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr " novas revocacións de chaves: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "chaves secretas lidas: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "chaves secretas importadas: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "chaves secretas sin cambios: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "       non importadas: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "         novas sinaturas: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "chaves secretas lidas: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "chave %08lX: non hai ID de usuario\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "omítese `%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "chave %08lX: arranxouse a corrupción da sub-chave HKP\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "chave %08lX: aceptouse o ID de usuario '%s' sen auto-sinatura\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "chave %08lX: non hai IDs de usuario válidos\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "isto pode ser causado por unha auto-sinatura que falta\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "chave %08lX: chave pública non atopada: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "chave %08lX: nova chave - omitida\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "non se atopou un chaveiro no que se poida escribir: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "erro escribindo no chaveiro `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "chave %08lX: chave pública \"%s\" importada\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "chave %08lX: non coincide coa nosa copia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "chave %08lX: \"%s\" 1 novo ID de usuario\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "chave %08lX: \"%s\" 1 nova sinatura\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "chave %08lX: \"%s\" 1 nova sub-chave\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "chave %08lX: \"%s\" %d novas sub-chaves\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "chave %08lX: \"%s\" sen cambios\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "chave %08lX: chave secreta importada\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "omítese: a chave secreta xa está presente\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
@@ -3993,212 +3876,218 @@ msgstr "erro ao enviar a `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "non se atopou a chave secreta `%s': %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "chave %08lX: chave secreta cunha cifra %d non válida - omitida\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Non se especificou un motivo"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "A chave é obsoleta"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Esta chave quedou descoberta"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Xa non se emprega esta chave"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "O ID de usuario xa non é válido"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "motivo para a revocación: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "comentario de revocación: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "chave %08lX: non hai chave pública - non se pode aplica-lo\n"
 "certificado de revocación\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr ""
 "chave %08lX: non foi posible localiza-lo bloque de chaves original:\n"
 "%s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr ""
 "chave %08lX: non foi posible le-lo bloque de chaves original:\n"
 "%s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr ""
 "chave %08lX: certificado de revocación incorrecto:\n"
 "%s - rechazado\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "chave %08lX: \"%s\" certificado de revocación importado\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "chave %08lX: non hai ID de usuario para a sinatura\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "chave %08lX: algoritmo de chave pública non soportado no ID de usuario \"%s"
 "\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr ""
 "chave %08lX: auto-sinatura non válida no identificadr de usuario \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "chave %08lX: algoritmo de chave pública non soportado\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "chave %08lX: engadiuse unha sinatura de chave directa\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "chave %08lX: non hai sub-chave para a ligazón da chave\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "chave %08lX: ligazón de sub-chave incorrecta\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "chave %08lX: eliminouse unha ligazón de sub-chave múltiple\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "chave %08lX: non hai unha sub-chave para a revocación da chave\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "chave %08lX: revocación de sub-chave non válida\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "chave %08lX: eliminouse a revocación de sub-chaves múltiples\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "chave %08lX: omitido o ID de usuario '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "chave %08lX: omitida a sub-chave\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "chave %08lX: sinatura non exportable (clase %02x) - omitida\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "chave %08lX: certificado de revocación no lugar erróneo - omitido\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "chave %08lX: certificado de revocación incorrecto: %s - omitido\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "chave %08lX: sinatura da sub-chave nun lugar incorrecto - omitida\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "chave %08lX: clase de sinatura non esperada (0x%02X) - omitida\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "chave %08lX: ID de usuario duplicado detectado - mesturado\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "chave %08lX: ID de usuario duplicado detectado - mesturado\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: obtendo a chave de revocación "
 "%08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: chave de revocación %08lX "
 "ausente.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "chave %08lX: \"%s\" certificado de revocación engadido\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "chave %08lX: engadiuse unha sinatura de chave directa\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
@@ -4219,19 +4108,19 @@ msgstr "Sinatura %s, algoritmo de resumo %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Sinatura correcta de \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "omítese `%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "O ID de usuario \"%s\" está revocado."
 msgstr[1] "O ID de usuario \"%s\" está revocado."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4239,7 +4128,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 sinatura non verificada debido a unha chave que falta\n"
 msgstr[1] "1 sinatura non verificada debido a unha chave que falta\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4247,53 +4136,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d sinaturas erróneas\n"
 msgstr[1] "%d sinaturas erróneas\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Sinatura correcta de \""
 msgstr[1] "Sinatura correcta de \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "chaveiro `%s' creado\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "chaveiro `%s' creado\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "erro ao crear `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "erro lendo `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
@@ -4306,7 +4190,7 @@ msgstr "[revocación]"
 msgid "[self-signature]"
 msgstr "[auto-sinatura]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4318,12 +4202,12 @@ msgstr ""
 "correctamente as chaves de outros usuarios (mirando nos pasaportes,\n"
 "comprobando pegadas dactilares de varias fontes...).\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Confío marxinalmente\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Confío totalmente\n"
@@ -4350,12 +4234,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "O ID de usuario \"%s\" está revocado."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "¿Está seguro de que quere asinalo? (s/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr " Non se puido asinar.\n"
 
@@ -4554,216 +4438,220 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "¿Asinar de verdade? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "gardar e saír"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "amosar fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Notación de sinaturas: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "listar chave e IDs de usuario"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "selecciona-lo ID de usuario N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "selecciona-lo ID de usuario N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "revocar sinaturas"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "asina-la chave localmente"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Pista: seleccione os IDs de usuario que desexa asinar\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "engadir un ID de usuario"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "engadir unha identificación fotográfica"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "borrar un ID de usuario"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "borrar unha chave secundaria"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "engadir unha chave de revocación"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr ""
 "¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
 "seleccionados? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "marcar un ID de usuario coma primario"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "lista-las preferencias (expertos)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "lista-las preferencias (moitos datos)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr ""
 "¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
 "seleccionados? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "non se puido analisa-lo URI do servidor de chaves\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr ""
 "¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
 "seleccionados? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "cambia-lo contrasinal"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "cambia-la confianza sobre o dono"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "¿Seguro de que quere revocar tódolos IDs de usuario seleccionados? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "revocar un ID de usuario"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "revocar unha chave secundaria"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "habilitar unha chave"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "deshabilitar unha chave"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "amosa-la identificación fotográfica"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "A chave secreta está disponible.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "A chave secreta está disponible.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Cómpre a chave secreta para facer isto.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4771,311 +4659,316 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "A chave está revocada."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "¿Seguro de que quere asinar tódolos IDs de usuario? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "¿Seguro de que quere asinar tódolos IDs de usuario? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Pista: seleccione os IDs de usuario que desexa asinar\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "clase de sinatura descoñecida"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Non se admite este comando no modo %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Debe seleccionar alomenos un ID de usuario.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "¡Non pode borra-lo último ID de usuario!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "¿Seguro de que quere borrar tódolos IDs de usuario seleccionados? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "¿Seguro de que quere borrar este ID de usuario? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "¿Seguro de que quere borrar este ID de usuario? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Debe seleccionar alomenos unha chave.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "non se puido abrir `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Debe seleccionar alomenos unha chave.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "¿Seguro de que quere borra-las chaves seleccionadas? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "¿Seguro de que quere borrar esta chave? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "¿Seguro de que quere revocar tódolos IDs de usuario seleccionados? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "¿Seguro de que quere revocar este ID de usuario? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "¿Realmente quere revocar esta chave? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "¿Realmente quere revoca-las chaves seleccionadas? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "¿Realmente quere revocar esta chave? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "estabrece-la lista de preferencias"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
 "seleccionados? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "¿Realmente desexa actualiza-las preferencias? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "¿Garda-los cambios? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "¿Saír sin gardar? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "A chave non cambiou, polo que non fai falla actualizar.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "¡Non pode borra-lo último ID de usuario!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "valor non válido\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Non hai tal ID de usuario.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Nada que asinar coa chave %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   asinada por %08lX no %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s non é un xogo de caracteres válido\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Resumo: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Características: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notación: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Non hai preferencias nun ID de usuario estilo PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Esta chave pode estar revocada por %s chave "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Esta chave pode estar revocada por %s chave "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (sensible)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "non foi posible crear %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[revocada] "
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [caduca: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [caduca: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " confianza: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " confianza: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Esta chave está desactivada"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5083,19 +4976,19 @@ msgstr ""
 "Teña en conta que a validez da chave amosada non é necesariamente\n"
 "correcta a menos que reinicie o programa.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[revocada] "
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5104,18 +4997,18 @@ msgstr ""
 "AVISO: non se marcou ningún ID de usuario coma primario. Esta orde pode\n"
 "              facer que un ID de usuario diferente se converta no primario.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5124,37 +5017,37 @@ msgstr ""
 "AVISO: Esta é unha chave de estilo PGP2. Se engade unha identificación\n"
 "       fotográfica algunhas versións de PGP han rexeitar esta chave.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "¿Está seguro de que quere engadila? (s/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr ""
 "Non pode engadir unha identificación fotográfica a unha chave de estilo "
 "PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "¿Borrar esta sinatura correcta? (s/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "¿Borrar esta sinatura incorrecta? (s/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "¿Borrar esta sinatura descoñecida? (s/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "¿Realmente quere borrar esta auto-sinatura? (s/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5162,38 +5055,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Borrada %d sinatura.\n"
 msgstr[1] "Borrada %d sinatura.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Non se borrou nada.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "armadura non válida"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "O ID de usuario \"%s\" está revocado."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "O ID de usuario \"%s\" está revocado."
 msgstr[1] "O ID de usuario \"%s\" está revocado."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "o ID de usuario \"%s\" xa está revocado\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "o ID de usuario \"%s\" xa está revocado\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5203,45 +5096,45 @@ msgstr ""
 "designado\n"
 "       pode facer que algunhas versións de PGP rexeiten esta chave.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Non pode engadir un revocador designado a unha chave de estilo PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Introduza o ID de usuario do revocador designado: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "non se pode nomear unha chave estilo PGP 2.x coma revocador designado\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "non se pode nomear unha chave coma o seu propio revocador designado\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
 "se pode desfacer!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "¿Está seguro de que quere nomear esta chave coma revocador designado? (s/N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5249,266 +5142,271 @@ msgid ""
 msgstr ""
 "¿Está seguro de que quere nomear esta chave coma revocador designado? (s/N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Cambiando a data de expiración para a chave secundaria.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Cambiando a data de expiración da chave primaria.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Cambiando a data de expiración para a chave secundaria.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Cambiando a data de expiración da chave primaria.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr ""
 "AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
 "se pode desfacer!\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Escolla exactamente un ID de usuario.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "omitindo a auto-sinatura v3 do id de usuario \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "¿Está seguro de que quere empregala (s/N)? "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "¿Está seguro de que quere empregala (s/N)? "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Notación de sinaturas: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "¿Sobrescribir? (s/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Non hai ID de usuario con índice %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Non hai ID de usuario con índice %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Non hai ID de usuario con índice %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Non hai ID de usuario con índice %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID de usuario: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   asinada por %08lX no %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non exportable)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Esta sinatura caducou o %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "¿Está seguro de que quere revocala? (s/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta sinatura? (s/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Asinou estes IDs de usuario: \n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (non exportable)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   revocada por %08lX no %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Está a punto de revocar estas sinaturas:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "¿Realmente desexa crea-los certificados de revocación? (s/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "non hai chave secreta\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "o ID de usuario \"%s\" xa está revocado\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "AVISO: unha sinatura de ID de usuario ten unha data %d segundos no futuro\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "¡Non pode borra-lo último ID de usuario!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "o ID de usuario \"%s\" xa está revocado\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "o ID de usuario \"%s\" xa está revocado\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Amosando a id. fotográfica %s de tamaño %ld da chave 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "opcións de importación non válidas\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preferencia %c%lu duplicada\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "demasiadas preferencias `%c'\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "demasiadas preferencias `%c'\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "demasiadas preferencias `%c'\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "demasiadas preferencias `%c'\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "caracter non válido na cadea de preferencias\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "escribindo unha sinatura directa\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "escribindo a propia sinatura\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "escribindo unha sinatura que liga a chave\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "tamaño de chave non válido; empregando %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "tamaño de chave redondeado a %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "cifrar datos"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5522,169 +5420,180 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (só cifrar)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA e ElGamal (por defecto)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA e ElGamal (por defecto)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (só asinar)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (só asinar)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (só cifrar)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA e ElGamal (por defecto)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (asinar e cifrar)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (por defecto)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (só asinar)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Notación de sinaturas: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Non hai ID de usuario con índice %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: erro ao ler un rexistro libre: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "deshabilitar unha chave"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "redondeado a %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "¿Qué tamaño de chave quere? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "O tamaño de chave requerido son %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Por favor, seleccione o tipo de chave que quere:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5700,7 +5609,7 @@ msgstr ""
 "      <n>m = a chave caduca en n meses\n"
 "      <n>y = a chave caduca en n anos\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5716,40 +5625,40 @@ msgstr ""
 "      <n>m = a sinatura caduca en n meses\n"
 "      <n>y = a sinatura caduca en n anos\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "¿Por canto tempo é válida a chave? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "¿Por canto tempo é válida a sinatura? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valor non válido\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s non caduca nunca\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s non caduca nunca\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s caduca o %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "A sinatura caduca o %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5757,12 +5666,12 @@ msgstr ""
 "O seu sistema non pode amosar datas máis aló do 2038.\n"
 "Aínda así, hase tratar correctamente ata o 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "¿Isto é correcto? (s/n) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5773,7 +5682,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5790,50 +5699,50 @@ msgstr ""
 "     \"Heinrich Heime (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nome: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Caracter non válido no nome\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "O nome non pode comezar cun díxito\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "O nome debe ter alomenos 5 caracteres\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Enderezo de E-mail: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Non é un enderezo de e-mail válido\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comentario: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Carácter non válido no comentario\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Está a usa-lo xogo de caracteres `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5844,7 +5753,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Por favor, non poña o enderezo de correo no nome real ou no comentario\n"
@@ -5860,35 +5769,35 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeAaSs"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "¿Cambia-lo (N)ome, (C)omentario, (E)-mail ou (S)aír? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "¿Cambiar (N)ome, (C)omentario, (E)-mail ou (A)ceptar/(S)aír? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "¿Cambia-lo (N)ome, (C)omentario, (E)-mail ou (S)aír? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "¿Cambiar (N)ome, (C)omentario, (E)-mail ou (A)ceptar/(S)aír? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Por favor, corrixa antes o erro\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5900,13 +5809,13 @@ msgstr ""
 "mentres se xeran os números primos; isto proporciónalle ao xerador de\n"
 "números aleatorios unha opoertunidade de acumular entropía de abondo.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "A xeración da chave fallou: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5914,69 +5823,69 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "`%s' xa está comprimido\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "¿Crear de tódolos xeitos? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "¿Crear de tódolos xeitos? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Cancelouse a xeración de chaves.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "non se pode crear `%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "NOTA: a chave secreta %08lX caducou o %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "gravando a chave pública en `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "non se atopou un chaveiro público no que se poida escribir: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "erro escribindo no chaveiro público `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "creáronse e asináronse as chaves pública e secreta.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5986,7 +5895,7 @@ msgstr ""
 "queira emprega-lo comando \"--edit-key\" para xerar unha chave secundaria\n"
 "con esa finalidade.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5994,7 +5903,7 @@ msgstr ""
 "creouse a chave %lu segundo no futuro (salto no tempo ou problemas co "
 "reloxo)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6002,52 +5911,52 @@ msgstr ""
 "creouse a chave %lu segundos no futuro (salto no tempo ou problemas co "
 "reloxo)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "NOTA: a creación de subchaves para chaves v3 non cumpre OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "as partes secretas da chave primaria non están dispoñibles.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "as partes secretas da chave primaria non están dispoñibles.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "¿Crear realmente? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "nunca     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Normativa de sinaturas críticas: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Normativa de sinaturas: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notación de sinaturas críticas: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notación de sinaturas: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6055,7 +5964,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d sinaturas erróneas\n"
 msgstr[1] "%d sinaturas erróneas\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6063,57 +5972,57 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 sinatura non verificada debido a un erro\n"
 msgstr[1] "1 sinatura non verificada debido a un erro\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Chaveiro"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Pegada dactilar da chave primaria:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Pegada dactilar da sub-chave:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Pegada dactilar da chave primaria:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "     Pegada dactilar da sub-chave:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Pegada dactilar ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "comprobando o chaveiro `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu chaves comprobadas (%lu sinaturas)\n"
 msgstr[1] "%lu chaves comprobadas (%lu sinaturas)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, fuzzy, c-format
 #| msgid "\t%lu keys updated\n"
 msgid "%lu key cached"
@@ -6121,7 +6030,7 @@ msgid_plural "%lu keys cached"
 msgstr[0] "\t%lu chaves actualizadas\n"
 msgstr[1] "\t%lu chaves actualizadas\n"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6129,511 +6038,514 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 sinatura errónea\n"
 msgstr[1] "1 sinatura errónea\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: chaveiro creado\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "o URL de normativa de sinaturas dado non é válido\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "opcións de exportación non válidas\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, fuzzy, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "%s: non é un ID de chave válido\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "solicitando a chave %08lX de %s\n"
 msgstr[1] "solicitando a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "solicitando a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "solicitando a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "opcións de exportación non válidas\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "omítese `%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "asinado coa súa chave %08lX no %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "solicitando a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "tamaño moi estraño para unha chave de sesión cifrada (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "chave de sesión cifrada con %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "cifrado cun algoritmo descoñecido %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "cifrado cun algoritmo descoñecido %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "a chave pública é %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "datos cifrados coa chave pública: DEK correcto\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "cifrado cunha chave de %u bits, %s, ID %08lX, creado o %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "               alias \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "cifrado cunha chave %s, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "fallou o descifrado de chave pública: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "cifrado con %lu contrasinais\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "cifrado con 1 contrasinal\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "fallou o descifrado de chave pública: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "datos cifrados coa chave pública: DEK correcto\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "supoñendo datos cifrados con %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "A cifra IDEA non está dispoñible, téntase empregar %s no seu canto\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "AVISO: a mensaxe non tiña protección de integridade\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "o descifrado fallou: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "descifrado correcto\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "AVISO: ¡a mensaxe cifrada foi manipulada!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "o descifrado fallou: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "NOTA: o remitente pediu \"confidencial\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nome do ficheiro orixinal='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revocación independente - empregue \"gpg --import\" para aplicar\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Sinatura correcta de \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Sinatura INCORRECTA de\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Sinatura caducada de \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Sinatura correcta de \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verificación de sinatura suprimida\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "non se poden manexar estas sinaturas múltiples\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "A sinatura caducou o %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "               alias \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Sinatura feita o %.*s usando %s coa chave de ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               alias \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Chave dispoñible en: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[incerto]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "               alias \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "AVISO: ¡Esta chave non está certificada cunha sinatura de confianza!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "A sinatura caducou o %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "A sinatura caduca o %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binario"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "modo texto"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "descoñecido"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "algoritmo de chave pública descoñecido"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Non foi posible verifica-la sinatura: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "non é unha sinatura separada\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "AVISO: detectáronse sinaturas múltiples. Só se ha comproba-la primeira.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "sinatura independiente de clase 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "Sinatura ó vello estilo (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr ""
 "a actualización da base de datos de confianza fallou:\n"
 "%s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "non é posible manexa-lo algoritmo de chave pública %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "algoritmo de cifrado non implementado"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "erro de lectura: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "erro de lectura: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: opción a extinguir \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "empregue \"%s%s\" no seu canto\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Sen comprimir"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "Sen comprimir"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "esta mensaxe pode non ser utilizable por %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "lendo as opcións de `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "clase de sinatura descoñecida"
@@ -6658,94 +6570,84 @@ msgstr "%s: sufixo descoñecido\n"
 msgid "Enter new filename"
 msgstr "Introduza o novo nome de ficheiro"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "escribindo na saída estándar\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "suponse que hai datos asinados en `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "non é posible manexa-lo algoritmo de chave pública %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "AVISO: chave de sesión cifrada simetricamente potencialmente insegura\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notación de sinaturas críticas: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "un subpaquete de tipo %d ten o bit crítico posto\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "cambia-lo contrasinal"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Introduza o contrasinal\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "cancelado polo usuario\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (ID principal da chave %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "¿Seguro de que quere borra-las chaves seleccionadas? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "¿Seguro de que quere borra-las chaves seleccionadas? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6755,7 +6657,7 @@ msgid ""
 "%s"
 msgstr "%u-bits, chave %s, ID %08lX, creada %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6769,35 +6671,82 @@ msgstr ""
 "pública. Se emprega unha imaxe moi grande, a súa chave tamén se ha volver\n"
 "moi grande. Un bo tamaño para empregar é un semellante a 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Introduza o nome do ficheiro JPEG: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "non se puido abrir un ficheiro: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "¿Está seguro de que quere empregala (s/N)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" non é un ficheiro JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "¿É esta foto correcta (s/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "non se soporta a execución remota de programas\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"esta plataforma precisa de ficheiros temporais ao chamar a programas "
+"externos\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "non se puido executar %s \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "saída non natural do programa externo\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "erro do sistema ao chamar a un programa externo: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVISO: non se puido elimina-lo directorio temporal `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"as chamadas a programas externos están desactivadas debido a opcións de "
+"permisos de ficheiros non seguras\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "¡non se pode amosa-la identificación fotográfica!\n"
@@ -6812,108 +6761,108 @@ msgstr "¡non se pode amosa-la identificación fotográfica!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMsSoO"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Non se asignou un valor de confianza a:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "               alias \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Esta chave probablemente pertenza ao propietario\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Non sei\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = NON confío\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Confío absolutamente\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = voltar ao menú principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " o = omitir esta chave\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " s = saír\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "¿A súa decisión? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "¿Está seguro de querer dar confianza absoluta a esta chave? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificados que conducen a unha chave de confianza absoluta:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Esta chave probablemente pertenza ao propietario\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Esta chave perténcenos a nós\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 "Non se atoparon certificados con confianza non definida.\n"
 "\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6925,7 +6874,7 @@ msgstr ""
 "respostar á seguinte pregunta cun \"si\"\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6937,96 +6886,113 @@ msgstr ""
 "respostar á seguinte pregunta cun \"si\"\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "¿Empregar esta chave de tódolos xeitos?"
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "AVISO: ¡Emprégase unha chave que non é de confianza!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, fuzzy, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: chave de revocación %08lX "
 "ausente.\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "ID de usuario: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "chave %08lX: non coincide coa nosa copia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: g10/pkclist.c:696
 #, fuzzy, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "       Isto pode significar que a sinatura está falsificada.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "AVISO: ¡Esta subchave está revocada polo propietario!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: Esta chave está desactivada.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Nota: ¡Esta chave xa caducou!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "AVISO: ¡Esta chave non está certificada cunha sinatura de confianza!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "AVISO: ¡Esta chave non está certificada cunha sinatura de confianza!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "       Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "AVISO: ¡Esta chave NON é de confianza!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "       Probablemente, a sinatura estea FALSIFICADA.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"AVISO: ¡Esta chave non está certificada con sinaturas de suficiente "
+"confianza!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7034,51 +7000,51 @@ msgstr ""
 "AVISO: ¡Esta chave non está certificada con sinaturas de suficiente "
 "confianza!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "       Non é seguro que a sinatura pertenza ao seu propietario.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: omitido: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: omitido: a chave pública está desactivada\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: omitido: a chave pública xa está presente\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "non se puido conectar a `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Non especificou un ID de usuario. (pode empregar \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7086,41 +7052,41 @@ msgstr ""
 "\n"
 "Introduza o ID de usuario. Remate cunha liña en branco: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Non hai tal ID de usuario.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "omitido: a chave pública xa está estabrecida coma destinatario por defecto\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "A chave pública está desactivada.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "omitido: chave pública xa estabrecida\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "non hai enderezos válidos\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "chave %08lX: non hai ID de usuario\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "chave %08lX: non hai ID de usuario\n"
@@ -7130,78 +7096,83 @@ msgstr "chave %08lX: non hai ID de usuario\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "os datos non foron gardados; use a opción \"--output\" para gardalos\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Sinatura non adxunta.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Por favor, introduza o nome do ficheiro de datos: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "lendo de stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "non hai datos asinados\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "non foi posible abri-los datos asinados `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "non foi posible abri-los datos asinados `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "chave %08lX: non hai ID de usuario\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinatario anónimo; tentando a chave secreta %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "chave %08lX: non hai ID de usuario\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "vale, nós somo-lo destinatario anónimo.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "a codificación vella do DEK non está soportada\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "o algoritmo de cifrado %d%s é descoñecido ou está desactivado\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTA: o algoritmo de cifrado %d non foi atopado nas preferencias\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTA: a chave secreta %08lX caducou o %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "NOTA: a chave está revocada"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "a chamada a build_packet fallou: %s\n"
@@ -7219,48 +7190,48 @@ msgstr "Ha ser revocada por:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Esta é unha chave de revocación sensible)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "A chave secreta está disponible.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta sinatura? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Forzouse unha saída con armadura ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "a chamada a make_keysig_packet fallou: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Creouse o certificado de revocación.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "non se atoparon chaves de revocación para `%s'\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "¿Crear un certificado de revocación para esta sinatura? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7269,20 +7240,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Creouse o certificado de revocación.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "non se atopou a chave secreta `%s': %s\n"
@@ -7295,18 +7266,18 @@ msgstr "non se atopou a chave secreta `%s': %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta sinatura? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7324,38 +7295,38 @@ msgstr ""
 "se volve ilexible. Pero teña coidado: o sistema de impresión da súa\n"
 "máquina podería armacena-los datos e deixárllelos dispoñibles a outros.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Por favor, escolla o motivo da revocación:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancelar"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(probablemente queira seleccionar %d aquí)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Introduza unha descrición opcional; remátea cunha liña en branco:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Motivo para a revocación: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Non se deu unha descrición)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "¿É correcto? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "creouse unha chave feble - volvendo a tentalo\n"
@@ -7367,64 +7338,59 @@ msgstr ""
 "non se pode evitar unha chave feble para o cifrado simétrico; tentouse %d "
 "veces\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVISO: conflicto de resumo de sinatura na mensaxe\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "non se pode empregar %s no modo %s\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "AVISO: conflicto de resumo de sinatura na mensaxe\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = amosar máis información\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
 "se pode desfacer!\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "a chave pública %08lX é %lu segundo máis nova cá sinatura\n"
 msgstr[1] "a chave pública %08lX é %lu segundo máis nova cá sinatura\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "a chave pública %08lX é %lu segundo máis nova cá sinatura\n"
 msgstr[1] "a chave pública %08lX é %lu segundo máis nova cá sinatura\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7437,7 +7403,7 @@ msgstr[1] ""
 "creouse a chave %lu segundo no futuro (salto no tempo ou problemas co "
 "reloxo)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7449,114 +7415,115 @@ msgstr[1] ""
 "creouse a chave %lu segundo no futuro (salto no tempo ou problemas co "
 "reloxo)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTA: a chave de sinatura %08lX caducou o %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: a chave está revocada"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "sinatura independiente de clase 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "sinatura independiente de clase 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "asumindo unha sinatura incorrecta da chave %08lX debido a un bit crítico "
 "descoñecido\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "chave %08lX: non hai unha sub-chave para o paquete de a revocación de "
 "subchave\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "chave %08lX: non hai sub-chave para a sinatura da ligazón da chave\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVISO: non se pode expandir-%% a notación (grande de máis). Úsase sen "
 "expandir.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr "AVISO: non se pode expandir-%% o url de normativa (grande de máis).\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr "AVISO: non se pode expandir-%% o url de normativa (grande de máis).\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "Sinatura %s de: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "asinando:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "hase empregar cifrado %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "a chave non está marcada coma insegura - non se pode empregar co xerador de "
 "números aleatorios falso\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "omítese `%s': duplicada\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "omítese: a chave secreta xa está presente\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "omítese `%s': ¡esta é unha chave ElGamal xerada por PGP que non é segura "
 "para sinaturas!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "rexistro de confianza %lu, tipo %d: fallou a escritura: %s\n"
@@ -7570,46 +7537,46 @@ msgstr ""
 "# Lista de valores de confianza asignados, creada o %s\n"
 "# (Empregue \"gpg --import-ownertrust\" para restauralos)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "liña longa de máis\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "importa-los valores de confianza no propietario"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "erro ao buscar un rexistro de confianza: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "erro de lectura: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de datos de confianza: fallou a sincronización: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "non se pode crear `%s': %s\n"
@@ -7619,12 +7586,12 @@ msgstr "non se pode crear `%s': %s\n"
 msgid "can't lock '%s'\n"
 msgstr "non se puido abrir `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "rexistro da base de datos de confianza %lu: lseek fallou: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
@@ -7640,7 +7607,7 @@ msgstr "transacción da base de datos de confianza demasiado grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ¡o directorio non existe!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "non se pode pechar `%s': %s\n"
@@ -7682,7 +7649,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: erro ao actualiza-lo rexistro de versión: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: erro ao le-lo rexistro de versión: %s\n"
@@ -7692,52 +7659,52 @@ msgstr "%s: erro ao le-lo rexistro de versión: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: erro ao escribi-lo rexistro de versión: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de datos de confianza: lseek fallou: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: non é un ficheiro de base de datos de confianza\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: rexistro de versión con número de rexistro %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versión do ficheiro incorrecta %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: erro ao ler un rexistro libre: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: non se puido pór a cero un rexistro: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: non se puido engadir un rexistro: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: creouse a base de datos de confianza\n"
@@ -7779,10 +7746,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
@@ -7804,7 +7771,7 @@ msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
@@ -7976,111 +7943,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Borradas %d sinaturas.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "cifrado con %lu contrasinais\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Normativa: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8097,117 +8064,117 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' non é un ID longo de chave válido\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "chave %08lX: aceptada como chave de confianza\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "a chave %08lX aparece máis dunha vez na base de datos de confianza\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "chave %08lX: non hai unha chave pública para a chave de confianza - omitida\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "chave marcada coma de confianza absoluta.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "rexistro de confianza %lu, tipo da petición %d: fallou a lectura: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "o rexistro de confianza %lu non é do tipo %d solicitado\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "non se precisa comproba-la base de datos de confianza\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "hase comproba-la base de datos de confianza o %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "non se precisa comproba-la base de datos de confianza\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "non se precisa comproba-la base de datos de confianza\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "non se atopou a chave pública %08lX: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "por favor, execute con --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "comprobando a base de datos de confianza\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu chaves procesadas hasta polo momento\n"
 msgstr[1] "%lu chaves procesadas hasta polo momento\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8215,45 +8182,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "procesáronse %d chaves (marcáronse %d contas de validez)\n"
 msgstr[1] "procesáronse %d chaves (marcáronse %d contas de validez)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "non se atoparon chaves de confianza absoluta\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "non se atopou a chave pública da clave de confianza absoluta %08lX\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "rexistro de confianza %lu, tipo %d: fallou a escritura: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "nunca     "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8265,43 +8232,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[revocada] "
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[caducada ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "descoñecido"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "nunca     "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8327,20 +8294,31 @@ msgstr ""
 msgid "can't open fd %d: %s\n"
 msgstr "non se puido abrir `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "AVISO: a mensaxe non tiña protección de integridade\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "lendo as opcións de `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "axusta-los valores de depuración"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "habilitar depuración total"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8350,129 +8328,225 @@ msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "`%s' xa está comprimido\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "xerar un novo par de chaves"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "xerar un novo par de chaves"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "borrar chaves do chaveiro público"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "A xeración da chave fallou: %s\n"
+msgstr[1] "A xeración da chave fallou: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Por favor, escolla o motivo da revocación:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Nota: Esta chave está desactivada.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Por favor, escolla o motivo da revocación:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "borrar chaves do chaveiro público"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
@@ -8480,43 +8554,43 @@ msgstr "fallou o borrado do bloque de chaves: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "o envío ao servidor de chaves fallou: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8524,22 +8598,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Por favor, escolla o motivo da revocación:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8547,123 +8621,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "cambia-lo contrasinal"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "erro ao le-lo bloque de chaves: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: erro ao ler un rexistro libre: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "`%s' xa está comprimido\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "xerar un novo par de chaves"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "xerar un novo par de chaves"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI non soportado"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "fallou o borrado do bloque de chaves: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "A xeración da chave fallou: %s\n"
-msgstr[1] "A xeración da chave fallou: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "Sinatura %s, algoritmo de resumo %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "non se atoparon datos OpenPGP válidos.\n"
@@ -8676,102 +8708,100 @@ msgstr "cambia-lo contrasinal"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 #, fuzzy
 msgid "|N|Initial New PIN"
 msgstr "Introduza o ID de usuario: "
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "non usa-la terminal en absoluto"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "comandos conflictivos\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "axuda"
@@ -8805,7 +8835,7 @@ msgstr "gravando a chave secreta en `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "gravando a chave secreta en `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
@@ -8820,7 +8850,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8841,247 +8871,247 @@ msgstr "erro ao crea-lo contrasinal: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "NOTA: a chave está revocada"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, fuzzy, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "problema de lectura do certificado: %s\n"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, fuzzy, c-format
 msgid "certificate not yet valid"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 #, fuzzy
 msgid "intermediate certificate not yet valid"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "problema de lectura do certificado: %s\n"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "problema de lectura do certificado: %s\n"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "problema de lectura do certificado: %s\n"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "problema de lectura do certificado: %s\n"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "         novas sinaturas: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Creouse o certificado de revocación.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "Pegada dactilar:"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, fuzzy, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 "Non se atoparon certificados con confianza non definida.\n"
 "\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "Certificado correcto"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, fuzzy, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 "Non se atoparon certificados con confianza non definida.\n"
 "\n"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, fuzzy, c-format
 msgid "certificate chain too long\n"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, fuzzy, c-format
 msgid "issuer certificate not found"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verificar unha sinatura"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "Revocación de certificado válida"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "certificado duplicado - borrado"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr ""
 "Non se atoparon certificados con confianza non definida.\n"
 "\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "non procesado"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "non|nom"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9094,177 +9124,188 @@ msgstr ""
 "\"%.*s\"\n"
 "Chave de %u bits, %s, ID %08lX, creada o %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "bad certificate"
+msgid "looking for another certificate\n"
+msgstr "certificado erróneo"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Non é un enderezo de e-mail válido\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "chave %08lX: ligazón de sub-chave incorrecta\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "erro ao crea-lo chaveiro `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "A xeración da chave fallou: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (asinar e cifrar)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (só asinar)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (só cifrar)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Non se deu unha descrición)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "algoritmo de hash non válido `%s'\n"
@@ -9274,262 +9315,256 @@ msgstr "algoritmo de hash non válido `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "algoritmo de hash non válido `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Enderezo de E-mail: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Introduza o ID de usuario. Remate cunha liña en branco: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Introduza o novo nome de ficheiro"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Introduza unha descrición opcional; remátea cunha liña en branco:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 #, fuzzy
 msgid "Enter URIs"
 msgstr "Introduza o ID de usuario: "
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "¿Crear un certificado de revocación para esta sinatura? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "erro ao crea-lo contrasinal: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Creouse o certificado de revocación.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "datos cifrados con %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "cifrado cunha chave %s, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "erro ao le-lo bloque de chaves: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "certificado duplicado - borrado"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificado duplicado - borrado"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Non se deu unha descrición)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "ve-la lista de chaves secretas"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "Revocación de certificado válida"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "Certificado correcto"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "Certificado correcto"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "non usa-la terminal en absoluto"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "crear saída con armadura en ascii"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NOME|empregar NOME coma chave secreta por defecto"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "engadir este chaveiro á lista de chaveiros"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|empregar este servidor de chaves para buscar chaves"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NOME|emprega-lo algoritmo de cifrado NOME para os contrasinais"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NOME|emprega-lo algoritmo de cifrado NOME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NOME|emprega-lo algoritmo de resumos de mensaxes NOME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "modo por lotes: non preguntar nunca"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "asumir `si' na maioría das preguntas"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "asumir `non' na maioría das preguntas"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9540,87 +9575,122 @@ msgstr ""
 "asinar, verificar, cifrar ou descifrar\n"
 "a operación por defecto depende dos datos de entrada\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "non se puido conectar a `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = omitir esta chave\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "escribindo a `%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "non se pode pechar `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Número total procesado: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "Certificado correcto"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? problema ao comproba-la revocación: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9629,17 +9699,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9650,14 +9720,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9665,53 +9735,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "o algoritmo de protección %d%s non está soportado\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "fallou a comprobación da sinatura creada: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Sinatura feita o %.*s usando %s coa chave de ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "A sinatura caducou o %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "armadura: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Sinatura correcta de \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "               alias \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9738,101 +9813,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "non se pode crear `%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificado duplicado - borrado"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certificado duplicado - borrado"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificado duplicado - borrado"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "Pegada dactilar:"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "Certificado non válido"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Creouse o certificado de revocación.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "Revocación de certificado válida"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "Certificado correcto"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
@@ -10361,66 +10436,66 @@ msgstr "non se atopou a chave `%s': %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "non se atopou a chave `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Creouse o certificado de revocación.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "bad certificate"
 msgid "validate a certificate"
 msgstr "certificado erróneo"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "bad certificate"
 msgid "lookup a certificate"
 msgstr "certificado erróneo"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "Certificado non válido"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "Certificado correcto"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Introduza o ID de usuario do revocador designado: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10428,226 +10503,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "non se puido conectar a `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "a actualización fallou: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "Revocación de certificado válida"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "NOTA: a chave está revocada"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "non se puido facer stat sobre `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Algoritmos soportados:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "non se puido analisa-lo URI do servidor de chaves\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|HOST|empregar este servidor de chaves para buscar chaves"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "non se puido analisa-lo URI do servidor de chaves\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10660,126 +10730,315 @@ msgstr ""
 "@\n"
 "(Vexa a páxina man para un listado completo de comandos e opcións)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "uso: gpg [opcións] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "¡%s non se admite con %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "non se puido poñe-la armadura: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "liña longa de máis\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "erro: pegada dactilar non válida\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "erro de lectura: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "non procesado"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|axusta-lo xogo de caracteres do terminal a NOME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "opcións de importación non válidas\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "lendo de `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "   sin IDs de usuario: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "               alias \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "               alias \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "       non importadas: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "               alias \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "               alias \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "AVISO: ¡úsase memoria insegura!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "non se puido quita-la armadura: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" non é un ficheiro JPEG\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "demasiadas preferencias `%c'\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "escribindo a `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "erro escribindo no chaveiro `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erro lendo `%s': %s\n"
@@ -10809,51 +11068,31 @@ msgstr "a actualización fallou: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "buscando \"%s\" no servidor HKP %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" non é un ficheiro JPEG\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " o = omitir esta chave\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10942,92 +11181,92 @@ msgstr "o cambio de permisos de `%s' fallou: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "Revocación de certificado válida"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "Certificado correcto"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "non hai un chaveiro privado por defecto: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "erro ao crea-lo contrasinal: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "NOTA: a chave está revocada"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11037,68 +11276,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "non se pode crear `%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: fallo ao crear unha táboa hash: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11144,251 +11387,269 @@ msgstr "Revocación de certificado válida"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "abandonar"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "fallou o borrado do bloque de chaves: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "liña longa de máis\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "destinatario por defecto `%s' descoñecido\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "fallou a sinatura: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "erro ao enviar a `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "a chave pública é %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "erro de rede"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "contrasinal erróneo"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "non se atopou a chave pública"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "erro lendo `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr " creouse un novo ficheiro de configuración `%s'\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr " creouse un novo ficheiro de configuración `%s'\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "actualiza-la base de datos de confianza"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "usar coma ficheiro de saída"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "non se atopou a chave pública"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "gravando a chave secreta en `%s'\n"
@@ -11404,114 +11665,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
+
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "escribindo a `%s'\n"
+msgid "authenticate to the card"
+msgstr "Creouse o certificado de revocación.\n"
 
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "buscar chaves nun servidor de chaves"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "¿Saír sin gardar? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "cambia-la fecha de expiración"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "solicitando a chave %08lX de %s\n"
+msgid "read a certificate from a data object"
+msgstr "Creouse o certificado de revocación.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Non se deu unha descrición)\n"
+msgid "store a certificate to a data object"
+msgstr "Creouse o certificado de revocación.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "cambia-lo contrasinal"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|axusta-lo xogo de caracteres do terminal a NOME"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
+#~ msgid "use a log file for the server"
+#~ msgstr "buscar chaves nun servidor de chaves"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+#~ msgid "argument not expected"
+#~ msgstr "gravando a chave secreta en `%s'\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "opcións de importación non válidas\n"
+#~ msgid "read error"
+#~ msgstr "erro de lectura de ficheiro"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "erro escribindo no chaveiro `%s': %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "liña longa de máis\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "argumento non válido"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "armadura non válida"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "comandos conflictivos\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "non se atopou a chave `%s': %s\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "opcións de importación non válidas\n"
+
+#, fuzzy
+#~ msgid "out of core"
+#~ msgstr "non procesado"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "lendo de `%s'\n"
+#~ msgid "invalid meta command"
+#~ msgstr "comandos conflictivos\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "   sin IDs de usuario: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "destinatario por defecto `%s' descoñecido\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "               alias \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "datos inesperados"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "               alias \""
+#~ msgid "invalid option"
+#~ msgstr "opcións de importación non válidas\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "       non importadas: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Comando incorrecto (tente \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "               alias \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opcións de importación non válidas\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "               alias \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTA: non existe o ficheiro de opcións por defecto `%s'\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Non se deu unha descrición)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "ficheiro de opcións `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "AVISO: ¡úsase memoria insegura!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "non se pode empregar %s no modo %s\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "non se puido poñe-la armadura: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "non se puido executar %s \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "non se puido executar un programa externo\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "non se puido le-la resposta do programa externo: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "non se puido poñe-la armadura: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA e ElGamal (por defecto)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "non se puido quita-la armadura: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "¿Saír sin gardar? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11562,8 +11898,8 @@ msgstr ""
 #~ msgstr "non se puido abrir %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "erro lendo `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "erro escribindo no chaveiro `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11622,12 +11958,6 @@ msgstr ""
 #~ msgstr "erro ao crea-lo contrasinal: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "non se pode empregar %s no modo %s\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12934,9 +13264,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "borrar sinaturas"
 
-#~ msgid "change the expire date"
-#~ msgstr "cambia-la fecha de expiración"
-
 #~ msgid "set preference list"
 #~ msgstr "estabrece-la lista de preferencias"
 
@@ -13368,9 +13695,6 @@ msgstr ""
 #~ "NOTA: Detectouse unha clave primaria Elgamal - ha tomar algún tempo "
 #~ "importala\n"
 
-#~ msgid " (default)"
-#~ msgstr " (por defecto)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  creada: %s caduca: %s"
 
@@ -13495,9 +13819,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "quit|saír"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (asinar e cifrar)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/gnupg2.pot b/po/gnupg2.pot
index 3bd77a6..79cbacb 100644
--- a/po/gnupg2.pot
+++ b/po/gnupg2.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: GNU gnupg 2.2.39\n"
+"Project-Id-Version: GNU gnupg 2.3.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,56 +18,56 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr ""
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr ""
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr ""
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -78,24 +78,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr ""
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -105,287 +94,268 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr ""
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr ""
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr ""
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr ""
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr ""
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr ""
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr ""
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr ""
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr ""
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr ""
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr ""
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr ""
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr ""
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr ""
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr ""
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr ""
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr ""
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr ""
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr ""
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr ""
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr ""
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, c-format
-msgid "error writing to pipe: %s\n"
+msgid "error creating temporary file: %s\n"
 msgstr ""
 
-#: agent/genkey.c:182 agent/genkey.c:188
-msgid "Enter new passphrase"
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
 msgstr ""
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
+#: agent/genkey.c:154
+msgid "Enter new passphrase"
 msgstr ""
 
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -393,465 +363,468 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr ""
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr ""
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr ""
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr ""
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr ""
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr ""
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr ""
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr ""
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr ""
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr ""
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr ""
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr ""
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr ""
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr ""
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr ""
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
 msgstr ""
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
 msgstr ""
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
 " "
 msgstr ""
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr ""
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr ""
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr ""
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr ""
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr ""
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr ""
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr ""
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr ""
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr ""
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr ""
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr ""
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr ""
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr ""
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -864,18 +837,18 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr ""
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -888,7 +861,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -898,137 +871,137 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr ""
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr ""
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr ""
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr ""
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr ""
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr ""
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr ""
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr ""
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr ""
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr ""
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr ""
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr ""
@@ -1043,33 +1016,33 @@ msgstr ""
 msgid "problem setting the gpg-agent options\n"
 msgstr ""
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr ""
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr ""
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr ""
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr ""
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr ""
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr ""
 
@@ -1123,49 +1096,90 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr ""
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr ""
+
+#: common/asshelp.c:350
+#, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr ""
+
+#: common/asshelp.c:351
+#, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr ""
+
+#: common/asshelp.c:364
+#, c-format
+msgid "connection to the dirmngr established\n"
+msgstr ""
+
+#: common/asshelp.c:366
+#, c-format
+msgid "connection to the keyboxd established\n"
+msgstr ""
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr ""
+
+#: common/asshelp.c:485
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "no running %s - starting '%s'\n"
 msgstr ""
 
-#: common/asshelp.c:347
+#: common/asshelp.c:588
 #, c-format
-msgid "connection to %s established\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr ""
+
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr ""
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:430
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "WARNING: %s\n"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:740
 #, c-format
-msgid "connection to agent is in restricted mode\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
-#: common/asshelp.c:578
+#: common/asshelp.c:742
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
 msgstr ""
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
@@ -1236,7 +1250,7 @@ msgid "algorithm: %s"
 msgstr ""
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1311,11 +1325,11 @@ msgstr ""
 msgid "Root certificate trustworthy"
 msgstr ""
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr ""
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr ""
 
@@ -1352,7 +1366,7 @@ msgstr ""
 msgid "ignoring garbage line"
 msgstr ""
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr ""
 
@@ -1361,128 +1375,26 @@ msgstr ""
 msgid "invalid radix64 character %02x skipped\n"
 msgstr ""
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr ""
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr ""
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr ""
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr ""
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr ""
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr ""
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr ""
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr ""
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr ""
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr ""
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr ""
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr ""
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr ""
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr ""
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1498,514 +1410,505 @@ msgstr ""
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr ""
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr ""
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr ""
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr ""
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr ""
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr ""
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr ""
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr ""
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr ""
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr ""
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr ""
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr ""
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr ""
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr ""
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr ""
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr ""
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr ""
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr ""
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr ""
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr ""
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr ""
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr ""
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr ""
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr ""
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
 "an '='\n"
 msgstr ""
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr ""
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr ""
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr ""
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr ""
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr ""
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr ""
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr ""
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr ""
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
+msgid "%s is not compliant with %s mode\n"
 msgstr ""
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
+msgid "error from TPM: %s\n"
 msgstr ""
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
+msgid "problem with the agent: %s\n"
 msgstr ""
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr ""
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr ""
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr ""
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr ""
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr ""
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr ""
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr ""
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr ""
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr ""
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr ""
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr ""
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr ""
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr ""
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr ""
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr ""
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr ""
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr ""
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr ""
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr ""
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr ""
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr ""
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr ""
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr ""
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr ""
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr ""
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr ""
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr ""
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr ""
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr ""
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr ""
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2013,183 +1916,194 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr ""
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr ""
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr ""
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr ""
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr ""
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr ""
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr ""
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr ""
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr ""
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr ""
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr ""
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr ""
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr ""
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr ""
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr ""
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr ""
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr ""
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr ""
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr ""
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr ""
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr ""
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr ""
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr ""
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr ""
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr ""
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr ""
 
-#: g10/delkey.c:161 g10/delkey.c:168
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
-msgid "(unless you specify the key by fingerprint)\n"
+msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr ""
 
-#: g10/delkey.c:167
+#: g10/delkey.c:165 g10/delkey.c:172
 #, c-format
-msgid "can't do this in batch mode without \"--yes\"\n"
+msgid "(unless you specify the key by fingerprint)\n"
 msgstr ""
 
 #: g10/delkey.c:182
@@ -2229,9 +2143,9 @@ msgstr ""
 msgid "subkey"
 msgstr ""
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr ""
@@ -2256,151 +2170,110 @@ msgstr ""
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr ""
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr ""
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr ""
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr ""
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr ""
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr ""
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
-#, c-format
-msgid "cipher algorithm '%s' may not be used in %s mode\n"
-msgstr ""
-
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
-#, c-format
-msgid "digest algorithm '%s' may not be used in %s mode\n"
-msgstr ""
-
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr ""
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:544 g10/encrypt.c:795
 #, c-format
-msgid "reading from '%s'\n"
-msgstr ""
-
-#: g10/encrypt.c:797 g10/sign.c:1162
-#, c-format
-msgid ""
-"WARNING: forcing compression algorithm %s (%d) violates recipient "
-"preferences\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
 msgstr ""
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "(use option \"%s\" to override)\n"
 msgstr ""
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
-msgid "option '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
-msgid "%s encrypted data\n"
+msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/encrypt.c:727
 #, c-format
-msgid "encrypted with unknown algorithm %d\n"
+msgid "reading from '%s'\n"
 msgstr ""
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/encrypt.c:783
 #, c-format
 msgid ""
-"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
-msgstr ""
-
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
-#, c-format
-msgid "problem handling encrypted packet\n"
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
 msgstr ""
 
-#: g10/exec.c:60
+#: g10/encrypt.c:838 sm/encrypt.c:766
 #, c-format
-msgid "no remote program execution supported\n"
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
 msgstr ""
 
-#: g10/exec.c:389
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
 msgstr ""
 
-#: g10/exec.c:500
+#: g10/encrypt.c:1066
 #, c-format
-msgid "unable to execute shell '%s': %s\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
 msgstr ""
 
-#: g10/exec.c:591
+#: g10/encrypt.c:1159
 #, c-format
-msgid "system error while calling external program: %s\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr ""
 
-#: g10/exec.c:602 g10/exec.c:669
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
-msgid "unnatural exit of external program\n"
+msgid "option '%s' may not be used in %s mode\n"
 msgstr ""
 
-#: g10/exec.c:617
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "unable to execute external program\n"
+msgid "%s.%s encrypted data\n"
 msgstr ""
 
-#: g10/exec.c:634
+#: g10/decrypt-data.c:244
 #, c-format
-msgid "unable to read external program response: %s\n"
+msgid "encrypted with unknown algorithm %d\n"
 msgstr ""
 
-#: g10/exec.c:680 g10/exec.c:687
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 
-#: g10/exec.c:692
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgid "problem handling encrypted packet\n"
 msgstr ""
 
 #: g10/export.c:119
@@ -2423,372 +2296,372 @@ msgstr ""
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr ""
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr ""
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr ""
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr ""
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr ""
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr ""
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr ""
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr ""
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr ""
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr ""
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr ""
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr ""
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr ""
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr ""
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr ""
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr ""
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr ""
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr ""
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr ""
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr ""
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr ""
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr ""
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr ""
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr ""
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr ""
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr ""
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr ""
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr ""
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr ""
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr ""
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr ""
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr ""
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr ""
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr ""
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr ""
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr ""
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr ""
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr ""
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr ""
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr ""
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr ""
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr ""
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr ""
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr ""
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr ""
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr ""
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr ""
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr ""
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr ""
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr ""
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr ""
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr ""
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr ""
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr ""
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr ""
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr ""
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr ""
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr ""
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr ""
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr ""
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr ""
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr ""
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
 msgstr ""
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr ""
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
 msgstr ""
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2800,554 +2673,566 @@ msgid ""
 " --fingerprint [names]      show fingerprints\n"
 msgstr ""
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr ""
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
 "Default operation depends on the input data\n"
 msgstr ""
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
 msgstr ""
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr ""
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr ""
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr ""
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr ""
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr ""
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr ""
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr ""
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr ""
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr ""
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr ""
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr ""
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr ""
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr ""
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr ""
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr ""
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr ""
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr ""
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr ""
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr ""
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr ""
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr ""
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr ""
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr ""
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr ""
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr ""
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr ""
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr ""
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr ""
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr ""
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr ""
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr ""
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr ""
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr ""
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr ""
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr ""
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr ""
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr ""
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr ""
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr ""
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr ""
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr ""
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr ""
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr ""
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr ""
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr ""
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr ""
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr ""
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr ""
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr ""
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr ""
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr ""
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr ""
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr ""
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr ""
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr ""
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr ""
@@ -3360,7 +3245,7 @@ msgstr ""
 msgid "make timestamp conflicts only a warning"
 msgstr ""
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr ""
 
@@ -3404,294 +3289,307 @@ msgid "do not update the trustdb after import"
 msgstr ""
 
 #: g10/import.c:181
-msgid "show key during import"
+msgid "enable bulk import mode"
 msgstr ""
 
 #: g10/import.c:184
-msgid "only accept updates to existing keys"
+msgid "show key during import"
 msgstr ""
 
 #: g10/import.c:187
-msgid "remove unusable parts from key after import"
+msgid "show key but do not actually import"
 msgstr ""
 
 #: g10/import.c:190
-msgid "remove as much as possible from key after import"
+msgid "only accept updates to existing keys"
 msgstr ""
 
 #: g10/import.c:193
-msgid "ignore key-signatures which are not self-signatures"
+msgid "remove unusable parts from key after import"
 msgstr ""
 
 #: g10/import.c:196
-msgid "run import filters and export key immediately"
+msgid "remove as much as possible from key after import"
 msgstr ""
 
 #: g10/import.c:199
+msgid "ignore key-signatures which are not self-signatures"
+msgstr ""
+
+#: g10/import.c:202
+msgid "run import filters and export key immediately"
+msgstr ""
+
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr ""
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr ""
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr ""
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr ""
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr ""
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr ""
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr ""
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr ""
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr ""
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr ""
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr ""
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr ""
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr ""
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr ""
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr ""
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr ""
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr ""
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr ""
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr ""
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr ""
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr ""
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr ""
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr ""
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr ""
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr ""
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr ""
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr ""
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr ""
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr ""
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr ""
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr ""
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr ""
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr ""
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr ""
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr ""
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr ""
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr ""
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr ""
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr ""
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr ""
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr ""
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr ""
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr ""
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr ""
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr ""
@@ -3704,197 +3602,203 @@ msgstr ""
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr ""
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr ""
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr ""
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr ""
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr ""
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr ""
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr ""
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr ""
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr ""
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr ""
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr ""
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr ""
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr ""
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr ""
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr ""
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr ""
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr ""
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr ""
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr ""
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr ""
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr ""
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr ""
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr ""
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr ""
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr ""
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr ""
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr ""
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr ""
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr ""
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr ""
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr ""
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr ""
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr ""
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr ""
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr ""
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr ""
@@ -3914,77 +3818,72 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr ""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr ""
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr ""
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr ""
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr ""
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr ""
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr ""
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr ""
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr ""
@@ -3997,7 +3896,7 @@ msgstr ""
 msgid "[self-signature]"
 msgstr ""
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4005,12 +3904,12 @@ msgid ""
 "etc.)\n"
 msgstr ""
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr ""
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr ""
@@ -4037,12 +3936,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr ""
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr ""
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr ""
 
@@ -4204,186 +4103,190 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr ""
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr ""
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr ""
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr ""
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr ""
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr ""
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr ""
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr ""
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr ""
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr ""
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr ""
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr ""
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr ""
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr ""
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr ""
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr ""
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr ""
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr ""
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr ""
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr ""
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr ""
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr ""
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr ""
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr ""
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr ""
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr ""
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr ""
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4391,676 +4294,686 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr ""
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr ""
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr ""
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr ""
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr ""
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr ""
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr ""
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr ""
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr ""
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr ""
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr ""
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr ""
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr ""
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr ""
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr ""
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr ""
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr ""
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr ""
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr ""
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr ""
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr ""
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr ""
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr ""
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr ""
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr ""
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr ""
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr ""
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr ""
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr ""
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr ""
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr ""
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr ""
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr ""
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 msgstr ""
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr ""
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr ""
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 msgstr ""
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr ""
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
 "         of PGP to reject this key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr ""
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr ""
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr ""
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr ""
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr ""
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr ""
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr ""
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr ""
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
 "         some versions of PGP to reject this key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr ""
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr ""
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr ""
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr ""
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr ""
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr ""
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr ""
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr ""
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr ""
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr ""
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr ""
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr ""
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr ""
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr ""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr ""
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr ""
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr ""
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr ""
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr ""
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr ""
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr ""
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr ""
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr ""
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr ""
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr ""
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr ""
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr ""
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr ""
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr ""
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr ""
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr ""
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr ""
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr ""
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr ""
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr ""
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr ""
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr ""
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr ""
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr ""
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr ""
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5074,161 +4987,166 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr ""
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr ""
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr ""
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr ""
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
 msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr ""
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr ""
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr ""
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr ""
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr ""
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr ""
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr ""
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr ""
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr ""
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr ""
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr ""
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr ""
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr ""
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5238,7 +5156,7 @@ msgid ""
 "      <n>y = key expires in n years\n"
 msgstr ""
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5248,48 +5166,48 @@ msgid ""
 "      <n>y = signature expires in n years\n"
 msgstr ""
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr ""
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr ""
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr ""
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr ""
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr ""
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr ""
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr ""
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
 msgstr ""
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr ""
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5300,7 +5218,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5310,49 +5228,49 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr ""
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr ""
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr ""
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr ""
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr ""
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr ""
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr ""
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr ""
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr ""
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5360,7 +5278,7 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 
@@ -5375,31 +5293,31 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr ""
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr ""
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr ""
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr ""
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr ""
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5407,13 +5325,13 @@ msgid ""
 "generator a better chance to gain enough entropy.\n"
 msgstr ""
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr ""
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5421,688 +5339,689 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr ""
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr ""
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr ""
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr ""
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr ""
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr ""
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr ""
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr ""
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr ""
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr ""
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
 msgstr ""
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr ""
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr ""
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr ""
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr ""
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr ""
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr ""
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr ""
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr ""
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr ""
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr ""
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr ""
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr ""
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr ""
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr ""
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr ""
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr ""
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr ""
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr ""
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr ""
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr ""
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr ""
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr ""
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr ""
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr ""
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr ""
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr ""
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr ""
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr ""
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
 #, c-format
-msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr ""
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
 #, c-format
-msgid "passphrase generated with unknown digest algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
 msgstr ""
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:391
 #, c-format
-msgid "public key is %s\n"
+msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr ""
 
-#: g10/mainproc.c:599
+#: g10/mainproc.c:472
 #, c-format
-msgid "public key encrypted data: good DEK\n"
+msgid "public key is %s\n"
 msgstr ""
 
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr ""
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr ""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr ""
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr ""
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr ""
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr ""
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr ""
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr ""
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr ""
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr ""
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr ""
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr ""
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr ""
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr ""
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr ""
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr ""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr ""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr ""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr ""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr ""
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr ""
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr ""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr ""
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr ""
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr ""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr ""
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr ""
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr ""
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr ""
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ""
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr ""
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr ""
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr ""
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr ""
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr ""
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr ""
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr ""
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr ""
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr ""
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr ""
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr ""
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr ""
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr ""
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr ""
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr ""
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr ""
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr ""
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr ""
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr ""
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr ""
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr ""
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr ""
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr ""
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr ""
@@ -6125,84 +6044,75 @@ msgstr ""
 msgid "Enter new filename"
 msgstr ""
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr ""
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr ""
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr ""
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr ""
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr ""
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr ""
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr ""
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr ""
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr ""
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr ""
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr ""
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr ""
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr ""
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr ""
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6212,7 +6122,7 @@ msgid ""
 "%s"
 msgstr ""
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6221,34 +6131,75 @@ msgid ""
 "Keeping the image close to 240x288 is a good size to use.\n"
 msgstr ""
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr ""
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr ""
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr ""
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr ""
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr ""
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr ""
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr ""
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr ""
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr ""
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr ""
@@ -6263,283 +6214,295 @@ msgstr ""
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr ""
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr ""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr ""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr ""
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr ""
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr ""
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr ""
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr ""
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr ""
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr ""
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr ""
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr ""
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr ""
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr ""
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
 "question with yes.\n"
 msgstr ""
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
 "you may answer the next question with yes.\n"
 msgstr ""
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr ""
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr ""
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
 #, c-format
-msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgid "checking User ID \"%s\"\n"
 msgstr ""
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:681
 #, c-format
-msgid "WARNING: This key has been revoked by its owner!\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
 msgstr ""
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:684
 #, c-format
-msgid "         This could mean that the signature is forged.\n"
+msgid "issuer \"%s\" does not match any User ID\n"
 msgstr ""
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:687
 #, c-format
-msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgid "option %s given but no matching User ID found\n"
 msgstr ""
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:696
 #, c-format
-msgid "Note: This key has been disabled.\n"
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 
-#: g10/pkclist.c:613
+#: g10/pkclist.c:699
 #, c-format
-msgid "Note: Verified signer's address is '%s'\n"
+msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr ""
 
-#: g10/pkclist.c:620
+#: g10/pkclist.c:700
 #, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
+msgid "         This could mean that the signature is forged.\n"
 msgstr ""
 
-#: g10/pkclist.c:632
+#: g10/pkclist.c:706
 #, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr ""
 
-#: g10/pkclist.c:640
+#: g10/pkclist.c:711
 #, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgid "Note: This key has been disabled.\n"
 msgstr ""
 
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr ""
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr ""
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr ""
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr ""
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr ""
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr ""
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr ""
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr ""
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr ""
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr ""
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr ""
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
 msgstr ""
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr ""
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr ""
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr ""
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr ""
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr ""
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr ""
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr ""
@@ -6549,76 +6512,81 @@ msgstr ""
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr ""
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr ""
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr ""
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr ""
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr ""
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr ""
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr ""
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr ""
@@ -6636,44 +6604,44 @@ msgstr ""
 msgid "(This is a sensitive revocation key)\n"
 msgstr ""
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr ""
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr ""
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr ""
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr ""
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr ""
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr ""
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr ""
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6682,19 +6650,19 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr ""
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr ""
@@ -6707,16 +6675,16 @@ msgstr ""
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr ""
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr ""
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -6727,37 +6695,37 @@ msgid ""
 "your machine might store the data and make it available to others!\n"
 msgstr ""
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr ""
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr ""
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr ""
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr ""
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr ""
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr ""
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr ""
@@ -6767,61 +6735,56 @@ msgstr ""
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr ""
-
-#: g10/sig-check.c:82
+#: g10/sig-check.c:170
 #, c-format
-msgid "continuing verification anyway due to option %s\n"
+msgid "WARNING: signature digest conflict in message\n"
 msgstr ""
 
-#: g10/sig-check.c:190
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, c-format
-msgid "WARNING: signature digest conflict in message\n"
+msgid "key %s may not be used for signing in %s mode\n"
 msgstr ""
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr ""
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -6830,7 +6793,7 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -6838,100 +6801,100 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr ""
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr ""
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr ""
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr ""
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr ""
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr ""
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr ""
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr ""
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr ""
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr ""
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr ""
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr ""
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr ""
@@ -6943,43 +6906,43 @@ msgid ""
 "# (Use \"gpg --import-ownertrust\" to restore them)\n"
 msgstr ""
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr ""
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr ""
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr ""
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr ""
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr ""
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr ""
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr ""
@@ -6989,12 +6952,12 @@ msgstr ""
 msgid "can't lock '%s'\n"
 msgstr ""
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr ""
@@ -7009,7 +6972,7 @@ msgstr ""
 msgid "%s: directory does not exist!\n"
 msgstr ""
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr ""
@@ -7050,7 +7013,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr ""
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr ""
@@ -7060,52 +7023,52 @@ msgstr ""
 msgid "%s: error writing version record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr ""
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr ""
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr ""
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr ""
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr ""
@@ -7145,10 +7108,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr ""
@@ -7168,7 +7131,7 @@ msgstr ""
 msgid "error opening TOFU database '%s': %s\n"
 msgstr ""
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr ""
@@ -7334,107 +7297,107 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr ""
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr ""
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr ""
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr ""
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7451,159 +7414,159 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr ""
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr ""
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr ""
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr ""
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr ""
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr ""
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr ""
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr ""
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr ""
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr ""
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr ""
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr ""
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr ""
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr ""
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr ""
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -7615,39 +7578,39 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr ""
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr ""
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr ""
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr ""
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -7669,19 +7632,29 @@ msgstr ""
 msgid "can't open fd %d: %s\n"
 msgstr ""
 
-#: kbx/kbxutil.c:92
-msgid "set debugging flags"
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr ""
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
 msgstr ""
 
 #: kbx/kbxutil.c:93
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr ""
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -7690,123 +7663,211 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
-msgid "||Please enter the PIN for the key to create qualified signatures."
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
 msgstr ""
 
-#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
-msgid "|A|Please enter the Admin PIN"
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
 msgstr ""
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr ""
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr ""
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr ""
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr ""
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr ""
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr ""
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr ""
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr ""
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr ""
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] ""
+msgstr[1] ""
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string.  Use %0A (single percent) for a linefeed.
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
+msgid "|A|Please enter the Admin PIN"
+msgstr ""
+
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr ""
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
 msgstr ""
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr ""
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr ""
@@ -7814,42 +7875,42 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr ""
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -7857,20 +7918,20 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr ""
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -7878,120 +7939,78 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] ""
-msgstr[1] ""
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr ""
@@ -8003,95 +8022,93 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr ""
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr ""
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr ""
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr ""
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr ""
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr ""
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr ""
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr ""
 
@@ -8124,7 +8141,7 @@ msgstr ""
 msgid "certificate policy not allowed"
 msgstr ""
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr ""
@@ -8139,7 +8156,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr ""
@@ -8159,231 +8176,231 @@ msgstr ""
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr ""
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr ""
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr ""
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr ""
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr ""
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr ""
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr ""
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr ""
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr ""
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr ""
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr ""
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr ""
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr ""
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr ""
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr ""
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr ""
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr ""
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr ""
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr ""
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr ""
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr ""
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8393,176 +8410,186 @@ msgid ""
 "created %s, expires %s.\n"
 msgstr ""
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr ""
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr ""
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr ""
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr ""
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr ""
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr ""
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr ""
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr ""
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr ""
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr ""
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr ""
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr ""
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr ""
@@ -8572,327 +8599,356 @@ msgstr ""
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr ""
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr ""
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr ""
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr ""
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr ""
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
 msgstr ""
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr ""
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr ""
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr ""
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr ""
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr ""
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr ""
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr ""
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr ""
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr ""
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr ""
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr ""
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr ""
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr ""
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr ""
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr ""
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr ""
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr ""
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr ""
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr ""
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr ""
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr ""
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr ""
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
 "Default operation depends on the input data\n"
 msgstr ""
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr ""
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr ""
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr ""
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr ""
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr ""
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr ""
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr ""
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr ""
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr ""
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr ""
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr ""
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr ""
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -8901,17 +8957,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr ""
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr ""
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -8922,14 +8978,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -8937,53 +8993,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr ""
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr ""
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr ""
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr ""
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr ""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr ""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9008,100 +9069,100 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr ""
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr ""
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr ""
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr ""
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr ""
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr ""
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr ""
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr ""
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr ""
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr ""
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr ""
@@ -9612,55 +9673,55 @@ msgstr ""
 msgid "certificate search not possible due to disabled %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -9668,338 +9729,511 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr ""
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr ""
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
 "options)\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr ""
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr ""
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr ""
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr ""
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr ""
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr ""
@@ -10029,51 +10263,31 @@ msgstr ""
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr ""
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr ""
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr ""
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr ""
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10159,91 +10373,91 @@ msgstr ""
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10253,67 +10467,71 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr ""
@@ -10356,237 +10574,254 @@ msgstr ""
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr ""
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr ""
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr ""
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr ""
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr ""
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr ""
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr ""
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr ""
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr ""
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr ""
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr ""
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr ""
 
@@ -10599,3 +10834,77 @@ msgid ""
 "Syntax: gpg-check-pattern [options] patternfile\n"
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
+
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr ""
+
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr ""
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
+
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr ""
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr ""
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
diff --git a/po/hu.gmo b/po/hu.gmo
index eaab27e7952629bfa52e5da01f968ba1f91a56bc..14829252099e9f48e6fbf7186eaf7373f122143a 100644
GIT binary patch
delta 9196
zcmYk=34Bgh{>Sl?Ac91!K_v2sL=qB$#4aNCrS^R%35g|$*xNp-5KHZAN$t8|RHree
z7*)C{M(eNbXiHVAqf>1es(-3FpKs1FFZb17-sgAjz2~0o-lR@l^Idh>*L$T>$@PX~
zhmSF#7#V0xyst5FA*wazY6LlcgZ^9-RL7WV<kcgMsfh`w`+7LDoCVHZ&J);y>n>vh
zjEFL(t1({Fhk_a?#2R?m<rkd4V0G#P>e}m~kTy&z@}C*ck2qX`YUe0c!hgE_N32Nh
zA8p$YL0y-KBY3{)Lm`Zc1E>+5Lp|^ZtcAWY^cHI)eK8%7Hq8XAjjLUK5$d{2$RwGE
zNE5~rOJEn&gR`&-7AWWWrqER!MosNGtbo^%Hq1TLh{NmI8#`cS@*$`PO-6Newexl7
zc~pBpqdM$Y-wq%iHDmqIs~+Z2=z_0e0N!>!Ld{G$uGSui#RMFLTEoStZE^_x@B%i$
zOPGj(+@$+b`9UAdR8)rxQTM+c&;0vS_?e0__!|bI4`*9q5UK;+P)n1EYG46sM6Wu}
zqo(v8s=aazjp>Y4Fa?KWGHyY}WWK^S=%2v+2T|z6u(WmqQ4gMj+C&FYo96?UUqbq5
zZem#sX=FPTg_?n`sCIhe3pgD+VnAa%kiMuHn~GYp=e-oPmU}TAk7Fggf_fWnqi!h2
zylPX{#j4mA)$svX5i>9tXQ4Lf3M`EW(SyfOd+D;v{a7Cjz#C0L4K&8e*umw4Q5~3o
z>c9fj$hM(&@k!KuU!yvH8#U63N%nz*FpYdRYRSGr&75h<K7s~#P4E9;3VwW8S~asH
zOl@x0a2RUD=~xb*L1xn|L5<`ns$<`w_Q;>;!LSxwOMA(v0UT>-49jgk!>Z`l${LDQ
z^!_)dpegT+++&6!oi*!_{bW8uy+-#@53JbQHV}uk$x~5lnT~2FA472i24E3t)1AQT
zcoRKXiXB*;=bO3|)NotW+6_hZJP&n#Gv;6jTUfhzIX^TLXOUCp5q8DaZS8AUfVIev
zqNe@}<UjL>ANm9*r`Y@R(W?jkjY1dv617H=?QGr`myj2tIvAD8XfcH!TEl#7kNZ(G
zbsJOALuDr%qmw?orl|LS4^LOeFJc|^>&W=n;HDlsM<W@5yji9YBk(NhJ^uxxFql^P
zwwTtaCCWm*1>3L!9>7s}0yXs>J_4$bNA00x?1$Y@_iyd&wNrMHit<#HVH&Dnb<~F_
z9#!88^}2M!nm7PMahl6lpf=ZD)N6PG{qS?tnqR>%{0%jbs;rj=-pWfsJ;_FGp54ek
zGl!6UV(y?CPUvRsgmuY>yF4GYWScMsKXCQ8P#yK_Zl^o~)v^B0iB9i)3Ywx#s2=V`
z?e-5{eie1&Bh-{u?P1^d2-FOuqJBAzLXB(zYV++y-FF(*k*in^AENe>|5L`$q}SA;
zpc|*48d{Gjcm&mv-?27U?rFaZNvH=Wqdq{xQ1?%Eu0^%;7ODeRumS#xT8hYCwnJ?&
zRPWai3R;Vqs0Z$GzJvA2FQFPN)!R;eJyhNY%i~NefeTR&T!L&TvmIG(a|3xXOrt(_
zhI5^3u=w}?>l8F4=P+D1pr+8juU+$KEJNM~bzNuFNXDYR6Z2gCdaOYHx~qQ&qshNS
zwO4|zuMS6`_DUo4`cfE5L2Ew(%i=tj7og7XMosxEsLl5-s-Yh-2p^!9sBC}RP8{kj
z>V|soDAW=?i|X)hR6ED}Gyky^uDc6^2G|icK+Qx~)Pu8JeF18Tb~xX{2=Y%*4d2Cj
zSbm`GPz%&j4MPni4@+V`Y5<D|vi`hbW+N4q@Eg<v?xMa>0fVdwScSYl24fZmVjgOQ
zD^S<(M=il8*aWYkMjkxa+8XuXv8b7z=B1zqKkZzJ8qrRyjPId8UP2FE!z3&*#Ez^5
zYEO*BM4W?q;A^OvxQGe(C#s!<q4sTPfjaNaq_B#@TGVcj9A<xA_C__7hw=EbtG|eG
z<RypOjy6IqVSm(2Jc}W?1wD8eYv3ge#XG3$DvT)p1I23^Qqa^jLk|wa;u%5RxYFf&
zup0R>Y>F4rgXKorzjWeI_a&kp)EU+BbW}TQuonIW)y^5Lr1$?@3fdg^Q19`5Y=(cJ
z2a`tGsUC>o<nvIkRUr=XG3FGel824qe)7>+lRSN_y+03YlkaezLJj!3axaB4Y4!p2
zF_pYGHo&#0&3V$D4@kEoYlI%^d!ibi;_6qUrv5e5lAOjycn9^qM`hS0>xr6yY3Nl0
zODI&ueHe!Cpz6QIXV7Py-4kBa)E>YnJd3*iKd1**7;pDbOVj|yp*Goi)cF(G5dV!@
znvhK9zcGa_nf8Wxs2lcTUHlaF8a+f0CS=(T^udbc*{Fu{P`m#%jKptI9rd4JI~s+`
zySqHoxnctIuT681iZ=KGMq{ao_BD%lrXjz$%q9%L?=cYXU_JDiWbcbZb*MkK!1-7o
zk6~%Nf!bTQuqVcNC)>ZtW?@@hh<d*tqIP-XZ1=&zK=M4)NLFA++=t<K8#VHZQ|ySF
zqTc)A7>~<Qd*djU!OyS<daqLGKp}prG0iatHTC;YBe;NiaKJR%p%83G-Us#IwWz&Q
z<UEZU$k!Nv;W>8G#i72Sy|5dm<2Ige4p3l&n_koHCMm)Q^2?~HGP(A3YL0qff2^!(
z)OCx|gZof3a~5mi4_F=jXIN{a?r(`|cPN(A`@e=l92HwJ7SEt&;8!e*p)>9K8jTgn
zyJHNFK&@>7s^K?W{RPz9^E>J_3!7z^Bni8a4@2Fz8w+^8`Itg74w`LGY(Q<QllTaK
z!U!M!$6=0r-Gb&><53;$j#{D|Y>IiP0Ug4s_#LW)53mk~Jk95v_L9-7DZI{0o`n9-
z+Nn-PZI+=Jj5A#QGSu7gDz?RsQ4gxXC~9FF)Y1%hPQ_~E3s5urBC4bBqh{!$m-!E(
zaE}Ugz%S2EZEI{oo`DT<6E?!r7>>WAc6-g|iZ_u-!A;~>QLpjb`S$+9sLg#7dt#$}
zH$#|6ekh*@Yb|e5(Fdz8DE_O|j7N2#$oVf+12q@gkx#&0<a@CYAE2goLxH{j2<icT
zi)`KswKR*c6COvtQKpo4F%R|O8;%K7EL>v$0pd;64Y#p7#w<1FDa^%=coH@B{?FUJ
zlZ0wG7n|czY=?KTJT_fs?TBnQ)8FOZvlO%hU!vCLN92_^_c0kKEVm8q!7!ait#z3d
zb}z)B-iqF+`^Tb|YAQCyomdw?MGrni?TN6JbYAa&5(PD!jN0|Xu{|!rR(J+AlG3Z}
zm#izMlF!1?cm%anHCMY23~C0_F%q|6Gdzj$_yDz3F>ACbS^pjsx>GR|>+3>PkAFsu
zwCY;h<3x-m?|~7R>++50A%7by;Z>}Ocd!Nqt+VaMqB<}Dqc9(XdA`|0K|MNw#qTSs
z=MOLq!`IulBOkRV-og%e3-zF+4fgsz$dsCyr~!Cg{ma;v{0wS<<u+QIp*Nh0Gzv{I
zA8X?gRQ*@j03V{JwEhcrM$(=6m`MFj=jYA<-o+-=x5H{U154m?RQs#3FBWZL{#EeX
zY|KO)g0c7>>cPLbycX}6>bqb9=D2(pssrb+GWxz~r#2WhgRN0BF~+$VL&y)Hmf$0O
zk<`;$RA@~jx7aUUXVhAaL|<HndeBNNi|@MpJZfYmx7tnSkGd}ft6(-(#e7u9H=zdd
z5o#vxdR;~EHv51Sti_2L7=!Dae@Bhvd#s6p+wGFYI!B|f--sH>3Fo({ne^LXADDz~
z$p@i2<lX2BAEHKjA1mTR48`(0?U$}TYLm`G?ecAygl}LYyn*2uvdjLuZHXFrKlET0
z>VZo!4v!+6*lTW3(B_NZZB57O<b|k?97L_z`xuGeU<CTTWb0#5OVR<gl)bPw=A&lh
zB5FqeaP^@t+YU^|M7{r;DQJq$V<0}lmKgAg{Qz~w?d18Wkw(61U!Q^4ihMrm{^O{r
z{RxW)w8sqylc_I6jr<GLhpzNqI>7TyV+xwe@u-HjV0%1^nt=-Y?B<HVdgMb<OS2F)
z<vTG9Poie%Dz?T_f3fYRqS~2_n%Siohr7_Lo__33l-_UG%7ekww?jQ(F#6(bEQ#|_
zBg#X~)Z5qsA7DHtzGfYZKIGkru7r*vi)qY>kF@@ek69EZ>uL^Gz%+4X<$PC)AH2fV
zMUl@Z;>e?jYOa2^%GB%VPWd(tCDh3$j}J+X6D{=o&J^;vcs*_-bc`ea0kz(bkG2#V
z63sZrz)S+(#eqaHWgY4G9`<s%$N4RF(_NYEVcsAXl6TPfd2@;nt-X$c?n0Z{pW{GF
zl1+qiekswBawc(~(8p#3q4llp?jJ;1Z^F}0v=>i#BQcj4!#Qs@1@@V#j*AH1#{V6S
zDfOpr4mNkSjmQHjA0?&}e<PX^I`oH3eOojsm`kpW$9^=w5ib!Zh+#xi&b{En{EsK$
zl{T4Fe24u|#{feAj{g?^A90hoPP|D(x@*o;&T{4Fv9c@sQ?Fx(#pGi<&b1&)xw?Ph
zWvzcJDr*ormS7rIF3$K2lTW4G)a8e9yt`IaH7Wmu&nn?qKwKy;*&l;AA5QVAtD8gK
zo9IOzNo??vw4v~vyPyWXOZ-3a4Dl<mmTQ&~I;J{%ILlKvr1%VfdQmsn)vM}hq7(T8
zOu=t38Rz0?VlCm_PQ@V#pAnM?{c^cPG@yPv&c_IRhtN@<d?N8rn->4otl|{vy5aAx
zJ_IXLr(+(ms<^~=gu1UOcfoC1e_wZ^Efr@e>z9j<yYUOkM~FV;-CUhMJlBZ75}Syz
zL@VO)!MDsrbM1>npt~m(->3e7yC?=nQ&(5(|M)mX;cX(wRSe*Qk*)z%jiS65=iyiQ
zhblQr=o(^Cab|xcftvQyIgUF-YghK8yoM-46o3EkQTPX;W3|QPaB(i>8^j38?eGKQ
z7h(+gbHq^MbMiC9C_+aa>Lw8-D0_(4iT31=j~^*yxnwzd8**~-6Bj(9GU<uD66Iyo
z72ry2j(^9M_!R1>OF4+hCv*%aVkob}X*g4r?&wUeUrrT>t#*<aHI<#*1yv~DqI}Wi
zA7eOmwJ;H1!SeW`J1@==Rb9S=b2>&634}lSW*m-vv8y{DPx<llO$RDtNy`xniNVB7
zci|MuCyBB|9b%ZPpGaB90+*}&B{4$<jzS`o=<CjhJaJtr_5UHtd0k~KtVfh2HgG~m
zZK5an^Tiqexa<_AsGo)%aWY2W&pN@;(^CA84J!5{3W#IGr^HsS)v=WDUg1Xo6|uxR
zqLA23Y$0^)Au=dG#5I_QrwJXO5Z@C4O573sxPX5?QQktiG_jEgBc7$LdYb>16w;|k
z!!Y6?<yE+em_Yg8gpN3(2QiyyPdq-_=sH5jQ_dlnLtX|~6rW)b&eGI9p7kaA2rqXx
z&B7*JR2KWYi`P@G;8V1<PWKW;&7xoNSsNXjSTr;C&8XyYQ*zR>vd4R-&zU?qBR3~2
z&6AcjH8Uf}6E)ov6O|t8nVB_Z(wN+g>7JYn&SYg|=X$2*WQ@zm$;eL2D2nYB5mdBg
zWF?=X6Qc_JcD*#tcWue6)S}F+hYi}d`(GP58543RWK7DK``&6#=9uYovrp}y%`u+o
ur}pIJW_iYV(oXH4JU1iviKeqo?a0clT{QNE167J<?cd;2RR2JA-~R%?f{a7}

delta 9803
zcmZ|U30zlYzQ^$gEK?L0R9r$hqJW6thWmmVnr1G!=l&P|DvCh-QE~m7W~G@MX=-km
zRyv}I-b%C4J6NeTw%wM=vdO8YY$m&nn&ph$&-ed4cD*xm&#NEr=l7g*p7U(yptk1I
z@QMrJ!ShkKtv4Kd!;Fc++(=_OhZ}ROk!p?E(bSk!EX68Z^A^@8|EQTUcjEV``>H2c
zlbwB?S<c0n$#q*X4KHASV}ho3qP=k}HsnOH%hx#%U<2ykbbg6?@C}zYO0xI2L;7Nd
zAg9bMY>8Xk`O_Fh{*}vr!rDCFL^rn&ZjKsBZyb*ku`#}ay73&UgWsV#P$k*g4AsG&
zs7bpYW3dS1u>={cc>&e2Pp}DAYC%2EHwhGU;Q(ZIO&-!YvkpBxit5-otc%xN9+_hE
z7N{l3z*;y8>7$v3nvu1r`(D60_y+1ZpJ7lvt;9UZcxNwEgOgA_E=G-DJMy1-l^^Qh
z57-YIu|cY1ma_mga|@CG%v1bmji*s-|1)Z)lGB*~$`mrGZHEIe9fPPF4<my$7f?Np
zY-Jm0gH^~UVO7k*NDN>Xd=S-vW2mM27<K<u)PNe%8`-Nh^RKCyMui$&h<D?|*b~oU
z53Je77-q{1!tOW^YvN0&r8|Xs@VBVFlGs+8i#G|C4?qoQ0!H9UREM4nQqT;%jB4n2
zxDmg^KDdZ!(MV3BrtAW0ss4d=Fox-h!`2vuLr|ME3w8ZM)aKlX_3$97<FBJS82pez
zG=*<aYi!yZa|a}%hiRzIG}z_Es1a;JHLwfSkr!Nk2GxO2P#w668d&WPb`z(g?z<1^
zc+g}~&`6h}ho><MFQTSsP)9p;g~*#@cHjj(gO$UKDeGiMc(}7&!r!At`~g<OOV|dl
zqXv@7I;mqLv9aF&2Pk+{tj2{j_&hcwPwQq3`^EIbdRXjSg>}hyp{D!@(zbaM8LX+y
z24TONZde~@U?W_LYG)fZ!NVBK^UVho)X)`-!7A)Hy-o?JP1hDRq6z5X9G7oIHGB}Y
zbZ??M{sXGr>KVoq;!32-{DPW^9zE?QF2G=aD)v)g`OP(q#nfJQ>hDGFF$Jh^_w%R*
zuAm;6)Z4!Q15vwsgUe6ia`MQ#YzLo2s!Ta*39lgknYc{)sj14M^`5v6`{H|gS{OI8
zG4%f5Nu?g#7n@=+w#6;Tq?xynH`PS)?#5#eOhg~5qmLrrDzhK8MCVX%LG6A)`^jw5
zkMBJdZBbLd4r}3d)Fyf!hv6|)1GSho%~)Tof%8#&Vg>3$wB6O0q288bs1MQWs3rcB
z%T4eeyD4HYniFlYGWJKU`4DW3IjE65f*N@lsw02ID2yIpOjk@s_M!2kHrr0;OQ;z+
z>+&n8B@0%&*S;2=Q8!FR^|Tl@<xikG_L}ok=VjCkRU2qK7=zmFU0gmCbzcEi$44*@
zpFqvPVQi*-`VIw+>?&&W#SF4Hc13k$C|1Kf)NY@Lbl$8--S;`tkhx>9?LbRxLY|3L
za0=>y`B)oQqVC%klJ!4HK@D6)^|<B``~D`PmS6;`BYCKXR-l&PS=5L>cK(1V<PrDT
z_Bx=Ze5}itU=7`emGA|O=K1C*1vaF42iaey;ZXa!Oh&E!Zf6Cm1D~U2;s$C;8?rMs
zbDdF3I2x;B9_qSc)Ids5--ms!{xuBNqT+LR;s;D3uRh#1n2zf4Fl>&KF&rO5b!-(z
z;69hX=+3{7>gY$P8MuOKCuW3w?NU%n)O7^wuZG4`Q5WZ<MzRLAMh8$mejnA)B}~TX
zk@mWts1Z&?&BQ#^gEzbS7g0;}uJa=5`w%|Lwwo}D`ENl*1{Lbjbkts0i5lraybTYd
zMsNgqb<HV^!l=>q0STxNQ+KBiHK1h}jhitN526Nm9CiKqAO$T!`2F@zKy^?fzuP$z
z_23fJRPRJRxXgJ1HKO;h4qip=`iL?1cSRj+Po9n%*mP`!t1%sednxFFpP^>r_ObR;
z+8Wi657Tfu>ii~LgC|kDeZ)BXTk=6vI|nfpKXmoCkGG%R_Nb0dMlInoWF~^<00s5v
zEPD72HpGYtb}gHsrm7dJVL!%V3EqL_sPjkB!}F*a`UTZa)I^)N#QNkJ*a1hO$Mel9
z3R;2#s0L4<8aRb9cn<a8Yp4bjC%MgsYH%Xz`Z=gQvjQvO<Jb|`qKBt3^qs*t@|r&0
zwjhO86z&hBN7$SE;A9#gzl?X1U(2!$)Xlb=w7qi_YUFcWz7?C1A4j$G1#0P%{C3lh
zM4jJ(8rZ8C^e9}Q&;%<@u_qERmb^FWywBxJP)k*cTEk=52ERgm9~w-xYupPpGufzi
z7hpZyhK=#CtABSY^S_Xa%T%<&!fEz(*@+t25$C6<9*5=FO%{u4I1|<26imj4P@8f;
zYUCfIHf`1E_Ix_(ITKJzx@tP}-<HBLDs;moY=N;e><6bmwj(b<4|ic`>aaHX1yn<q
zQLj^cuASmhsOuJB0&a5oahHGM3=ht<o2NN;=fbX-gmY2vZK?A^yq7#O&;B|cgOTJ@
zQ5~Lzx^D-j;wkKmS1|=!=iALa4z($>aS#T#P{^e4EoSJ#0{h?s)NAq#>I?QM>VcP0
zBMX1P{;@p{wVVB@&9w|Q;=R}!-$r#PtkCYAR#=t%9%Mj4Gn|4tP>P-KD@??=fE__!
z)PonJI<yLV;j5?z-%(^YSCX?kY9Pa~I+kEO?!dZOf%o7?xLxmm(^>W}92J<%iKN-~
zhWk)cRfKvC_n{tm3hUt4sD}TJ9>&eFGt(3G_Ke2{xWKs{b^m_sh-a}H&o`Be?I$t{
z)qxDu4CG)0u0g#GPho95j?M8M)Y|@xYB+JOt?!F^JMytUu0<`$9_)v2q3&xikNJO?
zLMDYC_y+1k#C*G{I^Yd*AI69A*X;%Nbz90itJkg+)zRaqCHe|G;AL!yDT~}6NKhTj
zLk(mVK0|xui<o~+;r)y4rdxoT>T=YF<}60zH>i5^pxxy$m_eF}deB1{iw99l^S1K~
z)C^oh&1|hDwxeCJ33<OI%zsS^)2YzwHV-wm&tp6M1Gd7*rS?nL9W|1C)NWsm+wm}N
z!r>3u*Z4cs{VkW-%{>YAy6wi$3}HHXisoMroP_t`avXr?Pz@wKVjYWWU^Qyw=W#H`
zKFYqpJZy>)%kBMXs0Yk*`2o~}uVY_qyMq0N!MPObh4D8M)cg9=WA<M%TCB7;_)#6&
zf&=ku?1LR1w^P3WdywxzHT*Sp!d9#7YdQ^UkneRKK{mcQW%Hovx!NwlV2tF%MC2P|
zW}+HCkG-(*8oTKxqSksLCgB#;TX7O~{|DFxzreN_z1D8h{^*exVCb#DDtiC-P-x7F
za%_Qb<6U?iyJE&V+kyF*O8yG=#&2;Frj^(wT8(wdD^N4=5o(Xre!{-*9Z>h@p_Xb3
zCi8rAf`X>_BBo%6^|r^8Q6pWB>hW`^5ud<#{MzN!HrSE1!zk*9qu!RO*btYZ+TDuk
zz-dgtA2AqBq4ATpN9kCPd^D=(d6<PI*dBkx4w$;pJ|G))-D0eQyD<^>yZZN0oAqZ@
z2fFZz$SD|y>ozg}YOtINy^r6x6V*1`U&krfiTW|9nJ96VV><ae&dR(3%DZAaEWrA>
z3oGF<RQo4zC|+>3-@^RQpyJUj_5*Pl)5v4D+I*mM4z{Mg)aCD@9{6{xgKf6iDeZ%r
zkr}9&SmS&V8<C$!P5n=(j>ZMI+qE2qT8i1IHF_Mw@nzJ5ev1+KH<#Z)jjY`cySX}|
z?#suzxD~aO<*1II!esmjH4{xsZ654HK@Z5sSlosBAXPa3f*MJ^op#N;p_Xj4b2aMv
z*DxM0IisGoGua-SP@jz%_%NzNuUUiUM+)IoG~Z?4;}nb`?~a3U3^v8RsNH=QwHZIh
zHdueR-Aw(l0eKE;<V(=Qji?76!IpRtGqL_N8c5KXaiId63)R3Gtc`y{t=Sc9hP9rx
zBW#bVAB|d)0BS84;SelG%}Ax^?2NWV)ek^*U<+!-Ph%R-H#aCmV(K3I>FtVL$!FsZ
zEJuxW*k1ekEJK|?h}x`wMNMtYZ|u^HbCzHa>d&AaTy>xOwT|k54}+S@4HVSSo7f7k
zqv})2?3d7onvvbu5nsd>cnP&sjrQ9m=!lKUN1<kH7IwqUsP;Z|=OYier9Qy?Ys$M*
z(Go|ZHrG;A{ZaJrJ=EKA8RM|p^LEdq;BDk-sFAkAE?9`2u?$o3&(3-WL;tL3s)n(=
z)HD9jPqU5+9U9H`P|5z737-+Wh#AEF#P5j|Vk!4{#B$1YFblO0l87CI2B2e^CG@jC
z*L8Av8_M(a{8xx%LQ~h9%5KExly#gW#*;r5%J_!~$~v^e`x70=FX0f(#fHQ$gbqHY
zq2DXnoXe)%U6mXi$s-81l^y?GBy)*bRLsM^_zAI#@(CPI#1T8lhY@QC9RXZT=%3+r
zJcTt0z0MDWYV41VP)-!O>mu<D@(FtWJtW&n9wu~rM4Sqh7!Bt#2+h(!d<_?4I8i~l
zI=<zu)j!>9@7z54k{=^^*HuK3ZzI-_YcJV@mU~gDV=J+MxQAFo-Feh8jF?Y6PTdG1
zgL00$C(}ulc|<=rUL~|CM{=$)p}*R9CYtFa$3;S$a||(ABWugaK187^F^1?(S;s>b
za}FPOWqsejA^gOP#BE%E^LX=S;hzlSnhn%lC5{kZ5)G&e=1_R-mIg>e{|X{`+y3Qf
zMNKC0G|`CrZg*ECQ~rW-3Z@hKf5oc^9WBv^`9wR)b5&^%jo<zWR*rQy{F(A;RdDb%
z4INLrb1#q$BJ#-jaGLLkT*{Gn>k&`#psSd~`RT4a5(ks(gEsNz`>%6FRO)yHr`clY
zZ>kBDJz_KUi|~)c65_YS6GSWO`{2!^2?f40q2q4ORi`u@A11aFIzAvqQGU{npI;d6
zgify2503T3Gp>Fw<>9Kl<<O`2)?*^q-buv(TtYlYj3z2m_bu^PckyCp56%Uby5v)*
zzSAX~&=G4fLtVZR|KaLxpr4#idg!-cd&+r~<1mZx5%I(`)ZItaqPz}uY_^y!_RZ!3
zPU;wIF;nnkBAWU^?p%^H4S(mZyMohQ{W!`6uB_ADi2oq&CVCKqiOa;_i8Dk~uC1l@
z*Ds79Ng`27c?&KhenUAxOrfkJ-4gl@vX{Dth{M$FB*sy0jXx4|2py}5S=84iqA34?
z*hX9<DiJ!~zPbJna8Vm7{)?zW%qB(<I_h%nC0s%1x8wz)AEDzbVjAa%U^8q&9Hrco
z&@r353~LfoDR;$UB9S;t1pk{KshntwT~NpC7V|gkPhAmqa_63O{wH-M#9H$Ak>9YP
zV-tB(N_XO9;x1P|ld}Gv`5;k1-BjWyt^ZI83yH3r*iFnK77#jWIBmus(<$sD>bQ#I
zH&0-!yY_ahM!t$zK{?f3^C2dX-=XuwqeL&Q|M#4DnP}lIY>w}_vdHJct;7amAo(QX
zFNBU~sr%X%%?!%*DYwR+gpS=r3(D(>`9vjRbm$Cwjq(qEl6QzSSNQ~$I_||9xRTgI
z`4BG0pYi6=k9;RFf#^=?xR)rVJPI4BB6J)&A3vZ{|Ag#hFLPKguX!M6YMz&$mpeB(
z!g!w7TqlO=gg-B<aBe}-zdd)$O^2E#?hDIw7yGllY+sQt!XyN||E&u61A(0UJa2}7
z?yYB3H76%G*PHD3W(EA&C2u5kuHWka+&Lw`u!|R;5Qr~tel+3G^?`9U`}&LhS+k1#
zp1-)rUzq31^$H5}rxyBVM)1#`zR9_MuPEOu^!u{^<pOF01^Iaae-|$yaHz)k*sz+j
z0y%k8y{w#qY5qc0wwUl}<uSj`Ojf`*!}H}<lvb1#R+I+*d458ti*kx)<OeFsivGU~
zZoU6dS@!MW(ZAl3UsUAzn65NUO34@dyk?=<`Sm<a7I{<hr{>S_ruhQ%@+wMm^K#Nk
z%BI{Mt6BQ>y4k+a6nTMp6{RyPN(+5Ye?O(wq4pcf>JIYd<#;}CM#Zt*z^iL-&Q!jh
zILJTKE1H#^Ka<(d&z<cH{JSf?**ud+SCkfoChg4L{b7xGbfJHG(R6>Ve_q8Nx_Gm5
L`G<=3#f1M4y2D4N

diff --git a/po/hu.po b/po/hu.po
index 249b339..0ceb44b 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.2.20\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2020-06-09 23:10+0200\n"
 "Last-Translator: Nagy Ferenc László <nfl@nfllab.com>\n"
 "Language-Team: Hungarian <translation-team-hu@lists.sourceforge.net>\n"
@@ -15,51 +15,51 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Valóban törli a kiválasztott kulcsokat? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -67,7 +67,7 @@ msgstr "érvénytelen jelszó"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -78,25 +78,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "A jelszó túl hosszú!\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -106,298 +94,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "rossz jelszó"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "A sor túl hosszú!\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "A jelszó túl hosszú!\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Érvénytelen karakter a névben!\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "hibás MPI"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "rossz jelszó"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "jelszóváltoztatás"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "%d%s védő algoritmus nem támogatott.\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "Nem írható titkoskulcs-karikát találtam: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: Hashtábla létrehozása sikertelen: %s.\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Ismételje meg a jelszót: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Ismételje meg a jelszót: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Ismételje meg a jelszót: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "Írok a \"%s\" állományba.\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Írja be a jelszót!\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Mégis használjuk ezt a kulcsot? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -405,7 +373,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "A név legalább 5 karakter kell legyen!\n"
 msgstr[1] "A név legalább 5 karakter kell legyen!\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -413,382 +381,387 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Mégis használjuk ezt a kulcsot? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Most szükség van egy jelszóra (vagy mondatra), amely a titkos kulcsát védi.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "jelszóváltoztatás"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "A kulcsot lecserélték."
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "bőbeszédű mód"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "még szűkszavúbb mód"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "bizalmi adatbázis frissítése"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NÉV|terminál karakterkódolásának megadása"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "nem támogatott"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "nem támogatott"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|N. sorszámú jelszómód használata"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "gpg ügynök használata"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "A hibákat (angolul) a <gnupg-bugs@gnu.org> címre írja meg!\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "%s nem hozható létre: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: Könyvtárat létrehoztam.\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: Nem tudom a könyvtárat létrehozni: %s.\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: kihagyva: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -798,19 +771,19 @@ msgstr ""
 "Opciók:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -818,8 +791,8 @@ msgstr ""
 "@Parancsok:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -829,87 +802,86 @@ msgstr ""
 "Opciók:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Mégsem"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -922,19 +894,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "igen"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -947,7 +919,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -957,142 +929,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "jelszóváltoztatás"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Valóban törli a kiválasztott kulcsokat? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "kulcs engedélyezése"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "%d%s védő algoritmus nem támogatott.\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "%d%s védő algoritmus nem támogatott.\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "%d%s védő algoritmus nem támogatott.\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "Frissítés sikertelen: %s.\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
@@ -1108,33 +1080,33 @@ msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "Nem tudom letiltani a core fájlokat: %s.\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "Frissítés sikertelen: %s.\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "igen"
 
@@ -1189,51 +1161,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "Frissítés sikertelen: %s.\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
 msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "FIGYELEM: %s hatástalanítja %s-t!\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Kérem, használja előbb a \"toggle\" parancsot!\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1312,7 +1328,7 @@ msgid "algorithm: %s"
 msgstr "Páncél: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1396,12 +1412,12 @@ msgstr "Ez a kulcs lejárt!"
 msgid "Root certificate trustworthy"
 msgstr "rossz igazolás"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "rossz igazolás"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Kulcs található: "
@@ -1443,7 +1459,7 @@ msgstr "Nem áll rendelkezésre segítség \"%s\" témához."
 msgid "ignoring garbage line"
 msgstr "Hiba a záró sorban!\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "Ismeretlen módú"
@@ -1453,144 +1469,26 @@ msgstr "Ismeretlen módú"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "Írom a titkos kulcsot a %s állományba.\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "állományolvasási hiba"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "A sor túl hosszú!\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "érvénytelen argumentum"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "érvénytelen páncél"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "Egymásnak ellentmondó parancsok!\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "Érvénytelen import opciók!\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "nem feldolgozott"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "Egymásnak ellentmondó parancsok!\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "nem várt adat"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "Érvénytelen import opciók!\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "Érvénytelen import opciók!\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Érvénytelen parancs! (Próbálja a súgót: \"help\".)\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "Érvénytelen import opciók!\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "MEGJEGYZÉS: Nincs alapértelmezett opciós fájl (%s).\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "\"%s\" opciós fájl: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1606,144 +1504,145 @@ msgstr "Nem tudom megnyitni az állományt: %s.\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "A(z) %08lX nyilvános kulcsot nem találom: %s.\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "Páncél: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "Érvénytelen páncélfejléc: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "Páncélfejléc: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "Érvénytelen aláírásfejléc!\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "Páncélfejléc: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "Egymásba ágyazott olvashatószöveg-aláírások!\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "Váratlan páncél:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "Érvénytelen kötőjeles sor: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "Korai állományvég (nincs CRC).\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "Korai állományvég (a CRC-ben).\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "Hibás formájú CRC.\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC hiba; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "Korai állományvég (a lezárásban).\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "Hiba a záró sorban!\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "Nem találtam érvényes OpenPGP adatot.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "Érvénytelen páncél: %d karakternél hosszabb sor.\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "quoted printable karakter a páncélban - valószínűleg egy bugos MTA bűne.\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "nem olvasható forma"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1752,27 +1651,27 @@ msgstr ""
 "Egy jelölés neve csak nyomtatható karaktereket és szóközt tartalmazhat, és = "
 "jellel kell befejeződjön.\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "Egy felhasználójelölésnek tartalmaznia kell a \"@\" karaktert!\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "Egy felhasználójelölésnek tartalmaznia kell a \"@\" karaktert!\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "Egy jelölés értékében nem szerepelhet vezérlőkarakter!\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "Egy felhasználójelölésnek tartalmaznia kell a \"@\" karaktert!\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1782,370 +1681,354 @@ msgstr ""
 "Egy jelölés neve csak nyomtatható karaktereket és szóközt tartalmazhat, és = "
 "jellel kell befejeződjön.\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "FIGYELEM: Érvénytelen jelölő adatot találtam.\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Írja be a jelszót: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "FIGYELEM: %s hatástalanítja %s-t!\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s és %s egyelőre nem használható együtt!\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Kérem, használja előbb a \"toggle\" parancsot!\n"
+msgid "error from TPM: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s és %s egyelőre nem használható együtt!\n"
+msgid "problem with the agent: %s\n"
+msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "visszavonási igazolás készítése"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "Páncél: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "titkos kulcs nem áll rendelkezésre"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Ez a parancs %s módban nem engedélyezett.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Mit választ? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "nem feldolgozott"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "Nincs hozzá tartozó nyilvános kulcs: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "preferenciák frissítése"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Érvénytelen karakter a preferenciák között!\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Érvénytelen karakter a preferenciák között!\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Kulcsgenerálás sikertelen: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "Nem találtam érvényes OpenPGP adatot.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Milyen kulcsméretet szeretne? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "Felkerekítve %u bitre.\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Az aláírás lejárt: %s.\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (csak aláírás)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA és ElGamal (alapértelmezés)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Érvénytelen választás.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Ez a parancs %s módban nem engedélyezett.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Kihagytam: titkos kulcs már jelen van.\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2153,204 +2036,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Az aláírás lejárt: %s.\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Kérem, válassza ki a visszavonás okát:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "Frissítés sikertelen: %s.\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Kihagytam: titkos kulcs már jelen van.\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Valóban aláírja? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "kilépés ebből a menüből"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "Egymásnak ellentmondó parancsok!\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "megmutatja ezt a súgót"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Kulcs található: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "lejárat megváltoztatása"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "kulcstulajdonos megbízhatóságának beállítása"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "új kulcspár létrehozása"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "kulcstulajdonos megbízhatóságának beállítása"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "kulcstulajdonos megbízhatóságának beállítása"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "Egymásnak ellentmondó parancsok!\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "Egymásnak ellentmondó parancsok!\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Érvénytelen parancs! (Próbálja a súgót: \"help\".)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "Az --output opció nem működik ehhez a parancshoz.\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "Nem tudom megnyitni %s-t!\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(Kivéve, ha megad egy kulcsot az ujjlenyomatával.)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "Nem tudom ezt megcsinálni kötegelt módban \"--yes\" nélkül.\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(Kivéve, ha megad egy kulcsot az ujjlenyomatával.)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2392,9 +2288,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "Nyilvános kulcsú (pubkey): "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "Frissítés sikertelen: %s.\n"
@@ -2419,166 +2315,123 @@ msgstr "Van egy titkos kulcs a \"%s\" nyilvános kulcshoz!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "Először azt törölje a \"--delete-secret-keys\" opcióval!\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "Nem tudok szimmetrikus ESK csomagot használni a S2K mód miatt!\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "%s rejtjelezést használok.\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "\"%s\" már tömörített.\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "FIGYELEM: A(z) \"%s\" állomány üres.\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr ""
+"Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "Lehet, hogy nem használhatja \"%s\" kivonatoló algoritmust %s módban!\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "FIGYELEM: \"%s\" elavult opció!\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "Olvasok a \"%s\" állományból.\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "FIGYELEM: \"%s\" elavult opció!\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "A %s (%d) tömörítés használata sérti a címzett preferenciáit!\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s titkosítva \"%s\" számára\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s titkosított adat.\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "Ismeretlen algoritmussal (%d) titkosítva.\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "FIGYELEM: Az üzenet szimmetrikus titkosítását gyenge kulccsal végezték.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "Probléma a titkosított csomag kezelésekor!\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "Külső program meghívása nem támogatott.\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"A külső programok hívása tiltott, mert az \"options\" állomány engedélyei\n"
-"nem biztonságosak.\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"Ez a platform átmeneti állományokat igényel külső programok hívásához.\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "Nem tudom végrehajtani a következő \"%s\"-t: \"%s\": %s.\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "Nem tudom végrehajtani a következő \"%s\"-t: \"%s\": %s.\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "Rendszerhiba külső program hívásakor: %s.\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "A külső program nem természetes módon ért véget.\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "Nem tudom a végrehajtani a külső programot.\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "Nem tudom beolvasni a külső program válaszát: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr ""
-"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "FIGYELEM: nem tudom törölni a \"%s\" átmeneti könyvtárat: %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2604,405 +2457,405 @@ msgstr "használhatatlan titkos kulcs"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: kihagyva: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "Írok a \"%s\" állományba.\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "%08lX kulcs: Alkulcsaláírás rossz helyen - kihagytam.\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "%08lX kulcs: PGP 2.x stílusú kulcs - kihagytam.\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "FIGYELEM: Semmit sem exportáltam.\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "Hiba \"%s\" létrehozásakor: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[ismeretlen kulcs]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "Hiba \"%s\" létrehozásakor: %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "Hiba \"%s\" létrehozásakor: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "\"%s\" titkos kulcs nem található: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "%08lX érvénytelen kulcsot érvényesítettük az\n"
 "--allow-non-selfsigned-uid opcióval.\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "A %08lX másodlagos kulcsot használjuk a %08lX elsődleges helyett.\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "különálló aláírás készítése"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[fájl]|olvasható szöveg aláírása"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "különálló aláírás készítése"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "adat titkosítása"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "titkosítás csak szimmetrikus rejtjelezővel"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "adat visszafejtése (alapértelmezés)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "aláírás ellenőrzése"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "kulcsok listázása"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "kulcsok és aláírások listázása"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "kulcsaláírások ellenőrzése"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "kulcsok és ujjlenyomatok listázása"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "titkos kulcsok listázása"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "visszavonási igazolás készítése"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "kulcsok eltávolítása a nyilvánoskulcs-karikáról"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "kulcsok eltávolítása a titkoskulcs-karikáról"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "kulcs aláírása"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "kulcs aláírása helyileg"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "új kulcspár létrehozása"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "kulcs aláírása"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "kulcs aláírása helyileg"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "kulcs aláírása vagy szerkesztése"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "jelszóváltoztatás"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "kulcsok exportálása"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "kulcsok exportálása kulcsszerverre"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "kulcsok importálása kulcsszerverről"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "kulcsok keresése kulcsszerveren"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "minden kulcs frissítése kulcsszerverről"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "kulcsok importálása/összefűzése"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "bizalmi adatbázis frissítése"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [fájlok]|üzenet kivonatának kiírása"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NÉV|titkosítás NÉV részére"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "ne csináljon semmi változtatást"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "felülírás előtt rákérdezés"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "ascii páncélozott kimenet létrehozása"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "kanonikus szöveges mód használata"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|tömörítési szint beállítása N-re (0: tiltás)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "kulcsok importálása kulcsszerverről"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "kulcsaláírások ellenőrzése"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "titkos kulcsok listázása"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NÉV|titkosítás NÉV részére"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "felh. azonosító aláíráshoz és visszafejtéshez"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3010,7 +2863,7 @@ msgstr ""
 "@\n"
 "(A parancsok és opciók teljes listáját a man oldalon tekintheti meg.)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3040,13 +2893,13 @@ msgstr ""
 " --list-keys [nevek]        kulcsok kiíratása\n"
 " --fingerprint [nevek]      ujjlenyomatok kiíratása\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3061,7 +2914,7 @@ msgstr ""
 "Aláírás, ellenőrzés, titkosítás vagy visszafejtés.\n"
 "Az alapértelmezett művelet a bemeneti adattól függ.\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3069,551 +2922,567 @@ msgstr ""
 "\n"
 "Támogatott algoritmusok:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Nyilvános kulcsú (pubkey): "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Rejtjelező (cipher): "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Kivonatoló (hash): "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Tömörítő (compression): "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "Használat: gpg [opciók] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "Egymásnak ellentmondó parancsok!\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "Nem találtam = jelet a \"%s\" csoportdefinícióban!\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Nincs megfelelő aláírás a titkoskulcs-karikán.\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Nincs megfelelő aláírás a titkoskulcs-karikán.\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "mutatja a kilistázott kulcs kulcskarikáját is"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Nincs megfelelő aláírás a titkoskulcs-karikán.\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Ez a parancs %s módban nem engedélyezett.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "MEGJEGYZÉS: %s nem normál használatra van!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Ez nem érvényes e-mail cím.\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "Nem tudom a végrehajtási elérési utat %s értékre állítani!\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: Érvénytelen export opciók!\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "Érvénytelen import opciók!\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "FIGYELEM: A program core állományt hozhat létre!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "FIGYELEM: %s hatástalanítja %s-t!\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s és %s nem használható együtt!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s értelmetlen %s mellett!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "Az igazoláshoz kiválasztott kivonatoló algoritmus érvénytelen!\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed nagyobb kell legyen 0-nál!\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed nagyobb kell legyen 1-nél!\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth 1 és 255 közé kell essen!\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "Érvénytelen default-cert-level; 0, 1, 2 vagy 3 lehet.\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "Érvénytelen min-cert-level; 0, 1, 2 vagy 3 lehet.\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "MEGJEGYZÉS: Egyszerű S2K mód (0) erősen ellenjavallt!\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "Érvénytelen S2K mód; 0, 1 vagy 3 lehet.\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "Érvénytelen alapértelmezett preferenciák!\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "Érvénytelen személyes kivonatolópreferenciák!\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "Érvénytelen személyes tömörítőpreferenciák!\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "Kulcsméret érvénytelen; %u bitet használok.\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s és %s egyelőre nem használható együtt!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr ""
+"Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "Lehet, hogy nem használhatja \"%s\" tömörítő algoritmust %s módban!\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "FIGYELEM: Címzett megadva (-r), de nincs nyilvános kulcsú titkosítás!\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "Visszafejtés sikertelen: %s.\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "Vétel a kulcsszerverről sikertelen: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "Kulcsexportálás sikertelen: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "Kulcsexportálás sikertelen: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "Keresés a kulcsszerveren sikertelen: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "Frissítés a kulcsszerverről sikertelen: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "Páncél eltávolítása nem sikerült: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Kezdheti gépelni az üzenetet...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "A megadott igazolási eljárásmód URL-je érvénytelen!\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
@@ -3627,7 +3496,7 @@ msgstr "a megadott kulcskarikáról vegye a kulcsokat"
 msgid "make timestamp conflicts only a warning"
 msgstr "időbélyeg-konfliktus esetén csak figyelmeztessen"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|ÁL|állapotinformációk írása ÁL állományleíróra"
 
@@ -3678,299 +3547,315 @@ msgstr "bizalmi adatbázis frissítése"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "nem támogatott"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "megmutatja az ujjlenyomatot"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "használhatatlan titkos kulcs"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "%d típusú blokkot kihagyom.\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "Eddig %lu kulcsot dolgoztam fel.\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "     Összesen feldolgoztam: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "       új kulcsok kihagyva: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "       új kulcsok kihagyva: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "    felh. azonosító nélkül: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                importálva: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "               változatlan: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "       új felh. azonosítók: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "              új alkulcsok: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "              új aláírások: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "     új kulcsvisszavonások: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "   olvasott titkos kulcsok: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  importált titkos kulcsok: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "változatlan titkos kulcsok: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "             nem importált: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "              új aláírások: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "   olvasott titkos kulcsok: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "Kihagytam \"%s\"-t: %s.\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "%08lX kulcs: HKP alkulcssérülés kijavítva.\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "%08lX kulcs: Nem önaláírt felh. azonosító (\"%s\") elfogadva.\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "%08lX kulcs: Nincs érvényes felhasználói azonosító.\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "Ezt okozhatja egy hiányzó önaláírás.\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "%08lX kulcs: Nyilvános kulcs nem található: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "%08lX kulcs: új kulcs - kihagytam.\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "Nem írható kulcskarikát találtam: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "%08lX kulcs: \"%s\" nyilvános kulcs importálva.\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "%08lX kulcs: Nem egyezik a mi másolatunkkal!\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "%08lX kulcs: \"%s\" 1 új felhasználói azonosító.\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "%08lX kulcs: \"%s\" 1 új aláírás.\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "%08lX kulcs: \"%s\" 1 új alkulcs.\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "%08lX kulcs: \"%s\" %d új alkulcs.\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "%08lX kulcs: \"%s\" nem változott.\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "%08lX kulcs: Titkos kulcs importálva.\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "Kihagytam: titkos kulcs már jelen van.\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
@@ -3983,204 +3868,210 @@ msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "\"%s\" titkos kulcs nem található: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr ""
 "%08lX kulcs: Titkos kulcs érvénytelen (%d) rejtjelezővel - kihagytam.\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Nincs megadva ok."
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "A kulcsot lecserélték."
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "A kulcs kompromittálódott."
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "A kulcs már nem használatos."
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "A felhasználói azonosító már nem érvényes."
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "Visszavonás oka: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "Megjegyzés a visszavonáshoz: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "%08lX kulcs: Nincs nyilvános kulcs - nem tudok visszavonni.\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "%08lX kulcs: Nem találom az eredeti kulcsblokkot: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "%08lX kulcs: Nem tudom beolvasni az eredeti kulcsblokkot: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "%08lX kulcs: Érvénytelen visszavonó igazolás: %s - visszautasítva.\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "%08lX kulcs: \"%s\" visszavonó igazolást importáltam.\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "%08lX kulcs: Nincs felhasználói azonosító ehhez az aláíráshoz!\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "%08lX kulcs: Nem támogatott nyilvános kulcsú alg. a \"%s\" felh. "
 "azonosítón!\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "%08lX kulcs: Érvénytelen önaláírás a \"%s\" felh. azonosítón!\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "%08lX kulcs: Nem támogatott nyilvános kulcsú algoritmus!\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "%08lX kulcs: Kulcsaláírást hozzáadtam.\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "%08lX kulcs: Nincs alkulcs a kulcskötéshez!\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "%08lX kulcs: Érvénytelen alkulcskötés!\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "%08lX kulcs: Eltávolítottam a többszörös alkulcskötést.\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "%08lX kulcs: Nincs alkulcs a kulcsvisszavonáshoz.\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "%08lX kulcs: Érvénytelen alkulcsvisszavonás.\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "%08lX kulcs: Eltávolítottam a többszörös alkulcsvisszavonást.\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "%08lX kulcs: Kihagytam a felh. azonosítót: '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "%08lX kulcs: Alkulcsot kihagytam.\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "%08lX kulcs: Nem exportálható aláírás (%02x. osztály) - kihagytam.\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "%08lX kulcs: Visszavonó igazolás rossz helyen - kihagytam.\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "%08lX kulcs: Érvénytelen visszavonó igazolás: %s - kihagytam.\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "%08lX kulcs: Alkulcsaláírás rossz helyen - kihagytam.\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "%08lX kulcs: Váratlan aláírásosztály (0x%02X) - kihagytam.\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "%08lX kulcs: Duplázott felh. azonosítót találtam - összefűztem.\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "%08lX kulcs: Duplázott felh. azonosítót találtam - összefűztem.\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "FIGYELEM: %08lX kulcsot visszavonhatták:\n"
 "lehívom a %08lX visszavonó kulcsot.\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "FIGYELEM: %08lX kulcsot visszavonhatták:\n"
 "visszavonó kulcs (%08lX) nincs jelen.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "%08lX kulcs: \"%s\" visszavonó igazolást hozzáadtam.\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "%08lX kulcs: Kulcsaláírást hozzáadtam.\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
@@ -4201,19 +4092,19 @@ msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 msgid " (reordered signatures follow)"
 msgstr "Jó aláírás a következőtől: \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "Kihagytam \"%s\"-t: %s.\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "\"%s\" felhasználói azonosítót visszavonták."
 msgstr[1] "\"%s\" felhasználói azonosítót visszavonták."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4221,7 +4112,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 aláírást nem ellenőriztem hiányzó kulcs miatt.\n"
 msgstr[1] "1 aláírást nem ellenőriztem hiányzó kulcs miatt.\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4229,53 +4120,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d rossz aláírás.\n"
 msgstr[1] "%d rossz aláírás.\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Jó aláírás a következőtől: \""
 msgstr[1] "Jó aláírás a következőtől: \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "\"%s\" kulcskarikát létrehoztam.\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "\"%s\" kulcskarikát létrehoztam.\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "Hiba \"%s\" létrehozásakor: %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "Hiba \"%s\" olvasásakor: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
@@ -4288,7 +4174,7 @@ msgstr "[visszavonás]"
 msgid "[self-signature]"
 msgstr "[önaláírás]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4301,12 +4187,12 @@ msgstr ""
 "különböző forrásból származó digitális ujjlenyomatokkal...)!\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = részlegesen megbízom benne\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = teljesen megbízom benne\n"
@@ -4333,12 +4219,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "\"%s\" felhasználói azonosítót visszavonták."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Biztos abban, hogy továbbra is alá akarja írni? (i/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Nem tudom aláírni.\n"
 
@@ -4537,210 +4423,214 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Valóban aláírja? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "Aláírás sikertelen: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "mentés és kilépés"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Aláírás-jelölés: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "kilistázza a kulcs- és felhasználóazonosítókat"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "N. felhasználói azonosító kiválasztása"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "N. felhasználói azonosító kiválasztása"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "aláírások visszavonása"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "kulcs helyi aláírása"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Javaslat: Válassza ki az aláírni kívánt felhasználóazonosítókat!\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "felhasználói azonosító hozzáadása"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "fotóazonosító hozzáadása"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "felhasználói azonosító törlése"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "másodlagos kulcs törlése"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "visszavonó kulcs hozzáadása"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "felhasználóazonosító megjelölése elsődlegesként"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "preferenciák listázása (szakértő)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "preferenciák listázása (részletes)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "jelszóváltoztatás"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "kulcstulajdonos megbízhatóságának beállítása"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Valóban visszavonja az összes kijelölt felhasználóazonosítót? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "felhasználói azonosító visszavonása"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "másodlagos kulcs visszavonása"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "kulcs engedélyezése"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "kulcs tiltása"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "fotóazonosító megmutatása"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Titkos kulcs rendelkezésre áll.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Titkos kulcs rendelkezésre áll.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Ehhez szükség van a titkos kulcsra.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4748,309 +4638,314 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "A kulcsot visszavonták."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Valóban aláírja az összes felhasználóazonosítót? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Valóban aláírja az összes felhasználóazonosítót? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Javaslat: Válassza ki az aláírni kívánt felhasználóazonosítókat!\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "ismeretlen aláírásosztály"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Ez a parancs %s módban nem engedélyezett.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Legalább egy felhasználóazonosítót ki kell választania!\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Nem törölheti az utolsó felhasználóazonosítót!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Valóban eltávolítja az összes kijelölt felhasználóazonosítót? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Valóban eltávolítja ezt a felhasználóazonosítót? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Valóban eltávolítja ezt a felhasználóazonosítót? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Legalább egy kulcsot ki kell választania!\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Legalább egy kulcsot ki kell választania!\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Valóban törli a kiválasztott kulcsokat? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Valóban törli ezt a kulcsot? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Valóban visszavonja az összes kijelölt felhasználóazonosítót? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Valóban visszavonja ezt a felhasználóazonosítót? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Valóban visszavonja ezt a kulcsot? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Valóban visszavonja a kijelölt kulcsokat? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Valóban visszavonja ezt a kulcsot? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "preferencialista beállítása"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Valóban frissítsem a preferenciákat? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Mentsem a változtatásokat? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Kilépjek mentés nélkül? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "A kulcs nem változott, nincs szükség frissítésre.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Nem törölheti az utolsó felhasználóazonosítót!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Érvénytelen érték!\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Nincs ilyen felhasználói azonosító.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Nincs mit aláírni a %08lX kulccsal!\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   aláírva %08lX által %s%s időpontban.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s nem érvényes karakterkiosztás!\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Kivonat: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Jellemzők: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Jelölés: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Nincsenek preferenciák egy PGP 2.x felhasználóazonosítón!\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Ezt a kulcsot a következő %s kulcs visszavonhatja: "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Ezt a kulcsot a következő %s kulcs visszavonhatja: "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (érzékeny)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "%s nem hozható létre: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[visszavont] "
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [lejár: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [lejár: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " bizalom: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " bizalom: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Ez a kulcs tiltott."
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5058,19 +4953,19 @@ msgstr ""
 "Kérem, vegye figyelembe, hogy az itt látható kulcs érvényessége nem\n"
 "feltétlenül helyes, amíg újra nem indítja a programot!\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[visszavont] "
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5079,18 +4974,18 @@ msgstr ""
 "FIGYELEM: Nincs kijelölt elsődleges felhasználóazonosító. Ez a parancs\n"
 " azt okozhatja, hogy egy másik azonosító lesz elsődlegesként használva.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5100,35 +4995,35 @@ msgstr ""
 "okozhatja,\n"
 "          hogy a PGP egyes verziói visszautasítják ezt a kulcsot.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Továbbra is hozzá akarja adni? (i/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Lehet, hogy nem adhat fotóazonosítót egy PGP2 stílusú kulcshoz!\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Törli ezt a jó aláírást? (i/N/k)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Törli ezt az érvénytelen aláírást? (i/N/k)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Törli ezt az ismeretlen aláírást? (i/N/k)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Valóban törli ezt az önaláírást? (i/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5136,38 +5031,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Töröltem %d aláírást.\n"
 msgstr[1] "Töröltem %d aláírást.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nem töröltem semmit.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "érvénytelen páncél"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "\"%s\" felhasználói azonosítót visszavonták."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "\"%s\" felhasználói azonosítót visszavonták."
 msgstr[1] "\"%s\" felhasználói azonosítót visszavonták."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5177,305 +5072,310 @@ msgstr ""
 "          azt okozhatja, hogy egyes PGP verziók visszautasítják ezt a "
 "kulcsot!\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Lehet, hogy nem adhat kijelölt visszavonót egy PGP 2.x-stílusú kulcshoz.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Írja be a kijelölt visszavonó felhasználóazonosítóját: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "Nem adhat meg PGP 2.x stílusú kulcsot kijelölt visszavonónak!\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "Nem adhat meg egy kulcsot saját kijelölt visszavonójának!\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "FIGYELEM: Ezt a kulcsot a kijelölt visszavonó visszavonta!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "FIGYELEM: A kijelölt visszavonó kulcs megadása nem csinálható vissza!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Biztosan ez a kulcs legyen a kijelölt visszavonó? (i/N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "Biztosan ez a kulcs legyen a kijelölt visszavonó? (i/N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Másodlagos kulcs lejárati idejének változtatása.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Elsődleges kulcs lejárati idejének változtatása.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Másodlagos kulcs lejárati idejének változtatása.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Elsődleges kulcs lejárati idejének változtatása.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "FIGYELEM: %08lX aláíró alkulcs nem kereszthitelesített.\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Kérem, válasszon ki pontosan egy felhasználóazonosítót!\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "Kihagyom a v3 önaláírást a \"%s\" felhasználóazonosítón.\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Biztos abban, hogy használni akarja (i/N)? "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Biztos abban, hogy használni akarja (i/N)? "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Aláírás-jelölés: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Felülírjam (i/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Nincs %d indexű felhasználóazonosító!\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Nincs %d indexű felhasználóazonosító!\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Nincs %d indexű felhasználóazonosító!\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Nincs %d indexű felhasználóazonosító!\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "Felhasználóazonosító: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   aláírva %08lX által %s%s%s időpontban.\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (nem exportálható)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Ez az aláírás lejárt %s időpontban.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Biztos benne, hogy mégis visszavonja? (i/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Csináljunk egy visszavonó igazolást ehhez az aláíráshoz? (i/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Ön aláírta a következő felhasználóazonosítókat:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (nem exportálható)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   visszavonva %08lX által %s időpontban.\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "A következő aláírásokat fogja visszavonni:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Valóban létrehozzam a visszavonó igazolást? (i/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "Nincs titkos kulcs.\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "FIGYELEM: A felhasználóazonosítót %d másodperccel a jövőben írták alá.\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Nem törölheti az utolsó felhasználóazonosítót!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "%s fotóazonosító (méret: %ld, kulcs: 0x%08lX, felh: %d) mutatása.\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "Érvénytelen import opciók!\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "Túl sok \"%c\" preferencia.\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "Túl sok \"%c\" preferencia.\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "Túl sok \"%c\" preferencia.\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "Túl sok \"%c\" preferencia.\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "Érvénytelen karakter a preferenciák között!\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "Sima aláírást írok.\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "Önaláírást írok.\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "Összefűző aláírást írok.\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "Kulcsméret érvénytelen; %u bitet használok.\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "Kulcsméretet felkerekítettem %u bitre.\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "adat titkosítása"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5489,169 +5389,180 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (csak titkosítás)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA és ElGamal (alapértelmezés)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA és ElGamal (alapértelmezés)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (csak aláírás)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (csak aláírás)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (csak titkosítás)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA és ElGamal (alapértelmezés)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (aláírás és titkosítás)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (alapértelmezés)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (csak aláírás)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Aláírás-jelölés: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Nincs %d indexű felhasználóazonosító!\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "kulcs tiltása"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "Felkerekítve %u bitre.\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Milyen kulcsméretet szeretne? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "A kívánt kulcsméret %u bit.\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5667,7 +5578,7 @@ msgstr ""
 "      <n>m = a kulcs n hónapig érvényes\n"
 "      <n>y = a kulcs n évig érvényes\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5683,40 +5594,40 @@ msgstr ""
 "      <n>m = az aláírás n hónapig érvényes\n"
 "      <n>y = az aláírás n évig érvényes\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Meddig érvényes a kulcs? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Meddig érvényes az aláírás? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "Érvénytelen érték!\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s soha nem jár le.\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s soha nem jár le.\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s lejár: %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Az aláírás lejár: %s.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5724,12 +5635,12 @@ msgstr ""
 "Az Ön rendszere nem tud megjeleníteni 2038 utáni dátumokat.\n"
 "Azonban kezelni helyesen tudja őket egészen 2106-ig.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Ez így helyes (i/n)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5740,7 +5651,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5757,50 +5668,50 @@ msgstr ""
 "    \"Heinrich Heine (a költő) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Teljes név: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Érvénytelen karakter a névben!\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "A név lehet, hogy nem kezdődhet számmal!\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "A név legalább 5 karakter kell legyen!\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-mail cím: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Ez nem érvényes e-mail cím.\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Megjegyzés: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Érvénytelen karakter a megjegyzésben!\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Ön a(z) %s karakterkódolást használja.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5811,7 +5722,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Kérem, ne rakja az e-mail címet a teljes névbe vagy a megjegyzésbe!\n"
 
@@ -5826,32 +5737,32 @@ msgstr "Kérem, ne rakja az e-mail címet a teljes névbe vagy a megjegyzésbe!\
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnMmEeRrKk"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "(N)év, (M)egjegyzés, (E)-mail megváltoztatása vagy (K)ilépés? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "(N)év, (M)egjegyzés, (E)-mail megváltoztatása vagy (R)endben/(K)ilépés? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "(N)év, (E)-mail megváltoztatása vagy (K)ilépés? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "(N)év, (E)-mail megváltoztatása vagy (R)endben/(K)ilépés? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Kérem, előbb javítsa ki a hibát!\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5863,13 +5774,13 @@ msgstr ""
 "a lemezeket) a prímszám generálása alatt. Ez segíti a véletlenszám-\n"
 "generátort, hogy entrópiát tudjon gyűjteni.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Kulcsgenerálás sikertelen: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5877,69 +5788,69 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "\"%s\" már tömörített.\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "Mégis létrehozzam? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "Mégis létrehozzam? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Kulcs létrehozása megszakítva.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "MEGJEGYZÉS: %08lX titkos kulcs %s-kor lejárt.\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "Írom a kulcsot a %s állományba.\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "Nem írható nyilvánoskulcs-karikát találtam: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" nyilvánoskulcs-karika írásakor: %s.\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "A nyilvános és titkos kulcsokat létrehoztam és aláírtam.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5949,67 +5860,67 @@ msgstr ""
 "kíván ilyen célra létrehozni, azt az \"--edit-key\" parancs segítségével\n"
 "teheti meg.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 "A kulcs %lu másodperccel a jövőben készült. (Időugrás vagy óraprobléma.)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
 "A kulcs %lu másodperccel a jövőben készült. (Időugrás vagy óraprobléma.)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "MEGJEGYZÉS: Alkulcsok létrehozása v3 kulcsokhoz nem OpenPGP-megfelelő.\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Az elsődleges kulcs titkos részei nem elérhetők.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Az elsődleges kulcs titkos részei nem elérhetők.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Valóban létrehozzam? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "soha      "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kritikus aláírási eljárásmód: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Aláírási eljárásmód: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritikus aláírás-jelölés: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Aláírás-jelölés: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6017,7 +5928,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d rossz aláírás.\n"
 msgstr[1] "%d rossz aláírás.\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6025,64 +5936,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 aláírást nem ellenőriztem hiba miatt.\n"
 msgstr[1] "1 aláírást nem ellenőriztem hiba miatt.\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Kulcskarika"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Elsődlegeskulcs-ujjlenyomat:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "         Alkulcsujjlenyomat:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Elsődlegeskulcs-ujjlenyomat:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "         Alkulcsujjlenyomat:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr " Kulcs ujjlenyomata ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "Ellenőrzöm a(z) \"%s\" kulcskarikát.\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu kulcsot ellenőriztem (%lu aláírással).\n"
 msgstr[1] "%lu kulcsot ellenőriztem (%lu aláírással).\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6090,515 +6001,518 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 rossz aláírás.\n"
 msgstr[1] "1 rossz aláírás.\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: Kulcskarikát létrehoztam.\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "Érvénytelen export opciók!\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
 msgstr[1] "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr ""
 "FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "Érvénytelen export opciók!\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "Kihagytam \"%s\"-t: %s.\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "Aláírva az Ön %08lX kulcsával %s időpontban.\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr ""
 "FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "Furcsa méretű (%d) titkosított munkafolyamatkulcs.\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s titkosított munkafolyamatkulcs\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "Ismeretlen algoritmussal (%d) titkosítva.\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "Ismeretlen algoritmussal (%d) titkosítva.\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "Nyilvános kulcs: %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "Nyilvános kulccsal titkosított adat: jó DEK.\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "Titkosítva %u bites %s kulccsal, azonosító: %08lX, létrehozva: %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "               azaz \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "Titkosítva %s kulccsal, azonosító: %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "Nyilvános kulcsú visszafejtés sikertelen: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "%lu jelszóval rejtjelezve\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "1 jelszóval rejtjelezve\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "Nyilvános kulcsú visszafejtés sikertelen: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "Nyilvános kulccsal titkosított adat: jó DEK.\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "%s titkosított adatot feltételezek.\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "IDEA rejtjelező nem áll rendelkezésre, optimista módon megpróbálok\n"
 "%s-t használni helyette.\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "FIGYELEM: Az üzenetet nem látták el integritásvédelemmel.\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "Visszafejtés sikertelen: %s.\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "Visszafejtés rendben.\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "FIGYELEM: A titkosított üzenetet manipulálták!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "Visszafejtés sikertelen: %s.\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "MEGJEGYZÉS: A feladó kérése: \"csak az Ön szemeinek\".\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "Eredeti fájlnév: '%.*s'.\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "Különálló visszavonás. Használja a \"gpg --import\"-ot az alkalmazásához!\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Jó aláírás a következőtől: \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ROSSZ aláírás a következőtől: \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Lejárt aláírás a következőtől: \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Jó aláírás a következőtől: \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "Aláírás-ellenőrzés elnyomva.\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "Nem tudom kezelni ezeket a többszörös aláírásokat!\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Az aláírás lejárt: %s.\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "               azaz \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Aláírva: %.*s; kulcs: %s, %08lX.\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               azaz \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Kulcs található: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[bizonytalan]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "               azaz \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "FIGYELEM: Ez a kulcs nincs hitelesítve megbízható aláírással!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Az aláírás lejárt: %s.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Az aláírás lejár: %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "Bináris"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "Szövegmódú"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "Ismeretlen módú"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "ismeretlen nyilvános kulcsú algoritmus"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Nem tudom ellenőrizni az aláírást: %s.\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "Nem különálló aláírás.\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "FIGYELEM: Többszörös aláírást érzékeltem. Csak az elsőt ellenőrzöm.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "0x%02x osztályú különálló aláírás.\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "Régi stílusú (PGP 2.x) aláírás.\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "Nem tudom megnyitni az állományt: %s.\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "Nem tudom kezelni a(z) %d. számú nyilvános kulcsú algoritmust!\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "%s (%d) kivonatoló algoritmus használatának erőltetése ellentétes\n"
 "a címzett preferenciáival.\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "nem megvalósított rejtjelező algoritmus"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "%s (%d) kivonatoló algoritmus használatának erőltetése ellentétes\n"
 "a címzett preferenciáival.\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: Elavult opció: \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "Kérem, ezt használja helyette: \"%s%s\"\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "FIGYELEM: \"%s\" elavult opció!\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "tömörítetlen"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "tömörítetlen"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "Lehet, hogy ez az üzenet használhatatlan a %s számára!\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "ismeretlen aláírásosztály"
@@ -6623,96 +6537,86 @@ msgstr "%s: ismeretlen végződés.\n"
 msgid "Enter new filename"
 msgstr "Írja be az új állománynevet"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "Írok a szabványos kimenetre.\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "Azt feltételezem, hogy az aláírt adat a %s állományban van.\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "Nem tudom kezelni a(z) %d. számú nyilvános kulcsú algoritmust!\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "FIGYELEM: A rejtjelezett munkafolyamat-kulcs lehet, hogy nem biztonságos!\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritikus aláírás-jelölés: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "A %d típusú alcsomag kritikus bitje beállított.\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "jelszóváltoztatás"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Írja be a jelszót!\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "A felhasználó megszakította a műveletet.\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr ""
 " \n"
 "  (fő kulcsazonosító: %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Valóban törli a kiválasztott kulcsokat? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Valóban törli a kiválasztott kulcsokat? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6722,7 +6626,7 @@ msgid ""
 "%s"
 msgstr "%u bites %s kulcs, azonosító: %08lX, létrehozva: %s."
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6736,35 +6640,82 @@ msgstr ""
 "képet használ, a kulcsa is nagyon nagy lesz!\n"
 "A 240x288 körüli képméret jól használható.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Adja meg egy JPEG fájl nevét a fotóazonosítóhoz: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "Nem tudom megnyitni az állományt: %s.\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Biztos abban, hogy használni akarja (i/N)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" nem JPEG állomány.\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Ez a fotó megfelelő (i/N/k)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "Külső program meghívása nem támogatott.\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"Ez a platform átmeneti állományokat igényel külső programok hívásához.\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "Nem tudom végrehajtani a következő \"%s\"-t: \"%s\": %s.\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "A külső program nem természetes módon ért véget.\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "Rendszerhiba külső program hívásakor: %s.\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr ""
+"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "FIGYELEM: nem tudom törölni a \"%s\" átmeneti könyvtárat: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"A külső programok hívása tiltott, mert az \"options\" állomány engedélyei\n"
+"nem biztonságosak.\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "Nem tudom megjeleníteni a fotóazonosítót!\n"
@@ -6779,106 +6730,106 @@ msgstr "Nem tudom megjeleníteni a fotóazonosítót!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iIfFkKhH"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Nincs megbízhatósági érték rendelve:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "               azaz \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Ez a kulcs valószínűleg a jelzett tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Nem tudom\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = NEM bízom benne\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = alapvetően megbízom benne\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " f = visszatérés a főmenübe\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " h = kulcs kihagyása\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " k = kilépés\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Mit választ? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Tényleg be akarja állítani ezt a kulcsot alapvetően megbízhatóra? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Alapvetően megbízható kulcshoz vezető igazolások:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Ez a kulcs valószínűleg a jelzett tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Ez a kulcs hozzánk tartozik.\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6890,7 +6841,7 @@ msgstr ""
 "a következő kérdésre válaszolhat igennel.\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6902,146 +6853,162 @@ msgstr ""
 "a következő kérdésre válaszolhat igennel.\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Mégis használjuk ezt a kulcsot? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "FIGYELEM: Nem bízunk a kulcsban, amit használunk!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "FIGYELEM: a kulcsot visszavonhatták (visszavonó kulcs nincs jelen).\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "Felhasználóazonosító: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "%08lX kulcs: Nem egyezik a mi másolatunkkal!\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "FIGYELEM: Ezt a kulcsot a kijelölt visszavonó visszavonta!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "FIGYELEM: Ezt a kulcsot a tulajdonosa visszavonta!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Ez jelentheti azt, hogy az aláírás hamis.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "FIGYELEM: Ezt az alkulcsot a tulajdonosa visszavonta!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Megjegyzés: Ez a kulcs le lett tiltva.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Megjegyzés: Ez a kulcs lejárt!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "FIGYELEM: Ez a kulcs nincs hitelesítve megbízható aláírással!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "FIGYELEM: Ez a kulcs nincs hitelesítve megbízható aláírással!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "          Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "FIGYELEM: NEM bízunk ebben a kulcsban!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Az aláírás valószínűleg HAMIS.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"FIGYELEM: Ez a kulcs nincs igazolva kellőképpen megbízható aláírással!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "FIGYELEM: Ez a kulcs nincs igazolva kellőképpen megbízható aláírással!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Nem biztos, hogy az aláírás a tulajdonoshoz tartozik.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: kihagyva: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: Kihagyva: Nyilvános kulcs nincs engedélyezve.\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: kihagyva: nyilvános kulcs már szerepel\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr ""
 "Nem adott meg felhasználói azonosítót! (Használhatja a \"-r\" opciót.)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7049,41 +7016,41 @@ msgstr ""
 "\n"
 "Adja meg a felhasználói azonosítót! Üres sorral fejezze be: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Nincs ilyen felhasználói azonosító.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "Kihagyva: Nyilvános kulcs már be lett állítva alapértelmezett címzettnek.\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Nyilvános kulcs nincs engedélyezve.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "Kihagyva: Nyilvános kulcs már be lett állítva.\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "Nincsenek érvényes címzettek!\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
@@ -7094,78 +7061,83 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "Az adatot nem mentettem el. Használja az \"--output\" opciót a mentéshez!\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Különálló aláírás.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Kérem, adja meg az adatállomány nevét: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "Olvasom a szabványos bemenetet...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "Nincs aláírt adat.\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" aláírt adatot!\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" aláírt adatot!\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "Anonim címzett. A %08lX titkos kulcsot próbálom...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "Rendben, mi vagyunk az anonim címzett.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "A DEK régi kódolása nem támogatott.\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "A %d%s rejtjelező algoritmus ismeretlen vagy tiltott.\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "MEGJEGYZÉS: %d rejtjelező algoritmus nincs a preferenciák között.\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "MEGJEGYZÉS: %08lX titkos kulcs %s-kor lejárt.\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet sikertelen: %s.\n"
@@ -7183,48 +7155,48 @@ msgstr "Visszavonja:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Ez egy érzékeny visszavonó kulcs.)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Titkos kulcs rendelkezésre áll.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII-páncélozott kimenet kiválasztva.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet sikertelen: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "Nem találtam visszavonó kulcsot a következőhöz: \"%s\".\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7233,20 +7205,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "\"%s\" titkos kulcs nem található: %s\n"
@@ -7259,18 +7231,18 @@ msgstr "\"%s\" titkos kulcs nem található: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7288,38 +7260,38 @@ msgstr ""
 "adathordozó olvashatatlanná válik. De vigyázat: az Ön gépének nyomtatási\n"
 "rendszere is tárolhatja az adatot, és mások esetleg hozzáférhetnek ehhez!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Kérem, válassza ki a visszavonás okát:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Mégsem"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Valószínűleg a(z) %d. lehetőséget akarja választani.)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Adjon meg egy nem kötelező leírást! Üres sorral fejezze be:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Visszavonás oka: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Nincs leírás.)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Ez így rendben van? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "Gyenge kulcs jött létre. Újrapróbálom.\n"
@@ -7331,62 +7303,57 @@ msgstr ""
 "Nem tudom elkerülni a gyenge kulcsot a szimmetrikus titkosítóhoz.\n"
 "%d alkalommal próbáltam!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "FIGYELEM: Aláíráskivonat-konfliktus az üzenetben.\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+#| msgid "you may not use %s while in %s mode\n"
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
+
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "FIGYELEM: %08lX aláíró alkulcs nem kereszthitelesített.\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = további információkat kérek\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "FIGYELEM: %08lX aláíró alkulcson érvénytelen kereszthitelesítés van.\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
 msgstr[1] "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
 msgstr[1] "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7397,7 +7364,7 @@ msgstr[0] ""
 msgstr[1] ""
 "A kulcs %lu másodperccel a jövőben készült. (Időugrás vagy óraprobléma.)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7407,53 +7374,53 @@ msgstr[0] ""
 msgstr[1] ""
 "A kulcs %lu másodperccel a jövőben készült. (Időugrás vagy óraprobléma.)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "MEGJEGYZÉS: Aláíró kulcs (%08lX) lejárt: %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "0x%02x osztályú különálló aláírás.\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "0x%02x osztályú különálló aláírás.\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "Rossz aláírást feltételezek a %08lX kulcstól egy ismeretlen\n"
 "kritikus bit miatt.\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "%08lX kulcs: Nincs alkulcs az alkulcsvisszavonó csomaghoz.\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "%08lX kulcs: Nincs alkulcs az alkulcskötő aláíráshoz!\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "FIGYELEM: Nem tudom kifejteni a %% jeleket a jelölésben (túl hosszú).\n"
 "Kifejtés nélkül használom.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7462,7 +7429,7 @@ msgstr ""
 "hosszú).\n"
 "Kifejtés nélkül használom.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7472,12 +7439,12 @@ msgstr ""
 "hosszú).\n"
 "Kifejtés nélkül használom.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s aláírás a következőtől: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7485,41 +7452,42 @@ msgstr ""
 "%s (%d) kivonatoló algoritmus használatának erőltetése ellentétes\n"
 "a címzett preferenciáival.\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "Aláírom:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s titkosítást fogok használni.\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "A kulcs nincs \"nem biztonságosnak\" jelölve,\n"
 "nem tudom a pótló véletlenszám-generátorral használni!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "\"%s\"-t kihagytam: másodpéldány.\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "Kihagytam: titkos kulcs már jelen van.\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "Kihagytam \"%s\"-t: ez egy PGP által létrehozott ElGamal kulcs, amely nem\n"
 "biztonságos aláírásokhoz!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "%lu bizalmi rekord, %d típus: írás sikertelen: %s.\n"
@@ -7533,46 +7501,46 @@ msgstr ""
 "# Meghatározott bizalmi értékek listája, %s.\n"
 "# (Használja a \"gpg --import-ownertrust\" parancsot a visszaállításhoz!)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "A sor túl hosszú!\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "bizalmi értékek importja"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "Hiba bizalmi rekord keresésekor: %s.\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "Bizalmi adatbázis: szinkronizáció sikertelen: %s.\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
@@ -7582,12 +7550,12 @@ msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
 msgid "can't lock '%s'\n"
 msgstr "Nem tudom megnyitni %s-t!\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "Bizalmi adatbázis %lu. rekord: lseek sikertelen: %s.\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "Bizalmi adatbázis %lu. rekord: írás sikertelen (n=%d): %s.\n"
@@ -7602,7 +7570,7 @@ msgstr "Bizalmi adatbázis tranzakciója túl nagy.\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: Könyvtár nem létezik!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"
@@ -7644,7 +7612,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: Hiba a verziórekord frissítésekor: %s.\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: Hiba a verziórekord olvasásakor: %s.\n"
@@ -7654,52 +7622,52 @@ msgstr "%s: Hiba a verziórekord olvasásakor: %s.\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: Hiba a verziórekord írásakor: %s.\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "Bizalmi adatbázis: lseek sikertelen: %s.\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: Nem bizalmi adatbázis.\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: Verziórekord, rekordszám: %lu.\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: Érvénytelen állományverzió (%d).\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: Nem sikerült egy rekord nullázása: %s.\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: Nem sikerült egy rekord hozzáadása: %s.\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: Bizalmi adatbázis létrejött.\n"
@@ -7741,10 +7709,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
@@ -7766,7 +7734,7 @@ msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
@@ -7938,111 +7906,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Töröltem %d aláírást.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "%lu jelszóval rejtjelezve\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Eljárásmód: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8059,117 +8027,117 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "\"%s\" nem egy érvényes hosszú kulcsazonosító.\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "%08lX kulcs: Elfogadva megbízható kulcsként.\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "A(z) %08lX kulcs egynél többször szerepel a bizalmi adatbázisban.\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "%08lX kulcs: Nincs nyilvános kulcs a megbízható kulcshoz - kihagytam.\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "A kulcsot alapvetően megbízhatónak jelöltem.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "%lu bizalmi rekord, %d kéréstípus: olvasás sikertelen: %s.\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "%lu bizalmi rekord nem a kért típusú (%d).\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "Nincs szükség a bizalmi adatbázis ellenőrzésére.\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "A bizalmi adatbázis következő ellenőrzése: %s.\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "Nincs szükség a bizalmi adatbázis ellenőrzésére.\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "Nincs szükség a bizalmi adatbázis ellenőrzésére.\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "A(z) %08lX nyilvános kulcsot nem találom: %s.\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "Kérem, hajtson végre egy --check-trustdb parancsot!\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "Ellenőrzöm a bizalmi adatbázist.\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "Eddig %lu kulcsot dolgoztam fel.\n"
 msgstr[1] "Eddig %lu kulcsot dolgoztam fel.\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8177,45 +8145,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d kulcsot feldolgoztam (%d érvényességszámlálót töröltem)\n"
 msgstr[1] "%d kulcsot feldolgoztam (%d érvényességszámlálót töröltem)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "Nem találtam alapvetően megbízható kulcsot.\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "Nem találom az alapvetően megbízható %08lX kulcs nyilvános kulcsát!\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "%lu bizalmi rekord, %d típus: írás sikertelen: %s.\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "soha      "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8227,43 +8195,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[visszavont] "
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[lejárt]     "
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "Ismeretlen módú"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "soha      "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8288,20 +8256,31 @@ msgstr "A bemeneti sor (%u) túl hosszú, vagy hiányzik a soremelés.\n"
 msgid "can't open fd %d: %s\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "FIGYELEM: Az üzenetet nem látták el integritásvédelemmel.\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8311,129 +8290,225 @@ msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "\"%s\" már tömörített.\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "új kulcspár létrehozása"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "új kulcspár létrehozása"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "kulcsok eltávolítása a nyilvánoskulcs-karikáról"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Kulcsgenerálás sikertelen: %s\n"
+msgstr[1] "Kulcsgenerálás sikertelen: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "jelszóváltoztatás"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Kérem, válassza ki a visszavonás okát:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "jelszóváltoztatás"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Megjegyzés: Ez a kulcs le lett tiltva.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "jelszóváltoztatás"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Kérem, válassza ki a visszavonás okát:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "kulcsok eltávolítása a nyilvánoskulcs-karikáról"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
@@ -8441,43 +8516,43 @@ msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "jelszóváltoztatás"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8485,22 +8560,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "jelszóváltoztatás"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Kérem, válassza ki a visszavonás okát:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8508,123 +8583,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "jelszóváltoztatás"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "jelszóváltoztatás"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "\"%s\" már tömörített.\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "új kulcspár létrehozása"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "új kulcspár létrehozása"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "nem támogatott URI"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "A kulcsblokk törlése sikertelen: %s.\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Kulcsgenerálás sikertelen: %s\n"
-msgstr[1] "Kulcsgenerálás sikertelen: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "Nem találtam érvényes OpenPGP adatot.\n"
@@ -8637,101 +8670,99 @@ msgstr "jelszóváltoztatás"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "ne használja a terminált egyáltalán"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "Egymásnak ellentmondó parancsok!\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "help"
@@ -8765,7 +8796,7 @@ msgstr "Írom a titkos kulcsot a %s állományba.\n"
 msgid "certificate policy not allowed"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
@@ -8780,7 +8811,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8801,240 +8832,240 @@ msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Ez a kulcs lejárt!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Ez a kulcs lejárt!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Ez a kulcs lejárt!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Ez a kulcs lejárt!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "              új aláírások: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "rossz igazolás"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "visszavonási igazolás készítése"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "aláírás ellenőrzése"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "rossz igazolás"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "nem feldolgozott"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "nem"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9048,177 +9079,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u bites %s key, azonosító: %08lX, létrehozva: %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "rossz igazolás"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Ez nem érvényes e-mail cím.\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "%08lX kulcs: Érvénytelen alkulcskötés!\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Kulcsgenerálás sikertelen: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (aláírás és titkosítás)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (csak aláírás)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (csak titkosítás)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Nincs leírás.)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
@@ -9228,261 +9269,255 @@ msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "E-mail cím: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Adja meg a felhasználói azonosítót! Üres sorral fejezze be: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Írja be az új állománynevet"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Adjon meg egy nem kötelező leírást! Üres sorral fejezze be:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "Hiba a jelszó létrehozásakor: %s.\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s titkosított adat.\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "Titkosítva %s kulccsal, azonosító: %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Nincs leírás.)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "titkos kulcsok listázása"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "rossz igazolás"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "rossz igazolás"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "rossz igazolás"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "ne használja a terminált egyáltalán"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "ascii páncélozott kimenet létrehozása"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "kulcskarika hozzáadása a kulcskarikalistához"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|GÉPNÉV|kulcsszerver beállítása kulcsok kereséséhez"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NÉV|NÉV rejtjelező algoritmus haszn. jelszavakhoz"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NÉV|NÉV rejtjelező algoritmus használata"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NÉV|NÉV kivonatoló algoritmus használata"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "kötegelt mód: soha nem kérdez"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "igen válasz feltételezése a legtöbb kérdésre"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "nem válasz feltételezése a legtöbb kérdésre"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9493,87 +9528,122 @@ msgstr ""
 "Aláírás, ellenőrzés, titkosítás vagy visszafejtés.\n"
 "Az alapértelmezett művelet a bemeneti adattól függ.\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Nincs leírás.)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " h = kulcs kihagyása\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "Írok a \"%s\" állományba.\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "     Összesen feldolgoztam: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "visszavonási igazolás készítése"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? Nem tudom ellenőrizni a visszavonást: %s.\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9582,17 +9652,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9603,14 +9673,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9618,53 +9688,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "%d%s védő algoritmus nem támogatott.\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Aláírva: %.*s; kulcs: %s, %08lX.\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Az aláírás lejárt: %s.\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "Páncél: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Jó aláírás a következőtől: \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "               azaz \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9691,101 +9766,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "megmutatja az ujjlenyomatot"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "rossz igazolás"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "visszavonási igazolás készítése"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
@@ -10310,64 +10385,64 @@ msgstr "\"%s\" kulcs nem található: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Visszavonó igazolás létrehozva.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "rossz igazolás"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "rossz igazolás"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "rossz igazolás"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "rossz igazolás"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Írja be a kijelölt visszavonó felhasználóazonosítóját: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10375,226 +10450,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "Frissítés sikertelen: %s.\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "%c%lu preferencia kétszer szerepel!\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "Nem tudom a stat műveletet elvégezni a(z) \"%s\" állományon: %s.\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Támogatott algoritmusok:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|GÉPNÉV|kulcsszerver beállítása kulcsok kereséséhez"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10607,126 +10677,315 @@ msgstr ""
 "@\n"
 "(A parancsok és opciók teljes listáját a man oldalon tekintheti meg.)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "Használat: gpg [opciók] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s és %s nem használható együtt!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "Páncélozás nem sikerült: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "A sor túl hosszú!\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "Olvasási hiba: %s.\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "nem feldolgozott"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NÉV|terminál karakterkódolásának megadása"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "Érvénytelen import opciók!\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "Olvasok a \"%s\" állományból.\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "    felh. azonosító nélkül: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "               azaz \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "               azaz \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "             nem importált: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "               azaz \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "               azaz \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Nincs leírás.)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "FIGYELEM: Nem biztonságos memóriát használunk!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "Páncél eltávolítása nem sikerült: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" nem JPEG állomány.\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "Túl sok \"%c\" preferencia.\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "Írok a \"%s\" állományba.\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
@@ -10756,51 +11015,31 @@ msgstr "Frissítés sikertelen: %s.\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" nem JPEG állomány.\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " h = kulcs kihagyása\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10888,93 +11127,93 @@ msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "\"%s\" kulcs nem található: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "visszavonási igazolás készítése"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "Nincs alapértelmezett titkoskulcs-karika: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "%s rejtjelezést használok.\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10984,68 +11223,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "Aláírás sikertelen: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "Aláírás sikertelen: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: Hashtábla létrehozása sikertelen: %s.\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11091,251 +11334,269 @@ msgstr "%c%lu preferencia kétszer szerepel!\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "kilépés|kilepes"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|fájl|bővítő modul betöltése"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "A kulcsblokk törlése sikertelen: %s.\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "A sor túl hosszú!\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "Aláírás sikertelen: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "Nyilvános kulcs: %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "hálózati hiba"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "rossz jelszó"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "nyilvános kulcs nem található"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Kérem, használja előbb a \"toggle\" parancsot!\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "Hiba \"%s\" olvasásakor: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "bizalmi adatbázis frissítése"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "kimeneti állomány megadása"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "nyilvános kulcs nem található"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
@@ -11351,113 +11612,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "Írok a \"%s\" állományba.\n"
+msgid "authenticate to the card"
+msgstr "Visszavonó igazolás létrehozva.\n"
 
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "kulcsok keresése kulcsszerveren"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Kilépjek mentés nélkül? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "lejárat megváltoztatása"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverről.\n"
+msgid "read a certificate from a data object"
+msgstr "Visszavonó igazolás létrehozva.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Nincs leírás.)\n"
+msgid "store a certificate to a data object"
+msgstr "Visszavonó igazolás létrehozva.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "jelszóváltoztatás"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NÉV|terminál karakterkódolásának megadása"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
+#~ msgid "use a log file for the server"
+#~ msgstr "kulcsok keresése kulcsszerveren"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+#~ msgid "argument not expected"
+#~ msgstr "Írom a titkos kulcsot a %s állományba.\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "Érvénytelen import opciók!\n"
+#~ msgid "read error"
+#~ msgstr "állományolvasási hiba"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "A sor túl hosszú!\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "érvénytelen argumentum"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "érvénytelen páncél"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "Egymásnak ellentmondó parancsok!\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "\"%s\" kulcs nem található: %s\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "Érvénytelen import opciók!\n"
+
+#, fuzzy
+#~ msgid "out of core"
+#~ msgstr "nem feldolgozott"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "Olvasok a \"%s\" állományból.\n"
+#~ msgid "invalid meta command"
+#~ msgstr "Egymásnak ellentmondó parancsok!\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "    felh. azonosító nélkül: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "               azaz \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "nem várt adat"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "               azaz \""
+#~ msgid "invalid option"
+#~ msgstr "Érvénytelen import opciók!\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "             nem importált: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Érvénytelen parancs! (Próbálja a súgót: \"help\".)\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "               azaz \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "Érvénytelen import opciók!\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "               azaz \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "MEGJEGYZÉS: Nincs alapértelmezett opciós fájl (%s).\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Nincs leírás.)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "\"%s\" opciós fájl: %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "FIGYELEM: Nem biztonságos memóriát használunk!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "Páncélozás nem sikerült: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "Nem tudom végrehajtani a következő \"%s\"-t: \"%s\": %s.\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "Nem tudom a végrehajtani a külső programot.\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "Nem tudom beolvasni a külső program válaszát: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "Páncélozás nem sikerült: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA és ElGamal (alapértelmezés)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "Páncél eltávolítása nem sikerült: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Kilépjek mentés nélkül? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11506,8 +11843,8 @@ msgstr ""
 #~ msgstr "Nem tudom megnyitni %s-t: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "Hiba \"%s\" olvasásakor: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11562,12 +11899,6 @@ msgstr ""
 #~ msgstr "Hiba a jelszó létrehozásakor: %s.\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12865,9 +13196,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "aláírások törlése"
 
-#~ msgid "change the expire date"
-#~ msgstr "lejárat megváltoztatása"
-
 #~ msgid "set preference list"
 #~ msgstr "preferencialista beállítása"
 
@@ -13297,9 +13625,6 @@ msgstr ""
 #~ "MEGJEGYZÉS: Elgamal elsődleges kulcsot érzékeltem.\n"
 #~ "Eltarthat egy ideig az importálása.\n"
 
-#~ msgid " (default)"
-#~ msgstr " (alapértelmezés)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  létrehozva: %s lejár: %s"
 
@@ -13417,9 +13742,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "kilépés"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (aláírás és titkosítás)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/id.gmo b/po/id.gmo
index 4d9c88790f860e224838085389b18969c566dd63..8f9678d18dce242a8be5af295acd784d5c1b970f 100644
GIT binary patch
delta 9159
zcmYk>30ziH8prVi?g#=3;)3#uptzxkE4Z(@ubI1|z9J~7pqA^arioi3Zn%_7rBjVf
z%2bw_sV$S^I+dC>S(-~}<y5xl6!ZJP=Qtnlr-$!(&b{~Cv)zl#EIA%{|Ghxp7Zpox
zFdW+hjETmG5Mvqz8WUViwZ^;~OO8jdEZ6*iQRKhXHl{j;#o7BBI(s-LI-hjzz%E>W
z2oo_d-k2W7_)HQ7J$Now#X^_wcb>*7)Zcb_sXE5chKWV~Gu`>o5VKM3Y{iOrz~%qM
zaPpg|_V2m+h`Pp%;`t_tLJdx=L5*lH>VY3&O}v5(+5{vRLmx~W(uV1YwQ#ztUx&Kx
zO=NP+=g6(b)HB8d38)VCzzCeEoadXluA&e%wR<rP-$&Xo=TIXqM%@@!-<V3+8ug$)
zsE$r|<~#p}YVQ=P!`D#*2x(wvEE#?3;aCcfU>*kJS?3q1nYo491Lc_KCfE|ShLcd+
zWD}Og{g{kzVl(^>bzdw$bbWs;i#{xed5xI=5DEoUq~H$J123VL;&;>tBe`26Xzd(}
znu%qo2Df2%d;vS)ci0XS8yiF4O%}Gr%@~U3QA>5BG4rnn2Qe&dny#qLGSuanNFU66
z48oUD9eN!#;)|$;zQRH*nM51-3~C@(Q8N_K)GkppYUxrj2K)IaRHQH!wL2H1ZrFy}
zgl}LZo<a5eI;w-eU}Y@Jd}~c(uncxZ5B5RroottHLJi;m>i%O`34Ncsif>RIxR2^U
zBnzmKH9_s#L8u$2p?ba;HPT(^!J9Z9%Qd$%l!cnPwaC6Thw%!2gQWwEInlyDK%e=z
zrCr0@s1e`A@>ro2uO?PQjifiKV>3}xn~xrR1?SV?Y19Dvq!`2UnskiBP0qa-L4FJ?
z;stE2_x~0JI%VQh?JgaGdTmx<HQa@2=n&Szk5RANT~tF6ZR`xy#bEL-s7*HjtKfX}
z;6|6ffok^*#`Ao0i-LL{&K6bP0CVtV)Gn^c56#3Vq{^(p9(WR&braRzcBnUMb52J7
zGi&&vPwr{d{Sh7PUg?I9kWWFqism&}aTS-7H|%J8_&RnXKZ{z!2$Ig&4tc}OV(ftX
zup9n}CV*+>BEB^yg{SMmUR1|6A^X-GL=EKoE{vBq$24Ro#o{Q`d%h6kaS!qhF(*+=
zbPx3wG~sDs*a64j0Myj)bM^0__Rwh@gqKkFH|8Uu8S`QV+|u1=H^qxogi!I0J8=T_
zx?IBQcpalLka<%cgW40RsMl}+mc~h_HJ^$#Fb_45-KdeDKy{=TwRf8PSV;Dfc?8)8
zW(lg{BhK?!hx|L2NA$F>ReemLekkhtMW~K#LQQ!Qs$<uj|8-XCWoNEFs)N2%3fk?%
zT*Y+MjcZU-x*KD#2sHyAV;tT=jV!Xa-F&I2`-Y=BG9Am~YSeDujND@Wj=InE@wekM
zbtrTo?}h5fDy)UiV_EzF_2APOj<-<_{OOGAYdh2v)q$y)h)<!G;x$x<PNCZQ7PS;*
z`ssPBe~Q0g%s_0wiA>Z8H=?Hgpv$jd1>M-+m=ahS^}uS#_Ap7vvYOeb7vU&sic1Z!
z)<$)pBWgxQV+_wXvnkZX&8W3JfaUNM>cR`Ck^F@EP6Q9M^>r|eyd$c9AlAhxsP@*Q
zI$VU>D@QR9Z=pK&J^F$u1oMulA_{dub5u`Tp=RJwR73MH6j!2_Xe;WzL#R*dCDeoO
zpq40fu<clLR6G5!9?n8tw_`B#uMr-mLYwR&>cRI=^-+)7J<-(J6Jx0#hZ^xxtdHAK
z9XgI$y4$FMgb(3YGDe^VP!)NROafNKoFUA=Hr-Mx^o4rHc?2WKuVH1phanjLnC*EC
z>iTx5B^Zavn2Q?u9_LBagMUKJbl_0?;1H+BM?oV>#!5H@wd*s{gSpro*P}*u95pjP
zU^5IFW*^udH4|QJg88U+j$k4lcjte{eDb*AcC-6lqtKX&uTVV?A7MW*Em8GeY=|3B
z9X*O#!)vHD3>|4Zl!zYk9#|DKF&dYkuG@)a@Lkl*{R2JveRrFJ)*@t-z0rfpQ!onq
zU<>r32e+XbI)u9JeT>En*a+{UI#7GGeQ;Y;J0nro&p_>sWmrP*{|X8%sdySa_yKCF
zZ=g11@EH4AHN;5)#tcSH@u9IaO#VG;NlK5i53Yr}FBPlf2<PLjejTdAMcBwk;S7aZ
z_$O+uJmc++{hX6g4K8!;arGZ!ZR)RLES8yIzy0-5duAlozyhp-ue$sr)QsFfpBgTv
zpax>R`jd#S7pg-$Q0I?2ub`$jaH5@&Xw-+L3##K;7?0ar{ZUjqx6p$j>9)g(sOJq#
zXZ~wam`R0txE^)GUW~-ksGeTKaQp-HfY3?S=BVpNpgJ}k<8UR`!B<fOIFEYHuc)c7
zoMAhjoZ+)08A(M7Czhag`(f;aw^8qX<4pV8uq|pzdtzOj<jlt;@&l+2e2b+pbh2$P
z6160qP;b=}n1FxrQ7B8{EC%64=QV6aeg`$OdQ)uAJELZ3EUJOUSRY?T&BQrWd$(~I
z-o>uiFU$U0as%r6Pp~8UiYe#|)iK+?*Zr|O`5e^LA4Po$FQOjs114grsrEH&hMMX&
zSQ^KpW+oH&U;%c<lxcQm7NCdxIb`$t%zG5n@J-ZO{fT-{YfiT#PC~t2eNj`N;qqk|
zM!pL}u?W@SW2o=NB`kv#b8H8zp=PWjHo{B{()(XXLErf2P!D<wwMjlj?b07nn<p~Y
zj-VOpwHt=owDVp4M$||TqL!!_*#@T83_G){P&4y7sv}?EeV%X1%;ei2z}IM&UF)dF
z?HVSb9*~0JI0&_NUTlo{sE)sj>d<-g;C<Xjd(ltW`%lfboA3r|FGb9;14=|+MJoDG
z&=QQrRGfv$xF4J1b$7n%TsuRJQ4RG(J$QmM57nW+q6d$mmgsA2f_G8()tP6Py2Cu?
zUn3k#g`AC=ngXnb2eA;(;R>8O-|pIb*owT(0{e%@Oy}F!n)(t<t7fPzYR0m#0~X>C
z{0ud)CJQNOH;-RvcYOis#*5esgBIDph=!ov>n~BSQ>n%Fx?VVdd@d&8N$iHjn2z0^
z<PV|%{zyfAxL#dipLY(m2}}8w+MXq2TPkK?7u=89EWctsjCsm##va&`d<v%E^QbAl
zj1}+>vR_Rx24l`Ld)|lT$@7s<g4u>G&{r<cPFV-k+ReczT#MQhFQOVgj6rw`6Yw*P
z$H3)wGbNzz>yEl^43@%7S3eDPeI9Bryn-yD&s?UUkyK%U^}s>c12eEU7NOp6v(g%d
z^+`Rb&D#r`;b_zntwZgl1E}`SVrRVJ@&>DHM>}FAz5l}~XbQ718W*5$+=|t4pUY2T
z2>Dg4h5x}AthCy$Wir+wPeXMi4{PFHR68dy7;mE9g1gv<=bO-{Z9}6_Q#&8q;cnDO
zt~vk2vgA=~?Azf%%|I$9VqetjI3F9~PSjg;+MWLvHNdL*_IWMPr-~sIv>9?y4}1x=
zmd8-9$tA3d71r9#*aDT0MO~MNTI(Gy-;F)V-*J{J;CDUwVAPE5K|S}w0_I;+^tC%t
zVx66V+Nde+jheb_48;|w2DYGn7rf=pUqH3<Gpa+C)>|83WAe_Z>vJ&-*P@na*LvnZ
zkiv&lXibiz9`rS8gg;|BjNV`$PzRfkcSX(AEYy8#uqnQX_3(4l2up9Y*Vo3D<bzSy
zuR<-=ZXX4W^f+o{w^3^ryvg>sE@}q4VicyK8kp@|hZ@OVjKqJT_QFl{U{s-<fmW!2
zPQoCZjFr(hi^6aUtFa>9blyjGsKRF3P$EW<_d|7H0#?EW7=;C>j=Y4L!PD3RFQZ=9
z%3G`*F`Rq~@;3O)0t!{BSc&S<3#bpp+o%UzK`p^As3|jB?FTCkV@XG&?puVNun^Vp
zOV|+aV=GM9X5XGPY)+nu$$I~HP++5)Pf%++@fq9mO{n}7CSx&bYLlO}uh%%#(&eMp
zd_Q{dbJT$TaCy{ryH{GFIy?Y1kQo@_qfkgeyL30I!E>k){f3&_&>eOU)OB{o6za!d
zP27Td{oX_^(P30OpP)MY3#vo$JMH!DQSFXK|L^}<6auMOjwNvw_QACngO^bslwwrR
z8||_q9)JPl1NqSdb?md4Ce;1ImBmbAvM%O$o=CD~pTA-wKm8AO7ij$#67|Vz6Opcd
z7OLkudQkoWhZ35NhmQ|P-X>ZT-H8QUyAD}F|1p952Bjpe|AV7F1ua8!PW}}W@kbm?
zL{Qc-4v%3Um)CTDMcs5)-c9*c;z{x@xP#E4rO+|hUFT08Jbwb2)_e+4jSKRKu9PPd
zzY<#45kwUt#x?LL<-Ww6hZ<}^c?0nTF@|$f@Gn>yml8WEKREQk@<0D^3VKC!H0GiZ
ze3O_?6cH^69r{OV16wp5Fo!%GUnK4l&k^qs!-!^_+emmRvrWuI%2#jz>KH`K4dD52
zP&i9`OI#)XPQ<#4PEt;H<>eUe%K9y+W4pyH!uFhNNtAMR*YFb2nmYZNu45UdVI_aY
z?}GrwpH0%jRlJT~cd@FfQoe=rlyEF2&iG6A$D^E&q4<TXdz`#4p|>ZFSWmev`llK7
z8XhHd%q4!(iM3p`g3yue?CGpP-DCbU{JN!Xh^trC9HI;PZ`ckmV;g(|M-yv_XUSi~
zPl!ySI&q$8Nd2?uTSy_6!eK&3J@O3VoJ~zXXBKt8Q2yQJ)i9Jg9kYq2{Uv@-_iyNi
z&k%vGzAfeBl=VBN*wtOo#2g^$$H_+s9qouOiN6t>h_OT}@!)ugLOj=QA<DaZI^cWM
z?{ya?;AraVxLh0|4iTYBI0kWkq}KnzF^Y<(NM_?jyzfo~kpD?}smn!kVm?ulb2|P*
zq_}cv%K3zTX*DB$CQcAK)>zCmuFau*UC$pu(h=V$z9Ytv`-q{$r{o_IqX-?fsLLcu
zQ1%e75FN=M9N$n#cM1RCHH|p;)I;b0OI`9qxi5@l1(i#1HMYQmxEgz*jyTF8#3Dk+
zaH0<70-TC7ROybc<ZUR25!+nd8tS^aaz)DDQ~sCDedZK}8dTQAruYH|;}&~?|K~sX
z8R_!voYOIqXhM`GFT~;4AG^ErjVM1jI#E}Tq&)E?F@%`mzmECOB6*hxB5D)ETmu=D
zbu4zd%AXOrDsXHjqKW?Qe3gf;>qPw>qMWOX#sngeSWmr<T10QH^KyU6|AylfC8(c@
zopCaH@U~8H^tSl_&ju9-5KD-+h>wYFT&p9G_?!qLuS*mVn~6eVE1|=;haclf?qNPI
zzz+!>r-`qLU?uLT`=Ee-JXGFFxeT#^s6ou5t@_vs$6*>)C-zf*8aEM>^#0$ZLPtZQ
zCozlYOguPJbs?dnm-8{4MqUP2`Onz@^I64G)XjI-EhAs)$}=&UyetmXg&gYwO7bt<
zfT9JpdzC1Ps=Fs(U732#iiXrnk8d||YR>qK>~v4=?5r&BjGT<|p79yeCV6u_@wuLa
z_zCqqvofYmNt@x#_2hUtli|&t;hC1>o#@T+W{>w4z1251v?y_O#ekv#V-iXio$-Dd
zu<rNt_C<py?Mi5y<;_Z)oSXKb#oP@46DI$^=`8P*wCwcsw4DF9n4965=FRrzWMrik
U{hYretmy8}76C<_o;w=wKSPCjFaQ7m

delta 9741
zcmZwM2YeM(+Q;#eP*Wg~&>_hL2nnGD={*Eus8T}}Lr5+mCfq=ZfRqc;L{X|p2LTHr
zDn>y;?6@u}D6jj9Wfj4?i>rdNtElYnf6vJ)pM7^eKKVZ9%$b?fW)k)4YoW_dh6X-~
zu6m#0cqGJ_W_WWgV|s)dv%QIGjal5nn0B}XYtrTkY)JXpmc}&2cTm?|bcQ9`ax3Qm
z=Tsa>yM@>uU%|n~1k4YvL9bTEH0Hzv)D26VYp@aJ$DAin5B|iJe?hg6Niv2$m{g?7
zWMNxefI7b)qw#fD{s8Opd~=0F53ZSP8#c!&l>1>U?m%654At%wssmp;tG2cs^iY%5
z1LJTkHpfzAjAj$6W6xs(UQj*HH`P*X!#2q5nwyY5nG*DHD{2JCupXXu<!@a%yp3Iw
zc&x+uZb;wEAk>V^MqRfFWAFg#IWJ;BJ-t98Lzyp`fLh};RF5a1Mi4;$F%R-X9Xx}B
z@E4540c;dG5;b#EP<v-SKT>f&YVAKn%~V)>=D#{gOKLk|8|;kPs0%kD|Cm?!Q4@c_
zF#H8;Vbu=C^u%b?1BauQrVus4m8bz6aGpWU#LuYv)lOypGf5iKy)?|mzPKBi6!R(e
z!HAB=MB!l6nodMLcmZl}9KpJH(v?3(4d6Qr$JiTehmuhP9)`Nlm;lLUlG`u?qnHMb
zBnve~rKlyj7h~`s#^cKvjh~@5<&UWLwV6J>Ev>OWrlUGO0oB17*Z^<G;F7K*sX@gN
z^zcR0<~ireVO{J9QcySOf-#us%9BwYn2GAZO4P{qpf>FZ)OF`k9sdzE(0W~i&kLAI
zB)L?~N3GeXsHv;cjZt7nJdcyHIv=3E-R%f7de}9*1vTP)jKIantee%SfxLj~*jK2T
z4ee<M>fyo=*1tbVV@|x-%NX{B`2g!<SZ`}Q)}!17HRVH)dzmT7V9fofP5L(Kt@#!8
zz<O*P-KPWUea}EGWj^XYE3g^QH(N;b+8jo0x>r#n`VKv;$&L)JDeA`QsI{Ad>iAOB
zeRg08#`d$Dcr9usP9wK6A!)%+uIY!Yu33e__x}YFP5obywkD*%{Z{u!-CzakfzRR~
z`~<Z`N$Iwng{vs<M0GHE0G-4Es3ly1{9~Tvhi2+WOv4rf>GzE!dHT%|!h4E*)XZb-
z5Iy*PY=L1kx&hmvMluz7GtEwHj;FB|UP5)WG4C|rB-0PIL`A5#U=P;8r!X5|%?#M7
zZ^5v1A{DiX`r{ZJj=I4Es406NYh&bKyC<5WK18Xg`o5_5eK_hvGy$7onJceD?TLff
z0ACG|R44fmwZ@-eEdGKTNuwcl<b6>cnT^^!4<q~397Xn<xq`ZJr=ixts2Rz2<rSzU
z+m6Y2($xnplc=X*!|aqNqIx#o>31$i&CqsK2M?ll`<t$O0d-x-a66-oFrIQEY6db;
zzl^4#2DTF8v~LfR=)$*99l3xJcn!6gB5pE<KAKjj3rkQp+KlSJaZJF!U`_ld>Vam2
z{qV%1uIu2;LR~)}8|b~+P12r<Bd8_#64jAws2epMX_ufo>VbvMrPzk@Hq;IOgqre;
zt{gMU?uqVLh5Ag?K!+mx&rHKXJl{M@qSxgzYHGWVwvI)0paeA&Yfw}AC^B{CBx=pS
z!7#jrY8S@N)j(RJz7Ks+_2aP)mbm(*7)YXG2Z?TY0&C;vs7-PiL$TRd+o5<2r`*St
z2cgbSM|HFSH3KV9_c@4B_&jQf-a-xVA6O3~vzUK9I3dffQ5vep(@{5CjIHruRJ(Uk
zBl#XR6A|O=gWI6$2cecI*Et{ceb|7y?_o^AcTgR=I*$3*+Qp8yBT2`qlrvBx7=pZs
zW+F!8UTlbmQ6HvL&P%8fHJD)6xDD2#oQ~@FNL2e`)DmpKPPi{XqTPAc`8(>tEhpNk
z?u2@9U*{;)i1IK7SE6?PHuP{GcEJ;<fn7z-j5o=Cz<QycHw!frflVZ-Brl_GbP3zz
zRo5V8vN3BZXQ6icm)HTLZ?-o|$99xwpz1eaTYMeW(aWeMY%s;nL>e}soQ<B||Jz9#
zQ?U)3;WMbII)l3L71R{Ayv6>ZG5~dcD0*0onxVC*`|Ne)<EW*22fO0e=wW=eU4k^M
zq4$3jiEc0v)qx_^gIA$$cm(6{UDOS~N42jx)$W<5ScP&NcEjfA;Uv@&%*S}#je6T&
z!WkiS2=(`;88wX?Q*j4sYPROu2S0<l@HFa!^qn&z&(<fQI-H5>a2_V$dejm=jk@lF
z^BU@YO?}p07*K=BB)ZWY=SJrtY(f1g)LLG`j#z)X-DH^<OL-wS!fmenG-{^KpdR=)
z)b-){_TQ}9p*nhZKJ%~F<{%Zi;1yJdK15x3#o1tnt?!CjlF^uiMVO2mQ6oN%iFnb~
zM;F)!^+J#ODX0N0LUm|QLBOu<2`V&#&rv=54eMk4t+r!burB4{s0U;_m!sMpKy~b8
zY>6LXD>Q|6AW5h_l!=<@>8Oq`4UlLgk6}-I5B2&)71`ejy|EVM07l|Hs43ryy6#!$
zIn>hBoM}7I6RT0q#<u7~eHYfFUeh;F9SHo3q$Wv%-+pjXoL#Ux^=YV)%|rEk18Rnz
zMBU&Frr=f7OtdPt_v?)lDQ92??!vzK1*(0^S^Sly_kRRQZ7SAbYut^QcoMZIqG#Jr
zYYOTC{jfb|VGUe{n(Eb99V<{Xa}*!O^Ed$SDzP(j3O&k~v4!6MdZqTp-BFwFCe-`w
zM~!$1>b2a7n)>Hl`F*TI`4UE9l``Am7}N)+4XT6FP#wG#HDl|r9UjGSo^QS;X@Hke
z4+<~04^Bkw(sb13@u4=?GSn{KkJ_|vyZSFtBaOJtF3|{NADY>ynf(|wGu7wVj<m<X
zRVv1l#Dwq{?_9gq`Sa`=E<ruuF06}tQET@McEEGk0PEatJCuYT<)L_p`xT+Ck6U0j
zVK;0{IS)0UMGKgJP4x~c>f@8x3tz`h7`o8@>D3i=z5ttG0Cl6SsF`@$c^1{7U(v&u
zMRtigV=Cng)OEL^mU`_X=3hO0k_!1})Eb>fJt%_no3Rz%g)d@%9J1KH9joz1$|szW
zOYFZJjzP`PJ*XKwj%oNcj>Fb>*nuq$kZ3noU?!eNU6``e{?$7PS5bZlwf3pY?CX?;
zYPStX;hWeIW0%_wjlg`$n=mBAnBOsxvRP@L*9x@>16d?#BulXmzJ>!a^iI23GEtkS
z7@Ol3?1s-{Py7+}7IdJOdX3YNH_ME`NPGo#{xnA5IpkYqE@D@`{}Y+l9#pJFt=&m%
zh@YX>{AbjSqwcmJs5nff+!{5a(HMtwQP<s%;rIkr!=tYLB~<&fsJ-wzcGvsgVYMB}
z4AcYn;$VCZhhdd_?E5{^ITcf=pM~1I+pse}jxF&5YA@Bi*WNDy2T<<j%JWejU57C|
z-|Q#R6dlKAcnZ~#zoUK|hODvWSgb|46DDAPjK^GThf7f(nnS3LoJGydZ>ak;TWgo3
zJL)aSz`$^lY!cn*AZlvgMvdT#Gisgv9wejQijJs}55xADjV<tAR7ajdwL9m|UquZp
zWxah)CaRpjp801Jm}OMxfyYo&^B&%S7cmLrH`q;>i7L-VwcCPP<3p}|1cy*Q?QF7<
z{XyA>8sM|22cJdF%ugGcf1RjzpB;H;)YMKvO<4e=a2u-K0gS~r-T7}&H>$SDcBrMZ
zH+G<YEUNu7tb=<{OH+ZNcs4+ywfG42pr249taiWsce-|{2Xw<!9EX~zm8k1>qh{(T
zw#IK!BW$?Yw(pGHDEm<Dcc7N)2x_2#k4QAK-%x87yT$gnJ8A~TVM8pz#(0-=A8I5o
zV12xR+6zCUhsj&*3=Bq%bRO!pT!0O5B~H@&zmp`Iil3d4+iZv8(WAZ}*2AgT7|SsR
z*PuGK7uAtts2MzmUGaO=Ynrs(IvVRzUWk#n1{>@B-%g?)9Y%d1-bOv(GKOJ|9d^p<
zVh_q)P+!7g)OG7I9rvSV@*=jy$es3gL=UV<xdgl5eC&jWa2?M#Uyx{R=j^gQe*{(j
z6xFcKZacLDQLk4iYV96Ct@*3y;kT$6s{Mdl0&GNiFsj4TunjK9&Ugp|+6-Tk)WYyR
zcFh`L0_8!d5#EZL>Lu6|w>Y1{o|NCkIE>tD+qXfzmg%Ua8-%*w6x1FGpgQ{aUglpH
zzCnc^@D*w=T*FX|-e>=Hyguqf)db^l25Khm#1?oMH4`6V2-e`oXIOcxRV7C=;^$yy
ze-vu{|4PmPOaU>Tc$3gHE#aa#f?tTHF6N+?L$4<*7MxlzOZCGY^=a4L<sHc9k{=_~
zxmY5Nx}L<R<T_sA`DQW|tAa&dFLE7vr3Mq7DSwMM;jO4?`;E|XKQWY;#<^+OhtSc5
zvi?`y!?tMplj|rY=923VmJf+N<bfARCKH<0om7k>?j>~0#(RjWuDk_n5n7t!U<><W
z6Ff=Ga_u7U&y;T_29fW;WrU9ZC0-9^EO`j?--iYZsThi{;Ud%`z6{~`HtLv9-qohT
zp93i$C40x!)uFtd;Fo4_)4FQYk2)QE4$SR@em^Xr?qk&VC-~>nJkq<V97FUY&vzH4
zJJoc#esH`>R3*l8t|>8|=ti{ENsh0H9>fG<4)v+T0AiNvunCb)uHz1^zm5-xyMvj1
zWxgWMC7vNdxuEhmS(*HY*C_K#&HP9lAubRNxGo=8U3Wc2Q$s&E4ic5m4_4@herpXR
z9v~WVq26O1N#y6THQqqzf5ogObfjQ5&LldL&r#)d#}=1QbnU;O{3lx%Fb}$u54e+0
zQ@)8PqWlnEByJ_Ih1Va=DOC3U7S7LbC&%J&%KFw%ado1EIvvY#x=s1KbB9C<9<iAd
z3-A+SG4VXHo@hsX238&kBu}_P2Iut4WHc@#b`Uz=BeKZv3zqn^%+;&7#?@`WeF1mk
z5elQ-iAuUvCeA6e)#rCGE+!r##u3%2`-b?tYq!YRn{!KCo=mQz3$f1Sapb`n9O)`H
z;Z?Qb_?5_|{1}E4oydzY7ITPf!Xx%kH<hSOz7}<CwwSHX5uDR8(PHxOEKyJI|1ftl
z(b*PXat$xz3|Bvi-0yOo?oCt>nM7Y=1aXP@g?NKVplu!ONh~C9N$euuic5+8<g+#Y
zJPJBGTg>nH2z7T5Pm%8?CXuJ&PeeJP;~t`v`Y0lr{C#3OafPTt=s0CD#kA>2euk(?
zlo4Zy;QU8(@-X?GL|ft<F^JIdIWe8{Be6Ng6VH;T5jx5!AHXQWN8Sr>BU%w}5#JGQ
zsJ{WbqmC06^8*GlsVpJs>Q3J0e380!#2U)~gO3wB?x)-W8{<@BK(Lno&_%BQhM*1Y
zr_M+GllX|3PxPREFHuh1PUwi#`d@#npztUW<0_9|ce0tgs0v0<znZv{yq#<F7i>Yf
z8WBdUAo^4H58^o@h0u{qyc^8)gXhnr;Wk3YaN-u?Zz^y+Nd1>KH3j4i$=hRJ*M2YM
zUgR5yc|-^?&b8k~{yq6=UE}K3Q>SAH*2cT^VR@LsAzX?7!ph@D%Dai1iH(GgVZ?3Z
zS=dAs!K31Z=0mFtPRwiV4II<oOD-+Q_j|?uqIs>ujpupEIx$)&eE!^$d9%v?>$&SL
zs;JuPv5;uj*q7(!<&@=wo5a!$zxHp`B(c<UX9|k_-kgG>B5#_{D=+osZ8(tBqhW_X
z&U5AT;*y?T^Tg8T73Y!)6Dw8^kB_?1H`kY2Ugq<BbIW`s{+uFjR!MPwNzTl0Q|`~1
zR^;=_ioFtFPTv1(KyB%)Vt=Wxr<Yh-vFqlzkf`#~0)M`jTQF;euSAu{rleFK8ys(N
zB4*_H=jC`aef}JOUQR)9HvX6ld(!7GEGd{(`rl9fab?B%+zTNCH4z@YuDnQ-;uV(r
za|^suUugjoV{aC$uPk^ug*kpNuOOe{k!^U%H?WarDX-xFT9o_C$_q8Br=~xYT=B)d
zJL?R|_Z61<3K?JJ^mtU*2@5x61$jAzEX%B%GDbIZT23zA%JJvtQ{(^73pOlX)v#je
VuC5{V8BV_I#dULbWcO<!{|21C2+05d

diff --git a/po/id.po b/po/id.po
index e975d79..7aa3442 100644
--- a/po/id.po
+++ b/po/id.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-id\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2004-06-17 16:32+0700\n"
 "Last-Translator: Tedi Heriyanto <tedi_h@gmx.net>\n"
 "Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
@@ -20,51 +20,51 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "X-Generator: KBabel 1.3\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Anda ingin menghapus kunci terpilih ini? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -72,7 +72,7 @@ msgstr "passphrase tidak valid"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -83,25 +83,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "passphrase terlalu panjang\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -111,298 +99,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "passphrase yang buruk"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "baris terlalu panjang\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "passphrase terlalu panjang\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Karakter tidak valid dalam nama\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "MPI yang buruk"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "passphrase yang buruk"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "ubah passphrase"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "algoritma proteksi %d%s tidak didukung\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "tidak dapat membuka `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "tidak ditemukan keyring rahasia yang dapat ditulisi: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: gagal membuat hashtable: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Ulangi passphrase: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Ulangi passphrase: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Ulangi passphrase: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "passphrase tidak diulang dengan benar; coba lagi"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "passphrase tidak diulang dengan benar; coba lagi"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "passphrase tidak diulang dengan benar; coba lagi"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "kesalahan menulis keyring `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "menulis ke `%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Masukkan passphrase\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Tetap gunakan kunci ini? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -410,7 +378,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Nama harus berukuran minimum 5 karakter\n"
 msgstr[1] "Nama harus berukuran minimum 5 karakter\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -418,382 +386,387 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Tetap gunakan kunci ini? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Anda perlu sebuah passphrase untuk melindungi kunci rahasia anda.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "ubah passphrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Kunci dilampaui"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "detil"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "lebih diam"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "perbarui database trust"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAMA|set charset terminal ke NAMA"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "tidak didukung"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "tidak didukung"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|gunakan passphrase mode N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "gunakan gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Laporkan bug ke <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "algoritma digest yang dipilih tidak valid\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "membaca pilihan dari `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "tidak dapat membuat direktori `%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: direktori tercipta\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: tidak dapat membuat direktori: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "gagal perbarui rahasia: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: dilewati: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -803,19 +776,19 @@ msgstr ""
 "Pilihan:\n"
 "  "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -823,8 +796,8 @@ msgstr ""
 "@Perintah:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -834,87 +807,86 @@ msgstr ""
 "Pilihan:\n"
 "  "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Batal"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "bagian kunci rahasia tidak tersedia\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -927,19 +899,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "y|ya"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -952,7 +924,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -962,142 +934,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "ubah passphrase"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Anda ingin menghapus kunci terpilih ini? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "aktifkan kunci"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "bagian kunci rahasia tidak tersedia\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "algoritma proteksi %d%s tidak didukung\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "algoritma proteksi %d%s tidak didukung\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "algoritma proteksi %d%s tidak didukung\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "gagal memperbarui: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
@@ -1113,33 +1085,33 @@ msgstr "tidak dapat terkoneksi ke `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "tidak dapat meniadakan core dump: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "gagal memperbarui: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "y|ya"
 
@@ -1194,51 +1166,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "gagal memperbarui: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
+msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
+
+#: common/asshelp.c:366
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
 msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "PERINGATAN: %s menimpa %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1317,7 +1333,7 @@ msgid "algorithm: %s"
 msgstr "armor: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1401,12 +1417,12 @@ msgstr "Kunci ini telah berakhir!"
 msgid "Root certificate trustworthy"
 msgstr "sertifikat yang buruk"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "sertifikat yang buruk"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Kunci tersedia di:"
@@ -1448,7 +1464,7 @@ msgstr "Tidak tersedia bantuan untuk `%s'"
 msgid "ignoring garbage line"
 msgstr "kesalahan dalam garis trailer\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "tidak dikenal"
@@ -1458,144 +1474,26 @@ msgstr "tidak dikenal"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "karakter radix64 tidak valid %02x dilewati\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "menulis kunci rahasia ke `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "kesalahan baca file"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "baris terlalu panjang\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "argumen tidak valid"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "armor tidak valid"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "perintah saling konflik\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "opsi impor tidak valid\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "tidak diproses"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "perintah saling konflik\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "penerima baku tidak dikenal `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "data tidak terduga"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "opsi impor tidak valid\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "opsi impor tidak valid\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Perintah tidak valid (coba \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opsi impor tidak valid\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "CATATAN: tidak ada file pilihan baku `%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "file pilihan `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1611,131 +1509,132 @@ msgstr "tidak dapat membuka file: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "tidak dapat membuat direktori `%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "kunci publik %08lX tidak ditemukan: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "header armor tidak valid: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "header armor: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "header clearsig tidak valid\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "header armor: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "signature teks bersarang\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "armor tidak terduga:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "dash escaped line tidak valid: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "karakter radix64 tidak valid %02x dilewati\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "eof prematur (tanpa CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "eof prematur (dalam CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC tidak tepat\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "kesalahan CRC; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "eof prematur (dalam Trailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "kesalahan dalam garis trailer\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "tidak ditemukan data OpenPGP yang valid.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armor tidak valid: baris melebihi %d karakter\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1743,13 +1642,13 @@ msgstr ""
 "karakter yang dapat dicetak dalam armor - mungkin telah digunakan MTA yang "
 "mengandung bug\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "tidak dapat dibaca manusia"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1758,27 +1657,27 @@ msgstr ""
 "nama notasi harus hanya terdiri dari karakter yang dapat dicetak atau spasi, "
 "dan diakhiri dengan sebuah '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "nama notasi pengguna tidak boleh mengandung karakter '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "nama notasi pengguna tidak boleh mengandung karakter '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "nilai notasi tidak boleh menggunakan karakter kendali\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "nama notasi pengguna tidak boleh mengandung karakter '@'\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1788,370 +1687,354 @@ msgstr ""
 "nama notasi harus hanya terdiri dari karakter yang dapat dicetak atau spasi, "
 "dan diakhiri dengan sebuah '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "PERINGATAN: ditemukan notasi data tidak valid\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Masukkan passphrase: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "kesalahan menulis keyring `%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "PERINGATAN: %s menimpa %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s belum dapat dipakai dengan %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
+msgid "error from TPM: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s belum dapat dipakai dengan %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "buat sertifikat revokasi"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "kunci rahasia tidak tersedia"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "bagian kunci rahasia tidak tersedia\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Pilihan anda? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "tidak diproses"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "tidak ada kunci publik yang sesuai: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "perbarui preferensi"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Karakter tidak valid dalam string preferensi\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Karakter tidak valid dalam string preferensi\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "tampilkan fingerprint"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Pembuatan kunci gagal: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "tidak ditemukan data OpenPGP yang valid.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Keysize yang anda inginkan? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "dibulatkan hingga %u bit\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Signature kadaluwarsa %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Silakan pilih kunci yang anda inginkan:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "  (%d) RSA (hanya menandai)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "  (%d) DSA dan ElGamal (baku)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Pilihan tidak valid.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "dilewati: kunci pribadi telah ada\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2159,204 +2042,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Silakan pilih kunci yang anda inginkan:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Signature kadaluwarsa %s\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Silakan pilih alasan untuk pembatalan:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "gagal memperbarui: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "dilewati: kunci pribadi telah ada\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Ditandai? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "berhenti dari menu ini"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "perintah saling konflik\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "tampilkan bantuan"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Kunci tersedia di:"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "ubah tanggal kadaluarsa"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "ubah ownertrust"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "tampilkan fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "buat sepasang kunci baru"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "ubah ownertrust"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "ubah ownertrust"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "perintah saling konflik\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "perintah saling konflik\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Perintah tidak valid (coba \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output tidak berfungsi untuk perintah ini\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "tidak dapat membuka `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "gagal membaca keyblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(kecuali anda menspesifikasikan kunci dengan fingerprint)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "tidak dapat dilakukan dalam mode batch tanpa \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(kecuali anda menspesifikasikan kunci dengan fingerprint)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2398,9 +2294,9 @@ msgstr "kunci"
 msgid "subkey"
 msgstr "Pubkey: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "gagal memperbarui: %s\n"
@@ -2425,165 +2321,123 @@ msgstr "terdapat kunci rahasia untuk kunci publik \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "gunakan pilihan \"--delete-secret-key\" untuk menghapusnya.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "tidak dapat menggunakan paket simetri ESK karena mode S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "menggunakan cipher %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' sudah dikompresi\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "PERINGATAN: `%s' adalah file kosong\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr ""
+"anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "anda tidak boleh menggunakan algoritma digest \"%s\" saat dalam mode %s.\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "Membaca dari `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "memaksa algoritma kompresi %s (%d) melanggar preferensi penerima\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s dienkripsi untuk: %s\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s data terenkripsi\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "dienkripsi dengan algoritma tidak dikenal %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "PERINGATAN: pesan dienkripsi dengan kunci lemah dalam cipher simetrik.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "masalah menangani paket terenkripsi\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "tidak ada eksekusi program remote yang didukung\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"pemanggilan program eksternal ditiadakan karena permisi opsi file tidak "
-"aman\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"platform ini membutuhkan file temp ketika memanggil program eksternal\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "kesalahan sistem ketika memanggil program eksternal: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "program eksternal berhenti secara tidak natual\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "tidak dapat mengeksekusi program eksternal\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "tidak dapat membaca tanggapan program eksternal: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "PERINGATAN: tidak dapat menghapus direktori temp `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2609,403 +2463,403 @@ msgstr "kunci rahasia tidak dapat dipakai"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: dilewati: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "menulis ke `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "kunci %08lX: signature subkey di tempat yang salah - dilewati\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "kunci %08lX: kunci gaya PGP 2.x - dilewati\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "PERINGATAN: tidak ada yang diekspor\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "kesalahan penciptaan : `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[User id tidak ditemukan]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "kesalahan penciptaan : `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "kesalahan penciptaan : `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "tampilkan fingerprint"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "kunci tidak valid %08lX dibuat valid oleh --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "menggunakan kunci sekunder %08lX bukannya kunci primer %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "buat detached signature"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[file]|buat signature teks"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "buat detached signature"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "enkripsi data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "enkripsi hanya dengan symmetric cipher"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dekripsi data (default)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifikasi signature"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "tampilkan kunci"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "tampilkan kunci dan signature"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "periksa signature kunci"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "tampilkan kunci dan fingerprint"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "tampilkan kunci rahasia"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "buat sertifikat revokasi"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "hapus kunci dari keyring publik"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "hapus kunci dari keyring pribadi"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "tandai kunci"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "tandai kunci secara lokal"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "buat sepasang kunci baru"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "tandai kunci"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "tandai kunci secara lokal"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "tandai atau edit kunci"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "ubah passphrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "ekspor kunci"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "ekspor kunci ke keyserver"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "impor kunci dari keyserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "cari kunci di keyserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "update semua kunci dari keyserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "impor/gabung kunci"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "perbarui database trust"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [file]|cetak digest pesan"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAMA|enkripsi untuk NAMA"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "jangan buat perubahan"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "tanya sebelum menimpa"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "ciptakan output ascii"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "gunakan mode teks kanonikal"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|set tingkat kompresi N (0 tidak ada)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "impor kunci dari keyserver"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "periksa signature kunci"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "tampilkan kunci rahasia"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NAMA|enkripsi untuk NAMA"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "gunakan id-user ini untuk menandai/dekripsi"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3013,7 +2867,7 @@ msgstr ""
 "@\n"
 "(Lihat man page untuk daftar lengkap semua perintah dan option)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3043,13 +2897,13 @@ msgstr ""
 " --list-keys [nama]      tampilkan kunci\n"
 " --fingerprint [nama]    tampilkan fingerprint\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3064,7 +2918,7 @@ msgstr ""
 "tandai, cek, enkripsi atau dekripsi\n"
 "operasi baku tergantung pada data input\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3072,553 +2926,569 @@ msgstr ""
 "\n"
 "Algoritma yang didukung:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pubkey: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cipher: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Kompresi: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "pemakaian: gpg [pilihan] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "perintah saling konflik\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "tanda = tidak ditemukan dalam definisi grup \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Tidak ada signature koresponden di ring rahasia\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Tidak ada signature koresponden di ring rahasia\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "URL signature kebijakan yang diberikan tidak valid\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "tampilkan keyring tempat kunci yang dipilih berada"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Tidak ada signature koresponden di ring rahasia\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "CATATAN: %s tidak untuk pemakaian normal!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Bukan alamat email yang valid\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "tidak dapat memparsing URI keyserver\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opsi impor tidak valid\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opsi impor tidak valid\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "URL signature kebijakan yang diberikan tidak valid\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "tidak dapat menset path exec ke %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: opsi ekspor tidak valid\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "opsi impor tidak valid\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "PERINGATAN: program mungkin membuat file core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "PERINGATAN: %s menimpa %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s tidak dibolehkan dengan %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s tidak masuk akal dengan %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "algoritma cipher yang dipilih tidak valid\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "algoritma digest yang dipilih tidak valid\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritma cipher yang dipilih tidak valid\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "algoritma sertifikasi digest yang dipilih tidak valid\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed harus lebih dari 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed harus lebih dari 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth harus di antara 1 hingga 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "level cert default tidak valid; harus 0, 1, 2, atau 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "level cert min tidak valid; harus 0, 1, 2, atau 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "CATATAN: mode S2K sederhana (0) tidak dianjurkan\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "mode S2K yang tidak valid; harus 0, 1 atau 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferensi baku tidak valid\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferensi cipher personal tidak valid\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferensi cipher personal tidak valid\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferensi digest personal tidak valid\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferensi kompresi personal tidak valid\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "keysize tidak valid; menggunakan %u bit\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s belum dapat dipakai dengan %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr ""
+"anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "anda tidak boleh menggunakan algoritma kompresi \"%s\" saat dalam mode %s.\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "Peringatan: penerima yang disebutkan (-r) tanpa menggunakan enkripsi public "
 "key \n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "dekripsi gagal: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "Pengiriman keyserver gagal: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "Penerimaan keyserver gagal: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "Ekspor kunci gagal: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "Ekspor kunci gagal: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "Pencarian keyserver gagal: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "Refresh keyserver gagal: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "gagal dearmoring: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Teruskan dan ketikkan pesan anda ....\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "URL sertifikasi kebijakan yang diberikan tidak valid\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "URL signature kebijakan yang diberikan tidak valid\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "URL signature kebijakan yang diberikan tidak valid\n"
@@ -3632,7 +3502,7 @@ msgstr "mengambil kunci ini dari keyring"
 msgid "make timestamp conflicts only a warning"
 msgstr "buat timestamp konflik hanya sebagai peringatan"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|tulis info status ke FD ini"
 
@@ -3683,299 +3553,315 @@ msgstr "perbarui database trust"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "tidak didukung"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "tampilkan fingerprint"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "tampilkan fingerprint"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "kunci rahasia tidak dapat dipakai"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "tampilkan fingerprint"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "melewati blok tipe %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu kunci telah diproses\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Jumlah yang telah diproses: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "        lewati kunci baru: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "        lewati kunci baru: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "         tanpa ID user: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "             diimpor: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "            tidak berubah: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "         ID user baru: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "          subkey baru: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "       signature baru: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "  pembatalan kunci baru: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "     kunci rahasia dibaca: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  kunci rahasia diimpor: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " kunci rahasia tidak berubah: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "            tidak diimpor: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "       signature baru: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "     kunci rahasia dibaca: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "kunci %08lX: tidak ada ID user\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "melewati `%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "kunci %08lX: menerima ID user '%s' yang tidak self-signed\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "kunci %08lX: tidak ada ID user yang valid\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "mungkin disebabkan oleh self-signature yang tidak ada\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "kunci %08lX: kunci publik tidak ditemukan: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "kunci %08lX: kunci baru - dilewati\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "tidak ditemukan keyring yang dapat ditulisi: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "kunci %08lX: kunci publik \"%s\" diimpor\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "kunci %08lX: tidak cocok dengan duplikat kami\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "kunci %08lX: 1 user ID baru \"%s\"\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "kunci %08lX: \"%s\" 1 signature baru\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "kunci %08lX: \"%s\" %d signature baru\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "kunci %08lX: \"%s\" 1 subkey baru\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "kunci %08lX: \"%s\" %d subkey baru\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "kunci %08lX: \"%s\" %d signature baru\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "kunci %08lX: \"%s\" %d signature baru\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "kunci %08lX: \"%s\" tidak berubah\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "kunci %08lX: kunci rahasia diimpor\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "dilewati: kunci pribadi telah ada\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
@@ -3988,201 +3874,207 @@ msgstr "kesalahan mengirim ke `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "kunci %08lX: kunci rahasia dengan cipher tidak valid %d - dilewati\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Tidak ada alasan diberikan"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Kunci dilampaui"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Kunci ini telah dikompromikan"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Kunci tidak lagi digunakan"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "ID User tidak lagi valid"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "Alasan pembatalan:"
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "Komentar pembatalan:"
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "kunci %08lX: tdk ada kunci publik-tdk dpt mengaplikasikan sertifikat "
 "pembatalan\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "kunci %08lX: tidak dapat menemukan keyblock orisinal: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "kunci %08lX: tidak dapat membaca keyblok orisinal: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "kunci %08lX: sertifikat pembatalan tidak valid: %s - ditolak\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "kunci %08lX: \"%s\" sertifikat pembatalan diimpor\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "kunci %08lX: tidak ada ID user untuk signature\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "kunci %08lX: algoritma publik key tidak didukung pada user id \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "kunci %08lX: self-signature tidak valid pada user id \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "kunci %08lX: algoritma publik key tidak didukung\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "kunci %08lX: signature kunci langsung ditambahkan\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "kunci %08lX: tidak ada subkey untuk key binding\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "kunci %08lX: subkey binding tidak valid\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "kunci %08lX: hapus subkey binding ganda\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "kunci %08lX: tidak ada subkey untuk pembatalan kunci\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "kunci %08lX: pembatalan subkey tidak valid\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "kunci %08lX: hapus pembatalan subkey ganda\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "kunci %08lX: melewati ID user "
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "kunci %08lX: melewati subkey\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "kunci %08lX: signature tidak dapat diekpor (kelas %02x) - dilewati\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "kunci %08lX: sertifikat pembatalan di tempat yang salah - dilewati\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "kunci %08lX: sertifikat pembatalan tidak valid: %s - dilewati\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "kunci %08lX: signature subkey di tempat yang salah - dilewati\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "kunci %08lX: klas signature tidak diharapkan (0x%02x) - dilewati\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "kunci %08lX: terdeteksi ID user duplikat - digabungkan\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "kunci %08lX: terdeteksi ID user duplikat - digabungkan\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "Peringatan: kunci %08lX dapat dibatalkan: mengambil kunci pembatalan %08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "Peringatan: kunci %08lX dapat dibatalkan: kunci pembatalan %08lX tidak ada\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "kunci %08lX: \"%s\" penambahan sertifikat pembatalan\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "kunci %08lX: signature kunci langsung ditambahkan\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
@@ -4203,19 +4095,19 @@ msgstr "%s signature, algoritma digest %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Signature baik dari \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "melewati `%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "User ID \"%s\" dibatalkan."
 msgstr[1] "User ID \"%s\" dibatalkan."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4223,7 +4115,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 signature tidak diperiksa karena tidak ada kunci\n"
 msgstr[1] "1 signature tidak diperiksa karena tidak ada kunci\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4231,53 +4123,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d signature yang buruk\n"
 msgstr[1] "%d signature yang buruk\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Signature baik dari \""
 msgstr[1] "Signature baik dari \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "%s: keyring tercipta\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "%s: keyring tercipta\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "kesalahan penciptaan : `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "kesalahan membaca `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "gagal membuat kembali cache keyring: %s\n"
@@ -4290,7 +4177,7 @@ msgstr "[pembatalan]"
 msgid "[self-signature]"
 msgstr "[self-signature]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4303,12 +4190,12 @@ msgstr ""
 "memeriksa fingerprint dari berbagai sumber...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Saya cukup percaya\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Saya sangat percaya\n"
@@ -4335,12 +4222,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "User ID \"%s\" dibatalkan."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Apakah anda yakin masih ingin menandainya? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "..Tidak dapat menandai.\n"
 
@@ -4542,210 +4429,214 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Ditandai? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "gagal menandai: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "simpan dan berhenti"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "tampilkan fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Notasi signature: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "tampilkan kunci dan ID user"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "pilih ID user N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "pilih ID user N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "batalkan signature"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "tandai kunci secara lokal"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Petunjuk: Pilih ID user untuk ditandai\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "tambah sebuah ID user"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "tambah sebuah photo ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "hapus ID user"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "hapus kunci sekunder"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "tambah kunci pembatalan"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Perbarui preferensi untuk user ID terpilih?"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "tandai ID user sebagai primer"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "tampilkan preferensi (ahli)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "tampilkan preferensi (verbose)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Perbarui preferensi untuk user ID terpilih?"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "tidak dapat memparsing URI keyserver\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Perbarui preferensi untuk user ID terpilih?"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "ubah passphrase"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "ubah ownertrust"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Benar-benar hapus seluruh ID user terpilih? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "batalkan sebuah ID user"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "batalkan kunci sekunder"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "aktifkan kunci"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "tiadakan kunci"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "tampilkan photo ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Kunci rahasia tersedia.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Kunci rahasia tersedia.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Perlu kunci rahasia untuk melakukan hal ini.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4753,309 +4644,314 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Kunci dibatalkan"
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Tandai ID seluruh user? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Tandai ID seluruh user? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Petunjuk: Pilih ID user untuk ditandai\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "kelas signature tidak dikenal"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Anda harus memilih minimum satu ID user.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Anda tidak dapat menghapus ID user terakhir!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Hapus seluruh ID user terpilih? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Hapus ID user ini? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Hapus ID user ini? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Anda harus memilih minimum satu kunci.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "tidak dapat membuka `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Anda harus memilih minimum satu kunci.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Anda ingin menghapus kunci terpilih ini? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Anda ingin menghapus kunci ini? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Benar-benar hapus seluruh ID user terpilih? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Benar-benar hapus ID user ini? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Anda ingin membatalkan kunci ini? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Anda ingin membatalkan kunci terpilih ini? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Anda ingin membatalkan kunci ini? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "set daftar preferensi"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Perbarui preferensi untuk user ID terpilih?"
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Update preferensi?"
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Simpan perubahan? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Berhenti tanpa menyimpan? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Kunci tidak berubah sehingga tidak perlu pembaharuan.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Anda tidak dapat menghapus ID user terakhir!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "nilai yang tidak valid\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Tidak ada ID user tersebut.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Tidak ada yang ditandai dengan kunci %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   ditandai oleh %08lX pada %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s bukanlah set karakter yang valid\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Fitur: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notasi: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Tidak ada preferensi pada user ID bergaya PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Kunci ini dapat dibatalkan oleh kunci %s"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Kunci ini dapat dibatalkan oleh kunci %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (sensitive)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[revoked] "
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [berakhir: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [berakhir: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " trust: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " trust: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Kunci ini telah ditiadakan"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5063,19 +4959,19 @@ msgstr ""
 "Perhatikan bahwa validitas kunci yang ditampilkan belum tentu benar\n"
 "kecuali anda memulai kembali program.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[revoked] "
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5084,18 +4980,18 @@ msgstr ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5105,35 +5001,35 @@ msgstr ""
 "dapat menyebabkan beberapa versi\n"
 "          PGP menolak kunci ini.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Anda tetap ingin menambahkannya? (y/n) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Anda tidak boleh menambahkan sebuah photo ID ke kunci bergaya PGP2 \n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Hapus signature baik ini? (y/T/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Hapus signature tidak valid ini? (y/T/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Hapus signature tidak dikenal ini? (y/T/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Yakin ingin menghapus self-signature ini? (y/T)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5141,38 +5037,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Menghapus %d signature.\n"
 msgstr[1] "Menghapus %d signature.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Tidak ada yang dihapus.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "armor tidak valid"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "User ID \"%s\" dibatalkan."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "User ID \"%s\" dibatalkan."
 msgstr[1] "User ID \"%s\" dibatalkan."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "User ID \"%s\" telah dibatalkan\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "User ID \"%s\" telah dibatalkan\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5182,46 +5078,46 @@ msgstr ""
 "designated dapat\n"
 "............menyebabkan beberapa versi PGP menolak kunci ini.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Anda tidak boleh revoker designated ke kunci bergaya PGP2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Masukkan user ID pihak yang ingin dibatalkan: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "tidak dapat menunjuk kunci bergaya PGP 2.x sebagai pihak yang dibatalkan\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 "anda tidak dapat menunjuk sebuah kunci sebagai pihak yang dibatalkan "
 "sendiri\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pihak yang berwenang\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "PERINGATAN: menunjuk sebuah kunci sebagai pihak yang dibatalkan tidak dapat "
 "dilakukan\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Anda yakin ingin menunjuk kunci inin sebagai pihak yang dibatalkan? (y/N):"
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@@ -5229,262 +5125,267 @@ msgid ""
 msgstr ""
 "Anda yakin ingin menunjuk kunci inin sebagai pihak yang dibatalkan? (y/N):"
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Merubah batas waktu untuk kunci sekunder.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Merubah batas waktu untuk kunci primer.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Merubah batas waktu untuk kunci sekunder.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Merubah batas waktu untuk kunci primer.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "PERINGATAN: subkey penandatangan %08lX tidak tersertifikasi silang\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Anda harus memilih minimum satu ID user.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "melewati self-signature v3 pada user id \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Notasi signature: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Ditimpa (y/T)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Tidak ada ID user dengan index %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Tidak ada ID user dengan index %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Tidak ada ID user dengan index %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Tidak ada ID user dengan index %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID user: "
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   ditandai oleh %08lX pada %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (tidak dapat diekspor)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Kunci ini akan kadaluarsa pada %s \n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Anda tetap ingin membatalkannya? (y/n) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Membuat sertifikat pembatalan untuk signature ini? (y/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Anda telah menandai ID user ini:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (tidak dapat diekspor)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   dibatalkan oleh %08lX pada %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Anda akan membatalkan signature ini:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Ingin membuat sertifikat pembatalan? (y/T)"
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "tidak ada kunci rahasia\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "User ID \"%s\" telah dibatalkan\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "PERINGATAN: signature user ID bertanggal %d detik di masa depan\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Anda tidak dapat menghapus ID user terakhir!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "User ID \"%s\" telah dibatalkan\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "User ID \"%s\" telah dibatalkan\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Menampilkan photo ID %s berukuran %ld untuk kunci 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "opsi impor tidak valid\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "terlalu banyak preferensi `%c'\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "terlalu banyak preferensi `%c'\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "terlalu banyak preferensi `%c'\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "terlalu banyak preferensi `%c'\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "Karakter tidak valid dalam string preferensi\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "menulis signature direct\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "menulis self signature\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "menulis key binding signature\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "keysize tidak valid; menggunakan %u bit\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "keysize dibulatkan hingga %u bit\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "tandai"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "enkripsi data"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5498,169 +5399,180 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "  (%d) ElGamal (hanya enkripsi)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "  (%d) DSA dan ElGamal (baku)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "  (%d) DSA dan ElGamal (baku)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "  (%d) DSA (hanya menandai)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "  (%d) RSA (hanya menandai)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "  (%d) ElGamal (hanya enkripsi)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "  (%d) DSA dan ElGamal (baku)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "  (%d) ElGamal (tandai dan enkripsi)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (default)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) DSA (hanya menandai)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Notasi signature: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Tidak ada ID user dengan index %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: kesalahan membaca record bebas: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "tiadakan kunci"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "dibulatkan hingga %u bit\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Keysize yang anda inginkan? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Keysize yang diminta adalah %u bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Silakan pilih kunci yang anda inginkan:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5676,7 +5588,7 @@ msgstr ""
 "     <n>m = kunci berakhir dalam n bulan\n"
 "     <n>y = kunci berakhir dalam n tahun\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5692,40 +5604,40 @@ msgstr ""
 "     <n>m = signature berakhir dalam n bulan\n"
 "     <n>y = signature berakhir dalam n tahun\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Kunci valid untuk? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Signature valid untuk? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "nilai yang tidak valid\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "%s tidak pernah berakhir\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "%s tidak pernah berakhir\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s berakhir pada %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signature kadaluarsa pada %s \n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5733,12 +5645,12 @@ msgstr ""
 "Sistem anda tidak dapat menampilkan tanggal melebihi 2038.\n"
 "Namun, ia dapat menanganinya secara benar hingga 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Benar (y/t)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5749,7 +5661,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5765,50 +5677,50 @@ msgstr ""
 "user-id dari Nama sebenarnya, Komentar dan Alamat email dalam bentuk:\n"
 "  \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nama sebenarnya: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Karakter tidak valid dalam nama\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Nama tidak boleh dimulai dengan digit\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Nama harus berukuran minimum 5 karakter\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Alamat email: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Bukan alamat email yang valid\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Komentar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Karakter tidak valid dalam komentar\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Anda menggunakan set karakter `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5818,7 +5730,7 @@ msgstr ""
 "Anda memilih USER-ID ini:\n"
 "   \"%s\"\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Jangan menaruh alamat email ke dalam nama sebenarnya atau komentar\n"
 
@@ -5833,35 +5745,35 @@ msgstr "Jangan menaruh alamat email ke dalam nama sebenarnya atau komentar\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKkEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (Q)uit? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (O)ke/(Q)uit? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (Q)uit? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (O)ke/(Q)uit? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Silakan perbaiki kesalahan ini dulu\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5873,13 +5785,13 @@ msgstr ""
 "selama pembuatan prima; ini akan memberi random number generator kesempatan\n"
 "yang baik untuk memperoleh entropi.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Pembuatan kunci gagal: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5887,69 +5799,69 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "`%s' sudah dikompresi\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "Tetap dibuat? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "Tetap dibuat? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Pembuatan kunci dibatalkan.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "CATATAN: kunci pribadi %08lX berakhir pada %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "menulis kunci publik ke `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "tidak ditemukan keyring publik yang dapat ditulisi: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "kesalahan menulis keyring publik `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "kunci publik dan rahasia dibuat dan ditandai.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5959,66 +5871,66 @@ msgstr ""
 "mungkin ingin menggunakan perintah \"--edit-key\" untuk membuat kunci kedua "
 "untuk tujuan ini.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 "kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
 "kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "CATATAN: membuat subkey bagi kunci-kunci v3 tidak OpenPGP compliant\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Bagian rahasia kunci primer tidak tersedia.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Bagian rahasia kunci primer tidak tersedia.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Ingin diciptakan? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "tidak pernah..."
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kebijakan signature kritis: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Kebijakan signature: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notasi signature kritis: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notasi signature: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6026,7 +5938,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d signature yang buruk\n"
 msgstr[1] "%d signature yang buruk\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6034,64 +5946,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 signature tidak diperiksa karena kesalahan\n"
 msgstr[1] "1 signature tidak diperiksa karena kesalahan\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Keyring"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Fingerprint kunci primer:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Fingerprint subkunci ="
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "     Fingerprint kunci primer ="
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "     Fingerprint subkunci ="
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "     Fingerprint kunci ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "memeriksa keyring `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu kunci telah diperiksa (%lu signature)\n"
 msgstr[1] "%lu kunci telah diperiksa (%lu signature)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6099,508 +6011,511 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 signature yang buruk\n"
 msgstr[1] "1 signature yang buruk\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: keyring tercipta\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "URL signature kebijakan yang diberikan tidak valid\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "opsi ekspor tidak valid\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "meminta kunci %08lX dari %s\n"
 msgstr[1] "meminta kunci %08lX dari %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "meminta kunci %08lX dari %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "meminta kunci %08lX dari %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "opsi ekspor tidak valid\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "melewati `%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "ditandai dengan kunci anda %08lX pada %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "meminta kunci %08lX dari %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "ukuran aneh untuk kunci sesi terenkripsi (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s kunci sesi enkripsi\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "dienkripsi dengan algoritma tidak dikenal %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "dienkripsi dengan algoritma tidak dikenal %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "kunci publik adalah %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "data terenkripsi dengan kunci publik: DEK baik\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "dienkripsi dengan %u-bit kunci %s, ID %08lX, tercipta %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "              alias \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "dienkripsi dengan kunci %s, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "gagal dekripsi kunci publik: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "dienkripsi dengan passphrase %lu\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "dienkripsi dengan 1 passphrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "gagal dekripsi kunci publik: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "data terenkripsi dengan kunci publik: DEK baik\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "asumsikan %s data terenkripsi\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "Cipher IDEA tidak tersedia, secara optimis berusaha menggunakan %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "PERINGATAN: integritas pesan tidak terlindungi\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "dekripsi gagal: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "dekripsi lancar\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "PERINGATAN: pesan terenkripsi telah dimanipulasi!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "dekripsi gagal: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "CATATAN: pengirim meminta \"for-your-eyes-only\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "original file name='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "pembatalan mandiri - gunakan \"gpg --import\" untuk mengaplikasikan\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Signature baik dari \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "signature BURUK dari \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Signature kadaluarsa dari \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Signature baik dari \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verifikasi signature tidak diabaikan\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "tidak dapat menangani banyak signature ini\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Signature kadaluwarsa %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "              alias \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signature membuat %.*s menggunakan kunci %s ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "              alias \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Kunci tersedia di:"
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[uncertain]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "              alias \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "PERINGATAN: Kunci ini tidak disertifikasi dengan sig yang terpercaya!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Signature kadaluwarsa %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Signature kadaluarsa pada %s \n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "biner"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "modeteks"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "tidak dikenal"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "algoritma pubkey tidak dikenal"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Tidak dapat memeriksa signature: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "bukan detached signature\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "PERINGATAN: multi signature terdeteksi. Hanya yang pertama akan diperiksa.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "kelas signature mandiri 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "signature model lama (PGP 2.X)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "tidak dapat membuka file: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "tidak dapat menangani algoritma kunci publik %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "algoritma cipher belum diimplementasikan"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: opsi tidak digunakan lagi \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "silakan gunakan \"%s%s\"\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Tidak dikompresi"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "Tidak dikompresi"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "pesan ini mungkin tidak dapat digunakan oleh %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "membaca pilihan dari `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "kelas signature tidak dikenal"
@@ -6625,93 +6540,83 @@ msgstr "%s: suffix tidak dikenal\n"
 msgid "Enter new filename"
 msgstr "Masukkan nama file baru"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "menulis ke stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "mengasumsikan data bertanda dalam `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "tidak dapat menangani algoritma kunci publik %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "PERINGATAN: kunci sesi mungkin dienkripsi simetris secara tidak aman\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notasi signature kritis: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpaket tipe %d memiliki bit kritis terset\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "ubah passphrase"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Masukkan passphrase\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "dibatalkan oleh user\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (ID kunci utama %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Anda ingin menghapus kunci terpilih ini? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Anda ingin menghapus kunci terpilih ini? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6721,7 +6626,7 @@ msgid ""
 "%s"
 msgstr "%u-bit kunci %s, ID %08lX, tercipta %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6737,35 +6642,81 @@ msgstr ""
 "gambar yang sangat besar, kunci anda akan menjadi semakin besar pula!\n"
 "Jagalah agar gambar mendekati ukuran 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Masukkan nama file JPEG sebagai ID foto: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "tidak dapat membuka file: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" bukan sebuah file JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Apakah foto ini benar (y/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "tidak ada eksekusi program remote yang didukung\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"platform ini membutuhkan file temp ketika memanggil program eksternal\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "program eksternal berhenti secara tidak natual\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "kesalahan sistem ketika memanggil program eksternal: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus direktori temp `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"pemanggilan program eksternal ditiadakan karena permisi opsi file tidak "
+"aman\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "tidak dapat menampilkan photo ID!\n"
@@ -6780,106 +6731,106 @@ msgstr "tidak dapat menampilkan photo ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Tidak ada nilai trust untuk:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "              alias \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Kunci ini mungkin milik pemiliknya\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Tidak tahu\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d: Saya TIDAK percaya\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Saya sangat percaya sekali\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = kembali ke menu utama\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " s = lewati kunci ini\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " q = berhenti\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Keputusan anda? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Anda ingin menset kunci ini menjadi sangat percaya sekali?"
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Sertifikat mengarahkan ke kunci terpercaya:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Tidak ada indikasi bahwa kunci ini benar-benar milik pemiliknya\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Tidak ada indikasi bahwa kunci ini benar-benar milik pemiliknya\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Kunci ini mungkin milik pemiliknya\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Kunci ini milik kita\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6891,7 +6842,7 @@ msgstr ""
 "pertanyaan berikut dengan ya\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6903,146 +6854,163 @@ msgstr ""
 "pertanyaan berikut dengan ya\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Tetap gunakan kunci ini? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "PERINGATAN: Menggunakan kunci tidak dipercaya!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "Peringatan: kunci ini mungkin dibatalkan:(kunci pembatalan tidak ada)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "ID user: "
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "kunci %08lX: tidak cocok dengan duplikat kami\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pihak yang berwenang\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pemiliknya!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "        Hal ini dapat berarti bahwa signature adalah palsu.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "PERINGATAN: Subkey ini telah dibatalkan oleh pemiliknya!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Catatan: Kunci ini telah ditiadakan\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Catatan: Kunci ini telah berakhir!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"PERINGATAN: Kunci ini tidak disertifikasi dengan sig yang terpercaya!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "PERINGATAN: Kunci ini tidak disertifikasi dengan sig yang terpercaya!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "  Tidak ada indikasi signature milik pemilik.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "PERINGATAN: Kita tidak percaya kunci ini!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "        Signature mungkin palsu.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"PERINGATAN: Kunci tdk disertifikasi dg signature terpercaya yg cukup!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "PERINGATAN: Kunci tdk disertifikasi dg signature terpercaya yg cukup!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "        Tidak pasti signature milik pemilik.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: dilewati: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: dilewati: kunci publik dimatikan\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: dilewati: kunci publik telah ada\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "tidak dapat terkoneksi ke `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Anda tidak menspesifikasikan ID user. (anda dapat gunakan \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7050,40 +7018,40 @@ msgstr ""
 "\n"
 "Masukkan user ID.  Akhiri dengan baris kosong: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Tidak ada ID user tersebut.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "dilewati: kunci publik telah diset sebagai penerima baku\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Kunci publik dimatikan.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "dilewati: kunci publik telah diset\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "tidak ada alamat yang valid\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "kunci %08lX: tidak ada ID user\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "kunci %08lX: tidak ada ID user\n"
@@ -7093,78 +7061,83 @@ msgstr "kunci %08lX: tidak ada ID user\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data tidak disimpan; gunakan pilihan \"--output\" untuk menyimpannya\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Menghapus signature.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Silakan masukkan nama file data: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "membaca stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "tidak ada data tertandai\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "tidak dapat membuka data tertandai `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "tidak dapat membuka data tertandai `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "kunci %08lX: tidak ada ID user\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "penerima anonim; mencoba kunci rahasia %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "kunci %08lX: tidak ada ID user\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "baik, kita adalah penerima anonim.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "encoding lama DEK tidak didukung\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "algoritma cipher %d%s tidak dikenal atau ditiadakan\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "CATATAN: algoritma cipher %d tidak ditemukan dalam preferensi\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "CATATAN: kunci pribadi %08lX berakhir pada %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "CATATAN: kunci telah dibatalkan"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet gagal: %s\n"
@@ -7182,48 +7155,48 @@ msgstr "Akan dibatalkan oleh:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Ini adalah kunci pembatalan sensitif)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Kunci rahasia tersedia.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Buat sertifikat pembatalan untuk kunci ini?"
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Pemaksaan output mode ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "gagal make_keysig_packet: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "tidak ditemukan kunci pembatalan untuk `%s'\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Buat sertifikat pembatalan untuk kunci ini?"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7232,20 +7205,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
@@ -7258,18 +7231,18 @@ msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Buat sertifikat pembatalan untuk kunci ini?"
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7289,39 +7262,39 @@ msgstr ""
 "pencetakan\n"
 "mesin anda mungkin menyimpan data dan menyediakannya untuk yang lain!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Silakan pilih alasan untuk pembatalan:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Batal"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Mungkin anda ingin memilih %d di sini)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "Masukkan sebuah deskripsi opsional; akhiri dengan sebuah baris kosong:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Alasan pembatalan: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Tidak diberikan deskripsi)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Ini oke? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "kunci lemah tercipta - mengulang\n"
@@ -7332,64 +7305,59 @@ msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
 "tidak dapat menghindari kunci lemah untuk cipher simetrik; mencoba %d kali!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "Peringatan: konflik digest signature dalam pesan\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, fuzzy, c-format
+#| msgid "you may not use %s while in %s mode\n"
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
+
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "PERINGATAN: subkey penandatangan %08lX tidak tersertifikasi silang\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = beri saya informasi lebih banyak lagi\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "PERINGATAN: subkey penanda tangan %08lX memiliki sertifikasi silang yang "
 "tidak valid\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
 msgstr[1] "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
 msgstr[1] "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7400,7 +7368,7 @@ msgstr[0] ""
 msgstr[1] ""
 "kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7410,53 +7378,53 @@ msgstr[0] ""
 msgstr[1] ""
 "kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "CATATAN: kunci signature %08lX berakhir %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "CATATAN: kunci telah dibatalkan"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "kelas signature mandiri 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "kelas signature mandiri 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "mengasumsikan signature buruk dari kunci %08lX karena ada bit kritik tidak "
 "dikenal\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "kunci %08lX: tidak ada subkey untuk pembatalan paket\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "kunci %08lX: tidak ada subkey untuk key binding signature\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "PERINGATAN: tidak dapat melakukan %%-expand notasi (terlalu besar).  "
 "Menggunakan yang tidak di-expand.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7464,7 +7432,7 @@ msgstr ""
 "PERINGATAN: tidak dapat melakukan %%-expand policy url (terlalu besar).  "
 "Menggunakan yang tidak expand.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7473,52 +7441,53 @@ msgstr ""
 "PERINGATAN: tidak dapat melakukan %%-expand policy url (terlalu besar).  "
 "Menggunakan yang tidak expand.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s signature dari: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "menandai:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s enkripsi akan digunakan\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "kunci tidak dianggap sebagai tidak aman - tidak dapat digunakan dengan RNG "
 "palsu!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "lewati `%s': terduplikasi\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "dilewati: kunci pribadi telah ada\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "melewati `%s': ini adalah kunci ElGamal yang dihasilkan PGP yang tidak aman "
 "untuk signature!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "trust record %lu, tipe %d: gagal menulis: %s\n"
@@ -7532,46 +7501,46 @@ msgstr ""
 "# List of assigned trustvalues, created %s\n"
 "# (Use \"gpg --import-ownertrust\" to restore them)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "baris terlalu panjang\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "impor nilai ownertrust"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "kesalahan: gagal menemukan catatan trust: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: gagal sync: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "tidak dapat membuat %s: %s\n"
@@ -7581,12 +7550,12 @@ msgstr "tidak dapat membuat %s: %s\n"
 msgid "can't lock '%s'\n"
 msgstr "tidak dapat membuka `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek gagal: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
@@ -7601,7 +7570,7 @@ msgstr "transaksi trustdb terlalu besar\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: direktori tidak ada!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "tidak dapat menutup `%s': %s\n"
@@ -7643,7 +7612,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: kesalahan memperbaharui catatan versi: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: kesalahan membaca catatan versi: %s\n"
@@ -7653,52 +7622,52 @@ msgstr "%s: kesalahan membaca catatan versi: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: kesalahan menulis catatan versi: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek gagal: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read failed (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: bukan file trustdb\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: catatan versi dengan recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versi file %d tidak valid\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: kesalahan membaca record bebas: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: kesalahan menulis dir record: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: gagal mengosongkan record: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: gagal menambahkan record: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: tercipta trustdb\n"
@@ -7740,10 +7709,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
@@ -7765,7 +7734,7 @@ msgstr "%s: kesalahan menulis dir record: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
@@ -7937,111 +7906,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Menghapus %d signature.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "dienkripsi dengan passphrase %lu\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Kebijakan: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8058,116 +8027,116 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' bukanlah keyID panjang yang valid\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "kunci %08lX: diterima sebagai kunci terpercaya.\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "kunci %08lX muncul lebih dari satu kali dalam trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "kunci %08lX: tidak ada kunci publik untuk trusted key- dilewati\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "kunci ditandai sebagai sangat dipercaya.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "trust record %lu, req tipe %d: gagal baca: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "trust record %lu tidak dalam jenis yang diminta %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "tidak perlu memeriksa trustdb\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "pemeriksaan trustdb berikutnya pada %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "tidak perlu memeriksa trustdb\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "tidak perlu memeriksa trustdb\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "kunci publik %08lX tidak ditemukan: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "lakukanlah --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "memeriksa trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu kunci telah diproses\n"
 msgstr[1] "%lu kunci telah diproses\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8175,45 +8144,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d kunci diproses (%d hitungan validitas dihapus)\n"
 msgstr[1] "%d kunci diproses (%d hitungan validitas dihapus)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "tidak ditemukan kunci yang benar-benar terpercaya\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "kunci publik yang sangat terpercaya %08lX tidak ditemukan\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "trust record %lu, tipe %d: gagal menulis: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "tidak pernah..."
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8225,43 +8194,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[revoked] "
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[expired] "
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "tidak dikenal"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "tidak pernah..."
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8286,20 +8255,31 @@ msgstr "baris input %u terlalu panjang atau hilang LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "tidak dapat membuka `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "PERINGATAN: integritas pesan tidak terlindungi\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "membaca pilihan dari `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8309,129 +8289,225 @@ msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "ubah passphrase"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "ubah passphrase"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "ubah passphrase"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "`%s' sudah dikompresi\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "buat sepasang kunci baru"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "buat sepasang kunci baru"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "hapus kunci dari keyring publik"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Pembuatan kunci gagal: %s\n"
+msgstr[1] "Pembuatan kunci gagal: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "ubah passphrase"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Silakan pilih alasan untuk pembatalan:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "ubah passphrase"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Catatan: Kunci ini telah ditiadakan\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "ubah passphrase"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Silakan pilih alasan untuk pembatalan:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "gagal membuat kembali cache keyring: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "hapus kunci dari keyring publik"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
@@ -8439,43 +8515,43 @@ msgstr "gagal menghapus keyblok: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "ubah passphrase"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "Pengiriman keyserver gagal: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8483,22 +8559,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "ubah passphrase"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Silakan pilih alasan untuk pembatalan:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8506,123 +8582,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "ubah passphrase"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "ubah passphrase"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "gagal membaca keyblock: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: kesalahan membaca record bebas: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "`%s' sudah dikompresi\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "buat sepasang kunci baru"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "buat sepasang kunci baru"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "gagal inisialisasi TrustDB: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI tidak didukung"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "gagal menghapus keyblok: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Pembuatan kunci gagal: %s\n"
-msgstr[1] "Pembuatan kunci gagal: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s signature, algoritma digest %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "tidak ditemukan data OpenPGP yang valid.\n"
@@ -8635,101 +8669,99 @@ msgstr "ubah passphrase"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "jangan menggunakan terminal"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "perintah saling konflik\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "bantuan"
@@ -8763,7 +8795,7 @@ msgstr "menulis kunci rahasia ke `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
@@ -8778,7 +8810,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8799,240 +8831,240 @@ msgstr "kesalahan penciptaan passphrase: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "CATATAN: kunci telah dibatalkan"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "menulis kunci rahasia ke `%s'\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Kunci ini telah berakhir!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Kunci ini telah berakhir!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Kunci ini telah berakhir!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Kunci ini telah berakhir!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "       signature baru: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "sertifikat yang buruk"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "tampilkan fingerprint"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "buat sertifikat revokasi"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verifikasi signature"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "sertifikat yang buruk"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "tidak diproses"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "n|t|tidak"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9045,177 +9077,187 @@ msgstr ""
 "\"%.*s\"\n"
 "%u-bit %s key, ID %08lX, tercipta %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "sertifikat yang buruk"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Bukan alamat email yang valid\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "kunci %08lX: subkey binding tidak valid\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Pembuatan kunci gagal: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (tandai dan enkripsi)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "  (%d) DSA (hanya menandai)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "  (%d) RSA (hanya enkripsi)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Tidak diberikan deskripsi)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "algoritma hash tidak valid `%s'\n"
@@ -9225,262 +9267,256 @@ msgstr "algoritma hash tidak valid `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "algoritma hash tidak valid `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Alamat email: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Masukkan user ID.  Akhiri dengan baris kosong: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Masukkan nama file baru"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr ""
 "Masukkan sebuah deskripsi opsional; akhiri dengan sebuah baris kosong:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Buat sertifikat pembatalan untuk kunci ini?"
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "kesalahan penciptaan passphrase: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s data terenkripsi\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "dienkripsi dengan kunci %s, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "gagal membaca keyblock: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Tidak diberikan deskripsi)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "tampilkan kunci rahasia"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "sertifikat yang buruk"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "sertifikat yang buruk"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "sertifikat yang buruk"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "jangan menggunakan terminal"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "ciptakan output ascii"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "tambah keyring ini ke daftar keyring"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|gunakan keyserver ini utk lihat kunci"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAMA|gunakan algoritma cipher NAMA untuk passphrase"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAMA|gunakan algoritma cipher NAMA"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAMA|gunakan algoritma digest pesan NAMA"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "mode batch: tanpa tanya"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "asumsikan ya untuk seluruh pertanyaan"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "asumsikan tidak untuk seluruh pertanyaan"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9491,87 +9527,122 @@ msgstr ""
 "tandai, cek, enkripsi atau dekripsi\n"
 "operasi baku tergantung pada data input\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "tidak dapat terkoneksi ke `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = lewati kunci ini\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "tidak dapat memparsing URI keyserver\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "menulis ke `%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "tidak dapat menutup `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Jumlah yang telah diproses: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "buat sertifikat revokasi"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? masalah memeriksa pembatalan: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9580,17 +9651,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9601,14 +9672,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9616,53 +9687,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "algoritma proteksi %d%s tidak didukung\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Signature membuat %.*s menggunakan kunci %s ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Signature kadaluwarsa %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "armor: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Signature baik dari \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "              alias \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9689,101 +9765,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "tampilkan fingerprint"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "sertifikat yang buruk"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "buat sertifikat revokasi"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
@@ -10308,64 +10384,64 @@ msgstr "kunci '%s' tidak ditemukan: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Sertifikat pembatalan tercipta.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "sertifikat yang buruk"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "sertifikat yang buruk"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "sertifikat yang buruk"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "sertifikat yang buruk"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Masukkan user ID pihak yang ingin dibatalkan: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10373,226 +10449,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "tidak dapat terkoneksi ke `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "gagal memperbarui: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "preferensi %c%lu ganda \n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "CATATAN: kunci telah dibatalkan"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "tidak dapat melakukan statistik `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Algoritma yang didukung:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "tidak dapat memparsing URI keyserver\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|HOST|gunakan keyserver ini utk lihat kunci"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "tidak dapat memparsing URI keyserver\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10605,126 +10676,315 @@ msgstr ""
 "@\n"
 "(Lihat man page untuk daftar lengkap semua perintah dan option)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "pemakaian: gpg [pilihan] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s tidak dibolehkan dengan %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "gagal enarmoring: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "baris terlalu panjang\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "kesalahan: fingerprint tidak valid\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "kesalahan pembacaan: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "tidak diproses"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NAMA|set charset terminal ke NAMA"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "opsi impor tidak valid\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "Membaca dari `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "         tanpa ID user: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "            tidak diimpor: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "              alias \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "Peringatan: menggunakan memori yang tidak aman!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "gagal dearmoring: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" bukan sebuah file JPEG\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "terlalu banyak preferensi `%c'\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "menulis ke `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "kesalahan menulis keyring `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "kesalahan membaca `%s': %s\n"
@@ -10754,51 +11014,31 @@ msgstr "gagal memperbarui: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "mencari \"%s\" dari server HKP %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" bukan sebuah file JPEG\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " s = lewati kunci ini\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10886,93 +11126,93 @@ msgstr "Gagal memeriksa signature yang dibuat: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "kunci '%s' tidak ditemukan: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "buat sertifikat revokasi"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "tidak ada keyring rahasia baku: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "menggunakan cipher %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "kesalahan penciptaan passphrase: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "CATATAN: kunci telah dibatalkan"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10982,68 +11222,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "gagal menandai: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "gagal menandai: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: gagal membuat hashtable: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "gagal inisialisasi TrustDB: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "gagal membuat kembali cache keyring: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11089,251 +11333,269 @@ msgstr "preferensi %c%lu ganda \n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "q|k|keluar"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|muat modul ekstensi FILE"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "gagal menghapus keyblok: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "baris terlalu panjang\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "penerima baku tidak dikenal `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "gagal menandai: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "kesalahan mengirim ke `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "kunci publik adalah %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "kesalahan jaringan"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "passphrase yang buruk"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "kunci publik tidak ditemukan"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "kesalahan membaca `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "perbarui database trust"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "gunakan sebagai file output"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "kunci publik tidak ditemukan"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "menulis kunci rahasia ke `%s'\n"
@@ -11349,113 +11611,189 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "menulis ke `%s'\n"
+msgid "authenticate to the card"
+msgstr "Sertifikat pembatalan tercipta.\n"
 
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "cari kunci di keyserver"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Berhenti tanpa menyimpan? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "ubah tanggal kadaluarsa"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "meminta kunci %08lX dari %s\n"
+msgid "read a certificate from a data object"
+msgstr "Sertifikat pembatalan tercipta.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Tidak diberikan deskripsi)\n"
+msgid "store a certificate to a data object"
+msgstr "Sertifikat pembatalan tercipta.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "tidak dapat memparsing URI keyserver\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "ubah passphrase"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAMA|set charset terminal ke NAMA"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
+#~ msgid "use a log file for the server"
+#~ msgstr "cari kunci di keyserver"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+#~ msgid "argument not expected"
+#~ msgstr "menulis kunci rahasia ke `%s'\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "opsi impor tidak valid\n"
+#~ msgid "read error"
+#~ msgstr "kesalahan baca file"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "kesalahan menulis keyring `%s': %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "baris terlalu panjang\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "argumen tidak valid"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "armor tidak valid"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "perintah saling konflik\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "kunci '%s' tidak ditemukan: %s\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "opsi impor tidak valid\n"
+
+#, fuzzy
+#~ msgid "out of core"
+#~ msgstr "tidak diproses"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "Membaca dari `%s'\n"
+#~ msgid "invalid meta command"
+#~ msgstr "perintah saling konflik\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "         tanpa ID user: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "penerima baku tidak dikenal `%s'\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "              alias \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "data tidak terduga"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "              alias \""
+#~ msgid "invalid option"
+#~ msgstr "opsi impor tidak valid\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "            tidak diimpor: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Perintah tidak valid (coba \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "              alias \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opsi impor tidak valid\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "              alias \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "CATATAN: tidak ada file pilihan baku `%s'\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Tidak diberikan deskripsi)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "file pilihan `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "Peringatan: menggunakan memori yang tidak aman!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "gagal enarmoring: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "tidak dapat mengeksekusi program eksternal\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "tidak dapat membaca tanggapan program eksternal: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "gagal enarmoring: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "  (%d) DSA dan ElGamal (baku)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "gagal dearmoring: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Berhenti tanpa menyimpan? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11504,8 +11842,8 @@ msgstr ""
 #~ msgstr "tidak dapat membuka %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "kesalahan membaca `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "kesalahan menulis keyring `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11560,12 +11898,6 @@ msgstr ""
 #~ msgstr "kesalahan penciptaan passphrase: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12867,9 +13199,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "hapus signature"
 
-#~ msgid "change the expire date"
-#~ msgstr "ubah tanggal kadaluarsa"
-
 #~ msgid "set preference list"
 #~ msgstr "set daftar preferensi"
 
@@ -13296,9 +13625,6 @@ msgstr ""
 #~ "CATATAN: Kunci primer Elgamal terdeteksi - mungkin membutuhkan beberapa "
 #~ "saat untuk mengimpor\n"
 
-#~ msgid " (default)"
-#~ msgstr " (default)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  diciptakan: %s berakhir: %s"
 
@@ -13417,9 +13743,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "keluar"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "  (%d) ElGamal (tandai dan enkripsi)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/it.gmo b/po/it.gmo
index 14be0fd6a0312d733e9aaf67450bcf2ca29b7f95..f60c5c03dec81d8cebfc2ae0fca01f453dddc351 100644
GIT binary patch
delta 48672
zcmaIfb#zrnqxbP0K?5YX!%1)nZUI7qI|O%kiWe)kv6kXcoFc{DDemr0aV_rd@_v73
zhG%u%Ki<9W>1Ss4?D3g>5+1lme~b6#U0nBi0{=-4S7c1bNrkCOIF4Tc4ppk-WM1t!
zp_m1WU>%I<<2VyADe)O=9Op2u$Amawt>YxaKQJXO!?bwN#_yx*@muFOi5$muJOq@G
zAM;>!bHn)+(-EI;<2z9K&RSpC^tkICCjsdpNP$j%RK5zR^4efQoNnW1uoUrVe>+YN
z>USy-C{MyKsEm6t5q?G$6tux{7!W5E)#EU0HB3&t9V*`t>tELGsFApg>G8EqPqxwI
z&yVq`->FU@8@9xZI1bhGjTi^7U}AiL8p>}rJ<TQ>M?4$G#iE!5E1(+G3{~*})bsP~
z{mrO)PNAEEz<UDOF~Mfj(+E@n6;TDY#b9(%1<gS{x6yjW`qUb8iy5hOsC-4NwJ{m-
zu2>dFY+?L0cV|e@5Z^^r{L;qbZ8cMo0+pT<m9G*O#k!~-PQsM91>@sC)(5B&`h*!U
zV4LHl!Q2=dqqZ^r>RAI4s$zds%Z_7yOuXI9aYfXSwZc?53RB<`)bsl=1n;356l;gc
zmjkmBuZX(e6C2?)9E$H<0(zj|PPQP<K~;1c^+2p$=7H>3o%jgMh1XCc7jL&2p<vX|
z7C=o|RU2<@@4MECn1=gHFbds61k{t{drZOkFdp$%m>RodF#cg(k730B!OR%6*K{BZ
zwT2pFCLD<=aUH5*Cs7@HVABKlIZg@f|7--pxzPy=;&N1j?qFX0j%sn<{bod}qvo;)
zs=z-{4cueX?_db=*ayrm3Pm-j8hY>-)D%v~MB4uwZNf2cg5x~Iq-6MpT0BV(nx1CD
z^u(i3=R*%nh$Ao^&O$YG4=Ud+8;^d-q-Q`iv=piVt(8vw&JY5TI2SYGzo-IYbFQYv
zoR}P|Voq#_s&E==uD7E`?3}&-9MzDtN6gR{Lx$R^gWjIo^o{6hs7?`3g|AT+COgV`
zkA+Zk*Bn)0Uo3>PQ6qE_)!-MH0h1mx`NPpeyf((cUKof&ZG0lC!E=r={yI>$kr04q
zP^<eos-=O)joC3f@$#re*%L40MAQ^@K4Io~AnN(Wm=7;uWsG;yamrysjOF7v3os7x
zRi_w#1-6|s4LFP%y7O2Z-(YJjaN2Rk;!I>&IH6}8C%W#V8uS@80?E%(0Y;!!e|gl1
zw!(z?D@Ma<SO;gj1WFNjkD*xfoasS(%t8E5ERRPp3KN|-2TCi<MtmG*!foi?HK+!C
zM|CXqKc?cW7(~1nYU-+D40PKNh)19^YAp;vWt@XrbZap)9z#|57S*HR3uf+%qeiSP
zssY0=5za-8&_>LNJ5c4_#U%J086nq6a?!LX59Z}Y1ysuhU_Sf}H8NW<D?UUm#zdFQ
zSzidXtty~Kq62E=CZg8RUR3^@7!&<jI9lv+F_!j!9s&tTC~9v+VO-)pP!$hB^>7WU
zz*DFmJVh1cf5nVg7HeTt2P$F&)<AV+0v5(Ym>B)8GBVWfBqyK>B2jbK1XE&vOpen~
zL%I%??+_Nk`>3h&Tr>G{TFavv*aB5fA54mqF*dG5jmTznH8<A?Xpa4_o4E=_4Pj06
z$04W&{EiyJnW%~vVnO^HwK$(*0W5aIj9d@YE}Dmtco)lJ#+zoUJKbdb!$_D*LN2_D
zMKSIz-tkxg^}rO2#2Z))J-5wbY=Ys$M`9T~jDZ;RubBc5mLr}Svtw7((9gm&xc*<)
zJaCo-&H2Bm0$ySW`rI)?mL4^CIZ*|)N4<UrqDE!{ro+XkFCfS4{p+ZTUZU1m&|Q;1
zJ!)-*xdhS^XoDKsQK(fs2{p&tQB(8|H6^L<nO#r`gNgS-jodWMh(}O8eTiB-Y3`df
zPzaS?6SW2gp*rA>B9NcJY*Y`<qgwhAlVRKkW_4%8=)?=+QY?lVp@%pX<2*D&y#ST|
z3^QZ=N2Y^?Q6tp^OJjG;t^L1+fQIx5rbge#<{<H)dQb#4gtbs3(jC>n6_^5dqbj_L
z%Ksg;+LJ#q73RjY#LM7c*cw$|jHenI=07z74MmtYfrV$|ZBYgGMO8EjH6p9A1Rh2e
z6z7>)Ga;zC&x6{2r7#0Fz!*3P)$rly!I_wZ`kfsFv`^1t4t$B43eR)LsgI?wG0w(@
z_zl(L1~2#qi~~^V7f|{0z2tDgvDOLbAwC5)C7V$7-9lG4z7kLi)4Vc^BP03}&y8wv
zK2%T3VLWV%@v$RnWL#8%(@`U~0hRw0>iK)95&47~!T7JuNt*RF<FA6s+Jt(j3_Vc=
zjYU<k1T`}IFd@Fi0F3d*oC67Q81V?KhX*kh2ER2u&xV<ZS3>XN!${&=-ZK9A2z(}?
zFy?w^=JqEHBfb(f)DJKf2D~=~WJVo4olrx%9JAwj3`O4$rovpP1FbG<5l%vF)4x$2
zyXq3iM&Lc>#&jP|g|$!x_O|f_sEQ6@etd~}Fw-Z~p!%pO_zP9uHq^*IKsEf6jVJwV
z)>anOh`5yrBqGoQv*HNMiGQPdeizlFm|skK0aU)$s5LVlwQZ-Ndbkm_>Mvjx{E8mT
z^wp%7Lp7`umeKwnNI)45qDJ5Ws(=*V%r}@wj7z*S`eOss>TZh4*AkQ92n@nGs5P<{
zwMGu08g>R};VaY{82??mw3I*>5>h)p-iC}p^>`JI#cQYnI{Nr{=X^AlCw|n%6Z`sj
z7gG%kCw(H;z%y73Gy0kIRyc_GJS>VC{C%AK)bBJWPz9%AExeCP50B>K9m4IXhTO*%
z*ekke&=m|O{uy;%q>f=4UL3UsI-{oGPt>B@Z|^_B+r(4wdmNW%ov#EMkl-KN6x<XO
z6Ca4la58GnR$(06je&RqW8!sGzWbO4odA=b7E=<<jA~FR)S~W!d2wcdkLz7Tr%BMN
zzJ!{yz&JkMwU83kkjkjl-vZU6QK%koKoxu$wOFIaHSsK{crDZ#>5U$og<2asF#^xV
zbxnqZ@qE1dF$~qiny5w94As-#*57UVRMhHUg{g2Orp9yDR~VakP@s?Z;7W<=c?DEQ
zdZ7pZatZWj3U;Fkiiq#yea$vREy5Po@tA`6PE^Y;qj#4iFh*id(p%g3WYkD)Lv8PS
zm>fT&8k#tv$?xVRkc)&CsJWYHU56T~GpM<}huVJMQ6u7?$c$7XRK8#g#{8%$t7Gkm
zdVUD1;u)xS$QGm=*Evie0ST8-J$iy_ae~AqJrl+vUKrKGQmCQrj#_*!>fHDp)qyRj
zHE{{+VYDPZP6up)HSicJ-ILVE`Ca?04}oeV_$Bjk{>56@6T_1GIPGyYR>YJke7s*W
z+o0kru_S)N@>ndTkN2SZ9o5sx=)v`<4xPtHe1yd@TPhzXpZ0l20xfYaw#FE#O^-UE
z*1%sFh9^){6*G+)i7?czX@}Zovr%XIR@B?_U(`q>NNcuRG1LfkLp?VhT~%<9KskJi
zNwJv6EVkOHx$KI+<1o}52L=0hzqIB-t?D|cd_z%-bUN0=zfl#&4l(CS7TiU=JZj2g
zr(^%OBak|sY4I@B0~=5o&ZBn4160M)(wlfD)HW@JS~Jy92UIV6e>iHJEkrf&B<gMX
z#ir-XVCt)z!S(UJ&4!Vn?Xng%H&;;)q{(Q`?rPSts3|y(8rpBDq0X9#d_H{nKuy7v
z%;o^viJF?*)^DiYkRpqZ<H5Wx0VUK#W$cKWis7i9pFs~kM-6RIR<j7Rp<ct?umH|P
zjl?<BTKR;$UY&f|%t-ac<ivl+v^W>lL3a;<Z~|{pi!pC@AEz6x!(x~*)GWqUsC-jU
ztNlExqO>_!#aItDbz@LR^9t0+oW=-ra{73G(GiJ}M1RH7+W!X#Xei_4G8GlVD#Y8P
zD%x!I%WdvgMlD(w)#DYYeSH=SW2QVl-an{lj;eSTYDBN2p39Wiz8kQdy4;&U32y90
z&Aop<A7?n0K^1Tcy+fbh<jaOyE1gjLf2xgNMfEs(0W)&>QA6AvE8!y42)@Chn5Q5k
zLH$l=0-CGUsFuFRS{PZ#Y_rLzmTyHB_z-pCr3y16R0Si6Peo1HCDZ|xtgvZtOVs^E
zsD1wcwJXvTVam0LDiSD&JyAVaiOO&dwc2ABH5Nh5bqCZBt#eR|_W-uQ8`v95vK7?8
zZCD?l;YD^w`C?|OLn6)8Rf%N(YrAwOL32F=H3IigbD6WakN0Q3_UQ0`^H2?(U&5^7
zvlxx|YxKj9sH68Q4#AWqeVqL`8`aTPrOY>>ai|7vEXDp$N8lj|8rry}eVkDkiE7Ak
z)PqUNn7J#C8W9(@`d8cdBMc#)vaG3~7zPt>g<7P;P$RkmH3gSZZ_yyPoR9Zgs|VG9
z+}H$LVr<-JJ!!pcy^EQ-|H8(TmpA#-qfWw{sFzN0)Z(p;I-<LxUf07g2;DyksG{W<
z9XDbu+<|fM5Gvz&RK9x{fG<(6<FBX@39Vp8vN0ASJ{UE`TTzShDQcT$uV_YcATkoJ
zvx9&Z)f?1_m!*<fTxC$_!cVB4PC*?oyHJbn2FAk=sGi2CY#N*j;}Xw;C9xoCjrB!!
zV4l6d5<|5Aw-NAg;|6LiI91GcOOHB|t6Mvv_XiEsBAjE>PoWy}1XaOj)R0H7Y8o7j
zT9lEfHPIM7I1p26|IZ<y#j_nX0ylL7zhVhY9%Tw>h<ZKuL7nA)pcd0|)ONg$IwxXO
zGY!a(DkloHwmP61FdH>ByV2Dgz9yi>k*>PwVHj#HM4^Vf4r<7IqA!j`&G8?o1{_5_
z?^DB!Oj1-s%AlsMJ8CLt+W2AANWQAU{#OC9YMQrL1ZunVL~XwrsFU$7YDlx!GCe4Z
zDxe)|<OZS#=b?JM57pqCsG<Le8rh_^%{I)3dcIk0_P+|~O@b=^6E#%3Q7wLhT3ntw
z=E3}^-O$|nGwS|O)Cf#NRkR8<)W@vPP`f0kuBop$szWVZ0?H^g5_3?C=mI9d+o;w2
z7K@-?J@fL2z>LKEVOE@ns`vzI`#wewzD2E-B=yaR<ifPX%cDlhZAU-{!mp?nO+&SG
zz0GhJHH1D5%!6rB6-A)Z8=}@wAJpPpiW-qUsJG+=R6~6lni0y3T71QjhPh4`0$OAv
zFfT5_0(cE0F;OG4*lM9hXbftK_Mx`nd(<M!*w~C@Rn$~=#b`JM)v=kV25v%i_>@=n
z-yH%Pq7SH{NzlZ!G!GUgUJkXGhM?}xu=lrF&sZOzrtBLkU;L(Kt>i|PUjnt(8rpOh
zy}$n-M?gK_i0aW})ZC<KW)7qRsKr$uwe7l~w$~EWP+mZ-kyy>mT1bjTiI>3Q=%Pkw
zH)>=bp~?$x!T#4aC`dpVs-RYVFVsmm4>fcLQB!mq)i9ryX6{pC0P!NIMO+rOJKCXo
z+y^ys6H(8tKuz6Y>z9`7e^r#Tl{uqppcYqO>r_+$f1~E^1ggjPPz_Jk+B7gHDqg|b
z3{_!oRD&j>o?n0}Z#(LB{7-AwEEc~urbk&&JuQoBSZmZlGy>J5v#2?IifTwuTT^fe
z)M~Gf8i}E(ky(f_aV=_ux1zS|9n@3@y6sE@ilMeqOH|7yq6*xNdV4)a6`ZiW*`E1P
z4Q-9;*{`T=HWM|1`_O~8P*dvrlc^^MDt}E>2i*<?G{@sm`*|6vrH4@sc!heor0QT6
zO>xu#RR^`to1<2JFVqx_Kz(nRgW3fvQRSXMHS7thyjUH*4RW0vCg9XWwWtp&<1Ew=
zZ$<U|DS9xllj(UbR0UO0Bi0!U;0)CMK8xz<eN+R!qlP|pXOq7i=F$7V2LWYRj9MHA
zP$O~!HT0iQa~{&gR9G54#9N_;_BYg2tVM0h)2RI4QF9#9)l5w_R0DdW%AJS7)bAW6
zpo~vZ4M^3^G$21}M50hb)*ZE~r=d>5zfn{47&T&ve>VB^pem@1s&D{mN|&Gq&!9T^
z8eLToue<449#qEaHr^MtsQyGXU=MnS6g|Yhqvqbz!_0kN)X`f3b)a>z@%c7>1XbTR
z)NTst$^KV?MSGeDYodpEAJh>3iORSGHK!L*J$_<M(#!Nb5<R3hLX|fFgK;t{|0a9?
zHfqiI^)?+#*PH#X9#<ei8GlASI1{xdcG~zg)YN=OO+m6>%r?x2S_7?6&y7djUxyw%
zY13bzhCD$ZQ*kKfBVN-bpdlHKDrg0&g_qESA5lF@(bvu`YO&QuO-&C}!82_7MpQ%p
zK{e<(Y7NBiXUZvx8rhntdfZ+Flwk_0z&)q}AEFkOe}6Og!KjMMpzgOqRWJ}^;9LyA
zrPd9o5!{11*lwbxFld0ummVp{b#f8V{;i10*c;Wt#aI!Kq83w9J5?3YyBkmqo`xRW
zW$)jz#vW*%%Zr-YHa0#U)sg*}LHqv>0Tmc~kQut1sO?h@wVJ!2MrblB-)>aJ_iQ}w
zU^7yAP~V)YVksPm8lnBD^6sNXByfmXBcT{V{Z4rTn&S?r6K^O6;s(^>Jb<eBxlK<r
z)bt=dYR#0yYS<Zz;BJhLUojH>e>FdHl}5eyhoI(u8oFAon+f>ic~pxpV{H6_T1+v1
zGehV>HM9aMUvrF)Ls4h{WYiq5KuzUtRJkuvQ}7Oz-!sgVpJy2R-$Oz;3EBmXQHyIZ
zYN%#nIBrGt^dst|%<#Jz>Y5mn_^+r2j6s#Nz<L<HCo5_Vr5bJ;9)+5cZo^qD8iDB~
zXlOQ|dT<Q2`fs8N{EF&P@Ceg`YN+%UsKq)AwI-ILrtCCo%08h+EbT~RLDZV6YVF|?
z2qWQ7EQIG#55^m1TACM&5wC@+U?RrAt*Cr^Q3XD*@pz-{QH<(&1=L9Xg331q^^)3-
znp*cU0rkv(jHw_WYD5~K7D+GENK8R}cUzC@(S6iZeMgO0im|3aIZ)-*Ks`4EmH#h$
ze-moxuOVy5b)t<k1!Y1#SOV44Zm21lhMN0Ts2*Rj_nq-3o(a|9N~nt3qAD0@U5skT
zDJ+LiQRhv8KQwjhzZL}Ik?<SpV3>p|Xub6qYEJK<3W__yOifnQ)Ko%09Elo<vFO2h
zsB-pMucEg18&pR!PGpL-|0@zui~8UgT!a&`z$CM}kD{jH9I63tP;(l8vRQmNQH!xU
zdax%lw9XV%zRjqqx_}y~SE#pYyeaH|ooty2Xi?O_033vB;b_!Qu0;=CMlGt(s42-h
z)$Hrqs0Iu~HFQ3zynU#td}Z$^pJo<eIO?lfi)rkCeUq6^g694dssLxY>6r)BfRd;l
z{DejDH`GzP2etiPqgHp4KTSDBQH!+$YD#9KMr0kToby;1U;N4b*Ntp5jFnMy-5J%x
zsi<wa4^`1u)D(DTn)i1&YL2_1hI$05;>D;QUO}CF31*pXUKG`!o~Q$BgiD|jfjL+f
zpP^Q1f!XGFKQ3y{_Mk@Qx{ZHBef>`Hm)RvbQ4J_<ZGmd&AXJZMp`PE2TI82d4RAjY
z&_NJ5$7IZm%2*PW-U77^`=RFe4|{(DYDE4)&Gkprcfm|^%@h>Ig2daS*34W~M^2-j
zdx|vBb%N%ZgizFCi9+p$UZ}-6AN5t~B&uQl^G${6QBzbMJvab0b+b|V4xt+S0M)=a
z3(QZ+g;5<Vhe@^nn-S2Q{DK<7(Ws$WhU(EC)R3J=jl>&_g|Qc!5le(BFehqTm9y#1
zQ9pe4NA-A&y}t%E5=Su=^*i?oXf^sTGK(n!^<W*;>Tio$MB`9%z6I5=llJ~?RDrP<
zn+9Y=Js*jBz8b0nzn~7fsi@}{p&OIH76KZ&y_g4|pn8;ciP;r}&_ldFs)v2i7bl@c
zY$`^>4XE!8+fXBV5LNCK^q~JzlRpC%C0=qV`(FhOBtbnKf*Pt7sMUK4HJ49qdfa8^
zelApc4b&X}jNZ2!YKpd_8g>@d^OvanLCeir$c1WP<K?cYs2d6D`B==0dr*t<9jZa8
zSD2xTL_Js)1F;3F;Ga=bI01E@oIo|;1!~ITtu$*T9jZaaPz`S667VN51U0n3qbit-
zdT;}3NROfpntxC)k!Pp^JgZCt%Ak(y)~FF3iR!=@)MEV`HNrbl4S0y!6>iMcW*Zei
z70?_#I1IH07Tfr4)QNT*HA2bPm;x%J7Fl1^K{F5I;11OOKZ<II-&$i<)S9S<jGXKA
zA)tz;qlRo9s-n}V2E|-wR(B{Wy*z4d3`7n2Ow<~<h-$zWEQ3kcn+7&Ujo>KME}4QF
z$#veiOABqneN+M8QHv<W-^N_1HBbgMWbM$q*ib{c9d%$`Ma_Mz4d%!5Y^dj&p+;aR
zssYPT9Xp7LsNZ=)Ky&Z2(Hxa2QA1n-bpj5+*0=;aV9+Kr0{u}(>vUAbhfxJTMt#i=
z+H4ke2x?8#LXA{iRDJ!>)#{y0KvS>*RnSS)0r3(wBK}*<{!WYj#514{lB`%B!%#y$
z1U0lrP$P01RZiemQ%(qK#KKYO4Y%5#|2x|Z!%%ZO7d6*AQM=$BYUl#Cnbn>N_5Lr5
z+6}!?JzHu$fqFN*LNz4KcC+XzqI%xl#>Z@D|EtFvNznekgqr&}J8X+lLmG~HusQ0B
zN<UOjmZK^-ikhkqsB+TnG*eR>75^2rb~d5%-9vROzPrm5lo2%rrBN9gV+<UQ+7;t5
z09T<0x1vVsDrzJ?q8gZWw^?kZQ04uEYUohZxiSxv;6_x(-4g`V;}@tFM&DzGI3H@2
z*F?=#ADccJRlo|=NbJM7_y#ovzI$zlP-~~OwW&?-iz;tAlHYY!5KzlcqmI<asJGW=
z)Gmm#&om?wH8QPjd^~E7H`?@nQ5}i5-}F2^YR!bBwqHHeb{vR0faYOBz5kC9P|t5-
z7{)tbPPB69A>IYGs>fqAT!LDhtFSQMLk(^4L9-U}qo$-eYJ?`BMr<!?&M%|3?Q<-s
z{h#KL=~->mjX|iRb2S#h2dDzmA2zGK7Ak!hs$qLkBX$KfWlvDsGr<va<_DujvLdSC
zE~?=h(A9%438-bhN6k^06g5X7*8HfEDTi82gE2qOL5<u6)H@*BG4oX|6gAY%QRmCA
z=)nc3kvf2S?(#AAe@p@~kDC)KK58wbLl1_dDr$_{h7(bXYBOr?&!KjQbHbPgm9HqO
zLCsJjHyrcf7SsqmN9~@(CtZ^<&q=db>Z2A%PmGSUQFFHtOX7CaBJ??B7Fl*w{?e$5
zI-wdc8&%OhR0ki~_-j<f$xoZ9F5nW-P_#l7JORhy4phNa&zPR}#<IlcqY8Y2I#}MK
z7Fp)Aroy_Yqj&&nJMKqS_z<<<qn|VJ%&4{ImL{MccDFZ1qULTfs$oY_6?{aUbXm@u
zFBG*=`I@5ls~c)<tUyiCG4$Yl)Re~j$HYTW9Vm%3%ylXeP|Mn(3LJ?lXeDZu9>?Ms
z^McvO6;NxUD=PmY)Z6X|>YL70)Z)E|Izd088sKx$bTlREoXCS7?f-HFR8Tu_0$&tR
zt9Auy=#Hay$0Jn3zM~3EbIA;GA=ClW5S2az)qt5cz8bYQj-UrW+xw|5lVAHkCjrfU
zd8~!qQ9U_=s`wmgpFc#M={{FX1u0PJp{RXb8g=6JLv>)PbrWh)UPKRmMV$|6uCo6%
z$Dsr?Bn?n=*A+D)qfiyDLN)LZs)E<3kqEqIhBODNoYJTf_!+hOM`IjZhnk9As6~7T
zRc_FA_P>TI%XQPTqNv5z2s7bmR1g0~4e@b%{|##OroUmPs0OM5T~Ld37OEjfQ4PI|
zLFj+ebRaRR+}t-^bE7;7YDj(b#g6EQU9dEE$AY*8HJ7h!Jl!pm-T;e{J^|IxGuDr&
zj(BdHMOqGZVAV%8u(wM<L-7ZyMa$5Gdr{l!4(jZV_pe!OB~U}#8nrk_p(<EnJ&k(q
zBkF`qcgL)as;CNoLl6Finre490WFTJ_J+@0vv@*K1((1uY>zrn=35V;3V4EQP>g$K
z>OxUN-Uzh_`=QF8VdJ||Q+x|4pTGZc-wat8HsnTAEQ{MwQxffgc_}4BO+`A?6tqL_
zj_IfhSE0`M6Q~OO9-2j*7uCSp)_$l4&BX}q|APcPB*b`RdYl=xxS~*t$wkfma@3K0
z2eljGJ~jmxLKWB;>){YAh1XCW2zg>gDnDvOqfk@b8`Ek3kFz({qvq%;Y7xCd^(^&M
zlU@`x=e1D{_!(8;EK~yyptkX2R0TfI%=S!<9^$!Bi?14LYC5C$@Bfb_pm)GhR0DR~
z_!ZO;zd{ul<GFc%r?uuqEw-|#d|gou{0-Hhd8m;*gew0%>RgHU!u)b8_Y3yF_HB0(
z)T6nm2acn5#TRVh!+ZLrdE5Q+%EyT$eK}?!{VA&Aq;Gtj>zExC4|r=j;z3PWVbpGD
zfjYp(q8hsFE&E?{bjT)L!TiKOpbE<I&P+u~)Hj#*s0RmF|3vj{6RMn(s42K@?|;B>
z;)&mz^PvW6JO6=^c)%r~9>@6L<5a)`s4p6WPz~6Rs_-%f;Cs|I^!sQQUnbNVsEo?j
z!}<qmd#*yQr6Z_{U!oeE;geYdZcze(Bs9cG?105^1!~_vL7m|lKbtAZiz=`ZD*b0v
zLkD6!oP?@iK57kYMNREZ)EWx-Vit8eWOunv2?8E&bViNDI8;G9QLFR>YUrP#dgS}n
ztm4$xA{b11J=6&FMKxe5YB8@u&G}&)zl+*c-?4%Af0}QmXMIpZJONelY>bOLQ57FY
z4?aNUi}l^d`?p>bqbg{PYRF(z{`sgiu@m(L<qYaPxr1szeBLy%sh`u#*E^&|unF<z
zSQGbPWlZYh>)mFpP>XXcY8&lGRrmlk#Ib#Sy$4l()VA!1YRDASPswXhyWkFX#2`Ok
z$30D800BJ^<?rkLZFe8k2&_XbuCu5IK4SxH7tQ3~kDAlxs2;|MZsN&NL!aAP5w&Pr
zp{8;;>L{NX-PiRN_%8{XyNDRR-fy)HQSa-qsG<4`b%yUmo&9&QEGCKR>;2}_7`1jL
zVLsf41@R;5`P{M0NJXJWt{ZBbPKxFFdVhnljD+eWyu~Oi7u)n?8fx3DK^>iUQ5E<F
z_<DCoAuL9`8+!9$5#>XTTyPv;?*UgHb-x#Cq?e&~$9b24hVT<=4im&R@o-ejYoSJ>
zJ8JHJMde$ATIE+!L;V`HE#t;B1?NMZBlS@EXIc;0`>(BTvOx1-I7X1MC2A<=V<?_Q
zwbUobOhHD}{Yp087uC=?s43iqTIJVldhGbV-t!>~Rw2C@YHf{18qUxE1T<6!Q9XE$
znxiBM%ut1)-UTgCXL&y?g9}g%dt!~B(2P(4RD+tM8Zrpu;7Zg;ZN+$a9#d)m-yxtW
z@JZzB-Pg&n0Pzf{9yPT7f`y4sMoq<OyoFy;i|IyU)8MzLxlWtJEW#S7?K~38<4w%v
z!>?+R(lF|G8YD9nx3zXh59tF@i*gRO!#6k@8z=X59^ey<j^|UDskw@pGT)TG-h(F>
zDqa$`|GT0(G!J9rE_8n;aFl?CG$NI+_p8%y)(xm3yoZ%AVQOFRzmn4wHD#+&Q*sft
zzkSk}DanA^t`#sAc0mn&A54T3QRl^yH0*!P#a0qDghx;X-bAhLSZU1(=0QzK5!CkT
zhMMD*sMUQOwPrq`Do*J!JuQwgi8n@_8*NaFZz?MPCXZ_lhASj!XuhJ}*C~Qc%j=>l
zY>wLZvuymVjR%I96Ri|#i0h)}euQ-gYOTCN?V2>{Ou3a&=Rh5ofaYQls>h>HLpcvM
zG6zwM?jQ7E{PgA^%7a?8QK%_ui+b5ivMxsTd@Jf4*oR>lGlMzeOQ4>2`w~z~CSWjb
zx8A^%#C<ZFkx7keU}4m@tA@p~C+dLOgdRMMnwm$b3Swn4Qy7fe-bGOzYk}13I^76p
zh-O$1p?dVjWN?Brn<1-+s;CyKXRT3-sWVo^p;!^mp{B}{#gtPEixD4;k+>VRt9-L+
zcd-9z5r`mR2o}V>s3H4|bul8Fxjz-P7A~SHNR-{Yj>}^q;x4KIn@|n&54GnBRv?}M
zwTQc*cEch}ul>K9fQITGYG}Tp3W%G-JP?A~F7;3i`w2Bdt5B=?D(dC*1+}VE<TNK{
zII5!BsPrzVDV$*MFGW|YaxVdGk5{Punl6{w1)-=p{t0!EtU&eP3hIkUg50L!a;Qbx
z8np}N*!Wpg#qsi(?VTI-qgh#0hkE5<|7+h5CqWg>MlG&esF8@C*NjAB)Cgroop>ei
zB9=!L7?RJ|nS<4_1-?O@3w86G?KlJ#--s&bHkQCo`Pu&(%J2eaAGb%fcmQe@&q427
z4bu_7hFU8=1x^0qsC>0h`@Xx4FShp&qB?j5HB~Qh3C1sEcGp&yfKIFnHsLF(!sKCQ
z4hx`0q$(<3cT@wXqgMTP)HaP<*gTg7gNc_x^|UQ&%?!i<+=mJA6l&YMcWgquB4+=F
zU?ew6qW0@hY>CUTDFzkwb(&#U)QFtL#`qrVVeN2V@89`ajsC;~iurnf_Y;IV+LNKy
zQgNh1uG5)-S~3asz)sYOxDS2tB&vsJP(6Q!TGjC*OnNp{L&{ozLXE&!^xzuwK9Bk~
z{0vo2tVo?Z?7!>;G)Hw&E$f8ZPBTz*wgpweWz-yhLk(e`;$}$8pms%dT!zE33Fa?h
zcGDzOgJz>Tx*MzEW2{X5PIyVP8b_jToWR=XDP_Lp_QGt$ccKR$qw>WmZHB%vh7sS6
zx$!*~#Vlpafz}!;6Q6}D=Lu@jCo9YTSIbHh(23RtbyUtk&D9lDf&S&pA}oM9FB)J3
zj<6m<os_Z5n~`gQ1&I$rjo@a~2wp;s+*edX;#Xk*YhQ*}FjLSL)sq3J17#Cx5x%zZ
z6ctUuwNO1AjWO^DY8#$GRrC@y)QKyZo<^W{Q3up{F&;JLyDPa20f7r7XwK_YHU;-U
zeZyIcdg)xYK1MClFX)FpRZPBUs6`oyfmjx`{pw%<c1AU<FJ8deSPFZ&Reinxd!KFi
zD+$q}OiM?ihI%!w#v7;xj;m%yXeDY+A7CUFsBV6w>V=AL$9nk9#_QHF>C<o^>6fuQ
zx(#ZY)w=+-kFR1YEK<wY>5p?zLz%X=ud@=%V?X?W8qywhOv9$5@@+y*>21^;$E|A&
zL#?q^Ha;B_@%ty|0D*))EVg>4#n0=TldgONvv@kA7UNiqkDE~Mh9fq93ALymqZ;%b
zRdM=;X8T2<PSpCSx$lKq)Qd2`CjSxveW3_!WZrtoP;*`zH3e-@ug%G*o~^+Aco9`m
zyvAlq3Zw3KM|~fdjT(`QsGj>aG5HIk)<z2~qs7;kfO@zGli_33BJyu)GA2UxJiE0R
zYF9*|8s5vs2U-`QdU^siQs1yF#%*RAS_^g1jYU`6W;=mdOu<!Dyl)Hhnw^g7!5mc2
zj-u|r!*ZCor5W<ZsC_;J^*v%9YGlr#o^x86DaeM}1?5m3=+KJ&ueq2&LTTJ@Zv?b9
zM`j+>wyKF5p-vbLr=X^2CTav$qDE*V>a0JE`UZ8^#y_EkJV_g~SaYDBuhhmhKO8n9
zK@YUYJm{h-UW-~>$1pD5M4k1|FcxNLYZ{OfOA;@H>Ty5R5HCV)!}B;6bG9>Y(Vf_i
zxW{ep>#QX(0vllXPrlAqoQ6YiN(W!(XH41AyjI7e@;$Pa>12MmoQoAne~+5;lAX;I
zR7Z{60MsI0gjH|{Mxh(Gi}~u+7<B;sg~KpoSMx4dX?==$NzdNRtp28`RXrIC;!)IE
z@%!0~KqzW0)J2Wxa4dn_(1YJGOz(eBcXQU)M;$zqQ2X^WYOy5iVWy%eE+$?ZbrOC@
zZNt<(&9<$9dTu;wajis+)Oqw^?q248bv#eJGX`q^m+tNB^dO-Y7R95egCyoJW;=$W
zDlCI)P)pRi;dj)USdCikJ5WRX2(=r0`j~?z7&THgun7Kc)AwNk?f-WKG_;|8%}_PN
z3dAR(9=L&JFl9gUHfxRyoii3y@nO`We2bOY#@YMZU*iohi*OxkYHp#nZvcy4--NQF
ztFJ<(2?S$X^xz28YF>sK(&v}~;|w(MJXnf&Rn#0$M6H4SsMY@!!!h$9^Ch)41`ywX
znwmYRhCCd^{#VOm4mSHg0+$j06(?ivA!Z~Fp%zcVp{8NAQ6n@Rm3|kCW9DB?1KOju
z-y~G|dr>FgC#-`de)IMIW%TL4(X&b<JR?CvS!9@bpbct!%tAf*9GhXm-_07CX8i{>
z0tttko|Z!8pNQIKSFti?8)3c^{(^cpTtcm-1nx-F^8(nGgnn2N@8UGfJ<2rjC~6Lq
zjkY~N4f%9zfoD+LtiTwvX4+wO;tNnC^8q_y;jt#Z1S5&Nj|ns+kbRu_QaK#8ZLVNz
zEI8gQx>=~jcoZWr#vjJAsON`aHN1m4u)qXg@4s~13TqSJYvU;<nscQ$vgloBBLO||
z7)xV{NoI(eqSB{fBpyQbIM!q{=fzQrZ7Av;vI>8}TR0ONOfkFaBkEiUoyt4Fmv;?D
z5??l5Bg+1JLO_cp$)9G9N})zzK57>@GfdA)VJ06=JXHFQnP$KH&NA<U<mg9wI@I}*
z2?t;$ypBiFgG*<d`i^3R_Wwr$+7@AdnK^8Vvx!f@DwubUIq3#t4dR<nt3S?MvsUV$
zMrIzW;wx5Xo+&Q_YNYC--UUN!`f_yj+PpzPC)rEX*Y5AAw^QNy=4CP;V-jD7v2mOA
zAchb>gWBJ3F&_FXFe4L$`a+WlwcjH#B{spN*mnW@KM8>eB&dL;7z;O`z5(q*ReZ|c
zzhvWgQTd*sPQnkUhUZym4ziA@qkJruz+<QrG;opmVYW7Et!-Vz{#Qny#U^7hOhtSU
zYPHX@UPe`vWQiH#DAbhoKpmwsQ16J1Hhvxx5`Tep(SND=O4bN9f}>F*KGh|lm&roZ
z{yl-}iO(`qK~dB$Xn~sBKQJ+FL>(l@ZF=<OX2`Rl3NC>jj6yxv6}1K?qsrTDbzcxr
zPtvY1Cs`R(gL<J3oY`0p52M}z=~kM#E03DXW>^aQqfXF07>Um?7;~;N<yS+EU~g0d
z)*>V9I=4)~Nxj+(Wj$06x?>C+jOlO$CdZZNi-)iQ9>w~YX^rXOVARO0KuzI2n;x>(
zY`e;+-O?95+W+ea=*T^XmC>`#92}jn5%IaG3Y_((Aq`L?<f7KfB2<s|p+@XAYD822
zZAPFJD!nyoYR9488AmZh`~M4pP)xhQ?DNVPL3{}6WZR3{w{KBHoo1sMsTQd1H2~F+
zDX2xb9@W4zsGsvcp?)67w8@<Pbx>bOrlG5rogknVeZUHsWwTkO-BJ70MV%8<P$RVj
z>)=~d!z*twL*EzG^M$DGd>l10mr!dZ=2p}2^r*EFv6cO=1~el<t8^r$#nq@I_7rOF
z6Kyk#s}QQEEm1ukggRJeqZZc=)Oqp&wMzoGo1SJsHMBnJx!+N1VBvQ5zY?yKpp)zi
zmc_I?%v-7rR#8S&`die&5x&#hA7b5us=#NL=}1o0l-0!O*dNu=p{RORq8fhMC7>TX
zUf2xLcAK8&M2$oP)R6Z@HS{2A8{W0?fIVhtv!Kc;jmlRa)u7%seIcqrTT$o09n_S%
zfqPBMf>GauDx!vFDypTYP(%9~HKd{Y%m|c3ZLi^|=k{X)Ot9a+bg(M%x>yqzV>bMX
z%Ae(cw>;PBNkA<hg<7q1P#I647Ud_@+Q@d$Y|ALr;u(rs8w*iK>JijpJC8bg{STRZ
z$xtI%7(G}Y)uFyvNc;b90vf7kSPWAgHmkS+Y6J$O3Rr;J4f|1R;2Nr7>5iEE<uC>D
z&ZuoU0@c8IsF6E}%74wK`yQpi)bC^@z*ixs7HZ!PM>S{->Lj~?QJCzQDWDx{F^xg(
zl1->p{{>Y}!sF(CSyY3&VjLWf5jYvOnEydHKY=tS%)wI=RpAI5--~)FeMC)7_LIhX
zs3H6fwb*u{=KeaW;V;qqPB~=`urjEr?2RgC32LPNImQ0hYJN#Va!h*K40UeQ8mMON
zkIJ_Mb&#Ay_4u)k`<^k+r$G&IA=H{^ggP(U+Vo#h6)#1N^!_vKe--?c1RaqH&zcb^
ziHi3_4cT(chfh!=7JSYgrKlr%8kWJM*a#DxH*?<wRnbJ$^V?AQUScUM<o;s{>W`Y!
zov3~K5H(Z@E|`}_1ghdb7>TP<Q}Yrvm+3E>{2j0a@oA_Euc9i9f5~*DE^6COMXeq8
z9D$+)l3g|#YoS){4Aeof3suo$)Y~h~71QH-ScCXT)LOWK8mZ)0&F_Zlq4Li~HRKvr
z#st^Q2scI6it9`xP=Ff;Q5nBsB<8(t;@weeVF@bVdDN7}xnUZX2esc@p%&vWs6{*l
zE8!_rk5k_?@p|Yz`!TEb|8)Xdt+8&IA<l(bt*vc*3hH1vjyib0pm!v0n;zFgHGCRs
z&744$_YJijGyH2BP!Cn^B-B(Mz!KE&d?BEoMcgqh>xp`BC92@tsDhK;wfh=9#Jgg7
z`~x-gS5b>G)jcy}RZ!*jK~3Qr)MC7Y8lgD%+5cJur3oluIBN0iK~)&-f$4dE)V6Ag
zDrh)r1h%1`dymSW>!E3QQ`F*}i0bKXRKwn*7I&6MreW0|`MRb+610l9q2|i}vB?;T
zT7>OTBQX)RI1i)t^;1;CVm~q86?0+$@q!o!OQNPO3N=D5YOU<VM0oazYliXx3E?Ef
zdTM%77WH5+Y>Nv~yCm?LIpHdy8rBEZ(*>x8oIySJ-lk`KZYr*U8lefOk=twI-&_LP
z_c>me9@j<nY!Ir)vrzZXVsZS6T0{{q&5(9M#pj}S#aUDZAF%`Gdu1w~gIWuxQ6m`h
zwOPz=b^=<hRZuUB9;k{&V`4ms+J1LY4T}H9d~qm)daf?2XD&9zRahP4y){3gHN#58
ze?pyjn^5(9MH<YX|GqOVDT2|t(FoOpmZ&p)HtMU=Qq&?kjM|2uF)gNkZ{{={)u3wV
z!QQAIPs3<<3bm{LL3J$l2bItM^APZmkPSny5~je;sHqr%<!}*dHNQX=l<}jP+xi%j
z_;ghMdFVYkt&dS_C&?!>RW(pkIuygG-&sjO6+b|oU;&>^kFub88jgCP32LZ^qw;M=
zZKn&UMdy4m4a|wfiMB%BUxe!MDeFDdYx)a%|Nej0ujWf;EiBEAIjAAOj~<Nv&CFpY
zRDs=5Q!^9Q)5WNB;Vf#cME`CYo(DArHBlol5|#fDYAwC~&i+?{nfb+u4w7o9o{m6e
zT#xGU4b%t)`uKUz?mVbf+#WSTV^BlC8dctL)Jy3dYK`RbHTk1Z4e5@mZ;h|(=iRrD
zNYIc5`uTYepitDlZih;rjM`@FQA2mv#uNJcd3#(6)u1k@k(+4K*I93%IuH=e&->QQ
zff|9qE&;W8BPPI`sD1nz)$-)g{k-3J!mtGKTBwFhMJ>j|*6-*?Jbw&7@0ZUo)NZJb
z8kt{E4V#Qw8-Jsw#(hsf1?PxqTGSPH5?_eBv2`pz?~$50wrNm4R0C_GdfW#+ILo>d
zbrRmRMhh?%XGNu#M~y@$q=T+Ao`B|f4XS6iFdim|<L6z~!Kk^6LJj>0)X;50E!L;@
ze%`od?Q}%tn}RBDKkA+G4t0LyiDztyMYaDY6Htb;s4oVAfqvfATo%=^KB)Ais2<<O
znixIE&wDO3zzE{=Q3ux@tb%FdoBN$mQ?L=WxX+==`G!TQ-w8=zR(liF_8Ebin+>QI
zKgE)mHlZn?1!^cqqmI<I=)w1>f|DgOBU2RBpuwo}wqpf+gGn$Vv7h<>|5KYlD-!x+
zBmCD|Jc*z8XSmrIO!{+F#qpE+c~8g!sMl#VYb(_KUr>vB7HX~!B6ICLLXBwbWM+yA
zC-ZZ?8QPMd)j1M9xD>U>j-m>9iE448<fejb=pi13>Ty@p8kvM@&`FHKe^EWom%`8c
zE!aiXa{yKT-4yJ91p-o<q0fzKVI$N*F&g#7<cN(YNM#yO6*V>8Q3uIF)K{w;sFN^8
zYBQyUQSXXYs5LYVwarhX&XqeZ0S&Eh8ne&SqYj=()S~H#dKryCornuiJvfCy_#9QS
zlh!<+88u?1P($7Zli@H_NB^?%1DKMydxL-uiqF^tLp<ie!Ke!6qPEdGR8Q|<a!eg;
zEQlJ3YN*9K1T|HwP}}$bYP+6CH7It7pZ8b0S&@dhPGJJExKRUDKqFLz!%YTf3u=VU
zqNe68YR)sH^K*Q$JgPyJ&<|T<Y;2DjxgMw~8HXCFy{HB~#){tee|l3;2UHI`qYjY8
zs3H3Y^}rWY19E3D2U9cDRE<M5csr`1XQ&1RXEYTSL9KxnsB)&D*3>cd{{R0;l*#lw
z8)`q-!E!hQHMDn8bDuP`nadKWA#Q-Gs2i$bqfiIWHY|n#Sxf^fpw>Vy^x!yDgVvy{
zReqO13=GL?hAb<pg3_oj4h=B?yP+x^fZ;e5HB$eehSoouIiRwmrlvM(1nZ%u*hNk8
zaMU9HI~)67+u|Gv8u~cd%}G@nwJ7_c2j|)NK2*hzF$%MUnxX82I_dVH7TH&fkEwH*
z`#Dil)C)CIi&0Z?F^6mBEN)J-9U@WtvLUKLeNc0}&fdR?rHOw*Ra7FEskk|+!81`q
zy$@^RHG4l#Za?o2Bpp$UvJWcXB$t4OVkK%n9!IVAhp7D@kjLE5j5&yxMfJ2Ndgl<s
zh~LE$m^QCDXqsbf;?q$bd1=j>&orO~YE8KV2xzXCpnARwHAL4@LliH+nd6e!g?LvS
zh__MOutfn=!7x+<ccFH{bJSW1DQNB&MXiY*sPcOwZ$sBvY!l9)dhT1u%vE~S2-HHo
zHoKwr^$hgKMW}`^$2zzdTVu*FGh%~LYikY$;U&}vKSDJidSNYYmp`c_pn@u)-d-)N
zzhedBD^NZ8fO@MXC}P$`5!CK!ixId0HKcb@4Gt=5rlhd7Kk9qNE>uUqU?lZBX~NAu
zZ-Sc3@u=-|6g~JFwQUj=Gb0j-1&B97RWuQ`NOzz*@EFy@pa`=@B2nKJyQ3Pg6m|a|
zdjI|3B#|a#D28yO8ERh-#hADjwc5909K3>R-~-fZ4k~U&A{%PT+M*ixD{9EMp&E7(
zb)I~+CM?1J*S^eB!VGbJtVFy!>fqRoTIKgq1*a@&8deBZU~5#5Mq*q%h#HCWsE+uS
zGHW3NdWe@oJ=Y2~<s(YDX0gp7K|MKxs^}@|JsrEWxt|)<kSeGnd9Y1ik6IIVt?|m3
z9v4K7SPfK1envHH8fwZ8pr+)7OF)Y&V_EaPJQAxCAB-BpGpM<bRn8QgAEObkhC1Wx
zSSO<v)p^t!dT-5L-o$@G^?U)UVMkE!3ilBK4PjUXQ(+J5ax6pozt*f3&C%Nxm46kg
z0gq7!Sk_ABt5<o{wrgbLlWcqmMv#6B%VKb4ul)aiA)x)a1{2{P8^3^BJP)k?Rm{kE
zP(#@T)qt6(6YeVN07_id96+T|J?(`W;VGy!u?97@=diH$|9t|{NeGEDH?p7}D2kff
z+NhCmQLFv{s$tJi+bDK5Gqi<K4QOKHV=yD}b*Q<%Yz?Yzrm75vP`}fbfDVq4_QnPq
zzleJ6`qeN;b0C%^9*Uadt~PxcYEd3WRrDG4j>uipl-mJya!#@Fxu~^p99<3JD*_tA
z+_g*r?Qt^kzfe6cSlgsGK`qWnsO@$awMbvv`&sLlcScjJrhKRd-A7GD>bhnM!cn`d
zX<a|_@Bj5DL9fGgsF%<&)T)1k>RFO{X3oo@;yqAvxCr$U+JYMT>!=}*Ti;AkKGd#=
zLT&GEsQaT)BeK3e`(Ft=Nl;Jkq4sCI24>$DLcPZuV+&k|swinga~_mIy(Rl#VqArB
za6jsRIfI(Qho}*Fi)wJ<MrMtLxdgPDYoHo35VhzQq1MDH^x$XIqD<A;<ST$Gu#t`T
zM>T9dYG}`*8uS9SJ)<`<Ya#=x{HCZ8afcJowwRBa%Y)bzzoB~4rKz9y_jUbI4@^Q;
zu-c{{x9NAWDCtf!)1h$G(cT{Qec(@2`6o~vjn>?|?Oi830WHFC)LivLt<G7f2lt|;
z<{j$0Uz!$X2pggrJ`mNgd8qt5?EROhHI%reS**n|Ch@9R3+tjs`+p??EvA#GA-|0}
z>*KaE`@1-5adt%w@d#9dH=}mV2h^PAZf)YVP$%RV)X*P6HS8g(!KvDqwH1LWsNZQt
zKn)m(@o@tB;sW%;#aIECV>x_}B`~tBIS+<ldEy6A`Qo=T4Q+^e`HVy@(lzM8dp12r
zd-lJEJd}VIQ&rU5c1DfFDAXKo#7KOAnwl&>nQd4FJ;Vp1=5!9Kr-x9B`ZE^B%pJ_g
zv_R#Xfg0hx9oYXGy7x9i%8q6Y)I`mBPt=gl!q#{kHK+MHnfpyqL;O1`eG%&AbJpGu
z=xkPdUQ{^^QRR+AP2sxEu4(Bj64cYQUHrVi#g4*?#8;uV(Pz|dh~L$G|4)NDh+3lF
z1(Q)dTZ{SelD!|;&5UGm)avhmI^gD^_Y00opfm~hQ7sGo*({z~sMS6m)v%MOp>(>N
zp(}zaurunb+Cu9&Y(U(%hbgx)YJ}#a%Grw=p*N`W#LeE*oOoqWH@ct)7o#3HZ0~<U
zO;!3{W{s3Xt@2i=m(d*5h+IJx9JjaGHJLCe@krF#sf!-$Z*-km1hfcuqTc_vPzAh0
zZM&dfOnMenLB%j3*0#1sE!F|3=a--dcc9k94J?BJeatSaj;gN}7SsM8MnH3R0ChBe
zK@Dk!zNVlW=%aMLcje{;Da797Pi>sSeCn`2J4NRwU+zsOyo#`{H2(bD5QFyuX(Py&
zNhc52GV<Ldt$+&T>ZbkwmCOame4iVa31{P@p&dbCqj|U$56venBYArA;BH&V4&uiN
zYm~ycA3$7J96Zf)4+&o&{{`}VpbTBr4bCO%dQ6&oos7DI$k@de+}E0mOzX*1+GKIQ
zS@)85kmq#la_sZ(2e8M9M^eTH`)oAi-!E}Elf1tNnoI-ZGYTisC2w(_?Gv5xA4-PV
zB%VWEy}0>_cpW|qP167Vo746%I|b{~VY7&|Qaq!p7G+!~o}G%$6Hh>TcGBM3viWld
zry1q0A&*YXvC$d-<g|1Q8CLLl&dq1sXv=34nfQZHXQJ&9NlsGo#3nt823%wmvSM+b
zSxkCyKC=kxN<p5qJU5g)&j{DH4NQS6$#=wdU@hkl|9@RM^SP0W2PP0s&I3QLio|Q%
z1`NQf<kwY>0`ijY3eTM-o{b)_A>4=0UhZ`y?^m0be<I9#?dIN(t2N~Y6L<62o4TQG
z_2UYs@T|6CA6w9mdw1w%4(?SZPbNOy_ypO!Kk@_<Per42wWE&r<k?1eEAFH6C6uuz
z8uRZ%WDB2McIf`#!F<GjT>NVrPC*-g&BJ4CFVc~}A|F3KbI82FKF>c1<3!s0l__fq
z>G61`3ZHj8Kf@OMlur5jGXL>-pfR5xS9AODZk$6VedFcNrJbzA=aEmR<T(m$XnTB%
zLURyrhrCAgZ&y1paUa&?xhJ-~_qGBL>D9Tf>x0Wfx@u5Ba)v82H%s!-l}rub6Nf_V
zNIFBvSIFL9Oam&}a1v}~9`pW}Q`kvkABsU8lPISi&+6)kP5A_o?tUjB6%QZh^PR+%
zwm}VeKvxOUo0Fb_cv%Wn@_s7Tk(&Zz+fm3zWy1-d)<ay8e74(ODz2-IE%Rr}oJ`*I
z{Q0Akoy3J?<WJbWf4`$4@rh*66^i@0mw|h_ZqhjZ0NYta_>ecn{3kBycWlGM$p0G+
zuFkV9_ypPp9wPl9@gVzLHPZX|F#j%z(YdM1&$iIS%zq1UZ->3#oV>#bkF%92M<N@J
zL8Xhhuj`n>;SbH7>r`}sXZTLyY^MBm_FgVVteH!K{w1U86f(;8@;33?6n2LP>(~Of
z@bE3djmVdhd@Cs=(9W+d&w0%=Df#I7opSS%pZ~dllZs~s*+%LfU!<M4ls%d-{pY6?
zGF`)EwzASZT%Qd3NvH|;zVN_T3gC}}y?-{SXO<Hmfh(!-HurhUdao_y8P7*of68e^
zndSK$C7y?8ZW3P1XCdK`nA9K6gPZNcxk%Jio<jd3oPqFM?hUl}<It$KJgjRgmDHeu
z2PW#Ax0S{w?_lyBCmu>Uf8z=}DtQ?({>L`n>!i0#`oF>^bS2XzZXLi7`@k3~Xv;_c
zyZ;}Tz7Mvy_bdEJ#CcSzi|;K?R>~}E^Ry)WAZZtf``EOiq|N7ZRIkDseDW&;73u25
zXA|Mz|1-a{cpx43Dlsx^`RMQZBtw1Q`*DpY?UgNO8I@(?nT?b^k_`G=mbx+%*A-6r
zZYnCjVQ&=X!L0VCGR&cX%Ty3W`eh~9YcGYCAv}Wg;XJRaFJb;gCGRzxXM73IGEwhe
zU{mlS<)tHEEk0YwlS=3RUsSk=LW+>M)fUi!jHk)4jd(FynU?$ONy|$fUp{&GJmk6K
z<k2;Y`*R6DqG5w<2TGG)Z&!W{^j`lW|APmo2l?VrW@_TI`T4_nVeUKKDKvyn7u$&O
z6yV1LC%E5_^p|`RQ-QABr0Z&BjZ1+mxZjIsBW&7z+qj8Tl$Xx}^N9DqSNJdA_?;u#
z|A`5N^7(^@ci0M)D}Z<)jrh#x3Gw>m`EfO)@Rmes^1OZs)%81RTX?2`ZNNUt+RC#z
z$)hVa=}$>}X6qPFem4Ov*EN>NJTg`$e1fp9n`GR8N%(Z+(}}|J@EK1-GH|Z}mHoJK
z6JJLKN4T#m6V@ePeA3<#{!iPT3B+HRM!8NR8nBp5KT|*lK7$FL<n#Z#8dJbKGQ_lv
zPfTGuZ4LZWan3H=u!Q6rMp;++9HdimaWHA!(T6-)H2+t)5uHy1DqqOWDYoX!)&!*g
zX-7m!qsX)0-rK~zQG9+}S82#h3QtGcE1Q0Ro4@jjWgA$L`>iOWl;S#n%kWSJB1yTi
zk%w;Kbu#?8u5qtCd462cZLbyo#U>sj&qJH1K0W(p8+^y!pHEsQ%I&0%s$#CX<aaCZ
zpPk%{VOx8bIRAS??;jq8k?FWMD~k`W*gTnOKvvs`$rSk5rYq|>!c|F&L7DvhZtpdm
z&a9_QU5W86brj~_Gk*WzP25R_8+@Mpr=V|STE{1hj7NBA5ILJr@Ku|q4B@giycw_A
z@HsrhJze@4|Dx?}8^Wb1@0-o1`%m=!FC!KI_xeEmZwg3_JNR^?^3Aru^fbnH#QB@>
z6bjT&z45vKfr1}kZqjsx6aPl#9vk0l8*-F9{40Fkf52pr_J2FuqEnQ--IhLv0-pY8
z7>?k9d6=7rQ}WCh;*m_jZxs50ys^1giO+e;Do+_5`5Yjxu5siEBwmyIfAZ`?@~q%_
zUG5+vd$_UMCN$@v)`Ww2=rG~s7|RyqM}?J%FW_^Ug3=P_pZ|19@ccO9vrU;!I=eOk
zdF~{iTDDWAsH-5K47M)S@0_JDU2RD8Co})dpOcmXbxq-31fPu*@H6)Yklq({bwEGz
z22kKYJ`HUp=C1kgbs9C5XZQ`>|E>TVj_Iv~`M<?2ek0~Aps=wNvV@1;5g%wPs>}Tl
z(i_?$dXw)MpDzEW!nxef#xpl~b{yeG<QYT5{(JpR+4Z=enrHX$*{t>7o{XnyO;ZwX
z6Q7IvosF)EJaEg~QWIZoaNdyClW;CRMHz1Xbw%&5@WOG6tu!4K<y2+l38$PNm)2ZG
zo5yWSWzl%(Fc#r+o(FzhDeOa|Na#eK%f#RFV0tQ?fDu13BLC2(_b;wzp^SXo^Ciy^
zMx(W@NLdT;{6p^RO2a*0{rsQCR@jHcwG<MEOd+T%1BF~797xzhkK6O`SbWaIee9@g
z#B;>U@!TUm>Bv8gGPjeSmh{Y|{kZu3rS~_eX-GRqS)29!zn^VkXEL84JdGRt7R`zH
z&x3DltEbwA`BL}^!Vkzd3`cUm7ik+Q<Ht3Ma0Twwz)(7}mAtwd@kv10pQtONzW)vV
z&k#i?JkwTEmP}u5BSw>+g@VfSDM2{uKhJ!k;EJUCP}UnPNkew=+(DaX5#d;*y`<vh
z|9P%G>23&#v8k{Cg?uEOhnDWcNfh?uI?ltox?z1PILw1TbHAAF(Q52Tny&Fwu!is<
z%uHTgq3E&Yy(B!<rsvT2zk)W>l?<l{=cST|JiN+|LJtb)O<FSIuf4@_dSQMV+L($G
z*+%Hr7~4>r%}XH9?WEjY+#AMcANgnCuigf0|JmyR4X8!M|B&I#k3?%?3gCa->b<s+
zrwH)?8^1>QzgGe(oNw=`Jv#}{BF}Q<Uv+oZQgH)rtfn0A`>z}~7up9}a5FVG>XYFM
z_wVz7uBO&I+%G``4-wDDCpDu`iD$c#-h=c5d@}NUYtkBWf46O1JRC~=uqx%+K)e#V
zN7Y2GwS0cDH@{QZkE<^a{Yhcj_zdDxn)r`vEpc6|D6Bo7dpy70KHG_VyGVOw%WuQI
zlsp^L-p__}_3yv@xSn!z`F{$JONP7@l86UGDCjnyON6uYz$WsQ#O|c&T1KyRZLo!#
z7%v+}M^}FG&HB&1tTd`9W$*Q;{-i{f*@D)Sxh{nlA#FS1WB80u4Z@eH<Tq?eL0xTr
zqE1&D^@KbH`7Gqw4EEj>(!=-!*+wkpetPaD!^1rHk#gd?M05@3#z0(6VmN92d2p~D
zjRmx{JMkZvhj3SWPie7;Pvf~JH1HGYtMC*)rpyDRSG9GVCoKhyxkB19o+(V&jYZ*u
zd7v0KuTofA!c+O^I-`b=o{^8PEIg>op9kAx0qz&FX^*^jI0;GXO*oaUv;_A<siO)N
zE~P;!D62Cc{i;5`=D#>ME0cM;EvUaOs3qx3ZN>8lZ?Og1+g?ub-zucX;J&VZspLNK
zye8`Kztndwk`}{uXb53lS19)ejad+b`ES7k`-td@L(f9Vl+9*T+Di&4N#nw7183U2
z3y3eJ;6KU3Ux0D^DQ7vKA6G8!HzAV8HZB48vf5{rrws8)?td!!jR%s@fW2h8Z7XYH
zokZp+K5h8irog(kpx6|Yn?_t9t+;xH{PiC1HIwwogtJiQN$M#>oIlHOYLIUtIX+Rg
z+rk!fg@W~`AV0281bT6A52oayv)q4zGbpeLh4~WBN%%QVv1N=P&tURbwbQ1uauKdZ
z`h4=~nohVG&z~|KbDg&oqN_NCXf#%1dQ476UFi+Z9@74M4YiflCH)<rv=lherX{1t
zC2fV(Nng&VkS(tW4LU=<OVm41?|)qj$?(uVyvjDn+~M01_qI`3J?zfI-)+I$D6j%~
zuiK2}Yz33J|B12|5$CUd{O>CJpHW#uYB$QOqF+9qA>h!1NIsqI14l?&Mz}SF&D4Fa
zOV&<=6Vk&!$=}E}W&{?q4XDa<g9tY!?KRK*Mq@q_Ut=5KNBUUOeMxtJS1SqpL7^E4
z_oUD)eEuTCPFvwU9*p~+)~hj@xHpG<7fI)D;yCa5G_v{Mkp7tu|A@MioU~sl_s7-K
zh9_{Z;*azH?EmZQOyH}iu0NhTlLQD52us*uKm!WMVp$}j?5iQNQ)F{^Z<0*&@?LyP
zSd0Y01&X*3VT1zW)(Wj61{hIFK?P9(u?Py4ibbfEBAZr4to`13_rVkW|Ide$bI&=y
zv&_AB?i~<5qPz#6ppn;+E0B`@7#Argkk6=bLJR`4hN6$de<$W0o@xOyLA}w-@J)ob
z(!?|h-;J{^_HuX;4R(_E&sYYtRKWv)B^@DAO{Q4VQN~{ryp-{H#(yAqIWdw7uzyPO
z){Kv-C-dW%G#0F+jmR&s%~ZMl=uZ<PX?+EQvm`4(DfUcs1$Z_M{T(@!pgs6!z~3`&
zj_jinA5uxyVygn1P6N*n*N*W(#`73AQrJF>d%=fPlg|+&sp12E>_@qW<QtSzI&Q+2
zkIYs@${GI&E>@Vc6p{2#aEmCC3YSq}KK2qg3*1`dqsTefC2dkgpGW@;-yr$t{|1iD
z1mB3Ekt((oz$xtg2snr>9k$`7U?f$?ew4(wV;e%_Pr{{)??y^WW9jCQ^9gXJ;9fwU
zL@orAiCm0tAvo{fe>_T145J@@3+@O@T1SwihJa7Thbbo5L+WWpE5CG|ps`Qk@<c4S
z`pW+l@%zvhB=G2x9szG9&j0!V^60K5&aV`}qR^cH{|Vo!f_GD(82d<Uso0i~L{dJn
z-N})lnF>EZH7o7CiR~pfwTh9pigy4khI?W>K+s5JDf(o<tyCit_@GL3hC(k==(y4s
z;QO9&BlWg)WL%3lom^|+EY-+;#57TbKg0hmyfE?pKS<I9-J?K{V5lV7cO+O1_%-Au
zcsb+A*n=vjGq{cDmx*x<+)3nD<XXjp>`e0aXMBuijuJm!-v1wyuqhxL-m0eXbH*3d
z_y>}WRZYnv!|^qMXOUn#n8EnZkfROqS8yKuBEDK+HmbNPY%Rb@no0v_kmK-Q{{HQa
z(GOn-P)DW`_$*2OMNngk6k(UtMkPGYxBy&&dZ<C6v=R3;@@BOp4-zZyxlsx;M&*)f
zMND<Iki=hM=!EVkK>+Rz&xI4T1B@WJE0_r?NniOC(0r9gj_ZNDmAF32HwEkfHJfXc
zEs8uRfB(M##|47t6Yz~Jh@%>^2SE)Px8*5bL4JTu($m=AQsetoQfZ&V_|N#>2Aj>(
zAHwzqwg;sX`i`b@;eBv|M$7O2-6VShOAK&GCC(+uH6-CLFr|F1Y~O>akNz%2&f}9b
zftXLwOBsKQZ#(>JY@KO(1+p3PE8?@UOR}+Lp^sDXf0gflU5ryG_$1>HQc_L0Hk^&#
z410v2Fj7(>_?p-!le8WBN@f2CawA+<HGB!oHfDAkdKOrh@qJzf?iFxFG*MBVA9tdZ
zsP&tKei;6eB9b1(&R=Hw2@M1PJ}fChk>7z?M9h3*y1_T72BiOS`~qJ&+?YIR_{+f`
z!`EHD|E*D8QN?6HX95!R7gglH*e0l?>u}b_{xY^v*hZ1G6UjFrPpCZkj9bHd;XYu8
z;IE<HhN&v~4(dLc#`=E)s1E!$SpIkRLpUV8NAm5+mB??fwN(vFqDW6ws0RKo@SRk?
z6%?zEo<W|GV0L0}iLHoccVd4HeXqjafm|cM|AtaH6VNLpt52s7VVjQLm$9S+Dj*%Z
zq`}A~*fx{21(<pY*Mx!*`4CspV_@rHdkOqgV0x=O^RQPufMIn~&^;vkk>ZjbO0rA+
zb$sIp9)^7hagrV)$tY}1R8nbkv6U<TC1Q3d-*DAv2Z@2#%JpBYikt%UqMQY#UrV<J
z0Z(GTj&W;vmul>OCHqojKlZwCOU5$44_^iiR5F(IF7YdnUBUbsP6wB*;=OaRr|RxB
z(aR|Q1mNQ&kaQb*KKA*H+rmG}3eYMNY$MTaaW&<Ba&%+7AN)NO@!>0E+y%Lk7@xvP
zA=n$su^ppE-wHq<p`1s)sz94aumL?mACcr%_-$niP;3z62QEJauN>et@cra^2Hz5L
zNE!zR;BD|)*uWPiemk*GftB}yM|&vHf{u<8xD>#xID63PK)lzg!aL*`%ptH-;m^Sh
zgr8Q$OmMQN8erzYjToEwJHS7}v%po5H=Ees0OSupD)_hEaaxPxdlD>1-HiMLfR72d
z2Ji)$HHkWttQ1Tqd}ENyl<zI%`{;wQ-$e7RX`(Z+24e?XGL0v9Bl-8gnqfVK@*c7m
zpz#EKfj$EHJLI$2KZH+`cnkU><XIZ1kAIoOppT^a1a&0GIdGC@G47_uQeOh@U1Fk)
zcjMb6=YIhS9>y_O1~QhkoS+HF=K<fWo_;vKohsRJ8jy5~m>tUY8hRb@Ly*nLSBx(~
zE5TR6Hii+{=O~A_{x4G?Re@gw)Ig1oU=P6?;66-Yg6^Z>k)-77C@Sf%G`K20^nMN}
z?s~A_z!PaG7ri=hr@-BW4ppQK!kERVJ4ybH(PaDt<5@H!=@9-W2&%=nrYe+4f?Dv+
z@L7_d##apf4sdH#V_THG1>bbWvsEl=N@H?LdPM&IzZl1FDI7z-O_BiMFVJ5?Ziepy
zI8ilo5c@>*Hz~T3;`d@dj(&!OQ^3|hPs4tiTszTgGtOk(jkpAT4t9dlTg%r$(kQ@R
z5_~%We@+7T$M>w#%kWJl_;uu2Y@agz56PROC+K7BAE;(;#D4-FtKyd;?}Xo#HNXUr
z-uhSZH0$8*a1%03B<K?o&jg&C$c)^h5=qlQ#tpz6rSW~p6y)v1Nm@^yMc5j$XPTp@
zp?{4m#@~pz#rOs=epCMbFAc+EI6Go^Ky{Alk)!k(1au-<71)sSEmOXJ_)buu1euF}
zEdE<$Q`iom=kb)I(eFl=bQn1uS&6-yK8ZtzKuMzjcfdFvmeiewrcvYq`j=o1ssz&4
zpM-m`{R`Xu3cr}~JH$v@4}VzMbwT~6)zo`4Q&lOUN}Q^8ZAjCr8w2x=b~%xDmD@H>
z?r%n;VNc6QF)ou?X4(OBdcZQI+nyeaT0g@Sg(A^-n#@guyOx@f$j>09p>Wj5@h4}F
zMXY$as-c@+6EzF$Kr~_aZu3D=dHt5m%D|TXRUKZvBr1QiwNBLwTPIYn8nLrnR9)OP
zC@m`(GGyVPSz;N5c9|8d>anM1POE|aMjCd|jvCRB>>@YE-_9uD87zOUkrT<NDn7Td
zTIIO!2346C=ZeaVOJ7&D`QdPFw{J~xkM17L6x%Z^{C2n`SQwrb@SCN^q)=(p4h17q
zj7j50=S|5N7NpIf88Gr>r6Ma(O4kLUurV+m6$ccUK4vWFH&nDyV$L#rMP{(jGG^G(
zqEIYq1Vd5VXJw>}nH7whGjol?(!v{jMV8Nfu7$8_HUIy*aJse^&D_lPVsN(8s;|gw
zP+*5ygDXoE3I=Amqxy>W_1wosi|0h+pDdm%P0z8QKf~=dR=glu*g?M?Ec`#_%>87X
z*k8xpYl&LIX;Ua3ahDZ}>{NGmvB*nxhL(yl=TNB_;10h_WYl%~&Jk(Ot@nzW>5-_P
z=XAEu6%Ddjji^<^HZa4p4A$CmN8BrRRdcp?6MdYlg`!Ub*-p|E$ZeV7<}VbxH21cL
z#FkX&!V99gGyE}e%pJ2t?AM&(OU2?$Z({{xCDU1j9KXAFsdzur+5fCq=Pr6qbQW1G
zA^WThZ;2g=@Qm&&zZY$)xpiL@n?;Muv*K+aZyE23S#&6?JEzu*C0X9)_BNRv^vv$e
zmqb{&-Ch<C>Q3rram4v*v&eCCT+ueIuFvv{7_o354j#N!9Ms*m+r>;hD<@(UghM54
zLnGdk``b6f6wxsn3kMA|5HQNjK+KA;eGStHTfR`3{S&q=cAQ`KR$@j|Djz-A$i4KY
zNY~r=%wSM1TG)!j0&+dWS5M!v-J(rnGwdspF!@NyZ-U!uw>VVuns9WQ&*Ddc74;S6
zQky1hzfsCwVxPw!;_LxYBCa)yEzFU~4B40WAlD8YHhM(<kkQlRyD)8JzcFLnNe9Ip
zX%7E$;G3Kke-pR3X&;LtY0lYC#jEa~e~9Xu`@?5qb$X^R6bxEE?<Hk|orh0}UtMn(
z218-Xd#S0zc_H7Q%fO;=C{|cx<o6pf$a(dY_~beU<(wggcaBJNd<J6CA|}lCneweo
zDbFA2Og=3dJ9SQrmhS$4i#j6R+cNp?{?o$LuA^r!%jE}?Pw@+x+)igje=&W`*wMrC
zhm^-R35RD~PbpXSu;r~KEhH_)RT$ZG++>(+i1@K*%`9aZBed)W&xxl}Yj?S!tNdkj
z?UmcTo7?<9VsL5(hq5}aorxF4)InYiZ-tW2)ytJbhTo2qhJyBVUbm}Zm(OhHPZ!0Y
z?(*?XCf|GOt{nezs?49B+gt$b$N0WDc~N{AKe@x+VcX8Fx+KPH`k(;=oYg;y37h6?
z*K5uNO>5@n>)M4H?$X-YA>pp9qdlJ9+Q^CJ8bKa97UVqQ5cgV&lv+N!KrUa%?U1dl
zXn*}MP7P+pdk8CH6~=7(^bX(n3n@={?`U`5?5j1c;aoFZ8}AOiO*_L`wNY!}&K;q(
z5$^l>+P8Jw%xM~LV|AZ)W7f}3`PodqojB!(#?N(CM!pFlLmu>rLq4yaE$;!2d7o_>
zmcayvO1%t*>^214XO>L2<(x*W;B3=iea*5mI}+l+C)RYkN42*zn_Yd%Cw1Z6IZtco
zo}Z@`H+7n>(y|&yLIKv)3Xsb#30+xdchV|tPDA(X%UTbuS>g_eF9<UmG@{{98S|Op
z=4{gHXl>M4Z^||Fu1ARp+p&nxj)vkhd84cSv4MN(T`f;IOZRH4YuN##*qWtIt)~05
zzG?1^16sc{=hR2q3TNG6t-t(H%k6qZd%3Z*=bYBO2CJhkfKi`m*~{u_wdx1yU7r1k
zs~~8F+@t5U=WDd&@R}{>iaIPmmxLWMB6dlM#W#m9<g9pDYhEuyKDytEMD3s%m52=I
zzDwHR7V7b?%!k^=1(B#3b#_eB8@R_WX+8B#0sW~ow|}}mMY#K_>GO1_qNcvS1(%1#
z_VwGWoZRhlHoP-1BrlYXwe;QfoL;T;Gu30PwciR`PVIquGq=Fd2a5Xg6CrWGm_bhD
zsO7G0t=F&Ne%D^_uU(haRMO7&wo<?}lJ1(|4f@-B(j;Dk#9h;=lU_q}mvqtRrMgqQ
z>%D}tp@-hZJ>NqwPj6`PVaA0jw+zQ%;>HQwq906k$Mn}9N^NchsKW7YmRa)F@$=cD
zy3L8W?+w;NqBqA*)Q);DRWufj+J-Hko@+;5L%f>tdncqWBDRrX+UjyjarU>;vfZ&m
z^}~9{uq|&P>1UY&?MyzA><DwpOM|8^+W4l-a60Dc*EV8ht+3DAhV8srkMBX};XJ*O
zGdEAK>xT054w-GQx}i!!vOv=IjxUzG^bY+M(Vo{VC>P1#!7rcbe$)7ct154@-ZI@e
zHC-R#EcEHa+}eJ9ZZ(I0MtadXAJ7}R9|ZKNnzMhOmg@RK`k3lX@>!l-??UoUYR-5b
zRGwPSOEdItoo?qs8Yb^Bxsko{VGc^~RI}pun7mS%lW5p1vE3sx^yZ?AmopZ%1NLn1
z1@N|jI%Cz`c^W68x6ba@Gxg!3@c?;$Ug?5o_4aPQd-H7lFIsnbiIpd1O`Z(zg8RkP
z-<InOL`D2=>Q^4&)e9Dy^2+h{X-c`ew)*ADPY!R>MEJ^0Ufsl1cLkZ$gu3*6a+6z;
Z#C>PUH&5Pz;ZRCBU)b*aIr{F@{{i9=u+IPh

delta 50277
zcmZtP1(Z}r+pgiB8DN0H-D%t%28Y4j-Q6WYg2ToM4uOQA!GjZAf;$Aa1Sd#vNN`Qg
z{q$R$#rf9h_4jvG)vjIgR@LsFf$+b49rL%*vApZ?B7N`URX3{7mjZW`_W6>B`Fu@B
zsnq8?vd-trfk&|@zQL$LK3~4|K3`(;#Wrva>tcLNwbAEGf_X7HR>9QR!R5!G`dMUp
zzC9%JQgF>(h_lHm<ZxC-UGIPeahA)U#j@lhZ}$0eVr8s^{ZaMyqdNM4%*U5xiw!uv
zvlu4zd5oNdDt32{cP>NC<RGTU>#jUxtJU{oT*`}MHmrdeaUiC{g_s!+VG?}ijJnO|
zi$OjOCZK;`P7(@H8BB<6T)sc5;!IR1m!cZnhidQ<rou?ueZDxD4r5||OoXLT6KjN;
zKp#~5v)%P|=xM}9NF>8&m>r}4Y9T9#YM>0N!Iqc?`=T0}iMnsC^O*Cl)3?K}C&x_G
z3&+IR91~!l9mHQV81E{sa2`a>@FrHkcNh;#?X-c_#T4XQy8K{NgJWI!JXiiJ7Nh(y
zDgu#qStPTdmag0`;;%#l3KYUlm;nc1Dx8neaW`t_$FK%IMh&dkZlA9Jj>M$69Tm~@
zr~!UJMJUN0yFVYMC0`FUpne_+Rh)}iaXYHQU2KL?_tH4FN8RuUBQVZB>!=p0em_+G
z*;pIjVQ#Ft-y$~{6`?7p$Sy%Gskh4&TyPbhIztXv1d?D)Di%b|<Xcq3i!c_R$CP**
zwM0P&EfNVZIr*HZ$W?ZB#lqw#A)DFr9U+mPf`3q(FVP{}EM-s)bU}@H3}(dnsLgj6
zHK1##dT+5bCOFKI#0FRpzem+Of%))0rot3Q6giKl8i@=PG{=lM5;fwLuKWb1CI14`
zVIm%PnXm}@u{CN5N1#GH-{m*C{8`klzlYjm|6yi~bBu}8zppR}-Pj!U2<?UHXbftk
zD^U?T=JL;+v3|3G=0FXg2C9BnjKJ}z2^~k>{{mBElH)#KE-ZweI_gM5n_&VfREu1N
zU8n}1qLv`$2@7#XREM2V<)cv%`U%z1K2%5dFbjsBw0e0^{Z+<7*!?8&S7?5wKqK9a
zT8h6=4aYcTA<lp?$d||1SjXktpa%RkYEO*EFkFDzq^nT_z3%*g*~uq4ZJV~-Y2tsG
zf;JRrZAzT6wXK0_pfBdfWmpZbVMWY#*5`{B<n#4L4Q$9cb3AGQKcXVH7)#-PY>$!8
z`+SqJD;~m+9*HQbaKT1&3>AU<7!6}xwB4Nq71I0|AM0Xd?1&ApJC?;mm;=Lpw+R%+
zoa8%WC7g*h@it~fFaIC*>D2<YtH+~4x&d{rPoie{7}fDRRHR~FvR$1DL&=9@EG&WA
z3)N8dzQ&|D47KZLV>Ud1Ovv;7O+srQhjmcM3Ze#39}{2?RD?#O>P^I?xDgZKN!0nj
zi-|Glik<VMsDV|({8$eanQ^F@Z^d*v|F=oRr6BaG9jBzINEAhdt_`NZ?@+sUEk?z2
zsNH@QwNydZEJ9(Z^3)g;%c452jhf(4Oo2aPBKr63AfX%1p+ff78ST2wAQ_gVJS}P_
zt+5EsK<)aosL0&MR2ch)EnQAbPQEHCVjWQt9geCu1HD2dHj~iWJwsLe*O}y|g*Y#&
zp-QL_x5MZ-7!{FkQ3F_oTH|vr{}C0zbbs>Ei?vY$Xn=}f*FTBBI{t=&f;bYjJ9l6>
z#=K>rD~qMb_rwU?h!yY^=ELH*?L(yp<|e-qi{VwQib?NS{q`6^ehrquXLmf?jXCey
zhel&8&xIc`Hr_yOqGwnU-=H2K5r0|eyP-lk0#$z@YR%WX{2ok8{xm9LFHlSOFKX!u
zd-v>Pvj!?OtuY<;MQzI2?)qv}M|)7m@CK^>3)JR{df)a?I4ZPFFcY>#E%5}*hzC(i
z@)!f>KluaO_2p5a>xim26E)L4s6FunwFg2UT6sFujB27j_nTk=?2ekiV$?v7U=qBF
z+T5=&3PyS4^R3YNk4Zuy+KNBo6|9K8A6xlO%uN0!rpIVcZ00$!9QiVs2gjm9`YWcy
zGnfpYp(YUhsYNh7Dk5btzRv$35~?@_HIS948&0Bj`+ZcXeb4L>oDk=eEr9CqA}TVE
zQIUxHx8;+g@&!@tRYvvG78MZ>OVhvaM-po23dY8NP-`Fbj~&1Gn1Os&48@wL&^C0}
zyP^g#0(0U|s3kawjqy1)$7;{{u?|<ECK~MpgJ?)1I|*GFg}UJuhG6lRW-0WOFNa!+
z_NWdgyYiK&fgQ)_cpiiC2FAx*s0qHtSQz7#O)&W@;;)e8pg;{)M1`s?Cd47A2BxE)
z^~+G9+l_jJ{(*7vmCJ{|w(IFp?G#6~-vAYvo~ZT~U>I(C?au#R3dT_I1RLQuZ|s?V
z3jO3Sp^npg)TT@O)*d7sF+cg`SOl+Q0ZjVNzA4qfL*&21!r17&g?<`p0-HS&YVaHu
z$D|)D#0^l#Zz$%#)vo*sY9Nt5+7m82rY7GBb!^9CGW-Rz;cuw5euH^1*(b|aMYZpJ
z<qGDY)^;~)2KO;9rux?gSPPSrpMh$411j`4Fa`eO^0EH2&F4oAv@9mTu9y{vVJ=*S
z49xRgC7~Jq=Pu;%1qCWL!%)h<#gsS&Q{x)cX*h{l@Fn^&RgjgJL=CJRmdC!R>$^}9
zxPiJqZg3D^Y&^~<iI^0W#Yk8iwfh^ODmKAHI1J<9kEl(w9JPsdq6T&p=ivj?l71Uv
zp2V-oCx~PN8HJkgQk+cxzVjs1K-<Vcfjux1E0N#l@-d<W`69?y#^N|0>)=r=fhj|+
zyeSSNKMRXt3Vu(crEG-NaWdA!>!^P7^9|Nh2se_LtP9u%yGOSHoyD@`pJN&<7#0+G
zurxx=U@&SgtVFf*J8BaK#jxv{@fP{|$XI=aV+Q$}kdKIE?azr7<OOEFgMx%yxQa>e
zIcg2VVrz|<A?nGP6{BJiRJ}5o3Y)s}fv8P75;d^-s9k;>^Wi(xp2`u&B2yraXKUDn
z0&R}IsDUiUz-d6u>^|y|8ZWLj9F96xtzCYU%dbQ2ne*t!_o%&+JYG=XD_kzr^{-IJ
z^m~tlX7~$glkG&!^t|(qD}RX^d070Qz;TO@Iu*H{)lrY$uBaznU)0Q(q9$?<{rC|F
zvlJ;4SUcYAgscr0wxZT_xAO^Vgvk@x$iq=1@8g_<I>-B5{y8dANfHMI&U<N0O1=SV
zpgmCaCu45hjVvAC|1IH*oy0<w6ScObQOB_fDk3dWk@^}H(!rPpr=pf@gYzir{u`){
z-=aQr5+${EGN3+|3t$GFgNh{dgzD}tjKFB*e?X0RJ}R`QQJe1yYOmZuZN5awY)=%x
zM&w&zSNs)qOfx69@<I45`HNT!Tcil`-PSo=N1`)+pEAf-1$mSOo?KN?`Ds`NZ(t=%
zm)ag!-B2?eh<==jn#gvHz*ATX<M@LDA5yikE%`Cn9v`Epnbb*RYd;G0DYXH$Mo&-?
zNR`%(OLYt!FVwSrK5DZaK^?a@sAHBcokgYr79igTwYOGbMZAoORWCi~Uz@CGdRxQ#
zs1S8Ut?esJkBKwbZZ3ve>rSZqJgkeeP)qR)^(2jzG03+EbE4Mz8Fs?pOg7-IsQR-r
zc~)UN1^N^_f$I37%g4xUn=T7#_lIL#Y>KMi9W&#2)N$L0`qcc>l_$tz9TrD@`gKK}
zk{PI_+3S%gP9h|$Sqc?;4;9j1P$9mm>p`6VY!>=T+3f+;1GOa6oxh-V|8ex=U6+rN
z!|J6*EkRM#1iX<XRB-_+r2DWuUPFyIea@i3k76}Y5g3iyBdbvL{z4tg9J%bg7eOsS
zT~s7`qbB$>YO~+Pp4cvT;KR%F{Xs&TFmWEMSP8Yu$DleogZVKmudP`G>QUSR6`2uO
z64ztk!wMtF7tCiLzx_~=+=c4rAy&r}`PC0Y>JmusWe`>2Kh$o`Q^0220(Fi@VG+E9
zMKM9RbzBn_(kZC>E}=dfLJL}XRxC}v7i!Hn<5+x)B^8q4g<R-S6|bQ-iNCO&`^u>N
zB-D(zVhOy53US6FL4lug8=*qI6!rOk2O}^|QCq6ksDUoWdiWeY9j}VTY~<Zg4bDbI
z;v{M*wDTgMGOFY8s0Y(A)PNI}u<MOb=Y1CHG@M55p-)&4Gncdpv_xH>T$1yz-M)i@
zzyk-h)~O<F7uP|3A?b?!@HA>*l}ZH#eoz^Re{d=;qSknA8C$X|s0UO~S(`u>)XaOK
zmT(6a!Z&3-?&kk;m$Q-ODQ~;CB}S&gPz=G*s7LKM9D&R5AZD*%GklI2$)~Jn11yW$
zq<v5korM$d1Zp6SE7^UEJQ7;7lc)&9sBF8wI4a*4)8aBz2ftw&e2zMf3948qi=aZ^
z0rhD)7vtb+)Btv23;YM8W38&D*VH9CID2AdDhzh{rOtI2m+~E`51Esw=f!Q*Bl%y{
z$8v&d)^TQ3M};v8mc?jT1@*kBhYZm3wI-p8y)X=ipgwfQp(3yy70O4bHH%%{LR=BG
z83&+_=QdO%W7e=pR6*^fVW=nFX4GashuSM|F|*Ep`kMA&sfK!VcEwmY3N_Q|s1Yy6
zn7A3s-~rSoi(1PjkQ;TqC~C<np&z@VCNL58d{~EiWZ#fF{~t)`yI<nkwh42hDl|id
zwm)h>lTneHhYJ02)Th`1)aJa6+8aT2tmAa3cFLj#)Djhm5w3hbdOE*5NT`ATP@l^w
z>skm4phDIKHS#H_j(4FNzJ%IbuTULlu4hYA8MTCiP!m{%n&3XvUbuvc^v!yl|6mgD
zDA3w|MD5}N_3g$ks3+bq)Bt`#ZO-ecH4JTF`FyAjnxgLSh2gjybxLlcj$M?7_9U!<
zn#d0gIsY2@IttXlIaH_~q90>6vYF;Yjkq!@Qf*M79EN(5%|qS)8|waBsE#8ywg_cI
z4Y)aKPmM#}_mf9L=k&Pqnyc^>6}pfn)=^T_K*OC4QKw@7s>7A28J%?3AD|);*3|Y)
zDU3(HDr%Fqz@q4NBcTtA<){bDUzinRHnWZkq0VhR^kWN5ibGKmnT4rw18Ps4Lp=wc
zp#~Jv+y<Hob-e~Ef?bgNJl|Ln3gvQl;Sg%`+(B)|1T8FN*-@W@rBDOyf{M_0sLzCD
zsDWKZor;&3597DAy-)!o$PYp7wcS`i=l?AU?c$uRY_qjOZL%q-kZ(h+<rR#KL9K0O
zp{N0-Ma{T~vpQ-Ztx=H~gc|4^EQ0G%k$a-+^zVz(#wuiV7IW4{tyxD@LjzHJWj3mV
zRj9Q;<jNnQBJ&<K^E7R3LiJFgABlPp%|{LB00w^lf0=}iSNwJs%2KFJ(hId0hN0GM
z6>6^>!%`U9-Xc{Ab=-QQ8eWb%4ZBhIT|~9>5*69h9qcqz?7;cgh<a0?HTw}Y(k-YP
z&!IjO{y{CpCsYJdceDuP#=x;e-PZ=Sl%8`vs{OmDM|HGLw%77Ft9SCOfi4tiEk~j@
z(;U<cPNH`4U6=QDw(`WN4s)UgR2g-D6V!luq0aXN)ZW>Kn$Qi@L_eVhmcr{|Po@ae
znvO*^ya=_nyHNwWg@M!1)lNZnR7C2dBGeC~;z(48C!#{W8TADH6E%=H-RyLQqXy`;
zC!u3C4HcrDsD|&N9x$QZZN!C8189KSWM83<?GNb34X7vFc~nQfudIGX)J#jDBH0=h
ziNVM~J>P5+8o&Y6hs{$AoZGK$GgZLols7{?Iy<6H#bDGDO~DxWGirbvQK#iNs-wrK
ziA3*V11^f{ry&M@{vRAj5OUN=kD_Mw1Qq(|JuM=|&`-WOY7IS9NApmj+=V&?k5JEp
zw7qOV;i!RBM=eQLRQ(y4SLgqLtMCT3c@p-vP~}7|NhQ=?=z;2RI{I-VD&!YX0}A@a
zj<FwAzdCB|d!UwVK577mQSClQPivj5k5w#&8bBA+T8%_S<R?_f_M<lEeJp^H`r6VJ
zK}D=Bs{Sxk2TM>Lo<MENx9G<-{jB}c{oMI)MuBEF3{`P~%O69H{2^)par?WFqMv+q
z)L!@swHJn?Hs4It9@_2lFI+z902^R6)M@K6fb*|SGoAw7xCs4t6cxgUu42rAwx*d-
zo3*I39ct#2(T}T8?VZ3hco$VabdX)ogPLe<)WmvvBsAlhsEYegH$FyfnplG^pB=R{
z)lo~(0kx|~p!UE<)O|PI_241aVJcL4Nz{_ILUlX{_3hYOL_%x!2dbfus1ar+GJdS+
zBBUo}U~N&GZ3(KO1E_`{x$-DOZJ-%Y9hX4uftDDEG%B)-kbXShAy?rqRD*GcS%Za8
z9o2F9o~Q;VVkoY~Fx=wYkBZnS)c1!csAHINxYf&p8fbCU@oR{=^!Y!EghsRptKc7~
z&69qFEloqz<{O3@;8OJC33vUeGx12fF9Nlcy<L7DY9eP*d+Z-ndx=L8Df;&nBcbC`
z4^?3>DrAdL6;Gl%e&O=TM%$(<iP{5Au`EtRMd&Q5y_cwnq!?p+rU+`H^-)XF9|OPt
zn@S=!1^ZE(@f@n-kFGq;w>E=3s6A2>YvCX)iYGA&MjvZGg2hGcp&F>o`V~gP@u&e#
z!RWYtEazXldM5=6*+taIeB-QQ5{yf>2<m)SMXhNY)Ef6iHT*N`{#B^@7f~JDM?bzm
zZQcaq-QGe)rp|bFZE+GkDA3H-q8^!7P|xz{6D-7~Fe>?;sDTVbHTa!#GwQy}sJ#<y
zqD`PUYAITvA~6Q_4QUZ-BHKI?dVrijHTV!UvsjaCCM8hiHBoEV8?_f^pq6SEYN_s_
zA{S$_nI5&5iaA?jVe;Q%A>4<$&-*|^YvP|`KTelMbubKd%$A`l{(@@o0&2-VU>r;^
z)vjkiMW!+;60J}no`Sk>4eC4QdDQ*E-v#!Z=SxmP1=&zDFN+#LZ&b);qc+nPRHS}K
zeaCx=nsKISwx%UfA#IEraCcOD(@^*AN7cXSuD``hI{zuBTLj9X9uOT+Hx5S)WIbxl
zE}{0wGmM4FzqbanqB<;%s^7uoC!r>=0ksECIp3fLl==t0`UTEE2|bZUq1Jdks)Gxt
z2ge=M$U|nB$x&;c57kgp)Drf`5;z+}@G>eQ*U^v9QSHS4(aeT{^IwL9X7CMa?Pj3{
zbQCAyYn+awX4)x8Hp`YI9cln&P;1>1HGv_hO}ha7cn~$fzfkp}&bCNroXz=Hh)PkQ
z&*NsOCtqLGW?6_~cp5dptEf;0&9R2FpaxtSwKV-v&w(YV0h~hZofjDR0cWl)Q7P2*
zj&nKx+MN?9(0N~v`eyS0wFgqqb5AnV%)UYm;5*b_*^Wi=0_ss5_b01Y8r5z)R6FBQ
zoAy`Kk~~F4B-op84W-8-6qH0=7~q_Pfpd<U;XTy(jlaM;s)|~IuTY=o6Hsfs7ZvJD
zsE*&DCYW`hMW_|(dEkvFp%EQKo!?7X75~NxSbUNFfHDe8lRt@Cvbc*aGC5HBYN)U0
zolvJ`2<qGObksl&Iq#qb9K0kjasK?5gx07CYPUB=Jy`mq1~d-!d{}^ikfZ8faOJO1
z9mZN}YnmQ)y&`JKI-=HoJZdSnVL^O=Id%Ti{A@F*iMpXHYJ`(reiiCmpF*9A*QiaJ
zZkdI=I;z7FsE!t)mg)@p@e^tZQ!Tf86;PY61LmNA-*^%+aT{u;hf!;I6SXvNQ6Y@6
z!XlCt^{uxQDq?j}5$J`{a4afP(@^cLL7lF{uKZ6_gg>IE8OK~{6>_82vN9?H?NOU@
z1ZqILP&Zygoq~I);}(0Bt$ktCz^bFJw?efy7Bzq+sQY)j>!(+7{xyTQ6zGYUc(pZ<
z5u=hXj0#<8)GqFVn$bMeDcOQ*@Dl3z@DTkNdyShA29vLhieNR2j9pOQ4|=TeEX0E-
zP)AeHkK0f;T*hMf7S&LJwKn5IsK~WOMQRjk4=hCOjeYL=6IUMR7hCh(sOLgmRQm%w
z5{kf&s0Oy6Hqq~>wU4~cI!KC&Kse^ZPN+>e7d4Ors7-Yb)j`;Li)bEHI}sQg>!SK;
zi&|Q5BngFbH)=$GqR#Pus7;h$gAFhjs^RJw345c~v_GnYX{h^tMum0<YR?=-JqK=}
z?vK0C22c=LGSAn5ghD$AH6stTi<hD{*Dt6DT}DOb9qM>x+GJ~92mR#xq4vg1)b;hK
zrMd2|e?UC}Q*5>f*1;S)|6@pKw{Aimqid*{zrZkzwZ(qHkPP+U$b=eb3+HIm-dT+b
z?M2i;UZWx!d#iPv1GP!pV&GJ$oc?`FNNA*2QET!JwU+s}*+3d%dGftb5!j9j@qJW7
zFHoV5z1{MeQ28>bi8Mh?tdDa7YR@c0PYoU<p|yE|3U$(7?MYV%wKv*f0UU$6aVIJQ
zH&Fu!-C;9JhuRYrQ6I~#QJZxt>Qo%W_V_n;#RfY$|C;%Mop!^Ys1D=ovIg^_zRx#6
z?fy=vy)p+Cp`TD4?nj0G8Y=XkQ0*kzZO@ZJs7O@7$k-mWiM#Ih?3nbRpb`Z`QK3GD
z3US;$7RnT;XMcXw6Rs7i!QQBdO?KsLP@&)Ju3th;@Fi;V#ocSCq#`PE%{&qsd4J4}
zGf~Io7;1(eo&J5ctIMJW@-=GH%|%7vkjvjh%{<zEi&!?)+Be6*fKl})qdpD2<s>wN
zOQ?q5qSh+I0c)TpYAr{&{Cd>&yQuRX=b+u60TuePsO!xz6u(8Cf+?uev<CgS9f^$R
zyFx-Ue~TJfmP59=%AgwTj2hqw)PrUr>U+Uv)J#vHX7~)XnIj*zh~`6W>N=<;>+i}Z
zpzdFVfuH~PlZZ*d3sgrzM=Vr+RK6&xfySsM>4qBURMaDNCF(=ySJZAlj_TNV)FP1)
zm9K?*F!goii!h<i|49;>=^fOj_=GxMNsrlai$JY)8&m`)pk_KB3*$-D11#!q7TVmX
zO;`)H+dH8)-&a@!m!jJF6Fsf@D-v3Qw8w2z)Io)41Zs_Eq4vO9EQr@pYn<qWm6t-5
ze~m?P8LGWIsLh=4q?K1d4QvD|VzW<j{uP>46zKE+Eb5v6Cn}U-r)=aUQ6ukzx^W$9
zVEZsS{*GFrTh3Rg$V5GDOIRB90BePc+zeF24xZ-x=O^)m0zKK%p0UkS4*lfYp+Yqp
zb>l3IibqfnrZcF$a2x&j3Dr@mv-SY1i#m4wQENXPbsF|KuX`l)q3{tkqBQ3$bd^v8
z8-R+?TGWH&0&0&uN9~DN=j~T71yM^@0?S}M)Dq1^?X3f-`qxlP6Xk;S>lGxS88t<9
z)DG3rc+{FNL(TkmRD+Q(2Ju&M`5P0c2KS<7_7E#zqTj8(=9rg!2h@XR7OMSYs3+{-
z$Z7I?1^=)Po1o5fKbN0{8o(CR%>HuapHNGc?2-+vII4p#sLebZ_5I-ps@_@Do_d8k
z&Z#fkl9WKdKK~n$&>9X16tG69k#9on-utKsCA(q+O^138L^#``2L3Io!xgBAoj`T?
z0kwIPU9~?otA{$?Gq8Zp|1J``@g-_gCB9}e$b#C{`7jjAqXt?X6_JjpC!dFY{2tZL
zW|zN&`fPcRTGC|K?bH-R4Xi49YOo6l&1e*AWXn<Ir%?lV=<=UXn<w!N>#!o~dM8x<
zL8v|Q1J=X6sHI4J(>hLrI{)FQO<DaW=U)wUa2Ez(IQj2TyZk6>26vs2|Fm730sWL$
zMm;yWph7+X6_I7AW48<Sytssl%tKViF>l#GGv4y7qgoUwB;8P<oq$@?MW}`kqGtF4
zwTolkw(o@bP)iem+Wi$#9ZW$@Y&rUI2WpdE!%P_Sjzyw?M?xX5hN{pTwd)t7j@LQV
z+I>U~B<Wq-<rPo^>Wv!sB-Bh-qawEp73#~b{5fhsA%EF7s6-e--b+fN9Ep^uXLuXb
z8qaq5<IYI;?3YW$Py-(5T!@;{QPk%B2la#txo-nZgNjH|)PU-uAG;#Q((_Fup=bRT
z)Fym{3UTZQHuD0g4r)6Gpw9C`)Pv_ZYR|kyMI_fl>!1>94|GO7VMn?06{tP+8wP&=
z_lQJc3gSPq0aSDLKn>)3REU2?-FO+*;Cq)({n(bSBx;~vVN;xe74Ri0^u?aohgA(!
z#2aI7kHmZu>fj9Ong2IxFJyRXyS5%`ApM;4Py;xCCGi3JG0QU>KxNb(>WO+HE<i2q
zNz|T-^0&2@3j=@uuO5j;To{05@jPn8N&m4BW=GAe0xHB`q4vO7)WCmn<)=`a^#STR
z5aqeumj^ZAMyTUC1hp5YKj-}GxUHhVkNZ)Z=ME~=!7pq8X;JlxqXtmd<-4Q42aG~B
zI1BZ0z212UwO1~q>P32K15An<Q20yEze3f70(CGB^`KaQrSSmj*oD5b85Ka)Z;9H~
zld(+@4;;)(KE|6MUj&xKER+vLb-dzjkncL~M&;+dvx#i*NN7z?pmy_X)cH;O-bPx&
z*#rwv-p}RNIDd2A$KqU%{K1ZC8Pus7juE&SHSjlB88d#g?+IQH5?ZrO7=~w2$M8C8
z(*=LBHO!2vSJT-Ib-c!*_QDcWhsRNo^!;l~m>6S|Er=0V0ZZVw$f@&uhe;^JLI1h)
zi(1P{7z10O*0einZwyC;em<(>ZK!%TQG4SFDw3i6q^Nv8RQuIXp&y8`a0({U=l@S6
zv>7&|cI_3^0HOp12X=QV)G;cKe(a12<#<#>+fkeKC~BY&P?7nB8gP<eGaS>9uZxOg
z9}N8Wztc#lffcA39Yc-$AJk04LaaPJYHw6QUGIQ8e#5W{&PUb%h+4{ok*wV`7?XS{
z)WB+>A3LL`isMPt#2Kg#?xRK;DYD&=5%oMMg?h%<MMb1NY5>zPI<7}eU?;Y~J6IRX
zMhOo5*Yh(`$MGI&Gsg`L_IzncR0y>WJEN9h0v5zAs2iT4MxHckaNsLhe$*Pb$8Pu?
zo<UzUtA7>?k^P8@Y=P*(fd^PURQ<uIh&_t#*$oxKY|VS1W;oX6XQM*B!Fd98I_{y?
zIxI$T;8~s;)nGf++U`X?53Zv=mgB~>NTo$>!cwS-*Y`*$<oz-5VT1bk{T21$@fgD~
ze=OT{T`)iSS*Qq|LM=gPY>Qw<RKpcfo45;VPmDl4dgovzT#vQU`$$4-Un7p)Fdub}
zx1x6MV^oLH;|2#lB}<~tZ+{Hb!=kE(`i#gN&yHJ7)b$~#C0vg>Wmi!H3yL3DYR{LH
zgbK={X3`WDvVo{Io`BjDTTu^|+o&aZkJ@Yr5?I4Uu?+c^sQQbYr`+}T&eRF*zOq<S
z=f4XHo#&OP2gPO7NTVjQ@*Jq8X^I-)aMT(vK%IhJuKW>dZKEd+4*UlOsZpD+J8Hm_
zP!U>&8u)2UOaHz%Bov}#No=jkqCOLvVR;;l8qf*nb5vv!C$#~UK@Fre#=yy_4(FgA
zP@7Q$K8T9+E!44pkDfMHlw?++xU(@9p}a4uqxJYFUPo=BJ;`mr7g1~MOJSQaKh`DN
z6}8FsV(uVLNlF`7u~gP^C1<@<oPR$RTT!6hI2=3S1)PW_QwRI*;|Yv{oBg&FJ5ft@
z8}(p{o5u3#F%S9Ls2Pt$J(w0?FI<I+s6TCR;2Tzlw48r^)tW(pLU<Uf;!CW7rPA4&
zO+_uqHq`mQg<6s*>1{ySFdF$<sL(e-?S*ep&y#VerI>??;7U|`dp#1`)elimxS$Mn
z-cz8CRUOo(n~d7kYf$I=5^7U^M9nm9#^AsYsU=a*kBX?x*B@1XChC#C16BVz>idHC
zfrLh0IFof)26f&&m*42}e`9>gGi0_97e=jp7w1o?y>bq9n*Kwzn=^~;l|rbcXpNe1
zHzbmtZzKtYW*KVJZ9zXiM?HYzXSH3M2em|%P;1`DIToXmpMyI8ORz9LKz#<J%VzgC
z#Vq7|qaracAm?un2|a>up+fU7YJ|zN+ZyM^Qsf(;9!xXQk1J41^Bd||Jwz>Ga1J})
zDNz$Ei|V)zDnf&u%Q3so{{>eeIH!dyJF25_)XXZNHd9U1rfi2*a1&~&f^u18!m$MT
zHW+~mQK#xQ>a>LC))S9EfWU&d7(IpTDv5^Z&tnz(qc-0*R0pq6pVwLQT1Z=>1~3yf
zu)7$B@3AsQ$!D9m7V0#7i#ja}QIR@~ip-6CoPRa&lmb17Lh{>jDS{eURn(eKLG9+9
zs6BBFwW~j%KHX9ku#O6%%4?yPus7=Zc+{p`j5;0XP@6MSIOku-AXd1oaaB~PCZPtj
z12yv(sE)G~v`tz8^`IH<@*7bdKSQ1Gc!lh_k{NaW8=}fPqxRBJR7Cc9BovB!s7Sm<
zg($4BJ@L}vALO&59#kPkf_)1xAGW~@sOLiAqIMkHqVhkY+S!k#@d_%EsfyV#u7Vn{
z*MdagQw_EI7hpQvh1x8)Q0G2vajO@OI`{Qlek|(xGSm!rpqA<^F30Dn(>14rJ+QW-
z^4F36Jl}f~TBF1zEhM>7Pquof5e`J{`gy1upP~jDJ;Kg$Ce%zTq4rEG)Mi|Q8rVAL
zLG+Wqgc0~2GwSodXsO`9e-_&sTXNwrw!+M%EfV9fIr%l%2xFEB4*bVw9WWC4eHe;|
zQP1>Ks6F%+HIa;E?fh3o)$fCP5)MT6KcDX;G_$d&881N{n<K9L7HUcUb*3$6GcS*R
z$~$7<e$)eK396kvm<?~EmL_(28(0R^X0C&t)~W{ybubmRwwq9)dw>e%C)8<(Rw3B8
z5+kq$K1Lm*sugWO^-)i{epm|^Vl{k;rLlA+D<6er$^Tx7`PV0rqH-|*o&$fviTc)C
zx{8f_9Qw&`Mm6|5YALc*wP*adsAISfi{VSu11nE8d&0Fx4PYKB5|2@*AW3x_aJlN9
z-OzyoJs{?w9-+UX)-rkx>mVQMytYHt8;2!voAVtuBwx6uh4wovNd6a8gzuvw9JQ83
zHaluS5grMh*RH5Fnt}TCT8;WNyodU-n6|d%E1?=5iJI{a)aHAKI>teDtRp{aDaxW|
z+#NN6*{J8p9#ntc-y}Q|QR>>rN23~EjQY0vC+fo}T0JuvY8Pk25X_CLmmjrhn__J2
zgF2R@QF~|}DgrC;cRY#g0nfLzesJKw&3c5RxRAerjdVLI)Hm=KjMdNvxEmFrYpAtN
z+$cD3p4(wL@=IO*F*YKfqp@8d<2-^xDUa4fUs9R+I1<|3=TVz0tZA^X9d^dScp4ST
z>dk`r$4A)RI0!Q}w}CE3X5u@FI##h-SpDp%rLB)z>tW8-s7-oFd4)b!OP>8f{0%6K
zk2PA^$lJ8G2gpuLPrciy%@nnbZO+W750_dP3){GSPt@@piMsDc)Btv(j_U(VfiKY0
zW{A_)c6kIAAm0=9#bX&3$91SZ@C>yizIOKUnhQ0<@~HcIpgQ^)wM6IK^_cDLdqW{q
zBzvGDFuOhHUpJhlK%3<w>ic<u4mQIksLzIxs7*B&Rc|$F<_Dd>qfW^K)WG9(w0u%$
z1ZtukP?4H}dd@8E=-Ei0QlMvc=1z8u>f=0?;v1Jw(8WHE^Py%?1U2)vsAD%7E8-ed
z$lsurDn(cO!ch!0(Qc^wW}=qhfJZ{d;!o5JB6qW;$d200%~9oxF%ABPI%ZE$52(=Y
z!GS;H&5c^3a8v{;pdwTg_1VxG_5EUq%TGf^(pyVHyY?`ufx8$3U!!ga`O1Eikp$Io
z71ZWxhcU4~>hz33ZLVFY0UW_Hcm_4&gkM{PBT&b(J5JX5KSH7<1r2-H&wkr*J^6G!
z?N=%n@e}#Hz3gYW+`aANcQH1h{6A-tZ|sN9Em(!}7=3K58=^wr0Tr=nm<V@Zb)Eln
zBx+KSwy%9R>xFs{ZNf2Fw4Z$@>~{wDw@=AZs9paJYB#UMf_M|PN0JP%nU}`g<hx;B
zoQL`}JcE9n{{#bV6Ba-{^S?qpfL5S3Nt{8pM{=N+pcXE}E~uqTFxUo?7j;}aqV8LY
z+B^GEk$Q-JEI-7qcR=p~1tUr5cs1rUe1n~_7~Vwf=9EM27?wtL*aWp{`=g%yb5VQY
zAS%@7P$B*gbqW#<vrQe2id07|igSl?{`L8Ni2`k+u;CWk(x_1N!OFNC%i~Mbr&-Yv
z7O{?~4i}>CKZ(^iwvk8L1E<a?+jJ99OR^nxT<@U1DTRz?hWe_MYP21%Qs^h&2DN)f
zqC$BDGvHm94;y38{LC0wTh!XmL+$p9sHF({*1o)!#4z%cQA;u#HIRKC361<u)Ok-b
z*1lpj#~;W?A7>F*fZ8;VQ3K00-pYHS%6DNY44PmAD1&;Sbw{;72ld1|hYc|K#Nfbx
zHShHzQI&$js8A-DWH&^hPDNkTjYqH*#+ht;qo;E%DguwO2Bw^1^}Atp@|&<4Mw)8h
z8Ea!9^6Qa3<oO<v(9C0h7wqeZ^{@)=!kHL-nhkI<Y7PIvzzn8a$a`TM%2%THOziJ%
zbCt&0<cFXla|XL({2weo93yo850Gfeg~&7POJ-}-aoLFNG0u;+>H4B}?P4s6H=X{O
zc7IE(MfpzDr)2C|!GV90xdhfHKgZ=?U<vZIX0zFK{-==84F^z>c!3I0;W<{`6C=nk
zKy9*Hs5MVE*N#;)>`#6&&c$f+>=gZs?Z{uj#KHVB>nCfc(E^L)EDZepzXK#%Q1Llx
z=Cv2vCR>A=(R0ic#FxoMR^D~7o$p^z&-}v}f@e_Aiwige-{W=czr;>e!=<(<`=cWG
z^HR>gj>A0)w05z64(5+z7%6J={E2$R=3ZvIwLR*2upPBWA}_ay)IxPU*0~1N-Z|89
zjIzR>{drL3jZvSD6IXEl_2l}A0zG<HV<)_iv9R_^`!s8X(aCpqeuHVr4@I5pMX35~
zF%j-UeQ~*fI_FO@ImTRNAG=vl^-6gp)IdX2DBGeQ#obXKqeI;FF)lw1Rc{U!#-*r%
z-^4VSe6=0V;;20`0QKbDiES~`8rx%?P>*<TEeTb8jC#`LT5G$!s`Fb^M+Z<L{ui}m
z>3*?CXl2xALOYiqf%<+h4;$io%!Og=EP_Q*5igH?c6h$JB(x@jP%~MJ>fj;jRK#6x
z9Y<h7^6gNkW1uVFhzjK;=ijIfLO0l^ONbhHIBG96LA5(NAm?ur33Ye}^&|`1XrF4u
zFbny%*a#<K2E31nG1eyg49JMt$aldAoPk=3KTz$yM@2BrX6v{K>Nzq_(!cKz34Iy`
zZ?Tc5#8C3tFe&E4V628Zo;9&Cu0qWybgM-qFRI}#sPdmN2cAVeH+<VHB85<=rxAM9
zNGu_d4_{z2%(UG)7==8eeK(P{@<sa9_DFVA2rHo?)DJb&g{YYyb>)vxOPX+pMYblU
zB|i)`u*Ew#|2p4iDbNEU>P~y2RYZMP8-QhT5h_CWQO7D|mklHZYV#FF4X^>~`+<kr
zbgQrwUPXQJNVVGrTnDw(gLiZOE0b75L3DhFTH8o_>;aJi6{?)r00&?oq^J=4_S(#|
zp^kBFRAic?&ih2vz?Y*Ua{v{wzfhYpj<?UgA{D?g6x2h7d?spB?L-~R2dJ4w*>4Y&
z^r%f$2DSSKqfW<k)J#{P26_W^U(5rx2eP5^ZBR?$4I@#3#A4K^(qpWS*$!Iy0Mv)l
zKGgN7hs+A74o0J9vJtgpmoN$jAGVoBLv@r7^(3s13Gf@c?)k=%&`dXCYP^XGx$lUL
zv?}V@b$0nFsL-xKHFV6C-#`uMlPk}5)CLrRTB=T{Xa0255-i24`usmlLdPTJF&k+;
zRA~F5Lb@Imfg`Bn73(+qLQ)yyk)MHjfUQ8y@EYoy&_}F`Rgc>Q7ofgroj|pl>;x0g
z`Oi&4Gb)GLm90>__&Zc&cDwRNsAHPqq-~~}sJ+q?wRwL)ZN3GlNAPLXrn`fRY?M=W
z{xhN`SOEk7{>Ly93f*?p8sA5q=S-(9BGpk1^gx}Csi=r7N3H!cRQ&{JY_}Ih9n<=#
z0e*#=@ibKZ<*xkX8P2~({G0;KEX`Rv$MsMH8jO0@uf&>o2h~7<b9O2kqt>!7>hvr?
zorb%p_CC7nxzF3c8)FR0dtyoS&U5~?`*%}N07EaB#Zevia`{!LHNJ&fnuHh4(x^~=
zg*sNtQG4PrY66#0k%{`dJ=k(#V2LrX#2yJfAa<j6`DILszCSGF$xwTsh_gMa-gl@0
zZAI;!N2r;HUb1{DR69jb5vz;ZBmG@|B<i{1Eq4WnP&0mn8c_PnwiG2%9d<xHQYWJ7
z?R5Fqs8D9SVh^77s7TI6J$lbz9*lq0zKE2=X5=Rzd&BcRB%x<_tZUXlIF={h1<T@k
zR6}o2YhC!do$EHJ5Kh1%xDD0uON_v*H!MP3P)j@yRsSz6jqz`)KaX8XLLH7r&EzcV
zoX7jqHdS@hSEcVz^-iI7b)sALU@3xHigu`h{D_+IIjn<`Z`&Seglc~pR@8MYLjS%L
zcWmYjup0RZs1RR9ZKC*h?MJdwsAqdWjKI|{{}i=H(*0%iYM_>EG-_b0P|t%Ks7?9;
z)qdQ2od2pMDwEKRXQ1-uP)|hveVbuJ)Gi)@3h@fmF23pVaUa-&rvmDM(+2~QK+X6Z
zYT)r7+8(NiYOmkJU@ve^f1*GGIEQLD_9N>k0<~6sFdVm`2KG1Vd}n@a4L3z?&Z($9
zvKRgM2rFTXCpM7!sHOP<6|o~vJZtzR1qxNRr?wfJqe3(q^<dfU@*&S`K*dlUdZ-83
zTGTPSj%p|5Z;L=Us+}IF`YTWazl_?9vAln5rbSUB>w)?hU4)wPaSSy0+;(v|DpEsG
z^|qrn<89P=4t-$*NspoAD`6Pc!Wh^LHQ>&urSWEx(B`;=`Z#@pehhwTzrjd{8hI<!
zjZ?8B?m?Z3EU#>nwnu%;PDjmbH!32JQTN4tZRHWDj=Lf4dcM^pv{|lMfiKA$Tf>T|
z8TLfYY&L2WZFSe5pq>kf-`bvOgo@xem*0Up1y4}z$A1?b_>a!2qbBq#hU@%4BB2nb
zeQ&$BJZg7#M19&#Ms@TvCd3D*&GR2>K-oUn7mJpt`+A}}n2F8tDAvZzAMHoCfv5-D
zD9k|rzGEcP;NKVp<9)IbCq+H8>!Q9`v_Q>p2&(=sm>SQbmhd@h08#$6CCq`^L)9@d
zjzVp|@u-RHMo%4FAmPWGm==TnbDsgI(3ixD*c5gCm!KNDg0(O<KmBV>TVYgOfVyu5
zYEK+?K1c1DltCeZW8OF@#0#9)@f7G|bQ5X-&rnaQc)=londL^!xGd^?w?~C|3aZ{7
z)Lyxc+H9dAA%TI0V=3}oQP<a?X8ybLNr)E`c*KT8vXSP&DpY8S<!~7)^iR=`F(Zcr
zo{%|F4Gu&_a4~A8Yf;DbGHPjJMhOX=svM|2QyMjq?x>}i;*n5D4x<`~6dDrPRJl+c
zw8eNh5tHM5)B|M)DiW_y_oa?%5vh!d-~iN<axQ9fUqE&I4z)DNqgnf2ArcCGE7XW*
zqi*;WHLx3~4pT%A37qG8sE`jpJ&1lpo%i#uJSfc8HZ^MCHBkd^gZeP@-1XH+L_FVh
z66!E|3=2_CXJgb%Mq?dZjyi6iP?5<S(>iE^I_KR{6PS+ba3hw+)2Pps__1tHlywfk
z5S{;DNF>n>sN-`26{44@wT~OyHc@WWn)O6Ayc{*4$G98Q#0l~3#Xm6&7sa&!twjy+
z6l$Wc(2q&uA^rP`kkF&DiE}8b<0USC02PS`s2RqHZ)=?$HM6D|3n!v>{~Xkk{)P&9
z<ODX*e5g&`5p{hH2LAp3`y^B`UP5ay0=2e1P!F8d&Ksyb5jT-tua4Se<50VPAL>}X
za^)Ek+l-rGUCM`HMZAb5F?Es<FYs(`kt8JWL+311g$Jl5$eYx5c@0$P`lALg7q#mz
zqmEVNWVSSUPy_CWWpEbilw3zeIBN2cz@s+@`pNf9&iPlv(<o4AwxB*NKB3mSP>PVi
z?+3oZMC7-l_Q)A*hi|bNHcx5pz#8O}rLyDJ8P)LwOor=FkLu&jn;r>$7`#MPES%bQ
zcXQO5k3p^Z3RGy1p_b}Bs=>^Dt5*iKXWFA5N1-;|Qg{70Y68zt{X|J)^}K8(6oIO!
zP4P9>#1&W>KVW$*pVm5<h-!G1^DJr!-l7JWKAkO5UDVg^sV;vB)p4TqwnRmd=Zfd+
zMnd2Jm!dY&Nz~c~We5p;$Ye)tvX-a^%8#fA&`L~$M^Wef5$Zt{n$h-7epG~Nq1x+;
ziqH&<gPSq%-~SvYp$49zLLQdMLY@=#T&RwkaR-;5h^oI7wHNkb3w(fDs!ExygHEX9
zIRNzpU5QEYj`Ls4<57?#i-oW<YK{6};5?%qFmq51pTXGp4{BgRSwjN93r>bwg7l~k
zYoe|XLq%v7Dsnqer{NT8sotTdwa=0*#21X!P$R5~A=nwCV|P?2`=gd<I%>%dqXzg4
zt6=)<*3Q?c8TUeM)>WtoUPjgT<*-v$AP47PPpq#g(Axckn!#~YN1sp~<<4n)p&_b)
z38>Ar7ZtH+xhw*H)M=`UdX7v*Jr6FU_CSo>HlTv2{@UgCEL7i7poUhWBCrn?qN`XP
zW8?`5{AQ#H>c&~95FbWA-b8&P3d(D{zW|1k?}>`s095<mqrQNw!Z6(Dkx+*xu{hpG
zg)Cz}n|WQ-nhioN(Na_>mt!<Mg<AVdsNEeoznzx!s3mBM;rKmjvmQr3zChjQB`9FW
zDFRiYIcgxIuqN(Dg*rjFtyxplfM=jK<vNUmXD}|_Le+nXTFPPtEt1_(OE(v_v}ci1
z<oO~OvH_$)jkqK##QjjmYzdaby{HaD3)?_4p$6O<wG?BqE-rM}-(U>#d5hQ*ltk5Q
zjEYn*Os>!W??~vFtU-O~oOTtSpf+cWqSj$i)Ef7}!nguU;~mrkDpRqLz@PKAKuu(`
z^BD#n)x~WSmO(whx??W-_e~(7(Ck31{Xh6MrY;fU8;Vm<$24w9Yq$VvVBJxnoQqnL
z)9(61)Luy!VWH26+C%kSekf|fzo4fzI!i(`4=H68{it(a86#mm)b4GJ4X_8c$D^n<
z&t2L=S{fCJR;WEO6SagZP^ak-YWKfJwHKod=U*QR>B`uLLq)7iz8h*rTT$Qj&Z73j
z2h`_(=Cbw$q8;j7FG0=lG-^rSJBydIFDgS(Gv0v_cpddzNL}8uwX9X%j@x+jb72E2
zBIi-Z=O0uDnJd^pYNH13p=P!iwKvYAenN^`(aKApX4)NfeH5m}ZK$Qb>XC>_B6=m;
z-SJVoHXmlf2-N23h?@Bb)WG(j26hb<;slj#K)F#NuIKE6TH;}-h_1(~cpUW{@sd`t
zk(ER>+zU0bDX1Cl!lHN^V`A#6HiI1KCtnj)uLo+TKcG5XjT-oMRJ-pm9ww@0*RvoI
z@qCR*Xe}nW3wuy&{*N<Rb(>)s)cJ3Lfsv#3#1hofoJEEHBWk93YuMNJs#t^kBviz%
zqn>;TYr6AaibP}znqdiS<6MZ^G=E}Y45?)nclJfid>v|F7g3)TuTc>zSKB%q=G=<q
zDSze+ufvm8=YKE>-S8`F0B=xFsPMY>Ww9RWSaovw1unk{OH%#>^~lXp&-?~;{B~jj
zJn8bcQG4a3GfsWZze1CpghDw8HGt))C)j<|gC<P_d(hNG&2$7R#EVe7c_(UZZ(<RA
zfl)ALLn|+Us$UVcw5?H*7~hcduU&qY0*&lF>Nq88WT7pO8bBA9pM@F8??$clU(OVb
zZK-Ob2GrZ-XP}-B+fX03cTkVszp)I)YU0j+?Iw0%0%|j^Ky`2xHKTY<?TJ_o)nG%^
z+K)g*Y#AzI_fYrwn}r1a`c8e+1fQVF6E?TaSOs;OW_u*GE0?1x+(dmABx(^7_|-}k
zRQX&~=+B{M_yTpT61BAJ`B0y3olr9zj@sq(Q4>0jTH=3QK3gkW8m}1%eYkv$3iWhU
zi1(wG<RR)5L}~3l#ZcGFpl03~OW|^ij*r~+*QiLPY-0ndh>ApS)N!4IM3#U5mxRu9
zP+R-_&V+5q4?+#-ChE}{yPZX*3??Ms4`bjY)PrX>YK_;UBDD)OvFoVK7u?<=kODP<
zN*MV6|M4{mjdUjZ@c`<EyQqr)p&HEC!Sdx%1M7xbf;p%GZ9^T~Q>Z=j6t&y4bhOCT
zMlD@8)RIrZ9v+FqBs7!4ok9Y?a4e6>$TvrI(BGB+;L6uvG0Kmk)-+0Id!*(=eIICx
z>R<+H0w+<=gIA~}i_*oGv>XQh`~MCk;&WjFs)6~awK|9TF8Bcz%EDc32F*|d9EvKR
zjk<5Q%RfhLzC_(@mzPF;$koJp*a-c&wj1YP5029mXbEnk);d;qdk&OF?dqPWkdH^r
zU_0u#y+cJH?^iaE7O3(Os3+<U)RMeK4KVT7Hi62hJ=g7P&t@`>0u5vh#>KrDjOQ=}
zFJfi9j1@6M5Bs9g9m|kkhn4UZs$R*SHsEonj<%tW^$ql6f?if$z$1}{f+na<HW;<$
zb5Rl5j`}#gixHTpw>@|opw9Im^y3=TTAxDA^ff9nS-!E&SRWOcsi=C#P?7fjA)z(Q
z(8nrNLJep*Y7Z<%h5k6U#}BBrZQa+dPeSE4yZkNGu8-c&?#qX2r!{Kn#-Rpw6r1b(
zza~+If_nY!7%jjU<hNisJb;>M^Z_>VVyGu#8&vsBRHS}G?fTcKCt!|&7UC+Xc6y)&
zvIVs_ZeVeJ|4%;1Lfi;-ZpWcQa}f1S=$$ju;E=#yzp006a2;xMy+JKeq9OJ%T><^%
zJyiL8)D!OvD$*ZNOPrd$7x?=>#YhyUpdV^R>roG&JE-0NFDAysLv8JIp`UzR=QpS&
z`vLWNzZG@=3Do`fTsi+xK%kw3sN<dkJtaz!PzdXx8W@Ux{2l{qi{;7RLY<N<!>z+&
zs5NblT9Ub_wLgc7+(-0d))67TAY8})=;K|lB&1jI=MTOzoUbWl_D1ICc)RB76vYxJ
zT)rdM^jaT@zr#aXKZNMT*75Ol4*Z~+p7Yv_vVXY#Gw+JjZNRltv^`g6nO6(SKEL8~
zP5aN64z`5yhk+EFqe33n`5PM9#G8}nTSA>D)cMU_YfiadwJ7`iT1`hh9(=cPAJ+?g
z(V6OWa{2o1o~YD4=20;%3BA(Mcz;*v5Atl}!0R0UJDo;%a($)ixCxDH;Jw1-!?~{4
zAKZVM_YzkgoAg53`I!jJBHfubPGUMY2=5`8#uWNdudTc{x^O8ULPJ@}uc1yH-YrOf
zLwN-^xI*O9QRh7GqO_5UhPUyaL;A2Al-dcRY?vFA@_NOHO#Ew6ajWb6HigUSBr@-t
zG~9?z#?VMHu2<pa3pA32_j<}RbA2t>Qj^z<e}To<o3a_?JM%8bdl~I4rS3V(qwooI
z2(zGG6SzJ+3hUp58^dV4A{U4AZp-^C%JiD=2G*B+XX;Gn+9?{<t3T=2xRHkb_mzli
znRpN59pc)$z<u3#ub_TX2BlYQt$$(H$w4l7uCgw^CLKcAQR?J(oqkQ-1MX(k*`l|*
zU-?12i*nD;_<;L1xb_l}zD4;6@{hTHC+S$Ey{%*>b1@nPz38L`X@c^9Uw@GQ-`8mB
z>a`tr(K#RYzAwhWzlg%G;3(Kb9sVsNUo>~IB=t{GR>@6<q~|N-GTG>;1(koGRDXwG
zuk4gH;N~qj$(8Y!B7B=&1TIqEoOBJ>Mn0~6etl2<6s&c5%F>cfqc+@qLrC*U>}wk2
zraF(2HFAy2bEDlrO9?6ao629~I*p#2I*@Mqxfkk=c8#j25_KZD-jMWN%4_jX%KfXq
zsB?>Z@=_L^I$J#|mnSivQJ$gF9WDgB9XgSUBe<ql0XL|jZiZ*b^Y=#rKg+MDjnA)j
zq(6{}%Zvwd{crN$lIBCy*OkGw;{A^6*~!18ufY6wkf}=LD^&iGhFfAKZu<NxPuU+_
zFM`ErU<Yr#`ch9XJ{AJ65)7QbNa5peT?AfLXrmnW^dp~)duqD+IVg`xdG|>F&sO7T
zP;nU-d%B8iY4{R1-k>}`?-N|RjQO};ook1AC!--gp#!fdZeZV&+r{kknnGDQ?$awW
zb?;Js%+>R&|I!rxMB#G^Gn3Y<gS+{-%O|D7F0L#OvmC=9Qt{5tJy9v2Mq00*-M|}C
z-j90+aBUl9TG3n>kFu3qTf%^=P&iQWKhK3=g#=4*@doLI+&GHL`dE(P263G0dZp*)
zC3Lu#cOkX>#cQdnqoT?#D*VL?Uq9OWnRf5d)=Tn(dAFv_d;i4^Rp~rB4HkAc4yHmg
zZrI@RO-RqDP7ZGF!#g46PpNZ-^fVghuLJqcbA2cE+R$z>uIcrHdcTnW&*f{YPu}tL
z`5%{yQv=ob`JWs0I!q%UT;(}jZ%%pOCmPg$h|rkpwN#M~_d#*W)3|$+Fo7&Iu5VJ?
zREJk4+R8<FFY5D;p!q_%{u|!r=MUdIE*7HFc#X=vj?h?7I{EziokU&+vfb55>FmwD
z6}c8h!#c{B$p43p$m=zhcK&q(`<eEl^UlHbX;^~tiF)3L(y(5&8DU&*JV7Jtcz^l&
zhI;KN>)`4>qmfor_>KH6(t1_IPrQ#(*3pW5AL!)1OXtHO8h~p<#ojbB9)<PjAc`C5
zYivqqS?~qd^t#5tw(<_8UOvi3Q`UrhV(zbmdnpTc1367ufAV**f-6%SHMm!=HTZ+2
zJs<zvAOD~2spu}g=O(=_Vr3e>>dKe9f#}*8(o=cwch^*QQ+evwbN5eEA+PE#lG~^o
zgZF;Q{-RD}%8zUPQ*z_mFGksrN@-Y%bi8L%@dvKmcaf<|St(aHj_YU#*J`;=0zL9S
zrzqoZ*#%x{X@4%)8&iK4_l_Z5k1O-JzTD$~qSB~dqqwk_3g@WUh@0|K{*?0445%e#
zO)2~GRgk(@DTvPXRHTRN9@6tD+wjGJc2oBGHH*Yc2A2@0p?8ypACmcwN(~rHWo{fy
zK9?K)Co1iyP7U(U>0~3<JGusQ{?CB8&6l6LpI^I4$K;--ybn`2fVSq*P954<L|H3-
z{s`2)&ISGwqwha*6SyhI|EJ+uZa~esF~~(sHz(m<z3x#yoOCfP!u6?ckQd3%bAviY
zdK~3#UA{?V>)%@7e`C>cPAc`Jq0=~)P7~5t1zg3o-?^~@^{R7iDs?KjfqYN8Jn76_
zzrwo&*Z<&si~E8wAu}$+^|RcYoU-HO126R-)6KRT74@3R#RW8|*KSv)bTdXil)4{W
zSzPK|C7+Y}!?>1_bXGe5gSUSCdP%)HuC9KS_xY8T`e&(A6un$Da*X!^t`5T?yho89
zPleB~PcBjQi@{u?!$LH$gR%?E=pXJoOa3Q!UknD*jQ2*a=f#qgUv%x%=U%-oX#LgZ
zOe*lRqHiFL=(Q1}(CBq4&Z9y~(pTI~MQ}Q0+o_YA`}SZY@`Xuv;r;nFh_V4L)02CW
z(0)}0*oFG9uq1763U%w>n8HI;zRHEquY^?iNTxT}V!2suq0t?bAE%=T8m&S7x8!5<
zPEVS@Ko@u=Ce2?34ZJRMe;Mj0rv4V**=Xw|?eJGheP{LU*H7UjGD+QL`imRh)4+b-
ztGK4uE8gA7e}2`UwqRO(@2<-x=5GBWe>k<jCVdje(@GV(Jx%#?-fOsfHsw*d{yjs8
z$D3r})s?yjsQZlfQA%F$)<0jV*G%4-7}*b0{+;W3?WC<s`rSYkhTomSQ@oS&p6=q5
z6SI6V-26e)hE0yIU=QW})?Epr+qtx$7yo``;MIWq2iJ<eHpQpg2b3M)p0ecMa*tkn
zsZ$@Hx%^P-q;+ZidPlF$ysL4~J<N^X6xZ2F3ii-IBO2|@P5cv-z6|7#VIJ4W?{qwc
zcWcVtFtydZGmu|EKAf~(6KJoGYtu^j*r1(^bf#a7=#`PYexJq5^X;SY>@=WPGj8lg
zL;UlzfmdtNy?O5=Kaq|;zmm~FRvJuC!9A|UAb;NtU<Y}As~h<BQ357Y$qin=mm1Br
zjhG8NQob^n_+NITy+lEB-r+RdhQ?--&ih5DXUUHyKZ!<{(g44~@!fUzrs5vG;`6TK
z(to%C-K73S>IYMQp=)nNpf<Zo-;f@1L9g0W)azevEK6tnhSpchbx_?k)`;?~lvQ+f
z|D#S1S0{`*HRwEovS89*xjLR}|1kG9r0zZPf4O_S5mY?D=zgUjKk3b+<G2}UFdHb3
zM_F-3zMFS+8sQhIfnV3@dOEJD{RLcmL5J~Z<9}a|H5dxl@t(>3w`r5V?X7=G!1Gn(
zqMw3(U)*(_yk24WlpFMlO}Z?d9iz7&xw)qm`*zT2A<8;&?GbJL#I?<oO`&WS@0z>^
zQ~u@a2z9Da@LXSZCQ_j(Z@qq@vx8Wg1`hJx&yBxR)`PNJu1;-L{Nklw2d<#=47~f&
za2%||eU&NC?FO&vc_^z-8xP%J^o!6W`kq;YnLSnwUbV^R<fhFuRKj(r@>=AB7|=E9
zPQ*K|;mLG%llM`|=TPU%*A?nyq#!2O8}a`9s{2LSyFp`mwKIIjxfq3aIamJViy5ej
zirdrCca%?MfSGvnx5a%CZdUauUq*T`UgVvQYhm0ojvHq($hdBAC8v*7QCR=&H1Ita
zhJG>I1l*`sT5g(TN#FN0G@bNW8qeltaEyE*(g%4zC#`=f<|o?XAL<SK*0u_5UZ?yJ
z?Ty4@lsD$RhWswtd#CkZ>pI&-g}RKc3+mOLhNd9Dz4sNN@?_HM-7MQ;1a-GEz)@UZ
zLZf<3<Q~0VkY7!^3%K^JD^q!M?yKzjQ@+2R|9bt%J2#E>rt(QTYr~C?sF<641#arW
zdnRRRxi*vcYU(DY?DK2V7wK<Z;X&^Gn|t(1pb7BSD~59(ZFv9kKgGFu5AWjKa2-E#
z(=y82yGGY=Ln_LWQ+Ap6aq?jd&hHvhqn#-4=Aux?*_1kSb<w@}caQ_G?cBGYzMklp
zojctKbtNem;?n6N8tcXT^J@%s%DH;~QaFx!18E>N?=<AIxq+&FVV0#09;MEEe1Ur1
z;XQ)^l;XXX`mt&6rheI3jtYyoxPT7(aPbI@etxZSi9T*Hi^;#CPD5rEi~FvTPU-5b
zB>flfmc03=>3!c&rz>^JlfFlX`N=;ft=D2YugA6S`e9eEA$0lxD>C}aTwLh}F_N3s
zQ?WDkUem}z^5=OMAibMGT_Zi2w_blcmvR4A>eqH{>sl_#^h!^ibKLuhHuVbZzuqJs
z@gBs51qvyZ<G2}@qx>j09pnc7oGb7u$RI;_XQkXvy*+famiwM^{TFJK<XTF~5@R;*
zD^0t<a_t8!OFlB!`g33WsMf!44Hsh4*jNfrb8#~H<)k-I`7JkQvVH^qyN|L>)YYpe
z=`M7foOcfDkK|sxK5<V}+6c!)yx)=5>mBvt^DaW&bG-G3t-iWc_>0Uack^i~_oGrw
z%6{an7k{kmi=ea5uNCAcQRnmPHwJW>`)gx+?pe-ty$)dk@~_;0YhX#&kFLMc=YJLw
zS?P2%6=(Bq%R4$Z<|BNUxYp8*J|+2N<bR@pFw%>06ZfB|tTy#iaNiTsWpF3grgL9H
zI^0D1FlBo*VCvN*U*rEYb|&CaRM{TyTa^$JO;{ud$WkC7Fp{tdJVEvVqJj|+QJ!F>
zyV9w#(-nFNi%Vog#f4E}q+Fkf3oweH5ewxh3W)k}UvL~nM8_3eAA*Vu?{}+ihX%)Q
z-ub?hd+#~_v)r{#@DtEohOS`=oz)1M!*>F>M`ij9<DbyAMOI9EkZ}Z-^oqh%Aa6;(
z9hg_>7m?IsVAAv@g%$2wg3G@;>OO*B!YbC$e-M3ZdH*NS$wSx?;cS2c(6{hI@Jje+
z<wQD^)RAD4=Bpq*u$`}D-Dq7{sY2_q&%y8W_;`nQU|{P1+=1OddH-+Cpb>8bIED5u
z5^?D3uuFd)#>0@mfl&o*SH`c=-wMwl$p6qvdJ+CecA%arDcO%^#kf#mrTqQ|obM(`
zhOSq@k;rEfq=Y4vR7iU!x^Xxy3Phn(!F-^CbV0uiKL*L%i9QD30sbW9+rXWPuMG9i
ziq|k0=|Ge@Wc8Rr+<`%cHf4cN%<A+1FZy&pL3Y4j6ZkFs^iY_;(O-(6`?F>{oPH}3
z_P}<ay-9xmT?YGbAZd;Y+>-uicoDi>bT?wy8(swW0J9n6_G(6>>GuOCH~mJM6KJO)
zlk`vIiy2$kN#g$|3w2W~D#w?}`oFCb)L@j4^JyxH$$&3cK_s{Zxciyi0T~SX4##bj
z?fdl4LRJN@pfBkSmBeU;52Sntu-T^upUXe&YDd5p80Eor^!LLB@Z~rdl(pn<D5Gw)
z$KmuNbo-U_FI0ONSrz;h_M^c4hf3x=)k+t)(O)7vP{VG38%g3pj9#aI1^qe{ui{Wc
zwg=e_7+j%N;$&po!Msay>yR%5_lDAah}`zw^4$klf$c(gDx9Iy>1@ml)b}T}5J&f6
z{4I)C)UwT^{S+sXh7zQl_D9+{@+Gt@(XGKo()WyalSEg>QMeR;8G1os<hUA}1j#(1
z^!{IV-X6t39GEC~(Msxwk-*_C1gk>!4-7uXFirn^`XA7aQjXt8z7`&<5-&mTpliTi
zoc5neJ_1aJy5oBfx;N$ihv5g|D-m{}9ip<Ef`cgpIt{s`p&XnXWTR*Y(@OdhY@BvA
z<LO`}^}<I7g6&0i2DUGP(UH}l|An>y?uhIU=o$tAd^anz-WVMK&<aO?Rhj3aKTl!u
zG3tW;PmJ%QKOdH~2_BE^S-2lE56p4`zJt7w{(gK-RTFE;cs2}i|Da!#;#WZDGP^!1
z*bg|m4&9R^HGsZ`(EyyD4L^vy1pIh(gOQI89ESdZ>`P?lgC7P<>Irsn(Di>-fayS-
zyXAlEyq>{274TJBR{@{ENj-*pk(Gk^JAFxGF}#bhq>l-3VbBd7R>4}R@l{}+ffry`
zjP7xgmNbd}4GR0c{Ql?RuqB`_C>`3a$Y%M_;KwH<&>f7V=Yq!nxtyOi_`$HG2nknV
z`zvj4#z}&F3GZfQqR1A~7OEs9eiU{MSK|C)cmiClvXaWrQ1(Oisd9c5#*H|UR6vk6
z$p6B)4gK%YZKb^c-6^z{*sb@G!H@Om2f>oI5#uJ3_yOBKd20U;VK7$(YJ+kOKoj6u
z7?t>DtPGAX#wZN-e^ny)Vv|HaM~#QjpP}$3_!xXQ{&vH6;;SvXn407$Y;Kd^|7>~!
zgO3q>3TO@e>MUg?2Ayyusf_J-nDKOy*#qt{iChZ*%D5x)Cut=;OVAv!lV~M%1v7?z
z5jNWyr{(=WQ|;}|7;VA$4ccu0C0(kr?M2{xaHqqE&~;IX1Sr0e$VXy(m%=}ck4@lC
zqn(5<UnL;%8;~DQ0+Jf;WH1WQ39yCJ?+|WBHUhv<j0$}ipIc;Q1jwd$33fL84z`_@
z?m!lxoWKLnU4)-q*gu8NQi10%J|MsUlI8;#23XQSmFf3tCWCRHE2G`$yD*k?ostbE
zY57;h?p0$8$EV<HH|-_pS}DA=d075XbU*le<R5lF08mm|IhaKMDvbJ)$cH!>1s_yN
zbs*3>`VaXQ6eHM-!+s+8`&faWkY5BoCoAZc$gc%=269QCFwUhv9X}K0{*S@wG=yI$
zqZ0w`LG}%NiwgXKYLf(e8@Z%|^y{&E24_PFFqQtL%0~-@36T6jCi;_90vTBj_6<+s
zIGvU4Hvm6Vh%io8p)aT1rDQA6A4@Y4T#EA_!Cnk+#_?1Inn+SF;=dpAFI56F>G#Hu
zp81bm659n}ly*45KA`^){4@P!D!HAi{Tjoa%FzKZSHTydtHo)E_7&O%bgx&Kr;sfI
z^Ble;U4#8$iG_Bm^B200jBix|Zc~O^159Ws2H&8Uv<pXFaI^=EEZrZaEkY*g2gZ*m
zTRA=jd0Y5VxDz}F*~Rd_EQ}w&2M#MavHNIep`1#<*Hkk9sWLqc*?aWQCy@zY*5arZ
z&QOF-Yk01j<&D_SCa9!yku72T-}GNn6WK|77vqLXI)4VJ0eFBQlEx8WA^p<`Xu|o7
zU&2Y9G=gWrJsFP#J5XKQa&SHIaT$CGx+vTZ*`K6CMfJ2lAwM6?W_&`y{oh5f0VHuE
ztwq~fIUNS*2EZ8_p4HzC_BNc2$tYEO9qlWD^U$v(`U6R1=mE7NH`1Qv_le&cM<qC}
zMPOi%M}GwUW;i(=;|Th{GQI&XTWN13sH9oQGh||OJV}pJ3C3uzMt==>Ny`~8!PlGE
zE+WPl<atsj=l?R?6COgquawggl#^f^qZQ~v7*^7k)SE!(DO~?R6td8-!@eWjodC@U
zxLjebP?%B~5LyK<l6q_!dg81CqjTW42wo?M3+Jj}FCzPj{&BQd<5<$);j59ojm=+h
zw17Y#(%yr7j0$=;*v{BI4K78Sp&yaYP#9zlq04cSBZH%O2L29kGXPIWEyn8@zsL9u
zbk`|ILuube_cWMQYF5keF%kYASzq**!Glzw=aHWd{}G$nw6~)h&BPy;fBtg@jwM}z
z;$vnp1<-TK=|*%0KuPbzFW|5fn6+S%U>>D?M`5=km-IN!`{HXhZ54V+!_c*(oq(@T
z@OdpZk0HBR{*tf)prpaH8xht3c#!r<oLsM*PsP!7jI-%f1{<-7E4cu3J9f3Oq#DNC
z)Czn-+a6!tY4hPCFxP|WCV_XT1Wr)F-U9HdT9qZu8hfnE)t8QJJZI_7#vzSUA73jP
z+dZ*eG*nC(W%Nv1DPx|KP8iOdxDht%%qlx(r)(?Ps~}_;M$eK+FCzfj(YWEnWAlzt
znDK})HWoE&&Dar(v17&@H86bCQNmao-^S=^#lwktb*aGj($Bn!4U=VJM~RO(^L789
zqyyl;NLngnIzAv`Rh#KpDr-(wym8=$Uqs|L@%^P>V*hT<vT#R559D+0WXg_5jZ3U~
z1)-&fy{?VJo|@jgwTfm%jEI>s3qmDHcfl^vwxjGBN@+WBV~!n*8C8~%PFj)1n>Q~I
zW#vZzS=N1yl2$v3Ax5{7WVgn`trKz^>s~4^Y25V9V|nFM$k0lZCJi$ZNm$9GQCgBL
zH6o6cG~!Oms5MjJ8lz&;6jDef<}J1NPi(LfmSIb^5lx#3GoG?6BUNLj_+fE?5)mVr
zuB&qrsiZGSShLesGDT`hd%jg(z?p(3RQpO6!H8O9V5a2cn&KwY;jm>zdK+~y%S__7
z#tL5|EeedGzJ0_Ar)$Y6uyd+|BkV^{IYyF{=E#&}NajYyW-R8+X<WU3vFJL@O4!x5
zpU^RrXIgUpOUr*c)ZS1h!*J^S+^X%E<!c+e{`^Vd&|0TnPMg%yi3EuRGndE8jwh`|
zuo_OBJnU2r2_<YZX2jFARaV0LrJ1-^cg+IPNf=&3f!JK+ZD=oQkN2kc5NEdaUN~Kp
zwmu>1&(GflYi^wtW(B=Hlf)|Feo`rlz0H+knegUJ7O%EwUn|3QD=8n?H`z^Yjage|
zN7GI^>5Z%st;E<k)^d4S8F?y_DYGhOCu^)oK`89Rv$Q6Ak&+(lxWQ>iC2SeisC6P%
zfjcoQmU;)n;-KEzUuS<}Q~FFAg3|(TZ&Xan=^wM|%~Y^1sYE)-ovvmNqH!~o#$T`&
z^=8bD7?o#@@=v-uGA8C02ARpzfG>AVOib!jk}j*VQ!-)1y^RSKbbA}&ghhae_jyco
zZt0D`Tx`m7$6qamd3Rhbwrc&Q*Mt>z<RRo;W6q{D=P+1uMoh@6SC=mts&V2@!fmxp
zbn@yKiF<R5m~AHIw%c(YKqnru<3X-wBG?SCaIt76+BM0;PHpzmd)lAHZmm;rUYbDa
z_^9o1-@943-lAK?3q{8@X_DRCy{72oj$JMuZ(+@wBhybgjuCU>QSZQV(NB0oR|q5T
zR6CiJ*=O<z)gB`-xaXPkssa{x7pxW=L`j;n8c*5b;KIl?k=SIiMlO=vPq~e5`9orf
zx8osEE5;_$@wg0DVJB+i(S%WEaBdR*(<SdnL5K$+gNfEf%Yw6W49Xk6M%<_m4^C#&
z?GDZ}Z*bF03PMeb@!M1EZdxZkJ>i&J=%;({qoSwx^rNDGu9xG9*LClur^HpdH~See
zK`h<!X0dl@lW3;9rCYdXRa?Yc$9WgMCTfJY=XEhXH|(EKPOKH<_4^~Im7~r<9CzN?
zXB&|;r`R!$oK-ts?G%K5$7IsjX=5j6Y^u!QbW00&)DAJ^6l-qEO2oPUbqOb$Fl!4!
z={Q%=k6_KU!fCFIQn^>|5XEkChZx(LlO8dSHI>)0&f$geR_zd9<>rU&x*97Xx9<86
z#O4mxZ*E)Wo_Q5JMN6%R$;oC@<=)H3i`&I4ImdiZ>WuR8a{0Ya_VUi%CGKtJ7Jepr
zxcuAMfAgw77vqHY^cP~X<_*~+MhI``UU5%OVZXAz1IzlIX7uelr0)Qae>!<wj{EVC
z;ym}-{bGnG4v3e9_wi5SY^}sEA?(^ZN1h_fVDikkj{E4>9AP`PWqGdx_mM-Q)087M
z2OIM5D+>uay0928YZ0So*se~PM$(Bnz1)5W#rZ*5ktIE*s8HF-+)`|RbvizuSAf^b
z&n?7v$Nz%+WkWT$Lis-0ixrd=%9nH?XKKk;#jPyWazrohii2W+R*_XDkRcD7ol42m
zQEi)kF>*wIOkT1^%UZ9_?x2HWgtz^W*q2{S?O+@J3}wsB<~ik`Us|l4)Fm@Ynu#sT
zDIZKW-i`&}gzb1w<!SGWKL5f2^@S`#WI+*lc8oepl@s35d~I1XkAG+N)<1YfL$&t#
zolEU_#7@}r=Q}*5F~eUdw%m67kEeTYq29K6y%V-%RpEB7&}Q|ElV`ncY+1!eI?T;5
zqOz=*Z=3S7Z^USLcUbJ8s<4fi``X1?+oDV<F~!HY=N{0yR9eZf)mxPqO(jCG2_)0x
ziu{dw_Jo5tJIw|g5u0Kn$!6J{7aleiD=D8#FHxcWBFbXFKdE}ZnBZA;<OJl)=tah9
z!$oPFYAPLP{v4->&8sZaurp_YFHEo?EAJSuwd_6Fu1!-=$cvGgE*~*jS6BwsmaHgj
zKUpT>_MN76@a{Zcds}xW%+R`f@fq5HR$fW1wzbGBxlEhY!CSjbyR5h^p9wB@oIrAg
zIfV6;o{rn^uvYAicv$PEd6z$;6=~kub=vASo#a_?<mb$3DkbEO1f_&G?RjmIm>}om
zpJ-FQ9I}p(zbjC!`ej5$7mJnp9|KFS2$cloLvV@sz}5oCz+JvgTj51t&`NVVCfVhP
zX(U)EiU+1ovQ1^h;+M72x&1Av3Kpl@j-<mJ4Y{4%QLZ5`2p0aqm5-hOWZN!(4fCDu
zHE(MD-1M8;pg~QyD-%JkbB%3M#FeCtpwKwF$dFU?R=ue`*Uo!skG3M;-SDF}Hn*Bd
zr`(UG=xx06{n}u?JIkgD4jEisRhB%NHsn$EW4QdKv>lquDwcq@cfrrvn%q-^IzydJ
zo1-s_5C1CAjhLaMch8@d<K-UKW{O)Y^)`9x^S=HZeVJYs94;%{{I{aawz{oy^mgt+
zUBBIH%+a^CZWk-ffGG<&X`Dm<cLn$LGQG^5ccT7nhdMLi99gjxFLxc~Nje@iy=XhV
zMz{?f@cHa#TA|mxgZ_2%(~o4&kqXOS60#<g5y^MNI1;_7V%gVCAEOOu+8}O^$tTjU
zUetq%oh)6FX?drE1LPM3vr6=rR*vqWYrWO=%TzBMLo3ObHn1-<%=&s>Bs|L->+UVl
zyB?nr`geF_Pkmud@o#dIE9{ylYsH-lLcdiu-51l_+*=<iijTeg()AGcr!sw@*Rfn*
z+{}CSRQ;_SZ^3E$f8}^*4cBK0_ueACt@rB){XN~)D)f_G{x+a4Ze^aH@5L(gZbjac
zll4a7xl{E{%^HrXM$8l^)1lt=>lYT!<c*gzlywLntKj)*x*^t4#SB-JUy1xzY~rX1
zIQf0+rX%XOk6oxw5Vm{MOug8>dA(MAJeNV$F}0@q^#<)k_pbF?zIzZ{ub35$ss}D%
zQ^RnP{0~Hvf&9gUGRg7!&(N3TwMriKdEzp<&sFJ%PUf!rcR>{qM;-tkaryCMg6?-=
z*6^*cK2tk|eP>}TRziMD>Mc&Je3E!v1OFw-BSlZ2YW;%d?#j4c?iD(EYvEPaF+Xqp
UY<;8VtxW0H2yb=0zCGvv0L8OTX#fBK

diff --git a/po/it.po b/po/it.po
index 6164d6b..60eb67c 100644
--- a/po/it.po
+++ b/po/it.po
@@ -5,8 +5,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GNU gnupg 2.2.23\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2021-05-19 00:03+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2020-10-10 19:54+0200\n"
 "Last-Translator: Denis <student@alice.it>\n"
 "Language-Team: \n"
 "Language: it_IT\n"
@@ -16,56 +16,56 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Generator: Poedit 2.4.1\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "impossibile acquisire il blocco pinentry: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Cancel"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Yes"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_No"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Save in gestione password"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Vuoi davvero rendere la tua passphrase visibile sullo schermo?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Rendere visibile la passphrase"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Nascondi passphrase"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -76,28 +76,15 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
 msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Passphrase troppo lunga"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Qualità:"
 
@@ -107,11 +94,11 @@ msgstr "Qualità:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -119,7 +106,7 @@ msgstr ""
 "Inserisci il tuo PIN, in modo che la chiave segreta possa essere sbloccata "
 "per questa sessione"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -127,82 +114,76 @@ msgstr ""
 "Inserisci la tua passphrase, in modo che la chiave segreta possa essere "
 "sbloccata per questa sessione"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Passphrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "non corrisponde - riprova"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (provare %d di %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Ripeti :"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN troppo lungo"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Passphrase troppo lunga"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Caratteri non validi nel PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN troppo corto"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "PIN non valido"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Passphrase non valido"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "errore durante il recupero del numero di serie della scheda: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Inserisci di nuovo questa passphrase"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -214,61 +195,51 @@ msgstr ""
 "Immettere la passphrase per proteggere l'oggetto importato all'interno del "
 "sistema GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "le chiavi ssh maggiori di %d bit non sono supportate\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "impossibile creare '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "impossibile aprire '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "scheda rilevata con S/N: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "nessuna chiave di autenticazione per ssh sulla scheda: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nessuna chiave della scheda adatta trovata: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "errore durante il recupero dell'elenco delle schede: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -277,20 +248,20 @@ msgstr ""
 "Un processo ssh ha richiesto l'utilizzo della chiave%%0A  %s%%0A  (%s)%%0ASi "
 "desidera consentire questa operazione?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Permettere"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Rifiutare"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Immettere la passphrase per la chiave ssh%%0A %F%%0A (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -299,92 +270,88 @@ msgstr ""
 "Immettere una passphrase per proteggere la chiave segreta ricevuta%%0A %s"
 "%%0A %s%%0A all'interno dell'archivio chiavi dell'agente gpg"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "impossibile creare il flusso dal socket: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Inserire la scheda con il numero di serie"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Rimuovere la carta corrente e inserire quella con il numero di serie"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "PIN amministratore"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Resetta codice"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Premere il pulsante ACK sulla scheda/token."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Utilizzare il pinpad del lettore per l'input."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Ripeti questo codice di reimpostazione"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Ripeti questo PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Ripeti questo PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Reimpostare il codice non ripetuto correttamente; Riprova"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK non ripetuto correttamente; Riprova"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN non ripetuto correttamente; Riprova"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Immettere il PIN%s%s%s per sbloccare la scheda"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "errore durante la scrittura in %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "errore durante la creazione del file temporaneo: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "errore durante la scrittura nel file temporaneo: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Inserisci la nuova passphrase"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Prendi questo comunque"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "Non è stata immessa una passphrase!%0AUna passphrase vuota non è consentita."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -394,18 +361,18 @@ msgstr ""
 "prega di confermare che non si desidera disporre di alcuna protezione sulla "
 "chiave."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Sì, la protezione non è necessaria"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Una passphrase deve avere almeno lunga %u carattere."
 msgstr[1] "Una passphrase deve avere almeno lunga %u caratteri."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -415,230 +382,241 @@ msgstr[0] ""
 msgstr[1] ""
 "Una passphrase deve contenere almeno %u cifre o%%0Acaratteri speciali."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "Una passphrase non può essere un termine noto o corrispondere%%0Acertain "
 "modello."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Avviso: è stata immessa una passphrase non sicura."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Prendi questo comunque"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Immettere la passphrase a%0Aproteggere la nuova chiave"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Inserisci la nuova passphrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Opzioni utili per il debug"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "eseguire in modalità daemon (sfondo)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "eseguire in modalità server (in primo piano)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "eseguire in modalità supervisionata"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "non scollegarsi dalla console"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "uscita del comando sh-stile"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "uscita del comando in csh-stile"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|opzioni di lettura da FILE"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Opzioni che controllano l'output diagnostico"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "prolisso"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "meno prolisso"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|scrittura dei registri in modalità server in FILE"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Opzioni che controllano la configurazione"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "non utilizzare il SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "| PGM| utilizzare PGM come programma SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "| PGM| utilizzare PGM come programma SCdaemon"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|accettare alcuni comandi tramite NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorare le richieste di modifica del TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorare le richieste di modifica della visualizzazione X"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "abilitare il supporto ssh"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|usa ALGO per mostrare le impronte digitali ssh"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "abilitare il supporto putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Opzioni che controllano la sicurezza"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|scadenza PIN memorizzati nella cache dopo N secondi"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|Chiavi SSH di N-scadenza dopo N secondi"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|imposta la durata massima della cache del PIN su N secondi"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|set durata massima del tasto SSH su N secondi"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "non utilizzare la cache PIN durante la firma"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "non consentire l'uso di una cache di password esterna"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 "non consentire ai client di contrassegnare le chiavi come \"attendibili\""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "consentire la preimpostazione della passphrase"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Opzioni che applicano un criterio di passphrase"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "non consentire l'esclusione dei criteri di passphrase"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|Lunghezza minima richiesta per le nuove passphrase su N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|Per una nuova passphrase è necessario almeno N caratteri non alfa"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE||controlla le nuove passphrase rispetto al modello in FILE"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "| La passphrase dopo N giorni"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "non consentono il riutilizzo di vecchie passphrase"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Opzioni che controllano la sicurezza"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "non consentire al chiamante di eseguire l'override del pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "| PGM|utilizzare PGM come programma PIN-Entry"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|Il timeout di Pinentry è impostato su N secondi"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "consentire la passphrase tramite Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Segnalare i bug a <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Utilizzo: @GPG_AGENT@ [opzioni] (-h per assistenza)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -646,136 +624,131 @@ msgstr ""
 "Sintassi: @GPG_AGENT@ [opzioni] [comando [args]]\n"
 "Gestione delle chiavi segrete per @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "'%s' a livello di debug non valido specificato\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "l'algoritmo di digest selezionato non è valido\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "opzioni di lettura da '%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Nota: '%s' non è considerato un'opzione\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "impossibile creare il socket: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "il nome socket '%s' è troppo lungo\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "un gpg-agent è già in esecuzione - non iniziare uno nuovo\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "errore durante il recupero di un errore per il socket\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "errore durante l'associazione del socket a '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "impossibile impostare le autorizzazioni di '%s': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "ascolto sul socket '%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "impossibile creare la directory '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "directory '%s' creata\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() non riuscito per '%s': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "impossibile utilizzare '%s' come home directory\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "errore durante la lettura del nonce su fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "gestore 0x%lx per fd %d avviato\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "gestore 0x%lx per fd %d terminato\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "gestore ssh 0x%lx per fd %d avviato\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "gestore ssh 0x%lx per fd %d terminato\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect non riuscito: %s - 1s in attesa\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s arrestato\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "nessun gpg-agent in esecuzione in questa sessione\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -783,11 +756,11 @@ msgstr ""
 "@Optioni:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -795,8 +768,8 @@ msgstr ""
 "Sintassi: gpg-preset-passphrase [opzioni] KEYGRIP\n"
 "Manutenzione della cache delle password\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -804,8 +777,8 @@ msgstr ""
 "@Comandi:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -815,11 +788,11 @@ msgstr ""
 "Opzioni:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Utilizzo: gpg-protect-tool [opzioni] (-h per assistenza)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -827,16 +800,16 @@ msgstr ""
 "Sintassi: gpg-protect-tool [opzioni] [args]\n"
 "Strumento di manutenzione della chiave segreta\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr ""
 "Immettere la passphrase per rimuovere la protezione dell'oggetto PKCS.12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Immettere la passphrase per proteggere il nuovo oggetto PKCS.12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -844,7 +817,7 @@ msgstr ""
 "Immettere la passphrase per proteggere l'oggetto importato all'interno del "
 "sistema GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -852,53 +825,52 @@ msgstr ""
 "Inserisci la passphrase o il PIN\n"
 "necessario per completare questa operazione."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "annullato\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "errore durante la richiesta della passphrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "errore durante l'apertura di '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "file '%s', riga %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "istruzione \"%s\" ignorata in '%s', riga %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "elenco di attendibilità del sistema '%s' non disponibile\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "impronta digitale non valido in '%s', riga %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "keyflag non valido in '%s', riga %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "errore durante la lettura di '%s', riga %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -912,7 +884,7 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -921,11 +893,11 @@ msgstr ""
 "Alla fine ti fidi di %% 0A \"% s\" %%0Aper certificare correttamente i "
 "certificati utente?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Sì"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "No"
@@ -938,7 +910,7 @@ msgstr "No"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -950,22 +922,22 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Corretto"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Sbagliato"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Nota: questa passphrase non è mai stata modificata.%0ASi prega di cambiarlo "
 "ora."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -974,15 +946,15 @@ msgstr ""
 "Questa passphrase non è stata modificata%%0Ada %.4s-%.2s-%.2s.  Si prega di "
 "cambiarlo ora."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Modifica passphrase"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Lo cambierò più tardi"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -990,11 +962,11 @@ msgid ""
 msgstr ""
 "Si desidera eliminare la chiave identificata da keygrip%%0A %s%%0A %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Elimina chiave"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1003,92 +975,92 @@ msgstr ""
 "L'eliminazione della chiave potrebbe rimuovere la possibilità di accedere ai "
 "computer remoti."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA richiede che la lunghezza dell'hash sia un multiplo di 8 bit\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "La chiave %s utilizza un hash unsafe (%u bit)\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "un hash di bit %zu non è valido per una chiave %u bit %s\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "controllo della firma creata fallito: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "parti della chiave segreta non sono disponibili\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "l'algoritmo a chiave pubblica %d (%s) non è supportato\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "algoritmo di protezione %d (%s) non supportato\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "algoritmo hash di protezione %d (%s) non supportato\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "errore durante la creazione di una pipe: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "errore durante la creazione di un flusso per una pipe: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "errore durante il processo di forking: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "in attesa della terminazione del processo %d non riuscita: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "errore durante l'esecuzione di '%s': probabilmente non installato\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "errore durante l'esecuzione di '%s': stato di uscita %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "errore durante l'esecuzione di '%s': terminato\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "attesa della terminazione dei processi non riuscita: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "errore durante l'osando di fine del processo %d: %s\n"
@@ -1103,33 +1075,33 @@ msgstr "impossibile connettersi a '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problema durante l'impostazione delle opzioni gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "impossibile disabilitare i core dump: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Avviso: proprietà non sicura su %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Avviso: autorizzazioni non sicure su %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "in attesa che il file '%s' diventi accessibile …\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "ridenominazione di '%s' in '%s' non riuscita: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "sì"
 
@@ -1184,50 +1156,101 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr "fuori dal core durante l'allocazione di %lu byte"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "errore durante l'allocazione di memoria sufficiente: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: opzione obsoleta \"%s\" - non ha effetto\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVVISO: \"%s%s\" è un'opzione obsoleta - non ha alcun effetto\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "flag di debug sconosciuto '%s' ignorato\n"
 
-#: common/asshelp.c:335
-#, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "in attesa che venga in corso il %s... (%ds)\n"
 
-#: common/asshelp.c:347
-#, c-format
-msgid "connection to %s established\n"
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "in attesa che venga in corso il %s... (%ds)\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "in attesa che venga in corso il %s... (%ds)\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
+msgstr "connessione a %s stabilita\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "connessione a %s stabilita\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the agent established\n"
 msgstr "connessione a %s stabilita\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "nessun Dirmngr in esecuzione - avvio di '%s'\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "connessione all'agente è in modalità limitata\n"
+
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "errore durante il recupero della versione da '%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "nessun gpg-agent in esecuzione - avvio '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "il server '%s' è precedente a noi (%s < %s)"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "connessione all'agente è in modalità limitata\n"
+msgid "WARNING: %s\n"
+msgstr "AVVISO: %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "nessun Dirmngr in esecuzione - avvio di '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Nota: i server obsoleti potrebbero non avere correzioni di sicurezza "
+"importanti.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Nota: utilizzare il comando \"%s\" per riavviarli.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1297,7 +1320,7 @@ msgid "algorithm: %s"
 msgstr "algoritmo: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "algoritmo non supportato: %s"
@@ -1372,11 +1395,11 @@ msgstr "Catena di certificati valida"
 msgid "Root certificate trustworthy"
 msgstr "Certificato radice attendibile"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "nessun CRL trovato per il certificato"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "il CRL disponibile è troppo vecchio"
 
@@ -1413,7 +1436,7 @@ msgstr "Nessuna Guida disponibile per '%s'."
 msgid "ignoring garbage line"
 msgstr "ignorando la linea spazzatura"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[nessuno]"
 
@@ -1422,134 +1445,26 @@ msgstr "[nessuno]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "carattere radix64 non valido %02x ignorato\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argomento non previsto"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "errore di lettura"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "parola chiave troppo lunga"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "argomento mancante"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "argomento non valido"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "comando non valido"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "definizione di alias non valida"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "fuori dal nucleo"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "comando non valido"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "comando sconosciuto '%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "armatura inaspettata: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "opzione non valida"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "argomento mancante per l'opzione \"%.50s\"\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "argomento non valido per l'opzione \"%.50s\"\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "l'opzione \"%.50s\" non prevede un argomento\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "comando non valido \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "l'opzione \"%.50s\" è ambigua\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "il comando \"%.50s\" è ambiguo\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opzione non valida \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Nota: nessun file di opzioni predefinito '%s'\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "file di opzioni '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1565,131 +1480,132 @@ msgstr "iconv_open non riuscito: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "conversione da '%s' a '%s' non riuscita: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "impossibile creare il file temporaneo '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "errore durante la scrittura in '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "rimozione del file di blocco non più utilizzato (creato da %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "in attesa di blocco (in attesa di %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(deadlock?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "blocco '%s' non effettuato: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "attesa del blocco %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s è troppo vecchio (è necessario %s, con %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armatura: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "header dell'armatura non valido: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "header dell'armatura: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "header della firma in chiaro non valido\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "intestazione armatura sconosciuta: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "firme in chiaro annidate\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "armatura inaspettata: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "riga protetta con il trattino non valida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "carattere radix64 non valido %02x ignorato\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "eof prematura (nessun CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "eof prematura (nel CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC malformato\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Errore CRC; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "eof prematuro (nel rimorchio)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "errore nella riga della coda\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "non sono stati trovati dati OpenPGP validi.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armatura non valida: linea più lunga di %d caratteri\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1697,12 +1613,12 @@ msgstr ""
 "carattere quoted printable nell'armatura - probabilmente è stato usato\n"
 "un MTA buggato\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ non leggibile (%zu byte: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1711,283 +1627,276 @@ msgstr ""
 "il nome di una nota deve essere formato solo da caratteri stampabili o\n"
 "spazi e terminare con un '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "il valore di una nota dell'utente deve contenere il carattere '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "il nome di una notazione non deve contenere più di un carattere '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "il valore di una nota non deve usare caratteri di controllo\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "il valore di una nota dell'utente deve contenere il carattere '='\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr ""
 "un nome di notazione deve contenere solo caratteri o spazi stampabili\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "ATTENZIONE: trovati dati di una nota non validi\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "impossibile proxy %s richiesta al client\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Inserisci la passphrase: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "errore durante il recupero della versione da '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "il server '%s' è precedente a noi (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "AVVISO: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Nota: i server obsoleti potrebbero non avere correzioni di sicurezza "
-"importanti.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s non è conforme alla modalità %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Nota: utilizzare il comando \"%s\" per riavviarli.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "errore durante la lettura da %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s non è conforme alla modalità %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problema con l'agente: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "nessun dirmngr in esecuzione in questa sessione\n"
 
-#: g10/call-dirmngr.c:243
-#, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#: g10/call-dirmngr.c:212
+#, fuzzy, c-format
+#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "l'opzione keyserver \"%s\" non può essere utilizzata in modalità %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD utilizza un risultato memorizzato nella cache"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor non è in esecuzione"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor non è configurato correttamente"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS non è configurato correttamente"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "reindirizzamento HTTP inaccettabile dal server"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "il reindirizzamento HTTP dal server è stato pulito"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "server utilizza un certificato non valido"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Nota: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "Scheda OpenPGP non disponibile: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Scheda OpenPGP n. %s rilevata\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "impossibile eseguire questa operazione in modalità batch\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Questo comando è disponibile solo per le schede della versione 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Reimposta codice non più disponibile o meno\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Cosa scegli? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[non impostato]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Sig."
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Sig.ra."
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "non forzato"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "costretto"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Errore: al momento è consentito solo ASCII semplice.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Errore: il carattere \"<\" non può essere utilizzato.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Errore: gli spazi doppi non sono consentiti.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Cognome del titolare della carta: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Nome del titolare della carta: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Errore: nome combinato troppo lungo (limite è di %d caratteri).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL per recuperare la chiave pubblica: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "errore durante la lettura di '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "errore durante la scrittura di '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Dati di accesso (nome account): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Dati DO privati: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Preferenze lingua: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Errore: lunghezza della stringa di preferenza non valida.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Errore: caratteri non validi nella stringa di preferenza.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Salutazione (M - Mr., F - Ms., o spazio): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "|FPR|Risposta OCSP firmata da FPR\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Impronta digitale CA: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Errore: impronta digitale formattata non valida.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "operazione chiave non possibile: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "non una scheda OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr ""
 "errore durante il recupero delle informazioni sulla chiave corrente: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Sostituire la chiave esistente? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Nota: non vi è alcuna garanzia che la carta supporti la dimensione "
 "richiesta.\n"
@@ -1995,102 +1904,104 @@ msgstr ""
 "      documentazione della carta per vedere quali dimensioni sono "
 "consentite.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Che chiave vuoi? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "arrotondate a %u bit\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s keysizes deve essere compreso nell'intervallo %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Modifica dell'attributo chiave della scheda per: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Chiave di firma\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Chiave di crittografia\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Chiave di autenticazione\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Per favore scegli che tipo di chiave vuoi:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Scelta non valida.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 "La scheda verrà ora configurata nuovamente per generare una chiave di %u "
 "bit\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 "La scheda verrà ora configurata nuovamente per generare una chiave di tipo: "
 "%s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr ""
 "errore durante la modifica dell'attributo chiave per la chiave %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "errore durante il recupero delle informazioni sulla scheda: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Questo comando non è supportato da questa scheda\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Eseguire il backup off-card della chiave di crittografia? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Nota: le chiavi sono già memorizzate sulla scheda!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Sostituire le chiavi esistenti? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2101,186 +2012,202 @@ msgstr ""
 "   PIN : '%s'     PIN di amministrazione = '%s'\n"
 "È necessario modificarli utilizzando il comando --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Selezionare il tipo di chiave da generare:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Chiave di firma\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Chiave di crittografia\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Chiave di autenticazione\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Si prega di selezionare dove memorizzare la chiave:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD non riuscito: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
 "Nota: Questo comando distrugge tutti i tasti memorizzati sulla scheda!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Continuare? (Y/n) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Fare davvero un reset di fabbrica? (immettere \"sì\") "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "errore per l'installazione KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "errore per l'installazione KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "abbandona questo menù"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "mostra comandi di amministrazione"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "mostra questo aiuto"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "elencare tutti i dati disponibili"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "cambiare il nome del titolare della carta"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "modificare l'URL per recuperare la chiave"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "recuperare la chiave specificata nell'URL della scheda"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "modificare il nome di accesso"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "modificare le preferenze della lingua"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "cambiare il saluto del titolare della carta"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "modificare un'impronta digitale CA"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "attivare/disattivare il flag PIN di forza della firma"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "genera nuove chiavi"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "per modificare o sbloccare il PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verificare il PIN ed elencare tutti i dati"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "sbloccare il PIN utilizzando un codice di ripristino"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "distruggere tutte le chiavi e i dati"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "configurazione KDF per l'autenticazione PIN"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "modificare l'attributo chiave"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "cambia il valore di fiducia"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Comando solo amministratore\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "I comandi di amministrazione sono consentiti\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "I comandi di amministrazione non sono consentiti\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Comando non valido  (prova \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output non funziona con questo comando\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "impossibile aprire '%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "chiave \"%s\" non trovata: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "errore leggendo il keyblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "chiave \"%s\" non trovata\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(a meno che la chiave sia specificata con il fingerprint)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "non può farlo in modalità batch senza \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a meno che la chiave sia specificata con il fingerprint)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2323,9 +2250,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "sottochiave"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "aggiornamento fallito: %s\n"
@@ -2350,64 +2277,77 @@ msgstr "c'è una chiave segreta per la chiave pubblica \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "usa prima l'opzione \"--delete-secret-keys\" per cancellarla.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"AVVISO: l'imposizione della crittografia simmetrica %s (%d) viola le "
-"preferenze del destinatario\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "errore nella creazione della passhprase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr ""
 "impossibile usare un pacchetto ESK simmetrico a causa della modalità S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "uso il cifrario %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "'%s' già compresso\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVVISO: '%s' è un file vuoto\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr ""
+"l'algoritmo di crittografia '%s' non può essere utilizzato in modalità %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "l'algoritmo di crittografia '%s' non può essere utilizzato in modalità %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "l'algoritmo digest '%s' non può essere utilizzato in modalità %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVVISO: la chiave %s non è adatta per la crittografia in modalità %s\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "lettura da '%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVVISO: l'imposizione della crittografia simmetrica %s (%d) viola le "
+"preferenze del destinatario\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVVISO: la chiave %s non è adatta per la crittografia in modalità %s\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2416,27 +2356,36 @@ msgstr ""
 "AVVISO: l'algoritmo di compressione %s (%d) viola le preferenze dei "
 "destinatari\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzare il cifrario simmetrico %s (%d) viola le preferenze\n"
+"del destinatario\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrato per: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "l'opzione '%s' non può essere utilizzata in modalità %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "dati cifrati con %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "cifrato con l'algoritmo sconosciuto %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2444,74 +2393,14 @@ msgstr ""
 "ATTENZIONE: il messaggio era stato cifrato usando una chiave debole\n"
 "per il cifrario simmetrico\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problema nella gestione del pacchetto cifrato\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "l'esecuzione remota dei programmi non è gestita\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"le chiamate a programmi esterni sono disattivate a causa dei permessi non\n"
-"sicuri del file delle opzioni\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"questa piattaforma richiede file temporanei quando si chiamano programmi "
-"esterni\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "impossibile eseguire il programma '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "impossibile eseguire la shell '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "errore di sistema chiamando il programma esterno: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "uscita anormale del programma esterno\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "impossibile eseguire il programma esterno\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "impossibile leggere la risposta del programma esterno: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVVISO: impossibile rimuovere il file temporaneo (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVVISO: impossibile rimuovere la directory temporanea '%s': %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr "esportare firme contrassegnate come solo locali"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
+msgstr "esportare firme contrassegnate come solo locali"
 
 #: g10/export.c:121
 msgid "export attribute user IDs (generally photo IDs)"
@@ -2529,381 +2418,381 @@ msgstr "rimuovere parti inutilizzabili dalla chiave durante l'esportazione"
 msgid "remove as much as possible from key during export"
 msgstr "rimuovere il più possibile dalla chiave durante l'esportazione"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "utilizzare il formato di backup della chiave GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - saltato"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "scrittura in '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "chiave %s: materiale della chiave su scheda - ignorato\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "esportazione di chiavi segrete non consentita\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "chiave %s: chiave di stile PGP 2.x - ignorata\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "ATTENZIONE: non è stato esportato nulla\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "errore durante la creazione di '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[ID utente non trovato]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "recuperato automaticamente '%s' tramite %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "errore durante il recupero di '%s' tramite %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Nessuna impronta digitale"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 "verifica della presenza di una nuova copia di una chiave scaduta tramite %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "chiave segreta \"%s\" non trovata: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(controllare l'argomento dell'opzione '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Avviso: impossibile utilizzare '%s' come chiave predefinita: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "utilizzo di \"%s\" come chiave segreta predefinita per la firma\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "tutti i valori passati a '%s' ignorati\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Chiave non valida %s resa valida da --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "utilizzando la sottochiave %s anziché la chiave primaria %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "valori validi per l'opzione '%s':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "fare una firma"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "creare una firma di testo non crittografato"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "fai una firma separata"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "cifra dati"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "cifra solo con un cifrario simmetrico"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "decifra dati (predefinito)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifica una firma"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "elenca le chiavi"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "elenca le chiavi e le firme"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "elencare e controllare le firme delle chiavi"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "elenca le chiavi e le impronte digitali"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "elenca le chiavi segrete"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "genera una nuova coppia di chiavi"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "generare rapidamente una nuova coppia di chiavi"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "aggiungere rapidamente un nuovo id utente"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "revocare rapidamente un id utente"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "impostare rapidamente una nuova data di scadenza"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "generazione completa della coppia di chiavi in primo piano"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "genera un certificato di revoca"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "rimuove le chiavi dal portachiavi pubblico"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "rimuove le chiavi dal portachiavi privato"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "firmare rapidamente un tasto"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "firmare rapidamente una chiave localmente"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
 msgstr "revocare rapidamente un id utente"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "firma una chiave"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "firma una chiave localmente"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "firma o modifica una chiave"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "cambia la passphrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "esporta delle chiavi"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "esporta le chiavi a un keyserver"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importa le chiavi da un keyserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "cerca delle chiavi su un keyserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "aggiorna tutte le chiavi da un keyserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importa/aggiungi delle chiavi"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "stampare lo stato della scheda"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "modificare i dati su una scheda"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "modificare il PIN di una carta"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "aggiorna il database della fiducia"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "stampare digest dei messaggi"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "eseguire in modalità server"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALORE|impostare il criterio TOFU per una chiave"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|usa NAME come chiave segreta predefinita"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "Anche nome-crittografare all'ID utente NOME"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|configurare gli alias di posta elettronica"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "utilizzare un comportamento OpenPGP rigoroso"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "non fa cambiamenti"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "chiede prima di sovrascrivere"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Opzioni che controllano la sicurezza"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Opzioni che controllano l'output diagnostico"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "crea un output ascii con armatura"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|scrittura dell'output in FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "usa il modo testo canonico"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|Impostare il livello di compressione su N (0 disabilita)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Opzioni che controllano l'interattività e l'applicazione"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MECHANISMS|utilizzare MECHANISMS per individuare le chiavi in base "
 "all'indirizzo di posta elettronica"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "importare la chiave mancante da una firma"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "includere la chiave pubblica nelle firme"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "disabilitare tutti gli accessi al dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Opzioni che controllano la configurazione"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "elenca le chiavi segrete"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|encrypt per USER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|utilizzare USER-ID per firmare o decrittografare"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2911,7 +2800,7 @@ msgstr ""
 "@\n"
 "(Vedi la man page per una lista completa di tutti i comandi e opzioni)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2931,11 +2820,11 @@ msgstr ""
 " --list-keys [nomi]       mostra le chiavi\n"
 " --fingerprint [nomi]       mostra le impronte digitali\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Utilizzo: @GPG@ [opzioni] [file] (-h per assistenza)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2945,7 +2834,7 @@ msgstr ""
 "Firmare, controllare, crittografare o decrittografare\n"
 "Il funzionamento predefinito dipende dai dati di input\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2953,73 +2842,73 @@ msgstr ""
 "\n"
 "Algoritmi gestiti:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "A chiave pubblica: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cifrari: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compressione: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "utilizzo: %s [opzioni] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "comandi in conflitto\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "nessun segno = trovato nella definizione di gruppo '%s'\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "AVVISO: proprietà non sicura su homedir '%s'\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "AVVISO: proprietà non sicura nel file di configurazione '%s'\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVVISO: proprietà non sicura nell'estensione '%s'\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "AVVISO: proprietà non sicura su homedir '%s'\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "AVVISO: autorizzazioni non sicure per il file di configurazione '%s'\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVVISO: autorizzazioni non sicure per l'estensione '%s'\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "AVVISO: proprietà non sicura su homedir '%s'\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3027,21 +2916,21 @@ msgstr ""
 "AVVISO: proprietà della directory di inclusione non sicura nel file di "
 "configurazione '%s'\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "AVVISO: proprietà della directory di inclusione non sicura nell'estensione "
 "'%s'\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "AVVISO: autorizzazioni della directory di inclusione non sicure nella "
 "directory homedir '%s'\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3049,463 +2938,480 @@ msgstr ""
 "AVVISO: autorizzazioni della directory di inclusione non sicure nella "
 "directory homedir '%s'\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "AVVISO: autorizzazioni della directory di inclusione non sicure per "
 "l'estensione '%s'\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "elemento di configurazione sconosciuto '%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "visualizzare gli ID foto durante le elenchi dei tasti"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr ""
 "mostra le informazioni sull'utilizzo delle chiavi durante le inserzioni "
 "chiave"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "mostra URL dei criteri durante gli elenchi delle firme"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "mostra tutte le notazioni durante gli elenchi delle firme"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "mostra notazioni standard IETF durante gli elenchi delle firme"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 "mostra le notazioni fornite dall'utente durante gli elenchi delle firme"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "mostra gli URL preferiti del keyserver durante gli elenchi delle firme"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "mostra validità ID utente durante le inserzioni chiave"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "mostra ID utente revocati e scaduti negli elenchi di chiavi"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "mostra sottochiavi revocate e scadute negli elenchi di chiavi"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "mostrare il nome del keyring negli elenchi delle chiavi"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "mostra date di scadenza durante le inserzioni delle firme"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "criterio TOFU sconosciuto '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(utilizzare \"help\" per elencare le scelte)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Questo comando non è permesso in modalità %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Nota: %s non è per uso normale!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s' non è una scadenza di firma valida\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "\"%s\" non è un indirizzo di posta elettronica corretto\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "modalità pinentry non valida '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "origine richiesta non valida '%s'\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' non è un set di caratteri valido\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "impossibile analizzare l'URL del server dei chiavi\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opzioni keyserver non valide\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "opzioni keyserver non valide\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opzioni di importazione non valide\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opzioni di importazione non valide\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opzione di filtro non valida: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opzioni di esportazione non valide\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opzioni di esportazione non valide\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opzioni di elenco non valide\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "opzioni di elenco non valide\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "visualizzare gli ID foto durante la verifica della firma"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "mostra URL dei criteri durante la verifica della firma"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "mostra tutte le notazioni durante la verifica della firma"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "mostra notazioni standard IETF durante la verifica della firma"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 "mostra le notazioni fornite dall'utente durante la verifica della firma"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "mostra gli URL preferiti del keyserver durante la verifica della firma"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "mostra validità DELL'ID utente durante la verifica della firma"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "mostra ID utente revocati e scaduti nella verifica della firma"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "mostra solo l'ID utente primario nella verifica della firma"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "convalidare le firme con i dati PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "elevare la fiducia delle firme con dati PKA validi"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opzioni di verifica non valide\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "opzioni di verifica non valide\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "impossibile impostare exec-path a %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: elenco di individuazione automatica della chiave non valido\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "elenco di individuazione automatica delle chiavi non valido\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "argomento non valido per l'opzione \"%.50s\"\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "ATTENZIONE: il programma potrebbe creare un file core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "ATTENZIONE: %s ha la precedenza su %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "Non è permesso usare %s con %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "Non ha senso usare %s con %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "AVVISO: in esecuzione con l'ora di sistema falso: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "non verrà eseguito con memoria non protetta a causa di %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "l'algoritmo di cifratura selezionato non è valido\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "l'algoritmo di digest selezionato non è valido\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritmo di compressione selezionato non valido\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "l'algoritmo di digest selezionato non è valido\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed deve essere maggiore di 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed deve essere maggiore di 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth deve essere compreso tra 1 e 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "default-cert-level non valido; deve essere 0, 1, 2 o 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "min-cert-level non valido; deve essere 1, 2 o 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Nota: la modalità S2K semplice (0) è fortemente sconsigliata\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "modo S2K non valido; deve essere 0, 1 o 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferenze predefinite non valide\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferenze personali del cifrario non valide\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferenze personali del cifrario non valide\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferenze personali del digest non valide\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferenze personali di compressione non valide\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "dimensione della chiave non valida; uso %u bit\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s non funziona ancora con %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr ""
+"l'algoritmo di crittografia '%s' non può essere utilizzato in modalità %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "l'algoritmo di compressione '%s' non può essere utilizzato in modalità %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "inizializzazione del trustdb fallita: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "ATTENZIONE: sono stati indicati dei destinatari (-r) senza usare la\n"
 "crittografia a chiave pubblica\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "crittografia simmetrica di '%s' non riuscita: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "non è possibile utilizzare --symmetric --encrypt con --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "non è possibile utilizzare --symmetric --encrypt in modalità %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "non è possibile utilizzare --symmetric --sign --encrypt con --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 "non è possibile utilizzare --symmetric --sign --encrypt in modalità %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "invio al keyserver fallito: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "ricezione dal keyserver fallita: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "esportazione della chiave fallita: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "esportazione come chiave ssh non riuscita: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "ricerca nel keyserver fallita: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "aggiornamento del keyserver fallito: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "rimozione dell'armatura fallita: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "creazione dell'armatura fallita: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritmo hash non valido '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "errore durante l'analisi della specifica della chiave '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 "'%s' non sembra essere un ID chiave, un'impronta digitale o un keygrip "
 "valido\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 "AVVISO: nessun comando fornito.  Cercando di indovinare cosa vuoi dire ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Vai avanti e scrivi il messaggio...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "l'URL della politica di certificazione indicato non è valido\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "l'URL della politica di firma indicato non è valido\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "l'URL del keyserver preferito specificato non è valido\n"
@@ -3518,7 +3424,7 @@ msgstr "| FILE: prendere le chiavi dal file di tasti"
 msgid "make timestamp conflicts only a warning"
 msgstr "segnala i conflitti di data solo con un avvertimento"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|scrivi le informazioni di stato sul FD"
 
@@ -3564,129 +3470,141 @@ msgid "do not update the trustdb after import"
 msgstr "non aggiornare il trustdb dopo l'importazione"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "abilitare il supporto putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "mostra chiave durante l'importazione"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "mostra chiave durante l'importazione"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "accettare solo gli aggiornamenti alle chiavi esistenti"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "rimuovere le parti inutilizzabili dalla chiave dopo l'importazione"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "rimuovere il più possibile dalla chiave dopo l'importazione"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "ignorare le firme chiave che non sono auto-firme"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 "eseguire immediatamente i filtri di importazione e la chiave di esportazione"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "assumere il formato di backup della chiave GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "ripristinare le chiavi all'importazione"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "salto un blocco di tipo %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu chiavi elaborate finora\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Numero totale esaminato: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    Chiavi PGP-2 ignorate: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "  nuove chiavi saltate: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "         senza user ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "             importate: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "        non modificate: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "         nuovi user ID: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "       nuove subchiavi: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "           nuove firme: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "  nuove revoche di chiavi: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "  chiavi segrete lette: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  chiavi segrete importate: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " chiavi segrete non cambiate: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "             importate: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    firme pulite: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "    ID utente puliti: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3695,169 +3613,175 @@ msgstr ""
 "AVVISO: la chiave %s contiene le preferenze per\n"
 "algoritmi su questi ID utente:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": preferenza per l'algoritmo di crittografia %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": preferenza per l'algoritmo di crittografia %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "        \"%s\": preferenza per l'algoritmo digest %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "          \"%s\": preferenza per l'algoritmo di compressione %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "si consiglia vivamente di aggiornare le preferenze e\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "ri-distribuire questa chiave per evitare potenziali problemi di mancata "
 "corrispondenza dell'algoritmo\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "è possibile aggiornare le preferenze con: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "chiave %s: nessun ID utente\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "chiave %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "rifiutato dallo screener di importazione"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "chiave %s: danneggiamento della sottochiave PKS riparato\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "chiave %s: accettato ID utente non autofirmato \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "chiave %s: nessun ID utente valido\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "questo può essere causato da una autofirma mancante\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "chiave %s: chiave pubblica non trovata: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "chiave %s: nuova chiave - ignorata\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "non è stato trovato un portachiavi scrivibile: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "errore durante la scrittura della chiave '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "chiave %s: chiave pubblica \"%s\" importata\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "chiave %s: non corrisponde alla nostra copia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "chiave %s: \"%s\" 1 nuovo ID utente\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "chiave %s: \"%s\" %d nuovi ID utente\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "chiave %s: \"%s\" 1 nuova firma\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "chiave %s: \"%s\" %d nuove firme\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "chiave %s: \"%s\" 1 nuova sottochiave\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "chiave %s: \"%s\" %d nuove sottochiavi\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "chiave %s: \"%s\" %d firma pulita\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "chiave %s: \"%s\" %d firme pulite\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "chiave %s: \"%s\" %d ID utente pulito\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "chiave %s: \"%s\" %d ID utente puliti\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "chiave %s: \"%s\" non modificata\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "chiave %s: chiave segreta importata\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "chiave %s: chiave segreta già esistente\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "chiave %s: errore durante l'invio all'agente: %s\n"
@@ -3870,203 +3794,210 @@ msgstr "chiave %s: errore durante l'invio all'agente: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "Per eseguire la migrazione di '%s', con ogni smart card: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "chiave segreta %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "importazione di chiavi segrete non consentita\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "chiave %s: chiave segreta con crittografia non valida %d - ignorata\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Nessuna ragione specificata"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Questa chiave è stata sostituita"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Questa chiave è stata compromessa"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "La chiave non è più usata"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "L'user ID non è più valido"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "ragione della revoca: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "commento alla revoca: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "chiave %s: nessuna chiave pubblica - impossibile applicare il certificato di "
 "revoca\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "chiave %s: impossibile individuare il blocco di chiave originale: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "chiave %s: impossibile leggere il keyblock originale: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "chiave %s: certificato di revoca non valido: %s - rifiutato\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "chiave %s: certificato di revoca \"%s\" importato\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "chiave %s: nessun ID utente per la firma\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "chiave %s: algoritmo a chiave pubblica non supportato sull'ID utente \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "chiave %s: autode firma non valida sull'ID utente \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "chiave %s: algoritmo a chiave pubblica non supportato\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "chiave %s: firma diretta della chiave non valida\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "chiave %s: nessuna sottochiave per l'associazione della chiave\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "chiave %s: associazione di sottochiavi non valida\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "chiave %s: rimossa l'associazione di più sottochiavi\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "chiave %s: nessuna sottochiave per la revoca della chiave\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "chiave %s: revoca della sottochiave non valida\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "chiave %s: rimossa la revoca di più sottochiavi\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "chiave %s: ID utente ignorato \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "chiave %s: sottochiave ignorata\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "chiave %s: firma non esportabile (classe 0x%02X) - ignorata\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "chiave %s: certificato di revoca nella posizione errata - ignorato\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "chiave %s: certificato di revoca non valido: %s - ignorato\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "chiave %s: firma della sottochiave nella posizione errata - ignorata\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "chiave %s: classe di firma imprevista (0x%02X) - ignorata\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "chiave %s: rilevato ID utente duplicato - unito\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "chiave %s: rilevato ID utente duplicato - unito\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "AVVISO: la chiave %s può essere revocata: recupero della chiave di revoca "
 "%s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVVISO: la chiave %s può essere revocata: chiave di revoca %s non presente.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "chiave %s: certificato di revoca \"%s\" aggiunto\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "chiave %s: aggiunta firma chiave diretta\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "errore durante l'allocazione della memoria: %s\n"
@@ -4090,12 +4021,12 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (seguono le firme riordinate)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "chiave %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
@@ -4104,28 +4035,28 @@ msgstr[0] ""
 "\n"
 msgstr[1] "%d firme duplicate rimosse\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d firma non controllata a causa di una chiave mancante\n"
 msgstr[1] "%d firme non controllate a causa di chiavi mancanti\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d firma non valida\n"
 msgstr[1] "%d firme non valide\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Firma %d riordinata\n"
 msgstr[1] "Firme %d riordinata\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4134,37 +4065,32 @@ msgstr ""
 "Avviso: errori rilevati e controllati solo auto-firme, eseguire '%s' per "
 "controllare tutte le firme.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "errore durante la creazione della casella della chiave '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "errore durante la creazione della chiave '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "keybox '%s' creato\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "chiave '%s' creata\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "risorsa keyblock '%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "errore durante l'apertura della chiave DB: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "rebuild della cache del portachiavi fallito: %s\n"
@@ -4177,7 +4103,7 @@ msgstr "[revoca]"
 msgid "[self-signature]"
 msgstr "[autofirma]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4189,12 +4115,12 @@ msgstr ""
 "(guardando i passaporti, controllando le impronte digitali da fonti diverse, "
 "ecc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d - Mi fido marginalmente\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d - Mi fido completamente\n"
@@ -4225,12 +4151,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "L'user ID \"%s\" è stato revocato."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Sei ancora sicuro di volerla firmare? (s/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Impossibile firmarla.\n"
 
@@ -4403,197 +4329,201 @@ msgstr "Ho controllato questa chiave con molta attenzione.\n"
 msgid "Really sign? (y/N) "
 msgstr "Davvero firmare? (y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "firma fallita: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Key ha solo elementi chiave stub o on-card - nessuna passphrase da "
 "modificare.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "chiave %s: errore durante la modifica della passphrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "salva ed esci"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "mostra impronta digitale chiave"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "mostrare il keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "elenca le chiavi e gli user ID"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "scegli l'user ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "selezionare la sottochiave N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "controllare le firme"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "firmare gli ID utente selezionati [* vedere di seguito per i comandi "
 "correlati]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "firmare gli ID utente selezionati localmente"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "firmare gli ID utente selezionati con una firma di trust"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "firmare gli ID utente selezionati con una firma non-revocabile"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "aggiungi un user ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "aggiungi un ID fotografico"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "eliminare gli ID utente selezionati"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "aggiungere una sottochiave"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "aggiungere una chiave a una smart card"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "spostare un tasto in una smart card"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "spostare una chiave di backup in una smart card"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "eliminare le sottochiavi selezionate"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "aggiungi una chiave di revoca"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "eliminare le firme dagli ID utente selezionati"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr ""
 "modificare la data di scadenza della chiave o delle sottochiavi selezionate"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "contrassegnare l'ID utente selezionato come primario"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "elenca le preferenze (per esperti)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "elenca le preferenze (prolisso)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "impostare l'elenco delle preferenze per gli ID utente selezionati"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "impostare l'URL del server delle chiavi preferito per gli ID utente "
 "selezionati"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "impostare una notazione per gli ID utente selezionati"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "cambia la passphrase"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "cambia il valore di fiducia"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revocare le firme sugli ID utente selezionati"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revocare gli ID utente selezionati"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revoca della chiave o delle sottochiavi selezionate"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "chiave di abilitazione"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "tasto di disattivazione"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "mostra GLI ID foto selezionati"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "compattare id utente inutilizzabili e rimuovere le firme inutilizzabili "
 "dalla chiave"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "compattare gli ID utente inutilizzabili e rimuovere tutte le firme dalla "
 "chiave"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "È disponibile una chiave segreta.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Sono disponibili sottochiavi segrete.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Per fare questo serve la chiave segreta.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4606,286 +4536,291 @@ msgstr ""
 "revocabili\n"
 "  (nrsign), o qualsiasi altra combinazione (ltsign, tnrsign, ecc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "La chiave è stata revocata."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Firmare davvero tutti gli ID utente di testo? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Firmare davvero tutti gli ID utente? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Suggerimento: seleziona gli user ID da firmare\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Tipo di firma sconosciuto '%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Questo comando non è permesso in modalità %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Devi selezionare almeno un user ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Utilizzare il comando '%s'.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Non puoi cancellare l'ultimo user ID!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Rimuovere davvero tutti gli ID utente selezionati? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Rimuovere davvero questo ID utente? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Spostare davvero la chiave primaria? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "È necessario selezionare esattamente una chiave.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Il comando prevede un argomento filename\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Impossibile aprire '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Errore durante la lettura della chiave di backup da '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Devi selezionare almeno una chiave.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Vuoi davvero eliminare le chiavi selezionate? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Vuoi davvero eliminare questa chiave? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Revocare davvero tutti gli ID utente selezionati? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Revocare davvero questo ID utente? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Vuoi davvero revocare l'intera chiave? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Si desidera davvero revocare le sottochiavi selezionate? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Si desidera davvero revocare questa sottochiave? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "L'attendibilità del proprietario potrebbe non essere impostata durante "
 "l'utilizzo di un database di trust fornito dall'utente\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Impostare l'elenco delle preferenze su:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Aggiornare davvero le preferenze per gli ID utente selezionati? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Aggiornare davvero le preferenze? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Salvare le modifiche? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Uscire senza salvare? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "La chiave non è cambiata quindi non sono necessari aggiornamenti.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "non può revocare l'ultimo ID utente valido.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "revoca dell'ID utente non riuscita: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "impostazione dell'ID utente primario non riuscita: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" non è un'impronta digitale\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "\"%s\" non è l'impronta digitale primaria\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "ID utente '%s' non valido: %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Nessun ID utente corrispondente."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Niente da firmare.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Non firmato da te.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "controllo della firma creata fallito: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' non è un'ora di scadenza valida\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\" non è un'impronta digitale corretta\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "sottochiave \"%s\" non trovata\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Caratteristiche: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Keyserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Server delle chiavi preferito: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notazioni: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Non esistono preferense su un user ID in stile PGP 2.x\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "La seguente chiave è stata revocata su %s dalla chiave %s %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Questa chiave può essere revocata dalla chiave %s %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensibile)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "creato: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "revocato: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "scaduto: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "scadenza: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "utilizzo: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "scheda-no: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "attendibilità: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validità: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Questa chiave è stata disabilitata"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4894,17 +4829,17 @@ msgstr ""
 "corretta\n"
 "finchè non eseguirai di nuovo il programma.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "revocato"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "scaduto"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4914,17 +4849,17 @@ msgstr ""
 "            potrebbe fare diventare un altro user ID il primario "
 "predefinito.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "AVVISO: la sottochiave di crittografia scade a breve.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Si consiglia di modificare la data di scadenza troppo.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4933,73 +4868,73 @@ msgstr ""
 "ATTENZIONE: Questa è una chiave in stile PGP2. Aggiungere un ID fotografico\n"
 "            può causarne il rifiuto da parte di alcune versioni di PGP.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Sei ancora sicuro di volerlo aggiungere? (s/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr ""
 "Non è possibile aggiungere un ID fotografico a una chiave in stile PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Tale ID utente esiste già in questa chiave!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Cancellare questa firma corretta? (s/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Cancellare questa firma non valida? (s/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Cancellare questa firma sconosciuta? (s/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Cancellare davvero questa autofirma? (s/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Firma %d eliminata.\n"
 msgstr[1] "Firme %d eliminate.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Non è stato cancellato nulla.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "non valido"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "ID utente \"%s\" compattato: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "ID utente \"%s\": firma %d rimossa\n"
 msgstr[1] "ID utente \"%s\": firme %d rimosse\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "ID utente \"%s\": già ridotto a icona\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "ID utente \"%s\": già pulito\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5009,281 +4944,287 @@ msgstr ""
 "            designato può causarne il rifiuto da parte di alcune versioni\n"
 "            di PGP.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "Non è possibile aggiungere un revocatore designato a una chiave in stile\n"
 "PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Inserisci l'user ID del revocatore designato: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "impossibile nominare come revocatore designato una chiave in stile PGP 2.x\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 "impossibile nominare una chiave come revocatore designato di sè stessa\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "questa chiave è già stata designata come revocatore\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "ATTENZIONE: la nomina di una chiave a revocatrice designata non può essere\n"
 "annullata.\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Sei sicuro di voler nominare questa chiave come revocatore designato? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr ""
 "Si è sicuri di voler modificare l'ora di scadenza per più sottochiavi? (y/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Modifica dell'ora di scadenza per una sottochiave.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Cambio la data di scadenza per la chiave primaria.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Non è possibile cambiare la data di scadenza di una chiave v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Modifica dell'utilizzo di una sottochiave.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Modifica dell'utilizzo della chiave primaria.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "la sottochiave di firma %s è già certificata incrociata\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "la sottochiave %s non firma e pertanto non deve essere certificata\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Devi selezionare esattamente un user ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "ignorare l'autode firma v3 sull'ID utente \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Immettere l'URL del server di chiavi preferito: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Sei sicuro di volerlo sostituire? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Sei sicuro di volerlo eliminare? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Immettere la notazione: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Procedere? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Nessun user ID con l'indice %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Nessun ID utente con hash %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Nessuna sottochiave con ID di chiave '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Nessuna sottochiave con indice %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID utente: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "firmato dalla chiave %s su %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non esportabile)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Questa chiave è scaduta il %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Sei ancora sicuro di volerlo aggiungere? (s/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Creare un certificato di revoca per questa firma? (s/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Sono stati firmati questi ID utente sulla chiave %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (non revocabile)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "revocato dalla chiave %s su %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Stai per revocare queste firme:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Creare davvero i certificati di revoca? (s/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "manca la chiave segreta\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "tentativo di revocare un ID non utente: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "l'user ID \"%s\" è già stato revocato\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "ATTENZIONE: una firma dell'user ID ha la data di %d secondi nel futuro\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Impossibile revocare l'ultimo ID utente valido.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "La chiave %s è già stata revocata.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "La sottochiave %s è già stata revocata.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Visualizzazione dell'ID foto %s della dimensione %ld per la chiave %s (uid "
 "%d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "valore non valido per l'opzione '%s'\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preferenza '%s' duplicata\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "troppe preferenze di cifratura\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "troppe preferenze di digest\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "troppe preferenze di compressione\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "troppe preferenze di cifratura\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "elemento '%s' non valido nella stringa delle preferenze\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "scrittura della firma diretta\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "scrittura della autofirma\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "scrittura della firma di collegamento alla chiave\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "dimensione della chiave non valida; uso %u bit\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "dimensioni della chiave arrotondate a %u bit\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5291,19 +5232,19 @@ msgstr ""
 "AVVISO: alcuni programmi OpenPGP non sono in grado di gestire una chiave DSA "
 "con questa dimensione del digest\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Firma"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certifica"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Crittografa"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentica"
 
@@ -5317,161 +5258,180 @@ msgstr "Autentica"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Azioni possibili per una chiave %s: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Azioni correnti consentite: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Attivare o disattivare la funzionalità di firma\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Attivare/disattivare la funzionalità di crittografia\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Attivare/disattivare la funzionalità di autenticazione\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Finito\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA e RSA (impostazione predefinita)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA ed Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (firma solo)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (firma solo)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (cifra solo)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (cifra solo)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (impostare le proprie capacità)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (imposta le tue funzionalità)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC ed ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "    (%d) segno, cifra\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (firma solo)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (imposta le tue capacità)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (solo crittografia)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) Chiave esistente\n"
 
-#: g10/keygen.c:1973
-#, c-format
-msgid "  (%d) Existing key from card\n"
+#: g10/keygen.c:2158
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Chiave esistente dalla scheda\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Immettere il keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Keygrip non valido (previsto 40 cifre esadecimali)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Nessuna chiave con questa chiave\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "errore durante la lettura della scheda: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Numero di serie della scheda: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Chiavi disponibili:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "arrotondato a %u bit\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "Le chiavi %s possono essere lunghe tra %u e %u bit.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Quale dimensione della chiave si desidera per la sottochiave? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "La dimensione richiesta della chiave è %u bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Selezionare la curva ellittica desiderata:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5487,7 +5447,7 @@ msgstr ""
 "      <n>m = la chiave scadrà dopo n mesi\n"
 "      <n>y = la chiave scadrà dopo n anni\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5503,38 +5463,38 @@ msgstr ""
 "      <n>m = la chiave scadrà dopo n mesi\n"
 "      <n>y = la chiave scadrà dopo n anni\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Chiave valida per? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "La firma è valida per? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valore non valido\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "La chiave non scade affatto\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "La firma non scade affatto\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "La chiave scade alle %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "La firma scade alle %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5542,11 +5502,11 @@ msgstr ""
 "Il tuo sistema non può mostrare date oltre il 2038.\n"
 "Comunque, sarà gestita correttamente fino al 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "È corretto? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5560,7 +5520,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5576,49 +5536,49 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nome e Cognome: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Carattere non valido nel nome\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "I caratteri '%s' e '%s' non possono essere visualizzati nel nome\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Il nome non può iniziare con una cifra\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Il nome deve essere lungo almeno 5 caratteri\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Indirizzo di Email: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "L'indirizzo di email non è valido\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Commento: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Carattere non valido nel commento\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Si sta utilizzando il set di caratteri '%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5629,7 +5589,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Per favore non mettere l'indirizzo di email nel nome o nel commento\n"
 
@@ -5644,31 +5604,31 @@ msgstr "Per favore non mettere l'indirizzo di email nel nome o nel commento\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (Q)uit? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (Q)uit? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Per favore correggi prima l'errore\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5680,13 +5640,13 @@ msgstr ""
 "dischi) durante la generazione dei numeri primi; questo da al generatore di\n"
 "numeri casuali migliori possibilità di raccogliere abbastanza entropia.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Generazione della chiave fallita: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5697,66 +5657,66 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Continuare? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Esiste già una chiave per \"%s\"\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Creare comunque? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "creazione comunque\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Nota: utilizzare \"%s %s\" per una finestra di dialogo di generazione di "
 "chiavi in primo piano.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Generazione della chiave annullata.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "impossibile creare il file di backup '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Nota: backup della chiave della scheda salvata in '%s'\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "scrittura di chiave pubblica in '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "non è stato trovato un portachiavi pubblico scrivibile: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "errore durante la scrittura della chiave pubblica '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "chiavi pubbliche e segrete create e firmate.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5765,7 +5725,7 @@ msgstr ""
 "consiglia di utilizzare\n"
 "il comando \"--edit-key\" per generare una sottochiave a questo scopo.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5773,7 +5733,7 @@ msgstr ""
 "la chiave è stata creata %lu secondo nel futuro (salto nel tempo o problema\n"
 "con l'orologio)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5781,58 +5741,58 @@ msgstr ""
 "la chiave è stata creata %lu secondi nel futuro (salto nel tempo o problema\n"
 "con l'orologio)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "Nota: la creazione di sottochiavi per le chiavi v3 non è conforme a OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Parti della chiave segreta non sono disponibili.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Le parti segrete della chiave primaria vengono archiviate su scheda.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Davvero creare? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "mai       "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Politica critica di firma: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Politica di firma: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Server chiave preferito critico: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Annotazione critica della firma: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Annotazione della firma: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d buona firma\n"
 msgstr[1] "%d buone firme\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
@@ -5841,123 +5801,117 @@ msgstr[1] ""
 "Firme %d non controllate a causa di errori\n"
 "\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Avviso: chiave %lu ignorata a causa delle dimensioni grandi\n"
 msgstr[1] "Avviso: chiavi %lu ignorate a causa delle dimensioni grandi\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Portachiavi"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Impronta digitale della chiave primaria:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "    Impronta digitale della subchiave:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Impronta digitale della chiave primaria:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "     Impronta digitale della subchiave:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "     Impronta digitale della chiave ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Numero seriale della scheda ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "chiave di memorizzazione nella cache '%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "E' stata controllata %lu chiave (%lu firma)\n"
 msgstr[1] "Sono state controllate %lu chiavi (%lu firme)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "Chiave %lu memorizzata nella cache"
 msgstr[1] "Chiavi %lu memorizzata nella cache"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (firma %lu)\n"
 msgstr[1] " (firme %lu)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: portachiavi creato\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "ignorare le opzioni proxy impostate per dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "includere chiavi revocate nei risultati della ricerca"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "includere le sottochiavi durante la ricerca in base all'ID chiave"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "opzioni di timeout di override impostate per dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "recuperare automaticamente le chiavi durante la verifica delle firme"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "rispettare l'URL del keyserver preferito impostato sulla chiave"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-"rispettare il record PKA impostato su una chiave durante il recupero delle "
-"chiavi"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "disabilitato"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Immettere numeri, N)ext o Q)uit > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "protocollo keyserver non valido (noi %d!=intestazione %d!)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" non è un ID chiave:\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
@@ -5966,129 +5920,142 @@ msgstr[1] ""
 "aggiornamento della chiavi %d da %s\n"
 "\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVVISO: impossibile aggiornare la chiave %s tramite %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "chiave \"%s\" non trovata nel keyserver\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "chiave non trovata nel keyserver\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "richiesta della chiave %s dal server %s %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "richiesta della chiave %s da %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "nessun keyserver noto\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "\"%s\" ignorato: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "invio della chiave %s a %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "richiesta di chiave da '%s'\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVVISO: impossibile recuperare l'URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "la chiave di sessione cifrata ha dimensioni strane (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "chiave di sessione cifrata con %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "cifrato con l'algoritmo sconosciuto %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "passphrase generata con algoritmo digest sconosciuto %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "la chiave pubblica è %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "dati cifrati con la chiave pubblica: DEK corretto\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "crittografata con la chiave %u bit %s, ID %s, creata %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr ""
 "crittografata con chiave %s, ID %s\n"
 "\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "decifratura della chiave pubblica fallita: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "AVVISO: più testo in chiaro visti\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "cifratto con %lu passphrase\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "cifratto con 1 passphrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "decifratura della chiave pubblica fallita: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "dati cifrati con la chiave pubblica: DEK corretto\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "suppongo che i dati siano cifrati con %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "Cifrario IDEA non disponibile, ottimisticamente cerco di usare %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "ATTENZIONE: l'integrità del messaggio non era protetta\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -6098,271 +6065,271 @@ msgstr ""
 "probabile che questo messaggio sia legittimo.  Questo perché indietro\n"
 "quindi la protezione dell'integrità non è stata ampiamente utilizzata.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Utilizzare comunque l'opzione '%s' per decrittografare.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "decrittazione costretto a fallire!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "decifratura corretta\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "ATTENZIONE: il messaggio cifrato è stato manipolato!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "decifratura fallita: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Nota: mittente richiesto \"solo per i tuoi occhi\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nome del file originale='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revoca solitaria - usa \"gpg --import\" per applicarla\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "nessuna firma trovata\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Firma BAD da \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Firma scaduta da \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Firma valida da \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verifica della firma soppressa\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "impossibile gestire questi dati di firma ambigui\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Firma effettuata %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               utilizzando la chiave %s %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Firma effettuata %s utilizzando l'ID chiave %s %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               autorità emittente \"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Chiave disponibile presso: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Nota: utilizzare '%s' per utilizzare queste informazioni\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[incerta]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                 aka \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "AVVISO: questa chiave non è adatta per l'accesso in modalità %s\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Firma scaduta il %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Questa firma scadrà il %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "Firma %s, algoritmo digest %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binario"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "modo testo"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "sconosciuto"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", algoritmo a chiave "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 "AVVISO: non è una firma disconnessa; il file '%s' NON è stato verificato!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Impossibile controllare la firma: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "non è una firma separata\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "ATTENZIONE: trovate firme multiple. Sarà controllata solo la prima.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "firma solitaria di classe 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "firma vecchio stile (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat di '%s' non riuscito in %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) non riuscito in %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "AVVISO: utilizzo dell'algoritmo a chiave pubblica sperimentale %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "AVVISO: le chiavi Elgamal sign-encrypt sono deprecate\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "AVVISO: utilizzo dell'algoritmo di crittografia sperimentale %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "AVVISO: utilizzo dell'algoritmo digest sperimentale %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "AVVISO: l'algoritmo digest %s è deprecato\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Nota: le firme che utilizzano l'algoritmo %s vengono rifiutate\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr ""
 "Nota: le firme di chiave di terze parti che utilizzano l'algoritmo %s "
 "vengono rifiutate\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(errore segnalato: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(errore segnalato: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(ulteriori informazioni: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d \"%s\" è una opzione deprecata\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "ATTENZIONE: \"%s\" è una opzione deprecata\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "usa al suo posto \"%s%s\"\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVVISO: \"%s\" è un comando deprecato - non utilizzarlo\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: \"%s\" è obsoleto in questo file - ha effetto solo in %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6370,42 +6337,37 @@ msgstr ""
 "AVVISO: \"%s%s\" è un'opzione obsoleta- non ha alcun effetto ad eccezione di "
 "%s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Non compresso"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "non compresso|nessuno"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "questo messaggio può non essere utilizzabile da %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "opzione ambigua '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "opzione sconosciuta '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "La chiave pubblica ECDSA dovrebbe essere in codifica SEC multipla di 8 bit\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "digest debole sconosciuto '%s'\n"
@@ -6428,90 +6390,79 @@ msgstr "%s: suffisso sconosciuto\n"
 msgid "Enter new filename"
 msgstr "Inserire il nuovo nome del file"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "scrivo su stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "presupponendo i dati firmati in '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "impossibile gestire l'algoritmo a chiave pubblica %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "ATTENZIONE: la chiave di sessione cifrata simmetricamente è potenzialmente\n"
 "non sicura\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Notazione della firma critica sconosciuta: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "il sottopacchetto di tipo %d ha un bit critico impostato\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problema con l'agente: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Inserisci la nuova passphrase"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Inserisci la passphrase\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "interrotto dall'utente\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ID chiave principale %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Immettere la passphrase per sbloccare la chiave segreta OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Immettere la passphrase per importare la chiave segreta OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Immettere la passphrase per esportare la sottochiave segreta OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Immettere la passphrase per esportare la chiave segreta OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Si desidera eliminare definitivamente la chiave della sottochiave segreta "
 "OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Si desidera eliminare definitivamente la chiave segreta OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6526,7 +6477,7 @@ msgstr ""
 "creato %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6543,40 +6494,85 @@ msgstr ""
 "molto\n"
 "grande! Dimensioni vicine a 240x288 sono una buona scelta.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Inserisci il nome del file JPEG per l'ID fotografico: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "impossibile aprire il file JPEG '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Questo JPEG è davvero grande (%d byte) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Sei sicuro di volerlo usare? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s' non è un file JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Questa foto è giusta? (s/N/q) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "impossibile mostrare l'ID fotografico\n"
+msgid "no remote program execution supported\n"
+msgstr "l'esecuzione remota dei programmi non è gestita\n"
 
-#. TRANSLATORS: These are the allowed answers in lower and
-#. uppercase.  Below you will find the matching strings which
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"questa piattaforma richiede file temporanei quando si chiamano programmi "
+"esterni\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "impossibile eseguire la shell '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "uscita anormale del programma esterno\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "errore di sistema chiamando il programma esterno: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVVISO: impossibile rimuovere il file temporaneo (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVVISO: impossibile rimuovere la directory temporanea '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"le chiamate a programmi esterni sono disattivate a causa dei permessi non\n"
+"sicuri del file delle opzioni\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "impossibile mostrare l'ID fotografico\n"
+
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase.  Below you will find the matching strings which
 #. should be translated accordingly and the letter changed to
 #. match the one in the answer string.
 #.
@@ -6585,54 +6581,54 @@ msgstr "impossibile mostrare l'ID fotografico\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Nessun valore di attendibilità assegnato a:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  aka \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Quanto si considera attendibile che questa chiave appartenga effettivamente "
 "all'utente denominato?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Non so o non dirò\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = Non mi fido\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Mi fido in ultima analisi\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = torna al menu principale\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = salta questa chiave\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = uscire\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6641,49 +6637,49 @@ msgstr ""
 "Il livello di attendibilità minimo per questa chiave è: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Cosa hai deciso? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Vuoi davvero impostare questa chiave per la massima fiducia? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificati che portano a chiavi definitivamente affidabili:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: non esiste alcuna garanzia che questa chiave appartenga all'utente "
 "denominato\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: garanzia limitata che questa chiave appartenga all'utente denominato\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Questa chiave probabilmente appartiene all'utente denominato\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Questa chiave ci appartiene\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 "%s: questa chiave non è valido!  È stato contrassegnato come non "
 "attendibile!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6694,7 +6690,7 @@ msgstr ""
 "\"davvero, sai quello che stai facendo, potresti rispondere al prossimo\n"
 "domanda con sì.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6704,149 +6700,171 @@ msgstr ""
 "nell'ID utente.  Se sai davvero quello che stai facendo,\n"
 "si può rispondere alla prossima domanda con sì.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Utilizzare comunque questa chiave? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "ATTENZIONE: uso di una chiave non fidata!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "ATTENZIONE: questa chiave può essere stata revocata (la chiave di revoca\n"
 "non è presente).\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "ID utente: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr ""
+"l'opzione '%s' specificata, ma l'opzione '%s' non è stata specificata\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "chiave %s: non corrisponde alla nostra copia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr ""
+"l'opzione '%s' specificata, ma l'opzione '%s' non è stata specificata\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr ""
 "ATTENZIONE: questa chiave è stata revocata dal suo revocatore designato!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "ATTENZIONE: questa chiave è stata revocata dal suo proprietario!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Questo potrebbe significare che la firma è contraffatta.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "ATTENZIONE: questa subchiave è stata revocata dal proprietario!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: questa chiave è stata disabilitata.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Nota: l'indirizzo del firmatario verificato è '%s'\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Nota: l'indirizzo del firmatario '%s' non corrisponde alla voce DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "trustlevel adattato a FULL a causa di informazioni PKA valide\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "trustlevel modificato MAI a causa di informazioni PKA non valido\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Nota: questa chiave è scaduta!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "ATTENZIONE: questa chiave non è certificata con una firma fidata!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "ATTENZIONE: questa chiave non è certificata con una firma fidata!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Non ci sono indicazioni che la firma appartenga al proprietario.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ATTENZIONE: NON ci fidiamo di questa chiave!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "          La firma è probabilmente un FALSO.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"ATTENZIONE: questa chiave non è certificata con firme abbastanza fidate!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "ATTENZIONE: questa chiave non è certificata con firme abbastanza fidate!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Non è sicuro che la firma appartenga al proprietario.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: saltata: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: saltata: chiave pubblica disabilitata\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: saltata: chiave pubblica già presente\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "impossibile crittografare in '%s'\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr ""
 "l'opzione '%s' specificata, ma non sono state fornite chiavi predefinite "
 "valide\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr ""
 "l'opzione '%s' specificata, ma l'opzione '%s' non è stata specificata\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Non hai specificato un user ID. (puoi usare \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Destinatari correnti:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6854,40 +6872,40 @@ msgstr ""
 "\n"
 "Inserisci l'user ID. Termina con una riga vuota: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "User ID inesistente.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "saltata: chiave pubblica già impostata come destinatario predefinito\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "La chiave pubblica è disabilitata.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "saltata: chiave pubblica già impostata\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "destinatario predefinito sconosciuto \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "nessun indirizzo valido\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Nota: la chiave %s non ha funzionalità %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Nota: la chiave %s non ha preferenze per %s\n"
@@ -6898,78 +6916,84 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "i dati non sono stati salvati; usa l'opzione \"--output\" per salvarli\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Firma separata.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Inserisci il nome del file di dati: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "viene letto stdin...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "non ci sono dati firmati\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "impossibile aprire i dati firmati '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "impossibile aprire i dati firmati fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "la chiave %s non è adatta per la decrittografia in modalità %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinatario anonimo; tentativo di chiave segreta %s...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "la chiave %s non è adatta per la decrittografia in modalità %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "bene, siamo il destinatario anonimo.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "la vecchia codifica del DEK non è gestita\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "l'algoritmo di cifratura %d%s è sconosciuto o disattivato\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "AVVISO: algoritmo di crittografia %s non trovato nelle preferenze del "
 "destinatario\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Nota: chiave segreta %s scaduta alle %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Nota: la chiave è stata revocata"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet fallito: %s\n"
@@ -6987,37 +7011,37 @@ msgstr "Revocabile da:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Questa è una chiave di revoca sensibile)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "La chiave segreta non è disponibile.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Creare un certificato di revoca designato per questa chiave? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Forzato l'output con armatura ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet fallito: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Certificato di revoca creato.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "nessuna chiave di revoca trovata per \"%s\"\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Questo è un certificato di revoca per la chiave OpenPGP:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7028,7 +7052,7 @@ msgstr ""
 "Non è possibile ritirare un certificato di revoca una volta che è stato\n"
 "pubblicato."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7043,7 +7067,7 @@ msgstr ""
 "un motivo per la revoca.  Per i dettagli, vedere la descrizione di\n"
 "del comando gpg \"--generate-revocation\" nel manuale GnuPG."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7053,12 +7077,12 @@ msgstr ""
 "punti prima dei 5 trattini in basso. Rimuovere tali due punti con un\n"
 "editor di testo prima di importare e pubblicare il certificato di revoca."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "certificato di revoca archiviato come '%s.rev'\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "chiave segreta \"%s\" non trovata\n"
@@ -7071,16 +7095,16 @@ msgstr "chiave segreta \"%s\" non trovata\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "'%s' corrisponde a più chiavi segrete:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "errore durante la ricerca del portachiave: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Creare un certificato di revoca per questa chiave? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7100,37 +7124,37 @@ msgstr ""
 "disponibili\n"
 "ad altri!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Per favore scegli il motivo della revoca:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Cancella"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Probabilmente volevi scegliere %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Inserisci una descrizione opzionale; terminala con una riga vuota:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Motivo della revoca: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Non è stata data una descrizione)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Va bene così? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "creata una chiave debole - riprovo\n"
@@ -7142,64 +7166,59 @@ msgstr ""
 "impossibile evitare una chiave debole per il cifrario simmetrico; ho provato "
 "%d volte!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "La chiave %s %s utilizza un hash non sicuro (%zu bit)\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "La chiave %s %s richiede un bit %zu o un hash superiore (l'hash è %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "impossibile utilizzare la chiave %s per l'accesso in modalità %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "ATTENZIONE: conflitto del digest delle firme nel messaggio\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "impossibile utilizzare la chiave %s per l'accesso in modalità %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "AVVISO: la sottochiave di firma %s non è certificata incrociata\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "per ulteriori informazioni, vedere %s\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVVISO: la firma della sottochiave %s ha una certificazione incrociata non "
 "valida\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "la chiave pubblica %s è %lu seconda più recente della firma\n"
 msgstr[1] "le chiavi pubbliche %s sono %lu seconda più recente della firma\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "la chiave pubblica %s è %lu più recente della firma\n"
 msgstr[1] "le chiavi pubbliche %s sono %lu più recente della firma\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7212,7 +7231,7 @@ msgstr[1] ""
 "le chiavi %s sono stata create %lu secondo in futuro (problema di curvatura "
 "dell'ora o orologio)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7224,54 +7243,54 @@ msgstr[1] ""
 "le chiavi %s sono state create %lu giorni in futuro (problema di curvatura "
 "dell'ora o orologio)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Nota: chiave di firma %s scaduta %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Nota: la chiave di firma %s è stata revocata\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "firma chiave non valida dalla chiave %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "firma dati non valida dalla chiave %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "presupponendo una firma non valida dalla chiave %s a causa di un bit critico "
 "sconosciuto\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "chiave %s: nessuna sottochiave per la firma di revoca della sottochiave\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr ""
 "chiave %s: nessuna sottochiave per la firma di associazione della "
 "sottochiave\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "ATTENZIONE: impossibile espandere i %% nell'URL (troppo lunga). Usata "
 "inespansa.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7279,7 +7298,7 @@ msgstr ""
 "AVVISO: impossibile espandere l'URL del criterio %%(troppo grande).  "
 "Utilizzo nonexpanded.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7288,52 +7307,53 @@ msgstr ""
 "AVVISO: impossibile espandere %%l'URL del keyserver preferito (troppo "
 "grande).  Utilizzo nonexpanded.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "Firma %s/%s da: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "AVVISO: l'algoritmo digest %s (%d) viola le preferenze dei destinatari\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "firma:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "sarà usato il cifrario %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "la chiave non è indicata come insicura - impossibile usarla con il RNG "
 "finto!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "\"%s\" ignorato: duplicato\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "saltata: chiave pubblica già presente\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "si tratta di una chiave Elgamal generata da PGP che non è sicura per le "
 "firme!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "trust record %lu, req type %d: write fallita: %s\n"
@@ -7347,43 +7367,43 @@ msgstr ""
 "# Lista dei valori della fiducia assegnati, creata il %s\n"
 "# (Usa \"gpg --import-ownertrust\" per ripristinarli)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "errore in '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "linea troppo lunga"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "due punti mancanti"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "impronta digitale non valida"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "cambia il valore di fiducia"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "errore durante la ricerca del record di attendibilità in '%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "errore di lettura in '%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sync fallita: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "impossibile creare il blocco per '%s'\n"
@@ -7393,12 +7413,12 @@ msgstr "impossibile creare il blocco per '%s'\n"
 msgid "can't lock '%s'\n"
 msgstr "impossibile bloccare '%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek fallita: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: scrittura fallita (n=%d): %s\n"
@@ -7413,7 +7433,7 @@ msgstr "transazione del trustdb troppo grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: la directory non esiste!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "impossibile accedere a '%s': %s\n"
@@ -7454,7 +7474,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: errore durante l'aggiornamento del record di versione: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: errore durante la lettura del record di versione: %s\n"
@@ -7464,52 +7484,52 @@ msgstr "%s: errore durante la lettura del record di versione: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: errore durante la scrittura del record di versione: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek fallita: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: read fallita (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: non è un file di trustdb\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: record di versione con recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versione %d del file non valida\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: errore durante la lettura del record libero: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: errore durante la scrittura del dir record: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: azzeramento di un record fallito: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: accodatura a un record fallita: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Errore: trustdb danneggiato.\n"
@@ -7549,10 +7569,10 @@ msgstr "versione del database TOFU non supportata: %s\n"
 msgid "TOFU DB error"
 msgstr "Errore DB TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "errore durante la lettura del database TOFU: %s\n"
@@ -7573,7 +7593,7 @@ msgstr "errore durante l'inizializzazione del database TOFU: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "errore durante l'apertura del database TOFU '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "errore durante l'aggiornamento del database TOFU: %s\n"
@@ -7747,85 +7767,85 @@ msgstr "(G)ood, (A)ccept una volta, (U)nknown, (R)espellere una volta, (B)ad? "
 msgid "Defaulting to unknown.\n"
 msgstr "Impostazione predefinita sconosciuta.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Rilevato danneggiamento del database TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "errore durante la modifica del criterio TOFU: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~anno"
 msgstr[1] "%lld~anni"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~mese"
 msgstr[1] "%lld‪‪~mesi"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~settimana"
 msgstr[1] "%lld‪‪~settimane"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~giorno"
 msgstr[1] "%lld~giorni"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~ora"
 msgstr[1] "%lld~ore"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~minuto"
 msgstr[1] "%lld~minuti"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~secondo"
 msgstr[1] "%lld~secondi"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: verificata 0: firme e 0 messaggi crittografati."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: firme 0 verificate."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Messaggi crittografati 0."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(criterio: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7833,7 +7853,7 @@ msgstr ""
 "Attenzione: dobbiamo ancora vedere un messaggio firmato utilizzando questa "
 "chiave e ID utente!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7841,19 +7861,19 @@ msgstr ""
 "Attenzione: abbiamo visto solo un messaggio firmato utilizzando questa "
 "chiave e ID utente!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 "Attenzione: non è ancora necessario crittografare un messaggio a questa "
 "chiave!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Attenzione: hai crittografato solo un messaggio per questa chiave!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7882,137 +7902,137 @@ msgstr[1] ""
 "  %s\n"
 "per contrassegnarlo come cattivo.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "errore durante l'apertura del database TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr "AVVISO: crittografia a %s, che non dispone di ID utente non revocati\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' non è un keyID lungo valido\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "chiave %s: accettata come chiave attendibile\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "chiave %s si verifica più di una volta nel trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "chiave %s: nessuna chiave pubblica per la chiave attendibile - ignorata\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "chiave %s contrassegnata come considerata attendibile\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "trust record %lu, tipo %d: read fallita: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "il trust record %lu non è del tipo richiesto %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 "È possibile provare a creare nuovamente il trustdb utilizzando i comandi:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Se ciò non funziona, consultare il manuale\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "impossibile utilizzare il modello di trust sconosciuto (%d) - presupponendo "
 "il modello di trust %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "utilizzo del modello di trust %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "non è necessario un controllo del trustdb\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "il prossimo controllo del trustdb sarà fatto il %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "non è necessario un controllo trustdb con il modello di trust '%s'\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "non è necessario un aggiornamento trustdb con il modello di trust '%s'\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "chiave pubblica %s non trovata: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "per favore usa --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "controllo il trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "Chiave %d elaborata"
 msgstr[1] "Chiavi %d elaborate"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (%d conteggio di validità cancellato)\n"
 msgstr[1] " (%d conteggi di validità cancellati)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "non è stata trovata alcuna chiave definitivamente affidabile\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "chiave pubblica della chiave attendibile %s non trovata\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8020,30 +8040,30 @@ msgstr ""
 "profondità: %d  valido: %3d  firmato: %3d  trust: %d-, %dq, %dn, %dm, %df, "
 "%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "impossibile aggiornare il record della versione trustdb: scrittura non "
 "riuscita: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "non definito"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "mai"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginale"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "intero"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "definitivo"
 
@@ -8055,39 +8075,39 @@ msgstr "definitivo"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 traduttore vedere trust.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ revocato]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ scaduto]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ sconosciuto]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  undef ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[  mai ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginale]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  completo  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ultimo]"
 
@@ -8112,19 +8132,31 @@ msgstr "linea di input %u troppo lunga o LF mancante\n"
 msgid "can't open fd %d: %s\n"
 msgstr "impossibile aprire fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "ATTENZIONE: l'integrità del messaggio non era protetta\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "opzione ambigua '%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "impostare i flag di debug"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "abilitare il debug completo"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Utilizzo: kbxutil [opzioni] [file] (-h per assistenza)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8135,72 +8167,199 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNumero: %s%%0ATitolare: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Tentativi rimanenti: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Inserisci il PIN"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Inserisci il Codice reset per la carta"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Inserisci il PIN"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Inserisci il Codice reset per la carta"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Inserisci il PIN di amministratore"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Inserisci il codice di sblocco del PIN (PUK) per i tasti standard."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Errore di richiamata PIN: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "Il PIN per CHV%d è troppo breve; la lunghezza minima è %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "Il PIN per CHV%d è troppo breve; la lunghezza minima è %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "chiave già esistente\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "chiave esistente verrà sostituita\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generazione di una nuova chiave\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "genera una nuova coppia di chiavi\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "impossibile archiviare la chiave: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "risposta non contiene il modulo RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "risposta non contiene l'esponente pubblico RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "risposta non contiene la chiave pubblica CE\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "si prega di attendere mentre la chiave viene generata …\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generazione della chiave non riuscita\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "generazione della chiave completata (%d secondo)\n"
+msgstr[1] ""
+"generazione della chiavi completate (%d secondi)\n"
+"\n"
+"\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "risposta non contiene i dati della chiave pubblica\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Immettere il PIN per la chiave per creare firme qualificate."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Inserisci il PIN di amministratore"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Inserisci il codice di sblocco del PIN (PUK) per i tasti standard."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Si prega di inserire il PIN per le chiavi standard."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "Modulo RSA mancante o non di dimensione %d bit\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "Esponente pubblico RSA mancante o superiore a %d bit\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "Errore di richiamata PIN: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "il NullPIN non è ancora stato modificato\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "il NullPIN non è ancora stato modificato\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Immettere un nuovo PIN per le chiavi standard."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|N|Inserisci un nuovo codice di sblocco del PIN (PUK) per i tasti standard."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Immettere un nuovo PIN per la chiave per creare firme qualificate."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8208,7 +8367,7 @@ msgstr ""
 "|NP|Inserisci un nuovo codice di sblocco PIN (PUK) per la chiave per creare "
 "firme qualificate."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8216,47 +8375,27 @@ msgstr ""
 "|P|Inserisci il codice di sblocco del PIN (PUK) per la chiave per creare "
 "firme qualificate."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "errore durante il recupero del nuovo PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "impossibile memorizzare l'impronta digitale: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "impossibile memorizzare la data di creazione: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "errore durante il recupero dello stato CHV dalla scheda\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "risposta non contiene il modulo RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "risposta non contiene l'esponente pubblico RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "risposta non contiene la chiave pubblica CE\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "risposta non contiene i dati della chiave pubblica\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "lettura della chiave pubblica non riuscita: %s\n"
@@ -8264,44 +8403,44 @@ msgstr "lettura della chiave pubblica non riuscita: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNumero: %s%%0AHolder: %s%%0ACounter: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "utilizzando il PIN predefinito come %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "impossibile utilizzare il PIN predefinito come %s: %s - disabilitazione "
 "dell'ulteriore utilizzo predefinito\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Si prega di sbloccare la carta"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "Il PIN per CHV%d è troppo breve; la lunghezza minima è %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "verifica CHV%d non riuscita: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "carta è bloccata in modo permanente!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8313,20 +8452,20 @@ msgstr[1] ""
 "%d tentativi di PIN di amministrazione rimanenti prima che la schede vengano "
 "bloccate in modo permanente\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "l'accesso ai comandi di amministrazione non è configurato\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Inserisci il PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Inserisci il Codice reset per la carta"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Il codice di reimpostazione è troppo breve; la lunghezza minima è %d\n"
@@ -8334,117 +8473,72 @@ msgstr "Il codice di reimpostazione è troppo breve; la lunghezza minima è %d\n
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Nuovo codice di ripristino"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nuovo PIN di amministrazione"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Nuovo PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Inserisci il PIN di amministratore e il nuovo PIN di amministrazione"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Inserisci il PIN e il nuovo PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "errore durante la lettura dei dati dell'applicazione\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "errore durante la lettura dell'impronta digitale DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "chiave già esistente\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "chiave esistente verrà sostituita\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generazione di una nuova chiave\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "genera una nuova coppia di chiavi\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "timestamp di creazione mancante\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA primo %s mancante o non di dimensione %d bit\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "impossibile archiviare la chiave: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "curva non supportata\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "si prega di attendere mentre la chiave viene generata …\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generazione della chiave non riuscita\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generazione della chiave completata (%d secondo)\n"
-msgstr[1] ""
-"generazione della chiavi completate (%d secondi)\n"
-"\n"
-"\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "struttura non valida della scheda OpenPGP (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "impronta digitale sulla carta non corrisponde a quello richiesto\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "scheda non supporta l'algoritmo digest %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "firme create finora: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8452,7 +8546,7 @@ msgstr ""
 "la verifica del PIN di amministrazione è attualmente vietata tramite questo "
 "comando\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "impossibile accedere a %s - scheda OpenPGP non valida?\n"
@@ -8464,59 +8558,63 @@ msgstr "||Inserisci il tuo PIN sul pinpad del lettore"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Nuovo PIN iniziale"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "eseguire in modalità multi server (in primo piano)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL| impostare il livello di debug su LEVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|scrittura di un registro in FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|connessione al lettore alla porta N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|utilizzare NAME come driver ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|utilizzare NAME come driver PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "non utilizzare il driver CCID interno"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|scollegare la scheda dopo N secondi di inattività"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "non utilizzare il pinpad di un lettore"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "utilizzare l'input a lunghezza variabile per il pinpad"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "negare l'uso dei comandi della scheda di amministrazione"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Utilizzo: @SCDAEMON@ [opzioni] (-h per assistenza)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8524,41 +8622,33 @@ msgstr ""
 "Sintassi: scdaemon [opzioni] [comando [args]]\n"
 "Daemon smartcard per @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "si prega di utilizzare l'opzione '--daemon' per eseguire il programma in "
 "background\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "gestore per fd %d avviato\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "gestore per fd %d terminato\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr ""
-"errore durante il recupero delle informazioni sull'utilizzo della chiave: "
-"%s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "modello di convalida richiesto dal certificato: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "catena"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8591,7 +8681,7 @@ msgstr "Nota: i criteri di certificato non critici non sono consentiti"
 msgid "certificate policy not allowed"
 msgstr "criteri certificato non consentiti"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "non è riuscito a ottenere l'impronta digitale\n"
@@ -8606,7 +8696,7 @@ msgstr "ricerca dell'emittente in una posizione esterna\n"
 msgid "number of issuers matching: %d\n"
 msgstr "numero di emittenti corrispondenti: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "impossibile ottenere authorityInfoAccess: %s\n"
@@ -8626,234 +8716,234 @@ msgstr "numero di certificati corrispondenti: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "ricerca chiave solo cache dirmngr non riuscita: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "impossibile allocare l'handle keyDB\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certificato è stato revocato"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "lo stato del certificato è sconosciuto"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "assicurarsi che il \"dirmngr\" sia installato correttamente\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "controllo del CRL non riuscito: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certificato con validità non valida: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certificato non ancora valido"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "certificato radice non ancora valido"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "certificato intermedio non ancora valido"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certificato è scaduto"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "certificato radice scaduto"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "certificato intermedio scaduto"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "attributi obbligatori del certificato mancanti: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certificato con validità non valida"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "firma non creata durante la durata del certificato"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certificato non creato durante la durata dell'emittente"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 "certificato intermedio non creato durante la durata dell'autorità emittente"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr " (  firma creata alle "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certificato creato alle "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certificato valido da "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     emittente valido da "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "impronta digitale=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "certificato radice è stato contrassegnato come attendibile\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "contrassegno interattivo come attendibile non abilitato in gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 "contrassegno interattivo come attendibile disabilitato per questa sessione\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "AVVISO: ora di creazione della firma non nota - presupponendo l'ora corrente"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "nessuna autorità emittente trovata nel certificato"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "certificato autofirmato ha una firma BAD"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "certificato radice non contrassegnato come attendibile"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "controllo dell'elenco di attendibilità non riuscito: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "catena di certificati troppo lunga\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "certificato dell'autorità emittente non trovato"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certificato ha una firma BAD"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "trovato un altro possibile certificato CA corrispondente - riprovare"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "catena di certificati più lunga di quella consentita dalla CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certificato è buono\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "certificato intermedio è buono\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "certificato radice è buono\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "passaggio al modello a catena"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "modello di convalida utilizzato: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "un hash di bit %u non è valido per una chiave %u bit %s\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "fuori dal nucleo\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(questo è l'algoritmo MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "nessuno"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Errore - codifica non valida]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Errore - fuori dal nucleo]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Errore - Nessun nome]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Errore - DN non valido]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8868,143 +8958,156 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "creato %s, scade %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 "nessun utilizzo chiave specificato - supponendo che tutti gli utilizzi\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+"errore durante il recupero delle informazioni sull'utilizzo della chiave: "
+"%s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 "certificato non avrebbe dovuto essere utilizzato per la certificazione\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 "certificato non deve essere stato utilizzato per la firma della risposta "
 "OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certificato non avrebbe dovuto essere utilizzato per la crittografia\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certificato non avrebbe dovuto essere utilizzato per la firma\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certificato non è utilizzabile per la crittografia\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certificato non è utilizzabile per la firma\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "ricerca di un certificato"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "riga %d: algoritmo non valido\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "riga %d: lunghezza chiave non valida %u (valida da %d a %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "riga %d: nessun nome soggetto specificato\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr ""
 "riga %d: etichetta del nome soggetto non valida '%.*s'\n"
 "\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "riga %d: nome soggetto '%s' non valido in pos %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "riga %d: indirizzo di posta elettronica non valido\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "riga %d: numero di serie non valido\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 "riga %d: etichetta del nome dell'autorità emittente non valida '%.*s'\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "riga %d: nome autorità emittente '%s' non valido in pos %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "riga %d: data specificata non valida\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "riga %d: errore durante l'osando di firmare la chiave da keygrip '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "riga %d: algoritmo hash non valido specificato\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "riga %d: authority-key-id non valido\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "riga %d: id-chiave-soggetto non valido\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "riga %d: sintassi di estensione non valida\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr ""
 "riga %d: errore durante la lettura della chiave '%s' dalla scheda: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr ""
 "riga %d: errore durante il recupero della chiave da parte della chiave '%s': "
 "%s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "riga %d: generazione chiave non riuscita: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9012,45 +9115,45 @@ msgstr ""
 "Per completare questa richiesta di certificato, inserire la passphrase per "
 "la chiave appena creata ancora una volta.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "  (%d) Chiave esistente\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Chiave esistente dalla scheda\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Azioni possibili per una chiave %s: \n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "    (%d) segno, cifra\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) segno\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) crittografa\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Immettere il nome soggetto X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Nessun nome soggetto dato\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Etichetta del nome del soggetto non valida '%.*s'.\n"
@@ -9060,333 +9163,364 @@ msgstr "Etichetta del nome del soggetto non valida '%.*s'.\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Nome soggetto '%s' non valido\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "22 traduttore: vedere certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Immettere gli indirizzi di posta elettronica"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (terminare con una riga vuota):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Immettere i nomi DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (opzionale; terminare con una riga vuota):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Immettere gli URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Creare un certificato autofirmato? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Vengono utilizzati i seguenti parametri:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "errore durante la creazione del file temporaneo: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Creazione di un certificato autofirmato.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Creazione della richiesta di certificato.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Questo potrebbe richiedere un po' ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Pronto.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Pronto.  È ora necessario inviare questa richiesta alla CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "problema delle risorse: fuori dal nucleo\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "dati cifrati con %s.%s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(questo è l'algoritmo RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(questo non sembra essere un messaggio crittografato)\n"
 
-#: sm/decrypt.c:958
-#, c-format
+#: sm/decrypt.c:868
+#, fuzzy, c-format
+#| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr ""
 "crittografata con chiave %s, ID %s\n"
 "\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "certificato '%s' non trovato: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "errore durante il blocco della keybox: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "certificato duplicato '%s' eliminato\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certificato '%s' eliminato\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "eliminazione del certificato \"%s\" non riuscita: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "nessun destinatario valido dato\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "elencare le chiavi esterne"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "catena di certificati valida"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importa certificati"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "esporta certificati"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "registrare una smart card"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "passare un comando al dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "richiamare gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "non usa per niente il terminale"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|numero di certificati da includere"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|prendere le informazioni sui criteri da FILE"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "presupporre che l'input sia in formato PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "presupporre che l'input sia in formato base 64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "presupporre che l'input sia in formato binario"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "creare output codificato in base 64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|utilizzare USER-ID come chiave segreta predefinita"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|aggiungere il tasto all'elenco dei keyring"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|utilizzare questo keyserver per cercare le chiavi"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "recupera i certificati degli emittenti mancanti"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "Nome: utilizzare il nome di codifica per le passphrase PKCS-12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "non consultare mai una CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "non controllare i certificati radice nei CRL"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "verificare la validità utilizzando OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "non controllare le politiche dei certificati"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|usa l'algoritmo di cifratura NAME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|usa l'algoritmo di message digest NAME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "modo batch: non fa domande"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "risponde \"sì\" a quasi tutte le domande"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "risponde \"no\" a quasi tutte le domande"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|scrittura di un registro di controllo in FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Utilizzo: @GPGSM@ [opzioni] [file] (-h per assistenza)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
 "Default operation depends on the input data\n"
 msgstr ""
-"Sintassi: @GPGSM@ [opzioni] [files]\n"
-"Firmare, controllare, crittografare o decrittografare utilizzando il "
-"protocollo S/MIME\n"
-"Il funzionamento predefinito dipende dai dati di input\n"
+"Sintassi: @GPGSM@ [opzioni] [files]\n"
+"Firmare, controllare, crittografare o decrittografare utilizzando il "
+"protocollo S/MIME\n"
+"Il funzionamento predefinito dipende dai dati di input\n"
+
+#: sm/gpgsm.c:823
+#, c-format
+msgid "Note: won't be able to encrypt to '%s': %s\n"
+msgstr "Nota: impossibile eseguire la crittografia in '%s': %s\n"
+
+#: sm/gpgsm.c:834
+#, c-format
+msgid "unknown validation model '%s'\n"
+msgstr "modello di convalida sconosciuto '%s'\n"
+
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s: %u: nessun nome host specificato\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: password fornita senza utente\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
 #, c-format
-msgid "Note: won't be able to encrypt to '%s': %s\n"
-msgstr "Nota: impossibile eseguire la crittografia in '%s': %s\n"
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: ignorare questa riga\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:1545
 #, c-format
-msgid "unknown validation model '%s'\n"
-msgstr "modello di convalida sconosciuto '%s'\n"
+msgid "could not parse keyserver\n"
+msgstr "impossibile analizzare il keyserver\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importazione di certificati comuni '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "impossibile firmare utilizzando '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "comando non valido (non esiste alcun comando implicito)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "numero totale elaborato: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "errore durante l'archiviazione del certificato\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "controlli certificati di base non riusciti - non importati\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "errore durante il recupero dei flag memorizzati: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "errore durante l'importazione del certificato: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "errore durante la lettura dell'input: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "nessun dirmngr in esecuzione in questa sessione\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "errore durante l'apertura della chiave DB: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problema durante la ricerca del certificato esistente: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "errore durante la ricerca della chiave scrivibile keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "errore durante l'archiviazione del certificato: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problema durante la ri-ricerca del certificato: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "errore durante l'archiviazione dei flag: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Errore - "
 
@@ -9395,17 +9529,17 @@ msgstr "Errore - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY non è stato impostato - utilizzando forse falso default\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "impronta digitale formattata non valida in '%s', riga %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "codice paese non valido in '%s', riga %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9422,7 +9556,7 @@ msgstr ""
 "\n"
 "%s%sSono davvero sicuri di voler eseguire questa operazione?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9431,7 +9565,7 @@ msgstr ""
 "Si noti che questo software non è ufficialmente approvato per creare o "
 "verificare tali firme.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9442,38 +9576,44 @@ msgstr ""
 "\"%s\"\n"
 "Si noti che questo certificato NON creerà una firma qualificata!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "algoritmo hash %d (%s) per firmatario %d non supportato; utilizzando %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "algoritmo hash utilizzato per firmatario %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "controllo del certificato qualificato non riuscito: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Firma effettuata %s utilizzando l'ID chiave %s %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Firma fatta "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[data non specificata]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "algoritmo:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9481,17 +9621,17 @@ msgstr ""
 "firma non valida: l'attributo digest del messaggio non corrisponde a uno "
 "calcolato\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Buona firma da"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                 aka"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Questa è una firma qualificata\n"
@@ -9519,100 +9659,100 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "impossibile rilasciare il blocco sulla cache dei certificati: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "eliminazione di %u certificati dalla cache\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "impossibile analizzare il certificato '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certificato '%s' già memorizzato nella cache\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certificato attendibile '%s' caricato\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certificato '%s' caricato\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  impronta digitale SHA1 - %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   emittente ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  oggetto ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "errore durante il caricamento del certificato '%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "certificati caricati in modo permanente: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "   certificati runtime memorizzati nella cache: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           certificati attendibili: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certificato già memorizzato nella cache\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certificato memorizzato nella cache\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "errore durante la memorizzazione nella cache del certificato: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "stringa di impronta digitale SHA1 non valida '%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "errore durante il recupero del certificato da parte di S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "errore durante il recupero del certificato per oggetto: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "nessuna autorità emittente trovata nel certificato\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "errore durante il recupero di authorityKeyIdentifier: %s\n"
@@ -10155,56 +10295,56 @@ msgid "certificate search not possible due to disabled %s\n"
 msgstr ""
 "ricerca del certificato non possibile a causa della disabilitata di %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "utilizzare OCSP anziché CRL"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "controllare se un dirmngr è in esecuzione"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "aggiungere un certificato alla cache"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "convalidare un certificato"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "ricerca di un certificato"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "ricerca solo di certificati archiviati localmente"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "previsto un URL per --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "caricare un CRL nel dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "modalità speciale per l'uso da parte di Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "prevedere certificati in formato PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "forzare l'uso del risponditore OCSP predefinito"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Utilizzo: dirmngr-client [opzioni] [certfile-pattern] (-h per assistenza)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10216,217 +10356,213 @@ msgstr ""
 "Il processo restituisce 0 se il certificato è valido, 1 se è\n"
 "non validi e altri codici di errore per gli errori generali\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "errore durante la lettura del certificato da stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "errore durante la lettura del certificato da '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certificato troppo grande per avere un senso\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "impossibile connettersi al dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "ricerca non riuscita: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "caricamento CRL '%s' non riuscito: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "un daemon dirmngr è in funzione\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "convalida del certificato non riuscita: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "catena di certificati valida\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "certificato è stato revocato\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "controllo del certificato non riuscito: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "stato ottenuto: '%s'\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "errore durante la scrittura della codifica base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "richiesta '%s' non supportata\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "previsto nome file assoluto\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "ricerca di '%s'\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "elencare il contenuto della cache CRL"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|carica CRL da FILE nella cache"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|recupero di un CRL dall'URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "arrestare il dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "svuotare la cache"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "consentire il controllo della versione del software online"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|Non restituire più di N elementi in una query"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "instradare tutto il traffico di rete tramite Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Configurazione per Keyservers"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "| URL: utilizzare keyserver all'URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|utilizzare i certificati CA in FILE per HKP su TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Configurazione per i server HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "inibire l'uso di HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignorare i punti di distribuzione CRL HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|reindirizza tutte le richieste HTTP all'URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "utilizzare l'impostazione proxy HTTP del sistema"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Configurazione dei server LDAP da utilizzare"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "inibire l'uso di LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignorare i punti di distribuzione CRL LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|utilizzare HOST per le query LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "non utilizzare host di fallback con --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|utilizzare questo keyserver per cercare le chiavi"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|lettura dell'elenco dei server LDAP da FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "aggiungere nuovi server individuati nei punti di distribuzione CRL "
 "all'elenco dei server"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|imposta il timeout LDAP su N secondi"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Configurazione per OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "consentire l'invio di richieste OCSP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignorare gli URL del servizio OCSP contenuti nel certificato"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|utilizzare risponditore OCSP all'URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|Risposta OCSP firmata da FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "forzare il caricamento di CRL obsoleti"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10436,11 +10572,11 @@ msgstr ""
 "(Vedere il manuale \"info\" per un elenco completo di tutti i comandi e le "
 "opzioni)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Utilizzo: @DIRMNGR@ [opzioni] (-h per assistenza)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10448,114 +10584,296 @@ msgstr ""
 "Sintassi: @DIRMNGR@ [opzioni] [comando [args]]\n"
 "Accesso keyserver, CRL e OCSP per @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "i livelli di debug validi sono: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "utilizzo: %s [opzioni] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "due punti non sono consentiti nel nome del socket\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "recupero CRL da '%s' non riuscito: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "elaborazione CRL da '%s' non riuscita: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: riga troppo lunga - ignorata\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: rilevata impronta digitale non valida\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s: %u: errore di lettura: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s: %u: Garbage alla fine della riga ignorato\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 "SIGHUP ricevuto - rilezione delle cache di configurazione e svuotamento\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 ricevuto - nessuna azione definita\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM ricevuto - arresto …\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM ricevuto - connessioni ancora %d attive\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "arresto forzato\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT ricevuto - arresto immediato\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "segnale %d ricevuto - nessuna azione definita\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "restituire tutti i valori in un formato orientato ai record"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NOME|Ignorare la parte host e connettersi tramite NOME"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "Nome:connessione all'host NOME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|Connessione alla porta N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "Nome:utilizzare nome utente per l'autenticazione"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|utilizzare la password PASS per l'autenticazione"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "prendere la password da $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRINGA|stringa DN query"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "| STRINGA: utilizzare STRING come espressione di filtro"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "| STRINGA: restituisce l'attributo STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Utilizzo: dirmngr_ldap [opzioni] [URL] (-h per assistenza)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Sintassi: dirmngr_ldap [opzioni] [URL]\n"
+"Helper LDAP interno per Dirmngr\n"
+"L'interfaccia e le opzioni possono cambiare senza preavviso\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "numero di porta non valido %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "risultato dell'analisi per l'attributo '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "errore durante la scrittura in stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "           attributo disponibile '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "attributo '%s' non trovato\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "trovato attributo '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "elaborazione url '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "         utente '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "         passare '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "         host '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "         porta %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "          DN '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filtro '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          attr '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "nessun nome host in '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "nessun attributo specificato per la query '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "AVVISO: utilizzo solo del primo attributo\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "Impossibile eseguire LDAP in '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "Impossibile eseguire LDAP in '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "Impossibile eseguire LDAP in '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "binding a '%s:%d' non riuscito: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "ricerca '%s' non riuscita: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s' non è un URL LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "'%s' è un URL LDAP non valido\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "errore durante l'accesso a '%s': stato http %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL '%s' reindirizzato a '%s' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "troppi reindirizzamenti\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "reindirizzamento modificato in '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "errore durante la stampa della riga di registro: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "errore durante la lettura del registro dal wrapper ldap %d: %s\n"
@@ -10585,51 +10903,31 @@ msgstr "in attesa del wrapper ldap %d non riuscito: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "wrapper ldap %d bloccato - killing\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "char non valido 0x%02x nel nome host - non aggiunto\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "aggiunta di '%s:%d' all'elenco dei server ldap\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc non riuscito: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s' non è un URL LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "'%s' è un URL LDAP non valido\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: modello '%s' non valido\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search raggiunto il limite di dimensioni del server\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: password fornita senza utente\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: ignorare questa riga\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10715,95 +11013,95 @@ msgstr "hash della risposta OCSP per '%s' non riuscito: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "non firmato da un certificato del firmatario OCSP predefinito"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "allocazione della voce di elenco non riuscita: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "errore durante il recupero dell'ID risponditore: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 "non è stato trovato alcun certificato adatto per verificare la risposta "
 "OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "certificato dell'autorità emittente non trovato: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "chiamante non ha restituito il certificato di destinazione\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "chiamante non ha restituito il certificato di emissione\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "impossibile allocare il contesto OCSP: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "nessun risponditore OCSP predefinito definito\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "nessun firmatario OCSP predefinito definito\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "utilizzando il risponditore OCSP predefinito '%s'\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "utilizzo del risponditore OCSP '%s'\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr ""
 "errore durante il recupero dello stato OCSP per il certificato di "
 "destinazione: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "lo stato del certificato è: %s  (questo: %s  successivo= %s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "buono"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "il certificato è stato revocato alle: %s a causa di: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "Il risponditore OCSP ha restituito uno stato in futuro\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "Il risponditore OCSP ha restituito uno stato non corrente\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "Il risponditore OCSP ha restituito uno stato troppo vecchio\n"
@@ -10813,67 +11111,71 @@ msgstr "Il risponditore OCSP ha restituito uno stato troppo vecchio\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) non riuscito: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver mancante"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serialno mancante nell'ID certificato"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire non riuscito: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url non riuscito: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "errore durante l'invio dei dati: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch non riuscito: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert non riuscito: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d superato\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "impossibile allocare la struttura di controllo: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "impossibile allocare il contesto assuan: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "impossibile inizializzare il server: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "impossibile eseguire i comandi di registro con Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Problema di accettazione assuan: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Elaborazione Assuan non riuscita: %s\n"
@@ -10916,51 +11218,57 @@ msgstr "catena di certificati è buono\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certificato non deve essere stato utilizzato per la firma CRL\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "tranquilla"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "stampare i dati esendo codificati"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "decodificare le righe di dati ricevute"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "collegare al dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "collegare al dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|connessione al socket Assuan NOME"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|connessione al server Assuan presso ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "eseguire il server Assuan specificato sulla riga di comando"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "non utilizzare la modalità di connessione estesa"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|esegui comandi da FILE all'avvio"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "eseguire /subst all'avvio"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Utilizzo: @GPG@-connect-agent [opzioni] (-h per assistenza)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10968,173 +11276,189 @@ msgstr ""
 "Sintassi: @GPG@-connect-agent [opzioni]\n"
 "Connettersi a un agente in esecuzione e inviare comandi\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "l'opzione \"%s\" richiede un programma e argomenti facoltativi\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "opzione \"%s\" ignorata a causa di \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "linea di ricezione non riuscita: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "linea troppo lunga - saltata\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "linea accorciata a causa del carattere Nul incorporato\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "comando sconosciuto '%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "riga di invio non riuscita: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "nessun dirmngr in esecuzione in questa sessione\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "errore durante l'invio delle opzioni standard: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "la chiave pubblica è %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Chiavi private"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartcard"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Rete"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Voce passphrase"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Componente non adatto per il lancio"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Il file di configurazione del componente %s è interrotto\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Nota: utilizzare il comando \"%s%s\" per ottenere i dettagli.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Verifica esterna del componente %s non riuscita"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Si noti che le specifiche del gruppo vengono ignorate\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "errore durante la chiusura di '%s'\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "errore durante l'analisi di '%s'\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "elencare tutti i componenti"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "controllare tutti i programmi"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|opzioni di elenco"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|modifica delle opzioni"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|Opzioni di controllo"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "applicare valori predefiniti globali"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|aggiornare i file di configurazione utilizzando FILE"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "ottenere le directory di configurazione per @GPGCONF @"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "file di configurazione globale dell'elenco"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "controllare il file di configurazione globale"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "interrogare il database delle versioni software"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "ricaricare tutto o un determinato componente"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "lanciare un determinato componente"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "uccidere un determinato componente"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "usa come file di output"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "attivare le modifiche in fase di esecuzione, se possibile"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Utilizzo: @GPGCONF@ [opzioni] (-h per assistenza)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11142,15 +11466,15 @@ msgstr ""
 "Sintassi: @GPGCONF@ [opzioni]\n"
 "Gestire le opzioni di configurazione per gli strumenti del @GNUPG@ sistema\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "È necessario un argomento componente"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Componente non trovato"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Nessun argomento consentito"
 
@@ -11167,151 +11491,230 @@ msgstr ""
 "Sintassi: gpg-check-pattern [opzioni] patternfile\n"
 "Controllare una passphrase data su stdin rispetto al patternfile\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forzare il cifrario simmetrico %s (%d) viola le preferenze\n"
-#~ "del destinatario\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Nota: le chiavi sono già memorizzate sulla scheda!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "errore durante la scrittura nel file temporaneo: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Nota: le chiavi sono già memorizzate sulla scheda!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "utilizzare un file di registro per il server"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Sostituire le chiavi esistenti? (y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|scrittura di un registro in modalità server in FILE"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Scheda OpenPGP n. %s rilevata\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "eseguire senza chiedere a un utente"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "consentire ricerche PKA (richieste DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Opzioni che controllano il formato dell'output"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Opzioni che controllano l'uso di Tor"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "aggiungere un certificato alla cache"
 
-#~ msgid "LDAP server list"
-#~ msgstr "Elenco server LDAP"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "configurazione KDF per l'autenticazione PIN"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "aggiungere un certificato alla cache"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "aggiungere un certificato alla cache"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "richiesta della chiave %s dal server %s %s\n"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s: %u: nessun nome host specificato\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "cambia la passphrase"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "impossibile analizzare il keyserver\n"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "scheda rilevata con S/N: %s\n"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "restituire tutti i valori in un formato orientato ai record"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "nessuna chiave di autenticazione per ssh sulla scheda: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NOME|Ignorare la parte host e connettersi tramite NOME"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr ""
+#~ "Rimuovere la carta corrente e inserire quella con il numero di serie"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "Nome:connessione all'host NOME"
+#~ msgid "use a log file for the server"
+#~ msgstr "utilizzare un file di registro per il server"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|Connessione alla porta N"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "nessun gpg-agent in esecuzione - avvio '%s'\n"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "Nome:utilizzare nome utente per l'autenticazione"
+#~ msgid "argument not expected"
+#~ msgstr "argomento non previsto"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|utilizzare la password PASS per l'autenticazione"
+#~ msgid "read error"
+#~ msgstr "errore di lettura"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "prendere la password da $DIRMNGR_LDAP_PASS"
+#~ msgid "keyword too long"
+#~ msgstr "parola chiave troppo lunga"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRINGA|stringa DN query"
+#~ msgid "missing argument"
+#~ msgstr "argomento mancante"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "| STRINGA: utilizzare STRING come espressione di filtro"
+#~ msgid "invalid argument"
+#~ msgstr "argomento non valido"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "| STRINGA: restituisce l'attributo STRING"
+#~ msgid "invalid command"
+#~ msgstr "comando non valido"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Utilizzo: dirmngr_ldap [opzioni] [URL] (-h per assistenza)\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "definizione di alias non valida"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Sintassi: dirmngr_ldap [opzioni] [URL]\n"
-#~ "Helper LDAP interno per Dirmngr\n"
-#~ "L'interfaccia e le opzioni possono cambiare senza preavviso\n"
+#~ msgid "out of core"
+#~ msgstr "fuori dal nucleo"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "comando non valido"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "comando sconosciuto '%s'\n"
+
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "armatura inaspettata: "
+
+#~ msgid "invalid option"
+#~ msgstr "opzione non valida"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "argomento mancante per l'opzione \"%.50s\"\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "numero di porta non valido %d\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "l'opzione \"%.50s\" non prevede un argomento\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "risultato dell'analisi per l'attributo '%s'\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "comando non valido \"%.50s\"\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "errore durante la scrittura in stdout: %s\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "l'opzione \"%.50s\" è ambigua\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "           attributo disponibile '%s'\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "il comando \"%.50s\" è ambiguo\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "attributo '%s' non trovato\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opzione non valida \"%.50s\"\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "trovato attributo '%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Nota: nessun file di opzioni predefinito '%s'\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "elaborazione url '%s'\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "file di opzioni '%s': %s\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "         utente '%s'\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "impossibile eseguire il programma '%s': %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "         passare '%s'\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "impossibile eseguire il programma esterno\n"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "         host '%s'\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "impossibile leggere la risposta del programma esterno: %s\n"
 
-#~ msgid "          port %d\n"
-#~ msgstr "         porta %d\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "convalidare le firme con i dati PKA"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "          DN '%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "elevare la fiducia delle firme con dati PKA validi"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        filtro '%s'\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC ed ECC\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          attr '%s'\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr ""
+#~ "rispettare il record PKA impostato su una chiave durante il recupero "
+#~ "delle chiavi"
+
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Nota: l'indirizzo del firmatario verificato è '%s'\n"
+
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Nota: l'indirizzo del firmatario '%s' non corrisponde alla voce DNS\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "nessun nome host in '%s'\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "trustlevel adattato a FULL a causa di informazioni PKA valide\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "nessun attributo specificato per la query '%s'\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "trustlevel modificato MAI a causa di informazioni PKA non valido\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "AVVISO: utilizzo solo del primo attributo\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|scrittura di un registro in modalità server in FILE"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "Impossibile eseguire LDAP in '%s:%d': %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "eseguire senza chiedere a un utente"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "binding a '%s:%d' non riuscito: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "consentire ricerche PKA (richieste DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "ricerca '%s' non riuscita: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Opzioni che controllano il formato dell'output"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: modello '%s' non valido\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Opzioni che controllano l'uso di Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "ldapserver mancante"
+#~ msgid "LDAP server list"
+#~ msgstr "Elenco server LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr ""
@@ -11367,8 +11770,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "impossibile aprire %s per la scrittura: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "errore durante la lettura da %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "errore durante la scrittura in %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "errore durante la chiusura di %s: %s\n"
diff --git a/po/ja.gmo b/po/ja.gmo
index 7947162dacf4de32122b39fd6221345831536a06..d873a45ef377c2f0ca9870d11285192606ef278e 100644
GIT binary patch
delta 56100
zcmZ791)NpYyZ`Y$Gvv_S%%QuaVSpKG=<W_dI;3;cEiF<4(jp=yjewM((hY(VN=Tz9
z2>d_a^DOW6f6wb4-)pVC_S!3+wa%IO0eAG|BontL@vkS3^|8lmeLT<0h{LOR-kb!U
zcWsJFJuml8&ntj=uq-ykcp=omG~^fW^1NfX6;t5I-JX{gXJZEZ0weIK%m0RYPS_sL
zOX+#O7a*a6;`kmmunXRJ%tn5p%YTCz$)9yTapj5jdR}tMvmy<8#ZmQYU}5|K)$V*O
ziQl_?*f*Y6ndf^YNEGD4FszR2P!(UG8qB}X8jMCJ#%qHbc{k@6Oh<kp>cLx`r=5>b
zGm>Dx=Viz2sCw0<Pogu4WH=V{;m4R051?k?F6PCA2Rtu5mUK42gyef-798qajH$?f
zgAsTRRqq96!jNyRy$JNxU=0$fu@ff6;g|?Na^;IqJ>HBO!AaBuUbySw2d%?dQ0-O2
z{MZpSV>40rFGf9QCuYG@2bq60^o#=C81Imo%~{^r9MwR7%!9K~ORyUQcox<03sgG^
z4x2eqQy+~n*a8(R%TXQs`Y`jah7Y)c>!>xqk1BuX$}=AEyh!r7F*|lbMfVic(yeyx
zK+WKB%z;-iGlm@Xyl@OS^Py&-gioR_iDnpsYq2;!K?POL?`&$LP#yXJHNtVI29{!0
zJb>!hZB)JZ>`BE;PSo}K*c$ueI6Q-@?>9Z}c~K;WV@}+Qy5TnJhPdCeC9xA~JMBPC
z;XTw${ezm~WIxyv<i+5Wqpr7b_D0RbIIM>&kb(H#3leHL$&a3w7^6@P)I~*W7t}~6
zIM-rn^2aeZ#yVjmDS-LOH^5xzqn2n5s=b4#0bWDJT-Zs?6ziXkgnCv2bwgteU|&=R
zW@AO%h~@A(>U=12%9f%l79~Fp)y@vo3|>UVz$?^)1E*~uF{tvcm{t3K28nFA8P)R(
z7{IrvwTw7pQyGcM*LV3|s9i7?lj0)OjI2kk?RnG^yh0t#NzU4HvY|Q}gT5+ub_G+N
z>rhjE4E4YVt~}m3i<Mlc5p_Y0bOx%O&8P$CA}V-aVj)a+-X0u{!E*)`#KX@s|Ell_
z1?tgJ)LQ+Dn(}w34ph8g<!w<99E^J4BGd!-V;=k&b$|FpH&QG`J_a>Yqfi~6k6MC#
z7ny(EaEF2bzQu$Xaf#`|{HS~+s>jta6~2!Na3~hW38;>4cb-E9<5N@&Wxi|!jKnMC
zTcVb%gilUu9)oJAHx|QXSR2n{HOzLEJsskCJy0DQc+DJ(>c~vg3@*lK+>M>_4bH&#
zfAYK|_yRTKyRUm*9P}TMP!FG>rX=YN9)u-OyCDiAuob4j;TRidVpE)lmGKc4z@k6f
zK-yzL^0Toz9>98-;1@fXT46rz|A{0t16wdXUPX22Pt-_L-n0j2K}}h4OoLT1F1EqM
z*cr3p093vCs380twJQ!H5A=S=2uyoRvEUORBs6txQ5_hGDRBX6iZ)<Q{2JBZHB60v
zqGl-3ZR=1TEJ{8a)v*Dnr5u5pna!9Nf5vQ>;0`;3=X-@nWWi|EOmsv|-BiqoyHGb=
z#CZ4`vtz7ZZK?90mZm7GJO&eC57dK)q6WAY)!tFm0B&P&|Gy@oDGU5&7D0`mB38f}
zsF6&;GPn=53tnMPOnTQIP!hFtO;9t_A2nk$Q8T&@)scNz3a{T~{<U^#?pej0&L~t5
zTc8^1i(2!KFdSE*W@IC(1LrU|zIOTS_iYAiVl2vsqB`JXJe-Sq?x**e|B@uuQ=sU)
zjU}-71Dm=Y7)^d5M&UJ#!A!r~T6e<I<QHIJJd2SS>!Ih>!e~_e=@^9<uso)DWWm_P
zCsB@qF<2G%qYj?9k8KIkU^Vg)m>;{Krv78pRDOX;@Hi&ID=vQ*vy%S{!!g4XTe_U6
z``cr3^aqj9)J#E5=~7IF2VI5ps0ZCe1zFsuRzCw4AYT|2bZt;mI~H@{G}IbzMJ>@o
zEQl$e*)FJr1ikO|B2kzNGf@=}phkKZ6+Ee)TMQIJmDfa#XfP(nu~;1Ep$6~+robnd
z7Gu4zpw5JG$QMM#RB>FV{a>Girs^M@j}d>^l<z>5hx}>5l^r$G+L#hQ#40!ui{Ou_
zseOmq1*u-zc~TTLkUFTD?1Gw^iI_tBe?JKwJm*jke2lsw`Ck_G`B4w7j1kxzm*Ei9
z1JnO)BPxuVky<X_*5!v`I?AV`p0gIy;z9H)lDI}f4Mn`NU@DHu$XCJC*c5YMFN}+G
zQB%Aa)8Izbh`+-C{))OU?rZB<X4Kl3K`l{NY=IxWX8zldxJyARjQPiAU?nyqe-u?7
zcw;w=z%cTcoYycw{%6$w4|!`3%!?|oit6wOsE+nV#m+<w#o2F}e~sj03N!<sV`AKg
znt>CT9)HFR_!`q;ns-*e2<rYA)QDT6ruIY3h*MGRtabTa?)pVkJ5PKPdO)}r5}cwO
zs0JHh0_=kMus=@3W!M~ZhlB(_rpI7_{4~_I`w~_EJSsRtLPNYLjKN|!3CrMK)Kd6=
zkx&d|3=8o%{JgeU8f(M~2?pah)JWE#8a#yMFg$ihaLTKpwq;+`d9Vc4ksmM;Utk0l
zi4zjs-t|%S2O|Uby;UUC<Nc^@^gCw7%yF$^G%DW<wZ^lsIPSvt@CmA8+4!x5mZ&SL
zz4552--H^#L6`p-HS%YeOZz`H->bB}%41$^h=p(@>cJaOBRlQN-=XRi3J(beR}0KU
zz5{Bcqc9IH!vG$~EcgI(V4?(ey(nhl`Ce-hnQ<5fa3QMVZd7dif{NaMP{EZlVMy?-
zFMt|hS=47oZ4BUC)J%SjTJzsfCu_z;wltMc?RQ5%A&FTe^x?4t^>Mi#waqr6Dt?WM
z?yHy-pP_;@EU^V?8q~<M;S#KbRq&=WcajjV5BXjgz#FI;^^%78!EdJplUf7cpn~f<
zR>zFVEZ-TU$ggzyJJ^tXw&WqfkJCY@`?ld|e1QtSfhjCjwqPCd_pmXRO3BD^dP?8c
zB5|saU`I+}M=pGa8d3h#wsy5pLDLJ>^Vt{-TGU$qj+)}sY3zDAyh*-063<?pv=$?c
z(}j2~Des4B|D;bsLG~DR03}avYn&Ukw$Z31YKTd&9qMDY4<^7NsF)a!ilHU$`d-v-
zID+cvP1LqaoFOFmCABQ-Wb}KJ&~_SxYVb=`@a#l&=m7?g){HjNyr`LIglc#&Y5*%;
z{;118N5xL+Ot$8csF-Pu6|gUI-S;+;P?TRpjr18R*xsQ=oI10a6IEUU)$`gIz{aTk
zJrK1G=QuZ^&ia$651%Wj8HgWY11f<5ML}B<BUqzRsD|DKSToF!#nv*bvmUCWBT*w*
zfEwXt=R4H7kt3^>H%7(AFx2_73U%i1LUr^U7UKEdGZOj+lr@{JVMFJKs41I;TH{ry
z?fDIAW)7le>@2F@&zJ>Ypq4Imb~8Wf{)(svw?uu&4MATGO(LN$4)akX`U2JC)2{qi
zj8Fb=)Cj|J*whw91!H+s%*3FAa0n_k=A)MC5b8tg2ke14bK3Tulau|g3%^k?38Qm`
zc=ho(-olKzL%f0L<q7e+!62-OH&G{E!Mv6qfR)G}K%E=0^Vxw`7d7J67{Fnufi1=;
z+?3A`@uEpQqd-SxvHT(4``8sb;|bKriWjh0_yG0k_%Uk9PNHVSD`>l@FlyU%Mtus7
zK?UDB)Qnulq8Pi7%~WZhgtlKZ)WI?xtKlBhnIF5b1zjf8nwCP%R2|e>UqpQ={TmhC
znTuGxny6rHkBx9RYH3bm1U|w2=qG*8*8VhhrQkNI$90O@4I@you^6>GzCu0t2bX_@
z3c>`%EOydjGV<k7_3L47?1}2&Jk-bbK`ZyYKS}6;5ykCewGL|A3_&f;3e*jEupFi>
zVKzZ6!CchT9!9nERM$g1FHq8!piL<|peCS}=5yy^OsoC>3yA<1UIh!-_oc03G1OAj
zLycqss@^sX9$2WDd4>wcTxDzky|4uN1*qM03KcVdqUsecYcn<o(`o;YBcU}}f*R>J
zsF6NJ-B2hpB={@XfvEb&@I$Q5Fw5f}RFJ+#-B+Nz?Sk&82Y-#~=wnn2WUpXHcqQ~T
zWgn2Jfb+02Uce~K5M`g^tx!|E9QB|Rs0Vw|_OV(4we6-mFQMvXt!P2r2sIO9upzF+
zGWbtL_J3ItB`aA6`k|(L3u-s~gZgmETiMEMV@2}wP_c0tCu4>xcK<5W(%eDS^Qu}b
zRYIK)JzahiYT#F^`ZkjA7@PX)Sc?n8QB!#gBQb6@n~}<>B^i(E=nvQ!Q&qQZ*d5jJ
znHXG3)J!}@%}}-))=p2<3~umA=tO&n>T&6sR$(~mT-b}+HqTLCIs>&rg1@k+i5kIJ
z)b-7%-EhO1w6?8zH0pd9i24jzgdK4!c0oUFoe*y@iP5N@zQPumzix<kiET6ywf61m
z+Zs+ooot&?Bf5f`iR=w*O?zS~@@vuK|9(Mr^kzc~@??!dg1<j3f?@jnFG(U370TjR
zY>tQVC)9{nG`6o+Cr};y1G8bSCN{-2aT@uNsE#CPYWFolEuoK^nZ2mp@W|zJH&bk}
zpPG}%$%WyV1y`V=^)PB`AE1^ZZFBqBt%FI)w?VCOZ)}UpQ3p(D3;T4;?9AgV=B$9Z
zsaHdJ?dN{(!bnU;eln)SMW|@rh&ubfM}5x!g6hB@sBbuNTG|(uWEh`(T1<#pQS}O;
z>P2A!tcm*2YKp$5W+Dkq=?>J|T|-TEs#X@IF{phz0X3ypFgPQvEy(JiPROySU|WWY
znZu}&K1Cfo>DyQkmd3>78?<5nYozTdP>%;<A{>jAa26`q&Z9=~#$Aus*3O007@)i~
zY5*-z+ixUlDb_o`Lw$F=jS9xst~_r$-+EHDojss2YRcQ8dOQpjoC{I0u>%8m1@(Z}
zr~@iZdz*nWsPd+$?c5J_|2EXe`8iC7zoWKe9KVB2Wdv&K8ly%q6xETns0I(Bg6#&X
zBgs435*0(OWoJ~3%tMWIJ;uR<sDT_uJ@6ieV(9y})P8IdTFdgN2Ku9>XbP$$J5g)+
z8){9HcCvgV>Oq}Q_YX&X>TO2to_nb6n546vn9WcFT8bLLF64gSyGBA&_#6Y6`U4wr
zNmP#;qNcD1D#)gww&faB2hO4He}H;$;x0B*#ZVpo02O0%Q1`7x?TYh3*?+&f3NKMJ
zkg%&gC@ZR`6`bu+yJalufm=}{y6CPyL(N3WZWc>5Fgf|gsG#nGWpN<tGi5X8)c$`=
zLML77?)Knl)IM&50qlYbn#rgcS%DF_2NfIFQ0Ky5s17CUVI9qdy50;mgZ)wW%|^}S
zX7qL8Bnbu4LsXPz>S<F}9P^N`fjS}kqh@Fk>U`LQ>eww*kiEg8n6a0|LOqNkKM_me
zcc>W(>1|6?vN!u*!Pboe1=#}Blz)p_%i9<m!~59ClA=184>jUS&Zejlbw_n*5^AK&
zQ62sk19%C`;NPg3EY_F(uZp$%TE(8uvCajkHT()y?^{&x+(bR-IVu(seQ4!{Q9&7v
znz3f68SzmA-GW+@o2UcptuCmCS^L=(l|oHrU)1)SiJG!+P*eT_6-+t%Tg((g1yfs$
z#>J?aypGzAaR*rY<xw4L<m`?*Z~QSN)U!3H9$#?2K{b?pplzets2&eN1=**lj_yE>
z=prhXo})fwk`1z@%!Hb;3aA;Yhno6s$bG&ymV{2WrOq>`2gM$2XMY~l+SYgWLNzcI
z6$>j-GqVRZ!bhkM#vWq%fU_j3qjgXn>V|3b`9F+=8k~bVAl9RT?=osc?@%MnG}Jm4
zi8|TZp+@vMDh3XsI`S*3V`+!k?kS84>K3S(8IJLA66WUl-YgQ@|GQ92aR=3bl*4UX
zmO*u_8)`d#g8EcEfNJ<2>R?JR!a5p>>Of1>lJ-N*;6e=GcGSsu34J{%)=0Y{FKX&5
zqNcDjY6eE5Vqqz&1K**7=NaljY1l;y;zFp8=_;rrw;pQubV4o7U`&WJQ1>nN+5g&B
zTPe_k&Y>Rg4AtX|qwGPYQ6p}H>hJ{TdQ^wcpz8mLT7nd#ZDy)qfcyujC7gtM-Wt@5
z9v#htv`t=6paUh}80%RDREL_PmSzCzhGnQ={n1_b##-!TM$K4BR7V@2Vqz%jfuCXk
z_oAl$I;unA{y5v`c~CbrMa95S)Y^TH>cA;f!>>_mo^8C<tAYyN{?3n39a)W<nFFY$
zx`T@T@CkOF<V4N1--?8$ZUX9t6{rUtMLqa2YVFfcv=LN7J>Y#*eIGT#6{va#UH*5}
z01{5J4irVLc{2=PA0#$>Zx#s!$4b=N?nWJ%zqov=$(ApRdSGwVwwr@$@JrNvhcSQ;
zP&1iuiq$KGTH5NU5w~_u#NeO**+e41g%hX-AETx??o_)W59)eD)JXfIMm85U;@zl*
zZ=>!@Jk4UKFe+aMwM2bTOE4L=T~}c~pTq?csu=o_RmhG3@=>Vr_NXZzi+b=9EQW_s
zGx7=*RGFt+2Wwz}d^gm9rebhuQ9*YU)y}UN{PTZ_X4r+?sGi249^4KU17k2a)u^dG
zjGBqN?s~kL)?iUoM_Zs`Y5*$uW}_aw-Ce(cYX9j>_J3RwDQ4Nxn8BF~wf%~szL?ZU
zt>I{Q{bSUFK0|HGJ*ay3P#sJ++kUE!M8(o1)Kcxi;BG+8K=>T?e}F`hIaZ;8a~SHz
zm8iA7<np0&Z6qa7LDv}7;4sw8Eko^|o$mTCs2Pm=vDJGI_28y1Khh_msak;wiv3s_
zpQ5Iy#5`-T8EQsGp@L`$YNWeROY;-z<og4YV6IPWKqXNfY=<fzkJ@b?qn5;9PeQ@-
zJ=VvUSQe|#w;v$JV-)#mSPp+go%IP8SPW!AbtoERVQW;!J774DL(R+#)J(2Lb@&WY
z&-d<=NJc@zh1RposI@MRTGQ&NhKHaU7>TOC7WIH#7{J4*DE}1|8{vy=#&V!KUI{hO
z(Wn#lODwF<|7#@TQIKe{bs#mWp#skOs2c`gFeXqVyo6foSEw1t`l<V>g&II3)Y5iA
zwKpC$pwCeQxU6#R{|6+rmPwXaaJ+|#*5;_S8-tp%HO_sg;JfI2gQdx5TWa4STchrq
zhwA8VERR2-f-mDT`?Y)}4F36_nk3X<9}M1z3X<KZk)J^YU&v=xF9P-Dv<hl%`=LfQ
z4fTLMs2RD1Iw#(tW+Gy_eR@Ws2Gn~w`(JA{kpfNGa#RPlp&Go3x-r2DyCFB~dK7Bv
zJE2DS5vrZ9Q1=~2b>tN)ShK9OwJ(X9>5iy&Cam<W;uo&q465fZQ9Vqt${v)@*$~yC
zVOS04qYj{7Pz@(uZNE<_g4$kDsCL>q2cbGX1GU84eG+Q$XVggEpw=p4jr~usZBR4Q
z0RuP?)!--2udoRDqo@)6jastIYpr9oaXR^-I2Yr8Zo$3;wKV=366(NF)EeJLjU;rP
zMQsiYkgtyFU^i5~X{ae*hnlg&sE_4eP$%ANRE*^O!jASvs1CM6&A@mJX#amnLOni#
z+MjPw`#jHj>p(+PPY0nI{KR<}wZ_j;+bjK-7M$f#U+LaQ{p7R=6%(gX?SyQw0cOGA
z|NdW@ghtW>%i=`TQG5_J6E9G^Bh6RVP&w3hz@Dh3S%#XKt*CY`U>SVs%JXlu>vd3T
z-Ul_%1z5@_ahQZ2^cJ-gSvJ|{dwJAa_d`wjRMdk%M~(0rYNk?bw*6lY)uBPC?K>4~
z;c|?@$Ect!xy61tH41&L-9ZwXnj5J6JJk303|npc6vj&AtD-tG#km&M;UlP#-$J$X
z78U)OzqXE)L!A?iQ1yDE>P`BZ{jUpaDbPMWfLhCouEJ~7%w*VRYhNDu(&+U-Es2j>
z+f`T+&!b`~(RLe1B<lWVsE!VE`T3~W*}a|pul;+I0!3|-9X9o4P(AF83c4AnHQS2;
zyoXxL@SRq#D5~QPQS}F5B3y+U;1<+U{(xGd+o+lR%O|0=O1;ZQRse$s2Wm#zVtgEc
znmQlV;6l`P+v3W9#H8f!qDK6;yPk2k%|r>*3^YImXKz%8{B<M(B)&y8a0|6RU!a03
z;~tBJs;H@NiMrkk6)W>l9odY!{|9&dC)7Y<@3j*#JL>+TsDV_)c-sH%NoXp&p`v>Z
zYJ^8n+v)}eFytG1P*w~jABmd63K$z(qrMMxL``uo)Ck9*+FytPJczpQHb(06KXjip
zSOGQSil`~<fts=zs90F<%71V^cIC<U+uFZ}3d$y^r5lcV&}`I9Y(%wl5)~tlF%Qr8
zG99o6Vo*Krj(V_<nvum=6i=d}HtbvLU|v+iwJ|aFK;1tKli&>01DB%Kd>?8?U!gjd
z@gVzO`@9SZtw~)}gWXUgnT)aUE7TfqMLpmI>b{$(DSwHY>d-^>VU!+qe=Sr8K17}U
zvr$X89W{_$huHs$?q4X-)IUIVAk|@;qGG6R*8$bQbPV7YRE(T+`G=?zG4T;Q52~Qf
zfdQzQTZx+TOQ_(DbJPZ0@ThOUk*H2VNiH-&^=!KHYgF)DLyaW%clO{Ms3|OudT=XL
z2j`$>Vh3t>oO0KHM=fc#W407gsPkf&PeN0_6szJcR8K>W+te09HB<)Ga1)pB<?>Td
z_b*2U-CpNeR1n`owU_XFTaq%U8E%I<_<Wy)f?_=u#}lX<WBp(=kqgy<I;atLL#_P`
zR7|WyP4zdZseXt$NwfTDe}bYG_8`9nH3NYYR=*tbT;J<KBDl7wuf<zXQGXZ}EPtV<
z>NV<t5hraaN~1>792E<LQ3IKUI%u|_X66X$eE0=p;cuwj@;g@7{(ntEQ(xtjP0=*e
zRBuL2(Q#CRFHsGKpSB0*K$TZU)o+Tr-WxU2DX7?3gPO7HsF{3@ilroH_@2S@y+S1P
z9j+Z}q_dsdP|<${)sZ-7Ef|ZUW}=nL4@8Z8DQe~ppkm<#20MJtW;h4xz8a`c&G*sQ
z6wW1~2W&yD-Os3o5}dcSDv!$dL<Q3_RJ{|Zk^PNoC-DVaiUO$XRWUC1MeUX$m;gUP
z?XndY*#7|%$0^X1JwSc+ig(d^S{hZcA!?0>q8>B{br5YveR>{2&A?Bnk-tNAG}R@W
z>Pn~ssUvF1CcE;*m)QSmU=IbFlCziy!!FxWBtt#0IBF^zIeWYEDX0cNM=jkR)D-`W
zI)Y!JJ{7~S*!2vkT~Yznp?*FIP1OQda0s>L_g#7Ft2TmY)X3VSW?~R3m}a78XgzA%
zo<$v4f1+k6;+oAwQ7lcqJ?aEpgaPyqlF*djMn!R|pKQAnKt*p+EQ8%p4X#4P%1+dM
zzoKR?&2<}L3~ENZqhezW>U{VFOX3mKfZtlV@8!8+7n)&NF3dzV`~zxNym94)ezp#F
zM@{Ki)D+G|?dM&n&yZuNDSnO`K(1eG0BunBEkJc_9foWF?<1i#JnsAnHC0bgYoGU~
zos88{LFJ>S@JlR)=TTE1e#@4s00zj{M$K3+)O}+x9&SV(bUQKl=YPH@5uo4>>IjZ=
z+xBZDD(KpyVq!RI8?AL7L7kkpQ5}kZ$7Zews$(5cGxP~+ckM;hyMl_H&|lgA3YN?y
z)KHAG2gV^k3$>Q>u@ZiTTD#|{Ak6%m1zSnflC?v%GYj?LZKx4nbNM@{jwHBiF_HT&
z`(IPjlmaz89%tf4RL7$4*~q(L4EcGe2Ct(Iq~B1%m;Syzum)Bo-v_lFx1(n8D(b<1
zqRxpF4=i8&fp0x&K!HX&+Fh8BTGOvl9lV5kP@LZ_`b(g`xO7C->xl}!nW&iAg?jL1
z4B!jYxsd9i<qM$(QqL!$o;64HY#^$^`KX3=qqg4_jK)-tY`-@}#mY!j{jI2=x`^u7
zJycLX$G8~hv2`FZYM{AM=ZRl|M1VwNR6_$@egW!JY8R@5S5VvLC8}cypIC$WP*Yt6
zbr5xR<ug$oSm*M4Q89860~qgV@H+dSgr+7E6$4GMF^)!!<Ra?9zn~7NKT*M#_?bN*
z7plArYQHx?MfYUX09H8<qk{7eYBz;HS4Y_YB}nK1X^L9w&Zw!Gi(12VsC|4GHA9zC
z9ry>;;Z!f|fl;WLX@#2NVW{?IqXxJiwJWY*LiGM%X?VVuh=ig$6{_LZsHq!>0i28q
zzI7Pfzo-$1{%KR59(6q$b=3Anjc^&N13x%lp_VfDODnH}zRvP~B-F!Y7>r)jQF$3P
zmG@B(jPsY3XGV3f5Qbt!48tl|1*>C8oPk>Nqb~oKv+&>cORg?|v;P$|YbcN>P$T>U
z70sDm*@;&O)xp}R8TtU#p-~vX`Kax;6Lt3ALIq`-*EZ#4Q6q1UYJa42^=tOOZahJO
zrtB|N5M}?z9@r8C<OiT)VIC@oHo5W(s33cZYB<dso7xIkntV@GN7gvMN44`96$|11
zTU)!rsHty<YEb2R&{CH_gj(a<s0XEdXEPRwt;l!87~GFqns_WsIA%aCNlw&K^gspi
zr>Ld%_mj}nUqfxPu#nJTN7AA`L`tF_+yiyvVpPxfIq#r4njkbZ_-9B9V}N`gR7Yo_
zf^sJ+*6yNWBUM<aj(FdzO+wpfAgbZdPz@f%=J-2S#;UPGgCm=Yn!+Wh2kb<}!Y`<)
z{@ayjiX9q^nJTCOwnfeG1XsQaga7;AJ`(D{HB^If<5&j@q0WIus0VaI?dvfZzy+v}
z<6WpFyM*f4U#NO1;#vptqVkndGu#r@ULOqp{l7^{P_P&kj2lrEub`s#F=|E<#<Qs`
z;%tX%cm`@|R%1mxhT8WD<J*ABpa$3h-@}hkOR^t*ZKua1s)P_U;nsmV2||N^3Vtwt
zLitaq1_vYx^+L(7K%HQ#6WfTlpl0F(2Jm-hq9m3th<Z+4%z|Ao5~m~ywSWKPC<Pkf
zPpGL0O==@b?<|LkjdrLdnSiRd7}elbEQJ@a3?@lt*1+oI$73BliN!H<^3dSlFKm?D
zx9#yI1zNl3s0I_K2o3(EQWyi|Bb}{L9UbXhfeNngT>ddC2verCXfK7zcXCd~B;>zD
zwX@fEiJQ*2scen%qo%Yis$(NiQ$8Qn;3`xD$51o!$mL_Dwt9ImKzRw&nm0wYHw6_l
zYf<NfzmJ4^bOv=G+(ZT4TU3x_ND~@7iff>PvK8v9SzlMa5Oq$h$He#xs)J8ZYo0Q#
zO?d%S2RdQ^N1ML4oP<Vr5cPoTsO|I|_5D9ZI=fy4gE4>_!35{0?)p~L_C1O3<4e>C
zTcr;T{z%sw)$tK7zZ!%4e=7+!d>Yk(m#FQMFoVrRNmO|w)CjwxW@<2M=H{YKww0*u
zdm8oO^%`~HB+6*z`LQYaCfEo!U~8X5SSDM`_NeHbfSSTRsHpxKqcL6P(BS_z)Dmlw
zUx+2}S1gB_B5cW8;z;sSP!Eb9u%&2&`g9zGikUAk`1`*DB-GFaXQC{2LuHIhd20;E
zPA=caIoLVMImtN_HG}g}+wUOifJ&6r22>dJao#m6`(ME}mI7^~WzM6hwSR;?Fpw=Y
z_^;%Agf+<jggQWSXAcej%-9L_>Gm0FglACaK%5-51ktFqZ--fMGAbCq$ie>CR3D>2
zJ$#6rFlkQv@EM5p$e%*3ZI)bikkmwta3Sh}hp__wjr!a#o!gG$eyH+osCs{*W;$;k
z`%r7|lTg8G)OPy`H4_Q*+Q)8DR0lhvVqhX_?T(>l=!P>{KC52|bu#wD@;DXM(c`H4
ze_&b6mEV@a??^&Hw-^=0XPob_7y0}JY`-o-9VC0OGCoE%RIH$t_rZ?jSD=D6ZXuiM
zC=8JAfF*IPE8lJ9zV{P}W?Xn{1zyv_ww8lY9sAsQ12uwFMXWpqgZmjZ<*Ts|{*2n5
z_2094Jy9QCD^T~J#$p&&RObl$uM`QLRCQ4YMi<o4It(Ll8EW6}M+MzU)IpQ5m<3lc
z)W>c^R7d8aqW%=d4dI8=;uh^$OIQp<qJp&#68}Uk2~FKf?1J%1GF9Bz7j^J_UMe*B
zb^IGlLH;CW!CN>UW0$rdor=xLU&Du3qKxg9>}5l}IOKbyIzA9}{}K%T{onm0G&Mgu
z-=Vf;kx2V6se>PqZ;7?=1S(cCl(Q+WhFbHH7>(OeG4eNR*OV`B^}C>g`(sr5d&)C@
zRk%z+LJX^52TfAc$TOgh(88#tsf+4)2h`e+Lv7nHQTzE6D##w8mMUkI)$54r@HEtC
z%}&&=Iv3?zu>3`V&hnJewuaeJQ`H6)3lm)a3seWrq8j`IbwXyXXhED8bzY3cs(22y
z4Kq}-`&yuadN}Imjm^GGTt|&4ys}vo6?CmoCs}uwUyX|9udy25!g!d!3Lhp|9CeP&
zK?T{js1LX2sCLp-wez8o)9*ndJ{QJe3{FR_;RVzhrj4<Ywnpv$DX1mei<-jUTs}cH
z+vmkG8Rbn-2TvDNdvj2`>^y2lA0adBdnu}0L0M-z)J%*=t@#Gj(Rsl62P)X|)Ufgn
zsHK{RilJ{XDSnTNp=+pJ^AxpBW7o8$sfNY1|7VaW#D&A|!XK!Q*T`Bn#gkBLb{h5I
zxV3F2qEIJbKh)HJg-tL~9h=GbQ9-yK)&4zH{d9FLRvKeK`+oxo1<^@Vuv|n<b?SO%
zb<_+D$3(ahQ{y+NpgoV8;yb7r$W`B#tQcx$+N18DjQXtEi<*fS=xZOAY+&1`5o+o`
zL{0r7)LL#p1<!s|$6lizRIs7VP+3&0j6((IF;w)wM8!b)Mm7^&Q9--f<sUa<|5u<O
ze`DL{Jy833DrzP+prZRBYP<Z2`U;h`iCrIxnt`3DfgHnB_$zAn{DayJ37Up_zhN2F
z5@c-_>K(^6&Dj6lN#tp65BL~0(gUay@gLMo6l`H%Dx<L(`PHZgy+b`9RZE+>%Bbk>
z>GHEtGqW4hq1VcGPkPjcP-UNlPPiec?KB^ClI=l__zGUbIIZpaEmSbYZDaLHqGF*j
zYOQ;q?wgA`YWJfKs^4%3rfh5VrlUIQZzG`-?JB0nH>i=PZD(s-12wfxQ4j8qdeBPL
z!SVy@3&%5eJ-oer=#)WC^>{3Y2QUiXxqMWI;BNB0kt8(b+ffytxqRV{p}}7&b$9kg
zO?5xic3h4+;V!xI`0v|Nl|pr}CWfm%>VO-G8u295eP3b$?f>f}GEk7PlLcRH)W~Y0
zrm!z+<nvJte23a44^cChy0g_Ug?exs)CoBOb>Bu*J3pfa821C)4OOt1_Wu|Xit_DP
z3-{wTOw=XR`w9<X0_@+_Ixq?~W2>A$V;%Atx|!XaJFz$A@w(f#9gNz3Utp0C_CNY<
zD9G8<zNL;wjqEVC#Ye8ZPA|K0I##0mB38i+y=|Yj$C~8Vq7IrD7=^j}*f#Bo0rG26
z<;SodhWBOv>+`y0U-uz_%AZFqL81@st5i|c14p1bd=PbRWbJ3$r~~TU_yo1KyHEpp
zfI6^J_P3)u29uB<g$mA@{e2tR4;1L6N;SaF?kJ2VKMA#ek7Ha+GSEhn26fVvLQQFB
z)OWwHP%&^1BQe<^Yqt(6c7`~YpgMZcC!sU>1?t9pgDt2UqHY*~Iv*CI&V`-W4KJcT
zj4BSX5e`Ew%?8v!o;foOwT@In9a!U?i!c^>e-nu?65CKc-h~?3OH7M7hFM3-qdrDE
zq7Ilrco$b-U7R*NH25!@T*Im4OO3FD=MdH>{}kt8rI9w^E7($>|H)W_o?PgOo$xAl
z!RS$;UI$!<V=>X_Q11hrg{t>Aet~VrSWF}s8yftJ%iVAk<%e+wRvl;cE?`CSW5!$g
zVO**G-*|!r(<@Z;mYHbzUZ|sU11gBFq7I(Klg!G_p%}t;+K4G|^JH6sBU9{$*Qcnn
zzs*z&(!r=NCW|ne_Wwo_S@0Zcjs8R(sR^gqzR!+2!3v|IybMNRYgAA!K^-`&QRl!Z
zY>W{fSr8Avq~y0_Q~VC&VPHD@Un9yxA{(|vZNIUo{k$7B^0+hXfn`wFhq?R~mw$o!
zyw5+=wqrk3duve#+7GC9(#^8(6SXiQ`8KoI|N3z0PJy<=B<D`le!q{2u<&fVULFgP
z?~PiTrKnx<11eabqB<Tv$AYd2YJ09lJ?AN=31tcA+KlI%N3g}=LbZ9;!@8)?<uRxc
zY{v$86*cmLpIE)lsHk6nn!$Uhjz!G3`|6^WsvqXSd8kj-Jy;1Jx$^h?1$IL-)C>&A
z0Dg(upC?cs%V$wB@Cfx`^%p9rQZ6(LqVBJT+W$jP=f+A5$AhTtdjd66H&Gq)Uz12o
zBFiF+%EG9%se+BL0V*ihpn_&E>cBdJTGKaJ9SbkE`-Wl<@)L0uzQFf!!l$9Zzo!2H
zkC7j|#O?ozOGCZdY?~#xnG3%!3-uP_($7M@c35UP*KrXx$9wo8R$5^P&NftZCtqo2
zdN$OjV_Vd&T8OQ24|d1&t84%hF!<+x_L8W<g}AFN${V0QujioFY8UEr`z>k>BiC5H
zUZ^1a3UzK=b0%GDF;f}U@lQ~}cL(*H(9f;C+So|@e<}$D%g?BW!q(X@9!lc(<eQ?_
zG}{*zoOLiC`LU=N_zENN7;0wjq3X9<Z)-deQ!>L}Vgky){W8=WjwjIXNTTKjyWuNT
za9u%l=ugzgWV)~H!>2JS2>YQ%J_3{AI(K~+>O<)gYUYw{v?I4Ms(e0bTc1WPQJPKc
z|I#EHY_i{gOv8%gpP;6$=w@>?Mv*^>x}J24HPjFXFtP=x11QPYcD)H|J1#&i-7(aR
z#ocBPE{fVMy|%Ic^N?6df%f+?S0QA(O?4!yp}yD&KSRw(+#Ob430soyhZ@L9)Q4C6
zouOVo{1A13{fgR-FHlR9VwVl5yiY>gLn^v&V+Sn1JJj2NpWzy;x5rMlzfe<Hd9UTC
zptk7+jK+N5*ooH@wN1BS0epz{FvC8Ju^y<8Wq%ooW+a|rU97p^E-XSFoexnXE^)wS
z;6v<B{t~LAwZFB7H=;Tga?oNU28WUFk1BtH8eoY-p~3&bawfLb=l??zmAO#+uzgva
zjoK!sQPG_7h<%Hlfy>FiLwyfee$;|0{5$)xyAn2_d?7Z(ho}cfAF~*mhziQ{sF+B1
zJd}U<g#Fi)gdTVb%VUP`?K@x#tVMn~>f`h=YOSmMV6pO<^D+jb{YSGg>I7VX>Oh<m
z)?O`C`CJUn)Je*<|6@pK4QHU%>NYCqlAp5jim38WQ00eFyWkIu!BVH~!J|+gMu$-6
z$SbUg1<!<fqj4yHh5uk}Tz{7RKZe9B5*64+BhJ}bzW2OEY1|9ud#EF{HMYau*akCR
zv>6$O<+=YNrlUOdWjm4!qdr}uoz*ZG`MP)j2VG|W-z8D{imheVt2Tm`s1eV?g18Sg
z(nq)&OI)*W!9Ss*yxLC|Lq2M44`EXby>3T#3)IX^L(SZ`_#Vc-;aj5A4ZF}CHDwzx
z4Zd<F|Jly)yf~He7}QA5VnTd~`V@VIi7@^zmQREF%*ctV*UZ@o^|Ah;PeKiSgc|7@
z)PZyXbD($AK9+N$9#9q&U=3#z)W>oMcfC96K||g3i5NwG4r-U3L!Er-ZrRfLHApCW
zSEJ5>``8UD-L|OTfSS@+ckGC*h*`-`M%}mG`2@8T#eTJ=>yFvUFTj-e4JOC4m;`^d
za{m1<5?ZSSzuAo)F$MWqm>O514xl}#HTw(eV7|LHqM@i**@yZRe2CdF(LL*U5!7zz
zjq1n>)C}&x+}i(#NaUyBA*!MD_ifFpVQKP1QA@HFHHFtvXLz;;Ho`jCk$gW?M=zq5
zGR5!Kk&399=#1*fRMcm|KCG<$f1QM;INL+}bZU=L<QJo&_9s`K;*qUc9gL=Y9cIAa
zQEMLWu{|giYMYh8Q0##EQ0jzQ;uEL==X%2ak0Q~Cgg%cyMy=^7)CraHshx-|Pz^4?
z+IYa3<eAM(YgEik#P;|MvtXm=)}eu@{35J~dr>pty<q=qYKy(FhT5RkcoG)F-KZ&j
zf&t9`hedB~j3hr2)zRIk84UT;I$8m>R3Bgf*Q2)ckEj{DgZfGq^3t~>HS<f0-a4qY
z9goqt(dC~xGyP=;RW;O1jYb9CVGMr9L+$_2zwQ2{*q(d?R4i@9=J*J8lvnd#*^fkn
zQ6rs#iryorFQNBQ9ZL4vf+`ZV{kmgroQ|z=JLbbw|Jd3_JA0vmZ4s)YyHNZ83M$zB
z1aGY8rBNqU6IAq0a^>5xCi!!y8v<|5I;bOgI5xmT*b39Uv+oi8F<9>MY4|OJ*8BsE
z!bM2O`1gNEXhg3uHf9b9UhuM`W}p(L#crsz8;e@=rKoLn#~B`K_Z31ts17Pd#$YPk
z=dPbewf7<@`!7+LHJlSQH5E}G$Nf+z)pw|=zJv<OkXZJh5}1^HV=RT8Q8BR;wUoCo
z2S&sW3kG!+)IbNLt}nu(+W!|_L4r78!7m~)Sc~%6s1e^lEzN6ef(7E5<52tfDyn|G
zcwxcMlE$cx^>&UzZQog_ZN3w=>t3L*MCSN5!fL3g>x;T!6{^QSI-g)B@+rc@g27Y-
z!^zi2)o<m>$Dum55(9V|6`apd=SSuQVO~4zks!<uPR)-LXnS}GtzsExXH?YAM$N!x
z)Jb+56&tk^g$0AMKPncMV*rn$w%1+MOr%Y0Gnof<y$b4_>73ZNHDBNgj-z_|1{Di=
zl7t06Y+9hA|8uO07qKN~PHGPtiVDhgSQ4M0f-ZNmu;9^L9;3<EM16RDgcb0bPeN0b
zF}XEV9V?O_f~v3w)scTt9Vn2(uD3*;3rjFQ9z)eX>&jE4v>7RnQIvN?-M<ob5}rW?
zwSS*P77{5^nZ;3`<4sYqF&#CPJ6!o))LKWRwh_jl4y@Lwc1B|WSGenkP!GO>YA;?I
zd+>Y668K(A5^8WdYNXpxLHL_9Lt5Kjbx|`l3H89QQB!^yRX-w~wbKw)Z<x!kMa9l3
z)S8E;w+<G^?E3s~LZZBGz;?I`t6_!=wpQ<>w&51%NeqyGfSQ?v8Eu4-s2S*n8qhS<
z7n`l9ktfV#OH=}tABd4W-&;mPH~fV9ypNsPW}+<WDDHt;+eN4^jaQw2qR#eY5f-$C
zQM;lQ25>CuzLlsYxb3bd4_Lj@=<8#$9SNOmtK5Yvs2f7E*i;un1xrJWz~QKlE=JA3
z8PteEv)a_>M{UREE<X~r8@@oba{#r}_p`G9Ym>;3&DOXpszb|B(fu20t&?ZBsV#vz
zI-8+_bS`Ry-=hwy1Uc-0Du^0TEmS+BQBl7h)zL$!rFxXZx2Z^))26y4DwsN>zECX0
zN_Yv?<BYkiUTsvp;n)~Aq8g5q+orxSDhTVN&Wn+#jvq!XX-FP>ZegE<3Ywy#bOI_C
zcAyTDpHV@SHm^-}AFM@w8S0>VhyhHO&qiJb_26cxk&j0`cq3}+e@7kRsq))>eo+!y
z>qe+uFa|X>2T(WOa@QjYgayB7)JBc`3sk)usGtieXdTRrdQdaegGQqUv=kHKQA~>G
zOy9dhLJ$5EwV#U@vfvqpitc5o4(>yZ{2^AuGKFo1#^O}+yHOw8F-5F=G3qnr9BLqm
z-?JsGf%*zI3~OuupC{3Rf^0=?WFt`xZAN`u#w}(YtcZ&C(U<`@q0aIjof(VU40T5Z
z@iEj=BrajGQ5H2*olv`H8jj=n-nS$)r7<OK&4!_FT<!8_QQPS)YD%+}vY?AbZO2cr
z25v_^Ahfi#lLz%prx7Z6d!ly55^RTO(XUIQSedZk&*|f^8TqNG?{c?M+b_DT1zRW7
z+Rnl_xC^yJ2QVCeMs?r;DwvZ;+DuhOb)+5Y92kPyt}`Op|N0qkGX;wBW2lC+l(PnM
zqqbEG)C0z$Ml!>>9~B!<QPCbzKFk|{HBhm#AFE=b3U*#J!g%DTqGoh%1@^xlu#*CL
z3$^bPMOpCFL`C^{)QHxgg7va1PaAF5%b+^a3Ux3|K?Ugn)DnePv=5)WsBPOC)#1s$
zOKe3=<qgyi5^tRuD%k@|p<-kZ4#6+5C+4VZ<#SL|dKBy9eODe?#b&e*Mo~Tp)xjO8
zPecDP2?bTws`j8LRL^`=5UxXgyS<1Co}@9>P!-hm38-k^f@<&{Dn>F^v!JYkx^E`x
z`eD@6|ApM=dzq@+{%nY9Xa;Jk52H@Tm#8VvS;M|gcS4m<#frEKHGntndWM>|=FzAQ
zPD0iH8r8Aes17BnrQl}&RV1M)?~J-I*0}@q{rw^Kz!bH^g8xg$C{%;TF%kZaik-N1
ztbP&Hnm0uq;e#+5ze3IIQ`9+<v2K|6KF{}RkqE<07{ISl6)vErDo#CnKt9w=G)A3l
zb1?=_pw={XecMH~ovScD<!?~!#BE^aM|HS9`nqu#3Aq_{RNiyuXlVPty>mQj3O~m*
zc*d3AN5x3uMs~)>pgPzHb$(1ot^H=y65qiJn4vNIUlm(6wvm5~TC;7a8MuX7k`zrW
zCaR(GLot9~p|;&A)X#cvQ5`AU)DEKls17VbEx|riM?#v}4<f~yvH$B)FoptMIE(6G
zoaT0hN1~>DG%6PMqdpUUMa4jt7Gc3(HrGRK&y}bST|x~YPD|@h32aEdH|o>yAnN)9
zpG0*M8CuzhI-%BP0@lWjSQ+0sE48+t{U%{L%5R`L{x>SP^0x^K{@C5rxeh;~{0-{h
zncCK#vmJHb_?Jj%ie5T1v?D6XS3u3gN>op;IK$i91IwTu*b^08^HJM&FKUF3Q3FZS
z!DcENHA8(+yJICXQ@(eIgx2&KY7KLBv?KU^)V5rXijjS&2L5&yc;AAxJ*p$0qJr}~
z)Mvy~RL8P*vioCDNBd~hbM^(x*?<3#Py;18TZQ(h3QJL+X4g;;4*S3wE{Xc0(giEw
z226#|Py>nA#Xj}Qq3&z$@*kmQ=5y4i;c2X|{ePc?zSl=~we8as)uH!M4bO1-Rj4&P
zg~{<TYNVmv?Ea#tsjY)5?}ZB9r7nLR6*Eb?+xE?azM?srg!cV#RL^!`08e8De1_`z
zdp)c}EieiBKB$h4LPh--s3o|J0SxVFpN`ouA^9q(bEW}m<|g-K|LarhM+(&AC$2)4
zUbc44FqHBUsOTMqYG^$s!kwtEVn;Cx-a;)+?B2HBYN8&v)a5Ur+RNL=23DYtZ_(Y8
zf?yD#*8Drv+5H%GaOCQ1Q`yzI7NaQt4OKt)hc*LsQ8P6Hbv~@ZW_S*@%?tFib_Ssa
zzRf40pt+1SFmZpgIckblqE5uSsO^<%fbEJH)LOrfnwfE^?Ya?T@K;p31qWJrN7Mrs
zpa!-F6&wBw5;|at4hjqYfrG)QhDV@o_!Jd1`%zPW1vTQ|P#sJ>*kY#vW+Ok{xfw&r
zU%+5YV0`kSLu@7zB1`6bO-MB6!eDHGCs47FWvFeR2B;aBfI0`ZU_*R}buoHaSnv<4
z&BE^FpJGRBJ={8Y0QLPK_6VD~Y*>?g6bAqOpJ^m?FdRdTDDFsGyPBv2WGHGzmZH{j
zAF4xXi5+#c3MvQ(VlAAFT9O;s921PP;OvAdpNPG13+DGpWF2ik64gbW1MN_2Hw>%d
zMpOr1qPA)AF&1onQ5{^0YWNW9$bEuZiu7acs4kE7$oECv|1D~lyhUF(Rvu>!^uYl6
z#i)k&VlupmI*4ANVkLaMEkRw>`LO~k;B{x_3AW~KP{BA6HDf1H_5MM%7desrUy($E
zi54s$V;%DIQ6u>cwVjepvJRET0Qokk?dqcrtaYe*2T=#p1B`{QQA^`Z4h#N|))}!S
z*;%NLJe<rL5rtlXDPh6?MYAsIo6QE)+8#lDyuL(5ecq{I!T%YqJ}Tc1b$uc#$abM-
z?h@+$H&`DFPP1Shg*uS7qUt^HT_Wj6_5(w4)QpToP4xlP(HdvE?b~9gCF_BWa6W1#
z9%4#NJHx)H6hIB6A?jS{j`}eA3>8b~QA_8im}$XQ2X!!vMFq!h)PqB2Sp$Vo4R%6}
zYy<{y18S*GVjTP%H6z|^`;o0E>ia`^)QQ*&H3Od_yUq8`k;p+o+Bx>%@~Ej9hpPBF
zYKeY!hR(Hm*-=s64K)+fQ6Jm4P%{_!*gh>gq0WtQr~!S0)$n&ruJ8ZF=h;ZAp&rx~
z6--l6YrF+D#aB?fA@(PBGNwV*D}za~1E$7)s41U<I-vHWW;W@3vl><>KMI5Y{@-yW
zC<t3%YZQrE%RZ<Mj7QDLdMt*gQEM4zp-pWWRL8ra+L?yh=Z7&0Ll)UgR75R7dzYVy
zeryW9BB6%AcHT#An~24>1ZABcqNeh5=PgvnGJR?@R1tN(C+fp&4XUHhoH>`+^%l;#
zOW6O~9w#W!z6>l4^V;KZ4B&Ot)V@PClysTx_sXb|wnmL~9x7JOIOBh22T&9$wz^_M
zoPiqHV$`{@<1^om#?uriO0zDvh8v*Pa4Kpy96$w4+!gj|SPvBw-B2;`F$Qoi22Vna
zOFr{To1vVjj?_dAq%StbRXzzt<r`<dRW?P<QENX373I57OLX0tVzqUs8fpe-q1N^m
z>U>DP#@a29>R=CKyLod_OLPf!&iKjK+OI?!qaM@->){yG$j_qod%Dlf8W>G}7;1+0
zq8faTsj$F0>v$zpY;;2%G&4{GIF8y4?{K~Lf5|UwDsQ72O0wR5!l{n&$uC2lSnHg3
zQT1|u85aEee(f*|`O~NmndhjP2yCzzsEc~=VC;!sqLw1VSNcA{{*NXRML`?Xlq|)D
zcoTJyl-Ot|*)Xh4egbOk&Y|{k{!P}wffz%6D{935pk}D#W;+>sqJE(1kBXgH82tCY
z_mI%{`nxy;<8HA}!O>WY{3&dYnYP*q=c9JT9@Gr|h$-=+%m0pQ?@!c+QmU`r&j+ZZ
zxeh8uMx(E(`I3a9|E4qfHoLJRs-bqMVDwQ_yBf6{&ZF+nyxpd>Au2xvo8Si2NMrA?
z-BB2|RP|9E=(mIYKaj*y3KC)JomMeBDj2Jv)~YM&#u=z+-h^7B%a|1l?6L>f!)Ws3
zQ4c<f4e*(}US+o(;X_eNJ8d`nUkAcz3N+G(s0Sz9W80^&vkhwG(=Y;eqoVsN>LBs<
z+V)C^y51TUj3ZD3TZeIQ2R6ffsBgt-{cr3WOEl_WsE_4wJZj1hp*r{gi(uS+Hg%;j
z5BW~0?KuP0!TqQ;evEoR*8O%e)<o_9F{l|kf?5Lq9tlNdssr}G_fQp@V;UUp@^dki
z{B{h(U04Ud!6;1ht(_NjuqyevsNlVd+BLZk+5-oo2C^LKAfNvv(oygRwPtA!*~luQ
zg0cr{Di@<>=osp(e}j#&*kL<Rrl39xzC{J$TUTE6h&`}7YQ&$SV&WK<(EiVO)TXMT
zb2w@SR-yLscUS<!zO#-LL3N}J>iTSKgFm81mj9U92G!0?)PuL6mi7kf{>;beD9`sA
zkWfPtQET`uYRaCXPQD7?+b$S^J;<-XhM4pR3%>U;3HcGIgXtsG(R~LiV7?zMM!I87
z@{3VHdKZJ=|KpvowJL@RlF_JbcNo>72dFbU{YhJ*2H2DQ2-MO%KrL0;Q|=oMYQ&>Z
zv9KN$q|aS>_R|)m^-i<@HDzNd=#F2bj?^q?tOMOqQ#H$Z7_~kB#sFqIYq3%uRo(?P
z@@c5;c?PwMUZO^v`JByYdDL@<pYv@58z|5|zKYszFHoOmNzdEb=X5qgjbsceShrwm
zyzZ|5fodn)1v`=>Q5~y~DR6*uGAdX<^+}{8aT&E=AE9C)%|$!O8ek3bb1{H7P*csH
zMhPCVg;5PnbRI;VfbZP(=*t##^HKL*#1PyYhdAKvU*JD_Rf@-#hS)?iW~D|}HamZk
z&MWG!k3h0sH~v#P7C)5o^=1fV-&6M;>Ay%1<2{u&7Ev~WdL1eM?`u1m=Um@Gy#%zu
z%lE=4xJSV<wazO69cV=UzprgHs87abT>JN>KllCbE1JfZ@UBT)dVPT(alI%VNJY60
zvZZ0cOWsA=E<oA!U|#!=S63RY?>dkd<MTeryF3jfqOmVs!)GwkjVdAO&$%}<4@ySa
zG#cK|d;EVo$-iUe)ugPoD~nCN<h&=k_Ez{@jNz?U4_B!d>D@ehW3ZGzB<4msmLC5=
z`8ay7*H9YTg315$z?odDMY&!RFx`KyeMZ?j%J}n(!Pk4F{nzf{D(TA2lPFxkgL?d@
z{1=ygNUtYxt(<G%1^K_Y?>p|R$eTY?=H2K1cGStjJ^I%VE>ixA{4(D9Hk5$!D0e?u
z-}{;h?Md~dr!#qv;wJrVg_ShaoQlIK`<wK8JZuN=HPkQZ8t6r%0p5wJzm<l=xu(}3
z=REE`M|lFu^kJpfX!3)2U!~4Ho&WsniCz?q=v9gv^eW2(Us35J)N2HlH@QZ?b!EA^
zC!BXq?!Qajl~&bjMZIg3^}<q^gtuOmcpqQ@wYX=j2B3Bnf4g17eR=p|Dp#YiUnpBc
z`XV>X<p#YTaKk@b)2lMh=Y54bJ-B{@2K#aUY3gqyUDtI|b+d521lRU*Ek5-#V0ZEZ
zc!rCAqLxaXd6(qI;k@-%aw^i$O&&6vMii)eaqs`U;?uy7<i4V=UPEbAFaDV~FBxs=
z)gJTw=cZ<)BdNE8Iz?mi{24TInTmON!1&-TL@5<IQvR`Pq^G8f*RL+GbUo@Pq>+Zy
zZAqgKc=zW$g0j(E-^C!psQ(l9roo%!KjW>}GTKhfeedEh{x8Vr^^a?O4UKfB5xr`2
z!xXOT7Ymtas0i0$b8QSa>s5z*Vd}K!eTVyB@NUREz_k=~@ORP)d5@xv@3}t-?~>e8
zh5G%~hUUL474+K44YytTPtvh@=eA41|MJiGdHJ}JkAE+ehN|+`Ydfx@(U;U8#<lyr
zLtH!aDgXC1oBOMAe{nZpl?T^<9R*3axe-0u<}S|X;xKMbMMJl^_7?kb^EKWJDS!N*
zM)X-fk1{@Ug0DZQGs%*{|1RLc`XV!zcAlU<G4*Q0pFa*Jns7r4D(RJ$O66#rKNjvy
zAw7p{dadL7RLUxFtp@Kmqz}1k1$b~et|ub@j=K3YwY-*4ww5-kk-kO!Y{63dPXp>?
z59RsuXzW9JABzfmX`ndoS+3#fT$@h%Fb%!JW7Mn2I}hdmzBZAlN@FAF#P5{f;Q9&L
z(yKM;RNS{5XYsB_omN~+NvCpAK33yT%gu#(z<w_3)fzjHZ^#XLEui8!Zb-w8Q@9r3
zA^MA^ow>e&Ytu;UrEgH_HHcu28FigdHo*PAao-2rGoO3@eFf*gB^Q>t!n>r)kp2ht
z>Vf(}<FEhRl!gb6rTk;pLDkDc#}-jG_djL)OPyXicV8pYKXR=be$0Ts;GQmVSpOs3
zRD+wBQn4Tx4pV77Wt-`7OUh%rQ6%R^y`EC0S9|xMKGZ$Ny}hZo#?|dY-Fl?Ipzc84
zJ!z{6`6Sf+_jNefF~-k7-RKRc!gsExn`n3(@70uFceM|2y(l-Y#&nWKYtkV9&SdZv
za1Sm{`A*Uqske)Fa|Se)c3b@C!MfoU@8*=P=lf^yRf0?d*T_E1O~ad9<5t7|`<VJ=
zDgTFTJKojF_vZZ}X}->TCEbIr=^F3e41|BX);sP7*OzoGI;Gcj>iTndSSfDQYdn>f
z(d&;$Pj(FjFYuo>)Je~^an$Dz!w0|j|9h<&*YdarG;}s~_n&c<TJqrPTpLUq9eAha
zo@YA$|9$;IA{9N0;DUZ9u!wXxy}v<Tuhl%Xs!Knj@uf8Q0r`G3mXd4d@dfV#TuX|r
zc~}bGOKD>#b@d7-KOOH=#!ve8_rE@&-~<(BbJJRGKEpc>?^jfM#9OZ=JV38KF0XVN
z8q<$qrMdPIoqZn{^S(_xdX44*7u|izH+T0&(DuKtT>AZMCmQ;k!a;Omjk~$We;$;Y
zYh9?LS7*{mY1B=Gcbj^j@o;|b_@CE3>fE4yEO$>k>i2bNRl3PN4R}sJp6CBWrm~x!
zI@~z<KMkq!R&E?g14*d2$2C%h{LeJ-nz|pT60a*<i>7=V_2TmGMp-sDm|T=+CtZw=
z>h+fEdi@d0n{)8fWOGhUjpcWvEQC5asQW4X>A>~el#S$`@9Eb*+Mn=$`gVu%7Va5`
zxvwmB^*e`puAg&AH{#ugd_vrWg{l8LX}ub`evtIN5N^)N`$HPiKZf}kjc<1iMUc-#
zUav>I3)09i@|~%#SAFtFs5=t*jgS}r|8(>;_s?~0eaU@!$ycTBE<D2fQmp^o2l{_0
z=?$Xc&t315a^u%j{(!RIcvu;(pCq4+j<yIsp3fBO)S}^Hyf^R;;ogH>|MyjZ>qq~S
zk03pmcE-|9eLUmyAH7ENkSpALl(+g+mx{;TjX5aGPeY0SGrB2U+ejln@z4QWJ4v0U
z?s_fK5tN<f+IZ@WqU}$4|NAOIy)0bQZ)5!XuCxdhBk9ah<nOe28>w)I^ivud>N?qs
zx_c>~%KLrF=TWaE?`U^@mFqwp@=JJN4E0y>?n;MB(pH$O_vC*E;(HIsjHZ#9y!DqM
z|9z$5rjahw*7g1q8quqtYaj;8anBLzmgcS3capa1VOBcYhK?q3_os7p^pk)7U>nT!
z2UI#hW;0%;awgLJrMloNHaAqJY%uS#uI#$&WHsvDvT9y)(#c%;FWA97upw=Z<egF1
z==_J+k9Ib=`;OP+BL7DD|GZXkV+8LLJn&cEHF)c_#XWqU%Xi{|TkX>S{FmRCdCBG+
z_%uauV>fiI9_0xW7)A!y!eP3RhO!E-rEBD?bG-mh{Rj0MExkI@+7s$@<oagveYw8_
z`ODn<4fS*sc7&!pCmHw7BRzn+Gbo?JKX6T!adQK|Iq`~6VHN2d_?+@iRQ!azUWrNT
zwT*X88c$5)b-31D58<WXl3oa=*!a}VPMt4lQ?C}(+vM)AOb73C?G$B0w6Q1guxb=E
zrlAd7ERR*FT!{C_^!iWoH@W`OJxC3<<-LN&3%J><Mcpp6vyS_xP%oV8lkqI?k4fLf
zhqTd?_hj-Zc*mvwO#R$8jfTpgUZY6I;+>iFDH_x36gNG<?v$4$os`D(ir}7wbf7Th
zOG!VWerMiMTw6lEl`8RS%)1=<!`!P^Bz5+YA4J;U#x%_3!W9bMkRDFs{Oi}=R=h&P
z^Xa9}4gY<0q--SDQ}X_udx~;BJ9T4`zv}AFpuORg{lbm$Xm2BLek~Y$P3Qh@TwfNC
z_4jEY9yc||m%LANL9d=v&Pv{+bLx0`>I~rlr+DiX!8<i+{=s^0CGSRD&r7~P_kF<w
zcDm6Hqm5o%`-}2Vc~78xC+hczmt$M}d0Sj%HLO=L-hH@fp*p~89ygSt@tNfL>zx1J
zYmm!7rwyM67b1U``c0{OfwIMv>D7hu>$LHVYkJjG+j@RE3UZSPFbe)^rdOFtdQ~E?
zS4G~}sB`xJRdycWQ5Ea|&zzG+2uOfHs4kF54IQP}=%5G)0v3u(vLp-1Zpdzcc+rrA
z5~LGxqzlrk8t?#8RQM?>wu|-J;I2tPuN}L<?=xp-!-D?r@A<#aGntw9{k~=1DQC_J
zPf!Zb1Tyq6b$f8P;@||h8OVoGR-ykbxNY#<)GhVEvS~l9?bZVKDf+$W7d$}YIN;qV
zD%!1`tVFQ|?Tzs4-$L6`GJ}#A{F9W;U}n%i4{i|kKN#s?czba0Pd$w-(KC=G>OOy6
zKb#684&nGcSS<jBXqRrxMd=BQxhaZ%1EY?@-a4g<w^hsThxaS87jWRAq)<Mh?7+tN
zl+Lu9gZV-aQ0Z=qCI25|^qgisMKBB12ms%U(k5i3v{%6IkE89>OHnLA7EY^le<coT
zBbZHn7&{+gw;Sy(dT{gUe~!I<*y>7qZfI*Yq|+CL;ef|en;2|Kd$t~38jk;ik)70v
zZU*xL?RRJ=fmsZGChZ5XQ;6&tWDf9$;opwKe<RxjZX^6S%5-p#!L!$YUpmL>bOwAg
zMbTiCMpG7JWGD(hX}*%h&>oBIYxF`ih4u~{`~$3_f#~(2Uz7f1>NS+t(92^`{U~?R
z-=y}x`c=w!1ZPpG7v>}m&};C<!W(a!41SW+&4`H@{stp)$h#8E4Pn73j2r%9Fg=hh
zqi<lZE*O5-Xwzu=_V^oX#xc@%E+~t*jN)GS>*yOOH4O_)K|TSi=xdBCI!*ls<tGAu
zmiirZ($QIjjZEaf!tZAzxilc#jO<%wQ{_L4(wovqJ85J`#%YC;qL1K@#n3?%_u}{?
z>JId)ft!Wg1#h*+M#B%M5(aXYw$}k%Tl&{&%pKUZ=RcCh8H8^lD8qOW{dZ}n&^}5@
zMd@WqA|p%J%0Fu_UxJNBb_)Jh&09k-#W)>}EJP0aBfzLP>QgYgqm$1sxFR;f@Zr1(
zfV$L4C{MuYJ(PeRRXaU`uTk8h+b-(G1oSF~T2rS{LR5xhgEAU>iW0#nas{i1mGsvl
z->W__Dry68Hgz7s^uf?_9Dkq<)`UM3h3qf~|AO}eMbTset;AS+bXU+;luF4$=TY6?
zNU+T){Qnj9-wbL;eK$TL)x|#DRtf$XgHkerQ78^W;da`Jdf^~M6Tm1s4rUcjCFMr?
zG4Q)m)NjCsf&U18k`BPFgTD!03)(Mhd!?@|sG)MuA73A8-Usv*H2}K^-X3Cj8=W6$
ze@sczwpM~UNtr<MCctY*y&9dN+RlG;t!z~iS7&@E`h<27*l}8J&%t1rU%}iB;AV`x
zPhU}elwQ<>xTGB`{+l{6s$CmBMJ<sZraY|iiuXMI4PXs0r?tc7*q#f&HT^nj4X#$m
zFnW~$no@2Auv#l6P=A4uaugK}r2Qg>j?sRZQiF04N0*Uzp?#;u<)ZfzwvJP8hPR#e
zbvhH@gPW)RlbNPO{I&w>k*Hr%D(X-91KBT{-vtBJ!$!UX`MY8Lsq|mP&eJ-3tEtbS
zvtH}3K|X@^Qh39(-t+45ej6nhN7Ja^qn@D^)@jf~)Q#aaL6(m4V~k)P#)~Lj8BsZg
z>(G9h_QPNwMxF_N9>GZXXVB?SzYMw5HmB>lU^#-j=)4Iy83&4<g7-E37g0P)-5W(e
zhT7A=i}p+44}kk0+8?0PiSh=xZPd@gQ{)1F4E!Om7vN7OsLt>nQ5b4Pcc^DjD-=x}
zwxd?`2nLSn==kd&_CIL41m8sQV`Kwp{{UXmci?)`PN5t@_8m5A;iyFGFQ7kwAQbh7
zcL>~e`lVok#Qfg}=w2LoaS);n^cw-b8^&*XMCY}k5T*nD-C?{6@QDZ;=+T|R?x&Ox
z-Ge-V&TEucw66!%r8Pt@B5X*Rq*9~->B#5cWEjffbT|D<us;)A6YV6Hx)Qx_0aiz+
z5$(}n6um=G)#-l?erH(F1rK6qA)ui!PhcP?ETCER524%&<x$`Ufa`&QsoLRqZK#tT
z@o&^?DJI1LcNF<E)E}Z(Ot}kwH*}w*t?0%W=6|g2EC75P%!g2T3f^p@eV$TeL;0kO
z;yw&4B*4*{r>ZlQv*7NA{}0+vQ8v?l7wix4qxFEg(>|enEn_e>>0jm_SwtKG*i?h&
z6U65js0rXB_}9`47+6Pu8<8vON>B~8?pL%&Ase7&FChPok_m4bvRL@{VLyfTTR6X0
z1*hJ?9;7JR5AZxrSJPjlq6gfGl0o|hl<VRMU7KzpkO27Jnh}qD7jmJUf2eV)YLC75
z;NL|16P<yd&{b404&ybnl42aDp8)7XYDKN7r|AHL9OjLn6t&aFKBn){fqbF$PN7o^
zyQjb$g}0D?U!11W572H&J4gMJ!;7IBDA&`94QS^eoWW?mq1~8zE=AEI3`*@>^`EC)
zhL=tK9rZ)tmuWjnJ`}y~@aDsdr9FyvIBizH<T{}_&2@c?cJ?Wb_Juk7R*&`)#_|;g
zSuTO@!DushUs2}K|B(_)ISOPWm_M}LAHg-(0kqdV#vi13loN6A1f!@AC<S(hu(aQ%
z6+3DCTi_HO*R^WjfQ>h)f24jv>ozA4MFDUV^Z+^{-+;YG8AQQ0nAJ6C8UjTv5uVpP
zAM*c!*I3IQK&b_?c{Y;IJG8TOmg05hl;~E<KAir7e6QAh3S3VxKVJ#DAYwSo5tJT!
zgxaoM<pN%eff^V%4JR2~9h5JDy_a@~Jjy7TEy$i?<kRTi1!fWe{@qkW9)svYeVkGX
z|E-Xs%6|&XUoh4O#i<xr2|!UVN+b9;(0^YkQf|bMfY$~GZNV-9GenQ>H1dBV>keO0
zcZwI>Pw+xi8_c70mQ$a>R@MC9j`Kb^`Ul`$2sUBVsTHe%dmr9@Fp4^(Tn+5^@HWtX
z1>7C*2gAFM`g?R6YTZ)h1X@c_H`DG$*`;Mi;i+kg7zm>-hW^CCHa(g`czMY3=s$<y
zi<DeFvcvGlVCbJl>5B{O|EFsV94FFz&;zlufN}3aLs2sA5%8kXcpR&vC~N8aDMx6}
zLoW%v2Wd;%^U*6pmQQ~_{9Dm)1-~2p5!g@^L;nOaMFpRuumFWS01O5^mhv*gaRca!
z!bRHeB3JYhy!DhM41{P0m`M6xqQ3%LPinyv^z+gC4E!95qK$e`>EK)7Ct4k04<Wo>
zN7hr<I|2S1{$7;sA%MFvbROAz7=0(q`8<rAMINH|+R-$PDMzP(c0~w4y-;I<ESB(m
zj3_#Wq0!pd$Mk>1Su^T?p)d<W@j43{9?=%wOUOH+GY#xQ+O@&Xf!~+<CU_a>SUQ**
z^rwQo0eM5}CDgYU=#)6Ahr--MT?<2s#!+J6&A`}07<rradb~HHu7|N<6h%Ye6=Ccs
zd_@*Eq>i#bx{6Lx-$8i`ofv|u(0&V^(15RXt-#B)@-hrA&_*k?vp&dfr}z~RDkZQ_
z!PJD8Ll8~iUDBEQ7qSCkb{in;pp>A=$R1GhKNTfK6Jd<Q$#xx?2mTB2-bUuc$S>3_
z=)Xuk6I?T#e5M`6f~}<kL~PR^U~6Nml^#q}Y_x;d7hX2_iImprGukDXe#%G$%P`Uz
z^<DHc0Vrz2=$6u61@9E4A7ui(HaO1#e*we0(d|wDefqD{9zzMy&+tbP#I4A_1^XIx
z6{$y9Pu*LA;XiP+7lqRR6*U7~NMF&NltSdUgKLX}mna*M*C3b+@E+4T3cHK;G984Q
z{%tA%)u$HPUQ=u-{}Cq4I29emN&6wig!Tfs7sHB{Ad8@{=v~_1Xd`#yJVa?){tfai
zTD}V5KWQICHVE6V)2>9PV-RcmkN8j-huR`oK)n*-YqZBx|H??pw0ys=%Yw?bPUy#W
z40{=22?5VS=T$A}h|~ALzX9(($~<iBN9MP)ga3grm*VVw3~bX%+vwjyzZ1sxqkNM7
zyU5nSyAy-WbO5OsSp()Jj8;STIqjX)2Pleu$M$U$MO%VZ#A9F&(td>!tFEvX#uc5>
zN=-2`ld@I!m8=O4E$vkGZz70M7;X>lI*r>3Pto)C$XKY_t_S%E+Ou&y1z8<!$D&_w
zA*f^j{0W2q2DlwV0faxIc!M@_0!KsOIp9669T@Z#O+hvb{$12j8s7mM2WVG<sfTQC
z5L)%~^<WSM5xr?N(T0@NrQ6TyC{N<72gZgYE5hJO<kht7MgpF$9o|MglKv8%g#_9m
z>P%pYmJ`VDw5MQWBKRovYqarNK>-dR^y>h!058Ikz|ci)prfv<YvX6M^8sKL{f2yu
zw$~HcI{3dafc40xptDKqzf1iHe(os1!50VzqLfS>uTx7i;#ELPFwhoYL;8*NsC`PP
z=`9^V2AJ=`U)Go|*n19HHx<0b=IFWtOdH)Ucmt($t<*!0LdibW?Nwpf(K->w!9PgZ
zr7;-<{TXE={k0m@9Qpl}I_S64*&2pSeK$Nq{|4G`#BhZgL}wg9L;<{&h&!P4DxeZd
z5k=8iZNLjo(GvQnkiA*<^}c8`*3oaMqh*S(Wod;qwvW^A&$WAT5soTyPIJ1moD;KL
z4kdO^%=5ecg30vy{6RA}9vILm$LaI^1(M^<^*d71!!76eTtRoGIR|cu?A^b2ztW}$
zljI|jMs(S_1B*oUN$xDahLklsbU`#p@!9&VQqo&H`i<=EXytQfcpP3&R(|UgUupZp
z4LXG*`uFX71x`o9ot|`u%afLypW|0r?!yj)YW?AQl)<Wb?r>{WB^+tcAl%#t94cMv
z6kplkBXtag8hfmjs%9Tcjdx7S^=3QLoVn>Ro;j8XzwGT}Nk+9c>8?r6yexm4vWgd5
zMb}mchsWFAk>YctyZo*+e`(Cgl(M{&%Y|rPdh^M~{2YC<X=(G<8h7geMh(*G&&zc=
z@_cSjhEkj2%BPBpNbvz^4?_>gmF}42%`NNt+UTeRkJq8*#pBF&IWpYST%NMRw^Ab;
zw<7HhZ;s#X^*EZR_?kQXUWa#@D>v7j?kd}PIwML}%NFg*YJPNIY}r4~{t}<q&r7g=
zd{?RAxopZe&S*!!-oqVkkK3<os8!@h_j+7$5ko?J`CYb1bX0XUtY=DkOUEQul`Flc
z8b#S_7v75&cdqzRv@I?Fqj~9zf4tXt_~4<AOsCKGobU2GCc0c62C3FzdTFnVbCTkM
z3sfb-pPxf$x#Z~~SNqb}FSf3)g*jO+CsC(my3(dN{F$!O>X%YlyVEkS(e>HWs<dg5
zWnW&7TCHV$E-ezJzg~8&SSs#}BFApuir+=@iVwtKtFI8hL_MGabbF>bv)t)8appSH
zSgyWa_JVYzyEEMWph0I=mUp^~wXa6y_K^m!Bg^Z_=;g?E&TwbvWjnH5o(zAclBq2M
zOeVyLlh$`J;yc5NuP&wt>tww6k7@l@OT?IoYA%}RxhFYNQ}YQrC7m=jm%r2zrIG$j
zw@)spD`rIB>B{#-3@`P*k!aOU6mOc5fE@Bnl4xS_V}G>u`}N{gvmo7_o9)TSosgC8
z%yB#rTo}G_jt54K7&0zyu!j+OoLRv+%yebtupe1rj($O{AYhU+jnjdxp|u%SzDkHE
z!{wOn_GfzY{AwcIX{?Qr`5wP>Mo&jZPDZMl80+;GVqUa$ppEz}s?mRm#d@Tp_{!`$
zN}U;YR3uw1;Q?9B43#$@i-c8Zujo`Zp{J!^hY)9Fb`^Dv>s)HrwDdWGCi=;Wn?(1&
zFq6BBfmXqdqH|<dy`|KS3k||eIx=$I{(MJHu2*eb6#>rE)lhT2c|L1PPth}8?i?U$
z)}7?e<y5?KXsTmMemX#uj34Rp`;}Riq>e_VIeb8RBzmE;)EQ84Sxs~~a$Rg!KU+O`
z95~raX?|~RJ_54P%({P|D6Zb<zPyQUwL7w%9%qIt+vOo2-fVj5KI@YaqHVO*<UX-k
zbh_$LxA)s5Z=Q!$=*%NN53}av#3vvXtvb4_7w#9kMH9Ct-5!Iz^RL~~)|9d0(fC9s
zd2&xv`sq%;)8U;snViY5GsW1%znw_y7PlB7YUmlVCo|5PGg&kejWhE+Q|ujHwc}Dl
z$6>l$J4K8xo%?%D`T7)*W8Ie}YKZ}%kjcSB?~L?_G_S{_XG{-<w2%~+&(Epi_GPLK
z`WKK~lr5SKzD7|m)Bi(NEjQ&k947yjEgrK*dPKcQYfi2h5?Rka(i{`>vZgrP+4e&+
z+ner^=5+C{JUCs%%P*&kF|zRt(b(jix4O>|wWF%3)t;B*7&X}H`LL*ri}v}`*<<qC
zd7^#|ze|~MvK)APTFE8itLR!z$2~(vGX0?p$k-(!Acyo4x5@KM#BFuegomwEb(F_h
zH!Kw|8&-=_aWGOwKOz3K+O8Cv4OzZgw5`E0;Pa|;K|QtQ(Uqc}9J@xu$=+*3aSeME
zp1kadY}FKbc8zdYAFUBXMR0SbdpWVx10~z(Ps`-k$PewvIP3a#;zCr6FK;5L^T~#r
zL}M#<lUNYbHq-0z=B6sHE0@KenwOi^+&*QLA+|)GkL}?0IPUT0%3V9f^VW=AqJv1_
zNDC@BvfV!Q?6fxT7DJ-ys}szLY9<k;v6tMF>{V`6J}WXrlG-o9)gIh04vti{zvP|!
z#73*de(|PgQnhRBC#!uVPR(<Xbd@_<&l1ZM>`RgT^d&Hx{gfq2<5&{x23NM%BNter
zNsL}4c1LzOAigx1<~t6G6{ehYM2s8Fp&j(W&5N_fhnK%gWL$)PreB5U4q&HQ?bOh&
zvbVSV=7?w@PahF}Iqs-Pu@)Z{E@4H!AU-l{rMc`}IY_b{xAoz1@vZ4_hNmic*KvmL
zYwOf2qS#EpzkLs)4(8tK^|}}*+HryLICv5|cwXkY)Poa?xvn%XmmzPio2?kUyby1M
zoVroew|1Wrsb+IdK935Y!;LGHo#`uQs=ZR>hi{4I^_{tCnF^;^VYdsJ@V02Aeyp)?
znDWK9MKihQZSiL#+r55lgw8fSGuGyJ#2g{3ofg;Ea<uY#I;gdi<?7&_G^w@K>a@67
zG*q*Z9=sWG`sOjPe7%9K``;D5m=?MI32JFgnB-!a_pCa#atNMBYH&fE{8$Vc#M0vF
zc~x>bpsq@7gj#<J6go~>H0pf23S`y%M6?vi&M7X3x`9tuiM3}Ux!>RscMTmlVuHGe
zO&H#L<VdT_r=pq}Oi1AwQD5G^M%0zV&xk?RzBA${A#V(b?((^SxW#Jrh3G5f%yRLI
zRZ<~pn%&av%O?-L;2zGM5}dZs4OBf5*^TYvBKXOpx}UvROYi=%j(qmKC=l&shcCqm
zEAcB)--xnLVA=j_kyOv=wjYUVXR682N9^Cq^p3I6>k!>;$l#Ip%+!|+rRmJc$x^#n
z1wy)5T0E}FmBPsfeiZX->T^&r*`xA<A4QkeT(MP#?LC|0<W)soXR3giJliue9YcHH
z)nA$y#OKL0W->lC(p;MzT$fj#n0U87zaVZE^2s=nSaV>OccL>Zm5W`(%%L-FUQBqW
z#VF6jEN|KrwSez*<ttE?bFafbP={I#eilxn71L+Cu9{;tp?~Lo`mdsom^kvD5rc;g
zoEbcvc-af~BW7xTE)Nn`qn)^_Gwm9T8fcK^;KHk4%3L#Y*pWUpPU|<(!EAJ8hz{>0
zN4_^N*D-wXX#2(>hh1cio&Qs8la7lbvesYZ4__3$nyMJCPD8jM`P4;`B|6Jmmqfp~
zPN^L`rFQD<=+wm;e@RqCR#z_r`b}1zjWX)XyG&!m2uJxd>ndh#wf9>1i)VSs_R7b$
zl`q+QuJ}lxa7PejA0-jWkfK2G>Oj%KKyk^{%JSPjW}+-Jjjn@2xMenOZ=m>apm_e(
zXsoQY`6XAq`38!&C~nbn!9(C<)94c1ip}Plb>;f~Mh%%0Y1Fl9MjD@rgh26%K+#iy
z;+=t_W440D0Eek}PuVfnXsqfXu||U~;jgNHee<n6@@)CiMS;R?6{}?V603aS<GlOI
zd9g+dWnf3Fk)i5@YDTA<!VRf+-c}*qJ%PewXkB@yR#Hp`--xX_)r=8#SRYh3Ix1^1
z@kX+|J>F=fU!(2U_6oVNeD@Q9!ae5~?dL)FK)m5J650fc=h@@juEtqh!vCw}Fq&E)
z)imyp77n>C(`YC=B^s@*=M#;G4Vm+akt91M@#ErdGa*X72Dg{15{+ikpJX&`tKOM|
zF*{nN`0&Fal;R5%E&t-kG3LE>*lV-AH_2#hEl)C@iK$kxW=G}v%|s@LIE<a~RV#qJ
z$#=#O&NmLDL-fE_fubGuq%O68ZVwb~V&VgZD+5If0);yRg?j_D3T=!G6j_1dt%2gQ
z=DeN-{RawX2MUjZwi>oH5~AhpKN|zBmZ?T!b!&2W<FQ)Juzf{Oy|HP%q9v?UwBzJ=
zgNz*wzBsn_+-?hJ<%fy`g-aM&07TKkIE!x>Ghz$ucW(Pp7$`izn957mR;*div<C_o
z+J;zEG>Ak73fJpb_WuXIeA6=(E2RCZ9sxw%^|7ctgjwAgjyh*`8)5tuD?giPM9b=F
zMmMX?1I9QJ&yi>Q$L*8S+r?}u*N!uC;#t{t78&?#88_bOQAfY{*a5N;O9Qit<mmCn
zJt0Bm#zW_Ju$(2imc3KWItfJ!nCNgr)~WGEmLaD(jZ(RGqETJ?CmPwoci`AGqq~YN
z%_>bZtSH%RvT?mN$!!c0^3Y^sh;`i*<3=F^LyYT(;<#eP)8)I#(vyM0Wkj!1U04#F
zMEg}8-uV?w#mYe8;vicot(j#rx2B{A3b!H*zSUozV>Ge4Wf}E^H7(mXYFg8$8h;Aw
zC!diTZOwYfSZLO|_Pt(;mPP{^_lPmSVW6;-#M?{SUTH;vqDKRTb6I$D$0Np8YhVFO
zDmcWFIqZg+%A0$R(W#oeWr=Y-I=D!mTWWYB<HKLIrC4s%EwEqs`vu?Y)ry%r=X~)t
zHOqnGC+uyxj0GQOPgI#ov^tkq+#F;FIRvg*@vO`*4lO93&m8SJKWmk}u~@!K$~Vog
zSiLV$XfHptVHnXidripQhm1HY{V`)mtaa~Nqjv0HLo^9dKC{KBV~yKv<V1C<I!MEU
zVn6P!+IK3(VmMC|j@pCr(X~b+(~;_sM@|{_jg)lRsgF_5D&Jw8Hsp1CjTqT_y%BGM
zmY4P#ciKJq!(L;!bzrx#EUIJ0ihbovOL(M&wjV=cW$dXsRMm!D^vwB{hk}!C-BM=U
zQ%g47XT&A5BG@h}vGzkruP6IZ3KTvSDBQy4mh+Dr%bcOd!~Z?1qUH9<Qn<6C<av7m
zs^cfLchvlBP}wLh2^4dz><AP+A1E%SD?d*%66K<k3_baTaiT^8{jH#K&xXpSET^(S
z@j6Z|jy0?D9pgZ(b>d&fIwS7Nb5c&7W;T?+e`!>2u(Nz`@DSO;hCH|Ju$>V5fOCFo
zEHIL<92kM(rFul_xC}optgk*dGHSQr;8T;uak|nzT1$fGH7T<n4=l7}vYFpVj1Mg$
zb>zz7KNyp5`u|x8dxGi_oEK8eGMic-|6n{TYE_vS+)pJn&RTfE$Q7L{XKyHflm$)#
z3j@VGhgti3+1e~3wsvu8Fr)T%WF@G9%RhfI#>Iy%iJdDFOo!xYo+PjDVMfU@KO2u&
zmwz@!ihBAg%Nbp<cyr}*t0ICo;!(dE&5XDRxv0OHBujraTEv9z!%9*uE<)=`)s^og
znRVpvzZ%l={AQewlF7dtwPnX-^Lp#W%f@F>$tv+YR#^#TQl*!f)%TJ>@kTq<^X2zZ
z82Kd1JQ7V_c<xC4FZKGedW>01o{Tm}%9b(a0$CViHnBfLtcx+fjW+oH;IC;`yRKUB
z`vaqpy&H3=H?3pFRM*Q7cROvawY7=)XIv5=B7#HZxmJGIDld61cq&;NTbT|aUy9)h
z)MKB~PrlgN9Cyu<s~bg%*T-2++L&gfmDb)YiMAZwOg@gjaHIL1DNpq@2i7Q`wcv|G
zhj`BSR-Y!u^)g$_F}=)fwX4Qlxnc)5AZAatzS+Fp>Uy(zOe6>Q5gFQUFE@Qb8{E%6
z*^1coYIjbZVAi#Myv4jVCc1q7UbTMsTmB8LX8p}UaSi|O69r@Bi-a|GnAu;*1$Ub*
zt;@sBqoT3;)*5^{wvWExInLTqk2>q{2=nfkr1BDV6=6eFJh8Z9^#LqZEZ#_}tm^lh
z7lk8ikCs2PxnlP|0DAk{HxU^<*8Eg9>(81SIL_P?)!*aK&A0v-XGR(II3Krh9N3ph
z?r%GT``W(aNU?+aZNCT23o+co)D>9XI)=+vXQ%m@eD*;zsdjMX=?$q?Pnmq@L9=_+
zXAC+HtJXwwf-qP_LpBn?;xscUx^n9i<$LGKj)TnlR#dt<EJ`+>Y_3(9Ba_Xh^(t2$
zI=5lrxmk096R}Na{POi?!w^P_!5lhqr#ZU5cAE+E!4xhR$0nPXW#tsJhjnw78Dm_h
zP7t-eX9bFRUhj}+b2%?6mMpE@#F1>D7Y$$F1NbVBIXtQsA2`&NN3FzpTR8cwb3XHr
z$ZA(ko9}Czb=xcm6wMExhjTl2a}h3|he5sL)vbst(N;M%(QITj$~VtO)=N<rPJR?B
z^+3^ndz&q_{`0W;yhsfc@3K!>^~z9wWMlbZE_dpZ5GdrN;X$yceAXt^&mDVA&G?oA
zvtg8emkD}e8y^f5?GBztmHU@gtXmT&kIgn))X;L)O69(dviIF)Bgvl%uBdvyNR*f6
zm`&u#Ic68t>K^Qlo(s+vESqcY?h+_s@>Oi%)2xoTuxAM2ou5_s#jy>+v|6{!Gk*}W
z)_k*R!nI#aB4om!T(E}DH@k`+_APDsxeeQ@W`r$JzGwaURjchol*M`V38j*(F1}Xb
zqh|BCc6_b9=F3Xh3C+70_Yxv6vlqAA@R;dI44=EJr?&G>p5yGAD-)?M-&a3_g7IFh
zSEEW#tthMJ3Uh<F>8kfYvh&xkF2S`>zJxn?@OjULeSx*>aq|`ZDJFjvhm~)Yxy0(a
z+B|B?H`klVvhS1T80-Bf*|^s48`)M?-X?QPWS7vh(Y{C(u2*3e?hSkB><IyQYg->E
zDkQnG#;s;kKGHVaZhpXbm~Xe67p;Vy=CsgvnEAWSc2y6WM|YbyTzSw~$kxX8u)nng
zirDp}iTlJeD%nL=@Fhnr+u1wH=aiHm+QRr1*1p@>yDs@T^Hhv}rIznLXAbDBKDBVc
zEHB~0v79+Pw}reg*IU$A7Ff0}*IUI3J~6BsmYFGTP~Tpv9@ZKhx_j)jZ|8IQej@oh
zk6G5)1B|#yVUe8!ZXFn#t*(Q`>>ZYgdM?UuUNRjCLuUrAM%nBRe_`8$=X`nGHc@PE
zLT&_4+l|BW`<KinO;HLxUwPfxsULUBw|y`A{h)ch*;;+Z2^3$oXw-)s27b+0ta?Yx
zog!U-uc`WiqcWs!y6PkkZo#T=IzgzKj^Ir*bdX#Nz=C>6>u(DjLe_If&F+zH>`Y*E
zJtp{sbLBKp*N4C4E=B(El6khF%HH4Ws7yAK|2%H?>G5AJt7pl7OKfwQbi#E1FW~0>
AW&i*H

delta 52462
zcmZ781+-Pg+sE;J?<Fr>F5PkH?(R!>cQ;5&h?HzVx?3d#0YSPOM7pFTR7wfyMpFOq
zet+i~)^fdPz32a#nLT^<#51!GzRK9mkt4=O`qvUho9*!#6wC8c<E;vwS1*p|tsbjV
z&wIMr^K#=eEQ#s1cwVd!&uf9n$amc8dB<=lCc?_wJTEym$5hx4)8SN?Ux#|m3DfuP
zk|;ny^zC+`n6r_yFY5YKEQ<SG{vB2%pL>Vr<-xvK4ZlOxdw_aS#+{zWc)Tb~hBciX
zF@@*Ta}ugJ$GORQ29s0%2s2@fT~;rrvnnQ_yc6cc&oK)w!Hjquv*BY@JIQvN`7kc|
zYM7YkdyPqGin?PGoapl3p(^gfRCo&2;C)nsiS~G2TFiy<u?9w9OH7L0Fg1=q4d7c;
z`v=_h-_ci(pOQ$4$$q3UEP$G_HmC-=qZ%BC>2V>dp?#?Pesw-~M(nlnY|aXpm3pmF
zOE3l#<F|X6|Fk4Fxr)CyAE8DV>nG2vg6T0Kc13k;D5_)QT>g7hgBwughf(!zVkvxr
znt@#VY$ofWmagYM-x59rn!@Rr85g5Eb`-<$4yMQFSO*jDw~lqh!sJ(D3cP`u(SK1L
z$#}qKA_{eX3(SCDpgOe3C!vamFbCdn6(SCLUMuqXa1>6#Oql2pk&MMq4;qAOa1pBh
z0j!Vd4|6Z}N6p;#s2SRhn%R@6CG~H+g8#V+Nsm~?oTwRy!n)W7wbtuV4WGbx_%Eix
zI7jV4*-<l53Kg`CQ6ul`oQ1{7Z^djp-+M|zBTK<4qTnloS+P5+ftjctufr^O6cv0=
zP#ubX-0B6eJo!>s8hz9`um@G|B^Jc^Cv0F9F@yGh2NIdNFb4I2)u<kybLB5lQ=IB&
z+t+1K9c+&QoPb)wRj4UG>hf1z{v9gnBTrh4Wkp8r6~jzC-)l!gH;zFaq4O{!u0t)s
zIn)e2cll(eth@-Sqm57<_}rDx!YJ~aPy_lKg9A8i?UccEly^WsFNrTn=z*J1LGdeU
z${u50jD5x)SRAz!O;J<b2le31uKX<OLHAJ|jyP)%DuCI^*GJty6!pB>XPN(EBz91s
zDSD3TariH`B>7P{G{FFVig9r|M&h?FzZTWuU8vZ&h;i^C=EFCrj%Gh+R>oZ9JDg+w
z6}{6axP)slK8`<cYdja#z<w-*FR&J7yWn|MaR9~+@w~mLjvc#bUPN`^CTa<vU^$HU
ztLJsbx;PcL`6LdLsPY>x7*+V)I+O$zlm#(1Hbd=(4yd*BF%d4r=(q`+;0~;a2^dXo
zY>XPfD9nRfuo~XNy6ES*YzL2zIVo6)itdY;65pd{D8&^USy9x3E23tqDJH|N7!yZe
zJRFaTg|AWdc3}$q85RAvk>~kd<W(C{Nz~f6Kuy_5R0qDp#JC$ZLuXO-enU0*0h3~i
zYc@mqP#vm?1+gQlV_&0|a1m-|E?^Gr|FAzS8uMTRF4RYDtB$Cd7=xO+wU`>OqN4X5
z#=^9JTC`_HEmcj_3^hjWf^HarQ&A6IfNAjrruIqPC!rC<ylyw7MNL@+XG2tjolqkg
zgk^CAYDD|61inH=fBqXbLsd`@>V;`=GN!^+sF^#0zNYp%2~~WB+Kx$X+8WkIRcz(_
z9M#e3sD^$(P4z(x$19i-@1T|_&MjN(0vKFc)J%@VXt?1P^REtUr9e}80u?;xu_)d|
zMQN(PJg*4$KuzHiEQe<?3KQM7*KtGCn$O4Lcn0%f_#OKlP!emBABa`(&>iMKibTX+
zUOZSEwF@R=Y21O8@ipqeDRa-3pf*+|-xzg}EJRKH&#0NafvO*J-_||>DxVHBU|tNz
z`aTJ*T`N=rUt>aCi<+5zs42aO3eI=#dfW&0pmeC%D1)kBA2mZ=FcZ$kShy3j;sMkW
zKfo;LXL@LBQUh~PFc{P0_o%5mf~xoib78ti785m5G0+)RJ`%%m9clnOu`r%Q4Iu2X
zbu=sLNH2*5x$iY35rcwGxDtDyrYPAHW&=y0rurPJJoQrxs<NmNeu5hLWUPdXF+bi#
z&1lMJ7XA59=Sgi;P<O?&+W%jY(3C7jP32`&#V4o-hCjC(a-*WX3hIGvFdg>CMK}xf
zz``$VW@=zU@?Bhhu*=UubzlXi<oVtK5}J~0SRP-a8Y=O(1x;N{K)x+%`}M`lI38o-
zI!uJy-1QTvrMZE5@I7h?a=+w{Wmpee<7)I<l8E!lM*0ahB|i~WehYO&x!0^8&UY@t
z0Qseu4G*Cn_}G<)zp;+x#AK8gM8!r848_K%4mW$l{A;8=DTs$(qDDFcwFFC14ev!w
z*=1Dym#7BfytNrghsntoK^@U`Q0??^`C;z*JWN6PW>ov9-ZKB1qI(pm!Q}7ky`2kl
zk}rm1u_HFahZq|x|6?;y7qzYWpn~rkjKV*#5C;CW?cE5qtEQorVj~vDi#~~bB;x+h
z*1j|zCO;gDW0m)|G$SxI`K71_?L!?<F+bQ6R6=dTUYHx_x$<ME4nD_Hn9>Ug{%N`i
zrX%l9Aff%e5>w(?)W{#AqCa^^NN_uqMCE&;9yHD6_n>0nPt=HFhuQ<mqB`0aQ{i@0
zyXR3$<AsH2K)#odgbMParluUK$DJ@SPDUL}i!m>rM0MnUsF4PuS$S<#y<r#=S6~|4
zfEwv(%#KemfGMJfc<HtOOOViZYKf{a5_RKhOpC`cfcH@K!eiJ><wHex4OH-Tzz7_Q
z8qfr+jPo&oH!(j(i)rl?!MHr%Ye_;kcExD;IcmENMLlphCdFkKANRQYDOAw@g>mpL
zYNXNm=QH18X4DcKbcXXw^;7b7F@XEf*A(6$F%{#7TLX(wYxNT<$R1)f%n`@({V|IC
zMwfqqb;;+C8{##<kyr*VqV7);5#o)&2B;vsfQprb@j`sBHi@e7LcB)!6>3Hvp_Za&
zq;>2o>_9$ieCyyutVn(prpKqK*h!ecVxkCY03A{7OhX0vPIvt}-XI^D&=2ug7Vmk&
z5U&LVZxh)A8YMPA!z7f?My>HG)Y=}zxOfpG@h0ju`vO((UsUWQNn+)NP`jWss$<Pi
zyJ)meq9BQlsHnY-nwrO`HO-XNf+ioTBkfV!Z6Io7-=Ri+0@d&n)b2=?%<^SW`EICK
znv4P5go+*iJc+U-?z#%ul3R4wMvbs5D)<JVMmpKKz?H8-b^IXefchD=d+s@7rU(h1
z{h3iGZ9de<+aLq+y-6ej6l}pSSc;3Nh8m_~X|N9}NC!HXp$@9^sE$8DjVy0!vk~f?
z7~=A)P&0KFb)Ni#DKLH-b(Cn!K|(iFMIFThQERutc@#BOcTj8l4{DnxPHQug0yR_F
zQT2*odaRCGvL4QnsQbT0&Cmvnr)WP-LQ{JU^@HItYD6LFtjAeV<)tt-)<Jc+8S1q<
z9*f{C)J&Z~1>;-PffE|A0Tn{UNCVW8`RMDdHkL#Wyp9d9cKVRu+io$ABmXbf!_gT+
zyqowdcEep6L%bT8C6k?WeNp)xSOKGFwsWHz>VTVx8u@n^z`dE-|5}qjDTu<CSPqM1
z2?@SF2VzI^Yp^pW%xWVVgc|88)LZg*)Y2u&W;0U}wTt?rw%tn1iic4__!u=4X|nsa
z{i<cRDf$9+<9yTue!;5f<p}XQK{eEwzYZ0IM^I~g12t1`P-{OTXGrkJ=@L}5A4S!B
ziMlUNt`M&wX7NcV*oI&_oQpr<PSlzY$sOW##VM$szd_Z{n#ZnJM(vhns0R;l`L9ty
zxdjzV`%wqiU3dK*W+U$>%WFN1!U7cZL|s^fdf+kCYxNCk8)eLAOH>PWwoi4QL@hy_
z{5G|vQ1^d=r9(K{QA=>4fO~x-OXGWig0@DbP}`#^2C$FI&v4gQp_bwZYQ*siS-sq-
zDXoo_u`8;>>ruPnGHM1A7PeR^hN{;W<7)r!AfW@{Flq_@M9qX(#70;UwN3kAUwnpT
zuwzjR#wDnkxPa9#Q89Z^D=b9*E7X$xj5?|xpk^krI0u*-E<-|Zvtby82e1-GD`8Vv
z9kq`KU~T*X^`O_zawYBhL{!l3L5=tUYC9(=6%zb2W+yC3ei4?%E9h%VQ?o$2u@mZL
zF%wn370crXEQjUGgm~j|6sm!EW!==H>UBlM$ZFL7zv%KQqin<#Q8U*MHNzXD*#9+2
z{6&GLus}Kcf$%9tkza#atH-Dg6)tbT6NX_X^5;<<e~W4`YXzH$=BOE(gi&}A_26U`
z?SN{G>hR)<zE${(0`2=Om25Y(L<P}!EQ*^^YxdAxPgU8Xy{dB%YOPnIg7^>YfNyXh
zwya_uyMWEf$E+IS{l>0n?~~9;RI<9QSr^ncnT#627SzZ;U<s^RBP95T)i2TG|8}D~
zwx^~A??a4EK5i}h4Ve&i<R-;0u@D}@?Wh6z!)n`4qZOziJA;bS&^k7yS#T2hW~h$b
zM%|dVt}R(})V}{3brc_S`LKExONB5C<xMa>4nqa!BIIQBy~89l^)FCw!R+<zS8j3C
znpVd)_yvaJRp(vj3+H>x#`V|@tX=_UY1GMA74@!Zjyf-TV-jub2_*F1UWD;+GwMNy
zFb1B%*!U~zNWG4#_ZU_01IEGdhW7GFikgwisG0m6i{U)f44+2@V~j>@PoD2pBBAL2
z1~n7EqJk-+v7L0~QPJK86)U4qBVCU=Sbj$Z-5ZRD37XhQ1E>xc#t1Br6|gQU#%7_f
z5$tvqj$j7z7chWtP$Nju)V5h^)a$gnb1dq&;Sy93?sVn%P;a~F&8$PIP|wMMn)<@1
zj@NC*{#SJNra-|l83VWu^`JAT4n0Jj`H{`7JQr&JRz=-E5%pSLftta6s2O{WIv-NE
zum@L1wc805TO(Sq|MlR_6liTOqJCP%YH1@Vh8kgQR4jBtO?3|p#nGs>9f!dOqelK3
zH6szNtOKP`OV$mwgfm@!uTMe`xQlAw1M00+xV3GQ9;j_M19cK!MonRcHrDadsQcTX
zW@-Qi@Eg=fccMCc5j9g!P%|0P)($#92MIOM1l2$<)c%}~nxbu}9^Xf8pQP>V#+;~K
z(A3!#b$u{u2BxAO^gU{Z_d9Q)c1Mi%!RPs2Q4$(ab5zC8P&4rrDrin(Li`OC#SgF~
zzQs~lxPu)qeK805Z%_|Dh}yQ-F@O(HulcwgZAP+SI_>|mBs5iRQ0Kr9REMUbdb-kG
zzl@r~*O(5Ibg~B(MwQn`#m=XwU|fWnk?oirPohr3*Qgmv+nJct{x3vAJ?o6x7Q?Y1
zE=0w`IgG;aE*5MxP%|_NwM08n!S)ChWT`)~nXH6b$}SikC!+>76V<`B=xfA>Nytm6
zjyy(<FjiOVX*MiDz6>gu2BEIcaMw3Fk2<fRmh5j-y_nrBR<fenFNTV>`rX+73Zl;_
z(A11UjeHGiMAuPE6TiD1M7dB?R~NPII-~aYLe%y>iHeaAs91>TVM|jC6)TOg9L_||
z)P)|tP4RmQ)NtXRwi{}o*0epUq2Z`lScSUr3TjtG?`0j!k6OA$s1El>-9HWE;9690
z??esw3Th@E`6M)@F?-vM0o0n7a`r|Y!HY5YCm2+8KX%6X)b7uQTGMi<nP`UE))P@{
zzS!mWIM1Ux>OUZ%9>wfq4J1c(C?E2E_Nt+RXaH(N^HC$+iR#$zr~~SMs1a4}YYn$W
zt?^J)hZdqbcowxA?jbYcdx`ql6cxr;TquW{;_9fW?}v(oZ&4jNiP~l_P#w(J-x{oo
znxVm{sa}j)vV*7&zeIH)@n;rmxiGc%e*+Q$E_{kw)9I)O?Lpme6E)I*P*a(1fXze+
zR7ablMl=HT(piNH;xnk2iuSo3WGPYSL1xtMD1k|NzE_Kc-qRgX5A1{5HseuKz5+Fp
zBdE21gL+Vsf!5Iy&bFwIjzQI1iJJN&s2O>S0ZcW>W~3DQdQb}zn#v)l1Lp_SdGH6S
zLoZMri8I)iBs;2pLsYPiKwaOAik)9jGxY$qBr%3qEaX8wuO0@l&k**%rhEnkTB9FP
z`}ry=c;XDTwa<e(A6lVeVic<3b*Pd3ii(l9s19WN!a7h6H6txiGd3I*_1~jT(0yO9
z|Fw3nDbSRqA7(d{K|P>7>VXqbYrO>ncnvke52y#Eq#cc{460shmmiDj_;OSSPGN9H
zF+e_!Kiq;L7izzjMFn4DR1ghy`SmV;5%s|E5w_j(pc<@-y00w;a13e&m!r1janzFD
zLJjzh)6X!{MqU#GT<D5wZ~~^s#i$z&y6cZoBaQshMwS;f;>M_YKI*;|sF*n6^7l|n
z6K9kyK_(=qeJ_fHVxSM|#s#jzUJQ`G?8^T|O?leU_Tb`Jh<sbrjLb&0vjf$^zc7H&
z$Jl_fpz4)D#aesJqWwRDgc|<AT{wX1=?zqe{z1h+nz3%GQB&I%^`I|N*O#Ey`V^|Y
zm(KX(?14E^<<(K`cEXrE-y2IJ4o-E>LrvXs)Jb;;wRSJv_1NRBp(Lnnm=9I26{=&C
zu?DV3#n8W~CCWF!g0LB?qr=b-koca2Djaq`LEV^qqOEC7RDJ+z>Q<tH?HDSmpP*(e
z@g&<dxlz{}p=M?Xs@^ixgHO2p^GWP~ZM$TX?Sw0Y70Gu(P0>o!HvAbiBY&gzZ^9`y
z(mbeOt%o}4x?&{GLk(yZ>cQt-`CHTgVo$YL$u^aJSdW5+6qLke7z1x$X}pJ8<E+!{
z!BsFC`3|TKeuCjR0W|}&QM+I*s$;*Q>OI8-m~gsn^Gv8EE$Nfc+SNfdth^c+g}Pxa
z>H$At08gNz_#rBo;?J;|$%*Q4HPkK`i#icEp^o$$sCP(;nf8{gjyiAr1|-yAH|G@8
zjT=#GejPP}B(rQOilUaF4eISS1T~WBsHOZK)!u&8z;2@kl61C}XF~;PO(Yh4uQv&;
z)g07X?L|%9E$6?eU`jm4EP=(zx5Z*O7j@q`R7c-n8BF<=1zR(WNq#u0-Z)fyYcRR?
z|2Y!zDR}5A{0}uX8NRleD2@ugPf$0GLA|6_qt^TqD(GIgeAqWO^3<qkuZfzmeyCWQ
zikhi)SU~&#XA&Cm2h^G-n`={A0M+BlsHyCZx^W(={&si$3~HCWM9n~&dDc!@)P2oS
z9hrbyvJI#oB1h0yuv{S#4`a=@hLfQloELRtLzf?d8p$Hm19v-bp*j|Kf&CWDjyjn7
zqSksLs{Q?_?ROS6fTs)C|4PLA)?y%lYN#4&B%M)fIS#|{2rAf4U;zI>-R~_llVg6e
z`A`FBj|%3os19w#DR>iSVc$i*ZHJiO+1kWMbs!&V&1<1X&>a=kQ!s!VQ5`&os`nDL
zbcq(*4CO(+cB`XKz>cVxnTk5<_n<m>%qO9#e2f81y2N^16ty&+QRl%7R0npWg6L0F
zgWghGqCBYUjZi^42(|AQqJHUIM8!hf@9q9lsDb${NvH!pY6QzsC*gk7f$<(yG4C>K
zxIU_(fvDepKcJT6GHOPipxQ~W-2Tj%3sv65IUa*YGcrKmJ5NIU*!#gAR2;PgEm80H
zL8vuei<;`gs0ZIdjWF2?o1xmMb73H=LmN@s_%PPQt5^kdth6BQi{-Wdcacz3zei1N
z%2k#xf!ZdGQQM|FD!4|VI<m=m7S-V=sFBBAZS7=5MSB(0`O+EHq0dq0#uN<x`#;M`
z=)wElg&U{`{)1Z61Z(ViVboGILaqHk)LJh?Ey>SV6#qp<eWA5BkPaAJYg9)UyZl}Z
z{`>zoNN9V+UT4u-1U2>TP#v3tdf--6P~O4-#$Ru1nIBcJIjX~hQT4yY2>cm?Cnahr
zU!ayK&Ib0srZU|Io0`(7KN>YeO<fn%OpL+UI3G2|%TNvOLv6E5uKaJ*R7Y;K5eHD$
zE1;IR6>0_sVF{eGk^Qe8ouxoG-b3w%cc^WbVUxu`O;pF)p|1BwH8>yjfbFRJe{t7u
zq6QFWvz>f7Q1=(dSXdLa3mW+(6wSj>Biex4F2_*~K13Z9|HA-g*y2Wnq2ybkX0R<r
z$6=`73!_j|JQX#-C8!7P!T{bv-RDQ&YX4{?BdWo+sF8O-1<hpCl&wdt@k!K)_Q+jN
zzRk)@qSn3zDky!_1HMPi!~xX(H&C$=x;@xI-^)ir52%QmiFQ~JXQ5s`M^PPlf_gy0
z9rl1CsFzAh)JVHyB>JcaO+~HoI@FBbM|CLfPFvC(m{R+{ED80nIR=kTj7EMTYHgRI
z9`GaTJop7Q#dlCs`y6#HgzvKZOQAZ@9<_8MQ8T+7HK3KKU_Oi4dA@g<ggOv?w@pnZ
z)HbV+YG4=!a0x0#4q|D%imI1tkIi5e43O`LIvGc!W^y-b%AcZwH|>wMt16?f?bMP)
z9Q+*P;+I$yr(tjjoKH|elyt9+uq>)WZBSD?5cS|WsE(gR1@Uv#OojbqyCxN?UeTZ2
z@BdyDXssrq*7z{0WB0K#M&D;6sEL~T!Km#w8rAT3F2BR&FQD#!ggQTB?Kjh+VyO^n
zMw;yRZOukgpe0y^Ith=Xg61_A#uNwa#yY4O>5J;XH>i<r!QerJI(q*`O?}3Lwp*HD
zXYwPl2i`*kePjQS-Ovy9z{RKr52AiH-$U(+e^5b`=djICe$)dSp@OY9Y5-GFOR^T#
z-VxNna}PBm|Dw)`WJlbeH`0*MHp+n2Fh6R_hoGi<KWd6kqGskVRD%hRT7#KU4~{~W
zw?WnK>#k2gjr4oen(s&LqPNHl`d++aHi8_Oj|<gN+i3_Y7S=e=qN4pJsw3%-TQJr}
z&BW&}KOHslov4|+f{KC26RyLk`cary`@cB}jbH+*;T5P8?jovzke}V_6qWCQx;_Ur
zl6|QAFQTUYrMn*Qr2WC8IBIv4L+!FQs2J*w0qy@8Bs4{vP&04_)x(feRxuT-;qs^l
zwLl$6gE1*iL5=u()JTt@qWdZ;HsYMNAkT?fqI#(Ej_9j_Q6%&OVjf1|3DkprM+MCr
zmrr!Y8YqBTno6jSc10b%U!wN=OjPtQMV+X>p=Rv8%V$4pOIhbE`(GD^P@tYKLydGd
zYI|KkP1Q5hzD@p%t$9h*40J?|bRZVTWvCPGPYhtJa~6!*QBhwG6@*o=1P(jL{#Qdg
zDA3xUL@mKP)QsdjZ&Ta?wbp%6`+F=F#jU6TJa*+NE?9Y0EJ^urRC~KoLH)>;r@Lq!
zYvGg7l=VYR)hN_<T#0%O??6rEO;pd5{c1h0jk<3<s$+989M_@Nc&GCuYG(dKEosW%
z>_97ynmNBW2~F7oEQE(pQ~eGVBx!!PsVt3}sn)0)`=WlyEJ7VrD^Rhp3j=rob#lH!
z9cZ~OSuE8<ZQ~xuuJFCDE#YlNRXmUC&|B2hrN3+)tB;zYv8dg$1{EX6Q7@(27y~1(
z*pem13gmO6mZ%RZw&tViZ^3-p|JO+9!I4*OM1@cfDvf$j2h^GmM~!?Ps==!`4P#xi
z2ERd#Y(G}P$EX=9@`s%pWl=HJ7uEh^tjzPhqa?JQBLB1p7DVmmx-Q=rHPWf5j;um$
z+e_~HGt`pByKWuKk9trWR8UVv{ovS*s&^O_TldgcP$arxYf}IN<ZGeUvX{$`L!Epp
zP*HpZwM6l5x)Gvgsw`?CEuF(r16hi}2cu^29_qQtZn6Kh4~yKg|G!)x)PCQD3Z6@-
z8{_|FK~@kol1iv3uY-Eow8xk@7}fESs2Q4%I#)Jf0FR;CyYKQ5w|$H9JhyEGwNcxt
zyK^|Ir?XKFZ$^#q6sn`oU3rQ-)}ex^dX-VZ+ZF>j-Cf`4t{+0h&>udDMkK=T+Q{0X
zI?xR@G9MMSU!g|4-jyFfod=guv61ke8;G+uDyVy50B54kmCdLnIDncN{}~CL@iFh)
zfsz3=MFmk0Zj9<_Z`6b4qGn_(YKkwQ*7zZ+;dl>h21=o#yfMbbp{OMqkJ=s6k@kJ>
zcM=-ea|~eghZenAP(juhH50>7Q$ELC--Fr>k5KzL^&?xtN~n&sM@9cM)ROE$b^KS<
z$@vOXY5&K3Y!AqYx=<3;p_&+qZ7>YmV<qg2I{R0n*7%moCwXG!wXh83qfs3`=zM@0
zP{OAc%q1|5_J2(h>R~t3l#fD<cmW1*3u?b!M7;~VXBLEoP*dC#wf%;n9x%^&0CnF3
z)WMYGxy4L5)bj?SA0RP<gkoS5Drioj%3okQO#H$cE`-I&w?yrNInJG^j$A`cakRhf
zzKp2$D!BY7sDo)7s-xTgX8*S&@h1gUu=Got`q3Cp{%h2fFF{T9J=6nIzOr{haa4o7
zP(k}Gsw4ZHcTgROcy0f}VgU@0?~Cfd%-8IH1<@`F6fE~qYn$wi1yvnXg9A|weT&WT
z09M2_Z>_`aQ8V}%s^Mv<Dc+8XfnQJ^f9uMVzq2JP;FHkys)M?5FzP{zQTy`<Di*Gy
zw%bb#VBCM~M`do*64gL;pgXGG7*q!qxcoNMxpE5C-c8i&-2cZVBLB5u$%v|03l&uD
zQ62J8Gqn`;fO8l;O0hioi2vEPtBV@YFjV~&sG$B0D}@ldsGuzRA^5L$`(8T|Uvc3u
zYTvdF3H3tBPeL6WQ$s_8Bb$%<8NCeyc)|I~nJg^SOHX+*EQQTc9sJ6<(_O!cB`E(8
zl>JvCT4?Z3KA&N2F6_m^7%zHg@V|zuhzi05s0Z9c{f>_w!#a|{SpYRt4V(i}Yrnwd
z52AL>Jyfhk#3Zl%UqT6NjgdGK)zA#*Hs=-8E(nPg8a#>%pr*DqYNooNmaac)<l|8>
zv>MgkepJ0Xs9^jXeKnXUwl!E0)#J9P6L2i5Lv!8rm8h6Fj9S~9sNa4G!|lPDP)Bib
zRC#+Wg#9rdu0RcRJF4SX!bAPwRKKJ^YnwBUO=&e}H&j$lM2&12s@^WtzW?1_j~&-_
z0QG?4s32{Hy1zeacTL5PxD7SH)DeDY@J~E>Bdq78F@g)7Q6ue-+W*s09oUA7?w{TD
z*RDKqJR4zl)LXI`YUUcE*197q>ZhZoewWK%@<}wIAX;Q-@IMG>iLJ<QK&@G1d<(`x
zsF8KUVmJlM;Snr@u@i&_|9`$!u?YEDSQ<~DmMV6_P;VF(!-lvGwFG|LM4`c#N@i5B
zG((NFH>#mg&RwV*o?}dmlQ=YZL?=S!(>k*_^Eit*%b;eiGFHPrNRay8E)p8iHPnff
zEQtkSe$-SpMJ+*p)YQ#&*LR?PjQ)u|Fk#Zr;9t$+V|DVUQRhI)WTC-7iZww6`%KhZ
z^dOed`~M9I9iau2+XEV)f~+rg!fB{8{}tB7x+!cezeAlDCr~3xnbI1rgk{MO!s56C
zbwa*y<wa6iy#ZK6`+p^gig;ZGm?gEXSu50boP>(@O{f^SiCX)ZX>7@=p=P3ub2_U2
z0n}Ol0u>{1(ppEWqw0T#en}F`NoWafqE5cl=`3pNJALd$`DzScsz7M)&jY1U9q)~5
zXES!dr>OQCrneJwG6u-6!=iY`mB-4!{?~;Z8SJR7fyysMt<@n^hh8~zWwf5RN0rY)
z9XQ8PQ~d%z#oU=JcD_Z`+lhL&JVlK>ZDu=|>Sp%spcqYoqI*8-VAz7%en(NU@d$N-
zMP#v{N{u>DnxTSn1Zs^Jp*nICV}|hiAgcv+=4`g+Wl;m`hoQLCC!r}@j-Ozh>`W0i
z_D5~Q)j2|gKT7wZ-q*iidc2LJF;-3s$|<NI{R1Ci@m!(7KMiNiZ5_>ny00<n9WW3z
z6aHwI*oHds?zsvv@`MKeYnMb=lkzdBlk6O7O1-?c#zn9k+1{vF*nm3eUZLs-@>vkq
z!r+OD!IKc_2>YKzI2DhgMtlx6rFT(F5i`H_JSA$aOCbk`*9o;v$Dx918EU^@L)A-F
zz&cP7^$zHR+C7s{=gNAF)c*gOgx2f|YE6?Cw6!mT%6C9b-9*%g)}T(jOV|`|pw5Mo
zg+hb><a82hyPZSbm$0zSSRvHU@NUjIm`(eCzY_QW6=aEv*e{ffsC;Ww^!CK6I1gjt
zE!4Z>5$3@fMJ>1nqfX3Ks9!o~QRhJ1VrC{(d!^8iO`;o#D%c;jmb+1F`5ram3dL=|
ze~MbWC8()9>GIDoKt5Fod+(P*ortwj?F~Zhu3e~IbsjadZ%eTMRgk`<U8szjiSDSi
zpM^TBmpd<`4wlGLR$dj=&`>0pyrmc)H=tr^KWf+firStJurlT;ZA<c5Y4*R4%2gET
z!ey+18OqpH_d-ScHq?V3VFAoi)=s=;s3n+<jqwF)CaXtTFwQ`=e;Rc{en7=c$#OPh
zvwRXUDcFJvnmwoo{OinH-bUIUBPgGPNpUGg;x5z_pFqt(L<L*2l&G1hf||kJsCUZ}
z)J$ALZAU*%McYOtP*dL&HT5Gf0nS1N(K1xWuA?55xRT9KdQ_}*Lj~13)J$GQ#XzRY
zHWPJF!8^(2FJM{i|AbX+zt>0Y>prNNn1zb+bEs`|1)E^3s&>6CY6cdfMzRi*;LoUC
za|55^Gt|`Is21uS$F$W$z3zAqb87!Ls$nA>fjSa*qh{bScEpgHwq~7C57>*^ZWmB9
z7Oj>AZ*Ek+K59mWU<&*RwQDY6A&ger23#D2zyF((&`CBFHPX3w1rMtNE~#TdbOcrJ
zH7W*@)U`Fvg}SdH>i5EM)V5uYgYY~m7HZeCjt;=|<mX}V|Npm#ghu`wYHh>o+mt3l
z9UO&FQCt(N<51L;9>LNW)*#f2!g8qmNYrlm2^BkUU3sB~mhX#Ul&@*X{#RlH1)9<=
zsO@$O^_ooC$enDcB^itw$z%-2EvN(RC)7D|9ChClR4@h_+gV>56<gg<C*x$)Ol@lH
z+sH0apa#O5*c#?VO;J<S4TDh+UW8i9qo^5qj%p}FQyY0T)JteAYON2Vg7_`g#L#A;
z-d3!G>oA7j-2O1R71e?Ls42UHwJ}2rvyby9>`i%OOWXIpb05~BJgk*1Q3I?>{#%R)
zp*?I({$*?XaoVtr4b-1Sq74`JAp6lv)7EZmg%!vz!%BD`wYK@%+5YZ@HOOy4-5=84
z4w`ltMSeC0@S@AV#(Lz7b+EVP1mv~tdzVR+<3gg2_8xD9!8O8aly5?H;D4wQROn<K
zU5uLI8>qES*4fs+1Zo?0M;%zRP{DWvBhl+(!5bf|YX8?Hp_6JhR>7Z89g6jd?c?eg
zll)W+;8&>N+K!sy+o+>8Z&!<v&Zroef@=2!YH43NQ+2bBMq%*xe;*P$qkq8kcm?%<
z_m~!Qb+>(A1G|y$iW<>*)CePb*aM?b2h<nNnHY`y3e+xJi|W`$RQpfRPfj9DPwQzB
zR8QNXUYlbucp%|j@`q7Dwysxb@NdibfD_5L=xqni9n=~p{xsB^gPl<`^FJ()h5Fci
zpJPw*=lZb!JCP{Y*M9vj$M)po_Y3t#U_bm4Ut$*=)ZhL{b{$udukxA2#0zXrzW#tv
zZ#b^OshH<;tM?<S1KkE%`5IhGzVsmWzoP!eAbXEz7;H;1996y<b(H>%n(FjJ?0{<M
zoZ$QkLqb?%OoVTS+8;{e4zqW_AWX;oGf_WGHep6Q>XXo#KSZrvJUXN!HxtIeQmE*z
zic#1d6^yG<2hnEKIdKgeVea7;ykDYz2^~VcH7{Z;%rn9UP!!bxzb6Uyp*J0C;4#!l
zlZ><nRz+PO@ACUxKJ-gF2TGu};RsZNTTv(7B~&|EN7?U)=BRf|4@`}NkfYl7=2*fz
zg4*YAFapbrb}t>&5)4HJ=L%HNo<eo_4l3vhj<M}H8ufrvm@Jgve5e@?8*hIi%8cq*
zE-a+|--d*GJ`3yPcGQUDOt6X-P*Fbs^>R9ldGTM=eYqyu64gZ=T>VgQ({Hc>o^a)n
zldOJW)Jv)v26(<VfkZT1g(-18>aBJH^(U1Js2>u~oN*>w1DR0=Ok>nJF#^MJ5o-Ic
zLe11(RL6e9c=#R_gb`EN|5}p_BpPB~R1l8BrZ^XM1iwH9PwA<)pDUxL@C(%S^%w)+
zVGj(M7V1sMUf2=6>7l{@hP)FVBl{d%;O-gh|5|L9<TFFPxfFDs73#IcklCTZzh<*N
zHY2|t`(pSUyYUNDbpMX}A#xw}*39yit#vzWMgB|dj@MBKQLV47!=tb|`BPuBZK6n|
z_{QGj%~5MM0`;~#gj&n6xmK?*Di{Z#j_f7QUs16WXP$MuH7W>KqaJh&)n4NHHq-TS
zIr-&23GMGX3#`GusDok|p1{MXHJ<UUZL>X?ll*g3Or%|C^^2iqs41%c3Dlau!o<vQ
z>P2>*<o_<z8%lX;?127G61pMnVhgrvs19{PP3<^Lg9lMTc>^^A4>1x`EV1j^u^9O(
zs2LoN<?)~^kGa&gcNA)=#$a*n|9vFXlYg)lw)x&%gHb9+HB@SuHQ?iCjOY+nro7}2
zc6}sjTOLA9^-I)D6<lEtY=hc%b1^%fz@pm!FI|P)D{YEDK{d1hH3KJIKK3dLzT!yF
zz1jE)p2mJyY_%O+t5Mr=Cu(MY$0&@p#&$y`TuXi>F4z8Vw$@Ivkaae~T3CbfnW$~~
z2bRM^>+OUafQsh5sQ36Qtc#g8SPXrJIuTc(w(&n$2ODm*@}*dn{44Z3ktn+<)a#Gm
zV|z@w*&6%;E0I5iTJywPLcJka4pqJfwLQbOh6exNc&)Gv`JGr1Q*N_As<pxD<iAA)
z={@X?Ew{7(7nAsTyS?9g@30{H6&q6?f2VD$F4%zlPSk_r?XnnYhzhpFs5QTh12NNX
zd*A{rL;fyS!K{1i<<uMXw%onPw>3@pqn-J^oXb!RUvp;IYbRT0R0qzX8cgw%mAAv-
zOrgpX@3W<AiCUr!sF?c0l}GNk@{T?UU6_H2^8Kg=q93ph)IuFJ(@`;T2-jhPgEj;E
za3uN2L;PT2SIj^i$-f-7;7fhPtb(m5?~85m47Nr;|52NPX;_8^9-<DGoX72mt%N$;
z8#`NJR`MNjA5Ox%So?%6UD2QIE%_;G<jXJ*o<|KV>}0673~OLF?f>T_6wR$pS<uWv
zt>y2iUoOc`+Y#Iw_4@q|HB-N00Ze(utc5Bcj+&_hm<%J&npsgta#@^+Eiw4_|J)^^
z*Wyczz-Yf%J|XJtPmgi2fwL{@HQf_6Q{zx0T#Pzc&SGZ#2lbjwf6m$~f^o=Ka@NCG
z+W)Owh0dr4eda2R#3=GpP}}J=>I6%C-j=KqDoDRW?eo8oDfP-+u;^Zan#m8Sld|+h
zJK9H~?puz&5)Vjd3G)7GYt|Vvk)MSc!46D_r!W$)yYgqKC5rKz-Paluk)MP~aS`eS
z-G*AK7g!s!{B8sK?05FRf@CKJ>F_RQ#8{WC=ebbP-woBFZ&4jOfSStRFdN=N9Z(UM
zts^B+OZN%tsGf^jn)9fce2+SsD_mj!tKnW(>?Jf4)#KNwH7$76I?x_<rq4k&umv@>
z?@({EV%Kb``k{h!GphVPw!qAP*bzPgQ;|P_TIxT16537=F%%R3X)l#zs5Kpq8rkm{
zg)y#M!&OjAHxhO597dgVac@|AHLw=>e$IWU8Hl`TF;X1ck@uI9NKYchEt`pKsC+Hd
zcIu5<f{myKZad@uWoudj3sK$^HFJwGfY(sL`T<K}zT4K(o~W7IgbdvGo{`X$rnqA_
zwnpt+A2n59q4w=2)Jb^;6|CM}Tf?GQj%<6EU+O%K#VCJ=nyG^KEXF=Zwf7Z9=>5N$
zgc{h7?J(MX3!2WTx7#ArgWq8S%<;fRS_&1c12GHEM+MaZRO~#)44CGj1!)wvBHtBr
z;t|ZH{r^G<3_P+RtA*MPJy26P3AIc1pnCoQ72UBO+k;A=%DZ9>9D}O=i_?2zM{gdi
zPx%0BiO0~dLn6ylcL9|@hFbF!&q9MiR|^&WQ&1yXgVFJfE5C@EftQ#ZQ$M$*D~#G*
z^_&Ax?aaecxbr#tUw`0u?Jh*Tum*BDE1_bbHEJdXV?$hpk?8$xQyU)@gvC)0=!IJQ
z$*8qIj0(>1mv%H)Mjc2!Uivnog%qg5e&>6vNxsA@>%dsllrKT;f(zIfKR6q|wk2GH
zy6+O|-H`Q-y+zBR4yyX7b72Uo16zG};T~$r6TY?mTNyRgy)X?<N5#ZC49C-`bK{aL
z4}E7H$bbRL>!5<{Q`9*yAKT)6)PrmMV?pi@BcY1howraAivO>TI3IpOzCCJ<PoRS9
zIcjYK|FZ{HLhX{y7$4`LmTtMbegO60Td1W>_CA>Ry{aVCfgz|1%TX_h-%t<A`oY$+
z5$Y{A1zX?+)C2SL&$e^|w!@;h92HZ4U|f8O+TNidVZnAQVp;MtF_-rLITC8f3k?gN
zc==Ej`k^|s3DuEX?s~$ou;4y#gs~|fj;cSwl^;jV%u9^Il+o<|7N~=5JSrBx!}L7g
zJFWyiM4fE$qK5^8tP-kYy;0j`A!^O9phg%iMwq7qC?)FtG8n+NsOuw8_kV>7+9Rk3
zKSRAMQpODPd^OmNgho07gJ(Tz``ktyOzC3TgKDCt`cqWBt*HC&qv|D$ZTYgO-O>fM
z=HFlde@4yBBUA?xhKKpVsH_(r7W@;*M%3E>g9@JNam>ybAU_f{q9v#$Ifoi~NL+hx
zM$`|I8mJL3K`qTmmyd|BnJkLxc>f4LEcm{jPl0CO7u4Au7SC=hfcmZ17j>{qMg{9?
z)Nc3<1NZ^;pg^Q`tS##L6z3MKNd5}yph_R#t~d5cXe3{t)^ZhUjZR}ae1nBCc>)`G
zZPdtyp{D!?)RbOu`FE(b&zjKMDUBLfXRL)^p_cY9REPYui7c8spgJ%GHKiL-C*pZj
zP{vPeBdmftn8u<Grj@7>9YwwU{)dY4Y)P!6QK<I1p=M+fYKAu<G30wUNazPa(xhQt
z1#F1w@z<z|$56rc1{-0nWY+LV43J-qnu(LB^Whz;<K>du{a>ISyxQf@p@K6sg<^pH
zSBQiTj+Ut4nS~0nhgcI+r?fTiiUIPoQ6t}qdhmJF$U{=ugL9#l@DmIk-54Oh4z<*0
zP|^P$gZsa9YP+!ws=_>Mg~w1M&zi=jumx)Ezd$`;IqCstP|^Gt<6_dZVZkFfqq7j|
zft66(cN8jSj$`oO|9?V450014MqCQ3k{^$nnO|@sh6loeuirVS@&~A&*BR5>09v7z
z?i<uEr{k!g%akE3_>brNq6Tyl^%@V!$o|*suyID~;dIp0pF!<^FO!`Ish!<XGqV#F
zy~#7%60}0i%mmb0Z$|B!%Qy-XWU&X&K`qsB)Y84o;#)z6tTrXJP*d6$6>QT`+weA4
z#~9h{0rgM~4MdH232GOd$F>+ddsy(7R5y%4ekbZD*FMzwkv4}dVRfH`D)d7gFoQ81
zzd?;;DJoh|pl0NMsGnFVa@syGfZC2#F)4OO1@TB!yO&V+Uq{VQqFmN~X;jDksxC1I
z6$2|#Bl`_M!?4^I6N9ia`NLQqBl6g}P#0s7ABzgAX{ZNnasGj&$;ZxXu~G$f9*jUb
z=6g#>C^|2=3yJetg(9d9HANjjV^Bf42el+I^4rTL3u;Q6p*lX=xgIs6moYWIb0#Zb
z&ntulwg3B(7(|8T*b~ziv|yQvn%V<c4{y8jVufsKdtemh{ZJj;jGBQ57>V%<TL%NE
zm}-C;XdhHZ*JJSa|78+7lVcUJAS#DR$PYk`U=l{*Dpb@yL`8RsqV|9~sPkYXR#!b#
zFurova~89XwMO0dCF+FSfxZe}l2DN3EN(|;D^yP>VP-tx%AcXuK2X9&)B$yU1S&X}
zqhjO$DoDdi+EQjj9p#l!9qo_m;DVCuf4y{maRslOIZIi?ZLtT}$6z&lfoiC9>9F8G
zs_B6Ww!x^5EJek}aV&@TQB$3(jGZe@up{}g7={nau>S)jp1KMN%Gy+wLp9tPH51cN
zC*5hRg0Z7)&Fi7I+c@W+7@K^ta@J0HXBSj^lTfj;)%nOLp|!|V-fWASk@?P_P*Zjb
zlVL;!yPg>pGu2RM{zy~@r@HIMP(QsMp_VvM(O%z;QT66v0R1y06jaYpYm&B-#X<vA
zel!MfCu%!hM*SF#UD-NN8Ff(ksE#i~P5p6H2jW(-cR*RJOMWt{{2J0R-%C){&hjc4
z3_1)39qQfi47KLDs)Ysr8E^~KOJp6YLpM?Hj0DxKL*=jm`N62S;wjYiS6B_R)UW}4
zirKaQr<16~g<V(?W7jlmV`K6&F$La7^*mZF3#y`6pL~1g7Mx5zR&6_w=3s#Qe$+O;
ziJGC%I%XEE&-1<NB(z2gP(3~846ADoEQpHY&Zq-sI;O|1sBQZjYNX-yEXWF=W~?P@
zrY53x#a`5m{efEAi2Ce*tz~%<I-`A5aO^?d_}ZDXfdyw9R7d8ag7PrxCGrH-u|Pw+
zzY+%9L$$xhmA^yXU#O8?Z_|kVuL=t&P!L^0JvgMXHCz}gk?)KZa5W~ur>GIcXkrIX
zNz{E!Tz(>IMwX)vqSL4&{4VO}e2J#EYZ^86tw-%CP{Wf^JzRoXvs0K5AE8F-HM0it
zqo%Ybs=Nm(co(?*6%20I<`%@6QQN#NszdWJfLnYLWl3B_^*Ct@>qr^YOQa#HLmg3T
zHx)JYdoX~vQTsn;OFLK+qh_iG>g6>R)xnLZ2j4^m@xQ2p$j{r#)~+*#QZNzqI-P=Q
zcqc~S5!4xf0oCv`)Y2qwZQHFms=>7`{}-yg;%#hzrBJ~=6g8mL$ddcsuO!r?_gD_|
zx3#J4=iG=<ls`kwK!J8PQ*BXEJ`S7WHdM#rx3}0Rh}Fq|;@pIqnfIszuY3n}nEltA
zgdV&MQ{!FK+D7kaGm#m!J?mi=9E%FR)2=*PCwp)SEJ}GRR4mL!ohRop8m8!M?WRR_
zv<#-;`CdB`n(85_T`&&S({-qzd4U-*Zx^!xYHB}6#lm3JOJ@n{gj<8@@ijKW6rb2Z
z)f*KH`%$~)1^SwbtX;!`|9VYB)Kct5l|Mn92dTT+8aKx7<X2(`OxoQ#IvCZFA5p(_
z?x12NdJmh?^jL#@8Ps;4fI1(J^kDyMq|tlYT2@0HBm+@PumH8Tdr%!p+RL_M1=Mb7
zjC#;8tci0`!FvarVWQqP6FpJoQ?VEBLbaFUQ{Vom)Z|m!*Po!)_Digc+fhCJfLe;u
zeJltEp*p%8)$q@#_xl^vQf26CGg%qyk{^V+|2S&b#OP=D)%0CrAO^Uw6xHw{)PZy#
zE27ummY@>qt@sU=#q-X@pV<;LL<Q*=s1Y7Q)q9R=ufPEN30D;rL;ge(wMk4tjo>P3
zYGZzG9m$IU@(oe@_A}H$vItdg2kM}@j?wTLYDr#Ue@r+qEclP>#-ciK6BV3qv9<Pp
zszG*C4n{@i3{(&vK<$QC7!T77wtOzs^#-V58-tp$rKtOlq0ahus3@;F#15w6sCwI+
zS1|bR|Ah>-DXET{>dB~s<`>j{_P(&SDuxZoc0|p@4or-<P-p#HEQ|?;*@LT~VrK|y
z$#$S(>u*%M*@?YM!TnD{H!eptbQLv{ml(h-!)<A*U<~qoP%|(P!*LbrXx)lB5pSc8
z;v^$%d)7q#qMC*ZzOAU4_!oUuOh3}rq^WZ-s^WZ9G~YmtJjR!{e_Nnt>TA?n@+#__
z_!l*EMMl{l)jDEA@@r6Q{u63RZ=hx{_GtEh0uqHr+mToq6;xd@K2FD^xESl>4%Ae}
z9b;BOop>X$82;>xKGv3|4C;XmP$M3UT7reB*f>9yDc01*8fQH$hH9ueYQN6JC_IfC
zY5ehKUW`t@Hmbpf&he<|{}DB_mz)VE*bG%gbz~%J2A2Eo!Y^2zg18f{XHA?FQB%9u
z`4$!31t;0I8jbD9U&jDem~1oG5jDckP}_9{YGC_O1N#TnLBHq}OY}mW;oqZz<rK!n
zzfmI!nQ9HC!Mfy&pk{6?s^M*@AbyI9oh;KV26|u$@>@_NK8;%9cNozA&oJFis0tX9
z3tyt9Xd<d3>ro@Qh)pnjh6P!B=QPv|{fJuYH>jXZH`A7;f^#5NrF;!)247(wz5lDu
zvi<!zs%J}3FQpS03nOP+gUL}NFNGT6WYji2=ZrSTen%8W&BW)J1lOQCb^tZ7`=}s}
z{E7~0|5qoW1Hs4DxD7Q`9ly4bO~uCKk6~;Kd}9Yo4(BJR8CZs&;-9GPR&TDI2mMe>
zyBHO$Con&H^Vt7Au>c88^&-?Spu-r2H?cfsnr|<kE?ANLE(}L+f&IxT4r*zdp|;}&
z)XDb`R>9)m+K5M>W@b0m!sp+z|Ml{TT4+C+reX~8r%)ZafI88hqehf|k<Cm6)N8jF
zDw^k_w&z70gfCI;_WsU(7yO9r$j4c12Ut&xPk!ZM-==gI1&Jv*glgy#YO3G5eAp6u
z*<`?!lt-bC;1;NkOhHZUPSmb=;!L;Hc26DD%c?u7{qd-n_`xTk5uQdx=X+E`Rlc_+
z8H&m;M#aFdsMyG}%=UXT)XWS<b!0vcz@r#}WtUsMTBu#o3$@fUQ1|)UNhs<sVFL{P
z!H(j_s0R<ia<~@t;HR!U)rzp-(Onl66YWvw#B$UK4`2Xqpxy~#E6x0<0k^?)+W%8X
zXj`mBomA&s{vm1`CRk;^1skD$(R_v)*<w_ztjDIf4Hf0_SKAMg;;3_@8kWH?P*c7e
z)zO=nU;F<92~A!8HTIfqh3fHGRD)YkN98qChmx$d8ES^QZzw8Qe?UFpkh}g6^*WDS
zXZ5q9esWdEFsy~Owg2mph{8pvgXKC_#;oftdV66l^1DzEjJ?73Z(&piyP%HPX{aSy
ziP`Z2Di}YYW-jkWn~|2N0Zl`{5s4!tbO5E<WZS6`YVD_^$`7LsjQ6Mx<lAho<Cds~
z)}cCb+ZnmVMqCVa(zQU%=p0l>4x*Ok*%tPHYZ95a+5<*8x1t_&7gaIwHtSGTRD)lj
zf@nKxX6~R4oWk4fpBMH+1@oV%m@2fxVxku6plXGh=`B0h|9a3r6x775J8g~oqqfO*
z)Pt^}W+GyjO>rgcN&ZvRh_0cgI?isZR}$53Kh#n#M7=9+qt1<Fdu+hfeG=U%7>YVN
z@1h=D;71#IQ|Bbq{{0En^INE0lVh(1T^(dQc>_>0F$c9|=TRMu@srI&K~(hDM7^B+
zPe^EOhB;TGdU^>JOmX(vPp~4WdbLnfIs_BrEL6u<U?M!}ypB4WU!v;e-)}Ke8MTDH
zk#oiOR+0!%@DMeH5eMv~D~)Pk7U}>xgWAUl4_du?7(%{#EdIxRwrYRznavN0^jr*$
z#xE*YrdgOx*$J+xoiSV+7s~#dNTwAVGAZAGqB8<+xa@BFo=S!ImW;uJx$y}8!ZrTg
z1n&^_FOr{!Imyp*_Y}hQly~C$@smKEp<HjjIkYp{T^Qig`&T@4CJzbWhDo>;$GHkk
zXgreiD$2j+Mtxe~WXkoaN;(erSLFNgGm(eIcAW{Q-hFqUt~cU&tto3s*;4B0-#-t2
zKIfs&`5xv$jk&0QnN*)9|GD`XWvqgCoqICT(5K|5xceVcew9vq%RSlMy;pH6<@!{l
zetp{i_(@IOz0p{I;>`Pkhc?vBeE0CccHDTJhAX)n7P<!Ka$TP~+>?p#uUt>Ywa(mA
zf;LKXPj7cmX3Bp2&jWYatzH-ESL9miV8>biNp1uqsQft(2+(i}di$0J7gCm=8?tjl
z6Uwr3ofn#y)^+Fz`CHVvNE^|p|2fz8xNG;gmXdqMbFB{F)0Fon-->z}@c`FT`(zH0
z&@q~ybSu}HC>lLZWBFYE3D+M}HiNn!KaWT(qGNIR7N_oiKRN>jQdc`FCNALN>$qQ^
z8$2f&>D9FDAEjU*1udx5pYKjCM9|<5TpU6=Ck^W*m750s#B=0RbG;sQlav0zjh0K^
zm$akLX6{?&(o>PYM#@`5dj-`AHz3s;9gWlYuxmgwQHOL(Dzs#J^wC>vJ>T7YH&XsR
z5B~2bse8x;?yJOwL0n%&`bEr{^}b4^Zuh2}cknfq;H&@IM4w{ZIfL43a5MRol<(r(
zlPB{p40>O?mQ^>BvKD-Qq<(wdLpwim{S?F0ryJ97fO{Kp-#xB>{P-Q*!@6QMZhFrR
z(W#`*67m{lI5!NSu|LUw{4}Dh0{NuWUq!kT517C=3GLLSjKA~EYvbw<=icwhzeN3F
z9qQWO#NX}pvAv+<Xy_%4ETQ5fzWPk&dzbP#G|FF<<y9x0i*y&t&(KgCzPWf1zxlkZ
zd|Qy`4d!LToqU&4U!NI#Q<BccwQHDxYr(Lo4J}<yk8!bvhRkOs=|+6p@vu91QXQgR
zYgbowLP!_o`aBvd?H<&hdb`L!;~stV!;ha?UVAqnmDO~0Yb&DkX~M{^1$)G1cQ>j$
z51m;-o#%YZQ6~fWhLm5W&Sf5)m4^5!=AGi&Sn}ye&*58;?-cU-B&3sH^6lXs`jGPD
zF75XxvC8UseW<jE8<)|Mb5vSF`8FE9ihoenjE9dRo!T|*Zu8QSKhO2CbdsNG!I%1v
z<WEr{BYA!5aqn^3zf0cdT3I~#as8W9AsrR;xygl6G!&q+K4Yl7fU<vh$W=X<d`UVr
z0b}yr!S^kLh@$KP_f2*q)4lvb#B0wzH*kw9|DO7ZT-(nSe>1o#CKWz@^xNm-rwkS6
zb7Ks5Lq~27<2#SC34Dvu=_TA7kL$6pB-ivaSD&$TNT1}C9U*;`I{NP}Ytx}_SWSab
z{C7}-4}V{qSD18f%X&>dKGfyQlfOYaH4ow^Q}C0C`hRj?S#tcVw80O5Nn!AFm4We_
zF!*W4y<fX>{W<(Q%Cl47A4*|bMp2W7c9LGgs77;vpTEJ+1>8<Uja_FlQtupBdQ<lp
zb@lm&`tzyx71zqUW$eeb>AFb0Z(PTe)ep!9)S07<#-G*QaE*slrIAE@r@9-4U^dF5
z+{3>i-GOvH3~((j_hzG&m3%kwppTy=q-WC^eZJ&-gf{g#!96|P^UBi3q8QBoA@{Hy
zG<=_%V(?u~SxYMX_mi9J>-hHM`w8D3)CqNsrJ!zl*UlLpKFr<w42v=oX<TQzI6t-<
z-KS@LsWgn6Z@cL{PNnj$0adI@ejwM&^02iSg1NbGK6TEKUrA@?^U&W&7bE@gbCdgO
z(B=?VHjX;+xF-$YulRPQ4Szj1E&6zeGZ7C+&3806T&AM_{H4zX(&gP$cCaFEH)YXi
zL!Y%gNPj{p#Y5Nf&BvF2-8%SJ=gpz5x}+yj_VJU+;-5xc$!r=(O2w)4{084i<g1ad
zMrV@qp!t;5rvtB1pTsm6MY%rtsJEZ;wx~~C!>dgGE$P0rmDY7$my*$uQT*A?d*CYO
zrXa#KtfH^@rls*I+|<DJx;`Dzrwrv|C_8}}+_h??S8%N+51K?fc`4_w(+qyv|L4Ic
zNEfDVCa%5K`nPfosODq}+i>$~Dy-&Pk_R?ml#$enPWm8qN>aaw>qrFUh5plNB^$Yi
zPNySJ{?m3b(qD6ZDt6$0{+2`j*{W+O1`pAHgxQgs&eKXCDmJ5W{*S*MkpJN`jB5$8
z6oqdo>q-Yp^S#J@+iA20WrL}sPZQFYN#CPxG1C9TXyn(s4z1-rKK$KU6kOp#aT-Za
zdJ5_Id@s<U&#6&`v_9{-p+Aizz{OYz*Kki=z7t&?)f+$?NpT9-XHotO`Py!fPslf>
zd;?|r#L=IvHjwB-K@u9}Z>|jfiBcCwQF#xYc)|_YY2YF1lf*r2HrMnSME+Z@J>`CV
zD&q;-+0VB**ETZx<b3&SHG}^F@j~i`b8kk>?^B^WH;m`vS-#cXL)6eQ()+k^4|RUy
z+71=E&os=+^;mp2@V!Z$g!tdj2Fmm~$iw)rpuGL$?_fUa{q8#JccWmqtJsZ)9bhI-
zQQ<ld%t`tSYr|_tdL?D&`RX$Z(^}Fi$F;v*dK_*2>KcDad#SkAk9<SEwfIIblg()V
z65r<fvsE|+XUJ@FH?_eYG`7h#C`M9NkvbngBj|KL?u$v;T(0$U7cx_RnRI5#r}Oa7
zNI&Jfj?TuXEC=6$bf}aY#Odg)KmW47_Y;-Aps+GG=~Ep0Q=SLcaDzVc_>SjWhqAq{
zp2~C6=*LfcI(3Kobtv0Ndn;+<zn?{}?h@|*fqL2WXY0!(Qc&>Se;WP5Es1U(?`EdE
zYiumnT2sz{RuTOC%KdF=C!EF;@qNr!aiz~lSLbuCcOqQ@3(?-cuH4_u&Hw+i*<Bn>
zhf>m58uE=?=ZbK1TGEl+*V5hif|0f-J;CL7anENwNS{%ztvBxe2Dr^Gc|Ym*-!mHO
z?M4_ydNk?7+_aGNZ5nD#Ly1Ul;l|GxRb#hy>q+0^`p3@$_W<P!aIFycH0RzS<n>Rl
z_|JEOAO4e!;HMndD(L*rLS_B|kT;43_<NeYIpnW$^J}W@B)x!#>~=TBw|j&C+s%#e
zz3copls4o0?SDE_n)~&s!?z*j{rP65EEDaWq^yE|{~!9#D7y0C4|JkB7w5W%&gMG*
zNsQNk2i@jcQLb&Kk)LU7E%{=UCvtVGke)~RQ}<x1dhe<87uT~=9+U4KcWnygvHx`s
z9~=DB=y)Fg-%l5syUe!-Uwu9}l|D$_LNxUqU;eK0;AcB7cg?@V5!A0oy(wJX=*pX7
zKc0HiZt;%bX|>Bg=?xauVPeNoVKIG8M!#eKr&F)pgH$mo4Nay_2-i!J4xy2=+?U1G
z??Sp4^@~s^(#_9tcmHrbkk3)-rX>B4>-sOfy=mN3gU0xero8BQm<s3d56YL(kcZ#7
z2jr#v<L3kAkGP(hg1@+ah5P?@^{(-NHl)*FLyVx#NIIfEogzPw@-lqOY5dE%@Gt5!
zn8NzhI#1(qNv}kG?o)P_{0AQRnzC<6@8!NQ^3iB84(W-mZf@#sp!}iT>RqR<K5@Bz
zi1L%vZ$<tEU%xgND^W0k2C7owIU}saay%o?fBof!x|`KNJHDEL#x(L5i9hjzF7Ro>
zw=Z><QofFM+VP!B8~OyOr%!3}e{g*p?bhdd68=lS;D0whj0<Dw#10Hl@r=9SDER_>
zpL1;x<;nPd&9!!JBTnO*KJi?ArT?U^KJ9qWOUgT=K5zIg;=$qEvyD2l$ZvJ==WU^|
zBb9r(hR@NvXWUrVjXsj=PhG=JT^%+04cE``O~JJ+++Wt!(Y4?CCj3vw;&JUy+AT``
zbQt_t{98H|54lA$9}gaYm3dGWD$lgb!T-(4jn~|Wic$aLCzA4!F0+S+{!E<%xP%ew
z6M>QLzVx*DqZNC8D;mj5L2MehN~NQu^~ptVzo&ugd<XHZNoRK2rQrX@;QBl6*}+$z
zX*8aXI)9MP@_&t834Dy#+MjbyGD*hL1QBbzi3UMpE3HtfgtV4x*HW!XGKr~VCT6j>
z$xNvI2Enn`@+l#fl5*@pb=Ruug6^G65)@rjd(rm$pLfoX_TKybzUSA+dCv3vpXIFY
z39gHn59wNLRK#2f&P3cR(D@)sx)x~hH?0AFMkNiHa1;?V8GtiTY=Zq+B<lg$2Yoo?
z9l*b@Ml%fd8DI<S_`^2C1r?+WMfU>M29^|wem9j|_SZw!|DU$o!8sQoBifIUU>%HC
zRd5O12{~E{iW&p=667BcAWa1<K=4M;2kCL>*Fcx2_DU)W>yFrC(Ov^jL%ug*H_5N|
zNf`R8Dvu+`IXHg`{VeDP0^Aq<9Q4Z-MkdLCPZqcx^g*hUMW}>-DE&L|odBGq6vU2(
zydSzC>HBXRlo4?BAweJI=zv_I5_VAm@Mjx_x!}iClGSR&7nEHF^}`+{s$xw+VRe9+
zhW29^C!>Jd0Z_i7S~>TGB2QIz0FGk;?olIfu9BawQGIunK*m~)Vk1=YT=+(!$PK_=
zhb><f+7kFm<<nk|(-Oa12jja4K3R>*h#(!o<#0?uJE?f`^7{F+AVnaoq)BLJ!{Y|p
z9JG<JNph>U1o9T>`y)j!MBNQsCfZrh{|0?4wC7Q7HQLSKy})In|BYS}6rje4)dMVl
zT>MJDnwB6)BAg{Hz!;XHzYB6B@Cudq9CU4w=tPZqk$6ep!WaMhU&G@_)Dm0|xR2mx
zgO8+{uwTSfya3GmDxL;Rq&|1pCq)6AAx0JP5&9k_hXC{|g4U#mVQZiY`B1gLDa?yV
z>V>?j#)zfwGCf%!N*d&0s<=gRpVk9d{vq95wEbX+N6-mqPodgEv|p&I&1h?(^3Py@
z6-7L*f;<w4tN$yO)vBONs(@%<eo^+zO7|+_ltT`OEq^)!eGNq&IA)<TO^tjxj3G$2
z1i+KvPcW+Gunklr>8y%s4~(Q|fWH9UHnc%<BIX;w4~Fg~*j6Y*8^me?c^L8=P9tau
zcmu#0NW|c9S|!;C-4&JSXJ9siC4Gf}lfjoEJK*yi+E4_26YUJN>CkloOX>ier0Iwm
z2YI6EKLuQ#d^Hy$!DIyXs^Du?E1d=a6r^a3v;x?EP>evZn~=kxdjtKu3YUa_E$E%l
zO+xWO8V{LDA0$73)`4~^+HCn#({xmN7TgFyS}Tv*aL837XrL-SsRI6t_7-r1VfVx4
zMZZw`qqTs)L!76S@4ryY78P@WiX*$XpqG@tKhPR3V$?U_^cDJ9Xy2+a3lh=*g-S|A
z)xWDi>yhXx_$HD{Y7M_{mHZ&|O@Vt<B?=(0Ea=P735d5<uK#BUD5(J)B;l`57@kF-
z5(L6OJfPDL@E8ePTk!MHY*k6dA;Bb7=nhqsba)Ir0+?iF>#y4S(B~q?F68K`<FWp;
zp|B%S6L2%gBhh977^jjz)c<Z?Llig;_U@>BA9P)SlhjX*@TWl6P@$521piMU_l3SO
z<n9Xp9CV`<R)43RP$PdD!P^2f9tkEYa2gzUqSDLY-+`M6ejd6x;N?jC4gwtm4}h<v
zN8pzR{|-pP&>jXp6Y{rc&#0IZcMkrN<o%=5Pyi$issS1exr;tc2&NncB3K3zKaW;Y
z9{6P>Zwc&t=p1qouy;nh)ynsT!j3{a8Twy<-3Gst!9O*TfnJ1@Bp0fF5`dlP&qshh
z;DPA3gUzNe689W%lAc7uj}deeFdw4r1U|23qe}o{coN0$R`PqQ%|hIk!STNfWm|wg
z0H+}E7*x6m{1}3I5bzfS{0Ye?DrebT19k>5TVN{#rm3<`gdC(X@E7p209OkM^WY=t
zCiG5Oq@4fnp}d05V*rN3a1y#-5af^=Ek`>VOjY20XrsZ~z%zi2NAPj5A3+=^{O=;s
zn<^2^h63O!ppU`8t|8Aq(Z2)z3uyCu!64}(I#~!p&_9KMM-XHv92j&_kb^V;_Q}wd
zLe~}c5x@=xPeI^IU@LTSU<2$U(3}AN1Mp{%ZD^l_?H?#^Gh|S{;amKghvYx2B%`G>
zsDo<%fUO7)gOKDmw4cJZ5ZLvQZ$jrm(r#c$QxS9kY<~p0hB(;IqMwf#OCd|T2*0LE
zUMTPXK5&W!FAG#;SPrnHX(-?*<R%F44xF-Ke*p3TRhYySBXNqtuLVZZAk2=WQRuf)
ziDbVs{F0%o0LP=>9Ia2j;ASCcDB1%6zXav);41XHz~MH6bw%QakcY#mH{@f$eGYps
z@DkX2!C%ryVBSJ8x6pT?-xP6%qu&DU6tD&IFyM<JZ$Ntsef|8;QvqtDy#%GC0Z6hI
z3F<@F6<{NRry_ZfOwexywkdQakS9T&kHF30^DsCUz$o}sK$f%}Z3?g(AX|Y~g!><f
zzJRd{oXfynA$LQ29xUmy3NRhPxGL^xw3^c2QMv#czhMo(c$MHoDBHr`2H0>FPvQoG
z!*oA={8EJ<9Wlzy04+vAoxzg&q2dP6UkA7$<Ue622(|?MbFg<q`>ZPDH{d=6KZpKD
z;H$s~=_Q4E3idOI-Cr5D<fGD;zz-?F1UPk2j(wqvQoz^XDCr;yxC9;w{yS}zcofuD
zjXr1}qGHQF%mxp9yFwU>Lh{pLOvTh*R8EC3l%jx-Y6O`9c^(S*KoxNmK5pPfs#yvq
zdL2Rw*uI8sINGIXlhI}&{tL?2g8oG{z!OGw|Gtd`Pbh#4b{!Qu&^`)BNv|PMHgq?D
z*@>V*+7JC81bjgiYge{*s$Yrr3+M=NZY1po?6Deo^!?vgIaLG9Ajbf3M1cf!om3GW
zA-90tjbIDWt^qU1FQb+85O96q$JOZSBAFYU1lw)+J^}qxXj9eFd8Ctk|J4OA0x$*6
zQxR-90B0btQoylr?5TowLVz>CPDSF*kgouf2wn_6r7$w?Y1kyKLYzH_xf1yARJ<SH
z|19heqMyGNfG7y(0D1??ad5ICP+jOHjfd_Zu-yfwKllRr;RsN-MzWjeOKN~5lD<IO
z2iz0*A;8Us|0U>eqiuoyX0+w7JsMp9g9v&6$`^I_`@d`lI03;A!ERK+rL`6Gm!P`>
zT_yTUQS1=-OB$=%e<8uAkRJy23ABS@D+7Kp`c~M!(Fch0KT8Gv9qlD3%>YO$0KWp@
zesBah1qq8#j7{M~(QgX;cG!A@UxRHm+F~TDM2s}}|EY>u3R_3?C!-D07w{jP4~HNv
zh0|C7HbK!Ifv13T04jst1$`9~e+*ra)}UWc^-n=L6Y}fOH3mKreiWPp?f~D@$Wt4|
zY=$i9Hu^`w`Hw?!6^_X;?oibZf#FT)G8K3R0#1Xx5ba=Kn!x@f>^~y73Bj!3XOY+j
z{V-q-z}5<zI!Ili57KukrXyg_H~8V02!|j|K!RM={}aj#Rn*T)*B41^BgjGYn<L1p
zkmJE;fJ=t1GYSYr%peuORt%k_iIBM}CQjGXxc}S3C}|&@LlEdev=h+24d+7G-avxi
z0}w;33NjP=ZNNynt6C{9gFFkE*0A?R!BMgR_&XuDQNGQg5_0{gLHI-|YawYQz`Fq4
zu0|dLIbGS0C|wKqNO})8Nln#se+S<jB%N5Jm>A`|U11|&4+B4sSosIxd=kQRICN9f
zRtvgt1bi5dXCZf2Nn_CtKtB(-jR^3f()*zc(ggTiQ+laurwR+&6HvtWu*(l$&v4xT
z1*mvEtZ$)xTNQ8?fMNi~seT*C*VTwVRk}GU$x+zupqO~rlM&}>^d-Fl&VyVD{Z7ae
zQOGIyxS>0Q_OKoY>;F0uOS%B%1ynET4vcp26xbS|Z-Mi1*aUQ25bzTOc^~WrOL_(c
zJPCOs?9EkSb)ee`t_%Ae_|$_e=_z2YL;e~(p&1lWFs?)JQt;OZau<e31ZiKEaLCAt
zA3OSw;xCV;6puXCsqDb97fIO@<yS~!lR?w8HVK)DTE7u}v^Gv_woS9!a;7I14?Wqq
zc+$zHVP;#VmfE*(@tTub@zImd6*oVX_{e>);eYk|t3kTzfJ{r4*`4D`ESqtvJ}oXf
z-KO}^>7?Rwr(2XoywQl3wSTLXv3Sz^v5^*AhGTl3%aW;Onq6j-p}5)EX2m_uHY=O=
zelbbvkl@trBeLv{6fHi%8E-NqIHgI}Zg#mH7A?zR&n+uCJ36$i(I*dvl#RQX8CrJZ
zt5M-mHkZSmlhjYkw74u8NMkDNQ+2y`*_fMSjb-6?&Kr3cCBNnmw@h|hoGv|#X4V{*
zT)WGH@GeWTVF<(&?Jo$|M2j}nlCGsY>{Fc<M-Vdt<yai8otil_(_wKswblvF)>@|B
z;?!(*mzHaGWlYri4H<zUxg66?D)PvQmR4GNj@dQ|ju?uB=9wKX&7P&nM0sYXGjF29
z?6mMEjLfNpvSwJ4O;|*Y3q}%Sw7eV(tXjrIOU5MWqT4k7D<cW@%q|@t2yM>Eu}>AL
zA!IR$8*On|v#gkRIf;L%+8QXFzZ*(&+remeSZ&#wJ<nye+qC$kBrJfI>9%MtyOy0}
zPdDdi8FpKiHJf)Zk`X+lH;LrsM$)x0=3L(cLDwv6jzymmam7f8k=yH#4Ye@4S|3@K
zB~#G4<SsR4TI7!46QW4GxE)FCgeEw-tsZ$u45>%LLVD!dryw^bCd2J;U?#N;vm;ZJ
z8_#OPVz_jh-G&vix+ZGSSW%(PottiPh=C1B6yq}*lLf@g!<&$4Vo?+FB@+u`$$n#o
z-Qk$t9`mocERI~O4Q`k{%o+BBzCAEmNyuhv?b5O>E~LwIyG(`=0k^3Zef6w1EnTj2
zu07N8AJF2_1o9pe`H7^+IIfM|p*h{@lPuE{HB7p`@DA)YxlaStn`^9ovZf6UEHnmf
zabTO;EK_UP<$74A<=HU<R+nHM$>mVdq8mBSMC%k%pNfxrlCB{ltq<u?o39&8=7<GD
z$h2A_b}VUYte@@9l~XB8Kn%SCkvf5t5TT`$QWD~}=4A57W2AwgnIx|^-=0V6^7VP7
zKR1mgk)pw5(v1kSgG3R&)JaAZfBjW$-pWOKHqMm`6Q7XWwIg;725HVsw`RNTZl@UU
zBGDv5?kN<GCBES%&G;cV(Gp!&n_F(VDf$-8FzXx7Y@0sSJUzJa0=to?O(F5cmu}bQ
zgQpOyI5&mdVfFOwps)Ri4ntB9*(6TQAfrP%=UAqgajNCkaXH*L?KoifZV+c+!l#&X
zteM)-fqnGrh$rWhk3-!_=~mau0%8%13rIw$*fWQGW@35PJn`xha@EN9aq<N}yNWz2
z;#ZT?w7v9pSg@OLwy;ewK(mH5)}~Ih*kEuutd=Qqc+fe;=WEI75G}`QcFN;owOQq0
z4OUyA5VIq&Fk;0<VkC|3=`-xPH78aq*hCJ{S{9cXM^U%%Zd*v#=7Cwd=M_A{fz{yV
zEu=o@TgYra?iCU((q17$h&aBLd><+<>?8$Y3<sUZxk+=r;5G8v1D5Gi<&a!<yOv|O
zWs9EsNhcx-4v;59#nmHZJmDF~$c7lJ(<uiRtlW?rQ1JB|Nvt5p$yt)%#uC_ER<*El
zYH+h_PUl29S91B}s_|>(WEo#^g8Y+DK1r&Q`dJ;hwrmH^l+%UVQRa}>tI2@#>Tug^
zQjwjPon+2NY%%r}S;6uxj=<hQ_zWB=?6WMhH7B@-+_o%t4lbn}m@sX5SOi;!1;KJG
zPLtuUlXd?V4;&BNH}{74Z`j~A50U$vUws32P3fCtcKyH&dhZ(4N7?=@(nh4cMJAI6
z<fVhj!yH%~4!c8$x5?*BY&%1)u+V^J?}wz2iKjm%PY~{Hfi?4gLXsHoc9Cd&@<md{
z(=L(Uh2?WnK=|TmBt|5CNm>%&`ifY?cxWZ*E0$G~1R}nyB4LdGd4)U^r3ZHQ(6X)i
zo^<DJ8+w({eEopnz*ukxW<HO@5}3aJqXrEMPT&2bVzp)2O@{yCG9-0$>hPdXx;b#T
zf*#Z5s$p3WAGfX3o-qjr2H*19x%bu-J7LH*lG4sH4VRw0lk*(*Y==45WN_Qe>G-1P
z*PbQAjiaqh{MBnDnipInsj&_VGXC8ahtQd4$HzkKzeYxo=-`c~<<>kwp*P6w+BG%e
z)(sNFc=w;l+Aw67+noPcP8#v@pGj>_ZxY@_z8Tb$L|rJst3)ilNm@{R%0$$!q=S*$
zekXHz<R7FJ&-#O0;HUm14~unwk`N-A5;~rW|6#N@5&c6c)^~F_E#>YA+M1t@pkqiE
z-r7X_nK~zR?4H!Ilh)}W;Wp9A5bk<_j^pu>G>spRq^(746#bHjhV^MG<>RAiGd?q#
z2Htl*Pl<fr@wcLBOa6T{&E}&T(oTF{L)r}IDfl{+&p3(HpL4##xxT^`KJRv4VX3ch
zUZObGkPfFjsxj@z`!=Qz@>|g~lBYMOnpoSInkgTaOq+{#&FEMo-yDz1hhC+PLgl+n
z<6}>-IBGKRMF})cyc17fpxlx`qxgiYG`xj++EuRM{vzRDv{LgI@rv?I)dh1><jaq5
zPoVLlUMspcETZDz;>uP3^m%shGfA{m>`11qjG{?bTGuF?J!n*|20m|@uMq#u^A+y$
z6&^+D{WRVrnKt328jTQ(`_qMye83pGF5c(aT~WTidY7o&zM;DCn9sAv<Ud^K^AuGa
zEBASeeBMRk?ie~PT>LbF-U=5jpQqzVzOQhHuW+*-7#WWEy!(CLEi#*Dq0c)XAtk`O
z$LB5ac@OFOZ9dOxUxC+9SyoaxyC_BTdAIt!+kAy9rMvufyRJF#|BBE}4^ee&pMS|>
zOpnaxMK$w%g*%Z?-i<!bBD^+rLrHKVcJP8nSWL{l3IbU%ODNQ{hvRY5AZ&NV!Gg<$
zCH!nGjb^Bq@0djMjF(pkpLZGGG@do&sX3U$)oW=TqkM+qA?nDXBjc+!AFkf9*yrKC
z0#D!#s`=+_uUcN>^I+tQecpxQ_Z*r-9|{7op%(c(8~)oEP*7kPa^CoJcDjDF&x<+d
zKCkc<V&2Mv&ruZS^S&Bf<|T5Is<lUo|B)ulj%S0<>+yL?t7dPi-nvqj>DlV@9G9_w
zvQsZF%cB!w{<_cgxsw^W`9s>s7<kb0K0{dpVVX=&g!1Akw3)a(g{G0(ZEzpCTozlV
zB{PwCnnnkOsgz>oH2Me;gJ)19;T^uD(cIjdHWVXf(&H?`e|$SOI`Z)KUfPXMIKx6j
zR6e~+@b%SrJrB(nbv!i57*}y*fnE)cA9nJ5jJR^aIytKao{A%{R2*E$&8rc5{T$jx
zq|Bv@82@nrog036@%{uS2F-h=(MEjjLi)1kyNHGv#mr^&@rYEpAwA{#EUfi;ixI4<
zbWi2FQk*J%f)-V8^;GWl`aFT9!hFpROc}nz{yDGs7r<*7|9U%%PW!h=zCtWSp|8*r
zJS8|2awTiJ`j2BVF&JzEEQBn<#E-6}r^5{XW1Ia)i}<&DXsjq*N1q50+cwe1!yB~G
zksGi#{PXu<bcw-j+iY9l2-m1pg_K+P$9x*c3(m4;ymvnKu0GG-Y^P1bMX!A{BQ!K2
z(_gTV4;w?HMchGpj*2};=+aOz>m*H!<hRe!`6Bc@{h*Gx_6-%`b&sy7T!B4>ncCn#
zK8Huy;I{cP-AK7(9g7wlzo%|0Qf|<!db}284ft)sMhY)w=Lz5QI%_Cqg|KmiFEg@6
zyrq%#<%1$w2mXzb4Q`|F+n4pzI$u4Tk;mu35(H)*zsgAz?ZVioz$Up9&f@fAD#F>L
zo&J78u#N6*{>m-us!NVy#i|ah@p+a8R+8HzSS-(sV2eb36MHkXQ;i+AWu1TSVSOWD
zDsf&mU@G;)hl>q&O=;DN9oW6RU<PZ#^SiPZ!W7BA3hiFGZoYrPA?zW1{q!#fa$=Kh
z3mkNmgBu;!g8wkCzhxB%7gVmAD_704mN#w4PS%wLV`cFOgmjP(OQ-cCy_f);CpmO{
zB68fkD2BD>onu(rTJ9uYVX?l`=J9bc7)H}Z>~o`tYQcV}%WF4dwa7t^XHu+qDw*9i
ziQMk21>yb__KdLfU^JwIXM<iQZcThE)Y(FM<ntG;#0ITgjohUb2l1(yC-1Nkz1ceB
zL%2l(W7O|=-23{Jcn|q^uc<n|Jy5CP9>}ln7;!z7<=`izaWp1eEv`xS8i{8Hu<NXz
zuW*x`C|QTv0{pRoY*@#?t?B)+e=`Js(BfqS*-^1*5W7jl!6B?y80VW=9nobpYiH75
z^}TxFdw;;m>hjOam`NO+zzB)+c>`a`J!%#_i{zCrk2OZFUz7H9)<#sA*>NJuGuY5D
zkvNInA-sPs<~uM#-sclmpWjGjjqfRNS@Jj=d(((_xnsH}zPGVZ+Az4uJf(Q|W2*7t
zz}Dn_o?_Ab_RrKL+D&GR@KFwSL7>p*2qz&dhF{xF!+8fcYgF&vTOVIJ|LzUdn-=NE
zFb=ni{?YI*yS#Ftf7`;~?!~sL+P2ES=OsOdNO!Ygp=tg(bE*%N>5GN$7OuS6`s8E&
zx&ATUqHlA29P$0e7dlWhE=P5<<GQRYUR-f(9lu_O#f0I2=+m@!2CKiaKMRZ86POfi
zay+Db-Ua;CjyNcPq_T+m|KUh;_-!~ai-i(?q$7)s(8r<wkicGGJxm6<JLG#~N8khW
z*bA7)detR+{Y40dk3YWgc%B{Qp7yL^y{hFKD(5ZH2fwwlXi3$U!}6;W9k$zF?5Qr>
zA(rN2{Nm<p_OB3rvK8*E_6t}@s2E+uN{Q&Olr;|J)|D*YsOHRE!s7U)m8_hf<*W-o
zw2DRXv{mc@-eMJNdav8|p7a36zlO9+<gI2u60u}08$m?#^(@ZB|9F@gxnmp45~E7k
zMx@%oPBX6UW<|-Wez~4oa6R4Mck<Ga7a(2`_*CE%uFvv`LOeu<HpljTZ#Ub_@^OeO
z3+MPZ?nQv$1$2L%0ymC)8x^jW3+Y)Tf0n_yuHI2zx#G3pM?+n6CPU3=!BhNyMH@0s
z{+#pQ<M|h^z&;7AhrZ1g2Cg^#spviC^X?7YVAw1ESL8;--Gd#Y#yV*qYZdL^vJ$T{
zeQWO0UprXsjr`?(tdV?8ui3}q`O<xC44=6jt5?3RYS(f;bri0>>V4QK%@5DR$4Y);
zJ(z;OUo+zBYs^fd{$1ba0NWeF@z1Dy%43hRJJJ8~LKhLo*h~7)Hn+;z`f&ci+w5I_
z<Q>*lJov8s&K)?%azxY_7E46!4_Ff>hM!~joh9pemK4Ij{fzlJy~z6TH5Xa#{{m>w
BKAivn

diff --git a/po/ja.po b/po/ja.po
index e624890..b5f3468 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -5,14 +5,14 @@
 # Yoshihiro Kajiki <kajiki@ylug.org>, 1999.
 # Takashi P.KATOH, 2002.
 # NIIBE Yutaka <gniibe@fsij.org>, 2013, 2014, 2015, 2016, 2017, 2018, 2019,
-# 2020, 2021, 2022.
+# 2020, 2021.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg 2.2.37\n"
+"Project-Id-Version: gnupg 2.2.27\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2022-09-01 14:50+0900\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2021-01-12 13:50+0900\n"
 "Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
 "Language-Team: none\n"
 "Language: ja\n"
@@ -21,58 +21,58 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "pinentryのロックの獲得に失敗しました: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|キャンセル(_C)"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Yes"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_No"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|パスワードマネージャに保管(_S)"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "本当に画面にパスフレーズを見えるようにしますか?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|パスフレーズを見えるようにする"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|パスフレーズを隠す"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
-msgstr "提示"
+msgstr "提示する"
 
 #. TRANSLATORS: This string is a tooltip, shown by pinentry when
 #. hovering over the generate button.  Please use an appropriate
@@ -81,24 +81,13 @@ msgstr "提示"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
-msgstr "パスフレーズを生成して提示"
-
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "注意: ブランクはパスフレーズの一部ではありません。"
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "パスフレーズが認められません"
+msgstr "ランダムなパスフレーズを提示する"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "品質:"
 
@@ -108,11 +97,11 @@ msgstr "品質:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
-msgstr "パスフレーズの品質"
+msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -120,7 +109,7 @@ msgstr ""
 "あなたのPINを入力してください(このセッションで秘密鍵のロックを解除するために"
 "使われます)"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -128,147 +117,132 @@ msgstr ""
 "あなたのパスフレーズを入力してください(このセッションで秘密鍵のロックを解除す"
 "るために使われます)"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "パスフレーズ:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "一致しません - もう一度"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (現在 %d / 最大 %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "繰り返し:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PINが長すぎます"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "パスフレーズが長すぎます"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "PINに無効な文字があります"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PINが短すぎます"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "不正なPINです"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "パスフレーズが不正です"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
-msgstr "注意: ウェブ・ブラウザからのリクエストです。"
+msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
-msgstr "注意: リモート・サイトからのリクエストです。"
+msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "カード・シリアル番号の取得エラー: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "このパスフレーズをもう一度入力してください"
 
-#: agent/command.c:2423
-#, c-format
+#: agent/command.c:2567
+#, fuzzy, c-format
+#| msgid ""
+#| "Please enter the passphrase to protect the imported object within the "
+#| "GnuPG system."
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr ""
-"%s システムにインポートされたオブジェクトを保護するためにパスフレーズを入力し"
-"てください"
+"GnuPGシステムにインポートされたオブジェクトを保護するためにパスフレーズを入力"
+"してください"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
-"この鍵(または副鍵)はパスフレーズで保護されてません。エクスポートするために新"
-"しいパスフレーズを入力してください。"
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh鍵で%dビットより大きいものはサポートされません\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "'%s'が作成できません: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "'%s'が開けません: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "カードを検出しました。シリアル番号: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "カードにsshの認証鍵がありません: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "適当なカードの鍵が見つかりません: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "カードのリスト の取得エラー: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -277,20 +251,20 @@ msgstr ""
 "sshプロセスが以下の鍵の使用を要求しました:%%0A  %s%%0A  (%s)%%0Aこの使用を認"
 "めますか?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "許可する"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "拒否する"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "以下のssh鍵に対するパスフレーズを入力してください:%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -299,91 +273,88 @@ msgstr ""
 "パスフレーズを入力してください。gpg-agentの鍵の保管で受信した秘密鍵%%0A   %s"
 "%%0A   %s%%0Aを保護します。"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "ソケットからストリームを作成するのに失敗しました: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "以下のシリアル番号のカードを挿入してください"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "今のカードを抜き、以下のシリアル番号のカードを挿入してください"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "管理者PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "リセット・コード"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "カード/トークンのACKボタンを押してください。"
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "リーダーのピンパッドを入力に使ってください。"
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "このリセット・コードをもう一度入力してください"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "このPUKをもう一度入力してください"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "このPINをもう一度入力してください"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "リセット・コードが正しく繰り返されていません。もう一度"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUKが正しく繰り返されていません。もう一度"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PINが正しく繰り返されていません。もう一度"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "カードのロックを解除するためにPIN%s%s%sを入力してください"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "一時ファイルの作成エラー: %s\n"
+
+#: agent/genkey.c:116
 #, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "パイプへの書き込みエラー: %s\n"
+msgid "error writing to temporary file: %s\n"
+msgstr "一時ファイルの書き込みエラー: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "新しいパスフレーズを入力してください"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "それでもこれを使います"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "パスフレーズが入力されませんでした!%0A空のパスフレーズは認められません。"
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -392,243 +363,254 @@ msgstr ""
 "パスフレーズが入力されませんでした - 通常これは良くない考えです!%0A鍵に何の保"
 "護も必要としないことを確認ください。"
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "はい、保護は必要ありません"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "パスフレーズは最低でも%u文字以上でなければなりません。"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 msgstr[0] "パスフレーズは最低でも%u文字の数字か特殊文字を含むべきです。"
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "パスフレーズには、よく知られている用語や特定のパターンにマッチするものは%%0A"
 "避けましょう。"
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "警告: 安全とは言えないパスフレーズが入力されました。"
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "それでもこれを使います"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "新しい鍵を保護するために、%0Aパスフレーズを入力してください。"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "新しいパスフレーズを入力してください"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
-msgstr "起動のために使われるオプション"
+msgstr "起動に使われるオプション"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "デーモン・モードで実行 (バックグラウンド)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "サーバ・モードで実行 (フォアグラウンド)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "スーパーバイズド・モードで実行"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "コンソールからデタッチしない"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh-形式のコマンド出力"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh-形式のコマンド出力"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|FILEからオプションを読み込みます"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "診断出力を制御するオプション"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "冗長"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "いくらかおとなしく"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|FILEにサーバ・モードのログを書き出す"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "コンフィグレーションを制御するオプション"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "SCdaemonを使わない"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|PGMをSCdaemonプログラムとして使う"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|PGMをSCdaemonプログラムとして使う"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|NAMEからのコマンドを受け付ける"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "TTYの変更要求を無視する"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "Xディスプレイの変更要求を無視する"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "sshサポートを有功にする"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|ssh署名の表示にALGOを使う"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "puttyサポートを有功にする"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "セキュリティを制御するオプション"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|N秒後に保持したPINを無効とする"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|N秒後にSSH鍵を無効とする"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|最大PINキャッシュ存続時間をN秒とする"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|最大SSH鍵存続時間をN秒とする"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "署名に対してPINの保持を使わない"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "外部のパスワードキャッシュの使用を認めない"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "クライアントが鍵に\"trusted\"マークをつけることを認めない"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "パスフレーズの事前設定を認める"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "パスワード・ポリシーの強制オプション"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "パスワード・ポリシーを迂回することを認めない"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|新しいパスフレーズの必要とする最低長をNとする"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 "|N|新しいパスフレーズとしてアルファベットでないキャラクタを最低N必要とする"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|新しいパスフレーズをFILEのパターンに対してチェックする"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|N日後にパスフレーズを期限切れとする"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "古いパスフレーズを再使用することを認めない"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr "PIN-Entryを制御するオプション"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
-msgstr "PIN-entry を決して使わない"
+msgstr "PIN-Entryを決して使わない"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "pinentryより優先してパスフレーズ入力を認めない"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "PIN-Entryにキーボードとマウスを占有させる"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|PGMをPIN入力プログラムとして使う"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|PinentryのタイムアウトをN秒とする"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "Emacsを通じてパスフレーズを催促することを認める"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "バグは <@EMAIL@> までご報告ください。\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "使い方: @GPG_AGENT@ [オプション] (ヘルプは -h)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -636,136 +618,131 @@ msgstr ""
 "形式: @GPG_AGENT@ [オプション] [コマンド [引数]]\n"
 "@GnuPG@の秘密鍵の管理\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "無効なdebug-level '%s'が与えられました\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "選択されたダイジェスト・アルゴリズムは、無効です\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "'%s' からオプションを読み込みます\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "注意: '%s'はオプションとは考えられません\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "ソケットが作成できません: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "ソケット名'%s'は長すぎます\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr "動作している %s からソケットを奪い取ります\n"
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agentは既に実行されています - 新しいものをスタートさせません\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "ソケットのナンス取得エラー\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "'%s'でソケットのバインドのエラー: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "'%s'の許可が設定できません: %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "ソケット'%s'でlisten\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "ディレクトリ'%s'が作成できません: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "ディレクトリ'%s'が作成されました\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "'%s'でstat()が失敗しました: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "'%s'をホーム・ディレクトリに使えません\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "fd %dでナンスの読み込みエラー: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "ハンドラ0x%lx (fd %d に対する)が開始\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "ハンドラ0x%lx (fd %d に対する)が終了\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh ハンドラ0x%lx (fd %d に対する)が開始\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh ハンドラ0x%lx (fd %d に対する)が終了\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselectに失敗しました: %s - 一秒待ちます\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s 停止しました\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "このセッションでgpg-agentは実行されていません\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -773,11 +750,11 @@ msgstr ""
 "@オプション:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "使い方: gpg-preset-passphrase [オプション] KEYGRIP (ヘルプは -h)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -785,8 +762,8 @@ msgstr ""
 "形式: gpg-preset-passphrase [オプション] KEYGRIP\n"
 "パスワードキャッシュの管理\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -794,8 +771,8 @@ msgstr ""
 "@コマンド:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -805,11 +782,11 @@ msgstr ""
 "オプション:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "使い方: gpg-protect-tool [オプション] (ヘルプは -h)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -817,16 +794,16 @@ msgstr ""
 "形式: gpg-protect-tool [オプション] [引数]\n"
 "秘密鍵管理ツール\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "パスフレーズを入力してください。PKCS#12オブジェクトを解除します。"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr ""
 "パスフレーズを入力してください。新しいPKCS#12オブジェクトを解除します。"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -834,7 +811,7 @@ msgstr ""
 "GnuPGシステムにインポートされたオブジェクトを保護するためにパスフレーズを入力"
 "してください"
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -842,53 +819,52 @@ msgstr ""
 "パスフレーズまたはPINを入力してください。\n"
 "この操作を完了するのに必要です。"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "キャンセルされました\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "パスフレーズを問い合わせする際、エラー: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "'%s'を開く際、エラー: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "ファイル'%s'(行 %d): %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "ステートメント \"%s\" は'%s'で無視されました(行 %d)\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "システム信用リスト'%s'が得られません\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "'%s'の不正なフィンガープリント (行 %d)\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "'%s'の無効な鍵フラグ(行 %d)\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "'%s'の読み込みエラー(行 %d): %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "信用されたルート証明書のリストの読み込みエラ−\n"
@@ -901,18 +877,18 @@ msgstr "信用されたルート証明書のリストの読み込みエラ−\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr "究極的にこれを信用し%%0A  \"%s\"%%0A正にユーザの証明書と保証しますか?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "はい"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "いいえ"
@@ -925,7 +901,7 @@ msgstr "いいえ"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -937,20 +913,20 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "正しい"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "誤り"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "注意: パスフレーズは変更されていません。%0A今、変更してください。"
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -959,26 +935,26 @@ msgstr ""
 "このパスフレーズは%.4s-%.2s-%.2sから変更されていません。%%0A今、変更してくだ"
 "さい。"
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "パスフレーズを変更する"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "後で変更する"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "本当にこの鍵: keygrip%%0A  %s%%0A  %%C%%0Aを削除しますか?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "鍵を削除する"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -986,92 +962,92 @@ msgstr ""
 "警告: この鍵はSSHの使用にもリストされています!\n"
 "この鍵を削除するとリモート・マシンのアクセスの能力を失うかもしれません。"
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSAは8ビットの倍数のハッシュ長を必要とします\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s 鍵は安全でない(%uビット)ハッシュを使用しています\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zuビットのハッシュは%uビットの%s鍵には無効です\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "作成された署名の検査に失敗しました: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "秘密部分が得られません\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "公開鍵アルゴリズム%d (%s)はサポートされていません\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "保護アルゴリズム%d (%s)はサポートされていません\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "保護ハッシュ・アルゴリズム%d (%s)はサポートされていません\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "パイプの作成エラー: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "パイプのストリーム作成エラー: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "プロセスforkエラー: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "プロセス%dの終了待ちが失敗: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "'%s'の実行エラー: おそらくインストールされていません\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "'%s'の実行エラー: exitステイタス %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "'%s'の実行エラー: 終了しました\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "プロセスの終了待ちが失敗: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "プロセス %d のexitコード取得エラー: %s\n"
@@ -1086,33 +1062,33 @@ msgstr "'%s'へ接続できません: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "gpg-agentオプションの設定の問題\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "コア・ダンプを無効にできません: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "警告: '%s'の安全でない所有 \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "警告: '%s'の安全でない許可 \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "ファイル'%s'がアクセスできるのを待ちます...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "'%s'から'%s'へ名前変更に失敗: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes"
 
@@ -1166,52 +1142,94 @@ msgstr "%luバイトの確保においてセキュア・メモリが足りませ
 msgid "out of core while allocating %lu bytes"
 msgstr "%luバイトの確保においてメモリが足りません"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "十分なメモリの確保のエラー: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 "%s:%u: \"%s\"は、使われなくなったオプションです - なんの効果もありません\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr ""
 "*警告*: \"%s%s\"は、使われなくなったオプションです - なんの効果もありません\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "不明のdebugフラグ'%s'は無視されました\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
-msgstr "%s の起動のため、%d秒待ちます...\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "dirmngrの起動のため、%d秒待ちます\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, c-format
-msgid "connection to %s established\n"
-msgstr "%s への接続が確立しました。\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "keyboxd の起動のため、%d秒待ちます...\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:351
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "gpg-agentが実行されていません - '%s'を開始します\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "agent の起動のため、%d秒待ちます...\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the dirmngr established\n"
+msgstr "dirmngrへの接続が確立しました\n"
+
+#: common/asshelp.c:366
+#, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "keyboxdへの接続が確立しました\n"
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr "agentへの接続が確立しました\n"
+
+#: common/asshelp.c:485
+#, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "%sが動いていません - 開始します'%s'\n"
+
+#: common/asshelp.c:588
+#, c-format
+msgid "connection to the agent is in restricted mode\n"
 msgstr "エージェントへの接続は制限モードです。\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "%s'からバージョン取得エラー: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "サーバ'%s'はこちらより古いです(%s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "*警告*: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれません。\n"
+
+#: common/asshelp.c:742
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "dirmngrが動いていません - 開始します'%s'\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "注意: \"%s\"コマンドを使って再起動してください。\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1281,7 +1299,7 @@ msgid "algorithm: %s"
 msgstr "アルゴリズム: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "サポートされていないアルゴリズム: %s"
@@ -1356,11 +1374,11 @@ msgstr "証明書のチェインは有効"
 msgid "Root certificate trustworthy"
 msgstr "信頼できるルート証明書"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "証明書に対するCRLがありません"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "利用できるCRLは古すぎます"
 
@@ -1397,7 +1415,7 @@ msgstr "'%s'のヘルプはありません。"
 msgid "ignoring garbage line"
 msgstr "ガベージ行を無視します"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[未設定]"
 
@@ -1406,127 +1424,25 @@ msgstr "[未設定]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "無効な64進文字%02Xをスキップしました\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
-msgstr "すみません、バッチモードです - 入力を得られません\n"
+msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
-msgstr "すみません、端末なしが要求されています - 入力を得られません\n"
+msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
-msgstr "エラーが多すぎます。あきらめます\n"
+msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
-msgstr "コントロールD が検出されました\n"
-
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "引数は期待されていません"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "読み込みエラー"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "キーワードが長すぎます"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "引数がありません"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "無効な引数"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "無効なコマンド"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "無効なエイリアス定義です"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "許可のエラー"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "メモリがありません"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "無効なメタコマンド"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "不明のメタコマンド"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "予期せぬメタコマンド"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "無効なオプション"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "オプション\"%.50s\"に引数がありません\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "オプション\"%.50s\"には無効な引数です\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "オプション\"%.50s\"は引数をとりません\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "無効なコマンド \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "オプション\"%.50s\"はあいまいです\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "コマンド\"%.50s\"はあいまいです\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "無効なオプション \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "注意: デフォルトのオプション・ファイル '%s' がありません\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "オプション・ファイル '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr "注意: オプション \"--%s\" をグローバルコンフィグのために無視してます\n"
+msgstr ""
 
 #: common/utf8conv.c:123
 #, c-format
@@ -1543,131 +1459,132 @@ msgstr "iconv_openに失敗しました: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "'%s'から'%s'への変換に失敗: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "一時ファイル'%s'が作成できません: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "'%s'の書き込みエラー: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "古い lockfile (%d により作成)を除去します\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "lockを待ちます (%d%s により保持) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(デッドロック?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "lock '%s' は作成されませんでした: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "lock %s を待ちます...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s が古すぎます (%s が必要、現在 %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "外装: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "無効な外装ヘッダー: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "外装ヘッダー: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "無効なクリア・テクスト署名ヘッダー\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "不明の外装ヘッダー: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "入れ子のクリア・テクスト署名\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "予期せぬ外装: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "無効なダッシュでエスケープされた行: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "無効な64進文字%02Xをスキップしました\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "ファイル末尾が早すぎます (CRCがありません)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "ファイル末尾が早すぎます (CRCの途中)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRCの書式が正しくありません\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRCエラー。%06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "ファイル末尾が早すぎます (後尾部の中にあります)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "後尾の行にエラーがあります\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "有効なOpenPGPデータが見つかりません。\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "無効な外装: 行の長さが%d文字を超えています\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1675,12 +1592,12 @@ msgstr ""
 "外装の中にquoted printable文字があります。おそらくバグのあるMTAが使われたので"
 "しょう\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ 人には読めません (%zuバイト: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1688,377 +1605,369 @@ msgid ""
 msgstr ""
 "注釈名には印字可能な文字か空白のみを使い、'='で終わらなければなりません\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "ユーザ注釈名は、'@'文字を含まなければなりません\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "ユーザ注釈名は、一つより大きい'@'文字を含んではなりません\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "注釈名の値に制御文字を使ってはいけません\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "ユーザ注釈名は、'='の文字を含んではなりません\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "注釈名には印字可能な文字か空白のみを使わなければなりません\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "*警告*: 無効な注釈データを発見\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "プロキシ%sのクライアントへの問い合わせが失敗しました\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "パスフレーズを入力: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "%s'からバージョン取得エラー: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "サーバ'%s'はこちらより古いです(%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "*警告*: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれません。\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%sは%sモードに準拠しません\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "注意: \"%s\"コマンドを使って再起動してください。\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "'%s'の読み込みエラー: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%sは%sモードに準拠しません\n"
+msgid "problem with the agent: %s\n"
+msgstr "エージェントに問題: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "このセッションでdirmngrは実行されていません\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
-msgstr "鍵サーバのオプション\"%s\"を%sモードで使うことはできません\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
+msgstr ""
+"鍵サーバのオプション\"honor-keyserver-url\"をTorモードで使うことはできませ"
+"ん\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKDはキャッシュされた結果を使います"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Torが動いていません"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Torが正しく設定されていません"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNSが正しく設定されていません"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "サーバからの受け容れることのできないHTTPりダイレクト"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "サーバからの受け容れることのできないHTTPりダイレクトは一掃しました"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "サーバは無効な証明書を使っています"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "注意: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGPカードが利用できません: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGPカードno. %sを検出\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "これはバッチ・モードではできません\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "このコマンドが使えるのはバージョン2のカードだけです\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "リセット・コードが(もはや)利用可能ではありません\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "あなたの選択は? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[未設定]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Mr."
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Ms."
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "強制なし"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "強制"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "エラー： 普通のASCIIだけが今、許可されています。\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "エラー: \"<\"文字は使えません。\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "エラー: 二重の空白は禁止です。\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "カード所有者の姓 (surname): "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "カード所有者の名 (given name): "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "エラー: つないだ名前が長すぎます (上限%d文字)。\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "公開鍵を取得するURL: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "'%s'の読み込みエラー: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "'%s'の書き込みエラー: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "ログイン・データ (アカウント名): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "プライベート DO データ: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "言語の優先指定: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "エラー: 優先指定の文字列の長さが無効です。\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "エラー: 優先指定の文字列に無効な文字があります。\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "敬称 (M = Mr., F = Ms., あるいは空白): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "エラー: 無効な応答。\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CAのフィンガープリント: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "エラー: 無効な形式のフィンガープリント。\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "鍵は操作できません: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "OpenPGPカードでありません"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "現行鍵情報の取得エラー: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "既存の鍵を置き換えしますか? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
-"注意: カードが要求された鍵長をサポートしているという保証はありません。\n"
-"      鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
-"      利用できる鍵長について確認ください。\n"
+"注意: カードが要求された鍵タイプや鍵長をサポートしているという保証はあり\n"
+"      ません。鍵生成が成功しない場合、あなたのカードに関する技術文書を\n"
+"      確認し、サポートされる鍵タイプや鍵長について確認ください。\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "鍵長は? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "%uビットに切り上げます\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s 鍵長は %u-%u の範囲でなければなりません\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "こちらのカード鍵の属性を変更します: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "署名鍵\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "暗号化鍵\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "認証鍵\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "ご希望の鍵の種類を選択してください:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "無効な選択です。\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "カードは、今、%uビットの鍵を生成するように再コンフィグされます\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 "カードは、今、こちらのタイプの鍵を生成するように再コンフィグされます: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "鍵%dの属性を変更する際にエラー: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "カード情報の取得エラー: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "このカードでは、このコマンドはサポートされていません。\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "暗号化鍵のカード外バックアップを作成しますか? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "注意: 秘密鍵はもうカードに保管してあります!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "既存の鍵を置き換えますか? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2069,185 +1978,196 @@ msgstr ""
 "   PIN = '%s'     管理者PIN = '%s'\n"
 "次のコマンドを使って変更すべきです --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "生成する鍵の型を選択してください:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) 署名鍵\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) 暗号化鍵\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) 認証鍵\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "鍵を保管する場所を選択してください:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARDが失敗しました: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "注意: このコマンドはカードに保管してあるすべての鍵を破壊します!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "続けますか? (y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "工場出荷リセットを行いますか? (本当なら \"yes\" と入力) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "KDF設定のエラー: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "UIF設定のエラー: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "このメニューを終了"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "管理コマンドを表示"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "このヘルプを表示"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "全有効データを表示"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "カード所有者の名前の変更"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "鍵を取得するURLの変更"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "カードURLで指定された鍵の取得"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "ログイン名の変更"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "言語の優先指定の変更"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "カード所有者の敬称の変更"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "CAフィンガープリントの変更"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "署名強制PINフラグを反転"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "新しい鍵を生成"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "PINブロックの解除や変更のメニュー"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "PINを確認しすべてのデータを表示する"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "PINをリセット・コードでブロックを解除する"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "すべての鍵とデータを破壊します"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
-msgstr "PIN認証のKDFを設定する"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
+msgstr "PIN認証のKDFを設定する (on/single/off)"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "鍵の属性の変更"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr "ユーザインタラクションフラグの変更"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "管理者専用コマンド\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "管理者コマンドが許可されています\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "管理者コマンドは禁止されています\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "無効なコマンド (\"help\"を参照)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "このコマンドで--outputは機能しません\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "'%s'が開けません\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "鍵\"%s\"が見つかりません: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "鍵ブロックの読み込みエラー: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "鍵\"%s\"が見つかりません\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(フィンガー・プリントで鍵を指定してない限り)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "\"--yes\"なしでバッチ・モードではできません\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(フィンガー・プリントで鍵を指定してない限り)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr "注意: 主鍵とすべての副鍵の公開鍵が削除されます。\n"
@@ -2285,9 +2205,9 @@ msgstr "鍵"
 msgid "subkey"
 msgstr "副鍵: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "更新に失敗しました: %s\n"
@@ -2312,61 +2232,71 @@ msgstr "この公開鍵に対する秘密鍵\"%s\"があります!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "まず\"--delete-secret-keys\"オプションでこれを削除してください。\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"*警告*: 共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "パスフレーズの作成エラー: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "S2Kモードのため、共通鍵ESKパケットを使えません\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
-msgstr "暗号方式 %s を使います\n"
+msgid "using cipher %s.%s\n"
+msgstr "暗号方式 %s.%s を使います\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "'%s'はもう圧縮済みです\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "*警告*: '%s'は空のファイルです\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "暗号アルゴリズム'%s'を暗号化に使うことはできません\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr "(オーバーライドするには、オプション\"%s\"を使います)\n"
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "暗号アルゴリズム'%s'を%sモードで使うことはできません\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "ダイジェスト・アルゴリズム'%s'を%sモードで使うことはできません\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "*警告*: 鍵%sは、%sモードでは、暗号化に適しません\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "'%s'から読み込み\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"*警告*: 共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "*警告*: 鍵%sは、%sモードでは、暗号化に適しません\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2374,96 +2304,42 @@ msgid ""
 msgstr ""
 "*警告*: 圧縮アルゴリズム %s (%d) の強制が、受取人の優先指定をそむきます\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s暗号化 受信者:\"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1159
+#, c-format
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
+msgstr "%s/%s.%s 暗号化 受信者:\"%s\"\n"
+
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "オプション'%s'を%sモードで使うことはできません\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "%s encrypted data\n"
-msgstr "%s暗号化済みデータ\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s.%s暗号化済みデータ\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "不明のアルゴリズム%dによる暗号化\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "*警告*: メッセージは共通鍵暗号方式の弱い鍵で暗号化されています。\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "暗号化パケットの取扱いで障害\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "遠隔プログラムの実行は、サポートしていません\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"オプション・ファイルの許可モードが安全ではないので、外部プログラムの呼出しは"
-"禁止となります。\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"このプラットホームだと、外部プログラムの呼出しには、一時ファイルが必要です\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "'%s'を実行できません: %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "シェル'%s'を実行できません: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "外部プログラムの呼出しでシステム・エラー: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "外部プログラムが、不自然に終了\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "外部プログラムを実行できません\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "外部プログラムの応答を読み込めません: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "*警告*: 一時ファイルを削除できません (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "*警告*: 一時ディレクトリ'%s'を削除できません: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "ローカルのみと指定された署名をエクスポートします"
@@ -2484,366 +2360,366 @@ msgstr "エクスポートの際、利用できない部分を除去する"
 msgid "remove as much as possible from key during export"
 msgstr "エクスポートの際、できるだけ除去する"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "GnuPGの鍵のバックアップフォーマットを使います"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - スキップされました"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "'%s'への書き込み\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "鍵%s: 鍵はカード上にあります - スキップします\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "秘密鍵のエクスポートは認められません\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "鍵%s: PGP 2.x形式の鍵です - スキップします\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "*警告*: 何もエクスポートされていません\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "'%s'の作成エラー: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[ユーザIDが見つかりません]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "'%s'を %s から自動取得\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "'%s'を %s から取得する際のエラー: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "フィンガープリントがありません"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "%s から失効した鍵の新しいコピーを確認します。\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "秘密鍵\"%s\"が見つかりません: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(オプション'%s'の引数を確認ください)\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "警告: デフォルトの秘密鍵として '%s' を用いません: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "デフォルトの署名用の秘密鍵として\"%s\"を用います\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "'%s'に渡されたすべての値は無視されました\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "--allow-non-selfsigned-uidで有効にされた無効な鍵%sです\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "副鍵%s(主鍵%sではなく)を用います\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "オプション'%s'に有効な値:\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "署名を作成"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "クリア・テクスト署名を作成"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "分遣署名を作成"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "データを暗号化"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "暗号化には共通鍵暗号方式のみを使用"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "データを復号 (デフォルト)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "署名を検証"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "鍵の一覧"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "鍵と署名の一覧"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "鍵署名の検査と一覧"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "鍵とフィンガープリントの一覧"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "秘密鍵の一覧"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "新しい鍵ペアを生成"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "すばやく新しい鍵ペアを生成"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "すばやく新しいユーザIDを追加"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "すばやくユーザIDを失効"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "すばやく新しい有効期限を設定"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "全機能の鍵ペアを生成"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "失効証明書を生成"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "公開鍵リングから鍵を削除"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "秘密鍵リングから鍵を削除"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "すばやく鍵に署名"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "すばやく鍵へローカルに署名"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "すばやく鍵への署名を失効"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "鍵に署名"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "鍵へローカルに署名"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "鍵への署名や編集"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "パスフレーズの変更"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "鍵をエクスポートする"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "鍵サーバに鍵をエクスポートする"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "鍵サーバから鍵をインポートする"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "鍵サーバの鍵を検索する"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "鍵サーバから鍵を全部更新する"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "鍵のインポート/マージ"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "カード・ステイタスを表示"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "カードのデータを変更"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "カードのPINを変更"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "信用データベースを更新"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "メッセージ・ダイジェストを表示"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "サーバ・モードで実行"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|TOFUポリシーを鍵に設定する"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|デフォルトの秘密鍵としてNAMEを用いる"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|ユーザID NAMEにも暗号化する"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|電子メールエイリアスを設定する"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "厳密なOpenPGPの振舞を採用"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "無変更"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "上書き前に確認"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr "入力を制御するオプション"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr "出力を制御するオプション"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "ASCII形式の外装を作成"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|出力をFILEに書き出す"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "正準テキスト・モードを使用"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|圧縮レベルをNに設定 (0は非圧縮)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr "鍵のインポートとエクスポートを制御するオプション"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|メールアドレスによって鍵を特定する際、MECHANISMSを使用する"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "署名から手元にない鍵をインポートする"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "署名に公開鍵を含める"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "dirmngrへのすべてのアクセスを無効とする"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
-msgstr "鍵のリスティングを制御するオプション"
+msgstr "鍵のリスティングをを制御するオプション"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
 msgstr "鍵を指定するオプション"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|USER-ID用に暗号化"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|署名や復号にこのUSER-IDを使用"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
-msgstr "無人(unattended)使用のためのオプション"
+msgstr "無人使用のためのオプション"
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr "そのほかのオプション"
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2851,7 +2727,7 @@ msgstr ""
 "@\n"
 "(コマンドとオプション全部の一覧は、マニュアル・ページをご覧ください)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2871,11 +2747,11 @@ msgstr ""
 " --list-keys [名前]         鍵を表示\n"
 " --fingerprint [名前]       フィンガープリントを表示\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "使い方: @GPG@ [オプション] [ファイル] (ヘルプは -h)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2885,7 +2761,7 @@ msgstr ""
 "署名、検査、暗号化または復号\n"
 "デフォルトの操作は、入力データに依存\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2893,541 +2769,553 @@ msgstr ""
 "\n"
 "サポートしているアルゴリズム:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "公開鍵: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "暗号方式: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "ハッシュ: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "圧縮: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "使い方: %s [オプション] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "対立するコマンド\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "=記号が、グループ定義'%s'内に見つかりません\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "*警告*: homedir '%s'の安全でない所有\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "*警告*: コンフィグレーション・ファイル'%s'の安全でない所有\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "*警告*: 拡張'%s'の安全でない所有\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "*警告*: homedir '%s'の安全でない許可\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "*警告*: コンフィグレーション・ファイル'%s'の安全でない許可\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "*警告*: 拡張'%s'の安全でない許可\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "*警告*: homedir '%s'の安全でない上位ディレクトリ所有\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 "*警告*: コンフィグレーション・ファイル'%s'の安全でない上位ディレクトリ所有\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "*警告*: 拡張'%s'の安全でない上位ディレクトリ所有\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "*警告*: homedir '%s'の安全でない上位ディレクトリ許可\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr ""
 "*警告*: コンフィグレーション・ファイル'%s'の安全でない上位ディレクトリ許可\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "*警告*: 拡張'%s'の安全でない上位ディレクトリ許可\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "不明のコンフィグレーション項目'%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "鍵の一覧時にフォトIDを表示する"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "鍵の一覧時に鍵の使い方の情報を表示する"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "署名の一覧時にポリシーURLを表示する"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "署名の一覧時にすべての注釈を表示する"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "署名の一覧時にIETF標準注釈を表示する"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "署名の一覧時にユーザの注釈を表示する"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "署名の一覧時に優先鍵サーバURLを表示する"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "鍵の一覧時にユーザIDの有効性を表示する"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "鍵の一覧に失効したユーザID、期限切れとなったユーザIDを表示する"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "鍵の一覧に失効した副鍵、期限切れとなった副鍵を表示する"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "鍵の一覧に鍵リングの名前を表示する"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "署名の一覧時に有効期限の日付を表示する"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "不明のTOFUポリシー'%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(選択肢の一覧には\"help\"を使ってください)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "%sモードでこのコマンドは禁止です。\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "注意: 普通%sは使いません!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s'は、有効な署名表現ではありません\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "\"%s\"は正しいメール・アドレスではありません\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "無効な pinentry mode '%s'です\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "無効な送信元要求 '%s' です\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s'は、有効な文字集合ではありません\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "鍵サーバのURLを解析不能\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: 無効な鍵サーバ・オプションです\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "無効な鍵サーバ・オプションです\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: 無効なインポート・オプションです\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "無効なインポート・オプションです\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "無効なフィルタ・オプションです: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: 無効なエクスポート・オプションです\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "無効なエクスポート・オプションです\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: 無効な一覧オプションです\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "無効な一覧オプションです\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "署名の検証時にフォトIDを表示する"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "署名の検証時にポリシーURLを表示する"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "署名の検証時にすべての注釈を表示する"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "署名の検証時にIETF標準注釈を表示する"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "署名の検証時にユーザの注釈を表示する"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "署名の検証時に優先鍵サーバURLを表示する"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "署名の検証時にユーザIDの有効性を表示する"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "署名の検証時に失効したユーザID、期限切れとなったユーザIDを表示する"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "署名の検証時にプライマリ・ユーザIDだけをを表示する"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "PKAデータで署名を検証する"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "有効なPKAデータで署名の信用度を上昇させる"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: 無効な検証オプションです\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "無効な検証オプションです\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "exec-pathを%sに設定不能\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: 無効な auto-key-locate リストです\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "無効な auto-key-locate リストです\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "オプション\"%.50s\"には無効な引数です\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "*警告*: プログラムはcoreファイルを作成することがあります!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "*警告*: %sは%sより優先\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%sは%sとともに使うことはできません!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%sは%sとともに使っても無意味です!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "*警告*: ニセモノのシステム時刻で実行しています: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "%s のため、セキュアでないメモリで実行しません\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
-msgstr "選択された暗号アルゴリズムは、無効です\n"
+msgstr "選択された暗号アルゴリズムは無効です\n"
+
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "選択されたAEADアルゴリズムは無効です\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
-msgstr "選択された圧縮アルゴリズムは、無効です\n"
+msgstr "選択された圧縮アルゴリズムは無効です\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
-msgstr "選択された証明書ダイジェスト・アルゴリズムは、無効です\n"
+msgstr "選択された証明書ダイジェスト・アルゴリズムは無効です\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-neededは正の値が必要です\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-neededは1より大きな値が必要です\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depthは1から255の範囲でなければなりません\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "無効なdefault-cert-level。0か1か2か3でなければなりません\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "無効なmin-cert-level。0か1か2か3でなければなりません\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "注意: 単純なS2Kモード(0)の使用には強く反対します\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "無効なS2Kモード。0か1か3でなければなりません\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "無効なデフォルトの優先指定\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "無効な個人用暗号方式の優先指定\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "無効な個人用AEAD方式の優先指定\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "無効な個人用ダイジェストの優先指定\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "無効な個人用圧縮の優先指定\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr "無効なチャンク長 - %dビットにします\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%sは%sではまだ機能しません\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "AEADアルゴリズム'%s'を%sモードで使うことはできません\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "圧縮アルゴリズム'%s'を%sモードで使うことはできません\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "信用データベースの初期化に失敗しました: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "*警告*: 公開鍵暗号を使わずに、受取人 (-r) を指定しています\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "'%s'の共通鍵暗号に失敗しました: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --encryptを--s2k-mode 0で使うことはできません\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "--symmetric --encryptを%sモードで使うことはできません\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --sign --encryptを--s2k-mode 0で使うことはできません\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "--symmetric --sign --encryptを%sモードで使うことはできません\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "鍵サーバへの送信に失敗しました: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "鍵サーバからの受信に失敗しました: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "鍵のエクスポートに失敗しました: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "ssh鍵としてのエクスポートに失敗しました: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "鍵サーバの検索に失敗しました: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "鍵サーバの更新に失敗しました: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "外装除去に失敗しました: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "外装に失敗しました: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "無効なハッシュ・アルゴリズム'%s'です\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "鍵指定'%s'の構文解析エラー: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "'%s'は有効な鍵ID, フィンガープリント、keygripではないようです。\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 "*警告*: コマンドが指定されていません。なにを意味しているのか当ててみま"
 "す ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "開始します。メッセージを打ってください ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "あたえられた証明書ポリシーURLは無効です\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "あたえられた署名ポリシーURLは無効です\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "指定された優先鍵サーバURLは無効です\n"
@@ -3440,7 +3328,7 @@ msgstr "|FILE|鍵リングFILEの鍵を扱います"
 msgid "make timestamp conflicts only a warning"
 msgstr "日時の矛盾を警告だけにします"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|このFDにステイタス情報を書き出す"
 
@@ -3486,128 +3374,136 @@ msgid "do not update the trustdb after import"
 msgstr "インポート後、信用データベースを更新しない"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr "バルクのインポートモードを有効にする"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "インポートの際、鍵を表示"
 
-#: g10/import.c:184
+#: g10/import.c:187
+msgid "show key but do not actually import"
+msgstr "鍵を表示するが実際にはインポートしない"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "既存の鍵に対する更新のみ認めます"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "インポート後、利用できない部分を鍵から除去します"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "インポート後、できるだけ除去します"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "自己署名ではない鍵への署名は無視します"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "インポート・フィルタを実行し鍵をすぐにエクスポートします"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "GnuPGの鍵のバックアップフォーマットを仮定します"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "インポートの際、鍵を修復する"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "型%dのブロックをスキップします\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "これまで%lu個の鍵を処理\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "          処理数の合計: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "   スキップしたPGP-2鍵: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "  スキップした新しい鍵: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          ユーザIDなし: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "            インポート: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "              変更なし: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "        新しいユーザID: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "            新しい副鍵: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "            新しい署名: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "        新しい鍵の失効: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      秘密鍵の読み込み: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "    秘密鍵のインポート: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "        無変更の秘密鍵: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          未インポート: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "        掃除された署名: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "    掃除されたユーザID: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3616,166 +3512,171 @@ msgstr ""
 "*警告*: 鍵%sには、これらのユーザIDに対して使用不可のアルゴリズムの優先指定が"
 "あります\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": 暗号アルゴリズムの優先指定 %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": AEADアルゴリズムの優先指定 %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": ダイジェスト・アルゴリズムの優先指定 %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": 圧縮アルゴリズムの優先指定 %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "あなたの優先指定を更新し、この鍵を再配布することが強く推奨されます\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr "それによって、潜在的なアルゴリズム不一致の問題を避けられます\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "以下で、優先指定を更新できます: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "鍵%s: ユーザIDがありません\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "鍵  %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "インポートの検査で拒否されました"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "鍵%s: PKSの副鍵変造を修復\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "鍵%s: 受理した未自己署名のユーザID\"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "鍵%s: 有効なユーザIDがありません\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "これはおそらく自己署名のないせいでしょう\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "鍵%s: 公開鍵が見つかりません: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "鍵%s: 新しい鍵です - スキップします\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "書き込み可能な鍵リングが見つかりません: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "鍵リング'%s'の書き込みエラー: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "鍵%s: 公開鍵\"%s\"をインポートしました\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "鍵%s: こちらの複製と合いません\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "鍵%s: \"%s\" 新しいユーザIDを1個\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "鍵%s: \"%s\" 新しいユーザIDを%d個\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "鍵%s: \"%s\" 新しい署名を1個\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "鍵%s: \"%s\" 新しい署名を%d個\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "鍵%s: \"%s\" 新しい副鍵を1個\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "鍵%s: \"%s\" 新しい副鍵を%d個\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "鍵%s: \"%s\" %d個の署名をきれいにしました\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "鍵%s: \"%s\" %d個の署名をきれいにしました\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "鍵%s: \"%s\" %d個のユーザIDをきれいにしました\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "鍵%s: \"%s\" %d個のユーザIDをきれいにしました\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "鍵%s:\"%s\"変更なし\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "鍵%s: 秘密鍵をインポートしました\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "鍵 %s: 秘密鍵はもうあります\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "鍵 %s: エージェントへの送信エラー: %s\n"
@@ -3788,197 +3689,203 @@ msgstr "鍵 %s: エージェントへの送信エラー: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "'%s'の移行には、スマードカードそれぞれで、以下を実行してください: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "秘密鍵 %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "秘密鍵のインポートは禁止です\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "鍵%s: 無効な暗号方式%dの秘密鍵です - スキップします\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "理由は指定されていません"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "鍵がとりかわっています"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "鍵(の信頼性)が損なわれています"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "鍵はもはや使われていません"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "ユーザIDがもはや有効でありません"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "失効理由: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "失効のコメント: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "鍵%s: 公開鍵がありません - 失効証明書を適用できません\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "鍵%s: 元の鍵ブロックに位置づけできません: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "鍵%s: 元の鍵ブロックを読み込めません: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "鍵%s: 無効な失効証明書: %s - 拒否\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "鍵%s:\"%s\"失効証明書をインポートしました\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "鍵%s: 署名に対応するユーザIDがありません\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "鍵%s: ユーザID\"%s\"のサポートしていない公開鍵アルゴリズムです\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "鍵%s: ユーザID\"%s\"の自己署名が、無効です\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "鍵%s: サポートしていない公開鍵アルゴリズムです\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "鍵%s: 無効な直接鍵署名\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "鍵%s: 鍵に対応する副鍵がありません\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "鍵%s: 無効な副鍵の対応です\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "鍵%s: 多重副鍵の対応を削除します\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "鍵%s: 鍵失効に対する副鍵がありません\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "鍵%s: 無効な副鍵失効です\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "鍵%s: 無効な副鍵の多重失効を削除します\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "鍵%s: スキップしたユーザID\"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "鍵%s: スキップした副鍵\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "鍵%s: エクスポート不可な署名 (クラス0x%02X) - スキップします\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "鍵%s: 失効証明書が誤って設定されています - スキップします\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "鍵%s: 無効な失効証明書: %s - スキップします\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "鍵%s: 副鍵署名の場所が、誤っています - スキップします\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "鍵%s: 予期せぬ署名クラス (0x%02X) - スキップします\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "鍵%s: 重複したユーザIDの検出 - マージ\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "鍵%s: 重複した副鍵の検出 - マージ\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "*警告*: 鍵%sは失効されたかもしれません: 失効鍵%sを取ってきます\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "*警告*: 鍵%sは失効されたかもしれません: 失効鍵%sが存在しません。\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "鍵%s:\"%s\"失効証明書の追加\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "鍵%s: 直接鍵署名を追加\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "メモリの確保のエラー: %s\n"
@@ -3999,36 +3906,36 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr "(順番を変えた署名が続きます)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "鍵  %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d個の重複した署名が除去されました\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "鍵がないため%d個の署名は検査しません\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d個の不正な署名\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d個の正しい署名\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4037,37 +3944,32 @@ msgstr ""
 "警告: エラーがあり、自己署名だけ確認しました。'%s'を実行してすべての署名を確"
 "認ください。\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "keybox'%s'の作成エラー: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "鍵リング'%s'の作成エラー: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "keybox'%s'が作成されました\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "鍵リング'%s'ができました\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "keyblock リソース'%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "鍵DBを開く際のエラー: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "鍵リング・キャッシュの再構築に失敗しました: %s\n"
@@ -4080,7 +3982,7 @@ msgstr "[失効]"
 msgid "[self-signature]"
 msgstr "[自己署名]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4091,12 +3993,12 @@ msgstr ""
 "(パスポートを見せてもらったり、他から得たフィンガープリントを検査したり、など"
 "など)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = まぁまぁ信用する\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = 充分に信用する\n"
@@ -4125,12 +4027,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "ユーザID\"%s\"は、失効されています。"
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "それでもこの鍵に署名したいですか? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  署名不能。\n"
 
@@ -4302,188 +4204,192 @@ msgstr "この鍵は、かなり注意して検査しました。\n"
 msgid "Really sign? (y/N) "
 msgstr "本当に署名しますか? (y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "署名に失敗しました: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "鍵にはスタブあるいはカード上の項目しかありません - パスフレーズは変更されませ"
 "ん。\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "鍵 %s: パスフレーズの変更エラー: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "保存して終了"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "鍵のフィンガープリントを表示"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "keygripを表示"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "鍵とユーザIDの一覧"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "ユーザID Nの選択"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "副鍵Nの選択"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "署名の確認"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "選択したユーザIDに署名する [* 以下の関連コマンドを参照 ]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "選択したユーザIDにローカルに署名"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "選択したユーザIDに信用署名を署名する"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "選択したユーザIDに失効不可の署名をする"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "ユーザIDの追加"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "フォトIDの追加"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "選択したユーザIDの削除"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "副鍵を追加"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "スマートカードへ鍵の追加"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "鍵をスマートカードへ移動"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "バックアップ鍵をスマートカードへ移動"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "選択した副鍵の削除"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "失効鍵の追加"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "選択したユーザIDから署名を削除する"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "鍵または選択した副鍵の有効期限を変更する"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "選択したユーザIDを主にする"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "優先指定の一覧 (エキスパート)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "優先指定の一覧 (冗長)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "選択したユーザIDに優先指定リストを設定"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "選択したユーザIDに優先鍵サーバのURLを設定"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "選択したユーザIDに注釈を設定する"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "パスフレーズの変更"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "所有者信用の変更"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "選択したユーザIDの署名を失効"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "選択したユーザIDの失効"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "鍵の失効または選択した副鍵の失効"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "鍵を有効にする"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "鍵を無効にする"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "選択したフォトIDを表示"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "使えないユーザIDをコンパクトにし、使えない署名を鍵から除去"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "使えないユーザIDをコンパクトにし、すべての署名を鍵から除去"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "秘密鍵が利用できます。\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "秘密副鍵が利用できます。\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "この実行には秘密鍵がいります。\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4494,284 +4400,289 @@ msgstr ""
 "  't' で始まると信用署名 (tsign)、'nr' で始まると失効不可署名\n"
 "  (nrsign)、もしくはこれらの組み合わせ (ltsign, tnrsign, など)となります。\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "鍵は、失効されています。"
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "本当に全てのテキストユーザIDに署名しますか? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "本当に全ユーザIDに署名しますか? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "ヒント: まず署名するユーザIDを選択します\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "不明の署名タイプ'%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "%sモードでこのコマンドは禁止です。\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "ユーザIDを少なくともひとつ選択してください。\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "('%s'コマンドを使用してください。)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "最後のユーザIDは削除できません!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "選択した全ユーザIDを本当に削除しますか? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "このユーザIDを本当に削除しますか? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "この主鍵を本当に移動しますか? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "鍵をきっかり1つ選択してください。\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "コマンドはファイル名の引数を期待します\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "'%s'が開けません: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "バックアップ鍵を'%s'から読み込みする際のエラー: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "鍵を少なくとも1本選択してください。\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "選択した鍵を本当に削除しますか? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "この鍵を本当に削除しますか? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "選択した全ユーザIDを本当に失効しますか? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "このユーザIDを本当に失効しますか? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "この鍵全体を本当に失効しますか? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "選択した副鍵を本当に失効しますか? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "この副鍵を本当に失効しますか? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "ユーザが指定した信用データベースを利用中、所有者信用は設定できません。\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "優先指定の一覧を設定:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "選択したユーザIDの優先指定を本当に更新しますか? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "優先指定を本当に更新しますか? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "変更を保存しますか? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "保存せずに終了しますか? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "鍵は無変更なので更新は不要です。\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "最後の有効なユーザIDは失効できません。\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "ユーザIDの失効に失敗しました: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "プライマリ・ユーザIDの設定に失敗しました: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\"はフィンガープリントではありません\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "\"%s\" はプライマリ・フィンガープリントではありません\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "無効なユーザID '%s': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "マッチするユーザIDはありません。"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "署名するものがありません。\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "あなたによって署名されていません。\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "鍵の署名の失効に失敗しました: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s'は、有効な有効期限ではありません\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\"は正しいフィンガープリントではありません\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "副鍵\"%s\"が見つかりません\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "ダイジェスト: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "機能: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "鍵サーバ 修正しない"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "優先鍵サーバ: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "注釈: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x形式ユーザIDの優先指定が、ありません。\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "%sで%s鍵%sによって以下の鍵は、失効されました\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "この鍵は、%s鍵%sによって失効可能です"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(機密指定)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "作成: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "失効: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "期限切れ: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "有効期限: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "利用法: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "カード番号: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "信用: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "有効性: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "この鍵は使用禁止に設定されています"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4779,17 +4690,17 @@ msgstr ""
 "プログラムを再起動するまで、表示された鍵の有効性は正しくないかもしれない、\n"
 "ということを念頭においてください。\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "失効"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "期限切れ"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4798,17 +4709,17 @@ msgstr ""
 "*警告*: 主たるユーザIDがありません。このコマンドは、別な\n"
 "              ユーザIDが主になると仮定する場合があります。\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "*警告*: あなたの暗号副鍵はもうすぐ期限切れとなります。\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "その有効期限も変更したいでしょう\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4818,70 +4729,70 @@ msgstr ""
 "は、\n"
 "        この鍵を拒否するかもしれません。\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "それでも追加したいですか? (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "PGP2形式の鍵にはフォトIDを追加できません。\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "そういったユーザIDはすでにこの鍵に存在しています!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "この正しい署名を削除しますか? (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "この無効な署名を削除しますか? (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "この不明の署名を削除しますか? (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "この自己署名を本当に削除しますか? (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d個の署名を削除しました。\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "何も削除していません。\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "無効"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "ユーザID \"%s\" は、コンパクトになりました: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "ユーザID \"%s\": %d の署名が除去されました\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "ユーザID \"%s\": 既に最小化されています\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "ユーザID \"%s\": 既にクリーンとなっています\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4891,270 +4802,275 @@ msgstr ""
 "では、\n"
 "        この鍵を拒否するかもしれません。\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "PGP 2.x形式の鍵には指名失効者を追加できません。\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "指名失効者のユーザIDを入力してください: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "PGP 2.x形式の鍵は、指名失効者に任命できません\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "指名失効者には、その鍵自体を任命できません\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "この鍵は失効者としてもう指名されています\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "*警告*: ある鍵を指名失効者に設定すると、元に戻せません!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "本当にこの鍵を指名失効者に任命しますか? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "本当に複数の副鍵の失効期限を変更しますか? (y/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "副鍵の有効期限を変更します。\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "主鍵の有効期限を変更します。\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "v3鍵の有効期限は変更できません\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "副鍵の使用法を変更します。\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "主鍵の使用法を変更します。\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "署名する副鍵%sはすでに相互証明されています\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "副鍵 %s は署名をしないので、相互証明の必要はありません\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "ユーザIDをきっかりひとつ選択してください。\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "ユーザID\"%s\"のv3自己署名をスキップします\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "優先鍵サーバURLを入力してください: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "本当に置き換えたいですか? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "本当に削除したいですか? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "注釈を入力: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "進みますか? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "%d番のユーザIDはありません\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "ハッシュ%sのユーザIDはありません\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "鍵ID'%s'の副鍵はありません\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "%d番の副鍵はありません\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ユーザID:\"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "%sで%s%s%sに署名されています\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (エクスポート不可)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "この署名は%sで期限切れです。\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "それでも本当に失効したいですか? (y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "この署名に対する失効証明書を作成しますか? (y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "これらのユーザIDに鍵%sで署名しました:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (失効不可)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "あなたの鍵%sで%sに失効されています\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "これらの署名を失効しようとしています:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "失効証明書を本当に作成しますか? (y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "秘密鍵がありません\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "ユーザIDでないものを失効しようとしました: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "ユーザID\"%s\"は、もう失効されています\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "*警告*: ユーザID署名が、%d秒未来です\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "最後の有効なユーザIDは失効できません。\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "鍵 %s は、もう失効されています。\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "副鍵 %s は、もう失効されています。\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "%s (大きさ%ld) の鍵%s (uid %d) のフォトIDとして表示\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "オプション'%s'に無効な値です\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "優先指定'%s'の重複\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "暗号方式の優先指定が多すぎます\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "ダイジェストの優先指定が多すぎます\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "圧縮の優先指定が多すぎます\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr "AEAD方式の優先指定が多すぎます\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "優先指定の文字列に無効な項目'%s'があります\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "直接署名を書き込みます\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "自己署名を書き込みます\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "鍵対応への署名を書き込みます\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "無効な鍵長。%uビットにします\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "鍵長を%uビットに丸めます\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5162,19 +5078,19 @@ msgstr ""
 "*警告*: いくつかのOpenPGPプログラムはこのダイジェスト長のDSA鍵を扱うことがで"
 "きません\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certify"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Encrypt"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Authenticate"
 
@@ -5188,161 +5104,166 @@ msgstr "Authenticate"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
-msgstr "鍵%sに認められた操作: "
+msgid "Possible actions for this %s key: "
+msgstr "この%s鍵にありうる操作: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "現在の認められた操作: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) 署名機能を反転する\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) 暗号機能を反転する\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) 認証機能を反転する\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) 完了\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
-msgstr "   (%d) RSA と RSA (デフォルト)\n"
+msgid "   (%d) RSA and RSA%s\n"
+msgstr "   (%d) RSA と RSA%s\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
-msgstr "   (%d) DSA と Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
+msgstr "   (%d) DSA と Elgamal%s\n"
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
-msgstr "   (%d) DSA (署名のみ)\n"
+msgid "   (%d) DSA (sign only)%s\n"
+msgstr "   (%d) DSA (署名のみ)%s\n"
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
-msgstr "   (%d) RSA (署名のみ)\n"
+msgid "   (%d) RSA (sign only)%s\n"
+msgstr "   (%d) RSA (署名のみ)%s\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
-msgstr "   (%d) Elgamal (暗号化のみ)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
+msgstr "   (%d) Elgamal (暗号化のみ)%s\n"
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
-msgstr "   (%d) RSA (暗号化のみ)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
+msgstr "   (%d) RSA (暗号化のみ)%s\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
-msgstr "   (%d) DSA (機能をあなた自身で設定)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
+msgstr "   (%d) DSA (機能をあなた自身で設定)%s\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
-msgstr "   (%d) RSA (機能をあなた自身で設定)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
+msgstr "   (%d) RSA (機能をあなた自身で設定)%s\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC と ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ECC (署名と暗号化)%s\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr " *デフォルト"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (署名のみ)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "  (%d) ECC (機能をあなた自身で設定)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
+msgstr "  (%d) ECC (機能をあなた自身で設定)%s\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
-msgstr "  (%d) ECC (暗号化のみ)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
+msgstr "  (%d) ECC (暗号化のみ)%s\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
-msgstr "  (%d) 既存の鍵\n"
+msgid "  (%d) Existing key%s\n"
+msgstr "  (%d) 既存の鍵%s\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
-msgstr "  (%d) カードに存在する鍵\n"
+msgid "  (%d) Existing key from card%s\n"
+msgstr "  (%d) カードに存在する鍵%s\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "keygripを入力: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "有効なkeygrip (40桁の16進数字)ではありません\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "このkeygripの鍵はありません\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "カードの読み込みエラー: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "カードのシリアル番号: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "利用可能な鍵:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "%uビットに切り上げます\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s 鍵は %u から %u ビットの長さで可能です。\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "副鍵の鍵長は? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "要求された鍵長は%uビット\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "ご希望の楕円曲線を選択してください:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5358,7 +5279,7 @@ msgstr ""
 "      <n>m = 鍵は n か月間で期限切れ\n"
 "      <n>y = 鍵は n 年間で期限切れ\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5374,38 +5295,38 @@ msgstr ""
 "      <n>m = 署名は n か月間で期限切れ\n"
 "      <n>y = 署名は n 年間で期限切れ\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "鍵の有効期間は? (0)"
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "署名の有効期間は? (%s)"
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "無効な値\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "鍵は無期限です\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "署名は無期限です\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "鍵は%sで期限切れとなります\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "署名は%sで期限切れとなります\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5413,11 +5334,11 @@ msgstr ""
 "このシステムでは、2038年以降の日付を表示することはできませんが、\n"
 "2106年まで正しく処理されます。\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "これで正しいですか? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5431,7 +5352,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5447,49 +5368,49 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "本名: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "名前に無効な文字があります\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "キャラクタ'%s'と'%s'は名前に使えません\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "名前を数字で始めてはいけません\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "名前は5文字以上でなければなりません\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "電子メール・アドレス: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "有効な電子メール・アドレスではありません\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "コメント: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "コメントに無効な文字があります\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "あなたは文字集合'%s'を使っています。\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5500,7 +5421,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "電子メールのアドレスを本名やコメントに入れないように\n"
 
@@ -5515,31 +5436,31 @@ msgstr "電子メールのアドレスを本名やコメントに入れないよ
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "名前(N)、コメント(C)、電子メール(E)の変更、または終了(Q)? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "名前(N)、コメント(C)、電子メール(E)の変更、またはOK(O)か終了(Q)? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "名前(N)、電子メール(E)の変更、または終了(Q)? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "名前(N)、電子メール(E)の変更、またはOK(O)か終了(Q)? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "まずエラーを修正してください\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5550,13 +5471,13 @@ msgstr ""
 "す、ディスクにアクセスするなどの他の操作を素数生成の間に行うことで、乱数生\n"
 "成器に十分なエントロピーを供給する機会を与えることができます。\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "鍵の生成に失敗しました: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5567,64 +5488,64 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "続けますか? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "\"%s\" の鍵はもうあります\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "それでも鍵を作成しますか? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "いずれにしろ鍵を作成\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "注意: 全機能の鍵生成には \"%s %s\" を使います。\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "鍵の生成が取り消されました。\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "バックアップ・ファイル'%s'が作成できません: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "注意: カード鍵のバックアップが'%s'へ保存されます\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "'%s'へ公開鍵を書き込みます\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "書き込み可能な公開鍵リングが見つかりません: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "公開鍵リング'%s'の書き込みエラー: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "公開鍵と秘密鍵を作成し、署名しました。\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5632,584 +5553,590 @@ msgstr ""
 "この鍵は暗号化には使用できないことに注意してください。暗号化を行うには、\n"
 "\"--edit-key\"コマンドを使って副鍵を生成してください。\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr "鍵は%lu秒未来にできました (時間歪曲か時計の障害でしょう)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr "鍵は%lu秒未来にできました (時間歪曲か時計の障害でしょう)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "注意: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "主鍵の秘密部分が利用できません。\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "主鍵の秘密部分はカード上に保存されています。\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "本当に作成しますか? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "無期限    "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "クリティカルな署名ポリシー: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "署名ポリシー: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "クリティカルな優先鍵サーバ: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "クリティカルな署名注釈: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "署名注釈: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "正しい署名%d個\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "エラーのため%d個の署名を検査しません\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "警告: %lu個の鍵がその大きさのためスキップされました\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "鍵リング"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr " 主鍵フィンガープリント:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr " 副鍵フィンガープリント:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "  主鍵フィンガープリント:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "  副鍵フィンガープリント:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "   フィンガープリント ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "   カードシリアル番号 ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "鍵リング'%s'をキャッシュします\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "これまで%lu個の鍵をキャッシュしました (%lu個の署名)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu個の鍵をキャッシュしました"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu個の不正な署名)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: 鍵リングができました\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "dirmngrのプロキシ・オプション設定を押し切る"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "失効した鍵を検索結果に含める"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "key IDによる検索に副鍵も含める"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "dirmngrのタイムアウト・オプション設定を押し切る"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "署名の検証時に自動的に鍵を取得する"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "鍵に設定される優先鍵サーバURLを与える"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "鍵に設定されたPKAレコードを鍵の取得時に与える"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "使用禁止"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "番号(s)、N)次、またはQ)中止を入力してください >"
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "無効な鍵サーバ・プロトコルです (us %d!=handler %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\"鍵IDではありません: スキップします\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "%d本の鍵を%sから更新\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "*警告*: 鍵%sを%s経由で更新できません: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "鍵\"%s\"が鍵サーバに見つかりません\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "鍵が鍵サーバに見つかりません\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "鍵%sを%sからサーバ%sに要求\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "鍵%sを%sに要求\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "鍵サーバがわかりません\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "\"%s\"をスキップしました: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "鍵%sを%sへ送信\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "鍵を'%s'から要求\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "*警告*: URI %s からデータを取れません: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "変な長さの暗号化済みセッション鍵 (%d)\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
 #, c-format
-msgid "%s encrypted session key\n"
-msgstr "%s 暗号化済みセッション鍵\n"
+msgid "%s.%s encrypted session key\n"
+msgstr "%s.%s 暗号化済みセッション鍵\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, c-format
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "不明のアルゴリズム%d.%sによる暗号化\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "不明のダイジェスト・アルゴリズムで生成されたパスフレーズ %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "公開鍵は%sです\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "公開鍵による暗号化済みデータ: 正しいDEKです\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "%u-ビット%s鍵, ID %s, 日付%sに暗号化されました\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
+msgstr "%s鍵, ID %s, 日付%sに暗号化されました\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "%s鍵, ID %sで暗号化されました\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "公開鍵の復号に失敗しました: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "*警告*: 複数のプレインテクストが見られます\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "%lu 個のパスフレーズで暗号化\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "1 個のパスフレーズで暗号化\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "公開鍵の復号に失敗しました: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "公開鍵による暗号化済みデータ: 正しいDEKです\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "%s暗号化済みデータを仮定\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA暗号方式は利用不能なので、楽天的ですが%sで代用しようとしています\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "*警告*: メッセージの完全性は保護されていません\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 "ヒント: もし、このメッセージが2003年以前に作成されたのであれば、\n"
-"このメッセージはおそらく正当でしょう。当時、整合性の保護機能は\n"
-"広く使われてはいなかったためです。\n"
+"このメッセージはおそらく正当でしょう。当時、整合性保護は広く使われ\n"
+"てはいなかったためです。\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "それでも復号するにはオプション '%s' を使います。\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "復号は強制的に失敗とされました!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "復号に成功\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "*警告*: 暗号化されたメッセージは改竄されています!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "復号に失敗しました: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "注意: 送信者は\"極秘とする\"ように求めています\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "元のファイル名='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "スタンドアロン失効 - \"gpg --import\"を使って適用してください\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "署名が見つかりません\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "\"%s\"からの*不正な*署名"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "\"%s\"からの期限切れの署名"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "\"%s\"からの正しい署名"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "署名の検証を省略\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "このあいまいな署名データは取り扱えません\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "%sに施された署名\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               %s鍵%sを使用\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "%sに%s鍵ID %sで施された署名\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               発行者\"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "以下に鍵があります: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "注意: この情報を利用するには '%s' を使ってください\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[不確定]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                別名\"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "*警告*: この鍵は%sモードでの署名に適しません!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "期限切れの署名 %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "この署名は%sで期限切れとなります\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s署名、ダイジェスト・アルゴリズム %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "バイナリ"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "テキストモード"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "不明の"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr "、鍵アルゴリズム "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 "*警告*: 分遣署名ではありません。ファイル「%s」は検証され*ませんでした*!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "署名を検査できません: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "分遣署名でありません\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "*警告*: 多重署名の検出。最初のものだけ検査します。\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "クラス0x%02xのスタンドアロン署名\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "古い形式 (PGP 2.x) の署名\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "'%s'のfstatが%sで失敗しました: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d)が%sで失敗しました: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "*警告*: 実験的公開鍵アルゴリズム%sを使用します\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "*警告*: Elgamal署名+暗号化鍵は廃止されています\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "*警告*: 実験的暗号アルゴリズム %s を使用します\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "*警告*: 実験的ダイジェスト・アルゴリズム %sを使用\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "*警告*: ダイジェスト・アルゴリズム %s は廃止されています\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "注意: アルゴリズム %s を用いた署名は拒否されました\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "注意: アルゴリズム %s を用いた第三者の鍵への署名は拒否されました\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(報告されたエラー: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(報告されたエラー: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(より詳細な情報: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: 廃止されたオプション\"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "*警告*: \"%s\"は、廃止されたオプションです\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "\"%s%s\"を代わりに使ってください\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "*警告*: \"%s\" は、廃止されているコマンドです - 使わないでください\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s:%u: \"%s\"は、このファイルで使われなくなりました - %sになんの効果もありま"
 "せん\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6217,41 +6144,36 @@ msgstr ""
 "*警告*: \"%s%s\"は、使われなくなったオプションです - %s以外になんの効果もあり"
 "ません\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "無圧縮"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "無圧縮|なし"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr "充足できないコンプライアンス・ルールのため、操作は強制的に失敗します\n"
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "このメッセージは、%sでは使用できません\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "あいまいなオプション'%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "不明のオプション'%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "ECDSAの公開鍵は8ビットの倍数のSECエンコーディングを期待します\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "不明の弱いダイジェスト'%s'\n"
@@ -6274,85 +6196,76 @@ msgstr "%s: 不明の拡張子\n"
 msgid "Enter new filename"
 msgstr "新しいファイル名を入力してください"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "標準出力に書き込みます\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "署名されたデータが'%s'にあると想定します\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "公開鍵のアルゴリズム%dは、取り扱えません\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "*警告*: 潜在的にセキュアでない共通鍵暗号化セッション鍵です\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "不明なクリティカルな署名注釈: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "型%dの下位パケットにクリティカル・ビットを発見\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "エージェントに問題: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "復号のためにパスフレーズを入力してください。"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "パスフレーズを入力\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "ユーザによる取消し\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (主鍵ID %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "OpenPGPの秘密鍵のロックを解除するためにパスフレーズを入力してください:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "OpenPGPの秘密鍵をインポートするためにパスフレーズを入力してください:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
 "OpenPGPの秘密副鍵をエクスポートするためにパスフレーズを入力してください:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "OpenPGPの秘密鍵をエクスポートするためにパスフレーズを入力してください:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "選択したOpenPGP副鍵を本当に永久に削除しますか? (y/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "選択したOpenPGP秘密鍵を本当に永久に削除しますか? (y/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6367,7 +6280,7 @@ msgstr ""
 "作成日付 %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6381,34 +6294,78 @@ msgstr ""
 "いておきましょう。もし大きな写真を使うと、あなたの鍵も同様に大きくなり\n"
 "ます! 240x288くらいにおさまる大きさの画像は、使いよいでしょう。\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "フォトID用のJPEGファイル名を入力してください: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "JPEGファイル'%s'が開けません: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "このJPEGは、本当に大きい (%dバイト) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "本当に使いたいですか? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s'は、JPEGファイルではありません\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "この写真は正しいですか (y/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "遠隔プログラムの実行は、サポートしていません\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"このプラットホームだと、外部プログラムの呼出しには、一時ファイルが必要です\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "シェル'%s'を実行できません: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "外部プログラムが、不自然に終了\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "外部プログラムの呼出しでシステム・エラー: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "*警告*: 一時ファイルを削除できません (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "*警告*: 一時ディレクトリ'%s'を削除できません: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"オプション・ファイルの許可モードが安全ではないので、外部プログラムの呼出しは"
+"禁止となります。\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "フォトIDが表示不能!\n"
@@ -6423,97 +6380,97 @@ msgstr "フォトIDが表示不能!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "信用度が指定されていません:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  別名\"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "この鍵がこのユーザをなのる本人のものかどうか、どれくらい信用できますか?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = 知らない、または何とも言えない\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = 信用し ない\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = 究極的に信用する\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = メーン・メニューに戻る\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = この鍵はとばす\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = 終了\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr "この鍵の最小信用レベル: %s\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "あなたの決定は? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "本当にこの鍵を究極的に信用しますか? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "究極的に信用した鍵への証明書:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: この鍵が本当に本人のものである、という兆候が、ありません\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: この鍵が本当に本人のものである、という兆候が、少ししかありません\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "この鍵はたぶん本人のものです\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "この鍵は自分のものです\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: この鍵はダメです! 信用できないとマークされています!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6523,7 +6480,7 @@ msgstr ""
 "なにをしているのか分かっている場合には、次の質問には yes と\n"
 "答えてください。\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6533,142 +6490,154 @@ msgstr ""
 "ません。今から行うことを＊本当に＊理解していない場合には、\n"
 "次の質問にはnoと答えてください。\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "それでもこの鍵を使いますか? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "*警告*: 信用できない鍵を使っています!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "*警告*: この鍵は失効されたようです (失効鍵は不在)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "ユーザID\"%s\"\n"
+
+#: g10/pkclist.c:681
+#, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "オプション%sが与えられましたが、発行者\"%s\"と合いません\n"
+
+#: g10/pkclist.c:684
+#, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "発行者\"%s\"はどのユーザIDとも合いません\n"
+
+#: g10/pkclist.c:687
+#, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "オプション%sが与えられましたが、対応するユーザIDが見つかりません\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "*警告*: この鍵は指名失効者によって失効されています!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "*警告*: この鍵は所有者によって失効されています!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "        署名が偽物なこともある、ということです。\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "*警告*: この副鍵は所有者によって失効されています!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "注意: この鍵は使用禁止に設定されています。\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "注意: 確認された署名者のアドレスは'%s'です\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "注意: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "PKA情報が有効のため、信用レベルがFULLに調整されました\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "PKA情報が無効のため、信用レベルがNEVERに調整されました\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "注意: この鍵は期限切れです!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "*警告*: この鍵のユーザIDは信用できる署名で証明されていません!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "*警告*: この鍵は信用できる署名で証明されていません!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "      この署名が所有者のものかどうかの検証手段がありません。\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "*警告*: この鍵は信用できません!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "        この署名はおそらく 偽物 です。\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr "*警告*: この鍵のユーザIDは十分に信用できる署名で証明されていません!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr "*警告*: この鍵は十分に信用できる署名で証明されていません!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "        この署名が所有者のものかどうか確信できません。\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: スキップ: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: スキップ: 公開鍵は使用禁止です\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: スキップ: 公開鍵はもうあります\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "'%s'に暗号化できません\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr ""
 "オプション'%s'が与えられましたが、有効なデフォルト鍵が与えられていません\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "オプション'%s'が与えられましたが、オプション'%s'は与えられていません\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "ユーザIDを指定していません (\"-r\"を使いましょう) 。\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "今の受取人:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6676,40 +6645,40 @@ msgstr ""
 "\n"
 "ユーザIDを入力。空行で終了: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "そのユーザIDはありません。\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "スキップ: 公開鍵はデフォルトの受取人としてもう設定済みです\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "公開鍵は使用禁止です。\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "スキップ: 公開鍵はもう設定済みです\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "デフォルトの受取人\"%s\"が不明です\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "有効な宛先がありません\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "注意: 鍵%sには %s の機能がありません\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "注意: 鍵%sには%sに対する優先指定がありません\n"
@@ -6720,76 +6689,81 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "データは保存されていません。保存には\"--output\"オプションを使ってください\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "分遣署名。\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "データ・ファイルの名前を入力: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "標準入力より読み込み中 ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "署名されたデータがありません\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "署名されたデータ'%s'が開けません\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "署名されたデータ fd=%d が開けません: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "鍵%sは%sモードでの復号化のために適しません\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "匿名の受取人用です。秘密鍵%sを試します ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "使用された鍵は暗号化の使用のためにマークされていません\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "終了。匿名の受取人用です。\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "DEKの旧式エンコーディングは、サポートしていません\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "暗号アルゴリズム%d%sは不明か使用禁止です\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "*警告*: 暗号アルゴリズム%sは受取人の優先指定に入っていません\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "注意: 秘密鍵%sは%sで期限切れとなります\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "注意: 鍵は失効済みです"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet に失敗しました: %s\n"
@@ -6807,37 +6781,37 @@ msgstr "失効者:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(これは、機密指定の失効鍵です)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "秘密鍵が利用できません。\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "この鍵に対する指名失効証明書を作成しますか? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII外装出力を強制します。\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet に失敗しました: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "失効証明書を作成。\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "\"%s\"用の失効鍵が見つかりません\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "これは失効証明書でこちらのOpenPGP鍵に対するものです:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6847,7 +6821,7 @@ msgstr ""
 "ように公に宣言するものです。一度発行されると、そのような失効証明書は\n"
 "撤回することはできません。"
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6860,7 +6834,7 @@ msgstr ""
 "失効の理由をつける方がよいでしょう。詳細は、GnuPGマニュアルのgpgコマンド \"--"
 "generate-revocation\"の記述をご覧ください。"
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -6870,12 +6844,12 @@ msgstr ""
 "の前に挿入されます。この失効証明書をインポートして公開する前に、テク\n"
 "スト・エディタでこのコロンを削除してください。"
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "失効証明書を '%s.rev' に保管しました。\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "秘密鍵\"%s\"が見つかりません\n"
@@ -6888,16 +6862,16 @@ msgstr "秘密鍵\"%s\"が見つかりません\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "'%s'は以下の複数の秘密鍵にマッチします:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "鍵リング探索エラー: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "この鍵に対する失効証明書を作成しますか? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -6918,37 +6892,37 @@ msgstr ""
 "る\n"
 "場所にデータをおくことがあります!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "失効の理由を選択してください:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "キャンセル"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(ここではたぶん%dを選びたいでしょう)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "予備の説明を入力。空行で終了:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "失効理由: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(説明はありません)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "よろしいですか? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "弱い鍵ができました - 再実行\n"
@@ -6958,60 +6932,55 @@ msgstr "弱い鍵ができました - 再実行\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "共通鍵暗号方式の弱い鍵を回避することができません。%d回試みました!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s 鍵 %s は安全でない(%zuビット)ハッシュを使用しています\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "%s鍵%sは%zuビットあるいはより大きいハッシュを必要とします(今のハッシュは%s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "鍵%sを署名のために%sモードで使うことはできません\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr "オプション %s のため検証を続けます\n"
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "*警告*: 署名のダイジェストが、メッセージと衝突します\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "鍵%sを署名のために%sモードで使うことはできません\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "*警告*: 署名副鍵%sは、相互証明されてません\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "詳細は%sをご覧ください\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "*警告*: 無効な相互証明が、署名副鍵%sにあります\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "公開鍵%sは、署名よりも%lu秒、新しいものです\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "公開鍵%sは、署名よりも%lu日、新しいものです\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7019,72 +6988,72 @@ msgid_plural ""
 "key %s was created %lu seconds in the future (time warp or clock problem)\n"
 msgstr[0] "鍵%sは%lu秒、未来にできました (時間歪曲か時計の障害でしょう)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
 "key %s was created %lu days in the future (time warp or clock problem)\n"
 msgstr[0] "鍵%sは%lu日、未来にできました (時間歪曲か時計の障害でしょう)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "注意: 署名鍵%sは%sに期限切れとなります\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "注意: 鍵 %s は失効済みです\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "鍵%sによる不正な鍵への署名: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "鍵%sによる不正なデータへの署名: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "不明のクリティカル・ビットのため、鍵%sによる署名を不正とみなします\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "鍵%s: 副鍵失効署名に対する副鍵がありません\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "鍵%s: 副鍵対応への署名に対する副鍵がありません\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr "*警告*: 表記を%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr "*警告*: ポリシーURLを%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr "*警告*: 優先鍵サーバURLを%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s署名。署名者:\"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7092,38 +7061,38 @@ msgstr ""
 "*警告*: ダイジェスト・アルゴリズム %s (%d) の強制が、受取人の優先指定と対立し"
 "ます\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "署名:"
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
-msgstr "%s暗号化を使用します\n"
+msgid "%s.%s encryption will be used\n"
+msgstr "%s.%s暗号化を使用します\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "セキュアでないというフラグが鍵には設定されていません。\n"
 "偽物乱数生成器とはいっしょに使えません!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "\"%s\"をスキップします: 重複\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "スキップ: 秘密鍵はもうあります\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr "これはPGPの生成したElgamal鍵で、署名用には安全ではありません!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "信用レコード%lu, 型%d: 書き込みに失敗しました: %s\n"
@@ -7137,43 +7106,43 @@ msgstr ""
 "# 指定された信用度の一覧です 作成日時: %s\n"
 "# (\"gpg --import-ownertrust\" で復旧することができます)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "'%s'でエラー: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "行が長すぎます"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "コロンがありません"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "無効なフィンガープリント"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "所有者信用度がありません"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "'%s'で信用レコードの検索エラー: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "'%s'で読み込みエラー: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "信用データベース: 同期に失敗しました: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "'%s'のロックを作成できません\n"
@@ -7183,12 +7152,12 @@ msgstr "'%s'のロックを作成できません\n"
 msgid "can't lock '%s'\n"
 msgstr "'%s'がロックできません\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "信用データベース レコード%lu: シークに失敗しました: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "信用データベース レコード%lu: 書き込みに失敗しました (n=%d): %s\n"
@@ -7203,7 +7172,7 @@ msgstr "信用データベースのトランザクションが大きすぎます
 msgid "%s: directory does not exist!\n"
 msgstr "%s: ディレクトリがありません!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "'%s'にアクセスできません: %s\n"
@@ -7244,7 +7213,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: バージョン・レコードの更新エラー: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: バージョン・レコードの読み込みエラー: %s\n"
@@ -7254,52 +7223,52 @@ msgstr "%s: バージョン・レコードの読み込みエラー: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: バージョン・レコードの書き込みエラー: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "信用データベース: シークに失敗しました: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "信用データベース: 読み込みに失敗しました (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: 信用データベース・ファイルではありません\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: レコード番号%lu番のバージョン・レコード\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: 無効なファイル・バージョン%d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: 空きレコードの読み込みエラー: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: ディレクトリ・レコードの書き込みエラー: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: レコードの初期化に失敗しました: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: レコードの追加に失敗しました: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "エラー: 信用データベースが壊れています。\n"
@@ -7339,10 +7308,10 @@ msgstr "サポートされていないTOFUデータベースバージョン: %s\
 msgid "TOFU DB error"
 msgstr "TOFU DBエラー"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "TOFUデータベースの読み込みエラー: %s\n"
@@ -7362,7 +7331,7 @@ msgstr "TOFUデータベースの初期化エラー: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "TOFUデータベースのオープンでエラー '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "TOFUデータベースの更新エラー: %s\n"
@@ -7521,100 +7490,100 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr "不明をデフォルトとします。\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "TOFU dbが壊れていることが検出されました。\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "TOFUポリシーの作成エラー: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lldå¹´"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld月"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld週"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld日"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld時間"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld分"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld秒"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: 0個の署名を検証、0個のメッセージを暗号化しました。"
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: 0個の署名を検証しました。"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "0 個のメッセージを暗号化しました。"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(ポリシー: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr "警告: この鍵とユーザIDで署名されたメッセージは一度も見てません!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr "警告: この鍵とユーザIDで署名されたメッセージは一度しか見てません!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "警告: この鍵へは一つもメッセージを暗号化したことがありません!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "警告: この鍵へは一つのメッセージしか暗号化したことがありません!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7635,160 +7604,160 @@ msgstr[0] ""
 "  %s\n"
 "でダメとマークしてください。\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "TOFUデータベースのオープンでエラー: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "*警告*: %s に暗号化します。失効していないユーザIDが一つもないものです\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s'は、有効な大型鍵IDでありません\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "鍵%s: 信用する鍵として受理しました\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "鍵%sが信用データベースに複数あります\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "鍵%s: 信用される鍵の公開鍵がありません - スキップします\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "鍵%sを究極的に信用するよう記録しました\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "信用レコード%lu, リクエスト型%d: 読み込みに失敗しました: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "信用レコード%luが要求された型%dではありません\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "trustdbを下記のコマンドで再生成することを試すことができます:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "もし、それがうまくいかなかったら、マニュアルをご覧ください\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "不明の信用モデル (%d) は使えません - %s信用モデルを仮定\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "%s信用モデルを使用\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "信用データベースの検査は、不要です\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "次回の信用データベース検査は、%sです\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "信用モデル'%s'で信用データベースの検査は、不要です\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "信用モデル'%s'で信用データベースの更新は、不要です\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "公開鍵%sが見つかりません: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "--check-trustdbを実行してください\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "信用データベースの検査\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%d個の鍵を処理"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " (うち%d本の有効性数をクリア)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "究極的に信用する鍵が見つかりません\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "究極的に信用する鍵%sの公開鍵が見つかりません\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr "深さ: %d  有効性: %3d  署名: %3d  信用: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "信用データベースのバージョン・レコードが更新できません: 書き込みに失敗しまし"
 "た: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "未定義"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "全くなし"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "まぁまぁ"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "充分"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "究極"
 
@@ -7800,39 +7769,39 @@ msgstr "究極"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 translator see trust.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[  失効  ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[期限切れ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[  不明  ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[ 未定義 ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[全くなし]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[まぁまぁ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[  充分  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  究極  ]"
 
@@ -7857,19 +7826,29 @@ msgstr "入力の%u行目が長すぎるか、LFがないようです\n"
 msgid "can't open fd %d: %s\n"
 msgstr "fd %dが開けません: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "*警告*: 整合性保護なしの暗号化は危険です\n"
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "ヒント: オプション %s を使わない\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "デバッグ・フラグを設定"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "フル・デバッグを有効にする"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "使い方: kbxutil [オプション] [ファイル] (ヘルプは -h)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -7880,125 +7859,212 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%s番号: %s%%0A保持者: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "残された試行回数: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
+msgstr "|N|あたらしいグローバルPINを入力してください"
+
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||あなたのPIVカードのグローバルPINを入力してください"
+
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr "|N|あたらしいPINを入力してください"
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||あなたのPIVカードのPINを入力してください"
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|N|あたらしいアンブロッキングキーを入力してください"
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||あなたのPIVカードのアンブロッキングキーを入力してください"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PINコールバックがエラーを返しました: %s\n"
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PINが短すぎます。最短で%dです\n"
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PINが長すぎます。最長で%dです\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr "PINに無効な文字があります。数字だけが使えます\n"
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "鍵はもうあります\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "既存の鍵は置き換えられます\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "新しい鍵を生成\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "新しい鍵を書き込み\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "鍵の保管に失敗しました: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "応答にRSAのモジュラスが含まれていません\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "応答にRSA公開指数が含まれていません\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "応答に楕円曲線の公開鍵が含まれていません\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "鍵生成の間、お待ちください ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "鍵の生成に失敗しました\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "鍵の生成が完了しました (%d秒)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "応答に公開鍵データが含まれていません\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||新しいPINを認定署名を生成する鍵のために入力してください。"
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|管理者PINを入力してください"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|標準の鍵のPIN Unblocking Code (PUK)を入力してください。"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||PINを標準の鍵のために入力してください。"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSAのモジュラスがないか、%dビットのものではありません\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA公開指数がないか %d ビットより大きすぎます\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PINコールバックがエラーを返しました: %s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
+msgstr "注意: PINがまだ有効となっていません"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPINが変更されていません\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|新しいPINを標準の鍵のために入力してください。"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|標準の鍵の新しいPIN Unblocking Code (PUK)を入力してください。"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|新しいPINを認定署名を生成する鍵のために入力してください。"
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 "|NP|認定署名の鍵のために新しいPINブロック解除コード(PUK)を入力してください。"
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 "|P|認定署名の鍵のために新しいPINブロック解除コード(PUK)を入力してください。"
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "新しいPINの取得エラー: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "指紋の保管に失敗しました: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "生成日の保管に失敗しました: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "カードからCHVステイタスの取得でエラー\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "応答にRSAのモジュラスが含まれていません\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "応答にRSA公開指数が含まれていません\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "応答に楕円曲線の公開鍵が含まれていません\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "応答に公開鍵データが含まれていません\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "公開鍵の読み込みに失敗しました: %s\n"
@@ -8006,64 +8072,64 @@ msgstr "公開鍵の読み込みに失敗しました: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%s番号: %s%%0A保持者: %s%%0Aカウンタ: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "デフォルトPINを%sとして使います\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "デフォルトのPIN %s を使うのに失敗しました: %s - これ以上デフォルトとしての使"
 "用を無効とします\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||カードをアンロックしてください"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "CHV%dのPINが短すぎます。最短で%dです\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "CHV%dの認証に失敗しました: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "カードが永久にロックされてます!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
 "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgstr[0] "カードの永久ロック前に%d回の管理者PINの試行が残っています\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "管理コマンドへのアクセスが設定されていません\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||PINを入力してください"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||カードのリセット・コードを入力してください"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "リセット・コードが短すぎます。最短の長さは%dです。\n"
@@ -8071,119 +8137,78 @@ msgstr "リセット・コードが短すぎます。最短の長さは%dです
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|新しいリセット・コード"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|新しい管理者PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|新しいPIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||管理者PINと新しい管理者PINを入力してください"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||PINと新しいPINを入力してください"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "アプリケーション・データの読み込みエラー\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "フィンガープリントのデータ・オブジェクトの読み込みエラー\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "鍵はもうあります\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "既存の鍵は置き換えられます\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "新しい鍵を生成\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "新しい鍵を書き込み\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "作成時刻スタンプがありません\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA素数 %s がありません、または%dビットのものではありません\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "鍵の保管に失敗しました: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "サポートされていない曲線\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "鍵生成の間、お待ちください ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "鍵の生成に失敗しました\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "鍵の生成が完了しました (%d秒)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "OpenPGPカードに無効な構造 (データ・オブジェクト 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "カードのフィンガープリントが要求されたものと一致しません\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "カードはダイジェスト・アルゴリズム %s をサポートしていません\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "これまでに作成された署名: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "管理者PINの確認はこのコマンドでは今のところ禁止されています\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "%sにアクセスできません - 無効なOpenPGPカード?\n"
@@ -8195,59 +8220,63 @@ msgstr "||PINをリーダのピンパッドで入力してください"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|初期の新しいPIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "マルチ・サーバ・モード(フォアグラウンド)で実行"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|デバッグ・レベルをLEVELとします"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|FILEにログを書き出します"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|ポートNのリーダに接続します"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|ct-APIドライバとしてNAMEを用います"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|PC/SCドライバとしてNAMEを用います"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "内蔵CCIDドライバを使いません"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|N秒アクティブでない場合、カードへの接続を切ります"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "リーダのピンパッドを使わない"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "ピンパッドの可変長入力を使う"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr "|LIST|アプリケーションの優先度をLISTとする"
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "管理カード・コマンドの使用を拒否"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "使い方: @SCDAEMON@ [オプション] (ヘルプは -h)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8255,39 +8284,33 @@ msgstr ""
 "形式: scdaemon [オプション] [コマンド [引数]]\n"
 "@GNUPG@のSmartcardデーモン\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "'--daemon'オプションを使って、プログラムをバックグラウンドで実行してくださ"
 "い\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "fd %dのハンドラが開始されました\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "fd %dのハンドラが終了しました\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "鍵使用情報の取得エラー: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "証明書から以下の検証モデルが要求されました: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "chain"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8320,7 +8343,7 @@ msgstr "注意: クリティカルでない証明書ポリシーは認められ
 msgid "certificate policy not allowed"
 msgstr "証明書ポリシーは認められません"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "フィンガープリントの取得に失敗しました\n"
@@ -8335,7 +8358,7 @@ msgstr "発行者の外部ロケーションを調べています\n"
 msgid "number of issuers matching: %d\n"
 msgstr "マッチする発行者の数: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "authorityInfoAccessを取得できません: %s\n"
@@ -8355,234 +8378,234 @@ msgstr "マッチする証明書の数: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngrのキャッシュだけの鍵探索に失敗しました: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "keyDBハンドルの確保に失敗しました\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "証明書は失効済みです"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "証明書のステイタスは不明です"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "\"dirmngr\" が正しくインストールされていることを確認してください\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "CRLの検査に失敗しました: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "無効の妥当性の証明書: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "証明書はまだ有効ではありません"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "ルート証明書がまだ有効ではありません"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "中間証明書はまだ有効ではありません"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "証明書が有効期限を過ぎています"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "ルート証明書が有効期限を過ぎています"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "中間証明書が有効期限を過ぎています"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "必要な証明書の属性がありません: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "妥当性が無効な証明書"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "証明書のライフタイムの間に署名が作られていません"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "発行者のライフタイムの間に証明書が作られていません"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "発行者のライフタイムの間に中間証明書が作られていません"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  署名、作成"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "   (証明書、作成"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (     証明書、有効"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     発行者、有効"
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "フィンガープリント=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "ルート証明書は信用すると今、マークされました\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 "インタラクティブに信用するとマークすることがgpg-agentで有効となっていません\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 "インタラクティブに信用するとマークすることはこのセッションでは無効となってい"
 "ます\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "*警告*: 署名の作成時間が不明です - 現在時刻を仮定します"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "証明書の発行者がありません"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "自己署名証明書に*不正な*署名があります"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "ルート証明書が信用できるとマークされていません"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "信用リストの検査に失敗しました: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "証明書のチェインが長すぎます\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "発行者証明書が見つかりません"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "証明書に*不正な*署名があります"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "別の一致する可能性があるCA証明書が見つかりました - 再度試します"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "証明書のチェインがCAにより認められたもの(%d)より長くなっています"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "証明書は正しいです\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "中間証明書は正しいです\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "ルート証明書は正しいです\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "チェイン・モデルに切り替えました"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "使用した検証モデル: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%uビットハッシュは%uビットの%s鍵には無効です\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "メモリがありません\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(これはMD2アルゴリズムです)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "none"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[エラー: 無効なエンコーディング]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[エラー - メモリがありません]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[エラー - 名前なし]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[エラー: 無効な DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8597,132 +8620,142 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "作成 %s, 有効期限 %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "鍵の使い方が指定されていません - すべての使い道を仮定します\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "鍵使用情報の取得エラー: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "証明書は証明のために使われるべきではありませんでした\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "証明書はOCSP応答の署名のために使われるべきではありませんでした\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "証明書は暗号化のために使われるべきではありませんでした\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "証明書は署名のために使われるべきではありませんでした\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "証明書は暗号化のために使えません\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "証明書は署名のために使えません\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr "別の証明書を探す\n"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "行 %d: 無効なアルゴリズムです\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "行 %d: 無効な鍵長 %u (%d から %dが有効)です\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "行 %d: サブジェクト名がありません\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "行 %d: 無効なサブジェクト名ラベル'%.*s'です\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "行 %d: 無効なサブジェクト名'%s'(位置: %d)です\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "行 %d: 有効な電子メール・アドレスではありません\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "行 %d: 無効なシリアル番号です\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "行 %d: 無効なサブジェクト名ラベル'%.*s'です\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "行 %d: 無効なサブジェクト名'%s'(位置: %d)です\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "行 %d: 無効な日付が与えられました\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "行 %d: keygrip'%s'から鍵の取得エラー: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "行 %d: 無効なハッシュ・アルゴリズムです\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "行 %d: 無効なauthority-key-idです\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "行 %d: 無効なsubject-key-idです\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "行 %d: 無効な拡張構文です\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "行 %d: カードから鍵'%s'の読み込みエラー: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "行 %d: keygrip'%s'から鍵の取得エラー: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "行 %d: 鍵の生成に失敗しました: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8730,45 +8763,45 @@ msgstr ""
 "この証明書要求を完成するために今作った鍵のパスフレーズをもう一度入力してくだ"
 "さい。\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) 既存の鍵\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) カードに存在する鍵\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "%s鍵に可能な操作:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) 署名、暗号化\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) 署名\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) 暗号化\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "X.509のサブジェクト名を入力: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "サブジェクト名がありません\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "無効なサブジェクト名ラベル'%.*s'です\n"
@@ -8778,240 +8811,234 @@ msgstr "無効なサブジェクト名ラベル'%.*s'です\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "無効なサブジェクト名'%s'です\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "33"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "電子メール・アドレスを入力"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (空行で終了):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "DNS名を入力"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (オプションです。空行で終了):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "URIを入力"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "自己署名証明書を作成しますか? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "下記のパラメータが使われます:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "一時ファイルの作成エラー: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "今、自己署名証明書を作成しています。  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "今、証明書要求を作成しています。  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "しばらくかかります...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "準備完了。\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "準備ができました。今、この要求をあなたのCAに送るべきです。\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "リソースの問題: メモリがありません\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "%s.%s 暗号化済みデータ\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(RC2アルゴリズムです)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(暗号化されたメッセージではないようです)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
-msgstr "%s の鍵 %s へ暗号化されたものです\n"
+msgstr "%s鍵 %sに対して暗号化されました\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "証明書'%s'が見つかりません: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "keyboxのロックのエラー: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "重複した証明書'%s'を削除しました\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "証明書'%s'を削除しました\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "証明書'%s'の削除に失敗しました: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "有効な受け取り手が指定されていません\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "外部鍵を一覧する"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "証明書のチェインを表示する"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "証明書をインポートする"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "証明書をエクスポートする"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "スマートカードを登録する"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "dirmngrにコマンドを渡す"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "gpg-protect-toolを起動する"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "端末をまったく使わない"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|インクルードする証明書の数"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|ポリシー情報をFILEから取得する"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "PEMフォーマットの入力を仮定する"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "base-64フォーマットの入力を仮定する"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "バイナリ・フォーマットの入力を仮定する"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "base-64形式の出力を作成"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|USER-IDをデフォルトの秘密鍵として使う"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|鍵リングを鍵リングのリストに追加"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|このキーサーバを鍵の検索に使う"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "紛失している発行者証明書を取得する"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|PKCS#12のパスフレーズにNAMEのエンコーディングを使う"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "決してCRLを調べない"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "ルート証明書のCRLをチェックしない"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "OCSPを用いて有効性を確認する"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "証明書ポリシーをチェックしない"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|暗号アルゴリズムにNAMEを使用"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|ダイジェスト・アルゴリズムにNAMEを使用"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "バッチ・モード: なにもユーザに問い合わせない"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "ほとんどの設問にyesを仮定する"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "ほとんどの設問にnoを仮定する"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|監査ログをFILEに書き出す"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "使い方: @GPGSM@ [オプション] [ファイル] (ヘルプは -h)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9021,87 +9048,122 @@ msgstr ""
 "S/MIMEプロトコルを用いて、署名、検査、暗号化や復号を行います\n"
 "デフォルトの操作は、入力データに依存します\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "注意:'%s'に対して暗号化できません: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "不明の検証モデル '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: ホスト名が指定されていません\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: ユーザなしに与えられたパスワード\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr "%s:%u: 未知のフラグ '%s' を無視します\n"
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: この行はスキップ\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "鍵サーバのURLを解析不能\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "共通証明書のインポート・エラー: %s\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "'%s'を用いて署名できません: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "無効なコマンド (暗黙のコマンドはありません)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "    処理数の合計: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "証明書の保存に失敗しました\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "基本証明書チェックが失敗しました - インポートされませんでした\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "保存されたフラグの取得エラー: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "証明書のインポート・エラー: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "入力読み込みエラー: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "このセッションでkeyboxdは実行されていません\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "鍵DBを開く際のエラー: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "既存の証明書の検索の問題: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "書き込み可能keyDBの判定エラー: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "証明書保存エラー: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "証明書の再検索の問題: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "フラグの保存エラー: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "エラー - "
 
@@ -9110,17 +9172,17 @@ msgstr "エラー - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY が設定されていません - 少々疑問のデフォルトを使います\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "'%s'(行 %d) 無効な形式のフィンガープリント\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "'%s' (行 %d)で無効な国識別コード\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9137,7 +9199,7 @@ msgstr ""
 "\n"
 "%s%s本当にこれを望みますか?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9146,7 +9208,7 @@ msgstr ""
 "注意してください、このような署名を作成したり、検証したりすることについてこの"
 "ソフトウェアは公式に承認されていません。\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9157,56 +9219,61 @@ msgstr ""
 "\"%s\"\n"
 "注意してください: この証明書は署名を作るために作成されていません!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "ハッシュ・アルゴリズム %d (%s)(署名人 %d へ)はサポートされていません。%s を使"
 "います\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "署名者 %dのために使われたハッシュアルゴリズム: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "適正な認定証明書の検査に失敗しました: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s/%s 署名 (%s鍵ID %sを使用)\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "施された署名 "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[日時指定なし]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "アルゴリズム:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 "無効な署名: メッセージ・ダイジェストの属性が計算されたものと一致しません\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "正しい署名"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "      別名"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "これは認定署名です\n"
@@ -9231,100 +9298,100 @@ msgstr "証明書キャッシュの書き込みロックが取得できません
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "証明書キャッシュのロックが解除できません: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "%uの証明書をキャッシュからはずします\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "証明書'%s'が解析できません: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "証明書'%s'はすでにキャッシュされています\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "信用される証明書'%s'をロードしました\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "証明書'%s'をロードしました\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1フィンガープリント = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   発行者 ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "サブジェクト ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "証明書'%s'の読み込みエラー: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "永続的にロードされる証明書: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "実行時キャッシュ証明書の数: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           信用された証明書の数: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "   すでにキャッシュされた証明書\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "キャッシュされた証明書\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "証明書のキャッシュのエラー: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "無効なSHA1フィンガープリント文字列'%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "S/Nでの証明書取得エラー : %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "サブジェクトでの証明書取得エラー: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "証明書に発行者がみつかりません\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "authorityKeyIdentifierの取得エラー: %s\n"
@@ -9842,56 +9909,56 @@ msgstr "CRLアクセスはTorモードのため不可能です\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "禁止されているため、証明書の探索ができません: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "OCSPをCRLの代わりに使います"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "dirmngrが動いているかどうか確認します"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "証明書をキャッシュに追加します"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "証明書を検証する"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "証明書を探索する"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "ローカルに保持された証明書だけを探索します"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "--lookupにはURLがきます"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "dirmngrにCRLをロードする"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "Squidのための特別なモード"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "証明書はPEM形式を期待します"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "デフォルトOCSP応答の使用を強制します"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "使い方: dirmngr-client [オプション] [証明書ファイル|パターン] (ヘルプは -h)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -9903,215 +9970,211 @@ msgstr ""
 "プロセスは証明書が有効の場合、0を返し、有効でない場合、1 を返す。\n"
 "一般の失敗の場合、そのほかのエラーコードを返す\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "stdinから証明書読み込みエラー: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "'%s'から証明書の読み込みエラー: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "証明書は意味のあるものとしては大きすぎます\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "dirmngrへ接続できません: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "検索に失敗しました: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "CRL'%s'の読み込みが失敗しました: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "dirmngr daemonが起動され動いています\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "証明書の検証に失敗しました: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "証明書は正しいです\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "証明書は失効済みです\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "証明書の検査に失敗しました: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "ステイタス'%s'を取得しました\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "base64エンコーディングの書き込みエラー: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "サポートされていない問い合わせ: '%s'\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "絶対ファイル名がきます\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "'%s'を検索します\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "CRLキャッシュの内容をリストします"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|FILEからCRLをキャッシュにロードする"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|URLからCRLを取得します"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "dirmngrをシャットダウンする"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "キャッシュをフラッシュします"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "オンラインのソフトウェア・バージョン・チェックを許す"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|一つのクエリでNを越えるのアイテムを返さない"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr "ネットワーク関連オプション"
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "ネットワーク・トラフィックをすべてTor経由にする"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "キーサーバのコンフィグレーション"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|鍵サーバとしてURLを使用"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|FILEにあるCA証明書をTLSでのHKPに使う"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "HTTPサーバのコンフィグレーション"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "HTTPの使用を禁止する"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "HTTP CRL配布ポイントを無視する"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|すべてのHTTPリクエストをURLにリダイレクトする"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "システムのHTTPプロキシ設定を用います"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "使用するLDAPサーバのコンフィグレーション"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "LDAPの使用を禁止する"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "LDAP CRL配布ポイントを無視する"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|LDAPの問い合わせにHOSTを使う"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "--ldap-proxy にフォールバック・ホストを使わない"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|このキーサーバを鍵の検索に使う"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|FILEからLDAPサーバリストを読み込みます"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "CRL配布ポイントに発見された新しいサーバを serverlist に追加する"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|LDAPのタイムアウトをN秒とする"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "OCSPのコンフィグレーション"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "OCSP要求の送信を認める"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "OCSPサービスURLに入っている証明書を無視する"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|OCSP応答としてURLを使用"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|FPRで署名されたOCSPレスポンス"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "期日の過ぎたCRLのロードを強制する"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10120,11 +10183,11 @@ msgstr ""
 "@\n"
 "(コマンドとオプション全部の一覧は、\"info\" マニュアルをご覧ください)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "使い方: @DIRMNGR@ [オプション] (ヘルプは -h)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10132,113 +10195,293 @@ msgstr ""
 "形式: @DIRMNGR@ [オプション] [コマンド [引数]]\n"
 "@GnuPG@の鍵サーバ、CRLとOCSPアクセス\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "有効なdebugレベルは: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "使い方: %s [オプション] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "コロンはソケット名に許されません\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "'%s'からCRLの取得の失敗: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "'%s'からCRLの処理に失敗: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: 行が長すぎます - スキップされました\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: 無効なフィンガープリントが検出されました\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: 読み込みエラー: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: 行末のゴミを無視\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUPを受け取り - 設定を読み直し、キャッシュをフラッシュ\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2を受け取り - 動作は定義されない\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERMを受け取り - シャットダウン...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERMを受け取り - %d本のアクティブな接続がまだあります\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "強制的にシャットダウンする\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINTを受け取り - すぐにシャットダウン\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "シグナル%dを受け取り - アクションは定義されない\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "レコード形式ですべての値を返す"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|host部分を無視してNAMEをとおして接続する"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr "TLS接続を強制する"
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|ホストNAMEに接続する"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|ポートNに接続します"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|ユーザNAMEを認証に使う"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|パスワードPASSを認証に使う"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "パスワードを$DIRMNGR_LDAP_PASSから取ってくる"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|DN STRINGをクエリする"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|STRINGをフィルタ式に使う"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|STRINGの属性を返す"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "使い方: dirmngr_ldap [オプション] [URL] (ヘルプは -h)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"形式: dirmngr_ldap [オプション] [URL]\n"
+"Dirmngrの内部LDAPヘルパー\n"
+"インタフェースとオプションは事前の通知なく変更されることがあります\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "無効なポート番号 %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "属性'%s'のスキャン結果\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "stdoutへの書き込みエラー: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          利用可能な属性'%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "属性'%s'が見つかりません\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "属性'%s'が見つかりました\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "url'%s'を処理\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "        ユーザ '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "                パスワード '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "        ホスト '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "        ポート %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "                DN '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        フィルタ '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "         属性 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "'%s'にホスト名がありません\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "クエリ '%s' に属性が指定されていません\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "*警告*: 最初の属性だけを使っています\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "'%s:%d'のLDAP初期化に失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP '%s' への初期化が失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP '%s' への初期化がなされました\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "'%s:%d'のバインドに失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "'%s'の探索に失敗しました: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s'は、LDAP URLではありません\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "'%s' は無効なLDAP URLです\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "'%s'へアクセスのエラー: httpステイタス %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL'%s' は '%s' (%u) へリダイレクトされました\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "リダイレクトが多すぎます\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "リダイレクトが'%s'に変更されました\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "log出力エラー: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "ldap wrapper %dからのログの読み込みエラー: %s\n"
@@ -10268,51 +10511,31 @@ msgstr "ldap wrapper %dの待ちが失敗: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap wrapper %d が止まりました - killしています\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "ホスト名に無効な文字 0x%02x - 加えません\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "'%s:%d'をLDAPサーバ・リストに追加\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "mallocが失敗しました: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s'は、LDAP URLではありません\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "'%s' は無効なLDAP URLです\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: 無効なパターン '%s'\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search がサーバのサイズ限界を越えました\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: ユーザなしに与えられたパスワード\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u: 不明なフラグ '%s' を無視します\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: この行はスキップ\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10398,91 +10621,91 @@ msgstr "'%s'に対するOCSP応答のハッシングに失敗しました: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "デフォルトOCSP署名者の証明で署名されていません"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "リスト項目の確保に失敗しました: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "応答IDの取得エラー: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "OCSP応答を検証する適切な証明書がありませんでした\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "発行者証明書が見つかりません: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "呼出側が対象の証明書を返しませんでした\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "呼出側が発行される証明書を返しませんでした\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "OCSPコンテクストの確保に失敗しました: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "デフォルトOCSPレスポンダが定義されていません\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "デフォルトのOCSP署名者が定義されていません\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "デフォルトOCSP応答'%s'を使います\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "OCSP応答'%s'を使います\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "対象の証明書のOCSPステイタスの取得エラー: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "証明書ステイタスは: %s (これ=%s 次=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "良好"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "証明書は失効済みです: %s (理由: %s)\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OSCPレスポンダは未来のステイタスを返しました\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OSCPレスポンダは現在でないステイタスを返しました\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OSCPレスポンダは古すぎるステイタスを返しました\n"
@@ -10492,67 +10715,71 @@ msgstr "OSCPレスポンダは古すぎるステイタスを返しました\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s)が失敗しました: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserverがありません"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serialnoがcert IDにありません"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquireに失敗しました: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url が失敗しました: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "データ送信エラー: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch が失敗しました: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert が失敗しました: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d を越えました\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "制御構造を確保できません: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "assuanコンテクストの確保に失敗しました: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "サーバの初期化に失敗しました: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "Assuanで登録コマンドに失敗しました: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan accept の問題: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuanの処理が失敗しました: %s\n"
@@ -10595,51 +10822,55 @@ msgstr "証明書チェインは正しいです\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "証明書はCRL署名のために使われるべきではありませんでした\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "おとなしく"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "16進でエンコードしてデータ出力を表示する"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "受信したデータ行をデコードする"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "dirmngrへ接続"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr "keyboxdへ接続"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|Assuanのソケット名NAMEに接続する"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|ADDRのAssuanサーバに接続する"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "コマンド・ラインで与えられたAssuanサーバを実行する"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "拡張接続モードを使わない"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|起動時にFILEからコマンドを実行する"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "起動時に /subst を実行する"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "使い方: @GPG@-connect-agent [オプション] (ヘルプは -h)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10647,173 +10878,186 @@ msgstr ""
 "形式: @GPG@-connect-agent [オプション]\n"
 "実行中のagentに接続し、コマンドを送る\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "オプション\"%s\"はプログラムとオプショナルの引数を要します\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "オプション\"%s\"は\"%s\"のため無視されました\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "行の受信に失敗しました: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "行が長すぎます - スキップされました\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "組込みのNulキャラクタのため行は短くされました\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "不明のコマンド'%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "行の送信に失敗しました: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "このセッションでkeyboxデーモンは実行されていません\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "標準オプションを送信エラー: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr "公開鍵"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "プライベート鍵"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "スマートカード"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "ネットワーク"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "パスフレーズ入力"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "コンポーネントが起動するために適切ではありません"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "コンポーネント%sのコンフィグレーション・ファイルが壊れています\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "注意: \"%s%s\"コマンドを使って詳細を得てください。\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "コンポーネント%sの外部の検証が失敗しました"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "グループ仕様は無視されていることに注意してください\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "'%s'でクローズのエラー\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "'%s'でパーズのエラー\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "すべてのコンポーネントをリストする"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "すべてのプログラムをチェックする"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|オプションをリストする"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|オプションを変更する"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|オプションをチェックする"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "グローバル・デフォルト値を適用する"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|FILEを使ってコンフィグレーション・ファイルを更新する"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "@GPGCONF@のためにコンフィグレーション・ディレクトリを取得する"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "グローバルのコンフィグレーション・ファイルをリストする"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "グローバルのコンフィグレーション・ファイルをチェックする"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "ソフトウェア・バージョン・データベースに問い合わせる"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "すべて、あるいは指定されたコンポーネントをリロードする"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "指定されたコンポーネントを起動する"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "指定されたコンポーネントをkillする"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "出力ファイルとして使用"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "可能な場合、実行時に変更を有効とする"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "使い方: @GPGCONF@ [オプション] (ヘルプは -h)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -10821,15 +11065,15 @@ msgstr ""
 "形式: @GPGCONF@ [オプション]\n"
 "@GNUPG@システムのツールに対しコンフィグレーション・オプションを管理する\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "一つコンポーネント引数が必要です"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "コンポーネントが見つかりません"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "引数は許可されていません"
 
@@ -10845,149 +11089,218 @@ msgstr ""
 "形式: gpg-check-pattern [オプション] パターンファイル\n"
 "パターンファイルに対して標準入力のパスフレーズを確認する\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n"
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "注意: 鍵 %s はもうカードに保管してあります!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "一時ファイルの書き込みエラー: %s\n"
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "注意: 鍵はもうカードに保管してあります!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "サーバのログ・ファイルを使う"
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr "既存の鍵 %s を置き換えますか? (y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|サーバ・モードのログをFILEに書き出す"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr "%s カードno. %sを検出\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "ユーザに問い合わせせずに実行"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+"ユーザインタラクションフラグは\"%s\"に設定されています - 変更できません\n"
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "PKA検索(DNS要求)を認める"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+"警告: ユーザインタラクションフラグを\"%s\"に戻すには\n"
+"      ファクトリリセットしかありません!\n"
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "出力フォーマットを制御するオプション"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr "\"uif --yes %d %s\"を使ってください\n"
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Torの使用を制御するオプション"
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr "カードに対して認証します"
 
-#~ msgid "LDAP server list"
-#~ msgstr "LDAPサーバ・リスト"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr "カードデーモンにリセットを送信する"
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "PIN認証のKDFを設定する"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr "プライベート使用のデータオブジェクトを変更する"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "鍵%sを%sからサーバ%sに要求\n"
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr "データオブジェクトから証明書を読み出します"
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: ホスト名が指定されていません\n"
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr "証明書をデータオブジェクトに保管します"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "鍵サーバのURLを解析不能\n"
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr "プライベート鍵をデータオブジェクトに保管する"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "レコード形式ですべての値を返す"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr "Yubikey管理コマンド"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAME|host部分を無視してNAMEをとおして接続する"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr "コマンド履歴を管理する"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|ホストNAMEに接続する"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "カードを検出しました。シリアル番号: %s\n"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|ポートNに接続します"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "カードにsshの認証鍵がありません: %s\n"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|ユーザNAMEを認証に使う"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "今のカードを抜き、以下のシリアル番号のカードを挿入してください"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|パスワードPASSを認証に使う"
+#~ msgid "use a log file for the server"
+#~ msgstr "サーバのログ・ファイルを使う"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "パスワードを$DIRMNGR_LDAP_PASSから取ってくる"
+#~ msgid "connection to %s established\n"
+#~ msgstr "%s への接続が確立しました。\n"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|DN STRINGをクエリする"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "gpg-agentが実行されていません - '%s'を開始します\n"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|STRINGをフィルタ式に使う"
+#~ msgid "argument not expected"
+#~ msgstr "引数は期待されていません"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|STRINGの属性を返す"
+#~ msgid "read error"
+#~ msgstr "読み込みエラー"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "使い方: dirmngr_ldap [オプション] [URL] (ヘルプは -h)\n"
+#~ msgid "keyword too long"
+#~ msgstr "キーワードが長すぎます"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "形式: dirmngr_ldap [オプション] [URL]\n"
-#~ "Dirmngrの内部LDAPヘルパー\n"
-#~ "インタフェースとオプションは事前の通知なく変更されることがあります\n"
+#~ msgid "missing argument"
+#~ msgstr "引数がありません"
+
+#~ msgid "invalid argument"
+#~ msgstr "無効な引数"
+
+#~ msgid "invalid command"
+#~ msgstr "無効なコマンド"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "無効なエイリアス定義です"
+
+#~ msgid "permission error"
+#~ msgstr "許可のエラー"
+
+#~ msgid "out of core"
+#~ msgstr "メモリがありません"
+
+#~ msgid "invalid meta command"
+#~ msgstr "無効なメタコマンド"
+
+#~ msgid "unknown meta command"
+#~ msgstr "不明のメタコマンド"
+
+#~ msgid "unexpected meta command"
+#~ msgstr "予期せぬメタコマンド"
+
+#~ msgid "invalid option"
+#~ msgstr "無効なオプション"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "オプション\"%.50s\"に引数がありません\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "オプション\"%.50s\"は引数をとりません\n"
+
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "無効なコマンド \"%.50s\"\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "無効なポート番号 %d\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "オプション\"%.50s\"はあいまいです\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "属性'%s'のスキャン結果\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "コマンド\"%.50s\"はあいまいです\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "stdoutへの書き込みエラー: %s\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "無効なオプション \"%.50s\"\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          利用可能な属性'%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "注意: デフォルトのオプション・ファイル '%s' がありません\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "属性'%s'が見つかりません\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "オプション・ファイル '%s': %s\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "属性'%s'が見つかりました\n"
+#~ msgid "Note: ignoring option \"--%s\" due to global config\n"
+#~ msgstr ""
+#~ "注意: オプション \"--%s\" をグローバルコンフィグのために無視してます\n"
+
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "'%s'を実行できません: %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "url'%s'を処理\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "外部プログラムを実行できません\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "        ユーザ '%s'\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "外部プログラムの応答を読み込めません: %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                パスワード '%s'\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "PKAデータで署名を検証する"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "        ホスト '%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "有効なPKAデータで署名の信用度を上昇させる"
 
-#~ msgid "          port %d\n"
-#~ msgstr "        ポート %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC と ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                DN '%s'\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "鍵に設定されたPKAレコードを鍵の取得時に与える"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        フィルタ '%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "注意: 確認された署名者のアドレスは'%s'です\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "         属性 '%s'\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "注意: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "'%s'にホスト名がありません\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "PKA情報が有効のため、信用レベルがFULLに調整されました\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "クエリ '%s' に属性が指定されていません\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "PKA情報が無効のため、信用レベルがNEVERに調整されました\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "*警告*: 最初の属性だけを使っています\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|サーバ・モードのログをFILEに書き出す"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "'%s:%d'のLDAP初期化に失敗: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "ユーザに問い合わせせずに実行"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "'%s:%d'のバインドに失敗: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "PKA検索(DNS要求)を認める"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "'%s'の探索に失敗しました: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "出力フォーマットを制御するオプション"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: 無効なパターン '%s'\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Torの使用を制御するオプション"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "ldapserverがありません"
+#~ msgid "LDAP server list"
+#~ msgstr "LDAPサーバ・リスト"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr ""
@@ -11044,8 +11357,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "%sを書き込みでオープンできませんでした: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "'%s'の読み込みエラー: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "'%s'の書き込みエラー: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "'%s'でクローズのエラー: %s\n"
@@ -11151,12 +11464,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "SHA-1だけがOCSPレスポンスとしてサポートされています\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "dirmngrの起動のため、%d秒待ちます\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "dirmngrへの接続が確立しました\n"
-
 #~ msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 #~ msgstr "警告: '%s'は長い鍵IDかフィンガープリントであるべきです。\n"
 
diff --git a/po/nb.gmo b/po/nb.gmo
index a7f0f5514833bafa72c1b5539701b32417efc8fa..b6e0d75138adbea60987f89a8c2a2ad6f1bf7203 100644
GIT binary patch
delta 47521
zcmZ791$Y%#qqgBm0tt{nf;;Ts?rsSV!QI^{?oeQGC%6@NcemnBDelGHr8uSk^X|3y
zuKs7PvwJU_<!fdW_;Th=jX85{O!rotDAOFS;AoDM45x-W&Vd+?6Es+<juW!Rak64;
zER10o&Bt+m#e~F%t#zCeI0xfm>vfKk2>W4DoPsHFy^a5gYUeq|a~#)+w%#Np$6RC-
zLNc6=m>P%J_%hUuyRBDk`Ui|ddW;R`zT~KKxlr|0!TdPH#&=;U;x929?K`<PI!<{K
znxP7=Ms?sms-n*ri19a>5r<j}Vq(&(q00SY9c5jLnu&v$25;DOXR|4v9AneIQ;0xj
ztcdBb4{GG|F+LtbP2n{R!Y>$t{#zU;CMLuLm=@KMBB%!Iq3$1O^QWTfUyVudJi1v3
zyd<CzCfRB#NQbJhB!*&rjF0_MH%_*$wH~+LN9~CpHlARcDW4NH6BV&6w!%2Lb{q4r
zhWC@8o}Wg=pJF`xVAEr4H|goI2<f>|BkY3OWYaJ<ZnPdk&Cn%Gi;pk`2JK*<U}n_7
z^6g;$s}QJ5f_k<B^Wq!S+NRrSrYs!Q!8WKF7>24~KBmG0s17|qm5aX1aWY{#RDLyV
zggtN=o=26h<L-8xa02~NYqJ-1!voX}0ec*$I<~?bxC1qHPf;`U9TQ>fy=KWWq2k3+
z`Sq=xQ8O?MtKwozg6`i0RB`a{juQ*RF*#O2jj*G20v05`5i{U()Cl73a~$oVf|wp#
zV^WMnbz~K4V25n_Gb};ef4}1t)%h<^Aiv`{BT+rthq>`OrodPS%#373tz}hIg}pEo
z=i2mrsF{0+Iz7=2nhs?_5Am9q411zxX0kW#I?i&Na2OMkaSgS3-l9h8d&rD5GwQ~w
z7#CY%YV3>Z=v>r{?6L8?R_CzkXi8KEilfRm#&Ftq1`yDQe#bQU5L04|BW4q3!tBIL
zVQTDw32-KA#@5^Xlc<WnqNYCaQ8U%K&^vNe`eaOntI<`1X9%dl_m~mm9y0}tq8hA?
z1+X7#hBjk5JcViT9jf9)$IVpdL_MggV=y+c@y@6Y_s94+<G4NlYe~>1+==SxGiv~E
z7HzIHs7+Z7uVZJ_5=EReYuo^J|4__>Td)#7#d4Vc6i3p>aR#9}Hs-W(#%bnX51b_=
zXzDg#ar_foW9&a1X9D&?CdY|(#&qOQ)W~0Abd39_+4ad$Gg%O|N9tiz?1*)+JC?#z
zm=#0Zv!>_8FdGS-u{_Shs`vymVZn3e9nlig6Q78h${nbgxqw0V7DMm{YN>+H^9;fC
z7z?wb*1j03oZE~*VglVT1CGPYxD_>$yQsDHxnO1}1FGS&sMF9K{joQy+(1-)OHrG2
zAL@B<8P%b8m>XkU^mfd3iV@J7l|fC(uc#5PL~Xu{7#lyMMjqpmnW<bDjd(NECT@>f
ziU}AOXW8_%7?b#U)Dqu8?XiC`0sGHMcG*;r8#N_$t?f`#*AK&R2<E|qSO`C1e9U#l
zjJzDGfzGHUiA0Tj4QfV?V?4ZvI!&K27VSGZu9^a2)_RzL^zNt%#$ZBRhB5GW)Xbbf
zP5DdI(#5-G;zdz=sU=3iDX4~LqGoI@YA<X<H$Q<R1ghdcm=7y+#<Uc}QKw-uhT{h;
zi}`MtH5`ZqiEqLj_yUVy@|(Qtu|BH&atz1USPXOgW%gL-znK4`B+MqE3|_-v^xQI2
zp99MgFMwHaFlx%zVG2BqTHE`m``)5<x6f@eQ)#de@$9Jk+G89Xgqo2lw_P)pD@f2L
zJ8cWxLN)LfwV6Whm>bfdW~Lx&)3rfO={VHpoQ4H(FKTH%qLw20U9+hxVkq(6s2Q8(
z5>UaDs1d%!#F*lqS^EO0^qQ!(AB-BoILwRlQG4MMs-s^p5yrf4Hgh`kC!QZuVKJPE
z%}_Jzezh4TADB(l8a1*Bs43clrSSyj#NdZ!DvM)s;&m_y_C$4jB5LMVp=RO)s$;&7
zOt}Q8j^sqjyG~64+TEQ{4UWK+I2#w>Zq(W}d~9Z<8)^n3ZG54P??rXsEUH7#P%{zr
ziFpgAK-JR>wO4v$Y@Pp+1a#bHVOrdP0eBhJ^IPb_cc^l4pPG(jLal8XOpQIUKF-3%
z_%}Ah8qds#H(*`j7f|V0o>QLoozVn5_y99t)EB0KY^d}IREK^+?Sby-ivv*|9E=*-
zG}O6XjoQq+P&08Flj3944Een@<&&eU3UU+B$jYLotT86T-l&SE+W0b?e+X64O;iIP
zQ8N+ymFZA81`@A{nXxI3#Bo>;<GnTm>-3uWPfx-G5(?pVEQs$=n<UE{(~&Azns^7)
z^I{Wb!8fS;lfN|&p3<njGX&G&B2))YpgQsZb7IIlQ-6tf%)csXWfLZ&mS8LDc-_KW
z81KEA!m_A}T3~FPfSRd=HvT(mFPuen>~GYjPWHDs|2Z)`@rI}Yj&liQC9vLR{Dql_
z$NXT{ya4K$g`-B+7_~_UVn$qo9z0{yU!yt}|D$=Lrbp#>LXCU^>iz>5gzjSkF$w&Q
zQPB4j8w3MT1p_ew=EM*zhjFnUYK=RhI@TBG;Vjfr75Ho%h+T*uMi1uwVg_6rC+PeS
zBcKZ6eKl*F2g?)hX5)J>ocLE8FZ_)oMZ7N-!#_}aBIr9O0VA*op2oZw{U2Uv7>2bl
z5?OWU0cKRF<qvO9oJedzMv8y!Cc;qSi%@HN7`0SSP<tSO<Kta|5~$7A0hK=m@8JRT
z_hE^Ae4GZvSNr;S2O8k#<2|nFF_B9~Q36`C+Nd>Yi^13vqv3GWv5d6w<(QQC22@8*
zqc-tp%#CTI_;{Ze^-wd=47F4<P<vo8#>Y$OYPUZppv@F7s*iW1#ZVPDNA1!`8{cT-
zf1&n<hUbBFs69~@!>|D=e>Nt;1E_)BMD3-gr~x_wKCU+q5@0es7(jY{Oom~Y92;8u
zp`L&<F&i#Mjr=@nApfEVGw>6t0Ze^)R6WP|^6!riP)qdOnmC4QdRR7w>3MTh&lg#b
zqt5Fq8&47F<2}!%Ffr-%P#x@!DmMvp-~mj5?@%)nJIE|yTGS~khMIwrE&)wV4OGFV
z7>YemYc$=u2DJwcq8hw`s^AO8!RRqf$CF_^;w4b&buc=%M|H3VY6h2}_LjSzfHuVr
zRF9vb);@YHAMdj|FLoe40c+rQn_e~8#~DR@6;{LCAwJH19FD!PU2GqxJ>J0zSRsy&
z_bc8ERQwi})Je<~*T;L_JE0y#J5VD$iXMD`8d21EKHld*63j!q0k*`6*cv~e2GTIT
zS>s47NPG`!Nj{=xAbkRJD(YZTo&WI!^sHWq+EnLIGvFjN$0-YHW}2dolZ)C!Td^G8
z$Ap+Ak=aY7P)pYYHA6j7OZo%TpeM1}w52h=&VM%oIwqsACN4%b_!(1T!X!S<e$0<r
z)6dur1CyE#_eAaTC8&lD*!X?a-g1(e=Sxgfxs;dzi=g-Cf2|1UEjQU_96`;*E7Z#<
zd2;i7D2K&~cSDumf<^JMHEjwr)h$pnI2BdTek|(4_kYxbE33y?-oyFVu5Lww2M40!
z^KF40s42dP>Ur`|Q?3wd#u{K5?1k#+Ud)G2P{%lBDzgVlqsqCc899nNz86w){x!uf
zNzjO5rZyuAM=i}j?1n$E7<Nr#HrWQ$$nT+ER-Uw`q4ucFxdgR@*HG_{&#0M5md-q9
zDqtz%V_gE_1kPe<jGf+0T^-bJ9*UK5E2^O=8H|-t`7=?Q@g!=*pHas&MMfX*H>z$}
znD|-@!>6bj&6vsD=XN8YXZ!+G#vv?$L7B~3SHaQ5C!s1xn#E2%s$4J3h&z$<?A*8U
z^jXb_tD$CY5Nd|^VMTn0%%JOpW%KdAuLq#kXcwv@KG}V|@9PNEu~~o`=@C>#?@=?5
zE{B<sx)@G;5vsxas0U4|oTj6lQ285C$M_v)(IRKaWj0SO%umK3)LQMpEch7p0Ew5|
zSQ@p)y-*!njV<sj_Q5=POvlz@ed4$AD!ac>UbD1u^P8m#!}Qu@tq5ps$D>Am1q-34
zfRFc&Pz})G|E8ikHm#u9w1+V&@dxOK&rna!S2z@d3i&uka3bn-)Glnks0>EU+zND4
z6Sz)5Q~CqPVa_6^Bfq0=4B+r;x9395L>JVfb)k*lz*NM8ikSwoV<_?3s7=`iHIwsD
zQ-2Ee^70Ae{D%;T9cDU^3Y!qGg)wleb-(qL^)hB4|E`V42sh>9V{Fnr7!Pxyo)cwJ
zkL2d4w`?C&yW_%LbK_hR{7G1W(Q!Qn;Z9rdD5^tOFc9ydUM8<lGm@gXIp<Zd0P*gq
zDPDuxjJHt7GI<FzlU-3WvEC)1&GZoUgiBJ=Y^waIM`%OTNJpU_C>v2v$g>y=pQ1+k
z8P(yKrOaD236><D0rhh0VAH3fmTD1t&^<yxd*Bi3c*Q7fp3McUHBsN$x}Y}SNSnS5
z)q(S<nYoLa>KCYv29z<IF&%0zltK@-M!f?@A{}v^#RN3+qc-C{mLUEwYB!fCYhJHS
zQP1o?sHvNbI)2Ad9e;`HK+<xifqbZjtE2au4{8rAK@DgZ`s@6kBcL8%MNRD|^u>_!
zW-a5Q8mx$_U<hg^W}+HChFYQzs3l7gVd4>}hPtEfAA@>1?MI!8PgqXpKY0c7<ZF!@
z!CF+$kE1GhhFUY9ie?Japr)`is>97tGu00@lQU7rZ7b^jd#L-rpc+nA$(*(l=&Hv(
z31|~7MBTUzbv*7{|F-#2E1MZef@&xSs-u;xol&P@5~{(2r~y5+`A!ux6RA*prfwC^
ze;fiWNQjBOP;aYYSOoWDI{XJSVVbI@;VP(O+5tV-3$-_9pk`zvro@w|nR<pg_x{yP
zhmxQ=nztI~Uj<r|peY=Jx^V$&g!^s!U#Ly=4fS0wb9FOgB~fp`x~Ps0LG6*1sPn%M
z)v>pzJr-EQe5cHW+6#?c0^tOvVFA31+AP5}%^H<PZMHtBO|~30<!4cA`3|FEqFQET
zDNr3Oh#GM<Yb#Vo`l32G1q-3Ol7L41z-C0LZP(bE1GPkDQ03~O_C{Y+g=0`_y~L&;
zL(RlhRLB2C&2Y9l<~b9A>Od!C!2J22fR52#)Ra9(?S<rZ&6;OM?S<M{9H*dW;u2~K
zf1oPNThHwF3aAb=N0l3m+T@#154u~ZP3c=-OXAWH0rjv5Y7f-KK<tH@>LI8RFF}oX
zD{7PdiMsCz>g^e&fiXX-q4uapZzO6jZL?lL-Twv?(!LYDp&5B7>b%xK^{~B-54X-i
zb!0PYjSr(Lx`{frA5eQDRU<Qya;Qz$8r7lUSPoaB2J#MFtzA%K(}C=$ikqQ!bzjsB
zEJn@95sZfCP*Zyybu9gwn6=J^>OdpZX&H*@*k)9HcTh7Dqp7JkS5wZv&S6aw)YIXp
z4lF^f;U3h~-A4~P&CFVcq8h4%D&HM7!m+5CTaQ}Glc<h9L3JQ@bMww9jM_6zo4e*o
z)Qbc?0SBXY`*hS&ti&MPkJ|lzpelZe>R4b4Q(*@5cF5Wt)uCCaa(hvm`#NeygIfA{
z2b9evppjQWHP8vQt0Ph8_Xui)*H8_=MNN5dD>Jo)P@As}D*rdsp4fq!iF2qae}P)+
zc&$x4`O!n%twTV^qYtVhOHjx05bB1vsB;{zjaibCs1CG8RXhzfqP?hcw^0qpYHMa7
zBkDC>33Xb!VP1?xmc(@q6VOz>LRA>2ooS#DYVBH~2P4tDwy5$aQ8V@mRW4S0J2KSX
zse@{GAZi8|qX&1RmiQ)m|Niea0j-_?FZR#-sCZKwAAxFc7wXvDLRI(~RW781sW=~M
z#_FKT^+PS;RMh5MVLgx96W`IJ^Pjk*sjv`gDyySz=z$)bhZ^ZV)W~k5M(p3ol*^8~
zuO4a-{A%N~P<vrFYU(edPTL#Ql81KY{OiU_1XQ3idT=Z%eGO{L&!8H9iu$q|(#6b3
zX;ek+P#v6x9^8tWq08u9TGZZ()78|I6IE~BuAF~mbSFVQos4RDHENUnf!?V`O>Iaw
z(@<_yehpN|2BIolikjN}sI~tKRljd{lOKwzzX%3k<L;b)J=t25AiJTaa3JalHV3ta
zr)~ZnR6{RNPqu&_rd%FW2U}tV9ErK{0&1xOdYTU9Ky|nlda%DsKn3PnkD_jTjoJgL
zdzpA8)JO)SHr)c$2#=y>?m6o8MConvv!G_EI;z|NRKtsG`~+&I+*bs&DFXYLpGXuz
zP0?Ufg^N)$atgIao}xw?wXa#445%ktI0j=k)PRPd8eVPF&!Pr!2eoJZ#cDeLnfsaV
zd;`#*jGY*c`>`nc{A!-nVW>@33)PXH7zHPxIy@a?;11M`974_DP1GLp?{CVbz}UpY
z(R==@6VMvBL#_D$RK;si6>LJ?a1+(QEA-$O)b36)!0d@)sF|vV>UeL|NVlS%jCWBp
z9Wv0oMT=tso&N{|s;HTDIO>L#sF7VoEyY*V$WyUt_4X=;>Ud4mTDC<EU^uG7TT%5M
zLoL~J)E<a6$ShG_bTu`N3CLck%@t|gf(40R#{w8{uvybesE&2RVmK95@debe`ife6
z-yx>H^r(0x)LXS1YJj7MaQ-!AJ8Z$rsF%-o)EZ_QYDQEN)j)UD4E%=L3)@g5zl?ed
zzDErt-7vc(s2Qq<>Oe=-3{6JecW@X}q8o180-sP*oou)nVJXykZ;iTfFsdUPQA=<Y
zwZ^Yd4I~+1^21Q^)~F7TMYXdWRsTNgW0ycV5`ssX2TEPkS`EioxB_)-wxcSzY<-0~
zX8xnhNV21rq#|lbI-wt~Ma{rQ^xzRxJ&&yJ4+1$!NHE&;xEyM2I-;I%b1)K5;8d(T
z#_Zmgs3rJ_n#u%Y&F;^Q8bCGF=IenToQdk-PSld$KxWo;z7Wt9#T#c{n>kQVt_aj#
z=!t>27&WEqQB!ykJ@_5f;pF4ZQdC48+dilcEJAhkD5}0ks3nXSseH~~VFKFqO;BIG
zhNHfr>_M&hJ5&X!CYX_xKy{!MYHy6k!ngu;z8|1wApS&CZvj+2jZvF4615};FqHP4
zO9WKWCoF_<CYh<KWbKSv>q)51whMI}AE6pbIoT{h3DoPk32Kd}qNaKcs^OEU0se!U
zp*&MK|2p4|38+UiQRj0FR>VVC7DJ|*O<EUA5MPK|vInS{ai*EL2lXww2<miHLv^5y
zbvSCTEJh7@|1{3OD!4&{cKJ6{2a-%T=RYT^U<9gME1NzX)xbQ|8gH@rS5Y(a8MW3)
zXPEDL<xxw}5cA_W)Sfv!gY&PEyeC072G2A-%!P_qL2Z_9sM9bDwK<QXrur?aW9ep@
z2Fsw9s0Vs*0cz<EpvpZ%bvVXvrhGP+Kui)EqMmr|QEN98wIs7qQ@9>AGk>7Iy*@zA
z*eBFXB$#b}B9a9)WBE|^RYQFlZEw?uVF>a0r~$egY=H}?nRtm>qv&(YW=x0bP&3qx
zeNnrA40_*=s5QTd>eySGA7!qoFAJ&z<xuxGN8R5Y8G!4|CJ>8+U8o99U^Kjmn!1Om
z-5YD38BuZ6gQPxsus^DSx#)}AQ8Ts+qvBQ6Yx@>zMxUbU{Rcfd|LNwN8_Hr4GFqW3
zT7(+mQq)xaiJF;rsI?4UVA8W&tE19;qSkmC>bbHLwM4g39s7V<y0{A|Py0?T0@|(B
zQ9T@lYG^8I<Qp+JK0s~8M2k$rVW^pFj=HZa2IFv4N2Z~kCtFc7_6F5~IE&4a<v>@P
zr8EKcs41$)E=IwnsHt6rYTz(xt*@e{^d)L<d`7)PLYA2OOQ1T?7WK#;g__Z|r~z!i
z=y+ub=U-ENmjrbnaH*MzOsHd27gfP9^x#U=u0Cnw_fb!@D9g+Y6-LcuXVfN}iyGh&
z48l98^Zydnk+jQQ6R5b{Y>Muvp3gxwv<Ee1mrxD8M|CLE3bVVbpwfRqE!iT}l<!0B
zfv>0zq*!Tw#9I*6!9l1QT;~$dvD=B7%1bu>(#E5&G8KfPHc=64b=0P8i>h!edN&(t
zCU2u2SU*r}pLw-;sZ~PVHxxAk?lJ=Ez#piQJw>f?tTkrsQ==Z0MNylu1L_I509)fJ
z?0~t}ni-gnD!&KS@N-nXG1r+drMXa>x)ib}T&FhyO;tbCW}Amvf*q(OxQeRiE$aCY
zcfFaBbg1)P9HU@a)M==Q<*@;l!KJ8~eSw;hC>u;YIWdXOe<=c*vL-fTAnJxm-U4ho
z)EXZ~&CEB{jD>789nFGz?^i^ff&r)jt+!r4ZRSs?4y4{>_F7d;O#4n>n=l16(mkjt
zx`kTv*qhCW)1#)c1Zt+*px$bOQ3KeBYTzttiT**=lVOWlk_M>w7}TEGi>?YjC!mof
z*lH@ujGFogRDKH#z(~|-n2v$C1wFVQwfpa)X5t5`gW0#4O;#RNUl&wIN28u6E4Fd|
z6A;)#f<}G;HR2Db9tLhVQ(O?WyX&F$fNRqyqwe2?nu!w_6ThIAAYg|b5b794SX<fj
zK|47As&GCDx?vNl=a*5B(l@BLmb26B{@AFFlt#_WFE&0MwZ?mF`V-VZ;_fmd&xqPH
zB~Zt%G3q5W+$Er?Sce+%K`e-GP*1Q-yUk{-j@s?*QJb*~>Or#{b^kro+J8hXLFzqb
zMrxvFXc%gVXQPhi2Go<#y-h$PNx0W!lt5*4#lpA}RpCSQ{yE`ylU@#WN`|3kXbx&-
z)}oH#1=OSc9_qOfw9j-r9M$pO$bGJ}iGX@`2xH(?)RNq{enibk^!;WnOJZK)%~3Np
z6E#yuF%P~%J>gOxFngyAdWg41&D2QLeX}u|&i@Glu}L_OTKfm+!5^rGQXVwNt`=$&
z^+T=oG}LK0V7-kxp8udal<JU~xd>FpenrjD2GnV}jNZThe@{T0Bk5tYDe|K~@usM?
zYl9_mAZn=&qK?x`)F$#jVj9Yh>OfOeL&Gr|uD0<lsD`hj_P{4}H5KWOnu=@UMB*;0
z;*euzqy@1o@m8n`*P<RI+fc{uDXPK5$IT-*40W1Dpc-6-I^M@@{3)sf{wM7D&wIiY
ztcY5>cBqbxLp87qwY#68zBnX2Y08D7Hd!gugQXK{iN>P`SD=>kgpJ=v4Is)X(_YL|
zuIX7O64Y=-R7IUpyEGDu;|ZG|c-rihY^aWeqc&><24EvpgRM|Y=c1ki)6s)#Q0@F-
z<8M?zZ@bukm>%UsorcP&j<i5kI0QANb5IYE{WkqEsslb}Ou2Zd<C+aU*aVe7$mUN$
z?V+_;3*D;(G?Hw8nuZIY&UGc!CToSNV4zK(gn9t2L~YtTr~!PpCOd03VG;C@-VF6T
z7=l{TNvIjwhb)!rTq2+;d4p;&?m5%LET{(Rpk|^wYDy=gDq4w}nJcKx_ZEXN;d!$Z
zX;7Os3##58sDX?}4=%v$I{ya<=)Ar~jXd!MGsQVko3Acvw~j(JydAZxAKJL@MYB0`
zpgPnD)#2W#C*yR~K$fHGKV;KyU>w?aUJ&rbf6)(pFPVP}=8yS_S46GpFdN@$eTl_L
zPkY&PxTSS0YCxM%54P*52h|Hy2V-0@Gm-|qKmRLAz(YnY)N$&CdS)*`ZMuu7DgKNa
zd5Wv1fx^}nsQbpEo{U>jd*m*v!9>?g{kc%bvj*xx)#)1N-$P&u3ED(kP(8nh1@Swo
z1Np8S>!T_di0aTR)DrDOP5En7J+W?>2C|{zHBjZcqv~IbIz^{$aQ+(-ct=86ta8(A
zk{PI%(JCyBTTx5!4Rt)T{AC&}j(WB?MKv%DwV98gI{3sI>z3(I9t<PB9(r(=OF%u^
zh1z8IP*1wpx6RrYLp_Rnq0a4mRK+JzQ}_n!Vf;Jh$M>C4yL=03rjDWNzlYj<G47g~
zOod8!%Mj2SbwW+aDAZK0x9Mk4YyJe)fvES)jX6*qsEaz!15gc2K^@c8=)r@i&37NQ
z6h8M&$3l^Eu2Y17I#9zTI2}<_JPcLgEYy2@qxA@Cvt2`#^Lt=Am<ZLOyr`M1kLt*1
z)RHW~5_kx8jQt;KKrTN9BcL0apdJ*FxYvjCidxfFkIm2Xr(rPZ7f>C$|HQ|+iQiBo
zyZY3O>@#|Z$9-nk95sXWP)pJa)v-w!O8d?V0{QTy&G30{);tlaU~%+dUDVR_Ma|eu
z)LL&sb^Hj1;w>zQ&I?m-A!}C*BY6etct1f`yF1xSv%8z48k~aa@hXgo$87wP^&M)j
z1i!M!6Ls$Eqh?|RYAKf4{8KjlwT%bAHs7vuzvlew#*!pxmv=_(%9*G~=YG^k&!L{}
z&u#i=3??4^jTw1j)F#V?TC%FBB^rd9@|mdmH>1kkM78tvjcZ1j>aFQ{4r^7^p6G&_
z+WDv%*?}7QB^&>4^Ao=_&-h%Z@|95?Z-eT<V61|3Z2SdkW&_;!W=-Q`EE4jd2TP)+
zuqEmn%V;c$lTlB^v#5&yMxBD-zl~|E1yRq5%ILu!s0OE@UPg<t8oK)k6eke-gZb%K
z4b*X&i1~3dsw2<QgCQSH2Xb0#p=P8n=E4Q2C*lRvF^l%e{0r)QIGFfK)RQ#xXYZdQ
zT&E!cJy>R<&h;T2iZ8JpcKu@3^akoV5ct)MG$m?^^H?ie+oDdz5Y*dm8s^01*aokm
z_CWD(`YAf+uL%K7{Y><}r%}i35NZnVVI_?A-5i_RsJ$@;HIkjE5kEuSpYk8mKw;Ft
z>Y>tyVLe=6{feb^{%ig)1%5-F%WbIL`wZ1{-+xU*c`z^WR;a0-Z9Ri}XXsmmc7HZh
z2OFc7U_5$oH)^lkMD3lo=xVnH`S^NwZCX@;Vpsrcpc)#7dM@lkEx~2fIe&&8jN$9+
zUAoMuy;BQAu@7pq{)TGschuBh!y@>}*Vpy-G>@OJcN4Wh-7p5Vw(GDU9!EVVe505S
zW<zzLBx;kkKyA|5sHNMFn(EuA4i${*>s^9|sCXar;OwZbuXm02kf6<X4^?rHznQ`;
zSb}&1)cK!>%HNH8pxi)>EJ}chr$imIau|rUQ4gx-s6EgPHItDT1DCo4w00X%BmT?!
z2@4UA9nDN-Mf^m(6KZ$2j&3^G7qvty&=+rDRlJ22F?$SO@2~6WkI{(_5A^kJ_6exx
ziaU>hcIk2~i|4TpCJFNO{-%;{c!2mP)Y|QgX=dOGs=`mGnemBbI+_ACkZ|<J`q&hk
zp`L&TQKu$Ouy+8iQ<8uZx?y=-j1l+}wR;PMm|fi(HB-}3OK=E1cpo*@QDXagPfZAF
zsxzR{OQAM(Rn*>Ug_^<9m`LY;4gqbNt*AA<h}tCopq^}=IA(-pQTZ*=gX2*nT!$LK
zR@674N2ufb9W^uY;+i$jiQ4t$P*Xn~OVPd)NuV%ZK<(z>cxG+OqI%j3wYx{7I<yXh
z@Dh4AEo!7e@y+o}gnDpgK|R>2qmFqq)Mo96Avg_P4}oR2z%lC`)X2V|_Jotb*9nJm
zSR6;Art%bO@4UA0Bni#Pi=p;PZPbkPu#Q0;=LM)o^Yw(BfA#1E3F=`$B2$3}wTTL#
z*19_CSam~<Y!GV7m!Te1S5QyBki=%sgkx0VolrB_19ksM8=r<+iWP}D|Js!gNzl~i
zO=5c35lazYj%Dx#R>0gzO}>l8i0{NO{EX$WKr&zN|AcEWDt;N2pE9}WXcNp#d?sqi
z54!|Z&`Dt)6y;Gpt%qu$4eEwvsHr@Un%XBe?w`_(Fd1r(WVi8}7*4zmYGzlU9y|w7
zGkX;^gYG*5+O4TQreI;zlGH?{cSfz%NDReUsF%`i48WJDk$gbSSk6#i?^ml{sN*^h
z)v;5kdf%XyDlnCI54lcZ0@}q*Q0H_s>io__o&Q~^-TuVpf56hjW281Cs)~9kwLx|G
zS5!SyP@8xKYLl+V@pv68VcRr%a&rE*5zy=MDdxjOY0ZeMpw_M#s)B{622P`<@Byl!
zAE-?hH=Q{Z=}=1-fjWMpQA;)xJ-E$!1-<|K-_Ht=5j(vpkO>zMuYgK_fjVwcGngsN
zh?>$;sD|5NO6-pwoP%1by;uux+x)y4&5YHuc0gA>8%iJ?7os-bJ=93wpdL8UGMUYp
z9hDx2;aCS#;Y@6WyYUwc&Ft&_Uqp>Zb^I;rt5^IizD`FRfGYny3+G=wt(MhP)E%`+
zrejguh<a4M#u)e+{m?I)nVA6e5ci<=KyjO13)OHZ>txhGwxI_67pnZXY_1tmaCS3g
z=}{vpkLpMV8y|_Pa22M&GpOVA618`t<S@rGH)^w%NA3RFI0uJf6ZGUXr(+PNCBDKX
zP@KRS)G-RlWqMi>)sgNPfzz=n-bFn^bLBRhwF7E5FUIuv7S*A|dCVy)hl;nv+&Bf*
z@G%>AUlPz}3e9UW%Aig`2h@#=QJd>Ls)Bc@sY{p7bhHp^CYqtj^+E4$N4;dWp^o=4
z%!6-HGm|dA_Yv$mH3+EUiKr*tVbp`=4XVP=sI^N}z)Wozs)33a3)`bc-WT<tT8Mh0
zZbl94J8B@I1<f(8idv#y(fj*9MiGcY!f&X}H6QhaT8tXm1=KNohI$116*8wJG3qp=
z$JrQ$dZgaK1{hS>*ZT*Vwy5s`FHjwcUc}d#j|I^C_kULj6d>Up>bzzyYQA(1#<Ii@
zqxMKpG4m3tj4J;dD*XbE$M|99CAJtfqc>1{Cpg@ErK^vfiEl#9V5;Jr|84}r3ADz|
zsHsj;!t90Os3%+-)FZh+YN}`2{QVe8{1IxVqLuV@{>GH}72}mMkLuvkW;549)zb%c
z-_+8afA1zCK@Xl|sHwh$TH9BsQ}7Q)M^72ku}rA<cU26>@iu-2^}Gly>+AiW+r>kz
zbz4-qo~X^Y4U6LavYdZSacDX7b-NvwAie~3%pPM&<(D@%v_d`G7hCV4-VLD<=IeGv
z)GnWeTJtj)h|f_2`-FOsg;X#mbqQ!n(qRCWK%LJBYZug#Oh+xnUewy3$HEv`(R83J
zYD&A|Egz;9HFMo7o44R}R7dBcmhd?0LFT?8pb-aGF%4HoW%R+kI0JQl|FG$wP!%Vr
zYAPy-g@`vpb!-lLmk@PYUfFn*YG#1RQO}RG$jrD-K>{jR8r8D~sF4mu6`X1F*PxyU
z2T^amd#FwK0d?$xs+*ToQB-}EP<yBa=ErWRJ+un7N48*2z5n+T&=kK$jW|IKU+?el
zsfb;Ouf}SatfqMccS5D_!}^$`malUK$KoJtQQOz)hYzq8HmT$5{S}T|QT0TtYmQ}o
ztVa9JQUcngpD+VPsb`iVD{7=QusF6xjdTSz!E4wI3)VNAbvEj&*(KCc1T-)YvT)R{
z?}B;&%|&g_)9C&C|EC19k`S+<xuFE=cy&YVh4mPYXRrbWH!^#s0V;o<buVf&-^8i-
z*~Z5=HcPM))v>#%J(Z*h=RXO7QccXC*PEbvwiC6<F5@)(f|`j5P0bgFMVO0tv}Wc>
zRv7iju7}#?qfy6h3kKtU)af{jI$iHj9Z1yNwIgnBGP+@AGG<y2qxQxd48w#iO!+#f
zT|W|adJdwdK59#|g!xhRG{x2&$8o47c;Cu=kMOiM11;qeP>-6Sp2;K8gG;dr9!2kQ
zYh&JK1u-S*jj=cmL@nKZ)GmL8`l6Dqt?6I{>NznS^@Kfun&CfD^|&txXexr*`FelR
zKt7yHd^nE5)a}i&T!$LrWvqnJelc&k+Nc@Wg!%9TYNS~@n9WuXl|BkpZXZUVZ%1Dz
zT<5<M0d1;C)LZL1YM00A<m=SNFw{t=V;#JTswhWiv+KKKDDkz}9{<E*Sg4D6`Se9~
zcpuilm|e|4nqg+0|0x8*RRGm9r<-}^SHQ_cC)jwZ?q<qbqh1~(P$NBz;rJHy0L#_G
zjJQ5lB|Zt2e-GPY>Yk>9<FGL8JEsVE&ucGJFdX%u7>t?l0_tV-1J!VW-lkkH)J$x*
z@vk;sxQ}_M4aCyqAGPtIzGmb#QKw}Dx?0n11oY&4f?9$U{Y<<%s$-*29XNnt_zm@-
zD*UUj(;Hi2B;G_F%U}ANrI?5Okkg4iz|2Shr%m@2L(N<pm-FA4z*G{N;d>0nT7%3V
zCa2>=;x|yQ)dPdgY59oy%9d=1`KebZ>OqtSM_@@jf+tZOnmE*)u0yEPau@a8FnAaZ
zYQ%Yl`FelPM_a5&{03@9G7L8rG)CPx3AI`Gp{6i!ggLH-F%|KKHtwQkZUJfuuc2lz
z%1HA-Du#i?E4u{L!}_SrG2Ui;wEB)R1!G|l`AJa6HN8!*W^IIVNpEKzfQg7tvaZ7T
z#1Gm0Yp4#mFA3<2#}`xsKBH}esMlu_8_$T*iRVQ<P{L48z+X`hu5G9hUPO&J));ea
z3t~-`Lp=x1qGmE+talH%PF@14pgHRJ3_@+n6{xq>b=3KeKF*jKLx@*Gy*nDCM%EYO
z-~`lpUxeChZ!jh%9&hSRk4mqHIduMq5Kxac+l;%Y%@HHgJSwxJI#kid2cjyRjWKW~
zs)JilkMhgt!SASgl20(3vjl3_H$&~YNX)GBe~>^ze1-b5=|9ml9D$mVHmKL?1k|Qn
zjUK#<Iu*W?O!@q%k<~=)kpZZNmSY0EVSR`G#G_B<{Og7g0&1Wj`eH4Nz`Cdh$YRv)
zeu{b<22C;X+^8k0javKRs0Y+O)QtRt`W}&Ts(IoyM9si#Y=Xz9a{gNp$S}=JRU~Q(
zH)Be?hB_TzY<iaIrd)MYes5HVW>|kmy#*hl-h#<zn58R@O7D*9=xWr=J)FV$*T|C0
zG(9bfdOh~D&Oi_GEvN=Bp{Di&>LrzOmU+)tMOD}zmA(<xv3sZ`jQ*QB4LLCy@$RV2
z+TSIh%`^dZ<6NwdXKXy<Y%|66QM-LK>KHCTm0xGmZ=+7pSJZ$K%`r<*81)=zgi7y)
zTC!QF^6qg0TB}FaXmiaCnJ_WwB~hEM5o(i8v989<#1Em)`)iw?WS;3*F7%Mz0#*Mo
z)DkR1)prZS^!|@G-(=K8P2o7yu04S2=?BzE(=0GkS_{=+e~gODQ6pQ6+T~|aQ~TKZ
z)uzW>Xr7R1P<x<&H}3MfClEry2<r?~1uIZfz8f`FmoYZ}ZR7rn%m~w9Jkm>}o+I_G
zqfqy4L+yc!s0Y<|)TWNJm;uv1|NP#Jv>$3OtVB)Ob}WzAP~QbpFEI^tM?HcUqSp2=
zRL4G|-T~2;nq8j^^%AO#I_4u$r(y$Y=`N!8-~T(y%-SYJbs#rt_ZG)k*cLUC-lztq
zp`L6jQRn##>IwM`bzj!yCcP%=)C{&RMD3{q=)oJyIsbY<d?!I`S8#<XP}SNV^<Wx?
zTA~FueWUdhYGe;l9f`HlOm$(@-f4l_8<VjDZbc2mXO+oMxym(x$|Pv52cS0JOjOTL
zqt@&N>UHV6+B6W$nh&)(8>7lku<7ejQ+)+B)!%G9{Teg!3aCBM!6l$$H6Qih*^c^R
zaS=5mQP!FfB*k#z#ZV6*7qv-OqVC&++5^{6BYuvWnON)0QsqabH$*Lgiz@HVBA}74
zM(yIG=zUpW5b<}Yk^O5;x!yDwhS~!SQ56nG?f%)QhEAZqlD$Cfjlc~izbI;{enDo&
zb!HOKra6q^_#CxHSvHze5P>@H9Z=_X1{TG0sPFl~o6I|-GO9y8P{(Z+YKjk_?*H4y
zQ*Jg(Tpf$({Xc?$*60ux$JeNl<lJJ8PZQLV%tWpAaU1`F+AA5inzv*lR0kHL?muq*
zh#Fv;ZDs%!P*1?&n2z?H-2_z8J)4nWyD3l+RpAiS^I$n@WG7G~dW-6KvK=P99BS8h
zL3Ln0Y7_o}+B0uadnV~lvozVzRYoNOI)=Sb@hw;qZ=pt>YL{uCI;tc6Q0a3}o9r}d
zjX$6|mVUQspgO8tSImbCQLp!_sB%AcbN)R9GVU=IMW9B|9W~NLs0L4>ULG${6{gv1
z%GE?o?NI9~)P3hr_kFSHNq;wga4CW6$Pm;F?fjkduU-0>1TBI8KGTsxs0v!3dO92n
z;Re*EdX5z^#eOqm?NJ?>iaIU3Q60H~T0*}AW`;7L>aCBOiT*AD-LMFCEDl;<qmEIs
zgQkHn)aGl4>d0@_OQ<ytIb=GX2USlaR6}D>9av-I=P-cydyIkZHyiLjY&KJDR0Ty*
z&w=)+2gP7iLsL*wxE=MneubKm)JM!8uWO^0Y87fJ@1gco?4zds!l<clgAB-ZrV&tq
zqZp2FP-~p?n0d=JLp3}X)!+ft)O|z`COd9UOHowEx}%;8t1uj&qLwhz39}@%P%|?C
zy?_5VpFk}V&fAO(CryVUP*c|fwG^{ZyL}JpiT4n7YW_vdP?1xn;mWA;<1qv`pa&12
z?!SkvG4M1$anbqjMnG$F088Kr)EWo<VV0mQsw0h2n{_Bg!9}Q<S&mxEQ>eXk8MRkF
zVq8pr#&oza1{1G^dS|pkS3Ms>KvOam{cszq;$5hB!Yxz-?@=TBf$C7`pJvyWL5-{<
zM&NYR9=MC@NaC|*FGOH8;(bvwIOHtnUu!vs1bGm(hEHrf<vFu<rBNg6g1T`c>b1NI
z)uH{UhVG+A7Vo@yhvY=1S3w=eL8vF@3e?P8Jnx#o6B4v5zoSN$>4I6?DyWyvIMf%B
zqo~*QJyb`(qRQvIXqK=xs)5F+85x6mE^J11__|GhgX(x<_mbHhMKFwnMyLknqK?&8
z)XY3VElI4)W+b^#-~H;Nz6*9ob#T4)6sp0;s1E*vI#sEzn9W@s_1bs)6VMdRK=tT2
zYO0>2rZVnTbBuDJj%ioa)Xhe%@p@Fnk5TV{gx5^GJgT0)s3lv7nu*=kd)Qp(Kl*jE
z#vQCPFct+5qIUZ^On`4tBMP`-$|py4upDahwn9C^N1{&CZq$q%LM`oW)E<g?)7+O8
z^XdH`K|pIY*qgwnLREAZ*JAv?eD(jb%Q=KW*!z|l$uQIiS6eUG^l#Qww@rR|Ygbf9
zXQ7sKH>RR}=Pm*DEXo}-g=tW0UmJB^N28W#7HSGlqB{H*_5D7{T~odW>YLFB)QAtG
zI`|H~<?fk*)j;KsMDOqa-AX{a`5tOBCBARswNMR>Lp?&bq8`C_P@5|L1M@c<g|H0q
z@u-epM3oD8=<9@I5iEfNP)oKSwU_>S$obcZ0v?&KP}xwMsR!yMv;;NsbEt}aADc&P
zUepMBphma|E8<Di)Fyml8Yqf-7qmgm%rev_eSj*T;HhhlL5rv6fiVzkkTC~q;v1}u
zrJtD*&OvqfKI)vucy5+1A8KuDqfSvDRL5qc${j*=>@{je<G(N+EannWLR-|Mb`omW
zE<=3_K8ULD4(h!7y)?%u8S3?#57kgB)QpTr&D3s;gRf9i@AJz1RIC(gi6^6$!aYMk
z6+A~hc;db`YnvH0(yFK@U~kmYY{XJ{7j-<-y)m!f(x^T1D{7?6P~}gf2J{_0nCPt;
zc|qiuyG{!ND$vauiJFO3s3+b&8^3S;jCvl#d}r=UgMq}uQ6s8|df>FP@u8@hT!4Ch
z{BGkHF|p47I|8aO=)IYV)Tqr;0d*`#qu!D$Q6t=qTGK}u7vubG?oWr>)kST*4Qe0*
zQO}JjsAISQwO6j8_kaKMjevR<>w|ecra`S`R%-*)42?#ehNafas3i#aXnt&$4i(Rc
zQL!Axz{;rSNIlf4YKQ9Rbab`G`w8g$KSsU(Q+zTFr9zFk25L$NqBi49R0nsXM)DNZ
zvB1w}28*B?Xo<Qn6168*pa;*O>UsT{^B+zi&KGkGYoIn`Csg`$EQwc8yFKYwQ*i`p
zv-UtO!8p`ZFF-w*wxZ7cbu5C3znO+>qfSw8)J#qM#`)I_tS3PuxQv>*fbXW~F;Nw#
zM-LW3tz{$BlC(#ih7qWapR(!iQ6mig$1F`Q)QsiD=-2{1*wH1Ro<w49T#M?+UDWF}
z&JWYU2voVQs1Z&?Rk#&(-tVKHBMJUBn==fx>wm!z9F3ZZ-%xwt3TlbmD6F_{%!XQ{
zI;dkb!1^0%*KSA6)EjJr34Q#$d&5P2kywT5$PpX=jM~(3ef_*&Y%-!c-VS48BzkoI
z=Md0Z?llR{CDhb@w8ruC^B%)&sP6@pQJb=nbrk9WwHY<Cmsl8+MDg=JfNEn|;v+B*
zo<WuKi|WU*=ltg&pz~Z7wOhNRIy4?ta4Bl)&Z8;__V@GtE4EVDo%klygDPEspZDbw
zfm)jWs3~5B+H@B&3}2!zW{pNWwD05~ptUWB>OdRR18J}d;7rse+<=;yBj}HJF#w;S
z%D=(-7!cjh`wx(sqtbuJ(s&8=AWIs<q-RC%-~X2)poTi5dO8xdrVCJ0xf^xNK4B;Z
z2AY}4ig}6GN9~b`s1ct)?Wy;uO`R;r&%2qcqGoUu>dCq{$j|)$|M`mq6^t6w&-)-M
zh-#<{YQ&RKn{yqiV;51+gV*T66tT>n2t(c19<>DHP)oZDRsSQ@eMy4N0Lllurovt%
zsK=8~4eUaV<Pt{1e^JLNT8N+b{HH^mhTNzbtB=~0-EDlHjc-Stf_tcreYWu=vCR_X
za0#fQvZ%H1gxbxcP!E)YsAKaCwFJR&%w9>2I;JI1_ccMSZC})VV^Q~QMh{*^J&?Yj
z+DjJKblfdTKvUEZ)x%M!FAl4$dr=)ai@GsJJTp@{QSthy`v+UsqL%C$YK=djPDlLs
z=DvcccynZPy3Pm!n!35DXZ>+hg+U2S4-23k$<<J6R|oZ=8G$+#J5eJ$gF3EnZ9GLn
zvt-4sO;BG*24Fs1i{9V=^?-mz7%h?6?Io}j@qw5h4_UuqIPu(x&6@T=y;jGdru;Y5
zDLROHgkMLUj=&_Q<Hb=O?}FMBi!oT|e<uMw*-qGutEjbog_@DTq-M&hU|HhbQ8Td{
zHB-+}6(>k$*19}u?c3Y<1k@(ofEv&VjE+9ZIsfW$AOR1iMtwalg=)ALYG!t!9#DVV
z{J1I1UMY=Q<2I<hFcNi&)}fBu6%5C~lxB%4qSn4MYAL3q<otUG93nv@d4NF};xP>-
z$I8Tuphh$n^+el%nt@}eiaw&IJYA@1pbo|${wr#4j6e-wC2FRQqh{h;sB1P&?o@u>
zf3wvTRqzJtJK$H0zyhhwS`WoS#HXO14`)yhn$K7X)1@&p&;vEnxu^%%0n`8<qdF9n
z);wpjy9D%Li9q$JEo##&K)rM>+w{2U%!n$WHd}4fQVm28Za~#@4%Ogm)E<hT-pp(+
z3?SYZRjxH^0PZjwSZBS870K|;;OG6zrz)taorQY9oJ4J&o2Xs<2>tOpYQ%mS&9O|6
zYN!Y*y*_G>3`7quMLOy_M+vAWFHldi1eweYIZ)4qn&|B*YUC?XoAw;)o6S@7;8)b9
zOPbk~tAcuz_eSmh$*37#jm_{rdVl{%=`5zA%BV+d6V#2}F%CweDp-hNxC^yMzM^I(
zaaQwIi$KL))JQj=?!SV1;5<Xs6PnF*xDaO4`ENi#kIdnyf(ucb>Z%H$e|9s~IZ!iF
z2KD6YidyRt7!%i^8r+3t@DJ3~$ID>`SOC@W@~GEvTXc1d<`U49o<=qN09A3EoaVR`
zKpnGRQ0cR=03JYf_$zAZa^^D6g$k&d?1(Bq7`0cH+w{HGbGbPGzGOTkK|Vnpx93<K
z^W`>c+6T)MUxPY+AF(Rt%wsw@1huwXQ5}1U+8gQen&(A+R0k@fmbN9TgKl2Vzs}<n
z5>&x9R0FS2Gm$Z$*-Uj%OXQ-~cs6P(Pov5`M;*t+`OWdIfZF|oQJZ!?dhi(PLH7hT
zGx6L4X0sGREk!ddhZ9i+uc0c4TF^Xdv!dQ|m8|_x`OB?;qE5jl)LzM4$i!=-o-1Qe
z9o~->(0xTfySh+ebFTYYhhb^bBT+Y8L`|7*5i_y`sHx6_+5;U?<(8mk;yh}mq7*fo
zI4^2bHbL#BWymIUoy!E&lfYu8BXv+cpMgd3AZjL@FjG+$)RNW4ve*|3;{ntX{bNlW
zZaS71HDeu6$8r{`zWwNZ|GyxhhC+&)o>xYVWDx3xb*TJHsF{je!aU1spmu#9On{S7
zn`|YjgZof>;2x$#r=)o#dr-%>C??nWuTDTWcCi^FP{(n$jc-Ox{c+Uu;HHiHmogP6
zL3OkcYEv~sH82u&{^y`h(|*+bzNO6!WI<PJQI|k4jzS-N&1Zuj|9r-uX^p~<W=QNq
zTvt?`Q?5YrD)9M2dU#a60}$5VN<^{ciV}WKx~@BfzmxAFubIkmjm2>RtiL~%@1Q_t
z65gA<|NS>D=|8VMHt>~l#RE9&RF;;`d?x(gt1ppElvz)He$;i7PikA&LEAxZ2JJiR
z$S6j^O8?2YW^YuX$22h4=B35HwxaoVbbpechmZDvPQ-1S&(9vbmmbOGZQ4A-^GW{&
zn_wGP^UYO^&m?=pOe#)K2Re|qfbj3+-6!0XMrPYalh_Wn=AI1pzOpuL8s+a&t~-tH
z=d;A-@4>y~DSD3l)(l4b&zZ=Lxkx?CryLFS<P(igbp6qXi(hErz0RVC3S$x*PiF$i
zzm7?%Y&4baCLEp56w2l0(}T40d=}YGn_Bo8AnmOoeG>c6xy23BskExP#Wl^2q6g`3
z2@j;8hx8GIUsLYq_0(4SmbCUHuA@O+S-3AHpCjb+8u30O8d9bv_4|;PioBoKtf-8?
zfNd}??ziDaD#*<fxv32|#K#ZBb$y|-xWu1Rc8+cI57M^S{8*UPrq3aL4fkia_3pxS
zHXKS`7tMcPZn(+~!4!;3!+-KwO6GsBEX0@b`D)YaQpq6Oh{{Ffp0|98^C{1#7Ipn)
z^TWwM!Dp(C_u<}p#2YaPHy44i6i!GdW)S{)b)--((seB({F%=<+xQjIw(_Y*g`JU~
zF*`d^S2DuGDCb8ft`Sa2_ziXUL4Ki%Glowk>McM#TU6G+4uN(Q=uQLi$f!$LS0Fd@
z7Is?ksl`pza6jp7a3tlL;5P1QMMJtyQ_s(<AL+U_SPN0UAmt|W`PZhcCcgx~f5gdY
zZ%j;~&4iy&acvs^gGP0&=QG|mQid{nsbCPFfs_rQOcT;x5!Y9$tCVZSy-&!yfV%ck
z-$FiFDRYss!zpvy*7wyV5RcD!3b*8@ihO=vg-9<&`f_g6^_)sx@u@{PpG{NxJ}TX9
zD;!FPE|b=pPk-tvNqR@*mtJ_UFybj~**{6~o`2<Zwuv!mKvz6&=t_7IpZs(plC%R#
z<CD@>=7)b$d1F42_Wp%*O#kNl=hcq*aw6I3<WxSo{?<Jv=sIJF=z4_wdN=PM!|LEv
zo4%j$Z{)w=vzE%@klvdQe@^+|Re{FK(#g;NOJSzC?<-~g;2vFB$ZySkrzpFWw7KN>
z)cC8B*^Pw$-eTrImu%zjNuNkTe{Kq(_k{`T+Dtf%3U$pQ+=z0;$g9AIe-7aAXBqER
z9xsvCiTihu_k^;Ch#xfBPKf5erL9zH{ISiMPvbo)==}qm67BWSRyy0-i1Z#*d|DM#
z>CfwT-OI&~keyKSs!%?g?Q9a_gUQQB`~VhjZVMNug5o4Jq(WUT@ict?;O3c>DMR{p
zI+lVPJCM#_;W@MU?3>bcR9v?LIe&52UF<|^Mw&Uq9SI08CQa8k;*<ES;IoPvPUFw3
zHZ8=YY+}-SQC{D{57_+6)TL{bjSrzmp9n7^JsD+p>M5eHoVs>WQCB;p?Dj^b^Ci;z
z9ZKO4@}t{MJtBUE&gcrJ%s+%jl2?OxMZyc|)PJvnwye_l%SP|j)Sp!xL*$Fij85;W
z(fDBETWzmfQ0WlTu97z6Kb6$5l>}gWIyREL0o;?B&pkS%%hwJ>UkY`VwF4|lnbb<q
zE~?Cpf7wwfO;<hAGT08RBEFh@KU-;K(i8q?hVs}>B_@Bvf9fetnLRYPoKGF<*hqd)
zI@^xVDdH(8>+T>if`S7nbc~9R686|$?!d$p+QnxmpA?jRVe?KBUPL9aiMO^LT}hdh
zRIba1d|mui+yAaN_Fg6Ar=2eR7AuEuuHNe*l~kvK1lX5PLtD6u9UZ?o$_b^iuEduR
zj!W6O=2mAo;hUr{Bs~@PHY0x5-lrnHX(KE5&Lk}jex!_k+*L#0A`)?v{#fx3i9fHc
zq^+l5I-B;53iLnD)b$S?D@QyfmHlfwU&lI2b#dPs^19do+#+u^VIR`A(lK2p`Q)N(
zq)s`%QOfDdO>a=wX~MeN@_7^0drAofal0=4>G_(iCWY-@u+8%p;6LHiuz+S4lV6i~
z3Yrh(p6|Asr*JN19@#FQrHrz!*&Yz|UiYbY2Ibu26g+Mld4c?5C1<(q#6iN}NYhu&
zZ1~c4s;3&E%yiN&@R`d;*DR}v@qL22^+)?Nd<xRocJ6;~JE}4b^prS5Vlx`zw{|&Q
zsB|qEDfyJ+=2CdZRyqOGlb@XQ2Bhn1#iuKuK<em#i^=PR6KJG5<x|sWebP3fE`A*4
zY$v@j<&zLjuTwh2W||`Azx!xN*BuH@BY(V!{_npt37sOnFP-j9xE<x2QC3$lE+uak
zX%%Q>oUQ*9WjpcFRg6w~FFhqT@##Q8{W<XG)zo$%jlDtX-MQ(rP2W!Wd*sz(H1i1S
zicgq-l;JET{RHLC+eY}+bKWb5wY2TfBg(rW^fm#3M3~l;b4F62BA@i6RkUgAD3g>*
z$B_1s2KC2!kFBsU>3K=l6`lLik=}yF`KxQE9S$*BPCnAxlXjN6rjyo^zw36gkmyUH
z$981*$?&DJVSI+zv@7ICa^qj9E0E7?Dw)K+vDlq+NH4+X9_bIbuN|L1$;*j9ulD~5
zFDCCW8DsR8I7uVvxp@PL{b^(t8CQu9`OghOjQCgb5>Ylf4gdG@A$<~Qt@!*PKM|S!
z$S+mnZ)|yPa&Irf&CrjszWDP>>Jq786Fg*oA?E^(cOz{Zaa|V-PA)24MMXz#x{~>K
z5>8FZ>ZdIY$kX-I*2j;joR@TJA@>zAS^R}4U;Bvb`jztTQ4(|wpzu4aOkzLMej{Fq
zg3$;!rjkN@Dw1Z4JHHaYLHutLHt~7DeQRvRs_$Q0@Hia|VkX}c-%L6`lJ;I54ch<a
zib{pi$c#nd!&G)2*XU-}cjeEeAUz&w5yZc8+eR9UVe@)$zpgmcagMNl&~=}@qLe>M
z_!8j{xR8$IwVnGEh4vp(co_*jC^(J+x{eSZW`f@TcBayd<m>88`73s$!|0H%#5Qj-
z;bG)Y<`a#M|7y#{S2}f6!oT?hkiMQa&g#z^lexJF6%D{-+}M_I6mFhMUMvb#<g<iu
zQ*P8%#Wt$&S}NsN(s_Rp+lzQ2+Y#kup|1Vhcar=iG`QB@mxMB<$y-Fd?j|B<2;?Rq
z1E0$jj7_DzN!!HDm8qziYU8R&o*x~{MY-#IYVgqyOR`WtEoF6W!A#scfDb=_b%L;=
z$@2a;ka#rOyg=RqeS68x4O2+e^^!zg^=(ggQ!s?jBpN=>N7qHluORJ*Eo)Nwi46G<
zsHXy-?LI%>tu5(dFH*MJ7TQoMn+-o8T#VY@+V~u*N=~h%Nv}uRAi@X9*R_cr{X_ag
z(npZ~lC*@xlhYGjnQf2rlBR1V<=j7P=0qZQxQSou=)Gdt^hU&&kg|pRQ8w*64W=f2
zBYq*R1Qkx>-UBv2D`gK8Ps2yoC0l1H+i+d$SbYPF#^_($g7djiS6eDd#Z4!OccSnp
zlkENPV#-&gVGqtAe;(ytkyFjyTh3Ol!u-b7|L=NDnJd)Yk1`j%<?PvhNU=B+?n=eF
z3i2sQ!QZ&y7o3an$*YOm`P8Sw6TBsPEfUui2m4UwDHYG5a|@`iHt8j8epK%1Oxk<O
z<onr4wZD->UlOL%P=9XJm4dW&wlkNhAUAosuJai|*=l@t*|d^`a}eeqxH)MkJHlI%
z*PFdx(XQkTrUMTtn;-j7t|@J}8Eo%vV`DOO)y68ANR`<}l-|I0?pIs!DdJ(I52M@z
zdv7Jm|3bx~lvzr848pp4@X1X49qFBHJ@54YM|+_+n@waBdr@FCH&rFxgwJI@t!*VU
z$P1;C)uj3J(Y2J%q5pJp3Hco<A0NBWsq6OMq{N@uas^1cz-P98j`JH+l9G(#eE8>A
zPFosjjIr?(jojtN#uP4W8{A9!2-1FD{K8V_25CkAlcv1rq(7&g>*Rgovw_b%KD(*s
zDP<4RuD;tjYl-xua3H<SM*J-wU8DIt<@1=EbOn$<iks#T529jSzj5DxuV<9GMt#-n
zJ(J0w^q-C$Bmd_$nY!EvDymP9R@#ahk=RW=<Lb+eo5&l-Czx^@_@p4c9F-5IOhVFi
z@%N2RcJc;O$3W6z*hU7EmW#4`{!b^5bI&&FKIHv5J`d|iDtloY{fnD@NUKYMxZK#5
z3Ul)5Ya1&?g^&2`r}9Pip6Zk<PdtW=t5YY4U!|_I)Kh|Z6YkkTT0K6ONV`qmVZB?|
z|EG7oDWoeE6%`<S%2rs2n>N#d1Kf1SmcK^1`s5EMJ&+EE5Kdt`*@y;oW##jPdrx~~
z=07g+oYc_~i|E~2k4kl|Ad!DZ=%~%qRFH}IE#i5p)EC1r8)*kHoO^29&h5p0)KiTz
z|Gmmm_NdC?E<VpFw~Ba0!b7Nk7a#Wu5nZ8F8band5~mQpLU<OR8^l{+VOx1Pm8jG6
zDYKV!U9qTR4&jD;A}Oz{0gkp|#ivo`7WW>Zo_n^gY*E<%JIIW|X9byyaRC*V=EjB;
zDnob`>6dBnJ9$5^Kq`yDl&_{i{{69Y$5z;ra(5`yg#66h_n7;~l2()W--H`e?>F*q
zkaviCQ|nLQx;m4PpUgEBPEE!;J{MF0E+b9Xbn+vJ&m=to>Y7i*gUH`bc)U$h@$P)e
z5}!?@x<YUX@&1$_ZR<-#`bC$FMfCn2-s0m=csLnlD14kxZW`lnP@VJK*oRLn@-mR7
zs|}xlq^%%-50%E@-WtT;k-w6>a>R4eX<dUz>rDJE`KvJ4Bs=a@8l6Z5y5>^JZ8D=^
z848AR({jSPJ`<m38{S9w=k<vOs&ao9TkbUBDAW-T6I1RGpLq7ZaLP6(zShP^>F;rt
z&;ebO49+}mPEFcqKG8`#ZYx%H5%OYj^Jmfy5}s~5o|cNIlK+Lum-G2~b){?$eW)uo
z<%d&#BjFN+pK(uX{n_eQ0v_AQcy8WGrmmwD+(OugwCA?R14)lX+E6O`h5OE60`jus
z2<oUx*#O&t3&amohpuJhcjLYsr0u4BOWWRB9i@pRJhL~ca6Eg{X7bkCaBiDlol45^
z*~C45<gK6+m8tx{S0!6{2JY!)^GZ?n4EMz3)EpyyEa~~U*DXq5C7B;cd_{o;e6mu(
zBhtSU)-{NNH)-_e)zmidJNJC1TsiJ9!Y7kWA42#TpXc_5tE!jqZpz=r9ps(hJ}%cO
z!A;4@7)9b)8rg$CFcY8nqz|Q3e^c0dhyHVp3diD6+d-wx`cDVzQ|Defod!$%pL=U?
z&pp!9U~&E(iSvqr|MwdH|N1%?@T!Vyk7xGI0|FtugFLQVAVI`{UXYg{B8kW=a6trl
z6i;$?l0#1RNzdLVyoG*f6{|%}VOwZbYJH(RY>?qmQ9wX#5$Oe~fPlc)BFaVOVO50t
zn{(zsMBDX!<IJq}U;nlC%$k{qpMk(h`GSO$^uVDnWK}xQHZZ#wU()ln30TS;^sC_<
zir?*w+i3f*nMVmcm3|aleXvF60<6}6Sr8n+xD;c7PU;hE4`{pM|5|^|28hlw-h-_h
z<4ZIpz32yM-@hkRDK3~L@V3*Kx$vvF|HM9brv@dvPZ)dz(1rYY+BRBuT2j`M^<Q;>
z62<|@PlL~bbP4?iu$LG&qrXNw)q=^y=Wdel@Oc&eSnTK2{U5>bGzKMIP_Cza4v`IT
z4Q)MSPoe7v?hA;fGEd4H#)p_J#b#=KPi=e$-!bS<!u2rY0dSPyzn7-uefp;}*nb;P
z86YLUg5(zZ{v>oW4o9)w#e4_g{j?fzE72$A4ETwfFsWO>JOkX@_$p}wS0mbdbZ2Sj
zus^G9d_U)%b|0jJ$Z|7=sX9O*;9oF5p;)v`t`q!WY%fBVrpeloOnvM{==Q*M5B`_%
z+s*tpv_Fu<e(bx^bq3oEzq#L|u$i>SI04W|#@iS#$N4$tvvj~A5T0eeiKgT;9rQK&
z_rNCQP3#T9o`>TxxTZ5dPU{1%6Z#zhzo0F^hVXlQFg_1K2@YyC3IV;#xHBy&|HJqn
z=#?}{IHru(L0#Sd5_=E0wrRV<ev01+&2tRfE<NtAjBz32jSw6myDS~x6n!2fy)@A|
zY;WMaLA%sqUx{ut^V`s?KOP$l)}#H604L!4Li>&e*Hj064%|k3F46|+RgHgfUkEn=
zdKBeHw0j{a#W4+iYsT4{>@k8V*#o8@x?p0O@(VCI;NR4N&fr(A#|OYnp*@Q3U2vno
zJqu48=1S&1f?~f85Yoyu30ulYNVa1828@yq34ES;5%X)XErxI`?Md`W*@3+slOVc=
z^uq`?Lh~xjNaj75UyHp)?RXy?&g%gEG3>=KiGDu7H|QV4_Ax;o!nq@DlKwJ9c0c-g
z^t<tS0sKUIA0H)8;@21M9P~<>f=$PslvCIish|JG0Xzq3IsL0RAI0##CK(F)J_v3=
zmy|+1_zt|F^?<Z3<b!D~nI|O=zuoXeQ7qT`7Z~3Q*N52JV*6YbPe0mD4d?|RRgY()
z?*#C3+TU>6i){jJ6@flhtAM?dRzZ7=`6l`sP`9E_(+Q75e?a-8H+cIu;j3gE{cPgQ
z{X51=2H9lO17#YZVhEJHrTYN(*C9GZpQ{3E>8ATj_%6eDv?gy&@awQ01Fz(9^xYZ1
z#<(YA1CD95lWPBeql09j$O1G)XWoSQKEPWv$u^vCM^{(YVLz^QWAQ8FW7IU2gl=a1
zFPf6aX%%1}Lca*Uw;3zRP(T0uN`q?X-@-Us8xNA$cpQ|>)R=?V|3aI`{6ShVwm%bi
zxb}&I`NvK8uGJq>PM^)H4$+C8*Py2qH}O+;Ko}R5p;`@yucIG|<3()GFixl6j(xr+
z$;Y-*yP4R=;**rS!9AiUL$TH1|9|KldWU&Zf{a!CxTHdSP-lFY@okKUVQH-$CTiOw
zkSMtc{VN2$6a59g<k#q%pueE;oprCU-w<5MowR)Izl**?z5mak><!WVv{cBxX1-86
zFid#?a-oB_WW0ssR_d>PkMUOonuGn%5H6&@RR^wN{DDdepSJYf;abdC$wkfoo_hb6
zXtHS-Kh@*WfCgyr2N2c6VLi6a+Hso3-O4-<>_9L{*@>=_HVDNb`rm2nLB>joz^;dT
zDdV;3{Hv1PL-(Z`BO7%e#^D&?ne;8_i@_Dse-Gvrbf16=sWD_nuqi1=H<fvX!h-pe
z=K8C)AJ8AAus*iAVX})s`V{?1K#LeBr9eBcM_+=n9=5fRDmkb7arlj=oq%{DOTVg)
z|BKo`;laPGz|%tOzQ)H@fBt)#L9WhfdJ;(=1H6V-S0va1u<hyN|HW4ui`5)iLH`{I
zd`lvqgByhZR`jEF(3cpurG>#9#NJ2!{GXH@{Y5vTXse5;A;9q(@DTQqwE5VEXnPiO
zAI!%DzDTf4+CqpA)0ET_cqG_`*zdu1jQJe;l*~fMv!j+*+hoPJMm?*b$m*2qcB;9!
zYSJA6&x^)qnJLy~2~-C{;XrZNwv;(k9P{iSVag+}m!K(Hedo<p0oVNzq$(2itlVH-
z=9o(!DtPU~t2c@UrJ=A&EUxJDr@f-)={19DfA;zXQS*D5UAtM1t5+L%Yo4gRuz6rw
z6DMM+piZFDw#q`)wo}_<$7>y~Ef_e;3OOOq@*;|;Z*H)YRZ9MLu&<TtX4W1%`H%G4
z?O$~fHLcH{tNrhDHCZy#6mv}ZV!9a8Xl^hRt#rzwQ^LVOl{GO^<%J@SJK35zcJ%Pc
znM2gNIf1Y>Ttz9j!&PKk8i`s339kg8G*H4yIYCQ%Ta|$sR!MolDYLC<A+J0V^DHOg
zg-Yzqlrb|LFEG8YRaRA&Us7(D_<ym)wKAuLc(p;B|B#A&#S$O3@Q3#ljhdH+qAdND
zoryT%8S?&~BE6|xa+i2swEDrGsmP=pbAp+&|4?z4XcuyVA*bx$ESH==Oq68H)QKWT
z<ap(_rIWI3*P|jrZn+)wr%V#p`s>z;hJIj@2+38G#J8s0cAprY>KEE#z3f&hUd;A4
z#zf;Tt{3F<<2#XJN24s=v}nlF@jbhe8VN*aSQLUScg4i^48Lm^F~F~xBL*~AN!R&K
zRVA77gE?Zm;TxMpjyyh3<fi)F9~2kl_+N?-41ehYQQsfGKs=BYFFhw#S<HUr`rj-N
zmi%&o7?3Ro{#JAoP1tJ+u^MA#$aTp^I!i?R47q)oSS#9HUcY#i#rON?F`Fz^2L7_=
z#FI_p)gQ0KkP}zSu74C!Ax}Op9y0w6FN^*D^5r5|9#}5&(i)f8@gP<#8cu*OtP*=o
zd9YSYH2t<xWM){2bYur9CW{-rSk$os;jmR52*+%f^0oq2)Gmocsj+CtrYeIft;&Fx
z;y=-vrC791q?_$a0*<4WHfp=Eu-f(L)ywDqcB5$DDiAFxS2*=Ob<c`iw^2OVphMJ~
zQeyLuQrjyj?@M&j2nDSwN{-Wz_=3V6qEd7WRM@CpcbdwqG#aV2Iu;BWJ)&sv=qc*N
zOc^zB%ow@)9Wf!zkGwB>`={R*{pEyRVosWWVvpD$-`*?g8GhG&qJdSn);P%}5l(rm
z%Iey+t95;D(CsYW-6xi%H!6uZj$INz?CgO*`H<+|IaKCEqIUdpARF!+brvrJ%cGH4
zS-Dj-a73ZM;E*`%H$E)tS@DZV=@P3HBfP^24XERvGP`J$|MMfFm4E24_%F%dW|=M0
z;}umTpE)7|#`S#GY#6S5yZX?dV3OY-6?cf@F?Ww1QZ#sWqKLSC6Z4eWS|7FJ8?IL1
z%Bj8zqoO5LR=`!qMcteB^eVR6C1u(Fxad|tQ(f&_UdeU0Z1ks`6811frxkT?VJ{Re
zn`(1Cg+pbRLwY{}<b)*E{<>3Qcwe>IYOfPP>T>?XWnUbPRgh%@EB|#$yeYDD=32Mn
zw6F|6_?74_+n*747@016X-BEe&T`W^F{{3ubxCXy@?K%&r#B)Q*9lZR+^<eqSkBBa
z3i9$)o#iL)|4=v{ix*(aMs={mGb%jWjo&@;jeO%ohFsCpm?UJ+-bN=O`5QG}%95pn
zjb5g>(;qO)XyrfK(MXj?h8p`CU-c|-0Lpk11{RD?z6oCZNysmss@?>aslwa3j%%#W
z(=a${JFe~WGI>^{OdaL2$`}h?ZmX@U2soDQ1lc}|*VVxsb?vZzA1Yk=`a~nzu+<M=
zgezId>~dpAjz4Lx(YR%CfZ8wJx{gQTO8t0#_B_Lq{Hp3}nn|n1I4jze1{}`{Rd8aH
zMV8#!OxbLaQ7W#dEGnECUi=DS{O=cY`eI{Q6WQ-2qld`iC<4`q`ft8$<oYt#%=S0G
zY&_uaJZ&`bpZUF!E_*LGdZx<9R~q-F`nk2nPT6UVaiW>OdWX?GTM_V1bd7neN+9fi
zx!q{pOerfv!7!U13R0#Nj;#NVQCL6QtBz5+j-|@W3RL@xU89FzwA<*{LVe+nKknh(
z#&?F~ms<r>{iB&iOMmP~#u+(tzj1@<-*kxi@sEw)#a|2_j7s(<Hz?gh#<8Z-`O^5=
z4;~9ucXrgzI%8ZXKl{pfJwxvM*7!{1T?rbgswz`Et}4N;Vpmi#>m%U*^MbLWsX9}M
zG7cq=#-rc!*E7pCmyDLFew$SDfS;LW=1YFn!-2F`#Wp`ksAaGMs#>@P^x3f*n75|N
zV77VQ^lxisHq5X*&a@qsgPWPdMAzz&tDX?sB3>|rdx#%Ts#Kkj5NA04ig3CU&xm}Y
zxmjT50aF))!$s~z?b6c3m8Rdr%jM$#Z;qLl>26(DVcF_Q@K@!UIeyz#=5?}lD|2?k
zE>}Gum0Q<26eri5&fOwTtZYV@eU(piG#85w>h_J_riq6n@Kf(dUY>b8&41)Zv!CBM
z-yE^{Y07Fzz8OpRPhT)v`<J?#js1Iim|Nt4Tg-Nb|3*)<L5F~sEKSR;;ODqtOdS9g
z!a6$d1^uv0=w&X=XdY2N?y90wr_58U=DGf-x0$!(-cvL?@xnwC+Mpd)2fE_2M<uVZ
zY&pQR#PtIK$Llh|lDGkj(8j3)>Zp4m-g<e{?Pl)fM`iFpeq&N+^{CYGRZogq4VBXs
zM^#Po<^q%dDTL>skXI$<sZFg@Y$}~Z_=2MR1StO0C~&+gF7IaorSMn5>ZFmdSS}@z
TxVvMx&#0(Kk<mi))ztq7=iE9+

delta 48729
zcmZtP1(+4bqo?5>1qNmYcR9%5?gI=AGPp}{cMAj$)<AG~3l`kn-QC>@4uRl-00H*<
zoht5fpWS}8|8G@wb$L}ENN#resNgx1gWcP4{iirw$)Y<>a(ox*IA?+!=j1@8I!^Re
zj*|^zU|}qP(S01JD<&e|ceUdj!^s#A8?AAi#MlLs;V4XnOKkiIs-F8s*KyW5PHqxX
zpdM7UcC?PP&zE2Uo?o}|xa%CJ6!9p`jw7)gZbRksTW`uMj4_GVK{dFAwJ#=dsDCm6
zRlM4I!ukZ&lYkA5lMYj&@|CnU!8pYGVHO;R>2U|9#e0|$12>v-a#+h^eA1g@D(ZK7
z5J-Sim4GWT7M?^6;Wbo2|DYO_auYWez}WZ`24ibXh}}^Q9gS-EGE9J{QO_Ts8u}UC
zqy*AzcATsjff}lIr~-OmLY#!DaXG4>lc@LZS-)5lZ!zh4td%hX`PyP4oPhCh8S4Gr
zTNr-@u92Xgy~8pXyw!2yVl7mI+MpWL&BiC73Yu-x*W2_nScLQ&sGcX@W=1dqHC1)3
z?NKAwZyVzuMqn%n8q$r(;&(2fdVCwJptIdHtSaUsIvtbXY1B|YK{YURhv`{X)ca*H
z4Yox!Xf!I{I?RlxU7O(}HY6eWPRALHy-_cG!$?fG%T&}7Rp4k;{xw(~gLgYlPHci2
zxe2HdT8N2p8z#i_HvZH;cYXJmjEOKM8M0zktbj>z7OLPa7=lkQ1%5zPlwhwJiHw+x
zcnMU`8(9ZnIPv+YMSK(0v4DNvHRn2+322ejMit<qTKqd|Xg8u7a>G7<k0pr5-Oqx>
zT37%lq4J%;JopIJp`-`Qh=rr3x&f-(L6}<mf0=!70@Lu|HKxV*2Tj8YqK9}B)Z7h3
z4ecBo-(cfsF%jtxQH$#fs>dOROpgno-fMvI@E1%={mu{qYUwgehevJvZ)>c>W=ON3
z8c+$9za2*62uzR1QSZOTRG9FH<K)2ns1CJ4t$~rKk@^E&W!OnT1wKa&eaxd~h|{4e
zY>i4Ej2fZYsEYQYDtd^SFn|w%^5sBPSQZOn2h_+cLN#<3hT(%_jK5w8I&OwIE$ZYe
zg`rr@#+#yA{4?qR8i6_&=Asto3RFXHT0f!=w1g+jVl9c+i8n<}O_7skYAc;&{8d1A
z67u3=tb{kPEM_{zm(Pc<8O9>s_q1^YssU3`BR3z5<34PKerNa|U^`?soKL7-v+u0w
z`5lZwJit9?R(&XHD6^mzM+FSP##kF$Vkz8(+0ggAX?RY|PP{3W!|_-ZuVZG+a>0C@
ze!>jI2cbrCIjTYKAp+{zeT<E-P;=#T(Q%?-5)8rAsJYLH%2xw*0=B@6*dMdt5>!Vn
zpyv85YJ`$rG8KnoeBw1Rkoujr1eCEes=#TeRk{v!9vnqA=mF-z|4<FfdD%=^LDYzJ
zMD_T0)Z#mgaqurx&;LV>RJtqtfWaD=PW!(B0nNogjEAGV4_I6nO#C3K2j@|X>@_CD
zkgH}FgrP>HytO{6fgP|IcEh~55ewl{On~XG(Q)c`3K38RO;K|)0M+w3m;|?@hU_91
z#HXk!NyC!X^IX;nsD`yfz26rT;dBhbwWyKVfg15U=xXi)Z<vG}s3H0Z{c#AY;*qE!
zn~SP=DHgyjsKxdY^JC;qGZj5iyI~PV;$tj>8E=^>?2O^W7v5t0a}u~sLJ<tT?Kl;&
zBI<=17>ReWD5kk%7Fkn_AU+05;|UDKxPO|VPlIKNXU4496*c7ZFePqAP3@&WUGw67
z612MCqJ}ErT{BmyQ7<;YxYz|XB12F^ITN+WcH8G?Q5D=rttH=kCVxWIBF%z2IqRZE
zw7*Lr1A$?vxm|;rn<uEL2)%Dsbx}-Bye(?PMxpZUMD_4KYAwWmVCFtED!nwSLtRlF
z=#Tku0;Wax2m!V9879VWsMVbKp?7~enJ^9UoH!k8poaFjP0#np?EgBLj`V@35n7B<
zxC3*c&to%^c`ya>a+p;6zcm51d=P5rW}!x62dZK3kc>|BC#E53QTa=wR(BIrg}pEp
zj=_1j3N>|=pPCVAff|7UHa^K4Xa3g^P=WhV72QOQ#0M;avHvm!)j%z>wx~J(6}8<)
zVHnQGXm}LW@U!;$158HzGipi`Ju^dJ8tYNN(~dwRJcJD}-E-5^fmnz5LR9(}tcUgf
zHebt4n34EpR0ZE`da@U$Aw@8V^it@HRZtD9jvAR(=!OvJOF%sug&Kj`r~<d5M&=^w
zg%_v-{9l@$Cq|7_4or?^QRTF>@t*eiWK=n;P~{)N?0D}b^REKqyfUBDFw8<c7Y@UQ
zSQj6n2aCNnyQK*hB0e0onh)S%{D|SW_l+6BPpF2acxx78A=J4s0JGxmw~W7r@EHji
zF#bDp5EVf!re85V&Oo(%FRFnzP`e`9KW24jM#UST3U+OLC93>0m=FKO+?f5n8R4cb
z0TtK}<KQw>i+9-gRn$KH3)R4o4`#LJ$IQelU=HkoYQSR5hR1CB2UNZc|C%*X9ku=H
zp*raHBB0ef9W&u>^xzYl9^<2FSPm>rdU4eA;g}1Tq29lNvC!v}Ia))|pLlZg!_=sJ
zVVDprU~KLGW(4Aq&=q6iFjUJX;T+t6QCR)6aXNM;ej7bl<v-Ko&Nz<v9Mt>SznHnM
zjOB=rw(-jtNj&~nJ$Ly71c4ePOv0l0*!zHa|Hf%Xyag7)N2obW>-ad8u`brarART(
zSJVjh_wn&IWGOZ$UeMRa+n`xkiug`UjXr)p=J$VE0-CcjsI|}?RnQ-(#dpF!e}ngk
zd;EQzKp%!Rz{jaiJcvjtY-Jsa35YMo#JCf+wl1Nj=rM-kJ9MKH@Q-FP2BYHXF&XAS
zHK+n=Rrka^xDa*HT}6$^pQx!z$X^U;O{76JpeAbdw?lPk5^6E;LX~?rx{vE!wZZ(x
zRzgnnZX?uUanXZ|P;2Bc7Q^fIdD0*s@3xFY^{hT>akWA9(6x@U>2pyH-;Bv|caZDj
z-3~WMNI}9!)RCDerjPf8N`vZoHB?XfqX(B@Kc?U)s-V)rObIqeO=UalbWBS8Fsk8q
zQ5{PiVl3kl(Ejac6J}$4;s-DZUPU$R4Ju#kP#^F2KN3?C{{=NN<56?H5Vh@gp+;ao
zYGlr%^4-DI_!c!qZi3h*kOfshaa4u%PzCfteKv=qTK+q#f%|OwWsE`mDXM{QQ6rc(
zj#*3DQEQ?As=;khQ#~B(YX5H}(1C=IxIW%(*avywoWbFkDV~p04cFs+^pEf3w8JM@
z0c#}i@g7WbQSnDu5_2c?@$UN`7)*RGs$-|ogU>O(Hg0etAMb&X2J`ZuIkv#**b2X(
zde9=VncJxtPW&L|#ILBH=SX69Lu1tLnSwg9*P*_4*HAr=p49B3yqJ>uoi+rtjfSBX
z&n_&B&oB|@O=cERMbw<NMvY8A)LaH8_woMp%7|L5l~DP5qZZ$Itcfd7Q{bd9=S3=X
z_YyBgKy&P*^l{okJXDMOp;q@wR7J;Z{26LdMNef8mISDL8Bn{V6sjQ|QD3{6HvJT;
z-1n%DQkaMRuY;kg$Hys-y)goJT0fzNxL|5CbZt=uOu+~rrT{h6zG;mqQH!_`da#C#
zceBsOphk8Xs=;s4x+Y_2Ix|!`QD3<Vs1{Dd{J0CX`ro1EK53ZAR}(c7zhe?yim7lv
zs^|Am9ZHbid?RXL7vdMND3*3Jn8h^&m2nG}!+%f}70YNA<*%r@Ta7wGPoYNQHR@pT
zWHKL@CKyS45k}!7)S}Cp+0;`9D-$1ys>i)%18K9E3>{I6a4xFHr?3XT#X?vntB?1e
z0}Mh{yc;#7Us3Os$!3o5?x^(XSOV{&rZ`=8A7=!%Lf&_sR|K?5bLKD^E1=fISkyk=
zYUBT*dYnF|8M<1iA)bsC@d#=J<LC16ey*#drg9vrA(ychrpj%0OLxqs{Xdg{3Ob6~
z=buqSlP!-K%ATmX+KM`0KA?J3GOu|)6t#VipjQ1C)Y{3M&&T_x<XWhPk3l`(iCWZ8
zCG|T=^P4%YfX#^yz+U(O)u4t2e7wK=$Kh30{a>g#JrHiD=q2i)Nl?f%JOb6@VW=rP
ziv=-eVP59{l|nTrstAiR6@hL90&p_=;Y>_{bMQCZiH9(fJ*S=p7BxRia-kYn2h-w6
z)JU$z(Rdftke`d0_qL#>=pJeWJdx~wt@3J-CSeq&A-)sS;~h+mfyGTvGopsDGHS^C
zpgvOTFgET(HQ+op#()y$W7N{x+1kfCv;_M<BN->ygzeTt7>D$;sIT2U)FS<WI$GnF
zG@sLqsEUhV5LUuKtb;MIF~-8SsC+$8`G#RkoahqJ$72p^NKT`M@*8T-(v~tq+yJ!*
z$D+35Db!G=j<O#e)W>TI>SQ~P>F_aXt;8yAI$98Qjx<G`l<oimAp~Zidb$+V;$5iE
z=5Z{ES5b>Bc^Q*l3N=;L(SzMl4WEiS2ezY*<|kJFvgW6m2etSLAkST=6#)(DAXG!9
zqlRb+YRK24T6_w%D4(O&L{K?XaaL4Cl~4_8iyDE^HhmdtyB<QlAHBT!s;0+$+W$of
zXsEiOT0R3+@ex$P_fQpnMNO5bf@yG7)Q`<ps5$S48q&e&i?dNvI1ja0uc0~`TG5O^
z7-rM{uSr0Qa1d&)R@nFzR0U2YQ$Qlr$EXtOXdaB(UdvG@-CI<{3sp7^u7!HPCu(HI
zq6gQZI(8miwfF@A4NbHvX6V9D+pGktfKI3ahN3E7hT3LlP!0C2YSvD6)O#gStG%;z
zpnX0OH3CaeQ?#op`(HzQodo$GY8RxeW-6?L>QNWe^D(HQT!UI84>2yjLM>Lm>gMAV
z2a6D|ggQq?VrE>2s`w^qdw#6W{`U~@t6{$1=};q56m>GzMh#U@)X(Qhs0J-THFUpy
z{uVWYp*78W*-#Z#LZ!Dut)1bhpLAPMyX~w?KwrCusFsG-GDDOfb+lGQ{jlhd+6B`w
z4{kxNg=ZLvX?`+`tvPChW}){aL~XZ#+GdUAMU7-b)Kt1IfdB%FP(53LYT;p2k8fMw
zpc)cb$28D`g^1@zjnpqTeS&p~br))iE}-%~LamL!y590!ClLWHu3V@GHBlqc64mn2
zs43WiI$*A#7SU(a_KH)_Y}@jv5$lCo3(HY+z7;hE_fc!Yr@r|iQWP_4{|_Lbp<IS4
z_)pZTe~&64xPd)7QLDWvsv%=gQ?d@#z_X}|o?}c5YG{T!A*y2qQ6pFmwZ@ubGU|8w
z63|>tx1K;%@D+9BrfFmrQ+aD^Q~`rgQ#Bja^G&FRKSoXER~t{#*rew~HKYvcy*lXK
z|D6eF-;O{nip{8=+(h;86RJT;nwSG80@ahDsGiS5P2o;dL++p|h||<8?o6mfR|7RN
z-7z{2Y|8%E$v2V&4fO`poZm(@B)FN`HhEADY>wJ3<545C9aZo>%!&TZO@s5H8c-9p
zmO7xe<0SOpTGUjYYwntgzL207(zY-?EsPq%#;B3#jcVw0R0H;*z8TL@+c9=avvx{h
z5b=7b{oN9^`g^0MW(>x{g{a-I&LyA<&Y^nn64g>qD^o!PY9yLjhoh!qH7ehE)R4bK
zjYR6!riUd_Q`Z7j(Ql|lz5unYucJEbz966m1hz3#kPbD}RZxqvFY5Uk)S^3u8kt9^
zDe!4)<~|duqKfFj4yYj>gKEe&)YtVYYOMse^G-E?{v)6{s)JesE~?<=s2-h1t%-N2
ziqp0?BTy7I1<g>4a2V?3TY#FPYp9X(>tM>ufGWQVYASo9NBe&P0Tp}@^}-!gPy9NX
zjA_x^GxRPdRK=4}L%0<^cosF+uTgXD|FfC8WT-V#+{U}x`0tpO`kgZbw4L6f3JmUK
zUJOGI@d~IR>wwBP4mF3%P(9sceT-TYaXOp#vZKnYf*Q%zsQe@B^9|_z{eO{wdiD-A
zG|7H38B3vF{28?d#@qO6)LJ-;8v3WG#T(GY%z1v)d(BYK2crk)+4Oy=5x?Js{jZ9@
zlAvF&VO`A>)I%+v{-~i}jvhRY>d`aw&TTidxH6#1DUB+)qfH-<YUmPFgZ84<z&-Si
zba(c@hBmCbsi-U}LmO0qlTZb2N3G&ZHvSG(U}z8X7mB%1CtJ8R3N>QYP~ZJds41Ik
zpKm~wyT>J<?RFiNF<MX4paNKdcs<nOS&W*R>!`)&*UL08BYKEeK|Swmoq>99KWfh3
z+qmaf(~+8}bH(jSKn2b~4b^Vc_Pb&;d_#>$SZ|ZBDr#i9+xRThqT7dB1GljhhW0Td
zR1;NR57davL9L0M$jH0SRRWre&#03uUSIQPx+qkSYM~m~-=;4>O~nS(8aa>E@GBO^
zs{PE*@zEGTd=hF6okLap8vQZ2zZ%H?i%TGgguJK`D25ucI;e&XLe2F|jDtH-`};I%
zP9LJC?jx$;OspxrpB<II4yyci=s~SHE#9e^RQrEB0S(P1REyuDdX{T|Ir$o*&hF8u
zAwGc7@g1rmUr+_cA80IyIx!od8a@g&1*=daa0&H8=QX<OL9{_;4wIpJQV`YhHmHJo
zqjt$0)ZFhwP0bV32*vr$m<hG0id$P_IPo!95Ragy(iv<T7B-muUzB(m5>)U|jE1XF
z88@K{ypEb0XNdU)lLYlVGin5?pnBX2HIh?M?`=SRbgrS^k2ch-Ee|T5b0|Zt9+x9Q
z4fqu`MDtLKW+!TO-$Z>4Kcae^b(q<|rBEZ-7}cPzsPd+x-aCrQ|Ij}Ff|`mn!_5ek
zcM0eq=zw~07^)##P;+z}wHDrC2zo}C0&}1$EQ8A5!Nw<{I<OU0(M9WjSeAIYk><SV
zh?-J&CIJ<^3$?9IqFVgS>Nm>Fbuv_sN}(22Q`FS`hJLsoH4=x>gV#~ze743LZMJt7
zRKpu0Q|3B@2<QY{hhy<JPR5R7%qsUCYo;P5ssUM0b6ghHgI1_TIs!eo3e~{VsC=(b
zBOEf$j7%ofS2PMUYyUSUphYqgW8zj+3lE}(@F{vQ&UmxPa-*iCDQcgOK{a3tYR%k0
zmG>DnHJK)u=T%XQvKwkU&%}J%|K|v3?xRgK1r$K_tTw6vy-_`wkA-m;>Kyop%9nYP
zDYz1<oUW+Fx&SpLmr*0~7pk0Clg%I9GN7vm%?QZBsC~T{)x$HWeft?zQQj$L3TmT1
z*WFNaybLwe`%o3%LG>{1R5L>5Q0G8bRD)Kbw(Y*D?Ei`cu98p&!={;4+7U|--;7$#
zA5lY_V7iItL;bw2hT0{qPz~s7orzj2TTwl}gnIuKYLUmDVa|~pGuZ!XNhAq65Ne}d
z=!|+{luciOs^}nUuCLqYUr{5Ia;BN{;;1R;gavRevdWz+sE!2wZt|x=H89Gx3C&Q8
zWe93FtVDfwuc3z8f0k)bIBId#MNQE#^xy{6)Lle1{0pj~DQ4S-VKDJdsE+nSO`SWH
zfaYX1Y6$nEM&wV_uh|c%Aq$#gMj#W$AYKeLQsqzuwm@yGel~p?#wNZVH9`mM^GB$W
zaOQePz;%)nC`3FQ)uL{w7e}L3|7_GYJA|6^m#BvM&oj>xp$aU9YCwI|``zvHp{Ne5
zMjdpgQ19Qw=-U4;325m4MXlb{f0!QCMD2=>r~=2K&V_mC!9%DDAE7Tg^UVnQVF1z8
zsPBFT)ClKB)l(Wh*a=fmzcZdd5nPQb=ozZVFHl35c!60gg;8@`2emeOp`I_W>4#Bs
z{s?u@1T8cT%843*%Bc4{qSnwD^nU+$5YTEogBpS7m<LlWGK;bXs-oVg3TC4!*oPX@
z$EY5@$50GfY${5Mn%Y9Bk?f9IW7AMmxoI)`UyJBC32Na(RKfmB%ulJzs3FdQs-PU|
z#fGS%?Sfh}{V*3!LA`$j)ziOGQx?3`jBIYyF3X2n#0{3ZW~f_{pazUb4b2+V_PT{C
zAjUE?XW3D!y$b4i8`Q{6w$In0PQLS~5sb0ilox?o%<WO<$Rt$9m$?LD5;%yl@GR=!
zxP@wIf)&OhsKwJ9)w9v4hO9&l=^<3b_fZW_y3+0nRC;|>Lnor9WDRO6-M<K^B_XTK
zUm|BhjX-DA5YItvuVtvAK4jy!Z2TkY{Wz;l&$3!epw>(sRC#?+Q?m>;(r1u^&UIc8
z(Beq8#{Bs`0`+27)Cf#PHDDL2XV*|`;w$QCO}y3&bs5yI=!30rF?PV<b*AUNQTeB#
z>N||yfB*Lh0sYzyUT;=^D)c2@9W_L?P!;})8v047q2GWi=p^bud4U=UpABaJCr5wc
zX;8Z)1D3=5SQ-alkW1hQ0S)bW)Y<<Rs=!1WO@WzFLl%WfZ-L6+(>@=En&aiD-EkK+
zV((E6j=RbHUdWBwCCyPCn}V(a+X#49JE{ROHk-wkAJy~5HvTKB$MaF=#6i?*{($Ov
z@D`IlBkC(y0@d&?sB$Nurf4_n{ij>l|C*EJTTMa*REGYjo-9KZup2exx9s!x7>#)9
zZD#dnLhYh5=)oGO)!q$r;sjJj_M_I+O;mY)`lFXBNWR@1FoiK8@hYgEwnFuAIBFHo
zK@I6i)M|c?nv%FXOnMmV{V3E3G{9gSjjCrRYNWQ=_(hk13V4f}iol(wrI}GjX(`ml
zrzYw^X^E<M25O}C*!W+lDU7|#q!&Royfvz){ZMOSDryAQqs|le8UY=xzPn8i6Jj{=
zQm7NFKWecp#sJ)nT5Jcg5Pn9zpMQ^;<MOB>?}-|LrKl0Piki}ws44f~>pkdPCl3Mj
zq&@1vRP(?&goTNJK@}Lj&#c~dsPtK=hFwLC&@0r)`0Tga4fPexj~clqsD@8QHT(p|
z*7rZ~fN5DG4B|mn)RYvkmPd_9L)08j!+f|IwI-gUMk?t+^HZ$^>HzDBS}QZrgWFLf
zbp!R@ON>taPKrb307{Qqr3KN0)ln67MV)-hP>bg@YObH6&i(|4jd@V{s-YUx12uAU
zFfX1#jgbElvpX`Qt3^?UfcN8qfy76n=4=v{#O0_ddVyL@NsgNQxlt9=M^!u;qvJYM
zMcYx^@K4m#enIs->oHSay<_bE@gxi(K@CWF-1Mv%mLc9ARp18Hfw2>{s9vHfNOi&-
zrBSHeGa6OlTGaMEW#cbV4TyEpbgVEcU-gr&nX67DsAUsT73@WwSg%k&6jGcr`7)pu
zRe97}=!Tk-N$A1Vs3|;S<4;iy4?1lYZv?7Colp(v<q}ZKr&zb4T7C<)h`ym3mgbD9
zuqtZxcEaMg9F^}m>LV6<)-*UZY7u9_Xjl~0u+pfhZGt)<+@1tH1je8WT5aR!P^<S1
zs-<zynO%|t)$>xQ0-K{c&<}O6{9)6Nq8f0|#{WUBmC*C1zDVS`%m3w)DX1H2k&VS#
zxD7S*p%+ZWNl^PeJ8BV@Mpe+*rguT@?~$lQy${uaTh=eAMVjKGX+Q}K(f)5vKttRG
zH6-&;bGjL0<2lsG+(T6yaLF_@C90xws1a$28rs3ADf}H(?k?0wJwq+pfXn8mUKWg|
z{a=uPR(m9>g5jv1{ed3bh+34FQ2RRIiW!M)s3DI+J@0^8<+D&zb^_IaC#c1o@TzG@
zNmPRyqN^VEC7_;+K@IUTRQf(tL(ZcwK14r!f>HP!3t;YRW^UV|;=fxjU{T^RubYOJ
zxBi0a$n@*%f34cRB<LhNj~c31sF4V|VH%VcJ;V#6wqFC(nLZS?__m{l_BN{L{x?kp
zsjcNu@BM;0Ie$m3l_NLV|ElmS2_8&*%glW^YO&NrrT>arOfyj}-;UvU57mI=w~djg
zhO|Hp@krEr%TVPVv+)<GDGPD$m;#Gp0}@)H*1`eQ(8v7Ke3Vk6hCCB$8+AfeFb{RM
z??Dy#4z*a*-8Bs<W9^7)z$7e&ThW8=zXa5yB=^kXDUMn!ol$c+8+9~aLiOw`s-SfD
z&A+Bw4oeYVfNJm))b9C=DmUQ+Gr~nti?t4_;jT${ojC+FXIoMG{}Sp&=b@=6BWhb#
zLM_hbsBP8<Jvb4yb~d1f`W&hOuTlA8Ju(eQi;72}eu&h>MB4vt3Fx~#&^iURSeBtO
zUO+YQ399D-kIhJBMip2WHRPSK1WrP2yUVB!`9CrFbD$P=Bi!Y~?*q(1{Z78W%-{RB
z#84hAK=pLPGau(Bo<Q|%>2uSwqv#=iAJriLzfA)(p?Y2#Q)5%ikH4V@x1)yshJF4C
zU9IBeFHFXttYfek=?78U%>SiXd<9X9uRm%;)?hH6wDIfK52(40|H|x&!l-T67}b$c
zsD`h2#s1g!Icp!hL&f92HotxgqFyYET7=zDYhyNQiVmUX{v~R}g5Q{_3`0#xIO-s4
zfZFCAF%}L(jl|?Pt|@2(2`cE8eefCeV$!#!Az4s!R~VJACThENK~+2-HT2ujyIWBC
zzM>kO{GA!8Qm7HAZtda{(3w3ERlz>g&|XIk;RhQ}`HyV?>Um964}U=&-IFmC*P_bV
zi|X+;RKwn46%2WA;*C&K=l)7SLop0Pa4~vt6Kakwqkge`#t8KPV5X=9s^C_rT{6%*
z)w%+8UhG8=K0;L(?O)U21XxYq|6Bx$^WZluf`?E&^ZjTJpfFTJ8lndWq1MO(>k-sQ
zJ;U4>_mephqfpzhH+I3LI1rP4Hj8*R7S{ehO+foJ=s&X-^5Jj98)I9%kDBXBU(Dj_
zhwAYJ)DSPW?zLV=orLdDAGc^<&2PUX*qV3+)Y{m91*zXTM?ga#^vw)S5>x^CP;*%p
zbpkd;O;u0S&`!llxD&NagZM~mEfqy=(~g)I=b+Ze1ysc^Q5_EU@io8y3ldO<nphV*
zTaTkYI_Z4P^LFU{?4nlvcFcw6Q5E|8`Fj7rk`FZ%?X7cA-;{Hxk^G8kXm)>J*E>fI
z{e8W2I|?<lD^ZJUA8G_{TK}=nLjrug|6n35s-gy{qj((ZC|``)X4}z&*HP!iXVlsX
z3-onTW7$C0*Snb7k)R64qK0T0YB3%`wbVbFuXmB<K`p*|7>@l>2h>(n!ylk3{)h!I
zNpxTD;;n|7x*n(zo`Pz~OP7F#K5h(?kR3h5tD)w&3##SQQ3dZuHRv9ez&Js^<~%?>
z{{?jbO+a;MyNzE$ZNIM=6Jy2n^_~}QVghPFM${0N!XT`VnzL4@RX)kO3JVcGf*L~K
zSia5&Oov*u$%9P;bD*ZC5&Gf;tcsJdB0j|Ee1DwWA->+<`GrG$y}KX^b>P%Qt<r{A
z28Uy9Jd1-dV{Bh%AFe`8S*JK=1jb+trK3*DEvSZGM0Mmn24d{EzD^VE|3n0IH1<NR
z;-jb`{%GSF<N133-mWf|Cw&3xV0nRB&B^1Nk*bKAf?v^tGf+dl9kp8yqel9+P5*@P
zsox1qU=~#})DRX!t@`SyMbjQNrz25|W&`TPyNv4L7yCSELQ`=`R1aIAI@BI@e#}BO
zWIgJ=<LGM69~01O|B4#=!ijvnzv)V0Vd5jO03Je(%okKcvnDpHyBMlLEl{7=QRrQ?
zs1ewY+LotLi~1ghVDu#HfAus`60=%!Vr=3S(1Q(7&-+=YqI$LlwI()WB!0!>SS+a-
z$$_Y~v&hEJqI&)gwN_#!Gb55Y8T(&D6G?*h^G~QVdpv6U%ttj~7pj2Es73SwHP_LT
zn{Aa5)wBGlA#Z>MaSUpW97e5~_ZWcbQkW6U>=MwvjIaq6P*c$ewJ3i_4gE7z1JkB7
zQ_~Pj6Q7S2@G0tfzEr;6KXP@#V#HTtS$u&tv4F?KN28v*mk6k(2~wMrtTJlOd!t_5
zjG_1q)zHv1rh*ihg?Izh2o6UL?Hn85iCQD)QJ?RJHXfAL*E?k?kdbwrMg+77d!mMR
zENTdsqK5n$Y6@PXrX(nxNe@F!RRn5(S3!M@e!*zC0M(HdSPCCw2Fw~}wrfrF{{8<z
z0xEbhYOeO7&iL1;Rh%HbIope&_HRwpTy{pS_Br<X3XCGY7uBJ_3})4*Ky@S+>KjoG
zwTK&GX6^r$1jgWatb{2unxnG=YP-$F{CFDG<A6+N?h>I^d2Lh$gHR(l6IIbh)D#>;
zb?7D*MJKb_e#Ow$oK+^^!4B3js3Bi%Jz~@U#CfFqWHHa@qYB=E8o@iLx&DNzI8|1&
zOLC)!cy-iNb;VjZB`f=1+vphy8nT$#jA>8}3&%*Tjaq!uQ9WIZT9mtO{4_=qe}ri;
zLv~-MC6>qbxE7mZ@*JkY1F$vmg*jYbekO4s<TNkzMz!!yR6)MEOwYnFf_NnAgzS$&
zI1K%8B5K5@q6gQYPQ0@={Q+vEzF1S|HYaA3OF%vCfO=shs)ut>4cUxp$W_!3f41?2
zc}#)fsBc6=)Cl%Pt(i%vZMh${NUvg6e2B9!ZeCxfF}iCAXj_ElGbdO9EKa;3YO&14
zqj(#&otES`Ex(UySWp4;Rm_G}iT6SsM8{AS`V};bHz#Uww?@^s32CV7+#;ZD6)W7d
zJR^EnHRd6G5QgDq8^4KKWU&jG^n9q@Q6JUwiKsQT5B2_C)W{|%Y#N>kHBwbEmA?P2
z31|w2p*}u~Q2Tx}=EXlzJxNf+9L*(A1-qyda05oeJE)2uqrQgGBFxZdN0na~L$EGt
z1lnL6>UYKy&`~=d)w5@)p2RL{Mxq#M4%?yje^2zs5vavC7Ikn<MD=VxYB63zt${bF
z-4nf-Sz8J5cjDR6)lqw#Kz;m-zhUi2^8?`qsv-a4T+C41956?)Ao07XeVnv}`7zoV
z%MjmyT0@^vAE$_tCjSUj`hFaP{-xOe1qe(mWrp-PmM8udYh$@6U#AoPff~X%rG34B
zmdk;yh|fn2b&N9R4<0#DYo!(H1RRZ8TYsR2e3yOx5VgBvmUYdLWh?9Jyd$9$e!}o_
z<}A-!-mLQ8sDfvs3Os-+;0|id_*5`M92Yh89@JciqjpJI)Q{5ksB*faKJ&l31R@Ds
zwFyZongix1tU-EX)ZA}C<=cx|j6Rjjfs`FJ<Q=dOZp0G!615F;SN8S(Bb*KxL3}N0
zTfeZn*{YaD)&VQ>U>a)GKfvUeq^kK1mmk%$5~!1}zO@x<M1H|&I0n_jDb^jRDY}cA
zlIYdUT1bI~wf}!2p#44(HKe=nwhu##8oJ#z%;)khD&G^-T*j+uPQJpZ9@j(f6xs9x
zn2+>(sO_A%mdRfNRc=$vp#49XfQD`*YE?f*?;QSQwof=JUIo>|HmC!oGseWhsBJbL
z)v(2=o}NbKyKkR=K%Ec4wawQt8z$8Lk0hXNSR3_K8;&Y)I%*NEM(vVas73S->Lc_G
z^@}HZ9W%s*P(5ynjc^)v#`jnaTh}#5^fpv_P(Aj4Jpz3QT*1rO8&}si`#MttU+;fh
z(nS?;9<@EwH8k-~sKvPtGvaB~6nsE^|5G$F`#mSBgI%yOF2JVf*O>jURob$#>B(Hw
z6r4kyXhBWPYA=L3h+3l-<y6#K*nrvaHY$Itre<3eL46f}#YmivI*6{J)=F42^Sn(n
z_P;U?BSEWpF;2$)HeS2A8TziMhOIy?rU#f5Lt2<W&u2n4>^Icnnuk;H0BR)awlu#l
zI$&<%=TQe*fZNKnJT0n6HBgJHKWZ(EMD2>1sG;47YQR18_PDi4FM?S}Z)P2f+IHKq
z7~VxK^3-k22sA*g9d|AP&D}Xv0iUoH+b?}vGxTHHnI9V4Q9ZnkYRG3)4^p=`zj%sa
z72-`$Bd`|rF}r|T_5WgVOx(dtSv_P?yUuU|`f0Qm)xrnJ!QiCoXpYqSsEXU73L1(U
zfyG!E&*E%M^|P-t5_h4tVcAZmhn-PBJmzD4e1%#A6+7#9gUeqU5zvu(7`4dWdLQtQ
zTz@ec>!McuER4j*sKu1Ai}`4EL#^(m_!C}3^)zQ!^AYQUs_-~!u?KfEQ(6YwQNPoc
zfX?KL7=`h=n-<qaeFK)D=IS$Qin8@E4XKN2*i0;m4{;)9>S^LTQ6uK`GH1UB)zL;6
ziKEcfP@N>8pHT0xDrWiBWax`+i0?u*Fnw<`H7!xQ;SY?&>!|Y~Ss$~AJED3z9re*U
zkC7O=uNjGIsQBc*?Eex3E|E|M6ZbPC&;%7<jOzId)N1$iH}R^dlWq{^!L2s_9M!Ni
zY-=^3J{H3%*b^_|SgbU_Y{Q!aNN7hw=s;hGzpiz9qei0FZ)R7lK@HheY=i-W&B@gQ
zBZ(izQW$NBuk#QqqQ0KFhnii|8ue3c4Eo|k)Oj-nhvG(;z##&KhnW`n3^&^<FY08g
zj@m{8P(59QUGN%K#EK)#NX$STEN4*f`HnP;G$(50`l1I{Vj4VU<L)a08nQT}%-oen
z4PAE(#Wffc_n;~`fm#z^ZF=j`=6P4Ei?Mh<3bjqA+w}d`)2OfFbtC`&AA!Uq_>M6q
zLw)`7qB538HJ}kj!*-|&y4Z9VLx_*E@tGKd_+r#KvKDo&JVzZ^8OE9pMxpoL|91&!
zzb?m`%7|J6#mAYU?1fqbi%|t!K<%2>sKuFNyg4^2U~1yMt+OyT@!hCz#Tit`{=&HE
zOkkU9|HmVsBe*FB<49D&({1{3)B*DrHMi*|n*7yKYoib9gq(+ZZ<md~M2%pqNv2#6
z1`*GWYG^pRI?L-5@ZdmHf%8$T^a!fwk5G#*-ehwCmBB>ByP^)BQK$x-L5<9F)b@-&
z#gtnfwJX}Ax1p#G@0!B?*CKgDf+~nT)%+YUWv!2aq<2Amo_|GcqbaD9Z#wG4ypLMd
znWmYqUPV;AE9yv}idxi%PzTaC)CfdOXa5%=(0IBz;bx(Fd;=R}^cm*6-3B!>r%@yJ
z7Im~HnQ3-KI4ZpZD&IuZ^DU^)@D=M<<g4d|{cb*b4P647vw^4w8&EBMh8nW4S*9oT
zPz~*e8p7??E9fEq4pm`-*=F12L#>&{sBgx2RCzmX`fF6f+%$8{oR!1kB>aNWaRX|V
z?nEuhGpGV@VLc3)YvOHDLp&3;%8#M8-vj&ng-uU2&+MK;sHv%gOo8k4A)x&~+dkNg
zD)1U=yG8%Q%vE}8SycXZm;`@AEw<UHMR~#c4ApbL`Q~8DfqGsK)sZgf(f5A=0b1f5
zL`}gXRDmfMn2$$IRQhDp5S~OWR-c8Yq4`h+wm=Q(6wHh}F#sQ<di*yg#Mq0>$Yzk#
z?-U}S2bEC!wFPPo^s@2w7@PQE>lM`0JV6clXVgd~Tx|Y+ATKIj8a>zo<Kqz2`7zUa
z6up1{_nv_EZTuzXgernM>#L)BJOni*+fi%bDQd(%pn8^Msre@)MNq#1hoUOFj5>n-
zmzgPx#5lz3qJHwVU&j8|>K{jfK0^CY2g4`S+@)P^dRPTDckNIO7=#+?@fd<zP(413
z8o>vsZTK&0JEvG-c3FAUdwo&q3s$&h+ngmq+vgQ(QN><qhAuN|+f_hK(QwrBxz=r{
zgXsclieB1uXO+p96xE@;s0tgRMtUS_MAy3nG=z7t0{X8uJ*kQs;-66&$6NQH=KKX}
z5yn_!8XkfAxHQC=*cDZgYh8j`q-Rhab=KPF9s-(+vZx{NVB^!#LwqM{E!;v)LF{$r
z0LqB^VG)HIneM2LjK)Y@gF4z@p%!b>_2#{7s5MX?$?rN12xy30)SN9f51dn|#rFy|
z<Y61ki^WhQPz|-JJD?gc5M$wVR1X(f524C=h&nlwZZ!22K=1$m9}Ng-we~>uU?F<H
zeyGLy$UaZJ$;@GC)JSzjEvC5`iHA{(FxqA_bz!J;pbTm|cfkl;iAC`*4AcJ4w8gZj
z3Tn=}p@w`Gs(>>#{s}eb*|wTR*%Z}~IanNzqdF36o7qi;P*c<uHTMf_{35Cx|LyF5
zeLf2k(9ris6|lg14%NeNs2-%>VNS*-sPw6*f_B;T*VYU>O?eGbi+B*KV+&CoI*Drd
zhn?(yJxIIDtnvz|2J}WP%B849bP~0Q-lL`_#%`0I5w$(5+xR%t50Y)Do_|4=pKXt6
zNG())Pt=-QvWNYzIX+8*TIRdgRFDmou_ETjzNqi}22{Rl=t2K|rl2s?Hm!`Rupg@D
zi%{Q=BdGGeq4MR}Z$_|@YXd`2FRnzrc+sZ6$6~}&954-Oh#H~EsFB!@nu5Ei9wj(v
z-Y<%3XcH`iqfl$=Fjl~isF8J}4w;s8LT#I=sD^Att%=*H5%N213eJZbiQ1_A{ZJ>{
zZ0m8<F8Y9~An6ga_)4J~(%rfinPS&@MnF9dJ!&e<g^K@#(XbZ=;Q;F>)Z&?ns(3$Y
z|Gz{XEP=<&+DVL>x+19k-xW0iOR)ytzykXI=QwWWq&2F=Q&AP{MGf_H)b>ew!aT2l
zk;J>B=5#aaEB6SsXw#fD6_!SgR3G%<AE@6I`%w-17mHHAljD>r@MqMVtwBw}b<{}s
zo;EE{hqZ{;My0PpHTVo_sy?EIKIIv+7K)=z&UUC>G8i>N`%nka1$6a7+_UEEl@C3{
zOQRN3Yixz%u`+%@O-bo<W-cqEDjtDajH}TfPoYNQJZkFRqt=Sgc{7r!F&^>i=h^>i
zVJi|saRBO!9*=72DpXJRpda2v75or&_Q$wjDoBayNG4Q+DxwakUr-&Hj^%M5YCFcd
zXcy&0_P^$^I|<sCi!eG~L^bRdY7ReGQ(Q80R}z)p8#QI~P(3_>dhZ$Pa~yElG%Oiv
z4HZRouoLQAG1|2cmZRqU25Ry7T`@zH!&(xx7;B??I0QAP%P|}uqkf2_zG^<x5vWC0
z3zdH~YU<XZ%HM_>8TTOpeb+;-nJGw*8oK=G{Xv1s*cCOzv(STkuo(V{df#*1tf7La
z=jBk_tsQElW}~L=0IH*pk)QFd6MDmJpNyy;w6G39HDDI12kTK&bp^HRqun&W19G8;
zwj!#5{ZJLmLk;y&jKqhi_tM`oBU=@{`@aPN{cxCtdSMx=qQj_@@4by@ylo1ugBqa$
z)+N}C_-WKy$aTlq07HlmL+y^KsDo+~s$(b7`_KRH5m3d!f11^v8Fi*tM9tX%)W{4+
zt$~H8#daR`-W$|hhu$?)RT>rVgeqq-uEOiM0f*l+9WHX8{jZ*sBcLJcY@Lou-)ntr
z(?cGZeECt^vJq--2cU+2F{)w5P$TygwFZ(sG;6CeYN{Hc${+WT{jbHfnFRg*zk_-q
z@gwt7sRF9UBTx<8g5G?no+W;4o>xSD3won^z65n7-?s6jPt3?vLrqa{)Hh+#6W1)R
z>m*bs;Tx95>Q7BWW}q^j#7Ok{%lr*y3DnRJK`pBJs2-ifD13`rL*dU%!`h;HJ{8r$
zBd8<zlS@E741aEV*cvMmABP&+o2UwW|28jVMg53uj~e1-sQfojzlt-yFb7LXtU<gf
z*2GQt69&CB9c+qfu)CCi4umtPx%-To+hniIoJOFAz6mPda8$!KqNeUTs)2s5O*|Xw
zJopK9ME{IhyuYDNyt$~gvJ1WY|4#xsGC!h@;COFLg(XlU(+)Lc)3F4ez)BeM*35AO
z)KpAIHFOiI0k=@+#y_Z@CVgj4%HpW0>4T;8{a-;q`|}m%!_a@sB8fuvv@`03si>YD
zMi1UYZ_nSGeVz^Vyoj|9Y6QBWPQDQ~zRJ2Ez5o303IV<N0%Ky(2h*d3sFBHI<CRcD
z*ba4o47c$)sC+vyAzns}#NVj3lHgx6wKY&*)vl;rFa%xA=~@Eu@FuE&SE!yv`)K01
zP(3M&Iw>2XwqZNeT3LW`@erzES1~%iKuzHXYuG2#(Hf}T(CHKVKQ@7RBxtDD*#}op
zQxg5N`TM>MsCZ@!z;YObRWKCmq4s|}RKusC=6oOOJa~fo{gCQEQ*m0<2-N(K{jZ^O
zNzkgCfhuSxs%KA8Esgob3~3Qm1uakw9*Z8_h<g7LM&iGy?HK;myjK&I-WN;aF4SW8
zale@YbE39WJygqnL#^V~sHr)Onu6=7Rs9lmfW)U?MX&~Xa6GcDoOP%XJB}KOr>Ks^
z_VM$MU~%+zybJ*q+!Q_712xCfP>XUQmcqTLMHS#{(zBs@Tn>G)18S~2VGNv&9$bQI
z$Whdh{TS7dWPX17DaL>Qg@9T(7?p7a>SQ}^<Nu+0oXp=;5Q#buenyShAE-rq95qt!
zQM)84z|XrjGNRU4LDWc<Lrw8e%%uIlfq)9Sg__gAKtJz+lGR!cwc1;u8afwS<6+cP
zWsm0Po$I=&hIO;?C8*u7AB*8tR7Vm=_w)WGRs?#e->E=AbKOA+I2bkbi>&)F74ciB
z9~56u6~~HUEP&y}o1uC(3k%~h)WH=H<mdgTY56cO@qVa$>(Tq~|K1^>A$*T&NSc@?
zLm||VwMM<T5If>E?22V#`8hh-cA%#04r&d=3D(f^uj8T?V_Vb+3_`7y{iu2l1^c<)
zIlo1MR^xxD11MpL$&d}TIHOP_QV#>M2S&qwsQg2)9?ru0_yKhQ)d)4u8(<XiuBa1m
zn@v9v>Y5?EM}k@u9NV-w47GoYqK2|AYH>}$)VK^ageOqnjDJyUBzqjw^VX;}H37Bi
zw_^c(ff~v5am|$0cL``)^+9D^fI6|RpehQ9XL_C!)u4)~gQGQia4KpoY(eF}hnfQa
z_-0CTqsncBYVbr<IeSnIbg$b4zXYb`DN#dL7PXD4VJz%~TK#=dbGiUk@lG3mY~xNs
zv+A>;8dTiIo1>=cS5!IUktuhbEd;cB&!I*lW+Jmq@}P#i4(eR!fcnmlLamjhsJYya
z+Ey1)2hvAW1<4behL%Jv?gpp^4M%;fmV0IY?INHCoJGADl*9~8E>yf8s(^vkRj9>y
z4Ye)*LG6MBNzHrVsCY9}kB6d0YBuWZKZ+_ZRx%n${Z2sw`l?k!&24SeK{6Dz`nREa
zb{aK@uWdYKax+E6t&LIpy&q}~twJ^A0jh)1Q<%kE0(GSKM^~%z00H?KBQZ}(Gl$(!
zpVyJ7shNq|CHqll_;u9kkD1Ceyf~`iolz&>0@VB4PzTpBn|>8Fl`m4U|1~5rJ*K5q
zunh68sFB!#8mhlg1t&~xR((0toVT;_ai~SP7S)kssE?3O8q?sI=pmjKbx@T;)!QSD
zYldb!30h?DY=(Gg&0>i{&2ekgS{R1fHmgzF>Iz0;%yedoDx!wG6MAqGsskHQyXa3;
zJ%3|mjOB)zp43MzmI0`qPeaY+VboB+#~{p*-c*zuRZuO|$aF*Xd<kle+`--$D}%{5
z4E0-ZF_y;%sHt&tWc2g?y<9QWncW+8fGosHcplYbPbSl|a;UFlN7NKdLM_g%sDtGO
z>fCsbYEb;lW{p%teM<(R()S=8a-9zZw77h;n7PS}9^ws91@%K!_&aLR>_ZLdZ7hUA
zS<PyW!f3=tqTZW`Dt9ev-(N*_@RK!NHtiDjUu6P%Fa#^&8Z3wZp@zP6c5~45#2Ca!
zpjP)J48&!qIbVy~t`|`acxuz5<uGd}3wlVej_OcX%%uH4gMd!71E_*-p$-h6oTgz}
zQ9bzy6JdYUFPf?7!6m50codcIKh#vD%Vl;&G1QRP!KOGKb;Q3x@BjV(X97BEW92q4
zdN3~W!l-Rk8H-_S)S_F08kxhWuh|D1&zi^dv?1#K!Kj018mgSr=)uRRsf?bN{jZ@9
z%WIC*DySFQqZZ+O)bq2bA^(KhhOzUR5h{Qh@@A+Z?TNuS8`XdnSQ>YuMm8Y78M#cT
zjugtz{#Os`lAvuj7B$4XPz|_*D%h`p*=Ctg@dj8B2ca6g12u(jFg3<1Xht+UDt`%7
z2in;5{?>^u0bd?0wk|{M&y`plKcMC|JlrhGj;K|?1*_s4)c!A7$josMRKr%I*2rVj
zx$-Zn0ilJ>6o;Xv+>Iol{aX{YNP40wSc4jYzfg-RaS<~`k*K+EfEvOvsC+9?N9%RW
zhp{5eE+~O|zX^J9IBNSYLq^7RE)me2enw3}nxcN*e;d9UD&tI40f$j1+Y1{{R?MWA
zM2%2;)UKIp<Hu1A`HB@VZ=_ko15n#|uUGcpaRN~!TtxLGX>rr?vZ$eKg_`5JsOOha
zJ@qePMj}6Ik+w!Hwh5@C`zmT}MK5U@5P{l7BTx-Jh7sET?+B=X+@;J^G{7>%UDS`y
zBd8x7eo@9$s0I~At?Diqfm2ZpyNGINU}-b5c~Q^nqZ%*+b#z}tSF83b0WFfmWy~VU
zfm#z$sFSP>roy49eY+U7?GD)IS5b@Wy-kl**6gCxsC?n5#a0>B(PlP2x-9!&1<xZv
zYhW*GyF5m{7+lWuFb!%qltvXW9JMyqqlWr6>T4EK-p}#D-v0dQ35WUde-Rgr#f>8a
z_$HA4I*{{$XVpp9`g4x(K)p;%!ctsA=GCO>>Z85M)g7zy@)jFEVa<mZc|M$XhEQ-a
z&ea*DWhDONm4~#|+_}iplV=@iWm59ic1ie5!8#s?&;b5A(CI@sh`TiL3$`JhY-!iX
zud4@z@Sg^7*6}<h@np(J{<@Skf;*5~*Fo~c;x0!#7I_MC^Oq~$>kehPhj{q?>dOQE
zOG(}<174@VFk+8*`3afhbEhXy5b54eAN<U-zT{nM-)p6YaP1;*EbcQV>LlZNRlR4g
zIY!r6OHXoAh~}>;g-_+BlEihL;aPPPbhcq`TlifH;%{c0f)v_-{55Rl!K5|d-5vHF
zk&-f6lV?5mV&0pCA4p%$JLmkF|MR@ifrQ5t{vLBv$T2eJB|}TXb8KTekyeX5HOSM9
zLTB<!*KE>b+XkGY@YkeeBi}~S+Sqi?EbpJ33-C@H!d1xA8c$Kb_qtCZx_+^?<zWbg
zC8mI$G~lIfo)_YIH`|~#xPr8W<n2YiK<@E`b*&`4+>X{!n|}sz9qq@+^M$muG{#$h
zXDZUgf9}J%z^&_dJWF~m8#k%^37409QV@Ub>vSVL+`e0p@CwrT+t&ZNS`wd3EDB%J
z@ZLNNBJ797NFVKQ>UUO>sB4g|>=^O7#M2WW&x^xo?KvvYm7fax+e-OsJ!h4DSI>5F
zN3;17kiLg^t8fn@pUw+igGm3A_vaHnY3p~k@X}K5?qvRco%<fJ@_()F45T1GEJ|8)
z?mgTixffHY%lnsX2R4zGkMM7}5YJL>Ri5jr#(kXp<0;G4{tu^jd2NpdlgXEOer{bi
z$aH`LzL0*0LRxe4pM!A*Q^07R?dEPuIF#r5Rs``(S0!875z66I_FmI?mWB5hQP(rx
z8Hw&o{wInD1<3f6#Jk*G2=n)g&LCdvK|F;m^dDZnLc9X;1cY00uO(l7?%_7iDBjWU
z2wg#>HzIu%>iUCsb&Vpvjd~OD_s`yh%4AwdrTW#Xs|F7XkvW74+VQL$aa{>HGEb^U
z#Cw?}=eq4(3(`{R=DjIAyTiSjysIhW$LnvKf2OxF)IXmJ5|FVw5AGuW-5@8u&7>Eb
z5?*F|Fowbo*aFj2z&4&$##FX}{dl(`x2^;<_WM<y=YzOId3P{%T;-jAiAQsZ{QoX}
zE_d;46ouXNw$$WmOME@)n~Cbz(D!SjEr<VBiF4C7zBCn7<kq#$@W1{yf@j|Ee<oV>
z#J2h-Sq4(TLV6rQdL;@Dq9+~6Jlz)7h38di)K2n5l0P+h`q=kX!%3bGwDIgb3*@~Z
z?ijpd+oo*JglNqFS1L)w-JgunD6sVpz3pwoQ+clI2={Xe>PPxi^5();lsJ#)*D#7_
z^GPp9<+lh=w(qa?zWu-drvZ7s>HP1^3(2Yc4TVIbr|rl$PmQ5~2wT8@(x#HulRO7V
zn?|@Mx2`{^_%wyxCcmzDHeKP{l>PmB!ShqLyfl<ElLy6hXxz7nWq9$GeR&*dy=*wH
zEjWf%zx#c(xX6>0iepk(>K`h~NcsfsK=RZl+eYfpwS&C6mUC~gVekIyM20;Se#85i
z?f1P0Hq#^0=kk0z6?LVe{G@B)wjr+TXDXYB*LkL&Z9TY~amS+pel`zL=PmCX=02zh
zSG&OP=P!{-G-4Qz<b_c6jw^sl6MSzezTxG;q>Uy|BTUC#+xEN~jaW~fZ{}6+{};Y1
zcov<q_K~)TciVHPBVSwIYem{1?|*;KzL1`Wx_I{gTwi%f*JAE$WY|aEL+HcZ&Nd)~
zJYDI;A)bvTUjd%|cr~&k@dtJ#?{C~YUH)es1?1qq&4U%ZREscwc5pV^7s3daB`pQd
zN|1jO;e_^CZhD-bS|;<%k9@_bJdf?jA=2X#PD%bBFV(5*58iS4qr3B&!Zwg8J`ci3
zJdZnhaVue63CZ*Qsz=@>Kg44b59eVr?m3ikfOig(HqqvJM>%<IgH*;y(yQBYiMq~M
zdeEE~tNl=@G9I$=b3EV9^X;V7BkeHp|EM4#h5p0MKiGCgP+$qtbOmBP@&qvN?}*Rk
zok!gIgNv^0JkQ5_i+N|5=Kl{e^QUa@m5p#4LN~A}nfQwer#zNrL^9$G+wv-;M^f=f
z(!%U;o+X~dHbR9pAy0gs_ol1?xQTp!|KFZFzmPW4<t1IgJgCpTiNt9?6k?v5|E)`b
zF}ZcEAm3N=ulphI4W88|{S&U@{)2qms9cvXqcMPRUYozJZL~Xr1_bjUBX<KH&ZE%N
zc$JrW<2?%0#eZSV>BLLRZ38^EpyfQ@q<o~$;oX^pQxRT3-WP=T^SlJ<x@u6@V(xuB
z>r2{;0OtP^35AH{MO{w``w|{Oh2O85#Gl)S_)_R#``{L7=c()iY5d3RoL_9OzQ1>z
z=Sgkl7kO5jyD@3=C@(JWT<~T7hmi1}ePcJ_@7DzTqT>9=&z$8p-h({*h@T+-FVFtL
zGPbdaXiO6d))kNRU>lx8x~`ShX*}!5vnU;-2Z`uf$o;*3{U4*frnL!qwoEtSQrw#e
zpXWti<i9WIl;(w!#An!whLcBEDhwd)68UspAiSQt1mP*9b>jX)*n9pf!$bWK*J<tz
zwvh6KGcr`V8qxA*yp)nk8<N(L_y*#a30ENhdg51Y-U)>FkS`I7ZVwIoiHh%%_Wepr
zpd`=dey@KV8SasoiGu3bLcWn!hYAkx;u@aq!Tq+7jubkZd~I<cw}(5weeZiE6?y*@
zcU3Cd%KiQNO5TQ~pQmhZ{rr{P|6Cgh>2J4s@WOl2w~_JtwdjWmK9Synf`aV3naMwd
z#&09-F!`>au4#mC+0j&dC;77zUu+vx%O#M6#J=34316`fau82PB|B*4Zk$Ctn7aw_
z<lN&aY%!JGBL5@q>$Z|Ow!yV9z&5ypeRhiXbuHt*Kp9oI-6A~X@0Xl@M1JDIXq)*X
z1=J?q(!O+^=elCrLR%8QNuIK#?ckkXZN4zl))Vh<^XZ+Ew#+j;TTH&1r14*T*5x{#
z>Ba9hLm1&@b_BeS`JV~ISCU?vmvz;%c@^GH_=-)>Wh;D5yc78^+V~{mTglgl2Di0&
z8xx*Fo<DW|cOhe-ZG9gyq#$!IGSnkOah{#VO2l=QAl}@D)1W_%<KNKoUNb4fj}>3r
zc3>f8<>Y>2^CzO*zj$_p{8I@}#~S(;e<4G6?g2KVN-Lv^c;-jt<q78{ya#VmKoMJk
zsn+~&4)P_no%qai{>{7px%TjGL!N)Y`P31Km$~<n&pm91M7diKPWnSUoD9*(sOva)
zLtgIB^M7ob(uYyecH8jY#K+i*%aSiI@i>e~9G=gz<^D%Q_~#SOC(8JXzkhVL@xuHc
z3RIzk$mDMe8bTwU@WMI@nMs&`P0U$K{@(~^{h_gXuM25Ela?0Kkf$wqb5Yh_n=c8C
z=}tU5&*yM^_rK7^e|yxq!wX5skj_@F^uFAGQ`l-nxDFT`Kilhx-hw#Gd8Y$m{xvcu
zDRw1a@*m3SOeaqAPC3e&Ngc%q|K-xM3O{6;O{QJkMR+*|&st+JtsYMJPYNBvv$zzn
zg96rZXCpl&W+J@~e!r5~#>J)V3EZi^Kd=rV?JHro0tM*$N&ywP=W$Q^p+T>0p=qoU
z_SqKO>(cluX#u>K$EGb)nZ)PN(4M57CESRlout1cEenmSZ}Pg%ITF5KdwFo4!tQa$
zCNY3YI}#51p=bZv2G6E|4-~9xIeB#Tz@JIKf?J5k=J`bOx3T&7w>X`xHoS!NBKq^6
zu3a=D6E6;@qF2P5*+yL^ZHcY?5--l8fQzKPvyHe$d;yK#$-R+qG5g*E-l<4jS9hDX
zkN7LfSk2v!^hA`?OTYi>5Lk(8xVMlw94nJ)DeBrr+J98A7f+H`*IFugY#Wx7^ib|T
z+`4|{&Q1OmG;%q2LCP6JS`(fh#m=}FCsCHWg^cy>i>j{y6+b7=zrf}kA>5eoWGXsF
zzCIXEyr^v$*_}1S>+vkDZOm5EsuDj(#cv5G=DCMEg0ghgwzemY%XRqoO}$rn```+;
zBJBhP#vokE_IL{gPE$^HLr<QkCjOjgMk;GWd@26RJ6UW)A~A|QmC2J5Pf^Zf%1cK0
zF?q*%%Vqxm=4JkwuoDN{^H7&R8FYOmP1gdR>so<LcrlKxBsuxxaq|z!oVUEwkUVdA
zC#HQqinKHIv<&G(xciYW7xz5MXiIubm)=w+b44DGq9FaVylXrxZHC8b$+H|3GR4ND
z6YfjC@uY+Is?M|DZFsA#SkYF5pK{OR`DZHC)rH%iv@iB$@A{8H;(J;hkBW=hieeJZ
zXTy52880;EUd8>~zC4t7T66az?qe(9pUQjxTQd7eo5lOXXz*{`@dz)VoM||cvY)C@
z&3`Eh=)kS3KM%fN;S|)I`zUF@QP>C`WF}scyf<vaJ`x_r^TNc>^Sm(e3$}n3qzxy&
zipr1KQJG8LgQV&DljjQq>Hj_o?N4M9_xGzSFa1TvHTclJP|X(dmi+Yz7o|}(xP9$=
z73}k;RFatY$`U_m-&MJV2!F=%Hvc{HEz<e_<8_r6XHdc5A6`60hDe()2QPmlkFML~
z`-%I3jd%H>11En7N09d?Dm!2sc$Kp9@y;o3@BF9X;TsCl^?--zP0-m*+D+S#45Sy}
z?n+)=<FPXFvG%=Zwh^<a<PDXlvG1+3`Db8v?yEeXVH>jG```bjqrgWL;KPFngv(Iy
zU^43;D&FR9Kw*!uFnQkcOxG-)XSD^5<#~G=l7eR=(4SqUYZ>9X<ZH^UYcu)A5I##d
zFVDsY(EmXMcJLqp_gFh@u_$Pxt>_nCsL6el%KdrnA-{+CbPDNa^BklhH+lX$@nG91
zRj6zG5AjmOqj*1qt!IRO|4kx8NfP(|kWnwD<=GwX#xyK~XZx`}6_h6L&s5fxw0p$Q
zU@ICll{*=EVxX>x<hjQCkIDatd?BP=A*~ScD!h}KxZ8^iMR=()53&$G&dZPRE^%E&
z$o%~}PIxc(PV!{oo$ps6;<I_Dlzrz8h1aFR54eeE)yW&vK1<8{A;g>V@&^6$pV?&6
z6`wgPLZ$@VcX=s*`!R)#q2Q0aRFt@`9fb8yx1aJXCj~|4{V9Z>D&3aVl6Wp}Zq^Lp
z3X~aY8~l*?SetLZ_Wx}vs7Z!$WcWXgoeOjnRhq|ht9V8rkbu0Qf`$Z!1fL8rC?Eu7
zcqt$UT@@?oN~hD^)ooRGAfkdg%g(OiD{ATZ)<u~Sg(XUHhLssX)Rhr&1x9og6`Wy3
z&|yRYN7>)4x}EfZ?(TQa?R)R{{lC|J)OW$-VFpTzFjT_$TlnJ{|4cc4UCvS7u9P$A
z^o92~FdgVWWBx8<Ngsi^pZ+p<FJbE`^fV<qgzQ!oOmP3|0DYsJ%)`(b%pKaj3iLi>
z69ZR+nMnUKa~tE!z$P)egJ!^!)PURq_ZhO~I9e653;JN|W5yeieNM~Kl5&;JBn*7U
zxI6vnNQYqbMOuGlc&XA@uI4!dvfr!%9gF_gwEar>D8VeiM!AxIjcysve@i<W2EqUT
z3HTnOmDCaD3KS&mrMJRi!LKp88)MgDs3-gu#*!`yjf9iD-?>Wuk>cHe{_F7et3cYI
z?7xk{Wf*!uDaDo1=T)W~3GNV>(Mm3rW3+YPz6J9EM&~Qp=iqYmnA`$2e}(bGVDCex
zp7E|6DER&|X@V(fB7m<Mzsk5vz+uU7&?PVO-Wa+~8GZx)bKveJfM?*3XZ`|xKAq2`
z2D{^FXXGW(k5vi$m!eRQqLJq$XP_3Poq0;dINpikFtAG*A7DIzelIqTqqL5G4La-K
zzeg)U7NMO9uLtc@#*&^u|26sFe-<mo2RPXWV7pog2|9>@+f_Dwz#W43404?&FpvR%
zAN@<{_CVGMb_)Fn`tE#BWObbZ<{0=JvGomDo0g-l^7}s@;TD*G1t{s?X@h9*qx=v`
zU*Y&UWcSner2k&wUZURxrZ2j8gKI(O&x{w+zYcaUytT})Wd0TbEu(dTKM(%1=)R6@
zm5i_o!Cw$a`iU~W63`3)Um}|UCP%+u+z-C|bAzN!;M<eHk#JhDjQ$$t57YMqlcg76
zhG9q2@8P}2d>-?Mq@9q>DJFo+X-8B5H)Es`X9j@P@MJ|z(=JDGGQs7j2~08a%P{td
za`HIB-(u?oHZ)}S(stw}A$5m`^U(iA7%Y|^pa)Q#hp`-e#Jq*J31g?z4xo4e1|^l#
z7SIMTAC8U3Xae~}0@(+D1^nj~_GacE(0;DwXM(*`=KnPc<7hizRM6jmlkI>U#%Iz0
z41RZb@1cB*Hk)8Rg(v9_Fr5kfEFAuU@lh4{1oUnNm!n!_DJ7el$KNae{x6Q;0USuW
zjQIe@%TTxtC;!BFz7&AzK>LW6ffu2d^d;l{V7Jg;7qVJ^ZziZ;(Pkn0DQ!4yJ=o6Z
z-UVOMk|$x@OnXR0wGqLSI9>@)(q#JU;SE*ui5U4W<h#`hMCo5aw*u^3WW$&rCyAwu
zH=wgi;m&4UtH$RmUvJ9#e=W=fC`cNBU@!ea+I09YV1$25rr=ejATh5oFG5yIAEoU>
z_E&Iy;C+dc+4Pcnz>{<*!GFs5W3ukAWRibJumbA*--zO;FfLWgx*Nb(%=e@4ugcJD
zoQ+~Um|oHsIBrm~smzZu-=_3useYhxcm&xKjBDT@VEih2L$O~Z_y01SU&v$(y`)P3
zj8KLLqEN|vD{a5xjR7m^Gul#g_9-V<f^9;!2b+&5%+=`BGw!Bt*M~9*bRMH^!{(Az
z2t5YRVdNd!Rs{2zucj|Wc}U=jzuRHFm39J|q=(QO#rX1YT5uFuZ}k5S-aE9F%xjq6
zLr|YEJ{Nm&6;xMrMlxS2-~X2o(G);Ax(21&nY;nG6QHY5?uEew<2M!VPB2Bt&y)c$
zK86iR)wDl>IgacY{B!BAV4eUM0n-y3IVy+O`u)o&?nwGhD6GKgGxV!5GMxTGdP#qS
z{|!bZJ%z#3X|FM_Vty4Z1GWLf-NARn*$L#kn16+yq;uduL;no?faLi*2yiX^tIF`k
zP!#;$ib9-`uL6+FiHvWepNX?K(7jk0Ux@xL+AL-KIJjnT+u)_)bpqD}Z!db1`fw(e
zoEwgV-_w*KIZ0#q9NO(fzb}tJ4A~_rP>I`vd^++;a*{_0Fn1!8w39Z6@onH_!X~mL
z<G19$|M4G0)1)GPfapq<()ILx;lHb7Gf-G2GlyTLGU!e}Ixm>}kaY$lX^rA{L%$!o
z|4F}%{(U7MjP5iU&S)5SGI7avB8uIZ55&+&<@j1@4SE@Qj<8d(9-Uv(f5)Uh_y-va
zDS*}}>_5OyU~i}5KZcH^e@4Cz*%n#<ClKi}CSBN%E-E?+dP{)^gPBS@0j^jIpr13p
z7I|;RBNXm%AmMw#{6l5uFiErnI~v*Wyp`I)xD!5W1_RuR@TUM97^h^`^rf-`(2XYP
z3KZVP@OAW0!g~N*IpZVBxy0P4#@8vGb!2_I*3xZNd%d}0^{nPCtH-vCTeDiMUAt8*
znLKBrQQ=w{qbZejjMPHgs5R4OO)L@1#4LAMVS!;76=jiOMhJ{WZ6jqTnobg!cEqSo
zM9rj`Xw#^kG|31AlP2XcLzGcr*|knnx??6Z*ZgwJj3u*WEFoX9+w=n2|0m86_yciD
zfea@AM65b9o5<v)Vc9L+UpOvCo#H>pUgq+@EmQM%FAnG~m#KPD%+18?s1diCT6(U#
zs#CEtXhn>OnK26s%3SY>5u#7OGS^U|SjsjQ#u5pm#xk<56={iY{6|sJrdOA8#u`J)
z+#xOde>b&#%d{;k&uHoS-}^c&nM0bEQ|=mOB;r`EYm}F{<whiBxrUv}7)dizTW?IB
zIR{4>r>U@DW-4QiHRje^j%CCo#)xK3$Fwt+Wn}8j3_lk8??enYn@*>kj2mzq>$<Gv
zX2`&eU2jztawMRsbxQ&%i5gLhILwSpq}98dt*y1J$Ot2yuuK=b^;T_MYAF3ksy3S>
zuuv^k7oNbtdnRSLgtSnGBwdmq5u1rbYM~XWYR#kN*cZb^={(Dc)y0C~PFf98lnc__
z|1aP5HPnt9sdNx#T`XY*(w1(AAL&|=Of||SAj+)c5LCDd^0>ro*K)#@N!eEO_22hz
z`Spn<y4Oh;1BKxa)y1@K{{9}~ozwh71I5N({@dpYy|^SA<Q8m$wJ2@XvU>j8)ncXa
zn=ckqgn#rBVHWjGN)JQIs?I;l9U^zcOxDDr*;Ll`=gt=cM1PZo%}7DaHrU{d6O)FF
zWGZ5LYpxK3y{E4bS%1`(Vvk-NtlYv_rrww{a^_g0%q{d!yGG1wcTU1;G&5m#87J#<
zwdz>asBLDl*yQA)(r6}P5#!Qn6N5wQEvOM229{+jYhoD;$+JAdm^zu^2&2}quom$<
z)QSy7zV3?Ob@cSb;sSr(V)2SLLYi=_+LSy)d{sCQrc`GyEtvutSdHp>xPH-1;^KBj
zB4)aBdtx@<oRnP<v%_diCtO5-`Yob^=+nxtO(pZ!&7XLy_*m-}?rRR@nYW0(-jHQt
zx&PWSF}JA5YFa2`%A`_8B4tPYzW0l>g@3gtjE?8UTvvva^H-2OiD7U7bLU2FR-wQ6
zQL$c>WjQl;CRQ6BVwtGKx^BJ9T<(b62=CIz#XbJf$3;?9J6YS7&L+p4q#bpPO2f^V
zPVmK$XSJ|^OPRw&)6vTC1e}EOuYFS7u3s1)o7M{#o-@92t(g=SsMG#KN6h<ph4{4O
zq}vdLyZLER;qQ4`oYUSPx=L)<{R68-o$fcbh^eAk`(rO(dr@@Iy%Fn$;oY)c^!E9O
z;uoFf4|+w^3xCxXF~9wi;Gl8vtOVbt1`ZvkmRmjL^6Ar!NS4Ex$~$r~yDn8&@FOZS
ztLIhE&gs;c;UNt*_<+aw##sef+pOU_V>A+T(+RW58?;pn`iZqDV>z~&Fw#yc>X^yG
zJfOA6s?BmMl*pU7RrK=C+bXIDalRwQ$*S`9rBi$g{Mc5pynW}|Semb>+}lIj#ioAN
zDHketmHd@&i|(5Lr+37o9lXch6GOct?}>N)uilp*fmt7j*_wBFk0|y(+#@Q5pZZu-
zcJ^966Z5^A17d=||A1%_{@R1$bgi{g6LchITZYBg&PZkxv1q+To_VD#DAhIclPRw`
zpGP}-k~9_l;c_kce_yRHmNng|s4=@?E>6Y9m9*z={6bt5R_wr2p6Jw~{eOoX6y+Zc
zSxN~l0C8RH2p3Cc<RAM&Ow~r7<h!k4bNr%4UDl4f4Sc(~msX;2SfO|JVPTvmi}lRS
z>*H}N;ZHv-7Iz*OCMRQ6bvl=C#sHVGLvUe1jgyTBdtce+*njz3@w({MrV-TaP0yCO
zn>P5jd?(K9;1z3HZ_lpRI{RPhTA!i*$l=<bJE{`Sin?Y{!Yw0IGF&t1HnN9~5hF$;
z$pxa4SEkZwH(^E#3uaW$o;KE)%r{m-Yzl=D4QhET_ykco;}mejZf5iP47(=T9O5j+
zOtL6*3D>I2Rr5Kdor;GAS*})KL|KSr4V5#Sz-QVvvKgbkF_s{%HdBs~E9^MU@SNdh
zIugc1!+WGc>#fHv*YA3cW{I+kthi&<1<~bBXlwo`sdZ~OR~sqL$Za@9AzDe<&MlA(
zgz_a<$G`hLZB5tnr!;Wgjc9|Fh*)-n<H`cab3-Abh!S?dkSj?^k6Cs$nY0{#!bRF>
zy?lneNS0C0;Y!HWbb=LUQOn#)wew?*f+=3NA$lMG?rQD*?*74fTDptByjEM?+k0ZM
zHqgIivDUYwB+EKCQWRK)Tt)GJb%%CD_|M)&?*5p2w8wjt#=|0(!UNgLFZreoawqE&
zyf&I5v8eyYr?gRGfFqaEQ11X9h*4fAvas?5$a>ROXhXg6E3{@Wy<O|%f4@R2ZCA<(
ziGUCHKgc34Thb}?2mMAf+nvX84z?+laqU>+<`rS(%DoH1{G&|?Lb2q-pi<rn@22Oq
zZC?Ca(YKI-n5LeSrayMIcD%&@m(AMv&R&-{wQ>G}H??D0sZ;_~$5~@V4SVwnhwr!{
z3nqz1tfW76yXLkVB<p`z{^h|d$VO%QZELr7hgKqtf*)Hj;4((PWv4bymqjI7Ab-gJ
z@77hpyo+~hhSz?#_OQQUx3;Uex7u6zHjt}N@lKd_G~?g(xwb&~+97R6$5FX$<Uwsm
z*`HG#D1ni;=Y{^xBiiR;1aE;#lS;!YLGFVcRUVBrOD+#&@Kod7!VUJ!D!sqg`KWfA
z|NK$y4`On>fyE2XvU)F68FS=wfl$LcQWz>4ZNSz?Lk{XU9M^`nn{~>fxN$!0!M7#2
z+-`7Ga;aKQ;i*~51<D;y?~d=a4|+(WZC8>^y!sQ`S^h6iXb0N+%iHT?+W9Ya)=%jE
zCtdZ?!W+L$>*Zflq*v+Q3&r}G-hdLl)bCfK-_XT>b+CT7@E4crdwD$Y@n}7joS@+S
zAm8A@<(F>=?n*jpRvF>m2gg%ABJx#jD|~viss?WfbSun6#EA_HZK#vcX2iR?T)&{)
zit}i3czw4%9^whP^5K%ny$klnd%2xHz-uno=k`cg{3*w=f@cEXPsj9%O7-5JcfVHT
z{r*9%gMYAG&vxk9Ry5qCmEk2XUlCVS=|={!zOC<ahN&c<Bd7K5`PC!!p_>2D+4_SW
ny}4ubVg7H%=zWC$<yd{N@Xr{h@6r6K@%nh-ADo~++wOk=r?hr6

diff --git a/po/nb.po b/po/nb.po
index 532f21d..f1aaa1b 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GNU gnupg 2.1\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2017-11-02 17:40+0100\n"
 "Last-Translator: Åka Sikrom <a4@hush.com>\n"
 "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -23,56 +23,56 @@ msgstr ""
 "X-Generator: Poedit 1.8.7.1\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "klarte ikke å skaffe pin-inntastingslås: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Avbryt"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Ja"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_Nei"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Lagre i passordbehandler"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Er du sikker på at du vil gjøre passordfrasen synlig på skjermen?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Gjør passordfrase synlig"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Skjul passordfrase"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -83,7 +83,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -91,22 +91,9 @@ msgstr ""
 "Kvaliteten på teksten overfor. Spør administrator for mer informasjon om "
 "hvordan kvaliteten vurderes."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "For lang passordfrase"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Kvalitet:"
 
@@ -116,20 +103,20 @@ msgstr "Kvalitet:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Kvaliteten på teksten overfor. Spør administrator for mer informasjon om "
 "hvordan kvaliteten vurderes."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 "Skriv inn PIN-kode slik at hemmelig nøkkel kan låses opp for denne økta"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -137,82 +124,76 @@ msgstr ""
 "Skriv inn passordfrasen din, slik at hemmelig nøkkel kan låses opp for "
 "gjeldende økt"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Passordfrase:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "feil. Prøv igjen"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (forsøk %d av %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Gjenta:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "For lang PIN"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "For lang passordfrase"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Ugyldig tegn i PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "Koden er for kort"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Ugyldig PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Ugyldig passordfrase"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "feil under henting av kort-serienummer: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Skriv inn denne passordfrasen på nytt"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -223,61 +204,51 @@ msgid ""
 msgstr ""
 "Skriv inn passordfrase for å låse nytt importert objekt i GnuPG-systemet."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh-nøkler som er lenger enn %d bit støttes ikke\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "klarte ikke å lage «%s»: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "klarte ikke å åpne «%s»: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "oppdaget kort med serienummer %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "ingen ssh-autentiseringnøkkel på kort: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "fant ingen passende kortnøkkel: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "feil under henting av kortliste: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -286,20 +257,20 @@ msgstr ""
 "En ssh-prosess ber om tillatelse til å brukt nøkkel%%0A  %s%%0A  (%s)%%0AVil "
 "du tillate dette?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Tillat"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Avvis"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Skriv inn passordfrase for ssh-nøkkel%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -308,94 +279,90 @@ msgstr ""
 "Skriv inn passordfrase som skal brukes til å beskytte mottatt hemmelig nøkkel"
 "%%0A   %s%%0A   %s%%0Ai nøkkellageret for gpg-agent"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "klarte ikke å lage strøm av sokkel: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Sett inn kort med serienummer"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Fjern gjeldende kort og sett inn kort med serienummer"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Admin-PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Tilbakestillingskode"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0ABruk leserens kodeplate til å skrive."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Gjenta tilbakestillingskode"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Gjenta PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Gjenta PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Tilbakestillingskode ble ikke gjentatt korrekt. Prøv igjen"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK-kode ble ikke gjentatt korrekt. Prøv igjen"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN ble ikke gjentatt korrekt. Prøv igjen"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Skriv inn PIN-kode%s%s%s for å låse opp kort"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "feil under skriving til %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "feil under oppretting av midlertidig fil: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "feil under skriving til midlertidig fil: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Skriv inn ny passordfrase"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Bruk denne likevel"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "Du har ikke skrevet inn en passordfrase.%0ATom passordfrase er ikke tillatt."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -404,18 +371,18 @@ msgstr ""
 "Du har ikke skrevet inn en passordfrase. Dette er generelt ikke lurt."
 "%0ABekreft at du ikke vil beskytte nøkkelen."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Ja, beskyttelse er unødvendig"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Passordfraser skal bestå av minst %u tegn."
 msgstr[1] "Passordfraser skal bestå av minst %u tegn."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -423,230 +390,241 @@ msgid_plural ""
 msgstr[0] "Passordfraser bør inneholde minst %u siffer eller%%0Aspesialtegn."
 msgstr[1] "Passordfraser bør inneholde minst %u sifre eller%%0Aspesialtegn."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "Ikke bruk kjente ord, uttrykk eller kjente mønster%%0Ai passordfraser."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Advarsel: du har skrevet inn en svak passordfrase."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Bruk denne likevel"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Skriv inn passordfrase for å%0Abeskytte ny nøkkel"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Skriv inn ny passordfrase"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Nyttige feilsøkingsvalg"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "kjør som bakgrunnsprosess («daemon»)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "kjør i tjenermodus (forgrunn)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "kjør i «supervised» modus"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "ikke løsne fra konsoll"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh-utdata for kommandoer"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh-utdata for kommandoer"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FIL|les valg fra valgt FIL"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Styring av diagnostikk-utdata"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "detaljert utskrift"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "være noenlunde stille"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FIL|skriv tjenermodus-logger til valgt FIL"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Oppsettsvalg"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "ikke bruk SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|bruk PGN som SCdaemon-program"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|bruk PGN som SCdaemon-program"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|godta enkelte kommandoer via «NAME»"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorer forespørsler om å bytte TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorer forespørsler om å bytte X-skjerm"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "slå på ssh-støtte"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|bruk valgt ALGOritme til å vise ssh-fingeravtrykk"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "slå på støtte for putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Sikkerhetsvalg"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|fjern hurtiglagrede PIN-koder etter N sekunder"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|SSH-nøkler utgår etter N antall sekunder"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 "|N|endre maksimal livstid for PIN-koder i hurtiglager til N antall sekunder"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|endre maksimal livstid for SSH-nøkler til N antall sekunder"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "ikke bruk PIN-hurtiglager under signering"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "ikke tillat bruk av eksternt passord-hurtiglager"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "ikke la klienter tillitsmarkere nøkler"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "tillat valg av passordfrase på forhånd"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Valg som håndhever passordfrase-regler"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "ikke tillat avvik fra passordregler"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|endre minimal passordfrase-lengde til N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|krev at passordfraser inneholder minst N antall spesialtegn og tall"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FIL|kontroller nye passordfraser mot mønster i valgt FIL"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|regn passord som ugyldig etter N antall dager"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "ikke tillat gjenbruk av gamle passordfraser"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Sikkerhetsvalg"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "ikke la kaller overstyre PIN-inntasting"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "ikke bruk tastatur og mus"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|bruk PGM til inntasting av PIN-koder"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|endre tidsavbrudd for PIN-inntasting til N antall sekunder"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "la brukeren skrive inn passordfrase via Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Rapporter programfeil til <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Bruk: @GPG_AGENT@ [valg] («-h» for hjelp)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -654,136 +632,131 @@ msgstr ""
 "Syntaks: @GPG_AGENT@ [valg] [kommando [arg]]\n"
 "Håndtering av hemmelige nøkler for @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "«%s» er et ugyldig feilsøkingsnivå\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "valg kontrollsum-algoritme er ugyldig\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "leser valg fra «%s»\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Merk: «%s» regnes ikke som et valg\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "klarte ikke å lage sokkel: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "sokkelnavnet «%s» er for langt\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "en gpg-agent kjører allerede. Lar være å starte en ny\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "feil under henting av sokkel-anledning\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "feil under knytning av sokkel til «%s»: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "klarte ikke å endre tillatelser til «%s»: %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "lytter på sokkel «%s»\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "klarte ikke å lage mappa «%s»: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "mappa «%s» er opprettet\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() mislyktes for «%s»: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "«%s» kan ikke brukes som hjemmemappe\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "feil under lesing av anledning på fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "startet behandler 0x%lx for fd %d\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "avsluttet behandler 0x%lx for fd %d\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "startet ssh-behandler 0x%lx for fd %d\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "avsluttet ssh-behandler 0x%lx for fd %d\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect mislyktes: %s - venter 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s stoppet\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "ingen gpg-agent kjører i gjeldende økt\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -791,11 +764,11 @@ msgstr ""
 "@Valg:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Bruk: gpg-preset-passphrase [valg] NØKKELGREP («-h» for hjelp)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -803,8 +776,8 @@ msgstr ""
 "Syntaks: gpg-preset-passphrase [valg] KEYGRIP\n"
 "Vedlikehold av hurtiglager for passord\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -812,8 +785,8 @@ msgstr ""
 "@Kommandoer:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -823,11 +796,11 @@ msgstr ""
 "Valg:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Bruk: gpg-protect-tool [valg] («-h» for hjelp)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -835,22 +808,22 @@ msgstr ""
 "Syntaks: gpg-protect-tool [valg] [arg]\n"
 "Håndteringsverktøy for hemmelige nøkler\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Skriv inn passordfrase for å låse opp PKCS#12-objekt."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Skriv inn passordfrase for å låse nytt PKCS#12-objekt."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Skriv inn passordfrase for å låse nytt importert objekt i GnuPG-systemet."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -858,53 +831,52 @@ msgstr ""
 "Skriv inn passordfrase eller PIN-kode som\n"
 "kreves for å fullføre gjeldende handling."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "avbrutt\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "feil under spørring etter passordfrase: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "feil under åpning av «%s»: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "fil «%s», linje %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "uttrykk «%s» ignorert i «%s», linje %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "system-tillitsliste «%s» er ikke tilgjengelig\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "ugyldig fingeravtrykk i «%s», linje %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "ugyldig nøkkelvalg i «%s», linje %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "feil under lesing av «%s», linje %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "feil under lesing av liste over tillitsmerkede rotsertifikater\n"
@@ -917,7 +889,7 @@ msgstr "feil under lesing av liste over tillitsmerkede rotsertifikater\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -926,11 +898,11 @@ msgstr ""
 "Stoler du fullstendig på at%%0A  «%s»%%0Asertifiserer brukersertifikater "
 "korrekt?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Ja"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Nei"
@@ -943,7 +915,7 @@ msgstr "Nei"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -953,21 +925,21 @@ msgstr "Kontroller at sertifikatet%%0A  «%s»%%0Ahar fingeravtrykket%%0A  %s"
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Riktig"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Feil"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Merk: denne passordfrasen har aldri blitt endret.%0AEndre den umiddelbart."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -976,15 +948,15 @@ msgstr ""
 "Denne passordfrasen har ikke blitt endret%%0Asiden %.4s-%.2s-%.2s. Endre den "
 "umiddelbart."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Endre passordfrase"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Jeg endrer senere"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -992,11 +964,11 @@ msgid ""
 msgstr ""
 "Er du sikker på at du vil slette nøkkel med nøkkelgrep%%0A  %s%%0A  %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Slett nøkkel"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1005,93 +977,93 @@ msgstr ""
 "Hvis du sletter nøkkelen, kan du miste tilgang til én eller flere eksterne "
 "maskiner."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA krever at kontrollsummen er multipliserbar med 8 bit\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s nøkkel bruker utrygg kontrollsum (%u bit)\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "kontrollsum på %zu bit er ugyldig for %u-bits %s-nøkler\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontroll av opprettet signatur mislyktes: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "hemmelige nøkkeldeler er ikke tilgjenglig\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "offentlig nøkkelalgoritme %d (%s) støttes ikke\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "beskyttelsesalgoritme %d (%s) støttes ikke\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "kontrollsum-algoritme for beskyttelse %d (%s) støttes ikke\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "feil under opprettelse av datarør: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "feil under opprettelse av strøm for datarør: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "feil under kopiering av prosess: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "prosess %d avsluttet ikke i tide: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr ""
 "feil under kjøring av «%s». Programmet er sannsynligvis ikke installert\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "feil under kjøring av «%s». Avslutningskode %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "feil under kjøring av «%s». Avsluttet\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "venting på avslutning av prosesser mislyktes: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "feil under henting av prosess-avslutningskode %d: %s\n"
@@ -1106,33 +1078,33 @@ msgstr "klarte ikke å koble til «%s»: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "klarte ikke å sette opp valg for gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "klarte ikke å slå av kjernedump: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Advarsel: utrygt eierskap til %s «%s»\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Advarsel: utrygge tillatelser til %s «%s»\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "venter på at fila «%s» skal bli tilgjengelig …\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "klarte ikke å gi «%s» det nye navnet «%s»: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ja"
 
@@ -1186,52 +1158,97 @@ msgstr "kjernen i sikkert minne ble full under tildeling av %lu byte"
 msgid "out of core while allocating %lu bytes"
 msgstr "kjernen ble full under tildeling av %lu byte"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "feil under tildeling av minne: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: valget «%s» er utgått, og har nå ingen effekt\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "ADVARSEL: valget «%s%s» er utgått, og har ingen effekt\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "unknown debug flag '%s' ignored\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "venter på at dirmngr skal dukke opp … (%ds)\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "venter på at agent skal dukke opp … (%ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
 #, fuzzy, c-format
-#| msgid "connection to agent established\n"
-msgid "connection to %s established\n"
-msgstr "koblet til agent\n"
+#| msgid "waiting for the agent to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "venter på at agent skal dukke opp … (%ds)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:364
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "ingen kjørende gpg-agent. Starter «%s»\n"
+msgid "connection to the dirmngr established\n"
+msgstr "koblet til dirmngr\n"
 
-#: common/asshelp.c:521
-#, c-format
-msgid "connection to agent is in restricted mode\n"
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "koblet til dirmngr\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "koblet til dirmngr\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "ingen kjørende Dirmngr. Starter «%s»\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
 msgstr "kobler til agent i begrenset modus\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "ingen kjørende Dirmngr. Starter «%s»\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "feil under henting av versjon fra «%s»: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "tjener «%s» er eldre enn oss (%s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "ADVARSEL: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr "Merk: Utdaterte tjenere kan mangle viktige sikkerhetsfunksjoner.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Merk: Bruk kommandoen «%s» for å starte dem på nytt.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1301,7 +1318,7 @@ msgid "algorithm: %s"
 msgstr "algoritme: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "ustøttet algoritme: %s"
@@ -1376,11 +1393,11 @@ msgstr "Sertifikatkjede gyldig"
 msgid "Root certificate trustworthy"
 msgstr "Rotsertifikat regnes som troverdig"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "fant ingen sertifikat-CRL"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "tilgjengelig CRL er for gammel"
 
@@ -1417,7 +1434,7 @@ msgstr "Ingen hjelp tilgjengelig for «%s»"
 msgid "ignoring garbage line"
 msgstr "ignorerer ubrukelig linje"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[ingen]"
 
@@ -1426,134 +1443,26 @@ msgstr "[ingen]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "hoppet over ugyldig radix64-tegn %02x\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "uforventet argument"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "lesefeil"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "nøkkelord er for langt"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "argument mangler"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "ugydig argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "ugyldig kommando"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "ugyldig aliasdefinisjon"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "kjernen er full"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "ugyldig kommando"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "«%s» er en ukjent kommando\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "uforventet armering: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "ugyldig valg"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "valget «%.50s» mangler et argument\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "ugyldig argument for valget «%.50s»\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "valget «%.50s» skal ikke brukes med argumenter\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "kommandoen «%.50s» er ugyldig\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "valget «%.50s» er flertydig\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "kommandoen «%.50s» er flertydig\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "valget «%.50s» er ugyldig\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Merk: standardvalg-fil «%s» finnes ikke\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "valgfil «%s»: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1569,131 +1478,132 @@ msgstr "iconv_open mislyktes: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "konvertering fra «%s» til «%s» mislyktes: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "klarte ikke å lage midlertidig fil «%s»: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "feil under skriving til «%s»: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "fjerner ødelagt låsfil (laget av %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "venter på lås (holdt igjen av %d%s) %s …\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(vranglås?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "lås «%s» ikke opprettet: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "venter på lås %s …\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s er for gammel (krever %s, har %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "ugyldig armorheader: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "armorheader: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "ugyldig clearsigheader\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "ukjent skjold-hode: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "nøstede klartekst-signaturer\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "uforventet armering: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "ugyldig bindestrekbeskyttet linje: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "hoppet over ugyldig radix64-tegn %02x\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "for tidlig eof (ingen CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "for tidlig eof (i CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "feilformatert CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC-feil; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "for tidlig eof (på sluttlinje)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "feil på etterfølgende linje\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "fant ingen gyldig OpenPGP-data.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "ugyldig armor: linje lengre enn %d tegn\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1701,12 +1611,12 @@ msgstr ""
 "anført utskrivbart tegn i armor. Noen har antakeligvis brukt en feiloppsatt "
 "e-posttjener\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ ikke menneskevennlig (%zu byte: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1715,393 +1625,389 @@ msgstr ""
 "notatnavn kan bare inneholde utskrivbare tegn og mellomrom, og må slutte med "
 "«=»\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "bruker-notatnavn må inneholde tegnet «@»\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "notatnavn kan ikke inneholde flere enn ett «@»-tegn\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "notatverdier kan ikke inneholde kontrolltegn\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "notatnavn kan ikke inneholde tegnet «=»\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "notatnavn skal bare inneholde utskrivbare tegn og evt. mellomrom\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "ADVARSEL: fant ugyldig notatdata\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "klarte ikke å videresende %s forespørsel til klient\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Skriv inn passordfrase: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "feil under henting av versjon fra «%s»: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "tjener «%s» er eldre enn oss (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "WARNING: %s\n"
-msgstr "ADVARSEL: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "Merk: Utdaterte tjenere kan mangle viktige sikkerhetsfunksjoner.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s kan ikke brukes i %s-modus\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Merk: Bruk kommandoen «%s» for å starte dem på nytt.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "feil under lesing fra %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s kan ikke brukes i %s-modus\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem med agent: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "ingen dirmngr kjører i gjeldende økt\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "option '%s' may not be used in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "du kan ikke bruke valget «%s» i %s-modus\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "\"%s\" is not a proper fingerprint\n"
 msgid "Tor is not properly configured"
 msgstr "«%s» er et ugyldig fingeravtrykk\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "\"%s\" is not a proper fingerprint\n"
 msgid "DNS is not properly configured"
 msgstr "«%s» er et ugyldig fingeravtrykk\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "lag opphevelsessertifikat"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armor: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP-kort er ikke tilgjengelig: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Oppdaget OpenPGP-kortnummer %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "du kan ikke gjøres dette i buntmodus\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Denne kommandoen er bare tilgjengelig for kort av versjon 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Tilbakestillingskode er ikke tilgjengelig\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Ditt valg? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[ikke valgt]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "ikke tvunget"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "tvunget"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Feil: Bare ren ASCII er foreløpig tillatt.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Feil: tegnet «<» kan ikke brukes.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Feil: Doble mellomrom er ikke tillatt.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Kortholders etternavn: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Kortholders fornavn: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Feil: Det kombinerte navnet er for langt (grensa går ved %d tegn).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "Adresse for henting av offentlig nøkkel: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "feil under lesing av «%s»: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "feil under skriving av «%s»: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Logindata (kontonavn): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Privat DO-data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Språkoppsett: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Feil: oppsettsstreng har ugyldig lengde.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Feil: oppsettsstreng inneholder ugyldige tegn.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Feil: ugyldig svar.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA-fingeravtrykk: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Feil: feilformatert fingeravtrykk.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "klarte ikke å utføre nøkkelhandling: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "ikke et OpenPGP-kort"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "feil under henting av nøkkelinfo: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Erstatte eksisterende nøkkel? (j/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "MERK: Det er ingen garanti for at kortet støtter forespurt størrelse.\n"
 "      Se dokumentasjon for kortet du bruker og finn ut hvilke størrelser \n"
 "      det tillater hvis nøkkelgenerering mislykkes.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Hvor stor skal nøkkelen være? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "rundet opp til %u bit\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s nøkkelstørrelser må ligge i rekkevidden %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) Signaturnøkkel\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Krypteringsnøkkel\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Autentiseringsnøkkel\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Velg hvilken type nøkkel du vil ha:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 #| msgid "   (%d) ECC and ECC\n"
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC og ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Ugyldig valg.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Kortet blir nå satt opp på nytt for å lage nøkkel på %u bit\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, fuzzy, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Kortet blir nå satt opp på nytt for å lage nøkkel på %u bit\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 #| msgid "error changing size of key %d to %u bits: %s\n"
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "feil under endring av størrelse på nøkkel %d til %u bit: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "feil under henting av nøkkelinfo: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Denne kommandoen støttes ikke av dette kortet\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Lage sikkerhetskopi av krypteringsnøkler utenfor kortet? (J/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "MERK: det ligger allerede nøkler på kortet.\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Erstatte eksisterende nøkler? (j/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2112,192 +2018,206 @@ msgstr ""
 "   PIN = «%s»     Admin-PIN = «%s»\n"
 "Du bør endre disse med kommandoen «--change-pin»\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Velg hvilken type nøkkel du vil lage:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Signaturnøkkel\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Krypteringsnøkkel\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Autentiseringsnøkkel\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "velg hvor nøkkelen skal lagres:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD mislyktes: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Merk: denne kommandoen ødelegger alle nøkler på kortet.\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Vil du fortsette? (j/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Er du sikker på at du vil gjenopprette fabrikkoppsett? (skriv «ja») "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error looking up: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "feil under oppslag av %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error looking up: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "feil under oppslag av %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "gå ut av denne menyen"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "vis admin-kommandoer"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "vis denne hjelpeteksten"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "vis alle tilgjengelige data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "endre kortholders navn"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "endre adresse for å hente nøkkel"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "hent nøkkel som ligger i kortets adresse"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "endre brukernavn"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "endre språkoppsett"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "endre kortholders kjønn"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "endre CA-fingeravtrykk"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "slå av på tvungen bruk av signatur-PIN"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "lag nye nøkler"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "meny for å endre eller fjerne blokkering av PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "bekrefte PIN og vise alle data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "fjern PIN-blokkering med en tilbakestillingskode"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "ødelegg alle nøkler og data"
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use user NAME for authentication"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NAVN|bruk valgt brukerNAVN til autentisering"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "endre eiertillit"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "endre eiertillit"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/kort> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Admin-reservert kommando\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Admin-kommandoer er tillatt\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Admin-kommandoer er ikke tillatt\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Ugyldig kommando  (prøv «help»)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "«--output» virker ikke med denne kommandoen\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "klarte ikke å åpne «%s»\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "fant ikke nøkkelen «%s»: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "feil under lesing av nøkkelblokk: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "fant ikke nøkkelen «%s»\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(med mindre du oppgir nøkkel ved hjelp av fingeravtrykk)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "du må bruke «--yes» for å gjøre dette i buntmodus\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(med mindre du oppgir nøkkel ved hjelp av fingeravtrykk)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2336,9 +2256,9 @@ msgstr "nøkkel"
 msgid "subkey"
 msgstr "undernøkkel"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "oppdatering mislyktes: %s\n"
@@ -2363,62 +2283,74 @@ msgstr "det finnes en hemmelig nøkkel for offentlig nøkkel «%s».\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "bruk valget «--delete-secret-keys» for å slette den først.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"ADVARSEL: tvungen bruk av symmetrisk krypt.metode %s (%d) bryter med "
-"mottakers oppsett\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "feil under opprettelse av passordfrase: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "klarte ikke å bruke symmetrisk ESK-pakke på grunn av S2K-modus\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "bruker krypteringsmetode %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "«%s» er allerede komprimert\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "ADVARSEL: «%s» er en tom fil\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "ADVARSEL: nøkkel %s egner seg ikke for kryptering i %s-modus\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "leser fra «%s»\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ADVARSEL: tvungen bruk av symmetrisk krypt.metode %s (%d) bryter med "
+"mottakers oppsett\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "ADVARSEL: nøkkel %s egner seg ikke for kryptering i %s-modus\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2427,27 +2359,34 @@ msgstr ""
 "ADVARSEL: tvungen bruk av komprimeringsalgoritme %s (%d) bryter med "
 "mottakers oppsett\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "tvungen bruk av krypt.metode %s (%d) bryter med mottakers oppsett\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s kryptert for: «%s»\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke valget «%s» i %s-modus\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s krypterte data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "kryptert med en ukjent algoritme %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2455,70 +2394,11 @@ msgstr ""
 "ADVARSEL: meldinga ble kryptert med svak nøkkel for symmetrisk "
 "krypteringsmetode.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem ved håndtering av kryptert pakke\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "fjernutføring av programmer er ikke støttet\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"eksterne programkall er slått av på grunn av utrygge tillatelser til "
-"oppsettsfil\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"denne plattformen krever midlertidige filer ved kall på eksterne programmer\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "klarte ikke å kjøre «%s»: %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "klarte ikke å kjøre skallet «%s»: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "systemfeil under kall på eksternt program: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "unaturlig avslutning av eksternt program\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "klarte ikke å kjøre eksternt program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "klarte ikke å lese reponsen fra eksternt program: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "ADVARSEL: klarte ikke å fjerne midlertidig fil (%s) «%s»: %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "ADVARSEL: klarte ikke å fjerne midlertidig mappe «%s»: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "eksportere signaturer som er markert som bare-lokale"
@@ -2539,382 +2419,382 @@ msgstr "fjern ubrukelige deler fra nøkkelen under eksportering"
 msgid "remove as much as possible from key during export"
 msgstr "fjern så mye som mulig fra nøkkelen under eksportering"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "bruk GnuPG-format til sikkerhetskopiering av nøkkel"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr ". Hoppet over"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "skriver til «%s»\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "nøkkel %s: nøkkelmateriell på kort - hoppet over\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "nøkkel %s: PGP 2.x-aktig nøkkel - hoppet over\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "ADVARSEL: ingenting eksportert\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "feil under oppretting av «%s»: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Fant ikke bruker-ID]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "hentet «%s» via %s automatisk\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "feil under henting av «%s» via %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Ingen fingeravtrykk"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "fant ikke hemmelig nøkkel «%s»: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(kontroller argument for valget «%s»)\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Advarsel: bruker ikke «%s» som forvalgt nøkkel: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "bruker «%s» som forvalgt hemmelig signeringsnøkkel\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "alle verdier som sendes til «%s» blir ignorert\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Ugyldig nøkkel %s gjort gyldig av --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "bruker undernøkkel %s i stedet for primærnøkkel %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "følgende verdier er gyldige for «%s»:\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "lag signatur"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "lag klartekst-signatur"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "lag adskilt signatur"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "krypter data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "krypter data (symmetrisk)"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dekrypter data (forvalgt)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "bekreft signatur"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "vis nøkler"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "vis nøkler og signaturer"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "vis og kontroller nøkkelsignaturer"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "vis nøkler og fingeravtrykk"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "vis hemmelige nøkler"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "lag nytt nøkkelpar"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "lag nytt nøkkelpar raskt"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "legg til en ny bruker-ID raskt"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "opphev bruker-ID raskt"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "endre utløpsdato raskt"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "fullverdig generering av nøkkelpar"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "lag opphevelsessertifikat"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "fjern nøkler fra offentlig nøkkelknippe"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "fjern nøkler fra hemmelig nøkkelknippe"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "hurtigsigner nøkkel"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "hurtigsigner nøkkel lokalt"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
 msgstr "opphev bruker-ID raskt"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "signer nøkkel"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "signer nøkkel lokalt"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "signer eller rediger nøkkel"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "endre passordfrase"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "eksporter nøkler"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "eksporter nøkler til nøkkeltjener"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importer nøkler fra nøkkeltjener"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "søk etter nøkler på nøkkeltjener"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "oppdater alle nøkler fra nøkkeltjener"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importer/slå sammen nøkler"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "vis kortstatus"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "endre data på kort"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "endre PIN på kort"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "oppdater tillitsdatabase"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "skriv ut kontrollsum av melding"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "kjør i tjenermodus"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VERDI|endre TOFU-regler for nøkkel"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAVN|bruk valgt NAVN som forvalgt hemmelig nøkkel"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAVN|krypter også til valgt bruker-id-NAVN"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPES|sett opp e-post-alias"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "bruk streng OpenPGP-oppførsel"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "ikke utfør valgte endringer"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "spør før overskriving"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Sikkerhetsvalg"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Styring av diagnostikk-utdata"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "lag ASCII-beskyttet utdata"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|skriv utdata til valgt FIL"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "bruk kanonisk tekstmodus"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|endre komprimeringsnivå til N (0 for å slå av)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Valg som styrer grensesnitt og håndheving av regler"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MEKANISMER|bruk valgte MEKANISME til å finne nøkler med e-postadresse"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importer nøkler fra nøkkeltjener"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "vis og kontroller nøkkelsignaturer"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "slå av all tilgang til dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Oppsettsvalg"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "vis hemmelige nøkler"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|BRUKER-ID|krypter for valgt BRUKER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|BRUKER-ID|bruk valgt BRUKER-ID til å signere eller dekryptere"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2922,7 +2802,7 @@ msgstr ""
 "@\n"
 "(Se bruksanvisning for en fullstendig liste over alle kommandoer og valg)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2942,11 +2822,11 @@ msgstr ""
 " --list-keys [navn]         vis nøkler\n"
 " --fingerprint [navn]       vis fingeravtrykk\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Bruk: @GPG@ [valg] [filer] (-h for hjelp)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2956,7 +2836,7 @@ msgstr ""
 "Signer, kontroller, krypter eller dekrypter.\n"
 "Forvalgt handling avhenger av inndata.\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2964,541 +2844,557 @@ msgstr ""
 "\n"
 "Støttede algoritmer:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Off. nøkkel: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Kryptering: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Komprimering: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "bruk: %s [valg] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "motstridende kommandoer\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "fant ingen «=»-tegn i gruppedefinisjon «%s»\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "ADVARSEL: utrygt eierskap til hjemmemappe «%s»\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "ADVARSEL: utrygt eierskap til oppsettsfil «%s»\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "ADVARSEL: utrygt eierskap til utvidelse «%s»\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til hjemmemappe «%s»\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til oppsettsfil «%s»\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til utvidelse «%s»\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "ADVARSEL: utrgt eierskap til foreldermapper av hjemmemappe «%s»\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "ADVARSEL: utrgt eierskap til foreldermapper av oppsettsfil «%s»\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "ADVARSEL: utrgt eierskap til foreldermapper av utvidelse «%s»\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til foreldermapper av hjemmemappe «%s»\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til foreldermapper av oppsettsfil «%s»\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "ADVARSEL: utrygge tillatelser til foreldermapper av utvidelse «%s»\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "oppsettselementet «%s» er ukjent\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "vis foto-id-er i nøkkelvisning"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "vis informasjon om nøkkelbruk i nøkkelvisning"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "vis regeladresser i signaturvisning"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "vis alle notater i signaturvisning"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "vis IETF-standardnotater under signaturvisning"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "vis brukervalgte notater under signaturvisning"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "vis foretrukne nøkkeltjener-adresser under signaturvisning"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "vis gyldighet for bruker-ID under nøkkelvisning"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "vis opphevede og utgåtte bruker-id-er i nøkkelvisning"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "vis opphevede og utgåtte undernøkler i nøkkelvisning"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "vis nøkkelknippe-navn i nøkkelvisning"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "vis utløpsdatoer i nøkkelvisning"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "«%s» er et ukjent TOFU-regelverk\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(bruk «help» for å vise valg)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Denne kommandoen er ikke tillatt i %s-modus.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Merk: %s er ikke ment for vanlig bruk.\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "«%s» er en ugyldig signatur-utløpstid\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "«%s» er en ugyldig e-postadresse\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "PIN-inntastingsmodus «%s» er ugyldig\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "invalid value for option '%s'\n"
 msgid "invalid request origin '%s'\n"
 msgstr "ugyldig verdi for valg «%s»\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "«%s» er ikke et gyldig tegnsett\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "klarte ikke å tolke nøkkeltjener-adresse\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: ugyldige nøkkeltjener-valg\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "ugyldige nøkkeltjener-valg\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: ugyldige importeringsvalg\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "ugyldige importeringsvalg\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "filtervalget %s er ugyldig\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: ugyldige eksporteringsvalg\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "ugyldige eksporteringsvalg\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: ugyldige listevalg\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "ugyldige listevalg\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "vis bruker-ID under signaturbekreftelse"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "vis adresser til retningslinjer under signaturbekreftelse"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "vis alle merknader under signaturbekreftelse"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "vis IETF-standardnotater under signaturbekreftelse"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "vis selvvalgte merknader under signaturbekreftelse"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "vis adresser til foretrukne nøkkeltjenere under signaturbekreftelse"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "vis gyldighet for bruker-ID under signaturbekreftelse"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "vis opphevede og utgåtte bruker-id-er under signaturbekreftelse"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "bare vis primærbrukerens ID under signaturbekreftelse"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "kontroller signaturer som har PKA-data"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "øk tillitsnivå for signaturer med gyldige PKA-data"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: ugyldige kontrollvalg\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "ugyldige kontrollvalg\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "klarte ikke å endre «exec»-sti til %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: ugyldig «auto-key-locate»-liste\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "ugyldig «auto-key-locate»-liste\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "ugyldig argument for valget «%.50s»\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "ADVARSEL: programmet kan lage en kjernefil.\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "ADVARSEL: %s overstyrere %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "du kan ikke bruke %s med %s.\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s gir ikke mening med %s.\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "ADVARSEL: kjører med falsk systemtid: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "lar være å kjøre med usikret minne på grunn av %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "valgt krypteringsalgoritme er ugyldig\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "valg kontrollsum-algoritme er ugyldig\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "valgt komprimeringsalgoritme er ugyldig\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "valgt kontrollsum-algoritme for sertifisering er ugyldig\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "«completes-needed» må være større enn 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "«marginals-needed» må være større enn 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "«max-cert-depth» må være mellom 1 og 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "ugyldig «default-cert-level» (må være 0, 1, 2 eller 3)\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "ugyldig «min-cert-level» (må være 0, 1, 2 eller 3)\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Merk: enkel S2K-modus (0) er sterkt frarådet\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "ugyldig S2K-modus (må være 0, 1 eller 3)\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "ugyldig standardoppsett\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "ugyldig personlig oppsett av krypteringsmetode\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "ugyldig personlig oppsett av krypteringsmetode\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ugyldig personlig oppsett av kontrollsummetode\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "ugyldig personlig oppsett av komprimeringsmetode\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "ugyldig nøkkelstørrelse. Bruker %u bit\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s virker ikke enda med %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "du kan ikke bruke komprimeringsalgoritme «%s» i %s-modus\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "klarte ikke å starte tillitsdatabase (TrustDB): %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "ADVARSEL: mottakere (-r) valgt uten offentlig nøkkelkryptering\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symmetrisk kryptering av «%s» mislyktes: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "du kan ikke bruke «--symmetric --encrypt» og «--s2k-mode 0» samtidig\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "du kan ikke velge --symmetric --encrypt i %s-modus\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "du kan ikke bruke «--symmetric --sign --encrypt» og «--s2k-mode 0» samtidig\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "du kan ikke velge --symmetric --sign --encrypt i %s-modus\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "sending til nøkkeltjener mislyktes: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "mottak fra nøkkeltjener mislyktes: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "nøkkeleksport mislyktes: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "eksportering som ssh-nøkkel mislyktes: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "søk på nøkkeltjener mislyktes: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "oppdatering av nøkkeltjener mislyktes: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "dearmoring failed: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "enarmoring failed: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "«%s» er en ugyldig summeringsalgoritme\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "feil under tolking av nøkkelspesifikasjon «%s»: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 "«%s» ser hverken ut til å være en gyldig nøkkel-ID, fingeravtrykk eller "
 "nøkkelgrep\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "ADVARSEL: ingen kommando valgt. Prøver å gjette hva du mener …\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Skriv inn melding …\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "valgt adresse for sertifikasjonsregler er ugyldig\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "valgt adresse for signaturregler er ugyldig\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "valgt adresse for foretrukket nøkkeltjener er ugyldig\n"
@@ -3511,7 +3407,7 @@ msgstr "|FIL|hent nøkler fra valgt nøkkelknippe-FIL"
 msgid "make timestamp conflicts only a warning"
 msgstr "la konflikter mellom tidsstempler bare være en advarsel"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|skrive statusinfo til denne FD"
 
@@ -3557,128 +3453,140 @@ msgid "do not update the trustdb after import"
 msgstr "ikke oppdater tillitsdatabase etter importering"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "slå på støtte for putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "vis nøkkel under importering"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "vis nøkkel under importering"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "bare godta oppdateringer av nøkler som finnes allerede"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "fjern ubrukelige deler av nøkkel etter importering"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "fjern så mye som mulig fra nøkkel etter importering"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "kjør importeringsfiltre og eksporter nøkkel umiddelbart"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "forvent GnuPG-format på sikkerhetskopierte nøkler"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "reparer nøkler under importering"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "hopper over blokk av typen %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu nøkler behandlet hittil\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Totalt antall behandlet: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    hopper over PGP 2-nøkler: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      nye nøkler som ble hoppet over: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          uten bruker-id-er: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              importert: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             uendret: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          nye bruker-id-er: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           nye undernøkler: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        nye signaturer: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   nye nøkkelopphevinger: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      leste hemmelige nøkler: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  importerte hemmelige nøkler: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " uforandrede hemmelige nøkler: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          ikke importert: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    oppryddete signaturer: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      tømte bruker-id-er: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3687,169 +3595,175 @@ msgstr ""
 "ADVARSEL: nøkkelen %s inneholder innstillinger for\n"
 "utilgjengelige algoritmer på følgende bruker-id-er:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         «%s»: innstilling for krypteringsalgoritme %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         «%s»: innstilling for krypteringsalgoritme %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         «%s»: oppsett for kontrollsum-algoritme %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         «%s»: oppsett av komprimeringsalgoritme %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "du anbefales på det sterkeste å endre oppsett og\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "dele ut denne nøkkelen på nytt for å unngå potensielle problemer med "
 "algoritme-samsvar\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "oppdater oppsettet med følgende kommando: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "nøkkel %s: ingen bruker-ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "nøkkel %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "avvist av importeringskontrollør"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "nøkkel %s: PKS-undernøkkel reparert\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "nøkkel %s: akseptert ikke-selvsignert bruker-ID «%s»\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "nøkkel %s: ingen gyldig bruker-id-er\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "dette kan skyldes manglende selvsignatur\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "nøkkel %s: fant ikke offentlig nøkkel: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "nøkkel %s: ny nøkkel. Hoppet over\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "fant ikke skrivbart nøkkelknippe: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "feil under skriving av nøkkelknippe «%s»: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "nøkkel %s: offentlig nøkkel «%s» importert\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "nøkkel %s: stemmer ikke med vår kopi\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "nøkkel %s: «%s» 1 ny bruker-ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "nøkkel %s: «%s» %d nye bruker-id-er\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "nøkkel %s: «%s» 1 ny signatur\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "nøkkel %s: «%s» 1 ny undernøkkel\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "nøkkel %s: «%s» %d nye undernøkler\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "nøkkel %s: «%s» %d nye bruker-id-er\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "nøkkel %s: «%s» %d nye bruker-id-er\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "nøkkel %s: «%s» ikke endret\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "nøkkel %s: hemmelig nøkkel importert\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "nøkkel %s: hemmelig nøkkel finnes allerede\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "nøkkel %s: feil under sending til agent: %s\n"
@@ -3862,202 +3776,209 @@ msgstr "nøkkel %s: feil under sending til agent: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "Kjør følgende kommando for å flytte «%s»: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "hemmelig nøkkel %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "importering av hemmelig nøkkel er ikke tillatt\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr ""
 "nøkkel %s: hemmelig nøkkel med ugyldig krypteringsmetode %d - hoppet over\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Ingen grunn oppgitt"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Nøkkelen er overgått"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Nøkkelen har blitt kompromittert"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Nøkkelen er ikke lengre i bruk"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Bruker-ID er ikke lenger gyldig"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "grunnen for opphevelse: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "kommentar til opphevelse: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "nøkkel %s: offentlig nøkkel mangler. Klarte ikke å bruke "
 "opphevelsessertifikat\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "nøkkel %s: finner ikke original nøkkelblokk: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "nøkkel %s: klarte ikke å lese opprinnelig nøkkelblokk: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - avvist\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "nøkkel %s: «%s» opphevingssertifikat importert\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "nøkkel %s: ingen bruker-ID for signatur\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "nøkkel %s: offentlig nøkkelalgoritme for bruker-ID («%s») støttes ikke\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "nøkkel %s: ugyldig selvsignatur for bruker-ID «%s»\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "nøkkel %s: ustøttet offentlig nøkkelalgoritme\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "nøkkel %s: ugyldig direkte nøkkelsignatur\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "nøkkel %s: ingen undernøkkel for nøkkelbinding\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "nøkkel %s: ugyldig undernøkkelbinding\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "nøkkel %s: fjernet flere undernøkkelbindinger\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "nøkkel %s: ingen undernøkkel for nøkkeloppheving\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "nøkkel %s: ugyldig undernøkkeloppheving\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "nøkkel %s: fjernet flere undernøkkelopphevinger\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "nøkkel %s: hoppet over bruker-ID «%s»\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "nøkkel %s: hoppet over undernøkkel\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "nøkkel %s: ikke-eksporterbar signatur (klasse 0x%02X) - hoppet over\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "nøkkel %s: opphevingssertifikat på feil plass - hoppet over\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - hoppet over\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "nøkkel %s: undernøkkelsignatur på feil plass - hoppet over\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "nøkkel %s: uforventet signaturklasse (0x%02X) - hoppet over\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "nøkkel %s: oppdaget duplisert bruker-ID. Slått sammen\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "nøkkel %s: oppdaget duplisert bruker-ID. Slått sammen\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "ADVARSEL: nøkkel %s kan være opphevet: henter opphevingsnøkkel %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "ADVARSEL: nøkkel %s kan være opphevet: opphevingsnøkkel %s ikke tilstede.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "nøkkel %s: «%s» opphevingssertifikat lagt til\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "nøkkel %s: direkte nøkkelsignatur lagt til\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "feil under minnetildeling: %s\n"
@@ -4081,40 +4002,40 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (omsorterte signaturer følger)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "nøkkel %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d duplikatsignatur fjernet\n"
 msgstr[1] "%d duplikatsignaturer fjernet\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d signatur ble ikke kontrollert på grunn av manglende nøkkel\n"
 msgstr[1] "%d signaturer ble ikke kontrollert på grunn av manglende nøkkel\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d ubrukelig signatur\n"
 msgstr[1] "%d ubrukelige signaturer\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d signatur omsortert\n"
 msgstr[1] "%d signaturer omsortert\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4123,37 +4044,32 @@ msgstr ""
 "Advarsel: fant feil og kontrollerte bare selvsignaturer. Kjør «%s» for å "
 "kontrollere alle signaturer.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "feil under opprettelse av nøkkelskrin «%s»: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "feil under opprettelse av nøkkelknippe «%s»: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "nøkkelskrin «%s» er opprettet\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "nøkkelknippe «%s» er opprettet\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "nøkkelblokkressurs «%s»: %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "feil under åpning av nøkkeldatabase: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "klarte ikke å bygge hurtiglager for nøkkelknippe på nytt: %s\n"
@@ -4166,7 +4082,7 @@ msgstr "[oppheving]"
 msgid "[self-signature]"
 msgstr "[selvsignatur]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4177,12 +4093,12 @@ msgstr ""
 "andre brukeres nøkler (ved å se på pass, sjekke fingeravtrykk fra\n"
 "forskjellige kilder, osv.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Jeg stoler marginalt\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Jeg stoler fullt\n"
@@ -4214,12 +4130,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Bruker-ID «%s» er opphevet."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Er du sikker på at du vil signerere den? (j/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Klarte ikke å signere.\n"
 
@@ -4392,194 +4308,198 @@ msgstr "Jeg har sjekket denne nøkkelen veldig nøye.\n"
 msgid "Really sign? (y/N) "
 msgstr "Er du sikker på at du vil signere? (j/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "signering mislyktes: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Nøkkelen har bare stubbe- eller kortnøkkel-elementer. Ingen passordfrase å "
 "endre.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "nøkkel %s: feil under endring av passordfrase: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "lagre og avslutte"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "vise nøkkelens fingeravtrykk"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "vis nøkkelgrep"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "vis nøkler og bruker-id-er"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "velger bruker-ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "velger bruker-ID N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "sjekke signaturer"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "signer valgte bruker-id-er [* se nedenfor for relevante kommandoer]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "signerer valgte bruker-id-er lokalt"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "signer valgte bruker-id-er med tillitssignatur"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 "signer valgte bruker-id-er med en signatur som ikke kan trekkes tilbake"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "legg til bruker-ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "legg til foto-ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "slett valgte bruker-id-er"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "legg til undernøkkel"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "legg til nøkkel på et smartkort"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "flytt nøkkel til et smartkort"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "flytt en sikkerhetskopi-nøkkel til et smartkort"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "slett valgte undernøkler"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "legg til opphevingsnøkkel"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "slett signaturer fra valgte bruker-id-er"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "endre utløpsdato for nøkkelen eller valgte undernøkler"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "marker valgt bruker-ID som primær"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "vis innstillinger (avansert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "vis innstillinger (detaljert)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "velg oppsettsliste for valgte bruker-id-er"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "endre adresse til foretrukket nøkkeltjener for valgte bruker-id-er"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "endre notat for valgte bruker-id-er"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "endre passordfrase"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "endre eiertillit"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "opphev signaturer på valgte bruker-id-er"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "opphev valgte bruker-id-er"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "opphev nøkkel eller valgte undernøkler"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "ta nøkkel i bruk"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "ta nøkkel ut av bruk"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "vis valgte foto-id-er"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "pakkk sammen ubrukelige bruker-id-er og fjern ubrukelige signaturer fra "
 "nøkkel"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "pakkk sammen ubrukelige bruker-id-er og fjern alle signaturer fra nøkkel"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Hemmelig nøkkel er tilgjengelig.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Hemmelig nøkkel er tilgjengelig.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Du trenger tilhørende hemmelig nøkkel for å gjøre dette.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4593,286 +4513,291 @@ msgstr ""
 "  (nrsign), eller hvilken som helst kombinasjon av disse (ltsign, tnrsign, "
 "osv.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Nøkkelen er opphevet."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Er du sikker på at du vil signerere alle bruker-id-er? (j/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Er du sikker på at du vil signerere alle bruker-id-er? (j/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Tips: Velg bruker-id-en(e) du vil signere\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "«%s» er en ukjent signaturtype\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Denne kommandoen er ikke tillatt i %s-modus.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Du må velge minst én bruker-ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Bruk kommandoen «%s».)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Du kan ikke slette siste bruker-ID.\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Er du sikker på at du vil fjerne alle valgte bruker-id-er? (j/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Er du sikker på at du vil fjerne valgt bruker-ID? (j/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Er du sikker på at du vil flytte primærnøkkelen? (j/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Du må velge minst én nøkkel.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Kommandoen forventer et filnavn-argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Klarte ikke å åpne «%s»: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Feil under lesing av sikkerhetskopi-nøkkel fra «%s»: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Du må velge minst én nøkkel.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Er du sikker på at du vil slette valgt nøkkel? (j/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Er du sikker på at du vil slette denne nøkkelen? (j/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Er du sikker på at du vil oppheve alle valgte bruker-id-er? (j/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Er du sikker på at du vil oppheve denne bruker-id-en? (j/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Er du sikker på at du vil oppheve hele nøkkelen? (j/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Er du sikker på at du vil oppheve valgte undernøkler? (j/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Er du sikker på at du vil oppheve denne undernøkkelen? (j/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Du kan ikke justere eiertillit når du bruker selvvalgt tillitsdatabase\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Bytt oppsettsliste til:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Er du sikker på at du vil oppdatere oppsett for valgte bruker-id-er? (j/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Er du sikker på at du vil oppdatere oppsett? (j/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Vil du lagre endringer? (j/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Vil du avslutte uten å lagre? (j/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Nøkkelen ble ikke endret, så ingen oppdatering er nødvendig.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "klarte ikke å oppheve siste gyldige bruker-ID.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "opphevelse av bruker-id mislyktes: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "endring av primær bruker-ID mislyktes: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "«%s» er ikke et fingeravtrykk\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "«%s» er ikke primært fingeravtrykk\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Bruker-ID «%s» er ugyldig: %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Ingen treff på bruker-id-er."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Ingenting å signere.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Ikke signert av deg.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontroll av opprettet signatur mislyktes: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "«%s» er en ugyldig utløpstid\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "«%s» er et ugyldig fingeravtrykk\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "fant ikke undernøkkel «%s»\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Kontrollsum: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Funksjoner: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Nøkkeltjener no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Foretrukket nøkkeltjener: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notasjoner: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x-brukere har ingen oppsettsmuligheter.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Følgende nøkkel ble opphevet %s av %s med nøkkelen %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Denne nøkkelen kan bli opphevet av %s med nøkkelen %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(sensitiv)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "opprettet: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "opphevet: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "utgikk: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "utgår: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "bruk: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "kortnr.: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "tillit: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "gyldighet: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Denne nøkkelen er ikke i bruk"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4880,17 +4805,17 @@ msgstr ""
 "Merk: du bør starte programmet på nytt for å sikre at nøkkel-gyldigheten\n"
 "som vises her er riktig.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "opphevet"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "utgått"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4899,17 +4824,17 @@ msgstr ""
 "ADVARSEL: ingen bruker-ID er merket som primær. Denne kommandoen kan\n"
 "              føre til at en annen bruker-ID blir brukt som primærbruker.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "ADVARSEL: Undernøkkel for kryptering utløper snart.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Du bør vurdere å endre utløpsdato samtidig.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4919,72 +4844,72 @@ msgstr ""
 "føre til at\n"
 "         enkelte PGP-versjoner avviser nøkkelen.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Er du sikker på at du vil legge den til? (j/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Du kan ikke knytte foto-ID til PGP2-nøkler.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Valgt bruker-ID finnes allerede på denne nøkkelen!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Slette denne gode signaturen? (j/N/a)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Vil du slette denne ugyldige signaturen? (j/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Vil du slette denne ukjente signaturen? (j/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Er du sikker på at du vil slette denne selvsignaturen? (j/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Slettet %d signatur.\n"
 msgstr[1] "Slettet %d signaturer.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Ingen ble slettet.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "ugyldig"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Bruker-ID «%s» pakket sammen: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Bruker-ID «%s»: %d signatur fjernet\n"
 msgstr[1] "Bruker-ID «%s»: %d signaturer fjernet\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Bruker-ID «%s»: allerede minimert\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Bruker-ID «%s»: allerede renset\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4994,277 +4919,283 @@ msgstr ""
 "         kan dette føre til at enkelte PGP-versjoner ikke vil kunne bruke "
 "nøkkelen.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Du kan ikke knytte opphevere til PGP 2.x-nøkler.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Skriv inn oppheverens bruker-ID: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "du kan ikke bruke PGP 2.x-nøkler som opphevere\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "du kan ikke bruke en nøkkel som opphevelsesnøkkel for seg selv\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "denne nøkkelen er allerede i bruk som opphevelsesnøkkel\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "ADVARSEL: du kan ikke angre tildeling av opphevelsesrolle til en nøkkel.\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Er du sikker på at du vil gjøre denne nøkkelen til en opphever? (j/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr ""
 "Er du sikker på at du vil endre utløpstid for flere undernøkler? (j/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Endrer utløpstid for undernøkkel.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Endrer utløpstid for primærnøkkel.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Du kan ikke endre utløpsdato for v3-nøkler\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Endrer utløpstid for undernøkkel.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Endrer utløpstid for primærnøkkel.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "signerings-undernøkkel %s er allerede kryssertifisert\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "undernøkkel %s signerer ikke, og behøver derfor ikke å bli kryssertifisert\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Velg én bruker-ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "hopper over v3-selvsignatur for bruker-ID «%s»\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Skriv inn adresse til foretrukket nøkkeltjener: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Er du sikker på at du vil erstatte den? (j/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Er du sikker på at du vil slette den? (j/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Skriv inn notat: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Vil du fortsette? (j/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Ingen bruker-ID med indeks %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Ingen bruker-ID med kontrollsum %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Ingen undernøkkel med ID «%s».\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Ingen undernøkkel med indeks %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "bruker-ID: «%s»\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "signert med nøkkelen %s %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (ikke-eksporterbar)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Denne signaturen utgikk %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Er du sikker på at du vil oppheve den? (j/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Vil du lage et opphevelsessertifikat for denne signaturen? (j/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Du har signert disse bruker-id-ene med nøkkelen %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (kan ikke oppheves)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "opphevet med nøkkelen %s %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Du er i ferd med å oppheve følgende signaturer:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Er du sikker på at du vil lage opphevelsessertifikatene? (j/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "ingen hemmelig nøkkel\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "prøvde å oppheve ID som ikke tilhørte en bruker: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "bruker-ID «%s» er allerede opphevet\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "ADVARSEL: en bruker-id-signatur er datert %d sekunder i framtiden\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Klarte ikke å oppheve siste gyldige bruker-ID.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Nøkkelen %s er allerede opphevet.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Undernøkkel %s er allerede opphevet.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Viser %s foto-ID av størrelsen %ld for nøkkel %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "ugyldig verdi for valg «%s»\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "innstilling «%s» er duplisert\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "for mange krypteringsinnstillinger\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "for mange kontrollsum-innstillinger\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "for mange komprimeringsinnstillinger\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "for mange krypteringsinnstillinger\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "«%s» er et ugyldig oppsettsvalg\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "skriver direkte signatur\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "skriver selvsignatur\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "skriver nøkkelbindende signatur\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "ugyldig nøkkelstørrelse. Bruker %u bit\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "nøkkelstørrelse rundet opp til %u bit\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5272,19 +5203,19 @@ msgstr ""
 "ADVARSEL: noen OpenPGP-programmer klarer ikke å behandle DSA-nøkler med "
 "denne kontrollsum-størrelsen\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Signere"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Bekrefte"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Kryptere data"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentisere"
 
@@ -5302,162 +5233,180 @@ msgstr "Autentisere"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsKkAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Mulige handlinger med en %s-nøkkel: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Tillatte handlinger: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Slå av/på signeringsfunksjon\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Slå av/på krypteringsfunksjon\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Slå av/på autentiseringsfunksjon\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Ferdig\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA og RSA (standard)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA og Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (bare signering)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (bare signering)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (bare kryptering)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (bare kryptering)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (sette dine egne muligheter)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (sette dine egne muligheter)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC og ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) signer, krypter\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
+
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (kun signering)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (velg funksjoner selv)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (kun kryptering)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) Nøkkel\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Nøkkel fra kort\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Skriv inn nøkkelgrep: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Ugyldig nøkkelgrep (forventer 40 heks-sifre)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Ingen nøkkel med dette nøkkelgrepet\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "feil under lesing av kort: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Kortets serienummer: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Tilgjengelige nøkler:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "rundet av til %u bit\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s-nøkler må være mellom %u og %u bit lange.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Hvor stor vil du at undernøkkelen skal være? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Forespurt nøkkelstørrelse er %u bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Velg elliptisk kurve:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5473,7 +5422,7 @@ msgstr ""
 "      <n>m = nøkkelen utgår om n months\n"
 "      <n>y = nøkkelen utgår om n years\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5489,38 +5438,38 @@ msgstr ""
 "      <n>m = signaturen utgår om n months\n"
 "      <n>y = signaturen utgår om n years\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Nøkkelen er gyldig for? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Signaturen er gyldig for? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "ugyldig verdi\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Nøkkel utgår ikke i det hele tatt\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Signaturen utgår ikke i det hele tatt\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Nøkkel utgår %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signaturen utgår %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5528,11 +5477,11 @@ msgstr ""
 "Systemet ditt klarer ikke å håndtere datoer etter 2038.\n"
 "Likevel håndteres det korrekt fram til 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Er dette korrekt (j/N)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5546,7 +5495,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5562,49 +5511,49 @@ msgstr ""
 "    «Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>»\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Fullt navn: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Ugyldig tegn i navn\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Tegnene «%s» og «%s» kan ikke brukes i navn\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Navn kan ikke begynne med siffer\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Navnet må bestå av minst 5 tegn\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-postadresse: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Ugyldig e-postadresse\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Kommentar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Ugyldig tegn i kommentar\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Du bruker tegnsettet «%s».\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5615,7 +5564,7 @@ msgstr ""
 "    «%s»\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Ikk bruk e-postadresse som navn eller kommentar\n"
 
@@ -5630,31 +5579,31 @@ msgstr "Ikk bruk e-postadresse som navn eller kommentar\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKeEeRrAa"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Endre (N)avn, (K)ommentar, (E)postadresse eller (A)vslutt? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Endre (N)avn, (K)ommentar, (E)postadresse eller (R)iktig/(A)vslutt? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Endre (N)avn, (E)postadresse eller (A)vslutt? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Endre (N)avn, (E)postadresse eller (R)iktig/(A)vslutt? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Rett opp feilen først\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5666,13 +5615,13 @@ msgstr ""
 "diskene jobbe) mens dette pågår. Da får\n"
 "tallgeneratoren bedre muligheter til å samle inn vilkårlighetsdata.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Nøkkelgenerering mislyktes: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5683,65 +5632,65 @@ msgstr ""
 "    «%s»\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Vil du fortsette? (J/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Det finnes allerede en nøkkel for «%s»\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Vil du lage nøkkel likevel? (j/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "lager likevel\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Merk: Bruk «%s %s» for å se et fullverdig dialogvindu for nøkkelgenerering.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Nøkkelgenerering ble avbrutt.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "klarte ikke å lage sikkerhetskopifila «%s»: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Merk: sikkerhetskopi av kortnøkkel lagret på «%s»\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "skriver offentlig nøkkel til «%s»\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "fant ikke skrivbart offentlig nøkkelknippe: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "feil under skriving av offentlig nøkkelknippe «%s»: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "offentlig og hemmelig nøkkel opprettet og signert.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5750,7 +5699,7 @@ msgstr ""
 "vurdere å bruke kommandoen «--edit-key» for å lage en\n"
 "undernøkkel til dette formålet.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5758,7 +5707,7 @@ msgstr ""
 "nøkkel har blitt opprettet %lu sekund i framtiden (time warp- eller "
 "klokkeproblem)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5766,619 +5715,623 @@ msgstr ""
 "nøkkel har blitt opprettet %lu sekunder i framtiden (time warp- eller "
 "klokkeproblem)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "Merk: det strider med OpenPGP-standarden å lage undernøkler for v3-nøkler\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Hemmelige deler av primærnøkkelen er ikke tilgjengelig.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Hemmelige deler av primærnøkkelen er lagret på kort.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Er du sikker på at du vil fortsette? (j/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "aldri     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Regler for kritisk signatur: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Regler for signatur: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Kritisk foretrukket nøkkeltjener: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritisk signaturnotat: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Signaturnotat: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d gyldig signatur\n"
 msgstr[1] "%d gyldige signaturer\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "%d signatur ble ikke kontrollert på grunn av feil\n"
 msgstr[1] "%d signaturer ble ikke kontrollert på grunn av feil\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "Advarsel: hoppet over %lu nøkkel pga. for høy størrelse\n"
 msgstr[1] "Advarsel: hoppet over %lu nøkler pga. for høy størrelse\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Nøkkelknippe"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Fingeravtrykk for primærnøkkel:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Fingeravtrykk for undernøkkel:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Fingeravtrykk for primærnøkkel:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Fingeravstrykk for undernøkkel:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Nøkkelfingeravtrykk ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Serienummer for kort ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "hurtiglagrer nøkkelknippe «%s»\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu nøkler hurtiglagret så langt (%lu signatur)\n"
 msgstr[1] "%lu nøkler hurtiglagret så langt (%lu signaturer)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu nøkkel hurtiglagret"
 msgstr[1] "%lu nøkler hurtiglagret"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu signatur)\n"
 msgstr[1] " (%lu signaturer)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: laget nøkkelknippe\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "overstyr mellomtjener-oppsett for dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "ta med opphevede nøkler som søketreff"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "ta med undernøkler ved søk på nøkkel-ID"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "overstyr tidsavbrudd-oppsett for dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "hent nøkler automatisk ved bekreftelse av signaturer"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "bruk nøklers foretrukne nøkkeltjener-adresse"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "bruk nøklers PKA-oppføring når du henter dem"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "ikke i bruk"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Skriv inn tall, N)este, eller Q)uit (Avslutt) > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "ugyldig nøkkeltjener-protokoll (us %d!=håndteringsprogram %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "«%s» er ikke en nøkkel-ID, og blir hoppet over\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "oppdaterer %d nøkkel fra %s\n"
 msgstr[1] "oppdaterer %d nøkler fra %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "ADVARSEL: klarte ikke å oppdatere nøkkel %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "fant ikke nøkkelen «%s» på nøkkeltjener\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "fant ikke nøkkelen på nøkkeltjener\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "ber om nøkkelen %s fra %s tjener %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "ber om nøkkelen %s fra %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "ingen kjent nøkkeltjener\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "hoppet over «%s»: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "sender nøkkelen %s til %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "ber om nøkkel fra «%s»\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "ADVARSEL: klarte ikke å fange URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "merkelig størrelse for en kryptert sesjonsnøkkel (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s kryptert øktnøkkel\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "kryptert med en ukjent algoritme %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "passordfrase generert med ukjent summeringsalgoritme %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "offentlig nøkkel er %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "offentlig nøkkel-kryptert data: god DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "kryptert med %u-bit %s-nøkkel, ID %s, opprettet %s\n"
 
 # Do we really need to translate this string.
 # The must some bug in the code.
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      «%s»\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "kryptert med %s-nøkkel, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "offentlig nøkkel-dekryptering mislyktes: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "ADVARSEL: fant flere elementer i ren tekst\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "kryptert med %lu passordfraser\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "kryptert med 1 passordfrase\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "offentlig nøkkel-dekryptering mislyktes: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "offentlig nøkkel-kryptert data: god DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "antar %s kryptert data\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA-kryptering er utilgjengelig. Prøver å bruke %s i stedet\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "ADVARSEL: meldinga var ikke integritetsbeskyttet\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "dekryptering mislyktes: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "dekryptering ok\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "ADVARSEL: kryptert melding er blitt manipulert.\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "dekryptering mislyktes: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Merk: senderen spesifiserte «kun for dine øyne»\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "opprinnelig filnavn=«%.*s»\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "selvstendig opphevelse - bruk «gpg --import» for å ta i bruk\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "fant ikke signatur\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "DÅRLIG signatur fra «%s»"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Utgått signatur fra «%s»"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "God signatur fra «%s»"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "signaturbekreftelse ble hindret\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "disse flertydige signaturdataene kan ikke behandles\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signatur opprettet %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               bruker %s nøkkel %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signatur laget %s ved hjelp av %s-nøkkel ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                utsteder «%s»\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Nøkkel tilgjengelig ved: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[usikker]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                aka «%s»"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "ADVARSEL: Denne nøkkelen egner seg ikke for signering i %s-modus\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Signatur utgått %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Signatur utgår %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s-signatur, kontrollsum-algoritme %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binær"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "tekstmodus"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "ukjent"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", nøkkelalgoritme"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "ADVARSEL: ikke en separat signatur. Fila «%s» er IKKE bekreftet.\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Klarte ikke å kontrollere signatur: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "ikke en separat signatur\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "ADVARSEL: fant flere signaturer. Kontrollerer bare den første.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "separat signatur av klasse 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "gammeldags (PGP 2.x) signatur\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat på «%s» mislyktes i %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) mislyktes in %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "ADVARSEL: bruker eksperimentell offentlig nøkkel-algoritme %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "ADVARSEL: «Elgamal»-nøkler er utgått\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "ADVARSEL: bruker eksperimentell krypteringsalgoritme %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "ADVARSEL: bruker eksperimentell kontrollsum-algoritme %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "ADVARSEL: kontrollsum-algoritmen «%s» er utgått\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Merk: signaturer som bruker algoritmen %s blir avvist\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "Note: signatures using the %s algorithm are rejected\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Merk: signaturer som bruker algoritmen %s blir avvist\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(rapportert feil: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(rapportert feil: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(mer info: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: valget «%s» er utgått\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "ADVARSEL: valget «%s» er utgått\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "bruk heller «%s%s»\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "ADVARSEL: «%s» er en utgått kommando. Ikke bruk den\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: «%s» er utgått i denne fila, og påvirker bare %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "ADVARSEL: valget «%s%s» er utgått, og påvirker bare %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Ukomprimert"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "ukomprimert|ingen"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "denne meldinga kan kanskje ikke brukes av %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "«%s» er et flertydig valg\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "«%s» er et ukjent valg\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "Offentlig ECDSA-nøkler forventes i SEC-koding som kan ganges med 8 bit\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "«%s» er en ukjent svak summeringsmetode\n"
@@ -6401,88 +6354,77 @@ msgstr "%s: ukjent suffiks\n"
 msgid "Enter new filename"
 msgstr "Skriv inn nytt filnavn"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "skriver til stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "antar signert data i «%s»\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "klarte ikke å håndtere offentlig nøkkelalgoritme %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "ADVARSEL: det er usikkert å kryptere øktnøkkel symmetrisk\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritisk signaturnotat: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "underpakke %d er merket som kritisk\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem med agent: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Skriv inn ny passordfrase"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Skriv inn passordfrase\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "avbrutt av bruker\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (hovednøkkelid %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Skriv inn passordfrase for å låse opp hemmelig OpenPGP-nøkkel:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Skriv inn passordfrase for å importere hemmelig OpenPGP-nøkkel:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Skriv inn passordfrase for å eksportere hemmelig OpenPGP-undernøkkel:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Skriv inn passordfrase for å eksportere hemmelig OpenPGP-nøkkel:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr ""
 "Er du sikker på at du vil slette følgende hemmelige OpenPGP-undernøkkel:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Er du sikker på at du vil slette følgende hemmelige OpenPGP-nøkkel:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6497,7 +6439,7 @@ msgstr ""
 "opprettet %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6511,34 +6453,78 @@ msgstr ""
 "nøkkelstørrelsen derfor påvirkes av hvor stort bildet er.\n"
 "En oppløsning på rundt 240x288 piksler er et godt utgangspunkt.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Skriv inn JPEG-filnavn for foto-ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "klarte ikke å åpne JPEG-fil «%s»: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Denne JPEG-fila er veldig stor (%d byte).\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Er du sikker på at du vil bruke den? (j/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "«%s» er ikke en JPEG-fil\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Er dette bildet riktig (j/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "fjernutføring av programmer er ikke støttet\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"denne plattformen krever midlertidige filer ved kall på eksterne programmer\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "klarte ikke å kjøre skallet «%s»: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "unaturlig avslutning av eksternt program\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systemfeil under kall på eksternt program: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "ADVARSEL: klarte ikke å fjerne midlertidig fil (%s) «%s»: %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "ADVARSEL: klarte ikke å fjerne midlertidig mappe «%s»: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"eksterne programkall er slått av på grunn av utrygge tillatelser til "
+"oppsettsfil\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "klarte ikke å vise foto-ID.\n"
@@ -6553,53 +6539,53 @@ msgstr "klarte ikke å vise foto-ID.\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Ingen tillitsverdi tilordnet til:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  aka «%s»\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Hvor mye stoler du på at denne nøkkelen faktisk tilhører navngitt bruker?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Jeg vet ikke eller vil ikke uttale meg\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = Jeg stoler IKKE på den\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Jeg stoler fullstendig på den\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = tilbake til hovedmenyen\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = hopp over denne nøkkelen\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = avslutt\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6608,48 +6594,48 @@ msgstr ""
 "Laveste tillitsnivå for denne nøkkelen er: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Hva velger du? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Er du sikker på at du vil gi denne nøkkelen fullstendig tillit? (j/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Sertifikater som fører til en fullstendig betrodd nøkkel:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Det finnes ingen indikasjon på at denne nøkkelen faktisk tilhører "
 "navngitt bruker\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Det er begrenset indikasjon på at denne nøkkelen faktisk tilhører "
 "navngitt bruker\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Denne nøkkelen tilhører sannsynligvis navngitt bruker\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "denne nøkkelen tilhører oss\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: Denne nøkkelen er markert som upålitelig, og bør ikke brukes.\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6659,7 +6645,7 @@ msgstr ""
 "Ikke svar ja på neste spørsmål med mindre du *virkelig* vet\n"
 "hva det innebærer.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6669,95 +6655,117 @@ msgstr ""
 "bruker-id-en.  Hvis du *virkelig* vet hva du gjør, kan du svare ja\n"
 "på neste spørsmål.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Vil du bruke denne nøkkelen likevel? (j/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "ADVARSEL: du bruker en upålitelig nøkkel.\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, fuzzy, c-format
 #| msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "ADVARSEL: nøkkel %s kan være opphevet: opphevingsnøkkel %s ikke tilstede.\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "bruker-ID: «%s»\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "valgt «%s», men mangler valget «%s»\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "nøkkel %s: stemmer ikke med vår kopi\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "valgt «%s», men mangler valget «%s»\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "ADVARSEL: denne nøkkelen er opphevet.\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "ADVARSEL: denne nøkkelen er opphevet av eieren.\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Dette kan bety at signaturen er falsk.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "ADVARSEL: denne undernøkkelen er opphevet av eieren.\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Merk: Denne nøkkelen er ikke i bruk.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Merk: Bekreftet signeringsadresse er «%s»\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Merk: Signeringsadresse «%s» samsvarer ikke med DNS-oppslag\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "tillitsnivå oppjustert til «FULL» pga. gyldig PKA-info\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "tillitsnivå nedjustert til «NEVER» (aldri) pga. ugyldig PKA-info\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Merk: denne nøkkelen er utgått.\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"ADVARSEL: denne nøkkelen er ikke sertifisert med en tillitsverdig signatur.\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "ADVARSEL: denne nøkkelen er ikke sertifisert med en tillitsverdig signatur.\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Det er ingen indikasjon på at signaturen tilhører eieren.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "ADVARSEL: vi stoler IKKE på denne nøkkelen.\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Signaturen er sannsynligvis et FALSKNERI.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"ADVARSEL: denne nøkkelen er ikke sertifisert med tilstrekkelig "
+"tillitsverdige signaturer.\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -6765,50 +6773,50 @@ msgstr ""
 "ADVARSEL: denne nøkkelen er ikke sertifisert med tilstrekkelig "
 "tillitsverdige signaturer.\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Det er ikke sikkert at signaturen tilhører brukeren.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: hoppet over: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: hoppet over. Offentlig nøkkel er ikke i bruk\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: hoppet over: offentlig nøkkel er allerede tilstede\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "klarte ikke å kryptere til «%s»\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "valgt «%s», men mangler gyldig forvalgt nøkkel\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "valgt «%s», men mangler valget «%s»\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Du skrev ikke inn en bruker-ID. (bruk evt. «-r»)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Gjeldende mottakere:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6816,40 +6824,40 @@ msgstr ""
 "\n"
 "Skriv inn bruker-ID og avslutt med tom linje: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Bruker-id-en finnes ikke.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "hoppet over: offentlig nøkkel allerede valgt som standardmottaker\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Offentlig nøkkel er ikke i bruk.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "hoppet over: offentlig nøkkel er allerede valgt\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "«%s» er en ukjent standardmottaker\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "ingen gyldige mottakere\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Merk: nøkkel %s har ingen %s-funksjon\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Merk: nøkkel %s har ingen innstilling for %s\n"
@@ -6859,76 +6867,82 @@ msgstr "Merk: nøkkel %s har ingen innstilling for %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data ble ikke lagret. Bruk valget «--output» for å lagre\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Adskilt signatur.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Skriv inn navn på datafil: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "leser std.innkanal …\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "ingen signerte data\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "klarte ikke å åpne signert data «%s»\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "klarte ikke å åpne signert data fd=%d: «%s»\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "nøkkel %s egner seg ikke for dekryptering i %s-modus\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonym mottaker. prøver hemmelig nøkkel %s …\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "nøkkel %s egner seg ikke for dekryptering i %s-modus\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "ok, det er du som er den anonyme mottakeren.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "gammel DEK-koding støttes ikke\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "krypteringsalgoritme %d%s er ukjent eller slått av\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "ADVARSEL: fant ikke krypteringsalgoritme %s i mottakers oppsett\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Merk: hemmelig nøkkel %s utgått %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Merk: nøkkelen er opphevet"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet mislyktes: %s\n"
@@ -6946,37 +6960,37 @@ msgstr "Skal oppheves av:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Dette er en privat opphevelsesnøkkel)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Hemmelig nøkkel er ikke tilgjengelig.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Vil du lage et utpekt opphevelsessertifikat for denne nøkkelen? (j/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Tvunget ASCII-armert utdata.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet mislyktes: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Opphevelsessertifikat opprettet.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "fant ingen opphevelsesnøkler for «%s»\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Dette er et opphevelsessertifikat for følgende OpenPGP-nøkkel:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6986,7 +7000,7 @@ msgstr ""
 "erklære offentlig at en nøkkel ikke skal brukes mer. Det er ikke mulig\n"
 "Ã¥ trekke tilbake en oppheving straks den er blitt publisert."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7001,7 +7015,7 @@ msgstr ""
 "Se beskrivelse av kommandoen «--generate-revocation» i GnuPG-\n"
 "bruksanvisninga for detaljer."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7011,12 +7025,12 @@ msgstr ""
 "Fjern dette kolonet med en tekstbehandler før du importerer og\n"
 "publiserer opphevelsessertifikatet."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "opphevelsessertifikat lagret som «%s.rev»\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "fant ikke hemmelig nøkkel «%s»\n"
@@ -7029,16 +7043,16 @@ msgstr "fant ikke hemmelig nøkkel «%s»\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "«%s» samsvarer med flere hemmelige nøkler:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "feil under søk på nøkkelknippe: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Vil du lage et opphevelsessertifikat for denne nøkkelen? (j/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7060,37 +7074,37 @@ msgstr ""
 "utskriftssystem kan være satt opp til å lagre utskriftsdata og dermed gjøre\n"
 "det mulig for andre å lese sertifikatet.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Velg grunn for opphevelse:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Avbryt"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Normalt bør du velge %d her)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Skriv inn en beskrivelse hvis du vil, og avslutt med tom linje:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Grunnlag for opphevelse: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Ingen beskrivelse oppgitt)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Er dette i orden? (j/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "nøkkelen ble svak. Prøver på nytt\n"
@@ -7102,64 +7116,59 @@ msgstr ""
 "klarte ikke å unngå svak nøkkel for symmetrisk krypteringsalgorime. Prøvde "
 "%d ganger.\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s-nøkkel %s bruker usikker kontrollsum (%zu bit)\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "%s-nøkkel %s krever kontrollsum på %zu eller flere bit (gjeldende sum: %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "du kan ikke bruke nøkkel %s til signering i %s-modus\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "ADVARSEL: konflikt med signatur-kontrollsum i melding\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "du kan ikke bruke nøkkel %s til signering i %s-modus\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "ADVARSEL: undernøkkel %s for signering er ikke kryssertifisert\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "se %s for mer informasjon\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "ADVARSEL: undernøkkel %s for signering er kryssertifisert på ugyldig "
 "grunnlag\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "offentlig nøkkel %s er %lu sekund nyere enn signaturen\n"
 msgstr[1] "offentlig nøkkel %s er %lu sekunder nyere enn signaturen\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "offentlig nøkkel %s er %lu dag nyere enn signaturen\n"
 msgstr[1] "offentlig nøkkel %s er %lu dager nyere enn signaturen\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7172,7 +7181,7 @@ msgstr[1] ""
 "nøkkel %s ble opprettet %lu sekunder i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7184,55 +7193,55 @@ msgstr[1] ""
 "nøkkel %s ble opprettet %lu dager i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Merk: signaturnøkkel %s utgått %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Merk: signaturnøkkel %s er opphevet\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "separat signatur av klasse 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "separat signatur av klasse 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "antatt ugyldig signatur fra nøkkel %s pga. ukjent «kritisk»-bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "nøkkel %s: ingen undernøkkel for undernøkkelopphevingssignatur\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "nøkkel %s: ingen undernøkkel for undernøkkelbindingssignatur\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr "ADVARSEL: klarte ikke å %%-utvide notasjon (for lang).\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr "ADVARSEL: klarte ikke å %%-utvide regelverkadresse (for lang).\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7241,48 +7250,49 @@ msgstr ""
 "ADVARSEL: klarte ikke å %%-utvide foretrukket nøkkeltjener-adresse (for "
 "lang).\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s-signatur fra: «%s»\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr "ADVARSEL: tvungen bruk av %s (%d) bryter med mottakerens oppsett\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signerer:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "bruker %s-kryptering\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "nøkkel er ikke merket som usikker, og kan ikke brukes med falsk RNG.\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "hoppet over «%s»: er duplikat\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "hoppet over, fordi hemmelig nøkkel allerede er tilstede\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "dette er en PGP-generelt Elgamal-nøkkel, og egner seg ikke til signering."
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "tillitsoppføring %lu, type %d: skriving mislyktes: %s\n"
@@ -7296,43 +7306,43 @@ msgstr ""
 "# Liste over tildelte tillitsverdier, opprettet %s\n"
 "# (Bruk «gpg --import-ownertrust» for å gjenopprette disse)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "feil i «%s»: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "for lang linje"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "kolon mangler"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "ugyldig fingeravtrykk"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "verdi for eiertillit mangler"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "feil under søk etter tillitspost i «%s»: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "lesefeil i «%s»: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: synk mislyktes: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "klarte ikke å lage lås for «%s»\n"
@@ -7342,12 +7352,12 @@ msgstr "klarte ikke å lage lås for «%s»\n"
 msgid "can't lock '%s'\n"
 msgstr "klarte ikke å låse «%s»\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb-oppf. %lu: lseek mislyktes: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb-oppf. %lu: skriving mislyktes (n=%d): %s\n"
@@ -7362,7 +7372,7 @@ msgstr "trustdb-transaksjon er for stor\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: mappa finnes ikke.\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "fikk ikke tilgang til «%s»: %s\n"
@@ -7403,7 +7413,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: feil under oppdatering av versjonsoppføring: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: feil under lesing av versjonsoppføring: %s\n"
@@ -7413,52 +7423,52 @@ msgstr "%s: feil under lesing av versjonsoppføring: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: feil under skriving av versjonsoppføring: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek mislyktes: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: lesing mislyktes (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: ikke en trustdb-fil\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versjonsoppføring nr. %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: %d er en ugyldig filversjon\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: feil under lesing av «free»-oppføring: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: feil under skriving av «dir»-oppføring: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: klarte ikke å nullstille oppføring: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: klarte ikke å legge til oppføring: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Error: trustdb er skadet.\n"
@@ -7498,10 +7508,10 @@ msgstr "TOFU-databaseversjon støttes ikke: %s\n"
 msgid "TOFU DB error"
 msgstr "TOFU DB-feil"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "feil under lesing av TOFU-database: %s\n"
@@ -7521,7 +7531,7 @@ msgstr "feil under oppstart av TOFU-database: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "feil under åpning av TOFU-database «%s»: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "feil under oppdatering av TOFU-database: %s\n"
@@ -7690,85 +7700,85 @@ msgstr "(G)od, (A)ksepter én gang, (U)kjent, (N)ekt én gang, (D)årlig? "
 msgid "Defaulting to unknown.\n"
 msgstr "Bruker standardverdi (ukjent).\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Oppdaget ødelagt del av TOFU-database.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "feil under endring av TOFU-regler: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~Ã¥r"
 msgstr[1] "%lld~Ã¥r"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~måned"
 msgstr[1] "%lld~måneder"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~uke"
 msgstr[1] "%lld~uker"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~dag"
 msgstr[1] "%lld~dager"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~time"
 msgstr[1] "%lld~timer"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~minutt"
 msgstr[1] "%lld~minutter"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~sekund"
 msgstr[1] "%lld~sekunder"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Bekreftet 0~signaturer og kryptert 0~meldinger."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Bekreftet 0 signaturer."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Kryptert 0 meldinger."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(regelsett: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7776,7 +7786,7 @@ msgstr ""
 "Advarsel: vi har enda ikke sett en melding som er signert med gjeldende "
 "nøkkel og bruker-ID.\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7784,17 +7794,17 @@ msgstr ""
 "Advarsel: vi har hittil bare sett én melding som er signert med gjeldende "
 "nøkkel og bruker-ID.\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Advarsel: du har enda ikke kryptert en melding til denne nøkkelen.\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Advarsel: du har bare kryptert én melding til denne nøkkelen.\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7822,165 +7832,165 @@ msgstr[1] ""
 "  %s\n"
 "to mark it as being bad.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "feil under åpning av TOFU-database: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "ADVARSEL: krypterer til %s. Denne har ingen bruker-id-er som ikke er "
 "opphevet\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "«%s» er en ugyldig lang nøkkel-ID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "nøkkel %s: godtatt som betrodd nøkkel\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "nøkkel %s forekommer flere enn én gang i trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "nøkkel %s: ingen offentlig nøkkel for betrodd nøkkel - hoppet over\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "nøkkel %s markert som endelig betrodd.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "tillitsoppføring %lu, foresp.type %d: lesing mislyktes: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "tillitsoppføring %lu er ikke av forespurt type (%d)\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 "Du kan prøve å gjenskape trustdb ved å skrive inn følgende kommandoer:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Se bruksanvisning hvis dette ikke hjelper\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "Klarte ikke å bruke ukjent tillitsmodell (%d). Prøver tillitsmodell %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "bruker tillitsmodell %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "kontroll av trustdb er ikke nødvendig\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "neste kontroll av trustdb planlagt %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "trustdb behøver ikke kontroll ved bruk av tillitsmodell «%s»\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "trustdb behøver ikke oppdatering ved bruk av tillitsmodell «%s»\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "fant ikke offentlig nøkkel %s: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "kjør «--check-trustdb»\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrollerer trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%d nøkkel behandlet"
 msgstr[1] "%d nøkler behandlet"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "(%d gyldighetsantall klarert)\n"
 msgstr[1] "(%d gyldighetsantall klarert)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "fant ingen nøkler med absolutt («ultimat») pålitelighet\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "fant ikke offentlig nøkkel for absolutt pålitelig nøkkel %s\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "dybde: %d  gyldig: %3d  signert: %3d  tillit: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "klarte ikke å oppdatere trustdb-versjonsoppføring. Skriving mislyktes: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "udefinert"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "aldri"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "full"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "ultimat"
 
@@ -7992,39 +8002,39 @@ msgstr "ultimat"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "11 translator see trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ opphevet]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[   utgått]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[   ukjent]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[    udef ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[   aldri ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[ marginal]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[   full  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  fullst.]"
 
@@ -8049,19 +8059,31 @@ msgstr "inndatalinje %u er for lang eller mangler LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "klarte ikke å åpne fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "ADVARSEL: meldinga var ikke integritetsbeskyttet\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "«%s» er et flertydig valg\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "endre feilsøkingsvalg"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "slå på full feilsøking"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Bruk: kbxutil [valg] [filer] (-h for hjelp)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8072,124 +8094,228 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNummer\\x1f: %s%%0AHolder\\x1f: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Gjenstående forsøk: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Skriv inn PIN-kode"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Skriv inn tilbakestillingskode for kortet"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Skriv inn PIN-kode"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Skriv inn tilbakestillingskode for kortet"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Skriv inn admin-PIN"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Skriv inn PIN-opplåsingskode (PUK) for standardnøkler."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-callback returnerte en feil: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "nøkkelen finnes allerede\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "gjeldende nøkkel blir erstattet\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "lager ny nøkkel\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "skriver ny nøkkel\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "klarte ikke å lagre nøkkel: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "svar inneholder ikke RSA-modulus\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "svar inneholder ikke offentlig RSA-eksponent\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "svar inneholder ikke offentlig EC-nøkkel\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "vent mens nøkkel blir generert …\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "nøkkelgenerering mislyktes\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "nøkkelgenerering fullført (%d sekund)\n"
+msgstr[1] "nøkkelgenerering fullført (%d sekunder)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "svar inneholder ikke offentlig nøkkeldata\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Skriv inn PIN for å la nøkkelen lage kvalifiserte signaturer."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Skriv inn admin-PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Skriv inn PIN-opplåsingskode (PUK) for standardnøkler."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Skriv inn PIN-kode for standardnøkler."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA-modulus mangler eller er av annen størrelse enn %d bit\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "offentlig RSA-eksponent mangler eller er større enn %d bit\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN-callback returnerte en feil: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN er ikke blitt endret enda\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN er ikke blitt endret enda\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Skriv inn ny PIN-kode for standardnøkler."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|Skriv inn ny PIN-opplåsingskode (PUK) for standardnøkler."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Skriv inn ny PIN for å la nøkkelen lage kvalifiserte signaturer."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 "|NP|Skriv inn ny PUK-kode for å la nøkkelen lage kvalifiserte signaturer."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr "|P|Skriv inn PUK-kode for å la nøkkelen lage kvalifiserte signaturer."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "feil under henting av ny PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "klarte ikke å lagre fingeravtrykk: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "klarte ikke å lagre opprettelsesdato: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "feil under henting av CHV-status fra kort\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "svar inneholder ikke RSA-modulus\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "svar inneholder ikke offentlig RSA-eksponent\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "svar inneholder ikke offentlig EC-nøkkel\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "svar inneholder ikke offentlig nøkkeldata\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
@@ -8197,44 +8323,44 @@ msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNummer\\x1f: %s%%0AHolder\\x1f: %s%%0ATeller\\x1f: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "bruker forvalgt PIN som %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "klarte ikke å bruke forvalgt PIN som %s: %s. Lar være å bruke forvalgt PIN "
 "senere\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||LÃ¥s opp kort"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "bekreftelse av CHV%d mislyktes: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "kortet er låst for godt.\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8242,20 +8368,20 @@ msgid_plural ""
 msgstr[0] "%d Admin-PIN-forsøk gjenstår før kortet blir låst permanent\n"
 msgstr[1] "%d Admin-PIN-forsøk gjenstår før kortet blir låst permanent\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Skriv inn PIN-kode"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Skriv inn tilbakestillingskode for kortet"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Tilbakestillingskoden er for kort. Minimumslengde er %d\n"
@@ -8263,120 +8389,78 @@ msgstr "Tilbakestillingskoden er for kort. Minimumslengde er %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Ny tilbakestillingskode"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Ny Admin PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Ny PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Skriv inn admin-PIN og ny admin-PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Skriv inn PIN-kode og ny PIN-kode"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "feil under lesing av programdata\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "feil under lesing av fingeravtrykk DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "nøkkelen finnes allerede\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "gjeldende nøkkel blir erstattet\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "lager ny nøkkel\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "skriver ny nøkkel\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "tidsstempel for opprettelse mangler\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA-primtall %s mangler eller er av annen størrelse enn %d bit\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "klarte ikke å lagre nøkkel: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "ustøttet kurve\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "vent mens nøkkel blir generert …\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "nøkkelgenerering mislyktes\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "nøkkelgenerering fullført (%d sekund)\n"
-msgstr[1] "nøkkelgenerering fullført (%d sekunder)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "ugyldig struktur i OpenPGP-kort (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "fingeravtrykk på kort samsvarer ikke med forespurt avtrykk\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "kortet støtter ikke kontrollsum-algoritme %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "signaturer opprettet så langt: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "bekrefting av Admin PIN er foreløpig nektet gjennom denne kommandoen\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "fikk ikke tilgang til %s. Bruker du et ugyldig OpenPGP-kort?\n"
@@ -8388,59 +8472,63 @@ msgstr "||Skriv inn PIN-koden på leserens kodetastatur"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Ny PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "kjør i multi-tjenermodus (forgrunn)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|NIVÅ|endre feilsøkingsnivå til valgt NIVÅ"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FIL|skriv logg til valgt FIL"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|koble til leser via port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAVN|bruk valgt NAVN som ct-API-driver"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|bruk valgt NAVN som PC-/SC-driver"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "ikke bruk intern CCID-driver"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|koble fra kort etter N antall sekunder uten aktivitet"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "ikke bruk kodetastatur"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "bruk inndata av vairabel lengde for kodetastatur"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "avvis bruk av admin-kortkommandoer"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Bruk: @SCDAEMON@ [valg] (-h for hjelp)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8448,37 +8536,31 @@ msgstr ""
 "Syntaks: scdaemon [valg] [kommando [arg]]\n"
 "Smartcard-bakgrunnsprogram for @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "bruk valget «--daemon» for å kjøre programmet i bakgrunnen\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "startet håndteringsprogram for fd %d\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "avsluttet håndteringsprogram for fd %d\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "feil under henting av informasjon om nøkkelbruk: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "kontrollmodell forespurt av sertifikat: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "kjede"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "skall"
 
@@ -8511,7 +8593,7 @@ msgstr "Merk: ukritisk sertifikat-regelsett er ikke tillatt"
 msgid "certificate policy not allowed"
 msgstr "sertifikatregelverk tillates ikke"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "klarte ikke å hente fingeravtrykk\n"
@@ -8526,7 +8608,7 @@ msgstr "slår opp utsteder på ekstern plassering\n"
 msgid "number of issuers matching: %d\n"
 msgstr "antall ustedere funnet: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "klarte ikke å hente «authorityInfoAccess»: %s\n"
@@ -8546,232 +8628,232 @@ msgstr "antall treff på sertifikater: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "nøkkeloppslag i dirmngr-hurtiglager mislyktes: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "klarte ikke å tildele nøkkeldatabase-verdi\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "sertifikatet er opphevet"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "sertifikatet har ukjent status"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "kontroller at «dirmngr» er installert skikkelig\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontroll av CRL mislyktes: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "sertifikat med ugyldig gyldighetsverdi: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "sertifikatet er ikke gyldig enda"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "rotsertifikat er ikke gyldig enda"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "mellomsertifikat er ikke gyldig enda"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "sertifikatet er utgått"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "rotsertifikat er utgått"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "mellomsertifikat er utgått"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "påkrevde sertifikategenskaper mangler: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "sertifikat med ugyldig gyldighetsverdi"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "signatur ikke laget innenfor sertifikatets levetid"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "sertifikat ikke laget innenfor utsteders levetid"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "mellomsertifikat ikke laget innenfor utsteders levetid"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  signatur opprettet "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (sertifikat opprettet "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (sertifikat gyldig fra "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     utsteder gyldig fra "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "fingeravtrykk=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "rotsertifikat er nå merket som troverdig\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interaktiv tillitsmerking er ikke slått på i gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interaktiv tillitsmarkering er slått av for gjeldende økt\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "ADVARSEL: opprettelsestid for signatur er ukjent. Antar gjeldende tidspunkt"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "fant ingen utsteder i sertifikat"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "selvsignert sertifikat har ugyldig signatur"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "rotsertifikat er ikke merket som troverdig"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontroll av tillitsliste mislyktes: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "sertifikatkjede er for langt\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "fant ikke utstedersertifikat"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "sertifikatet har ugyldig signatur"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "fant et annet CA-sertifikat som kan fungere. Prøver igjen"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "sertifikatkjede er lengre enn CA tillater (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "sertifikatet er gyldig\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "mellomsertifikat er ok\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "rotsertifikat er gyldig\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "bytter til kjedemodell"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "gyldighetsmodell: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "kontrollsum på %u bit er ugyldig for en %u-bit %s-nøkkel\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "kjernen er full\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(dette er algortime MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "ingen"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Feil - utgyldig koding]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[feil - kjernen er full]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[feil - ingen navn]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[feil - ugyldig DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8786,133 +8868,144 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "opprettet %s, utgår %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "ingen bruksområder for nøkler valgt. Antar alle bruksområder\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "feil under henting av informasjon om nøkkelbruk: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "sertifikatet skulle ikke vært brukt til sertifisering\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "sertifikatet skulle ikke vært brukt til OCSP-responssignering\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "sertifikatet skulle ikke vært brukt til kryptering\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "sertifikatet skulle ikke vært brukt til signering\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "sertifikatet egner seg ikke til kryptering\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "sertifikatet egner seg ikke til signering\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "slå opp sertifikat"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "linje %d: ugyldig algoritme\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "linje %d: nøkkellengden %u er ugyldig (skal være mellom %d og %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "linje %d: emnenavn mangler\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "linje %d: emne-etikett«%.*s» er ugyldig\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "linje %d: emnenavn «%s» ved posisjon %d er ugyldig\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "linje %d: ugyldig e-postadresse\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "linje %d: ugyldig serienummer\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "linje %d: utsteder-etikett «%.*s» er ugyldig\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "linje %d: utstedernavn «%s» ved posisjon %d er ugyldig\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "linje %d: ugyldig dato\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "linje %d: feil under henting av signeringsnøkkel ved nøkkelgrep «%s»: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "linje %d: ugyldig summeringsalgoritme\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "linje %d: ugyldig «authority-key-id»\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "linje %d: ugyldig «subject-key-id»\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "linje %d: ugyldig utvidelsessyntaks\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "linje %d: fiel under lesing av nøkkel «%s» fra kort: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "linje %d: feil under henting av nøkkel av nøkkelgrep «%s»: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "linje %d: nøkkelgenerering mislyktes: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8920,45 +9013,45 @@ msgstr ""
 "Skriv inn passordfrasen for nøkkelen én gang til for å fullføre denne "
 "sertifikat-forespørselen.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Nøkkel\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Nøkkel fra kort\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Mulige handlinger for %s-nøkler:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) signer, krypter\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) signer\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) krypter\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Skriv inn X.509-emnenavn: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Ingen emnenavn oppgitt\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Emneetikett «%.*s» er ugyldig\n"
@@ -8968,244 +9061,237 @@ msgstr "Emneetikett «%.*s» er ugyldig\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Emnenavnet «%s» er ugyldig\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "12"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Skriv inn e-postadresser"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (avslutt med tom linje):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Skriv inn DNS-navn"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (valgfritt. Avslutt med tom linje):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Skriv inn adresser"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Vil du lage selvsignert sertifikat? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Følgende parametre brukes:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "feil under oppretting av midlertidig fil: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Lager selvsignert sertifikat."
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Lager sertifikatforespørsel.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Dette kan ta en stund …\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Ferdig.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Ferdig. Du kan nå sende denne forespørselen til aktuell sertifikatutsteder "
 "(CA).\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "ressursproblem: oppbrukt kjerne\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s krypterte data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(dette er algoritme RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(dette ser ikke ut som en kryptert melding)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "kryptert med %s-nøkkel, ID %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "fant ikke sertifikatet «%s»: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "feil under låsing av nøkkelskrin: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "duplikatsertifikat «%s» slettet\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "sertifikat «%s» slettet\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "sletting av sertifikat «%s» mislyktes: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "ingen gyldige mottakere valgt\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "vis eksterne nøkler"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "vis sertifikatkjede "
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importer sertifikater"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "eksporter sertifikater"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "registrer smartkort"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "send en kommando til dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "kall gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "ikke bruk terminal i det hele tatt"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|antall sertifikater som skal være med"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FIL|hent regler fra valgt FIL"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "forvent inndata i «PEM»-format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "forvent inndata i «base-64»-format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "forvent inndata i binærformat"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "lag base64-kodet utdata"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|BRUKER-ID|bruk valgt BRUKER-ID som forvalgt hemmelig nøkkel"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FIL|legg til nøkkelknippe i liste over nøkkelknipper"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|bruk valgt nøkkeltjener til å slå opp nøkler"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "hent manglende utstedersertifikat"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAVN|bruk valgt kodeNAVN til PKCS#12-passordfraser"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "aldri spør CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "ikke se etter rotsertifikater i CRL"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "kontroller gyldighet med OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "ikke kontroller sertifikatregler"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAVN|bruk valgt krypteringsalgoritme-NAVN"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAVN|bruk valgt summeringsalgoritme-NAVN for melding"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "buntmodus: aldri spør"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "svar automatisk ja på de fleste spørsmål"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "svar automatisk nei på de fleste spørsmål"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FIL|lagre en revisjonslogg i valgt FIL"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Bruk: @GPGSM@ [valg] [filer] (-h for hjelp)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9215,87 +9301,123 @@ msgstr ""
 "Signer, kontroller, krypter eller dekrypter.\n"
 "Forvalgt handling avhenger av inndata.\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Merk: det er ikke mulig å kryptere til «%s»: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
+#, c-format
+msgid "unknown validation model '%s'\n"
+msgstr "«%s» er en ukjent kontrollmodell\n"
+
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: vertsnavn mangler\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: passord skrevet inn uten brukernavn\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: hopper over denne linja\n"
+
+#: sm/gpgsm.c:1545
 #, c-format
-msgid "unknown validation model '%s'\n"
-msgstr "«%s» er en ukjent kontrollmodell\n"
+msgid "could not parse keyserver\n"
+msgstr "klarte ikke å tolke nøkkeltjener\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "importerer sertifikat «%s»\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "klarte ikke å signere med «%s»: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "ugyldig kommando (implisitt kommando finnes ikke)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "totalt antall behandlet: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "feil under lagring av sertifikat\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "enkel sertifikatkontroll mislyktes. Ikke importert\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "feil under henting av lagrede valg: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "feil under importering av sertifikat: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "feil under lesing av inndata: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "ingen dirmngr kjører i gjeldende økt\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "feil under åpning av nøkkeldatabase: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "klarte ikke å søke etter sertifikat: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "feil under søk etter skrivbar nøkkeldatabase: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "feil under lagring av sertifikat: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "det oppstod en feil under nytt søk etter sertifikat: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "feil under lagring av valg: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Feil - "
 
@@ -9304,17 +9426,17 @@ msgstr "Feil - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY har ingen verdi. Bruker forvalgt verdi som kan være ugyldig\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "feilformatert fingeravtrykk i «%s», linje %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "ugyldig landskode i «%s», linje %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9331,7 +9453,7 @@ msgstr ""
 "\n"
 "%s%sEr du sikker på at du vil gjøre dette?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9340,7 +9462,7 @@ msgstr ""
 "Merk: dette programmet er ikke offisielt godkjent for å lage eller bekrefte "
 "slike signaturer.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9351,39 +9473,45 @@ msgstr ""
 "«%s»\n"
 "Merk: dette sertifikatet lager ikke «kvalifiserte» signaturer."
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "kontrollsum-algoritme %d (%s) for undertegnet %d støttes ikke. Bruker %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "kontrollsum-algoritme brukt av undertegnet %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "søk etter godkjent sertifikat mislyktes: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Signatur laget %s ved hjelp av %s-nøkkel ID %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signatur fullført"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[dato ikke oppgitt]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algoritme: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9391,17 +9519,17 @@ msgstr ""
 "ugyldig signatur. Kontrollsum-attributt for melding samsvarer ikke med "
 "attributt for utregnet sum\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Gyldig signatur fra"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                også kjent som"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Dette er en godkjent signatur\n"
@@ -9426,100 +9554,100 @@ msgstr "klarte ikke å sperre sertifikat-hurtiglager for skriving: %s\n"
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "klarte ikke å låse opp sertifikat-hurtiglager: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "fjerner %u sertifikater fra hurtiglager\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "klarte ikke å tolke sertifikat «%s»: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "sertifikat «%s» ligger allerede i hurtiglager\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "lastet inn tillitsmerket sertifikat «%s»\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "lastet inn sertifikat «%s»\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1-fingeravtrykk = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   utsteder ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  emne ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "feil under innlasting av sertifikat «%s»: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "permanent innlastede sertifikater: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    hurtiglagrede sertifikater: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           pålitelige sertifikater: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "sertifikat allerede hurtiglagret\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "sertifikat hurtiglagret\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "feil under hurtiglagring av sertifikat: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "«%s» er et ugyldig SHA1-fingeravtrykk\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "feil under henting av sertifikat etter S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "feil under henting av sertifikat etter emne: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "fant ingen utsteder av sertifikat\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "feil under henting av «authorityKeyIdentifier»: %s\n"
@@ -10039,55 +10167,55 @@ msgstr "Ingen CRL-tilgang i Tor-modus\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "sertifikatsøk ikke tilgjengelig fordi %s er slått av\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "bruk OCSP i stedet for CRL"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "kontroller om en dirmngr kjører"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "legg til sertifikat i hurtiglager"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "kontroller sertifikat"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "slå opp sertifikat"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "bare slå opp lokalt lagrede sertifikater"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "forvent nettadresse for «--lookup»"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "last inn CRL i dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "spesialmodus til bruk med Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "forvent sertifikater i PEM-format"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "tving bruk av forvalgt OCSP-svartjeneste"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Bruk: dirmngr-client [valg] [sert-fil|mønster] (-h for hjelp)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10099,216 +10227,212 @@ msgstr ""
 "Avslutningskode er 0 hvis sertifikatet er gyldig, 1 hvis\n"
 "ugyldig og annet for generelle programfeil\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "feil under lesing av sertifikat fra stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "feil under lesing av sertifikat fra «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "sertifikatet er for stort til at det gir mening\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "klarte ikke å koble til dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "oppslag mislyktes: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "innlasting av CRL «%s» mislyktes: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "dirmngr kjører i bakgrunnen\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "kontroll av sertifikat mislyktes: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "sertifikatet er gyldig\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "sertifikatet er opphevet\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "sertifikatkontroll mislyktes: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "fikk status: «%s»\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "feil under skriving av base64-koding: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "spørringa «%s» støttes ikke\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "forventet fullstendig filsti\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "slår opp «%s»\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "vis innhold i CRL-hurtiglager"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FIL|last inn CRL fra valgt FIL i hurtiglager"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|ADR|hent CRL fra valgt nettADResse"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "slå av dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "tøm hurtiglager"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "tillat kontroll av programvare-versjon over nett"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|ikke vis flere enn N antall elementer per spørring"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "kjør all nettverkstrafikk gjennom Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Oppsett for nøkkeltjenere"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|ADR|bruk nøkkeltjener på valgt nettADResse"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FIL|bruk CA-sertifikater i valgt FIL til HKP via TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Oppsett for HTTP-tjenere"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "hindre bruk av HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignorer HTTP CRL-distribusjonspunkter"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|ADR|videresend alle HTTP-forespørsler til valgt nettADResse"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "bruk systemets innstilling for HTTP-mellomtjener"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Oppsett for bruk av LDAP-tjenere"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "hindre bruk av LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignorer LDAP CRL-distribusjonspunkter"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|VERT|bruk valgt VERT til LDAP-oppslag"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "ikke bruk tilbakefallsverter ved bruk av valget «--ldap-proxy»"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|bruk valgt nøkkeltjener til å slå opp nøkler"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FIL|les LDAP-tjenerliste fra valgt FIL"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "legg til tjenere i tjenerliste som blir oppdaget via CRL-distribusjonspunkter"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|endre LDAP-tidsavbrudd til N antall sekunder"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Oppsett for OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "tillat sending av OCSP-forespørsler"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignorer OSCP-tjenesteadresser som følger sertifikater"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|ADR|bruk OCSP-svartjeneste ved valgt nettADResse"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|OCSP-svartjeneste signert av FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "tving innlasting av utdatert CRL"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10317,11 +10441,11 @@ msgstr ""
 "@\n"
 "Se «info»-bruksanvisning for fullstendig liste over alle kommandoer og valg\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Bruk: @DIRMNGR@ [valg] (-h for hjelp)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10329,114 +10453,296 @@ msgstr ""
 "Syntaks: @DIRMNGR@ [valg] [kommando [arg]]\n"
 "Tilgang til nøkkeltjener, CRL og OCSP for @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "følgende feilsøkingsnivåer er gyldige: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "bruk: %s [valg] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "kolon tillates ikke i sokkelnavn\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "henting av CRL fra «%s» mislyktes: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "behandling av CRL fra «%s» mislyktes: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: for lang linje. Hoppet over\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: oppdaget ugyldig fingeravtrykk\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: lesefeil: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: ignorerer ugyldige data ved linjeslutt\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "SIGHUP mottatt. Leser inn oppsett på nytt og tømmer hurtiglagre\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "SIGUSR2 mottatt. Ingen handling definert\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "SIGTERM mottatt. Slår av …\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "SIGTERM mottatt. %d tilkoblinger er fremdeles aktive\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "slår av under tvang\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "SIGINT mottatt. Slår av umiddelbart\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "signal %d mottatt. Ingen handling definert\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "vis alle verdier i oppføringsorientert format"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAVN|ignorer vertsdel og koble til med NAVN"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAVN|koble til valgt vertsNAVN"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|koble til port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAVN|bruk valgt brukerNAVN til autentisering"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|bruk valgt PASSord til autentisering "
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "hent passord fra $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRENG|utfør spørring med valgt DN-STRENG"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRENG|bruk valgt STRENG som filteruttrykk"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRENG|vis attributt valgt med STRENG"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Bruk: dirmngr_ldap [valg] [ADR] (-h for hjelp)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Syntaks: dirmngr_ldap [valg] [ADR]\n"
+"Internt LDAP-hjelpeverktøy for Dirmngr\n"
+"Grensesnitt og valgmuligheter kan endres uten varsel\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "portnummer %d er ugyldig\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "ser gjennom treff for attributt «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "feil under skriving til std.utkanal: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          tilgjengelig attributt «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "fant ikke attributt «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "fant attributt «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "behandler adresse «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          bruker «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          passord «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          vert «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filter «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          attr «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "ingen vertsnavn i «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "ingen attributt oppgitt for spørring «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "ADVARSEL: bruker bare første attributt\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP-init til «%s:%d» mislyktes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP-init til «%s:%d» mislyktes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP-init til «%s:%d» mislyktes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "tilknytning til «%s:%d» mislyktes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "søk etter «%s» mislyktes: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "«%s» er ikke en LDAP-adresse\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "«%s» er en ugyldig LDAP-adresse\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "fikk ikke tilgang til «%s»: http-status %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "Videresendt fra adresse «%s» til «%s» (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "for mange videresendinger\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to '%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "skriver til «%s»\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "feil under utskrift av logglinje: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "feil under lesing av logg fra ldap-grensesnitt %d: %s\n"
@@ -10466,51 +10772,31 @@ msgstr "venting på ldap-grensesnitt %d mislyktes: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap-grensesnitt %d steilet - dreper prosess\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "vertsnavn inneholder ugyldig tegn 0x%02x, og ble ikke lagt til\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "legger til «%s:%d» i ldap-tjenerliste\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc mislyktes: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "«%s» er ikke en LDAP-adresse\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "«%s» er en ugyldig LDAP-adresse\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: mønsteret «%s» er ugyldig\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search overskred tjenerens størrelsesgrense\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: passord skrevet inn uten brukernavn\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: hopper over denne linja\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10596,91 +10882,91 @@ msgstr "summering av OCSP-svar for «%s» mislyktes: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "ikke signert av sertifikat som tilhører en forvalgt OCSP-fullmektig"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "tildeling av listeelement mislyktes: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "feil under henting av svartjeneste-ID: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "fant ingen sertifikat som egner seg til å bekrefte OCSP-svar\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "fant ikke utstedersertifikat: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "klient sendte ikke målsertifikat\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "klient sendte ikke utstedersertifikat\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "klarte ikke å tildele OCSP-kontekst: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "ingen forvalgt OCSP-svartjeneste\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "ingen OCSP-undertegner er definert som standard\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "bruker forvalgt OCSP-svartjeneste «%s»\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "bruker OCSP-svartjeneste «%s»\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "feil under henting av OCSP-status for målsertifikat: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "sertifikatstatus er: %s  (dette=%s  neste=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "bra"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "sertifikat opphevet %s med følgende begrunnelse: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP-svartjeneste sendte status datert i framtiden\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP-svartjeneste sendte status som ikke er datert i nåtid\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP-svartjeneste sendte for gammel status\n"
@@ -10690,67 +10976,71 @@ msgstr "OCSP-svartjeneste sendte for gammel status\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "«assuan_inquire»(%s) mislyktes: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver mangler"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "serienummer mangler i sertifikat-ID"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "«assuan_inquire» mislyktes: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "«fetch_cert_by_url» mislyktes: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "feil under sending av data: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "«start_cert_fetch» mislyktes: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "«fetch_next_cert» mislyktes: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d overskredet\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "klarte ikke å tildele kontrollstruktur: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "klarte ikke å tildele assuan-kontekst: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "klarte ikke å starte opp tjener: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "klarte ikke å registrere kommandoer i Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan-godkjenningsproblem: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan-behandling mislyktes: %s\n"
@@ -10793,51 +11083,57 @@ msgstr "sertifikatkjede er funnet i orden\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "sertifikat skulle ikke vært brukt til CRL-signering\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "stille"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "kod utdata i heksadesimaler"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "dekod mottatte datalinjer"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "koble til dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "koble til dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAVN|koble til valgt Assuan-sokkelNAVN"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADR|koble til Assuan-tjener på valgt nettADResse"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "kjør valgt Assuan-tjener"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "ikke bruk utvidet tilkoblingsmodus"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FIL|kjør kommandoer fra valgt FIL ved oppstart"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "kjør /subst ved oppstart"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Bruk: @GPG@-connect-agent [vlag] (-h for hjelp)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10845,175 +11141,191 @@ msgstr ""
 "Syntaks: @GPG@-connect-agent [valg]\n"
 "Koble til kjørende agent og send kommandoer\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "valget «%s» krever et program som argument\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "ignorerer valget «%s» pga. «%s»\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "linjemottak mislyktes: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "hoppet over for lang linje\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "linje forkortet pga. innebygget Nul-tegn\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "«%s» er en ukjent kommando\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "sending av linje mislyktes: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "ingen dirmngr kjører i gjeldende økt\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "feil under sending av standardvalg: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "offentlig nøkkel er %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Privatnøkler"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Smartkort"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Nettverk"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Skriving av passordfrase"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Komponent egner seg ikke for oppstart"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Ekstern bekreftelse av komponent %s mislyktes"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Note: Use the command \"%s\" to restart them.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Merk: Bruk kommandoen «%s» for å starte dem på nytt.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Ekstern bekreftelse av komponent %s mislyktes"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Merk at gruppespesifikasjoner blir ignorert\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "feil under lukking av «%s»\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "feil under tolkning av «%s»\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "vis alle komponenter"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "kontroller alle programmer"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|KOMPONENT|vis valg"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|KOMPONENT|endre valg"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|KOMPONENT|kontroller valg"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "bruk globale standardverdier"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FIL|oppdater oppsettsfiler ved bruk av valgt FIL"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "hent oppsettsmapper for @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "vis global oppsettsfil"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "kontroller global oppsettsfil"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "søk i versjonsdatabase"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "last inn én eller alle komponenter på nytt"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "last inn valgt komponent"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "drep valgt komponent"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "bruk som utdatafil"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "ta i bruk endringer under kjøring, hvis mulig"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Bruk: @GPGCONF@ [valg] (-h for hjelp)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11021,15 +11333,15 @@ msgstr ""
 "Syntaks: @GPGCONF@ [valg]\n"
 "Behandle oppsettsvalg for verktøy i @GNUPG@-systemet\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Komponent-argument mangler"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Fant ikke komponent"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Ingen argumenter tillatt"
 
@@ -11045,149 +11357,238 @@ msgstr ""
 "Syntaks: gpg-check-pattern [valg] mønsterfil\n"
 "Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "tvungen bruk av krypt.metode %s (%d) bryter med mottakers oppsett\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "MERK: det ligger allerede nøkler på kortet.\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "feil under skriving til midlertidig fil: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "MERK: det ligger allerede nøkler på kortet.\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "bruk loggfil for tjeneren"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Erstatte eksisterende nøkler? (j/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FIL|lagre en tjenermodus-logg i valgt FIL"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Oppdaget OpenPGP-kortnummer %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "kjør uten å spørre bruker"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "tillat PKA-oppslag (DNS-forespørsler)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Valg som styrer utdata-format"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Valg som styrer bruk av Tor"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "legg til sertifikat i hurtiglager"
 
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP-tjenerliste"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use user NAME for authentication"
+msgid "setup KDF for PIN authentication"
+msgstr "|NAVN|bruk valgt brukerNAVN til autentisering"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "legg til sertifikat i hurtiglager"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "ber om nøkkelen %s fra %s tjener %s\n"
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "legg til sertifikat i hurtiglager"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: vertsnavn mangler\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "endre passordfrase"
+
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "oppdaget kort med serienummer %s\n"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "klarte ikke å tolke nøkkeltjener\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "ingen ssh-autentiseringnøkkel på kort: %s\n"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "vis alle verdier i oppføringsorientert format"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Fjern gjeldende kort og sett inn kort med serienummer"
+
+#~ msgid "use a log file for the server"
+#~ msgstr "bruk loggfil for tjeneren"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAVN|ignorer vertsdel og koble til med NAVN"
+#, fuzzy
+#~| msgid "connection to agent established\n"
+#~ msgid "connection to %s established\n"
+#~ msgstr "koblet til agent\n"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAVN|koble til valgt vertsNAVN"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "ingen kjørende gpg-agent. Starter «%s»\n"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|koble til port N"
+#~ msgid "argument not expected"
+#~ msgstr "uforventet argument"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAVN|bruk valgt brukerNAVN til autentisering"
+#~ msgid "read error"
+#~ msgstr "lesefeil"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|bruk valgt PASSord til autentisering "
+#~ msgid "keyword too long"
+#~ msgstr "nøkkelord er for langt"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "hent passord fra $DIRMNGR_LDAP_PASS"
+#~ msgid "missing argument"
+#~ msgstr "argument mangler"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRENG|utfør spørring med valgt DN-STRENG"
+#~ msgid "invalid argument"
+#~ msgstr "ugydig argument"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRENG|bruk valgt STRENG som filteruttrykk"
+#~ msgid "invalid command"
+#~ msgstr "ugyldig kommando"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRENG|vis attributt valgt med STRENG"
+#~ msgid "invalid alias definition"
+#~ msgstr "ugyldig aliasdefinisjon"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Bruk: dirmngr_ldap [valg] [ADR] (-h for hjelp)\n"
+#~ msgid "out of core"
+#~ msgstr "kjernen er full"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Syntaks: dirmngr_ldap [valg] [ADR]\n"
-#~ "Internt LDAP-hjelpeverktøy for Dirmngr\n"
-#~ "Grensesnitt og valgmuligheter kan endres uten varsel\n"
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "ugyldig kommando"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "«%s» er en ukjent kommando\n"
+
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "uforventet armering: "
+
+#~ msgid "invalid option"
+#~ msgstr "ugyldig valg"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "valget «%.50s» mangler et argument\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "valget «%.50s» skal ikke brukes med argumenter\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "portnummer %d er ugyldig\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "kommandoen «%.50s» er ugyldig\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "ser gjennom treff for attributt «%s»\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "valget «%.50s» er flertydig\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "feil under skriving til std.utkanal: %s\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "kommandoen «%.50s» er flertydig\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          tilgjengelig attributt «%s»\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "valget «%.50s» er ugyldig\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "fant ikke attributt «%s»\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Merk: standardvalg-fil «%s» finnes ikke\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "fant attributt «%s»\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "valgfil «%s»: %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "behandler adresse «%s»\n"
+#, fuzzy
+#~| msgid "option '%s' may not be used in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "du kan ikke bruke valget «%s» i %s-modus\n"
+
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "klarte ikke å kjøre «%s»: %s\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          bruker «%s»\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "klarte ikke å kjøre eksternt program\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          passord «%s»\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "klarte ikke å lese reponsen fra eksternt program: %s\n"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          vert «%s»\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "kontroller signaturer som har PKA-data"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          port %d\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "øk tillitsnivå for signaturer med gyldige PKA-data"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN «%s»\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC og ECC\n"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        filter «%s»\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "bruk nøklers PKA-oppføring når du henter dem"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          attr «%s»\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Merk: Bekreftet signeringsadresse er «%s»\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "ingen vertsnavn i «%s»\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Merk: Signeringsadresse «%s» samsvarer ikke med DNS-oppslag\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "ingen attributt oppgitt for spørring «%s»\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "tillitsnivå oppjustert til «FULL» pga. gyldig PKA-info\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "ADVARSEL: bruker bare første attributt\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "tillitsnivå nedjustert til «NEVER» (aldri) pga. ugyldig PKA-info\n"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "LDAP-init til «%s:%d» mislyktes: %s\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FIL|lagre en tjenermodus-logg i valgt FIL"
+
+#~ msgid "run without asking a user"
+#~ msgstr "kjør uten å spørre bruker"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "tilknytning til «%s:%d» mislyktes: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "tillat PKA-oppslag (DNS-forespørsler)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "søk etter «%s» mislyktes: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Valg som styrer utdata-format"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: mønsteret «%s» er ugyldig\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Valg som styrer bruk av Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "ldapserver mangler"
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP-tjenerliste"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "Merk: gammel standardvalgfil «%s» ble ignorert\n"
@@ -11243,8 +11644,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "klarte ikke å åpne %s for skriving: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "feil under lesing fra %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "feil under skriving til %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "feil under lukking av %s: %s\n"
@@ -11306,12 +11707,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " ved bruk av sertifikat-ID 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "option '%s' may not be used in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "du kan ikke bruke valget «%s» i %s-modus\n"
-
 #~ msgid "male"
 #~ msgstr "mann"
 
@@ -11359,12 +11754,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "OSCP-svar skal bare bruke SHA-1\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "venter på at dirmngr skal dukke opp … (%ds)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "koblet til dirmngr\n"
-
 #~ msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 #~ msgstr "Advarsel: «%s» må være en lang nøkkel-ID eller et fingeravtrykk\n"
 
diff --git a/po/pl.gmo b/po/pl.gmo
index 4215f2ffc3321229c8e4736465d78296fae00b04..00d53055554f2fd4998155a37171bdcc2aca719e 100644
GIT binary patch
delta 48644
zcmaIfb(B;`pU2@lGsqx=4sMORyAOlAySuvu35{C_?gWRRAwURDa6%GXg9kz&XprEx
zpKt$)JvsZw-n0EaRdwr@SKXcouwSo>v-O)e{_6>%%<{M*Lp?7g=7{vXkXW8qVzg2{
zuhK@(%ZZh-I1a?nAkX^&lMvs%$@6}}bC?hpZT7sRxEWL6Z<q$}x_I;-te*53?s<MM
z!X?zld}QonH@uaYp7>4|zm96)b7#CQfdagon1J+17q5@X*9BGHI4q1iUHloABcAa`
z&&x&qUKawDNtlPq_$P*Aimg^q9%Mkg>Zl$!cJ{_(#3!ICT<+ZGyoMTyx0nGFZnJzv
zob@q2^?Q8?WXI8%2{)p8ei38iJ4}S3+ifUQqtZ)ZJgkag*bEb67gU2rpekO3dj6oh
ze+gC36Z9u1kYoq*j`>hMZHX$NE2_Zpm=+hK3fhl)?xORVGi;}&XTc=gFYDq>odYl_
z>C><xuHDJ_Ywn(rpo*jJvWnxQ;<->$QOu>+bm`r&1nFO(diW!zz{?mPUphl~+XyAc
zjHGAB)L0v1Vz1qdzj`)=gqpYz)v`xe5DV_HIqr%YvN4zv*JE=01@-)GOo!2avIb>E
z<*R|&uq*2RY;2A@a5N_I@3jZM!3YxeqbdsCXAfjWJx~qn;9AUsA5bHgYrl<98Pw1=
zKuuXs7a!~HFLrLh)ZG6CYoY&d0_sW816FW7j6-}3rox$+7B@T3VNv2QF$?B7XdP&b
zT0_GyGp<8T$yrpx{y}vt^pK_J#z^h|ssu`MV=@-TW2gp2IqZ4)F%7E4buk_G!HhTy
zRp2gE18=$XC`T+`HcU@?byS0TqYvkyre-IGYyV$#2@eAao)_b1TfM1K+p7?&rxh^+
z_ChVnS(p&lqAL0c)zDk0d_hMop2=Ar)zEgR28>lY^?S<+MBo9;gdv=#Dj*xC!J3#1
zdtz>!fU0l@YOb%LM(kgAKklzqacR`hw?Ky48;F6PyY!3b*N{FTpb8WIW)&8}ti&6k
z3K)s1Z~+#<y{P^D8r9%<$81Upqw+UL9}d9SI0xh63K!pkYViJJjK2<)t0ct2XQ<Wv
z5!KS%$IWV(gLr4uqMVJFaSLjSrkt=jUV?i5C>FpsSRHen<VA)<F-DN*9md$iPo84@
z6}WoJ8gLIahcB=UhM)Gl4%h&v;2va|c-7Ca*LDA_H7EsYQ5MA**b=q+JENv>3?{^t
z7!`M5L)_~pP>w*7bM~5ThU&pY%!RwKGTz5pSm3-JC}S`?@r{@nuVP@=T(AbEL3OMo
zs^Tgb4_lz7t|vxE|2P712uwk(g+-{0`%#PT3}(THs0tHZv>uf~&3$Xsh>b@zU=@br
z0n`XxMCH4VDlh8qwrJBJBjooA5lF&~I+!23pjx&F3*fhy6R%)4jB&{pV*%7z-w3s>
zx}Zj45^ChOpw`fzsKu)V6ABqni#;dC(EhJOKtt5b-ROm3#Al%@UXJSFX;gtvFfoQ*
zv4S$7My#^43918Ku{8EYb>s&uhJRxsOn;S;p?<F@0aefnwYvS70vBR3+<_X>v#5N3
zV-bvg&898_m9M6=Gpd23Q02@=jqp~Ci6>AaatZyKn-2su#~H5MTvbO6VLyz5%TWzj
zjT*u|s5Ns03*&jz;tadNX^AaRBR31Riw<H0M*YLyt`$&IJ^2sDzbJtNB;>*OSORn2
z<c)`2up(~52>gVlFyfXiMn9G$z78wkJ&cQa{<JBGz)Hj`VGf*z8v36wHJ<y^Zx1{t
zL318*+v4#t9r3iNAuETPyPBv1CZb-yOHd>81E$BLs73kE-T#QHDE?oz#`2)@mqU$E
zV?Tim1jeC;c0Fnp|A?C7Yp5woe8;AwBx)CQ!?ZXDHF7&J6W&MlH2z&%6QxjVpb;v)
zAF4x3Q62EFCs2^UUQ`cWpmsyDzwIo~iCWziFd8<*wb%kRLNV@n-dxOqmGCesJ<few
zQ+ZJxY=Y{!AIsxR%uCd}Oh7{#`+=?gbeNoY1Zq_`MGawp)QHSPHSjnp-%V77?@{^F
zJhatb6jfnuOoJV8364e8m-&%KhWRf^Kts_ukigKo_;^%-3s4pPh)MAjM&dnGK{+1V
znu$cseI3;HYlj(e2u8=HsD`gWAMU}#)bCv<pgDShxiJ1eHWd-rgm^n_fqStTrhZ~Q
z9)gXCFG8iiLglabl!c7nJAXhQ@oks|e@E39^o;S>jZ_5G!crI$D_}6zMzy#es;8YW
z4i3Zk_%&)|7NZK>i5jsBsQgb*&qsT1Ba$37f_X6|R(a0&tDuf9VUWu(8&%Nvs0w~T
zjm&LKhzb9-*L7yhPCP%3!<N_>?_vxr^TK*w6*Cj>hJnS05yUUQVEhXZNb%D4cP-T1
zeuYKx1g68#SJvX}r~)dX4xY)VAw7mU@CD|?bg!+#TBrl<3)CX~5w%UvqdNB9Pe46L
z@+Pnyyt1eY`=bh+>*9w|75$9`G5%Zo>9!)OL4#3Kun$$<Rn*9azO#lWN5u=Hws~dL
zi1@n`2q!QLv*B9IjptDfiTd7plm(UE0F`enYRzoIRJa4x!;7d@{|d8Wst+~=6;bJ(
zPz{-k6}11CxD0nOFE>IzTE=1+n|Lb>!|oUbhoDyXa8!Y#F)^;ic(@<6M$TX?yn|}k
zGhBoTKG}$E3h1Y$1bT6!q!$#}CL2(5coL`J2TX%s2L%P@{5z~n{DF%X3=Z-li1)>k
zxCQItGc1J_LM(j@jv#&zOJMmZL0&=X_eK(^f!nb@Mvoe#bIEIt8p3O+hD47R<h8{)
zs0O{mw3s4#P+(3=q8i>BwFai3p5KL9bbq<~vHAVYE#k${PZ?e+z7sbkAwx_ncsM2^
zz66uvR@9uGL`}&}jEj#k6hET!MUNE}II4Z9^wO9DE1??H4z;MKVt(8cE65*ML{CZ3
zs(yo-v)r+R0&Af-sv+G`tA7-#N9$3m_yVfnx2VOMDa_)PQStt$H8K}{_!DYv+`!WK
zJj`zy^2Z4Z?8nBa9`-{msu8H3&ULPK>Dy7O|0Jfwi<k=kbtZ@#6gWxqpboC$sGfI0
zbz~0uaG#&RmrTJ;R6#A{2L)cULs4@%%DD-X6Tg9K`CC-aiX|{xVQ%7MU3@EQq^_d2
zceI2-ffF?as-Xo@`TcbX<RLH$Q{xurS=3NHL(Ofp@Swo<OM@Db45*PRfXY_}(_($p
zlnr!#je34Ls^Z<KcgSU=9KUyuKmroppn4QLk+nD<D!n4cz$T~`w?n<8W}+6^V$`{@
z8r6Zzs5S8h8)L@AL0&iXV_kfRN{>hq<c-%pn@^xN3F(std4FPm9Dt3J1$kZY6jsIJ
z$%6u4GRL9fC$KCgPhsal3)Dfi8r9RS=)-fUDR_Yq7&B#%R|czM0qXa@CeRKKU<b^c
z%6c>zwFdTKQGAS=sw}B(BpRc3%>>jo+lxBWub>uPNE#c7e3+kj3)BcrM?JR*{i@(D
zfl8Rj7ZmtGp#^HO4M5H1G#rnsP;;CoZBXDlT^-b_9*D}f0`=TZtcT}O6=q9k=SpSV
zN4zs?YO|$h|92)(GQG8U73zTts0=SqyCO7$Rh$tOuZUWF?NDo`H|l_z<L<9PZL=e&
z2L6NjFl9zduZbF=FEaXr0&lZbBxt*wLCwv3)B~k5+1cIO`8{e19-$Ul>daP96)YL#
zd4o_>uq}%nKsQiR6P(pdjoJ;x(1&&XE}@^x@HJ{G)}VU&43#l%HXGVJ$ZON9ih2!C
z$3nOVH4^`#)=Kj1maiUaq!wT@T#ae)0IGxjTLelHNR-1~I(4xR@v~S8E9A7rI0lt(
z8&<{_sESJGVin^c)YNT29nHs4L;MtVVEJ+f1%A=d3L}WG#PZtzcL-=GbL6p#8et9M
z6Hygia;DE~_q(GO?P64qkE8bWb1a4x^92R|L&Zo`#Xq4&^dsuIiuv8U0V`?$&m|Da
zjhm>s&rl%9n}8iq1w28m>O2K4UscpvnT*>1+g<!Us>hiM*~ryL4e?B@hCic5Fubt6
z|Lb4`^?OqYXiiU|TAHMYeGh1b`q61Cs^wQu1;!|9BT)i1LOn17x1*-)4eEd@Qp_4W
z8g>6?)V>cbZo8rs`n8C<5-5zbQ9U@}GJHU-_G~50rl`4|glgD+)M~ziZSfO+fo<6e
zI+Cwq6O2<T$ork$(HS+>kr6g^JtElu+AcFmP)~NFMj%=lo6DM5g!n}C_`idw1|EvE
zRs0;I5>Hq*DDa&y8S3awg`==I9>%?>j*cm3--I@z8hEiB`(LXyMtK|BoH&ViD^x=s
zp&l$$!RD?tYD5;JR{tp%k6F<cRdLKjdJ9a8V^E8973v^5j+%nEsJCbyf2E+nx7G;M
z+}6gHI2vQ(ZRbDEx6Y`Q?Ieqb%2(7`4s{aNM7?xcqZaP~3>@XC*YzrlhyGmzRKPKe
zh8HmgUPm1qf1@(KK;?^8#lE7&N4<_yp+=-SY9xoDrfeB%h_9d)Wmr|)rqxipU<oo3
ze(yQ~EvoQpcH&h=Ev^oz#qt$q!ELAm<`2}O`-E{YX?5#qW>kYqU>H`$ve*!{#ulJD
zaM0a9f$6mWuM+Ta;}fa}z8bdO%AwBgKF-M)_(21;2=}}6C#Z(Ru4xsdKn-~&RD;W)
z7G*2cniz&YT!JaI|MwF}hu2VNzE{gCPKA*~i=qk`ib-%j>MY-kT1>}KBNklS8lD-|
zfcmHo^g^wzNvH<wMNQ33^lJ_i*0IG=7S+SXsI|}w)q{bkA)k%G_&sWlH=`Qx0JXT%
z*0qr-j5@G7pr&pnYAW}*_&roT3F@)`RY2By_7-c2+AgzE+iy4OWQ<zhdQ=V7gN~>I
zCZI-c3HtCLs>ioc4fYz?$R$IKY+=+ktcQAjL<9D}3YbfRD&B<}s+*`5hc~pv6@hxN
zK593Nbk1=1SD;2<2dbizsD?gt#%W}`BoC^-)~G2O?I)m&i%}!7AGJzfVFC<pY^ymD
z7AKw_OJGaXLGuk}!-J@bAEUN!tR^-hiBM~$5NbqfVH)g=8Y%w-0y+>@qFS^AwV%(q
z3{jif5T->vSQ=GPOP4+rwT9-S7U!?1gXb1z#aF0?rfp^;R0*~CS|APcds7K$k*!62
zOZ^24;RlSs0?lo)^+%1+2GkVYMs33+Eo_lhK#gQi)KpHxsJIQ)u|22;{*LPKlYs2M
zC@pP>lA?N;4>gx{uo!ki4c&5gf494T)%naB+RCOZHL9GvsI^iXH3e-@b3fFjFUG*{
z|2Gm)&o82S6sxt(O)=Dg)Bx3>!KiIF6}7#7K@H_A)QOk1jje^ks5R0C%iv<vHoS=%
z*_dsuyfWz5HfTsd8G4{r{Tx)q2T?<J7d1t}?W|#GQ3p~<jD<~6L*EhA;|Zu9&qs~i
z7Sv)pj+(lA&Xn!h|Ej2Fdpo21q88Tz=XO*9=TUR_7}euw9c=#=K{c?Zi+6F3Kvg&w
z)u1h?=MSUGyN24%FFW{cv83;4J*tfAX-8DU#-a|QwWuCFN6leaCu>L^RKaaft9>wP
zBvznC<_L!38Po`0L2cJ4oo%Xf`w3{Zwm@y8(WsVfK^1rt_4bO@#R|@k+Me}M4IPVW
zz)I9M+k+ax+vvlft~RCVQ1#S6<?n~;pnnnp4dF)Aoc@Mt={-~f5_GedO9|8>Y>hgg
z2BP-)NYp_!2ep>gVr<-x+65<2<vvC=EOvJ*FDud@zgNQoUO!Ze=A$zHgqrIss38sO
zVLi%?>Uk|x1wBzCHU+i1ccb?Ab5u{G_p}D2K@ELLRQ^twPw)R(F2hmO;<$qvkx!_h
zPu|PsJQ7u5d-UNL)Nc6})u1z|ZTS?nM$+`QIgUh4O>a~K=Az0yh-s<cdq6<@KCF*5
zpaiM`^-&|z3-x}ViCWb=P$%Je)D*?)Ya><=mA?+Ef&r)s7on!~7xdvXRQU<}vH$fz
zE&}RV9aP3XF1`TO@?EF~+`_<+_P2u4pyoaTHTQK<i>wRkK%45~hg|$Vs=m|%Y&S&?
zVE?PYW+dpre(1ybs3F|tGG0f`>1$MvV-GY7q1H+(^x>DN@)luQ+=|NoySpF!g>^JN
zs$*rpVE?PfT}V*I8K?*MpjPb-7yp1-8)*jF6cj;i!+NMSFb4J9CU^fV`iTGI(&G)b
zA<u`ZxH{@fZ$Cc)4api*LB~;3@dkaEY>4%!7zXARwb%xr3YvwQ%iS*hBC4S;Q4NYa
z)Yd>=42(2tWc#7&@y~G?wxJ5Vg(@({mo~H+P;*}fRdEN@{V}KtmSA)|fI9JhbzVS?
z;4Rd_<_)tc%!A5T4k^d))gqw%*cFv=E~<q`u_``5EvCY5s=8ueH=r841AX|1yB{>%
zrZgMsxw@#S9p~bkP#yUTGiv`w8DRxxLk(R`)b{CwT9i{!+h{AQ;+v?7qm8t9PShf-
zgIW_ku^cWzjnH4H@}iHj5y_3(#?>($^?RKOXl^E<PP`Qu7cZa|=N(kVaYtKv0aOpl
zq1H@Wtc_E!INro)m}*Rr7l9eDB(_H#;mc8TzXSbh$t40&@CB;HZ!spO9BU(z88w6v
zsD^ey<r|6daRqAsZ$)j><EW{;i7Ge#ID0-ZDt`p3{5s><|2_iENzm#ZhFV<9P>W{|
zs^wQuJxw;=PRjDAq3(yFxDwTX4XAPsJMUrOWSwAZp#-Yoy--s!eFBR{Be0VM4b25q
z4<4fC)SGAprb6|o45|mcUHT~0VqJw=6ThOS>?vx>l7D3*R@&JRwWfMHXZZ;fC1Dp9
z!563pb4{|A*2Pl9`=ct@g4%9ZQ2G8u6&U)pdkzCfF{<ZXP$M}Hm2VsBC3Ow8*!{64
zThB6}DyWAVks+u>G6yvh+fd)#&Y{*o^eHw~X;33p4Ar0-sFCW6dTu!?|2}vBcht~-
zK&Ha)Wt?gSRYX152Gx-1s43Zjn){Qe3f{T<zG)V(h-z>*R7K-a6)bTcMK$CJR>H99
zcHT6=z|a4q2*lyWx2SFPBdVZt&WETujWWXu%86P;RZvsY4MT7pY9zi#A09-NbKChI
z^AZoAX$`M{xwQYg63_`aA1C9_I1?Mpveo?nH5LD&dJ;a{<}@#A@zq4F`abBx*{B9?
zL(Tmq)UJAk8mR<x?Dd-q1Hb>PL_mw8FUG>9sG<H2HI!%2hi_4fD#cuzk}9ZkVF0QD
zOHd6xgevbgYAO@Vv-?F+i?BHs!cp_s|N17glLXEE6I21d`PQ=tR0G<gdhit%$8S;l
z{}yTl5-zZU3!%zshFYwXP*buOH6mwG<-EXR81EbQziw3h#_W!o>nW&3w;i=DZ=)(o
zwa}&@0`>lGj+*1?sG(kqs`x0Xhwo4$ly8x3^Jb_9%|>n0wSEHC2<*p-7-zAq(gqkw
zd@*XyZlOlzql>3rVqd?Dp>|14R0G;ON1@irQdEzBLOp*8waDL~8sJa5)DD8&sEn0R
z8QZ$_QK$;OLCx`IcmD!vL|&riI@vP&E?5yY1x>IpPDHJl1E`KXMLid`JkUVDmxq87
zs-qT5FVt?BgL>^ALJjplsD@=&VHK7`O;I28;Ud)3?M3DL8`a>@m6ksTh7oUqI{7+b
z621RN5YU{=Lk;0~sG<1{_3ic+YRF!oMk4%M`xQ$z)QA;86<8DXGh!!~J`&>*Ux@19
z26z87Y9t<DO6vEbud>yc0kxP~q8=QGTK(fui)bT;<7HIC{&Dw%S6hMEPz|VndcGCv
z`QE4w%tIY?+fmQ|jQ&spmkDU-{zR?b*lVmurBS=15&Cd2s)7X=j6b4AY&%B93#j+{
zRn&;yMV0#weVAdb<u8vVh__wK{#QXuNKg-#qlW4@2F`5MT!yW)^qkIGsPw+5Ii7)m
zw;O7TuAv(C9M$vq>n(pC)MBlLYT&T-eyeCY3F`Uxm>+MU7GvV?tm2ZWp=*VDuqVdF
zQK*K@KpiMQphoO5ssZsf*p%f$t(CH<2DLyn_)9;5C<K<HhITcof&-|zzJMCi2dK62
z67>>^^Su=ifoebp)R8?FHKOZK9oT>|@H}dSZ=f0wW223PKMMhEqXwt~MxqZ_p;q-#
z7r%)*(SkSG2o*&QWp~sfTY&1}L5z*pQTzV^sv+q&n^jP2qBqiTzc-(ND%yz}va_g)
zo}wC*<p*2c)luo4QEOufYRLDX*1&6215$3W-x(K1HE<Ye1lOas-8R%no(;tPw9q9)
z|IrFagIYwzoV8GkvIDBX2^d&xsG+=uI<VfO=059I`|-Rg>bVi95m<q0z;CFI-NkU~
z_hN6exlfBaDvP5QVHea1xClGoFW3$9Y_}0uh|0ecRq;Jk!LfGOm()C{MIDJ+6a7&m
z^#y9JeS>~2o~;DblMAS+c!4S~&Q3ch@?c=~qV{<UjDqb@yP`8z#xJk}9zYFoj9oS|
zX;BAG4OBU;QS}Yo#s1fg1tjQ!4KBkG)EwVL&G|>vZYa3hhOi2%;T=%l1ID6u#WqwA
z?>WQv*y7HMnxf{Y#WxW(0zd3w|104*3F`4n)Q~0p$<{zs473<Ev_nx3E=9fNcA<Lm
z098TEy*6cqQRTEjP0=hDKZIICuTWE)(ZA1nRtr^7d(;$+MrBxt(eWs1cbr0fMSF}|
zRBzFTY4_WRMWRNeC90uQQTf)Q$~}#$=RWG3@y9q|Z@W~e5h#FK{S8np?S>la`KVRD
z6E$Ujxb)|kn0Ug2HX_+DjCd2&RCGdBI0-e9>zqd{-S6EbpaQ)^_CP{Z%L}89*xIPK
zS!>j;=!0s=x2O?1=HjnV2U)7amR=dvk$$M2Peg6M<){(ai-GU|cL-<=#5iI@k`LAM
z3Ro2Tp-#9B=)()B#rg`h8{+<Ki!>1yBVG+PwBt}~VgYJOj-uAg8`OwpJ?i#<1OY9Q
z`dAo8qk6X6rQdbwiGQ(gzco+=PDHKxT`v6*s$p4wwGk_W8mT&{ZTbc39WV|xlAF-4
z?e!M{wLIl-_FzNQcI$*O@k`Vcjdw0Ujm!qr-2ROPG5RqZxss?6>xu<%2I?d{idst#
z(1)>(v;Q?zIgZ<d5g1Cm2gb*NsI@QweYhM|(IM1!e2ZFCX-?SO7enom4$jf2e9KS`
z`WZEH|DYP?JL$I}s(;e9&k$6`xv0gm54AR~Vl<3;%H}RMmL;AZHB}u^i)=b7|2kAf
z=THrZdfMvAhU#D~7jNt*pp#B&4Sa)Ie7~UzeuGmn!x=01N7O36jukQHSu3y(>cDA=
zT4a+^bN>@oz}u+pnEjm9R};0}{oP!`WK;vzp;qT*m;MwrcX7^J!}6jkXo*_gQ&3+p
zcBAqgK`pX-sI`&sf=y9A^bxO)n$jK?_j}_BXh_zeMq)FnWhYSuK1CH2e$f_bek?=0
z2WlU0M6HR7sQh8SySE>zVUeiCTMeUQOH>0oV&cH}e*!uv=AsWbpb9$a;?Gd4HsK{}
zV1Cr@sD)}+dsKm=QA4~4)vyCD{T`|TA(t&*V$|BmgFZij)&!Jcq{}c1HTU0ReY}k7
zNuDcKaWT|BuZdc89Z}B@cj+@w+j<>p5#K^};G;A3Ra=y$(C_0$TLL;DMxz$r4AhA1
zM{Tc*s1bRFsxZ+tYhW%^1&vW7(I2&TW}?bjhZ>nnsKxjkV`H-GHWit!v;Vb<bCIBe
z2cUW~1%0>-wb%}#w&inF&r{s6A<mDw-vqUIC!*HS4paj!pcZMAKdd2nQ4Ot%@vw`2
zX{;U$AwdPtaW}q4HDn(K<5>*B3s@d6V`22&w7G1AicfIv$5O=Kpw>c>TV_jCN5-NK
zxD9>+I<fYlhUz+MBwnK$6#vhlz({08ZL2D%v%4Q^v8_f8?J-o(pP?#<d)q9Gdafnv
z+?aq`8$Y7z^FJiuBM|K`o9oP|6Dtyx-VwEU#-j>ejYaVkssS<Yn7L4Er4Fh=-BD9B
z12yCaQRUo1l^=XJ5a-W-5m3g8s0s$6hHNo5!y{M`)BkN#(iQbm8ityR38?LK616S8
zdsbm0)EQp@ReopGBA$n8;O>Czzgq;<qR{*H=lyb`k9c=fgC?UE*H+YG`U^GJ2_D#y
zTm`jV`=Sb7gevb4HpY8c4$D5Y4va^Q)B?;*{oYmrn(OPRA$_SEnEa8=Q6y?anxTer
zluKWRn)BVL23$ft7v-@vAO~t2*G84!5w$)2=)>9Q*W%koKyz~*)v_0;jPd@l24qIX
z%b<q15vsuMsMq%x=RDM6`wo@wBC3H8Q6m!LiH&3~RC&#xu>UnD{YZ$!IjDVm8P%iE
zr}jX8)UIfQJA&A*Sd4hV=l0)-dSN)}yHTt9^uK&}B>n)^!FMmL0m)w4l$Am?wBt+m
zzlMAo32MlXsFwZi;{RYl;t5_^!Ie<?+o1A|b@7F$9_~jq^bYF$_=IXeg4b4l9@JFU
zMQ!83eggUqw*ht5|AAUuh2GeI)9HZ`#P^}*GU%-}API&MFOF(RWoIi?0|ufxG!@n0
zA5aavh?=_hs1fjozq1UboNZ7QjYakR8`SnXgKB8VdppAmqSi_zs-osDeK>0Fzebg_
z%-!FP>iHE^1A;#Up7(pn322cNL_JUk(_$x=J`vT^Rj3~Ph&sD3qYodTj_}wYEuIBc
zL1k2WYt#sRiF$q}YJ_$KWdEHZpjG?;>*FW%Vf|0`1IPeWgT}h}YScE|j_UbER0H2)
zXAI?yp%LqY+EvR@BXtnfpzEj(zs2m@|4D*^0|k{u71RNJ*bnRCEUbn1P-~-Duoc(`
zBZz;EYRCzf{uDLTu|t9b2UdPm&s(8R#4)H7aVG};{_lMPJxPckB{=XGgGOK#;_ada
z2mS`c_gIE_@@T<<Z@ta%d*VxQG1iK14Sj-YV7bs>FA|4hY21rCsz15(@-giG_!z<V
z`~TlaP==tG!QO1Fi253R9rdz_9xFKTx-5g*PIXa3+Z*+oorV?g6zW_^5<58XmaBtm
z&;-<W+mAY;U!bNSMVLQ0usw=|*^OqXhKxk@_$WqT%s4jWRj~;14lceJRp3tNAE>#H
z7B@Jsy$Yj-zBT5=v8V=ZLG7-Ges?2XJe$K>sQua(^}rldOAovBTd2hvExz?AITj*b
z1C?(KYH==e?nkYSKT!KUB!P`=PSgqOZ{QL}pn9^_c?$K~eTn+wP%5Dfc^A~;nuw}s
z6XwHHE<GgNMk*U>o0Uf`x)!L8%|K1vHmpkh-bDhM>-33iZmXdVnl7kS`VDFg977FV
zw8YlaQmD6GQ!Ig_P`hUzs(~j^<-R~woH~gaiTdi*0R#X3#}@?j?e}Zc;`#>F@|~z3
zOwOVjaut(c?4)J}RKrT3Dja~%aUtsLpO(zF-wF&Se%g5ss}sM7wfqD!CJ*-N2T=gV
zBz`P~_2eSPApRF>$o|1<7&m3GHxHZPMSO`@@I<O$FB+~*Z9UzD8iDhuHS-ZQl?l>V
zhe~1K&;Rrw5S1I#u?Eh?hIkjXcuM=Mpf;#A@)cIVO&E!<QBzSotu3;)sC-|e8vX-n
z1ka+5?vQl0M#9sv|20&(Nzm$y#JJcEl|B@;ou;5hW*@4+-%wx49-y{S^7Iz3g{sJp
zYWVlgGw37!0yRR3GXxf&mnwtb=DITpI-5sgT3m!a+=rUuo2WICB4cpiuWDsOjldMt
zNL@hX%azHdt`n*O1Dx|v+if>$*WATS7|oyA9>|I6NpXyYy)hYni5i(XE`2|0yB$Z3
zgqOt{?88JvBT)r6LcNCl&Y7siyao&7W~cu?0i9^+vRZ*nQ3uKp)EsU`?TX)>FHt=R
z&t{7%KWgqPVma)I8mTR)5jcp-e+SjzsM#%^5oxgBD@Q;*Zh~rg2UL&0Mjf5oT>4ei
zffSO%=CCTNVRcYF>xEi7gRmY>Ky9<@sIxyuPFo|bP`hFZ7SPZC+X-k$9t9HEj=Ah5
z(gZanvrrZPhD|VGZoA(Ds}Ns<I<WplophP<*z39})+D|j)zJ5-jwa6=?2T1EY(V|q
zcLcQfqU3XPiGjI9?Se+AbD%3~5%tFqT!N)=1?ueo6IFqi-=2?+*@>pZ=vV_aQVmcC
zTubz8$i5(;2gjqf&rH-*970w60JSDwpeoE!!18rPt(^s^hMhyr`6tv!q$_AAU_;bM
zjz-<ziF&zRE6Dy=0kH}N2YxY74igivjkU28>g?W$T0GZL4f}{X!!s7Ph8M;Y#LHp?
zCMXgd_=`w&QSoD_?*(B+%}N+}XB1`sYpC~;P#Q0w_Hp83cE;C2AMsA89!@|_)fUvy
zp29}>9@X&r#celqLv7QUs1f}cefSFXe9{t@uYjMxX%d>D4xU^kZHQ{2&g{OZ#WN1|
zC2}RIz<sDy{KVZ)R?1d;VGMi^K<)o!sB>f+s+`jpiT|M9mi~OD?STl?HffF;k!h%X
zy9&$V5md!7BZB!x%a>5xgx7H?PAy||nlCcgTS&YWuEUSG0N0kaMO&d<aNxfkRYBH-
z->XR=f(&C&2gwoCVtb5wDP=5gXMc9osxO2Z!eXc%HbDJSsVi!?eBsi+!X(6(pz?1=
zExL2=esBeKoc))CfQF_3>fot^n(Lu1eHE(bhn+7lFY$~O?K@&a)R50Z?V_!yjvT;2
zcpnF1yGquPtElqtVixWH1eI;>ieq`=6R;$nM1AiMt6~R93oJu?1M02##F@5gaNtii
z)xmnCFF-BkC#c<(r&@5}KhJeWjqDFDejoil5(-qe7S+de#D}9+_j1&}J&CF?Y7ILH
z3!%<|VW>5;2eoUSqV|3Enznsgp~~5e8v5&~k&0c*j`pmz*#BD9HAv9v?~E$&E7bnp
zi+azWMz!3lZTr74s^Au=`x8-9w*z(3{fU~=2bcz9)Um~!6_u|Ns=hvT{C2?1BtaE!
z$Da5rs^DUE?V#w4YS_0J7cXNxypK`v9cpoU^(<c$RL6>-%B_nDu|2ARgHUhR5q<(!
z2&}^TII6zAR4$=j5*ZrUDqn{h+I_elU!Z!ntYL8APedKSD#SlxC9K@YzTr&Aio~yD
zP0ZBT*46-2x_=9S;RN2h8(%iD_xLVUfnHNvoK<l!(Rrw$4{sJ6_$OB)upjZGsH3@L
zbK5QLP>XmbX2vt9HS`wM@a!!D`T6(%2<X>peXwW{zxTsZc&VkmZj-jQx$BGC$J0?K
z+6L5qKZ=@?D;SOsFb;Zctm3$+ld>@CW!4JQV;3x{{Xdz2hT<q{RmW><ugRLIA!~%H
zXf<jP?n0f6&rrJ~emmQi6;W$u0#?QCsFzHX_Et_Aj37P@tK%6gNBy3!gB92wHRPjF
zLwpjoh~8l=Ox)3Wm=3l03Og&IwpC-)nLYsZ&1p1hk*z_k`je=UdV|`oF*>pTOA{zd
zK;M8yq4w!6%pA-w9MDHRepma-l@Hb9qNv@_6IJnY)DI^6P$Ll5&9+wwRJkos9h!|=
z3kOg~^Zjn@e-#ki-6~3hTICT~4Ev)N%SKF!r!W!TbLpQ@XMdU=HZnO-b6f^BLRC>y
z)eL<&#Kpfsoe#Tuu>V!TB@(nh-=GQ%>uE!k9M$4%sQY!C9o+rFsBJqDwa@=ReZ_i)
zx$zxp3bOaI-B24l5}$(0@RgrH8v^rt2YW5?18&9UeJmc{H`segydO@&uKnz#@*3+A
z@6+FQ$<J7ac)9`hBV2!MO#BdPs8bKL?O6yru)CV0I^;j}g{|J-QL8`sAlv_qaSriC
zI3EiQwl5B+F(2{pA+}g6qE`8IjKGtqp2r(%BNu@=h<8G*ty!okK8WllzxSGe<|6l(
zc0g1|Et+Ad?Y0%Q-yfl-BKk1f&$)3n@kW>q|G@}Mz?5nc)^$@m5>@^(td09nyCcDH
z>1P`exIscQ)M6<yBG~JMO;P*w5USz?BW+C-Llsa3b+GhAoqTgqi*B!rpF*vPSEw}>
zW0Z|tR#eBDVF~K@X1E)tQ19!I(KbXSP}{6G*2R^mp?-svvCtT6;BeG#If2@qF~(Xs
zr7@DZ{sJ{6yT;iUmj|d0q#Dou*O?qipd$7~wQLuvA<s|+W}gu3eTS`4`QuKs^a#{i
z7=XiZ4c5YJU)drYf_aJmijnvpwMa`(vXPlSiT$skT|t7j$uZOk_zc@%$*=8gw**HJ
zuRhs&eiF+PPd3F0ZjPF&C0Gt0V+G7V)!vSSQT1#^jns8iLy}EnG1MT?ZJIr>3u_V&
zo^CC#gT;xD#)h~LwcnG@u<h3ab=Dt5jbPlFHbM=t9r5v~o<G9Dm}ge7*B;lQ7Gr$>
zZ2QjF7Bxp}Pz7B=H6-mE>uGO%K>SD4zF#`m^1nn4d8T=`HU^^B#un5W|It}wzKu{H
z)Cldvj_8lNz($}uYDjite~kN$9W-NbH1SV37e_C&{hVr%ooH211&&7z`EgXw!xsk!
z{^8<5*pm1~Y>kDN*nu?<n`!_5OF%uXz0^ixDQXSe#cG&unGK;IH8KZKi!SDJYd}e?
zM0^Np1P`GP|HWOHXhm?~--0-e`a)8FWw6&BXW+sR_FvGqcJeJ=V{?5Swfd8<wcmc%
z#jeDE!ZMg`U2x!_>4vp}`0*We;Cx(fZ@HY`*>}9gsPBZWQTx9=j>9py8pAelB5MC{
zC6E?xqfWkP-&;#dp@wuQj>Uth)mvqwHFOMWME0XbB*rFND<x3p#&FaDwFTAlYnT~R
zY_@!5G4SVq#u3me{|WW_e2Z}~$`AH)K|<_Fyc8zD4XBfCzl)!B@jIx7ymsl?w^+VX
zn27XRsIPDxFddHE!v0T6V5Lj=303e-=W~okJnD~j^v1?`#8aZ)2{}>uD`HG+jOuAS
z)XQucY6Nbg4z8G6&Elx3?6#Ht--^Hn610lrZnGh;hnk87sDtS&YH__m6`Xaut&vWs
zZ#GLY10F{W@iWwvCf{KVEP;CK)j)06QJ59a`3Y#qKcc>PgzmHo5}_WbhdPocU{2hJ
z`u6%5Ghu>V_I4|Z%HI%`ZxSZKofsF-pz`0sY#3v=O@Y4v0o`bbYWXl!LEoa*#1$7$
zvd0dTYN#HJMUBWs)as7@lbIQH@Ki(%{Rq@Zu0@T=EmY5=><x6(@8u$(A?|Jo-VCfv
z{0!=Wl>2PamBQ%6Yoq3}F{<E+7>ox{4Lj^iyx*Shh{`_!wK#X88vY0azyC{hz<OE-
zH4>AtCjN+eH$**X57t8+NaL_Eo<sE{*C89yM(86x3N>XbQ1`E(Mk4BAYfvuK6xG7O
zzyCdqfLgW?wJlDezA`;Wt!Cd5`+2?vYX2`n6?h3NV(`!Q#ia`B+jM92;aJqvtU?`7
zKclAhC91ycN7?^+jkX}5AzFr7&1YTw6ILaj=NH>vLopTcaTtaxQ4Rb7JK<A|z$U-i
zh%7)Y)+4Cxc^`E!y+AcI>u>CTedVg~n+<(?R6{1A8nOpfz&+Hq3p-}ptQu+#d!x>Q
zrRc+5s0Lm|_3$kwz?{eJ*K-l5)!z_R{>bBg_roL!c}X~mnu52e#h2=Y^{_N*=)c4Y
zxE=M5_=Ng~ROF=1c@I><D^XK)8Uy8_c2}xXw$00<I$p<5KqpvlR7*#phITfpCo52M
zcmTDZZ=t>ezQx2?__P&N0~PO%dTum^<1$o7wxJf?CDc(I{fv!-KNSHV36(G*c1CTh
zFHx)bM=XsGQM)6@SsU8An4I`n)EZif5%?EsBr~0}cSs{t#T~H`&cf#S7+DK`uiAN=
z+u^7d??v_G9BQ>bK+T!&g014JsH1i;YG@audUyae#J5o+82h5-PmUVd%BaQH4At<d
z0sVXzBcPM+2x^f9|85VKK{cQks^FEVIX#XV;+LqmS@<P87xJKb{w1n`-=i9M4wdhf
zizmEnQ&|WD`@aSOHK04H0c%i;>TlF4PkqIPum-9JLs19QM%0viLQPestF|_pqjtr7
z)QPwS)qtqitl?=f7V*;PR}ZTaP{qTs4DLm3!=UR{VLsG>)B)9?8P0>Ko<2wQJn0Rq
zs0wPac0f(tF!bRX)LQt}`T7R?Uj=6R!{)pJ>VfX4jB`<|{|Kt*cTf#Ue$%F+BI<rG
z)Ras`&Fu!%_ljRo<=sN9fv{V4p7>DZm%HV+lc)~~>hToRknTf0co((r6Z~m&Ssk_S
zd!ZV%1~mfLP*WCs+j?3ARY7AciQ`ZWI*dB`uA}OE=O>^uJjY-51*9LUf*q(;{S5U$
z_#HDZ>VT<%dTS1LE<rW;2&%lNsD>52Yvr~;E#Bp*5kH1{Ir-lcP)joXZTq|-Dn18w
z(j7$&aol@WVQ$pRq&}*E(WoPO1L|NpgX($Q`*u#0M2%oC=Q>pRcaU?2fB)fu^|U6c
zg}qTdnUCthVN`+lQB#xjq4l6ND&7;-fZ3>q?nIp<mr<+!A5^)q9@$6~K$SlTtLW$d
z6$I3ie^3P^du%-|it1@g)c&80nwqVs0{%fARLTFbb0RM)e+SgQpM`4RcGRN0fokYm
zRKC<t=pglb)d{GDeNc;Pfs3C+eU*BRdNAKpE4Tsrhz~-ojrlIV4b{NkQEMdrGaK2G
zsPmvDs-uH2uolp-x6m<n;{oa*N%Y*dSvAz^9fW#doAVFUc8l?^jYMYj5wC;Vo_$dx
zxdheleW-@sMvYw13!B;;FWCQTS#1)Ou`6n*r(iYQhB_IeytD!$Pz5wcHE294|0Yy}
zE}_=UD~ygQU)f2Q0b>%+gBpS2sF7;_iv6$G;UW@rVr@Ym9z*r~5o)z&e{B^v!#c#r
zp{C|CYA(aySiZ8Dk9a@S6s*EXJd2vz#Bcd;zE}m-fTex{s^~KMFzGuxN{gae+7-3W
zXJKXBg(@iOd;595C~C;Zp?1j@RQ_A2kqG@@+b<`!Cf*6v;9pTA>3>5&6=nEnLs<h=
z&;Zn`UE$(;QA79$HT17B0@Hr7d~Hxu@g=H)mDmW+VL8mn&%!aV59(YQYWn$OaUp?<
zVg`i-dXf>fZR%h&9E4hw!%+>`hU(b?)RB7^wb)VxhXjVaBx>JxMwK%L)sgk6srea0
z@hxW6{tpQW2`s{#sMlge)DYHn4nh^U*trX96TgW1rj#{Gh*uU{J6EDAxQ99io}rH1
zL{ZK1sOS1)Y3={-2&e~-P(2Ha77`fBe5h^H1a+bfL~YkesC?^C1)oCo(2H)*r9e$V
zS=8?7gL=(xKrPBYQM)B>Xo&s!-<$-r%B!LehoT-_i27b|3DuCKG3<Up)cppi#Wx)_
za(huz^_xo%j%ibn8@0U~pce07)W~dz8R8GL=rjrX0`UR0Epo@Qx$1;kj0;eU>lf6j
zeTphDW$ci^k7^O90;f8EK#kZ1)SN#+m76-u8q^T={ID>;WmranGM+~@Bs5M);PqP!
zwOX5@(wC#A;5^pEe^C{ei)&NS5moRURK8u96fa|Ge2yBq{PAoGd-@4fAz>zJ&TgP8
ziW5I1@N$Vj&2>XmfkQC`E<okqhN|!mYFoxkU=`&@?Vi3E_@00ofhDNzehKxwKO~{u
z$cGUmbj4!0-lgBg)<Jyz4iE9V;K)R_4Id@8f?qpRCkY9hh~-cX8HSp=RagSgV;M}4
z)E0X^Osn^QKLT15vr#?!6*U!iP!A+a783YA-xSr8&ZtE>1+|(_pz^&%Rahc<NZ>^6
zg37-dwMb8(hW;Juxxy*5me_x73FyJe7=gPn5<j5!X+%mZ;0x4tTZ!6E=TUPXGgV07
zce**T9Pt^b5%?W7l0m6$N=u*`-UHQu@34^e|0M#Nn|Ns~LuFJ2<54Hr9@MtFje6;%
z@P&A7us&*6Y)8%MAE*jrrnR+F9@T+%sD^!mnu?pK?VdUv`(HO|63}*;iK=i7j=@tn
z5F4Zq3H(m@1hyq!E`#-GHEMBQMjc?EP^&#nMr&9RR7I^&9hioi+M~{Q8QK5pd9F-$
zqa$h!%tsZx71f|Cs38l^YzI&-Oia8cYN$J)re+FiH|#}?;Gd|DCCy?ZoD(Y&?|@o!
z8?yLqpWh-uLl`BiRhSD^V0}~%#-N67D{2a!V<pU)&GHXG&Fw<eBD;#3nxxq+e*~%{
zgHa7!irRjM{RH9@_!l*V(Q?>>nNVkR4O9=ip%&XL)H$#nRp3R`>i&qaF?&uss*9ke
zqCV;yRu9z3j>jap0(Fx5cN5T1-*p*c=dzw>!3feDp(>t-8p_?M9-KzKeqW%bB71Jj
z7l|6N_Q?MBW}_Oo9TVVRr~~db^2NvRWy=#1_{BpfRL_Q@-t!AkbM!50kzPi<gwo`-
zeO&^zsM?^`#ykwh!!CXlqZ0oYRo+{Si&67ggA!pG?f*yu+W(_50ykp_K1U7FE7TOE
z%WplbiW>SJs5LVS_55B`&mN)jrzv0!tAu(z_d|{J6x8!uF!1+(t`LYMA*7)7umWm`
z+hPQcL)|}$+Rw2HS;NYrrlbdIPDi2Ud;x06w_sJgiJFR>g>A%YqSnG#^y|hl0y-)W
zp?Yv1qhQJ+wkXr07Eu{gMNKgb`=WX_0<|l?LGAAgm=0qUwQ_S{F!4I55v`A!n&Cy+
z|N8bjmIST-L#Tpoqqb4%Vz!T)pn5a~HPpLNLw_H2euNjduVB?t4VZ@N$RX4&dWmtA
zuS7`TPgtc#ZNJVX*#9bME(uz-2T(7Q=co}WSkexhrl<pDC~9suVFSF3YG~e4cE3An
zu`WaP^e$?y6O^`ci=r0m5Y%>E<tN}Humv?_=TQxLjcP#F2rH;2YJ>)(reZz@<`~uE
zo2UaTyo~Lda#))97pR7B$NKmP)$_8EcFy?w5YYaek1A*rYH{2~tqrfN6`T&W-|Jvm
z9FME;7;eOV<*dMr<?SU@9aYhI)D&++)$;<?u-Fv>Yl7eZ5zvs-L^WUt>ge2n8i5Ng
z{XHsQ?uxdJnxc9<9JQD>VkmA!?TWqF56@wFtX#=<*A!F()?+;F|Az$BvJa?56JFWo
zxB_am_jK`bsBO6s8{;|Dl;x^oi>x+k@%BWG)Ed<5_y%eul2^6GTNyPa1F<;ud+P~A
z;NPeoX02u~oBF7NrlUsYDEjanYTKo(ZX;9}HD%3F6%9f)Y&B}P{Dvy`4eCVASi?Hn
z7z6+P?<)eT-~ehhzd&u9yfv+WnplYVm#Delg4+MDQM(~pEqjUOMm4w$M&dwJ!*-$$
zt_zq3<J7i><f_g7SB5qusD;B&JzMKMjOx)J=)<^mY%%3Q9i=@`YhVVd!3SOZCTj7<
zuWJp;kDB7ns3{(fs&{i;zb&>CB&ed7sFBE6&mL%mT8uqW=foULfcsGmIER|!H>l?e
z)VFQf7IiR9MGg5csER+JD$d=&My{%#fEHChQ~`5Q1^<i@_z*Q@IUCv+j_RnzHybPC
z6I8>BHL}&+4)wMhftspG&Qqun32$suT*&F~LqILvfU4*&YSl+?VkcP|)b?qITD5DP
zH?S)4@TO)f)XBFVtKd_tizS-b8k&kK_b1dyT)=pG|A#iWo+d-JxC!dOSmeBln!DsJ
zY+vU^eGjOBnwqw#o_&Qa@jI-CVJ$-f|6lXkU<Km)Q6n7M%1+qA82J9*iGYTDhI4!1
z2EWrqt=iDmA%R~eMW7l|3Dtm>sKqxFi{pCKcKaKBn7EA{G=)(O9Eduy=b@(Ti1ZV9
zLO@fHysZsgUGx!OgxX$vQ7@CfQ4c0;XG2&LV-W9&$~Oo#CCg9^d5jvNl<jT%mP0jk
z2<rYe^sDE85zx^YvxB{@5~8+KG1R_qgc^w{sJZ(Y$Ko6G;qZ=je<^BlUP3i2e<$l$
zNmRuHoSRW=<8deUzgiyI*@m<$Y7ve{o&Bq^7M?&Yo-|#ofrYUq@fN6tZ9uJ^JE(&v
zTUUF%cE<?fgHda07wUEV1~me{ZtQ>U&l=rqb&o`4*oNxCbxenUqoyEMcRQ#Gp$cq+
zb#Mu)q0dnTm+N5->VrB@wqhc@hhg{$b<l<Rd)m-vL4Etpi$1J{%Fr7%5|dDKxf%1|
zWmLmr^|A)%LM_hvsPm*7s=TSF5&9mr`0k<>Z+LGTQGZ?nTAh_qCs|k2BKsCq&?(f3
z^)KpdkJl$8@F$rnU@YSMQ9V13$?#81iXSj8Chlt;$%Hyb%Am>{ht%WumJ?9Rj$;XY
ziyGR({j34~u{7~{s0S~h*2oLgJ0nql8;LTgp0-0R>TggZx8KF@qDC(E09)K8v4r0L
zO$o%~##{`?HCP>gLXAZ1f%XGRA=G}af*OgzsNJy<HPm-qdbBU>XTcJvjtoJ4FW7;~
z|J<2v5YJJ+*P4K)U^r^dm!al%52~kspc?26ww}euV4{UE1dC!dEQ#7?6H!O?5!8sj
zbLmBf*rM!*+Q!?_uY>2lOGrP|7Ds*5YVU*Eb_-qlkEjNoL5<8KRL_!pX%*K-_3&%d
z{X?kyk5NM(W0*~KG1M;WIE?*Yn!scdG^8g`J&wY*R0A?#Dy)erusiC!n1h<*eW-%|
z!Uh<7xaDh$+IC-~Msgo&js1x_C*qB;^6QP@K`kOb2^z9>s5$-vHAL}7nvtjm_QP(t
z7HeRVQ8q#yP`hCm>O7c;%6|<t0trW3!*ij|n}(>h@s*!|dio2h0so@5UDh$S->YK<
z;{8z#-R=AvYY`70Ym2QtYUo#>I&cL82i7<%w-D<5=!zY123AJ@TLRjz<;L6oZI0^s
zK-8jKgBtSRFwj8MKF>PAdQuiu@IchmEk-TEy;up~VSOw&(O$pvF){I9kb3>z9|W|>
z-k|0x{#SMa7C<$iK5Ban#BiLAI>FYV*2Ynneg{>~I~Pwl$+m44)JT*-J>L;^jts?A
z+W&J2lp|p)Cc<~9#TEZ+8{$H!Asy%3h8m%}sD>n)9O4Dx`>4F}Liw{G>`nd?AAe1s
zd1in1h{l5E-h9H}6V{bF3gPJNXx5)Mk&Ib+P}e##{y|zHmB`hH&j&IWA@g0*FB8tr
zC$P^c>}#HF&oe7X%R-(3Ja@oVvXA%)!kXTq+z%tJD-NFKxqF2D7kS`!GQFk{U0S`m
zE>YP7(yo(HS3L6das>}@<{{4(@|3qM-bd#_(thSSt^8KxVOQ(#sd^EVvCTaj75R5g
z{9Y$+#v$WuT9}YgIEj8TmmzI1nb;8CV$#l`u7TWpOS~bUZ!PJ6|2MDeVGb(Nr88g+
zY2|oESAEL(gLp3LIZr%6F!P^-#22n`{$rKbnu32IleWhc8jy?+Q|x`m=O6ApCcP7%
zo#f#^o_jO7|M^Nnp4g=8&xQWZC}hJjJhPhgGJF;h)|HYxX?Sk5pG;4PG;l3UjvL7M
ztLwpL!gt9tgY-N+FoSRk@_)Xn5^vxdFbuDfUsolbFG#*CJa?9OPI|nF@L)a%x!0Y%
zAIMApInP~X`?>k~>OjG1iRW|ol%DYOO)O2}*<8gzuF}u9Z_~?M+^b2RtbF?MiRbcu
z&XbmS>QJlS>r5qY$h4cgd+-pIuc43w7{q5MpFD2prt@F{;-4@6wGOYai@)I6$*vRW
z$zPRE2%n{7Ug@5HM*awwzj`$KKZhG}c&G-S*A(!LEBO(<3MMTM547O(`D)`H-j7Sk
zQ<EF~VFoW7@#W;xmymOm+06C$Ps+?iyesmp&6`i2P&|b7w9+5C0$;freB7u*23>D?
zNLO77NWmOt;a*ujx{|5^d}31ux4gSlIEs8l-2K(WtGRGuY#(^a{)g`>o{xtD^B;ps
zW>HXM9@f<zTk%Oi`X}NkdH6V=Po!;h4Qfh$U6G`>Aw47UiWI8kBUG#-H#x@SqpJ{=
zO(1;QqFw~<;roY+8XaAseJOM{nKRI{9Hf0q!Tjlrz#p4#Mtmmsb>+mv+{?&4UAJf)
ze}*COi>afQ6!_n`q~CE3FG~KgG`J4Wwhf~GxUPjqx$!fJfv;LTR-5#}#Ql7taZgu>
zYoNvKe~WPMCwIRMd3m9F(_LlCk=TW!Q|T)1>pEt5&o%!ysOTaO@iT$9g9?6dH}f%M
zt%+ylp?VZD>2oiM-=eU;c&?!<a3{~+B;1mGDaf~hGUD_6f3N2}lY)<~@syjN{C@sy
ziI<v(M!8n%W*Z87Md4p7!gYo`*KnPytUM1l;l93-wdCG=@_*ua{wRUBR}XM)AU;u2
z;Vtg-9X4?7B+oQHy1tCc{I{pj%6xt!p#Ts4L3p)3gfq~Cl03M>J)Dm;U6m<x8R3kC
zmvL{nyC0iIb>dlFyQrit4gK4q-g#GPO!AH--*MtOqcHzJ68O#yOF=69(`7vA3jNN-
zdz0r9g&o0kF8^dI=)@<pt5kLAJ46?EzlsvvwVX<I@%7)!Mwu0rN9(^GH-0AZA_+n6
z!4jmc;PV?9>+&h6`&6WBAfN4o)Bm6OT}1x$+^fOJY~fR#MkU9lddOYVNPFhWSw~&|
z%sjM>!oMOzLf4Bd#C4UXf|OK#!=)GF!EElH?k}Z)t5i^n^vg<c*CEQRKzJhQ6L?<N
z5W@URO@V7E&jb@*Wc}wqBv`ulI|ZgEV|_lm$&?b8P~j>HDNcBoE1(<s&T@Y@@dz53
zhWlGc%TJzQKKc0E<GGXM(Y1*CD+oWNVIy1z%9G#E&mUe}m+&X@r)Io?WQ<3lsfaJ;
z^Tf*V`cY^)KD}Hcrcpo$`A=|vDCtl6B%%Ucc}dsR-WiwjzT^Hto-OUt?x}H_|Cv;h
zpU+A?;jSylPte}4Dim|_na;y|T?NV(i+Efb@s7_!;!Vi&`D#ny?TFOldHsl|Ya(eo
zd8UwSz+uYr@8aRyWYQIr8~>2_#8onb2f}H&u4#mqlTSYxpCYX5Ci%9azR!2((}S||
z@tH<LGIFmem3_YQ690knf91Ze%-Bfhe|!>O68TT#y&1%xxJD(W0jtT=mjb%+8A<pg
zpa1V_!SgT45Ysh25oPUl74T2TdHY<$5^DdCqp+)dexX-kIFg6^VGx<J^3XNXL-{nN
z@^85}$JLz0nSk_#ZbXzci9Cnhy&c?}#OL#Mm4+;&?DVAlt8~r(5k6!1#BeRFN{03n
zQqILI@K8p=Nl4$$LpSj{_dj3PxL27xpRZ8YYsCk-#AD>S=khdB?_D1MZI@vMiJ2+5
zmwM_dZo~ss`0V9gbhVc2FXH@})xeM2`q}?@AeF_3S6!ZL6rRIXFqiTkxpZZnO1L&@
z(J7OEvQPczkf1kPC{$M>d_g6}$ne-TWH0w`@Ok{7f<BVx2R`~c<G=FE2%c?C!Pi`#
zN`x!A@J_t$!sqc<?&&I}`hRzobR?l11$yqLGVo_dy-Za6-|IE;ZRAOXKk?~9o?Y&l
z3^ayl;QEp99Lm$riV3;@mWuCVUe&=>lK4mc{O5BC2VFyslZk)s&-<NBBe>Vuwfqz%
z?{TG1=H8>v4a14#Uyk{CHU-a2CLYNY@M{3?HF;xluNt2VlvSBBy7M_o-oW@zB~x4y
z>XBgq4}VLh?<hdm2*L+Q-{|7)cu0SNI3CaZMtD8OLS0d*usZRTd`?qNTH^dOp<X1<
zPbI$CvUwTZ+K3;W`cLz4eb=jUR92WzMpv2gpQSKe9Z8EuUjF?+FAW9in!~-)e75m?
zf9?$<{Y%%F9vDL2Sd=%MPcv7CJ!$`YJu3a5%R}v5B}$Iv!lAB`o1}FnZ6$?Gp^!E7
z<R$TuuA)ZVPe*z)J<Rn5`Hu1F^?xc{#=V?8bAxB65^heO$$nb)-|I&TZ%l?%JbZx9
z4sPm?U7e;et%%<uz6|vn5nVIMf73No@s0W)u761zfO+_oVz~L&8w0<dDT%vWo$0B^
zpIeoYsU!t`zVt(BRhOv~l||*DU$8iz^W^`0C3nwEBB2L)E)##lbD5}c2A2Mu5&4HS
zy$_g`G74}n3VFt8{yVsel(!HC+#`c7A43()z0|J4!K7`bkl5r&hq^LT$R)yY3H#`A
z7oMGhPkDB*8<lN%fp{gJyU!;*`R7sQ9@5iBXa2L0`1$I>jY>pPlXi~6c940fYhZ5*
zIZ1dP>HO~5EB&A6_=C-XYp!cpFomBW{5Sc=;aA)rNZJm{_<T(!Ttz=z)F+Uep6nvC
zuI79aQ22W)%fy4DT?2G48sUYml8WT{;2QBY>Dei#DxXNgwf^(WTgt6YdJtv3#IiJG
zAI}{n5B=xs6_FSuJ|(>VKM!^xJsoK=sjv`*ydhkGh91IM6!!T#&a=AuU^6QCh3EQm
zzm)6HMjSwzu4$CNiSRF&P4llSHxKz-fzJug=c6kZ8H>7bZ|<KVoS#Y_@bLF;6#A3z
z3(}Gje;#;>!wU=3&=x!&?i!(6lU+kyHlTj}L$UiQcpo>%@j1i;-{2V6;?J3n(17|>
ze1ZFCJ|{Yp@H~GYI&keFPf6mjT>J*%|6U2GZ-u+3?;qY?B1_1$9#3;~GZi<b0UIeu
zR~7Dk>mF#!y;P((;r@H>-6g-SR?gepkEDS|i5K9LhEb@-v%N|0Px=u)nRvbfY0bFr
zKj>N)4@Z;mtE+T7@oE(O8x`r=%x93h_ld$jUqg6i0flAfGlEZf;-9b0#C2_=tZsb%
z=J`GD*&f_Gp!t91D(J|~6g(X2GGxbP|0(Pd;r0KChjBkYg@p551`5B;=Q80ORJfgd
zWpMy$y4KNaU0Yq*7GrIN+WPYflX201Zf2uVB`EwLCgJm)D`*Q(Hlpz2r0pSm3?K8U
zOZYOCjKx-z)7RxE>h-2k56M%Q&$m3A+1;B%dQqMK378{YtI3dwn@RB(;%_J@jIge+
zNFR<HNh?X(mpnJpjmAnE+K>3>%SX7kyQj1m#OLu`OB(o=^zZQ$KB7$j5pL9UmGDpY
zdnswm71Gx6Pzk~@D10Oj=%3`dN?~aT&*h`*j2c3ECO*2d@|><{Jl6#aaleR5yC1ki
zM@ajEa7wGw??sX!CzaHo!u7N$IfeD)qu<rX$1>cjPUiWppf6oP?MPqiDqc=_rxob#
z8mFKJ>Cw5b>o#@VC7$1+-fR8-_Y#TGU5`c))^&w~Z_=1meA@EB5!4ljp5-J@c9&0S
zPbs`CjVtOJxY*@gNqjBkE+7woiOP#YIqUg+zVdLtrPg0Q*SZAU%;6qZrV7Mo{imX_
zJdl(I945~#S6NHvEb`Xk(~-|D%4_1viAgzmX~ad+%FwABc*oVZkaYd~6JB--Jw-(o
zNZ>yOdUeS-lLy~YczajS6$&n>R=Mjf4&vScOu;i}x&IKqp}dxq6-+oc;eT+RD`O&g
zMv}j#n>K>{|9>M=n;R?0sB1pq))a8c_3Q<O=qgJg+AW(g112M%t_+5EkhK3^V_l_<
zNPo>I4du;tY02qu*+6}ae;sbD=TpQLSeyo(BjY719`0KDE%zU|hrf3X`dnF5?(L?q
z#@LVipIk?FQ(hJFUUwNQx$<Xm|2<``BL2qzpTa7-%9MW-pFR{=gS0c~(Sry+Jzf4^
zNm@s^1BETreXdK+9)uIo!v*AT?iw=@OSuNr<hc=qTae~|&O_sA%^MOnxdw!AV+!d}
zNFPu7JDg6T83_-d(5!rxaDT6>@D9&~{ipG2OlIyaCExF)^S80QSA3eg{4YuWz=wa8
zoxlG@;{Wt@Cg4$2*&gp(l?4(AgoK1u3nbve;sWXf6aoQ6AckE9#7cK3Y0~Kqy%5p_
z0%8OP7?6l1qQc-dFp5irazO^h1aQP{1RMbsMHFFFP<-kj`hK_jcFa@XobNk1+y5+e
z@2y+;fKO{F9H-ezuOo4^D*6ucP53hg`8)Cfq@=&bgyT5!VWr2#NH7~{dJp^oIsf3H
zmLTIa2z$1C|8D`Xogrq>crMYN1gha>OxPEDB66;3_zqY}hbYvVC6@F)`nTk+L7$BN
zIJs-dkyMQTBWia;KdK(gMO@NEu=4j0$8#tran4c2UDz8*lJpevYl;=4mqk4c1-6=j
zK0w|;&g;Z0;dAI+kb`Am=%A{x312<fBnEhtyk6+}=y#&mWGiqU#z6R>n(|SSB<+Xa
zMxRIVXH-o3uf<n@%u-FN(Vu|J6y`KdBz+EU89fr<In-Z-zZ^~nw@Lo_&nlD!1SD-!
zO*dnI0%$l*4e2NOO6+XaYzOgE`18OYz?TGj;7(v9wZQ*Ab#KBqk{avb3iP>1Ny%*8
zd}`h&|Nf@};FBbLid+gP4Y`8gQh<ZtRV0P+x!^r;Z&=c1HEesZpT=Ac6YRg#!;DvP
z89L5jAHmh}TyPmOF8BY>6nF#2l6V5Pq?IJNl`n(%7>2um*jW`Xq0#N&K7+4UxV<ze
z$6tsq0pDtBNGc$A05#$?N8xLRt7&Cm5Xl4Osa8qSw~zQr_!@lsNh(AJu&05&Pz@q+
zOI4k(Xtae!$CbT=*m?Ah>TT(Z-ikb(S{ssh{&Y3Tog{TsjXweKJ-k#kSWMA4%~P0_
zIMz_?9QhA{+m8GRUW<MkexJ&be|5hNJ5CyU7~BcuS^4L`5Aq~?ngR0Bk21{r6u24v
z2n9QV@xa^F5}rW+kJ5jp*hDpyY;q&9Ot^~tonS@~|B4#jkypWE;4Q>jfqAY*B|e9<
zD<Da?)ATFkBmi-`9$zthF}Orz0(p;6<a2U5(4-W<r0%NT*XX6-;&ioAJkm$rcgXA5
z5_$d{i%FKsIB7r=R57WC)lf?*d=|Sewu=H@co4h*j?*qMg4`>>Oi?w4sE1gj>PT!m
zaMzPJI3d>GF&*$QwVWGNLJ0W{{w4UoA$buA-^qsflaW^wYma_0Pw_l*KR!tt@$XT3
zt*R;g^U-$@dlhU4p8g=dSLFS_SVo~Am?{^31CG;pz<Vk73XU)Z{Hky+{v3*wfjyyo
z=fGrO@1x0CVv?qia}>J*{d;0N;hXVY!O-_3yUPFn>RAe85s>7;nT|b06?li_w)m#g
za6P&oDJd0h4QF9@#vddnfRt1MJ{A8oYWBi@K>3d$x591Jz(0bi*}>B8z>yBvM!z#!
zf)5M8nGBHv-;Q3c_HR1&Vfag$NLq!Te;U|C&ww2T{}YxJq{%ukE67<yPJg(M8h~((
z;~oGy!TE3p3MB%lCgCX20myFf^QsvxM?dg!+NqlSgl~!}x|v{W{LkVWhi@D;FQ@ia
z<Z)G}0KFUhx_ti!10Dq+m93C;TTD21(Re)tz600>J`8JM4&s;eCb6B!2P6hxPo$)&
zG`U7KYKeW4*rzIXKfPLDx1vrVn8q3c7vL;q+C~B|VZW}xw<0&-yMe}OV4kN~dj?&O
zuLyf6x}<j$J_*015y;i}wo&s!FqsP1k%mEPHK*wNe>dQEc%LTW&wvK0LU-W53;UsF
zNi`G`s^Icwep$2u|0Hrp;a^Rjq~+8Yhp(fmDSbA+>R7zS@e@hARd9?de3=BnoA9qt
zO-`Y2k*lEW9t_(Z{CfNsqj!V%5SLV|<Pe&?g}*I)0lF;jB$mPebx|bG{~87E$G8H}
z&2SRHELA{at|2bzE3)sU`F-feC?IJxb|L;n=sjVf&d`J8@1V|T34&^=(I5F1_<8hj
z5-UN!T>k$55Cxo3SnP*Rk#+cv(qssrL+D>4UsRZ_6nF+ZPXD6D_3*38=cU<j^t+lp
zL?6H#;KkH>nAmD+NUE8{4==m}-UJ&20~FXr^231Rw2uZ|8R!^^Ylsgab}fVE1L&a|
z?~*#0gJ5riPk_sZH>zePI5|^GF!SMT`Tm;#E`xuDs{k&fa2ClkLDpb@s3!O;{&N&q
zi@go`IPoLIF9Q3mtlEtFQL6$>Ut$xG_o~<)<lERI@aHmoH~HuP{YdVPVc~2}lPR7}
ztTWD2=x-wb0A@0ipTr)ET!(xF|GV&~6n+7F8S*p(WDvhsVz9?Ee4Khy;|w@SRdWCP
zD?>W&0r(n8A@se(wj!5MU={uaG7(+UT5_f!{{nWPdiooQHL6<27(mh~a&{@-OW19|
zk3@E*UKz3I`!9hHkWdeM(8m&(FP)0&X^?<V(iSk8N<WO>4?hd%v4U~BlZJ;BM*23>
zRMI~g@WGfG{duGO{qGXM-@#LvD3?MlNIV5F7hBSBeCfym6!{XLiGCk?6@y56m-v0;
zv_el+jnc?(1rLNzQ~L{IW#DfGw@D55LR9kn*AXnjh^S;tM+b^ZT1iqF{^c|dBVWb#
zg8eu4)5vY`EO58Phrxdfb^}cxp!q`l$FR>(Z#vkP*opYRpjIQc{O=Dq(lD+jF-|7|
z-=ge`lpF{6OOkH_|F>q?p(H(~?AgR_Blqvfukn41{y)_2f*q$1@b6c{UP-*>Q+`ZV
z1uSF{{2B=_1M;fGdY)!8JOJ)UrCZ4PkirqLx$(-#H&h+z8iAe(=6wc#1L;8CM4qIl
zsIv@Tw*2>hU2r7g_!e0Ppd*PZ2o6JUASoI9ZeqQ$?^2UvM#)lkCHTuZfLp=(RqS3B
z%OiH2`sK($#3vHJP7a0dfc*QPF+AmX9CL9<dJkEIti#_QK1ZUY2_#>JJsFlXfPrSv
z<QwcS!5mQeGB%WY`|y2^uU6q#pua|rq^IEbsOP8~u%u0=mg?P^qdNIzBue$WpGnkP
z82JT8ubg17x*g9=8)}9^fvA<@Fq+7mZF;<Bk=Jd=u%{>-a{mTX>JNruWzx2exT3-g
z27d#o@CQOhj;nd)aL^rVSAWCSmqco@#~X?}e%N+E)LrsITAlZWq4k%&_@k(sxxI~b
zCPQS@@7$i>qJC`S0#ScrcV1$;&u_@?KC|3ylz3*lef7q^YjQ5k&nq-MK2OL9`Q<3N
zIj&wtF%RN)<r+D`l=?|$o=dJ9{KN42(f?T>>dv0~w!YQ*_gdSRriyvGy(dlVOsjEu
z0_DDvzzna;tT3kfD?%Q>FF4(pI%)iv=_#Xp%<40}#u(YD)a|Wc^kRR&$d6^k0L7-0
zW%IcVm2H%pRfe<F^p&`cN>8ZN9}XElf5_u>r#L25`9kKLT%)9-q>r=I?X*{R74BA@
z|H~BikxN8Tmeq2INXsnt1lWRKcF6DZR@noGh)dhqbH|HEMTh^hcd{wdhJCIS`+|w$
zNzv8gb9sCv|IcdKuTBzgwXx2+MR)5xw>W7HC=s2ko+Tn|FDMaN3HGyPVoZW{WrcXb
z?lMcHw6#(find*XAr}uAU2lgw5MXgC1D;T<jny|Svh1D<#ov;x&Hcq->(~-8I8#p4
z>>=dAOtFonVz*YOeVAcizFa((aPQsXM>}V=cuTXotPv~Hq6f<tE-zvOa$NTMHRA0w
zYvUtgvpxM$(NCnadz`b`M9V$FAl>ahJ|?;++aEtEwu!Dy%Mv|1(H)!>b_c4W=hu4q
zDX}^|dbp$K%j1i>?HivK0bwUSD;De4!L8zuwR@Y$vA^3UdM37Yx}!~uaKIY_ci1k@
z>UQ={F-K3&2^z%#e>o@6h|OfreML+cy+h%E&oI4SW47rHyMvru!!!bJr$4~a33%Kb
zHkX{O+zdIah3iDN{Y8W5qjz_jKA&9AfIArW${h{-diAUhdqwwbGvF+hIJuzBUIS~~
zUeVd+$M)2V0-+gBH$RHqA!lhW6EKR$WmIsaIOwrQX|Z3Fiymf~8+R~RDW{7*PLKRi
z<Hr_^96v+83^NMzCQPt{2gI$3)|H3FwbrwT#dUVqBjQk^)#79EqW#IoqJ?I+KQ10h
zN^|;sKDRUama@#&W2eMbmv~Bi{(w9BR?~-DL%u*wz|w#}TvBQj<c%F}ojD~ktmCJ|
zz8+ZBTqj2KN|CYHT7*NTtewYc%6He^@^3LpBt_3lfqmi&VQLpMYBaCudF1fFmpkIL
z7%GY;OdLO|U}Sadgm81lY)7^72i(z(q-nEl_!UM@8FLvXry+Ldx#v`{g+V#wU1!9@
zEmNu8yEmKFE5%{meO_c)SDh21#>zX{3<avVgPX!l_q5^S8f;iw;j8*DnCMxKRklLs
z#H8y>&0yml{@<zgd-rwY_Nq{sztZO^QwjFV=fq*rN<Kv(?)uYtak0kT-P(Fr*V5Ni
zYPt3>p|#hn$1v@)y0)#Aosh1b5_X#mZCX;6&%<%@yG$-}pBbsFif+7V7j@KDUS_3g
zde^Mz73(vj4dg}MD|)5ar}MP~DV8YI3hm5sTB2r;o}hIRcHKnnPi^dCm)18y6k6l@
zX`SsiOSQf2esiBYXS(CJ`4o4huVHN{5Ml8u0{)VKS<X!5ey7jlj8w($c$e4w)#dJ<
z$(zd6P9dY*U(!%(1U(IFjYv5!tfyhIQRI#o;fg@S?TX+KrnPLD*5BSSS3A_E<FBvv
zreUmZ%d~9kw&hw|d)+c^!3EYmo3wUa_=<(9yk&l)!s8B91|#kge|(q2cE`=ytJ(Gs
zyELzMp<K-f-z9g1!}JR#zQMMuLCesxT>eT=Lv6&AXjg3aSy-#^BNnT2x0ae|KXFK#
zEUeW>G{c&AM4O*!x;UWn(yDX^Ory*jW?k%)N3^>W?TsI6Llf;TC$!eWp7ptQG{f5R
zjh1YkKdB{WvunW+@2?r4CEvWNnT_k59=CP+q?T#bpViviqt9z^x3u0_tBtg}B<mwD
z`t9)X*&W4{;(KXYKi{Z#vYtrRQ|(pB`V8H^Dpjvdv_EUB=L>sUJN+NJwJ{5XCrhu+
zE^54^VXcdO<rBd-KpyL`{7xLp(kt5A_w?5PAncQU^!XyQC}5TmXPf00KXyM`8~W)z
z>}CD*b}j9<uGO#6dZ?qSUc;~<k440+sNyL-u_M~6mo;mkexX$~P=7G9*^xFX<FCl~
z1ND!D&41XVHo<N=OivJ2k9_@7ds@EUkkpa$5~?%<vCZLkjXv?JcGuDR`b7J+Lj8$^
zHhe)MP1}(Zv~QoJ&lFchDg&?7J2`ADbudyD43&ADr3TePe!1>U5dDa-1AH>dxWB^=
ztFW)u$^K-rJ}Y6eJgdP-xXe=-JsFi%yy;>2avEg~wIO$T(~)c15{ZstV<&>mQA0)C
zj(ALNmtoJEs(;(2=dZppO`B60@zdKGUm&wg-!E8dwnRQl^pawkjo<mu^e@*BBv}uK
z^kLTEus+7#6W0HdY&||t&$L#~(~sF}=Ic*t*3=dpmiY^Hy+!8=KPRHrDPKummFR85
zlNIFMIwjAlTB;8i6p4O-{INA~MjF;em#zuvVL_TzsPM~Gi$n`F+-JSLRPSl+TdJS8
z_Ak{la>Bn{nWlWx!j-(gk*bi}OLq>8qq?B5+WKgkmT7<ZN8Kq}$nz=3vHLC8Kh!R{
zA#XzC!kemP8M$duGw=5bS$Qj2<lZawNus84VP4~+VUvd4P~D_8JEHjoj$i!M%}z|y
nk#5Rr4vde`6wEVbnp{YgRRObcyL^`D$1Gqv>;<dz)`|ZMF2d3@

delta 50321
zcmZtP1-Mm3+yC)(&Y`<IHr<_vJcsV??(Pslanao=AcBf?C`gA$hcwb5sf1FJ0{*|h
zeGkvY^<Mvdz5Dsh%$hZ8=APL59FTX@SMesVisxTT6lJ!@t3eFUOM^Sgd0y(+p4Vcu
zN<Ht;kDiwY4`WGui7`Svuh4qWOHRJj2CiWPOpNJ%^1KvS5L07yOpl#iek|%a-<iI*
zn?ykhuDS~eHd=)|&T6RZov|3sclpy;fqc|Wo|hM^VO1QAs<#*Qpns9^cqukphci1%
zVM@=Z=Ok3Imvf?XIcg;PF*9Cs<zZW_egG3vUK(>@ZOn?FVJ7?*v*Q6wfsdRqwt8M1
z@)<A*&-e0@P>9N7Qf%+?gHaXdp+dP7)!-gfgAXtrM%m_h2{04J#ln~j%b^C=6g7ZP
zQ0*^p*MCG`Jw8Mt6+Xh;7;C$QtQe|+@~8&eU<Mq7YG@wnzIDzc&O1(Thh0yN*{D|(
zlVdAPf}iXl{u;qVS8=6tKWc=(V`Y4ei7;}fb*urVA>YR3hoTxB@5;Y+<=e3o<p)s_
zh_cHfnFBR-6?YMTB^pzp5O&2ZI0Vz-VvL19qegxNYvV&y$4dR|c|~v(ro?Tih@M4t
z@LyDfQtY<-3t>j`4N)EX)F+{e3o$2dLshtgEiuL~G>)B6H$1=yOt8luR2NnMQ&jy0
zSPx%geyp+AA~zHjp=qedevg_`f0rxx%~kl@8Me<NkOJ#au^4J3<4_HMhw<<%ro~&R
zDGJ$dkw}86$>&8yu9~w4hLfLyEN0(3L?SZ<Pf&|5*#TQD<xvfENA-9tX2r#*jvPc?
zzlr7WJ(kAEgSP*DRK3ku2v1`=jCRN(mIbqD|5qWAl?%O4J)IrAz>S!Z{8h|^I_9!L
zW(;5r)YSDvg?56=FLL=EsMUT7wYKhIc6@^xaHb>N$Md}^By@DPL_Mf4s;9G26@PO1
zi_TZ5jwU~99SBF&Z-fyz5H+ApsQa&CdJO&5^YURv)N|^guSM_)359C1tFRo^;009Z
zU!p>s;FvwIKB~MADnjE?4_b|S&?(G;Pf+zzAGZe<#^U6gpdvH<IPq6cS5S}zPoi#k
zfdPzv!cM^a7@vG;m#>NHa5L0FG!SFsMAYJ(i<+84&O4Z!eCSDAtoiT~`I;w*zvd?U
zDVy7HR0D0XFwVf5co3^#($k(7GlUZi<B;!i#vF+1zz9_2reGwl!A|%Hr(&bCd>-Ik
zjHc`UZ`PxqP!TwdG4T~@b%&m_kfy`L<jY`GtcQ)U30A-#Fb_UQ4ItBb`&4XzRmqRU
zI(Q6oV!8|Vq2*U4p;bK)71D*M{k#P=!gHtx-$F&|B__uh7d<aJ1~49GN3DfosCvyX
zC3Z)x`q7vR*P_<QC1mP-?+posECUmw4n&}~Q*%^^`XCj(L6{Q1#$>n!6`>QT4n4p^
z7<Sn@Rtz<TWl@nCfExL?sMUWA6KelIA))OQcEuu*1@n@xiCRRTqi&doF>ohpwI4uD
z)dN(7p1bmxSM6gsFY3XiPy_6SX>dGh08245&-ZqcP{?jNpP@n<<r=-mIH-}-z!Eqd
zlj06kWKLr`e2r-_#dV8JQB=h0p(5G?Rc|;J$HnMt?k<v0#Xp^)zgrK}U~0+>p+a06
zV_|1hMEapRFb6fqJ6--RDuQuuFbFJ#>Odqaf{jqmZGD6I7bDS&0<F%aSQKBPLYMcZ
zZKD<#LH=v3jMq_fo$Z!=m^8=y<Y!|kJb*PY?6%dfgAwGv#4>mhwHQ;}@$EyS!X3}6
zM8OD*kB3oHa1pEE4b%aW^R9)yF)EZjQS~QbT>Q%AS7Ju;+fWg^ikiAVQB#-c5BszX
z_em%;H82yl#e_K8RhWx<&`Q)IJB+G-6&0bUm>C0qT4*a`HuAMlbNmTr#dWADIfvQ>
zQSaHJ_w$ob=<1;=jzo=gC2CEaN3DS;t~~C28&L_==Y2&if=y5Zn1br)dQ5=_P>cII
zM#IOr5?>+_^1W{#FfSDB$12$Bp@nW4W+#6HHNt18k*D~JhhiQqfc;S+{T{XYw__^2
zh#J5@s0haU+ai(&)xl1fO8b8Z3C-1P)D2rutNk?Uf%h>z{)dY({UdweZd7E>p(63r
z<)c2fd<Il|g;5=<g^Ea5EQcd7DbM%zlZcO(QFH$QbwIqsESThpEyfb4o|i*iZ-nYV
zPt1$sQB$x5o8c8~g~guo;~dUG4fGi{!DP>fzb^D9p&Ne1FwFLknF|Bt^P#4q4(fq}
zUHNQ`PJR={!d)1Ohfy8<6*V=#V?2C;2{Gz(i%9b4#9s{-q(Gsng}R{&s(~+1Bb|W?
z-3rtZx(C(Jb(eqQuE%>}?PNoRJQ5X|7O3_nVr*Q5+W)Iw5dX0x&Qs77Tfek3eJcjY
z??r8=+o(ks=an5K^{_DcnOFi3VG#^_ZF3ur2grYp;aL8Sg?=b%0E<!W?es~MCK2|p
zg*Xy(lkbLkaIP!gkLt+ZSPGN9wMAJUwQc)jDx8lR*+$e{-@pPG<(=h=qS|lj^8OeS
zn%fnq5uC<?7~{S5uq37?KOEKYLR9DvV;a2d@~=>fFV=t7(Y%<1d?U<>-7z1|L3Qi^
zGC<$E=Po4oLV^`5qZU;^Op8M>J${MW4O=h=Uc&&!2(j`UsE*afO4t^4eK{%uhf(+c
zi*YbRXb4BP&jKM4g@RJ3)gOtfSP_$9cT9jIP>X0LY7s3%b!-EEjb~7E+Aqx9f_=!p
z#{l+@5)z!!X*iYqE=<q!y;@O2f@`1`RwcjM<zHX~`NGlc`arBtegl@l=+Ujb5)LOn
z3QJ)$em|qBERVHtFgC<PsOP2Q8>}MuHTvqwArkGeNh}-D4y-`_3TD6zu|tA$TOPG2
zJEPXZY*a(Ppcdf+cRf*@5bq}W2&AuGrnn(qbMiUkS^Hz0OXG$3!To-Kf)rG^f||qU
zs5y!rKO}fECczlwGo$L|!E{*3m3Krf(q5>JO+c;kO;`wTq1IIL1Qwa}s3~liz_-QG
zmV%@d%*5bsK#lA)YE{2QH5^D75?sACQ2E|2zW}vnc3}W-qt;5)L?OYia4AvOo1(U<
zj~d{7CA7$vp*{n4Igh*YYp9+-M{T!vs9ljNu~{5-^fp4BbZt>1pN1O9P7L5(9LiKg
zPh#ziPRi6!?te={bGpKL9@WFB$*kuARL|Qu$DsD{YL~x)id1Owkl=pLjVZ}TqB`0f
zRevz%#}%llyJY&_YZ3}oiWD}txl!A(A}S))P@!sus@EAa;Af~QTj<<?S{sK^559@|
z(D71QJMl3Q+4QIZ6~rXk4^7;Ko*0u0!%#h*fC}w4)Z*KZI!KPAM&PBgHIN>glC6$C
z@O!L}iBem6Cmct9H`c|fX+pePxB$CpKl*7yyy|!#b#fI=XZfL6p8R2~igDBH#Ny{Z
z)CfCb07s&Z+9eo)TQL&fpgyEZ1wy<I*cUtDIn+Q(XJG$p?t7Ear_@5!9Gyo+AVx;p
zF2ympy-*)Q6Htq7J!%)+z(N=|lSL*HbpW+NwLb@|;66;QdYNsFWy$RJe*^^zQ6tpc
zUdPNBlEqeYR@7YAM=j2-*Z@bNrs5)|$5*%;Q)IQdzKC7PKSXu7Q8ueT8nqUdWb<u1
zY^FdDK8xCBFHnmvadulQ0o1`%33a^*X2*f3?e;b5Q}d`Re~)@#wjB1M)(EvrhNGrt
z6_&=oe3!_T(?Z`B71H^r1`c595cWSR^o4TU0n{8dC0{t_qgMYW4B!cuf9$Tu%wtoK
z1vP+PsCxcH5(?>R)Z#mc`n-;pHzfF@SU76C^g*qWIjDLkQ4va>&-Qy})D)CKMWPjI
zgws)r`~>#H+WGCnYY(yreJ`YdRV;*B<$X~P+KyVi&rx%nv!ETtRZ)@YiDmIC41QQ)
z1o;ew?Bll`Dw4}ltNkq2!f1u<ISqr-wM8UU;T~$WrY>S5u8P{ny|D!D#gh0Q_23dk
zEu=$G_wB`u_{5bbDHam^p5GER=ZkSX-bCHsqd1Z0`QB<0<?tYCk;DqOeP0-r{}eUi
zZ?O!XLWMX%iICt=x#dxzo`$9HI7VRXk~UQ}P}^@NHpDBa-BqxZ+y9M8sKL>wNNhn(
z#eIyx!mL0&cp&Pa`U%xxuZ&$UkJ|5}P`hCpY7PB?#V}D>8$dPG^}(ofW@%aWfAGMe
zKyw`<!d7u<)EAOQ_$h8fb*xZiNbm=hj(CAxu^TnV^UB+l?MLmB2dDugu3#f?iJHQt
zSR8Ml$N#0O=v&WHSF+Vx4Wm+_8-`&Y)KNPCN8$|JkI5?A2(MsP^3khU2lHYk@@-HN
z9fgx{GinMdRJHpiqo!<&PeKuRfm-$1s#(4*W+XoY^?;3-0k5F8<9k#nGgr6J*F}9=
zj>QBx7uA8~*cvaRKFmtiFe^Fzx-QWIb)t24`DxAtn2_?Nm;|?=&WmHHBl%C%$MSpB
zgA>)X2V}x%<nv-oEP`>cEUI1&q(i>fl0<9@x}ZLE2B0Fc1Qp8PP;>SgwFU~-vc=c|
zwLQN>h4Lk85f-U!YpFZxq+5(y?K@Fx<tA#N@#^SYVgD5)p`)`A#>3vIk$!>d@l1@1
zi?KYeMJ=+YsF0?rYuB@&rmPSKun}qigHY$g0@RUx*m(z&Y5#}RvqhK!RiQE}wCzzH
z8jO0-I8^9oqE5uMsKt2<wKg7L0OQuTcJiV+R1Fo0p00cXYWprlUk%(Nq0i;$4J?G|
zQ6X!H>iH1VgO{T^xEHm!uA?5DsG&_wVbm0MLJeRJ>dWnF)LPh!iu4f-#aj*8|C-yo
z6lm_!H?kWWqE5W-s1D3W&DkN;96oXRw2kcnl~DJ$#G*J8wM&kmw%uc_gyBtWAj41{
zU(kg8uO9BCK%qK|0ep!XX^N)S<HD#&)kKA|J8JulL*2g-b^ouZ2R}kZC}}h6a23>=
z8i2ZQJZcwg@?GMft8f7oy1!5l3TtjX4LHl8c1H))181YAW{bOi1{I0ts5O(Tg?-a0
zidw`~u_QLeQs~blp#$b5=ERq%2WM<)`?f3w$XCUb*bOy@qcA-#L`7;R>KwR;>d;@P
zj>c$Z*TYc}Y>2wAKk^*ko9Qn6fLc7qQH$|CDrCu8+oxbIR7V@4BJ?@xJeYy%*gn**
zxQ2!B9cnEUXcOW^U>DR{TY-wuO)RMWpQ5cTw(6)wHUzaezC+FBevFC_P$PSS>R_C9
zHsZ|A;;4?)K#i~ys-t7D1b&5z+<ABXv99xcFF|{&nAKSd6H#6d)lf&&Vi}Ekz#P=v
z|KQ5cpdxb{HS*XUY(QmEQ_~A|5KTaJXe}xd`!M+Z{~Za1GFL}iBrQ>Ep*w2M=AahK
zPZ)_$P?0Ls$wJ%$)$mNzZdif3Z#Sx)YpD7$JKJt3i0V+Q&g_59*$4{M({E5W?nHei
zTt-dBAE*e#>|zl}g$iY1)O|Hk+pVkfE7Su{ppNQis70N+t63a%f5Wc6&1EkN6oE0Q
z5o|%t^$C~1?+oc?4@`mTP+`<ssEBH?C2D_vf?7M@p$2pqHPAm$9gEi84yK$w3C(GL
z)JP_y=5__DL%(8hH=w=?ChK7li9kiD9mc?3s1OfAg?usU1U-uC$Q#t|3iPxN)<L!B
z4<(@xEklL+1Zv+tLG?IeFY7=gYLPWXg>o1Ma3ShQ-i3P5eN=}N^tO>^M@6y*DiWPh
z9UYBy!1vaY(1*<h4DMUhVk*$bPO!?TbD$n-S9C^A(Gb+f^K{fM`5N_rU8n(EL3K24
zUu!=ns)Mzi12L2K{{j-K_%kZxS5T3N*Uv_n9~FtZs0Z~y&G9tU0kacz^8JGvd5r$n
zkpOBc%Ao3ZMJ>`f?)qU&!SlU8NGL?!0Go=`s5MX?^}tRTz%i&$FGF?c4C>SIDXM;8
zpv`%C)Kv9DbzmN9iua)g_7Jr;;(fyY*QzZ|LLF#?TAh7SQ!*R1D7Rq|Jcn8|aRyn$
zilXY*M?GK=>Vb<;b9@8?_zcy4l25IEKGeYKf6D$>#s03~D^$;SpgM31gCQMk4FynZ
zAQH6(8ldL1J8JDrclrG;{{Yp&^h0cyl}EML5_R9eA?*JEi3JoWggact>!>+>jT&*>
z&&*<|wbB*?_ywxLMX1njM%BOQu7`bYBh8E&SOwI8yQAvO@=55%U8vRjyUV{vO-*2^
zO+h$nRX0SffibB2*1PLxF+l#YD^K`^g}e~z!L_h34n##{C8{0&I0?<g8w_A7cOsU=
z;M}4X+aOd!b5L`+)0JO9b@U~wLkWi28YqatP@^I{5cQld-SsU<d%kyzgc^)B+#Zw#
zm9Kzmur)@<;TRjoJ7=RJ_6_P}`x!N5kKFaJ5!Oz8)b`7Xs@E9Rp|Mz9`+p?~EuI&s
zxyd=w7GHhTh(E;uE<#=3?YxJ&FVQHQ%SxzxA5_GapcdI))MCDeid4MOwp+4c7M}0b
zCZTOJ5LIz8>cRV6{vm47B^+aGATL%R-x?L6C8+Ip02PtHQQJ1oSQ}|})KpYQ9dPY2
zKF&s8Bl@0%9(>$gc!nB5*f?7x8L=+;T38YnV>G;irSTSOZZnLx2S;KQ@-0yvY=^OM
z6e<E!QLBIXc=o?~cG^|Ej|s`gnPB@n9coUCpysYBs^P(?2EIVmUygdfHVoi?)Z)F1
z!L>EfB9jHx;qs`}KYSvqR!89)3UroVL2a|dlk8))0_vctiE6Nea~$fv)u=hYj2dbD
z$u<=QP*czp^<g#;HIRv@sa%9=Z--ApBl{gSk_1!iLPpdot%O<&T~Sjt4K-C;QIWgm
ze1TeQ@ur%EF`RreERM5K_Z>rZ^eL7>Kgl$EKz-CU8-l7h0@dI$)SMl|1bEk7e~F4r
zn&}paLa4>p4t3u!)Q8hj)ct2si|#L%e}@d*_ma)94pc&gtS4$QjYoxQ1?pq-0BXdq
zQFEGbriC;&s>2beNOnZsHyc%dy}Nz{wM!nMB9MHR+F}2NlhBO~P@x`$nzL1?Me+;A
z!@p1szC}GS$!x11j>@+|4PZ3tLEktJqdN2it6;o2b|5vzjN1RBNaz8}P}^=3>OsFb
z|3b}u)VbDBUepMxqvo(DhT&?|BKrXYxDVCN9p^hNKtAc0*5S(NYZdn(p(AnuPQgPs
z3mea~UGNY!CC^bKNjl%=x*%$i)<Lc2{uscys19yHt%*yhDSL&AP~rvlahz`f`(Gzt
zRSL9N2B6OPZ&4v#iwfl#4B)@04yXCbrlvaT92kV^z&EIl?nkwE2Q{UM7uxj_sKwa|
zwcST8WdG}%&2|d32A-fA$ndp|EE3g$4yX}K!jiZQbxzzuMIgx{Yq%JyotCIYI~g@4
zyHOE2i)!ZumcWGmV!Keo*$adF9JTniqW13{)PvG}V^a```aExin&X+MP_IHg_%LdO
zZ&48{^sSu-Em0ksi`u^aDiSqF?7_+y|2tcyjj<g0#i%*Eg^J97E}wpheJwAE+AVcZ
zi>ni=BVRf<q1Mb<)X1Np+KKahaIyPdZW20Js-t?;0(D^Y$6&}&H!O4I2T>3F9X01K
z-1SsTEkY$wbKep*6%(--Zbz-1XQ%;XT&DUy-_J>?hi!uee5jxn%{QoBaR{|YpQAz^
zSZ*C^h<eaK)Kq<k0X%`4!pEqNr(9tj4aZ=|FfQd2G5Gy|9tq9ideqz;L51)dDk5)D
z-+B|TwDTb=DgqTTCN@V!sv|0L!%#m{&U57(P!T?kT0_^}_0U!9e}y6q2}PhdYE?Ew
zb!Zyu#^tD8uobnKZeS9Oz1lh!KwU3{YOgt}1A|caPj}b9MICTQFdp7p&HmTOUQrMO
zW3RE$B|)v?(x?&jL2aM$s0LS|&W9Zsz#FIshOV_=ET%z4Fg-@a(x~qT<xvr?g_@#v
zYkg~AA_cl(HI~977>d!?*@$DILRT0Ssm7?e9e`RJv)uKcUHMJa;tc)4&V{U~_G_Rb
z&<%C}c%Ot8#R^o<&Z8di02P54KiU_JlBh-58`Y6Hs0VCCooH84Aq`t^?IgnZ<g=n4
zR1`I}jZl%Cj_Q!VfrRGr6lxLOMfEUbgEbt$DC8@lLR=ly(T=G52BShd1+`}8q0WIH
zQ60O5>Ojn&Y|3(=B3la?knhzcp;i1TYH^J~bzn6rGDlI{>osc5vuv~}tA<(|-BH&^
zp(6K#yM7FH0{)GKFv})uuPJJ=j>V+f|LaI-<ohu;{*H0*A?o0GjS78%&1MtS;_*=<
zTaN0;Ayi0jpdS1ms>4OMxLtuNAB5`YS}eiyy`v;Fm(jLbM{;5%@)c1Ln1l-PHq`do
zj|%k-mw)Z@Nw?Ykc~Iv=6=y5dni+s<Z!T(T_M@**KOmu#F4lHi9L2B*`KG8Fr=lXT
z9@T-1sF6KKt%+1S>}V~F3Uzzbu9%CRa1Zvt96N2~b5KX|hMnwxt;U-asKF?^>|1aS
z)aoyZS}eU#5$cP2;A~Xr*P#Y*0yPDHquPu9vmH!1P*Yn9bq+MfDA*FUTiX5XyFYZM
zKq23b3U%mi3vpajWU`<Rs(PpfJE9&u%#|-fP04z9{RnD~@1W*9^cUML;iw4KLJgps
zPa;2w38-ze9W~OwoC){X>MnxnNL$q6n}UkOW|u#O8u=Sk<kIZ5HBcLa9Y)n3hWb>T
zj~ak~goGNthnllw`>cUT)Eo_P`R`EI&!P5x$bM@e87lNeP}gf=bR3M@4Z~5pY7uG;
zt-=7FMk3^U&qyc&2@Y5fBT*HbqZ%H8>gfX1!LtpM;c?W6@1RzD^n<p#)1pFK9kt54
zqo!`UD_?@Te;?-4{=ZBjE(Ng<*@IG|LRQ@6>!TXzhnkwvs8Fsz9kF{+A4+FXtN%9Y
z!6^<~M9QG@T~P<sR9C(ogTMd3OF|=ki&`8>k5~i>ptfHV)SQ2Yiog=oKHh@ico%h|
z1&&&1tDqKRSJbK>j#`9cu>|fyweuQ%&3)WoZ3;@D7Dsnfh!&vcdOd0_97LUnFHm!x
z_n4J8MU{`klDHc+rEgJ-I?r({Z;k5M0#w8{9B2P4H2Wyfe!P$R40w$SWu_C>^Tw#2
zPeI*y7}c>$7z-bvrs$0`?n#SG0JV0Sp$@dcsK~8DMeOQH_J3g#QBPT@OQ04{OAO#p
zRH(j2-MAiO;P03a@1fShzZk%zr|m&SQ3qNN)LNR3n)}tLU2(zr!Y84MNzPc0!cn1X
zi|W`6RD=$q4wS!8Yb4fLTN7C^8u{9&DQkq~u_tPZenhRUE2uT}9Myih-|V@5Z4w&M
z0Mvtqq8{`eYR-3~M*axZVA^vb-ZZR&YVaazWTEHn=ZCzg_C7%!L_TUwtw*(g6Lr$Y
zxDeb;zE_)s9@rnXpQpL}dQ=BaphouIl_$MuQ&kYvv4*Gzj6^Nw4XE!EzoT}~ebkzY
zd&$;9G1Qba!hrUFUlN+b8NmYP2-WjrsMYITwh<LXb+jbv9BAVF9M$o~s0Z#rb?gpm
z@g=@ui?<*~lJAK+;MQRgp6{I_p&R2|wMCT=HG)Xgs;-VYQd^-q+6fhrVW^XDE(UN7
zs-5F5{{*#|6J4{87ewuv+Nh3oKwk}xB%u*4MD^?!RQaE%4uoE}d{Wfn$%g@KgStN4
zU7v+oBWtlCUPKKf-|zO|aMb><g<6!Ies|yheRp977UjZ9)GEJ$8o@hf+8efNOJjiY
zcBpe>Br4=HP!ZXUn&Wer0H2^D6MEAgoCVd<GB<sDP*(~RlF_KpF2M}A9o6tvR77Im
zvQ?Y~<B+e8nwln98QY*nwj33iUoe1YQH%6B>fp(8+agiZC!vscL{*rCTJ<|n+v@>p
z(IvTK9VviX<*iX2nuO~3Qq)NIqat?>73!z1Jl0+7P-+aNJTHc!Uw}kK5=BsF_-Cj&
z-r(}LooW8CUp6&Bb$F(88)`&1P$y!{KkbA|jp|@HDkAk!9qNGr9EEI4-}|0~&iWIm
zMHqI^LYxgX@|vgzbaT!??dNT%gXcDC%_O*Q53Gy<@@-LTU<B%fUFgd9pw`qa%%=Sx
z_P{<Ya-llV(K#M<Vy!`i_zddCr>F)KJ+yo=)YLUbb#yGYz;##|<NRfzZ-BALcSc3L
zALi%z-WC#iz&+HNALDOpurzAb_C$4LnsXDX16QythCH$nN1{5=4z-3Rpw`M()YRTZ
zt*La6t-Z?VtD&AGn&J$sfDcitx4;t%VFgsftx<D27PSVxL3R9)EB^yEWg$;(d!<9&
zR~7Y~zNqav2elSfKV|=GyX~VOfR|Apk8e?-PW8+>Py$u2A*usCTz(AdL|ceza6Rhd
z`iS!yYOOp))l2h_b+7=cL$&^4|0`7eDbNGHMTLATmcuKk{h$81ji@H7{->x_y$rX8
zaNuAG@<U$Q-;mshNhl9_WgSlTn(vC_^P>hB@y0sP$|s>Y8HwuYYSbb;hw8{1XWD=5
zi$w(L`X{In%tzJx88sz0QM)PTTl?@TjXH{Zqt?KFtc&k30{z<Wtifp*mx7;Ak=WzB
zh#Ki*)PrKaxB9tJ9jJo}{Xo<JCcEpKotIH_{vQ^>r2pCZQXTnp^}WwY=*G3E1}~r*
ze1|$>lX6~ZF=j+Xst9Udw?cJjFsj~HsK~59wRa5F-b>UXO%oCtTmvOh9jb%D-~V+Y
zq0o&-J@^OI0}i29^DWd3UTCP70g|E0i=!ge5cQz;s3UkB25=tgDBkAs=TPmxbmj5G
zLhbMW<szY;mqYcu6RN>!sE%wzJ@_PQDxNxHM+ptC_RQFj^5Pi4DHtEuq3-+H<!_)O
z@dOpQ1W`jhUn3|)qANzC&i+-X?RN#$fw!oUB#&kzFN8XJ>!2F?9M#Su4B#59kH@hN
zW{e&hTzvge?XAKHJP<w94>k}zhF!>snu?03ldA_R67x_e<1W-u`wUetQ_N7WH&(-&
zxDBh}!dRhRH~bSLv3~5(;J4!0xQ_fqT!iD}_}0@Lajl0#u^bmRqK?*AsI$6wJS+dg
z`3q__M~QFOOW+*x!%&Mfd4ka3k7g05PsJgqeLo2UxDquLM|~1H(e9%{9wlLD@XvHI
zV<qzKu>`KfqId_3VVXpt!F}EU_1Q2EwJ6u3*3wZ_dym}p_=&BfMNkp>3?tCrNkVh-
z9*bkjB$ls-YPhF!CTeYLMJ>|%sHsVkG&FcZhNC*x85NmDuKYL5NIoo?bu269AzuyY
zu<w29F3d)q-CI#7*fG?ILz27gh6-6j=Kxg0Gf^GdgbMxdsPA?$Q&_$*Y9KA0BT*mA
zD=?Qn|DTXhsM4miMO7LLlJDU1b5Rl6h1z}>QH${@D%9Ch+5OeAI{EIXj%-HF`R~X{
z=e<WQ-u$U;ZM4B+Jl~s7LUVT-^>O(KOJVXfwyheVR(m^C!{bp8Uhh1IT4ZlfpK@{1
zh6cYCXFzozKdR%kFa~x;b)*maI*}HWkXtYuPof?eD_yAf3=5!+;4JBFTNcMq@*SOB
zuqOHLsQtbb8-{RyAT;=mr%eVMNOz3M^}(o!kIcaSuR-EF3g+QsJdYDHhI*H=U8d0B
zPq$?<+lVWoBG47JR%W0MqNS)2okm3_G)rjkHy>HC7Wv%R7(YX;nKP(%US#oYaiq^`
z+pQv&<H97=RGdI9u9v7qlp&k-yfW&6oiPE<MXizLs7UQa-FFV-qnF*v6QFicCe(Mq
z20jUeqBZJ^h4R`yYhC^}>OqNfSkKElJ7IwG@fZzPq88tesJVWJI<k}Hw9kNo7$DyO
zHN^ul9{TG@bRe+{b>L*mWufYZs<;Prw!cM%E>><c4{Dp$L2b*=P-|vBs{Svift<kD
z7&VU_bO}+B$%T~rUPBVvZf#MKn1vbeCrpaxPz^sst?tBm&FrYvTpEjECFd8YgKQJ3
zy+^2XBz``d!b+%J(IcqOVk4muEJrP>gQ&T`j1@2}zlEv_DgupB^@pGyFwf<;qB?v5
zHR8Wf9e;xwafSkRVpd0$_rc0M-<wM!8eT{B>@I3#Q3~4PiHi-$r$ueEey9_2H)_rN
zgIdj*3faL_0~L|sF25D^8S*!3N^%so6R<V<%_vw#LKQ-b*vDsS)QL3?b<%A^?dwNa
z8zYKZN2j4ix)#T%9yY?rVz&6c#Nbq7a4J!|;~~bx|BA8ygJ*T|(BMy_g|Q45ila`%
zL8u4JLN%}$bKxe8jyF+}x{q4*&rsVfPPpBd2DN*#qe9*U^<W>hCdP-e|MkG#uHt{F
z#gngut?n+UIiHD&#3s}ilLx3!rYLFGYhfPpeNp!>LVYQ{fXVO<*2TA|1FBXjTRZ)H
z66)Cu)ET}NHR7Xq9M59}E-f7z{4b&YK;_$%u_^n;c?E-?8D%X}4X`Zrx}mo5N=%No
zF@SGTk@wR^*j!aXg|-7W!D*<T-$U&NFVePYc2r24V*n?j4w}`ddWY~7K1R*`o^lqU
z+o;_Yy}YfR)X0hHd*LM1U<1@D9_1>mL9O<qsI`!?g6;dFn38;T)NbjB<!~hG;5mS*
ze-^c7o}jjC^osT!Fe~bL-S9ho{?8}zBL!tDg?iuMW7J&Es2u7o#ND_GTU8157GSKZ
zwpf>96!I%kYhfKm;2l&XvR1Q2Rtuw&AB{TmCt?`R!PMIS^GWDr+k{#)M^W44f-8T3
znmez$g*pYQgN0G|wZq_UK}BR1>cCl#n&T_3JbDcqc@}3w^b1g7G>J&ujB4mLY7r)@
zX(P#qgUMIJLAVb!l2Wzo0hLix*AF#i3$P;I!_t_qww)h6u_XCjSR3EeX8-RYQLT=3
zAZ}gzc&zOlhE=%!BR0?ts8wCNo^7+KSe5)C)Ibu|w~$vrm4Ai-+>eUHUCf9H8`xqm
z+`zX)8wxaslTe?}d$2M-L!A#L8`_aO1ht*kqRxXqu`Z@<WbO1uP0a#SBoCv$CErC>
zyBE8$?TW0ZBfN@FA|Z*-QD^xS)XB6HbuRpa+Lo!C*!9Y&x%~vA<6_jDFURzF0JYlh
zqUuF$Y7fkZI(X`$o;MJCqd%5}9{dtZVb*5Wv-TLD{9M#GoMouhz6G^<ccMn{3u<J~
zQ4J?(Zu>kVs)I#Q-<-<eW$b_rF``BAv&Q%4kkE(64b*Dx($YdZ6jzg9j~ZF)R<?M2
ztVVu2YHdVoZQp!qqo!;DYH{5{Extl+th_G{Bfk|@UZSl&-r0Yjl2C&?QL8sbyHNho
z5&nPx75Y;+7T@6j9Npfg<_%ULpP_?ot4^qf=U_HGi&{%>Q3J@+(eA5>`V1L>;eH6e
zMk7%MFLw$J{@1Oky4V~Jbk0H@u^Uh)-wD+Da1S*_Z&8tp)75?NM|B`SYFjqJm^d7@
z1}35w@jCPsvU?=7$_sR}kJCP=5DrE?=rC$gUO_Fc#NBPT6hxgHT~KRiC056asI`=(
zhqcoVBgn5uMfe#ia*;jR|7vhdPn&}8Q6YbfT2yIz*+EncHNx_!#n{Bz6}8QVU|gJw
zneltnqC0}x1&>jYO4Zv&o)gQG@6g+~uS!cO(7wHbd}a4y^|6DaU_bk6Rv&dfG()ZW
zX{ZP9!y0%46@k3{ZM(HZeFgJT1KNz5l3S>wJoW&)Ka)=)KtTi+#<o}j=b#qNDbzQc
zCzupt4YcwA>a!vO6`7i-Ic|rFP!CjOhhhM~a`~O8^WqAseg6#!eJ-c^#2U<t3ROu|
zkE^4u_jitU*B7An@ha554;f@@Co$$Dp9VDrHBh^vA9ltc@LNprX{gsupa0uQw5A~4
z;81T9eu2st84~Kfz}ct|pGlwDXF#;iZI?91dX#U%S{QR^Xz-WVO;90Tk2*n*U?+Ch
z6VyPOFy&gbJ+O@S|5_4Sjep@>EI2IGn~z7Z9CjRT-+Y#%&WXzyJSj)ms&0=O@e)+T
z&Z74BThyA$G18{CF=`i0LQTP54F3NA1_>>eM5C-iHPk*Ij%siLY9H^#IrtDW;>gjV
zUIZ>hExtccbDC_7J)kJoCEozGE0#Ks;&t+mG5Gg?PL2)rx=`>4wLhDTvj;Clt%c*L
z2Cktx5;opKn;W&*>brag)LNK`>c~PYh&xdue~gM;wh30=VFLSKUzg`npw)j8wY{QF
zv|r1GV^#8#Q5`#v+8tRY*>-G$x_=IqV~$UtrXtZ4`#w+()$swSqj(-x#v`Z>C7Q~d
ztAVOht-%qvhWr-P4V|W0`CQaUj^Qx$rrS4~;i$!T8Vg{C8MbEXqZa2JR7CEfrt)9Z
zuE;dg)>2iU1lz!yg{$!;4#y?4Y~)#I+qc#}sKxjbDiSZT0#=-3KekUmeYHA;dQjZC
z7O5hrj`TrwbT3xIL|@v`>^CK$p07YPa2Xq8@_Dwudt(Fg`%!0ms`(bePN)d2#SVBK
z)xio2?9+2Bb|fGAl`X<9SdsiT)D(FOgYEF|Kai+R{!=WEhwuT$`Pv@*3Ux!xMHcd*
zs6})fwKifewllq<b1EuAhfxtq{*4_xEl?5Ihl)tzZ$rI-+W(zM=zzI`qp;C;p}~KU
z@G@#24_IO+*f*#KucJbk`Fk6AcWg=iB(}!9OGCZ3I0c*GV{C!dm)Ss<qayJNtMPoV
z%yRn>8IKC#In*jmxxyA*ThtLc3#;I13}EV&q26{Zg(LA5s@~_TLcN~24HxoVE&FQw
zct5btra0;kw&)|#??%NTB)a1rjKsP>hI$b=6YGR<qM;6$EF0|8tN}(RKMZN#8;9EO
zlW;7q#^qS}Cp!VJVg~ZDH`+m$2i4Jz8`=K~<#!Z}!TYHF-FK7qbTujxf1<Wu{>`>V
z+M~{iWvBz`GOEESTWs~0L#?H5sC~W`wYcw~J|#13wQowfwzB_oQc!||-q;Zn;cuvY
z`=`slarwC0tRv}B_3EMObwqtU55m+q88hMv)W`R)E`JAAKgM=5l}{oX1-UUk7D64V
z<x!sj4Ny1q!dN&AHPVTwuWW}=5s0zFwqpTjJJeLp#5VXFYVj7`X^ZzW)Mt*rhlEa~
zH>hnE*kujZL7j|KQQu$=VP^aXvti1gZB8Rm9c+&}!Utj<T!}gGUsTAm?6&V0`A{7%
zh1B=G&q!#Fe!x8V2WG;gzu1RNIHo1v2K9h1Q1v!oGQ5Gw@f9k93HI210o2r1MomRO
zS3VmxfE`#^`~NlxEsm6X?EwujocsjTNcN#3lXRc0@`|YI9Z{iQgbL*$)GGJ(+sHGb
zMp^?E;fXH)BkJIKj2X25OB}Gp)B>ZE?~Q735QgG9R7ci3!w%Ym8eo3PKSAw|WvGr`
zLPaXpAsbj(%u4<<tc~BIPQs_?>&D2#b^r~)rsRJ?&0Xpv7Q%`cAm0ZyRnt+|51}IP
z6gBeHM{R0KqrQB0N3}lzH3d6SC+hF0MI856_J3It)qk~pKM~d70o1;KgleeRG5fmQ
z2m|E%qYj)|sDtSz)QE4P9+={|?f>ei2u(#T;@vL)5UZ0<d&0ME)%AoevH=*E3o}qX
zT#Q}t8b)B{lNOP2s71N~wJp!14y2oy29uq#ju%3Oz8<P0gHat>iMs!sPeP024QhLZ
zpSC${h1&m9Fo4TZyWlWtgnwWnOm)U~K_1j<uYh_$Z`Az@umEmEO~D_isfu;h2I%J|
zp(D2&R>JR5`~D&7C!Q?7*_<~=H9P|~MY}NAAZk0sI%oU4AZp6WqRxd@sE+nQMRp`=
zAk&d4^u2W?w0}>aKG*+1?d#0vt)Y^rd^6OIeK846MU7+$>O44rI)eW}MIzP(i(C=Z
z_x?txUDXY>h`+_M+W!|xXpT}|w9rOiD)RlYJWjy~JdFxv;!F17Q4#gv2B_UI0-NA!
zY>81X+nQ*Pn&P>rj-Nvf=mBQq`CjN1dvH$FDsG7y!3@;u-iZqJL)3`lU$u}IK!vm^
zs$OSQsOO*-;|kP3t~y_#4!XqGtV6Xi_}~9cA)yEFM9t+>)EuX}ZXqv^`c!L+HE<{@
z5=T&r_ARP|8Gg5V6;Sy$sHq)^S`!OU9oUA7$cx|E|5{{4ZrG~tjtc1l)CdlvPO5jP
zDXMYP?2nqm`KUE>3boqf-LjK1JF3HjQEO&4#>Ne(f&Pr@z(2Qq`<N_r+xF)`)Pt9z
zPO3|&BQ^RRvlwc`oly~(gnG~})JQL(rtT>QFzsC%P#I?rRD1JLYv71aLO0xS72^D1
zCtC?rN1CBJG6gjy+fl3dHtGaS^QVol6l$)Up}ueoM728wwI;Tr4xC?65q^w1Vf}RX
z?8NGXI-y3QLj4n}fy=1#A=-VL(@50$&;ixKg{X*}LQUlh3}EgD_Mn<rn*3*|j%`Jq
zkf)L7`Q9TE>Pg_CeM9MjdcYdgYQKxRA;w>37Sush4)w9x%Q*|x;cck)?w~rB=WlDb
z9x8%!QB$xRb7=oRCZUn1dSt&8s*cJ}M4gB`P@xWc?0$AbZMUkZeg7#cwBMo@;{jBN
z!=Bi-E`W+)2j?PG`<F2I=l`*v+DOZzde{+zbB7wiR#b!6P*W4<nT?<jD&HQ}feEON
zu0<U*$5D&(7OLI<umWcP$J+0Sel-fdB%zVqLNyTgxs5arYNYj1=fVio)T~5x@D^$n
z$9rMhDhsN9Gt~YckLuuR)Z#pY>geC7dWl}L|24wMm)65hs6{o^<@aJZ`G=?*v%a#1
zt6_kAPt@9&;_|Cd9sCuwMxws9$QD4I5A{(4?TNv)@S6RvlWDiRa2<89#C&7hE&{cB
zd!lYw<vfczSl*!`k@{cjP$krM?Tm`#EL6vTLUr^4s{V7-zytnU>sduq#nz}$k3=1{
zt58SgD^vr8-`VxLs16K9H8dBa;||nGw-00CNz{lhqaqXay?siSK^<6r0}=reJy0W^
zj9Q&XQ9XT&^)TCiHWfoqbN3Uf-YqPMN%%=nA+L<(us>=lH(?{ZkLo~VNLcVWLolHI
zzlDU3(u=5`#tsb&?&~60m3(tlL*HXf)kB3iTUc0dS2RGK10zt8SdQ9m$FMENh!Pg;
za5vO|=AoXm4}*XI_iqx~Udf_{1y^YWRK7JTgp*No|0PD?FR0ZV8chvw#-k!q5u4xu
ztboTbCMJp=7CcANpgP_jwJWA!G@ry~5?XY-P!D{L8i^Mp%)Wx57E^Onh(AN^>t(2h
z_M$p;A2k(GV}=F)RJ=H9q>-rA-yO9!Mx!D&9epJ>lTd?Kov*Pj`J}PJf*&@Wu{`-j
z&RfoGvF$<KQTu%W>S&$oJc#<RdWmH*UmP1qZ`1&%#tHL-A^eE~t?nzRlj}8VTgHoP
z74x7Pu7?`w2vq17qC&qPwM+g%eZJ?9XOZfN+9lJS>rjjK7zXftJl}3iA3rSkg`hdA
zBlA%eHlrH8fSS7`2`q$>s41(7Dj$Uk@sFqh97Rpd@2G7ZJ)te)T&PI3Mor}ipM+Nb
zTGaOV9rbygGLiK>H)>9+p%&#()W}z%R`VIu1Kwk8%$V37(9by=)uAn@c8;N*<0Y{U
z`r#zhKpRwrQO?b%j@`!$m?o*M;xef6(WoifjC$}njE7m1StN>}Mp_#+b^TD!`4)BG
z0c1`1-W?JOahBvZ*KM&H`7x-uJ%xIpmm)0qVN(#bc&efr>V;aolTr0opdNGqwQb*`
z7GIW>Y&YzPTJ$}zxIX`9kkB?cifZ6_@B%-8q_X|q5_O<_jSAgGY#YM9P95fT!vSe*
z+g?v=4c~VrNEa6T@G6SxNFUS`&cjl85F>fM7bU%Ii%O_acS4<b<4_~pfts2N7>Th1
zVZrbHHBlpJj%9E-YEkV*)q99~VBQRN<hDT7pO0F!yU|zZ|01Cqb7Ztd)ev>#FpR*p
zSPmbd_H)5Z)<8GZ+|EU9yMw4Xe~TS4eP%leN24Ne1Qp3=s42~xh5fIdx5;81ScKYE
zM^T{;&1xeniF&{g)V5lOs&@|c{UC0(Fs~g}M(vK3s3|>-df;2sS}B&@2G9sAke`y>
zx4Ae&fewZQIqX6tYTJxKJ#Ybz#yvO)tK<yhm&b$<+hfsOHlq2c#rZ3y$0wKq6Xv##
z<-`c`^-#~7>66e%_MztZUuWJt7J;^?^7*KP=@@EF+($hqT3+j5F4Pp(!vKDP$#4-W
z^qWvqbse=k;^(u7`h`d+)LpPLeuG+k_fU&5ZGH=7SyUvtq8gfp8o_SVYJP&6io6BF
zg1@Bhf~x-`YKkwQ)>`s{7K!>ueSZH(LKQcndUgf14ZT8P!CxTcLxnODHMeb1XZm>5
z$d;iN-AU9OKSQ;bsIV>4aEwE~6DorJQByJvga7|OSCCLh_oBWMT}K_QFHs@RSj4VZ
zMvc5ZM&L};gU_PY%1hJ$;uN)y?fj@I=!B{_6cw?>sK}ne+}i)oNF>5QF<V51P+!G5
zVq*LbHL}g9?+52lQ*;Bhijx+%ku^i@??D(37os|}8nwnwqSi?C@GvhF3!$%qq9meX
zJJbWZV0`S4Iw(e>4wN5I=fYErz(9#GFAUqFBGwT#CDTwN-in%vE2#U!O4|JuQTxAt
zN%p^P_?`lF<TxtiZ%{X;FJ*IH3Cof1g_^@3Q6oE!5%|<yFI3w0_a~?ht#w{R4J1k#
zo2mk+sjgIp{jbH)iUL&_gw=5gYK|VGLYJtlt%0hj@{Xubk424S4MxH1sKt64^?e{p
zggq!7#wA}A^#!H^YPYoZNoar1Lxt>DRKt%j6q82UNK&Ats61+IR7E{#EUKYpsO@zF
zbyB7+X9KE-nlj(z*Pz<JggPO8ue|O5oLHWM_NWdmLyhbbY8A(+VB0PeY9x`UMOGUt
zVk^|PU4m-(3~IH%L(P5OiuT|>7$83f>8S5*CZRR(5F26AN;Z-nsF5s3t@5j=In7wv
z)<#WK!vj!jXA^3l-^2huLPaz|73)YL)W|!a+L?gq_4&V%gy!lu)Ean%ia?sGw%==`
zwwsS-aRaJj&#)n8uVy3v0(C&GK}GC0R67qb1E#NT?M0$~Q_>g9^L%d^iDmczf54eF
ztf2}u?bE9VDzwW`bAJx?fF!l7L%C3Er8_DTy-*LHkLu7d)X1N^^3=7hUM&p%_kTl3
z=ww@jQSk)Ez~3+lUc&+S3^mtX>e$?`MQz8OsK{Kx1emI>bubrd4V6Pp@c`7eTj=r|
z>xTKB_VG0enqp`@o3j?EGu}t7?uDq3okxA1$E|M>se)SFgHTiQJ!%(R!U#;(z((2_
z^&vG9)y{5IgkCi8ZL#ENX#27n>a(CDD&)gai|7Z`gU+Br9MZ_vL>|-#+hS3iiR!=+
z)BvJ2w)--puGd5Dvhk>0bj&BA&|JoZ7^R8zFd3F3Ujx;lsaOnGVS2oUT9jc;?Rqg(
z$LgaF7~eS`HIR)Mz}u)b6t$V1w0?OKn)@!O9)Icbn^3FvE-GX(n%kU~L3OAhs^Pw<
zP%d`Y&!86FebhOSsD*vFl|miuwNX<z0J)#v|C7+RyN3EA61%01tO6>upQ0YP5*4Wf
zs5SEl)q%vVtl@GPLB2C8Ld&rV9zw0HgstuO3Efd0+lXnj|F4sXMZsIt+(d6<R!2o(
zDr!!DbpD0vXpXk_pmwNLJpy%5%}4E$>!?MUrJdOftCOGVyo?oizL%}N{lwD)>yzJ%
zT5Pd9Si|9{NYq7buaOvmvrrxW4K=4JJDQDA=fiB&_FawIroW)3<{D~X(K@mJTa(C6
zq5+P>R(KUFVX4j*;*qGcd_C&uyoH*}cwNjwsPZPLMLH6r<91X>_M$p)3ANT<q9U5D
zEBjv~ZQs>a=X5Mfem$y(Pf=?lNjICbNN0D{6wJnIcpL+mvb(L35~w+DkBZ!6jEO(H
z>xWTO@wB^dp)S+ILem4aPiLWecofya=soR3EQ0!CQU<kKI-=^2M2&nK>VZ#j3})_S
z9b1LE{wr!RM(J%GYUPvANV=dN_>J=_YAvMfV<YN`3gH|~j~h^D`WdW)uThJzT3_p6
zJFHE9JnF$0QEMe(KRZ_%qCPGCFG)m@_#U;0?xIGRxxbCPI_jVqj9SfWP}gr_4U9R!
zY=jE&cbHN2P?0-{S{v`3IR@H6)c_f=?+qiN2k*do_y#qinx9w$U!!{dE9#(0Feohe
z=X~WcF8QXY6R$JIz!9i#%M&qxE8X>@sEFM~?SeR;YEiTQ3X@QeJEBH54z+66VJ19)
zYVbZPlraa}qKrgMNiS6BC!!YZcc>F?KWY(rL#&;gn3`-Y)QQ>+hwyxFF^Sli`ZF6@
zHcUyrG^W7D7$5tfMmh|2z$`#DcmwsIcc|Tx?Q{FIYk-REbksmjpmx_Y)P049vj4T1
zYLie0dSfp93>A@Os1YAQ?f1|xEQHxm`I@MD{ZQw_Y}BqefTi#@Ccq5rG95$(u_jhV
zb$GVV{!dKeX9{#MoI!;qY?y7Ua8&5~pvtFW8QhN=S(M@S;Bu(%3H?#qagFmf>i*Ot
zY-&oNBG>}e@j)Yapdv7z0`+toYGg+-6dz+4K0~ecm&mI1DvY$<Fbp-)ji~acsKuIh
zl$`_pP}_Tn%U?yUnfRk^SLF6dXz?^gUFePK;UrXumZ3&=3iW{4V{C+#QP;mf)nAU9
zg1x9U@DFM+XBca9UIi7wai{_BLTyX`8VSu=%yHIWHq^&#T~s87pc-0)jqm{K!D+|a
zcC3tg;1E=U%TR0RH0r!~kDA&-6D%U_owKor_WwZ=wWv^dqD5jPYB4TAod?TMJ%5Ah
zSpG?NAT>p;fyt-`A4NUz1!}eDnr!>LHdZ1(2-UG&&ihzL`#;$fTU4D<i)SgS$5&Ae
z#+_;nmBUWtyJ1y4h1#B}r`dKbj5_;kx%@EH$vGc&;2cMV{sn3(lTGIf3eWfIk!Xku
zP~T{tpbntG40}K^)EcRSTD4s;fD=&%&T7;uKaSdFf1%b==uDg1^r-UEsCMePd^hy9
z{d^J%;Y@d77p5kE2DLUGVFipk%MPe|sI}1r>)>Qm#I8Bx&9+FCL3N}LhTsqUkLu}_
zob)RG{Lw4N{+deW=cp_~yXJL{W{F>2z7yB<`XLHGmXU63S&yUK>&RQ3$i#kaiI2Gc
zJ@3lY<y*LSoVLHxUgp(`vJbCBT+{jsE|$%FT{%d>DJtZ14}VT08+iAld<j+mqRtU_
ztp(+J)ursiYc&t*P2HQgo9o3sdYI~Tars8>p6Jv)<Wn&N3B5AV_@}PYdGdUI1Yf85
z-<dSJo$D*ygPYUH2HwkEz6jU#I>-ITd4K21<B|S`c9s%>FG+WyjbAa7>xBO&nI;sb
zN4+-l-r&Ned<YHYAitVA@p!i)J&^KBu5-o6XQ0k$-X&-w9Sv{gJ)iUe*QsDTlxeUZ
zzhXrt{&lFh$vylgSC{dSFy7Z`xCsv#Ln9@*UX`1FqmdlEf22Gc*Vl3_J$b$Oms-63
zl+7jIjdw-fOKInO>Yk=N8eb0fV-9^u;5CWs!}RBG&A2fpjaTO4aNg~C_o7U%uU*GJ
zA>V~MGr4x0M)mrX^mF`)hW_s>Dc7>{9>zP=wRM*Jy7OL1{S+>GaTSu{?jifR@P(_a
z2KhH-yfDfRQm3GMXm9H7bvLWdCf*y}{mOsNyCnB4#Xq=jy=yNC>6?^~Apd~-can}v
zI_qXKlerj^g1$VYC21W>A71CkGwvx1llj}IvV&)J=a!Ei8T<!us#EYY75O)h_!C#V
zxh(aMldSCeuF|3|or7juQFk_FHBhgdlr`esjX2qr-6DV+ZM?pBmJ2P()O3v$<l=|d
zEN)1{)K;V{1L^c?#BTIHC*7BHbJytCbgZ#!<15$M^)!^2vcIX@3x8DSxu+xP7Qu%Q
zmH#N<gZO{1s#GdNg(j5Tro0aC<TSAQqdLFyfc%ujqRuAjR>BE%@+5U`QXcwYJyLI^
zYq_xNl<x+3g8WToYEa<^8u{>ANBRw!1dMD5*B_A|OPa5$UJp9gmiH^J=OX`<hv~JQ
zbam=pqV60TZiQ7`WOThEW#_pbj-|MN2XDRnfmGCsFJHk|8G6oN&hhvQJi%8r8mYid
zgUF}irdqCkZpx!m-jnyouNBl=#<f1K-dftd$bHu+FU0#-u3f|eT(8MTm3M#&DQSf7
zxxrU7*RxsVcDT_^qpSiq>J^2$w<tg2>IEo^q--H&PbtghI@HnKd&K3F^T4jItN?=?
zLnqRPGXJ@`DH<1MP@vcMuIEiCAH>a{a&0qZn$kR&kg`==TSAAcQ}`L>XDAP$gVC@I
z*RGLX%zdM%s}JGWt`kSOu2&}RUBdHrYyOL?<&R!VTqPA%by49j<#?aa;8GgCLu1d#
zf6luNWv@S~UxSCoqP^nozR$Scg8J)Sz8UGo)XB}g19|&NxbTolm&nYZasCRLca{p<
zso0i=OK?rEr_@_Z{+-L$A^o0oLh2{r+H|Ytz2ZK-4${VJS9bx|TT-qsVzV(T&uPZ>
zx;mBk7ooggxKN4<0e5o>Mv#pM=$qFT-g;%Bv3!*G<AMAeX<k&WAHkb6{*r6OsWYCk
z53d8X)sKgKc%36rfVx{;ozy{@|9;$Dg^RIhcqoPE$^VB<$m=zZhTgi4Eu+C$ymN7V
zCYGjr5}k-f!+O=Dg9*6rC~d6c{qbu6_1aU`$<_UvHrn!h?+67q$h_lSiT7LHhbZgf
z?taZf{%~o1_xyqf=XQ;#cm`>ovIdHZ>*zn&jE7~%XI#_k3LV?bI~w&0Q8tD$zZnI|
zXrK!IqKZ6RuM?CFCVvYnx-ym5;%2?p;B1%XUkUW8P^Xg1zvdpje#5G?d)bw*a2?UL
zv81O*Xa4uNiz@t`!ady3z%`&Uy=u5nZlP{$-g_v!L!Bm+AH}rX_wu7oHl|JnrXmyX
z`COmHwYx4dH7G0V>c;0s)!=Iz7i+tRSP8$zrHsGv8GL2r0Sma^l*Yc~=Fz0}?S2v0
zm-CK6qk4^`{AaG8re0I-DM<NWlt<E`)|9oN?BiDvpURghiAjYtq(@Mp0O^I4{rFLb
zc2V}>HIKwoI+qlu<8>Oor!;jM(U~gTH<Wx{*ZF^`vxhph$Uos3>$%?9wdd#kKRx0;
z{UPoDUb{%g=B8%64^TRo#un00T^jj@vNo>n70UU0wcdN`Or$K&|EJw~u0t)jFT^5d
z@lVdpdfny1aMC5P1Qn*aUj9aYp?lC_(&H&_@A6GQijvxh$AfcIr!VcCz;Qe@DQ#84
z)m%HreU+(KgKJZx@chcw6K^IrR3e>?3YU17qQZIJH@NXX9+H@Md9I)0=2Vm&`RKuM
z-Ds;*U$3cLTjU0{)0L^b1sxwo-8Zf*fls9?6y)ZHVO-2gItLFw&s)D~dq%~&uCji5
z`|!$6{ZrHl$Go(0i1%VH4#T0mN0a7f@c+Hux>U7~I>W!c>-j}#U>k*J8POwdJW2j*
zcViqn(~|dkt{22Il>g=$(mw^I*ICNc<~*(sCq0BV^jeQmY4a-ezM?`J(wE#l;W&e`
zEm7G2`MGfyl|v~AC*7U*hu09whPX^$Zc5Grs?ou2)PII$Xmq2i-;}cb)V)OchgTA=
z|4XJn*Wz-oUK?q1JLSJ}pZ;G}do{V?B?a+#XC%#Estmr8lICv_2VWOxpgcDuqZ6BW
z=cKV?G{j#=_D*4X$|jRe>DJP1>c8UtUwE(LnqL3#?m_;;tD)MSxqoJS|F$biMoDeb
z!?~k3>0>y7ma6mQ6O=FKy_y#0Qy!h`{ABJW<gJGE>Q3E#)P2PJ5c#LPv%9B%Nje+7
zn@#2OT-R$mZC%hWP^vP7UU~@c)V%rCK=73ZvwhU%LLoE1nVML8b{Ov$AFlA&1+<_S
z{}g8M)sXxf*NVP5CE~GvQnrVCDv*D{J$mh?P9yxw<-ed#2A3`wtifz!P42mi`O%+3
zCB2UE{+R|E(`Z+2;$O4$GLt`y`CTLDc<@x-Z7F-n(AMzIOnx!>qNMejKzjpRn^wX~
zpq;EdOuw1bD+~EJmh`>dG@gqF^lHwHJ!y!4u{QW>M|uG7U&v45K_6ZzX&@&JW~SgS
z*J6|Z({*4w`L5*kOTk18ri$ylegQO^Ya1{xcBXu#zO!C*y**DsD&9qDxIK-{BVFL5
zhn^%qn*1ah{hkI!@Q~Z?-gMlfmws7P-=#0O4qc=EZ`2Q={x`0@6~Wr9Dt%_%<APpw
zsHoR_ZY<BkdQo26J)o9rtO@1WDXa9ME_HglI<cu!n}?UBER=LlSBGCR2VeWSw-I&k
zlE35b@kdf|FTLAJL1EGxNhfe4&|N=Lo{+Lq^n4fZm^9L#2J~wyy)tr5?Jwrq6CRj|
zHvaGHA!WTO{DJpe?!QT!{5J#oPhowpCKuCD@Tt4&5b3MD^@@oPxk0bEq|5WL!#r&+
zH}|t*ZyOISMp+lGJ)o_xx%Lxf{PNM8$GbM~p_G68I!GP;p8biwv+(OsuQ_kM*7C4@
z7(oMj_2$OkDC<kv4Oge0Dt`3R?@U+l@XWkFp<(?qw)MHM8s+(1=T*G`WesWLzUz#B
z8=XSmHH$N{2dcrV9{D`nw2_8Ny9cVg4*CBmze3%KbnK>UcnS}@&if$c3#jw)>mqfs
zQV@shO?ZEJ)&D5%U!^g<IvU<lE=J{D-jzRa4|1116?f!8(<tZnv|d);{Ko`dgd0@@
z%9oS=9MAI3$Tj`8dK@>-rIQKW+DgSURz_p~x6;5&F8CjfHZeEq72u{Rmh@)P&`i>&
zX*{PJ!C~^nNblqQgmfZYNL&0HzrkPVR-?_Ul<%XxQCO1lro2~^-${F~H2-Vd!*)`k
z0ln*vdUc?oX~-X|dEr!^N_xE;We1F)?j|}oit9^gRIiELqZj`?v$u+N7jtclD^qzZ
z?yKsar~F`@|9Z{kotMV?QTZ4TYsZcEsF;_0Wp3)r`%B6)aP3RptEiitvJbB*AEn2+
z!oA%4h<o%(%so?h>lNGi6>a!$`Jd9<yqkAPZn%d3a??`EJGn;Ja6?+kQc`w-_fhh(
z=v;c&kQ(hwc@Gzbdd}w5`AQevi+@r%_}a>SzwoRF`t{}x*F#-N!G(l8^cx!M%lpG?
z40S5FdhaM4Prbo3kd}7_^0{0`RX?0*X^)4f^BSL`UblG9p#u@T*HJ$n?OoTeH!D!#
zTP`l*fdjdCfJQ&O*0{s~*O~9gzo1TIMi!U*u8>aa>Z~Mvhj(k<w|EbrPIu~5B>e{u
zEJXeRX}!MV;SIRf({}}*^Uy!JP=(%K<l+j~iILp&BNe++?*)x4CV!fD5z;&9)Me6>
zdF%DJa~bz<rhZ-5wyx!+Os`DTIm5kgX;ZJ@`WryvKJU-Du!si-s2tCYxFY2TxoICa
z40MeYqmyC0b5Nd+dO!1^HQe_X*Vj?MEZ5RdmK<|(Upd;{#<e+Eo_rLp4dTAUG3@!?
zS}w$)v9T1M;Nn#B%Sf-M@=I>aMx!5IzfiV;x_b2`-IWKY<eiK9Be_?vx7-thHi}?U
z-mgjP^@@54c^9YdDc(J_|LarXHkncG=95(Zgi5g~`+tp{34B!5^~ZDPB`iZE$R-eo
z&u9dcfFg(upsXqgVTrgayqS4PUNSRpIt#<ZzeZ3*wE7oOo~W$_v|4Qy8vZ^MTp?QP
zzLdJ4NUe&rTKuSJQLx|p-W?dI?Z4;qIdkqk=XaL7zN@&bfF(78IfG<*`ZfKZfyvYJ
z6!bR!vyc&d?#C{v9eE1<FIB;{$kSCGY5z)o{|D1Jfuz>}TnUHZ&eD<Tdkfn<Rs8_^
z@{clqL4Yo_*C5;Qe*@ht@cr=n8}0GPP1tV5uO|uD({4xi1lS)K#0>f~uw9O=^%ffU
zqv!~)1n_fJ>Erajl>yN8Lhhv>h9$kAFq6=i(e4fACE8snY8{viZAl@8`;6p2N57gP
zn<&7heJ}QI^88Ps(E(*SN*kbjO?(bN0RIa9Mg_s*Q9qJNYEen5@LiyEI`TGHnTpoq
zuMu}MG2TRu^j*E*KjL?aJpZ@l(WoB<ScklWLgKUo@NKjg;5-)nt2j+U>hxcxy&1lU
zB+nxyJqK_1T6`H*QL@`mkmEvymHO54k2kiHBv02X;OXcuB}o-iD(ML1RBV$7+SOMT
z4F~hCN^&&zTZwZt#oU2C3f}>~9Q_t>Q;3zPlMC{-jzT*EqefNh6ykOq^7MECxOYK&
zry9jQB-sl8jl{3Zf)(aZw3iWQO~Gi#(k`RmN5J+$-YCESE9iVh07)5@xEt*W@Dgk#
z*lxh_M0g2&9GItY?xRLDj`m65<f8u!(F1udI!XJ`-$*}#pCtaJ!lFtwqq2XweE;`W
zih7(n68v0M#4N!7qmoE)8MxJqZjVd`?Iv(f<@+w}bI^t0)wCtOs)`t|@V=JW#^+1b
z`M8xNy-8SxQ%5*X`zyE;d^rI|7EJl8%Bd0=B<TCtzE;6MQF0$T1Kx@McyOnwV&*6*
zL)=dL7TJJWw*!2PBJRQIW!hKJPGES6fCAm8=x)H_3N;gz=>7m^E5)rve>J#QmF+$B
zmKT=CD7XpuE`n#nc^X6Gv3y5;e~PXl&}y7N$MB+>wk+~Pf=H?%$x!51$SC?{$a}H<
z1|Lbg>3={GI{kWhAo23_tis5?iBE!J9#MAhKX1?%!w3S*!}vZ@Qn_>@;Qx}$K=&6M
zKEg3g`wQCdBFCw~Z=?S$JW&;1g*}e#O5(+k`;~qym^>Xz>|NMilj|RX?}g=Cpf9pU
zRX3Xevq^LsdP$?%I2yX~$WxJ$K9$Lk_t8HetfWE2=tHty=+46T_h16(8nFKZ*%|JS
zZZNji5di;KP}zw%?E!Ekf$mq8YuM`)rV~yT*sr3$nsyGB^aMN^-4pOh=pF%cHwoWF
zUrPIHVx6l7Rz^PoL!3WouQGfGXcnWZR>{5~&{AwJMGdDda2ig~bKqa0KNkF%*iJ=1
z-Va#xA-Ye{od<plENKwf8~vvDI{{2T^4ul=p4D}99#RQkM6OW4^#qxZ<1TbnVBVoE
zX)=y?(3iA>1Q+?uqWvmand&bDvk6{^Ur%gp6fJ2w?duhGxBUKhBw#l{M`N_5L^s!i
z`ae4;;5aanp7MVEpSuwj_))N=Fa^)UcQ0}X{Uk|t!XGd*_2{lfmZ~Boems7yR}%a(
z_$=5|RY~K=7>A+zNCjVn^E!e^>O_*B=x?Flo%U{Q&mb?vHW*op-+B+}|E$M85|-3X
zj+-cAH@?H<pIJ!y4u=IQQ4fs2K{pTJRGg|j1V@R$b8#}jexV9kg-;6meATa^eX+vN
z1>XeUMZ6E-JBZaATeBMEIDA&f?|&h!$6*JGzW{oWc71_y1`hoRB&nL^c!2(S6tfH5
z4-|4ayqA7CdKW3_Ns<<WovucI444VDOY!*w_Ov|zQ`OqugwxYFzk+-gprjU6?I03&
z1~&%Yhpj>t;-mOVqCW%QI~D!`Vmt|M6tWguCslyNZ$KZU07<QP(m4ark#K~de@FQO
zy0HLia5}<+aWSDALV`ltO0sj{H}D;xY<mg-LrHuxwo8b!9sftMg;nA#{XO#gFDVCL
zEMQ3^RHeJsNJbJsD5npw51=n;iPD`)(LKQaRrO5*pGd47$R=!M3NL*gls}4AgTK2Y
z`R@fNDWw9`(q4$uFba8(0OR1js;IssdYJYDo(IPgpEL142mC5#;2ZRpfDaTTZAHHr
z+*#-)?Vw*w`+VX|lj}c$pmR`utelPlv<uy5@XadmyGo`=_6B-M-_g$C_c+0RLV`Nl
zITfR;!uUw8WbFM^0eM|9{;eAboGPgHGk_l{M2H~wVXsEMuXMk}emGr*qJ`jJft?FK
zL*R22Xc|R5OZ=12?^Fd`O8W%j1mr)nkf#cO4Rpqm>>b*YzNLMuD(+n+|Ayl>73gbl
zi{Oi~MG3l}_KV1c_%2nL4cL~Te~MU=uEBpl7)jgm`PWeKa+SbQj+=c<(J~x9$1dqT
z0#y)b7nm!+uSFh#PSS4rzg51ne**em@WXI_IE!u`{AB^g%U?ynne5mvk(XhdO~RK{
zF&C>!N1=O*_W2ZYHkgM96oc~=q0t@As!?8#e}bfvW}>^9{zlr*=LdqklYZ+=8o!o6
z0BcAhX)*~G(LRlY^WaYOe@~DE*t_7l@Id<Gz>ZYMwi?{=#Atz=u+_syp<5&aDw>b{
z2K^i`PZJaJ*Z+Nz4X21+$Oy8#3OWYRQowl{Q_%hZtV6Jgd83j`kuUnei@vAOFDN2U
zYt)R~fSl^J$={7Y#}YV-LdT(m_UW`s2r?Sy5cd1&-$0aSq$H`NOVQ_PE<U9cJxLYV
zguEL2V(^lFL4O&sUc>h~a!f$qLE7Z_Uw{X}KOy0#D(G<-r^Agnt-|&LJVT9S2#M+x
zZa8{L5duGqe>r>{35rSh3x&DThZG$z6GHdF*J8gLpVmPHn}|~_+zZ7kBv}C$t7Oli
z`;>MNxtPF`-iEJ1_Xa+<5J)~^w#kI($E&122Ri_tP2f_<JbjJ+LWM!c|K5xs8r&Ph
z6Y$>w7X$b|tXJavF#WgazlQBP6{rUJ2DVLLex*ir8!@KAyU`89emOisCE9|1G;HCM
zK;DjR0t0_g{{5e`2`uRf3?DFx*?^u@K{sO40ZMuYZYN+ln1{e5!K_8Tp|H=Rm()h^
zVZ=%x4eXLeW9x&QLaYyod9CzCca!`$tO6+MROF*58v)#d+(3|}DtH}%uA^T_Bj`Ma
zPb{wo<KWi}OKPCMMa{q`$UelXM0SKr!CVifQUX`10=lbYuLF2l&C1Ok+Rj{CqAj1-
zHe>m|wwku|`iDi^X^*@hS|`<w*9WD{w4SpwN!`xI^{|mJLRQpDTV`r-ut?YSK~<5#
zx(~D(;<_D=<_<F$@rXV-+F-<t=s}Ok6DJ<h(LK~5%4ko|M;~Oy!^vDC?Z;l;VZ-#+
z*|M-h)CYrkw*RJRANV6hOM@)O14PVvBNI&*jLD3*&DpS5ME)heHx&%*|C_S{+#%V0
z{Q@hMw&D$XvzZGPEkAn0F>RMVc0s2}Dw`S6BSzW?7FDJ6gQ}F7N?CT?_c>^hs;m`_
z>LF9lq|8X$+GiGv9tYj(?PQH!S(U16tKKrDr0wSChgP+1|NM6yht^S-nH-qXjYuR(
zY<*x=YM>sm&6FOu(|XKEha2@twRMz`PUe;`-7~$_Oq#kS&3Z$|NE-39Y3k`lBh8P=
zwn;|xR3?$Ilj)SFNt!>+n5i_wNm(uC&>%Yrno{o>8M@wJQh||{LpYE(l?jJUGcrU^
zL`@?_*hVwlEIoqyXwN@lhchv1^8M_3f8%=D)3%<Xq^vASrethXY(%4Ww(a>nH;QA<
zGm}=m<rQ?;;2D-2|MJ>z_x07)e$efNS6jUmH9c$F_<wwO#ORnkUk;nnGRY)`_#>B_
z$%?1Uq(2*WoI0#@BLyWbBdW(Uv5=W``*jpcG-qK@3=q0|cThaj)qSh4h?Tkvju%sV
zyPu2^1H1QV@W$t@g1I1JhM7UP%M5Y9aI{&Xm;2|LVuf&>+2ZB0zA>4$vTEqalTwv(
zX^dFNYRK4`lshjZjueyQc+2T!X5^MhrHxS3N;R61U{TnP7g!C}A}u3Wah=_ePFgap
z9<w86(20e`a<@DpzSFvU^Xv_*Zdh#%L4$5-qd2d4c+{M4r2TnGCo?Hday@I%5I52p
z;`wti--ucfedamiz5VUXi;9f{sxs9fD=n*IM-0)YOrkkN4<}8cMcj@tQPIt9xI#SH
z(P>yL#=4I!7Fz<R$`DC2Y|9<T)x`h}>CVcVvV5vH=d1IT;@>%p+ex`#%a?uB$Gz=3
zvAS4~T1HAPvlZu>v*Sfp+^@|@`jhWg-zYkWJ_qz+J61T=Zskp4M__=zKMsJ@c2UdW
z{NrZfxc4s;&vor`z>=zTN<(6RWByXCFEevlIfArp>rp%2;2yO~oGjdnR|~!42#dqc
z1(C0(D0Y}a=UnIar%D)fbH5fFL{)~N#?w~VKOk~iBsP_5l=CFlPcEBN`=GeR-SeP`
ziOI=KJT8+>vXZfQLsGBS*(XWwf|6$<Sj2(PV;T|-)&5>N4CP+-Tk$jPbbluvIL-e4
z<)%F_l3>w+$@te@>ug^uKI(DUsq@NxdYu^LzPC;cFL94^#oslz(?)T%=B|B0OcBdJ
ze7%=D<|$FFIX7+=y7S>?ag@7#v)I(d-TaDZ6z;6o#04c`Z(FiW%_vu16I+!1&AB*p
z&a`QIB*WIV^@AJKir3r0qJQI3JNdlHv-3V7!{5@<!?|y(sBzZ5Eqdx4G%uvNzzk<N
z7>T6akThc6J>re%rLAIC1=~ELn+wurGR`HD$8ca0Hg}2J^-p3~N$0SYXf%^@(RObW
z&-63@<y_@Yl>5MYqFcb}zg=`GmlqU=ib1h=`7|W-p+kqtFL`RP>uwjTIykA1#qrM0
zk435T$B)H}Vy5%jPSM9XeW$2!fA~a{3HR7f#q5Cl%fE^<ggfywv8uE4-5ycrtocSv
zcWb^CuLx()9#Q5F-7Crh)!y?UX18yOT3NgO&alOm&Ic)NWGypp83o@~kj~xvMgL0=
zzALQ!<AIMJmwf)?c}PbGbm-f`dpa2UpmZ+UY|C`1mRx<(&KfeGGwypaXO{PQ|55wF
z*dFG;svM+OdAVPqbhOk9!j9$I?~KOH!R`&;i=zXh3QIYd%6mBcr&P}J{bG<a>3dP`
z%==zcx*PY4M@lb<7<^4yi~})kI(ov6+2JjVS>#|*b2Jlf;VMk!n&P=aWX?0U*sMd`
zVi&Y;%B6GuJYjL|E`iTPMOA7TJEb6gPLD*58hywRPX9pnq9X#Ab#VXGBXI4B?y@ri
zZw5~pFCPpP5J_06Ow*RdVY9(jXkDgB7^qFTB3X%$uL$RoseubyYca+Qy&)@K58)<j
zh~B=*)SJ0%4BZZ;+81RSq+|Q0EsGg*PEXn`G0RBipAPy|lS#JpH1}o;y9!r1aKle(
zv(q9iC{xy!mAoI4cB*B|N<EcG8d>yPmIQ0O2ZT;x&HfW2+yp?T=gVV+atx^@Zfscs
zpe1W_C!6^Sa_)mu17(51b$&3L+6*-bslrL%xT#rNH!V;ljtwP^W}>Oh!7L@BR&$1n
zo5AOiFHH|PW%^82ZZ^k+Qi2^a!*P~ZR!5PRQ+`RH%8gta7+PF0-9KhLZJNV!o}+yI
z{E4Va)#&arBk)moSIY!MH;3PWZsX#>B^B;hYXZ+5)yp#NaEsY&aY`6N{&V-}#y~va
zp7lhad%(T^sX&*WgA;bt4106TfaFa*aG>7A!$8h;lNpK2nF_bWc^!QAW?+o_>YIUb
zaiKi#an^w^E_2zwh^^tTQ;S@Vu$eMr-iAEP=6z5wdGWJ4&&?3aDDTU-6>ed&V@}1^
zK&8`VYv4-vp{;?dN-ET}*z#dzvKiz%OK$#{|0b#07C5J5R7;kf(40~w7@2x`GpK#L
zxh<<xl`R((H?Aut1i@YE+B*VWMJZ1v?`>jd$v^YY0ljnxA4a+LWJPZ5&w<@N+;w{b
zFLb_bvvyXeddAM|7%R30dOEhLb#UTB>*CH9+FWf^(ro5apYh&4{-wy~VmoC0h08EK
zEpq!YZaL_Tug<ym6l=GX3^deJCER52n&s(|DPk4!wI5u?p+Rk$7*G^q;#Wr4yg#yr
zZhaT+eQltEaO&8JM&3hp<;L_^+?i0O-R^!_rp0^pkU%-hSt?ZJIk9bl3g?s2TA9m#
z+O9_Q=LFkX+qc?T?yOKQtw-dswoG^B@mi~Js|RT#I}h;AMSk~XiVp2M<APdmH*~T#
zDlmp!7BySE4W+hthGWiTrOhadnZJDG5s)vOIHeiMuw{Cm*vC)NHo3Qs(B2U<@^2e?
zX>b`B?TZZFIhkZ8+-PvcNVR`(gGC3QIR75(nx|?v6`!rng~Z8QonOo3?B)l?9+S@<
zIdKQ3^v4d7;qI)_%EXb}4ToF}HO?2KwUgW)W3<;hxMHGqSBZPm+1kcp*PgD`3Fnw4
zfqrh;4DF}I&hP59{_dVS?dvkPcSL(dxWRhu%?_>HXO<n~YCo{`<#uN_b8@C;PHtaV
zd!f$Z$+k2^*)kcaRojZc(&Issj2ZHV;ZOvN{&TSQjpHXxu01qZUqe5z7Y~i*Y>R4>
zomUcCc|ULF$m^|z9pj$Pzk{5azYp|vddIZ$d)kpOOD?ZwK04~6ckVE?0d6R!wRH@7
zpGNO;an8tSy`62RXk|`mMjPPVurF|g6Ut~0RH_ewx7Pl*%fAB(4t|&U+Cu^7@&#Ji
zfpWYn(7(Jg++78as0CWLPR_2Yv})(tg<6G^Td3{h5w-nlt)KhcBJDEaj=M&CG2ld(
SXcg|9CE6U}p0HFaE%_(kWxVGA

diff --git a/po/pl.po b/po/pl.po
index 443e626..f71246f 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.2.24\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2020-11-18 17:35+0100\n"
 "Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
 "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
@@ -19,56 +19,56 @@ msgstr ""
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "nie udało się uzyskać blokady pinentry: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|_Anuluj"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_Tak"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_Nie"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|_Zapisz w zarządcy haseł"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Czy na pewno pokazać hasło na ekranie?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Pokazanie hasła"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Ukrycie hasła"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -79,7 +79,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -87,22 +87,9 @@ msgstr ""
 "Jakość wpisanego wyżej tekstu.\n"
 "Kryteria jakości można uzyskać od administratora."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Hasło zbyt długie"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Jakość:"
 
@@ -112,101 +99,95 @@ msgstr "Jakość:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Jakość wpisanego wyżej tekstu.\n"
 "Kryteria jakości można uzyskać od administratora."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr "Proszę wprowadzić swój PIN, żeby odblokować klucz tajny dla tej sesji"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
 "Proszę wprowadzić swoje hasło, żeby odblokować klucz tajny dla tej sesji"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Hasło:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "nie pasują - proszę spróbować jeszcze raz"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (próba %d z %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Powtórzenie:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN zbyt długi"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Hasło zbyt długie"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Niewłaściwy znak w PIN-ie"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN zbyt krótki"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Niepoprawny PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Niepoprawne hasło"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "błąd pobierania numeru seryjnego karty: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Proszę ponownie wprowadzić to hasło"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -217,61 +198,51 @@ msgid ""
 msgstr ""
 "Proszę wprowadzić hasło do zabezpieczenia ważnego obiektu w systemie GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "klucze ssh większe niż %d bitów nie są obsługiwane\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "nie można utworzyć ,,%s'': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "nie można otworzyć ,,%s'': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "wykryto kartę o numerze seryjnym: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "nie znaleziono klucza uwierzytelniającego dla ssh na karcie: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nie znaleziono pasującego klucza karty: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "błąd pobierania listy kart: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -279,20 +250,20 @@ msgid ""
 msgstr ""
 "Proces ssh zarządał użycia klucza%%0a  %s%%0A  (%s)%%0ACzy zezwolić na to?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Zgoda"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Odmowa"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Proszę wprowadzić hasło dla klucza ssh%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -301,91 +272,87 @@ msgstr ""
 "Proszę wprowadzić hasło do zabezpieczenia odebranego klucza tajnego%%0A   %s"
 "%%0A   %s%%0Aw miejscu przechowywania kluczy gpg-agenta"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "nie udało się utworzyć strumienia z gniazda: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Proszę włożyć kartę z numerem seryjnym"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Proszę wyjąć obecną kartę i włożyć kartę z numerem seryjnym"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "PIN administracyjny"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Kod resetujący"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Wciśnij przycisk ACK na karcie/tokenie."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Do wpisywania należy użyć klawiatury czytnika."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Powtórz ten kod resetujący"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Powtórz ten PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Powtórz ten PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Kod resetujący nie powtórzony poprawnie; spróbuj jeszcze raz"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK nie powtórzony poprawnie; spróbuj jeszcze raz"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN nie powtórzony poprawnie; spróbuj jeszcze raz"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Proszę wprowadzić PIN%s%s%s aby odblokować kartę"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "błąd zapisu do %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "błąd tworzenia pliku tymczasowego: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "błąd zapisu do pliku tymczasowego: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Wprowadź nowe hasło"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Przyjmij je mimo to"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Nie wprowadzono hasła!%0APuste hasło nie jest dozwolone."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -394,11 +361,11 @@ msgstr ""
 "Nie wprowadzono hasła - to jest ogólnie zły pomysł!%0AProszę potwierdzić, że "
 "naprawdę ma nie być żadnej ochrony tego klucza."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Tak, ochrona nie jest potrzebna"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
@@ -406,7 +373,7 @@ msgstr[0] "Hasło musi mieć co najmniej %u znak długości."
 msgstr[1] "Hasło musi mieć co najmniej %u znaki długości."
 msgstr[2] "Hasło musi mieć co najmniej %u znaków długości."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -417,228 +384,239 @@ msgstr[1] ""
 msgstr[2] ""
 "Hasło powinno zawierać przynajmniej %u cyfr lub%%0Aznaków specjalnych."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "Hasło nie może być znanym słowem ani pasować%%0Ado określonego wzorca."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Ostrzeżenie: Wprowadzono hasło, które nie jest bezpieczne."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Przyjmij je mimo to"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Proszę wprowadzić hasło do%0Azabezpieczenia swojego nowego klucza"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Proszę wprowadzić nowe hasło"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Opcje przydatne do diagnostyki"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "uruchomienie w trybie demona (w tle)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "uruchomienie w trybie dozorowanym"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "bez odłączania od konsoli"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "wyjście poleceń w stylu sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "wyjście poleceń w stylu csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|PLIK|odczyt opcji z PLIKU"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Opcje sterujące wyjściem diagnostycznym"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "więcej komunikatów"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "mniej komunikatów"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|PLIK|zapis logów trybu serwera do PLIKU"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Opcje sterujące konfiguracją"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "nieużywanie SCdaemona"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|użycie PGM jako programu SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|użycie PGM jako programu SCdaemon"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAZWA|przyjęcie poleceń poprzez NAZWĘ"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorowanie żądań zmiany TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorowanie żądań zmiany ekranu X"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "włączenie obsługi ssh"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|użycie ALGO do wyświetlania odcisków ssh"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "włączenie obsługi putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Opcje sterujące bezpieczeństwem"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|przedawnienie pamiętanych PIN-ów po N sekundach"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|przedawnienie kluczy SSH po N sekundach"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 "|N|ustawienie maksymalnego czasu życia pamięci podręcznej PIN-ów na N sekund"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|ustawienie maksymalnego czasu życia kluczy SSH na N sekund"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "nieużywanie pamięci PIN-ów przy podpisywaniu"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "niezezwalanie na użycie zewnętrznej pamięci podręcznej haseł"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "niezezwalanie klientom na oznaczanie kluczy jako ,,zaufanych''"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "zezwolenie na predefiniowane hasło"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Opcje wymuszające politykę haseł"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "niezezwalanie na pominięcie polityki haseł"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|ustawienie minimalnej długości nowych haseł na N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|wymaganie przynajmniej N znaków niealfanumerycznych w nowym haśle"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|PLIK|sprawdzanie nowych haseł pod kątem wzorców z PLIKU"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|przedawnianie haseł po N dniach"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "niezezwalanie na ponowne użycie starych haseł"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Opcje sterujące bezpieczeństwem"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "niezezwalanie wywołującym na nadpisywanie pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|użycie PGM jako programu do wprowadzania PIN-u"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|ustawienie limitu czasu Pinentry na N sekund"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "zezwolenie na pytanie o hasło poprzez Emacsa"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Błędy prosimy zgłaszać na adres <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Składnia: @GPG_AGENT@ [opcje] (-h wyświetla pomoc)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -646,136 +624,131 @@ msgstr ""
 "Składnia: @GPG_AGENT@ [opcje] [polecenie [argumenty]]\n"
 "Zarządzanie kluczem tajnym dla @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "podano błędny poziom diagnostyki ,,%s''\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "odczyt opcji z ,,%s''\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Uwaga: ,,%s'' nie jest uznane za opcję\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "nie można utworzyć gniazda: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "nazwa gniazda ,,%s'' zbyt długa\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent już działa - nieuruchamianie nowego\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "błąd podczas pobierania nonce z gniazda\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "błąd podczas przypisywania gniazda do ,,%s'': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "nie można ustawić praw dostępu do ,,%s'': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "nasłuchiwanie na gnieździe ,,%s''\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "nie można utworzyć katalogu ,,%s'': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "katalog ,,%s'' utworzony\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() nie powiodło się dla ,,%s'': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "nie można użyć ,,%s'' jako katalogu domowego\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "błąd odczytu nonce z fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "obsługa 0x%lx dla fd %d uruchomiona\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "obsługa 0x%lx dla fd %d zakończona\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "obsługa ssh 0x%lx dla fd %d uruchomiona\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "obsługa ssh 0x%lx dla fd %d zakończona\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect nie powiodło się: %s - czekanie 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s zatrzymany\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "brak działającego gpg-agenta w tej sesji\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -783,12 +756,12 @@ msgstr ""
 "@Opcje:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 "Składnia: gpg-preset-passphrase [opcje] UCHWYT_KLUCZA (-h wyświetla pomoc)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -796,8 +769,8 @@ msgstr ""
 "Składnia: gpg-preset-passphrase [opcje] UCHWYT_KLUCZA\n"
 "Utrzymuwanie pamięci haseł\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -805,8 +778,8 @@ msgstr ""
 "@Polecenia:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -816,11 +789,11 @@ msgstr ""
 "Opcje:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Składnia: gpg-protect-tool [opcje] (-h wyświetla pomoc)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -828,22 +801,22 @@ msgstr ""
 "Składnia: gpg-protect-tool [opcje] [argumenty]\n"
 "Narzędzie do utrzymywania kluczy tajnych\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Proszę wprowadzić hasło do odbezpieczenia obiektu PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Proszę wprowadzić hasło do zabezpieczenia obiektu PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Proszę wprowadzić hasło do zabezpieczenia ważnego obiektu w systemie GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -851,53 +824,52 @@ msgstr ""
 "Proszę wprowadzić hasło lub PIN\n"
 "Potrzebny do zakończenia tej operacji."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "anulowano\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "błąd podczas pytania o hasło: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "błąd podczas otwierania ,,%s'': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "plik ,,%s'', linia %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "instrukcja \"%s\" zignorowana w ,,%s'', w linii %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "systemowa lista zaufania ,,%s'' niedostępna\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "błędny odcisk w ,,%s'', w linii %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "nieprawidłowa flaga klucza w ,,%s'', w linii %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "błąd odczytu ,,%s'', w linii %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "błąd odczytu listy zaufanych certyfikatów głównych\n"
@@ -910,7 +882,7 @@ msgstr "błąd odczytu listy zaufanych certyfikatów głównych\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -919,11 +891,11 @@ msgstr ""
 "Czy absolutnie ufasz, że%%0A  ,,%s''%%0Apoprawnie poświadcza certyfikaty "
 "użytkowników?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Tak"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Nie"
@@ -936,7 +908,7 @@ msgstr "Nie"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -948,20 +920,20 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Akceptuj"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Odrzuć"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "Uwaga: To hasło nie było nigdy zmieniane.%0AProszę zmienić je teraz."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -969,15 +941,15 @@ msgid ""
 msgstr ""
 "To hasło nie zostało zmienione%%0Aod %.4s-%.2s-%.2s. Proszę zmienić je teraz."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Zmiana hasła"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Zmienię je później"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -985,11 +957,11 @@ msgid ""
 msgstr ""
 "Czy na pewno usunąć klucz identyfikowany przez uchwyt%%0A  %s%%0A  %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Usuń klucz"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -997,92 +969,92 @@ msgstr ""
 "Ostrzeżenie: ten klucz jest wymieniony także do użycia z SSH!\n"
 "Usunięcie klucza może uniemożliwić dostęp do zdalnych maszyn."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA wymaga długości skrótu będącego wielokrotnością 8 bitów\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "Klucz %s używa niebezpiecznego (%u-bitowego) skrótu\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "skrót %zu-bitowy nie jest poprawny dla %u-bitowego klucza %s\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "sprawdzenie złożonego podpisu nie powiodło się: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "tajne części klucza są niedostępne\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "algorytm klucza publicznego %d (%s) nie jest obsługiwany\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "algorytm ochrony %d (%s) nie jest obsługiwany\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "algorytm hasza ochrony %d (%s) nie jest obsługiwany\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "błąd tworzenia potoku: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "błąd tworzenia strumienia dla potoku: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "błąd podczas tworzenia procesu: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "oczekiwanie na zakończenie procesu %d nie powiodło się: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "błąd uruchamiania ,,%s'': prawdopodobnie nie zainstalowany\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "błąd uruchamiania ,,%s'': kod wyjścia %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "błąd uruchamiania ,,%s'': zakończono\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "oczekiwanie na zakończenie procesów nie powiodło się: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "błąd odczytu kodu zakończenia procesu %d: %s\n"
@@ -1097,33 +1069,33 @@ msgstr "nie można się połączyć z ,,%s'': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problem z ustawieniem opcji gpg-agenta\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "nie można wyłączyć zrzutów pamięci: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Ostrzeżenie: niebezpieczne prawa własności do %s ,,%s''\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Ostrzeżenie: niebezpieczne prawa dostępu do %s ,,%s''\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "oczekiwanie aż plik ,,%s'' stanie się dostępny...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "zmiana nazwy ,,%s'' na ,,%s'' nie powiodła się: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "tak"
 
@@ -1177,50 +1149,100 @@ msgstr "brak miejsca w bezpiecznej pamięci podczas przydzielania %lu bajtów"
 msgid "out of core while allocating %lu bytes"
 msgstr "brak miejsca podczas przydzielania %lu bajtów"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "błąd przydzielania wystarczającej ilości pamięci: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: przestarzała opcja ,,%s'' - nie ma efektu\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "OSTRZEŻENIE: ,,%s%s'' jest przestarzałą opcją - nie ma efektu\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "nieznana flaga diagnostyczna ,,%s'' zignorowana\n"
 
-#: common/asshelp.c:335
-#, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
 
-#: common/asshelp.c:347
-#, c-format
-msgid "connection to %s established\n"
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
+msgstr "ustanowiono połączenie z procesem %s\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "ustanowiono połączenie z procesem %s\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the agent established\n"
 msgstr "ustanowiono połączenie z procesem %s\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "Dirmngr nie działa - uruchamianie ,,%s''\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "połączenie z agentem jest w trybie ograniczonym\n"
+
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "błąd pobierania wersji z ,,%s'': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "gpg-agent nie działa - uruchamianie ,,%s''\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "serwer ,,%s'' jest starszy niż nasz (%s < %s)"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "połączenie z agentem jest w trybie ograniczonym\n"
+msgid "WARNING: %s\n"
+msgstr "OSTRZEŻENIE: %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "Dirmngr nie działa - uruchamianie ,,%s''\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Uwaga: przestarzałe serwery mogą nie mieć ważnych poprawek bezpieczeństwa.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Uwaga: do restartu ich należy użyć polecenia ,,%s''.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1290,7 +1312,7 @@ msgid "algorithm: %s"
 msgstr "algorytm: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "nieobsługiwany algorytm: %s"
@@ -1365,11 +1387,11 @@ msgstr "Łańcuch certyfikatów poprawny"
 msgid "Root certificate trustworthy"
 msgstr "Certyfikat główny jest zaufany"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "nie znaleziono CRL dla certyfikatu"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "dostępny CRL jest zbyt stary"
 
@@ -1406,7 +1428,7 @@ msgstr "Brak pomocy dla ,,%s''."
 msgid "ignoring garbage line"
 msgstr "zignorowano błędną linię"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[brak]"
 
@@ -1415,134 +1437,26 @@ msgstr "[brak]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "niewłaściwy znak formatu radix64 %02x został pominięty\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "nieoczekiwany argument"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "błąd odczytu"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "słowo kluczowe zbyt długie"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "brak argumentu"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "niepoprawny argument"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "błędne polecenie"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "błędna definicja aliasu"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "brak pamięci"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "błędne polecenie"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "nieznane polecenie ,,%s''\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "nieoczekiwane opakowanie: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "błędna opcja"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "brak argumentu dla opcji ,,%.50s''\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "błędny argument dla opcji ,,%.50s''\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "opcja ,,%.50s'' nie może mieć argumentów\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "błędne polecenie ,,%.50s''\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "opcja ,,%.50s'' jest niejednoznaczna\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "polecenie ,,%.50s'' jest niejednoznaczne\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "błędna opcja ,,%.50s''\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Uwaga: brak domyślnego pliku opcji ,,%s''\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "plik opcji ,,%s'': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1558,131 +1472,132 @@ msgstr "iconv_open nie powiodło się: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "konwersja z ,,%s'' do ,,%s'' nie powiodła się: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "nie udało się utworzyć pliku tymczasowego ,,%s'': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "błąd zapisu do ,,%s'': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "usuwanie nieaktualnego pliku blokady (utworzonego przez %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "oczekiwanie na blokadę (trzymaną przez %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(zakleszczenie?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "blokada ,,%s'' nie założona: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "oczekiwanie na blokadę %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "biblioteka %s jest zbyt stara (wymagana %s, zainstalowana %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "opakowanie: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "niepoprawny nagłówek opakowania: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "nagłówek opakowania: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "niewłaściwy nagłówek dokumentu z podpisem na końcu\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "nieznany nagłówek opakowania: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "zagnieżdżone podpisy na końcu dokumentu\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "nieoczekiwane opakowanie: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "niepoprawne oznaczenie linii minusami: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "niewłaściwy znak formatu radix64 ,,%02X'' został pominięty\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "przedwczesny koniec pliku (brak CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "przedwczesny koniec pliku (w CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "błąd formatu CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Błąd sumy CRC; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "przedwczesny koniec pliku (w linii kończącej)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "błąd w linii kończącej\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "nie odnaleziono poprawnych danych w formacie OpenPGP.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "błąd opakowania: linia dłuższa niż %d znaków\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1690,12 +1605,12 @@ msgstr ""
 "znak kodowania quoted-printable w opakowaniu ASCII - prawdopodobnie\n"
 "przekłamanie wprowadzone przez serwer pocztowy\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ nieczytelne dla człowieka (%zu bajtów: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1704,376 +1619,372 @@ msgstr ""
 "nazwa adnotacji musi zawierać tylko znaki drukowalne lub spacje i kończyć "
 "się znakiem ,,=''\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "nazwa adnotacji użytkownika musi zawierać znak ,,@''\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "nazwa adnotacjinie może zawierać więcej niż jednego znaku ,,@''\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "wartość adnotacji nie może zawierać żadnych znaków sterujących\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "nazwa adnotacji nie może zawierać znaku ,,=''\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "nazwa adnotacji musi zawierać tylko znaki drukowalne lub spacje\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "OSTRZEŻENIE: napotkano błędne dane adnotacji\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "nie udało się przekazać zapytania %s do klienta\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Hasło: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "błąd pobierania wersji z ,,%s'': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "serwer ,,%s'' jest starszy niż nasz (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "OSTRZEŻENIE: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Uwaga: przestarzałe serwery mogą nie mieć ważnych poprawek bezpieczeństwa.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s nie jest zgodny z trybem %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Uwaga: do restartu ich należy użyć polecenia ,,%s''.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "błąd odczytu z %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s nie jest zgodny z trybem %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem z agentem: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "brak działającego dirmngr w tej sesji\n"
 
-#: g10/call-dirmngr.c:243
-#, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#: g10/call-dirmngr.c:212
+#, fuzzy, c-format
+#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "opcja serwera kluczy ,,%s'' nie może być używana w trybie %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD używa zapamiętanego wyniku"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor nie działa"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor nie jest właściwie skonfigurowany"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS nie jest właściwie skonfigurowany"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "niedopuszczalne przekierowanie HTTP z serwera"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "niedopuszczalne przekierowanie HTTP z serwera zostało wyczyszczone"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "serwer używa błędnego certyfikatu"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Uwaga: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "Karta OpenPGP niedostępna: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Wykryto kartę OpenPGP nr %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "nie działa w trybie wsadowym\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "To polecenie jest dostępne tylko dla kart w wersji 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Kod resetujący nie jest (już lub w ogóle) dostępny\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Twój wybór? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[nie ustawiono]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Pan"
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Pani"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "nie wymuszono"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "wymuszono"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Błąd: aktualnie dopuszczalne jest tylko czyste ASCII.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Błąd: znak ,,<'' nie może być użyty.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Błąd: podwójne spacje nie są dopuszczalne.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Nazwisko posiadacza karty: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Imię posiadacza karty: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Błąd: pełne personalia zbyt długie (limit to %d znaków).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL do odczytania klucza publicznego: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "błąd odczytu ,,%s'': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "błąd zapisu ,,%s'': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Dane logowania (nazwa konta): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Prywatne dane DO: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Preferowane języki: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Błąd: niewłaściwa długość tekstu preferencji.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Błąd: niewłaściwe znaki w tekście preferencji.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Tutuł (M = Pan, F = Pani lub spacja): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Błąd: niewłaściwa odpowiedź.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Odcisk CA:"
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Błąd: niewłaściwie sformatowany odcisk.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "operacja na kluczu niewykonalna: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "to nie jest karta OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "błąd podczas odczytu aktualnych informacji o kluczu: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Zastąpić istniejący klucz? (t/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Uwaga: Nie ma gwarancji, że karta obsługuje żądany rozmiar.\n"
 "       Jeśli tworzenie klucza nie powiedzie się, proszę sprawdzić\n"
 "       dokumentację karty, aby poznać dozwolone rozmiary.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Jakiej długości klucz wygenerować? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "zaokrąglono do %u bitów\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "Rozmiary kluczy %s muszą być z przedziału %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Zmiana atrybutu klucza karty dla: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Klucz do podpisów\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Klucz do szyfrowania\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Klucz do uwierzytelniania\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Proszę wybrać rodzaj klucza:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Niewłaściwy wybór.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Karta zostanie przekonfigurowana do tworzenia klucza %u-bitowego\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Karta zostanie przekonfigurowana do tworzenia klucza typu: %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "błąd podczas zmiany atrybutu klucza %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "błąd podczas pobierania informacji o karcie: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "To polecenie nie jest obsługiwane przez tę kartę\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Stworzyć poza kartą kopię zapasową klucza szyfrującego? (T/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Uwaga: klucze są już zapisane na karcie!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Zastąpić istniejące klucze? (t/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2084,185 +1995,201 @@ msgstr ""
 "   PIN = ,,%s''   PIN administracyjny = ,,%s''\n"
 "Należy je zmienić przy użyciu polecenia --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Proszę wybrać rodzaj klucza do wygenerowania:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Klucz do podpisów\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Klucz do szyfrowania\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Klucz do uwierzytelniania\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Proszę wybrać gdzie zapisać klucz:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD nie powiodło się: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Uwaga: to polecenie niszczy wszystkie klucze zapisane na karcie!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Kontynuować? (t/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Naprawdę przywrócić stan fabryczny? (proszę wpisać ,,yes'') "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "błąd przy ustawianiu KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "błąd przy ustawianiu KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "wyjście z tego menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "pokazanie poleceń administratora"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "ten tekst pomocy"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "wypisanie wszystkich dostępnych danych"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "zmiana nazwy posiadacza karty"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "zmiana URL-a do odczytu klucza"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "pobranie klucza określonego w URL-u karty"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "zmiana nazwy logowania"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "zmiana preferowanych języków"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "zmiana tytułu posiadacza karty"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "zmiana odcisku CA"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "zmiana flagi wymuszenia PIN-u do podpisu"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "wygenerowanie nowych kluczy"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "menu do zmiany lub odblokowania PIN-u"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "sprawdzenie PIN-u i wypisanie wszystkich danych"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "odblokowanie PIN-u przy użyciu kodu resetującego"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "zniszczenie wszystkich kluczy i danych"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "ustawienie KDF do uwierzytelniania PIN-em"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "zmiana atrybutu klucza"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "zmiana zaufania właściciela"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/karta> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Polecenie tylko dla administratora\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Polecenia dla administratora są dozwolone\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Polecenia dla administratora nie są dozwolone\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Niepoprawne polecenie  (spróbuj ,,help'')\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "opcja --output nie działa z tym poleceniem\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "nie można otworzyć ,,%s''\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "klucz ,,%s'' nie został odnaleziony: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "błąd odczytu bloku kluczy: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "klucz ,,%s'' nie został odnaleziony\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(chyba, że klucz zostaje wybrany przez podanie odcisku)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "bez opcji ,,--yes'' nie działa w trybie wsadowym\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(chyba, że klucz zostaje wybrany przez podanie odcisku)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2302,9 +2229,9 @@ msgstr "klucza"
 msgid "subkey"
 msgstr "podklucza"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "zapis zmian nie powiódł się: %s\n"
@@ -2329,63 +2256,75 @@ msgstr "dla klucza publicznego ,,%s'' istnieje klucz prywatny!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "aby go usunąć należy najpierw użyć opcji \"--delete-secret-key\".\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"OSTRZEŻENIE: wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami "
-"adresata\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "błąd podczas tworzenia hasła: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr ""
 "ustawiony tryb S2K nie pozwala użyć pakietu ESK dla szyfru symetrycznego\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "szyfrem %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr ",,%s'' już jest skompresowany\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "OSTRZEŻENIE: plik ,,%s'' jest pusty\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "algorytm skrótu ,,%s'' nie może być używany w trybie %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "OSTRZEŻENIE: klucz %s nie nadaje się do szyfrowania w trybie %s\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "odczyt z ,,%s''\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"OSTRZEŻENIE: wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami "
+"adresata\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "OSTRZEŻENIE: klucz %s nie nadaje się do szyfrowania w trybie %s\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2394,100 +2333,48 @@ msgstr ""
 "OSTRZEŻENIE: wymuszone użycie kompresji %s (%d) kłóci się z ustawieniami "
 "adresata\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s zaszyfrowany dla: ,,%s''\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "opcja ,,%s'' nie może być używana w trybie %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "dane zaszyfrowano za pomocą %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "dane zaszyfrowano nieznanym algorytmem numer %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "OSTRZEŻENIE: wiadomość była szyfrowana kluczem słabym szyfru symetrycznego.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem podczas obróbki pakietu szyfrowego\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "odwołania do zewnętrznych programów są wyłączone\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"nieszczelne uprawnienia ustawień - wołanie zewnętrznych programów wyłączone\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"platforma wymaga użycia plików tymczasowych do wołania zewnętrznych "
-"programów\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "nie można uruchomić programu ,,%s'': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "nie można uruchomić powłoki ,,%s'': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "błąd systemu podczas wołania programu zewnętrznego: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "nienaturalne zakończenie pracy zewnętrznego programu\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "nie można uruchomić zewnętrznego programu\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "nie można odczytać odpowiedzi programu zewnętrznego: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "OSTRZEŻENIE: nie można skasować pliku tymczasowego (%s) ,,%s'': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "OSTRZEŻENIE: nie można skasować tymczasowego katalogu ,,%s'': %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr "eksport podpisów oznaczonych jako tylko lokalne"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
+msgstr "eksport podpisów oznaczonych jako tylko lokalne"
 
 #: g10/export.c:121
 msgid "export attribute user IDs (generally photo IDs)"
@@ -2505,382 +2392,382 @@ msgstr "usunięcie bezużytecznych części z klucza przy eksporcie"
 msgid "remove as much as possible from key during export"
 msgstr "usunięcie jak największej części klucza przy eksporcie"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "użycie formatu kopii zapasowej klucza GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - pominięty"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "zapis do ,,%s''\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "klucz %s: zawartość klucza na karcie - pominięto\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "eksport kluczy tajnych nie jest dozwolony\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "klucz %s: klucz PGP 2.x - pominięty\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "OSTRZEŻENIE: nic nie zostało wyeksportowane!\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "błąd tworzenia ,,%s'': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[brak identyfikatora użytkownika]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "automatycznie pobrano ,,%s'' poprzez %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "błąd pobierania ,,%s'' poprzez %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Brak odcisku"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "szukanie świeżej kopii wygasłego klucza poprzez %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "klucz prywatny ,,%s'' nie został odnaleziony: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(sprawdzić argument opcji ,,%s'')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Ostrzeżenie: ,,%s'' nie jest użyty jako domyślny klucz: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "użycie ,,%s'' jako domyślnego klucza tajnego do podpisywania\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "wszystkie wartości przekazane do ,,%s'' zostały zignorowane\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Opcja --allow-non-selfsigned-uid wymusiła uznanie za poprawny niepoprawnego "
 "klucza %s.\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "używany jest podklucz %s zamiast klucza głównego %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "poprawne argimenty dla opcji ,,%s'':\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "złożenie podpisu"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "złożenie podpisu pod dokumentem"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "złożenie podpisu oddzielonego od dokumentu"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "szyfrowanie danych"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "szyfrowanie tylko szyfrem symetrycznym"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "odszyfrowywanie danych (domyślne)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "sprawdzenie podpisu"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "lista kluczy"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "lista kluczy i podpisów"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "wypisanie i sprawdzenie podpisów kluczy"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "lista kluczy i ich odcisków"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "lista kluczy prywatnych"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "wygenerowanie nowej pary kluczy"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "szybkie wygenerowanie nowej pary kluczy"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "szybkie dodanie nowego identyfikatora użytkownika"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "szybkie unieważnienie identyfikatora użytkownika"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "szybkie ustawienie nowej daty wygaśnięcia"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "wygenerowanie pary kluczy z pełną funkcjonalnością"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "tworzenie certyfikatu unieważnienia klucza"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "usunięcie klucza ze zbioru kluczy publicznych"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "usunięcie klucza ze zbioru kluczy prywatnych"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "szybkie złożenie podpisu na kluczu"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "szybkie złożenie prywatnego podpisu na kluczu"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "szybkie unieważnienie podpisu klucza"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "złożenie podpisu na kluczu"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "złożenie prywatnego podpisu na kluczu"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "podpisanie lub modyfikacja klucza"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "zmiana hasła"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "eksport kluczy do pliku"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "eksport kluczy do serwera kluczy"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "import kluczy z serwera kluczy"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "szukanie kluczy na serwerze"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "odświeżenie wszystkich kluczy z serwera"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "import/dołączenie kluczy"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "wyświetlenie stanu karty"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "zmiana danych na karcie"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "zmiana PIN-u karty"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "uaktualnienie bazy zaufania"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "wypisanie skrótów wiadomości"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "uruchomienie w trybie serwera"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|WARTOŚĆ|ustawienie polityki TOFU dla klucza"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAZWA|użycie NAZWY jako domyślnego klucza tajnego"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAZWA|szyfrowanie także dla odbiorcy NAZWA"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|określ adres email"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "ścisłe zachowanie OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "pozostawienie bez zmian"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "pytanie przed nadpisaniem plików"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Opcje sterujące bezpieczeństwem"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Opcje sterujące wyjściem diagnostycznym"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "opakowanie ASCII pliku wynikowego"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|PLIK|zapis wyjścia do PLIKU"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "kanoniczny format tekstowy"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|ustawienie poziomu kompresji N (0 - bez)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Opcje sterujące interaktywnością i wymuszaniem"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
 "adresów e-mail"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "import brakującego klucza z podpisu"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "włączanie klucza publicznego do podpisów"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "zablokuj dostęp do dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Opcje sterujące konfiguracją"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "lista kluczy prywatnych"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|UŻYTKOWNIK|szyfrowanie dla odbiorcy o tym identyfikatorze"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 "|UŻYTKOWNIK|użycie tego identyfikatora użytkownika do podpisania lub "
 "odszyfrowania"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2888,7 +2775,7 @@ msgstr ""
 "@\n"
 "(Pełną listę poleceń i opcji można znaleźć w podręczniku systemowym.)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2910,11 +2797,11 @@ msgstr ""
 " --list-keys [nazwy]        pokazanie kluczy\n"
 " --fingerprint [nazwy]      pokazanie odcisków kluczy\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Składnia: @GPG@ [opcje] [pliki] (-h wyświetla pomoc)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2924,7 +2811,7 @@ msgstr ""
 "Podpisywanie, sprawdzanie podpisów, szyfrowanie, rozszyfrowywanie\n"
 "Domyślnie wykonywana operacja zależy od danych wejściowych\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2932,78 +2819,78 @@ msgstr ""
 "\n"
 "Obsługiwane algorytmy:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Asymetryczne: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Symetryczne: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Skrótów: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Kompresji: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "składnia: %s [opcje] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "sprzeczne polecenia\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "w definicji grupy ,,%s'' brak znaku ,,=''\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa własności do katalogu domowego ,,%s''\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa własności do pliku konfiguracyjnego ,,%s''\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "OSTRZEŻENIE: niebezpieczne prawa własności do rozszerzenia ,,%s''\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "OSTRZEŻENIE: niebezpieczne prawa dostępu do katalogu domowego ,,%s''\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa dostępu do pliku konfiguracyjnego ,,%s''\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "OSTRZEŻENIE: niebezpieczne prawa dostępu do rozszerzenia ,,%s''\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa własności do katalogu zawierającego katalog "
 "domowy ,,%s''\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3011,21 +2898,21 @@ msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa własności do katalogu zawierającego plik "
 "konfiguracyjny ,,%s''\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa własności do katalogu zawierającego "
 "rozszerzenie ,,%s''\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa dostępu do katalogu zawierającego katalog "
 "domowy ,,%s''\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3033,459 +2920,475 @@ msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa dostępu do katalogu zawierającego plik "
 "konfiguracyjny ,,%s''\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "OSTRZEŻENIE: niebezpieczne prawa dostępu do katalogu zawierającego "
 "rozszerzenie ,,%s''\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "nieznana opcja konfiguracyjna ,,%s''\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "wyświetlenie ID zdjęć przy wypisywaniu kluczy"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "pokazywanie informacji o zastosowaniu klucza przy wypisywaniu kluczy"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "pokazywanie URL-i polityk przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "pokazywanie wszystkich adnotacji przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "pokazywanie standardowych adnotacji IETF przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "pokazywanie adnotacji użytkownika przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr ""
 "pokazywanie URL-i preferowanych serwerów kluczy przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "pokazywanie poprawności ID użytkownika przy wypisywaniu kluczy"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 "pokazywanie unieważnionych i wygasłych ID użytkownika na listach kluczy"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "pokazywanie unieważnionych i wygasłych podkluczy na listach kluczy"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "pokazywanie nazwy zbioru kluczy na listach kluczy"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "pokazywanie dat wygaśnięcia przy wypisywaniu podpisów"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "nieznana polityka TOFU ,,%s''\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(,,help'' wyświetli listę wyborów)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "To polecenie nie jest dostępne w trybie %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Uwaga: %s nie jest do normalnego użytku!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr ",,%s'' nie jest poprawnym czasem wygaśnięcia podpisu\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr ",,%s'' nie jest niepoprawnym adresem e-mail\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "błędny tryb pinentry ,,%s''\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "błędne źródło żądania ,,%s''\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr ",,%s'' nie jest poprawną nazwą zestawu znaków\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "niezrozumiały URL serwera kluczy\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: niepoprawne opcje serwera kluczy\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "niepoprawne opcje serwera kluczy\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: niepoprawne opcje wczytania kluczy\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "niepoprawne opcje wczytania kluczy\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "niepoprawne opcje filtrowania: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d niepoprawne opcje eksportu kluczy\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "niepoprawne opcje eksportu kluczy\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: niepoprawne opcje wypisywania\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "niepoprawne opcje wypisywania\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "wyświetlanie ID zdjęć przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "pokazywanie URL-i polityk przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "pokazywanie wszystkich adnotacji przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "pokazywanie standardowych adnotacji IETF przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "pokazywanie adnotacji użytkownika przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 "pokazywanie URL-i preferowanych serwerów kluczy przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "pokazywanie poprawności ID użytkownika przy sprawdzaniu podpisów"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 "pokazywanie unieważnionych i wygasłych ID użytkownika przy sprawdzaniu "
 "podpisów"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "pokazywanie tylko głównego ID użytkownika przy sprawdzaniu podpisu"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "sprawdzanie podpisów z danymi PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "zwiększenie zaufania podpisów z poprawnymi danymi PKA"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: niepoprawne opcje sprawdzania\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "niepoprawne opcje sprawdzania\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "nie można ustawić ścieżki programów wykonywalnych na %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: niepoprawna lista auto-key-locate\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "Niepoprawna lista auto-key-locate\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "błędny argument dla opcji ,,%.50s''\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "OSTRZEŻENIE: program może stworzyć plik zrzutu pamięci!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "OSTRZEŻENIE: %s powoduje obejście %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "Nie wolno używać %s z %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s nie ma sensu w połączeniu z %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "OSTRZEŻENIE: działanie z fałszywym czasem systemowym: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "nie zadziała z niebezpieczną pamięcią z powodu %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "wybrany algorytm szyfrujący jest niepoprawny\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "wybrany algorytm kompresji jest niepoprawny\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "wybrany algorytm skrótów poświadczeń jest niepoprawny\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "wartość completes-needed musi być większa od 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "wartość marginals-needed musi być większa od 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "wartość max-cert-depth musi mieścić się w zakresie od 1 do 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr ""
 "niewłaściwy domyślny poziom sprawdzania; musi mieć wartość 0, 1, 2 lub 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr ""
 "niewłaściwy minimalny poziom sprawdzania; musi mieć wartość 0, 1, 2 lub 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Uwaga: prosty tryb S2K (0) jest stanowczo odradzany\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "niepoprawny tryb S2K; musi mieć wartość 0, 1 lub 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "niewłaściwe domyślne ustawienia\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "niewłaściwe ustawienia szyfrów\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "niewłaściwe ustawienia szyfrów\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "niewłaściwe ustawienia skrótów\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "niewłaściwe ustawienia algorytmów kompresji\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "niewłaściwa długość klucza; wykorzystano %u bitów\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s jeszcze nie działa z %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "algorytm kompresji ,,%s'' nie może być używany w trybie %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "inicjowanie Bazy Zaufania nie powiodło się: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "OSTRZEŻENIE: podano adresatów (-r) w działaniu które ich nie dotyczy\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "szyfrowanie symetryczne ,,%s'' nie powiodło się: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "nie można użyć --symmetric --encrypt wraz z --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "nie można użyć --symmetric --encrypt w trybie %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "nie można użyć --symmetric --sign --encrypt wraz z --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "nie można użyć --symmetric --sign --encrypt w trybie %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "wysyłka do serwera kluczy nie powiodła się: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "odbiór z serwera kluczy nie powiódł się: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "eksport kluczy nie powiódł się: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "eksport do klucza ssh powiódł się: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "szukanie w serwerze kluczy nie powiodło się: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "odświeżenie kluczy z serwera nie powiodło się: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "zdjęcie opakowania ASCII nie powiodło się: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "opakowywanie ASCII nie powiodło się: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "niewłaściwy algorytm skrótu ,,%s''\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "błąd analizy specyfikacji klucza ,,%s'': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 ",,%s'' nie wygląda na prawidłowy identyfikator, odcisk ani uchwyt klucza\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "OSTRZEŻENIE: nie podano polecenia. Próba odgadnięcia zamiaru...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Wpisz tutaj swoją wiadomość ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "podany URL regulaminu poświadczania jest niepoprawny\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "podany URL regulaminu podpisów jest niepoprawny\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "podany preferowany URL serwera kluczy jest niepoprawny\n"
@@ -3498,7 +3401,7 @@ msgstr "|PLIK|pobieranie kluczy ze zbioru PLIK"
 msgid "make timestamp conflicts only a warning"
 msgstr "nie traktować konfliktu datowników jako błędu"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|pisanie opisu stanu do deskryptora FD"
 
@@ -3544,128 +3447,140 @@ msgid "do not update the trustdb after import"
 msgstr "nieuaktualnianie bazy zaufania po imporcie"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "włączenie obsługi putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "okazanie klucza podczas importu"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "okazanie klucza podczas importu"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "przyjmowanie tylko uaktualnień istniejących kluczy"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "usuwanie bezużytecznych części kluczy po imporcie"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "usuwanie jak największej części kluczy po imporcie"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "ignorowanie podpisów kluczy nie będących podpisami własnymi"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "natychmiastowe uruchomienie filtrów importu i eksport klucza"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "przyjęcie wejścia w formacie kopii zapasowej klucza GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "naprawienie kluczy przy imporcie"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "blok typu %d zostaje pominięty\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu kluczy przetworzonych do tej chwili\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Ogółem przetworzonych kluczy: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    pominiętych kluczy PGP-2: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "   pominiętych nowych kluczy: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          bez identyfikatora: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "         dołączono do zbioru: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                   bez zmian: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "      nowych identyfikatorów: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "            nowych podkluczy: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "             nowych podpisów: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   nowych unieważnień kluczy: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "   tajnych kluczy wczytanych: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "     tajnych kluczy dodanych: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "    tajnych kluczy bez zmian: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "      nie włączono do zbioru: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "     podpisów wyczyszczonych: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "ID użytkownika wyczyszczonych: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3674,167 +3589,173 @@ msgstr ""
 "OSTRZEŻENIE: klucz %s zawiera preferencje dla niedostępnych\n"
 "algorytmów dla tych ID użytkownika:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         ,,%s'': preferowany szyfr %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         ,,%s'': preferowany szyfr %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         ,,%s'': preferowany algorytm skrótu %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         ,,%s'': preferowany algorytm kompresji %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "zdecydowanie sugerowane jest uaktualnienie ustawień i ponowne\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr "rozesłanie tego klucza w celu uniknięcia niezgodności algorytmów\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "można uaktualnić swoje ustawienia poprzez: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "klucz %s: brak identyfikatora użytkownika\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "klucz %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "odrzucony przez filtr importu"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "klucz %s: podklucz uszkodzony przez serwer został naprawiony\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "klucz %s: przyjęto identyfikator nie podpisany nim samym ,,%s''\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "klucz %s: brak poprawnych identyfikatorów użytkownika\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "to może być spowodowane brakiem podpisu klucza nim samym\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "klucz %s: brak klucza publicznego: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "klucz %s: nowy klucz - pominięty\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "brak zapisywalnego zbioru kluczy: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "błąd zapisu zbioru kluczy ,,%s'': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "klucz %s: klucz publiczny ,,%s'' wczytano do zbioru\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "klucz %s: nie zgadza się z lokalną kopią\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "klucz %s: ,,%s'' 1 nowy identyfikator użytkownika\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "klucz %s: ,,%s'' %d nowych identyfikatorów użytkownika\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "klucz %s: ,,%s'' 1 nowy podpis\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "klucz %s: ,,%s'' %d nowych podpisów\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "klucz %s: ,,%s'' 1 nowy podklucz\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "klucz %s: ,,%s'' %d nowych podkluczy\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "klucz %s: ,,%s'' %d podpis wyczyszczony\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "klucz %s: ,,%s'' %d podpisów wyczyszczonych\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "klucz %s: ,,%s'' %d identyfikator użytkownika wyczyszczony\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "klucz %s: ,,%s'' %d identyfikatorów użytkownika wyczyszczonych\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "klucz %s: ,,%s'' bez zmian\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "klucz %s: klucz tajny wczytany do zbioru\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "klucz %s: klucz prywatny już istnieje\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "klucz %s: błąd wysyłania do agenta: %s\n"
@@ -3847,206 +3768,213 @@ msgstr "klucz %s: błąd wysyłania do agenta: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 "Aby zmigrować ,,%s'', dla każdej karty procesorowej należy uruchomić: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "klucz prywatny %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "klucz %s: klucz tajny z błędnym szyfrem %d - pominięty\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "nie podano przyczyny"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "klucz został zastąpiony"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "klucz został skompromitowany"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "klucz nie jest już używany"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "identyfikator użytkownika przestał być poprawny"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "powód unieważnienia: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "komentarz do unieważnienia: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "klucz %s: brak klucza publicznego, którego dotyczy wczytany certyfikat\n"
 "              unieważnienia\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "klucz %s: brak oryginalnego bloku klucza; %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "klucz %s: nie można odczytać oryginalnego bloku klucza: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "klucz %s: niepoprawny certyfikat unieważnienia: %s - odrzucony\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "klucz %s: ,,%s'' certyfikat unieważnienia został już wczytany\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "klucz %s: brak identyfikatora użytkownika do podpisu\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "klucz %s: algorytm asymetryczny dla id ,,%s'' nie jest obsługiwany\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "klucz %s: niepoprawny podpis na identyfikatorze ,,%s''\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "klucz %s: nieobsługiwany algorytm asymetryczny\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "klucz %s: nieprawidłowy bezpośredni podpis\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "klucz %s: brak podklucza do dowiązania\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "klucz %s: niepoprawne dowiązanie podklucza\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "klucz %s: usunięto wielokrotne dowiązanie podklucza\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "klucz %s: brak podklucza, którego dotyczy unieważnienie\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "klucz %s: niepoprawne unieważnienie podklucza\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "klucz %s: usunięto wielokrotne unieważnienie podklucza\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "klucz %s: pominięto identyfikator użytkownika ,,%s''\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "klucz %s: podklucz pominięty\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "klucz %s: podpis nieeksportowalny (klasy 0x%02X) - pominięty\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr ""
 "klucz %s: pominięto certyfikat unieważnienia umieszczony\n"
 "              w niewłaściwym miejscu\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "klucz %s: pominięto -  niepoprawny certyfikat unieważnienia: %s\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "klucz %s: pominięto - podpis na podkluczu w niewłaściwym miejscu\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "klucz %s: pominięto - nieoczekiwana klasa podpisu (0x%02X)\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "key %s: dołączono powtórzony identyfikator użytkownika\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "key %s: dołączono powtórzony identyfikator użytkownika\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "OSTRZEŻENIE: klucz %s mógł zostać unieważniony:\n"
 "             zapytanie o unieważniający klucz %s w serwerze kluczy\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "OSTRZEŻENIE: klucz %s mógł zostać unieważniony:\n"
 "             brak unieważniającego klucza %s.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "klucz %s: ,,%s'' dodany certyfikat unieważnienia\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "klucz %s: dodano bezpośredni podpis\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "błąd przydzielania pamięci: %s\n"
@@ -4069,12 +3997,12 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (poniżej uporządkowane podpisy)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "klucz %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
@@ -4082,7 +4010,7 @@ msgstr[0] "%d powtórzony podpis usunięty\n"
 msgstr[1] "%d powtórzone podpisy usunięte\n"
 msgstr[2] "%d powtórzonych podpisów usuniętych\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
@@ -4090,7 +4018,7 @@ msgstr[0] "%d podpis nie został sprawdzony z powodu braku klucza\n"
 msgstr[1] "%d podpisy nie zostały sprawdzone z powodu braku klucza\n"
 msgstr[2] "%d podpisów nie zostało sprawdzonych z powodu braku klucza\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
@@ -4098,7 +4026,7 @@ msgstr[0] "%d niepoprawny podpis\n"
 msgstr[1] "%d niepoprawne podpisy\n"
 msgstr[2] "%d niepoprawnych podpisów\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
@@ -4106,7 +4034,7 @@ msgstr[0] "%d podpis uporządkowany\n"
 msgstr[1] "%d podpisy uporządkowane\n"
 msgstr[2] "%d podpisów uporządkowanych\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4115,37 +4043,32 @@ msgstr ""
 "Uwaga: znaleziono błędy, a sprawdzono tylko podpisy własne; uruchomienie "
 "'%s' sprawdzi wszystkie podpisy.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "błąd tworzenia keyboksa ,,%s'': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "błąd tworzenia zbioru kluczy ,,%s'': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "keybox ,,%s'' utworzony\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "zbiór kluczy ,,%s'' został utworzony\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "zasób bloku klucza ,,%s'': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "błąd podczas otwierania bazy kluczy: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "nie powiodła się odbudowa bufora bazy: %s\n"
@@ -4158,7 +4081,7 @@ msgstr "[unieważnienie]"
 msgid "[self-signature]"
 msgstr "[podpis klucza nim samym]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4169,12 +4092,12 @@ msgstr ""
 "tożsamości innych użytkowników (czy sprawdzi on odciski kluczy pobrane\n"
 "z różnych źródeł, dokumenty potwierdzające tożsamość, itd.).\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = mam ograniczone zaufanie\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = mam pełne zaufanie\n"
@@ -4206,12 +4129,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Identyfikator użytkownika ,,%s'' został unieważniony."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Czy na pewno chcesz podpisać? (t/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr " Nie da się złożyć podpisu.\n"
 
@@ -4389,199 +4312,203 @@ msgstr "Tożsamość użytkownika została dokładnie sprawdzona.\n"
 msgid "Really sign? (y/N) "
 msgstr "Czy na pewno podpisać? (t/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "złożenie podpisu nie powiodło się: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Klucz ma tylko zaślepkę albo elementy na karcie - nie ma hasła do zmiany.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "klucz %s: błąd podczas zmiany hasła: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "zapis zmian i wyjście"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "okazanie odcisku klucza"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "okazanie uchwytu klucza"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "lista kluczy i identyfikatorów użytkownika"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "wybór identyfikatora użytkownika N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "wybór podklucza N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "sprawdzenie podpisów"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "złożenie podpisu na wybranych identyfikatorach użytkownika [* poniżej "
 "powiązane polecenia]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr ""
 "złożenie prywatnego (lokalnego) podpisu na wybranych identyfikatorach "
 "użytkownika"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "podpisanie wybranych identyfikatorów użytkownika sygnaturą zaufania"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 "podpisanie wybranych identyfikatorów użytkownika sygnaturą nie podlegającą "
 "unieważnieniu"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "dodanie nowego identyfikatora użytkownika do klucza"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "dodanie zdjęcia użytkownika do klucza"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "usunięcie wybranych identyfikatorów użytkownika z klucza"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "dodanie podklucza"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "dodanie klucza do karty procesorowej"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "przeniesienie klucza na kartę procesorową"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "przeniesienie klucza zapasowego na kartę procesorową"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "usunięcie wybranych podkluczy"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "dodanie klucza unieważniającego"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "usunięcie podpisów z wybranych identyfikatorów użytkownika"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "zmiana daty wygaśnięcia dla klucza lub wybranych podkluczy"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "oznaczenie wybranego identyfikatora użytkownika jako głównego"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "ustawienia (zaawansowane)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "rozbudowana lista ustawień"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "ustawienie listy preferencji dla wybranych identyfikatorów użytkownika"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "ustawienie URL-a preferowanego serwera kluczy dla wybranych identyfikatorów "
 "użytkownika"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "ustawienie adnotacji dla wybranych identyfikatorów użytkownika"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "zmiana hasła klucza"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "zmiana zaufania właściciela"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "unieważnienie podpisów na wybranych identyfikatorach użytkownika"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "unieważnienie wybranych identyfikatorów użytkownika"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "unieważnienie klucza lub wybranych podkluczy"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "włączenie klucza do użycia"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "wyłączenie klucza z użycia"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "okazanie wybranych identyfikatorów - zdjęć"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "zagęszczanie bezużytecznych ID użytkowników i usuwanie bezużytecznych "
 "podpisów z kluczy"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "zagęszczanie bezużytecznych ID użytkowników i usuwanie wszystkich podpisów z "
 "kluczy"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Dostępny jest klucz tajny.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Dostępne są podklucze tajne.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Do wykonania tej operacji potrzebny jest klucz tajny.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4594,289 +4521,294 @@ msgstr ""
 "(ltsign,\n"
 "  tnrsign itd.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Klucz unieważniony."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr ""
 "Czy na pewno podpisać wszystkie tekstowe identyfikatory użytkownika? (t/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Czy na pewno podpisać wszystkie identyfikatory użytkownika? (t/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Podpowiedź: wybierz identyfikatory użytkownika do podpisania.\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Nieznany rodzaj podpisu ,,%s''\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "To polecenie nie jest dostępne w trybie %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Musisz wybrać co najmniej jeden identyfikator użytkownika.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Należy użyć polecenia ,,%s''.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Nie możesz usunąć ostatniego identyfikatora użytkownika!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr ""
 "Czy na pewno usunąć wszystkie wybrane identyfikatory użytkownika? (t/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Czy na pewno usunąć ten identyfikator użytkownika? (t/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Czy na pewno przenieść główny klucz (t/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Musisz wybrać dokładnie jeden klucz.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Polecenie oczekuje argumentu będącego nazwą pliku\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Nie można otworzyć ,,%s'': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Błąd podczas odczytu klucza zapasowego z ,,%s'': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Musisz wybrać co najmniej jeden klucz.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Czy na pewno chcesz usunąć wybrane klucze? (t/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Czy na pewno chcesz usunąć ten klucz? (t/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 "Czy na pewno unieważnić wszystkie wybrane identyfikatory użytkownika? (t/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Czy na pewno unieważnić ten identyfikator użytkownika? (t/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Czy na pewno chcesz unieważnić cały klucz? (t/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Czy na pewno chcesz unieważnić wybrane podklucze? (t/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Czy na pewno chcesz unieważnić ten podklucz? (t/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Zaufanie użytkownika nie może być ustawione podczas używania bazy zaufania\n"
 "dostarczonej przez użytkownika\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Ustawienie listy ustawień na:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Czy na pewno uaktualnić ustawienia dla wybranych identyfikatorów? (t/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Czy na pewno uaktualnić ustawienia? (t/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Zapisać zmiany? (t/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Wyjść bez zapisania zmian? (t/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Klucz nie został zmieniony więc zapis zmian nie jest konieczny.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "nie można unieważnić ostatniego identyfikatora użytkownika.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "unieważnienie identyfikatora użytkownika nie powiodło się: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "ustawienie głównego identyfikatora użytkownika nie powiodło się: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr ",,%s'' nie jest odciskiem\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr ",,%s'' nie jest głównym odciskiem\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Błędny identyfikator użytkownika ,,%s'': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Brak pasującego identyfikatora użytkownika."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Nie ma nic do podpisania.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Nie podpisane przez ciebie.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "unieważnienie podpisu klucza nie powiodło się: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr ",,%s'' nie jest poprawnym czasem wygaśnięcia\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr ",,%s'' nie jest właściwym odciskiem\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "podklucz ,,%s'' nie został odnaleziony\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Skrót: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Ustawienia: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "no-modify dla serwera kluczy"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Preferowany serwer kluczy: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Adnotacje: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Klucze PGP 2.x nie zawierają opisu ustawień.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Ten klucz został unieważniony %s przez klucz użytkownika %s %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Klucz może zostać unieważniony przez klucz %s użytkownika %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(poufne)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "utworzono: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "unieważniono: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "wygasł: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "wygasa: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "użycie: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "nr-karty: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "zaufanie: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "poprawność: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Ten klucz został wyłączony z użytku"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4884,17 +4816,17 @@ msgstr ""
 "Pokazana wartość wiarygodności klucza może być niepoprawna,\n"
 "dopóki program nie zostanie uruchomiony ponownie.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "unieważniony"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "wygasł"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4904,17 +4836,17 @@ msgstr ""
 "             jako główny. Wykonanie tego polecenie może więc spowodować\n"
 "             wyświetlanie innego identyfikatora jako domyślnego głównego.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "OSTRZEŻENIE: podklucz do szyfrowania wkrótce wygaśnie.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Może warto także zmienić jego datę ważności.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4923,35 +4855,35 @@ msgstr ""
 "OSTRZEŻENIE: To jest klucz PGP wersji 2. Dodanie zdjęcia spowoduje, że\n"
 "             niektóre wersje przestaną go rozumieć.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Czy dalej chcesz je dodać? (t/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Do klucza dla PGP 2.x nie można dodać zdjęcia.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Taki identyfikator użytkownika już istnieje na tym kluczu!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Usunąć ten poprawny podpis? (t/N/w) "
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Usunąć ten niepoprawny podpis? (t/N/w) "
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Usunąć ten nieznany podpis? (t/N/w) "
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Na pewno usunąć ten podpis klucza nim samym? (t/N) "
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
@@ -4959,20 +4891,20 @@ msgstr[0] "%d podpis usunięty.\n"
 msgstr[1] "%d podpisy usunięte.\n"
 msgstr[2] "%d podpisów usuniętych.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nic nie zostało usunięte.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "niepoprawny"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Identyfikator użytkownika ,,%s'' upakowany: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
@@ -4980,17 +4912,17 @@ msgstr[0] "Identyfikator użytkownika ,,%s'': %d podpis usunięty\n"
 msgstr[1] "Identyfikator użytkownika ,,%s'': %d podpisy usunięte\n"
 msgstr[2] "Identyfikator użytkownika ,,%s'': %d podpisów usuniętych\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Identyfikator użytkownika ,,%s'': już zmniejszony.\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Identyfikator użytkownika ,,%s'': już czysty.\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5000,278 +4932,284 @@ msgstr ""
 "             unieważniającego spowoduje, że niektóre wersje PGP przestaną\n"
 "             go rozumieć.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Do klucza dla PGP 2.x nie można wyznaczyć klucza unieważniającego.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Podaj identyfikator klucza unieważniającego: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "klucza PGP 2.x nie można wyznaczyć jako unieważniającego\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "nie można wyznaczyć klucza do unieważniania jego samego\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "ten klucz został już uznany kluczem unieważniającym\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "OSTRZEŻENIE: nie można cofnąć wyznaczenia klucza jako unieważniającego!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Czy na pewno chcesz wyznaczyć ten klucz jako unieważniający? (t/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "Czy na pewno zmienić datę ważności dla wielu podkluczy? (t/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Zmiana daty ważności podklucza.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Zmiana daty ważności głównego klucza.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Nie można zmienić daty ważności klucza w wersji 3.\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Zmiana zastosowań podklucza.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Zmiana zastosowań klucza głównego.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "podklucz podpisujący %s jest już skrośnie podpisany\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "podklucz %s nie jest podpisujący, więc nie musi być skrośnie podpisany\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Proszę wybrać dokładnie jeden identyfikator użytkownika.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "podpis w wersji 3 na identyfikatorze ,,%s'' zostaje pominięty\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Podaj preferowany URL serwera kluczy: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Czy na pewno chcesz go zastąpić? (t/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Czy na pewno chcesz go usunąć? (t/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Adnotacje: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Kontynuować? (t/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Brak identyfikatora użytkownika o numerze %d.\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Brak identyfikatora użytkownika o skrócie %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Brak podklucza o identyfikatorze ,,%s''.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Brak podklucza o numerze %d.\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "identyfikator użytkownika: ,,%s''\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "podpisany twoim kluczem %s w %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (podpis nieeksportowalny) "
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Ważność tego klucza wygasła %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Czy dalej chcesz go unieważnić? (t/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Stworzyć certyfikat unieważnienia tego podpisu? (t/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Te identyfikatory na kluczu %s są podpisane przez Ciebie:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (podpis nieunieważnialny) "
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "unieważniony przez twój klucz %s w %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Czy na pewno chcesz unieważnić te podpisy:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Na pewno utworzyć certyfikaty unieważnienia ? (t/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "brak klucza tajnego\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 "próba unieważnienia identyfikatora nie odnoszącego się do użytkownika: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "identyfikator użytkownika ,,%s'' został już unieważniony\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "OSTRZEŻENIE: identyfikator użytkownika podpisany za %d sekund (w "
 "przyszłości)\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr ""
 "Nie można unieważnić ostatniego poprawnego identyfikatora użytkownika.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Klucz %s jest już unieważniony.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Podklucz %s jest już unieważniony.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Wyświetlanie zdjęcia w formacie %s o rozmiarze %ld bajtów dla klucza %s (id "
 "%d).\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "błędna wartość dla opcji ,,%s''\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "ustawienie ,,%s'' powtarza się\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "zbyt wiele ustawień szyfru\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "zbyt wiele ustawień funkcji skrótu\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "zbyt wiele ustawień kompresji\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "zbyt wiele ustawień szyfru\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "niewłaściwy element ,,%s'' w tekście ustawień\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "zapis podpisu bezpośredniego\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "zapis podpisu klucza nim samym\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "zapis podpisu wiążącego klucz\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "niewłaściwa długość klucza; wykorzystano %u bitów\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "rozmiar klucza zaokrąglony w górę do %u bitów\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5279,19 +5217,19 @@ msgstr ""
 "OSTRZEŻENIE: niektóre programy OpenPGP nie potrafią obsłużyć klucza RSA o "
 "tej długości skrótu\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Podpisywanie"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certyfikowanie"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Szyfrowanie"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Uwierzytelnianie"
 
@@ -5305,161 +5243,180 @@ msgstr "Uwierzytelnianie"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "PpSsUuZz"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Możliwe akcje dla klucza %s: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Aktualnie dopuszczalne akcje: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Przełączenie możliwości podpisywania\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Przełączenie możliwości szyfrowania\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Przełączenie możliwości uwierzytelniania\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Zakończenie\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA i RSA (domyślne)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA i Elgamala\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (tylko do podpisywania)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (tylko do podpisywania)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamala (tylko do szyfrowania)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (tylko do szyfrowania)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (możliwości do ustawienia)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (możliwości do ustawienia)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC i ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) podpisywanie, szyfrowanie\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
+
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) ECC (tylko do podpisywania)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) ECC (możliwości do ustawienia)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) ECC (tylko do szyfrowania)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Istniejący klucz\n"
 
-#: g10/keygen.c:1973
-#, c-format
-msgid "  (%d) Existing key from card\n"
+#: g10/keygen.c:2158
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "  (%d) Istniejący klucz z karty\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Uchwyt klucza: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Nieprawidłowy uchwyt klucza (oczekiwano 40 cyfr szesnastkowych)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Brak klucza o tym uchwycie\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "błąd odczytu karty: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Numer seryjny karty: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Dostępne klucze:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "zaokrąglono do %u bitów\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "Klucze %s będą miały od %u do %u bitów długości.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Jakiej długości podklucz wygenerować? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Żądana długość klucza to %u bitów.\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Proszę wybrać rodzaj krzywej eliptycznej:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5475,7 +5432,7 @@ msgstr ""
 "      <n>m = termin ważności klucza upływa za n miesięcy\n"
 "      <n>y = termin ważności klucza upływa za n lat\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5491,38 +5448,38 @@ msgstr ""
 "      <n>m = termin ważności podpisu upływa za n miesięcy\n"
 "      <n>y = termin ważności podpisu upływa za n lat\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Okres ważności klucza? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Okres ważności podpisu? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "niepoprawna wartość\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Klucz nie wygaśnie w ogóle\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Podpis nie wygaśnie w ogóle\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Klucz traci ważność %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Ważność podpisu wygasa %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5530,11 +5487,11 @@ msgstr ""
 "Twój system nie potrafi pokazać daty po roku 2038.\n"
 "Niemniej daty do roku 2106 będą poprawnie obsługiwane.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Czy wszystko się zgadza (t/N)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5548,7 +5505,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5564,49 +5521,49 @@ msgstr ""
 "    \"Tadeusz Żeleński (Boy) <tzb@ziemianska.pl>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Imię i nazwisko: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Niewłaściwy znak w imieniu lub nazwisku\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Znaki ,,%s'' i ,,%s'' nie mogą występować w inieniu ani nazwisku\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Imię lub nazwisko nie może zaczynać się od cyfry\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Imię i nazwisko muszą mieć co najmniej 5 znaków długości.\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Adres poczty elektronicznej: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "To nie jest poprawny adres poczty elektronicznej\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Komentarz: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Niewłaściwy znak w komentarzu\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Używany zestaw znaków: ,,%s''.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5617,7 +5574,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Nie należy umieszczać adresu poczty elektronicznej w polu nazwiska czy\n"
@@ -5634,35 +5591,35 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "IiKkEeDdWw"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, czy (W)yjść? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, przejść (D)alej,\n"
 "czy (W)yjść z programu? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Zmienić (I)mię/nazwisko, adres (E)mail, czy (W)yjść? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr ""
 "Zmienić (I)mię/nazwisko, adres (E)mail, przejść (D)alej,\n"
 "czy (W)yjść z programu? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Najpierw trzeba poprawić ten błąd\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5678,13 +5635,13 @@ msgstr ""
 "ilości\n"
 "entropii.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Generacja klucza nie powiodła się: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5695,66 +5652,66 @@ msgstr ""
 "    ,,%s''\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Kontynuować? (T/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "klucz dla ,,%s'' już istnieje\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Utworzyć klucz mimo to? (t/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "tworzenie mimo to\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Uwaga: pełną funkcjonalność generowania klucza można uzyskać przez ,,%s "
 "%s''.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Procedura generacji klucza została anulowana.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "nie można utworzyć pliku kopii zapasowej ,,%s'': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Uwaga: kopia zapasowa klucza karty zapisana do ,,%s''\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "zapis klucza publicznego w ,,%s''\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "brak zapisywalnego zbioru kluczy publicznych: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "błąd podczas zapisu zbioru kluczy publicznych ,,%s'': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "klucz publiczny i prywatny (tajny) zostały utworzone i podpisane.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5762,7 +5719,7 @@ msgstr ""
 "Ten klucz nie może być wykorzystany do szyfrowania. Komendą \"--edit-key\"\n"
 "można dodać do niego podklucz szyfrujący.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5770,7 +5727,7 @@ msgstr ""
 "klucz został stworzony %lu sekundę w przyszłości (zaburzenia\n"
 "czasoprzestrzeni, lub źle ustawiony zegar systemowy)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5778,51 +5735,51 @@ msgstr ""
 "klucz został stworzony %lu sekund w przyszłości (zaburzenia\n"
 "czasoprzestrzeni, lub źle ustawiony zegar systemowy)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "Uwaga: tworzenie podkluczy dla kluczy wersji 3 jest niezgodne z OpenPGP.\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Część tajna głównego klucza jest niedostępna.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Część tajna głównego klucza jest zapisana na karcie.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Czy na pewno utworzyć? (t/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "nigdy     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Krytyczny regulamin podpisu: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Regulamin podpisu: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Krytyczny preferowany serwer kluczy: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Krytyczne adnotacje podpisu: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Adnotacje podpisu: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
@@ -5830,7 +5787,7 @@ msgstr[0] "%d poprawny podpis\n"
 msgstr[1] "%d poprawne podpisy\n"
 msgstr[2] "%d poprawnych podpisów\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
@@ -5838,7 +5795,7 @@ msgstr[0] "%d podpis nie został sprawdzony z powodu błędu\n"
 msgstr[1] "%d podpisy nie został sprawdzone z powodu błędu\n"
 msgstr[2] "%d podpisów nie zostało sprawdzonych z powodu błędu\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
@@ -5846,42 +5803,42 @@ msgstr[0] "Ostrzeżenie: %lu klucz pominięto z powodu dużego rozmiaru\n"
 msgstr[1] "Ostrzeżenie: %lu klucze pominięto z powodu dużego rozmiaru\n"
 msgstr[2] "Ostrzeżenie: %lu kluczy pominięto z powodu dużego rozmiaru\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Zbiór kluczy"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Odcisk klucza głównego:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "      Odcisk podklucza:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Odcisk klucza głównego:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "       Odcisk podklucza:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "       Odcisk klucza ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "    Nr seryjny karty ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "buforowanie zbioru kluczy ,,%s''\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
@@ -5889,7 +5846,7 @@ msgstr[0] "%lu kluczy zbuforowano do tej pory (%lu podpis)\n"
 msgstr[1] "%lu kluczy zbuforowano do tej pory (%lu podpisy)\n"
 msgstr[2] "%lu kluczy zbuforowano do tej pory (%lu podpisów)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
@@ -5897,7 +5854,7 @@ msgstr[0] "%lu klucz zbuforowany"
 msgstr[1] "%lu klucze zbuforowane"
 msgstr[2] "%lu kluczy zbuforowanych"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
@@ -5905,58 +5862,54 @@ msgstr[0] " (%lu podpis)\n"
 msgstr[1] " (%lu podpisy)\n"
 msgstr[2] " (%lu podpisów)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: zbiór kluczy utworzony\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "nadpisanie zbioru opcji proxy dla dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "włączenie unieważnionych kluczy do wyników wyszukiwania"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "włączenie podkluczy przy poszukiwaniu po ID klucza"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "nadpisanie zbioru opcji limitu czasu dla dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "automatyczne pobieranie kluczy przy sprawdzaniu podpisów"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "honorowanie URL-a preferowanego serwera kluczy ustawionego w kluczu"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "wyłączony"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Wprowadź numer(y), N)astępny lub Q)uit > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "niepoprawny protokół serwera kluczy (nasz %d != moduł obsługi %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ",,%s'' nie jest identyfikatorem klucza - pominięto\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
@@ -5964,128 +5917,141 @@ msgstr[0] "odświeżanie %d klucza z %s\n"
 msgstr[1] "odświeżanie %d kluczy z %s\n"
 msgstr[2] "odświeżanie %d kluczy z %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "OSTRZEŻENIE: nie można odświeżyć klucza %s przez %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "klucz ,,%s'' nie został odnaleziony na serwerze kluczy\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "klucz nie został odnaleziony na serwerze kluczy\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "zapytanie o klucz %s z serwera %s %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "zapytanie o klucz %s z %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "brak znanego serwera kluczy\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "pominięty ,,%s'': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "wysyłanie klucza %s na %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "zapytanie o klucz z ,,%s''\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "OSTRZEŻENIE: nie można pobrać URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "dziwny rozmiar jak na zaszyfrowany klucz sesyjny (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "klucz sesyjny zaszyfrowany %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "dane zaszyfrowano nieznanym algorytmem numer %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "hasło wygenerowane nieznanym algorytmem skrótu %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "klucz publiczny to %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "dane zaszyfrowane kluczem publicznym: poprawny klucz sesyjny\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr ""
 "zaszyfrowano %u-bitowym kluczem %s o identyfikatorze %s, stworzonym %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      ,,%s''\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "zaszyfrowano kluczem %s o identyfikatorze %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "błąd odszyfrowywania kluczem publicznym: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "OSTRZEŻENIE: widziano wiele czystych tekstów\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "zaszyfrowane za pomocą %lu haseł\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "zaszyfrowane jednym hasłem\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "błąd odszyfrowywania kluczem publicznym: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "dane zaszyfrowane kluczem publicznym: poprawny klucz sesyjny\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "przyjmując że dane zostały zaszyfrowane za pomocą %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "szyfr IDEA nie jest dostępny, próba użycia %s zamiast niego\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "OSTRZEŻENIE: wiadomość nie była zabezpieczona przed manipulacją\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -6095,278 +6061,278 @@ msgstr ""
 "prawdopodobne, że jest ona prawdziwa. Jest tak dlatego, że w tamtych\n"
 "czasach ochrona integralności nie była szeroko stosowana.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Użycie mimo to opcji ,,%s'' do odszyfrowania.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "wymuszono błąd odszyfrowywania!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "odszyfrowanie poprawne\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "OSTRZEŻENIE: zaszyfrowana wiadomość była manipulowana!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "błąd odszyfrowywania: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Uwaga: nadawca zaznaczył, że wiadomość nie powinna być zapisywana\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "pierwotna nazwa pliku='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "osobny certyfikat unieważnienia - użyj ,,gpg --import'' aby go wczytać\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "nie znaleziono podpisu\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "NIEPOPRAWNY podpis złożony przez ,,%s''"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Przeterminowany podpis złożony przez ,,%s''"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Poprawny podpis złożony przez ,,%s''"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "wymuszono pominięcie sprawdzenia podpisu\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "nie można obsłużyć tych wieloznacznych danych podpisu\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Podpisano w %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               przy użyciu klucza %s %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Podpisano w %s kluczem %s o numerze %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                        wystawca ,,%s''\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Klucz dostępny w: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Uwaga: aby wykorzystać tę informację, należy użyć ,,%s''\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[niepewne]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                        alias ,,%s''"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "OSTRZEŻENIE: ten klucz nie nadaje się do podpisywania w trybie %s\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Ważność podpisu wygasła %s.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Ważność podpisu wygasa %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "podpis %s, algorytm skrótu %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binarny"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "tekstowy"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "nieznany"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", algorytm klucza "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 "OSTRZEŻENIE: to nie jest oddzielony podpis; plik ,,%s'' NIE został "
 "zweryfikowany!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Nie można sprawdzić podpisu: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "nie jest oddzielonym podpisem.\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "OSTRZEŻENIE: wielokrotne podpisy. Tylko pierwszy zostanie sprawdzony.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "oddzielony podpis klasy 0x%02x.\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "podpis starego typu (PGP 2.x).\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat na ,,%s'' nie powiodło się w %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) nie powiodło się w %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr ""
 "OSTRZEŻENIE: użycie eksperymentalnego algorytmu klucza publicznego %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "OSTRZEŻENIE: klucze do podpisywania i szyfrowania Elgamala są odradzane\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "OSTRZEŻENIE: użycie eksperymentalnego szyfru %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "OSTRZEŻENIE: użycie eksperymentalnego algorytmu skrótu %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "OSTRZEŻENIE: algorytm skrótu %s jest odradzany\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Uwaga: podpisy wykorzystujące algorytm %s są odrzucane\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr ""
 "Uwaga: podpisy kluczami osób trzecich wykorzystujące algorytm %s są "
 "odrzucane\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(zgłoszony błąd: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(zgłoszony błąd: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(dalsze informacje: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: przestarzała opcja ,,%s''\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "OSTRZEŻENIE: ,,%s'' jest przestarzałą opcją.\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "w jej miejsce należy użyć ,,%s%s''\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr ""
 "OSTRZEŻENIE: ,,%s'' jest przestarzałym poleceniem - nie należy go używać\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr ""
 "%s:%u: ,,%s'' jest przestarzałe w tym pliku - ma znaczenie tylko w %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
@@ -6374,42 +6340,37 @@ msgstr ""
 "OSTRZEŻENIE: ,,%s%s'' jest przestarzałą opcją - nie ma efektu z wyjątkiem "
 "%s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Nieskompresowany"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "nieskompresowany|brak"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "ta wiadomość może nie dać się odczytać za pomocą %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "niejednoznaczna opcja ,,%s''\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "nieznana opcja ,,%s''\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "klucz publiczny ECDSA powinien być w kodowaniu SEC wielokrotnością 8 bitów\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "nieznany słaby skrót ,,%s''\n"
@@ -6432,89 +6393,78 @@ msgstr "%s: nieznana końcówka nazwy\n"
 msgid "Enter new filename"
 msgstr "Nazwa pliku"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "zapisywanie na wyjście standardowe\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "przyjęto obecność podpisanych danych w '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "nie można obsłużyć tego algorytmu klucza publicznego: %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "OSTRZEŻENIE: symetrycznie zaszyfrowany klucz sesyjny może nie być "
 "bezpieczny\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Nieznane krytyczne adnotacje podpisu: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "podpakiet typu %d ma ustawiony krytyczny bit\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem z agentem: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Proszę wprowadzić nowe hasło"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Hasło\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "anulowano przez użytkownika\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ID głównego klucza %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Proszę wprowadzić hasło do odbezpieczenia klucza prywatnego OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Proszę wprowadzić hasło do zaimportowania klucza prywatnego OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
 "Proszę wprowadzić hasło do wyeksportowania podklucza prywatnego OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Proszę wprowadzić hasło do wyeksportowania klucza prywatnego OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Czy na pewno trwale usunąć podklucz prywatny OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Czy na pewno trwale usunąć klucz prywatny OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6529,7 +6479,7 @@ msgstr ""
 "utworzony %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6543,94 +6493,138 @@ msgstr ""
 "publicznym. Jeśli będzie duży, powiększy to także rozmiar Twojego klucza!\n"
 "Dobry rozmiar to około 240 na 288 pikseli.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Nazwa pliku ze zdjęciem w formacie JPEG: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "nie można otworzyć pliku JPEG ,,%s'': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Ten JPEG jest naprawdę duży (%d bajtów)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Czy na pewno chcesz go użyć? (t/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr ",,%s'' nie jest plikiem JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Czy zdjęcie jest w porządku? (t/N/w) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "nie można wyświetlić zdjęcia!\n"
+msgid "no remote program execution supported\n"
+msgstr "odwołania do zewnętrznych programów są wyłączone\n"
 
-#. TRANSLATORS: These are the allowed answers in lower and
-#. uppercase.  Below you will find the matching strings which
-#. should be translated accordingly and the letter changed to
-#. match the one in the answer string.
-#.
-#. i = please show me more information
-#. m = back to the main menu
-#. s = skip this key
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"platforma wymaga użycia plików tymczasowych do wołania zewnętrznych "
+"programów\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "nie można uruchomić powłoki ,,%s'': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "nienaturalne zakończenie pracy zewnętrznego programu\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "błąd systemu podczas wołania programu zewnętrznego: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "OSTRZEŻENIE: nie można skasować pliku tymczasowego (%s) ,,%s'': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "OSTRZEŻENIE: nie można skasować tymczasowego katalogu ,,%s'': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"nieszczelne uprawnienia ustawień - wołanie zewnętrznych programów wyłączone\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "nie można wyświetlić zdjęcia!\n"
+
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase.  Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
+#. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMwWpP"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Brak wartości zaufania dla:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  alias ,,%s''\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Jak bardzo ufasz, że ten klucz naprawdę należy do tej osoby?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = nie wiem albo nie powiem\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = NIE ufam\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = ufam absolutnie\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = powrót do głównego menu\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  p = pominięcie tego klucza\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  w = wyjście\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6639,44 +6633,44 @@ msgstr ""
 "Minimalny poziom zaufania dla tego klucza to: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Decyzja? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Czy na pewno chcesz przypisać absolutne zaufanie temu kluczowi? (t/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certyfikaty prowadzące do ostatecznie zaufanego klucza:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: Nie ma żadnej pewności, czy ten klucz należy do tej osoby\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: Nie ma całkowitej pewności, czy ten klucz należy do tej osoby\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Ten klucz prawdopodobnie należy do tej osoby\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Ten klucz należy do nas\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: Ten klucz jest niedobry! Został oznaczony jako niezaufany!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6686,7 +6680,7 @@ msgstr ""
 "Jeżeli *naprawdę* wiesz, co robisz, możesz odpowiedzieć ,,tak'' na\n"
 "następne pytanie.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6696,149 +6690,167 @@ msgstr ""
 "Jeśli nie masz co do tego żadnych wątpliwości i *naprawdę* wiesz co robisz,\n"
 "możesz odpowiedzieć ,,tak'' na następne pytanie.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Użyć tego klucza pomimo to? (t/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "OSTRZEŻENIE: używany jest klucz nie obdarzony zaufaniem!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "OSTRZEŻENIE: ten klucz mógł zostać unieważniony\n"
 "             (brak klucza unieważniającego aby to sprawdzić)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "identyfikator użytkownika: ,,%s''\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "podano opcję ,,%s'', ale nie podano opcji ,,%s''\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "klucz %s: nie zgadza się z lokalną kopią\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "podano opcję ,,%s'', ale nie podano opcji ,,%s''\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "OSTRZEŻENIE: Ten klucz został unieważniony kluczem unieważniającym!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "OSTRZEŻENIE: Ten klucz został unieważniony przez właściciela!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "             To może oznaczać, że podpis jest fałszerstwem.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "OSTRZEŻENIE: Ten podklucz został unieważniony przez właściciela!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Uwaga: Ten klucz został wyłączony z użytku.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Uwaga: Sprawdzony adres pospisującego to ,,%s''\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Uwaga: Adres podpisującego ,,%s'' nie pasuje do wpisu DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-"poziom zaufania poprawiony na PEŁNY ze względu na poprawne informacje PKA\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-"poziom zaufania poprawiony na ŻADEN ze względu na błędne informacje PKA\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Uwaga: Data ważności tego klucza upłynęła!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "OSTRZEŻENIE: Ten klucz nie jest poświadczony zaufanym podpisem!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "OSTRZEŻENIE: Ten klucz nie jest poświadczony zaufanym podpisem!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "             Nie ma pewności co do tożsamości osoby która złożyła podpis.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "OSTRZEŻENIE: NIE UFAMY temu kluczowi!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "             Ten podpis prawdopodobnie jest FAŁSZYWY.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"OSTRZEŻENIE: Tego klucza nie poświadczają wystarczająco zaufane podpisy!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "OSTRZEŻENIE: Tego klucza nie poświadczają wystarczająco zaufane podpisy!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr ""
 "             Nie ma pewności co do tożsamości osoby która złożyła ten "
 "podpis.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: pominięty: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: pominięty: klucz publiczny wyłączony z użytku\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: pominięty: został już wybrany w innej opcji\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "nie można zaszyfrować do ,,%s''\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "podano opcję ,,%s'', ale nie podano poprawnych kluczy domyślnych\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "podano opcję ,,%s'', ale nie podano opcji ,,%s''\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Nie został podany identyfikator użytkownika (np. za pomocą ,,-r'')\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Aktualni odbiorcy:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6846,40 +6858,40 @@ msgstr ""
 "\n"
 "Identyfikator użytkownika (pusta linia oznacza koniec): "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Brak takiego identyfikatora użytkownika.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "pominięty: klucz publiczny już jest domyślnym adresatem\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Klucz publiczny wyłączony z użycia.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "pominięty: został już wybrany w innej opcji\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "nieznany domyślny adresat ,,%s''\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "brak poprawnych adresatów\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Uwaga: klucz %s nie ma cechy %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Uwaga: klucz %s nie ma preferencji dla %s\n"
@@ -6890,76 +6902,82 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "dane nie zostały zapisane; aby to zrobić, należy użyć opcji \"--output\"\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Podpis oddzielony od danych.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Nazwa pliku danych: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "czytam strumień standardowego wejścia\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "brak podpisanych danych\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "nie można otworzyć podpisanego pliku ,,%s''\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "nie można otworzyć podpisanych danych z fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "klucz %s nie nadaje się do odszyfrowywania w trybie %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "adresat anonimowy; sprawdzanie klucza tajnego %s...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "klucz %s nie nadaje się do odszyfrowywania w trybie %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "OK, to my jesteśmy adresatem anonimowym.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "stary, nieobsługiwany algorytm szyfrowania klucza sesyjnego\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "algorytm szyfrujący %d%s jest nieznany lub został wyłączony\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "OSTRZEŻENIE: brak algorytmu szyfrującego %s w ustawieniach odbiorcy\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Uwaga: ważność klucza tajnego %s wygasła %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Uwaga: klucz został unieważniony"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "wywołanie funkcji build_packet nie powiodło się: %s\n"
@@ -6977,37 +6995,37 @@ msgstr "Zostanie unieważniony przez:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(to jest czuły klucz unieważniający)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Klucz tajny nie jest dostępny.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Stworzyć certyfikat unieważnienia tego klucza? (t/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "wymuszono opakowanie ASCII wyniku.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "wywołanie funkcji make_keysig_packet nie powiodło się: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Certyfikat unieważnienia został utworzony.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "brak kluczy unieważniających dla ,,%s''\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "To certyfikat unieważnienia dla klucza OpenPGP:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7018,7 +7036,7 @@ msgstr ""
 "używany. Po opublikowaniu takiego certyfikatu nie jest już możliwe\n"
 "wycofanie go."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7032,7 +7050,7 @@ msgstr ""
 "unieważnienia. Więcej szczegółów w opisie polecenia gpg\n"
 ",,--generate-revocation'' w podręczniku do GnuPG."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7043,12 +7061,12 @@ msgstr ""
 "tekstu przed zaimportowaniem i opublikowaniem tego certyfikatu\n"
 "unieważnienia."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "certyfikat unieważnienia został zapisany jako ,,%s.rev''\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "klucz prywatny ,,%s'' nie został odnaleziony\n"
@@ -7061,16 +7079,16 @@ msgstr "klucz prywatny ,,%s'' nie został odnaleziony\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ",,%s'' pasuje do wielu kluczy tajnych:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "błąd przeszukiwania zbioru kluczy: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Stworzyć certyfikat unieważnienia tego klucza? (t/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7094,37 +7112,37 @@ msgstr ""
 "komputerów mogą zachować treść wydruku i udostępnić ją osobom "
 "nieupoważnionym.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Proszę wybrać powód unieważnienia:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Anuluj"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Prawdopodobnie chcesz tu wybrać %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Wprowadź opis (nieobowiązkowy) i zakończ go pustą linią:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Powód unieważnienia: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(nie podano)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Informacje poprawne? (t/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "wygenerowano słaby klucz - operacja zostaje powtórzona\n"
@@ -7136,48 +7154,43 @@ msgstr ""
 "brak możliwości generacji dobrego klucza dla szyfru symetrycznego;\n"
 "operacja była powtarzana %d razy!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "klucz %s %s używa niebezpiecznego (%zu-bitowego) skrótu\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "klucz %s %s wymaga skrótu %zu-bitowego lub większego (skrót to %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "klucz %s nie może być używany do podpisów w trybie %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "OSTRZEŻENIE: konflikt skrótów podpisów w wiadomości\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "klucz %s nie może być używany do podpisów w trybie %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "OSTRZEŻENIE: podklucz podpisujący %s nie jest skrośnie podpisany\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "objaśnienie można przeczytać tutaj: %s\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "OSTRZEŻENIE: podklucz podpisujący %s jest niepoprawnie skrośnie podpisany\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7185,7 +7198,7 @@ msgstr[0] "klucz publiczny %s jest o %lu sekundę młodszy od podpisu\n"
 msgstr[1] "klucz publiczny %s jest o %lu sekundy młodszy od podpisu\n"
 msgstr[2] "klucz publiczny %s jest o %lu sekund młodszy od podpisu\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7193,7 +7206,7 @@ msgstr[0] "klucz publiczny %s jest o %lu dzień młodszy od podpisu\n"
 msgstr[1] "klucz publiczny %s jest o %lu dni młodszy od podpisu\n"
 msgstr[2] "klucz publiczny %s jest o %lu dni młodszy od podpisu\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7209,7 +7222,7 @@ msgstr[2] ""
 "klucz %s został stworzony %lu sekund w przyszłości (zaburzenia\n"
 "czasoprzestrzeni lub źle ustawiony zegar systemowy)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7224,51 +7237,51 @@ msgstr[2] ""
 "klucz %s został stworzony %lu dni w przyszłości (zaburzenia\n"
 "czasoprzestrzeni lub źle ustawiony zegar systemowy)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Uwaga: klucz podpisujący %s przekroczył datę ważności %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Uwaga: klucz podpisujący %s został unieważniony\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "błędny podpis klucza wykonany kluczem %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "błędny podpis danych wykonany kluczem %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "uznano za zły podpis utworzony kluczem %s z powodu nieznanego bitu "
 "krytycznego\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "klucz %s: brak podklucza dla podpisu unieważnienia podklucza\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "klucz %s: brak podklucza dowiązywanego podpisem\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "OSTRZEŻENIE: nie można rozwinąć %% w URL adnotacji (jest zbyt długi).\n"
 "             Użyty zostanie nie rozwinięty.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7276,7 +7289,7 @@ msgstr ""
 "OSTRZEŻENIE: nie można rozwinąć znaczników %% w URL regulaminu\n"
 "           (jest zbyt długi). Użyty zostanie nie rozwinięty.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7285,12 +7298,12 @@ msgstr ""
 "OSTRZEŻENIE: nie można rozwinąć znaczników %% w URL-u preferowanego\n"
 "           serwera kluczy (jest zbyt długi). Użyty zostanie nie rozwinięty.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "podpis %s/%s złożony przez: ,,%s''\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7298,40 +7311,41 @@ msgstr ""
 "OSTRZEŻENIE: wymuszone użycie skrótu %s (%d) kłóci się z ustawieniami "
 "adresata\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "podpis:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "zostanie użyty szyfr %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "klucz nie jest oznaczony jako niepewny - nie można go użyć z atrapą\n"
 "generatora liczb losowych!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "pominięty ,,%s'': duplikat\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "pominięty: klucz prywatny jest już wpisany\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "klucz algorytmu Elgamala wygenerowany przez PGP nie zapewniający "
 "bezpiecznych podpisów!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "wpis zaufania %lu, typ zapytania %d: zapis nie powiódł się: %s\n"
@@ -7345,43 +7359,43 @@ msgstr ""
 "# Lista przypisanych wartości zaufania, stworzona %s\n"
 "# (użyj \"gpg --import-ownertrust\" aby ją przywrócić)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "błąd w ,,%s'': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "linia zbyt długa"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "brak dwukropka"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "niewłaściwy odcisk"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "brak wartości zaufania właściciela"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "błąd podczas szukania zapisu wartości zaufania w ,,%s'': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "błąd odczytu w ,,%s'': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "baza zaufania: synchronizacja nie powiodła się %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "nie można utworzyć blokady dla ,,%s''\n"
@@ -7391,12 +7405,12 @@ msgstr "nie można utworzyć blokady dla ,,%s''\n"
 msgid "can't lock '%s'\n"
 msgstr "nie można zablokować ,,%s''\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "baza zaufania, wpis %lu: funkcja lseek() nie powiodła się: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "baza zaufania, wpis %lu: zapis nie powiódł się (n=%d): %s\n"
@@ -7411,7 +7425,7 @@ msgstr "zbyt duże zlecenie dla bazy zaufania\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: katalog nie istnieje!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "nie można dostać się do ,,%s'': %s\n"
@@ -7452,7 +7466,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: błąd przy uaktualnianiu numeru wersji: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: błąd odczytu numeru wersji: %s\n"
@@ -7462,52 +7476,52 @@ msgstr "%s: błąd odczytu numeru wersji: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: błąd zapisu numeru wersji: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "baza zaufania: funkcja lseek() zawiodła: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "baza zaufania: funkcja read() (n=%d) zawiodła: %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: to nie jest plik bazy zaufania\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: wpis wersji z numerem %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: niewłaściwa wersja pliku %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: błąd odczytu pustego wpisu: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: błąd zapisu wpisu katalogowego: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: zerowanie rekordu nie powiodło się: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: dopisanie rekordu nie powiodło się: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Błąd: uszkodzona baza zaufania.\n"
@@ -7547,10 +7561,10 @@ msgstr "nieobsługiwana wersja bazy danych TOFU: %s\n"
 msgid "TOFU DB error"
 msgstr "Błąd bazy danych TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "błąd odczytu bazy danych TOFU: %s\n"
@@ -7570,7 +7584,7 @@ msgstr "błąd inicjowania bazy danych TOFU: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "błąd otwierania bazy danych TOFU ,,%s'': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "błąd uaktualniania bazy danych TOFU: %s\n"
@@ -7757,17 +7771,17 @@ msgstr "(D)obry, (A)kceptuj raz, (N)ieznany, (O)drzuć raz, (Z)ły? "
 msgid "Defaulting to unknown.\n"
 msgstr "Domyślnie nieznany.\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Wykryto uszkodzenie bazy danych TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "błąd zmiany polityki TOFU: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
@@ -7775,7 +7789,7 @@ msgstr[0] "ostatni %lld~rok"
 msgstr[1] "ostatnie %lld~lata"
 msgstr[2] "ostatnie %lld~lat"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
@@ -7783,7 +7797,7 @@ msgstr[0] "ostatni %lld~miesiąc"
 msgstr[1] "ostatnie %lld~miesiące"
 msgstr[2] "ostatnie %lld~miesięcy"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
@@ -7791,7 +7805,7 @@ msgstr[0] "ostatni %lld~tydzień"
 msgstr[1] "ostatnie %lld~tygodnie"
 msgstr[2] "ostatnie %lld~tygodni"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
@@ -7799,7 +7813,7 @@ msgstr[0] "ostatni %lld~dzień"
 msgstr[1] "ostatnie %lld~dni"
 msgstr[2] "ostatnie %lld~dni"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
@@ -7807,7 +7821,7 @@ msgstr[0] "ostatnią %lld~godzinę"
 msgstr[1] "ostatnie %lld~godziny"
 msgstr[2] "ostatnie %lld~godzin"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
@@ -7815,7 +7829,7 @@ msgstr[0] "ostatnią %lld~minutę"
 msgstr[1] "ostatnie %lld~minuty"
 msgstr[2] "ostatnie %lld~minut"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
@@ -7823,26 +7837,26 @@ msgstr[0] "ostatnią %lld~sekundę"
 msgstr[1] "ostatnie %lld~sekundy"
 msgstr[2] "ostatnie %lld~sekund"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Sprawdzono 0~podpisów i zaszyfrowano 0~wiadomości."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s Sprawdzono 0 podpisów."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Zaszyfrowano 0 wiadomości."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(polityka: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7850,7 +7864,7 @@ msgstr ""
 "Ostrzeżenie: jeszcze nie widzieliśmy wiadomości podpisanej tym kluczem i "
 "identyfikatorem użytkownika!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7858,17 +7872,17 @@ msgstr ""
 "Ostrzeżenie: widzieliśmy tylko jedną wiadomość podpisaną tym kluczem i "
 "identyfikatorem użytkownika!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Ostrzeżenie: jeszcze nie zaszyfrowano wiadomości tym kluczem!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Ostrzeżenie: zaszyfrowano tylko jedną wiadomość tym kluczem!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7904,111 +7918,111 @@ msgstr[2] ""
 "  %s\n"
 "aby oznaczyć go jako zły.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "błąd otwierania bazy danych TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "OSTRZEŻENIE: szyfrowanie kluczem %s, który nie ma unieważnionych "
 "identyfikatorów użytkownika\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr ",,%s'' nie jest poprawnym długim identyfikatorem klucza\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "klucz %s: zaakceptowany jako klucz zaufany\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "klucz %s jest wpisany więcej niż raz w bazie zaufania\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "klucz %s: brak klucza publicznego dla zaufanego klucza - pominięty\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "klucz %s został oznaczony jako obdarzony absolutnym zaufaniem.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "wpis zaufania %lu, typ zapytania %d: odczyt nie powiódł się: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "wpis zaufania %lu jest typu innego niż poszukiwany %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Można próbować odtworzyć bazę zaufania przy użyciu poleceń:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Jeśli to nie działa, należy poradzić się instrukcji\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "nie można użyć nieznanego modelu zaufania (%d) - przyjęto model zaufania %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "użycie modelu zaufania %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "sprawdzanie bazy jest niepotrzebne\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "następne sprawdzanie bazy odbędzie się %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "nie ma potrzeby sprawdzania trustdb przy modelu zaufania ,,%s''\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "nie ma potrzeby uaktualniania trustdb przy modelu zaufania ,,%s''\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "klucz publiczny %s nie odnaleziony: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "należy uruchomić gpg z opcją ,,--check-trustdb''\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "sprawdzanie bazy zaufania\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
@@ -8016,7 +8030,7 @@ msgstr[0] "przetworzono %d klucz"
 msgstr[1] "przetworzono %d klucze"
 msgstr[2] "przetworzono %d kluczy"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
@@ -8024,17 +8038,17 @@ msgstr[0] " (skasowano %d licznik zaufania)\n"
 msgstr[1] " (skasowano %d liczniki zaufania)\n"
 msgstr[2] " (skasowano %d liczników zaufania)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "brak absolutnie zaufanych kluczy\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "klucz publiczny absolutnie zaufanego klucza %s nie odnaleziony\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8042,30 +8056,30 @@ msgstr ""
 "poziom: %d poprawnych: %3d podpisanych: %3d zaufanie: %d-,%dq,%dn,%dm,%df,"
 "%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "nie można uaktualnić rekordu wersji bazy zaufania: zapis nie powiódł się: "
 "%s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "nieokreślone"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "nigdy"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginalne"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "pełne"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "absolutne"
 
@@ -8077,39 +8091,39 @@ msgstr "absolutne"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "17"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[  unieważniony ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[przeterminowany]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[    nieznane   ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  nieokreślone ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[     nigdy     ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[   marginalne  ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[     pełne     ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[   absolutne   ]"
 
@@ -8134,19 +8148,31 @@ msgstr "linia wejścia %u zbyt długa lub brak znaku LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "nie można otworzyć fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "OSTRZEŻENIE: wiadomość nie była zabezpieczona przed manipulacją\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "niejednoznaczna opcja ,,%s''\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "ustawienie flag diagnostycznych"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "włączenie pełnej diagnostyki"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Składnia: kbxutil [opcje] [pliki] (-h wyświetla pomoc)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8157,75 +8183,200 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sNumer: %s%%0AWłaściciel: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Pozostało prób: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Proszę wpisać PIN"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Proszę wprowadzić kod resetujący dla karty"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Proszę wpisać PIN"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Proszę wprowadzić kod resetujący dla karty"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Proszę wprowadzić PIN administracyjny"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Proszę wprowadzić kod odblokowujący PIN (PUK) dla zwykłych kluczy."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Zapytanie zwrotne o PIN zwróciło błąd: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN dla CHV%d jest zbyt krótki; minimalna długość to %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN dla CHV%d jest zbyt krótki; minimalna długość to %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "klucz już istnieje\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "istniejący klucz zostanie zastąpiony\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generowanie nowego klucza\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "zapisywanie nowego klucza\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nie powiódł się zapis klucza: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "odpowiedź nie zawiera współczynnika RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "odpowiedź nie zawiera publicznego wykładnika RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "odpowiedź nie zawiera klucza publicznego EC\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "proszę czekać na wygenerowanie klucza...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generowanie klucza nie powiodło się\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "generowanie klucza zakończone (%d sekunda)\n"
+msgstr[1] "generowanie klucza zakończone (%d sekundy)\n"
+msgstr[2] "generowanie klucza zakończone (%d sekund)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "odpowiedź nie zawiera danych klucza publicznego\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Proszę wprowadzić PIN PIN dla klucza do tworzenia podpisów kwalifikowanych."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Proszę wprowadzić PIN administracyjny"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Proszę wprowadzić kod odblokowujący PIN (PUK) dla zwykłych kluczy."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Proszę wprowadzić PIN dla zwykłych kluczy."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "reszta RSA brakująca lub o rozmiarze innym niż %d bity\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "publiczny wykładnik RSA brakujący lub większy niż %d bity\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "Zapytanie zwrotne o PIN zwróciło błąd: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN nie został jeszcze zmieniony\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN nie został jeszcze zmieniony\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Proszę wprowadzić nowy PIN dla zwykłych kluczy."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Proszę wprowadzić nowy kod oblokowujący PIN (PUK) dla zwykłych kluczy."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Proszę wprowadzić nowy PIN dla klucza do tworzenia podpisów "
 "kwalifikowanych."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8233,7 +8384,7 @@ msgstr ""
 "|NP|Proszę wprowadzić nowy kod odblokowujący PIN (PUK) dla klucza do "
 "tworzenia podpisów kwalifikowanych."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8241,47 +8392,27 @@ msgstr ""
 "|P|Proszę wprowadzić kod odblokowujący PIN (PUK) dla klucza do tworzenia "
 "podpisów kwalifikowanych."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "błąd podczas odczytu nowego PIN-u: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "nie powiódł się zapis odcisku: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "nie powiódł się zapis daty utworzenia: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "błąd podczas odczytu stanu CHV z karty\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "odpowiedź nie zawiera współczynnika RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "odpowiedź nie zawiera publicznego wykładnika RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "odpowiedź nie zawiera klucza publicznego EC\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "odpowiedź nie zawiera danych klucza publicznego\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
@@ -8289,44 +8420,44 @@ msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sNumer: %s%%0AWłaściciel: %s%%0ALicznik: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "użycie domyślnego PIN-u jako %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "nie udało się użyć domyślnego PIN-u jako %s: %s - wyłączenie dalszego "
 "domyślnego użycia\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Proszę odblokować kartę"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN dla CHV%d jest zbyt krótki; minimalna długość to %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "weryfikacja CHV%d nie powiodła się: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "karta została trwale zablokowana!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8338,20 +8469,20 @@ msgstr[1] ""
 msgstr[2] ""
 "Zostało %d prób PIN-u administracyjnego do trwałego zablokowania karty\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "dostęp do poleceń administratora nie został skonfigurowany\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Proszę wpisać PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Proszę wprowadzić kod resetujący dla karty"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Kod resetujący zbyt krótki; minimalna długość to %d\n"
@@ -8359,115 +8490,72 @@ msgstr "Kod resetujący zbyt krótki; minimalna długość to %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Nowy kod resetujący"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Nowy PIN administracyjny"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Nowy PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Proszę wprowadzić PIN administracyjny i nowy PIN administracyjny"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Proszę wprowadzić PIN i nowy PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "błąd podczas odczytu danych aplikacji\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "błąd podczas odczytu odcisku DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "klucz już istnieje\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "istniejący klucz zostanie zastąpiony\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generowanie nowego klucza\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "zapisywanie nowego klucza\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "brak datownika utworzenia\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "liczba pierwsza %s RSA brakująca lub o rozmiarze innym niż %d bitów\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "nie powiódł się zapis klucza: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "nieobsługiwana krzywa\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "proszę czekać na wygenerowanie klucza...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generowanie klucza nie powiodło się\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generowanie klucza zakończone (%d sekunda)\n"
-msgstr[1] "generowanie klucza zakończone (%d sekundy)\n"
-msgstr[2] "generowanie klucza zakończone (%d sekund)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "niepoprawna struktura karty OpenPGP (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "odcisk na karcie nie zgadza się z żądanym\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "karta nie obsługuje algorytmu skrótu %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "dotychczas stworzono podpisów: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8475,7 +8563,7 @@ msgstr ""
 "weryfikacja PIN-u administracyjnego tym poleceniem jest aktualnie "
 "zabroniona\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "nie można dostać się do %s - niepoprawna karta OpenPGP?\n"
@@ -8487,59 +8575,63 @@ msgstr "||Proszę wprowadzić PIN na klawiaturze czytnika"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Początkowy nowy PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|POZIOM|ustawienie POZIOMU diagnostyki"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|PLIK|zapisanie logów do PLIKu"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|połączenie z czytnikiem na porcie N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAZWA|użycie NAZWY jako sterownika ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAZWA|użycie NAZWY jako sterownika PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "nieużywanie wewnętrznego sterownika CCID"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|odłączenie karty po N sekundach nieaktywności"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "nieużywanie klawiatury czytnika"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "użycie wejścia z klawiatury czytnika o zmiennej długości"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "zabronienie używania poleceń karty administratora"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Składnia: @SCDAEMON@ [opcje] (-h wyświetla pomoc)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8547,37 +8639,31 @@ msgstr ""
 "Składnia: scdaemon [opcje] [polecenie [argumenty]]\n"
 "Demon kart procesorowych dla @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "proszę użyć opcji ,,--daemon'' do uruchomienia programu w tle\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "obsługa fd %d uruchomiona\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "obsługa fd %d zakończona\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "błąd pobierania informacji o zastosowaniu klucza: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "model poprawności żądany przez certyfikat: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "łańcuchowy"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "powłokowy"
 
@@ -8610,7 +8696,7 @@ msgstr "Uwaga: niekrytyczna polityka certyfikatu niedozwolona"
 msgid "certificate policy not allowed"
 msgstr "polityka certyfikatu niedozwolona"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "nie udało się pobrać odcisku\n"
@@ -8625,7 +8711,7 @@ msgstr "poszukiwanie wystawcy na zewnątrz\n"
 msgid "number of issuers matching: %d\n"
 msgstr "liczba pasujących wystawców: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "nie można uzyskać authorityInfoAccess: %s\n"
@@ -8646,232 +8732,232 @@ msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr ""
 "wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "nie udało się przydzielić uchwytu keyDB\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certyfikat został unieważniony"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "status certyfikatu jest nieznany"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "proszę upewnić się, że ,,dirmngr'' jest poprawnie zainstalowany\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "sprawdzenie CRL nie powiodło się: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certyfikat z błędną ważnością: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certyfikat jeszcze nie jest ważny"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "certyfikat główny jeszcze nie jest ważny"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "certyfikat pośredni jeszcze nie jest ważny"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certyfikat wygasł"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "certyfikat główny wygasł"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "certyfikat pośredni wygasł"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "brak wymaganych atrybutów certyfikatu: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certyfikat o nieważnej ważności"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "podpis nie utworzony w czasie życia certyfikatu"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certyfikat nie utworzony w czasie życia wystawcy"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "pośredni certyfikat nie utworzony w czasie życia wystawcy"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  podpis utworzony "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certyfikat utworzony "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certyfikat ważny od "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     wystawca ważny od "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "odcisk=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "główny certyfikat nie został oznaczony jako zaufany\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interaktywne oznaczanie zaufania nie włączone w gpg-agencie\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interaktywne oznaczanie zaufania wyłączone dla tej sesji\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "OSTRZEŻENIE: czas utworzenia podpisu nie jest znany - przyjęto czas bieżący"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "nie znaleziono wystawcy w certyfikacie"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "własnoręcznie podpisany certyfikat ma ZŁY podpis"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "główny certyfikat nie jest oznaczony jako zaufany"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "sprawdzenie listy zaufania nie powiodło się: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "łańcuch certyfikatów zbyt długi\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "nie znaleziono certyfikatu wystawcy"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certyfikat ma ZŁY podpis"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "znaleziono inny być może pasujący certyfikat CA - ponawianie próby"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "łańcuch certyfikatów dłuższy niż dozwolony przez CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certyfikat jest dobry\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "certyfikat pośredni jest dobry\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "certyfikat główny jest dobry\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "przełączanie do modelu łańcuchowego"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "użyty model poprawności: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "skrót %u-bitowy nie jest poprawny dla %u-bitowego klucza %s\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "brak pamięci\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(to jest algorytm MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "brak"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Błąd - niewłaściwe kodowanie]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Błąd - brak pamięci]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Błąd - Brak nazwy]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Błąd - niewłaściwe DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8885,132 +8971,143 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "stworzony %s, wygasa %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "nie podano zastosowania klucza - przyjęto wszystkie zastosowania\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "błąd pobierania informacji o zastosowaniu klucza: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "certyfikat nie powinien być używany do poświadczania\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certyfikat nie powinien być używany do podpisywania odpowiedzi OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "certyfikat nie powinien być używany do szyfrowania\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "certyfikat nie powinien być używany do podpisywania\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certyfikat nie nadaje się do szyfrowania\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certyfikat nie nadaje się do podpisywania\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "wyszukanie certyfikatu"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "linia %d: niewłaściwy algorytm\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "linia %d: niewłaściwa długość klucza %u (poprawne są od %d do %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "linia %d: nie podano nazwy przedmiotu\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "linia %d: niewłaściwa etykieta nazwy przedmiotu ,,%.*s''\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "linia %d: niewłaściwa nazwa przedmiotu ,,%s'' na pozycji %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "linia %d: niepoprawny adres e-mail\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "linia %d: niewłaściwy numer seryjny\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "linia %d: niewłaściwa etykieta nazwy wystawcy ,,%.*s''\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "linia %d: niewłaściwa nazwa wystawcy ,,%s'' na pozycji %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "linia %d: podano niewłaściwą datę\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "linia %d: błąd pobierania klucza podpisującego z uchwytu ,,%s'': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "linia %d: podano niewłaściwy algorytm skrótu\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "linia %d: niewłaściwy authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "linia %d: niewłaściwy subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "linia %d: niewłaściwa składnia rozszerzenia\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "linia %d: błąd odczytu klucza ,,%s'' z karty: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "linia %d: błąd pobierania klucza z uchwytu ,,%s'': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "linia %d: generowanie klucza nie powiodło się: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9018,45 +9115,45 @@ msgstr ""
 "Aby zakończyć to żądanie certyfikatu proszę wprowadzić jeszcze raz hasło dla "
 "utworzonego klucza.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Istniejący klucz\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Istniejący klucz z karty\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Możliwe akcje dla klucza %s:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) podpisywanie, szyfrowanie\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) podpisywanie\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) szyfrowanie\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Nazwa przedmiotu X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Nie podano nazwy przedmiotu\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Nieprawidłowa etykieta nazwy przedmiotu ,,%.*s''\n"
@@ -9066,243 +9163,236 @@ msgstr "Nieprawidłowa etykieta nazwy przedmiotu ,,%.*s''\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Nieprawidłowa nazwa przedmiotu ,,%s''\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "33"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Adresy poczty elektronicznej"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (pusta linia oznacza koniec):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Nazwy DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (opcjonalne; pusta linia oznacza koniec):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Stworzyć własnoręcznie podpisany certyfikat? (t/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Użyte będą następujące parametry:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "błąd tworzenia pliku tymczasowego: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Tworzenie własnoręcznie podpisanego certyfikatu. "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Tworzenie żądania certyfikatu. "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Może to chwilę potrwać...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Gotowe.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Gotowe. Teraz należy wysłać to żądanie do własnego centrum certyfikacji.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "problem z zasobami: brak pamięci\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "dane zaszyfrowano za pomocą %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(to jest algorytm RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(to nie wygląda na zaszyfrowaną wiadomość)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "zaszyfrowano kluczem %s o identyfikatorze %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "nie znaleziono certyfikatu ,,%s'': %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "błąd blokowania keyboksa: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "powtórzony certyfikat ,,%s'' usunięty\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "certyfikat ,,%s'' usunięty\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "usunięcie certyfikatu ,,%s'' nie powiodło się: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "nie podano poprawnych adresatów\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "wypisanie kluczy zewnętrznych"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "wypisanie łańcucha certyfikatów"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "import certyfikatów"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "eksport certyfikatów"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "zarejestrowanie karty procesorowej"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "przekazanie polecenia do dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "wywołanie gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "nieużywanie w ogóle terminala"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|liczba certyfikatów do dołączenia"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "przyjęcie wejścia w formacie PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "przyjęcie wejścia w formacie base-64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "przyjęcie wejścia w formacie binarnym"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "tworzenie wyjścia zakodowanego base-64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|UŻYTKOWNIK|użycie tego identyfikatora jako domyślnego klucza tajnego"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|PLIK|dodanie tego zbioru kluczy do listy zbiorów kluczy"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|użycie tego serwera do wyszukiwania kluczy"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "pobranie brakujących certyfikatów wystawców"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAZWA|użycie kodowania NAZWA dla haseł PKCS#12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "pominięcie CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "niesprawdzanie CRL dla głównych certyfikatów"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "sprawdzenie poprawności przy użyciu OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "niesprawdzanie polityk certyfikatów"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAZWA|użycie tego algorytmu szyfrowania NAZWA"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAZWA|użycie tego algorytmu skrótu wiadomości"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "tryb wsadowy: bez żadnych pytań"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "przyjęcie odpowiedzi ,,tak'' na większość pytań"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "przyjęcie odpowiedzi ,,nie'' na większość pytań"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|PLIK|zapisanie logów audytowych do PLIKU"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Składnia: @GPGSM@ [opcje] [pliki] (-h wyświetla pomoc)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9313,88 +9403,124 @@ msgstr ""
 "S/MIME\n"
 "Domyślnie wykonywana operacja zależy od danych wejściowych\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Uwaga: nie można zaszyfrować do ,,%s'': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "nieznany model poprawności ,,%s''\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: nie podano nazwy hosta\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: podano hasło bez użytkownika\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: linia pominięta\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "niezrozumiały adres serwera kluczy\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "import wspólnych certyfikatów ,,%s''\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "nie można podpisać z użyciem ,,%s'': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "błędne polecenie (nie ma polecenia domyślnego)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "całkowita liczba przetworzonych: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "błąd zapisywania certyfikatu\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 "podstawowe sprawdzenia certyikatu nie powiodły się - nie zaimportowany\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "błąd pobierania zapisanych flag: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "błąd importu certyfikatu: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "błąd odczytu wejścia: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "brak działającego dirmngr w tej sesji\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "błąd podczas otwierania bazy kluczy: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problem odszukaniem istniejącego certyfikatu: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "błąd podczas szukania zapisywalnego keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "błąd zapisywania certyfikatu: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problem z ponownym odszukaniem certyfikatu: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "błąd zapisywania flag: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Błąd - "
 
@@ -9404,17 +9530,17 @@ msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 "GPG_TTY nie zostało ustawione - użycie być może nieprawidłowego domyślnego\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "niewłaściwie sformatowany odcisk w ,,%s'', w linii %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "niewłaściwy kod kraju w ,,%s'', w linii %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9430,7 +9556,7 @@ msgstr ""
 "\n"
 "%s%sNa pewno chcesz to zrobić?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9439,7 +9565,7 @@ msgstr ""
 "Należy zauważyć, że to oprogramowaie nie jest oficjalnie zatwierdzone do "
 "tworzenia i sprawdzania takich podpisów.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9450,55 +9576,61 @@ msgstr ""
 ",,%s''\n"
 "Należy zauważyć, że ten certyfikat NIE utworzy kwalifikowanego podpisu!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "algorytm skrótu %d (%s) dla podpisującego %d nie jest obsługiwany; użycie "
 "%s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "algorytm skrótu użyty dla podpisującego %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "sprawdzenie certyfikatu kwalifikowanego nie powiodło się: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Podpisano w %s kluczem %s o numerze %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Podpisano w "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[nie podano daty]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "algorytm:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr "błędny podpis: atrybut skrótu wiadomości nie zgadza się z obliczonym\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Poprawny podpis złożony przez"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                        alias"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "To jest podpis kwalifikowany\n"
@@ -9525,100 +9657,100 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "nie można zwolnić blokady pamięci podręcznej certyfikatów: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "porzucanie %u certyfikatów z pamięci podręcznej\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "nie można przeanalizować certyfikatu ,,%s'': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "certyfikat ,,%s'' jest już w pamięci podręcznej\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "certyfikat zaufany ,,%s'' załadowany\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "certyfikat ,,%s'' załadowany\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  odcisk SHA1 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   wystawca ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  przedmiot ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "błąd ładowania certyfikatu ,,%s'': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr " trwale załadowanych certyfikatów: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "certyfikatów w pamięci podręcznej: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           certyfikatów zaufanych: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "certyfikat już istnieje w pamięci podręcznej\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "certyfikat zapisany w pamięci podręcznej\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "błąd zapisu certyfikatu w pamięci podręcznej: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "niewłaściwy łańcuch odcisku SHA1 ,,%s''\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "błąd pobierania certyfikatu wg S/N: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "błąd pobierania certyfikatu wg przedmiotu: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "nie znaleziono wystawcy w certyfikacie\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "błąd pobierania authorityKeyIdentifier: %s\n"
@@ -10150,57 +10282,57 @@ msgstr "dostęp do CRL niemożliwy z powodu trybu Tor\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "wyszukanie certyfikatu niemożliwe z powodu wyłączonego %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "użycie OCSP zamiast CRL"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "sprawdzenie, czy dirmngr działa"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "dodanie certyfikatu do pamięci podręcznej"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "sprawdzenie poprawności certyfikatu"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "wyszukanie certyfikatu"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "szukanie tylko lokalnie zapisanych certyfikatów"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "oczekiwano URL-a dla --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "załadowanie CRL do dirmnge"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "specjalny tryb do wykorzystania przez Squida"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "eksport certyfikatów w formacie PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "wymuszenie użycia domyślnego respondera OCSP"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Składnia: dirmngr-client [opcje] [plik_certyfikatu|wzorzec] (-h wyświetla "
 "pomoc)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10212,217 +10344,213 @@ msgstr ""
 "Proces zwraca 0, jeśli certyfikat jest poprawny, 1 jeśli niepoprawny,\n"
 "a inne kody w przypadku błędów ogólnych\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "błąd odczytu certyfikatu ze standardowego wejścia: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "błąd odczytu certyfikatu z ,,%s'': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "certyfikat zbyt duży, żeby miał sens\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "nie można połączyć się z dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "wyszukanie nie powiodło się: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "załadowanie CRL ,,%s'' nie powiodła się: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "demon dirmngr jest włączony i działa\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "sprawdzenie poprawności certyfikatu nie powiodło się: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "certyfikat jest poprawny\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "certyfikat został anulowany\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "sprawdzenie certyfikatu nie powiodło się: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "otrzymano status: ,,%s''\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "błąd zapisu kodowania base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "nieobsługiwane zapytanie ,,%s''\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "oczekiwano bezwzględnej nazwy pliku\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "wyszukiwanie ,,%s''\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "lista zawartości pamięci podręcznej CRL"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|PLIK|załadowanie CRL z PLIKU do pamięci podręcznej"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|pobranie CRL z URL-a"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "wyłączenie dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "zapis pamięci podręcznej"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "zezwolenie na sprawdzenie wersji oprogramowania online"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|bez zwracania więcej niż N elementów w jednym zapytaniu"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "trasowanie całego ruchu sieciowego przez Tora"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Konfiguracja dla serwerów kluczy"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|używaj serwera kluczy URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|PLIK|użycie certyfikatów CA w PLIKU dla HKP po TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Konfiguracja dla serwerów HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "powstrzymanie od użycia HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ignorowanie punktów dystrybucji CRL przez HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|przekierowanie wszystkich żądań HTTP na URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "użycie systemowego ustawienia proxy HTTP"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Konfiguracja używanych serwerów LDAP"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "powstrzymanie od użycia LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ignorowanie punktów dystrybucji CRL przez LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|użycie HOSTA do zapytań LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "bez użycia hostów zapasowych z --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|użycie tego serwera do wyszukiwania kluczy"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|PLIK|odczyt listy serwerów LDAP z PLIKU"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "dodanie nowych serwerów wykrytych w pinktach dystrybucji CRL do listy "
 "serwerów"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|ustawienie limitu czasu LDAP na N sekund"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Konfiguracja dla OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "zezwolenie na wysyłanie żądań OCSP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ignorowanie URL-i usług OCSP zawartych w certyfikatach"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|użycie respondera OCSP spod URL-a"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|odpowiedź OCSP podpisana przez FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "wymuszenie ładowania nieaktualnych CRL"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10431,11 +10559,11 @@ msgstr ""
 "@\n"
 "(pełną listę poleceń i opcji można znaleźć w podręczniku ,,info'')\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Składnia: @DIRMNGR@ [opcje] (-h wyświetla pomoc)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10443,114 +10571,296 @@ msgstr ""
 "Składnia: @DIRMNGR@ [opcje] [polecenie [argumenty]]\n"
 "Dostęp do serwera kluczy, CRL i OCSP dla @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "poprawne poziomy diagnostyki to: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "składnia: %s [opcje]"
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "dwukropki nie są dozwolone w nazwie gniazda\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "pobranie CRL z ,,%s'' nie powiodło się: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "przetworzenie CRL z ,,%s'' nie powiodło się: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: linia zbyt długa - pominięto\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: wykryto błędny odcisk\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: błąd odczytu: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: zignorowano śmieci na końcu linii\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 "otrzymano SIGHUP - ponowny odczyt konfiguracji i zapis pamięci podręcznej\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "otrzymano SIGUSR2 - nie zdefiniowano akcji\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "otrzymano SIGTERM - zamykanie...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "otrzymano SIGTERM - nadal są aktywne połączenia: %d\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "wymuszono zamknięcie\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "otrzymano SIGINT - natychmiastowe zamknięcie\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "otrzymano sygnał %d - nie zdefiniowano akcji\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "zwrócenie wszystkich wartości w formacie rekordu"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAZWA|zignorowanie części z hostem i połączenie poprzez NAZWĘ"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAZWA|połączenie z hostem NAZWA"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|połączenie z portem N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAZWA|użycie NAZWY użytkownika do uwierzytelnienia"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|HASŁO|użycie HASŁA do uwierzytelnienia"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "pobranie hasła z $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|ŁAŃCUCH|ŁAŃCUCH zapytania DN"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|ŁAŃCUCH|użycie ŁAŃCUCHA jako wyrażenia filtra"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|ŁAŃCUCH|zwrócenie atrybutu ŁAŃCUCH"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Składnia: dirmngr_ldap [opcje] [URL] (-h wyświetla pomoc)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Składnia: dirmngr_ldap [opcje] [URL]\n"
+"Wewnętrzny program pomocniczy LDAP dla Dirmngr\n"
+"Interfejs i opcje mogą się zmienić bez uprzedzenia\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "błędny numer portu %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "przeszukiwanie wyniku pod kątem atrybutu ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "błąd zapisu na standardowe wyjście: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          dostępny atrybut ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "nie znaleziono atrybutu ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "znaleziono atrybut ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "przetwarzanie URL-a ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          użytkownik ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          hasło ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          host ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          port %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        filtr ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          atrybut ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "brak nazwy hosta w ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "nie podano atrybutu dla zapytania ,,%s''\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "OSTRZEŻENIE: użyto tylko pierwszego atrybutu\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "nie udało się zainicjować LDAP na ,,%s:%d'': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "nie udało się zainicjować LDAP na ,,%s:%d'': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "nie udało się zainicjować LDAP na ,,%s:%d'': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "dowiązanie do ,,%s:%d'' nie powiodło się: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "szukanie ,,%s'' nie powiodło się: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr ",,%s'' nie jest URL-em LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ",,%s'' jest nieprawidłowym URL-em LDAP\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "błąd dostępu do ,,%s'': status http %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL ,,%s'' przekierowany na ,,%s'' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "za dużo przekierowań\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "przekierowanie zmienione na ,,%s''\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "błąd wypisywania linii logu: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "błąd odczytu logu z wrappera LDAP %d: %s\n"
@@ -10580,51 +10890,31 @@ msgstr "oczekiwanie na wrapper LDAP %d nie powiodło się: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "wrapper LDAP %d przytkany - zabito\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "błędny znak 0x%02x w nazwie hosta - nie dodano\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "dodano ,,%s:%d'' do listy serwerów LDAP\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc nie powiodło się: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr ",,%s'' nie jest URL-em LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr ",,%s'' jest nieprawidłowym URL-em LDAP\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: błędny wzorzec ,,%s''\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search natrafiło na limit rozmiaru w serwerze\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: podano hasło bez użytkownika\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: linia pominięta\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10710,92 +11000,92 @@ msgstr "liczenie skrótu odpowiedzi OCSP dla ,,%s'' nie powiodło się: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "nie podpisane domyślnym certyfikatem podpisującego OCSP"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "przydzielanie elementu listy nie powiodło się: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "błąd pobierania ID respondera: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 "nie znaleziono odpowiedniego certyfikatu do zweryfikowania odpowiedzi OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "nie znaleziono certyfikatu wystawcy: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "wywołujący nie zwrócił certyfikatu docelowego\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "wywołujący nie zwrócił certyfikatu wystawcy\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "nie udało się przydzielić kontekstu OCSP: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "nie zdefiniowano domyślnego respondera OCSP\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "nie zdefiniowano domyślnego podpisującego OCSP\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "użycie domyślnego respondera OCSP ,,%s''\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "użycie respondera OCSP ,,%s''\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "błąd pobierania stanu OCSP dla certyfikatu docelowego: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "stan certyfikatu: %s (ten=%s następny=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "poprawny"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certyfikat został unieważniony: %s z powodu: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "responder OCSP zwrócił stan z przyszłości\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "responder OCSP zwrócił stan niebieżący\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "responder OCSP zwrócił stan zbyt stary\n"
@@ -10805,67 +11095,71 @@ msgstr "responder OCSP zwrócił stan zbyt stary\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) nie powiodło się: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "brak pola ldapserver"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "brak pola serialno w ID certyfikatu"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire nie powiodło się: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url nie powiodło się: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "błąd wysyłania danych: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch nie powiodło się: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert nie powiodło się: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "przekroczono max_replies %d\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "nie można przydzielić struktury sterującej: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "nie udało się przydzielić kontekstu assuan: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "nie udało się zainicjować serwera: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "nie udało się zarejestrować poleceń przez Assuana: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Problem z accept u Assuana: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Przetwarzanie u Assuana nie powiodło się: %s\n"
@@ -10908,51 +11202,57 @@ msgstr "łańcuch certyfikatów jest dobry\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certyfikat nie powinien być używany do podpisywania CRL\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "cicho"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "wypisanie danych zakodowanych szesnastkowo"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "dekodowanie otrzymanych linii danych"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "połączenie z dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "połączenie z dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAZWA|połączenie z gniazdem Assuan o tej nazwie"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADRES|połączenie z serwerem Assuan pod ADRESEM"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "uruchomienie serwera Assuan podanego z linii poleceń"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "nieużywanie rozszerzonego trybu połączenia"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|PLIK|uruchomienie poleceń z PLIKU przy starcie"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "uruchomienie /subst przy starcie"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Składnia: @GPG@-connect-agent [opcje] (-h wyświetla pomoc)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10960,173 +11260,189 @@ msgstr ""
 "Składnia: @GPG@-connect-agent [opcje]\n"
 "Połączenie z działającym agentem i wysyłanie poleceń\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "opcja ,,%s'' wymaga programu i opcjonalnych argumentów\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "opcja ,,%s'' zignorowana z powodu ,,%s''\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "odbieranie linii nie powiodło się: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "linia zbyt długa - pominięta\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "linia skrócona z powodu osadzonego znaku Nul\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "nieznane polecenie ,,%s''\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "wysyłanie linii nie powiodło się: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "brak działającego dirmngr w tej sesji\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "błąd wysyłania standardowych opcji: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "klucz publiczny to %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Klucze prywatne"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Karty procesorowe"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Sieć"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Wpisywanie hasła"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Komponent nie nadaje się do uruchomienia"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Plik konfiguracyjny komponentu %s jest uszkodzony\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Podpowiedź: można użyć polecenia ,,%s%s'', aby uzyskać szczegóły.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Zewnętrzna weryfikacja komponentu %s nie powiodła się"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Uwaga, określenia grup są ignorowane\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "błąd zamykania ,,%s''\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "błąd analizy ,,%s''\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "lista wszystkich komponentów"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "sprawdzenie wszystkich programów"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|KOMPONENT|wypisanie opcji"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|KOMPONENT|zmiana opcji"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|KOMPONENT|zaznaczenie opcji"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "zastosowanie globalnych wartości domyślnych"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|PLIK|uaktualnienie plików konfiguracyjnych przy użyciu PLIKU"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "pobranie katalogów konfiguracyjnych dla @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "wyświetl globalny plik konfiguracyjny"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "sprawdzenie globalnego pliku konfiguracyjnego"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "odpytanie bazy danych wersji oprogramowania"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "ponowne załadowanie wszystkich lub podanych komponentów"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "uruchomienie podanego komponentu"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "zabicie podanego komponentu"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "plik wyjściowy"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "uaktywnienie zmian w czasie działania o ile to możliwe"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Składnia: @GPGCONF@ [opcje] (-h wyświetla pomoc)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11134,15 +11450,15 @@ msgstr ""
 "Składnia: @GPGCONF@ [opcje]\n"
 "Zarządzanie opcjami konfiguracji dla narzędzi z systemu @GNUPG@\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Wymagany jest jeden argument komponentu"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Nie znaleziono komponentu"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Argument nie jest dozwolony"
 
@@ -11159,149 +11475,229 @@ msgstr ""
 "Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
 "Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Uwaga: klucze są już zapisane na karcie!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "błąd zapisu do pliku tymczasowego: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Uwaga: klucze są już zapisane na karcie!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "użycie pliku loga dla serwera"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Zastąpić istniejące klucze? (t/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Wykryto kartę OpenPGP nr %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "działanie bez pytania użytkownika"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Opcje sterujące formatem wyjścia"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Opcje sterujące użyciem Tora"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "dodanie certyfikatu do pamięci podręcznej"
 
-#~ msgid "LDAP server list"
-#~ msgstr "lista serwerów LDAP"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "ustawienie KDF do uwierzytelniania PIN-em"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "dodanie certyfikatu do pamięci podręcznej"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "dodanie certyfikatu do pamięci podręcznej"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "zapytanie o klucz %s z serwera %s %s\n"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: nie podano nazwy hosta\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "zmiana hasła"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "niezrozumiały adres serwera kluczy\n"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "wykryto kartę o numerze seryjnym: %s\n"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "zwrócenie wszystkich wartości w formacie rekordu"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "nie znaleziono klucza uwierzytelniającego dla ssh na karcie: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAZWA|zignorowanie części z hostem i połączenie poprzez NAZWĘ"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Proszę wyjąć obecną kartę i włożyć kartę z numerem seryjnym"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAZWA|połączenie z hostem NAZWA"
+#~ msgid "use a log file for the server"
+#~ msgstr "użycie pliku loga dla serwera"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|połączenie z portem N"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "gpg-agent nie działa - uruchamianie ,,%s''\n"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAZWA|użycie NAZWY użytkownika do uwierzytelnienia"
+#~ msgid "argument not expected"
+#~ msgstr "nieoczekiwany argument"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|HASŁO|użycie HASŁA do uwierzytelnienia"
+#~ msgid "read error"
+#~ msgstr "błąd odczytu"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "pobranie hasła z $DIRMNGR_LDAP_PASS"
+#~ msgid "keyword too long"
+#~ msgstr "słowo kluczowe zbyt długie"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|ŁAŃCUCH|ŁAŃCUCH zapytania DN"
+#~ msgid "missing argument"
+#~ msgstr "brak argumentu"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|ŁAŃCUCH|użycie ŁAŃCUCHA jako wyrażenia filtra"
+#~ msgid "invalid argument"
+#~ msgstr "niepoprawny argument"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|ŁAŃCUCH|zwrócenie atrybutu ŁAŃCUCH"
+#~ msgid "invalid command"
+#~ msgstr "błędne polecenie"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Składnia: dirmngr_ldap [opcje] [URL] (-h wyświetla pomoc)\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "błędna definicja aliasu"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Składnia: dirmngr_ldap [opcje] [URL]\n"
-#~ "Wewnętrzny program pomocniczy LDAP dla Dirmngr\n"
-#~ "Interfejs i opcje mogą się zmienić bez uprzedzenia\n"
+#~ msgid "out of core"
+#~ msgstr "brak pamięci"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "błędne polecenie"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "nieznane polecenie ,,%s''\n"
+
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "nieoczekiwane opakowanie: "
+
+#~ msgid "invalid option"
+#~ msgstr "błędna opcja"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "brak argumentu dla opcji ,,%.50s''\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "błędny numer portu %d\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "opcja ,,%.50s'' nie może mieć argumentów\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "przeszukiwanie wyniku pod kątem atrybutu ,,%s''\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "błędne polecenie ,,%.50s''\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "błąd zapisu na standardowe wyjście: %s\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "opcja ,,%.50s'' jest niejednoznaczna\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          dostępny atrybut ,,%s''\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "polecenie ,,%.50s'' jest niejednoznaczne\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "nie znaleziono atrybutu ,,%s''\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "błędna opcja ,,%.50s''\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "znaleziono atrybut ,,%s''\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Uwaga: brak domyślnego pliku opcji ,,%s''\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "przetwarzanie URL-a ,,%s''\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "plik opcji ,,%s'': %s\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          użytkownik ,,%s''\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "nie można uruchomić programu ,,%s'': %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          hasło ,,%s''\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "nie można uruchomić zewnętrznego programu\n"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          host ,,%s''\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "nie można odczytać odpowiedzi programu zewnętrznego: %s\n"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          port %d\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "sprawdzanie podpisów z danymi PKA"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN ,,%s''\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "zwiększenie zaufania podpisów z poprawnymi danymi PKA"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        filtr ,,%s''\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC i ECC\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          atrybut ,,%s''\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "brak nazwy hosta w ,,%s''\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Uwaga: Sprawdzony adres pospisującego to ,,%s''\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "nie podano atrybutu dla zapytania ,,%s''\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Uwaga: Adres podpisującego ,,%s'' nie pasuje do wpisu DNS\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "OSTRZEŻENIE: użyto tylko pierwszego atrybutu\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr ""
+#~ "poziom zaufania poprawiony na PEŁNY ze względu na poprawne informacje "
+#~ "PKA\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr ""
+#~ "poziom zaufania poprawiony na ŻADEN ze względu na błędne informacje PKA\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "nie udało się zainicjować LDAP na ,,%s:%d'': %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "działanie bez pytania użytkownika"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "dowiązanie do ,,%s:%d'' nie powiodło się: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "szukanie ,,%s'' nie powiodło się: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Opcje sterujące formatem wyjścia"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: błędny wzorzec ,,%s''\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Opcje sterujące użyciem Tora"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "brak pola ldapserver"
+#~ msgid "LDAP server list"
+#~ msgstr "lista serwerów LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "Uwaga: stary domyślny plik opcji ,,%s'' został zignorowany\n"
@@ -11357,8 +11753,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "nie udało się otworzyć %s do zapisu: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "błąd odczytu z %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "błąd zapisu do %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "błąd zamykania %s: %s\n"
diff --git a/po/pt.gmo b/po/pt.gmo
index a0c185402ebfcbed144bc3f4e261b5d0b676d96e..8942aa5ca233ae53fe14cbbd84a817bd9247462c 100644
GIT binary patch
delta 7970
zcmZA630Rd?9>?(mxq;%wqAbb<1!QqUTmW$eTyQJP6-1T`;f4Zcrgg`(#x!SAbEX<K
z$Ej>FTPT;NvLY)hD@{vn(Xmq7UE64KzCX@ko@U<1Kc92XJ@0wX`d+9tTl`mS_V<0-
zzR3o|b-kZ4QJCM-m@}j|hN;w;0iBKMj_KF|%P|stsQQ0%?sgt=UU0UFHYS^TDcA!S
z;3(XJ-0w4AkqD=txyLpb;~az?jWN?*z6QIJUyJd$6I1XLR7V11jA@SvsC)*t!^x=j
zD_r?<)Bv_%N1kt<CqZY;5sbx47>6Cm=s{UXkts!$-;Vq<+xgK2-^B#Hh#rijP#qYE
zAvo3L=ehi9)J$%{wmjeLCeaP|qegfEbz=uI!I**+nIWi-mO7U^x1wg^WmHGL!;u(9
zZ(CuZa}H`L7h^BnhCZ#yQ4$f@oZ<GtSWLr7s2f(J>g~Z6coqZjJO*JsW?%qM?}XW?
zDK18J{1&8&+3MVn8sNDE=3fmqW%xs|H4eh@n1z4BHuyGbZ9hh>>Gv-0muNc}f`OC|
zLp^XTHp2zTs+b$`9{d~TU|N#x=uJt?zeau!1)ADg)RZ4WZJN`l&rP!3jFA{hHVxIW
z(WnkhLmiko$Yh%3*c=~04?czT*&K5DdJH5V<zwO0KmzK)=`KGO)qz4(2Nt77ayM#o
z?Lysm7^CqtYGln=FAt8v5}b>gk%P$K&1F1=(X3}PKi1#BryW@UJE8?2#G;N}GPcBQ
z?2QvpBe)f{#*d*oxF2c4e1=-nU@B{=x?wtIVqaW{+Cz__cK>l?U_Nt!gr+no)gH4h
zsHMn3jkFZip=GF<xDPeO&!Rf;5$Y6O#wuLM4yH+S7PW^W*vX@C3i8iv<%in;5WDEk
zA4m*VMY^dQr=cEjCyvCYky$hKE}z)XcBBe5rE73F?m~^Q9&<6NKR=k_1;{osRRe7M
zn@~&gE~cvI7fGn6@yr*qXi8CQy#aM>cB49U0_lTknqfCzCblJ?hlQArt?+qQz8|%O
z$8jQ_M%|y0X=h?S`dU-)Ac+us27_=vs{BLLE<KHrcpkMRK?7|*2}8-}Vi@M5_C__T
z!)uXMF}qL?{tDZphtblM>669$Q)VhDP($0Dub@VL)a9?BmLQaugErxCRQ)-qj@^n{
zy3MGLyyraQ{0%izp{#Q!j7M$4?7_^x3i2t?jW?mDa4qr{HJec*sl(3rC8}PFA@;%1
zs433G2poZ`UyQncCGyWa&JR8CJB-0*L+xqn<|7eBL2qn_<4_IEbl#3?Xglh`2T_~s
zEOx{W!)!--q1qXPdQgRP8S4IfQ8W6Y%YT7dVqYLz_bL+MI08GNcD)y=V|HLPo=43<
zyKFo4y)b}$E^6cxP#v0$;kd$;Z$?f19#{S*>cO8QOX)KgN%&I`m1CD8+L?tapN<;Y
z4AhNFP_N!qsHM9PwRv}=I(Pu%@EcS|+H)2)@)Xo@ortP;Ge+qAZzQ1+?rJDt*Q2KJ
zf-{h5i6tM4YA^?No(nMsS7BG&j_UA1Y=VbT9X^J70i8wd{#2${?dM<@o^J}2z-6eB
zJcwHB=TOJ-AgaeFQ1yO8O=&Ex@{%)sP$MpPu0cJx7Il1IK|T0@^CW6O7tt3?B5btX
zjY;Ss-v@PGuSJb)6>5#2Kwg&SP1FOgU=qgV*-beCmG|LY_$Vf0<{0}OQI5Lruc+hv
z!WiaXUmjmmkb;q8ZO=wxBKg^<k#9hC;2HGbyQrl&=ROY{XUh{&BOQ(Uyujrbp{9Hl
z_QS2{!DHi?|K=oqaTWc?+szh=-6>B+H8c~|k(*Er-HUqAQ>Zn675n4s=)o(fne$Ar
zdn*SM$a}GyAKw|6O@62EYI|(zQM)<h8oS1+=pjD|H4}?apZ^`z&|c(3nlq?ZX)-T(
zHCT??%-d1*-^LjH3O(5BT3g=T>B}RbsjWbba0O}&|AAVocU<`;)TRl(&Ti6vsQP)R
z4$VRx({-o^KY@BRA3)vrC8}PlNp@z_u&2&{F$t~xI@Ipo>++wWM&5R^Z6E{Hp#oF~
zm!sbKJ5Vp4lc>%1GwMwmH^qMW^hed3h3ddY?1-;oyw3k8Bs67BrrHL&IwxQj<x5c=
zc@B9cn9nf?lc(A5igX-8J{Je!A5ly38mhxBr}I}7_QrIag}v|r?9cPf5faTYDBm_5
z>g<ApDesM%!Ud?cyc;!=ov4m|ikiU|1@_h47X!)XVH!@tez+RdkylXd)uS(pMCTcH
zS7%~J@)I!?=U{uhA0zN-Y=sA~KOV<FWBWoo;;pEL&tN15&a@ql$6)d!u`}kQ2C`%(
z^REYPqM#G*#142ERsIdCp{7OrIfXH(4$MG}d^UE&4X7!75jFDfF&uwEbv&fl*6)d$
zxvA*EWyL<*<E<2^;y!GHCovY!At%!Wm)JL)7jGheH);mjl-lwUc!~TC*xrwhdF@DV
zDYLKYO{mSi1J(W^)RLU?k<g1KyxeY<5vUQ*#Z0^dHIjX(899MN@h8+~%DCQc+8Wg7
zTTlbpgPQWgs3|{-(b&Ag<`YnPUoHt9k1~wMdr(WT7nk6N$RwGGv+PLU$C2dyXLA%W
z4|V?|s2TYPyJ7Ggds+r!3i;)zdQakLJcSIvXS&bjw-yS@F$|x<p7<83Vm)fAa_8}D
z72b@R;**$6{$iy)rqT25ZZE)Ll&`}aJc6Sza)IrL7d3P1P``hgw_QPCmEAnq7(j*b
zs2P}wL3jk);b-pi%Q%z#71ZXOS#3|jCe%!x!Waywu_mLIXe_F|GECIe){xMYZAKl(
z*HI08j#|T(3vE6c`;yPaA-EKC@debHH@U&h1oC}m3Q(tNJBHw!*aJ^s61HB%{A-h?
zlh6YfVkmAzZH}jL5FSDgw!6`8(o_s1KLyorB_`ks?10-*?YxSbf#cW;e?>hfV6i=2
zy%sb7x^W@}YH$gv!aCG3*@Nooe(aBzP-~vT8Po`;U?grs9j`iUfoD)NdJffYIO~{-
zy)Y3=P|sbng!zvp@vN(G6nm3zxzsL27OF$juq!TeK7{JXTd4X!qNX<SW_#YJ;8o-+
za3apdYw=~w!?0WICNK7p&<NLIcYFcc;@7VHSJV_H(9tLyh3ZHdhU04Ngb$)-tPa)T
z_t77JLDl~^W?<|e>@TMUsMFyqCZQ>M7}elj)YKhwdH-eh#wZ*?`DFCq{g{F;p=RP+
z)PuuswH+RUapa4gE3x4Xi0aTGjMe%7k%UGTvD{8ce^dv`UH&fgC;t*Q!8+7P-@t3|
zC~C7MudthMC~9q|qB^t;)&9e%0q#Q`zY`6gGcDhe&=Q2)W-AWH;pFpCYrDmH2zCCO
z+-?m+HQWs&F$d$Z2sNWCF%a)Z?Ttq<7muNq+Ve;5<N0PBi7cFj4LwCw*oWHn7qJf}
zujIdAVIgWa*Q3gN++i)oH1dBzwf7e4{(x2X4LTGDlfMxM;BIXA?|<h>sG?`J{a_0A
zB)=91;>#F;zoC{U{7&1^Va`GvO8HXMNMFPN{1!XnkEr|FuCeW>qlbLe8rDCV#Ci&}
zi}zv&`~<b;moXiG!fZ_alkM0dOeDVzH4_KX4}X7cBl8(?`getgN%KlDY?+4dh(3Or
ze|KHwTIhs+ziX`-pBIw<H!dZT2zBlvafJB&wUA61v5EMSI7T#H?>8oJ672;MQ+)iW
zq~IZ<KWPSHQZOGMBO0#)%BB-Jgf5+c#SJODMCFuc5+$xo>#t2Xma=IW>h9A^=p-?l
zc!ltl@WEOV?6HPR(_KWIv03wyQ(R5mf4IE%LyAj_QN-QEOzPZ>e<ga5zJ}1I)#XpR
z3e&JV!RGZf{5h0LrUNmC4?U>=8KEl|f5PjOA-x^~+-K)Wze`Lfz9n>xB>1{FBVC<L
z(i4bw<lAFcLKiPp^A3@u^}mXQHeEE8qKFF8&k^HE#}m2|EM^Cm5=)57#3^F1tJ9bC
zXrl4@Cy6JBCVc)ljw7BW8n5q^(Eb}r{7kf^Vm6U1$!FnQ)Rj;AE?h?pB4!cQgf9Iy
zq~qHWb^Su*k=6;Bis^)opRNxr4R6j|(oH@57`i?tBG@;LYUkX?bDUy0F@nz;uRpj%
zm&OA8$fakvdOh(C%6elnS2o63L;0J;dqfb?is14!%*9wzfy9d{;+kPG^-i&q;5Uhe
zKRuNHia0^U@__qrH}MSdDlwX}so0c=C0ddXCI%2~h~|{(8l;`jih}EiI0|Zs*NH-6
zIAvesC&WCW@p_QNt;8DQpeyW$8;OUBEkr1>i%27MU2ie>;|gLCF_HGW=uHqzrU}t_
z4R(oZ`Rp~)7l?ht1oFDdiRLa{Ou8rW0r3Ly8=*^IS^s|(P|%wDB8Vu`lL^Leug(;1
zCmHS<{+@IsF_X}>pD5<D77aQ3BNckN`r}C_knTqW60OO9W2>1`@{f}4icN_xT=@Y#
z|3@;PyMn#Am3Wefq+%Sg$9*=8w5}1BhM(as{WjJS4-hZAGVvBMfS5>(;{IQ8Goh;&
zQKt33LgF5xJE3be@fV`6dtfKh$%L*V%8uidh8%yWImO2=J()UQq6KlUD;r1pU!-p*
z77#~?M9Tg<|F@CWl}Fr3c!>}yti;a5BtlnjBAN&xVu%bi!u10&kn{}=IsS_g2DtPP
z%41wT73H|{=W*%~muX~~OJra?(StZkJVJCNHW0d=CN2?I6Jf6Lr$~QFtRfE8-qv}z
ze{EPyvfujov1zq?V?XFTsI0Q8q+(vVr+V?+x!#(piV{yr#r*5NRi3zNPq(<zM9&Qs
zm2-+}yw#p6FP~I+=hb-TS9#04Ro;0e-r99TOM`1CUpL%u{d<$LY7-{k(RFN5rH4lA
zwiQ)*ifF8?s>oAaF}Lm!HD2_;&3cNeU1N2R&MT=PS6b;Q^;XwZ%qyy?`+HSIW$lh7
Hg(3d|7cjrS

delta 8219
zcmZ|U3tZMkzQ^$aNe~eg6jTr&ZVCt@h=O<n#XDIF-Zg!=DT1gxcuVWCo2hAL+HP5^
zR$FW9*)|TfR-0C8ndO?6TdCEabWgRemhGx-X0@L$Gw$*1>zx0q-}9cC|83?sGk<FL
z?rnh^b_DuAjR<<kaLf-dCKm5*ZOj*x&qb-#m^E?6WZ+ti#@!f$@1m~%t23mVttUH&
zI%i=K*R8}}_&Scp3--L<<a><iOv7Z<0~a~($4=CDIS-&-{E4f7hq^u@-k2oJ#O_#%
z>9_)QekVrY8?OElwx@mxI~%_-!3p-lc+`c1Q7;<roR8|rTI_;PAcHo0kblg_{3PQ~
zs17728pE?qF{-@|b=?-^AG4dE9(W2pyx+8-`|4>DcECbcpXBO3RO;7YJKTXO*ogdN
zPV%Gse!@uXz+3gA6jVoxoi)yNs0=-We)Z%73Zw8x48xHOLzbfE-iy6)BWey`LuKM?
z?1P~^BnJnhuJ@s?dmKaXD7L~A*apvFK7P}K{CB00&Ty3SF{qwbA<s7JoQ<dveuN=-
z9t-d?4#wP6V+P?8Y>UsMrt$!4u0M43zo0sJ6+<yCjr{9{ebbC-iBnN?H5(tsyKp$h
z_B72MEklib6)LrlqEh}cY7rlC=f6a)nHJ=^BgUdSmW}GrP}Bx1^;010rUrv?6MFCw
zWN_wXS3iTH)Pv~09?%x`;&@l@i|W8gR0qANfviNWt?j7$UO{%AIf5FP|0@a}3OP(z
zIZi}n<Rv6a<`X=P!I@+zz?ieBk$uC0&{TwG*?J_lrk;-cWAgaX0Op~lcr&VljmRU+
zJIIv!&G!^ESM9Qm>5qxn7iS{xHk(nae;;aOCs8TAgxY4US%I304Ae-AQ5~#CU4JJk
z!@odvU_WZteS-BW&1C7)2Xhp)hyr>0Xe>aQ%sSKyUPWc*QyhYU{p@{1Q7>q~QMeUJ
zsyXB8?Q?BMrlB&r7>D6@?4_QZp)dj?^7tXeQ;~INrjZVH>>kvMcO!!~r%)XY&$rvM
z7&X_op?1v<REG{CeKqG%i!X72{eJYpS=5WrA4cJq?nEPM4)<XR9zi`IVW7>#6bz@n
z0hv4V7`DMi*ZwMMksiSqJb|%z$<-t1bw}#GFbazXx&1$#2K9J3YJ}TSFMbarFoaD`
zUrY@0EHfGPpe@c{qelLktABx-f*(+euqX4S>q}7`n}^Em>LGsHlNV`FkKT2Dj{4O8
zfL$@Xz%IgcRJ{mweHki)%Tb@=)u@5&!Z<vJy6yt%#leL(!-?31dZwR(ZWx1lz(S11
zhcF(0gW6{AqEh)0w#Q4T`+|pBGf?-JpkBBPwR<+AcEes&2R=kS=kKWZ_}j4*RY*ZS
zpa7N1N>^Wxn)60%fv@36Jb+s5VMTn+a3XfYhfyPc5tZ@}u@#<2jrdzsha!eIZ%4oB
zNkJ!uqf$QGo-m70FTM{ohg&fa_oJrZP3NCod*BE=vKvtMC7@P)7V7#!)S{h*>R<yV
zYyWSi(3yspusgnw+NW1g7bY=Wb#NGJgtxf*?WoK>;%vkO>W5IzJBQlFElE>6W?>SR
zpa!xGgLuDLK|wuUg`;sJYSo`Wz2F=sVh|@~3Th<9sJZr{w&5~VhgYMndkU4&L&(R@
zoWx`dA7jlyzg|3zLMT?FUfkfk7d4`-7>Ro@1dpKyPolQz_o$I&jkTGYg!*zWLcQ>5
zOvA(23%_;s?#1N)0UE{^vq$kX>W@SCjrPXDsC`_4YJU*ZaUZH<Ut=mpjI$#jh?=VD
z=)onZsrb1&-{{(pq6YfSIP$Lxf^M=6aj2AMVLu#=9$baN_&DmuXHeVd70kdBsOJRV
zY&#N<dQJiA`YEV6ufbfbLk~Xfr=ZjwL@lm!*aO4HGtU8}5!o?j<^;QKo<ObU-=pUE
z1bXlXR3_s1ZtMIg)N`tE7~YQq@IBP?!b|P@{3R50gAe0z6MC@8wI6r&zo8aa<V1Tu
z8+Bg^D&>n%=hvg=dKYT$KXC0=QBxK($u8c($n}0xLP0&P$0*!tPnbqjijSgRbRL!B
z)|2g*EE)B{Le%{gsHs?wnfNklt(-+=Dtd~o4?tyVE+%OIKS)76eF4?;Q>Z@<EvMR)
z=b;woc+{u&Hq6G2sO$EjI&cv?VeB;f9qEgj(iy1xS2}m%AnM04mG_&7>GtpcKx{+(
zE)2s>Sb*DbF#ZWOcX2aphs!aK`daLd`>;1&#azsoX%}rJ>bdisD{u()wdhw04^hzE
zpF@o#{1%&{ey9}A#*VlFL-9$>!Dq1_o<Vh_%Pc!3B^XP62}a{)RAzReGIszY@Y`AB
zzYB%X*>=RqsGeuzMx2Kl@fB1@hj{JWm!Ud*J4WITjKk+$`}?RDUc#;zUS>Ozj%qK$
z7@S$=xBo)1oCc-*cc{g&A5-u=Dy327cH|?mGxZ6mj@P2DzZaFcM)cqbOu#Fs>$+Ch
zKSp_|_E9(<Yy1>?QP_jG;yF|X=2Y7D?Rb&;5sV0+V^wyfAI!1e_Dh(^`Id9-3(`<i
zl8@RAi%^SuJ8Hyl-~jv#H4uN-YMYW=ETrLP)M9!NwQ3K$^Z!7Nr2Rab@^n<n3$Po`
za&^C}Z$s^lz1STupw>ck4S(=36G^_`?4qCy^sKf2LNN_lhvrGt0|MsTjP$`2>NUt;
zX0rv;@f7O1kUIV?3iD9|xCe{zRgA*01@^m;h`O!>`>6}tC@{_DkEj&qEwm#ayU6a-
zrKr{Z0uIHqI2<$T?VoEOsv~<)FFuQdFv(}@Wf)5RF>HmuLS>*4+wgvq(O^F;15g*-
zh_i7r4#XF+2rr>hnZMYsey{T`)T(|8+u&YI#lxtKT}ExkZcFU_12K|%Ir{a$r4;(&
zHY~v7s1$cxYUg|gYD7zM9KL|sRzb_`w>$xRQP0IRtU@iaO{nMp0XyPF)LIE$Za-*g
z%gMiohH4tLO4nf&K8GFfAZlBEjL{gx7SV%ZF&?uq3`<cj@}joa8q|HeP|thcoj;3h
zskbNp>S+85@}Engm<Fx(yD<izLv5?W7=jm2sr(N0z=W0dOV%Hi>RQwbe}?M7UU&X8
z%%a}mHai6)P#rDDBwXirh2Nq&a2$1mx!tBT8{1L!VhgOt5?q3%_%@EkZVV(7YfvM5
z6f^Km)cqG-`wgpX=6Yi+?fwZA)RP6+8Mk0pd={0e!>AsAjDgtV4tsq|%%|QHgRly<
zD{4>~YD7KnEmY=CyL#(8?S08OQu}{41rHbOL~Wx(s7zc&y*S}6+vCxwHB#f;go)I5
zqXuva6VTjkN0x}nNCBz?3tjyY45WStgS7t-Q_x6{;RO5)wa9Yrv5RgDYHrI=9a@J<
zT_b9QM^M}DOLzV<Y6`lpw%3iqVbm*8Q~Qkb6t?I6rp>)}|93+@I16KN9CpWfsFZHP
zP~3^yZcR7>Pow5Kb&b7mG7h5d!{&~n&L2T7_N&+jbJmjoM=8vukc~m>?1@}w4d&3k
z9reKDs0T#cXaC5I!6DS|z&v~%)v+t6>r&U-b}woww&Fm18@pie2J)XmAz_2<=~(An
zETsJ&)B_J<E4+-I(A;n5v@`0(L(zjPuqQr-TEuT*G=7en^B=K425hun)BzjGzk0Tc
z2JPeLP?<Q10eJoK8!CSx&Ry4dlJY8o1UCQIaNcz{g}8D8>VG-AcC@5WK|PSTQ}f@O
zQ1AXhoFcA2_}-XW;z{Bw;!ni2<HWTBPUm6z<2935O#MHIft0sk7M5WnaqTFhZ8qT_
z!;g-(ggT>RC{as$0a4xDVpp(M`vlr%V;6VdG|Hb7i-@;~xwQWrnW^Su2)}cP^R{Z<
zbc#s<yz&{>p!rhjuN^m0*h*CLK(@B|1<{A{EaGv>I)W)L!~U2}Xl^qwmxv{_os&`j
z=Z224_ybNSZlL^#h8*rrUZ(MngqQdmp<^7egt*aNQ%HFd5k+0!h%`b6pA2)H$fUgm
zYIP@3jwcpSevK%l+>_9eL3k-YuawUt?jWuZUlK*`A`j)8iEGE}6kZ@&alQ#liQf~~
zj=#IYNc@rL$aSNM-ozN{L(%81xrOr2C{KKtpCV!*v7FEm&B;O76?ObX+)OzWBZ<M3
zd!dd`EM^K86Wxgsn~!yl)X2;w{czM<ntw<0TkM{!hSkljcK^Ae`OFo{-E}#5gtmUz
z+O>^$-b(vX;sc@$5k_$M4d3DBzm=hQKusJKmjAW8U!jdZqvj!Z?rZ#Sq6aV7fqRLU
ziMNTHXq$yM5c+bpquz-aM06m6Y11(*fbqAdVH%-N(o4i2h)QA<Z5Qwi(LlUN=-5T9
zAvO~q5<2v~e1dqEc$(-$>>=`rM52z+@f5L+xQ&>?^Hco%L{SMMt{uZ&VJhbiQ~s8C
zhnPrR$9y8pmFH6KOMFc1CtA4n_LTqqD5oKk^WBJe$}@@P`PYSsH2x>X;YEy4nW!Rk
zyi3gCTu5`x{^UVl+H_1L(kTxh+7jW^ztIVfYU<BnDuxn&ZEodX`1Jm(RL;7FH*hEM
zJHo?-X~e7U+(^ngZnQN2#=7!*c!>BlanQAiW5i%$Dlv}x1BhQz*3pls(fkL|xQ$95
zwQ_7C9wYMI3lk`35jv`9`!Bpj6^@OT=HJt<JcDcI5tE7SuC0Xf7nIi%ONmd3UbOuy
z|MyYWF`jsks3AIY!Tp#-%pi2+63Ij~(SsPGhj4sP6jEN<T;o4qu$3zhr@gzot{ZJ*
zUHd+qI)a}Lu0h=E$_1EC<PdGR`L`HDJWA*oKzv6`CSu&fcT@f|@c{8rQ{T8@fuoZv
zQawc_g`N~&^_)7-g1Xw}siDT>@ucX)1f8g?E3aR^u;Kqacil}*K2Ps}G<R`jg{Q*X
z;0-m&K96gvUQp**T3uV~DXa7>_ElDF-WK0KI`e<db4%5N`g~79vM-_O{rHn{O<xsw
zBWL`pf8K?abzYyx>+@CDc^ekjd;h(k?t=2_s(SC7%K87#>Fe)r8dEwdAg97xvB2kP
zzOA{iV7@2W7ixT!_4^<9EN-Z-t-jS;;q`d!B|Mqan;)1sBubrkw|N$N>%Fe;?@Zi~
L)by)cXLk4}zm)U~

diff --git a/po/pt.po b/po/pt.po
index 837d2b7..8839982 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2015-02-11 19:17+0100\n"
 "Last-Translator: Pedro Morais <morais@kde.org>\n"
 "Language-Team: pt <morais@kde.org>\n"
@@ -18,51 +18,51 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Você quer realmente remover as chaves selecionadas? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -70,7 +70,7 @@ msgstr "frase-secreta inválida"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -81,25 +81,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "frase secreta demasiado longa\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -109,298 +97,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "frase secreta incorrecta"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "frase secreta demasiado longa\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "frase secreta demasiado longa\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Caracter inválido no nome\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "MPI incorreto"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "frase secreta incorrecta"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "muda a frase secreta"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "algoritmo de protecção %d%s não é suportado\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "impossível criar `%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "impossível abrir `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nenhum porta-chaves secreto com permissões de escrita encontrado: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: falha ao criar tabela de dispersão: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Repita a frase secreta: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Repita a frase secreta: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Repita a frase secreta: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "erro na escrita do porta-chaves `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "a escrever para `%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Insira a frase secreta\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Usar esta chave de qualquer modo? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -408,7 +376,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "O nome deve ter pelo menos 5 caracteres\n"
 msgstr[1] "O nome deve ter pelo menos 5 caracteres\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -416,99 +384,109 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Usar esta chave de qualquer modo? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Você precisa de uma frase secreta para proteger a sua chave.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "muda a frase secreta"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "A chave foi substituída"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "detalhado"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "ser mais silencioso"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "actualizar a base de dados de confiança"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
@@ -516,283 +494,278 @@ msgstr ""
 "|NOME|definir mapa de caracteres do terminal como\n"
 "NOME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "não suportado"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "não suportado"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|usar mode de frase secreta N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "utilizar o gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "o algoritmo de \"digest\" selecionado é inválido\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "a ler opções de `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "impossível criar %s: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "o gpg-agent não está disponível nesta sessão\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "%s: impossível criar directoria: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: directoria criada\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: impossível criar directoria: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "actualização da chave secreta falhou: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: ignorado: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "o gpg-agent não está disponível nesta sessão\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -802,19 +775,19 @@ msgstr ""
 "Opções:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -822,8 +795,8 @@ msgstr ""
 "@Comandos:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -833,87 +806,86 @@ msgstr ""
 "Opções:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Por favor digite a frase secreta \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "cancelado pelo utilizador\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "armadura: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "partes da chave secreta não disponíveis\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "armadura: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -926,19 +898,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "sim"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -951,7 +923,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -961,142 +933,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "muda a frase secreta"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Você quer realmente remover as chaves selecionadas? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "activa uma chave"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "partes da chave secreta não disponíveis\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "algoritmo de protecção %d%s não é suportado\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "algoritmo de protecção %d%s não é suportado\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "algoritmo de protecção %d%s não é suportado\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "actualização falhou: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
@@ -1112,33 +1084,33 @@ msgstr "impossível ligar a `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problema com o agente: o agente returnou 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "impossível desactivar core dumps: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "actualização falhou: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 #, fuzzy
 msgid "yes"
 msgstr "sim"
@@ -1194,51 +1166,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "actualização falhou: %s\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "actualização falhou: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "actualização falhou: %s\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
 msgstr "impossível fazer isso em modo não-interativo\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "impossível fazer isso em modo não-interativo\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "impossível fazer isso em modo não-interativo\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "impossível fazer isso em modo não-interativo\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "impossível fazer isso em modo não-interativo\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "AVISO: %s sobrepõe %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1317,7 +1333,7 @@ msgid "algorithm: %s"
 msgstr "armadura: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1401,12 +1417,12 @@ msgstr "Esta chave expirou!"
 msgid "Root certificate trustworthy"
 msgstr "certificado incorrecto"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "certificado incorrecto"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Nenhuma ajuda disponível"
@@ -1448,7 +1464,7 @@ msgstr "Nenhuma ajuda disponível para `%s'"
 msgid "ignoring garbage line"
 msgstr "erro na última linha\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "versão desconhecida"
@@ -1458,144 +1474,26 @@ msgstr "versão desconhecida"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "caracter radix64 inválido %02x ignorado\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "a escrever chave privada para `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "erro de leitura"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "frase secreta demasiado longa\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "argumento inválido"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "armadura inválida"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "comandos em conflito\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "opções de importação inválidas\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "não processado"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "comandos em conflito\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "destinatário por omissão desconhecido `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "dados inesperados"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "opções de importação inválidas\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "opções de importação inválidas\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Comando inválido (tente \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opções de importação inválidas\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTA: ficheiro de opções por omissão `%s' inexistente\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "ficheiro de opções `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1611,131 +1509,132 @@ msgstr "impossível abrir %s: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "%s: impossível criar directoria: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "erro na escrita do porta-chaves `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "chave pública %08lX não encontrada: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "cabeçalho de armadura inválido: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "cabeçalho de armadura: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "cabeçalho de assinatura em texto puro inválido\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "cabeçalho de armadura: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "assinaturas em texto puro aninhadas\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "armadura inesperada:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "linha com hífen inválida: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "caracter radix64 inválido %02x ignorado\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "fim de ficheiro prematuro (sem CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "fim de ficheiro prematuro (no CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC malformado\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "erro de CRC; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "fim de ficheiro prematuro (no \"Trailer\")\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "erro na última linha\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "nenhum dado OpenPGP válido encontrado.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armadura inválida: linha maior que %d caracteres\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1743,13 +1642,13 @@ msgstr ""
 "caracter \"quoted printable\" na armadura - provavelmente um MTA com bugs "
 "foi usado\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "não legível por humanos"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1758,27 +1657,27 @@ msgstr ""
 "um nome de notação deve ter apenas caracteres imprimíveis ou espaços, e "
 "terminar com um '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "um valor de notação de utilizador não deve conter o caracter '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "um valor de notação de utilizador não deve conter o caracter '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "um valor de notação não deve usar caracteres de controle\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "um valor de notação de utilizador não deve conter o caracter '@'\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1788,369 +1687,353 @@ msgstr ""
 "um nome de notação deve ter apenas caracteres imprimíveis ou espaços, e "
 "terminar com um '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "AVISO: dados de notação inválidos encontrados\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Digite a frase secreta: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "erro ao criar porta-chaves `%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "AVISO: %s sobrepõe %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s não faz sentido com %s!\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
+msgid "error from TPM: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s não faz sentido com %s!\n"
+msgid "problem with the agent: %s\n"
+msgstr "problema com o agente: o agente returnou 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "o gpg-agent não está disponível nesta sessão\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "gerar um certificado de revogação"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "chave secreta não disponível"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "impossível fazer isso em modo não-interativo\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Este comando não é permitido no modo %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "partes da chave secreta não disponíveis\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Opção? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "não processado"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "a escrever chave pública para `%s'\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "erro na escrita do porta-chaves `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "preferências actualizadas"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "caracter inválido na cadeia de caractéres da preferência\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "caracter inválido na cadeia de caractéres da preferência\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "mostra impressão digital"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "nenhum dado OpenPGP válido encontrado.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Qual o tamanho de chave desejado? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "arredondado para %u bits\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Por favor selecione o tipo de chave desejado:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (apenas assinatura)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA e ElGamal (por omissão)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Opção inválida.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Este comando não é permitido no modo %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "ignorado: a chave secreta já está presente\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2158,204 +2041,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Por favor selecione o tipo de chave desejado:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "motivo da revocação: "
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "actualização falhou: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "ignorado: a chave secreta já está presente\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Realmente assinar? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "sair deste menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "comandos em conflito\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "mostra esta ajuda"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Nenhuma ajuda disponível"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "muda a data de validade"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "muda os valores de confiança"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "mostra impressão digital"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "gerar um novo par de chaves"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NOME|usar NOME como destinatário por omissão"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "muda os valores de confiança"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "muda os valores de confiança"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "comandos em conflito\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "comandos em conflito\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Comando inválido (tente \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output não funciona para este comando\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "impossível abrir `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "erro na leitura do bloco de chave: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(a não ser que escolha a chave pela sua impressão digital)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "impossível fazer isso em modo não-interactivo sem utilizar \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a não ser que escolha a chave pela sua impressão digital)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2397,9 +2293,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "Chave pública: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "actualização falhou: %s\n"
@@ -2424,64 +2320,74 @@ msgstr "há uma chave secreta para a chave pública \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "utilize a opção \"--delete-secret-keys\" para a apagar primeiro.\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"ao forçar a cifra simétrica %s (%d) viola as preferências do destinatário\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "não é possível utilizar o pacote ESK simétrico devido ao modo S2K\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, fuzzy, c-format
-msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "assinatura falhou: %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "%s' já comprimido\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVISO: `%s' é um ficheiro vazio\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
 #, fuzzy, c-format
-msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
-msgid "digest algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVISO: \"%s\" é uma opção depreciada\n"
+msgid "digest algorithm '%s' may not be used in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "lendo de `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ao forçar a cifra simétrica %s (%d) viola as preferências do destinatário\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVISO: \"%s\" é uma opção depreciada\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2490,95 +2396,47 @@ msgstr ""
 "ao forçar o algoritmo de compressão %s (%d) viola as preferências do "
 "destinatário\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ao forçar a cifra simétrica %s (%d) viola as preferências do destinatário\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrado para: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "dados cifrados com %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "cifrado com algoritmo desconhecido %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "AVISO: A mensagem foi cifrada com uma chave fraca na cifragem simétrica.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problema ao tratar pacote cifrado\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr ""
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr "%s: erro ao ler registo de versão: %s\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "não foi possível alterar o exec-path para %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "não foi possível alterar o exec-path para %s\n"
-
-#: g10/exec.c:591
-#, fuzzy, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "%s: erro ao ler registo de versão: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr ""
-
-#: g10/exec.c:617
-#, fuzzy, c-format
-msgid "unable to execute external program\n"
-msgstr "não foi possível alterar o exec-path para %s\n"
-
-#: g10/exec.c:634
-#, fuzzy, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "não foi possível alterar o exec-path para %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2603,407 +2461,407 @@ msgstr "chave secreta não utilizável"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: ignorado: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "a escrever para `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "chave %08lX: assintura da subchave no local errado - ignorado\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "chave %08lX: tipo PGP 2.x - ignorada\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "AVISO: nada exportado\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "erro ao criar `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[Utilizador não encontrado]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "erro ao criar `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "erro ao criar `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "mostra impressão digital"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NOME|usar NOME como chave secreta por omissão"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NOME|usar NOME como chave secreta por omissão"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Chave inválida %08lX tornada válida por --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "usando chave secundária %08lX ao invés de chave primária %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "fazer uma assinatura separada"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[ficheiro]|fazer uma assinatura em texto puro"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "fazer uma assinatura separada"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "cifrar dados"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "cifrar apenas com cifra simétrica"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "decifrar dados (acção por omissão)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verificar uma assinatura"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "listar as chaves"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "listar as chaves e as assinaturas"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "verificar as assinaturas das chaves"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "listar as chaves e as impressões digitais"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "listar as chaves secretas"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "gerar um certificado de revogação"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "remover chaves do porta-chaves público"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "remover chaves do porta-chaves secreto"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "assinar uma chave"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "assinar uma chave localmente"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "gerar um novo par de chaves"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "assinar uma chave"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "assinar uma chave localmente"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "assinar ou editar uma chave"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "muda a frase secreta"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportar chaves"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportar chaves para um servidor de chaves"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importar chaves de um servidor de chaves"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "procurar chaves num servidor de chaves"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "actualizar todas as chaves a partir de um servidor de chaves"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importar/fundir chaves"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "actualizar a base de dados de confiança"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [ficheiros]|imprimir \"digests\" de mensagens"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NOME|usar NOME como chave secreta por omissão"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NOME|cifrar para NOME"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "não fazer alterações"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "perguntar antes de sobrepôr"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "criar saída com armadura ascii"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "usar modo de texto canônico"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr ""
 "|N|estabelecer nível de compressão N\n"
 "(0 desactiva)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importar chaves de um servidor de chaves"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "verificar as assinaturas das chaves"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "listar as chaves secretas"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NOME|cifrar para NOME"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 "usar este identificador de utilizador para\n"
 "assinar ou decifrar"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3011,7 +2869,7 @@ msgstr ""
 "@\n"
 "(Veja a página man para uma lista completa de comandos e opções)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3041,13 +2899,13 @@ msgstr ""
 " --list-keys [nomes]        mostrar chaves\n"
 " --fingerprint [nomes]      mostrar impressões digitais\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3062,7 +2920,7 @@ msgstr ""
 "assina, verifica, cifra ou decifra\n"
 "a operação por omissão depende dos dados de entrada\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3070,550 +2928,565 @@ msgstr ""
 "\n"
 "Algoritmos suportados:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Chave pública: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cifra: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Dispersão: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compressão: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "uso: gpg [opções] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "comandos em conflito\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "nenhum sinal = encontrada na definição de grupo \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "criado um novo ficheiro de configuração `%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "a URL de política de assinatura dada é inválida\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "mostrar em que porta-chave a chave está"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Este comando não é permitido no modo %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTA: %s não é para uso normal!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Endereço eletrónico inválido\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "não consegui processar a URI do servidor de chaves\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opções de exportação inválidas\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "opções de exportação inválidas\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opções de importação inválidas\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opções de exportação inválidas\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opções de exportação inválidas\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opções de importação inválidas\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "a URL de política de assinatura dada é inválida\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opções de exportação inválidas\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "opções de exportação inválidas\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "não foi possível alterar o exec-path para %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: opções de exportação inválidas\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "opções de importação inválidas\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "AVISO: O programa pode criar um ficheiro core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVISO: %s sobrepõe %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s não é permitido com %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s não faz sentido com %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "o algoritmo de cifragem selecionado é inválido\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "o algoritmo de \"digest\" selecionado é inválido\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "o algoritmo de cifragem selecionado é inválido\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "o algoritmo de \"digest\" de certificação selecionado é inválido\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed deve ser maior que 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed deve ser maior que 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth deve estar na entre 1 e 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, fuzzy, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "nível de verificação por omissão inválido: deve ser 0, 1, 2 ou 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, fuzzy, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "nível de verificação por omissão inválido: deve ser 0, 1, 2 ou 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTA: o modo S2K simples (0) não é recomendável\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "modo S2K inválido: deve ser 0, 1 ou 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferências por omissão inválidas\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferências pessoais de cifra inválidas\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferências pessoais de cifra inválidas\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferências pessoais de 'digest' inválidas\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferências pessoais de compressão inválidas\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "tamanho de chave inválido; a utilizar %u bits\n"
+
+#: g10/gpg.c:3995
 #, fuzzy, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s não faz sentido com %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "AVISO: destinatários (-r) dados sem utilizar uma cifra de chave pública\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "decifragem falhou: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, fuzzy, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, fuzzy, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, fuzzy, c-format
 msgid "key export failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, fuzzy, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, fuzzy, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "actualização da chave secreta falhou: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "retirada de armadura falhou: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Digite a sua mensagem ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "a URL de política de certificação dada é inválida\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "a URL de política de assinatura dada é inválida\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "a URL de política de assinatura dada é inválida\n"
@@ -3628,7 +3501,7 @@ msgstr "Remover esta chave do porta-chaves?"
 msgid "make timestamp conflicts only a warning"
 msgstr "conflito de \"timestamp\""
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr ""
 "|DF|escrever informações de estado para o\n"
@@ -3679,299 +3552,315 @@ msgstr "actualizar a base de dados de confiança"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "não suportado"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "mostra impressão digital"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "mostra impressão digital"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "chave secreta não utilizável"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "mostra impressão digital"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "ignorando bloco do tipo %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu chaves processadas até agora\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Número total processado: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      ignorei novas chaves: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      ignorei novas chaves: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          sem IDs de utilizadores: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              importados: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             não modificados: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "          novos IDs de utilizadores: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "           novas subchaves: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        novas assinaturas: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   novas revogações de chaves: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      chaves secretas lidas: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  chaves secretas importadas: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " chaves secretas não modificadas: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "        não importadas: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "        novas assinaturas: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      chaves secretas lidas: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "chave %08lX: sem ID de utilizador\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "ignorado `%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "chave %08lX: aceite ID de utilizador sem auto-assinatura '%s'\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "chave %08lX: sem IDs de utilizadores válidos\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "isto pode ser causado por falta de auto-assinatura\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "chave %08lX: chave pública não encontrada: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "chave %08lX: chave nova - ignorada\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "não foi encontrada nenhum porta-chaves onde escrever: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "erro na escrita do porta-chaves `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "chave %08lX: chave pública \"%s\" importada\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "chave %08lX: não corresponde à nossa cópia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "chave %8lX: \"%s\" 1 novo ID de utilizador\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "chave %08lX: \"%s\" 1 nova assinatura\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "chave %08lX: \"%s\" 1 nova subchave\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "chave %08lX: \"%s\" %d novas subchaves\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "chave %08lX: \"%s\" não modificada\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "chave %08lX: chave secreta importada\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "ignorado: a chave secreta já está presente\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
@@ -3984,204 +3873,210 @@ msgstr "erro ao enviar para `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "chave %08lX: chave secreta com cifra inválida %d - ignorada\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Nenhum motivo especificado"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "A chave foi substituída"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "A chave foi comprometida"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "A chave já não é utilizada"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "O identificador do utilizador já não é válido"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "motivo da revocação: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "comentário da revocação: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "chave %08lX: sem chave pública - impossível aplicar certificado\n"
 "de revogação\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "chave %08lX: impossível localizar bloco de chaves original: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "chave %08lX: impossível ler bloco de chaves original: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "chave %08lX: certificado de revogação inválido: %s - rejeitado\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "chave %08lX: \"%s\" certificado de revogação importado\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "chave %08lX: nenhum ID de utilizador para assinatura\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "chave %08lX: algoritmo de chave pública não suportado no utilizador \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "chave %08lX: auto-assinatura inválida do utilizador \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "chave %08lX: algoritmo de chave pública não suportado\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "chave %08lX: assinatura directa de chave adicionada\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "chave %08lX: sem subchave para ligação de chaves\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "chave %08lX: ligação de subchave inválida\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "chave %08lX: apagada ligação múltipla de subchave \n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "chave %08lX: sem subchave para revocação de chave\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "chave %08lX: revocação de subchave inválida\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "chave %08lX: removida revogação múltiplace de subchaves\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "chave %08lX: ignorado ID de utilizador '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "chave %08lX: subchave ignorada\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "chave %08lX: assinatura não exportável (classe %02x) - ignorada\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "chave %08lX: certificado de revogação no local errado - ignorado\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "chave %08lX: certificado de revogação inválido: %s - ignorado\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "chave %08lX: assintura da subchave no local errado - ignorado\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "chave %08lX: classe de assinatura inesperada (%02x) - ignorada\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "chave %08lX: detectado ID de utilizador duplicado - fundido\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "chave %08lX: detectado ID de utilizador duplicado - fundido\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: a transferir a chave de revocação "
 "%08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: chave de revocação %08lX não "
 "presente.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "chave %08lX: assinatura directa de chave adicionada\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
@@ -4202,19 +4097,19 @@ msgstr "assinatura %s de: \"%s\"\n"
 msgid " (reordered signatures follow)"
 msgstr "Assinatura correcta de \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "ignorado `%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Utilizador \"%s\" está revocado."
 msgstr[1] "Utilizador \"%s\" está revocado."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4222,7 +4117,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 assinatura não verificada por falta de chave\n"
 msgstr[1] "1 assinatura não verificada por falta de chave\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4230,53 +4125,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d assinaturas incorrectas\n"
 msgstr[1] "%d assinaturas incorrectas\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Assinatura correcta de \""
 msgstr[1] "Assinatura correcta de \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "porta-chaves `%s' criado\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "porta-chaves `%s' criado\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "erro ao criar `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "erro na leitura de `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
@@ -4289,7 +4179,7 @@ msgstr "[revogação]"
 msgid "[self-signature]"
 msgstr "[auto-assinatura]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4302,12 +4192,12 @@ msgstr ""
 "(vendo passaportes, verificando impressões digitais...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Confio moderadamente\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Confio plenamente\n"
@@ -4334,12 +4224,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Utilizador \"%s\" está revocado."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Não foi possível assinar.\n"
 
@@ -4541,213 +4431,217 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Realmente assinar? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "assinatura falhou: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "gravar e sair"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "mostra impressão digital"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Notação de assinatura: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "lista chave e identificadores de utilizadores"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "seleciona ID de utilizador N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "seleciona ID de utilizador N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "revoga assinaturas"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "assina a chave localmente"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Sugestão: Selecione os IDs de utilizador para assinar\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "adiciona um novo ID de utilizador"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "adiciona um identificador fotográfico"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "remove ID de utilizador"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "remove uma chave secundária"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "adiciona uma chave de revocação"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr ""
 "Realmente actualizar as preferências para os utilizadores seleccionados?"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Você não pode modificar a data de validade de uma chave v3\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "seleccionar o identificador do utilizador como primário"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "lista preferências (perito)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "lista preferências (detalhadamente)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr ""
 "Realmente actualizar as preferências para os utilizadores seleccionados?"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "não consegui processar a URI do servidor de chaves\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr ""
 "Realmente actualizar as preferências para os utilizadores seleccionados?"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "muda a frase secreta"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "muda os valores de confiança"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Realmente revocar todos os IDs de utilizador seleccionados? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "revocar um ID de utilizador"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "revoga uma chave secundária"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "activa uma chave"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "desactiva uma chave"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "mostrar identificador fotográfico"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Chave secreta disponível.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Chave secreta disponível.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "A chave secreta é necessária para fazer isto.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4755,310 +4649,315 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "A chave está revogada."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Realmente assinar todos os IDs de utilizador? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Realmente assinar todos os IDs de utilizador? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Sugestão: Selecione os IDs de utilizador para assinar\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "classe de assinatura desconhecida"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Este comando não é permitido no modo %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Você precisa selecionar pelo menos um ID de utilizador.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Você não pode remover o último ID de utilizador!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Realmente remover todos os IDs de utilizador seleccionados? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Realmente remover este ID de utilizador? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Realmente remover este ID de utilizador? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Você deve selecionar pelo menos uma chave.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "impossível abrir `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Você deve selecionar pelo menos uma chave.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Você quer realmente remover as chaves selecionadas? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Você quer realmente remover esta chave? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Realmente revocar todos os IDs de utilizador seleccionados? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Realmente revocar este ID de utilizador? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Você quer realmente revogar esta chave? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Você quer realmente revogar as chaves selecionadas? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Você quer realmente revogar esta chave? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "configurar lista de preferências"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Realmente actualizar as preferências para os utilizadores seleccionados?"
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Realmente actualizar as preferências?"
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Gravar alterações? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Sair sem gravar? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Chave não alterada, nenhuma actualização é necessária.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Você não pode remover o último ID de utilizador!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "valor inválido\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Identificador de utilizador inexistente.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Nada para assinar com a chave %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   assinado por %08lX em %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s não é um conjunto de caracteres válido\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "'Digest': "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Características: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notação: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Não há preferências no ID de utilizador tipo PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Esta chave pode ser revogada pela chave %s "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Esta chave pode ser revogada pela chave %s "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr " (sensível)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "impossível criar %s: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "revkey"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr "[expira: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr "[expira: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " confiança: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " confiança: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Esta chave foi desactivada"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5066,37 +4965,37 @@ msgstr ""
 "Não se esqueça que a validade de chave mostrada não é necessáriamente a\n"
 "correcta a não ser que reinicie o programa.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "revkey"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
 "              cause a different user ID to become the assumed primary.\n"
 msgstr ""
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Você não pode modificar a data de validade de uma chave v3\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5105,36 +5004,36 @@ msgstr ""
 "AVISO: Esta chave é do tipo PGP2. Se adicionar um identificador fotográfico\n"
 "       algumas versão do PGP podem rejeitá-la.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Tem a certeza de que quer adicioná-la de qualquer forma? (s/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr ""
 "Não pode adicionar um identificador fotográfico a uma chave tipo PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Apagar esta assinatura válida? (s/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Apagar esta assinatura inválida? (s/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Apagar esta assinatura desconhecida? (s/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Realmente remover esta auto-assinatura? (s/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5142,38 +5041,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d assinatura removida.\n"
 msgstr[1] "%d assinatura removida.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nada removido.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "armadura inválida"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Utilizador \"%s\" está revocado."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Utilizador \"%s\" está revocado."
 msgstr[1] "Utilizador \"%s\" está revocado."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "o utilizador com o id \"%s\" já está revocado\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "o utilizador com o id \"%s\" já está revocado\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5182,305 +5081,310 @@ msgstr ""
 "AVISO: Esta chave é do tipo PGP 2.x. Se adicionar um revogador designado\n"
 "       algumas versão do PGP podem rejeitá-la.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Não pode adicionar um revogador designado a uma chave tipo PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Insira o ID de utilizador do revogador escolhido: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "não pode escolher uma chave do tipo PGP 2.x como revogadora\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 #, fuzzy
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "A modificar a data de validade para uma chave secundária.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Modificar a data de validade para uma chave primária.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Você não pode modificar a data de validade de uma chave v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "A modificar a data de validade para uma chave secundária.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Modificar a data de validade para uma chave primária.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Seleccione exactamente um identificador de utilizador.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "a ignorar auto-assinatura v3 no utilizar com o id \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Notação de assinatura: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Escrever por cima (s/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Nenhum ID de utilizador com índice %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Nenhum ID de utilizador com índice %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Nenhum ID de utilizador com índice %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Nenhum ID de utilizador com índice %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID de utilizador: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   assinado por %08lX em %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr "  (não-exportável)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Tem a certeza de que quer revogá-la de qualquer forma? (s/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Assinou estes identificadores de utilizadores:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr "  (não-exportável)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   revogado por %08lX em %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Está prestes a revogar estas assinaturas:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Realmente criar os certificados de revogação? (s/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "nenhuma chave secreta\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "o utilizador com o id \"%s\" já está revocado\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "AVISO: a assintura do ID do utilizador tem data %d segundos no futuro\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Você não pode remover o último ID de utilizador!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "o utilizador com o id \"%s\" já está revocado\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "o utilizador com o id \"%s\" já está revocado\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "A mostrar a fotografia %s com o tamanho %ld da chave 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "opções de importação inválidas\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "demasiadas preferências `%c'\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "demasiadas preferências `%c'\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "demasiadas preferências `%c'\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "demasiadas preferências `%c'\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "caracter inválido na cadeia de caractéres da preferência\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "a escrever a assinatura directa\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "a escrever a auto-assinatura\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "a escrever a assinatura ligada a uma chave\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "tamanho de chave inválido; a utilizar %u bits\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "tamanho da chave arredondado para %u bits\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "cifrar dados"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5494,169 +5398,180 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (apenas cifragem)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA e ElGamal (por omissão)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA e ElGamal (por omissão)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (apenas assinatura)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (apenas assinatura)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (apenas cifragem)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA e ElGamal (por omissão)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (assinatura e cifragem)\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr " (por omissão)"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (apenas assinatura)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Notação de assinatura: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Nenhum ID de utilizador com índice %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: erro ao ler registo livre: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "desactiva uma chave"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "arredondado para %u bits\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Qual o tamanho de chave desejado? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "O tamanho de chave pedido é %u bits\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Por favor selecione o tipo de chave desejado:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5672,7 +5587,7 @@ msgstr ""
 "      <n>m = chave expira em n meses\n"
 "      <n>y = chave expira em n anos\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5688,40 +5603,40 @@ msgstr ""
 "      <n>m = assinatura expira em n meses\n"
 "      <n>y = assinatura expira em n anos\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "A chave é valida por? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "A assinatura é valida por? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valor inválido\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "A %s não expira nunca\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "A %s não expira nunca\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "%s expira em %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5729,12 +5644,12 @@ msgstr ""
 "O seu sistema não consegue mostrar datas para além de 2038.\n"
 "No entanto, estas vão ser tratadas correctamente até 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Está correto (s/n)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5745,7 +5660,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5763,50 +5678,50 @@ msgstr ""
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nome completo: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Caracter inválido no nome\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "O nome não pode começar com um dígito\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "O nome deve ter pelo menos 5 caracteres\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Endereço de correio eletrónico: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Endereço eletrónico inválido\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comentário: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Caracter inválido no comentário\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Você está usando o conjunto de caracteres `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5817,7 +5732,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Por favor não coloque o endereço de email no nome verdadeiro ou no "
@@ -5834,35 +5749,35 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoSs"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Mudar (N)ome, (C)omentário, (E)mail ou (S)air? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Mudar (N)ome, (C)omentário, (E)ndereço ou (O)k/(S)air? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Mudar (N)ome, (C)omentário, (E)mail ou (S)air? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Mudar (N)ome, (C)omentário, (E)ndereço ou (O)k/(S)air? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Por favor corrija primeiro o erro\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5874,13 +5789,13 @@ msgstr ""
 "geração dos números primos; isso dá ao gerador de números aleatórios\n"
 "uma hipótese maior de ganhar entropia suficiente.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5888,69 +5803,69 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "%s' já comprimido\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "Criar mesmo assim?"
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "Criar mesmo assim?"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Geração de chave cancelada.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "impossível criar `%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "NOTA: chave secreta %08lX expirou em %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "a escrever chave pública para `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "nenhum porta-chaves público com permissões de escrita encontrado: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "erro ao escrever no porta-chaves público `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "chaves pública e privada criadas e assinadas.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5959,7 +5874,7 @@ msgstr ""
 "Note que esta chave não pode ser usada para cifragem. Você pode usar\n"
 "o comando \"--edit-key\" para gerar uma chave secundária para esse fim.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5967,7 +5882,7 @@ msgstr ""
 "a chave foi criada %lu segundo no futuro\n"
 "(viagem no tempo ou problema no relógio)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5975,52 +5890,52 @@ msgstr ""
 "a chave foi criada %lu segundos no futuro\n"
 "(viagem no tempo ou problema no relógio)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "NOTA: a criação de sub-chave para chaves v3 não respeito o OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Componentes secretas da chave primária não disponíveis.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Componentes secretas da chave primária não disponíveis.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Realmente criar? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr ""
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Politica de assinatura crítica: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Politica de assinatura: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notação de assinatura crítica: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notação de assinatura: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6028,7 +5943,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d assinaturas incorrectas\n"
 msgstr[1] "%d assinaturas incorrectas\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6036,64 +5951,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 assinatura não verificada devido a um erro\n"
 msgstr[1] "1 assinatura não verificada devido a um erro\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Porta-chaves"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Impressão da chave primária:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "      Impressão da subchave:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Impressão da chave primária:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Impressão da subchave:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "  Impressão da chave ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "a verificar o porta chaves `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu chave verificadas (%lu assinaturas)\n"
 msgstr[1] "%lu chave verificadas (%lu assinaturas)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6101,511 +6016,513 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 assinatura incorrecta\n"
 msgstr[1] "1 assinatura incorrecta\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: porta-chaves criado\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "a URL de política de assinatura dada é inválida\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "opções de exportação inválidas\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "a pedir a chave %08lX de %s\n"
 msgstr[1] "a pedir a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "a pedir a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "a pedir a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "opções de exportação inválidas\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "ignorado `%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "assinado com a sua chave %08lX em %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "a pedir a chave %08lX de %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "tamanho estranho para uma chave de sessão cifrada (%d)\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
 #, fuzzy, c-format
-msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "tamanho estranho para uma chave de sessão cifrada (%d)\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "cifrado com algoritmo desconhecido %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "cifrado com algoritmo desconhecido %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "a chave pública é %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "dados cifrados com chave pública: DEK válido\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "cifrado com chave %u-bit %s, ID %08lX, criada em %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "                   ou \""
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "cifrado com chave %s, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "decifragem de chave pública falhou: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, fuzzy, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "Repita a frase secreta\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, fuzzy, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "Repita a frase secreta\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "decifragem de chave pública falhou: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "dados cifrados com chave pública: DEK válido\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "a assumir dados cifrados %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "Cifra IDEO não disponível, a tentar utilizar %s em substituição\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "AVISO: a mensagem não tinha a sua integridade protegida\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "decifragem falhou: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "decifragem correcta\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "CUIDADO: a mensagem cifrada foi manipulada!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "decifragem falhou: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "NOTA: o remetente solicitou \"apenas-para-seus-olhos\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nome do ficheiro original='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revocação solitária - utilize \"gpg --import\" para aplicar\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Assinatura correcta de \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Assinatura INCORRECTA de \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Assinatura expirada de \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Assinatura correcta de \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verificação de assinatura suprimida\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "não consigo tratar estas assinaturas múltiplas\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "                   ou \""
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Assinatura feita em %.*s usando %s, ID da chave %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                   ou \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, fuzzy, c-format
 msgid "Key available at: "
 msgstr "Nenhuma ajuda disponível"
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[incerto]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "                   ou \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "AVISO: Esta chave não está certificada com uma assinatura confiável!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, fuzzy, c-format
 msgid "Signature expired %s\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, fuzzy, c-format
 msgid "Signature expires %s\n"
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 #, fuzzy
 msgid "binary"
 msgstr "primary"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr ""
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 #, fuzzy
 msgid "unknown"
 msgstr "versão desconhecida"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "algoritmo de chave pública desconhecido"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Impossível verificar assinatura: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "não é uma assinatura separada\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "AVISO: várias assinaturas detectadas.  Apenas a primeira será verificada.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "assinatura de classe 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "formato de assinatura antigo (PGP2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "impossível abrir %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "impossível manipular algoritmo de chave pública %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
 "destinatário\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "algoritmo de criptografia não implementado"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
 "destinatário\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "armadura: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "armadura: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: opção depreciada \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "por favor utilize \"%s%s\" em vez dela\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "AVISO: \"%s\" é uma opção depreciada\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 #, fuzzy
 msgid "Uncompressed"
 msgstr "não processado"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "não processado"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "esta mensagem poderá não ser utilizável pelo %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "a ler opções de `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "classe de assinatura desconhecida"
@@ -6630,93 +6547,83 @@ msgstr "%s: sufixo desconhecido\n"
 msgid "Enter new filename"
 msgstr "Digite novo nome de ficheiro"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "a escrever em \"stdout\"\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "a assumir dados assinados em `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "impossível manipular algoritmo de chave pública %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notação de assinatura crítica: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpacote do tipo %d tem bit crítico ligado\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problema com o agente: o agente returnou 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "muda a frase secreta"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Insira a frase secreta\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "cancelado pelo utilizador\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (ID principal da chave %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Por favor digite a frase secreta \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Por favor digite a frase secreta \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Por favor digite a frase secreta \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Por favor digite a frase secreta \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Você quer realmente remover as chaves selecionadas? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Você quer realmente remover as chaves selecionadas? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6726,7 +6633,7 @@ msgid ""
 "%s"
 msgstr "chave de %u-bit/%s, ID %08lX, criada em %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6735,36 +6642,77 @@ msgid ""
 "Keeping the image close to 240x288 is a good size to use.\n"
 msgstr ""
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr ""
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "impossível abrir %s: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "%s: não é um base de dados de confiança\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 #, fuzzy
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Está correto (s/n)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "%s: erro ao ler registo de versão: %s\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/photoid.c:582
+#, fuzzy, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "%s: erro ao ler registo de versão: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/photoid.c:715
 #, fuzzy, c-format
 msgid "unable to display photo ID!\n"
 msgstr "não foi possível alterar o exec-path para %s\n"
@@ -6779,106 +6727,106 @@ msgstr "não foi possível alterar o exec-path para %s\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Nenhum valor de confiança designado para:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "                   ou \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Esta chave provavelmente pertence ao dono\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Não sei\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = Eu NÃO confio\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Confio de forma total\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = voltar ao menu principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " s = saltar esta chave\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " q = sair\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Decisão? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Tem a certeza que quer confiar totalmente nesta chave?"
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificados que levam a uma chave confiada plenamente:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lx: Não há indicação de que a assinatura pertence realmente ao dono.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lx: Não há indicação de que a assinatura pertence realmente ao dono.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Esta chave provavelmente pertence ao dono\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Esta chave pertence-nos\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6890,7 +6838,7 @@ msgstr ""
 "sim à próxima pergunta\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6902,95 +6850,112 @@ msgstr ""
 "sim à próxima pergunta\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Usar esta chave de qualquer modo? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "AVISO: A utilizar uma chave que não é de confiança!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, fuzzy, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "AVISO: a chave %08lX pode estar revocada: chave de revocação %08lX não "
 "presente.\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "ID de utilizador: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "chave %08lX: não corresponde à nossa cópia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: g10/pkclist.c:696
 #, fuzzy, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Isto pode significar que a assinatura é falsificada.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "AVISO: Esta subchave foi revogada pelo seu dono!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Nota: Esta chave foi desactivada.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Nota: Esta chave expirou!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "AVISO: Esta chave não está certificada com uma assinatura confiável!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "AVISO: Esta chave não está certificada com uma assinatura confiável!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Não há indicação de que a assinatura pertence ao dono.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "AVISO: Nós NÃO confiamos nesta chave!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         A assinatura é provavelmente uma FALSIFICAÇÃO.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"AVISO: Esta chave não está certificada com assinaturas suficientemente\n"
+"       confiáveis!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -6998,51 +6963,51 @@ msgstr ""
 "AVISO: Esta chave não está certificada com assinaturas suficientemente\n"
 "       confiáveis!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Não se tem certeza de que a assinatura pertence ao dono.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: ignorado: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: ignorado: a chave pública está desactivada\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: ignorado: a chave pública já está presente\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "impossível ligar a `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Não especificou um identificador de utilizador. (pode usar \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7050,40 +7015,40 @@ msgstr ""
 "\n"
 "Insira o identificador do utilizador. Termine com uma linha vazia: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Identificador de utilizador inexistente.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "ignorado: chave pública já colocada como destinatário por omissão\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "A chave pública está desativada.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "ignorado: a chave pública já está presente\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "nenhum endereço válido\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "chave %08lX: sem ID de utilizador\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "chave %08lX: sem ID de utilizador\n"
@@ -7093,78 +7058,83 @@ msgstr "chave %08lX: sem ID de utilizador\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "dados não gravados; use a opção \"--output\" para gravá-los\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Assinatura separada.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Por favor digite o nome do ficheiro de dados: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "lendo do \"stdin\" ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "não há dados assinados\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "impossível abrir dados assinados `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "impossível abrir dados assinados `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "chave %08lX: sem ID de utilizador\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinatário anónimo; a tentar chave secreta %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "chave %08lX: sem ID de utilizador\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "certo, nós somos o destinatário anónimo.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "codificação antiga do DEK não suportada\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "algoritmo de cifra %d%s é desconhecido ou foi desactivado\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "NOTA: algoritmo de cifragem %d não encontrado nas preferências\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTA: chave secreta %08lX expirou em %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "NOTA: a chave foi revogada"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, fuzzy, c-format
 msgid "build_packet failed: %s\n"
 msgstr "actualização falhou: %s\n"
@@ -7182,49 +7152,49 @@ msgstr ""
 msgid "(This is a sensitive revocation key)\n"
 msgstr ""
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Chave secreta disponível.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr ""
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, fuzzy, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "actualização da chave secreta falhou: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 #, fuzzy
 msgid "Revocation certificate created.\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr ""
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7233,19 +7203,19 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "chave `%s' não encontrada: %s\n"
@@ -7258,18 +7228,18 @@ msgstr "chave `%s' não encontrada: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7280,42 +7250,42 @@ msgid ""
 "your machine might store the data and make it available to others!\n"
 msgstr ""
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 #, fuzzy
 msgid "Please select the reason for the revocation:\n"
 msgstr "motivo da revocação: "
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr ""
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr ""
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 #, fuzzy
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "\n"
 "Insira o identificador do utilizador. Termine com uma linha vazia: "
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, fuzzy, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "motivo da revocação: "
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr ""
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Usar esta chave de qualquer modo? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "chave fraca criada - tentando novamente\n"
@@ -7327,62 +7297,57 @@ msgstr ""
 "impossível evitar chave fraca para criptografia simétrica;\n"
 "tentei %d vezes!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVISO: conflito no 'digest' de assinatura da mensagem\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "AVISO: conflito no 'digest' de assinatura da mensagem\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = mostrar mais informações\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "a chave pública %08lX é %lu segundo mais nova que a assinatura\n"
 msgstr[1] "a chave pública %08lX é %lu segundo mais nova que a assinatura\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "a chave pública %08lX é %lu segundo mais nova que a assinatura\n"
 msgstr[1] "a chave pública %08lX é %lu segundo mais nova que a assinatura\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7395,7 +7360,7 @@ msgstr[1] ""
 "a chave foi criada %lu segundo no futuro\n"
 "(viagem no tempo ou problema no relógio)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7407,53 +7372,53 @@ msgstr[1] ""
 "a chave foi criada %lu segundo no futuro\n"
 "(viagem no tempo ou problema no relógio)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTA: chave de assinatura %08lx expirou %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTA: a chave foi revogada"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "assinatura de classe 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "assinatura de classe 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "assumindo assinatura incorrecta na chave %08lX devido a um bit crítico "
 "desconhecido\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "chave %08lX: sem subchave para o pacote revocação de subchave\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "chave %08lX: sem subchave para ligação de chaves\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVISO: impossível expandir-%% a url de política (demasiado grande).  A "
 "utilizar não expandida.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7461,7 +7426,7 @@ msgstr ""
 "AVISO: impossível expandir-%% a url de política (demasiado grande).\n"
 "A utilizar não expandida.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7470,12 +7435,12 @@ msgstr ""
 "AVISO: impossível expandir-%% a url de política (demasiado grande).\n"
 "A utilizar não expandida.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7483,40 +7448,41 @@ msgstr ""
 "forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
 "destinatário\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "a assinar:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "será utilizada a cifragem %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "a chave não está marcada insegura - impossível usá-la com o RNG falso!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "ignorado `%s': duplicada\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "ignorado: a chave secreta já está presente\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "ignorado `%s': esta é uma chave ElGamal gerada pelo PGP que não é segura "
 "para assinaturas!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "registo de confiança %lu, tipo %d: escrita falhou: %s\n"
@@ -7528,46 +7494,46 @@ msgid ""
 "# (Use \"gpg --import-ownertrust\" to restore them)\n"
 msgstr ""
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "frase secreta demasiado longa\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr "importar os valores de confiança"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "%s: erro ao escrever registo de diretório: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "armadura: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "base de dados de confiança: sincronização falhou: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "impossível criar `%s': %s\n"
@@ -7577,12 +7543,12 @@ msgstr "impossível criar `%s': %s\n"
 msgid "can't lock '%s'\n"
 msgstr "impossível abrir `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "base de dados de confiança rec %lu: lseek falhou: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "base de dados de confiança rec %lu: escrita falhou (n=%d): %s\n"
@@ -7597,7 +7563,7 @@ msgstr "transação de base de dados de confiança muito grande\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: diretoria inexistente!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "impossível fechar `%s': %s\n"
@@ -7639,7 +7605,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: erro a actualizar registo de versão: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: erro ao ler registo de versão: %s\n"
@@ -7649,52 +7615,52 @@ msgstr "%s: erro ao ler registo de versão: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: erro ao escrever registo de versão: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "base de dados de confiança: lseek falhou: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: não é um base de dados de confiança\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: registo de versão com recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: erro ao ler registo livre: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: erro ao escrever registo de diretório: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: falha ao zerar um registo: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: falha ao anexar um registo: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: base de dados de confiança criada\n"
@@ -7736,10 +7702,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
@@ -7761,7 +7727,7 @@ msgstr "%s: erro ao escrever registo de diretório: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
@@ -7932,110 +7898,110 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "%d assinaturas removidas.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 msgid "Encrypted 0 messages."
 msgstr "Repita a frase secreta\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Política: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8052,164 +8018,164 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' não é um identificador longo de chave válido\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "chave %08lX: aceite como chave de confiança\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "chave %08lX ocrreu mais do que uma vez na base de dados de confiança\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "chave %08lX: nenhuma chave pública para chave de confiança - ignorada\n"
 "\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "chave marcada como de confiança absoluta\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "registo de confiança %lu, tipo req %d: falha na leitura: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "registo de confiança %lu não é do tipo pedido %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "não é necessária uma verificação da base de dados de confiança\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "proxima verificação da base de dados de confiança a %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "não é necessária uma verificação da base de dados de confiança\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "não é necessária uma verificação da base de dados de confiança\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "chave pública %08lX não encontrada: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr ""
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "a verificar a base de dados de confiança\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu chaves processadas até agora\n"
 msgstr[1] "%lu chaves processadas até agora\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, fuzzy, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr ""
 "chave pública da chave absolutamente de confiança %08lX não encontrada\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr ""
 "chave pública da chave absolutamente de confiança %08lX não encontrada\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "registo de confiança %lu, tipo %d: escrita falhou: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr ""
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8221,42 +8187,42 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "revkey"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "expire"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "versão desconhecida"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr ""
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8281,20 +8247,31 @@ msgstr "linha de entrada %u demasiado longa ou falta o LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "impossível abrir `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "AVISO: a mensagem não tinha a sua integridade protegida\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "a ler opções de `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8304,129 +8281,225 @@ msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "motivo da revocação: "
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "motivo da revocação: "
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "muda a frase secreta"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "motivo da revocação: "
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "%s' já comprimido\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "remover chaves do porta-chaves público"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "A geração de chaves falhou: %s\n"
+msgstr[1] "A geração de chaves falhou: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "muda a frase secreta"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "motivo da revocação: "
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "muda a frase secreta"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Nota: Esta chave foi desactivada.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "muda a frase secreta"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "motivo da revocação: "
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "remover chaves do porta-chaves público"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
@@ -8434,43 +8507,43 @@ msgstr "remoção do bloco de chave falhou: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "muda a frase secreta"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8478,22 +8551,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "muda a frase secreta"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "motivo da revocação: "
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8501,123 +8574,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "muda a frase secreta"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "muda a frase secreta"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "erro na leitura do bloco de chave: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: erro ao ler registo livre: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "%s' já comprimido\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "gerar um novo par de chaves"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "gerar um novo par de chaves"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "falha ao inicializar a base de dados de confiança: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI não suportado"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "remoção do bloco de chave falhou: %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "A geração de chaves falhou: %s\n"
-msgstr[1] "A geração de chaves falhou: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "assinatura %s de: \"%s\"\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "nenhum dado OpenPGP válido encontrado.\n"
@@ -8630,101 +8661,99 @@ msgstr "muda a frase secreta"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NOME|usar NOME como destinatário por omissão"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NOME|usar NOME como destinatário por omissão"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "nunca usar o terminal"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "comandos em conflito\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "help"
@@ -8758,7 +8787,7 @@ msgstr "a escrever chave privada para `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
@@ -8773,7 +8802,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8794,240 +8823,240 @@ msgstr "erro na criação da frase secreta: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "NOTA: a chave foi revogada"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "a escrever chave privada para `%s'\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Esta chave expirou!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Esta chave expirou!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Esta chave expirou!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Esta chave expirou!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "        novas assinaturas: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "certificado incorrecto"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "mostra impressão digital"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "gerar um certificado de revogação"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verificar uma assinatura"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "certificado incorrecto"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "não processado"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "não"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9042,176 +9071,186 @@ msgstr ""
 "\"%.*s\"\n"
 "chave %u bits %s, ID %08lx, criada %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "certificado incorrecto"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Endereço eletrónico inválido\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "chave %08lX: ligação de subchave inválida\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "erro ao criar porta-chaves `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "A geração de chaves falhou: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (assinatura e cifragem)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (apenas assinatura)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (apenas cifragem)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
@@ -9221,266 +9260,260 @@ msgstr "algoritmo de dispersão inválido `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "algoritmo de dispersão inválido `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Endereço de correio eletrónico: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Insira o identificador do utilizador. Termine com uma linha vazia: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Digite novo nome de ficheiro"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr ""
 "\n"
 "Insira o identificador do utilizador. Termine com uma linha vazia: "
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "erro na criação da frase secreta: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 msgid "Now creating certificate request.  "
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "dados cifrados com %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "cifrado com chave %s, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "erro na leitura do bloco de chave: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "resposta do agente inválida\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "listar as chaves secretas"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "certificado incorrecto"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "certificado incorrecto"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "certificado incorrecto"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "nunca usar o terminal"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "criar saída com armadura ascii"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NOME|usar NOME como chave secreta por omissão"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr ""
 "adicionar este porta-chaves\n"
 "à lista de porta-chaves"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ENDEREÇO|usar este servidor para buscar chaves"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr ""
 "|NOME|usar algoritmo de criptografia NOME para\n"
 "frases secretas"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NOME|usar algoritmo de criptografia NOME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NOME|usar algoritmo de \"digest\" de mensagens NOME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "modo não-interactivo: nunca perguntar"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "assumir sim para a maioria das perguntas"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "assumir não para a maioria das perguntas"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9491,87 +9524,122 @@ msgstr ""
 "assina, verifica, cifra ou decifra\n"
 "a operação por omissão depende dos dados de entrada\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "impossível ligar a `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = saltar esta chave\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "não consegui processar a URI do servidor de chaves\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "a escrever para `%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "impossível fechar `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Número total processado: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "gerar um certificado de revogação"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? problema ao verificar revogação: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9580,17 +9648,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9601,14 +9669,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9616,53 +9684,58 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "algoritmo de protecção %d%s não é suportado\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "verificação da assinatura criada falhou: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Assinatura feita em %.*s usando %s, ID da chave %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Esta assinatura expirou em %s.\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "armadura: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Assinatura correcta de \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                   ou \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9689,101 +9762,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "impossível criar `%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "mostra impressão digital"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "certificado incorrecto"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "gerar um certificado de revogação"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
@@ -10307,64 +10380,64 @@ msgstr "chave `%s' não encontrada: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "certificado incorrecto"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "certificado incorrecto"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "certificado incorrecto"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "certificado incorrecto"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Insira o ID de utilizador do revogador escolhido: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10372,226 +10445,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "impossível ligar a `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "actualização falhou: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "preferência %c%lu duplicada\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "NOTA: a chave foi revogada"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "impossível 'stat' a `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Algoritmos suportados:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "não consegui processar a URI do servidor de chaves\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|ENDEREÇO|usar este servidor para buscar chaves"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "não consegui processar a URI do servidor de chaves\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10604,126 +10672,317 @@ msgstr ""
 "@\n"
 "(Veja a página man para uma lista completa de comandos e opções)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "uso: gpg [opções] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s não é permitido com %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "criação de armadura falhou: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "frase secreta demasiado longa\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s: versão de ficheiro inválida %d\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "armadura: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "não processado"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr ""
+"|NOME|definir mapa de caracteres do terminal como\n"
+"NOME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NOME|usar NOME como destinatário por omissão"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "opções de importação inválidas\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "lendo de `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "          sem IDs de utilizadores: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "                   ou \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "                   ou \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "        não importadas: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "                   ou \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "                   ou \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "AVISO: a utilizar memória insegura!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "retirada de armadura falhou: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "%s: não é um base de dados de confiança\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "demasiadas preferências `%c'\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "a escrever para `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "erro na escrita do porta-chaves `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "erro na leitura de `%s': %s\n"
@@ -10753,51 +11012,31 @@ msgstr "actualização falhou: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "a procurar por \"%s\" no servidor HKP %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "%s: não é um base de dados de confiança\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " s = saltar esta chave\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10885,92 +11124,92 @@ msgstr "verificação da assinatura criada falhou: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "chave `%s' não encontrada: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "gerar um certificado de revogação"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "sem porta-chaves público por omissão: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "assinatura falhou: %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "erro na criação da frase secreta: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "NOTA: a chave foi revogada"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -10980,68 +11219,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assinatura falhou: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assinatura falhou: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "impossível criar `%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: falha ao criar tabela de dispersão: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "falha ao inicializar a base de dados de confiança: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11087,251 +11330,269 @@ msgstr "preferência %c%lu duplicada\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "sair"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "remoção do bloco de chave falhou: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "frase secreta demasiado longa\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "destinatário por omissão desconhecido `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "assinatura falhou: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "erro ao enviar para `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "a chave pública é %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "erro na rede"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "frase secreta incorrecta"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "chave pública não encontrada"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "erro na leitura de `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "criado um novo ficheiro de configuração `%s'\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "criado um novo ficheiro de configuração `%s'\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "actualizar a base de dados de confiança"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "usar como ficheiro de saída"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "chave pública não encontrada"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "a escrever chave privada para `%s'\n"
@@ -11347,109 +11608,191 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "ao forçar a cifra simétrica %s (%d) viola as preferências do "
-#~ "destinatário\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
+
+#: tools/gpg-card.c:3668
+#, fuzzy
+msgid "authenticate to the card"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NOME|usar NOME como destinatário por omissão"
+
+#: tools/gpg-card.c:3674
+#, fuzzy
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "muda a data de validade"
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+msgid "read a certificate from a data object"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+msgid "store a certificate to a data object"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
+
+#, fuzzy
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "muda a frase secreta"
 
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "a escrever para `%s'\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
 
 #, fuzzy
 #~ msgid "use a log file for the server"
 #~ msgstr "procurar chaves num servidor de chaves"
 
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Sair sem gravar? "
+#~ msgid "argument not expected"
+#~ msgstr "a escrever chave privada para `%s'\n"
 
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "a pedir a chave %08lX de %s\n"
+#~ msgid "read error"
+#~ msgstr "erro de leitura"
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "não consegui processar a URI do servidor de chaves\n"
+#~ msgid "keyword too long"
+#~ msgstr "frase secreta demasiado longa\n"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr ""
-#~ "|NOME|definir mapa de caracteres do terminal como\n"
-#~ "NOME"
+#~ msgid "missing argument"
+#~ msgstr "argumento inválido"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NOME|usar NOME como destinatário por omissão"
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "armadura inválida"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+#~ msgid "invalid command"
+#~ msgstr "comandos em conflito\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
+#~ msgid "invalid alias definition"
 #~ msgstr "opções de importação inválidas\n"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "erro na escrita do porta-chaves `%s': %s\n"
+#~ msgid "out of core"
+#~ msgstr "não processado"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "chave `%s' não encontrada: %s\n"
+#~ msgid "invalid meta command"
+#~ msgstr "comandos em conflito\n"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "lendo de `%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "destinatário por omissão desconhecido `%s'\n"
+
+#, fuzzy
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "dados inesperados"
+
+#, fuzzy
+#~ msgid "invalid option"
+#~ msgstr "opções de importação inválidas\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "          sem IDs de utilizadores: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Comando inválido (tente \"help\")\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                   ou \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opções de importação inválidas\n"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "                   ou \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTA: ficheiro de opções por omissão `%s' inexistente\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "        não importadas: %lu\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "ficheiro de opções `%s': %s\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                   ou \""
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                   ou \""
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "não foi possível alterar o exec-path para %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "AVISO: a utilizar memória insegura!\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "não foi possível alterar o exec-path para %s\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "criação de armadura falhou: %s\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "não foi possível alterar o exec-path para %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "criação de armadura falhou: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA e ElGamal (por omissão)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "retirada de armadura falhou: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Sair sem gravar? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11498,8 +11841,8 @@ msgstr ""
 #~ msgstr "impossível abrir %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "erro na leitura de `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "erro na escrita do porta-chaves `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11550,12 +11893,6 @@ msgstr ""
 #~ msgstr "erro na criação da frase secreta: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12817,9 +13154,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "remove assinaturas"
 
-#~ msgid "change the expire date"
-#~ msgstr "muda a data de validade"
-
 #~ msgid "set preference list"
 #~ msgstr "configurar lista de preferências"
 
@@ -13244,9 +13578,6 @@ msgstr ""
 #~ "NOTA: Chave primária Elgamal detectada - pode demorar algum tempo a "
 #~ "importar\n"
 
-#~ msgid " (default)"
-#~ msgstr " (por omissão)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  criada: %s expira: %s"
 
@@ -13356,9 +13687,6 @@ msgstr ""
 #~ msgid "quit|quit"
 #~ msgstr "sair"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (assinatura e cifragem)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/ro.gmo b/po/ro.gmo
index b00027809aebbd0ede790b9425ab65861937a06c..cc493cd497b454dd2886272422387e5f5c960c46 100644
GIT binary patch
delta 17487
zcmYk@2YgP~AII^VfkebeB(ah_A+bVYlUNZewwkr~ruHt64pqCh+PgMw%nq|QRn^)>
zsa+Jc{?`BVea`WE<-T4g@AEt7+<VVG<33NKoj*O@t_kVfmxFv~IUM<X948N!%IP?j
zeI2K636(ldN>#@xinY+s%W;Nc81a~Dj&lU(Vh-$B-EksuB<9BXsOxRF{%(C_&0ND%
z?{;Fz=w2yURu`~wDspY-CdOfGO*(-sQSDZsZg2?$@Fl8a=~9g0$g?=5QSBO7d!sr$
z9<w=a$5}=umVzyqAFpCQ%)s4rVk|~u3Wi`G48_k-?dM@G+>1r<66!qv+NNE8j3Tax
zI=>yN{b0%cov+9Q;X2fl>_T1OsEu!7cH$?t+^>#$?l>{lvY3^)7V3#xqRt;=orZ;p
zH)38qk8SWZy491GbsZ-h2cw=~1{T0QsJXn28ZzH{CJx7B;smUSA7cc5kDeP~4DoB!
z2<5GBMxYj|yceq7wEB#{hI$JHy5Tu=q0_)TK@{rAE7`cQjr*bIdMxV67h*x&h?=Ui
zsPkT9FlK9LrZfiC(OTB-4H<tGjH5tvv<fwJhi!u!s2llyV4fro>Itf10QNwQ*kIHH
zEJK!$a}+aSa3iA&HNr(vBU%TwTe`W)sE6ZFt9?Ee#j98hGdDJ?zA|bK$73vRLEZ2w
z>PCJ|Oh-d7D{)cOTBwAY;tw%B4z%SXP>a|-lT1l6>#!7FL3JQ|Q*(o4j3e%ee)u(N
zh?k*19>PF8g_ZFN>N=6l948T*phkEqY6Lc-M&LNoLAP_8Om+&qo0~ZbLoJ%}s5$Lu
z<B6zt-=R8k2+QKHSO)z*G##&udZ0d-fJ;#$c@ZmMrWTG<6Ki3T_Wv|8l_>ZPHMH4U
znpIs9vk;HO3^)<BYG+^~Zo?pagj&SDt<1J8h$>G+jbuI4h>gT@xCHfp=P{1^J5Fme
zxACZ+wnR0Uh+16VVNSe)x$z}t#E>@T#xBf3Tn#nHZBQNUjB{}uYEin{n(`i~k)4EY
z^=vB{Udzq}3|GT;X3<o_2;vr~o)5!d{1(IT0BTD9#7KOMOE9Rt>1ZlyBu?7+nvLJ0
z9w=J}#y=OC*be3iYG5*PI}E{Ps43Wi+3+xi;sw+;e1w{su#To<k*NBTsFA9TTD)D+
zg|kpkzRkv0I=anJI-Sf70#HvFjvCV9w!AjxA#QEUhohcgI_d$|<2XEod9guf(|!P|
z<5O+C6g9%TP$PE9Z5zDC8Wd#iVtU#XixUq)J?U!H3BTYXe1O$)a#!PNbP?z5#?3Gh
z>5Fp|^I=?fvlttp7Wo(~gzoiZ@{>7(*YFLd_u|FU!%V@go@ON8pq?bOm)U*=(KABm
z8ETBBzAI|cPR9V;je3w{s40De1u?j{r(<rX0-0C}+M|YUl8ran_#(O}e~X%$$Uf#p
zQxao{2co9nYt$5NK@IUK>qB%A2Y%!@qj<15)S_MAS5wIR?<EsY!9~>e3+QK_tOEKH
zH^nU25~Hvu>PaS9m!U>t2YPOdTJ;Z69rW&RZdediUJ?DUAx3b2rv;g!I1CeT6&Ay*
zsE%bDz_%Ezf(39WYE>^ro%aiBJHAGZMD~HEgYl>iSI21VhDC4^YFqC_w-(hoGC}wP
zHG~0!j0G_hadp%bHA2nxXw(zWLl>sn_;*`>AJq~6!RFN*jT(tos9p03>cQs^20HEJ
z9%5d>Q?NMk39N|kkZ)5?#i8ayWgM#KKcZIkMXaoLSPd%=(>vX9K1X%<0P1>=us-G+
zZmu`L`r~lAp`N85!3Pc&L0zyrrr>JS5I?eU<VZe(RgbywF(zZ+$7VY<#Hz$2P*b!E
zE8%@Cfkj4{2Wy8Fh!?uaB$2s*+W)ynn;Un;ro`(|9q^)~S`+cs_E?H|8ak}%gBVHn
z&=~Vsatrn3L7$kBs)p)7chvWY`B)L%2g&HdzMq=yR~q#`_z<Ji05w8OQH$pgmd5{3
zyQ1)C<_kw6wj-{C`fyrj-DcfuJ#IaV!CD5_Y{4`1=R~j1&7upyti(A`7c7JUSPC0s
z66y(NqB`^&YDE0Tnz^rtIf#2;X8aVh<22NwUWI{LhN)yUS9?(n|3%&K9p=W2UzpvH
z9~D={WNe2axC}#a2d2l9s2iU_Z+wV)<2}Z3%stLrF9C~if2SFl82k)1M{7_|bP0nn
z=u7hzD+bFGmqaa|zL*EsqekusYEhoXFnoXvv6G$^t8JGH)!|Z@h_%tP|Hs;jmDV4u
zr%+RH3-jX(TOK*VEXvXtNO>nLi2YGFn1>O#88u=jQB!x%#?MiUGk7B7uc50x(F|d0
z>p;|vC!n5WK59r)QH$_6YA9b~3WiNGH)xN3#Jy4H4Mw$_j2Uqq>VDfW6P}pF_(zht
zK!F<m4>hDYCYx7gY1GuTL_N_M%!i9nL%kn$!ON)YJVjk6WQuw6lBkhufI5E&X24k(
zfD7F=v&Om=b>Y337cXHQe23~tovEf{{ZSX5ZR4L%9lwSJ)ZUgC_{uEGx|l?HW7L$)
zL|=4oCZnO+irVidFdIHZJ(<@uvxst_hPDXmMx`+uHbQl@Gpd8*tQ$~IdK#ngBI<h1
zbhF#SkSTRLHOQz(?NApUi6w9@s$<7ctN6N&pQA=7%MA1BSQxeFT4F5rL)~xzYJ~RM
z_%>=}0%w{vR2nmD|92##8}-LZI39iQFuL%#t-o(gH_O~09E(t&jGFtts0WyeS_A8?
zM^PQVje1a@*=9RNVqxy@B#<eJol!lXj_T=lbm0|@LuZb8!gwr1*b226$D%s026dey
zSO%YCX^fj|MyfNa-AvS!Z9&iP|7XdRr{FOb(+OXj2JKLD`YFcaYAk{0Fc<^onKcuM
zdcrE0h^<j;X^wR#>iuvLHATMj&F>S%<}>~pvK|za!Y?oke?Sf4Y19oLp`IvufqimJ
zARdeA$Zib9(^wPlqTUN77MfS}NX$*V3pD~4FdYB4knvY0$09R#WiS_UV^qVBFaoDw
zAZ|cU2T|vp#t?jj{+MC0IX@fbATEMAvAQj9hgpe7*z$>PGMej^7=b4+Gya3xZm&>7
z=exv=L{ZexwnrC!in_sa^v0i19ovKH@G|Pn_cyBiA*x;AQuDy>tYoxJilP=p6I2I=
zVix=Yqi{Cr0y{7}o<Vi^9%_wbTxL2_3^gUSQ8#Xj-q-_mpWdjEnt?20x3iFpE_4Vr
z^fxgQy_TCHj6%(QBId#VsCH9Ot9=b>O3tF@_@RvhR+y>Dhj}SaK#f#uEQ~`ikM{pk
zGEo%l!f3pT*)ZKoGvs0DO<Ws&u^wuK8euK$fHiO(>Omf35N2CtIu?!jh$~pzqaNUM
zjOPB%VlwK{&#2Y@5Vha)eq)CE1Js4Pq88OyRQpAk0gs@j<`n8f<soV}yh1J7pw;Gl
zm$fpgLv7KmIsTN4R^@aoiOVqt&!TSh#>NHLm?5o?8v4$txt@+%6RXg(J5VEZ8Z+WG
z)QH@-I&01L4PMLm>&fa-pf^=-)P<L!=ImG0T6lsk3|?n$SPK1!Q&3a&0cvhLp$kW$
zuD1v^rN5(w{3XU>_Vwm{leC`k*OLyWpfJuyy#WuRZtxs670w3Jv3OLwHux2OiMn9U
zjpoHu9W{lMQE$vWsO$fWH86CO8TvM;#r%nzj27P_Td)U<690+u7_ixV$dpHa;_j%C
z8Gwaw7HR}{qn_|Gy6`1xL~?y=9;6iNh80omTVf)*hm)y7W(#J+XQ&(beP`w@2s04J
zpr)cIYVp)V7xu>>oQ}HTO4RwgZTS(@nz)48#{Z$VX>6+Je794ROlAtYqh6&$QA0c#
zGvN+Y2M%COJb~H;AzRFi<IqK11@(j-Q6uQaBDew7u?wgt{}0un;H^5J`Hv-|{ap!t
zunJbk>R1*hTK8im;#a7VO5A2{To<*-`k+Q=Iu^k1Fe6^T&%7Mx2I~ACJNOz$yc%<G
zf9JoQ=1(ty-<v1<7j;4ZAI!dvL-o9_wU>2*bq%_xKa85wJD7mcKbi+<i%G<@QH%8~
zHb9@B7^P$~jmfCzvoQd-VJPlH4b^$n5I#b6Bw&{r>cXh0sEHbp_NYZW0JS)mS&w6G
z;%Df>pxx%YlDipyU7#)nC9n%d;9QKu?HGwSQSH+2G3AjM?(jQ3YB%&ooi`P;;zrbi
z>_*ie!z}m!b>3T4`#gKyX4{nCYhEnPFo=qtm<vatr$eYI*^XLNmoPv2@8fB)7^<Vo
zQRnT)Qg|85WAJ`6q76_Z*%fu&F>W#)$Sk&c{cMJ+6Y558)M{Rj8lelQp$$A>Mxrbh
zBkqdo&>U2|UAFuY<|WR1(7d9nV-#^qR7cz&lgUG7Hfj!2u{a(;O~G?i!~BQL_Dn)`
zpc(2yW6*`mtoyMb@!yya0}q>#D~`HOGt~C(hg{$7%qOF{I*NMIGpJSSdxVz^7Q;Xs
zjcPXuV{k6&$#&WJFVur%ILcqTFd8f2B&>+XP$TVs%)E$td1U^Vkts*TdDIIh=(w57
zNYsrhqvo`pE$@#0#9yMGa5`$FwxQ<w2I_`UC(L!*VNv3_sF6L08Sn*`;Qssp&)m2q
z1`sA;3f9HSI18)eALzo|C(SCZfEt08sG%K&+O~5r4mYCK!k?%cXZ_WDDkh_L(=c@F
zNv4s}P|Zj6`~vDpa-1?x&;-?y$*B4h*Z>25<NG4E!fLn~b)BcECoXl`bi5-55wAww
z?*}Y~2Tn8pI`J6=E-e4MIiWS`g|Q4Zr@Jr#FJf^F`NMRmCKe(dhnm7~u?XHpwF^6A
zc10~LN!$-Ll`Bx&Z}%C-KP#Eb6cogVwn2`w=GW$usGcU`HtdDXG4DBZ;}KYxcm?Li
zlc*7ThAu31-rTS$#uE3#WL$tDc*RXdPx=(YFxv%lp+dNdxFM>i&r$WE7mab4owx=@
zVJi&BQJ4egV|(0!xiRFDxnXe(C9a8)=x$4<7ManQ2@j(#@CWJ!4{Yr7r<s~O7)^Oc
z)DVxuvbYm7;v>w7uTj?ty=-n2k1pZ{sI}1#xsKaeL`M60KWaPO!3`LA#SHBas3*LM
z>X6@6vnIk(PmqW@uO(`cjmDuk4RxOXUuIFpVmacTs3}{HySTse3mI*%$=CQNb3Bcu
zFy%UbJit*n7%Ts6w$)aQC;l5X0@-hv5vhS%WWDeeF2<Z*OvOzzB3o}6Phv3jchHaf
zJ8#HDVfx!<KNmy|Q61Di9*%l1tj4Oi1;g<LCSd3tv+5gSHR4gI2iS+&rq8i5*1T&*
zU>p`A-h=KAWbTrwfOYSg)jA%diC0*UU;*L>7=fYxu+@07(x~{>ebe#u4@`#&p@zB>
z>IJm`{c$&{{SnNAw;wS6S}f@vnpGKzipyXOHbgC=A*i99idqBvQSHv5A3jEn;49RF
zg#T+g(h}o|XJQ=wjMec8#$v)F#$R*T<&pVvIS19VE2s;;M%^glv01(4uo!U*)T*C=
z+V}fVPkIN{;Y?4=bz)G9GZ_Q0E9$%fs1aT3CgURW8y3bVs0&5>XI@BEFp{_@Y7Qr$
zp5!R1gD-I&=6-7a-ESLejnsH%zSd8`4~UOr3ygSf%7<YIV)yrCG*|brF6Mt>P8f)d
zi4R~B=6q>x+!EUmkH=Pc3!7rq|Cyow8k32SU?a@LR;Z2buq>{{`gjd@YyTI2ZHDR*
zHl!l+8}s?x4%LC#SRU_U56u78eCT|I8j%}V31i-wj&w%d@Ox~5=^QVoJ+{MAxCgaH
zo??Rbe+e%y&ye-TI4?fMP*ZTl+siXV-acNQ#a9|NMLkd*nu!|1Ur|r&<7;kE1GTtD
zViJCXS|hhn+d4}+b6!QP!2O+mWU}K148?u;5uQganiT#$HX}Acy`tNp%6nsG9EL6&
zhibPP12NUcdohUkIO@DBsO@+U-F?YCB~uH#WbpEQ<=TXLk-Wh~Oy)oQio{W<3oXRl
zxY@?XF$eJ#ERHWQD;D-Q9WIX=xfJU_)cK42z1*Hf@;wFGCV?5v2o%S3IstQGee}j2
zSO|Ng_VsKmhzGGWK1A(~m;f)&FPlv;fp{W@;Q<WBKd~Y{3UGUQelL&DWQK4EYG~$Q
z5nPHo@fXaAH&Jux1ezx<fLeS>=t8$GUxI446E&q*QB(XJb=^#v%?Ks9$!Jy9#%!p#
zBu>K+Jb)U~i>Un`n8nOtJSr}a+O}=bg=;YakD)qz7qv!wvzj3fM!i|%u^hUalF{5w
z!TPunHOFsIizsV0^P~}|sVIw@+eR3UooxIG>c-Pi?Y_13$5EdpcTpYA5@b419NC6$
zr#TtT{Y=y%+JPFnQ>c!;KwUUTu-QIkQSG~+rfNK@qcc#ed#Q~#psw=+YK>gO-WZVG
zln=v1?f=DO)ZhZ@!agBpC<|aLaSCct4MN>uIi}zyRL5SRABKgR_l67g#8pv?tvhNe
zK1QvD*{Jp#Foyd(+ib-pR7akm<~&cB=|FwdjYpss&ljkXN=2=m<2LrnVTLvrYUGko
z+qXTc1M^WG+G^t?=+>NEC!-6c<LgQuOvEzS9Q7$R1-0$A+4w4I5&7jZZ?ZVln(2UA
z6N9iGPDgFyt5^bWqTZ}IbDJrskemIlkJC;R=*ecHI<yxxwAWE1;+@A#O)R>I8`!uX
zYN%(T9$+VG<Q|~TbA_9@7V7#VF$q_r?t3Sk{jV2Et_ZX3YNO_QH0ncQ1L{-jE^0*b
zMw)kh3)GDlphjjds^j;t76!V^d!;$*`ioH8`WH+>?<n(`Q`JqzMZq{!gVm^2dkJfx
zPhN9_+Nd56LJj3gRQq#S88hWG9jc4k*Zombu@?2}J&bDi1e393w7H&p2pP@QH>kz&
z6t%egW4t`S+vUZ^#6z(r9>by-oZob`inTjx$fu&##tvJ48MTYj6)@$+Q7^jY$Zm5x
zJ;-PXCz}FiJ8C~)M7>DvpcbWXL9?o(P}{T$>J8ZiT{sdoG7D^c5;GD1i+=b9HDc)t
znRkC87SjG7=E?BOCThrzqc`3~t^WI{kJXUEW*fRti>wH$U0c*z=ztaR3)C9=8MWV^
zSTn|&^P*7KZHzg&zcZ4I7TGM+B0GVeCoW<>e4<bzl7PBlP1Fr*qqbLH)RYXi<;zhI
za@dyNM7;;H7d0JhfLddd(evN`Z6T9H!FklDU9LFuVNt?bA2k&{QByS*H3ge60Z-fV
zz<4v)Wl?LP6Y6@Cuo|vFJ-{8*l>8IV{?{BnrJw}{6!Y@@#?l3KgRQ8=avpV|d#DTh
z6gL(@4RKS<i@j0jO+}4JDr(>Vg}P7X5@r!bTWgnan<wZ;fj<q_qUL4`YRE64E_@et
zqrj4;J{q;E>!Rj*7^?mo)Hj=5sKs^xb-m1`%*d5N#qCiK^rf3jGMOc)6R)G*)$dTN
zIcI5e;ku}i=!80PFh=5J`~Wwg+P}lvSfY%V=f4{mg?fM^sFC>x^*+d2)?C+Jo{Z+A
z5e8u^)LegrS|sC9t9mnP=pUe-G_0IiRB@;mOAqTB)X?8Sy^_NcygYyHs*7cao1oUr
zL@cfSe}K#q3SOB4XF;Nu=R4tVs1st!n+~)_#q+Q!o<a?MfePjco1u2aa2qeevc!8)
z9ejy;r6*K0--w1_wD$j4GP=-O)Q8S_)b@LUdXt4zG8Zn78macEDd>TE=YN7JxE%HF
z{|B>UnabvUQ3ut&IqE&q7uC@bScv;Oi^*v2j-ZDAHEO8ClFS<{3ALZ=S$knK;_;{{
zx{7L_p^CY2F?11EN4==JVrHC+8SopdkDJi*-~YTNqaH>in^j!~^<*7UL-x6KFKUs#
zMJ=XWRn2*oP~Qogp*ME3_QaaReNa=d74_lt)W&hu*#BD9A5}9q9)lW*^{6Mig4)07
ztDB)KiC)D2kP^7l6@qw-^5M@h*o(NGdcZLb7uo!BQ{>#iuSoN07wD<e_;WlqINdQP
z6|?XTjRs*P7q3s*7sQ|A7}OD9RsKMld@%Xfw7Z2rP`4^gokml~H>9?df8(~5TRp|h
zIk86I{gK|*55$)ghH_yYi%8*=bwL)kvxV{wsCm^<jJOu@4)Rx3po2KQ$$6&nL-Ou6
z_JSW11koVvaWGA=mUeoF=c7$qWXU*}Z2d2Il6XCB-je=HbDc%xdr~$UwH@Cdk;I>C
z|EE$pp3*6#efGrm<cE`QLS0sdzcgxv*Fzn3s9Q!p1v6t_jKdJr*3)sHypB_(jh-Cq
z%qo8J<eC4YGz{S;-*SQ0q{E~`q)MdwBpthG^P|aneu+3jx!#H^?M=E9&nEw&Z9f-V
z+Wbt~ogvkyo{teH5BK`g)@^c=Sx;dYg=g_JvA*Z|lAaOIK^+gt>&S@bY2!tE9eUON
zLRm8YMY)c@NKb6OtEYr-KlXfHvYunEEqD9Sa65&c*%L-mk(Y}f!N#`nUs#9wYou|M
z@3kk_u;(nW&Z1psTPOIs?>R0QJU>6-=X2V-xW{k2f6`R3T{xi&X|TOuFI&6MTAXry
z+6}W8UO{}Hcm(Nd(qYnkl3q3`)cr#mO52H;!H(El>TVLB$MW9x{?ll*ih@5$VN}*7
zUX58u$0*a$oV*Vg>5SuT2Xc@fMcrqf7W~19@<NnlApV#9Rq{WPE)(am=lBuVCS4-V
ztNAZS(lLmFGvw=;(DAk>=pC-(CaD9dBk3+l$Iqk&oRgch)KkI-7v~+d`2kk(KicS6
ztLxgl=lKKe(CE`?JBjZI&gZ1_q|<85;YXWxIF2~Kr^NhN!-X!9&XK0twyM$pPpD%I
zsReb*Nl(dVqD=$RIr2%`|A)xDrr>)lK<Y<+BS}Z7y+|oe*5^RlV;W`e4}I*Wvu%Ip
z+{M(rBQ3Yr*<;&&gd1&M=l=bE{q3MoLvahexlndaJVE}ky+9A^5`1be@GI?)+x!6R
zMC{MGXKdSwl<lYNf5bOX#|M=8(k2r35Z`_O{_jdbR~q)AFhBXSq`me+6nXvu;yTWt
zd~urcTwJUsWqxVOPLc1YlhPc2kpF{re4sj?lJ40$_qPPSsnAi`Y9dB}x)lUPC_hGe
z^S%Ppk@AqT(xx*>$2(H0C&zaQt7w|$y87;?Lm&GbZs!*&`*4Blw$TIf*GSt)dq{t(
zoTto$HHdZeBYzfil9Fv%3|^!>nUsxu3Uy0JIwlck<Qh8eP@j(Uh_p@nzd4ob2nw5e
z&(Ar;I_ly??BR*bkAjrNlKqeLHTfDCghxs54}DR6e|%@lV{roa(y^WV2CS|{_x>1e
z8@8m;rxgB*y=>V8;>^T{NJGgFv*kMXB4w3H)5!0moZsR+hd=p_q{3<1@}=7Oomjup
zA0h94#g8GTy|a>vA*3;+d?Xz|QeT~<qZMg4`4P4*8cPueFto+-Tk5A!7ET<X6FB}y
z+DhF5Ph@@+A>K*$dvE4HjEt_AL}3<AY=}!K2*gK}yU1t4AJvFs3#k%G)A<!`bhxlI
zmLff%-3iR0M5Dpfl_UQWOHenN{6dnBS(^XjWHRY$_NYoDeZ3w?`iPU>5U(N~AT=iG
z*np|j^(M8qWe2UQ_a^@{X&v=Cc9UO?wMhfXZ=n1xdR{s?2?{9S7)AaS`3o3q%lcR+
znI=v>>gG|l3?uLZ%thU1(kt7hKV>JW+fV9A{yJ$q`Tt0rNIFWQ`#2R_NO7cvq+lv4
zQ1JjO5r2t=F*hTWla!zQ73v@1bJ9-o6Y>4gjr_4R@kv_|#JRtb|1eG6SbhF?-~yYd
zxJVjC`iTZVP^RM(tcwju#VBt?JUz_?@={)#_%x2CZZi3-<PVSnNgu0>RF?7;r1|7^
zWV3p`|NOs9<xmQHQn{MEj%LKo$p4FLiTjcY5NE+_q|)TeP!~sj3F-(TEhOIp3z2Tq
zW-NY(I?h?|;Sf@LEubp)WHneyJOdxwvIWG^s^F+b*%M+NiD}N6N<KH`Bk?f)inmNN
zrwMUpySSUo_$w*coz<SXm=<&F)t=eb;t45)Hs9H@FUY$|(}{n>so0(K8rgbLl=3{J
zw8u(<?`aoh3*+&jHzVAXOnSPspUSJGZN#lG9qA8JFm)05n(`N<Q(QPZWlt%)N%AEX
zBK=NX+9Qf~|4=@H6hp;x&*MI$^aklu(rDZKGg|2IGkE^l@uAJPv2`zLucMKTXX0j3
z70PDVGSyG8?UL{^X&!aEDNj$nwf1*G3O*stB~7BR2Wb!~n)oZs#-rUJKZVqv_#iIh
z0x{%u<ifKyKbv>}^*X+^Mv`wx{cy~H&9RGZpIz&_Dh0bp?~gh*6NEdt$ls(*q<qA_
zoam2#+KYE1e}(k^xJ`XU>ef);gPCnbRr2lZIV!47yPt_$Y31mciQPz9Y$G?8BXuIZ
zux;AVE}Xm<W#Qyok}}%5+vHuO{-n0HY&w2T+x3(MkpG5skMsp`Uu;U9yCXkFl61sc
z%UdtdD1*(bK9qbEDS|1PO<mffCc)b@ZAVeRmDJjn?Z92ceX+bfakMwTkFTL%9R>av
zPpV0(MZ+9eGR++}Q?{2>lJa?!|4aIqd?LO>9igc))$XQCJz2Y(&kT3{$*Bbz90*U%
z)TeUZ)Q_hY^_g*ZWK!zt>4BjU{Rej$IH<=*-CVu840pv0bafrjw~rjyWx$Xw15!7x
zUYRj<Woo>4>W!`40#c**{p~ZO$-&jBVTa<QQ+wYFFT8zwh}UJG8Gdh5w$IGzH7NI-
jN2R=i1I*cjdvm4jKBc|hX4?Kive$L*?J3p0PW${HjC3F8

delta 18538
zcma*ucX$@XqQ~)l2{oam(*m1>0D;hZ?}5;zh=?E&0t7+=DKx<s=~bG5s34$J3rJ{s
zC`z*c0wQ9eqjW_n76iH9-#Zfz=ic+j-RBuT({^Td%DxMpvwLQq*B0dQo(;;q$l<Ey
z=QySC_2Q1xGB@#>%5|IytsJK^#$tYt<MhOE(*0UH&Sy9pi(!j+$0>uou_Qi^YHx{k
zi}kqmXQS5%XyZ6Fs8|8(ssWo`i1g(g#3~rj)^QTB0jl0)R0lgT0KY{I>__WE<XN0h
zZc@Ff)()rvCu5-Fb)1PrDv|Lrmcx%Q8n0jl3}|O=sD*mMj;JRbhAN+7%QvGsI)r8M
zDu!aA_Kp*V(Wv$tU<pjbIQn<S5z&q7Q56qjB%VPv@CbE7Xa{383?khg1F$dZ{vkF!
z4MRvTwE62Wkn{oTDJ)9*8hSNF_lc;1kdDUcSdnxmjKVS42VX}G<UU4VXeTp}ny7Z-
zQ8UvI<8U07$MrV<IBM#DLba2(GxM(-B0IBzurW5q30N9;qXuvWW6<ehrm!4phB~71
z(@^ymp_Xn3s^in>V(ur*gT<g`riD%Se1iE`MkX2BJTtH;u0*ZvX4G1KkE-W%b(~-b
zMRgR58fZsriggxhfE!RVd)Ve*L-mutn|Tn|OGHo52DO&MP*XPs^#p5>jqH4Z1u?w4
zu`Fr{s-tGGGiq}V#bBI;Iz4Y-W&8oFVNefqidv$U*gJ<vB_cae9sYposNj=kq{UG)
zQXRF%El_Ls4CcjAHva_-BmD~2#En=BFQEodtfy%|9;=W}#r*W|EF+>RUV{bj5EjCd
z*c30J8j603qk~VOrhFl41~#K+;23IvH!%eB_A*OU5_RmFqLy@^P0z&;o&Rk_7>RQT
z>*7~f2Ma!JM&1(jL?f_1u0~DeIc$VQd$WAl5u4#6Y=U2-W;XO0v#Fb75z=1FhjTHC
z{+%U68sLW*g!fRJD}NtzZsSn-O;A($1Zu{-SP$PqJ>ePD)aLGM*0v^UpnXy0b5VP1
z8y3e)=q*X)ArXHp{;cV^EEXf(7PZESsN*#lU%^?ZO<A^|$sdNA+IgsfeSrKdIA<{e
z%O;vV(*jGA?t>cmxJ2e(yLBrW;rJP9?Ji&${0&!N*mGu$x1(m_giT+z>0JHI6NO?4
z%B!LtpdGfr{uqjDP)o2A1MzTwui3R{$<Q&phgzGG1I#gs#xT-#Q8U#EHN`{F#ighx
z|Inr{p=L67lIfrb>H#BB1FCKFJ7Fo({k*ndJZeoAqn=<BPQybOh1~|48%Cl=zR;#u
zqo#N-YR1mna%T{)W70wBVlS+YV=)HbLDlzuNn|;Z+t?cC4>q1cmvlrj8wZ;pljD4W
z(O6@M*^E!3cKKwC#Z6cazr%~@8Ok2=@LoZ6cq7FuMZhrMjCh?$B6^|*m>)Zs0;dOR
z%2QDt%tYVr#Q@TmP)~FVwYHI|W-02T2G|dE-(=JbZnEhUHvI@)o&TsbvqmkkDHVI7
zrf3OjDR!aO>KoKl-?Ih}H#1Zn$Mb|;QJeSJ2(y$wVpY<QP{*)py4eH$FgNKjScLwa
z7l=gSOQ<K=WIc%5G^f$mF$R$i&M*Tkhw88cDnAi5gPEvfHXbYE>!=sk=cs|?&NKt7
zjo#X1BoQf(uVEG3hr01L>R7s2W+v*P2G|WX;AAX|vrtR33Dxl#)LK744Xo5iGlNyF
z9k3wz$s?J6t<gv_wAQOoPrMslJY~~=*z&+pW+0WZ4&`l8OXWqKp4F%s-GfY)({!|X
z6>moEm0z(jMvpPSf{A0OU5kvj$<WBpqc+bYY^sW5&Ch6mY({z=YQWb}4Te6?I|18Z
z0xq_mM-8mvILB#-T~O`K#<qAEHN&Ca@g}1s&QJv`fnhJ0H&=DkvC71jxE!@a7qJNj
z@&Glk3+l-xVI%w)o8jN6_dwGLrk|<UgY;3<0K73TnoZHoIvF)1ThZ}2&UGw9^u|Q<
zqY^O5Jb4||Obtd2U^Z67J*a_PM{TwWlg;t#g?cZH!$^D+nIW%pfQUBF4XlmDrkHnh
zCoD?3FFuQD=#NLO-&udO{$l+LgQ=Hys;OTB3y_XMZMv$cb{qN1nVybB0?2p@yWs%T
z6YM|@=r`1i#7#46pNQI|bFeV3!4TYv>fm!Mgr`tT^&_fY$aFKHXe>#(3YMaOr=86h
zge^!<!caVjVR#zz;vH1S_c0d+vtcS=7)D@IEQNhgGddPya4l+yj-VdMnQ4w?9rS9X
z2}HC@d!jbaLR3S?umJvq+LXUzI0nr!Q(O^?lWu|<@Ke|TQ&D?nz0Lp3dd_+ewFCjP
zS^siGO3gM6v_$R7UZ{ahLp|XlTfQ4hll}@dg?BIji_9_UlBi=@7d3Oq)(O@nsE*%5
zJ;<Ip%)h4e6d7^&3u-DOUNXm}A*zGPm>=h%Zd{70_dfdLQB;TDVL|*AH3NU6>Xn{r
zPD3Nq%nrk{IMYi+YqSydWG68i@1mx>*gVs4O;m&JPz?@2&A@cj48DcB{}ATG>!^X>
zw*GDPpKsqU7)80aI+6B7x}yfN0yVOOsD^LYbkG7b^14`F^-=Z4p*H7A)PUAuZrqQW
zsn1a7{Q?G}-$L_1p~x}yI&nlawarjdlYpu?5H-TlsDZs^{TTIxS5O1Eg_`=1m(6jj
zgj&+4Q3J|AwL2GU;5(>+ox@=LTKsM^0v4I6iN>l_XoA|+saOdoqdMG#nwgU}{Qxy1
zk&De9O2ERTN1{5Kf_haiLq9x?E}mC8{X3o|rebka2h~xV@k!L0PeMJxo2a$_$a)sF
zM;@S_H2f8F9BX1l(jBofjz+b+1~t$_=;9spRv{9y)I4EJj3u3h+Js9{1K5RX=nU4u
zfLG0nqy=iGMx*MjLoL~-SORZgL(Kb{+5Ih0<r%0YUHlsJuLgFKp|!b*!C2;XvuSFg
z8tQ=!aJbEX+j<1`ez=8NqGHR;Uo2W-DbnMy7QTw%coZY>3aY<6%b9;YQN88%$+14^
zrKo|Nz%aamZSZewi}7!mSM^*hN%~7HgFmA>D7?ZLhZ;yb)PoE{)tiW=ag~=yAtE26
zZ-nR@A%>ElXQg=smqaxXgT=5J7RO#TKLd-Be#z#)fm-ViP#s-BZAxdAIc-HyGv_Tv
zL{rfmBQX<QT#V{qJLbaUsDXWjdGI#s&G(1R_j}XSi$pzfS=1?Mj!`%mHGo-I1Ybq^
z^Ew-dsNusHg4a<aeuUa2rQb3GX@y#nzNn7VF&B<Ubu<C>W3?8wiQh-H^F3<j?xUtY
zbhVkm+E_>DzY`IScnYfGD%5V@g<6sus5SOmW71_%OH&v1WF1j6H5_&9W}@2Liki_c
zu`J$2z1WJcH8WlbbJ4%kmq>0*L`~5^Ou#IR$33Vg$-B<{ZpWYoRu7}Gi!~GV0I#41
zl8sv0v#4VpxZccgGgNy$(5uaqNkliy!F;#_wIm;50G>sig6pWw>e*l#C}ORG8c0Xf
z+KxbN#uu?BF2EQ(h!ydsO^3hD{A(&3zip<x8)}VTMD2w|s3+Zknwh=mkH;|xPg`%H
zj%}`Y%)lC9ZPL9_OF194RC`c+;3B%1>s{tw9Y()vjzwM68Z|?$X;*YH1=Zjj)LQOC
zP4!i*gnsXt7fn^vlMX;V=}fGKTQNUg#wvIVD`RQzMpLl^@)PZhLN%CwlX>CPLapIA
ztcn{^9h^h$jXdw0sqcW=bi+}bZjMcFM0Io+b^m>g!-|{DY4P?XqNz#5Se%U79Pgo?
z@Cdqi6*VITvdxo3qdJU3t$hNjqhYA~U&99YAvVW*7>ISZn2r-LNaw#B5pBAGsI^H&
zHTV*`xEZPFoInlWG8RB*tI79A?U4x7tGqVqxTc_s)3GqF$57mXMez%)sPli0NI^3E
zx0!*2V;j<CP^V)MY5)_^#f7LR--3GL<ESZpgc@Mnb~6L<sDUM+?jMhOVa-E7T!^jd
z-&sPWE}pT5?l2z=9Z^#@8(mzE+I)LZGxY<O$J`&7QxS)gJhX*P$p6=eeA<z|kHtvG
z?==4;^DHXeVi)tT2743Hd7pq<yXDqh*3;I%(51Y@ZnL%xu|DaMs0Y}D&G0H}6UXl1
zAEvPfw!qb>fnUV{%>NPdA4VkPBQsT%usG?KSQ`7Frg|J|#7j{#vKh6T_oFuLU2Ex&
zO@3R{eWTIEMK-++b>9h__S@?<o5kI0DmFrO)W<p!YmlCc8qi+U`MrR8lA`-e{c5QE
z1dPDZ7=?>b_kDocbl;$!{F*Jl=Ot2vjAHxEjTKNg#A69e!eE?$+C(qg{I%#C5SAtX
z0%{ZHJz#zfYhpU-r%?kvf@<$4)IjndH2ryt6VX)F#ah@M8{!Pq(i}i7$!Syrzo9w~
z{DgM~R<kZZ9lN`zffW7JoQ}q*861jQs^zGe`V_0_{Qpj*92pfpGZi}{1<pj&6lP-x
zevOfM12v#RpPPY~N9~DLSRJ24bub-OZ#(MTAIDg{f@&x5kd~bFujz~M<XC}%ER4qG
zsHxqHYUm19M9*Q<K^z8<?u~j648lsd2s`4(SO|+8G4&!ahIB0I!8$8V|4up)Ex{`|
z2)AMrjQGO*L&P(vseTpf-~(&TqvmUO2o@y&P1IU%!a{fqwPa^){-0QYbn#>60i)6P
z{ojU&)_f#3#?4p{f5FNad)!QIPs~Sp25L>`qdMM?nu+7s7SCW)Ecd1Px8#B7l70tu
zI*y=b;KrBCzoxeE3A5QMU=`9$u?D7MbzF(H@dWC47Wm3MNfc_P;!p!0ih7Xss0a8F
zHIULLO?hAJO!{@~jyF#-|E-8L|JpP(74^giur=PnAgq7Nbl3r_k$w_&-!ydbFslAf
zs8dk$8?&UHu|DY()Pt-+4d@%xW-R9Y){L|T#*y(ns^U7-srU|SqUSrambFpGuL~B%
zG}NY@V9VEIUefzf13iS>@B#M3?C(v-0jJGo_SPn%j{2dda2mRJ088Ly)UNiNG4Jro
z7)p9L>Pe?!IIcpq^C7Om3#frkKWoa@TK8ZG`KK^a=l>>=2r>$vGiw`%{YbY)b+882
z;a&{GZ?FvB!UQaG-fY5NSd8>QR0m$0ei^ki@1l<L9n=gLyPzK}FMl^9;!nmzERJ(f
z4Xs6W^bxvv9<?_-7fnM|QRlfk>U}X5-^Jyq_e6(F=0!6KHK3(f3g1JudkCZH-?>3V
zo2<wWeE(q-M&hg31b1RR{0r4^tsnUpa(ou`WTh|j36BG?7JiE#W8o{j%<vfMRK;I4
zzkXS$8CZ?J-~UrYw8<XeUs&xLGvQ%FUN=t|f5Xg7ighXmQ*Q<4$1SJ<@4_fNhnlHe
zH%-UYFo5*4*b;}LmVDz)=D$9XBV@#3zMssos)c%zF{tzU9yZ0lQ8UrxXS0h(VIt|3
z*a-b@nN8aa%aZPGoq**@ug21N1mEWYZ{A}5m9hL+GxA-i0i8#6RN}VD?}mDHjzra;
zfLhBpP<v)4YIA;V(?6m1M!q{{FI7g(a6D=+j78ly*GoiGxE?iyn^8~l6>1=Xcg>o$
zN3G%Ws5Re!mGBqTT9&$JK3Y4W2DTX0UN)+ulj!0t)O(@mZ|0ND+nh)_GRC0RZUt)h
z??W|o8l&+~)EY+oZf=Z4O=%*!I0LmgH=x=%i52h<)NYUb!z^KQ)PuZ;4AARrBJwI3
zU*cRG_NUn-53xDv=J)w8-Z%++;Yn0}Rd#9(9D()lE$o12Q1vT5F#nuC4x5oahUz%*
zA)j~H414SRFDKH2jQdy>yZmk5bQ7>E>3!G^!ycI@PsC27m*O70ikhi)jz|Cd6z2fe
z!7z`<_umsbVnfm^F&WQbcWjf(<23aWd7VfTJdGMiNk5OT!x5+_-iiG%EVsvZDn?-=
z((hn>yoNef(Rn;h6%XGKs3lm;e|OakeSkIbCTfY?d}cuH(W?s6h_t{Du@*i=ZLS*p
z55AgVU(_CX11sY})O~kR11Vp?<J;8(FpTsVOvQPqJ@W|tF~HyB`(6k`<wyH_yuQDi
zRVBkEqY0|wvseg+*z{-&B0ULp<6_itT!m@)4klo!0FUp}Yaq5Fy#*WKpI8QK6*TR1
z$C9K674+JM$tXs~V$^Zki28ZGfCce3YU&<YD;6>h^uVs<k3gN0{iqqZig{EYOJJVD
z9^c>nT#O|hjoND+y+m|O#$#<<gW9F1QJW~Bh*{$n7*2W|2II@v7}sGuUPc!y7d11}
z3H3&O3U%KUERM@iOSv8Oz}~Y&wE2EV7wZI?f}W^~!%<JP1VivWRKxpFGxQ5;&v=47
zzR&PFsLj?ELvb8xMi*ct?nf=*Ws~+gw~6T7h6I}dBw}gO6Hy~xiG}fBs5Sc>^=iG0
zI`;)b%-Xg_9m^!tUfF`$L!Y3Y^dxF2ent(vK&XcwA<kb3BFd<T>No*aaWHDPPr?X%
zAN8Yh6!j!`Q3DAJGpC>tY7dM-b+`;QgWFJ>?+mK_hp2W-g;QVWza0_n=2X;(N28`_
zs!cCIHM9b?S3bcM{Ke+?DQ0&0WK{Vc)IhGHiv{^DuY{FRd#e|!{psk{h+Za=AG1*}
zj-99{J%`$Cxl5R(D2Cb#HBj{vP&3fg=8r}VU@mIScc41Hj_NS1q}e-Bs2S>9lJl?4
zGuUP<Lp8V!HD#w!=l20>FVrn%2J{3forGEnFRGoDs8{jVsMB)?^&?d=!W_G<sPs5g
zKW{~F{`DsNoD6N6hp4qKTH3rws$d?{<52Y`qGo6-YDvDqYWN6sDyo$+1L}jCSubiv
zmZO&B6Lj&0O&9dKW~!^9o}dS6>Sm&D+-cK4qB;nVG_T}VsE((gUL@O4$L=y}jY~wC
zO__joNl!)1$ZpiD{vK+Hz4fBa)bv43<uuf*bUnu79aIMm%9;*_U^CLou_c~E7o%fL
zc`MY+j7Hu62I`G>88zUd<;+YrM+WS5GKn;$U>#~iS5fD>P<gWy@u*kt093uXs3$mz
zYA~pRS*n((%{m{oxmII$+>PBZIM(C)XT3qF<F^sZ>HMGZMcCyP&6HO{ZI14!CmD;{
z#Vc+85ey`K2eqboDw!vYMWwr;j`1kedt?e~Q?5X5>RqUMXE2oh9Z#H@!f@0kt7p?g
zu^{Q$sN=R2wZ^MZ@BXh*QyWs**aWqC2V*XrirVcnP`|40qmJQD)E@g3y{dShh^GD_
zs^O?AW)t;8o%gxcHK-eRp&Gu0I)>p@%_ggk+GNS-dt%g&&o0!AoJ93^3Dw`_s+@lv
zuYhW1O#)E`O;JxWz~)axy$3d-26zLtG_lo9{Vv#ybQY?^ZK&UhFRa&5OOdyRnW;$B
z611=3H9xOuwqQMKtxuqi-y>9m6>6Ffie{)Mn1Wi8>8M}1`Pd8BVrTT!G95gD+ACS8
zcBY})eZ%^xmx!kLSJa5|*ETZ|hdS?1qdJ&|+LX(z`>;OgYpCCj=sIReDx;>l2S#Ck
zRQpqH`7+c49zeY(yuaECZe25Fby1tF8)}WGp*Gn@oBkH{B%XTa7#2rO^)slwFdDUq
z7oa*mfSQ5RsQZ3Kor1jeJ^D=NfB!*5H;l%1_%^o3-%wA`qJf#2B-DFg2CCsLs3kar
zLHHGFjjy2gMy`ftuf(FJd=Tosd8oa#7Mtq)U-U)T^^MHbKZkl1&%=Cp0PElp)RgCL
zY(CYR;0n^2HXYi;d<(Wm)nAU<tS4<cxT*QPZ-<)t6&R)Sf0T%J{cUAncr$aH8emh>
z>8Q`_%~%+3q3ZvQYACw7`LXGWI(8#ad*vlmy)CGj`WCeW7tzK0===A-k}b@;za6%v
zAO#a}D~8}B)QcmerD?!Ly-@0*I%tX7BZJYm_Nb*efSUUAs25p*R_0iTS!=c8{69%S
zS2DC_>rpoxLv{Qox>&fidAC<Zy?|PxW+Dr<M3b=-&PHvn?@>?s7izZ$$D0Riikitp
z>+*Q7*}dPBq2u>E>c*07%r{|8)Ol}ZZG&w{w?i$>0@RPymo^>H*6jB7sE+%fW@HBH
z0e7N~^(E8{7WF2091juhcd``Wx@2(j(en@+52lO*;mja!6nU=@{|Ys&(ZtzfzHh>Q
z8m+yC;}p_Y2&~{gS1HoV33JHP{_|bO$e2vfwUvUR#8tQe2NPx!*OUH4{3CSz_=Bq-
zbuW`QjQAMhg9(F(m!mun@rsl+Abdjn9FEgX_S&m1?vd#s<Xmh@-=+7zu8pKWf2{ly
z;)e)HHg7w1dJ|qFbfT{IPtG-$I^Pj;6TT<23n7s@p$x7S@n-Bl-?fYi^NI29aBg7{
z!U)1}@^zK6PrHut4JOO?=W~>=BesV8rwIJ8`8Mc0dtU_ijUsQKy{A6;dii`n(1y*=
z{&OA?X+|hR<twDm5;{`x5#c@Z7ZV<k_a<ILUHPdyhVsIsyPGWMEJl*vL&!^cRYG1{
zU%&GOiGPV*aKF9B_x&G5hR*jeoJVlDu>=(_+Db25#Vqpg;Kzhzggn&Ug#5xfYw=CW
z`O)-U!IbIpknTnP?*#o;{D}II;_~|bi)A#i%f2*Eig8rvWz#}u_B$HkN789aS#?4n
zd1Gxys-ue!BIh3AoXvlSddqD518W=d))JqD`tJ|U=Ok8<$hp2HevG`~gf%vk4<qLS
z;UQ&3aS@>uWjfQj?7csdcZ#r+FxlSsku5uD(_h=PO*+45|LOBu*L4ctFj40Kja(<b
z%BExORECqEPAEX#{FLeI>3Lh{U*wM`<fm*VUceCqU1JG;#8;B9Ypa3({U@1y$$W{B
zNIaQ>w{4~0iJu@IK>ojoueUelW-xl~hLW$}{0g>y0rKA=UJ+MP)|hb2-jf3_KIeJD
zMlvG(e6JY(y^e|lY$Kmg(3P~VFhZb>kEDDH;Wi<V4vG<?Y}plGZ8jEew0UX7=Mid<
z?rh69aPI*dPba^O`d>n%65%l61ckp+NuON0ekQCZt?L=ezb8Hl{qSYNM8XEr_X)aM
z;xxivgxr*sW{~_f!FR1CkB=?i<>D8LY5hkMMpM{A8C>5GABX|m{Ejb&zq^ySkMI}i
z;{=!ZL|Y~*6ZVkTjF4eF`2!!2?yb(y-{xl!zeoKL(%wpR(nc+CWs`B(R$5G@LpH9m
zA4u!Ui`?S-*;cwG;UwWTTi(^)Q<8Ken-`CNQ|AfF4xz4+#Bb>NYuieN(ci{R6+V$j
z_o3o^+vvxn|0aHz3X5%?>UJY6C9EK{BYy_!x<mcXNIz-YtxMiS;#F`nVX5B#C3&3t
zBwnN9`xN#ev?shmUOU1b!W_b@gty6esMj2Vh~GwC3(3>}gZ3zXOZb!U0{IIF+o%^t
zC_(uM@&gIFULs7^`@ad12sO+#2$z_sv!D2P#1CR77NP-tOz6Yn2tn6o%8C<G3D45j
zRg>-P!ZqY|BWxjF1o?9JUDx>YL&6^f@8|sS5e58Z)Tv9Q&bSE+li!Cho{&w5qjOzH
zDVv5x34FW!bG=NyuH)prZ}Sh>y!FUm6@6DMf2I>QlYWu!Pv-?9U)jQUO&#Y~ZfH&X
zC-Psgji_j-E&ql5=Lii6<q0<lIaf3TJwv*!%{Yx+3C};)j*4dK51qeTR31$9B`Pc+
zUV>2BKCP-eO*-fLiaK`*waJ)D{&I{YJ%jiqg6FaOPLV(Rv3nm<w+nf1k$0C+n(&m)
ze<qPC+*qFYPC{!c6~LMVT}?@+5xyqAT~gn75${3BxkeIyk;F5$JdZ6aOWS|g_-M*!
z6MvOD6;S>Au7PCSCSw;~CNv?wm(Y%obN!3>_clETPZ0J}_iZYCib3}2!-&65xMb_r
z!sn>-ERH3tB>s$P)a&%3Vi9h<gSrl4e+<HRsoaW?NP0Kv>xAQ^>#HJHd(!y`znY}8
zkN8dE1*!8i>U5<Lz9F0>=z63$<wFTy=6wID;5-HW$$XK}l=uz85Q47W<b6uWOFW9f
zjw7zCF!8z68Bh8P>`PuTLN@90l=UP&i2RziozKXB(#8WYOW$R>%458V`u?oI%{kW*
zD!ygw-N2rtmlJYRVSvr=j9H|s;YFLL`;+ts*Pn#lz8D)E_j7+^^!m|JKO(PkQyQ7U
zSPg$C=&FrB*mzUYohT0_{UKo+>7PjlsUp|wgsr4?O|$nXUe)F)UWZVTu-%k<ou7#m
zAatP87D7kjVGJt9RM0)<U$1aAdC8CEm$40Zpe!Hve1jJ$Pa<3(9zuB(zD3Bn+7p>z
z+i0ZqKckGCQd~_K#*LYT@W=8Ok}k!Kvk1?U{{&$G;a$>=3Ec_xs8bJhr4nLE|F>%!
zb)qTD<z>_f)Cj?1wsN?2CixQ{YoH7_6(JNOd_ewg!jQ+xf1~~mLMzH|J(f?F^9$)u
z@x0Byie(Aj6;#%Bj_^7eGi`;bzFa;?DX&7_Z-l;t_Xtxc>xsJFuqxh=P)iZ6(cD*%
zhdPaSNngbuup2)0?|Ybku0L(YF6%)2+s0#Pq@%AEpWWm|+V~j!(AFtSd^+JijrS+4
zCjUI?oa;^Ua;}>8p3^?*zaf!V2&bsgl8WErRMHt3mvfgjnfzelJqQn}8-uNJ5-uW)
zvmH&RULArie;y!}{OJUjw6f>(M<LSPbIw0`&MGq2*_)KkMOxQR@^0GvrC6K>bv3tn
zo2a*g_%)mUm~?64u^3_77;4phXDFLOx&?ZFBk~iOpAnW2FG}M(@I8XA;?@`{cd&6&
z!Yq&u$w^ojVhVM`?I52f{=csT^5VI7uD-;MkSIsuFTz<{`6zc(Bb2l0vXuF*?A9%>
z=kdl2h;>_aYwlLaNXm4_q-CYMX`@oz{)xjApG!_j&P-0qi1l||*RAmHiphgg-L%w{
zF^?6rP8pOqEHTBckd)d#ea!I8|6SfyJ^Z(_hIH>M{Qq=sD*n@bc5K2hzaZOc(g1fr
zVrHVh6O*xU-j=XZinz8cIW5&4m7J2|K9}TXWh4z)IKRV!;D6sYFfF}-8x@lgm0hyq
zk%-c185zmXr6jqD{WG~S!=>0wbZKp9(wGKr_T?eXqatFmDnFN;X*1*8gjPi3-2UlF
ziJ3_QvV-R|_sd>1uV7gA!8ObM<C8`w_0P&oa+5}9CZ(q`OT*LC2Bjws^LMgR6V+2@
zn#-L7{!ayRGlnySqy{vf{nYyna~0^HJbZ9cx{|Z9(*piu^^y|D?w{mlB&QBy5&v1h
z{gV#7nVgdJ*jo8kJ2h)qVzQf&G%PhS{qe$o7SdGcpFA-AKP&jwAg8d~e=TJx|G#5-
zthJo6WZ&I=-7lEwW;v5w-vBa`w3<s+wD6RO@OMTgx&xD0m6WuM<V>E}j!{dr@bumd
z!R8iscv5O+dX`<-7xvXH8`Hc$Q<0UL><;Hnc6XAk<EFX&2PY*b(E#ha<x1&_(Qf}N
zUmlI-tn`1b^8QKNKMC|)^V|Mss3)W3lI-f9@a=1=doC7iV^%vcXOXi~?6Uehsaf=#
y$#^r9-SqvFGKOcRW>9Q*Lsm*wvaPD+-tKMUxtYs9DWkvd0kcxJCpPz-@%tYQ07s+%

diff --git a/po/ro.po b/po/ro.po
index d37c804..ceb2b19 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.4.2rc1\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2017-12-19 12:30+0100\n"
 "Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
 "Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
@@ -19,52 +19,52 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "am eşuat să stochez amprenta: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Doriţi într-adevăr să ştergeţi cheile selectate? (d/N) "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -72,7 +72,7 @@ msgstr "frază-parolă invalidă"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -83,25 +83,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "frază-parolă prea lungă\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 #, fuzzy
 msgid "Quality:"
 msgstr "validitate: %s"
@@ -112,17 +100,17 @@ msgstr "validitate: %s"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
@@ -130,89 +118,83 @@ msgid ""
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "frază-parolă incorectă"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "linie prea lungă"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "frază-parolă prea lungă\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Caracter invalid în nume\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "MPI incorect"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "frază-parolă incorectă"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "schimbă fraza-parolă"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
@@ -220,84 +202,74 @@ msgid ""
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "algoritm rezumat %d nu este suportat\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "nu pot crea `%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "nu pot deschide `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nu am găsit nici un inel de chei secret de scris: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -305,115 +277,108 @@ msgid ""
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: am eşuat să creez hashtable: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 #, fuzzy
 msgid "Please insert the card with serial number"
 msgstr ""
 "Vă rugăm scoateţi cardul curent şi introducaţi unul cu număr de serie:\n"
 "   %.*s\n"
 
-#: agent/divert-scd.c:206
-#, fuzzy
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-"Vă rugăm scoateţi cardul curent şi introducaţi unul cu număr de serie:\n"
-"   %.*s\n"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 #, fuzzy
 msgid "Admin PIN"
 msgstr "|A|PIN Admin"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Repetaţi acest PIN: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Repetaţi acest PIN: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Repetaţi acest PIN: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "PIN-ul nu a fost repetat corect; mai încercaţi o dată"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "PIN-ul nu a fost repetat corect; mai încercaţi o dată"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN-ul nu a fost repetat corect; mai încercaţi o dată"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, fuzzy, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s: eroare scriere înregistrare dir: %s\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Introduceţi fraza-parolă\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Folosiţi oricum această cheie? (d/N) "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -421,7 +386,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Numele trebuie să fie de cel puţin 5 caractere\n"
 msgstr[1] "Numele trebuie să fie de cel puţin 5 caractere\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -429,383 +394,388 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Folosiţi oricum această cheie? (d/N) "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Aveţi nevoie de o frază-parolă pentru a vă proteja cheia secretă.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "schimbă fraza-parolă"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Cheia este înlocuită"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "locvace"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "fii oarecum mai tăcut"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "actualizează baza de date de încredere"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NUME|setează charset-ul pentru terminal ca NUME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "nu este suportat(ă)"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "nu este suportat(ă)"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|foloseşte modul frază-parolă N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "foloseşte gpg-agent"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Raportaţi bug-uri la <gnupg-bugs@gnu.org>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "algoritm rezumat selectat este invalid\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "citesc opţiuni din `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "nu pot crea `%s': %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent nu este disponibil în această sesiune\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "scriu cheia secretă în `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "nu pot crea directorul `%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 #| msgid "directory `%s' created\n"
 msgid "directory '%s' created\n"
 msgstr "director `%s' creat\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "fstat(%d) a eşuat în %s: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: nu pot crea director: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "actualizarea secretului a eşuat: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: sărită: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent nu este disponibil în această sesiune\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -815,19 +785,19 @@ msgstr ""
 "Opţiuni:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -835,8 +805,8 @@ msgstr ""
 "@Comenzi:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -846,36 +816,36 @@ msgstr ""
 "Opţiuni:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
@@ -883,53 +853,52 @@ msgid ""
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "anulată"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "eroare în `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "fişier opţiuni `%s': %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "părţi ale cheii secrete nu sunt disponibile\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "Eroare: amprentă formatată invalid.\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -942,19 +911,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "da"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -967,7 +936,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -977,36 +946,36 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "schimbă fraza-parolă"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -1014,107 +983,107 @@ msgid ""
 "%%0A?"
 msgstr "Doriţi într-adevăr să ştergeţi cheile selectate? (d/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 #| msgid "enable key"
 msgid "Delete key"
 msgstr "activează cheia"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "părţi ale cheii secrete nu sunt disponibile\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "algoritm de protecţie %d%s nu este suportat\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "algoritm de protecţie %d%s nu este suportat\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "algoritm de protecţie %d%s nu este suportat\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "actualizarea a eşuat: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
@@ -1130,34 +1099,34 @@ msgstr "nu mă pot conecta la `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problemă cu agentul: agentul returnează 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "nu pot deactiva generarea fişierelor core: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "AVERTISMENT: proprietate nesigură (unsafe) pentru extensia `%s'\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "actualizarea a eşuat: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "da"
 
@@ -1211,53 +1180,99 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "actualizarea a eşuat: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
+#, fuzzy, c-format
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "actualizarea a eşuat: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "actualizarea a eşuat: %s\n"
+
+#: common/asshelp.c:364
 #, fuzzy, c-format
 #| msgid "can't do this in batch mode\n"
-msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
 msgstr "nu pot face acest lucru în modul batch\n"
 
-#: common/asshelp.c:430
-#, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr ""
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "can't do this in batch mode\n"
+msgid "connection to the keyboxd established\n"
+msgstr "nu pot face acest lucru în modul batch\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "can't do this in batch mode\n"
+msgid "connection to the agent established\n"
+msgstr "nu pot face acest lucru în modul batch\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "eroare la citire `%s': %s\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:588
 #, fuzzy, c-format
 #| msgid "can't do this in batch mode\n"
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
 msgstr "nu pot face acest lucru în modul batch\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: "
+msgid "WARNING: %s\n"
+msgstr "AVERTISMENT: "
+
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Vă rugăm folosiţi mai întâi comanda \"toggle\".\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1336,7 +1351,7 @@ msgid "algorithm: %s"
 msgstr "validitate: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1421,12 +1436,12 @@ msgstr "Această cheie a expirat!"
 msgid "Root certificate trustworthy"
 msgstr "certificat incorect"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "certificat incorect"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Cheie disponibilă la: "
@@ -1468,7 +1483,7 @@ msgstr "Nici un disponibil disponibil pentru `%s'"
 msgid "ignoring garbage line"
 msgstr "eroare linia de trailer\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "[nesetat(ă)]"
@@ -1478,144 +1493,26 @@ msgstr "[nesetat(ă)]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "caracter radix64 invalid %02X sărit\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "Nu sunt permise comenzi administrare\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "eroare citire fişier"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "linie prea lungă"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "argument invalid"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "armură invalidă"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "Comandă numai-administrare\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "opţiuni enumerare invalide\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "neforţat(ă)"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "Comandă numai-administrare\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "opţiune necunoscută `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "date neaşteptate"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "opţiuni enumerare invalide\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "opţiuni enumerare invalide\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Comandă invalidă  (încercaţi \"ajutor\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "opţiuni enumerare invalide\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "NOTĂ: nici un fişier opţiuni implicit `%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "fişier opţiuni `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1631,131 +1528,132 @@ msgstr "nu pot deschide fişierul: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "nu pot crea directorul `%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "scriu cheia secretă în `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "cheia publică %s nu a fost găsită: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "scriu cheia secretă în `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "armură: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "header armură invalid: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "header armură: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "header clearsig invalid\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "header armură: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "semnături text în clar încuibărite\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "armură neaşteptată: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "linie cu liniuţă escape invalidă: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "caracter radix64 invalid %02X sărit\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "eof prematur (nici un CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "eof prematur (în CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC anormal\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "eroare CRC; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "eof prematur (în trailer)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "eroare linia de trailer\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "nici o dată OpenPGP validă găsită.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "armură invalidă: linie mai lungă de %d caractere\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1763,13 +1661,13 @@ msgstr ""
 "caracter printabil în ghilimele în armură - probabil a fost folosit un MTA "
 "cu bug-uri\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "ilizibil"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1778,29 +1676,29 @@ msgstr ""
 "un nume de notaţie trebuie să conţină numai caractere imprimabile sau spaţii "
 "şi să se termine cu un '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "un nume de notaţie utilizator trebuie să conţină caracterul '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "un nume de notaţie trebuie să nu conţină mai mult de un caracter '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr ""
 "o valoare de notaţie trebuie să nu folosească nici un caracter de control\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "un nume de notaţie trebuie să nu conţină mai mult de un caracter '@'\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1810,368 +1708,355 @@ msgstr ""
 "un nume de notaţie trebuie să conţină numai caractere imprimabile sau spaţii "
 "şi să se termine cu un '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "AVERTISMENT: am găsit date de notare invalide\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Introduceţi fraza-parolă: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "eroare la crearea inelului de chei `%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "WARNING: "
-msgid "WARNING: %s\n"
-msgstr "AVERTISMENT: "
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s nu merge încă cu %s!\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Vă rugăm folosiţi mai întâi comanda \"toggle\".\n"
+msgid "error from TPM: %s\n"
+msgstr "eroare la citire `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s nu merge încă cu %s!\n"
+msgid "problem with the agent: %s\n"
+msgstr "problemă cu agentul: agentul returnează 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent nu este disponibil în această sesiune\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "nu puteţi folosi %s câtă vreme în modul %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "Tor is not properly configured"
 msgstr "amprentă invalidă"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "DNS is not properly configured"
 msgstr "amprentă invalidă"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "generează un certificat de revocare"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "armură: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "cardul OpenPGP nu e disponibil: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "cardul OpenPGP nr. %s detectat\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "nu pot face acest lucru în modul batch\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Această comandă nu este permisă în modul %s.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "părţi ale cheii secrete nu sunt disponibile\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Selecţia d-voastră? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[nesetat(ă)]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "neforţat(ă)"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "forţat(ă)"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Eroare: Deocamdată sunt permise numai caractere ASCII.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Eroare: Caracterul \"<\" nu poate fi folosit.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Eroare: Spaţiile duble nu sunt permise.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Numele de familie al proprietarului cardului: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Prenumele proprietarului cardului: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Eroare: Nume combinat prea lung (limita este de %d caractere).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL pentru a aduce cheia publică: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Date login (nume cont): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Date DO personale: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Preferinţe limbă: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Eroare: lungime invalidă pentru şir preferinţe.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Eroare: caractere invalide în şir preferinţe.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Eroare: răspuns invalid.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Amprenta CA: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Eroare: amprentă formatată invalid.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "operaţia pe cheie nu e posibilă: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "nu este un card OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Înlocuiesc cheia existentă? (d/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Ce lungime de cheie doriţi? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "rotunjită prin adaos la %u biţi\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "dimensiunile cheii %s trebuie să fie în intervalul %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) Cheie de semnare\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Cheie de cifrare\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Cheie de autentificare\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Selectaţi ce fel de cheie doriţi:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (numai semnare)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA şi Elgamal (implicit)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Selecţie invalidă.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Această comandă nu este permisă în modul %s.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Creez copie de rezervă a cheii de cifrare în afara cardului? (d/N) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "cheia secretă deja stocată pe un card\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Înlocuiesc cheile existente? (d/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, fuzzy, c-format
 #| msgid ""
 #| "Please note that the factory settings of the PINs are\n"
@@ -2186,195 +2071,208 @@ msgstr ""
 "   PIN = `%s'     PIN Admin = `%s'\n"
 "Ar trebui să le schimbaţi folosind comanda --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Vă rugăm selectaţi tipul de cheie de generat:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Cheie de semnare\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Cheie de cifrare\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Cheie de autentificare\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Vă rugăm selectaţi unde să fie stocată cheia:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "actualizarea a eşuat: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "cheia secretă deja stocată pe un card\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Sign it? (y/N) "
 msgid "Continue? (y/N) "
 msgstr "Doriţi să-l semnaţi? (d/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "eroare în `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "eroare în `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "ieşi din acest meniu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "arată comenzi administrare"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "afişează acest mesaj"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "afişează toate datele disponibile"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "schimbă numele purtătorului cardului"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "schimbă URL-ul de unde să fie adusă cheia"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "adu cheia specificată de URL-ul de pe card"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "schimbă numele de login"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "schimbă preferinţele de limbă"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "schimbă sexul purtătorului cardului"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "schimbă o amprentă CA"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "comută fanionul PIN de forţare a semnăturii"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "generează noi chei"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "meniu pentru a schimba sau debloca PIN-ul"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "verifică PIN-ul şi listează toate datele"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NUME|foloseşte NUME ca destinatar implicit"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "schimbă încrederea pentru proprietar"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "schimbă încrederea pentru proprietar"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Comandă numai-administrare\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Sunt permise comenzi administrare\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Nu sunt permise comenzi administrare\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Comandă invalidă  (încercaţi \"ajutor\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output nu merge pentru această comandă\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "nu pot deschide `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "cheia \"%s\" nu a fost găsită: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "eroare la citire keyblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "cheia \"%s\" nu a fost găsită: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(dacă nu specificaţi cheia prin amprentă)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "nu pot face acest lucru în mod batch fără \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(dacă nu specificaţi cheia prin amprentă)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2414,9 +2312,9 @@ msgstr "cheie"
 msgid "subkey"
 msgstr "Pubkey: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "actualizarea a eşuat: %s\n"
@@ -2443,172 +2341,127 @@ msgstr ""
 "folosiţi opţiunea \"--delete-secret-keys\" pentru a o şterge pe aceasta mai "
 "întâi.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"AVERTISMENT: forţând cifrul simetric %s (%d) violaţi preferinţele "
-"destinatarului\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "nu pot crea un pachet ESK simetric datorită modului S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "folosesc cifrul %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' deja compresat\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "AVERTISMENT: `%s' este un fişier gol\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm `%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "nu puteţi folosi algorimul de rezumat `%s' câtă vreme în modul %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "citesc din `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
 #, c-format
 msgid ""
-"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVERTISMENT: forţând cifrul simetric %s (%d) violaţi preferinţele "
+"destinatarului\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr ""
 "AVERTISMENT: forţând algoritmul de compresie %s (%d) violaţi preferinţele "
 "destinatarului\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forţând cifrul simetric %s (%d) violaţi preferinţele destinatarului\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s cifrat pentru: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "nu puteţi folosi %s câtă vreme în modul %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s date cifrate\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "cifrat cu un algoritm necunoscut %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "AVERTISMENT: mesajul a fost cifrat cu o cheie slabă din cifrul simetric.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problemă cu mânuirea pachetului cifrat\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "nu este suportată execuţia nici unui program la distanţă\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"chemarea programelor externe sunt deactivate datorită opţiunilor nesigure "
-"pentru permisiunile fişierului\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"această platformă necesită fişiere temporare când sunt chemate programe "
-"externe\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-#| msgid "unable to execute program `%s': %s\n"
-msgid "unable to execute program '%s': %s\n"
-msgstr "nu pot executa programul `%s': %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-#| msgid "unable to execute shell `%s': %s\n"
-msgid "unable to execute shell '%s': %s\n"
-msgstr "nu pot executa shell-ul `%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "eroare de sistem la chemarea programului extern: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "ieşire nenaturală a programului extern\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "nu pot executa programul extern\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "nu pot citi răspunsul programului extern: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "AVERTISMENT: nu pot şterge fişierul temporar (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "AVERTISMENT: nu pot şterge directorul temporar `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2632,402 +2485,402 @@ msgstr "cheie secretă de nefolosit"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: sărită: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "scriu în `%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "cheia %s: semnătură subcheie într-un loc greşit - sărită\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "exportul cheilor secrete nu este permis\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "cheia %s: cheie stil PGP 2.x - sărită\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "AVERTISMENT: nimic exportat\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "eroare la creearea `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[ID utilizator nu a fost găsit]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "eroare la creearea `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "eroare la creearea `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "Amprenta CA: "
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NUME|foloseşte NUME ca cheie secretă implicită"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NUME|foloseşte NUME ca cheie secretă implicită"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "Cheia invalidă %s făcută validă de --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "folosim subcheia %s în loc de cheia primară %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "|[fişier]|crează o semnătură"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[fişier]|crează o semnătură text în clar"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "crează o semnătură detaşată"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "cifrează datele"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "cifrează numai cu cifru simetric"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "decriptează datele (implicit)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifică o semnătură"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "enumeră chei"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "enumeră chei şi semnături"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "enumeră şi verifică semnăturile cheii"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "enumeră chei şi amprente"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "enumeră chei secrete"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "generează un certificat de revocare"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "şterge chei de pe inelul de chei public"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "şterge chei de pe inelul de chei secret"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "semnează o cheie"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "semnează o cheie local"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "generează o nouă perechi de chei"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "semnează o cheie"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "semnează o cheie local"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "semnează sau editează o cheie"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "schimbă fraza-parolă"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportă chei"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportă chei pentru un server de chei"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importă chei de la un server de chei"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "caută pentru chei pe un server de chei"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "actualizează toate cheile de la un server de chei"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importă/combină chei"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "afişează starea cardului"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "schimbă data de pe card"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "schimbă PIN-ul unui card"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "actualizează baza de date de încredere"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [fişiere]|afişează rezumate mesaje"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NUME|foloseşte NUME ca cheie secretă implicită"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NUME|cifrare pentru NUME"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "foloseşte comportament strict OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "nu face nici o schimbare"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "întreabă înainte de a suprascrie"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "crează ieşire în armură ascii"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "foloseşte modul text canonic"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|setează nivel de compresie N (0 deactivează)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importă chei de la un server de chei"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "enumeră şi verifică semnăturile cheii"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "enumeră chei secrete"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|NUME|cifrare pentru NUME"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "foloseşte acest id-utilizator pentru a semna sau decripta"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3035,7 +2888,7 @@ msgstr ""
 "@\n"
 "(Arată pagina man pentru o listă completă a comenzilor şi opţiunilor)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3065,13 +2918,13 @@ msgstr ""
 " --list-keys [nume]         arată chei\n"
 " --fingerprint [nume]       arată amprente\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3086,7 +2939,7 @@ msgstr ""
 "sign, check, encrypt sau decrypt\n"
 "operaţiunea implicită depinde de datele de intrare\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3094,79 +2947,79 @@ msgstr ""
 "\n"
 "Algoritmuri suportate:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Pubkey: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Cifru: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Compresie: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "folosire: gpg [opţiuni] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "comenzi în conflict\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 #| msgid "no = sign found in group definition `%s'\n"
 msgid "no = sign found in group definition '%s'\n"
 msgstr "nu am găsit nici un semn = în definiţia grupului `%s'\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on homedir `%s'\n"
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr ""
 "AVERTISMENT: proprietate nesigură (unsafe) pentru directorul home `%s'\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on configuration file `%s'\n"
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr ""
 "AVERTISMENT: proprietate nesigură (unsafe) pentru fişier configurare `%s'\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on extension `%s'\n"
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "AVERTISMENT: proprietate nesigură (unsafe) pentru extensia `%s'\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on homedir `%s'\n"
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr ""
 "AVERTISMENT: permisiuni nesigure (unsafe) pentru directorul home `%s'\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on configuration file `%s'\n"
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 "AVERTISMENT: permisiuni nesigure (unsafe) pentru fişier configurare `%s'\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on extension `%s'\n"
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
@@ -3174,7 +3027,7 @@ msgstr ""
 "AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru "
 "directorul home `%s'\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
@@ -3184,7 +3037,7 @@ msgstr ""
 "AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru fişier "
 "configurare `%s'\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
@@ -3192,7 +3045,7 @@ msgstr ""
 "AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru "
 "extensia `%s'\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
@@ -3200,7 +3053,7 @@ msgstr ""
 "AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru "
 "directorul home `%s'\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory permissions on configuration file `"
@@ -3211,7 +3064,7 @@ msgstr ""
 "AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru fişier "
 "configurare `%s'\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
@@ -3219,469 +3072,485 @@ msgstr ""
 "AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru "
 "extensia `%s'\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 #| msgid "unknown configuration item `%s'\n"
 msgid "unknown configuration item '%s'\n"
 msgstr "articol configurare necunoscut `%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "Nici o semnătură corespunzătoare în inelul secret\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "Nici o semnătură corespunzătoare în inelul secret\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "arată căruia dintre inelele de chei îi aparţine o cheie enumerată"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "Nici o semnătură corespunzătoare în inelul secret\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "opţiune necunoscută `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Această comandă nu este permisă în modul %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "NOTĂ: %s nu este pentru o folosire normală!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "`%s' nu este expirare de semnătură validă\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Nu este o adresă de email validă\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid character set\n"
 msgid "'%s' is not a valid character set\n"
 msgstr "`%s' nu este un set de carectere valid\n"
 
 #
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "nu am putut interpreta URL-ul serverului de chei\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: opţiuni server de chei invalide\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "opţiuni server de chei invalide\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: opţiuni import invalide\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "opţiuni import invalide\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: opţiuni export invalide\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "opţiuni export invalide\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: opţiuni enumerare invalide\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "`%s' nu este expirare de semnătură validă\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "`%s' nu este expirare de semnătură validă\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "`%s' nu este expirare de semnătură validă\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: opţiuni verificare invalide\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "opţiuni verificare invalide\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "nu pot seta cale-execuţie ca %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: opţiuni verificare invalide\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "opţiuni enumerare invalide\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "AVERTISMENT: programul ar putea crea un fişier core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "AVERTISMENT: %s înlocuieşte %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s nu este permis cu %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s nu are sens cu %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "nu va rula cu memorie neprotejată (insecure) pentru că %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "algoritm cifrare selectat este invalid\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "algoritm rezumat selectat este invalid\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "algoritm compresie selectat este invalid\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "algoritm rezumat certificare selectat este invalid\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed trebuie să fie mai mare decât 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed trebuie să fie mai mare decât 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth trebuie să fie în intervalul de la 1 la 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "default-cert-level invalid; trebuie să fie 0, 1, 2 sau 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "min-cert-level invalid; trebuie să fie 0, 1, 2 sau 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "NOTĂ: modul S2K simplu (0) este contraindicat cu insistenţă\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "mod S2K invalid; trebuie să fie 0, 1 sau 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "preferinţe implicite invalide\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "preferinţe cifrare personale invalide\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "preferinţe cifrare personale invalide\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "preferinţe rezumat personale invalide\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "preferinţe compresie personale invalide\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "lungime cheie invalidă; folosesc %u biţi\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s nu merge încă cu %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "nu puteţi folosi algoritmul de compresie `%s' câtă vreme în modul %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "am eşuat să iniţializez TrustDB:%s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "AVERTISMENT: destinatari (-r) furnizaţi fără a folosi cifrare cu cheie "
 "publică\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 #| msgid "symmetric encryption of `%s' failed: %s\n"
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "cifrarea simetrică a lui `%s' a eşuat: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "nu puteţi folosi --symmetric --encrypt cu --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "nu puteţi folosi --symmetric --encrypt câtă vreme în modul %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "nu puteţi folosi --symmetric --sign --encrypt cu --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "nu puteţi folosi --symmetric --sign --encrypt câtă vreme în modul %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "trimitere server de chei eşuată: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "recepţie server de chei eşuată: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "export cheie eşuat: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "export cheie eşuat: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "căutare server de chei eşuată: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "actualizare server de chei eşuată: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "eliminarea armurii a eşuat: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "punerea armurii a eşuat: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Daţi-i drumul şi scrieţi mesajul ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "URL-ul politicii de certificare furnizat este invalid\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "URL-ul politicii de semnături furnizat este invalid\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
@@ -3695,7 +3564,7 @@ msgstr "ia cheile de pe acest inel de chei"
 msgid "make timestamp conflicts only a warning"
 msgstr "dă numai un avertisment la conflicte de timestamp"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|scrie informaţii de stare în acest FD"
 
@@ -3746,305 +3615,323 @@ msgstr "actualizează baza de date de încredere"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "nu este suportat(ă)"
+
+#: g10/import.c:184
+#, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "afişează amprenta cheii"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "afişează amprenta cheii"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "cheie secretă de nefolosit"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "afişează amprenta cheii"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "bloc de tip %d sărit\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu chei procesate până acum\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Număr total procesate: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      chei noi sărite: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      chei noi sărite: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "  fără ID-uri utilizator: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "               importate: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             neschimbate: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "   noi ID-uri utilizator: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "             noi subchei: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "           noi semnături: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "    noi revocări de chei: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "     chei secrete citite: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  chei secrete importate: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "chei secrete neschimbate: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "            ne importate: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "semnături create până acum: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "     chei secrete citite: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, fuzzy, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr "AVERTISMENT: cheia %s conţine preferinţe pentru indisponibil\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": preferinţă pentru algoritm de cifrare %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": preferinţă pentru algoritm de cifrare %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": preferinţă pentru algoritm rezumat %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": preferinţă pentru algoritm compresie %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 "este puternic sugerat să vă actualizaţi preferinţele şi re-distribuiţi\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "această cheie pentru a avita probleme potenţiale de ne-potrivire de "
 "algoritm\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "vă puteţi actualiza preferinţele cu: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "cheia %s: nici un ID utilizator\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s: %s\n"
 msgstr "sărită \"%s\": %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "cheia %s: subcheia HPK coruptă a fost reparată\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "cheia %s: am acceptat ID-ul utilizator ce nu e auto-semnat \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "cheia %s: nici un ID utilizator valid\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "aceasta poate fi cauzată de o auto-semnătură ce lipseşte\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "cheia %s: cheia publică nu a fost găsită: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "cheia %s: cheie nouă - sărită\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "n-am găsit nici un inel de chei ce poate fi scris: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "cheia %s: cheia publică \"%s\" importată\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "cheia %s: nu se potriveşte cu copia noastră\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "cheia %s: \"%s\" 1 nou ID utilizator\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "cheia %s: \"%s\" 1 nouă semnătură\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "cheia %s: \"%s\" %d noi semnături\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "cheia %s: \"%s\" 1 nouă subcheie\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "cheia %s: \"%s\" %d noi subchei\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "cheia %s: \"%s\" %d noi semnături\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "cheia %s: \"%s\" %d noi semnături\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "cheia %s: \"%s\" nu a fost schimbată\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "cheia %s: cheie secretă importată\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "sărită: cheia secretă deja prezentă\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
@@ -4057,203 +3944,210 @@ msgstr "eroare trimitere la `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key %s: %s\n"
 msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "importul de chei secrete nu este permis\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "cheia %s: cheie secretă cu cifru invalid %d - sărită\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Nici un motiv specificat"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Cheia este înlocuită"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Cheia a fost compromisă"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Cheia nu mai este folosită"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "ID utilizator nu mai este valid"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "motiv pentru revocare: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "comentariu revocare: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "cheia %s: nici o cheie publică - nu pot aplica certificatul de revocare\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "cheia %s: nu pot găsi keyblock-ul original: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "cheia %s: nu pot citi keyblock-ul original: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "cheia %s: certificat de revocare invalid: %s - respins\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "cheia %s: certificatul de revocare \"%s\" importat\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "cheia %s: nici un ID utilizator pentru semnătură\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "cheia %s: algoritm cu cheie publică nesuportat pentru ID-ul utilizator \"%s"
 "\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "cheia %s: auto-semnătură invalidă pentru ID-ul utilizator \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "cheia %s: algoritm cu cheie publică nesuportat\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "cheia %s: am adăugat semnătura de cheie directă\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "cheia %s: nici o subcheie pentru legarea cheii\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "cheia %s: legare subcheie invalidă\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "cheia %s: am şters multiple legături de subchei\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "cheia %s: nici o subcheie pentru revocare de cheie\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "cheia %s: revocare de subcheie invalidă\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "cheia %s: am şters multiple revocări de subcheie\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "cheia %s: am sărit ID-ul utilizator \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "cheia %s: am sărit subcheia\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "cheia %s: semnătura nu poate fi exportată (clasa 0x%02X) - sărită\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "cheia %s: certificat de revocare într-un loc greşit - sărit\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "cheia %s: certificat de revocare invalid: %s - sărit\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "cheia %s: semnătură subcheie într-un loc greşit - sărită\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "cheia %s: clasă de semnătură neaşteptată (0x%02X) - sărită\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "cheia %s: am detectat un ID utilizator duplicat - combinate\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "cheia %s: am detectat un ID utilizator duplicat - combinate\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "AVERTISMENT: cheia %s poate fi revocată: aduc revocarea cheii %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "AVERTISMENT: cheia %s poate fi revocată: cheia de revocare %s nu este "
 "prezentă.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "cheia %s: am adăugat certificatul de revocare \"%s\"\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "cheia %s: am adăugat semnătura de cheie directă\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
@@ -4276,20 +4170,20 @@ msgstr "semnătură %s, algoritm rezumat %s\n"
 msgid " (reordered signatures follow)"
 msgstr "revocă semnături"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s:\n"
 msgstr "sărită \"%s\": %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "ID utilizator \"%s\" a fost revocat."
 msgstr[1] "ID utilizator \"%s\" a fost revocat."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4297,7 +4191,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 semnătură nu a fost verificată din cauza unei chei lipsă\n"
 msgstr[1] "1 semnătură nu a fost verificată din cauza unei chei lipsă\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4305,54 +4199,49 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d semnături incorecte\n"
 msgstr[1] "%d semnături incorecte\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Semnătură bună din \"%s\""
 msgstr[1] "Semnătură bună din \"%s\""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "inelul de chei `%s' creat\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "inelul de chei `%s' creat\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 #| msgid "keyblock resource `%s': %s\n"
 msgid "keyblock resource '%s': %s\n"
 msgstr "resursă keyblock `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "eroare în `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "am eşuat să reconstruiesc cache-ul inelului de chei: %s\n"
@@ -4365,7 +4254,7 @@ msgstr "[revocare]"
 msgid "[self-signature]"
 msgstr "[auto-semnătură]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4376,12 +4265,12 @@ msgstr ""
 "pentru a verifica cheile altor utilizatori (folosind paşapoarte,\n"
 "verificând amprentele din diferite surse, etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Am o încredere marginală\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Am toată încrederea\n"
@@ -4413,13 +4302,13 @@ msgid "User ID \"%s\" is revoked."
 msgstr "ID utilizator \"%s\" a fost revocat."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 #, fuzzy
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Sunteţi sigur(ă) că doriţi să ştergeţi permanent? (d/N)"
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Nu pot semna.\n"
 
@@ -4596,198 +4485,202 @@ msgstr "Am verificat această cheie foarte atent.\n"
 msgid "Really sign? (y/N) "
 msgstr "Doriţi cu adevărat să semnaţi? (d/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "semnarea a eşuat: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Cheia are numai articole de cheie sau talon (stub) pe card - nici o frază "
 "parolă de schimbat.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "salvează şi termină"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "afişează amprenta cheii"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Notare semnătură: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "enumeră chei şi ID-uri utilizator"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "selectează ID utilizator N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "selectează subcheia N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "verifică semnături"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "semnează ID-urile utilizator selectate [* vezi mai jos pentru comenzi "
 "relevante]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "semnează ID-urile utilizatorilor selectaţi local"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "semnează ID-urile utilizatorilor selectaţi cu o semnătură de încredere"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "semnează ID-urile utilizatorilor selectaţi cu o semnătură irevocabilă"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "adaugă un ID utilizator"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "adaugă o poză ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "şterge ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "adaugă o subcheie"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "adaugă o cheie la un smartcard"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "mută o cheie pe un smartcard"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "mută o cheie de rezervă pe un smartcard"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "şterge subcheile selectate"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "adaugă o cheie de revocare"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "şterge semnăturile de pe ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "schimbă data de expirare pentru cheia sau subcheile selectate"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "marchează ID-ul utilizator selectat ca primar"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "enumeră preferinţele (expert)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "afişează preferinţele (detaliat)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "setează lista de preferinţe pentru ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "setează URL-ul serverului de chei preferat pentru ID-urile utilizator "
 "selectate"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "setează lista de preferinţe pentru ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "schimbă fraza-parolă"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "schimbă încrederea pentru proprietar"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "revocă semnăturile pentru ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "revocă ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "revocă cheia sau subcheile selectate"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "activează cheia"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "deactivează cheia"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "arată pozele pentru ID-urile utilizator selectate"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Cheia secretă este disponibilă.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Cheia secretă este disponibilă.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Aveţi nevoie de cheia secretă pentru a face aceasta.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 #, fuzzy
 #| msgid ""
 #| "* The `sign' command may be prefixed with an `l' for local signatures "
@@ -4806,305 +4699,310 @@ msgstr ""
 "  pentru semnături irevocabile (nrsign), sau orice combinaţie a acestora\n"
 "  (ltsign, tnrsign, etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Cheia este revocată."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Semnaţi într-adevăr toate ID-urile utilizator? (d/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Semnaţi într-adevăr toate ID-urile utilizator? (d/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Sugestie: Selectaţi ID-ul utilizator de semnat\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "Unknown signature type '%s'\n"
 msgstr "Tip de semnătură necunoscut `%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Această comandă nu este permisă în modul %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Trebuie mai întâi să selectaţi cel puţin un ID utilizator.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Nu puteţi şterge ultimul ID utilizator!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Ştergeţi într-adevăr toate ID-urile utilizator selectate? (d/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Ştergeţi într-adevăr acest ID utilizator? (d/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Mutaţi într-adevăr cheia primară? (d/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Trebuie să selectaţi exact o cheie.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Comanda aşteaptă un nume de fişier ca argument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 #| msgid "Can't open `%s': %s\n"
 msgid "Can't open '%s': %s\n"
 msgstr "Nu pot deschide `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 #| msgid "Error reading backup key from `%s': %s\n"
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Eroare citind cheia de rezervă de pe `%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Trebuie să selectaţi cel puţin o cheie.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Doriţi într-adevăr să ştergeţi cheile selectate? (d/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Doriţi într-adevăr să ştergeţi această cheie? (d/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 "Doriţi într-adevăr să revocaţi toate ID-urile utilizator selectate? (d/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Doriţi într-adevăr să revocaţi acest ID utilizator? (d/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Doriţi într-adevăr să revocaţi toată cheia? (d/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Doriţi într-adevăr să revocaţi subcheile selectate? (d/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Doriţi într-adevăr să revocaţi această subcheie? (d/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Încrederea proprietar nu poate fi setată când este folosită o bază de date "
 "de încredere furnizată de utilizator\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Setează lista de preferinţe ca:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Doriţi într-adevăr să actualizaţi preferinţele pentru ID-urile utilizator "
 "selectate? (d/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Doriţi într-adevăr să actualizaţi preferinţele? (d/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Salvaţi schimbările?  (d/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Terminaţi fără a salva?  (d/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Cheia nu a fost schimbată aşa că nici o actualizare a fost necesară.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Nu puteţi şterge ultimul ID utilizator!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "amprentă invalidă"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "am eşuat să stochez amprenta: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "valoare invalidă\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Nu există acest ID utilizator.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "Nothing to sign with key %s\n"
 msgid "Nothing to sign.\n"
 msgstr "Nimic de semnat cu cheia %s\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr ""
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "`%s' nu este expirare de semnătură validă\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "amprentă invalidă"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "cheia \"%s\" nu a fost găsită: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Rezumat: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Capabilităţi: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Server de chei no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Server de chei preferat: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notaţie:"
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Nu există nici o preferinţă pentru un ID utilizator stil PGP 2.x.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Această cheie a fost revocată pe %s de %s cheia %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Această cheie poate fi revocată de %s cheia %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr " (senzitiv)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "creată: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "revocată: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "expirată: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "expiră: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "folosire: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "nr-card: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "încredere: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "validitate: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Această cheie a fost deactivată"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5113,17 +5011,17 @@ msgstr ""
 "corectă dacă nu reporniţi programul.\n"
 
 #
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "revocată"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "expirată"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5133,18 +5031,18 @@ msgstr ""
 "              Această comandă poate cauza ca un alt ID utilizator\n"
 "              să devină ID-ul utilizator primar presupus.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Nu puteţi schimba data de expirare a unei chei v3\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5153,35 +5051,35 @@ msgstr ""
 "AVERTISMENT: Aceasta este o cheie stil PGP2.  Adăugarea unei poze ID poate\n"
 "         cauza unele versiuni de PGP să respingă această cheie.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Sunteţi încă sigur(ă) că doriţi să o adăugaţi? (d/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Nu puteţi adăuga o poză ID la o cheie stil PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Ştergeţi această semnătură bună? (d/N/t)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Ştergeţi această semnătură invalidă? (d/N/t)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Ştergeţi această semnătură necunoscută? (d/N/t)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Ştergeţi într-adevăr această auto-semnătură? (d/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5189,37 +5087,37 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Am şters %d semnături.\n"
 msgstr[1] "Am şters %d semnături.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nu am şters nimic.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "invalid(ă)"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "ID utilizator \"%s\" a fost revocat."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "ID utilizator \"%s\" a fost revocat."
 msgstr[1] "ID utilizator \"%s\" a fost revocat."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "ID-ul utilizator \"%s\": este deja curat.\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "ID-ul utilizator \"%s\": este deja curat.\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5229,43 +5127,43 @@ msgstr ""
 "             desemnat poate face ca unele versiuni de PGP să respingă "
 "cheia.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Nu puteţi adăuga un revocator desemnat la o cheie stil PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Introduceţi ID-ul utilizator al revocatorului desemnat: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "nu pot desemna o cheie stil PGP 2.x ca un revocator desemnat\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "nu puteţi desemna o cheie ca propriul său revocator desemnat\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "această cheie a fost deja desemnată ca un revocator\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "AVERTISMENT: desemnarea unei chei ca un revocator desemnat nu poate fi "
 "anulată!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Sunteţi sigur(ă) că doriţi să desemnaţi această cheie ca şi un revocator "
 "desemnat? (d/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5276,264 +5174,270 @@ msgstr ""
 "Sunteţi sigur(ă) că doriţi să desemnaţi această cheie ca şi un revocator "
 "desemnat? (d/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Schimb timpul de expirare pentru o subcheie.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Schimb timpul de expirare pentru cheia primară.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Nu puteţi schimba data de expirare a unei chei v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Schimb timpul de expirare pentru o subcheie.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Schimb timpul de expirare pentru cheia primară.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr ""
 "AVERTISMENT: subcheia de semnare %s nu este certificată reciproc (cross-"
 "certified)\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Vă rugăm selectaţi exact un ID utilizator.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "auto-semnătură v3 sărită pentru ID-ul utilizator \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Introduceţi URL-ul serverului de chei preferat: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Sunteţi sigur(ă) că doriţi să o folosiţi? (d/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Sunteţi sigur(ă) că doriţi să o folosiţi? (d/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Notare semnătură: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Suprascriu? (d/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Nici un ID utilizator cu indicele %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Nici un ID utilizator cu hash-ul %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Nici o subcheie cu indicele %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Nici o subcheie cu indicele %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "ID utilizator: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "semnată de cheia d-voastră %s la %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (non-exportabilă)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Această semnătură a expirat pe %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Sunteţi încă sigur(ă) că doriţi să o revocaţi? (d/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Creaţi un certificat de revocare pentru această semnătură? (d/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "AÅ£i semnat aceste ID-uri utilizator pe cheia %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (non-revocabilă)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "revocată de cheia d-voastră %s pe %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Sunteţi pe cale să revocaţi aceste semnături:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Doriţi într-adevăr să creaţi certificatele de revocare? (d/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "nici o cheie secretă\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, fuzzy, c-format
 #| msgid "revoke a user ID"
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "revocă un ID utilizator"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "ID-ul utilizator \"%s\" este deja revocat\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "AVERTISMENT: o semnătură ID utilizator este datată %d secunde în viitor\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Nu puteţi şterge ultimul ID utilizator!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Cheia %s este deja revocată.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Subcheia %s este deja revocată.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Afişez poza ID %s de dimensiune %ld pentru cheia %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "opţiuni enumerare invalide\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 #| msgid "preference `%s' duplicated\n"
 msgid "preference '%s' duplicated\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "prea multe preferinţe de cifrare\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "prea multe preferinţe de rezumat\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "prea multe preferinţe de compresie\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "prea multe preferinţe de cifrare\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 #| msgid "invalid item `%s' in preference string\n"
 msgid "invalid item '%s' in preference string\n"
 msgstr "articol invalid `%s' în şirul de preferinţe\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "scriu semnătură directă\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "scriu auto semnătură\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "scriu semnătură legată de cheie\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "lungime cheie invalidă; folosesc %u biţi\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "lungime cheie rotunjită la %u biţi\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Semnează"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Cifrează"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentifică"
 
@@ -5547,170 +5451,185 @@ msgstr "Autentifică"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsCcAaTt"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Acţiuni posibile pentru o cheie %s: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Acţiuni permise curent: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Comută capabilitatea de semnare\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Comută capabilitatea de cifrare\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Comută capabilitatea de autentificare\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Terminat\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA şi Elgamal (implicit)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA şi Elgamal (implicit)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (numai semnare)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (numai semnare)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (numai cifrare)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (numai cifrare)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (setează singur capabilităţile)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (setează singur capabilităţile)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA şi Elgamal (implicit)\n"
+#| msgid "   (%d) ElGamal (sign and encrypt)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ElGamal (semnare şi cifrare)\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr "(implicit)"
+
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (numai semnare)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (set your own capabilities)\n"
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (setează singur capabilităţile)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (numai cifrare)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (2) Cheie de cifrare\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (2) Cheie de cifrare\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Notare semnătură: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Nici o subcheie cu indicele %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: eroare citire înregistrare liberă: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "deactivează cheia"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "rotunjită prin adaos la %u biţi\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "cheile %s pot avea lungimea între %u şi %u biţi.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Ce lungime de cheie doriţi? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Lungimea cheii necesară este %u biţi\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Selectaţi ce fel de cheie doriţi:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5726,7 +5645,7 @@ msgstr ""
 "      <n>m = cheia expiră în n luni\n"
 "      <n>y = cheia expiră în n ani\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5742,38 +5661,38 @@ msgstr ""
 "      <n>m = semnătura expiră în n luni\n"
 "      <n>y = semnătura expiră în n ani\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Cheia este validă pentru? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Semnătura este validă pentru? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "valoare invalidă\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Cheia nu expiră deloc\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Semnătura nu expiră deloc\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Cheia expiră pe %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Semnătura expiră pe %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5781,11 +5700,11 @@ msgstr ""
 "Sistemul d-voastră nu poate afişa date după 2038.\n"
 "Totuşi, acestea vor fi corect mânuite până în 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Este aceasta corect? (d/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5796,7 +5715,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5813,50 +5732,50 @@ msgstr ""
 "    \"Popa Ioan (popică) <popa.ioan@compania.ro>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Nume real: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Caracter invalid în nume\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Numele nu poate începe cu o cifră\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Numele trebuie să fie de cel puţin 5 caractere\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Adresă de email: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Nu este o adresă de email validă\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Comentariu: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Caracter invalid în comentariu\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Folosiţi setul de caractere `%s'\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5867,7 +5786,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Vă rugăm nu puneţi adresa de email în numele real sau comentariu\n"
 
@@ -5882,35 +5801,35 @@ msgstr "Vă rugăm nu puneţi adresa de email în numele real sau comentariu\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoTt"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Schimbă (N)ume, (C)omentariu, (E)mail sau (T)Termină? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Schimbă (N)ume, (C)omentariu, (E)mail sau (O)K/(T)Termină? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Schimbă (N)ume, (C)omentariu, (E)mail sau (T)Termină? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Schimbă (N)ume, (C)omentariu, (E)mail sau (O)K/(T)Termină? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Vă rugăm corectaţi mai întâi eroarea\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5922,13 +5841,13 @@ msgstr ""
 "în timpul generării numerelor prime; aceasta dă o şansă generatorului de\n"
 "numere aleatoare o şansă mai bună de a aduna destulă entropie.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Generarea cheii a eşuat: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5936,72 +5855,72 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 #| msgid "key already exists\n"
 msgid "A key for \"%s\" already exists\n"
 msgstr "cheia există deja\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Create anyway? "
 msgid "Create anyway? (y/N) "
 msgstr "Creaţi oricum? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "Create anyway? "
 msgid "creating anyway\n"
 msgstr "Creaţi oricum? "
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Generarea cheii a fost anulată.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 #| msgid "can't create backup file `%s': %s\n"
 msgid "can't create backup file '%s': %s\n"
 msgstr "nu pot crea fişier de rezervă `%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 #| msgid "NOTE: backup of card key saved to `%s'\n"
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "NOTĂ: copia de siguranţa a cheii cardului salvată la `%s'\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "scriu cheia publică în `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "nu am găsit nici un inel de chei public de scris: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "eroare la scrierea inelului de chei public `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "cheile secretă şi publică au fost create şi semnate.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -6011,7 +5930,7 @@ msgstr ""
 "să folosiţi comanda \"--edit-key\" pentru a genera o subcheie secundară\n"
 "pentru acest scop.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -6019,7 +5938,7 @@ msgstr ""
 "cheia a fost creată %lu secundă în viitor (warp în timp sau probleme cu "
 "ceasul)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6027,51 +5946,51 @@ msgstr ""
 "cheia a fost creată %lu secunde în viitor (warp în timp sau probleme cu "
 "ceasul)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "NOTĂ: crearea de subchei pentru chei v3 nu este conform OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Părţile secrete ale cheii primare nu sunt disponibile.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Părţi secrete ale cheii primare sunt stacate pe card.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Creaţi într-adevăr? (d/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "niciodată "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Politică de semnături critică: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Politică de semnături: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Server de chei preferat critic: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Notare semnătură critică: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Notare semnătură: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6079,7 +5998,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d semnături incorecte\n"
 msgstr[1] "%d semnături incorecte\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6087,50 +6006,50 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 semnătură nu a fost verificată din cauza unei erori\n"
 msgstr[1] "1 semnătură nu a fost verificată din cauza unei erori\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Inel de chei"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Amprentă cheie primară:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Amprentă subcheie:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Amprentă cheie primară:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Amprentă subcheie:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Amprentă cheie ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Card nr. serie ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 #| msgid "caching keyring `%s'\n"
 msgid "caching keyring '%s'\n"
 msgstr "pun în cache inelul de chei `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
@@ -6138,14 +6057,14 @@ msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu chei puse în cache până acum (%lu semnături)\n"
 msgstr[1] "%lu chei puse în cache până acum (%lu semnături)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6153,59 +6072,55 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 semnătură incorectă\n"
 msgstr[1] "1 semnătură incorectă\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: inelul de chei creat\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "Introduceţi URL-ul serverului de chei preferat: "
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "deactivat(ă)"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Introduceţi număr/numere, N)ext (următor), sau Q)uit (termină) > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "protocol server de chei invalid (us %d!=handler %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" nu este un ID de cheie: sărit\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
@@ -6213,454 +6128,462 @@ msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "reactualizez %d chei de la %s\n"
 msgstr[1] "reactualizez %d chei de la %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "cheia \"%s\" nu a fost găsită pe serverul de chei\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "cheia nu a fost găsită pe serverul de chei\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "cer cheia %s de la serverul %s %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "cer cheia %s de la %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
 msgstr "nici o acţiune pentru serverul de chei!\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "sărită \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "trimit cheia %s lui %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 #| msgid "requesting key %s from %s\n"
 msgid "requesting key from '%s'\n"
 msgstr "cer cheia %s de la %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "dimensiune ciudată pentru o cheie de sesiune cifrată (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s cheie de sesiune cifrată\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "cifrat cu un algoritm necunoscut %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "fraza-parolă generată cu un algoritm rezumat necunoscut %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "cheia publică este %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "date cigrate cu cheie publică: DEK bun\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "cifrat cu cheia %u-bit %s, ID %s, creată %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "cifrat cu cheia %s, ID %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "decriptarea cu cheie publică a eşuat: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "cifrată cu %lu fraze-parolă\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "cifrată cu 1 frază-parolă\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
 #, c-format
-msgid "assuming %s encrypted data\n"
-msgstr "presupunem date cifrate %s\n"
+msgid "public key decryption failed: %s\n"
+msgstr "decriptarea cu cheie publică a eşuat: %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:613
 #, c-format
-msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
-msgstr "cifru IDEA indisponibil, vom încerca să folosim %s în loc\n"
-
-#: g10/mainproc.c:839 g10/mainproc.c:883
+msgid "public key encrypted data: good DEK\n"
+msgstr "date cigrate cu cheie publică: DEK bun\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "presupunem date cifrate %s\n"
+
+#: g10/mainproc.c:649
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "cifru IDEA indisponibil, vom încerca să folosim %s în loc\n"
+
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "AVERTISMENT: mesajul nu a avut integritatea protejată\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "decriptarea a eşuat: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "decriptare OK\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "AVERTISMENT: mesajul cifrat a fost manipulat!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "decriptarea a eşuat: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "NOTĂ: expeditorul a cerut \"doar-pentru-ochii-d-voastră\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "nume fişier original='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "revocare standalone - folosiţi \"gpg --import\" pentru a aplica\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Semnătură bună din \"%s\""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "Semnătură INCORECTĂ din \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Semnătură expirată din \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Semnătură bună din \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verificare semnătură eliminată\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "nu pot mânui aceste semnături multiple\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Semnătură făcută %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               folosind cheia %s %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Semnătură făcută %s folosind cheia %s cu ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "                aka \"%s\""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Cheie disponibilă la: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[nesigur]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                aka \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "AVERTISMENT: Această cheie nu este certificată de o semnătură de încredere!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Semnătură expirată %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Semnătura expiră %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "semnătură %s, algoritm rezumat %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binar"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "modtext"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "necunoscut"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "algoritm pubkey necunoscut"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Nu pot verifica semnătura: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "nu o semnătură detaşată\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "AVERTISMENT: am detectat multiple semnături.  Numai prima va fi verificată.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "semnătură de sine stătătoare (standalone) de clasă 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "semnătură de stil vechi (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 #| msgid "fstat of `%s' failed in %s: %s\n"
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat pentru `%s' a eşuat în %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) a eşuat în %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "AVERTISMENT: folosesc algoritmul cu cheie publică experimental %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "AVERTISMENT: algoritmul rezumat %s este prea vechi (deprecated)\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "AVERTISMENT: folosesc algoritmul de cifrare experimental %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "AVERTISMENT: folosesc algoritmul rezumat experimental %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "AVERTISMENT: algoritmul rezumat %s este prea vechi (deprecated)\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "semnătură %s, algoritm rezumat %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "semnătură %s, algoritm rezumat %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s)\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: opţiune învechită \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "vă rugăm folosiţi \"%s%s\" în loc\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "AVERTISMENT: \"%s\" este o comandă învechită - nu o folosiţi\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Necompresat"
 
 #
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "necompresat|niciunul"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "acest mesaj s-ar putea să nu poată fi folosit de %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 #| msgid "ambiguous option `%s'\n"
 msgid "ambiguous option '%s'\n"
 msgstr "opţiune ambiguă `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown option '%s'\n"
 msgstr "opţiune necunoscută `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6685,101 +6608,91 @@ msgstr "%s: sufix necunoscut\n"
 msgid "Enter new filename"
 msgstr "Introduceţi un nou nume-fişier"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "scriu la stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "presupun date semnate în `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "nu pot mânui algoritmul cu cheie publică %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "AVERTISMENT: cheie de sesiune cifrată simetric potenţial nesigură "
 "(insecure)\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Notare semnătură critică: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "subpachetul de tip %d are bitul critic setat\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problemă cu agentul: agentul returnează 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "schimbă fraza-parolă"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Introduceţi fraza-parolă\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "anulată de utilizator\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ID cheie principală %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr ""
 "Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Doriţi într-adevăr să ştergeţi cheile selectate? (d/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Doriţi într-adevăr să ştergeţi cheile selectate? (d/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 #| msgid "%u-bit %s key, ID %s, created %s"
 msgid ""
@@ -6790,7 +6703,7 @@ msgid ""
 "%s"
 msgstr "cheia %u-bit %s, ID %s, creată %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6806,36 +6719,84 @@ msgstr ""
 "foarte largă!\n"
 "Încercaţi să folosiţi o imagine de aproximativ 240x288 pixeli.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Introduceţi nume-fişier JPEG pentru poză ID: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 #| msgid "unable to open JPEG file `%s': %s\n"
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "nu pot deschide fişierul JPEG `%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Acest JPEG este foarte mare (%d octeţi) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Sunteţi sigur(ă) că doriţi să îl folosiţi? (d/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 #| msgid "`%s' is not a JPEG file\n"
 msgid "'%s' is not a JPEG file\n"
 msgstr "`%s' nu este un fişier JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Este această poză corectă (d/N/t)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "nu este suportată execuţia nici unui program la distanţă\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"această platformă necesită fişiere temporare când sunt chemate programe "
+"externe\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+#| msgid "unable to execute shell `%s': %s\n"
+msgid "unable to execute shell '%s': %s\n"
+msgstr "nu pot executa shell-ul `%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "ieşire nenaturală a programului extern\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "eroare de sistem la chemarea programului extern: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "AVERTISMENT: nu pot şterge fişierul temporar (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "AVERTISMENT: nu pot şterge directorul temporar `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"chemarea programelor externe sunt deactivate datorită opţiunilor nesigure "
+"pentru permisiunile fişierului\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "nu pot afişa poza ID!\n"
@@ -6850,54 +6811,54 @@ msgstr "nu pot afişa poza ID!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMtTsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Nici o valoare de încredere atribuită lui:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  aka \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Cât de mult credeţi că această cheie aparţine într-adevăr utilizatorului "
 "numit?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Nu ştiu sau nu vreau să mă pronunţ\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = NU am încredere\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Am încredere supremă\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = înapoi la meniul principal\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = sări peste cheia asta\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  t = termină\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6906,49 +6867,49 @@ msgstr ""
 "Nivelul minim de încredere pentru această cheie este: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Decizia d-voastră? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr ""
 "Doriţi într-adevăr să setaţi această cheie cu încredere supremă? (d/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certificatele ce conduc la o cheie cu încredere supremă:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Nu există nici o indicaţie că această cheie aparţine într-adevăr "
 "utilizatorului numit\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Nu există nici o indicaţie că această cheie aparţine într-adevăr "
 "utilizatorului numit\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Această cheie aparţine probabil utilizatorului numit\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Această cheie ne aparţine\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -6963,7 +6924,7 @@ msgstr ""
 "utilizator.  Dacă ştiţi *cu adevărat* ce faceţi, puteţi\n"
 "răspunde cu da la următoarea întrebare.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6973,96 +6934,116 @@ msgstr ""
 "utilizator.  Dacă ştiţi *cu adevărat* ce faceţi, puteţi\n"
 "răspunde cu da la următoarea întrebare.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Folosiţi oricum această cheie? (d/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "AVERTISMENT: Folosiţi o cheie fără încredere!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "AVERTISMENT: această cheie poate fi revocată (cheia de revocare nu este "
 "prezentă)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "ID utilizator: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "cheia %s: nu se potriveşte cu copia noastră\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "AVERTISMENT: Această cheie a fost revocată revocatorul desemnat!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "AVERTISMENT: Această cheie a fost revocată de proprietarul ei!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Aceasta ar putea însemna că semnătura e falsificată.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "AVERTISMENT: Această cheie a fost revocată de proprietarul ei!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Notă: Această cheie a fost deactivată.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Notă: Această cheie a expirat!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr ""
+"AVERTISMENT: Această cheie nu este certificată de o semnătură de încredere!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr ""
 "AVERTISMENT: Această cheie nu este certificată de o semnătură de încredere!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Nu există nici o indicaţie că semnătura aparţine proprietarului.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "AVERTISMENT: Noi NU avem încredere în această cheie!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Semnătura este probabil un FALS.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"AVERTISMENT: Această cheie nu este certificată cu suficiente semnături de "
+"încredere!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7070,51 +7051,51 @@ msgstr ""
 "AVERTISMENT: Această cheie nu este certificată cu suficiente semnături de "
 "încredere!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Nu este sigur că semnătura aparţine proprietarului.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: sărită: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: sărită: cheia publică este deactivată\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: sărită: cheia publică este deja prezentă\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "nu mă pot conecta la `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Nu aţi specificat un ID utilizator. (puteţi folosi \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Destinatari curenţi:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7122,40 +7103,40 @@ msgstr ""
 "\n"
 "Introduceţi ID-ul utilizator.  Terminaţi cu o linie nouă: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Nu există acest ID utilizator.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "sărită: cheia publică setată deja ca destinatar implicit\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Cheia publică este deactivată.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "sărită: cheia publică setată deja\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "destinatar implicit necunoscut \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "nici un destinatar valid\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "cheia %s nu are nici un ID utilizator\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "cheia %s nu are nici un ID utilizator\n"
@@ -7166,81 +7147,86 @@ msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
 "datele nu au fost salvate: folosiţi opţiunea \"--output\" pentru a le salva\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Semnătură detaşată.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Vă rugăm introduceţi numele fişierului de date: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "citesc stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "nici o dată semnată\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "nu pot deschide date semnate `%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "nu pot deschide date semnate `%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "cheia %s nu are nici un ID utilizator\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "destinator anonim; încerc cheia secretă %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "cheia %s nu are nici un ID utilizator\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "OK, noi suntem destinatarul anonim.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "vechea encodare a lui DEK nu este suportată\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "algoritm cifrare %d%s este necunoscut sau deactivat\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "AVERTISMENT: algoritm cifrare %s nu a fost găsit în preferinţele "
 "destinatarului\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 #| msgid "NOTE: secret key %s expired at %s\n"
 msgid "Note: secret key %s expired at %s\n"
 msgstr "NOTĂ: cheia secretă %s a expirat la %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "NOTĂ: cheia a fost revocată"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet a eşuat: %s\n"
@@ -7258,48 +7244,48 @@ msgstr "Pentru a fi revocat de:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Aceasta este o cheie de revocare senzitivă)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Cheia secretă este disponibilă.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Creaţi un certificat de revocare desemnat pentru această cheie? (d/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Ieşire în armură ASCII forţată.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet a eşuat: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "nici o cheie de revocare găsită pentru \"%s\"\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 #| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Creaţi un certificat de revocare pentru această cheie? (d/N) "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7308,20 +7294,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7335,17 +7321,17 @@ msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Creaţi un certificat de revocare pentru această cheie? (d/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7363,37 +7349,37 @@ msgstr ""
 "caz că mediumul este deteriorat.  Dar fiţi atent: sistemul de tipărire al\n"
 "maşinii d-voastră ar putea păstra datele şi să le facă accesibile altora!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Vă rugăm selectaţi motivul pentru revocare:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Renunţă"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Probabil doriţi să selectaţi %d aici)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Introduceţi o descriere opţională; terminaţi cu o linie goală:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Motiv pentru revocare: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Nici o descriere dată)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Este aceasta OK? (d/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "cheie slabă creată - reîncerc\n"
@@ -7403,52 +7389,47 @@ msgstr "cheie slabă creată - reîncerc\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "nu pot evita cheie slabă pentru cifru simetric; am încercat %d ori!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVERTISMENT: conflict pentru rezumat semnătură în mesaj\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "nu puteţi folosi %s câtă vreme în modul %s\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "AVERTISMENT: conflict pentru rezumat semnătură în mesaj\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr ""
 "AVERTISMENT: subcheia de semnare %s nu este certificată reciproc (cross-"
 "certified)\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = arată-mi mai multe informaţii\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "AVERTISMENT: subcheia de semnare %s are o certificare-reciprocă invalidă "
 "(invalid cross-certification)\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
@@ -7456,7 +7437,7 @@ msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "cheie publică %s este mai nouă cu %lu secundă decât semnătura\n"
 msgstr[1] "cheie publică %s este mai nouă cu %lu secundă decât semnătura\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
@@ -7464,7 +7445,7 @@ msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "cheie publică %s este mai nouă cu %lu secundă decât semnătura\n"
 msgstr[1] "cheie publică %s este mai nouă cu %lu secundă decât semnătura\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7479,7 +7460,7 @@ msgstr[1] ""
 "cheia %s a fost creată %lu secundă în viitor (warp în timp sau probleme cu "
 "ceasul)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7493,53 +7474,53 @@ msgstr[1] ""
 "cheia %s a fost creată %lu secundă în viitor (warp în timp sau probleme cu "
 "ceasul)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s expired %s\n"
 msgid "Note: signature key %s expired %s\n"
 msgstr "NOTĂ: cheia semnăturii %s a expirat %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "NOTĂ: cheia a fost revocată"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "semnătură de sine stătătoare (standalone) de clasă 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "semnătură de sine stătătoare (standalone) de clasă 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "presupun semnătură incorectă din cheia %s datorită unui bit critic "
 "necunoscut\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "cheia %s: nici o subcheie pentru semnătura de revocare a subcheii\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "cheia %s: nici o subcheie pentru semnătura legată de subcheie\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "AVERTISMENT: nu pot %%-expanda notarea (prea mare).  Folosesc neexpandat.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7547,7 +7528,7 @@ msgstr ""
 "AVERTISMENT: nu pot %%-expanda URL-ul de politici (prea mare).  Îl folosesc "
 "neexpandat.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7556,12 +7537,12 @@ msgstr ""
 "AVERTISMENT: nu pot %%-expanda URL-ul serverului de chei (prea mare).  Îl "
 "folosesc neexpandat.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s semnătură de la: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7569,38 +7550,39 @@ msgstr ""
 "AVERTISMENT: forţarea algoritmului rezumat %s (%d) violează preferinţele "
 "destinatarului\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "semnare:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "va fi folosită cifrarea %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "cheia nu este marcată ca sigură - nu o pot folosi cu GNA falsificat!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "sărită \"%s\": duplicată\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "sărită: cheia secretă deja prezentă\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "aceasta este o cheie ElGamal generată de PGP care nu e sigură pentru "
 "semnături!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "înregistrare încredere %lu, tip %d: scrierea a eşuat: %s\n"
@@ -7614,46 +7596,46 @@ msgstr ""
 "# Listă cu valori de încredere atribuite, creată %s\n"
 "# (Folosiţi \"gpg --import-ownertrust\" pentru a le reface)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error in '%s': %s\n"
 msgstr "eroare în `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "linie prea lungă"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "caracter : lipsă"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "amprentă invalidă"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "lipseşte valorea încrederii în proprietari (ownertrust)"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 #| msgid "error finding trust record in `%s': %s\n"
 msgid "error finding trust record in '%s': %s\n"
 msgstr "eroare găsire înregistrare încredere în `%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "read error in '%s': %s\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: sincronizarea a eşuat: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 #| msgid "can't create lock for `%s'\n"
 msgid "can't create lock for '%s'\n"
@@ -7665,12 +7647,12 @@ msgstr "nu pot crea încuietoare (lock) pentru `%s'\n"
 msgid "can't lock '%s'\n"
 msgstr "nu pot încuia (lock) `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "trustdb rec %lu: lseek a eşuat: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "trustdb rec %lu: scrierea a eşuat (n=%d): %s\n"
@@ -7685,7 +7667,7 @@ msgstr "tranzacţia trustdb prea mare\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: directorul nu există!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't access '%s': %s\n"
@@ -7728,7 +7710,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: eroare actualizare înregistrare versiune: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: eroare citire înregistrare versiune: %s\n"
@@ -7738,52 +7720,52 @@ msgstr "%s: eroare citire înregistrare versiune: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: eroare scriere înregistrare versiune: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: lseek a eşuat: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: citirea a eşuat (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: nu e un fişier trustdb\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: înregistrare versiune cu recnum %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: versiune fişier invalidă %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: eroare citire înregistrare liberă: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: eroare scriere înregistrare dir: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: eroare setere la zero a înregistrării: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: adăugarea unei înregistrări a eşuat: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: a fost creat trustdb\n"
@@ -7825,10 +7807,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
@@ -7850,7 +7832,7 @@ msgstr "%s: eroare scriere înregistrare dir: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "eroare în `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
@@ -8023,111 +8005,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "eroare la crearea frazei-parolă: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Am şters %d semnături.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "cifrată cu %lu fraze-parolă\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Politica: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8144,112 +8126,112 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' nu este un ID-cheie de lungime validă\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "cheia %s: acceptată ca cheie de încredere\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "cheia %s apare de mai multe ori în trustdb\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "cheia %s: nici o cheie publică pentru cheia de încredere - sărită\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "cheia %s marcată ca având încredere supremă\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "înregistrare încredere %lu, tip req %d: citirea a eşuat: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "înregistrare încredere %lu nu este de tipul cerut %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "nu pot folosi model de încredere (%d) - presupun model de încredere %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "folosesc model de încredere %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "nu e nevoie de o verificare trustdb\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "următoarea verificare trustdb programată pe %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 #| msgid "no need for a trustdb check with `%s' trust model\n"
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "nu e nevoie de o verificare trustdb cu modelul de încredere `%s'\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 #| msgid "no need for a trustdb update with `%s' trust model\n"
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "nu e nevoie de o actualizare trustdb cu modelul de încredere `%s'\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "cheia publică %s nu a fost găsită: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "vă rugăm faceţi un --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "verific trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
@@ -8257,7 +8239,7 @@ msgid_plural "%d keys processed"
 msgstr[0] "%lu chei procesate până acum\n"
 msgstr[1] "%lu chei procesate până acum\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8265,46 +8247,46 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d chei procesate (%d numărători valide anulate)\n"
 msgstr[1] "%d chei procesate (%d numărători valide anulate)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "nu am găsit nici o cheie cu încredere supremă\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "cheia publică a cheii cu încredere supremă %s nu a fost găsită\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "adânc: %d  valid: %3d  semnat: %3d  încredere: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "nu pot actualiza înregistrare versiunii trustdb: scrierea a eşuat: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "nedefinită"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "niciodată"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginal"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "deplină"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "supremă"
 
@@ -8316,43 +8298,43 @@ msgstr "supremă"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 #, fuzzy
 #| msgid "10 translator see trustdb.c:uid_trust_string_fixed"
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10 traducător vezi trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[revocată]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[expirată] "
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[necunoscută]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[  nedef ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never"
 msgid "[  never ]"
 msgstr "niciodată"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[marginal]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[ deplină]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ supremă]"
 
@@ -8377,20 +8359,32 @@ msgstr "linia de intrare %u prea lungă sau lipseşte LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "nu pot deschide `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "AVERTISMENT: mesajul nu a avut integritatea protejată\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option `%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "opţiune ambiguă `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8400,129 +8394,228 @@ msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "apelul PIN a returnat eroare: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "cheia există deja\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "cheia existentă va fi înlocuită\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "generez o nouă cheie\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "generez o nouă cheie\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "am eşuat să stochez cheia: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "răspunsul nu conţine modulul RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "răspunsul nu conţine exponentul public RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public key\n"
+msgstr "răspunsul nu conţine exponentul public RSA\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "vă rugăm aşteptaţi câtă vreme este creată noua cheie ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "generarea cheii a eşuat\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "generarea cheii este completă (%d secunde)\n"
+msgstr[1] "generarea cheii este completă (%d secunde)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "răspunsul nu conţine datele cheii publice\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "modulus-ul RSA lipseşte sau nu are %d biţi\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, fuzzy, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "exponentul public RSA lipseşte sau are mai mult de %d biţi\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "apelul PIN a returnat eroare: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Notă: Această cheie a fost deactivată.\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "am eşuat să stochez amprenta: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "am eşuat să stochez data creării: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "eroare la recuperarea stării CHV de pe card\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "răspunsul nu conţine modulul RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "răspunsul nu conţine exponentul public RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the RSA public exponent\n"
-msgid "response does not contain the EC public key\n"
-msgstr "răspunsul nu conţine exponentul public RSA\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "răspunsul nu conţine datele cheii publice\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "citirea cheii publice a eşuat: %s\n"
@@ -8530,43 +8623,43 @@ msgstr "citirea cheii publice a eşuat: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "verificarea CHV%d a eşuat: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "cardul este încuiat permanent!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8577,22 +8670,22 @@ msgstr[0] ""
 msgstr[1] ""
 "%d încercări PIN Admin rămase înainte de a încuia cardul permanent\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "accesul la comenzile de administrare nu este configurată\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, fuzzy, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
@@ -8600,125 +8693,82 @@ msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|PIN Admin Nou"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|PIN Nou"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "eroare la citirea datelor aplicaţiei\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "eroare la citirea amprentei DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "cheia există deja\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "cheia existentă va fi înlocuită\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "generez o nouă cheie\n"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "generez o nouă cheie\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "timestamp-ul de creare lipseşte\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "prime-ul RSA %s lipseşte sau nu are %d biţi\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "am eşuat să stochez cheia: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "URI nesuportat"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "vă rugăm aşteptaţi câtă vreme este creată noua cheie ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "generarea cheii a eşuat\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "generarea cheii este completă (%d secunde)\n"
-msgstr[1] "generarea cheii este completă (%d secunde)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "structură invalidă a cardului OpenPGP (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "semnătură %s, algoritm rezumat %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "semnături create până acum: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 "verificarea PIN-ului Admin este deocamdată interzisă prin această comandă\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "nu pot accesa %s - card OpenPGP invalid?\n"
@@ -8731,102 +8781,100 @@ msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 #, fuzzy
 msgid "|N|Initial New PIN"
 msgstr "|N|PIN Nou"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NUME|foloseşte NUME ca destinatar implicit"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NUME|foloseşte NUME ca destinatar implicit"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "nu folosi deloc terminalul"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "arată comenzi administrare"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "ajutor"
@@ -8860,7 +8908,7 @@ msgstr "exportul cheilor secrete nu este permis\n"
 msgid "certificate policy not allowed"
 msgstr "exportul cheilor secrete nu este permis\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "am eşuat să stochez amprenta: %s\n"
@@ -8875,7 +8923,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8896,240 +8944,240 @@ msgstr "eroare la obţinerea numărului serial: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "citirea cheii publice a eşuat: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "am eşuat să stochez cheia: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "NOTĂ: cheia a fost revocată"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "exportul cheilor secrete nu este permis\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Această cheie a expirat!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Această cheie a expirat!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Această cheie a expirat!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Această cheie a expirat!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "semnături create până acum: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Certificat de revocare creat.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "certificat incorect"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, fuzzy, c-format
 msgid "  (     issuer valid from "
 msgstr "      Card nr. serie ="
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "Amprenta CA: "
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "generează un certificat de revocare"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verifică o semnătură"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "certificat incorect"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "neforţat(ă)"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "nu"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "Eroare: răspuns invalid.\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "Eroare: răspuns invalid.\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9143,178 +9191,188 @@ msgstr ""
 "\"%.*s\"\n"
 "cheia %u-bit %s, ID %s, creată %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "certificat incorect"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Nu este o adresă de email validă\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 #| msgid "key %s: invalid subkey binding\n"
 msgid "line %d: invalid subject-key-id\n"
 msgstr "cheia %s: legare subcheie invalidă\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "eroare la crearea inelului de chei `%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Generarea cheii a eşuat: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (2) Cheie de cifrare\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, fuzzy, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Acţiuni posibile pentru o cheie %s: "
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (semnare şi cifrare)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (numai semnare)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (numai cifrare)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Nici o descriere dată)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "algoritm hash invalid `%s'\n"
@@ -9324,265 +9382,259 @@ msgstr "algoritm hash invalid `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "algoritm hash invalid `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "Adresă de email: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Introduceţi ID-ul utilizator.  Terminaţi cu o linie nouă: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Introduceţi un nou nume-fişier"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Introduceţi o descriere opţională; terminaţi cu o linie goală:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 #, fuzzy
 msgid "Enter URIs"
 msgstr "Introduceţi PIN: "
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 #| msgid "Create a designated revocation certificate for this key? (y/N) "
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Creaţi un certificat de revocare desemnat pentru această cheie? (d/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "eroare la crearea frazei-parolă: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Certificat de revocare creat.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s date cifrate\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "cifrat cu cheia %s, ID %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "eroare la citire keyblock: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Nici o descriere dată)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "enumeră chei secrete"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "certificat incorect"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "certificat incorect"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "certificat incorect"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 #, fuzzy
 msgid "register a smartcard"
 msgstr "adaugă o cheie la un smartcard"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "nu folosi deloc terminalul"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "crează ieşire în armură ascii"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|NUME|foloseşte NUME ca cheie secretă implicită"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "adaugă acest inel de chei la lista inelelor de chei"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|foloseşte acest server de chei pentru a căuta chei"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NUME|foloseşte algoritm cifrare NUME pentru fraza-parolă"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NUME|foloseşte algoritm cifrare NUME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NUME|foloseşte algoritm rezumat mesaj NUME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "modul batch: nu întreba niciodată"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "presupune da la cele mai multe întrebări"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "presupune nu la cele mai multe întrebări"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9593,87 +9645,123 @@ msgstr ""
 "sign, check, encrypt sau decrypt\n"
 "operaţiunea implicită depinde de datele de intrare\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "nu mă pot conecta la `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "opţiune necunoscută `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Nici o descriere dată)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "  s = sări peste cheia asta\n"
+
+#
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "nu am putut interpreta URL-ul serverului de chei\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "nu pot accesa `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Număr total procesate: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "generează un certificat de revocare"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent nu este disponibil în această sesiune\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "eroare în `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? probleme la verificare revocării: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9682,17 +9770,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "Eroare: amprentă formatată invalid.\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "Eroare: amprentă formatată invalid.\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9703,14 +9791,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9718,53 +9806,59 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "algoritm de protecţie %d%s nu este suportat\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "verificarea semnăturii create a eşuat: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Semnătură făcută %s folosind cheia %s cu ID %s\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Semnătură făcută %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "validitate: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Semnătură bună din \"%s\""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                aka \"%s\""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr "Aceasta va fi o auto-semnătură.\n"
@@ -9789,102 +9883,102 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "nu pot crea `%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "Amprenta CA: "
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "certificat incorect"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Certificat de revocare creat.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "amprentă invalidă"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "generează un certificat de revocare"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
@@ -10418,64 +10512,64 @@ msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Certificat de revocare creat.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "certificat incorect"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "certificat incorect"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "certificat incorect"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "certificat incorect"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Introduceţi ID-ul utilizator al revocatorului desemnat: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10483,229 +10577,224 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "nu mă pot conecta la `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "actualizarea a eşuat: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "preferinţa `%s' duplicată\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "NOTĂ: cheia a fost revocată"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "nu pot obţine statistici `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "eroare la scrierea inelului de chei secret `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Algoritmuri suportate:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
 #
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "nu am putut interpreta URL-ul serverului de chei\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|HOST|foloseşte acest server de chei pentru a căuta chei"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
 #
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "nu am putut interpreta URL-ul serverului de chei\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10718,131 +10807,329 @@ msgstr ""
 "@\n"
 "(Arată pagina man pentru o listă completă a comenzilor şi opţiunilor)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "folosire: gpg [opţiuni] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s nu este permis cu %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "linie prea lungă"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "amprentă invalidă"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "%s:%u: read error: %s\n"
 msgstr "eroare citire în `%s': %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 #| msgid "not forced"
 msgid "shutdown forced\n"
 msgstr "neforţat(ă)"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NUME|setează charset-ul pentru terminal ca NUME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NUME|foloseşte NUME ca destinatar implicit"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "opţiuni import invalide\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "citesc din `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "  fără ID-uri utilizator: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          pass '%s'\n"
+msgstr "                aka \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          host '%s'\n"
+msgstr "  fără ID-uri utilizator: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "            ne importate: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "            DN '%s'\n"
+msgstr "                aka \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          attr '%s'\n"
+msgstr "                aka \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Nici o descriere dată)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "AVERTISMENT: este folosită memorie neprotejată (insecure)!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "eliminarea armurii a eşuat: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+#| msgid "`%s' is not a JPEG file\n"
+msgid "'%s' is not an LDAP URL\n"
+msgstr "`%s' nu este un fişier JPEG\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "eroare la citire `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 #| msgid "too many cipher preferences\n"
 msgid "too many redirections\n"
 msgstr "prea multe preferinţe de cifrare\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "scriu în `%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "eroare la citire `%s': %s\n"
@@ -10872,53 +11159,32 @@ msgstr "actualizarea a eşuat: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 #| msgid "sending key %s to %s server %s\n"
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "trimit cheia %s serverului %s %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
-msgid "'%s' is not an LDAP URL\n"
-msgstr "`%s' nu este un fişier JPEG\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "  s = sări peste cheia asta\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -11007,94 +11273,94 @@ msgstr "verificarea semnăturii create a eşuat: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "citirea cheii publice a eşuat: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 #| msgid "error getting new PIN: %s\n"
 msgid "error getting responder ID: %s\n"
 msgstr "eroare la obţinere noului PIN: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "generează un certificat de revocare"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "am eşuat să stochez cheia: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "nici un inel de chei secrete implicit: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "folosesc cifrul %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "NOTĂ: cheia a fost revocată"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11104,69 +11370,73 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "semnarea a eşuat: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "semnarea a eşuat: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "stergere keyblock a eşuat: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "nu pot crea fişier de rezervă `%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: am eşuat să creez hashtable: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "am eşuat să iniţializez TrustDB:%s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 #| msgid "failed to store the creation date: %s\n"
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "am eşuat să stochez data creării: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11212,252 +11482,271 @@ msgstr "preferinţa `%s' duplicată\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "termină"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "citirea cheii publice a eşuat: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "linie prea lungă"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "opţiune necunoscută `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "semnarea a eşuat: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent nu este disponibil în această sesiune\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "eroare trimitere la `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "cheia publică este %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "eroare reţea"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "frază-parolă incorectă"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "cheia publică nu a fost găsită"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Vă rugăm folosiţi mai întâi comanda \"toggle\".\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "eroare în `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "eroare în `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "articol configurare necunoscut `%s'\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "articol configurare necunoscut `%s'\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "actualizează baza de date de încredere"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "foloseşte ca fişier ieşire"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "cheia publică nu a fost găsită"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "Nu sunt permise comenzi administrare\n"
@@ -11473,121 +11762,197 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "forţând cifrul simetric %s (%d) violaţi preferinţele destinatarului\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "cheia secretă deja stocată pe un card\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "cheia secretă deja stocată pe un card\n"
+
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Înlocuiesc cheile existente? (d/N) "
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "cardul OpenPGP nr. %s detectat\n"
 
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
+
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "%s: eroare scriere înregistrare dir: %s\n"
+msgid "authenticate to the card"
+msgstr "Certificat de revocare creat.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "caută pentru chei pe un server de chei"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NUME|foloseşte NUME ca destinatar implicit"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~| msgid "Quit without saving? (y/N) "
-#~ msgid "run without asking a user"
-#~ msgstr "Terminaţi fără a salva?  (d/N) "
+msgid "read a certificate from a data object"
+msgstr "Certificat de revocare creat.\n"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+msgid "store a certificate to a data object"
+msgstr "Certificat de revocare creat.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "cer cheia %s de la serverul %s %s\n"
+#, fuzzy
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "schimbă fraza-parolă"
 
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Nici o descriere dată)\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
 
-#
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "nu am putut interpreta URL-ul serverului de chei\n"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr ""
+#~ "Vă rugăm scoateţi cardul curent şi introducaţi unul cu număr de serie:\n"
+#~ "   %.*s\n"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NUME|setează charset-ul pentru terminal ca NUME"
+#~ msgid "use a log file for the server"
+#~ msgstr "caută pentru chei pe un server de chei"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NUME|foloseşte NUME ca destinatar implicit"
+#~ msgid "argument not expected"
+#~ msgstr "Nu sunt permise comenzi administrare\n"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Folosire: gpg [opţiuni] [fişiere] (-h pentru ajutor)"
+#~ msgid "read error"
+#~ msgstr "eroare citire fişier"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "opţiuni import invalide\n"
+#~ msgid "keyword too long"
+#~ msgstr "linie prea lungă"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+#~ msgid "missing argument"
+#~ msgstr "argument invalid"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "armură invalidă"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "citesc din `%s'\n"
+#~ msgid "invalid command"
+#~ msgstr "Comandă numai-administrare\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "  fără ID-uri utilizator: %lu\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "opţiuni enumerare invalide\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                aka \"%s\""
+#~ msgid "out of core"
+#~ msgstr "neforţat(ă)"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          host '%s'\n"
-#~ msgstr "  fără ID-uri utilizator: %lu\n"
+#~ msgid "invalid meta command"
+#~ msgstr "Comandă numai-administrare\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "            ne importate: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "opţiune necunoscută `%s'\n"
+
+#, fuzzy
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "date neaşteptate"
+
+#, fuzzy
+#~ msgid "invalid option"
+#~ msgstr "opţiuni enumerare invalide\n"
+
+#, fuzzy
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Comandă invalidă  (încercaţi \"ajutor\")\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                aka \"%s\""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "opţiuni enumerare invalide\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                aka \"%s\""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "NOTĂ: nici un fişier opţiuni implicit `%s'\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Nici o descriere dată)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "fişier opţiuni `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "AVERTISMENT: este folosită memorie neprotejată (insecure)!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "nu puteţi folosi %s câtă vreme în modul %s\n"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+#~| msgid "unable to execute program `%s': %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "nu pot executa programul `%s': %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "nu pot executa programul extern\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "nu pot citi răspunsul programului extern: %s\n"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "redenumirea `%s' ca `%s' a eşuat: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA şi Elgamal (implicit)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "eliminarea armurii a eşuat: %s\n"
+#~| msgid "Quit without saving? (y/N) "
+#~ msgid "run without asking a user"
+#~ msgstr "Terminaţi fără a salva?  (d/N) "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11636,8 +12001,8 @@ msgstr ""
 #~ msgstr "nu pot deschide %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "eroare la citire `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11691,12 +12056,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr "eroare la obţinerea numărului serial: %s\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "nu puteţi folosi %s câtă vreme în modul %s\n"
-
 #~ msgid "male"
 #~ msgstr "masculin"
 
@@ -13223,9 +13582,6 @@ msgstr ""
 #~ "NOTĂ: cheie primară Elgamal detectată - poate lua ceva timp pentru a "
 #~ "importa\n"
 
-#~ msgid " (default)"
-#~ msgstr "(implicit)"
-
 #~ msgid "q"
 #~ msgstr "t"
 
@@ -13511,9 +13867,6 @@ msgstr ""
 #~ msgid "error: no ownertrust value\n"
 #~ msgstr "eroare: nici o valoare încredere pentru proprietar\n"
 
-#~ msgid "   (%d) ElGamal (sign and encrypt)\n"
-#~ msgstr "   (%d) ElGamal (semnare şi cifrare)\n"
-
 #~ msgid ""
 #~ "The use of this algorithm is only supported by GnuPG.  You will not be\n"
 #~ "able to use this key to communicate with PGP users.  This algorithm is "
diff --git a/po/ru.gmo b/po/ru.gmo
index cb3c4fc1894634dc44dd11b8e5350e94a5de3a85..887158fc7e0a1737bd36748c1de08fef26a8ff58 100644
GIT binary patch
delta 49057
zcmZ791(Xy=zxVOpnFSVix7o$r-4=IucS~^h!7XTT*B}8xf_rfH;2uJdAb|iO5D4%0
z*Z<}{&$)B%JfEuS>hh}Y-2nIRwF!P3l^}R0LFg=pPh^<mq{38X9LFCMM=RBFGXLl}
zIWP+r!-g0Z;y5!fDe;9rInD{(f(dchCdWyJ-(pH!hiUPc7k`AR$G_Qe5;;!L2@p_1
z0nCea?1D1}(-EKV#rL7|{o?u3OOL(9aT1UoffVQzK;^4~Dz76J!uekOB9<c_Wvk=l
zq<*IgfyyKdL}fgLiSS=kLGiXZ4g=!kK=rtYXKhSQyfZ4_D9@#ydr>2C1JmPcFFo0I
z%U=NFQ@>M(KsIcL8F3n_=i4zB-o(WC7&VmtdFg3(&^Y4RFg6y)Bv=L2pw_60hoSCY
z;a%T}s^>fgQxJGZAUh`5X+154DxfN=z)l#BK~zD@Q1@;3yy*GdGi;ZQR610?VxA2!
z8S$Q25hw0q{55wMNzf4gj;i>T7mu^srXmF@Jr^opH7t&eP(7T5DRCFZ$19$XQ6uyL
zGhoa;j*|xSU<|Cahw)d>nvzfxhoV|`1`A-~y*9^HQA5@qQ{f~`fooCsAI1oLh-y&u
zeU>jLW+h$~b-f=p$9Xs!-vtTih9N(*1#uawqWh>DqVKmGvSS_M6EQd5MvYvY12#h8
zsG%*0nzEW+yn}Z==s6S9aD6S-!r*ZN>Phm0R&aidL%cnv#y%L1-+FGrBE+v?W{h{p
zI#2|)hFV}I{039vW>mw@p*r^1OOJclamr}_XCqL83*E2~u17WK0p`Qcs21ltVk1%q
zHJ5!+1uj4}@SvCe03(RUIBL5n2dY7}F@OV6Q#c<JY5#Bc5>C4bj`IYQlHotp;z@GM
zdYTE-6R(9jANpcKoQUagF{+^lQTcxL;!%%VdInTO%b^<3LFv@*j3N+;%P}MVhAJQi
z=W1Hag~_od=EBaX3g@BbdM|3kE_v7gL^UMsNgMi-$WS{C(e1gHz8!-as`CU?;cHZd
z$xd<JV`0?XwLw)l7z^VP)CgTeHTWfFz@(=we+di_Z-B9|KgPw;UVJ91!OKoF{yI?h
zkPs6uqE`1ER7>NYF|%WK;+0X0vLD{SnW!o1e%9uAIO_g2m>;iWb&PY)aVlXmj2_}R
z-(f7`8_zTT3hX&=4LE@sy31G^-(UwUc)@X|;v!^OI5{plPE=h-HRxZ|2qgc73a}Jv
z^;brXXnRbEV=xNN!-lvdNT3{ncbEf<U$P#2g*k~Yz{+?MYhj|xcA&J!Y{aKwCftMW
zu0b{EGpb{$uUN%dF&^=fsHv-o(J<JNKpX<yQEOosD&sQLqT7U-@ieN!x2PV4U$wa}
zjT*5|s0NI~M7SI^LfbJT?n9OLJ0`);$Or|UB-gA(c`+Xss-Rjn4D;hy)X40{toQ`A
z7!zH$v%WBDTU9}gL>JV^%|xxCL#X`sFbqRkI9lwnF}n7DUIGb8DDGXTg|UhEMO8cs
z)x)1q1)fLs;5n+G(3>`5Sv-rPI#3l$VO>;5W?)e~j)~EKi;<yzCpiIC5Q&<*mY5QU
zVse~^8q&?Ee8;gcK0-}h;I`$<<yjfkz_zGz24Pa1jWO^C)QIfFpyuW_0nKsf9h<8h
zs3EL}p*RZFfbpmyT!gB46&Av+sKxml3u4K;HgbJYyJ!VQ;_p}yGv2eQ?skvyFG9j{
z5_01$ERL~%<r$AvP&drMNW6<BF>v1&V@oVS{2Q!*ConF?`^}~xfR%`6#_ZS=HS~)y
z4Q}}@XgB;qg68};Q~|Fr0z)3ykfle>T`p7sU!fkq!%-tM1JmIe)C<UI@A@57MXyk6
zEZ*;yKRs$~6$uhZPoN`eXeXgo@hsFF??p|~->4}`{m^znH4G=-A2o9GFe9Es_4E~L
z?WB2RYoIVHy&h@}j6iiDIEg?30!vUmxQuG)drXG0AKU8Ah*60b!tb#pYJ{HPT#WU^
zhWa~H`U}jA@&B+67DbIzODvClFpu{CE&>|TXP6p&PwgNHpn6aYHH7t1Bhm-ezzvuJ
z51=Z%h06aKwc3+EvkLQITH+OODRw~B7wx%5hWSrTKtoZ)O<>`9@lL1$2cs&Qg&L6`
zu?(I-6%^}*t(gea+~-AYzjBxXn_@H^fok{!4B#S6LjBG@0@|mSF(<x4O-0~O$7zD)
zumvu`X80ef$4y`I28_c{=~q$t^S|P7!Kt1zFhG0`YD#vX>iZRgy6}mBTA1c9TO1kD
zM?4Rz#raV^t%Px~1;)p&sF4Yx3Y?D`v2CdQ=TY}RM2*M?)Ck6ZZ6|5g*Nndks^}#&
zMrG)SDrhRIg0-lTIgAPMHO9nfZ|odMh~tQt!p3+Eqht76>v=ZJM7$chiw`4-?|RGl
z=O^$l2}LpY-!`{jV-ey%poaP}rox!-tboj@gQpv6NY`U_yo@=}_m5SW8+D*HLM_5s
zsBO9x)v;Sa0@(<>!#tSoy;WErRp0<G{vE2K<5&P+VP4Gi!5Y*AH3dsi<?TU@>|<2J
zKX~z^|JvHhf*O%vbpnY9^u??=5p&^IRL_4$^(gG4r58ly>wsD_(^1=Y9;%1iQLFwc
zX2DMwz)YVky%MTn-LQi8|8N4za11p9k5L7r_|M*8A~81c>KKYmQLDQZDqlNHf)g<w
zE<>%6O{g_;6xFbcxETLJt%2#EWssH<=s`kiC&X>Y6jYBl;#9niDxhmfh&$(#u`=;f
zUOcfc#9d5vu>|Qeu`XW3l9<tN>Fsd@@fBDcGlYgX1*qR?L!buE#rpUNm0luBh&zOP
zQ4M*7ZLxn;YtT&$C;l($yht6*8eST;2D+oBU;%2;9r3O|!~4Wj@Ozvf_d1^lG$kQ4
zh85fj6B8ef$#6Dm&NgB!Jb-cWEQaA7RK7=;2A!Ceo)%LQ&5UYLIn<)=f%$Mz%#fhF
zh%S(zRec>bXK`bNxN9LLsv*@;tG_L(N0U%J-i9jp25PZJjcxHPsCa$U8X15AT#Q;9
zKVvEUC3es<B#aZ{?#Cji9@axGs@ABU4)7fBrO!pJ{*9Olw_|F&<oOrIARaGnh<k9Q
zMD@H1sw4d|fJ=h}hB5^QPz9BWAL2e{o1qqAThHm3g80v<mft{kmn1MFF&F6_y!dR?
zNbNyw?}wNi|3x)4aYD-<%ts(M32jkxH`8-7YN#%v=Jp|K`+Y`@NN6G(sYIxJ;TVnu
zP*c{>vn%TUQK*U+qMjkUkaB{~2?7a7xQ^=4GgONcB)0TS7@c@gR1eFchPDrC@dZ)m
z#&}c*cA?h9b!?1Ll7u*2uqD>T)2Q@7(hz67_Sql;wMp<N3vqtK`q&SPBoA@E!XL3J
zrc4pyzGQYp#ecxE_yH?p$&?}PK{X!L)7conEvOD%#z_1FOJlZFAx?hn^R5Ki;d1PN
z(NbHFx}ny<QY?aJQBxI`#zvwDYS(l|ZL=k)GkrJeY55y!Bod^x?N$;sLcLJ;O~;@r
zI7XlnzQv?iGGL3X0ctLL;&>c~n&WukA?{0SUeu~?h{`t_wMge<J=}__Fh+!(D_L+q
z@ye(vkCBf3-<d$_bk^c=s2jGSGF(ROipQvmqolWZCe$`9hgvhWQ3q6i@A?GPHd}>i
z;5pRO@}rlYD}&Y7C_^yBeVUCULEB{$YHn_!Zb*~S&hFZtQ&CfJ1~s(*p@uqZCh~>w
z@`0LyIhpMM`WZDf_dWkZ?S>RtLYx5R3ldO5Jygc7sHvEM>iI<s;Gd|WjhEFHVK&rb
zxEB`0MW~Uugjy>fkjJZ&KbwuzU`$SYJf_9vs161X5-367Eow35%O2wN!p&F`Gv=_x
z*dCQ{4r;YuMpcwHC#x76qo!^O>S*488kq}N3Y}ab?k_qbF_P#QEU*24lz@gZR&J}P
zFxDXc6{@10p8h;`y*g^q22nlUfZEr;U{TDJH^lu96>U%zFGh{%9n^i9@_Ek&tfVdv
zAW()22T*e#nm@#ufE7>$oJV))3s}BvsI}4!wg2aO@mr`KM=fY0R{%A{eXts?MvdSb
zERJ~#F%s18bSI#>`VrOAcUT`I3)?oEjcWOBRDn-WCtj)|HbONplK5QIlwC(1P|1o~
zgWI95uSV_r$EaPArWjMMMO2kQA?%0h!4Iemw^6G-Msc$kYOcGWerR2WTD(WGE#Ace
zSeC7z2JXQo_yVu7J1Up7sg8)WsjCsm{?~TtLxSddA!-C3qUJJJ=@9p4zOT^X|5l(H
zxU!6`;$JWd@z?0b_o$=y6OO`^WkZ}JxCGVF_T}tNXd0@4+sm>4(-C+=f`&GB`4DFk
zMxq*W26bbS3O0A8Q6myWt^Oaq_#YTSJY_|zpd^M9Z;x7}<4_~I0W}3TP*2f#!Ac?S
zTWbK-fIQd|+hGhm?0L@fhUf2?nd>jTc=F1YKRxOs%!PXBltwMy2B;&tC+cxM4&z~P
z0RdIC9;4!RjE?&-79K}syo}2C5M$yi)Z_RQYD98Wv5{<ng^7<u4e@T&qI{0prrE37
zNDfCvBIxWRphfitb>d~IW{ax=>Rk95)zdks17<&J(cQ&3_z$Y5(W+a6Q(<i4S+Fb?
zLanjEs1B^~uK$1$+W&h91h{Y)wHBNjw%yXBj^sL?-O&9(1GNa3dFkg-4S9yD;9t~`
zN3CfM4o5A@NYt8WfdL$jDYgHX5zyk<iyDD@x`3as3?{E-1vEoFo(G}M@^4X#X+3H?
z-bbAi(P~=*3ZTlVg<4x(Pz_junwkR`)EvGhpv94{j`gqzYAw`44S7S<koQ9$PDRb}
zx2Oi3Lfs!y*G48Osv#9nQ`ZMIm5aRi3DijbRhRv*0;1Qmr&uY}cIk)OehX12<L{^;
z&0gPnP!Ux?XVl0I#{jNC_4qKV!S_%@{~k56NgLQU%#XUibp!Ul3K&3wDqesZsspGN
zzd<doKtsE+0BSe1@$8MdJ{mOw^H3FSL=E+6&ljj&60ecfR~pr!c0mHlC^ZtxP>bj)
zCcyis)%+HVp}(;`JW63k;zKYiu0U0M7PWn!VgTQw)=H8lHX^w(E%C~zkqUMupaWqH
zszviqE#2Z}_#HKbAx-VZw5W<oq0*b7*3cl-;`|;pA_q}V$*ZV_hBUJg%8XikC6R^&
zogM_V$R=VwT#E(qHb!Ei=C;`Cqef^7YKjh{w&6R}BFosqMzSVqDtlrSoP+AvB2)u+
zpgMfsmHqdCfQINF)X*eoX)Vo*MTu8JEv8YZ>kGZ>dps|CK1NO1f2e%%TiII4gDSra
zYOOW%(u3&!{(l+)^?W<3M^906lcKd9NCi=gs|jk`^+0W}wWy)IidrMl+t^x2ip7bS
z!O|E+jnDzq$o_#UFT5@LU)!J%0cEIxTJ`-=C*caz&>cff(S20ILfYBfr^cAXi=h^A
zMbz%-jOy_q)X2?5-M0ZXbtgPOwqyURqFn9mjIN7XT!TI5q6*lGn!B^89zR4iJXr^8
zU@la=if3z7g#%Cxnu)sqJ5+glQIF#*9fG!4{2i@FSx`N#h-z2|)Il^6)uUffbNC$9
zka(S};4-My-UKxgqfsNX3d3*{YJ_*Aw(A4bRL2c=wg!|$ZKHOmmd!*JcmVbEdWtGI
z;a9dj3!oa>0oAiHsBN|gHG+pRfWM-q)c3X3lM|J{9;$=EE(A2k(@^_)9jc`#P!0GC
z^>9hm#THFz)B)8Hwa?q2R(*fe6ih_DH!MT#f*(-jo<%k68LGVKUEKx+otzeM>Y-XR
z2$gX$YKV8Edj1>(7`L1CJU6O>ny3-$js<ZcYJdNN>ggj?13sgMK6Q7?UkUT-`QMj-
zGOR%@j-#j%xr-Y552!hh=wTI>#{lv6sG%K;nu<-RZFvEe|1)ZiBYN7@)J8R60IJ*-
z7*74pDFVv)9MynSy{rKRP$N<cHDrBIt9l;lB;1OcqNk`4OWfP?=S5Y}09D~I)ReBp
z0A56O@HGZiL7YC;v%IK`b-egs)S_B|YQRBshZF<EKcnV8(AVZZAL{6>f;!N8c=459
z{3NQr|4_Rrq96NT1s3mTH`c=d@j<8|T!6~B4>hOPP(6O;nWVq<JQ4$>H%FB>48w6Y
zD*q1e`hC=z@ei<$r5nKhSC6ZZpp3myH!ec0iJ!grZPe6!MomGofwm3vqt-xs)P2)Y
z*EeGT&w1%DQA3_!kX4)m^AoQZB%mRgfGTJMs)g4vfbUT~N-@}*ThwA}fSQ`VsDc-I
z>Dy5ay@G1cpQtque~6V+95u4_Q1t}+6HtaZr~(h73VecERG~v{?!!?PS3q5FkE&oe
zM#JS86TkP|h8n?xsDteuY6{~GvwZ21a)M570@}Y-Q5grITDS(Q;wjW(O6pBjRdja)
zs=@Oxfcw4czk0?PZujLwO>IXnJ{{GOBbY(^{{aCN7-NJDT`tu2sf1e1Jy0Vw8<p<>
zs^W)UJoZQ%sl2E+r<zy}hoeU52&%kCs1b=f%GO8@jG%s}G6BtT7u1P28sp+N)Z#pf
zs`yVYJ<(|EL3-4hDT}qSI~KzO7!^NZB!-T$AGyk-p8KOvb3YG*TCF<?gyLmXi*H~I
z{D@ji(Z<>k22c&Hg38wh<Kt-5**_aK#~V;nc>q=JE7TPHjmjSwXXWP|$NmqHP=W;Q
zf)=R7H4-&ci?9UlM)mYP>ZHst-iEp!h7liwYQPj!Ip2AnK=))tt)WyCtl_m#Q_^b!
zi$x<ap9BrfHdGHzqgMYtRDqvRJqn*_J*bUJZ;M*2<4|kjd(@O&Kuy^P)QF}1#w>(d
zQ#C#N1_=})VF4D#%cvXUOtO~d!;-}7qbit*(Qr2^-yu|ikG*)D$=*?n>UkB^NDf5h
zn}d2t?L|#(@F@ZHEOd%hkRLT7O;L-aKWZfApx)iKpnCKOHC3NcBbH*SH7F;lyt=6S
zMxpXA^{($g4gGCo4F#Pj)2yIOs2j_mdfE#$CG${ozY*2ro8EP2y2Uf08e9!kQ72Rd
z!#&ra8gd>h;d9h^Q}A0&9s92>fjA_LMI8*YPz7!AJdK*u2dIK#&#<Y<ikg~g=*MqR
zBQX^NxB^wqVb5Er?fnMTk&H8$BJKaG1k|EII0aYZOe{FdR`)5?R9r$e;0<a{<IlFm
zmkYHR>tF!;Aw%oTLFL<tnyRa)k@^euRE;x-{jZZPGXX7%x)>8jpjtQ?HI$n$fHzQ!
z>R;59WSwjKx&f*I!%+=gi7M|fYAXNot|y;oi?9UhRjutj_P^d_=98egKaVQFnQuJ{
zpc+sX)q}6G7>-39wFgn#?=@<5Cs|<S6h|%AE~qJ4f*O&{sB$i2QGB_8{jUqz7Mj&j
zbKM=)!?~z!c^FmEC)5-K7TNQ=1Zs|Zp@w=Qs^T@M9^OQqd<hoYHZP89P(RdxH8Dt_
z8i8e45nrHIX~8A-yPqIx&JLnR=8hNt5B2(;VyW$tT&M<=_iT%5=m=Dg7o+aqiCW~>
zQ4I+GLqG>X++~(AGb&?QRC-&~HXMSQ<8Qs|+fXBN1vS_2QSXA8mfI8*#X`itLamwQ
zsE%Af-S-@6V9<%T!V+?z7E3MEZs?C%oGVeUO6O1w3tedyrbkUt9Sq<w)YL6O<vWgQ
z@MBa1V|`~oB^O0?tP&>G{%=h{b21P$gp*N2vkujxgQy|9j2ekI7#(A*vJp#!Dlivn
zTUGMX+n|2<9E$4k6z}>^sF65@si@z1L_n)CbhRy}Qm7jnqE>$=)FPUOn)6+#hMn`S
z-$xY~V~sT+BkKN0)cv(l9T<o@=;osCUyZ>q0=o!k=ni3Ce1_^#+O@VT3S)qH6I2fe
zqYr1HMr<xd!ELDbhCQeeJ%%dxCI&F{d&{2zixV&VJ^Nn;4JSc89EBRH4XD+79yOQG
zz4X}Y?0RlgdR^2U_eS^WhMJ<isD}N5>iH{F{&?$cE#yWuu*LeIRn&_F^?WMk!-J^B
z_&2ISsW;frMWSx3iE*(ls^H$JDV%{iPtKwm@Dep;aelD1k`C3NlBfnZ4-yC^FbXxa
z<53kXN8Pv$HKeCd2hA1KL*xajfWSs;Kn2v1-2pYC-=I1$1+`eWqDJ^<R0E!%c11Ak
zN83gPQ3bTY0FFbgfi+(I0O~}$j~b!mKUo3QQHyLa>Y!PHv2Y)1|DQrN#J|bRidqx3
zk&z2Jg9xai`KTe=jH>7YszG6!ZFT2BrB_C+jp3*vUxZo%*H8`kh!rsD7HeP&)Cf*O
z?UFgDk=*RYgS5~~c!Vn8Gini~*lOlRt$_-tA?u9pVnYq(Uetkg3pMxAx7m;9*--bj
zMvcH|R0GzbI(7^bQNQzyfaX4AyB(D&QA1n>bpj5<4!9P(V7whR0z*+p>wHwjCr|}H
zMZIRn+i8nB0<|XUqeiL`s=gr@)asp0KvS>{RnR%q0r3hoBB8r%f2YMz;u%l}Nmi_k
zMNmUN3N^GRQ6q96RZiU9R!#(J#7dyjo9*^~{_pN(7>AnM<*2#-8MO=kMh#ueJ+|62
zp`QO0QM+LPs%PJOo<%(y{z5e*&0bq{RZ%_f<He`!W&f+k+ey&=zmA&wSo^#dqlUBu
z>c%#x7nLEXo~%bza0)e5|DeiA_p?n+15|trYVGVm<$H+gSp49AD<~ss3d*B0w7_UM
z0ktcpV@%wL0o;umsavR#c#mpe)&sWK%Av~p8r9IzsB>inCc*8fjt9>YP>)}tS{U`9
z4RL<dDzAr{t3h7+WK;ngP$O{|W8)jt6!;E#9YU?0@}8}{^ueg|<|Fxo&IST%`32OG
z`V{r_`WLkeVjZ@IM50EfgBPEUn&a(W`fsR?#5rO;PmfwNB~aV1F={&wM;$;bFrl9R
zrwOR%_pk`YIcg_bB@7Vnfm+qmF$%6lEzXTt6d$67HvE{ag#xH4X@eS}8K@CEgqrgk
zsBQZv7SjGtbKH8?0Ciym>gfCti{WEbf$2}!YOjw<ABSq#A=HT7L`~T<)b>np($4&F
z)JRrEH9UxF_%;mc##aQ?GT$jXDwCq-D8jP<YGf**7Sl*9fXh%LcNO&vh;rIq)pDSQ
zx((`l8G`}*4mDCoQTN?A&HfJ~5O&5+toW$4kPZV_0##89)Ha-nT2wnxbAJi7JDjs-
z8dSdGs0Ou0jobvxkGoJK^e1ZfBt93kjCs%5Vrha}9Q`mVE<w%RDlCh8QHwC-ye+cq
zsQl$o6?H>3U<s<C!>A7a;l*F0Do%dErn+E|fQF(ys^A$o4fml6u6faVIshvYUx_O4
z8R}qpi&|uvf3XT1p^oBVsO@+JRpArVevf*|;+auvEm)p_df3Oi@C|D2)}R`83RS^-
z)Jd1+vb|6=K;>(N?yDPWZEQeI(P<3eBh-|JU9orsssm+_h6SB!1k|$5r~<!174!pY
zm7c-U7<Se6aTU~>=!wd|8uhe0iF(tyg<8B1Q77noR0Be;Sw~Z%&WXGj(EhJPKm~Pn
z6L?WTt=bK!p*w@x9e<!2_8C=Rn(H>ig;57gGgSI0R09@y@gGrZ<0J;~U+;RV8|2si
z&qY9UUm5FTA5>3HqAI?G+UHMDXL`s@s~`m`JqK!Emq(p=Lr@)<>$wB9D6e4vKcUWt
zG`HCQn&TV<G$c(?bJr6!B9l-RZbUWkII4ozsF8?!+lDkJs+{tu5$KIt{gW{kZbnVT
ze$*m9jw(0a9rnM5D$5;fS#i{2YmS+4GOCALQA2#jyZ#2Xdeh&vDXNQVKo8U+U5skT
zDO5v$$9Nce&pMD8Rc@YpLAy|y1T~}y`mihdu?LpNK3E8Mq2}^0FP`pKOK*xLNuPmg
z=ta->sE!2g+aj%mI<T6c8aN<GKtu5@szvKCfQL}q>H+HPj`N!>wlb)p?SNXGlTa0`
z^}K+(?>*{-O!vUnMom<OV=;hBQBxf}KtPM*mUkiKcUwFWsDjI25&Q~upse&fjw;|8
zszK2n+SKJh4S93aA{>G$f1wvYfSTf8k@ETbACGLvieNJ?w8DzG7d0hO9@|4H8EPuh
zp{AfSYIn>>Rk#s##-Bx1;D2I^I3KEk4LpaS8nhfsY5yN15FjDiAJ*f{sKr$awU~ma
zxnGYuk{_UUL+qzkaA8z|EwC|;!g6>U)q#j-Hc|ypBU%eJ)dMh{_Wv~R!WPsV-9jy*
zzfnC){oK-vqvpH;ssX)G1ujN4;3#SvKSfm#^1`-fatsj9jaq!QQB%_$-M{}om4KcB
z-=i9Ez>D8R4e?*70;BzD&+oLJ`B00kA}U``R0GGN8ngm6lE+cyzeAlXabDUlxAMGX
z|7+j&AwfM_j=JFtYFB*3??ZS_zY1~s65sz<h%*rjzUGf+lYRiTCbGZfFE9}Ah3eVa
zzipqtK#gRKcQz$?P-~~3=jwOtf4z}hBOxz7!#bGuADgpYsPxIG5!jEl@tT*O^}UT)
zbJWoHM>SwFR>uvfMfopQ#@rw5VKxZ+5Z@CdP=P?6e?y#ZH~<^sBh*xs`e^TbjZyFa
z-=Kzk4r)~&K<)EKSR506vR_!%!n(vKphosKs^MY(S%;dS&XwR~0y@(VU>jw`su=m%
zhISI_48Mq))4Ql1g>p_Ry$EViRX~kUJJgg8K{fPyER2^>BNIEs=QcbC7SjH&OF%9E
z2DNRDqZU(apU-`&MW7Cv##j{lptj*g)b_mQ#iRIr?o{POjYw<MTu(+dXdkNK&rl5s
z5A``SwEs&JP|q%79Q=S9n&?q{?n9#ls-hYgiGxvVW)Ggg^Qd>j`BAL_cTgRQAI;~U
zm^Dx%+zV^s6ja0RU}EZb;)eO0o|plz;2b=J-J<*4KX#uthP8Y*wk7=~mcn{5ttT^4
zJ==oS@Cj<s7K~*h+8On5`T;c(&v6T;jO}xR<JmUn3A84maa^CX6nA4sY!=Vw{^H><
zz9XJ3zRx*^=@R&y+4vM&;mCwOM{DOd?1B{%`P{|48G8|rNNn+0*n)Uy5}*6m_1Y%!
z1)UcpJS9Q<^hQ#j`xlWylG%_oM-Amb)R1jMZKFrn8S^Cfxw~ZnYPG+{NUWH`=Wf68
zs1x!EhU0&zkqD%;DQ=lE=ySd$VFn4)Fk>p~(RS3fNtW6wD2qCn7GN1XiJF4gX?*U(
zsybF8KFf>WL9L;TX{`fIP!-R?Ja`4QE5d>SpZl|1X{<uRP}I}wIO=5k2eo)ghWp$<
z72gE4*w&&7dX8#X+6bHL8d!q(49^Q*dfar@@Or34I0qv!_=teEUFP(*xVoYaqzkAP
zC(B?xY>3)cOHe1<DXf9XGunRcglfnX)ct$CcxWb8Iq`hh6)U68h3&|;4m!UQC{4mg
zEQTdB+uRO9jmQI30lBjHoCa7Pd*edXwv3n6rlJILpg2QO2hmnk2hN}ls94$T+{lUv
zh}Xp&+W#HA3o}ti?p{>Su3{R@nB6Ro>RCI~+^xd|?4AeS^>;aJh?C^B#o8Es<eP|J
z;bheI{RcO4U$a~^RQo?x9&1s0)MK&`YL08*e*6|cV%@wxXBRit%EugH%mP05ht#G8
zeeOf64Qf$tMIC5wQEMngAsfk7sB>W*Y6R|Ja5#Zi1atuPDr~Fx0hT77qlgvI9lH_V
zic>IsQ7dpW>cIIA>tWSmwg#4>w%s|@T)#t2MR;*Luv%de;=_xx{}U0|MS{-sb2tS5
z!AR^|!fxD#gNeVz#n`i?&l!sGO8J~lI0e<fcc_!FL!_N23osV(gE#`udFi!FTSEtw
z4%%F<CP4?yJ#2-k%h=gJ3^iv{u{OR&Ez0s`?Y?Q4k@yMJh`mJhEN?j*$u3xt_*T^7
z{e*gK*DG(^bWo6h=6nZg&d#BR>J5ftz6!Qq>!U{KJJd;d7PZPhd+A9l`rKEqNYCb|
zatC1@obLGmn-VWn$quOC3<5g2j-igwc$KYX?XV#6<){{4_xz07W*Ms3xzQZ8y_Tbf
zem`oFy~UiExvJR^RsL91!*5_M?f<_BXz`S-=5yzKE^3Icqqa@@>NXWqQ4Lv&VR#hd
z<2js(zoOPczZ&*1yNiv9m#*n^`r`uBB2QS$;$yJ6_WvgWdYCk=Z8si4Ev`&;e9lVz
z4!dKOx<2<MbQfv}bJufw;7r0%#BXCeY+c`ad=xbWZ}Df0)xhWey`s~ogR4P9&I|4T
zQ3SMIj-rO>1!_pkG_rUr)PCK9J@6Qoz`~8~NbZMuh%d)7cnMWr(k5mp)Kqjtt*P0V
z4tHR17=c>^RB_X$KKEC!8&N0S&)5N@HnX|ziaPr@p{_g4t-^}fis(etT6&5a`ur_y
zkxfAzL<g}lhPAX4wN6X+zgB%u62{?dR6I>9TYP0vHw?n$co?;K?qFC5KOx~a#6P$8
zIdAZrHWnY=*5|Y&9;=<teVOfo+MYX5&yo*V1LL)4|9?%OWqY6dOQln&?HAI)R&yk3
z==!2gx|OKK^a`~YJ9o5(PDSnWqu2oBbg~AwM-6!p_42w5YtZmpSb%u8;8!*mtua8t
z7}VUZ!mRiJ)quEP+rBS}X^3}6t@<gL57Tw=xj!*AM2%n%)cvziBe)+^VvMeKBxl4@
z#Dld6=(#=(b&~Btt>WKMi>XpKpYu0<gQ2v1WOp0taXswB9MaS0{K55|_z$k^<#Qh6
zqTaS>$M!Mjp-$NKsB)iRIqm=KeeHzniQ3l(Fb1B)sCXIGlUo>x(fZlYRzl5X8`Ovm
zzzE!i>d<x6R7B}->CI5(1W|8T-(ywn{~K<A=llShqh6@Ru>o~3eMGJH+5_zzn2V|?
zY>@q+k_|f&kHinS1~=l0!M0fI4zcs)Yg9RxaXO|N>T^bF|NlTh2TYz}K4%^-Lv71q
zEY3!_3pI2Jhuh+;h1xAsQTdXN@VP%s&PKgr#T;p`*#l8ic@6tuiBWd{Cag*P6$W)y
zmmY2VwhyW&dr_-B!x-B}y--iVi>OszaIC!*55rc(uV8O1G|o=Ob*M!bZM=<CZOl)+
z4{Fz}Mdsc)H=g~kr&FQ{HfJ4Ci(>{>#Ve@Q9Wl`gY=AmomZI)^g3++}H?|GSp^nzU
zSQ^(L4;kkV)B#j%l8wv=R737fVrXX*h&tJNya?;-22@WYr`Y}-k2*5H$51?rT4cYV
z@_j}vu8LD_8}~x(?-`g3PoNgveQeGyN-)jmj3wS9IGuMo0`KrJZu-`Ss{agcyWoGM
zKS7=Gk7wHAOfk#n{sV%Yu_Ng(P;=j4w$EvghjA2Uonuq@1M2A)XRgn=jKi@F1{=(?
zRlXDZD#LtxN{z-}6<=VB<|Y12Jl8^>vjhJ`jlh~kKKJi<Uh>Sf*rs42YFlo{^!OIF
z)>167T~-}i@%txdJb^w8$&;nF3tB9<3};cRKKcq<0~JtHFbH*$Eyh&13$-1uqUQbs
zYDzM#v>(&EqfXFKsNJ*))$^F&`S{DK?7waV;*jtNN8sP6BX+<ldn(RB4gFKpd60Uw
zZL40WwQ?0T)H&AJOXyEHhInADZM#*dc*^hXr{QI&wUKC@kAMGxKotVoZcj0Qh1c7`
z(HPa^o|qPAd2Ypw#4lq){D^wE#M@vaRuzj8ACJ0z7}fJ@*bwvlU@xf?FsPTwLj>OX
zc<DqH^v6$j^k&#(&++Uyh4itQ2@`Mjx&J~!39L<g3zovDTWrKCp!WBC{2K3K4y?M>
zreYv!Ev(tf{?{3OlY~~7cbo0w8K}i|5;No9sKu0ayFE;rV>t017$3hyjnGOgjfYVU
zjk?1s%IVn}wGC&Y?mxVP{ja%x=p{tiX%CG|s39JPD)>88z9Xo8`vBFWuXou)YaTWu
zz8tgQXY7nwcKh6asBi{8C*Ez3&sl=a_Ue~UOkI#b;t(Fc`+Uv{5?1}}bABXVWxs8|
ze-HTFzrlR_Aalj_6^HD(pYE{j{~b7s^b$wxC!=3bJ@0kYPRjW>o2mT`1Edc+p;gb@
zFzUPrCOT;kgOT`=gp2qY&z-U}|J-R?_4&@&5j-BX3ofD-ZKkvKw%i9bB7dQd?7%tO
zhV@YS7h+v}g+;LZd3Uh}oge`{Zug*C6!U_efCEue@B?Z{FXMasjC#1dzi2O~Wq+~l
z_&ru9J?<r+6N$}nFfPWznBuY>(RHySBRmY<fB);@6`ymT48E(jUw_9!#G72R7maUG
z4~zAvo?S#O#;DhAdzC}=un}tLH=tJcWz;SRyI~Ehj_T+FRQexSQ*)Z@ro9*hu{`mk
zI1ppqvKz)?N8*>UEta@#L%+=P1?qWT?2gYlPtU%=KE#{dvyr%fdTJ*4)#_=At%xtj
zpiVIVeap}obwDgfEy@q57RP&F&-Iqrg7|LSj46J%xj&1eh*x`P<($XH#FIa=AK`jq
zV&ZpDQ~Aa-&13ezexj-L*ypUpo%k5rKJhu%vDzPYWM+J7Lp%>P0xxhf)_G<la}Qe+
zuk_sVeUD{{e@3nLvM+4c?7?otYyW9KC+z=|{XdC>YA@}D<2p7ap5c`(o)I{a_$NGo
z<NvY-RC#UJf57&nXMMxa<1|zQTfeo3*%9nTyujafZmhvN#B;r~`bGu`=;3e{Ph-7*
zZ0^I~bF?xA3$PRE&p+7N-r!%Kv!3`2Y=V&=?PYQSYHD(PvWL<n976m)>bc+YKRX{T
zppN7opRJ+6TLd&jk^J}0HMkQOVw(`Z`=am}HI$cqes?V-_xs(7JE7+I5RS&wp?>#G
zYB_4eibU}{^YJjQ!<JF~&QgpS&F}sT$m@}*2s$ys{O%AA#Li^6i-WLobidp3!}u-n
zf-(H=E;xa6iRX#wcemY1tUx?%EWeY25$k~e5FZiS?;bdV;`p6C#Lr@@DC~~7es=_(
zCDL{FU!%l+_v~JeSI8JWiQoAJ@8JmClGN{v#DdBE4*&7P*@<O{?@VDM^AY0^k4))z
z-wkVG1o3+KC-%qE+}AOc-+e5vP3?D|mcL^K?f(pE+@Wx~pmxJeyp7e;`rTirXAM}3
z=b+93f4DXHYt)DxM=h$n5!SFVsFU=#7cZF3@BSD+5G#^?5B1c|oZjyQlM@IMNQm>W
z5pKY}7&U|6{q@{o)c(DWDezBBiZL?!-IFW=b-g1d!=b1Vn2p(SCl<$tsI`<XlQpDc
zCV$X<tZpPhH=gx;gsF);nf>nX@6w>IXG2w7&Wkt0y2SgUj^GoR9@Av;JKBb2Q6sY&
zhvEm+?irBP@BVHnL$;s|&9rPb1@AB~89HRQMK=$t5zn5(hIAn2BmM}Lo-(J!JE0y{
z3o$JoLY?uy;U&zR%X<C^^}<p*w~cJwAc0yWbizp7i8{+apbDsx$L~JXrlKB7w=oYU
z&THGRBI^ESsE5yAs1Zn!&+on+m%;$?W~h8aQ6qL1n`1B{zb%I0s8xLxHIyj|*naPh
zBZ=?Bc38Tg&FLyskAK0I_yJ2{lR|#yC!CK(uv%eDAB$CqAI0*Rpom|O@u1U)fC^rY
zS{%`e`rU^_Rg6cxFXqOvsKvJ(eRvUn#>;pDXBD#!v@C8Twj5RAOH{*(m$04>K`M66
zV}$m9ijsc!cRD4oHy5^Id(2YG(x>7K;?W{)t`}fI;^$B!5Vf?eg&bIb_#o8O{fJuq
zZ&A;bh%z>!!>~5-Gnj|^owQ|bZfj#R;uEkHKE&2ov7A-77WMSHhxxH)dD~{AQ4Lv*
zS_5aX0{)E}ff5yLL?)oN_f=GS?uzVx4fzlPO>jScg()l9DjkdJ!CWtX1hqJ?;t0%C
z*<6cSJK3t(BJPITrW;X<^%$yQ?>)n-+LTtV%KldcgGk7Lt5K``3=YF6)vPC@Q3uE=
z)K4~H)&1^|+vPAD@$RS|FF;jvAGHf&)Ubml7nUa8AN6DUPSnHeK@Il5=B#8*tDq0|
zCH@mG!%VgO?$hxEwjy4pw%`5XaRuse8?}xNZF|&IZN~bTxUN<3HHHyCf;v~uqFz!%
z>e&HTGe|&l*A>-}nW%&1B<8@R^{wLasFtt7qIdyy5XEX>J&Qz@GZHnTYrXU<7*0G{
zLz|+as3{qWIvIl-2}Ba`HL_J&78?>@f?6!^P!-l{?00{3`UdqvvKw_heG}WhLs3(B
zAGN>3n)=<}a@9bM<UQ1`8QIJh`A(!m{QKX{{Z2YAlt#^cd(`$>gxa_FQHwO9g)P1g
zn2Y!})LcKr#2BZgjYxXTNxYHgI8?rESQ77GTTI<b+mZb@f`EqXJgTRkP(3N!+V4J`
zT3{C9Ls3J#8g*cuMU7OxHnzyVK{fan)Z$Cn)+#KFD!)H!4Xi}ncNM?Z{?FCU=5PUO
zb>GGkn7q9`_Z#A1;)hT}SgL~^B>hlF^%2w@r|4)SSR8eKA54jxP$%hG9E*3c4R+|n
z{?|j`1OdGeWa?~lGYl2Ki8>GRe&u&Y;UZMQ;a~fmR@f4?2={xwL7fkoyVwys0Clb$
zM5U+hYHOw|s^Lewvi~a(NZHMXz71*w7NO?+x))E~-S7Sc(-<{`%P}=xMorCY)EuYo
zVMl9uOh<eUs=VE(UG)yN2Fmrc^I}xbpv~P$614pi^s<U7p|;6%)HXSUDkw>BYiJ$R
zLu4{)(OyM0IBp+%%dLxQz#CM<lJ&LwBC##;!Ke|q8zi8i$=}ab?P$~un^6_qL`_kK
z{(kqT*iopXb`Pq;&!_^+4zM+}8ddNURKAh}?YTb!TM@sAdidlUWFrzBLqHFmi>Upa
zYp`vv@u&iJpw_^@UcAE)dr4i39Z63y)JA3`>SWvJ8Ecp=(k7@8T#M?+N7OEB!pL)^
z2c202YLIXdn_~EI8<C-?^fNdDQ;o2S7NcG)ZlH!f(MZ4h--fE8)<y@ci1Se8{fer%
z#3*}FS%6vt|6*zF|DvO9$cLbMyb^T)J;F+ueT<!GeK9}r-KYXyqE5nGW35MXQP+RL
zbQm_y9@p7X53dENhF|mI3C8n6qWxc!KnYxdk@zbrW5fh|Og2O9`^l))e%On@zz)PS
zOtiH!2{lz$Q29!KV<Yx8YNS@9((htvj6R9|ul-q-faY!$YVo{5HK6ijYxyYDk-Hx?
zB`;A!U22MrR4-Ki?Wm5t^5VIsT1A~vi*+4pWd20$ri9bj|2i^jPP4h0ih4`^6Lr)^
zPWQXN|Lcg#Hw`tE=P^0P{?_I?6DA<u9hE*3li)&(#Lc(>-=KEav>E1(87w*-K=(-a
z8Z*tbA)JAFiv5SPvD_?s7rcpD6Ln|XHd=^k&<kvj+2&Y-rlUsUI%<0-o$Gi1qjpEs
z`@tsEh=v8{Spy2A=16h%d^^^~JKpuY^X+HBfv5r=qK35i0&Bo<)ce9-tb$Kb4KKLR
z@}EI1>U4|j2b4~jns{(Lfi47Aq2?yxV!NRbY6vHz&iIws6R)8bQI#bu9_)i!LvL^`
z)?Dg$|C8){)Rc@_=6Alsxi}L`F1Lr(FGz!f&RYU{Jf>S=KkL;(4PA4LfeTPAU4<H<
z!>FPAi2Au8`$~J<Hb*`8N21;de?pDWZH$BA-`R<m8zYDh#Te?sQUWbVSciJ9$5>^r
zTHR3<%*R1^3UxkISZ#AW0f!R5fMHm3jXiD~;RND+JpV(jnel7wo$vx`ZDsqOZL1;d
zNkFT6H|hZS7c*e)bv9=WP}^<+YO4M~9ia`^+qv*9RwjM|wKfuNup_-QD&JAmb`AN#
z%#WJNju_NFyiQ;&Cf;a20WC!JG~SQau)5fX_zcwc4ExD`dToq4H@cywY!B)&`vD`d
z;wIZo<FO#|*Vq8FZnlvgv6=m^o;@T%+oZr2+YMt-2hnL%1>sw5Rd+|F??P1=cbi!q
zwRpcloq!v$4yM>{Bia?!(dDS!aR=3qEIZi$YVq(LHb-Z$H}NDpt>+U_C)-I>&qH@v
z0rjyp@ujFC_wBZmt`Tae=c77y2DR-{?XhP@Yn)GfDQe1!1@~G5#$Z+wE~1A16RL-i
z`)s=mL-lMaszEV-wtZh7I};y?G4L4%@Ez)mPqyE7M-x<og4htxqDCT^@qj%hd!kOT
zGx%)?F9-+y&PqIb$nXCBzORqi8__`2d9V)kzHrxz7d~olP+d?%yBwS0d(4Rqj+tXn
z2iq3ppyTg<9k=a}3pLk$F&-X5t=>zhmd8C|Q_=zl6JLz(9G|obyP}@^hcOako$|YX
zdbT=hsIQ<#G;rFctOa(~{@+4CZ!&4l*nS?1nzPWe)_}^WH8L8tJuhH?jC#(V@54|H
ze2%)W_<7ssBd|5`o2a2Kal!Aj!ttmndx9Ob|Lb0~5!i)lq4SFkQAyOh+PA119-z*N
z8kcO1OhLVXTtJRer|4yy+fJzb`%zPn^@=rQ94;aL1a-blxXS+53Ad5J3A~3B@cV0i
z_YWB4zwYPv!R%|)Q?B0)8<EYZRsI5X)P~=*ld?MMX*vvb;vGRP<~X-(WNM?PXg2C-
zzH^KHuY)1tw*79WF{UEk2g7kX>iTBX{{90aG0q*^jx|vgEXAt$8>YZqcWp|lpdRb<
zQ0GgOdv*@g_ndw&Xa$}jL5nHQueJzVqlRuHYL&;jZ$sT4)x)!>>xqA}>%CCh@)T-{
zqCBvQ%A=kwBd|N(!>m~AcdK`BkU#+v_Mo0_e|Z<OKC~hF8kN2gwKg7MTg>pt-i#)o
z9wwVmQ}hpN*A#ec_CTF{>#!?6!n9cbi8Vafmw@*DS)7RZ|F9wd8MO`nM$K`wr?&d@
zp{Ayj=S0+jvL3aTLZ8{%D1fPz549M_VgO&F8WjJz`wR&>)h*z(LCtl4)Lj065%>X1
zW9k>y^OmToI)pw<@~4epa*RW~CdS7WsH3?DPQ#<9ZP@Uot&Qc_PW%5Af#_Ul@X9W<
z!s)~};#XMuFTeZWaMq*V`_sPm4kFaKuoyK(Pf^#?y|L}p26bMHM@`LM)D(WeCRq3_
zyMp?i83eRwuAzo1+27_!R1cnEVJ!2`-dYEvcEbwP)Eq<g>@{}5lK<F=w+^)^-(nWb
z_1^Apj5@GJV6Y{D^8}(|?hlr+5T+sC8a21WF)3cd0KP;m!ubDM5Bs8~=zG-ueukQw
z{2y(V7eY<R0Mzc8h<WhBNA|yN@PD#7t%_xdFUCxGAG2eO|Ln#>s8u`+wf&x<o*9)t
z+y0(|T0@Ue52-Z#2N~`EI;b_Z4|QV32nluX?;R2hbsKP=1ie@!^M$$<cSX(7EK~(A
zaSxXChq_O%e^EnQGt{n6K+Ww{R09%633cBMtD!19i3u=Y)KGW3S3q@ONRWU|rt8=W
zvqTGZ7u7_}O8hG3L|<5_J7;-N4IS>qFQbM&ee_Uwv35X>=mk{Ilg9{khkT6ZY1GIj
zj2Y@~`(QBwsYqCcI@9-|&hA&Jo)?W3>Yjk(@h0(K@j32|9cu3ZaYEgf$-Ah7sCL{?
z_xV2u(-MDyYDk=T`Wr+1su#5eh9V;nbPf|JPC|J6Q1@xq0+r!M%#80)LmfyE>i#yX
z3C1Pf548)%qIS{uI2yAi40V5k+K6h<71ZKQl_=C*OZic|tu-droy!R5q}q--@G@#2
z`xA${Pr)*%?Q#-z!X-~)Q&a`DJLaIa>7S@YRz9hX+;mj>UDO*-fn;{y1k{vX!4_(H
zl;l=nJ8VaM1s1@t6gF2SQ6ta+bs{cB_XNZS#FL~9b<d5isB_{f*2Z|Ltim>^HM0?W
zU}$QquP+AEldy$=-dwI@V@#7K)ZJzSFb?sDm<!)x63mb`)O{N+j;e4nw!ovPhGz&^
z&zqvA_9xVozQ6z$2sayqhX&n>`;(x#+JoKD7h&<9*qr!w%!Y~6*$|gTjmTtdipMa3
z>C%U~50`SNh7Cupk)5dX;5HV*_!%s{a)zJ{MOPBE`qyJxyo(x<&#0c2%V<Nn0+s#}
zwMGhLvZ3wcc>=Y)(qy&<S3q^37it90qo&Ns66*dDkA^`4dR||^Nf;|@sQY8|Jk+)+
zo6TCh5w#m0VLXhN-Oh_}Y)5<~M(R51JjtBH7To~US~!iGiZnTG@ij#~_Jb1%OeXLW
zHAlm8+5SI*1Bl1T9qRr;f^pcJcxawb_a~SExRiLpyq13pYH@x-jaVR`ZMPt*W9xAy
z7Rhgm^(=PP{x4j>hJF>MAj5S`iEmJ6f4qWrw3a{>G#I;JSfNn&ht|G0nD|Gmh64)Q
znmB@*^Y9{}?%QsC)Z!eBT1!7+6Yc-o1azPjE@~%XCDhT|9`#tAhQshCYJ{2;vjb)s
z>T!J>wW#tIw>9w<wjsV2b@s<9VdeD2p2YW~o)LLVhT8xC-_8W|@EDH)Jc_FL5o)gU
zma+=V;t=9rp$?Wus2-Jw40Ydvd!rWDHq`yGOWUGrgnIalN9~FQsJXv{L1ipjCe(eN
zkHJXdPw+>~TGnp3i7GfzIcvbz7@zoKEQKFXCtuO>w&=#<MB+EFGPbW^<!(eR&X=h4
z$cpU$z62&#wEgT<vbidXTGg#kLwN)nVdlzqw2naa=p1T0-bbB?nW|Vr2cfp}1&qYd
zs`gYYkBU#mM0mDp&@TK&LNOAuRSR|B**c;Qq=h&f@8f7}Tiu=okFh23LN#pl&q19V
z_b?gqV&D#Sa#TfiFgJEYof~sei|}fYfTqA-E7Tc*HBb+W^Qa+8U)vhg4fSwZftte$
zr~+fuv7@+{=Ooni+o%I4NnN|Y0<ztl!B`rfU=|E!t7iv7eboLOjq5Raee20lOi%nS
z>SPOT5bFN4oE=rbOw^q2Lp>$qG_(V)Id&&L7pr4fqfqw`IyFG$zl9up{P*9+wtqXK
z=Il4jk4c)?6jViRm+7cge;l>y(=@das)uUWVyuNnQ6rGFnVopGFb(m^7!TLuNZgCr
zwErWUhq^z}bV1F{6x7h2K^>W&P!$$!VT-Z{s;8Gxt3G{8>v0ckMSPuStX4KcT~X!D
z!3=l|wbq_vdg^zwv<`KDYh42q6YqpR9EM>y0`*j!h%N9vY6u&(u|>EBwLQbyhPwYf
zpe3q-N3jhiZf8?A0CghXLyc&n_U!+h1ga9yVj6@x$<|>#{0*C7;SQnhZ!%_KKjQDO
z5_aooL%kif{a&IfF5AhD;%`w6y^A^za&@+fccFIItIq6y&2^!#timp+*X{$T45_}h
z#nT4o5dRUi-z#;oA)kzSh#yC-?hmNl)2XW+OnWer_(yDrCA!&~nT2{R-|fc!*Na4n
z?$)#ZxQzG<?2FTS*zSnh(@wksIDqtusE5sd)IN^g%g&J^s0NI{)_57U`U~~8{9{lf
zdl9t;G6nnC>Tin`Nw|v|vP^yLNbZk%h}^_hSgxOq(0ACDxYOTuMLX<8bQjLT90Tm(
zbO<99A7~A!g<7<WQ4J6NK_EMUB!g^qmqon;u0c(KZ?NrxN~qm22G!8Rs3D9s#1`3C
zsDtGUYL&+wYTK>=YJ1j0?Sdhw^JG1;7=z9Q??RMe_D)s+vy!1PD&uHOgljPz_hCxB
zhY9f`YSG1GDwAVN)OH={P3=bPO#BI|oVvs9Y1#?9X#Y<opq76`ZHtm4tml1EE#HkH
zx*ml;bjW@z%--bBk2*#9HuSR#qH-#7Z9d_Rg!M@i%AcZ(#*QLwBKb0DAM;s9K7Q5Y
z6jXtHdTIZEB6C49^Q#-@2H|XcwKyhH*ko>Q&rK^y%SfJn+<3sNWFPS}gp-lC2-jm0
z*C!V8hoqe+gs+nSDtZ2)41Kgs^|?-6Pe}{%XNBEQJTmt13Lfm4n@n5CRNk_<e-TB&
zL!=$!KE1BBBF`|snTbbI#y0QXD9FEG;&kF#9P-Vkf$<rIbI2dMbw_+qRK|Za8J3WE
z3H9mE#Sg@JZaAwf>Hq(4F0Y5#DOevpFIJOQj(hZ}PZ@WJXQ!ge#1oL7oiu*2;(qwE
zu1;&p{fRu4Ntqgz@lQ@mr;uR--#@wdf(xDa?jRF?P}!O3^++WoB~J{}Ytevfj6zl{
z%{^;KFU@x`VSQ4NCoT7lCeI7P4ZH@Xz#qtW((Aw`e*eh-Usrwy#D(14FoSS%Zus)4
zO1y#BfMIxx{Q6X)fPCcRkBYm0ST!3x{)zA)zK6KhmAw4&#QpG3gt?ysT>J9rK)K<>
zgL%D+x}fd!<x_&fvw9VWcm;jA_JCgI<XUy|Wa8V4Z#*yWmptLbQ_(1WI#b6x^6VkJ
z8xK?YTFN*Wh4~L5vWstSZ|J_|#{9&;eE9cBoI+mwH8)T3dXbL&Rr&h)E+g}I-u-`(
zKhn!zowDYT9*28s@co<n7kUNrYemQBWB%iCLkqrNK5e|458yH~={V-kp*vZLuOOeE
zke4X5nb+fADKsbX&e)y&^T`v2hp`^_J@d+Y=T#6Oy$;v)`6tLt`tUmDBxkrXbFnO6
zeUhmGd}C3FH<HdM@)h>3ub~0eyl@h1Z@0Ps+n);3csE6(j#-q`n0xi%Vd%8t8;|th
zXA)9z^BKOMN&LZUP*ZNurwr-5UpN_vSENuSAE9C$(J3&7HwyWwYy#m6x`|ID-@RTh
z71yVuS7vX@oK4>J`a3PzNnAxn{;0nD2hf`lpGgLNa^MlJW#F1V_h=k{0^eCp__&*5
z{}Y?^2VTRAkbf)<uEV`;`Ns7cc%1ZO#PtrSPi@i%@$U~gK@y{KQ6In8LW|k|7UtSM
z?|K{Zjw3wHt4ui(dEsbOx|-|yoHiW(dVq6>imq}`H@-V5f3tTjHzU?MNJ18FszV`@
zyk6cXexJe~aAQNSz+K$@E8*tkOG&;TC?u{ozg~IHYwk(OSD*2en~(hbeFi5L_l)ow
zscUU0>n&wZCQSc%8zIweT<29*o|~JHLGSl1xyG++olg|N-z9MW$gS>KPh9VGKTsk6
zF~k|jSD#(vna)?Ap_J2}GAr{vMLaL}+#|e(?<&F(VbouO8+Up)=O$4few=fb63#$)
zIoF1J*JIJBPTZ`|ZYrru1&=MtUr?|>4Dya7-x=aLC}%5f@J1ycBleq@@0?pE{omjv
z@G9s2rIVu=;oUHW3Oe!4<W;IF67%K#)csU3-2YucrTPq@;H;Ec(aY10^kbx5B_86X
z6(?;a-&1-N*5zA38K_8~{(N^34*x&%yO<l&ajhC7vx#qY8kG#2>L%|qowUEaa@J8<
zChplz+23$Iq1TDb#Pumb`N33Fe%HHDlpC{p7nNZd1>B&5TBP4lg7-N@p%n;EBz*$+
z>ob@z|HhR2S;9R&!iz2H{@zHzYm}FceD(S6B2Oxv|4XTGHH8!-akp0hukp?WGVCE<
zl2)eW`WDjik;lh3FJJz9m2-wX`Yh)9a>9Smun}Gd%9CGD*S22#H{>tLIDN?%hcZ(W
zU&4QXa9&y&P9F-5;M>D%#B>VqbHiD#4<Y>(-^5g)Pae|sY3~`E0yl8IKlhgM(jIw@
zn@L6a_<m=%xc_^T|LsNEN$vl{1ak2GmYer^6)0Cs;&ExjzkHt&Z$h3gpVk!Kjz~T3
z*H63pj3-V1K1@Nc0f#ATH}~cuk3KO-e@@y9ua4>D4<?}H`b;IVf{glU<t$-+?vZgD
zCgH0eulT9S$;)>-4avZ@rd0OjlZW_bDmck?eKKJq^2I0ZZ^Hl6c4r3hm)5AHP9hq>
z-<WlJQ$QEKBMG1L%{VYW;f(Y1L-o}e)q-38#xSqBiMjn}uT1`NIA_1tl!W9PM+vw1
z9-|wvaU^MdFoZl=xaTJ6QTaBdwpCo4qxSO2Y&Z!>U*HXal7f@Sbi}*3gNu{+e)-&@
zA&V$H9ch1g=|{OZhHrGQfmONAkJ3&#FJ6IrG7wHm`gZR574LBU%jY)NDwD_i1f8f}
zuaz*+OFd1dCtju|^z1*c#SgseD@n^l!QIqTui{4Jufq3du0``2`#bRm<ZHlv`ce3d
zcfWoPzv<>-{4>*ltX?B#Q{YqYX62nmxF%`QC^QjYeJ0SGEflIxVth*_MY+a*vvof|
zbNw#gXa7^qf8^QBw+Q)8a?c2Iwxrx!K`&DUA{D*xPQ2}fFX3^n>7yS}uX&YpBwUUH
z|MT+cI)72n$w<Zj`}v3XR_;%Y`}p=E&rYwr^fX3iwENjgWDW)DR}S&X@DBw)#yq6y
zQ-V1EMbZg)@k3riPLYRy0MNNco)KK@>@|qL@#^gL3ZKHY=U*Cz6Un~<^F-r}Ovz1C
zNQh(##!~1%WRAhbYJ4wKSY-<7%J-<(>S^SOOS~S}7jW+?@@(LKeMS&INcxXnybbqs
zARLc-P7q#?(Y<o~)K^_+<aZ=qprEuQ{7&XF6flkW5-Zb5=dF#n+<1;}eXm#LsH_m*
z3|?i*{tIR4(~-1L^71biI%z3SpE+DB#dkaR_vYF#(g%NeNA5y`pUg2Sa5&#)UL|&`
z{qG$bHJ6*(dzC0PrWX$LD*2VP&ZK=uSyL%vE%)%B*qz~&uTLYs5v1!^U-|?GknuF%
z9{;Dp<y_3hO?SC@8e#p*4pV5@|9-Yocw?@o=H7#RcXCnxbmava(~9_g;>$6OchgMr
z|LQeVNk3A*d+7~{{RrjeTb$wMABc2+<y-=Hd6lN4qFkzsJS8aT%STU{s$QN>R2GGM
z_zU1pF}|0{|K*dyyJr#!-N<u;_&fcKoSq72P(Z0KIgx)`)A@v1C?r4EeB>F$Xms!@
zQr3bL@PzC7q~V&6YiYa+2a&dkGGdV@0`<v28P^HNB^;o`Uvcl$Ab~%*ncqmcpY3>w
zcqMN9gKs)+m`9;|Nl#09X41ZVz9PL6ku;=TqOhIh9pW{xJ9*C%o=18g@|F6Z``&ns
zo=bjr{CyODmdIl=j>B)r(4VyJ6!PUWiEtIJ)x{k2WH)*B(eKF;Q1}Nb%gBABy$0x7
zRKkn6N1ux1`Q$ZXGU-_;r?U2c86vg*=cW%7T$PI<6!r$o(vbb!c+AVQns9W|UQy`!
z|GDog(j!QVL4^e=<2~WLH1sgeqO32UGu*2WzrA#tM5F&FxUn}GN_su|5&My*&vYvI
ziSTjEOk?!PfdQ|;SA^$!={d<)$P4%6`gy|nsN@Ov>fglEr!QZAYw08-{#pqd{|$T#
z(9#wZkjQI<u1)b;s_>UjTyFfCg7<T69N)v_Ux;J827k%NKZ)Sfr{XJIzxXB5Gcot`
zSEb!ga1WV^kr2~MxJ~$fKMAOCrFTv3`I+!y@~p=TT-!v&O}X$R<>*t1YpcBcZMl}3
z^d?;Y$hAl0*Qb@|1HB`cp@qju$j>)5qfm{Tdvar6(vR}ZNC6#4YsU2hUgP56XyPZl
zO1BZOM!~1lLOz@L4)m^l{-2Q<%smSzD;wVte9P-+<S(C1B<Qn|!oK4BkOKC4H+SRO
ze$xK(D(J|yloS@`UC)NgiGTS#C%pcD;<34&k1`T*Uj*gc=X;%ScGbUwjAgM8iTbRg
z*ZOSp3bz=Gi_y`i0QnaG&$X;HsyKxo!lZoHdF5;&ZzIYsM%rG&r||{fx`b~~$5;%u
zqM)AM4aA+EwCWj|3h`aV%^AFFb4V}3H=fssHC#{6wPbjL``%MdY{L3XAbmLgNLmTf
zhH~FXZ#2H6p?!#ZpP&;U($l-B#OTE5abrtb_<{6|cpjfp=uy&ZdX-!zEye%q>s;V$
zD%U^0-?i3U3^NQG#wE*TsDq4LlgKT(P44Ox+Ge(yVP?-X7jaU9K{P}LuUv}Ck?A%J
z)-WO}$F16<=qi=NDNZ5jM#uTSYrornQvdVxc|5n@b9vYMuC+F!jbT2;_YyhX(5q2=
z7Wf{-KBHC>^cAq8BWe)*En!7Bljq)l7KxKkI|JzII(hV}7*vFBDzcGo+M9S=nk3P%
zgn=4REDKhD_#TVwMQjMzmAcNOstA;VzeG2F9({+d7kvH(G47WvBoT-Jpy(t`{)OEk
zXnOei1kXqKBJ_$1(G`74;S&tA9!>`T7E)0S7S<L_YmHOB3)JYtaJT6J3)X1xdK@Jb
zUImD6s_<A8dKnH;BJuGUx9Z_)6Z?zKRhYZ5msM#r7knH8yb0zj-E6#;%fRw8U{9+0
z+f83l@LpXgibCxf;zNAB)T)rDb;C9Im!scI(f4R{7xp9Y2yjcu`<3F!y3VH*S3f5S
z(XS{E6WfbyNY4Aj`Ma8))#}ek$5YI}Xh-pLNU4iF0caKp>gz~Dl!!hI{|n$0twi^d
zAJ8kiL=8o~sG&aEmm*sr<H0Fv5fq-i_*@D-e`f2Z_Y(LKZbHGO+E<?y_t6c9<9`|M
zstexEKu5sweJq|CdeFZU|3>G&rU%mPJYmFkQtLjX`ev$vtGe(`3JwJPxklct8!RLK
zE5$Zo^L-uHsK0Ke9Gl=A3MQ#xkRBFrC!D462XVcGK9O2$R2=#^C=1-5{?=iIt4J8D
zhj{|oLl1Bdi8Im1;k!uET!#4tdy^i(#J>o?fq$MF61jv13FuR(c{9A0`0ijs&uQ|a
zuMMxSe=CCP0DeS(uQBob1dr7TKj6O%Um_NdZw`e+#7`<+Dke5a7kwZ39(;;H_99mz
z6}=P`o>R!@wSMjX?+0itO_#!-lXQ?(%|nK$JN6V}_rW_EVmyr>A=ncCbhwBCZ^0gk
zoTeMT4_479)Tz!DR&*Tw61mIJN23>PAo*#M6ip=XCB>Vff1y{FLR`^Ez>2mY&)}P?
zi>F{eM~<S`kmsp25q+}jVJNVFW1!EGcaw9N_`~pJ^hWAuWIc7^W4g#jf@Ofi8Q^&m
zTcP(wpM_peV|$|C1|QQyt|v#)2XFxWQHpQUG3D=yF9{i^drU`v8J_I^`3uT<nkf1g
zz#^Jh@Dv&p;?IO*DYg;082K1}MO$^#7qS0ItRGEn{M*RA6}z5pwv+f-{Jp>*#TO2z
z!wtZ=`yWZ*IEC-Q*`FfM!rADLAQgqNcaKqY1vq|Y?|B7z8aW?K400i{`QW<4i^<`~
z>7Eq$A8;F3Q3*MU)K?#!4yqn6*n(qvHN!PP#ZEEVmoPu>cBuql9UWgsfp@Xzh49#l
z7J>I^UmfCu8SX}6Kj^rRJ`aNX7u-YR_N(XrWCBBRS~!<bL{SpSohTBbsXC#L9#;9g
zGu&<JRO=k&J4k#X+y&qJ<P1e-V?O}4i5^7Z9@llwg>nDCN~4q7F^}M7^m_VsX@g#a
zM3Z7`;aEM$Y;xjt<9`zW8J@2jJkIbTdQ@W;;V7ooFXTT1t^#=lR{y}a=K%tKouvL6
z!4~Xmgq{!ZH1Y?Etzji^SBdvV|AJwTlRp~$GwL+}lMe6HSMY1}U$y=lwMOcpRF8sz
z1na`nDDVcLy8xV{NHb&ycrg4bu^M2u=)^L7jln1yN7Hl2QN%;k9bXE36F3uTk@o^M
zz9FYRJ<{+iY8L$8EcsZCF%e*hI%_3W`AEEkyj^d}<0Px6_AreZp^GUqUk^2(hCg86
zf}KKs2HYK<0f%T07@>au-yYByUF1%^ib7pTfolWoL1IrG8w<9NzMN~dFAsSE|2+H`
z$t?u`lWK@R0@<0^4d^XdL^<*Ue2Sh^9}@ndjXAog3Ot7XI<W(Q<5>MMd~f1=Tm_+D
z7^)lmE*zraVE0q&O&s}Pvvl2V_?uH>GT5)R?=qM=*ae4Z@;yOCV@NuIosIr8!8hQ0
z@wH>>mB@z3A1DxqUr{=~SnN?c{|LFY@QtP6v*=k!Mb+VGI1alZ{#<f$kWhgqm4xa9
z9-wF|Jgb8N&sWGTa4kLY6)?NFw7all!8+)(-5R`Dz@;%nB>W(Hrry5$u|I~tqlco!
z_#e{42R-cn01_%;MY%Lt1*nLmLXtYdZS?>uzLdBiHXW`{p)lgp!GA%l6S65>uA3=*
zJMbaet$X|j-xyu9M4jYl0-JFT!#Rwiw@`d5@{}%=gx(Z>2kr^BKk;h%ZWyPl@1gOt
z<o^VwCj2R^ez1NFzoPeuy@6b<F!)*`6&2i1lP<bZH5_LMp4P#YG>gQJqR>z<Z{xoa
zUmC-{jlTl>9gY1faxK2QX&eKloLY4lbOF8z*mt5UdSBzi@k4w^2Feng+bG%?P;Cv2
zr(v#I#dY))*xL9?!LI|;Jy^&y3;$f~XR72pO0BCjSG1stU)g(!jZ(k=A3$IUiHa6b
zWEchGby4MW@J-k8D<tjHv4MKf)(Qh}#J^BCIg9?Px(eEE!LT;?XYt>J-W1-a22=Y#
zM^AVsO#%dJ!8f9-`pLwi7@!zk(IE<~M79TWFB}doPUow57vhS(C3!i`SD>FHU(q1!
zB>aWwE#a%^s=sFq1$I$rkTRe-6zPZzknku?l8L3FCn8sql<cB{zX;C8)A+ui$(>+6
zLjNAQLu0m*zX>};A5o(Rd?4s6@MO@eAI97&t7r>)Ej))}&l6ih5k;fm40sp35w?lt
zkpBj`>%fNSFbx_r&`I)^5${2)GlTX8&?4B_vq$Ob{eKMbIQVOTec|VHGcQ0jQ#A@b
z2G>LP5^oJ(g{Oflpl}?ylK`qe$~^%_(MJ52$$uJs8*&5j&xkh%dr=h)k-GlvD3%TA
z7J?&?%XRP{$V%+H@ONeUrVP=JWE)-Lt4gCOUXNHqoM+MBL*52vG&yImhaguWU%>w%
ze44u3u?vb&&NDzA0Lv8!dnnU~s0~Ff08}&$y`$EZy#(ALa`Mpk6WfZMNB)!eXQ(`M
zMNgA62Kge`+x6-P5_?;H{!?_40Ti7jX^(DDfnAe?{>X+DoJ=f4tHGDS={Sbqe=HP0
zZl-~yv9E%utMyOtXTh7`o?O8o(SJ4#KdDl@gr<s)FyWe@>i#;A#GAqX1mDL%-LNCc
zI}5HWwxWLcVv(Jw@o#)y^cCpS7(~%A;w#9hfnHtpQR|PPKn?hI_&mkG#W$IRzXIH-
z2ivaY9mFP}|4k2x>8VdqMT^LpjQ<H5=OYhbXMjC}U5eZWKLqYRJ<L)31^3~2i>9k-
zK9j&n>~j<x3%D9~82)c5_BM7jdJK9;5<~Pg*fH8}s^u`S-;sL{_}8modz18nwx<vq
zr+)vp7v((8FDdjR#T#LV=rjBu=xJ{yehMC`3oJuE2p>{Sz+~vWG8R(;cY@<7bRRh<
zs5=#Gw@_i^VYg23{CWCf)CF{$$=^kKkoS<N=rsxz;k$uD(+E2Z`x0_8@p|MfB-RK0
zEpo!JpCZ-<d#)ZF(<Q0xhr!=MtunA#y1!?+4)!8=iUyg;ZU9D-dWRYc-}~5uS><r-
zN3a!rjGTZh#@`XXOrD})U|VC4h81;Upz-v$i2WUyqdI@I3ihVpVVvLKoTC#Kq8}tl
z(QELB6uh1y^lda%H_g0;DVtapW=7h5lk8Rrxvh%FZF``%H!m;8wW2)sHS$jJre}C3
zWcX|qPM?sU=lcUDEh{%KSmxDjceT&<=H~tZlAV>4XD6got(>3h3$`o!dRv94J~2Hb
zFXVW-{HQ2Cup_3pMn&(kLlsv<an!DwWkYt2i7fke-*i#7a=!>G-t|u3SbvtSn)|((
zK07siiqBv6%R8rI%PyW6R;NkdUPJA4e|nysm!-z(mXOlQp2%W+Dc$UZ+^DkN7q>(d
zkG<TlEd9z1QC#~!zT%SqEG`>+bxD{L9wyEkPP0fcCd}CtEgm(C&wp`)lN~G0M9JNa
z#9U`cV{yA#kdmI0=}*lWpONCtw(rl%&P&ho=Z>}SA2odN*r)-1mgDzk*n`y|X}*kX
zRyQ##$L<@<3IZm2lex0~6kBK8nciu3a+=ql>a!nC&r8e7&$InmdFjc%D9?y#{ygv0
zZgy&RYTM*AU$V2<7QPw{|Hl;0@it;YoQ&!tV(Lyz&taGTZxgfp8PlBZeZ*gCJJUyr
z^`idowpTS}+I)XXl+$F4cttc$_ot-$Q~#ff=^VUQ1Zv7lX`-3@Bu$)=(UZg?XXYdk
zXE|klG1!tFa>W$6Cs*`wI^~I|TJpC-5nYX)$<0e)jWWAX)Q!c=^JQ{WygAcs&V$eC
zI$P|EkS}!+J>``m(X*}^sLC4D(T#F$TOjrsPUl5pyCvh7iYrc!Wn#S{f0m-P9JoR(
zjByX2KR<H<JCKm#yt6`7#>l`1QQ{Q6DB6iwwvV$og=l7aZZ4~I$~TH;5l*d5Vw-4u
z?Yg)J%-zC=@_kIGy34bh#gbU}25=8yy5Ds>Q_Dn-a5`=kkDJokE<TYzY!?X*|8%`i
zIAs-Lk6A0(=eDx*b25S{S-Zu4!x_C-L<`6NrkHBVL;FNjgdH5sIkHcT6>akJbNse9
zBg3BJ&B*uVa=>k`o#RW+%Has*r29B@DQd(_Z=R=k&#`*4?|yN}>3l%kZZu2w`u%DP
zb9}k^8ESWPuD_Hr>yT(x-<y-1rf_O~Rqq(*$wT5;_2xNw<CA^-GSQcpoYsvA7$rT$
z&gN)w;Dc)!|DnhfExeO`xN~zKR?|()$;z}_^c^sKNK*gd<JC<uerT@|Bb<XD37_c<
z`b=CBa{cF`t4uf{?r;{L5PgI^`-S+)`RPls)|4-v5<8sPr$waUZ2ek16CRVC<@fuN
z-MgF1FYh`hI^3L|>d(sYxsL=I^Tbhi)-_;SPF8+unw`{ZNI&`1IZ;Q>IVTRcz?#mZ
z$aWt`Di*vj`FUwv%=Bchx~ZL{^J0Jqch6ChGw*`%8aFY!n|E!2YBhhBd-|g2EhdZ@
zIeb7;|LMV#!&5hCd!}oDj?dj$npWA9>o97{pv(5=s{2DdFMU(9+0R@xWXnrpwN)#z
zZDN<Uw<g-{yL9W=zI9@I=g2SOf$#|ZpkLP1cye5zv~pJEj6iu{Q)OZ0EO*DMKA7#m
zmcXvcnP3V7y92LR76rE3|2w5}PB6hOwQPg&<jsNIG}xv5fi2fJpy;m388lY!1G%Ta
z6(1HnHEo2k%80F;&14mo3)GB3KmT}Up~?FoS~iR{Qe|v&qpstvW(+dr!U&^|Gb7sg
zv98muxlv-szxOp`oJlQ>&DG?DL}RX;dC6=Lp{H|>CmLItIy;9OM-ysR&J1i~I98@6
zEni-2Hmd7BsRNr;Q}woRUlY#asm7jI*`&yL%=vYJ(ZrP5i;a(+gHIVXgwv(i*c&C*
z$;9u>`tpq*%`oTgXN-r#<k0m-6Q{!q#==Oa^(#iFFu7!^LF3Jazn(mB(6}tO9A*jM
z9x_tHYgB!F%S{2J-f;Kz5m>^NXLlHGYv6VMD|csQ<egl-`L1I}@ZG|8Ra7pz_Ff4*
z>t6a<KzG0uHmloj-jG0Epv>KHYB`jlZsj66EMTt}*<6mT0Z0D!o7vE)TqHLgHsYL-
zM~rpxf1J={LfQU|(Qx^<My&JmS>yCAvR?zUj#wct#GCb7sn%?uYR}~jY-OI!e{zbP
z&l;FVTT0Q}tRo-XYu@0XRhS9xnya2oo5gNbzmx{HvsT9D*z}As8aN;HGaoTq1$R(y
zB%Kzqx*aNG$M1Kt-vD!kE!R#mGo42!nXd?W<yW)1bTZ5>@~u&3EopkKy7K4FR<x|~
zf>}exjWXLi%QDTcBAo5{W@0sGP=VQ6$n7)C`OdbPW(`}mEiz-|nz?3l<mS+O%=@HS
z*LBH0N6lE-xs4U$>|AHQS5x}#wi?UB!tB2+VD^?po6Mz6t1jtJ?=a`a&E{oG8hxzZ
z^3^-6NT<Rvk5-e}2h4E!;U2T5Q){nzo8dh7mbo)bW_K{cWbr}s9;fFav%jcMb#+*{
z`f3y0J1$VlJtr&QG#kqMA2Ony;=^W96M0jv73-|}w^=NlwC~Jlqk+2K+@9Pb?$)`#
zmbzz6w!2_9k*l6C>o|WuZ=Q~Ee!gn%w&H^akjq}G@B5i_a$k=#E}3;}{_b%TD0OOw
zSrMYSd!My(H<xCdN%uqs%I(n81Y}&eb;$@1&LewmFl?u!nzcOKd83w9D&&gVR=U%%
zj&;s(=EqqRA{(;cO&qpTb!%77;t-VD9M#}M<eM9<Jz>tN7S<rc8Q99&5H6dCnK#r+
z$Yq_^FEt_8IoZ}qHwprqDd}*gD9TNz7P7#`<jUCiIg*u+yZ2|gx`Q^`JiEBitOR6W
zYa83O%H2C{R-l~7E-IFi=kASrrd1s-8_}78a!>G@lU%MIgYwP?%}9Cm1Y4DrXjKTg
zHOXoq1BD#@^|xBPtZwY9o4Dh;<D)OXJCb^UI6TVTN2)tmY2}<K>Fr{5lg4VZwmiSa
zjI`X{5?!rk@@y9?&UvScH7&kYZXPeuDsOu^Gu?<&2Q9qTJohSB(Es(|_3b;%T57ao
zc~0=5q7GfDyJ8xv?REa_?f>Bj%MN!s{nct^$zkKI0y+FaYn;QK__E;~PqxMxGBL#p
zbNmynl1OJvmNh{*7qYDq(|I?~8XqmcpJ_F!rXTN>h0>m7O_#IE&HB|tFC>nWd}yu}
zAEow*Y1AWbQ=ygMl+Ci9;btzhZj{5;8ci(sQ$er(MhAI*wl!GZvB0|5`F^(bq>!~T
z%;*}SJE*eIPI5BmS_dsleE^W6)NCN19nbwZpuf?&{_hv9J`s4P5A8oh<4TIGdd}n`
zYnX9|e(eW0Pi+d<$bIFiBeH`ofBcBRrBy57tsr})a93UT=|GJV-{*HV^oIp?AMh+x
c&tURP1KWZpRvqEsja&7N%T2dqq18R&zqUqrR{#J2

delta 52116
zcmYh^1(*~^yN2Q3nZ?~5c9F$h7hT-l-QC?8+}$m>2MYxEAW3k7yF-8<l3;;A;5=`C
z&ABqyng6b;t}d_Y-VJabj*9<&ef+?k_`!1=K5e5qPD(6O+Hp$6aGWk<mFhShwmVLC
z?1)8h9!3pvoQs%*_^lru=U04-3Gm<!$4QF6VG4YKX)wx8i)TdDQ`!tTEePZxVW@Xu
ztLGWd=ic=wyBwz=`3j@*_rfx`8gt-ttcb~WTfWw)iWVXLadu-8Jmz@|lQ{uePCyxB
z?=iD_R=}jBx5e~0%u8SCc^Ko7ejBsm9~g!y_Bu{FEQOh{9jcsZp6f6s@gta!`kk``
zG(-<E5&HL8JQ*ruIBF=%p$cq;DsU2}##I;>k76vmgo*J1s$(Bf9Z0<2$}fVtUK0aq
zaR&m)aT;dB4X7cziYf6S>IUb4<Ag#IR71m2_f_}o<T=K3ndd&tNWLqmDfog3G4Vmh
zUp>fr&<d*L*%sBq;aDCQV0^rfYS>#;!<<7FPlYNlGb+8fm);nQ5^s+hfmN6Se??8*
z<3j-p{7r&}Fxp|q$$-f*HAY}`Y>w)AC#;T>Q4PC=`7!+wEhfilgc{L4sD>;;jnHlk
z#fz90-=P|mH1LyUEQVP~XoSiz2AkqK9F38W+6|L1g7{WcMSr34Cp~8Qi(oC{3osY{
z4>fYBj@t<3LXB)$)RYFAc?o^J3{yQ<qDEjh*1)T%o@6><1((Ly#QR_>9EGZAIcg++
zL=E*>RL`G##{8LeLp%qvm;+7+0_jPZfm(b!F(W=i6%gYWYjH*lBOZZTeC<&U8j8v{
zA4}nnSPcKhf|#GvN%^{BUL23=*nUi_{eP1{1`@uYDoB6QT3i{G-W4^(voIa*L^bdR
zhM@11O<_9JB8>3jb-j2m)T$qcT4PHw6K=)y)bCs;pc}uSj?e_Bt)h&mmR3fMP$w@w
z&2uwqXwRS)+aF$f%rmw|vZ6ZF1>Fvy%Grr&@FoUw68J<wJ<EF57DaW`khMcyAAxGf
z52(d+9yQd@P!(r8XXzDD6}3WDGzL}C2F#2nQTM+^)fekL<6nqC?(;T8olq?vi5mL#
zs2k2<2>y;SG1>*kiGztz@i0__^P<*9HH?96Fc<bfHFUY>LCi+{<^{%It2gRz%qNCn
zTnxHsa~vO4Kw->>ov|t|!wUEcqXn_hE?GlLUN)<t8qgRua_zAsj>UHP3r@qFfh&%4
zg1{k+tPEGJK~qp8@I6Mu3#e6o6E&oNV**Ta&2b`OR;-V?u?$YY?06Q{fzOx&vtPHT
zWD~4GJg|m976N}`R!qw<XmwXZ4QW5r2+cqZ^%hjc`%xox9+TjGjDjCAHU{0awGbDT
zFE1v;GN{$x45=^Rj3b~PZAZ=hMbwb}gUK=3E!!RWP$N_km9GY>!2YO{YzC&lb*Kg%
z!@PJ4)v&m?Z3>g3My4ue(f%JyK&x>L#>11SZFLJZ5?@e57k0-MQC(F2UKkbUqE`D-
z)KncqjnG*y{Q<@z9_6l8oCs4BFO4aw-)Tj_J&REV%|#8_KF`yr0&k;w@)wrCkElf%
zevbu;-7pcZM~%=SR7FoP6-K&mBa{v`awRaJgQp<@W$cE9a0+S;PoOeh_WT3Y&}a{=
zpb*qh7scpU2Q@OyQ4JV{n(GZ-{32>3|G{9){E+ci19CjHp)8H6xC$1;#;8>~3k%>Q
z)ZC?bWZS7CMi8Hb<?%FX&J#YihfD>`MSLU{#qC%H|3u|4_9S2hjCsOK0|_TkyCBk2
zdx+%5a>To%4xF7BMfp(s|19btN%Ff5eHqk9HbUheh?@HeUVI*=CB7ClVkZLxG<TO#
za~JoSJx0S&BNLA4uo`M{_VTWeMpZNqwKjI5@}ESF&|OTAv7Xz==E01_i=d{sHEN0i
ziwS5>j$#&kjiH$8g$-Q^RK^~tp3Xz9iDRhkcE?Nq2cr|u_&@7F9?Va?EUE*8Q4L*+
zNpU-}$OF!40+C6$jT`V0YKW%2<e84!umV<oW$Cjq6Y*WB9^OOsJklRjhRHEEwm^;O
zOw{UMhdNJApgM3LQ)~Z!BA_8j{-?FDHY#I#R6|ChZdi?4?T1hmUd1%{KU{_}|FQ}<
zp+@E?>W%2G7k}-=W52fYLNPh@J4Fa+Na|rJ?2c;rHjIP6U_88r+J4V50|vdZ#h4K_
zv^i1NOQRal2y<XR)D*17M))f>!}M<%|0V=R5l~O>VFUEPa~!2NLEW$i{h08*nG{2a
zr$kLfF;s=^y!4T%U9u9jCcZ}>?!*MR2i3td?-~Et1Rj#09==8meemB_U>elW7eU=n
z7ga!KOpF24$j!x+xCK?tX)k`qyZ#APPQnjXeh$>gRQ$mBtH1#y#K6gz73bqPJcbRi
z%11lf*I)?ot*GsE0k!BpVg#1>$ByLTSeW<@%#VL!E)4r*Q(PZU5MLM|5Kf@wXPbgW
zsGb}|6?_wmVd%d$)Xgy)@$smAzQap@h-y&GFLu)9!#u=$q88~Y)HXhb$?*lMqk+g@
zt>QeGn}oVvd>pEx4PN{zYOeo5^(dVa<W|rS)zHbPHSim%;8&=rNFEeq?}(^)Mbu(!
zj5Ijl1PEw5t;H<3A9LbU)S^t{3vzo}7?s`um2W;q!K0W8PhlE-hT0v`{6X$ZXHE<u
z-Vl{O2-T2fSWf$Yo0s7uY6Ox8TgECFlXx$Tg#ir4DX85r6II|`)MDI^aq*%Te}r0F
zpHOQnP9$q!3S2_G2$rRO=Y|3p5;@4}f$cB^ucGGo15U%RC|1Bu)DU06V(8=dF%>Za
z6`zO^_=^{h#v5vF;^nb8E<)wIfq@YOl12}5ACC)Bb9)u5VXPQIPF-w*YUno1jCo>O
zgPLG#;{QVpeT`T_?#pKn3?;q;HP=^B9r=W6c;?tvPTkl+0ecFOpbTs90bW8n?d*yZ
z<TNIJFs@aQJf2w?6OrBslVT6loK8SZ*&@`*xelY^ZdAS_m>O?*=^x_-Y}NYWTgy_T
zR(&PRi~UiH?0eM6Y)8%IGt^pnhiXX11VMHZqDH74s^`;DJ^m53nD2RUe?p7r3=q&F
zs)Zpq0JUfqU<ushU4Mz%w+Rwi4|AXvT@h4IYk9Wv(tDvAJ^^)}%s}mu&7P-GM|0pg
z0Ud?!P(4qd*m_bELx>N;p-jahR6)s-GBsELHD$#-JEI!70M+mxQ5}2hnLL?o-w0HC
z4`ieQ&Rhc8|A#RdUPiU_57d5-l|0BjI*Xy^uAAo+)JSba&Fx{-_PmZ7kvpih@Cudh
z6NX}(6gFkKU0K%U38;XksEYfc9!j%O1+B#RxE<B<6Q~CN&r1(V8RWkACqy+kHEL+9
zVF7H28mZ~1#dr|4c7Ddx)bD&Gphc22mCachY)HHccEL4R8xy3q^!7NO_z|p$mC^(`
z4{<Se!r>u7PGx+7<*;C=#fM>O;wMq(MeMX}>sSOD5KzzCVF->!^>8&t;9e|=pD-U5
zOBdv{!Cu%7ucCTXJiYa_2kN1=1ohOrh8me@8EhAYqn;JrGqC@82so2S&?4N98i@y(
z7h{LnoR>mvzm}+>oQD<gI3`iPjJEi~P}{L2YJ}>e=KLP&UD21x7I{WgzB-xM|5~-3
zNT`Ej&^;h94e^h77?WkTHE;tv5`T$maQ!Tne=KT^tVZpU-KdH$d-1<fi!otVTSK83
zk9he20o~9LGhsi}He8B&exLTzzoIJ4l+B)g^-%}SNYvD9#A5i$Gh22W`c9}3U4**-
zXDk-vIPXy-AIO)}PNF8LISF_!LhXuO7=q`$_+Q@j=(%hP!cZOPj><O~HKLnPi|-fI
z<2p`m+YN<LyQn9!Mgq<}0?K#+HAG4C*g22^H3cP5Bhehy!<ndEa~^wPjlA|$JBnI_
zzI>K1A8M8NLM_JqsKxspHN{!;>xibLN(3}C-LM3Hhh^|KMqt_k_IPfM8p`#kiY{X{
zj8f1ls^_^3b^SSNv8F6!J+6e>#yzkw9>XH)$yWlZxJbAS>0s22$50QA*Is&}!a?rO
z2hC7(z8ojuL)86Ui+DqirHKE6S|c%v+P=?^iVs9}cqImk6ZnmQhBzK8qY9Qm4fPBx
zisvu_V-~lms*2ivv#~DTMs2UWC9L5MQ00w9jl>?*RJ_0l%pYM>)-QtnuajyA32Jdr
zNy|_Mwcp2}cEdi@BKjQ*VuDiEgUYDugHQ*}TF+~!xsF!a7IATGO}su1z<sEO<tq~i
za(}{US0>20#<n<un&XA#yt5v)P5y`KLBjIZ^Jb_yT#JS90XqC&iVD`Slof69R>nwN
z?~H!zi8^Wf;wYRIAaI;Ol1kRY+ZaYXYGrF-PE1F<C2B~=;AGs5nu4-b?7pd}Dcge@
ziN8^+K2ueTx5Bi<XQ9g9iJ=&{O+fqcD{3e+RI{P4g?jpp$GA8j)qwTb9B-kXaz(3~
z<vnY8Hbot19lZDq&&3#z^tG5!`+pAs9T;a(XYw=D^ZF~Q;siCUg7g@fcutIl1u!N?
zpz>8kHK-ZJz>cVgPG8iBtVWIG71WgdgSoZ;^VYQ0*cP=vSD}XT18NZ#sAY?(3+kj>
zj#}*pQETNPs;6;k+rd%@b#m6n*w_Q<sS`jocsA;(yBteXzq5sa7TFtA4^q^z3}L7_
z%ZDLYAJu~asPkbl>c~Fn`2_V&=&NgsFd6E41=Ps4K{aR)s-6iL(9q8&pd)b$YIUAP
zEsp<T2*$2w1?5CFs4{9Kx_Rl7P}_Gc>i*}b$8yyAHi99j5vzx4_+V7M>+7@s)xu*W
zXmQ;`Rh*!Kt^WL|Ic$&W!8}wCH=)+TG1O3>LLWXt&Fxdv)P*#(`|6=iye_B)EJ97$
zuMOG%n#0##Lh43VL3vaG%~0=fvr)U`6l&Z3h2^ktW9!KXRKpje8h8*jQkO9VKcG6A
ztcf)^KWe0^1qf&;yP&q;1XKY#Q3aeqRs1Jvgc3Kk23JHas=lcECZcx1F3(@Q>(@~u
z_X<@{a5HOYsAr%w0d0@As0!zz=4OwV;Sy>j-lG;xw&wPxQxLU^D`63AfJJdO>VUa`
zS?~j@;&d%++eTmr@k*FX`@b^*&EXhKgG*3Dbr5w9+(0$x6{?}pTH5u(s3EL}x~~ta
zqS;>h52&?s4z(D+qDCx9D|-rN!!YgtdIU5?Ls1WfSxC#A<EUM67xUs5)LO{XI>?E@
zj;O`90X0GoQB#zxjV-n+s6{pywKi6vrt$<v!vCTB`@h!&)WTS8t;ZQW!%+>Xit1r|
zR71yMVf+p?a@V};e|gvAwX=K~J&R#{^3_I_(+;&(#$rGf%p;(=|G~R(2{nh0Q9X~@
z-g*>)nwsvYgJ=?}L0eEGaU8Y1zMw`jTL)Vs%}{Hh3u?;dq1MWd4($Ju1YVP%p~~0M
zhPWxJ;Mu6%umN@B5mZ5UQTd~HvfYpu)u866DI0}q=nB+*2T{+2Td1k{9W?^cI|pot
zQ*`$BCF;g%sJZOq`5mf)^QfcxEo!l)>|%zarlKBdD!ZdbU>vFgdr*t`ycd7r=?iqV
z3X`E)lpj?<IaGnoQ2V<-YVoW>_2?w3r@x~b7NwgVOj%J=+6UE<si>*lfNIbgbaw;l
zT`-WOyA4T6)DX4CsMsAf!~;-6z8rOgo<=p~6KZ>f_OJ%lL=`v;HA3r9Lwz2#ZC|4r
zoUW%epcJyk0!||W8p;tEf=f_G@*z}3FHkLx*UNgE88wtuQ6td-)zGo125dn+Y_6lb
zZBc6}Pj5TGDxl7R+8AH^zXJiy(O}f`c_ymDrKs()3suooR8QWa8XVTgDk_a?Xa~=!
zs44jomG2sA=-;76Bx7IeXhn2?{_jLU6-_|R^?KAna|Lw*#_DGc3Pm*}95p5NQTa!r
z7V8%8`UBM3ar)axB|}X~KGa%hf~qfofe->q324X<qvq&;sC^t`fZY&|n)@cGb72yy
z0ozao-$wN;(m>0X5#8N@nyT)o5t)dZn$4)id2t~7KR<y#NYLD67-U0M9d$z&R0Y#f
z74AmO^+OE7n1ii??5O+|P(AB{$~W1I??5&DGO7WeQBxc`g#8~vAbf}&k&RGmp(|=m
zN23<e1}}cciw6(23JamOTN6}){ZRK!#Sr`vHRP93`97egH2yH_a9F?#)IcqkK^TJb
zPzCPBP&|(sq1WE^lr&sDEr#k@Q&f*fqw;M+-FFqWW<GlHB*SfL!ckKYs6{}lx*KW@
zEJfXT%FFN)Lx@KkVd+^=b6N#eaeK^%Q&CfJ6jjbsR09)?407+!i|SAvbf*?sYXN6E
z0Tr|bRqz$N;QWPJL~%!1#hFoSpfb8cjT+jisEU5@u3tcv_Zd}Qy3w|%i=*OAQ5_tB
zQMCUT5{N;<3eU}`A=`^O;jW?PEb17`ml9P_Ce-#Tjmp;p)u3fq8IPjYPMoneHKkFD
zuM4VyGcbhuo!wrB>z=-Gc4Jo5TsHUO6Hwdp0BVulLKWy6ZzGivwOb<4J&;f%HWig`
z531rjUOdtS_P-Wg76MuW<*^J7Kn>9WRDpL<BNAnzEt(9do|Z&SMH|!!Hw5G0X4GOl
zh^qLhmmYJHbs!~bjTD*0{;x@(Jqbl{4@Sm!SPVa-=C<%;tGE#c6Yqy=;9!i7-=WsZ
zI@E|AK{f0JDxZIf{m_{KwY>|XrnK4=wuR=d6$vVMCaQpW7!Qx2D!7Otcn7t5zoNUi
zrrO99M>V(!s%HyPC*}#%QT`4!!r7+T)3qt8A?*SLRNzq0<)|BvqZZFwR1Y#ux2dRv
z+PA$>PqnG2o~%Mm<!)4Ymr))2i0Vk@8J1oIHFeEVYauX_faYpFYOa1m4c*_Kac0_L
z%IH}Y!@1rY3*jczeNRvgjWNr9n$C`@pbJL9S*U!AP>b_0GGzhh34ypIeDyNKooz#t
zA2kwHP>XLc>c$1Ahtna{oWDdZy2x`Zo*32hoTvsgM~&E6)LL4B8mXT!kM{pv0_t)6
zxi+U+P(xZ4)#8Sz0*9e)+>FY9%Des$wM(MTvk}OJS{t=c_jN@z<U7=q9Yei<+`z2b
z|9=pOjVb0^!C6ohmqOjx-iuE~^<+D$!gHQ~qZ*cGfxQD3MIB6IP;<QvRsLnv`SA$V
z0slhwzXB-;Xbt2=71RVZmjkglE<!)vK#j~D48hl^`x7iOv!c#{(x?vfMNQ#CRD*uS
zsrVje<Cw+l|EL6#e`j-(4%L9ts5x(e>cKG7s$PyEcpTNhC#ZZ;m)MYpp+=}A>T%l?
zbprNBt(g_5qy9Xqfwz{h|233BOReC{s1{d3?c;%{^I$cq0q0PQ=nbmC1j}rSN}{fJ
zKrPbAsC~Z;^@8&ZwHDGWxBIK3I@UcvKn<9QS~PpH2wp}V81YtE#!{$)+oB4ZgnH-O
zhnkXCs1fn4v~tp8Vd5oF>4Q8MqkA-?Iv99LK>IksDyygpY6`lep6ioQb9@9f)YnlJ
z|BdQlmen>wEm7yfBvgZrqfWT%SOx#Y@>pz*Ez&VqO8fsT0nJ&wwKg=_QSqv%ZPF37
zZHA#1*KAZnPIx{-HQ2Y#dY%R~MTJqTy%Fks8Hj4oMAW&l9FuGR?<JrcE_)Z=p(>2M
z-sUtt>Uss#oOM9W{Up>>?7@Qg47GMbH&_R1pz?P?HE^02--z1Q=P(=fJMRf-m8SdN
zhP)c8!cnM-R-)$W0*2tfs5wl%(ejl?Exz{XHVk7C--GJu&!{Q9hnkuXs1c00iT$r3
z$wDALmP8F%9n=W)#%MSJwK!*?3fzp^UO#*3_fbRq8P(%ho9%io)KpeNjX*opq8x>4
z(80~@f8BV61nq*SsO=VKi_LvFs$tbo*IS|roPcV;YSjIQyzA#t9r%E;G09fDKMZxw
zgri2T6lxK7-WsqTEg?bMWEZNy>!<_bIfh`IAG{u+k9Z~25LU%V*ctVn&=WPpLr@h>
z#}M3u%6|ik;s;bY`2*Xm$AwTs*9tXMV^C{g1!`^l<XwO1rN`ZFbDj%zF4RF)FbFjQ
z^HKNjLam9bsD?%Q(aKMT8i7Co0(l8^ME5C$YRECvqI!y|AjS?G(%h(mA}|itK~>ZS
zHMgTtBY6nbp!=w8{1vr^67IAH=0wU3IMoOQbD<AvP6whYn1#A=Eox}@qZZB2sB_>h
zs$ubVSpy29rmQ|{XosLW6hJNFHK?_<6*WRPFuV5uM*`Yj8FyO&wK0VF0Mu$<fV#d7
zH8pp<>z`03V9Gr<g0)dYJr1>4cc6CBZB)<SU<{1C*M85C91BvvlaYX0+T3$2YVmAB
z4eb?FL*Ao?G|oP&I6JDxZBUDL0&0X7qIStPR0GeV8XjrCO;K9Z)HX%;_x~dZlp|p=
zss|5ILmuyd6_gTHa3L>V!;5!8^=ve%r%OF|pw`eSRC%vZQ<d_d4Sgxp`#{Ts?0+qm
zsU+mbt*9HHphhIxA!|S`R8Om*)<{p(Q9B8>c=w`q$t!G!$qw6}oEVPk`Aby(=tpdE
zhNH@Bd?aA6$HPg`c9@A;JjYQ(^b4xO|DmQL@=w--Fw~TkMRlMV>Yy5q8j)ET2{&Uf
z{)jq|_FzT)1vTRF14nJB8={7|4QgnHpbA`%DsVq))n4_|-=p$JJ7(8IQ9Uh+n)8OJ
z-7_7v7FMG=a0GMVebg=r#6NC5E#uh%wc0168nPR;7$2iXBK8T3XF~P7CTiq*qt?J0
zbQ_Gye--tV{0r5A(4Vc`2xQ6vPFDgdU_NS&PI>WvEQ6E%7wbs_Q~_O4Lq8cc=c_Ra
zo=5GDYp8AZ9<_#izXrM6IWua6DxpT8J-UDYZ$1HK+=eRnI;x`AsDmipNqcd~fa-Bk
zR8O0sR(BuN(5^tO@}E#s_q&(=3H6jsamq#_55^+i3f<rT^&p@jo2CTZfGXfu)FQlv
z8cOH19l6O-`#lS4^%p@^+#NL{bG-Or)Kot4(&L}8h8IJ1v^EB`IJywf2#iN<zb&Xa
z{|z+)pHMxGbJpJRilI)p{uqKwQH${~YSmvuEy6ok7!#eda%!N~R2$S3%s9vX*W&nz
z1P#$^)T)hk-qu2DEJ(a6s%K-o^sQd{T`WR+k_%Q~ZPcnBjY{8%YS?Skh(-U+Mk)nr
zJC^*7{jY~Y4H7hzgHSEsjB5E~)Quq*tzo$_I`ML-DXQt&2E&Q>M@``mr~~ahYUCnc
zvJuON`G_|`jr5EF0WF>%F$6E6hWs7s#%P!A&7~m5BOZZT3$-u=yPztXf;!QTqSn&y
zsJZuFv0ahVvnncIXVer1rW4Ry>_)Zh8EP@5zG~a03~G(EM6HRT7#Y`~rfd_I#$%`{
zih9i!S6)>9DyZ`NqAFg4QSlT~Pr$iEK>P9^)c#L$-FjXQRbU^Sj!RJm=DJ}$Yl!8E
zk3ki926c{HL9MB1H?1S#SdMse)NWdXs_!I*>iPfFONe&MdK!jmNGVhgd!lX_kD9a9
zsHyn{RndFYst&ttFB-K``I@5E)^K#UHEL>p#Snai$*A9nbjK3Xpn4F2TE)FlJzI@x
zz-CkrPI>-;p~Ms1wF>j28rA?+;aJonUX3O39%`GXy=QBtA_mmb00Awo6&MYFM6K?F
zsO@tBb;LeHExx}{BNOAk9Vlrrgm@uTc@4ez5Y*!S4%LAJsO^2j^N;)Nf3-CDffbw%
z)x%<_mbUcL$D<mw!i(=fEvj=Eg3d#`9*SyUKGfQ&hIMfus$=I+4Y-c#*sF&DTdk2F
zSpjKK7xJLafl8>=KLXvJcpgBl=Gz#8zQ=Z;q(e<X9@I0U1!~UwVO*Sn8le@aBlviL
zfLeM7RZ+AjHg_3NLtF+!u`#OPp{O2ykJ_fkF($r1P0<I`uHcW)yA@PGja*9%!9J)(
zI|nmj;5Y&G_$6w{BmHg}vY~cC6V$ewgqp)2Q4P6(TJ>L14a)Y+8eR_7)3&G%^+T0E
z(@WogYS2FPY5$)k;3we%mc`3h5K}z&&U93KwC8>-PW&yZ!FgYpjZi%rfm+P#QSSr$
zPz}6}8uB-&2F3iJMuh#Bo`CjgS=2M2J8BWGL=ExJsGh$>RS^B9nFn=WBh*nl8ntG&
zqAGlfAsF<^)<9a+nkj}#Z-r^J|3?u}!7DKwPoWwR=?^nAsv%WTyQMd3G0sF4xXp`S
zMa}KssPZ!Y8RY&op6Xbh_(s&wzs2Yn<uCTXhCDt2ZKnpP3MQbQ1?x}+-bSt3Sg)-i
zxjgHk8ZZP);BpMX`=|!^-q;$-f?6vLQBye<wWbcfVgIXVPf1WgvEJIBaL$8eh)+hf
z_yTGhJwg@y6*a^e-`U)kL^ZqvDt#Pk%9f*c*Fn^M&rtQmdvDvbz<c(;7DE*hwB6cZ
z2o6Rqp2eu4-ivC$4OG5&sET6#ZSgSF!BPxWUM<vPyp!iJ)LNN|%C{fYzzYEaYSAmy
zc1!TV3M_^0QHrHVAA;I;hfqCwiOQe!qpj-lxFLuG2m6v9<5Q3`5l3Jr(qn$M-PQkJ
z{ze7y1E`J#l6|#(8jjjdbx}h<1hpoPc)rFw#M7~BYhgXCiR)46pRg+C2=cjWX9!j#
z{sWfOb?k%1d_MPaybZf)|9>P<p9>xQKKH4281?@C8Z~5JP-`Spu+QCQ)vze>L0AZP
zVQu^qH8N!)S;M-c8g>M=t>2;!q)d^0PAlcZ%G&>H31}C*LER7@#TwEDHJ3|JN9<12
zoF2s@coj8u38Gq$3!(CL#ez5pRo*t#<NPsd3X??hxofK|CZT?(H33~1jOy`vRL?G=
z<|t-#8-Z-7f@`5hU?OU&enu^-m@$0r0ThZ_tPQX*_C{^D&8Tg7)r$wm^f>{wFgpRA
zU@cH5*kn|TkD}JVJJf*`7R!dR5~{(&FduG2HS|8t!l2kTGIKCC@x7=i_!aeR_!rfX
z*l~OTCxSqcI5xCH@K@r~u{1V{YeTpM)#D4OhQy9%bD0OL6R(D9=n~Xp_Z;@b$9M(n
z$M-o$F-HQQ`}YD~qZ&RqVZi79!Qib4eeMaCFp>474k|+*tb*%NBlR9N<e3xu+=oy%
z)JSZ?AMqxRXM0Ug;&WOOPnOK*EW^Rr9#bawxxb(ojeiq=5g_n0frlx4&RqOHrO#=B
zrBc}{U5Q<YM^5c-7pFJ&BL2XO*G=Pd|1Re-97lS(5FdZ_j&e}jd10u}{TozAP^&*x
zS{uo5&p<x{dgyFN?bDa2q0E`i_HPU9NPGj<$Asx^yLG_`;)k&+24(QMM{IQrCEg$P
zm|lP-@EYnMOB!Ztp)t<X{+~u*Iv3Jrw4QHA?c;=*tilqglWrcWfD@<!qh<EFPqm6z
zf%ptBegn1G(q^%q)<ZR97HU!dhT2`hS+$J=oJa&JkuVVTv^$1658k4NtZ+7;`{(@Y
zp%&$8R6);B4NH;T)<h*NMtqv*881CX4r_P~)MA~55%>_xP`{Htr!B&cSdRD^R09&`
zvX(c(^28UQhWb8M!<@P8To{IG$STzR7rl7$JhmGuVpr0eqt2HzsPo}(3~0{d=d}~9
z4r;EaqekQ()OISH&&PSsODOinZK(YlmfxnLHtJxSg-P%fYRDg=o}y_B*Z~xQ@ridt
z?V2G4*#A12Hjtpl=|xn}UZS4oMGKmZQ9T=kn!6(yKZpi;*JFj-5NAUz-tOqbW!MQ<
zVrz_D*yn8FzFw$?rY*|;SBnZ4^|{aWs;D_`gNJb)e#VZ)e9m5OY*(B)#Lx(z`%`ew
zlJ+zlfLfHNP|t)IrECgwp+>SF=D{PV`rhJjj1nkqC)Ie=D*gvcV(Btgz!>aC{1i^b
z!ey<%Ur`5B!g4<MFD|u2t%04G5g()GI#zj`ih`Jict6y3pNk1GaGrps;4u!t*cE*4
z>YRj{!_znzV^s9He`|Fd4kaE|$>(&yRj3BWs%$6b5DX*!1IEN_I07Gg>FujnL#HBB
z8E_5|(AoYTTVUR*_K=v3nzPkd6QfnLo;OCVfi<X#?xIF4a&_xj1=L86MD3bWsKuM0
zhV7P4sBJnO6KnsUC7?NbjOuapns$O!MD5qks1e$ST3nA%iziVnOV5reiP!V&jai6K
z$Hce~YvFI68EV^+JOJ}*|6d}Y7DugPM{7+~3s++Se25t^d0jICwcXmG9!5)0+w39g
zp%qlm7Fz+-n&{{`A8Ql;8P$Ol_1XV52;?PD2S;NBUPrCk<PB{5w8gl@&!ZZ0AERQF
zhCcU4t++Uwcv|d$yRapOH1fHBk#QvUCw>d{SgzC9;wKuj|C^Ffyont=i%~a5Zfc9H
z1Fj<e1iRy;W<K}r_7gTH-m|&S{r5r6;3(p$Tln0+n79Jf^C&HC3JTyM;#F}1#%g5;
z*t}Nk|579zBSG6HN^2XUoTwok<;9ny_U$|Dfl=Go6b(eZIqgC{6CR?<OVrlNYv4H?
z)u444idQimehd&8Mj%x?t9UWSA^s=o#B<u)3qyI-TyI7_1Kyynm+W8_j>i_nPodUQ
zwvIOReNj)tbEs#Ezmq-IE22)=z$^k<{o8OHUiIS5JKN$LjTK4XhdQDob+N^h2BQY?
zN2zcU=@DIh&RaZ<iXZ9bbDCq-?t0DU4GBx)N7OT=NDud@=g)r;=uE;g%#Sg9+BPhO
zTFoO+L$?!k;yp$!raZlDF>XNZlJltj9;LVK_v)wyuR#s@Vbt631FS~FQ}t1O?7uF3
zZ7x<|2pLYGw%=3KKF-k38c+kZ{{yI@+lpHC=TJl3roYeq1;c#Qi2i`O{|agZg9h09
zL}k>`+#cOO|1*PtPO<~o1|OjoQN@8i=RHowU|KwCkPY$p!FFN}9pZDIbA2y<z|}*2
z&hNNnm@U?E-otGn>V)0oE%xWAwUm80`(GzqF9O=nKVft{g^}?Jst30*0;7(wA+3m-
z!`7&g8i;9e7iPs9SPvtQwDhK^a)x70{2sL?ZjNOCE0A%N_mc`%Bfc5y;J>I<UTd`N
z{{^UuqK&bqS2k=<yd?gE>v0RN8f%NR&Nw?)x}eIrf-^AHc%L&8w~S{fx)aDV!RIW%
z71#}nPPEtR?@`+``XryzgejPS4TwLPY(rXNiY?Y5sNJ&<mA~{<`)T(l)T>v)X;$89
z)W`%+x2bL%Akc?|!#EuC&#(e_qNe5@>cye#OxxE3um$lWsGg^tWxHY`YP(&<)>v@1
z?S@5IpZG&;fko!nE8Jq#2^xqy*H&j2)X?rkZM*BJvp)7bTP*odPqBfhIX;c0@B?ZJ
zi_EuOFb>`G0(B5YT4488!zjd;qqggM<Q+2L+#^tugjfshEU%6_sg_|ge1d97*+upf
zQfJgT;9Kl-f45s5%M)LXq4*NhVVv*SHJBIG;6kW;ZBUDGBZg@IUnQV@{Q-3VWnN<Y
zxH)RI4#1|&{W=^=Jn}N$1#t=<!wSo7#A2<mHBkz`kRCui6Nas{#k>`@xFfCdx&NeN
z9c)ki{E;eKBqdk-oVLWb;3!PA#^!VZ>aqC|FJtGm_OoHhbyn~y?5pcI0lTmFIrkOE
z;&^j|J^hk@?{jt&zkwQ&SsU5^od_Hv&<L|^GRGiu<J?2-?^v7dM5~Nij6G0C=}K(D
z$lSp`SYoT~rXPQ>>*=?d%~1!?Lexol6*WaMwzL2BBUaAs_6k)QwFo<)8ZZepXS*>0
zIzQS`oDj7QOJgfsj05m1#>N3V?4@%YrY0V3r#)RWp{8UA>U`O}ll|X@fPa@QrVgl~
zKZrU9O6~SJWAF#mHZ8cv;v2CS@jQEN&8)^{#BZV&=a7B&Ecq4ns`VVzW8Z#z4G;4y
z7a$PEg?6YOPC*Ura@3IB!XlXLfL*VP>Ul@hzWxdIKA-%cE#f-(&c}ZhLzOf5h#loS
zu_5sTI2DupWG^UzH3a&Ra29J~*`xN8%si}3{3@2gtjFvz-2?Tr+bzt2(U04j2uGc4
zU9bfnMeXzSCv34b#!SS=q1Mz^jIaIwia;m{K|kBeWI9YkJU^Dix|k8?p%&jE&)2B!
znc)|^zb<O7`+M=Zs0Qsujc}Y_t=s~reD!dw_J3aj>d|M^iIwG~t%csGr{b^J1b;(4
zw{xDdhe|_CNc<??z-#ytx1aVoOL6%b`)ydsvpg-?9hY$>=`YUtoUO#Co%iwIe@KY<
zjeUrbFWL*mSR73}#U-CJ2bbXzEO6OI;xekC|01WfQ|^i_w%gZi7koiIboyVnXUJpx
zOg#S$pYs*-+_Yyzo?FzbZ7`RB&g>Vcc>deoLj{Ktzls{6x_4~<jzVqAU8wwDQER2n
zU0aOnP>c5gR>L&+tU=u{AMsnLDT#NV{jVV{bl>NE#8#+=G<jfey=ze0GuA_U>+OXR
z#1G?O40>cg3l2q{={vDKLwg@}u2g*Da~@z@?1L4a+D}dgFd6Z8Puc%^xWxJ0dX^ux
zIy<7a<62Y?_n{VH+-J533!!#JXRL}_Q9b?QrB{7!Lq8MCk^TV7V&)e<XCQXR_V_G7
zpf!P-|Fa?A;puy61yslL^k^xn2R;6<5qOMR17Uw!1>La)@ts%~ll*1ZyQ0pCov1|^
z`?WPR{TuK3-<v=)GMvNhnB%R@`2!q9yalI;Dtd%EK(fELp9#ldBI2)6QyBGcGY{$~
zq$ao?&*1Oa|AWuDjx9dg$yxXxcVq+3CIT7(-zT3l1>2#9<}J3wCZBBz4q|EI3I4TJ
zULR)@Kabt8?HBvO;}T9L-r}phn7qWs#KRrGyJqI#MB?#+{LT^WyTt_5fM!0+@DsKr
zUfl0@&f_Z7^}fM=_g(Qi>g=x=$?v`o?8jQfOGoy*Z$fi%4Dkne8aqVsyK|mDs^6)}
z6l}o`qz6U!J4LncI}zB3Yq1g5iQ#wOQn#R{resXNJEzNV2=Vu*_krHA{O-B%7&{Xm
z9oriEC+cZfCyw7)hi7mx_KWLx-yagh^SdMY3<FxV+2dQqLr`;k6?FjRPT+TcDZLXl
zWK|RTorQP}zsKH*{LV5=li2V67=IWw6{(Zh2u{I{#NXf`Y?{;>ehp_5uawLmaOe7V
zGQaz8J(f-Gcel$OOwLecNa1&XvWZCPcMq8GRDNeaH%`G8ktiUw_5AyEc0EaYzk5`7
z#w+Ce1ux>#41V{QP`$(a&Pd|#kpG_L49FPpJEce%klBW0AI2vB6@xK$7Qd4g6W||M
z084UXSXRILSniO`@01{Y6>6V9LXAMy?0$C_EX3QyW90C=zs7%tnyPv^{cgv93J_>Q
zLY7=MRO3*K=`U2n%H;ODXZbi({2jK#LV5h|5xf-jlzWQFuy|g-dvG;Cy(e_R19%)0
z;;4LnciYa#<irD;3Fr;wSJa7i-^&n|-|zl3TNE_{buk+bz@oSswH+Uzo&{kA{O)75
z8zv<_#d8g&B7O*C;%zVeIZ|)H@fWlkQlK6p`A|phcucPwP}|Q}$VR3e4kf+^wQCB7
z``zF1K0=L5^};p<J24OO3`K0QHNYywU!b0jg^K!l8D;;iA)pI4+ys6YE#`NhPK_}Q
z=_64ivjQ*SQ&i9Q7x%lr{c=j!(8k9aq-Vqk9Dw=}ZV&4IXc2z*Sy2rO5?_qDwf`>>
z(6)<Q(h6vSdf5Enc^x$pL8bieFB-!zgm`IGg>6tHw*#AEw9>XF+N0LYLDYx_mGQd|
zsd_k)_-YKaA&{x8&FvIyPJAzxz~trp&JWlK!!c%gOD~6&iI2sy_#5i6owS1AeO$Lf
zjnL1iXG4sNe)so>`B96m9Qv?jMfU$80&Ph671LL;7QaG0R&!UjiUOzxokI0AMir~D
zIi@AP9{b~I?2Tor+5xm1m7cnq-~A7hb1^UREY<z)%W1Rf0h{YNBxnun$NU(rhRs<C
z%tm}P>LKz2>cosyld~L~U~b%un$vrz?VPlh-)Vt;u_azXy$u(tZHu!z<|BS5KtMf6
zP{$fl05$hbQ3uKx)KH&BjY!hEwy)cv(hs4AIz~M^!mFcxq}zb;Fj0N$Kt@!&4r)=h
z!x0$R=>-Zku%X|J5nT8elVI_N*28+JhK={!in)kiLyb_hMt=8AssL&vn&2>;jp|5(
z#&&Kr!Xm`yA+Kx!=OTfuBz!?-%+kav>WNzQ3s48lK`e=po4PkT6;QjTH)_hxpbjQ~
zGr#-Oa0D(Vz7zE{Y|z}M<N~%Lo~MPLt^xii6afwGThv^YYH5$#Rj3O7!KhfLl^rNe
zQTeB%PPRK3hM!RlN!QxeQbWv6d=0k1OGuBM{B8X1k7g~<{r&$U0_xd0R6+6D+K?7P
zrMJaUT#KdfSJa}5+0IVH;ut}E25OQ1hV?N=ds{1Gu`uzwsGpdUcd!?bN*K^XVmkqy
z12H?=9QH)*>v^a-zKt_5b|)LsWvJC$s<W;3fvBEc!E_kZ#XEXY2UG*pnplrz@IGog
zhjnHDyQ{IQwQMJ9kv&1ZT*mHZ`!zl0Al|@p94g;VERJ`uHKyur+j9hJQJzQj{9nv~
zg?iXSsu}8F8rs9#|7%Im2%JR?UEZFy=q90BdJ(l46ZEnQ3!y6Lk9x?gLfv;2J7dn?
zHg$_otNk_>!(@HzdVL&B{AhrHhO$IoyP+TIfZ2^Yv!nF0xo?6R!eOX_c47*Ai*Ye-
ze|s4XMXm02sAoZp0ro8Dh&q@Kd+}5Q?VJeoAux&ycTokm9%QR^IqInN4K@p)rm7R_
ztlx``FnEZiH%G0dEvSY^9ctUTDQXH<p+@2^mc|sr+<3rgPM`t_i%{F|5o$=wF*T`h
zAZo7Wq2~Mu*2HJ1#a3jv?TY583RYkhyn}icWF28swiI=~+(Dfu8AfWmvj4jhPy<$?
zw$=YouVAT1S%E!KJ=lcm`R}Ny$TQk{(g~Ll-;8Qd^)c4a-l+Q)VQajC8kxdlZN#Qw
z4(fOA5>U@#kFyF2pyqBk7Q#EIeV=5!RoDns;1bmN;G19tmqF!QfZBGqumxtHXd^Zi
zH8S^5Ya#n2Z~spupo8Hds(=KOZE@5?#gAYQ44z_dt$k5LeH(QWCYx%uM=jnRs1XdF
zW*w=I8i^gKBl=HNzU<T4|BVR@nQlXJ4Rs;Y40}5DM^*F@^#YQArVV{}Oh$YyYONeW
z&FNcIc|~Vg#q+T_@%N~6qTXy9u{o#_zdD;mq#k}HK_^qGIkpzYp-#Z_sONOzxmG}B
z>_B`Xsz+~7*K^FXxo?f#h>t_{^gXKKdFNZaE7m5y0kzw{1PDYBD7wHh4#ix=ccIRO
z-%+bS%|eS;#CF7oqZZ>+)bl>~BFncJHDV`Fi`2K+(hH;3N*ip1Yfw`c2>Q+zPjysF
zSD{*d2el?rEU_u6j2h~NsF6B@${&BJ^`r_aJ`q*XF)WRdm)XcvLN%-#>O|duOijRf
zPC%=*(sFzHEkZTmCrpN4QFEJYh2Q;8uq{#PeK0Xj#Ry!Di|`3*Zbz;(H=y?YZ>Xa=
z*(w{cF<4gn|4#yQxlmxWy)2$Vod;#tc-scmpnKRBQ?0cIjY7@gDb&drZJpo!ujUQ0
zF7Z{U5&Q?$fGq26N_t`#@%31n`knIxlp*~F`ysJ2s(@>#A<Xf;HJ}&jg<=a<!rQ2Z
zXWD4_522<e(I)%Br4i}`9fVzQKBmJ+n=OB4bpQTufPl{Wx!4m=q844zEo8uUs73Px
z*JH`8e)qrezQFjz`~To~e-$$k)xb2{?CDq)V-g>P8mVy@9gm|Lc77ZCU#s*L2^y-f
z?Y8>sp&qy6Fb8f#y(8X4jYyOq?Z@=Ws1vObrp2|W3QnSab8;EmV7?vpg0cX$yN=-?
ze77TD`@hFdo73%Bp9`OGDAwL(?|v6B1@Rj=0pEKL-)(Cp`W|~%tc^N1HleoX8!Umv
z_S!iy6f+RthMKBt0RlSlQth)j>Vi60uA}yU!u?iIWz?FOgH7-SDqn>Iwk=0_?nF)D
zGt_o#e9+zt=AoX3sSjC)XQCPwxJ;lAfkcOG8&1T8#BZVwh(A$tSNw==vmvOpaR4>+
zPrdYfKiRhGi)#2itcOXC+7xs{b@U=?d!{|+PDQ|}L_phTFlrZ^!a5lLxc5*&t@a(L
zbmxRMsIKQM)T+LKo$wv%;nU)08}jX_k@y`|PWoT0VcoHcmiGw)+V2T|wIOPP8k+N{
z6D{sZTbz|p2h||d2%JKli0@DZXF6psFuhSzbs2RMW<6~^?~0o9{iugg&>4Q4M*U6%
z0WFrBs3Fa8)>dmT)WhjJ)D+yqP)vQ!dK!Uh;P<El>M?f2wC8OXOvVu6^H2@hjoMZJ
zpr#_t1-7?Vdp82=!3k`P@qV+Dt}D(AV$N_Cw!7qa|K?(hEB2<840Uc)M!ow5y!bWD
zPdw&T8|qT1MY{mCo!@(AxW@k1<FL*(I}+ESw$C}#;!AYh-fml?R(l^*%eSDW=nD?U
z;x}y0_o5bEtedu-+h7FojW`}(qDH#kEgR9px7h!ht1l#I=<3|IH=Kj0{U3J6=4=(J
z0nboVl>V+QuAbPR_!{hnsqa|>r=aHg7B<At`?fX)qel8Rw!ln*2UhU}Y)8Ty)Ce?s
zXf0fZ8lgL=x86LDEdOZK2)shAksOch#iS?d2)==u+Ne(~e+$$UoWz!x@u}bak5qvP
z1au;0{@sqo>i8@1;Wz;+J@dPNvf&c$A>QP<Ew;ojY(#3KcEMEC5q$)8#J)s5Zd3oy
zw)I5RF1vtgaPpV#2=V8?2<Z8~0(G`ON3H4{uk0Y{fXRt3#gw=gL-DG2{Ud7s=la9u
zx(;fa&Ouf51S@0aKW%FIq8fG#t84$~`pXW8;hy_3f(#!}2TAyATa1%YLwEzV+6%t1
zA)k&qxIUt;N4&M`-=RA49yL|D-dR08P!Fe#*q!>F81HSr55@@MYf#(gDHg<3e_MK8
z)CkQ*rQblE3-LeL&jU3u6Y(EWYv?u>#dIHSs#<t1LY;_LFwm7i{D16)VK}O1%djne
z#EIDalTF2Qj7vQ9v(0rL%tyQ#YD#8#?m#WRtEjb*^IuydEijexp?2F3|FZu>2&DL8
zEh>t7_zduzf_j*&K+WNGOp6)5+KE;HRq;fuh#RprzDG@6BYuhR!%e6W-HNgC3C6>B
z{6BSZ_kWb2VD}H9H%0BwSEz#~+!yS=K#a#|#9yM)|Hc_u&L8YPbgp49;-!Ow-5=d{
zqUJndq+s{FsDqla<*2j&I%?#S1|kQ$b5s>ImlLrO{(?F{(nYa?I-rJZooD>0*6<;y
zpAmoaj1kT9mq9&dN27MfM$C%mQ62n@T`*8SdayfmKcZIa7tD->VpsvKP(7ZA&G9-$
z#_*VyF9K5&?}VE3377=$V+ejkO-b@t*5hGVlK6IH+XtL?1T;s*Vh6jcKLRy3BT(CF
z7UsqqsB<D_oM3lu>!5bST2xP8U^Yw;*M>X-budjqm2()i*rUV?cDHF?tg8M08v(t5
zgv7UkdY~5Fd{hDFP)|8uf?)UHD1cgwE3gB;Lhbwd39W%YqFz)!qZ(E-kxl79)I;qO
z>M@))F&)<aFHc}Ujz^vKWs}%cEI{3G5w$i#lUl=?<51#rQ4L6#EZBVwABtM#(@_mN
zf$CVg<iSo0?2USOUBWCFnj+W<<RDOmfaZ8Gs^urWc$$<pSKY7^>041#kRp|hL~GR0
zp7Ttc+Irj+b$*ONjo=H^*`GR%b*Me+oY|2kIN;nQ5IZE;{i74lQA2$#G}wKMjhQys
zJ;{clp6kaj4W>wE4Jd+IJ8Mx5*?{W#Usx2Yr4M!=+mo;+@e`<gNizhyCuQ>t?0>EL
z@g$_cpD+&IL2a8?s40pc7VM11nV1ZdWDItHhRcmQY8#+d{Swq7+=(UdAtu6fnS$Mu
zFC4QIua7zh#smnABXA5g1ywQ!yGQ0C)LflLZL4HiY`^zJExw;oYa>BcOK*u<JG)T#
z#mE+HzcEEUY{sD~e1dH-Lv~v$fr$jPN)KaN{2gmyj2t%P%}@u=4%9)DCZ`Q$15`yD
zP;2IIR0UOX+3KEzI>5GKLwtu_v3hPhf)8L$?f=sR5_91*YHkwb33i{~jZhVSkLtlA
z)aovs*Lpk<HOJ>r_r=U-2TpCzKBxxFK~2#O?1mxvEj|sKYH}|V(9xK;fDLVP)SCDn
z8{=aP!IA~7L9I}WbP*QBbEvfvrI3w4R@AERgj%fMp&D`k)e&E~ja*A~|NhTr0vftE
zsG-bL*c^wNnp>y_1{bl1OD<&SoT;c?aS#V$qN29ir{QGcCviR2FJ`+XsJJz_E9yOA
zH3sxNKTDtm-bF2rh!S=buSOjpPf&}iK!nZxMAXpVLY*JUO4@#}fK!NXMomf4Qnv3$
z;Q->NaR`<z9qj%v`crB4|3VT9lnHj0;RVz|(W|U2#(k(EyMx)VSUKxiC!9_EZ`9(P
zT;3Mfd(_aksSxbGGtNV8>usp}&!SG!PpA<JugL!ILf}NjVE4~*<gFC!{y?!8tB_ux
zvaNwps5!rj88AT=Ta4kTsp*b-Y%fBcAMY_GMy_f{Z93Frw;B$^1?V0`fogV;G)MJh
zENW5xiCPnxss}r*us!OmKZz<RZw)&khoK%;e`0FPSko43IaI#(s43otVR#fZ1<$cA
z2HMxMo*ckZB)mZ_ssgpGfGHTC_%+mae1UB-eI2_#5nB_#j1d@KH<;Hfeo98=&sxvQ
zYlEtIAL{X5sJ?qb^7B6dooEwLi|h(c#4HW$#bgIY5dVr=j1dhjeL89`Z(v_c+Q_!;
zRMZsxf?CY4P$O8ou|0HlqE5~@P1G^=e^Ub5pFL0~-wxCWL~Uw|sX0avpNV?<UG(B9
znpuyUV1LrDV?wOi-14=<(!@8T8u}WGV6GPSCe#IMQNOdCKv{f?!?AEnd)VwlJrg2Y
z*{jzy)b98Lb+8m_9qj&5iw3Bn?uprP1F9j{P_N%FQEMr68(XYRQEOuY21XFLL_kAd
zudNO32FyqNEvmrG?YyTJs-iKdf)8R1{KGS%y<MMyI-pLX%J~PoV$KfsKJgu9CVsaA
z`(Fo0w2ro)3*koMXD}%a>SPa-S*Vk6H@3%nr~)c<wl&cUHBvueVT{)$*!`ngRZw%i
zAID(yu9kl~D&M`X0o(5>y4hUML$&xMYRJB#rlxpz+h(It+h!l?VHB^2jaYe9181PN
z?;h01{Dm5^Qa$a&9E{qgyD=_a4G<Vf;CIwP(z#c#`xDJPR0H;)hVlaz#Z0}e;<l*O
zy$IEFr;qKT>ZlWN5vqr0u?0r!Yj#47+$mJKfp-M7T{85u)ma(S6Ca0q)7glL@C5qs
z7DmOp*bRTjW>~+!4ed^BPCW7e+ePiL9q|LGhNd5A+p#w?l>z4p0UfQy2iXw!!W_ic
zqZZjU)R0CSY){3K*o638Y>98MAJ!dWyW=!!$P*2<?OY92@p9CW{wL}jDK<>!4Et{i
z0Ue=9Sqqx$>Zmm^2kYQT)Y+b9xLqHFT2zN|9>yMF=f@h<kiS5!_OOxm4mcYlh+o3`
zm}r!(nXcGW`+pY!y>KKN9qj&zh3cpi?Jv|wv>#(f=3E>=d>yJMp=0f!>4w_AJ5eJN
zeVjG03o74UR7awWw<&IdgNe__KzRZQC)kiQL7n9rQ4gEA6K&B9M2)}=)auVa$$r|M
zgmZ|0K|Q=?PqxSQ7t{!aPO(MV9UBtghZ^BTQ*ALfp345$DxXh+8gdnzVw!2TNQPob
z;`dOCH0^ZTJ{3^gtvzZLPeU!*L#Va%$V*Q;!(PoQU>4H5pz_Vbgt&hOa~n$F0ttFi
zc!LQr&P-c0=}^0%7v{&wsHyr1)#J~og4)fp$LnD1LVN|P;c;f$+Nz1_`FK>r&ted2
z{W-TH@w;C?|2#@$RwrQ^?;In2H2aM|yy^tGIr)<<<l!H;avG6VfNvG@=~Ih)^f}|@
zvlz!Y<?%~z=P>DU$Ula#KKrBaYDT;Z@xWRlV=3S&e)~-0LM1Yc$5g0KVJaIzfyYTp
zPMm+Q#QoI6zqp@&bH?Gh<h}{p75m?fUgHXQ<yRyRzfN{PjC8=+%Y{26{6xmmd~b58
zn^*WLD(pa*e__l0f6q1wEAyR3o?z~~>=mTaj*_lV2d~1RUc8Cd0lP}CDRU-itZ`>h
zWXAstfxIN@Gs!Ek3x#AS-sV3Q==yom`+EgeA$*YUVj9w&YuU(KM@J){rdWscXMAt)
zoz6Ys)RC9`D=;zfqc}XkO=Y-YH!h?hnYr+s_(d}6)0dljkdfcSIdKU;pjXR?>r;`q
zKK)Sj?&exT%FySFCx2|*Y3t=vdSBwD$ozrpEBFQ?lknfq5DG6y<=ZGMnC~ho&W#T#
z<b{{<3D-xFJ_&jIa_Zm~%DK+<1{5BXyg5iOfjY2q5!Od%NOICRaGi~o7I2Dj^CNDq
zOC@u>p6&A*^)EMcBJCd6LP^V}Zt~eoT7ZJu(uk78&r?_d(&m$AFFx}soUVowuSq_A
zx)85No>6@HgYax&=06*mt9dv4KxTcKlW{ic*v!ez=SiPTS}LyrVZ?jUaD9&O9mBV;
zSIGt%){^i9)aM%VdrS9I42OAjDB%l#|G;TU!R^VUheKP!{O6hf|M0tJX9gANZ#9hf
zQuh$<>gD;3Yh@@<e_C3fq=c{2nQ4@JnfR}moJPkZjnkJoWvg=U&(yaA1Fa}vD(Tgb
zKjQD)P$uuQi}(TxzDWEU>DB+!^6$C10)^D(zCnEZkT;ApUhSNgUKz{1M!n@e{=$^|
z$xK>L@};3squu}i8zgThu@{B$D&XYe;uJDRp-{iH`<(B;1&DVcJ(zqy63*$R^S5uD
z-h_8?-$BYd>s9XE?yMty73ClBI`NSF1*0<mm&llri~s#RCgXN87URo*UvNMC^IuMc
zSJ`bZ|3lL9Q_v=IL?T~hdi9EXeE%u06X{>br@tY0m#;qGaXm5lR%#W`rU3pHg|m>1
zr%B|WYI1(zn}cg5EWgv3>x22~-*{SqOUav!Li*59{Ymz3pE2BDg6rEzPl@q~rzT$&
z%9=pD2A&~pzIQ`lKR4GVvtI7DaN!M^vr~97zJ9JfMtu%)qdtYmdxL!U_%7jECEd%X
zFZX34jla+0O!4w=C0>wkb*}C68rj~mI~PdL!~2ID&Bp)o@6S2qy~>mr$Gu|zvzr1c
z@?Gksz4a<xN&FMx(s-Kd-#(4J22^7@ekT18mEEUo{sNRU2d8>@ulRXeIL=*FNhm~S
zy|=X^Ls~DxMH;n_xISyKCk6GHHDX$VfZxlZD^<L{Dg5p88-a%0k<PnTi2N<Rd+yQ<
zbv(%H2LD;r8Ag*s_&)S%t4C|*QrkoFt@gUJ!ONd0GPge<<6;W@oeC~dpgtW*)B96r
z(i@PLoomgwsXPTe;LCq^aX*a-&msLC`3{h83*nw#CAFxy4srec3cYuK`y?iPu~*N_
zAex_x8)EbAPN7rC)s>6uxk*3WxAF>WK|%WD;bwhG@x4N${v<tww1?!^8)Y7Rg=M)m
zhH`QcA4em@2`}NRx5tH~y(aCF%CvPufX`!Y8p*}%WE@V#6)E^8X=}OmoXoS3e-_Qj
zP98mPH&Dp8PeSsx;rohv({gV{ui=F~|K*-Fgll>6=H%5U(3b-B`Ng{s&V{&Sp3hgG
zAky`>eX^4to%k6lh)d=9X%PQ<opX%q+ep_BeV@7K1nEOapH1V2VFteXEaKXGz6tqe
z;GR*I9B>M7LrV(P=Os7oC&Nd+Azs=aWKK)vWr&|3Ju+e5Zk@w4;s@g2KI@3jCeDAW
zb3S|be!Di?Ys3s($@OTIxzoMqjsJ2YmAH8$4cI|A7*~_I72gt6*bg0Unj^hW8jS#j
z^&wrK$GCv_e!ky6(<yTR=}#$7pZMJK?bDNRQav~I!d{7+_|Ks3Z;-xasN&tUmps3a
zIfM&kXh2`APNAPk8%cbGHwyakH52I(c-L#heZtYWza9B@;<rz0!ik8u{a;MxoL*&l
zDPRc~GSF*%ws-~Qr+_O|*vPAFDe*jfE0Cuz_wpMH_Y=jtPmxC4yPfnNUK!QMSDx|<
zabGn|&%fK~)FJZU&v&#e8)@^ou>q#yrj~pM^Zk>X>T~@F-ySsNGx6qx>vL@xd8boR
zN{meUW71pE82t>rh%|l(<-e2iHi7H;zT{g(@6GzmrLeQy)Pipe3X5jRPHHlZ=jLyp
z3{-HH$X>qRb4{PG<o}60-*IgcVSVa*_q3<nmE^0#wN1Fk8@=OP-=n;$e*_o);M<wX
zhms*WU;Q9oiPonl9D|$nNk*RkevT4}#kC&vv@H4V;~~BaNIymV+b6EdCS9K}!-+y&
zbw~>gBjFLPDePr9$AzjCniXGB2>;5c`-w#SzaRekqmzVuk-Q%38h_u{89`b<(w5;X
zD!%94G>mKdVLgji&uFfP>bcp9Krb@p@(M~rh2j6{X#qwdFM0G?j+^+d@ESFd!fKO#
zz>A;q?n_9VC!+h=NS;TOos+b4TyKVnP(Mez<KLa0mE(Jw#8z%13ye(T{?p?aj6_We
z=}uwO@iFn?<Vok{;SUrz+eoXx^^T}dWv|g6h)3m~P2`=5@3=26E~UP60RsF<68DcM
z@z<xFtR#LSgFaQcVI97vfRSALMBbHLON*uX)+XGD{F}Xsijwa%X(@0V`Spp#b$x0O
z*Ke2f>BRM$qz@r2Fx1kVzrCK+q2S%#%{j3gnZJEvF%|j*dueUSn}PTuH<e)~y(Hhs
z#252T!u5ezjI!(D1Fof`;w7ZtAk1$=0!|hpb4iRt;r-~z9WqX#7paN2BU3RNF&L9`
zEr&+R>k+>$bFz~DmBQ1K9)<Wm!f8nR?<a`z(^5uVuC4YieDunQ&hKs9&o!^dWvH|~
z7Y`Ee&W-w9rN9(kc&(SuA%22Je*2W-o<1}}pN3R)oO=%O-A%j_`G%0D&m;1D@XB~j
z8C&_ijr++!;s!!HiSObD{vlZ>jPNABSGg9CIKQ=WI(%yYd2@N;q!e0$%Jg|eo^Kzu
zCkyw*Am4Xh1N6(>ZC-c+83ISSA)K2tqyBh;K6i-E;_D~v1?DDWOVU$eIa)o5@CFKf
zhRrDKFR#*nNxMt9Cim!5g31^34dwgoQ{G!ciqF#fUjlAwPob~Ll#%eaPf7}DN8u?b
zusZ4gdacg)Edws`DlWynhspny?^E(+_8JhKa!(R3?8S9!N$#2Gl~K^=&HpYE*OT!q
z9^+euRt8aNCXL~LK3@sfrLZd$tTMkR&sD;;$hTJo6V@jm4VvrSJC67`!ukc@e?J4r
zn?68A^{Dtdkq%_i`@kRy(kCx2B)-)vNNKC7H5K1~xMv&J^tq0eyo!G(enl<gQwkGu
zZ&J#M<z3f#bCdK2q;;T-Ku<CjBA`z?3i`#%sCXPNJs+7r5iaRnyFfVHYt$Pr&t-ai
zns5@n{Oa7f=cTJ0eTGxE{>j3VIFIXXX+#GN$|EkuBT|fu`To<>=3Zr6+}rJcjzo5U
zW+Bp?J1SE}B#QchZ&Ai^FLy^HoRn)Fxz?I|YYFQ!lJ73AufV^&ru{{DF3p)jO;x;_
zn^2BEQ)$f$(*CcpGl7e`TKhQv1w<4P5ER!xZfFXr>8;eveaYO*7PTB;z)6_FnIW_d
z(KJibl<b(csBL;H0|Ec8VA^KgYNpk0nl1O*W{Yi>b?g0}|C~`;-uJyvpTqN<=lMO$
zS?35!t7%?h#?$|I#N>Qt$9#nHM-+!JNNS2>1$+qlo&;P?YfbPd6_NCEbgyCmn3j$F
zAAH-wZ-hTYq0hs;Q3rS~wkYw#Jcm}u?=>8!(@BkDAc=dEDAXv~Y&Dv71n8%N#KC7O
z{b1xBN`DppJxCm--&CR+ut!loP5)69Te|d?Z>D^d{N`qdbb$RSCSEx%1^gYOsi%J(
zEm19j1W$>$IA6bzBStz-)Q^!j;OC;4{qPIX-$C42=o9HTkSk1kiT0B`v&9(XFCY0E
zEk=zB=?o1e(B&k5li;6I+zc#FgPRF{J^@$IeAtVnKeP&d1p5}Sk0WPclQfNfW6C3L
z`TYd#24JqTd_pl_EBQGbHWTO?beoVT!zJBAyH*wIAwhovEue^hI#xESN_Yc0p>WdF
z1nfiTBz=wkmRQz57R8kWzZT^R9Jecnu_XHp+l#7Sr>f5&NR)0s_q|+5=w4OaGw>`h
zIq16}KdOq^MVwcO_jeUf`jpGh%;tb!0bC03Rva!+0rTM#0M)9B#~`2IDEUYg=vtLv
z48FHvAFl8VkQWmpOX0r5-=ku01X}^_Jb6b-($(lJf|b$FgHOdKf7<pePMdI$B!Aw>
zkBDMo>3>D*ru6+)oZD4_)A0F*n3c3G$or);^aRDoAE@s_??+!Qe}n1_)^D2{g#>*^
zu%;NVC-^+tO*q|;J{!zH34pFZZie4m$Ssf;gKJG|j(k3?7yh$}vj&}{3sivviIuDd
zn<CHuo2nCmMZVrgfCGrFWB?pyfq4_T8$l%<BIwm5??sbzJNf`Vl0<~X1XW_$y&aif
zw&KvM#5+r@|FN^Zm}HEv%Y+2%i&Hj<Ej6X`$99sA5@;65PAk3C)vBNqku&gXO1}uq
zHfe<Fm3_DxK!YmwNBO-*Nh6hFE&Y>?0_Ukwyr-()iQP}I@dP@EyaTz53VH+bxoSoZ
zBX6LcQ2vX-4x?YDV&8}?sr;7+kC{&achd@0A%h51tDKvV;6)r~!yiQV6T$W=zh?;a
zAo}ybZ=uLH&_6<qpU|H~|1P?374}{HK1ElJZY%tld^1V9NC9FAG6CZ<lI#FHNsUID
zeX8<1;QevF5c_mBibEv42Dt#=kKz2SZ-?5!zXX30K7g1SJPc+(z7Zn-3m6O%4L}nH
z&=EkCY!XT0m#M`x!PXX@iLN^VlHsFBd<Fie;X{bgIs$jTHb;L7=>WFX_-)3g6EUKc
zEC(mYe~okmv<C-CL)1u{<Fp6;3EH(dPgKsg(T~zdHIi6-nkl~oa7PukkQj%FyHpM2
zX7q0Ir4u6on=}7g6<DZXexe^$NtPnFAn*e!_*FP{!1jgm*@*lJ@;3@U1p9el6Y;Aj
z>1?>9McDT#OtXk8=F`YOWn(ko)R<nR;sH2+g2PJX)KURnL!W|u2>m@u_Z<8XdYw2m
zY7o*C&qxoT|FDs+ANs!ZmpE}F`!A*)ipgq3x4^H#>1%@BjsApk4&eAM`ZVkwobORH
zQVahIeUvW3Hi}Lrey=Ia1^B#={$=!!qHBnPWqy-HV*zB~(1!N9QyHIzj4~Clu7Z4t
ztr_hVup9A_f8#>Zy$Uboi;?@vjRhS5Bk5WAbNG}f+$!Qq`hr&eZ&^8tI`}q%Z&FSY
z@FDFbbdplxlT?6#6x0)4Jbpp^o~JFu_Bgs9u%$}}Xd!Ja?Fy2&BktSEzXrdl$e+pY
znT=8jKSS9R=k_XL0`m7t9>$0U5o9nrNejVx@%t2BM)EXdev_L+cc5Db_I%~5;hTx>
zSK3w(hrvtQ51%G~)|85&BMwKD;XcKe5MTi|NlzmmAwjJQ+Cdf43Y(je+=|b4*v>`%
zRrz;<S1O#0VbM>e-K=7KfNe)PU*bsq2yHk`C}-)=goJ%4V1$~ssbB{w=XuEAqVEWQ
zg7z}L3$T5N&olI+^cuPuv`^7xpj-g1C71!|o}iWg%9p3rC?^1#L@PrVr4YjRB-)G9
zbu>wxRf06N(H>Dnk5`5ELH{^0TY&9Hti4J<0{u?p9Q<!Ye?s2>cL9?2Y7|K-PzP1O
zO87JAj+1yOl`qBdD7xmzi_jM+d@FQyBrHT90GmTQO&fylbAo@2Jet;$0y5wagI@|Z
zz6tApnB*z6Q7H3JR>7|aR7bKoB$y9hP8&yyQX7Ol*fxNTQgeczOTzW&KUT_{;ERY^
zO_Nk6X9e6kVoj&8PV)UX7KLL3R4J!IQ5>M=$Vu?`vE7EV^Op)>`N&JbR>_32;6{D}
zh!;R#jbA2y-+=#$HVoWYbQ_VchD$1M3NTEQ^n<E0N%f^}6Qg+&@LuHC2`~vh9Nr#m
zI_((PB6Kf;t6?yb)*zokK8oLI?Az&&K;GRbuEZJ9&;Ra?3`qnXp$d_pR5d$e2_oqT
z?L9_&GyMtJTEI)t%^-oUuoBl*&B(3DJBa@Te5T6NQWi$PnSB3OlB_M@9yp%@U@*Gw
zR6hiLKqZ}mts{C#9yQ9<^#6n3&*+lTz2sQWe)$C79_aJH4I*Jj`me%=(Ig#5|8n&G
z_btYIRRU?eOUe1jlSv|JGLEazKc|XnL;nNhD^-68+*C6#P8FF5zB@QK{r8pbDF(Su
z&2YINWv()$tI8tjSYMnE(XPVbB^*{`=p~cVe*?Xw&q?|jwn`O4>K;}FJ&EplioX?~
z_mu82#UF=1DgXQ@=~w6L*)KClAZaB0VuHuP3)C#!L1G{M&h+1b?^pT{&~G5<b0j?t
zKSqBLF-DU-lUezU{#)1{#phw#dh}K-`M*X;CCKZlvS$FL0hj{sNPr)3Y)s|YmSM|8
zxfc0Z>>uF2K>4r5CMiX6Dc_9!1t}=%qNZPspYM4Qq#ade&}I^77r+8qSL755d^qX}
zzZc!71n+>XBfqVJt*8GB{TZr1l;R}qQ~VJ6AF)p)UKRQ~(U-rej9;ixHo(tOavy*j
zmHZxjETd>mfei#2N&#!o-4Esg6{9cq0DX=Aqa?})^NE^;mlejTNPS6&{#_G^NyG6~
zKr0A-oPL;KkHUw-uL01L#OGuC2l9ioMDPb21?@}1ZRmPo%crmqa#!$;=_fFMLwB7T
z)c5>bM~5y1Jf2{k>CGd+)d24VI0AVe;33K(fg+wqHyi#hbY0;6z{S(rAWwoz@)NHy
zd5KpHehO_qm`gCOgr75;q<I)6)zG>VMAAC|yVBMm{|!tDvZR}kx2oXZQizuz$LZ(b
z_Xf6$;C1LFy-M3vId4O%{0EIO7RYoEr&P9;puVDYb+Bi@ELYxA^9XWZ+C<uK_)8j0
zC5vcT$XTjdslP&2NF^(XUq?Pk!|?l$yyVwm6m%s0NT4fe57S?czBvw?DQp8yqX{?|
z9*#g`UV(4Jb{&CVRJyOh*V4wIJE&q_iEWEYDq-WW2UNjt$q)GlNi-LS9t67=rxc9!
zD&SxRl-+6AmVkMZ04-GT9_Zi3_rpdB7Gl30{RDIZe2Ydg^1znRT7h{1{nT=V7XiM9
z@&JWY5qPe0cnAJ4dQ$~Ifo+<y%}}}|_|K}C%i$LjPm)cnbHFafeuDm0#Q6t&9J<-a
z?^D=K*qlw?pH4p&<P8GIm*)|cV2a|)(2vG>FFYRXJtSz0pQHzn530gOVZWTE`lsqk
zyBFL;=q3FF{V8I8g3nyJ{yQ<;K*FK$p8<{``27H?0T(N$Rq%Jf)S^Fx{_iSrPl7~g
z5VlbS?}TC~SV@n;e}F%VK82zNz<c9!GdYgHpOWi8i_Q-uctr(Wf>SC$NdkEse6-U8
zi#`Xr9s2p;ZR8fp&yD;nMO3JwdV+0FQZM~{@KNf8elmK8<opjLd3zk&BVU1GIsr%E
zbX^1zGl&95q3<dS1y@YlL|Y1G7J;+ykCF@BmH3~7T~dgC1(?g#fX*S#apa@;OrTAj
z37`kyW$@APH28QDNz&<02J`~`11i9!$QkIi5cGx!ET%pEK_qRB?rx)|dsVDaIkaX{
z<<XjfHJ8;srPZ|A@sc)W<g{T{kAOR9E%254Enk_}%5#;tay><!pvN8PnGj=HR*!D^
zJ*^1PQ|PsP-l7G6Fu1(=)~KRFSFx)|gnrXn_Zl@~gykqlj5r%YA*>#5Z=QcaNiY(r
z^0+;re5x$tcj~ilj_toGF#`OH5~V>_;{fvA1+LPfV51SZy)^@Np4RgJl;0V+9LoPQ
zLyd61%O26s_XL6-Z=p5Uy&xf`@;5uP=AzwK#;2%k?tClX6?7%UbPI@zV_JH9DOt+s
z@p-K>Pf?MT>$XY*?);j&4peB_IcEWlywClew!r5fXm#!u=v<TdOl)jMq1We^HI#bi
zdgUS)6uAnmtZsp<%J@SQYf26sO-}X({l22?kygGt=*|ne^Al<=dH1r^nuag8H<>++
zVY&TT0n3%2?{^0Rj;odLa|bN1FK89Jf_ZbSkrSs;chJu$C;Ec!f!1Yn+*WRp%R3i8
zzuQ5Uxcn@8ffdA5;tB*x=J;I!cTVMXKU`Yw2IG+dt-?~5-{lRu-QZk72b|~f=Uai&
zk`kXk7;rRx_q<YffI_W+=LUC90vi<?7m3YWTZL|Fb_L}eo~blYnwRHx=l8Zsirgf&
z^5(en=E`sh)*#0}-<MZf%qSv$RO*}yCwtIm1t_UZmLyX~M&&9h@|D$W{ozh6bGqB_
zDeyQ2{b9NomNVHoKNk05DkE#*D{*S;oSn@wS^1@mmZ2B<a$QAMp3ht0DXgsgaa{%r
z;%rz;;R`%PZYNqz=1=#<He;%-VX_8xNA<72=yCaOdALN9u5}jIbkXANYE7FKJE+)q
zy_`;lT<Z5TK+ZWcDo=&S8*sBK(&qCrK2LBC1ND0-!&_RM>-O8H<Fwlh;Y!dtXqH``
zplQwWe189e-g2#iZhx`I3zk`7F08Z5l1&P4R*-cFlB1+Fm=H59;#TH%HiXA(<;tB?
z?8|pse@2U2(zIo9rG<s8vTdeo7a8`>46V4iePws;l63p|!CF>IYN4}Q&fap*FL5@m
z{rN;~izYsrtfkopCTsU-cG*<zm86VfIoQtKat8Eax>*rdajvJZ)K?m?hvsU@+9)sH
za<i}s@+bv@uG}I|U=AlChUI8vb+NM;Qh-r0+(6Lpk>|yd!$=Sl^0Z3(=RECaBgL6v
zXF8{yJ8>XE6YLX(+H|vDk^6dAFtQp!e`&xu5drpvD_Bar$O>HVD)Qu8lgAHpt_Lx+
zNSmJ+sZ8!|Vu>e<w22+Mm1gI9g0f)Ly{&O05qn#Cem4p7?T?GJjxFsmH){<|#F!=8
zMfUn7+B14T8P)G*4LLh34r6vnceb`$j)(!duU9u#AZCt_{VI~5(>mDKFVi-eR*}aQ
zkekxu<uk(Pjq!LRwYvO~#jq3a)Z(-@XY_f#;>J^N>npV#dNX&>#V&U&V%uHXfDV!E
zea0(#IwI>O-nmN?_OjL5^DUa4u>?Ac6E3ZT7`0KWO>!?Nlj8~cd{&XqTWFu!sP)zC
zL7O$JNq<iuAcqqzFsAqq3X9t^dc4#INwBZls_oRem2xb+K~G-fK9G|nv4OxGIcsu(
z<+_TT$F()~TaRnS+9-di*DI5a^!SUtg?{!m8_Dl{0LUvKA%-&(#T1qlW=A&DA5iv?
zC$$yEkjPd&b9qHJIA`|END^YsOvazLwP>i){+$}RWX@a~PPv<^wI24qYHgmDB~LH2
z!(iNgzt102;_)(G|AHL$IC2j2Srqh?*u87CgNAL|+Ce>0&cd1PYS-=3I%)Qy-P&Tq
zo>#Ap(<%?XmL~qwpuJ=O6dPx2t?fPgwXwR$I>_~rdr*75nLX=OZH{Jt9@6rRWG8W8
zkX7h$HeG4SV<X<s^gQQea8le{E&11RN;qO1fYFy<dTI2sJbOkw-U44j%>Uvtan$rt
zQ=>k)uE?p99%9&A+Q44!`P^ah1}pLV3jMC)gqTt<N8h=Q-Sgdfr5sgd5)0qb(nR1b
zZB$22Sibc~S9u+j__$B)EpKVlw6y4zWED5w?mxb*oo?P(V}E*B+iEn;^OVeS`{jPR
z<A`>kt^4dGt2-fj8`vX{YAyBdF3ul2O>Rhed2<IaKb$Gv3ME!fPL6!I1$x?3j%l0X
zMB;I+yU07P9kz2n)<$dgzE8BNx;^l7?PAS7dO}-ow(OhTw@-H8epa6g2KGI#SD$|N
zZ6~#vapKe|twI$1q9qCbf7xYr?N8boU3_y&YbQ27Yc#cQ{Y9H@Bs;IekR7TD)rP9V
zi^40!q_#$S(#}S&EFeM{de2s8-;<%8zk4<Ilus?G`^!gTcu}Z6v?shGv^!KULRaYR
zwVvYWZ`!<M=T-M7Yx_p29mM}#9T2Cwlt^{bgGwAnv8m2zt@W%Mse24@_zJyMJ16wn
zN8g_!8;o15F!TZ9qu;bH;=|vxjJ1~D&fah6KeQ4e$?PV!&oj~z0|_zViclT1wl7>E
zTrcRUB4xaunqY+*LiMa?LX6ngRL|^0C%i1QGkj}!A#<=@;zK(_by1jI+eUvv7weMD
zu1?%$0bYpm8Of7Sv>dOe>CD)S$Bax-(pNX_S?%<LO-0wvda^h**~}Jgy6G$J*ShIj
zGkZP|swQ+*cwu;PXa|Muv#4)pXfHXLduxPGJrWb_1!MHLyV-XY>-&?N-W95)usVkD
z+Y-I4DX+PE_8Fa%*a}437hWFPD<6j<d7<9A?Ssx3stLX)yxa=kMz#vMVZtj#c$Lwn
zwS`Na6<$TkJ>ga1mDno6t8&D=C3?D;T&~}8Vd#ExEt0sM?1d`1A40pVP>rnHnaV{N
zcJ?N=+!U6?FrY=DDzWJzGfnhqZkmP_vc(-w>Y3%yccb(83$10idsuf^J*%qrvJA0@
zN^VoNEp`mDYAPd71+~_ZVg*T<h42bg7MS|bZsu{XoJW~Hyi_h)XqS4aIvFR)={{3p
zc(L4cq3z-2jJ!e)P)6+S*r`D-xidst1|{M0NS221VmXJ{_lk)(=^6Gb<$5Q>V5UXI
zA){4O4rQbDiOY6gkIrg{FBa+Vh+ZG-DRGfksL=KrZ3acgU&B<eIF!L8%1%AIqslpg
zku{aI%f!x#?vnFN0aI?$)9vRL>&>+`^$}-ghY&1L_*M|RLVLu}R%UurxlNo26`Kl-
zRHq#KwOjQA2|_R6AiQ5|#EI>z^fuZiQLP!R#lmeytX;iIpC2nu-K}>PL)Yr@;?#bl
zt(GII*XVu3>CJkAJ#DSNC_eikxk7R!<@{Oli(HEE?X;DDnr-pT27Q=)_<p@#tax>^
zet~9*RmFN2yVpayxApYUW;xYN_)a-o4grjlr>;6qNHz<`fAyhSWoiH}!SdWx;p}Xa
zgqYAqdexzNs;RQXEyIn>tpCzgtlO>sk}3~Q9pjSgutScFOLkQ~lf7k+UKnSeJfLsN
zus=AWf0|==YHqyVJw+B8!8)_SNffRfMw)%HpYbn4RG4}jyVd!|jfTB{ps~_QXZ`A(
ziuXx)^r0+DMjEY+P*s9BHpB4RduA9<YOU*?LgX0P+KiJau8<#FPp>o5d)GUc+FwGL
zfEww-6p)H}6DMt!`h(6U>pjcpA(qcF?h||OH4?<S(S~KOy~g;kNoTq3es?J~Ix(Rt
zdHzJsc0D6D^1?1HF#0u3uO-PUIYp5Z;+)UWPVservyITE=ox9wr4*ePr^AP<y~$_v
z)kKSVMk`^?HCu_H^Ne=lwG!j@B;MJSA@`HB_r=Ahv;is3*;f|@C1SBJnrED2iA=5*
z`{Zh4OOm*FvvIfm{bu8|nc{4k27<^tf0umQi%sQ5`)2BPkxD!Cm@y<l-q*9gHPX`5
z+&bH--kEB)lt{kNXqO}}yPC7ti=(t#Z8vylh4&fh_k3W)ik4Z1*+gzamQ)PdZdmeE
z#fqdXPSUhm<Js6q|5%~kBq?%_DsUu8ThU>+F-hd_FjAcGqHu@NQVb!EU9{U6qlvZ!
zdZPX99%FeYasIDHvRFMsZx`!)*FhXBFouY&_ZvLX-!;w?gD*2v?N8q|F4RQ7!Dgqn
zXNN3Lj@&=azNTYm9yMC%!vB$xV$VEg#3m&$(E5<P<8BwLM(Jr;F$@QfB^)}Q8j&Mr
zA^vVY7{Sdm%noAcb|c=N{iU(r6yKdPQWNC|M>Khrc-m+7PLf-Mj~e-?ms`l5`K{4J
zvv2>-_(s1l`igf_%8OZkGE*wMD|)i!1t4z&=N1m_b}m;wxCeh{bZz?wo2-?6FK<43
z!6~CYP7f~@C(qGa$w_S@z6$Ccdi`k}+#C(g=(t^-oC_PD&2)qFByRfEXk$<K)mX2^
z|L&5Fm8k~u05QCE9n8*#=$~sO_pb_VcaDW~cQ2OFV?uv%yEu!&wDS=i+9kHNFf#3n
z4Kp|1u5V^G#EQ?i8qHd&&$=@+YR^hG=jtMPnbF>UG1Yt|&fePAoS}<{rWomB=2*7N
zx(?<ZO;j$`Q<^9*QN4>xV0aHR#lEDI`Lii1x|$b=<Zfm^JE@zwAj5uch$)|({n!!f
zhnb0Sop=k$n>4h0P-N;OAHU0(T<10tUye3A*pG}cdzxa(bfcp<u+C`Jj_bw>Js5f*
zw1Ef21EEc!&7mhk+nhI)b0xI?%PWDEJQJe56XO2Ry3l$8REF*j-Nom1$j+AQFFIA}
zX<}`Io)jlfHh%MZbB%mB-kh5#KLG1^!R_M_u~Jl&aoxQ%+~_JonWiajD>GY&HJ6$h
z;>d752Pa%=UejKFgw!+f^1gAN)0XqOA;-B$%$aI-7S;C}>Gl(snvd%}oR5R(RR(;O
z71<~(+wZP)d&(p;Ul$GU=y7SzPWmH207$j#rkGE~i{WF9jQHrIQzTz)X4-{Uo7ZY$
z@NuI{ntYx{Ge$4Z7|~~@+0Oo82LH!`zAO%(Q4%6QaOIh)J#*}wRiaA%yb}3CiYHvr
z)An9#x)Oy}Z2CmG&ulGbdd)=plVWqVCf1ag<3!PX^Gcgv4YX3T$NNp&)W=K^nRCsy
V;&7SS#$I1$PSI_C-Oa!z{{wVnxPAZt

diff --git a/po/ru.po b/po/ru.po
index aaacd33..ebfb6ec 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1,20 +1,18 @@
 # Copyright (C) 2020 Free Software Foundation, Inc.
-# Copyright (C) 2006 Maxim Britov
-# Copyright (C) 2014-2021 Ineiev
 # This file is distributed under the same license as the GnuPG package.
 # Maxim Britov <maxim.britov@gmail.com>, 2006.
 #              !-- no such user (2011-01-11)
 # Thanks Pawel I. Shajdo <pshajdo@gmail.com>.
 # Thanks Cmecb for the inspiration.
-# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021
+# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016, 2017, 2018, 2019, 2020
 #
 # Designated-Translator: none
 msgid ""
 msgstr ""
 "Project-Id-Version: GnuPG 2.2.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2021-10-12 08:13+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2020-07-20 17:41+0100\n"
 "Last-Translator: Ineiev <ineiev@gnu.org>\n"
 "Language-Team: Russian <gnupg-ru@gnupg.org>\n"
 "Language: ru\n"
@@ -24,58 +22,58 @@ msgstr ""
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11) ? 0 : ((n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20)) ? 1 : 2);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "сбой при блокировке для ввода пароля: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|Отмена (_C)"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|Да (_Y)"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|Нет (_N)"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|Сохранить в диспетчере паролей (_S)"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Вы действительно хотите, чтобы фраза-пароль была видна на экране?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|Показывать фразу-пароль"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|Скрывать фразу-пароль"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
-msgstr "Предложить"
+msgstr ""
 
 #. TRANSLATORS: This string is a tooltip, shown by pinentry when
 #. hovering over the generate button.  Please use an appropriate
@@ -84,24 +82,17 @@ msgstr "Предложить"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
+#, fuzzy
+#| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
-msgstr "Предложить случайную фразу-пароль."
-
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "Замечание: Пробелы частью фразы-пароля не являются."
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "Недопустимая фраза-пароль"
+msgstr ""
+"Стойкость введенного выше текста. Проконсультируйтесь у администратора о "
+"критериях оценки стойкости."
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Стойкость:"
 
@@ -111,101 +102,95 @@ msgstr "Стойкость:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Стойкость введенного выше текста. Проконсультируйтесь у администратора о "
 "критериях оценки стойкости."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr "Введите PIN, чтобы сделать секретный ключ доступным в этом сеансе"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
 "Введите фразу-пароль, чтобы сделать секретный ключ доступным в этом сеансе"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Фраза-пароль:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "не подходит - попробуйте еще раз"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (попытка %d из %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Повторите:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "Слишком длинный PIN"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Слишком длинная фраза-пароль"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Недопустимые символы в PIN"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "Слишком короткий PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Неверный PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Неверная фраза-пароль"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "ошибка получения серийного номера карты: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Повторите фразу-пароль:"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -216,61 +201,51 @@ msgid ""
 msgstr ""
 "Введите фразу-пароль для защиты импортированных объектов в системе GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ключи ssh длиннее %d бит не поддерживаются\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "не могу создать '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "не могу открыть '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "обнаружена карта, серийный номер: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "на карте нет ключа удостоверения личности для ssh: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "на карте не найдено подходящего ключа: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "ошибка получения списка карт: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -279,20 +254,20 @@ msgstr ""
 "Процесс ssh запросил доступ к ключу%%0A  %s%%0A  (%s)%%0AВы хотите это "
 "позволить?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Позволить"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Отказать"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Введите фразу-пароль для ключа ssh%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -301,91 +276,87 @@ msgstr ""
 "Введите фразу-пароль для защиты полученного секретного ключа%%0A   %s%%0A   "
 "%s%%0Aвнутри хранилища ключей агента gpg"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "сбой создания потока из сокета: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Вставьте карту с серийным номером"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Удалите текущую карту и вставьте карту с серийным номером"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Административный PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "Код разблокировки PIN (PUK)"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Код сброса"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "Нажмите кнопку подтверждения на карте."
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "Вводите на клавиатуре считывателя."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Повторите код сброса"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Повторите ввод PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Повторите ввод PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Код сброса повторен неверно; попробуйте еще раз"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK повторен неверно; попробуйте еще раз"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN повторен неверно; попробуйте еще раз"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Введите PIN%s%s%s для доступа к карте"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "ошибка записи в %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "ошибка создания временного файла: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "ошибка записи во временный файл: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Введите новую фразу-пароль"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Все равно принять"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Вы не ввели фразу-пароль!%0AПустая фраза-пароль недопустима."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -394,11 +365,11 @@ msgstr ""
 "Вы не ввели фразу-пароль - это, как правило, плохая мысль!%0AПодтвердите, "
 "что Вы действительно не хотите защищать свой ключ."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Да, защита не нужна"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
@@ -406,7 +377,7 @@ msgstr[0] "Фраза-пароль не должна быть короче %u с
 msgstr[1] "Фраза-пароль не должна быть короче %u символов."
 msgstr[2] "Фраза-пароль не должна быть короче %u символов."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -421,232 +392,243 @@ msgstr[2] ""
 "Фраза-пароль должна содержать по меньшей мере %u цифр или%%0Aспециальных "
 "символов."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "Фраза-пароль не должна быть известным выражением и не должна быть составлена"
 "%%0Aпо определенному образцу."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Внимание: Вы ввели небезопасную фразу-пароль."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Все равно принять"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Введите фразу-пароль%0Aдля защиты нового ключа"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Введите новую фразу-пароль"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Параметры, полезные для отладки"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "запуск в режиме демона (фоновый режим)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "запуск в режиме сервера (нефоновый режим)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "запуск в подконтрольном режиме"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "не отсоединяться от консоли"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "вывод команд в стиле sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "вывод команд в стиле csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|взять параметры из файла FILE"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Параметры, управляющие выводом диагностики"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "подробно"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "сократить подробности"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|сохранять журнал режима сервера в файле FILE"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Параметры, управляющие настройками"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "не использовать демон криптографических карт"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|использовать программу PGM как демон криптографических карт"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|использовать программу PGM как демон криптографических карт"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|принимать некоторые команды по NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "игнорировать запросы смены терминала"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "игнорировать запросы смены дисплея XWindow"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "включить поддержку ssh"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|использовать для отображения отпечатков алгоритм ALGO"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "включить поддержку putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Параметры, управляющие безопасностью"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|сбрасывать запомненный PIN через N секунд"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|сбрасывать ключи SSH по истечении N секунд"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|установить максимальный срок запоминания PIN N секунд"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|установить максимальный срок действия ключа SSH N секунд"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "не использовать запомненный PIN при подписывании"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "не позволять пользоваться внешней памятью паролей"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "не позволять клиентам помечать ключи как \"доверенные\""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "разрешить предустанавливать фразу-пароль"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Параметры, обеспечивающие правила для фраз-паролей"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "не позволять обходить правила для фраз-паролей"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|установить минимальную длину фразы-пароля равной N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|n|требовать для новой фразы-пароля не менее N неалфавитных символов"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|проверять новую фразу-пароль по файлу образцов FILE"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|считать фразу-пароль устаревшей через N дней"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "не разрешать повторное использование старых фраз-паролей"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Параметры, управляющие безопасностью"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 "не позволять вызывающей программе замещать собой программу ввода пароля"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "не захватывать клавиатуру и мышь"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|использовать программу PGM для ввода паролей"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|установить время ожидания ввода пароля N секунд"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "разрешить ввод фразы-пароля через Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Об ошибках в программе сообщайте по адресу <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Вызов: @GPG_AGENT@ [параметры] (-h - подсказка)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -654,136 +636,131 @@ msgstr ""
 "Синтаксис: @GPG_AGENT@ [параметры] [команда [аргументы]]\n"
 "Управление секретными ключами для @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "запрошен недопустимый уровень отладки '%s'\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "выбрана недопустимая хеш-функция\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "чтение параметров из '%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "Замечание: '%s' не считается параметром\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "не могу создать сокет: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "слишком длинное имя сокета '%s'\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "агент gpg уже запущен - еще один, новый, запущен не будет\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "ошибка получения разового кода для сокета\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "ошибка связывания сокета с '%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "не удалось задать права доступа для '%s': %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "слушаем сокет '%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "не могу создать каталог '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "создан каталог '%s'\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "сбой stat() для '%s': %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "невозможно использовать '%s' как домашний каталог\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "ошибка чтения разового кода из файлового дескриптора %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "обработчик 0x%lx для файлового дескриптора %d запущен\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "обработчик 0x%lx для файлового дескриптора %d завершился\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "обработчик ssh 0x%lx для файлового дескриптора %d запущен\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "обработчик ssh 0x%lx для файлового дескриптора %d завершился\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "сбой npth_pselect: %s - жду 1 секунду\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s остановлен\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "в этом сеансе агент gpg не работает\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -791,11 +768,11 @@ msgstr ""
 "@Параметры:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Вызов: gpg-preset-passphrase [параметры] КОД_КЛЮЧА (-h - подсказка)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -803,8 +780,8 @@ msgstr ""
 "Синтаксис: gpg-preset-passphrase [параметры] КОД_КЛЮЧА\n"
 "Работа с буфером паролей\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -812,8 +789,8 @@ msgstr ""
 "@Команды:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -823,11 +800,11 @@ msgstr ""
 "Параметры:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Вызов: gpg-protect-tool [параметры] (-h - подсказка)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -835,22 +812,22 @@ msgstr ""
 "Синтаксис: gpg-protect-tool [параметры] [аргументы]\n"
 "Средство работы с секретными ключами\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Введите фразу-пароль для снятия защиты с объекта PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Введите фразу-пароль для защиты нового объекта PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Введите фразу-пароль для защиты импортированных объектов в системе GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -858,53 +835,52 @@ msgstr ""
 "Введите фразу-пароль или PIN,\n"
 "необходимые для выполнения данной операции."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "отменено\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "ошибка запроса ввода фразы-пароля: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "ошибка открытия '%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "файл '%s', строка %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "выражение \"%s\" в '%s' игнорируется, строка %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "системный список доверия '%s' не доступен\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "недопустимый отпечаток в '%s', строка %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "недопустимый признак ключа в '%s', строка %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "ошибка чтения '%s', строка %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "ошибка чтения списка доверенных корневых сертификатов\n"
@@ -917,7 +893,7 @@ msgstr "ошибка чтения списка доверенных корнев
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -926,11 +902,11 @@ msgstr ""
 "Действительно абсолютно верить, что%%0A  \"%s\"%%0Aправильно заверяет "
 "сертификаты пользователя?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Да"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Нет"
@@ -943,7 +919,7 @@ msgstr "Нет"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -954,21 +930,21 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Подтверждаю"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Неверно"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Замечание: Фразу-пароль никогда не меняли.%0AПожалуйста, смените ее сейчас."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -976,26 +952,26 @@ msgid ""
 msgstr ""
 "Фраза-пароль не менялась%%0Aс %.4s-%.2s-%.2s. Пожалуйста, смените ее сейчас."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Сменить фразу-пароль"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Сменю позже"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Вы действительно хотите удалить ключ с кодом%%0A  %s%%0A  %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Удалить ключ"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1003,92 +979,92 @@ msgstr ""
 "Внимание: этот ключ также находится в списке для применения с SSH!\n"
 "Удаление его может лишить Вас возможности доступа к удаленным машинам."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA требует длины хеша, кратной 8 битам\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s ключ использует небезопасный (%u-битный) хеш\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zu-битный хеш недопустим для %u-битного ключа %s\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "сбой проверки созданной подписи: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "секретная часть ключа недоступна\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "алгоритм шифрования с открытым ключом %d (%s) не поддерживается\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "алгоритм защиты %d (%s) не поддерживается\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "хеш-функция защиты %d (%s) не поддерживается\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "ошибка при создании канала конвейера: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "ошибка при создании потока для канала конвейера: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "ошибка при дублировании процесса: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "сбой при ожидании завершения процесса %d: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "ошибка выполнения '%s': возможно, не установлен\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "ошибка выполнения '%s': статус завершения %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "ошибка выполнения '%s': прервано\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "сбой при ожидании завершения процесса: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "ошибка получения кода возврата процесса %d: %s\n"
@@ -1103,33 +1079,33 @@ msgstr "не могу подключиться к '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "проблема задания параметров агента gpg\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "не могу отключить создание файла образа памяти: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Внимание: небезопасный владелец объекта %s \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Внимание: небезопасные права доступа объекта %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "ожидаю доступа к файлу '%s'\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "сбой при переименовании '%s' в '%s': %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "да|yes"
 
@@ -1183,50 +1159,101 @@ msgstr "выход за предел безопасной памяти при р
 msgid "out of core while allocating %lu bytes"
 msgstr "выход за границы при размещении %lu байтов"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "ошибка выделения достаточной памяти: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: устаревший параметр \"%s\" - игнорируется\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "Внимание: параметр \"%s%s\" устарел - он игнорируется\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "неизвестный отладочный флаг '%s' игнорируется\n"
 
-#: common/asshelp.c:335
-#, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "ожидаю подключения %s ... (%iс)\n"
 
-#: common/asshelp.c:347
-#, c-format
-msgid "connection to %s established\n"
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "ожидаю подключения %s ... (%iс)\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "ожидаю подключения %s ... (%iс)\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
+msgstr "соединение с %s установлено\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the keyboxd established\n"
 msgstr "соединение с %s установлено\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to %s established\n"
+msgid "connection to the agent established\n"
+msgstr "соединение с %s установлено\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "Dirmngr не выполняется - запуск '%s'\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "соединение с агентом в ограниченном режиме\n"
+
+#: common/asshelp.c:725
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "агент gpg не работает - запускаем '%s'\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "ошибка получения версии из '%s': %s\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:731
 #, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "соединение с агентом в ограниченном режиме\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "сервер '%s' старше нас (%s < %s)"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "Dirmngr не выполняется - запуск '%s'\n"
+msgid "WARNING: %s\n"
+msgstr "Внимание: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Замечание: На старых серверах могут оставаться ошибки, критичные для "
+"безопасности.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Замечание: Для их перезагрузки воспользуйтесь командой \"%s\".\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1296,7 +1323,7 @@ msgid "algorithm: %s"
 msgstr "алгоритм: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "алгоритм (не поддерживается): %s"
@@ -1371,11 +1398,11 @@ msgstr "Цепочка сертификатов достоверна"
 msgid "Root certificate trustworthy"
 msgstr "Корневой сертификат достоверен"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "для сертификата не найден список отозванных сертификатов"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "доступный список отозванных сертификатов слишком стар"
 
@@ -1412,7 +1439,7 @@ msgstr "Нет справки для '%s'."
 msgid "ignoring garbage line"
 msgstr "игнорируем дефектную строку"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[отсутствует]"
 
@@ -1421,128 +1448,25 @@ msgstr "[отсутствует]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "недопустимый символ radix64 %02x пропущен\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
-msgstr "Работа в пакетном режиме - ввод не принимается\n"
+msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
-msgstr "Терминал не задан - ввод не принимается\n"
+msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
-msgstr "слишком много ошибок; завершение\n"
+msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
-msgstr "Обнаружен символ Control-D\n"
-
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "неожиданный параметр"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "ошибка чтения"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "слишком длинное ключевое слово"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "пропущен аргумент"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "недопустимый аргумент"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "недопустимая команда"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "недопустимое определение синонима"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "ошибка прав доступа"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "нехватка выделенной памяти"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "недопустимая метакоманда"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "неизвестная метакоманда"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "неожиданная метакоманда"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "недопустимый параметр"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "не хватает аргумента для параметра \"%.50s\"\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "недопустимый аргумент для параметра \"%.50s\"\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "у параметра \"%.50s\" не должно быть аргумента\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "недопустимая команда \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "параметр \"%.50s\" неоднозначен\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "команда \"%.50s\" неоднозначна\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "недопустимый параметр \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "Замечание: основной файл параметров '%s' не обнаружен\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "файл параметров '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
 msgstr ""
-"Замечание: параметр \"--%s\" игнорируется согласно глобальным настройкам\n"
 
 #: common/utf8conv.c:123
 #, c-format
@@ -1559,131 +1483,132 @@ msgstr "сбой в iconv_open: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "сбой преобразования '%s' в '%s': %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "сбой при создании временного файла '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "ошибка записи в '%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "удаляю залипшую блокировку (созданную процессом %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "жду снятия блокировки (заблокировано процессом %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(мертвая точка?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "блокировка '%s' не выполнена: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "ожидаю снятия блокировки %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "слишком старая версия %s (нужно %s, есть %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "текстовый формат: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "недопустимый текстовый заголовок: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "текстовый заголовок: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "недопустимый заголовок текстовой подписи\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "неизвестный текстовый заголовок: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "вложенные текстовые подписи\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "неожиданный текстовый формат: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "недопустимая строка с выключенными дефисами: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "недопустимый символ radix64 %02X (игнорируется)\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "преждевременный конец файла (нет контрольной суммы)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "преждевременный конец файла (в контрольной сумме)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "поврежденная контрольная сумма\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "ошибка контрольной суммы; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "преждевременный конец файла (в дополнении)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "ошибка в строке дополнения\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "не найдено данных формата OpenPGP.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "недопустимый текстовый формат: строка длиннее %d символов\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1691,12 +1616,12 @@ msgstr ""
 "символ quoted printable в текстовом формате - испорчено почтовой "
 "программой?\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ не для чтения человеком (%zu байт: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1705,377 +1630,372 @@ msgstr ""
 "имя замечания должно содержать только печатные символы или пробелы и "
 "заканчиваться знаком '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "имя пользовательского замечания должно содержать символ '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "имя замечания не должно содержать более одного символа '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "в тексте замечания не должно быть управляющих символов\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "имя замечания не должно содержать символа '='\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "имя замечания должно содержать только печатные символы или пробелы\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "Внимание: найдена недопустимая форма записи замечания\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "сбой при трансляции запроса %s клиенту\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Введите фразу-пароль:"
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "ошибка получения версии из '%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "сервер '%s' старше нас (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "Внимание: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Замечание: На старых серверах могут оставаться ошибки, критичные для "
-"безопасности.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s не совместим с режимом %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Замечание: Для их перезагрузки воспользуйтесь командой \"%s\".\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "ошибка чтения из %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s не совместим с режимом %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "проблема с агентом: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "в этом сеансе dirmngr не работает\n"
 
-#: g10/call-dirmngr.c:243
-#, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#: g10/call-dirmngr.c:212
+#, fuzzy, c-format
+#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "параметр сервера ключей \"%s\" нельзя использовать в режиме %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD пользуется сохраненным результатом"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor не работает"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor не настроен должным образом"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS не настроен должным образом"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "недопустимое перенаправление HTTP с сервера"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "недопустимое перенаправление HTTP с сервера сброшено"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "на сервере применяется непригодный сертификат"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "Замечание: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "Карта OpenPGP недоступна: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Обнаружена карта OpenPGP номер %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "в пакетном режиме это действие невозможно\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Эта команда доступна только для карт версии 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Код сброса (больше) не доступен\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Ваш выбор? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[не установлено]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "Уважаемый"
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "Уважаемая"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "не требуется"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "требуется"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Ошибка: Допустим только простой текст ASCII.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Ошибка: Нельзя использовать символ \"<\".\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Ошибка: Двойные пробелы недопустимы.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Фамилия держателя карты: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Имя держателя карты: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Ошибка: Слишком длинное полное имя (предел - %d символов).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "URL для получения открытого ключа: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "ошибка чтения '%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "ошибка записи '%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Учетная запись (имя): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Секретные данные DO:"
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Предпочтительный язык: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Ошибка: недопустимая длина строки предпочтений.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Ошибка: недопустимые символы в строке предпочтений.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "Приветствие (M = Уважаемый, F = Уважаемая, пробел - не задано): "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Ошибка: недопустимый ответ.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "отпечаток удостоверяющего центра: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Ошибка: недопустимый формат отпечатка.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "операция с ключом невозможна: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "это не карта OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "ошибка при считывании информации ключа: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Заменить существующий ключ? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "Замечание: Нет никакой гарантии, что карта поддерживает запрошенный размер.\n"
 "           Если создать ключ не удастся, сверьтесь с документацией\n"
 "           на карту и выясните, какие размеры допустимы.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Какой размер ключа Вам необходим? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "округлен до %u бит\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "размер ключей %s должен быть в пределах %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Изменение атрибутов ключа на карте:"
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Ключа для подписи\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Ключа для шифрования\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Ключа для удостоверения личности\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Выберите тип ключа:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Неправильный выбор.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "Теперь карта будет перенастроена на генерацию ключа длиной %u бит\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Теперь карта будет перенастроена на генерацию ключа типа %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "ошибка изменения атрибута ключа %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "ошибка при считывании информации карты: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Данная команда этой картой не поддерживается\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Сделать вне карты архивную копию ключа шифрования? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "Замечание: ключи уже хранятся на карте!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Заменить существующие ключи? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2086,185 +2006,201 @@ msgstr ""
 "   PIN = '%s'    Админ. PIN = '%s'\n"
 "Вам следует изменить их командой --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Выберите тип создаваемого ключа:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Ключ подписи\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Ключ шифрования\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Ключ удостоверения личности\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Выберите, где хранить ключ:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "сбой записи ключа на карту: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "Замечание: эта команда сотрет с карты все ключи!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Продолжить? (y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "Подтвердите сброс к заводским установкам (введите \"yes\") "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "ошибка при настройке KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "ошибка при настройке KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "выйти из этого меню"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "показать административные команды"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "показать данную справку"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "вывести все доступные данные"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "изменить имя держателя карты"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "изменить URL получения ключа"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "запросить ключ по заданному картой URL"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "изменить имя учетной записи"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "изменить языковые предпочтения"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "изменить приветствие для держателя карты"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "сменить отпечаток удостоверяющего центра"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "переключить признак 'подпись требует PIN'"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "создать новые ключи"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "меню изменения или разблокировки PIN"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "проверить PIN и показать все данные"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "разблокировать PIN с помощью кода сброса"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "уничтожить все ключи и данные"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "настроить KDF для проверки по PIN"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "изменить атрибут ключа"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "изменить уровень доверия владельцу"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Команды администрирования\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Команды администрирования разрешены\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Команды администрирования не разрешены\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Недопустимая команда (список команд: \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output для данной команды не работает\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "не могу открыть '%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "ключ \"%s\" не найден: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "ошибка чтения блока ключей: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "ключ \"%s\" не найден\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(если только ключ не задан отпечатком)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "не могу выполнить в пакетном режиме без \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(если только ключ не задан отпечатком)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr "Замечание: Будут удалены открытый первичный ключ и все его подключи.\n"
@@ -2305,9 +2241,9 @@ msgstr "ключа"
 msgid "subkey"
 msgstr "подключа"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "сбой при обновлении: %s\n"
@@ -2332,165 +2268,127 @@ msgstr "имеется секретный ключ для открытого к
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "сначала удалите его командой \"--delete-secret-keys\".\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"Внимание: принудительное использование симметричного шифра %s (%d)\n"
-"          нарушает предпочтения получателя\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "ошибка при создании фразы-пароля: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "не могу использовать симметричный пакет ESK из-за режима S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "используется симметричный шифр %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "'%s' уже сжат\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "Внимание: файл '%s' пуст\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "хеш-функцию '%s' нельзя использовать в режиме %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "Внимание: ключ %s не подходит для шифрования в режиме %s\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "чтение из '%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"Внимание: принудительное использование симметричного шифра %s (%d)\n"
+"          нарушает предпочтения получателя\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "Внимание: ключ %s не подходит для шифрования в режиме %s\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "Внимание: сжатие алгоритмом %s (%d) нарушает предпочтения получателя\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"принудительное использование симметричного шифра %s (%d) нарушает "
+"предпочтения получателя\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s зашифровано для пользователя \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "параметр '%s' нельзя использовать в режиме %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "данные зашифрованы алгоритмом %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "зашифровано неизвестным алгоритмом %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "Внимание: сообщение было зашифровано слабым ключом симметричного шифра.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "проблема обработки зашифрованного пакета\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "удаленный запуск программы не поддерживается\n"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
+msgstr "экспортировать подписи, помеченные как 'только локальные'"
 
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"вызов внешних программ отключен из-за небезопасных прав доступа к файлу "
-"настроек\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"на данной платформе при вызове внешних программ требуются временные файлы\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "не могу выполнить программу '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "не могу выполнить оболочку '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "ошибка системы при вызове внешней программы: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "ненормальное завершение внешней программы\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "не могу выполнить внешнюю программу\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "не могу прочитать ответ внешней программы: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "Внимание: не могу удалить временный файл (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "Внимание: не могу удалить временный каталог '%s': %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr "экспортировать подписи, помеченные как 'только локальные'"
-
-#: g10/export.c:121
-msgid "export attribute user IDs (generally photo IDs)"
+#: g10/export.c:121
+msgid "export attribute user IDs (generally photo IDs)"
 msgstr ""
 "экспортировать атрибутные идентификаторы пользователя (обычно "
 "фотоидентификаторы)"
@@ -2507,381 +2405,383 @@ msgstr "удалить при экспорте непригодные части
 msgid "remove as much as possible from key during export"
 msgstr "при экспорте удалить из ключа как можно больше"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "пользоваться архивным форматом ключей GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - пропущено"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "сохраняю в '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "ключ %s: материал ключа на карте - пропущен\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "экспорт секретных ключей не разрешен\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "ключ %s: ключ типа PGP 2.x - пропущен\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "Внимание: нечего экспортировать\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "ошибка создания '%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Идентификатор пользователя не найден]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "автоматически получили '%s' через %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "ошибка получения '%s' через %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Нет отпечатка"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "поиск обновленной копии просроченного ключа по %s\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "секретный ключ \"%s\" не найден: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(проверьте аргумент параметра '%s')\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Внимание: '%s' не используется в качестве основного ключа: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr ""
 "\"%s\" используется в качестве основного секретного ключа для подписи\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "все значения, переданные в '%s', игнорируются\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Параметр --allow-non-selfsigned-uid сделал недостоверный ключ %s "
 "достоверным\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "использую подключ %s вместо первичного ключа %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "недопустимые значения для параметра \"%s\"\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "создать подпись"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "создать текстовую подпись"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "создать отделенную подпись"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "зашифровать данные"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "шифрование только симметричным шифром"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "расшифровать данные (по умолчанию)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "проверить подпись"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "вывести список ключей"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "вывести список ключей и подписей"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "вывести и проверить подписи ключей"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "вывести список ключей и их отпечатков"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "вывести список секретных ключей"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "создать новую пару ключей"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "быстро создать новую пару ключей"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "быстро добавить новый идентификатор пользователя"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "быстро отозвать идентификатор пользователя"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "быстро установить новый срок действия"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "создание полноценной пары ключей"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "создать сертификат отзыва"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "удалить ключи из таблицы открытых ключей"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "удалить ключи из таблицы секретных ключей"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "быстро подписать ключ"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "быстро подписать ключ локально"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
+#, fuzzy
+#| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
-msgstr "быстро отозвать подпись с ключа"
+msgstr "быстро отозвать идентификатор пользователя"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "подписать ключ"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "подписать ключ локально"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "подписать или редактировать ключ"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "сменить фразу-пароль"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "экспортировать ключи"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "экспортировать ключи на сервер ключей"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "импортировать ключи с сервера ключей"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "искать ключи на сервере ключей"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "обновить все ключи с сервера ключей"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "импортировать/объединить ключи"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "показать состояние карты"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "изменить данные на карте"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "сменить PIN карты"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "обновить таблицу доверия"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "вывести хеши сообщений"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "запуск в режиме сервера"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|установить правила TOFU для ключа"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|использовать NAME как основной секретный ключ"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|зашифровывать также для идентификатора пользователя NAME"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|установить синонимы электронной почты"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "строго следовать стандарту OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "не делать никаких изменений"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "спросить перед перезаписью"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Параметры, управляющие безопасностью"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Параметры, управляющие выводом диагностики"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "вывод в текстовом формате"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|выводить данные в файл FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "использовать канонический текстовый режим"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|установить уровень сжатия N (0 - без сжатия)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Параметры, управляющие интерактивностью и принудительными действиями"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MECHANISMS|использовать механизмы MECHANISMS для поиска ключей по адресу "
 "электронной почты"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "импортировать недостающий ключ из подписи"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "вносить открытый ключ в подписи"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "полностью запретить доступ к dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Параметры, управляющие настройками"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "вывести список секретных ключей"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|зашифровать для пользователя USER-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|использовать ключ USER-ID для подписи и расшифровки"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2889,7 +2789,7 @@ msgstr ""
 "@\n"
 "(Полный список команд и параметров см. на странице man)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2909,11 +2809,11 @@ msgstr ""
 " --list-keys [имена]        показать ключи\n"
 " --fingerprint [имена]      показать отпечатки\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Вызов: @GPG@ [параметры] [файлы] (-h - подсказка)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2923,7 +2823,7 @@ msgstr ""
 "Подписи и их проверка, шифрование и расшифровка\n"
 "Действие по умолчанию зависит от входных данных\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2931,95 +2831,95 @@ msgstr ""
 "\n"
 "Поддерживаются следующие алгоритмы:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "С открытым ключом: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Симметричные шифры: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Хеш-функции: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Алгоритмы сжатия: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "вызов: %s [параметры] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "несовместимые команды\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "в определении группы '%s' отсутствует знак =\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "Внимание: небезопасный владелец домашнего каталога '%s'\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "Внимание: небезопасный владелец файла настроек '%s'\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "Внимание: небезопасный владелец файла модуля расширения '%s'\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "Внимание: небезопасные права доступа к домашнему каталогу '%s'\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "Внимание: небезопасные права доступа к файлу настроек '%s'\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "Внимание: небезопасные права доступа к файлу модуля расширения '%s'\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "Внимание: небезопасный владелец каталога, содержащего домашний каталог '%s'\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr ""
 "Внимание: небезопасный владелец каталога, содержащего файл настроек '%s'\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "Внимание: небезопасный владелец каталога,\n"
 "          содержащего модуль расширения '%s'\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "Внимание: небезопасные права доступа к каталогу,\n"
 "          содержащему домашний каталог '%s'\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3027,461 +2927,477 @@ msgstr ""
 "ВНИМАНИЕ: небезопасные права доступа к каталогу,\n"
 "          содержащему файл настроек '%s'\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "Внимание: небезопасные права доступа к каталогу,\n"
 "          содержащему файл модуля расширения '%s'\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "неизвестный элемент в файле настроек '%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "показывать в списке ключей фотоидентификаторы"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "показывать в списке ключей сведения о назначении ключа"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "показывать в списке подписей URL правил"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "показывать в списке подписей все замечания"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "показывать в списке подписей замечания стандарта IETF"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "показывать в списке подписей пользовательские замечания"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "показывать в списке подписей URL предпочтительных серверов ключей"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 "показывать в списке ключей действительность идентификаторов пользователей"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 "показывать в списке ключей отозванные и просроченные идентификаторы "
 "пользователей"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "показывать в списке ключей отозванные и просроченные подключи"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "показывать в списке ключей название таблицы ключей"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "показывать в списке подписей сроки действия"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "неизвестные правила TOFU '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(\"help\" выведет список вариантов)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Данная команда в режиме %s недопустима.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "Замечание: %s не предназначен для нормального применения!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s' - не допустимый срок действия подписи\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "\"%s\" не является адресом электронной почты\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "недопустимый режим ввода пароля '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "недопустимый источник запроса '%s'\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' - не допустимая таблица символов\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "не могу интерпретировать URL сервера ключей\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: недопустимые параметры сервера ключей\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "недопустимые параметры сервера ключей\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: недопустимые параметры импорта\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "недопустимые параметры импорта\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "недопустимый параметр фильтра: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: недопустимые параметры экспорта\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "недопустимые параметры экспорта\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: недопустимые параметры списка\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "недопустимые параметры списка\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "показать при проверке подписи фотоидентификаторы"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "показать при проверке подписи URL правил"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "показать при проверке подписей все замечания"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "показать при проверке подписей замечания стандарта IETF"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "показать при проверке подписей пользовательские замечания"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "показать при проверке подписей URL предпочтительных серверов ключей"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr ""
 "показать при проверке подписей действительность идентификаторов пользователей"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 "показать при проверке подписей отозванные и просроченные идентификаторы "
 "пользователя"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr ""
 "показать при проверке подписей только первичный идентификатор пользователя"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "проверить подписи по данным PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "поднять доверие подписей по действительным данным PKA"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: недопустимые параметры проверки\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "недопустимые параметры проверки\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "не могу определить путь запуска для %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: недопустимый список auto-key-locate\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "недопустимый список auto-key-locate\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "недопустимый аргумент для параметра \"%.50s\"\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "Внимание: возможно создание файла образа памяти!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "Внимание: %s отменяет %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s с %s недопустимо!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s с %s не имеет смысла!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "Внимание: работаем с фальшивым системным временем: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "отказываюсь работать с небезопасной памятью из-за %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "выбран недопустимый алгоритм шифрования\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "выбрана недопустимая хеш-функция\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "выбран недопустимый алгоритм сжатия\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "выбрана недопустимая хеш-функция для сертификации\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed должен быть больше 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed должен быть больше 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth должен быть в диапазоне от 1 до 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "недопустимый default-cert-level; должен быть 0, 1, 2 или 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "недопустимый min-cert-level; должен быть 0, 1, 2 или 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "Замечание: простой режим S2K (0) строго противопоказан\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "недопустимый режим S2K; должно быть 0, 1 или 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "недопустимые предпочтения по умолчанию\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "недопустимые личные предпочтения шифра\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "недопустимые личные предпочтения шифра\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "недопустимые личные предпочтения хеш-функции\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "недопустимые личные предпочтения алгоритмов сжатия\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "неверный размер ключа; использую %u бит\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s пока не работает совместно с %s!\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм сжатия '%s' нельзя использовать в режиме %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "сбой инициализации таблицы доверия: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "ВНИМАНИЕ: получатели (-r) заданы без использования шифрования с открытым "
 "ключом\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "сбой симметричного шифрования '%s': %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --encrypt нельзя использовать совместно с --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "в режиме %s нельзя использовать --symmetric --encrypt\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "нельзя использовать --symmetric --sign --encrypt совместно с --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "в режиме %s нельзя использовать --symmetric --sign --encrypt\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "сбой при отправке на сервер ключей: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "сбой при получении с сервера ключей: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "сбой при экспорте ключа: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "сбой при экспорте в виде ключа ssh: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "сбой при поиске на сервере ключей: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "сбой при обновлении с сервера ключей: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "ошибка преобразования из текстового формата: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "ошибка преобразования в текстовый формат: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "недопустимая хеш-функция '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "ошибка синтаксического анализа спецификации ключа '%s': %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "'%s' не является идентификатором, отпечатком или кодом ключа\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "Внимание: команда не отдана. Пытаюсь угадать, что имелось в виду ...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Пишите сообщение ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "заданный URL правил сертификации неверен\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "заданный URL правил подписи неверен\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "заданный URL предпочтительного сервера ключей неверен\n"
@@ -3494,7 +3410,7 @@ msgstr "|FILE|взять ключи из файла таблицы ключей
 msgid "make timestamp conflicts only a warning"
 msgstr "при несоответствии метки времени - только предупреждение"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|выводить информацию в файл с дескриптором FD"
 
@@ -3540,128 +3456,140 @@ msgid "do not update the trustdb after import"
 msgstr "не обновлять таблицу доверия после импорта"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "включить поддержку putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "показывать ключ во время импорта"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "показывать ключ во время импорта"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "обновлять только существующие ключи"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "удалить после импорта непригодные части ключа"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "удалить после импорта из ключа как можно больше"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "игнорировать подписи ключей, кроме самоподписей"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "применить фильтры импорта и немедленно экспортировать ключ"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "ожидать ключи в архивном формате GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "исправлять ключи при импорте"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "пропущен блок типа %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "обработано %lu ключей\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Всего обработано: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "        пропущено ключей PGP-2: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "        пропущено новых ключей: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "           без идентификатора пользователя: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                 импортировано: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                  неизмененных: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "         новых идентификаторов пользователя: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "               новых подключей: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "                новых подписей: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "          новых отзывов ключей: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "    прочитано секретных ключей: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "импортировано секретных ключей: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " неизмененных секретных ключей: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "             не импортировано: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "             очищено подписей: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "     очищено идентификаторов пользователей: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3670,169 +3598,175 @@ msgstr ""
 "Внимание: ключ %s содержит предпочтения для недоступных\n"
 "алгоритмов для следующих идентификаторов пользователей:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": предпочитает шифр %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": предпочитает шифр %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": предпочитает хеш-функцию %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": предпочитает алгоритм сжатия %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "крайне желательно, чтобы Вы обновили свои предпочтения и\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "распространили этот ключ во избежание возможных нестыковок алгоритмов\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "свои предпочтения можно обновить командой gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "ключ %s: нет идентификатора пользователя\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "ключ %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "исключен фильтром импорта"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "ключ %s: повреждение подключа PKS исправлено\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr ""
 "ключ %s: принят без самозаверенного идентификатора пользователя \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "ключ %s: нет действительных идентификаторов пользователя\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "может быть, из-за отсутствия самоподписи\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "ключ %s: не найден открытый ключ: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "ключ %s: новый ключ - пропущен\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "нет доступной для записи таблицы ключей: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "ошибка записи таблицы ключей '%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "ключ %s: импортирован открытый ключ \"%s\"\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "ключ %s: не совпадает с нашей копией\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "ключ %s: \"%s\" 1 новый идентификатор пользователя\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "ключ %s: \"%s\" %d новых идентификаторов пользователя\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "ключ %s: \"%s\" 1 новая подпись\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "ключ %s: \"%s\" %d новых подписей\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "ключ %s: \"%s\" 1 новый подключ\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "ключ %s: \"%s\" %d новых подключей\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "ключ %s: \"%s\" %d подпись очищена\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "ключ %s: \"%s\" %d подписей очищено\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "ключ %s: \"%s\" %d идентификатор пользователя очищен\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "ключ %s: \"%s\" %d идентификаторов пользователя очищено\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "ключ %s: \"%s\" не изменен\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "ключ %s: импортирован секретный ключ\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "ключ %s: секретный ключ уже имеется\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "ключ %s: ошибка отправки в агент: %s\n"
@@ -3845,201 +3779,209 @@ msgstr "ключ %s: ошибка отправки в агент: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "Для переноса '%s' выполните на каждой криптографической карте: %s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "секретный ключ %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "импорт секретного ключа не допускается\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "ключ %s: секретный ключ с недопустимым шифром %d - пропущен\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Причина не указана"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Ключ заменен другим"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Ключ был раскрыт"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Ключ больше не используется"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Идентификатор пользователя больше не действителен"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "причина отзыва: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "пояснение к отзыву: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "ключ %s: нет открытого ключа - не могу применить сертификат отзыва\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "ключ %s: оригинальный блок ключей не найден: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "ключ %s: оригинальный блок ключей не читается: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "ключ %s: недействительный сертификат отзыва: %s - отвергнут\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "ключ %s: сертификат отзыва \"%s\" импортирован\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "ключ %s: нет идентификатора пользователя для подписи\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "ключ %s: алгоритм с открытым ключом у идентификатора пользователя \"%s\" не "
 "поддерживается\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr ""
 "ключ %s: неправильная самоподпись на идентификаторе пользователя \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "ключ %s: алгоритм с открытым ключом не поддерживается\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "ключ %s: недействительная прямая подпись ключа\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "ключ %s: нет подключа для связывания ключей\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "ключ %s: недопустимая связь подключей\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "ключ %s: удалена многократная связь подключей\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "ключ %s: нет подключа для отзыва ключа\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "ключ %s: неверный отзыв подключа\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "ключ %s: удален многократный отзыв подключей\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "ключ %s: пропущен идентификатор пользователя \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "ключ %s: пропущен подключ\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "ключ %s: неэкспортируемая подпись (класс 0x%02X) - пропущена\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "ключ %s: сертификат отзыва в неправильном месте - пропущен\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "ключ %s: недействительный сертификат отзыва: %s - пропущен\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "ключ %s: подпись подключа в неправильном месте - пропущена\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "ключ %s: неожиданный класс подписи (0x%02X) - пропущена\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr ""
 "ключ %s: обнаружено дублирование идентификатора пользователя - объединены\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr ""
+"ключ %s: обнаружено дублирование идентификатора пользователя - объединены\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "Внимание: ключ %s, возможно, отозван: запрашиваю ключ отзыва %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "Внимание: ключ %s, возможно, отозван: ключ отзыва %s отсутствует.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "ключ %s: добавлен сертификат отзыва \"%s\"\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "ключ %s: добавлена прямая подпись ключа\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "ошибка выделения памяти: %s\n"
@@ -4061,12 +4003,12 @@ msgstr "не удалось проверить подпись: хеш-функц
 msgid " (reordered signatures follow)"
 msgstr "(порядок подписей изменен)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "ключ %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
@@ -4074,7 +4016,7 @@ msgstr[0] "%d повторная подпись удалена\n"
 msgstr[1] "%d повторные подписи удалены\n"
 msgstr[2] "%d повторных подписей удалено\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
@@ -4082,7 +4024,7 @@ msgstr[0] "%d подпись не проверена за отсутствием
 msgstr[1] "%d подписи не проверены за отсутствием ключа\n"
 msgstr[2] "%d подписей не проверено за отсутствием ключа\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
@@ -4090,7 +4032,7 @@ msgstr[0] "%d плохая подпись\n"
 msgstr[1] "%d плохих подписи\n"
 msgstr[2] "%d плохих подписей\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
@@ -4098,7 +4040,7 @@ msgstr[0] "Порядок %d подписи изменен\n"
 msgstr[1] "Порядок %d подписей изменен\n"
 msgstr[2] "Порядок %d подписей изменен\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4107,37 +4049,32 @@ msgstr ""
 "Внимание: обнаружены ошибки, проверялись только самоподписи; для проверки "
 "всех подписей выполните '%s'.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "ошибка создания щита с ключами '%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "ошибка создания таблицы ключей '%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "создан щит с ключами '%s'\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "создана таблица ключей '%s'\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "источник блока ключей '%s': %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "ошибка открытия базы данных ключей: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "сбой пересоставления буфера таблицы ключей: %s\n"
@@ -4150,7 +4087,7 @@ msgstr "[отзыв]"
 msgid "[self-signature]"
 msgstr "[самоподпись]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4161,12 +4098,12 @@ msgstr ""
 "достоверности ключей других пользователей (проверяет паспорт,\n"
 "сверяет отпечатки ключей из разных источников и т.п.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Доверяю ограниченно\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Полностью доверяю\n"
@@ -4199,12 +4136,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Идентификатор пользователя \"%s\" отозван."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Вы все равно хотите его подписать? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Не могу подписать.\n"
 
@@ -4377,195 +4314,199 @@ msgstr "Этот ключ проверен мной очень тщательн
 msgid "Really sign? (y/N) "
 msgstr "Действительно подписать? (y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "подписать не удалось: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "В ключе только заготовка или элементы для карты -\n"
 "фразы-пароля для изменения нет.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "ключ %s: ошибка изменения фразы-пароля: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "сохранить и выйти"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "показать отпечаток ключа"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "показать код ключа"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "вывести список ключей и идентификаторов пользователя"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "выбрать идентификатор пользователя N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "выбрать подключ N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "проверка подписей"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "подписать выбранные идентификаторы пользователя [* описание команд см. ниже]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "локально подписать выбранные идентификаторы пользователя"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "подписать выбранные идентификаторы пользователя подписью доверия"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "подписать выбранные идентификаторы пользователя без возможности отзыва"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "добавить идентификатор пользователя"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "добавить фотоидентификатор"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "удалить выбранные идентификаторы пользователя"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "добавить подключ"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "добавить ключ на криптографическую карту"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "переместить ключ на криптографическую карту"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "переместить архивный ключ на криптографическую карту"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "удалить выбранные подключи"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "добавить ключ отзыва"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "удалить подписи с выбранных идентификаторов пользователя"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "сменить срок действия ключа или выбранных подключей"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "пометить выбранный идентификатор пользователя как первичный"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "список предпочтений (экспертам)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "список предпочтений (подробный)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr ""
 "установить список предпочтений для выбранных идентификаторов пользователя"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "установить URL предпочтительного сервера ключей для выбранных "
 "идентификаторов пользователя"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "установить замечание для выбранных идентификаторов пользователя"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "сменить фразу-пароль"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "изменить уровень доверия владельцу"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "отозвать подписи у выбранных идентификаторов пользователя"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "отозвать выбранные идентификаторы пользователя"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "отозвать ключ или выбранные подключи"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "подключить ключ"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "отключить ключ"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "показать выбранные фотоидентификаторы"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "сжать непригодные идентификаторы пользователей и удалить непригодные подписи "
 "из ключа"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "сжать непригодные идентификаторы пользователей и удалить все подписи из ключа"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Секретный ключ доступен.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Секретные подключи доступны.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Для данного действия нужен секретный ключ.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4576,264 +4517,270 @@ msgstr ""
 "  't' (подписи доверия, tsign), 'nr' (неотзываемые, \n"
 "  nrsign) или любое их сочетание (ltsign, tnrsign и т.д.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Ключ отозван."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr ""
 "Действительно подписать все текстовые идентификаторы пользователя? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Действительно подписать все идентификаторы пользователя? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr ""
 "Подсказка: Выберите идентификаторы пользователей, которые нужно подписать\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Неизвестный тип подписи '%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Данная команда в режиме %s недопустима.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Вы должны выбрать хотя бы один идентификатор пользователя.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Команда '%s'.)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Вы не можете удалить последний идентификатор пользователя!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr ""
 "Действительно удалить все выбранные идентификаторы пользователей? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Действительно удалить этот идентификатор пользователя? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Действительно переместить первичный ключ? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Вы должны выбрать хотя бы один ключ.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Команде нужен аргумент-имя файла\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Не могу открыть '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Ошибка чтения архивного ключа из '%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Вы должны выбрать хотя бы один ключ.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Вы действительно хотите удалить выбранные ключи? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Вы действительно хотите удалить данный ключ? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 "Действительно отозвать все выбранные идентификаторы пользователей? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Действительно отозвать данный идентификатор пользователя? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Вы действительно хотите отозвать ключ целиком? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Вы действительно хотите отозвать выбранные подключи? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Вы действительно хотите отозвать данный подключ? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Нельзя присваивать степень доверия, когда таблица доверия указана "
 "пользователем\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Установить предпочтения, равные:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Действительно обновить предпочтения для выбранных идентификаторов "
 "пользователей? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Действительно обновить предпочтения? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Сохранить изменения? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Выйти без сохранения? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Ключ не изменялся - обновление не нужно.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "нельзя удалять последний действительный идентификатор пользователя.\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "сбой отзыва идентификатора пользователя: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "сбой установки первичного идентификатора пользователя: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" - не отпечаток\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "\"%s\" - не первичный отпечаток\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Недопустимый идентификатор пользователя '%s': %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Нет подходящих идентификаторов пользователей."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Подписывать нечего.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Вами не подписано.\n"
 
-#: g10/keyedit.c:3052
-#, c-format
+#: g10/keyedit.c:3031
+#, fuzzy, c-format
+#| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
-msgstr "сбой отзыва подписи с ключа подписи: %s\n"
+msgstr "сбой проверки созданной подписи: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' - не допустимый срок действия\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\" - не правильный отпечаток\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "подключ \"%s\" не найден\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD: "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Хеш: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Характеристики: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Не изменять на сервере"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Предпочтительный сервер ключей: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Замечания: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr ""
 "В идентификаторе пользователя типа PGP 2.x не может быть предпочтений.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Следующий ключ был отозван %s пользователем %s ключом %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Данный ключ может быть отозван пользователем %s ключом %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(особо важный)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "     создан: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "    отозван: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "просрочен с: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "   годен до: %s"
@@ -4841,30 +4788,30 @@ msgstr "   годен до: %s"
 # perhaps this should be somewhere in help/man
 # (S - подпись, C - сертификация, E - шифрование, A - удостоверение личности)
 # too long for repeating messages.
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "назначение: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "номер карты: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "доверие: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "достоверность: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Данный ключ отключен"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4872,18 +4819,18 @@ msgstr ""
 "Учтите, что показанная достоверность ключа может быть неверной,\n"
 "пока Вы не перезапустите программу.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "отозван"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "просрочен"
 
 # check it
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4893,17 +4840,17 @@ msgstr ""
 "          Эта команда может привести к тому, что первичным станет считаться\n"
 "          другой идентификатор пользователя.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "Внимание: Срок действия Вашего подключа для шифрования истекает.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Возможно, надо поменять также срок действия.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4912,35 +4859,35 @@ msgstr ""
 "Внимание: Это ключ типа PGP2. Добавление фотоидентификатора может\n"
 "          в некоторых версиях PGP вызвать отбраковку ключа.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Вы уверены, что хотите добавить это? (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Нельзя добавить фотоидентификатор в ключ типа PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "Такой идентификатор пользователя на этом ключе уже есть!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Удалить данную действительную подпись? (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Удалить данную недействительную подпись? (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Удалить данную неизвестную подпись? (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Действительно удалить данную самоподпись? (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
@@ -4948,20 +4895,20 @@ msgstr[0] "Удалена %d подпись.\n"
 msgstr[1] "Удалены %d подписи.\n"
 msgstr[2] "Удалено %d подписей.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Ничего не удалено.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "недопустим"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Идентификатор пользователя \"%s\" сжат: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
@@ -4969,17 +4916,17 @@ msgstr[0] "Идентификатор пользователя \"%s\": %d под
 msgstr[1] "Идентификатор пользователя \"%s\": %d подписи удалены\n"
 msgstr[2] "Идентификатор пользователя \"%s\": %d подписей удалено\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Идентификатор пользователя \"%s\" уже минимизирован\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Идентификатор пользователя \"%s\": уже очищен\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4988,39 +4935,39 @@ msgstr ""
 "Внимание: Это ключ типа PGP 2.x. Добавление особого отзывающего ключа\n"
 "          может в некоторых версиях PGP вызвать выбраковку ключа.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Нельзя добавить особый отзывающий ключ в ключ типа PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Укажите идентификатор пользователя ключа, назначенного отзывающим: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "нельзя назначить отзывающим ключ типа PGP 2.x\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "ключ не может быть назначен отзывающим самого себя\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "этот ключ уже назначен отзывающим\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "Внимание: назначение ключа отзывающим невозможно отменить!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Вы уверены, что хотите назначить данный ключ отзывающим? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
@@ -5028,236 +4975,242 @@ msgstr ""
 "Вы уверены, что хотите изменить срок действия сразу нескольких подключей? (y/"
 "N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Смена срока действия подключа.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Смена срока действия первичного ключа.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Нельзя изменить срок действия ключа v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Смена режимов использования подключа.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Смена режимов использования первичного ключа.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "подписывающий подключ %s уже перекрестно заверен\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "подключ %s не для подписей, он не нуждается в перекрестном заверении\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Выберите ровно один идентификатор пользователя.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "пропуск самоподписи v3 на идентификаторе пользователя \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Введите URL предпочтительного сервера ключей: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Вы действительно хотите заменить его? (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Вы действительно хотите удалить его? (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Введите замечание: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Продолжить? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Нет идентификатора пользователя с индексом %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Нет идентификатора пользователя с хешем %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Нет подключа с идентификатором ключа '%s'.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Нет подключа с индексом %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "Идентификатор пользователя: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "подписано Вашим ключом %s %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (неэкспортируемая)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Срок действия подписи истек %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Вы уверены, что хотите отозвать? (y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Создать сертификат отзыва для данной подписи? (y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Вы подписали эти идентификаторы пользователей на ключе %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (неотзываемая)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "отозвано Вашим ключом %s %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Вы отзываете следующие подписи:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Действительно создать сертификат отзыва? (y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "нет секретного ключа\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "попытка отзыва непользовательского идентификатора: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "Идентификатор пользователя \"%s\" уже отозван\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "Внимание: подпись идентификатора пользователя датирована %d секундами в "
 "будущем\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Нельзя удалять последний действительный идентификатор пользователя.\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Ключ %s уже отозван.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Подключ %s уже отозван.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Показ фотоидентификатора %s размера %ld для ключа %s (идентификатор "
 "пользователя %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "недопустимое значения параметра \"%s\"\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "предпочтение '%s' дублируется\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "слишком много предпочтений шифров\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "слишком много предпочтений хеш-функций\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "слишком много предпочтений методов сжатия\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "слишком много предпочтений шифров\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "недопустимый элемент '%s' в строке предпочтений\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "запись прямой подписи\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "запись самоподписи\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "запись связующей подписи\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "неверный размер ключа; использую %u бит\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "размер ключа округлен вверх до %u бит\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5265,19 +5218,19 @@ msgstr ""
 "Внимание: некоторые реализации OpenPGP не могут обрабатывать ключи DSA с "
 "такой длиной хеша\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Подписать"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Заверить"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Зашифровать"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Удостоверить личность"
 
@@ -5291,161 +5244,180 @@ msgstr "Удостоверить личность"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "11223300"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Возможные действия для ключа %s: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Допустимы действия: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Переключить возможность подписи\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Переключить возможность шифрования\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Переключить возможность удостоверения личности\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Завершено\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA и RSA (по умолчанию)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA и Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (только для подписи)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (только для подписи)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (только для шифрования)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (только для шифрования)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (задать возможности)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (задать возможности)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC и ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) подпись, шифрование\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (только для подписи)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (задать возможности)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (только для шифрования)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "  (%d) Имеющийся ключ\n"
 
-#: g10/keygen.c:1973
-#, c-format
-msgid "  (%d) Existing key from card\n"
+#: g10/keygen.c:2158
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "  (%d) Имеющийся на карте ключ\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Введите код ключа:"
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Недопустимый код ключа (ожидается 40 шестнадцатеричных цифр)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Нет ключа с таким кодом\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "ошибка чтения карты: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Серийный номер карты: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Доступные ключи:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "округлен до %u бит\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "длина ключей %s может быть от %u до %u.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Какой размер подключа необходим? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Запрошенный размер ключа - %u бит\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Выберите эллиптическую кривую:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5461,7 +5433,7 @@ msgstr ""
 "      <n>m = срок действия ключа - n месяцев\n"
 "      <n>y = срок действия ключа - n лет\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5477,38 +5449,38 @@ msgstr ""
 "      <n>m = срок действия подписи - n месяцев\n"
 "      <n>y = срок действия подписи - n лет\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Срок действия ключа? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Срок действия подписи? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "недопустимое значение\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Срок действия ключа не ограничен\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Срок действия подписи не ограничен\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Ключ действителен до %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Подпись действительна до %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5516,11 +5488,11 @@ msgstr ""
 "Ваша система не может отображать даты после 2038 года.\n"
 "Однако даты до 2106 года будут обрабатываться верно.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Все верно? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5534,7 +5506,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5550,49 +5522,49 @@ msgstr ""
 "    \"Вася Пушкин (персонаж) <vp@test.ru>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Ваше полное имя: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Недопустимый символ в имени\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Символы '%s' и '%s' в имени появляться не могут\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Имя не должно начинаться с цифры\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Имя не должно быть короче 5 символов\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Адрес электронной почты: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Неправильный адрес электронной почты\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Примечание: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Недопустимый символ в примечании\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Используется таблица символов '%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5603,7 +5575,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Не вставляйте адрес электронной почты в имя пользователя или примечание\n"
@@ -5619,31 +5591,31 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес; (Q)Выход? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес; (O)Принять/(Q)Выход? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Сменить (N)Имя, (E)Адрес; (Q)Выход? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Сменить (N)Имя, (E)Адрес; (O)Принять/(Q)Выход? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Сначала исправьте ошибку\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5656,13 +5628,13 @@ msgstr ""
 "случайных чисел больше возможностей получить достаточное количество "
 "энтропии.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Сбой при создании ключа: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5673,65 +5645,65 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Продолжить? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Ключ пользователя \"%s\" уже существует\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Все равно создать новый? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "принудительное создание\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Замечание: \"%s %s\" вызывает полнофункциональный диалог создания ключа.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Создание ключа прервано.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "не могу создать архивную копию, файл '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "Замечание: архивная копия ключа с карты сохранена в '%s'\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "сохранение открытого ключа в '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "нет доступной для записи таблицы открытых ключей: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "ошибка записи таблицы открытых ключей '%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "открытый и секретный ключи созданы и подписаны.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5739,7 +5711,7 @@ msgstr ""
 "Учтите, что данный ключ не может использоваться для шифрования. Можно\n"
 "воспользоваться командой \"--edit-key\" и создать подключ для этих целей.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5747,7 +5719,7 @@ msgstr ""
 "ключ создан на %lu секунду в будущем (петля во времени или проблемы с "
 "часами)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5755,50 +5727,50 @@ msgstr ""
 "ключ создан на %lu секунд в будущем (петля во времени или проблемы с "
 "часами)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "Замечание: создание подключей для ключей v3 не совместимо с OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Секретные части первичного ключа отсутствуют.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Секретные части первичного ключа хранятся на карте.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Действительно создать? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "никогда   "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Критические правила подписи: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Правила подписи: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Критический предпочтительный сервер ключей: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Критическое замечание к подписи: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Замечание к подписи: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
@@ -5806,7 +5778,7 @@ msgstr[0] "%d хорошая подпись\n"
 msgstr[1] "%d хороших подписи\n"
 msgstr[2] "%d хороших подписей\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
@@ -5814,7 +5786,7 @@ msgstr[0] "%d подпись не проверена из-за ошибки\n"
 msgstr[1] "%d подписи не проверены из-за ошибки\n"
 msgstr[2] "%d подписей не проверено из-за ошибки\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
@@ -5822,42 +5794,42 @@ msgstr[0] "Внимание: %lu ключ пропущен из-за больш
 msgstr[1] "Внимание: %lu ключа пропущены из-за большого размера\n"
 msgstr[2] "Внимание: %lu ключей пропущено из-за большого размера\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Таблица ключей"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Отпечаток первичного ключа:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "      Отпечаток подключа:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Отпечаток первичного ключа:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "       Отпечаток подключа:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Отпечаток ключа ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr " серийный номер карты ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "занесение таблицы ключей '%s' в буфер\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
@@ -5865,7 +5837,7 @@ msgstr[0] "пока в буфер помещено %lu ключей (%lu под
 msgstr[1] "пока в буфер помещено %lu ключей (%lu подписи)\n"
 msgstr[2] "пока в буфер помещено %lu ключей (%lu подписей)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
@@ -5873,7 +5845,7 @@ msgstr[0] "в буфер записан %lu ключ"
 msgstr[1] "в буфер записаны %lu ключа"
 msgstr[2] "в буфер записано %lu ключей"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
@@ -5881,58 +5853,54 @@ msgstr[0] "(%lu подпись)\n"
 msgstr[1] "(%lu подписи)\n"
 msgstr[2] "(%lu подписей)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: таблица ключей создана\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "переназначить настройки промежуточного сервера для dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "включить в результаты поиска отозванные ключи"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "добавить подключи в поиск по идентификатору ключа"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "переназначить настройки времени ожидания для dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "автоматически получать ключи при проверке подписей"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "учитывать набор URL предпочтительных серверов ключей для этого ключа"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "учитывать набор записей PKA при получении ключей"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "отключен"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Введите числа, N) Следующее; Q) Выход > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "недопустимый протокол сервера ключей (ожидается %d, получено %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" - не идентификатор ключа: пропущен\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
@@ -5940,127 +5908,140 @@ msgstr[0] "обновление %d ключа из %s\n"
 msgstr[1] "обновление %d ключей из %s\n"
 msgstr[2] "обновление %d ключей из %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "Внимание: невозможно обновить ключ %s с %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "ключ \"%s\" на сервере ключей не найден\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "ключ не найден на сервере ключей\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "запрашиваю ключ %s с сервера %s %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "получение ключа %s с %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "не известно ни одного сервера ключей\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "пропущено \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "отправка ключа %s на %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "запрос ключа из '%s'\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "Внимание: невозможно получить URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "странный размер зашифрованного сеансового ключа (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "сеансовый ключ зашифрован по %s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "зашифровано неизвестным алгоритмом %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "фраза-пароль создана с незнакомой хеш-функцией %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "открытый ключ - %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "данные зашифрованы открытым ключом: хороший DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "зашифровано %u-битным ключом %s с идентификатором %s, созданным %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "зашифровано ключом %s с идентификатором %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "сбой расшифровки с открытым ключом: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "Внимание: наблюдается несколько текстов\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "зашифровано %lu фразами-паролями\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "зашифровано одной фразой-паролем\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "сбой расшифровки с открытым ключом: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "данные зашифрованы открытым ключом: хороший DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "предполагаются данные, зашифрованные по %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "шифр IDEA недоступен, попробую вместо него %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "Внимание: целостность сообщения не защищена\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -6070,314 +6051,309 @@ msgstr ""
 "оно правомерно, поскольку в те времена защита целостности широко\n"
 "не применялась.\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "Воспользуйтесь параметром '%s', чтобы тем не менее расшифровать.\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "принудительный сбой расшифровки!\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "расшифровано нормально\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "Внимание: зашифрованное сообщение было изменено!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "сбой расшифровки: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "Замечание: отправитель запросил \"только между нами\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "первоначальное имя файла='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "отдельный сертификат отзыва: задействуется командой \"gpg --import\"\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "подпись не найдена\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ПЛОХАЯ подпись пользователя \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Просроченная подпись пользователя \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Действительная подпись пользователя \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "проверка подписи подавлена\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "не могу обработать эти неоднозначные данные подписи\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Подпись сделана %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               ключом %s с идентификатором %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Подпись сделана %s ключом %s с идентификатором %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                издатель \"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Ключ доступен на: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "Замечание: Параметр '%s' включает использование этой информации\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[сомнительно]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                или \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "Внимание: Данный ключ не подходит для подписи в режиме %s\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Подпись просрочена %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Подпись действительна до %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "формат подписи: %s, хеш-функция %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "двоичный"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "текстовый"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "неизвестно"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", алгоритм ключа "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "Внимание: не отделенная подпись; файл '%s' НЕ был проверен!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Не могу проверить подпись: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "не отделенная подпись\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr ""
 "Внимание: обнаружено несколько подписей. Проверена будет только первая.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "отдельная подпись класса 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "подпись старого типа (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "сбой fstat '%s' в функции %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "сбой fstat(%d) в функции %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr ""
 "Внимание: используется экспериментальный алгоритм шифрования с открытым "
 "ключом %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "Внимание: Ключи для подписи+шифрования Elgamal не рекомендуются\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr ""
 "Внимание: используется экспериментальный алгоритм симметричного шифрования "
 "%s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "Внимание: используется экспериментальная хеш-функция %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "Внимание: хеш-функция %s не рекомендуется\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Замечание: подписи с алгоритмом %s игнорируются\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Замечание: подписи третьих сторон с алгоритмом %s игнорируются\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(сообщенная ошибка: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(сообщенная ошибка: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(дальнейшие сведения: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: параметр \"%s\" не рекомендуется\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "Внимание: параметр \"%s\" не рекомендуется\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "используйте вместо этого \"%s%s\"\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr ""
 "Внимание: команда \"%s\" не рекомендуется к употреблению - не применяйте ее\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: \"%s\" в этом файле устарело - оно действует только в %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "Внимание: параметр \"%s%s\" устарел - он действует только для %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Без сжатия"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "без сжатия|без|none"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "данное сообщение может быть непригодно для %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "неоднозначный параметр '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "неизвестный параметр '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "Открытый ключ ECDSA бывает в кодировке SEC, кратной 8 битам\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "неизвестный слабый хеш '%s'\n"
@@ -6400,86 +6376,77 @@ msgstr "%s: неизвестное окончание\n"
 msgid "Enter new filename"
 msgstr "Введите новое имя файла"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "вывод в stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "предполагается, что подписанные данные находятся в '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "не могу использовать алгоритм с открытым ключом %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "Внимание: потенциально небезопасный сеансовый ключ,\n"
 "          зашифрованный симметричным шифром\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "Неизвестное критическое замечание к подписи: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "в подпакете типа %d установлен критический бит\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "проблема с агентом: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "Введите новую фразу-пароль для расшифрования."
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Введите фразу-пароль\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "прервано пользователем\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (идентификатор главного ключа %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Введите фразу-пароль для разблокировки секретного ключа OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Введите фразу-пароль для импорта секретного ключа OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Введите фразу-пароль для экспорта секретного подключа OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Введите фразу-пароль для экспорта секретного ключа OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Вы действительно хотите навсегда удалить секретный подключ OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Вы действительно хотите навсегда удалить секретный ключ OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6494,7 +6461,7 @@ msgstr ""
 "создан %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6508,37 +6475,81 @@ msgstr ""
 "Помните, что изображение будет храниться в Вашем открытом ключе и увеличит\n"
 "его размер! Рекомендуется размер около 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Введите имя файла JPEG для фотоидентификатора: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "не могу открыть файл JPEG '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Этот JPEG очень велик (%d байт)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Вы действительно хотите использовать его? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s' - не файл JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Это правильная фотография? (y/N/q) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "не могу отобразить фотоидентификатор!\n"
+msgid "no remote program execution supported\n"
+msgstr "удаленный запуск программы не поддерживается\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"на данной платформе при вызове внешних программ требуются временные файлы\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "не могу выполнить оболочку '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "ненормальное завершение внешней программы\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "ошибка системы при вызове внешней программы: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "Внимание: не могу удалить временный файл (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "Внимание: не могу удалить временный каталог '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"вызов внешних программ отключен из-за небезопасных прав доступа к файлу "
+"настроек\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "не могу отобразить фотоидентификатор!\n"
 
 #. TRANSLATORS: These are the allowed answers in lower and
 #. uppercase.  Below you will find the matching strings which
@@ -6550,53 +6561,53 @@ msgstr "не могу отобразить фотоидентификатор!\n
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Не задано значение доверия для:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  или \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Насколько Вы уверены, что данный ключ принадлежит названному пользователю?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Не знаю или не буду отвечать\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = НЕ доверяю\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Абсолютно доверяю\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr " m = вернуться в главное меню\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr " s = пропустить этот ключ\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr " q = выход\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6605,48 +6616,48 @@ msgstr ""
 "Минимальный уровень доверия данному ключу: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Ваше решение? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Вы действительно хотите сделать этот ключ абсолютно доверенным? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Сертификаты, ведущие к абсолютно доверенному ключу:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Нет свидетельств того, что данный ключ принадлежит названному "
 "пользователю\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Мало свидетельств того, что данный ключ принадлежит названному "
 "пользователю\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Этот ключ, вероятно, принадлежит названному владельцу\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Данный ключ принадлежит нам\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: Некачественный ключ! Он помечен как недоверенный!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6655,7 +6666,7 @@ msgstr ""
 "Некачественный ключ! Он помечен как недоверенный! Если Вы ТОЧНО знаете,\n"
 "что делаете, можете ответить на следующий вопрос утвердительно.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6665,142 +6676,162 @@ msgstr ""
 "в идентификаторе пользователя. Если Вы ТОЧНО знаете, что делаете,\n"
 "можете ответить на следующий вопрос утвердительно.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Все равно использовать данный ключ? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "Внимание: Использование недоверенного ключа!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "Внимание: возможно, данный ключ отозван (ключ отзыва отсутствует)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "Идентификатор пользователя: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "задан параметр '%s', но параметр '%s' не задан\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "ключ %s: не совпадает с нашей копией\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "задан параметр '%s', но параметр '%s' не задан\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "Внимание: Данный ключ отозван ключом, назначенным отзывающим!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "Внимание: Данный ключ отозван его владельцем!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Это может означать, что подпись подделана.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "Внимание: Данный подключ был отозван его владельцем!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Замечание: Данный ключ отключен.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Замечание: Проверенный адрес подписавшего - '%s'\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Замечание: Адрес подписавшего '%s' не соответствует данным DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "уровень доверия установлен в ПОЛНОСТЬЮ по действительным данным PKA\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "уровень доверия установлен в НИКОГДА из-за непригодных данных PKA\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Замечание: Данный ключ просрочен!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "Внимание: Данный ключ не заверен доверенной подписью!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "Внимание: Данный ключ не заверен доверенной подписью!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "          Нет указаний на то, что подпись принадлежит владельцу.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "Внимание: НЕТ ДОВЕРИЯ данному ключу!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "          Возможно, что подпись ПОДДЕЛАНА.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"Внимание: Этот ключ не заверен достаточным количеством доверенных подписей!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr ""
 "Внимание: Этот ключ не заверен достаточным количеством доверенных подписей!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "          Нет уверенности в том, что подпись принадлежит владельцу.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: пропущено: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: пропущено: открытый ключ отключен\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: пропущено: открытый ключ уже существует\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "не могу зашифровать для '%s'\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "задан параметр '%s', но не заданы ключи по умолчанию\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "задан параметр '%s', но параметр '%s' не задан\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Не задан идентификатор пользователя (можно использовать \"-r\").\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Текущие получатели:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6808,40 +6839,40 @@ msgstr ""
 "\n"
 "Введите идентификатор пользователя. Завершите пустой строкой: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Нет такого идентификатора пользователя.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "пропущено: открытый ключ уже установлен для получателя по умолчанию\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Открытый ключ отключен.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "пропущено: открытый ключ уже установлен\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "неизвестный получатель по умолчанию \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "нет пригодных адресов\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Замечание: у ключа %s нет функции %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Замечание: у ключа %s нет предпочтения для %s\n"
@@ -6851,77 +6882,83 @@ msgstr "Замечание: у ключа %s нет предпочтения д
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "данные не сохранены; используйте \"--output\" для сохранения\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Отделенная подпись.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Введите имя файла с данными: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "читаю stdin ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "нет подписанных данных\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "не могу открыть подписанные данные '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "не могу открыть подписанные данные fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "ключ %s не пригоден для расшифрования в режиме %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "анонимный получатель; пробую секретный ключ %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "ключ %s не пригоден для расшифрования в режиме %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "отлично, мы - анонимный получатель.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "старая кодировка DEK не поддерживается\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "алгоритм шифрования %d%s неизвестен или отключен\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "Внимание: в списке предпочтений получателя алгоритм шифрования %s не найден\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "Замечание: секретный ключ %s просрочен с %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "Замечание: ключ был отозван"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "сбой build_packet: %s\n"
@@ -6939,37 +6976,37 @@ msgstr "Будет отозван:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Это особо важный ключ отзыва)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Секретный ключ недоступен.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Создать сертификат отзыва данного ключа? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Для вывода использован текстовый формат ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "сбой make_keysig_packet: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Сертификат отзыва создан.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "ключи отзыва для \"%s\" не найдены\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Это сертификат отзыва ключа OpenPGP:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6979,7 +7016,7 @@ msgstr ""
 "публично объявить, что ключ больше не должен применяться. После публикации\n"
 "такой сертификат взять назад невозможно."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6992,7 +7029,7 @@ msgstr ""
 "новый сертификат с указанием причины отзыва. Подробности см. в описании\n"
 "команды gpg \"--generate-revocation\" в руководстве по GnuPG."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7002,12 +7039,12 @@ msgstr ""
 "вставлено двоеточие. Удалите это двоеточие в текстовом редакторе\n"
 "перед импортированием и публикацией этого сертификата отзыва."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "сертификат отзыва записан в '%s.rev'.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "секретный ключ \"%s\" не найден\n"
@@ -7020,16 +7057,16 @@ msgstr "секретный ключ \"%s\" не найден\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "'%s' соответствует нескольким секретным ключам:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "ошибка поиска в таблице ключей %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Создать сертификат отзыва данного ключа? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7048,37 +7085,37 @@ msgstr ""
 "носитель будет поврежден, но будьте осторожны: система печати\n"
 "Вашей машины может сохранить данные и сделать их доступными для других!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Укажите причину отзыва:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Отмена"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Скорее всего, Вы здесь выберете %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Введите необязательное пояснение; завершите пустой строкой:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Причина отзыва: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Пояснения отсутствуют)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Все правильно? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "создан слабый ключ - повторение\n"
@@ -7089,47 +7126,42 @@ msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
 "невозможно избежать слабого ключа для симметричного шифра; %d попыток!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "ключ %s %s использует небезопасный (%zu-битный) хеш\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "Ключ %s %s требует %zu-битного или более длинного хеша (хеш %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "ключ %s нельзя использовать для подписи в режиме %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "Внимание: конфликт хешей подписей в сообщении\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "ключ %s нельзя использовать для подписи в режиме %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "Внимание: подписывающий подключ %s не был перекрестно заверен\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "за подробностями обращайтесь к %s\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "Внимание: подписывающий подключ %s неправильно перекрестно заверен\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7137,7 +7169,7 @@ msgstr[0] "открытый ключ %s на %lu секунду новее по
 msgstr[1] "открытый ключ %s на %lu секунды новее подписи\n"
 msgstr[2] "открытый ключ %s на %lu секунд новее подписи\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7145,7 +7177,7 @@ msgstr[0] "открытый ключ %s на %lu день новее подпи
 msgstr[1] "открытый ключ %s на %lu дня новее подписи\n"
 msgstr[2] "открытый ключ %s на %lu дней новее подписи\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7161,7 +7193,7 @@ msgstr[2] ""
 "ключ %s создан на %lu секунд в будущем (петля во времени или проблемы с "
 "часами)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7176,50 +7208,50 @@ msgstr[2] ""
 "ключ %s создан на %lu дней в будущем (петля во времени или проблемы с "
 "часами)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "Замечание: срок действия подписавшего ключа %s истек %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "Замечание: ключ для подписей %s отозван\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "плохая подпись ключа ключом %s: %s (0x%02x 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "плохая подпись данных ключом %s: %s (0x%02x 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "подпись ключа %s считается плохой из-за неизвестного критического бита\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "ключ %s: нет подключа для отзывающей подписи подключа\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "ключ %s: нет подключа для подписи связи подключей\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "Внимание: не могу развернуть %% в замечании (слишком длинное).\n"
 "          Использую неразвернутым.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7227,7 +7259,7 @@ msgstr ""
 "Внимание: не могу развернуть %% в URL правил (слишком длинный). Использую "
 "неразвернутым.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7236,12 +7268,12 @@ msgstr ""
 "Внимание: невозможно развернуть %% в URL предпочтительного сервера ключей "
 "(слишком длинный). Использую неразвернутым.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "подпись %s/%s пользователя \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7249,39 +7281,40 @@ msgstr ""
 "Внимание: использование хеш-функции %s (%d) нарушает предпочтения "
 "получателя\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "подпись:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "будет использовано шифрование по %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "ключ не помечен как небезопасный - не могу использовать его с фальшивым "
 "генератором случайных чисел!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "пропущено \"%s\": дубликат\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "пропущено: секретный ключ уже имеется\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "это ключ Elgamal, созданный PGP, он не обеспечивает безопасность подписи!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "запись о доверии %lu, тип %d: ошибка записи: %s\n"
@@ -7295,43 +7328,43 @@ msgstr ""
 "# Список присвоенных значений доверия создан %s\n"
 "# (Используйте \"gpg --import-ownertrust\" для их восстановления)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "ошибка в '%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "слишком длинная строка"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "пропущено двоеточие"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "неверный отпечаток"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "пропущено значение степени доверия владельцу"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "ошибка при поиске записи о доверии в '%s': %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "ошибка чтения в '%s': %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "таблица доверия: сбой синхронизации: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "не удается создать блокировку для '%s'\n"
@@ -7341,12 +7374,12 @@ msgstr "не удается создать блокировку для '%s'\n"
 msgid "can't lock '%s'\n"
 msgstr "не удается заблокировать '%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "таблица доверия, запись %lu: сбой lseek: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "таблица доверия, запись %lu: сбой записи (n=%d): %s\n"
@@ -7361,7 +7394,7 @@ msgstr "слишком большая операция над таблицей 
 msgid "%s: directory does not exist!\n"
 msgstr "%s: каталог не существует!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "нет доступа к '%s': %s\n"
@@ -7402,7 +7435,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: ошибка обновления записи о версии: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: ошибка чтения записи о версии: %s\n"
@@ -7412,52 +7445,52 @@ msgstr "%s: ошибка чтения записи о версии: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: ошибка сохранения записи о версии: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "таблица доверия: сбой lseek: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "таблица доверия: сбой чтения (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: не является файлом таблицы доверия\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: запись о версии с номером записи %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: неправильная версия файла %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: ошибка чтения свободной записи: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: ошибка сохранения записи каталога: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: сбой обнуления записи: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: сбой добавления записи: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Ошибка: таблица доверия повреждена.\n"
@@ -7497,10 +7530,10 @@ msgstr "версия базы данных TOFU (не поддерживаетс
 msgid "TOFU DB error"
 msgstr "ошибка базы данных TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "ошибка чтения базы данных TOFU: %s\n"
@@ -7520,7 +7553,7 @@ msgstr "ошибка инициализации базы данных TOFU: %s\n
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "ошибка открытия базы данных TOFU '%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "ошибка обновления базы данных TOFU: %s\n"
@@ -7708,17 +7741,17 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr "Принимается исходное значение (\"неизвестно\").\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Обнаружено повреждение базы данных TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "ошибка при смене правила TOFU: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
@@ -7726,7 +7759,7 @@ msgstr[0] "%lld~прошедший~год"
 msgstr[1] "%lld~прошедших~года"
 msgstr[2] "%lld~прошедших~лет"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
@@ -7734,7 +7767,7 @@ msgstr[0] "%lld~прошедший~месяц"
 msgstr[1] "%lld~прошедших~месяца"
 msgstr[2] "%lld~прошедших~месяцев"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
@@ -7742,7 +7775,7 @@ msgstr[0] "%lld~прошедшую~неделю"
 msgstr[1] "%lld~прошедшие~недели"
 msgstr[2] "%lld~прошедших~недель"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
@@ -7750,7 +7783,7 @@ msgstr[0] "%lld~прошедший~день"
 msgstr[1] "%lld~прошедших~дня"
 msgstr[2] "%lld~прошедших~дней"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
@@ -7758,7 +7791,7 @@ msgstr[0] "%lld~прошедший~час"
 msgstr[1] "%lld~прошедших~часа"
 msgstr[2] "%lld~прошедших~часов"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
@@ -7766,7 +7799,7 @@ msgstr[0] "%lld~прошедшую~минуту"
 msgstr[1] "%lld~прошедшие~минуты"
 msgstr[2] "%lld~прошедших~минут"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
@@ -7774,26 +7807,26 @@ msgstr[0] "%lld~прошедшую~секунду"
 msgstr[1] "%lld~прошедшие~секунды"
 msgstr[2] "%lld~прошедших~секунд"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: Проверено 0~подписей, зашифровано 0~сообщений."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: Проверено 0 подписей."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Зашифровано 0 сообщений."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "правило: %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7801,7 +7834,7 @@ msgstr ""
 "Внимание: мы до сих пор не видели ни одного сообщения, подписанного этим "
 "ключом и этим идентификатором пользователя!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7809,19 +7842,19 @@ msgstr ""
 "Внимание: мы до сих пор видели только одно сообщение, подписанное этим "
 "ключом и этим идентификатором пользователя!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 "Внимание: мы до сих пор не зашифровали этим ключом ни одного сообщения!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 "Внимание: мы до сих пор зашифровали этим ключом только одно сообщение!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7854,111 +7887,111 @@ msgstr[2] ""
 "некачественный командой\n"
 "  %s\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "ошибка при открытии базы данных TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "ВНИМАНИЕ: Шифрование для ключа %s, у которого нет неотозванных "
 "идентификаторов пользователя\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' не является допустимым длинным идентификатором ключа\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "ключ %s: принят как доверенный ключ\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "ключ %s встречается в таблице доверия более одного раза\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "ключ %s: нет открытого ключа для доверенного ключа - пропущен\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "ключ %s помечен как абсолютно доверенный\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "запись о доверии %lu, тип запроса %d: сбой чтения: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "тип записи о доверии %lu отличается от запрошенного (%d)\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Можно попытаться пересоздать таблицу доверия командами:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Если это не выйдет, обратитесь к руководству пользователя\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "не могу использовать неизвестную модель (%d) - использую модель доверия %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "использую модель доверия %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "проверка таблицы доверия не нужна\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "срок следующей проверки таблицы доверия %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "проверять таблицу доверия при модели доверия '%s' не нужно\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "обновлять таблицу доверия при модели доверия '%s' не нужно\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "открытый ключ %s не найден: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "выполните --check-trustdb, пожалуйста\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "проверка таблицы доверия\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
@@ -7966,7 +7999,7 @@ msgstr[0] "обработан %d ключ"
 msgstr[1] "обработаны %d ключа"
 msgstr[2] "обработано %d ключей"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
@@ -7974,17 +8007,17 @@ msgstr[0] " (сброшен %d счетчик достоверности)\n"
 msgstr[1] " (сброшены %d счетчика достоверности)\n"
 msgstr[2] " (сброшено %d счетчиков достоверности)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "абсолютно доверенных ключей не найдено\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "открытый ключ для абсолютно доверенного ключа %s не найден\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -7992,29 +8025,29 @@ msgstr ""
 "глубина: %d  достоверных: %3d  подписанных: %3d  доверие: %d-, %dq, %dn, "
 "%dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "невозможно обновить запись о версии таблицы доверия: ошибка записи: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "неопределено"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "никогда"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "ограничено"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "полное"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "абсолютное"
 
@@ -8026,39 +8059,39 @@ msgstr "абсолютное"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "12 translator see trust.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[   отозван  ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[  просрочен ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ неизвестно ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[неопределено]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[   никогда  ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[ ограничено ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[   полное   ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[  абсолютно ]"
 
@@ -8083,19 +8116,31 @@ msgstr "слишком длинная входная строка %u или пр
 msgid "can't open fd %d: %s\n"
 msgstr "не могу открыть fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "Внимание: целостность сообщения не защищена\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "неоднозначный параметр '%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "установить отладочные признаки"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "полностью включить отладку"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Вызов: kbxutil [параметры] [файлы] (-h - подсказка)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8106,71 +8151,196 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%sНомер: %s%%0AДержатель: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "Осталось попыток: %d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Введите PIN"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Введите код сброса для карты"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Введите PIN"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Введите код сброса для карты"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Введите административный PIN"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Введите код разблокировки PIN (PUK) для стандартных ключей."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Функция обработки PIN возвратила ошибку: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN для CHV%d слишком короток, минимальная длина %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN для CHV%d слишком короток, минимальная длина %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "ключ уже существует\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "существующий ключ будет заменен\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "генерация нового ключа\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "запись нового ключа\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "сбой сохранения ключа: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "в ответе отсутствует модуль RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "в ответе отсутствует открытая экспонента RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "в ответе отсутствует открытый ключ эллиптической кривой\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "пожалуйста, подождите, пока будет генерироваться ключ ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "сбой при генерации ключа\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "создание ключа завершено (%d секунда)\n"
+msgstr[1] "создание ключа завершено (%d секунды)\n"
+msgstr[2] "создание ключа завершено (%d секунд)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "ответ не содержит данных открытого ключа\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Введите PIN ключа для создания квалифицированных подписей."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Введите административный PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Введите код разблокировки PIN (PUK) для стандартных ключей."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "|A|Введите PIN для стандартных ключей."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "Модули RSA пропущены, или их размер не равен %d бит\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "отсутствует открытая экспонента RSA, или ее размер превышает %d бит\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "Функция обработки PIN возвратила ошибку: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "пустой PIN до сих пор не изменен\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "пустой PIN до сих пор не изменен\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|A|Введите новый PIN для стандартных ключей."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|Введите новый код разблокировки PIN (PUK) для стандартных ключей."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|Введите новый PIN ключа для создания квалифицированных подписей."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8178,7 +8348,7 @@ msgstr ""
 "|NP|Введите новый код разблокировки PIN (PUK) ключа для создания "
 "квалифицированных подписей."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8186,47 +8356,27 @@ msgstr ""
 "|P|Введите код разблокировки PIN (PUK) ключа для создания квалифицированных "
 "подписей."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "ошибка при получении нового PIN: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "сбой при сохранении отпечатка: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "сбой при сохранении даты создания: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "ошибка получения статуса CHV с карты\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "в ответе отсутствует модуль RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "в ответе отсутствует открытая экспонента RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "в ответе отсутствует открытый ключ эллиптической кривой\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "ответ не содержит данных открытого ключа\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "сбой при чтении открытого ключа: %s\n"
@@ -8234,44 +8384,44 @@ msgstr "сбой при чтении открытого ключа: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%sНомер: %s%%0AДержатель: %s%%0AСчетчик: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "основной PIN применяется как %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "не удалось применить основной PIN как %s: %s - далее применяться\n"
 "как основной не будет\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Разблокируйте карту"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN для CHV%d слишком короток, минимальная длина %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "сбой при проверке CHV%d: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "карта окончательно заблокирована!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8283,20 +8433,20 @@ msgstr[1] ""
 msgstr[2] ""
 "осталось %d попыток ввода административного PIN перед блокировкой карты\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "доступ к командам управления не настроен\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Введите PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Введите код сброса для карты"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Код сброса слишком короток; минимальная длина %d\n"
@@ -8304,122 +8454,79 @@ msgstr "Код сброса слишком короток; минимальна
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Новый код сброса"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Новый административный PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Новый PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "|A|Введите административный PIN и новый административный PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Введите PIN и новый PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "ошибка чтения данных приложения\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "ошибка чтения отпечатка DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "ключ уже существует\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "существующий ключ будет заменен\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "генерация нового ключа\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "запись нового ключа\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "пропущена метка времени создания\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "Простое число RSA %s пропущено или его размер не равен %d\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "сбой сохранения ключа: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "кривая не поддерживается\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "пожалуйста, подождите, пока будет генерироваться ключ ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "сбой при генерации ключа\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "создание ключа завершено (%d секунда)\n"
-msgstr[1] "создание ключа завершено (%d секунды)\n"
-msgstr[2] "создание ключа завершено (%d секунд)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "недопустимая структура карты OpenPGP (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "отпечаток на карте не совпадает с запрошенным\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "карта не поддерживает хеш-функцию %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "создано подписей: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 "проверка административного PIN в данный момент запрещена этой командой\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "нет доступа к %s - непригодная карта OpenPGP?\n"
@@ -8431,59 +8538,63 @@ msgstr "||Введите PIN на клавиатуре считывателя"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Первоначальный новый PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "работать в многосерверном режиме (нефоновый режим)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|установить уровень отладки, равный LEVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|сохранять журнал в файл FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|подключаться к считывателю на порту N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|использовать NAME как драйвер ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|использовать NAME как драйвер PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "не использовать внутренний драйвер CCID"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|отключить карту после N секунд неактивности"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "не использовать клавиатуру считывателя"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "использовать входные данные переменой длины для клавиатуры считывателя"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "не позволять использовать административные команды карты"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Вызов: @SCDAEMON@ [параметры] (-h - подсказка)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8491,38 +8602,32 @@ msgstr ""
 "Синтаксис: scdaemon [параметры] [команда [аргументы]]\n"
 "Демон криптографических карт для @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "используйте параметр '--daemon' для запуска приложения в фоновом режиме\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "обработчик fd %d запущен\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "обработчик fd %d остановлен\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "ошибка получения информации применимости ключа: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "схема проверки, запрошенная сертификатом: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "цепь"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "оболочка"
 
@@ -8555,7 +8660,7 @@ msgstr "Замечание: некритичные правила сертифи
 msgid "certificate policy not allowed"
 msgstr "правила сертификата недопустимы"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "сбой получения отпечатка\n"
@@ -8570,7 +8675,7 @@ msgstr "внешний поиск издателя\n"
 msgid "number of issuers matching: %d\n"
 msgstr "число соответствующих издателей: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "не могу получить authorityInfoAccess: %s\n"
@@ -8590,235 +8695,235 @@ msgstr "число соответствующих сертификатов: %d\n
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "ключ в буфере dirmngr не найден: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "сбой при выделении памяти под указатель на базу данных\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "сертификат был отозван"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "статус сертификата неизвестен"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "проверьте, что \"dirmngr\" установлен корректно\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "сбой проверки списка отозванных сертификатов: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "сертификат с недействительной достоверностью: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "сертификат еще не достоверен"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "корневой сертификат еще не достоверен"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "промежуточный сертификат еще не достоверен"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "сертификат просрочен"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "корневой сертификат просрочен"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "промежуточный сертификат просрочен"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "сертификат не имеет требуемых атрибутов: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "сертификат с недействительной достоверностью"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "подпись создана вне времени действия сертификата"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "сертификат создан вне времени действия издателя"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "промежуточный сертификат создан вне времени действия издателя"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (          подпись создана "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (        сертификат создан "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (сертификат действителен с "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (  издатель действителен с "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "отпечаток=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "корневой сертификат теперь помечен как доверенный\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "в агенте gpg нельзя интерактивно сделать сертификат доверенным\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 "для данного сеанса запрещено интерактивно делать сертификат доверенным\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "Внимание: время создания подписи неизвестно - предполагается текущий момент"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "в сертификате не найден издатель"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "у самозаверенного сертификата ПЛОХАЯ подпись"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "корневой сертификат не помечен как доверенный"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "сбой проверки списка доверия: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "слишком длинная цепочка сертификатов\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "не найден издатель сертификата"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "сертификат имеет ПЛОХУЮ подпись"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "найден еще один возможный сертификат удостоверяющего центра - повторная "
 "попытка"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "цепочка сертификатов длиннее допускаемой удостоверяющим центром (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "хороший сертификат\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "хороший промежуточный сертификат\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "хороший корневой сертификат\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "переключение на цепную схему"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "используется схема проверки: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%u-битный хеш недопустим для %u-битного ключа %s\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "нехватка выделенной памяти\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(это алгоритм MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "нет"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Ошибка - недопустимая кодировка]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Ошибка - нехватка выделенной памяти]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Ошибка - Нет имени]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Ошибка - недопустимый DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8832,132 +8937,143 @@ msgstr ""
 "S/N %s, идентификатор 0x%08lX,\n"
 "создан %s, истекает %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "не задана применимость ключа - подразумеваем все\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "ошибка получения информации применимости ключа: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "сертификат не следовало использовать для заверения\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "сертификат не следовало использовать для подписывания ответа OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "сертификат не следовало использовать для шифрования\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "сертификат не следовало использовать для подписей\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "сертификат не пригоден для шифрования\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "сертификат не пригоден для подписи\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "искать сертификат"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "строка %d: недопустимый алгоритм\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "строка %d: недопустимая длина ключа %u (допустимы от %d до %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "строка %d: не задано имя субъекта\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "строка %d: недопустимая метка имени субъекта '%.*s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "строка %d: недопустимое имя субъекта '%s' в позиции %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "строка %d: нет допустимого адреса электронной почты\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "строка %d: недопустимый серийный номер\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "строка %d: недопустимая метка имени издателя '%.*s'\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "строка %d: недопустимое имя издателя '%s' в позиции %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "строка %d: задана недопустимая дата\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "строка %d: ошибка получения кода подписывающего ключа '%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "строка %d: задана недопустимая хеш-функция\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "строка %d: недопустимый authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "строка %d: недопустимый subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "строка %d: недопустимый синтаксис расширения\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "строка %d: ошибка чтения ключа '%s' из карты: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "строка %d: ошибка получения кода ключа '%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "строка %d: сбой создания ключа: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -8965,45 +9081,45 @@ msgstr ""
 "Чтобы завершить создание этого запроса сертификата, введите фразу-пароль для "
 "ключа, который вы только что создали, еще раз.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Имеющийся ключ\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Имеющийся на карте ключ\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Возможные действия для ключа %s:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) подпись, шифрование\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) подпись\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) шифрование\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Введите имя субъекта X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Не задано имя субъекта\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Недопустимая метка имени субъекта '%.*s'\n"
@@ -9013,241 +9129,236 @@ msgstr "Недопустимая метка имени субъекта '%.*s'\n
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Недопустимое имя субъекта '%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "33"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Введите адреса электронной почты"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr "(завершите пустой строкой):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Введите имена DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (необязательно; завершите пустой строкой):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Введите URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Создать самозаверенный сертификат? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Используются параметры:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "ошибка создания временного файла: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Сейчас создается самозаверенный сертификат."
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Сейчас создается запрос сертификата."
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Это может занять немного времени...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Готово.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Готово. Данный запрос теперь следует передать в удостоверяющий центр.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "проблема ресурсов: нехватка выделенной памяти\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "данные зашифрованы алгоритмом %s.%s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(это алгоритм RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(это не похоже на зашифрованное сообщение)\n"
 
-#: sm/decrypt.c:958
-#, c-format
+#: sm/decrypt.c:868
+#, fuzzy, c-format
+#| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
-msgstr "зашифровано ключом %s с отпечатком %s\n"
+msgstr "зашифровано ключом %s с идентификатором %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "сертификат '%s' не найден: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "ошибка блокировки щита с ключами: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "продублированный сертификат '%s' удален\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "сертификат '%s' удален\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "сбой при удалении сертификата \"%s\": %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "не заданы получатели\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "вывести список внешних ключей"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "вывести список цепочек сертификатов"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "импорт сертификатов"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "экспорт сертификатов"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "зарегистрировать криптографическую карту"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "передать команду dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "вызываем gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "не использовать терминал совсем"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|число включаемых сертификатов"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|взять информацию о правилах из файла FILE"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "предполагаю, что входные данные в формате PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "предполагаю, что входные данные в формате base64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "предполагаю, что входные данные в двоичном формате"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "вывод в кодировке base64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|использовать USER-ID как основной секретный ключ"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|добавить таблицу ключей в список таблиц ключей"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|искать ключи на данном сервере ключей"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "запросить недостающих издателей сертификатов"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|использовать кодировку NAME для фраз-паролей PKCS#12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "не сверять со списком отозванных сертификатов"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "не проверять списки отозванных сертификатов для корневых сертификатов"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "проверка достоверности с помощью OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "не проверять правила сертификата"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|использовать алгоритм шифрования NAME"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|использовать хеш-функцию NAME"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "пакетный режим: ничего не спрашивать"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "принять 'да' как ответ на большинство вопросов"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "принять 'нет' как ответ на большинство вопросов"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|сохранять журнал аудита в файле FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Вызов: @GPGSM@ [параметры] [файлы] (-h - подсказка)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9257,87 +9368,123 @@ msgstr ""
 "Подписать, проверить, зашифровать или расшифровать по протоколу S/MIME\n"
 "Операция по умолчанию зависит от входных данных\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "Замечание: не могу зашифровать для '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "неизвестная схема проверки '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: не задано имя хоста\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: задан пароль, но не задан пользователь\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: пропускаю эту строку\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "не удалось определить сервер ключей\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "импорт общих сертификатов '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "невозможно подписать с помощью '%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "недопустимая команда (неявной команды нет)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "всего обработано: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "ошибка сохранения сертификата\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "ошибка базовой проверки сертификата - не импортирован\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "ошибка получения сохраненных признаков: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "ошибка импорта сертификата: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "ошибка чтения ввода: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "в этом сеансе dirmngr не работает\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "ошибка открытия базы данных ключей: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "проблема поиска существующего сертификата: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "ошибка при поиске базы данных ключей для записи: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "ошибка сохранения сертификата: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "проблема повторного поиска сертификата: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "ошибка сохранения признаков: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Ошибка - "
 
@@ -9348,17 +9495,17 @@ msgstr ""
 "GPG_TTY не задан - пользуюсь установками по умолчанию (возможно, "
 "несуразными)\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "недопустимый формат отпечатка в '%s', строка %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "недопустимый код страны в '%s', строка %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9375,7 +9522,7 @@ msgstr ""
 "\n"
 "%s%sВы уверены, что хотите этого?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9384,7 +9531,7 @@ msgstr ""
 "Учтите, что для данной программы создание и проверка подобных подписей "
 "официально не одобрены.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9395,38 +9542,44 @@ msgstr ""
 "\"%s\"\n"
 "Обратите внимание, что этот сертификат НЕ создает квалифицированных подписей!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "хеш-функция %d (%s) для пользователя %d не поддерживается; использую %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "хеш-функция для пользователя %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "сбой при проверке квалифицированной подписи: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Подпись сделана %s ключом %s с идентификатором %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Подпись сделана "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[дата не указана]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "алгоритм:"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9434,17 +9587,17 @@ msgstr ""
 "недопустимая подпись: атрибут хеш-функции сообщения не соответствует "
 "вычисленному\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Хорошая подпись пользователя"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                         или"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Это квалифицированная подпись\n"
@@ -9469,100 +9622,100 @@ msgstr "не могу получить блокировку для записи
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "не могу снять блокировку буфера сертификатов: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "опускается %u сертификатов из буфера\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "не могу интерпретировать сертификат '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "сертификат '%s' уже в буфере\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "доверенный сертификат '%s' загружен\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "сертификат '%s' удален\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  отпечаток SHA1 =% s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "  издатель ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "   субъект ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "ошибка загрузки сертификата '%s': %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "      постоянно загруженных сертификатов: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "сертификатов в буфере времени исполнения: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "                достоверных сертификатов: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "сертификат уже в буфере\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "сертификат в буфере\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "ошибка помещения сертификата в буфер: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "неверная строка отпечатока SHA1 '%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "ошибка получения сертификата по серийному номеру: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "ошибка получения сертификата по субъекту: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "в сертификате не найден издатель\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "ошибка получения authorityKeyIdentifier: %s\n"
@@ -10109,57 +10262,57 @@ msgstr ""
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "поиск сертификата невозможен из-за того, что не задействуется %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "использовать OCSP вместо списков отозванных сертификатов"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "проверять, работает ли dirmngr"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "добавить сертификат в буфер"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "проверить сертификат"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "искать сертификат"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "искать только сертификаты, хранящиеся локально"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "--lookup задает URL"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "загрузить список отозванных сертификатов в dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "особый режим для применения со Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "рассматривать сертификаты в формате PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "принудительно использовать основной ответчик OCSP"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Вызов: dirmngr-client [параметры] [файл_сертификата|шаблон] (-h - "
 "подсказка)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10171,221 +10324,217 @@ msgstr ""
 "Процесс возвращает 0, если сертификат достоверен, 1, если недостоверен,\n"
 "и другие коды ошибок при общих отказах.\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "ошибка чтения сертификата из stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "ошибка чтения сертификата из %s: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "сертификат слишком велик, чтобы иметь какой-то смысл\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "не могу подключиться к dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "сбой при поиске: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "сбой при загрузке списка отозванных сертификатов '%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "демон dirmngr работает\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "сбой при проверке сертификата: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "сертификат достоверен\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "сертификат был отозван\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "сбой при проверке сертификата: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "получен статус: '%s'\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "ошибка записи в кодировке base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "запрос '%s' не поддерживается\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "нужно абсолютное имя файла\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "поиск '%s'\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "вывести содержание буфера списков отозванных сертификатов"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|загрузить список отозванных сертификатов из файла FILE в буфер"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|получить список отозванных сертификатов из URL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "выключить dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "записать буфер на диск"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "разрешить проверку версий программ по сети"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|не возвращать более чем N результатов одного поиска"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "проводить весь сетевой обмен через Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Настройки серверов ключей"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|использовать север ключей по URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 "|FILE|использовать сертификаты удостоверяющего центра из файла FILE для HKP "
 "по TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Настройки серверов HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "запретить использование HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 "игнорировать точки распространения списков отозванных сертификатов по HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|перенаправлять все запросы HTTP на URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "использовать системные настройки промежуточного сервера HTTP"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Настройки серверов LDAP"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "запретить использование LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 "игнорировать точки распространения списков отозванных сертификатов по LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|использовать хост HOST для поиска LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "не пользоваться запасными хостами с --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|искать ключи на данном сервере ключей"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|взять список серверов LDAP из файла FILE"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 "добавлять новые серверы, обнаруженные в точках распространения списков "
 "отозванных сертификатов, в список серверов"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|установить время ожидания LDAP N секунд"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Настройки OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "разрешить посылку запросов OCSP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "игнорировать URL служб OCSP из сертификата"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|использовать ответчик OCSP по URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|ответ OCSP подписан сертификатом с отпечатком FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "принудительная загрузка устаревших списков отозванных сертификатов"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10394,11 +10543,11 @@ msgstr ""
 "@\n"
 "(Полный список команд и параметров см. в руководстве \"info\")\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Вызов: @DIRMNGR@ [параметры] (-h - подсказка)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10406,113 +10555,295 @@ msgstr ""
 "Синтаксис: @DIRMNGR@ [параметры] [команда [аргументы]]\n"
 "Доступ к OCSP, серверам ключей, спискам отозванных сертификатов для @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "допустимые уровни отладки: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "вызов: %s [параметры] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "двоеточия в имени сокета недопустимы\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "сбой при получении списка отозванных сертификатов из '%s': %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "сбой обработки списка отозванных сертификатов из '%s': %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: слишком длинная строка - пропущена\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: обнаружен неверный отпечаток\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: ошибка чтения: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: мусор в конце строки игнорируется\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "получен SIGHUP - повторное чтение настроек и запись буферов на диск\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "получен SIGUSR2 - действие не определено\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "получен SIGTERM - завершение работы ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "получен SIGTERM - осталось %d активных соединений\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "принудительное выключение\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "получен SIGINT - немедленное завершение работы\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "получен сигнал %d - действие не определено\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "возвращать все значения в формате, ориентированном на записи"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|игнорировать хост и подключаться через NAME"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|подключиться к хосту NAME"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|подключиться к порту N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|использовать имя пользователя NAME для удостоверения личности"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|использовать для удостоверения личности пароль PASS"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "взять пароль из $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|искать строку DN STRING"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|использовать строку STRING как выражение для фильтра"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|вернуть атрибут STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Вызов: dirmngr_ldap [параметры] [URL] (-h - подсказка)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Синтаксис: dirmngr_ldap [параметры] [URL]\n"
+"Внутренний помощник LDAP для Dirmngr\n"
+"Протокол и параметры могут изменяться без предупреждения\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "недопустимый номер порта %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "поиск атрибута '%s' в результатах\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "ошибка записи в stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "           доступный атрибут '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "атрибут '%s' не найден\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "найден атрибут '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "обработка URL '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr " пользователь '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "       проход '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "         хост '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "         порт %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "           DN '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "       фильтр '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "      атрибут '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "в '%s' нет имени хоста\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "для запроса '%s' не задано атрибута\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "Внимание: Используется только первый атрибут\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "сбой при инициализации LDAP в '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "сбой при инициализации LDAP в '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "сбой при инициализации LDAP в '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "сбой при привязке к '%s:%d': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "ошибка поиска '%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s' - не URL LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "'%s' - недопустимый URL LDAP\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "ошибка чтения '%s': статус HTTP %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL '%s' перенаправлен на '%s' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "слишком много перенаправлений\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "перенаправление изменилось на '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "ошибка вывода строки журнала: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "ошибка чтения журнала из обертки LDAP %d: %s\n"
@@ -10542,51 +10873,31 @@ msgstr "сбой при ожидании обертки LDAP %d: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "обертка LDAP %d зависла - будет удалена\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "недопустимый символ 0x%02x в имени хоста - не добавляется\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "добавление '%s:%d' к списку серверов LDAP\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "сбой malloc: %s\n"
 
-#: dirmngr/ldap.c:221
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s' - не URL LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
-#, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "'%s' - недопустимый URL LDAP\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: недопустимый шаблон '%s'\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search достиг предела сервера по размеру\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: задан пароль, но не задан пользователь\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u: неизвестный флаг '%s' игнорируется\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: пропускаю эту строку\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10672,91 +10983,91 @@ msgstr "сбой получения хеша ответа OCSP для '%s': %s\n
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "не подписано основным сертификатом подписывающего OCSP"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "сбой размещения элемента списка: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "ошибка при получении идентификатора ответчика: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "не найдено подходящего сертификата для проверки ответа OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "не найден сертификат издателя: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "вызывавший не вернул целевой сертификат\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "вызывавший не вернул издающий сертификат\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "сбой при выделении памяти под контекст OCSP: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "не определен основной ответчик OCSP\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "не определен основной подписывающий в OCSP\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "используется основной ответчик OCSP '%s'\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "используется ответчик OCSP '%s'\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "ошибка получения статуса OCSP для целевого сертификата: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "статус сертификата: %s (этот=%s, следующий=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "хороший"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "сертификат был отозван %s по причине: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "ответчик OCSP возвратил статус в будущем\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "ответчик OCSP возвратил нетекущий статус\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "ответчик OCSP возвратил слишком старый статус\n"
@@ -10766,67 +11077,71 @@ msgstr "ответчик OCSP возвратил слишком старый с
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "сбой assuan_inquire(%s): %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "нет сервера LDAP"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "в идентификаторе сертификата нет серийного номера"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "сбой assuan_inquire: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "сбой fetch_cert_by_url: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "ошибка отправки данных: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "сбой start_cert_fetch: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "сбой fetch_next_cert: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "превышено max_replies %d\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "сбой при выделении памяти под управляющую структуру: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "сбой размещения контекста Assuan: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "сбой инициализации сервера: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "сбой регистрации команд с помощью Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "проблема с приемом Assuan: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "сбой обработки Assuan: %s\n"
@@ -10872,51 +11187,57 @@ msgstr ""
 "сертификат не следовало использовать для подписывания списка отозванных "
 "сертификатов\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "менее подробно"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "выводить данные в шестнадцатеричном виде"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "декодировать полученные строки данных"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "подключиться к dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "подключиться к dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|подключиться к сокету Assuan NAME"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|подключиться к серверу Assuan по адресу ADDR"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "запустить сервер Assuan, заданный в командной строке"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "не пользоваться расширенным режимом подключения"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|выполнить при запуске команды из файла FILE"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "выполнить при запуске подстановку subst"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Вызов: @GPG@-connect-agent [параметры] (-h - подсказка)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10924,173 +11245,189 @@ msgstr ""
 "Синтаксис: @GPG@-connect-agent: [параметры]\n"
 "Связывается с запущенным агентом и посылает команды\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "параметр \"%s\" требует программы и необязательных аргументов\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "параметр \"%s\" игнорируется; причина - \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "сбой получения строки: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "слишком длинная строка - пропущена\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "строка сокращена из-за содержащегося в ней нулевого символа\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "неизвестная команда '%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "сбой отправки строки: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "в этом сеансе dirmngr не работает\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "ошибка отправки стандартных параметров: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "открытый ключ - %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Закрытые ключи"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Криптографические карты"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Сеть"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Ввод фраз-паролей"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Компонент не подходит для запуска"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "Файл конфигурации компонента %s неисправен\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Замечание: Подробности можно вывести командой \"%s%s\".\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Внешняя проверка компонента %s не прошла"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Обратите внимание, что спецификации групп игнорируются\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "ошибка закрытия '%s'\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "ошибка при интерпретации '%s'\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "вывод списка всех компонентов"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "проверить все программы"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|вывод списка параметров"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|изменить параметры"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|проверить параметры"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "применить глобальные значения по умолчанию"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|обновить файлы конфигурации из файла FILE"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "получить каталоги настроек для @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "указать глобальный файл настроек"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "проверить глобальный файл настроек"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "запросить базу данных версий программ"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "перезагрузить все или заданный компонент"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "запустить заданный компонент"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "выключить заданный компонент"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "вывод в указанный файл"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "задействовать изменения во время исполнения, если возможно"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Вызов: @GPGCONF@ [параметры] (-h - подсказка)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11098,15 +11435,15 @@ msgstr ""
 "Синтаксис: @GPGCONF@ [параметры]\n"
 "Управляет параметрами настроек инструментария @GNUPG@\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Требуется однокомпонентный аргумент"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Компонент не найден"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Аргументы не разрешены"
 
@@ -11122,151 +11459,227 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
 "Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "принудительное использование симметричного шифра %s (%d) нарушает "
-#~ "предпочтения получателя\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "Замечание: ключи уже хранятся на карте!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "ошибка записи во временный файл: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "Замечание: ключи уже хранятся на карте!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "использовать файл журнала для сервера"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Заменить существующие ключи? (y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|сохранять журнал режима сервера в файле FILE"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Обнаружена карта OpenPGP номер %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "работать, не спрашивая пользователя"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "разрешить поиск по PKA (запросы DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Параметры, управляющие форматом вывода"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Параметры, управляющие применением Tor"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "добавить сертификат в буфер"
 
-#~ msgid "LDAP server list"
-#~ msgstr "Список серверов LDAP"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "настроить KDF для проверки по PIN"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "добавить сертификат в буфер"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "добавить сертификат в буфер"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "запрашиваю ключ %s с сервера %s %s\n"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: не задано имя хоста\n"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "не удалось определить сервер ключей\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "сменить фразу-пароль"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "возвращать все значения в формате, ориентированном на записи"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "обнаружена карта, серийный номер: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAME|игнорировать хост и подключаться через NAME"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "на карте нет ключа удостоверения личности для ssh: %s\n"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|подключиться к хосту NAME"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Удалите текущую карту и вставьте карту с серийным номером"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|подключиться к порту N"
+#~ msgid "use a log file for the server"
+#~ msgstr "использовать файл журнала для сервера"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|использовать имя пользователя NAME для удостоверения личности"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "агент gpg не работает - запускаем '%s'\n"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|использовать для удостоверения личности пароль PASS"
+#~ msgid "argument not expected"
+#~ msgstr "неожиданный параметр"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "взять пароль из $DIRMNGR_LDAP_PASS"
+#~ msgid "read error"
+#~ msgstr "ошибка чтения"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|искать строку DN STRING"
+#~ msgid "keyword too long"
+#~ msgstr "слишком длинное ключевое слово"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|использовать строку STRING как выражение для фильтра"
+#~ msgid "missing argument"
+#~ msgstr "пропущен аргумент"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|вернуть атрибут STRING"
+#~ msgid "invalid argument"
+#~ msgstr "недопустимый аргумент"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Вызов: dirmngr_ldap [параметры] [URL] (-h - подсказка)\n"
+#~ msgid "invalid command"
+#~ msgstr "недопустимая команда"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Синтаксис: dirmngr_ldap [параметры] [URL]\n"
-#~ "Внутренний помощник LDAP для Dirmngr\n"
-#~ "Протокол и параметры могут изменяться без предупреждения\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "недопустимое определение синонима"
+
+#~ msgid "out of core"
+#~ msgstr "нехватка выделенной памяти"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "недопустимая команда"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "неизвестная команда '%s'\n"
+
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "неожиданный текстовый формат: "
+
+#~ msgid "invalid option"
+#~ msgstr "недопустимый параметр"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "недопустимый номер порта %d\n"
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "не хватает аргумента для параметра \"%.50s\"\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "поиск атрибута '%s' в результатах\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "у параметра \"%.50s\" не должно быть аргумента\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "ошибка записи в stdout: %s\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "недопустимая команда \"%.50s\"\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "           доступный атрибут '%s'\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "параметр \"%.50s\" неоднозначен\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "атрибут '%s' не найден\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "команда \"%.50s\" неоднозначна\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "найден атрибут '%s'\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "недопустимый параметр \"%.50s\"\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "обработка URL '%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "Замечание: основной файл параметров '%s' не обнаружен\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr " пользователь '%s'\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "файл параметров '%s': %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "       проход '%s'\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "не могу выполнить программу '%s': %s\n"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "         хост '%s'\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "не могу выполнить внешнюю программу\n"
 
-#~ msgid "          port %d\n"
-#~ msgstr "         порт %d\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "не могу прочитать ответ внешней программы: %s\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "           DN '%s'\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "проверить подписи по данным PKA"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "       фильтр '%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "поднять доверие подписей по действительным данным PKA"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "      атрибут '%s'\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC и ECC\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "в '%s' нет имени хоста\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "учитывать набор записей PKA при получении ключей"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "для запроса '%s' не задано атрибута\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Замечание: Проверенный адрес подписавшего - '%s'\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "Внимание: Используется только первый атрибут\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Замечание: Адрес подписавшего '%s' не соответствует данным DNS\n"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "сбой при инициализации LDAP в '%s:%d': %s\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr ""
+#~ "уровень доверия установлен в ПОЛНОСТЬЮ по действительным данным PKA\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "уровень доверия установлен в НИКОГДА из-за непригодных данных PKA\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|сохранять журнал режима сервера в файле FILE"
+
+#~ msgid "run without asking a user"
+#~ msgstr "работать, не спрашивая пользователя"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "сбой при привязке к '%s:%d': %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "разрешить поиск по PKA (запросы DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "ошибка поиска '%s': %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Параметры, управляющие форматом вывода"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: недопустимый шаблон '%s'\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Параметры, управляющие применением Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "нет сервера LDAP"
+#~ msgid "LDAP server list"
+#~ msgstr "Список серверов LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "Замечание: старый основной файл параметров '%s' проигнорирован\n"
@@ -11322,8 +11735,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "невозможно открыть %s на запись: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "ошибка чтения из %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "ошибка записи в %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "ошибка закрытия %s: %s\n"
diff --git a/po/sk.gmo b/po/sk.gmo
index e0006e16125f3146df98865387564fea699cf259..31a5ee1cb48d45119b83dad88276fedb3620b3cd 100644
GIT binary patch
delta 9163
zcmYk>2Yk=h{>Sl?2q7XNiJ6dJ5J?0v5;OKzyMmexf*=VIvHLSpv8lb=6jfDK@^A0e
zn%Df(y0`qR)TnA{tG!yfw70GMdgmPfhwr1GJU{1r*O_0T=WhC*yz1+{8RECraBTB2
zCISP?7*p5Rm_I73)|j`eQ^x&Rl50N0ij=>uVNAF#sA=zua5i)HcTRS$#134(7wh3e
z>}rhHL`B;Nj7Pn5p)0@YJc^a5zwXLEBlnt+TE_67X~K^>I1JT+B^ZLQyYl;3j`9`M
z^Y6KOzZheN@_rLVQk4^4RFAfzUU(3z;YFm=<^l3<6BcV<+#I7Qr=sfTqpsVH437B#
zxyAf|9;_5+8`uoPDEC*H_nYyqVj*g1w_;g*2f5drM)ml6)Qw@ajS0m#)Qei88k*{y
z<9r$Qydy}b&1F<W|3r;gjd<H>)0?CV71J;fk2^1*M&=r74g7}nF^0P}hXb(+=3@zb
z6&vAhOvD?g`$G7k>)T*S%)(MQtuEtVhGZTU&2c5_h38RI@eQhn#kpHOh;#Nvjl@*c
z1D9fFT#Ie+2DZX#3C7T7GZb6mA`HeesHyrSf$`Uif2Tr=CW-E8v2;O|2O(`R85n?@
zQ4M+x)#G!h2YrMa@F(nu%Np2@Ttbb|1Jo1+HndY0kCBvHdr9=7;i%P_jk;keY7y?j
z@^}o@^2?|O-o*;|2sNj{jJrQ3p$A){*3K|j&PR3Nb=3WZ7>eFguHq`H0pFq;P@D-=
z&pfDY)gE=@^Qe|*qk6guJ$MC2;%}%C8k%HBZZ5KJ%|5)1SFwbTF^3u#b<k^0G_iAd
z9o6GISQ`IAM$H5?wLM8jH7pIaM&_Ugx8ZCacofxvmd%Y}Hq8JmkNM867)H4eL+~s%
z)Be9kLZeLi7Iu|BgB2;yz$&;3^`N~Ng(pyRc?b0%zhpZ?6)})<B5KjK#Y&ig9$etc
zyHL+PhS9v=Tq9A-eORI@hhsKwMy=u?erP0mAXUbTUGXq7+Qz@NZBR05=m#VJ881IN
z;8E25er@bpX^h(LL(r?$z0*}(!bOxL+S(SrhV3XHN6n!hh4xqv*<mId+h759!rN$k
zxR#6f#+cf?T`x{SH7p-luVxRbBR4zHUv`X%U?o+@9;kgj5u<TE@(nSEQB!mewF^AF
ztt{5Z;n)^6^aZZ|Ez}x1iqGPC)cuisBs5|v7=(*Ed+nmwNJSYc-f|}np|;C;49CkD
zfe&3dnDNt^h(~S1wpaoOqUL-!R>f(kj;urV{1B=k-=o$}w3mrw9hs)cGB7!)2k&>D
z!CI7WxUye2yRE8VEcIPb*H1z<G#@qO+ffbs*!i8a*fVzIs-PO^jVIA+@9HX2Q8#)~
zL%I$laXV@RPGC*Eh3Z-H?soCTqwed5YDg-U#@VRVz6iO+>_FZ31M(cNsnEkNq86xz
z%)%&KgC+4@)QgW|IlPW~z<p;}Purm8s0IwjdYFrvik+wi9YH<kQ`A)aiWRlrYWK1)
zZin%l7=-HK0@Tp&apj8`q#LmqmgsF?7=SDb6NOBxNk?sj1E?YX*%{i$HlP7&M0#Q*
z?>Ffr)o>ANE?>t|cm#FfSyWHHKz%3vaP<}X+PQ3is&9ueI0W^)JXC|Xqt?m+^u=qa
zhTTMO0LdS&!k@jO3!+g&6^j~yj;IGsz+jw-nxZAB2kk|DTF;|id<!*2k5LVa?q{FV
z8sjLBMqRhEALFkc?xRAB>>TRF_fYlzDRyeAJDa1v6Maz+o`SV;1*$>sp{DLSsv|!A
z`DmdZssp8vjbtie2#)B__-oNkp+aA%WzPK=M)_l`fcLNr`V6ow4@O;I56fa-Y=k3G
zJzwuUjC%1GsF8k%dhwsmvfhEVM>Q~%6P-}2eh_+aBqm`Vs%P(^M&>h2#NSabOnA<Y
zL<-iYJO}lh{a6p*bLYRom6XE<*~RYNNs>UtN2mw+47MMb7*u@<*1;E1Lw^7@haaQn
z@G+`E)rQyxH^a)52cgdApg*ogjo4=N;8A2Gyyg~(Zurqwm@-4{lz6Z)^-WPXWT76k
z5;cSyFaq~rT|A3=&M&AJmmOxGlYqLuGipr?LT%rn*hKq3mBd5EMl2d))MES$wVfVg
zD<AUV#<2Cx=;yhf^1G-Pev)bz-vejp2s@HV&cUeX&Bf|ifGzPPHst-rccd|VBTN$N
zf(2L&ccb?0SyV$FU{$O<%6=!Bpr)b+>iksHRK1MawjW?c{Lz(5r`h`&qKEn}=+%Yk
zB$IF@Rzly=)^ODML{v`)qt?U})Qfha7TZN^h{eX(Mc5eCkyO+o%|k81gBXopqX&b=
zGX6>u#@f}`8?~QjVNKkH<?#b-hqti>MyJ~$PepCd`KT9eLN(|x*24SF^5g6_O-9xC
zz!=OK$N1}pEmWvwA0ivU{D|7OJ;&QW1&3k{%HvQyU5?t8$FU9mikh0H6YRF@kI9sW
zV;9_l&F~J^!N?4IU3V`@X)02jsi+GxP>W`l^9*W4zCyJ;Fw;#9>bk*L5@(`bn1@<q
zAEG)~I?FaR8FhX(>U-loO`;Zkih8mCM7yopVld@l&P>z;U%+yB2sI)XumnCtjm&Sj
z9P6;4_{f>}QQI^$+b+iXsQbELi1z;k63vMh^&xo;H5JEQ{a2_51WmT*<58dHPN=mp
z7{hTAYK<&IJ?CGj5&IVP{IWUruX;@|fO0lg(f*%Jq8Dty`uGke;$2rCKE*z`DJD=q
z6Sb}OU=*Ifj(7((lJU8W5)MRN{|Rc!{HNM-0`~P`ZD4mV$$@Eh4j)gqa}qhj?t(@b
z%8kQN4a&w=xC<-eU5rOF(|#xF;9{Paf?ABXX4x<3U#K;bG~0exQm{Pb9P}z#OwtBl
zaej_<DOaZ(s_%_zz)M&aPooFFL_N4TqZoqv+l;2JDHg3A)P0$#5!mj^=Uv&%Vf<q`
z5j)3jr#`5;%*U5-JFdi}x%OAA)7XM?&^$Zj-7tmnN^FI9u>nTUw<9<JJ5!#A-SHf1
zkyp&qx8ImPd9<V_$s#H=lvl7D`n||MCSWhr;<<x8FmQo=!658Kc`0hnucKa2DxZ1B
z{`foY!x(&Hp&f~fSdX&*BKsGU#$FQjXtDD&)}rjY*j^ZiYVkm9h^w5ZP;28624Ucm
zqGe#hF_7|l)Ku-j()bTd!wc956PMaArgtofzWGZ~L%#!S;4v(RU!vB?FR0xSxXg|~
zORPyb3+vz-)Tj73mc%QlMfy2vO8$dQu`VA64gF|jZFtQ#5;fowHplO91jekeQ?eM#
zP<|KHfRk7af5v1CV}T@LA5=s0F%Gw47d(Ttu`CNJ5?f#u9E_pb|G6abR4hg{<XzMY
z{)u|feJqQWR@v`F9BODgp{8n-a|wDVAHWd2gqr)i7=}Ts?KZ7}{V8`x{ri*IPSO}J
zVOI=TV;j&9qbN^C4e44`gSNTzXR$ryuUvgRD^^pHf@;`2)CldyM7)b?Q209A(Dtam
zf0|Jw8k)D97f?fYACs`jdb?;cP!B3V_3$zl!*5Ux{Wng;;0@L}m`eEp*2QNx+C?`P
zb^VTwjK6wxnu-Mc0W}q#P4<TFsJWVfn!~jijmKR1E~=;HHrqwp6xG8a7=d}Hjul`<
zJdWznRrJN+EsVb!5VFPop^%JvU}sd%GEpth#$<d2tKbccz(?2u%Wrib6x53rq3R2;
z6W%~|pyoE)^IoWqPV$ndg<G*29>!$6j@7a9%l3RSYFiFLHF%CIzk%xU1#E`DU_Gq=
zid|E~(U0;vEQOmf6nCO_nfD-x9uQGr_iqPmM0qeaz!g|Dbf}(R#W4H{W3kk$wm}V1
zQ!@m$2<M?jZl5dPK;0Lx-L9QT4A=f|NTM5iVie|JWn71)@oiK?4q<P+kM*(j4m)BK
zu|MS%sQd4tMxf+QI|5Bm-;Yex+|NQi?*MMn{{NChL+5?X&ecKG5Sv~0lUo~gekf{@
zuE*wh2HT+T>-M_#&RlFt{cco4ZetBBx7%*xB-Gru!bZH`j3d#|Zo^1Ch*}F*u{u6N
zEu!!@?2RL^D&^&<xqQ>rAH$ZEze6>+_8$AZQ5Zux5B1_V(GRbnw;0I{l7{#>YR<ym
zv_squV<}HYJzxv^pniMliaPdNOnvIkx?D^l#_M7ZX2djbxypQ2iW;!QN8`^CP0S%`
zb5RYVyt_CTwfJ;&CI21=5*q%ekJA(m5$bhk;svf<jqJLjV-)4D$TaUyj@BdzdVdlp
z>6od953wH+My_K7p1>ZiT+R78b(37qaxrfc^C@@0R|p-Ndma7Ub+%-Gj)Drr1ogiP
z7vvKi$ww2v651+*iAqGIdq4_#Ph!SX4~!>YLrf!vb8Z5%-b@92ktiU4a%hTmOeM5H
zb$AoFNZaEeF^MQ7nh-idITvr!qLrRaxg2HIqxqR&Cz>O~b3`KN))HytY;`l5{5JMM
z9nTUo$^V8Q5%-8MwEzEyq`JH4L-H{$Ux?*gUXpqpFI&u9Y|XhQL~&Pl2d@#$sH;fm
zSb(XhU7}+$<xFf`RN{|%&3~G^Sap@jzr|VZf_eBamx~n6N8(LaH<fZvq6g)g#A<SF
zK^|LlROaVDTs{+jBvx|GB0@)|e*f3e%^5^Kps2=}=c()O>Qyy^=s@`q>K`ON!(^O>
z!-$uNt(4!v|0Bi`d}7TfL>=n4;T)`vM+qI?I4aVK%eGwfTdmRz>VCoBT)jR}!PM!P
zPAo6V_(9zb=!9DcUsvCf{2aM{Pk8L=uHfH^UYzSfaCnP;Z@)#hk62GUPqZMO9DK}7
zG#76qO52-E8$3z<UU!i`Qp2dL<;vnXahM2Jf#X@u4<Vi$L&+CtqNbC4O6`B#86V1j
zk-zxlN=zbV6MpUi56GLlyaf45q7;!x{6u^}=vZMf6S+2<{4Oz=ye*z0{>}T%a4NJ8
z1`;1r{$FA!p(BdAaYQk45Ahb!mhzM18<H`uumtNqbxzfP5RIOyD@(qZx;$Kl-o_;F
zlPtw&P)AMjGQ?a$#~`8>`6|r9996obBjsfBvcwiwx1738E)OBUPkzyrFJM*bs$oNY
z|96rEQnAThAkGuzU3nYlbPOTt6D25bz(Lp>JG=9B$)6nUsEeaenwU@YCvx0%8RW-^
z0HTKG|2cOeoeCZETv_>5VzLsBjYI^|+nulU)OGEs|A8pw>LM_f@FmtzuOo`+PI*yL
ziGM$kntvU|IFW_zaXfnPJDuR@ZYlbeTxlO7k9d!`L~Q0-9Se!;L;&R&;w54Ov7XpO
z=-5S!B>x>(p!WrmGlY(R5?>O5D!3!&NrHbqm2W2ZC)N^GiCH|XHa5i(n2O=V0rF+I
zju=b+HKC&p(M|o&C26l3ceK!jgpOyN18^c`e_UF0#{SP{rNyb6?XJtGyx8Sauo2~w
z*jE>FtRfH6`GAg@IceFRoUw&7YP2p^=pVDoXZ5eKiG`iw#zeOoos~T@J#&m_^7M?1
zw4Chpk)Dz16UTCS^kh$L^r$#bZhF>))SR@*p6oQvq^D)(cqV42jZVu>%N&_j_(sp-
z!G%7<LVOBq4&PIvFn;tGKC8!!ZC!X`?7q64P8~^49hI7SqCihCdiZ$qQw8axvs3^7
z`I%|C)5m7zP8pY`=Z?zFI(cNoiGmCYC-#m@%NRMOFmv76u)-yKa(oKI_BQtYFZ&FP
Aw*UYD

delta 9730
zcmZ|U30##`{>SkHnkh;sAntkv5tKzlQNSfM72MZca*O4v2m-RHm0h*8-1po~TeQ-w
zWULvtGIcC#+H7AZb(*rpbZUxfYChk44*h-2{O5W3yYJsQ&vv%wxqzqM3q1RApzq_*
z+8Yhq-T-4-;+SA#(gKZH(Ok90ltdYmfU~hK$J~!iC_mE9m=^dP>bwt~)y{}$Ti?Yw
z0{d~?EKJ0MIM5iM`P3Z{*WQ?B?8ri0Fvsb`rj)lk520@SiYs429bYTP818L6NR{c2
z@mPr3zXe0_X;*#`8*zX08HsNEquUW0Ys_TIov;<IM4h+~b=+}O1KxFhhiYKM4#sHE
zI$&$;hmn|z^wBIqHEch&#dE6X{^olU9oV9yF^sP1jkLw&pa++sdaw_}@da1@$d!LW
zO-V=`jldYBO(qpJBH5_(mS7leL*3^I^r@xiNaR&#BgRb^OhUCd3)O>S<e%BdhZ^`i
zX5l4lfL&N9G6OYoLs4s|fR7~Hf|~oYsFA8pVEpTlgj3rETVPiljymyf<exdnM_v3B
z>)|B~#_up413TFp_Cig~L{tywpgOS4`8;YQzCc~?*G`OoCdu_QF9U~TZ(M^6hItix
z;m;U?X`Ss<4Mg3z5Vbb;Vk124$}gij@CgQCaI$SsQ&fk0qNe;NAIWBtY1kisLk(Sj
zhC@S?i<+7{F${NL8+-~w@paUqyofsfSJYx`#xOR<WK_emPz@Z95jYbyrM`tE*OTl;
z4?clfJg>QOHL3^AQ|twzF^qC|S00RNz+_Yd=Ae4E4z*|xp>F&Js^J$=9j)EXe?OlY
zM3PHI0cy@(MGf6QkO#xG?QYC@9E^2%0VSr|9;T$(IUI)S@i?rHCCI3oJ5U`tfNIz~
zsFA&j9&DIy%=`f6zcWcQDxT=UGmkG~W2|<D^t6j68a3qU$TiGRq%-CoWF4AgsHf&D
z)D3I1aCDtE*cMYzQ#lTGol0!U{moJmJvMt#i>?aQqfgL-Ke}==R;DhTjGDWlsD_uJ
zuCo$LG5AKih!>zn;#uSp<_ZqPP8s$on}`1A{{V@G{x8Te<_hXv-MNpwKqcyik6;$Q
zf|{ZxeQmivE~UH*)xf4V8AEEipr)`A`Db?Vp^>_X85q`&b`KyKqq_z0oFXqXvz-;9
zmY=~Wtj1()#lh;y2;_-0t1uFu#rAj})zEr8)A85|HARz9Pr*8Dh!5aYtjhG+p%0^5
z+TlShqRu!Pd!a6{7I_fN8N301!Emh4cm|^fRiB7@T6$p%%)*wK=gJFFYhnjRV3m)g
z4#`>6oWG8(@Di#gbqCp=C!!jXjaodLko9REL)M%540YkC!PYd?hzxh-O4O9Cz*s!&
z>U|eT)Y59ykT)J;TbAjZ;;cZ8&<a!occ51L5m!Ek>d_T!fOUu3=e;p%1X566Mx#(2
zn}e;jZg-IA#G|N&oWuHf8MT;xM%rc~hS?KyP#3xv)quybEuO}@_;=I|zr{uvJlvkw
z#@QcregQ`4xmiP!NX1^%6ugaU$Ys=p>W{Ef5R1CuL}wYsQC^O^;4`Qp|In3djkIeb
z7Hd)89o5ku$oey*FpK+}tt5I}E}(|C{U~ccR0DEQBjLj~xD^>Xa~L(}?_oW>j5@9w
z)sb*ku-*>|sQOH7h&isl41F<FtR&F|58(~?CTfvfz(8y;#x^JfgD5Asaw=;7SX4tN
zphln)b)6j;g8NZZbQIOWk1-s78N>MN#*J>abCiT?@mSP_O0WZNLLGMk)sw%XM&f7G
zja!Vh^{J>S8tp7Vy&vvEU3U+5#OF{A`f@Deuel2zXM2*2wJE2ddXSDhiDn>%;(Ba?
zdr&W?<IeM_9@QCd=ePw1Q%*)TJOg$7RMZsQg<Wuik3^5d3(jv)Hx8d*hdK&%<3wj4
zRFB4B7|ubh`sL`s4VZ$5P#yacHDV2Ku`jSV)ctNnjf8IrNfOCZs0*FPMEuen(0n3K
z2<85$)&4ei!oW%PLdlpwc|59q3C82osD@rZO<|qMb|jLpIpyK#(epo(q!|^<QA6}F
z>Vhw#hVBQv9wVmM{jJeMxi4yDa#813y7C&-6g`OD@CbVFDr)G%rrPVZ!%#i{@gyzT
zaU<%+lTa62hOO}-)CEtXZukLe)qjI}uCHKs{2o1+aH}2qVc3Rp8R{upkG%tE5b|m<
zKV@^gkBUJ#_J#$yc2zER?nTYji_Xia3pUQPLz{xVD38Zvybnj{c(=c~*LI*6>T#Zg
zYRF=2g^#08J%5R$Eq;zF2TijtmKfCB^+KIE9W}SBu{|C|jm!mC{uvunj+|~sA{BMq
z1e}cvuqj?eomYPb<F6Y>&9E))k2)X^b>e(fgC0Un$qCdV`vBFD`uTS8rlLk5AGNBt
zqZZ#8?24CAi@MEBJEFtTL%DpW&n6qG(CU5~JK}k4hrtE5N6FZiau)W$<*0_A!3g{U
zbwg8V8x)1=z!>N4sKxhyD_3C*<@bFgNhE=@Y|FYJPo9~8dJp^o8{kQd!q-qe{SNh<
z#}x5$!O5sO-HCPaDE7qDn1zAG_J`KN7*BaI>Nwv)lKLb^oM$kN@;TIE3ofxHphjdU
zs^z7q9&UB}PoOUNDe8uoP>Zt*6Q6{$F#{h!?Z1G$z<egY)V3%Cb>ms6Ip2#Rc*^-E
z>Vg-s5k{8T5$TF`D38ZvoQkV(9gf4c<@S2>P>b$9)JPsc|MUL_iF)!k)SIb6g`J8R
zRQ*s?gUV6+*J3#C$HsU9Ti`pWHS!PCaosBIh>b*DrxMd~2L|E0*qrreE|BO3zoLe!
z#T>h8hoI^gqAt7>JK?9;1RKq@i?9Rsr#u)nw`=iEJdQfP*E~CAvry%YI4Xd(fxaOm
zO>ehz?7hQ&sVqi41zTMC6n3TjF80RY`Sx)ff^n3mVJxo0WnAwFwxT?M-gUz~)LPnx
zdZQjejokY_=3mLTRAgYC1=dVVpnR_@KaFa@52y>rFSL*CAk>8mFcg<#H10(I+CiQ7
zCTh{vTV%_fQRQiixUpKkii#9`1~r#o<65kDm;LtJhMAP(@3zl>IcmtC#GCP-sF4}6
z*!~o~95sT+Q0IM)LojKHUF7qzJLPA5B*RE9qlU8gJ$xVFOx%cvussgGmxYL>*cqS0
z;dm7_=Y5yj8x-Ss%17}hY`o0&wBd5w^HfZvein{K-*ytc(Y|%Yudp|qfjV$Crr~ka
z<MpF6Zlzr-Q}71rOOa({7GeYZ7iy}4R@wJUEP5$-#V)uNBlY~hLei9qE2yClT5X@t
z_NeE45NeG~LOmU&s1bM&+u>Unk3V4q#;ma~qTbkyawh8dY)r-VsG)xuyK;Y1d#!Ci
z8tVBRg*mtq<M3My#+K`B13IEs@kH#2x1oRSpc?u$cEDQe?VBzEwH7K-i*+~Z{cr-q
zxWD<3#D62yNVMEwZ;*nz&=_opcVbIijT+khsI_s{c?CU`o3e01F%4sI2!>-h#^O>O
ziwDuyiKO0r_Bl;M^{fQj;%cmmPoWxe*zLcFH&L#&$<}A0reHRzK|4_+a~iv1;AY#9
z?&zUB6$j#i&5XZ><SZ5P5@uo07CWS)u?yv;s0$rK_3SFv!t1u$hStLp%5l!^m`yo&
zn|+TIBa6-KKy~anREN&%jieE1u-#5UPfVaZ1DoT0sJVLzqwzym4%}gTnt)N%k3kLf
zTx^NEP#rpkP4FX3!S68;<96BxB>G5#s2GnLx?EJxmZ2K53VY&FRD-HfHweGqKDM2)
zJLOrZ8$ImmkKq6vkLp0iF5B}0)LL7KZP528lGY^ep>FgeYN%3n+XKd<dN>y~WZPZ&
z&!`?>!ZZwhz`ierU^mLQV{JT$_3#-C!xNZ;Zz1RVOzMO7xxE!N*K@El?nD33p?dy3
zY85wp$gbjORD*`0re-c`5$;5d+)J)pjXJOW!*=cTz!sE;VYHtAnIvtgScA>*AlAp1
zQ4M()M_|w%`}|Ktjo1nti~CUL2kx~a&<-^MqfzgTWvIE|jJn<{$ok~ZX^b5AH`_=C
z;9IC3wS3gRY6qZ(b{=YxR$)3`zzl5tnEQ#xxeimQKaGj_D@I|$KHKn-sPZDLi+j))
zNAd)ThW-Q8P>1ZdbKeow(?J-C`KX4jK%I9EHMGBBD-3_!&T%qo{{ZZTrKpZPiCT1*
zFb0DTF#b9)`G8$4Q?M50TujF4n1EX`317fitVUfR@(KT+4bAld{8U7_W?M~Jo1T<v
ze`Y@l;3I;yXYz@0n*Wzb)QE+g)S9@5yb)%jMnyN`sq?>@!Q7<}w>9QC4Y{^X<a6-|
z(Sgv2WKfq*d_u16d14~vrT!9YL%;uNYfKCzx>Eichv7`rg8UbuZ4)t=$YEa&YG}2k
zP}YCV?X^YIhg@43F_&CZ_CB$j{5Vb|Gz~i_`$qDylF&9AR}i&bc{2tRf$S^xA7MXu
z{hKF=5_epEe39}bB8z+n-c4wGoA|Ro<8fwRFJeCB!FWo~|D7a;H~~TU7kBXO<a&&1
zwtkckQ+Ul)G^D(ZSVcLa<{-S0I&Hk-&27XW;tuLQL~SF9dBk$+M(gkYH&U4HPU`EV
z$}H9g+exA}F@}9Dh;c-BqMdfKeNJd~k0<6(pG4e5l&B7y6Mf0GEwY&RaJh2s?|+2;
zj=97kB9IemwzD<KfA|~a4a9fEGsFcVg7c>1(reDA=>O}9<f;3w&Hw%1kLuk-Q%=0j
z9TG!+p1cDl6Z)^0nyn-GR0^|*&g64yb~v{<C%AL|M){1Z<7MjKcG-PC^9PE<h(ap%
z;8(;<@?gAni=?2@(l&+tGi++c;84nqaI&itrPOI#jMHrD|00Se_Yj+?ze892n8E_$
zD8Y|zCV?IOv1V&a!h6QQ^=DrLGX45=H?f`2_9k&N`9^<<FB?~{;%Zm79v^h|kC2a2
zeNB&)ch|=?+hh*bH`PE~Ks-#0CF)T31@Waj_D*L{_APXIEV(v)@vL!qYkv)2X0E&u
zeLuU(Uoe*nUgiEDNV<?0lDEQaVk+Sw9-{76;s)|HsBN>weyfoWXP>qS7L$kX65-VA
z_f2ilR(}5{dCp(Oug*Bb9dHYIk;}EaCs9RY61|Dx#8u)a;sv5D$2P=tVm^60;(qci
zco*>~`D`MOTw7QFC*%Js$zCcK5eLb45x0;h;rB!Zp=~8mMtukoO8yS9o%knFi_rFp
z#T0XlzU$v0>JsI|XhK^k`<}*oiFnQbUx_S2+eKm;2aLc-Y(xB!JcH0yPI(`O5MJ^g
zSV^=eUM4ORanvVcDr!4zF;_5?x>D@s_W3rr<XI}$600bmL%w1C+kKRy$eQ7;#7(Zg
zfIN)Q7g!N>Ug8Jh1LAffjrs?O3gR|GTLY&p@wZ~Fe||{u|6r)fV>NrQr8~G5)~CFJ
zxR*S^9rG4OQNE6-M=T-wQ1=b-C!!;vEtYuQpV^OD9JiIwHdN2w6p~B+BCDGnpSe7r
zya{<C>hHGN9wd5@uOsFW0mNAU9)3n3|Can!BGJ{YrB2%*yaAUHd&r-{d+<j+pEcV6
zD()vH5$g$ULx@W9o3Xhn{9Dz5$icM+M(1_#^c&sB6I+%)y~tBsR5-6gknwmtvDz_8
zJG@1?rSnS4|KEMroK*E)^!|WQcd$3llb2nd9b}@*)_>KfY4hkZkK2=9T;!RPUs&kL
z@p>xCym{-l#iTXq^nd#~b6Rm}x+gNaEVAmgn1bl4JB9{^^!3j5=2nz@J>I$H-qND%
zLQhF)@$}N{SwW_vC_AUn>nShxlzOxC{_6m0%Swui%Dh!YlOh8`D$4SUrh9VpOJ;aW
zJ<(-Vt0q5QXWZ{&Q0Oi46lHr#it|eH%l>m5+|JXx^QV;-S7sOGd;iA~HK$i~%lkZF
z<Zao%pK<b0Pu|Jhc33<Gr;eXId}^iVn!PiMJ&cIAD4&7LsmSxvkc!jC^UFE!_oMQ?
z>m#ORHq(e*d*x#ch&Nq5nlP;@p=#`gQ{kCqB^71m`KKRtV{%f*xIruO&MH2Ayr|fd
ud-Cz}Yz`^TE55C=qUOj)X^A_wBE71?ql*H<YMQd!HYHoPTJczF;J*RZO)Dh;

diff --git a/po/sk.po b/po/sk.po
index f185895..64319ac 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.2.5\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2004-07-20 15:52+0200\n"
 "Last-Translator: Michal Majer <mmajer@econ.umb.sk>\n"
 "Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
@@ -18,51 +18,51 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, fuzzy, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Skutočne chcete zmazať vybrané kľúče? "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "invalid passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -70,7 +70,7 @@ msgstr "nesprávne heslo"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -81,25 +81,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-msgid "Passphrase Not Allowed"
-msgstr "heslo je príliš dlhé\n"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr ""
 
@@ -109,298 +97,278 @@ msgstr ""
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr ""
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 #, fuzzy
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 #, fuzzy
 msgid "Passphrase:"
 msgstr "nesprávne heslo"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr ""
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr ""
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 #, fuzzy
 msgid "PIN too long"
 msgstr "riadok je príliš dlhý\n"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 #, fuzzy
 msgid "Passphrase too long"
 msgstr "heslo je príliš dlhé\n"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 #, fuzzy
 msgid "Invalid characters in PIN"
 msgstr "Neplatný znak ve mene\n"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr ""
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad PIN"
 msgstr "nesprávne MPI"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 #, fuzzy
 msgid "Bad Passphrase"
 msgstr "nesprávne heslo"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, fuzzy, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 #, fuzzy
 msgid "Please re-enter this passphrase"
 msgstr "zmeniť heslo"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, fuzzy, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ochranný algoritmus %d%s nie je podporováný\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "nemôžem vytvoriť `%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "nemôžem otvoriť `%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr ""
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, fuzzy, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "nenájdený zapisovateľný súbor tajných kľúčov (secring): %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
 "%s%%0Awithin gpg-agent's key storage"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, fuzzy, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "%s: nepodarilo sa vytvoriť hashovaciu tabuľku: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr ""
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr ""
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr ""
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 #, fuzzy
 msgid "Repeat this Reset Code"
 msgstr "Opakujte heslo: "
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Opakujte heslo: "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 #, fuzzy
 msgid "Repeat this PIN"
 msgstr "Opakujte heslo: "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 #, fuzzy
 msgid "Reset Code not correctly repeated; try again"
 msgstr "heslo nie je zopakované správne; skúste to znovu"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "heslo nie je zopakované správne; skúste to znovu"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 #, fuzzy
 msgid "PIN not correctly repeated; try again"
 msgstr "heslo nie je zopakované správne; skúste to znovu"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr ""
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, fuzzy, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "zapisujem do '%s'\n"
+
+#: agent/genkey.c:154
 #, fuzzy
 msgid "Enter new passphrase"
 msgstr "Vložiť heslo\n"
 
-#: agent/genkey.c:196
-#, fuzzy
-msgid "Take this one anyway"
-msgstr "Použiť napriek tomu tento kľúč? "
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
 "confirm that you do not want to have any protection on your key."
 msgstr ""
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr ""
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -408,7 +376,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Meno musí byť dlhé aspoň 5 znakov\n"
 msgstr[1] "Meno musí byť dlhé aspoň 5 znakov\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -416,233 +384,243 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr ""
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Použiť napriek tomu tento kľúč? "
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr ""
 "Na ochranu Vášho tajného kľúča musíte zadať heslo.\n"
 "\n"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 #, fuzzy
 msgid "Please enter the new passphrase"
 msgstr "zmeniť heslo"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
 msgstr ""
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr ""
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr ""
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "Key is superseded"
 msgid "run in supervised mode"
 msgstr "Kľúč je nahradený"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr ""
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr ""
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 #, fuzzy
 msgid "|FILE|read options from FILE"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr ""
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "s dodatočnými informáciami"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "byť o trochu tichší"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr ""
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 #, fuzzy
 msgid "do not use the SCdaemon"
 msgstr "aktualizovať databázu dôvery"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr ""
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|set terminal charset to NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|MENO|nastav znakovú sadu terminálu na MENO"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr ""
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr ""
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "not supported"
 msgid "enable ssh support"
 msgstr "nepodporované"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 #, fuzzy
 #| msgid "not supported"
 msgid "enable putty support"
 msgstr "nepodporované"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr ""
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr ""
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 msgid "disallow the use of an external password cache"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr ""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 #, fuzzy
 msgid "allow presetting passphrase"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr ""
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr ""
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr ""
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 #, fuzzy
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|použiť mód hesla N"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 #, fuzzy
 msgid "do not allow the reuse of old passphrases"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
 msgstr ""
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 #, fuzzy
 #| msgid "use the gpg-agent"
 msgid "never use the PIN-entry"
 msgstr "použite gpg-agenta"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr ""
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr ""
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr ""
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
@@ -650,150 +628,145 @@ msgstr ""
 "Chyby oznámte, prosím, na adresu <gnupg-bugs@gnu.org>.\n"
 "Pripomienky k prekladu <sk-i18n@lists.linux.sk>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
 msgstr ""
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr ""
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "vybraný hashovací algoritmus je neplatný\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "čítam možnosti z `%s'\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, fuzzy, c-format
 msgid "can't create socket: %s\n"
 msgstr "%s: nemôžem vytvoriť: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, fuzzy, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent nie je v tomto sedení dostupný\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, fuzzy, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "nemôžem vytvoriť adresár `%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 msgid "directory '%s' created\n"
 msgstr "%s: adresár vytvorený\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "%s: nemôžem vytvoriť adresár: %s\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, fuzzy, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr ""
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr ""
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "aktualizácia tajného kľúča zlyhala: %s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, fuzzy, c-format
 msgid "%s %s stopped\n"
 msgstr "%s: preskočené: %s\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, fuzzy, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "gpg-agent nie je v tomto sedení dostupný\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 #, fuzzy
 msgid ""
 "@Options:\n"
@@ -803,19 +776,19 @@ msgstr ""
 "Možnosti:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 #, fuzzy
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
 msgstr ""
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -823,8 +796,8 @@ msgstr ""
 "@Príkazy:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -834,87 +807,86 @@ msgstr ""
 "Možnosti:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 #, fuzzy
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
 msgstr ""
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 #, fuzzy
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 #, fuzzy
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 #, fuzzy
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, fuzzy, c-format
 msgid "cancelled\n"
 msgstr "Zrušiť"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, fuzzy, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 msgid "error opening '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "tajné časti kľúča nie sú dostupné\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr ""
@@ -927,19 +899,19 @@ msgstr ""
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr ""
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 #, fuzzy
 msgid "Yes"
 msgstr "ano"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr ""
@@ -952,7 +924,7 @@ msgstr ""
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -962,142 +934,142 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr ""
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr ""
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 #, fuzzy
 msgid "Change passphrase"
 msgstr "zmeniť heslo"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr ""
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
 "%%0A?"
 msgstr "Skutočne chcete zmazať vybrané kľúče? "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 msgid "Delete key"
 msgstr "nastaviť kľúč ako platný (enable)"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr ""
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr ""
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "tajné časti kľúča nie sú dostupné\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "ochranný algoritmus %d%s nie je podporováný\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "ochranný algoritmus %d%s nie je podporováný\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "ochranný algoritmus %d%s nie je podporováný\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, fuzzy, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, fuzzy, c-format
 msgid "error forking process: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr ""
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 msgid "error running '%s': terminated\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "aktualizácia zlyhala: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, fuzzy, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
@@ -1113,33 +1085,33 @@ msgstr "nemôžem sa pripojiť k `%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "problém s agentom: agent vracia 0x%lx\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "nemôžem vypnúť vytváranie core súborov: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, fuzzy, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpečne \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, fuzzy, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "aktualizácia zlyhala: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ano"
 
@@ -1194,51 +1166,95 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr ""
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, fuzzy, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr ""
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, fuzzy, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
 msgstr "aktualizácia zlyhala: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, fuzzy, c-format
-msgid "connection to %s established\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: common/asshelp.c:351
+#, fuzzy, c-format
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: common/asshelp.c:364
+#, fuzzy, c-format
+msgid "connection to the dirmngr established\n"
 msgstr "nemožno previesť v dávkovom móde\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
+#, fuzzy, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "nemožno previesť v dávkovom móde\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+msgid "connection to the agent established\n"
+msgstr "nemožno previesť v dávkovom móde\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "chyba pri čítaní `%s': %s\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+msgid "connection to the agent is in restricted mode\n"
+msgstr "nemožno previesť v dávkovom móde\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
 msgstr ""
 
-#: common/asshelp.c:521
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
 #, fuzzy, c-format
-msgid "connection to agent is in restricted mode\n"
-msgstr "nemožno previesť v dávkovom móde\n"
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "VAROVANIE: %s prepíše %s\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:740
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
 
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Prosím, najskôr použite príkaz \"toggle\" (prepnúť).\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1317,7 +1333,7 @@ msgid "algorithm: %s"
 msgstr "ASCII kódovanie: %s\n"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, fuzzy, c-format
 msgid "unsupported algorithm: %s"
 msgstr ""
@@ -1401,12 +1417,12 @@ msgstr "Platnosť kľúča vypršala!"
 msgid "Root certificate trustworthy"
 msgstr "nesprávny certifikát"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 #, fuzzy
 msgid "no CRL found for certificate"
 msgstr "nesprávny certifikát"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 #, fuzzy
 msgid "the available CRL is too old"
 msgstr "Kľúč k dispozícii na: "
@@ -1448,7 +1464,7 @@ msgstr "Pomoc nie je dostupná pre '%s'"
 msgid "ignoring garbage line"
 msgstr "chyba v pätičke\n"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 #, fuzzy
 msgid "[none]"
 msgstr "neznáme"
@@ -1458,144 +1474,26 @@ msgstr "neznáme"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "neplatný znak vo formáte radix64 %02x bol preskočený\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-#, fuzzy
-msgid "argument not expected"
-msgstr "zapisujem tajný kľúč do `%s'\n"
-
-#: common/argparse.c:522
-#, fuzzy
-msgid "read error"
-msgstr "chyba pri čítaní súboru"
-
-#: common/argparse.c:524
-#, fuzzy
-msgid "keyword too long"
-msgstr "riadok je príliš dlhý\n"
-
-#: common/argparse.c:526
-#, fuzzy
-msgid "missing argument"
-msgstr "neplatný argument"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid armor"
-msgid "invalid argument"
-msgstr "neplatný spôsob reprezentácie v ASCII"
-
-#: common/argparse.c:530
-#, fuzzy
-msgid "invalid command"
-msgstr "konfliktné príkazy\n"
-
-#: common/argparse.c:532
-#, fuzzy
-msgid "invalid alias definition"
-msgstr "neplatný parameter pre import\n"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-#, fuzzy
-msgid "out of core"
-msgstr "nespracované"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-msgid "invalid meta command"
-msgstr "konfliktné príkazy\n"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-msgid "unknown meta command"
-msgstr "neznámy implicitný adresát `%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected data"
-msgid "unexpected meta command"
-msgstr "neočakávané dáta"
-
-#: common/argparse.c:546
-#, fuzzy
-msgid "invalid option"
-msgstr "neplatný parameter pre import\n"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr ""
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "neplatný parameter pre import\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr ""
-
-#: common/argparse.c:563
-#, fuzzy, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "Neplatný príkaz (skúste \"help\")\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr ""
-
-#: common/argparse.c:581
-#, fuzzy, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "neplatný parameter pre import\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "POZNÁMKA: neexistuje implicitný súbor s možnosťami `%s'\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "súbor s možnosťami `%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1611,131 +1509,132 @@ msgstr "nemožno otvoriť súbor: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "nemôžem vytvoriť adresár `%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr ""
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, fuzzy, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr ""
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "verejný kľúč %08lX nebol nájdený: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, fuzzy, c-format
 msgid "waiting for lock %s...\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr ""
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "ASCII kódovanie: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "neplatná hlavička ASCII kódovania: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "ASCII hlavička: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "neplatná hlavička podpisu v čitateľnom formáte\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, fuzzy, c-format
 msgid "unknown armor header: "
 msgstr "ASCII hlavička: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "vnorené podpisy v čitateľnom formátu\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, fuzzy, c-format
 msgid "unexpected armor: "
 msgstr "neočakávané kódovanie ASCII:"
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "nesprávne označenie riadku mínusmi: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, fuzzy, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "neplatný znak vo formáte radix64 %02x bol preskočený\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "predčasný koniec súboru (žiadne CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "predčasný koniec súboru (v CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "nesprávny formát CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, fuzzy, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "Chyba CRC; %06lx - %06lx\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, fuzzy, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "predčasný koniec súboru (v pätičke)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "chyba v pätičke\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "nenájdené žiadne platné dáta vo formáte OpenPGP.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "neplatné kódovanie ASCII: riadok je dlhší ako %d znakov\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1743,13 +1642,13 @@ msgstr ""
 "neplatný znak (quoted-printable) v ASCII kódovaní - pravdepodobne bol "
 "použitý nesprávny MTA\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "nie je v priamo čitateľnom formáte"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1758,27 +1657,27 @@ msgstr ""
 "meno môže obsahovať len písmená, číslice, bodky, podčiarníky alebo medzery a "
 "končiť s '='\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "hodnota musí obsahovať znak '@'\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, fuzzy, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "hodnota musí obsahovať znak '@'\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "hodnota nesmie obsahovať žiadne kontrolné znaky\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "hodnota musí obsahovať znak '@'\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1788,372 +1687,356 @@ msgstr ""
 "meno môže obsahovať len písmená, číslice, bodky, podčiarníky alebo medzery a "
 "končiť s '='\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "VAROVANIE: nájdený neplatný formát zápisu dátumu\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Vložte heslo: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "VAROVANIE: %s prepíše %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
-#, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s ešte nepracuje s %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Prosím, najskôr použite príkaz \"toggle\" (prepnúť).\n"
+msgid "error from TPM: %s\n"
+msgstr "chyba pri čítaní `%s': %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s ešte nepracuje s %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problém s agentom: agent vracia 0x%lx\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "gpg-agent nie je v tomto sedení dostupný\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr ""
 "použitie %s nie je v móde %s dovolené\n"
 "\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 msgid "Tor is not properly configured"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 msgid "DNS is not properly configured"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "vytvoriť revokačný certifikát"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "ASCII kódovanie: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, fuzzy, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "tajný kľúč nie je dostupný"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr ""
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, fuzzy, c-format
 msgid "can't do this in batch mode\n"
 msgstr "nemožno previesť v dávkovom móde\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, fuzzy, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, fuzzy, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "tajné časti kľúča nie sú dostupné\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Váš výber? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr ""
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 #, fuzzy
 msgid "not forced"
 msgstr "nespracované"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr ""
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr ""
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr ""
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr ""
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr ""
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr ""
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 #, fuzzy
 msgid "URL to retrieve public key: "
 msgstr "žiadny zodpovedajúci verejný kľúč: %s\n"
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr ""
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr ""
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 #, fuzzy
 msgid "Language preferences: "
 msgstr "aktualizovať predvoľby"
 
-#: g10/card-util.c:1111
-#, fuzzy
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, fuzzy, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "neplatný znak v reťazci s predvoľbami\n"
 
-#: g10/card-util.c:1120
-#, fuzzy
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, fuzzy, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "neplatný znak v reťazci s predvoľbami\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 #, fuzzy
 msgid "Error: invalid response.\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 #, fuzzy
 msgid "CA fingerprint: "
 msgstr "vypísať fingerprint"
 
-#: g10/card-util.c:1201
-#, fuzzy
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, fuzzy, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, fuzzy, c-format
 msgid "key operation not possible: %s\n"
 msgstr "Vytvorenie kľúča sa nepodarilo: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 #, fuzzy
 msgid "not an OpenPGP card"
 msgstr "nenájdené žiadne platné dáta vo formáte OpenPGP.\n"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, fuzzy, c-format
 msgid "error getting current key info: %s\n"
 msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, fuzzy, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Akú veľkosť kľúča si prajete? (1024) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "zaokrúhlené na %u bitov\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr ""
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 msgid "Signature key\n"
 msgstr "Platnosť podpisu vypršala %s\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 msgid "Encryption key\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Prosím, vyberte druh kľúča, ktorý chcete:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, fuzzy, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA (len na podpis)\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA a ElGamal (implicitný)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Neplatný výber.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 msgid "error getting card info: %s\n"
 msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr ""
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "preskočené: tajný kľúč je už v databáze\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr ""
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2161,204 +2044,217 @@ msgid ""
 "You should change them using the command --change-pin\n"
 msgstr ""
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 #, fuzzy
 msgid "Please select the type of key to generate:\n"
 msgstr "Prosím, vyberte druh kľúča, ktorý chcete:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 #, fuzzy
 msgid "   (1) Signature key\n"
 msgstr "Platnosť podpisu vypršala %s\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 #, fuzzy
 msgid "   (2) Encryption key\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr ""
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 #, fuzzy
 msgid "Please select where to store the key:\n"
 msgstr "Prosím výberte dôvod na revokáciu:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "aktualizácia zlyhala: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "preskočené: tajný kľúč je už v databáze\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 msgid "Continue? (y/N) "
 msgstr "Skutočne podpísať? "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "chyba pri čítaní `%s': %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "ukončiť toto menu"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 #, fuzzy
 msgid "show admin commands"
 msgstr "konfliktné príkazy\n"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "ukázať túto pomoc"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 #, fuzzy
 msgid "list all available data"
 msgstr "Kľúč k dispozícii na: "
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr ""
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr ""
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr ""
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 #, fuzzy
 msgid "change the login name"
 msgstr "zmeniť dobu platnosti"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 #, fuzzy
 msgid "change the language preferences"
 msgstr "zmeniť dôveryhodnosť vlastníka kľúča"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr ""
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 #, fuzzy
 msgid "change a CA fingerprint"
 msgstr "vypísať fingerprint"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr ""
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 #, fuzzy
 msgid "generate new keys"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr ""
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr ""
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr ""
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|MENO|použiť MENO ako implicitného adresáta"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "zmeniť dôveryhodnosť vlastníka kľúča"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "zmeniť dôveryhodnosť vlastníka kľúča"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 #, fuzzy
 msgid "Admin-only command\n"
 msgstr "konfliktné príkazy\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 #, fuzzy
 msgid "Admin commands are allowed\n"
 msgstr "konfliktné príkazy\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 #, fuzzy
 msgid "Admin commands are not allowed\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Neplatný príkaz (skúste \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output pre tento príkaz nefunguje\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "nemožno otvoriť `%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, fuzzy, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "chyba pri čítaní bloku kľúča: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 msgid "key \"%s\" not found\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(pokiaľ neurčíte kľúč jeho fingerprintom)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, fuzzy, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "bez parametra \"--yes\" to nemožno v dávkovom móde previesť\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(pokiaľ neurčíte kľúč jeho fingerprintom)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2400,9 +2296,9 @@ msgstr "key"
 msgid "subkey"
 msgstr "Verejné kľúče: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "aktualizácia zlyhala: %s\n"
@@ -2427,63 +2323,74 @@ msgstr "existuje tajný kľúč pre tento verejný kľúč \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "aby ste ho zmazali, použite najprv prepínač \"--delete-secret-key\".\n"
 
-#: g10/encrypt.c:116
-#, fuzzy, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "v móde S2K nemožno použiť symetrický ESK paket\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "použitá šifra %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' je už skomprimovaný\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "VAROVANIE: súbor `%s' je prázdny\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "nemôžete použiť hashovací algoritmus \"%s\" v móde %s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "čítam z `%s'\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2491,12 +2398,18 @@ msgid ""
 msgstr ""
 "vyžiadaný kompresný algoritmus %s (%d) nevyhovuje predvoľbám príjemcu\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s zašifrovaný pre: %s\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
@@ -2504,89 +2417,29 @@ msgstr ""
 "použitie %s nie je v móde %s dovolené\n"
 "\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s zašifrované dáta\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "zašifrované neznámym algoritmom %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "VAROVANIE: správa bola zašifrovaná slabým kľúčom v symetrickej šifre.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problém so zašifrovaným paketom\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "žiadne vzialené vykonávanie programu nie je podporované\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"volanie externého programu zrušené kvôli nebezpečným právam súboru "
-"nastavení\n"
-
-#: g10/exec.c:419
-#, fuzzy, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"táto platforma potrebuje dočasné súbory na spustenie externého programu\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "nemožno spustiť %s \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "nemožno spustiť %s \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "systémová chyba pri volaní externého programu: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "nekorektné ukončenie externého programu\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "nemožno spustiť externý program\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "nemožno cítať odozvu externého programu: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "VAROVANIE: nemôžem vymazať dočasný súbor (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "VAROVANIE: nemôžem vymazať dočasný adresár `%s': %s\n"
-
 #: g10/export.c:119
 #, fuzzy
 msgid "export signatures that are marked as local-only"
@@ -2612,409 +2465,409 @@ msgstr "nepoužiteľný tajný kľúč"
 msgid "remove as much as possible from key during export"
 msgstr ""
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: preskočené: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "zapisujem do '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, fuzzy, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "kľúč %08lX: podpis subkľúča na zlom mieste - preskočené \n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, fuzzy, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, fuzzy, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "kľúč %08lX: PGP 2.x kľúč - preskočené\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "VAROVANIE: nič nebolo vyexportované\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "chyba pri vytváraní `%s': %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 #, fuzzy
 msgid "[User ID not found]"
 msgstr "[User id not found]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "chyba pri vytváraní `%s': %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "chyba pri vytváraní `%s': %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 #, fuzzy
 msgid "No fingerprint"
 msgstr "vypísať fingerprint"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "tajný kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|MENO|použi MENO ako implicitný tajný kľúč"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|MENO|použi MENO ako implicitný tajný kľúč"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
 # c-format
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, fuzzy, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Neplatný kľúč %08lX zmenený na platný pomocou --always-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, fuzzy, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "používam sekundárny kľúč %08lX namiesto primárneho kľúča %08lX\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 msgid "valid values for option '%s':\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 #, fuzzy
 msgid "make a signature"
 msgstr "vytvoriť podpis oddelený od dokumentu"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 #, fuzzy
 msgid "make a clear text signature"
 msgstr "|[súbor]|vytvoriť podpis v čitateľnom dokumente"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "vytvoriť podpis oddelený od dokumentu"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "šifrovať dáta"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "Å¡ifrovanie len so symetrickou Å¡ifrou"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dešifrovať dáta (implicitne)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "verifikovať podpis"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "vypísať zoznam kľúčov"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "vypísať zoznam kľúčov a podpisov"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 #, fuzzy
 msgid "list and check key signatures"
 msgstr "skontrolovať podpisy kľúčov"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "vypísať zoznam kľúčov a fingerprintov"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "vypísať zoznam tajných kľúčov"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "vytvoriť revokačný certifikát"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "odstrániť kľúč zo súboru verejných kľúčov"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "odstrániť kľúč zo súboru tajných kľúčov"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "podpísať kľúč"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "podpísať kľúč lokálne"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "podpísať kľúč"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "podpísať kľúč lokálne"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "podpísať alebo modifikovať kľúč"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 #, fuzzy
 msgid "change a passphrase"
 msgstr "zmeniť heslo"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportovať kľúče"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportovať kľúče na server kľúčov"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importovať kľúče zo servera kľúčov"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "vyhľadať kľúče na serveri kľúčov"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "aktualizovať všetky kľúče zo servera kľúčov"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importovať/zlúčiť kľúče"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr ""
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr ""
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr ""
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "aktualizovať databázu dôvery"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 #, fuzzy
 msgid "print message digests"
 msgstr "|algo [súbory]|vypíš hash"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr ""
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|MENO|použi MENO ako implicitný tajný kľúč"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 #, fuzzy
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|MENO|šifrovať pre MENO"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr ""
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr ""
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "nevykonať žiadne zmeny"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "vyžiadať potvrdenie pred prepísaním"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
 msgstr ""
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
 msgstr ""
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "vytvor výstup zakódovaný pomocou ASCII"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 #, fuzzy
 msgid "|FILE|write output to FILE"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "použiť kánonický textový mód"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 #, fuzzy
 msgid "|N|set compress level to N (0 disables)"
 msgstr ""
 "|N|nastaviť úroveň komprimácie N (0 - žiadna\n"
 " komprimácia)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
 msgstr ""
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importovať kľúče zo servera kľúčov"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 msgid "include the public key in signatures"
 msgstr "skontrolovať podpisy kľúčov"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr ""
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
 msgstr ""
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "vypísať zoznam tajných kľúčov"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 #, fuzzy
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|MENO|šifrovať pre MENO"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 #, fuzzy
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 "použiť toto id užívateľa na podpísanie\n"
 " alebo dešifrovanie"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3023,7 +2876,7 @@ msgstr ""
 "(Použite manuálové stránky pre kompletný zoznam všetkých príkazov a "
 "možností)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3053,13 +2906,13 @@ msgstr ""
 " --list-keys [mená]        vypísať kľúče\n"
 " --fingerprint [mená]      vypísať fingerprinty\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3074,7 +2927,7 @@ msgstr ""
 "podpísať, overiť, šifrovať alebo dešifrovať\n"
 "implicitné operácie závisia od vstupných dát\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3082,558 +2935,573 @@ msgstr ""
 "\n"
 "Podporované algoritmy:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Verejné kľúče: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Å ifry: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Kompresia: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "použitie: gpg [možnosti] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "konfliktné príkazy\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no = podpis nájdený v definícii skupiny \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpečne \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr ""
 "VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpečne \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "neznáma položka konfigurácie \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr ""
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 msgid "show key usage information during key listings"
 msgstr "V súbore tajných kľúčov chýba zodpovedajúci podpis\n"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 #, fuzzy
 msgid "show all notations during signature listings"
 msgstr "V súbore tajných kľúčov chýba zodpovedajúci podpis\n"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr ""
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 #, fuzzy
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "zadané URL pre podpisovú politiku je neplatné\n"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr ""
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 #, fuzzy
 msgid "show the keyring name in key listings"
 msgstr "ukáž v ktorom súbore kľúčov je vypísaný kľúč"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 #, fuzzy
 msgid "show expiration dates during signature listings"
 msgstr "V súbore tajných kľúčov chýba zodpovedajúci podpis\n"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "neznámy implicitný adresát `%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "POZNÁMKA: %s nie je pre normálne použitie!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "Neplatná e-mailová adresa\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, fuzzy, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, fuzzy, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: neplatný parameter pre export\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, fuzzy, c-format
 msgid "invalid keyserver options\n"
 msgstr "neplatný parameter pre export\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: neplatný parameter pre import\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 msgid "invalid filter option: %s\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: neplatný parameter pre export\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "neplatný parameter pre export\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, fuzzy, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: neplatný parameter pre import\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, fuzzy, c-format
 msgid "invalid list options\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 #, fuzzy
 msgid "show all notations during signature verification"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr ""
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 #, fuzzy
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "zadané URL pre podpisovú politiku je neplatné\n"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 #, fuzzy
 msgid "show user ID validity during signature verification"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 #, fuzzy
 msgid "show only the primary user ID in signature verification"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr ""
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr ""
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, fuzzy, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: neplatný parameter pre export\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, fuzzy, c-format
 msgid "invalid verify options\n"
 msgstr "neplatný parameter pre export\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "nemožno nastaviť exec-path na %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, fuzzy, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: neplatný parameter pre export\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr ""
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "neplatný parameter pre import\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "VAROVANIE: program môže vytvoriť súbor core!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "VAROVANIE: %s prepíše %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "Nie je dovolené používať %s s %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s nedáva s %s zmysel!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr ""
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, fuzzy, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3885
 #, fuzzy, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vybraný šifrovací algoritmus je neplatný\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "vybraný hashovací algoritmus je neplatný\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "položka completes-needed musí byť väčšia ako 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "položka marginals-needed musí byť väčšia ako 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, fuzzy, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "položka max-cert-depth musí byť v rozmedzí od 1 do 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "neplatná implicitná úroveň certifikácie; musí byť 0, 1, 2 alebo 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "neplatná minimálna úroveň certifikácie; musí byť 0, 1, 2 alebo 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "POZNÁMKA: jednoduchý mód S2K (0) je dôrazne nedoporučovaný\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "neplatný mód S2K; musí byť 0, 1 alebo 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "neplatné defaultné predvoľby\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "neplatné užívateľské predvoľby pre šifrovanie\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "neplatné užívateľské predvoľby pre šifrovanie\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "neplatné užívateľské predvoľby pre hashovanie\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "neplatné užívateľské predvoľby pre kompresiu\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "neplatná dĺžka kľúča; použijem %u bitov\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ešte nepracuje s %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "nemôžete použiť kompresný algoritmus \"%s\" v móde %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "VAROVANIE: daný adresát (-r) bez použitia šifrovania s verejným kľúčom\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "dešifrovanie zlyhalo: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr ""
 "použitie %s nie je v móde %s dovolené\n"
 "\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 "použitie %s nie je v móde %s dovolené\n"
 "\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "nepodarilo poslať kľúč na server: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "nepodarilo sa prijať kľúč zo servera: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "nepodaril sa export kľúča: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "nepodaril sa export kľúča: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "nepodarilo sa nájsť server: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "aktualizácia servera zlyhala: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "dekódovanie z ASCII formátu zlyhalo: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Začnite písať svoju správu ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "zadané URL pre certifikačnú politiku je neplatné\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "zadané URL pre podpisovú politiku je neplatné\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, fuzzy, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "zadané URL pre podpisovú politiku je neplatné\n"
@@ -3647,7 +3515,7 @@ msgstr "Zmazať tento kľúč zo súboru kľúčov? "
 msgid "make timestamp conflicts only a warning"
 msgstr "konflikt časového razítka"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|zapísať informácie o stave do tohto FD"
 
@@ -3698,301 +3566,317 @@ msgstr "aktualizovať databázu dôvery"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "not supported"
+msgid "enable bulk import mode"
+msgstr "nepodporované"
+
+#: g10/import.c:184
+#, fuzzy
 msgid "show key during import"
 msgstr "vypísať fingerprint"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+msgid "show key but do not actually import"
+msgstr "vypísať fingerprint"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr ""
 
-#: g10/import.c:187
+#: g10/import.c:193
 #, fuzzy
 msgid "remove unusable parts from key after import"
 msgstr "nepoužiteľný tajný kľúč"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr ""
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr ""
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 msgid "repair keys on import"
 msgstr "vypísať fingerprint"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "blok typu %d bol preskočený\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, fuzzy, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu kľúče boli doteraz spracované\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Celkovo spracovaných kľúčov: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "      preskočené nové kľúče: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      preskočené nové kľúče: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "        bez identifikátorov: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                importované: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                  bez zmien: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "         nové id užívateľov: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "              nové podkľúče: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "               nové podpisy: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "      nové revokácie kľúčov: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      prečítané tajné kľúče: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "    importované tajné kľúče: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "      tajné kľúče nezmenené: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "           neimportované: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, fuzzy, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "               nové podpisy: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, fuzzy, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      prečítané tajné kľúče: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr ""
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#: g10/import.c:1354
 #, fuzzy, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr ""
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, fuzzy, c-format
 msgid "key %s: no user ID\n"
 msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 msgid "key %s: %s\n"
 msgstr "preskočený `%s': %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, fuzzy, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "kľúč %08lX: HKP poškodenie podkľúča opravené\n"
 
 # c-format
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, fuzzy, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr ""
 "kľúč %08lX: prijaté id užívateľa '%s', ktorý nie je podpísaný ním samým\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, fuzzy, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "kľúč %08lX: chýba platný identifikátor užívateľa\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "môže to byť spôsobené chýbajúcim podpisom kľúča ním samým\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, fuzzy, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "kľúč %08lX: verejný kľúč nenájdený: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, fuzzy, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "kľúč %08lX: nový kľúč - preskočený\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "nenájdený zapisovateľný súbor kľúčov (keyring): %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, fuzzy, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "kľúč %08lX: verejný kľúč \"%s\" importovaný\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, fuzzy, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "kľúč %08lX: nezodpovedá našej kópii\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "kľúč %08lX: \"%s\" 1 nový identifikátor užívateľa\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "kľúč %08lX: \"%s\" %d nových identifikátorov užívateľa\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "kľúč %08lX: \"%s\" 1 nový podpis\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "kľúč %08lX: \"%s\" %d nových podpisov\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, fuzzy, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "kľúč %08lX: \"%s\" 1 nový podkľúč\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "kľúč %08lX: \"%s\" %d nových podkľúčov\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "kľúč %08lX: \"%s\" %d nových podpisov\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "kľúč %08lX: \"%s\" %d nových podpisov\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "kľúč %08lX: \"%s\" %d nových identifikátorov užívateľa\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, fuzzy, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "kľúč %08lX: \"%s\" %d nových identifikátorov užívateľa\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, fuzzy, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "kľúč %08lX: \"%s\" bez zmeny\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, fuzzy, c-format
 msgid "key %s: secret key imported\n"
 msgstr "kľúč %08lX: tajný kľúč importovaný\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "preskočené: tajný kľúč je už v databáze\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
@@ -4005,204 +3889,210 @@ msgstr "chyba pri posielaní na `%s': %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 msgid "secret key %s: %s\n"
 msgstr "tajný kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, fuzzy, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, fuzzy, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "kľúč %08lX: tajný kľúč bez verejného kľúča %d - preskočené\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Dôvod nebol špecifikovaný"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Kľúč je nahradený"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Kľúč bol skompromitovaný"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Kľúč sa už nepoužíva"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Identifikátor užívateľa už neplatí"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "dôvod na revokáciu: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "revokačná poznámka: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, fuzzy, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "kľúč %08lX: chýba verejný kľúč - nemôžem aplikovať revokačný certifikát\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, fuzzy, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "kľúč %08lX: nemôžem nájsť originálny blok kľúča: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, fuzzy, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "kľúč %08lX: nemôžem čítať originálny blok kľúča: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "kľúč %08lX: neplatný revokačný certifikát: %s - zamietnuté\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "kľúč %08lX: \"%s\" revokačný certifikát importovaný\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, fuzzy, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "kľúč %08lX: neexistuje id užívateľa pre podpis\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "kľúč %08lX: nepodporovaný algoritmus verejného kľúča u užívateľského id \"%s"
 "\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, fuzzy, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr ""
 "kľúč %08lX: neplatný podpis kľúča ním samým u užívateľského id \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, fuzzy, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "kľúč %08lX: nepodporovaný algoritmus verejného kľúča\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "kľúč %08lX: podpis kľúča ním samým (direct key signature)\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, fuzzy, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "kľúč %08lX: neexistuje podkľúč pre viazanie kľúčov\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, fuzzy, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "kľúč %08lX: neplatná väzba podkľúča\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "kľúč %08lX: zmazaná viacnásobná väzba podkľúča\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, fuzzy, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "kľúč %08lX: neexistuje podkľúč na revokáciu kľúča\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, fuzzy, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "kľúč %08lX: neplatný revokačný podkľúč\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, fuzzy, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "kľúč %08lX: zmazaná viacnásobná revokácia podkľúča\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, fuzzy, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "kľúč %08lX: identifikátor užívateľa preskočený '"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, fuzzy, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "kľúč %08lX: podkľúč preskočený\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, fuzzy, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "kľúč %08lX: podpis nie je exportovateľný (trieda %02x) - preskočené\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, fuzzy, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "kľúč %08lX: revokačný certifikát na zlom mieste - preskočené \n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, fuzzy, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "kľúč %08lX: neplatný revokačný certifikát: %s - preskočené\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, fuzzy, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "kľúč %08lX: podpis subkľúča na zlom mieste - preskočené \n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, fuzzy, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "kľúč %08lX: neočakávaná podpisová trieda (0x%02X) - preskočené\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, fuzzy, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "kľúč %08lX: zistený duplikovaný identifikátor užívateľa - zlúčený\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "kľúč %08lX: zistený duplikovaný identifikátor užívateľa - zlúčený\n"
+
+#: g10/import.c:4233
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "VAROVANIE: kľúč %08lX môže byť revokovaný: skúšam získať revokačný kľúč "
 "%08lX\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, fuzzy, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "VAROVANIE: kľúč %08lX môže byť revokovaný: revokačný kľúč %08lX nenájdený.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, fuzzy, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "kľúč %08lX: pridaný revokačný certifikát \"%s\"\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, fuzzy, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "kľúč %08lX: podpis kľúča ním samým (direct key signature)\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 msgid "error allocating memory: %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
@@ -4223,19 +4113,19 @@ msgstr "%s podpis, hashovací algoritmus %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Dobrý podpis od \""
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 msgid "key %s:\n"
 msgstr "preskočený `%s': %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Užívateľské ID \"%s\" je revokované."
 msgstr[1] "Užívateľské ID \"%s\" je revokované."
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4243,7 +4133,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 podpis neoverený, pretože chýba kľúč\n"
 msgstr[1] "1 podpis neoverený, pretože chýba kľúč\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4251,53 +4141,48 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d zlých podpisov\n"
 msgstr[1] "%d zlých podpisov\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "Dobrý podpis od \""
 msgstr[1] "Dobrý podpis od \""
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 msgid "keybox '%s' created\n"
 msgstr "súbor kľúčov (keyring) `%s' vytvorený\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "súbor kľúčov (keyring) `%s' vytvorený\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "chyba pri vytváraní `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-msgid "error opening key DB: %s\n"
-msgstr "chyba pri čítaní `%s': %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "zlyhalo obnovenie vyrovnávacej pamäti kľúčov: %s\n"
@@ -4310,7 +4195,7 @@ msgstr "[revokácia]"
 msgid "[self-signature]"
 msgstr "[podpis kľúča ním samým]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 #, fuzzy
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
@@ -4323,12 +4208,12 @@ msgstr ""
 "kontrolou fingerprintov z rôznych zdrojov...)?\n"
 "\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, fuzzy, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Dôverujem čiastočne\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, fuzzy, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Dôverujem úplne\n"
@@ -4355,12 +4240,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Užívateľské ID \"%s\" je revokované."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Ste si istý, že stále chcete podpísať tento kľúč? (a/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Nemožno podpísať.\n"
 
@@ -4563,210 +4448,214 @@ msgstr ""
 msgid "Really sign? (y/N) "
 msgstr "Skutočne podpísať? "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "podpisovanie zlyhalo: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "uložiť a ukončiť"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 #, fuzzy
 msgid "show key fingerprint"
 msgstr "vypísať fingerprint"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Podpisová notácia: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "vypísať zoznam kľúčov a id užívateľov"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "vyberte identifikátor užívateľa N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 #, fuzzy
 msgid "select subkey N"
 msgstr "vyberte identifikátor užívateľa N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 #, fuzzy
 msgid "check signatures"
 msgstr "revokovať podpisy"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 #, fuzzy
 msgid "sign selected user IDs locally"
 msgstr "podpísať kľúč lokálne"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 #, fuzzy
 msgid "sign selected user IDs with a trust signature"
 msgstr "Nápoveda: Vyberte id užívateľa na podpísanie\n"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "pridať identifikátor užívateľa"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "pridať fotografické ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 #, fuzzy
 msgid "delete selected user IDs"
 msgstr "zmazať identifikátor užívateľa"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 #, fuzzy
 msgid "add a subkey"
 msgstr "addkey"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr ""
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 #, fuzzy
 msgid "delete selected subkeys"
 msgstr "zmazať sekundárny kľúč"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "pridať revokačný kľúč"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 #, fuzzy
 msgid "delete signatures from the selected user IDs"
 msgstr "Skutočne aktualizovať predvoľby pre vybrané id užívateľa? "
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 #, fuzzy
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "Nemôžete zmeniť dobu platnosti kľúča verzie 3\n"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 #, fuzzy
 msgid "flag the selected user ID as primary"
 msgstr "označiť užívateľské ID ako primárne"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "vypísať zoznam predvolieb (pre expertov)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "vypísať zoznam predvolieb (podrobne)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 #, fuzzy
 msgid "set preference list for the selected user IDs"
 msgstr "Skutočne aktualizovať predvoľby pre vybrané id užívateľa? "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 #, fuzzy
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 #, fuzzy
 msgid "set a notation for the selected user IDs"
 msgstr "Skutočne aktualizovať predvoľby pre vybrané id užívateľa? "
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "zmeniť heslo"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "zmeniť dôveryhodnosť vlastníka kľúča"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 #, fuzzy
 msgid "revoke signatures on the selected user IDs"
 msgstr "Skutočne revokovať všetky vybrané id užívateľa? "
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 #, fuzzy
 msgid "revoke selected user IDs"
 msgstr "revokovať identifikátor užívateľa"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 #, fuzzy
 msgid "revoke key or selected subkeys"
 msgstr "revokovať sekundárny kľúč"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 #, fuzzy
 msgid "enable key"
 msgstr "nastaviť kľúč ako platný (enable)"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 #, fuzzy
 msgid "disable key"
 msgstr "nastaviť kľúč ako neplatný (disable)"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 #, fuzzy
 msgid "show selected photo IDs"
 msgstr "ukázať fotografické ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Tajný kľúč je dostupný.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Tajný kľúč je dostupný.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Na vykonanie tejto operácie je potrebný tajný kľúč.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4774,309 +4663,314 @@ msgid ""
 "  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
 msgstr ""
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Kľúč revokovaný."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Skutočne podpísať všetky id užívateľa? "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 #, fuzzy
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Skutočne podpísať všetky id užívateľa? "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Nápoveda: Vyberte id užívateľa na podpísanie\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "neznáma trieda podpisu"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Musíte vybrať aspoň jedno id užívateľa.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Nemôžete zmazať posledné id užívateľa!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 #, fuzzy
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Skutočne odstrániť všetky vybrané id užívateľa? "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 #, fuzzy
 msgid "Really remove this user ID? (y/N) "
 msgstr "Skutočne odstrániť toto id užívateľa? "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 #, fuzzy
 msgid "Really move the primary key? (y/N) "
 msgstr "Skutočne odstrániť toto id užívateľa? "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 #, fuzzy
 msgid "You must select exactly one key.\n"
 msgstr "Musíte vybrať aspoň jeden kľúč.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr ""
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "nemôžem otvoriť `%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Musíte vybrať aspoň jeden kľúč.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 #, fuzzy
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Skutočne chcete zmazať vybrané kľúče? "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 #, fuzzy
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Skutočne chcete zmazať tento kľúč? "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 #, fuzzy
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Skutočne revokovať všetky vybrané id užívateľa? "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 #, fuzzy
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Skutočne revokovať toto id užívateľa? "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 #, fuzzy
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Skutočne chcete revokovať tento kľúč? "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 #, fuzzy
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Skutočne chcete revokovať vybrané kľúče? "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 #, fuzzy
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Skutočne chcete revokovať tento kľúč? "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 #, fuzzy
 msgid "Set preference list to:\n"
 msgstr "nastaviť zoznam predvolieb"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 #, fuzzy
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "Skutočne aktualizovať predvoľby pre vybrané id užívateľa? "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 #, fuzzy
 msgid "Really update the preferences? (y/N) "
 msgstr "Skutočne aktualizovať predvoľby? "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 #, fuzzy
 msgid "Save changes? (y/N) "
 msgstr "Uložiť zmeny? "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 #, fuzzy
 msgid "Quit without saving? (y/N) "
 msgstr "Ukončiť bez uloženia? "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "kľúč nebol zmenený, takže nie je potrebné ho aktualizovať.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Nemôžete zmazať posledné id užívateľa!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "neplatná hodnota\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Takýto identifikátor užívateľa neexistuje.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 msgid "Nothing to sign.\n"
 msgstr "Nič na podpísanie kľúčom %08lX\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, fuzzy, c-format
 msgid "Not signed by you.\n"
 msgstr "   podpísané %08lX v %s%s\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "%s nie je platná znaková sada\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Digest: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Charakteristiky: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr ""
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr ""
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 #, fuzzy
 msgid "Notations: "
 msgstr "Notácie: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Užívateľské ID vo formáte PGP 2.x nemá žiadne predvoľby\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Tento kľúč môže byť revokovaný kľúčom %s "
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, fuzzy, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Tento kľúč môže byť revokovaný kľúčom %s "
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 #, fuzzy
 msgid "(sensitive)"
 msgstr "(citlivá informácia)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, fuzzy, c-format
 msgid "created: %s"
 msgstr "%s: nemôžem vytvoriť: %s\n"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, fuzzy, c-format
 msgid "revoked: %s"
 msgstr "[revokované]"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, fuzzy, c-format
 msgid "expired: %s"
 msgstr " [platnosť skončí: %s]"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, fuzzy, c-format
 msgid "expires: %s"
 msgstr " [platnosť skončí: %s]"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, fuzzy, c-format
 msgid "usage: %s"
 msgstr " dôvera: %c/%c"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr ""
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, fuzzy, c-format
 msgid "trust: %s"
 msgstr " dôvera: %c/%c"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr ""
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Tento kľúč bol označený za neplatný (disabled)"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5084,19 +4978,19 @@ msgstr ""
 "Prosím nezabúdajte, že zobrazované údaje o platnosti kľúčov nemusia\n"
 "byť správne, pokiaľ znovu nespustíte program.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 #, fuzzy
 msgid "revoked"
 msgstr "[revokované]"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 #, fuzzy
 msgid "expired"
 msgstr "expire"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5105,18 +4999,18 @@ msgstr ""
 "VAROVANIE: žiadne ID užívateľa nebolo označené ako primárne. Tento príkaz\n"
 "spôsobí, že iné ID užívateľa sa bude považovať primárne.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Nemôžete zmeniť dobu platnosti kľúča verzie 3\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5125,35 +5019,35 @@ msgstr ""
 "VAROVANIE: Toto je PGP2 kľúč. Pridanie fotografického ID môže v niektorých\n"
 "           verziách PGP viesť k odmietnutiu tohto kľúča.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Ste si istý, že ho chcete stále pridať? (a/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Nemali by ste pridávať fotografické ID k PGP2 kľúču.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Zmazať tento dobrý podpis? (a/N/u)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Zmazať tento neplatný podpis? (a/N/u)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Zmazať tento neznámy podpis? (a/N/u)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Skutočne zmazať tento podpis podpísaný sebou samým? (a/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5161,38 +5055,38 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Zmazaný %d podpis.\n"
 msgstr[1] "Zmazaný %d podpis.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Nič nebolo zmaznané.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 #, fuzzy
 msgid "invalid"
 msgstr "neplatný spôsob reprezentácie v ASCII"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, fuzzy, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Užívateľské ID \"%s\" je revokované."
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Užívateľské ID \"%s\" je revokované."
 msgstr[1] "Užívateľské ID \"%s\" je revokované."
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, fuzzy, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "užívateľské ID \"%s\" je už revokované\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, fuzzy, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "užívateľské ID \"%s\" je už revokované\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5201,303 +5095,308 @@ msgstr ""
 "VAROVANIE: Toto je PGP2 kľúč. Pridanie fotografického ID môže v niektorých\n"
 "           verziách PGP viesť k odmietnutiu tohoto kľúča.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Nemali by ste pridávať fotografické ID k PGP2 kľúču.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Vložte identifikátor užívateľa povereného revokáciou: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "kľúč vo formáte PGP 2.x nemožno poveriť revokáciou\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "kľúč nemožno poveriť revokáciou ním samým\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, fuzzy, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "VAROVANIE: Tento kľúč bol revokovaný jeho určeným revokátorom/!\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "VAROVANIE: označenie kľúča ako revokovací už nemôže byť zrušené!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 #, fuzzy
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "Ste si istý, že chcete označiť tento kľúč ako revokovací? (a/N): "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "Ste si istý, že chcete označiť tento kľúč ako revokovací? (a/N): "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 #, fuzzy
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Mením dobu platnosti sekundárneho kľúča.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Mením dobu platnosti primárneho kľúča.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Nemôžete zmeniť dobu platnosti kľúča verzie 3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 msgid "Changing usage of a subkey.\n"
 msgstr "Mením dobu platnosti sekundárneho kľúča.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Mením dobu platnosti primárneho kľúča.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, fuzzy, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "VAROVANIE: podpisovací podkľúč %08lX nie je krížovo certifikovaný\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Prosím, vyberte práve jedno id užívateľa.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, fuzzy, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "preskočený v3 podpis kľúča ním samým u užívateľského id \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr ""
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 #, fuzzy
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Ste si istý, že ho chcete použiť? (a/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 #, fuzzy
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Ste si istý, že ho chcete použiť? (a/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 #, fuzzy
 msgid "Enter the notation: "
 msgstr "Podpisová notácia: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 #, fuzzy
 msgid "Proceed? (y/N) "
 msgstr "Prepísať (a/N)? "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Neexistuje identifikátor užívateľa s indexom %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, fuzzy, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Neexistuje identifikátor užívateľa s indexom %d\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Neexistuje identifikátor užívateľa s indexom %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, fuzzy, c-format
 msgid "No subkey with index %d\n"
 msgstr "Neexistuje identifikátor užívateľa s indexom %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, fuzzy, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "id užívateľa: \""
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, fuzzy, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "   podpísané %08lX v %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (nexeportovateľné)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Platnosť podpisu vyprší %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Ste si istý, že ho chcete stále revokovať? (a/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Vytvoriť pre tento podpis revokačný certifikát? (a/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, fuzzy, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Podpísali ste nasledujúce identifikátory užívateľa:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 #, fuzzy
 msgid " (non-revocable)"
 msgstr " (nexeportovateľné)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, fuzzy, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "   revokované %08lX v %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Chystáte sa revokovať tieto podpisy:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Skutočne vytvoriť revokačné certifikáty? (a/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "neexistuje tajný kľúč\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "užívateľské ID \"%s\" je už revokované\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "VAROVANIE: podpis použivateľkého ID vznikol %d sekund v budúcnosti\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Nemôžete zmazať posledné id užívateľa!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, fuzzy, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "užívateľské ID \"%s\" je už revokované\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, fuzzy, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "užívateľské ID \"%s\" je už revokované\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, fuzzy, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Zobrazujem %s fotografické ID s veľkosťou %ld pre kľúč 0x%08lX (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "neplatný parameter pre import\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, fuzzy, c-format
 msgid "too many cipher preferences\n"
 msgstr "príliš veľa `%c' predvolieb\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, fuzzy, c-format
 msgid "too many digest preferences\n"
 msgstr "príliš veľa `%c' predvolieb\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, fuzzy, c-format
 msgid "too many compression preferences\n"
 msgstr "príliš veľa `%c' predvolieb\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+msgid "too many AEAD preferences\n"
+msgstr "príliš veľa `%c' predvolieb\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "neplatný znak v reťazci s predvoľbami\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "zapisujem podpis kľúča ním samým (direct signature)\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "zapisujem podpis kľúča sebou samým\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "zapisujem \"key-binding\" podpis\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "neplatná dĺžka kľúča; použijem %u bitov\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "dĺžka kľúča zaokrúhlená na %u bitov\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr ""
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 #, fuzzy
 msgid "Sign"
 msgstr "sign"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr ""
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 #, fuzzy
 msgid "Encrypt"
 msgstr "šifrovať dáta"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr ""
 
@@ -5511,169 +5410,179 @@ msgstr ""
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr ""
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr ""
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr ""
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr ""
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, fuzzy, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%d) ElGamal (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr ""
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) DSA a ElGamal (implicitný)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA a ElGamal (implicitný)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (len na podpis)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (len na podpis)\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, fuzzy, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, fuzzy, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, fuzzy, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA a ElGamal (implicitný)\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) RSA (pro šifrování a podpis)\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+#, fuzzy
+#| msgid " (default)"
+msgid " *default*"
+msgstr "dešifrovať dáta (implicitne)"
+
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (len na podpis)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Podpisová notácia: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "Neexistuje identifikátor užívateľa s indexom %d\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: chyba pri čítaní voľného záznamu: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "nastaviť kľúč ako neplatný (disable)"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "zaokrúhlené na %u bitov\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr ""
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Akú veľkosť kľúča si prajete? (1024) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Požadovaná dĺžka kľúča je %u bitov.\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Prosím, vyberte druh kľúča, ktorý chcete:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5689,7 +5598,7 @@ msgstr ""
 "      <n>m = doba platnosti kľúča skončí za n mesiacov\n"
 "      <n>y = doba platnosti kľúča skončí za n rokov\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5705,40 +5614,40 @@ msgstr ""
 "      <n>m = doba platnosti podpisu skončí za n mesiacov\n"
 "      <n>y = doba platnosti podpisu skončí za n rokov\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Kľúč je platný na? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, fuzzy, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Podpis je platný na? (0) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "neplatná hodnota\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 #, fuzzy
 msgid "Key does not expire at all\n"
 msgstr "platnosť %s neskončí\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 #, fuzzy
 msgid "Signature does not expire at all\n"
 msgstr "platnosť %s neskončí\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, fuzzy, c-format
 msgid "Key expires at %s\n"
 msgstr "platnosť %s skončí %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, fuzzy, c-format
 msgid "Signature expires at %s\n"
 msgstr "Platnosť podpisu vyprší %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5746,12 +5655,12 @@ msgstr ""
 "Váš systém nevie zobraziť dátumy po roku 2038.\n"
 "V každom prípade budú dátumy korektne spracovávané do roku 2106.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 #, fuzzy
 msgid "Is this correct? (y/N) "
 msgstr "Je to správne (a/n)? "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5762,7 +5671,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 #, fuzzy
 msgid ""
 "\n"
@@ -5779,50 +5688,50 @@ msgstr ""
 "    \"Jozko Mrkvicka (student) <jozko@mrkvicka.sk>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Meno a priezvisko: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Neplatný znak ve mene\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Meno nemôže začínať číslicou\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Meno musí byť dlhé aspoň 5 znakov\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-mailová adresa: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Neplatná e-mailová adresa\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Komentár: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Neplatný znak v komentári\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Používate znakovú sadu `%s'.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5833,7 +5742,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Do poľa meno alebo komentár nepíšte, prosím, e-mailovú adresu.\n"
 
@@ -5848,35 +5757,35 @@ msgstr "Do poľa meno alebo komentár nepíšte, prosím, e-mailovú adresu.\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "mMkKeEPpUu"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Zmeniť (M)eno, (K)omentár, (E)-mail alebo (U)končiť? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Zmeniť (M)eno, (K)omentár, (E)-mail alebo (P)okračovať/(U)končiť? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Zmeniť (M)eno, (K)omentár, (E)-mail alebo (U)končiť? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Zmeniť (M)eno, (K)omentár, (E)-mail alebo (P)okračovať/(U)končiť? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Najskôr, prosím, opravte chybu\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5888,13 +5797,13 @@ msgstr ""
 "používať disky); vďaka tomu má generátor lepšiu šancu získať dostatok "
 "entropie.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Vytvorenie kľúča sa nepodarilo: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5902,67 +5811,67 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "`%s' je už skomprimovaný\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 msgid "Create anyway? (y/N) "
 msgstr "Použiť napriek tomu tento kľúč? "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 msgid "creating anyway\n"
 msgstr "vytvoriť nový pár kľúčov"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Vytváranie kľúča bolo zrušené.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "nemôžem vytvoriť `%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "POZNÁMKA: platnosť tajného kľúča %08lX skončila %s\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "zapisujem verejný kľúč do `%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "nenájdený zapisovateľný súbor verejných kľúčov (pubring): %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "chyba pri zápise do súboru verejných kľúčov `%s': %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "verejný a tajný kľúč boli vytvorené a podpísané.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 #, fuzzy
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
@@ -5971,7 +5880,7 @@ msgstr ""
 "Tento kľúč nemôže byť použitý na šifrovanie. Pre vytvorenie\n"
 "sekundárneho kľúča na tento účel môžete použiť príkaz \"--edit-key\".\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5979,7 +5888,7 @@ msgstr ""
 "kľúč bol vytvorený %lu sekund v budúcnosti (došlo k zmene času alebo\n"
 "je problém so systémovým časom)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5987,52 +5896,52 @@ msgstr ""
 "kľúč bol vytvorený %lu sekund v budúcnosti (došlo k zmene času alebo\n"
 "je problém so systémovým časom)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "POZNÁMKA: vytvorenie podkľúča pre kľúče v3 nie je v súlade s OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Tajné časti primárneho kľúča nie sú dostupné.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, fuzzy, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Tajné časti primárneho kľúča nie sú dostupné.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 #, fuzzy
 msgid "Really create? (y/N) "
 msgstr "Skutočne vytvoriť? "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "nikdy     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kritická podpisová politika: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Podpisová politika: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr ""
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritická podpisová notácia: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Podpisová notácia: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6040,7 +5949,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d zlých podpisov\n"
 msgstr[1] "%d zlých podpisov\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6048,64 +5957,64 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 podpis neoverený, pretože vznikla chyba\n"
 msgstr[1] "1 podpis neoverený, pretože vznikla chyba\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "súbor kľúčov (keyring)"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primárny fingerprint kľúča:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     Fingerprint podkľúča:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " Primárny fingerprint kľúča:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      Fingerprint podkľúča:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 #, fuzzy
 msgid "      Key fingerprint ="
 msgstr "   Fingerprint kľúča ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr ""
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 msgid "caching keyring '%s'\n"
 msgstr "kontrolujem súbor kľúčov (keyring) `%s'\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu kľúčov skontrolovaných (%lu podpisov)\n"
 msgstr[1] "%lu kľúčov skontrolovaných (%lu podpisov)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6113,515 +6022,518 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 zlý podpis\n"
 msgstr[1] "1 zlý podpis\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: súbor kľúčov (keyring) vytvorený\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr ""
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr ""
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 #, fuzzy
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "zadané URL pre podpisovú politiku je neplatné\n"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 #, fuzzy
 msgid "disabled"
 msgstr "disable"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr ""
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, fuzzy, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "neplatný parameter pre export\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr ""
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "požadujem kľúč %08lX z %s\n"
 msgstr[1] "požadujem kľúč %08lX z %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, fuzzy, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "VAROVANIE: nemôžem vymazať dočasný súbor (%s) `%s': %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, fuzzy, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, fuzzy, c-format
 msgid "key not found on keyserver\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "požadujem kľúč %08lX z %s\n"
+
+#: g10/keyserver.c:1724
 #, fuzzy, c-format
 msgid "requesting key %s from %s\n"
 msgstr "požadujem kľúč %08lX z %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 msgid "no keyserver known\n"
 msgstr "neplatný parameter pre export\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, fuzzy, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "preskočený `%s': %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, fuzzy, c-format
 msgid "sending key %s to %s\n"
 msgstr ""
 "\"\n"
 "podpísané Vaším kľúčom %08lX v %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 msgid "requesting key from '%s'\n"
 msgstr "požadujem kľúč %08lX z %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, fuzzy, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "VAROVANIE: nemôžem vymazať dočasný súbor (%s) `%s': %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "zvláštna veľkosť šifrovacieho kľúča pre sedenie (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s kľúč šifrovaného sedenia\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "zašifrované neznámym algoritmom %d\n"
+
+#: g10/mainproc.c:391
 #, fuzzy, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "zašifrované neznámym algoritmom %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, fuzzy, c-format
 msgid "public key is %s\n"
 msgstr "verejný kľúč je %08lX\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "dáta zašifrované verejným kľúčom: správny DEK\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, fuzzy, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "zašifrované %u-bitovým %s kľúčom, ID %08lX, vytvoreným %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, fuzzy, c-format
 msgid "      \"%s\"\n"
 msgstr "                alias \""
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
 # [kw]
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, fuzzy, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "zašifrovaná %s kľúčom, ID %08lX\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "dešifrovanie verejným kľúčom zlyhalo: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr ""
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "zašifrované s %lu heslami\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "zašifrované jedným heslom\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "dešifrovanie verejným kľúčom zlyhalo: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "dáta zašifrované verejným kľúčom: správny DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "predpokladám %s šifrovaných dát\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "algoritmus IDEA nie je dostupný; optimisticky sa ho pokúsime nahradiť "
 "algoritmom %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "VAROVANIE: správa nemá ochranu integrity\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "dešifrovanie zlyhalo: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "dešifrovanie o.k.\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "VAROVANIE: so zašifrovanou správou bolo manipulované!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "dešifrovanie zlyhalo: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "POZNÁMKA: odosielateľ požadoval (\"for-your-eyes-only\")\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "pôvodné meno súboru='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "samostatný revokačný certifikát -  použite \"gpg --import\", ak ho chcete "
 "využiť\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, fuzzy, c-format
 msgid "no signature found\n"
 msgstr "Dobrý podpis od \""
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, fuzzy, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ZLÝ podpis od \""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, fuzzy, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Podpis s vypršanou platnosťou od \""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, fuzzy, c-format
 msgid "Good signature from \"%s\""
 msgstr "Dobrý podpis od \""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "verifikácia podpisu potlačená\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, fuzzy, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "neviem pracovať s týmito násobnými podpismi\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, fuzzy, c-format
 msgid "Signature made %s\n"
 msgstr "Platnosť podpisu vypršala %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, fuzzy, c-format
 msgid "               using %s key %s\n"
 msgstr "                alias \""
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, fuzzy, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Podpis vytvorený %.*s pomocou %s kľúča ID %08lX\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "                alias \""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Kľúč k dispozícii na: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[neistý]  "
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, fuzzy, c-format
 msgid "                aka \"%s\""
 msgstr "                alias \""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "VAROVANIE: Tento kľúč nie certifikovaný dôveryhodným podpisom!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Platnosť podpisu vypršala %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Platnosť podpisu vyprší %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binárne"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "textový mód"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "neznáme"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "unknown pubkey algorithm"
 msgid ", key algorithm "
 msgstr "neznámy algoritmus verejného kľúča"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Nemôžem overiť podpis: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "toto nie je podpis oddelený od dokumentu\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "VAROVANIE: Nájdené viacnásobne podpisy. Skontrolovaný bude len prvý.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "samostatný podpis triedy 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "podpis starého typu (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "nemožno otvoriť súbor: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, fuzzy, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, fuzzy, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "nemôžem pracovať s algoritmom verejného kľúča %d\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, fuzzy, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "vyžiadaný hashovací algoritmus %s (%d) nevyhovuje predvoľbám príjemcu\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, fuzzy, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "šifrovací algoritmus nie je implementovaný"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, fuzzy, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, fuzzy, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr ""
 "vyžiadaný hashovací algoritmus %s (%d) nevyhovuje predvoľbám príjemcu\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 msgid "(reported error: %s)\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: použitie parametra \"%s\" sa neodporúča\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "použite namiesto neho \"%s%s\" \n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, fuzzy, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Nekomprimované"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 #, fuzzy
 msgid "uncompressed|none"
 msgstr "Nekomprimované"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "táto správa nemusí použiteľná s %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "čítam možnosti z `%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 msgid "unknown option '%s'\n"
 msgstr "neznámy implicitný adresát `%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "neznáma trieda podpisu"
@@ -6646,94 +6558,84 @@ msgstr "%s: neznáma prípona\n"
 msgid "Enter new filename"
 msgstr "Vložte nový názov súboru"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "zapisujem na štandardný výstup (stdout)\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "predpokladám podpísané dáta v `%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "nemôžem pracovať s algoritmom verejného kľúča %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "VAROVANIE: pravdepodobne nebezpečný symetricky šifrovaný kľúč sedenia\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritická podpisová notácia: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "podpaket typu %d má nastavený kritický bit\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, fuzzy, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problém s agentom: agent vracia 0x%lx\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-msgid "Please enter the passphrase for decryption."
-msgstr "zmeniť heslo"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Vložiť heslo\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "zrušené užívateľom\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, fuzzy, c-format
 msgid " (main key ID %s)"
 msgstr " (hlavné ID kľúča %08lX)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Prosím, vložte heslo; toto je tajná veta \n"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Skutočne chcete zmazať vybrané kľúče? "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Skutočne chcete zmazať vybrané kľúče? "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 msgid ""
 "%s\n"
@@ -6743,7 +6645,7 @@ msgid ""
 "%s"
 msgstr "dĺžka %u bitov, typ %s, ID %08lX, vytvorený %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6758,35 +6660,81 @@ msgstr ""
 "Ak použijete veľmi veľký obrázok, kľúč bude tiež veľký! Odporúčaná veľkosť\n"
 "obrázka je okolo 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Meno súbor s fotografiou vo formáte JPEG: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "nemožno otvoriť súbor: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr ""
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 #, fuzzy
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Ste si istý, že ho chcete použiť? (a/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" nie je súbor JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Je táto fotografia správna (a/N/u)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "žiadne vzialené vykonávanie programu nie je podporované\n"
+
+#: g10/photoid.c:486
+#, fuzzy, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"táto platforma potrebuje dočasné súbory na spustenie externého programu\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "nemožno spustiť %s \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "nekorektné ukončenie externého programu\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systémová chyba pri volaní externého programu: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "VAROVANIE: nemôžem vymazať dočasný súbor (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "VAROVANIE: nemôžem vymazať dočasný adresár `%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"volanie externého programu zrušené kvôli nebezpečným právam súboru "
+"nastavení\n"
+
+#: g10/photoid.c:715
 #, fuzzy, c-format
 msgid "unable to display photo ID!\n"
 msgstr "nemožno nastaviť exec-path na %s\n"
@@ -6801,106 +6749,106 @@ msgstr "nemožno nastaviť exec-path na %s\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMuUsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 #, fuzzy
 msgid "No trust value assigned to:\n"
 msgstr ""
 "Nie je priradená žiadna hodnota dôvery k:\n"
 "%4u%c/%08lX %s \""
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, fuzzy, c-format
 msgid "  aka \"%s\"\n"
 msgstr "                alias \""
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 #, fuzzy
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "Tento kľúč pravdepodobne patrí jeho majiteľovi\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, fuzzy, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = Neviem\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, fuzzy, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = Nedôverujem\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, fuzzy, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Dôverujem absolútne\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 #, fuzzy
 msgid "  m = back to the main menu\n"
 msgstr " m = späť do hlavného menu\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 #, fuzzy
 msgid "  s = skip this key\n"
 msgstr " s = preskočiť tento kľúč\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 #, fuzzy
 msgid "  q = quit\n"
 msgstr " u = ukončiť\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
 "\n"
 msgstr ""
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Vaše rozhodnutie? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 #, fuzzy
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Skutočne chcete nastaviť pre tento kľúč absolútnu dôveru? "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certifikáty vedúce k finálnemu dôveryhodnému kľúču:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, fuzzy, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Nič nenaznačuje tomu, že tento podpis patrí vlastníkovi kľúča.\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, fuzzy, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%08lX: Nič nenaznačuje tomu, že tento podpis patrí vlastníkovi kľúča.\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, fuzzy, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Tento kľúč pravdepodobne patrí jeho majiteľovi\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Tento kľúč patrí nám (máme zodpovedajúci tajný kľúč)\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr ""
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
@@ -6912,7 +6860,7 @@ msgstr ""
 "odpovedať áno\n"
 "\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 #, fuzzy
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -6924,94 +6872,111 @@ msgstr ""
 "odpovedať áno\n"
 "\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 #, fuzzy
 msgid "Use this key anyway? (y/N) "
 msgstr "Použiť napriek tomu tento kľúč? "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "VAROVANIE: Je použitý nedôveryhodný kľúč!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "VAROVANIE: kľúč môže byť revokovaný (revokačný kľúč neexistuje)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "id užívateľa: \""
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "kľúč %08lX: nezodpovedá našej kópii\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "VAROVANIE: Tento kľúč bol revokovaný jeho určeným revokátorom/!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "VAROVANIE: Tento kľúč bol revokovaný jeho vlastníkom!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, fuzzy, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         To môže znamenať, že podpis je falošný.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "VAROVANIE: Tento podkľúč bol revokovaný jeho vlastníkom!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Poznámka: Tento kľúč bol označený ako neplatný (disabled).\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr ""
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr ""
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Poznámka: Skončila platnosť tohto kľúča!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "VAROVANIE: Tento kľúč nie certifikovaný dôveryhodným podpisom!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "VAROVANIE: Tento kľúč nie certifikovaný dôveryhodným podpisom!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Nič nenaznačuje tomu, že tento podpis patrí vlastníkovi kľúča.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "VAROVANIE: NEdôverujeme tomuto kľúču!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Tento podpis je pravdepodobne FALOŠNÝ.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"VAROVANIE: Tento kľúč nie je certifikovaný dostatočne dôveryhodnými "
+"podpismi!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7019,52 +6984,52 @@ msgstr ""
 "VAROVANIE: Tento kľúč nie je certifikovaný dostatočne dôveryhodnými "
 "podpismi!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Nie je isté, že tento podpis patrí vlastníkovi.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: preskočené: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: preskočené: verejný kľúč je neplatný (disabled)\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: preskočené: verejný kľúč je už obsiahnutý v databáze\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "nemôžem sa pripojiť k `%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr ""
 "Nešpecifikovali ste identifikátor užívateľa (user ID). Môžete použiť \"-r\"\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr ""
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7072,40 +7037,40 @@ msgstr ""
 "\n"
 "Napíšte identifikátor užívateľa (user ID). Ukončite prázdnym riadkom: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Takýto identifikátor užívateľa neexistuje.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "preskočené: verejný kľúč je už nastavený podľa implicitného adresáta\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Verejný kľúč je neplatný (disabled).\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "preskočené: verejný kľúč je už nastavený\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, fuzzy, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "neznámy implicitný adresát `%s'\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "žiadne platné adresy\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, fuzzy, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, fuzzy, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
@@ -7115,78 +7080,83 @@ msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "dáta neboli uložené; na ich uloženie použite prepínač \"--output\"\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Podpis oddelený od dokumentu.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Prosím, vložte názov dátového súboru: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "čítam štandardný vstup (stdin) ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "chýbajú podpísané dáta\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "nemôžem otvoriť podpísané dáta '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, fuzzy, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "nemôžem otvoriť podpísané dáta '%s'\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, fuzzy, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonymný adresát; skúšam tajný kľúč %08lX ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "kľúč %08lX: chyba identifikátor užívateľa\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "o.k., my sme anonymný adresát.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "staré kódovanie DEK nie je podporováné\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "šifrovací algoritmus %d%s je neznamý alebo je zakázaný\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, fuzzy, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "POZNÁMKA: v predvoľbách nenájdený šifrovací algoritmus %d\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "POZNÁMKA: platnosť tajného kľúča %08lX skončila %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "POZNÁMKA: kľúč bol revokovaný"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet zlyhala: %s\n"
@@ -7204,48 +7174,48 @@ msgstr "Bude revokovaný:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Toto je citlivý revokačný kľúč)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Tajný kľúč je dostupný.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 #, fuzzy
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Vytvoriť pre tento podpis revokačný certifikát? "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Vynútený ASCII textový výstup.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet zlyhala: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, fuzzy, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "žiadne revokačné kľúče pre `%s' nenájdené\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Vytvoriť pre tento podpis revokačný certifikát? "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7254,20 +7224,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "tajný kľúč `%s' nebol nájdený: %s\n"
@@ -7280,18 +7250,18 @@ msgstr "tajný kľúč `%s' nebol nájdený: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 #, fuzzy
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Vytvoriť pre tento podpis revokačný certifikát? "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7309,38 +7279,38 @@ msgstr ""
 "Ale hrozí nebezpečenstvo: Tlačový systém Vášho počítača môže ukladať dáta a\n"
 "sprístupniť ich iným!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Prosím výberte dôvod na revokáciu:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Zrušiť"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Pravdepodobne ste chceli vybrať %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Ak chcete, napíšte popis; ukončite prázdnym riadkom:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Dôvod na revokáciu: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Žiadny popis)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 #, fuzzy
 msgid "Is this okay? (y/N) "
 msgstr "Je to v poriadku? "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "vytvorený slabý kľúč - skúšam znovu\n"
@@ -7352,17 +7322,22 @@ msgstr ""
 "nemôžem sa vyvarovať slabého kľúča pre symetrickú šifru; operáciu som skúsil "
 "%d krát!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr ""
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VAROVANIE: konflikt hashu podpisu v správe\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
@@ -7370,47 +7345,37 @@ msgstr ""
 "použitie %s nie je v móde %s dovolené\n"
 "\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "VAROVANIE: konflikt hashu podpisu v správe\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "VAROVANIE: podpisovací podkľúč %08lX nie je krížovo certifikovaný\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, fuzzy, c-format
 msgid "please see %s for more information\n"
 msgstr " i = prosím o viac informácíi\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, fuzzy, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "VAROVANIE: podpisovací podkľúč %08lX má neplatnú krížovú certifikáciu\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "verejný kľúč %08lX je o %lu sekund novší než podpis\n"
 msgstr[1] "verejný kľúč %08lX je o %lu sekund novší než podpis\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "verejný kľúč %08lX je o %lu sekund novší než podpis\n"
 msgstr[1] "verejný kľúč %08lX je o %lu sekund novší než podpis\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7423,7 +7388,7 @@ msgstr[1] ""
 "kľúč bol vytvorený %lu sekund v budúcnosti (došlo k zmene času alebo\n"
 "je problém so systémovým časom)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7435,53 +7400,53 @@ msgstr[1] ""
 "kľúč bol vytvorený %lu sekund v budúcnosti (došlo k zmene času alebo\n"
 "je problém so systémovým časom)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "POZNÁMKA: podpisovému kľúču %08lX skončila platnosť %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "POZNÁMKA: kľúč bol revokovaný"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "samostatný podpis triedy 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "samostatný podpis triedy 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, fuzzy, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "predpokladám neplatný podpis kľúčom %08lX, pretože je nastavený neznámy "
 "kritický bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "kľúč %08lX: neexistuje podkľúč pre revokáciu kľúča\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, fuzzy, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "kľúč %08lX: neexistuje podkľúč pre viazanie podkľúčov\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "VAROVANIE: nemožno %%-expandovať notácie (príliš dlhé). Použité "
 "neexpandované.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7489,7 +7454,7 @@ msgstr ""
 "VAROVANIE: nemôžem %%-expandovať URL politiky (príliš dlhé). Použité "
 "neexpandované.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, fuzzy, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7498,53 +7463,54 @@ msgstr ""
 "VAROVANIE: nemôžem %%-expandovať URL politiky (príliš dlhé). Použité "
 "neexpandované.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, fuzzy, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s podpis od: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, fuzzy, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr ""
 "vyžiadaný hashovací algoritmus %s (%d) nevyhovuje predvoľbám príjemcu\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "podpisujem:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "bude použité šifrovanie %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "kľúč nie je označený ako nedostatočne bezpečný - nemôžem ho použiť s "
 "falošným RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, fuzzy, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "preskočený `%s': duplikovaný\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "preskočené: tajný kľúč je už v databáze\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 #, fuzzy
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "preskočený `%s': toto je vygenerovaný PGP kľúč podľa algoritmu ElGamal,\n"
 "podpisy vytvorené týmto kľúčom nie sú bezpečné!\n"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "záznam dôvery %lu, typ %d: zápis zlyhal: %s\n"
@@ -7558,48 +7524,48 @@ msgstr ""
 "# Zoznam pridelených hodnôt dôveryhodnosti, vytvorený %s\n"
 "# (Použite \"gpg --import-ownertrust\" na obnovenie)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 msgid "error in '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 #, fuzzy
 msgid "line too long"
 msgstr "riadok je príliš dlhý\n"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ""
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 #, fuzzy
 msgid "invalid fingerprint"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 #, fuzzy
 msgid "ownertrust value missing"
 msgstr ""
 "importovať hodnoty dôveryhodnosti\n"
 " vlastníka kľúča"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "chyba pri hľadaní záznamu dôvery: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 msgid "read error in '%s': %s\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "databáza dôvery: synchronizácia zlyhala %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "nemôžem vytvoriť `%s': %s\n"
@@ -7609,12 +7575,12 @@ msgstr "nemôžem vytvoriť `%s': %s\n"
 msgid "can't lock '%s'\n"
 msgstr "nemožno otvoriť `%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "záznam v databáze dôvery %lu: lseek() sa nepodaril: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "záznam v databáze dôvery %lu: zápis sa nepodaril (n=%d): %s\n"
@@ -7629,7 +7595,7 @@ msgstr "transakcia s databázou dôvery je príliš dlhá\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: adresár neexistuje!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 msgid "can't access '%s': %s\n"
 msgstr "nemôžem zavrieť `%s': %s\n"
@@ -7671,7 +7637,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: chyba pri aktualizácii záznamu verzie: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: chyba pri čítaní záznamu verzie: %s\n"
@@ -7681,52 +7647,52 @@ msgstr "%s: chyba pri čítaní záznamu verzie: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: chyba pri zápise záznamu verzie: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "databáze dôvery: procedúra lseek() zlyhala: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: nie je súbor databázy dôvery\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: záznam verzie s číslom %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: neplatná verzia súboru %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: chyba pri čítaní voľného záznamu: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: vynulovanie záznamu zlyhalo: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: pridanie záznamu zlyhalo: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: databáza dôvery vytvorená\n"
@@ -7768,10 +7734,10 @@ msgstr ""
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
@@ -7793,7 +7759,7 @@ msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
@@ -7965,111 +7931,111 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Zmazaných %d podpisov.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "zašifrované s %lu heslami\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "Policy: "
 msgid "(policy: %s)"
 msgstr "Politika: "
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8086,117 +8052,117 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' nie je platné dlhé keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, fuzzy, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "kľúč %08lX: akceptovaný ako dôveryhodný kľúč\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, fuzzy, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "kľúč %08lX sa v databáze dôvery vyskytuje viac ako raz\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, fuzzy, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr ""
 "kľúč %08lX: nenájdený verejný kľúč k dôveryhodnému kľúču - preskočené\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, fuzzy, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "kľúč označený ako absolútne dôveryhodný.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "záznam dôvery %lu, typ pož. %d: čítanie zlyhalo: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "záznam dôvery %lu nie je požadovaného typu %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr ""
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "nie je nutné kontrolovať databázu dôvery\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "dalšia kontrola databázy dôvery %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "nie je nutné kontrolovať databázu dôvery\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "nie je nutné kontrolovať databázu dôvery\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, fuzzy, c-format
 msgid "public key %s not found: %s\n"
 msgstr "verejný kľúč %08lX nebol nájdený: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "prosím vykonajte --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrolujem databázu dôvery\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "%lu kľúče boli doteraz spracované\n"
 msgstr[1] "%lu kľúče boli doteraz spracované\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8204,45 +8170,45 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d kľúčov spracovaných (%d počtov platnosti vymazaných)\n"
 msgstr[1] "%d kľúčov spracovaných (%d počtov platnosti vymazaných)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "neboli nájdené žiadne absolútne dôveryhodné kľúče\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, fuzzy, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "verejný kľúč k absolútne dôveryhodnému kľúču  %08lX nebol nájdený\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, fuzzy, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "záznam dôvery %lu, typ %d: zápis zlyhal: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 msgid "never"
 msgstr "nikdy     "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8254,43 +8220,43 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 msgid "[ revoked]"
 msgstr "[revokované]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 msgid "[ expired]"
 msgstr "[expirované]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 msgid "[ unknown]"
 msgstr "neznáme"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 msgid "[  never ]"
 msgstr "nikdy     "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8315,20 +8281,31 @@ msgstr "vstupný riadok %u je príliš dlhý alebo na konci chýba znak LF\n"
 msgid "can't open fd %d: %s\n"
 msgstr "nemôžem otvoriť `%s': %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "VAROVANIE: správa nemá ochranu integrity\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "čítam možnosti z `%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr ""
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr ""
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 #, fuzzy
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
@@ -8338,129 +8315,225 @@ msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+msgid "|N|Please enter the new Global-PIN"
+msgstr "zmeniť heslo"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+msgid "|N|Please enter the new PIN"
+msgstr "zmeniť heslo"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+msgid "||Please enter the PIN of your PIV card"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "zmeniť heslo"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr ""
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, fuzzy, c-format
+msgid "key already exists\n"
+msgstr "`%s' je už skomprimovaný\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, fuzzy, c-format
+msgid "generating new key\n"
+msgstr "vytvoriť nový pár kľúčov"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "vytvoriť nový pár kľúčov"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nemôžem inicializovať databázu dôvery: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "remove keys from the public keyring"
+msgid "response does not contain the EC public key\n"
+msgstr "odstrániť kľúč zo súboru verejných kľúčov"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, fuzzy, c-format
+msgid "generating key failed\n"
+msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "Vytvorenie kľúča sa nepodarilo: %s\n"
+msgstr[1] "Vytvorenie kľúča sa nepodarilo: %s\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "zmeniť heslo"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Prosím výberte dôvod na revokáciu:\n"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "zmeniť heslo"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr ""
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "Note: This key has been disabled.\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "Poznámka: Tento kľúč bol označený ako neplatný (disabled).\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr ""
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "zmeniť heslo"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "Prosím výberte dôvod na revokáciu:\n"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, fuzzy, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, fuzzy, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, fuzzy, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "zlyhalo obnovenie vyrovnávacej pamäti kľúčov: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr ""
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "remove keys from the public keyring"
-msgid "response does not contain the EC public key\n"
-msgstr "odstrániť kľúč zo súboru verejných kľúčov"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr ""
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, fuzzy, c-format
 msgid "reading public key failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
@@ -8468,43 +8541,43 @@ msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 msgid "||Please unlock the card"
 msgstr "zmeniť heslo"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, fuzzy, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "nepodarilo poslať kľúč na server: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8512,22 +8585,22 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr ""
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 #, fuzzy
 msgid "||Please enter the PIN"
 msgstr "zmeniť heslo"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 #, fuzzy
 msgid "||Please enter the Reset Code for the card"
 msgstr "Prosím výberte dôvod na revokáciu:\n"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr ""
@@ -8535,123 +8608,81 @@ msgstr ""
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr ""
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "zmeniť heslo"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 msgid "||Please enter the PIN and New PIN"
 msgstr "zmeniť heslo"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, fuzzy, c-format
 msgid "error reading application data\n"
 msgstr "chyba pri čítaní bloku kľúča: %s\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, fuzzy, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "%s: chyba pri čítaní voľného záznamu: %s\n"
 
-#: scd/app-openpgp.c:3066
-#, fuzzy, c-format
-msgid "key already exists\n"
-msgstr "`%s' je už skomprimovaný\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr ""
-
-#: scd/app-openpgp.c:3072
-#, fuzzy, c-format
-msgid "generating new key\n"
-msgstr "vytvoriť nový pár kľúčov"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "vytvoriť nový pár kľúčov"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, fuzzy, c-format
-msgid "failed to store the key: %s\n"
-msgstr "nemôžem inicializovať databázu dôvery: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported URI"
 msgid "unsupported curve\n"
 msgstr "toto URI nie je podporované"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr ""
-
-#: scd/app-openpgp.c:4271
-#, fuzzy, c-format
-msgid "generating key failed\n"
-msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "Vytvorenie kľúča sa nepodarilo: %s\n"
-msgstr[1] "Vytvorenie kľúča sa nepodarilo: %s\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr ""
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, fuzzy, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "%s podpis, hashovací algoritmus %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr ""
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, fuzzy, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "nenájdené žiadne platné dáta vo formáte OpenPGP.\n"
@@ -8664,101 +8695,99 @@ msgstr "zmeniť heslo"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr ""
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr ""
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr ""
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 #, fuzzy
 msgid "|FILE|write a log to FILE"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr ""
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 #, fuzzy
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|MENO|použiť MENO ako implicitného adresáta"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 #, fuzzy
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|MENO|použiť MENO ako implicitného adresáta"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 #, fuzzy
 msgid "do not use the internal CCID driver"
 msgstr "vôbec nepoužívať terminál"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr ""
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr ""
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "konfliktné príkazy\n"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
 msgstr ""
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr ""
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr ""
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, fuzzy, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr ""
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr ""
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 #, fuzzy
 msgid "shell"
 msgstr "help"
@@ -8792,7 +8821,7 @@ msgstr "zapisujem tajný kľúč do `%s'\n"
 msgid "certificate policy not allowed"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, fuzzy, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
@@ -8807,7 +8836,7 @@ msgstr ""
 msgid "number of issuers matching: %d\n"
 msgstr ""
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "%s: can't access: %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -8828,240 +8857,240 @@ msgstr "chyba pri vytváraní hesla: %s\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, fuzzy, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 #, fuzzy
 msgid "certificate has been revoked"
 msgstr "POZNÁMKA: kľúč bol revokovaný"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr ""
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr ""
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, fuzzy, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 #, fuzzy
 msgid "root certificate not yet valid"
 msgstr "zapisujem tajný kľúč do `%s'\n"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr ""
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, fuzzy, c-format
 msgid "certificate has expired"
 msgstr "Platnosť kľúča vypršala!"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 #, fuzzy
 msgid "root certificate has expired"
 msgstr "Platnosť kľúča vypršala!"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 #, fuzzy
 msgid "intermediate certificate has expired"
 msgstr "Platnosť kľúča vypršala!"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr ""
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 #, fuzzy
 msgid "certificate with invalid validity"
 msgstr "Platnosť kľúča vypršala!"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr ""
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr ""
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, fuzzy, c-format
 msgid "  (  signature created at "
 msgstr "               nové podpisy: %lu\n"
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, fuzzy, c-format
 msgid "  (certificate created at "
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, fuzzy, c-format
 msgid "  (certificate valid from "
 msgstr "nesprávny certifikát"
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr ""
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, fuzzy, c-format
 msgid "fingerprint=%s\n"
 msgstr "vypísať fingerprint"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr ""
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr ""
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr ""
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 #, fuzzy
 msgid "no issuer found in certificate"
 msgstr "vytvoriť revokačný certifikát"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr ""
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, fuzzy, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr ""
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, fuzzy, c-format
 msgid "certificate has a BAD signature"
 msgstr "verifikovať podpis"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, fuzzy, c-format
 msgid "certificate is good\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, fuzzy, c-format
 msgid "intermediate certificate is good\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, fuzzy, c-format
 msgid "root certificate is good\n"
 msgstr "nesprávny certifikát"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr ""
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr ""
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, fuzzy, c-format
 msgid "out of core\n"
 msgstr "nespracované"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr ""
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 #, fuzzy
 msgid "none"
 msgstr "nie"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 #, fuzzy
 msgid "[Error - invalid encoding]"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr ""
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr ""
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 #, fuzzy
 msgid "[Error - invalid DN]"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, fuzzy, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9074,177 +9103,187 @@ msgstr ""
 "\"%.*s\"\n"
 "kľúč s dĺžkou %u bitov, typ %s, ID %08lX, vytvorený %s%s\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr ""
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr ""
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr ""
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+msgid "looking for another certificate\n"
+msgstr "nesprávny certifikát"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, fuzzy, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr ""
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, fuzzy, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "Neplatná e-mailová adresa\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr ""
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr ""
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 msgid "line %d: invalid date given\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "kľúč %08lX: neplatná väzba podkľúča\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "chyba pri vytváraní súboru kľúčov (keyring)`%s': %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, fuzzy, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "Vytvorenie kľúča sa nepodarilo: %s\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, fuzzy, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, fuzzy, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) RSA (pro šifrování a podpis)\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, fuzzy, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) DSA (len na podpis)\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, fuzzy, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) RSA (len na Å¡ifrovanie)\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr ""
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 #, fuzzy
 msgid "No subject name given\n"
 msgstr "(Žiadny popis)\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
@@ -9254,265 +9293,261 @@ msgstr "neplatný hashovací algoritmus `%s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "neplatný hashovací algoritmus `%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr ""
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 #, fuzzy
 msgid "Enter email addresses"
 msgstr "E-mailová adresa: "
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 #, fuzzy
 msgid " (end with an empty line):\n"
 msgstr ""
 "\n"
 "Napíšte identifikátor užívateľa (user ID). Ukončite prázdnym riadkom: "
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 #, fuzzy
 msgid "Enter DNS names"
 msgstr "Vložte nový názov súboru"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 #, fuzzy
 msgid " (optional; end with an empty line):\n"
 msgstr "Ak chcete, napíšte popis; ukončite prázdnym riadkom:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr ""
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Vytvoriť pre tento podpis revokačný certifikát? "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, fuzzy, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "chyba pri vytváraní hesla: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr ""
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Revocation certificate created.\n"
 msgid "Now creating certificate request.  "
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr ""
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s zašifrované dáta\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr ""
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr ""
 
 # Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
 # [kw]
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "zašifrovaná %s kľúčom, ID %08lX\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, fuzzy, c-format
 msgid "error locking keybox: %s\n"
 msgstr "chyba pri čítaní bloku kľúča: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, fuzzy, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, fuzzy, c-format
 msgid "no valid recipients given\n"
 msgstr "(Žiadny popis)\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 #, fuzzy
 msgid "list external keys"
 msgstr "vypísať zoznam tajných kľúčov"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 #, fuzzy
 msgid "list certificate chain"
 msgstr "nesprávny certifikát"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 #, fuzzy
 msgid "import certificates"
 msgstr "nesprávny certifikát"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 #, fuzzy
 msgid "export certificates"
 msgstr "nesprávny certifikát"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr ""
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr ""
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr ""
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "vôbec nepoužívať terminál"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr ""
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr ""
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr ""
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr ""
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr ""
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 #, fuzzy
 msgid "create base-64 encoded output"
 msgstr "vytvor výstup zakódovaný pomocou ASCII"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 #, fuzzy
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|MENO|použi MENO ako implicitný tajný kľúč"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 #, fuzzy
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr ""
 "pridať tento súbor kľúčov do zoznamu\n"
 " používaných súborov kľúčov"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+"|POČÍTAČ|použi tento server kľúčov na vyhľadávanie\n"
+" kľúčov"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr ""
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 #, fuzzy
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|ALG|použiť šifrovací algoritmus ALG pre heslá"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr ""
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr ""
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr ""
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr ""
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|ALG|použiť šifrovací algoritmus ALG"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|ALG|použiť hashovací algoritmus ALG"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "dávkový režim: nikdy sa na nič nepýtať"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "automaticky odpovedať áno na väčšinu otázok"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "automaticky odpovedať NIE na väčšinu otázok"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 #, fuzzy
 msgid "|FILE|write an audit log to FILE"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
@@ -9523,87 +9558,122 @@ msgstr ""
 "podpísať, overiť, šifrovať alebo dešifrovať\n"
 "implicitné operácie závisia od vstupných dát\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "nemôžem sa pripojiť k `%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "neznámy implicitný adresát `%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Žiadny popis)\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = preskočiť tento kľúč\n"
+
+#: sm/gpgsm.c:1545
+#, fuzzy, c-format
+msgid "could not parse keyserver\n"
+msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "zapisujem do '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "nemôžem zavrieť `%s': %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr ""
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, fuzzy, c-format
 msgid "total number processed: %lu\n"
 msgstr "Celkovo spracovaných kľúčov: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, fuzzy, c-format
 msgid "error storing certificate\n"
 msgstr "vytvoriť revokačný certifikát"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr ""
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, fuzzy, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, fuzzy, c-format
 msgid "error importing certificate: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, fuzzy, c-format
 msgid "error reading input: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+msgid "error opening key DB: %s\n"
+msgstr "chyba pri čítaní `%s': %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr ""
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, fuzzy, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, fuzzy, c-format
 msgid "error storing certificate: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, fuzzy, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "rev? problém overenia revokácie: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, fuzzy, c-format
 msgid "error storing flags: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr ""
 
@@ -9612,17 +9682,17 @@ msgstr ""
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9633,14 +9703,14 @@ msgid ""
 "%s%sAre you really sure that you want to do this?"
 msgstr ""
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr ""
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9648,53 +9718,59 @@ msgid ""
 "Note, that this certificate will NOT create a qualified signature!"
 msgstr ""
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, fuzzy, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "ochranný algoritmus %d%s nie je podporováný\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr ""
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, fuzzy, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 
-#: sm/verify.c:463
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+#: sm/sign.c:912
+#, fuzzy, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Podpis vytvorený %.*s pomocou %s kľúča ID %08lX\n"
+
+#: sm/verify.c:467
 #, fuzzy, c-format
 msgid "Signature made "
 msgstr "Platnosť podpisu vypršala %s\n"
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr ""
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 msgid "algorithm:"
 msgstr "ASCII kódovanie: %s\n"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, fuzzy, c-format
 msgid "Good signature from"
 msgstr "Dobrý podpis od \""
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, fuzzy, c-format
 msgid "                aka"
 msgstr "                alias \""
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, fuzzy, c-format
 msgid "This is a qualified signature\n"
 msgstr ""
@@ -9721,101 +9797,101 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr ""
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr ""
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "nemôžem vytvoriť `%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "vypísať fingerprint"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "nesprávny certifikát"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 msgid "certificate already cached\n"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 msgid "certificate cached\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 msgid "error caching certificate: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 msgid "no issuer found in certificate\n"
 msgstr "vytvoriť revokačný certifikát"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
@@ -10340,64 +10416,64 @@ msgstr "kľúč `%s' nebol nájdený: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 msgid "add a certificate to the cache"
 msgstr "Revokačný certifikát bol vytvorený.\n"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 msgid "validate a certificate"
 msgstr "nesprávny certifikát"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 msgid "lookup a certificate"
 msgstr "nesprávny certifikát"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 msgid "lookup only locally stored certificates"
 msgstr "nesprávny certifikát"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 msgid "expect certificates in PEM format"
 msgstr "nesprávny certifikát"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Vložte identifikátor užívateľa povereného revokáciou: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10405,228 +10481,221 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "nemôžem sa pripojiť k `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "aktualizácia zlyhala: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 msgid "certificate is valid\n"
 msgstr "duplicita predvoľby %c%lu\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 msgid "certificate has been revoked\n"
 msgstr "POZNÁMKA: kľúč bol revokovaný"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 msgid "certificate check failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, fuzzy, c-format
 #| msgid "can't stat `%s': %s\n"
 msgid "got status: '%s'\n"
 msgstr "nemôžem použiť príkaz stat na `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr ""
 "\n"
 "Podporované algoritmy:\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr ""
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 #, fuzzy
 msgid "|URL|use keyserver at URL"
 msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr ""
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr ""
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr ""
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-#, fuzzy
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr ""
-"|POČÍTAČ|použi tento server kľúčov na vyhľadávanie\n"
-" kľúčov"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr ""
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr ""
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 msgid "|URL|use OCSP responder at URL"
 msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10640,126 +10709,315 @@ msgstr ""
 "(Použite manuálové stránky pre kompletný zoznam všetkých príkazov a "
 "možností)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 msgid "usage: %s [options] "
 msgstr "použitie: gpg [možnosti] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "Nie je dovolené používať %s s %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "riadok je príliš dlhý\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "chyba: neplatný odtlačok\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "chyba pri čítaní: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 msgid "shutdown forced\n"
 msgstr "nespracované"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|MENO|nastav znakovú sadu terminálu na MENO"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|MENO|použiť MENO ako implicitného adresáta"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "neplatný parameter pre import\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+msgid "attribute '%s' not found\n"
+msgstr "kľúč `%s' nebol nájdený: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "čítam z `%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "        bez identifikátorov: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+msgid "          pass '%s'\n"
+msgstr "                alias \""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+msgid "          host '%s'\n"
+msgstr "                alias \""
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "           neimportované: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+msgid "            DN '%s'\n"
+msgstr "                alias \""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+msgid "          attr '%s'\n"
+msgstr "                alias \""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+msgid "no host name in '%s'\n"
+msgstr "(Žiadny popis)\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: using insecure memory!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "VAROVANIE: Používaná pamäť nie je bezpečná!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "dekódovanie z ASCII formátu zlyhalo: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" nie je súbor JPEG\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 msgid "too many redirections\n"
 msgstr "príliš veľa `%c' predvolieb\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "zapisujem do '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 msgid "error printing log line: %s\n"
 msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "chyba pri čítaní `%s': %s\n"
@@ -10789,51 +11047,31 @@ msgstr "aktualizácia zlyhala: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "vyhľadávam \"%s\" na HKP serveri %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 msgid "malloc failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" nie je súbor JPEG\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, fuzzy, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr " s = preskočiť tento kľúč\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -10921,93 +11159,93 @@ msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "kľúč `%s' nebol nájdený: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "vytvoriť revokačný certifikát"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "nie je nastavený implicitný súbor tajných kľúčov %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "použitá šifra %s\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "chyba pri vytváraní hesla: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "POZNÁMKA: kľúč bol revokovaný"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11017,68 +11255,72 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "podpisovanie zlyhalo: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "podpisovanie zlyhalo: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 msgid "error sending data: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "nemôžem vytvoriť `%s': %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "%s: nepodarilo sa vytvoriť hashovaciu tabuľku: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "nemôžem inicializovať databázu dôvery: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "zlyhalo obnovenie vyrovnávacej pamäti kľúčov: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11124,251 +11366,269 @@ msgstr "duplicita predvoľby %c%lu\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 #, fuzzy
 msgid "quiet"
 msgstr "ukončiť"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 #, fuzzy
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, fuzzy, c-format
 msgid "receiving line failed: %s\n"
 msgstr "zmazanie bloku kľúča sa nepodarilo:  %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, fuzzy, c-format
 msgid "line too long - skipped\n"
 msgstr "riadok je príliš dlhý\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr ""
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 msgid "unknown command '%s'\n"
 msgstr "neznámy implicitný adresát `%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, fuzzy, c-format
 msgid "sending line failed: %s\n"
 msgstr "podpisovanie zlyhalo: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, fuzzy, c-format
 msgid "error sending standard options: %s\n"
 msgstr "chyba pri posielaní na `%s': %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+msgid "Public Keys"
+msgstr "verejný kľúč je %08lX\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 #, fuzzy
 #| msgid "network error"
 msgid "Network"
 msgstr "chyba siete"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 msgid "Passphrase Entry"
 msgstr "nesprávne heslo"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 msgid "Component not suitable for launching"
 msgstr "verejný kľúč nenájdený"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Prosím, najskôr použite príkaz \"toggle\" (prepnúť).\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr ""
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr ""
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 msgid "error closing '%s'\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 msgid "error parsing '%s'\n"
 msgstr "chyba pri čítaní `%s': %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr ""
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr ""
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr ""
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr ""
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr ""
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr ""
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr ""
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr ""
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 #, fuzzy
 msgid "list global configuration file"
 msgstr "neznáma položka konfigurácie \"%s\"\n"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 #, fuzzy
 msgid "check global configuration file"
 msgstr "neznáma položka konfigurácie \"%s\"\n"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "aktualizovať databázu dôvery"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr ""
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr ""
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr ""
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "použiť ako výstupný súbor"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr ""
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
 msgstr ""
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr ""
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 #, fuzzy
 msgid "Component not found"
 msgstr "verejný kľúč nenájdený"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 #, fuzzy
 msgid "No argument allowed"
 msgstr "zapisujem tajný kľúč do `%s'\n"
@@ -11384,113 +11644,191 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "preskočené: tajný kľúč je už v databáze\n"
+
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "preskočené: tajný kľúč je už v databáze\n"
+
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr ""
+
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr ""
+
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
+
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "zapisujem do '%s'\n"
+msgid "authenticate to the card"
+msgstr "Revokačný certifikát bol vytvorený.\n"
+
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
+#: tools/gpg-card.c:3672
 #, fuzzy
-#~ msgid "use a log file for the server"
-#~ msgstr "vyhľadať kľúče na serveri kľúčov"
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|MENO|použiť MENO ako implicitného adresáta"
 
+#: tools/gpg-card.c:3674
 #, fuzzy
-#~ msgid "run without asking a user"
-#~ msgstr "Ukončiť bez uloženia? "
+#| msgid "change the expire date"
+msgid "change a private data object"
+msgstr "zmeniť dobu platnosti"
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "požadujem kľúč %08lX z %s\n"
+msgid "read a certificate from a data object"
+msgstr "Revokačný certifikát bol vytvorený.\n"
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "(Žiadny popis)\n"
+msgid "store a certificate to a data object"
+msgstr "Revokačný certifikát bol vytvorený.\n"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "nemožno použiť URI servera kľúčov - chyba analýzy URI\n"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "zmeniť heslo"
 
 #, fuzzy
-#~| msgid "|NAME|set terminal charset to NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|MENO|nastav znakovú sadu terminálu na MENO"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "chyba pri zápise do súboru tajných kľúčov `%s': %s\n"
 
 #, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|MENO|použiť MENO ako implicitného adresáta"
+#~ msgid "use a log file for the server"
+#~ msgstr "vyhľadať kľúče na serveri kľúčov"
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Použitie: gpg [možnosti] [súbory] (-h pre pomoc)"
+#~ msgid "argument not expected"
+#~ msgstr "zapisujem tajný kľúč do `%s'\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "neplatný parameter pre import\n"
+#~ msgid "read error"
+#~ msgstr "chyba pri čítaní súboru"
 
 #, fuzzy
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
+#~ msgid "keyword too long"
+#~ msgstr "riadok je príliš dlhý\n"
+
+#, fuzzy
+#~ msgid "missing argument"
+#~ msgstr "neplatný argument"
+
+#, fuzzy
+#~| msgid "invalid armor"
+#~ msgid "invalid argument"
+#~ msgstr "neplatný spôsob reprezentácie v ASCII"
+
+#, fuzzy
+#~ msgid "invalid command"
+#~ msgstr "konfliktné príkazy\n"
+
+#, fuzzy
+#~ msgid "invalid alias definition"
+#~ msgstr "neplatný parameter pre import\n"
 
 #, fuzzy
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "kľúč `%s' nebol nájdený: %s\n"
+#~ msgid "out of core"
+#~ msgstr "nespracované"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "čítam z `%s'\n"
+#~ msgid "invalid meta command"
+#~ msgstr "konfliktné príkazy\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "        bez identifikátorov: %lu\n"
+#~ msgid "unknown meta command"
+#~ msgstr "neznámy implicitný adresát `%s'\n"
 
 #, fuzzy
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                alias \""
+#~| msgid "unexpected data"
+#~ msgid "unexpected meta command"
+#~ msgstr "neočakávané dáta"
 
 #, fuzzy
-#~ msgid "          host '%s'\n"
-#~ msgstr "                alias \""
+#~ msgid "invalid option"
+#~ msgstr "neplatný parameter pre import\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "           neimportované: %lu\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "Neplatný príkaz (skúste \"help\")\n"
 
 #, fuzzy
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                alias \""
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "neplatný parameter pre import\n"
 
 #, fuzzy
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                alias \""
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "POZNÁMKA: neexistuje implicitný súbor s možnosťami `%s'\n"
 
 #, fuzzy
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "(Žiadny popis)\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "súbor s možnosťami `%s': %s\n"
 
 #, fuzzy
-#~| msgid "WARNING: using insecure memory!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "VAROVANIE: Používaná pamäť nie je bezpečná!\n"
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr ""
+#~ "použitie %s nie je v móde %s dovolené\n"
+#~ "\n"
 
 #, fuzzy
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "nemožno spustiť %s \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "nemožno spustiť externý program\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "nemožno cítať odozvu externého programu: %s\n"
 
 #, fuzzy
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA a ElGamal (implicitný)\n"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "dekódovanie z ASCII formátu zlyhalo: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "Ukončiť bez uloženia? "
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11539,8 +11877,8 @@ msgstr ""
 #~ msgstr "nemožno otvoriť %s: %s\n"
 
 #, fuzzy
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "chyba pri čítaní `%s': %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "chyba pri zápise súboru kľúčov (keyring)  `%s': %s\n"
 
 #, fuzzy
 #~ msgid "error closing %s: %s\n"
@@ -11595,14 +11933,6 @@ msgstr ""
 #~ msgstr "chyba pri vytváraní hesla: %s\n"
 
 #, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr ""
-#~ "použitie %s nie je v móde %s dovolené\n"
-#~ "\n"
-
-#, fuzzy
 #~ msgid "male"
 #~ msgstr "enable"
 
@@ -12894,9 +13224,6 @@ msgstr ""
 #~ msgid "delete signatures"
 #~ msgstr "zmazať podpisy"
 
-#~ msgid "change the expire date"
-#~ msgstr "zmeniť dobu platnosti"
-
 #~ msgid "set preference list"
 #~ msgstr "nastaviť zoznam predvolieb"
 
@@ -13337,9 +13664,6 @@ msgstr ""
 #~ msgstr ""
 #~ "POZNÁMKA: Nájdený primárny kľúč Elgamal - import môže chvíľu trvať\n"
 
-#~ msgid " (default)"
-#~ msgstr "dešifrovať dáta (implicitne)"
-
 #~ msgid "%s%c %4u%c/%08lX  created: %s expires: %s"
 #~ msgstr "%s%c %4u%c/%08lX  vytvorený: %s platnosť do: %s"
 
diff --git a/po/sv.gmo b/po/sv.gmo
index 323050193720a21a68dab70aa05bf7285eef6148..3a1ed1d57bc062c481b9488d0d5f079a6db77a29 100644
GIT binary patch
delta 28394
zcmYk_1$0zL!^ZKuNr(W!9TFCTTOhawCpZ)@?otRexGq*G?u1g@i$j1=+*+Wxzew={
zMN4rj@Bi5u&f%Uj`HkJVqjxu<-}_x$9yobopyzrDzgZ4fk_3*E2`A=qoZtK%=VLwP
zI!?0gj*}mgV`+@UK$qhT#<ZkI_i&t}I1f`|r)bAXhl4OP&cKWqhid<n^|8_81obop
zIjog1f{JahxEiqOV_2E=e^>x3^>Uo*7=x;}3-y4Pm<W@9Z#o!aEsE*MuZ^nL*{g>U
z*o?)fp6{{gOPHMWOU#S@F^-c1BQOk`VQL(T-jQNr(s7s!_hB%e!8CXS_2Ac-4O8~!
zexC1?AfgI&P!H&c8E_)z!<DET&!g%+$1E7w$8;bMs(yKEb8A2AH0xUHVN5~&+vw3$
zy&|FqxcZu@3&m8V^Puu0QES)&H6sJ8<544>huLu*YKqUH?t5ZQ*pIeI=fte|4YtI-
z{Tz?C=jX^sLdH`J!B40WX6$dKsw`?I+F?$dg6dE_YRS&o^kb|@I&gsFl*O7DisMiZ
zUWMxDG1N>yAHe+ULFopXf>Nl8ZBT1G3iZI1=*Cm1k^O_3q2NI#ofVai#I)EDH8b6j
z1LX`wt@#R6y<?aXZ+eL6K`&7~O*hz7ERIUIuntCbbS|m`yKMetOi%hPhGU8$roD=o
zfpjNShen`A{1a*h_MtYb=N=L5ffra1KVv2=IMi4hHTB(4GZBkLa4$yTOH@N;hZ$?2
z+G~O#*dBv$1ZKnusME3%nE{V;n265xRn&{d&621ibx`NrgF5HyQJd&3>NtiCHyx^r
z>Og<gl#fP@coqiWI@I3UiYh;Znz0KQ%JZFPL^M@NMsUV4H>yHGOoKI0J#UL@cqkUe
zS*QmbMa{?=)ByZPnp08)HDgs#1Bu2!oR8kUfI&RpIYvaA;R5P~@i&Iz8`M&y8D%<B
z7<FR})Ps9sB=$#jARbHMW7PdQN1G+6iW)!%)WC+LHsM_KlpwN!h^FX)t?<U0{0H;k
zyr>2$Vi>kUZKjc^-TjMApG7tN4mHvwV@$hgu{h}*SPWaCW@^?L=3i5Jkc^V}2DSEu
z#yU<JY=^aQAy&i3SRRY~=s4xDFKRDr!LoQ0lVa#NGeZSXGf@nc-w3l}M@)!6j${5c
zWi!Y~jVDpB#=EGIyg`jP@p!YQ1yK!FL@ilcRK32a5sk-exE%xWPt*+G!yK4-g4qjI
zF%Rj!9wJ$YEJBU^0IK2()UnGj(X3fD^lm~_{!mPatFb6<MRoKMs$)qfnKxq?YS))R
zf2@s~frdB-J^hJ95lJ@L6g0zJq=%qJvK%$SKd=hkz(SaPikYz{sB_)}b&4jSHrWc)
zOzlI>zztN#(oHp|C?C?U$Ei#tGX>3X5e`I+G{ZEr6va^K>NedG^?(7W2TsRyxDG4g
z@2I5=nr_xSGbSe;jyld2FgrHI0G<C~MAWk}w!&Q012<s-Jb`Zfh?<#@8K%4{D!(0S
zDMq0WPR5it4b_q5m;`sCI`Ri<0M{@j&v#xEQO^?2G$YA^s#pqj{%hI%uBaPFqDDRs
z)xmg7iT5xOzQ?@iKg)4AFir$E!yTx#Pc_@LTO2)F(}qN}1ancFZwIOaw@@8;fvGTA
ztXb>qsQQ&qQ`sJK<2ZC<oXtOvYUe#x#l-A5l{dgb*k=y&uLf3-kr<C-FkVJqypJk>
zglRDOPiCaKP$Mma>PQqWz%Hl(1<W<pMmOmhm>;(w`_Q?Kx-aHukNI$!{xiKI;~JL3
zg7f&q!k$<LpJN>?FrSwQ4n>Xl9Ja?#s0Q28i!3+-bsU$X9()+JB(G5SWm#xux~7N7
zZ8Boe-$mn#9H%+y7K=@T+c7oi|6w|Oiki}ZC1!W0N4;orqsk*}x+ZE9H$*+S7v{rx
zSQw9DQS^KwqNyyr)T~J)>Ve;*cKcWi!;Pqh&SO?|mYH-IDqR=d7=zl3GcXcYqL%PJ
zX29U(W~p;wQl0;zCgM~<t#KpFgxxU&$5~gRj@fUhU4I%iqR*&~=38Mp&<KaR9H$?u
zotG=kgOjf^n>Zh)C%*!Q>-;w-Qjm-Z7>c`4Be;s1(r4(0fxnn34@Pa)5LCT9m<7wB
zX0DC3AL{;zsDUg;M(iBK6nGA^^L*zX5go6@t4%=`3?f|w1F;;cW7SYg&<VTYbgYS=
zP{*tK8k3%iYVR7B$LFZy7O~cB#tvAL^mO!S<j0AG<0sUn$iL2fb7_y7>ItY#vjf$U
zr<fmu*PC~FY1G;_K+QljYDPw5He7-E@EA74x2Se%Z(#m26Y0LejC>+?CA|=}c0n7B
zIWRHlN~qmm56faZ>mn>j`a0&tq?=5~OQTLfH|rSGk}N?t?%c%uE9082@Cx<d<eN=}
z0;rMI#bVeEv*TjaCOV7}cnh_Zsp2>RI1|fZz!o$0RZ$%tfYosu7D30e)l5ZE)G=#_
zkvIS=<8~~MpRfv++h#^M8Vix$h;{Hbs^LQM#=)qL{)P?k5thct?WX;~7)9E%lZe*R
z?^kn<BTxm6a2zf`%|Nal=Hs;z<|aJ`E8#|)eu)K0hwd~ZuZ^0SiC7EwqGllRF7rmM
zf#o%6V~J?@9zi`g>2C9iZHn4F>rov%hgxIT9%BS*3frSbItO#&9&|YW_fQ?Wzt_A;
z)9iDc1f+|hFP6a&En0aZqsVB5zu|4ngRAzNDL#i<ngj>Th;rjZ(k)OO{u@<4;-DE}
zOH@aH#*%m(v!eeY^UlwWSxDDI@A;1*qT?|Ki{fvX6hB}xOhm6*V<t?9L#$)1)2;KZ
zt1vnB;xHBdh8ge*rp8y85)=K-{ObXkiKyX%=#Ql_2rHtFT`g3-W~h4IFcJ2}a2$ap
za1&~?J;btD?ywoq5Y$p_Mjg-lm<v-LVgAz*DRabpMQViVaR=0c2VyXevChPdq?e%9
zc8^Uz!6c-Ej+zdp!w}M8sHv`iZfuXbe>7&oMMqhGW$Y%SB3{O{nCTDG^CGD7Zm5xt
zK~3Q{OoPYKAMc<B@(_K{_m~->KPo>Q)uAZVgFB&?e3XYsb|M>5$K@jC#h~NnK}As`
zsEOJeJuo3I#T2+6HADNcG@imTnCOJrlu@V$_QoKbirSoWQ3LZFBa)fOeN@GOlV%38
zp_ZZy=EnM%0|%pCJWDV=p2tvpit1?aDKnsOOhCF3YV$Qm&1^r^=9_HvI7^7Ap>3$C
zJ&mRC9;#zmPMiD+)+W{-s2LcAsy7>x;Wkuzhfy8Ag#|G1j2Urp3?tnDQ|tWqCz79x
zNf?YfQB!ynE1>^bvzAe)4t|ds(OA^Tm!PI{KWdHt#6<YP<_DZJOB-fwjM@|9FfGq_
zmJlg~J5ZbIG3o)n=S@1)S`;<HTBxaPiE5}X=EKRTy|fe6kz1&de#R&ayI_{GJ8G$B
zqxbKB+ld5{aR}AG2@J;<sD{HXnj7n3PSS%=4J<*;z#&wJ?x3dp1G+KmCDUFdRC!la
zhen_Vxcn0Hub%EBBQ;(}?e3SD20vqBO!Ggp#$l-Xl~9|tEoQ@EsE#j1J>V$n0Z&jJ
z47_Y!!8uVKuYoG>ewq2#4P(j3gKIDsUbGcHqslW}G5O_Co2@gtaV)B%t1vz8wdI#l
z9es!CFzr>dM+#y=(zQ?>8S1eG3sF<I6ZOE`m;wE-nGs|`HB=te(PpTTkGAE%U;ybO
zsLglUdJVOd4=^RB`_q)?L$&WIK}2iZ09A1~>eFf?*2HtD8OeOzj5rFF?uwe)>8PpS
zWW9vy*eBG0vfeQ1>X?aiG*-q5$P9R#(?qnX{zaXF3^&cEUoBKaEzloFV0ruz%i>YY
zhyl0E*Yhw;OF9?Quu~qBV>{Fm^+C<R1k@f|h;E(#)kHMq$52!93_~#CZS$a9n3r@X
z)Y?r)otA^BhL2+wyn`A@f;(n2=SMxT5^Cg4P&3>I)v;xmmFGL#h-j)Vqo&rmYo;`}
zwJw$<yDyf&4VVodpdK9jm-)&Sj%p_wwHIcg>di-W^Z@Ejco{Xoz<bQUHdPKH>RBXe
zN_(PuJOLwc6>4g)qDJ(>rUUMq8Ow~izZB{icSFtCa8w7@Vh%iG({C{+>5vD^zamv0
zm^V}p)Mng<N$?Kp!T(wl{%vL`E2@Jvu^e_mH?Bn0KVrR!>cCr6yCDzF@vVWnzuQCR
zUsExbjI6jE!|({Y@iBU*_>rj>j@l!&Q8U#Ab?!%F9$bL>EIEpL@Eg<sGd(u#RYomA
zN6d>eJw$R7*@t@YL(Ggxo|uLTV0O|iuo#ZSqWCLn%AcX?XMSo15Q%zVJ5)!<V`*HD
z+Pt?=15NSFwCgEKL=81Zt@Q-d8t*}k{4A=Wmskpu{$uiMSi55`@+YH46pz}ZcTiKD
z>ACstR}!@}(Wn_8gFMgUEF+?kT|&)7l7G!^FM;Yv3~Kj|!D=`kqwp`Rhy`AlrT88-
z6O&L6SZ6(k>d4=yf%v~P^|GM%@BbBuXf4}d5gdXV(I!-bS5Qmy9`j@9EAu^}7V7kT
ziyB#POo<av9axC!_-;&r=P?xTV`}t&%~vuHkxWF?vmB@fE1)*jw>G~ICL=uswYG~;
zGj#;j@qbbEle{tYa-r&#L_M%ACc)tth*MAloP(YSBKwJGtzV)W)4Vke7Dpe_^-&{g
zhzT$T6XF2Wh)3D-SXBM3s43r$+PoJ~9r=Ko!3^(AdDJ`BUoVD^WN24TMD=t7s^LAD
z6wjiT;x?+IKJQJ3vSBLH6;U(T1ofa8)Ptv?AI4*P+=XiQB5D8+-!uPe_!SvCuc<$n
z5tKr8tSkm$2h@~DqaH8^RX-lxcnyo;C(M9FKAJBsb+I_<7O3`SqMo-C)8SPQ5l!t&
zR0AnKnKiABnMilUQaBQ|33sC&a0@k+A2BWF`On-}5tVL*s@D&-*``@nqGozG>VD5n
zBATispG^;oU`Eo-QB&3*^=6xf>d-FK5?n^jzz0l@ZpY<)e?*}6Ku6SG>4I8<Xw=g7
z#_Bi{tLpq8ClX3VN|(!fOd?PtsDc_nOVk<<z=Ajl3*jErjQnFw<>T_cfJ$IK@;jh*
z`83of-+^lH3993PzAj#T9;ShaI?xg|(jllDR$>9Xg6cq!pQ#s$TD!8S`i(IFM_>q!
z!$i0eHDht8j-N)&s4IcXyB9KII-c)TB%%&9$22$yy=#V<Nv}jL(P7k!<cZDKAB@9E
zyD=E+q1tI>9g3Qvd8h~PL!G88sQ1Z3^b{uYfruUu9$-e)2$dd=dZ({Ib?7W=<PT6&
z>*7BI(Q(Ry+DzrJBz8wF;R@6q*n`^Khp-fWK;2g?$mQ{_RgEAsMg37DT7{bO|6y@_
zf|}~=3C)t!L*;w0G{&Q*_yuZjWJ_f78>2ch9W|iUs7-hpb)0V`^0>Tz*$hf-dRP|K
z!#<c0H=w3`hxG(%gf~%Bogvue{Wva(nt`5J1m~lU*;&*QzCt&qPGU!ns$auHMDOGQ
zsADt&wN^9Gjq9)|o<!|hzocdt=SD3}WmJAI)H{C`Y9@B0I`R}X@~~ts@1N_cqh@jv
zYAHS2iRgwisE+s~H#a0g?cPGDQ&0!h<DsYq*5FjUh}sLCQ<x4-#cHH?p-z!sO0%TJ
zQ61@woO@>yvN=7@c_MnyThxmsbt;oCZf%Hq@b{>_u@H5>PoZATA5l~7pW3WxZq(8=
zK%Ms(bmJt{%&tcb^ay6s`9DKMH#|kHeQ+9=Qvst;4Ub1H%{tTr_oDX1QPjD=hB~%)
zQEUAHb?h>xH4ltLH|b`m`v%$kN$CCjUug?Ap?2#b)N#3ndKITkXBrMiH|e^lUEB+G
zEIp{ToP}DN^{5%Uj2dx3dYAXN=q#uX7eFmhG4y`_A4Wtyi$yoCMs?&E>Qn0uYU&ea
zFiTSk^?)X*rT78$pv|b6JdVlm5vrY!sP<E3G@lJQ(U)|djGX@}L<*2m9Q#<;VmZ=x
zQBxn5$-G*Nq8`)$HR2wq2aG{CE<l~@y{H%4->AJ65@JqADQi1az40NOe>J#;3^$%c
zZJKAOW0f$}+!&4}NjE{Q?KISG-ijLWRn*$QN8Ohpvq?vyX0A2n#3|SU<55eH%HuXu
z(*pIv>4}<=L8xQ75A}fOsPmjGi`kS_P#x%Eos4?$7L3Hps0XIcYL0IO)Kc|A&GdZK
z{hkX%bmIqXhVC$z_xJNbs5RS*nvt`p2A`m2EOj<Bwc)5uR|{3%AGIkLqLyYW>U5ky
zH{L~kN+!teogt4CMnn&&gsRvI^?<%MJq7hyumaWKPSl6TIa_`oE0X>XwJ9s)FdgcN
z(JubdiF$(u<#KudI30=XM`s46)A?VY+vU8Z!eLa;cjd7oMy=@+)C>jZH6x5bP2IPs
z(=ptpSK9Om)bV|ZWiW3(^IqwKTAHP(rM!btJl{!|-&AOeYIq*%3&a7`E<b6#kLr+9
zz&zM(t!9lzmCr)8vlVp=ucBVjk8OVHa5JFN=+RWSu^EFfG3kY<DPD`(1N%^$@SOEu
z)bUAP&~&ggs-1?Y8Hq+6yIH6u*=+M~qLw(IklEa!g*g9exGoub(?z3>*LZZ}deoAf
zvi^l?_ycNBq>C_nB0uWBDyTPOSJX@lK+VJ)RQr2Sd+iG9{#Owm^MXlO*i1<#bW>0P
zwVT_aMl>GvDY(g|Z(<DTfFh=R5bD8;Q4ijTnxWIEWBeZVLdsjz?2Xn~lJsm35gnh?
zs2+a6x|p_@%lpq}ol!mBg6hyIRKssj=Q&Gpv$l0m?es@|16qPQ=jTx`pu{Ciei>AI
z(WvKn#u3q{+;Y^~96@cC8#WzS(u_PamLR_ls)4bny|Dy!I<{J`pr-sYYH72VGUb&~
z9qfu)!kNf(JkBN}nzAdXWAh$0!a}7@1I<x43_^7@7WIG~7>qYjr{yW?oWDmsxL_G$
zUDQ-Zqn2V7`ru`(tMh-2h<1IxvZle3s0OQ{ro4g8AB^h2IGeu~)sgeq7~i8hP`{ix
z_hV5HJcL@(SE!|_5^25}^~an%-&svW4?K%{!(B&>_%-VMrYvucV>Z;3mq694iJH0g
zs3jPM{<sRYwi{6G9J4;K`3WkR51%aPNl1mRL`q>F)Ce}9K6d{??`A{wJWECM4X6R;
zCEXI$@o}j0KMQpVHlRAT2i<rb)#1;m&6u{5`65!S66as9!n$P0(O4FLMNRb^)Mm?2
z*)&iTwIsDs?}fgo`zE0GMTP3fIn)E6pf+`aDkhx?)qx_`4plrRV<s6o--l3B_X4#i
zl2$bhXTmb1!%+|Hj;g=ddK$IKKBLZg$!cbbdtejNTk#tVjxwLFZLlKg<sKsH(F3f5
z>8hJ4?2P)B+7Gpc9@K81hkDbkMos-mREMshUfD@&*l$dz87YeDXp~L&N3}N|Ro}Cc
zh}L>1s^SUM6n{i*rffCMSFyaP-QEqg7p9`#j0aFl^*3rDiEEknM;TPQBc{SxsL%b?
zs8ewSnPHFfj!1Pf{A-&{QxCOfy--Ur7S+H~Op4o4FQOwj9bI+I@tTSHu(^wxkrZ`J
zx*DpzzNn>`h`Rr-H=pwtQqR07il8=618Wb|h{vKjxDJ!x8&re-^-ae@&`ml5S6~Cw
z?thQo&HIhryr?O!jVf=8*?7J)f=Cuzfz9v;YO1m}FuS}w>Vb_>Q`ZBv85f|A?^RoV
z&-w{<f2xLNlSQDGsxN9u=Aqt@$I<)uzehyWP-r9by*xMS_~b`btb*!!2h`>pfLil;
zsLiw&HFMWc19@#t*Vw$6N}={tYt(1USk%&PY|QzuK;$?X8ex(q=GbLNtz`tx!#3Cp
zKcPAh-PF9Orej0WM^N=cnwk8Xs1A=ny{KlP_RfCP{bx`edDV>buSn>(W{RqzUZv5f
z(=Y?o&;e|Z7f}tAYHmJWTcM_OHtMU|@2Jys0|W3m>a@H=%~0MJX5>{+$G5GAh<0}m
z+>awM0xP$4IW@39YN`&PI&>YUU~ntb;CyUEIv(pPzqR?xM@t+@`X|&YJyRR=?e`n3
zPkIGvX+3X=v?Y?Zt=X*uu><LusF`?&8ewQV(}6muwH%6SU^#}kcynStyxrb(C}~Gi
zuOsRdOhPxVLVc(mMP|z5Tp^N_jK`?s_7Q_HYbW!7e5hSt6V;I+SPa*qX6O#;MOC1)
znYp5<&D#aFCx%<sV@cB2P&1sSi_)CG>O_<=3Jc>l)LK16Z7#pA=7rJ>HR8#r&xUoV
z51}2_)95CB4|O^Mx|zL_2i5U9sQ1S(R7WOZ8J+*bMD)h;`_4SLBz9*i8=xMzkAz+r
zH&C1GGiuYO>tX(;Qvu77{sDCy51~4C3$<C_pf+R1XtSBaP@AtfdQ`Cz5v@@()KvFD
z9h>E-V|fO(<_}Oym8_@vaB-tLQrM<jpw_l0YKDemAWlN<rP){-cVZuW)06YB-PpaC
z`3kiM8<9@^y?MZQScmj5)S90_b<i)yd|@eyMM?KUy%AU7H+ToNl*M|RdfhOR^m5dj
z@Gn$H68GW!YvfUV%+$3<t<`YMhZ|9Q<4@ESC+q8SnqpnllB`0_z!B8aJjdRcu%Fq?
z!%$1G3^gN1P&0S|tKwfCBKmO2*WYZ4eyF{$5sRw=YU)D<n6J-OP$TVy>exC|`Au6M
zIM9r+Fy<!zThu^CqXw`Ebt?Wr&4ed(koiVZ1t*d*9!Fu?!Di}yMor~KRF4x5aq+i(
zzU5*Gj7OFKgL+`Lp=K%TU<K04u^QgTS{OdebbN@><7^<JHNTAwumnq@^hDIu-o~Do
zXt-I!!PcEvkNgj)y-{m~c|nar-M<-s#=w#06fMJwqz|HwpZ_Qq|A7PNuRIa0(L^kT
z8&MS>p{BaPXqVFlzr#v+9F?E!2Q#I$u`%h1sLgx_yI|2VW&jINOL`c!q#se6ugF;1
z<M~c6A{yxy%!7YocFup`kLCdd#+kM1fxeW_L?4`kI-Wn{4BU(tvFdm;6Co4K>8OS3
zz(~{p<8cc9i{AhKf8<0nwMS5E7C6aR1GVN8Q5`&oYUm^C4OeKgc~3M%&CGDr2oIs&
z10SuyQ_RPAC@Oyn>J%)R!ueOmMq9AodKOcVe+N_IYt%bE;Z$Q*)C;8)roz^!2K!(D
zjz+aR5d(3)O|L+;8;|<J^T$*+myX2+GV~%zHO=L;!y2d;#yZqyd4gK=oYT!OC>>D8
zY6<H2okA_e8`S$G$qe%<&y8-<l`t`OKpng9QKx5)he#G8XKaNRsF64`&8AF-dO#7>
zr(+9r<4DvCXesKu-a*vyx`paMfmvoLs$&@G5va9aj(SnuM9qZf9T9&biD#Q*k`nz$
zM_@P>M|~Q0MxE~ws1C0|&A<uNo_LSNFg(`W*9p~;*{Hp<2~~atgE09VZ$~^%Mk2vv
z6hSRTMbt4Gfok|1X2QUq%oJuvO<e@K@jKMaOhi3!GpfTUtoKoGO4nTTRjdeVsXJkq
z&i_0jp=9hsHFN_t(gZ)7f4vGvjkqXg#3rZ?^+s*JsW!bFHMIv&d*v!>Y0}Lz`NdEj
ztc%*z-ITBMKa7ZWb1Z5T?Ls%6L(RZT)QEG>H}8jbsHvZX+5<aK^{${cS<(gOg_H?f
zk?xIAcox-u#)W3U5$Mt8s!v1>4Mg?uC)DxSg4#TLQ4hR>g)!M8GZU3j_1mD{n1fMY
zQum;i;E62{SZoHA6*WVZQ1`W1%=y=gq(2#IcrI$KPNE*@T4FX$0jx>7BSzvT)Qmkx
zzC=1{mYQ!gxll`01htfnQJ;20Q0=eAf_NP@u%yd8W-SXZGizB73sKM!)j%xj#@(12
zpQH9hz;bhr3!(NxQ`9c+i#omwP_Od!sLg#DHN*F<0V`bICC=#~qLD<Q8t#GGow2AJ
zPM}8g1id|8X&Nq!DsP4A;4swj+KhSy|BY%l%PP~cs;H6oL_KE_s$I_?L^QI;s2hBK
zu{}eLC<^tU?@{H`P*b|imfyAI!K=+@L4MQ&nxRhBDAW=!LACQ6>J9i8(!R$@yvAe{
z#UKh=pr))7>RW0b)O%q#>bUJit@(LWL-$Z43tnqxpd5Oa0-KY+0L$Zh)aER`&g`*n
zm|N$6J`qjXVe4nq5)@x=j#UrTn{Wy0w4B8b_#QQ~)*H-T8HqZEt56;M6SW7PVE|^>
zXkO7-u?p#)=;ry(Rw6pL7f~;mJE#}OXVi#8Hkl=fK&2a?j%OFtlJrJx);XyA_MoQz
z8dks$r~#GTY`%E(#z4{=(4*bEorpHq1=QNT!;}~nXC7D_HS$`h7f~P7gVv#@`WWiC
zzC>-tEL)6?P)jrpHR6q^H{)wm#|v-e{43IQt9gM8MXk|3R1cq_Hrrd&ROi@cMp7L$
zLJw->3sAfN5NZG)(2d#S&F>FYQT1n`-hf+B-zSd6bN)5*J7j2z0=ApeP!_9`Zh-nt
zXg=yY+fmdA68vgLT+!MSYmh$=)#3Z7FCeLRm}8a$^}s0947EXZe5Qv;B#|Ac8{eaj
zNv@q{BvDw3bPVdj>rgZC5H)kbyG%zSPy=a=n(|So_Ew`#$Nx|>5VYHLC>Lt!JT-`D
zEqkNZaGG@w>Q(#*wfjT&m=4v!N~8y1S=@!{*n8AW72j*>x5sLvXP}nkDr)2j_L*-~
zC9%BDe{Uk%Tw72Tuc6k`f4`ZcvZ#jIV^v&(dPV<>YB1XY)1juQ-98UBGuKha(f6R4
zi4s_ubSIl$gL!rSFB8!eB{*b8TnshkT~SlH4At;4)S3nVW*%G^E0XSvnt|1*_sD&0
zf|-9er>8$^X(nQC+=zWK+hLc}N#}nq5v_&mh<RWh)Rfmp?TrzrrP+@<9Zyj&mXM<+
z9fkV1?T;mK8tVRIm<2zeW+dbfGti2t_egK_XoNo!(H_`<Ivyub`FAljCOT%!g4#sI
zQRR&>7>A-Z?F7t(Yfzi?2&w~*Q0)XCH}{3122kTT=U+YVONJVlf_imsK#gQSs^=e2
zUmV;g%x6SN)KphOZNkB*5&w#s$-hxkp5mnWO{o}a21}wpcCz+3=`lU+Lx#?GEc)U(
z)D4$VJ@q?f8V*OTc~jH_e@1QIW2hN<ftuP3r%i{$QRygDy_Tqs|A6Y?ZVwTS>=tTj
z-=lVa`ZH#2>tO=Y9@HlN0X3D|FfkrSP4Q*a41Pc#%y`y3AQV-vBI?xCMRjxp>N%cO
zM0D(K*o>faW(~_@Qu14(PD2mWOsqon{2Z#oZ_tft&YO`H$I>o7-LNS6Yc809+(Lc0
zCA(-gYd)ky9;Yf1H8=qE#+rxf;UB2Y_#D$>;3e~+<VL+{il9c&#u|&-D<@Gi`U3U9
z#Q!s=C>QGZc0tYLWGtZbzn6%n^eO5^<9FFiVJ-9{T^9qeA?jDA7PtU=VpmLZ#dK%@
z>J%+QJ@^2+@j9wQpD_~CT{Skv0zBWDqX-^GP4#PQp=)N-bjK3p&qOtR0yRT_qwY)g
zr&)?f)Fx|%dNYne&D0LmOy0BQpHRm$`*qI0HboQ>ecTR0ZKhGEO|u+zo;RbG=9Eo;
zLOnRc4byOSREOH2HsM&*h*zTS--lY_KT$L2x@kI`>L%x3A2Nl>(7Eq~YG?pzBnwe%
zbr>_?TTF>5Z<&U3qGqNt>f8@S-M0d@)+bTzzeLSk&fBJgl~9|rz5ckQHT#JSy~E?N
zCcZ>Hu>2jf2b!a9Xk(p?y6-q@W*%D8-8EBQ74^UvERB<G{vX!YSc&|sp1;fsr4y<H
zzhGs&hgC7}J@W#IK^?!bsF~V~s(%Re26WvwZ_G&RKvcar)KdJ0ZoH1w@iXe!d#XP$
zpKiTTuiUMuDSL(*Vb;IRo+yu+(sro)A5kB#D=-MJqK@fbsJ-zCwfXWrbUC%LDe8eM
zP<!Mw(s7UT4-u_hfk&o76V#NBKrO`v)S7<4@)-8me3|Tk8rf=8{e!5EJV!TvKy@V3
z6LZ{ZqF%idPy;=Pqjdg15z+1(@zhM|a;#7KHmYKgXJ(|)Scvpe)Y4o)?*slZ$EhZ2
zAknBz9E+N%J*axuP{%vbbF-<dVnUt&{zTO9NYt8cLA}YIqeh<QUsGNVbsBnMGF*(B
z^3A9R|AFfG3#^V+UYHNDDX3$&3lrff)T{j}di;qzBBH7M7xhk0^wO+#9@HtQhg$3J
zP;0ly=I=vqL#W;U2=)F5cx85XZdCmqsLeYGwN%?NJ>Gl8`PURVug!x)kxk*0MO7S(
zD*pw8@i1zQFQ7(x1GOm&y)mbx32N%QqaH8=H8bn53SLBQ!c1??d!y=G&cD{!LxyJH
zS5$*%QB(F7HN}bEnFhm9AFpMt<xx{z3H5%Mgj&LbsPpZ-Hyx{tnwe&(jtxf5^ehh%
zJ$MVMXD3h{dV`wsLLbcL>V%rYai~491y%nVYU=$znvrKkEm?J&?tt2S6EF&Qpa$ss
z$$Un5aud;%wL~>M8a4H6QJe4z>SOjZYLgcG&*lB!ZtH^ON&k+TsesRBi85df(z#IW
z^hS+*G3rC<AbJOg97hk0`glj$6;*KomcxA*iJwug&`6h$cWMWt-jLf-5BP*y<GemT
z&bQbQReu9&svn`s6Zragk6!`Qaqo(`bp9t1(WcvmYWO8;NlN<pc)u5XW9@?a*c^s#
zT#VYB2T;5GChB9>Nnpy;qS`5efmj~{@LTl7c9@LkJDrGVclJm1bT?`#?x71O`0>MD
z`N<fq9mw^Ga7Zn2{Xm^-Hhuw9Qf~tFHmd=9UA6H)$WKH42-2Rrws5As`CD75q<zRe
z@(&Yok!B{Hyu|Ml($T;M(!UZ9C7#LFPmsVg*cN6Js?y#;%D=Pa6N!JhI{9k;xpGtK
z1YsDBRl^`#`CIHj-bm`Oah=h`d!epogjY0n6SLd;iEtZvbybJDb3j)Q^7oNH)ZVN8
z)rh>iemuV@6<d?w$U4ag%LxgnJd^MPWsAK{upfy3PF^+A*Ki@>0r%<p!K!!y?hmJK
zHu9PgE)iA`Hd5A_{QIiJ^(}EbejZAkk7VyrQ{f~1;L1QHURus*9=43|EAjidmj(||
zt_{|JcsJ_pBm70YG3DP9Mv~r6&{fuYit?{7&mT5b$rj|}Mt$v#Bzz+5vNx*Q7Sa{4
zzY_NPpt{5t+501KC1C-1dkBT-a6;-FL|uc3U!}Y_;i=ZY9+9ksa}-oWm)$_7y7{@C
z{Ngmwi8|YGEZKL6-zA?9JLd`U<#aSH*23;Mi~LN4SENgkevcRME%%NgWFx%sW&K~%
z$R0um!aYJ}3jC=2<;p_j1mU{P;L9)nw>>O@P0zzm)IY<$KTxKtJnF5uj(VN2u5GWI
z3c0eAUzPebJygs{SWU(Z!e2_8I^KWX%*c%`2}1~f5?qw)%5L!fQ*2tBr!2k7bq%q3
zOK4NquRQD*g08-_qiZl}#?P<aw(@LiW?MmJ{xr~o^gqN$QJ%=wQM*f3fvXbb&1o!{
z%tH3wF~moa7fSgM`(STne(3dlhVnIjJb$-sP=(XDxy)DT9(szsg4h>3Y~v}Y6G?oP
zEq_m)0>lpxy6~{|n455${FBs+B~RPxlx=%0WijO4^li<*=hz2`PGqK}P*+moW4IxJ
zc)PDURgrWt+Yvs*oKn=wfakC&rqTm(D`DV_<egH^aCh?agmKsZD49;~dg70X&mtrz
zUY0yvHSCj3%KS`Bo#S8SUnZ?<E_s89zb51)-P5-5(UyBF@uM`o;_|MuH@2RNrKuE8
zDCN!JKw8BH8a_+edct;_pODEr`BfeLN#o1an)*$tJLF4-^$`!=OxQ|UBE4sIZRFuD
zGITA(izezE#&T3{Yex}bM_idY(`?*U_43M$${X*`J;!W%Ch<uGejRhha&K<(o2pFD
z|B1~1Y{l-RGZX&_FWU#y<c2DQiPU?5M+o~U*ENhhT^(>4E~ab)@#5Tjm-txQMq=8`
zK*&Yjm#Zgbp24=lCT<!@NJ)jA=uhQU1YOrKrHx0SqT$pj%e_@?gR9BBLwr6KQU$K8
z)cN`vVe6J4zmh5Qc>hP5RVk~j>7vneG!RTEYCG5dtA-xgMtXhKa$D+#5~`9{1HZm9
zQGcjyNBLQ8Jf~OYe~WEA34TxJZ5q&5*k{<AJbiE0HOSVRV3OXSE%~|Crl;G6H{mVr
zePq)rzGmwrrHvjoK7cyj|D6@3*V4=TWaw&7ysv$j(kIAYM);d>kg@<8-a@_`myjNY
zhY15IFG>jHRP-i&hdOO&=QMdYs5b^bszI&>wtY_snP09X+;opH(&mjIe$rMfK?A8t
zZ=&)!@{W?$F9Nk}c^Arb-NvDm@wMFh`*nTV+D=|2%9dk2%6bxXP4Qv>|3d|RAKt+Y
zD{!uDa3T3!ZAUJV@39XUZg2jMdP8hpjLqvqy#zLXmbk8cv~h;KL)6bnXlKiRB%VR%
zuQ8P($n>#|>8AJG^cx`umC_UVRor_u<Y!^(4y0~8c{`}1UtQba48j%4^!L{}lwBmP
zE6U&;{i^*@#1E(=I{%%i_&w$#^RRu8?ujFRsVdpLc+z{QlZ-qM@t+8>6#J3alrUIz
zxn>%iETq?QZynOLZP|S4<s{ybd&d(ze~?j%O6tfU!aNGE;3NuPVQK<@32|Q7P8_2=
zhI_IQP7rrfPuF0|i;=g5bQQup;<_H-V{Aj+3)HzxcuAZ;!|3ujO^A#j){D$9*AyZ}
zxbY%o{-&Zc9)G0a>9$fn(s{UN+*kK~x&I>f9wV$J<2>bAs9TG)uAPMc>^%qgJ>S_#
zqwBmy{8C4}g?(Uq@@jL_6+MW!FLuV^gkOj+!pel5G<F7C5q`A~`H8&a_93ar`<`|S
z5_HWaO!CI~&aPd3g@QqZ|Iz3gTTqttEgI-Zo~|agF~uv8*Prslob$1$YpJd0CO(_G
z6K(zCD&#s%d2Q;RCv5ntEiF60A?hcea`-DIr1I}n9A+C=Srj)Vqx>;>?MNplzF!4g
zuL(=ZKSC(446YB<PfI9Cy&~9?vI>NX#M9tp^84v~_G&V|Tvf=t!NZ%A5l#FMeoy&P
z@}3bt%#FI5k(ZNrKjJ>b-+6OcV=Tyh=_v~#|8LT52pfqPAUv`6N0S#u+(+yGg2*mz
znnb9_gLF-&@@>Lr@>byslkNR^!8Wo06H|W&by^V)kls!@6*eU7Bs3xDI!zn9h_5tB
z=M44!Qe5+|U-DCv(U`ECin>Y=^#A&x59znu_=X4UC%%dJIm#Lkh7uNY&uzjB%D$m2
zKS9?v>vOB}7SYCU)C(XS;hxUu$xNg&;ZF*ek#X7Hke~Phf*+ljO8F$>EwMiJbbX@^
zQ8z!nw0TFYRjBve#!F*5?j26uhupWB(17$WxKZD;gGs~^dh5Z2)$l)Dg41y-{zlN%
zl#q<j#x`CK|3~<p2j<0xw3C;(t`ns7r?0QCU<UK$+D6^^TK}X})ODSVp7_R_Vh7XE
zeDZW%rz8JT?;FzVh<~|SQ73@(DKfHAzL)eC>I}9O^5M_q-NGLUwWymHr`a~Hc_{qI
zjVlNfh|i*MB87cO$B-^f_;US1!+q?HGsu5NoqB}oREYah$=ZeTUX;}*U734ollHau
zj<<DwNAJJ0)TE%WEqu&PbqJTZVJu+*VFYEr;ZNj8;~^|h-c~{o=^BJ%1pYMd^dqm1
zowe`O7U==xr{rNpaW7?`$h%5e5&q8WG$E3LjA9giPsl(zGvO)WI-w)s88;QAtS*h5
zCoCdfjC-CE52O4K`@kgRy&!!MccQNTlpQCn>l^OdYV#YDze&Gm>k6cx3mN(|*GDQ3
zAf8=m@^u9hD%cy(k-w1qMua5ZQr>9ftspGt-l?`;QqrRc|59fqX8h6#dyjaa=O<!U
zmZY(6_QvN_zDg)yAD)~W|0BMey5nq~Zq7k|ed=}nQjhqT>tEu35eidQ#<pA77Vfqk
zX-U2vzbQFI#%ZE|+KO&&E^ix6#!W*BEeRcMUNGgI2=B<N$-O_@2kG{%)H#ODaktIS
zO}rxUJ=|k2kE6DtX+YO_Td^ySp}?a;uA7wqhp9<t<L1!>{-*EzNV+*bBi!@W<OET7
z3F!-@e<q%TI@5^vr_C<5j%Y!d_rJ4NqATGDVLz4L6RHsJOND+k^cU#>JWk%6FC8NN
z^;OQMpIfhRkFJK;fslgxLMZD;JPYl1xAh+Cdt7hZsBXwk!8Afbo7abUdD~cfEJ6Ko
zgjvK}Q@;iEvJ(8+LoLWVM47Hq<RvEEjF6AKc=DFnht9LcQRW#<L4bWNP9z>ecuAN-
z1G}i$h)N|%e|@bXKbmq~IVeBN1Co;$Mi@vaM_C^7PZBN>Pegb^s7CmiP=xvix%ZSl
z|I<@xFF{vtLZBVNT^jm<bW*|-LJ)N(V;LG~MW{fCq|O>!zdG?ul>bA$spOrtZKfjs
zZ|d%#tRit;H4M&wUw;1|Plb1c&fIjv-q=hx5}#o!ucy%)#MjyfDm#SorG#6Ax#YK{
zjX=U1;z@8Z`JHL!y?t;V^1tK066Eh!-i#5AQqIWSDS`KIF{D2ep4tcKv*9%%9icBb
ztf9d<wk!d*pl&1bhGA>!JR-PBzs2U%Z%2rg)Ez~gSLExOK%LJ7UA-u~XyYCii6An^
zanozUL&5^WJo3L>Q%LLTPTndS9LUYvOqTa&8h)0cY%}%NQr?45mvjO0<EWe8)_q6$
z4f2bV_a}A!G5?;#tCGY%!k23}6${yiZqT2tJYlxK$Eg)TwK$wgUP78nNZN<({FXby
z?Oh|WF=bz_T|`E3PmpaVJ*K9-I|fp>8)bpi@wLZdGx>9DTV#72e}2Z>jC)khL%2lx
zG~s`geSKvl?<wWC2wz`*JTROvnfz|}8}*)3;Uw{@#C27-9n5A`UO|0iMN#2{D%gtu
z*b2VNr-Ad>NVT~t+d4mDCc--E{=q}jQtx--3#n6>{Pv{h6R$yDE8?rEGlTfI<SoK4
z*8raHyd@)w3cqmUVk&<}It}R#s%59GK51Q-33Z735tdLlk}#W4ko<9k$;1l~LMeYt
zxI_HQb=1b|@|;yR(=(Ze<s+P>atxU>ZKb@J_{*I*obo-?t4{u0e2FW_)8$Y4XZ+XR
z+tB8#tP&5?b)LMw7)sqgZ9QLK@89A1hCrnhwqi9~*nsqGzqsqs{rzX0?prBtYQM&Q
zGr|X-j|&|V?3X;cr@Kqf-hHCm_UP#D+_hiF=(w!I6K9BfH8(miZq?GdzHw<+M&yiZ
zeR6-`jB=OG$Gy39!YA(Ll^CBHWB!~L7j-?g-}D;^()Ew&+NW!DXLp~T?miuR^y(SY
zHfEr^Q`hcsjcz~iopESaWL)Wc=Uj1B9)$bOnDl5=T*=3sTr(a$Nf>wf$&$ozqu$5+
z#`XH|q;Kq4A6MUa{-?%v`^BFQaJ_P6>e$=c?spvry0iCocZ%uRL-y_%)30Mp{H`F^
zq7<?FGr0=JR|;`0^@)9x*;OUJmD}}Wn%J1)u3GW6OSnQ4#P2Wb3U|dPj&$AhOG_s^
z_Hp++xGbgvBaU{rjn<g^#NVmp>L23Mu6OLMA6%*8+q82f4T@j$o$H;it7`1Rsjjr~
zcYC_(6o{|0z?Cmy?7ypA#bVE_ay?BPJ+S?E9lP7^to_B+&Nsf;I@cke*gP9u`{FZi
za$WKZ>(sHkyI<E1?%v<UbnO@Iou#hbyW4r9BTQ5LKU-Zd{QUd$qqObprLI)5Psh0m
z$KToEO6n6|bhm4xZ|tXiu9fj;_Pb8I;*T73olO?M?Yt|-Z)K~?t^~2`ue(OZN8WHH
z4~TDi&(*^xOS_JpY1nOg7j0(l;BrOs+rI97;EGKhd*(k^k@!xZT@8F=Px<(K8(+iM
IXJXR-0~;DeyZ`_I

delta 31528
zcma*w2Y6M*!tU|46G{j*K<I%@@4ffl5tNRg5Ry#@2}w+LXrh~@^ctFUlp-iaf<!<>
z1VliPqJVTMf~X*<Gy(7b-7`_n`R;e0yPmuF&CHrLeP(Sq=R0@Cw4hU~gM1frXPD=3
zRm<o&MQ}-Z$GMw{a5tqo&gD4Asf<5hL(CcPI6*GQ>4^D>cTaGfgBXi>u+D3aQvf?)
zF^s^%I3890a_gr?pYy#<xNpsq=r}dVSPko{02^P7t%x7RDwrq9aoS@GRK97b3ie@E
z`~lU#U#%Ivj#H3$7%E>~zdm|k6JA5Le1?s$#Sr5Aup*wqG8mBTI3=+>mctiN?+vrg
zMD_fA48^Z({32!}{tPuDS%>jH^*dz=sDKx-C`My0oP^o&9n6PoQ7!)rOW`?G1<r8u
zJRhoom9Y?Z$4VHFdT$A;ob6Z~kD*Tm+#{eDf<_oiTANt=SiRPnn4A3TQA528Rlz|U
z{}J;Nzh~1kk2F0lg&NUj)~+KRpTDP(B$VbsG8V+er~*H>p1=yk?_dcmG|F*a!N#bD
zFUB0W4a0Chs)1LrAl^p}d9K$@&nuxuu=DGTzlJD@gtE8-3*%Q<0Iy*od}`ARjAp?R
zuZ4|qIBLp1Mm6kPR7W15rXuVOQ(-Gq`XE%kX{a@{$wxpHpF}tQg+;K)n`Q{>qvD-y
zJO=X<AA?#W3sH-39jZqsP(%L!^I$eQsEXWJ6kDP4McBA+k`1gyEs8Hu72dSz8OJzI
zRpO;k1$9S_$Ou$JQcykp0M)}2s8#+DwKg)2Wh-L{s@xXV{>aGtoY4d{0_(6A9>;c=
zX`Csji?tuBz-SD^WXysos3}{D#c(^S=ig&1{1tV8)fjIYG5~dc%*OWA?|e=`iz|47
z+2^%U4GKr~WHM@~=c9VO7Bk~+)S^3JpPxc4wi~FScD-dr%8i+bH$**ef!c=surT#I
zNd#2zOst7(Q5Bp+jmTA04+^|(woe;W1AC)-G6sWi6PChHP$P2zH4-;a=g42EhGm&(
zrlK7B)RNW&^kP5EjAOAWPDVB0AU42fr~>LwGE>kSHT1(!J)47Cd>>*x+=CjS$M$)a
z$tGV(RK1NSGyW=|I|(H*0n6ZAEQdR7{2Hp@tW!)+-Kc`gV_mF=bua-nQfpBo`5o5B
zEK|+gx5P%oz1Rsqn#%aMCGd=dX4qz$<21pESP{R(#&{2NVzudJgqop7q8%zd3QOQ{
z48}#M5nGKqVK1W&r2D9jWSL<)T+~NEM`8<9f!$GamW0YU5i8>o)D#`UAiRSb;)kda
zt3K1Lh2B_!_(Uv@TTt8YTU5S`v&?~42{mQDJ_IxcN%p}^R1ZGI+IRppHBV6uD?Zzt
zjI}Wr@y?hD`=dr+5H7^Y*bYm~G3ha=DV>4pNE*^XpL3o-YZC5ab*!6WhAbMj&wZ!^
zXDO=1pP)wS1Zo8CVjiq8*X*JusFCZ5#V`g};8avcE6p=g(GCl1|M#^C!%-DXK~=a4
z3*c^SfoCuj3(q%mUL8Y-H^+R~4NKz?%#5>84O@u$@IzDs_F@&hgl_70ax5@IQx%n=
zH@eY_nu>WCfGbc1zK3c^8s@+wsD_+Jb>KECUl8-4ii@B+QWKT06Y3~_6@7Z}Isv^n
z7uEBPs1_bX74#6ZVzzh8t|)*U1x_pMgJ0v9SZ0x#>t9h7<XUW|wlZoel2D5<1=Wxp
ziy41q{F(&K*-xlBe};OY$PzQ8jj%lNf#}9*HhlxCpp)1JuiNL9mYTKn0%}Tpm<?BB
zcHDx2`1w-CUm5n1prN{j>alB?>2WBkA;ppZ=QQV!)_B=kX1QrlENYuhM|PUC6N_QT
z73N2340a>_F*d<0D>-GcosU2x0*A0OW`5UkdSFjfk3Yl+JcTN-!F%Sb_A(YHz8p*9
z9#jLaqYkb-tIYdNQ9~Y$S8x_)axoRFS@^_#qt=*$Pg(Dy7FWKtX3<na4RLGCiM>z<
zP?UY1VB?dqFzItp4cLg4@GREE%<r4?q#<f8y@u7P-+6<8D%^zSa6hU?w^0S<US}3n
z6I49h#;2p3_-53U9ml449W|w;*PF%M5jFRNP#s9Jj>ml3|0x8D@L)ZL;Q{M)3??4<
zf!Pf?P(5mlYUmJjV+y{(kZwhlQ)7dvxC?4g55a=y!>afWR>Ol>l=_{=1k{6q8_kec
z#tg*UpjzA!)q}pMe1ow#jz*2#GV4|>K>QG@BUe%HyEd5<F9bC*rBDs)fWF)W`V+{4
zi5P^Vu_(TU6>${~!DHAF8*Vn+Z6Ydu6jflMkIYxJDl)fD0#?R%u|6I{^*nfs8Ht8l
z82{QN#E?)HS7H@Bh*~rcQ4Oh-Y6|Lz`H7E29aOVXBk&<=M83dMcnvjGS+?>;#X6{R
zrlNMydd!W7wle<F1TK)Exoi8eF%mW8V=)A0U}Iciy@={bk!@y#UO+W`Bx)DDZ{3HQ
zlFR7EM>bw4&E%`;BcO`ApfbdwdNv*F;QOdKyM$Uq89y<9J1&M=J6$mmPoNH#*4xd{
zPe3(z8@9(kuogDiVMZbewaa{S2sBkjY=!r+88+N$PP);kHSh&i$J^K$-JhC*<E`6K
z4Gr97PP+2gkoX&@^0#9<e1uvPEk5&aYoC)qKo3%IGM>jmIB2)|?2g6q#P?xKylvw(
zJ~u<&51Wua6>H!j?1WFTF?QHvPS{D<jQD<RgPFciy*~c_PM`+~^HGcE7gP&F_L@0v
zYE3{5;Yw6bPoWm=6Leg>yU#SJ^nSC*x?@Hjc`*=2VHm!N<8cY@r+&x%rTNYFBWj34
z4w$)ViRw`lPQyj0kt+L@$)AAg;bPQc{2uFL@IiB8w!$*Rqp&#6z|y!GE8!{h)g};l
z$Q%^)F&FXn*dJfUVBBHdZ#`x`XZ;biOYUM`3_NV6umFY<uZelEJ*xayFc{+wGya(f
zj3gloj=^j=#b#V!Gro^mNl(S9xEt%?9qfkXzBVH<8r7j4sHyr5D`M#*=E!~t3lJZL
zIWXl2<F6LKOF}kG!|b@vdIAd*zl_@7Pi(y6QPZ=wsDfTW^(YoK$HP%WJ`dfPhAQU_
zYP<ho;~~Cp%qp*p`FW6l>cJ$`3!h<CJc}C2;A7^8iW@a@bx}QPf&thI%i+s5eLSi`
zOHdW>z)E-;wHACCj+;eR0X0;wpemY->cMhUgZ7|$_yBcu2AnV>6^adsm&8WcA1mMz
zRD}mnQ+o}o;cZmMik<ZD5}(tMfHL+)jlc-hl+42NxEi&JzrpHw9}8l+Z_P>80@cuP
zRFB4EMqGzFM>e6#J%oAiiuFDg)cz0t&h)qxHXuU-EQZN8eV+9L>mJO_^V6t&w=fq5
zpE3<AjB0Rgtb+YeJ)VjsaV>`8VXRF3&JP5#W6slNuEJ15*$|uK2-KYJK)rYsi{c|x
z!3EBk_iABQ;$2bcuVM`xW!-=Uh+oG1_y~O((va`XqH2j6vX^Z<**Xo?!}m}xZbcRJ
zHEJ<kM-6@Mv!)^SP(AI5?Qj&TL3>eCdI>dUS<W&3YH`JL=7&dJR6)&9t9}rwg88Ty
z_hMQ66;(j!c{37qQ4Q;f8u~bN<2+P(+wAl6sD}N4g|NT{#$Vf`<^}VE<0aG(zlB=u
zi!mRrL7fk~P;-6=!|)brRR>)(i?}}O8`2Y1@$0AxSE4H1k45n^mcYM#1k{rfmrRCM
zs2BR9w$XUh+;6ncPuu7BY<j-Sra?{7O}_r929LplxB!dcN2mrLM@`)wER4ROA50HQ
zp&HTy^<X$^C{s`k+JWl9MN|(Sp$aN+#Wb`!D!m_O#@A6(JKj1IHKmJD+wibS_c@mc
zsNkPbbDim`$ygIh5Rbr)_%>=JPM{nAvhgC<OvSBHLmp|Jf~AOWMs?&n8-IdDh!?-E
zA3Q#eP6EYA7>`<9t5Lh+2<F7UQ3d7v(Hyz8urcw5sF50p8E_tI5iUZNw*^D+Thx^N
zi0b)M)Y=NUK}V?HDMFwmHb#v^IBKp&qbgd274Zz#!3;Oelr_X4;<2a-l2H{;!?L&$
zwU|$#D*gr4bLS^B!eQuB3tu3hq3(}ma2%GybyyltSRZ12;ze(n&u?$k$jnAnybYV+
z8B{s>e>Q8O2`XP3)S8JwHF(0$jK7Y^#U!Z5hirzMsG)cLVqOSAEuIRfA%7XwlVPY6
zE(JC8U!r<?(Z=tgMl|?W^L}a6i1fgU81pORpM$^x5>&t%R7*cY_28<F2j4bBTGiSM
z+wt6omGCRffq$aP$#BP51T~ViPz`<sHA17%joW<$^uk%|JyZjNe=`MFMeW~yr~*c#
zM(Q2Zl%=88&RKNhGt^WRyKC|_M~y&#)X0rOoeT4^0{S)+s7&A-s^Tp7Oi!zzn|M#G
zg2Pcmwg$`N2~@>TPz`kdZpvwfS~GE|#X1*j<6*3du0Krv>PQEC&PxQeTD_>2F2RPF
zhSl(QR8LF&X$o$ODrhLyz@?Z6kD+>g4OLF2`{r|A9F^YB`X*{hR$xW#|APeTk?<#K
zh^ss>KOQ@xre+Lk$QPn2+=g}VC)7x|ADUg!0o9NRm=70XTik?ND-W;*HhW~IVmub3
zerGuWRj}K70o9PdP(3N|*bG@s)Dhbab73NCPRC;{T#oA5x2P$3ikhOZzs%G$$Lz%8
zu>ih-zWfB{6Hv=Hq8joAst1=bH$FgB9Q?#=pYoW6cvCEd?NJ3rVnKYvrY}G>bPH;V
z_o7DZXDp1NPZ@u`Q2nXN*b$YnAF9F$sBQHg2H_S|4|k%b;u>mh^FK51*GDbl4(P^s
zRQa<o0M}y}ZorIq_!;9LOyD>P8iDgR!*8e;a{O(kA_TRnt6)*=j@mUz_W4TGdGQ%)
zv0g_tJjikR%gv8DiC4s8*bvq5zCHqK(Hoc-7o&!BGpeG)sETi42F&Gh`Fj+KYH(Fl
z2U?;E?u;6NI8+BxPz{@pnzCJ}DL8;C-*=aQUdR>T^6&53ScG^uy75iaYG00O*eT44
zcQG42#kv?AXew%fYDhF{O-x30@Lg0npQGmf0aB08$&<n5|Jhv)wOV6P70pBq@p{xE
zJ%f7jHyh8E(c~+Ip`<sp_CQTR4C?(Es1f`WH4;})<z(TXLH)n~OB2vh*c8?CA*i{T
zh#Hx77=lMpi|#UNX!B%t`4>?>)YKF~&3SQbkJYdZjzUe*9@LP3joMW|V}2ijX9U#a
zeEjz+v<9l9PQEr+9fzYvW}Wp2>L|X8`uK!part*e2UG)-Q01*bos@e}72id5G*__6
z*ARU=+v5nR;-#pJTTpX%9QDF2%#5K~&0L0|)<8qlh_yvEI1;tp=Anjq6RMn3sB-V1
z&XpY5%#@YR=JJ{CK!WC|FKTGUq88CyR1dbIPOfXHg6>&EvYU~qhN`$bYMaHO4xTr$
zCeB2azZcb^pKLsD4xbsy202WN2BBI!8g<ajLv6FqP>bmV)<-9&S(FVhBhjv?)!iE#
z;7rtehfq^=5j8?tbD0h`LXCK=kASw%SX9flqo(AVP0thJ@_!9Gq6(OZS`(kx^joOi
zQ6{(PVH4CMj7078B-98jMK$m^s)0dy%%b$QB%mShYz;^C(2E-CjaVCxphh4tugm|j
zsgBxagHTg78Qr)J{XIwJzlb`zvxS;n6pEUvvgp?SZ%#lJ3`A|Wg{alL3$@D6*z^qf
zT>fuEdDKX}gtc%SYHri8C0;;{WbyoFDm$U_dr%FTkIKIsi|G5mpMZw^3aZ5+1xx`=
zaTf6*sI~AHszId+y8Peu7g5`7A!?BxMiu-QYTp+xWESUO)GnEZI#<@&_+hF2f0KYJ
z&REzKR1>vmB2Z`cEYwghLe1$e)YRNSjZ~&0X6TEfhPDN&Vf|2RWhScUdr%EIggQ@d
zpidQN4KoGSM=g%t*c?+(6@Q010Ux3o6kOD-nY^fTp)6`&S4FLbHmC{)p&B#=-M9+1
z*7n=<Gez0|D)63t@C3D*a~3nJwJhqaeic>lD0Jf@)GFVJI{Ob{F1(D|zIRb;AlPk&
zyf&(%y-*E$3-$3@?)I4;d`LoD61JiWc!FwaXmL|vIaI^iqfWMP)SOR34e2MS3cf>4
zU0?}QQ8m<5bwD*R8dc6HRQYp!1oSakje+<+w#E;!F5a_NDCzS5#bF?7DpsOCtEs3S
z9Y;0%XH*3lO1b<aRRpzW8l%pEC{%+Nqkd`mKCywzsEk3SO@TGgO}rCokqt#{&q=5k
zH(-7I4mH;~%b3+)6V>BBs3{wP{%vjJyHF!{0V&7lWH0M-`jJo@H3f4}Lvt2`@mJJ{
zJVfo|Cgn^8@u>Yj1GPx^qPE|U)@<cX#Wk=g>Ag@5Ux3=~yRnk?|7`*q>cSOF0o_n7
z9*KQ$8MeZQsD?GJXh!5kRDm(5DM&#L?FQ81J7k~#iCUy#mCV%CMD3Q2=%#*WAOX$g
zc+`-sL=E{KRL1kD3Vyfo?3K;OqZDec>!Xg`mr(gV*aAnR7UgbKgMP(07eCdjm=kwm
zRrY^39_%8(8RUdiGmEHFb(ix8>8(*MZ&1Vb7}dZS)Cf&QjlgEq(4Rr=j%PMrx~7SD
z#5$xWVk2CKI%j^Y$^LIjpm;4am*Los_<U4`OQ?bi)iysknxR&CC#wh5pf^z!FSG8q
z{$ii!sbk8iiQ0yJP)GWZI_!T{kV1lbv>i2M7f}Ugt7}ID^}ID|Du&qj1k^#Y4&As7
z_5Nwp`x)yQOQWW!HEIp@LG6-QpAAe!ZNK%X9)63e=vP$FGS@eYs|u=uj;QpJs5xJO
z+8t@Af^VWu&dd$W_AH5R;%!k=I@s!alYmz3T+}a;k5G&1OVqx;h&pNm8k(Mjphm1Z
zs)Amq#hQeAe+KG+dJi>XAEO)3qSne^sD_tp<llxqrvm|hPcV@OD{MSZV^eVh)KIoZ
z4P7*<!J|<Pc?UIeyHO+X6Y8WZ)Wj^h&RC!LTc};I8`bbzetmpCo4TAXB$U8Tn274p
zZd8lUqACbzX3q9XsKwI<Rp2<(XLbYX9Jz!#;qo^(>1|QvjYL&E7j<B5#(dQ8oFt$E
zZz%!uv@j=B1*}KB52}DUs1ewJ8rsjT*HI%8+|tZ_HPrJis0MmbBeon>&!?#EcpZJ}
zS&>%e#Wtvn9#jj*p$cA&+3_&ycmMZT8?U1lTjAEm2B@L#gPMvI48VP;5k7$0E&1D+
z@=CQ~|Es_nBxtCc*aw494e;9Z1*nGX#-4Z`)qqBA&4H4Ls&EskqRXf$sn*W?5*mmq
ze;%s7U8qHVu$|BJ_y-blk?;()Pjj|6LtPS;u?}hxc18_t9A?54)SNCtjodctNt^x~
zwk17V2lFxOjtz+SM|EJ4kASwzG1OFCLA5+vNApvw3F=2@J5<ZPsB>WqYFjQsHEbQa
z@gS<fw@`~Ppp*H5Qv>z2Y+#MY#>9QA2xzFUpcYxi7fb<e)R5If9T)>p1q?$i!Vgdl
z`3zOz8Pwwa&Bil#HVr6d?PB$zKEIogk@Gnh320F~Mird7i<#3xs0w?bUYKUxiCSd0
zQ2V^pi)M&>V=v+>uq!^qR@m_+^EI4>8j+LO83Vg&1lfOG2?UW4j+(<EsMS6Zbpp;q
z4gGdhgZ87=$Ya#h<>+P_?nX7Vri~9om6wdlKL?e64JzL!SXTT01_3RmoZZcDynLwD
z-UGE3UPqmf8&FgAEvhFEQ2V)T4-<b8^AaC}`aLlZwJTClBYX|p<6YF6Y1otfuQ}^W
zK&v<rRlp3)iSMBfpj4cLzhD>i^)er!Z%`xh)W&P{Hfvx2YAS}K-v7p?2lX-ML^0Ib
zY0`)NuRw1S)Z;`{3m0Mzyn<@rT~xz@UN);d4A&5Eg6he2^e^7NcJZQyydLU#C)Bo$
z#o{;{`(SEc_P>TIdq1<vE21iFjvBh&*a#<MFn(#DAGh8_z5h41z_3@$R1H8)(L~e<
znT9p+6snvoubQ9xd3^-5eF~s5RztPC3u^I2pyqrcYB8-xjo1NHPkyil_BTB&joP*y
zP-`O*HMNVeIi{gH_z1Noe7OdgxeUW4By_|Cyoq<PPq=AF`+?@f8j9UXe-HIT<e^P3
z6JZ+O4|QNApw`e5R7XBUHRzc25wfU#PKij<^7g205r-Oqr5J%9p$Z7~n9pl{)X=_$
z`lYlIwXJqwX8anpYraK|RHi{@1l*`?+z7Rn+TkAU|5pfTZi+>@oDSF(HDpUs4cd+~
z@g}Ok5rbX+|Gv;1?4opRi1ngf&N%d<&h`h`4J!|EIWOT@)D)k@aJ+|wsNd-xV+x4J
zNa7!$R%@<U)6?3hhImkOI~P^Zrx@nqKf1w6_-LqUSebZ}Z?tt4YIl5%ZoGl|*aao9
z|21?4323e=qPAf}%!1*liegZ^VG3&KcVZp<88u=hUNZ;SP}E3zQHy#lYK`o+{)+X9
z7fv+!dL**{l`zRBe1SEI|A`vv@=0c~wL~2>3sDU^f?B=5pgvBItU0}=how=wrVVQC
zM57u$9d)kkLe=}V*Jt*3resq=OH{=pkWqE!pep=(m^ny_4mXRg32HU>!j?D&o8Ugw
zHVqtM8s<hdpblzrzKmMj15t}{n2&&ZFb*|G3sFOzirPlkQ2RC4NHeEpQB&0gb7Oz>
z?{gbpjGEhxs1e$YLHIRlO?`)2tdG%)zB;4K>ihtElJFFJVE5Ne1?#ah@m;7n&o<gL
zuq8Gi?nSNkO{kOdI(EepZ<wh}M&(<FP4OD)V^-=-e?xpuM*`~kMAXo|i<+z5SPAc-
z7F7|ZN<-WQd*ck$*?t2x0-48{si}rZ#M`45^DfjBTt$sY=CNi3^I{wA|560>(TPDV
zijPr??GDz(Qsd0f_rnUrC!l(|3DvM)?DJyd&GWXX9wuUWd<WH$y{HcShT0WXCy-D3
z{}lqQZ~{)lgE$_0zGa5)ENWMTzHR<tu|0Z-&q94(@1veqooFhIKuzUzY>wBkEtZ*N
z{(=*SYWPm{DR7&B=Dhf1b7Bog#Sf!~w)hm66OSEGbGXC$7+)mbV5(UgQ&9)i7pV8|
z;$mz&&FrG9sIO$ebTiVer?dY%lHemjb95NBSni-QR+wRidMFMcz8+g*)|n=~3u;KG
zp?Z86b<~!a<#Gn27uA6as42}f+e~Rg)GkPx&Eipkn@CW`-%)d1WDbjm{ofW<!O#>l
zrypV<@sk*Ur!gO%#T2}Yr|_-0W+eK}GrMCdssVdY9lVb-vAS=*`PZ#IsG-fgz|2`&
z>tt+0`e9T9b1yUnHAJ0o38-@-1=W$=s6`w2jyVS!T03C^>95%MQPer&yJQpYSe-@Y
z#SqL*h7y<uYopHe_SSIJfie>F;xbf$si>1~FX|vVj6rzb#;>Ewy^q2A{%2WihBz<k
zAnAq!aWZN|enD-^N=wX~4?_LT<vrB4`T_M-%(2u=MIF?6@&f88AB=7shuZ(|p|<B{
ztf&2dnm}<9axF98{Tir@ol!mNizP7zRnbh;!IFk<ynw~<8S1xS(dA~FH9|FHGHOaz
zp~^XrS_94s4lL?-8WPZubjM5>g+(zAGvIWrigQps`T}*ZoJTc0(@HZE<xq>P2iCzU
zsQ31u8gdu4hO)hDp4Ud7zVopJ^iygW>Tf<XQLBC_YCD}r6<p;#b3{j=MraJ`0Gf_&
z{1P=XH&7L3Uu7Cx&e{TX-t@!jICB;IUvs{P1P#ptRL={qHU%|6^>hGc#3`sA&%(mE
z1@+B1iduv}+qkpFbSMmURM$aGO_EKYjcVZfH9oVt_uB{GqgM4j)V|KY*7U3jY6QBV
zdOQJjPV7Q0!kefy5c<B!R~t1#L(q-Gu_rFXSMd(E!_K~SrlJL?#kCPt&?!_4?<3p9
z30ZGOs0gaUW~eiNC~72DqVn%Tot$S-M{(f~%oKD$J&!~;`cPBuTVWq;M;$2Nq6&V1
znyZQ*nhIY<Evl)gBl`>VZ@Ud<o7O>%+%VK{%Eg!!H=w3$J8Es5Lw)^R8~ye8oT>z>
zkr07e19MSx`Uz@Ize6pSTc`qxY%&dOfuY2Qq1MPW)V|(^djA4y^*=_f`U;!PcJ79n
zx(Lj!{Xc_%hJ1<jQ`B6aM>mFiWO`NuRZ%b0q8*ERFAdeh)2I$SLRAp9#XN6^8qvY1
z5nO^g4^Cn!>UXlHnif_=jYJ<*MN?1(Z$<U=6l#cnK{tkMHSg6xHKZ@<`Rk}5USXdf
zwa*`*z7_dDHs!ZOpSIgj0-F12sDd`3hVmQheau2UY@0bB%A)4BHtL*cj+&}5sJWkq
zdVejdLq}0P{~I+Gb<$k^|Kqd%Y3%=IB<v(XtMv)`7u_eOg|DK9YLfMH)X+afO;MHY
zW{x9Ji!lWwaVM%n?j2^$v_$2PMm2C5YKk`RVE<<(aE^r5cop4Pey7>L9Z=h=7y1tn
zR8ME4@~yG)1E_6!9yJ9wP>VI&r{=vHsF8jVn`1nxBOmz)v><Q;^^2s!F7vq@gj&V%
zs6{mmwI(*BKF4QK4Y`f#dEjT}V5*2}Xe4T=$Dz)P4^WHnj5XVCGey2;1l02=)KR$s
z)q`8soS&Np)<R9ua16pVs71C3^}FB#YRLaY^{l`i)8o#lkr;{^`V`bbv>I6xKId}+
z>e&NyWAQJ{UpQKzhHN(G!_BCQ4xmQl5~`xWy=HgR$M(d#U=Dl-mH&Ozs{b4{!oQ$8
zT5g|4hW+R92l%{V2OjK3^(=V5`2|xCixY2;Dli5$l;cr7OT(sk0rg(kmu44rM0G3%
z8{j-t#m7)1mHhxCP5n+a0-B>9sGf~OZJ#x$0*|1!(O;+$sq~d;P)F1p4@J%Sd{jAG
ztv{f4Q;vgXmo!H;=rwGKi_zDZz$F4|S=b>nR4=2B&bP5GZbQBJ4At{;hs{s2e%Oro
zeAFU5jmq~oYQLBN+KkWuR5@>B8$60S(nF81|5aeyBc?^KqqfIx)FN~pHT$*<Y9#t%
zE1YcOM^SV81T{kCzA-)SgBtQ_sF6H?D)%;O%BmeR9qD<@XIA$V5;Ouwur3B4H~)g!
z0=3N+p{8aNCgDj;#<nM1&LG@{nu<~<O@%L@M$n5|8>>)La}BkNLcTQzP%|F^CB&c(
znnkGJc-v6FdXJ$B3jWT_c>~nQ^h5P{EUJN9(BD(kTDXncHQ7#?^pY4#yn}TBYAyMO
z*$neAI|-j+F+7At@D^&dW<G5iPytm?Csc(4QAg=yRKvHT-am@k@3&DMan6{AH$eUH
z=#N>n|3?tekdH$x#vQ00Kg66^?t3$5^-x3nDrzbwVgP=C8rqGR3C~%tpc?)YYTsu&
zYyRri4wb(XR?z+*Nk9d!!WMW0)qq^*%&KmN>gizAP|rm5V3m#ULaqK2sE#~FHL%8c
zldmUgsN+$)Vg_o;_hUxt=l>eT%;jU$&{n))K0eJ+2Ty0zkS3sdJPTDp3TDGJ)OOm3
zYUq7bMPV1sZs?Ah%897$xeE3CDEjmu<0W%smOu@8b=3B0j+)!is0!DjdU6=ucnj6z
ztd|*L7yl(xtWDhagX!VNs6~AZwKkk9rlEyU<#oEk{@1=vAVDo(hFZ1zF+ZNiJopD{
zp9ftvEw5#bLG6ZjQB!gNRpDi9ice7cz0ox@!UIu5pMo0cFRuB_$#jMU4XyjS`72jR
z%uKu-=EiEc3|nF}Ua`+R{b(B29kuPopc=3Y-M9nQuyd#e{b8+j!!*R}vw`<eLw>@V
z{iaz|?XVu{38;eCp?~q9rs5CO;>+`sInf%TMk*dPl8aH#x1e^zS=3s2ib3eBddn=b
zdZ@+pGHOjkp{8bnjc-9!{0*w$XQ(L){n;$eMyQ_lL%pAjn&UaB5!{Aq@Ill^=_YbM
z@W21^iz%ows-@jgC);Q&gd0$6;44(Y=TRf_2(@i%{A%9oi<;~4s0!AhM(jLl_dG-`
z&H}g1RCUHi+W)ZxI_d>fg@0lO%yq}S5Nhp+n&Yvkky&m%f*SI_P!*Q_%^Wx_QRzPG
z2iTJMY1BDW_%02ge&<yJ`l>C)Hh39z(3HJrwqGOEQ5uDfa3t!a+=e<@|FBm1-Q*jL
znu<~A#uRLiTT%P}88*jqf3W{mzz_l&vQ?-ap2p(%Cu&IZ|7p@2V=dx+F$>N@ZPP`l
zwXp@&;~($^%zocg*cUYgZ=o8#8Z~uS@3a5aqHGV$kk&y>MI>r1Y{q7I23upnho)!!
zQByDi)sQvl#?7dP9LJ{UJTeDVGgL=M;CS4ETAXzrv;Q@uFF!W_(y;)Q@h4PIOa5iH
zOK;TFOhJDIsO{uDF+C}X+6|phBbbEBHygFBKS%#hIMm-0Dm^vj*7Xrk1ENtU*&0;O
z58DjCqh2ii%q*&&*o62T%!S8MQ*Z?}q>oWYa>>6<yf3~)d;+$|Q>d?>o8wN~()R*^
ztON$2&i+`;griZ5Xgq4)E<vq@ov2;%18Rhxpysx^%cQ@A{&G;eVKizjEkv#U9jN@z
zkZ+66DH;&qpUd`GkO#w2LpU3CMsGqjU_WZ{TthdO2sH1tMCE@Cv*S$EnpleJ`C3%N
zAE9<tu?zwJsj7wk|Nehp0vftx)FNAkT9nsN2ThKQ0sb}77BwPcQ3WnS4dLggDL9Gh
zz|R<f88aD!P(z;;bpZ81P5D%8=_BwJ0kte!W;0a9Q3bU`_52l7#iLOTn}=GYyHQi{
z2(=ii1o?;5c?q?KMx*ktLQTa{)FQown!=DQ0gg`zl?Z6HcEff!4%NfMsGsL|QTa*-
zn}R!`wx1XMpI_7uiUU|3pW!Q5Eo*>(`_4d()HkRpx`G|>x2yr?``<8|>3KA&!l~%*
zA!;>0LiMzIc9U-qY8OmG?ehcJ5Hsg6L)#K{qK-i|bU$i}f5(@xNKTV~cut=g>QoYx
z;RtHK-bWn})pMEj9;n6lCaU01QB&dyF^ja2wHj(F+MpYwQHyg5YSq7w`g(q4pI`D3
zP(e=a0RQ*6AZ8|70t2xEYM)m@EzYK>hQ5WG<BjOTqujb?u<}M{ph8|QgL-(Gv?I#I
zHJ<eO$j8$uO}f^f^EdY=%FOj9iGgIgrrNo(Wuy@}p65k)#=!Wm9R}w(>3=Cd@lM=_
zx%E5Z4!5o)JTJ-f%v9KucZXv;oK4zG8K}RM3MC`Iz?@;&fEQX2)-{ey-HCHtJ89%g
z!8XL3k$#d}*CuXFSz#KwRta2<c(xLk@J{;m9clfD<fjZbW$fVDhwA@wBB8vz4t1@x
z1@9(f7j9io4gdUEnmp}!_U%6@j2z)}w!)um89Hif*mBde79-Ct-mOZVCw;bpB4jGd
zgFGba`hoQ9q<ug^gKeShiN8wtdraZh7Sr{_KJSSANx#B7VcfL{>x!qW>OAX=2W*<s
z`BXT*F=X6NB0uMxZ^*PA3zL?9Eh9dW^aO5Q-Jg4=csJg?Ytx#NH^$~0U@IC+yerTD
z<X*+|U$7zf8Pea<{Ofv3f{xIsI0yG}pC+7@(b$h)keS~U&IhE=q~KWY>4aagm3&X0
zU4&Cf<IC)v<JPs*x`XE@xW|y@)dQ{~#D@k_Kl(3yW<Ru%pD8SwN;xl_U8HY9UHmNY
zU(w{-Xe*B(+=%pp#6xIsjLp-GcXAOPo?ZcO4kE1w_e9cq^UUWXP~R3*fd^wr{2aZc
z7sTz{y4rGIBj2A`hCG$1s0}9ZJQ&Y&>uO58o-MBwX_JX_dOL4%pRwu6mqhv9(Ler;
zc=!bmC)o^_c=09foW#FUZmxXx8Gk?d=PFFvA>LijU62Bg5dYieOV3n-Kr+wU@_ZWM
z`I5M<{d|8+$o{#S2RhepkSRAktcSV=TRZVQp1Ufyo9BEM{MTas<Rj`oA?wn>k~HEg
z;t#p`*7&ctZNnN6Z*0^2zyD|OLPaXbM1i`B^YEA|v~j+!PA%di$@ew4|G4(&H2<3s
z87cTE>F<;066w_mmm{3U-G+C+C4Q0cc>7K|2T1=$^Ix7@S2*__UZ_C)CgFXAYmn)>
z9&#-qy*ECi!lm{d{jkt=i@YAaOa4LJy7aTIhwb%bYj68r3-ao>fsZezvw*~dc$ydW
znbozH_!`n*=I+YNBTcgN3l`$;L*8)GkCRW|_8&0)Dr-kB(At-0`rcQyjY!WIl#%(*
z$ipf2!9d$`Wthj^)20uyt<GT`&a)1@_aXT|A#D=j?@0?Le<<<(gmuLe|C0C{ww!k4
z|B3K)oXXuq`@g;|beT26y!+3ewJBWJD?Gnq3tDCK?zSGHuruVT&hwGn2S|U}{}v08
z_!I7yl=BkzcjPUM)yb1d=l>7__sRT=t!My-k?tXV19t*pT^$YnKa22Z7=<q7F2r4&
zyBzP`B7Y6;!-P}tP10wR_nqh7{e)+!q<_Ti-+x<e1^sxS>w=9d+?Mbxn?8W>P8;q(
z*hK}?a4n`^cPUg?HS+Z(ybE7{?zx_guz3jjoG3EPqmbeFvCUY_X87#ij7~Do{vyvI
zY)*O{HY9$LJN?RM-*3zFQQV2d6Dj*6n};7u|6G@N=KtUSNKbi}zzQ-9wFzDdNF%Iw
zj_}7Dyl|VeDDE|+HN~QKg_k4Tl;<B)*$TpCxhoQ$%6q-=Gpxwnko246Ys~xkc{i8F
z|5fh2JkYg=`z<o)H{MJo*y{)DtK@r3xGsflCZDcxRFHm6BG8)nyF9<ot*e49`v?4k
z`&Hh1-8?e$|2m1E@zRgBK>N%oWDB@t%}$FK5N=PtX}l9f#t(RJG2wIEx|VZy<G%1;
zW$9TKy|4V-wJ68Kzdtyg$vBahr`t-DF#{RH6yQ3~vjV)JYcTQ;S58J-_+*UauEgEa
zrYYZ-yz?jJWg?u1{DHP{UC8sRGH`uQ`UCa<eG_+nB-3(U`jkw$Xh3c<TqkX}ZCFF%
zpO9C7!wDsvejT=jA0i?0x%3#y2_mgC&sTGY5HDf#9w)se;k-Wn(BE7JaQ7mEi^`@D
z{*d&`#Pi$AACY#J!VlR3h&mZ;I4kLYlW#ilh1|aq-e4Q@6=i%%+69|e@8uz_2hUp)
z_V54GJRCtnW8@z;o!Z<l*cTcQuB+!{9zwVqFLxsT6P4t_J;Zh0Bkto)zp~hL{cY#`
zbLpLJIF+(a>-*oEg!d_^7xy$?ibP#A@D?89xf`?D^fg%179PelttYI%Ru?0ztA@e<
zXEFXP%JbOg(n|Aw4&swYufg9x{Z}7bApbn$Ot6`UlJS&HPbRG(6~y32q(#!G0r;cM
z`!nG}wgF1w-=CZ>xC;}06>C#g`n8UCSCBu7^zStP!8}>QotL|x&A5Yyy51o3Q8I7E
z7Q_$WoaYMrl(b)ox8hc^`tuF%o+96igmqOWeA2$tfwG42d=cqibNl;$l|U6T>H66E
z7U5&I5&j4K5o!x*M|eH=2gHA+z?1f!B;r#D$MdX{()AAaKEmU8Hi~cu)W0><qwLJ-
zzyAx7;UbCr6OD77u&!!k7)kgnFX;Lc2XXf&eFDbfDbo2@*MF|ggf8*yljqW=Q$}gh
zKPNr?DnMF2BCql9kN*F)>iPEJDICSi`Dn--GF`<o%<F8@m+`{ac$Tyexw{aaNLm~2
zh2)JU&OaGBnQ$!kY{JVhH_s;72K`1}T~B$|pL>M1%zGrfMyAZTT~E0l5KrQzI)pP5
z*43KA{FCgD@$;PYm$;X6C)l*+g#RGyvK98j64asVBf<|<2G_UbYfifF9Rkm|Lx_a%
z;C);~rUdQ-#FKfcJ9ozCR(DnMALH3Oq!;4W^}DU)HQrln!%FW;xFl}j9bJ{kpGsN~
zcPpL$Icxzhl2D%TelnG!vL?i9+ScmDrQ9EomVSN9vobcGi|`okI#klkmUr0tjeX%$
z;w@}>n+ON+?r-}2_bxAWC1DNsw<NxepWD{n;)Ss`T;9H{^0pB^OZqJCmE^xeybkw6
zo(&^yz0EtuHt;Xf`{+fkEacafk50BvKQc$#O7x%<cP`>xczK=8>>+Kn9&#NdjsJ+i
z`OZZ3zeVA{BB=Bt_fp>Lh$TsnwGG&-JhqM-_B}6YzFB0fXcL-ZSMI-gke$q<xWC|j
zM4mL#hM=xt6k3<`z1$(BuOsbud;uSl_WZSt^rzf;Y~mQgx_aWW0RC%0qY2C<p<;UB
zSc0^V{n_|<P+)z+FOojNzN|+R31{V55a}-yK26$j;-A_c&vm7I)H9!Nj*aRS4_U*B
zf6aZFa1L%=?-6fli_S_~F5*wI7HPk6FS5^+_snzsTSz+psS^LROn<m<@Lq^5Q+c21
z`*!NNmz9|JxdO8BO#dJ6)aS+5xaab6d0fc7g}if7*Js?NcyBY$3-V3@-qBUZK36o%
zhBpu%PQJqA+oSVsJ%I`KVImLnlKU|k_L2UCLKkyiA>BoquD8kC3}5H@KAZLx;ogL+
z*oxQj&Rz0V!FuTC)-@AHkfy7V-lcwLH7{SlL=u8|xW{JRPkI&Z7rA?o-iq{_gbR{y
z6yZlUUuIirfSys#W}8mXsiaD{ULmcdO+RQG(2e}QDrC6AgWY86%l(A=J)41`Q=Gzs
zx%ZGSf_xiE8^`@ScV!CDHP}}27V+Z5Tk!sE{}c1aM$#XX_One(ApE<j!{@|3m$4%m
zdr?VM)b%B{BIEluK9!38Aijk>x4BD`9%P>>|5~1}Bs~saA-ytgCx1yhLR-o6GtYJ1
z=h@pj-_8-aK;jozj*MlnF)!<<$9C@Y>ub|u=b=s8YYTeAW(eSUd0SBy(thIJLf+Cg
zZ6MG4a~G%Vi`->-URCoSK}1)qt)Lk3cX)9LHpA7VuOK|0`#AR^Dy~eSZxGfsl6YSm
zHYrqM%Sw;C$R9=8Hk<G=<*wxRMf2hg0;RZ<cvuZzAniK}{hJp`a9<_9^|=C5cvh49
zO<U<P-uZ=ll`VWN=`#oy!OwWFjD5Ez@ppKy9eH)#31s~j<Kaf`Ox)qzb!?$U$uOGx
z1exFCzHQU>Vs7I3h<71;2JdnI!9ANhzz%mJ740NGl{~4Gt1FrJYTNK-o(<Ce%S&J;
ziTQcB*W~m6nS+9kl2(BGEGh4zu6Xih<NloY^v@Hze#Xt*%}w;5Kg*G}oA-{`l-4wA
zK53JQf37smzpl&NMW}EAnNJXYiMuVC1Bh=XoPn2g&BPg0{v!8z;#+xMpS0zAPJTCb
z$7|e0xwDfzkUX2X8}m*mX}U6!uMcUyZ6tm~!VrJ5`J(`t?(y(Tyn)YOy@;%_g^a^_
z-1#XZ&F1UD^Rj9T*Kef#z%yMX=v-wRuEaafNGq%PKSJUaUigO0*Lm<U24g$YcXGeS
zvlGO(*g}h1y`)7`NQ|vmmFPNX@c%iKJa5~01IoI}J(qi+O<SPxe@v!bByPhd6!seq
z<bIudCmG+R!U;SdPrM)Ms%voW+4w4+RU=%P^r7U>VAI>+P0DO-<9aQQyx((QCH+kw
z4+42%Cy|bXSCC-}@$B3i$uyd~5BEHtZ{WU3_$YTc&$AF8O#XY^KN8oK!W~38O^81r
zUj>H!KH-Y^0_mH$Bgr!l4|AulKfUV=;f32I>gs85Hjt*PFX=_8F#XC)`Uwh-vlY+5
z7i``?tgqS3lX-TZ_g^Nx6XD-&Ig0}MH@mT9n$LsgJjh8ab#=1^DEuSgFYz1&JRr|3
z!mB7C59xp5EYj|h<_=8F5j#ASuT{6^?s7>UuX|*Ca-utac$_;TJRy8wbZoRY+LKg1
z*m1kv<w{4EcbkmSQE~40xY&{Z^&mVh(%m{XDtu^o?7wf=1a~=4Ttwo?1n+;p*m^{C
zQp)ngpp@B(b$wmcj{ha2|Jnaf8%@UlOB?k-ZS-e|^b875j`cp*1y5Y+p~UVPa@+bn
zk?zQFZ+Ng%Iw>V?M}b16lic=6bbOq9cyw&6d!WaioaBj2DLDN5JpaBmC_b@)yF}@v
z5~;U_hh|7EI6AP9&y(nJM<==C;@wfn;fdjKUXRD^9USiE4-aFV80k(*PDqGP^d|XJ
z5<Raady>2~At`#4r%Eux&((gA|6z=0q&vzJ=Sd9rswI)}9u@4Rgop@_C$f?|A=VR~
zM6rWC5ixor*xlIweq?+^@=#Bl*Sr@$$jr9Cc5l2pi6#wKlT>ArJDe7W$HvAF_e7?K
z%pVz4ZfN{4wV8606B8-LG+W~t9hc-uG+l|0^Q8Q=v~cRAWiJJ$Y+o4`=yqOAsXiez
z_4dlJvU#HX)%zRk8Ij<Lpo6JF2loXP8meMSl&(^{T2cv(Q~1z<(NW3q$w|Q}UmZV_
zy7R=AfPx;c{{>U+@M!N~cekpY8@Nj+r4IQnIiN<YXIQw`G|-!voWwdCL{FmP!oA6f
zbjSa~u<+RENcW2!oBL-r<-+Ndu+qtu2S$4-#m%r*a<^|qu#!6>(L-U8sr}BB&yc$Q
z{N=#Z!<Ub{D(THcPei<?i_OB|hwC+l%@fB1Z(_7(Sae*J(vnhVUuh7SGd4Or$<0!W
zj$<dq$EEDKKD~ew9cLO65kK_#j;A*MakwiiK0z7($z!7FW0Si6#<py^D1Nxw;Ej)W
z$HvD+rS|{hlfYWhNlB_ZJkgA@GxWa_+^kFYe-;;<8v5{9U{f>f|Ewc3HSCms$_jS=
z^S%F?qH}-wQae96m?4wflb9Hvn3mh+dhAN89_U(-JHkH~%#A139UeJ^d0|bn*xK~y
z)X5#0%zVYW|DBcSxIyv3&j0dC=hi)2cTIn1V7Qq_y|LiSP*;sMo)MmiWEOyDgx8Z8
z7ar?QNQ{q43?CZoB*%phjP=*VtVaHi3`|^7LOe@YYbouQP}in_ED_NOgFT7F7o-$$
zy->*WKUPxu8cI7;z%?tMJwLsBS8*srvn8YB!rdO$o_o;VZHYtou8xXNeD0v}AEKVP
z$Z%GvmZ&F@iTkhT@ezanpJ%E6<rp2PydB8v3tp}2>Y09k{>Rh*DBB#4|GzEu=l*}R
zRL|8?TWWYFI+Yk%K5czfSGkOND%<uk=;<fv0{&Ze1xp7z=`D}rAoFiNwgLkl?)9?n
zhV5NNIcY~~xoWxc{#%B|(j2U5k7~PaW=L~2bj5}FT6AmOm6g%Ffx8uZlARWp#2l#H
zDE~<t?VkjH(J>sb<QW{E=uYzP-4<z{M0(=v0XxtWwRcrwWH?Xb6JtFwp13ORE<@dM
zBO_uwvHm01KUEYR%?a*~B|Y4i<WAbV+C7lQu{do(G4XNU#Q4})&S=i(n14@QUR5_(
zA@o$u`L}VL*u$b@WB#c;Jkb`G6hGAM<#V%lwKu6su+wE=lDZnl>Qckf-stVhpQT~<
zaQ8qJ7fJuZW4y_p*jUac(_hWdP(Ee;rOET5`mWFuPh7G_JuM~N^*C^W$Kxu)aouLY
zfVW-w(^h+2ovRd1KTQ0s)U<fRBRNdf`?Py0uFAn-I>7k$q@UdkpW8dk;~g0p9pw#9
zE4<8A&XqQBxvNWHnP|q@8$BqRF^Tk;zW-N4{2Or7yRI(-s_xy!K&aE4%?S+eKPP#j
zzx7ekv0f_BQC?X~Yk_yQYfo`=mWL-Mv7#!QNvq`Mz}JbM6vGdiwBl=AKW9j*{ekP(
z3~BM3T{#0<sDy-gjwQ`0i-H{->93IlQ-nKCol-cKbu)PHs-fQSBu9saCx*=zzTnlj
zT?NzTZ*eUQ%*pp9Jn7%#enIJNuFZv<`1Iz+m;*mPeYn!T*yg(G3L6v~9u*ayp3QBd
z|KwTxiR*l>!lo^p`plo&<6lKAiMS|l+OUJJqztwHnX9Dmm^fPaPu!o?6dIRas@r4=
zPP=);<;vLFd;yfvOfvf;I?60^kG7=!rUX0x**1Sm(x*Fk!Nn7<>1q8=y4;xq2YF)C
zhM#pM2BhV>;F=xkd+tp4e*{<q{^>Oz0?lw#Vlux0!iTxdVEL!^e|!)A^Ih{r_>Y&V
zm(@?(HLvD%^=iTDd#-BTV+gSy8A1DzNdHC*^>{gw_~4msy?0d-yKor4fY_dijPd{S
uj(@#=b<Z^*Fqj1wF*thAAW!0gBKKW`3i5vXZx6F#(^qQRsQa$DIsXqs;fKip

diff --git a/po/sv.po b/po/sv.po
index f6a04f7..4c7cb38 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -24,7 +24,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg trunk\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2017-11-02 17:41+0100\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
 "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
@@ -34,58 +34,58 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "misslyckades med att ta kontroll över PIN-inmatningslåset: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "_Avbryt"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_Yes"
 msgstr "_OK"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_No"
 msgstr "_OK"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "PIN-kod:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 #, fuzzy
 #| msgid "|pinentry-label|_Cancel"
 msgid "|pinentry-label|_Save in password manager"
 msgstr "_Avbryt"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "Enter new passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -93,7 +93,7 @@ msgstr "Ange ny lösenfras"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -104,7 +104,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -115,22 +115,9 @@ msgstr ""
 "och specialtecken. Fråga din administratör om mer exakt information hur\n"
 "man anger säkra lösenfraser."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Lösenfrasen är för lång"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Kvalitet:"
 
@@ -140,7 +127,7 @@ msgstr "Kvalitet:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Denna rad indikerar kvaliteten för ovan angiven lösenfras.\n"
@@ -149,7 +136,7 @@ msgstr ""
 "och specialtecken. Fråga din administratör om mer exakt information hur\n"
 "man anger säkra lösenfraser."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -157,90 +144,84 @@ msgstr ""
 "Ange din PIN-kod så att den hemliga nyckeln kan låsas upp för den här "
 "sessionen"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr ""
 "Ange din lösenfras så att den hemliga nyckeln kan låsas upp för denna session"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Lösenfras:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "stämmer inte överens - försök igen"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (försök %d av %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN-koden är för lång"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Lösenfrasen är för lång"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Ogiltiga tecken i PIN-kod"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN-kod för kort"
 
 # MPI står för Multiple Precision Integer (tror jag)
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Felaktig PIN-kod"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Felaktig lösenfras"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "fel när serienumret hämtades från kortet: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Ange denna lösenfras igen"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -251,7 +232,7 @@ msgid ""
 msgstr ""
 "Ange lösenfrasen för att skydda det importerade objektet inom GnuPG-systemet."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
@@ -259,79 +240,68 @@ msgstr ""
 
 # Skyddssammandraget låter underligt
 # Kontrollsumma?
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "ssh-nycklar större än %d bitar stöds inte\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "kan inte skapa \"%s\": %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "kan inte öppna \"%s\": %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "identifierade kort med serienummer: %s\n"
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-#| msgid "error getting default authentication keyID of card: %s\n"
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "fel när nyckel-id för autentisering hämtades från kortet: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "ingen lämplig kortnyckel hittades: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting list of cards: %s\n"
 msgstr "fel vid hämtning av lagrade flaggor: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Ange lösenfrasen för ssh-nyckeln%0A  %c"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -340,93 +310,89 @@ msgstr ""
 "Ange en lösenfras för att skydda den mottagna hemliga nyckeln%%0A   %s%%0Ai  "
 "gpg-agents nyckellager"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "misslyckades med att skapa flöde från uttag: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Mata in kortet med serienummer"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Ta bort det aktuella kortet och mata in det med serienummer"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Admin PIN-kod"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK-kod"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Nollställ kod"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's keypad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0AAnvänd läsarens knappsats för inmatning."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Upprepa denna nollställningskod"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Upprepa denna PUK-kod"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Upprepa denna PIN-kod"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Nollställningskoden repeterades inte korrekt; försök igen"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK-koden repeterades inte korrekt; försök igen"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN-kod repeterades inte korrekt; försök igen"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Ange PIN-koden%s%s%s för att låsa upp kortet"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "fel vid skrivning till %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fel när temporärfil skapades: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "fel vid skrivning till temporärfil: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Ange ny lösenfras"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Ta den här ändå"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Du har inte angivit en lösenfras!%0AEn tom lösenfras tillåts inte."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -435,11 +401,11 @@ msgstr ""
 "Du har inte angivet en lösenfras - det här är oftast en dålig idé!"
 "%0ABekräfta att du inte vill ha något som helst skydd för din nyckel."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Ja, skydd behövs inte"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -447,7 +413,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Namnet måste vara åtminstone 5 tecken långt\n"
 msgstr[1] "Namnet måste vara åtminstone 5 tecken långt\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -465,7 +431,7 @@ msgstr[1] ""
 "Varning:  Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
 "innehålla minst %u tecken eller%%0Aspecialtecken."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase may not "
@@ -475,7 +441,7 @@ msgstr ""
 "Varning:  Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras får "
 "inte vara ett känd ord eller matcha%%0Avissa mönster."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 #, fuzzy
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -488,239 +454,250 @@ msgstr ""
 "Varning:  Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
 "vara minst %u tecken lång."
 
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Ta den här ändå"
+
 # fel kapitalisering i originalet?
-#: agent/genkey.c:513
+#: agent/genkey.c:464
 #, fuzzy, c-format
 #| msgid "Please enter the passphrase to%0Ato protect your new key"
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Ange lösenfrasen för%0Aför att skydda din nya nyckel"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Ange den nya lösenfrasen"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Flaggor användbara för felsökning"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "kör i demonläge (bakgrund)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "kör i serverläge (förgrund)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "run in server mode"
 msgid "run in supervised mode"
 msgstr "kör i serverläge"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "frigör inte från konsollen"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh-liknande kommandoutdata"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh-liknande kommandoutdata"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FIL|läs inställningar från FIL"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Flaggor som kontrollerar diagnosutdata"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "utförlig"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "var något tystare"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FIL|skriv serverlägesloggar till FIL"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Flaggor som kontrollerar konfigurationen"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "använd inte SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PRG|använd PRG som SCdaemon-programmet"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PRG|använd PRG som SCdaemon-programmet"
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ignorera begäran om att ändra TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ignorera begäran om att ändra X-display"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "enable ssh-agent emulation"
 msgid "enable ssh support"
 msgstr "aktivera ssh-agent-emulering"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr ""
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Flaggor som kontrollerar säkerheten"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|låt mellanlagrade PIN-koder gå ut efter N sekunder"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|låt mellanlagrade SSH-nycklar gå ut efter N sekunder"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|ställ in maximal livstid för PIN-cache till N sekunder"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|ställ in maximal livstid för SSH-nyckel till N sekunder"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "använd inte mellanlagring av PIN-kod vid signering"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 #| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
 msgstr "tillåt inte återanvändning av gamla lösenfraser"
 
 # Antar att värdet inte ska översättas.
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 #, fuzzy
 #| msgid "allow clients to mark keys as \"trusted\""
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "tillåt klienter att markera nycklar som \"trusted\""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "tillåt förinställning av lösenfras"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Flaggor som tvingar igenom en lösenfraspolicy"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "tillåt inte att gå förbi lösenfraspolicyn"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|ställ in minimal nödvändig längd för nya lösenfraser till N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|kräv minst N icke-alfabetiska tecken för en ny lösenfras"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FIL|kontrollera nya lösenfraser mot mönster i FIL"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|låt mellanlagrad lösenfras gå ut efter N dagar"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "tillåt inte återanvändning av gamla lösenfraser"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Flaggor som kontrollerar säkerheten"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "fånga inte tangentbord och mus"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PRG|använd PRG som PIN-inmatningsprogrammet"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|ställ in maximal livstid för PIN-cache till N sekunder"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "Rapportera fel till <@EMAIL@>.\n"
 "Skicka synpunkter på översättningen till <tp-sv@listor.tp-sv.se>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Användning: gpgconf [flaggor] (-h för hjälp)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -732,151 +709,146 @@ msgstr ""
 "Syntax: gpg-agent [flaggor] [kommando [argument]]\n"
 "Hantering av hemliga nycklar för GnuPG\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "invalid debug-level '%s' given\n"
 msgstr "ogiltig debug-level \"%s\" angiven\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "vald sammandragsalgoritm är ogiltig\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "läser inställningar från \"%s\"\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "VARNING: inställningen \"%s\" är föråldrad\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "kan inte skapa uttag: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 #| msgid "socket name `%s' is too long\n"
 msgid "socket name '%s' is too long\n"
 msgstr "namnet på uttaget \"%s\" är för långt\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "en gpg-agent är redan igång - startar inte en till\n"
 
 # Jag har valt att inte översätta nonce. Nonce är data eller information som endast används en gång
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "fel vid hämtning av nonce för uttaget\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error binding socket to '%s': %s\n"
 msgstr "fel när \"%s\" bands till uttag: %s\n"
 
 # Extension är vad? FIXME
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 #| msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Varning: osäkra rättigheter på %s \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
 msgstr "lyssnar på uttaget \"%s\"\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "%s: kan inte skapa katalog: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 #| msgid "directory `%s' created\n"
 msgid "directory '%s' created\n"
 msgstr "katalogen \"%s\" skapades\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 #| msgid "stat() failed for `%s': %s\n"
 msgid "stat() failed for '%s': %s\n"
 msgstr "stat() misslyckades för \"%s\": %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 #| msgid "can't use `%s' as home directory\n"
 msgid "can't use '%s' as home directory\n"
 msgstr "kan inte använda \"%s\" som hemkatalog\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "fel vid läsning av nonce på fd %d: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "hanteraren 0x%lx för fd %d startad\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "hanteraren 0x%lx för fd %d avslutad\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh-hanteraren 0x%lx för fd %d startad\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh-hanteraren 0x%lx för fd %d avslutad\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 #| msgid "pth_select failed: %s - waiting 1s\n"
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "pth_select misslyckades: %s - väntar 1 s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s stoppad\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "ingen gpg-agent kör i den här sessionen\n"
 
 # Här bruksanvisning för kommandoraden. Resultatet har jag översatt med "inställningar", eftersom flaggorna även kan förekomma i en inställningsfil.
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -885,12 +857,12 @@ msgstr ""
 " "
 
 # KEYGRIP är ett hexadecimalt värde som representerar hashen för den publika nyckeln
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 "Användning: gpg-preset-passphrase [flaggor] NYCKELHASH (-h för hjälp)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -898,8 +870,8 @@ msgstr ""
 "Syntax: gpg-preset-passphrase [flaggor] NYCKELHASH\n"
 "Underhåll av lösenordscache\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -908,8 +880,8 @@ msgstr ""
 " "
 
 # Här bruksanvisning för kommandoraden. Resultatet har jag översatt med "inställningar", eftersom flaggorna även kan förekomma i en inställningsfil.
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -919,11 +891,11 @@ msgstr ""
 "Flaggor:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Användning: gpg-protect-tool [flaggor] (-h för hjälp)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -931,22 +903,22 @@ msgstr ""
 "Syntax: gpg-protect-tool [flaggor] [argument]\n"
 "Underhållsverktyg för hemliga nycklar\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Ange lösenfrasen för att avskydda PKCS#12-objektet."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Ange lösenfrasen för att skydda det nya PKCS#12-objektet."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Ange lösenfrasen för att skydda det importerade objektet inom GnuPG-systemet."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -954,60 +926,59 @@ msgstr ""
 "Ange lösenfrasen eller PIN-koden som\n"
 "behövs för att färdigställa denna åtgärd."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "avbruten\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "fel vid fråga efter lösenfrasen: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 #| msgid "error opening `%s': %s\n"
 msgid "error opening '%s': %s\n"
 msgstr "fel vid öppnandet av \"%s\": %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 #| msgid "file `%s', line %d: %s\n"
 msgid "file '%s', line %d: %s\n"
 msgstr "fil \"%s\", rad %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 #| msgid "statement \"%s\" ignored in `%s', line %d\n"
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "uttrycket \"%s\" ignorerat i \"%s\", rad %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 #| msgid "system trustlist `%s' not available\n"
 msgid "system trustlist '%s' not available\n"
 msgstr "systemets tillitslista \"%s\" är inte tillgänglig\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 #| msgid "bad fingerprint in `%s', line %d\n"
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "felaktigt fingeravtryck i \"%s\", rad %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 #| msgid "invalid keyflag in `%s', line %d\n"
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "ogiltig nyckelflagga i \"%s\", rad %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 #| msgid "error reading `%s', line %d: %s\n"
 msgid "error reading '%s', line %d: %s\n"
 msgstr "fel vid läsning av \"%s\", rad %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "fel vid inläsning av betrodda rotcertifikat\n"
@@ -1020,7 +991,7 @@ msgstr "fel vid inläsning av betrodda rotcertifikat\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -1029,11 +1000,11 @@ msgstr ""
 "Litar du förbehållslöst på%%0A  \"%s\"%%0Aatt korrekt certifiera "
 "användarcertifikat?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Ja"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Nej"
@@ -1046,7 +1017,7 @@ msgstr "Nej"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -1058,22 +1029,22 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Korrekt"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Fel"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Observera: Den här lösenfrasen har aldrig blivit ändrad.%0ADu bör ändra den "
 "nu."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -1082,15 +1053,15 @@ msgstr ""
 "Den här lösenfrasen har inte ändrats%%0Asedan %.4s-%.2s-%.2s.  Du bör ändra "
 "den nu."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "ändra lösenfras"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Jag ändrar den senare"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -1098,113 +1069,113 @@ msgid ""
 "%%0A?"
 msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 #| msgid "enable key"
 msgid "Delete key"
 msgstr "aktivera nyckel"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA kräver att hashlängden är delbar med 8 bitar\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s-nyckeln använder en osäker hash (%u bitar)\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, fuzzy, c-format
 #| msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "en %u-bitars hash är inte giltig för en %u-bitars %s-nyckel\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "kontroll av den skapade signaturen misslyckades: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "de hemliga nyckeldelarna är inte tillgängliga\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "skyddsalgoritmen %d%s stöds inte\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "skyddsalgoritmen %d%s stöds inte\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "skyddsalgoritmen %d%s stöds inte\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "fel när ett rör skapades: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "fel när ett rör skapades: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "fel vid grening av process: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 #| msgid "error running `%s': probably not installed\n"
 msgid "error running '%s': probably not installed\n"
 msgstr "fel vid körning av \"%s\": antagligen inte installerat\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error running '%s': exit status %d\n"
 msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 #| msgid "error running `%s': terminated\n"
 msgid "error running '%s': terminated\n"
 msgstr "fel vid körning av \"%s\": avslutades\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "fel vid hämtning av avslutskod för processen %d: %s\n"
@@ -1220,36 +1191,36 @@ msgstr "kan inte ansluta till \"%s\": %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "inställningsproblem för gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "kan inte stänga av minnesutskrifter: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Varning: osäkert ägarskap på %s \"%s\"\n"
 
 # Extension är vad? FIXME
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Varning: osäkra rättigheter på %s \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 #| msgid "waiting %d seconds for the agent to come up\n"
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "väntar %d sekunder för att agenten ska komma igång\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "ja"
 
@@ -1303,57 +1274,104 @@ msgstr "slut på kärna i säkert minne vid allokering av %lu byte"
 msgid "out of core while allocating %lu bytes"
 msgstr "slut på kärna vid allokering av %lu byte"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "fel vid allokering av tillräckligt mycket minne: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: föråldrad flagga \"%s\" - den har ingen effekt\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting %d seconds for the agent to come up\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "väntar %d sekunder för att agenten ska komma igång\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
 #| msgid "waiting %d seconds for the agent to come up\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "väntar %d sekunder för att agenten ska komma igång\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
+#, fuzzy, c-format
+#| msgid "waiting %d seconds for the agent to come up\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "väntar %d sekunder för att agenten ska komma igång\n"
+
+#: common/asshelp.c:364
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
 msgstr "kan inte ansluta till dirmngr - försöker falla tillbaka\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
 #, fuzzy, c-format
-#| msgid "no running gpg-agent - starting one\n"
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "ingen körande gpg-agent - startar en\n"
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the keyboxd established\n"
+msgstr "kan inte ansluta till dirmngr - försöker falla tillbaka\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:367
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent established\n"
 msgstr "kan inte ansluta till dirmngr - försöker falla tillbaka\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:485
 #, fuzzy, c-format
 #| msgid "no running dirmngr - starting `%s'\n"
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
 msgstr "ingen körande dirmngr - startar \"%s\"\n"
 
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "kan inte ansluta till dirmngr - försöker falla tillbaka\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "fel när nyckelringen \"%s\" skapades: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "VARNING: %s gäller istället för %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Använd kommandot \"toggle\" först.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1422,7 +1440,7 @@ msgid "algorithm: %s"
 msgstr "algoritm: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "algoritmen stöds inte: %s"
@@ -1497,11 +1515,11 @@ msgstr "Certifikatkedjan är giltig"
 msgid "Root certificate trustworthy"
 msgstr "rotcertifikatet är pålitligt"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "ingen spärrlista hittades för certifikatet"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "den tillgängliga spärrlistan är för gammal"
 
@@ -1539,7 +1557,7 @@ msgstr "Det finns ingen hjälp tillgänglig för \"%s\"."
 msgid "ignoring garbage line"
 msgstr "ignorerar skräprad"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[ingen]"
 
@@ -1549,139 +1567,26 @@ msgstr "[ingen]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "argument förväntades inte"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "läsfel"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "nyckelordet är för långt"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "argument saknas"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid value\n"
-msgid "invalid argument"
-msgstr "ogiltigt värde\n"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "ogiltigt kommando"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "ogiltig aliasdefinition"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "slut på minne"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "ogiltigt kommando"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command `%s'\n"
-msgid "unknown meta command"
-msgstr "okänt kommando \"%s\"\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "oväntat skal: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "ogiltig flagga"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "argument för flaggan \"%.50s\" saknas\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "argument för flaggan \"%.50s\" saknas\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "flaggan \"%.50s\" förväntar sig inte ett argument\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "ogiltigt kommando \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "flagga \"%.50s\" är tvetydig\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "kommandot \"%.50s\" är tvetydigt\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "ogiltig flagga \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "OBS: inställningsfilen \"%s\" saknas\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "inställningsfil \"%s\": %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' not available\n"
@@ -1699,137 +1604,138 @@ msgstr "iconv_open misslyckades: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "konvertering från \"%s\" till \"%s\" misslyckades: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 #| msgid "failed to create temporary file `%s': %s\n"
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "misslyckades med att skapa temporärfilen \"%s\": %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 #| msgid "error writing to `%s': %s\n"
 msgid "error writing to '%s': %s\n"
 msgstr "fel vid skrivning till \"%s\": %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "tar bort gammal låsfil (skapad av %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "väntar på lås (hålls av %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(dödläge?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 #| msgid "lock `%s' not made: %s\n"
 msgid "lock '%s' not made: %s\n"
 msgstr "låset \"%s\" gjordes inte: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "väntar på låset %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s är för gammal (behöver %s, har %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "ASCII-skal: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "ogiltig rubrikrad i ASCII-skalet: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "ASCII-skal: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "ogiltig rubrikrad i klartextsignatur\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "okänt ASCII-skalhuvud: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "flera klartextsignaturer går in i varandra\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "oväntat skal: "
 
 # rader i klartexten som inleds med bindestreck får ett extra bindestreck vid klartextsignatur (för att lättare hitta "---- Begin ..."
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "ogiltig rad som börjar med bindestreck: "
 
 # överhoppad eller hoppades över?
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "ogiltigt radix64-tecken %02X hoppades över\n"
 
 # CRC Cyclic Redundancy Checksum används för att upptäcka fel i ascii-skalet. Används allmänt, trots att det inte höjer säkerheten.
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "för tidigt filslut (ingen CRC-summa)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "för tidigt filslut (i CRC-summan)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "felformaterad CRC-summa\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC-fel; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "för tidigt filslut (i den avslutande raden)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "fel i avslutande rad\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "hittade ingen giltig OpenPGP-data.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "ogiltigt ASCII-skal: raden är längre än %d tecken\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1839,13 +1745,13 @@ msgstr ""
 "beror sannolikt på att en felaktig e-postserver eller e-postklient har "
 "använts\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "inte läsbart"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1854,28 +1760,28 @@ msgstr ""
 "ett notationsnamn får endast innehålla skrivbara tecken eller blanksteg, och "
 "sluta med ett \"'=\"\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "en användares notationsnamn måste innehåller tecknet \"@\"\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "ett notationsnamn får inte innehålla fler än ett \"@\"-tecken\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "ett notationsvärde får inte använda några styrtecken\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "ett notationsnamn får inte innehålla fler än ett \"@\"-tecken\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1885,344 +1791,335 @@ msgstr ""
 "ett notationsnamn får endast innehålla skrivbara tecken eller blanksteg, och "
 "sluta med ett \"'=\"\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "VARNING: ogiltig notationsdata hittades\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "misslyckades med att förmedla %s-begäran till klient\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 #, fuzzy
 #| msgid "Enter passphrase\n"
 msgid "Enter passphrase: "
 msgstr "Ange lösenfrasen\n"
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "fel när nyckelringen \"%s\" skapades: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s fungerar ännu inte med  %s\n"
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "VARNING: %s gäller istället för %s\n"
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "fel vid läsning från %s: %s\n"
 
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Använd kommandot \"toggle\" först.\n"
-
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s fungerar ännu inte med  %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "problem med agenten: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 #| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
 msgstr "ingen gpg-agent kör i den här sessionen\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "du kan inte använda %s när du är i %s-läget\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "Tor is not properly configured"
 msgstr "ogiltigt fingeravtryck"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "DNS is not properly configured"
 msgstr "ogiltigt fingeravtryck"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "generera ett spärrcertifikat"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "ASCII-skal: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP-kort är inte tillgängligt: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "OpenPGP-kort nr. %s identifierades\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "kan inte göra detta i satsläge\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Detta kommando är endast tillgängligt för kort av version 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Återställningskoden är inte tillgänglig längre\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Vad väljer du? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[inte inställt]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "inte tvingad"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "tvingad"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Fel: Endast ren ASCII tillåts för närvarande.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Fel: Tecknet \"<\" får inte användas.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Fel: Dubbla blanksteg tillåts inte.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Kortinnehavarens efternamn: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Kortinnehavarens förnamn: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Fel: Fullständigt namn för långt (gränsen är %d tecken).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "Url för att hämta publik nyckel: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "fel vid läsning av \"%s\": %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 #| msgid "error writing `%s': %s\n"
 msgid "error writing '%s': %s\n"
 msgstr "fel vid skrivning till \"%s\": %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Inloggningsdata (kontonamn): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Privat DO-data: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Språkinställningar: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Fel: ogiltig längd på inställningssträngen\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Fel: ogiltiga tecken i inställningssträngen.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Fel: ogiltigt svar.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA-fingeravtryck: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Fel: ogiltigt formaterat fingeravtryck.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "nyckelåtgärden är inte möjlig: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "inte ett OpenPGP-kort"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "fel vid hämtning av aktuell nyckelinformation: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Ersätt existerande nyckel? (j/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "OBSERVERA: Det finns ingen garanti för att kortet har stöd för den\n"
 "      begärda storleken. Om nyckelgenereringen inte lyckas så bör du\n"
 "      kontrollera dokumentationen för ditt kort för att se vilka storlekar\n"
 "      som tillåts.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Vilken nyckelstorlek vill du ha? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "avrundade uppåt till %u bitar\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s nyckelstorlekar måste vara inom intervallet %u-%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) Signeringsnyckel\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Krypteringsnyckel\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Autentiseringsnyckel\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Välj vilken typ av nyckel du vill ha:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 #| msgid "   (%d) DSA and Elgamal\n"
 msgid "   (%d) ECC\n"
 msgstr "   (%d) DSA och Elgamal\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Ogiltigt val.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 "Kortet kommer nu att konfigureras om för att generera en nyckel med %u "
 "bitar\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, fuzzy, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
@@ -2230,39 +2127,41 @@ msgstr ""
 "Kortet kommer nu att konfigureras om för att generera en nyckel med %u "
 "bitar\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 #| msgid "error changing size of key %d to %u bits: %s\n"
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "fel vid ändring av storlek för nyckel %d till %u bitar: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "fel vid hämtning av aktuell nyckelinformation: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "Detta kommando är inte tillåtet när du är i %s-läge.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Skapa säkerhetskopia av krypteringsnyckel utanför kortet? (J/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 #| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: keys are already stored on the card!\n"
 msgstr "OBSERVERA: nycklar har redan lagrats på kortet!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Ersätt existerande nycklar? (j/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, fuzzy, c-format
 #| msgid ""
 #| "Please note that the factory settings of the PINs are\n"
@@ -2277,202 +2176,217 @@ msgstr ""
 "   PIN-kod = \"%s\"     Admin PIN-kod = \"%s\"\n"
 "Du bör ändra dem med kommandot --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Välj vilken typ av nyckel som ska genereras:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Signeringsnyckel\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Krypteringsnyckel\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Autentiseringsnyckel\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Välj var nyckeln ska sparas:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 #| msgid "read failed: %s\n"
 msgid "KEYTOCARD failed: %s\n"
 msgstr "läsning misslyckades: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 #| msgid "NOTE: keys are already stored on the card!\n"
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "OBSERVERA: nycklar har redan lagrats på kortet!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Sign it? (y/N) "
 msgid "Continue? (y/N) "
 msgstr "Signera den? (j/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "fel vid stängning av %s: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error closing %s: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "fel vid stängning av %s: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "avsluta denna meny"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "visa administratörskommandon"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "visa denna hjälp"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "lista allt tillgängligt data"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "ändra kortinnehavarens namn"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "ändra url för att hämta nyckel"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "hämta nyckel som anges i kortets url"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "ändra inloggningsnamnet"
 
 # originalet borde ha ett value
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "ändra språkinställningarna"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "ändra kortinnehavarens kön"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "ändra ett CA-fingeravtryck"
 
 # den låter skum
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "växla flagga för att tvinga signatur-PIN-kod"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "generera nya nycklar"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "meny för att ändra eller avblockera PIN-koden"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "validera PIN-koden och lista allt data"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "lås upp PIN-koden med en nollställningskod"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use NAME as default recipient"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|NAMN|använd NAMN som standardmottagare"
 
 # originalet borde ha ett value
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "ändra ägartillitsvärdet"
 
-#: g10/card-util.c:2305
+# originalet borde ha ett value
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "ändra ägartillitsvärdet"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/kort> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Kommandon endast för administratör\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Administrationskommandon tillåts\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Administrationskommandon tillåts inte\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Ogiltigt kommando (prova med \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output kan inte användas för detta kommando\n"
 
 # se förra kommentaren
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "kan inte öppna \"%s\"\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "nyckeln \"%s\" hittades inte: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "fel vid läsning av nyckelblock: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "nyckeln \"%s\" hittades inte: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(om du inte anger nyckeln med hjälp av fingeravtrycket)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "kan inte göra så i satsläge utan \"--yes\"\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(om du inte anger nyckeln med hjälp av fingeravtrycket)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2513,9 +2427,9 @@ msgstr ""
 msgid "subkey"
 msgstr "Publik nyckel: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "uppdateringen misslyckades: %s\n"
@@ -2540,69 +2454,81 @@ msgstr "det finns en hemlig nyckel för denna publika nyckeln \"%s\"!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "använd flaggan \"--delete-secret-keys\"för att ta bort den först.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"VARNING: tvinga symmetriskt chiffer med %s (%d) strider mot "
-"mottagarinställningarna\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "fel när lösenfras skapades: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "kan inte använda symmetriska ESK-paket pga S2K-läge\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "använder %s-chiffer\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "\"%s\" är redan komprimerad\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "VARNING: \"%s\" är en tom fil\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm `%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "du får inte använda sammandragsalgoritmen \"%s\" när du är i %s-läget\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "läser från \"%s\"\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"VARNING: tvinga symmetriskt chiffer med %s (%d) strider mot "
+"mottagarinställningarna\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2611,29 +2537,37 @@ msgstr ""
 "VARNING: tvinga komprimeringsalgoritmen %s (%d) strider mot "
 "mottagarinställningarna\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"tvinga symmetriskt chiffer med %s (%d) strider mot mottagarinställningarna\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s krypterad för: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "du kan inte använda %s när du är i %s-läget\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s-krypterad data\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "krypterad med en okänd algoritm %d\n"
 
 # I vissa algoritmer kan svaga nycklar förekomma. Dessa ska inte användas.
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
@@ -2641,74 +2575,11 @@ msgstr ""
 "VARNING: meddelandet krypterades med en svag nyckel\n"
 "i det symmetriska chiffret.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "problem vid hanteringen av krypterat paket\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "ingen körning av fjärrprogram stöds\n"
-
-# Behörighet att komma åt inställningarna, tror jag. Inte behörigheter i inställningsfilen.
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"anrop av externa program är inaktiverat pga osäkra behörigheter för\n"
-"inställningsfilen\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr "denna plattform kräver temporärfiler vid anrop till externa program\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-#| msgid "unable to execute program `%s': %s\n"
-msgid "unable to execute program '%s': %s\n"
-msgstr "kunde inte köra programmet \"%s\": %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-#| msgid "unable to execute shell `%s': %s\n"
-msgid "unable to execute shell '%s': %s\n"
-msgstr "kunde inte köra skalet \"%s\": %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "systemfel när externa program anropades: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "externt program avslutades felaktigt\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "kunde inte köra det externa programmet\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "kan inte läsa svaret från det externa programmet: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "VARNING: kan inte ta bort tempfil (%s) \"%s\": %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "VARNING: kunde inte ta bort temp-katalogen \"%s\": %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "exportera signaturer som är märkta som endast lokala"
@@ -2729,408 +2600,408 @@ msgstr "ta bort oanvändbara delar från nyckeln under exportering"
 msgid "remove as much as possible from key during export"
 msgstr "ta bort så mycket som möjligt från nyckeln under exportering"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: hoppade över: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "skriver till \"%s\"\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "nyckeln %s: nyckelmaterial på kortet - hoppade över\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "export av hemliga nycklar tillåts inte\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "nyckeln %s: nyckel av PGP 2.x-typ - hoppade över\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "VARNING: ingenting exporterat\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "Fel när \"%s\" skapades: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Användaridentiteten hittades inte]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 #| msgid "automatically retrieved `%s' via %s\n"
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "hämtade \"%s\" automatiskt via %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "fel vid hämtning av \"%s\" via %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Inget fingeravtryck"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "(check argument of option '%s')\n"
 msgstr "argument för flaggan \"%.50s\" saknas\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|NAMN|använd NAMN som förvald hemlig nyckel"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|NAMN|använd NAMN som förvald hemlig nyckel"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Ogiltiga nyckeln %s tvingades till giltig med --allow-non-selfsigned-uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "använder undernyckeln %s istället för primära nyckeln %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "valid values for option '%s':\n"
 msgstr "argument för flaggan \"%.50s\" saknas\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "skapa en signatur"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "skapa en klartextsignatur"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "skapa signatur i en separat fil"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "kryptera data"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "kryptering endast med symmetriskt chiffer"
 
 # gnupg dekrypterar data om inget kommando anges dvs. kommandot "decrypt" behöver inte användas.
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "dekryptera data (standard)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "validera en signatur"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "lista nycklar"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "lista nycklar och signaturer"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "lista och kontrollera nyckelsignaturer"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "lista nycklar och fingeravtryck"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "lista hemliga nycklar"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "generera ett spärrcertifikat"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "ta bort nycklar från den publika nyckelringen"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "ta bort nycklar från den hemliga nyckelringen"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "signera en nyckel"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "signera en nyckel lokalt"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "generera ett nytt nyckelpar"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "signera en nyckel"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "signera en nyckel lokalt"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "signera eller redigera en nyckel"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "ändra en lösenfras"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "exportera nycklar"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "exportera nycklar till en nyckelserver"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "importera nycklar från en nyckelserver"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "sök efter nycklar hos en nyckelserver"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "uppdatera alla nycklar nycklar från en nyckelserver"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "importera/slå samman nycklar"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "skriv ut kortstatus"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "ändra data på ett kort"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "ändra PIN-kod för ett kort"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "uppdatera tillitsdatabasen"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "skriv ut kontrollsummor"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "kör i serverläge"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAMN|använd NAMN som förvald hemlig nyckel"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAMN|kryptera även till användaridentiteten NAMN"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|ange e-postalias (ett eller flera)"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "använd strikt OpenPGP-beteende"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "gör inga ändringar"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "fråga innan överskrivning"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Flaggor som kontrollerar säkerheten"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Flaggor som kontrollerar diagnosutdata"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "skapa utdata med ett ascii-skal"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FIL|skriv utdata till FIL"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "använd \"ursprunglig text\"-läget"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|ställ in komprimeringsnivån till N (0 för att inaktivera)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Flaggor som kontrollerar interaktivitet och framtvingande"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MEKANISMER|använd MEKANISMER för att hitta nycklar efter e-postadress"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "importera nycklar från en nyckelserver"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "lista och kontrollera nyckelsignaturer"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "inaktivera all åtkomst till dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Flaggor som kontrollerar konfigurationen"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "lista hemliga nycklar"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|ANVÄNDAR-ID|kryptera för ANVÄNDAR-ID"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|ANVÄNDAR-ID|använd ANVÄNDAR-ID för att signera eller dekryptera"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
 # inställningar istället för flaggor?
 # Nej, här är det bruksanvisningen för kommandoraden.
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3138,7 +3009,7 @@ msgstr ""
 "@\n"
 "(Se manualsidan för en fullständig lista över alla kommandon och flaggor)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3168,14 +3039,14 @@ msgstr ""
 "--list-keys [namn]          visa nycklar\n"
 "--fingerprint [namn]        visa fingeravtryck\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
 
 # Om inget kommando anges (decrypt/encrypt etc) väljs åtgärd efter indata.
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3190,7 +3061,7 @@ msgstr ""
 "signera, kontrollera, kryptera eller dekryptera\n"
 "standardåtgärden beror på inmatningsdata\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3198,85 +3069,85 @@ msgstr ""
 "\n"
 "Algoritmer som stöds:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Publik nyckel: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Chiffer: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Kontrollsumma: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Komprimering: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] %s\n"
 msgstr "användning: gpgsm [flaggor] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "motstridiga kommandon\n"
 
 # Vad betyder detta?
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 #| msgid "no = sign found in group definition `%s'\n"
 msgid "no = sign found in group definition '%s'\n"
 msgstr "no = signatur hittad i gruppdefinitionen \"%s\"\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on homedir `%s'\n"
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "VARNING: osäkert ägarskap på hemkatalogen \"%s\"\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on configuration file `%s'\n"
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "VARNING: osäkert ägarskap på konfigurationsfilen \"%s\"\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on extension `%s'\n"
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "VARNING: osäkert ägarskap på tillägget \"%s\"\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on homedir `%s'\n"
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "VARNING: osäkra rättigheter på hemkatalogen \"%s\"\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on configuration file `%s'\n"
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "VARNING: osäkra rättigheter på konfigurationsfilen \"%s\"\n"
 
 # Extension är vad? FIXME
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on extension `%s'\n"
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "VARNING: osäkra rättigheter på tillägget \"%s\"\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "VARNING: osäkert ägarskap på inneslutande katalog för hemkatalogen \"%s\"\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
@@ -3286,21 +3157,21 @@ msgstr ""
 "VARNING: osäkert ägarskap på inneslutande katalog för konfigurationsfilen "
 "\"%s\"\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "VARNING: osäkert ägarskap på inneslutande katalog för tillägget \"%s\"\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "VARNING: osäkra rättigheter på inneslutande katalog för hemkatalogen \"%s\"\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory permissions on configuration file `"
@@ -3311,482 +3182,500 @@ msgstr ""
 "VARNING: osäkra rättigheter på inneslutande katalog för konfigurationsfilen "
 "\"%s\"\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "VARNING: osäkra rättigheter på inneslutande katalog för tillägget \"%s\"\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 #| msgid "unknown configuration item `%s'\n"
 msgid "unknown configuration item '%s'\n"
 msgstr "okänd konfigurationspost \"%s\"\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "visa foto-id under nyckellistning"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 #| msgid "show user ID validity during key listings"
 msgid "show key usage information during key listings"
 msgstr "visa giltighet för användaridentitet vid nyckellistningar "
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "visa policy-url:er under signaturlistningar"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "visa alla notationer under signaturlistningar"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "visa IETF-standardnotationer under signaturlistningar"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "visa användarangivna notationer under signaturlistningar"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "visa url:er till föredragna nyckelservrar under signaturlistningar"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "visa giltighet för användaridentitet vid nyckellistningar "
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "visa spärrade och utgångna användaridentiteter i nyckellistningar"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "visa spärrade och utgångna undernycklar i nyckellistningar"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "visa nyckelringens namn i nyckellistningar"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "visa utgångsdatum under signaturlistningar"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "okänd flagga \"%s\"\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Detta kommando är inte tillåtet när du är i %s-läge.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "OBS: %s är inte för normal användning!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "\"%s\" är inte ett giltigt utgångsdatum för en signatur\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 #| msgid "line %d: not a valid email address\n"
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "rad %d: inte en giltig e-postadress\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid pinentry mode '%s'\n"
 msgstr "ogiltig landskod i \"%s\", rad %d\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid request origin '%s'\n"
 msgstr "argument för flaggan \"%.50s\" saknas\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid character set\n"
 msgid "'%s' is not a valid character set\n"
 msgstr "\"%s\" är ingen giltig teckentabell\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "kunde inte tolka url till nyckelserver\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: ogiltiga flaggor för nyckelserver\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "ogiltiga flaggor för nyckelserver\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: ogiltiga importeringsflaggor\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "ogiltiga importflaggor\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "ogiltiga listflaggor\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: ogiltiga exportflaggor\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "ogiltiga exportinställningar\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: ogiltiga listflaggor\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "ogiltiga listflaggor\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "visa foto-id under signaturvalidering"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "visa policy-url:er under signaturvalidering"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "visa alla notationer under signaturvalidering"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "visa IETF-standardnotationer under signaturvalidering"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "visa användarangivna notationer under signaturvalidering"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "visa url:er till föredragna nyckelserver under signaturvalidering"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "visa giltighet för användaridentitet vid signaturvalidering"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "visa spärrade och utgångna användaridentiteter i signaturvalidering"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "visa endast primär användaridentitet i signaturvalidering"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "validera signaturer med PKA-data"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "öka tillit på signaturer med giltigt PKA-data"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: ogiltiga flaggor för validering\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "ogiltiga flaggor för validering\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "kunde inte ställa in exec-path till %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: ogiltig auto-key-locate-lista\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "ogiltig auto-key-locate-lista\n"
 
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+#| msgid "missing argument for option \"%.50s\"\n"
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "argument för flaggan \"%.50s\" saknas\n"
+
 # Programmet skapar en avbildning (image) av minnet för att lättare kunna spåra fel.
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "VARNING: programmet kan komma att skapa en minnesavbild!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "VARNING: %s gäller istället för %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s är inte tillåten tillsammans med %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "det är ingen poäng att använda %s tillsammans med %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "VARNING: kör med falsk systemtid: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "kommer inte att köra med osäkert minne på grund av %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "den valda chifferalgoritmen är ogiltig\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "vald sammandragsalgoritm är ogiltig\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "vald komprimeringsalgoritm är ogiltig\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "vald algoritm för certifieringssammandrag är felaktig\n"
 
 # antalet betrodda signaturer som behövs (1-3) för att du ska lita på en nyckel du inte själv verifierat.
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "variabeln \"completes-needed\" måste ha ett värde som är större än 0\n"
 
 # antalet delvis betrodda signaturer som behövs (1-3) för att du ska lita på en nyckel du inte själv verifierat.
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "variabeln \"marginals-needed\" måste vara större än 1\n"
 
 # Hur djupt GnuPG ska leta i Web-of-trust.
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth måste vara inom intervallet från 1 till 255\n"
 
 # Det är nivån för hurväl du har kontrollerat att nyckeln tillhör innehavaren.
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr ""
 "ogiltigt standardvärde för certifieringsnivån; måste vara 0, 1, 2 eller 3\n"
 
 # Det är nivån för hurväl du har kontrollerat att nyckeln tillhör innehavaren.
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "ogiltigt minimivärde för certifieringsnivån; måste vara 1, 2 eller 3\n"
 
 # S2K har med krypteringen av hemliga nyckeln att göra
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "OBS: enkelt S2K-läge (0) rekommenderas inte\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "ogiltigt S2K-läge; måste vara 0, 1 eller 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "ogiltiga standardinställningar\n"
 
 # Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel).
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "ogiltig inställning av personligt chiffer\n"
 
-#: g10/gpg.c:3868
+# Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel).
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "ogiltig inställning av personligt chiffer\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "ogiltig inställning av föredragna kontrollsummealgoritmer\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "ogiltig inställning av föredragna kompressionsalgoritmer\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "ogiltig nyckelstorlek; använder %u bitar\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s fungerar ännu inte med  %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "du får inte använda komprimeringsalgoritmen \"%s\" när du är i %s-läget\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "misslyckades med att initialisera tillitsdatabasen: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "VARNING: mottagare (-r) angivna utan att använda publik nyckel-kryptering\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 #| msgid "symmetric encryption of `%s' failed: %s\n"
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "symmetrisk kryptering av \"%s\" misslyckades: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "du kan inte använda --symmetric --encrypt med --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "du kan inte använda --symmetric --encrypt i %s-läget\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "du kan inte använda --symmetric --sign --encrypt med --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 "du kan inte använda --symmetric --sign --encrypt när du är i %s-läget\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "sändning till nyckelservern misslyckades: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "hämtning från nyckelservern misslyckades: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "export av nyckeln misslyckades: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "export av nyckeln misslyckades: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "sökning på nyckelservern misslyckades: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "uppdatering av  nyckeln från en nyckelserver misslyckades: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "misslyckades med att ta bort ASCII-skalet: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "misslyckades med att skapa ASCII-skal: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "ogiltig kontrollsummealgoritm \"%s\"\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error parsing key specification '%s': %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Skriv ditt meddelande här ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "den angivna URL som beskriver certifieringsspolicy är ogiltig\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "den angivna URL som beskriver signaturpolicy är ogiltig\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "den angivna föredragna nyckelserver-url:n är ogiltig\n"
@@ -3802,7 +3691,7 @@ msgstr "|FIL|ta nycklarna från nyckelringen FIL "
 msgid "make timestamp conflicts only a warning"
 msgstr "utfärda enbart en varning när tidsstämpeln är orimlig"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|skriv statusinformation till denna FD"
 
@@ -3851,135 +3740,145 @@ msgid "do not update the trustdb after import"
 msgstr "uppdatera inte tillitsdatabasen efter importering"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr ""
+
+#: g10/import.c:184
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "visa nyckelns fingeravtryck"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "visa nyckelns fingeravtryck"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "acceptera endast uppdateringar till befintliga nycklar"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "ta bort oanvändbara delar från nyckeln efter importering"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "ta bort så mycket som möjligt från nyckeln efter importering"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 #, fuzzy
 #| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
 msgstr "anta att inmatning är i binärformat"
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "visa nyckelns fingeravtryck"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "hoppar över block av typen %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "%lu nycklar behandlade än så länge\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Totalt antal behandlade enheter: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "        överhoppade nya nycklar: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "        överhoppade nya nycklar: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "       utan användaridentiteter: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                    importerade: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                    oförändrade: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "        nya användaridentiteter: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "               nya undernycklar: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "                 nya signaturer: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "          nya nyckelspärrningar: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "    antal lästa hemliga nycklar: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "    importerade hemliga nycklar: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "    oförändrade hemliga nycklar: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "               inte importerade: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "             signaturer rensade: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "    användaridentiteter rensade: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3988,175 +3887,181 @@ msgstr ""
 "VARNING: nyckeln %s innehåller inställningar för otillgängliga\n"
 "algoritmer för dessa användaridentiteter:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": inställning för chifferalgoritmen %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": inställning för chifferalgoritmen %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": inställning för sammandragsalgoritmen %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": inställning för komprimeringsalgoritmen %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "det rekommenderas starkt att du uppdaterar dina inställningar\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "och distribuerar denna nyckel igen för att undvika tänkbara problem\n"
 "med att algoritmerna inte stämmer\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "du kan uppdatera dina inställningar med: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "nyckel %s: ingen användaridentitet\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s: %s\n"
 msgstr "hoppade över \"%s\": %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
 # Undernyckeln är skadad på HKP-servern. Vanligt fel vid många undernycklar.
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "nyckeln %s: PKS-skadad undernyckel reparerades\n"
 
 # vad innebär fnutten i slutet?
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "nyckel %s: accepterade icke-självsignerad användaridentitet \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "nyckel %s: inga giltiga användaridentiteter\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "detta kan bero på att det saknas en självsignatur\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "nyckel %s: hittade ingen publik nyckel: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "nyckel %s: ny nyckel - hoppade över\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "hittade ingen nyckelring som gick att skriva till: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "fel vid skrivning av nyckelringen \"%s\": %s\n"
 
 # fixme: I appended the %s -wk
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "nyckel %s: publika nyckeln \"%s\" importerades\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "nyckel %s: stämmer inte mot vår lokala kopia\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "nyckel %s: \"%s\" 1 ny användaridentitet\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "nyckel %s: \"%s\" %d nya användaridentiteter\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "nyckel %s: \"%s\" 1 ny signatur\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "nyckel %s: \"%s\" %d nya signaturer\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "nyckel %s: \"%s\" 1 ny undernyckel\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "nyckel %s: \"%s\" %d nya undernycklar\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "nyckel %s: \"%s\" %d signatur rensad\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "nyckel %s: \"%s\" %d signaturer rensade\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "nyckel %s: \"%s\" %d användaridentitet rensad\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "nyckel %s: \"%s\" %d användaridentiteter rensade\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "nyckel %s: \"%s\" inte ändrad\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "nyckel %s: hemlig nyckel importerades\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "hoppade över: hemlig nyckel finns redan\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "key %s: error sending to agent: %s\n"
@@ -4170,206 +4075,214 @@ msgstr "fel vid sändning av %s-kommando: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key %s: %s\n"
 msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "import av hemliga nycklar tillåts inte\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "nyckel %s: hemlig nyckel med ogiltigt chiffer %d - hoppade över\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Ingen anledning har angivits"
 
 # tveksam översättning. funderar på "ersatt av något bättre" men det
 # känns inte heller bra. Betyder att nyckeln inte används längre, utan användaren har skapat en ny nyckel som ersätter den gamla.
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Nyckeln är åsidosatt"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Nyckeln har blivit komprometterad"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Nyckeln används inte längre"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Användaridentiteten är inte längre giltig"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "anledning för spärrning: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "spärrningskommentar: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "nyckel %s: ingen publik nyckel - kan inte verkställa spärrcertifikat\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "nyckel %s: kan inte hitta det ursprungliga nyckelblocket: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "nyckel %s: kan inte läsa det ursprungliga nyckelblocket %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "nyckel %s: ogiltigt spärrcertifikat: %s - avvisat\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "nyckel %s: \"%s\" spärrcertifikat importerat\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "nyckel %s: ingen användaridentitet för signaturen\n"
 
 # fixme: I appended the %s -wk
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "nyckel %s: algoritmen för publika nycklar stöds inte för "
 "användaridentiteten  \"%s\"\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "nyckel %s: ogiltig självsignatur på användaridentiteten \"%s\"\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "nyckel %s: algoritmen för publika nycklar stöds inte\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "nyckel %s: ogiltig direkt nyckelsignatur\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "nyckel %s: ingen undernyckel för nyckelbindning\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "nyckel %s: ogiltig undernyckelbindning\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "nyckel %s: tog bort flera undernyckelbindningar\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "nyckel %s: ingen undernyckel för nyckelspärrning\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "nyckel %s: ogiltig spärr av undernyckel\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "nyckel %s: tog bort flera spärrar av undernyckel\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "nyckel %s: hoppade över användaridentiteten \"%s\"\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "nyckel %s: hoppade över undernyckel\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "nyckel %s: icke-exporterbar signatur (klass 0x%02X) - hoppade över\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "nyckel %s: spärrcertifikat på fel plats - hoppade över\n"
 
 # nyckeln eller certifikatet??
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "nyckel %s: ogiltigt spärrcertifikat: %s - hoppade över\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "nyckel %s: signatur på undernyckel på fel plats - hoppade över\n"
 
 # nyckeln eller klassen?
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "nyckel %s: oväntad signaturklass  (0x%02X) - hoppade över\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr ""
 "nyckel %s: dubblett av användaridentiteten hittades - slog samman dem\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr ""
+"nyckel %s: dubblett av användaridentiteten hittades - slog samman dem\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "VARNING: nyckeln %s kan ha spärrats: hämtar spärrnyckeln %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "VARNING: nyckeln %s kan ha spärrats: spärrnyckeln %s saknas.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "nyckel %s: \"%s\" spärrcertifikat lades till\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "nyckel %s: lade till direkt nyckelsignatur\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 #| msgid "error allocating enough memory: %s\n"
 msgid "error allocating memory: %s\n"
@@ -4394,13 +4307,13 @@ msgstr "kortet har inte stöd för sammandragsalgoritmen %s\n"
 msgid " (reordered signatures follow)"
 msgstr "Korrekt signatur från"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s:\n"
 msgstr "hoppade över \"%s\": %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
@@ -4408,7 +4321,7 @@ msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Användaridentitet \"%s\": %d signaturer borttagna\n"
 msgstr[1] "Användaridentitet \"%s\": %d signaturer borttagna\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4416,7 +4329,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 signatur validerades inte eftersom nyckeln saknades\n"
 msgstr[1] "1 signatur validerades inte eftersom nyckeln saknades\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4424,7 +4337,7 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d felaktiga signaturer\n"
 msgstr[1] "%d felaktiga signaturer\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4432,50 +4345,44 @@ msgid_plural "%d signatures reordered\n"
 msgstr[0] "Korrekt signatur från"
 msgstr[1] "Korrekt signatur från"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 #| msgid "error creating keybox `%s': %s\n"
 msgid "error creating keybox '%s': %s\n"
 msgstr "fel när nyckelskåpet \"%s\" skapades: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "fel när nyckelringen \"%s\" skapades: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 #| msgid "keybox `%s' created\n"
 msgid "keybox '%s' created\n"
 msgstr "nyckelskåpet \"%s\" skapat\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "%s: nyckelring skapad\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 #| msgid "keyblock resource `%s': %s\n"
 msgid "keyblock resource '%s': %s\n"
 msgstr "nyckelblockresurs \"%s\": %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
-msgid "error opening key DB: %s\n"
-msgstr "fel vid öppnandet av \"%s\": %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "misslyckades med att återskapa nyckelringscache: %s\n"
@@ -4488,7 +4395,7 @@ msgstr "[spärr]"
 msgid "[self-signature]"
 msgstr "[självsignatur]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4499,12 +4406,12 @@ msgstr ""
 "korrekt validera andra användares nycklar (genom att undersöka pass,\n"
 "undersöka fingeravtryck från olika källor, etc.)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Jag litar marginellt\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Jag litar fullständigt\n"
@@ -4535,12 +4442,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Användaridentiteten \"%s\" är spärrad."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Vill du verkligen fortfarande signera den? (j/N)"
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Kan inte signera.\n"
 
@@ -4717,200 +4624,204 @@ msgstr "Jag har gjort en noggrann kontroll av denna nyckel.\n"
 msgid "Really sign? (y/N) "
 msgstr "Verkligen signera? (j/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "signeringen misslyckades: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Nyckeln har endast en stump eller nyckelobjekt på kortet - ingen lösenfras "
 "att ändra.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "fel när lösenfras skapades: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "spara och avsluta"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "visa nyckelns fingeravtryck"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 #| msgid "Enter the keygrip: "
 msgid "show the keygrip"
 msgstr "Ange nyckelhashen: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "lista nycklar och användaridentiteter"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "välj användaridentiteten N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "välj undernyckel N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "kontrollera signaturer"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "signera valda användaridentiteter [* se nedan för relaterade kommandon]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "signera valda användaridentiteter lokalt"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "signera valda användaridentiteter med en tillitssignatur"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "signera valda användaridentiteter med en icke-spärrbar signatur"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "lägg till en användaridentitet"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "lägg till ett foto-id"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "ta bort valda användaridentiteter"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "lägg till en undernyckel"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "lägg till en nyckel till ett smartkort"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "flytta en nyckel till ett smartkort"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "flytta en nyckelkopia till ett smartkort"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "ta bort valda undernycklar"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "lägg till en spärrnyckel"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "ta bort signaturer från valda användaridentiteter"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "ändra utgångsdatumet för nyckeln eller valda undernycklar"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "flagga vald användaridentitet som primär"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "lista inställningar (expertläge)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "lista inställningar (utförligt)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "ställ in inställningslista för valda användaridentiteter"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "ställ in url till föredragen nyckelserver för valda användaridentiteter"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "ställ in en notation för valda användaridentiteter"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "ändra lösenfrasen"
 
 # originalet borde ha ett value
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "ändra ägartillitsvärdet"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "spärra signaturer på valda användaridentiteter"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "spärra valda användaridentiteter"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "spärra nyckel eller valda undernycklar"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "aktivera nyckel"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "inaktivera nyckel"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "visa valda foto-id:n"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "komprimera oanvändbara användaridentiteter och ta bort oanvändbara "
 "signaturer från nyckeln"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "komprimera oanvändbara användaridentiteter och ta bort alla signaturer från "
 "nyckeln"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Den hemliga nyckeln finns tillgänglig.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Den hemliga nyckeln finns tillgänglig.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Den hemliga nyckeln behövs för att göra detta.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 #, fuzzy
 #| msgid ""
 #| "* The `sign' command may be prefixed with an `l' for local signatures "
@@ -4930,308 +4841,313 @@ msgstr ""
 "signaturer\n"
 "  (nrsign), eller en kombination av dessa (ltsign, tnrsign, etc.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Nyckeln är spärrad."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Verkligen signera alla användaridentiteter? (j/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Verkligen signera alla användaridentiteter? (j/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Tips: Välj de användaridentiteter som du vill signera\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "Unknown signature type '%s'\n"
 msgstr "Okänd signaturtyp \"%s\"\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Detta kommando är inte tillåtet när du är i %s-läge.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Du måste välja åtminstone en användaridentitet.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Du kan inte ta bort den sista användaridentiteten!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Verkligen ta bort alla valda användaridentiteter? (j/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Verkligen ta bort denna användaridentitet? (j/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Verkligen flytta den primära nyckeln? (j/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Du måste välja exakt en nyckel.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Kommandot förväntar ett filnamnsargument\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 #| msgid "Can't open `%s': %s\n"
 msgid "Can't open '%s': %s\n"
 msgstr "Kan inte öppna \"%s\": %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 #| msgid "Error reading backup key from `%s': %s\n"
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Fel vid läsning av säkerhetskopierad nyckel från \"%s\": %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Du måste välja åtminstone en nyckel.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Vill du verkligen ta bort denna nyckel? (j/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Verkligen spärra alla valda användaridentiteter? (j/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Verkligen spärra denna användaridentitet? (j/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Vill du verkligen spärra hela nyckeln? (j/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Vill du verkligen spärra de valda undernycklarna? (j/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Vill du verkligen spärra denna undernyckel? (j/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Ägartillit får inte ställas in när en tillitsdatabas används som användaren "
 "tillhandahåller\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Ställ in inställningslista till:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Vill du verkligen uppdatera inställningarna för valda användaridentiteter? "
 "(j/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Vill du verkligen uppdatera inställningarna? (j/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Spara ändringar? (j/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Avsluta utan att spara? (j/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Nyckeln är oförändrad så det behövs ingen uppdatering.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Du kan inte ta bort den sista användaridentiteten!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "kontroll mot tillitslistan misslyckades: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "kontroll mot tillitslistan misslyckades: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "ogiltigt fingeravtryck"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 #| msgid "failed to get the fingerprint\n"
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "misslyckades med att få fingeravtrycket\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "ogiltigt värde\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Ingen sådan användaridentitet.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "Nothing to sign with key %s\n"
 msgid "Nothing to sign.\n"
 msgstr "Det finns inget att signera med nyckeln %s\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Inte signerad av dig.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "kontroll av den skapade signaturen misslyckades: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "\"%s\" är inte ett giltigt utgångsdatum för en signatur\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "ogiltigt fingeravtryck"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "nyckeln \"%s\" hittades inte: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Sammandrag: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Funktioner: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Nyckelserver no-modify"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Föredragen nyckelserver: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Notationer: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr ""
 "Du kan inte ange några inställningar för en användaridentitet av PGP 2.x-"
 "typ.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Följande nyckel blev spärrad den %s av %s nyckel %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Den här nyckeln kan vara spärrad av %s nyckel %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(känsligt)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "skapat: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "spärrad: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "utgånget: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "går ut: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "användning: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "kortnummer: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "tillit: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "giltighet: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Denna nyckel har stängts av"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5239,17 +5155,17 @@ msgstr ""
 "Observera! Den visade nyckelgiltigheten kan vara felaktig\n"
 "såvida inte du startar om programmet.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "spärrad"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "utgånget"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5259,18 +5175,18 @@ msgstr ""
 "Detta kommando kan göra att en annan användaridentitet antas\n"
 "vara den primära identiteten.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Du kan inte ändra giltighetsdatum för en v3-nyckel\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5279,36 +5195,36 @@ msgstr ""
 "VARNING: Detta är en nyckel av PGP2-typ.  Om du lägger till ett foto-id kan\n"
 "         vissa versioner av PGP avvisa denna nyckel.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Vill du verkligen fortfarande lägga till den? (j/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Du kan inte lägga till ett foto-id till en nyckel av PGP 2-typ.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "En sådan användaridentitet finns redan på denna nyckel!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Vill du radera denna korrekta signatur? (j/N/a)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Vill du radera denna ogiltiga signatur? (j/N/a)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Vill du radera denna okända signatur? (j/N/a)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Verkligen ta bort denna självsignatur? (j/N)"
 
 # skulle lika gärna kunna heta 1 signatur va?
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5316,20 +5232,20 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "Raderade %d signatur.\n"
 msgstr[1] "Raderade %d signatur.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Ingenting raderat.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "ogiltigt"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Användaridentiteten \"%s\" komprimerad: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "User ID \"%s\": %d signature removed\n"
@@ -5337,17 +5253,17 @@ msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Användaridentitet \"%s\": %d signaturer borttagna\n"
 msgstr[1] "Användaridentitet \"%s\": %d signaturer borttagna\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Användaridentitet \"%s\": redan minimerad\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Användaridentitet \"%s\": redan rensad\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5357,42 +5273,42 @@ msgstr ""
 "denna\n"
 "         nyckel inte användas i vissa versioner av PGP.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Du får inte lägga till en spärrnyckel för en PGP 2.x-nyckel.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Ange användaridentiteten för spärrnyckeln: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "det går inte att använda en PGP 2.x-nyckel som spärrnyckel\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "du kan inte ange en nyckel som sin egen spärrnyckel\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "den här nyckeln har redan markerats som en spärrnyckel\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "VARNING: det går aldrig att ångra om du utser en spärrnyckel!\n"
 
 # designated = angiven (utnämnd, utpekad, bestämd, utsedd, avsedd, angiven, designerad)
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Är du säker på att du vill använda den här nyckeln för spärrning? (j/N) "
 
 # designated = angiven (utnämnd, utpekad, bestämd, utsedd, avsedd, angiven, designerad)
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5402,247 +5318,253 @@ msgid ""
 msgstr ""
 "Är du säker på att du vill använda den här nyckeln för spärrning? (j/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Ändrar utgångstid för en undernyckel.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Ändrar giltighetstid för den primära nyckeln.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Du kan inte ändra giltighetsdatum för en v3-nyckel\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Ändrar utgångstid för en undernyckel.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Ändrar giltighetstid för den primära nyckeln.\n"
 
 # Vad betyder det?
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "signeringsundernyckeln %s är redan korscertifierad\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "undernyckeln %s signerar inte och behöver inte korscertifieras\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Välj endast en användaridentitet.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "hoppar över v3-självsignatur på användaridentiteten \"%s\"\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Ange din föredragna nyckelserver-url: "
 
 # Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Är du säker på att du vill ersätta det? (j/N) "
 
 # Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Är du säker på att du vill ta bort det? (j/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Ange notationen: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Fortsätt? (j/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Ingen användaridentitet med indexet %d\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Ingen användaridentitet med hashen %s\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Ingen undernyckel med indexet %d\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Ingen undernyckel med indexet %d\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "användaridentitet: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "signerat av din nyckel %s den %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr "  (icke exporterbar)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Denna signatur gick ut den %s.\n"
 
 # nyckel? signatur?
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Är du säker på att du fortfarande vill spärra den? (j/N)"
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Vill du skapa ett spärrcertifikat för denna signatur? (j/N)"
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Du har signerat följande användaridentiteter med nyckeln %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (inte spärrbar)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "spärrad av din nyckel %s den %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Du är på väg att spärra dessa signaturer:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Vill du verkligen skapa spärrcertifikatet? (j/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "ingen hemlig nyckel\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "användaridentiteten \"%s\" är redan spärrad\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "VARNING: en signatur på en användaridentitet är daterad %d sekunder in i "
 "framtiden\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Du kan inte ta bort den sista användaridentiteten!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Nyckeln %s är redan spärrad.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Undernyckeln %s är redan spärrad.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Visar %s foto-id med storleken %ld för nyckeln %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid value for option '%s'\n"
 msgstr "argument för flaggan \"%.50s\" saknas\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 #| msgid "preference `%s' duplicated\n"
 msgid "preference '%s' duplicated\n"
 msgstr "inställningen \"%s\" förekommer flera gånger\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "för många chifferinställningar\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "för många sammandragsinställningar\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "för många komprimeringsinställningar\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "för många chifferinställningar\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 #| msgid "invalid item `%s' in preference string\n"
 msgid "invalid item '%s' in preference string\n"
 msgstr "ogiltig post \"%s\" i inställningssträngen\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "skriver direkt signatur\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "skriver självsignatur\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "skriver signatur knuten till nyckeln\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "ogiltig nyckelstorlek; använder %u bitar\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "nyckelstorleken avrundad uppåt till %u bitar\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5650,19 +5572,19 @@ msgstr ""
 "VARNING: vissa OpenPGP-program kan inte hantera en DSA-nyckel med den här "
 "sammandragsstorleken\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Signera"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Certifiera"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Kryptera"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Autentisera"
 
@@ -5680,171 +5602,185 @@ msgstr "Autentisera"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsKkAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Möjliga åtgärder för en %s-nyckel: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "För närvarande tillåtna åtgärder: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) Växla signeringsförmågan\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Växla krypteringsförmågan\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Växla autentiseringsförmågan\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Färdig\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA och RSA (standard)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA och Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (endast signering)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (endast signering)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (endast kryptering)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (endast kryptering)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (ställ in dina egna förmågor)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (ställ in dina egna förmågor)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-#| msgid "   (%d) DSA and Elgamal\n"
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) DSA och Elgamal\n"
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) signering, kryptering\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (endast signering)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (set your own capabilities)\n"
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (ställ in dina egna förmågor)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (endast kryptering)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key\n"
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Befintlig nyckel\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Befintlig nyckel från kort\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Ange nyckelhashen: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Inte en giltig nyckelhash (förväntade 40 hexadecimala siffror)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Ingen nyckel med denna nyckelhash\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "fel vid läsning av kortet: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Serienummer för kortet: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Tillgängliga nycklar:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "avrundade uppåt till %u bitar\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s-nycklar kan vara mellan %u och %u bitar långa.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Vilken nyckelstorlek vill du använda för undernyckeln? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Den efterfrågade nyckelstorleken är %u bitar\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Välj vilken typ av nyckel du vill ha:\n"
 
 # borde kolla upp möjligheterna i källkoden att använda v m å istället för wmy
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5861,7 +5797,7 @@ msgstr ""
 "      <n>y = nyckeln blir ogiltig efter n år\n"
 
 # borde kolla upp möjligheterna i källkoden att använda v m å istället för wmy
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5877,38 +5813,38 @@ msgstr ""
 "      <n>m = signaturen blir ogiltig efter n månader\n"
 "      <n>y = signaturen blir ogiltig efter n år\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "För hur lång tid ska nyckeln vara giltig? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Signaturen är giltig hur länge? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "ogiltigt värde\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Nyckeln går aldrig ut\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Signaturen går aldrig ut\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Nyckeln går ut %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Signaturen går ut %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5916,11 +5852,11 @@ msgstr ""
 "Ditt system kan inte visa datum senare än år 2038.\n"
 "Datum fram till år 2106 kommer dock att hanteras korrekt.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Stämmer detta? (j/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5935,7 +5871,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5953,50 +5889,50 @@ msgstr ""
 "    \"Gustav Vasa (Brutal kung) <gustav@trekronor.se>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Namn: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Ogiltigt tecken i namnet\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Namnet får inte börja med en siffra\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Namnet måste vara åtminstone 5 tecken långt\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-postadress: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "E-postadressen är ogiltig\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Kommentar: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Ogiltigt tecken i kommentaren\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "Du använder teckentabellen \"%s\"\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -6007,7 +5943,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "Ange inte e-postadressen som namn eller kommentar\n"
 
@@ -6023,35 +5959,35 @@ msgstr "Ange inte e-postadressen som namn eller kommentar\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnKkEeOoAa"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (A)vsluta? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (O)k/(A)vsluta? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (A)vsluta? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (O)k/(A)vsluta? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Rätta först felet\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -6063,13 +5999,13 @@ msgstr ""
 "hårddisken) under primtalsgenereringen; detta ger slumptalsgeneratorn\n"
 "en större chans att samla ihop en tillräcklig mängd slumpmässig data.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Nyckelgenereringen misslyckades: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -6077,73 +6013,73 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 #| msgid "key already exists\n"
 msgid "A key for \"%s\" already exists\n"
 msgstr "nyckeln finns redan\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Use this key anyway? (y/N) "
 msgid "Create anyway? (y/N) "
 msgstr "Vill du använda nyckeln ändå? (j/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "generating new key\n"
 msgid "creating anyway\n"
 msgstr "genererar ny nyckel\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Skapandet av nycklar avbröts.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 #| msgid "can't create backup file `%s': %s\n"
 msgid "can't create backup file '%s': %s\n"
 msgstr "kan inte skapa säkerhetskopian \"%s\": %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 #| msgid "NOTE: backup of card key saved to `%s'\n"
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "OBSERVERA: säkerhetskopia av kortnyckeln sparades i \"%s\"\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "skriver den publika nyckeln till \"%s\"\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "ingen skrivbar publik nyckelring hittades: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "fel vid skrivning av publika nyckelringen \"%s\": %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "den publika och den hemliga nyckeln är skapade och signerade.\n"
 
 # Flagga.. inte kommando
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -6153,7 +6089,7 @@ msgstr ""
 "syfte.\n"
 
 # c-format behövs inte i singularis
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -6161,7 +6097,7 @@ msgstr ""
 "nyckeln är skapad %lu sekund in i framtiden (problemet är\n"
 "relaterat till tidsresande eller en felställd klocka)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6169,51 +6105,51 @@ msgstr ""
 "nyckeln är skapad %lu sekunder in i framtiden (problemet är\n"
 "relaterat till tidsresande eller en felställd klocka)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "OBS: att skapa undernycklar till v3-nycklar bryter mot OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "De hemliga delarna av den primära nyckeln är inte tillgängliga.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Hemliga delar av den primära nyckeln är lagrade på kortet.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Verkligen skapa? (j/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "aldrig"
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Viktig signaturpolicy: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Signaturpolicy: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Föredragen kritisk nyckelserver: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritisk signaturnotation: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Signaturnotation: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6221,7 +6157,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d felaktiga signaturer\n"
 msgstr[1] "%d felaktiga signaturer\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6229,50 +6165,50 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 signatur validerades inte eftersom ett fel uppstod\n"
 msgstr[1] "1 signatur validerades inte eftersom ett fel uppstod\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Nyckelring"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Primära nyckelns fingeravtryck:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "   Undernyckelns fingeravtryck:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Primära nyckelns fingeravtryck:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "   Undernyckelns fingeravtryck:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "Nyckelns fingeravtryck ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "       Kortets serienr ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 #| msgid "caching keyring `%s'\n"
 msgid "caching keyring '%s'\n"
 msgstr "mellanlagrar nyckelringen \"%s\"\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
@@ -6280,14 +6216,14 @@ msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "%lu nycklar mellanlagrade än så länge (%lu signaturer)\n"
 msgstr[1] "%lu nycklar mellanlagrade än så länge (%lu signaturer)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6295,58 +6231,54 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 felaktig signatur\n"
 msgstr[1] "1 felaktig signatur\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: nyckelring skapad\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "inkludera spärrade nycklar i sökresultatet"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "inkludera undernycklar vid sökning efter nyckel-id"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "hämta automatiskt nycklar vid validering av signaturer"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "respektera föredragen nyckelserver-url inställd i nyckeln"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "respektera PKA-posten inställd på en nyckel när nycklar hämtas"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "inaktiverad"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Ange nummer, N)ästa, eller Q) för Avsluta > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "ogiltigt nyckelserverprotokoll (vi %d!=hanterare %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" inte ett nyckel-id: hoppar över\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
@@ -6354,121 +6286,134 @@ msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "uppdaterar %d nycklar från %s\n"
 msgstr[1] "uppdaterar %d nycklar från %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "VARNING: kunde inte uppdatera nyckeln %s via %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "nyckeln \"%s\" hittades inte på nyckelservern\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "nyckeln hittades inte på nyckelservern\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "begär nyckeln %s från %s-servern %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "begär nyckeln %s från %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
 msgstr "ingen nyckelserveråtgärd!\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "hoppade över \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "skickar nyckeln %s till %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 #| msgid "requesting key %s from %s\n"
 msgid "requesting key from '%s'\n"
 msgstr "begär nyckeln %s från %s\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "VARNING: kunde inte hämta uri:n %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "egendomlig storlek på en krypterad sessionsnyckel (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s krypterad sessionsnyckel\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "krypterad med en okänd algoritm %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "lösenfras genererad med okänd sammandragsalgoritm %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "publik nyckel är %s\n"
 
-# Men jag ändrade så det blev närmare originalet. Per
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "Data krypterat med publik nyckel: korrekt DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "krypterad med %u-bitars %s-nyckel, id %s, skapad %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "krypterad med %s-nyckel, id %s\n"
 
-# Motsatsen till kryptering med symmetrisk nyckel.
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "dekryptering med publik nyckel misslyckades: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "VARNING: multipla klartexter har påträffats\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "krypterad med %lu lösenfraser\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "krypterad med with 1 lösenfras\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+# Motsatsen till kryptering med symmetrisk nyckel.
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "dekryptering med publik nyckel misslyckades: %s\n"
+
+# Men jag ändrade så det blev närmare originalet. Per
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "Data krypterat med publik nyckel: korrekt DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "antar att %s krypterade data\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
@@ -6476,191 +6421,191 @@ msgstr ""
 "istället\n"
 
 # Äldre krypteringalgoritmer skapar ingen mdc dvs. "minisignatur" som skyddar mot att delar av den krypterade texten byts ut/tas bort. Alla nya 128-bitars algoritmer använder mdc: AES, AES192, AES256, BLOWFISH.
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "VARNING: detta meddelande var inte integritetsskyddat\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "dekrypteringen misslyckades: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "dekrypteringen lyckades\n"
 
 # Meddelandet innebär alltså att kontrollen av mdc visade att meddelandet förändrats/manipulerats sedan det krypterades. Block kan ha tagits bort eller bytts ut.
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "VARNING: det krypterade meddelandet har ändrats!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "dekrypteringen misslyckades: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "OBS: avsändaren begärde \"endast-för-dina-ögon\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "ursprungligt filnamn=\"%.*s\"\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "fristående spärrcertifikat - använd \"gpg --import\" för\n"
 "att verkställa\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "ingen signatur hittades\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "FELAKTIG signatur från \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Utgången signatur från \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Korrekt signatur från \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "signaturvalidering utlämnad\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "kan inte hantera detta tvetydliga signaturdata\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Signatur gjord %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "             med %s-nyckeln %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signatur gjordes %s med %s nyckel-id %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "      även känd som \"%s\""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Nyckeln tillgänglig hos: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
 # Visas vid ogiltig signatur:
 # Eftersom signaturen är ogiltig kan man inte vara säker på att angivet namn och nyckel-id är riktigt.
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[osäkert]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "      även känd som \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "VARNING: Denna nyckel är inte certifierad med en pålitlig signatur!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Giltighetstiden för signaturen har upphört %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Giltighetstiden för signaturen går ut %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s signatur, sammandragsalgoritm %s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "binär"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "textläge"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "okänd"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "algorithm: %s"
 msgid ", key algorithm "
 msgstr "algoritm: %s"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Kan inte kontrollera signaturen: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "detta är inte någon signatur i en separat fil\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
@@ -6668,152 +6613,147 @@ msgstr ""
 "VARNING: multipla signaturer upptäckta. Endast den första kommer att "
 "kontrolleras.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "fristående signatur av klassen 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "signatur av den gamla (PGP 2.x) typen\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 #| msgid "fstat of `%s' failed in %s: %s\n"
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "fstat för \"%s\" misslyckades i %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) misslyckades i %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "VARNING: använder experimentella algoritmen %s för publik nyckel\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "VARNING: Elgamal-nycklar för kryptering/signering är föråldrade\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "VARNING: använder experimentella chifferalgoritmen %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "VARNING: använder experimentella sammandragsalgoritmen %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "VARNING: sammandragsalgoritmen %s är föråldrad\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s signatur, sammandragsalgoritm %s\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s signatur, sammandragsalgoritm %s\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s)\n"
 msgstr "läsfel i \"%s\":  %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "läsfel i \"%s\":  %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: flaggan är föråldrad \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "VARNING: inställningen \"%s\" är föråldrad\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "Använd \"%s%s\" istället\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "VARNING: \"%s\" är ett föråldrat kommando - använd det inte\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 #| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: föråldrad flagga \"%s\" - den har ingen effekt\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Okomprimerad"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "okomprimerad|ingen"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "detta meddelande kanske inte kan användas av %s\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 #| msgid "ambiguous option `%s'\n"
 msgid "ambiguous option '%s'\n"
 msgstr "tvetydlig flagga \"%s\"\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown option '%s'\n"
 msgstr "okänd flagga \"%s\"\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, fuzzy, c-format
 #| msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "DSA kräver att hashlängden är delbar med 8 bitar\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6838,100 +6778,89 @@ msgstr "%s: okänt suffix\n"
 msgid "Enter new filename"
 msgstr "Ange nytt filnamn"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "skriver till standard ut\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "antar att signerad data finns i filen \"%s\"\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "kan inte hantera algoritmen %d för publika nycklar\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "VARNING: potentiellt osäker symmetriskt krypterad sessionsnyckel\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritisk signaturnotation: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "underpaket av typen %d har den bit satt som markerar den som kritisk\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "problem med agenten: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Ange den nya lösenfrasen"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Ange lösenfrasen\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "avbruten av användaren\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (primära nyckelns id %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 #| msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Ange lösenfrasen för att avskydda PKCS#12-objektet."
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Ange lösenfrasen för att skydda det nya PKCS#12-objektet."
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Ange lösenfrasen för att skydda det nya PKCS#12-objektet."
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Ange lösenfrasen för att skydda det nya PKCS#12-objektet."
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 #| msgid "%u-bit %s key, ID %s, created %s"
 msgid ""
@@ -6942,7 +6871,7 @@ msgid ""
 "%s"
 msgstr "%u-bitars %s-nyckel, id %s, skapad %s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6956,37 +6885,84 @@ msgstr ""
 "en mycket stor bild, så blir din nyckel också väldigt stor!\n"
 "Försök att använda en bild som har ungefär  formatet 240x288 pixlar.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Skriv JPEG-filnamnet för foto-id: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 #| msgid "unable to open JPEG file `%s': %s\n"
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "kunde inte öppna JPEG-filen \"%s\": %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Den här JPEG-bilden är verkligen stor (%d byte)!\n"
 
 # Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Vill du verkligen använda den? (j/N)? "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 #| msgid "`%s' is not a JPEG file\n"
 msgid "'%s' is not a JPEG file\n"
 msgstr "\"%s\" är inte en JPEG-fil\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Är detta foto korrekt (j/N/a)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "ingen körning av fjärrprogram stöds\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "denna plattform kräver temporärfiler vid anrop till externa program\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+#| msgid "unable to execute shell `%s': %s\n"
+msgid "unable to execute shell '%s': %s\n"
+msgstr "kunde inte köra skalet \"%s\": %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "externt program avslutades felaktigt\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systemfel när externa program anropades: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "VARNING: kan inte ta bort tempfil (%s) \"%s\": %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "VARNING: kunde inte ta bort temp-katalogen \"%s\": %s\n"
+
+# Behörighet att komma åt inställningarna, tror jag. Inte behörigheter i inställningsfilen.
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"anrop av externa program är inaktiverat pga osäkra behörigheter för\n"
+"inställningsfilen\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "kan inte visa foto-id!\n"
@@ -7002,53 +6978,53 @@ msgstr "kan inte visa foto-id!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iIhHaAsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Inget tillitsvärde tilldelat till:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  även känd som \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Hur mycket litar du på att nyckeln faktiskt tillhör den angivna användaren?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = Jag vet inte eller kan inte säga något\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = Jag litar INTE\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = Jag litar förbehållslöst\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  h = gå tillbaka till huvudmenyn\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = hoppa över denna nyckel\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  a = avsluta\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -7057,48 +7033,48 @@ msgstr ""
 "Minimum tillitsnivå för denna nyckel är: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Vad väljer du? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "Vill du verkligen ge denna nyckel förbehållslöst förtroende? (j/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Certifikat som leder till en nyckel med förbehållslöst förtroende:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Det finns inget som säger att nyckeln tillhör den angivna användaren\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Det finns viss information om att nyckeln tillhör den angivna "
 "användaren\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Den här nyckel tillhör antagligen den namngivna användaren\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Denna nyckel tillhör oss\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 #| msgid "root certificate has now been marked as trusted\n"
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "rotcertifikatet har nu markerats som betrott\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -7113,7 +7089,7 @@ msgstr ""
 "användaridentiteten. Om du *verkligen* vet vad du gör, kan du svara\n"
 "ja på nästkommande fråga.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -7123,95 +7099,114 @@ msgstr ""
 "användaridentiteten. Om du *verkligen* vet vad du gör, kan du svara\n"
 "ja på nästkommande fråga.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Vill du använda nyckeln ändå? (j/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "VARNING: Använder en nyckel som inte är betrodd!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "VARNING: denna nyckel kan ha spärrats (spärrnyckeln saknas)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "användaridentitet: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "rad %d: ogiltig algoritm\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "nyckel %s: stämmer inte mot vår lokala kopia\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "rad %d: ogiltig algoritm\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "VARNING: Denna nyckel har spärrats med sin spärrnyckel!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "VARNING: Denna nyckel har spärrats av sin ägare!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Detta kan betyda att signaturen är förfalskad.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "VARNING: Denna undernyckel har spärrats av sin ägare!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Obs: Denna nyckel har stängts av.\n"
 
-#: g10/pkclist.c:613
-#, fuzzy, c-format
-#| msgid "Note: Verified signer's address is `%s'\n"
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Observera: Validerad adress för signeraren är \"%s\"\n"
-
-#: g10/pkclist.c:620
-#, fuzzy, c-format
-#| msgid "Note: Signer's address `%s' does not match DNS entry\n"
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Observera: Signerarens adress \"%s\" matchar inte DNS-objektet\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "trustlevel justerad till FULL på grund av giltig PKA-info\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "trustlevel justerad till NEVER på grund av felaktig PKA-info\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Obs: Giltighetstiden för denna nyckel har gått ut!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "VARNING: Denna nyckel är inte certifierad med en pålitlig signatur!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "VARNING: Denna nyckel är inte certifierad med en pålitlig signatur!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr ""
 "         Det finns inget som indikerar att signaturen tillhör ägaren.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "VARNING: Vi litar INTE på denna nyckel!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Signaturen är sannolikt en FÖRFALSKNING.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"VARNING: Denna nyckel är inte certifierad med signaturer med ett\n"
+"tillräckligt högt tillitsvärde!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7219,54 +7214,54 @@ msgstr ""
 "VARNING: Denna nyckel är inte certifierad med signaturer med ett\n"
 "tillräckligt högt tillitsvärde!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Det är inte säkert att signaturen tillhör ägaren.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: hoppade över: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: hoppades över: den publika nyckeln är inaktiverad\n"
 
 # överhoppad?
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: hoppades över: publik nyckel finns redan\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "kan inte ansluta till \"%s\": %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Du angav ingen användaridentitet. (du kan använda \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Nuvarande mottagare:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7274,26 +7269,26 @@ msgstr ""
 "\n"
 "Ange användaridentiteten.  Avsluta med en tom rad: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Ingen sådan användaridentitet.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr ""
 "hoppade över: den publika nyckeln är redan inställd som standardmottagare\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Den publika nyckeln är inaktiverad.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "hoppade över: publik nyckel redan angiven\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "okänd standardmottagare \"%s\"\n"
@@ -7301,17 +7296,17 @@ msgstr "okänd standardmottagare \"%s\"\n"
 # plural av adressee
 # dvs. den som meddelandet är adresserat till.
 # Åtskillnad görs mellan adressee och receiver.
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "inga giltiga adressater\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Observera: nyckeln %s har ingen %s-förmåga\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Observera: nyckeln %s har ingen inställning för %s\n"
@@ -7321,76 +7316,82 @@ msgstr "Observera: nyckeln %s har ingen inställning för %s\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "data sparades inte, använd flaggan \"--output\" för att spara det\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Signatur i en separat fil.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Ange namnet på datafilen: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "läser från standard in ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "ingen signerad data\n"
 
 # se förra kommentaren
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "kan inte öppna signerat data \"%s\"\n"
 
 # se förra kommentaren
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "kan inte öppna signerad data fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certifikatet är inte användbart för kryptering\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonym mottagare; provar med den hemliga nyckeln %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "certificate is not usable for encryption\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "certifikatet är inte användbart för kryptering\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "ok, vi är den anonyma mottagaren.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "gammal kodning av krypteringsnyckeln stöds inte\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "chifferalgoritmen %d%s är okänd eller inaktiverad\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr ""
 "VARNING: chifferalgoritmen %s hittades inte i mottagarinställningarna\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 #| msgid "NOTE: secret key %s expired at %s\n"
 msgid "Note: secret key %s expired at %s\n"
 msgstr "OBSERVERA: hemliga nyckeln %s gick ut %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
@@ -7398,7 +7399,7 @@ msgstr "OBSERVERA: nyckeln har spärrats"
 
 # Vad?
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet misslyckades: %s\n"
@@ -7416,13 +7417,13 @@ msgstr "Kommer att spärras av:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Detta är en känslig spärrnyckel)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Den hemliga nyckeln finns tillgänglig.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
 
@@ -7431,39 +7432,39 @@ msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
 # -do-not-force översatt med:
 # genomdriv inte
 # I detta fall gäller det ett revokeringscertifikat, som gnupg alltid skapar i ASCII-format för att det ska gå att skriva ut.
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "utdata med ett ascii-skal genomdrivet.\n"
 
 # Vad menas???
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet misslyckades: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Spärrcertifikat skapat.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "inga spärrnycklar hittades för \"%s\"\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 #| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7472,20 +7473,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Spärrcertifikat skapat.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7499,17 +7500,17 @@ msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "fel när nyckelringen \"%s\" skapades: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7527,37 +7528,37 @@ msgstr ""
 "media blir oläsligt.  Men se upp:  Utskriftsfunktionen på\n"
 "din dator kan spara data så att det blir åtkomligt för andra!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Välj anledning till varför nyckeln spärras:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Avbryt"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Troligen vill du välja %d här)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Ange en valfri beskrivning; avsluta med en tom rad:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Anledning för spärrning: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Ingen beskrivning angiven)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Är detta OK? (j/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "skapade en svag nyckel - försöker igen\n"
@@ -7569,53 +7570,48 @@ msgstr ""
 "kan inte undvika en svag nyckel för symmetriskt chiffer;\n"
 "försökte %d gånger!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, fuzzy, c-format
 #| msgid "%s key uses an unsafe (%u bit) hash\n"
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s-nyckeln använder en osäker hash (%u bitar)\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, fuzzy, c-format
 #| msgid "DSA key %s requires a %u bit or larger hash\n"
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "DSA-nyckeln %s kräver en hash med %u bitar eller större\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VARNING: konflikt mellan signatursammandrag i meddelandet\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "du kan inte använda %s när du är i %s-läget\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "VARNING: konflikt mellan signatursammandrag i meddelandet\n"
-
 # Vad betyder det?
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "VARNING: signeringsundernyckeln %s är inte korscertifierad\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "se %s för mer information\n"
 
 # cross-certification?
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "VARNING signeringsundernyckel  %s har en ogiltig korscertifiering\n"
 
 # behövs verkligen c-format här?
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
@@ -7624,7 +7620,7 @@ msgstr[0] "den publika nyckeln %s är %lu sekund nyare än signaturen\n"
 msgstr[1] "den publika nyckeln %s är %lu sekund nyare än signaturen\n"
 
 # behövs verkligen c-format här?
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
@@ -7633,7 +7629,7 @@ msgstr[0] "den publika nyckeln %s är %lu sekund nyare än signaturen\n"
 msgstr[1] "den publika nyckeln %s är %lu sekund nyare än signaturen\n"
 
 # c-format behövs inte i singularis
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7649,7 +7645,7 @@ msgstr[1] ""
 "klocka)\n"
 
 # c-format behövs inte i singularis
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7663,54 +7659,54 @@ msgstr[1] ""
 "nyckeln %s skapades %lu sekund in i framtiden (tidsresande eller felinställd "
 "klocka)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s expired %s\n"
 msgid "Note: signature key %s expired %s\n"
 msgstr "OBSERVERA: signaturnyckeln %s gick ut %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s has been revoked\n"
 msgid "Note: signature key %s has been revoked\n"
 msgstr "OBSERVERA: signaturnyckeln %s har spärrats\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "fristående signatur av klassen 0x%02x\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "fristående signatur av klassen 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "antar felaktig signatur från nyckeln %s på grund av en okänd kritisk bit\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "nyckel %s: ingen undernyckel med spärrsignatur för undernyckel\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "nyckeln %s: ingen undernyckel för signaturbindning av undernyckel\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "VARNING: kan inte %%-expandera anteckning (för stor).  Använder den utan "
 "expansion.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7718,7 +7714,7 @@ msgstr ""
 "VARNING: kunde inte %%-expandera policy-url (för stor).  Använder "
 "oexpanderad.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7727,12 +7723,12 @@ msgstr ""
 "VARNING: kunde inte %%-expandera url för föredragen nyckelserver (för "
 "stor).  Använder oexpanderad.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s signatur från: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7740,40 +7736,41 @@ msgstr ""
 "VARNING: tvinga sammandragsalgoritmen %s (%d) strider mot "
 "mottagarinställningarna\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "signerar:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "krypteringen %s kommer att användas\n"
 
 # Slumptalsgenerator: Random Number Generator
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "nyckeln är inte markerad som osäker - det går inte att använda den med "
 "fejkad slumptalsgenerator!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "hoppade över \"%s\": förekommer flera gånger\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "hoppade över: hemlig nyckel finns redan\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "det här är en PGP-genererad Elgamal-nyckel som inte är säker för signaturer!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "tillitspost: %lu, typ %d: kunde inte skriva: %s\n"
@@ -7787,46 +7784,46 @@ msgstr ""
 "# Skapat lista över tilldelade tillitsvärden %s\n"
 "# (Använd \"gpg --import-ownertrust\" för att återställa dem)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error in '%s': %s\n"
 msgstr "fel i \"%s\": %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "raden är för lång"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "kolon saknas"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "ogiltigt fingeravtryck"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "värde för ägartillit saknas"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 #| msgid "error finding trust record in `%s': %s\n"
 msgid "error finding trust record in '%s': %s\n"
 msgstr "fel vid sökning av tillitsvärde i \"%s\": %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "read error in '%s': %s\n"
 msgstr "läsfel i \"%s\":  %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "tillitsdatabas: synkronisering misslyckades: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 #| msgid "can't create lock for `%s'\n"
 msgid "can't create lock for '%s'\n"
@@ -7839,12 +7836,12 @@ msgstr "kan inte skapa lås för \"%s\"\n"
 msgid "can't lock '%s'\n"
 msgstr "kan inte låsa \"%s\"\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "tillitsdatabasposten %lu: lseek misslyckades: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "tillitsdatabasposten %lu: skrivning misslyckades (n=%d): %s\n"
@@ -7859,7 +7856,7 @@ msgstr "tillitsdatabastransaktion för stor\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: katalogen finns inte!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't access '%s': %s\n"
@@ -7902,7 +7899,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: fel vid uppdatering av versionspost: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: fel vid läsning av versionspost: %s\n"
@@ -7912,52 +7909,52 @@ msgstr "%s: fel vid läsning av versionspost: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: fel vid skrivning av versionspost: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "tillitsdatabas: lseek misslyckades: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "tillitsdatabas: läsning misslyckades (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: detta är inte en tillitsdatabasfil\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: versionspost med postnummer %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: ogiltig filversion %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: fel vid läsning av ledig post: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: fel vid läsning av katalogpost: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: misslyckades med att nollställa en post: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: misslyckades med att lägga till en post: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Fel: Tillitsdatabasen är skadad.\n"
@@ -7999,10 +7996,10 @@ msgstr "algoritmen stöds inte: %s"
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error reading TOFU database: %s\n"
@@ -8026,7 +8023,7 @@ msgstr "%s: fel vid läsning av katalogpost: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "fel vid öppnandet av \"%s\": %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error updating TOFU database: %s\n"
@@ -8205,112 +8202,112 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error changing TOFU policy: %s\n"
 msgstr "fel när ett rör skapades: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "Raderade %d signaturer.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "krypterad med %lu lösenfraser\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "validity: %s"
 msgid "(policy: %s)"
 msgstr "giltighet: %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8327,120 +8324,120 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error opening TOFU database: %s\n"
 msgstr "fel vid sändning av %s-kommando: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "\"%s\" är inget giltigt långt nyckel-id\n"
 
 # trusted??
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "nyckel %s: accepterad som betrodd nyckel\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "nyckeln %s förekommer fler än en gång i tillitsdatabasen\n"
 
 # nyckeln?
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "nyckel %s: ingen publik nyckel för pålitlig nyckel - hoppades över\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "nyckeln %s är markerad med förbehållslöst förtroende\n"
 
 # req står för request
 # kollat med Werner. Per
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "tillitspost %lu, begäran av typ %d: kunde inte läsa: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "tillitsvärdet %lu är inte av begärd typ %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Du kan försöka att skapa tillitsdatabasen igen med dessa kommandon:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "Referera till handboken om detta inte fungerar för dig\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "kunde inte använda okänd tillitsmodell (%d) - antar tillitsmodellen %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "använder tillitsmodellen %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "det behövs ingen kontroll av tillitsdatabasen\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "nästa kontroll av tillitsdatabasen kommer att äga rum %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 #| msgid "no need for a trustdb check with `%s' trust model\n"
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr ""
 "det behövs ingen kontroll av tillitsdatabasen med tillitsmodellen \"%s\"\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 #| msgid "no need for a trustdb update with `%s' trust model\n"
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr ""
 "det behövs ingen uppdatering av tillitsdatabasen med tillitsmodellen \"%s\"\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "publika nyckeln %s hittades inte: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "gör en kontroll av tillitsdatabasen --check-trustdb\n"
 
 # originalet borde ha ett value
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "kontrollerar  tillitsdatabasen\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
@@ -8449,7 +8446,7 @@ msgstr[0] "%lu nycklar behandlade än så länge\n"
 msgstr[1] "%lu nycklar behandlade än så länge\n"
 
 # Vad är detta!?
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8457,47 +8454,47 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d nycklar behandlade (%d validity counts rensade)\n"
 msgstr[1] "%d nycklar behandlade (%d validity counts rensade)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "hittade inga nycklar med förbehållslöst förtroende\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "publik nyckel för förbehållslöst betrodda nyckeln %s hittades inte\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "djup: %d  giltig: %3d  signerad: %3d  tillit: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "kunde inte uppdatera versionspost i tillitsdatabasen: skrivning "
 "misslyckades: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "odefinierad"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "aldrig"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "marginell"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "fullständig"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "förbehållslös"
 
@@ -8518,43 +8515,43 @@ msgstr "förbehållslös"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 #, fuzzy
 #| msgid "10 translator see trustdb.c:uid_trust_string_fixed"
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "15"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[   spärrad   ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[   utgånget  ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[    okänt    ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[ odefinierad ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never"
 msgid "[  never ]"
 msgstr "aldrig"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[  marginell  ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[ fullständig ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[förbehållslös]"
 
@@ -8579,19 +8576,32 @@ msgstr "raden %u är för lång, eller saknar nyradstecken\n"
 msgid "can't open fd %d: %s\n"
 msgstr "kan inte öppna fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+# Äldre krypteringalgoritmer skapar ingen mdc dvs. "minisignatur" som skyddar mot att delar av den krypterade texten byts ut/tas bort. Alla nya 128-bitars algoritmer använder mdc: AES, AES192, AES256, BLOWFISH.
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "VARNING: detta meddelande var inte integritetsskyddat\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option `%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "tvetydlig flagga \"%s\"\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "ställ in felsökningsflaggor"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "aktivera fullständigt felsökningsläge"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Användning: kbxutil [flaggor] [filer] (-h för hjälp)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 #| msgid ""
 #| "Syntax: kbxutil [options] [files]\n"
@@ -8606,72 +8616,198 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Ange PIN-koden"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Ange nollställningskoden för kortet"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Ange PIN-koden"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Ange nollställningskoden för kortet"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Ange administratörens PIN-kod"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|Ange upplåsningskoden (PUK-kod) för standardnycklarna."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-Ã¥teranrop returnerade fel: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN-kod för CHV%d är för kort; minimumlängd är %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN-kod för CHV%d är för kort; minimumlängd är %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "nyckeln finns redan\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "befintlig nyckel kommer att ersättas\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "genererar ny nyckel\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "skriver ny nyckel\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "misslyckades med att lagra nyckeln: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "svaret innehåller inte en RSA-modulus\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "svaret innehåller inte den publika RSA-exponenten\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public key\n"
+msgstr "svaret innehåller inte den publika RSA-exponenten\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "var god vänta under tiden nyckeln genereras ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "nyckelgenereringen misslyckades\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "nyckelgenereringen är färdig (%d sekunder)\n"
+msgstr[1] "nyckelgenereringen är färdig (%d sekunder)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "svaret innehåller inte publikt nyckeldata\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||Ange PIN-koden för nyckeln att skapa kvalificerade signaturer med."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Ange administratörens PIN-kod"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|Ange upplåsningskoden (PUK-kod) för standardnycklarna."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Ange PIN-koden för standardnycklarna."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA modulus saknas eller är inte %d bitar stor\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "Publik RSA-exponent saknas eller större än %d bitar\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN-Ã¥teranrop returnerade fel: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN har ännu inte ändrats\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN har ännu inte ändrats\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Ange en ny PIN-kod för standardnycklarna."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|Ange en ny upplåsningskod (PUK-kod) för standardnycklarna."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Ange en ny PIN-kod för nyckeln att skapa kvalificerade signaturer med."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8679,7 +8815,7 @@ msgstr ""
 "|NP|Ange en ny upplåsningskod (PUK-kod) för nyckeln att skapa kvalificerade "
 "signaturer med."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8687,48 +8823,27 @@ msgstr ""
 "|P|Ange upplåsningskoden (PUK-koden) för nyckeln att skapa kvalificerade "
 "signaturer med."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "fel vid hämtning av ny PIN-kod: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "misslyckades med att lagra fingeravtrycket: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "misslyckades med att lagra datum för skapandet: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "fel vid hämtning av CHV-status från kort\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "svaret innehåller inte en RSA-modulus\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "svaret innehåller inte den publika RSA-exponenten\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the RSA public exponent\n"
-msgid "response does not contain the EC public key\n"
-msgstr "svaret innehåller inte den publika RSA-exponenten\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "svaret innehåller inte publikt nyckeldata\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "läsning av publik nyckel misslyckades: %s\n"
@@ -8736,46 +8851,46 @@ msgstr "läsning av publik nyckel misslyckades: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "använder standard-PIN som %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "misslyckades med att använda standard-PIN som %s: %s - inaktiverar "
 "ytterligare standardanvändning\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
 msgstr "||Ange PIN-koden"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "PIN-kod för CHV%d är för kort; minimumlängd är %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "validering av CHV%d misslyckades: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "kortet är låst permanent!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8786,20 +8901,20 @@ msgstr[0] ""
 msgstr[1] ""
 "%d försök för Admin PIN-koden återstår innan kortet låses permanent\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Ange PIN-koden"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Ange nollställningskoden för kortet"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Nollställningskoden är för kort; minimumlängd är %d\n"
@@ -8807,120 +8922,77 @@ msgstr "Nollställningskoden är för kort; minimumlängd är %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Ny nollställningskod"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Ny Admin PIN-kod"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Ny PIN-kod"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 #| msgid "|A|Please enter the Admin PIN"
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "|A|Ange administratörens PIN-kod"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Ange PIN-koden"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "fel vid läsning av programdata\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "fel vid läsning av fingeravtryckets DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "nyckeln finns redan\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "befintlig nyckel kommer att ersättas\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "genererar ny nyckel\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "skriver ny nyckel\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "tidsstämpel för skapandet saknas\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA-primtal %s saknas eller inte %d bitar stor\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "misslyckades med att lagra nyckeln: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported curve\n"
 msgstr "algoritmen stöds inte: %s"
 
-#: scd/app-openpgp.c:4263
+#: scd/app-openpgp.c:4991
 #, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "var god vänta under tiden nyckeln genereras ...\n"
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ogiltig struktur för OpenPGP-kort (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "nyckelgenereringen misslyckades\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "nyckelgenereringen är färdig (%d sekunder)\n"
-msgstr[1] "nyckelgenereringen är färdig (%d sekunder)\n"
-
-#: scd/app-openpgp.c:4311
-#, c-format
-msgid "invalid structure of OpenPGP card (DO 0x93)\n"
-msgstr "ogiltig struktur för OpenPGP-kort (DO 0x93)\n"
-
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "avtrycket på kortet stämmer inte med den begärda\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "kortet har inte stöd för sammandragsalgoritmen %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "signaturer skapade hittills: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
@@ -8928,7 +9000,7 @@ msgstr ""
 "validering av Admin PIN-kod är för närvarande förbjudet genom detta "
 "kommando\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "kan inte komma åt %s - ogiltigt OpenPGP-kort?\n"
@@ -8942,63 +9014,67 @@ msgstr "||Knappa in din PIN-kod på läsarens knappsats"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Initial PIN-kod"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "kör i multiserverläge (förgrund)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|NIVÅ|ställ in felsökningsnivån till NIVÅ"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FIL|skriv en logg till FIL"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|anslut till läsare på port N"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAMN|använd NAMN som ct-API-drivrutin"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAMN|använd NAMN som PC/SC-drivrutin"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "använd inte den interna CCID-drivrutinen"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|koppla från kortet efter N sekunder inaktivitet"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 #, fuzzy
 #| msgid "do not use a reader's keypad"
 msgid "do not use a reader's pinpad"
 msgstr "använd inte läsarens knappsats"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "neka användning av administratörskommandon för kort"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Användning: gpgconf [flaggor] (-h för hjälp)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 #, fuzzy
 #| msgid ""
 #| "Syntax: scdaemon [options] [command [args]]\n"
@@ -9010,39 +9086,33 @@ msgstr ""
 "Syntax: scdaemon [flaggor] [kommando [argument]]\n"
 "Smartkortsdemon för GnuPG\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, fuzzy, c-format
 #| msgid ""
 #| "please use the option `--daemon' to run the program in the background\n"
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "använd flaggan \"--daemon\" för att köra programmet i bakgrunden\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "hanterare för fd %d startad\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "hanterare för fd %d avslutad\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "fel vid hämtning av nyckelanvändningsinformation: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "valideringsmodellen begärd av certifikat: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "kedja"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "skal"
 
@@ -9077,7 +9147,7 @@ msgstr "observera: icke-kritisk certifikatpolicy tillåts inte"
 msgid "certificate policy not allowed"
 msgstr "certifikatpolicy tillåts inte"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "misslyckades med att få fingeravtrycket\n"
@@ -9092,7 +9162,7 @@ msgstr "slår upp utfärdare på extern plats\n"
 msgid "number of issuers matching: %d\n"
 msgstr "antal utfärdare som matchar: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -9113,232 +9183,232 @@ msgstr "antal matchande certifikat: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "uppslag av endast-mellanlagrad dirmngr-nyckel misslyckades: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "misslyckades med att allokera keyDB-hanterare\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "certifikatet har spärrats"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "status för certifikatet är okänt"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "se till att \"dirmngr\" är korrekt installerat\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "kontroll mot spärrlistan misslyckades: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "certifikat med felaktig giltighetstid: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "certifikatet är ännu inte giltigt"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "rotcertifikatet är ännu inte giltigt"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "tillfälligt certifikat är ännu inte giltigt"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "certifikatet har gått ut"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "rotcertifikatet har gått ut"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "tillfälligt certifikat har gått ut"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "nödvändiga certifikattillägg saknas: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "certifikat med felaktig giltighetstid"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "signaturen inte skapad under certifikatets livstid"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "certifikatet skapades inte under utfärdarens livstid"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "tillfälligt certifikat är inte skapat under utfärdarens livstid"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  signatur skapad "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (certifikat skapat "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (certifikat giltigt från "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     utfärdare giltig från "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "fingeravtryck=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "rotcertifikatet har nu markerats som betrott\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "interaktiv markering som betrodd inte aktiverad i gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "interaktiv markering som betrodd inaktiverad för den här sessionen\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "VARNING: tid för skapandet av signaturen är inte känd - antar aktuell tid"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "ingen utfärdare hittades i certifikatet"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "självsignerat certifikat har en FELAKTIG signatur"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "rotcertifikatet har inte markerats som betrott"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "kontroll mot tillitslistan misslyckades: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "certifikatkedjan är för lång\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "utfärdarens certifikat hittades inte"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "certifikatet har en FELAKTIG signatur"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "hittade ett annat möjligen matchande CA-certifikat - försöker igen"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "certifikatkedjan längre än vad som tillåts av CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "certifikatet är korrekt\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "tillfälligt certifikat är korrekt\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "rotcertifikatet är korrekt\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "växlar till kedjemodell"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "valideringsmodell använd: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "en %u-bitars hash är inte giltig för en %u-bitars %s-nyckel\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "slut på minne\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(det här är MD2-algoritmen)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "ingen"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Fel - ogiltig kodning]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Fel - slut på kärna]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Fel - Inget namn]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Fel - ogiltigt DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9353,96 +9423,107 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "skapad %s, går ut %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "ingen nyckelanvändning angiven - antar alla användningsområden\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "fel vid hämtning av nyckelanvändningsinformation: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for certification\n"
 msgid "certificate should not have been used for certification\n"
 msgstr "certifikatet skulle inte använts för certifiering\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "certifikatet skulle inte använts för signering av OCSP-svar\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for encryption\n"
 msgid "certificate should not have been used for encryption\n"
 msgstr "certifikatet skulle inte använts för kryptering\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for signing\n"
 msgid "certificate should not have been used for signing\n"
 msgstr "certifikatet skulle inte använts för signering\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "certifikatet är inte användbart för kryptering\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "certifikatet är inte användbart för signering\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "Included certificates"
+msgid "looking for another certificate\n"
+msgstr "Inkluderade certifikat"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "rad %d: ogiltig nyckellängd %u (giltiga är %d till %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "rad %d: inget ämnesnamn angivit\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "rad %d: ogiltig ämnesnamnsetikett \"%.*s\"\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "rad %d: ogiltigt ämnesnamn \"%s\" på position %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "rad %d: inte en giltig e-postadress\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid serial number\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "rad %d: ogiltig ämnesnamnsetikett \"%.*s\"\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "rad %d: ogiltigt ämnesnamn \"%s\" på position %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid date given\n"
@@ -9450,37 +9531,37 @@ msgstr "rad %d: ogiltig algoritm\n"
 
 # keygrip (i.e. a hash over the public key
 # parameters) formatted as a hex string.
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "rad %d: fel vid hämtning av nyckelhashen \"%s\": %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid authority-key-id\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject-key-id\n"
 msgstr "rad %d: ogiltigt ämnesnamn \"%s\" på position %d\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid extension syntax\n"
 msgstr "rad %d: ogiltig algoritm\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 #| msgid "line %d: error reading key `%s' from card: %s\n"
 msgid "line %d: error reading key '%s' from card: %s\n"
@@ -9488,18 +9569,18 @@ msgstr "rad %d: fel vid läsning av nyckeln \"%s\" från kortet: %s\n"
 
 # keygrip (i.e. a hash over the public key
 # parameters) formatted as a hex string.
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "rad %d: fel vid hämtning av nyckelhashen \"%s\": %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "rad %d: nyckelgenerering misslyckades: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9507,45 +9588,45 @@ msgstr ""
 "Ange lösenfrasen en gång till för nyckeln som du just skapade för att "
 "färdigställa denna certifikatbegäran.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Befintlig nyckel\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Befintlig nyckel från kort\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Möjliga åtgärder för en %s-nyckel:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) signering, kryptering\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) signering\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) kryptering\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Ange ämnesnamn för X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Inget ämnesnamn angivet\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 #| msgid "Invalid subject name label `%.*s'\n"
 msgid "Invalid subject name label '%.*s'\n"
@@ -9556,256 +9637,249 @@ msgstr "Ogiltig ämnesnamnsetikett \"%.*s\"\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 #| msgid "Invalid subject name `%s'\n"
 msgid "Invalid subject name '%s'\n"
 msgstr "Ogiltigt ämnesnamn \"%s\"\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "20"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Ange e-postadresser"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (avsluta med en tom rad):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Ange DNS-namn"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (valfritt: avsluta med en tom rad:\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Ange URI:er"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 #| msgid "Create a designated revocation certificate for this key? (y/N) "
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "fel när temporärfil skapades: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 #, fuzzy
 #| msgid "self-signed certificate has a BAD signature"
 msgid "Now creating self-signed certificate.  "
 msgstr "självsignerat certifikat har en FELAKTIG signatur"
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Now creating certificate request.  This may take a while ...\n"
 msgid "Now creating certificate request.  "
 msgstr "Skapar nu en certifikatbegäran.  Det kan ta en stund ...\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Färdig.  Du bör nu skicka denna begäran till din certifikatutfärdare.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "resursproblem: slut på minne\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s-krypterad data\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(det här är RC2-algoritmen)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(det här verkar inte vara ett krypterat meddelande)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "krypterad med %s-nyckel, id %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 #| msgid "certificate `%s' not found: %s\n"
 msgid "certificate '%s' not found: %s\n"
 msgstr "certifikatet \"%s\" hittades inte: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "fel vid låsning av nyckelskåp: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "dubblett av certifikatet \"%s\" borttaget\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' deleted\n"
 msgstr "certifikatet \"%s\" togs bort\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "borttagning av certifikatet \"%s\" misslyckades: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "inga giltiga mottagare angavs\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "lista externa nycklar"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "lista certifikatkedja"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "importera certifikat"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "exportera certifikat"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "registrera ett smartkort"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "skicka ett kommando till dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "starta gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "använd inte terminalen alls"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|antal certifikat att inkludera"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FIL|hämta policyinformation från FIL"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "anta att inmatning är i PEM-format"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "anta att inmatning är i base-64-format"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "anta att inmatning är i binärformat"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "skapa base-64-kodat utdata"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|ANVÄNDAR-ID|använd ANVÄNDAR-ID som förvald hemlig nyckel"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FIL|lägg till nyckelring till listan över nyckelringar"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|använd denna nyckelserver för att slå upp nycklar"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "hämta saknade utfärdarcertifikat"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAMN|använd kodningen NAMN för PKCS#12-lösenfraser"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "kontrollera aldrig mot spärrlista"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "kontrollera inte spärrlistor för rotcertifikat"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "kontrollera giltigheten med OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "kontrollera inte certifikatpolicier"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAMN|använd chifferalgoritmen NAMN"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAMN|använd algoritmen NAMN för kontrollsummor"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "satsläge: fråga aldrig"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "anta ja på de flesta frågorna"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "anta nej på de flesta frågorna"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FIL|skriv en granskningslogg till FIL"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
 
 # Om inget kommando anges (decrypt/encrypt etc) väljs åtgärd efter indata.
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgsm [options] [files]\n"
@@ -9820,91 +9894,128 @@ msgstr ""
 "signera, kontrollera, kryptera eller dekryptera med S/MIME-protokollet\n"
 "standardåtgärden beror på inmatningsdata\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 #| msgid "NOTE: won't be able to encrypt to `%s': %s\n"
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "OBSERVERA: kommer inte att kunna kryptera till \"%s\": %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 #| msgid "unknown validation model `%s'\n"
 msgid "unknown validation model '%s'\n"
 msgstr "okänd valideringsmodell \"%s\"\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: inget värdnamn angivet\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: lösenord angivet utan användare\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: hoppar över denna rad\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "kunde inte tolka nyckelserver\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 #| msgid "importing common certificates `%s'\n"
 msgid "importing common certificates '%s'\n"
 msgstr "importerar vanliga certifikat \"%s\"\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 #| msgid "can't sign using `%s': %s\n"
 msgid "can't sign using '%s': %s\n"
 msgstr "kan inte signera med \"%s\": %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "ogiltigt kommando (det finns inget implicit kommando)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "totalt antal behandlade: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "fel vid lagring av certifikat\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "enkla certifikatkontroller misslyckades - importeras inte\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "fel vid hämtning av lagrade flaggor: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "fel vid import av certifikat: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "fel vid läsning av indata: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "ingen gpg-agent kör i den här sessionen\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+#| msgid "error opening `%s': %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "fel vid öppnandet av \"%s\": %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "problem vid sökandet efter befintligt certifikat: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "fel vid sökning efter skrivbar keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "problem vid ytterligare sökning efter certifikat: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "fel vid lagring av flaggor: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Fel - "
 
@@ -9914,19 +10025,19 @@ msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 "GPG_TTY har inte ställts in - använder kanske felaktigt standardvärde\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 #| msgid "invalid formatted fingerprint in `%s', line %d\n"
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "ogiltigt formaterat fingeravtryck i \"%s\", rad %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid country code in '%s', line %d\n"
 msgstr "ogiltig landskod i \"%s\", rad %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9943,7 +10054,7 @@ msgstr ""
 "\n"
 "%s%sÄr du säker på att du vill göra det här?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9952,7 +10063,7 @@ msgstr ""
 "Observera att den här programvaran inte officiellt godkänts för att skapa "
 "eller validera sådana signaturer.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9964,55 +10075,61 @@ msgstr ""
 "Observera att det här certifikatet INTE kommer att skapa en kvalificerad "
 "signatur!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "hashalgoritm %d (%s) för signerare %d stöds inte; använder %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "hashalgoritm som används för signerare %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "sökande efter kvalificerat certifikat misslyckades: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Signatur gjordes %s med %s nyckel-id %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Signatur gjord "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[datum inte angivet]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algoritm: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr ""
 "ogiltig signatur: attribut för kontrollsumma matchar inte den beräknade\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Korrekt signatur från"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "      även känd som"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Det här är en kvalificerad signatur\n"
@@ -10039,117 +10156,117 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "problem vid sökandet efter befintligt certifikat: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, fuzzy, c-format
 #| msgid "looking up issuer from the Dirmngr cache\n"
 msgid "dropping %u certificates from the cache\n"
 msgstr "slår upp utfärdare från Dirmngr-cachen\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "kan inte skapa \"%s\": %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' already cached\n"
 msgstr "certifikatet \"%s\" togs bort\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "trusted certificate '%s' loaded\n"
 msgstr "dubblett av certifikatet \"%s\" borttaget\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' loaded\n"
 msgstr "certifikatet \"%s\" togs bort\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 #| msgid "fingerprint=%s\n"
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "fingeravtryck=%s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error loading certificate '%s': %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 #| msgid "Included certificates"
 msgid "permanently loaded certificates: %u\n"
 msgstr "Inkluderade certifikat"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "    runtime cached certificates: %u\n"
 msgstr "antal matchande certifikat: %d\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "antal matchande certifikat: %d\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 #| msgid "  (certificate created at "
 msgid "certificate already cached\n"
 msgstr "  (certifikat skapat "
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate cached\n"
 msgstr "certifikatet är korrekt\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error caching certificate: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "ogiltigt fingeravtryck"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by subject: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 #| msgid "no issuer found in certificate"
 msgid "no issuer found in certificate\n"
 msgstr "ingen utfärdare hittades i certifikatet"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting authorityKeyIdentifier: %s\n"
@@ -10726,71 +10843,71 @@ msgstr "certifikatet \"%s\" hittades inte: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "certifikatet \"%s\" hittades inte: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 #| msgid "  (certificate created at "
 msgid "add a certificate to the cache"
 msgstr "  (certifikat skapat "
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "Included certificates"
 msgid "validate a certificate"
 msgstr "Inkluderade certifikat"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup a certificate"
 msgstr "Inkluderade certifikat"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup only locally stored certificates"
 msgstr "Inkluderade certifikat"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "load a CRL into the dirmngr"
 msgstr "skicka ett kommando till dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 #| msgid "export certificates"
 msgid "expect certificates in PEM format"
 msgstr "exportera certifikat"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr "Ange användaridentiteten för spärrnyckeln: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10798,240 +10915,236 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error reading certificate from stdin: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading certificate from '%s': %s\n"
 msgstr "fel vid läsning från %s: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "kan inte ansluta till \"%s\": %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "uppdateringen misslyckades: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "validation of certificate failed: %s\n"
 msgstr "borttagning av certifikatet \"%s\" misslyckades: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate is valid\n"
 msgstr "certifikatet är korrekt\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked\n"
 msgstr "certifikatet har spärrats"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "certificate check failed: %s\n"
 msgstr "borttagning av certifikatet \"%s\" misslyckades: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "fel vid skrivning av hemliga nyckelringen \"%s\": %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported inquiry '%s'\n"
 msgstr "algoritmen stöds inte: %s"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 #| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FIL|kör kommandon från FIL vid uppstart"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "shutdown the dirmngr"
 msgstr "skicka ett kommando till dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Konfiguration för nyckelservrar"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL| använd nyckelservern på URL"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Konfiguration för HTTP-servrar"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "använd systemets HTTP-proxyinställningar"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Konfiguration av LDAP-servrar som ska användas"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|använd denna nyckelserver för att slå upp nycklar"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 #| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FIL|läs inställningar från FIL"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|ställ in maximal livstid för PIN-cache till N sekunder"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Konfiguration för OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 #, fuzzy
 #| msgid "allow PKA lookups (DNS requests)"
 msgid "allow sending OCSP requests"
 msgstr "tillåt PKA-uppslag (DNS-förfrågningar)"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 #| msgid "|URL|use keyserver at URL"
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL| använd nyckelservern på URL"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
 # inställningar istället för flaggor?
 # Nej, här är det bruksanvisningen för kommandoraden.
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -11044,13 +11157,13 @@ msgstr ""
 "@\n"
 "(Se manualsidan för en fullständig lista över alla kommandon och flaggor)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Användning: gpgconf [flaggor] (-h för hjälp)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -11062,126 +11175,329 @@ msgstr ""
 "Syntax: gpg-agent [flaggor] [kommando [argument]]\n"
 "Hantering av hemliga nycklar för GnuPG\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "valid debug levels are: %s\n"
 msgstr "ogiltig debug-level \"%s\" angiven\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] "
 msgstr "användning: gpgsm [flaggor] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s är inte tillåten tillsammans med %s!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' failed: %s\n"
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "konvertering från \"%s\" till \"%s\" misslyckades: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 #| msgid "line too long - skipped\n"
 msgid "%s:%u: line too long - skipped\n"
 msgstr "raden är för lång - hoppades över\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "ogiltigt fingeravtryck"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "%s:%u: read error: %s\n"
 msgstr "läsfel i \"%s\":  %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 #| msgid "not forced"
 msgid "shutdown forced\n"
 msgstr "inte tvingad"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
+
+#: dirmngr/dirmngr_ldap.c:111
+#, fuzzy
+#| msgid "|N|connect to reader at port N"
+msgid "|N|connect to port N"
+msgstr "|N|anslut till läsare på port N"
+
+#: dirmngr/dirmngr_ldap.c:112
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAMN|använd NAMN som standardmottagare"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "ogiltiga importflaggor\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+#| msgid "error writing to %s: %s\n"
+msgid "error writing to stdout: %s\n"
+msgstr "fel vid skrivning till %s: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+#| msgid "certificate `%s' not found: %s\n"
+msgid "attribute '%s' not found\n"
+msgstr "certifikatet \"%s\" hittades inte: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "läser från \"%s\"\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "       utan användaridentiteter: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          pass '%s'\n"
+msgstr "      även känd som \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          host '%s'\n"
+msgstr "       utan användaridentiteter: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "               inte importerade: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "            DN '%s'\n"
+msgstr "      även känd som \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          attr '%s'\n"
+msgstr "      även känd som \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+#| msgid "%s:%u: no hostname given\n"
+msgid "no host name in '%s'\n"
+msgstr "%s:%u: inget värdnamn angivet\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: Using untrusted key!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "VARNING: Använder en nyckel som inte är betrodd!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "misslyckades med att ta bort ASCII-skalet: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+#| msgid "`%s' is not a JPEG file\n"
+msgid "'%s' is not an LDAP URL\n"
+msgstr "\"%s\" är inte en JPEG-fil\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error accessing '%s': http status %u\n"
 msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 #| msgid "too many cipher preferences\n"
 msgid "too many redirections\n"
 msgstr "för många chifferinställningar\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "skriver till \"%s\"\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 #| msgid "error writing to %s: %s\n"
 msgid "error printing log line: %s\n"
 msgstr "fel vid skrivning till %s: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
@@ -11213,54 +11529,33 @@ msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 #| msgid "sending key %s to %s server %s\n"
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "skickar nyckeln %s till %s-servern %s\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "malloc failed: %s\n"
 msgstr "val misslyckades: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
-msgid "'%s' is not an LDAP URL\n"
-msgstr "\"%s\" är inte en JPEG-fil\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: lösenord angivet utan användare\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: hoppar över denna rad\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -11358,103 +11653,103 @@ msgstr "kontroll mot tillitslistan misslyckades: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 #| msgid "receiving line failed: %s\n"
 msgid "allocating list item failed: %s\n"
 msgstr "mottagande rad misslyckades: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 #| msgid "error getting new PIN: %s\n"
 msgid "error getting responder ID: %s\n"
 msgstr "fel vid hämtning av ny PIN-kod: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "certifikatet skulle inte använts för signering av OCSP-svar\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 #| msgid "issuer certificate not found"
 msgid "issuer certificate not found: %s\n"
 msgstr "utfärdarens certifikat hittades inte"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, fuzzy, c-format
 #| msgid "error reading list of trusted root certificates\n"
 msgid "caller did not return the target certificate\n"
 msgstr "fel vid inläsning av betrodda rotcertifikat\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 #| msgid "error storing certificate\n"
 msgid "caller did not return the issuing certificate\n"
 msgstr "fel vid lagring av certifikat\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 #| msgid "failed to allocate keyDB handle\n"
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "misslyckades med att allokera keyDB-hanterare\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "ingen hemlig nyckelring angiven som standard: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, fuzzy, c-format
 #| msgid "using default PIN as %s\n"
 msgid "using default OCSP responder '%s'\n"
 msgstr "använder standard-PIN som %s\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "använder %s-chiffer\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "fel vid lagring av certifikat: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "certifikatet har spärrats"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11465,76 +11760,80 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "sändande rad misslyckades: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 #| msgid "sending line failed: %s\n"
 msgid "assuan_inquire failed: %s\n"
 msgstr "sändande rad misslyckades: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "val misslyckades: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error sending data: %s\n"
 msgstr "fel vid sändning av %s-kommando: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "start_cert_fetch failed: %s\n"
 msgstr "val misslyckades: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_next_cert failed: %s\n"
 msgstr "val misslyckades: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 #| msgid "cannot allocate outfile string: %s\n"
 msgid "can't allocate control structure: %s\n"
 msgstr "kan inte allokera utfilssträng: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 #| msgid "failed to create stream from socket: %s\n"
 msgid "failed to allocate assuan context: %s\n"
 msgstr "misslyckades med att skapa flöde från uttag: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "misslyckades med att initialisera tillitsdatabasen: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 #| msgid "failed to store the creation date: %s\n"
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "misslyckades med att lagra datum för skapandet: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11587,57 +11886,63 @@ msgstr "certifikatet är korrekt\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "certifikatet skulle inte använts för signering\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "tyst"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "skriv ut data hexkodat"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "avkoda mottagna datarader"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "connect to the dirmngr"
 msgstr "skicka ett kommando till dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "pass a command to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "skicka ett kommando till dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "kör Assuan-servern som angivits på kommandoraden"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "använd inte utökat anslutningsläge"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FIL|kör kommandon från FIL vid uppstart"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "kör /subst vid uppstart"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 #| msgid "Usage: gpg-connect-agent [options] (-h for help)"
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Användning: gpg-connect-agent [flaggor] (-h för hjälp)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-connect-agent [options]\n"
@@ -11649,196 +11954,212 @@ msgstr ""
 "Syntax: gpg-connect-agent [flaggor]\n"
 "Anslut till en körande agent och skicka kommandon\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "flaggan \"%s\" kräver ett program och valfria argument\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "flaggan \"%s\" ignoreras på grund av \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "mottagande rad misslyckades: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "raden är för lång - hoppades över\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "rad nerkortad på grund av inbäddat Nul-tecken\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 #| msgid "unknown command `%s'\n"
 msgid "unknown command '%s'\n"
 msgstr "okänt kommando \"%s\"\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "sändande rad misslyckades: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "ingen gpg-agent kör i den här sessionen\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "fel vid sändning av standardflaggor: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "publik nyckel är %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr ""
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 #| msgid "Bad Passphrase"
 msgid "Passphrase Entry"
 msgstr "Felaktig lösenfras"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 #| msgid "Component not found"
 msgid "Component not suitable for launching"
 msgstr "Komponenten hittades inte"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Extern validering av komponenten %s misslyckades"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Använd kommandot \"toggle\" först.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Extern validering av komponenten %s misslyckades"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Observera att gruppspecifikationer ignoreras\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error closing '%s'\n"
 msgstr "fel vid stängning av %s: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "fel i \"%s\": %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "lista alla komponenter"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "kontrollera alla program"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|KOMPONENT|lista flaggor"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|KOMPONENT|ändra flaggor"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|KOMPONENT|kontrollera flaggor"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "tillämpa globala standardvärden"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FIL|hämta policyinformation från FIL"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 #, fuzzy
 #| msgid "get the configuration directories for gpgconf"
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "hämta konfigurationskatalogerna för gpgconf"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "lista global konfigurationsfil"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "kontrollera global konfigurationsfil"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "uppdatera tillitsdatabasen"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 #, fuzzy
 #| msgid "list all components"
 msgid "reload all or a given component"
 msgstr "lista alla komponenter"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 #, fuzzy
 #| msgid "list all components"
 msgid "launch a given component"
 msgstr "lista alla komponenter"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 #, fuzzy
 #| msgid "list all components"
 msgid "kill a given component"
 msgstr "lista alla komponenter"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "använd som fil för utdata"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "aktivera ändringar vid körtid, om möjligt"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Användning: gpgconf [flaggor] (-h för hjälp)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgconf [options]\n"
@@ -11850,15 +12171,15 @@ msgstr ""
 "Syntax: gpgconf [flaggor]\n"
 "Hantera konfigurationsinställningar för verktygen i GnuPG-systemet\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Behöver ett komponentargument"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Komponenten hittades inte"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Inget argument tillåts"
 
@@ -11874,142 +12195,255 @@ msgstr ""
 "Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
 "Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "tvinga symmetriskt chiffer med %s (%d) strider mot "
-#~ "mottagarinställningarna\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "OBSERVERA: nycklar har redan lagrats på kortet!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "fel vid skrivning till temporärfil: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "OBSERVERA: nycklar har redan lagrats på kortet!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "använd en loggfil för servern"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Ersätt existerande nycklar? (j/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FIL|skriv en serverlägeslogg till FIL"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "OpenPGP-kort nr. %s identifierades\n"
 
-#, fuzzy
-#~| msgid "Quit without saving? (y/N) "
-#~ msgid "run without asking a user"
-#~ msgstr "Avsluta utan att spara? (j/N) "
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "tillåt PKA-uppslag (DNS-förfrågningar)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Flaggor som kontrollerar formatet på utdata"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~| msgid "Options controlling the security"
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Flaggor som kontrollerar säkerheten"
-
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP-serverlista"
+#| msgid "  (certificate created at "
+msgid "authenticate to the card"
+msgstr "  (certifikat skapat "
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "begär nyckeln %s från %s-servern %s\n"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: inget värdnamn angivet\n"
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use NAME as default recipient"
+msgid "setup KDF for PIN authentication"
+msgstr "|NAMN|använd NAMN som standardmottagare"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "kunde inte tolka nyckelserver\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~| msgid "|NAME|connect to Assuan socket NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
+#| msgid "  (certificate created at "
+msgid "read a certificate from a data object"
+msgstr "  (certifikat skapat "
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~| msgid "|N|connect to reader at port N"
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|anslut till läsare på port N"
+#| msgid "  (certificate created at "
+msgid "store a certificate to a data object"
+msgstr "  (certifikat skapat "
 
-#, fuzzy
-#~| msgid "|NAME|use NAME as default recipient"
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAMN|använd NAMN som standardmottagare"
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "ändra en lösenfras"
+
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "identifierade kort med serienummer: %s\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "ogiltiga importflaggor\n"
+#~| msgid "error getting default authentication keyID of card: %s\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "fel när nyckel-id för autentisering hämtades från kortet: %s\n"
+
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "Ta bort det aktuella kortet och mata in det med serienummer"
+
+#~ msgid "use a log file for the server"
+#~ msgstr "använd en loggfil för servern"
 
 #, fuzzy
-#~| msgid "error writing to %s: %s\n"
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "fel vid skrivning till %s: %s\n"
+#~| msgid "no running gpg-agent - starting one\n"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "ingen körande gpg-agent - startar en\n"
+
+#~ msgid "argument not expected"
+#~ msgstr "argument förväntades inte"
+
+#~ msgid "read error"
+#~ msgstr "läsfel"
+
+#~ msgid "keyword too long"
+#~ msgstr "nyckelordet är för långt"
+
+#~ msgid "missing argument"
+#~ msgstr "argument saknas"
 
 #, fuzzy
-#~| msgid "certificate `%s' not found: %s\n"
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "certifikatet \"%s\" hittades inte: %s\n"
+#~| msgid "invalid value\n"
+#~ msgid "invalid argument"
+#~ msgstr "ogiltigt värde\n"
+
+#~ msgid "invalid command"
+#~ msgstr "ogiltigt kommando"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "ogiltig aliasdefinition"
+
+#~ msgid "out of core"
+#~ msgstr "slut på minne"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "läser från \"%s\"\n"
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "ogiltigt kommando"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "       utan användaridentiteter: %lu\n"
+#~| msgid "unknown command `%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "okänt kommando \"%s\"\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          pass '%s'\n"
-#~ msgstr "      även känd som \"%s\""
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "oväntat skal: "
+
+#~ msgid "invalid option"
+#~ msgstr "ogiltig flagga"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "argument för flaggan \"%.50s\" saknas\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "flaggan \"%.50s\" förväntar sig inte ett argument\n"
+
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "ogiltigt kommando \"%.50s\"\n"
+
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "flagga \"%.50s\" är tvetydig\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "kommandot \"%.50s\" är tvetydigt\n"
+
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "ogiltig flagga \"%.50s\"\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          host '%s'\n"
-#~ msgstr "       utan användaridentiteter: %lu\n"
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "OBS: inställningsfilen \"%s\" saknas\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "               inte importerade: %lu\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "inställningsfil \"%s\": %s\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "            DN '%s'\n"
-#~ msgstr "      även känd som \"%s\""
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "du kan inte använda %s när du är i %s-läget\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          attr '%s'\n"
-#~ msgstr "      även känd som \"%s\""
+#~| msgid "unable to execute program `%s': %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "kunde inte köra programmet \"%s\": %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "kunde inte köra det externa programmet\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "kan inte läsa svaret från det externa programmet: %s\n"
+
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "validera signaturer med PKA-data"
+
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "öka tillit på signaturer med giltigt PKA-data"
 
 #, fuzzy
-#~| msgid "%s:%u: no hostname given\n"
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "%s:%u: inget värdnamn angivet\n"
+#~| msgid "   (%d) DSA and Elgamal\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) DSA och Elgamal\n"
+
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "respektera PKA-posten inställd på en nyckel när nycklar hämtas"
 
 #, fuzzy
-#~| msgid "WARNING: Using untrusted key!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "VARNING: Använder en nyckel som inte är betrodd!\n"
+#~| msgid "Note: Verified signer's address is `%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Observera: Validerad adress för signeraren är \"%s\"\n"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+#~| msgid "Note: Signer's address `%s' does not match DNS entry\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Observera: Signerarens adress \"%s\" matchar inte DNS-objektet\n"
+
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "trustlevel justerad till FULL på grund av giltig PKA-info\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "trustlevel justerad till NEVER på grund av felaktig PKA-info\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FIL|skriv en serverlägeslogg till FIL"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+#~| msgid "Quit without saving? (y/N) "
+#~ msgid "run without asking a user"
+#~ msgstr "Avsluta utan att spara? (j/N) "
+
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "tillåt PKA-uppslag (DNS-förfrågningar)"
+
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Flaggor som kontrollerar formatet på utdata"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "misslyckades med att ta bort ASCII-skalet: %s\n"
+#~| msgid "Options controlling the security"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Flaggor som kontrollerar säkerheten"
+
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP-serverlista"
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -12069,8 +12503,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "kunde inte öppna %s för skrivning: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "fel vid läsning från %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "fel vid skrivning till %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "fel vid stängning av %s: %s\n"
@@ -12134,12 +12568,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " använder certifikat-id 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "du kan inte använda %s när du är i %s-läget\n"
-
 #~ msgid "male"
 #~ msgstr "man"
 
@@ -12195,11 +12623,6 @@ msgstr ""
 #~ msgstr "fel vid skrivning av publika nyckelringen \"%s\": %s\n"
 
 #, fuzzy
-#~| msgid "waiting %d seconds for the agent to come up\n"
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "väntar %d sekunder för att agenten ska komma igång\n"
-
-#, fuzzy
 #~| msgid "error closing %s: %s\n"
 #~ msgid "error looking up: %s\n"
 #~ msgstr "fel vid stängning av %s: %s\n"
diff --git a/po/tr.gmo b/po/tr.gmo
index cafa5968428b2a4624f25422d111a512669516d3..962879955e1e4149f25f02a6f24eea384ffcf52d 100644
GIT binary patch
delta 27185
zcmYk^1$Y%l!-nBKNeDrLBshc|Ai*7iySsa_00Dx#77lL3DFk;)p?E04-HQ~8yR}d#
zw8fqOdCv^r-@UHk9^2W`-2<O&{XSsdhyc&6AivoT*JVG)$$%HKI?iB!$C+GPxsKDT
zljG#U-dGZsV1UbUu48J_4>~)}3H*q`cr@B^(%>}=#TS?!gS(ja^I2;dJx;XE7-wC9
z1-W5A7F7c_ovW+kR3hCP^WqAuj^|PJGITQ!XoQJK_eOPam~}R$CA}Us&|_XbjKF5N
zx|^P7L{%t?$*~dU!j8z~I5RN|?!c6I6TKtF#H53JI8HKjV;~m5R9F_(ZW9c{zL=8d
zJ9BM?4X6hk!F2c+=EnFv&5eao4b{g?*csJ<NvQfut-Gw3tp8dQ_cHaeVG#8zphr{H
zn2357iAoR06gbJ|FF~#0Zq$riu|CFRq(5Rf2KF{nTnN=(ZEF|INqRhH#x2+iFZOmk
z-kulg<2XsksDmNc3N^x^sHs|nnu&v$4gW@UD0N@6WQ9=aT37))V`=;eGvc492M6>s
z9nFQB>H7Vce?4fBEtrq0xF5B~_fZdw-=Fowe5jGt!xY%vrbpTI64a*Kikg{Im>qAT
z2I4=!+?NZ3Ntg2w(SsVHdO8SIF~+8MTd$)!`X1GR3<FL5;;3ES4D(?hRC~)&d*Udj
z#=EEyze6pRdyv_zo+?DN<_$4Fwn05$x^+Ej>QAC(;tdwY(7}#V4I80${UYmHRC{r#
zr96ZQ@GfeJo}f-k{2|^M@Hp9sR3f7!=D`uDj%>iZcpG)jlMFSRs2S!WJsQ=aji?S>
zMve3V#>bDSJ>~bUS&CpxOF9fS(`7In`_E}b#Gi~owt@#!k)DU?aTBWHQ&<QepdOHB
zn3)MTs^g6@IgUnkY&L2DdoTe1LM`np)QqGX&J5`MhY`_>q8O@YRWJiap*k`Ob>lqL
zgZE-tJc?Qhe;O%)B{3roz!02`8bB;+<Y!Tv_D?K^pV6Z!DmubcsA6r4dhifb12a&Y
zYCUQbokQ*Fw>F(=q-nSsYNV}D?RLbX*dL4FdelrkK+R;(DCWO7kt(CinvcLzq&H(N
ze1=uA<Y<lxj>a;07_|p{$Cz`T50jGaj+&uiHa!+Ilb($UaXV_J4q;0CJccO<B9daP
z89_GGNK2vCvMp*#``Gdss1f{tVR!*G;&-Si^%-Yos3dCb+o9fkGf<m)w=I8)I#nq=
z<IU8UM@{uNsDgp09<Rg*+=%Mf@2D3?f(ho$7lL}x6hVKiiW+epoQu7&8YY}*@*84y
z(gRQf@GK#sO>r12<5kqugibP>C<4=wZiw1MJy0_;0X5>)s1DshosyTR_7Z<*&Uq$W
zO1eC1fcH={{@J8GPV&hnBM<5U<xmf7foZTmR=}yKj-5lT^+VJWy+Li(1XJvr4daup
zg6dcuRCzm82L_{-W;VKY{tpw;l>BZhB$;a7^*J#i`8Cl8o1hwOj_OEvOoF3P9hr$L
zUx|9)cGLjQ+VV%JWBuOdr=G@udA^gMh(=rk6JZqQ!rsVoJBzS6hEF$Z=s`8K9JOTo
zFcjm>Fq<zN)uCFbdaY4QG8FY*n2xHy0X^YF&Jf9gFVT$|XPT)ji^)kxVHF&RD&LC*
z@HXoH<g?5xxF`mau7sM22B-mbL_M$%F2<Rtju-fz`B!A%_om@Jn1}Q&WYA9H+2+QD
zSe^84Y>57I%zK~(@-A`aq23$mV_0u&hK+GGw#QGX4n%S!bc#lzp0jGM$4vEaWM~Gy
zU{=gAkDZG3(BH+|YCcDkbcqF~p*fh6^fpX`r%*HXJ0`_97=ZB?n(}0*bPi091yM^}
z$3rAHks(+JS7QWTM@?PwMP{l)P!Ft&+N@EikxWH3v;}qUZ`rhqc~&|Py0IPxV{a^r
zV^K@zIYLC6?+GSG|0QMw!KhuF1v6j?48f+>{;1P23-jV))Id(7I`|&lm}M!iV`i`t
zs-1(&%=2y|o6_UFC!%wobh-HjlLPaUZjS2lB-9iyMn8;0P4RA2hfksEUByiJ6g5*x
zR~W-l_m@Nspb_f+J{Y9)KZ=N^Vm8tvXP39YaehUu*?r82e_<C)w32rM4nUoXgQ)uw
ztTLM_BNiuJ3pJ2&m=EJnOZyPBVaN~69M5+u6VclDLp|t6)b2cnsqqzRi2_%f5oJe>
zv<!w}Th!E##YVUV)lU2$&1TJtL8Pl-G&V;q#Ub=4a)*ef@)K$oCtPDbs~M~<P$QX(
z+H5CKYyJwgo5R)`%b}*aCAzV{P0z9A8&S{u#g;!>%lvC(34Ss^5W+B=^f#zIF%k>n
z0@O^M!9G}LojLypP%k29z3Fg4tWL5Q7RH^ZnfM#CV3G}H_ZP%Ur2A~3)pA7Q$f%5O
zF&CEEXd3Q<bx1EnHT=XHvB@4EY)JkpEQ#;1EJkcLpWXhLhxA^|jDOkuq+1+kBI#xx
zBAS7FSOGs_4lEbzI2ExAD!l>o;uS1|@wb|pse-jg5604X6icDs&t_odu?p!?SPf5L
zV+`76zyF<ysE1Q9Kkl;rg@s9n#F>#cz-*)kq2uD4j-f=CZRckg9zY$hBRCrG;}Pt%
z!~6ouv(wCIGt^Q{!h%}W4MZlBaTnFY9=ps9ai|g9Lv_r(+e~47%u2c+>J%(M?U_B8
z8}DNTCfj4qc@<1Xx(T+yPM8pnd1d|2+l-smN7fgZoQj_@1t!~TmMR=mk}ikA*aY=}
zE~tiwqCbwq1ULl~V+^X^N>sg{F%i#q_7lm6r?41)#D*BL&&<F?)QFCumgEy^lNQ`>
zUbU?;4e9Zi1ec;Zyb<-_!x)I?thX^e>8I$?rb=+YWE4X+&<NGT_85XaFcVHjH*P>R
za27M*6Ppe=Xf|;es>7X716zcevD26e@1thu{Xy1WJ$D^4Ke5tbcG4lJ{3@spv_U;+
z7;25@qt^TwvWc9hs2On|HV>+WnMk)obz}@`KszxAkDzAc%3+T=w||gPij2%`*__x0
z^}tD}HC&C_gqu+#zlWjt8C5UiQS+)UiJJO`sAJn1v*JuFfICnxwkMbo<9Uvmo`zvK
z8C5VIcEfbo2UFt|)Mi^{-GOT8G-_%eVhQ|&>R7SkCcl}rhjk2U2IiycdDaurt~`xu
z@D{4aZ&7<A^n@949n3<y3+jPWQSXhFsHr@Un!!6*9z#x=rEG($KLItM#i)_*KxWe8
zTp^-0eu;@N=oj<AjHtCOVeO9E6HC!Mm8i}11l6$5DU%Md7Df%MCTa#-qVDg9xp4}H
z>#MSph&pfwtKnzNfmKhNrRj}{NYBCmT!LDvA5pve4CcnqsQYrAF>lJos7*KwHR2_x
zj_gIv@FjHfeCHDpHJI_NsZa?u)h$sY8-eQJ0@PIQz=U`fH3Qc$G5(8M)6b~-8GkjK
zvlNDrZjO4+a8&y%(W3_(C!!wS$IR$+&h$JSRbCZ!Lp#ig<1jmJw&mAs`74{B_Ppsx
z1$65^R7Xdn_Sk$|zV$rwuby5YLu>OKb-WV&W{z7n)D$*DP1z7sN0y;Fb_CV&JE;4=
zpgNf5f*El|RC#BNkK<8GInBD@0`s4bjMZcW<7Hd$1oeP7sI?8cXzG<k%}`IQi8E0%
zaSPoT|B^{(M?JVcYRY?|mS7HQAiHe(o`;BDAn`AoUnF6u5l3S-{0<9XEGEU@Q4PI9
ze@u79eCIP^Y0~XbGq@D}a5tvL1E_YdVsiX|sn8R6)r>q0-DDI)O>uM73=Bgp(OlF6
zwqY)OiTTle&76w*s0Lf09@HB(fLWLlccEtZ9BRP7BQx)De6E`w6+}&KCDaskLQU;d
z)D*^9Z(?!MzBkO*vNUQ&2B03i0L$PWR68G0YoFz&sh11Y(R!Fy=f4w?5HjXq8r+K7
z6Q?mfe!>ix_Lg}e6+umDG-^a6ZF)AQBfTDV|8dmF-=bzL$!*ht5~z-~QJUvF<A`Xg
zezN|C)kuFpZN5r(%xAeb>cJzdb5S$23Dv=?SO#CC8zb(T`c14oP%||S)$UK|2_<rc
zh#Gi{A(-->S&Blaz0d^RI0Q4{0#v;{s1aXB&D3j5i$V9zG0cs5NH;}2cr0q5YtfD8
z?=$~-iM${~Q<V9Ed4<-&ETjjaI=B$k&~7Y(k1+x>{cfhZDXQLh%#5p14?2nJ;BzdA
zfq$4yTOCzz$R8fFxfYS3H9Ld_@davavpzH<E`e&OC6>T}Hh+ut0%|E<qXrWC$ZXD<
zsF@vug>e~b2``~$@R^5*9+>z~GqSR%kH`SjE?<i3$TifieTG#r-ea>zYGVb`b5Kig
z6*UvD(7TjRjD=7gsgD{+4^%zRL?Ri9tU)z!9M#hYm>tvpWhz!cElE4nQjEhu+=@Ci
z2T>!tj_U9WR0rZeH60JfAkw8!&#Q}^4v*7=NCGm(pn5hH)!-V`W;$r|Z(uUgZ!jAM
zJTo(uAJy>|sQLp?^`@ihEkix<1SY{p7=UjuyUxG!w^@Q5sNLNX-8dZ8;1cw~9jFoQ
z#&~!Q6XG4zh@aT<FR1z<|ClLvV>s#3sE)M9JUB|_dj2LNS@AS#SH48`H1)rB6Jk=*
zB~WWt1J%(ks18lW6u1^OgZoeqx`ul2JM_cQ=Vm}*s1BDwk4Dgdh#GE%VK@vmg5{`=
ztwJr)Da?VFP!DiknEIjUCRqt}Jflz@S%`@-4vXSpRC^y$&&%?X`PW)kd}&6~64k&E
z)Nb93CGZSt^Cfs?8qR~7!fL2ZHvqK<rrPvcR0j@XO1x=(ftuk2ug(3rUo-!jq84PR
zXCqJztwyc=A<T(4Q5_0+W2QbFHB(hFId;Q>I2<)|n^AjYD{AU@qLy?YR>w0~1=D!m
znyGAqL1YZa)Hnk*f;E@|4`Y73iUly?J2NAttZgwD`C~9QZbBX3o2ZWYzc=j_M|Hdr
z=0ne5B3jEesF5B=-S7hQV%86)1C3Gjx?mcdh^oIF<Kt=6X1s`r@C9ndzMwju;iH++
z+NhcCgtX&vrV>%Zt1%TGMemxSHpvUr5(R%UGgKUvUkf#YZWxFQQSGd?o<QxHN0=59
ze>SHmD<&gd1Pkf>S0$nc3`LD-nN6QUP3dz~hcbRKBQK1a+S(Y515lfB5*Ekps3m-k
z+5-t4mv>Vq!xE&cqV5}oxjjVY5YZGJLXGGpYR$u3F7L4^j_O!%)RHW;`M+RE(!M_C
z{<5gO(F>Ko9MzFqr~$r4ZNdz`F7p=^^b{haF_9uT5!J)}m=HgpHl@FxF)eC@xiKSl
z#0VUVnt@$d82>~avyAav-lZy!ZqkwH9XYE0oOmve_g#FL3>~A>sI|I{ZhVJ&Ksx>n
zUc0s)ro;ZIrI~K?ccb3*cTqE$Ain8H3Dn4YVnv*dn#rrEP3#xoF*k(pUun@tp$_VX
zrkDYTp{9I3s>df#4ZOkWm^p#VyBA_n9lC*4F(9GKdy49zmUJ|#-B{GQzlz$NZciff
zph~EBdZbN{wk}0Icn_+fC#dtCKC#RDO0I^Q>ISG+bAQy*EJ4lGUUcJC)Xcs|4Kzid
zd9Ejfh;Ar>TKnc$9=}I5d<nHQ?@-@>L`lqENQpZ4*-^(fKZase)W|xa9{3%)aTRJW
z9kuyak@h^!3tR9BwOf-VHJdRzrYGG7)$mYs;{wz!-i<nzzo6FgE^2Asqh>5Tndv}7
z)JLd0s>4H2OEe18==`4~qMqGHH@-%7Bz1C^_f3@#HT6wUdtw~w0V_~TaSk=o&#0M9
z6J+i$ifXqm>YLCGeK86vV>A}k`QNArKEyH@8f>P#HLBrWs1Z&=b!-K?aTjXMZ=jB`
ze+tvV5}1v2Q>zD6Z#AmDbLhq==>7YD;*{oiWkcOq3yWhv)LL#p?cVdK5xzw&N$OPQ
zzM`mfOVmt#i)v>bY6dQ#-X{-H_diFyCz7Y;{A-g{No^hwZJmZX?>}Q%yoPEpT^e&7
zE1;&nH)`e<qdIsAb>BzSgEOTyr=T$E{<^3c7>HWR8EHBH+B6$%g{!FD>`G_y)8KFy
zKTuF>b}+rmiNt^mylTnsg4(1DLs(nV+fkcxcSdu1&ZAz%uWY(NsOexM>tGKN^?WgE
zY7X0i`>4GT;5Kirs;DLT4vXOt%!Hq@0=hGq8EKE2(dnqqa4f1r`%ru6BI-HMQ1v{4
znavvKM@?xXRE3eKDO!p;ZhNpGo<hCpzMy6<R~EA=o1mL?57cp+hI-d8#6aAHn)<z{
z_OBoV@HlUXXbRJYnFmIoejqeJZN9;%jx9p<_#|qHo}%va3pct^<)u&$XoKqLaGPF>
zYVQQ<^ZgWqb^cRjHJ{s@sD{g;rmhL<xV1wyJOtIiBGk+rK-Is6df+S6$0|iOQ(gnL
z89Slg7n4!tJ5e3@2M6<fCvA4q@GR8S#i7>rFlr|Lz%m$^!!%F}b$mvlrZf&!{~T(q
zUtl{-kkjQf#cr4s52N<l1yqOLqep9+J(qdVH>mSF3N_L#s42XJ`mFloHa#zddSFXb
zz2T_x<u?B})B|3jz8zWenD!%3FQS$<JuVODUp-z=hSvBH>Lc_IYM1BAYZ~r=`V7xT
zb?`81YG0zJGHpK7p$e$-4ygR^QA@Q4wUpOv{&Un)q|fg$ySsjV^M-1R8cA35o@?uN
z)Na3k-rbKnj=6XV)W#@GhOww6JdB$1bEuiRYtz03O~->#OHs^2MCY<Kw#I>|wY`M;
zp^&JM`5HFBXwnl=4}O8=Fi&BZ_n+l@pdPpmHKV&xoA^9xkKD55Z&3pah%igy2_vE@
zs)_#C8Pz~fRL90z7o&bq#9=8skE)-vh|BvQI;X-~q`RWN1>3PAUO_EshN9+&M^h|9
zx-Ife@HjC<G-b<CQ@9Z|HT%)K`%xnZEM{gV8|uL=u?4orR=5|NV}|19xDG(A`8?}p
z3?Y32HNb~hQs@5@krZSUFJU%e9n=&JMK{Kv&i{7QCcKXNnVqntnfg+wQ#1ti(OHl2
zalcI;M|JEvR>O!=X6c4wYn}gnL^@)|(q<2g#m1x`pw_%Z88gzAsQfReP1m@rnaUMd
zpY%1<D>rvJGu7o#FR1FMQ_&XnDxZ!`a0z;}#;=KJij$T%yEO-DjcTH%Y!s?|De3_`
zQ5`vhI<{dI%!un_dD6{MOSk}aY7U^5@-NiP1y?lhjmi}{|9VkGlcA2ppk5H0P#w62
zftb9K*>s_(5w%3EVPDjgPed)@Le$>aj3se9PQ#a29miBQd*}?RL%vlw|9W7~DrU1Z
z!Um+f+4Mft2ri?}y-!s$vb?DLMpy?usE(XLeGBedooePq6pC@=S3}K!Q{5cbf*v9|
zeicw}tTw1ApMa|P1185Ss6Fx+b-e1=FdgZQI$klT5uL~4_zv|xC{)vI=8CA()dsbh
zdtqht%p#&Syo#C$|61k^l^>OEjGR-)gPPh&s1DCSHM9Y>sm`I6<PPdR@fx*flGipJ
z%Z1t#4NwCZgbdi@%q5}@96)_co}tz}sE%1HH%=hk7`x*wbYrc$=Gb+|x}=w)eg*%7
z#W1X%*;B1h$94c}23DbFY8&R!`M*g-Q=h25S>wW}k+sDL9F3ZZ9oP-;qdHozfjL(F
zP~|I89Y2GbksGM@$P?7wh~Ln3JRSZ{x+FH#`OnnI<^2zn`lC8>0E^;d+=Q7Mn_sWL
zVI$HXto53hHC%-Y$$x^{yc3$5@BVdcN4iimmoo<Epk_LKbF*ivp-0DTG?Dzc6E%`2
zHl4DC%lSgO3jQs>F`KYROViOs=qCRtYEL{wZC1Zl<}{_k1f=t#%8Q}ijEzxC(yEm`
z|C7nkRPRKc+kdbc=5B2^QGbjiJq`2Vzo@kiZDV$OL#$1D3hD)P9X0Zhw&qPY0;`a|
zj0G`cq|51y^&>ql?|%_!CmH%d@dfqS3~Oh0bAHT3x(e!nol!Hk5VZ$>Lv5-zs2L1s
zZ_10K(!Ef}cp1)eQ6F_GIz^eyInqN!73QPfY^P8?ypKB9sXChXL49ja)Ray^?Ufh|
z!2PJ>cLH_%ZlnIj^B%RNnLC+uEz~jWhdR!l`9u;ES%#Hx18PJstbUzMc}grrerBAF
zZSWg>h4rz1v{~~Nn2+=>)Qmkr%|vJyGc)y2?Tkl`p~pE)L_K|idUFMLHOHnlmL(mH
z+Ei<7{w~zWFQZ<`PB+tm+^88Fjva6ZYUCNao2jmbnwd!KkKbab&i`{FTFamwW(kU*
z9#|XeVH?y7W)rGIPEYgQFNftw4oB^YeW<B@jT(7|US_k_LmlVgsBgwL)PV0Q&GVfE
zz0Hk<Q6p%9dV|eIeHG83rtBf^#;`svXCB@~?fRj8&1pG-TEd`yW=5J~L(*$dOYjM`
z$@BI%U&Dsz=}5*RB6^_T05j6ks7*Kp)zkf`dXG>)wdxKuYrh^f#R&$PDKCUwNzcVz
z=r`Crs6Xn(vkz7OFVrzlHH7oOpGbotrb6&gb56^lrf@vg!Cj~qM#67R1I1BG(;hYA
zt=JOZq4rRdVP>hOV^7k*qRPt+H}8=}s6FsyIOks@?2r1{y$H1g=P?2UN0_y)h<fpi
zM2%!4e#RR%eSM_M`|tb#qs$%(#PO7ep_XhNs{QEEreljyGjYp9L~pEsF)n8c*1&Rj
z1*>A(v1ZC6QT6trUP!KSW=680I@G|XJ*cJJfI1xyF%W~tn`4{_`;pFz!RT2*BqfnJ
zOo69So9>>i@Bx#OPCCKV3q>8H2-KUbo=tZ_{oEdldXX){c(@hyHQb51?*!`i!~>)Q
z9_Mc&dgb~~G@BwRRv=vy+u~Hz8vkv}3r{k~t(SE*>R8@F?e2`<nT}LM&CEBL0Vkk-
znyo_3$YCt1^M9U*Ucm_`n-@zd)YL?wdO8@@&=}M)+Kk!@_iTQ$Ddt?4MmPDLu>(%T
z()bL^VeYBsIo(k+v;^bn{BI+op6y0oypHAYHmc|DX=Y@lQ7@Qws18p+or;~P7tEii
zH)E#hW(jMcW~4oq!U?F6A3^WO3%&pQzc)nMQs6to{BY=i8u4ya$Nt0w7%<bEjv!RW
zYNIw|7u05(jB0p0YJ@jXGxfrjXW|p6O<Wtb7pBeP{A)yO$q2<?Q4Rcq{+Qx>Gqvea
z<yFv)9Z?+{kD2iY)JRXDK1$C}zoKi*wo8JlHxbq0b?AMw&gPtZj|mycC<vZoZU{rI
zb!F6xXaK4MYf)2w64l^G)C(sx#%$u|s5fL3cEUrbbDnFi*;9>C_eG;-c(TW4>_GMG
z2C5^UZ93^ZQ?US+Bfm9j>X%?;+>QFE_{=vC%7dDTrs&3RQOA1`YNlgt`Bl^aJ)eo_
z!TA=LDXou<NcTc*nj@$s@mXlz4_PrW>5^ChtD)YQ-=SVSN3lG9L2btJi_FY*!64F;
zFg-3p-mo5Lhpq58>Q$U{v6-Txs2;aKH;zEPV3wiQb_Z$`T}Czd95r)EmY4^JqB>R$
zv*KvfOsz%D&_(qA_y67#(PnZlHG82fsv})d-+)=D89ISFZck9ZaMCR^)<E4q1XXVy
zYHfF+_SPfR45nCaHeE4Phw5Xf&i^1HTGP3xSL)BGO>!1>uAieilyimYc>~n38i=}Y
z6>4)HL^s|;J-~ORX(uPD-P)*K-w8F7BhaJBTq1RF6KYDopw4f)RpvnjusZ2Bs2Ny;
z8sQaef$@GY4{D3r6QfZhK8l+1$5;bXt~PJPwy1$EUd{Q}R9+%Oo5lY}^G_xDP*XS2
z`m^;e>J1jS#vH@+s25Xh)TV8Um2e$uDgMRy7`)cZP<qtyEr}X<_q84~!m(s%iegdc
z^)zaPZ%|7S_LEuTs@Q;ZN7TE02dcq07=Ss}nI$QRTC%#Rb_Uw~m8j<&KrP{Q4-uWi
z1nbR|l|aozYpjanQA=|ct6;_rraTHOlAem?@H}e9f;XBaEQ@+Sv_NgnrKp+Ohid->
z>J)jN6HyP7Z89S%jp|TO)Y>gY&B!mPDSd@%IQ3>z-U{`#oPZkfLev8eqh{zS>Or}-
znD<F_)Uh6i%z(#PM?~lG8tQ>xtT|)N$Qq+MGzaxV<QQs6E?eKD9vrgOOl@UUc^lM&
zMxow-Kic$O)Si2QrS<(!@w1tt2B?|njoRglQ5`#NeU61mr`~3)g&NsN)C?^_t?3Dy
z{|3vFP8nwhg8EfG2lb{rfdzE_eYTsmE{v-1EoxJ3M0MmYYHgG4FvqJD)+X)2ns^%Z
zptL*93#&P5iKd}u?jmX+{=3XS+vUP?q(`Dhk%L6kkne7@yX&Hk({j`lzCkq<vd46&
z4r((FL+@Inru->Zz+`*P&+~>@i}Xs=``};Ho=CaR+}CiQJ^$a5QJ#WzSR9{W5zM~d
z{2*zATEjS0M^0mP{EYRm+5t0z^H7`gE^5TS2hDHF?5LUSfSSo!sE+JA=rP~-Ph{wo
zS>TXqpc!gPhoDBZ6Ezc`Pz_}{Z1z9{Oh$S<dSBtF2mg$ElU_q@&R4cP<cO(P0=3tg
zdWdM#j6scX3u;P_qo(v<)YmP=QIpP(N;gDpzMiOtrl6*HC+fksFbTdxeZ&HenU0k~
z<+rzb`Vi6X9f|75PpD&f74?qxJ8sgY(1&y<o9==Eq-R?fquv9nQ61Wa{`d&h;lEKc
znCOJ*cmZT@c$~UKv?dEtJw0yyjQYV)_@wD^RZLF032Kcyqo#TiYU($lK3b<xZ@l}c
zf%*Jm&U<e3CEXHLzb&TK`5#6k5g9S423MdSa2z$_#~6xFQS|~(nZ1%0^)4@m+O#cD
zoAZ0Dghx;hN_g6IJR9njT^x11hhcV}?`$NZwZ4M7;RC8-nloliTcXbM2-FN6wfP@W
z4Y|*n`x~I9xIbzJ7N9z`6SV|SP)ij5SF=Rv(W6&kH6p4w2=#_rgBsZ_)Fyjt%Tt{*
z`BhO5jzsO1S*WGji)!y2`l0K**#rI<k8~hv34^gKhM(vB4<Ryx4DI^FznKR{pq8K^
zy0JfM3Fe@tb{p#ae?V=v$`_1%usrD{sCsv?EM~oE-gq5RGqf5@;OUE;e>D(r$vh|m
z^`IuG4h=w^-z7GE4E5lDP%n@Ym(4GmL8zrWgqp!S=*E;+O#4Mpr>Q+^DHhoLI1dq>
z`v<58zsD4q?yBiPKGfc5hB}@@QRjONY9xnIBYBMaI)+~}yFLQ-pf;!h4n=kFN7T|D
zK|RlNn}~Y+1vS#b*NrVvZ^SX^eJ|MjtEd-^>xOx7II1IUu?&vG26zP3fiySG+80J`
z>JnHPha*eOzyA@@uKoixMHz0HwQ7W#nc1kd{0a5h{0B>6j@#y!QAcb@`e*Em3GSGG
z;TVR!NIyp&<g~wQo--Ep2Hb^pbpB5gsZB=Od*+|fI$=%Hn@}D2h+2Z6`^E^YPr4cA
z!nLRoUqa15jtAyJol!He7`2ynTJNKlF!ApUgy%cihy-E>)G_LVI=^F44_Jv+@mEww
z()?l8t|V&hzd;?}Iammf+58Wvjuv@nmTUsHAiWN?r12lw-~SOrG_|!c0gglUd^&0~
zu0x&c1E?GSMV<T5KV8muSOZo65~?H5QNIteJT^1g1+~Yvp*G_a)QqKh!ueN5*C%Gg
zb5SFVL+#RQHvc7-B^~^inTdv|C0c-5%ZI3$c#W!8;HlZfy-^*Xhw8uy>t{?zy3jMu
ze<+bM&&&^w)>x19Y;25wpf+Wxzs;KUL)|zH^(vij(;HArwgYt<uAm<L8FlRP{$pmQ
zChCp)Eoz|iJw$YF_n>Y(jq1<~)LI7rYx1k2ro21q)jJn8<tI@M{b9=!JU5%LFlxko
zQRP3PUcJ9yV!Vkp(DRsx8jg5jc6(dYdtd-+M2k^VyT|$#wZ?^BnwjZ<dgU%eb?6pq
zx4%c7o-D7-h>N2S>87Y}Lkpw>9;XeFMr5o-J?IOT!xFE}9vF&Yq-Uc#v=iNU6*aQ=
zSQ10tn6+<?%AbeI-;L_fThxqXdTVC53Fg!JA3#Jeh#ye9`#9#s*Vq=r-<bx+q4vT?
zjKGJeAE_bl&9|TtDm@cx;R#f|R3FT5#9Ek$bSu;wG#b6X|ECa9#eJwB60fZJKAMh2
zV_ovULw$6vqw1&qWcEm1)M*%v1@SDZBR-$arY(+|fkvofISf_rFnaV(enaFNEcwOd
zw80omt$frjPRh!;umcNt#Fq$HX)HllOne|FCTu1?fY60{1F<f)=f?b$btT=4@by~3
zCMfI2{MS;;Tt8D;S3@dq!JhalWjo0Kp7a#r#RzZ7?@ZoRRp!cU@7HfVPMi1CcnkQW
zEf3L~b1M1Tbh=h^Z)p;*z0YI)$52?6M!#Ouyagu3tJ?XKbbi86;=cI7mKW!qlf>6h
zH3<!F#|NY%iSxelUI{S^u~X#Dp=>lp;vc41`=2i!8L?E<=8C4m-xy&V(23A>f;zuZ
z7N7hbwk$0jSZj)%H&&hT4CKcUZgEdN?m0tvMS21uIrnD5T-2L~p49xI>lx;?4WHwN
zFXa7A12+lR2;Wgw4t0$qc<g;IZC)VhBiyHJCh=xC3+r)TS>j2kSAejZys5Sx*&c^C
zuydY*?iBop6)7A`{G_eaj=XK8`%!N<VH0=VCfx}SP?n9n>==)*koXPqzfnEHVB5w8
z$`+H>r4y#BH*MthWBwNq38yd(nfh(_S*2W|<Uhj-|KD5ZinoNfp>1q0b*>WMfj0>o
zc+eoyA%s-+zM<sL;J&An>6%P_2SPrzq4n=UWEquo9j4M)Y@|Z2B?c#e{QBf^QoYxo
z)NeyLLAX!ZX!3Uw|DJdm;v)#<YzHz~kJz@vILfc1p6~sS!V+_1EgIN{8Mr|&3|*bb
z)5Xis`{N-iWs}I`9p%JPw>0V+M7#-Qb4ho`oumsQZ*!*rAsP3yCd?*J*A(JE*ylS-
zy;<gu+!TDhx)9gLMpsrsA8uYo!}<=)r|cKJMbPz|?MN}|jHXTqZX;ACehkl;YR)B0
zNm^H|uf|Ve3SlJ`YoM=f$e;9V9+HCe0(*n^F8jxE%5`O@&c8U@-sjEakM!jCq0V%|
zxc}Tgfc$>;-srE#=nyw2r@&<^ZluBt;`M1L+BTe;yvsJ8(AMK;g7@0WpRLJDLL2j`
zH=Otf@@f;lwRKf-BB3sIx>4s7!LyZwuFMAKm~BwWA1O=D&Dn4x>9Mw<iKLSfc9PZy
zNf*DU{&&qImXPo>d3_20@}OU+KbgFi-1CNXd(y4={y0_ajgQD|O@)tyUF0RD;u$LG
z@+Cgp#t&JmVS4g)6|rrUBJURQSlSA<Wd%u}Gu52pw%$~mKCb=$6P5oVBqCEk7-kVX
zq;-wJS={s;jV-hfUPC-g<+iax#Jdw(Ql1&ldhg`uQtv178jz<Sxx=WR$aYFq+7Z96
z^}k~qK1JqHLLr+zN&GW6$D$vVUtwQD2g*y6{~hsaw!v%mp1tI^CuE|mkL}=QTc;0s
zx{gtI9(8ni&wp(yR3vd6mvhr;LUzJM^1in>-{Pij#OslFl$&+q1RO=^LD?|Ea$8qF
zv%X$GP#&K!$Y#`}-b&)<kgJFH|19RcH_i_S^s$Wu+TOpX;(X#Q2%$98$>yIWzbJJ_
z66%xx7vU&n*9kpoC!F%8<TWAannWlw>u%>@{oki~uYBBD&~(G`<F0+g<B`YTZk&n)
zH+Pn&<^=L|eIlH;tqsEf@^jkzb5f@N3te6Rk~b6cc~iWtNGGFgpegrGxh>*v62x}X
zSS!54Ll<EZd}?c~A+9TrZCvq0G}wfYg1ix!0QcGQi==g}AdK|Jm=?-T+j8&99k2zJ
zseFidHVUs3pF&425;~Lj2j=17l?mSwKSAC@d!LA-{%-{SF89CdG3l>YZyU+Wz4K{5
zC!r1TF<)PK8>!rzj5+`7nYkk~`KyTPH@L2a24@xZmQz-NdvrY~9%`cAKTA?Rg;+0J
zuD^G=sk0hOP<EO8C8RxT`J*MhUWH$;^7f`EoA>cQWo~X>U`JWa-cX&q6Xd10>A{$l
zHZJ|=J{2{kUK_k%^LP1ha_W%DZ+P!@gMtFYmf7?#G*X5TMV*G^eQT;Y?J$_SUC94>
z4I)06ydVtcp0C#n^5T)Gh!x2nXxn~))A=j6^Onrl6z0GlRD6e{Y{R*!w94L)fI1Bb
zQIwCv{)EYt^(DPq4@X_yiThD@82NjjQ<rd`u#fT-gkLEeMfwWyfAxd!9+A{ke#_1N
zq;;hr{7(KM@^v+}`Q=F$rGZ^0+u`r{-YbAVClJ0NgcHh9=MmPUjar1pq%TpIzu-E{
z$p3ojzjEt*q{3ao3c}Z`KlyQl8RVtn=GM0CDpsZw)5r@V6es-zkKi1PPpD3OJohHU
z;WXGEb8t^9)D=wGa^gGn$!kQ$EE3;v<Japh6&l;hBZ+q*=x?J*2)(GchsO8|rSli@
zlen3%iTEb&i6FG6T-RRfdfV14(m$CZCk7++lV>@RUv0&QG^C5a>p4s9O?hm`*4nhc
zsp5ok&k^b^viI0*=Oy)b*!I%kcJBKLpWyGd(qZcKAuQ7Q|CNHaw(&oyu#3E$HvP5H
z3q*Dk^4o{awFN(tPEXylJm5KbTW$FpoJ@WU`AdjrrOoxWOt;P>ej2^+p9cRasLKty
z26A%{rlhPU@j8Sv#LuCw8^k*h-qG+Eg05?XUkQH^ekQLq<+>W$HWj~O^B&U9VZDFn
zkog^za}m<nif3)58kDUkueZ(bfj>~M03or>t3h1XGa9^%;pBHEuc|E%qpcFQ)2dgA
zcscx;^6^^###AUpxJzbrZk%XuY)tyUS1#%drL2lA-)?<JrQ*aF+4P^(+sZ>Kksn38
zJN6{~3+2(MYa02wTsr^X5^fVbRG4ckB(<i(l62~m9c3e%e~g>c5{BEf8k=O}9f+49
zw4%KWgqpP7g0eQ4i}Y37)>HKKBr_3(DM@6f@Ukr|shf!ZNJBlz&ri^`kh-e~5jL&7
zY@{bpKd};A9f?P9?*ZEu#omAZO0Ec3Kl0xbZ>IPETpDUl##(M#ib*jgg#ow)mr<UW
z_}6P6@$uwMq%4q3f8vwK``*^MLK|%fsq76u+58REt4Uri?n_VJ2kK<e`@bKVdkAHy
zP!}7ct{<orXXAfUSyx8#s@eu8+q{j`Sxlq4))TtgxYB2cpQ7G6drxiRf&VEF<N3}w
zoAC#QMTkGP>2#EhC$u8}HhIl?&^P#+y#BUhMEPHu^KHj;l-=V&i>Y6V_(2tN9VG8G
zd0(%*#K+i#XEPPsQeh_<EAcndb5Pea98Kj&n{G+oG#)mCw97Vl5XX{EOMXY<g|Ut5
z5MPb$Y(2F%RDW;{p#Du0^*EP!;A}!AGG~*Smz$z-kG=6OmbLLll=%?9PW`fk&BRx8
zpROEM#ly%iNO@NB4xz4@+*^tK4CD<nSxyoClgE7$UG2@~@q&%3PE~I1hV{952;uAX
zlF0Wowx4j3`cYpCtg*Ik4a$OPBMbF(H7C>|uL$XldXCor5s7XjDiE6e=OJfp&tF+X
zunF~t5N;E`UbTokv=7)%yaMq*)VRHTxGxRq>9*~7#M2TIQqSXWZ!AZ~8vCF-+}Mk>
zt}*tev9@dg7F7fI17$C$Q^i};{87l>H-NHrw(XMCO+)BN&~=<T-%|FwFXLZCW(*-8
z8Ey&+nmSHd;`51rLqqcjwFvcWgG+2fwyN_F`86s3?-fLyFq?Ocwx&}j3wcSYG?I8j
z;t%xxkD)LN755W565`vNzBV?VibDv4sken2?+`ymXij<qL01~`hm!a8%1zwQrhlhS
zOB<hx+eokD87a6Yf!03}8LtUGgauUSOo6V3gvC^BPToYy_Ih)<+1iV;leTUnJV2cr
z)E!AEMV+REi*_(S6F*N#N1cR}>#B{OU&v@em_)^uG_t}rIEF%B;zw;d8Fh3Wpk80{
z^4UgKkiV3$#XiW?;_u>==g_@`Y&LTbdFO3A${M2ePhcAgu@8D@D}1);)KnZn<Bzd{
z?&4}ex&-x#5HHOA8*JVE#1oL;(Ob*>QHQc*MB5W)QZ|!1!??c`A(IdDzuVsY^`393
zkco=D3Ega2F^r%>CvM6}`8q-+;;E>kD-Y>~q;<6=oFcu3dp405M|!<&hp1DYc&NRv
zzW4VRnSH6a#b&C~P2x}R9-$7Q7!B&$Pkww8bq<o(kNW~>a3xkI|Ga(B7s|HTdPRwE
z=f1*(VDc&urcy5>_jpp1d6=-2#10A$;vfq55${So5{FZ+Yc1*H_5n)2A%32`9|;>s
zcenMP^FT*|>l}Gi{&UX>>YgI6HsOW7|Aok?Mxp`kMO`6;oW$D^nsIXh%5=GGql)(+
zo{q9kHZPDmg-LI<b&FAF0U<N#QTTxHN$nBlQZESq(K*>pq6&?4CZj3w->5hWzg{DV
z)S!F_<+|cgcFFsY*jv#9{b$AXsu<g>cN4!^Z~9+|{bN9&U-BM3-JN^(?bjo+dz8CV
z^nj=yv5$vT4U4V6WJ!3e|B)#Hvo@c;5ZmR<44>H4=lb}}+Vk6tSkHxbz9D`3^z7pv
z*eAMQbdOH%em&j&qPq9$*(b8kV0XvpZn3?t9Q2)aEw*fI{u{?#F`N8cX=1D1O6@yq
z;N8)&S?+ao#csMkF7d4P|0IuX_RkN#v4vlr@tsxkZU5L)Z<qPS4*K-UHLJmwl=0nt
zqxuYp>J!`H%hI42{$Drp$2|#ht?-FilG0T<&Oeo_U~tTq9Ih&H{O{x|$BXmL?@H#1
zD^S2yFJ9WNJ$poUbw_qMyxH9@s#|oQe$m~!M|F=rvLtR$5m$#iu0}CSAGt!}vUG5b
z%(r^qELWnqD~nwzT*=*sRv+3n<k0T!-J*I#b&u*09dquaD>&}y5?6NLxQG?5mp(Dk
zKe$fD%~<VP?HAH1>d@+__R;PRJ^K!h931H$966+Wq`PxuzsSCaH^=c`B~2DDChu@p
zo*1{sl|8P)W>-z0xI?k7556&%<6L{<_H1`ucEugt={lb*F7_AKI={Fjzq)4n#f-S<
zS{#@AlIu#mxS$)Z13p>83xxG`NA`&9+%K{ZBML7>vTy$${oD7~pFP~+1;gTY-Evh-
c6EowDD_2~yx2_GoF}FUrI>mMV=sFenf4H>4Z2$lO

delta 29658
zcma*v2Y6M*!tU|4LujFd8aixx@4XXx??t4BBtS^R6d)jMKq=CDC`wV3qJR(}NUtJF
z6X_rzpdh`fpu+vXdnQNDIrsbSUC%TArmb01*V=GA?irhI^SpGPE7^SKJ6z9w9Vb5?
zEa^BOrE#2y4$5_$YhjL49)H5R=s(19(zzU`4dx=<HQaHIU<78z8WE0@8(U)`490x;
z9;*Fi)}2O=bHQf(X3ZYyI8~@v32UkWn_hxVNgu}wm_5pIT47^Uy=mwj0A?Wl6RLyv
zt*N6OClBcYsCqTMdKiJtcn8(<88*ENvywiDW$`SQK%b$GQxr>MDQt(jZy0LCGchM_
zu<1jXk@U}~nRtS_FY`Ox$Mc<<M6zH<%!EN0fYGR)PQ+sP398|5Z21*bhn{0z%pc=8
z<*+8|z7SM9<FGI;MBTp~RsSS<6uE0N(!`pA!q$4$9+-`KF{r7XfO^1en_iDONN>0K
zCr~53hgmUQoG~wIpyjYQ){k>M-Zcp(Lk*6$F2*vXld%Y1$3B=k-gGb+Gm{>J1#mj5
zgP)_;csHs8=TRenhMK{EVP=NvBKzDKJdF8Q#aU!%4ZlFm$RSkzHEfK3VSQ{k+;Ixx
zXjI2OM2%z*YAJq3Juu@4lV1T<uPbWL3`ae93A*ushloag6LX*|!K4FF>8h9uTcW0}
zKWg*5gBsCdRJ}cz9Z#bkbQ{&tj3Z6GvZ!=NYc#5(o*6{cfiG>rF|0`X9;%`Iqs)vn
zLUp7UYNWBKkuOH=?!BnJaSSWr1ys9!?;1;@HfK}R47`KYc)qiUNJ}z~qZ-OJ+E@(L
zU}Y?T^)Ws6!h9HtI&R}oBVU1fKWxGB_!8BTQe({fq9^KoF&VYDPGMP|@BB?fJt|FH
z9q5D_X<tl>+9Tf0hFXH@m<N|)LEMIU@f@bXC${_r29VA^)^xZGs@>*T75idZ>Ns<V
zFcr>XRL@VKj?Lewj`@!>BdCe#NDoA<eKcxD=AmX_DeC>P3DvQ^m>;jAI`S9lzU<@8
zz-pnVAsLN`r~_lM4sJm;@CXZ_|9fTx<xwMVh1zt%SPMs>W@w`=-)p^ydhj#Ul4W?`
z?5UEdJ=ErX=3l!x#%3%*HM}1+(sQVWuVGDmh&8a}1T#~8QBye$YvW$jn!m()Sazc0
zw8g>L0=Hlz{2Lo!gGtPPSt6q+ne)8{{Yl@#wD`MCzs4e@{U@`du?lLY>SInEfqDVW
zKn-987R9ZorM!rm(R;Q$!v|&nZV!=S6tu^57>k<Hcd-O+!3ua8wQDm>F(a&jDj$S8
zRx?mbvja8NXKems^dntxs^e70(x{I0L+u&Qdqi>*Nkr}LFEI`7Lyh<wT!?qECB8q+
z<R8OQq#vOMkY~CXc>`=lx(jM%7NPdg2Gl7zhU(~TWJWxW&kQr-!l)j-jXEY#sHvQY
zg>VTj#~r8<_MT~`d;}^z)uvaW9<Uwtz|*J!KE%eDZkFj-8}!%t4<e#9dIz;z-^1d#
z7_|rXqB{1CEx(L<;8U!C{<F=yya8%P`k~4v+x(TNB{+mWcoNm#515nZJGY2r#=kKu
zW}IUx6hw8X3TgzcP~`(q=Q_^j&qj@SEo#IEF#}%3vUnHSzfP{Xj?)vDp_cXqdel(<
zd1lROqo&$}+FZ*}5BwTc?>y$f=cqOHn{VouLd{r9ER9j<#)UTjD^xpIu{l1r<+T<t
z|CPz;xxh3q6*H3Fh?#IVYO0Q+Msy9;!F#wAGbWmje{Ow@Zt`ogW6R@P$g(>VQTGKb
zGT(q2*oE}iMa;im1gFX1?dW7*Y+fAmu|4Ti*bNIW;cbV*Q4L)}9iu-{4=VJbnd)|^
z8Aw3Q;3s$;zr{2z$65CgA28CJ>Al*?;#p=Ql`tn69Z_pN5H)2g_s7|&_rnTXzSgD>
zU_SDXqSpF0mcty&&6_b0tCNmL&EV&#8Baz%&+{u0?b_F<5tUkD8fuH$BqMBkiA^6y
zH~Du^OOxSaeidOM)E?-Ed2s@2DVL)Lunq%o7v{&)$R6@Ik4?n!|HK@V@~C4~3pJ8K
zs1D9UH}1mGF2}ioYN+?8=79;Q%{dSA;2Nxm2e1-8MRmB?XJ&?Lp|8$=CnD-$cT|rD
zqAJE>VVs1Tsx{U<s3kgsIt33<_h(#XUP$?|IO&S04t2BnLr_aN8hP_M6LAR7cRnT3
z2D7X-$D=pu#!pb2Ya7<aUr-})uQ4O*gj(BiSQ3*_Gj|oMV&=8xL5)%E1fkxnGf_*l
z3OyRxej*y_dDOf7C2Hymea<geY>Vpg3M_<sF&kdPFno$yiauW$N1|pj5w(d|Vtw3d
zeTEuHm37R2St7yfOwVVccJprQMbuRPhHms<Z_<@e^;)4G9EvI*j~dx0SOa&Xmf|^T
zPvqNR{%lztHS>cv@Xr_`x5?0Zpx2k?cq~Ts_$anQzm4V>QdiVWe1Ju9H8xZ|Y>F8-
znI9OPuo>w&r~#hG%IKS9-YYdw?N0F6$O%+W^K3S6riNIT^jy>fPGC#)-(ufvScLRM
zRQ?+L0H2^{;N7j}YnO<nNngY!=$mZPEwKV=PYe-_d<9m)YuFaEZ!<H{AM24`ijD9R
zHpl#5nFj}BH_~6A_KweX)4`IcHST7eh}B3ZqXv2p*|Z)f+YVALeokQ_qIGvVPAcq$
zI$r(oJsgdP(6!6_5;}~U(kG~;D7M=Spe0TtJqk55>GqiVov=RXcTpYNjzzQ!?h+|M
zM&`Zd6jVp`um_gI(O4bVqR#m>%z}@wAG-FL7gvxq!aCeK-Z~w#Qhy=lz_pl{=R13d
z<iv}Z9Uq|{;Je>6oD<WKc4K-hi5amns$K*1!w#4M-^PkK5NqKA?1CpyGf?z^8Bh><
zv?hr}v`dd-Df|O-W8s75he;h&k6WQ0+!r%pxHSRuk)DLwRG--NDb&CoU}p4X{nXLy
zSO5ziV*U#gsYiwz`=T21V18U;)7!8y>C>pC$n~`uVLQ|VMq>cZ#Wc7UHGqxigWsYC
zcFgAghU$R-Vdh^CDu39lb!#k6dN}Gde1w{rlc)#%h3as&Z%jw3p++<Wvtc}HW+r1@
zT!8iP6qZ5%Bj$N^P)pgvLqxkV2sQFKSP0jnI(8g$;a$`cr25vJ-`rS&bYs*h2t&Q$
zmS92Lg6imL)PR1&)R_M}^L{9TYS&Yrh&Ej}YZ$7b(Wnt8VjWzE>ey|YpYEtBFKDfX
znt|4+dVNrvb2O^G8K@4gM(vRk$bdc0D<Vb7$a~B**Z|9u?uwakJZi0Gp{8;@2I5^T
zh2@W%`?{k>9)X(4si^x_VFo;8^S?(e?R~GTzx#yQEL~7j8G+hNOEE8QvFVf6Td0w}
zLQSFnNppWmEJwN#YRV%~9hi$PaU-f@FR?TRe9sc`e5Vl+^>6^D!zlD_Laa#oBUHo3
zP&dBBl347NS>v{-kw>9AG#xe7pQ0O&qT0J}%d`JrX1pwV|NgH75%qKkR>jGvwcm+;
zcnUQmKVn9FhFW9SX>(s;tVFsYYSRwIVmKZ3;7zC{K98Ewzfc{{b%ymXLZrqSGm@UD
z3ZqarEWk3j9ktd!+w#n3O?hclemhi$hM^l5U;rkgHs5hn`EArd)15O*RziPgqcv$r
zhDOi}b!?`grf@x~BWF+@dx7eCj`OC0s;CaOMdc62w73AZq)V-9QA@cMv*Rx||D}hB
z8cuV;tZ`vf#rCL~8G~(b1!|=C(TxEYO}ZxP!TnKF?Lkfbr>FsZYtxTWOA~O({7|Wi
z8mMOk5pAZ$SQ+=DKR!b><a^n?QcGif(v>hDMxifG!CW{K)!-`3ibqgOa0xZyC+NmB
zKbjdWiFtMY+Yl*0!9c8!?_*iqk2UZCYH5mJF{h(Ds^Na92M$9GU?Jwjy{HGC#r${&
zHKS>-nvT^(&1@?y!SkI6BAVK{s43iOy^gg>r@Ll8qm5BBG79zJ<=6oCqo&&RlUe&x
zsCtz!H+DmHI0`G^1T27?Rqi2jiioECt}^gXRF899H&fjdHIn{V1xKT%{7ckGzp?4d
z$do$IQ1|=aFf-B+HKW}yGmb;uKMOtT>1rYx!7)_&8EQ)N+%yJaOVVMe7ttnELswA^
zJ+P+v+00}?REJxjW+(*R_z9~1LF?t8ng3#BJR?I5=lR8))8?oK2BN0wJuHGNuqYlx
zH{Qm=nEsZjR~9t`tx%gZ1oPln)G=L*<?#^exleB~|0Rj!zHJ(8gj%B@)RfIay>fS=
z9{dXyLcd>4LuF8#^ewE8Gf`822vzSns^dBDnCH|&b+A9y#Zew2+TF>hinp;iX1Hq_
zs*GCmAk<pVLydSfs-bVO4*qQO-S<p+V=P5}2$sd^SPQ>G&FmAbh93X>W=)!+rn)!k
zfg@2PTZg6bCh9a~eqcJ%61A&)V+)MMmbe2Oqwhnr1T9cA5scoYw5~up;&Jv6(MT?%
zD*lcIG1nvWnXQ3Z%ND2}2ct%|5LJI4YH5DL@|gOu`Q1<zb(#WEo9=DY491{3G7$rG
z{#O#oM#c`*gO8(LB=<2rrg~yJm<iQjDb%J4wE4X-3+Z8~y)+3mV;fK%zksU$997T%
zsj272f;``8NhC84!gM$cH9`+o!PTfWzl3VwZ`AJ1{LF0Hs;CEaMIVepjqn{zjWf{?
z=VNwUZp$~LM>m`zqD^rIwfUZ)W+L}<Go>|A<)K&t$D=mu8dS%Rq8h%0{`e5JG_O$|
zFZ7$~P$1?Y-4C_oalbMDdeBTV^x*aAi>FZ|x`1l<DQX01e>V+hL(M=H)Bt**I`%ed
z$;P3UU@EHpEvWjZQK#VrYCy&RVE)}i8vkK-doZeJi!lRk!Hl>MYvOU#gVMY(9Vw5w
zNw-5y`9Q3J@1q{D19d#lqc&;wm!|!isLk5hLnIfGv8c_m(55$IUeZS~C*HFDjhg!G
zf0_nrpk^)v)v+m<4>w{SJcecP7OF$p{xVBa5j7*8PDHX28HU<ylTlN;1GRZ}qn6|#
zYORl8D?E?QvB=+MX~Ixb9f#R)E^1((p$4)Wwe}aV5<bAnI{$@UnW^byjYqA~A}oi8
zP^aMus)PAnn+DrsMbcqd5Er3Fx(!wD23EiT$K`!+GgQ5|QA?J9Wpw`M5J^kME-ZkD
zP-}k!^W#HQk2AVl-YKn*n(7{?hQ^>8PQ(D*idwQ`SO{;RmME2v%R4irQTg?-BF}ev
z6Ul_rPz^1%eudgJ=TU3<7wUKgq;h%R10}F3>6)kqgrjC)woUIu&E$1dhcf$`4i`hs
zXnpkPcnu_?-8d3!<7(8}T}SPKm#AIsq;`3Cb4}EJF{mY)h?=1!)RNppt#uCm%3G(V
zG^%4ks3n<Z^LM0idAy&&r(~#sifLWmAEEuRF6lX_jvPmg@E6o3%*eliqVt^(H3Q91
z9ZbMF_$B(`UDRg$&6+;F8DM_YOm|Q3ae2Sn@nmQQKF4Z!0d>qW`<b<>jBe7M&^vNe
z{fVeo_GZ*6+J#!G6X?cYu{!!?aCwhgBh+aKMJ>%(k1hBD_3`)~H4`sT9VwI1jJzK<
zAw2;#l}AvU?-{Corc9<I4Nx=H0=0P~QBytz)#0yD_us-<=*gDZY=%!zJvxf|p8tV5
zMveT<n#Q6U{seXIkDxYZmMrE$)ll#HPBtBDorQYvI@I2{gxWJ1vbyxD_BgeOXsR2d
z)-)8gHZxIEwI1Dg1U0pHP#yElX7)-=)DncDMjV6c*i6)elThvbgxVWUc9#<fb<z9x
zf1`<L?Uo}wayFqh%}&&N;RNbjpF^G72dD>R&S5%K1>L0EqV9{d`D0P-Ew=e9QJXm#
zwOLPKKArzGIZeYw&`r8AYL^G2&TR~4!O5sKUxZr2O;{LzM2++{YKF=OxV#^&7N`Mq
zMJ;J>)cq?_9o>Z<H<6P>)U(H^H(UB#X00lrrnEom0i#iC_c`i8=TTGp1a*Jb+@|5u
zsBcI;Ooa`x88*S1_<?m_Zq9!LGG36OC8(9hG~621(-2g{qtT7?QF~-7>fB#LbudR>
zb9yRUd!p)%Lv{3XbmJk^p85s#^>gLp{FfwBBA<CNv`4M&WYli|0yV-@sI`BLx-n~h
zldgf<)!k9;OhirXdejSOAL{<2sN;MWwb|VTO#4kdHWG$vcqTT)&8P;Sq0Vpqf@bR5
zpr&vHs)Jvm?mLTm@Sms=W-eszFO8akPN<m*N9~=-w%n6MM7#TvEqH=sT>P4Gn>G8e
zu*(Ue{5n=9ziAP6E$LxJSzFR`P@8l?F*C9+P_OP2Hl3lk>0kwG7gWbbAT#4}mfC_{
zsJ(C<n_%G*W=TS^7U^YJ7|&y4e2LnO^-G!u4?%slr=vQw2(^bcpqAhp)YRWXEwNuI
z-Ou@}KtvUKp{8gg>i8vM75ohKX1su!y40o32r8jYOLtU9Mx!?CT6E)n%!oHoOZf;j
z^4w*N4KTaTe+ZFGI0Cg+6Hy&njvDbE)Rg~(>fqm~2j?woMiPkXKqzX2b5KjV1$Ez1
z>up=^Th6p!5<MDObDI%^nwr_D9|&7eU%M-)@A(r{!)eQ#sV;~baT(Nu8>8+IMRoK8
zRQ=CT1KNf98eX>L*(z}UwR<a8FfW*{s0!mz9oU8m_!Fw(UKP!hdQdYn4fWnwkNWAh
z*XCbA&5%>c?5UEdb_b%4;fJW1{=SmOG<25?HIRuduFX>x2Vfxfz?G<<UVow1Fk=<d
z;VP&-(jWD}xv2NSc2tM&pk_F8Rr8sygBn;kY5?;*L{xFBt#Hv6WT<8yP#!hHUZ@8|
zqTX!tY<f4U!#|_;z@MnET&e2j)C8k`AAE><j~qjF@GsQNd&<=?J?exi7-`dMQET`E
zYK<S+{B$+VR8~fvl0m39-7wUH#-TRdChKw3skwuiiJY~}u@1y`I{%}H=<9X_bzCl@
zrur6Yihj50Jhe@aOQV*cJ?ebNVPBk%THAZr91GVmpV`3}MtT|6#`JYvP9toB^>zN=
zC!z=LM@{7^%z(F1o8*}-&s@)ptRQMB>Y!#Q2-Dyg)cq4s9b01EjCv&>!+LldRlj(B
zm(x|}zZ{XaI1UTpacqJQP-|JGf%%0Ki8V+MLrwWQ)QoLI&EO%_%$!Aa@GsN=iZ(Pe
zQy=x<7<?NO(9?&=X(BzbN+WZQr=iw-gY_`#bX-M^@Nd*RK6{{fFLXd{z7W*f&qg<{
zL%kP{qc-1Ttc>o)ntJ~9+nDpO<1>p4eZ3A~T0CphS5O^$j4iQE6SH>nP-}h$2V%9R
zCcOl^k$#C<^N!8TNVlW%b2j&GIwu@8lV3IWxSUQz9+9CpUE>yJs=K4!T>Vg|Vi;<-
ze}>(03u=uswlq^*9JN^+q8biD&DcU)z7^H}NmNH}qGqg)r<ED;APgiU8nuQSQOD*S
zYAt<Qo2e^}-ZvrYCz%J;k#(r|!q=z{JVJd_O13eZt~zQ!F{mZ{05#*DWkmFD--Oy6
zhf!;L9A~0mTbK9G`-@S>>n5s0dD@u=HbU){A=nwm+w>XK0PdsCeeU*VU`<i^L$JNh
z|9m3q$xYNp;&*F62lHa8j>+WrMQxsdj^?<wL><4kP_NW@)RZqp)!T_#@d0X&IGxPt
z8ibnRNmxhce;pBx=r-0y|IX$Ctx&tUC+c{`qjvK|Y=&!4Yxoc~_4&J)7gTdpIvjOO
z=c8tJIjX~}Q0*MV%sT(Kh-giIL%k?6b~T%-B&uV9s2&eSy&q<vM!X)?fpe%m;oHru
zc`4LV)xgOZj*<8b-8i7T`Dnd|o(^PeC8D3xX?mECMjh0qibb8<X{Z_4f$Gpv)aHAN
z>PX?Y%o?{wjcgcJ$3>`_IDrxP0@cxhJ<X|_(v$PA3fsxhZoP>*W=~L4?|R$pjRNQ<
zT?v22PS^!&_Hudu*RiRnj-11q==63uUqUU^Pp@CGD`xFu9Ee)N9ep_e9};o(HM@5y
z_8|Qj2VkpyF6Vvx0yWi@`<qvCU(_*Mgq83lY9Ov4lP-&|N%zKwa)8-{ZG%lmldP9L
zMBG$J9bz^|3DmA_f;v{+Fg-@v^5LjA<UG{Ue27|#?@&|z0(E>VhMG5KIO-d)8H4aR
zs(z(`X30H$iD=i)!FG5Q12OL)GXuS`JLx^x90LZM&C>@5lb(f5@dfG!MT0Q&^$bRB
z>S!#C6Ht3>6>8=#A$x&;|7VEVTs2Tr*#cEzgiUWio#$&f*Tr8hhMN(67GXB&UR3!7
z48RPLrh`RLU(ar+_rfgeden>_#Zo%|XNjaE<29<s>7vXrEQs1XwNYyuWYbeo$1w?Y
zt}kFlyoQ>I`>4}WCEC~oRo)f#{SU(VxD<Qo{8t-lK0>olYknQ|(RqoQvNG?Ondys~
znVG1DzD6C#R57NbWl&4m8FhN5VMAPv+Ece}{!7$p35d17{~HqNL`FDj%64H0{(%~K
zpExtslTa_H<rt4Uun<;`H|M$&Y6;>|51fV_aVhFO^AOdchQrMF-!qK!--wJ|WN2is
zP*YodxEXmb)NY-LI@h~UACKp#rE!li>6WPbVo?KFgthQA>P40*!OU0*+(|kZ7omG3
z=U=;i`$%(K(v31}*a<Zw3s5hb+o;W1?_IOYBe50fIXDn6qaN5~v>EBUScUXaR7YQ<
z>XjVha{Ay5?1lF{L^Q=M>4>I02E*|j4#g&8&4V_hUO=x<^~;Vk=e!&4B|RHe-g&$^
zrXJMZ`5O7mIxkW0i&pQM`$wRb#`7@|?b@f<8*9C9Hqm_4TAjdX^q*kLJ*XGSWz-&M
zFwu-~GwP#r8MOpiCz%&gTdYrdJZdTTqB{BjU+Mhkn`|=je&F){4-G9)o2V^L!eG>z
z-9<fM^%T>wA5k+=V5)gxwZQ45Kfp$qYnu66ueVTBz8v*pdxd%-HJYv&@$fk$q8`om
zX7ImMpw{v}>X%E28Rp~E88edZk8v1@+3`B+z4067z>G7^rYnppuY>;B9#yX|>J-Ic
z9-i;av>9tq=l>vT1}<Z2e2V%izChiWZkG9BQ55xn3aCG@G)BGq+hb##g8lIrYKbe%
zHs!IX)3yOUiu^)EYh7TD+1-6m9T|_BnZ=kN52Jpf-Na0oYOXn!S+O$dR;U-tC{#yR
zqB^(-^-JgnRC`xYrzyic&c8NAy?Lf!2<m(%q8s<4PQ?w>CTcm~tnEb90}rES>IG`1
zvMewi48T;Rt79XqjT*p6EQX1w_r=Zy95Xd^oeUk19EoN`P0%|M)C*)K>c(AIPxVnV
zP-vlf^OZ*}K_~2weXs}aMvXXNk?B|yOiy|M>Xbxyh^S|)P`mOVYSaCKd>)-_i_HjY
zpk}Has(ch`H?KlX^{=QA`7SZ9<T9xHTVooGLd|TvEnkjq(w@CUw5C5{5p+H@BQ1)0
zL$$;LxDwsCA64%Ls>5kMGBZ>P)v-X#f|2OPF{rg(hE?$-7DC^p-kIm`e~75T?x?R<
z0%|IgP*cALb$-v|Agr;>ocpDy&GijxiZ7$uNx$55tQ@K%?QOars@^zkgzGWC&i_Lq
z&B(~O!c0+T)Qe>_YRy-n8;_#S?|sx%r~25Gmqv}SJ!(cgs2N>>U2!jJ#5q4Pd#5^T
zX<{%3&vzCO$%vn0W88+?9Dkx-L^W2LwT?z@%8jT7FQWeB^b+;G&-AHz<(5X3_d|Vr
zJgAvjh3fdX=*CCr(K*lhnK}QZQEMHB+EkNJ4S$T9%H60AoIrK(57g3BU1ffV%tmdp
zZK#>MfqG!N)n-O2p!P^RRL2rlbN;InSwV)T?i}hEzCir~Dz(P=7HUc-qw1|ft>qC^
zgTJAsw8&bsXPRRP()~~~F%fmjKEphC05u~&uJzbIFnn%$R14Mf{;1<N0d->%s-ctU
z#z&|JWc|W4SPQjTJELYa-1;82C%ptUqjyj*tkmmF`}sXYT9MHjHS&3=ksZLd@e!)0
zZPuH;5rrD*M$}ZF!Pe+(FmK2<Sd-)js2SXcTC&I36Z3v)W-QL?S#BdoQE#+AP;bOE
z8_k=l7B(f_7&Y~iFfFb@&B#Vn{qIpDPqoR6EFWsBTcJ)<Flu1aQ3KkJEUCx&k%<1{
z;4iF?9g@s0o{nnx0H(v|sHJ#?+C2F-n+BVp@`s`xI32Zgt5C=C3~I*GY%w!Y23wHs
zg6(zwmk?=A#vNOs@>cWLZ*OBG@|U7E*;UjUW=J;gixQ|!8G(AIPeo1jeAHgpjXF)|
zP$Pei8c>mKrej^vpXWOhi0Fp-s5M=Wnz9S1DNps4d0=r=c{u9Lw*WO0Yf%qAg_^-X
zQ4g-Y-MnympxzVnP#s={I+kCfM^kl=h<1J69p(WItwXR8`SVdzc^36cChbnMhPkYD
zP#x)mT7n5Se;MjQ`%!Ps+cy0QwK<FJ;{2<}U3ZzD%|T7oM$~Dzg6deN-Nq`Y-+(==
z(@-Pbhnlggr~#$lWAbZaL(<)_5za^bEI*5Sv!>tcF>BIzuh|rFs0uq#YxNM-k;41T
z9_WaTNxzHja1XY@O#97)dZJ!vi?A7<K+Rmv17-ltu^Z`dY=rwfHsW*8G}Huj8fKzC
z9@kM*So4r+s1K?`Gf<m$7i#T&zcx!!9@W8)*b(PqTfB)n1(gq*J<<(zpJy%+t;J3Z
z#Cup9D|};qBo4+Nq?e)A@ORXRG9585t_G+FO-3E73#d(7_**mLCa52!gHat{i8@U`
zAWQFYUK7y|gZkf@SL!>cW3~|0P!ehl&!9$@^Qf7Tw@?j^LG6ikm<6w+-Um-ndnd~=
z(_VGdChdqSAK{hrH=l?$-6quLxr!QTrsHOcieeGcZBbvtXq%pD)9X>2@LN<nw^37_
z^MrYDZOlx%D{5~9qdK-o`8xl*ZG~f~U3?kUku)dGajb?qzx_}Th(W#Mm)Y`j=tJ7)
zds9C(rXyX+S{wDgXpFkQJEp<+(4!GeA)-z88EPa)u`S*~tyRraw&&JGs1BV#jqEyR
z#mDG<Vf|o6SR6Igtx;dSL8uqd7}P*N`hoMW&3BlLRQNmUhCfj+lH8}wZ^0_4DQkdw
zKrm{=6R;3Y#tgU`^;zDGy8jYtGe1Wi=Za@c`$4EpJmw7NzbTOow%{3NBAxZD8Brl@
zLb@`lfq2xhS%umYC(*mvQ1!B$Gi%=!b^b@7)_k|ke}-x&_jz-FYY!1keI#mX=AwGG
z3AHpgP;2)ZwRYJrnB&?ARc|P2_pd;W_$+D(AKCKE7fpUc)PsAXz9CalOX%53L`!f4
zeenfqbG*XTnEH~Li3}J{x&V&E4^T7Zd)drLHq?XbqL!#9x^Wb0i9STl^iFJrt{=Sv
z(!c+2Mm7QiDfkps@fJ43a#zf&G6FSI>rgZC1G>?<Y93G+wKRdKb3VkT=b#?A1M6ez
zYvvbI6ZHQ6pFu=Z_&K`q8tMVApUg3<fLe-ysQmG$_rnI%$PQr+{2A4Om#Do_^tw65
z%~3D3IMe`UVjbLq-tYe-B03KIn}Xg4l|enIIcjsoqSkg6>Va!f9sU+I(%06KH_h(v
zfO>xnLzS;Yy^xNg9{dQ^k+MH?{u>bKL_{B*S?Jw#sI`BM+SRFlF}t}H7A8FtwW~Lx
zUPQOB5f-{-W~M)C35TIRvpcXJKEw7{`L_96wXwH3|FLA8CL<18{%Zc#YZvN474Db^
zbws^rCZZackL~a#w!|uT&DV1jYH1Fmmf%OLbI<&BUQyHwEgm)C756;mUl4dkhDKEN
zzL|kA)LKrku1BrmIn+p=pmu-72j&>nM;+ges0T!23tWQg$PLuerFm$Upakmp26>3+
z>o><1e2tw*yB?V}>w<5S9*$bmQ>dTW&SNvRxiLM-PN=2ph1!h6QO9~3>b{+*bAJb?
zV$LU~zGnpy^<)?72gL(ygVmp!O*Rg-8MmUQ?1oL(cxFZ%j2hv1)F%DZ=I=or-z%t@
zDEQp8I}o*$n~=@uarO~W#lKLywcc;0=OL(FKF@jtb&g-5*1YBK<}a0Iqo(#l)VqHt
zs>3%>f4P<A5Ay@11$HC75VdI^U|#+HFY&@O6o`7&wzcX0s5K2o9hWJnDg6?4EU%$v
z?r+qaufj_+6K&C-bTsNd52}NoqL%uQ&3}Pqc)nBUPxEeWjatKZQB%4Qb>j}y+Fe2&
z*ED~b@@A+R8f?=aVOG+6F(aPB)_4_lf0@6{>F9=<>2UODgma1L#jweGA2qU4ugp~S
z#6Z%sQ62mNbvhoRj$7{6b_URgbX(N7qywr0U9l@JLp|piHo}UIkNNL^4du3CWK2PI
zXal<OIBF&yVqMJU^6~DK_Ne?BsQitn4&6u1NPv%zcjnrlmMk3gK3Re~4ZE-c-u2=C
z|InXE-c+W6QK-$a67@c~jM_xme0{thk5;JkBy5YjQS~yU_VNDs48#niJELB?eNms?
z@u+&6Q9nrTSc`emn4a~;4it<<eWgyKZpfV0$Gd5oqK@SVtbzwo9r+#eVuf^O0Ig8R
zI0jYkE7U9e9`?dY>3y7jI1Tk4@!TV#Df0F6aa`!9g_DFtZ%ot4?j`72K&6G$sgla1
z-~8tn<bO`RHH2)G?<8H5_;T(E!WQK5{_<V}@LQe#WZTdzDioopB{zNiM&nw~4@u{t
zd=O<{la3``fpEmz6lIhjCH)<Z-X-3bdO0cEf>{We?L$?4FZIrn&V}84Ie&M^tV2c@
zLJu+{2{VZ=#5b=)<mI68@`RGa>l1ieJD>7^9|^j8a?j_KUn7K)cZX1%ItxgL6V4OD
z2)e3J*T+NQDiYf<<@%8L7bNc54y@&d-w1oi^S2L5r0f^MGx8pgSMH7b-z7f>X}(d;
z5aLJQDC19O&fA3HHqY~nhL6)gCEKeFG&q<vA1tRKp^>e4m;6hFF@%&W5B2=HPe=9>
z9yFhH6!9;~%T4?*+-dLsjC_73I0wi(L%cEdE9k$!@(qdUB$`m5YdSaT(z{;Qm)!Ih
zen_3=1YPZ@yBXV3R+LbJ^kBk7+s0Jd*h;(uWx6<}&K2Uk9-NN}&27DhsaXG^6s)ir
zKT^3a@xI>MI0aOmLwG`ilW;Ae9OXN>C(PCfN1gGi_F=iLDvqM=YUEq=Z`UN+)0<G=
zAMbzNLh(c@>4WhLh21ba57Uo~IMUS!qe<)XqtRo;=izYjzaw6Vc*^yXcqLm`uis*X
z56D|dUJ~(=+@q^Ad7iR7bSjA<gg*#9DAdPeo2~Sin<kS!Nzj#<{GYh-q#e;pd_ew1
z!Y=X`*!xs>wEn@hg#1k8&m>H<_q}I2=y6U_c#KMyDVR>kM0z)c7s$KF4RbM;yvgPU
z=aiM~e_i_Sd#H1cpevp_MY&gR$UV0H+qjw#LH;71Q=a&9zCYe8n#@b~X8nrUK)j;8
z(bV9rMjc(pZ9T<5piV6s8%bVX;`gXCn~;^fQ1Vt2|CM?TNcXq*y(Ha-{BeXE9{#bO
z8zZQY8Mjj@ns_rRZNZ}C>B>f2S7FM#67N9%b?(*0$IN@}!-ABJH%ae5-zV=O^$OYh
zQ;Hf98B6f|Mup#r9J9S6>YOGlB+c&zhu<8|do*yEdLb(0szQ1R=@Y~cQST4JGU9c~
zi+$rkZ;@Y@^mn?+UVW*PKuAZ~(p2n!eTTb|(AAsJ)y9?n!Zx<g=9MPzJ02cl^V8r`
z(l-hEy6K7{zQLC7AU%>ee~xj!CI1xZU`)9pb^iNPIFugg>PO*zf_~$tToZ_tqkJPF
zmu*;OU(>14q+4Tg?#W4cW#Ub2TVG;F+sIzsM_E3MAsUbQNqf(~t>dIohP}$t;078<
zOU0(-6`(8!d1nbJ*KW#Q*~Dj*ze9a~9DA=?wq8!sa|ryZckWP!zrFMRKDdY3sP9Qd
zWE7RB*@iBXPPx{<(V>deIm8V!P(PvG!bzB)yddsrMcpv+{E0upeB^H;bf!)Q!dCL0
zP^TC+C%-u18oxg&B7>Wn682KKiArw#nEc7)l_%bmyd#7kxT!wQBR}QZMcyj%bZs+u
z{~1VL1MbyTgZdNkZSvm1Vwi`#s(OA54YX7(u91XIg!ibxpGlp<G?1C}FQj#qpzdk=
zaQ)`5PJ9u0Gl;thx~`H=x%6A|SK6pV$VlCKl)b_=1n;Hs&nJ=H_A~<zx<aMn<Q=7~
zC;6-G!-LH&&K=6TleZ_O5%OD8Zyfn!G04^*f*;wqerM<^L-`e4Oh_Q^3E&?Gxbb}|
zp20xENx}ot-MHxrE+X8eULW!ga$^KRR~ABP%3j*Wf1r-8076Id_+y0kTFiY7Dcfw*
z@#N;@zBbzbWk?*Oa3Y0!@IIB_p|CIESK_)(6aSpD8l>|QPqGaq5-&pD5XyEDvJy&}
zTb#7GgR%<LNx9}xo^stLJ}l+@rLnm+ZRL{`w&dmy@k7cE5%v?hldequZq&7wj?Cwt
zgM`d)Jm?8^bala!Hh&}Ob%bWzd&cI4^5+kyplwVyTqh)v*Mo+u6R$_b5Q2+Ph7d^I
zD&)7K&J;o}(rHjvC+<0CXJ#jPUlAq{^q=<bKq$)n^(Zfk)d{*hGi*eO%Y=<oh$C+o
zMv`tp1D|knI|brzUf<h$r%*SPf=4#}9d;tjvgtG2tLrTHSEO#rbyep-KN*Xuu#L(=
zn2ykez+Y-POYnVr!w<HxCgkb*n#O*lZ2udbI!FF`TR)@CpJwZyr!0mx7TWT2<flsc
z{?DWEDTVQbt+oPL-fJHfzp#znBWIayZ~zt{WTJj2TtJ;`gh+e;Y2qhrr)^VCBk}@m
z`3f>e==^_eGgL|YAvd9%5^r3k$vaDW9qNy31?)Ya@_;hL)7l61CEkwmV$}PdP@eR8
z)b+i=`_FsSzev7$|Js5MWY)3`g>vI6M)d(@n{Xgu3-M<dKv`FA?nJ0TI^}B2y<;f*
z#y&75U(P2lJ7oj0Ac4O$(SJvt^`~$=jojkquJ{&(BM5FP^r!4o^v8DzRc+^pI@hSX
zfiQ*mYwCN5U!v|x6>=p|x3(Tc(DeglgUIut-YfDtlm3>!f8_rL&5s9LsUGnt;&Fst
zR9M1|<LpD%;RN#dyGif$5p_=yZ%y4&gm*}9rQ|2#|9MR%?_<h!Ew}Bx$GtbS-nteN
zUQsZIO8to6!k_Ryd86=C!U|hAy=@>J=>!@HCmbf|`Uo#@?>^$4DIZAP&xy|^zc=yR
zgx0ohPU?Br|FUf`n_A#XPl2xOgh=9B?Sl_fZ@ssKKT=sM(bzb`Xv$RWH=Ccr2ex9k
zwFR!BFq*Jj&(CKco^nHNDl8^%7<Q+{)imCmcp=+~J(T6OBRF8q%FV+l-%h=h>ooDN
zD1S))QQ}XrquL-8BR`CAM1TITNQ3X&8yix1o`PS=8%s#Jj+5V>{5sUDMLY}f4ipX|
z-iLS(TlX4y$L&pn$sa-Rq3kx{4DlfZU3KmAGNgQ$r&5s7W~xG0LSDizgfcwjXBv1;
zJcK&wN%z9Sq)QSXLs<<%OWXKV;=1<PbX)3fByT+Fs?=X=pEH}dXTPmHn#?#VR3W_0
z&ArHvAbe&kHze;fZdgkBPXu4WbjtM?iIs`3wDr=H9!ou4Gq49f!}Qcixk^*F3yFjJ
z^Z!Q_F0-9bh03;}ljOZi$YJmL**2==T=L(hUTRym%$B{wLk^KY-R7qyKR59p!p}BO
z4E$GTy!)SDCfxKnnUe^IiO(fGq+%P?wUP(+!TL0~pE`qx4<|GsOs39GY(yPhLrE{D
zP6TyZ;U5HD+ekm9Y%cyqh$HWa&i^AKpHS&KVKeEyG}OvISU29W4JbaC(3A38)Ei{;
zZ>xao5_zZWebtEHq`WM;ss8{|Q}*r~ZQUjADPntVn&5Xkl^WPYDdGpI6m9DqAipQ!
zTN=}KlQ5sqn|f_+p7JM>))j*vaQ|B3D~PY5ohgK5@~%^Vln?8lfr$P}G%J2X;c_az
zBpyg!c7m>^<o!-wO{~Vv|9RD+tO56?qhL1WwTbI$iQ@^yZMv<=_Wm<Fd4KBt7t9Uc
z+eTO6Z5m6tW)k0K%ak{Xo8F}p3v7isq_<FK7wNx=Kelz-6Mt&sjj6AzolTd<Skg)4
zf2Q+)iAWZ1NVyV-47QyZX7g`YOW8)cV}0r!CI2hJ_q5TByc68lkaRrh#<s!dq>~6g
zlQ+=jHKks4(suvz38f$v87bE~;y;kc$c<NV0AZ;u^d+wV4KyG$=AknP7s%UT?_WiJ
zD$+g4|KF}y?|*;!jT$4kX(=~fp`k6rXA^P}g2~gBj2$V<W*;=mKA^uXSDjmgn&dxK
zg6nU})>FT_t@Af|g-9<VWYGJ+Gm($Ty!=KZ(}<6yk(oUFBB3|wC)8<1d?fXCWhH)-
z{2Rop+C1g=BYzC}6A2-N=d@Fey!R=4jb*Vnd0%qR82xIQMrLY)Kb7CSVyL7mlg+<?
z+iiR}7NyK(>wHB#nNW~+YTLZw#KWoAf^<jXlL@(~<M7PF<UOLybAm(;B8SOeLFN?F
zL#bGTI5??M*HA(~>gk$AoeDPJ59_ER*L}iO%5K>*<^5>O&T;Q}!fx_L;so-W==Wba
zZg@eWkFB^!cX8z<zXcAnjU6DZYuOu(Cz3atJU0z)BL4(oH|<=ob&lbmq)X^to2NDg
zkk_7j-q`>AARwa?S?8%diV7~giMrAfUqS<^y*IIT<mu=<CchbZMQ|MHWV~nV6t?y!
z?_1jWnESsX-VeJ|*Lzjtp8*uMq4GuwKOz0QedseP{z3j6^41X_Ks-NncFYazp50T4
z+$eH&wZZnd+1_~;FH>_Cd9_r5s}P|S`S;0hi(LraXmONnV+8rS_7WZ|!WB(<5nCQi
z{kO=gOZdi@e;4E@Zg`<uT)y_^dED>`71NMzPiRB@Dq$vd@)0JG_a}9JBz!^sLDaRA
z_-h{2i1M!qS;&9OKKOB}q^Lo|)4bKROQ5?{Y-pT2Av!+B9X&kC9UL??Xh2v*SX@|W
zY-vBo?RJ+c9#YzEDuxY;az{r+B)n13EMiblWKe{=RA^LiOv2DOQ$F``WB{RN*Uoyt
zzZLz{rnl_>=i#Q}zaE}cFsi@r+#LI}R4X3qwrz)oxMM?OW5c4O+~J`Ke$GE7${HRP
z5#b&X>W+^M4Vjw|b0PabcMXh=spBqEJhn(u>)4#WNeROn6q}p4q(CaS({b)tPtK&H
zOQsahJ}5piG%C&=6&>de9WgXCI4(3Ksms1u>GDPfMTKy8h3b`Ji@3vL-9eE9!Un}h
z$H)53y?W$)(y4EU`Q!<W^WMPB#)Qz5xWVo&72DTw7mrP9b}ZhfN<`?eptw+X++adX
zd@K_<&>hQIgW}?2LSxMh!-68hLfjqO1iC|l;)3RGJ2AIF@%Zus!s2K}<1OcI)s$#C
zcW_K7jfEuDJekQiDeUz2R7oM{zjl?=oiU-o(R4ub&5Q);Huvzsp-~jX#e{_p3yT`0
zyx62d7we?*j|dBjb%%rw42xnXL`Ti-@Z<E{PFR%bNN{xIn*&e!?#JP-0?|WN@n3aJ
zGG%U(YF(X`F$>KPS0Cb{qumkFQG=2W-`$p~S{Td5vx8#HEIX0^k>O^E-2dL3U()D@
zCsQ>v(;gDdH2t$Q?jS~I+wyb%{l5QLq9#v0Nn4+;^G)LpjfshlN$UH@OIOn9mx<Xt
z-j!fwLL=NkAwyUd_E%iAyLq>^ZQUX9tW>o7pEU`K8W`>8{13OZZ`Qq8=ahQ}1esMd
zcf?1;g+;PlPJC3*fCz7+Az`sYBZ3kVD`av7G!GpS8XV8o2ptg@8WY7C8yXWmC?+V<
z?~NN+?~wnhz>>xejgE>9)h<h}mC3ciCw*|((7~ZGq!X|DyV~Uq{jWWivb&OtWpUNX
z?(rV@1om!JXm~_u4Euls6cH8^7Z&x#={L24BBBm%9O({=92peB%OKnxc3{=NRcjW}
z!n`CBY}G@{!Uo2KMubL&{&(eep~HgX6W=fD%APo^sH=j<oc^GY(BM$_|8}3Z-v6`5
zZ?^V7cle*@_$6;B>Z+4EtIY{>4`VX)eo5>w%9YpG8@oEnl_zyVP;gLq^377NoUQ=9
zPs}9ztH)6xVabn6yWUEj9A44Yt9;@|y<H`F$#hM;bJ>+I`Fd~HdlmDBgdSWLc4%2#
zSj?bMW}A7BiVREO#Kb3uOmn$1<W70hghxll$Hkiki47a+mmHGFV-vG{;qpuVY@w@A
zs)B(LgAQ(t2#Vq`ga^gM9o!hj$&U$hNAb2}PaIg{`pu`I8Gnol2OZcsEHsMueoRCd
zonW;Gg&tTHO3M4%(V%0)++pm}gabRnV?)`xF^Sujy1q+aoPLDGMTCVXel^HdzC_B*
zG2U`K$sHFI6E-+3DkRh$9TCsi;$z|?7|*z6t~I{N?N++{QYU}0#?{8B27Mh&<%l5q
z;|_{AxG^T2my>p7cu+zJeI$E8SPaM8TQA7Xn=r;n99`R$Cz*j?PnFyBnE7zW#7D-D
z<k8#{d2nMQ|3{78xt)KCz0;TSYD!-ErR%n<(m$oK8aTWDjT=(3I0*l`?fp%z(^>M`
z-ne5AY#kZQ%(xG%iVk<jkBpB>?s34i&bMJ`cx+fWZ_<BO)=61K+bSh?ue@2y?Y+@2
zvF<mnyvYT=aV7Y+HLtsW?urVF`nQJNVT0qs*oI70LUg#_|Lr;6Bdi^hIQOV)MRJK_
zu3u7TiVlyD3~~=<K4TAVOwRCwYrju&y0fmbxjp~32l!Pmh)uv!^4MtJQas0O8xCeH
zACQDlwn*2&cC2(z3~zy;1TAM2Yv;$moWC{hz)tUS{{OWT*rjb?w*PJ^vGM~~`NVd&
zT?MNJv9ufxKZge#TIP;V7!<F!4{ILfP7v&RH)D&k6}=n3_XF3LsS>Y^as?#%JaN5K
a<X=bNKeu^E^uc9p)u5Q<m?y4dnf?z>OqQSk

diff --git a/po/tr.po b/po/tr.po
index b94ccd6..198baaf 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.0.10rc1\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2015-02-11 19:18+0100\n"
 "Last-Translator: Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>\n"
 "Language-Team: Turkish\n"
@@ -18,52 +18,52 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Generator: KBabel 1.11.4\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "PIN giriş kilidi edinilemedi: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr ""
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr ""
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr ""
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr ""
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr ""
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "Enter new passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -71,7 +71,7 @@ msgstr "Yeni anahtar parolasını giriniz"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -82,26 +82,13 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Anahtar Parolası çok uzun"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Kalite:"
 
@@ -111,11 +98,11 @@ msgstr "Kalite:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -123,7 +110,7 @@ msgstr ""
 "Lütfen PIN'inizi giriniz, böylelikle bu oturumda bu gizli anahtar kilitsiz "
 "olabilecek"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -131,82 +118,76 @@ msgstr ""
 "Lütfen anahtar parolanızı giriniz, böylelikle bu oturumda bu gizli anahtar "
 "kilitsiz olabilecek"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Anahtar Parolası:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "aynı değiller - tekrar deneyin"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (%d/%d dene)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr ""
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN çok uzun"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Anahtar Parolası çok uzun"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "PIN içinde geçersiz karakterler var"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN çok kısa"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "PIN hatalı"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Anahtar Parolası hatalı"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "kartın seri numarası alınırken hata: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Lütfen bu anahtar parolasını tekrar girin"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -218,85 +199,74 @@ msgstr ""
 "Lütfen GnuPG sistemine ithal edilen nesneyi koruyacak anahtar parolasını "
 "giriniz."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "%d bitlikten daha büyük SSH anahtarları desteklenmiyor\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't create '%s': %s\n"
 msgstr "\"%s\" oluşturulamıyor: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, fuzzy, c-format
 #| msgid "can't open `%s': %s\n"
 msgid "can't open '%s': %s\n"
 msgstr "`%s' açılamıyor: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "Algılanan kartın seri nr: %s\n"
-
-#: agent/command-ssh.c:2446
-#, fuzzy, c-format
-#| msgid "error getting default authentication keyID of card: %s\n"
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "kartın öntanımlı kimlik doğrulama anahtar kimliği alınırken hata: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "uygun bir kart anahtarı yok: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting list of cards: %s\n"
 msgstr "saklanmış bayraklar alınırken hata: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr ""
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr ""
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, fuzzy, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Lütfen SSH anahtarı %0A  %c için anahtar parolasını giriniz"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, fuzzy, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -305,95 +275,91 @@ msgstr ""
 "gpg-agent'in anahtar deposuna korumak için alınan gizli anahtar %%0A  %s%%0A "
 "için lütfen anahtar parolası giriniz"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "sokette akım oluşturulamadı: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr ""
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr ""
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Yönetici PIN'i"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr ""
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Sıfırlama Kodu"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "do not use a reader's keypad"
 msgid "Use the reader's pinpad for input."
 msgstr "bir okuyucu tuştakımı kullanılmaz"
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Bu Sıfırlama Kodu tekrarlansın"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 #, fuzzy
 msgid "Repeat this PUK"
 msgstr "Bu PIN tekrarlansın "
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Bu PIN tekrarlansın "
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Sıfırlama Kodu doğru tekrarlanmadı; tekrar deneyin"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 #, fuzzy
 msgid "PUK not correctly repeated; try again"
 msgstr "PIN doğru tekrarlanmadı; tekrar deneyin"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN doğru tekrarlanmadı; tekrar deneyin"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Kartın kilidini açmak için lütfen PIN%s%s%s giriniz"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "%s yazılırken hata: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "geçici dosya oluşturulurken hata: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "geçeci dosyaya yazma hatası: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Yeni anahtar parolasını giriniz"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Ne olursa olsun bunu al"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Bir anahtar parolası girmediniz!%0ABoş parolaya izin verilmez."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -402,11 +368,11 @@ msgstr ""
 "Bir anahtar parolası girmediniz - bu aslında kötü bir fikir!%0A Lütfen "
 "anahtarınıza herhangi bir koruma istemediğinizi onaylayınız."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Evet, korumak gereksiz"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, fuzzy, c-format
 #| msgid "Name must be at least 5 characters long\n"
 msgid "A passphrase should be at least %u character long."
@@ -414,7 +380,7 @@ msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "Ad ve soyadınız en az 5 harfli olmalı\n"
 msgstr[1] "Ad ve soyadınız en az 5 harfli olmalı\n"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -432,7 +398,7 @@ msgstr[1] ""
 "Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u rakam "
 "veya%%0Aözel karakter içermeli."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, fuzzy, c-format
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase may not "
@@ -442,7 +408,7 @@ msgstr ""
 "Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola bilinen bir "
 "terim olmamalı ve%%0Abelli bir kalıpla eşleşmemeli."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 #, fuzzy
 #| msgid ""
 #| "Warning: You have entered an insecure passphrase.%%0AA passphrase should "
@@ -455,237 +421,248 @@ msgstr ""
 "Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u "
 "karakterlik olmalı."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Ne olursa olsun bunu al"
+
+#: agent/genkey.c:464
 #, fuzzy, c-format
 #| msgid "Please enter the passphrase to%0Ato protect your new key"
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Yeni anahtarınızı korumak için Lütfen%0AAnahtar Parolanızı giriniz"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Lütfen yeni anahtar parolasını girin"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Hata ayıklamaya elverişli seçenekler"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "artalan süreci olarak çalışır"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "sunucu olarak (önalanda) çalışır"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "run in server mode"
 msgid "run in supervised mode"
 msgstr "sunucu kipinde çalışır"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "konsoldan kopulmaz"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh tarzı komut çıktısı"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh tarzı komut çıktısı"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|DOSYA|seçenekler DOSYAdan okunur"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Tanı çıktısını denetleyen seçenekler"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "ayrıntılı"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "biraz daha sessiz olur"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|DOSYA|sunucu kipi günlükleri DOSYAya yazar"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Yapılandırmayı denetleyen seçenekler"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "Akıllı kart süreci kullanılmaz"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "[UYG|Akıllı kart uygulaması olarak UYG kullanılır"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "[UYG|Akıllı kart uygulaması olarak UYG kullanılır"
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "TTY değiştirme istekleri yoksayılır"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "X birimi değiştirme istekleri yoksayılır"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 #, fuzzy
 #| msgid "enable ssh-agent emulation"
 msgid "enable ssh support"
 msgstr "ssh-agent öykünümü etkinleşir"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr ""
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Güvenliği denetleyen seçenekler"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|arabellekteki PINler N saniyede zamanaşımına uğrar"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|SSH anahtarları N saniyede zamanaşımına uğrar"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|azami PIN önbelleği ömrü N saniyeye ayarlanır"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|azami SSH anahtarı ömrü N saniyeye ayarlanır"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "imzalarken PIN arabelleği kullanılmaz"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 #| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
 msgstr "eski anahtar parolalarının yeniden kullanılmasına izin vermez"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 #, fuzzy
 #| msgid "allow clients to mark keys as \"trusted\""
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "istemcilerin anahtarları \"güvenilir\" olarak imlemesine izin verilir"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "anahtar parolasının önceden atanmasına izin verilir"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Bir anahtar parolası kuralını zorlayan seçenekler"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "anahtar parolası kuralının atlanmasına izin verilmez"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|yeni anahtar parolası için gereken en küçük uzunluk N'ye ayarlanır"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr ""
 "|N|yeni bir anahtar parolası için en azından harf olmayan N karakter gerekir"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|DOSYA|yeni anahtar parolası DOSYAdaki kalıba göre sınanır"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|anahtar parolası N gün sonra zaman aşımına uğrar"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "eski anahtar parolalarının yeniden kullanılmasına izin vermez"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Güvenliği denetleyen seçenekler"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "klavye ve fare gaspedilmez"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|UYG|PIN girme uygulaması olarak UYG kullanılır"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|azami PIN önbelleği ömrü N saniyeye ayarlanır"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 #, fuzzy
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Yazılım hatalarını lütfen <"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Kullanımı: gpgconf [seçenekler] (yardım için -h)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -697,148 +674,143 @@ msgstr ""
 "Sözdizimi: gpg-agent [seçenekler] [komut [arg ...]]\n"
 "GnuPG için gizli anahtar yönetimi\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "invalid debug-level '%s' given\n"
 msgstr "belirtilen hata seviyesi `%s' geçersiz\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "seçilen özet algoritması geçersiz\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, fuzzy, c-format
 #| msgid "reading options from `%s'\n"
 msgid "reading options from '%s'\n"
 msgstr "\"%s\"den seçenekler okunuyor\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is a deprecated option\n"
 msgid "Note: '%s' is not considered an option\n"
 msgstr "UYARI: %s seçeneği kullanımdan kaldırılmak üzere.\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "soket oluşturulamıyor: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, fuzzy, c-format
 #| msgid "socket name `%s' is too long\n"
 msgid "socket name '%s' is too long\n"
 msgstr "soketin ismi `%s' çok uzun\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "çalışan bir gpg-agent zaten var - bir yenisi başlatılmayacak\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "soket için tuz alınırken hata\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, fuzzy, c-format
 #| msgid "error binding socket to `%s': %s\n"
 msgid "error binding socket to '%s': %s\n"
 msgstr "soket `%s'e bağlanırken hata: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 #| msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "UYARI: %s üzerinde izinler güvensiz: \"%s\"\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
 msgstr "`%s' soketi dinlemede\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, fuzzy, c-format
 #| msgid "can't create directory `%s': %s\n"
 msgid "can't create directory '%s': %s\n"
 msgstr "`%s' dizini oluşturulamıyor: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, fuzzy, c-format
 #| msgid "directory `%s' created\n"
 msgid "directory '%s' created\n"
 msgstr "dizin `%s' oluşturuldu\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, fuzzy, c-format
 #| msgid "stat() failed for `%s': %s\n"
 msgid "stat() failed for '%s': %s\n"
 msgstr "%s için stat() başarısız oldu: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, fuzzy, c-format
 #| msgid "can't use `%s' as home directory\n"
 msgid "can't use '%s' as home directory\n"
 msgstr "`%s' ev dizini olarak kullanılamıyor\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "fd %d üzerinde tuz okunurken hata: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "tutamak 0x%lx, fd %d için başlatıldı\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "tutamak 0x%lx, fd %d için sonlandırıldı\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh tutamağı 0x%lx, fd %d için başlatıldı\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh tutamağı 0x%lx, fd %d için sonlandırıldı\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, fuzzy, c-format
 #| msgid "pth_select failed: %s - waiting 1s\n"
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "pth_select başarısız: %s - 1s bekliyor\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s durdu\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "bu oturumda çalışan gpg-agent yok\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -846,12 +818,12 @@ msgstr ""
 "@Seçenekler:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 "Kullanımı: gpg-preset-passphrase [seçenekler] ANHMAŞASI (yardım için -h)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -859,8 +831,8 @@ msgstr ""
 "Sözdizimi: gpg-preset-passphrase [seçenekler] ANHMAŞASI\n"
 "Parola arabelleği bakımcısı\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -868,8 +840,8 @@ msgstr ""
 "@Komutlar:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -879,11 +851,11 @@ msgstr ""
 "Seçenekler:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Kullanımı: gpg-protect-tool [seçenekler] (yardım için -h)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -891,16 +863,16 @@ msgstr ""
 "Sözdizimi: gpg-protect-tool [seçenekler] [arg ...]\n"
 "Gizli anahtar bakım aracı\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr ""
 "PKCS#12 nesnesinin korumasını aşmak için lütfen anahtar parolasını giriniz."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "PKCS#12 nesnesini korumak için lütfen anahtar parolasını giriniz."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
@@ -908,7 +880,7 @@ msgstr ""
 "Lütfen GnuPG sistemine ithal edilen nesneyi koruyacak anahtar parolasını "
 "giriniz."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -916,60 +888,59 @@ msgstr ""
 "Lütfen bu işlemi tamamlamak için gereken\n"
 "PIN'i veya anahtar parolasını giriniz."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "iptal edildi\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "anahtar parolası sorulurken hata: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, fuzzy, c-format
 #| msgid "error opening `%s': %s\n"
 msgid "error opening '%s': %s\n"
 msgstr "'%s' açılırken hata: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, fuzzy, c-format
 #| msgid "file `%s', line %d: %s\n"
 msgid "file '%s', line %d: %s\n"
 msgstr "`%s' dosyası, %d. satır: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, fuzzy, c-format
 #| msgid "statement \"%s\" ignored in `%s', line %d\n"
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "`%2$s' dosyasının %3$d. satırındaki \"%1$s\" deyimi yoksayıldı\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, fuzzy, c-format
 #| msgid "system trustlist `%s' not available\n"
 msgid "system trustlist '%s' not available\n"
 msgstr "sistem güvence listesi `%s' kullanım dışı\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, fuzzy, c-format
 #| msgid "bad fingerprint in `%s', line %d\n"
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "`%s', %d. satırda parmakizi hatalı\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, fuzzy, c-format
 #| msgid "invalid keyflag in `%s', line %d\n"
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "`%s', %d. satırda anahtar bayrağı geçersiz\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, fuzzy, c-format
 #| msgid "error reading `%s', line %d: %s\n"
 msgid "error reading '%s', line %d: %s\n"
 msgstr "`%s' okunurken %d. satırda hata: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "güvenilir kök sertifika listesinin okunmasında hata\n"
@@ -982,7 +953,7 @@ msgstr "güvenilir kök sertifika listesinin okunmasında hata\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -991,11 +962,11 @@ msgstr ""
 "Kullanıcı sertifikalarının%%0A  \"%s\"%%0Aile doğru olarak onaylanacağından "
 "son derece emin misiniz?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Evet"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Hayır"
@@ -1008,7 +979,7 @@ msgstr "Hayır"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -1020,21 +991,21 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Doğru"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr ""
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Bilginize: Bu anahtar parolası hiç değişmedi%0ALütfen şimdi değiştirin."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -1043,15 +1014,15 @@ msgstr ""
 "Bu anahtar parolası %.4s-%.2s-%.2s tarihinden beri hiç değişmedi%%0ALütfen "
 "şimdi değiştirin."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Anahtar parolasını değiştir"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Sonra değiştireceğim"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -1059,113 +1030,113 @@ msgid ""
 "%%0A?"
 msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 #, fuzzy
 #| msgid "enable key"
 msgid "Delete key"
 msgstr "anahtarı kullanıma sokar"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA sekizin katlarında bir çittirim uzunluğu gerektirir\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s anahtarı, güvensiz bir çittirim (%u bitlik) kullanıyor\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, fuzzy, c-format
 #| msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%u bitlik çittirim %u bitlik %s anahtarı için geçersiz\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "oluşturulan imzanın denetimi başarısız: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "gizli anahtar parçaları kullanım dışı\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "koruma algoritması %d%s desteklenmiyor\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "koruma algoritması %d%s desteklenmiyor\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, fuzzy, c-format
 #| msgid "protection algorithm %d%s is not supported\n"
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "koruma algoritması %d%s desteklenmiyor\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "boru oluşturulurken hata: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "boru oluşturulurken hata: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "süreç çatallanırken hata: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, fuzzy, c-format
 #| msgid "error running `%s': probably not installed\n"
 msgid "error running '%s': probably not installed\n"
 msgstr "`%s' çalıştırılırken hata: muhtemelen kurulu değil\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error running '%s': exit status %d\n"
 msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, fuzzy, c-format
 #| msgid "error running `%s': terminated\n"
 msgid "error running '%s': terminated\n"
 msgstr "`%s' çalışırken hata: sonlandırıldı\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "süreç %d çıkış kodu alınırken hata: %s\n"
@@ -1181,35 +1152,35 @@ msgstr "\"%s\" sunucusuna bağlanılamadı: %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "gpg-agent seçenekleri ayarlanırken sorun çıktı\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "\"core\" oluşumu iptal edilemedi: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "UYARI: %s üzerinde sahiplik güvensiz: \"%s\"\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "UYARI: %s üzerinde izinler güvensiz: \"%s\"\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "evet"
 
@@ -1263,57 +1234,104 @@ msgstr "%lu bayt ayrılırken güvenli bellekte nüve dışına çıkıldı"
 msgid "out of core while allocating %lu bytes"
 msgstr "%lu bayt ayrılırken nüve dışına çıkıldı"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "yeterli bellek ayrılırken hata: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: eskimiş seçenek \"%s\" - artık etkisiz\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "UYARI: \"%s\" seçeneği eskidi - artık etkisiz\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, fuzzy, c-format
+#| msgid "waiting for process %d to terminate failed: %s\n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
+
+#: common/asshelp.c:350
+#, fuzzy, c-format
+#| msgid "waiting for process %d to terminate failed: %s\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
+
+#: common/asshelp.c:351
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
 msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:364
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to %s established\n"
+msgid "connection to the dirmngr established\n"
 msgstr "dirmngr'a bağlanılamıyor - son çareye başvuruluyor\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:366
 #, fuzzy, c-format
-#| msgid "no running gpg-agent - starting one\n"
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "çalışan gpg-agent yok - bir tane başlatılıyor\n"
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the keyboxd established\n"
+msgstr "dirmngr'a bağlanılamıyor - son çareye başvuruluyor\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:367
 #, fuzzy, c-format
 #| msgid "can't connect to the dirmngr - trying fall back\n"
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent established\n"
 msgstr "dirmngr'a bağlanılamıyor - son çareye başvuruluyor\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:485
 #, fuzzy, c-format
 #| msgid "no running dirmngr - starting `%s'\n"
-msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
 msgstr "çalışan dirmngr yok - `%s' başlatılıyor\n"
 
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "can't connect to the dirmngr - trying fall back\n"
+msgid "connection to the agent is in restricted mode\n"
+msgstr "dirmngr'a bağlanılamıyor - son çareye başvuruluyor\n"
+
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring `%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "`%s' anahtarlığı oluşturulurken hata: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "UYARI: %s %s'i aşıyor\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "lütfen önce \"seçmece\" komutunu kullanın.\n"
+
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
 #: common/audit.c:474
@@ -1388,7 +1406,7 @@ msgid "algorithm: %s"
 msgstr "algoritma: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "desteklenmeyen algoritma: %s"
@@ -1465,11 +1483,11 @@ msgstr "Sertifika zinciri geçerli"
 msgid "Root certificate trustworthy"
 msgstr "Kök sertifika güvenilir"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "sertifika için bir CRL yok"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "mevcut CRL çok eski"
 
@@ -1507,7 +1525,7 @@ msgstr "`%s' için yardım mevcut değil."
 msgid "ignoring garbage line"
 msgstr "bozuk satır yok sayılıyor"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[yok]"
 
@@ -1516,139 +1534,26 @@ msgstr "[yok]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "geçersiz radix64 karakteri %02x atlandı\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "değiştirge beklenmiyordu"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "okuma hatası"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "anahtar sözcük çok uzun"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "eksik değiştirge"
-
-#: common/argparse.c:528
-#, fuzzy
-#| msgid "invalid value\n"
-msgid "invalid argument"
-msgstr "değer hatalı\n"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "geçersiz komut"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "geçersiz rumuz tanımı"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "nüve dışı"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "geçersiz komut"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command `%s'\n"
-msgid "unknown meta command"
-msgstr "komut `%s' bilinmiyor\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "beklenmeyen zırh: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "geçersiz seçenek"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, fuzzy, c-format
-#| msgid "missing argument for option \"%.50s\"\n"
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "\"%.50s\" seçeneğinin değiştirge ihtiyacı yok\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "geçersiz komut \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "\"%.50s\" seçeneği belirsiz\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "\"%.50s\" komutu belirsiz\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "geçersiz seçenekler \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, fuzzy, c-format
-#| msgid "NOTE: no default option file `%s'\n"
-msgid "Note: no default option file '%s'\n"
-msgstr "BİLGİ: \"%s\" öntanımlı seçenek dosyası yok\n"
-
-#: common/argparse.c:1843
-#, fuzzy, c-format
-#| msgid "option file `%s': %s\n"
-msgid "option file '%s': %s\n"
-msgstr "seçenek dosyası \"%s\": %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' not available\n"
@@ -1666,134 +1571,135 @@ msgstr "iconv_open başarısız: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "`%s' > `%s' dönüşümü başarısız: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, fuzzy, c-format
 #| msgid "failed to create temporary file `%s': %s\n"
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "`%s' geçici dosyası oluşturulamıyor: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, fuzzy, c-format
 #| msgid "error writing to `%s': %s\n"
 msgid "error writing to '%s': %s\n"
 msgstr "`%s' yazılırken hata: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "bayat kilit dosyası siliniyor (%d tarafından oluşturulmuş)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "kilit için bekleniyor (%d%s tarafından tutulmuş) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(ölükilit?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, fuzzy, c-format
 #| msgid "lock `%s' not made: %s\n"
 msgid "lock '%s' not made: %s\n"
 msgstr "kilit `%s' yapılmadı: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "%s kilidi için bekleniyor...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s çok eski (gereken %s, sizinki %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "zırh: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "zırh başlığı geçersiz: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "zırh başlığı: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "açıkça okunabilen imza başlığı geçersiz\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "bilinmeyen zırh başlığı: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "açıkça okunabilen imzalar dahil edildi\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "beklenmeyen zırh: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "araçizgisi escape'lı satır geçersiz: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "geçersiz radix64 karakteri %02X atlandı\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "dosya sonu belirsiz (CRC yok)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "dosya sonu belirsiz (CRC içinde)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "CRC bozulmuş\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC hatası; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "dosya sonu belirsiz (kuyruk içinde)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "kuyruk satırında hata\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "geçerli OpenPGP verisi yok\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "geçersiz zırh: satır %d karakterden uzun\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1801,13 +1707,13 @@ msgstr ""
 "zırh içinde uluslararası karakterler - büyük olasılıkla hatalı bir e-posta "
 "sunucusu kullanılmış\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "insan okuyabilir değil"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1816,28 +1722,28 @@ msgstr ""
 "bir simgelem ismi sadece harfler, rakamlar ve altçizgiler içerebilir ve "
 "sonuna bir '=' gelir.\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "bir kullanıcı simgelem ismi '@' karakteri içermeli\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "bir simgelem isminin birden fazla '@' karakteri içermemesi gerekir\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "bir simgelem değerinde kontrol karakterleri kullanılamaz\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "bir simgelem isminin birden fazla '@' karakteri içermemesi gerekir\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1847,371 +1753,359 @@ msgstr ""
 "bir simgelem ismi sadece harfler, rakamlar ve altçizgiler içerebilir ve "
 "sonuna bir '=' gelir.\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "UYARI: geçersiz simgelem verisi bulundu\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr ""
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 #, fuzzy
 #| msgid "Enter passphrase\n"
 msgid "Enter passphrase: "
 msgstr "Anahtar parolasını giriniz\n"
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring `%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "`%s' anahtarlığı oluşturulurken hata: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s, %s ile henüz çalışmıyor\n"
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "UYARI: %s %s'i aşıyor\n"
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "%s okunurken hata: %s\n"
 
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "lütfen önce \"seçmece\" komutunu kullanın.\n"
-
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s, %s ile henüz çalışmıyor\n"
+msgid "problem with the agent: %s\n"
+msgstr "aracı ile sorun var: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 #| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
 msgstr "bu oturumda çalışan gpg-agent yok\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "Tor is not properly configured"
 msgstr "parmakizi geçersiz"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "invalid fingerprint"
 msgid "DNS is not properly configured"
 msgstr "parmakizi geçersiz"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "bir yürürlükten kaldırma sertifikası üretir"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "zırh: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP anahtarı kullanılabilir değil: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "%s numaralı OpenPGP kartı saptandı\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "bu önceden betik kipinde yapılamaz\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Bu komut sadece 2. sürüm kartlar için kullanılabilir\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Sıfırlama kodu ya yok ya da kullanım dışı\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Seçiminiz? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[belirtilmedi]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "zorlanmadı"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "zorlandı"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "Hata: Şimdilik sadece US-ASCII mümkün.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Hata: \"<\" karakteri kullanılmamalı.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Hata: Çift boşluğa izin verilmez.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Kart sahibinin soyadı: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Kart sahibinin adı: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Hata: İsimler birlikte çok uzun oluyor (sınır: %d karakter).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "genel anahtarın alınacağı URL: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, fuzzy, c-format
 #| msgid "error reading `%s': %s\n"
 msgid "error reading '%s': %s\n"
 msgstr "\"%s\" okunurken hata: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, fuzzy, c-format
 msgid "error writing '%s': %s\n"
 msgstr "`%s' yazılırken hata: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Oturum açma verisi (hesap adı): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Özel DO verisi: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Dil tercihleri: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Hata: tercih dizgesinin uzunluğu geçersiz.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Hata: tercih dizgesindeki karakterler geçersiz.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Hata: yanıt geçersiz.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA parmak izi: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Hata: biçimli parmakizi geçersiz\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "anahtar işlemi mümkün değil: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "bir OpenPGP kartı değil"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "geçerli anahtar bilgisi alınırken hata: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Mevcut anahtar değiştirilsin mi? (e/H ya da y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "İstediğiniz anahtar uzunluğu nedir? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "%u bite yuvarlandı\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s anahtar uzunlukları %u-%u aralığında olmalı\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) İmzalama anahtarı\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) Şifreleme anahtarı\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) Kimlik kanıtlama anahtarı\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Lütfen istediğiniz anahtarı seçiniz:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 msgid "   (%d) ECC\n"
 msgstr "  (%d) DSA ve ElGamal (öntanımlı)\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Seçim geçersiz.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr ""
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "soket `%s'e bağlanırken hata: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "geçerli anahtar bilgisi alınırken hata: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "%s kipindeyken bu komut kullanılamaz.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Şifreli anahtarın kartsız yedeği yapılsın mı? (E/h ya da Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, fuzzy, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Mevcut anahtarlar değiştirilsin mi? (e/H ya da y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, fuzzy, c-format
 #| msgid ""
 #| "Please note that the factory settings of the PINs are\n"
@@ -2226,195 +2120,209 @@ msgstr ""
 "   PIN = `%s'     Admin PIN = `%s'\n"
 "Bunları --change-pin komutunu kullanarak değiştirmelisiniz\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Lütfen üretilecek anahtar türünü seçiniz:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) İmzalama anahtarı\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Şifreleme anahtarı\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Kimlik kanıtlama anahtarı\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Lütfen anahtarın saklanacağı yeri seçiniz:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, fuzzy, c-format
 #| msgid "read failed: %s\n"
 msgid "KEYTOCARD failed: %s\n"
 msgstr "read başarısız: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Sign it? (y/N) "
 msgid "Continue? (y/N) "
 msgstr "İmzalayacak mısınız? (e/H veya y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "%s kapanırken hata: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error closing %s: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "%s kapanırken hata: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "bu menüden çık"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "yönetici komutlarını gösterir"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "bunu gösterir"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "tüm kullanılabilir veriyi listeler"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "kart sahibinin ismini değiştirir"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "anahtarın alınacağı URL değiştirilir"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "kart URL'sinde belirtilmiş anahtarı alır"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "oturum açma ismini değiştirir"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "dil tercihlerini değiştirir"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "kart sahibinin cinsiyetini değiştirir"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "bir CA parmakizini değiştirir"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "imza zorlama PIN'i bayrağını değiştirir"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "yeni anahtarlar üretir"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "PIN'i değiştirme veya engelleme menüsü"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "PIN'i doğrular ve tüm veriyi listeler"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "Bir Sıfırlama Kodu kullanarak PIN'in engelini kaldır"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr ""
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "sahibiningüvencesini değiştirir"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "sahibiningüvencesini değiştirir"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr ""
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Yöneticiye özel komut\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Yönetici komutlarına izin verilir\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Yönetici komutlarına izin verilmez\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Komut geçersiz (\"help\" komutunu deneyin)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output seçeneği bu komutla çalışmaz\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, fuzzy, c-format
 #| msgid "can't open `%s'\n"
 msgid "can't open '%s'\n"
 msgstr "`%s' açılamadı\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "anahtar \"%s\" yok: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "anahtar bloğu okunurken hata: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "anahtar \"%s\" yok: %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(anahtarı parmak izi ile belirtmedikçe)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "betik kipinde \"--yes\" olmaksızın bu yapılamaz\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(anahtarı parmak izi ile belirtmedikçe)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2455,9 +2363,9 @@ msgstr ""
 msgid "subkey"
 msgstr "GenAnah: "
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "güncelleme başarısız: %s\n"
@@ -2482,68 +2390,80 @@ msgstr "genel anahtar \"%s\" için bir gizli anahtar var!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "onu önce \"--delete-secret-keys\" ile silmelisiniz.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"UYARI: alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı "
-"zorlanıyor\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "anahtar parolası oluşturulurken hata: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "S2K kipi sayesinde bir simetrik ESK paketi kullanılamıyor\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "%s şifrelemesi kullanılıyor\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, fuzzy, c-format
 #| msgid "`%s' already compressed\n"
 msgid "'%s' already compressed\n"
 msgstr "`%s' zaten sıkıştırılmış\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, fuzzy, c-format
 #| msgid "WARNING: `%s' is an empty file\n"
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "UYARI: \"%s\" dosyası boş\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "%2$s kipindeyken '%1$s' şifreleme algoritması kullanılamaz\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "%2$s kipindeyken '%1$s' şifreleme algoritması kullanılamaz\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm `%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "%2$s kipindeyken '%1$s' özet algoritması kullanılamaz\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "UYARI: \"%s\" seçeneği eskidi - artık etkisiz\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, fuzzy, c-format
 #| msgid "reading from `%s'\n"
 msgid "reading from '%s'\n"
 msgstr "`%s'den okunuyor\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"UYARI: alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı "
+"zorlanıyor\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "UYARI: \"%s\" seçeneği eskidi - artık etkisiz\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2552,101 +2472,46 @@ msgstr ""
 "UYARI: alıcının tercihleriyle çelişen %s (%d) sıkıştırma algoritması "
 "kullanılmak isteniyor\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı zorlanıyor\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s \"%s\" için şifrelendi\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
-msgstr "%s şifreli veri\n"
-
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s şifreli veri\n"
+
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "bilinmeyen algoritma %d ile şifrelenmiş\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "UYARI: ileti simetrik şifre içindeki zayıf bir anahtarla şifrelendi.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "şifreli paketin elde edilmesinde sorun var\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "uzaktan uygulama çalıştırılması desteklenmiyor\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr ""
-"güvensiz options dosyası yetkilerinden dolayı dış program çağrıları iptal\n"
-"edildi\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"bu platformda, dış uygulamalar çalıştırılırken geçici dosyalar gerekiyor\n"
-
-#: g10/exec.c:497
-#, fuzzy, c-format
-#| msgid "unable to execute program `%s': %s\n"
-msgid "unable to execute program '%s': %s\n"
-msgstr " '%s' çalıştırılamıyor: %s\n"
-
-#: g10/exec.c:500
-#, fuzzy, c-format
-#| msgid "unable to execute shell `%s': %s\n"
-msgid "unable to execute shell '%s': %s\n"
-msgstr "'%s' kabuğu çalıştırılamıyor: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "dış uygulama çalıştırılırken sistem hatası: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "Dış uygulamamnın doğal olmayan çıkışı\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "dış uygulama çalıştırılamıyor\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "dış uygulamanın yanıtı okunamıyor: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "UYARI: geçici dosya silinemiyor (%s) `%s': %s\n"
-
-#: g10/exec.c:692
-#, fuzzy, c-format
-#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "UYARI: %s geçici dizini silinemiyor: %s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "sadece-yerel olarak imli imzalar ihraç edilir"
@@ -2668,409 +2533,409 @@ msgstr "ihraç sırasında anahtardan kullanışsız parçalar kaldırılır"
 msgid "remove as much as possible from key during export"
 msgstr "ihraç sırasında anahtardan mümkün olduğunca çok şey kaldırılır"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 #, fuzzy
 #| msgid "%s: skipped: %s\n"
 msgid " - skipped"
 msgstr "%s: atlandı: %s\n"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "writing to '%s'\n"
 msgstr "\"%s\"e yazıyor\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "anahtar %s: anahtar malzemesi kartta - atlandı\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "gizli anahtarların ihracına izin verilmez\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "anahtar %s: PGP 2.x tarzı bir anahtar - atlandı\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "UYARI: hiçbir şey dışarı aktarılmadı\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, fuzzy, c-format
 #| msgid "error creating `%s': %s\n"
 msgid "error creating '%s': %s\n"
 msgstr "`%s' oluşturulurken hata: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Kullanıcı kimliği yok]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, fuzzy, c-format
 #| msgid "automatically retrieved `%s' via %s\n"
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "`%s' %s üzerinden özdevinimli olarak alındı\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, fuzzy, c-format
 #| msgid "error retrieving `%s' via %s: %s\n"
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "`%s' %s üzerinden alınırken hata: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Parmak izi yok"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "gizli anahtar \"%s\" yok: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "(check argument of option '%s')\n"
 msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|İSİM|öntanımlı gizli anahtar olarak İSİM kullanılır"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|İSİM|öntanımlı gizli anahtar olarak İSİM kullanılır"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Geçersiz %s anahtarı --allow-non-selfsigned-uid kullanılarak geçerli oldu\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "yardımcı anahtar %s, asıl anahtar %s yerine kullanılıyor\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "valid values for option '%s':\n"
 msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "bir imza yapar"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "açıkça okunabilen bir imza yapar"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "bağımsız bir imza yapar"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "veriyi şifreler"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "sadece simetrik şifre ile şifreler"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "veri şifresini açar (öntanımlı)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "bir imzayı doğrular"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "anahtarları listeler"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "anahtarları ve imzaları listeler"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "anahtar imzalarını listeler ve sınar"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "anahtarları ve parmak izlerini listeler"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "gizli anahtarları listeler"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly generate a new key pair"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr ""
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "bir yürürlükten kaldırma sertifikası üretir"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "anahtarları genel anahtar zincirinden siler"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "anahtarları gizli anahtar zincirinden siler"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 #, fuzzy
 #| msgid "sign a key"
 msgid "quickly sign a key"
 msgstr "bir anahtarı imzalar"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 #, fuzzy
 #| msgid "sign a key locally"
 msgid "quickly sign a key locally"
 msgstr "bir anahtarı yerel olarak imzalar"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "yeni bir anahtar çifti üretir"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "bir anahtarı imzalar"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "bir anahtarı yerel olarak imzalar"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "bir anahtarı düzenler ve imzalar"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "anahtar parolası değiştirir"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "anahtarları gönderir"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "anahtarları bir anahtar sunucusuna gönderir"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "anahtarları bir anahtar sunucusundan indirir"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "bir anahtar sunucusunda anahtarları arar"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "anahtarları bir anahtar sunucusundan günceller"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "anahtarları indirir/katıştırır"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "kart durumunu basar"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "kart üzerindeki veriyi değiştirir"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "bir kartın PIN'ini değiştirir"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "güvence veritabanını günceller"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "ileti özetlerini gösterir"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "sunucu kipinde çalışır"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|İSİM|öntanımlı gizli anahtar olarak İSİM kullanılır"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|İSİM|İSİM kullanıcısı için de şifreleme yapar"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|BELİRTİM|eposta rumuzlarını ayarlar"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "kesin OpenPGP davranışı etkin olur"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "hiçbir değişiklik yapmaz"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "üzerine yazmadan önce sorar"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Güvenliği denetleyen seçenekler"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Tanı çıktısını denetleyen seçenekler"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "ascii zırhlı çıktı oluşturur"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|DOSYA|çıktı DOSYAya yazılır"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "kurallı metin kipini kullanır"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|sıkıştırma seviyesi N olarak ayarlanır (0 iptal eder)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Etkileşimliliği ve zorlamayı denetleyen seçenekler"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MEKANİZMALAR|anahtarları eposta adreslerine göre konumlamak için "
 "MEKANİZMALAR kullanılır"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "anahtarları bir anahtar sunucusundan indirir"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "anahtar imzalarını listeler ve sınar"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "dirmngr'a tüm erişim iptal edilir"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Yapılandırmayı denetleyen seçenekler"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "gizli anahtarları listeler"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|KULLANICI-KİMLİĞİ|KULLANICI-KİMLİĞİ için şifreleme yapar"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 "|KULLANICI-KİMLİĞİ|imzalamak ya da şifre çözmek için KULLANICI-KİMLİĞİ "
 "kullanılır"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -3078,7 +2943,7 @@ msgstr ""
 "@\n"
 "(Tüm komut ve seçeneklerin komple listesi için man sayfalarına bakın)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -3108,13 +2973,13 @@ msgstr ""
 " --list-keys [isimler]      anahtarları listeler\n"
 " --fingerprint [isimler]    parmak izlerini gösterir\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg [options] [files]\n"
@@ -3129,7 +2994,7 @@ msgstr ""
 "imzalama, kontrol, şifreleme veya çözme\n"
 "öntanımlı işlem girilen veriye bağımlıdır\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -3137,82 +3002,82 @@ msgstr ""
 "\n"
 "Desteklenen algoritmalar:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "GenAnah: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Şifre: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Hash: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Sıkıştırma: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] %s\n"
 msgstr "kullanımı: gpgsm [seçenekler] "
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "çelişen komutlar\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, fuzzy, c-format
 #| msgid "no = sign found in group definition `%s'\n"
 msgid "no = sign found in group definition '%s'\n"
 msgstr "grup tanımı '%s' içinde = işareti yok\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on homedir `%s'\n"
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "UYARI: '%s' evdizininde güvensiz iyelik\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on configuration file `%s'\n"
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "UYARI: '%s' yapılandırma dosyasında güvensiz iyelik\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe ownership on extension `%s'\n"
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "UYARI: '%s' eklentisinde güvensiz iyelik\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on homedir `%s'\n"
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "UYARI: UYARI: '%s' evdizininde güvensiz izinler\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on configuration file `%s'\n"
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "UYARI: '%s' yapılandırma dosyasında güvensiz izinler\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe permissions on extension `%s'\n"
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "UYARI: '%s' eklentisinde güvensiz izinler\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "UYARI: '%s' evdizinindeki ilgili dizinin iyeliği güvensiz\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
@@ -3220,19 +3085,19 @@ msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "UYARI: '%s' yapılandırma dosyasını içeren dizinin iyeliği güvensiz\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "UYARI: '%s' eklentisini içeren dizinin iyeliği güvensiz\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "UYARI: '%s' evdizinindeki ilgili dizinin izinleri güvensiz\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, fuzzy, c-format
 #| msgid ""
 #| "WARNING: unsafe enclosing directory permissions on configuration file `"
@@ -3241,479 +3106,496 @@ msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "UYARI: '%s' yapılandırma dosyasını içeren dizinin izinleri güvensiz\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, fuzzy, c-format
 #| msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "UYARI: '%s' eklentisini içeren dizinin izinleri güvensiz\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, fuzzy, c-format
 #| msgid "unknown configuration item `%s'\n"
 msgid "unknown configuration item '%s'\n"
 msgstr "yapılandırma öğesi '%s' bilinmiyor\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "anahtarların listelenmesi sırasında foto kimliklerini gösterir"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 #, fuzzy
 #| msgid "show user ID validity during key listings"
 msgid "show key usage information during key listings"
 msgstr "anahtar listelemesi sırasında kullanıcı kimliği geçerliliğini gösterir"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "imza listelemesi sırasında poliçe URLleri gösterilir"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "imza listelemesi sırasında tüm simgelemi gösterir"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "imza listelemesi sırasında IETF standart simgelemlerini gösterir"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "imza listelemesi sırasında kullanıcı kanaklı simgelemleri gösterir"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr ""
 "imza listelemesi sırasında tercih edilen anahtar sunucusu adresi gösterilir"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "anahtar listelemesi sırasında kullanıcı kimliği geçerliliğini gösterir"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 "anahtar listelerinde yürürlükten kaldırılmış ve zamanaşımına uğramış "
 "kullanıcı kimlikleri gösterilir"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr ""
 "anahtar listelerinde yürürlükten kaldırılmış ve zamanaşımına uğramış "
 "yardımcı anahtarlar gösterilir"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "anahtar zinciri ismini anahtar listelerinde gösterir"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "imza listelemesi sırasında zamanaşımı tarihleri gösterilir"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "`%s' seçeneği bilinmiyor\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "%s kipindeyken bu komut kullanılamaz.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, fuzzy, c-format
 #| msgid "NOTE: %s is not for normal use!\n"
 msgid "Note: %s is not for normal use!\n"
 msgstr "BİLGİ: %s normal kullanım için değil!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s' geçerli bir imza zamanaşımı değil\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 #| msgid "line %d: not a valid email address\n"
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "%d. satır: geçerli bir eposta adresi değil\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid pinentry mode '%s'\n"
 msgstr "`%s', %d. satırındaki ülke kodu geçersiz\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid request origin '%s'\n"
 msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid character set\n"
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' geçerli bir karakter kümesi değil\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "anahtar sunucusunun adresi çözümlenemedi\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: anahtar sunucusu seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "anahtar sunucusu seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: geçersiz içselleştirme seçenekleri\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "içselleştirme seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "liste seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d geçersiz dışsallaştırma seçenekleri\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "dışsallaştırma seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: liste seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "liste seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "imza doğrulaması sırasında foto kimliklerini gösterir"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "imza doğrulaması sırasında poliçe adreslerini gösterir"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "imza doğrulaması sırasında tüm simgelemi gösterir"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "imza doğrulaması sırasında IETF standart simgelemlerini gösterir"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "imza doğrulaması sırasında kullanıcı kaynaklı simgelemleri gösterir"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 "imza doğrulaması sırasında tercih edilen anahtar sunucusu adresleri "
 "gösterilir"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "imza doğrulaması sırasında kullanıcı kimliği geçerliliğini gösterir"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 "imza doğrulamasında yürürlükten kaldırılan ve zamanaşımına uğrayan kullanıcı "
 "kimlikleri gösterilir"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "imza doğrulamasında sadece birincil kullanıcı kimlik gösterilir"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "imzaları PKA verisi ile doğrular"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "imzaların güvenilirliğini geçerli PKA verisi ile yükseltir"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d doğrulama seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "doğrulama seçenekleri geçersiz\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "çalıştırılabilirlerin patikası %s yapılamıyor\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: özdevinimli anahtar konumlama listesi geçersiz\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "özdevinimli anahtar konumlama listesi geçersiz\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, fuzzy, c-format
+#| msgid "missing argument for option \"%.50s\"\n"
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "UYARI: program bir \"core\" dosyası oluşturabilir!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "UYARI: %s %s'i aşıyor\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s ile %s birlikte kullanılmaz!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s, %s ile etkisiz olur!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "UYARI: sahte sistem zamanıyla çalışıyor: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "%s olmasından dolayı güvensiz bellekle çalıştırılmayacak\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "seçilen şifre algoritması geçersiz\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "seçilen özet algoritması geçersiz\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "seçilen şifre algoritması geçersiz\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "seçilen sertifikalama özet algoritması geçersiz\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "\"completes-needed\" 0 dan büyük olmalı\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "\"marginals-needed\" 1 den büyük olmalı\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "\"max-cert-depth\" 1 ile 255 arasında olmalı\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "öntanımlı sertifika seviyesi geçersiz; 0, 1, 2, ya da 3 olabilir\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "asgari sertifika seviyesi geçersiz; 1, 2, ya da 3 olabilir\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, fuzzy, c-format
 #| msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "BÄ°LGÄ°: basit S2K kipi (0) kesinlikle tavsiye edilmez\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "S2K kipi geçersiz; 0, 1 veya 3 olmalı\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "öntanımlı tercihler geçersiz\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "kişisel şifre tercihleri geçersiz\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "kişisel şifre tercihleri geçersiz\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "kişisel özet tercihleri geçersiz\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "kişisel sıkıştırma tercihleri geçersiz\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "anahtar uzunluğu geçersiz; %u bit kullanılıyor\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s, %s ile henüz çalışmıyor\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "%2$s kipindeyken '%1$s' şifreleme algoritması kullanılamaz\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm `%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "%2$s kipindeyken '%1$s' sıkıştırma algoritması kullanılamaz\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "\"TrustDB\" güvence veritabanı başlangıç aşamasında başarısız: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "UYARI: alıcılar (-r) genel anahtar şifrelemesi kullanılmadan belirtilmiş\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, fuzzy, c-format
 #| msgid "symmetric encryption of `%s' failed: %s\n"
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "`%s' için simetrik şifreleme başarısız: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "--s2k-mode 0 ile  --symmetric --encrypt kullanamazsınız\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "%s kipindeyken  --symmetric --encrypt kullanamazsınız\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "--s2k-mode 0 ile --symmetric --sign --encrypt kullanamazsınız\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "%s kipindeyken --symmetric --sign --encrypt kullanamazsınız.\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "anahtar sunucusuna gönderim başarısızlığa uğradı: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "anahtar sunucusundan alım başarısızlığa uğradı: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "anahtar ihracı başarısızlığa uğradı: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "anahtar ihracı başarısızlığa uğradı: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "anahtar sunucusunda arama başarısız: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "anahtar sunucusunda tazeleme başarısız: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "zırhın kaldırılması başarısız: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "zırhlama başarısız: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, fuzzy, c-format
 #| msgid "invalid hash algorithm `%s'\n"
 msgid "invalid hash algorithm '%s'\n"
 msgstr "`%s' çittirim algoritması geçersiz\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error parsing key specification '%s': %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "İletinizi yazın ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "belirtilen sertifika güvence adresi geçersiz\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "belirtilen imza güvence adresi geçersiz\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "belirtilen anahtar sunucusu adresi geçersiz\n"
@@ -3726,7 +3608,7 @@ msgstr "|DOSYA|anahtarlar DOSYA anahtar zincirinden alınır"
 msgid "make timestamp conflicts only a warning"
 msgstr "zaman damgası çelişkilerini uyarı olarak bildirir"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|durum bilgisini bu FD'ye yazar"
 
@@ -3776,135 +3658,145 @@ msgid "do not update the trustdb after import"
 msgstr "ithalat sonrası güvence veritabanını güncellemez"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr ""
+
+#: g10/import.c:184
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "parmakizini gösterir"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "parmakizini gösterir"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "güncellemeleri sadece mevcut anahtarlar için kabul eder"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "ithalat sonrası anahtardan kullanışsız parçaları kaldırır"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "ithalat sonrası anahtardan mümkün olduğunca çok şey kaldırır"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 #, fuzzy
 #| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
 msgstr "girdinin ikilik biçimde olduğu kabul edilir"
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "parmakizini gösterir"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "%d türündeki blok atlanıyor\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "şu ana kadar %lu anahtar işlendi\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "İşlenmiş toplam miktar: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "     yeni anahtarlar atlandı: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "     yeni anahtarlar atlandı: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "         kullanıcı kimliksiz: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                      alınan: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "                   değişmedi: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "      yeni kullanıcı kimliği: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "    yeni yardımcı anahtarlar: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "                yeni imzalar: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "      yeni anahtar iptalleri: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "     gizli anahtarlar okundu: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  gizli anahtarlar indirildi: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "  gizli anahtarlar değişmedi: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "             alınamadı: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    temizlenen imzalar: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "     temizlenen kullanıcı kimlikleri: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3913,174 +3805,180 @@ msgstr ""
 "UYARI: anahtar %s bu kullanıcı kimliklerde kullanışsız algoritmalar için "
 "tercihler içeriyor:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": şifreleme algoritması %s için tercih edilir\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": şifreleme algoritması %s için tercih edilir\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": özet algoritması %s için tercih edilir\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr ""
 "         \"%s\": sıkıştırma algoritması %s için tercih edilir\n"
 "\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "tercihlerinizi güncellemenizi ve\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "olası algoritma uyuşmazlığı sorunlarından kaçınmak için bu anahtarı\n"
 "tekrar dağıtmanızı şiddetle öneririz.\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "tercihlerinizi böyle güncelleyemezsiniz: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "anahtar %s: kullanıcı kimliği yok\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s: %s\n"
 msgstr "\"%s\" atlandı: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr ""
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "anahtar %s: PKS yardımcı anahtar bozulması giderildi\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "anahtar %s: öz-imzalı olmayan kullanıcı kimliği \"%s\" kabul edildi\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "anahtar %s: geçerli kullanıcı kimliği yok\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "bu kayıp bir öz-imza yüzünden meydana gelebilir\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "anahtar %s: genel anahtar yok: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "anahtar %s: yeni anahtar - atlandı\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "yazılabilir bir anahtar zinciri yok: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, fuzzy, c-format
 #| msgid "error writing keyring `%s': %s\n"
 msgid "error writing keyring '%s': %s\n"
 msgstr "\"%s\" anahtarlığına yazarken hata oluştu: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "anahtar %s: genel anahtar \"%s\" alındı\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "anahtar %s: bizim kopyamızla eşleşmiyor\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "anahtar %s: \"%s\" 1 yeni kullanıcı kimliği\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "anahtar %s: \"%s\" %d yeni kullanıcı kimliği\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "anahtar %s: \"%s\" 1 yeni imza\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "anahtar %s: \"%s\" %d yeni imza\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "anahtar %s: %s 1 yeni yardımcı anahtar\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "anahtar %s: \"%s\" %d yeni yardımcı anahtar\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "anahtar %s: \"%s\" %d imza temizlendi\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "anahtar %s: \"%s\" %d imza temizlendi\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "anahtar %s: \"%s\" %d kullanıcı kimliği temizlendi\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "anahtar %s: \"%s\" %d kullanıcı kimliği temizlendi\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "anahtar %s: \"%s\" değişmedi\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "anahtar %s: gizli anahtar alındı\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, fuzzy, c-format
 #| msgid "skipped: secret key already present\n"
 msgid "key %s: secret key already exists\n"
 msgstr "atlandı: gizli anahtar zaten var\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "key %s: error sending to agent: %s\n"
@@ -4094,208 +3992,215 @@ msgstr "%s komutu gönderilirken hata: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key %s: %s\n"
 msgstr "gizli anahtar \"%s\" yok: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "gizli anahtarı alımına izin verilmez\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "anahtar %s: geçersiz şifreli (%d) gizli anahtar - atlandı\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Belirtilmiş bir neden yok"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Anahtarın yerine başkası konulmuş ve iptal edilmiştir"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Anahtar tehlikede"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Anahtar artık kullanılmayacak"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Kullanıcı kimliği artık geçersiz"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "yürürlükten kaldırma sebebi: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "yürürlükten kaldırma açıklaması: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "anahtar %s: genel anahtar değil - yürürlükten kaldırma sertifikası "
 "uygulanamaz\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "anahtar %s: özgün anahtar bloku bulunamadı: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "anahtar %s: özgün anahtar bloku okunamadı: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr ""
 "anahtar %s: yürürlükten kaldırma sertifikası geçersiz: %s - reddedildi\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "anahtar %s: \"%s\" yürürlükten kaldırma sertifikası alındı\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "anahtar %s: imza için kullanıcı kimliği yok\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "anahtar %s: genel anahtar algoritması, kullanıcı kimliği \"%s\" için "
 "desteklenmiyor\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "anahtar %s: kullanıcı kimliği \"%s\" için öz-imza geçersiz\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "anahtar %s: genel anahtar algoritması desteklenmiyor\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, fuzzy, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "anahtar %s: doğrudan anahtar imzası eklendi\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "anahtar %s: anahtarı garantilemek için yardımcı anahtar yok\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "anahtar %s: yardımcı anahtar garantileme geçersiz\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "anahtar %s: çok sayıda yardımcı anahtar bağlantısı silindi\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "anahtar %s: anahtarı yürürlükten kaldırılacak yardımcı anahtar yok\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "anahtar %s: yardımcı anahtar yürürlükten kaldırması geçersiz\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr ""
 "anahtar %s: çok sayıda yardımcı anahtar yürürlükten kaldırması silindi\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "anahtar %s: kullanıcı kimliği \"%s\" atlandı\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "anahtar %s: yardımcı anahtar atlandı\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "anahtar %s: imza gönderilebilir değil (0x%02X sınıfı) - atlandı\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "anahtar %s: yürürlükten kaldırma sertifikası yanlış yerde - atlandı\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "anahtar %s: yürürlükten kaldırma sertifikası geçersiz: %s - atlandı\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "anahtar %s: yardımcı anahtar imzası yanlış yerde - atlandı\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "anahtar %s: umulmayan imza sınıfı (0x%02X) - atlandı\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "anahtar %s: çift kullanıcı kimliği saptandı - birleştirildi\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "anahtar %s: çift kullanıcı kimliği saptandı - birleştirildi\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr ""
 "UYARI: anahtar %s yürürlükten kaldırılmış olmalı: yürürlükten kaldırma "
 "anahtarı %s alınıyor\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr ""
 "UYARI: anahtar %s yürürlükten kaldırılmış olabilir: yürürlükten kaldırma "
 "anahtarı %s mevcut değil.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "anahtar %s: \"%s\" yürürlükten kaldırma sertifikası eklendi\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "anahtar %s: doğrudan anahtar imzası eklendi\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, fuzzy, c-format
 #| msgid "error allocating enough memory: %s\n"
 msgid "error allocating memory: %s\n"
@@ -4320,13 +4225,13 @@ msgstr "kart %s özet algoritmasını desteklemiyor\n"
 msgid " (reordered signatures follow)"
 msgstr "Buradaki imzeler iyi:"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s:\n"
 msgstr "\"%s\" atlandı: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
@@ -4334,7 +4239,7 @@ msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
 msgstr[1] "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
@@ -4342,7 +4247,7 @@ msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "1 imza kayıp bir anahtar yüzünden kontrol edilmedi\n"
 msgstr[1] "1 imza kayıp bir anahtar yüzünden kontrol edilmedi\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
@@ -4350,7 +4255,7 @@ msgid_plural "%d bad signatures\n"
 msgstr[0] "%d kötü imza\n"
 msgstr[1] "%d kötü imza\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
@@ -4358,50 +4263,44 @@ msgid_plural "%d signatures reordered\n"
 msgstr[0] "Buradaki imzeler iyi:"
 msgstr[1] "Buradaki imzeler iyi:"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, fuzzy, c-format
 #| msgid "error creating keybox `%s': %s\n"
 msgid "error creating keybox '%s': %s\n"
 msgstr "anahtar bloku `%s' oluşturulurken hata: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error creating keyring '%s': %s\n"
 msgstr "`%s' anahtarlığı oluşturulurken hata: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, fuzzy, c-format
 #| msgid "keybox `%s' created\n"
 msgid "keybox '%s' created\n"
 msgstr "`%s' anahtar bloğu oluşturuldu\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, fuzzy, c-format
 #| msgid "keyring `%s' created\n"
 msgid "keyring '%s' created\n"
 msgstr "`%s' anahtarlığı oluşturuldu\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, fuzzy, c-format
 #| msgid "keyblock resource `%s': %s\n"
 msgid "keyblock resource '%s': %s\n"
 msgstr "anahtar bloku özkaynağı `%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-#| msgid "error opening `%s': %s\n"
-msgid "error opening key DB: %s\n"
-msgstr "'%s' açılırken hata: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "anahtar zinciri önbelleği yeniden oluşturulurken hata: %s\n"
@@ -4414,7 +4313,7 @@ msgstr "[yürürlükten kaldırma]"
 msgid "[self-signature]"
 msgstr "[öz-imza]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4425,12 +4324,12 @@ msgstr ""
 "derecesine lütfen karar verin. (pasportuna mı bakarsınız yoksa farklı\n"
 "kaynaklardan parmakizlerini mi kontrol edersiniz...) kararınızı verin\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr " %d = Şöyle böyle güveniyorum\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr " %d = Tamamen güveniyorum\n"
@@ -4460,12 +4359,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Kullanıcı kimliği \"%s\" yürürlükten kaldırıldı."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Onu yine de imzalamak istiyor musunuz? (e/H veya y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  İmzalanamıyor.\n"
 
@@ -4646,202 +4545,206 @@ msgstr "Bu anahtarı çok dikkatle sınadım.\n"
 msgid "Really sign? (y/N) "
 msgstr "Gerçekten imzalayacak mısınız? (e/H veya y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "imzalama başarısız: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "Anahtar sadece kısa veya karta özel öğeler içeriyor,\n"
 "değiştirilecek bir anahtar parolası yok.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, fuzzy, c-format
 #| msgid "error creating passphrase: %s\n"
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "anahtar parolası oluşturulurken hata: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "kaydet ve çık"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "parmakizini gösterir"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 msgid "show the keygrip"
 msgstr "Simgelemi giriniz: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "anahtarı ve kullanıcı kimliğini gösterir"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "N kullanıcı kimliğini seçer"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "N yardımcı anahtarını"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "imzaları sınar"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "seçilen kullanıcı kimliği imzalar [* ilgili komutlar için aşağıya bakın]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "kullanıcı kimlikleri yerel olarak imzalar"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "seçili kullanıcı kimlikleri bir güvence imzasıyla imzalar"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 "seçili kullanıcı kimlikleri yürürlükten kaldırılamayan bir imzayla imzalar"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "bir kullanıcı kimliği ekler"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "bir foto kimliği ekler"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "seçili kullanıcı kimlikleri siler"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "bir yardımcı anahtar ekler"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "bir akıllı karta bir anahtar ekler"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "bir akıllı karttan bir anahtarı taşır"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "bir akıllı karttan bir yedekleme anahtarını taşır"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "seçili yardımcı anahtarları siler"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "bir yürürlükten kaldırma anahtarı ekler"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "seçili kullanıcı kimliklerden imzaları siler"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr ""
 "anahtar için ya da seçili yardımcı anahtarlar için zamanaşımı tarihini "
 "değiştirir"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "seçili kullanıcı kimliğini asıl olarak imler"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "tercihleri listeler (uzman)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "tercihleri listeler (ayrıntılı)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "Seçili kullanıcı kimlikler için tercih listesini belirler "
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "seçili kullanıcı kimlikler için tercih edilen anahtar sunucu adresini "
 "belirler"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "seçili kullanıcı kimlikleri için bir simgelem belirler"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "anahtar parolasını değiştirir"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "sahibiningüvencesini değiştirir"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "Seçili tüm kullanıcı kimliklerdeki imzaları yürürlükten kaldırır"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "Seçili tüm kullanıcı kimlikleri yürürlükten kaldırır"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "anahtarı ya da seçili yardımcı anahtarları yürürlükten kaldırır"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "anahtarı kullanıma sokar"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "anahtarı iptal eder"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "seçili foto kimlikleri gösterir"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "kullanışsız kullanıcı kimlikleri sıkıştırır ve kullanışsız imzaları "
 "anahtardan kaldırır"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "kullanışsız kullanıcı kimlikleri sıkıştırır ve tüm imzaları anahtardan "
 "kaldırır"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Gizli anahtar mevcut.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "Gizli anahtar mevcut.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Bunu yapmak için gizli anahtar gerekli.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 #, fuzzy
 #| msgid ""
 #| "* The `sign' command may be prefixed with an `l' for local signatures "
@@ -4860,319 +4763,324 @@ msgstr ""
 "  için 'nr', yerel imzalar için 'l' (lsign) veya buların karışımı   olarak "
 "(ltsign, tnrsign gibi).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Anahtar yürürlükten kaldırıldı."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Tüm kullanıcı kimlikler gerçekten imzalanacak mı? (e/H ya da y/N)"
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Tüm kullanıcı kimlikler gerçekten imzalanacak mı? (e/H ya da y/N)"
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "İpucu: İmzalamak için bir kullanıcı kimliği seçiniz\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "Unknown signature type '%s'\n"
 msgstr "imza türü `%s' bilinmiyor\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "%s kipindeyken bu komut kullanılamaz.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "En az bir kullanıcı kimliği seçmelisiniz.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Son kullanıcı kimliğini silemezsiniz!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr ""
 "Seçilen tüm kullanıcı kimlikler gerçekten silinecek mi? (e/H ya da y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Bu kullanıcı kimliği gerçekten silinecek mi? (e/H ya da y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Bu öz-imza gerçekten taşınacak mı?  (e/H ya da y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Sadece ve sadece bir anahtar seçmelisiniz.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Komut değiştirge olarak bir dosya ismi gerektiriyor\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, fuzzy, c-format
 #| msgid "Can't open `%s': %s\n"
 msgid "Can't open '%s': %s\n"
 msgstr "`%s' açılamıyor: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, fuzzy, c-format
 #| msgid "Error reading backup key from `%s': %s\n"
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "yedekleme anahtarı `%s' den okunurken hata oluştu: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "En az bir anahtar seçmelisiniz.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Bu anahtarı gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr ""
 "Seçilen tüm kullanıcı kimlikleri gerçekten yürülükten kaldırılacak mı? (e/H "
 "ya da y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr ""
 "Bu kullanıcı kimliği gerçekten yürürlükten kaldırılacak mı? (e/H ya da y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr ""
 "Anahtarın tamamını yürürlükten kaldırmayı gerçekten istiyor musunuz? (e/H ya "
 "da y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr ""
 "Seçili yardımcı anahtarları gerçekten yürürlükten kaldırmak istiyor musunuz? "
 "(e/H ya da y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr ""
 "Bu yardımcı anahtarı gerçekten yürürlükten kaldırmak istiyor musunuz? (e/H "
 "ya da y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Kullanıcı taraından sağlanmış bir güvence veritabanı kullanılarak "
 "sahibiningüvencesi belirlenemez\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Belirlenecek tercih listesi:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Seçili kullanıcı kimlikler için tercihleri gerçekten güncellemek istiyor "
 "musunuz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Tercihleri gerçekten güncellemek istiyor musunuz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Değişiklikler kaydedilecek mi? (e/H ya da y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Kaydetmeden çıkılsın mı? (e/H ya da y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Güncelleme gereği olmadığından anahtar değişmedi.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Son kullanıcı kimliğini silemezsiniz!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "güvence listesinin sınanması başarısız: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "güvence listesinin sınanması başarısız: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "parmakizi geçersiz"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, fuzzy, c-format
 #| msgid "failed to get the fingerprint\n"
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "parmakizinin alınması başarısız oldu\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "değer hatalı\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "No such user ID.\n"
 msgid "No matching user IDs."
 msgstr "Böyle bir kullanıcı kimliği yok.\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 #, fuzzy
 #| msgid "Nothing to sign with key %s\n"
 msgid "Nothing to sign.\n"
 msgstr "%s anahtarı ile imzalanacak hiçbir şey yok\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr ""
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "oluşturulan imzanın denetimi başarısız: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' geçerli bir imza zamanaşımı değil\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "parmakizi geçersiz"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "anahtar \"%s\" yok: %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Özet: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Özellikler: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Anahtar sunucusu değişmez"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Tercih edilen anahtar sunucusu: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Simgelemler: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "Bir PGP 2.x tarzı kullanıcı kimliğine uygun tercih yok.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, fuzzy, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr ""
 "Bu anahtar %2$s tarafından %3$s anahtarıyla %1$s üzerinde yürürlükten "
 "kaldırılmış\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr ""
 "Bu anahtar %s tarafından %s anahtarıyla yürürlükten kaldırılmış olabilir"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(duyarlı)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "oluşturuldu: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "yürürlükten kaldırıldı: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "son kullanma tarihi: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "son kullanma tarihi: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "kullanımı: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "kart-no: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "güvencesi: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "geçerliliği: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Bu anahtar iptal edilmişti"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -5180,17 +5088,17 @@ msgstr ""
 "Gösterilen anahtarın, uygulamayı yeniden başlatıncaya kadar, gerekli\n"
 "doğrulukta olmayacağını lütfen gözönüne alınız.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "yürürlükten kaldırıldı"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "zamanaşımına uğradı"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -5200,18 +5108,18 @@ msgstr ""
 "       farklı bir kullanıcı kimliğin birincil kullanıcı kimlik olarak\n"
 "       kabul edilmesini sağlayabilirsiniz.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr ""
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, fuzzy, c-format
 #| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
 msgstr "Bir v3 anahtarının son kullanma tarihini değiştiremezsiniz\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -5220,35 +5128,35 @@ msgstr ""
 "UYARI: Bu PGP-2 tarzı bir anahtar. Bir foto kimliği eklenmesi bu anahtarın\n"
 "       bazı PGP sürümleri tarafından reddedilmesi ile sonuçlanabilir.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Onu yine de eklemek istiyor musunuz? (e/H veya y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "PGP2 tarzı bir anahtara bir foto kimliği ekleyemeyebilirsiniz.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr ""
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Bu doğru imza silinsin mi? (e/H/k veya y/N/k)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Bu geçersiz imza silinsin mi? (e/H/k veya y/N/k)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Bu bilinmeyen imza silinsin mi? (e/H/k veya y/N/k)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Bu öz-imza gerçekten silinecek mi? (e/H veya y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
@@ -5256,20 +5164,20 @@ msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "%d imza silindi.\n"
 msgstr[1] "%d imza silindi.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Hiçbir şey silinmedi.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "geçersiz"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "kullanıcı kimliği \"%s\" yoğun: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "User ID \"%s\": %d signature removed\n"
@@ -5277,17 +5185,17 @@ msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
 msgstr[1] "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "kullanıcı kimliği \"%s\": zaten küçük\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "kullanıcı kimliği \"%s\": zaten temiz\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5297,50 +5205,50 @@ msgstr ""
 "       eklenmesi bu anahtarın bazı PGP sürümleri tarafından reddedilmesi\n"
 "       ile sonuçlanabilir.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr ""
 "PGP2 tarzı bir anahtara tasarlanmış bir yürürlükten kaldırıcı "
 "ekleyemeyebilirsiniz.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr ""
 "Tasarlanmış yürürlükten kaldırma anahtarının kullanıcı kimliğini giriniz: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr ""
 "bir PGP 2.x tarzı anahtar bir tasarlanmış yürürlükten kaldırma anahtarı "
 "olarak atanamaz\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr ""
 "bir anahtarı kendisini yürürlükten kaldıracak anahtar olarak "
 "kullanamazsınız\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "bu anahtar zaten onu üreten tarafından yürürlükten kaldırılmıştı\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "UYARI: yürürlükten kaldıran olarak tasarlanmış bir anahtar başka amaçla\n"
 "       kullanılamaz!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Bu anahtarın, yürürlükten kaldıran anahtar olmasını istediğinizden emin "
 "misiniz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5351,249 +5259,255 @@ msgstr ""
 "Bu anahtarın, yürürlükten kaldıran anahtar olmasını istediğinizden emin "
 "misiniz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Bir yardımcı anahtar için son kullanma tarihi değiştiriliyor.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Asıl anahtar için son kullanma tarihi değiştiriliyor.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Bir v3 anahtarının son kullanma tarihini değiştiremezsiniz\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "Bir yardımcı anahtar için son kullanma tarihi değiştiriliyor.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "Asıl anahtar için son kullanma tarihi değiştiriliyor.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "yardımcı imzalama anahtarı %s zaten çapraz sertifikalı\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "yardımcı anahtar %s imzalamıyor, dolayısıyla çapraz sertifikalı olması "
 "gerekmiyor\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Lütfen sadece ve sadece bir kullanıcı kimlik seçiniz.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "kullanıcı kimliği \"%s\" için v3 öz-imzası atlanıyor\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Tercih ettiğiniz sunucunun adresini girin: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Onu değiştirmek istediğinizden emin misiniz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Onu silmek istediğinizden emin misiniz? (e/H ya da y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Simgelemi giriniz: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Devam? (e/H ya da y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "%d endeksine sahip kullanıcı kimliği yok\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "%s çittirmeli kullanıcı kimliği yok\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "%d indisli bir yardımcı anahtar yok\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "%d indisli bir yardımcı anahtar yok\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "Kullanıcı kimliği: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "%s anahtarınızla %s%s%s de imzalandı\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (dışarda geçersiz)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Bu anahtarın geçerliliği %s de bitti.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Onu yine de yürürlükten kaldırmak istiyor musunuz? (e/H veya y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr ""
 "Bu imza için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H veya "
 "y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Bu kullanıcı kimliklerini %s anahtarı üzerinde imzalamışsınız:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (yürülükten kaldırılmaz)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "%s tarafından %s de yürürlükten kaldırılmış\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Bu imzaları yürürlükten kaldırmak üzeresiniz:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr ""
 "Bu yürürlükten kaldırma sertifikalarını gerçekten oluşturacak mısınız? (e/H "
 "veya y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "gizli anahtar yok\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "kullanıcı kimliği \"%s\" zaten iptal edilmişti\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "UYARI: bir kullanıcı kimliği imzası %d saniye gelecekte oluşturuldu\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Son kullanıcı kimliğini silemezsiniz!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Anahtar %s zaten yürürlükten kaldırılmış.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Yardımcı anahtar %s zaten yürürlükten kaldırılmış.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr ""
 "Anahtar 0x%3$s (kull-kiml %4$d) için %2$ld uzunluktaki %1$s foto kimliği "
 "gösteriliyor\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "invalid value for option '%s'\n"
 msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, fuzzy, c-format
 #| msgid "preference `%s' duplicated\n"
 msgid "preference '%s' duplicated\n"
 msgstr "'%s' tercihi yinelendi\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "çok fazla şifreleme tercihi\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "çok fazla özet tercihi\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "çok fazla sıkıştırma tercihi\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "çok fazla şifreleme tercihi\n"
+
+#: g10/keygen.c:521
 #, fuzzy, c-format
 #| msgid "invalid item `%s' in preference string\n"
 msgid "invalid item '%s' in preference string\n"
 msgstr "tercih dizgesindeki '%s' öğesi geçersiz\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "doğrudan imza yazılıyor\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "öz-imza yazılıyor\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "anahtarı garantileyen imzayı yazıyor\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "anahtar uzunluğu geçersiz; %u bit kullanılıyor\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "anahtar uzunluğu %u bite yuvarlandı\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5601,19 +5515,19 @@ msgstr ""
 "UYARI: bazı OpenPGP uygulamaları bu özet boyutlu bir DSA anahtarıyla "
 "çalışamayabilir\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Ä°mzalama"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Onayla"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Şifrele"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Kimlik kanıtla"
 
@@ -5627,172 +5541,185 @@ msgstr "Kimlik kanıtla"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "OoŞşKkçÇ"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "bir %s anahtarı için olası eylemler: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Şimdilik mümkün eylemler: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) İmzalama yeteneğini açar/kapar\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) Şifreleme yeteneğini açar/kapar\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) Kimlik kanıtlama yeteneğini açar/kapar\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) Bitti\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, fuzzy, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "  (%d) DSA ve ElGamal (öntanımlı)\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, fuzzy, c-format
-msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "  (%d) DSA ve ElGamal (öntanımlı)\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (yalnız imzalamak için)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (sadece imzalamak için)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) ElGamal (yalnız şifrelemek için)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (sadece şifrelemek için)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (yeteneklerini belirtin)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (yeteneklerini belirtin)\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, fuzzy, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "  (%d) DSA ve ElGamal (öntanımlı)\n"
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) imza, şifreleme\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (sign only)\n"
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) DSA (yalnız imzalamak için)\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, fuzzy, c-format
 #| msgid "   (%d) DSA (set your own capabilities)\n"
-msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (yeteneklerini belirtin)\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, fuzzy, c-format
 #| msgid "   (%d) RSA (encrypt only)\n"
-msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) RSA (sadece şifrelemek için)\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key\n"
-msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Mevcut anahtar\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Karttaki mevcut anahtar\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 #, fuzzy
 msgid "Enter the keygrip: "
 msgstr "Simgelemi giriniz: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr ""
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 #, fuzzy
 msgid "No key with this keygrip\n"
 msgstr "%d indisli bir yardımcı anahtar yok\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, fuzzy, c-format
 msgid "error reading the card: %s\n"
 msgstr "%s: serbest kaydı okuma hatası: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, fuzzy, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "kartın seri numarası alınırken hata: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 #, fuzzy
 msgid "Available keys:\n"
 msgstr "anahtarı iptal eder"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, fuzzy, c-format
 #| msgid "rounded up to %u bits\n"
 msgid "rounded to %u bits\n"
 msgstr "%u bite yuvarlandı\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s anahtarları %u bit ile %u bit arasında olmalı.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, fuzzy, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "İstediğiniz anahtar uzunluğu nedir? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "İstenen anahtar uzunluğu: %u bit\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 #, fuzzy
 #| msgid "Please select what kind of key you want:\n"
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Lütfen istediğiniz anahtarı seçiniz:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5808,7 +5735,7 @@ msgstr ""
 "      <n>m = anahtar n ay geçerli\n"
 "      <n>y = anahtar n yıl geçerli\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5824,38 +5751,38 @@ msgstr ""
 "      <n>m = imza n ay geçerli\n"
 "      <n>y = imza n yıl geçerli\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Anahtar ne kadar geçerli olacak? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "İmza ne kadar geçerli olacak? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "değer hatalı\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Anahtar hep geçerli olacak\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "İmza hep geçerli olacak\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Anahtarın geçerliliği %s de bitecek.\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "İmzanın geçerliliği %s de bitecek.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5863,11 +5790,11 @@ msgstr ""
 "Sisteminiz 2038 yılından sonraki tarihleri gösteremiyor.\n"
 "Ama emin olun ki 2106 yılına kadar elde edilebilecek.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Bu doğru mu? (e/H ya da y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5882,7 +5809,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5898,50 +5825,50 @@ msgstr ""
 "\t\"Fatih Sultan Mehmed (Padisah) <padisah@ottoman.gov>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Adınız ve Soyadınız: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Ad ve soyadınızda geçersiz karakter var\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Ad ve soyadınız bir rakamla başlamamalı\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Ad ve soyadınız en az 5 harfli olmalı\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "E-posta adresiniz: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "geçerli bir E-posta adresi değil\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Önbilgi: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Önbilgi alanında geçersiz karakter var\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, fuzzy, c-format
 #| msgid "You are using the `%s' character set.\n"
 msgid "You are using the '%s' character set.\n"
 msgstr "`%s' karakter kümesini kullanıyorsunuz.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5952,7 +5879,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Lütfen E-posta adresinizi Adı ve Soyadı veya Açıklama alanı içine koymayın\n"
@@ -5968,37 +5895,37 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "AaYyEeTtKk"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da Çı(k)? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da (T)amam/Çı(k)? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da Çı(k)? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 #, fuzzy
 #| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr ""
 "(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da (T)amam/Çı(k)? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Lütfen önce hatayı düzeltin\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -6011,13 +5938,13 @@ msgstr ""
 "iyi olacaktır; bu yeterli rasgele bayt kazanmak için rasgele sayı\n"
 "üretecine yardımcı olur. \n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Anahtar üretimi başarısızlığa uğradı: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -6025,72 +5952,72 @@ msgid ""
 "\n"
 msgstr ""
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr ""
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, fuzzy, c-format
 #| msgid "key already exists\n"
 msgid "A key for \"%s\" already exists\n"
 msgstr "anahtar zaten mevcut\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 #, fuzzy
 #| msgid "Use this key anyway? (y/N) "
 msgid "Create anyway? (y/N) "
 msgstr "Bu anahtar yine de kullanılsın mı? (e/H ya da y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, fuzzy, c-format
 #| msgid "generating new key\n"
 msgid "creating anyway\n"
 msgstr "yeni anahtar üretiliyor\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Anahtar üretimi durduruldu.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, fuzzy, c-format
 #| msgid "can't create backup file `%s': %s\n"
 msgid "can't create backup file '%s': %s\n"
 msgstr "'%s' yedek dosyası oluşturulamıyor: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, fuzzy, c-format
 #| msgid "NOTE: backup of card key saved to `%s'\n"
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "BİLGİ: kart anahtarının yedeklemesi '%s' e kaydedildi\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, fuzzy, c-format
 #| msgid "writing public key to `%s'\n"
 msgid "writing public key to '%s'\n"
 msgstr "genel anahtarı `%s'e yazıyor\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "yazılabilir bir genel anahtar zinciri yok: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, fuzzy, c-format
 #| msgid "error writing public keyring `%s': %s\n"
 msgid "error writing public keyring '%s': %s\n"
 msgstr "`%s' genel anahtarlığa yazılırken hata oluştu: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "genel ve gizli anahtar üretildi ve imzalandı.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -6098,14 +6025,14 @@ msgstr ""
 "Bu anahtar şifreleme için kullanılamaz. Şifreleme için yardımcı anahtarı\n"
 "\"--edit-key\" seçeneğini kullanarak üretebilirsiniz.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
 "anahtar %lu saniye sonra üretilmiş (zaman sapması veya saat problemi)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -6113,52 +6040,52 @@ msgstr ""
 "anahtar bundan %lu saniye sonra üretilmiş (zaman sapması veya saat "
 "problemi)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, fuzzy, c-format
 #| msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr ""
 "BİLGİ: v3 anahtarları için yardımcı anahtar üretimi OpenPGP uyumlu değildir\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Asıl anahtarın gizli parçaları kullanılamaz.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Asıl anahtarın gizli parçaları kart üzerinde saklı.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Gerçekten oluşturulsun mu? (e/H ya da y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "asla    "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Kritik imza guvencesi: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "imza guvencesi: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Kritik tercihli anahtar sunucusu: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Kritik imza simgelemi: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "imza simgelemi: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
@@ -6166,7 +6093,7 @@ msgid_plural "%d good signatures\n"
 msgstr[0] "%d kötü imza\n"
 msgstr[1] "%d kötü imza\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
@@ -6174,50 +6101,50 @@ msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "1 imza bir hata yüzünden kontrol edilmedi\n"
 msgstr[1] "1 imza bir hata yüzünden kontrol edilmedi\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Anahtar zinciri"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Birincil anahtar parmak izi:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "Yardımcı anahtar parmak izi:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Birincil anahtar parmak izi:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "Yardımcı anahtar parmak izi:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "     Anahtar parmakizi ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      Kart seri no. ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, fuzzy, c-format
 #| msgid "caching keyring `%s'\n"
 msgid "caching keyring '%s'\n"
 msgstr "`%s' anahtar zinciri önbellekleniyor\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
@@ -6225,14 +6152,14 @@ msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "şimdiye kadar %lu anahtar arabelleklendi (%lu imza)\n"
 msgstr[1] "şimdiye kadar %lu anahtar arabelleklendi (%lu imza)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
@@ -6240,59 +6167,55 @@ msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 kötü imza\n"
 msgstr[1] "1 kötü imza\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: anahtar zinciri oluşturuldu\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "yürürlükten kaldırılan anahtarlar arama sonuçlarına dahil edilir"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr ""
 "anahtar kimliğine göre arama yapılırken yardımcı anahtarlar dahil edilir"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "imzaları doğrularken anahtarları özdevinimli olarak alır"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "tercihli anahtar sunucusunun adresini adrese atar"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "anahtarları alırken PKA kaydını bir anahtara atar"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "iptal edildi"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Sayıyı/sayıları girin veya S)onraki ya da Ç)ık >"
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "anahtar sunucu protokolü geçersiz (bizimki %d!=eylemci %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" bir anahtar kimliği değil: atlanıyor\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
@@ -6300,458 +6223,466 @@ msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "%d anahtar %s adresinden tazeleniyor\n"
 msgstr[1] "%d anahtar %s adresinden tazeleniyor\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "UYARI: %s anahtarı %s üzerinden tazelenemiyor: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "anahtar \"%s\" anahtar sunucusunda yok\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "anahtar, anahtar sunucusunda yok\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "%1$s anahtarı %3$s sunucusunun %2$s adresinden isteniyor\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "%s anahtarı %s adresinden isteniyor\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "no keyserver action!\n"
 msgid "no keyserver known\n"
 msgstr "bir anahtar sunucusu eylemi yok!\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "\"%s\" atlandı: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "%s anahtarı %s adresine gönderiliyor\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, fuzzy, c-format
 #| msgid "requesting key %s from %s\n"
 msgid "requesting key from '%s'\n"
 msgstr "%s anahtarı %s adresinden isteniyor\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "UYARI: Betimleyici %s alınamıyor: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "bir şifreli oturum anahtarı (%d) için tuhaf uzunluk\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s şifreli oturum anahtarı\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "bilinmeyen algoritma %d ile şifrelenmiş\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "bilinmeyen özet algoritması ile üretilmiş anahtar parolası %d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "genel anahtar: %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "genel anahtarla şifreli veri: doğru DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr ""
 "%u bitlik %s anahtarı ve %s kullanıcı kimliği ile şifrelendi, %s tarihinde "
 "oluşturuldu\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "%s anahtarı ve %s kullanıcı kimliği ile şifrelenmiş\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "genel anahtar şifre çözümü başarısız: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "UYAR: çok sayıda salt metin görüldü\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "%lu anahtar parolası ile şifrelenmiş\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "1 anahtar parolası ile şifrelenmiş\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "genel anahtar şifre çözümü başarısız: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "genel anahtarla şifreli veri: doğru DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "%s şifreli veri varsayılıyor\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr ""
 "IDEA şifre kullanışsız, iyimserlikle yerine %s kullanılmaya çalışılıyor\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "UYARI: ileti bütünlük korumalı değildi\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "şifre çözme başarısız: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "Şifre çözme tamam\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "UYARI: şifreli ileti tahrip edilmiş!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "şifre çözme başarısız: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, fuzzy, c-format
 #| msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "BİLGİ: gönderen \"yalnız-gözleriniz-için\" ricasında bulundu\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "özgün dosya adı = '%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "tek başına yürürlükten kaldırma - uygulamak için \"gpg --import\" kullanın\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "hiç imza yok\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "\"%s\" deki imza KÖTÜ"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "\"%s\" deki imza zamanaşımına uğramış"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "\"%s\" deki imza iyi"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "imza doğrulama engellendi\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "bu belirsiz imza verisi elde edilemiyor\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Ä°mza %s de\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               %s kullanılarak anahtar %s ile yapılmış\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "%s imzası, %s anahtarı ve %s kullanıcı kimliği ile yapılmış\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "                nam-ı diğer \"%s\""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Anahtar burada:"
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[şüpheli]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                nam-ı diğer \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "UYARI: Bu anahtar güven dereceli bir imza ile sertifikalanmamış!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Bu imzanın geçerliliği %s de bitti.\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Bu imzanın geçerliliği %s de bitecek.\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s imzası, %s özet algoritması\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "ikili"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "metinkipi"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "bilinmeyen"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 #, fuzzy
 #| msgid "algorithm: %s"
 msgid ", key algorithm "
 msgstr "algoritma: %s"
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Ä°mza kontrol edilemedi: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "bir bağımsız imza değil\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "UYARI: çoklu imzalar saptandı. Sadece ilki denetlenecek.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "0x%02x sınıfı tek başına imza\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "eski stil (PGP 2.x) imza\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, fuzzy, c-format
 #| msgid "fstat of `%s' failed in %s: %s\n"
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "`%s' için %s de durum bilgisi alınamıyor: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) %s de başarısız: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "UYARI: deneysel %s genel anahtar algoritması kullanılıyor\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "UYARI: Elgamal imza+şifre anahtarları artık önerilmiyor\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "UYARI: deneysel %s şifreleme algoritması kullanılıyor\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "UYARI: deneysel %s özet algoritması kullanılıyor\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "UYARI: %s özet algoritması artık önerilmiyor.\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "%s imzası, %s özet algoritması\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "%s signature, digest algorithm %s\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "%s imzası, %s özet algoritması\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s)\n"
 msgstr "`%s' için okuma hatası: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "`%s' için okuma hatası: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: \"%s\" seçeneği kullanımdan kaldırılmak üzere.\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "UYARI: %s seçeneği kullanımdan kaldırılmak üzere.\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "lütfen yerine \"%s%s\" kullanınız\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "UYARI: \"%s\" komutu artık önerilmiyor - kullanmayın onu\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, fuzzy, c-format
 #| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: eskimiş seçenek \"%s\" - artık etkisiz\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "UYARI: \"%s\" seçeneği eskidi - artık etkisiz\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Sıkıştırılmamış"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "Sıkıştırılmamış|yok"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "bu ileti %s tarafından kullanılamayabilir\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, fuzzy, c-format
 #| msgid "ambiguous option `%s'\n"
 msgid "ambiguous option '%s'\n"
 msgstr "`%s' seçeneği belirsiz\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, fuzzy, c-format
 #| msgid "unknown option `%s'\n"
 msgid "unknown option '%s'\n"
 msgstr "`%s' seçeneği bilinmiyor\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, fuzzy, c-format
 #| msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "DSA sekizin katlarında bir çittirim uzunluğu gerektirir\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type `%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6776,101 +6707,90 @@ msgstr "%s: bilinmeyen sonek\n"
 msgid "Enter new filename"
 msgstr "Yeni dosya ismini giriniz"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "standart çıktıya yazıyor\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, fuzzy, c-format
 #| msgid "assuming signed data in `%s'\n"
 msgid "assuming signed data in '%s'\n"
 msgstr "\"%s\" içindeki veri imzalı kabul ediliyor\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "%d genel anahtar algoritması kullanılamadı\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "UYARI: simetrik şifreli oturum anahtarı potansiyel olarak güvensiz\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Kritik imza simgelemi: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "%d tipi alt paket kritik bit kümesine sahip\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "aracı ile sorun var: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Lütfen yeni anahtar parolasını girin"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Anahtar parolasını giriniz\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "kullanıcı tarafından durduruldu\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (asıl anahtar kimliği %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 #, fuzzy
 #| msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr ""
 "PKCS#12 nesnesinin korumasını aşmak için lütfen anahtar parolasını giriniz."
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "PKCS#12 nesnesini korumak için lütfen anahtar parolasını giriniz."
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "PKCS#12 nesnesini korumak için lütfen anahtar parolasını giriniz."
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 #, fuzzy
 #| msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "PKCS#12 nesnesini korumak için lütfen anahtar parolasını giriniz."
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 #, fuzzy
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, fuzzy, c-format
 #| msgid "%u-bit %s key, ID %s, created %s"
 msgid ""
@@ -6881,7 +6801,7 @@ msgid ""
 "%s"
 msgstr "%u bitlik %s anahtarı, %s kimliği ile %s tarihinde üretilmiş"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6895,40 +6815,87 @@ msgstr ""
 "bir resim kullanırsanız genel anahtarınız da çok büyük olacaktır. Resim\n"
 "boyutlarının 240x288 civarında seçilmesi uygun olacaktır.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Foto kimliği için JPEG dosya ismini giriniz: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, fuzzy, c-format
 #| msgid "unable to open JPEG file `%s': %s\n"
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "JPEG dosyası `%s' açılamıyor: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Bu JPEG gerçekten büyük (%d bayt)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Onu kullanmak istediğinizden emin misiniz? (e/H ya da y/N)  "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, fuzzy, c-format
 #| msgid "`%s' is not a JPEG file\n"
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s' bir JPEG dosyası değil\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Bu foto doğru mu? (e/H/ç veya y/N/ç) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "foto kimliği gösterilemiyor!\n"
-
+msgid "no remote program execution supported\n"
+msgstr "uzaktan uygulama çalıştırılması desteklenmiyor\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"bu platformda, dış uygulamalar çalıştırılırken geçici dosyalar gerekiyor\n"
+
+#: g10/photoid.c:506
+#, fuzzy, c-format
+#| msgid "unable to execute shell `%s': %s\n"
+msgid "unable to execute shell '%s': %s\n"
+msgstr "'%s' kabuğu çalıştırılamıyor: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "Dış uygulamamnın doğal olmayan çıkışı\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "dış uygulama çalıştırılırken sistem hatası: %s\n"
+
+#: g10/photoid.c:600
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "UYARI: geçici dosya silinemiyor (%s) `%s': %s\n"
+
+#: g10/photoid.c:604
+#, fuzzy, c-format
+#| msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "UYARI: %s geçici dizini silinemiyor: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"güvensiz options dosyası yetkilerinden dolayı dış program çağrıları iptal\n"
+"edildi\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "foto kimliği gösterilemiyor!\n"
+
 #. TRANSLATORS: These are the allowed answers in lower and
 #. uppercase.  Below you will find the matching strings which
 #. should be translated accordingly and the letter changed to
@@ -6939,53 +6906,53 @@ msgstr "foto kimliği gösterilemiyor!\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "bBmMkKaA"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Güven değeri belirtilmemiş:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  namı-diğer \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "%s: Bu anahtarın gerçekten sahibine ait olduğuna dair bir belirti yok\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr " %d = bilmiyorum, kem küm\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr " %d = güvence vermem\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr " %d = Son derece güveniyorum\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr " m = ana menüye dön\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr " a = bu anahtarı atla\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr " k = çık\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6994,51 +6961,51 @@ msgstr ""
 "Bu anahtar için asgari güvence seviyesi: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Kararınız? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr ""
 "Bu anahtarı gerçekten son derece güvenli yapmak istiyor musunuz?  (e/H ya da "
 "y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Son derece güvenli bir anahtarla sonuçlanan sertifikalar:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Bu anahtarın gerçekten ismi belirtilen şahsa ait olduğuna dair bir "
 "belirti yok\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: Bu anahtarın gerçekten ismi belirtilen şahsa ait olduğuna dair sınırlı "
 "bir belirti var\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Bu anahtarın ismi belirtilen şahsa ait olduğu umuluyor\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Bu anahtar bizim\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 #| msgid "root certificate has now been marked as trusted\n"
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "kök sertifika artık güvenilir olarak imlenmiş oldu\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -7053,7 +7020,7 @@ msgstr ""
 "olduğu kesin DEĞİL. *Gerçekten* ne yaptığınızı biliyorsanız,\n"
 "sonraki soruya da evet cevabı verebilirsiniz.\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -7063,97 +7030,116 @@ msgstr ""
 "olduğu kesin DEĞİL. *Gerçekten* ne yaptığınızı biliyorsanız,\n"
 "sonraki soruya da evet cevabı verebilirsiniz.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Bu anahtar yine de kullanılsın mı? (e/H ya da y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "UYARI: Güven derecesiz anahtar kullanılıyor!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr ""
 "UYARI: bu anahtar yürürlükten kaldırılmamış olabilir (yürürlükten kaldırma "
 "anahtarı mevcut değil)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "Kullanıcı kimliği: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "`%d. satır: algoritma geçersiz\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "anahtar %s: bizim kopyamızla eşleşmiyor\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "line %d: invalid algorithm\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "`%d. satır: algoritma geçersiz\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "UYARI: Bu anahtar onu üreten tarafından yürürlükten kaldırılmıştı!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "UYARI: Bu anahtar sahibi tarafından yürürlükten kaldırılmıştı!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Bu imza sahte anlamına gelebilir.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr ""
 "UYARI: Bu yardımcı anahtar sahibi tarafından yürürlükten kaldırılmıştı!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Bilgi: Bu anahtar iptal edildi.\n"
 
-#: g10/pkclist.c:613
-#, fuzzy, c-format
-#| msgid "Note: Verified signer's address is `%s'\n"
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Bilgi: Doğrulanmış imzacının adresi: `%s'\n"
-
-#: g10/pkclist.c:620
-#, fuzzy, c-format
-#| msgid "Note: Signer's address `%s' does not match DNS entry\n"
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Bilgi: İmzacının adresi `%s', DNS girdisiyle eşleşmiyor\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "geçerli PKA bilgisinden dolayı güvence seviyesi TAM olarak ayarlandı\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "kötü PKA bilgisinden dolayı güvence seviyesi ASLA olarak ayarlandı\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Bilgi: Bu anahtarın kullanım süresi dolmuştu!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "UYARI: Bu anahtar güven dereceli bir imza ile sertifikalanmamış!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "UYARI: Bu anahtar güven dereceli bir imza ile sertifikalanmamış!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Bu imzanın sahibine ait olduğuna dair bir belirti yok.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "UYARI: Bu anahtara güven-mi-yoruz!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Bu imza SAHTE olabilir.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr ""
+"UYARI: Bu anahtar yeterli güven derecesine sahip imzalarla "
+"sertifikalanmamış!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
@@ -7161,53 +7147,53 @@ msgstr ""
 "UYARI: Bu anahtar yeterli güven derecesine sahip imzalarla "
 "sertifikalanmamış!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Bu imzanın sahibine ait olduğu kesin değil.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: atlandı: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: atlandı: genel anahtar iptal edildi\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: atlandı: genel anahtar zaten var\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "\"%s\" sunucusuna bağlanılamadı: %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "Bir kullanıcı kimliği belirtmediniz. (\"-r\" kullanabilirsiniz)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Şimdiki alıcılar:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -7215,40 +7201,40 @@ msgstr ""
 "\n"
 "Kullanıcı kimliğini girin. Boş bir satır işlemi sonlandırır:"
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Böyle bir kullanıcı kimliği yok.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "atlandı: genel anahtar zaten öntanımlı alıcı olarak ayarlanmış\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Genel anahtar iptal edildi.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "atlandı: genel anahtar zaten belirtilmiş\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "öntanımlı alıcı \"%s\" bilinmiyor\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "geçerli adresler yok\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Bilginize: anahtar %s %s özelliğine sahip değil\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Bilginize: anahtar %s %s için bir tercihe sahip değil\n"
@@ -7258,80 +7244,86 @@ msgstr "Bilginize: anahtar %s %s için bir tercihe sahip değil\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "veri kaydedilmedi; kaydetmek için \"--output\" seçeneğini kullanın\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Bağımsız imza.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Lütfen veri dosyasının ismini girin: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "standart girdiden okuyor ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "imzalı veri yok\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, fuzzy, c-format
 #| msgid "can't open signed data `%s'\n"
 msgid "can't open signed data '%s'\n"
 msgstr "imzalı veri '%s'  açılamadı\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "imzalı veri fd=%d açılamadı: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "sertifika şifreleme için elverişli değil\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "anonim alıcı: %s gizli anahtarı deneniyor ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "certificate is not usable for encryption\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "sertifika şifreleme için elverişli değil\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "tamam, biz anonim alıcıyız.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "DEK'in eski kodlaması desteklenmiyor\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "şifre algoritması %d%s bilinmiyor ya da iptal edilmiş\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "UYARI: %s şifre algoritması alıcı tercihlerinde yok\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, fuzzy, c-format
 #| msgid "NOTE: secret key %s expired at %s\n"
 msgid "Note: secret key %s expired at %s\n"
 msgstr "BİLGİ: %s gizli anahtarının %s tarihinde kullanım süresi doldu\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, fuzzy, c-format
 #| msgid "NOTE: key has been revoked"
 msgid "Note: key has been revoked"
 msgstr "BİLGİ: anahtar yürürlükten kaldırılmıştı"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet başarısız: %s\n"
@@ -7349,37 +7341,37 @@ msgstr "Yürürlükten kaldıran:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Bu bir duyarlı yürürlükten kaldırma anahtarı)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "Gizli anahtar mevcut.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr ""
 "Bu imza için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H ya "
 "da y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "ASCII zırhlı çıktı istendi.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet başarısız: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Yürürlükten kaldırma sertifikası üretildi.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "\"%s\" için yürürlükten kaldırma anahtarları yok\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 #, fuzzy
 #| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
@@ -7387,14 +7379,14 @@ msgstr ""
 "Bu anahtar için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H "
 "ya da y/N) "
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7403,20 +7395,20 @@ msgid ""
 "of the gpg command \"--generate-revocation\" in the GnuPG manual."
 msgstr ""
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before importing and publishing this revocation certificate."
 msgstr ""
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "Yürürlükten kaldırma sertifikası üretildi.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7430,19 +7422,19 @@ msgstr "gizli anahtar \"%s\" yok: %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring `%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "`%s' anahtarlığı oluşturulurken hata: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr ""
 "Bu anahtar için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H "
 "ya da y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7460,38 +7452,38 @@ msgstr ""
 "Sertifika kısa olacağından isterseniz, bir yazıcı çıktısı olarak alıp\n"
 "bir kasada da muhafaza edebilirsiniz.\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Lütfen bir yürürlükten kaldırma sebebi seçiniz:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Ä°ptal"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Burada %d seçtiğiniz varsayılıyor)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr ""
 "İsteğe bağlı açıklamayı girebilirsiniz; Boş bir satır işlemi sonlandırır:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Yürürlükten kaldırma sebebi: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(açıklama verilmedi)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Bu tamam mı? (e/H ya da y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "zayıf anahtar oluşturuldu - yeniden deneniyor\n"
@@ -7503,51 +7495,46 @@ msgstr ""
 "simetrik şifre için zayıf anahtarın önlenmesi mümkün olamadı: %d kere "
 "denendi!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, fuzzy, c-format
 #| msgid "%s key uses an unsafe (%u bit) hash\n"
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s anahtarı, güvensiz bir çittirim (%u bitlik) kullanıyor\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, fuzzy, c-format
 #| msgid "DSA key %s requires a %u bit or larger hash\n"
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "DSA anahtarı %s, %u bitlik veya daha geniş bir çittirim gerektiriyor\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "UYARI: iletideki imza özeti çelişkili\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "UYARI: iletideki imza özeti çelişkili\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "UYARI: yardımcı imzalama anahtarı %s çapraz sertifikalı değil\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "daha fazla bilgi için lütfen %s adresine bakınız\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "UYARI: yardımcı imzalama anahtarı %s geçersiz çapraz sertifikalamaya sahip\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
@@ -7555,7 +7542,7 @@ msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "genel anahtar %s imzadan %lu saniye daha yeni\n"
 msgstr[1] "genel anahtar %s imzadan %lu saniye daha yeni\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
@@ -7563,7 +7550,7 @@ msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "genel anahtar %s imzadan %lu saniye daha yeni\n"
 msgstr[1] "genel anahtar %s imzadan %lu saniye daha yeni\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7576,7 +7563,7 @@ msgstr[0] ""
 msgstr[1] ""
 "anahtar %s %lu saniye sonra üretilmiş (zaman sapması veya saat problemi)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7588,57 +7575,57 @@ msgstr[0] ""
 msgstr[1] ""
 "anahtar %s %lu saniye sonra üretilmiş (zaman sapması veya saat problemi)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s expired %s\n"
 msgid "Note: signature key %s expired %s\n"
 msgstr "BİLGİ: %s imza anahtarının kullanım süresi %s sularında dolmuş\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, fuzzy, c-format
 #| msgid "NOTE: signature key %s has been revoked\n"
 msgid "Note: signature key %s has been revoked\n"
 msgstr "BİLGİ: imza anahtarı %s yürürlükten kaldırılmıştı\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "0x%02x sınıfı tek başına imza\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "0x%02x sınıfı tek başına imza\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "hatalı imzanın bilinmeyen bir kritik bitten dolayı %s anahtarından "
 "kaynaklandığı sanılıyor\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr ""
 "anahtar %s: anahtarı yürürlükten kaldırma imzası için yardımcı anahtar yok\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr ""
 "anahtar %s: yardımcı anahtarı garantileme imzası için yardımcı anahtar yok\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "UYARI: %% genişletmeli simgelem imkansız (çok büyük). Genişletilmeden "
 "kullanılıyor.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7646,7 +7633,7 @@ msgstr ""
 "UYARI: güvence adresi için %%lik uzatma imkansız (çok büyük).\n"
 "Uzatılmadan kullanılıyor.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7655,12 +7642,12 @@ msgstr ""
 "UYARI: tercih edilen anahtar sunucu adresi için %%lik uzatma imkansız\n"
 "(çok büyük). Uzatılmadan kullanılıyor.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s imza: \"%s\" den\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7668,36 +7655,37 @@ msgstr ""
 "UYARI: alıcının tercihleriyle çelişen %s (%d) özet algoritması kullanılmak "
 "isteniyor\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "imzalanıyor:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s şifrelemesi kullanılmayacak\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "anahtar güvenli olarak imlenmemiş - onu sahte RSÜ ile kullanmayın!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "\"%s\" atlandı: tekrarlanmış\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "atlandı: gizli anahtar zaten var\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr "bu, imzalar için güvenli olmayan PGP üretimi bir ElGamal anahtarı!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "güvence veritabanının %lu. kaydı, %d türünde: yazma başarısız: %s\n"
@@ -7711,46 +7699,46 @@ msgstr ""
 "# Atanan güvencedeğerlerinin listesi %s oluşturuldu\n"
 "# (Eski haline getirmek için \"gpg --import-ownertrust\" kullanın\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error in '%s': %s\n"
 msgstr "'%s' de hata: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "satır çok uzun"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr ": imi eksik"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "parmakizi geçersiz"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "sahibiningüvencesi değeri kayıp"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, fuzzy, c-format
 #| msgid "error finding trust record in `%s': %s\n"
 msgid "error finding trust record in '%s': %s\n"
 msgstr "`%s' deki güvence kaydını ararken hata: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "read error in '%s': %s\n"
 msgstr "`%s' için okuma hatası: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "güvence veritabanı: eşzamanlama başarısız: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, fuzzy, c-format
 #| msgid "can't create lock for `%s'\n"
 msgid "can't create lock for '%s'\n"
@@ -7762,12 +7750,12 @@ msgstr "`%s' için kilit oluşturulamıyor\n"
 msgid "can't lock '%s'\n"
 msgstr "`%s' kiltlenemedi\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "güvence veritabanı %lu kaydı: erişim başarısız: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "güvence veritabanı %lu kaydı: yazma başarısız (n=%d): %s\n"
@@ -7782,7 +7770,7 @@ msgstr "güvence veritabanı işlemi çok uzun\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: dizin yok!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't access '%s': %s\n"
@@ -7825,7 +7813,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: sürüm kaydının güncellenmesinde hata: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: sürüm kaydının okunmasında hata: %s\n"
@@ -7835,52 +7823,52 @@ msgstr "%s: sürüm kaydının okunmasında hata: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: sürüm kaydının yazılmasında hata: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "güvence veritabanı: erişim başarısız: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "güvence veritabanı: okuma başarısız (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: bir güvence veritabanı dosyası değil\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: %lu kayıt numarası ile sürüm kaydı\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: dosya sürümü %d geçersiz\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: serbest kaydı okuma hatası: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: dizin kaydını yazma hatası: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: kayıt sıfırlama başarısız: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: kayıt ekleme başarısız: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, fuzzy, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "%s: güvence veritabanı oluşturuldu\n"
@@ -7922,10 +7910,10 @@ msgstr "desteklenmeyen algoritma: %s"
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error reading TOFU database: %s\n"
@@ -7949,7 +7937,7 @@ msgstr "%s: dizin kaydını yazma hatası: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "'%s' açılırken hata: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error updating TOFU database: %s\n"
@@ -8128,112 +8116,112 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error changing TOFU policy: %s\n"
 msgstr "boru oluşturulurken hata: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "%d imza silindi.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "%lu anahtar parolası ile şifrelenmiş\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "validity: %s"
 msgid "(policy: %s)"
 msgstr "geçerliliği: %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -8250,114 +8238,114 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error opening TOFU database: %s\n"
 msgstr "%s komutu gönderilirken hata: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, fuzzy, c-format
 #| msgid "`%s' is not a valid long keyID\n"
 msgid "'%s' is not a valid long keyID\n"
 msgstr "`%s' geçerli bir anahtar kimliği değil\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "anahtar %s: güvenli anahtar olarak kabul edildi\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "anahtar %s güvence veritabanında birden fazla görünüyor\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "anahtar %s: güvenli anahtar için genel anahtar yok - atlandı\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "anahtar %s son derece güvenli olarak imlendi.\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "güvence veritabanı kaydı %lu, istek tipi %d: okuma başarısız: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "güvence veritabanının %lu. kaydı %d istek türünde değil\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr ""
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "bilinmeyen güvence modeli (%d) kullanılamıyor - %s güvence modeli "
 "varsayılıyor\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "%s güvence modeli kullanılıyor\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "bir güvence veritabanı denetimi gereksiz\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "sonraki güvence veritabanı denetimi %s de\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, fuzzy, c-format
 #| msgid "no need for a trustdb check with `%s' trust model\n"
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "`%s' güvence modelli güvence veritabanı sınaması için gereksiz\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, fuzzy, c-format
 #| msgid "no need for a trustdb update with `%s' trust model\n"
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "`%s' güvence modelli güvence veritabanı güncellemesi için gereksiz\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "genel anahtar %s yok: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "lütfen bir --check-trustdb yapın\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "güvence veritabanı denetleniyor\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
@@ -8365,7 +8353,7 @@ msgid_plural "%d keys processed"
 msgstr[0] "şu ana kadar %lu anahtar işlendi\n"
 msgstr[1] "şu ana kadar %lu anahtar işlendi\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
@@ -8373,17 +8361,17 @@ msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "%d anahtar işlendi (%d doğrulama temizlendi)\n"
 msgstr[1] "%d anahtar işlendi (%d doğrulama temizlendi)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "son derece güvenli bir anahtar yok\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "son derece güvenli %s için genel anahtar yok\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8391,29 +8379,29 @@ msgstr ""
 "derinlik: %d  geçerli: %3d  imzalı: %3d  güvenilir: %d-, %dq, %dn, %dm, %df, "
 "%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr ""
 "güvence veritabanının sürüm kaydı güncellenemedi: yazma başarısız: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "tanımsız"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "asla    "
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "şöyle böyle"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "tamamen"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "son derece"
 
@@ -8425,43 +8413,43 @@ msgstr "son derece"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 #, fuzzy
 #| msgid "10 translator see trustdb.c:uid_trust_string_fixed"
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "20 translator seen trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[yürürlükten kalktı]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[  süresi  doldu  ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[    bilinmeyen   ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[     tanımsız    ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never"
 msgid "[  never ]"
 msgstr "asla    "
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[   şöyle böyle   ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[     tamamen     ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[   son  derece   ]"
 
@@ -8486,19 +8474,31 @@ msgstr "girdi satırı %u ya çok uzun ya da sonunda satırsonu karakteri yok\n"
 msgid "can't open fd %d: %s\n"
 msgstr "fd %d açılamıyor: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "UYARI: ileti bütünlük korumalı değildi\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option `%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "`%s' seçeneği belirsiz\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "hata ayıklama bayrakları ayarlanır"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "tam hata ayıklama etkin olur"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Kullanımı: kbxutil [seçenekler] [dosyalar] (yardım için -h)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 #, fuzzy
 #| msgid ""
 #| "Syntax: kbxutil [options] [files]\n"
@@ -8513,129 +8513,232 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "||Lütfen PIN'i giriniz"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN eylemcisi hata döndürdü: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "anahtar zaten mevcut\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "mevcut anahtar konulacak\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "yeni anahtar üretiliyor\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, fuzzy, c-format
+msgid "writing new key\n"
+msgstr "yeni anahtar üretiliyor\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "anahtarın saklanması başarısız: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "yanıt RSA modülü içermiyor\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "yanıt RSA genel bileşenini içermiyor\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public key\n"
+msgstr "yanıt RSA genel bileşenini içermiyor\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "anahtar üretilene kadar lütfen bekleyiniz ....\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "anahtar üretimi başarısızlığa uğradı\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "anahtar üretimi tamamlandı (%d saniye)\n"
+msgstr[1] "anahtar üretimi tamamlandı (%d saniye)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "yanıt genel anahtar verisi içermiyor\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 #, fuzzy
 msgid "|A|Please enter the Admin PIN"
 msgstr "||Lütfen PIN'i giriniz"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 #, fuzzy
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 #, fuzzy
 msgid "||Please enter the PIN for the standard keys."
 msgstr "|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA modülü ya eksik ya da %d bitlik değil\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA genel üstel sayısı ya eksik ya da %d bitten büyük\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN eylemcisi hata döndürdü: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "BoşPIN henüz değişmedi\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "BoşPIN henüz değişmedi\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 #, fuzzy
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "||Lütfen PIN'inizi okuyucunun tuştakımından giriniz"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 #, fuzzy
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr ""
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "yeni PIN alınırken hata: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "parmakizinin saklanması başarısız oldu: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "oluşturma tarihinin saklanması başarısız oldu: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "karttan CHV durumu alınırken hata\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "yanıt RSA modülü içermiyor\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "yanıt RSA genel bileşenini içermiyor\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the RSA public exponent\n"
-msgid "response does not contain the EC public key\n"
-msgstr "yanıt RSA genel bileşenini içermiyor\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "yanıt genel anahtar verisi içermiyor\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "genel anahtar okuması başarısız: %s\n"
@@ -8643,46 +8746,46 @@ msgstr "genel anahtar okuması başarısız: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "%s olarak öntanımlı PIN kullanılıyor\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "%s olarak öntanımlı PIN kullanılamadı: %s - öntanımlı kullanımı iptal "
 "ediliyor\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
 msgstr "||Lütfen PIN'i giriniz"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "CHV%d doğrulaması başarısız oldu: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "kart kalıcı olarak kilitli!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8693,20 +8796,20 @@ msgstr[0] ""
 msgstr[1] ""
 "kart kalıcı olarak kilitlenmeden önce %d Yönetici PIN kalmasına çalışılıyor\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Lütfen PIN'i giriniz"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Sıfırlama Kodu çok kısa; asgari uzunluk: %d\n"
@@ -8714,125 +8817,82 @@ msgstr "Sıfırlama Kodu çok kısa; asgari uzunluk: %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|YSK|Yeni Sıfırlama Kodu"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|YYP|Yeni Yönetici PIN'i"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Yeni PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 #, fuzzy
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Lütfen PIN'i giriniz"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Lütfen PIN'i giriniz"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "uygulama verisi okunurken hata\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "parmakizi DO okunurken hata\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "anahtar zaten mevcut\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "mevcut anahtar konulacak\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "yeni anahtar üretiliyor\n"
-
-#: scd/app-openpgp.c:3074
-#, fuzzy, c-format
-msgid "writing new key\n"
-msgstr "yeni anahtar üretiliyor\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "oluşturum zaman damgası kayıp\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA asal sayısı %s ya eksik la da %d bitlik değil\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "anahtarın saklanması başarısız: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported curve\n"
 msgstr "desteklenmeyen algoritma: %s"
 
-#: scd/app-openpgp.c:4263
+#: scd/app-openpgp.c:4991
 #, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "anahtar üretilene kadar lütfen bekleyiniz ....\n"
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "OpenPGP kartının yapısı geçersiz (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4271
+#: scd/app-openpgp.c:5041
 #, c-format
-msgid "generating key failed\n"
-msgstr "anahtar üretimi başarısızlığa uğradı\n"
+msgid "fingerprint on card does not match requested one\n"
+msgstr "karttaki parmak izi istenenle eşleşmiyor\n"
 
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "anahtar üretimi tamamlandı (%d saniye)\n"
-msgstr[1] "anahtar üretimi tamamlandı (%d saniye)\n"
-
-#: scd/app-openpgp.c:4311
-#, c-format
-msgid "invalid structure of OpenPGP card (DO 0x93)\n"
-msgstr "OpenPGP kartının yapısı geçersiz (DO 0x93)\n"
-
-#: scd/app-openpgp.c:4361
-#, c-format
-msgid "fingerprint on card does not match requested one\n"
-msgstr "karttaki parmak izi istenenle eşleşmiyor\n"
-
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "kart %s özet algoritmasını desteklemiyor\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "şu ana kadar oluşturulan imzalar: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "Yönetici PIN'inin doğrulanması bu komut yüzünden şimdilik yasaktır\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "%s erişilebilir değil - OpenPGP kartı geçersiz olabilir mi?\n"
@@ -8846,64 +8906,68 @@ msgstr "||Lütfen PIN'inizi okuyucunun tuştakımından giriniz"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Ä°lk Yeni PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "çoklu sunucu kipinde çalışır (önalanda)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LDÜZEY|hata ayıklama düzeyini DÜZEY yapar"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|DOSYA|DOSYAya bir günce yazar"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|N. porttaki okuyucuya bağlanır"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|İSİM|ct-API sürücüsü olarak İSİM kullanılır"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|İSİM|PC/SC sürücüsü olarak İSİM kullanılır"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "dahili CCID sürücüsü kullanılmaz"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|N saniyelik durgunluktan sonra kartı ayırır"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 #, fuzzy
 #| msgid "do not use a reader's keypad"
 msgid "do not use a reader's pinpad"
 msgstr "bir okuyucu tuştakımı kullanılmaz"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr ""
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 #, fuzzy
 msgid "deny the use of admin card commands"
 msgstr "yönetici kartı komutları kullanımına izin verir"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Kullanımı: gpgconf [seçenekler] (yardım için -h)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 #, fuzzy
 #| msgid ""
 #| "Syntax: scdaemon [options] [command [args]]\n"
@@ -8915,7 +8979,7 @@ msgstr ""
 "Sözdizimi: scdaemon [seçenekler] [komut [arg ...]]\n"
 "GnuPG için akıllı kart artalan süreci\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, fuzzy, c-format
 #| msgid ""
 #| "please use the option `--daemon' to run the program in the background\n"
@@ -8924,32 +8988,26 @@ msgstr ""
 "Programı artalanda çalışır bırakmak için lütfen `--daemon' seçeneğini "
 "kullanın\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "fd %d için eylemci başlatıldı\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "fd %d için eylemci sonlandı\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "anahtar kullanım bilgisi alınırken hata: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "sertifika tarafından istenen geçerlilik modeli: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "zincir"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "kabuk"
 
@@ -8984,7 +9042,7 @@ msgstr "bilgi: kritik olmayan sertifika poliçesine izin verilmez"
 msgid "certificate policy not allowed"
 msgstr "sertifika poliçesine izin verilmiyor"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "parmakizinin alınması başarısız oldu\n"
@@ -8999,7 +9057,7 @@ msgstr "harici bir sertifikacı arar\n"
 msgid "number of issuers matching: %d\n"
 msgstr "eşleşen sertifikacı sayısı: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, fuzzy, c-format
 #| msgid "can't access `%s': %s\n"
 msgid "can't get authorityInfoAccess: %s\n"
@@ -9020,232 +9078,232 @@ msgstr "eşleşen sertifika sayısı: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngr sadece-önbellek anahtar araması başarısızi: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "anahtar veritabanı eylemcisine yer ayrılması başarısız oldu\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "sertifika yürürlükten kaldırılmıştı"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "sertifika durumu bilinmiyor"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "\"dirmngr\"'ın düzgün olarak kurulu olduğundan lütfen emin olunuz\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "CRL sınaması başarısız: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "geçersiz doğrulukla sertifika: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "sertifika henüz geçersiz"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "kök sertifika henüz geçersiz"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "ara sertifika henüz geçersiz"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "sertifika kullanım süresi dolmuş"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "kök sertifikanın kullanım süresi dolmuş"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "ara sertifikanın kullanım süresi dolmuş"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "gerekli sertifika özellikleri eksik: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "geçersiz doğrulukla sertifika"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "sertifika yaşam süresi boyunca imza oluşturulmadı"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "sertifikacının yaşam süresi boyunca sertifika oluşturulmadı"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "sertifikacının yaşam süresi boyunca ara sertifika oluşturulmadı"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (  imzanın oluşturuluşu: "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (  sertifikanın oluşturuluşu: "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (sertifika geçerlilik başlangıcı: "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (sertifikacı geçerlilik başlangıcı: "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "parmakizi=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "kök sertifika artık güvenilir olarak imlenmiş oldu\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "güvenilir olarak etkileşimli imleme gpg-agent'ta etkin değil\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "güvenilir olarak etkileşimli imleme bu oturum için iptal edildi\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr ""
 "UYARI: imzanın oluşturulma zamanı bilinmiyor - şimdiki zaman varsayılıyor"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "sertifikacı kim belli değil"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "öz-imzalı sertifika KÖTÜ bir imzaya sahip"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "kök sertifika güvenilir olarak imli değil"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "güvence listesinin sınanması başarısız: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "sertifika zinciri çok uzun\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "sertifikacı belli değil"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "sertifika KÖTÜ bir imzaya sahip"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "başka bir eşleşmesi olası CA sertifikası var - tekrar deneniyor"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "sertifika zinciri CA tarafından izin verilenden uzun (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "sertifika iyi durumda\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "ara sertifika iyi durumda\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "kök sertifika iyi durumda\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "zincir modeline geçiş"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "kullanılan geçerlilik modeli: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%u bitlik çittirim %u bitlik %s anahtarı için geçersiz\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "nüve dışında\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(bu, MD2 algoritmasıdır)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "yok"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Hata - kodlama geçersiz]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Hata - nüve dışında]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Hata - Adsız]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Hata - DN geçersiz]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -9260,149 +9318,160 @@ msgstr ""
 "S/N: %s, Kimlik: 0x%08lX,\n"
 "oluşturuluşu: %s, süre bitimi: %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "hiç anahtar kullanımı belirtilmemiş - tüm kullanımlar var sayılıyor\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "anahtar kullanım bilgisi alınırken hata: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for certification\n"
 msgid "certificate should not have been used for certification\n"
 msgstr "sertifika onaylama için kullanılmamalıydı\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "sertifika, OCSP yanıtının imzalanması için kullanılmamalıydı\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for encryption\n"
 msgid "certificate should not have been used for encryption\n"
 msgstr "sertifika şifreleme için kullanılmamalıydı\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for signing\n"
 msgid "certificate should not have been used for signing\n"
 msgstr "sertifika imzalama için kullanılmamalıydı\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "sertifika şifreleme için elverişli değil\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "sertifika imzalama için elverişli değil\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "Included certificates"
+msgid "looking for another certificate\n"
+msgstr "İçerilen sertifikalar"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "%d. satır: anahtar uzunluğu %u geçersiz (%d .. %d geçerli)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "%d. satır: konu ismi belirtilmemiş\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "%d. satır: konu ismi yaftası `%.*s' geçersiz\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "%1$d. satır: %3$d konumundaki konu ismi %2$s' geçersiz\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "%d. satır: geçerli bir eposta adresi değil\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid serial number\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name label `%.*s'\n"
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "%d. satır: konu ismi yaftası `%.*s' geçersiz\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "%1$d. satır: %3$d konumundaki konu ismi %2$s' geçersiz\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid date given\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "%d. satır: `%s' anahtar maşası tarafından alınırken hata: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid authority-key-id\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, fuzzy, c-format
 #| msgid "line %d: invalid subject name `%s' at pos %d\n"
 msgid "line %d: invalid subject-key-id\n"
 msgstr "%1$d. satır: %3$d konumundaki konu ismi %2$s' geçersiz\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, fuzzy, c-format
 #| msgid "line %d: invalid algorithm\n"
 msgid "line %d: invalid extension syntax\n"
 msgstr "`%d. satır: algoritma geçersiz\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, fuzzy, c-format
 #| msgid "line %d: error reading key `%s' from card: %s\n"
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "%d. satır: `%s' anahtarı karttan okunurken hata: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, fuzzy, c-format
 #| msgid "line %d: error getting key by keygrip `%s': %s\n"
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "%d. satır: `%s' anahtar maşası tarafından alınırken hata: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "%d. satır: anahtar üretimi başarısızlığa uğradı: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9410,45 +9479,45 @@ msgstr ""
 "Bu sertifika isteğini tamamlamak için lütfen anahtar parolanızı girip "
 "anahtarınızı bir kere daha oluşturun.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Mevcut anahtar\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Karttaki mevcut anahtar\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "bir %s anahtarı için olası eylemler:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) imza, şifreleme\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) imza\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) şifreleme\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "X.509 konu ismini girin: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Konu ismi belirtilmemiş\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, fuzzy, c-format
 #| msgid "Invalid subject name label `%.*s'\n"
 msgid "Invalid subject name label '%.*s'\n"
@@ -9459,37 +9528,37 @@ msgstr "Geçersiz konu ismi yaftası `%.*s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, fuzzy, c-format
 #| msgid "Invalid subject name `%s'\n"
 msgid "Invalid subject name '%s'\n"
 msgstr "Geçersiz konu ismi`%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "22 çevirmen: bakınız certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "E-posta adresinizi girin"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (ve boş bir satır ile bitirin):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "DNS isimlerini giriniz"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (seçimlik; boş bir satır işlemi sonlandırır):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "URI'leri girin"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 #, fuzzy
 #| msgid "Create a designated revocation certificate for this key? (y/N) "
 msgid "Create self-signed certificate? (y/N) "
@@ -9497,220 +9566,213 @@ msgstr ""
 "Bu imza için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H ya "
 "da y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "geçici dosya oluşturulurken hata: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 #, fuzzy
 #| msgid "self-signed certificate has a BAD signature"
 msgid "Now creating self-signed certificate.  "
 msgstr "öz-imzalı sertifika KÖTÜ bir imzaya sahip"
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 #, fuzzy
 #| msgid "Now creating certificate request.  This may take a while ...\n"
 msgid "Now creating certificate request.  "
 msgstr "Sertifika isteği oluşturuluyor.  Bu biraz vakit alabilir...\n"
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr ""
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "Hazır.  Bu isteği şimdi Sertifika Yetkilinize (CA) göndermelisiniz.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "özkaynak sorunu: nüve dışı\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s şifreli veri\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(bu, RC2 algoritmasıdır)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(bu bir şifreli iletiymiş gibi görünmüyor)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "%s anahtarı ve %s kullanıcı kimliği ile şifrelenmiş\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, fuzzy, c-format
 #| msgid "certificate `%s' not found: %s\n"
 msgid "certificate '%s' not found: %s\n"
 msgstr "sertifika \"%s\" yok: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "anahtar bloğu kilitlenirken hata: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "yinelenmiş sertifika `%s' silindi\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' deleted\n"
 msgstr "sertifika `%s' silindi\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "\"%s\" sertifikası silinemedi: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "geçerli alıcılar verilmedi\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "harici anahtarları listeler"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "sertifika zincirini listeler"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "sertifikaları ithal eder"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "sertifikaları ihraç eder"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "bir akıllı kartı kayda alır"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "dirmngr'a bir komut aktarır"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "gpg-protect-tool'u çalıştırır"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "terminali hiç kullanma"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|içerilecek sertifika sayısı"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|DOSYA|poliçe bilgisi DOSYAdan alınır"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "girdinin PEM biçiminde olduğu kabul edilir"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "girdinin base-64 biçiminde olduğu kabul edilir"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "girdinin ikilik biçimde olduğu kabul edilir"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "base-64 kodlu çıktı oluşturur"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr ""
 "|KULLANICI-KİMLİĞİ|öntanımlı gizli anahtar olarak KULLANICI-KİMLİĞİ "
 "kullanılır"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|DOSYA|anahtar zincirini anahtar zincirleri listesine ekler"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|BELİRTİM|anahtarları aramak için bu anahtar sunucusu kullanılır"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "kayıp sertifikacı sertifikalarını alır"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|İSİM|PKCS#12 anahtar parolaları için kodlama olarak İSİM kullanılır"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "asla bir CRL sormaz"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "kök sertifikalar için CRLler sınanmaz"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "doğruluğu OCSP kullarak sınar"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "sertifika poliçeleri sınanmaz"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|İSİM|şifre algoritması olarak İSİM kullanılır"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|İSİM|özet algoritması olarak İSİM kullanılır"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "önceden belirlenmiş işlemler kipi: hiç sormaz"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "soruların çoğunda cevap evet farzedilir"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "soruların çoğunda cevap hayır farzedilir"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|DOSYA|bir denetim günlüğünü DOSYAya yazar"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgsm [options] [files]\n"
@@ -9725,91 +9787,128 @@ msgstr ""
 "imzalama, kontrol, şifreleme veya çözme S/MIME protokolü kullanarak yapılır\n"
 "öntanımlı işlem girilen veriye bağımlıdır\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, fuzzy, c-format
 #| msgid "NOTE: won't be able to encrypt to `%s': %s\n"
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "BİLGİ:`%s'e şifrelenemez: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, fuzzy, c-format
 #| msgid "unknown validation model `%s'\n"
 msgid "unknown validation model '%s'\n"
 msgstr "`%s' geçerlilik modeli bilinmiyor\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: konak adı belirtilmemiş\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: kullanıcısız parola verilmiş\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: bu satır atlanıyor\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "anahtar sunucusu çözümlenemedi\n"
+
+#: sm/gpgsm.c:1825
 #, fuzzy, c-format
 #| msgid "importing common certificates `%s'\n"
 msgid "importing common certificates '%s'\n"
 msgstr "ortak sertifikalar `%s' ithal ediliyor\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, fuzzy, c-format
 #| msgid "can't sign using `%s': %s\n"
 msgid "can't sign using '%s': %s\n"
 msgstr "`%s' kullanarak imzalanamıyor: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "geçersiz komut (hiç dolaylı komut yok)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "işlenmiş toplam miktar: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "sertifika saklanırken hata\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "temel sertifika sınamaları başarısız oldu - ithal edilmedi\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "saklanmış bayraklar alınırken hata: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "sertifika ithal edilirken hata: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "girdi okunurken hata: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "bu oturumda çalışan gpg-agent yok\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+#| msgid "error opening `%s': %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "'%s' açılırken hata: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "mevcut sertifika aranırken sorun çıktı: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "yazılabilir anahtar veritabanı bulunurken hata: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "sertifika yeniden aranırken sorun çıktı: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "bayraklar saklanırken hata: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Hata - "
 
@@ -9818,19 +9917,19 @@ msgstr "Hata - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY atanmamıştı - kullanımı sorunlara yolaçabilir\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, fuzzy, c-format
 #| msgid "invalid formatted fingerprint in `%s', line %d\n"
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "`%s', %d. satırındaki biçimli parmakizi geçersiz\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, fuzzy, c-format
 #| msgid "invalid country code in `%s', line %d\n"
 msgid "invalid country code in '%s', line %d\n"
 msgstr "`%s', %d. satırındaki ülke kodu geçersiz\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9846,7 +9945,7 @@ msgstr ""
 "\n"
 "%s%sBunu yapmak istediğinizden emin misiniz?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9855,7 +9954,7 @@ msgstr ""
 "Bu yazılımın böyle imzaları oluşturmak ve doğrulamak için resmi onaylı "
 "olmadığına dikkat ediniz.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9866,55 +9965,61 @@ msgstr ""
 "\"%s\"\n"
 "Bu sertifkanın nitelikli bir imza üretmeyeceğine dikkat ediniz!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "çittirim algoritması %d (%s) imzacı %d için desteklenmiyor; %s kullanılıyor\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "%d imzacı için kullanılan çittirim algoritması: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "nitelikli sertifika için sınama başarısız: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s imzası, %s anahtarı ve %s kullanıcı kimliği ile yapılmış\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Ä°mza "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[belirtilmeyen tarihte]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "algoritma: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr "geçersiz imza: ileti özeti özelliği hesaplananla uyuşmuyor\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Buradaki imzeler iyi:"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "        nam-ı diğer"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Bu bir nitelikli imzadır.\n"
@@ -9941,117 +10046,117 @@ msgstr ""
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "mevcut sertifika aranırken sorun çıktı: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, fuzzy, c-format
 #| msgid "looking up issuer from the Dirmngr cache\n"
 msgid "dropping %u certificates from the cache\n"
 msgstr "Dirmngr önbelleğinde sertifikacıyı arar\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, fuzzy, c-format
 #| msgid "can't create `%s': %s\n"
 msgid "can't parse certificate '%s': %s\n"
 msgstr "\"%s\" oluşturulamıyor: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' already cached\n"
 msgstr "sertifika `%s' silindi\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, fuzzy, c-format
 #| msgid "duplicated certificate `%s' deleted\n"
 msgid "trusted certificate '%s' loaded\n"
 msgstr "yinelenmiş sertifika `%s' silindi\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, fuzzy, c-format
 #| msgid "certificate `%s' deleted\n"
 msgid "certificate '%s' loaded\n"
 msgstr "sertifika `%s' silindi\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, fuzzy, c-format
 #| msgid "fingerprint=%s\n"
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "parmakizi=%s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr ""
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr ""
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error loading certificate '%s': %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, fuzzy, c-format
 #| msgid "Included certificates"
 msgid "permanently loaded certificates: %u\n"
 msgstr "İçerilen sertifikalar"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "    runtime cached certificates: %u\n"
 msgstr "eşleşen sertifika sayısı: %d\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 #| msgid "number of matching certificates: %d\n"
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "eşleşen sertifika sayısı: %d\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, fuzzy, c-format
 #| msgid "  (certificate created at "
 msgid "certificate already cached\n"
 msgstr "  (  sertifikanın oluşturuluşu: "
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate cached\n"
 msgstr "sertifika iyi durumda\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error caching certificate: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "parmakizi geçersiz"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error fetching certificate by subject: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, fuzzy, c-format
 #| msgid "no issuer found in certificate"
 msgid "no issuer found in certificate\n"
 msgstr "sertifikacı kim belli değil"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting authorityKeyIdentifier: %s\n"
@@ -10626,72 +10731,72 @@ msgstr "sertifika \"%s\" yok: %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "sertifika \"%s\" yok: %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 #, fuzzy
 #| msgid "  (certificate created at "
 msgid "add a certificate to the cache"
 msgstr "  (  sertifikanın oluşturuluşu: "
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 #, fuzzy
 #| msgid "Included certificates"
 msgid "validate a certificate"
 msgstr "İçerilen sertifikalar"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup a certificate"
 msgstr "İçerilen sertifikalar"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 #, fuzzy
 #| msgid "Included certificates"
 msgid "lookup only locally stored certificates"
 msgstr "İçerilen sertifikalar"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "load a CRL into the dirmngr"
 msgstr "dirmngr'a bir komut aktarır"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 #, fuzzy
 #| msgid "export certificates"
 msgid "expect certificates in PEM format"
 msgstr "sertifikaları ihraç eder"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 #, fuzzy
 #| msgid "Enter the user ID of the designated revoker: "
 msgid "force the use of the default OCSP responder"
 msgstr ""
 "Tasarlanmış yürürlükten kaldırma anahtarının kullanıcı kimliğini giriniz: "
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 #, fuzzy
 #| msgid "Usage: gpg [options] [files] (-h for help)"
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10699,238 +10804,234 @@ msgid ""
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error reading certificate from stdin: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading certificate from '%s': %s\n"
 msgstr "%s okunurken hata: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, fuzzy, c-format
 #| msgid "can't connect to `%s': %s\n"
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "\"%s\" sunucusuna bağlanılamadı: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, fuzzy, c-format
 #| msgid "update failed: %s\n"
 msgid "lookup failed: %s\n"
 msgstr "güncelleme başarısız: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "validation of certificate failed: %s\n"
 msgstr "\"%s\" sertifikası silinemedi: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, fuzzy, c-format
 #| msgid "certificate is good\n"
 msgid "certificate is valid\n"
 msgstr "sertifika iyi durumda\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked\n"
 msgstr "sertifika yürürlükten kaldırılmıştı"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, fuzzy, c-format
 #| msgid "deleting certificate \"%s\" failed: %s\n"
 msgid "certificate check failed: %s\n"
 msgstr "\"%s\" sertifikası silinemedi: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, fuzzy, c-format
 #| msgid "error writing secret keyring `%s': %s\n"
 msgid "error writing base64 encoding: %s\n"
 msgstr "`%s' gizli anahtarlığa yazılırken hata oluştu: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, fuzzy, c-format
 #| msgid "unsupported algorithm: %s"
 msgid "unsupported inquiry '%s'\n"
 msgstr "desteklenmeyen algoritma: %s"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 #, fuzzy
 #| msgid "|FILE|run commands from FILE on startup"
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|DOSYA|DOSYAdaki komutlar başlangıçta çalıştırılır"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "shutdown the dirmngr"
 msgstr "dirmngr'a bir komut aktarır"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr ""
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr ""
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Anahtar sunucular için yapılandırma"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL| URL'si veriler anahtar sunucusu kullanılır"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr ""
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "HTTP sunucuları için yapılandırma"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr ""
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "sistemin HTTP vekil ayarları kullanılır"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Kullanılacak LDAP sunucularının yapılandırması"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr ""
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr ""
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr ""
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr ""
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|BELİRTİM|anahtarları aramak için bu anahtar sunucusu kullanılır"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 #, fuzzy
 #| msgid "|FILE|read options from FILE"
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|DOSYA|seçenekler DOSYAdan okunur"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr ""
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 #, fuzzy
 #| msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|azami PIN önbelleği ömrü N saniyeye ayarlanır"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "OCSP için yapılandırma"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 #, fuzzy
 #| msgid "allow PKA lookups (DNS requests)"
 msgid "allow sending OCSP requests"
 msgstr "PKA aramalarına izin verilir (DNS istekleri)"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 #, fuzzy
 #| msgid "|URL|use keyserver at URL"
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL| URL'si veriler anahtar sunucusu kullanılır"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr ""
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr ""
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -10943,13 +11044,13 @@ msgstr ""
 "@\n"
 "(Tüm komut ve seçeneklerin komple listesi için man sayfalarına bakın)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Kullanımı: gpgconf [seçenekler] (yardım için -h)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-agent [options] [command [args]]\n"
@@ -10961,126 +11062,327 @@ msgstr ""
 "Sözdizimi: gpg-agent [seçenekler] [komut [arg ...]]\n"
 "GnuPG için gizli anahtar yönetimi\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, fuzzy, c-format
 #| msgid "invalid debug-level `%s' given\n"
 msgid "valid debug levels are: %s\n"
 msgstr "belirtilen hata seviyesi `%s' geçersiz\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, fuzzy, c-format
 #| msgid "usage: gpgsm [options] "
 msgid "usage: %s [options] "
 msgstr "kullanımı: gpgsm [seçenekler] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, fuzzy, c-format
 #| msgid "%s not allowed with %s!\n"
 msgid "colons are not allowed in the socket name\n"
 msgstr "%s ile %s birlikte kullanılmaz!\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, fuzzy, c-format
 #| msgid "renaming `%s' to `%s' failed: %s\n"
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, fuzzy, c-format
 #| msgid "conversion from `%s' to `%s' failed: %s\n"
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "`%s' > `%s' dönüşümü başarısız: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, fuzzy, c-format
 #| msgid "line too long - skipped\n"
 msgid "%s:%u: line too long - skipped\n"
 msgstr "satır çok uzun - atlandı\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, fuzzy, c-format
 #| msgid "invalid fingerprint"
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "parmakizi geçersiz"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, fuzzy, c-format
 #| msgid "read error in `%s': %s\n"
 msgid "%s:%u: read error: %s\n"
 msgstr "`%s' için okuma hatası: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, fuzzy, c-format
 #| msgid "not forced"
 msgid "shutdown forced\n"
 msgstr "zorlanmadı"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr ""
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr ""
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|connect to host NAME"
+msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
+
+#: dirmngr/dirmngr_ldap.c:111
+#, fuzzy
+#| msgid "|N|connect to reader at port N"
+msgid "|N|connect to port N"
+msgstr "|N|N. porttaki okuyucuya bağlanır"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:179
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:291
+#, fuzzy, c-format
+#| msgid "invalid import options\n"
+msgid "invalid port number %d\n"
+msgstr "içselleştirme seçenekleri geçersiz\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, fuzzy, c-format
+#| msgid "error writing to %s: %s\n"
+msgid "error writing to stdout: %s\n"
+msgstr "%s yazılırken hata: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:462
+#, fuzzy, c-format
+#| msgid "certificate `%s' not found: %s\n"
+msgid "attribute '%s' not found\n"
+msgstr "sertifika \"%s\" yok: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:581
+#, fuzzy, c-format
+#| msgid "reading from `%s'\n"
+msgid "processing url '%s'\n"
+msgstr "`%s'den okunuyor\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          user '%s'\n"
+msgstr "         kullanıcı kimliksiz: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          pass '%s'\n"
+msgstr "                nam-ı diğer \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:592
+#, fuzzy, c-format
+#| msgid "          w/o user IDs: %lu\n"
+msgid "          host '%s'\n"
+msgstr "         kullanıcı kimliksiz: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, fuzzy, c-format
+#| msgid "          not imported: %lu\n"
+msgid "          port %d\n"
+msgstr "             alınamadı: %lu\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "            DN '%s'\n"
+msgstr "                nam-ı diğer \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, fuzzy, c-format
+#| msgid "                aka \"%s\""
+msgid "          attr '%s'\n"
+msgstr "                nam-ı diğer \"%s\""
+
+#: dirmngr/dirmngr_ldap.c:611
+#, fuzzy, c-format
+#| msgid "%s:%u: no hostname given\n"
+msgid "no host name in '%s'\n"
+msgstr "%s:%u: konak adı belirtilmemiş\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:622
+#, fuzzy, c-format
+#| msgid "WARNING: Using untrusted key!\n"
+msgid "WARNING: using first attribute only\n"
+msgstr "UYARI: Güven derecesiz anahtar kullanılıyor!\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, fuzzy, c-format
+#| msgid "renaming `%s' to `%s' failed: %s\n"
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, fuzzy, c-format
+#| msgid "dearmoring failed: %s\n"
+msgid "searching '%s' failed: %s\n"
+msgstr "zırhın kaldırılması başarısız: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, fuzzy, c-format
+#| msgid "`%s' is not a JPEG file\n"
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s' bir JPEG dosyası değil\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr ""
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, fuzzy, c-format
 #| msgid "error running `%s': exit status %d\n"
 msgid "error accessing '%s': http status %u\n"
 msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr ""
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, fuzzy, c-format
 #| msgid "too many cipher preferences\n"
 msgid "too many redirections\n"
 msgstr "çok fazla şifreleme tercihi\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to `%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "\"%s\"e yazıyor\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, fuzzy, c-format
 #| msgid "error writing to %s: %s\n"
 msgid "error printing log line: %s\n"
 msgstr "%s yazılırken hata: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, fuzzy, c-format
 #| msgid "error reading from %s: %s\n"
 msgid "error reading log from ldap wrapper %d: %s\n"
@@ -11112,54 +11414,33 @@ msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr ""
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr ""
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, fuzzy, c-format
 #| msgid "sending key %s to %s server %s\n"
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "anahtar %1$s, %3$s sunucusunun %2$s adresine gönderiliyor\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "malloc failed: %s\n"
 msgstr "select başarısız: %s\n"
 
-#: dirmngr/ldap.c:221
-#, fuzzy, c-format
-#| msgid "`%s' is not a JPEG file\n"
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s' bir JPEG dosyası değil\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
 msgstr ""
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr ""
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: kullanıcısız parola verilmiş\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: bu satır atlanıyor\n"
-
 #: dirmngr/misc.c:172
 #, fuzzy, c-format
 #| msgid "%s: invalid file version %d\n"
@@ -11257,103 +11538,103 @@ msgstr "güvence listesinin sınanması başarısız: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr ""
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, fuzzy, c-format
 #| msgid "receiving line failed: %s\n"
 msgid "allocating list item failed: %s\n"
 msgstr "satır alımı başarısız: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, fuzzy, c-format
 #| msgid "error getting new PIN: %s\n"
 msgid "error getting responder ID: %s\n"
 msgstr "yeni PIN alınırken hata: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, fuzzy, c-format
 #| msgid "certificate should have not been used for OCSP response signing\n"
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "sertifika, OCSP yanıtının imzalanması için kullanılmamalıydı\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, fuzzy, c-format
 #| msgid "issuer certificate not found"
 msgid "issuer certificate not found: %s\n"
 msgstr "sertifikacı belli değil"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, fuzzy, c-format
 #| msgid "error reading list of trusted root certificates\n"
 msgid "caller did not return the target certificate\n"
 msgstr "güvenilir kök sertifika listesinin okunmasında hata\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, fuzzy, c-format
 #| msgid "error storing certificate\n"
 msgid "caller did not return the issuing certificate\n"
 msgstr "sertifika saklanırken hata\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, fuzzy, c-format
 #| msgid "failed to allocate keyDB handle\n"
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "anahtar veritabanı eylemcisine yer ayrılması başarısız oldu\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, fuzzy, c-format
 #| msgid "no default secret keyring: %s\n"
 msgid "no default OCSP signer defined\n"
 msgstr "öntanımlı gizli anahtar zinciri yok: %s\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, fuzzy, c-format
 #| msgid "using default PIN as %s\n"
 msgid "using default OCSP responder '%s'\n"
 msgstr "%s olarak öntanımlı PIN kullanılıyor\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, fuzzy, c-format
 #| msgid "using cipher %s\n"
 msgid "using OCSP responder '%s'\n"
 msgstr "%s şifrelemesi kullanılıyor\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, fuzzy, c-format
 #| msgid "error storing certificate: %s\n"
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "serifika saklanırken hata: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr ""
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, fuzzy, c-format
 #| msgid "certificate has been revoked"
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "sertifika yürürlükten kaldırılmıştı"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
@@ -11364,76 +11645,80 @@ msgstr ""
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "satır göndirimi başarısız: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr ""
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr ""
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, fuzzy, c-format
 #| msgid "sending line failed: %s\n"
 msgid "assuan_inquire failed: %s\n"
 msgstr "satır göndirimi başarısız: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "select başarısız: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, fuzzy, c-format
 #| msgid "error sending %s command: %s\n"
 msgid "error sending data: %s\n"
 msgstr "%s komutu gönderilirken hata: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "start_cert_fetch failed: %s\n"
 msgstr "select başarısız: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, fuzzy, c-format
 #| msgid "select failed: %s\n"
 msgid "fetch_next_cert failed: %s\n"
 msgstr "select başarısız: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr ""
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, fuzzy, c-format
 #| msgid "cannot allocate outfile string: %s\n"
 msgid "can't allocate control structure: %s\n"
 msgstr "dosya dışı dizge ayrılamıyor: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, fuzzy, c-format
 #| msgid "failed to create stream from socket: %s\n"
 msgid "failed to allocate assuan context: %s\n"
 msgstr "sokette akım oluşturulamadı: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, fuzzy, c-format
 #| msgid "failed to initialize the TrustDB: %s\n"
 msgid "failed to initialize the server: %s\n"
 msgstr "\"TrustDB\" güvence veritabanı başlangıç aşamasında başarısız: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, fuzzy, c-format
 #| msgid "failed to store the creation date: %s\n"
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "oluşturma tarihinin saklanması başarısız oldu: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, fuzzy, c-format
 #| msgid "signing failed: %s\n"
 msgid "Assuan processing failed: %s\n"
@@ -11485,57 +11770,63 @@ msgstr "sertifika iyi durumda\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "sertifika imzalama için kullanılmamalıydı\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "sessiz"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "veri çıktısını onaltılık kodlamayla basar"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "alınan veri satırlarının kodunu açar"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 #, fuzzy
 #| msgid "pass a command to the dirmngr"
 msgid "connect to the dirmngr"
 msgstr "dirmngr'a bir komut aktarır"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "pass a command to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "dirmngr'a bir komut aktarır"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 #, fuzzy
 #| msgid "|NAME|connect to Assuan socket NAME"
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "komut satırında verilen Assuan sunucu çalıştırılır"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "ek bağlantı kipi kullanılmaz"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|DOSYA|DOSYAdaki komutlar başlangıçta çalıştırılır"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "/subst başlangıçta çalıştırılır"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 #, fuzzy
 #| msgid "Usage: gpg-connect-agent [options] (-h for help)"
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Kullanımı: gpg-connect-agent [seçenekler] (yardım için -h)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpg-connect-agent [options]\n"
@@ -11547,196 +11838,212 @@ msgstr ""
 "Sözdizimi: gpg-connect-agent [seçenekler]\n"
 "Çalışan bir aracıya bağlanıp komutları gönderir\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "\"%s\" seçeneği bir program ve seçimlik değiştirgeler gerektirir\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "\"%2$s\" nedeniyle \"%1$s\" seçeneği yoksayıldı\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "satır alımı başarısız: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "satır çok uzun - atlandı\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "gömülü boş karakterden dolayı satır kısaldı\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, fuzzy, c-format
 #| msgid "unknown command `%s'\n"
 msgid "unknown command '%s'\n"
 msgstr "komut `%s' bilinmiyor\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "satır göndirimi başarısız: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "bu oturumda çalışan gpg-agent yok\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "standart seçenekler gönderilirken hata: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr ""
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr ""
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "genel anahtar: %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr ""
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr ""
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 #| msgid "Bad Passphrase"
 msgid "Passphrase Entry"
 msgstr "Anahtar Parolası hatalı"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 #, fuzzy
 #| msgid "Component not found"
 msgid "Component not suitable for launching"
 msgstr "Bileşen yok"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "%s bileşeninin harici doğrulaması başarısız oldu"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "lütfen önce \"seçmece\" komutunu kullanın.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "%s bileşeninin harici doğrulaması başarısız oldu"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Grup belirtimlerinin yoksayıldığına dikkat edin\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error closing '%s'\n"
 msgstr "%s kapanırken hata: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error in `%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "'%s' de hata: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "tüm bileşenleri listeler"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "tüm programları sınar"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|BİLEŞEN|seçenekleri listeler"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|BİLEŞEN|seçenekleri değiştirir"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|BİLEŞEN|seçenekleri sınar"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "öntanımlı küresel değerleri uygular"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
 msgstr "|DOSYA|poliçe bilgisi DOSYAdan alınır"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 #, fuzzy
 #| msgid "get the configuration directories for gpgconf"
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "gpgconf için yapılandırma dizinlerini getirir"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "küresel yapılandırma dosyasını listeler"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "küresel yapılandırma dosayasını sınar"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "güvence veritabanını günceller"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 #, fuzzy
 #| msgid "list all components"
 msgid "reload all or a given component"
 msgstr "tüm bileşenleri listeler"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 #, fuzzy
 #| msgid "list all components"
 msgid "launch a given component"
 msgstr "tüm bileşenleri listeler"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 #, fuzzy
 #| msgid "list all components"
 msgid "kill a given component"
 msgstr "tüm bileşenleri listeler"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "çıktı dosyası olarak kullanılır"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "mümkünse değişiklikleri çalışma sırasında etkin kılar"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 #, fuzzy
 #| msgid "Usage: gpgconf [options] (-h for help)"
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Kullanımı: gpgconf [seçenekler] (yardım için -h)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 #, fuzzy
 #| msgid ""
 #| "Syntax: gpgconf [options]\n"
@@ -11748,15 +12055,15 @@ msgstr ""
 "Sözdizimi: gpgconf [seçenekler]\n"
 "GnuPG sisteminin araçları için yapılandırma seçeneklerini yönetir\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Tek bileşenlik değiştirge gerekli"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Bileşen yok"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Değiştirgeye izin verilmez"
 
@@ -11774,137 +12081,250 @@ msgstr ""
 "Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
 "karşılaştırır\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı "
-#~ "zorlanıyor\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "geçeci dosyaya yazma hatası: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "sunucu için bir günlük dosyası kullanılır"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Mevcut anahtarlar değiştirilsin mi? (e/H ya da y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|DOSYA|bir sunucu kipi günlüğü DOSYAya yazar"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "%s numaralı OpenPGP kartı saptandı\n"
 
-#, fuzzy
-#~| msgid "Quit without saving? (y/N) "
-#~ msgid "run without asking a user"
-#~ msgstr "Kaydetmeden çıkılsın mı? (e/H ya da y/N) "
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "PKA aramalarına izin verilir (DNS istekleri)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Çıktı biçimini denetleyen seçenekler"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~| msgid "Options controlling the security"
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Güvenliği denetleyen seçenekler"
-
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP sunucu listesi"
+#| msgid "  (certificate created at "
+msgid "authenticate to the card"
+msgstr "  (  sertifikanın oluşturuluşu: "
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "%1$s anahtarı %3$s sunucusunun %2$s adresinden isteniyor\n"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: konak adı belirtilmemiş\n"
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr ""
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "anahtar sunucusu çözümlenemedi\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
 
+#: tools/gpg-card.c:3675
 #, fuzzy
-#~| msgid "|NAME|connect to Assuan socket NAME"
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
+#| msgid "  (certificate created at "
+msgid "read a certificate from a data object"
+msgstr "  (  sertifikanın oluşturuluşu: "
 
+#: tools/gpg-card.c:3676
 #, fuzzy
-#~| msgid "|N|connect to reader at port N"
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|N. porttaki okuyucuya bağlanır"
+#| msgid "  (certificate created at "
+msgid "store a certificate to a data object"
+msgstr "  (  sertifikanın oluşturuluşu: "
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
+
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
 #, fuzzy
-#~| msgid "Usage: gpg [options] [files] (-h for help)"
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "anahtar parolası değiştirir"
+
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "Algılanan kartın seri nr: %s\n"
 
 #, fuzzy
-#~| msgid "invalid import options\n"
-#~ msgid "invalid port number %d\n"
-#~ msgstr "içselleştirme seçenekleri geçersiz\n"
+#~| msgid "error getting default authentication keyID of card: %s\n"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr ""
+#~ "kartın öntanımlı kimlik doğrulama anahtar kimliği alınırken hata: %s\n"
+
+#~ msgid "use a log file for the server"
+#~ msgstr "sunucu için bir günlük dosyası kullanılır"
 
 #, fuzzy
-#~| msgid "error writing to %s: %s\n"
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "%s yazılırken hata: %s\n"
+#~| msgid "no running gpg-agent - starting one\n"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "çalışan gpg-agent yok - bir tane başlatılıyor\n"
+
+#~ msgid "argument not expected"
+#~ msgstr "değiştirge beklenmiyordu"
+
+#~ msgid "read error"
+#~ msgstr "okuma hatası"
+
+#~ msgid "keyword too long"
+#~ msgstr "anahtar sözcük çok uzun"
+
+#~ msgid "missing argument"
+#~ msgstr "eksik değiştirge"
 
 #, fuzzy
-#~| msgid "certificate `%s' not found: %s\n"
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "sertifika \"%s\" yok: %s\n"
+#~| msgid "invalid value\n"
+#~ msgid "invalid argument"
+#~ msgstr "değer hatalı\n"
+
+#~ msgid "invalid command"
+#~ msgstr "geçersiz komut"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "geçersiz rumuz tanımı"
+
+#~ msgid "out of core"
+#~ msgstr "nüve dışı"
 
 #, fuzzy
-#~| msgid "reading from `%s'\n"
-#~ msgid "processing url '%s'\n"
-#~ msgstr "`%s'den okunuyor\n"
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "geçersiz komut"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          user '%s'\n"
-#~ msgstr "         kullanıcı kimliksiz: %lu\n"
+#~| msgid "unknown command `%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "komut `%s' bilinmiyor\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          pass '%s'\n"
-#~ msgstr "                nam-ı diğer \"%s\""
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "beklenmeyen zırh: "
+
+#~ msgid "invalid option"
+#~ msgstr "geçersiz seçenek"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "\"%.50s\" seçeneğinin değiştirge ihtiyacı yok\n"
+
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "geçersiz komut \"%.50s\"\n"
+
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "\"%.50s\" seçeneği belirsiz\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "\"%.50s\" komutu belirsiz\n"
+
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "geçersiz seçenekler \"%.50s\"\n"
 
 #, fuzzy
-#~| msgid "          w/o user IDs: %lu\n"
-#~ msgid "          host '%s'\n"
-#~ msgstr "         kullanıcı kimliksiz: %lu\n"
+#~| msgid "NOTE: no default option file `%s'\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "BİLGİ: \"%s\" öntanımlı seçenek dosyası yok\n"
 
 #, fuzzy
-#~| msgid "          not imported: %lu\n"
-#~ msgid "          port %d\n"
-#~ msgstr "             alınamadı: %lu\n"
+#~| msgid "option file `%s': %s\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "seçenek dosyası \"%s\": %s\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "            DN '%s'\n"
-#~ msgstr "                nam-ı diğer \"%s\""
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
 
 #, fuzzy
-#~| msgid "                aka \"%s\""
-#~ msgid "          attr '%s'\n"
-#~ msgstr "                nam-ı diğer \"%s\""
+#~| msgid "unable to execute program `%s': %s\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr " '%s' çalıştırılamıyor: %s\n"
+
+#~ msgid "unable to execute external program\n"
+#~ msgstr "dış uygulama çalıştırılamıyor\n"
+
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "dış uygulamanın yanıtı okunamıyor: %s\n"
+
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "imzaları PKA verisi ile doğrular"
+
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "imzaların güvenilirliğini geçerli PKA verisi ile yükseltir"
 
 #, fuzzy
-#~| msgid "%s:%u: no hostname given\n"
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "%s:%u: konak adı belirtilmemiş\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "  (%d) DSA ve ElGamal (öntanımlı)\n"
+
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "anahtarları alırken PKA kaydını bir anahtara atar"
 
 #, fuzzy
-#~| msgid "WARNING: Using untrusted key!\n"
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "UYARI: Güven derecesiz anahtar kullanılıyor!\n"
+#~| msgid "Note: Verified signer's address is `%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Bilgi: Doğrulanmış imzacının adresi: `%s'\n"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+#~| msgid "Note: Signer's address `%s' does not match DNS entry\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "Bilgi: İmzacının adresi `%s', DNS girdisiyle eşleşmiyor\n"
+
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr ""
+#~ "geçerli PKA bilgisinden dolayı güvence seviyesi TAM olarak ayarlandı\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr ""
+#~ "kötü PKA bilgisinden dolayı güvence seviyesi ASLA olarak ayarlandı\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|DOSYA|bir sunucu kipi günlüğü DOSYAya yazar"
 
 #, fuzzy
-#~| msgid "renaming `%s' to `%s' failed: %s\n"
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+#~| msgid "Quit without saving? (y/N) "
+#~ msgid "run without asking a user"
+#~ msgstr "Kaydetmeden çıkılsın mı? (e/H ya da y/N) "
+
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "PKA aramalarına izin verilir (DNS istekleri)"
+
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Çıktı biçimini denetleyen seçenekler"
 
 #, fuzzy
-#~| msgid "dearmoring failed: %s\n"
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "zırhın kaldırılması başarısız: %s\n"
+#~| msgid "Options controlling the security"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Güvenliği denetleyen seçenekler"
+
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP sunucu listesi"
 
 #, fuzzy
 #~| msgid "NOTE: old default options file `%s' ignored\n"
@@ -11964,8 +12384,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "%s yazmak için açılamadı: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "%s okunurken hata: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "%s yazılırken hata: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "%s kapanırken hata: %s\n"
@@ -12027,12 +12447,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " sertifika kimliği 0x%08lX kullanılarak yapıldı\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
-
 #~ msgid "male"
 #~ msgstr "erkek"
 
diff --git a/po/uk.gmo b/po/uk.gmo
index 978a801bb24fd267ab7b5256adc1740cee2bea1a..f2c149563a0c3735bc3711cf493506b976c6c3d0 100644
GIT binary patch
delta 48221
zcmYh@1-Mm3|M%f__C9oX!=byo4<X&%-Q5kF?(Qx@KtNInk(3r`c|auu0cn*~koWUl
zzw!UNu4{YG%$hYlv-UXxV-6);yE9?vX2S3V9#@L!o|hW$MS9-(n4Y&~j8Z-C;TF%!
zjlW?@Ot#hYqKA22eN0BY#TTA;8V6t^EVIq?l4Ctgh21e7PIB=LsCtfJV$TbCw_U<3
zEWnL~+x;8fCzz3VGZ!C)dT^d|yGuWZ2}%FO#b3GmF?U#bS+S_faq+oWk@#`UL;YUN
zot{^fgyN`-<B*nlU!y9#fU)o?s>kn~33f4R#IvLFRdBX(jzo>bQp|+AT>Af<uP_1i
zdkJ@YUQWz}S+EYO=YugeF2f|a5jB(tUHVOoPy8{)!S|RHV}5B3N{_0z4C?vzsQW`v
z^~}alN&<Tb<ibm+o_<92DArf@KsHQIyeuZcwy5U@JLfvLI!~cS>aL6b?M%AIMkGI0
z=6<z3jDJD`b4gIe>roZ&aPjXkG4UHN{kcnzz1Q<fk)9mY!-lBEHVhNsLgz-*2<^wr
zcox&*@5mbW;_qYp)w5LlJg+vEMzw4P7RIZX0%PsBA<K+vU=7p=bVWTs9y8!)s0N)z
z<$H!XFxJ<0zX-M@-W12<o)7^&Q0jo^MPggj+^j_vcpCM<6Rd~TzVW<#xB@kD-=jw8
z4kpLfm=xn3w0IWO{j$ymn3i}~tb?J+1X2>Xjw<*i#>LEsJTDCvLiMnoa{v}6z7VtF
z1yl##q1I5^!=9HFt79tck80Q~RL3@=($8ag?f=IFN|TW1h;6?fs0OXWf_Mni;-9Dy
zNqE%evM{Q^=9nJGy7YCJf%qBJE_#Y;P=aHg7lFkwH8#V<+W&)H!gN2u^EP2JG8{xL
zo*z&>eSqp|{BLbY3u7YU)i5KrLN#<OX2LZte!}@Hs-fY>tpQmuE%kd92t;B#RF6JI
z6>tXA;d9g?jCaEG@?v&Wg-ua&JrXry^HD>+4a?&xR8M1_wDfG4fp|Go`5iE%3Z@Xq
zj+;;gTt-#!1dCz(Q#K-1F$?jwm>DOd@_&I5coKDBJ;ZqU%EhCcwgx6dogcYT+r7eR
z#$SuBHVJC!Xy*#lV%m>dgb(lrMmb|savQS}{~h&winA<KtcEo)gjMhy#t37SzO#l!
zoHKJ{Ebf;$$M|c`Dv?kQJ7Oo?fU_{}_nyZndMi;4>3H6HJ`Q6L--KGtyHF!}9<?T(
zV-yTt@Vv$t11n-%%#EL6KD-hlkcU8&i}n&Kgms9ILLD6EF(>|o>T#A!Hk7qc4eE*-
z@=2(Q=VN@_h+4$^FdAOOxOg441|FjFg<@T{#g!Vfkx&FxVQW;6rlID1GiszRp%&Zk
zsDmZ;70-)`=~0U`8){LOM~zHVR6_=0L7ahV&=D-8{ePN(hU6bqk8@qM#n%`U5Fd`(
zHZxEounje0*HCLF>JOGbBSt4)8MV6Wpr&XbCc=<QpNDaX@5Qv*|0f8jpkFa52Ci8F
zDNsXH##tNH@-|o&yC6OAHew0<8Ixf0|JjJ;L5)~L)Km>XjmTWoNPU5csoy(Apcwv)
znxmxGEkkB!SyaQCq6+AP$#6Qx#C53cx(zi|mr+ysmy2g)>uAKPVK@%O#5f8=8nSr=
zRPk~wiknf3@Gcg?LO<FRbw}-zB^Zf6Vr5MIlg(`hEKYne=EF-^3WGoM#>7Ze{uvmF
zSAS;w%MeI<(-vJrEKPh2R>DIV52N0)p-+lch^IxJ51mm%J|ENK=cxRrQFDCV#UG$n
z{TtMXrMzuZmiczb3TQ(@LT(H~4b2qPkgh~6!lS7BS5Or_KrO1McPxKO)FRG{T6`^0
zBRdwe;xyD0??O${6V#L>3jJcMzC5NUp(kqSW}z}3M)mXorohB^Z4Kl>rB_4sXfUdQ
zW3ezUz>Ihn)zIgd9E104QK!bJ#6!6WWFSxo7h_}85WjHg#ecQM)B-b+J^?jCpW`QZ
z2=il<`!<qAF%9vWm=e3A8a@#<a;s4zaR_Nx$a_mb8Dl@NhGa!OPz|-pJD@5Yf$4A#
zuErgxxv%%oMx+aB1jf7gA{XC<D(?iUp4+IA_#4Y>|0n*<3Tlj6JUvl!J`%O<W?^Rh
z45Q(9s3E<A5%>_5FUBKlNCawbOQEKqJ2t~v*a{zE3#|H>4pYDP8G$Bv8g(PX6MG<p
z5yWp`HvAh?VWy{+9*JsDTa1ZaF@OV54IGRbp=qe?y$02>?WmDBiXj#FGXV|JJJbV-
zo>>9eQ9Ub-8nOnM8hfG&n(E@q-Ti&2axS4Nc!GH_+H)(f2*x5_4Rd0n=Zya(0%J*N
ziZNeU&pKdM;uEk0ZpGsG5Vcq{{B8~T1hoj;q0Wtsm<#Wto=^0L9Y7^fYi9^%!NsTs
z9{PjvS4(b?kRPM|X%!Sh71Z3tC!?ldGirNX!2%fbrA<j`R5?vC0Zu@T)FKz(jamyQ
zPz`&8i7{d5mF@qmn3sfls2+~R+_>JQU&b87gRgDQ^Psj_5me6_pcd%>%#KSj0>5?X
zzoHrz>y4ePX;Ak=9SErB6Ho>0!PxjS#=%Dzj&CuDA5i(i-rCy8it&k;!9-XaHOK8y
z4eO07aTaQ-^1L$#U?1)O{RASok@GL>aSfbBd>E>Ln19>c=D@1NySVsHj3oZT#q+=C
zmlDK#V;MY#S`&c}yiYI^OW{#0j32R<_J84jct?{k9*KH4P(#@4qcvnawkMw03$sOp
z>4`5!&FOyBRNX|af!JYT{`199i>)2%{uKNL_h8g8rYI2RHCKgef>!VcOhP<Oc$mN4
z3Zmw$25L%LVLa@P(Q!B?$MG({0#gzH4AqdMs73q?3u3A$Vg7kh8#MxrF{HVgK|pI@
z3912SQLFt9Y9wOPT=ldNs^BK5MLOQaH@Ns^)Y^EB5tuq!n7<}UV_D*LQTOMdw%?v;
zVIjX~mq<|0ZaJT0QsN&m8Ybm8PN^|1roocVrl^x|FzTQgi|X+XR0nQi1V-bBfRPM&
zHdHyE#bgTbSj>>k%^4CjM{iLr%M#04Tn^RZG0qLBZF<hdKcMz;#@J#0$yW^3z<Q{B
zeJ~%c#<Y0R`2w|D;)UYa9A-pqvr?#$D2JN!x~Pn;Fg^A|P0@Vk=cqMs7*+9gjEiqj
z<wT7e=D!t_qB@ct)!^DLJ=B3f3=#&TT090dq&rZH>;P(Q97pxw4QdS}jTh!0+2yeZ
z@#U!P7bCu<x5UZB_h4O&Oc3VX#kn{L2PF*ix@p5bB~YD&CW*rQ?|kb}@yA#JizW{9
z_x*6xfpi?z)5{ovzoUPYCJFP;gREGN^e$KkKgSMu3p-)Oq}HL$m|GkEX99Y;#7bs!
z^$BVu2BEgeXQ*xU6YA`Ki&|_E$!#QRqqf&@)Cg@uJ@-9oO@*fj^S@CQz+}pYT4VDt
ziT3{&1T<9NqUN|}$}s<{R&Ug5o{yUIBd7<jVFUaFRbk~+c7Ali!^9_ILZzn;^SWX)
zRD-`ot^Pkz^~6uZ{#QZ)0$OafQ3p;7RC+JeHkyWN$ZphI?~Y4PoYo31je0rtK%Ezh
zP*ZROl|Ps+%s+~YI0vA1#m;o>e=VlFB&db)BFGrV`HdR#5$Vmvs8zljBk-JyKSSk<
zmcfQNBdXy&Q2C~yM(lH}gvU`0jh!*f|G}nc#*l4`UL<G@%tvMX9yKCKGTFY)fa!>r
zLiMNxmd07ADLjY$ux92k|K)QSwQD}2^5xHBi?}zco_(mr`DciL<}h1UJ7O!NMxr~G
z#idvgZ(t;*%NFLpM%$o9?lV+Hm#`LwXSa&#J6E9YKR_+U6gjNJl~LO@)RRC70!OeU
zzDHGDET;|W5Y&T5P-p&gm!2?JnEy+r=BT+|iBs@4>iKTD-Oyus;>S^IBYGa&)&-Dw
z$QwjJJzkAv@H}dW<K_+Xe`qX+8p4@a3ctfhjFHc#sv1@yJ_j4(4a|i3@>|0jqRJbG
z8i}v4Dn7(WO<sWlR&jsS!Lt+9;(ss_%N4Z!JQlSJ_M#TiuUHi07qSjiLERsWTHWiM
zS5b2vwXij;B(^8s28U3;_bmantaOnu{|ANM_&;{R8PptqTFmC`Jn8^?h3Y|?;@0!d
zs43iz#qcrmUBt^&!Wx#jq%GbC7=`--Fo?r2q@#2cfpNGTk7GnB>*0OOLOcO`QVlGI
z8L=B`NN3`7Jc62nT4n6HMW`t|iW&*8tgZU|sCakGfXmCW|5d>u64K*+)LSZgqzz>r
z)KS_T^){P>@o^2R0XwlZ{)#d2lX7MqXLDyK)IrwQ#g{tQmkZg6x1EH<WH^fc5sNx<
z|3JNdqnEdeQ==-%jZv`}#=x?u^P(!MfsIi4I%6#ChkB=sLXE%|sFA!CBA_`7R<I#1
zh1vzZQ2TQ$YAC}h+DMc|EvA8}lkRiWYCnluD^E~8P5z0UE9FopXB&)*Ls1=_jB0Rb
z1p&QQKgSBV7q!UVyYx(zY_1Am1nCV?EgytB7nY)q;8V_fsIP8bWm|m7Q1>gL8qf|k
zGJTPe4tXO8=mcDZT8v+z*1{Exz}Kh(l2x&W6h!sB5h}euYP-%tJ%0)Hntg#OFnU!R
zxeTb0YJzI`NKC2yznOpvI)SSA7u0GGuV!;r1hp1Ap?Wp~HTUyS4PS~H;(ZvvOQ<Qm
zidwvJtK0JxQ3qW!R0F19HtqjC1T=TIm4LBpSVe_V1=PSII2N@#_Mx`hEv$suYTBah
zjq1QuR71C*w%IX^!276<Myq8F&WQg0FGWB@+6?^@3{}87Q~_V3D!z%@cHy<H!9`Jv
zsXgksA*j{A-uacge-br<KcVXR1J%%Yb=dz3<ga7fqCTp^@u+RM0d@Z<Y9#KV7Ej8$
z_6;X9YVj7sl2{2#;aJRphfozhLT%G%^=u>(pw>o#dhCDAT@4b_VMo*uO+fAYHK>Ms
ziQ2ap-2Jfnw%F33o-2u}sJTlYg4*v3QH${eYNT#rcKj1{@TCbgaEk-A=$fHgHXXIN
zKEr}|9JL1CVI<~jXp5{bYGgh~P0el8B1_cB)>3)Y2zEzJ;S7v|yHFhq?IWNTUP1Nv
ziPLLr4M~ieyF6F|E22g$gzEWXcYm+*d*?k&$o;=i`QkLOwUHau!7|8HhrA~4#&Fb-
zOh@%#7iubgK^-{%pc;~)sr9@VY8&-Mjod2KTDXXs`&+2B5VM(mL8*+|T~kmaxf7FU
z|NllntNkOY0ZE%%#?q*5*$LHvxu_xg3N<wsQ4M^7I(TBYu(Lh~YRHSAc0&_XkGrBq
zZXD{l<ye6Fy}b(HV^l?HTiOv^9<`{tIVYhCScjUjZ%{qIit0eLR@T6@sCaQ_9aKX)
zqn;arDrYu^v~M>N(Bk+3)sy$A9;R$<4JwX0a9W~z@)>HI9!53bE~?-pZESVtMvXvY
z)Z1?;M#l-LDVT|xqCIWc|C;MxNKgY3w6$$h6xFcKsO>Tz^-?;BD)>HXJ4SD34K0pp
zKoisy_Cbx@B8<S@sHwb)swb?y<<HtaWIZfPg66h8Y6M21TDlz7fa9o_$8*#oOx(c^
zq8zAwT^P06tD%OzCC0`9sMS9PRqh&8!w#X!`zb`gZ&61xD{2kYL}l!Y8seF#o*%{t
z`~@{d!A@2|2God^$0FDpwVgjhjm&;j11_P4{sk(3C{<@$d{s~xhNBk864Z$7L=F8p
z)SSOU^(c84Ye+HF&^ARiXaZ_mu0!R&gqq@4sHw@+)f!M8DVOj61k|&YsEmhE4S0@f
zK=f`lA{kLbRvEQ@dZ13e$*3thh#Ikns1c0P-5Q=9)#JLTDII|kxE}rY{|N$m;0~&1
zQF>U$%&2%RRLgsz8n6KUA;k#dmr!&6Cu;7a_Oz)?gF3n^xcFcfUxBLcBBlrtctt=3
z#_Q$Q07ek6i5kLQsBJd~HK&_VJwD|84b}5Rz3sVtsPgKfMz$*||1@|1OH{{xz>s?O
znt+BTO&`lx3H4wf)S8&<;@eSEa|tyCk5St&T3=fO#Zb?6K;55+5xCZ+A45&)uc&&x
ze(e83n6;k`Nek3s8jWh<7L35}P(6Bz{@nJr#g-jaP!&|cy<PfLR6{qR8gvx32JWFh
z(gSQ{vkqYYtD<ToC_^_?feTOt9zYH4HPqa{M6L1^1MPk>R0Z`h8V*FAcq5%tP$Rei
z^?hI$Y6|bV`)@)7R8eq{?Z>pJjMY(dKOC#$O4MR{gqo_fgWYaGHMj>x;5^j*-Ois;
z&qW<#Q(FQR?||w^XfXjDKzmR<{24WLfuXj2QlaiwK#fpWRKEGBiubwrZPZ9b8D?uD
z16CwnA2mXYQRm2h)QJ3otP$4#aO-Jm)ZCOsop_Bg9!^2^XbGy~qb~gcst0dSYbNOk
z`$c1UEJ=JmM#T#liPx|+CLd`>cq2@w`g;)2YMqYZxDnOjtr!!}qekQgY8(BDYG|5K
zmai}-Al?|Y|GT2*cr<D%=cCH~7WMpTRQ^9PCiQz!ScDN6-@T0Tqt--2)KK+7wR|S3
zr{AGY%D1TPmvywgUYnpA&=$2zhB%j_f3l)F_8c`83C6Jh)$`&6^j2$#YI%3mT!v6R
zSdMD(cc_AIq84XhtgV5}s41#}8kvF48K||h-gy>_6aO8HVa{>vf6Zx!an`aaScdp!
z)Z%)C+Exk1+uWx>6<Ef_JD_?z1=YjVs1ZAl%J&rYGD<YTrm!5UL(Nd-Po2OJY6NzW
zpmX3Hs^?EpU&&%lv>ug4e@ajz)Cbk@@u&hfp`N>r8iCjDe%whm)CEyP-yBuWNYrzS
zLj=^4Q>ZC;j+)~rldXdMsQZmvd?c#DYf%*)M9t+7&VNu1$uh;hvQ<F6=cl8lY#+wO
zpU~g`j|r%tm{ZLRsJSeGDyTiG<)cwkvlfGR2Q?DEVg$ZJm6LLsSpc<-tD#0}1Zs-b
zpc-@mXKMd{ATXbV>C<f$r=MX{kptC$YN$EwjOxJz)FRx75%?XdflpES;?1-n&W#$W
zDyX+-2h;&J3biISVJz+cYXsE7yQrazKFbQuhiY+M)Rc@y?cXh^2K<0pGk>89OgY=8
zstW3UZ`2~3hedE7>I=&Y)ZAy8!}HqzjR>e`gHR1vf?6a;uq6J3+ULpVTE42Nf_tC}
znu}VjM^RJq3N<1z=2<y8u>|o-sPr+;PcfvqK2AVAe1_VWDd$^7^-)tW2=$tthnnM4
zsG+`%s`wvN5A!du5$b~4=W|gF`VO^CZ(|L7gO#!3LiT?Z0@D}T?{Kc7<}CRl8`?ss
zcmvee>^`VnG6B_qWzK!5hF(LB+)LEd#9M5uJTIyNwNOWSM^wI1i`oCmxWwJqhpONb
zY7QTw?#EtYBa#a>*R@gK`9`9qU^W)T!>Bd$7S-^qOYOM|s0Ma&@o}ha{aJ{Bw!=Bp
z>ii2e)R~uA#m!I^4ns}RMvTBKsHuB}YGB&s*5ERz{OvFf&PMfkC2H#Spr+(JY6L@f
z3211-R#=acqYj3gsFA3KF|ZA4$hx5loPgR^D_#0tj8FVBYBAq)_oJ<}kw}jkfzqhO
z*bHe<$Xh@_4{k-R{)4D(b{{q8@mE>HGNbMnLk(>kR0Bq!o?qzhZ$Ne6JjTUmsHysZ
z(J}sN8@Uu%K>NQu0rhAgYJ1GY2;7dU;35X_F>1)3VHAwL#=ajUL=9;g)Rg4M2yBMR
zKO9Tp5>z=qpgMRRGf=-5Tx&y<1vQryP(#?>InkwWLM_VE=)c`iQ<Ugat0+6F=ao_A
zbV99#iKqtdMoqyf)VBQ<Lj?&WUuUba2CCxzsG(bkdT>3)!+ofNPow7WH`It_T5k=g
zgqpGrsI@W_)u8#P2Jgafyp9^#o9o&Cs^BdNdNB59Hl*oMt2GzuB~lSpz#voumZOgB
z1E?XrgW68_P>VIz1{>les0NfpjYKQdE}D*de(#1*m_JuPlb|*54@O|Jjdr3HLyb^x
zQ~{r&7U4xy58q*IOuWhVe|l6ynmR|L*2D%>!!Mxfd4XCRF+!hPMOjfTYK2<e<6QbG
z)SUf*8uC9;Yaq{NYd}4$M7$@efxA&(T7N;6^At6bF}ApEh>Dj+bs*G`fEH07=S0*R
zSdJ?25c-P^HI#|A+JRL7HTSKtFpfbzw+A%>H&6`-`@%Yw1~tXyQFGrIIVnS4UjiE9
z)u<Ej3U<Pe*aJIlvk|zAI$B?#Do(fE3NDBGa@q;Cs)wM~#Aeh;eSxa*5^4&bpr#=9
z4wVz)s3o8SqB3eonqd?ih+3_~QM+L@R>fJUA-|3q%7~pdBE?YUbVQXi1T|vwT>4H_
z{^Rcc&sc=|y|)B3G<kQ~kX1yrv<>RLKN__QcA$E6*BNcMt>&DlcSvK@VjGX@@m3c<
zi5jsNs1Zu|rA_%K=>Pqn<^;6(2B98YhI*@giR!_xs0zZrvMI`sDyRi&N@ltELDZW0
z9W|Bd_E^WNp~`8E8v0SF`-}Fl|DzE&N`kh-8H|MwQLFwXY6KGOwT6{PEv^=*g2tf=
zUXD6PzDB*w&ZByKAGNrn@3V%bMU89?)S~XOkNvMXo9k|@M-^}!H3C0j9E`o+hCU^#
z!ZN5iZs{E2(&wSd+liX0<ERn+4RwMBzqXfEBGjVK6e6IOG(io?C>P&^I;qaP^uJL(
z$#TGYUJA9n8lpy|FKX@=qekKgYAUW`aSVPF=0#v>)FNz!TI8WY1d0$CfhBMks(@#x
zIS(APDaeZ&kv6CinvGht8&GTD02al^sE%YjWa+g~=_9cueu<jW-;qTf@-iH@8x2q`
zn~i#(Z$ypEKGgQRg?ep1Lk(T>Bi8U5sD_V2J$De*u=5xb@1dsTxifIoMkERPfBwHV
z0i9sIP(!v3b;e)9LiiWzWXpTZ7Ee8lAl?r(Qu9#HZNTVw6?GupM9uvRjKG-RT0J>Y
zyR9vz)c&7HKy$qYwF}NUAEPqHIBpHfgBrR<sD@2KjnDzqZute(@Q<jqk@bYFi3%8%
zcn{Rn^~VZ06+@b<?+Iu-y+bXcgeR?{lBfpsKvgsc)x$k5ei&8pebgEVp0bfBfGW2Q
z&c<n|a#NqSj(&obiT6Ft{#SwfNYH_D6t&1+p(@OL#*W(RsO>ZtRpD2t{e9WRU!fY1
z@T~Q)94cQE)YJ_`P0?ah`6p0|`}Nt7ePPJ>on_38T4Z%l`+OK`pD)1(+>M&kt1kW=
z)q(iutilwih800o+yqt5aMU7QiskUCyPqudy)Bj!sBbPcP^+~O>SXMSs<1C=?xvy6
zfwdTcdr=i#ck%bA6E4kpYfx#_ZfJ&TNN-emGf^WN+DJeL$an6>pQr}JxnLP1P>Zev
zMqqc;{ps%hD%4!>!-jYd)sYext>TKPZQT^L#`>b3pK9qLZv_DzKwqL(?GscFqF*wz
zp%!5kjKH3#^I#@wPFJ8t<Sc5c?x05GJ*vWVm#u-tQ02ErjYJ5O>ixfxfC~B&H8gio
zi|+%*#*9~ND)OOLZ822AqftFsf)Tg{wYbiqw&4d<&of`O5iX6o-vPB)=VNZ||6>HS
zT7Opp#{I!oXDL*Jx}sV<4t2t<MfGGCs)F+_{Q;^$Z!v(euGz0@;^HU76Jk+pf|}CV
z7*fI!cjFzFA)fz#*5W?SMW`MfM4fE+Q3usqR0ES<w-L#QYEV^-z_zH}G!}JaZ$T}(
z+o%x^zrp@j&vV?c3MxB$qaIv@IvJ0k*2q&-g_(Y|3d*47yftc#40GwLP;2Ngs^Pb>
zI7a`;8c^QZ=_mHT3YbcQTC^TDM`uw({x_<ils{VqB~bC!sC*$*1=~=&=o+@bf3Pw(
zziCtQDe7hP6>2Jupr#;N=$37hVyFshqR#dns0!AgR`W$v17A8*-nIrsVp-BVVg#;7
zHRuFtkv&75bZPF`+*d;##bZ(1Hnf?53jP5#gzvE_rvJr$e?J_xs1Bn>>N2W=XQ;VO
zde??D4=TMLYKn%TMr1y!V_&=U8>lINi8LVOCAen~mO?e418P4{K~=B{b@J`O2>c$k
z_@1MtBF?YYu-vG8RZtCR?czgGC*W*UdFxTH?QeWT3@rgIwqH>h<K4FwW<oWn9BL>#
zp(<E_nvyM89?zq;ZNdjOq>-rn-BIVnQe@qFyKoZmnZJd3b1>;6rY6Kj-AF(WTzwMe
zeNM*kr&iInXV%jbsG+@w#W41B8`@7$+o=btVY5+lx&gJwE@1>Fe_`9NIBMv7qSn?_
z45{b)322V)p$ZEAZWW|NEuL~%6MJEGJb;Zb`X6ClXKam;coKUk{ZIRYi~~^>UO?6J
z6yspBm)6kCFWLX<K^+p5VE`7vm8k7;6*aU`U)icHgcXRlM5V7m_2fKiPCw!}O!PX;
z|6B8mur2XdsH42`8#_-rU`gV$--PVOcO+<0UB~qJ28&{fw^l)2tV?_hs-c%ryXFH{
z!Hn;$;2x;>V$>qOg9Y#n>d4OVmyKv8)Kv8k5l|0SqSnCos0u!y_G#9??S389RE$QQ
zh+ENbFm53J2KC&k_x6rBjb(`6KpojBKG<_PQAcrO)OHR{Be0&pXIK$y{A1rz=b#EW
ziP~mSKibG-!Dhs(U@iO<)zd$)1V-o8GY>1^aJ+^sv3^*<@8}M!O#BWqg&{9{AmC{`
zHAb~;7}m!xTs#mA_(NX=wfH8ZD!PJ)FkX1TtHCZhkAsP)ju!AX;(Tn4rK1PDcDMp#
zvb($(0q+XLiW%^h>HUA3fVS6&Sk{1bsF%h6P-`GzY>QXJ!o<g;hI&7$f_r!hE5-@<
z=S7^j0e@r)pbnfds0J@Vb?^$-#^~_^-bCv6nh@xMx3B|NiElmLiW<6)sD0luLBOA)
zg;<sNj~IcO69)W0hFb||6TghTutTDNzh*9@8tNqu_(yUZRD2SKA_+Vopt;YMB;fxe
z6FspC@x!Q>QH-QEXJxP^@rkGgT|wQClPuuxn)0aC-U0LDBA0#|wfY}pC5)Cl;2%)6
zk_STmDxOb*j@q4A7O$ZSPL?9z@6#Gsjre3#!!D!NLh6*(pe|UR_*d8o-=RjbO{#zw
ziN{eVV${^uuo~E$_^8yJzdFfokf6EFpC;fRJY6vz@uk=g_oL=McUtRddsKxJP`lw2
z>aCeEUBLe<7b8&z+XK`ti4_s>&-`Yna-X0&8atHU7Do-#$u|ij@gQoSf5dE<Gef|C
zIW<5HZCBKJunhHjK8332N7Rv<BcoXvwU|3#3tWjM*#&>2j{H#3%r=*eFhIgA)X>kx
zFYqMld>E7^;C;!1sk7RuzLd=>euPQ6{{git5@!#1OR)^T!|Pa|=Pu_6c!Mx&u7FpL
z^p&~&#m&F}LqKPFnLKu*2kMOf0@cGmP-l0#yaDfX%!S?X8fr0?&lm82@R*HliQmU*
zSS5eJTZ30nNB5ut<|)+Nr!1(BhPXjME!vDa2cDu9W0FDve{q&T9nnoNJx+Fhjx~sX
zhdKdM6t;sbFKSKHL*3tsS{r|%rlLU+OP`4)sNegMfZldVi`tM@Mh#^%RQh-<g<qly
z_yc=ju3`cI3}1pe`F5j5AXjm7CTf?wKyANLC9Iq#s71d3L+uGXaX0Few3BHD#w7h`
zR8JnF7FmT-wip|sMl6Jh@d#>n{D7q~c4-^AYN)fm3+BS@&Yw|hCT1D-zuwpB%h-vv
z9<|*Pm$gMX2^$kXjM^^ABkh1`f*P4=m;(=>UdIox0mdm8@V^7LLrvKTOouB`BXJPZ
z;Ei%2Yw=qWQjk!jyv<D=R6#3HN9`Y22TN73hR#6s{5|ShZi0$dK{3=eZh|_1W}!Ot
z5_Ob!{={Bx$5Cq{MW~X!o%*BR0Y6|XEL%CCzaHzY#C903O2Gf}*bmPW{|o!$nW_PA
zIhLsw@J8W}sMX%AI@=Ampwcteum-M04gFDkfT8OImJm2n(}uKpt$=?3O-CIN=THaA
z6V#B!sBKe{6*ZJ0R1cS-4y?F!Y&(}gjZ7CTgR@ZOe2*&UG4c)xc`@n+{IAL7QFGNC
z)$@_4A$o=huu46fnr5igz5&}{y870`(WvhYA2AQsZ(u_{7BzLZQHwc$L)%5uv7q+<
z2?9Dg|3VE-)kfCRHaLm+NYsH8rLnF4s;Hj!!xFd>qvLf{!+ycsVN5}jfVYtN<fb;F
z>6)2sun6gEFthgm{|NNPe{cf!YHkP7OH>7^TiB{^jM`>Xu>~H+L71kcy=>;AcEeuO
zzQ2oF#CcoUh>Umc!jh!_f}z^9G;M2}lU{A?;F*pY$nX`G!t0nEleV>n<VBrq?NBG?
zHav;fPzA4QXKUw2)UNsq^?f06dz*@ysI{}QJ^MeBz<v@+<KL(Uig&Pr>f=!2vrtnM
zqazKX!A-ChF6hK-81Hqq24(F^#l#0-KAhK$qa45OZsq;f!(Q8&d)gO~E<M@*TAkZS
zh>g!sC*R)~j!}Er_kvick*I*la5QSD7h^s=hMJm}SPpaaw#C*1HIgS$bN&c566yQc
z5!@_9KyR@fs2d-#Ar|XvZ>gDBk@zF*iFx~3fh$l)@?q4$av42(n!kU*|0`St2G|#o
zx6XD01N!4O-gl@)*?f>Y!v7#pkAy;l1OC5AHVHQpk3Gaz^Ox9*c<!MAuP-jg<`{RF
zEy8Z7kvWN)qVVAX|7XJb*p~R$*a*{%u!asmefzzHd{yK3|0C@OhAF6RmS&Xg<F=^R
z@RwK!Z=lZjcuZM&ER2<L2<mNl81+_sggO};kG45Ji`xGQ$JlOYk2+uWVl?gl>|<?l
z<VR)fiK^frs-<D$Z0_n}E8>$;UsxXCQA{%4D*PYn%V&)Vb|UUVeRaz+(cXTwF%Iz&
z7{saAS^Iw`0d0rZsG~9ABzrI)>Vc-1A3I|_=6DHiC%$QNz}te&rUbk_7;UQc_z-p^
z9(5YKiTpiKNAbkzHWgcO9P#iO?0>zbCKKp}Pq7^~nHlh=;@7Altu)KtX1nkm@#M4Z
zz)CpB(#PU_(jPcS%nf)~i6@w6Q~3b(T*>(X?`tf)z`l<EzJUGTm4u=T173GrgF3n5
zEVA$UO;L+$t&88nO2o4*W-91eZ`_LCF9~=HNFTAxhC1PLvn*<=dZ1orOHt>`K9_!Z
zIg3R@9=5`c$aJV7uZ1PC1!^P~;}Fca(t5fawf*w1vilV=HSzPP5qyGLthHAMyht2~
z<MAsjizV0CZW<mUphfi*2V#x2R=`ozD$e|=#h0Lt+V`k}GOe>kxe0X;-NqysYrUPM
z>9GLu)>sASVj}#}#h*Jv#XhqK#-L8NL#Q=z4M$?B4c37DsFO0yMuw2(+X5>RAGA5(
zMa8dC9XX2n0+N1<y_EW+UTTX_uirFVZC4FJraa`GBA~BWg}$((bQI<xz75rbo2UaS
z!8ZGb)B%-#4mG#lc3a(fQ0WaZAx_48xD4arcbE=;!bp6NMYaD+@36TW=$wnC$*>JG
z;8WD%iNDjnpyWlJXmwqDBdXvts1baGgD|km${mXOey|Yx;VR6F33qcuQ@>Z9z<S(*
z@3G#Ow!dqC74SYI?(MO+*#=xj^nZK#VUkrpU>~n#jQX{`e$yQYcmufq0GD8kZvx&r
ze2t56*};JSPq7p{WNYaXhRSo}F9L~~)6$2nC-sg6ys@PB!(sReTVkJYnNw{y%z}R$
zci&=9+CJ}(+P){T6DB%kYiAg04g8FnlJ=+VsGonD{oj;?|B=uc3!Je7XDOy99__3Z
zm>u=qZXgcE)2O4h+;?{NcSCL0`KS@OfE9@UcFxvT?(glu8jLkbe}GA`@cEFf@*3wY
z;~C7vjl>rM-ed|Yj+)z}7X#iI`~_#>)=M^or7zpNq9baXZA2CPJ8CUNzhXU(K)qY)
zqB^`5wHw}t+>ORp?X|iQ>v1Fe2ir!CQA4*0+hg8qb}r1rj>Mz=FW~>%Q9Yd}usP}J
zuJd*b@IM~0A@O5BS_4x2WQ(^OYP*Jx5YT%&;%A%V-k6G>pF_3yx0}||61S{D3-Au<
z4{#oyzHL*|@{Tq9D(Xnj_KU5dxv1@z<gR^d&Wu_Eb#a9D|5yTFknj=1srZX~0q-y3
zyMDFbQhjmX8W{J1s|dBduHq=H@z5H67BvOgf3yAF4|RVRF2w?m0{%Zxa1M2pH-4<e
z&HlSUKqp=GCpJ{4@pIzop7I+HJcAo?^fUX(C;M~zDmDgdkp3LM#!@e=VQ*0t^#0wZ
z>LKbK(&7&r(FdrPU9mq|l-mF62&jU@FYSSEP}?j2E6dpAwS5Ww7B%GWQFA=|js4#5
z32My@eQPJ=cQ}oB;dfTv5!|HsUp9ibus`v}f3yE}V4Nke8zbKbyl?Oo-ojlU>^(j2
zA6o<0u?^{kKHAhQ!2QaP({VfBYgS|Fu%LGgZ{lKH8wmPeR7wVe{@3}3sKwkaJQ(s1
zm=oba|G+61CFuVo^es*#L!qca|E>5ns^|Hmna5EtnWoW${PRlu>IRcw+?YZCC!S2P
zg5FE+55-ZuoqEL%`afMiO-O#y8zl<*i*#S2P|)vjMvlLO+_;0oaCMTPKZmK320i|F
zjW-|5l0GVV(Ek<8K}<#bEmFRhm{(#!OogwpHdf`iN-2Z>FCJ&73i^xl2UO3~r4IVr
zcU*|T7!rQN6WBdX(Eqi0fwb1bFHoyJdAgwgRcsdO1bmM=k_SXs1(&dw@}&>@C*dTl
zPy86Rz+@S0WCozV0iDJ~7`jV98Q<Vxte!FG@7LIwg8u((PVLN%daahh3Ro8t-~yMv
z0rf>>KkD`UE0)5<nS=h@v@RAPJ`2<0QRMlMcZWc168^+A=w%7|KWwH&9i>H471wgM
zMZf3Riu6mUq0gVyhO{F#Abu8yVnnu}f4(fmp2VwWw~^X|Ewul$<OurT^T%OpGF(Ot
zS;3q^`^6&aeSIH`V$xg|uZ6jYk3y}5%~%FcBE@=9bK6Kw#KgqUpk6+=urKD$!&EEd
zDgx?3s=Pt}^;sKB5?_W&zlPfHvGUnmcgB>&x1wG$r!WKF#w-}jAM}4R%7N90_roUm
z4QkgUEfDn2i!K<_+<#3V65|yN`u`A79V|`!I+nm>g{-IbunX}Js^Et>919i>`rie&
zp?)NLiDj`=k)Z!|eFW-6Jce33rHY!Pi?aVUx8IV`46k7X7AR)hsy<F4-VEp9FIWTz
z6t~^583zzgULxrK*gXUF1>`*HC6ub9Ey@X~x8-)!_DfpI7X7eN?0+4N-;=Nzhm^Jg
zGL;GXXL}#i+v*!^jL%R#t5nwZ^F%B}{5<MR50A7d>VsNCU!m4aqH;E()lu7Y3XaFO
zAp$y)MwYjVZetJP2`boj8HHM8J5UX|iCT>DDp~`|qIx_TKfx=g-I4MW>){ZrP5e95
z8cJQsPS_!sh<NBB0afrGbueVFYzIyS)JthUw#D{Ug8ol5$5Htnqk0~tYS8~0UIMjP
zyI?U~?$WQKzbLEO2;@LDqzhKk{{NPMdJwC+WoV4qi7!AMD2Gss?UB1*xQ5;Dk5x!t
zfi>_x=EQ<EZHQZ=7Vr0{gD6HVTVs__i+Bx=(ngJ0JLvz!GX>jl<C%-su45JKM(vUh
zsJX9O*H-Twj8FV3M&f<cHq2Tt=zlq_hN+16M=jb}sE(b$KKKItfB&OxeH)^wsJY#N
zI!NxI3W#W6Q&bAIy}DvX<-_uL6*ct98(Mk|)OWr<sF68={vvE-4XutUcRGf~5!gsT
zbCRpEEsn{Ujrd#CVoKj6=<UJ~p2UJpZDjsN9jO(YS<iQ31o5k=9>2y&%-!4?+6%Rd
zcA!QwMho_TEdo_r1pVJ|EXLx*&!CRX@RoLBrNGR@yQ3EC9MoJNM2*NJ)FLg=D(HW`
zo{!4+47CPQwYKLQp}yXaz{0qub;!2aH4>(h5VMV)WDBq)@f)b2OWM}rwNR^nDr!5f
zL#>Ugr~@Z^J9~%B!>YvpMD@6Id%M2?2NVB@YT)2d2OG+DIE{p-m=%Y1v=eO&>UDY-
zRdK>jw&-$UBjTk|70gE+I8RV#ebvr(Agx8MrMO*eDr@3!;+wG?hO%}I`agPgMeXN{
zm>Q#Yv)5}z=U7xlcTfjP@$OdP6jV>{V;xM?!=|JIRv^9wHIgq-+cj5DTN4A3`a<4U
z1X6M1F=|eu^|EbJ5Vg8nVme&y;)jug!wdGdo>fD=JEou-c+Xj?kFA~g*oO4`I20@Q
zwRgY~Y^434xt|T$2-NHGDyqP&{e$`m#T$!}_z^2&<N%xV38=T)b=3R3-auP?-=bbN
zX$RTVjYlo=UDyr-gDqc2>_GkAAq6ng5c~2u1@%Dq(4hZ4y*_H_PNEiB{9!@=2bN(t
zi1=I7F6cen%GrZsiKiZ6i*yyLLl<x$<{W8XP}azLB%~i@Lo)!ic%GqJTAAIU{r@?(
z$LOQ20X<Md`2#k`I%90^x1f&J52%VdjkTlrCsf0$kFyc`5_=HOGoJmgo-G@1i|rn!
zAzopEZOgW(hRnxd_y$!$zll1#`E3?zsGCi)Z#0Kdi!IS)+lIAK9omN49nq)QTIh&c
zoF}HxGxZ?mR4cd>>gYU=T4b50*_`)4y<T^q8t?|S{n|{o17;6)BmM`r!j>~^<PM<9
zOF7dz)Cbj}Pf?3CYG{^aY=xT31E>lL&JKDra5?IokYkP&+zd4p`!F}AnQQyFI<_W0
z1J!`1s4o~b=Gi%L5w!+N&$qR;7<&^BJs_YFXuQBy@h())GB30TMqmTt*IYc;B3q1;
zP`lv*YKW68wu*b<0OIFR9V)-X7Uw=^*isvTs#se4e+vQi@Db|kamr=(?Y0Z*yWu#D
zhYPVOeunxk=q<PB=3+*oN3lHK$4;1iMbQ609kWrpDeKChw-*OtZOpq$4QBs^2xu|f
zM9p!A)z-5vs4pH{Q4hRDO-+?GR^SfQ?(o*y+pZPr{sL4({z1JX%6)3*ML*Qkoj`5(
z9P1ca?f+Q>RPjA5p&RRMv2;Ye)fVF#{0p_(mw#plRbYd?)f%8iU>K^QD_#5<YI`T#
zXm8VwSWNk_JMKdN@BgRUWOGy!wMfR{CcKF{0VjWMQxRoz(Ep#!$x-*eM7^w9Z?UPE
zglfnhjEO%YbL`!B@l0Fo`$1mR8mqIF{hx)v1`<l)_m~P}ePR1JE9#xl9`(R1)S9@D
zk@yZXV2N#(-V)V;KF+hKxzDoQ7V$vbK>Q49s`~9<|10q04(n;fok9P1wMQ_mGNRrI
zzd1|pvLT*<#Yz7ewJ4MAwx0Gy4e>VA_I!wunDk5AC5^E#@$IPHb3a6&27#PkSwTav
z9q~(801NLiyP&qyGOUgX_u9Lm6{-W5P;*^!pEYbIjv;;uwX3S_x1XjLqegNYmc>xi
zuWj*F!u%vmM;#;wQQrsB9<W_dA2qZqQ4M~FT5OfRv7RhMHS9;!0hINi^>iZYd^v#H
zWyud&eJzl+6Y|y)(Aj(jb&zB|Y};ov>Kn>2)KMJeh*<-*E$5+z@FsS~j7P0u(@^>U
zhdQ{@9kVqs0M+ngs40v8t-dw0|GE*-K3$0_@Vqnear=VN6h9|@F;>P3C+q~AhFZK=
zFcSa9l341by~Kv#XyOY|>B&x6zWS(bJRhTL|Nlim1qDxA1vxMW@qVbUR4Y(N>NC{b
zwLfF8)%~c|o&79x8{mgm%z?Ac1^xetwg0^RTyP4t=-#8Iu)qb2&%lsY@i79Lvk%w-
zTU@knE=N!!^8)oPH~l61xnLk_QLRM1#hze%ta#bxxFKq&m!QA@aR~8DSM0=GfjSBQ
zzQX=jL9MS^#;vGT`xsSW&mZi8BdChfU9*#Gu=6esC%yLntU+f{Ya_*V8@Uds?f50m
z!)K_G9DBoF%WrOkY}?fQ(Y}$aMlGf|KUqNou?_LVs8yW)XZzW0Bx)@@L#^r}H*IQ$
zp&EV>2V&-1wjGyY8RAz_+coiRJ26Lw2xv8KMO7T_j!i{x>_hx}+=*p>v6Jx+)T)kq
zH^@IY&sxA;SpHtn|7G=STt<A$ueR8#+_&>%3Ti43U?F_!3}tv=L)sYi5;}(3b}=4W
z&#R-(gDt4t5&Jjmd0mVkz63Mie$0wLV-bw<$X-sRP(5#l+U9Fe9sURFX#Y2PY)9=T
z)R3J*^`OiX8_FA4lz5(}W+&9UVkK(z|A;Cu$1|&7JnAI8gIaWjp4)k{6}7lupmssS
z7wQoEZ#x0?{FSrh?^f{`)CqSLwLLTcVRKyrbyChot?r|!cZBz+y}s+AcGV2j+Bk{Y
z@3CImw(g6O#Ft|k?f;(%=&Vou%I2sxmLxtJv*7_$fxn`LINfVojFnLpe~KFNSC|lU
zy|IeRVjkk-Fg@<X2)u#}z4r=3S`?Mu+JP__(-7Z^nu@cio|k)P4eNp_i7&ypxEr-5
zj-iG&`d`+-o~ZN%sHwPtWij{P_G`VKScUk2zuEt>34B9Bd_03X`F_OS81=oK<%6)Q
z@}Y(@+J_*2c7yW)E8#%Y6dpjG6M=thl{dpk;<Hfa!Ubolk2a#6K89?lSCgPG8b4t{
zjLx6_(S9$5I>{E}So{@rpmYf{*I;+zH=LCM;r{;LiRxk0V7UJ~pW2w2_)t_mt59#t
zvmpXQ2_y@*isqme)lJNfsiTDZ+ouw?Bt8NA;9ZP~4Wfqoi?KDPB|ZnWX0~H8yzb(^
zqmJB^(Zc<y808EdBv6?f|6o+C6x}k^#011=poVT0M&cuEh&f}JV^AmFHB`kpV}|<&
zO#{@FOu#vK7W-k#ST?d3kZl<9a>Wk!SN|l`(C)`6_$PM4k#WNPZ^8Fa1yqU~?$7x?
zCw~FJ-xZZ{F86z*Dh|XC_fO6$*oFAtsD^h)5biJT{n$+VKVQOde|t^CrDQmcI#}8y
z3ir3uHq;4r6m@ilCAJYNf;xx>p+;yIs^Wi8+p%JjaR22t9Geh7joPjmlG=z3z$x1Q
zrwC}V)Jqob{}O5$YDlvr5BIdKhN1TTEmT9Ir3m*jVkJ~X-B2gs8tjFCqfWSPDZ{;w
zcpMXi=}*C1N3W$0_kVg$kS5#<wI;)C0*&wms^H3L!~LJvyQ9{`RqT&HVH>QIF5Le@
zu>-Z;9$-5x8)0i;E$YBJi#kuDq!0Ihgv*FJhzg>1Q^WM(A^*2t|05w62^})njX9Wt
zc;bw<nDStG;;k_gu0@T=N!0dyj)SpOrf~mVu^S_aKS7;zxieeCM`1_ew@^p>Cs{%k
zSdhhf{3{OPM(wQO{%iIGs$r?JSpij0Ben_ka*2^W+&|;TqPFb`)EtNBu&HW<ZHX^H
zrN6<hST$$3f1vFO5zt(JKpmBJbJ<X@Lmd#wb6W#DU;*O0QAg_o)STzaWBDgyV&Z?H
z)<nF#;r{<ctAr}IHEK=lL`_Yce6|}xl?jw1VFl`|*e%S0x$~P1unqCysMY@y>Htbm
zz#29dwY@H3ek@tgwr5Y&cHWITNuQz)sH%mm=UtHdA#W!E&Fy0>ig^l$`)|KasKv4t
zwd%jc+!!np?!VRYqlUB%&cK~69$C~HHWzg?|AOjytzzaT)X5rNJlwwj=OLguYKK}B
z-=bD~;u5yMC*wro$8j~*C}}6=Q`CqQE*0*-yt-jK;={2o-bB5A>y)-~L)eP=dDI%n
zQ--P3{$ET$i|l9AjhJQaBpZP0VYEn_f~Kg3?MF2zPdTgTOI%1iYx!_*D;`9xkscLn
z4eUUTz!}sc&0I0u|FOP3hBS1y320UK`h*1h9t&fwO190$V=CfXPz^nWnyOd040Bhu
zqxv*1AfB&Exc{~M1gatBtJ*;}3H96))W~G2#{O4D^{d&CPQebuFQWE;k?OW+>R>+N
zy-`Q=Y8;NwF%rAiu!e0x4gGa2fz@l;_MC`1g3q9)AY-j?|M!VwYq9?)knn*7wP;*z
zJ79LAhUyyTz$A6-Ac@4d#OI(!Vl}SEbEua~|GM^WIF0Rz$EX+X|G?1`^_KkwH3B*6
z+q<P*h=3{>h$>(;>TB|A)JavpfyMXXpTv_kw5f^N$PTDTTuu4{jE6-Uhx`9arV?t~
z?M7|a_)WsSbvOnU&(hQy6k0@}CJDDtLzKIjoq!Wj2gL`}QCqaREt=M-cg0WG7z?(r
zil$+5;tw!CdM#}v3ZSOAA7;RfsDtb*G7=&09|Bq=MOxW58jh8SPe&b0mr?saNo!lA
z4Nz-jH)_?VXk)8;J0>F@tF4(4a}zI#@v$pv%7&pDxB;_jxnC!s_jp)4vkYoC40rJ#
zQ4L7m-oCpvMouno99F;ssH58JU_)913lg1=`bKmLRpIZbax-?cj*Y`C+HS`Q<i#hb
zvpRLBaPNEUjj6FrXDgsNYA9!*&iG@fk^2klV%aXXs^_56V|TT4qb_Pq?ZjRfubZv4
zQ5e!Txk8|yZgjV8GZxjeZ%_>i>tQW!fa<|Q)D*o&?UK?x?MNMtwTQ1rmHQHPwCC+*
zFQ<N(hWI2LpnSd9|C*DOz3r^8j9Oe>Q57FX?bk$o+#*5^^+s%fFR?yW?Q37bR-lgX
zhp4w>v3|CT=He&B-=Y?Knf^B7)BCgkOOkMaggnZC=`ia6vob~{-Wg+JFC2+OQ7@M_
z*c00iv@akRQSqvS>?_tD)Q}e$Y)AWg)V7W{#Maut5P`BJ>_m;kA6Nj>4Yi@Ihnl<D
zs5AU2s(>oPtfya~?*D@|u=#L1cs61k;;~2Ah_*!K+l`$t!ALuZLPH4X+v|4JT>Xt2
z(lVoL70*Q-BqvY>W?;m|phhkdU!l&8BBSjsItzOf{~gC++c8%Duc)cZH`b<f1X6Cu
z`_Uy79T)EZA@YT&6DsF;JF%AI0^;Q+*qmL%l*FS=w4*lz>f}6yT6}3IS-dCeZF&qf
zCAlYC2bQ5m@CkO){;xO17R5K%pBu5JT8~4h9{-4HP_AkA;0n|M6r657?t+S+L5)P-
z88#J@aWV0$I0bvnv~N^zQB#p_79&ml-UtF(%@<H}n0dB+k?4ooMpsc&5Py!P_dxCU
z^QhgDer~w`r(}lUYU18JYxo+}^M7Cj=ALi6s21vg8jt?p|KCeMC)6*P8xt?E*KT>t
zM7%BP?4F2ma1$oNJs1Vgy7Y_q3GrJP4KpvaU6dR3lB<a$a0u!gc(suIuNEd+6z>0t
z<yu&k_(Rl@TVS#MtkxHm?*WD(yU72O%u}g7A2rnt@;@mEGa%j$_N(3twbTNx<D_TC
zgv8e%|I5JJLYl6A0gXRbj{pzoVbpcPnG3%oKAwk0P;iRq{84(+G7;Cc))}P0jil!x
z&j8Z8(#quItw;Pl<)*Xj9)FhA|G7bDNqHJ{A>>-p!)4I$>grD+{4)^VHtxqFo)-V2
zu*MX|LieKZ(RGA8D+yQT6Nfw{`0&R@{p&jUk8;0?8;Jp=^Di;^R|dR9dPwvAfQNq}
zb3#7p$P~_ve<(;7uLf@jnb*4qJGk^O$s3c;Nz3LX<$euUk&+g<^lfw`FJ)-GG^XsC
zJX4OiuJ8H%lYd?-vWrh4SNIJI;t#cY1u3*459sfD>557k-$(r4bXp4U4k~Cxo=tp~
z@!T|g&dm)xbAh}U`RE+@m9n3qenWnUe0jOw{NMRkVVy{<PbTg8))YFQjJoEM9-Yjo
zDCjhW|3+F~^6en410P)_$=?n0@JwvN+QuF5xNdU&L>aoeI6HAKHf1FUQNRESe!=Gf
z8H$jhFJWDLU+~u9r(_;LzK?{b6V|nf_(mF`>!i!Sh`4r%u75~N?K)s7l+QCO{>@AH
z6b%UFBJkfUClw5&ApTIa*O%~UGU=*HcoXUTA?W|R+7q8atTO(lhI20#VgAht|E0#k
z>0h6drfZa|>m+gi;NssO@h0&gN4&@Xd+@J<R5*~&5kCAuXK%B6SU2zT3AlVudG1R-
z)%oyu&%Bqep`*!vgYYu)eyfMLzT%k;e0q@g-|Ms=aQk23Fj_a1g5DF>;nRlC9zNsw
ztfSBo6mY@y;0x097Ys+^YCJ)~HMxHT^%6Qo{wb6-h=vrSbNOB4#*inBcws)eeh882
zFa_`nPw#&`+=|aVSIKzp?d8*&!eVm2Bo74Ly=ugDouHtKE<BHWnR$LWmHoyuV<n$R
z(u<Jq0cp4R^d`(70oS{aKmSdF{>p@|7d(80cqQWT2)E=jfsA$ejCXk^kdN=}{uLy>
z8R;8P*D9XXHIDdpDvs~c^(Ub}rP2&`+pERBQsj-Uzkk<>n-xjWm6#**EE&raA81M5
z|6K2yla`WCdLEp~y=#27l6M`A{P$|dJ^uHBe=T;6SxNbc$k&hbUobi88C)KJl3Nk^
z)U{Mk?sElZC*xl3)xuP+fkP>*G9O)uXzah&C)^*(CkD^*MaR49DvugIuiWHBdby|M
zbAUUOc>0FBtEW2>-$D8|!apj(UAsur#lL9d-JliMD7hRpRCX=-Tm^@U5lc_5jNH9L
zPF+{{jN*xUq!s5=osy!{)(+&I?Vj$<{W`SbEBYNt{s{66cFz;_&T@aGi|6KEIL}4r
z!&euNTmN3&yvbDXo{uiRa<V<?(to-)#D%AmCq4xpBFlXW8czBw@)pGQl*ljky=#0T
zxwoA3isb!)@Lc!&CcnE))Fe_mlOrXyJ)zVnbgeVVtB6P8iL%_kPIy0Qd=K%jBc$=2
z!yC=#4bQBmCjJRP?|<aimB8gwn7=Udf7e6qpLH!rt;ITzTV;6o4vCw{_z4gG?jD{&
z+CUeM?+T9QtjTj9sW^;0S*bV*;gtWWNHxyl-U8C~9dZ|S=-R6ebA8HZd)R*ts~%+7
zL*bXX@rsA)x{BW^H`h%*i@3j?d)=rgKLzpC-)l`=S9dC#hWvFS|5rQx3Ag5xfYJQm
z8co!D$ur0K98g5{xBbt}Su|n{X=5lfj@u1E?#H3B<$Q+o`ICo-lQxb#jWL2xP1p0g
zG-4Zh-l}k}wtV<|iC$F7+DCXD&vxdMm3(b@F4UgHp{@r6z0BOy#XbLe{hxd9c}UkP
zJ}YVHVe%d%<3|<d8W4|gAMSn2y~%#=|Noz+l-0zQw-EbAq5oreU_YPD6p)qA58PNw
zq16eOrJybDf%JsSl9qyd70JJiaC~=9|29AoR}X)o#w$(b1zbnIA$=*~WTgN18c7-c
z_%EiwycGV9!nTqr88_MyK967X;5P2-N=Tl6uSVSe>_73C#PzG4jC>YT#sQw$PufhE
z=N07?bPZA&6G^YBa{pa_Q|Uod9<24BLY47b7yq97yScxcw8o?zBVLgT5>x1FKKzX=
zZwv*NA<e(A5qWey;j@Bg?(xawr|`9&&K2Uh&<Y+JMdlS`E=-22#Iq6ZNXDz!icI-P
zuY#k=mlYejf@_dol#2PW&&x)Ey3P_$^lu}Gw<J$O?&}|_;pbp)7x^Bj=XRy?dXhMn
zhjhi_Mo%*ACT&JE|9m2~5k*Ahqw90-yd~F$|5S0EdkvM2Tlg#`-&d}Q`lCl92<LVA
zJG-jKP-7I*GxFK%?tP0Fc(yOzr953B{vkQ92Tj`K8j#Xu-b9AYgm06+kV0n>PDOYP
zc^?u!!u`^&vfQMtrouzmpR^~)--7fC6V8d9_}nGTKRD)1;PdZQjlWFhJ#{U4?+Vk+
zn=Vb^`#jK_0{?rR=6+K0H>4pKxz~_S3(}TSQEbxqyP6)qBk=!1m!A9PKjlr~xx?hq
z^<3xU8dq_DG99F{W5i$RCYE=tO+?Q}@X$>@2}qCT3Rvz&ZL@P0_d0N|0%d(eSl0?Z
z|JMJS@}AS!0_0iE{S6@^mH2ESa!Q5bZ8BBliL$N|6*7@Lx-#HL@|@$N>oj>b@+nVv
z25Fu6y!P+de|~o16S%{bQH5{>Bcv<ToR&A`A^olY`Xn|Z{yFiBgsbzw4&waHRR5Ym
z_yGBmu;>oDF5M#S-zz79GThg%Fmz3%VK*=*<<xRzd>}18X-9c(qt1te1dg~ux>D#O
zGIqpKeA4mB?H*Ktx-!wYV-!-IioWFY@AZ+qjY&VleO-lInc0bNRh&;h^7AJrylv#O
zi}_#mp9<b`qb&tRaSvzafpN5cFKLI#_X95B-fY4@y5UqoUz3)P_@}NxbubBOL;2`0
z1z&RMxrnEwj$JfrH!cm45S>pG5|Z<oN@44%<Qfm$;&aVa63ex?F8<>R>*DTx$Md?@
z@;OTx)%cX*UOCbS5Ux-9OPBX0&+EHoJNHcJ5*g;vn{Yn5S`feDD%;0HgIvaRq-|H+
z<x}2IT%pIgx1N0Z4butNIDXITEphiV5&q1j>$%$GpFw=H{@+o3S6LI6SsC^cUg^@a
zy9yr@?@mGIU3?1hugKSr2Dfo}_3V7|=;}(oFxU8g+>an{Z}K+belhNy!zxkT`>8ky
z&A6#6Eq*}$vao+GqL46Fd_C8LB@~vE&l8tFB?aGg_vRCx!*g}<4flKS8SL_@url0h
z%e?@Vmm^$6`+pySA1I)xE5xd`|K=fMQr8RqWlQfCdH=n>;n^S!dxcA=q&!~c^9}h9
z{AWa(6Hfe}cp>gbC!em+QU24OhX<13PnYQ5prW0w<%3Dsp+v67E-fAv$0Iz)75ssQ
z=BA-<DT6=v<?Z76)&D6^&+>a;kAE}LzsBHw{W51Gg)Ah(U!nHC-~s)5Bg=nUtK7Xv
z%R#=hn3+7S$(xVDzH<30ajzfo?A%|<=fBr)#BY#40eRElzt>O#kE1aE8(hlQ&M*qo
zHPaPTiif%o=I?C#e`B~0_mcdlpq}*hTb`NDX9<lcf%mAa{D1N+BhLXorFb^Ty$%?Q
z5e$Wh+@SEW+)P5x_EW%iK3PdmgIP##g#TViT;pO<_*6bw|GnWHN!lC2m3dwlf4a%5
z!e<qq>HlfaAFj+$dKW0<ZtixyE{A=T#)ElW+A0d=?|pmAX=s1a&U3FhS$2~Cl(eig
zuCdFj%5_~KZ7-j5JjcHeV1Gx8I@=SDVgK*gGXCjWyo3VyQ)~XUj!e3GVmH$HClvgD
z#wHf`=aavq%Xg3TJubYQ^pdVqU(={eJU4;(L&|AGT-Qa?KJ)W1|Cf1iAqAW#@wscn
z72->2^=>|25H9B)T+2fhi0kU_(!M6%pU+mx8AiJPy`A2~^-mbaC4XZ4lDzpyt4^M^
zsA~^tuR~ODkicm&>DtBvll+$PC4uw=e1`JTHHc4M@~@$htNG-mph={);{IXmg?n)p
zWqm=urtUe_*OZDM5$EsudnX9DBs`CLLPyCsgg{9W3cHq(-`h&OKKC-X#_S}mI`NZK
z{Frbm?q}pvg2Hq)aCRn5*CSU}Wzw_r%vEeb+8N3VCtQ|BUf0h@Te&%#2mZlcWJrbg
z{30ln_$n%W$3r<>L&{(|@>C~Jay&ypvnenM;XCA==0=i#+ri6DdQ1#wtLX}GU)MX*
zbmgah|N305<H7i@lB5(Chfgumbv5Jjl!s!v`{O9+96hZ}`dA!BzC3)A5kJJe7*tq;
zy!t;AV=3np_pVTW6*oHVxR;B3^K|~}ib|wE8TtP?9{5*d?#*}MJ+5LG^&Syl$^Cb(
zf%^YvLDK&I_hI5O`20?zV^MLWt0$arQ5RNOp=R!ZPw~DBkK&=0e0mdqkGir^(RmB{
z|JA}B#wRI-Ehl9GPNeWVE>B6GYv-OF_Wv3?6Y!{tY>%hzy-6SmVM#~`5V(XL5m{sh
z1qBpj6VP!1rAeBkA#_4_hk%MiKmm#DP&lXqE{so60|73J1OZn>?bbm=b`*Cpz{3Sc
ze81|hj$!n@@15^Esk8jgQgy59HhfLM9;I&N84tgK?LPJQBXjVy#?TA!C%Uu$MxLXC
z>f!H<{;tkYm$3x>S&F}{S7i;@3T%pwlVc6O*U0$*a!R%0ld$tULSoi4o($u8{v&h}
zzOx&1Cvq=l{T1WwfL??LYyW8yrJ@f)e@hor1v_bZh;IG}I74qZ<yRCWZk1}NTHGG&
zeboK0s1v~#04X{Oa5Q{e>xKB-8n<5;QMkVFtrXj<8~gxFXJX#aahdok$)o5Pz77#F
zW*4?Yx{+DUbm9WQib@%WV0%;tp3%wHP^6OLjdbA48o!cpDtrk4YTd|_8q=P9CsjQ5
zzY}{Sc}u`H#`G~fO8xoo1VT4JXLTd10bHdMJwl>98cE0Zux<!=%=5@&z>R|ym4RD;
z{5EnYe2XZiK3Q+Uo(z}jRf{9f3%bq}@FUcp|IPx81<;tW5yqt?nXEzkXe1q8f}W(C
zdYy!dwrgF<1K=BoZ>I~*V_b&6AGY1qa0=TB-!b?$^1P;w(W?k^DR3iTH+mrfN6_DA
zoIpd%;8ZXMqoPN_d`yBf;7@|9jqL+$-O-2XV$<+<A!ac4zQ}J8`#EEjdV*CHzW?4q
z*$r<8)SRFwbwyu8(DfuybduyxWBZwL6XRg8HMOrP@$u;DyBC}AKcO3`$4Tf8CIvoB
zvzPIoVq8expVa5So+MJVg9OKsKf~FEMDZk8i2Nn?_Bz>E^gZ|<Bw2UldL*fVuIL1M
zsm4vheiR-7t{?s(_>0JsguEZQ4|2C~UFQELz}^IZpo1q9)EL_(K=F*9qkoL7=oFa6
zj6<<GBwJ0~Z@PgW@ZGOvg&hZ`QcrFSd77eo;KwxPBjh^j{=XAYUlMJ{Fqy!)*d|f%
zL%1<EMK1g<a9`nDNTKH<=9s!9JB+*&-x*y@xmxMTTu1!3$jOYE*qe}ZGn}sT&YG#v
z(8Jmg(IP*0=}vo+;3xQ`b}pxxu_PI#i&PS8Q`~{i=_b0;=n^<g*q#Ni=oI6Gh#2#{
z`r1{9WO)>-gX6!D74;R-zZ)B=EuTajF*7Jxf$cNh+9mB*?#X1BO{t}ND!ICq=d}JR
z?R*EOOSPDZ#Fc~dVEcreW3=xZaN)C|5<f}c0t|}wBCjCfQl0$$h`H)#v7U1u{8=Qc
zz>}oCO(+nn8;=IeBkv*dy@7o_#z%>H3cZ`U8<Ta>C|G@!>mCyKf-`le%GZEZxfVT>
zz<WrP0Vn82qOtc9^KP}6TIBv0am~QaME(xBFXJ(CoG0id^=IRk2-<?<2wWSd3vP<7
zCj1$)qBSJgMdIn`%ix2^$MC;jt%0+|&n2;<R4`vKK8N3eFM%zD7m=r&*arBffE}dP
zzYRh%SI9IRHv{^Kfcr>x9&ipErDW{4!@IHZe`17b3Ak2B9}(M(Jm)F=0>0&pNh+7d
z?O;3)rXI0>XWT%{Y2@%Px_S%n=Oo&I;cqzJBGF7Z9{U*V&l9{C-_rzMh5ZNYidyO9
z{{%At|2OysgNf4p$SK&1VMV*a$1#ELBWld~IG+Dl4C;$awE+1TFTpKIq-Y1W2l3yE
zzEUSq_9HYf3O=hFP&dpJinYPF0UL`M{&Leu;%=b1l{#M`m<0Sclj~^M#`-@Fcst2{
zBgwDGO91SzHVaHKEvo7LNEoG+#0@3c``UjTeG~i|xia80*n8+EuOVnGoQ~d>92aTe
zSM_e}10Th)4#$h|0rUsa55fa=aB~6{pr2C-;g56^_fh0Mjk$`k7xolvA1W+7f@Z$Z
z*oTRWXKAh`|6b$^G#)<xy$LJ<sK^W0!Rgk^JxJS??<hDI_Ei)}C(%&!rpPnFFCgw=
z<lDggg8g^+2v{GsyL7Iz$fv>XWAv(os=ke3Cml_Pm%$@&_JrHRFXJ-^o{wFTM4t|?
z)=h22zK+6AVpG(QaVoYDJdd~=$#D$-r?8@I#(l(gL>`5&4PUg1xj?6iHWGYL1KT5y
z*K%iF>;U>W_-^p;;ctL_Jw?tCI|TbC5`Km64UG?id0ppj%$N<I#&-@}8u)MUk5qqM
zq$m}mqIq;a20lvS41Dz?=9ovYMJYhw3G|!5C<?)6(Z2@&w9Ye(Vm*)>>IS~2@I>wV
zh4Dx9cZi?Wf**r)qQ<(J3pm#z-+}#W<ktzvqCh;!hEcpHa#u!01MzpziPONhL*Ea7
zp>5ZKRdgCICgzN;F%oQ{I{$}BdNB-PX$iWQfFyN*p-=F2(uLk5=`;9NFm52phwu*c
z+t8l_(}LJ`k+7IL#J_`n8K0u%;JP4>il{L^;;T=58UN5OCWK?XDvV(vU7bYkK*9+G
zDN2Uhp-;zmBMtRsjMCl2Jc4onzX9JxY+dqYBfqV2kAbO0E*tx3<n!cEG!Q;DOM@=q
z=m=;8x(DERK*=PDQgduknyQ5^i~{^K6kW&oGC8ss`!FiHg#DbJ#6MI%UAQy8JK@P-
zXXTQ(HUWZSKLhv|`gsBsb;7=u@mU?HY+r(Vkugmv(ALNh{^`Y+r);``?<syg^8MHb
zQmiGp2kYEkeDAC0KSU@06<{gAH*w@+s|j!#w&MgUO4EBHqOnJGBBke2_-c4Q1x{D9
zU%+>xUV%mUkKrGR|Hf#NnB_y}C(K%iS<!p&NaO`T9tc}_7{~``XCG}8=~g9eW$Kt>
z#(LO4(!OEf=cqYjZ$(TS%GT6V&?#e<;;R8h(Ldv228D$<5@Ztm6yO7lM>U`U`Vr>P
z9eqCXBog)~q854viQ4JH<M=q4s;=`*fMzrPN|JN{%a9FZMe7MxbO-i45`3ubj}sH6
zE%<hV>rK%)$O$ZbqHacE_G@egn1S#w;4*aZtU(xV2haqAt&QL4u_g8sI?=aueVM=>
z_*yYW=@a}WMVm10!`K<zMC8egzhiHU?RWCjL{{_y@&P!H9P89SR$T$GIZ7qQC>3eh
ztAjQ(>)J;7<(Fd38uozUcI%e@*2{k^8+(H*5b%Yygc!SuT+>{heAk40x2@cs2}J?-
zpD=j^{y-$nppAn%6}tTXKS2r$d;z;<PW8-1es`o?dCA6|B5|T8KM*x^DnBUXH@}GF
z<vX?{E`Mc9_wwwm{}u^;Pp;Q4@aE5GTfS%8*c#;%_mqfov9Et@U2lP{n((@&xb0le
zG`F|B=i7UmHyhA@r0wx~0(PK4b=0e6PHTH2^Ks|&vRnESVus3F?-D8H$=`+I%8y>S
zN-Xbq@nZSSKQ6E3*p`@SE}!~oedoh?aZB>79FK2`H`jM>evYfqzPq3>;3@F>$Juw^
zHfrd&guz}q_qy`!p{ih>JHL>LOf2x(10qooz(iLzi|Ea<b+kRjHN(!%b9r;!cCjar
zS5OqNy#)bJwmTta^bBvnHNBUeTbO%wcAh(1_TFbCIvvx5k<{q_XvJxmCDPO6zq^a%
z)QKJ+Pvwt?rq<2r&_l%4bA}8N&xr<CJWf@amW#YO3C{Poi2FpQ$D8Bv=Ke1$=eUQ7
z+iJ`D<3yIcG*(<p59GOR-I(q62iPzkf1W!>Cfp-dICJh1mrUpJ31X-vGjhdt$IKH6
zb>s(=M63)Jiy9qxJpMoq3lMoMZl90EEB1K;x`Tjw3LD7fn_;s{+)mtd@n*byvc0%o
z?w=*DPgQMKo2lB+2~K>8c++sKIiimxC(RT8b{5YUK|{W{P$bAD3&osT;VtPcnlgch
z)lzmW6}Ho+RE(|dtXw0m5p{XcY|v>qr+EB+8gceMA+q9~hR=$vqFL4Ag?C%{VNWe`
z(_pxGjJH5$&JyXe&U#T?H+($8ThrqW`<>bAg-<xwJul{&GI@jeR9@a7S~}OfBwEGR
z$##dU*+stm2zcZsanN)+ZWVW%vT(adh_@qsImO$>IB`{=$mg|P`T6!VSALP(&wjUE
zw$Ghi;A5xxJZ|=8j_PlUE8v87h~JE?Y?s%o7S`wX7v-y`?)%ThlLvN*tOhP$cAmni
zDOEo<&bPb7!o=pjz`faSeoS-+vh#XTmj*mJb|G7i(-7&M|IBxaXyKad#_abOtDYwM
z3Z~dC1`HlGZ1_#1?o}t|-jV%Bk9Lmk7k9<VH9^rsHVTQp&Lbf)GghV^5<8sAL!yQu
z?>a0J?dtoCU6WnFfiEhwJ9Ow^w`rN<Z|ht<EY`&(XBT+A?(FcnXZ7WRlcGyoE{_7A
zJA6;j4cC!6i&elpUqMlBo;|$(uz_;RNpV8<IVEZ|4&PDA7Fnet%6mDXE_M8!rKiMT
z5f|P@!<~0e3zyM`i9A5eAG1|c`-@mP;*6;8Tz5uXEhdZ}Givbgn;wX4AMWFb9`k^<
z``qCttS0`)Vg3({Dj6}^F26b>>LzthFXRdPRi~aWM3bcC@SRS9y)U-(@7*aMJTLsS
zs_uC^SQeTcDhX~2ZVb%{&DNmm_jPb{up;yjpgF<a!Ce5i|36|jfp&rw!JSnJ39Sfj
z3T_KMY=>6K%jd<&KDvqEZt7Qr9uBPvZmxn?Yj8Kt5?Z_BH6q0YQ9oY8oxvBx<3?I&
zE-7|~O4Wq^NF+<niwt=p(WvSCc2SHl)eEMUoOFpRZ2ToL+FAIkm}|<#zl%(>jcrS@
z$w+tj4-9*xI0sXVJ51-!bfZmz6j?^9d^KPs){RVUXRs_GM!i~!ddYJgtu#5l32_^m
z8MoY2i-v=*vQRsNJA!5M)MIAjl<*ruJpkTCdv}JfJLh7a(X*bDKGWE3$j{~&sm`zx
zqn;u88hEPn@oeL>hEDINj0>^OozEJdHc6^}{mVT^jPzN-vfyS`ZcFH)VA;5Y;4<|D
z)x%<y%c2iTso{25nXTH0xGVfXOTfPx+=4bc@(Lq*XJ~QN>nr$(a#5fpG#A+R&_g^r
zn|x)IEt84wnu)iQpdz?cZJki5%_Dy`oPCk%fzWN#S!@S467AUG-ZqErJHlO71j~aJ
zHX;LyRS}x6nxW=m+38IqP4Zt1SWfqSM!iOVo_$jF*~@h&j0`#cgwfO)dfa%Sqnwaz
zHkPm5ZCKZkKe8-aY)WiXCDaVmoaX<<UY6r)n{Av%wasI#oviNWdNZl|>5yd!RwnO}
z4!zAR=gVGZciay}wl8xmlO1Q6nMrDz;oZlhmX|wOt>yIYX0mhjb>?-p^UOWwbVJ^d
zZlxH(3c0()Y7nm<tn9zQOp!}mW~Cgp+RBifHkj#7;RN%J8uEv_W-X`DWb;A|xpusj
z>O2}SUlGpkY371<^73r6z3jKvOq8#!HLbYF>r|eaYj&0=|ABS)S~E`8ZD!e$U(6Wq
z@cZiW>&UhjjVI;ijphqY9M-!mxSgKW%ClHk+y-)Ld#izyzscMm>ulX-{!&AJx5rGC
z$6B$~uitB)5l->zW@eo8!+tYE$Zl_$^%{q-2X)lhSe!z&`PAVJ&EfdU*M1ZYoXi8}
z)E3U(N^`WaibIv4K3YZIY_k8)W>Z-**Q_n;sKr>cjgH4&Fb^a<YuE{<9Bo*sO{?8j
z!7{a})RtxEl~IfRCeLM?DbDk8mL=LzHFD|MOl}J;m4#L)u?#p@ksYi$%gzh&)?m}|
zCtBU(<=*`i|2@@;b;hMwUkh1S-<l-rTx(fQTADQ~saXYEiW`eZ&iQ7^s*d5d=zZkQ
zvNCEqPh4d=@tH0C;hoP1Pn*rcqEK4>EK?sv<;l)gS7&q=Ymt$z)=K+!sRI>h@F5xc
zk#+_YnRV)_(^oZ74%#Le8fB)-k}u3Or&c%Xa9qkmswGa)9CZMhsX9wj#~UeGEJbvw
zu6V>%OOzl#?_>3rYcH9WoL6kNk}t0@lj8I{qqHv@sIafq*csE;@;9u*C%r2^2FR(6
zjry`+j~SadpSl~>X%6m+Y@d(+X2qGZAl+)1$tjQA5@mn&N#Mv`R>MSjXrlF?JdtY^
z%ChIpROjtHYh{w`x5S8*g#jyGo-DHJ$nj<D!d^vI^FJI8j;_KPUu^wk$_e*bjXJ2e
zN?GU;b@ecFbsOyptqR|JrO}V9r%TqWj}JVTw$5$$TdyR`!U1Ocq^fPfE|zCGqlwWi
zQxRGue_LP`%ca}Rv_|vD%8QX}gaxm*nbZrefJBmi_gepo*e0b`4_W!BmF$#1YMF*?
zR%&&W!{=IYva*tOZ;)lwlh;*>n$q*L$Z*O_t$Bv*y27e2cUJKFnY7rl#VV)kVrzV?
z$p;Ksxx#8Mmz?8-KeO6Mk$FFhhVt7L)<Eab3hN#tUVoC1hg)0C6ZrrTTEJ7`c9Q+(
zTJ`Oc&|(y}OVvk?D>tBAcb{3`WV^|!4UCkOD4aEk22|CLt;-o#*(!oN^fr@A-!wCv
KF47ua<9`5c@;GAv

delta 49551
zcmY)11-uo-ANTRS=UljScV6m(ba!03ySux)IdrFVHz){#ga{}tinM?Tf`A}`AR?iF
z$n*K`Z+M>nv#<a8zh`D=XJ)5%Z{fPnl8if)By=-L_(G2(TP)8@hn32E-n}@U*K52|
zIktOV9tguym=9xxd0tOUNqo?!p7$-z#H83{hv%ij9+(y<U`AZ+;)hW6TsK4BKLiSr
zkbI||sOIeK9FID`8jImY7mxE9jU`?N^Wu1{jyqBL-k>Tfw9E72Vm(xYTR8_|YA-~~
z2`J+x=P~Ck)SbM=te9fA<tycEhKWfZjJa?MM&T~Zg4Zwy{)Z|j`yMkI;}LI;$*AA!
zLO@+K5|iU{7vG7>cmdUwH&F$?MirQ4ujggJ(wGQaVtnj{DR2bp#^#}JU^^zq?=b~F
zz>r$(eeQW_AUo#93aBpYiz;9w>VhSh2|q;@bOCkUeP>{w#nU^BI~!tl^7X-#xCoQs
z_I>of3OMF6-o#YIUtv{D@&zAkfof21RD*`Q_##w6>s<QhF8vagCjA!b&eQL=9;|>G
zvNq0s`{{pm-FOnR;e1q=et|3k?<(q!f5EyK<A61+F%}`d5>w;%sGfX`YGAU1))NI#
z*Vn?#*ay|1d6*9Oh6v;&@I5NSf7lu`ed&1<F@(Ax{439k#t%>x^+4sHhswVj8(@+{
zo|hjxqk3);s)s&C_3T%uq5Q$cLw~po5r-{fI?O<Z0$300VH#YED)=BKz{i*#|3y`l
z=7{w~9!yKTDrUlt&PiB;_-523zKz^i$cuB-CS5+%Bx!{zU?Qr;YfyLm1*##p-1#?H
zfq2Se>;c#Ui{TPfzVlcJe@ER=#^cswWl=-j9;3AWrx3_Q!ghD!JZ2{T60>0H6V|XY
z7)iV{YV0PXx^}&b?{o3Xs9F9HHMas^+Z`vxti(&Bu4|7;soxtyKow0#wRAfw;~5wK
z%bED3H8ek}0S!?3`(iZC#wa|8y8b0*#I)bAZDT1^Jv~u#U=D`VRhtN?tB;_%^ct#y
z^la=(FNx}rhNyyvpbB1&AK(F0zI&(&{=?#!`IPlUOH{)KVm4fc%76G2{U1r-M-sHt
zy~czX@tws}q8gYLwc(V*xY!sq8QY^8`l0hv)CP7MH9245HB5QhhT<>GPCR(VuFrLb
z{x3{ID-vqsJgkO4W9%@-?W{GV;5oA##^ro1RM$7d@;DT`;1@UtBhPytqvq{EHDu@o
zyYqz@oA?3LBtH=%psu`)Nipmqn+zt$rkEBh;XurT`%riOE9$A2@_T#gRl$11=VDI0
zjkz%1CA;I|sGe+xYS2hjkB62LNJ?N6Cc^!w+4~(v;4i54{yS<8yhi0qf7#Z1Ud%zf
z8mhwns2f^|8uKqvJ#`n=fZ!FI{TVQ()_)-a+CocW3T%Yxnx3eJOu<698r7ihu`pgo
z^+=*0?2gN#CSP|<jI%Hku11ad5mb*oK+Ty{SCyafFG3&|3C&Tny8~*Brl5Leo=e||
z@rj>8-O*K4L4RWkO!lK)p9|GP^_=Zd4IhBza0KcG_G3xv_nr_)jyajC>au851zk~N
zH5t_-8!$B<#$<R6i{lg25aqaT=ZiV(qZ-x|)8cqciK{RU?!}P0><9r>d=E92@qV&+
z5mcA8!f>2{s(3D{$2OuW-j2oaOVlKMfkm;(4I84-s8zBRqwz6T#k@B){se~Hw1>kM
z%uoC-md4~iv(&Hw>Vnl6jrXxE=D1~(t}B)yJ|C;#1x$#kZd=#qz-q+vV{ROd>hVpt
zL)O&?Nzet?QDgkOi@!q6`q+1@%W`8$;>Az}48SBf71cA#Q9Zf?H3=`d^S@#S;;&G1
zD%CHRKX-_LW^sAc<m-#-+6AatyAn0VCs0H5A8JUl-L+ZY2s056p?YpDD&IxaoxVcN
znW%d<2cl8wtx$6yG>w4nU;!4v&6ovmpjsOCtL@dvQL{QP#>8@%8LQwD?2hW<z<o=v
zi8+Y(!K}C#)k6odGG4#}TK_43v#zX;={eCB)8J@S%a@?K?lV+RTtGD}&I8Mr0o9Na
zsQj%^vwR4u!r7P+*W(&Ih8ns~57i@#{|Ex=fkl1-uSza{0#)EuRD=G)R2ctvdrC&3
z3hIuUJ0aAV&p|D_wU`a}VFcbpHT+k1{xznhelPJO8`C_fu5X1ca4fdL>(~lQKDIku
zjLnGeN2MqI!}9mTNaEjN4t#`ZG5HfqFMw)D1B`<$FccurnSff>4RuGOFadsux}&wI
z9@vE{@GPol9-{Jx|7q8!LEU*?R8LjLbl3(}&PW%Z<<4*Ulm1sh$4F2GH!v^$gKALr
zr}nrlg}I1V#VI%to8udd#KwQwY8iqhiLb&U_#=Le37^^ias@S45<Rzu6?#tpYc|#+
zK^w>-%#D{&T^RPl3eJhzkQ$&S(;SS#Pf-oOf@<JXR0Zi@`m@`MM#Tr9%3bK<M^WY9
z3lS(nAi>}ERc<9z7Y{`hI3E+^AyijhaPdD-bH)3|8kiN65v_$eu|4L)nWzRFMC~&_
zyY%?4EMKS$0Zoc-sO8rWb%(Q2vv)gwfR`{5|8waXUt7Z}V-?byqRy|v0(b~@{ZovG
zDc{)6nia!|7sQ~}e=!2eSPD~MdrXAGP;+1!#>JJWhJB2y@LSZ-b^F)cj{S%~$4Kn_
z*6w&R&LO@Vb$zA(Y^Xb7b*=w(F5wYIlOg9j%g_@W68{*>;#-$q+6(i>5g&o2@n6&s
zmIw>;>R?}Nj9+00lLf;39$bKG$XD1A>jcBRjLPsCfl7E0Ghxc`Fn?@IpvJ5<YA(z`
z4aMiE$#>hGj};@#yF<Jv#tdU=@_#LfM@CQqj&iQR<irnRD!hmxO|IVwXpG)sLX5*V
zcw%81RK_eWUK-O9uZ(I?d(^C+g@tfGYA*eO>XDbIq07yywB|%{R0DdTX8+jOVIlvH
zJ|;o4`Fm8sf1_q?mN*u#f{G77&6R~1i3d<~<R>hLf4cMe<A(XmvI*+O`lD`ajB_?>
zuC0n2vKH?lAsq={qE^8*=Rc^eGDW;Fe`Csoy5oANI~a|TxCuwo^(Rr~R8GK9U<cF?
zc6TnuG{jG!8hk56Kz9_G(5!;_i1%{w6{vN66jS35s0Kbo<x7|-%zy5e!wkgxIp?5y
zW;<#KkD`{{byQE>LiJ4OPXfyL7BgYu#5P8SoYheUv_(}s4E1bSgeqtwCc!<Z8~Fy+
z;6Ge?FiDvIHk|_1;7C-D)<fo4$ZJVJlcN*r4i=&2z#eRlx3L$NN*d-b$B$6y|Ke0^
zk}S-tk3ZutSRi?r*8`KM2=i*<Skwk}+QpNm4D%`yZ;Sr=Ur!)D36D{C_y!{}bt=1)
zk{C_AE|$l+SQsy2CyYoP=6~(i3w0ykqsBZ&nlS%69)&PJ@!qH&ScO_0XVHKDho=qm
z-}NF<PrquY9vF&RR_jqc^8@<J3ROYwbYcE0R|`z3e5lEF0JY4npnB*LYG?<i53^S>
z)FeKLA!U3(Ko`ElMwljpRoEA`fy~CkxE(dteKUr6-Elms!H-b0K5e8`R2&s=ftqAP
zF)>bb>5EXSXICWaUoH8Ggn}45lbtAyD!4Q1X|@2h^BqDB!2>LVxiXvGQC++l)pJ)-
z*N11}d>CIpqBgGnS<P9fN&RtF)_){{qb}hWm*HQmMtZ7jb|>vo`Np7nYBg$7?MF2*
zEGo?ZiYGT}6?DWBI1QEW7^)}YWVdCU64kQ>LIiZ@^-*^;5kq(s2VjL9VgAEs4{CBf
zN9Bw9K(m)sgQ{pdYEu4&nk(sZ+KyTp)f4Sd8_pcmv*sK|V<=g!F#j>y7}a&lQ5BuU
zI`|4zQMKIWhp6*Ep(bI1Ja)&Wu_5seSQ7VQDSV2mI8R>d(cY-*_99z)$h+%KMC1$e
zzxh-THOBLC8eT>f&^Ev8daOWvKWa|AMXl%T1uWhZb;k>_EFMSoaIj#Q|FvXMR1Z$T
z((3CY1fog!4>eZh3Rz1hV`JjyFe_#&Y%Q;WDsUL8C$^$`=mth(_99ksH`E5S8P(ut
zsPjdO+A<!BxvAgVMnIG38WzJC#q18spjJmO)a+jBJcSzTH`o#L7Z3A>;Q~~H;+F{X
zzkVo(SDF3GP(wSglnvEt%uf6ShSc)M1T@==mA0`Pi^Yi_K#%`DM|J57)>1~yS~kr8
zCRHU260d>ju?|kaUU&lkMBUila_)r%)xcQMHaSa1v;NhUZAh4j^H2@RP~I-=iW;jA
zQ9W=THQU1~SiBTwCf*C9a1Lg|y{Kh)71e|Pp?1z(744zb9upDoUy=2%28<`6E$+cM
zn7oo1>CELUirTr#yLb=hU`$N<SWJc=qV|c+s2%nw>M45_Rq-QKJ#Rw<ViJf|*&dS#
zQ5!{SRK_S&#$p&3E1(`Cbx=Jr2D9L&s3H3v)y46u*d#2AT9%_xJ$V7u6A7!@912w?
zpuKtoYL+iXO_qbGJN*r{p(L(mTV{StK)gEYPMe_`+#BQL2&{-xQIqVnOMi|UszCKH
zFA}pM4G(!$2xvp-f!d>&ICrDo(axhL-+h;!qK0*8K~zJkp?at(s>?f|8ax^`DOaH8
z#D0v#pHTI@#mrj&scTvflt!Isj#{sSQ3dQnJzlS%y6z8DPi3uT4X=)>cqr=n4^b6v
zM-9b!)Q|;gyN07~tQyAD`fp1>Popjvzz}LI$D=AdfSN>4Q9Th+$0{z08lq09A)Dpm
zU!W?ugS!3|7R7vZZB=wZt+JUI(vEkTfbJk&J!^R}Q~}LVW7ZENaX#t}ccU779@Rq+
zP;)4vzAd+`sO#&auJ49gjx$iJZ6~V1ck8qMHHi{6unV)HW_<%^N7VU2s2-Sxs%SN;
ziw`<)qE>^~&?+o|x}ip>e0@<pF%LCYPGS<g*pT(FS$mI!Ququ@W4=bV0rf&vxEN#O
zZj8jQFg5;+>WNpVoiRyc>!E_E^<D@4Nr`IUXm@@)s^?CH2<XD!P!+{$VkfepCQU`u
z<Qs_Ui5aM;-Wt@7cMAQvftqX)O|4-iP^+LJ7Qz9jIj{+%@dj#+g)%g=u4#%In^~wy
zb{I9eo}jugRdXA|k{E+{JJg+ZK{aq3>W-H>x1oCI2&#eCu_Qi4^;qr}{*8yc$^?|5
zvvZ_#9%_s>qk3pRYHnOZ75qDDa>ZzA={Zn6QUY}Y?NF0-4r+(oimK-v>dx<B9<Bcj
zt*q;6q2|IE%!xBmWAr&{PF%+Fn54D!Oe0j6jz$%{8#U`sp{~D;>cMzzY_=CcHKaXi
zXeOcm{=b2MDmskX<8Pw6{2}U&<F&OrPLJxkVyHW-hZ?e8&ef<2E~2*Hm#8_Fp`BR@
zb$v6`koCuqCe1VgYWV@wm|k@8$IkHf){wNQ3v;6is)TyHwnnY*>8Kmofx5%9s0KYo
zZ8(WL*p0M6-N2v@tbdK+ToTlfU8oA~p=SA8R8M5@XgyOMV-atR>e@D_uAYJ#^UqKX
zxs6&q5uL1o#ZcvSLiNmSRJnUQg=}43B|$BY-PszD12vhVQC-*-BXJ^X=h}#>=mM(2
zf1~a+VHfMcLa3gogKB6mR09^Go*jo!%kplBfF@6>uC_DfMXmD^sM%i!H8kx}kJ(|U
z)i4QF!A8`^atzhb=co!2ce4f-b+$q^a6BsCCRC4yjuB8-yue6I+1+}gII5zis4*Uj
zn(Z4<>-;+E&Yz$f64AqkA{#1yJ=EkJjsBcK&6%^PId&fzijWuRY3n#As>0eBiM>%>
zJsUMN`%&)+KcePLL@yijoT#B{j+zT&QDeLnbz|S7=Ee(D1G4tE29!bn=YP!zsLMv7
zX60Hef?uM>>=~-d()Y10EQzY14XVP)s4?D&k$4Sthi_0_o}#baSV>gA7A`&kqu77E
z^#s&_Q|NaoMiP(cXLBG2Y7Ue_O}YlC$urEwKXLJks0w5Dw`G<SRbD03b*(TG$D?|1
zJ%+TEeoa7QdJA>O&z%_t*qv9yNYXo_3Y?6Ya1|>5VR!x^Y6#;Fv?0lby5k0@d?QiU
zZA8t9lLJ}*O1MXY#wKEr4M8MoR+mQ2f!?TmOWpYc7)ksGm;Mi`%hL?Dii==j;;m3U
zG7nYG9#jKwV<d(RVg2ilG7oWMi<)e0P?Ksjs^ASS{Sd05H&G4x8#M<~4|QFQ>e^PQ
zibAOKt5M~hLY4OvRZqOoFiXgVDzFMhU^k45{hXsvT{ac9vu#2R*%f#GA*$e)sO6V<
zxaBL0YEU1niStl%=LTwMLWxJ%<SU74VOxyE$*2sQo##;(zCw*<o{<)Bin@~-s7ba3
zHJQ(&dg=vgwImqjHY8M!v_kTQyeR}!@h6txeUDmh|DfhT^3nDkiz=udnt>{C8>&Yx
zqn7P6)SV_AV?$98wZqlGgg6RyLo-ng+~cRS{;m<w9Xv!$lGx0N`d9=@;S`LC$FK~Z
zLXB;#u~u;o3@2U*)xhc)2YaG=U<j(m=Ah=<7pQy}FfsLe&j@IJ#~5d0nhrI_`B4S8
zLlw{&6XP6I1#2-9KS9m%Gw4q)RL{g4Zw=0gy0LDkop1qaD?f%Ib@6Kgu`t&JYe->K
zfi<0dQ5Vifwfrb*2=1b~KHfxoh~+>{%Ce{-Y=F9vzNm(;MwPo0HB^@;vi>#p|B#@u
z$vDZnsG74KYElhzuEG+;k7IHC4>gv>CR@W=VOip1Q00D!T1|IR`5vLlOFYGfrkKVy
z5efB3P=@xXp_q)i<CUncJdL{WA?hKNXsQ)Z7B#t=x_DRA9gjsdU<ay)en8EcXQ-Y@
zI?bMr`9lOWDLSIYZX~J;7oi%o1y$fV)P?U*`O{6e^Mz4E(Hu22<51<SM_u<7sv&=%
z-ZPTVu(^;66A%wIC7=Skpeh`Lx?sJFpF-Wi6I4ZUXPSjj4Qh$ia2RUiIf5G7KTs7U
zo@J{m5>-z*XH#UzLtbA3DrgDn4)&nN@COWHirLm9X)uy_UQ|JKon2AuJcPP|ov5L^
zf@)BVIbq&xEQky62x_u7nX4gT{k0{a282*!y#jRy`%$y?21a7oJZoTPRK7~6uI_;9
zq0y+P=~C1Vw+l5_ZlbpGcpq8=Q=xjY3`T1GcP5|~Pe!fNJ*f458`Xfg^KJ6vLlsyT
zHAJIP=Qp4x=QpTz{Rip=Cffp=11(XLZwBhdwxSwv7X9D<dr6=a35gflmRlQ@aSW>9
zwW!H-67^2^H)@jRTx2~`7S$8&uq2Lj>3f}5QOo-^>ISncw&h!Qv3viYN`i)9E9$xZ
z4Qh<vqPjZy605in>JGc0dT1qTKRAhMP}ovizR9r`@!VJyhodIx5v+i5mf4WiUgq}l
z?k-^(>h*ggYPsx3HQ>DS4^%_rEw?-V0M)gXP|uJ~sQqLDY9CpEdIoGo_0Vxt{-0g?
zyAT0Ylxl^IWnNT<2B;wzfEx3Ks3ACp#qb$w&g5EYchUlte+a69OI>^~YOef<S`FSR
zo1A%2JsoOBKo!nHRkRH?M%OVCBUank<v``DkD7G-(Qg>WCw>fdrx#E|_YgHCfi>2H
zDNsF981;osO{B*{UK;}HfzcQn=cBr6C91%EsAYA*rT>oV;+Sjgj#Hw}mqabYMyMX>
zhnkGDP!0M9b=@u0?0<?MX#J;NXJcLw)v{)&3_Vc=&PP@7DXM^P-T7;%F%PV_oh}pV
z`uwO3rXp(A*FvqD!KfSh2({52!9>*W{X#%H*K>@-)EnF#VSsoe)Ff<*F>o;I`9BiX
z#gkDLEyGAWhRS~zOJiW8l~WG2YAT@SN-qqltL6~U*nWcAxlX$bf4lTFn{3QWqV|I}
zs0t>cdSD&u`Xi`0aU0dJgqv+BvY>h(8Vlh-)TG?J*{%PxBxq7SMOBdeBkR&qsDf%>
zLTrPos1IsvXQR6ETU3L7M=jsjAKM(tfNEd~RJqMC9LJ!Bbi&6Wt6(Jwx^O3|YrjTK
znhU6h%L7yaX}4Gd%A<y?J!*(1qwZ)LY7*~2b@hH!1MZ@FCb-pBR{_-ZtwRJN35-Wg
zj`c3XLDbOv=FZ3X#CE<YR2Q~J6*vzySr4IB(S6kFd5e1Jq}pcRH^_?GHwvH{+T9tN
zOF)z7b5z&fLN&zOZe5xhwdEE=wYU%ZtHPy!ifZVus38e{YC~BT)sPNY1xKSAd>qxo
ze<9_Bytf3@)v0$_!39w9+Nc6LqwZ|1a}jFxeu66S9BOFZqPjZEPTT1!pyozjEQ0e;
z*PTT5z(e$Z|1a@pc4v7|lcE7?Ywd;V>gA|aaSprSYwU&XciEkvMdkk;RbiUlR$gh;
zTW@>R>>r4lE1OW0{bNiWB5;O)y8b?@>m&A9L6N8pr2?ua8e<IXhnmGhFaeIl>Np+M
z)t69RoOZAEWE5)eFN-R#C#t+L7*dxlbtm?ry8b(t;TP1{|A$%~MLxG7s)1^77tD{7
zQLE&0)SW$W#^2{=JE{S#QFCoNs;77DWBn`P3<>JGm#D5v^@WXjO;k(Uqb?YQdI~N=
zHT-K-!S_%@lw`kMUj{WK{ak!C>ik92jl4x&pX31RUtM0{fMuwG5yS_hHk8q*WwabM
z%QvI$_&BOTFHn;y;Xx~>D5~JPsEw-+>Zvy#b%RS$llcH@@?HoLP*=V~&Ekw-+89+v
zr8h$rFbs9)b1*(0LREAI)kBY5JmM?6J_<DyB~T4*joLwnq8?&XP?I~fgn%kOjq0Mm
zTs-|D8@r0A^uDN;FGKa%4%9yIEvg6Zp@uTvVY~Aps5`8VC2%N4;!e~YyNFEYkoS;)
zCfT1@60;w%0y?0^b_lA=*Q0vi5~@eSkJ?zKMU8cSEQW1S4PNZhkGk}ySc>!yj#+t~
zv4EcciwNk%H>j3{AGa<_hw7O;sAbj=wWoJLb=^!<!w;hx{x_;?3!bosRm3>No1vCn
zN9Pb!k4(c1)bAZ5pdIQCs>@P+ZF_nZEKIx)YUf&yniF4RB>sw;WDzIry0jRJcy-jq
z(*QO0oiGx|pz2wT+R87Z|Nj4)fZq9%e`B-0yt6GT<7m`FW*urMPN5q12Gv9PzqQrT
z1T`lHqUORJjEVbDLv{!&;uX{or8&j=*JP@E$}VVws$dGL;(e$)x`C?bSJX0$_nnRT
z2dExvhAMC}&c&Um22?n0H`WuY5?_oe?`PCL^V{i=O{%nKtb&@TEwn#s`Rqeg_!DaV
zzH;%jXRQInQFqoAm2V7csFtG|_7!T<K0;0Abm#2-pgJmF!w>;Ysv)TLyau(N4`C!;
zLyh4Z7f*iPT3!^j<#tEi(Q;G+HlP}Q#CZ?Z@Yolu!d$3^)j`!48bv^}cR7~FE2x&G
zx@eQA6vifA8#RlYqISq0sD=$d^}tNj{;(b+@e5Qr*IfK9YVv0I-WpmK*^2r7KLTn=
zKU9HpP<QY#YGXO$(x0Omkl>Q#%Y>RMr7#kEq0Y~8=hvX-#C~jy_fR)d>as1*%9v8?
zzXbtJ!U3oPX80%gN(r^T_o8O?W7HkQzG8lWnxxe+68oU`i8-h)UWMwB)2Jc6gNg7h
zs%H}XK)uxO6(FFN)<9J>7}X>5P+hwNGvP^8!4FV9mGY`h+5#AlcvIBSbVAMcUZ@+}
zjk>Wj7>Tz~lQQf_)_-;a1qf*8YmVyj{-_K~P+RLasLAy=ssYKa*=(+WYDiyHgQubH
z@FUcXe1R(WvP*xAYRG>Wz{J;C|3L!DuG=r6r9$oDZBS#o$i+`O-(gwOi~VE`9pYSx
zx{>3ko$nFq@%<mFf$45oPZUKps4hlg*Bh*VEx)NGXixtPHTix;Z8&jm+MVY|RZ!bG
z7<JuB)XsSlHCLXYD$Mz_RZs~v_MK64Wvolzh?+}ZhX|<PU$F!xxMdBf=In)P$Xrwx
z??qjB8CBp57f*BBhO8v2ydKyJKg6o|1l9G$?$|@A2395>YD_>~y&P4+Y1H2SJ8BL@
z{$jJW9;zV&ol8*-IE3Z!E=FS3yViipsJYV{wezh&4eht6tvT$TUtY+|Nk9eF!{#^`
zE8#g*i<A9oU6>tpXBALg+ygaPC!!j@)uo?8P1d`pRTXyMuFH+8rx9vd4o83e&mo{?
zwizSwE7auq8P(NqQDd0?H_KNX)quJ#-W}P=ys@aswGj1K-sU`lnk$!4`QD)#nCt-!
z3K1wkKwZ@Y)sRW34PpgWz(c5I7kFrQlpmG9C2D<7M^==#9;Xl=^C--lhcO@1^{lfc
zsQf3Mgn3)Y_Z(Hv>Zh!K-RWKe>e@?K9REdiZIQohGPXi><yh3D*@~JQPf>T4>6wjj
zO{`6P7}mtEu?Z%59_Dq$?ih_1u$R(bu>M;R2)(d^u3>!Q;V-SiB&g+B231jeEQ&Kw
zllCa8XP%)ZRi?k~1)~NkeKxA02T?=v2q&QTPniE#^ArCGg?a6X-yxw9R(fRxFGY>z
zDb&__2Q_J)xbrby+qy4`rAY69%C`zN+qa_1yNYUPo;No6+Ms%T0%pRsAp%+!$51VO
zgY_}jzjnu?QOj;KR>L!>4JXB0i&sE3Yz7v@wWzK45~?A8qJ}R0e^!1q)La;b>e0|<
z0_wU8sDfW(LyUT77mPrqZ$TA!#l?f{;JTB1xEX7s3VeZyFk@K2->UPYw&cF3a>k){
z+HJ_H3VF8)Y$V}d)Vg062>5TQ_fdO&`e49chOJOtHVQRoR$(1{h3bK7;Q{|erVY*~
zz7$7do)`gttUpHea74_2zathy|M!1F1hm|?p;~qx)dS%X7H@_cl9^Z&Z(>Qz87tr&
z!p>NWWtJ^=z#B?@K-_@$5kADWI6q#%>wwQN4$H4e{D60fc>4qaZ@Jcg(S!ki`CUXc
z;5F)5kT+4lpBvp!@ikZkuc5j+QDUp0Bz{AD8ES{?n8bQ!Dryq{fNJm)RFCFN8t~^z
zcMNI0uOOg`FJoPdoh;x@#^%@!Z(%2_p4@t3JGLh7r3m=@MH|%6Eyn8j6KbrZQU<(8
zY=ARyAkIZERlw^5^HK%u_y4`rb|-mI8_z5k-;L44lcli=8e;?E%di?g#==-Mt&M3<
z)CRN*bz@=a?0iYo-06#2CG)TV9#6;LKkCFw60~emr4RV;|AkRI-AL3dKZ5GopRpW<
zXRv}Rq1OL!tbuz_4f8VET&a#~&_b+$zhD=PinJb`6(SH#!e6Kg3uOxUf4emtwRK)b
z?GL##2mFns6J{j75C`BM)SSqX#crexs-m%|RdNiQV}`5&|4%lCp?1_esMQmSnJwTy
zEE=N<zK^=Yh$x#hRZ&~+c#Os`P-FWVb6`~Vfd5phi|W!&sC{A)Cc$H<imsrZdf9TA
z6_80C^4b#6o61rw#qxNGdY%`|X=7L)1H`AJ#(EZR$D^oyqkpb|w}<Oe@~G2nKa<BQ
zzK1D@|ASgB3G)WLWmp1V;U#Ry^T#`zFW?QKfXoE~UU^O|Eoig*I_e=(qL8I`#fro~
zM&03KjE89o2fQtq9edzK)R>nk67aw9n1Sty-^LkOv1q_si|4RD^?Ut`*|Iu@Er};D
zZg<)r)u2tN$MbKfNtmdFP0Avu9jzf|!U@ieSc~{c)Xtc!q-}6HQFEd;>ikC-(&TtS
zfU)rEma-GmP#eY-)YB_*Y3tGosIF{`N)KUa+=06OG4{gjW&FL}TY%aTKSlLG_Oj+Q
z)K2<)S=PUnU9oajP(#$LpNk#wzDuteZ5z{6j6?cW)Sdi-nq+0m+hnYd>ah`+3=g7K
z#|12d5f!ZGDq~gR9V>)vEVq)7n}n;VNfV=Dz<*IlhuW#upq5+0N;WCSV^iV>P^%?r
zW!qR9qIzaB=ETo28{WZ27^_Oae|Kz+8nU4w0vQP`MfJoNs14^bs>RPRH5RC9LsJt~
z&=S;E`xxtCv1-=Psi-^u8?}?ht8V2NLM`KlsI7cD>V`s32(%{9p@u#64x{EovYPhP
z>VtX)T);M1l1E)XT#6kqPVIpI(%Bo&5r2UL@kE_~w*pJl4R~Yl3hF7^xE`wwHzVmG
zFGGE6;Yw83e~I_;5-!Dq4XjI>Gz|C~&=l1E@C|B1xsU3x@J2QynNdAC0(FOrP#ae4
z#<rY`pn9ewmetq)(+Q}cZ&3yPih6j2HwpN!*JV&+)dY3t!%#i+025=yrZzN<QL}v=
zw!<{d?9NA`-X~sTUaZsHdVDn2)B3+oK(je_3tL80P><sysIBt_s%I*-w1&3CDa41N
zHYBf=&HhTLJME2HzDqF{UP3kO2IdK42wDfcMZ_nxVf{xFNYmE3wj~xNz5+FCzsJ7#
z3MXOrcD4~cK~<2lz0LXtsAV<@Tj2p5f~h*#!)6X@HS9vI`<tjqoU<eAUtJRFXkD`%
zOA)_;b!lnpPBtXnJKM%H1v7JgCzi%bm<khjv4-SC?QE@4JLVQVi5F4jF6(M@=L%|7
zz33XUu};{{mQgj-<XMW*xCfQ-C8~f#-2>imtc4nyudy@@P2PhzHt5OY7uWW(hTQE<
zg~SW=VG?7#zHH$*uAh~+Db(Md*LScA1!fyy?`XX+9`UWH9d93o<1s9T-=KQH8)#3x
zGN>+YjM{+4qK0HAmdE?3IrhOI>%obrp$=^(pxJ&Cn_$Yp_Vnt5N<WB=@ddWTnnUbW
zY%}&I{s=WBEr!}wJQ}s1%teno{R2-Be=^KoK=uqbGmZ%8*K$JMGy?u)85!{UbHN;3
z#06oat>sIw0r6`%5%Y|(*Xz$vv$`ci*a5%CK3H@t<={qCgHw*PNjVVJW9Lyr7k|92
zWBs)v(3ONk*dDV_u%4KPx|3U|x8kxB?cHrQ&L{o?wfv?{vh{ri^?1%S*&g3jP^)Mp
zR=~Ab74M>+qPeH=wAA`<LO@&QG1MF=Hq|EM7}PR3huV0uP7C<o-&=^9j4QDo{)nm|
z=X7gmZ`9a+iQ2NCqh4eh&Iou%aU80?N;6siT?p(Wpsh0FEZayvL_G};V0`=ygZL8F
zQ?D^Cc9?C;a}4TTa0M#=3Dmpb_n43&jWH+S?I50fZovBlzsApT;5^p9?l{+n0k1O-
zz|>rD6{Cp%HQ$CJ^#Xew_d`9so?{PezR<@0I8G;?eUZI@e1^)Gak0JYO+;;EW0qL@
zAGm;c!=+3b1%6u^@Gj%%Wj2-#m)nJ#@c`*-SJ>-$>y-g-9P#zo9kZ<pcs+3rYG-?c
z)v)Snn{0DY@iV9!O|ga{;RajdHar+w8}Jr#qQ`pca&LpJ<2<M#XoecQNvNmZF4Tr}
z(WO5^J+#tnv>miKY6!Zb=Ez`F&+NouSbCG)@E%M;JXB+|WoV7*Ncau4oML=rv$q>Y
z6Q7M*e&?_pHu~6>*#gugi@7D>4aUx>>#w6GS=p@?{|vJePyUIOQwEu&A@3*w?Od-g
zIcD8vZ$2flAn{?SF5HSq@wtn~+HUFfu?*?UFeP3^js2fE8XJFV4fr0*5-+-g9%MET
z#!6cMb9M#%pHf{y-N|*-n@Y*u_Vk*Gdiw1^ZJ|Z?*fN`k8vEO*SFzfAZR=f(d5M36
zx`Ds30p|SN-lRsO(tpJ~TK}o{*=(<hI?)G{;9AsPz8e$bJ<NzNFdCD8Vb6jlsG*zf
z+=}XvZ!j~)+;4N|1I$Fc8aBZm7*fI!0xI|yR2K#h*p{3YRq%%x3qQpHxDWGTu7kD;
zTH;3HC-7hF`K7J*ZeInwO~g|lvZvo+Tu%JyVZP>M_Rl)P`aelR#$y3*5Z=e7*y?z|
z+kh`|F)lw5@c+%1LSNe?x`-7>e~rl)%Q7eJ1{$0Sc;iVQfFtk)w#I(nF_ctz7NhX5
z)AkCN`fSM7`@pldeotZ-E=YRLCd~-c*xx`6MaT2D=P$tK#IK@u#DW)W<5`C4(TIyy
z-Urx__+T80-(n6d|Ghl}dV~mQoi4yswCp_Uq4MC8O{zSXZRZ+_wMoB^DX_>Do87fg
zlkXH}#biGOys4B^0yU&ZuLitRcn9a;wjZqr%UrV_40R@;<@FJ&;HRiL5bL_#aU|*?
zQy+E5>rkuUUzgtWCwt6(gbhd!zhSGVDXQl_M(qRnZrT>V9-9%5{j+b#>p-9-2?wxh
zfamosd*Nt%$12`~nyoQ^vE|ts_541F8r!&cc^GlW-BAslbk7=i1+|O|{2K6X;{=?K
zo$uRFyut=r|NVcnS$rHddGbE6<+c-Z5kG<&`^Pv6Gd#3!KrF{_Dz5Q+z<W)4-ADFK
ztQwE4fm={x{tAa+|3B>Of!|OK@A`zEr+&UKZ|gb1pO&F6E+hRcPQ&g`ZSQ`Dn$^Aj
zva!F9jfr=DX5WA~fP08{d2Vk=>0a1ZL?^H}>FHnEOX&<eK>R9()UpMCTLp3dv9X$n
zdT9KE>e30XY^S?~dW=TDwhDHj#<uwzTUKXKJL2<yZDVTp*1CKNYKU|HXWs{$ikd6Q
z-?9F?5$N{LzBO_IRbXpgH$KJ-s4g5C7WC7fq4tTcfuOe=f5I<uUNGqWjCI3<{&&&x
z#R&S7bTGCf{XDkC0x^T$ew>Fhu~tMV=&d2}V?@w9h9hDH{eR7_Z0w-_rt$+0Cw*d^
zp#Ket|4>8FA#Tv0D>qO*(k@=m|BmT-)Kjo&{GdPC&N$mA2zniuD=#oPHcJ%rU+wyY
z5(mBKTyPA>#AItt67+kd7>}q9q_4s57))b#+8e(jo-3_2<RR+0-Z@>+<HtnaO)N+J
zn+!q!TQadS2K`sH3P|x@8!V*!_!2`)2~_98xsld&*D?kD{U9>4-Env9OvW=f4hv-o
z`v0Wb9vn%0R90)?Kd8CXAzRS@9?*}dp{o)V^k@55Sebab>_PuEy#tog^Zx>YhMb6>
zBj|te*d7}Z{|ZxM(hq|Eb3YF%UwJ%?3o#)!$r<#2;Lyc66!r9+irPt+V`BW-r9VZz
zZ-nOx@|b4*<s(p<gf>`47hpmB5i?-C+*Uv?j7Pi-rpFqX3cFzn9EYlSiE}GzoqvUT
zuSl22x_%_8M?b|z)bAzFYm=-8ZYO>hwO;4vv#tuuZ#~lw>ymy3HJj5Hu=LTWec&4A
z!~6w<{?~}@Q1K<Gcgb%sExy3An7B~T3#kG12&k*hV=_!uIOsoYKEVFOhoZ*%0s51t
zNYH=VU5bpMcMp}Gsc6t&=Z#Tgy%RsczcG!@7Yq8&meQD+c%x!L`}?1vBvd6~71qFC
zQ4fg%#e@DHJ{`4T{DhhV`AP)6Xq<pk@i=PeYL^W9-<X(z+E>0tm6xxS-M|Q}MEoVH
zzEY(_wp=EZ4*Kus$56{DP8sWw3C@$Kv5i|c=tW`%)N(3^Q?Lro!?Rcv+m*9buowps
z504J|Uxp7yeVuRswX7pT<!v_hM@@<q*bxI2>`uF&cEbI*6+2b50uogU`rqkjg?c!B
zj7{+xmcxRTZ5a>1!o&}tw&p)kL({5?&7IIX0>wyphw8#&Rc+D@#)-u5qBf%L)vTh^
z*o*jE)GFyw-6q#cR6|aoCfys<dqu7q*5E;?iVve!Ma-K14Tii<1T?GnVM~lv%eK@`
zn3VV>)a?BYwI3v}Z5vHK{D}A_Y>##81pP0!ccSwBfV%Uim<OZk+9Yj+#feWv|L1>4
z2t<+a1l0p6>RCe?VHM&#P-FHt>U_oeHmk>>Hj=HVNp=NwK2rlb-xk#a)36p^#9WxM
zq4jW0^#A?e{RFfDy}%Y&u#wH)SvZFHOYDS$8wb61cnuXV)x;`TgIX02P-9=FsZHL|
zn27ihjK+(oWtX&B(0>UniXm+XZ3$@Bjzq23&#)i<ggLNwbL*iYsIgs%+Ca{ru8-Hk
zhA0PWSvAHi%7+#32x@-_Z)xepQ5#mPmaKnu&1WR|lMthc7i(n&55oz>7og@ws@66)
z2B8{u7d4sUx3TMc;x6Lr@gz2FYdw^)o$aXIP(5%3Bk@%`*1x(kO?#_2glh3&)N%@T
z2>LIZEwKRcEm#77LhY0(I@$)63$qa)jhd|MQDc1`)g%9+CTXQkLH{j!6Dpq<>TEk!
z9#jF{Fe}c+BDf2+%pTx$OxMMBu+3PC_#;%$<>+ehcBt9E0<|3XqUOeZ)P_^4n>{-=
zVs+x77~Sno>!LDj#-W(FhqZ7TYTfQd&E|h`23GDF^uM0JfaQt5LVeX+s+TpO2Ws+7
z#3r~9)uWHF6;|r)Z}B1i+}?Jk*QiO=rH_s2MjS~z*w-ouVOQcuQ0w}GenJ0>(>B<K
z_(<n9R7EBF+rBanRpD(^mzNz7^j~UwVpTo=4-%-ziSU8eh1F1ZIuWDs465P;gRJ5q
zs9C=iHO41VtL7PM?xY_a^uP3Khl-Cy?IXu<62=)~H#!$v=<$1wfLfe$s5u_%6TgP-
zF!wNfKbVCbiAM~#F71hWN*+b!Pdmc)kKQ<n_%|4hl}Fl~nT(nX-=Q9I8Aq}H`x96~
zpgG1FZ4aSNsIfeS`cmr^cED<5EZ<hts)^xNPY={v@i|of8e{EseJQFZ<Bzks)dWWq
zKa4}L?0D9{mdBp)R^VG4PrSnfo4xl?J7S87_FCN^)noTj?*m;YS<mc8^+e&x*3em~
zec?}3kJXuC4fqU)6HhnQ_LD_ZX>mOg{vx3pR-9%PeS&?6XP#~s&O>$C8|;OHX4swG
zMoqq)Gwq#l8fv+2M)lY=RL_)|W##X~F~l>?ww_)SBA`2oImaenb8Jg|A?l7^pk{BK
zxj}y}Y{iPi<IS@>sE2C!C#Wqo`G+>ydSWHwpP`oT->7_L=G)xage8fG-V*3Rp!fp2
zll7>s3oNt(+oA4gFY1mSpeAdrMV4;^YAgebt%Bh=i})SXv!dS;D|ZcQDBhtS#~qjY
z%R1!EBcMC}9@UkFmf4HPhuD*N%H=i(CZHzQP3((#R#*?LL`~vXsEwxQO3Qx~8xc>x
z%Hji1lkp6yXHu+I4>Oxu5>UmvaS$e5V|O$aH96m58LYb2?r0L$CcX#LU~rwi8)m?S
z#0#KSQ+b?+%TYa%XT3fBT4M#`<FJcn^Kk-;FxLjV!=t#5c;bz=gPlS(FwG_#`{AfD
z{StL2!OivpQVr`8pN|^rUr;?(>mwVg<ye&XE7bY?AG4a&lBERnu=okJLB!u;W7QtD
z&QGAaGUrySIE0!!Cs1?4`^27Zg>Ws=h1eO3ZL^JOC1xZ31hZiB?bgr|+gblgm_~wD
z!8S~W-lz7CmK-$)>Y%pV{iq?if-Nw^4tqNuj@t3E?6jd+gC7&$h3fj&pIODTFb?sZ
zs3AT08S7sOuStl+7`to|MWNmaM`LN+fNH>PEQN1Tdw+@DmcKJ5A$|~}@f>ExM0+f~
z5URmdoNG}-^KXcNy0+%tp#N)hYfxiT?Q?S{YL2AYXLq;^V-ZjJg?(`viQ4<iIp?9~
zz%N(=3+=bb*c)}nC$TujIAF^#RF*(A3B6Do&NkGGN6dpZxk_U#;^R=W`Yd+99ADbl
z&v1T)+6SIuP3-oSJp*>5ZYakg8{&DWhTX++`uab^VOvgXFa;<6z$O^uh`r6WLJh$R
z%#J^zW`EdGdnK!i+CPS4VV%bsnBbUod2`ea>_*MCu;cb{%Z7E;w~YvB8Ertd`~hmY
z6**x&u>e~VKZO-B>T7F24^)G8ptk6%s2(hG($@EE)SJ--)bl^-H)ab|1J`0DjqM`>
zU9rHo*3zY@3w}k-jXbBUqVcHZwgokLZlLZg_jfil!?6(Y?@>1taoVhfWr@$jEqETa
zibkGcZdD_2jDTi)yt6hJ3ZZ8CAWV-ta4ep6>2=Rpz8R=>ei}6?3!b-fN}(#~fH`ps
z>M45}2Vv9&8{*{`SpR)U_=^PHQTvO`fdCa^PCR)j=>Ih9uPb(E-VZh;g;C3?hl`&;
zO{zEO58YMUxE5eu(qExAxEw#)2G<;O5a0GA>tB2M6%zDR%X-b;T1TPAdKRjSFQArB
zhU@ko&<a}<zl<HR&`(y*VpP6+$n5sA+^`BaqVm5&)zkE*ZET;0Tp;bw_O?3()u7-l
zn<Vv7UAF?YZXe@(jJj=IxgYi1&v(a`*Cgyk{3>crRsO}w*@o?i|AU&$&F|Wmc%eN6
zG*(gf?2h}OmfvTnXF=>=?Tx54s*ArzO{VzwZC%$wZLxb$`@=m{#pQmpq1cT5h{t>o
z^ghF(m=<$B^d~nz|0QsfgypykNBkc2zl)vsQPBTk(Orxtee7eK{YOw^`5d+0v;ASV
zKs_twp!SD1sO4AwiQV}G)IM<+wK^*OsX4{^n?^uA@FhlKjHkADM`3p2)v+k{M?J+p
zLiNB|)Vh!Vm)&^})KDGA!I=D+-M|b~PiB8^U#g9C?!wYq|GyK^?9cJS3L1(k_yX#w
znD?bkx^Y;6_-pKhW&XBRunu)cZ&7z%;U9A<s^YV#XF}#zwmb)*CihbG|NXxk1T<?C
zzP5)+ZPfF9HEPVSp)N@F#@2f?)Vlr(qwxW%M{@paL)0BLL@QAH$Qjgfi~ZKhD~RgZ
zUT<0dnvDxc&{OPBR99E{&mNn@Q5DZbt>g2U3EyEPW_o8`UIA6%eAL71IHt$fsG&&Z
zh5H-aY*fBIm<E6KLgD`3Y=wn|`(2m_)wPXLE!^+Y@1X7=dm!BZvbi2=XqI6)e2g(M
zPcYnn$t;ZVh>ylZI33kv%dszhjoRXihQh7D(WtHTBt~GK7?z<3YD`C=HjbmHS)V3m
zxIfwIVh!SJoWG-ntY}2I-}U{l5b;k?J$(zcp_Psm?ti5fnnpkyOT5@-Wz;en<9vvk
zL`~w@oozvl^)rmdf^ozBuYL!jR>w-rg~w1&(<e9_OU1K__n_ulAijTH$crYR0(+pg
z$d9ofMkEOLU(JSL0pb%d1MWc$#U)IMZ(Tfj!f>x6@v^8PS?9ciRf%U#WJA;gb-q6)
z*81N`KwWqYqcK6^aDPj!>)eRyfj6j%>n5>DGz{Aj{}|Qfagy3lRYJY@Psah6E}3=x
z9MnVWchvU_sw5Bh3R1t<k3cb8j~a^WI1Q7f2={*&y$ahCkCD;}?24K^*PNMB*<|g8
zACf*7HD|J<4)?d*?%0iZx-@oUlTfSTI)>Du`f2SBKEY+ge?@Ib<I;uuZ?)%9L-Y%3
z@?}nMUDy=$YPJ~FgO^YhXUq`pFXPUrhuI3$o6$qmGOw7?dURpNaDM-bga;&4!-0|E
z{&%?!qPo0lCR>inQOnWGYz@hQ+9$eVb6kae@E_C-b<Gm)y~CrJI1IDe4PMF??tl56
zAS&E{7R-ub{p)G>n1n1?DSNp8U9fJb^?VTr;*Z!4Yv%~}H<<0H<#-o6VCfHRZmdSl
zg>O(BP#|Zx|21JGYU9d}<FNtGz{?>5%Gf?vxc}X$5Gunbm>Totw#il<D-a)nS@BC$
zkK946=Qw%7{cqbfMa`vi7>yBmZJ(%y?T9bM&iESjObE5hXMr8qodhp`xc?sC0~-;&
zjk&RC0V|**wk3WXhhf%&;r<rA61A>xqvlG+LN;mJpvL?#s{AB{ZNnRd3~|W&nt-;_
zG)1hdd!t%*8w+BAqP8`6LXGvus38d!3-`ZP9EzF?Gcgq&LzVXvYA)m}ZbLF18xuc{
z<uOeOO-|NdD*{m@Y;j(|cEtZd&GzOcZ9|%kYS=r}a;jU(Hl}^3<@gY_d<&Ge_1*)u
zVSSBCzlR!{3}tL<Zi1P#{y!w3F58WH@EPi9m#M6ET|Jyde4UHuFJ}!IkJ_p)qVBY8
zw7C>NApRT+VTSTH6b(=}up8Bb;T2f_TED{xOvXL921{48E%OGd2eMVNr&tT@K)fgR
z$Fr!0Mpw3i`(hj7hfrgkp^6RNRMZ?ggGzsm+Ne5JW&LY%{9V<$ym~cj*%nlTGE}#U
zHsT`UDQkp#+i*MTji*&j8}qfO9@vkXgvo1#``-^}i0ZlXs7c$VHg}9)q23e9)?xi?
z84aov?!T3;K(%xqYOL<za!g;>w&E{vA@Rt1;r=(L_o5n7u)b|nLs8fLgzA}O4XmPy
zsE5#S)ceH|)bfrBHMB_*je0X_i*;}=j>Mla8e2B9hOIz#{kK>WOEtFTHw2pz-;WxC
zq)o#8Z#)jbNyHzc8Z@w}?H}t<FC?Lp1nLp^3lm_)W>!%H+^7twWs|MB?fE0IBk=<`
z2s5^@J6nKBi2sBt_zCK|G%dsZm)U-(jpvMu7itymJ=6N1OF&~Wv9)bD`*98Ngl%l=
z+=0D`A4a{w<ZWxqaXM}w{>H`Ew6lgJZf_5r=BOUoj6=}tVEe#O)R6DQQJM`u63{cC
zNk`k$x1lPE(a9!Pdn`bF1eU{3Pz`>BnK5%`+o&p|#(o%TPV7Jp)eG#4UAx#S`T@0H
z{DxIE8}oIw9cifZ3)Ft_1~pkqcC*>L8Wn$sS`D4L+pK?sDTz1fVfMj1#3!R(K6j%g
z^$FCC{Dta)tUcZOuSG!nz%*=&U%PlzFKb9g)H~fe)J}F5D`G@%d&jGZn%#?08_v(D
zH>IR~tisZ$a{HjR-m@5miTbks^ARZ4*Y@nLc$WBnOo!9@Spl0+U49jdVuJqG#g(x>
z@##1Me{$(f2iShH0$Y*(7W-g}fi@|>MXjEUgINCqbYhStoI%}Ltikp^Pz&`i>4$3h
zG1Q&J7-D1C8MWbjg4%K)qTYm(4Yg(57FE%9tbh+N8Ri~lkNxr?0$N6GQDbxo^`a0q
z+$LofR0Bq!*7X@wPvjn9UEcv45#NptF*wq;;-;vl<!02f3mavxW?iv1@olJ{54|B!
zia@T>wn22ojKmi?_hL-qS1=CVz|r^{>fzI6j4jWLIFxuaJ*wrp5658CSnK+YsJ%bg
zIBU=tWX|#5{~=J06Pd<a546XE#Al<r_6TYW-(d@EHNgt_9Q8CyKhe(j##+Qrp*E<L
zlWb!fiCW&LQRQTrY+LzQET;8;pMb_J;}jdC9;mL|hMLV`Q*A#eg4!wP;W)g5(b#F4
zZ8RHE>-;}dd3~na5Pg9fx)?L8oKC3tVO&7{UdEZWlkLWZ#GB8uv3Y`NbbhvN#U-&Z
z@mtQKbF52eqPqMgs)3#6S`Y2P9>mkmvoW8H1BqWkZE)2-Wc}-c4Fvk(3)E!kGT%0u
z)7YMPfdzJl^HE*=2$x`qh4zKYMbvt3waB`70;&gZp=N*K#a3Zo>_GfG)UwUHg!Qkn
z8M`Fh|23K)a1HUcOYKg)WmZ6aj3j*~YW8nK4b3m8WtVcf?GxouJKsRefNL=;9!71|
z_b@)jS`qI5Zb^z2%+eSn<Rn2S@?&KzixD^xwHjt(PW%K%;SZP|8?Cek4#1_vw_$ax
zy2^IWc{rH(c~nnSSskuFit#c9d4h(s6;r?eC()@%&`ae?o#nWTWoTIf)R>>)vx~ev
z1OC6vr|(;M>o}K@Pf60&aeX%Oyd_=7Fs)gR?wr>VO+3=2DSn9XEXvpX^Ga~>XB6`O
zXyr2M_X67xzQOs{gy*PBIAX-&I~iQeulD|b$2Y_@^L1pWAuC-u;avX-`T0Fp|F})q
z9e(}ZCltPcl((*eN?e%D-H9?X9lYM0D^5Z0k98E1m;y_>e2FNdIpGrI8^))l%e$Fy
zYgh3wE>1^WM+54pW%o~aP}ooIgiiAPX0HdIJ6yPxI4jeu&jrzhn^VzD@}}fm4AR>Z
zE<;%3zmf2G&hxE7ZyaUT<C<r#+<4?Y&bdqEdw+}yxsy*hIgCQyAEQbCk^%}*z+4JD
zOME@?oOqZtzT@T}ttfC1=}~<6pBF_rvH9ruf_(W1=OS-zJ{1T*;uGQ;_8$Iwp@c^f
z(NP)ikWinD*DT53ep{0<6Ak0Lvfd2W*q=$eO!x}<Ch$4WxwL$eP{u->!nu*8H&u%`
z(lKAwk`~T&b!b#)(topaA+MCnlz@}>Tm`y_Uw-!Xkoo;lmBQ0e_<j-^k=}^-X0A!h
zHT+44m!5Jmkp3giBcBev6%8gn8{=a-yvH><CUJerFkWX`aYDy>E-ueUkKs=!^q4E;
zBQ9t|1=`zlaFLFw5%cR$O{&TJ++DqfD_#;#P6-*fk{=NAPf{@FN&lC8TK!2VrKR#w
z%9rFjL;U>_kNg4pDJ$nsyC&*fMatayK9iF-U2g%`hoZ==;}aFeN5_xu;=L4@hl?*#
z*-G;9d-q;E;@al+;r||0$$Nl231~oL%F&xcdE)#&x5sncTY}|DyXY<&YS)K6zS-~n
zOJp>aRN&+$KF2AbfNL20vp0x~b)<4OB#m#0d)c_AGJeiy0%hdly7T0@h$lHWh%$zA
zZXn^NT))TNn9AaJ`@M%eJiLEhMZHP9NFl9Vyq$7!ls5Q{Z#G}ofL;`+V?O!yeAKaq
zbDQxCu8+t0?3~jPK?6DvE>7jV4|t_GKZN)%<Y^S<&w}~wrm7`g43gRAy^K_)gMWF&
z+v%!Od;>*w;@l<I#COi`xTZYSx8VAA?%MlY$Df>dqg?z$@*blM-huoh3+Hcg?n|sn
znr)*x#Rx9r!U9xQ!(E)4OtA=uNS|!idy_f;zeh*TWu~C{q;DWxn~#oqu8|g_Y#OPf
zFL^(3d5DHQHH`NS{|gIc$VfwOadCDE{Emy-Dh>Hrr}vZw@e1Mnh$pcMpCg<b^8X4{
z5&p4||L2c#ym6GpA6$5wU7mB~-^5K#C4N@@pM^qlkl2|E!brSMMTfZPAfJ<jb!@|o
z<SWhjIm8oEKm*cNa9sw{29WlKv|D^;(zw4!@5uQkT%%(Z;n|#v&FB5GjdQs}E}<5c
z>4<}|DL}`5GA!o&hZNSG0y^>OLp+V0=D!2YS4#BO{~oV6AB(hqxb~VFi#tghK{zqx
zv~u;#<XRn}EhOA?6;3BZ6;6E2i3g<VPp$H}jG4$ckb>e;;Lqf{&L@(vj<pm%myf<4
z*-ie<<g1SQicCL^-A?>-!pB|Z{3W3NgKIiMUUdqpOXh1N6yyYd9^_Sb1)p~pl*8{y
zi%nh~3yCl1!@p1Ee>XHacO2K9)A_YlxEG|{*RG5^G@^t~awK)<H|js5$Cm^C5y$YF
za6wKA%R)m+aM3>E`3dW|OWs>toPzK-F6|b1|8bRs;~qZOs91;ozDP%aJo=(1G1v1?
zOnS4(bA<4R8vl{50m%sGB~v7K(}KePBa{9lt1Ian2=}DW*r;QO^AVPFm27tn@<`*S
zyIx5?S-JL{D__@D<lJ|pRU({-PpCQ<mEgmV0KG~sV~_^qa20(1KNp8_VG%w$25`PS
z*L=;Lts@UF$X+$lzQWU_-Qcr|d`D?qLDKt>S4TbSy5bs4H01FmzkjT887#(l6F5U5
z5md;Jl>K9vyD$q4tj~2#Nxw;2TX*NhsVKE;AYX!bzZ2fVxwbfwb6oa+k9J&pjvpg>
zBPifkGF%|xu{*tv%)P1n{n3hZi(MrpNPj@#U%AGV!L59Dxy(Dbmaq2x-y=Ro`ZtuF
zg)|-eh({A1M|u81{a!vIcU}Av7l!fCQIStJGV?cw-fS-Xl=xWG`&tK=CmH8YP(dN`
z@Q<c>{2Y{@6_SU8ADDZ)IH%)t@_k5LryjaArH77j;RXsT%9))MT$|4%(iRY3LxF=`
z<^rz5m;ZCI3ea(Za}&v56ldWg(uPxE6T<J01jO_4nacJ2c-mXTiA52N|70rZ%ZcSA
zoZ{p&SCKC4PWpB}{2bap4%4uC#C7B&{0r$VT)ZCTwCDP)+<=a?uAE`mjI=|X*RjL!
zJ|zA#_4`L_{(pk2BrS!s<)T!~mLEu8Kt<a*my3${N7npfGp-|a71NV%6BQgMpZ*ea
zk}KylPA8tg#p7^3Ir%EPhQ;UHmwL3$r$Qb1IkALrOHSzM>s0uayXY51{^z(xqvE;v
zdct+ccb+mna%sC<83#$zSL$0`IeaI;8%twCe-bF|5~q<NI~V9LU3Cnlz=||*6LG$7
z_4@PSdlLQ+DI0O|7o2;4G$dSy$UQ2G!KWwZC!vl8oV)1qent9J*CWIAP4xgL{%{q}
z<)n@zh8M-T-JDBFK~qQzxeIrYuNL7oq&LD&?)oR>Sx*DU(D2%v+mE>^L%$mIzsDw5
zPBA_IdyuIU878BS)~*o;316Ww9Ywfc1rB!wC1cF*65hx8cYMn5Da~~W`J|zo0Pz%9
z&^2rW>1_!&#tW`j(qJ6z|Ht?|bBQm=@cuZ!1$Bueq@X9Hr^FF1Uq{ZBB(9@2;o>wV
zxkWv`mEct-f54s3O8P1no=5s4%7{U{0qJi3v(CB0fv)mPg!{QJdQN8k_}Qz<1>fRG
z*8tVElr;V0C5QQRqS6ZP`f~2t)1<d0Z3))o+Shz^oFcD|r7@`g7#Rw<3)kQ>PHb@n
z<R<=@3O~mqRJO$Bn?XS*$dea$P}mGA(2>iX&q>-w&h;mKjw`Dc<%}Tx73Jt?NZzm*
z-2XTd(~$WiPVk4V-Vt|)d&!X0U7U}ChLAoKSMj+?0hjRzMqpE}TkR_6yLes=!nLpo
z9>@1bX7cu@%t@p#A^lm1Kn~9GJ4ybZXZjh*G?8>2LtO(Den0~bVG1T+GIw6-=}FJT
zX93{^O5j+)`99dgRj%)<wIoj-8mi+V=g&}2XaI?Q$TZc`z5h7DH@*GiEEzJ=EC1p9
z<E1<IK7N!2e#ZI4G)hNI*RYkYqC}Lxj521Sjz{kNSguRPKO^cVuI6N6KIL4dvQ%=@
zjgvBrb%ptv`M*<K{G2@9DXbnYq5(s>wle415FSK0Cq5$Ib;=2HeHGHGkiR6KUWBjn
z*$_tke~>9Q7bfP@jl{`h7^*M@^UsR<M_s~v*VfBTVg1ST{uoW(0D0o_X+v0lqFdCR
zY=N^?Iq7M+R!3)dQ_Y?J{qyJH-Yzm_Akz<or%^#E3hF{y7c&0ACy^S-XYu<BDQqP1
z_ea0~>7leFW_R%yuHq?_$?rb-M-|FW%lRG{N=Ak!1aus9nH!VwnI(BE3CHC8G0u&m
zLB-wOUv-6TqCqFfTZs53@|+^vo5Gv$nZ|X?$bXph@m$-Sv~}+K2+}sh<o@}G54>%h
zOhe{fgmwJH$@;EQOSzyf;XI`EAY6)yS`fcM#Zi{s%i#*$P5f^cp2Yby<n2S*bI4zo
zcn-<{emjey#laf?a4zUT>W@_3p2WDy;f}i$P?c~I(xy_-V&X|C<o)qGY4^E)J_+?)
z;yav4dOp&pk^eFI;}ZTAFB5-%#3#)k|CMCcQG!-A<&%+y)F5+|%ltd>S){MS#rT8^
zE4fB4C$3{IX*E?KM-tph-mhK!D&fk6w{b3l>+*0-Ez)#^dQwp_5*NCJ;WXwK(qi$^
zafSFj+>KNC9Ci76Qpm4d*B*bSp?`8tM;CX#uB%*Wvs_uZ$Xk%~Z~5fs+L;=E{xt=!
z4<|;ryB+21Oj=S`$UrhDBi|T4#i(dI1-2zEjjQx;yg}N1D$C3#$aPsMXC(Rik$#xG
z-;$n(^!}KRvh85}zjm!#Ov;a36w4L*E$P*{U@K_{NIT*#x=mUy(yCzt3huylRrplo
z{6*sL5B>9ApSt)DT)&iSbi}1mB{|nc^-{lo3?%UtnJRF>KEl&oW_Q}Bhih0zyg<G-
z6fo-lly)xQQB~I-pYtGrKnUao;duz8JOl*f(W3GYC?JABlp;`cNQN*qnF%u!UW!S0
z2vS86WLrx`Yqfw_LPByN;h|J~7M&3hY_W>8ir@oK3j)IZ?Q?b@vG?A3zq`M0&02e{
z|9b4b*FI+w{36)92zIXmu7Gz!-wl2iJ{9{Q@GGHN`0xi7JpI65ukghs2<I{WO)6PY
zV-k;7$@y~-p3B%ig3ECO`r`z>2i*hEX69ewQw9$y%tn$7MlMzJw_R6HXK+pNSpqLr
zy6^Zi5=!LfJ&cP8v_NV6B>I@5YS6t5-Nsyw_2}*ZyBNL@-45uN*qakrj_;wrP=p*`
zy3F}}7W^2b*HoMq#Q2xYzZT(PNRG*>YALtFVHR`-N{7~y<Tu!dBfp_=he@;!{YL~n
zfxZA)j?>UZ<T#Zq5uOfR55?izn78Ey@LS~fzeiNHhj7>cX^;=99aF$;!!biDki*I_
z1YHHbt<<ZRe@t`!aqC?cGl$@Ed_x?sD)u|%Jy5)wOS`lGJ{<Fz6ey?j(!vO-B2KBT
zb(COhhXFo`V9nu!6t+Vh`?D0X2=FF&KX9w+B+hUb?VkTWWtatUfJ(L=$L0jxT$>I4
z8unc((L|DNSGEM?-yxrbGQh}Du69+*?eTe*!k&S*W4CI^w+4HqeE!#tJt$8AxJ<C$
zKyp-5%)eB^naFd&TqMvToV%!^N4rqx^DgvpkcI7aVoU?O4+;`vEqoXx2mhtFGje7A
zV}Rcy_yHW{_{?RVKLWZ5+d_E0N~TPn5UczI{W1K;VM|qppD>qW1w7`8&gW^RA5D%9
zs$Zm`_<ju6QRxC15XBZ%p{cg9T5$=UgDniDL7%7{`cxJD1jYOXOf|fA%u;e&ReTy)
zKlu(QUvR~qh8Q=Zw4v8Y_JvA#8`e9}9U|FU73ec;Et$)4XPrbVh_M0N4s@qgK@yXW
ze@k?8m5<at1a(Be!zqIOZ-CGfg&g?=nMSa)$PHDM(lkif`xCq;nAOVm0N8ubwS!(k
z_awMV5_Z6+2$~Hxne8q_|4-z3(A{81VT*v5e|ylg5oLb>ze1MdLlxYext|SX0s@b!
zV;jRfL-|ZX-xul(ZZ~@QZ_KBV{qT(nGgt-8R*R9-;%E8DqJR>VZB_6=%AphU<JiYx
zZ>pRo6I_m#(9PgXRyPdWC@_0TD93#0I_7fx728U1uVS0SJWuJ*plc?7|5H0&B=E;7
zz{hpYs|f*4D80m9Rs~4;u)=Lux@`(~pDI>j5=i(U$({zY75*0UyRjoORQ_ftTM_I6
zyrBxVlhqfhfI;-1A@@-U``|hc++9TZEi@8p4W^^=y$@NAE$|t{*@}LT^1YdPJM;<c
z-0otP;0R#(vtYiOOXr@-p)1vnWxgB!1@-~bsK!CH(p?HWlo;or&z1dC<Q>RwQb1p1
z{@KzQA2DBoPw^im*xd`yUKHo3?hw=#z(eT&27C^(95<@s%1HXAk{2RZx#laM$B5Yl
zpDn~G!2S+#M-l6&$`i)+4%AWZzW|&E;97WB_!~I&#JCs7$;cr{jzah|N?t(n4<Rpj
zIhLuwe?sns-}THpfSmv)1O5iFA4QjgO^&X_m!p^b{qIW{hM_nMIG_T3gVQU_Pq;Xb
z$-D~Nd|4EFIfjxv3jbdDJb?Zc$HH5Yv)xP58&$$n=o_IssO();jDhm~|1TyDD4+!a
z&oi$k;24}!;4i2EYbZdDa+f)uod}o=?pyr-3YViby56qnIfj0KTB%g+V}6d9>s7%Y
z!i#(1*c;(Iz(FMW7;XR@3-wh%>3mKVGDdCrc$pBaSqJkpx+hg33E2Lkd^W1$H>r6h
zd@=DKmB0U+L4an^Qv`k-r^jV7Xr^+ym4GV%Tj;vscrUm_aQ*Rln)y(LJE{tM5ZoE?
z?_sx8F{nHdeEKk7ik!hNHGyX9>i(|-e3Af52$ljs{x?8!<l&U063k@&3ozfohoCz{
z@(s|>Nmhey5^_)EwqW`(KTXUJ(aF)+Wmi7GM;}M*Tjlfr&p5pRl@hcy{5W(C&=vsX
zI0J3Mb`97}Y!lV07NRdlZlmUxvA?Af?!|T!{+rR2tDV`8?>cBWIv==2@T<>X9CREE
zz`uqc0B{7rAoOy~LO!4hdJ8_Eg37@pfv<tTihTf-M}kudHxhjg_DAub0JUJt*MeCB
zWm5Dn<j;R{<e_MW@kO<gIOLZIQi&}Mn;iWJw3vW1pbwxXB$A^I`c2RXa1TT8W0T`)
z=mzAY@WWEUh*P#)<$G41|GOwP63SAtNE#(r5r8zciiHH7fxHgfDr{X@`A?xn=#QYg
z9X<))9Tfiv`e%@D2LA!_PHdx)zsGiyO5T^b9JiC>nqmSbF=@%<XUKB&RzP>gPd_-{
z1$|Dy#RS}mEJrWqRca;E37Uh>k6jQaLB+ZQ{XTGV99Dikkf&nzV!Lww@<H^S0!r|^
z$TzFtM-`X)$>0v+ya;|2%*Rs6n5+^Ok|c@1T~)IC(LaX#zKXGh0{^6J&&&6JB8p1{
zxLpOf05FvRtKk9YO>AF)`MYvDuZo<2ZWFfqrA_&6LtcXJ*A%xAT@&V~z_-MAmnxtQ
zHaVt{<D1&`Ujmp(56E!~4qhDYL%t3DYG^p%PvH3keUCuL39=T7$L9%Eko4^aZmKF&
z&bNcnuun$54!;y=8uC6cgC$Px|Jx{k3-B@MdFXE>`2?dyu-CEO2(KNd(dR<l!Teq6
zH^S4Qi>i?O;4O(G$4>N3Df}$D3(VU?hp=hHm7{npfgV$iZ^Ms6w?n@sNhOXt;6(}?
z0V_u`a~sSyY)jE~06Ruu%Fw@xekF-x=;auJ?Mq^%Fn=4{H_RV~Gp_WXGkX%y6ax0a
zc_ws_`7Z(fLj{tcmmQ@05k)^0vD6LbDIxG>B}>GY%I_;;$&tu$Rie8<jzq9W<nRA|
zB&i*PF<2Oa1Svtz#MTdoWhy`~fM22?g6^j(_%c>}SQe=gS21sZUkbQ9<Zo5{*~HDm
z{|LHf*xq2CU919cWl}rFDfvYd9ZAxb`7fY*aLgjudYn7K$1wj0%z5Tf<X6y*1b-{o
zuT|0;kmdLkOeVSZ!;iqff}g}z{2GpOSnzb5Z-LfJ12o+=d5To9-S9R_4l14v?pkn<
z!^_ZBu?zi)wS^=v!2f~%UG%Rr&tm(#g1tm?Ii}0|pM}G5jMph;6}+b^Dh7|IAUP(Y
zKdzE~z`O^6w<@1!l)ks}llTG1uj0EI%r2>5Tq4(f<dWlA_;7jteF5C098bc(1!T*B
z&}$^=i})OJ4)XiR8Q_QDJb~c*Rj{$}b@(1c_gC!Y%=>~*R(9Mx&ttnt>>;XHPr`^m
zq~eRsm-I)=Ze9JmvVj$;TeoNxhs)p8iic+pwYr3T5o><1C}aia2CN)!p?8Kq-yiY&
z!d(+QmSuIx%I#{oK!0Aq3I_7$|G?l4<XR*0^SlM#{Hq=#h7GGXu^d!AWqzvTV|DQb
zazgV9BW~=~&utr9JW&=_Pkl9*WBV~hyTJdZXlan;IDlN=Om9(sq|Tarfr@Xpo!4gk
zTYhINSlEBsvpTqX*<JlSe>ma~<XLz7=2v`IHLYQ?%Hzwma=j66f+s61PW8}Qw#o`y
z%H$6QthxUDd~1f!Dhm5@E5`3xs-;}@n;8rZv@)~8nHBqA9NnOz*DE_ZRwSJGM_h3>
z`F)|zVauDF8}fz2R_Cm6XDc`83tNF;#47Mca%Ne>$7Pc!5}Kdj85fNB23ohx@`Zes
zUt+AhB5%kWi1>U~WR^F=hmRf!<yzsQ!opxE5_U8p-|Qk^IKm3T{sq3C3A7Dk^vq(%
z%0jI?A9Z*mav@i;hl_G@e7@Z7R$;!+8z$~7U(VgqL;2?hbBYQm%ykRSbi35a9tm1u
zN}4N6k||jr6?^mZgL8ekJ+G{z;;U2Lv<{PeA^%LjQ``@BgC)uhS>621_ZgOI1S?qR
zlsVI%?{lmb=GVVV>{1Y%Be#Gmi$Woaa(6*?kv|ajh1{J927IdvFSo8-uN52OlA*OV
zEYJAWcOFi&uQRnVP3>=!wX`PojqSC|X|}hYW+bQNIV*Gy!#A(cm%|>~-jUh{&F(l_
zo2S{;H*48R83i&=W>(LBy~3IDT)YJ{{CP#eqOjd?iq=MJ?PYr-(%=tR9CIY(mw~K;
zV6IPGKUG^}pO~tBXe2vZH`gDTWo2JGZlIMFPO$gfsZBEb<oo7$BkuAdp`tK1aVFcE
z7w|@k2uJJTGRK?m&$Y&n8R~SYNXgY|+GZ8?nBk8QNH%kKYxHo$?p997N3>kKI#+Ag
z%x+br?THty7HT)z1q-#8_5LzM$d?n8O~j*zj_^u%4$~*Ar+D8Sbw9$MS;0UsB==pE
z?$KJ>qe`?a)5`aI!}7TN0iILAfX5$ji}Qxu?X+{2XmMK0EBc&ZLERm+Cok2G>TTU~
zz5-Imu69{myId0@?g1^${(8AKEh))2f3B=J5)4}T!9bop_HnJZX0Q5<X2rMghr_bq
z+Vq|RS0V0RqP4Tjp3-csYY|HbMEp5!FU#d}XRUB}mR!F)7w0%UfuPV1Xf4H4zt`s2
z-Jj74v=O1AKtM(x?hh3N@<LV*D;)8LoF|Cv-2{BBT1;MHUJthyet@#q{6Txr800q4
zl?&*09FM{)r6+jmZ$rIi6KNZ?f2RE4cF4NL*$rA3J7uHRr-41?Pg>Nl+m~xI4SQ3i
zHd<R<aVX91Z)^Y5#o%hqvKLfq%NyI>UeRW0_V!n`$qjOxmZJrI`8=k6Mf=gZT=1XY
ze#<RZZV_!6tkZn{z|3HR=YMb+H)7I=iM2j6yl%Tn57BhLHt-tXyofIp@a9{Ep<rIf
zTae%>3V3I5&B@@K=gTSL4k(i-+^?mHA^Wuv?daxQ%=KO6H7g8q^X;Pj+CvQ*<@gJE
zXv)1f|Bkk|mG9rKPwmCAw;j-$>Gqj}+LLkO`6Jp-g!X}Uxa#lP&oz7MhuTElK73Rg
ztl9S*)7mr<-+rwnix<DrCW{rPv|rl8Pit#*8|ANzM$Riawl->um}#U9jPA6eJEOa!
zRneO0_Go!@cdRtFC|ViaVKJ$Rmc>e=yHJ+I7RQ#=dDjs|Ou3+SnRxX*A6xq)-sZ$E
zv+BR&-ERO^7g<1Td9+e^2bgJESHb_}w7dMsPITV4^~|YtN^z|J?*$RXSx`53K{6-{
za$_%IXZEm1<?tO>GdqQfThD26qU|}Yjosp$HqH<;2AHWS4(RIZ{7Q8_|8LtZZoQyg
zCmub^ExGT4HYuf1bWOA@x+}J}yEy98)8eTxYDddN^hP6Hr-!tl(ISo-Wj_rn)6>la
zPjuB|cj|3rsp)pKsXomR$9#H=CflMlv4^d_&u4}A*4Q1B_1+2g{cZF)Bkh5?`hes+
z$+9h060PL)%Pc14oEuFbCwo}THnw9sjj~upu;`IWS;|(76*SG7*rM2j03Jr^l;}FJ
zhdbrh1`)ki&&Y6m+}_(IBTGk8M0W{qrI8|T2^fieqt#ML_G<F4w4z(FS4j+^Dx$m9
z8y~mbWZxNED;rguN;FcNyCs!VD?KdB5fjq&G;!@adU~;PbDT&W-60E;ZGWZYZD^`v
zi@6$=>^DstyPx1|WC@t$-6*41cgKWPr^4;st=I!NZmo?k8^)%Pve+{Ai#Bq+qit+?
z(P(HHd#zQs`sjAid#>Kf4$aYb>teuMJw=pG(No3hxn}cD|LaM_);NbD3h&ih+r#JU
z$+|drFP^z4^|XxG5@(g%XG@k*+s(11Vs}e3Jx=w(gnRUht-3p1?(8L-#(A?!dHBny
zb#a~5GKsAf7gp;-Man8Y%^tf}|GI%lS*NF`aOBnW*GhaUIq<CTK+7JqPCwF46z<YZ
zd%#XTxwZYmA^nA3qEo7oAvQNMn%J?1#s{6n!lOn;GuZ|eS2y1yc6-g%_G`V22MxQl
zuQAE6`~1`xYxS2+!3oK3;FRU^<%?=>jm2Kb<Hx!UE?dJr1NkIdX)l~?EYQX8tMnHA
z%V;9^fMsXW=CZf9l3Jec)h3n;=UAO?sNx9~y~aorFZHKM2Te6j*@0=ssD`4+8oj6K
zyw)b{G*bUqm1{IgP`71Q>|t>-+sG2bR-4T=Tl8+Pr=+;uAdBBl;O+7&l3iI~ysTyN
z^+?_%x$RD)(CBR9)lDtyE{48iw2?P{ys4)PJ;)|L@u}Xzo*y(G=q9x1^bYo0PZ(pG
ziK^#~P4@E5#^DBuJSf~-C^LywP0jRp`8>0@Fq`@st;HLqtf%cnBi>{e%I#t0MtUQ0
z;1bHG9y1y?l^sE?vRdw>czO>xr`H%sj$|V>)}@##?$~8C7o{~uI~%D-oG5$Qh)deT
ze#*Peec~>bxbA&3XzwL8Mk{gZCBw8={Mks;#7&KiWYKw_ajo5apE077NN%I2wC3Sb
z+fi~$DlHyNHSX@%<3BU*(8Zw7jqc+0Qu4EeMxx}H(ZEjs+}PK&v-6mtspV6^xrv-C
zH>rM)u?Z_L87))mHJ&_nZo9BvHCn{Gt(9QEf8N+(B=WdYPbMy~Xnv7X2%XT{B)ZSl
z?Cepp5$v}v8BMjyhUQ2kUVRM{C6|pB9X>9h0_Qw<t(H2G*043Z)#Eh5BT6qD>0PgW
zE&C4+_E^LGS-e4Vv8uV5DhdnC2F2<w{BWhR?VK%fE;i50wKO&tLq5}3Qq)%6&trnO
z#}Cf!N8K^n8Bg(1V_rGy63mlY!`jD>^R$U~pEd)<q9$fg^N9A>n5~3JG@FTDiDsgG
zx`{cdiG6p5N%sX;8tv^xnPyeIy`r1BlE1}!vym>|ddEn&AL(JfA15mMnm-fI^fNO=
zNk6lVo!ie0w-O^~8%cJj@n)Q1&&W128jDlew0G#DmNMM=ZrDXV{&*&Iwd6C3R;ZNk
zDfy0(Vl|DzgV}v;$QE!eX>6&yIGoLua6{bhja?*II?Jyp^&`q}4cu)E)$F_5Pj!Nc
z`P0o3%XS)BCR|P=-Y|Qpg4Y|LTo^htHr?!!SWhWR{$O+xNzWPa;;ZTA0@3y$*YqcS
zj3k}+T-8LgyGXx*N7O?jj8uE!o#tar#HrRseEf25!4huYs(drkZkKQJvr6XI1RAwa
zZ`rioGCiVkz-({7TwuO$h&dOH=Jt29&2>%1*%Gr*^j~BSw!1Ad4P6XdYDUE1m1Zyd
crlsabnmv1&Ikkb^`yulw-G1*8^OlDH1(uZ?0RR91

diff --git a/po/uk.po b/po/uk.po
index f54b03e..0daec9b 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GNU gnupg 2.1.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2020-08-31 11:54+0300\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n"
@@ -19,56 +19,56 @@ msgstr ""
 "%10<=4 && (n%100<10 || n%100>=20)) ? 1 : 2);\n"
 "X-Generator: Lokalize 20.11.70\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "не вдалося встановити блокування запису пінкоду: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "_Гаразд"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "_Скасувати"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "_Так"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "_Ні"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "Пінкод:"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "_Зберегти у засобі керування паролями"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "Справді хочете зробити пароль видимим на екрані?"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "Зробити пароль видимим"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "Приховати пароль"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -79,7 +79,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -87,22 +87,9 @@ msgstr ""
 "Якість введеного вище тексту.\n"
 "Дані щодо критеріїв якості можна отримати у вашого адміністратора."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "Занадто довгий пароль"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "Якість:"
 
@@ -112,13 +99,13 @@ msgstr "Якість:"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "Якість введеного вище тексту.\n"
 "Дані щодо критеріїв якості можна отримати у вашого адміністратора."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
@@ -126,7 +113,7 @@ msgstr ""
 "Будь ласка, вкажіть ваш пінкод, щоб ключ можна було розблокувати для цього "
 "сеансу"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
@@ -134,82 +121,76 @@ msgstr ""
 "Будь ласка, вкажіть ваш пароль, щоб ключ можна було розблокувати для цього "
 "сеансу"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "Пінкод:"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "Пароль:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "паролі не збігаються, повторіть спробу"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (спроба %d з %d)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "Повторіть:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "Занадто довгий пінкод"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "Занадто довгий пароль"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "Некоректні символи у пінкоді"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "Занадто короткий пінкод"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "Помилковий пінкод"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "Помилковий пароль"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "помилка під час спроби отримання серійного номера картки: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "Будь ласка, повторіть введення пароля"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -220,62 +201,52 @@ msgid ""
 msgstr ""
 "Будь ласка, введіть пароль для захисту імпортованого об’єкта у системі GnuPG."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr ""
 "підтримки ключів ssh, що складаються з понад %d бітів, не передбачено\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "не вдалося створити «%s»: %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "не вдалося відкрити «%s»: %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "виявлено картку з серійним номером: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "на карті немає ключа розпізнавання для SSH: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "не виявлено відповідних ключів картки: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "помилка під час спроби отримання списку карток: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -284,20 +255,20 @@ msgstr ""
 "Процесом ssh надіслано запит щодо використання ключа%%0A  %s%%0A  "
 "(%s)%%0AНадати доступ до цього ключа?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "Надати"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "Заборонити"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "Будь ласка, вкажіть пароль до ключа ssh%%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -306,93 +277,89 @@ msgstr ""
 "Будь ласка, вкажіть пароль для захисту отриманого закритого ключа%%0A   %s"
 "%%0A   %s%%0Aу сховищі ключів gpg-agent"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "не вдалося створити потік даних з сокета: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "Будь ласка, вставте картку з серійним номером"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "Будь ласка, вийміть поточну картку і вставте картку з серійним номером"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "Адміністративний пінкод"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "Код скидання"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0AСкористайтеся додатковою клавіатурою зчитувача для введення."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "Повторіть введення цього коду скидання"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "Повторіть введення цього PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "Повторіть введення цього пінкоду"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "Помилка під час повторного введення коду скидання, повторіть спробу"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "Помилка під час повторного введення PUK, повторіть спробу"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "Помилка під час повторного введення пінкоду, повторіть спробу"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "Будь ласка, введіть пінкод%s%s%s для розблокування картки"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "помилка під час запису до %s: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "помилка створення тимчасового файла: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "помилка під час спроби запису до тимчасового файла: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "Вкажіть новий пароль"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "Скористатися цим"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "Вами не вказано пароля!%0AВикористання порожніх паролів заборонено."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -401,11 +368,11 @@ msgstr ""
 "Вами не вказано пароля. Цього не варто робити!%0AБудь ласка, підтвердіть, що "
 "ваш ключ не слід захищати взагалі."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "Так, у захисті немає потреби"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
@@ -413,7 +380,7 @@ msgstr[0] "Пароль має складатися принаймні з %u с
 msgstr[1] "Пароль має складатися принаймні з %u символів."
 msgstr[2] "Пароль має складатися принаймні з %u символів."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
@@ -422,231 +389,242 @@ msgstr[0] "У паролі має бути принаймні %u цифра аб
 msgstr[1] "У паролі має бути принаймні %u цифри або%%0Aспеціальних символи."
 msgstr[2] "У паролі має бути принаймні %u цифр або%%0Aспеціальних символів."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr ""
 "Паролем не повинно бути слово зі словника або слово%%0A, що відповідає "
 "певному зразку."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "Попередження: вами вказано нескладний пароль."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "Скористатися цим"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Вкажіть пароль до%0Aз метою захисту вашого нового ключа"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "Вкажіть новий пароль"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "Параметри діагностики"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "запустити у режимі фонової служби (фоновий)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "запустити у режимі сервера (основному)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "запустити у режимі із наглядом"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "не від’єднувати від консолі"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "виведення команд у форматі sh"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "виведення команд у форматі csh"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|прочитати параметри з вказаного файла"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "Параметри керування діагностичним виводом"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "докладний режим"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "дещо зменшити кількість повідомлень"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|записувати журнал режиму сервера до файла"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "Параметри керування налаштуваннями"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "не використовувати SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|використовувати вказану програму SCdaemon"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|використовувати вказану програму SCdaemon"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|приймати певні команди через NAME"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "ігнорувати запити щодо зміни TTY"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "ігнорувати запити щодо зміни графічного дисплея"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "увімкнути підтримку ssh"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|АЛГО|використати алгоритм АЛГО для показу відбитків ssh"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "увімкнути підтримку putty"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "Параметри керування захистом"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|вважати кешовані пінкоди за вказану кількість секунд"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|завершувати строк дії ключів SSH за N секунд"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|встановити максимальний строк дії кешу пінкодів у секундах"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|встановити максимальний строк дії ключа SSH у секундах"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "не використовувати кеш пін-кодів для підписування"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
 msgstr "заборонити використання зовнішнього кешу паролів"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "заборонити клієнтам позначати ключі як надійні"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "дозволити попереднє встановлення пароля"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "Параметри примусового використання правил паролів"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "не дозволяти обхід правил паролів"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|встановити вказану мінімальну довжину нових паролів"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|вимагати у нових паролях не менше вказаної кількості нелітер"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|перевіряти нові паролі за зразком з вказаного файла"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|завершувати строк дії паролів за вказану кількість днів"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "не дозволяти повторне використання старих паролів"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "Параметри керування захистом"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "заборонити функції виклику перевизначати pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "не захоплювати керування клавіатурою і мишею"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|використовувати вказану програму пінзаписів"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|встановити вказаний час очікування Pinentry у секундах"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "дозволити запит пароля з Emacs"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "Будь ласка, надсилайте повідомлення про помилки на <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "Використання: @GPG_AGENT@ [параметри] (-h — довідка)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -654,138 +632,133 @@ msgstr ""
 "Синтаксис: @GPG_AGENT@ [параметри] [команда [аргументи]]\n"
 "Керування закритими ключами у @GNUPG@\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "вказано некоректне значення рівня діагностики «%s»\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "прочитати параметри з «%s»\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "ЗАУВАЖЕННЯ: %s не призначено для звичайного використання!\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "не вдалося створити сокет: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "назва сокета «%s» є надто довгою\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "gpg-agent вже запущено, потреби у запуску нової копії немає\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "помилка під час спроби отримання поточного стану сокета\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "помилка під час спроби прив’язування сокета до «%s»: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "не вдалося встановити права доступу до «%s»: %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "очікування даних на сокеті «%s»\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "не вдалося створити каталог «%s»: %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "створено каталог «%s»\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "помилка stat() щодо «%s»: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "не можна використовувати як домашній каталог «%s»\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr ""
 "помилка під час спроби читання поточного стану на файловому дескрипторі %d: "
 "%s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "запущено обробки 0x%lx для файлового дескриптора %d\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "обробник 0x%lx дескриптора файла %d завершив роботу\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "запущено обробник ssh 0x%lx для дескриптора файла %d\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "обробник ssh 0x%lx дескриптора файла %d завершив роботу\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "помилка pth_select: %s — очікування у 1 с\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s зупинено\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "у цьому сеансі не запущено gpg-agent\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -793,12 +766,12 @@ msgstr ""
 "@Параметри:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr ""
 "Використання: gpg-preset-passphrase [параметри] KEYGRIP (-h — довідка)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -806,8 +779,8 @@ msgstr ""
 "Синтаксис: gpg-preset-passphrase [параметри] KEYGRIP\n"
 "Керування кешем паролів\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -815,8 +788,8 @@ msgstr ""
 "@Команди:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -826,11 +799,11 @@ msgstr ""
 "Параметри:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "Використання: gpg-protect-tool [параметри] (-h — довідка)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -838,22 +811,22 @@ msgstr ""
 "Синтаксис: gpg-protect-tool [параметри] [аргументи]\n"
 "Інструмент керування закритими ключами\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "Будь ласка, вкажіть пароль для зняття захисту з об’єкта PKCS#12."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "Будь ласка, вкажіть пароль для захисту нового об’єкта PKCS#12."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr ""
 "Будь ласка, введіть пароль для захисту імпортованого об’єкта у системі GnuPG."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -861,53 +834,52 @@ msgstr ""
 "Будь ласка, вкажіть пароль або пінкод,\n"
 "потрібні для завершення цієї дії."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "скасовано\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "помилка під час спроби запиту пароля: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "помилка під час відкриття «%s»: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "файл «%s», рядок %d: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "проігноровано інструкцію «%s» у «%s», рядок %d\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "список довіри системи «%s» недоступний\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "помилковий відбиток у «%s», рядок %d\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "некоректна позначка ключа у «%s», рядок %d\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "помилка під час читання «%s», рядок %d: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "помилка під час читання списку надійних кореневих сертифікатів\n"
@@ -920,7 +892,7 @@ msgstr "помилка під час читання списку надійни
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
@@ -929,11 +901,11 @@ msgstr ""
 "Бажаєте встановити абсолютний рівень довіри до%%0A  «%s»%%0Aз метою належної "
 "сертифікації сертифікатів користувача?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Так"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "Ні"
@@ -946,7 +918,7 @@ msgstr "Ні"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -958,21 +930,21 @@ msgstr ""
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "Підтверджую"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "Не підтверджую"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr ""
 "Зауваження: цей пароль ще не змінювався.%0AБудь ласка, змініть його зараз."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
@@ -981,15 +953,15 @@ msgstr ""
 "Цей пароль не змінювався%%0Aз %.4s-%.2s-%.2s.  Будь ласка, змініть його "
 "зараз."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "Змінити пароль"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "Я зміню його пізніше"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -997,11 +969,11 @@ msgid ""
 msgstr ""
 "Справді хочете вилучити ключ, що визначається keygrip%%0A  %s%%0A  %%C%%0A?"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "Вилучити ключ"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1010,94 +982,94 @@ msgstr ""
 "Вилучення цього ключа може призвести до неможливості отримати доступ до "
 "віддалених комп’ютерів."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "Для DSA довжина хешу має бути кратною до 8 бітів\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "Ключ %s використовує недостатньо міцний (%u-бітовий) хеш\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zu-бітовий хеш не є коректним для %u-бітового ключа %s\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "невдала спроба перевірити створений підпис: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "закриті частини ключа недоступні\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr ""
 "підтримки алгоритму роботи з відкритими ключами %d (%s) не передбачено\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "підтримки алгоритму захисту %d (%s) не передбачено\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "підтримки алгоритму захисту хешуванням %d (%s) не передбачено\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "помилка під час спроби створення каналу: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "помилка під час спроби створення потоку для каналу: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "помилка під час спроби розгалужування процесу: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "не вдалося дочекатися завершення процесу %d: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr ""
 "помилка під час спроби виконання «%s»: ймовірно, програму не встановлено\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "помилка під час спроби виконання «%s»: стан виходу %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "помилка під час спроби виконання «%s»: виконання перервано\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "не вдалося дочекатися переривання процесу: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "помилка під час спроби отримання коду виходу процесу %d: %s\n"
@@ -1112,33 +1084,33 @@ msgstr "не вдалося встановити з’єднання з «%s»:
 msgid "problem setting the gpg-agent options\n"
 msgstr "проблема під час спроби встановлення параметрів gpg-agent\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "не вдалося вимкнути створення дампів образів у пам’яті: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "Увага: визначення власника не є безпечним для %s — «%s»\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Увага: визначення прав доступу не є безпечним для %s — «%s»\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "очікуємо на отримання доступу до файла «%s»…\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "спроба перейменування «%s» на «%s» зазнала невдачі: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes|так"
 
@@ -1193,52 +1165,99 @@ msgstr ""
 msgid "out of core while allocating %lu bytes"
 msgstr "вихід за межі області під час спроби отримання %lu байтів"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "помилка під час спроби розподілу пам’яті: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: застарілий параметр «%s» — він не працюватиме\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "УВАГА: «%s%s» є застарілим параметром — він не працюватиме\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "невідомий прапорець діагностики «%s» проігноровано\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "очікування на працездатність dirmngr… (%d с)\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "очікування на працездатність агента… (%d с)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
 #, fuzzy, c-format
-#| msgid "connection to agent established\n"
-msgid "connection to %s established\n"
-msgstr "встановлено з’єднання з агентом\n"
+#| msgid "waiting for the agent to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "очікування на працездатність агента… (%d с)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:364
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "не запущено gpg-agent — запускаємо «%s»\n"
+msgid "connection to the dirmngr established\n"
+msgstr "встановлено з’єднання з dirmngr\n"
 
-#: common/asshelp.c:521
-#, c-format
-msgid "connection to agent is in restricted mode\n"
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "встановлено з’єднання з dirmngr\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "встановлено з’єднання з dirmngr\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "Dirmngr не запущено — запускаємо «%s»\n"
+
+#: common/asshelp.c:588
+#, fuzzy, c-format
+#| msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
 msgstr "з’єднання з агентом відбувається у обмеженому режимі\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "Dirmngr не запущено — запускаємо «%s»\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "помилка під час спроби отримання даних щодо версії з «%s»: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "сервер «%s» має версію, старішу за нашу (%s < %s)"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "УВАГА: %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+"Зауваження: на застарілих серверах може не бути важливих виправлено "
+"захисту.\n"
+
+#: common/asshelp.c:742
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Зауваження: скористайтеся командою «%s» для їхнього перезапуску.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1308,7 +1327,7 @@ msgid "algorithm: %s"
 msgstr "алгоритм: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "непідтримуваний алгоритм: %s"
@@ -1383,11 +1402,11 @@ msgstr "Ланцюжок сертифікації є чинним"
 msgid "Root certificate trustworthy"
 msgstr "Кореневий сертифікат є гідним довіри"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "не знайдено списку відкликання для сертифіката"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "доступний список відкликання є занадто старим"
 
@@ -1424,7 +1443,7 @@ msgstr "Довідки щодо «%s» не виявлено."
 msgid "ignoring garbage line"
 msgstr "ігноруємо беззмістовний рядок"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[немає]"
 
@@ -1433,134 +1452,26 @@ msgstr "[немає]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "пропущено некоректний символ radix64 %02x\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "неочікуваний аргумент"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "помилка читання"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "занадто довге ключове слово"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "не вистачає аргументу"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "некоректний аргумент"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "некоректна команда"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "некоректне визначення замінника"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "вихід за межі області пам’яті"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "некоректна команда"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "невідома команда «%s»\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "неочікуваний формат ASCII: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "некоректний параметр"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "не вказано аргументу до параметра «%.50s»\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "некоректний аргумент параметра «%.50s»\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "для параметра «%.50s» аргументи не потрібно вказувати\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "некоректна команда «%.50s»\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "параметр «%.50s» є неоднозначним\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "команда «%.50s» є неоднозначною\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "некоректний параметр «%.50s»\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "ЗАУВАЖЕННЯ: не виявлено файла типових параметрів «%s»\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "файл параметрів «%s»: %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1576,131 +1487,132 @@ msgstr "помилка iconv_open: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "помилка перетворення з «%s» у «%s»: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "не вдалося створити тимчасовий файл «%s»: %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "помилка під час спроби запису до «%s»: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "вилучення застарілого файла блокування (створено %d)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "очікування на блокування (зайнято %d%s) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(застаріле блокування?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "блокування «%s» не виконано: %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "очікування на блокування %s…\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s є занадто застарілою (потрібно %s, маємо %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "формат ASCII: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "некоректний заголовок ASCII: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "заголовок ASCII: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "некоректний заголовок прозорого підпису\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "некоректний заголовок ASCII: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "вкладені підписи нешифрованим текстом\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "неочікуваний формат ASCII: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "некоректний екранований дефісами рядок: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "пропущено некоректний символ radix64 %02X\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "завчасний кінець файла (немає CRC)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "завчасний кінець файла (у CRC)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "помилкове форматування CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "помилка CRC; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "завчасний кінець файла (у додатку)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "помилка у рядку доповнення\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "не виявлено коректних даних OpenPGP.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "некоректний формат ASCII: рядок є довшим за %d символів\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
@@ -1708,12 +1620,12 @@ msgstr ""
 "символи quoted printable у кодуванні ASCII — ймовірно, використано "
 "помилковий MTA\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ незручне для читання (%zu байтів: %s%s) ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
@@ -1722,388 +1634,382 @@ msgstr ""
 "назва примітки має складатися з друкованих символів або пробілів і "
 "завершуватися символом «=»\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "назва примітки користувача має містити символ «@»\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "назва примітки не повинна містити більше за один символ «@»\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "у значенні примітки не повинно міститися керівних символів\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "назва позначення не може містити символів «=»\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "назва примітки має складатися з друкованих символів або пробілів\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "УВАГА: виявлено некоректні дані примітки\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "не вдалося пропустити через проксі запит %s до клієнта\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "Введіть пароль: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "помилка під час спроби отримання даних щодо версії з «%s»: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "сервер «%s» має версію, старішу за нашу (%s < %s)"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "УВАГА: %s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-"Зауваження: на застарілих серверах може не бути важливих виправлено "
-"захисту.\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s не є сумісним із режимом %s\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Зауваження: скористайтеся командою «%s» для їхнього перезапуску.\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "помилка читання з %s: %s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s не є сумісним із режимом %s\n"
+msgid "problem with the agent: %s\n"
+msgstr "проблема з агентом: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr "у цьому сеансі не запущено dirmngr\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "не можна використовувати %s у режимі %s\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "Tor is not properly configured"
 msgstr "«%s» не є відбитком\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "DNS is not properly configured"
 msgstr "«%s» не є відбитком\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "створити сертифікат відкликання"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "формат ASCII: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "Не вдалося отримати доступ до картки OpenPGP: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "Виявлено картку OpenPGP з номером %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "це не можна робити у пакетному режимі\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "Цією командою можна користуватися лише для карток версії 2\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "Немає коду скидання або код скидання вже недоступний\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "Ваш вибір? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[не встановлено]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "не увімкнено"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "увімкнено"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr ""
 "Помилка: у поточній версії можна використовувати лише звичайний ASCII.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "Помилка: символ «<» не можна використовувати.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "Помилка: не можна використовувати подвійні пробіли.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "Прізвище власника картки: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "Ім’я власника картки: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "Помилка: складена назва є занадто довгою (максимум — %d символів).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "Адреса для отримання відкритого ключа: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "помилка під час спроби читання «%s»: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "помилка під час спроби читання «%s»: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "Дані користувача (назва запису): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "Особисті дані DO: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "Основна мова: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "Помилка: некоректна довжина рядка основної мови.\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "Помилка: некоректні символи у рядку основної мови.\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "Помилка: некоректна відповідь.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "Відбиток CA: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "Помилка: некоректне форматування відбитка.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "дія над ключем неможлива: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "не є карткою OpenPGP"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "помилка під час отримання даних поточного ключа: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "Замінити вже створений ключ? (y/N або т/Н) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "ЗАУВАЖЕННЯ: не можна гарантувати підтримку карткою бажаного\n"
 "      розміру. Якщо ключ не вдасться створити, будь ласка,\n"
 "      ознайомтеся з документацією до вашої картки, щоб\n"
 "      визначити дозволені розміри.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "Якою має бути довжина ключа? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "округлено до %u бітів\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "Розміри ключів %s мають перебувати у діапазоні %u—%u\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "Зміна атрибута ключа картки для: "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "Ключ підписування\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "Ключ шифрування\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "Ключ розпізнавання\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "Вкажіть потрібний вам тип ключа:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "Некоректний вибір.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr ""
 "Зараз налаштування картки буде змінено для створення %u-бітового ключа\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "Зараз налаштування картки буде змінено для створення ключа типу %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "помилка під час спроби змінити атрибут ключа %d: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "помилка під час спроби отримання даних щодо картки: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "Цією карткою не передбачено підтримки вказаної команди\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "Створити резервну копію ключа шифрування поза карткою? (Y/n або Т/н) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "ЗАУВАЖЕННЯ: ключі вже збережено на картці!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "Замірити вже створені ключі? (y/N або т/Н) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2114,190 +2020,206 @@ msgstr ""
 "   PIN = «%s»     Адміністративний PIN = «%s»\n"
 "Вам слід змінити параметри за допомогою команди --change-pin\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "Виберіть тип ключа, який слід створити:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) Ключ підписування\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) Ключ шифрування\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) Ключ розпізнавання\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "Виберіть сховище для зберігання ключа:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "Помилка KEYTOCARD: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr ""
 "Зауваження: у результаті виконання цієї команди усі ключі на картці буде "
 "знищено!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "Продовжити? (y (так)/N (ні)) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 "Справді хочете скинути усе до типових налаштувань? (введіть «yes» («так»)) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "помилка налаштування KDF: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error for setup KDF: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "помилка налаштування KDF: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "вийти з цього меню"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "показати керівні команди"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "показати цю довідкову інформацію"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "показати всі доступні дані"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "змінити ім’я власника картки"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "змінити адресу для отримання ключа"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "отримати ключ, вказаний у полі адреси картки"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "змінити ім’я користувача"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "змінити основну мову"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "змінити поле статі власника картки"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "змінити відбиток CA"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "увімкнути або вимкнути позначку примусового пінкоду підпису"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "створити ключі"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "меню зміни або розблокування пінкоду"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "перевірити пінкод і показати список всіх даних"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "розблокувати під коду за допомогою коду скидання"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "знищити усі ключі і дані"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
+#: g10/card-util.c:2235
+#, fuzzy
+#| msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "налаштування KDF для розпізнавання за PIN"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "змінити атрибут ключа"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "змінити рівень довіри до власника"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/картка> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "Команда адміністратора\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "Команди адміністрування дозволено\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "Команди адміністрування заборонено\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "Некоректна команда  (скористайтеся командою «help»)\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output не працює з цією командою\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "не вдалося відкрити «%s»\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "ключ «%s» не знайдено: %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "помилка під час спроби читання блокування ключа: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "ключ «%s» не знайдено\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(якщо ключ не задано відбитком)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "цього не можна робити у пакетному режимі без «--yes»\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(якщо ключ не задано відбитком)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2335,9 +2257,9 @@ msgstr "ключ"
 msgid "subkey"
 msgstr "підключ"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "помилка оновлення: %s\n"
@@ -2363,64 +2285,76 @@ msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr ""
 "спершу скористайтеся параметром «--delete-secret-keys» для його вилучення.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr ""
-"УВАГА: примусове використання симетричного шифру %s (%d) не відповідає "
-"параметрам отримувача\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "помилка під час спроби створення пароля: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "не можна використовувати симетричний пакет ESK через режим S2K\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "використано шифр %s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "«%s» вже стиснено\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "УВАГА: файл «%s» є порожнім\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr ""
 "алгоритм створення контрольних сум «%s» не можна використовувати у режимі "
 "%s\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "УВАГА: ключ %s не можна використовувати для шифрування у режимі %s\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "читання з «%s»\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"УВАГА: примусове використання симетричного шифру %s (%d) не відповідає "
+"параметрам отримувача\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "УВАГА: ключ %s не можна використовувати для шифрування у режимі %s\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
@@ -2429,106 +2363,55 @@ msgstr ""
 "УВАГА: примусове використання алгоритму стиснення %s (%d) не відповідає "
 "параметрам отримувача\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"примусове використання симетричного шифру %s (%d) не відповідає параметрам "
+"отримувача\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s зашифровано для «%s»\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "параметр «%s» не можна використовувати у режимі %s\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "Дані, зашифровані за алгоритмом %s\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "зашифровано за допомогою невідомого алгоритму %d\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "УВАГА: повідомлення зашифровано слабким ключем з симетричним шифруванням.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "проблема з обробкою зашифрованого пакета\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "виконання віддалених програм не передбачено\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
 msgstr ""
-"виклик зовнішніх програм вимкнено через невідповідність прав доступу до "
-"файла параметрами безпеки\n"
+"експортувати підписи, які позначено як придатні лише для локального "
+"використання"
 
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr ""
-"на цій платформі слід використовувати тимчасові файли під час виклику "
-"зовнішніх програм\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "не вдалося виконати програму «%s»: %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "не вдалося виконати оболонку «%s»: %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "системна помилка під час спроби виклику зовнішньої програми: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "неприродний вихід з зовнішньої програми\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "не вдалося виконати зовнішню програму\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "не вдалося прочитати відповідь зовнішньої програми: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "УВАГА: не вдалося вилучити тимчасовий файл (%s) «%s»: %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "УВАГА: не вдалося вилучити тимчасовий каталог «%s»: %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr ""
-"експортувати підписи, які позначено як придатні лише для локального "
-"використання"
-
-#: g10/export.c:121
-msgid "export attribute user IDs (generally photo IDs)"
+#: g10/export.c:121
+msgid "export attribute user IDs (generally photo IDs)"
 msgstr ""
 "експортувати ідентифікатори користувача атрибута (типово фотоідентифікатори)"
 
@@ -2544,387 +2427,387 @@ msgstr "вилучити невикористовувані частини кл
 msgid "remove as much as possible from key during export"
 msgstr "вилучити максимум частин з ключа під час експортування"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "використовувати формат резервних копій ключів GnuPG"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - пропущено"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "записуємо до «%s»\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "ключ %s: матеріал ключа на карті — пропущено\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "експортування закритих ключів заборонено\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "ключ %s: ключ у стилі PGP 2.x — пропущено\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "УВАГА: нічого не експортовано\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "помилка створення «%s»: %s.\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[Ідентифікатор не знайдено]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "автоматично отримано «%s» за допомогою %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "помилка під час спроби отримання «%s» за допомогою %s: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "Без відбитка"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "закритий ключ «%s» не знайдено: %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "(перевірте аргумент параметра «%s»)\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "Попередження: «%s» не використовується як типовий ключ: %s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "використовуємо «%s» як типовий закритий ключ для підписування\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "усі значення, передані «%s», проігноровано\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr ""
 "Некоректний ключ %s визнано чинним через параметр --allow-non-selfsigned-"
 "uid\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "використовуємо підключ %s замість основного ключа %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "коректні значення параметра «%s»:\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "створити підпис"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "створити текстовий підпис"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "створити від’єднаний підпис"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "зашифрувати дані"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "шифрувати лише за допомогою симетричного шифру"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "розшифрувати дані (типова дія)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "перевірити підпис"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "показати список ключів"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "показати список ключів і підписів"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "показати список і перевірити підписи ключів"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "показати список ключів і відбитків"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "показати список закритих ключів"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "створити пару ключів"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "швидке створення пари ключів"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "швидке додавання нового ідентифікатора користувача"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "швидке відкликання ідентифікатора користувача"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "швидке встановлення нової дати завершення строку дії"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "повноцінне створення пари ключів"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "створити сертифікат відкликання"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "вилучити ключі з відкритого сховища ключів"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "вилучити ключів з закритого сховища ключів"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "швидко підписати ключ"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "швидко підписати ключ локально"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly revoke a user-id"
 msgid "quickly revoke a key signature"
 msgstr "швидке відкликання ідентифікатора користувача"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "підписати ключ"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "підписати ключ локально"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "підписати або редагувати ключ"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "змінити пароль"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "експортувати ключі"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "експортувати ключі на сервер ключів"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "імпортувати ключі з сервера ключів"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "шукати ключі на сервері ключів"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "оновити всі ключів з сервера ключів"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "імпортувати/об’єднати ключі"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "показати дані про стан картки"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "змінити дані на картці"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "змінити пінкод картки"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "оновити базу даних довіри"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "показати контрольні суми повідомлень"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "запустити у режимі сервера"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|встановити вказане правило TOFU для ключа"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|використовувати вказаний типовий закритий ключ"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|шифрувати також до вказаного ідентифікатора користувача"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|встановити замінники адреси електронної пошти"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "строго використовувати стандарт OpenPGP"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "не вносити змін"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "запитувати перед перезаписом"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "Параметри керування захистом"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "Параметри керування діагностичним виводом"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "створити дані у форматі ASCII"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|записати дані до вказаного файла"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "використовувати канонічний текстовий режим"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|встановити рівень стиснення (0 — вимкнути)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "Параметри керування інтерактивністю та примусом"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr ""
 "|MECHANISMS|використовувати вказаний механізм для пошуку ключів за адресою"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "імпортувати ключі з сервера ключів"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "показати список і перевірити підписи ключів"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "заборонити доступ до dirmngr"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "Параметри керування налаштуваннями"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "показати список закритих ключів"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|зашифрувати для вказаного ідентифікатора"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr ""
 "|USER-ID|використовувати для створення підписів або розшифрування вказаний "
 "ідентифікатор"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2933,7 +2816,7 @@ msgstr ""
 "(Щоб ознайомитися зі списком команд і параметрів, скористайтеся сторінкою "
 "довідника (man))\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2954,11 +2837,11 @@ msgstr ""
 " --list-keys [назви]        показати ключі\n"
 " --fingerprint [назви]      показати відбитки\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "Використання: @GPG@ [параметри] [файли] (-h — довідка)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2968,7 +2851,7 @@ msgstr ""
 "Підписування, перевірка підписів, шифрування або розшифрування\n"
 "Типова дія залежатиме від вхідних даних\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2976,77 +2859,77 @@ msgstr ""
 "\n"
 "Підтримувані алгоритми:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "Відкритий ключ: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "Шифр: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "Хеш: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "Стиснення: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "користування: %s [параметри] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "несумісні команди\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "у визначенні групи «%s» немає знаку «=»\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "УВАГА: визначення власника домашнього каталогу «%s» не є безпечним\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "УВАГА: визначення власника у файлі налаштувань «%s» не є безпечним\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "УВАГА: визначення власника додатка «%s» не є безпечним\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr ""
 "УВАГА: визначення прав доступу до домашнього каталогу «%s» не є безпечним\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr ""
 "УВАГА: визначення прав доступу до файла налаштувань «%s» не є безпечним\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "УВАГА: визначення прав доступу до додатка «%s» не є безпечним\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr ""
 "УВАГА: визначення власника підлеглого каталогу домашнього каталогу «%s» не є "
 "безпечним\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
@@ -3054,21 +2937,21 @@ msgstr ""
 "УВАГА: визначення власника у підлеглому каталозі, визначеному файлом "
 "налаштувань «%s», не є безпечним\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr ""
 "УВАГА: визначення власника підлеглого каталогу у додатку «%s» не є "
 "безпечним\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr ""
 "УВАГА: визначення прав доступу до підлеглого каталогу домашнього каталогу "
 "«%s» не є безпечним\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
@@ -3076,469 +2959,485 @@ msgstr ""
 "УВАГА: визначення прав доступу до підлеглого каталогу, визначеного файлом "
 "налаштувань «%s», не є безпечним\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr ""
 "УВАГА: визначення прав доступу до підлеглого каталогу у додатку «%s» не є "
 "безпечним\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "невідомий пункт налаштувань «%s»\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "показувати фотоідентифікатори у списках ключів"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "показувати дані щодо використання ключа у списках ключів"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "показувати адреси правил у списках підписів"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "показувати всі примітки у списках підписів"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "показувати стандартні примітки IETF у списках підписів"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "показувати примітки користувача у списках підписів"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "показувати адреси основних серверів ключів у списках підписів"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "показувати чинність ідентифікаторів користувачів у списках ключів"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr ""
 "показувати відкликані та застарілі ідентифікатори користувачів у списках "
 "ключів"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "показувати відкликані та застарілі підключі у списках ключів"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "показувати назву сховища ключів у списках ключів"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "показувати дати завершення строків дії у списку підписів"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "невідомі правила TOFU «%s»\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "(команда «help» виводить список можливих варіантів)\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "Цією командою не можна користуватися у режимі %s.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "ЗАУВАЖЕННЯ: %s не призначено для звичайного використання!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "«%s» не є коректним записом завершення строку дії підпису\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "«%s» не є коректною адресою електронної пошти\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "некоректний режим pinentry, «%s»\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "некоректне походження запиту «%s»\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "«%s» не є коректним набором символів\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "не вдалося обробити адресу сервера ключів\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: некоректні параметри сервера ключів\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "некоректні параметри сервера ключів\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: некоректні параметри імпортування\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "некоректні параметри імпортування\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "некоректний параметр фільтрування: %s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: некоректні параметри експортування\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "некоректні параметри експортування\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: некоректні параметри побудови списку\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "некоректні параметри побудови списку\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "показувати фотоідентифікатори під час перевірки підписів"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "показувати адреси правил під час перевірки підписів"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "показувати всі примітки під час перевірки підписів"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "показувати стандартні примітки IETF під час перевірки підписів"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "показувати вказані користувачем примітки під час перевірки підписів"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr ""
 "показувати адреси основних серверів ключів у списках перевірки підписів"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr ""
 "показувати чинність ідентифікаторів користувача під час перевірки підписів"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr ""
 "показувати відкликані та застарілі ідентифікатори користувачів у списках "
 "перевірки підписів"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr ""
 "показувати лише основний ідентифікатор користувача під час перевірки підписів"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "перевірити підписи за допомогою даних PKA"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "підняти рівень довіри до підписів з коректними даними PKA"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: некоректні параметри перевірки\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "некоректні параметри перевірки\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "не вдалося встановити шлях для запуску у значення %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: некоректний список auto-key-locate\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "некоректний список auto-key-locate\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "некоректний аргумент параметра «%.50s»\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "УВАГА: можливе створення дампу пам’яті програми!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "УВАГА: %s перевизначає %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s не можна використовувати разом з %s!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s є зайвим, якщо використано %s!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "УВАГА: запущено з фіктивним системним часом: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "не буде запущено з помилками у захисті пам’яті через %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "вибраний алгоритм шифрування є некоректним\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "вибраний алгоритм стискання є некоректним\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr ""
 "вибраний алгоритм створення контрольних сум для сертифікації є некоректним\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "значення completes-needed має бути більшим за 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "значення marginals-needed має перевищувати 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "значення max-cert-depth має перебувати у діапазоні від 1 до 255\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "некоректне значення default-cert-level; має бути 0, 1, 2 або 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "некоректне значення min-cert-level; має бути 1, 2 або 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr ""
 "ЗАУВАЖЕННЯ: наполегливо не рекомендуємо вам користуватися простим режимом "
 "S2K (0)\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "некоректний режим S2K; мало бути вказано 0, 1 або 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "некоректні типові параметри\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "некоректні особисті параметри шифрування\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "некоректні особисті параметри шифрування\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "некоректні особисті параметри контрольної суми\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "некоректні особисті параметри стискання\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "некоректний розмір ключа; використовуємо %u-бітовий\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s ще не може працювати разом з %s\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "алгоритм стискання «%s» не можна використовувати у режимі %s\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "не вдалося ініціалізувати базу даних надійності (TrustDB): %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr ""
 "УВАГА: отримувачів (-r) вказано без використання шифрування відкритим "
 "ключем\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "помилка під час спроби симетричного шифрування «%s»: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr ""
 "не можна використовувати комбінацію --symmetric --encrypt у режимі --s2k-"
 "mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr ""
 "не можна використовувати комбінацію --symmetric --encrypt у режимі %s\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "не можна використовувати комбінацію --symmetric --sign --encrypt у режимі --"
 "s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr ""
 "не можна використовувати комбінацію --symmetric --encrypt у режимі %s\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "помилка під час надсилання даних на сервер ключів: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "помилка під час спроби отримання даних з сервера ключів: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "помилка під час спроби експортування ключа: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "спроба експортування ключа ssh зазнала невдачі: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "помилка пошуку на сервері ключів: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "помилка оновлення з сервера ключів: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "помилка перетворення з формату ASCII: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "помилка перетворення у формат ASCII: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "некоректний алгоритм хешування «%s»\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "помилка під час спроби обробки специфікації ключа «%s»: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "«%s» не є коректним ідентифікатором ключа, відбитком або кодом\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "УВАГА: команд не надано. Намагаємося вгадати, що вам потрібно...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "Почніть вводити ваше повідомлення...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "вказана адреса правил сертифікації є некоректною\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "вказана адреса правил підписування є некоректною\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "вказана адреса основного сервера ключів є некоректною\n"
@@ -3551,7 +3450,7 @@ msgstr "|FILE|визначити ключі з файла сховища клю
 msgid "make timestamp conflicts only a warning"
 msgstr "супроводжувати конфлікти часових позначок лише попередженнями"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|записувати до дескриптора файла дані щодо стану"
 
@@ -3597,128 +3496,140 @@ msgid "do not update the trustdb after import"
 msgstr "не оновлювати базу даних довіри після імпортування"
 
 #: g10/import.c:181
+#, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "увімкнути підтримку putty"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "показувати ключ під час імпортування"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key during import"
+msgid "show key but do not actually import"
+msgstr "показувати ключ під час імпортування"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "приймати оновлення лише вже створених ключів"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "вилучити невикористані частини ключа після імпортування"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "вилучити максимум частин з ключа після імпортування"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "запустити фільтри імпортування та експортувати ключ негайно"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "припускати формат резервних копій ключів GnuPG"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "відновлювати ключі при імпортуванні"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "пропускаємо блок типу %d\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "оброблено %lu ключів\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "Загалом оброблено: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    пропущено ключів PGP-2: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "пропущено нових ключів: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "   без ід. користувача: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "           імпортовано: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "              без змін: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "нових ід. користувачів: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "       нових підключів: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        нових підписів: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "відкликань нових ключів: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "прочитано закритих ключів: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "імпортовано закр. ключів: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " закр. ключів без змін: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "        не імпортовано: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    вилучених підписів: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr " вилучених ід. корист.: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3727,169 +3638,175 @@ msgstr ""
 "УВАГА: у ключі %s містяться записи надання переваги\n"
 "недоступним алгоритмам для таких ід. користувачів:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         «%s»: перевага алгоритму шифрування %s\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         «%s»: перевага алгоритму шифрування %s\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         «%s»: перевага алгоритму контрольних сум %s\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         «%s»: перевага алгоритму стискання %s\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "наполегливо рекомендуємо вам оновити записи переваг і\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr ""
 "повторно поширити цей ключ, щоб уникнути потенційних проблем з алгоритмами\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr ""
 "оновити записи перевад можна за допомогою команди: gpg --edit-key %s updpref "
 "save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "ключ %s: немає ідентифікатор користувача\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "ключ %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "відкинуто екранувальником імпорту"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "ключ %s: відновлено пошкоджений підключ PKS\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "ключ %s: прийнято несамопідписаний ідентифікатор користувача «%s»\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "ключ %s: немає чинних ідентифікаторів користувача\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "причиною цього може бути те, що немає самопідпису\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "ключ %s: не знайдено відкритий ключ: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "ключ %s: новий ключ — пропущено\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "не виявлено придатного до запису сховища ключів: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "помилка під час спроби запису сховища ключів «%s»: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "ключ %s: імпортовано відкритий ключ «%s»\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "ключ %s: не відповідає нашій копії\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "ключ %s: «%s» 1 новий ідентифікатор користувача\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "ключ %s: «%s» %d нових ідентифікаторів користувачів\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "ключ %s: «%s» 1 новий підпис\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "ключ %s: «%s» %d нових підписів\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "ключ %s: «%s» 1 новий підключ\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "ключ %s: «%s» %d нових підключів\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "ключ %s: «%s» вилучено %d підпис\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "ключ %s: «%s» вилучено %d підписів\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "ключ %s: «%s» спорожнено %d ідентифікатор користувача\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "ключ %s: «%s» спорожнено %d ідентифікаторів користувачів\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "ключ %s: «%s» не змінено\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "ключ %s: імпортовано закритий ключ\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "ключ %s: закритий ключ вже існує\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "ключ %s: помилка під час спроби надсилання агенту: %s\n"
@@ -3902,203 +3819,210 @@ msgstr "ключ %s: помилка під час спроби надсилан
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 "Для перенесення «%s» на кожній із карток пам’яті слід виконати таку команду: "
 "%s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "закритий ключ %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "імпортування закритих ключів заборонено\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "ключ %s: закритий ключ з некоректним шифром %d — пропущено\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "Причину не вказано"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "Ключ замінено"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "Ключ скомпрометовано"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "Ключ більше не використовується"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "Ідентифікатор користувача втратив чинність"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "причина відкликання: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "коментар щодо відкликання: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr ""
 "ключ %s: немає відкритого ключа — не можна застосовувати сертифікат "
 "відкликання\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "ключ %s: не вдалося знайти початковий блок ключів: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "ключ %s: не вдалося прочитати початковий блок ключів: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "ключ %s: некоректний сертифікат відкликання: %s — відкинуто\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "ключ %s: імпортовано сертифікат відкликання «%s»\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "ключ %s: немає ідентифікатор користувача для підпису\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr ""
 "ключ %s: непідтримуваний алгоритм створення відкритого ключа для "
 "ідентифікатора користувача «%s»\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "ключ %s: некоректний самопідпис для ідентифікатора користувача «%s»\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "ключ %s: непідтримуваний алгоритм створення відкритого ключа\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "ключ %s: некоректний безпосередній підпис ключа\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "ключ %s: немає підключа для зв’язування ключів\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "ключ %s: некоректне зв’язування підключів\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "ключ %s: вилучено кратне зв’язування підключів\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "ключ %s: немає підключа для відкликання ключа\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "ключ %s: некоректне відкликання підключа\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "ключ %s: вилучено кратне відкликання підключа\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "ключ %s: пропущено ідентифікатор користувача «%s»\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "ключ %s: пропущено підключ\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "ключ %s: непридатний до експорту підпис (клас 0x%02X) — пропущено\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "ключ %s: сертифікат відкликання у помилковому місці — пропущено\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "ключ %s: некоректний сертифікат відкликання: %s — пропущено\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "ключ %s: підпис підключа у помилковому місці — пропущено\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "ключ %s: неочікуваний клас підпису (0x%02X) — пропущено\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "ключ %s: виявлено дублювання ідентифікаторів користувача — об’єднано\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "ключ %s: виявлено дублювання ідентифікаторів користувача — об’єднано\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "УВАГА: ключ %s могло бути відкликано: отримуємо ключ відкликання %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "УВАГА: ключ %s могло бути відкликано: ключа відкликання %s немає.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "ключ %s: додано сертифікат відкликання «%s»\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "ключ %s: додано безпосередній підпис ключа\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "помилка під час спроби отримання області пам’яті: %s\n"
@@ -4122,12 +4046,12 @@ msgstr ""
 msgid " (reordered signatures follow)"
 msgstr " (нижче наведено перевпорядковані підписи)"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "ключ %s:\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
@@ -4135,7 +4059,7 @@ msgstr[0] "вилучено %d дублікат підпису\n"
 msgstr[1] "вилучено %d дублікати підписів\n"
 msgstr[2] "вилучено %d дублікатів підписів\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
@@ -4143,7 +4067,7 @@ msgstr[0] "%d підпис не перевірено через те, що не
 msgstr[1] "%d підписи не перевірено через те, що немає ключа\n"
 msgstr[2] "%d підписів не перевірено через те, що немає ключа\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
@@ -4151,7 +4075,7 @@ msgstr[0] "%d помилкових підпис\n"
 msgstr[1] "%d помилкових підписи\n"
 msgstr[2] "%d помилкових підписів\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
@@ -4159,7 +4083,7 @@ msgstr[0] "перевпорядковано %d підпис\n"
 msgstr[1] "перевпорядковано %d підписи\n"
 msgstr[2] "перевпорядковано %d підписів\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
@@ -4168,37 +4092,32 @@ msgstr ""
 "Попередження: виявлено помилки, перевірка виконувалася лише для "
 "самопідписування, віддайте команду «%s», щоб перевірити усі підписи.\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "помилка під час спроби створення сховища ключів «%s»: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "помилка під час спроби створення сховища ключів «%s»: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "створено сховище ключів «%s»\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "створено сховище ключів «%s»\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "ресурс блоку ключів «%s»: %s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "помилка під час спроби відкрити базу даних ключів: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "не вдалося перебудувати кеш сховища ключів: %s\n"
@@ -4211,7 +4130,7 @@ msgstr "[відкликання]"
 msgid "[self-signature]"
 msgstr "[самопідпис]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4222,12 +4141,12 @@ msgstr ""
 "ключів інших\n"
 "користувачів (за паспортами, відбитками з інших джерел тощо)\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = Я довіряю не повністю\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = Я довіряю повністю\n"
@@ -4259,12 +4178,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "Ідентифікатор користувача «%s» відкликано."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "Ви певні, що все ще бажаєте підписати його? (y/N або т/Н) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  Неможливо підписати.\n"
 
@@ -4439,198 +4358,202 @@ msgstr "Цей ключ ретельно перевірено мною.\n"
 msgid "Really sign? (y/N) "
 msgstr "Підписати? (y/N або т/Н) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "помилка під час спроби підписування: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr ""
 "До ключа включено лише типовий заповнювач або записи ключа з картки — ніяких "
 "паролів не потрібно змінювати.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "ключ %s: помилка під час спроби зміни пароля: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "зберегти і вийти"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "показати відбиток ключа"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "показати keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "показати список ключів та ідентифікаторів користувача"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "вибрати вказаний ідентифікатор користувача"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "вибрати вказаний підключ"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "перевірити підписи"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr ""
 "підписати вибрані ідентифікатори користувачів [* нижче наведено відповідні "
 "команди]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "підписати вибрані ідентифікатори користувача локально"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "підписати вибрані ідентифікатори користувача підписом надійності"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr ""
 "підписати вибрані ідентифікатори користувача підписом, який не можна "
 "відкликати"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "додати ідентифікатор користувача"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "додати фотоідентифікатор"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "вилучити вибрані ідентифікатори користувача"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "додати підключ"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "додати ключ на картку пам’яті"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "пересунути ключ на картку пам’яті"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "пересунути резервний ключ на картку пам’яті"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "вилучити вибрані підключі"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "додати ключ відкликання"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "вилучити підписи з вибраних ідентифікаторів користувача"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "змінити дату завершення строку дії ключа або вибраних ключів"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "позначити вибраний ідентифікатор користувача як основний"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "список переваг (експертний)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "список переваг (докладний)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "встановити список параметрів для вибраних ідентифікаторів користувачів"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr ""
 "встановити адресу основного сервера ключів для вибраних ідентифікаторів "
 "користувачів"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "встановити примітку для вибраного ідентифікатора користувача"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "змінити пароль"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "змінити рівень довіри до власника"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "відкликати підписи для вибраних ідентифікаторів користувачів"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "відкликати вибрані ідентифікатори користувачів"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "відкликати ключ або вибрані підключі"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "увімкнути ключ"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "вимкнути ключ"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "показати вибрані фотоідентифікатори"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr ""
 "ущільнити непридатні до використання ідентифікатори користувачів і вилучити "
 "невикористані підписи з ключа"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr ""
 "ущільнити непридатні до використання ідентифікатори користувачів і вилучити "
 "всі підписи з ключа"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "Доступний закритий ключ.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "Доступні закриті підключі.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "Для цього потрібен закритий ключ.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4641,291 +4564,296 @@ msgstr ""
 "  «t» для надійних підписів (tsign), «nr» для підписів без відкликання\n"
 "  (nrsign) або будь-яку комбінацію (ltsign, tnrsign тощо).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "Ключ відкликано."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "Підписати всі текстові ідентифікатори користувача? (y/N або т/Н) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "Підписати всі ідентифікатори користувача? (y/N або т/Н) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "Підказка: виберіть ідентифікатори користувача для підписування\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "Невідомий тип підпису «%s»\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Цією командою не можна користуватися у режимі %s.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "Вам слід вибрати принаймні один ідентифікатор користувача.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "(Скористайтеся командою «%s».)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "Не можна вилучати останній ідентифікатор користувача!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "Вилучити всі вибрані ідентифікатори користувачів? (y/N або т/Н) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "Вилучити цей ідентифікатор користувача? (y/N або т/Н) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "Вилучити основний ключ? (y/N або т/Н) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "Вам слід вибрати лише один ключ.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "Для команди слід вказати аргумент з назвою файла\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "Не вдалося відкрити «%s»: %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "Помилка читання резервного ключа з «%s»: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "Вам слід вибрати принаймні один ключ.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "Справді бажаєте вилучити вибрані ключі? (y/N або т/Н) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "Справді бажаєте вилучити цей ключ? (y/N або т/Н) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "Відкликати всі вибрані ідентифікатори користувачів? (y/N або т/Н) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "Відкликати цей ідентифікатор користувача? (y/N або т/Н) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "Ви справді бажаєте відкликати весь ключ? (y/N або т/Н) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "Ви справді бажаєте відкликати позначені підключі? (y/N або т/Н) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "Ви справді бажаєте відкликати цей підключ? (y/N або т/Н) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr ""
 "Не можна встановлювати довіру до власника, якщо використовується вказана "
 "користувачем база даних довіри\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "Встановити список переваг:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr ""
 "Оновити переваги для вибраних ідентифікаторів користувачів? (y/N або т/Н) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "Оновити параметри? (y/N або т/Н) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "Зберегти зміни? (y/N або т/Н) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "Вийти без збереження? (y/N або т/Н) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "Ключ не змінено, отже оновлення непотрібне.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "Не можна вилучати останній ідентифікатор користувача!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "помилка перевірки списку довіри: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "помилка перевірки списку довіри: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "«%s» не є відбитком\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "«%s» не є основним відбитком\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "Некоректний ідентифікатор користувача «%s»: %s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "Немає відповідних ідентифікаторів користувачів."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "Нічого підписувати.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "Не підписано вами.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "невдала спроба перевірити створений підпис: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "«%s» не є коректним записом завершення строку дії\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "«%s» не є належним відбитком\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "не знайдено підключ «%s»\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "Контрольна сума: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "Можливості: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "Сервер ключів без можливості зміни"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "Основний сервер ключів: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "Примітки: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr ""
 "Переваг для ідентифікаторів користувачів у форматі PGP 2.x не передбачено.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "Вказаний нижче ключ було відкликано %s %s ключем %s\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "Цей ключ може бути відкликано %s ключем %s"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(важливий)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "створено: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "відкликано: %s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "не діє з: %s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "діє до: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "використання: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "номер картки: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "надійність: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "чинність: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "Цей ключ було вимкнено"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4933,17 +4861,17 @@ msgstr ""
 "Зауважте, що показані дані щодо чинності ключів не обов’язково є коректними\n"
 "до перезапуску програми.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "відкликано"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "збіг строк дії"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4954,17 +4882,17 @@ msgstr ""
 "              цієї команди можна зробити основним інший ідентифікатор "
 "користувача.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "УВАГА: строк дії вашого підключа імпортування невдовзі завершиться.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "Ймовірно, вам варто змінити також і його строк дії.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4974,35 +4902,35 @@ msgstr ""
 "до відмови\n"
 "         у використанні цього ключа деякими версіями PGP.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "Ви справді бажаєте додати його? (y/N або т/Н) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "Не можна додавати фотоідентифікатор до ключа у форматі PGP2.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "У цьому ключі вже існує такий ідентифікатор користувача!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "Вилучити цей дійсний підпис? (y/N/q або т/Н/в)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "Вилучити цей некоректний підпис? (y/N/q або т/Н/в)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "Вилучити цей невідомий підпис? (y/N/q або т/Н/в)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "Вилучити цей самопідпис? (y/N або т/Н)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
@@ -5010,20 +4938,20 @@ msgstr[0] "Вилучено %d підпис.\n"
 msgstr[1] "Вилучено %d підписи.\n"
 msgstr[2] "Вилучено %d підписів.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "Нічого не вилучено.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "некоректний"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "Ідентифікатор користувача «%s» ущільнено: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
@@ -5031,17 +4959,17 @@ msgstr[0] "Ідентифікатор користувача «%s»: вилуч
 msgstr[1] "Ідентифікатор користувача «%s»: вилучено %d підписів\n"
 msgstr[2] "Ідентифікатор користувача «%s»: вилучено %d підписів\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "Ідентифікатор користувача «%s»: вже мінімізовано\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "Ідентифікатор користувача «%s»: вже очищено\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5051,42 +4979,42 @@ msgstr ""
 "призвести до відмови\n"
 "         у використанні цього ключа деякими версіями PGP.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "Не можна додавати підписане відкликання до ключа у форматі PGP 2.x.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "Вкажіть ідентифікатор користувача підписаного відкликання: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "не можна призначати ключ у форматі PGP 2.x підписаним відкликанням\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "не можна призначати ключ власним підписаним відкликанням\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "цей ключ вже було позначено як призначений для відкликання\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr ""
 "УВАГА: призначення ключа як підписаного відкликання не можна скасовувати!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr ""
 "Ви справді бажаєте призначити цей ключ як підписане відкликання? (y/N або т/"
 "Н) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
@@ -5094,237 +5022,243 @@ msgstr ""
 "Ви справді хочете змінити час вичерпання строку дії для декількох підключів? "
 "(y/N або т/Н) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "Зміна часу завершення строку дії для підключа.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "Зміна часу завершення строку дії для основного ключа.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "Не можна змінювати дату завершення строку дії ключа v3\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "Змінюємо використання підключа.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "Змінюємо використання основного підключа.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "підписування підключа %s вже перехресно сертифіковано\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr ""
 "підключ %s не призначено для підписування, отже його не потрібно перехресно "
 "сертифікувати\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "Будь ласка, виберіть лише один ідентифікатор користувача.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "пропускаємо самопідпис v3 для ідентифікатора користувача «%s»\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "Вкажіть адресу вашого основного сервера ключів: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "Ви справді бажаєте замінити його? (y/N або т/Н) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "Ви справді бажаєте вилучити його? (y/N або т/Н) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "Вкажіть примітку: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "Продовжувати? (y/N або т/Н) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "Ідентифікатора користувача з індексом %d не існує\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "Ідентифікатора користувача з хешем %s не існує\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "Піключа із ідентифікатором ключа «%s» не існує.\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "Підключа з індексом %d не існує\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "Ідентифікатор користувача: «%s»\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "підписано вашим ключем %s %s%s%s\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (неекспортовний)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "Строк дії цього підпису завершується %s.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "Ви справді бажаєте відкликати його? (y/N або т/Н) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "Створити сертифікат відкликання для цього підпису? (y/N або т/Н) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "Вами підписано ці ідентифікатори користувачів у ключі %s:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (невідкликуваний)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "відкликано вашим ключем %s у %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "Ви маєте намір відкликати ці підписи:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "Справді створити сертифікати відкликання? (y/N або т/Н) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "немає закритого ключа\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "спроба відкликати ідентифікатор, який не належить користувачеві: %s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "ідентифікатор користувача «%s» вже відкликано\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr ""
 "УВАГА: підпис ідентифікатора користувача позначено датою на %d секунд у "
 "майбутньому\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "Не можна вилучати останній ідентифікатор користувача!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "Ключ %s вже відкликано.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "Підключ %s вже відкликано.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Показ фотоідентифікатора %s розміру %ld для ключа %s (uid %d)\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "некоректне значення параметра «%s»\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "запис переваги «%s» продубльовано\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "занадто багато записів переваг шифрів\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "занадто багато записів переваг контрольних сум\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "занадто багато записів переваг стискання\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "занадто багато записів переваг шифрів\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "некоректний запис «%s» у рядку переваг\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "записування безпосереднього підпису\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "записування самопідпису\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "записування підпису прив’язування ключа\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "некоректний розмір ключа; використовуємо %u-бітовий\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "розмір ключа округлено до %u-бітового\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
@@ -5332,19 +5266,19 @@ msgstr ""
 "УВАГА: деякі з програм OpenPGP не можуть працювати з ключем DSA з таким "
 "розміром контрольної суми\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "Підписати"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "Сертифікувати"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "Зашифрувати"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "Пройти розпізнавання"
 
@@ -5358,163 +5292,181 @@ msgstr "Пройти розпізнавання"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "Можливі дії з ключем %s: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "Поточні дозволені дії: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) увімкнути або вимкнути можливість підписування\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) увімкнути або вимкнути можливість шифрування\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr ""
 "   (%c) увімкнути або вимкнути можливість використання для розпізнавання\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) вийти\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA і RSA (типовий)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA і Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (лише підписування)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (лише підписування)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (лише шифрування)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (лише шифрування)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (із визначенням можливостей власноруч)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (із визначенням можливостей власноруч)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC та ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) підписування, шифрування\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC (лише підписування)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "  (%d) ECC (із визначенням можливостей власноруч)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "  (%d) ECC (лише шифрування)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) Вже записаний ключ\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) Вже записаний ключ з картки\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "Вкажіть keygrip: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "Некоректний keygrip (мало бути вказано 40 шістнадцяткових цифр)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "Немає ключів з таким значенням keygrip\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "помилка читання картки: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "Серійний номер картки: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "Доступні ключі:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "округлено до %u бітів\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "ключі %s можуть мати довжину від %u до %u бітів.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "Якою має бути довжина підключа? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Запитана довжина ключа — %u бітів\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "Вкажіть потрібну вам еліптичну криву:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5530,7 +5482,7 @@ msgstr ""
 "      <n>m = строк чинності у n місяців\n"
 "      <n>y = строк чинності у n років\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5546,38 +5498,38 @@ msgstr ""
 "      <n>m = строк чинності підпису у n місяців\n"
 "      <n>y = строк чинності підпису у n років\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "Яким є строк чинності ключа? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "Яким є строк чинності підпису? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "некоректне значення\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "Ключ не має обмеження строку дії\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "Підпис не має обмеження строку дії\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "Ключ діє до %s\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "Підпис діє до %s\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5585,11 +5537,11 @@ msgstr ""
 "У вашій системі неможливий показ дат після 2038 року.\n"
 "Але програма коректно оброблятиме ці дати до 2106 року.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "Все правильно? (y/N або т/Н) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5604,7 +5556,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5621,49 +5573,49 @@ msgstr ""
 "    \"Ivan Ivanenko (farmer) <iivanenko@moyahata.ua>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "Справжнє ім’я: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "Некоректний символ у імені\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "Не можна використовувати символи «%s» і «%s» у назві\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "Ім’я не може починатися з цифри\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "Ім’я має бути не коротшим за 5 літер\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "Адреса ел. пошти: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "Некоректна адреса електронної пошти\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "Коментар: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "Некоректний символ у коментарі\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "Вами використано таблицю символів «%s».\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5674,7 +5626,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr ""
 "Будь ласка, не використовуйте адресу електронної пошти у полях справжнього "
@@ -5691,32 +5643,32 @@ msgstr ""
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "Змінити назву (N), коментар (C), ел. пошту (E) або вийти (Q)? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr ""
 "Змінити назву (N), коментар (C), ел. пошту (E) або гаразд (O) чи вийти (Q)? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "Змінити назву (N), ел. пошту (E) або вийти (Q)? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "Змінити назву (N), ел. пошту (E) або гаразд (O) чи вийти (Q)? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "Спочатку виправте помилку\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5728,13 +5680,13 @@ msgstr ""
 "під час створення простого числа. Це надасть змогу генератору\n"
 "псевдовипадкових чисел створити краще випадкове число.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "Помилка під час спроби створення ключа: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5745,66 +5697,66 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "Продовжити? (Y (так)/n (ні)) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "Ключ для «%s» вже існує\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "Створити попри це? (y (так)/N (ні)) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "створюємо попри усе\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr ""
 "Зауваження: скористайтеся «%s %s», щоб викликати повноцінне діалогове вікно "
 "створення ключа.\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "Створення ключа скасовано.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "не вдалося створити файл резервної копії «%s»: %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "ЗАУВАЖЕННЯ: резервну копію ключа на картці збережено до «%s»\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "записуємо відкритий ключ до «%s»\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "не знайдено придатного до запису сховища відкритих ключів: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "помилка під час спроби запису до сховища відкритих ключів «%s»: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "відкритий і закритий ключі створено і підписано.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5812,7 +5764,7 @@ msgstr ""
 "Зауважте, що цей ключ не може бути використано для шифрування. Ви можете\n"
 "скористатися командою «--edit-key» для створення підключа з цією метою.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
@@ -5820,7 +5772,7 @@ msgstr ""
 "ключ було створено з позначкою на %lu секунд у майбутньому (часова петля або "
 "проблема з годинником)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
@@ -5828,50 +5780,50 @@ msgstr ""
 "ключ було створено з позначкою на %lu секунду у майбутньому (часова петля "
 "або проблема з годинником)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "ЗАУВАЖЕННЯ: створення підключів для ключів v3 несумісне з OpenPGP\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "Закриті частини основного ключа недоступні.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "Закриті частини основного ключа зберігаються на картці.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "Створити? (y/N або т/Н) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "ніколи    "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "Критичні правила підпису: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "Правила підпису: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "Критичний основний сервер ключів: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "Критична примітка підпису: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "Примітка підпису: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
@@ -5879,7 +5831,7 @@ msgstr[0] "%d добрий підпис\n"
 msgstr[1] "%d добрих підписи\n"
 msgstr[2] "%d добрих підписів\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
@@ -5887,7 +5839,7 @@ msgstr[0] "%d підпис не перевірено через помилку\n
 msgstr[1] "%d підписи не перевірено через помилку\n"
 msgstr[2] "%d підписів не перевірено через помилку\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
@@ -5897,42 +5849,42 @@ msgstr[1] ""
 msgstr[2] ""
 "Попередження: %lu ключів пропущено через їхній надто великий розмір\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "Сховище ключів"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "Основний відбиток ключа:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "      Відбиток підключа:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "Відбиток основного ключа:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "       Відбиток підключа:"
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      Відбиток ключа ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "Серійний номер картки ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "кешування сховища ключів «%s»\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
@@ -5940,7 +5892,7 @@ msgstr[0] "зараз кешовано %lu ключів (%lu підпис)\n"
 msgstr[1] "зараз кешовано %lu ключів (%lu підписи)\n"
 msgstr[2] "зараз кешовано %lu ключів (%lu підписів)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
@@ -5948,7 +5900,7 @@ msgstr[0] "кешовано %lu ключ"
 msgstr[1] "кешовано %lu ключі"
 msgstr[2] "кешовано %lu ключів"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
@@ -5956,59 +5908,54 @@ msgstr[0] " (%lu підпис)\n"
 msgstr[1] " (%lu підписи)\n"
 msgstr[2] " (%lu підписів)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: створено сховище ключів\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "перевизначити параметри проксі, встановлені для dirmngr"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "включити до результатів пошуку відкликані ключі"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "включити підключі до пошуку за ідентифікатором ключа"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "перевизначити параметри часу очікування, встановлені для dirmngr"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "автоматично отримувати ключі під час перевірки підписів"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "брати до уваги адресу основного сервера ключів, встановлену у ключі"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr ""
-"брати до уваги запис PKA, встановлений у ключі під час отримання ключів"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "вимкнено"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "Вкажіть номер, далі (N) чи вийти (Q) > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "некоректний протокол сервера ключів (наш %d!=%d обробника)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "«%s» не є ідентифікатором ключа: пропускаємо\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
@@ -6016,450 +5963,458 @@ msgstr[0] "оновлюємо %d ключ з %s\n"
 msgstr[1] "оновлюємо %d ключі з %s\n"
 msgstr[2] "оновлюємо %d ключів з %s\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "УВАГА: не вдалося оновити ключ %s за допомогою %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "ключ «%s» не знайдено на сервері ключів\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "ключ не знайдено на сервері ключів\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "надсилаємо запит щодо ключа %s до %s сервера %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "надсилаємо запит щодо ключа %s з %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "немає відомих серверів ключів\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "пропущено «%s»: %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "надсилаємо ключ %s на %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "надсилаємо запит щодо ключа з «%s»\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "УВАГА: не вдалося отримати адресу %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "дивний розмір для зашифрованого ключа сеансу (%d)\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "зашифрований %s ключ сеансу\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "зашифровано за допомогою невідомого алгоритму %d\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr ""
 "пароль створено за допомогою невідомого алгоритму створення контрольних сум "
 "%d\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "відкритий ключ — %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "зашифровані відкритим ключем дані: належний DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr ""
 "зашифровано за допомогою %u-бітового %s ключа, ідентифікатор %s, створено "
 "%s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      «%s»\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "зашифровано ключем %s, ідентифікатор %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "невдала спроба розшифровування відкритим ключем: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "УВАГА: виявлено декілька фрагментів нешифрованого тексту\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "зашифровано за допомогою %lu паролів\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "зашифровано за допомогою 1 пароля\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "невдала спроба розшифровування відкритим ключем: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "зашифровані відкритим ключем дані: належний DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "припускаємо, що дані зашифровано %s\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "Шифр IDEA недоступний, спробуємо скористатися замість нього %s\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "УВАГА: цілісність повідомлення не захищено\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "невдала спроба розшифрування: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "розшифровано\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "УВАГА: зашифроване повідомлення було змінено!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "невдала спроба розшифрування: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "ЗАУВАЖЕННЯ: вимога відправника: «лише для Вас»\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "початкова назва файла=«%.*s»\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr ""
 "окреме відкликання — скористайтеся командою «gpg --import» для застосування\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "підпису не знайдено\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "ПОМИЛКОВИЙ підпис від «%s»"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "Прострочений підпис від «%s»"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "Належний підпис від «%s»"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "перевірку підписів придушено\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "не вдалося обробити ці дані з неоднозначним підписом\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "Підпис створено %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               за допомогою %s ключа %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Підпис створено %s ключем %s з ідентифікатором %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               видавець «%s»\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "Ключ доступний на: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[непевний]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                або «%s»"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr ""
 "УВАГА: цей ключ не можна використовувати для підписування у режимі %s\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "Строк дії підпису вичерпано %s\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "Підпис діє до %s\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s підпис, алгоритм контрольної суми %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "двійковий"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "текстовий"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "невідомо"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", алгоритм ключа "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "УВАГА: не відє’днаний підпис; файл «%s» не було перевірено!\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "Не вдалося перевірити підпис: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "не є від’єднаним підписом\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "УВАГА: виявлено кратні підписи. Буде перевірено лише перший.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "окремий підпис класу 0x%02x\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "підпис у застарілому форматі (PGP 2.x)\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "помилка fstat щодо «%s» у %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "помилка fstat(%d) у %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr ""
 "УВАГА: використовуємо експериментальний алгоритм створення відкритого ключа "
 "%s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr ""
 "УВАГА: ключі підписування і шифрування Elgamal вважаються застарілими\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "УВАГА: використовуємо експериментальний алгоритм шифрування %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr ""
 "УВАГА: використовуємо експериментальний алгоритм обчислення контрольних сум "
 "%s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "УВАГА: алгоритм обчислення контрольних сум %s вважається застарілим\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "Зауваження: підписи за допомогою алгоритму %s відкинуто\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "Note: signatures using the %s algorithm are rejected\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "Зауваження: підписи за допомогою алгоритму %s відкинуто\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "(повідомлена помилка: %s)\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "(повідомлена помилка: %s <%s>)\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "(подальша інформація: "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: застарілий параметр «%s»\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "УВАГА: «%s» вважається застарілим параметром\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "будь ласка, скористайтеся «%s%s»\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "УВАГА: «%s» вважається застарілою командою — не користуйтеся нею\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: «%s» є застарілим у цьому файлі — він працює лише у %s\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr ""
 "УВАГА: «%s%s» є застарілим параметром — він не працюватиме, окрім як на %s\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "Нестиснений"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "uncompressed|немає"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "використання цього повідомлення щодо %s може бути неможливим\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "неоднозначний параметр «%s»\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "невідомий параметр «%s»\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr ""
 "Відкритий ключ ECDSA має зберігатися у кодуванні SEC кратному 8-бітовому\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "невідома слабка контрольна сума «%s»\n"
@@ -6482,89 +6437,78 @@ msgstr "%s: невідомий суфікс\n"
 msgid "Enter new filename"
 msgstr "Введіть нову назву файла"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "записуємо до stdout\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "припускаємо підписані дані у «%s»\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "робота з алгоритмом створення відкритого ключа %d неможлива\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr ""
 "УВАГА: потенційно небезпечний зашифрований симетричним алгоритмом ключ "
 "сеансу\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "Критична примітка підпису: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "підпакет типу %d містить критичний набір бітів\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "проблема з агентом: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "Вкажіть новий пароль"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "Вкажіть пароль\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "скасовано користувачем\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (ідентифікатор основного ключа %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "Вкажіть пароль для розблокування закритого ключа OpenPGP:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "Вкажіть пароль для імпортування закритого ключа OpenPGP:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "Вкажіть пароль для експортування закритого підключа OpenPGP:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "Вкажіть пароль для експортування закритого ключа OpenPGP:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "Справді хочете остаточно вилучити закритий підключ OpenPGP:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "Справді хочете остаточно вилучити закритий ключ OpenPGP:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6579,7 +6523,7 @@ msgstr ""
 "створено %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6594,96 +6538,141 @@ msgstr ""
 "дуже велике зображення, ваш ключ також стане дуже великим!\n"
 "Варто дотримуватися розмірів, близьких до 240x288.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "Вкажіть назву файла JPEG для фотоідентифікатора: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "не вдалося відкрити файл JPEG «%s»: %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "Цей файл JPEG є дуже великим (%d байтів)!\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "Вам справді хочеться ним скористатися? (y/N або т/Н) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "«%s» не є файлом JPEG\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Це потрібна вам фотографія (y/N/q)? "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "показ фотоідентифікатора неможливий!\n"
+msgid "no remote program execution supported\n"
+msgstr "виконання віддалених програм не передбачено\n"
 
-#. TRANSLATORS: These are the allowed answers in lower and
-#. uppercase.  Below you will find the matching strings which
-#. should be translated accordingly and the letter changed to
-#. match the one in the answer string.
-#.
-#. i = please show me more information
-#. m = back to the main menu
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"на цій платформі слід використовувати тимчасові файли під час виклику "
+"зовнішніх програм\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "не вдалося виконати оболонку «%s»: %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "неприродний вихід з зовнішньої програми\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "системна помилка під час спроби виклику зовнішньої програми: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "УВАГА: не вдалося вилучити тимчасовий файл (%s) «%s»: %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "УВАГА: не вдалося вилучити тимчасовий каталог «%s»: %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"виклик зовнішніх програм вимкнено через невідповідність прав доступу до "
+"файла параметрами безпеки\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "показ фотоідентифікатора неможливий!\n"
+
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase.  Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "Не вказано значення довіри до:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  або «%s»\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr ""
 "Наскільки ви певні, що цей ключ справді належить користувачеві з вказаним "
 "іменем?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = не знаю або не скажу\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = НЕ довіряю\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = довіряю без обмежень\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = повернутися до головного меню\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = пропустити цей ключ\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = вийти\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6692,49 +6681,49 @@ msgstr ""
 "Мінімальним рівнем довіри до цього ключа є %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "Ваше рішення? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr ""
 "Ви справді хочете встановити необмежену довіру до цього ключа? (y/N або т/Н) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "Сертифікати, що призводять до необмеженої довіри до ключа:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr ""
 "%s: немає певності щодо належності цього ключа користувачеві з вказаним "
 "іменем\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr ""
 "%s: є певні свідчення належності цього ключа користувачеві з вказаним "
 "іменем\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "Ймовірно, цей ключ належить користувачеві з вказаним іменем\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "Цей ключ належить нам\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s: цей ключ є помилковим! Його позначено як не вартий довіри!\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6744,7 +6733,7 @@ msgstr ""
 "ви попри це впевнені у наслідках своїх дій, вам слід відповісти\n"
 "на наступне питання «так».\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6755,142 +6744,161 @@ msgstr ""
 "відомі наслідки ваших дій, можете ствердно відповісти\n"
 "на наступне питання.\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "Попри все використовувати цей ключ? (y/N або т/Н) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "УВАГА: використовуємо ненадійний ключ!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "УВАГА: цей ключ могло бути відкликано (немає ключа відкликання)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "Ідентифікатор користувача: «%s»\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "вказано параметр «%s», але не вказано параметр «%s»\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "ключ %s: не відповідає нашій копії\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "option '%s' given, but option '%s' not given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "вказано параметр «%s», але не вказано параметр «%s»\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "УВАГА: цей ключ було відкликано відповідною особою!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "УВАГА: цей ключ було відкликано власником!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         Це може означати, що підпис було підроблено.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "УВАГА: цей підключ було відкликано його власником!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "Зауваження: цей ключ було вимкнено.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "Зауваження: перевіреною адресою автора підпису є «%s»\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "Зауваження: адреса автора підпису «%s» не збігається з записом DNS\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "рівень довіри змінено на FULL (повна) через коректність даних PKA\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "рівень довіри змінено на NEVER (ніколи) через помилки у даних PKA\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "Зауваження: строк дії цього ключа вичерпано!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "УВАГА: цей ключ не сертифіковано за допомогою надійного підпису!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "УВАГА: цей ключ не сертифіковано за допомогою надійного підпису!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         Немає підтверджень належності підпису його власнику.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "УВАГА: ми НЕ довіряємо цьому ключу!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         Підпис, ймовірно, є ПІДРОБКОЮ.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr "УВАГА: цей ключ не сертифіковано достатньо надійними підписами!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr "УВАГА: цей ключ не сертифіковано достатньо надійними підписами!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         Певності у належності підпису його власнику немає.\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: пропущено: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: пропущено: відкритий ключ вимкнено\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: пропущено: відкритий ключ вже існує\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "не вдалося зашифрувати до «%s»\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "вказано параметр «%s», але не вказано коректних типових ключів\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "вказано параметр «%s», але не вказано параметр «%s»\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr ""
 "Вами не вказано ідентифікатора користувача. (можете скористатися «-r»)\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "Поточні отримувачі:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6898,40 +6906,40 @@ msgstr ""
 "\n"
 "Вкажіть ідентифікатор користувача. Дані слід завершити порожнім рядком: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "Немає такого ідентифікатора користувача.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "пропущено: відкритий ключ вже встановлено для типового отримувача\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "Відкритий ключ вимкнено.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "пропущено: відкритий ключ вже встановлено\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "невідомий типовий отримувач «%s»\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "немає коректних адрес\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "Зауваження: у ключі %s не передбачено можливості %s\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "Зауваження: у ключі %s не передбачено переваг для %s\n"
@@ -6943,76 +6951,82 @@ msgstr ""
 "дані не збережено; скористайтеся для їхнього збереження параметром «--"
 "output»\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "Від’єднаний підпис.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "Будь ласка, вкажіть назву файла даних: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "читаємо дані з stdin...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "немає підписаних даних\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "не вдалося відкрити підписані дані «%s»\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "не вдалося відкрити підписані дані fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "ключ %s не можна використовувати для розшифровування у режимі %s\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "анонімний отримувач; спробуємо закритий ключ %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "key %s is not suitable for decryption in %s mode\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "ключ %s не можна використовувати для розшифровування у режимі %s\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "добре, ми є анонімним отримувачем.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "застаріле кодування DEK не підтримується\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "алгоритм шифрування %d%s є невідомим або вимкненим\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "УВАГА: не виявлено алгоритму шифрування %s у перевагах отримувача\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "ЗАУВАЖЕННЯ: строк дії закритого ключа %s завершився %s\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "ЗАУВАЖЕННЯ: ключ було відкликано"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "помилка build_packet: %s\n"
@@ -7030,38 +7044,38 @@ msgstr "Буде відкликано:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(Це критичний ключ відкликання)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "Закритий ключ недоступний.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr ""
 "Створити підписаний сертифікат відкликання для цього ключа? (y/N або т/Н) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "Призначено виведення у форматі ASCII.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "помилка make_keysig_packet: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "Створено сертифікат відкликання.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "для «%s» не знайдено ключів відкликання\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "Це сертифікат відкликання для ключа OpenPGP:"
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -7072,7 +7086,7 @@ msgstr ""
 "Такий сертифікат відкликання не можна скасовувати після його\n"
 "оприлюднення."
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -7087,7 +7101,7 @@ msgstr ""
 "можна знайти у розділах підручника з GnuPG щодо команди\n"
 "gpg «--generate-revocation»."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -7098,12 +7112,12 @@ msgstr ""
 "редакторі, перш ніж імпортувати або оприлюднювати цей сертифікат\n"
 "відкликання."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "сертифікат відкликання збережено як «%s.rev»\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "закритий ключ «%s» не знайдено\n"
@@ -7116,16 +7130,16 @@ msgstr "закритий ключ «%s» не знайдено\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "«%s» відповідає декільком закритим ключам:\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "помилка під час спроби пошуку у сховищі ключів: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "Створити сертифікат відкликання для цього ключа? (y/N або т/Н) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7145,37 +7159,37 @@ msgstr ""
 "може зберігати дані друку, доступ до яких зможуть отримати\n"
 "сторонні люди!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "Будь ласка, вкажіть причину відкликання:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "Скасувати"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(Ймовірно, вам варто тут вибрати %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "Вкажіть необов’язковий опис; завершіть його порожнім рядком:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "Причина відкликання: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(Опису не надано)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "Все правильно? (y/N або т/Н) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "створено слабкий ключ — повторюємо спробу\n"
@@ -7187,50 +7201,45 @@ msgstr ""
 "не вдалося створити стійкий ключ для симетричного шифрування; спроба "
 "виконувалася %d разів!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "Ключ %s використовує %s недостатньо міцний (%zu-бітовий) хеш\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr ""
 "Для використання %s ключа %s потрібен хеш з %zu або більше бітів (маємо хеш "
 "%s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "ключ %s не можна використовувати для підписування у режимі %s\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "УВАГА: конфлікт контрольних сум підписів у повідомленні\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "ключ %s не можна використовувати для підписування у режимі %s\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "УВАГА: підписування підключа %s не є перехресно сертифікованим\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "будь ласка, ознайомтеся з %s, щоб дізнатися більше\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr ""
 "УВАГА: підписування підключа %s містить некоректну перехресну сертифікацію\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
@@ -7238,7 +7247,7 @@ msgstr[0] "відкритий ключ %s є на %lu секунду новіш
 msgstr[1] "відкритий ключ %s є на %lu секунди новішим за підпис\n"
 msgstr[2] "відкритий ключ %s є на %lu секунд новішим за підпис\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
@@ -7246,7 +7255,7 @@ msgstr[0] "відкритий ключ %s є на %lu день новішим з
 msgstr[1] "відкритий ключ %s є на %lu дні новішим за підпис\n"
 msgstr[2] "відкритий ключ %s є на %lu днів новішим за підпис\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7262,7 +7271,7 @@ msgstr[2] ""
 "ключ %s було створено з позначкою на %lu секунду у майбутньому (часова петля "
 "або проблема з годинником)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -7277,51 +7286,51 @@ msgstr[2] ""
 "ключ %s було створено з позначкою на %lu днів у майбутньому (часова петля "
 "або проблема з годинником)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "ЗАУВАЖЕННЯ: строк дії ключа підпису %s завершився %s\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "ЗАУВАЖЕННЯ: ключ підпису %s було відкликано\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "помилковий підпис з ключа %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "окремий підпис класу 0x%02x\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr ""
 "припускаємо помилковий підпису від ключа %s через невідомий критичний біт\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "ключ %s: немає підключа для підпису відкликання підключа\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "ключ %s: немає підключа для підпису прив’язування підключа\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr ""
 "УВАГА: не вдалося виконати %%-розгортання примітки (занадто велика). "
 "Використовуємо нерозгорнутою.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
@@ -7329,7 +7338,7 @@ msgstr ""
 "УВАГА: не вдалося виконати %%-розгортання адреси правил (занадто велика). "
 "Використовуємо нерозгорнутою.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
@@ -7338,12 +7347,12 @@ msgstr ""
 "УВАГА: не вдалося виконати %%-розгортання адреси основного сервера ключів "
 "(занадто велика). Використовуємо нерозгорнутою.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s підпис від: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
@@ -7351,40 +7360,41 @@ msgstr ""
 "УВАГА: примусове використання алгоритму контрольних сум %s (%d) не "
 "відповідає параметрам отримувача\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "підписування:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "Буде використано шифрування %s\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr ""
 "ключ не було позначено як ненадійний — не можна використовувати його з "
 "фіктивним RNG!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "пропущено «%s»: дублювання\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "пропущено: закритий ключ вже існує\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr ""
 "це ключ Elgamal створений за допомогою PGP, цей ключ недостатньо безпечний "
 "для підписування!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "запис щодо довіри %lu, тип %d: помилка записування: %s\n"
@@ -7398,43 +7408,43 @@ msgstr ""
 "# Список призначених значень довіри, створено %s\n"
 "# (Скористайтеся «gpg --import-ownertrust» для їхнього відновлення)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "помилка у «%s»: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "занадто довгий рядок"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "не вистачає двокрапки"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "некоректний відбиток"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "пропущено значення довіри до власника"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "не вдалося знайти запис довіри у «%s»: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "помилка читання у «%s»: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "trustdb: помилка синхронізації: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "не вдалося створити блокування для «%s»\n"
@@ -7444,12 +7454,12 @@ msgstr "не вдалося створити блокування для «%s»\
 msgid "can't lock '%s'\n"
 msgstr "не вдалося заблокувати «%s»\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "запис trustdb %lu: помилка lseek: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "запис trustdb %lu: помилка запису (n=%d): %s\n"
@@ -7464,7 +7474,7 @@ msgstr "занадто велика операція trustdb\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: каталогу не існує!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "немає доступу до «%s»: %s\n"
@@ -7505,7 +7515,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: помилка оновлення запису версії: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: помилка читання запису версії: %s\n"
@@ -7515,52 +7525,52 @@ msgstr "%s: помилка читання запису версії: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: помилка записування запису версії: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "trustdb: помилка lseek: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "trustdb: помилка читання (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: не є файлом trustdb\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: запис версії з номером запису %lu\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: некоректна версія файла %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: помилка під час спроби читання вільного запису: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: помилка записування запису каталогу (dir): %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: не вдалося обнулити запис: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: не вдалося додати запис: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "Помилка: trustdb пошкоджено.\n"
@@ -7602,10 +7612,10 @@ msgstr "непідтримувана версія бази даних TOFU: %s\n
 msgid "TOFU DB error"
 msgstr "помилка бази даних TOFU"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "помилка під час спроби читання бази даних TOFU: %s\n"
@@ -7625,7 +7635,7 @@ msgstr "помилка під час спроби ініціалізації б
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "помилка під час спроби відкрити бази даних TOFU «%s»: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "помилка під час спроби оновлення бази даних TOFU: %s\n"
@@ -7816,17 +7826,17 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr "Типовим значенням є «невідомий».\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "Виявлено пошкодження бази даних TOFU.\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "помилка під час спроби змінити правила TOFU: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
@@ -7834,7 +7844,7 @@ msgstr[0] "%lld~рік"
 msgstr[1] "%lld~роки"
 msgstr[2] "%lld~років"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
@@ -7842,7 +7852,7 @@ msgstr[0] "%lld~місяць"
 msgstr[1] "%lld~місяці"
 msgstr[2] "%lld~місяців"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
@@ -7850,7 +7860,7 @@ msgstr[0] "%lld~тиждень"
 msgstr[1] "%lld~тижні"
 msgstr[2] "%lld~тижнів"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
@@ -7858,7 +7868,7 @@ msgstr[0] "%lld~день"
 msgstr[1] "%lld~дні"
 msgstr[2] "%lld~днів"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
@@ -7866,7 +7876,7 @@ msgstr[0] "%lld~година"
 msgstr[1] "%lld~години"
 msgstr[2] "%lld~годин"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
@@ -7874,7 +7884,7 @@ msgstr[0] "%lld~хвилина"
 msgstr[1] "%lld~хвилини"
 msgstr[2] "%lld~хвилин"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
@@ -7882,26 +7892,26 @@ msgstr[0] "%lld~секунда"
 msgstr[1] "%lld~секунди"
 msgstr[2] "%lld~секунд"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s: перевірено 0~підписів і зашифровано 0~повідомлень."
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s: перевірено 0 підписів."
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "Зашифровано 0 повідомлень."
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "(правило: %s)"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
@@ -7909,7 +7919,7 @@ msgstr ""
 "Попередження: ще не існує повідомлень, які було б підписано цим ключем та "
 "ідентифікатором користувача!\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
@@ -7917,17 +7927,17 @@ msgstr ""
 "Попередження: за допомогою цього ключа і ідентифікатора користувача "
 "підписано лише одне повідомлення!\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "Попередження: цим ключем ще не зашифровано жодного повідомлення!\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "Попередження: цим ключем було зашифровано лише одне повідомлення!\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7963,113 +7973,113 @@ msgstr[2] ""
 "  %s\n"
 "для позначення ключа як помилкового.\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "помилка під час спроби відкрити бази даних TOFU: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 "ПОПЕРЕДЖЕННЯ: шифруємо до %s, для якого не виявлено не відкликаних "
 "ідентифікаторів користувача\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "«%s» не є коректним довгим ідентифікатором ключа\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "ключ %s: прийнято як надійний ключ\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "ключ %s зустрічається у trustdb декілька разів\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "ключ %s: немає відкритого ключа для надійного ключа — пропущено\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "ключ %s позначено як ключ з необмеженою довірою\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "запис довіри %lu, тип запиту %d: помилка читання: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "запис довіри %lu не належить до вказаного типу %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "Ви можете спробувати повторно створити trustdb за допомогою команд:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr ""
 "Якщо результат буде незадовільним, будь ласка, зверніться до підручника\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr ""
 "використання невідомої моделі довіри (%d) неможливе — припускаємо модель "
 "довіри %s\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "використовуємо модель довіри %s\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "потреби у перевірці trustdb немає\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "наступну перевірку trustdb призначено на %s\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "потреби у перевірці trustdb на основі моделі довіри «%s» немає\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "потреби у оновленні trustdb на основі моделі довіри «%s» немає\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "відкритий ключ %s не знайдено: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "будь ласка, скористайтеся параметром --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "перевірка trustdb\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
@@ -8077,7 +8087,7 @@ msgstr[0] "оброблено %d ключ"
 msgstr[1] "оброблено %d ключі"
 msgstr[2] "оброблено %d ключів"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
@@ -8085,17 +8095,17 @@ msgstr[0] " (очищено %d значення чинності)\n"
 msgstr[1] " (очищено %d значення чинності)\n"
 msgstr[2] " (очищено %d значень чинності)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "не знайдено ключів з необмеженою довірою\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "не знайдено відкритий ключ ключа з необмеженою довірою %s\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
@@ -8103,28 +8113,28 @@ msgstr ""
 "глибина: %d  чинність: %3d  підписано: %3d  надійність: %d-, %dq, %dn, %dm, "
 "%df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "не вдалося оновити запис версії trustdb: помилка запису: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "не визначено"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "ніколи"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "неповна"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "повна"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "безмежна"
 
@@ -8136,39 +8146,39 @@ msgstr "безмежна"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "10"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[відклик.]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[застаріл]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[невідома]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[не визн.]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[ ніколи ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[неповна ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[ повна  ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[безмежна]"
 
@@ -8193,19 +8203,31 @@ msgstr "у рядку вхідних даних %u занадто багато 
 msgid "can't open fd %d: %s\n"
 msgstr "не вдалося відкрити fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "УВАГА: цілісність повідомлення не захищено\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "неоднозначний параметр «%s»\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "встановити прапорці діагностики"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "увімкнути повну діагностику"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "Використання: kbxutil [параметри] [файли] (-h — довідка)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8216,19 +8238,147 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||Вкажіть пінкод"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||Вкажіть код скидання коду картки"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||Вкажіть пінкод"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||Вкажіть код скидання коду картки"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|Вкажіть адміністративний пінкод"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr ""
+"|P|Будь ласка, вкажіть код розблокування пінкоду (PUK) для стандартних "
+"ключів."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Зворотний виклик пінкоду повернув повідомлення про помилку: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "Пінкод для CHV%d занадто короткий; мінімальна довжина — %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "Пінкод для CHV%d занадто короткий; мінімальна довжина — %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "ключ вже існує\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "вже створений ключ буде замінено\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "створення нового ключа\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "записування нового ключа\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "не вдалося зберегти ключ: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "відповідь не містить основи числення RSA\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "відповідь не містить відкритого показника RSA\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "відповідь не містить відкритого ключа еліптичної кривої\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "зачекайте на завершення створення ключа...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "помилка під час створення ключа\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "створення ключа завершено (за %d секунду)\n"
+msgstr[1] "створення ключа завершено (за %d секунди)\n"
+msgstr[2] "створення ключа завершено (за %d секунд)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "відповідь не містить даних відкритого ключа\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr ""
 "||Будь ласка, вкажіть пінкод для ключа, призначеного для створення якісних "
@@ -8236,63 +8386,62 @@ msgstr ""
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|Вкажіть адміністративний пінкод"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|P|Будь ласка, вкажіть код розблокування пінкоду (PUK) для стандартних "
 "ключів."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||Вкажіть пінкод для стандартних ключів."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr ""
 "Не знайдено основи числення RSA або основа числення не належить до %d-"
 "бітових\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr ""
 "Не вистачає відкритого показника RSA або розмірність показника перевищує %d "
 "бітів\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "Зворотний виклик пінкоду повернув повідомлення про помилку: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN ще не було змінено\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN ще не було змінено\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|Вкажіть новий пінкод для стандартних ключів."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr ""
 "|NP|Будь ласка, вкажіть новий код розблокування пінкоду (PUK) для "
 "стандартних ключів."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr ""
 "|N|Будь ласка, вкажіть новий пінкод для ключа, призначеного для створення "
 "якісних підписів."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8300,7 +8449,7 @@ msgstr ""
 "|NP|Будь ласка, вкажіть новий код розблокування пінкоду (PUK) для створення "
 "якісних підписів."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
@@ -8308,47 +8457,27 @@ msgstr ""
 "|P|Будь ласка, вкажіть код розблокування пінкоду (PUK) для створення якісних "
 "підписів."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "помилка під час отримання нового пінкоду: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "не вдалося зберегти відбиток: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "не вдалося зберегти дату створення: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "помилка отримання стану CHV з картки\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "відповідь не містить основи числення RSA\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "відповідь не містить відкритого показника RSA\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "відповідь не містить відкритого ключа еліптичної кривої\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "відповідь не містить даних відкритого ключа\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "помилка читання відкритого ключа: %s\n"
@@ -8356,44 +8485,44 @@ msgstr "помилка читання відкритого ключа: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "використовуємо типовий пінкод як %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr ""
 "не вдалося використати типовий пінкод як %s: %s — вимикаємо подальше типове "
 "використання\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||Будь ласка, розблокуйте картку"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "Пінкод для CHV%d занадто короткий; мінімальна довжина — %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "помилка перевірки CHV%d: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "картку заблоковано!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
@@ -8408,20 +8537,20 @@ msgstr[2] ""
 "залишилося %d спроб визначення адміністративного пінкоду перед тим, як "
 "картку буде остаточно заблоковано\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "доступ до адміністративних команд не налаштовано\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||Вкажіть пінкод"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||Вкажіть код скидання коду картки"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "Занадто короткий код скидання; мінімальна довжина — %d\n"
@@ -8429,122 +8558,79 @@ msgstr "Занадто короткий код скидання; мінімал
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|Новий код скидання"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|Новий адміністративний пінкод"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|Новий пінкод"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||Вкажіть адміністративний пінкод та новий адміністративний пінкод"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||Вкажіть пінкод та новий пінкод"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "помилка читання даних програми\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "помилка читання відбитка DO\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "ключ вже існує\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "вже створений ключ буде замінено\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "створення нового ключа\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "записування нового ключа\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "не вказано часової позначки створення\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr ""
 "Не знайдено простого числа RSA %s або число не належить до %d-бітових\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "не вдалося зберегти ключ: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "непідтримувана крива\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "зачекайте на завершення створення ключа...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "помилка під час створення ключа\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "створення ключа завершено (за %d секунду)\n"
-msgstr[1] "створення ключа завершено (за %d секунди)\n"
-msgstr[2] "створення ключа завершено (за %d секунд)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "некоректна структура картки OpenPGP (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "відбиток на картці не відповідає запитаному\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "карткою не підтримується алгоритм контрольних сум %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "вже створено підписів: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "перевірку адміністративного пінкоду заборонено цією командою\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "не вдалося отримати доступ до %s — некоректна картка OpenPGP?\n"
@@ -8556,59 +8642,63 @@ msgstr "||Вкажіть ваш пінкод за допомогою клаві
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|Початковий новий пінкод"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "запустити у режимі декількох серверів (основному режимі)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|встановити вказаний рівень діагностики"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|записувати журнал до файла"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|з’єднатися зі зчитувачем на вказаному порту"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|використовувати вказаний драйвер ct-API"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|використовувати вказаний драйвер PC/SC"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "не використовувати вбудованого драйвера CCID"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|від’єднати бездіяльну вказану кількість секунд картку"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "не використовувати додаткову клавіатуру зчитувача"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "використовувати змінну довжину вхідних даних для зчитувача"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "заборонити використання команд з адміністрування картки"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "Використання: @SCDAEMON@ [параметри] (-h — довідка)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8616,39 +8706,33 @@ msgstr ""
 "Синтаксис: scdaemon [параметри] [команди [аргументи]]\n"
 "Фонова служба карток пам’яті для @GNUPG@\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr ""
 "будь ласка, скористайтеся параметром «--daemon» для запуску програми у "
 "фоновому режимі\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "запущено запуск обробки для дескриптора %d\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "роботу обробника для дескриптора %d перервано\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "помилка під час спроби отримання даних щодо використання ключа: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "модель перевірки, запитана сертифікатом: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "ланцюжок"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "оболонка"
 
@@ -8681,7 +8765,7 @@ msgstr "Зауваження: заборонено некритичні прав
 msgid "certificate policy not allowed"
 msgstr "заборонено правила сертифікації"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "не вдалося отримати відбиток\n"
@@ -8696,7 +8780,7 @@ msgstr "пошук видавця за зовнішньою адресою\n"
 msgid "number of issuers matching: %d\n"
 msgstr "кількість відповідних видавців: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "не вдалося отримати authorityInfoAccess: %s\n"
@@ -8716,233 +8800,233 @@ msgstr "кількість відповідних сертифікатів: %d\n
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "помилка пошуку ключів лише з dirmngr: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "не вдалося розмістити дескриптор keyDB\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "сертифікат відкликано"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "стан сертифікату є невідомим"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "будь ласка, переконайтеся, що «dirmngr» встановлено належним чином\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "помилка під час перевірки CRL: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "сертифікат з некоректною чинністю: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "сертифікат ще не набув чинності"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "кореневий сертифікат ще не набув чинності"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "проміжний сертифікат ще не набув чинності"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "строк дії сертифіката завершився"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "строк дії кореневого сертифіката завершився"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "строк дії проміжного сертифіката завершився"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "не вистачає обов’язкових атрибутів сертифіката: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "сертифікат з некоректною чинністю"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "підпис не було створено під час строку дії сертифіката"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "сертифікат не було створено під час строку чинності видавця"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "проміжний сертифікат не було створено під час строку чинності видавця"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (       підпис створено "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (   сертифікат створено "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (   сертифікат чинний з "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (     видавець чинний з "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "відбиток=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "кореневий сертифікат було позначено як надійний\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "не увімкнено інтерактивне позначення надійності у gpg-agent\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "інтерактивне позначення надійності вимкнено для цього сеансу\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "УВАГА: невідомий час створення підпису — припускаємо поточний час"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "у сертифікаті не було знайдено даних щодо видавця"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "самопідписаний сертифікат має ПОМИЛКОВИЙ підпис"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "кореневий сертифікат не позначено як надійний"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "помилка перевірки списку довіри: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "занадто довгий ланцюжок сертифікації\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "не знайдено видавця сертифіката"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "сертифікат має ПОМИЛКОВИЙ підпис"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "виявлено інший можливий відповідний сертифікат служби сертифікації (CA) — "
 "повторюємо спробу"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "ланцюжок сертифікації є довшим за дозволений CA (%d)"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "сертифікат є належним\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "належний проміжний сертифікат\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "належний кореневий сертифікат\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "перемикаємося на ланцюгову модель"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "використана модель перевірки: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%u-бітовий хеш не є коректним для %u-бітового ключа %s\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "вихід за межі області пам’яті\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(це алгоритм MD2)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "немає"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[Помилка — некоректне кодування]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[Помилка — вихід за межі пам’яті]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[Помилка — немає назви]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[Помилка — некоректний DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8957,136 +9041,147 @@ msgstr ""
 "С/Н %s, ідентифікатор 0x%08lX,\n"
 "створено %s, застаріває %s.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "не вказано використання ключа — припускаємо всі можливі використання\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "помилка під час спроби отримання даних щодо використання ключа: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "сертифікат не мав використовуватися для сертифікації\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "сертифікат не мав використовуватися для підписування відповідей OCSP\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "сертифікат не мав використовуватися для шифрування\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "сертифікат не мав використовуватися для підписування\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "сертифікат непридатний для шифрування\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "сертифікат непридатний для підписування\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "шукати сертифікат"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "рядок %d: некоректний алгоритм\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr ""
 "рядок %d: некоректна довжина ключа %u (коректні значення: від %d до %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "рядок %d: не вказано назви призначення\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "рядок %d: некоректна мітка назви призначення «%.*s»\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "рядок %d: некоректна назва призначення «%s» на позиції %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "рядок %d: некоректна адреса електронної пошти\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "рядок %d: некоректний серійний номер\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "рядок %d: некоректна мітка назви видавця «%.*s»\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "рядок %d: некоректна назва видавця «%s» на позиції %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "рядок %d: вказано некоректну дату\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr ""
 "рядок %d: помилка під час спроби отримання ключа підписування за допомогою "
 "keygrip «%s»: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "рядок %d: вказано некоректний алгоритм хешування\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "рядок %d: некоректний authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "рядок %d: некоректне значення subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "рядок %d: некоректний синтаксис розширення\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "рядок %d: помилка читання ключа «%s» з картки: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr ""
 "рядок %d: помилка під час отримання ключа за допомогою keygrip «%s»: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "рядок %d: помилка створення ключа: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
@@ -9094,45 +9189,45 @@ msgstr ""
 "Щоб завершити цей запит щодо сертифікації, будь ласка, ще раз вкажіть пароль "
 "для ключа, який ви щойно створили.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) Вже записаний ключ\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) Вже записаний ключ з картки\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "Можливі дії для ключа %s:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) підписування, шифрування\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) підписування\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) шифрування\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "Вкажіть назву призначення X.509: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "Не вказано назви призначення\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "Некоректна мітка назви призначення «%.*s»\n"
@@ -9142,247 +9237,240 @@ msgstr "Некоректна мітка назви призначення «%.*s
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "Некор. назва призн. «%s»\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "Вкажіть адреси ел.пошти"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (завершіть порожнім рядком):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "Вкажіть назви DNS"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (необов’язковий; завершується порожнім рядком):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "Вкажіть адреси"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "Створити самопідписаний сертифікат? (y/N або т/Н) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "Використано ці параметри:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "помилка створення тимчасового файла: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "Створюємо самопідписаний сертифікат.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "Створюємо запит щодо сертифікації.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "Зачекайте...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "Виконано.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr ""
 "Готово. Тепер вам слід надіслати цей запит до вашої служби сертифікації "
 "(CA).\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "проблема з ресурсами: вихід за межі пам’яті\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "Дані, зашифровані за алгоритмом %s\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(це алгоритм RC2)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(здається, це не зашифроване повідомлення)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "зашифровано ключем %s, ідентифікатор %s\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "сертифіката «%s» не знайдено: %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "помилка під час блокування сховища ключів: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "вилучено дублікат сертифіката «%s»\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "сертифікат «%s» вилучено\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "помилка під час спроби вилучення сертифіката «%s»: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "не вказано коректних отримувачів\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "показати ключ зовнішніх ключів"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "показати ланцюжок сертифікації"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "імпортувати сертифікати"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "експортувати сертифікати"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "зареєструвати картку пам’яті"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "передати команду dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "виклик gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "взагалі не використовувати термінал"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "кількість сертифікатів, які слід включити"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|взяти дані щодо правил з вказаного файла"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "вважати вхідні дані даними у форматі PEM"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "вважати вхідні дані даними у форматі BASE64"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "вважати вхідні дані даними у двійковому форматі"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "створити дані, закодовані у BASE64"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr ""
 "|USER-ID|використовувати ідентифікатор користувача як типовий закритий ключ"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|додати сховище ключів до списку сховищ ключів"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "використовувати цей сервер ключів для пошуку"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "Надіслати запит щодо незнайдених сертифікатів видавця"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "використовувати вказане кодування для паролів PKCS#12"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "не використовувати САС"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "не шукати у списках відкликаних сертифікатів кореневі сертифікати"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "перевіряти чинність за допомогою OCSP"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "не перевіряти правила сертифікатів"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|використовувати вказаний алгоритм шифрування"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr ""
 "|NAME|використовувати вказаний алгоритм обчислення контрольної суми "
 "повідомлення"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "пакетний режим: нічого не запитувати"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "вважати відповіддю на більшість питань «так»"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "вважати відповіддю на більшість питань «ні»"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|записувати журнал перевірки до файла"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "Використання: @GPGSM@ [параметри] [файли] (-h — довідка)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9393,87 +9481,123 @@ msgstr ""
 "протоколу S/MIME\n"
 "Типова дія залежатиме від вхідних даних\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "ЗАУВАЖЕННЯ: не вдасться зашифрувати до «%s»: %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "невідома модель перевірки «%s»\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: не вказано назви вузла\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: вказано пароль, але не вказано користувача\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: пропускаємо цей рядок\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "не вдалося обробити сервер ключів\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "імпортуємо загальні сертифікати «%s»\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "підписування за допомогою «%s» неможливе: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "некоректна команда (немає неявної команди)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "загалом оброблено: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "помилка під час спроби збереження сертифіката\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "помилка під час основних перевірок сертифіката — не імпортовано\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "помилка під час спроби отримання збережених прапорців: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "помилка під час спроби імпортування сертифіката: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "помилка під час спроби читання вхідних даних: %s\n"
+
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "у цьому сеансі не запущено dirmngr\n"
+
+#: sm/keydb.c:595
 #, c-format
-msgid "error reading input: %s\n"
-msgstr "помилка під час спроби читання вхідних даних: %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "помилка під час спроби відкрити базу даних ключів: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "проблем з пошуком вже створеного сертифіката: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "помилка під час спроби знайти придатну до запису keyDB: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "помилка під час спроби збереження сертифіката: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "проблема з повторним пошуком сертифіката: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "помилка під час спроби збереження позначок: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "Помилка - "
 
@@ -9483,17 +9607,17 @@ msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr ""
 "GPG_TTY не встановлено — можливе використання підробного типового значення\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "некоректне форматування відбитка у «%s», рядок %d\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "некоректний код країни у «%s», рядок %d\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9509,7 +9633,7 @@ msgstr ""
 "\n"
 "%s%sВи справді хочете це зробити?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
@@ -9518,7 +9642,7 @@ msgstr ""
 "Зауважте, що це програмне забезпечення не є офіційно схваленим для створення "
 "або перевірки таких підписів.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9529,40 +9653,46 @@ msgstr ""
 "«%s»\n"
 "Зауважте, що цей сертифікат НЕ створюватиме якісного підпису!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr ""
 "підтримки алгоритму хешування %d (%s) для підписувальника %d не передбачено; "
 "використовуємо %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "алгоритм хешування, використаний для підписувача %d: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "помилка перевірки якості сертифікатів: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "Підпис створено %s ключем %s з ідентифікатором %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "Підпис створено "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[дату не вказано]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "алгоритм: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
@@ -9570,17 +9700,17 @@ msgstr ""
 "некоректний підпис: атрибут контрольної суми повідомлення не збігається з "
 "обчисленою сумою\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "Правильний підпис від"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                або"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "Це якісний підпис\n"
@@ -9605,100 +9735,100 @@ msgstr "не вдалося заблокувати для запису кеш с
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "не вдалося зняти блокування з кешу сертифікатів: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "викидання %u сертифікатів з кешу\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "не вдалося обробити сертифікат «%s»: %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "сертифікат «%s» вже кешовано\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "надійний сертифікат «%s» завантажено\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "сертифікат «%s» завантажено\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  відбиток SHA1 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   видавець ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  призначення ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "помилка під час спроби завантаження сертифіката «%s»: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "остаточно завантажені сертифікати: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    динамічно кешовані сертифікати: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           довірені сертифікати: %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "сертифікат вже кешовано\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "сертифікат кешовано\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "помилка під час спроби кешування сертифіката: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "некоректний рядок відбитка SHA1 «%s»\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "помилка під час спроби отримання сертифіката за серійним номером: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "помилка під час спроби отримання сертифіката за призначенням: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "у сертифікаті не виявлено запису видавця\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "помилка під час спроби отримання authorityKeyIdentifier: %s\n"
@@ -10228,57 +10358,57 @@ msgstr "Доступ до CRL неможливий через увімкнени
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "пошук сертифікатів неможливий через вимкнений %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "використовувати OCSP замість CRL"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "перевірити, чи запущено dirmngr"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "додати сертифікат до кешу"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "перевірити сертифікат"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "шукати сертифікат"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "шукати лише локально збережені сертифікати"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "очікувати адресу для --lookup"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "завантажити CRL до dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "особливий режим для використання Squid"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "сертифікати мало бути вказано у форматі PEM"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "примусово використовувати типовий відповідач OCSP"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr ""
 "Використання: dirmngr-client [параметри] [файл_сертифіката|шаблон] (-h — "
 "довідка)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10290,215 +10420,211 @@ msgstr ""
 "Процес повертає 0, якщо сертифікат є коректним, 1 якщо він не є\n"
 "коректним, інші коди для загальних помилок.\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "помилка під час спроби читання сертифіката з stdin: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "помилка під час спроби читання сертифіката з «%s»: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "сертифікат занадто великий для використання\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "не вдалося встановити з’єднання з dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "помилка пошуку: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "спроба завантаження CRL «%s» завершилася невдало: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "фонову службу dirmngr запущено\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "не вдалося перевірити сертифікат: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "сертифікат є коректним\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "сертифікат відкликано\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "помилка під час перевірки сертифіката: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "отримано стан: «%s»\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "помилка під час спроби запису у кодуванні base64: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "непідтримуваний запит «%s»\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "мало бути вказано абсолютний шлях до файла\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "пошук «%s»\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "показати вміст кешу CRL"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|завантажити CRL з вказаного файла до кешу"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|отримати CRL з вказаної адреси"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "завершити роботу dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "спорожнити кеш"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "дозволити інтерактивну перевірку версії програмного забезпечення"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|повертати не більше за вказану кількість записів на запит"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "маршрутизувати увесь обмін даними з мережею через Tor"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "Налаштування для серверів ключів"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|використовувати сервер ключів за адресою"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|використовувати сертифікати CA з файла для HKP крізь TLS"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "Налаштування для серверів HTTP"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "заборонити використання HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "ігнорувати точки поширення САС протоколу HTTP"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|переспрямувати всі запити HTTP на вказану адресу"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "використовувати загальносистемний проксі-сервер HTTP"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "Налаштування використання серверів LDAP"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "заборонити використання LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "ігнорувати точки поширення САС протоколу LDAP"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|використовувати вказаний вузол для запитів LDAP"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "не використовувати резервні вузли з --ldap-proxy"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "використовувати цей сервер ключів для пошуку"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|прочитати список серверів LDAP з вказаного файла"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "додати виявлені у точках поширення CRL нові сервери до списку серверів"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|встановити вказаний час очікування даних від LDAP"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "Налаштування OCSP"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "дозволити надсилання запитів OCSP"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "ігнорувати адреси служб OCSP з сертифікатами"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|використовувати відповідач OCSP за вказаною адресою"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|відповідь OCSP підписано FPR"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "примусове завантаження застарілих САС"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10508,11 +10634,11 @@ msgstr ""
 "(Щоб ознайомитися зі списком команд і параметрів, скористайтеся сторінкою "
 "довідника (man) «info»)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "Використання: @DIRMNGR@ [параметри] (-h — довідка)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10520,115 +10646,298 @@ msgstr ""
 "Синтаксис: @DIRMNGR@ [параметри] [команда [аргументи]]\n"
 "Доступ до сервера ключів, CRL та OCSP для @GNUPG@\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "коректними рівнями зневаджування є: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "використання: %s [параметри]"
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "не можна використовувати двокрапки у назві сокета\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "помилка під час спроби отримання CRL з «%s»: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "помилка під час обробки CRL з «%s»: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: занадто довгий рядок — пропущено\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: виявлено некоректний відбиток\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: помилка під час читання: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: беззмістовні дані наприкінці рядка проігноровано\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr ""
 "отримано сигнал SIGHUP — повторне читання налаштувань та спорожнення кешу\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "отримано сигнал SIGUSR2 — дій не визначено\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "отримано сигнал SIGTERM — завершуємо роботу…\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "отримано сигнал SIGTERM — підтримується %d активних з’єднань\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "примусове завершення роботи\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "отримано сигнал SIGINT — негайне завершення роботи\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "отримано сигнал %d — дій не визначено\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "повернути всі значення у форматі записів"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr ""
+"|NAME|ігнорувати частину вузла і встановити з’єднання за вказаною назвою"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|встановити з’єднання з вузлом за вказаною назвою"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|встановити з’єднання на вказаному порті"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|використовувати вказаного користувача для розпізнавання"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|використовувати вказаний пароль для розпізнавання"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "визначити пароль за $DIRMNGR_LDAP_PASS"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|надіслати запит до DN щодо вказаного рядка"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|використовувати вказаний рядок для фільтрування"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|повернути атрибут за вказаним рядком"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "Використання: dirmngr_ldap [параметри] [адреса] (-h — довідка)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"Синтаксис: dirmngr_ldap [параметри] [адреса]\n"
+"Вбудований допоміжний інструмент LDAP для Dirmngr\n"
+"Інтерфейс і параметри можуть змінюватися без додаткового оголошення\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "некоректний номер порту %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "сканування результату для атрибуту «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "помилка під час спроби запису до stdout: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          доступний атрибут «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "атрибут «%s» не знайдено\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "знайдено атрибут «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "обробка адреси «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          користувач «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          прохід «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          вузол «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          порт %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        фільтр «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          атрибут «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "у «%s» немає назви вузла\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "не вказано атрибута для запису «%s»\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "УВАГА: використано буде лише перший атрибут\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "помилка ініціалізації LDAP «%s:%d»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "помилка ініціалізації LDAP «%s:%d»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "помилка ініціалізації LDAP «%s:%d»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "спроба прив’язування до «%s:%d» зазнала невдачі: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "помилка під час спроби пошуку «%s»: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "«%s» не є адресою LDAP\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "«%s» є некоректною адресою LDAP\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "помилка під час спроби доступу до «%s»: стан http %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "Адресу «%s» переспрямовано до «%s» (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "занадто багато переспрямувань\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to '%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "записуємо до «%s»\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "помилка під час спроби виводу рядка журналу: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "помилка під час спроби читання журналу з обгортки LDAP %d: %s\n"
@@ -10658,51 +10967,31 @@ msgstr "очікування даних з обгортки LDAP %d зазнал
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "обгортка LDAP %d не відповідає — завершуємо роботу\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "некоректний символ 0x%02x у назві вузла — не додано\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "додавання «%s:%d» до списку сервера LDAP\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "помилка malloc: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "«%s» не є адресою LDAP\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "«%s» є некоректною адресою LDAP\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: некоректний шаблон «%s»\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search перевищив обмеження розміру сервера\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: вказано пароль, але не вказано користувача\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: пропускаємо цей рядок\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10788,91 +11077,91 @@ msgstr "спроба хешування відповіді OCSP для «%s» з
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "не підписано типовим сертифікатом підписувальника OCSP"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "спроба розміщення пункту списку у пам’яті зазнала невдачі: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "помилка під час спроби отримання ідентифікатора відповідача: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "не виявлено придатного сертифіката для перевірки відповіді за OCSP\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "не виявлено сертифіката видавця: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "викликаною підпрограмою не повернуто сертифіката призначення\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "викликаною підпрограмою не повернуто сертифіката видавця\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "не вдалося розмістити контекст OCSP: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "не визначено типового відповідача за OCSP\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "не визначено типового підписувача за OCSP\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "використовуємо типовий відповідач за OCSP «%s»\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "використовуємо відповідач за OCSP «%s»\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "помилка під час отримання стану OCSP для сертифіката призначення: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "стан сертифіката: %s  (цей=%s  наступний=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "придатний"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "сертифікат було відкликано: %s причина: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "Відповідачем OCSP повернуто стан у майбутньому\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "Відповідачем OCSP повернуто не поточний стан\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "Відповідачем OCSP повернуто занадто застарілі дані щодо стану\n"
@@ -10882,67 +11171,71 @@ msgstr "Відповідачем OCSP повернуто занадто заст
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "помилка assuan_inquire(%s): %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "не вказано ldapserver"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "у ідентифікаторі сертифіката немає серійного номера"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "помилка assuan_inquire: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "помилка fetch_cert_by_url: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "помилка під час спроби надсилання даних: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "помилка start_cert_fetch: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "помилка fetch_next_cert: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "перевищено max_replies у %d\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "не вдалося розмістити структуру керування: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "не вдалося розмістити контекст assuan: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "не вдалося ініціалізувати сервер: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "не вдалося зареєструвати команди за допомогою Assuan: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "проблема з прийняттям Assuan: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "помилка обробки за допомогою Assuan: %s\n"
@@ -10986,51 +11279,57 @@ msgstr "коректний ланцюжок сертифікації\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "сертифікат не мав використовуватися для підписування CRL\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "без повідомлень"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "вивести дані у шістнадцятковому форматі"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "декодувати отримані рядки даних"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "з’єднатися з dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "з’єднатися з dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|встановити з’єднання з вказаним сокетом Assuan"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|встановити з’єднання з сервером Assuan за вказаною адресою"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "запустити сервер Assuan, вказаний у командному рядку"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "не використовувати розширений режим з’єднання"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|виконати команди з вказаного файла під час запуску"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "виконати /subst під час запуску"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "Використання: @GPG@-connect-agent [параметри] (-h — довідка)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -11038,177 +11337,193 @@ msgstr ""
 "Синтаксис: @GPG@-connect-agent [параметри]\n"
 "Встановити з’єднання з запущеним агентом і надіслати команди\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr ""
 "щоб скористатися параметром «%s», слід вказати програму та додаткові "
 "аргументи\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "параметр «%s» проігноровано через «%s»\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "помилка під час спроби отримання рядка: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "рядок є надто довгим, його пропущено\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "рядок скорочено через вбудований символ Nul\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "невідома команда «%s»\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "помилка надсилання рядка: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no dirmngr running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "у цьому сеансі не запущено dirmngr\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "помилка під час спроби надсилання стандартних параметрів: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "відкритий ключ — %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "Закриті ключі"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "Картки пам’яті"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "Мережа"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "Введення пароля"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "Компонент не є придатним до запуску"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "Помилка зовнішньої перевірки компонента %s"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "Скористайтеся спочатку командою «toggle».\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "Помилка зовнішньої перевірки компонента %s"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "Зауважте, що специфікації груп буде проігноровано\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "помилка під час спроби закрити «%s»\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "помилка під час спроби обробити «%s»'\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "показати список всіх компонентів"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "перевірити всі програми"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|показати список параметрів"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|змінити параметри"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|перевірити параметри"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "застосувати загальні типові значення"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|оновити файли налаштувань на основі файла ФАЙЛ"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "отримати назви каталогів налаштувань для @GPGCONF@"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "показати загальний файл налаштувань"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "перевірити загальний файл налаштувань"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "надіслати запит до бази даних версій програмного забезпечення"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "перезавантажити всі або вказаний компонент"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "запустити вказаний компонент"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "завершити роботу вказаного компонента"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "використати файл для виведення даних"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "якщо можна, задіяти зміни у динамічному режимі"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "Використання: @GPGCONF@ [параметри] (-h — довідка)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11216,15 +11531,15 @@ msgstr ""
 "Синтаксис: @GPGCONF@ [параметри]\n"
 "Керування параметрами налаштування інструментів системи @GNUPG@\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "Слід вказати один аргумент компонента"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "Компонент не знайдено"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "Не можна вказувати аргументів"
 
@@ -11241,152 +11556,239 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
 "Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr ""
-#~ "примусове використання симетричного шифру %s (%d) не відповідає "
-#~ "параметрам отримувача\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "ЗАУВАЖЕННЯ: ключі вже збережено на картці!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "помилка під час спроби запису до тимчасового файла: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "ЗАУВАЖЕННЯ: ключі вже збережено на картці!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "використовувати файл журналу для сервера"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "Замірити вже створені ключі? (y/N або т/Н) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|записувати журнал режиму сервера до файла"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "Виявлено картку OpenPGP з номером %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "запустити без запиту до користувача"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "дозволити пошук PKA (запити до DNS)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "Параметри керування форматом виведення"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "Параметри керування використанням Tor"
+#: tools/gpg-card.c:3668
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "додати сертифікат до кешу"
 
-#~ msgid "LDAP server list"
-#~ msgstr "список серверів LDAP"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "налаштування KDF для розпізнавання за PIN"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "додати сертифікат до кешу"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "додати сертифікат до кешу"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
+
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "надсилаємо запит щодо ключа %s до %s сервера %s\n"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: не вказано назви вузла\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "змінити пароль"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "не вдалося обробити сервер ключів\n"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "виявлено картку з серійним номером: %s\n"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "повернути всі значення у форматі записів"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "на карті немає ключа розпізнавання для SSH: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
+#~ msgid "Please remove the current card and insert the one with serial number"
 #~ msgstr ""
-#~ "|NAME|ігнорувати частину вузла і встановити з’єднання за вказаною назвою"
+#~ "Будь ласка, вийміть поточну картку і вставте картку з серійним номером"
+
+#~ msgid "use a log file for the server"
+#~ msgstr "використовувати файл журналу для сервера"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|встановити з’єднання з вузлом за вказаною назвою"
+#, fuzzy
+#~| msgid "connection to agent established\n"
+#~ msgid "connection to %s established\n"
+#~ msgstr "встановлено з’єднання з агентом\n"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|встановити з’єднання на вказаному порті"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "не запущено gpg-agent — запускаємо «%s»\n"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|використовувати вказаного користувача для розпізнавання"
+#~ msgid "argument not expected"
+#~ msgstr "неочікуваний аргумент"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|використовувати вказаний пароль для розпізнавання"
+#~ msgid "read error"
+#~ msgstr "помилка читання"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "визначити пароль за $DIRMNGR_LDAP_PASS"
+#~ msgid "keyword too long"
+#~ msgstr "занадто довге ключове слово"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|надіслати запит до DN щодо вказаного рядка"
+#~ msgid "missing argument"
+#~ msgstr "не вистачає аргументу"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|використовувати вказаний рядок для фільтрування"
+#~ msgid "invalid argument"
+#~ msgstr "некоректний аргумент"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|повернути атрибут за вказаним рядком"
+#~ msgid "invalid command"
+#~ msgstr "некоректна команда"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "Використання: dirmngr_ldap [параметри] [адреса] (-h — довідка)\n"
+#~ msgid "invalid alias definition"
+#~ msgstr "некоректне визначення замінника"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "Синтаксис: dirmngr_ldap [параметри] [адреса]\n"
-#~ "Вбудований допоміжний інструмент LDAP для Dirmngr\n"
-#~ "Інтерфейс і параметри можуть змінюватися без додаткового оголошення\n"
+#~ msgid "out of core"
+#~ msgstr "вихід за межі області пам’яті"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "некоректна команда"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "невідома команда «%s»\n"
+
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "неочікуваний формат ASCII: "
+
+#~ msgid "invalid option"
+#~ msgstr "некоректний параметр"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "не вказано аргументу до параметра «%.50s»\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "для параметра «%.50s» аргументи не потрібно вказувати\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "некоректний номер порту %d\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "некоректна команда «%.50s»\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "сканування результату для атрибуту «%s»\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "параметр «%.50s» є неоднозначним\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "команда «%.50s» є неоднозначною\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "помилка під час спроби запису до stdout: %s\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "некоректний параметр «%.50s»\n"
+
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "ЗАУВАЖЕННЯ: не виявлено файла типових параметрів «%s»\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          доступний атрибут «%s»\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "файл параметрів «%s»: %s\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "атрибут «%s» не знайдено\n"
+#, fuzzy
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "не можна використовувати %s у режимі %s\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "знайдено атрибут «%s»\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "не вдалося виконати програму «%s»: %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "обробка адреси «%s»\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "не вдалося виконати зовнішню програму\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          користувач «%s»\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "не вдалося прочитати відповідь зовнішньої програми: %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          прохід «%s»\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "перевірити підписи за допомогою даних PKA"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          вузол «%s»\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "підняти рівень довіри до підписів з коректними даними PKA"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          порт %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC та ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN «%s»\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr ""
+#~ "брати до уваги запис PKA, встановлений у ключі під час отримання ключів"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        фільтр «%s»\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "Зауваження: перевіреною адресою автора підпису є «%s»\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          атрибут «%s»\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr ""
+#~ "Зауваження: адреса автора підпису «%s» не збігається з записом DNS\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "у «%s» немає назви вузла\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "рівень довіри змінено на FULL (повна) через коректність даних PKA\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "не вказано атрибута для запису «%s»\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "рівень довіри змінено на NEVER (ніколи) через помилки у даних PKA\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "УВАГА: використано буде лише перший атрибут\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|записувати журнал режиму сервера до файла"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "помилка ініціалізації LDAP «%s:%d»: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "запустити без запиту до користувача"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "спроба прив’язування до «%s:%d» зазнала невдачі: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "дозволити пошук PKA (запити до DNS)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "помилка під час спроби пошуку «%s»: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "Параметри керування форматом виведення"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: некоректний шаблон «%s»\n"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "Параметри керування використанням Tor"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "не вказано ldapserver"
+#~ msgid "LDAP server list"
+#~ msgstr "список серверів LDAP"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "ЗАУВАЖЕННЯ: застарілий файл типових параметрів «%s» проігноровано\n"
@@ -11442,8 +11844,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "не вдалося відкрити %s для запису: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "помилка читання з %s: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "помилка під час запису до %s: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "помилка під час спроби закрити %s: %s\n"
@@ -11505,12 +11907,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " використовуємо ідентифікатор сертифіката 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "не можна використовувати %s у режимі %s\n"
-
 #~ msgid "male"
 #~ msgstr "чоловіча"
 
@@ -11564,12 +11960,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "для відповідей за OCSP передбачено підтримку лише SHA-1\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "очікування на працездатність dirmngr… (%d с)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "встановлено з’єднання з dirmngr\n"
-
 #~ msgid "Warning: '%s' should be a long key ID or a fingerprint\n"
 #~ msgstr ""
 #~ "Попередження: «%s» має бути довгим ідентифікатором ключа або відбитком\n"
diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo
index b535c96d7ddefb9d2b455a507aa84fb05d00cf03..a3505d36cc34fb5c15e1ea15a06819b96fb346ca 100644
GIT binary patch
delta 56142
zcmZ792mH-t<M{vc`Ph5!;@Bgy_ueBE64@F^Xrdw~lp=*fl%muf(hw=6NN7?@Bn?HW
zlt?8~|JUnWSHEBX-+6q`{k*R0eeLx=xx0PeT9R+t_I#-?3TIuA;IlesB5@v0?wCkC
zm?x1qILp*TqS}T;q83)i=GYH&W{?L<5MQz}k$4-|VG*3NDUm3N4`3O52Fu~j82=7!
zC(EmeMA1Ydl}HjWp&{18-r+&wF04rW;TV4n&m;a(^p}{PZ*wA1nDh!rg^7k}zHV3t
zN22vE!p8V+jAwZ*k?27CiADr2<iRBDimT9!r_c&(z8)%Ui%d*n2s-l7(P>zU_`_(!
z>!Ke<e@15{&z3}@5>`U<b=4Gs5d;e1bi4o;U=`eo&cIQufqAzk5~Z<mv^VA@J{HU4
zZP6uIjQDF<4nIcoox<}m<Bd>XIZRn$Hv+}+YAlG8F(2L+(;q>5{31Gn-Dm@+;`7|w
zLWj$v^>x9TcqKYxbJ6lk&~`RpdHi4-^KV5bNw8qfH-i<Ut)iEs72J%~aUQw^n=pwV
zp%tG(>&de{SOuN>w%8d5pnK&Bv|}%AXa22tYfSh8UGpE%^nYUdc{>t`7R0MzCA=El
z-Luf8`(N}GbOztS%J><U#f+VaL~cw*FF<FYQHsFD1o~rVT!9Vo7j#oqc`Hn98?-|s
z(GlK>R<IN+;8wI_htYhwIFs&~D(LfGI2donJ8=)1Kh^J@M4}CW$yfz9qXiD51#-O0
zk;JRf<MawTh2Nty^%pwDh29HGPy^Fbjy@j{y$+p;JMj`+jtnG~I7PsU3%s95<i|E>
z1s9{cbrd?%8POHkl=wSX4YTeFBdLWoiTB2;m_nE6X|%p==l~C*doIgvXNvVNMZlgl
zLJRc8B;J5_-~nuhFJMdj6}=zoeh`-88mv$JPPCp^&>7r^?twFC!^scBKsux8*I)(D
z{~Q7p@kO-fpI{RIM%S|3o-may(0H#HABUcT=~xgSL1$z&y0&}KB{+j#%>_OR?NmfN
z+8I-391#=ljjlqc{B5+sA7gsXkHcQ6ijHU$I?_34Jujjc&OUVW{(-fz(B9B+TTI_G
z=q8@Lm-#otLnPRvo#<M9i%$7JXb0MT64HmF4c>w__z2qI7Oak6q2+V$izCG*#5<!i
zbqCt<Md%W|zK{90z!4IX_&4Uoa{HMstck{3pgr!2#qcW3gSTNFoPl=q<><%gW;}uJ
zp|YQb0k*&c#0R2F)+j~HHSdg8bR9OpW!MAvVi&CV8D}~pkr;z^Xu`qZbhIOL(HUHV
zZE+Khz;ieUulhWZ*ny|e8Q=6pB9R?aKN7HqC($V>_$3WtBlI-1!E!hVi{NC;hI6qW
zF2oM_GuFcTUxk4T#|w!+fL(DbUV?cJg^OtrUf}t^n}9R07E9x2Xor4BM_Tmj&~SNl
z${Jz`?1VXR2<FETSOLeQ`4*v@a3y*wwjm8Bj$t`0`Hg!a#RehZ)D1;DFa?X^Vswh0
z!z%a^TH!$~j=!Tbl<#opP<5<Nye-<X@#s?Cj?T=BSOdSpikRmJCxiAAwF#8Rw&+Y;
ziB8?Ucph#<3+%(3cor*R)^Ed7RY#YmKAPSc^Whk@;oHywu0ZSCi4Nc}rqBOb0!~@-
zyI@^(1nsajc0)%p3!CBV=qWgZRj}aE&_H8!=`KTO=4N!p=AtvY3hl`2*aW{g%KW=_
zCB6?Ct3=zNJsf~mbOXBP_hD{)3Z0P`&<=cz)$nYLSNb8$;6<2~^xM!5q%bGWN85e$
z2j;&qfz>3qI}c+cZ1`iCx-r<6_`}!+4`OFL|5#Y-tFbBZ#aIVF!WNkIr$nMVwng*b
zk8SW1Y=tF$4x90^6oHl`Ov6sN1-*E391lxS0=p0|hc$5&I`s?CseA?t;5(QP55)LU
ztU&xU=EgF=gr%#3mLHCVF*T8ZQ!@*l(xq4kx5W&5(T0wqn=HqPkiQJpB3=jGbVJao
zosLy;HoC^^&?Wi_FT|oJ!zpNwZ2DAU9DzDKn2ToIijMRsx_OHI8umbKH2orUM7LmJ
zoQ@4~Av%Efun7KwB{A!%u&K|-?8Glb_f$h%<@xVLz^VER7h$>I!j!*)rf2*fHdiHd
zq&=`G-iRIXZmf&%qf`42dJ2mD5$==v=s<d+GdT*KnY*!w=YI<UFP@Ll29Ki!3ZD+U
zz9!mW2P}t|<1)MzZLsv8VMKM%8R;J5Lt}grmLmOrw4D`L61QQh9f5-ctf<_Xu$dZS
zA>tjeIQGNJI1Y2*d~}MJU<rHy9r0V3#Bb4ZInIWTl||RS8M;K*-~hbuEb~8vz)=zg
zVduZX3_OYbiSI<yljlN#+c69A{n3M%B>ok8{xkj#4c0)@JE0vOiFWilbno1anfSop
z%)cX9K!P){67%Eh=nU+_()bmY!LwKjOZ*e^*G0>BMn^mlo!T4mJiHgJXGM%}jL-L>
z_56||U<0`m8R;pij8=Fl=D|^T0p5&v<1)M)t7T-QU(?etNqjbX?4CvQ??pFfMrKB$
z4R*!`cn>zi&FE63P7`nsoR=jd!R412icPUw){OLKyb~SC(`bcnVoS`OEh9bUUC?8B
z19~4khIZsVY=Nh+9M;XAkv`tN(EPU`15YKMB4CfVpvUMKR=~13LdLded>p#Q^ROXq
z#CrG(+OdlKsf0^(4O-t_=+v)42e2*1zd}cT603Uti}Sn6<JAglU>~fFQ_zN=Lr3;u
zO#cVXS37q`dUFlH^NC-9j`R+!j>|BK?_hcS5i4W9JmGnLJfHRxg9((yNtnck(TtnW
zy>STLy?>#bt7zVg^j%*I9bt3y-O&S+I3JzKm(Vr;4!v2=%NLfWJzD>@n956F9syq-
zkD;&2)#x!>gJygQ-QAyIK|G0W(k%JICM|)Eydpk^?Xe?%9j#U%BXK?PahSv}(HTt?
z%t)nwonBZlRPY+QxxT=zcwV6pAAxO%KN;gkun+Nyg)`Ex(}`%g^*9wzp_^|)k+4_R
zVo&1VV_$4il#%28MN?rd@)yfUccckk$%D7h5!Ean)~-9cX~v;Fe*n{)7G3LO=oA+(
z5uUfiuZdra?B_(!l3|bZEtQcNNcv4^{ku~H++@em3#f4Eu*TKUwQY+oQ6DUT!_e34
z^_T~5Mfb#A=pK43KHrR<h8<`}zebN;{xTWqAF0jJn=y4A0gux}w8Cf6&9edR(2tnD
zTF(n3t%1(OrD(;spaXa^#&^c}ujt+>etuZ<7U-TCjIHqo<asKwhJd?#A3D;L=w|x|
z9dYrp!76BaBedr|Fo}K9^F0AQh7U&9pm+Ul^yPB^oq=5C!hjlK(p@l=!0oKj9cV>=
zCs{KrQ$DO^h3F+{N2j18Sd5PF)963wy-~SBNbig8jY;VJ@)UaKZ$vx#G1jL2#7P4F
z0;*6ktYM$%jp&rkL)Z8z^mx98&dfG+#y&#xeTC)m6uNZ9D+Oz!<=deR4@6&bw_?hQ
z?jhh0heha!o<V#3VNCxPa}oa&9buNrVQTB6o3RzTXF8*s@K$thEJBy+P4uPp9*)5(
zRl@OounOnj2j7u!54NqEk?4i*;5T?)wT#3BOjOTEjE0GL5q^!{co)_P@$uN6_*V4Z
z$aX=v&@M(tJQ$NW2_4uHY=dhqNM$725;#eMS7n2m8Hua#8XSSU(2+H)752hN^zFC+
zU9#Qij3h1$r>G8k>_(t(!D;B`TZPWZr&u4e)ebY&G)2JU*B`xD?#C|pDthN<s}nZe
z`RJN9L1(Hby4L&9AEkeyySr@NknbXNvku2gaWc9zA7VND1-D?TV7;*RAL2D697cQG
zvwkRWJGwWPpr_+`wBh$+{AY9%=4lZ2PDw08ycL@N60C+}(GD&|U)$S4dMfcd0UIpW
zFuYcKqQ~Y|bZM5O1&&}#EZHb{8M*}X(W%{z)^oz=8Hq%)aae*OO~M5=16`Vx(d}5$
z^M8myk_Ttf37q?;A!7q{DK0@rvKY;`9@7^Vx@S(Jo3U!MFo1E`i1=dkG<|^XncvZT
zb()76n~0@6|928_O&&u>`WiaY6KH|jEi%%71UmuE|2E!;T^VL8d==fKXVG%CT7^?^
zE!yx)Xh)Bud!SP5aD}(Wlv6g6Kx<rx9q<!ugJs%;_xK=mil0Cm+J!cpXd7Out<ht5
ze{?^ZuR^=9sV_xmVjA|r71#{_YRCC+PM~r7(1DxKDPN18hQH94ON|a8y$7}<z7X9T
zpW;j`(=n8P3SF8bXud?Ju$S7S_rus2UxN<(vrefnlH8rc)OW@1JeZ75<=fZ-b94za
z(g9tPyU>olhkdbF*KiE4MLRwh(@TlY#0hkUDs~I?j74YgxfB6!w4cx(H@zrin2g>F
zo6%$QEBd1|**zou2NoBhBbbgpe-S+mUq%b|2y5OJy&oo^?|?_}N?eDdFjcZ=M&cF%
zQ_-HD!2wwF;*7+8j?vxd+7Ig$)^Ij@v%QFp=m0tsm3oIY9g9tfufPQVcL?q1*L}h!
zFLY@}`p*yRViw>3jR~AjhUPdOFURfpIXdFyeZx<yU1$e?!-`n-vM|LL;cVhl(2nHk
z7s_3VE@29tna${F_&LU_^>=S^o-QX)g$I+dJT6Cf>vnW%e?*s}<mKVD+Y<{CAA+v&
zbvP8CKrfig0paafHd;N}Ale$Mk*}L^&+|?3!4xb+d?psfN6_8;0($qqi@xU%p&j@Q
z{e_c#VEDmO2y+oHiFvUCny)sRuMOtGi_n)=KTJ6_cN1_*UqRRIAUf5>28CVP89lc%
z&?!BD=@}UuHd#;fhMbOWwq@v^*^Z9%1bXq59uhWTQ_N4i_Yls%BOOkHJ)VI1a5}cf
zdFW=_i;m!2e4cY?xEG3JlJutN00yAPZwk5;tD|qBza0;woAGQ+uQ4nYdeUiFXrM1T
z<-^b(PeM26!|2|41(SFHZQv|=L6sODW}q3G-VZ&_H=*U%qp$Oiu@oLdk7M@K6=5pN
zp;Olv9l>pAM^>N}ZbLWQmuN={Um2FD0lJnW&^@vc9qDS!j@!_Iyn{CQJ!WF&Rbi=9
z*$B9nt<VZ?MyF^N+K~<D8h(eaX~C;Qyan3O)oA(2=v(ha^z?j>9>)SB!j0J<9neyA
z02`6=sl-77PT{YZ#Ns2vh#R9l?t@O@7<7}(LXYLsXa_z<%m0WroPSi9sRn3=N1}V|
zLA2Zo^i=Fk%lZ2@X7~f0fxOp*hAN;vZ5<tso|frogX_={?TgP(qBBu+bl6MXurTqy
z=%yZp&2a+yPI(clc>a$Q@TMz%ZD_bHdX9%+5=Wt%W+pl#%ds53itder=)G_n?NHt^
zp`%sN=l#(cycsR`06LQ|V#)`*3Al-VLU-x;W5bj+#OlPmp*Q5s=nOrA-VbZgj(vk}
zvU6A;&l?x^!X?;-_}$n9-$G|7<GQd!jj!YUyV*vQ;3iv)PWc<?S{}x1nEU!LvVv#_
zFF;4!KH3i*(Y0uY?m<WT1lr*@Fp2xI8UBgRWP=+x|7PrQL&!KbIz74=UBl<md~cwe
z=WDc~U(vmg@5Yc`2i=ry(HZNH&PWO!=vs71zD6&szkOg2E8G;Os0liiH=xIFE;?ne
zp;LYe-Aq+(4tu5nx|xPzTU>(9<QM31%rQRH-wN&6rO|8A`zAGwfIWK}?eQnkb7)1C
zCWK?u1MTsx=q7s<?dU7$i1wj-=~wh6Q)psX%Jb0~YmLs>CFs<TM#`lU(+PO9EsgF$
z8_IS|xcjT4YuhV24z1u`bT2%K&djUm2!BR9nC;dOPevP~9qoyBXf&4a{XdC-6+Vbw
z5UbJ6_bED}f6$She_QBS3-o3ihK^_@x(BwQ9r+gRSjkD@^wdE&^#F8cCSy*#2dmM3
zVjcm{|3-8vj-VYVIyoH6W@yJoqsQ?f^sTrRt@wNNV#;%S=x7VH0|U_|y$PMchcSsS
zqc`JzOxaM@DWO0Obn4roQ#b;hfvM<TSc-PwEp+poL>nr>DRL9nMqkq%(JS{7^z>Yf
zF3l~N7w4emmZUiU9;<aE*wDvl11HfQpLa)Ss3|()A!vtZL|3C7-h<}<9bJMVQ^U-3
z#3b>N=n~$8w)ZqTqdTY4kjLZ{30^1{Obb10jdrLXx-{d_0?W|N`hI+#m>%{{S#-u4
zqaE#y?upyb1|P*FZbqm63$#PIQ+I}QUL7sa58VT|p=-Ai?Z5|U#b?nquXtC;*Ad;k
zH%IS7JMuqtX11bBbp+l0xo3p?qzXFIsX+vsx*2GJ<!D1Y(T0zsYhU{AFoO1I16QH>
zQ|JhnqxrVQ_%U<<dG84wsE@9Be@x=_$lgdL<`HmnJc+LDCiKcY6ywEahIn(d!Rydt
z_aIu~vuL^Pn8Y8^nan#Y<g1M?ZC7-}gQIt2`rrRqLm<h6U1){J(J9VxZzxb5eclHh
z>CNcK=A$FtgjReQEth|G*gJL5cu#bRu1A+(CVE_-!V6LaJ|SSn%=<!yN|+?x22CH1
zPWg1S;m5E6ZbxV247#bx-XA*H4U@!2qXW7Z(@TqPx}9h}-(vdT|I0TgJgA2Dv@_c9
zFmw-0!}L_6Q@b6ViKFp(&bgt&`e;W7pnGaOy7?YJ8-6)H{{*f7#9YpQ4gy8yg{!el
zv?_Z1>Z3nQdZBALH9lW}HuN}pEMG<QeUEmq)C1w4s#~CY=^k{cUd8ljKxZKLgPi{)
zfw~Wd485b1(1K5*Yr8+jGv|kqG(tCBU$nwW=*%rcPtS(<{17^WITnO`_0Wd<#rTvI
z0jFv?x+%6`2RwmJQKN;S!v5%t+<|VQ$Iy{(M3?4s^yd2w3t-iU!hjm19UO+H--VvG
z1?ZBbRugdZyo<f?4{VNI7lnU-xC`45pN%c?ee|x+vpDR5@@R+JVpbfCcKiy=jd!9m
zGY6f?6=;X|Ao)^>9|#m8A@9SXXJyf~ZiudFSG3|=(F&%Z`B$I~Y{VpPM|b(R=-$Zv
zNSLw8Xvf>51D%TAu+L&0-~R^*<Rl^AlF)(TXhpT6z0d;VF})|y5$;FV`V2Y)6&{U0
zwa@`viZ1Oaw7$F00j)#_@TuvZ{~rmsmIWRQo1-4OTQ5h~ZW=mePe)%zH{ZVKIc!S2
z;?nRNaxhwMA==SR*a|;KH{W^7!XL}G$MnDda}fb6ydKj9(M_@m9r+$~^JP39@|8n>
zoOVRl_9k>>v(W}#MQ7w2^q%+!or!W!gtuo4bU@cV!TEQs?k2%0djjpidbGmN(1LlE
zhXU2m=WWobzZxCkeP}(;qvhT~J8}lytmU5!Yu^~1=_}ECW;~e+8J~#>d(fW$f%dS-
zQ=y>?qJ7W~O~Nj?2)%#~p%v%<U-<Kcy6Ew0gVr-NIuY&o9CV3aP7$!euh5a4L)WU@
z)8W5@9fHox6_~^cXoU|&pU1kyccLTu6J4^hD?-P5;QhpJ!}*wNW!UVGp-Yo`nt&bH
ziLUWsbR?Op!mh21N#b464vt3i%|@qu6*^<v(bw`J^u{}j?vX0bgsc5hw1dOY8Mq6R
zp8sbF*yCO3`8<c7^XjWZ2l}8rorqTWP;@)G#=oM+tMs#BbGAZ%(p`oAlhY&Up7;>0
zC*!#=!19>>@Bcdxa3o`}Io^$4#oN%CIE9{$63>T<TB5%J$D&KK44s*EXg!}`GdvN~
zYrYVk_e9tHdUT+Ru}O-+b^<o^H@Xz%*M#?bD|D@ILZ|#*wBeQL2oIt&RpiBR{#&9Q
znus3Xd$Bt{ft~R<x@jA)4SzUw2c}%RZ3LW}FVXlv=<oM3>%#G=gYAiTLOU`mx&rO+
z4s_(-p!NKX?*6hbg^sjD?}<y%d}Gmk_q@dU_rVGhJf~aHwcHmooJD7*%=)nQt&ks$
zi81Jsq|mi}3LE2IbT8$5ISix)TE0Kp(Md7B2;DoIUgrFJe!nKcU0dLlF!jyQ9$trT
zx;f~YZN?;ikFI6z4Iy8BwBvoy{1Y)BK7|f&ExMHNp-XfaoypTF0<Kl@jbUW9Fnw{L
zGcpu&;dpfFQfP$_qsMJ+On)B>5<iNL_|N$KyiH*y8lf}L8{M4Op&d%CB9J8T23o;4
z==nT_Zm#oQ4SS&zI`sq5=i|`5vJmaai)i`x;`7hZfn?hpZp2Dx`TFQUI$=)F|8N3M
z<!E$wKZuTS2YRf&#3W|C78<I6nZ#S5Q`j1_;b8Rlz?J9}k3&Z|4XyuSOyV}Q++l3t
z`#<ybP+@Cy#O=^29D`2T9CR<Nj_L13kH_@FTf*AcLpSAR=+aF_8+rhpi5Jj%cB6ab
zI98|q#Q9r81)b5JUyC-JLT6+N*2mrGuFdjB=wJ=B;vSeE$DrjWVF8?jHn<dB^ViWC
zJ%e`ayltF+&v`QfuF1t{g`?4t%*3qtJi5l~&<1v)<-SIz{10@hGv5p^qta;k?q~;Y
zMDP9w(4~7B9mvKvIsfkNLnJu$KcXEdwmnQy1N7KkfmU!oCUGsgM?Q}6pU@jI|Bi4U
zbVTog@#xGwiB9=`bn|B483uge&Q$mliLN9x=D}rX&+d=Dgl?XL=t#1?6&kLLPGKvw
z;X!BzA4F&374&p`5T74Im$c&BVJX_6_r;_X0jGW`cEXKlPcz;LQ(GIYs2N)EWidW3
z#%H1BpFlU==IBT0CjK6+FYmiyNt&TEJPf_~QYiv%iq+T<ccBHdz87YqD%ydb=m<xn
zYd;6w6HlU3{Te#eKcP2i`S-)WLD3z@5MPVVKyp{e-x6szl^8=Hy|(Dj;<f0m-;QpU
z)96&4MH?))J1j+0bR?Ifd*K#zAoI|RW-U51JJ9>#5N5^i(9?1ZyL$f55^(A}eh{W;
zHagWWqEqw^THzmPg}FZr4Od3fJD~adq0g^FM>-4L8&9J%_60hVzoL7oz#e{Q(0-ye
z0e`~{Lr3~RbUnKJ51<{%{!!SB_0gFa6yp=nkuODOZY#PMPGP#kABP#PjF#($zBRAH
zlv6mLfDNog*X}E{qC9)UTD3ysW6{mD49&L-9oe5~J^4QgOHm7b-U)Ny4d`jP74zUj
z=qX$N3Fkja;2jd2vLDf(UOD%Lo;F1@_CeS9HngD!(TnIs^zFF=oq^BMk^h5swAlVI
z)$P#>=}L6TX2$d-`#Jws@G1#T$w!zEvwRwsq7d3(Lv$)Hjb0biXQ36YM3?SWbc(-1
zui!K2TQT>6@VpFqN?M~Gx+z7#sahNp-bB~@hnQacvoM0T=*WhnGcgg}Omop0T8$pt
zkI)P2cXWoz9Sk#3ADa>%j^2QeU=mZ?2sq`3(Oq2Z^Ke{hp}V&}Hp9_qg-@Y-WdmC7
zTXg11d=W<28J*E<(Y-MZy&oRJ#<&9=@ZTXlm8kw@c+el4^I$Go@q6g0I2Y4ve-%1-
zEjp#s(J7pdp689|JLGM2iho51Q1wt4z!0?DVzgtcFt_Lbbpo#8JJHY4srm(7`x;+|
zo3SgpsZ!_^K8p=-FFN(PzX?lK3zNiqpfffOEjJBw;tS|Sw*k}t{?EGvk|Z2Kui)&5
z!+C9iZo1*<o|udtqZQE|=*@W;?NF{GVdm<h9lHXZp@-1ZwHeKK0Np#8-*W!lEM*B;
zQRnCw%uakBx|WNuJwA`F-LL2-Ec;#9Y>m++8-~_14{dloI^u&degy4Eo}*z;R6EM~
zcWU~PV8wUgTzmoTSljQz$VX#m;tSCVzd$df@6gRx`iIb9H|#|Gdh|HHjLzU^Xv4pw
z_e7B&L%iXSsnC<&BskKk@xdZ=O<zJgxF2mO`?0Y58=*g3u0->VMK|AEbkA%=8~zlN
zcnZB2iv1Mgwb6lGk|JQwE=PMd0j+QmTG1x-_#MEuSnTI;-ut0@WeS>q9lELZp&k1k
z-PFHg4$OW$bRa)E&}!&?l4?yLNuV!U(S#UZjJ~Bdq8&Vd9-BYVj^+I&RCob8)g94`
z=$e>57wy2R7~hQUk$srNoF~%HIsXKlnil9DxD5N^RCFZ!(1s787u4_Q=F5LFG*A^y
zZ-$=t-stY0i4NeY=yr5-9zjo2?qBT)=f4pFFOYudT8}`dW<I)xtI%`29i5?1(GL8D
zcDUH7&|n*MW(J{CJPEDu0d#;{&{J^$^J3yRmWK8d`3ShXi=h<{MyGB9CUGXZ`Bq{2
z{Guby{5?#0Y4mwp^s2o99pN&x1Mfx8pi5cpkC5IGQ{Lq_5wM5LFui-xtMXHHDt|y5
z%ziqgmqj~R8#A#TX2Fiw5xZhzoP)0U&KN%(t@CI2L#|POa{k>kPm`d#&=LNI?&kB)
zgd49m+QA;^42?uPbO$DJ5qkVKpm+Z_=%y@jHcWYQbmYU)`lm$ycb4;S!CfRcWv9_i
zROzqK;6O|gACK;Zh3F<)6VpFIH`yO(#U;*#scnr-iH}7)@^tiFw4USWUdWyLJFHzD
zbn1tp6`F2COJn>^bd3+A4Hf+-%vcK?MEpwZj9bv9$;rax#xm%VR6&<w47!OQMVB_U
zg@99k5ItsDGBVR0DT%&B8lw%5K?^QHd;WU#2-?v+nVIQ-hqMkRiC>R)bRN1XH=uj%
zD7rU_Wy$o4PbGQ~@EA=%D}EfUa3@}l$FKu-%9@!T*}do#K87~10o@CS(5e12rk|fJ
zGreazq5~X?&hU(w{uHMF`@h!-*nxv+g*mc^4%9~PflJW_Mx*C?8YXcu`a0f-F4=yx
zW2e!4MRJ4=)Ij4M&>0?x)^|Oo|M!3Q7$9K@x*1<UGaf*9?QwKQ^5zUvSvNWit#}T)
zH2=eP_%?d(^X3WzYK9K*3ap3sp-Zv_Qy!<|1Rl&_)8r0ov?NbvdiTDKxk=BGH*_d}
zzD)KB{}hWhoX8(WUILxk#%M<_!}Ra{=tF2bFQNH%p?m75{F&j;|IaTFDr$nB^Zw|_
zZ$vAa6VsnXXJ%)NA4J#ucWi{E3udN&GxkC^@AT*^*o^p3=uA{Al$mIQeF~+*RLm#A
z<FGCIB^Drl7G0}6g+s#?(UCMkJJ<^y@wn(bH2*rZWACAR;ulPxk|JRf*TM3nw@(qU
z;j5!l(Snagx5o4%=u0D`Xn39<-K_P{4h=vnya~;>0IlbV=#J<QXb1Bb3j<75iGfCF
zMV-(d4@Hm7ZRqBFJo*wQiNB35)eq>V&00J&{T96totc*CQVqZ)UWYb3H@YI2N^BvJ
zK0fimX>>{pmI&5IE4U2JHxaGqA@q1Yk9K@J+R-o28}DRHZ&ET$c`tO+UWNH^5|;A)
zKa+qJEXUmVDmwC==u7BlbQ2~@g%OuU_ePUw7c_r=ba$sP7e0nA#R~LddkOtv^BH!>
zx~18qw4azlz@D!~*K{Yk1jo^i<t`H{sEEF#x}sA&KE@wFm*6!_;!(U2bDbA<`DC>I
z&1ks~WBg}KIVG9rhl)#~J?)65UyJ@qorZbv-snRyeR*_s^rh%)X!)Jk5WhfYrfAvB
z^uMfDAN_rCeOb=G52ljfh?hk-p;P(^cEWSm0y~roFOR8MpZErJ#(u&i7E6YD8lmxC
z=q9}p-8-{md^Otcj$|ra2uDcpd=@MpuF!_qi1;mN!_T7~JceGaIVyyuX^1t6_e9et
zMOVi3ebKBHLx<`{d!w8Drc_K=h;Fi%u{`cYZ>m4gJy4-ih&M-%)d)=DB(&p8&~jVR
zQ}GQtGk?bC<tvAHCrpw)E}EJ{ApO#b2?x-QoW(9!s!Di%1zO>3^!Yk;M)pL1!e+#C
zRt-zn9-aEpXudnKE-pno`XSQMRN_|x9Z1MkEsUfmn&Bq2!3F3{Y(}T}DEdpLc=fP`
zozeUwa0uRmZoco()ADz;Mvc(%%h0`bGZysxKSIFcu^Rp9v;~v+5qdSBLeG1_3&Kk!
zi7rXs=s5J$+>KWJZ1iJ1P5dmn+fUU@|Kdqxs}*MALQJ3kVFbJo7NAr9HRj3SUq-ty
z+*FNghl`{mdO`I@H_u?a81Fzk@Buc#-*FArt`lbJ5PFOY*A4IgGH6G8V#=#<JOQU{
zI=W^LqsL_(X2*|l0Dgvcuu;9RG%0jRo{sUo*pB!)Y>92^hozYkU4|aJH_-YI)#v<s
zBV{xQ56YrT(K6Z#-2+#n9lZ}-ibv43eI};wLzn6ZdKxkshSz!(bfkUJb|#|@FGiPe
zLqpDgdKZ)6NPj|i=_zz3sx%6=K^q=`?vc^xPpI25y?1ap@h#W~D>M%A321yj`Yx#1
zBrH`^tVVojDhBRB*K`fq(~r@$J`tb)72}nghK|%h&v_g4YQ7A8-(P{w#0+$VPoViW
zp)>g*+TlOZO_|EqER4J?wkDx6dh=Z!U4l;ON9fd@j+Sg5_DqxL#psNUKpVINZD2ln
zLq3Jhz#eo4zYL}lCu2gk7U4ljw1NxJ0<F=h>K+}Bp8v;Ud^aYEpGKFkRLf94iOygH
z%#W?HFZM+5i6=4r@Bd_J6{e;EI`To-6dy$I{`b)fD0l17a6@$0k3jRy$F8^wdt%8p
z;Rnb_bVi@W`uG!iD$2JF<%VMM6bXw7IN}%3J@6(vmEWOjm(eb)WeM~Y)Iq1P75W3E
z7rJS$L`S>;{q?&H-2;20KcnSxv=0L-jVaft9|0YO-tD)d86S%2tI#FbguW{dV=m0!
zAzUaWu@&))(0sFE`dW0;eTyE~{2fC_o1uGYOh?YY1!j}ru73&LY<pscKhP1C=oEH!
z1$0STp%qL*XXp{M+!}NspP=QwL-U=)=df_+aQwF75}$WYg}2t7UBcAAj`s9xv}5_Z
zhM8!LPH8vv+^5j{;5oG8uSGvYm+mxLzHqnD;pXTP-+~^`+33ZzB1OP+yBqE4uV@8D
zE(*K47A_{<6aCeD6uqz#-9!E|X#VEt?}ENDJ{n#7JJF6litX`PbZJkZGndNRBV;Iz
zcAy421KrRyo`ClF4s>%aLD%$k^b~xDPI<AOp?npzd?zfAH=?_LK6<*|it&GtcR?yq
z|KgCLH=1EajBiHI^NHwbw1fYk9VvH77-2g!eIS~D5<0?Zm_7}dh4?ab#809F+K9P)
z|9=u6e1$H>@95f<?iCtpkG{1=pi_Al7RLpc#MM{_-$$3?Z}fFsvUgbHR%pFfqt9nz
zTU?Im^M8bZJ^c$ES&lxL>A$0~26iX@JbDxUg?230rD5vpVQu2W(2HembQgLb<n0?8
zYK3mnJJ9q;aWn45RA&PBT^1VNi%#Wf^q7_Gmzn-svHD_7;{QX}{3EoYjQ(Ni>Z2nX
zi5|n1F@0Aw^YSp|jnEGF#u_;7a?Za6o+ZKKwI@EvF(6D`J+#2(*cfM`7tL05CK3Zf
zzUt`IUJ~P@(Sgj1>1$&8yXX?0L_3f<i1Y7AY7GiE+fZ~ZXQI1&WAtmxK|J^1u(pNK
zW7q`U<$cgiH9n@#LpR&%nEpnLe-S+u&7B$&rYwn8&=D;-JUS6w`}<=2VeC!(1$0fb
z3=JbmqDyoUCh?Z&VsvIVqI>Lk^bC4hQrU)u<B=E5SP(rv9npsSN3TZjgB#JCY%)H8
zbJ2^X;_%=|yq@?o=w?3eim*hjaT4(n=m5XQdY=E&1e%a=!IfboSD_cioEYDRHt;jL
zH1)0u`L0A8x<AJMiPpF}45Tl5pUlFWa4Wjk8ji?J|4m8*u&?L;YXV-CO-5#>{|Csu
z(4Ox_r}#9w*@}${wnCqeL~puT_!X{?K6Fjke7B4aKhGDT^&CaZWxF<P)@oRo_7m+0
zr0;HYO-7@;^agazrpENy=+r-mZqBFCCE1N`!cSxRS+rvn$Ao+rqxDS0W;hKC;$}=)
z(JlgRzTdGr79JZiwm_$BB07~z&|~vajQ<_u4abG&!_Xyq2(9le^d32kwp0GPu(!IR
zduz~joc}@ut|7sZO^VJzmt;9Q!dKDryaT<8zl~<QKJ4~NXugi<)q62E#qsErKabuI
zdvJ3G{}_+X@TwbAVahk&7)G`g9r3XkFLYC8`j6FHpy_v_Q@awI<6iV)Ds*$$bY0Pr
zPeG^nVRT^6pdEW1Eq?^<P@&ZLFwzU69ng^uMk}~Irr(c_@M(1F)}R%<hDqFy{&f2j
z-Ag4Vg!G!|Z^j<z9vFyrXasWn5~<q=*wC}l*U$!bqc4?%Xv3u^hJT2xgkHh5&<4k#
zn`#!idAH+Gd=E!q&08|lf8oFa>`MGkyc65snvSOuZxQ&3gu=IFChow*q|C&vFcmxC
zS!|7MCWn8xyaO*HzAakd_VD|DAiCD0(bw&L=pI^wZSftn19_)}kza<*J^wQaIMVIt
zyC4gD!Zq@r4PD#e=x@Ho(YMeM|A8(+y*t9a&>d?MACE5K6KFkepy&T*^c3Zp8amJp
z+t7YuJOK-=M>o$WXwOgLLd-KQtmP9}o%lAiqd%b)mzy5Sx4>@12cb*zbWGolJBc5O
z@n`Q0zboFyR8t<5zANm3OQTm~andJX67NHQd_ITng&k;zKS1}&FX*v6hyFe|Z$`Mn
zyP-2U1x;U%zGDtYOWn=+cWQgy9oF=AY)AZU?1Xvm33q=Vbm|^LN4^WKC^3_F2j{sV
z+Q7J3;U-*yUPP~<SNCyrZ<M?@ly8n6$FcXahE)hWNP->N82uhCSaNn)ineG62A~zq
zL)U&CI>KFO$FkoSrnU(VCVm$>L*Jmk7k)wSkv#W@0n|wma93W9ZSeUR{{`<R-fT{0
z;&yxk-K1^i#wkS`T#s(Xqi6>!&I|DY=ztcW19=m@uzo`KNc9IoyQ!NASn+G<UHun2
zBTXL+yLTAc&}{5%K6Gia&kyk)=<!;B{#4tCmd~*uGyV4iUx?1o3{02DF2u7hOvh7+
ziwW4nhtPAo1?|vbycjDy6lUf|oJD*scEnbT!cyFc?uDn(nK+28vBcug@qXwroQclB
zOX$sa0(*M?D?J<v-V}Wf{lW1)I#snE2_3lw2NQn_-2+vYgb{a*-inTNCE9^Q(ejUm
znH?T|41NBYaoSImc`O{4{?Xa!?%fjOC!&>?hV;wPwVf5+fbRaIXvc~#3->}(bV)A5
zAvgnXz$0k={T}E14<c|6fj@nKPR*B3gr8)EmxmEugab*Rj(vTOPIbd4!}II$7vd|h
zAufI@?19~wo%rvV1<#@PM8^NZPq*a%IR7h2m`6f6Z2ojO9s|*v?hbVAR$)*41gBu-
z6=6!B#3sZKVH+&HGB^<3Lrc(^I)I+{T&qHTwbAwlu1bZen?!<BwGyrHQ}lcnekQyw
zYofcn4LXI>(AVrK%#FEL2a86_MQdOUo;Qr~VbN>R@)J@qa4(i1VOjK*=m%Jc^rL7)
zXD}ybdp7*JUw$-RI>sxa`D({_Gjua|LO16u^t8Nz9{1EA1YENQ&xNTQjYEk)gRL;n
z^I@&Kp?l*l^xg0ZdN1ror#9n-uyj??msodntw*6Rv%6#ZGW7TVt06s=*h9dEe#H7%
zV@-I;48c6aM`2aG8Le<hbQ8LU2hax2M2ox_I#3fGSQoUxDd;bs`B)fNV0q8~CIXJ&
zb37ljtPL-b^3nF_oqaWWyk^DtvzR2l2ff*Tjp@zTg$@mi-ip2h9>DUrG`bb*(mwyQ
znJ}_qFNF*Z&`o$5IwNypd>eXG{)Ns&<@KSV4(MxnFnWWIL^tofn2Aqe8(e|zf$!1s
z<zMFfJMuOJ9N7r8;hE7l(BpR&eS1}XC7hOa(d*HQ9z&1YX7rStMQ5_*hTuT-hsv$!
zyI~<Faq|YwznkTYnBfdM)g?BDhFjo8#7CiPybi74eYC<;=si(rQ<$0Nm?VA`TF+hR
z+OI-4?H07$KD545n>hb&u6(bCiW*{)_)s+c4z!{bG5!4*{~246USxAPZoM%d@xjq+
z(W$-_osl)@Y55i1w3S~AOVlw%!1Fp3or%%W8E6lmK&NsOI)YEJApR1~cs*P&h0*ku
zXt|zfeIwD`J{{ft3(<>i6&AqM0Rr~?2Xxb%juze$(rcoduo+s>IJAMOXhjdBGxQF6
z)gDJjSaxf$RdfjYlA40<wbjVdr1)R8gb^M=UlLi~2p!3Rj<`J9^Csvq>W+5ca&&|@
zqMPvknEq^Z2ioA5Xvgzy3ntN#*H6p&Yfr$6`@{^x&<1Xb>9f&>7GrsQ37x5ZG5rKO
z@_cWG)6)X&(0DZ8e6-wi=*)b8z7u}I^#A{#GTXxi)CBACU<fwCd1%MpLeKqPY>j_o
zM{KntyvOfEH`hz(9{3J@XPn0Tn0sf~^`+3`-U#i;AWRvUOu)5Vf*!B;&>sJa9+zTo
zg;P-vUAsQ$2q&NoEI{)=i7wfW82=odxqo7MnYTmvdT4szw>ke#-3=tT$(Es0^D%mp
z{eyO(;ydB(*an?}{%C`X(26#qOZEx6*2mF~WWF0VaVhk9RWyGabkh!cHx;I2DhZD0
zX-wjdnBhAdOg!&<q2OqADQ2Kk{ybXoA*_jK(2iAoKP+8W^lH8gt$!Fg&=h*VtTkYP
z&!XqhjOBKP^j7HAI}E+aCdKr5F}@ZZ@!RN#4x;5Vc83lp(LL1ylXxAPe=eFYwVZ$z
zzY*P!N#Z}FBP{Si=tx_1q*tO9Ohz~79Q1fDK{wqC=z!jc&kv*JPDFEm81`62q+_W>
zHv+EJ?dVN6AKhdxqHDDm9l;57uT<I-8t8+blJRKzYII6Ji_f!s6ylY!A?ZD^IZj7M
z{yJ9l{r?343ub;CGSol|j6fS$f}V<x&`o&;?O@rxVK1~rUqYkNJupAI6>acmbVh1?
z66)=a?xAUz{@?#RL%@Ou(Hkq*zHpH=Mn`r%+M%UrMSG)vpy#>N{!p$pI*_qwhZmp&
zcop4rzoPl8ej4)iz?2Wh6R?4mn7%S&hI|LYh#R66UXJ$s4)k}yO0>bf=>2gHEnn-i
zFra~Ghwnj`b``qRZ(+Kf&p7{1QNDxW+;_#M#BWBY^f`1_??<Qp9J&|Ee;)E*iZ+~z
z@#oRCJ%Hx>Gd{2RMLh3l`c!l#)_uYGcVq|RgN!dj#SPFk9*WM;G<1p9qaFSx#>;&b
zPD^)mq+_FV&<56^r)VEG!CZ$zeeKZv6H)~HJ-!HC>-W)-{)J9a^6RjMJ+Th)yQ1sS
zoANufp~ByU3Y(xyG9Wq)ouO6eO?m)r_>X9+)ZtK3b9BTb&>5MDF2M_E1qaZP=ROif
z&<V|V8@kCJNB72lw4sb|<L>};?OUNY;ULV9BZ8^Kcmj_2PIRhQpcl)*==bPIe@ADa
z{C8nydZU}^4s3}JVGG=g?t#Kb!<yGcJ9-(~k=tYXBY1)5e+vP3|1osL6}}G*cE=*b
zC!$k&FFJK=(JOf`x+i`?8#w=mFhd<MeM-=dtVD0Xx1xv8{AaKW?I+6r7&4AVAIwB|
z{R`-l>_sa)9pmMXg?I;arpBUs<u<h3ikSXBdL<t~JA5oY&+$`c;tJw5G1Y~@90J*K
zKeop&(O<6>e-7`4f#@E%0h9PRn*R-Sgl}VRJc{M;SF}S#j)yC}Ejj~(u`o_RXLjas
z&cDA{9wi}(&!H9XMyK`@EQ48o2@RA(_d<<mU-T!|9npueGx2rkUik~%oV8AbV|W$j
zB)$;s_|g-pP{C^?SkZoT2~MI@S?Xk%x>lGZemS}aZo>k&1YLsFF?|DC@n`4^o<T=i
z@7GYS6S`?fp#w>!Vqg_IMSHOr{v6GEDokZ*Op@LOy-=<}Ps<}{{@rLpN6;JePqe=J
zzl9m?jxI?bbO2M)Q<qv!!1KBjUE{+sL($(udL#67^g(B6CVEjV$0oQ3UGqGDgppr>
z*4GU$!I9{QUqP30H#&1aBBv^qI7`3=DxMA%T#gpF1-)?Qpi}iOI<nu<2J8G8*7g##
zLwBR))?;^kA3Z&#&jeedH{~$&G|fn-bN-$uV8K1;TkZR3v9qB=ZLtmM!_fQTakRtl
zVm{3HE95JH)^j12z>esY4@URWz37s>faz0%?P))8lz_Xw=D9G%_0bXaKr>E8H{~N}
zg>Rs1_e+cy{X2B19S$e`mgoVrgDw6EBkqO{@FukWrI<2dSA1{=-CR`?S<?1LZ@yXR
z61<3Z;B!o`c}A9Wg%_X|_Ct^J4D|RtgiiHa(G%!ZT{<&Mdh_<r%)-C_LBebj%(x}`
zJ=&4NS+b;$Q3tf)$><(fh2}qumd}?pOZuF*MVIClbgiF@evA(E47w+(WXqC%>vqkS
z3Jpvl!3^u;gRij}@e<jCz0nchhgSS7+JTSI8}l!8iQ44Il0IG|(fVdaUqWB=htShe
zJZG?eia;9@E<qcZhZbCe&cNqr0|j!0hWlU#;<utx{TjNdcBAEw;$X~~J2(P+5q}fy
zc=0@0(tD}}CW)s867XD3jxNHBh_6F;Z6a?NQRQf7H2oTM6W))$R$oNx`2g+6G4!Iz
zn=j1Fh3NCX=qb4YIZdg=Jp_^@yciM^AE6^ZhlQ|q{!l?%Y)5<)cEM+2{1n=O#s$KX
z^hM)S&<-w%Zb6syFgC(+1+(y9WTg0EKp;uNqv#sFhHk1~(KW4FDD3{8Xoa_;H|3+~
zrhFg$Wpft2g0mG4OHvAb+touy-Vwd|hR5_9uq5p#?u;28MPDWxuo&)$9z>`7WVA$)
zkgo;$Uhj(D6IY>|YdV^L8G2f_V-o*Cr#@LU)ZZA>|NP&BfSY41+T#bK|3fR@fNrw=
z=txe)=lP0-HBO>4)eiIHHR!wI7PQ<0m>r)%?}Zn!8-7zPOZfXgFDxF`tS5Tmj6oZo
zkD0g@o!a$iMekr9{180_pU3AvqZd(TiLhjK(WM%M&ctlAz8&cAi?>T~{yoRPlVH!v
zl?)FqL3i)%SOJ$t-$0M&5%fkZR4U9!3$()iXvgnDPr;MuW_}ahbibqJYLyO4)jvhR
z2F9Zq7Dac*4B5-1k4d5;+Heo_PQMi$`Q7MLFG6STMRW!Zpi7$TykKo~?fas8WDGjM
z)XW%o2D6gze$223UAyDx+brk#VV5V-Jx~Mfa3{25x1%FpiI#f{o$5oFzN#??@qA@N
zzGBGcO(hx-u%{QJQ#Ky$*#dM#FUR<oXhRw0vZVhRt`;^SJ`CI8Vr-2Eu{oZX49BxS
zI^r4V%q>SZ>l#dY{`V7bP5z8lDj$~QV)VS;h+Zhu(D(l`w8D4LnfVT#k$=z*mZ=bq
zTW7SPQPDYQ{`Kf)+=c1?{eRAiVK-MmE4mQfOx@6#nTU4qQFLbBLXYVW(R1h?Dp)DZ
zSpDcgwA^&8htI|IL+H%qs?7QK#%o8wo=!v?cnn>$E$9XFJvtLvtAvJ%qR$(nBOZos
zy4lf9=%)Mu?O4{TVNX;=ui!T5QcSAK`FBcZlHg`pi_XA$^ak65cIXdubCs$VY!dB<
zZng<AJ_o%Yo<leDOK8V8;%Iya?RdlLp`IbtQ{hg(odnP6<7kB+MUO?Z)d(Xkiypgf
z=oLK>-3vFM9lk%NuSM&58{NcTqo*bJ1>v4)iw^9@R1C~VGp<M1><hHQTs1?+3(@pT
z(6yWteGZ+mL+B<whvq9&D=b|nw4ULZJ_Rv-Ia)6D8UcH9AZGXry)sK(7&_Dyow6Iy
zkw1*)e+I4KeYAn^(YIj!+F|#XMBfEX(WUEx4say8dFLQ|Bb9i9fE8~?Gk$`u*>C6+
zXR8x_2b77{LSMtJ(M@(GI^x^Wj;=so%O9dk@J~!HSvPdJEqb~JV*$_qECM$CFgmgg
z=v01&?*2dH^P=@a$Lgb3X?t`A2B1GwCSXy#2ffH1MR)&Zbn3r~o{N^Q&&<(&qOk!S
zgmz#m+JWWh3~WU!+=pHqf5h~<4MMrj=#-8@N1j5D^|LYlHCk`MhT&$chjx4%raUgQ
z2)H)$q8reL51|GBh?Z&;;?2>i9UPs2={1edpFlhECff0n(ZY?xJy9<@yfNqBV=<Qm
zN469F>6OtW^sphiiF%<O9ER?Vd(Z|JMR%Zk;8e6+({RCbL(BI^J2(>U_-*J6JlK@;
z-<H7hB-p?SwBl0DLcBA28m_}SxD?%VAD|=q0llJgHxGNF4tk+=Mmu@~ntv*~2OdGo
zy@D>${#1OBuSIw{)Ib|*hi=N7&;k#jSL}<?L(zgQ!#`5BM)Ti}>0iC*)w~7m;4y5D
zg<FLs?1|1m>Usj6+u7)*TZm0?9a``wbjpgf4(GZiIzv6scg7^N!6z^;?m+j>N9dA#
zk8bXwZ9=>$x~Hzf37-EM1T1h49bu8SS<?TX&)cCLn~RR*VYEX#&<2m8Q&_NF=vYT|
zibq7JqsMPqbQ_xgTlBsu)83^?@sHgET>DPw)Q`i)xD<US>_azEt_~qy5`EqcZD1N&
z{wefgc^{pbGw4XmcMLD3_GkyYq0dJu?I-Rh;2OV#t#L1Q#A2PoR1ZW?$4qoHZNq%{
zIXXi>q8<4SJ<cUNhrLh^ZLk$O!voPZzac)q57U4D$7%vr@M(PT7h0f9mrzk%wBRLZ
z2gaaR?F{r6&GYEb^PT8k`3#-vQ|Q`P?;4I@Pqg0Q=u%JYnkAL~_j>+Ef>Zok%#gKP
zXs9&WKm+vrc1Jrh6kFgVbl1OvPW3)?CjX4-r7j8$H9?Q%NVJ3V(4|^+Q7SaBj|6*q
z934r~?qTYyp$%S!uGx)fgNviDpdH(XZpt6fcSimmp`q&Nz}lgwqZfLg3_)k|{#1Oh
z0+S@X6#WEk@DFsimhBmKe{D3qFS=xt(bKUMllU%rJdefar7sT0t|j`@YZTh>a&)Fr
zn+f<f`y3tFsTePENm#2I=vueIOuPoO;27+R*P|70#D@4Aw!sT}g(Vt;or$l+dUyhz
z=}NuRGnPtpCEyy5MSFHvj4zG89NmqM^gHyp73mX3)*PLY5$MS8LkF@cK0kmqnC;T=
zyapQYk4-%Pw-a#9)?*SsL_2g6U8~%ELxs)If|sLHKLy=Xk7EaXH$E?TSr}<Uw4<Xi
z{gOjpZadM7>@23wfBAkPV;A(wydKT?2znvyjwbqNN&nAq>tZ|7XQP{SH+mm@gHH7c
z^msMBJe>bg=n~(B&dd@likmR~_kVvtzy^Oqr?C2fu$%j#Bb<a5d<s1cZ=xOh3Z0Qc
z1H*A@6umM!H@X>Jx*yO179SJ_+;$M>-?h7jgdR8-ovJU;krf*p8m^9ZtP6U6C!igf
zgI4?ux`g}Cd*CEG#YKk%o1yuKq4i9Tt{TGmcX#h6!J8>#XlS4W8n1&E>=eBMorx*Y
zN71Q$H9r3c?cnj4o^x2}SUGf0HH-1y=-wKeiVq$|cmGT1oxM9|IEF64dBejGicaWj
z`ZDy`-HeX-dGrGM5Pkj|Ix|JC2usx({gHY-X5i-R>;t~3Pxuc%?Q`<uAR9k4umU+M
zaM<}T#1i%6^V^YVVl@BJG%J6Kor6DwAnjf9{zLdQ;Yob&rH)5PyPbSjlK$V%%S3+V
z`77khLmhlli7X_1Pr@>5=aYvHTuS`EpY>FDD+&F1_U~srY5#uOQrTmCFQP6#&)|JL
zuTKYxk?zzl_15CEkGgA-_C-3*`S)`T759oAsDZio?&jNy3i46ev$5hm*dmT9FX5Gx
zElWd%NSjT?Tln7fpHA}kSS2nZZE#G>M!v#)?~e5?_xE>azJA8UOydY|qVX5fsqFeV
z(&_a0J<{)__kM1pqP1A~KMl_1S$ER?%)nCrdG<JIt4QO&cT9ik5l)?rjhk`}h3_G8
zF%6CRPx_%4{)t}S!?TvLf>Xp#Q|>Lwwd2cwkCFI+^6c3}dCKIV<NHWILwp%u-w%06
zZxhQCO(k9;!*D`l>FHd)cTlJ(-zTZ)axzXP?N7q>XzUffPm{lKtY93KCi&(k|2itp
z%`-m}qYEkfG3j|o>zRJSPjTWC`F=*8@4f%|+Y=LQsKieb3ixSGgJ;NeANskS%xhw$
zZ^X1}l*!Gv3gwTI_sNhoF^GHzNgId$j}r>;_0yj3RtCUNgv4|QU_I`?O|jw|XnYBo
zyHMF7(w-)~j{@^4;O9pQ{KYdr9dHrf1LPUQ^Dn9JCdz+E{`G_}j-51bd7d}o*=C;Q
zB7YgYmiTzui2I*iOQsQg8&hyH-yURaM@3)L$OBZ8{s%>*?Em@XqJsB{Jx^Xgw^6Ad
z{+hQ$A?otOJ(Q^apF;f!w;<mu<f)&H_UBN^r(~=_LwBW%uuI8sCFu)dC1af~KHtW;
z;Y-M$mrDAOcOaGi$oFQxx05!N=NlPB7V>{i*%J6Q@yGf4Sw`K(Dfdry#{UcvKYzu_
zpQe%#RN|)x1!nQwADib>QC*&8<JmL{`{_x%4ta+2Jwo|YeEGeRNb;-*9Xv)jFW)<;
z<6X)Z;M<ro9m#*QbvXac$>3)L1rEpX?}W4Qtri}o|C7JIFL40{-z85b6?Nk4=Vg3~
zO8+4LB%b}iHzU@wi1dFy4^X}f<r~HUo1R|(RU{Ok@TK%<eSElxhm$B=jEcVD+242*
zg%9$5nDpcSsl*q}LelofMt>vEJ=PvSi)pwe;rZ0_3;M?NGlc*CF&(&!0t3k8rzDwL
zQaS&+M`9M?2YKda70>S_tu@cO@jXZQ&G@Vq4VU71KH~q7_X4Mu&ts&mppGttzaf9c
zbZYpI-sGvozkiTeNM$$D`>bTxOa%@3&Wjb_&$IgpZ>OR&_%`|4@vTn!zn?V(I#Jo}
zbmAE4U-Enxb@>@gxEST0z<GT6ahw>$v!ZmWD(TZ5e@P10p@A(t^uv#r#1+K*P{7Y(
zGTupn5)_=pvm}ia;rR%jKgYA#g#BF0x3q&u$C%OB38P8Me@D5IlvzZXe?RH@AIO7c
zG4UwjW`zGjKV#4zAgBLRs00m8Cw)Qep!urPu}4Uo|DQDerp`pESng87@AGUlE?~gV
zP-awi)_(_u_{X)xQZio1gY9Ixi?kQ%F~1iR+2SY)Q_#-|()<jM4P8&(w<&ua`JRq>
zN0Iju!q1R*0^hOJbs6yj<o)-vJ>4<J&tKh`m`sMZVo%pl@tu7CNBS2r_g0?Qr||!<
zlv3$MRLI{mnf@eW!wpH_K=?fJZRC471DZ~~1OC&n1<vrjoV3*`3ixS6q<5_3b*x6k
zYhvXgNBGa<<Zn*;UqpxT<sX<6*YUlP@cY;}HgwQue6M35{N1&QcjDk~Ae@y>`T2sp
zsRwDS2?hP!MW$u+`aZ%lV@2r){0Bdf6Qy}}C;9m|Hq!t2{O>dVc_UFhHqa;9FP7gE
zGYzESt~|SiI<DYboH8f9|Ns5`MxYoyE60NggdZWCo8Es(+|U1Llt17|e}1O&rBpbQ
z_)Sz+lxKVK6yL2pD~N+>tO(zw)UkoQesUAPAAcZi6J>9){f9`{MTQ3`w1UEW_-5yO
zhD<;6_461F_<1$P4VR#@KG>9J_tDv_a0%bT)Z=F=4eX2Mj9(thmZR=}KUGsCUQI<S
zNt{S0o{ojb{HLMfJR3zGKO+biq|!JMiNoZ3oW}S5n?RoL$@3-ov&J&R$bUl&TgTUw
z=}kK~(O&9vA|2xN^rYa-|5Rk=brhUJ1qI0WYOJIg@vo@hEO|$oiO&I^wIzK$`Eu|b
zO<Kh`n5v{#BHVzE`uUsZetyfEcyQaJg&zFi-mIz7q-Bt&GI<}RKUeU)8fjA~^Dg~*
zo%(0|KYcqw`heKRcFHv;Z+FUF68rfe;Y;~mPuxF!S%Y=Re~hr7OJhF>rV<$xuEO_5
zD(XlF9;fn`V@2hNpHJM+&wMYWl1aozkl#-);ycJY1z)9;x&EJyen|QGv94z+SA%#b
z@@~W(eD`PlzvsaJmy(HzRJ=0wt{??pBJ)VnzN4{bJl{>cA{`x&Zk~4vdAd_^1HRAk
z&7kZyp8xx)#q*v2iI*dM3-wH=o?f^o#eevjN+Sm-ypykex|odb#DbMct4T%q|1-K-
zJbQskKBv*~Jljnk{<tFj=}x#DX&>?IF7n(#-H-D9_tS`c<$2bdgwzi)wJsT3(3zdc
zzhISkfec3opP-`KVki5PcQfht^1X`mh2$H^w{3j>RO~=@;*Zf_XYxPA_Zm9Xn7XpW
ze82qPfus^Y5}8URbNRN88SGOD3QaM<XK3vGLsa7DrdR=gUYcl0nH}V9%Gb|ZN?n&=
z1v)x}j^>NyOT|3?DNN0D9nAGeGHoUDB7R2Z^9diJ0zcU((1EmD_%@GeU&K!GhpdTj
zLbe2dfRiW`(+}YlvB5snIfd_eKBMzD;!V`^TrBs_B|PNsDE~j7<rFN(cNYzQ%eNa}
zKWk&-3uF9h8eA71{h$BbX(t}s`e>2#!R`}l-AM~G7)F^`!*;q+g0$ALrh~-0^1K$U
z{)PV6Cw{J^wqM9|CC^_ZegoyNApR+3Un8Ga;g!&jb_!8;A>r}lokRL8{(@_wjGF@c
zNT^GOrwCWZUrE23j1Lj_lb^7k^?Wa)^88fZlV{i32p|7g=96@YgHPT{<aw4l{R|-A
znpnOA9sGf3ACPvd2m2lx>q0_bDteBGt*|4RYx7+|uYV{0HP8Qu4O!t(zRRh+R-C==
z<Q+vlt0+H<e7Si(6F=g+fbdcLi8{veok_e1-yGzh>p!>6rlMx(=MKVI`TD0=A5fW}
z4=D5_UQ2p&!Ud_!PdUmwOb6<azLfAU<R8Je4bL7UKFCab`tof_d^=_Rv>?yx#3vF?
zt!EnM^WXpp=Lk=x@^e(W4i8ZAB6^vkz<)nik~W3sMfo11OnshLB5zjWpT)d$sBbc9
zhbWkn`d;9>hq#~nDL<O$%W|^*DJsZGq08|Pz8~_y&sZ{7AfBLecDxmNZl!?_`1&cw
zw>V+`!urIMd@tpB4dORb?im``5Jx+SI>zzrH0h7>ok98r^v?}H%@+1wVr|T9#eN#_
zy`Dl3+W|fcDbR$<=Mv}Np8o%RCdT-$)RCg$+Qg5NzaM!&A#Dk1enyf01$CU{nV*ZS
z+xA<MP>o2EQSdJ$CpwVHPkZ8i+VMR|o{ucRXDBmtJ6=e>Ry6P?`EKDk|J6X^VagvT
z-wM*M!K!g!V+p?y>n%vW&ne%WcxoVlZDf9yf_|QjjVz{MMZ!;z=C7cCKMe?9NB(7e
zpCZpK#J?wB7o5aMyOQ=C4eW`_Se1gAJS!IC{O$Vx{iG5bX?QP570LAPXLStBpwJ>J
zyN0iyKgr`&*fvh7X-~&z14ui~vn@0*j&EhYpYmNr9VhtKBV2(zhvNV(yCNs^{~47Y
zjfu<Y%xp(M=Kd6Vl4t(a+Y3nVNJA@eE(P!5*?&I|$M|9zD9nR9@m1>CPrVHZ|1S=1
zCh;$+Zyj|tAUxyWqg9$ndkS1a<{_Ac3ab*nGmh>`8a_rP&!C?c<k>>_L&7D=b3gef
z6COxCQ+c+AXG!wEN_ra_{F-M^lJ5!9bMu`@zWJo3_kVjL+lbU7a|^zHx>D#ezV}l}
zPYV1N(|wkM@F1T3M7e)I*AiYu1Cz+>r!(c+5zkM2G%n%$4&}x(s1AHDBL1Z3zXzFz
z@Zb;yivOpP++=!(v_Yi(e~n!UTvS!tpK~vZA}*-7;c^jCTmZLRD>Jv;&8@7=MrMRb
zn8BGr#n%E<1Vu$fJTAC{yP~2VWKHWWO|$yc_TDVHGf=NlX_=Pw{m;E;Xf)sV`_8Y!
zIp=x)&vKr#-b2O9no9jiPE-xEq4;|!2>`z@oayZ4498eNUjxiQ@YbO%L0@xVN+842
zbhNepw-tm+gsqy>kp6^VA?Vvtmmt*M%Q4RX0$85#XFs%b1?79lKf~b@C_jXZ2{Nmp
zBMyjPK_9L|4JvpA;MH=SJpS>>Ly<#-kr2%@>{bxs=~K{Of}%4JEQH}tQAVR(AGlQT
z&7f@+SU=FcQzkkxUg(Pkt~=U|1!fHNYUA&N%5^X=gHZ(KOVGZGdN}G8$dM3w8#x#~
zGYR2egq3fB^#kt`==%gM56&!w(dpoMl7cpVHE7^p)R#aU0GVX`g3GWQ1P6?_1E4v|
zRuG;Aqf?P@h+g#&J-7+My`pYLxdskhfTFG_V~{<m2!<u(>CnehFfcrs^}?_j?QP%}
z@&`tqx&gQhWfGiu8j9A#@W(=7BhVK^Ai>MPXQ2Ir%+srI)D2}(kj+J%r%2>@$gC9Y
z-EcM(8GpaRa1p#7D4&H5AAYenaS4&0gHR_hra^Eb1fD{jr@=7bNwa|A=}lm^z$iuT
zhqgcHeUbU^{w4zdDd??)0~X<Yf6&5Ee_QCwc_*tOkHHAo`b5w^Mw_SBz^(@ED17(;
zGC!gIIdUtZYcnwCk!K-zvp{Quaw}ve2tEH6CD-MKU%g?2r!P=n0_;q|*T!Hph~I&D
z1c1k(<Ri3sY6+pUq7(Sz8g=Qi2n;7Qg&a>^z%N67P2f4L6zyHWO2AwZ2G>LPa?rb?
z-Hgw{tsLo<F2I5I$o&A=DujYiRzZmhL7qmTein)<QGXk`A@Y3~`V;&<sE-vmJLJwm
z*PAE{Ks$hXV-blTfy>~3WTrhl{(u8TPxvn>c^ZNI8+dmFy$=*L@ap+N@UMEc=b?Q8
zdX9<cZADoPnH@qt5B$lfuLW(QkSpcK`w(P149!P*4dp^1uw8%_p==9UJMc^p-hdut
zK=~5nzUYw(#m!JZhWcy3z6O3A@ELH1f_@z`BhW4ap9-A|M47T4jPYn(2DlRp@U#cC
zn`obfU<Jyd5OhLO6x!oaKL>m<aQ{U8W61PEeh;|)C{KXKlNtC*;7fqL4f?BasyAq_
za|}wJ#_%&J0)jFO_CU$g>rhZByu*K$r~T_ae}FDS@N@7+qW%-`JpBONAk@Q=%fb5r
zI-0;xrjXA<dnBCTX#{8`z#Tw42N*qJ{AU34JPg@jz>{{N9Rl#PAlwx_su7Ajm}s<*
zc+p(I2ZPyK^zIV$eu?Z!Q^5~H<6Y!;gsoTjrPY(n@URW?93CP8FoB;ABNHL)ot{P8
z4eT#)uAMMa52YJ&wE*(}NqPwC(}CgXLpap{?VG?K@^U)m6)0K-&;$_Qf`UXZhf>il
zfp7$brvWz-xPeeGPZ)ezDC#A8d>7?5WEoikt^)kyC_jPRQsnWVKL**IsPoj%ALIX$
zXk-CA1jI!U*aO-!cw36RM1$f<7lJ3DU=<vkE@-^Cj{G%n&w~CB)b}74pnetDpFsB$
z9U6f8Tf){lbfyv7f8t-VFq8w>UVv7>iLaob5dfcp{&0E&3bw<+-Qe@o7f!VivfrUT
z4ZM+p_XhZPk>fy{4_-acXFz{A>hHt&^V~W91@;OuPp1H^fzhpKujbwZ+zUAt_0AA(
z4nvUD(i3px2Jk}#ArSn-;1gl|6M^GJ6!cvKy+7(-hzR@)S)Nj6LU}_W#0h0+2Lbd6
zN}jr+oG%>IDHu06#ZwQV>~plO!jUQ=cL_30p!X6m6`-v`dl-yHqJ0DPE~qE+Uvk)>
zs3C+~2*K8<CxW>Uz4;#XwkVe)^RyZYsW8slrO1DRmVojHl#760C-iXs1jr2lZ3Src
zP@jgncPik&<a$d`I*RfMVeCs7I_YJsR`m7{C`;xT@a%B(D3peR_8oEt+P9GFAy)vh
z8<^jO-dn(R6b?iQ8v3uNKnMrJz$WyfB|zaIM|*{Rh!E^0@b3f1)0?8?_0G_78RadM
zZwT3raD=BDz|9gJ=n4KV=v#?Sr0fT=fdI`1gQqTF)(Dyd{C|ShR`6bgP#Aa_8WPVt
zsK<*a1&YXV)|1F5Ve}68g+g`@aD#yP<u9jG43j{dj66{EQ0UbPJHTt8pdl1o0i_dg
z%^>^-u+O9JNmi~Dn7!cbLC@!-Jsy}j0DK7fBy^$=$~Td7K!4vO$m1Ul;vFb^8iMnn
zU^4(b4Mq+Dy))V$aY5vMP((oM1_RxJ%?4(i=-n0YzX5Lm=sXQTwgHDfNmrMe0<#jW
z^(e1HSKatO1>;Y{&_4h^3`Rbb8iine;64KF6fivXhH!mge*|q8>hAzI2K3RO%|Q7h
zWZMYY9Bu?@8=QI^^~aD83tk0ie3%TQKxhs{zr(<O(VH~TlE6zs`!p2aN4ATem4W^o
z6#b8sb2dx+J6+F#VgxrC=uyy;g?=A~1W%n%pA4EGBsN0pG~{h)JCVy#&wyMj$i0F(
zMSTV2mVlRx_9@VxgnR_(kD)yoI(YI&`z`QzO8E)`Sr8Zlz-WM9LVg?Fu>dd(0{2nB
z3O-NgK-+=b3JN^wATT~?e+&6s=-Me5o6t^%+`oWNN9Jj_=#&ZgFxc_qTi7BnI|$DP
ziSiJD-+*2Sp{a1-StzOj?;4bT=w&<uO1=i)lcI#7`2wRtCIxku2Y_;w!004Q;T2HA
zQzaBl7s@_I`xcCaqWla3sZbOsq9EXg?x39mzZYcY1G@_Krog6yJ`81l&|)FOgfk7%
zo(F7a@Y|rwM)_2V2#FEp1Q7F4Hi06ZW+MB8wh+n|LCFWG?|}6Xlr5laA~H|oKwAQ3
z6`=FPpo0o8M?jXR^C-t4zYiIIIOP&{Q#J{}O;K|2Iw8Cc3bTY#moWA;cuyfaIS?ra
zj(rJCBhV7zL_5&_5Rv)}ykalCt-*`tLP)QI_aYzvc@W}hHV89e<bd$Z3i=zMeE^;j
zO75TxL;Ebs#lVHa$iIZ4dcZaj4uY+v-+*ljT@j))?V+OwXv08D0Dd-dSN@Fl2Z&DO
zDPXLFlHL$MjCLFVJat3w)}p=zv`fgtk!OL{4aO6JzYWDlAUhQ8kI=q|`g6#h^b6?I
z;KY;Q)dKr2%DTjlutB1g3&p>|P$2}a0LW7)z-egnG!{7x{HK8H4g=?qcY)s!&fErV
zgOK6a!>F$lPFT<$!X4mkltk!j4_(~8K?X5^dxva9eGw-j6$0=)6!Vk~o&jy1uA=_E
zQ1UE{ds2+xe-Hj%!QTSr|Db*byl0^MBI<6)^whDMeZwbQIZ}5pvQTaY^Ig<mM)@mx
zQY84NL|LQ@Ycif62cX!79%jPfRLEQqjGi!h4fyv!yM~+r9jCx^YSDrHQ6R2`v5%l&
zzYyAw_7iCLg0fQ(K9BZQ@bW+#3x%P=fk-IH1Lho*)(7t^)DNL7M&{`rbPqx1X|G-w
zHUN7D^>>i#@hdEYa-OaWq4rR+7<r#)b6z_bWWp$K_lFbHpg0P+#saqwG@eSeo?)U2
zy;ktwLVXzw&jqiU(8JJ9xvk4+KYxb8ZvZ?1MK{2_1;Nfj$y+cq4m1U{jlzJ0HcxZG
zO9g#AN?(DGhK^#?-N3W}Z@CVw`*~4!BE>Kim3BfA=bA<Rgz)k_j17dcN#HGk!t>zQ
z7rcIOc!4lD1mzU8vqcnwQ1_(XaEzz*aO589bD?84@V@-lXfF!^4k!lGDIACgcr^?W
zD7r5c^b}<Sq5QfqJ`z}-?t=fE&^HLY?V#U92X=rr7c%)m{wm7XVP{MV3{-(R3PPPw
z28z(4YPbMUHWYLRunpR6MXw#4DboAGfmmRE1pZHf=>vVI!F!B5FR+QCbOF;%)KlJr
zkVyy)6uscQFGYQeS9FAo;Z5LQK|U-nv2gld$h*<rCO{p*e*w7}<a>x{O$3j>8(v4d
zGwSd8;|lc*8Z+U9FMv<N<7fz704NiA2{KP#3k5ddc*;im5_p%3Zl3g$>nX!0C|$xG
zU2<IPrKgQfr(J6W7?iqXoNu(m8)wIx70$NIPI8+6hKaK|oVuER#Upzq8Xb<mK@x3t
zrxI@R)|})p>*jJ2i=XfrI%4SXoc3p0<y<UoQFOHUHPT>?CEh6zMWH3PNxN`|CLR%P
z>Z%N%GE|9hSYoY;%^IKFHQbRCRo1$fH)6!FVSmBV5OAZ_q?oNS_T)q-m$H;85{eyV
zEs#g^YIRvxUIdl5ZtbmZG7NHAl;Mt|(dEq~j(Vvwf)~pwBLkH=c3XlHW3-z<I9?eH
zdeH}!t)%+hOy)Vpq<CkyBG=gnzos0aSZz^CxI;0So#q&4j{o`aqNMZd35m*i{Cr#d
zoPNH2PRDoKJ{AoO@1)V0WH&2G4vRIGi_JABqX;mBI{=6RL3GG$Qs&s~MSb6$?i*ya
zDSTM0#ssqxYngAh7Nxx(>C-j>QCDn<PK(W|bPRWNRGc=&Hs5TwTTJGnLsw#bY5fG!
zqo~oRGwK!n<Lf(t!NYBE)(P8nVz68^_j{wCGJNPH#bUKMxeh*w6qC(r4ls=K(CH5e
zBv`3y3fQ1<Qx|0pCY9MVi1(uC-P_mv$k^Olq<fC~TgRNUzg=rPY4ijo&gjrAC!3wh
zY_r*lPV#AJ${Bn=y;XodKY1XW$%$~yjyNqcN9A0+-?gP+CdQkM@H!^W95YvO#+h>(
z{1M*O5)=23tV0`CE{z(Z>_|%FleOsSKUR~RU;i}ct|eoA5o3!Z_a5n#`!N~Kh7oed
z_eJiY#X8>@Z!y7$(Qb^vbaf2YCZuAr#9ExXLSuZqZGjn6pZCh*Kp1RFyv-UrSV=H0
zv?L@YDDh@%tTT@D_zD4x2Kkfo><54HgTw+Gkhz4N4<!GV+1)0@Uk>JD(J{#~M~RF~
zhST9Dgs~&N(~RW!IO8l1n$?^v^c!nVb{Hn**xn0fO@qm0*#{tnUT;O(G5k2?$L@6?
z7vvO^#hze|wa<z-855Nk^@-t_sk}IC^0=7+qpj$X)flgjVVpTW5$h2%Oc}0A>3})L
z7;Fw$8bTV~O6CEv#+sD{7H6C-$;k)O5`(!hCE4mUE*zx9CdNkcfngWJNQNIP?neIQ
z8}eU#VXyZj-^qQa@hwC13c==6cx1dWmdDM3NrG9Z&FDxhLTeYNa3O%j^~Im)ZEWVN
zri(+-RSc)D{$#-4h@A$IQ7ok&>Fv{3EGfR?Je{y09I<wbGg(Qr+xWue9>BPXchzo7
za<ILF$e=)aXe4RWe2&GAP4TZilW$Y>%aJ7W<tb*TldHv)6yESKdv{3mL`+mnb#zFd
zR<q5D-Hhex#8TI{10&W_jMHXM1_MzDWiN~(OB;mDNSbZot0Tc^HO86~%vQw1mVlPY
z!M>PGy8E$qGe`mH^}wF4t+zS0Br9g2F$w-zF=|F^_;84O%eOA}#tY;KX=kyTv_5Dn
z|KTOg=DtK$1_m1uC(C>;Z!$WKif#6*h#9>ZM_vkk<Uq0~EMziiC`L#d%m9}DDhVNN
z<C3g%wH02s;vzlUp^0vrOQz>6zt@OfoJ$hfjCj(7jP$sS7|gaUG#O%SR;w5>(HVpV
zK`}d=*i|f!IKDvt2BNDINa*N?1jRJ{KScR-<CeW)^s@xAflaZJ7CtQ9PR9AP(6%&X
zc2fLY#gd?%kqI`FnaT^uReELt38ddHAkWdZ3rSlU`#c-4kTmtJ&u4p5qB3nX8}u4+
z2lzRhCaf`9n?YJObeg#uBc=n6Pu3}ueCOB1s7xI<1;g)&0IiozZqRXq$q-tTO@=h*
z1MW3b`BomlI<F;fODrshobjQ4o5=61`({!gQFSZn-Vob>!^ZaoerVH*&7=i=DUSru
zp?PF!L#-Fqq=ea6s^RqOJfg5q^T-6EFHVyUI~G4s5{%B6IBXlqo)sCuI&3Gmef=Ft
zvk^K6ZIe&hvU>R>%fEY^&1$npa;n*m$sd_ykMF4MGF%asM3Mu`!D3aW+U)f3AyUc~
z9wyNw2wR#ipd?rv{On`}N60wemV5^@LNpE@#$YX3=4i8=xlfQ-(u%JaeYWfCMZuQJ
z*B2dolI&(-r^sc}u5Q(6C#$w4&Py^Q=sb3`1taT&v^$Y@`ob}dyoZsT089z226KYV
zO0yVg=Pzc7)}Vcg$+r@QdCVD-E7LjUWae~i+PV!~ys+0eVC7MP3^0f@{Q*4g09u&&
zO7*NNZF$r0%Smf`rJOkF%nB0D)>IHPVLoq=Pvs^tW-V3<f~@(?K6#VW%8JoDRQg@V
z=)JDlrFY0uISBT(dk{)J_H6J)GL!Vc1;(o2Bvf!-CYkxc35|Ahj189|o85w?s9#>-
zuYu0nO<J-emq?`C5j&riyN}HcS12vgf9<K-Or@W^Pdc_V+GFB4j+4A@7c}St62gDv
zX%|d-_5%`1kA6UY57EqvW5ctziIHIiACh!J>t7)qnkW%AYc!ub@#bjToH<=t#1-;5
zX~Rduq~DCN`zE1d$zlPs7p@YAf0*4li%+dtbIh3LgX(szL^zKlRi6;&KPS&TgQ<nn
z^MT-EgL)ve20s5d$g`bd((wK50T65S1?fUM8Rwc6egR*=1FMZhr{SX~kDoAV@+^K4
zn>A_Zlqsywm!!U|2PEw}X-S{TBhBfg>*N`B@;dpM(0(__0DAfcd4h#jkzs@`R>>Wf
z=^~Bf$4uJg6NjF@hV66pVe{NT`H6_t7!_c^PaM_5waJ?E?5$?>L=8zHQ8fBn@)isJ
zj<l3~wH=s7-6XAA7%ke7$X6yG46(&Nk|$OSgIu&<k8z`?OkFH48(h+um>ADjGj{~x
z!qmcXjaYFUeeo7q(MarroQO3_KfXo!bj1~$M_604iAH>>@as$+Fb-#XY@9M-==c#-
zzD>UBgvw&{kN4EBk@b1`*NF-1?5o@4NkVr9kl;q6;%&2y@sYUL;r|Y>SflxSH^Qb_
zXUE%O=JE+V)||{ib;fOqwxLd7t$!g#DFVZ%nXVgSKA?{>zu;H$G?_hR>g3TAMlIGi
zCw%MaZNp+gx8oqeY}5i*x2HXX;T_dU3NF0jqs+W85i8Qc`^oN-XgTDsE-JP;O0q4<
zu1p#|UAr;RiT5$bYJMmCsdAtAH2E9<wfkgnd+x)7VenQ&_uMD*NPimq2N~9|S7guL
zk-hsUJ$nu6Ie?k}zy(3>9o361{gZ^rjro@WdiqW3rf|nMsheq@Bt18t6V>C}U8(!(
z7~Y?vYIdP}!+ss$5%lI)6_>j5N<19;og|HVLM>eG-kIj1d86Hj3f1gA4}I-Izblh@
z;Iy+WMfd24dwXr!7B#)7s$`9Jm@4k0)K!$r@9OR?%ha@NwV=HEXob7{C_OGqE!Zov
zG>0^;uFP<i=Bu0c*L8-K`AF9Z&JLRACw1gyg`d>AFaN$WpzGQv^TQv+wPl&^BNgh}
z)$00H>dKwyPi@%>NZ$36I&%#j{H0fUxx!!9cnD=1Z-xAm7_$767=~D_ztn(#6w`b4
zrBGgm1W278gOzX-6sxOuRTUp`uQ}$*TLDuw>kEW)nr{!$*}MShCsMClP3flUqxs#K
zF;M!<r=4q0s_Rsint6<e2m0JAG8A{&Mm3v(KnDg%3d;|YO37GuLhlbk=*m6jT78s%
zD)aAT)r(VAwxzmoo9;>-UkihJY<czWLp2#07&E%QnG_byzr(A_E78_Wd)!yl%&lr^
z3C!q$^n8)iq-IhmJJn1o_igIRJLp=Kp&s3$&mn}HSz1e%eK7Euy2_f=6*argU?}tW
zgx#jNwiQ(GUGCnxk@apb)%p;Hrk$30uy$cm!}@GU4{2&WX=^dd?JF(!X;D?Yx_WQg
z19~t*ENCEx(9e~*&b73N^&c$F@=4J?!_~}f>b@*>)yC?KqPn@Gs7F`1GS`X^_x}LN
zKVE&Z0CSa(|9?=0uK=t!#YIo6-stMWBh~v;S>6z7gdZI~R_aN=9wFUrq8{6V(5P$q
z!oyZEfo6=7#zs~b7GPjq8wy>k(p)Q2s|%Uy_!7Pnw2-@xm#W*dT$vly{C(=NY<g>y
z)N7<`$$k#drh{u^hHKZJ+Ok#R)5*1?z@3++rk{o`UFk!*_|(^Qv0=|hrwHvaMoOZe
zjFDyp@wtMj>fV>8PgRA!Fjfkqy~ax8*#5E7d3myH%|12rwC<T&Sf-{I@ShocI_N`c
zcmR<}t9NlvAK>wxM~<*MadiZX7EhE0hU-$*6*<uOFrHI23$)23>FJ?}9d-^E-C0#q
zqNbLqM>D+yv{@$tS7%n2K-krl+!^}%B<aF)=qGfzax>K<)O~nwZP`{e`=FYhR(-Ts
zpITT&VCgRy*nDboD-mN?UMgaTx>~Zgs<_1ScA)^^-f;u~8vU$P$;f0WPhw?LC7GO_
zE=`iz+8I(8IYd{CN&nD8237z)@sjjA+c#5s!l$A4ZlTa0j8a#2&nR{9XW14>efar8
z53T-sQIk{QT2nAHKs;4w+v)Q3nx*^o#|(Al0oRJG06?%+V;1P5I0veimaBRDT_<+I
za!u+MH)arak)`SC@>5mCS*{Id)a*?G225&f)3wZ=Al>x!tFGMa+EhsKH%;5pG>6oI
z{pyg~`gQbNW5naiBfO)77Ga}kzDOG3(+?wq1EQ)Vzp7-tYiEX9N%f5%q4jJH-=uE9
zKYXZ)a$Q?b!kGZ}{OeMLMDJ%w_35igQe*17MCz^A`tw@7G^raqm?}m1bb%aS>A5Fy
z3RYEabFIur&-9HF-m9yR*K9rj3VUan^g>{0^^v{mx|LY*Ri)|rSh)`$t}0HgDn6*6
zleEJ+>G`RyBYO}o?3n)#_r;>b+(M9botVt(nk6+Et8v0rS8h_*?5HhEWAW>xpa#u7
zPZ;i_yWDG+tLw_EO7q#`JgJsY>vpNLjJ=O-*)BPKSm+)}CE*Vq-+bR)QGvrEz)*8=
zRdr#SzC$qI0_g$?bC<5emW*9cJCOCA>!FQ{y|-7o)}Sdi0KPo5V?-@HQ+<3F-FiZL
zv8i`|^^s+@C#2RSSZ81as|%NV1}=b+lTs7XW*gOa8-2AYk#&cPi8eYVP4Ux5gW}JP
zC9;2>k{Xb1)s@>ZM?H@T27Z9yz&VsvRlKIEbPwW!5z{gBi_=oXlc0O19iQ?#t4=E5
z0R<kde*tL^CT(N|Oq%Y)Ldsy@PakpGxm=16bvB_~+Ag)ycW&2;Gc_66`tIl2ze_F4
zrtRO5uF~J%kjxzluwc|oijm-}NW0kR9mH0_Uo&Q&l{)#cS?@^48q)qx$|3aZIjIFb
zdR6iZtSUZ<;lOrYReG9|t5Qqa{hIVMhWsE4`$%&8Hqf3lM91YXq}xr^vXbgut1v?D
zeaEorL6m;A3=81S7t(-WeI`6OK>}FRm(p#CO}s9xl!9F=*I_ePo|!sz5)X$yJK2xl
zNIMB*RZ?TZYE>yzrb>-83EmyVhO1xL=z$ukJ<YF?)&%PJKJ7YUVqLzK=95S@d!1Um
zv^q82GZXlkx9Uty`s%9E(yH=Y@5vIt^1hSy`uV9x*5b&a6MmA~u%16juhr}Fi1!bE
zQNRLFOEy3SzdiD|k8}5=>+HmD(u*XBzvqg_4|iD!4rCU1U;5g&`Hlh}i)?Jzd?jO9
zRGrz&zLn&eq?PwNQ`an4vrkkXJ*JlD(vd#$n{1G;+(c6Ns?yFCoUGM_yFJ%gL`-Z7
z+x_J>G}m8FZ{y+N)~D~Lbr&G|u3HMBed@`}>0ADCXfyqb4%d)O>`B#?TiyG!=vjZc
zljm`SovtVQXqVfw_2n?uDL`H#({_#I*IGXuT^<oFy0oN`tb`%f+3Rq%)MKr4;Hr1f
z>7qvRVLG(2+?6e8EDs=5euMO7;X(3cxwY8a@|R(mDR>aCyD?Gx@3xzb*0)e`UpL{7
z?dZyf1XoA>su5t&cUf2N9;^b-#r_dMIzCw58>*%s#<2ev7;D}_9w>!Zm9FvLjS$}I
z!csMRqdt~6nRtVyot4_qWA94=Y*{OLkxZ|L$Sndee5=)!yYS(_ZiUG8NSCV80)346
z3SPSov2pDz!y>M(+@NmV&M!^4tf!W-du`=zayy(v4=y3s+C2Bk-R{yH*Y-R*^WRb{
zI!KWN+v#M__&>C*(h-V$DA1L~j~cOp{#4|a^p+x*hQbGZoA#ay7{i*>H2sWVM?&Sb
zgocF4p>1%1R?AYc4@Il1b1|Qz@f}q|aq(C|9}km%Xyw{e;m$A7FF;l0%lX{UZfUH0
zCwZ)YH$414@JNHBPT!V!6tu0((*x@4E}I`;vR^&2$$Q!0Z1EllgQ_9)3*$pP_HlQ)
zB?-gODSv;CQ7~R=1%;#do@6(B$Z1kE`juX!e^kI7>}`B=!d+3(?*s<ivDEx6e}!;o
zwA_krjh1Jy20i7MCEB!)+?%HKkw>y``(SOe7aqfKGkZU|r5q(rbEwrW)mYMe%Hq5_
zdW?^-_6dX~Qj@yjM(UCPy6!cM>&}640UmFL4U*qxT?WhN$cy^(xqgxSCUr0VQ6jLf
zEAD;kyD9+&_mLH9MS9&)q~nyRs3`s|>gXC^&=;40i8mcZhq0d?m$&*wXiq!1S?GHl
zHU+gLyQ*xHnx5${*@wFizjJEOI$6Wy{7`YyWn!@x=x;K(G2m+pG15048ZlgcGE%K9
zcjw|@;@|VQ462#S)ibAY&qF|UDeONuM|5p$)^LQaH-GLCLDTMNT<gAL55P+fRh5?O
z_YAz=Orlxi<<|76k#Z2dIYMqq^GC?P#}qRCPVd@yjE`wL-WyW+nDXZyeCT*H{{y*t
z-=3NcY5K5fQrhJJb4|QBOki6_%A@s1B5}XcCY7Q+5{aI9xyrtNM($5$iN_#)OXqJV
z54`~CyMey+ALi+1JP$-w<#`wt#L`vDpC?=^4yea-S&K39SQ%SmiT<gE&P^Ae?|Ps0
hP|)Yb%el=Tg`&pse1pJ`&W~d2O1xu3eJ04m{}&bY0%iaJ

delta 52352
zcmZ791$0$MqxSKgAc2Gs2ojuwI|L5|LU4E2;O?|IY~0-`?pEC0U5Z1C6nB>bg%|Gs
zIWw%)?>p<B_ct?p+|Eg$+#yE;Ps|N;ZwE)8?(pgp%W+cRgOZL@J-~5(AE{Kwd9%fF
za^PDG$JARLCzg-nG{g|%Ew?$&N$igau*`PHNrDY9IrhNRIMK$}quM!bbe$&z@{kZ?
zhj|cYt!?d&dOi^g;vpOV7fTV(vD0yKVs|W$i%|KVqZ&%L%W)Ww6Nw>M$=VW=IxamY
zpo}xDo2}<D3F$8}J;vN^@@2D@!}z4P!fe<JGvX3Vho>+zzCzU#vd0*Tafp}4gtYI}
zA)qPhfQfLdjW0rFJc!Bh9IC=+s0tJ8b(~a~9phm|48%s57~5kC9E=*kd{q61?ejm;
zRgd2gNQNQ%s0{O<rYs6oK?hWYqc9CFKvi@QRqmSgoi%X3NzZI8iJ8dP1hoVsFd@$0
z&-|w%u-Rt3XnlzqVXOm=Qx?-;Ft$T=tUsz_qilQ`s=|$^^kb-e_pu1RM$JI>gJveH
zqn57ILDvLa5;TRAF#|3}b?gNC<6}&N@31N+JY+i767v)P9h2fc)Qo;ZbtK(kGZT@h
z@(nR94nTEip-Vs+k78E5XEOvIah%4)Lva{R!1S2lC_5R$P!07#Rk#q9|1j3TG{-25
zzo2Gr8ES@hpl0?gYDwKkHsOCZL*nBmV>Z+bL}E3JLap@%RK=$;E`Gz57;wTglm#^t
zMNpfz4r=7xt<$g&@okuy_MJBbG_s`JBHDZrm<c<eDwvAu@p{aNCs3R3HL61~PMLfj
zEJ3^o7DX3z59~$d`-pil-f1(iQkYifzXgE|JQ#s$;CEDyFWK~us3}f<#+>U2R0o@*
z2gjh6a1CmTPuTb^8~+!z>x0gkJ(dX>xf6!zY2Rr^Km|vjuFyG{4%efW;1X(v-r0D_
zIg?%h)zR9h4)n6=(=d|wX4HT_pmzX&n0g{GHR&zT%|&1+0X4W8wJENlrtB5w!r13c
zgN0B_Q4clM-B1m0vFR634Lw73IPijLC=X^KUISIWKdQay7nuJr0y|026um?B*#Dwg
zlH8~Qb<u-eF%C|~Ae?XG>rfrujoKSmF#um+D1JtDG|MGp8O%<+#U<unyLS=^f8jce
zhodi>HU14%!6D3t@3AswzT!CLuqVd$ah(0Aj-9+}yo&0;ebf@Z#^M<Fn&Y&_YB&+M
zy9ACAD0`g`7-jg=bSM#OQ|86kSRZv7TA<d>#RRwjW8h}2i#xFt#%DA+unuYf!!Rdq
z#q#(7tD&3ohPilL%tpd$)b75D$?!XBhLYYiBP)n%xD;xp>R|}BLq8mhad9+iFU&&a
z+l@)_3~Kj3LfUhkpj&1{;i$E5h?=q?s17W`gt!MaLl;o_uA?gafr&BcZ8Jlms18-a
zyx0=ev011kT!@;PE0|U1Kic1BH|E6nJg9*>RxMF8F#<Jp>o5i0LhasvF&3t}V|IHc
z)KXPK%}^cGDQJ&@I1$zGJWPeBF@;Ou83B#J@2)A33N>XVt+h}UwnB}h4;I70s1Y5+
z!uStr_vgN6W~eNxq0X2R$76C_gPOVH=xS>35>Uo}P{%RReY1vDP#GIrd!afy8CB6r
z)Kniqf4qt5@G)wM0v?#P&V$~iMa|?8jE);0F#qbnHWD<Ir%{{dG8V-9s9l=;q2m<5
zj;JYIg2nLyMq+|T=Hs{)YR%_jAv}+v=>OP!4+zIf#Cu~|Jo=dVk0cQIgbyC9f;t7`
zu_*4uGWZE~;Y2(&OHc*N5wC-~NEV=`{tRj+@1gShJTq$_9~DoHX)zc2V-1&p)~+$C
zf>{`h>rgXu5H+P&QJeE$`#jEb(@<*E-iScuuYsDOHkcl#V=UZ-neZ@biJxOebkn~u
zYf=%jlF%2^;4;+I9Y<ySjM*{uOS2~`q4q#)RQeF~$MvWI?85wb7BzrquS`cXp|13B
zWRts2Ednt~Xoah>BWj95UNak57&X<GQ0Xb&m`zm-HNv*2k&nmHxEOQe6V!|*duw)o
zDC$0`g4)#WFqO{#Py(8g#i*&gfy($A)u8`7Qy>Rwx0gjV7=@|v7hH(bPz~mPZ)T<<
z1`}^%<9%&>2C4(AFd6MThY4s(Zet1jgsQ0U2eWCaVSM6EQOB=4X28+thwCu`Znw`*
zqn73#=EU!)CCKrSAIq>hHo@P~ZA2j8A2ZUnSdaKvRQdx{f#RQ7Kb&h_h#ulgF*6=T
zHTcS=`+qha%Z4GO=SA&}is*}VP#v!Snfcd9JCP6<hoVM01+@fAQ5Ek;P1y}p{*R~%
z0=}3TNsUQ}7eHOnRZ;bHwDE!V`5a72`W96E=e{uinxdy9sKO-wn$PX*n2mTCj>MK&
zA75Z>Ec4aOKsD5{>W12UvoR9?#(e1cW{!7l)Tx?;T8d4WAFsLuLJ7qApIQ5&c#QZU
zEQDpho240yDTpscHFOYlLHYeKOHdkh3_D{EoMY2ZqB{5vi(oRx$NSTCT}(~f9Ya9p
zdo?D*3#gI5K<)k{K0e;#6po5_LNzqW#`mK3z#Y_xV*8o~ilI8%9h2h@RK1r`OXEcI
z(STehn1B*;p{Axds>iJ`A&y5~Op7rWo<()!f2fgqqMP(8sC)y_4_9GI+=v?KAD9JS
zqX(15@Nv@U{1+ym<J1V1VF;?=@0bctp$DI$^7+R!GZl*3-4#)ruLTBTf7F1+U>Tf?
z9=wmaF}k0rrvS#GeWwut6>Nvmu@~yN^+z>02ovLSjE8$|{2Xf2KEwe0f*NTIem^rG
zGoY5>h}EBOs$Gd!Lk}KAS5tV8z(kDaZz@=bTB`%7P4)uIW7Yr@{{<t7Z?f_CSdDn@
zI6h8I9D)&e6;(b_ppP>cYoa#c71Uk{j_cz(RS1-e>*LhMnW!0giCT(IL8fCfu?6u=
z@k|HDVkzQlFb%#z?VaHGW=|AA4WK2eo=K=pzRNzpi}#2J1-m{D%i_EX_Hi1L@Fjt1
zpmsvzub7DR>8LecgIe1o7zeLn5Z*_9%)UqE`-a*(i4vLge5g}U6xFf%s8clDC6JfE
zCe*HdgqoUHs5MQW*le0mR7aYlj$3ck$QGeSei~KrYt-pT9%AAVsCawSUK)=c+>F{g
z?qveS2t2VFGAA*+y9#QA?NFPqCu*eQt@CX9T2#l6pf0F0sMGV*>X+2Vd-rER-L#>o
zkw+l|ah-7lJS1$z0W8H;R7JItvozQZwMlzhm!mGK%czdOMvW|23S({5J<-p`*Pv$V
z0_r~bib*kEN_CXomX&}CltW#`y-{no%6bAdRgY0?`xSLe6Q(jVk`y&lSy1^3U>dA|
zTC$GTA*k}RP&2d<<7&76K|oV`8})_Z6>3C2sZEbFq0)<BY^;jvaDCLr>S!#0(@-;Y
z8nqd}pe`I=j~P%t)E=pcS~3@1eX5Nl&=K!qO{|i}$NOow7)KHRhShO+S|8^=Uc>gd
zJDrbH5i_PYH(hsBd?%K~7#YmHQ66={O+}4-5qfZc2F}0M<PHgu_z{a^fs8)hkI&xN
zlK5I|jlr4Bi29&Lx(4+r`6p`W5@a?rQwnv8enB0()tCv7p*G<w)J&wz;+o@EK8u;6
z0jPp=Q4L(ga_D6Baauun)SbT`wF!@-*7zQ3raq(AesDG)@0ZghsNH@7mG2{}TtIdo
zrxs>(323wR!_@d29>86wHSd?h$7zQXP(A;Q%AYBxd0qx}TI!=3?rGz*P@8fqYA+o^
zU0hG>^M5fjaW^EF>0u=1A)yoM!9rAnCs7}(pHassU8q^2%BZ`2qV+6l2?BDPsV#yk
z-xiDdaJ8eB;7T6*@r^8v>v-~-H7bHS9`(?J-E4e{eZB^@6vt5`j+f8m%YmBGDp&^F
zp*p+)bt-P4W*|7f*(+hFeBCjQ&i_sVx)6?`mf#L*CY%Chgn3cNv>SHEw-|vf3!2Ti
z1T_;^uskLRGYvJye8gv>mh24bs(y}|nV>>kV5&HRfIiIzVk92M(ipw4naT>NbKDcF
z;7U|OpRC2h&GWISO}iI0;^(O29KVQ<_h-yj7*2d47Q>t9YD!bEKq}Y@^<gm;mA(y2
z;14X0B_e#B(KrlMLEK_?>QVXHq4vn{sPli-#*;;w5tl;ETo2R?Z;IsnS0eC`1WjR{
z;^qrNSBxaS7PVHdP#wx&!hBB{i0O%6Ms@rPs=`bq%}g{v&CocE#H*-=LrR$ost&5d
zi%YpC!$T5u?lYD)r=byQ6OG1#xCOOlFYNQ=Wz23bXYGSp>(!`D{5Q71&)6Fql{Fo^
zf(?lKmGg0~b1Is<1auRHS1@bV26arvqeie5HS!-=7|T`k@&2$n6dnF=52|B(E1Avv
z0%H)5Q`vln3`SkKiE$|A!=tzZH9&V@74y|-6>5{6N9|JIs%A<v;yB{<Q5|`NDwwO9
zS+WMGb3Y4p6`!>6Xw}VL%7+<AuZwALAZl|iL~cgcIYvNJ{~q-zn5BmKmRkt5rWG&>
z2cSRRvOclCw|>XWJda(|<jZ3%in{sAp+0LGpzez<m`DeE3;}&^FT{Ab1=Y||jEUzl
zHeN$rsdrKNUZL{+zyS2GWj=foqh_QGY9@PO7|ub>@MY9yj9HuGN&8M|0^0qvQ8RH3
zwV49zn47KyYPUzB_R28SNH?G^mOoLO?lZ>4_;t-lJ*W=n$3QHBC9xW6k4-~YBiLgz
z9LKc8ub>A%qehUlo;hYkQ6HxrtRqq14VR!c;Vzs06!mErqrT}-a#TB6QB$8E)$wZe
zIse+7T}aU87>^!Yk80>VszWbOcYaU<lb#)Qe#@cCk41efuR_h>LDY<WLfsE38k&YH
zpz3Xf+FOGga{kru780~JS5aTBVl^@&2t$pq3TiL3LQQo?^u^(*wH<}thEXH`gqo4S
z#-;;BP)pVxwS-e`e7{RT4Lm_r@B{U!mA{EOCLK}7ZVKuqyn&j+v{9zxMN#FWP&3sN
zJvbXR(p{(yUq#K-Yt&2zHZ>QWo0WhnsEewgGwOU!MorOnRF9vbj!)udreHSIDX3>{
zhkD)@H3Jh-4J|{>@FD91)ai)X+}ob(6eOS#H9%$j6*UtxQJdy02IF<qE`E;T_yvn#
z{ubtf>5f^6&qg(T1a)lhq6eR&KIY@JG&7PBQ|tT}BcQ2@Lfr%XP#v0x>gj6x{03?Y
zKVfQ2)XFrJAC+DMwRgIrHseCnjO@THcouaNenQPqs@Ci|o&S6U)U(#8V=)Nx;sVrO
zxP+1D-^OgVil`YHhFYRssLl2gwaHSnH8WWnwUliz298G!Y$~dQ>(JGRj}ef6p*r#k
zHNsf!OiwdoVd4>}&D00=e2RU($$G+i8?|H~Q2G4Yo4t|=Reu<2uhnSJ`PU};l>|-A
z2-L{eqDFKVwKVZMn2RVoYU-+?j$Lci`CfoJzGqQ;<Ogam1a>q_6NcI=b+9;2Ma|Te
zj;@*F?<A<={GH5csEAtA=BSDWq4vTWRKc65QxT)H=~!;m($z+F_!m_9Nf?0ZP@8)f
zYQQ&9Gx5?Tpegn1VhVatYg)wG1$6~4M(<BBsNMa_8qn30&x~5r;;5OZk2=<4QER@~
z#`jt;qdMw7C!ikrbu$$tL3Jn;`FwWDqc%}b)QIMyM!E~tu|H84)c;T;D%0Im+!VFO
z{ZSoSfa>4{)M<E%%!unG=wYTPKgQxganux7KuvuQ)Lxj6>d0BtF?)~dV7gySh1F0q
z)E70?i&0B<1l8e>s179j)$FzGm_p~jCIJr*x}w%}GOD4yr~>y<BmIh+%G5p0OcX|S
zv>s|igHazkYfzi`JZeux?`1BsWT^Wf1L|}X#>BMmR3@O$>6WMlyP=NFXw;OiLXG4&
zYVALx8cNjLbhNOwDXOC*Q2AD)rv5l;M!uj2llL(*QUqN!)R2ItvLEWgS&6z2{zi4^
zJ*p!Cea(_&LFKQ7+N^_7&$poV&PCKrJx47`%zkDs<V3Ys9X;5sALn0FK7|CW(LU69
zzJ=O60sYO|=S1BPjZu4I7^>p+sF7Vm?U6624rCr+I#3)nBaKiqHVC!rm!WRZg9AAK
zTDwmqXv)$IGzB714KznJI0m)WThW8JQ6v0;Y9JZ)Xk-znd`)b8B&y>pP#rjj-Wf#?
z@c?&_*$mlH=d~DW^VLCZqW(6%!N#wm8uTA*j$2Mth2>D?nxY3spk{Cd>R6saE$IW)
zfInN^v_s6uE1`!6?NAkt!8EuSRp5wy{t7kHprK}DxlkjngUaWk%B@1}iPJXz6ty$~
z!^{$-M>e(VL=w;*=!Pmd&t}+<9^yA_`Zv^+ry6b=E`<4rH$~0JbW}Y%Q5}4U9*i-<
z3@9TiUj%BeHOGuP|APsr;+6KnVN_4=p*r*xwFgp;v{Q|m+NP+6hN7M?L9O*URDB<<
z@kW^jv!T)}pz3Xfezfn5BoKfTt#eRQw*qz39Yw9(NBcbXXj4%l)G-W2<!g-U*m$gn
z8&G@b8)}I{$Cyo6AJx%;=z0h&BcKe&tglf8lZ-WMS_u{JiJH3AsLgf~wX0vFW-Q@2
zb82#+p4UdrOg~h<<*0^F+xWY2oPQm=kn!e*%ZH_iw?a+PYSb}2gPM^KsPh{<!HhH~
zYO_{H-E{3R2<M;%v<B7iWt;v5HGtR?&0fhok#ks`gjyto<8q9N_pm5FMXhnBNv7el
z7@c?vR0rFlKaN4oz;x6pScmG^byU7L7$1Wtn`53HwWQ%L0j*tCRK<#`f?=ov>rf3G
zKo6cq?cx`x%@l8nnVD>;4wpxrf{~~jaWm>lzlZt^NjlYh%2q(#H*QS=s<6Fv0;=F9
z)SBN#jUdr9vlInUOAv+nbnAy2$z;@0E<@FK2sN-rsDUJ&ZqhTOHfbefFSt$@0$QsX
zsI}UUnz{$pZ>Y_baE7rk79!ph!|*p$xl5>ye#Qt)Hq&gj`shb|5Gvm&RDEkPiO&Be
z0`W+AVKe*>H8p8xnVBer+I($M1xKJhq<%-O`Cq6__uj^%%{C)Xf!ghrP&3v8wU;KM
zW@<g=(fL0^KqLNvTGNo<%#`Lq^|%abDm$PG&OznhVV|Ezosy5J8Av(D)Kd&qt^uke
zV^B-B5%opnIJ(*_HwnbWSaVIqA*hCPp$gWr@qVb0EJQW9$NB)(u{iV0cfl;Ei>W(m
ztrwu`KZH7d7f=IuGmrDHK&<&@4|q@&l}C-FHEJzKVKh9B+H9xMgMXvSI}40SFgMXq
z)Bu{JHuFeShqmDaypPkc`$E?o2fsyTZQ`Li5Q<v!%BT@^K<(-Y=)p~>4qig#`-ob)
z1dGiK<wSk#RzTf=Em3=BBI>H&i|XJ>mw=}76?!o764T>?sHJI*x(}wHI<N<|iSD2(
zbe5VW%87bj8?{OMpw9gQ)Hj{0sJ#$pnJHfcH88gk0d>GdjbH`pCOm|?FutQQ=2~tl
zu7RqkH|o3JO4O3vK+VW&R6X%mn4cN5qte@0N2B*@Mh56QmkH<`J1b2?g-}b-2=)2i
z2eroQP*Z&j)$jw<2t!tx8LEQ17kZ;Qv<Y>Lk6|Ueg=I18YO_hZV+o!A-2}9&zoVu$
z*%}isj5;QDP{*bNYI6-nb!4;k0;<EWQ6rD@yQwD=YPXj~-7l?C9qNU;HzuI>@BgeI
zpoS0G2lr47enqWm{I%wJe$-ObMy-8s)LJh`Ey)=yh~H4VKHoYskQV4&Yg9)U+xUL;
z{{8=Z1av%NuQ$830BY)+p*l7L)!;VNrhI@NjJLt8Wo}fy2B;4AMdhE5fp`YJHzjH*
z-=mf&U?b;WQ<-|BnVO=gAB}3ErmhWYCPrXvoQs;`<){h|qK?^LHvI!?s)II}5qnV2
zOQM#zF=__-U}2oGiSw@>T_8aPpQ28~zo=uEcC*<7l~5gPhI;-Bs=~Rb26mvzU$oEf
zqXrPL#oT;ZQRNF^EUbh&1+`rQ+RXz|Bie{ME~iixzCc|R|3eR^-D*dKzQh}&X0R#7
zz=5dm3&T)TJP|d(C8!2>qX!?L%DFMNnO}{hLsi%mHS!jyO*0-fWgAdyd=_=1y|mAh
zY&YrQsI_m1+LSJ;fn}(fIE*TP54AUZcX&JKI-vyAKq=HrG{d|&4fWx30@ab%s0M;}
zng$A>K2#c^M%n>`&_y*g5w*taQ8W4s)uA}M%#vosWIF%F2&jh*(0g@abm9w8Yr7QH
zz&_M{a1k}dk5N<m4s|d1?>6O&pgPbTwRA&JGrIycpw+0&d;zo2zH@_sIuK)znVR&d
zV^#xI!9euj64V|!f<^HbDqr%wW(Lcmhj>fW%{Ux2lY3B8{sy&qQ|&XSstme1PK^iz
zU@we=L$M%ELhlk-U!yir;{9fX#ZVoJLQQRNRKqh+9Y2fO#P3iu743jIHOW!=3LdcE
z|2vbQwHk|B<723fJ;O2><DeNqCDhdSMIFE4sEQZa_)Z(Yf-3(Kb$`S<WK4zHOZiYU
zQumN+)@(QlT7osGoA4BB(|p4GnDnqISQRxR-BBHwjT-4z^j<`$tM>zH>eC%Dr=>2o
zCO!l^;#1V7uj3vy1$v+wT#Tyl2<mI|Q`D*WirPdukC_?DjcTwqYO{4g4PYW_N!Fq2
zJC3?|o}y;t8|t12Ic|U6NJ&7)C@q%9+^8w<hnng`s3|^+nwf{F3WHCW3NxS@jzpzL
zq4IaP&&Qxfx(v1Ehft^J3o?VQ6ZfPUK~@aqK?T%t>WA73YpoYhyZs}oBWX^V%~%CB
z6TNJFGHT?zP&0QEwFiPu+YY1hM`A9W{{{p!f-$IySD|jWtEdWm&e)GrRJ;Z1`3%%Z
z4x-9mMNR!j`#kPh^Mgkr)afXWI%QF)J=6g`I{#A$Xo@zYX5c)khd$>_#^k7qOQ0HR
zh`NyaVq%<t8u2pJNROj-_bt@k2>8Qn@@%Ljs*Xx;iLNRbMnGR6=3pS6Mm6*&YSVnS
z@dW2h1$j_QQySILcBrd&DC)dVMeY8js2lY<YR10Xc$N!hDXU)K{OdtK64dkMsFChL
z9j_~>sd|e#w@EIVH4jJ4Kugp}dt)J7j=JIQpa)}JGMh0AYS$M>ZNjox7zbYB{Hvm!
zBxvo=qL$!a)Qn`iY^Jy&YOTAY&i6<xh}%#DcxBU*UNPzAFr4&3sQUJxHuX!Jp8Bfk
zSVNb9rmP2Qs)nJC<7(8$@J`fJ-beL3<eKSu6;!#=sE+-H{<t2s#=ER%Q8RM~wWP_e
zn+vTFYUbQ71T<yyFdrU8P4&O1O_K6YGnGYAGt~rDusiCT%tF*fwF<QtcB2Qcpl;58
zP#0SEzsz2$jylF2kyGJ1vrNF*hRS#u)uAt_sY`RibgTwyhDM@J%UaYPIfeRAdW11C
z=%!h+#8{Ge4%8BLL+!1(sQg<oROkOT0W}<S%Zw-=s-dE&hFYN3d=P5n>roZn!buqG
zwyAJ7YGjA7EWSd`P=UYAy-^Icr@Eu+UyNmF-#I}*$0_KJX)rJ9JXf>v?x>MYM0I2h
z>e&8epT9*dS=_s(gSk-+MWHtJMAR3KJ*a%gP<!hsy4n;8?wPg8gC63QQES=R#z&!U
zzE!AQd=s@qaqrs^qGqZXY9NiQgHQumir$7%Gx!wMZpZ`9zs_NS2j<V^x}nbdX4K~S
z3so@QL$k^9qDE30wacrbK5Uw!ANECcd<bfW=A!PE&FI0CsQRASc;F+~?DCwC%m}KW
zj#CHgAXHDMqblBl8sRxqN8j1>q>oL9@}lyUL2cfq=)uYM`6m1PC~6P=?GmU>!2gLE
zSyNO8+M`D1qIT^})QC6O^uwt8;09`M1V6O{u~tEC>dxrFsi=Ep3u*}tqh`i^OF(zL
z-!pTeq(x0pUR1+%P(AH}YUnrAjBG<q@fFk>zd%(S_qmyYBB)(n2jgIW)Dn$GosP*!
z{jT#T0gdb(dN9TdvwJh5Hd!6iObkR#`3(DfFX}YBM4jgpFU=B`Ms=h)YWGh<Ey-R~
z$FHGo&VMku&cEL)(?B}ZgK$)bDxoh%VKi)xrLi^Y?*ARN#t&>f(QA`l86!v^j_U9c
z>vPnAg5Q|UTo_a8{8u8N9=1nK`7qRo=b;C;qR#78)MtV7)@;Ijs41?8I(`FD4a~6~
zMwNSxx|kBZGkc~us=eOmdI(G*pgph|wQ0_w(%)lhO!(eZoDT~TZ-hDpGpxH%9l4E~
z;^-etxpb)dO4@i^)WtLk)zKXvIRA|Z+##VX7X4_ZemMFQpM{$8C8()>ifSO)Kjt%`
z5URq?s7*T`)schN$EXejelmYyF%No(cSm(#>L<>>HqmYpv{{~^);8p`*;G|g74}9|
zG#~5ZVJw9yznBg;N6p}`sEQ|{rg#Tx4_rib{EJOb@~>I4JT3tpud1kmeNhc9MxD>&
zsJ(Ctb=*Fp2jhG-Un+B;mZ&1C107KLMxZ({&&Ic-?v-<>`tGAX&fTvz5cJJ#mUO6$
zl~J3jIjTc0YNnQ=8n}ess}xHR5B#4wcGXY=8i>lj3bm=P<5VB^E^4NS|M2c5*V#nC
zp9e2c4S(X$-NZOPzTSqOqDJWW`g*6(gKD@K>T7j#>md7lK59?wMGfGkeeNI4*Sl#m
zqdvqcVLqMzf!+YS9}Dx~32FrCqWe0LSOqnbiKrWJ9|qxHsHuF0>bP$VU++jmPz{Ho
zI$GJ<6_tM~>h!EZ@9+QqAfPFJhPrryV){C1FfFRVQr4z6y}xxnYHAOluGl|O9eIS>
zv|sJ>G=8SO!l-<WY`h)1YG|xYSZn<QHNv-6pID}$_^3^m6}78Nqc%}T>mc+HpN86e
zTTvI#9~c+Epk^jkY}3&Uv3*@{fx;wcY8qO5SjVE)eu<4AMi22D)^FC7{-%5cs)0JF
z)6)YrL!(h0U5vU<w%PP={;rwwL;+^AWyU}<6hn=mGOB_$s0(QjYUE>4-+DKpHsKLe
z{(GpI`(}+3$K+3eI{zh6OVAv(L|t40`uv}cmGC*{!>~Zp<4&l1VK8dySD`v|1XaN;
z)ZHE}t{HhQRJ;;u>U*OH7h`ukjFDI%$kgxlBA_W7YZF$Y&i5WvMVC+w{jlj7;`w^N
z)fT}3(o0*b+w{iP*48f8-l%#9V}6{4%!uopBT$5dm#B~5tntlA!%+q5pgP#e#>d#_
zi%?6k2g~4nR6SXPeZ5zB8`P)e0@Ms%LJxjL&18xMigW%8642V!!!+0(wN}%x1a8Ix
z_z$Xq90^SY?NMJehNG5bGiJv#HvNk=QzDaI+d2e2<XbOk-#Je}7sXrqAYo#&sq&*b
zR1<X}{fcU6p^fiEo%aXm!7r$LBw2_lR}6IunxST(7wY)}8$W`shlCddWMC4rX>y|C
z^-#OJ50=B3_W2!Dh5kv+^E{|2t%ilM18QlOqh|K3ef}7A_4+0=9n6=E^RFJ(A)yp@
zMD=i^&2Saf&}Y;Pc#@kbuZa3S&<C|tt5Gv`5}V+2)ZVF(!ffJZ*72wT?L>9(S_;m;
zHr;m;bU_5AH1|O|^bjwAx`OMX&UFve@f?a;iXGMqs8jL`RdKvjzRqVXh^jv{wXgR}
zYH`#Iv`5u5*Cn8He*rbcsXQDjA1)l!MbsmWxiAK!E}#jhy)qlC;vQ7PankyF{}e3`
zZY16T^}}b%biUpn-7=y&Rv%UGAk+-G69{OHmZ7fN{TLJf#s>HZ)v@B~%~Fg(?fOkN
zeg}0*VrB64{!+RkYAHrr*Pxc@EUNw&sN)<bqdosw2x#idSsS6&yeq1wvrtpN9CaaW
zv+4IxOY;V`XX0csAJe%}BW;RmXe6rPrKlx4g4(RNFs9D`X98N2AE=qgo!M9s)o?4+
z$MUbJ?*XGw9o~-3@HE!M99c|!Fe-i@b=McnYL=)JW+vX=Iu+B>zO#pbdipnNjlbCp
ze%VYs6xES%)M=@Rx_X<TzDRUJ&BSEX2-l+W9Yf9JO;m@YXE&QM3F_X+g09v&f<Q4W
zjk@WETlb)*_C0C}ljJalp*BxFYZuhajX*WD5Vh;Kpl-yYsF`?&n#mv5;GCR)C1l8H
z9)zJPsE8^Mg_^RC*6FBozt6^Bqlb8sTxQc2LY0q1&15aq7mp~cjh#{V!x2<H=|WvI
zMYTfB$opd<9&AS4^)FEuPuAR~KyB3SAA!oZ1<T_rtb$>A%omK2s2M$rc`-1rIUU7O
z<y_PZ?o>cMK94%r4^UI-m(Q$W8q}H=M4g6es2OX5@v$3f^A1Igcq{5+Ie;qn(Hb|u
zDVGT~u)?S%a(mgpDAd(B8`Z#en|=zl1UFD$D54ke_5KPbC*~m@h7s5Sm2b68zl7R+
zF$<bwn-kU12B^I>4$1F2zZ1~zzk=Fq?`(#UFf*cpsNG!x)$=B(3g)18`EFFX3#bwO
zgPIAyLcY#A3`X6M2XQVwMtw*PE36rJx$y|-V!4MJLELbAZc$TN3U%)LppM~6REKw1
zub`If9jbhsBBrDHQA^t$HGmPQi)k_H*q+4HwC}tmpb7$un%$fUXA>`n`c`}obz}XD
z8hN4!lRrP|99OmRmZ&u!i0bG}EQu>nOZpr&W8dxbgvB`jsxUnP%|I!Pja^Ya?u(kz
z8K`_KQ2CCd?)dkp-JK}XoSyQi_#o7szs1Hc+2?-6&GQJ<z0<uo=U;(7B&dNws8g^I
zHIl<N{U$2kH`GX?l`w0Z7^4wSgBn=|RL8?n1F37%o1vz>7ix*-pxQZ7!Zkg8OoFB?
zW=V4{6QhTC4%9_a1+_#jYBSA7t>u1H#gFWB|5CnAapLJw=esp(GY&vCI0}d18mxq&
zZfUdG2B3O226e$~#-e!Fn!1cRK8;ZgOhg^83#bd~3+foAFKg0UppM&E9D{qYES4*0
zIx-10<L+hxI#!pk8pbPc?(Al$j!ZyRv<J1eudHb+n2yvzeP+x;9m79R`97eQB6CIa
z<9I1lM}M&{K=QlJDFQlXukC~MmCV#u#ayKK#DcgSHNxAdnMzsN<ST<(noc%85;d}Q
zHvODUe}Y=#pem*#sWG?Ce+2@%+4`f_dO2!puUUVfAMs38&D!Te9mm?JUEUS7Stp{_
zd?ji#?nlkQ71XAEYmHvbJP$$dzyFtmfHKsuwnBaS^|lU2RX7D};7Zg5^c6LwNvfL}
zEQ$Wads~O1PR#_=DVdI%>Dj3E&Y`P@?%IS`sJKrJb9~}r0^&(<3TDTWxZfJBrmy!O
z6e)|^-8)dH;s*9Z-&&^Q15q<I4fEh;48upYIR6?!>e^=0R6xZCVkE9YHTVp*G&$>-
z=TX>|_!t}iYRy>JjIcUtQ;xtMxEHlKbJz3r{&PNcur~4A^*H}pyL|P{=XGTqN_;$O
zMDZJ#sm_Pmbk(hWQO}p4Zp34F2j5vQH8fw(w=^>4qc=AB)1WqMDbx})aS7-S?}l2d
z5vW}{9<`S9P)o29wJG<YZng)gEBKX7kJrR>Bn*|WC93>5)TiA{jE5KP^ZTgH=>|lZ
z-Jc1Su{vt1#-XNgBWg*W*m#1bCSC#c{8!Y{{En*d7V19vg6c?tW_F~gz10ol<3MC!
zt~1F5oTaFx*nt}11=OawVf`09#FI8R&kLij;!;=$+oP6bDQb$3<6a*&H)=)~v@|ok
z9yOqCm|o}qu1$#9%3P7TQ8Um7wYKvy98aMxqL{7CCW}CgxCd%#C!&^WA*y3rQ04zZ
zbtq;VGeD2E5PCoVYY<Qc-R*;+s2P}xnzH4n3O1t$&!WDny+ZAsIBiXO8q{~h5~#JW
zhU!p5)UoS=YG<)^GkVYe5d!+KxqxaosGZphNv*Xo7U>gFSMV%U2d>%YA5oh(w7str
zg$1!K&cqhzbTHqNTjDUH>ufx4N6!CC5(aeib^0h@C-ZxNhgghw*3RaK%l252_*&~1
z)c5+*UCf%-!gR!Yq4v-mERI{SJpO~4fyl0ADSMy>yuPbzKHXlDptVZf&8%@n)OWt2
z)=j9>aTm1|DY~2cpa5nk9)+oK9IBq*QCIYJ)G7Ih>Ol4$zTS&13hNSI=n_!D&#29m
z<QID(;SA!H(Sr{#3&!}>bT}8Pfo7=k1F-_mM=i}$o9@@s*Evo+6Dr?ptb{?m><=Q1
z2xwExu&%(w#CM<v|3G~SeS_K?v3i?|f>E0@59*i}Lw#Rpf_ZTq>a-lN>7P*_J{kKM
z8zM8z`6r;Y-H&B3ps%^}YoMlX2I>pQSyTl-FwBQ5yPs*WQ-5<4&cRTg??qkJuTb|v
z$N*EmFzQ%#M14q2!JIn(JG}vJI8?!qfo2IJQ5Dojt$Bach-RQVbPhF@4tuCER7TCn
z8r1iL9jJTc5~|~$QJXQxAoC&A3kT4?^MinP<AA}Yf!(ME-lH~Mh9PDqnxf(}QJeE3
zs>41*&92Uh+5@do4Q)i#`xSL17aC?p-V?P+=b>Acz)1p{`uM}m4OkC#d={d<g55(+
zS?~z6YYU-fVlsNmV>#mSN1Av8RL2&hj^$}oM_yx9%rVN>dkO}O;{1;xVIK*lvHWN=
z<r7g;wh1-j$5;&0jxjUS95sSzsH^z^>Ue#_Dwu1mDL2r%6HAi*0X0Km<4i|}j$=)<
zc9%%dTIU{bMqJA}3^md%s1CfaW}jfDw4-$u>iHuZ&p6SXf)>`9sLgrW#=luZ-AU#_
zOVpZ9w;n+qr}wCHo@TP?SOj(>-WgTl9c+a0r}#Qwl#ZH-wo}bltU0IwT*ihNXPWuu
z(-t+e?mhy_@CDys?&;?D^J!<8HLr&;l@X)i2-JBWgI#eIuEJz9&Ao60wd)^X7K}a1
zELC3A(nR4vT!(B**U2&4^t3%j@?eSe0cz7^_|42r3)K0Yf?E3>m>M6TW-9s|Gedb$
zUoM-Yj_n-Or{Gr9rap<9!GO8?lyo_E-T*(FS*Kd(V^%V*vhmB-zcC@{&#XT%gm}Vv
z#_ZNo7@zb;=#QN-7WTma9HKbwI}>ceOjO1tHogwEYj>fR=sW6E6qs*56+2*l;_EOH
zA7B(_SYSS;hojc`2x?FKKwa&57MfF39$igoKLT2_MW_#<W2iO0hx$16S!B|ap?(l4
zfJ(1~5!ecK=P$+BcpWvud#LY#uTb?RUTn;dTDn?`IsdBY7ZT)nR0o!$Ms^6*;AafR
zxJ%4hra{H?V;U@n8c2IgiIZ&lI_r7V0N<gGdB{=|FTB(>pK?(o=q4LvADlpS=q0Lw
zn9GcrQCD*X)QI}q^f?$td@pJy{;~0_%gs&L0+oLps@^rInL6SU&@MfPzW4+q@i}VE
zv#&4(TcSod6g7fXs0PniW2`i%A_9|<-X3)-hFdqII&c?ts+?8kG`JB2G-ZRV^HCSh
z9@L%xCwkCXZI&ht>UmMrlr}&eM;9yN8q^3sp~}ZwWAYb7-3PT$pA7@iqw~LlfGRqH
zTI-jnT^j9oQ!p8-!h)#HR1H;8Z}i||n|>Ho&vTm|Z>@>v#t72upib9x48(<AIe+U2
zXsY*Mar}T<;{xl<E^UiiqEV;{7Na)lTI)$v2Opwl@;hn(Db|~BR(Y+ZFe~Y`ZF~?W
z(fOZDKozb=?doHw8|zQh$L~wjPcSJrn4afAbtv3g+opFxZN34hdN!gub_7+=Ez}GJ
zZZtP)9`yeHuNeWI$HCS`sLgW_wb@>ymL_<U8DVDBXF(ZMM=GF3+!EFCeyDFk6Hx=3
zi`slUP#wC4s{hR<&cAw^YP0EaZq!IiS!<yxYH6Q$Lsc-$rq4s~%wZbRkD)sB1odg^
zyTzQ6+^7z;M?D{n%D-d_=U*c~N`ltrA?ldL+iJdY6+m^M6KdD?MGr2)Vt52gWAtt2
z<G2E9@ASiXxEA#pun)EA&ZFwTjoQS~-R)*=a-xn)6I9QJqX$=@mf!?x1kW)p`tLCL
zlA@+Q+{SC5X5<%}J_%KRg-t(&nwdwaz2YX?X+~Zi)2Sfpe9uCCs%=G$^en1lfxAot
zxll_{5w(OZQ61@p8tDZ4d@ia(TTz?u0%`{SK?cNs|GnFcG#r(o5jMubsDgi^mgp;L
z36k$IQ(Owwfu5KhC!#vI2eo9kQCIA9)XaTEZMuYeO}-LdU3zX4MxZjTwDIGptMn;q
z_ebAn3MNCvi=akc1J&_XsPbb_9bbic@F;rlGb(@5{U%>_Oho%mMFp@KdaxI26U{=6
z=oG4=7pMwSA21`#gF0@-P@AkKDt{~cd?adyrdijb_SiAxtC#Z<y?_5d>p^p_i=%oT
zg=(-LYO}0EReTEz;18Q#;E=hJTcMthxAFCupZGNl$H2p8#N|<YtS#y)A9tAZuMAsA
zP=Pn71~MKoJ#CCCFbuVeSEBa7Y1HxgfLi-hM~xLx_4P(|XbY;|tEh5uj+tYcA62gP
zG1qL0sU(Dva1b@(e^CXq95)q3p?2+H)FxVi8o?FRl>QIZ@$@Imv1*9QKM|F0t4+U!
zsyF^gQ%_l!fHM4w8tFV#g$GeReuDaVjepAID~h_yTcJ8K9W|1}s1d(GeFz1gHpej(
zm9H#nW`0FobQ`e{x;F`EDifbEyEqcnkyfZZFd9{0531qEHXd@;tZ4~UzGkTB(@>}3
zh)sWrnu!$W%)m;Z^0!0kb)C5cw6@1lH_|iouIV49#}!fWk?6rKsF7Z=enK^n^t?GW
z#ZXJx4OQQ2RQ}tjZ_myJv&8u^oxcCKB%mo8g<8XHs2{CfT2oy#Gf)-PP+wGq3sFmV
z$odR51HqTf4O#+~FUmR?HIqwF13rftb^hNH&=MrMY$_;$TC47;5v)V)iF>FDV_z{1
zWW&_N%c0i1E$YS_f%=S?WL<z-(sii%E@B*vd6o08Kmr2lnFlrUil`askBM<L7R7_8
zi{l6CrYmyItaU?F2M3`#vcjexMQz?^s9m4<x*2FCRC_(IbN&+$SVV&Nn4m^@3w8DW
zK&^eUKTQK=Q8UvSbvjm~I&ukh)4j6>{AKc|$8w}sMCF@i(>J3w>0f_w{<RiANKl1o
zZ<u&RRJ=24hGwE>WGSlPMVtN!)zRoTO?ql<PP`PV;T0GY-=Mx@enRb$T(`_-j&cbo
z!yr@-N1{J2N3HEfRKpiAIsQP6H2H1wS&$DkgJn@)I2xh{JEH0xkD9@0sPYF<_1{7*
zf&0V;68vqx8bw&^VOcVCN9~DSsMGNrRbkpY=D1bGSi}dT1~3No6>F9CFlukyLd{(C
zyJp6+phxGw6alSyD-6Ps=$&$#z7$pQG1L@3M2$G*JyR|>YLnJPji|kKI%=j4SpURC
z#NVN2G}e7}fb&;?fIe>PqK?OCRK~rihAyG5%Ezb*(>yR!TNqVQanu01pvp}~4P*uC
z*lkCBqq>1w`_HKSnIDp_^Iw60jz=5R)XhUxupQOlany&>9Sp;uNA}#KW~MEwfst4Z
zm!f9mBWlg#JT~=ZMxC-SRC`U)```b}AfN(UQOD~HYARzrF(c25+Kio0dtf}OLq|~M
z-lIC~|J3|OG#M)12Gy}%s8co#b%Sn4ovvF?IsbYP^O?CQvRG@QMm88DaUtr4yo>62
zz;p8@vp6bWRa8ehqrS8bM{Txws2Mzj%69`x;=icV5%Iz`Q(pRo8Br7};{?>MU5i@d
z%c!;VeQDwuQ5~s;&2WtM1qKqY^2&^`5$XmUj+(KJHh#w%$9-)!UzoK$YK`Wimf#4g
z1Fum_kn)YGuqdj+cBped3w2Cap{DjPYqYoK>dubZ-0iLNQTg19Ht-d7ywblj4K_mU
z`Z1`CM^F{KMD2kz@68O<L#^oq>lW0A|3dH5elQ=qSy1&iK|P;g(p~2efx;wwvgY|{
zHyf(r@u&`LMy=gV)Y5qVF~_JZs={{G>8Q{7gQ(5-k2S$3vzJ0qGuaKZ>HJS7p!2^M
z)xc|1!+AfOKa8r6n&SDW&9oj>!3k`PPpoCW_<H{>simm$|Dg6#ihs?O9F97UjjX+~
z5bZnD2xzySLtPB-t%<&x^n$3(*9i6TItX>V=A$ZHhw9KNRQYG98H)4GJkN_d9aT}M
zs5N?U61qy*NI)}i1645af94mA`LG=EUN(LJ)q!Z=&61=+#VepX*w#7@wWJ$Rd*wNn
z!L&b2!|hN@H0B5AUz=(_32OK~YS$;@*9)q!H0Hu~s8cW-^$q7Z>T14#T9SttjNef+
z65l79cZPDH(u<<<RYN^*hx&{e?&C)D-q}+~NJPR))KcuT-nSWJ`9|}8&L={xX((!Q
zRYm3Rh&nBk(SxT^^}RqXjc>GQ-aU~P)uD3MhAshB*csKs@u(gyw;2wh*7OQ$hCX3j
zOcgzv_p>4g#w1=Ab^fbh1$5E7Cs0fD3^n3dG0e;+LftcNAp+_^GxWtlsHq)_s(2;_
z;C$36SZ$y0MqNOEpqA`AYN@isG&4~jRo_(9_k|g#V|*CZ(HAD2fB(fVn)e5S3aATX
zfOR42Tpva?@ETQ7vRJ0WWl<w+joQ2;P)o7{RnHaF=KE~T727;-joS1>(fi;3t|d^6
zgxjdQJC(l~X?E1daZ%J%)kTfiMV;?;*2}2l^)IRe@dM0~<+N7A=%jZ?J@18D>S-9_
z5?D(>yZR_<?f*dUu|ds1+Bjy!RZs;xp{8~OYD!0=A8tY|<u25h(mzoh{eYUOWPzq*
zg;4`)gx>%DXBYuZ;d0cmyN(|GhU!4dxMqpUqh_i<hT|U8vHXl`Fk_GzVR6)EYl525
z4yeuB2R*nDwWJ4wqM5({^MVAeSx7u{ZVRLLVnMA{Th!D|K~=mSHB)=A5?)7jG(&vT
zKy_4u-L11x-wO_)j_GyO(gp`}{sRbP4>lEsp*C49)YJ_|^>hX57+yr3-w#&51g7K3
zP*Yme+6q-}Jm$e2HvKt<5l@gXn)e2*<PuO%2csHTiCWWBs5|~WYG$G(GU*vnBdv<s
zjQy;uQ6u^jmH$0zuOv<!&3hH+LM=sm)Qt8<?ICwD0ZrvH)J=8})saW2%@ixdn8{iO
zRdFjDABegq=Am}^QdGxRVSC((8c_NqX6Y)U_E-aC&$-S(0;+I>^`!M4YNTIL7f+_7
z=1L7i?S(3+4tKEWlTh_6M=iyE)G2z5x^Pk@GXtw??S`53`9GC_)@nDZ!bdhkKys6w
z1GR?rtYc9#why&Q|3dBl&#3YVQkV{gq0(!k@^?ke>^S>;9p=*cKTSYW^c6MI^eIio
z{HTI;Q5E+<-4nCWgNsq01&2{fbrCi4x2R2;G?m#4*-`aYMdfRXS|S%+eM(Iv5FeLW
zx1-kRBx+N=M9q+2YSYm?sB_;CHRYpi`eIavPoqxJV^l*4J!U}ZQ8Q8o)sbc%&c8AY
zB0*Q^Bvb_}P#rpq3GoVQS3g6oeP9}6R%=<*47Ie5MlH=c)Bw+*Zoqq}^Y5G1q!&r+
znu0Y*(3JH;jcg3+8_EtFe~DVV<mpTYi=uXYebkgUwT?nHxB->_nDvR(KfRf;?5Ori
zy9AW69;)HKsGhF0o<N=RC)SV*W>=R%jbs4o8`O5x%sof#3BQb{V~J5S9D%C8inTv#
zN!`^pa0LTNa59++;-Y$(61B#ms0PYoacqSe`3h9Uf7tl{Fc<L*na#1QjoL#aPy<_t
zx>*k(OYS<42<S%oAF8LBvX}w|QEOctRj@N^Nha9z!>Bv`4(fb=Ms2DrSxx?OsF`bP
zooPLWMM?jN-v9rfd9#__UIW#$o*0gEQOE5%YBSx#Fm$q;e1%Xm6NMh^jhczss4M+A
z>ci?4YEOJcO?mtrX3rJDtS$-72xt$C!=AVfRUku7GlFoeOuRj+LpxA6;~`XsU!jg`
z!dzyC!cg%}s2QA$Iz8*G7f`3|1G<{hfKYQmM55NJI%;h@pr&>z>SwnjsP75iP@61g
zZWAwxdfo-q&<a%fQ>c639co5W=P?5<gGGq9%@fV_29}YawYrBoR`K(io+m+dC_j3z
zDypKc)|setzYn!X?qe~GmM@z3kL60DmSi;Qv}{M!_Z9;&AV23{Q<^lt>3KTTt}lb?
zNPYBPnW(9BQA;xybs9F==jTu(eTkZZWCcvQqNq*X2vx45O&@|PzsMz^9_>Ya23$k!
zYNw$28lD8T$+DxCsx)fEeNi1<fU0;CY6eeW75s!+qB3FTd2LiX9Z>ZTN0oQy5l~My
zpw{FJYQ(V%nYGG{n%WAe^!BLZIvUln&8U%|K~?+()xr3M&7LZNT7t5uc78=I;bf#f
z*V$nL&NWnz{y`nL*x_auXF`2wR75q{8Z|N(b-X5^E}S{25uUc`579&Xoi#xb({Mi2
zr(r|PpwIt~_Q4d?+U-Ow#Z4QJQPiB<%vhN8ny7{*pk`(z>NuT1&CuUA{vEY6i6TsW
z+0d7GEsTbBu{`ZN4GE~?WtboDU?e6kW|pKbmL)z7^WaU?6bD6`8On#6`g*92b+z#^
z*2UIcsC(lg>Ue%fS2t3|;$~{9qt>c7Y9z~1&yS)Sd}E&{Dq-R!F^u%Ks3ls29^8ZK
z&@I%`d_>ikp`<BS3N_R1N^<^75g2D5TtJQRA1r`bN|_t3DQeS<K=phrs$*ABpMFkh
zb5Z5P21Hw72|R%MVK!PBbKXNxGnoN(S~`_+O^@c1po$KnX5b_03Qbqm?Dn##5p+ZC
z;z_8R@pshB+(MlK-*U!W)<)LRsHxwE8o)i&fc)L^=5Ei88nNQ)@itV0r%)Ywikjk(
z3g%emLEZhetbI`(TZqcP$NCJlnUhpBo3S|R6xFqHw<`e^9ARCIYIvXZ7HW5Yv(FP$
zG8N=PrI$l>EDE*eeQkUSYVFtB^joOS`4M%K237Vxcb)76yjLXZ+;_ynI0p5pc+{pp
zMooE)D(1Uk0rVl>Ar}8*U)yxPcun`?7nD5ojm~euY?_v5I%%hQ7D0Ff&-C|Cov}n3
zb08D*{u+b7=|F)Sw$L&%<>MXBhe0p}kK;w2@e3{IDEY4vpM%+mPqSt6;Re!M@&5UW
zug;LJ<2{3VhT8`{U3&iyjZUQz9}0}aZ8*wis7vLVoi(J-qM%+4aXjgIl_MNL`BJ=p
zzQ)p6Y}*-s@;$TV^t?9hH6g7LX-moD&b1kP(dawg$7rYy4~tQWUUmOd_#|nEDSVeQ
z>8YqI@d>v43({}ViTRYtV$0sbiKOdQiu^UG|K}?OdG|->{yjj30W?}mg?aC#!DbXZ
zMa89Ufd#h0-*~Q9Rm!C2eU0ZKJZnvv!qiceGF@z$45aP*PlLNnQKt?0OYtm)x8tn;
zI6H#DWbQ=+9x6^sZ@*CC0@89*APWWRl9q|*t9YKucIY_q2jsa*9ns0(i)Z?ePV{=p
zvt*PR&9kb!{~)~!@y6s!hlhEd!X<K)fX;qy!i{ZbBB}Hgm4({)Yo5O%Z3=mRzFrbo
zNXG(r^Qrs)yz~vXH+gjg{cs+Qucy3T_h=`C@bA>^o*<z&2@T2g3-4V#2&BT5JnTm}
z8x`wADhCzZ!Arzb@Vq*ClMr5MN6RB;DD~*Ig>uVncp~!8NI7e%FRwab2c&$%qw^m@
z9J3W@CaMx{M21F8k6!wsv4Qs<-kV5YM#KMoCAN)Rp<HPm^x^p$!ted2R-c(b-R?p+
zALA!1%)7E}EsT;=$h{V~@H`pmyLoq_W&SkFnPqF{krPB(L*Dzy-&|#=XCKecF-*PM
zGYy9+TbpuEdH(a|wy=%0!}1jRPJtL?(rXEEjnbb2J*n&t@t?2Sq?II|nEY!9x1xbD
zyc1DRHPZMu-<&9$e-LGt5&ww#CfncEznOpA>t}slM^Vv7Dp^9tm%Q~F&-)4KGpLk*
zD$A)rI6L7sq@SmvDBjs=XeH$`@oq?b4`#+)yqA(+uPMBf5zfrB+nAPT-fg3=qK#}%
zPx7#$hRka!;o7{L(b!`=s}7N`iOs7#K7<SMd=8ZrwGI73zTL#%Qbw<Oyw?$KZU>~a
zN;Yp5?I^wKGP2v=9&y-hL8a%UGpoq+j(2hLq$OU9^jqY)LBpA-Xg%R`JR3<oHQ^b&
z`60uZKwPh2IysbgN89KN(ofm2`wM|JCZE%dObaQvoQ_-~(-P9RQ}HeQo3#2gK8$b*
zTd^(Xq$Ylu=OgLlCd%vQuYJVNVLIY^Rj2GJ>VHDq<r&`(owGmJU*CsPlR>ZhJSaj%
z9y04Sg3R+s`${9X)G+aIIyDCUc<<!>g+WA;_MCF#?Z{Mi8ReQ&<{oaf>C4EUz}Ed%
z`)>+`{K)Y0r7w3sUlC-SOTn17KuZco<2{G8F}%a*^b*R(<#{X&=b64i=rxiK>6L`E
z<AhI;CjnNWL+!D=2BZDoLIGa<du>jB!d*<%sr$208!tip9^n);wBL3(J^AlYt{Cb3
zd9C-wKT_y@-C|(7Y`*%Gon_Mt@pKXCS;+79CovVHs6<7(2rpq&!+EgP7QBKxsHl$Z
zOgi#iqJl2uJxN}@zLI|~`DXI0gk8oSJe#bC<eP0frf7NIHOVtW5sg2SEpVGg%27!I
z-V<$sewdl`NZa^q!Yv3_M-R{9P&PBQtmeIuhJL=55S~tF^cu?hICbiEnlc@2d&Q_@
zVNB-#sBLT~6+fd;Ox`O<Yea_szH;z<J?~Du+w$&69$#BoQu3y;^_-{ifwt^hEXYix
zw4G^V{aJ4ezS}$9$uy9{kL+}wB2x)lfijjO-kayeXlxz&U=GU7CC??|tLe;K8of?9
zjPTFbeacm&&VDv+6nWxOCMEBgyxUQSyMaOrf0nQ&pn(*;hg0AN8Ef10F@*Us$@^+y
z)Ao=SojUYdM?;mc2#v1e9m<<OvUg@u&kWwx2#+J}=PSM0|5R#Irc*&;GESuD_jr#Z
zUY>Y)I+KKk=8{%}4tzqr5>jC#>3W5d?-1!tQLkzSrws8ggu7E$D%*KI3ZWyz_}R{R
zZZqZ}A<$N=q?x=^QTYT4)wI2?K}Yn8AbkXBr!lR4R-W)Go>iiuanzHGbpAO_@2mNL
z8a_=pKY7#h?332Nv8_Nk$CDUE;XlamJMVBBtjQ>Y$QOg~5%PqSzkuyXAnE!3(`f~3
z+eRnTk=OsJJB;uwo=?OUl>Z<3+=8~Em^6}*gq9S#OfB8WSf9%IKWCn8U?9(eiStVb
z=L>1==wMOaS1GrHN-L7qmpppaC47VMQ}Tup{vSpszQJ~A9p!lOZ|jk8lLv*UBn{yS
zgyZqPLWg>hqby;)zEj{ADv6Jau{5rwOf}wPZ64+8Ngev3ZvxM!k$#bQ6+6h+#Osj0
zku<#m^t07Q0&Pf0M5X-8mEIrP^>7%O_tJ^i6v#paFHo;Uwz26v)2k2h`8<0=dA<0t
z+&N7>hj=&O*(OGxgg5`Jrt=%m7m(MVvgt6lONI^<7|p{Ayers7RMAPo2PwFhJlA=)
zQ;GI92{Z9L7VnL`?~^AO|NGiVnqEg}>>BSw#Q9rOPAK{Qw4HU^lQ76;Y)@l{nTc~`
zxJ!fC2oErIIL!#JChanBy{4gl2G^@N&pw!-Gm5&d*~;HgUvi%HAYO|%KOH-P%w&D)
z|BH76{cPn=!g(T_ZJ{XaNM)OCg<=S4rO5O1HJDEKpqw9RzwxZIeUO3l8-z2EKAFaU
zCH#i>dO91Aw5+`I(xD=D5P!sA{rL+c&H*wFAh8UE^eTkEke(CQQb4acyhrn{O4@##
zPw6?R^yjNNoqA0Es-$hAzSY$6-`7H$cM0WJk}tD<w!T3iDG7`IQ|SP^Bq}`G&P)ee
z*+`x>A)UXw<9%JDd{gT2r}6~6U-8zy(rbv#(~IY=2$w{DvFv=a>FyQ^|NpNo_Tg|k
zl#I$!60dDL$M1ffRD^>l*T@!p&q$jS9%JLXDf250={3yO_1TuMiQCO1=YYQdy``cq
zc7&0HhZ8<Vp#_8=QBe~rN<erk1%G8!b?n-0ApDf)KVQ#n1B&P2Sw6}%plm<l9eDG1
z!n`m3`i}QioM-yoo|BQx2WfN|74YvgJ2QyiqVOlO?IJvnM)uf3@l09o|F*Xy{BAox
zo7DQe=l`c8MJcaWRo=Bo|Alu3($Z7kS<*`C`~T7ZjG`S4|DY2Uc=(%bbUM%Z>sC%p
z8sgvb_Wm)(7AiSIW$TFZ+i)j=&0Ci69Ma#|hN;H+PM(K6&qTT(@5lDp1kz)FvyG4R
z{xmw8=KuR@Lv=TJcjT?t539mQ$eWL<7V+laD)+v2;0jy)M;uK4>g1ci(@i$L9`>Ns
z`=$tgQHqZ{)yr>sy-8J>*imFyOkYFjckKUk>XU6q852{{c=Gu0Je;r(m0X})Mw`D4
z;m+hQK%O8wKc{T@L28iK3GyZ*{DS8@^l31OLKUfuzmey}z++^%jDM59oQfP=WE;pu
z`p?%7(qHmC0|^g#ev|SaY`)tx5Jfm8*1|yY451_H(>db3Nsr)NT;pHCgKwx;UlMDO
z>oS$cA-o#(dPdp>;y-Bc6KV4a@26Ze;?b!vfbdwGHwSq)lK#RJb?%Z^uQ)tEO8Qyy
zHzxj`x6AJ<ozf(Xp@MQ`c*h7Uvm9@U^H&HRUt3reG~=xas6!<W3EaUedcdnL@9yMX
zO8R>0X~z3E>d?zWKD~+(|C{IAska8t6Y)3wob@~y$b*q|VkdftpSJ~05YNN=9nboZ
z9>RMT&zjkTIEiO^#kKhrzC&KUn$gfl(p#fmpLs8&VSmbOC(ktE+wA^xwvyPA%$;q;
zm+0MF3RbhD590Y7TX8*`N0rXz`FY++d6tp##cUou`;&L@e>xVIXLqQVKLc}8qxWU@
zzX>O&kp~1rX}Bkrp`naqo@yR@|2G>2Z`%=tk^ko_i1Z;gvX@5BkmoQiVZ?d`VvsGD
zhC26|WXEkxCAmn5O$E2ebb_#6+3D>vD!9wL5ARBJW|w*7{oj~8|Ccg5dFwTa%0tQX
zH{p!bna`WbMy1XfyjxQ5Gt%x8*6XFwb<&Z!k!{pG;wVySPBNS!VG+-p&{#O(`=rMr
zyqf%H?P#j=yf5!oJYPflbz8}1IvqjY&b;-CN4$V-T=98?z5k!Kvr)JcnPTEa8koz&
z=eBZX{GD(j1?(#+`9=_aLj~n*g@dR(3F$vyB}o5`w61oql%`{asJj8a<lUS0j`7@I
zpV|j`P{#IhAC+97@Kw_LlU9+;C5d+=zTf6iBP}S?ns+wRf4&~86Sl$cHvJ@Jo03nj
z!qlCJ@K(}(zP$Ty1&OgKc%KG}+k)K*Kd=qvwG|wpGb4FN+D2yE5ns2@Rp~>X|9tt{
zx_Z*FK=Sm)%RKBx2mUpgT<3``T!e(KwrATY*nrI8|Eai>4cGrq?+e)mRM%`e8{0PC
ziL&wN<O1@(;+bnZnvVRBY?<uddeZURIv$>)@@{riF{y;VO5p6LU<T|kwcE4=Zhu0t
zsaCHJIE)gnu_MOgnO?tIR}x-IdKsFCpw@NdYl;0y|4e#DyhL}O;9}kz$=8zj9dDON
z;FXlR{;#krfsgT8`*Y5lghXmh?2=bBhzdnfx~P)cRZG=cCdnk3N@ijfTbCpVu|z_|
zu|y>r5=EkdLl!Be+I#h?R$Fwtb@R?lDDG{kTg&zR&%9?yd;5Lg^Yb{*d7l5Xob^4?
z1^yYaLHxM*y?8a{B1jaR1+Byw)}g-_a$9h|Oner)9!T^-gLx5nK|jJ5{|>p~c_iur
zZVBAy@Uy^2&>OH{z*M{i%%?J*3QTkF++m;O=r}_gS;Xh)XGqx(pj!yqkOsmQA`AIU
zw*Quxw~=%)<c$qREPU5_lj%`LLVigWw_5DemH-b%yBzIs7$OjKHrnH;b_v>VWz|Ns
zO;GvQu<t_=&&wcB>T$jQAAgT5=%Oqj6quXRUN3d~5T_P$W7yIbBG3;|JOalARHn+2
zuZPhO$#MZa2L2MGS`XV8Ig-AzsGh(GngRTI=t|J~$c~sNfgcCmGT8E^p*v!=hx`)q
z8%`i-DR>*eaY&@V;e<?52;F6w=oetNg9Uw$fOEn1kZtgph1MTIKSH|*Z7g(sz=C=M
zCukvJc7~iJ`%{2R6|d$cNH7<H7t7#VWGkFT0OX@kjI<8e;ZRIOup5vYL3a}UyAl_T
zeiP{J(9J>dKAH)c3Lhjtgw}?3KH5a_Q`16JdIsDULAptgU^t}65roK!kI8_)p#2rN
zaj<K!Ek=Kd@JDL`UqYNI()TwMQ!HbylyOA&SLg+$9n@RH1&sPSoW4gt0qv;<vmhWL
zC{$1ks=g-!ZAGFh;2TIPs2lu#l=7p{cL44gnMg-qS<n}uBN1<>SpTmPP*4aQ1icTy
zYY0?|K=`j(y!20aOaiV4_;qM@$|Tc~V2&*GJz11+cn&-fm|oKMf^1tspMn^Bk>hDE
z9_zmp3M&$|2X}-#32g#^on;b;-hcI_H42;#`yf=lAG&_P2^ua(__N+M)X8L@!~aXj
z!=P^md62}<f^M?Jdf#au$dOM)@E!ooM1mv<9tp=isI(q@54bnLuS1s!UXR3|AW#i>
z1bhWO3BQr>?~No1+DhQ#A^(W>w2UcmXW=hM+&^BL0Dz#e4M3A2_w!B@f=P!l2o{IL
zucH-|3VsL4y8ycaI-3{-?0pe$ll1*SVqZZ!7y6sPmcZ|r@1L58KySlIkONhZ24D~R
zD-d8PcntcF!Df*dftv-KpwUQp4nd26`3!9z@E3A6`sonEXcS*2<-f`{0dc$d#{U;6
zdjRw|@L&Xf6_pl&pF_|L1iXoWKO=dPbQaB3U>5;X3|j>-9i%M@vX5ScKZl<QxF$%L
z3Lil?ptp-6#r*#S<z;l91F$g+$Dq53AV=hA8QRHUDg*CF8wxG~F9J3K!KcGsg*bNj
z-$kO2WFnXi>A=-N-v$G_iacx3zXSbSXw#mBLC^(s5)g!-e;fg;5M%-z6zEz&_R$E~
z=R&s|y8f_F1a=&F9s*wko1yCrHo!g+%?H5$4g57^3)<1Jy@=wrLk6W8e#GyoNdAjV
zGFdo-ddv1du;svEERy^i?N_j^0(L9p8_;DS=>V{x`3O1!w*Tl|Luc5}pr3{qYat7|
z0KX1WUM24Tp>PTVuhT0stOr=o0u)dUxjh1W0;fdSn?W8S3lo?;BpxjBTYwQX7PBMh
z74*BxM55mpe!ZZp14p3W3GF|`3+_z>^+$UM;AK$W1G~}h2Z!4T)*p#mLw*@fLm<}x
z_YLgNf^%Vi7XE@J0doq){EEH<{SJupGWy|Y=YdU-UjjZ4@;0=;qVGNbSu#K{+KW&M
z8i6ERkf0TG{Q(X@@E9cbQ4sVyf$acYDdahjS0HdF_zVQ60N4UPb&v(^LOU4PZII2t
zOTzt+MBl>L56%_f{*VWt{Q@kgUIti*U`!S_6|E}ucce~7;}5Li7a<dT24xS}y93);
z#uK<P;6`3Q@A!oZKRRNR+X2c(L4Co3hNI#T=&u3X8uESE34-OKe-`!uXkU|s{2REh
zz_ZZ*9DD_MA1#xZDX^bL>=&e=I1QC913w`Fv*FZRIu3)bg#;deqoBhm;39Ye_>Z(x
z;89QyIeMRcyo@dSFdH)9+aJON6p|JTV+^MDf^=E}!)_Gtd4nK}AZMX~zsVx1;o}5u
zlAI-9q7Na2!}bGgFQZ+Hwint2#D7crn$W)>2l#>aZ-ju;$4D?r0z|NDsL+P?88`|$
zfJBMVT?b|lg8Jwn^kWh5Em^Ep+8&dA7us*3BfvS4bU3gz4f1&R|1jy~0a$_D27oFF
z;?VVxMLZ5U9CjyytwOsQtU!JTt)M4>8wx)rN7od|oZx8KZo_vJ^i$Br$fe5=PU8L7
z6ucV1!Em0BU@rr38uCU7oCe3IWzaqda2nY8NZc3lWniMf+2G?6BjTQbP0&WfDM!o=
zz+aN_{t5rrV1E?-w4DI7fN&O|PoSI*Co=*yg<jB1=w5{FE-){E&!gWM0h%^Qb_0Du
zAxI+VTeL&LPXj+5xTWyF2>ore;plHiTMOGWzV$zhpogG*+w1=Dw_N~7BKQ&517vVv
z?F#)x=q^L&LVqoa9S?s&(`5S_5_|=DAh4s*j)ScN_-ypeu>IXTK%D<KW#D^gFG6Vq
zKu|h(2Y?5`f#AVNn1f<067P?G2jF+XHUxYCwoPdBkj#Y`BjJBv7PA(%$I+jQ)<@sM
ze_R?Ie6$u$(*P)fq9+2+11AGi0lfoyHxi$N&PSWkZz=o7p?m}KhtRbHJ_>#m91ZRb
z-xJ6ajAFJ!7IYi^YH-@~P+WmyFBspG)sBbZBk1BKco70FfV>LrIAGetJ{tCaA$Smi
znZd6iu?6~<fH?$PS8Qq@^@rX^mt;(vZcj64aEyY3k7gr5itOKqGENrti_{H6(qIHR
zjD9Bs*#|iSd>Xi3(Dg+D{)p+LblCEs6O;s*$znQtH4X0no-hj94`)9FdKB$!v>(HH
z32Y~k;GPaKgvlUpKwkokpu4ga@;b<G0@DrlAt<<oC;<L;$laxHC#bks{{;}fl*%SZ
z+8p4$0Pd0__k$cO?Nw424j(~(g-uWgIo+4wn~bDM4T@<aeRoN0Anc96uOn94VK^Uy
zun-Od<g_(`t}y}*gyR{=gJjY$v?I_@1+EYQ-j;d|Iv>r3&sC`xy2oT;K6@mJ_z8CL
z;d{C<-XH0xcq^=@(0(inI0HZ)0Mli^JLGF}L|;i=rc6=|+Z_}W0edgRnTo!k9pF^R
zF6j3_PC_Ba;p2qv2--?-9IXF`NG#|)l;=^spgS;H!Si4XLEi-Dqp)%4iV^Tj1o;%a
z7%XT83K$JJ3HDC1ut%WV18xfY9r(0_ENBWa*C77@p4}0O7BChd_-^nI2yz#O<_OZW
zBJxOplJ{Koi+SHw56+uZ)2HH4&D*46RPANbF36y&YWK+aD0TS6p=x)#Inkn8Ey)X`
z@+KT>$L_bH?Hj8`OS~F0Y*^mrV`^UYu~~VYjz>ND(C_8n`~BV^T)lvJQ-aZ%?1-vZ
zbi5VK%Q?|K@5qVhyt605D*{ipr4>C-bq&ay^J!RflO@i!Fx6p-SL2NiV~`=Q<C%_m
zPo3#lk@aaFiS8X~S05r0thT{wM5H|;$Pj54CQ-f7;k2351e-ObqV&vU|BAL>KI&I7
z{X)Ed#r5xBY23o%uvwF%hpX`>hbazef+~i(ZwFVrdShBZMdLeP1h7Vw+)8`dG}mde
zJG^03qiQpySRE#WcbIw^#zP#e{tn?tGO6=Tv1+W%I^S-x`7jevj>*=|t{UUxZ6>>2
z?G|b8rp8-McGY5as3}HAT#`C`{6q}NVOtm^BTq^)byZ`Njg~oZ#83n@)o635)&x}~
zN;TT;sYy1Y-Nf1}B(n+1T4d@Kgk@A2S4dPFH8t4;s~VSNikl-`yf&5HQb=S=qr;2W
zLmQKmt@C+|AIT=2C!1{M1T*GcOycjVHtU76zxb1s$6&PD%$7ven(8oHEoww`G!{UO
zcbZg(RZUE`#u}5=IIAVWoXC0ykcrH12x-o014#dNm~-zQ@VO?KlTF?!;g<sl31HSo
z$hIb!U3I7^%M{OPQ*xIE#GAy9V6$702!6Xcu@V|-XO@=a2|m6hY2^1*igg}xV`Ac*
zHXCMAjWgQfy?fSd!D2YPHme0IWOgK}(3nx7#hDUovhgvkNehK7YDZQQBWv8AEa0o#
zlkXJ1GK?Gyh_l*k3wvVzRfoxzVz$5yvxhmue(-J&Ojb0qS-LsYM3X}`TT-2lAj3r6
zZNAC7dS;6nE7m#18gKd&G=C<N{8iy;Q6wi|dUvZ$wL4?ym=;E<m~`*L+pycjKGmx?
zHdy^$syabmXbjq9!#1^;<~Oj5^)M|+wPFU$4z4^->iv260P=;xyA39-C_nc!>F>u!
z4kf*VS;07x$ybgi3!3n-X{1L$t3+ptm`YIsVt6ayF|$c2;c6_|P5hkZ<apM+hJ<h$
zPf~-~u2j;LZA~RFu%OALIS-jj1`uwvkrsrlwUdc?KYSm|x;n_y?NY>z5E0p{|Kr#-
z7^E>J)|}|HI_-R>gM^Ymv8PZtmiW4pbYw@IM2&KoEl#oJ=6SbhoYA}SjFyG-jSGDn
zPv4Df<UA6Qcky;G8#j-b`Pq5oj?&V*9lUElvG@4Fh#bU^FCvru`X-y^8F8w`)^XUJ
zIPExK4{i{<KH>9>$>w-<!kD4n>xlJABj@~`(XnR7hIC@$+36(EpO<HnuY;6Sb1L7L
zORfa4{fvCe&TJ&l@Q6+11nnujZ6@p{oGok<4A7`zjn(-{CJPJ>o7pr^3=cXx|7Ht0
z;io2>jdpQd%oej4tif#23o+XCh2i;yB!IMippUbrG@MwzvWOg_O-v3Wj-uDX1{9P2
zo%C6H;N?5Q`f4y^F=@qEF<Hu{?;xRk<PI{P@S{7)PyYP;9+KWj!9i!8oum_6d4L>f
zW?DF349Q`&s>xPMB7gcI=|gz>Au`&ZU#TK935%;C+uE4zb}=|#<%Sep!L}BXFiwt=
zGbGZ9C9pWma$&{P;AU6t_9QV^V)?|Xv8%OY9n1fKtYLGH5qI=(vn|DvXv3MZJ8(OS
z9O8NnGT^-0oED2vB&H@t8xs+mPdiTXl{Ax0-#Z8&ha-i3mS8j|`}UC2lHg3nrIZX4
zrY#kVV2Lv!ShC3;WcdALJ-o&B<AM9;!4Uro>)YmjVxO}sCvn&8{)jAXrQe_ru0ii8
zd!8cQ`N&gbE@>t%9ZVkPz+|&oZJd8hzEOC|X>wWd*ER2dMwTdi>Nzrsu*Kn6Gwn+f
zt*`+Xh|1<(AQf!nMRJduz9H#^WiKFYc=UIq3*nCMiMbK;cadRyor^>g{+*jNQrP{=
zWJU{bVEa>QqS?DAov9@gt`M5$Js>zRCftGXuj8=j)AzzFW5@cY@8MA~TN126hX2K7
ze9YvSmwi65M*VR4JQj*o!?GYgZd<!GZVnC%zU9Fw57rbrVf<Ax_%YK0TzcY8PPJJR
zZN`)!gVSP+#TUhU?U~}7INH+0_FW~REd45p3A34y@sF-Jg!WV`J{J7oRWgx;`ffZm
zrQr$kzfNukH`MT7uah<k8}tj=(g@kbHfR5;C2d*lFC>`J8-%qNZwC1!kr#^ZD&cEy
zkZ_7m8E<im^bTN_dt^Cl{vXnnCH#k+XUFf8fxO^8@guwgp))CeSD`})f5D$(eYZEJ
zyO}ePc4KD(=?wBD>ls9cJ<>P&@h77D4p95_8{Bswe=~@7Aj%WH`tr?9XcvWj)s&87
z3!2d(8=BKDY;|)Q%<-4~nh1BdpkEPI+lof~;Vr1GTdl?<CmK_X$?_fO)eIZP9uJ{i
z*_06aIy(_UBUoVwZO4+^(BN?Sk`xa<ffeob>a6;zjh?dN>(wjxqoK43WqsPv&LoI6
zYeU<3-Pnu}+O|D_k?{a&*+q4S_qx~Ya}})6%9quz+rjs?p+6J8s~tV>#|pz}SRZX=
zAxxgy<?hW(UHSW5*=6Dds5VsBRd4o`Z`A_?8CbbW+wqz(T1{I2sc&!Ax-;#}K2~Ws
zAK01J`15An=t)0*=P`QOkGJka0|Q&Vo9;TeO3T`(4ztQvWDxH(m`-j?GfTMhdAiJx
zcNjrCQvS>+I?IoTj;CV+SneeHTbgU@4$t!UJhcVx(pB!=o7{_!pm0w)cfG&(AL)w?
zu8LCE(wytnn{}MKX05xbz;!UkQ<9}^D*bb)d+$*#H`|k*3A0wPPurS)DScz4{Zjg-
zy2IJp>Lc};*>zP_bv5~TVD_4*ddl``HTgjgQ(<P@g&6{ync*ortmW>;e7kp5x(ch=
zrdQ~g&R7T6`f}Im4A+Wu&&~{#Dl&N&q&~k^tK7+2Os0Lp^|z%8v@q+j8i07#WO@)c
z+Wz|YR(r}bfcfvjT^q}NwKM!(Ul~2!>))@dT%%={YVW6G9PXO3>(#5Z+8THMj{5W!
z^+iY2OX&sT-FYc}D?2@fc3{V+&{1s2R5~`;wZ8}h(YG8kzC%NJ`c(RbGE%QxE3eiv
zcZlDYSGv}eXjzB!fCg#KVt+JD7&SgRMm*0|9nW^mq=UjeNAnQpcM*ij7nCWl(dT=*
zSYcgdrIuc;m1W5^uGP!6vdwZ9y+bi*x#il*Qnu_h`UyKai<Y!}uqOI^W0iRPY`T?(
z!VMiy?G{hbYEQ|#=wkEmTe0*J?~^z%o<4=Y9&3^k>Mp6O-&CyC<Y_CiMUd<w?Z_ea
zWC9HftY7?Y-Qjetx{yyuq>m|V%j@(O-!z8~@Z;C5w11;C*UI-@dskq-^);`nT!vw|
ztFqj?%Uz{KT6NB)^!4}!rK=*}vxaLq8}!M*-txJ+_P(nXFU1nNRvdxg&RzEZxlXjl
zn1&i(nrq<E^Xa#Ef4@Pm_$#ix#q5m?+EKv{VJw4&Pl86DJlqzptPR@UTwiyEtKdB?
zhv{=vSG(1<vKX_2GbWd6!@dX8Sy#0~+qX>1Jf!afzCVMi0X#H|#`y8It7$jN@E5-H
z;3+w@yB|N5M_&wPg9_<neyxxOG~t1J=ry8XkFi^OY1aTuM14^eSIelwuN7*j-@epU
zuubI3S&Xa6z&^W)Jy^P*o+W(S0s1lFs}9j~P1u6tbQ0H&)0Tv{Iza;o8+4LRVAUt-
zu&}i?bydY;i+kT?*yAcrXWfw%m_&EQN`Chwel7~u_<m3AJFYc5#M9`BQ?z?`{nVhV
z>YEK~s2{qzs%)*G)Lm8LuG)*Mm2EynH}G*E(?NdWF5jJ|Zxa<SWYv2uRO%1q%+oZO
zF!m|!&QE?y-=Te7Ik{T)a_#U=On~^6pXGfV>z6Qs=%*V(U2PHWA8}2*@fkhW*s0dl
zh`q?hou!HV>$76U+nuLt9tm)l71d|tvCd!9){MC5O$BSie{)f{Kl}M7dX;s#MxW$!
zuhCy<Pkp=TEAC>4>S}7;>r3@+-Qksp?yW_?>UiA0=qlRQjhk!lb{(mXoHS_yZmJwl
zSs7Pu&_WU^wsC$IJhiOdxK434G0%pFTJIY2?Kf$2JhmUI^%aso#qgqEX<sE!%Uq&)
z_3ZR-^wkL8f%hfQ`wdr>;eRbz$bY^~=U`9Vr8@$6tfI_m9O}K+RB;PbuE+RrjKmV(
zXrlbR$@(&FFVl+O!v)OG1S_)%AKFy;yFY(2M43j|?oj1;@9Iiz-&(o%{yV2ChUy)Z
z8^GfCgZP}*N=w>DT;D5}V-of2)BE=JRPL^;s*(5hdhr?Zowd!V=YzINd&b);nXK7o
z`25dpr!3=B@#hhwk$jl586A`^>{eT)`NL<ps+GM{cXSor?Ba?jDAn&im0LR~>y*cF
zdOS;NTvbJ$Lls(XmZxMXerZ{ou#sJP*>yDq*z+37&N_rk$8{)+72Twv%`j2*1>y^(
zkISnJZg^nW{V*ks-40h)2j~;R3S*Q|woFx`_;yu^A^1Emso#`azkZXayxgGgmHN#&
zu7XPU`faYPTz%v?76vgv8;<BV3bd{b%UuO~Ab1Xx)-TV&eG`NWN6TG{J&j9GTf0$P
zSL!L>?kV5tu3F~aa#+i((3UU5ki=JCeE)I$w(a1LMkpthX`Y>cY`~R`Gv+R?M6zuC
z1B?Xvh2}0}xO8zc<MAhU_Nbsgfw=PD)w0+hfb6xd%1$;bP-z?Zz?nyOQwGssPk9w4
zQy)5iGfLT^u(8p~JwCUW5~Z*seUu3HTOZ{;_F-S;D1Wz~l0%rKzjB?=8=#DC#D024
ziR0PNDxrjbG(<_K5n0P!+1vFyKwl|&^6(W^U4_fFTE-SXuf&Jy3Gsl_iZ@@c-r`z+
zRI6UX>z-F;(=_kL-+PjAhqyAz^=k&3K)+JlmH2G$_Uv2Y%0Ga|7_LdJY&G5rxF>@Q
z@(vV_Z0YPhfB%PbUDX;)wAWee$$eY9dCK#l^wj3!GmEJg7b-qtT5%;NO54G3<>C;|
zu&|*qO8-vvOG@#k(<*cD`SX4fT`Nk2pI67`R?|?H5~IA>#yibg@rDO@El-?pR#Z(}
z@nbQ{6w+d84(v$y;3DB|Mkqn#;l;w+k5s}GHk4xbzBxuIVO_^6Cp!6N7(>=?VR>S`
z??YZcR{4+wVhFBPD?A4|Z}g(FC4ilNMcK|aOjZW6Zm%k>Sjel&HQsNEGKlbVQ<dSA
d51XMpLHPNZ$|!}6F)FLrZKD##hQ}(;{trU^(s2L)

diff --git a/po/zh_CN.po b/po/zh_CN.po
index 9440eb9..62d5cb4 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -3,14 +3,14 @@
 # This file is distributed under the same license as the GnuPG package.
 # Meng Jie <zuxyhere@eastday.com>, 2004.
 # Chuhao Li <lchopn@gmail.com>, 2018.
-# bobwxc <bobwxc@yeah.net>, 2021, 2022.
+# bobwxc <bobwxc@yeah.net>, 2021.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: GNU gnupg 2.2.28\n"
+"Project-Id-Version: GNU gnupg 2.2.27\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
-"PO-Revision-Date: 2022-04-26 13:27+0800\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
+"PO-Revision-Date: 2021-02-23 01:08+0800\n"
 "Last-Translator: bobwxc <bobwxc@yeah.net>\n"
 "Language-Team: None\n"
 "Language: zh_CN\n"
@@ -20,58 +20,58 @@ msgstr ""
 "X-Poedit-SourceCharset: UTF-8\n"
 "X-Poedit-Basepath: .\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Poedit 2.4.2\n"
+"X-Generator: Poedit 2.2.1\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "获取 pinentry 锁失败: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|确认(_O)"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|取消(_C)"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|是(_Y)"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|否(_N)"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|PIN："
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|在密码管理器中保存(_S)"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "您真的想要使您的密码在屏幕上可见吗？"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr "|pinentry-tt|使密码可见"
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 msgid "|pinentry-tt|Hide passphrase"
 msgstr "|pinentry-tt|隐藏密码"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr "建议"
 
@@ -82,24 +82,13 @@ msgstr "建议"
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 msgid "pinentry.genpin.tooltip"
-msgstr "使用随机生成的密码"
-
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr "注意：密码不允许含有空格。"
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-msgid "Passphrase Not Allowed"
-msgstr "不允许的密码"
+msgstr "pinentry.genpin.tooltip"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "强度："
 
@@ -109,181 +98,166 @@ msgstr "强度："
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
-msgstr ""
-"上方输入的文本的质量。\n"
-"请向管理员咨询详细相关准则。"
+msgstr "pinentry.qualitybar.tooltip"
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr "请输入您的 PIN，从而为此会话解锁私钥"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "请输入您的密码，从而为此会话解锁私钥"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr "PIN："
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "密码："
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "不匹配 - 请重试"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s（尝试第%d个，共%d个）"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "重复："
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "PIN 太长"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "密码太长"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "PIN 中含有无效字符"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "PIN 太短"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "错误的 PIN"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "错误的密码"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
-msgstr "注意：来自网络浏览器的请求。"
+msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
-msgstr "注意：来自远程站点的请求。"
+msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "获取卡的序列号时出现错误： %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "请重新输入此密码"
 
-#: agent/command.c:2423
-#, c-format
+#: agent/command.c:2567
+#, fuzzy, c-format
+#| msgid ""
+#| "Please enter the passphrase to protect the imported object within the "
+#| "GnuPG system."
 msgid ""
 "Please enter the passphrase to protect the imported object within the %s "
 "system."
-msgstr "请输入密码以在 %s 系统内部保护已导入的对象。"
+msgstr "请输入密码以在 GnuPG 系统内部保护已导入的对象。"
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
-msgstr "此密钥（或子密钥）未受密码保护。请输入新的密码以将其导出。"
+msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "长度超过 %d 位的 ssh 密钥不被支持\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "无法创建 ‘%s’： %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "无法打开 ‘%s’： %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "检测到的卡 S/N 码为: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "卡片上没有 ssh 身份验证用的密钥：%s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "没有找到合适的卡片密钥：%s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, c-format
 msgid "error getting list of cards: %s\n"
 msgstr "获取卡片列表时出现错误：%s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
 "allow this?"
 msgstr "一个 ssh 进程请求使用密钥%%0A  %s%%0A  (%s)%%0A您想要允许这一请求吗？"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "允许"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "拒绝"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "请输入 ssh 密钥 %%0A  %F%%0A  (%c)  的密码"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -292,90 +266,87 @@ msgstr ""
 "请输入一个密码，以便于在 gpg-agent 的密钥存储中保护接收到的私钥 %%0A   %s"
 "%%0A   %s%%0A"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "从以下套接字创建流时失败： %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "请插入具有以下序列号的卡"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "请移除当前的卡并插入具有以下序列号的那一张"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "管理员 PIN"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PUK"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "重置码"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr "按下卡片/令牌上的 ACK 按钮。"
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 msgid "Use the reader's pinpad for input."
 msgstr "使用读卡器小键盘输入。"
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "再次输入此重置码"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "再次输入此 PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "再次输入此 PIN"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "重置码再次输入时与首次输入不符；请重试"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "PUK 再次输入时与首次输入不符；请重试"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "PIN 再次输入时与首次输入不符；请重试"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "请输入 PIN%s%s%s 以解锁这张卡"
 
-#: agent/genkey.c:157
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
 #, c-format
-msgid "error writing to pipe: %s\n"
-msgstr "写入管道时出现错误：%s\n"
+msgid "error creating temporary file: %s\n"
+msgstr "创建临时文件时出现错误： %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "写入临时文件时出现错误： %s\n"
+
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "输入新的密码"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "无论如何使用这个"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "您并没有输入一个密码！%0A不允许密码留空。"
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -384,242 +355,253 @@ msgstr ""
 "您并没有输入一个密码 - 这通常不是一个好主意！%0A请确认您不想给您的密钥加上任"
 "何的保护。"
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "是的，保护不是必须的"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "密码长度应至少为 %u 字符。"
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 msgstr[0] "密码应当包括至少 %u 位或者%%0A特殊字符。"
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, c-format
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "密码不应该是一个已知的用语或者与%%0A特定的模式相匹配。"
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "警告：您输入了一个不安全的密码。"
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "无论如何使用这个"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "请输入密码以%0A保护您的新密钥"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "请输入新的密码"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 msgid "Options used for startup"
-msgstr "启动选项"
+msgstr "用于启动的选项"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "以守护进程模式运行 （后台）"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "以服务进程模式运行 （前台）"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 msgid "run in supervised mode"
 msgstr "以管理进程模式运行"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "请勿离开控制台"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh 风格的命令行输出"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh 风格的命令行输出"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|FILE|从 FILE 中读取选项"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "控制诊断输出的选项"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "详细模式"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "尽量减少提示信息"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|FILE|将服务器模式的日志写入到 FILE"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "控制配置的选项"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "不使用 SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|使用 PGM 作为 SCdaemon 程序"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|使用 PGM 作为 SCdaemon 程序"
+
+#: agent/gpg-agent.c:208
 msgid "|NAME|accept some commands via NAME"
 msgstr "|NAME|通过 NAME 接收一些命令"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "忽略改变 TTY 的请求"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "忽略改变 X display 的请求"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "启用 ssh 支持"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr "|ALGO|使用 ALGO 显示 ssh 指纹"
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "启用 putty 支持"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "控制安全的选项"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|使被缓存的 PIN 在 N 秒后过期"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|在 N 秒后使 SSH 密钥过期"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|设置 PIN 缓存的生命周期为 N 秒"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|设置 SSH 缓存的生命周期为 N 秒"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "在签名时不使用 PIN 缓存"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 msgid "disallow the use of an external password cache"
-msgstr "禁止使用外部的密码缓存"
+msgstr "禁止使用一个外部的密码缓存"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
-msgstr "禁止客户端将密钥标记为“信任”"
+msgstr "禁止客户端将一个密钥标记为“信任”"
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "允许预设置的密码"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "选项强制要求一个密码策略"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "不允许绕过密码的策略"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|设置要求新密码的最短长度为 N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|要求新密码至少有 N 个非字母字符"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|FILE|按 FILE 中的样式检查新密码"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|在 N 天后使密码过期"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "不允许再次使用旧的密码"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 msgid "Options controlling the PIN-Entry"
-msgstr "PIN-Entry 控制选项"
+msgstr "控制 PIN-Entry 的选项"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr "不使用 PIN-entry"
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr "禁止调用者覆盖 pinentry"
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "允许 PIN-Entry 抓取键盘与鼠标"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|使用 PGM 作为 PIN-Entry 程序"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|设置 Pinentry 的超时时间为 N 秒"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr "运行密码通过 Emacs 回显"
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr ""
 "请向 <@EMAIL@> 报告程序缺陷。\n"
 "请向 <i18n-zh@googlegroups.com> 邮件列表反映简体中文的翻译问题或建议。\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "用法： @GPG_AGENT@ [选项] （-h 获取帮助）"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -627,136 +609,131 @@ msgstr ""
 "语法： @GPG_AGENT@ [选项] [命令 [参数]]\n"
 "@GNUPG@ 私钥管理器\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "无效的调试级别‘%s’\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "所选的散列算法无效\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "从‘%s’读取选项\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "注意：‘%s’不被认为是一个选项\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "无法创建套接字： %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "套接字名称‘%s’太长\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr "正尝试从运行的 %s 处夺取套接字\\n\n"
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
-msgstr "有一个 gpg-agent 实例正在运行 - 无须启动新的实例\n"
+msgstr "一个 gpg-agent 实例正在运行 - 不启动新的实例\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "获取套接字 nonce 时出现错误\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "绑定套接字到 '%s' 时出现错误： %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, c-format
 msgid "can't set permissions of '%s': %s\n"
 msgstr "无法设置‘%s’的权限： %s\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "正在监听套接字‘%s’\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "无法创建目录‘%s’：%s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "目录‘%s’已创建\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "‘%s’的 stat() 方法失败：%s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "无法使用‘%s’作为家目录\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "在读取 fd %d 上的 nonce 时出现错误： %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "句柄 0x%lx 于文件描述符 %d 启动\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "句柄 0x%lx 于文件描述符 %d 终止\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh 句柄 0x%lx 于文件描述符 %d 启动\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh 句柄 0x%lx 于文件描述符 %d 终止\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_pselect 方法失败：%s - 等待 1s\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s 已停止\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "此会话中没有 gpg-agent 实例运行\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -764,11 +741,11 @@ msgstr ""
 "@选项:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "用法： gpg-preset-passphrase [选项] KEYGRIP (-h 获取帮助)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -776,8 +753,8 @@ msgstr ""
 "语法： gpg-preset-passphrase [选项] KEYGRIP\n"
 "密码缓存管理\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -785,8 +762,8 @@ msgstr ""
 "@命令：\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -796,11 +773,11 @@ msgstr ""
 "选项：\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "用法： gpg-protect-tool [选项] (-h 获取帮助)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -808,21 +785,21 @@ msgstr ""
 "语法：gpg-protect-tool [选项] [参数]\n"
 "私钥管理工具\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "请输入密码以解密 PKCS#12 对象。"
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "请输入密码以保护新的 PKCS#12 对象。"
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr "请输入密码以在 GnuPG 系统内部保护已导入的对象。"
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -830,53 +807,52 @@ msgstr ""
 "请输入所需的密码或者 PIN\n"
 "以完成此操作。"
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "已取消\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "请求密码时出现错误： %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "打开‘%s’时出现错误：%s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "文件‘%s’ 的第 %d 行：%s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "已忽略声明 “%s” ，其位于‘%s’的第 %d 行\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "系统信任列表 ‘%s’ 不可用\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "错误的指纹，其位于 ‘%s’ 的第 %d 行\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "无效的密钥标记，其位于 ‘%s’ 的第 %d 行\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "读取 ‘%s’ 的第 %d 行时出现错误：%s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "读取受信任的根证书列表时出现错误\n"
@@ -889,18 +865,18 @@ msgstr "读取受信任的根证书列表时出现错误\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr "您要无限地信任%%0A  “%s”%%0A为正确的认证用户证书吗?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "是"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "否"
@@ -913,7 +889,7 @@ msgstr "否"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -923,35 +899,35 @@ msgstr "请确认被识别为%%0A “%s”%%0A的证书具有以下的指纹：%
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "正确"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "错误"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "注意：此密码从未被修改过。%0A请立即修改。"
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr "此密码自从 %.4s-%.2s-%.2s 起未被修改过。%%0A请立即修改。"
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "更改密码"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
-msgstr "稍后修改"
+msgstr "我想稍后修改"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, c-format
 msgid ""
 "Do you really want to delete the key identified by keygrip%%0A  %s%%0A  %%C"
@@ -959,11 +935,11 @@ msgid ""
 msgstr ""
 "您真的想要删除这个被以下的 keygrip 所标识的密钥吗 %%0A  %s%%0A  %%C%%0A？"
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "删除密钥"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -971,92 +947,92 @@ msgstr ""
 "警告：这个密钥也被列为用于 SSH！\n"
 "删除这个密钥可能使您失去访问远程主机的能力。"
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA 要求散列值长度为 8 位的倍数\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "%s 密钥使用了一个不安全的（%u 位）散列\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zu 位的散列对于一个 %u 位的 %s 密钥无效\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "检查已建立的签名时发生错误： %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "私钥部分不可用\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
-msgstr "不支持的公钥算法: %d (%s)\n"
+msgstr "公钥算法 %d (%s) 不被支持\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
-msgstr "不支持的保护算法: %d (%s)\n"
+msgstr "保护算法 %d (%s) 不被支持\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
-msgstr "不支持的保护散列算法: %d (%s)\n"
+msgstr "保护散列算法 %d (%s) 不被支持\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "创建管道时发生错误： %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "为管道创建流时出现错误： %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "在 fork 进程时出现错误： %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "等待进程 %d 终止时失败： %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "运行‘%s’时出现错误：可能未安装\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "运行‘%s’时出现错误：退出代码 %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "运行‘%s’时出现错误：被终止\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, c-format
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "等待进程终止时失败： %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "获取进程 %d 的退出代码时出现错误： %s\n"
@@ -1071,33 +1047,33 @@ msgstr "无法连接至‘%s’：%s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "gpg-agent 的选项设置存在问题\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "无法禁用核心内存转储：%s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "警告： %s 具有不安全的文件所有权 “%s”\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "警告：%s 具有不安全的文件权限位 “%s”\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "等待 ‘%s’ 可被访问...\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "将 ‘%s’ 重命名为 ‘%s’ 时失败：%s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes"
 
@@ -1154,50 +1130,91 @@ msgstr "分配 %lu 字节时安全内存不足"
 msgid "out of core while allocating %lu bytes"
 msgstr "分配 %lu 字节时内存不足"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "在分配足够的内存时出现错误： %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: 废弃的选项 \"%s\" - 此选项不会产生作用\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "警告： “%s%s” 是一个废弃的选项 - 此选项不会产生作用\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr "未知的调试选项 ‘%s’ 已被忽略\n"
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
 #, c-format
-msgid "waiting for the %s to come up ... (%ds)\n"
-msgstr "正在等待 %s 拉起…… ( %d 秒) \n"
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "等待 dirmngr 启动 ... (%ds)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:350
 #, c-format
-msgid "connection to %s established\n"
-msgstr "已连接 %s\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
+msgstr "正在等待 keyboxd 启动…… ( %d 秒) \n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:351
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "没有正在运行的 gpg-agent 实例 - 正在启动 ‘%s’\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "正在等待 agent 启动…… ( %d 秒) \n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:364
 #, c-format
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the dirmngr established\n"
+msgstr "与 dirmngr 的连接已建立\n"
+
+#: common/asshelp.c:366
+#, c-format
+msgid "connection to the keyboxd established\n"
+msgstr "已建立与 keyboxd 的连接\n"
+
+#: common/asshelp.c:367
+#, c-format
+msgid "connection to the agent established\n"
+msgstr "已建立与代理的连接\n"
+
+#: common/asshelp.c:485
+#, c-format
+msgid "no running %s - starting '%s'\n"
+msgstr "无运行的 %s ——正在启动‘%s’\n"
+
+#: common/asshelp.c:588
+#, c-format
+msgid "connection to the agent is in restricted mode\n"
 msgstr "与代理的连接处于受限模式\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
+#, c-format
+msgid "error getting version from '%s': %s\n"
+msgstr "从 ‘%s’ 获取版本时出现错误: %s\n"
+
+#: common/asshelp.c:731
+#, c-format
+msgid "server '%s' is older than us (%s < %s)"
+msgstr "服务器 ‘%s’ 比我们的版本更老 （%s < %s）"
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, c-format
+msgid "WARNING: %s\n"
+msgstr "警告：%s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr "注意： 过时的服务器可能缺少重要的安全修复。\n"
+
+#: common/asshelp.c:742
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "无运行的 Dirmngr ——正在启动‘%s’\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "注意： 使用 “%s” 来重启他们。\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1267,7 +1284,7 @@ msgid "algorithm: %s"
 msgstr "算法：%s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "不支持的算法：%s"
@@ -1342,11 +1359,11 @@ msgstr "证书链条有效"
 msgid "Root certificate trustworthy"
 msgstr "根证书可靠"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "未找到该证书的证书吊销列表（CRL）"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "可用的证书吊销列表（CRL）太旧"
 
@@ -1383,7 +1400,7 @@ msgstr "没有关于 ‘%s’ 的可用帮助。"
 msgid "ignoring garbage line"
 msgstr "忽略无用行"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[未有]"
 
@@ -1392,127 +1409,25 @@ msgstr "[未有]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "无效的 radix64 字符 %02x 已被跳过\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
-msgstr "抱歉，正处于批处理模式——无法获取输入\n"
+msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
-msgstr "抱歉，要求了无终端模式——无法获取输入\n"
+msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
-msgstr "错误过多；放弃\n"
+msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
-msgstr "检测到 Control-D\n"
-
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "未预期的参数"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "读取错误"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "关键字太长"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "缺少参数"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "无效的参数"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "无效的命令"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "无效的别名定义"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr "权限错误"
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "内存不足"
-
-#: common/argparse.c:540 common/argparse.c:575
-msgid "invalid meta command"
-msgstr "无效元命令"
-
-#: common/argparse.c:542 common/argparse.c:577
-msgid "unknown meta command"
-msgstr "未知元命令"
-
-#: common/argparse.c:544 common/argparse.c:579
-msgid "unexpected meta command"
-msgstr "意外的元命令"
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "无效的选项"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "选项 “%.50s” 的参数缺失\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "选项 “%.50s” 的参数无效\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "选项 “%.50s” 不需要参数\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "无效的命令 \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "选项 “%.50s” 含义模糊\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "命令 “%.50s” 含义模糊\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "无效的选项 “%.50s”\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "注意：没有默认配置文件‘%s’\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "选项文件‘%s’：%s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr "注意：由于全局配置，忽略选项 “--%s”\n"
+msgstr ""
 
 #: common/utf8conv.c:123
 #, c-format
@@ -1529,520 +1444,512 @@ msgstr "iconv_open 方法失败： %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "从 ‘%s’ 转换到 ‘%s’ 时失败：%s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "创建临时文件 ‘%s’ 失败： %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "写入 ‘%s’ 时出现错误： %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "移除旧的锁文件 （由 %d 创建）\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "等待锁（由 %d%s 持有） %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "（死锁？） "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "锁 ‘%s’ 未被建立： %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "等待锁 %s...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s 太旧 （需要 %s，拥有 %s）\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "字符封装：%s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "无效的字符封装头： "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "字符封装头： "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "无效的明文签名头\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "未知的字符封装头： "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "嵌套明文签名\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "与预期不符的字符封装： "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "无效的连字符转义行： "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "无效的 radix64 字符 %02X 已被跳过\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "文件过早结束（没有 CRC 部分）\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "文件过早结束（CRC 部分未结束）\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "异常的 CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC 错误；%06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "文件过早结束（于结尾处）\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "结尾行出现错误\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "找不到有效的 OpenPGP 数据。\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "无效的字符封装：一行超过 %d 字符\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr ""
 "字符封装中出现引号包裹起来的可打印字符 - 可能使用了有缺陷的邮件传输代理\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, c-format
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "[ 非人类可读（%zu 字节：%s%s） ]"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
 "an '='\n"
 msgstr "一个记号的名称必须只含有可打印字符或者空格，并且以一个‘=’结尾\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "一个用户记号名称必须包含‘@’字符\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "一个记号名称必须不包含多于一个的‘@’字符\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "一个记号的值必须不能使用任何的控制字符\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, c-format
 msgid "a notation name may not contain an '=' character\n"
 msgstr "一个记号的名称可能不能包含‘=’字符\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, c-format
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "一个记号的名称必须只含有可打印字符或者空格\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "警告： 找到的记号数据无效\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "代理 %s 到客户端的查询失败\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "输入密码： "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
-#, c-format
-msgid "error getting version from '%s': %s\n"
-msgstr "从 ‘%s’ 获取版本时出现错误: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr "服务器 ‘%s’ 比我们的版本更老 （%s < %s）"
-
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
-#, c-format
-msgid "WARNING: %s\n"
-msgstr "警告：%s\n"
-
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "注意： 过时的服务器可能缺少重要的安全修复。\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s 与 %s 模式不兼容\n"
 
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, c-format
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "注意： 使用 “%s” 来重启他们。\n"
+#: g10/call-agent.c:1081
+#, fuzzy, c-format
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "读取 %s 时出现错误：%s\n"
 
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s 与 %s 模式不兼容\n"
+msgid "problem with the agent: %s\n"
+msgstr "代理人程序出现问题：%s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, c-format
 msgid "no dirmngr running in this session\n"
 msgstr ""
 "此会话中没有正在运行的 dirmngr\n"
 "\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, c-format
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
-msgstr "密钥服务器选项 “%s” 不应用于 %s 模式中\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
+msgstr "密钥服务器选项 “honor-keyserver-url” 不应用于 Tor 模式中\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr "WKD 使用了缓存的结果"
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr "Tor 未在运行"
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 msgid "Tor is not properly configured"
 msgstr "Tor 配置错误"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 msgid "DNS is not properly configured"
 msgstr "DNS 配置错误"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr "无法接受来自服务器的 HTTP 重定向"
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr "已清除来自服务器的不可接受的 HTTP 重定向"
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 msgid "server uses an invalid certificate"
 msgstr "服务器证书无效"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, c-format
 msgid "Note: %s\n"
 msgstr "注意：%s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "OpenPGP 卡不可用：%s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "检测到 OpenPGP 卡，号码为 %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "在批处理模式中无法完成此操作\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "这一命令只在版本 2 的卡上可用\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "重置码不可用或不再可用\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "您的选择是？ "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[未设定]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr "先生"
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr "女士"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "非强制"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "强制"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "错误：目前只允许使用纯 ASCII 字符。\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "错误：不能使用字符 “<”。\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "错误：不允许出现两个空格。\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "卡片持有人的姓： "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "卡片持有人的名： "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "错误：合成后的姓名太长（至多 %d 个字符）。\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "拉取公钥的 URL： "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "读取 ‘%s’ 时出现错误：%s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "写入 ‘%s’ 时出现错误： %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "登录数据（帐户名）： "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "个人 DO 数据： "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "语言偏好： "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "错误：偏好字符串长度无效。\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "错误：偏好字符串中存在无效字符。\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr "称呼（M = 先生，F = 女士，或者留空)： "
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "错误：无效的响应。\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "CA 指纹： "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "错误：指纹格式无效。\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "密钥操作无法实现：%s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "不是一个 OpenPGP 卡"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "取得当前密钥信息时出错：%s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "替换现存的密钥？(y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
-"注意：不能保证卡支持所要求的密钥长度。\n"
-"      如果密钥生成不成功，请检查\n"
-"      卡的允许密钥长度。\n"
+"注意：不能保证该卡支持所请求的密钥类型或大小。\n"
+"      如果密钥生成不成功，请检查您的卡片文档，\n"
+"      查看其所支持的密钥类型和大小。\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "您想要使用的密钥长度？(%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "舍入到 %u 位\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s 密钥长度必须在 %u 与 %u 间\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr "正在改变卡片的密钥属性： "
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 msgid "Signature key\n"
 msgstr "签名密钥\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 msgid "Encryption key\n"
 msgstr "加密密钥\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 msgid "Authentication key\n"
 msgstr "身份验证密钥\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "请选择您要使用的密钥类型：\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, c-format
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "无效的选择。\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "此卡片将会被重新配置以生成一个 %u 位的新密钥\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "此卡片将会被重新配置以生成一个以下类型的密钥： %s\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, c-format
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "改变密钥 %d 的密钥属性时出现错误： %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, c-format
 msgid "error getting card info: %s\n"
 msgstr "获取卡片信息时出现错： %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, c-format
 msgid "This command is not supported by this card\n"
 msgstr "此命令不被此卡片支持\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "创建加密密钥的离卡备份？ (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "注意： 已有私钥被存储于卡片上！\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "替换现存的密钥？(y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2053,185 +1960,196 @@ msgstr ""
 "  PIN = ‘%s’    管理员 PIN = ‘%s’\n"
 "您应当使用 --change-pin 命令来更改它们\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "请选择您要生成的密钥类型：\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "  (1) 签名密钥\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "  (2) 加密密钥\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "  (3) 身份验证密钥\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "请选择在哪里存储密钥：\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD 失败： %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, c-format
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "注意： 这一命令将会销毁所有储存于卡片上的私钥！\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 msgid "Continue? (y/N) "
 msgstr "继续？ (y/N) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr "真的要执行恢复出厂设置吗？ (输入“yes”) "
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, c-format
 msgid "error for setup KDF: %s\n"
 msgstr "设置 KDF 时出现错误： %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, c-format
+msgid "error for setup UIF: %s\n"
+msgstr "设置 KDF 时出现错误： %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "退出此菜单"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "显示管理员命令"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "显示此帮助"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "列出所有可用数据"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "更改卡持有人的姓名"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "更改拉取密钥的 URL"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "根据卡中指定的 URL 获取密钥"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "更改登录名"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "更改语言偏好"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 msgid "change card holder's salutation"
 msgstr "变更卡片持有人的称呼"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "更改一个 CA 指纹"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
-msgstr "切换签名强制使用 PIN 标志"
+msgstr "开关签名的强制 PIN 设置"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "生成新的密钥"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "更改或解锁 PIN 的菜单"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "验证 PIN 并列出所有数据"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "使用重置码解锁 PIN"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr "销毁所有密钥和数据"
 
-#: g10/card-util.c:2180
-msgid "setup KDF for PIN authentication"
-msgstr "针对 PIN 身份验证设置 KDF"
+#: g10/card-util.c:2235
+msgid "setup KDF for PIN authentication (on/single/off)"
+msgstr "针对 PIN 身份验证设置 KDF（开启/单一/关闭）"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 msgid "change the key attribute"
 msgstr "更改密钥属性"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+msgid "change the User Interaction Flag"
+msgstr "变更用户交互选项"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/card> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "仅供管理员使用的命令\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "管理员命令可用\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "管理员命令不可用\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "无效的命令  （尝试“help”）\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output 在这个命令中不起作用\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "无法打开 ‘%s’\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "未找到密钥 ‘%s’：%s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "读取密钥块时出现错误： %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, c-format
 msgid "key \"%s\" not found\n"
 msgstr "未找到密钥 “%s”\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "（除非您用指纹指定密钥）\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "无法于批处理模式中在没有“--yes”的情况下完成此操作\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "（除非您用指纹指定密钥）\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr "注意：将删除主公钥及其所有子钥。\n"
@@ -2269,9 +2187,9 @@ msgstr "密钥"
 msgid "subkey"
 msgstr "子密钥"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "更新失败：%s\n"
@@ -2296,153 +2214,112 @@ msgstr "存在一个私钥对应于公钥 “%s”！\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "请先使用“--delete-secret-keys”选项来删除它。\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "警告： 强制对称密文 %s (%d) 与接收者的偏好设置冲突\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "创建密码时出现错误：%s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "由于在 S2K 模式，不能使用一个对称的 ESK 封包\n"
 
-#: g10/encrypt.c:282
+#: g10/encrypt.c:370
 #, c-format
-msgid "using cipher %s\n"
-msgstr "使用加密 %s\n"
+msgid "using cipher %s.%s\n"
+msgstr "使用加密 %s.%s\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "‘%s’已被压缩\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "警告：‘%s’是一个空文件\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, c-format
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "密文算法 ‘%s’ 可能不能被用于加密\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr "（使用选项 “%s” 来覆盖）\n"
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "密文算法 ‘%s’ 可能不能被用于 %s 模式\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "摘要算法‘%s’不能在 %s 模式下使用\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
-#, c-format
-msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "警告： 密钥 %s 在 %s 模式下不适用于加密\n"
-
-#: g10/encrypt.c:679
+#: g10/encrypt.c:727
 #, c-format
 msgid "reading from '%s'\n"
 msgstr "正在从‘%s’读取\n"
 
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "警告： 强制对称密文 %s (%d) 与接收者的偏好设置冲突\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
+#, c-format
+msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
+msgstr "警告： 密钥 %s 在 %s 模式下不适用于加密\n"
+
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "警告： 强制压缩算法 %s (%d) 与接收者的偏好设置冲突\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s 已经加密给：“%s”\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "强行对称密文算法 %s (%d) 与接收者的偏好设置冲突\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1159
+#, c-format
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
+msgstr "%s/%s.%s 已经加密给：“%s”\n"
+
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, c-format
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "选项 ‘%s’ 可能不能用于 %s 模式\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
 #, c-format
-msgid "%s encrypted data\n"
-msgstr "%s 加密过的数据\n"
+msgid "%s.%s encrypted data\n"
+msgstr "%s.%s 已加密的数据\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "以未知的算法 %d 加密\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "警告： 消息使用了一个弱密钥以对称密文的形式加密\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "处理加密封包时出现问题\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "不支持远程程序执行\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr "由于文件权限位不安全，外部程序调用被禁用\n"
-
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr "此平台上调用外部程序时要求临时文件\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "无法执行程序‘%s’：%s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "无法执行外壳程序‘%s’：%s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "调用外部程序时出现系统错误：%s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "外部程序异常退出\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "无法执行外部程序\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "无法读取外部程序响应：%s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "警告：无法删除临时文件（%s）‘%s’：%s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "警告：无法删除临时目录‘%s’：%s\n"
-
 #: g10/export.c:119
 msgid "export signatures that are marked as local-only"
 msgstr "导出被标记为“仅限本地”的签名"
@@ -2463,366 +2340,366 @@ msgstr "导出时移除密钥中未使用的部分"
 msgid "remove as much as possible from key during export"
 msgstr "导出时尽可能移除密钥中的可选部分"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr "使用 GnuPG 密钥备份格式"
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - 已跳过"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "正在写入‘%s’\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "密钥 %s：密钥在卡片上 - 已跳过\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "不允许导出私钥\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "密钥 %s：PGP 2.x 样式的密钥 - 已跳过\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "警告：没有导出任何东西\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "创建‘%s’时出现错误：%s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[用户标识未找到]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "自动拉取‘%s’，通过 %s\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "拉取‘%s’通过 %s 时出现错误： %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "无指纹"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr "正在通过 %s 检查一个已过期密钥的新拷贝\n"
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "找不到私钥 “%s”：%s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, c-format
 msgid "(check argument of option '%s')\n"
 msgstr "（检查选项 ‘%s’ 的参数）\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, c-format
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "警告：未使用‘%s’作为默认密钥：%s\n"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, c-format
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "使用 “%s” 作为默认签名用私钥\n"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr "传递给‘%s’的所有值被忽略\n"
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "无效的密钥 %s 通过 --allow-non-selfsigned-uid 生效\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "使用子密钥 %s 而非主密钥 %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, c-format
 msgid "valid values for option '%s':\n"
 msgstr "选项 ‘%s’ 的有效值:\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "生成一份签名"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "生成一份明文签名"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "生成一份分离的签名"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "加密数据"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "仅使用对称密文加密"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "解密数据（默认）"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "验证签名"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "列出密钥"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "列出密钥和签名"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "列出并检查密钥签名"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "列出密钥和指纹"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "列出私钥"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "生成一个新的密钥对"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "快速生成一个新的密钥对"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 msgid "quickly add a new user-id"
 msgstr "快速添加一个新的用户标识"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 msgid "quickly revoke a user-id"
 msgstr "快速吊销一个用户标识"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 msgid "quickly set a new expiration date"
 msgstr "快速设置一个过期日期"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "完整功能的密钥对生成"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "生成一份吊销证书"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "从公钥钥匙环里删除密钥"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "从私钥钥匙环里删除密钥"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "快速签名一个密钥"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "快速本地签名一个密钥"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 msgid "quickly revoke a key signature"
 msgstr "快速吊销一个密钥签名"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "签名一个密钥"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "本地签名一个密钥"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "签名或编辑一个密钥"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "更改密码"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "导出密钥"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
-msgstr "将密钥导出到一个公钥服务器上"
+msgstr "个密钥导出到一个公钥服务器上"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "从公钥服务器上导入密钥"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "在公钥服务器上搜索密钥"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "从公钥服务器更新所有密钥"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "导入/合并密钥"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "打印卡片状态"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "更改卡片上的数据"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "更改卡片的 PIN"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "更新信任数据库"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "打印消息摘要"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "以服务器模式运行"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr "|VALUE|设置一个密钥的 TOFU 政策"
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|NAME|使用 NAME 作为默认的私钥"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|NAME|同时给以 NAME 为名称的用户标识加密"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|设置电子邮件别名"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "使用严格的 OpenPGP 行为"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "不做任何更改"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "覆盖前提示"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 msgid "Options controlling the input"
-msgstr "输入控制选项"
+msgstr "控制输入的选项"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 msgid "Options controlling the output"
-msgstr "输出控制选项"
+msgstr "控制输出的选项"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "创建 ASCII 字符封装的输出"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|FILE|写输出到 FILE"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "使用规范的文本模式"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|设置压缩等级为 N （0 为禁用）"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 msgid "Options controlling key import and export"
-msgstr "密钥导入导出控制选项"
+msgstr "控制密钥导入导出的选项"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|通过邮件地址定位密钥时使用机制 MECHANISMS"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 msgid "import missing key from a signature"
 msgstr "从签名导入缺少的密钥"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 msgid "include the public key in signatures"
 msgstr "在签名中包含公钥"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "禁用对 dirmngr 的所有访问"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 msgid "Options controlling key listings"
-msgstr "密钥列出控制选项"
+msgstr "控制密钥列表的选项"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 msgid "Options to specify keys"
-msgstr "指定密钥选项"
+msgstr "指定密钥的选项"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|USER-ID|为 USER-ID 加密"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|USER-ID|使用 USER-ID 来签名或者解密"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
-msgstr "无人值守选项"
+msgstr "用于无人值守的选项"
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr "其他选项"
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2830,7 +2707,7 @@ msgstr ""
 "@\n"
 "（请参考手册页以获得所有命令和选项的完整列表）\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2850,11 +2727,11 @@ msgstr ""
 " --list-keys [名字]        列出密钥\n"
 " --fingerprint [名字]      显示指纹\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "用法： @GPG@ [选项] [文件] (-h 获取帮助)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2864,7 +2741,7 @@ msgstr ""
 "签名、检查、加密或解密\n"
 "默认的操作依输入数据而定\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2872,537 +2749,549 @@ msgstr ""
 "\n"
 "支持的算法：\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "公钥： "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "密文： "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "散列： "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "压缩：  "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "用法： %s [选项] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "冲突的指令\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "群组定义 ‘%s’ 中找不到 = 标志\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "警告：家目录‘%s’的所有权不安全\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "警告：配置文件‘%s’的所有权不安全\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "警告：扩展模块‘%s’的所有权不安全\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "警告：家目录‘%s’的权限位不安全\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "警告：配置文件‘%s’的权限位不安全\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "警告：扩展模块‘%s’的权限位不安全\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "警告：家目录‘%s’的上级目录所有权不安全\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "警告：配置文件‘%s’的上级目录所有权不安全\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "警告：扩展模块‘%s’的上级目录所有权不安全\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "警告：家目录‘%s’的上级目录权限位不安全\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "警告：配置文件‘%s’的上级目录权限不安全\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "警告：扩展模块‘%s’的上级目录权限位不安全\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "未知的配置项‘%s’\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "列出密钥时显示照片标识"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "列出密钥时显示用途信息"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "列出签名时显示策略 URL"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "列出签名时显示所有注记"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "列出签名时显示 IETF 标准注记"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "列出签名时显示用户提供的注记"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "列出签名时显示首选公钥服务器 URL"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "列出密钥时显示用户标识的有效性"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "列出密钥时显示已吊销或已过期的用户标识"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "列出密钥时显示已吊销或已过期的子密钥"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "列出密钥时显示钥匙环的名称"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "列出签名时显示过期日期"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, c-format
 msgid "unknown TOFU policy '%s'\n"
 msgstr "未知的 TOFU 政策‘%s’\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr "（使用“help”来列出选择）\n"
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "不允许在 %s 模式中使用此命令。\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "注意：%s 不适用于一般使用！\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "‘%s’不是一个有效的签名过期日期\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, c-format
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "“%s” 不是一个合适的邮件地址\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "无效的 pinentry 模式‘%s’\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, c-format
 msgid "invalid request origin '%s'\n"
 msgstr "无效的请求来源‘%s’\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "‘%s’不是一个有效的字符集\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "无法解析公钥服务器 URL\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s：%d：无效的公钥服务器选项\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "无效的公钥服务器选项\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s：%d：无效的导入选项\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "无效的导入选项\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, c-format
 msgid "invalid filter option: %s\n"
 msgstr "无效的过滤选项：%s\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s：%d：无效的导出选项\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "无效的导出选项\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s：%d：无效的列表选项\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "无效的列表选项\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "验证签名时显示照片标识"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "验证签名时显示策略 URL"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "验证签名时显示所有注记"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "验证签名时显示 IETF 标准注记"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "验证签名时显示用户提供的注记"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "验证签名时显示首选公钥服务器 URL"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "验证签名时显示用户标识的有效性"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "验证密钥时显示已吊销或已过期的子钥"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "在签名验证中只显示主要用户标识"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "使用 PKA 数据验证签名"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "提升带有有效 PKA 数据的签名的信任度"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: 无效的验证选项\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "无效的验证选项\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "无法设置运行路径为 %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s%d: 无效的 auto-key-locate 列表\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "无效的 auto-key-locate 列表\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "选项 “%.50s” 的参数无效\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "警告：程序可能会创建核心内存转储文件！\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "警告：%s 覆盖了 %s \n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s 不允许与 %s 并用\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s 与 %s 并用时不起作用\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "警告：正在以虚假的系统时间运行： "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "不会在内存不安全的情况下运行，原因是 %s\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "所选的密文算法无效\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, c-format
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "所选择的 AEAD 算法无效\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "所选的压缩算法无效\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "所选的证书散列算法无效\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "需要的完全可信签名数一定要大于 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "需要的勉强可信签名数一定要大于 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "最大证书链深度（max-cert-depth）一定要介于 1 和 255 之间\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "无效的默认认证级别（default-cert-level）；必须为 0，1，2 或 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "无效的最小认证级别（default-cert-level）；必须为 1，2 或 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "注意：强烈不建议使用简单的 S2K 模式 (0)\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "无效的 S2K 模式；必须是 0，1 或 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "无效的默认偏好设置\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "无效的个人密文偏好设置\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, c-format
+msgid "invalid personal AEAD preferences\n"
+msgstr "无效的个人 AEAD 偏好设置\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "无效的个人摘要算法偏好设置\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "无效的个人压缩算法首选项\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, c-format
+msgid "chunk size invalid - using %d\n"
+msgstr "块大小无效 - 使用 %d\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s 尚不能和 %s 并用\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, c-format
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n"
+
+#: g10/gpg.c:4070
 #, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "压缩算法‘%s’不能在 %s 模式下使用\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "初始化信任度数据库失败：%s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "警告：给定了接收者（-r）但并未使用公钥加密\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "对称加密‘%s’失败：%s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "您不能在使用 --symmetric --encrypt 时使用 --s2k-mode 0\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "您不能在 %s 模式下使用 --symmetric -encrypt\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "您不能在使用 --symmetric --sign --encrypt 时使用 --s2k-mode 0\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "您不能在 %s 模式下使用 --symmetric --sign -encrypt\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "发送至公钥服务器失败：%s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "从公钥服务器接收失败：%s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "导出密钥失败：%s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, c-format
 msgid "export as ssh key failed: %s\n"
 msgstr "作为 ssh 密钥导出失败：%s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "公钥服务器搜索失败：%s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "公钥服务器刷新失败：%s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "解开字符封装时失败：%s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "进行字符封装时失败：%s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "无效的散列算法‘%s’\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, c-format
 msgid "error parsing key specification '%s': %s\n"
 msgstr "解析密钥指定‘%s’时出现错误：%s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr "‘%s’不像是一个有效的密钥标识、指纹或者 keygrip\n"
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr "警告：没有提供命令。正在尝试猜测您的意图...\n"
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "请开始输入您的消息…\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "给定的的证书策略 URL 无效\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "给定的签名策略 URL 无效\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "给定的首选公钥服务器 URL 无效\n"
@@ -3415,7 +3304,7 @@ msgstr "|FILE|从钥匙环 FILE 文件中取得密钥"
 msgid "make timestamp conflicts only a warning"
 msgstr "把时间戳冲突仅视为警告"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|FD|把状态信息写入文件描述符 FD"
 
@@ -3461,128 +3350,136 @@ msgid "do not update the trustdb after import"
 msgstr "导入后不更新信任度数据库"
 
 #: g10/import.c:181
+msgid "enable bulk import mode"
+msgstr "启用批量导入模式"
+
+#: g10/import.c:184
 msgid "show key during import"
 msgstr "在导入时显示密钥"
 
-#: g10/import.c:184
+#: g10/import.c:187
+msgid "show key but do not actually import"
+msgstr "显示密钥但不导入"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "只接受对现有密钥的更新"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "导入后移除密钥中无用的部分"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "导入后尽可能多地移除密钥中的可选部分"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr "忽略不是自签名的密钥签名"
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr "运行导入过滤器并立即导出密钥"
 
-#: g10/import.c:199
+#: g10/import.c:205
 msgid "assume the GnuPG key backup format"
 msgstr "假定为 GnuPG 密钥备份格式"
 
-#: g10/import.c:203
+#: g10/import.c:209
 msgid "repair keys on import"
 msgstr "在导入期间修复密钥"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "跳过 %d 类型的块\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "目前已处理 %lu 个密钥\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "处理的总数：%lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, c-format
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "    已跳过的 PGP-2 密钥：%lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "      已跳过的新密钥：%lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "          缺少用户标识：%lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "              已导入：%lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "             未改变：%lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "      新用户标识：%lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "        新的子密钥：%lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "        新的签名：%lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "   新的密钥吊销：%lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "      读取的私钥：%lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "  导入的私钥：%lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr " 未改变的私钥：%lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "          未被导入：%lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "    清理的签名：%lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr "      清理的用户标识：%lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
@@ -3591,166 +3488,171 @@ msgstr ""
 "警告：密钥 %s 包含了不可用算法的偏好设置\n"
 "于下列用户标识上：\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         “%s”：密文算法 %s 的首选项\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, c-format
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\"：关于 AEAD 算法 %s 的偏好设置\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         “%s”：散列算法 %s 对应首选项\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         “%s”：压缩算法 %s 对应首选项\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "强烈建议您更新您的偏好设置并重新分发这个密钥\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr "以避免可能的算法不匹配问题\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "您可以这样更新您的偏好设置：gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "密钥 %s：没有用户标识\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "密钥 %s： %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "被导入筛查器拒绝"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "密钥%s：PKS 子密钥破损已修复\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "密钥 %s：已接受不含自签名的用户标识 “%s”\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "密钥 %s：没有有效的用户标识\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "这可能由于遗失自签名所致\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "密钥 %s：找不到公钥：%s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "密钥 %s：新密钥 - 已跳过\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "找不到可写的钥匙环：%s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "写入钥匙环 ‘%s’ 时出现错误： %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "密钥 %s：公钥 “%s” 已导入\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "密钥 %s：与我们的副本不符合\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "密钥 %s：“%s” 1 个新的用户标识\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "密钥 %s：“%s” %d 个新的用户标识\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "密钥 %s：“%s” 1 个新的签名\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "密钥 %s：“%s” %d 个新的签名\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "密钥 %s：“%s” 1 个新的子密钥\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "密钥 %s：“%s” %d 个新的子密钥\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "密钥 %s：“%s” %d 个签名被清理\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "密钥 %s：“%s” %d 个签名被清理\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "密钥 %s：“%s” %d 个用户标识被清理\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "密钥 %s：“%s” %d 个用户标识被清理\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "密钥 %s：“%s” 未改变\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "密钥 %s：私钥已导入\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "密钥 %s：私钥已存在\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "密钥 %s：发送至代理人程序时出现错误：%s\n"
@@ -3763,197 +3665,203 @@ msgstr "密钥 %s：发送至代理人程序时出现错误：%s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr "要迁移 ‘%s’，对每一张智能卡，执行：%s\n"
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "私钥 %s：%s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "私钥导入被禁止\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "密钥 %s：私钥使用了无效的密文算法 %d - 已跳过\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "未指定原因"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "密钥被替换"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "密钥已泄漏"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "密钥不再使用"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "用户标识不再有效"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "吊销原因： "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "吊销注释： "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "密钥 %s：没有公钥 - 无法应用吊销证书\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "密钥 %s：无法定位原始的密钥区块：%s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "密钥 %s：无法读取原始的密钥区块：%s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "密钥 %s：无效的吊销证书：%s - 已拒绝\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "密钥 %s：“%s” 吊销证书已被导入\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "密钥 %s：签名没有用户标识\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "密钥 %s：用户标识 “%s” 使用了不支持的公钥算法\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "密钥 %s：用户标识 “%s” 自身签名无效\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "密钥 %s：不支持的公钥算法\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "密钥 %s：无效的直接密钥签名\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "密钥 %s：没有可供绑定的子密钥\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "密钥 %s：无效的子密钥绑定\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "密钥 %s：已删除多重子密钥绑定\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "密钥 %s：没有用于密钥吊销用的子密钥\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "密钥 %s：无效的子密钥吊销\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "密钥 %s：已删除多重子密钥吊销\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "密钥 %s：已跳过用户标识 “%s”\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "密钥 %s：已跳过子密钥\n"
 
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "密钥 %s：非可导出签名（验证级别 0x%02X）- 已跳过\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "密钥 %s：吊销证书位置错误――已跳过\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "密钥 %s：无效的吊销证书：%s――已跳过\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "密钥 %s：子钥签名位置错误 - 已跳过\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "密钥 %s：与预期不符的签名级别（0x%02X） - 已跳过\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "密钥 %s：检测到重复的用户标识 - 已合并\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, c-format
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "密钥 %s：检测到重复的子钥 - 已合并\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "警告：密钥 %s 可能已被吊销：正在取回吊销用密钥 %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "警告：密钥 %s 可能已被吊销：吊销用密钥 %s 不存在。\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "密钥 %s：已添加吊销证书 “%s”\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "密钥 %s：已添加直接密钥签名\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "分配内存时出现错误：%s\n"
@@ -3973,73 +3881,68 @@ msgstr "无法使用不支持的摘要算法 %d 检查签名：%s。\n"
 msgid " (reordered signatures follow)"
 msgstr "（以下是重排的签名）"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, c-format
 msgid "key %s:\n"
 msgstr "密钥 %s：\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, c-format
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "%d 个重复签名被移除\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, c-format
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "%d 个签名因密钥遗失而未被检查\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, c-format
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d 个损坏签名\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, c-format
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "%d 个签名已重排\n"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr "警告：发现错误并且只检查了自签名，请运行 ‘%s’ 检查所有签名。\n"
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "创建钥匙箱‘%s’时出现错误：%s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "创建钥匙环‘%s’时出现错误：%s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "钥匙箱‘%s’已创建\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "钥匙环‘%s’已创建\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "密钥区块资源‘%s’：%s\n"
 
-#: g10/keydb.c:969
-#, c-format
-msgid "error opening key DB: %s\n"
-msgstr "打开密钥数据库时出现错误：%s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "重新建立钥匙环缓存失败： %s\n"
@@ -4052,7 +3955,7 @@ msgstr "[吊销]"
 msgid "[self-signature]"
 msgstr "[自签名]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4062,12 +3965,12 @@ msgstr ""
 "请决定您对这名用户能否正确地验证其他用户密钥\n"
 "（通过查看护照，检查不同来源的的指纹等等）的相信程度\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = 我勉强相信\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = 我完全相信\n"
@@ -4097,12 +4000,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "用户标识 “%s” 已被吊销。"
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "您仍然想要为它签名吗？(y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  无法添加签名。\n"
 
@@ -4270,186 +4173,190 @@ msgstr "我非常小心地检查过这个密钥。\n"
 msgid "Really sign? (y/N) "
 msgstr "真的要签名吗？(y/N) "
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "签名时失败： %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr "密钥只有存根或者卡上项目 - 没有密码可以更改。\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "密钥 %s：修改密码时出现错误：%s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "保存并退出"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "显示密钥指纹"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 msgid "show the keygrip"
 msgstr "显示 keygrip"
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "列出密钥和用户标识"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "选择用户标识 N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "选择子密钥 N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "检查签名"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "为所选用户标识添加签名 [* 参见下面的相关命令]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "为所选用户标识添加本地签名"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "为所选用户标识添加信任签名"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "为所选用户标识添加不可吊销签名"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "增加一个用户标识"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "增加一个照片标识"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "删除选定的用户标识"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "增加一个子密钥"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "增加一个密钥到智能卡"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "移动一个密钥到智能卡"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "移动一个备份密钥到智能卡上"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "删除选定的子密钥"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "增加一个吊销用密钥"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "从所选用户标识上删除签名"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "变更密钥或所选子密钥的使用期限"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "标记所选的用户标识为主要"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "列出偏好设置（专家模式）"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "列出偏好设置（详细模式）"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "为所选用户标识设定偏好设置列表"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "为所选用户标识设定首选公钥服务器 URL"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "为所选用户标识的设定注记"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "变更密码"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "变更信任度"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "吊销所选用户标识上的签名"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "吊销选定的用户标识"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "吊销密钥或选定的子密钥"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "启用密钥"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "禁用密钥"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "显示选定的照片标识"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "压缩不可用的用户标识并从密钥上移除不可用的签名"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "压缩不可用的用户标识并从密钥上移除所有签名"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "私钥可用。\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 msgid "Secret subkeys are available.\n"
 msgstr "私密子密钥可用。\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "要有私钥才能这么做。\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4460,299 +4367,304 @@ msgstr ""
 "  信任签名，‘nr’前缀（nrsign）进行不可吊销签名，\n"
 "  或者上述三种前缀的任意组合（ltsign、tnrsign 等）。\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "密钥已被吊销。"
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "真的要签名所有的文本用户标识吗？(y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "真的要签名所有的用户标识吗？(y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "提示：选择用户标识以签名\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "未知的签名类型‘%s’\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "不允许在 %s 模式中使用此命令。\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "您必须选择至少一个用户标识。\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr "（使用‘%s’ 命令。)\n"
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "您不能删除最后一个用户标识！\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "真的要移除所有选定的用户标识吗？(y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "真的要移除此用户标识吗？(y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "真的要移动主密钥吗？(y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "您必须选择一个密钥。\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "命令需要一个文件名作为参数\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "无法打开‘%s’：%s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "从‘%s’读取备份密钥时出现错误：%s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "您必须选择至少一个密钥。\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "您真的想要删除选定的密钥吗？(y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "您真的要删除此密钥吗？(y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "真的要吊销所有选定的用户标识吗？(y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "真的要吊销此用户标识吗？(y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "您真的要吊销整个密钥吗？(y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "您真的要吊销选定的子密钥吗？(y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "您真的要吊销这个子密钥吗？(y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr "在使用一个用户提供的信任度数据库时信任度可能并未被设定\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "设定偏好设置列表为：\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "真的要更新所选用户标识的偏好设置吗？(y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "真的要更新偏好设置吗？(y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "要保存变更吗？(y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "要不保存而退出吗？(y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "密钥没有变更所以不需要更新。\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, c-format
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "不能吊销最后一个有效的用户标识。\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, c-format
 msgid "revoking the user ID failed: %s\n"
 msgstr "吊销用户标识时出现错误：%s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, c-format
 msgid "setting the primary user ID failed: %s\n"
 msgstr "设置主要用户标识时出现错误：%s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" 不是一个指纹\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "“%s” 不是主要指纹\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, c-format
 msgid "Invalid user ID '%s': %s\n"
 msgstr "无效的用户标识‘%s’：%s\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "没有匹配的用户标识。"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "没有可被签名的东西。\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "并非由您签名。\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, c-format
 msgid "revoking the key signature failed: %s\n"
 msgstr "吊销密钥签名失败：%s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, c-format
 msgid "'%s' is not a valid expiration time\n"
 msgstr "‘%s’不是一个有效的过期时间\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "“%s” 不是一个正确的指纹\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, c-format
 msgid "subkey \"%s\" not found\n"
 msgstr "子密钥 “%s” 未找到\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr "AEAD： "
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "摘要： "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "特点： "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "公钥服务器不可修改"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "首选公钥服务器： "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "注记： "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "没有关于 PGP 2.x 样式用户标识的偏好设置。\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "下列密钥在 %s 被 %s 的密钥 %s 所吊销\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "这个密钥可被 %s 的密钥 %s 吊销"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "（敏感的）"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "创建于：%s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "吊销于：%s"
 
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "过期于：%s"
 
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "有效至：%s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "可用于：%s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "卡号： "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "信任度：%s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "有效性：%s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "这个密钥已经被禁用"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
 msgstr "请注意，在您重启程序之前，所显示的密钥有效性不一定正确。\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "已吊销"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "已过期"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4761,17 +4673,17 @@ msgstr ""
 "警告： 没有用户标识被标记为主要。 此命令可能会\n"
 "              导致一个不同的用户标识被假定为主要。\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "警告： 您的加密用子密钥将在不久后过期。\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "您可能也想要变更它的过期日期。\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4780,70 +4692,70 @@ msgstr ""
 "警告：这是一个 PGP2 样式的密钥。增加照片标识可能会导致某些版本的\n"
 "     PGP 拒绝这个密钥。\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "您确定仍然想要增加吗？(y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "您不可以把照片标识增加到 PGP2 样式的密钥里。\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "这样的用户标识已经存在于这个密钥上了！\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "删除这个完好的签名吗？(y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "删除这个无效的签名吗？(y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "删除这个未知的签名吗？(y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "真的要删除这个自签名吗？(y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, c-format
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "已经删除了 %d 个签名。\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "没有东西被删除。\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "无效"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "用户标识 “%s” 已被压缩：%s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, c-format
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "用户标识 “%s”：%d 个签名被移除\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "用户标识 “%s”：已被最小化\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "用户标识 “%s”：无用部分已清理\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -4852,288 +4764,293 @@ msgstr ""
 "警告：这是一个 PGP2 样式的密钥。增加指定吊销者\n"
 "     可能会导致某些版本的 PGP 无法识别这个密钥。\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "您不可以为 PGP 2.x 样式的密钥添加指定吊销者。\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "输入指定吊销者的用户标识： "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "无法将 PGP 2.x 样式的密钥设为指定吊销者\n"
 
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "您不能将某把密钥设为它自己的指定吊销者\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "这个密钥已被指派为一个吊销者\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "警告：将某把密钥设置为指定吊销者的操作无法撤销！\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "您确定要将这个密钥设置为指定吊销者吗？(y/N)： "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 msgid ""
 "Are you sure you want to change the expiration time for multiple subkeys? (y/"
 "N) "
 msgstr "您确定要改变多个子密钥的过期时间吗？ (y/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "将要变更子密钥的过期时间。\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "将要变更主密钥的过期时间。\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "您不能变更 v3 密钥的过期时间\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 msgid "Changing usage of a subkey.\n"
 msgstr "变更一个子密钥的用途。\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 msgid "Changing usage of the primary key.\n"
 msgstr "变更主密钥的用途。\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "签名的子密钥 %s 已经交叉验证\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "子密钥 %s 不签名，因此不需要被交叉验证\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "请选定仅一个用户标识。\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "跳过用户标识 “%s” 上的 v3 自签名\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "输入您首选公钥服务器的 URL： "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "您确定要替换它吗？(y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "您确定要删除它吗？(y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "输入注记： "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "继续？(y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "没有索引为 %d 的用户标识\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "没有散列值为 %s 的用户标识\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, c-format
 msgid "No subkey with key ID '%s'.\n"
 msgstr "没有属于密钥标识‘%s’的子密钥。\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "没有索引为 %d 的子密钥\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "用户标识：“%s”\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "由您的密钥 %s 于 %s%s%s 签名\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (不可导出)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "此签名已在 %s 过期。\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "您确定您仍然想要吊销它吗？(y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "要为这份签名生成一份吊销证书吗？(y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "您已经签名来密钥 %s 上的这些用户标识：\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (不可吊销)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "由您的密钥 %s 吊销于 %s\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "您正在吊销这些签名：\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "真的要生成吊销证书吗？(y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "没有私钥\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr "尝试吊销一个非用户标识：%s\n"
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "用户标识 “%s” 已经被吊销。\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "警告：有一份用户标识签名的日期标记为 %d 秒后的未来\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, c-format
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "不能吊销最后一个有效的用户标识。\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "密钥 %s 已被吊销。\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "子密钥 %s 已被吊销。\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "正在显示 %s 的照片标识，大小 %ld，属于密钥 %s （用户标识 %d）\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, c-format
 msgid "invalid value for option '%s'\n"
 msgstr "选项‘%s’有无效的值\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "偏好设置‘%s’重复\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "过多的密文偏好设置\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "过多的散列算法偏好设置\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "过多的压缩算法偏好设置\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, c-format
+msgid "too many AEAD preferences\n"
+msgstr "过多的 AEAD 偏好设置\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "首选项字符串里有无效项‘%s’\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "正在写入直接签名\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "正在写入自签名\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "正在写入密钥绑定签名\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "密钥尺寸无效；改用 %u 位\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "密钥尺寸舍入到 %u 位\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr "警告：一些 OpenPGP 程序不能处理具有此摘要长度的 DSA 密钥\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "签名（Sign）"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "认证（Certify）"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "加密（Encrypt）"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "身份验证（Authenticate）"
 
@@ -5147,161 +5064,166 @@ msgstr "身份验证（Authenticate）"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
+#: g10/keygen.c:1966
 #, c-format
-msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "%s 密钥的可实现的功能： "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "目前启用的功能： "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) 签名功能开关\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) 加密功能开关\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) 身份验证功能开关\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) 已完成\n"
 
-#: g10/keygen.c:1930
+#: g10/keygen.c:2116
 #, c-format
-msgid "   (%d) RSA and RSA (default)\n"
-msgstr "   (%d) RSA 和 RSA （默认）\n"
+msgid "   (%d) RSA and RSA%s\n"
+msgstr "   (%d) RSA 和 RSA %s\n"
 
-#: g10/keygen.c:1934
+#: g10/keygen.c:2120
 #, c-format
-msgid "   (%d) DSA and Elgamal\n"
-msgstr "   (%d) DSA 和 Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
+msgstr "   (%d) DSA 和 Elgamal %s\n"
 
-#: g10/keygen.c:1937
+#: g10/keygen.c:2123
 #, c-format
-msgid "   (%d) DSA (sign only)\n"
-msgstr "   (%d) DSA（仅用于签名）\n"
+msgid "   (%d) DSA (sign only)%s\n"
+msgstr "   (%d) DSA（仅用于签名）%s\n"
 
-#: g10/keygen.c:1939
+#: g10/keygen.c:2125
 #, c-format
-msgid "   (%d) RSA (sign only)\n"
-msgstr "   (%d) RSA（仅用于签名）\n"
+msgid "   (%d) RSA (sign only)%s\n"
+msgstr "   (%d) RSA（仅用于签名）%s\n"
 
-#: g10/keygen.c:1945
+#: g10/keygen.c:2131
 #, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
-msgstr "   (%d) ElGamal（仅用于加密）\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
+msgstr "   (%d) ElGamal（仅用于加密）%s\n"
 
-#: g10/keygen.c:1947
+#: g10/keygen.c:2133
 #, c-format
-msgid "   (%d) RSA (encrypt only)\n"
-msgstr "   (%d) RSA（仅用于加密）\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
+msgstr "   (%d) RSA（仅用于加密）%s\n"
 
-#: g10/keygen.c:1953
+#: g10/keygen.c:2139
 #, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
-msgstr "   (%d) DSA（自定义用途）\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
+msgstr "   (%d) DSA（自定义用途）%s\n"
 
-#: g10/keygen.c:1955
+#: g10/keygen.c:2141
 #, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
-msgstr "   (%d) RSA（自定义用途）\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
+msgstr "   (%d) RSA（自定义用途）%s\n"
 
-#: g10/keygen.c:1961
+#: g10/keygen.c:2147
 #, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC 和 ECC\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) ECC（签名和加密）%s\n"
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr " *默认*"
+
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "  (%d) ECC（仅用于签名）\n"
 
-#: g10/keygen.c:1965
+#: g10/keygen.c:2150
 #, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
-msgstr "  (%d) ECC（自定义用途）\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
+msgstr "  (%d) ECC（自定义用途）%s\n"
 
-#: g10/keygen.c:1967
+#: g10/keygen.c:2152
 #, c-format
-msgid "  (%d) ECC (encrypt only)\n"
-msgstr "  (%d) ECC（仅用于加密）\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
+msgstr "  (%d) ECC（仅用于加密）%s\n"
 
-#: g10/keygen.c:1971
+#: g10/keygen.c:2156
 #, c-format
-msgid "  (%d) Existing key\n"
-msgstr "  (%d) 现存的密钥\n"
+msgid "  (%d) Existing key%s\n"
+msgstr "  (%d) 现有密钥 %s\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, c-format
-msgid "  (%d) Existing key from card\n"
-msgstr " （%d）卡中现有密钥\n"
+msgid "  (%d) Existing key from card%s\n"
+msgstr " （%d）卡中现有密钥 %s\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "输入 keygrip： "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "不是一个有效的 keygrip （需要 40 位十六进制数）\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "没有此 keygrip 关联的密钥\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "读取卡片时出现错误：%s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "卡片的序列号：%s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "可用的密钥：\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "舍入到 %u 位\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s 密钥的长度应在 %u 位与 %u 位之间。\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "您想要为此子密钥使用的密钥长度？(%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "请求的密钥长度是 %u 位\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "请选择您想要使用的椭圆曲线：\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5317,7 +5239,7 @@ msgstr ""
 "      <n>m = 密钥在 n 月后过期\n"
 "      <n>y = 密钥在 n 年后过期\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5333,38 +5255,38 @@ msgstr ""
 "      <n>m = 签名在 n 月后过期\n"
 "      <n>y = 签名在 n 年后过期\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "密钥的有效期限是？(0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "签名的有效期限是？(%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "无效的值\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "密钥永远不会过期\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "签名永远不会过期\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "密钥于 %s 过期\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "签名于 %s 过期\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5372,11 +5294,11 @@ msgstr ""
 "您的系统无法显示 2038 年以后的日期。\n"
 "不过它可以正确地处理到 2106 年之前的日期。\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "这些内容正确吗？ (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5390,7 +5312,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5405,49 +5327,49 @@ msgstr ""
 "    “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "真实姓名： "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "姓名含有无效的字符\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr "字符‘%s’和‘%s’不能出现在姓名中\n"
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "姓名不可以用数字开头\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "姓名至少要有五个字符长\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "电子邮件地址： "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "电子邮件地址无效\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "注释： "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "注释含有无效的字符\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "您正在使用‘%s’字符集。\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5458,7 +5380,7 @@ msgstr ""
 "    “%s”\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "请不要把电子邮件地址放进您的真实姓名或注释里\n"
 
@@ -5473,31 +5395,31 @@ msgstr "请不要把电子邮件地址放进您的真实姓名或注释里\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "更改姓名（N）、注释（C）、电子邮件地址（E）或退出（Q）？ "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "更改姓名（N）、注释（C）、电子邮件地址（E）或确定（O）/退出（Q）？ "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "更改姓名（N）、注释（C）、电子邮件地址（E）或退出（Q）？ "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "更改姓名（N）、注释（C）、电子邮件地址（E）或确定（O）/退出（Q）？ "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "请先改正错误\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5508,13 +5430,13 @@ msgstr ""
 "、移动鼠标、读写硬盘之类的）将会是一个不错的主意；这会让随机数\n"
 "发生器有更好的机会获得足够的熵。\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "密钥生成失败：%s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5525,64 +5447,64 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "继续吗？ (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "一个 \"%s\" 的密钥已经存在\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "无论如何都要创建吗？(y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "无论如何都创建\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "注意：使用 “%s %s” 以获得一个全功能的密钥生成对话框。\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "密钥生成已取消。\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "不能创建备份文件‘%s’：%s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "注意：卡片密钥的备份已保存到‘%s’\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "正在将公钥写至‘%s’\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "无可写的公钥钥匙环：%s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "写入公钥钥匙环‘%s’时发生错误： %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "公钥和私钥已经生成并被签名。\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5590,310 +5512,316 @@ msgstr ""
 "请注意这个密钥不能用于加密。您可能想要使用“--edit-key”命令来\n"
 "生成一个用于此用途的子密钥。\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr "密钥已经在 %lu 秒后的未来生成（可能是因为时空扭曲或时钟的问题）\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr "密钥已经在 %lu 秒后的未来生成（可能是因为时空扭曲或时钟的问题）\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "注意：为 v3 密钥创建子密钥是不与 OpenPGP 兼容的\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "主密钥的私钥部分不可用。\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "主密钥的私钥部分存储在卡上。\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "真的要创建吗？(y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "永不     "
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "紧急签名策略： "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "签名策略： "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "紧急首选公钥服务器： "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "紧急签名注记： "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "签名注记： "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, c-format
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d 个良好签名\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, c-format
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "%d 个签名因错误而未被检查\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, c-format
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "警告：%lu 把密钥因尺寸大而被跳过\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "钥匙环"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "主密钥指纹："
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "     子密钥指纹："
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr " 主密钥指纹："
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "      子密钥指纹："
 
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      密钥指纹 ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      卡片序列号 ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "正在缓存钥匙环‘%s’\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, c-format
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "当前有 %lu 把密钥已缓存 （%lu 个签名）\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, c-format
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "%lu 把密钥已缓存"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, c-format
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] " (%lu 个签名)\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s：钥匙环已创建\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr "覆盖掉为 dirmngr 设定的代理选项"
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "在搜索结果中包含已吊销的密钥"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "通过密钥标识搜索时包含子密钥"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr "覆盖掉为 dirmngr 设定的超时选项"
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "验证签名时自动拉取密钥"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "使用密钥中指定的首选公钥服务器 URL"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "获取密钥时使用密钥上的 PKA 记录"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "已禁用"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "输入数字以选择，输入 N 翻页，输入 Q 退出 > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "无效的公钥服务器协议（us %d!=handler %d）\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "“%s” 不是一个用户标识：跳过\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, c-format
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "正在更新 %d 把密钥，从 %s \n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "警告：无法通过 %s 更新密钥 %s ：%s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "在公钥服务器上找不到密钥 “%s”\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "在公钥服务器上找不到密钥\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "正在请求密钥 %s 从 %s 服务器 %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "正在请求密钥 %s 从 %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, c-format
 msgid "no keyserver known\n"
 msgstr "无已知的公钥服务器\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "已跳过 “%s”： %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "正在发送密钥 %s 到 %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "正在从 %s 请求密钥\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "警告：无法获取 URI %s：%s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "奇怪的加密会话密钥长度（%d）\n"
 
-#: g10/mainproc.c:408
+#: g10/mainproc.c:378
+#, c-format
+msgid "%s.%s encrypted session key\n"
+msgstr "%s.%s 已加密的会话密钥\n"
+
+#: g10/mainproc.c:385
 #, c-format
-msgid "%s encrypted session key\n"
-msgstr "%s 加密过的会话密钥\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "以下列未知算法加密 %d.%s\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "密码由未知的散列算法 %d 生成\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "公钥是 %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "公钥加密数据：完好的数据加密密钥（DEK）\n"
-
-#: g10/mainproc.c:632
+#: g10/mainproc.c:524
 #, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "由 %u 位的 %s 密钥加密，标识为 %s，生成于 %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
+msgstr "由 %s 密钥加密，标识为 %s，生成于 %s\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      “%s”\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "由 %s 密钥加密、密钥号为 %s\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "公钥解密失败：%s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "警告： 检测到多重纯文本\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "以 %lu 个密码加密\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "以 1 个密码加密\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "公钥解密失败：%s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "公钥加密数据：完好的数据加密密钥（DEK）\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "假定 %s 为加密过的数据\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA 密文算法不可用，尝试使用 %s 代替\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "警告：消息未受到完整性保护\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
@@ -5903,308 +5831,303 @@ msgstr ""
 "看起来此信息就是合法的。这是因为那个时候完整性\n"
 "保护还没有被广泛地采用。\n"
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr "无论如何使用选项‘%s’来解密。\n"
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, c-format
 msgid "decryption forced to fail!\n"
 msgstr "解密强制失败！\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "解密成功\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "警告：加密过的报文已经变造！\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "解密失败：%s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "注意：发送者要求您“只阅读不存盘”\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "原始文件名 =‘%.*s’\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "独立的吊销证书 - 请使用“gpg --import”来应用\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "未找到签名\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "已损坏的签名，来自于 “%s”"
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "过期的签名，来自于 “%s”"
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "完好的签名，来自于 “%s”"
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "签名验证已被抑制\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "无法处理此有歧义的签名数据\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "签名建立于 %s\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "              使用 %s 密钥 %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "于 %s 创建的签名，使用 %s，密钥号 %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, c-format
 msgid "               issuer \"%s\"\n"
 msgstr "               签发者 \"%s\"\n"
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "密钥在以下地方可用： "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr "注意：使用 “%s” 可使用此信息\n"
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[不确定]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                亦即 “%s”"
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "警告： 此密钥在 %s 模式下不适用于签名\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "这份签名已于 %s 过期。\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "这份签名在 %s 过期。\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s 签名，摘要算法 %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "二进制"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "文本模式"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "未知"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr "，密钥算法 "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr "警告：不是一个分离签名；文件‘%s’没有被验证！\n"
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "无法检查签名：%s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "不是一份分离的签名\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "警告：检测到多重签名。只检查第一个签名。\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "等级 0x%02x 的独立签名\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "旧式（PGP 2.x）签名\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "‘%s’的 fstat 方法在 %s 中失败 ：%s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) 在 %s 中失败：%s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "警告: 使用试验性质的公钥算法 %s\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "警告：Elgamal 签名+加密的密钥已被弃用\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "警告：使用试验性质的密文算法 %s\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "警告：使用试验性质的散列算法 %s\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "警告：散列算法 %s 已被弃用\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "注意：使用 %s 算法的签名已被拒绝\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, c-format
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "注意：使用 %s 算法的第三方密钥签名已被拒绝\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, c-format
 msgid "(reported error: %s)\n"
 msgstr "（已报告错误：%s）\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, c-format
 msgid "(reported error: %s <%s>)\n"
 msgstr "（已报告错误：%s <%s>）\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr "（更多信息： "
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d：被弃用的选项 “%s”\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "警告：“%s” 是一个已被弃用的选项\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "请用“%s%s”代替\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "警告：“%s” 命令已被弃用 - 不要使用它\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: “%s” 在此文件中已被淘汰 - 其仅在 %s 中起作用\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "警告：“%s%s”是一个已经被淘汰的选项 - 它除了在 %s 上之外不起作用\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "不压缩"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "未压缩|无"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr "未能满足合规规则，操作已强制取消\n"
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "此消息可能不能被 %s 使用\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "有歧义的选项‘%s’\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "未知的选项 '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "ECDSA 公钥需要以 8 位的倍数的 SEC 进行编码\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, c-format
 msgid "unknown weak digest '%s'\n"
 msgstr "未知的弱摘要‘%s’\n"
@@ -6227,84 +6150,75 @@ msgstr "%s：未知的后缀\n"
 msgid "Enter new filename"
 msgstr "请输入新的文件名"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "正在写入到标准输出（stdout）\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "假定被签名的数据在‘%s’\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "无法操作公钥算法 %d\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "警告：潜在不安全的对称加密会话密钥\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, c-format
 msgid "Unknown critical signature notation: "
 msgstr "未知的紧急签名注记： "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "%d 类型的子包设定了紧急位\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "代理人程序出现问题：%s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-msgid "Please enter the passphrase for decryption."
-msgstr "请输入密码进行解密。"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "请输入密码\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "用户取消\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " （主密钥标识 %s）"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "请输入密码以解锁 OpenPGP 私钥："
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "请输入密码以导入 OpenPGP 私钥："
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "请输入密码以导出 OpenPGP 私密子密钥："
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "请输入密码以导出 OpenPGP 私钥："
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "您真的想要永久删除此 OpenPGP 私密子密钥吗："
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "您真的想要永久删除此 OpenPGP 私密密钥吗："
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6319,7 +6233,7 @@ msgstr ""
 "创建于 %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6332,34 +6246,75 @@ msgstr ""
 "请记住这张图片储存在您的公钥里。如果您挑了过大的图片的话，\n"
 "您的密钥也会变得非常大！请把图片控制到接近理想尺寸 240x288。\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
-msgstr "输入要当作照片标识的 JPEG 文件名： "
+msgstr "输入要当作相片标识的 JPEG 文件名： "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "无法打开 JPEG 文件‘%s’：%s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "此 JPEG 文件过大（%d 字节）！\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "您确定要用它吗？(y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "‘%s’不是一个 JPEG 文件\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "这张照片正确吗？(y/N/q) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
+#, c-format
+msgid "no remote program execution supported\n"
+msgstr "不支持远程程序执行\n"
+
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "此平台上调用外部程序时要求临时文件\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "无法执行外壳程序‘%s’：%s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "外部程序异常退出\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "调用外部程序时出现系统错误：%s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "警告：无法删除临时文件（%s）‘%s’：%s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "警告：无法删除临时目录‘%s’：%s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr "由于文件权限位不安全，外部程序调用被禁用\n"
+
+#: g10/photoid.c:715
 #, c-format
 msgid "unable to display photo ID!\n"
 msgstr "无法显示照片标识！\n"
@@ -6374,52 +6329,52 @@ msgstr "无法显示照片标识！\n"
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "下列项目没有指定信任值：\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  亦即 “%s”\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "您有多相信这个密钥属于其声称的所有者？\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = 我不知道或不作答\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = 我不相信\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = 我绝对相信\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = 回到主菜单\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = 跳过这个密钥\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = 退出\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6428,44 +6383,44 @@ msgstr ""
 "这个密钥的最小信任等级为：%s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "您的决定是什么？ "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "您真的要把这个密钥设置成绝对信任？(y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "确定一个绝对信任的密钥的证书：\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s：不保证这个密钥属于其声称的所有者\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s：只有有限的保证这个密钥属于其声称的所有者\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "这个密钥有可能属于其声称的所有者\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "这个密钥是属于我们的\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "%s：此密钥有问题！其已被标记为不受信任！\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
@@ -6475,7 +6430,7 @@ msgstr ""
 "*真的* 了解您正在做的事情，您需要在下面的\n"
 "问题中回答 yes。\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6484,141 +6439,153 @@ msgstr ""
 "这个密钥并不一定属于其用户标识中声称的那个人。如果您真的\n"
 "知道自己在做什么，您可以在下一个问题回答 yes。\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "无论如何都要使用这个密钥吗？(y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "警告：正在使用不受信任的密钥！\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "警告：此密钥可能已被吊销（吊销用密钥不存在）\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, c-format
+msgid "checking User ID \"%s\"\n"
+msgstr "检查用户标识“%s”\n"
+
+#: g10/pkclist.c:681
+#, c-format
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "选项‘%s’已给定，但发布者“%s”不匹配\n"
+
+#: g10/pkclist.c:684
+#, c-format
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "发布者“%s”未匹配任何用户标识\n"
+
+#: g10/pkclist.c:687
+#, c-format
+msgid "option %s given but no matching User ID found\n"
+msgstr "选项‘%s’已给定，但未发现任何匹配的用户标识\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "警告：此密钥已经被它的指定吊销者吊销了！\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "警告：此密钥已经被它的所有者吊销了！\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "      这可能表明此签名是伪造的。\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "警告：此子密钥已经被它的所有者吊销了！\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "注意：此密钥已被禁用。\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "注意：已验证的签名者的地址是‘%s’\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "注意：签名者的地址‘%s’不匹配任何 DNS 记录\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "由于 PKA 信息有效，信任级别调整到“完全”\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "由于 PKA 信息无效，信任级别调整到“从不”\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "注意：此密钥已过期！\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, c-format
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "警告：此密钥的用户标识未被受信任签名认证！\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "警告：此密钥未被受信任签名认证！\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "      没有证据表明此签名属于其声称的所有者。\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "警告：我们不信任这个密钥！\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "     此签名很有可能是伪造的。\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, c-format
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr "警告：此密钥的用户标识未被足够可信的签名所认证！\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr "警告：此密钥未被足够可信的签名所认证！\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "      此签名并不一定属于其声称的所有者。\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s：已跳过：%s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s：已跳过：公钥已被禁用\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: 已跳过：公钥已存在\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, c-format
 msgid "can't encrypt to '%s'\n"
 msgstr "无法加密给‘%s’\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, c-format
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "选项‘%s’已给定，但尚未给定有效的默认密钥\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, c-format
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "选项‘%s’已给定，但是选项‘%s’尚未给定\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "您没有指定用户标识。（您可以在命令行中用“-r”指定）\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "当前接收者：\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6626,40 +6593,40 @@ msgstr ""
 "\n"
 "输入用户标识。以空白行结束： "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "没有此用户标识。\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "已跳过：公钥已被设为用于默认接收者\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "公钥被禁用。\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "已跳过：公钥已被设定\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "未知的默认接收者 “%s”\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "没有有效的地址\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "注意：密钥 %s 没有 %s 特性\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "注意：密钥 %s 没有关于 %s 的偏好设置\n"
@@ -6669,76 +6636,81 @@ msgstr "注意：密钥 %s 没有关于 %s 的偏好设置\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "数据未被保存；请用“--output”选项来保存它们\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "分离的签名。\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "请输入数据文件的名称： "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "正在从标准输入（stdin）读取 ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "没有已签名的数据\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "无法打开已签名的数据‘%s’\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "无法打开已签名的数据 fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "密钥 %s 在 %s 模式下不适用于解密\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "匿名接收者；正在尝试使用私钥 %s ……\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, c-format
+msgid "used key is not marked for encryption use.\n"
+msgstr "使用的密钥未被标记为加密用途。\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "很好，我们就是匿名接收者。\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "不支持旧式的 DEK 编码\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "密文算法 %d%s 未知或已停用\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "注意：接收者的偏好设置中找不到密文算法 %s\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "注意：私钥 %s 已于 %s 过期\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "注意：密钥已被吊销"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet 失败：%s\n"
@@ -6756,37 +6728,37 @@ msgstr "将被吊销，吊销者为：\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "（这是一个敏感的吊销用密钥）\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 msgid "Secret key is not available.\n"
 msgstr "私钥不可用。\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "要为这个密钥创建一个指定吊销者证书吗？(y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "已强行使用 ASCII 字符封装过的输出。\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet 方法失败： %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "已建立吊销证书。\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "没有找到 “%s” 的吊销用密钥\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "这是一份针对此 OpenPGP 密钥的吊销证书："
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
@@ -6796,7 +6768,7 @@ msgstr ""
 "声明一个密钥将不再被使用。 一旦一个这样的\n"
 "吊销证书被发布之后，就不可能撤回。"
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
 "the secret key.  However, if the secret key is still accessible,\n"
@@ -6809,7 +6781,7 @@ msgstr ""
 "个新的吊销证书并给定一个吊销理由。更多的细节请参阅\n"
 " GnuPG 手册中关于 gpg 命令“--generate-revocation”的描述。"
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
@@ -6819,12 +6791,12 @@ msgstr ""
 "5 个短横线之前。在导入和发布此吊销证书之前，请使用一个\n"
 "文本编辑器来移除此冒号。"
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, c-format
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "吊销证书已被存储为‘%s.rev’\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, c-format
 msgid "secret key \"%s\" not found\n"
 msgstr "私钥 “%s” 未找到\n"
@@ -6837,16 +6809,16 @@ msgstr "私钥 “%s” 未找到\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr "‘%s’匹配了多个私钥：\n"
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, c-format
 msgid "error searching the keyring: %s\n"
 msgstr "搜索钥匙环时出现错误： %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "要为这个密钥创建一个吊销证书吗？(y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -6864,37 +6836,37 @@ msgstr ""
 "不可读。但是千万小心：您机器上的打印系统可能会在打印过程中储存\n"
 "这些数据，并使得其他人看到！\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "请选择吊销的原因：\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "取消"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "（也许您会想要在这里选择 %d）\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "请输入描述（可选）；以空白行结束：\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "吊销原因：%s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "（未给定描述）\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "这样可以吗？ (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "创建了弱密钥 - 正在重试\n"
@@ -6904,59 +6876,54 @@ msgstr "创建了弱密钥 - 正在重试\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "对称密文无法避免生成弱密钥；已经尝试 %d 次！\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s 密钥 %s 使用了一个不安全的（%zu 位）散列\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "%s 密钥 %s 要求一个 %zu 位或更长的散列（散列是 %s）\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
-#, c-format
-msgid "key %s may not be used for signing in %s mode\n"
-msgstr "密钥 %s 在 %s 模式中不适用于签名\n"
-
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr "由于 %s 选项，验证仍在继续中\n"
-
-#: g10/sig-check.c:190
+#: g10/sig-check.c:170
 #, c-format
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "警告：签名散列值与报文不一致\n"
 
-#: g10/sig-check.c:219
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
+#, c-format
+msgid "key %s may not be used for signing in %s mode\n"
+msgstr "密钥 %s 在 %s 模式中不适用于签名\n"
+
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "警告：签名的子密钥 %s 未经交叉验证\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "请参见 %s 以得到更多信息。\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "警告：签名的子密钥 %s 具有无效的交叉验证\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, c-format
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "公钥 %s 在其签名之后的 %lu 秒生成\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, c-format
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "公钥 %s 在其签名之后的 %lu 天生成\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, c-format
 msgid ""
 "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -6965,7 +6932,7 @@ msgid_plural ""
 msgstr[0] ""
 "密钥 %s 生成于未来的 %lu 秒后（可能是因为时空扭曲或系统时钟的问题）\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, c-format
 msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
@@ -6973,100 +6940,100 @@ msgid_plural ""
 msgstr[0] ""
 "密钥 %s 生成于未来的 %lu 天后（可能是因为时空扭曲或系统时钟的问题）\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "注意：签名密钥 %s 已于 %s 过期\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "注意：签名密钥 %s 已被吊销\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, c-format
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "损坏的密钥签名来自密钥 %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, c-format
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "损坏的数据签名来自密钥 %s: %s (0x%02x, 0x%x)\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "假定密钥 %s 的签名由于某个未知的关键位出错而损坏\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "密钥 %s：没有用于子密钥吊销签名的子密钥\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "密钥 %s：没有用于子密钥绑定签名的子密钥\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr "警告：注记 %% 无法扩展（过大）。现在使用未扩展的。\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr "警告：策略 URL  %% 无法扩展（过大）。现在使用未扩展的。\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr "警告：首选公钥服务器 URL %% 无法扩展（过大）。现在使用未扩展的。\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s 签名来自：“%s”\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr "警告：强制摘要算法 %s (%d) 与接收者的偏好设置冲突\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "正在签名："
 
-#: g10/sign.c:1464
+#: g10/sign.c:1622
 #, c-format
-msgid "%s encryption will be used\n"
-msgstr "%s 加密将被采用\n"
+msgid "%s.%s encryption will be used\n"
+msgstr "%s.%s 加密将被采用\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "密钥未被标示为不安全- 不能与假的随机数发生器共同使用！\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "“%s” 已跳过：重复\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "已跳过：私钥已存在\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr "这是一个由 PGP 生成的 ElGamal 密钥，其用于签名时不安全！"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "信任记录 %lu，类别 %d：写入失败：%s\n"
@@ -7080,43 +7047,43 @@ msgstr ""
 "# 已指定的信任度的列表，创建于 %s \n"
 "# （请用“gpg --import-ownertrust”导入这些信任度）\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "‘%s’中出现错误：%s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "行过长"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "冒号缺失"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "无效的指纹"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "信任度缺失"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "在‘%s’中寻找信任度记录时出现错误：%s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "读取‘%s’时出现错误：%s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "信任度数据库：sync 失败：%s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "无法为‘%s’创建锁\n"
@@ -7126,12 +7093,12 @@ msgstr "无法为‘%s’创建锁\n"
 msgid "can't lock '%s'\n"
 msgstr "无法锁定‘%s’\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "信任度数据库记录 %lu：lseek 失败：%s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "信任度数据库记录 %lu：write 失败 (n=%d): %s\n"
@@ -7146,7 +7113,7 @@ msgstr "信任度数据库处理量过大\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s：目录不存在！\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "无法访问‘%s’：%s\n"
@@ -7187,7 +7154,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s：更新版本记录时出现错误： %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s：读取版本记录时出现错误： %s\n"
@@ -7197,52 +7164,52 @@ msgstr "%s：读取版本记录时出现错误： %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s：写入版本记录时出现错误：%s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "信任度数据库：lseek 失败：%s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "信任度数据库：read 失败(n=%d)：%s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s：不是一个信任度数据库文件\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s：记录编号为%lu的版本记录\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s：无效的文件版本%d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s：读取自由记录时出现错误：%s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s：写入目录记录时出现错误：%s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s：记录归零时失败：%s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s：附加记录时失败：%s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "错误：信任度数据库已被破坏。\n"
@@ -7282,10 +7249,10 @@ msgstr "不支持的 TOFU 数据库版本： %s\n"
 msgid "TOFU DB error"
 msgstr "TOFU DB 错误"
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, c-format
 msgid "error reading TOFU database: %s\n"
 msgstr "读取 TOFU 数据库时出现错误：%s\n"
@@ -7305,7 +7272,7 @@ msgstr "初始化 TOFU 数据库时出现错误：%s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "打开 TOFU 数据库’%s’时出现错误：%s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, c-format
 msgid "error updating TOFU database: %s\n"
 msgstr "更新 TOFU 数据库时出现错误：%s\n"
@@ -7314,7 +7281,7 @@ msgstr "更新 TOFU 数据库时出现错误：%s\n"
 #, c-format
 msgid ""
 "This is the first time the email address \"%s\" is being used with key %s."
-msgstr "此电子邮件地址 “%s” 是第一次被用于密钥 %s。"
+msgstr "这是电子邮件地址 “%s” 第一次被用于密钥 %s。"
 
 #: g10/tofu.c:1336
 #, c-format
@@ -7460,100 +7427,100 @@ msgstr "良好（G），接受一次（A），未知（U），拒绝一次（R
 msgid "Defaulting to unknown.\n"
 msgstr "默认为未知。\n"
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr "检测到 TOFU 数据库出错。\n"
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "变更 TOFU 策略时出现错误：%s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] "%lld~å¹´"
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] "%lld~月"
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] "%lld~周"
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] "%lld~天"
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] "%lld~小时"
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] "%lld~分钟"
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] "%lld~秒"
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr "%s： 已验证 0~签名并加密 0~消息。"
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, c-format
 msgid "%s: Verified 0 signatures."
 msgstr "%s：已验证 0 签名。"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 msgid "Encrypted 0 messages."
 msgstr "已加密 0 信息。"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, c-format
 msgid "(policy: %s)"
 msgstr "（策略： %s）"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr "警告：我们此前还没有见过一条使用此密钥和用户标识签名的消息！\n"
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr "警告：我们此前只见过一条使用此密钥和用户标识签名的消息！\n"
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr "警告：您之前没有向此密钥加密过消息！\n"
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr "警告：您之前只向此密钥加密过一条消息！\n"
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7573,158 +7540,158 @@ msgstr[0] ""
 "  %s\n"
 "以将其标记为坏的。\n"
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, c-format
 msgid "error opening TOFU database: %s\n"
 msgstr "打开 TOFU 数据库时出现错误：%s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr "警告：正在加密给 %s，其不具有不可吊销的用户标识。\n"
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "‘%s’不是一个有效的长格式 keyID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "密钥 %s：接受为受信任的密钥\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "密钥 %s 在信任度数据库中出现多于一次\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "密钥 %s：受信任的密钥没有公钥 - 已跳过\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "密钥 %s 被标记为绝对信任\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "信任记录 %lu，请求类别 %d：读取失败：%s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "信任记录 %lu 不属于所请求的类别 %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "您可以通过下列命令尝试重建信任度数据库：\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "如果那样不起作用，请查阅手册。\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "无法使用未知的信任模型（%d）- 假定为 %s 信任模型\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "使用 %s 信任模型\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "不需要检查信任度数据库\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "下次信任度数据库检查将于 %s 进行\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "在‘%s’信任模型下无需进行 trustdb 检查\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "在‘%s’信任模型下无需进行 trustdb 更新\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "公钥 %s 未找到：%s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "请执行一次 --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "正在检查信任度数据库\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, c-format
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "已处理 %d 把密钥"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, c-format
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] " （%d 个有效计数已被清除）\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "未找到任何绝对信任的密钥\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "绝对信任密钥 %s 的公钥未找到\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr ""
 "深度：%d  有效性：%3d  已签名：%3d  信任度：%d-，%dq，%dn，%dm，%df，%du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "无法更新信任度数据库版本记录：写入失败：%s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr "未定义"
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 msgid "never"
 msgstr "永不"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr "勉强"
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr "完全"
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr "绝对"
 
@@ -7736,39 +7703,39 @@ msgstr "绝对"
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr "8 translator see trustdb.c:uid_trust_string_fixed"
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 msgid "[ revoked]"
 msgstr "[ 吊销 ]"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 msgid "[ expired]"
 msgstr "[ 过期 ]"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 msgid "[ unknown]"
 msgstr "[ 未知 ]"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr "[ 未定 ]"
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 msgid "[  never ]"
 msgstr "[ 永不 ]"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr "[ 勉强 ]"
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr "[ 完全 ]"
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr "[ 绝对 ]"
 
@@ -7793,19 +7760,29 @@ msgstr "输入行 %u 太长或者行末的 LF 缺失\n"
 msgid "can't open fd %d: %s\n"
 msgstr "无法打开 fd %d：%s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, c-format
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "警告：无完整性保护的加密是危险的\n"
+
+#: g10/cipher-cfb.c:72
+#, c-format
+msgid "Hint: Do not use option %s\n"
+msgstr "提示：不要使用选项 %s\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "设置调试选项"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "启用完整调试"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "用法：kbxutil [选项] [文件] (-h 获取帮助)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -7816,123 +7793,210 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr "%s数字: %s%%0A持有者: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr "剩余尝试：%d"
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+msgid "|N|Please enter the new Global-PIN"
+msgstr "|N|请输入新的全局 PIN"
+
+#: scd/app-piv.c:1846
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||请为您的 PIV 卡片输入全局 PIN"
+
+#: scd/app-piv.c:1853
+msgid "|N|Please enter the new PIN"
+msgstr "|N|请输入新的 PIN"
+
+#: scd/app-piv.c:1854
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||请为您的 PIV 卡片输入 PIN"
+
+#: scd/app-piv.c:1861
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|N|请输入新的解锁密钥"
+
+#: scd/app-piv.c:1862
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "||请为您的 PIV 卡片输入解锁密钥"
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN 回调返回错误：%s\n"
+
+#: scd/app-piv.c:1895
+#, c-format
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "PIN 过短，最小长度为 %d\n"
+
+#: scd/app-piv.c:1903
+#, c-format
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "PIN 过长，最大长度为 %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr "PIN 有无效字符；只允许使用数字\n"
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "密钥已存在\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "现有的密钥将被替换\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "生成新密钥\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "正在写入新密钥\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "存储密钥失败：%s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "响应不包含 RSA 余数\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "响应不包含 RSA 公钥指数\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, c-format
+msgid "response does not contain the EC public key\n"
+msgstr "响应不包含 EC 公钥\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "请等待密钥生成…\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "生成密钥失败\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, c-format
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "密钥生成完成（%d 秒）\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "响应不包含公钥数据\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||请为这个密钥输入 PIN 以创建合格的签名。"
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|请输入管理员 PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|请输入标准密钥的 PIN 解锁码（PUK）。"
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||请输入标准密钥的 PIN。"
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA 余数缺失或者不是 %d 位长\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA 公钥指数缺失或长于 %d 位\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "PIN 回调返回错误：%s\n"
+#: scd/app-nks.c:1594
+msgid "Note: PIN has not yet been enabled."
+msgstr "注意：尚未启用 PIN。"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "尚未变更 NullPIN\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|请为标准密钥输入一个新的 PIN。"
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|请为标准密钥输入一个新的 PIN 解锁码（PUK）。"
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|请为这个密钥输入一个新的 PIN 以创建合格的签名。"
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr "|NP|请为这个密钥输入一个新的 PIN 解锁码（PUK）以创建合格的签名。"
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr "|P|请为这个密钥输入 PIN 解锁码（PUK）以创建合格的签名。"
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "获取新 PIN 时出现错误：%s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "存储指纹失败：%s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "存储创建日期失败：%s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "从卡片中拉取 CHV 状态时出现错误\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "响应不包含 RSA 余数\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "响应不包含 RSA 公钥指数\n"
-
-#: scd/app-openpgp.c:1546
-#, c-format
-msgid "response does not contain the EC public key\n"
-msgstr "响应不包含 EC 公钥\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "响应不包含公钥数据\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "读取公钥失败：%s\n"
@@ -7940,62 +8004,62 @@ msgstr "读取公钥失败：%s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr "%s数字: %s%%0A持有者: %s%%0A计数: %lu%s"
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "使用默认 PIN 作为 %s\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "使用默认 PIN 作为 %s 失败：%s - 禁用进一步的默认使用\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 msgid "||Please unlock the card"
 msgstr "||请解锁卡片"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "CHV%d 的 PIN 太短；最小长度为 %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "验证 CHV%d 失败：%s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "卡片被永久锁定！\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, c-format
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
 msgid_plural ""
 "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgstr[0] "在卡片被永久锁定之前剩余 %d 次管理员 PIN 尝试\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "未配置到管理员命令的访问\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||请输入 PIN"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||请输入卡片的重置码"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "重置码太短；最小长度为 %d\n"
@@ -8003,119 +8067,78 @@ msgstr "重置码太短；最小长度为 %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|新的重置码"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|新的管理员 PIN"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|新的 PIN"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||请输入原管理员 PIN 和新管理员 PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||请输入原 PIN 和新 PIN"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "读取应用程序数据时出错\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "读取指纹 DO 时出现错误\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "密钥已存在\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "现有的密钥将被替换\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "生成新密钥\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "正在写入新密钥\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "缺少创建时间戳\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA 质数 %s 缺失或者不是 %d 位长\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "存储密钥失败：%s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, c-format
 msgid "unsupported curve\n"
 msgstr "不支持的曲线\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "请等待密钥生成…\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "生成密钥失败\n"
-
-#: scd/app-openpgp.c:4277
-#, c-format
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "密钥生成完成（%d 秒）\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "无效的 OpenPGP 卡结构（DO 0x93）\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "卡片上的指纹与请求的不匹配\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "卡片不支持摘要算法 %s\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "目前已创建的签名：%lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "目前禁止通过此命令验证管理员 PIN\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "不能访问 %s - 无效的 OpenPGP 卡？\n"
@@ -8127,59 +8150,63 @@ msgstr "||请在读卡器的小键盘上输入您的 PIN"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|初始化新 PIN"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "正在以多服务器模式运行（前台）"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|LEVEL|设置调试级别至 LEVEL"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|FILE|将日志写入 FILE"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|连接到端口 N 上的读卡器"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|NAME|使用 NAME 作为 ct-API 驱动"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|NAME|使用 NAME 作为 PC/SC 驱动"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "不使用内置的 CCID 驱动"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|在 N 秒的不活跃之后断开卡片的连接"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "不使用读卡器的小键盘"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "使用小键盘的变长输入"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr "|LIST|将应用程序优先级改为 LIST"
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "拒绝使用卡片的管理员命令"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "用法：@SCDAEMON@ [选项] (-h 获取帮助)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8187,37 +8214,31 @@ msgstr ""
 "语法：scdaemon [选项] [命令 [参数]]\n"
 "@GNUPG@ 智能卡守护进程\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "请使用‘--daemon’选项以在后台运行此程序\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "fd %d 的句柄已启动\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "fd %d 的句柄已关闭\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "获取密钥用途信息时出现错误：%s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "证书所请求的验证模型：%s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "链"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "外壳"
 
@@ -8250,7 +8271,7 @@ msgstr "注意：非紧急认证策略不被允许"
 msgid "certificate policy not allowed"
 msgstr "证书策略不被允许"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "获取指纹失败\n"
@@ -8265,7 +8286,7 @@ msgstr "在外部位置查找签发者\n"
 msgid "number of issuers matching: %d\n"
 msgstr "匹配的签发者数目：%d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "无法获取 authorityInfoAccess：%s\n"
@@ -8285,231 +8306,231 @@ msgstr "匹配的证书数：%d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "dirmngr 仅缓存的密钥查找失败：%s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "分配 keyDB 句柄时失败\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "证书已被吊销"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "证书的状态未知"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "请确定“dirmngr”被正确安装\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "检查 CRL 时失败：%s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "证书的有效期无效：%s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "证书尚未验证"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "根证书尚未验证"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "中间证书尚未验证"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "证书已过期"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "根证书已过期"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "中间证书已过期"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "请求的证书属性缺失：%s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "证书有效期无效"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "签名不是在证书的有效期内被创建的"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "签名不是在签发者的有效期内被创建的"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "中间证书不是在签发者的有效期内被创建的"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  （  签名创建于 "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  （证书创建于 "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  （证书有效期从 "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  （    签发者有效期从 "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "指纹 = %s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "根证书现已被标记为信任\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "交互式标记为信任未在 gpg-agent 中开启\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "交互式标记为信任在此会话中被关闭\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "警告：签名的创建时间未知 - 猜测为当前时间"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "证书中没有找到签发者"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "自签名证书具有损坏的签名"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "根证书未被标记为信任"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "检查信任列表时失败：%s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "证书链过长\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "签发者证书未找到"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "证书具有损坏的签名"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "找到另一个可能匹配的 CA 证书 - 正在重试"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "证书链长于 CA 允许的长度（%d）"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "证书有效\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "中间证书有效\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "根证书良好\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "正在切换为链模型"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "使用的验证模型：%s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "一个 %u 位的散列对于一个 %u 位的 %s 密钥是无效的\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "内存不足\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "（这是 MD2 算法）\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "none"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[错误 - 无效编码]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[错误 - 内存不足]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[错误 - 无名称]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[错误 - 无效 DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8523,176 +8544,186 @@ msgstr ""
 "S/N %s，ID 0x%08lX，\n"
 "创建于 %s，过期于 %s。\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "没有指定密钥用途 - 假设为所有用途\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "获取密钥用途信息时出现错误：%s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "证书本不应被用于认证\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "证书本不应被用于认 OCSP 响应签名\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "证书本不应被用于加密\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "证书本不应被用于签名\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "证书不可用于加密\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "证书不可用于签名\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, c-format
+msgid "looking for another certificate\n"
+msgstr "查找另一个证书\n"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "第 %d 行：无效的算法\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "第 %d 行：无效的密钥长度 %u （有效值为从 %d 到 %d）\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "第 %d 行：未指定主题名称\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "第 %d 行：无效的主题名称标签‘%.*s’\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "第 %d 行：无效的主题名称‘%s’位于 %d\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "第 %d 行：不是有效的电子邮件地址\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "第 %d 行：无效的序列号\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "第 %d 行：无效的签发者姓名标签‘%.*s’\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "第 %d 行：无效的签发者名称‘%s’，位于 %d\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "第 %d 行：无效的日期\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "第 %d 行：通过 keygrip '%s' 获取签名密钥时出现错误：%s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "第 %d 行：无效的散列算法\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "第 %d 行：无效的 authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "第 %d 行：无效的 subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "第 %d 行：无效的扩展语法\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "第 %d 行：读取密钥 '%s' 从以下卡片时出现错误: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "第 %d 行：通过 keygrip '%s' 获取密钥时出现错误：%s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "第 %d 行：密钥生成失败：%s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr "要完成此证书请求，请再次输入您刚才创建的密钥的密码\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) 现存的密钥\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) 卡片上现存的密钥\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "%s 密钥可能的操作：\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) 签名，加密\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) 签名\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) 加密\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "输入 X.509 主题名称： "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "未指定主题名称\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "无效的主题名称标签‘%.*s’\n"
@@ -8702,240 +8733,234 @@ msgstr "无效的主题名称标签‘%.*s’\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "无效的主题名称 '%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "16 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "输入电子邮件地址"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " （以空白行结束）：\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "输入 DNS 名称"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " （可选；以空白行结束）：\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "输入 URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "创建自签名证书？ (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
-msgstr "这些参数被使用：\n"
-
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "创建临时文件时出现错误： %s\n"
+msgstr "这些参数被使用：\n"
 
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "现在正在创建自签名证书。  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "已创建证书请求。 "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "这可能需要等一会儿...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "就绪。\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "就绪。您现在应该将此请求发送给您的 CA。\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "资源问题：内存不足\n"
 
-#: sm/decrypt.c:536
-#, c-format
-msgid "%s.%s encrypted data\n"
-msgstr "%s.%s 加密过的数据\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "（此为 RC2 算法）\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "（这看起来不像是一条被加密的消息）\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, c-format
 msgid "encrypted to %s key %s\n"
 msgstr "由 %s 密钥 %s 加密\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "证书‘%s’未找到：%s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "锁定钥匙箱时出现错误：%s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "已删除重复的证书‘%s’\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "证书‘%s’已被删除\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "删除证书 “%s” 时失败：%s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "未指定有效的接收者\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "列出外部密钥"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "列出证书链"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "导入证书"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "导出证书"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "注册一张智能卡"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "传递一条命令给 dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "调用 gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "始终不使用终端"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|要包含的证书数目"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|FILE|从 FILE 处获取策略信息"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "假定输入的是 PEM 格式"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "假定输入的是 base-64 格式"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "假定输入的是二进制格式"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "创建 base-64 编码的输出"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|USER-ID|使用 USER-ID 作为默认的私钥"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|FILE|添加钥匙环到钥匙环列表"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|使用此公钥服务器来查找密钥"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "获取缺失的签发者证书"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|NAME|对 PKCS#12 密码使用名为 NAME 的编码"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "从不查询 CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "不对根证书检查 CRLs"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "使用 OCSP 检查有效性"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "不检查证书策略"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|NAME|使用名称为 NAME 的密文算法"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|NAME|使用以 NAME 命名的信息摘要算法"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "批处理模式：永不询问"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "在多数问题上假定回答为是"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "在多数问题上假定回答为否"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|FILE|将审计日志写入 FILE"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "用法：@GPGSM@ [选项] [文件] (-h 获取帮助)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -8945,87 +8970,122 @@ msgstr ""
 "使用 S/MIME 协议以签名、检查、加密或者解密\n"
 "默认操作取决于输入的数据\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "注意：将不加密给‘%s’：%s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "未知的验证模型‘%s’\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: 未指定主机名\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: 给定密码但未给定用户\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr "%s:%u：忽略未知的标志 ‘%s’\n"
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: 正在跳过此行\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "无法解析公钥服务器\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "正在导入通用证书‘%s’\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "无法使用‘%s’签名：%s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "无效的命令（不存在隐式的命令）\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "经处理的总数：%lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "存储证书时出现错误\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "基本证书检查失败 - 未被导入\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "获取存储选项时出现错误：%s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "导入证书时出现错误：%s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "读取输入时出现错误：%s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, c-format
+msgid "no keyboxd running in this session\n"
+msgstr "此会话中没有正在运行的 keyboxd\n"
+
+#: sm/keydb.c:595
+#, c-format
+msgid "error opening key DB: %s\n"
+msgstr "打开密钥数据库时出现错误：%s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "查找现存证书时出现问题：%s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "寻找可写入的 keyDB 时出现错误：%s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "存储证书时出现错误：%s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "重新搜索证书时出现问题：%s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "存储选项时出现错误：%s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "错误 - "
 
@@ -9034,17 +9094,17 @@ msgstr "错误 - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "GPG_TTY 未被设置 - 使用可能是不正确的默认值\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "无效的格式化指纹位于‘%s’ 的第 %d 行\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "无效的国家/地区代码位于‘%s’的第 %d 行\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9060,14 +9120,14 @@ msgstr ""
 "\n"
 "%s%s您真的确定您要这样做吗？"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr "注意，此软件并没有官方地赞成创建或者验证这种签名。\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9078,53 +9138,58 @@ msgstr ""
 "“%s”\n"
 "注意，此证书将不会创建一个合格签名！"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "散列算法 %d (%s) 对于签名者 %d 而言不被支持；使用 %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "为签名者 %d 使用的散列算法：%s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "检查合格证书失败：%s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, c-format
+msgid "%s/%s signature using %s key %s\n"
+msgstr "%s/%s 使用 %s 密钥 %s 创建的签名\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "已签名 "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[日期未指定]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, c-format
 msgid "algorithm:"
 msgstr "算法："
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr "无效的签名：消息摘要属性与计算得到的不匹配\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "良好签名来自于"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                亦即"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "这是一个合格的签名\n"
@@ -9149,100 +9214,100 @@ msgstr "无法在证书缓存上为写入加锁：%s\n"
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "无法解除证书缓存上的锁：%s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "从缓存中丢弃 %u 个证书\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "无法解析证书‘%s’：%s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "证书‘%s’已被缓存\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "受信任证书‘%s’已加载\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "证书‘%s’已加载\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1 指纹 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   签发者 ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  主题 ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "加载证书‘%s’时出现错误：%s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "永久载入的证书： %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    运行时缓存的证书： %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "           信任的证书： %u (%u,%u,%u,%u)\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "证书已被缓存。\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "证书已缓存\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "缓存证书时出现错误：%s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "无效的 SHA1 指纹字串 '%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "通过 S/N 获取证书时出现错误：%s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "通过主题获取证书时出现错误：%s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "没有找到证书的签发者\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "获取 authorityKeyIdentifier 时出现错误：%s\n"
@@ -9762,55 +9827,55 @@ msgstr "不能在 Tor 模式下访问 CRL  \n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "由于 %s 被关闭，无法进行证书搜索\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "使用 OCSP 代替 CRLs"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "检查 dirmngr 是否正在运行"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "添加一个证书到缓存"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "验证一个证书"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "查找一个证书"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "只查找本地存储的证书"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "--lookup 选项需要一个 URL"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "将一个 CRL 载入 dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "被 Squid 使用的特殊模式"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "预期为 PEM 格式的证书"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "强制使用默认的 OCSP 响应者"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "用法： dirmngr-client [选项] [certfile|pattern] （-h 获取帮助）\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -9822,215 +9887,211 @@ msgstr ""
 "如果证书有效，这一进程将返回 0；如果证书无效\n"
 "将返回 1；其他错误代码则代表一般性的失败\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "从标准输入（stdin）读取证书时出现错误：%s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "从‘%s’读取证书时出现错误：%s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "证书太大以至于没有意义\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "无法连接至 dirmngr：%s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "查找失败：%s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "载入 CRL ‘%s’ 时 失败：%s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "一个 dirmngr 守护进程已开启并正在运行\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "证书验证失败：%s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "证书有效\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "证书已被吊销\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "证书检查失败：%s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "已获取状态：‘%s’\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "写入 base64 编码时出现错误：%s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "不支持的查询 '%s'\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "需要绝对文件名\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "正在查找‘%s’\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "列出 CRL 缓存的内容"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|FILE|从 FILE 中加载 CRL 到缓存"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|URL|从 URL 处获取 CRL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "关闭 dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "刷新缓存"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr "允许在线软件版本检查"
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|在一次查询中最多返回 N 个项目"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr "网络相关选项"
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr "通过 Tor 转发所有网络流量"
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "公钥服务器的配置"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|使用 URL 处的密钥服务器"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|为承载 HKP 的 TLS 使用 FILE 中的 CA 证书"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "对 HTTP 服务器的配置"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
-msgstr "禁止使用 HTTP 协议"
+msgstr "抑制 HTTP 的使用"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "忽略 HTTP CRL 分发点"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|URL|重定向 HTTP 请求到 URL"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "使用系统的 HTTP 代理设置"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "对要使用的 LDAP 服务器的配置"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "抑制 LDAP 的使用"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "忽略 LDAP CRL 分发点"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|HOST|使用 HOST 进行 LDAP 查询"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "使用 --ldap-proxy 选项以不使用回退主机"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|使用此公钥服务器来查找密钥"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|FILE|从 FILE 中读取 LDAP 服务器列表"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "添加从 CRL 分发点发现的新服务器到服务器列表"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|设置 LDAP 超时时间为 N 秒"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "对于 OCSP 的配置"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "允许发送 OCSP 请求"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "忽略证书包含的 OCSP 服务 URLs"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|URL|使用 URL 处的 OCSP 响应者"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|OCSP 响应由 FPR 签名"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "强制载入过期的 CRLs"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10039,11 +10100,11 @@ msgstr ""
 "@\n"
 "(参阅 \"info\" 手册以获取一份所有命令及选项的完整列表)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "用法：@DIRMNGR@ [选项] (-h 获取帮助)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10051,113 +10112,293 @@ msgstr ""
 "语法：@DIRMNGR@ [选项] [命令 [参数]]\n"
 "@GNUPG@ 的公钥服务器、CRL 和 OCSP 访问\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "有效的调试等级为：%s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "用法：%s [选项] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "套接字名称中不允许使用冒号\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "从‘%s’处获取 CRL 时失败：%s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "从‘%s’处处理 CRL 时失败：%s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: 行太长 - 跳过\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: 检测到无效指纹\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: 读取错误：%s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: 已忽略行尾部的垃圾数据\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "接收到 SIGHUP 信号 -正在重新读取配置文件并刷新缓存\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "接收到 SIGUSR2 信号 - 未定义要进行的操作\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "接收到 SIGTERM 信号 - 正在关闭...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "接收到 SIGTERM 信号 - 仍然有 %d 个活动的连接\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "强制关闭\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "收到 SIGINT 信号 - 立即关闭\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "收到 %d 信号 - 未定义要进行的操作\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "以记录导向的格式返回所有值"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|NAME|忽略主机部分并通过 NAME 进行连接"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr "强制 TLS 连接"
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|NAME|连接到以 NAME 命名的主机"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|连接到端口 N"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|NAME|使用用户名称 NAME 进行身份验证"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|PASS|使用密码 PASS 进行身份验证"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "从 $DIRMNGR_LDAP_PASS 取得密码"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|STRING|查询 DN STRING"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|STRING|使用 STRING 作为过滤器扩展"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|STRING|返回属性 STRING"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "用法： dirmngr_ldap [选项] [URL链接] （-h 获取帮助）\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"语法：dirmngr_ldap [选项] [URL链接]\n"
+"Dirmngr 的内部 LDAP 助手\n"
+"接口和选项可能在没有通知的情况下改变\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "无效的端口号 %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "为属性‘%s’搜索结果\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "写入到标准输出（stdout）时出现错误：%s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          可用属性‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "属性‘%s’未找到\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "找到属性‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "正在处理 URL ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          用户‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          密码‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          主机‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          端口 %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            DN ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        过滤器 ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          属性 ‘%s’\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "‘%s’中没有主机名\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "未指定查询‘%s’的属性\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "警告：仅使用第一个属性\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP 初始化至 ‘%s:%d’ 时失败：%s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, c-format
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP 初始化至 ‘%s’ 失败：%s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, c-format
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP 初始化至 ‘%s’ 完成\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "绑定至‘%s:%d’时失败：%s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "搜索‘%s’时失败：%s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "‘%s’不是一个 LDAP URL\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "‘%s’是一个无效的 LDAP URL\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "访问‘%s’时出现错误：http 状态码 %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "URL '%s' 重定向到 '%s' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "过多重定向\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, c-format
 msgid "redirection changed to '%s'\n"
 msgstr "重定向更改到 “%s”\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "打印日志行时出现错误：%s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "从 ldap wrapper %d 处读取日志时出现错误：%s\n"
@@ -10187,51 +10428,31 @@ msgstr "等待 ldap wrapper %d 时失败：%s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap wrapper %d 已挂起 - 正在关闭\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "主机名中存在无效字符 0x%02x - 未被添加\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "正在将‘%s:%d’添加至 ldap 服务器列表\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc 方法失败：%s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "‘%s’不是一个 LDAP URL\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "‘%s’是一个无效的 LDAP URL\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch：无效的模式‘%s’\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search 方法触及服务器的大小限制\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: 给定密码但未给定用户\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr "%s:%u：忽略未知的标志 ‘%s’\n"
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: 正在跳过此行\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10317,91 +10538,91 @@ msgstr "计算‘%s’的  OCSP 请求的散列时失败：%s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "并非由一个默认的 OCSP 签名者的证书签名"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "分配列表项时失败：%s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "获取响应者 ID 时出现错误：%s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "未找到合适的证书来验证 OCSP 请求\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "未找到签发者证书：%s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "调用者没有返回目标证书\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "调用者没有返回签发的证书\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "分配 OCSP 上下文时失败：%s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "未定义默认的 OCSP 响应者\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "未定义默认的 OCSP 签名者\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "正在使用默认的 OCSP 响应者‘%s’\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "正在使用 OCSP 响应者‘%s’\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "获取目标证书的 OCSP 状态时出现错误：%s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "证书状态：%s  (当前=%s  下一个=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "良好"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "证书已经被吊销于： %s 原因是： %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP 响应者返回了将来的状态\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP 响应者返回了一个非当前的状态\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP 返回了一个太以前的状态\n"
@@ -10411,67 +10632,71 @@ msgstr "OCSP 返回了一个太以前的状态\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) 方法失败：%s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "ldapserver 缺失"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "证书 ID 中的序列号缺失"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire 方法失败：%s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url 方法失败：%s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "发送数据时出现错误：%s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch 方法失败：%s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert 方法失败：%s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "超过设置的 max_replies %d\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "无法分配控制结构：%s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "分配 assuan 上下文时失败：%s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "初始化服务器时失败：%s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "向 Assuan 注册命令时失败：%s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan 接受出现问题：%s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan 处理时失败：%s\n"
@@ -10514,51 +10739,55 @@ msgstr "证书链良好\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "证书本不应被用于 CRL 签名\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "静默"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "以十六进制编码打印数据"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "解码接收到的数据行"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "连接到 dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+msgid "connect to the keyboxd"
+msgstr "连接 keyboxd"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|NAME|连接到名称为 NAME 的 Assuan 套接字"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|连接到地址为 ADDR 的 Assuan 服务器"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "运行命令行中指定的 Assuan 服务器"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "不使用扩展连接模式"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|FILE|在启动时从 FILE 处执行命令"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "在启动时运行 /subst"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "用法：@GPG@-connect-agent [选项] (-h 获取帮助)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10566,173 +10795,186 @@ msgstr ""
 "语法：@GPG@-connect-agent [选项]\n"
 "连接到一个正在运行的代理人程序并发送命令\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "选项 “%s” 要求一个程序和可选参数\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "已忽略选项 “%s”，因为 “%s”\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "接收行失败：%s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "行太长 - 跳过\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "行已被截断，因为内嵌有 Nul 字符\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "未知命令‘%s’\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "发送行失败：%s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, c-format
+msgid "no keybox daemon running in this session\n"
+msgstr "此会话中没有正在运行的 keybox 守护进程\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "发送标准选项时出现错误：%s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 msgid "OpenPGP"
 msgstr "OpenPGP"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 msgid "S/MIME"
 msgstr "S/MIME"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+msgid "Public Keys"
+msgstr "公钥"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr "私钥"
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 msgid "Smartcards"
 msgstr "智能卡"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr "网络"
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 msgid "Passphrase Entry"
 msgstr "密码条目"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "组件不适合启动"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, c-format
 msgid "Configuration file of component %s is broken\n"
 msgstr "组件 %s 的配置文件已损坏\n"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, c-format
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "注意：使用命令 “%s%s” 获取详情。\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "组件 %s 的外部验证失败"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "注意，群组规范已被忽略\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, c-format
 msgid "error closing '%s'\n"
 msgstr "关闭‘%s’时出现错误\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, c-format
 msgid "error parsing '%s'\n"
 msgstr "处理‘%s’时出现错误\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "列出所有组件"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "检查所有程序"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|COMPONENT|列出选项"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|COMPONENT|变更选项"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|COMPONENT|检查选项"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "应用全局默认值"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 msgid "|FILE|update configuration files using FILE"
 msgstr "|FILE|使用 FILE 更新配置文件"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "为 @GPGCONF@ 获取配置目录"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "列出全局配置文件"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "检查全局配置文件"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 msgid "query the software version database"
 msgstr "查询软件版本数据库"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "重新载入全部或者给定的组件"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "启动一个给定的组件"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "关闭一个给定的组件"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "指定输出文件"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "若可能，在运行时激活变更"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "用法：@GPGCONF@ [选项] (-h 获取帮助)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -10740,15 +10982,15 @@ msgstr ""
 "语法 @GPGCONF@ [选项]\n"
 "管理 @GNUPG@ 系统的工具的配置选项 \n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "需要一个组件参数"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "组件未找到"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "没有参数被允许"
 
@@ -10764,149 +11006,216 @@ msgstr ""
 "语法：gpg-check-pattern [选项] patternfile\n"
 "按照 patternfile 检查一个由标准输入（stdin）给定的密码\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "强行对称密文算法 %s (%d) 与接收者的偏好设置冲突\n"
+#: tools/gpg-card.c:2389
+#, c-format
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "注意： 已有私钥 %s 被存储于卡片上！\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "写入临时文件时出现错误： %s\n"
+#: tools/gpg-card.c:2392
+#, c-format
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "注意： 已有私钥被存储于卡片上！\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "为服务器使用日志文件"
+#: tools/gpg-card.c:2395
+#, c-format
+msgid "Replace existing key %s ? (y/N) "
+msgstr "替换现有密钥 %s ？(y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|FILE|将服务器模式的日志写入到 FILE"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, c-format
+msgid "%s card no. %s detected\n"
+msgstr "检测到 %s 卡片 编号 %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "在不询问用户的情况下运行"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr "用户交互标志设置为“%s”——无法更改\n"
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "允许 PKA 查询（DNS 请求）"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
+"警告：正在将用户交互标志设置为“%s”\n"
+"      只能使用出厂重置还原！\n"
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "控制输出格式的选项"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr "请使用“uif --yes %d %s”\n"
 
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "控制使用 Tor 的选项"
+#: tools/gpg-card.c:3668
+msgid "authenticate to the card"
+msgstr "验证卡片"
 
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP 服务器列表"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr "向卡片守护进程发送重置"
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "正在请求密钥 %s 从 %s 服务器 %s\n"
+#: tools/gpg-card.c:3672
+msgid "setup KDF for PIN authentication"
+msgstr "针对 PIN 身份验证设置 KDF"
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: 未指定主机名\n"
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr "更改私有数据对象"
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "无法解析公钥服务器\n"
+#: tools/gpg-card.c:3675
+msgid "read a certificate from a data object"
+msgstr "从数据对象中读取证书"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "以记录导向的格式返回所有值"
+#: tools/gpg-card.c:3676
+msgid "store a certificate to a data object"
+msgstr "储存一个证书到数据对象"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|NAME|忽略主机部分并通过 NAME 进行连接"
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr "储存私钥到数据对象"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|NAME|连接到以 NAME 命名的主机"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr "Yubikey 管理命令"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|连接到端口 N"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr "管理命令历史记录"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|NAME|使用用户名称 NAME 进行身份验证"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "检测到的卡 S/N 码为: %s\n"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|PASS|使用密码 PASS 进行身份验证"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "卡片上没有 ssh 身份验证用的密钥：%s\n"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "从 $DIRMNGR_LDAP_PASS 取得密码"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "请移除当前的卡并插入具有以下序列号的那一张"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|STRING|查询 DN STRING"
+#~ msgid "use a log file for the server"
+#~ msgstr "为服务器使用日志文件"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|STRING|使用 STRING 作为过滤器扩展"
+#~ msgid "connection to %s established\n"
+#~ msgstr "已连接 %s\n"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|STRING|返回属性 STRING"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "没有正在运行的 gpg-agent 实例 - 正在启动 ‘%s’\n"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "用法： dirmngr_ldap [选项] [URL链接] （-h 获取帮助）\n"
+#~ msgid "argument not expected"
+#~ msgstr "未预期的参数"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "语法：dirmngr_ldap [选项] [URL链接]\n"
-#~ "Dirmngr 的内部 LDAP 助手\n"
-#~ "接口和选项可能在没有通知的情况下改变\n"
+#~ msgid "read error"
+#~ msgstr "读取错误"
+
+#~ msgid "keyword too long"
+#~ msgstr "关键字太长"
+
+#~ msgid "missing argument"
+#~ msgstr "缺少参数"
+
+#~ msgid "invalid argument"
+#~ msgstr "无效的参数"
+
+#~ msgid "invalid command"
+#~ msgstr "无效的命令"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "无效的别名定义"
+
+#~ msgid "permission error"
+#~ msgstr "权限错误"
+
+#~ msgid "out of core"
+#~ msgstr "内存不足"
+
+#~ msgid "invalid meta command"
+#~ msgstr "无效元命令"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "无效的端口号 %d\n"
+#~ msgid "unknown meta command"
+#~ msgstr "未知元命令"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "为属性‘%s’搜索结果\n"
+#~ msgid "unexpected meta command"
+#~ msgstr "意外的元命令"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "写入到标准输出（stdout）时出现错误：%s\n"
+#~ msgid "invalid option"
+#~ msgstr "无效的选项"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          可用属性‘%s’\n"
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "选项 “%.50s” 的参数缺失\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "属性‘%s’未找到\n"
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "选项 “%.50s” 不需要参数\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "找到属性‘%s’\n"
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "无效的命令 \"%.50s\"\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "正在处理 URL ‘%s’\n"
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "选项 “%.50s” 含义模糊\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          用户‘%s’\n"
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "命令 “%.50s” 含义模糊\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          密码‘%s’\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "无效的选项 “%.50s”\n"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          主机‘%s’\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "注意：没有默认配置文件‘%s’\n"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          端口 %d\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "选项文件‘%s’：%s\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            DN ‘%s’\n"
+#~ msgid "Note: ignoring option \"--%s\" due to global config\n"
+#~ msgstr "注意：由于全局配置，忽略选项 “--%s”\n"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        过滤器 ‘%s’\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "无法执行程序‘%s’：%s\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          属性 ‘%s’\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "无法执行外部程序\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "‘%s’中没有主机名\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "无法读取外部程序响应：%s\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "未指定查询‘%s’的属性\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "使用 PKA 数据验证签名"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "警告：仅使用第一个属性\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "提升带有有效 PKA 数据的签名的信任度"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "LDAP 初始化至 ‘%s:%d’ 时失败：%s\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC 和 ECC\n"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "绑定至‘%s:%d’时失败：%s\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "获取密钥时使用密钥上的 PKA 记录"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "搜索‘%s’时失败：%s\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "注意：已验证的签名者的地址是‘%s’\n"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch：无效的模式‘%s’\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "注意：签名者的地址‘%s’不匹配任何 DNS 记录\n"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "ldapserver 缺失"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "由于 PKA 信息有效，信任级别调整到“完全”\n"
+
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "由于 PKA 信息无效，信任级别调整到“从不”\n"
+
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|FILE|将服务器模式的日志写入到 FILE"
+
+#~ msgid "run without asking a user"
+#~ msgstr "在不询问用户的情况下运行"
+
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "允许 PKA 查询（DNS 请求）"
+
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "控制输出格式的选项"
+
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "控制使用 Tor 的选项"
+
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP 服务器列表"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "注意：旧的默认配置文件‘%s’已被忽略\n"
@@ -10959,8 +11268,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "不能为写入打开 %s ：%s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "读取 %s 时出现错误：%s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "写入 %s 时出现错误：%s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "关闭 %s 时出现错误：%s\n"
@@ -11054,47 +11363,8 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "对于 OCSP 响应只有 SHA-1 被支持\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "等待 dirmngr 启动 ... (%ds)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "与 dirmngr 的连接已建立\n"
-
-#~ msgid "error for setup UIF: %s\n"
-#~ msgstr "设置 KDF 时出现错误： %s\n"
-
-#~ msgid "change the User Interaction Flag"
-#~ msgstr "变更用户交互选项"
-
 #~ msgid "Do not export user id or attribute packets"
 #~ msgstr "不要导出用户标识或者属性包"
 
-#~ msgid "selected AEAD algorithm is invalid\n"
-#~ msgstr "所选择的 AEAD 算法无效\n"
-
-#~ msgid "invalid personal AEAD preferences\n"
-#~ msgstr "无效的个人 AEAD 偏好设置\n"
-
-#~ msgid "chunk size invalid - using %d\n"
-#~ msgstr "块大小无效 - 使用 %d\n"
-
-#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
-#~ msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n"
-
 #~ msgid "Do not import user id or attribute packets"
 #~ msgstr "不要导入用户标识或者属性包"
-
-#~ msgid "         \"%s\": preference for AEAD algorithm %s\n"
-#~ msgstr "         \"%s\"：关于 AEAD 算法 %s 的偏好设置\n"
-
-#~ msgid "too many AEAD preferences\n"
-#~ msgstr "过多的 AEAD 偏好设置\n"
-
-#~ msgid "encrypted with unknown algorithm %d.%s\n"
-#~ msgstr "以下列未知算法加密 %d.%s\n"
-
-#~ msgid "WARNING: encrypting without integrity protection is dangerous\n"
-#~ msgstr "警告：无完整性保护的加密是危险的\n"
-
-#~ msgid "Hint: Do not use option %s\n"
-#~ msgstr "提示：不要使用选项 %s\n"
diff --git a/po/zh_TW.gmo b/po/zh_TW.gmo
index 2ef8ff80b8ba682ceadd3d309d701306b2bc9219..13c307a5498fd24c91ed1ce97da4eb0b0e7014bb 100644
GIT binary patch
delta 42606
zcmaIf1$b0fqwevUpn)V1+?n7K+#$FZ_u>s9K#%|t90n`y7Oc2KaR^W-S}5*XoI)vH
zq&VFFJ8R`T-0wX1?&oZN%h%dV_Du3Y&(;q~VqYe4-%JsIrh_X_B8MXrwkhLqO!js-
z=0_;i;kYu};V6Jtu^c9v<8UN)IviCoE%CZ@9gd^e5mREpc@9T9tb$pwHD<(tsP<zp
z6>c?gx8tZyc!1f-_-Nx<=bH+}t&LC>!!ZSpu<=<oe=Qaz{dX*-c5J-ZPYy>l;+?P{
zuEpAT4NE!P4o8j!rr|c2iHzQu6eppcaISSTrYC+3Rqju#bD@c6K|Ogn%z;g9dVlmM
zJ`3~XD$Io!FuR+;M*^ua>moB{CD4a>Gfa*h&=(^y4Gu#MU^c3wZK(R!Q28%V9VA-p
zaAd%O7>Kn|57q}&e>l2TVIhG4+>UDK3aa8WtM?KU&ta{InweHM9$}q`nt@fQCEAbb
z@B*sC+cy3gwUpjVnSW(uS!xQF!;HjhqNXgw8jYHX(U=owV-oxoHSnX@03TybEVs<z
zD1jqTOSTg=Bj-{5eLy{6+U3lD4gy7&n~WBik9ZVj!-d!u51=ZzRyZ7mu^jqgcg&0f
zQ3IKSW$+iwgKtpnXIW{Mpep7j-V61hv)u$VWm_>9p0pXSu?q3zs~nE<*aWlSRMfyW
zVop4ds`nl>0M}}hUIkUI3uedhm>V~s3ooN)!u^hb)*|&9laLP;uZddYHmIqO!aVpR
z>WS8)%AH4@`-iBGKA{HcT5HNxM8!K=N1z6}1Q~$aamZ%e!AfK})|n@&jOwThX2pr9
zwfq?i;Sp4aZ&8~#<IiS^ilSz;9_k4@+4u<5jLb*1w-@v3{NJ(#yw{s2&W4)OvZyHz
zMjsrFNpS{h4=h4;aMt<^1BoZyz){4~sF_Q-(M){~EKa;G*27^~i~b#_38;f~n~XV8
z9Ti1QT?OofZE-RlLT$RHo6P_t(3|*d)TUa3dct2(OLG$w;7e?Q@30y++`{}9ATX0a
zVLXTh@io@Q>|4!g=z;l(&qi&cL#Wg61T~OE+w8zGIq{;Xy;BtvVQcim5Y!SxpvukM
z#{6qdSCF6%_Mt}p1hoV{+szCVLv`2~Q(+HGh{I9!$6^{>ikg94r~zEUV)zU-kZiGL
z3G$&HynQV5pO3&q6116ipg&$mJ?S&ljHKDYryf>EZOZznDUZaIIM}97MPK6EQA>9S
zwMXt@8g%S5_0yteAjnNXBddoMu^AS}nOGK&VQNgU%gjhdRKrzJQy+|aVmGG8d8irM
zhNbZsYU<<tV)9d115pEV*C3FQKwC_L{ZTV9614=YQ0M-%jlaYA#Ix=;9pymHOc_*1
zRj?E`!jd=^HP!pD5<bJ4SZI%DY21#!1j>-G7PSfQV-TkKm7{`9P!$$oC47h#Fz;To
zXS!f{;xn)Yp2K9AexI4yyqJY}5!BK&MCG@`Y&!qp1oY%nu`JF<P5EU^flpCW>ez2)
zCN*l0ltJa!L3Pj$J$nIFek$t8SD^OH1=LKvN9`@I11u5!JMt0GREMB8+c?yw+=&7B
zCu(LA9yH}jp<XoYP-{LOGvacaz902K&rkz=k0sFOka>VAsDXAucRB(C2xvD>M;)tW
zm<`wBY&?avu=8&weIw=}ejan+C)5)M9Oi^zNi2ecP&2t6Gvgu5fOk;?|9qJF*VLsw
zVs>ju)W~|G3XVVxWC5nd{iu$vVpe>Hi_q_P)6oXhO#Fs=@;f&E+QyR~H63S1wO{@y
z^RF5Bo`fpc8#Usss7-PVwbs{A$K?s;#CXT-=0Xj)2)eL3s$3`3KnA0hbdJsc9rF<X
z+vcZmA2$^XViGbMpcl46HQW|8px&tCH5xUbS*Ryih3e=aYD#aR%D+d|Pj<o#C_Cyw
z%cANx!A$55wHd=v4a`F|ybU$-GpL5XVp2?b(j2?2IGT7JY>DU5g#}KT-CZBGbbU}A
z%|Y#r?Wp7W33JoGqwHyO-aDYybRp)#y{Lga!2IYuV>VR*RKx8t5Qp3N2GrD^!xH!r
zi(-+pW`;VV+8K(PfpwTk=l@rm@CRlm<0&#ShyOXV*~(xc;`LD-55WSs*ruPxe8j(^
zc6q+@=0R$q_DUDbi<8iWJ8b$@^rwHvR{}NA|AHy-Jr*I}AJxEG^ue>}i#IVIKC$^P
zP@68zMYB`|P)k)AHKX-#0ro&GfzKslV|4c-VKxC5dS5nAmJcTr{~p!AL)4ljzGA)?
z)Ii0jU?n_d<H@eFv542h3b+_m?lum?EZ59ZFTxVUZ(L*k>k~-%2cLY{0X0=SPy@J&
zAsBJp4CE395dRmoROxP*0SBShwkxXsEYu#_XY>EUyTnu9<OS#C8xXc8{`D5~uP1DM
z+Z>yLn2z{V^v5-r40mH<Jb}u;XyeZ?Bk{MW0i?WRHf2RDM!Y*F!bPYjUWHnko2Vsz
z<R*}sKqiK#-CGp(WUWyRx-lEBweeFn{sCR2XTE3FyaHAv-WauKrlC&H4%FT`k9v^X
z))$zDxZClk8DUz?L_$`~j6v2`s25W|EQlje$8Ixfz_-waiSP5ab29y?c2+(xOLNHj
z5;Y*#UuK}?kb$}#15LoO7z<J0h>gF+RKznsG%u#2sQkKE7zbe%{25c?3DnZu#`yRi
z^~7ILGvN2PDVGrgh!?`tI{%G40Y2SO4Gc!jz${b)TQLP5LQU;u)WAO5^c0WGcfp*P
znDj!Zft5xrVGC@DBd|N(K%J8B9+OW0js*n9;5%%D!=CVk5zk{EjD5<^#)8jy-Qpaq
zf%k1Z@Ht<#iTA_WxEnRVgfGnT%!t}-ZBQ?+NmxeZ&|R3ozXS?l?tjcKZGqa=6EQcg
zMy>r>)UI~CG*4I@wX2(;8Xk*jF&4Gfr%{{x5o*dEugv#_Y#2zi<}2o31*1r4ijz@O
z_b2LD#(Qn1K0AgHFNxY*i%<>jvGH5zL;Mr^qxTzAE+gh4UK-V5Fc!s0Hhupa=3h_t
zh=hEY{$KL~sfLw_hodTN#PWF08t~R^!uFV-^eL!zcB5wQu{F^<v!}A7i}WBHZ;L9|
z$4x*_G|d*+fSQprSP~zjHeI&&X3c7$)_ypq$D^p3x`!HQybn54)WrzgjukNPN3#dI
zpdMr{YOlDj5GYO{+b1*iEigOrKBy;}ixu%GRzvU4W>eM2>cl6bX5b<gLFX4fDX|!;
zgW=W_sQffv&0eX6p7Y;_Koc_NV>x_*6*17^^nB^;j@n$?P;bI}Ha(%!>G{gm0LPL(
z4K;I_yi9s2%u9R#>U1o#@rS4fOA*h>%(z)+0-Cy^SQocod33~gdVUb8fR%_2L{0r}
ztcCFsI6WU)bukC=C8&WOLACb=^~8Dj#L-N&!b-RdE8u;sL;sE(iOh(5p$crl68IXm
zYxD8@R&CA}SPF-uo?sU$|8LYWPUCH?iCWTrsDb^A{qP)WKy{KhJ$q^}x^=#n5@1#x
z$59QRNb2-#s*jj}ct#(m=L<&wW+t8!M_^U_4UeD(IMLVX`Pkio>gX0~FZuhK87YAi
zh<8EF;2S@u+f%VZGBf32s3%#8W$=oPr$}zrzAEM-y%PrDL}U{=HlSwWB5LNm{GFax
zcWF#cycTLnT4H;gfd2Tz-|h6gD!-7R&66^P)APnEh$)FzLpAU{Cd4rG#$M=y18n|i
zOiFw<>P@-~^&l5eGms#q)AQqaUespqfZAi*-2^;qjasvOshpnoL3`BN4MH8S#i%#g
zNz8)(VmeHn+UfbZpdh9qULG~D#^{UfQM<nfYN<Eb^sDG1?*5BFMgob`7;|76;+0T)
zp@mH!g?_}BU=rMfnz7xe0bNGzjek)~lPaz0pd_mO7MKYmZF~w=(YtCL0abjCY0)>G
z)AMG_iJF;;sF{dH9k02lj(<lrd=J&(SJc!8q&G|02=ySHQA;-jHP9bXGq()AbpH1c
zC{4mXREO^|H5STXW}rH%<0#Y;EI}>FaT|Y&>d2MR)Gvj4b@xDR&Sj_pA43iFKB|18
zOl)eM|11PtSQ+(19Z(}2f|{8a)YNT5?ecS&4Zor~$d=jc?pmmU4MgpQm8kN&QJeU0
z>j#^kGz;fnPwFC|4oad%*u)x*+Ql*GnR1(c4>eN>vYNe64pR`Xf!cH}u^e{BAY6)i
zKio$3lhkESQ63lP-$g=E67*@-1oh-SFe{Ei&BzMWaXf$;$R*Uk{;~Pl0?bTRK-Fu5
z>S&NnpM%;Pv8X-v7ixyS2Dr_KM5=7&#Zmz^BcZ4_*g(|4enxGcBUlU{pw>7;cJs<^
zgxW*XP&0EJ^}=!HFng#tYVU-gW_SW>>DIdmBp`4B^<>vjBYcB;V&9y`0MtNApa$3g
z%VH?%i5J=Qeb!6XC#a?I%4N!>M(u?XsP^172xv3?U^7ObUa>P!=l>Vf5<Eh^$r9!^
z1IUMZ;!3E~(I2(;D^Y8`4Yl^Su`*`PV`iW|>H)?er@-x4KtLUCvjwiBc5#Bdro$qr
znQ4Yvf?lWrO-7xLwU`u-qNesD>IvVXo-lDfv!}A5>Xkz+O$(2lzi|ZgWP4Dr$UCUb
z<DK7_3$-b$qL!u&YHviL&hZM=0QcDV73*`<KoSO;dTCMZ6ha-#T9}jm9nl2zB=b;D
zxDz#?E2xjjPpBoTUcfZe1@+BlDC&vVpl09%CdMnMCAfpyWIhGW?k|e!xC5&GWb}Og
z?<Amx?w|$`uaM~|8)|9FqGlu*T{r}_L<><J97oN}Kd6Cw7dA6e0QF$CP`keqdOAkE
z(svf-{A)AZBtai4uhDZZQM)!(5i`ZP(T8{i)NZeXYPcI}U}I4Yu0YR#tpA_}l(wiT
zR}S@{-=hl$6y^NuiRY1^^Slc^PlD>eyO^2E+^DH*j7oQ-*77IR+HXhgowKN=dXE}t
zrsAffAk>VtMfEopb!t|*38=y))KtGmt(~icX|N7z#F41uI1|<3A=GZZg?iz9L``jx
zlIDq9qXy(gwYL(r1m{roKcZ&Fou-r-X<1Z(RyIBYHK3)a899b7yo*|zc%{wKq(QwA
z3!tVx*v3brI`{>33~!;@d5?Nv|1zEdyB);|Xbsz;3kRYK&PP4@R@9SSLQScotQnXK
zHQ<`4{9dT?b5TpQ+s3b<mg*B~#!{CvpB+Uozdrvv5KzTQr~(_&g(qzKQ`D3t3o;$&
zLp@m|)S5=42DTVA@clObDr&7iqh>NwdDBi+RC+s1NB@q&1hhu8(9-~Fimsv>{$%qr
zRWJ?JL=7k$J-Z)0yC2o?ahv}L^<W7qIvt5HH|jl6$XX8F`dF+<Kp!@JZN_+12QjE!
zzZq5T7HVM0D)EyG7DcW75Y$p^Mh)Z-)Dt@@o0-gw%CBYZjjA`dGUs1wcgiNbLp?!Y
z6|<S@pc?FrTEkhWUA@8PUq;Q`XH>a7RZYkBQ1K|#49!7(U)YY-@GsQN1XgpK2J2Td
zo2CzH56nP4=|<F&oJYO$A7e7iT-`iT0aQoLQRxFw4=^6JH`ZVyyoBX2PYv^Bv?Ep`
z-px&*Jb`tnH{m1HnmcNmfw)j34MNR8JJgKzMGb7R&EJXs#Q#8jC_P0jY5ZDd>C$0*
z;<Zrq>!HfK`w~b(U@W?D25NV2L+yd9sN?h+HP95b&671my^sc>rgkkR#_Om7+()(Z
z$?E#fl&^+*ph#pX-Hw?AH066xGjJ6(^5>|vi&w`yfeSU_hNy-+pq6M9YO}3IZL%|{
znR##ZuWR;FUTXs^Lw+=t*7@H+Kx_CAH8S6N=I8T5sD{H)$7d$0+)t=C-2oeah<ak*
z`sN99pk}NIs$6f>yFLcBgukIq(@o5!^Y7Qd%s>g$+BZTyd2iG=l}YG%FQ8`TDrz84
zQ4OVNXv$YXm1~d6?~6Ju^HC3W2(_dSQ1zURIRARWA_O$`-=lVIII4lUsQkS){s6U9
zNgJDva-%w^Xzh%(h)+hnH?E+TC_xkRvtu6A083dLG~xVf%{r5yC!T^D>CadJPh&jv
zYwC2kFa@fCV%9pSfrg+u9D|y{ZK(DxqL$(%Y9Ps*nY~jCUBp{7<NT|`ek7>iT+|fp
zKt1Vs)Th^T)QiTuxmnBNs8?wR)BwU!Gcg@q_zUWETu04l(iY~}l|pUaVAMc=bQ93#
zSdN<N^R~bT)aJ?Zz4>BN4fQ!c5VdxjPz~HcJ(;tm89)xy1Jp&ma5|%o=TcO;3#fMA
zqS|q1Ze=!EJ=EqJikgubsD`#<Sv+ggeOjCRf~ciyh<d{QSQ?k3I=YEk0%sfZi;XO(
zrE7wk>2Ap8c00xr&{wbBs5jFq)cMTZ)(ofx>Ued-nm8P_$&O(aOxeyXRddvgMA-N=
z)OX4CsLg#4)$vv9TlD<zf2rG>CoPI<pdRWS-UHR~1k|}*ikgw#sB)KW`dd^7$$v0w
zn+uiy9cm`JqLz3f>YLLqsHs1NrQ8I*5YT2R8El>;6jgB;Y6_Rx_<qzL`4hF<lXfth
zvNRSa9)jw4HmbuNsHJ&;E=&<(maG`6TpM(2Hx4483X9MePobXpI%>_{p!SAuM>B;1
zsF|sVdZOm284E+r#2EC(1*jQYg=+60>NH)q>Hl`*{Od;~|4{S9*-!<lqmEyD)C>$n
zZNk~80i8$HdyG1EpHO=zM<=u9^-%*0LFM;BwYLD({w`Gg3!U7iz<m<*1iqckn<^01
zKsnSdua8BsFX~Cwpiap_bm4te!wI|Smr4$Y3$@v@qdr|Lqh_!!s=Xi3g=5_WRB#Oj
z;qRyh5`>v2N{reIMNu=+47GL<Hhr3Pn@zuhI^XY5OOd6kX}>t?0UM+0_eL$bdny4n
zychL^*RdET>t;4vRn!2wq90B~J;{7bh8s~0?n5onZPd(U>~1<Pk2;2}QG1~mY9Qm0
zfw~=Q2*fAh3~CB5qB?kvsu-__nZk6awa<=4upH`1d!Pm|9rY^Sf||iAsMGQXYBPF;
zn;G>%4WJ|z(C2?M0y-umPz`KA7hXWE^&1=a>uFw8g-}n@34L%FmcmJ>4iBRS^b}R!
zx0jiTT&NdaHB>(XF(dsu7TJv5sHJ#?n#$z8%?qUts>7aG1IMA(?ks9oe?`qq#t0KH
zhKe^p)$5Gf3&X9mQA@fWJ%9i2ECEgBSJc$xj5IHpYN)mBjU{k8s^U@9lRiNWAZ3(!
zqC%)8Yl>RRFw~1}1Zq!hMtzDtKs~5`H0NIh3Pzib+M=e$jry*)47Dk@qt^6q)YLvf
z9Z#P=<_WW60^(&cK2}0)*6LUro1$iJ0cvLMqu!vO`*8l%P`<vVq4KC1_#Tzs7gb@L
z&0m6g!ab-bKZhF7Gt|edUq7=sE27@4y{$7*du%7F<NK)hKniz%GgakK3C&PbJ_PmT
zi%@HL9yK%1P*a<7fcX$9fEsXH)YJ|_)mw?0*=siLJ<#l#Ak+hNMb&e=322utKs6AH
ziSRD!#q<c1V&Xw&%~GMBv<PY-9Z-8=5UQP}sD^i=j`1I;&x+@$O_*@7nXydhIsZWf
zG}Rq!Ml|Z<aVF}+=r`0<o<}wO7BwSjhM0H}RQ-miav`XJjYhqo7Ng$vn^2qZ0BW=U
zi}`f^GqDGhP!qLAJy0_-2Q}hDs3*IITJu+^rAju`JYi|najc7FZ~$u0Y(;I#6R2~4
z4$GqVFjKD@2I~BOPe4=pBkIYwqt@sFY7IYPDa<$A46FkxeIhD-H<rWKsCEjEFq<$K
zl|CIcpwp-a{R?$Ed`EKr^|6_WfTpGfYNP{DBi)3Wx+kasea0l1;zu*(nXQFUPhJ(Z
zM1xW9i}|RTIfwcfc8oG#RPvzSBW*`<{&jqYlHkHcs7<pURq-Mw#(1O6`@jdawpq}H
zrBNNVM4gVwsJ*cjwUnn(oA{$O{TNfO6ly?i#;}%}vXLYd$8D%7dW3pIB_C@F7C^0i
zGt}Dm#)LQ*tKwqRp1F_OE6K;1a(PkhH%1L`1gia2s0Tacwh5O}9ezfwZHDn?25O@k
z?u%1!32FevCYUE|gEfhdL7n?Es67;KqUop@>dn^@bvhQI`Z<Jp&$#c{gm{xo$1c=)
zZGbA+3AGd>Pz`TFy}|CFK34rEo3%`b+Dqk7dmt3G6eH1v3sFnA&&IDI?YkWx31}qg
zrkIAxq8ez6+Ju9!GRE5c_o&Z?OjFG!EQoqxRYncGHtN{^fG+HV+H5hXy|xSWVAn8}
z&i`8i>d<GJnWFrtkv6b~q1JE&x^OG%g>%v7KSV8&*L3su0ScgIW(4ZgOhg^OC8)iz
z3swKT(slkH5YVyvg4$#yW|)ySLT#Gf=)zg3a~q3#!o#R3zK(jrx2O&>%rpZkhH9@J
zYGwwYmU1fU0r#R?yYVUkeUtf$no6HpW>cj?HP{9<;%Ic?7}W7uje4@PsLz1EQF|nL
zjOnNnYO2F+d^~FJ>_iRVK@8_#Q}38<UNl)zBQA_;xUNm_h@JtUz6XrKcsL%b<76y_
z7p=Z?%<m7XqXsq-wP)6%-UoY71NcMlcs=1864asJT=RsvP`kM%>dn|2b$phiX6z{H
z$)2NT!e^ebII3P7)RK-ub+iXvcp0^1?@&vd(mmf~lt%5&mZ%2%V;NkG>i7>-#jmIV
zWcbNUbtTjc_CnR4jB0p;jbA`5$!k=*ITn~1sf%rhyCVtIBya{b#pxEBcYJ=-)Rsi;
z{z0hS{4=V<1E@FV9aINt7MV?012w=f>txh`wqZrQhAzyo*fSuvqZ|Rf@j_6WV;X8L
z_o9x~TU3MDmY9ZWVN2pYuo@mg4cup`nW3zxCoPLw(hjH@9AMKIpqAt?=F<7UO+ZhS
zXqm~#g<9K6r~$M^H8=)!>^7nrK8!k6H_?S}P@5~wa<df0QA^eoRjwzh<54!g2vgC&
zBbI;~Jc0W3`x7-I?@$$UuP{?v0jm%XMxEnjr~#fsmH&(@o%~jtKQxmUR+(SPI9Ibo
zq?bi)_O5H3j#wOlo`3&WZml_XjZsq-j+&8a=)z5?isx+nF=}8w>&#4LN5v~)0JcCE
z_P6PCQ4hEYH3LUcFRXj(IR8ZnB>dTYdX=$uNBxYq(8kYV1>*77o6q~Is0RC^3#X#K
zq;5uS(qFCTQA_d=)nUR7<^l7fPD{NFZu0~^NYE}FhkEi2s7-YW^+LL1{cKIY(acB*
z)Dzc7y+M0nG8}B3h#Kfm)@`U6K566sxNX3DlX;Q=RD~+27fCDBJAWkV38tf_dON!C
zB&z%~Yr@SYo(1(FB~ee>3^mYb8;?QlHFvBH9LMA&+(LEu0@cx1^u;t=%-ZEZ4Wt4l
z!C=$?x}#3VNYo6>wXQ*x--Vi?8>l6DgdAVDBk@*qj_aXbDAP~{j-bx{eN+QUx0xj=
zh}w*m(S@y0-}MHf%B{o>cnmcI1-6^LQy2As<55d6A3fjy_Yo*h!ei6`^2VAsUOQC!
zWE($;+9O|3dm{S|(_ux_uI_;Ka1iRnbPP2k$#$A!niEyOp*33S{Li%sdr=Mli5j_M
zmwCdhsPsyxnQ3DkfckWsjaq`eHhvkkdB336-v1Y45mfy~sPaA0tuK?K323S}qBh+n
zR6)mXV-{3LK{g&@9fm=qFGLq!w|=(yS@xLpAk;B$i)v>IY6)ZaaQ@ZN8JqA7_2h|u
zH3f2^;uTR-*ADe69%0khqNezmO}~xW<%##2O`8w(HM=zGjaeBzPi`H(*KHbJNJ4Ta
zUyD&wcX6Njn*9*Hi2Lt1Yn#g20rkS!h&lzktw+%FrbKPB$5;lF9WZ;Kwlxa%U<=&@
z^kMTWYOVgT@sF60c)Ek;b2=+lCq4)@g$Gbe^*5@cl!wgEdZkdOAksPuHN!hm1G|jc
zOD|CEyM2B$=RGC5NXUj7Syj|I?tt1G5vWhI+14$nB{_xqe((y_aE`-fNh+bHx;g4S
z5{~NdM^rl#jBdwD0$RfZs1C273m>8?cpovp!%2=6iMPTEI2UzXucBToe!rWU$Y`yI
zTA~otr(;jlURZ$YXC-?6{(r2^IEni3xa7%T?NALkkD3|rMdb&g238r%VJ$3yBdxnI
z7x5S9!nDVXrBU@;TEj7e&i@FTumH8DTTq+u25M$rSQ8#M@l2@vqNpdYjye^Mtpl(S
z@g+8X4mIEpsBgi}6J{n-qFW=%M4%xSK~)@%fw&p<F?<V4q5nyfU)$OrRc<xvjduy_
zW5!eFJ7rg_OnftHre32Su<&WKgso0<{!5ZDhXf7e3~HqJQM>gCYQzc7nEbS;Z#;ph
z52Y5UwGBmWz8R<)+lZQ>!>DtA74_~<bk?+&4z<bio#p&%m)5o!!Kk&1M0GS5z415H
z$WNo5<UMLeN}Mxm-va}PFGU@{-%vj{Jhbsl=S_PRQJ)oEQO9zmn}E*!64dTIfEv(o
z)QjUDx-jzvGb0sH6<eT=RWz#J1k|VCOdOB<QA<+qqB#}QP)oHP^?>(KGvrQk$sDW9
zs7=%sHHAN-UQF|>J5U{5M4fx*W%EMHg<7KSs3jPJdLhk4J;<-tOQ;8ZhI7&Hil-m9
zW3>r5_M-N{Mbs2MLcJ*BUo{P7wU$EdjRx2RyV&?{)EZwzJ=p`)K;NU5F3UBul(kUx
z8>8pn|8^swjwYd|b~WleA3=@yGipsU|6wXtLX~TYdiVE5eMSsN&&;77U>@ptZnNnJ
zQ2ks%&D1N*s`H=hx|!-is5etx8*hUy;{8z-=c3kboAtUi-VHOreCSzo)YMNy?Tt04
z2ibzX@jTYW>NoA@|1<(xvtLk8dJFTQ*DbTl^J979Ay^a_+xP|4fKuExo2v|Jpq)_1
za+pouh$?pjb=>3MG3CqM;ry$kE+iDksi*>nQJe9zHRoN^a6ME*U2J?Z>e#KZo<Pmu
zGgNzDP`kd^J#+kiK(#yGy5*kRJn<hSXa>HZHb=HUO~d6-Yt`1q`=d7LJk%6!M1A^w
zMooRe`{q<cqE63F>m}6J?N_LQC3;{sX^@+MHc10agl$j-JK}8YhgH%4FY~isGi*<M
zHfj^TLp7M@q0=!R>!3E_L(~iC3u<6R|29k77j=vm*|_@z0lm@Qpw_I&BUA7P>`r_v
z>NDV9)T=blWAo(AF^Kq5)aJU46VUO*{1$8?Y9RNp5xz$k)_H1{vOBVrZpUa7aICjp
zw0^=@RLK6!nD)7u+N3W`1C6ZRQByq{)!{PK6753m{?n)z)D_hG;Ssv<Bbwj;|6`uK
zCh7_MpdT(n&CC`Xe~#LGUr@U|=Swq{mC!}JJL;7^5!KES)MkET<AJZtUTKATKa9s9
zo&V(o)bL%@NWEX1J&_Uh2Frum6ZKG=GZ?j32B7K<x2{IL>CT`&v_7DAd;B-%_W*&Y
zjzdxJ2RFJ;I{DQo0lhLq-<k&cp*miIo+rW5#NVJcUBP$e)YL`ojh+~Qi%~Ok5H*80
zQK#xDYM}n_%>$N3E!B7LIsY2T4<sbSe&`t)>Iq^{16zz5`Bqeer%(fVi8`LiKbSA6
zfv7cZjA|zY^@V02YCvnPyHKa@=m*ZfHpwLtG@@JRSu<=!Jn*B_(HTc$b9|09u*N5+
zV=zuc9j~OHosPe-A@;}8UrfEtSd(~$ujU(12mFrsVyur(+yvA>IX*)4jbte5yf4I3
zcn|eOB%{;I^PyA&wZ?<2D^RcGGpMPL=jG*jA!R`=T?5p4AB>v8)i!<*_2P0rC!p{5
zu6SOasjPuIP90DKa$_JaKn>_PYU<;~_ws!F2B7vzG`esuYN~(126zm$gc%ZedG<g7
z)J!);me}p+N<i=IDAZbxM2&nA>d8)_I(8;B>19xFyw0e#osR|a1lGcjSQe`#GBfE$
zEx|!7fk_j4c{XijEUw@GMG{a$tI&m4P&4ozH8W|vO*{zorfZ2>g8ryoz0~F(L!FYp
zFgLoAn1R+p4PY?p`2L2P!JAk{=l>G{ZKje*y*&R;Z!78v3;39kc0fJR3@neQZMv_o
zS=)-J0d=$SnW#OrAGOI6`k8voP%}CmHDia-t-u=sbudRVV=q+2-Kf)$G`X3HDyX&Y
zf=zKER>8Yi8FTuZjyj`eU^!|Jokacc`ULA?(G*^ekvKGkm)rB=NRX1LAR#wuw+5p+
zo`@RYAyk8}P%oT}sZ6<gs0RC^X6%Ud6Y9gMNNO+7aSca3&^By~@za>4?vTc9rfviY
zI%YqkcKa2qhzZgftD_qH(R#r86*cgnbY7m1+dkGcsN;3hnk>DES3+&>-lzdDblboM
zt9J%3&x};SNDBObdh!dX0e-Ua+!?(b7l}7O%}CBnUY>7KEl_XLp%@QGquvYSu_vy;
zg_tI@*@W)x1Y9IsKy9Ko)~s2~2y0_+(ubfn&kNMjWY22WycKF@=A(B1Ra84ET&CS1
z)G29;dUcOPJ;*9#Cfttm1oTbC8Q|r4XP3ZK#OtBXYX{WGXWRV5*-SYX>d8vmcoS<k
zOhftzOoVeWDK0_1>er(m#-gvz|6u}J>kFtgNtNA9X>HW59f(bEKdM~n945aRYK=#u
zUadPYE1ttV_!703GUhaIyjrO9-wu;uUra&&j?o14X*5>}xDs`ocA<9vC-lYqxy+Q7
zK{eFM8fl$?+6&83uh`3|Cw+>VflsIzOPt#r%k1dZo2Uwb0Q|u^9Cgl@S&yQN_%qat
zC0QO*zA5U-`=C0UV$)ZkevbGZb(|lgW+rW3lU@qdeyhBke-&_(pn<GKP0dmC#;fSU
zd#ERlpU=yoAGI>0mcoTPem|fFG8fhHR#b<VQ8V%u^%;^kzgd!C)E=3X-)$0>+l+Il
zfqX?Zm^skA`%9rJG(~mL&8APXu0;*-chv5`gDRJ_fa$m(>a(O1>NHG1mD}Pbpc%M<
zF7z&Fj!8b$UZ`&kMhzee)8cs4dtoVRlO0EWXuU%nv($ymgOouHqy_5B>;O!H+fnVg
z_Y=_Ox`O(Ud4O8ufWoGsPN*jvhuTa_Q582^k6Le|X6!BM%c_47FV9!8oYs=4Q&H2#
zdm#_vb__EC#~jq!Z$dS&ANApJ(Wbvf4K#jH(@_d*AS%5E7Qm*cnH!GUlrvGsbS-Me
zuA@#>{9>9J&R;Q4fZtSF`=h3GK5EU5qGsSZYKjvV_i`k_oTw+xk7~F&YFGC_9p`DN
z2Uv)z|10XvciE<Um9XbOKmjs}qbk-!jl3zUVpp3!!p5hdj_YchejK%_uAmFQqUyOy
zns^!1z+0ip^+gSM0lL-UVViLtYY_i{b+K|Ovj--jmSi*ft30Z~D>nZPYD&|WHXYVN
z<%ik$DAXogiJGBfs7?61H0R$%-~$QTR2j>df<;kJ&<r)j;i!sZP;2}%YAXN0LYT0u
z8E8rLJSnPPU+YvXNqjBp^xQ=)&4;p_e@%7za^}ejp*B-xRC)u{m(ozw?j43MTw^_s
zYUl~7T+$%(MI$$AfPGL8wit`z4pjNasF_dVE^pp+X;Hg009Bx|wKuBaDK@?i^@PV!
zGxX5vtY8M50X0*FQT3Xk+Ut#hI0f}a+=F^R_j3Z;3<)ZlO;rF@u>oqcbVF5~hI*y$
zMQzqws3&-d+8bX{dn08fGsQVk`Q=dq_ztxP!cY$|0bM%(s|k2E1**g6)-;vP8>~F)
z7`8?#IEJA<#g?GwNo@SN%}-Lr?1}uSfwxAz(#N3ct+4J#m(KrnPk`Uypx((@s+!GI
z3$?krqbklvH5iL(@K4mM)~lK^7b^cd)QtAE@rCFjegZXvPi?wyb;{GfqbvbEd1urB
zCZTru4x9b}wKsfgm?^A)nz3Ni07jweuR+b!S)2YAHSmlz&61QvEmeIifgRBE?|)_!
z(39>(7d}TdoV=E4pg5|72B;4Dpz`P2^nIv~{<8UAwN1G^s5P&Tnwj3HdJ9kwdZ4yF
z|4&Fz1HRvx0(nsJy6D2rsN**V%it!|KpvyY`PVTW1fr(CB`SRwYNqDf^!=z~`8Nh&
zs=97duw-4+Q6p;vs)OmM^Scw(;2G;<Yr=XaJplEjL8vEekDAdD==q#S)xUu*e23aY
z>D~3saVUjqpeZV&FM8ul)T?r#bq#87Y(pQsXMKTsqR*(A%G$s@X)V+PL}GOuhZXS*
zYDwJ58=4NwqjqO&)JO-S3umDQ7K?hKYp8Nb8ks$j54EWpp$kJ%^+%yzwTn?RuoG4P
zo;77-PkpzeDgixlS5$>D)<vi#*nzF_ChA2}wuzbImZ*AzQ7^1{=ou*L1#=Dcb^a}C
z1_PU#{8FfPTcMB6|4;(@u$YM2JS(vQo<?o9tj)|+x5OI6J7IbJ8TBT7j4u3w8c5dW
z=G9sb^@?tUnt`r1eFm!D8cF|-Jp{ByXHWzA3ti}JVSbj&hFa6SsHtv@TKi6@HH@?_
zLLJkS*4J2vc*gI|)OSXG*Nj2U%t3S~Ch(4c2H<RI29VBL6m?wcqSmx8x^Nl>;1*1V
z7f}Pck6NOasCxdb%z%SX=?zi+^h9mqQLQ-tT8phD=)>ch^$F^Y_XV}ag<6|0r}eNT
z@iC}Ruf3=lxroK^Z`71$ZewPyB<hPvdDMWrqc-m()LvWPhV!qfJxqc&&vVp(QnWQc
z&6Y-OrrxM>lTc3<iyGKnR6R#K^JLjkd#0?7N1<kDJgWXY)RP}V&rG=qXiEIso3+V<
z>Y%CBjT-S9tcb@@n<>c;re1N>7mGTmazju9USRzN)!r2wj~8s}yHK0m{T%@{9APsy
zqeglilVgGorlT~dDJy`Q%Ic`8?u?p=p{ONTfC=#&s^hDuO&vePl*@wJq(R7sklPVL
zK(EX>);*{vyn`BH(vHSrsHtmh9gCjxZoP&Y_-E8+%@u0uRYr9fhWY_!3hG6)5Iz6?
z|1<$@wvSjE13Q^77NOP{)Ig3}|3PiS^qtLKX^1*jeNg3=puU(KvwlL&Ou;T@<~mqM
zVqrHKD+uUQ>N2X}CsYT8!%TynQBye?mA?y>{|vQ>a&|TKtDy!EhI&CwMJ?57)ZX~V
z=KFUu<;tL24Fwa>n`^dpE2@DrHtyHmRLF-a-x#&a$J+FRs6F%;wP*78Fnc8kTM=(+
z-GI%BCkZz*7aY#{cabof1nt^YsLk@5^%iPxytiiVY2ua9MS3XexQ?>%b*T5kNz~@N
zhuRCDP&1IWm&q@MnwfgN+-6F9lAtMGih5z3Lapg%)Qc%^Z}a1GIjl^)FX}7QPE^Cs
zQB$8R!hXnDTcO$+j6t{>bzC1{6-@7rG*8|JHKqMgyK@Wb$?l<cwRe=UC~APMQ5}v$
zZ`_P&a5rix&!cAIxs4}?HZP(8)Q3+IRKB|!0aa*)dWZM186&K7Z2ku8aa6g#P*eLF
zwPeZqm;vNPZOTfhCv1-?aS5v9?Wh?$iX30J<8K0L(5J7N>h!3k$d9Vf95vD~R5>^5
zv`j#Cv<db5!ZYZ?`=~vWu%9{B`A`FFjheY=)Y>n@jQadPOu&nTyQq=gN4>M(qo&lm
zziG&YT8c&(hyze-xe`_X8fvX?pa$qYz$|S+)PU;Pcu(ZX9TU*=-~ZV_Kn-3*Err)W
zQy>c}UKw>d+F~gjfSSV1SQgJ&eFvF(wNQJf8~Wl@)UjNMYG)&AKqt|yH`PA`^kmrw
zn~b`sC+~&oXtYgViF!33$9VV#)!=*7aZ5AAEJY#I3|2!eT~pK>wkzsYJP-AmabO7N
zUz_MQ37W!>sF8m`?dlvHPpxr5R0s7?`JJp2Z2o4{l%BP|MxBndL(OMKMO6JBs2LfB
zC2+=23Ti5jk)S7eh8l6wVP<y+pw>9Z#(QE*;^R<j{U_>4k`Fg)UJ%t@6I6$NQA;!h
zHSpu8e*QtV>*pR}roJ+IrU<qB=b?80Ve3`YQanKy`iwLdKuu|V)MrDqjjzUX#Lu8Q
z^7+xsNJZ3)cSg;adpH4&bUCWSUv0)&)Sh^adZNsu%sag@s$xqUAA~A512wgK(6dKS
zOZo=2iQl2xPc_=ab0f!@@BakilhF`Wpc%HqE~pQoBdE=oV2t_Jnh6zeggVz<P){@*
zUHB8~bN*M<7nYN#&3GTRm)@X`XR5K95zc=ZPk>KB)Qe%PbuDU1PFla9mZs1+(@-na
z)b>Xm-*q;A6}2aP#+&l_P;1@{HIosj8JUGy=-;uKfJSr{wZ{LV&Uu;%X3grOo~RG%
z34TO1une^n`%tIl9%|P=#Uz+|qM1<_YV#FCy$4#N+UbgJP0d&W+Vyi#uhI?HL#U~~
zimLDeJ)d%u%$_NQnz4qc8Hhl&w-7b34L1KAYKdN>=d)t6d7!+LIsZy1O@h|GvCRlY
z4I~OR^0BCy*<d|weU6&yWK)a<P-|Yt8iJbofv9$7qx$(3wQ0{z;r#2Ed>}!mpyX8Z
zyWIw;Cv9dOjGCe4sHOVFdK)zZ38tBbbEE2&MSWTAfExG|>qgWY_l(ucJ>6`w;#iW5
zQ0siufX<^Dd}8CNW|$XG0c%TCM?YG(pw{>fYR|kxj+w(b)3oP@dXU^$0o~;ZsDnYM
z0W3o`_y=kYy=R$S9EjQrEl`^;9Q6hqhgz!b=sEY8i1-`Sr|D<Z+WW_tdV#1@RSVfu
zZbyFtE)r&=j?+$5g(s*1B${n1<g>O$t=$AHgxgS?^FC^=<Igb<6o49NZPc+1#e_Ho
zb-H5EeE%n)P4N-6R(^BMZZ3%0G_6rjHVieDYf%mFKy9`Qs6Fun)sg=^vnPTugm^pD
zlpjEy|0`G-KcVOIzruVol^s#<@+qh{U##^FYATEUWUOgzjX|XMwDEPQ2ib>O!t+=h
zoeRu2pOUEeLMUpcd!bt&8cPZ2$uFa(_ATm(T?@?&e22>Kg?i#CsHt9sTB6^q53wxq
zq>IdNN@}2HWFo5m4%A+`f?A5Fi#Y#k@HGjVBA>-(YO|rHv;t~vL#)G5<rbrsAQsi|
zdDMI473$RZE-`DI3$?l1p}xkCLe-y*nxXYe+~zNhTqi+OlXIyVVPVw3s-t#&TU3Wp
z)+tzm_&U@8@1ma6xy)?JK-3JiK`mW>)Qf5&YR1;025`zvKqLNy+8n8un}TIfo2><^
zLPu1Cqfw`08T#U0RJoH_2Ct#oOSQtJ7eMWSvZw*}M71*)b$s2iHsc;@&HYxIDJ_jE
z@IC5DN1|q8m-Q@a${(U;#%q<y&w|>7C2YJFdJ%7r@vsBd!cNFuaXU7cfa4MBSma!7
zrm!<=Gsd7g+K1Xa*R0R2@z<Ci+tXuB@*ATDJQwu<XHdKS6Y6voT5H;Gj)D68A7vA^
zU^xohLlw-r&b$X|pyH9}X&AL6XV8VOP&1e6XY&(J1=J53!!QsxqFz)tur&IvH(%9i
zU~&3)3?QI_8?4t+9eHmsBd>@WSOn?`*Q1Wvzo=7EWTV-H%~AQ$sQ1Sn)L!^#^HXgy
zo35BO7(KuLpG-gvZpQ%p2eqatH=9>)A=EDa0rg~Vtc2@PPxc)309m(~nW~FAc9Awd
z533SCfO_{Q+-gomsjZxUHC%@T9fz){Q!v}Q8`Z&W)WDK&GoM;TQ8UyVwMSN>KD^GL
zPC=sWCSDme1O2R1t!q&I9^B6P*OT5QL4L7jh&Az&*2buY!clu+v`t@+I^V}o1HFkZ
z^xI+9x)AEgyP%$Y9qK)B1GS_d-2|Kj;;xSg_}_mM@|BCT@|f^^o4G$eKj#tGRh_gG
zl$nQ(bhfxU#5F>EFy(67vN~#gNy|umT`y@jg0gLGdHwA;&tI>Ju?;n#fUf$)^+t@l
z_>0S)i=}p?rpz8&J{Re2$k~Xow(tx(E65#W+xmmSXm;bSnRYPu6L9{<5NXEKT(l#e
zN2zsGoJD$CI>|z~68AVdC_vhA+wleBy=)ydoZ2=zh_>RczSQgXO}si8^{Drm^mT;u
z#MAlX@=nAX>zjftY-4T;XQuFWQ|v!~4ySAf%J9kTm_=#}JV06gx~HRvty_Tb2l8fO
z+?ATZJlfMWojaNOZ%Bn%w)48yKS>*7pHzkQG2NHEp`?Fr8*G8Eh<j0v?;eidDf2yX
z?d<-{jGvvIT-M{bpU$)Lu+#A@^*zrYM&K5eHrs*(9ibHH$la4pcaWZmN`Dd8m4wb_
z+d(wMLZm;lbsv(KitrG8@J)NEiNCN9_sL3A{P#bI)S!_8H1dJFDDeT@U8p=BPf==t
zdgb~|T$de(BN2fi+>>a$4fj*>_nIP(+QgqLthSgHT_x>+#uBbYT7Ip6a~gO^!afpQ
z6nM$~6L(YMXSn0p-Ud=;5b1nUI|h@smAr$b{e-$+kQYt*E#eP|Cnv6}4mbax!gJNM
zX&D$)8N&Mg!+)-=B&M<PRb-|loS13XHG*)U?MU&u<a-g<XZsl?aFwQ$Zj@`qAaY}W
z@+VO)oN#)K>uWFhk>q`k?sEkGp+FT1<RDy=Mlui&!nYJSNLnCyk=zlcAIAW~<ru6J
zm*YY_#T~>Q!u_5*oO+${S6e3l;}b7Idfb&L5$ivNPWam9NKZp?*LBk3u5nb-wG;PY
z2g>OS#xFE92Zu7y($v3(y7E&lOiyO(ttZ@u@IA_S+cHau-y)nz>#x57pUZZ5gT@!z
z5#A>44Fx~ZXg?~CCOw5Mch}Pu4Un!Y8k3QKlJFC5C*|U^bgxKH%w3<n?xbb2^&b<T
zN?%UBVDv3zHg`7eBNTXrQz>wp&TA5`%I#%G{)S4rc2I63UgYjWct2&+Q)e8Vy&}Gw
z^8C{f&((@Lv&oOU29dwk#(91kp^~oTjJPS8GYB92rh@YLEBubrwp>Tz$BF-pjp;Na
z;qsJEOt=p9&vNf4uQ2hykbnB&_)&S3@u82Q3@8!t$_aR{rK8avBs8;)|3ZZ%WM1Lc
zwTQ;XkU!oIXoPe6rkQEn*=^Kqi`~Tc6koz!l`37aJ!uQ6svk(}G6sL*(YTnpCn-~l
zE=!RecYUDjTRV)+HgSdObLFCqxT|GC_U#H9;VY%%CJnvkj=L7y3f0MPM29WOd%_(|
z$6hp2k+dhaOkADczNsINaz$+XH`=dfAM_)2R#JB=`N_3!Ur_rL1=CWXp&fNfI?y+?
zEw)lH6?7G$lCA;VkH{O3leqsTJj9l{KpPuu$7^l*cH|u(?KXMA+((HoP@eY9J~CF3
z_#-3Z%edncx2`?h^U3={;Y-|n{q$V#kbfWHxiVoj>g6Iov7L=lcF@--(U@>0@^mdC
z|0OmgEjR7vq8)cfB6*3#U72m+0NaStpOe-Z_04QHm8y}qg0ypX5Gu2f+lvm;lD>p{
zGj}SRpOHHMa^K<RpT2mm@#wGjmaewnbf$QJGDp%_V$yHe3IpxaDZe6j9pat1`QhA=
z(B>t#-o{Ak<+kmHF_?Nb?`P8baqlEQUwr!4SNxxtf$JokrBG4Zp*r%W@t;Y%L%2EV
zt+@GjRGzCljSS_UNo*hG_*X)X5p<-hBIy%}_e5QXXumz}946d{vT@f0H;G$`{ffHu
zORa?zI7`JDw%{4NJU`+%Iw)!zRryfjnTa=~{%ATJU<bE?yzFe^4a9rU&P~ef;;v76
z0O@g;XZ}Z$agWA-!!9)R@tYBP3et#^^i6gk^XRk>Wvi1mn7s8A+D5#&efnCY|H8eB
zJMM}iUso?~eztZrq^&5O|KCWsOT`W(R<fhd_RR=KQ!s#ra#E(G?I1hxbfgcr<zG<u
zC&J&Uhi|TFHoqI4*RTWNUnDs$P=5{aK3e~BRB+Kige~xp%q85q^wU^7`_!?dE#Mx-
zosjaQDW8@5HyZ3intt#)O!`#rw!|B7_f{iZGbodRd!mUt?vl5c+q3_t*$#^FbU8>o
zKm%Hr3#2#W4k13B^zSf$dm>@&n@@B;mO3>lGnH@w(r()sN<p{;9lC6XOED#JU7aYC
zf*D>&+?|Aqx@JlnRy>jhbXBpH6#kiTZ#vsTUUwyMHMaSgNt?!<%*GGV)*i~nU5yAV
zr{jsF`4GNm+IKtV*g|c;DLjCuY-^uHKQ4Br(G#S7d+i{fA7?$67oGW<20ihvgp*Up
z&!%mm?Ua-sL%Ga6c~v{e2MIe9v4uL*SW~M1Ou_v&t=cz(dP4dM?w?Gbp1;{!oH}hN
zJDmnsVpltZ;|RZ@++XBhAuWi{+LZ2Wq(0|vL+SdqWHj-(>j|azlb4hs79;&L@wn?W
z<&%+CgAv4C-O1lf`NG_%2q)z(N~X7MI~H$nH!yLx;{ur{Y2+G>)FZsvKAtZ&qY+)5
z374Uvbd;-vopAzrHONbd6R7)&v@evaNB$tv)^YbF{2O_RJ+1JnB;1qqj6964w+Y$P
z%c!VpJcXa)bJR7CyELP$O`}_>RE+e$xqH$`f2_+r*i-U<{@6|4UhcT7J@v9v?f?nB
z2~WTlw6~0QbE5sMA;KWq62C&>QDm&cwZxlHa2j`ZD(fmtx~`lC$875TP53^Y{!G2e
z#3Q)-+44&%f0uiQt#^X-`INoPord!66eOIX!Uh_tU@QGVCVe`-x1Bht{2OIXP~n2|
zm_9$sPA2_(?&9PvBEFOS5>(7#r#FDK*W{Nay)X3+5?_aL*X?iLj+ZHTgj>IIxlF;+
zwqOq`>*Dv;o@)r5?Xh{=aS!oma^_9nKRc!SPrBczv2(Sgl~a`1Nr||tpv_Z!5x0K1
zx5nm=BCIRD?WrmC4-$6L##ZW8#(ktEWJFa6H>B)H@<VO;AGMrUD4=Tuh3-&j4dF|+
z)04#i``SVIoVHFp%DrST1u%&n)M#5_4{6(MS}**Ecu6{bN<XD&_c7%jYdh;&LB>cL
zeN7=<e^X(a9pxU<{Yk$=#UZxiOXTIFOd6H@W{_djUHeVE80GU&_Qp49MTlo1{z`qR
z|1!4GDP$ZVaRYvP%_V;zosS^zp(=4@q2m}Dc|^Ld2HX>g52WlbwtiaMuJZ3v?+$ee
z+VY)nIr*OF-$<lC_g$N*3jB7`b7iqxb1t!`bnu2dgo;<OB4vi#0Zqheq_zLA!Pg*O
z-KLGF{eSGBGSgmeeRX(A=D&<Ah{`@>{zXGONvlkO)x;Z7DT;d|WyWE0$~7l1BjI$m
zbE1w=!kx*}^&|BXGVt0a>ZnG0QwYzajS%j8l<h$LFMV}*L#D2MBt}uOEB9Oq>1slQ
zdAOs=YexJjdG|Fq@<Tl(_<@nMe1zANR)%{q1Itg^5$gO(I4KUNj*GN^iI?K8N}8_8
z`oa7n9r#iphK#>xAe()P)5JH}f=4kc@miRlGF@ow7!9nXUIxsj#;NB+{%gvuw)M(V
z_6PFjQ0^>ubDMsiI+eKH2}sCpJ0$KHOMDY|V;a%*l?FO;7o_qm(thxyvX0aVBYib@
z+*O5eAZ6;1ca!iV?ojS0wD-aGQQEevI_dZ)_l`{z*h}NZ8Rh4=marso{woKLD8lto
zS7{n)fg8}Dv_pjTEAHhq`aAJ(!l}6P(4nqtw5@(q;}7&v5cxmH9m<x)6k2~>3CO%o
zrAcHwAUu;&=W#4|IqqY`Yp5ny8#?nQ+?ujGa6b1-dO1pb5e}kEC&GtpdDTfndKKEq
zO*ovq>a;OkgH-=bi0rn7`47rC3Q+Jk@yVq3<Q~aglQduZR8(<%;Z8~VSJLm;^z+pH
zV%zDaLR{~OC*vgiOu4@)pPjVN4CXlD+T^*5k};Wzb4ko#8=6D-1$ST44^XHX>8EhH
z%`Zyj4BWrlxH_6czOIGTJB!C?_ai1Cu4@HtZ6w@?Iu)o}!6frf-iWlYl?PL)Jn@ti
z%0+=+sHE!`(jv*zb<6rUjpd?V8k6h@vTdxQtga#4iD)Mk<y&*txA~q-TgEg06UofR
z{SO7M;z{n-R6I?*BjL&v_V(1`M*{}*p8E}V67K7i8O1=ZQC?Sn;t9BQO(8#(4S%4W
zKWw-b>AC_{U+X`T`?6BFZc^|WzNOLkgmoRJVrvuh{P{cSx$SE?GmUg2b+&z?DC)&s
zschQz|2!=p)nuMzus_%|&;F00gFJS0s@%hlP~k5W&cywQu#3hk5PoetNzWiEQ?@RR
z^<q%NC=*8h3)1*ctvG(7&9vnCkXMelu0zy)ho?>4?eL<&aogY+GPc{N&P!Ta8dyMs
zWeBIV18hhB0^;krbJIvA((4f}Lb>#|lVbMi{=oy}J+SE-Kw{F`Q#PFYPyQ!2#{>ep
zw$soe+xa<cPr;_-wI+Qh`MqdlKk378G-)G9D@WtsUQcaXE2;aKJMIc5aM{L_VlD3b
zq(!@FpaYd=&|uuv#TG11UUCxelUD+V;Uv-u<1YI|Iaz{*l<!A+A?{P8Z^N7n^fuu?
zY+FsJ^OZKrla`dQu50AEn-ke$8>>pCM#Q_*fG!_wKw3El_=)gJ++`cwO};Oke<Xb-
zX)Vb6gK!tpzgHOJ)7E<0o=$oa%Jd`t9eHurCY`^MB=#kx4|f=yMdBg+l}d3}Ea7Cf
zW2OC0__J*&6?wzCuiC;@3Hwoh6>;}Bb+VEkcb)%FnDu|h0Q|_AOky2ITZx8C+KNL6
zx3nGoV`~>CZxv-@?W{GyKHNiX{#f!WFo5`^b)?*S!V|c^r=K5fTiYn(&7B}_gdtR(
zLg8t)5q~OtM}_jFwWCsL!f{t56>kvPjk;QLe<a+Evd?V?W9YmIZG@9Pnf$TDcadL~
zw5zoB$<}o*Be4~Usaea86pAIIBDS&(U9tt$QFY4RqVi?(a&m7b9E|0upO;(L65>s5
zSn-F{Sw(yQa`zw{cTJ*hMt%RQM+Z(ikGpmdc<@a@rJtwFRT}=6JMKD1T2>;pX?Qu#
zqSFZKwId#PB`0kzb^Iv1gm6VV9Yc5?;r0~jt@EGZo6aN1_)3K-6pTmsC^qHpM7Xf+
z{1^@B3ZXN9@=}nVgHC^>%rkCXBS`=5zaB#A+bK7U^6AJcLYY7HKY6?+u#fv+3M3*v
zokrBo5!J9)chZN_@mo8HWp)tbX{fag$CYhK<usHp#T|F$C7hIdJ_+mSOIL5?`8jH~
zU<~qKwsNc{&EGcqig;JT^XWJb=~t-K4lCHFyGwpA!Wp<@C^JLln9*{!{!-HG+Oh!{
z#NZlJU)Kh$e|Z`#q{rndOXWg#bO~s9s!4WuQ!%$~WTdq<#^=65M^`9U10Pf88g1pJ
zotc=Aw4~&%wS!4W`nOkCt$!2+&(mps8XHY`9ffjmZz7(aiXFIpxYJVeD0g?t=Aol3
z+<6I?B<(QyS&8qYPTcj7v?binzDXNKI4gbB#uem!)%njvq$~Ft?leqYUpvaiG`@{S
z3)5m*3?@E<@}CInDrU<KqMokp#GmS^$^T9rbH}4jEAn=6pQYS=(q>UE5$U?zvq>yP
zBt8}MbC2SlLV+W;fGNflDv$I_Hen#~-NbcGqR|w@YtmLhI=@8STcqh~Mp|i1W6Syy
z&cVHf^xgcG8^=2e9<+tGkdcvsD`}()4JPBhOk-8ZU&{S}`y+X;Dc6KMhI=vbWYk$r
zUSh&!X;@bqtBElywDkx1KTy_(HV+Z@?EiZdd`aX_8d$@fom*D}(qpOgD|g(rmAt)_
z{hhplH1q=v-5`INEs&7(MxKWGX7o)xW#^;3t}Hga5b<C2^PjGp+yOLRg3M|fj3?Fn
z(UL~jkk*5;Uu@-V)^4QtCchN%H`M=*_+H8_rfLcMAW6yB^}+U~a9hg1MfVw-7>|wj
zn8f&0dW4Utl!~+$#E;SFMV|C`?!O5SBmcBo;mS<-x$S5H2HUX7<*PgGXW>3<2cdL7
z+U;cebvusQ3jJ^`9o!;g6OEQ3-h;v}3hP=*UOXCE&Hauti@1+c?gr)FllGN?=^D<R
z%{1;9Xgh6S^OPS*JG#bt<our?a*qPnDSV!a$GB6g0`Y#3mI0hYU5Cl5K*deur?Ug|
zqg*EPT()6PLH?LvA8ZL_ebpY<pOgu=<$5XK^ZvyFcBEG+IEPM(li8p2xtN2eTt@m4
z?)t<ls-nGikrzSS#l4G$yP?KaoHle7ux0%TUm$H1ZB!$?6j!4AIt{e5BT8*6k?y&s
zQuzo23#7~-?m1M_)tGP+`}D&p<4c)~wxb+)k1~U4^EhV0qU8TUoo&Q>)5k&529w5R
zo_{@wC%Dg0sEQ~3fBp!u4Hu&Gb5wjs#b<bicpb`rdwnG@)DH3(;pR4fmeP_`5046s
za7A?qbwx)Ks9mj~%eCdyoU>kuUDfKla_5Z9J$>5zyj6muq9Q!8Bo5bquHZhwVcml}
zbPshYJFG)=ROtUI)1_x*lxb$e{2E1i1xH5yuOhvAMnt)CcKo(w&sfy?mcQr!;!N5p
zth+|(NtnA}hjaS7MLyG(#h?CiQL!yc7JqUki45x;?&=xdy?@@#%L3zXiC)#tx#ijF
zUGe?Hd%84&@ZcVyuFhe7Lc_N#Tt6&xK()#ZU18y2QLd<-YPD?6j=5c(c$m<RWnDQV
zlQ`<e1mtn1+*0g>SN!Qk&mNkd_1v2+rOqGo*;3>7;CNf^-K*;B?id!)BfN7&`|cfs
zd%0To>=hN(Gd!}bt97%+b=xMXtyv8Z?(V9qp1Oo~@5S&t^^9;;Gqp^CPQf8eU3f>A
zt?lX&+}{<_B{;lusH<;SRF|I7QLgZwQDGsWNgPf3herkXE9>gqt8;;nE}<b?3jWhS
zamN48Aht|?e?3J^Ngt<Qs!m}MEW-b+ktQm(i;weyPi*7#&f(5<|JUlNOU4=<-Z4q+
zxeU%)&dg!q9mB#q|3Bs`HeDuXCBK+H`J5NCg@=Y{8dOp{%8t$z8X3hd35)C!+A*eQ
zerML0(EQHm*uD9kx8ueBQph<qUd+&9&YiJci#uQX#PllZOc0Z`vNLf(T8WJ6$RwCG
z35|$g0{cdUMcKhbh4x_U1V{9Du|Gm%n^ktMN)$80>8u#@v6i!9Dm}qB53S9UB(`*I
z=XS5yoOPW+@ngm}bbgB6*vPrfD`rAd=R`lxJ`9iU(Sfzf*)cX*GiO8J*j^o+g`EDZ
zF{h&s89l-xBk4c(rx0iQM6pl0IyX8q|7ZF<JIu4ry`w`Jm->v^-`yGR?>PpZT^JVb
zNsi6e!`aRmdoJ8LI$q3@2xr5X#F5UNv1KBi$Kxjt3H5a1ijL@R3V-eE9OD%`ZGh7+
zo`23rSEq=cJ=mu%Gp5)HgPnz)`J<vE!d=1LySw@XcaIK@WPiJYT@j%nJtNp)5n-Wh
z$&MOZkKm}-okN`6yt0J^hlgt}BSIsiyKBuO{(HV+vJG=)OBWmw(naO;INu(Vm6eA%
zlV*>IY9A8HADu#@Lb{ZtTlx>{=<3CO;|!Sb2TgD`cjgH07D{qtWM2)*^9(tv)oxs`
ze$B@1bxzthtlXqY?39Vlf(c@>Pj?oInLFKCJ~qJ&=dAcKr)N78$F!*B^oyA^+v%%l
zzu2%j{QoV<A8hu62LJ7zWAlXc<j_a=auqCC(3K}=$H=^~$>urdB=8IA8Lo}0UCOe=
z%v<CvmY4TO&xlaZyMiI|KGL!LPr)t`J)=8!an-L}uX@apMb29>^%px6XY#zHlxAiw
zn(o6ntid`0vz9o^#@<-$Oy*4J*;e&qZ!B?^_R7N(4x--wspINm+N{Db=WPX6IyPZd
z3{Jj~O}9YQ8)IaI5I3`E79u!fh{HG%5~CM0n@dnSC_f!PU1=GVGgzVg6-t3pC~!)D
zV8$2|y*Dw7ON`$+-`8a(;x2Y$)YI=2=sI`R^gZW&&wJkYInQ%$zO!G3<evY>pA>k}
z+o<h>^L6jmoHYwHaXuFRv&<>`<tDA^$$jsi?u<Ff)r3j9$dMzMw5j<^-t;Rx(JV73
zEVI@-4wut)=R{+;k&lo|v*_=fJnHdKr(NqLZU~_AYKg8aGRvH1NvCb<SXPF7PZ^ZM
zQ8w=pQCb7&Ts7Abx_n)kiail0VVP$AUh0|1kOeuu&Eu;UtL8zz4WJ2>pJ?xA+go(R
zCyXBjQ2^mz)=?qeSVeD;t08m%aMdcxBM;V5nVvL8&<r9{4BgcivDKT*-K(t6(!i+5
zk8f1*t&qR&pu<N?HTI@GV|31@c88MjHKm|4E6jy8RwC#gYS82Ne@EYu(=y6Oq?w{B
zBiY$OS9JI{7Zefxc5W<FE)wnG#DtZrg|e|q$1DwolrBihXcx84B|3dVIjDVz_RT9k
z8;v;(a@3X>o1%_B;Z4W7dA-%nICJ}zjlqOvRPlJJJ){Qu*zGk#mg*m8Ay-N<@cld}
zCEw`ai`=7+i$+E&c*h7waETG}Ng@xT1x2*eD$1@bF3MpGwb(>|@t=p`ITCyczBZD|
zGMGjt*1IK#?X)MD4ghkm9IB9{Y_#(drx%fpbfnj@_*Hmh#FtOOo4D~5%)Q7Vpb*Vr
zS4AjUrO}A8U^C#{N^p{vN_eOv1J&@E4ws*SHB$NxG#$jjTF5ps-w2BgtFbWcj$r=4
zjOhRyU7$<1n16^g*FjYdE<FNg@kTvV74Wn(bADJ4KLGjT0{o~WzkUjb5HU5veZVK0
zz*?{ePIbhS1TUA0sU}#?Cl|kh3+UNIdxY;xN?r?6^c=eipXZPdufb2Kn0dVF{FH`N
zN$Hvt$V(OUy*9XJlEX^^l#jvjP8+l!GS&_qI^1A|^Z0u!94C*gQ25OAY-yUhed>ry
zab6d25(gpI#$Q<?pV*;HC#efIw$hR49!LxXlft2P`;$L%EW+G&esplF6aINcj(Sz!
zt;CHk8tkXe0X7liu%jIzdV8GpTKGX>t}wO4NXr0JK&e=l^>;FdBdz0-ylGR`oow7~
zz-xnW>;<Qr25n-;89o1b5DE=1^UFbogz&;JR}Vi5%s0t15Zh74paPwwTjSD`q9IYo
zFx|p}O$1sA|1^#1v1JC1;kz?XLHPGl5A;}955@RnKU^Zz4}OG;7vbRUElT2GQ5;*l
zdLb!uH%}7#BD7|o;FMtAL!=zHv*8%K(ajMp=z^yz+J&=2@Yd^eJFd9A!or96X_ljL
zIXugTHhGED9Ysw1+8Pv-+7J{XJQ;$LV%2X~mwGwXB?IqrUW%C-*Ps@e_L7lmq&+~A
z<#pbe<Dv{^;h0)Y<5@ZGRyragI6f5S-1INu;BKQ!SPrk6d2ZC<PdR9&6k5;JWSRHp
jq)!mw5Z!;;9I@&iORJMUWhTPgnq?MfH51b&l<5Bh*aQQ~

delta 43526
zcma&v1$0$M!1nud0zrejAKabb5;VBG2NED9B#;CxuyJ>aySoMmQd*=~u>wVkOMw=*
zA_dy}f6fejx$nK}Ti;%5^P8DHF8iFMrHy@+Xvg1)oSP}*&T?^;jPG(~#vSEct_2BQ
zuKH0*b-8xWbGZuR9;|>5F@f9V$~oWVN=LlV0+;Iq*1%MlbfL?Y9&=zetbm!Y9cIS<
z*6)mtYnx3tV||Pz$e3V}%T-1dpyE+j16N}ae2jH4<6@I97&8-Jh>39zs)I+YH!uV7
zzfk#-Es+i*@CK+1)$?wc3mu!j5>pUAhz0Qi=D~k4C+1n|a^=IisPa+PNtl}WD$Is^
zF%4d|@fYalkdS<tnW8MHiprrX>VjGETTG7gF$r$Kw73T~l3!3Aeu`=!<#O{pAF88O
zFe7%uLO2{XLz~f21$zmo!poQ)pP?#BzQPpDW36g!Z|!fLfqBWl2{q*xQ6qn9pZlyd
z^<+T}tSqL)CM%hL^(2@Cb)+{cJ{eWPJe$7Rrk_M@rpu@$d2RJwWo9TH<|aKKCc=iO
z0ky$K_$>zFN%Y55tC@doiaM*!RCPslWCCi+)?h9?WYZsF0pfAju*0z^cEF~n{9CaY
zp2Vd13A140wPwWmQSDVk4Wy+*Ks}7aa`+wQ!!xLc-=Wql^Exxdbx;NSpr&#%=E2pd
z4xF~n|G;X*<F0qPDq$dMFO5cZd?n^a=NJK1@D$aN)Emr$(x{B>F{d(OUR;45Jc*jA
zC#a=LxY5M3qT&@$d!aFE^Y%auY#?f2%aMGJ>lgvOIIg1_dV%U`>P;qNNmRVGwLhw(
zvr!$`ZPPDe0P#1d0r_t><=bO6;={2hE<?3*4%6!V|3yGk=eNa7X<k&t0XE(NH52_%
z70tu^xW_)fhZ^Z8RKuyani;Hse#C<?F@|F?9E7TWgQR`eaRP<#K3>I?+su?bMNRoX
zSPJuOcexs1JFJcCPz}7Y{)=kJFUHJRdhABL3{J(xsLfbphv{H_bP|#fNkE%wFlvNz
zF%|AcUp$4a@I2PQ0z1uTLIf5gz6gup8LWe!u>c0{GH=XC)Ib)aX8I_qBX@Q&{~E!+
zBqT?_STmJbFg|gAOp29IOHdz`F9LOphG9XRkLvhQ)Dk>E?U^LIO@oCnHSs`<hwV}2
zyY6QG(-Ig$f@a`5Oov;sBpyd~<P(;{xO>dV%b`Zt9krQepk7G3P$NB#nvoZn0JH5i
zn=v11#v7n!xRqlc^u#12Ohfg2F=~_SM|JQj>e#$Q%|P0Hrek@r3h|<-4n|;kT#0G$
z7HUTRLe-o3do%SFFcWd74S@^<`l6<2Dwf5SsHwkUpFgq2+iyDLK~+!&6JaydOmsvw
zI0ALv*V*`aj7$6js-1t3nQ>gHelQJX#xgu8h^4VB7RLD)fX6Wq6aHwHrU{lKJ{q+N
zf5eLT0_$Vp11A3<3?P08D`T94X3tc^N;?1H1ZweMBPPSws5Oss$V^#c)Y23{Juizn
zur_MsJyBEM4>jf6FeM&Cjr1yNW}c(=NUFo;d2Y-~`>wJCyqf`4peJhN!%%C!8MTQn
zpf=Za)Dp%0$xL-6)Mg7tZOWOL9e+U0%x%<?q&Q;UGi6ar9)gZ{6W9j}P$N2y8o>qh
z#|M}bGaoe_4Z!roo1->kFN}vnF$a#uxwsZ<W7T6OeFADvY{Fc4=@|2`5q~71CMG}b
zauvsxsHq%>S#U9C#P3l(zl>S&C2A&;pD-P(gUZ(d)sX?H<GcXXP7G$l<G2+6IKlj@
zq47VP-Mj=f@_jab#>O9^8vcxGAl*qb10}E;@p`Cwrl9u7O4M5KKpo$sm>X|ke2jC-
zbU3j?KpC>3mZCIjEt{eThhsimZl9mD=?^gx=?PA|Tt1izwTIH8I#K|2d;?G&X@u%{
z5UQQQr~x^138=t!R0YRT9lDNM<JYJP{LYvcQdU%Y1ylviQ5A<{5gd=IXE!FsQ&<qM
z;8=`%mak(t2|YUh4+!KXA^tCBvlT`5jVlDThK0_Vh8v;wNElYa?Wmb~fhwQjygC0>
zQENOD^Wb7s2aljSavN2z-v#Y8*1sqLB?Mt19A)F%P!0Tw{`eV7V98(26m~;ZI094P
zX3UHSZ2Si5)I3LZFx5q~2`gYx;*Bu}?Yo8%D2yxYgL7DbxcidX{e@5?s*Bo0-(Y^6
zh92B&)32dA;=XKNXsJ-o+hTG27FB)|`r!q1k`TB}APzpW8D3#p;_0uLwJeHS%j&3(
zG{VIgfm)KJzZsijZ{qXOgNd)2ffd53#M`3EKSC{GqHD~59RjtlnS>b_K>QaQPjQ_O
z7UGRi@9q_-f_HH^dTy9CUylC7Z(&1BbJOK&fx)Pm+KcMI@7NWiZ<&r<x#gH|H1A2s
z&Vx#~&6;&WEy+mK8gD~YbOW`i;@>gPi{M@2?J=I4k76S2h}XJj8dz>UglR~>i|O$_
zYN=8<znd3EPE0^TNmPc4Hr@g=5$}lV$RN}vU5zF20>;Pq_st9>LoHQJ)S5RzH9Qiv
zndf0nJcO#xc|btBKjj0H;E#$2p$A7{DqMwCa1Z9j510|NJv5uCJSHO^Xl;esL)|ex
z4#mtk2D9J_qvJYAKyR{JSOg!TMwsCb)8ks`As&H4nBr-uijqDuOHk0-2GyalsE#g2
zb@Z+^!DDmmilEXvVrrfLQ3NuOFwbU)!D7VkVOC82#LPfR)Y1fET<nY*aR~ZhU(`&E
z!0b31HTAo#XHeyTN6o-zOh)^zOi#^+PC-=9Dr0I4w&?>gA@NC=0B55*wgd~}57-7D
zVHnnUW=_pERJ!kTK1s0?Ho-rT{pTwGg7yD~K-QOhg5h|qg%@o+^DE9g@gAsSx)If}
zw-|tlUz<%<9}5#7isf)4Y6c%*QB3#7Y|cQ`W*&lhao!u|Uu%Algp&9IHL_fPnF7^O
z6%WL8xCXVxKVllZikj*dm<v<BHG8KFDqk=*M+a5!ub2&AV@gc*j`<HIkmsG*RMSuu
zZnE*S=tuksroaz2J@I?9IrCv5(wkrj9BR|Ip$2vp3t++z=KWC$s}k>sm2jzJ12<7q
zmice9rVUUP3`9-YTI)}kp7?F_;0GJe_|fDmi8>vPP|w3KBTmNBxE8g?Zecled_S2r
zuYws!7=xOkrKk}dKyA|37>QAz&8zqU7AKzjA2X6xs68?ZOW`fdimCrKFPxI70ky&^
zI0kE|>Z1e#NJ#8*dp}I-qjvQSR0BU?Lwtd1po-f#9`*bJYLEE(xV<AQiOq<&!3wwu
z)!?648}r98`6DrhhPIS|9vsGM=oi=R8jp=oQ}-Jx{SD^FGQMu_sR%;FSD{9B7AxaF
zsF|z82SR=9jauvdSP?&B0G5sKcGaSN*FXa5zyWN53Hkl1c5^4x$VQ<m+>RRYebh{(
zOK2(zLN&Y`b&T(zI$SuBdEOiSiEl$~)`zG~nL4rC<&+^%g@8uTAC+M>YBOH2#`SZ1
z*VG>ekp2y-Bll37DNPc$_dHiXR>{>BRbOyYw|6hiL|@`D7zg)Y7TllI?YKq~xJJSe
z?3B#(EO&CZ_hYs(s-gav6W5_;;xtY|R|+$8lTjnOgqmu1N;7~es9oOM#@AyG;@2<_
z{*%&id(V6BRAwZBs2S*mnzH$r41dAocpKG$m)Hq&rFMJY3!^YK@!6<7vjNlKQA~x`
zQRQD?JangVdtd1Z90GnMq(o)NhKaEl>eX2hwG?5f8CZm6@gQoK|BV`P!?dQulTgR+
z5N5`AsJ)arojFzIFdy*{)bVtt5YP){6DGx@sF7Smb?gx)!FO04ebbw@u7gVNgC2A+
z6E3xWk7<ctLG6X-Ha%+wGc)Cp_8eDZ0*T1b2{m=!pn5hMwMkZDc07b0{2kShZ$>l1
z?5KEU)UI!fDz^yJ;Xc$-UO>%6!c68=6~T-;|LqB=g8rz6W}>EkCu$Avqek)(wRR~p
zn;FZ1KEz9)mc$>`P&lgGO4P{rqK@&OsHsnv#Vkbt=F|BPBcKLmp(@yjdRN~?9j^>o
z&CFCmb+9ce|6tT^o{1jZg&N3Z)RMkN&4gbzGgAdnn>!FyE*c#*Fo%G4^?uZ=_XTPX
zWcHW>#ZjBHqcsBcd>Cq^vrwCD1FD0^t&dQf*Dt#nKqb`k)~JCF%Fg-M+HWNxCGJCQ
zsxw#tucKa>>2sL#-2&CnFiePx(1UAGA6~~%BfpE;@FQwQGUYVKuncOC)kAfxTTaJh
zm_vf5Dh5^X9IBz0Ha%%BvnL9nHdTAn3`C<o1ID9XC^4uRxr%ymy+Cy=M{cvJE26&W
zv_mcNREIzSfupER6hDudngG<2^h0f;b*RmA1vQ24yk>9YM7>(;phngR)xmF2FP;(B
z*{F`JM|JQgERW7r0vd6eeCC0_wVpKywKV-v`6i(D!g^GN`%s(dqD_B~nu&z@O~;F&
zmY@^r1@<kf151zrJFcAsbUdD+);@Cqv(^PrOVR?h2coblZbi++D^x|93YybU9F<-h
zwTb(n_l=2qpBzMW<Tk3_PncNeKVu;?rFl>ztBo328`NfsLKU2ZT9UQaYp4d27B+9h
z5~w}X*4iIc{yWr?Y(njcBdFv14l~leD`^pvklz}B>PRb8!5*lJhM~^yJk+s0iW<oi
z)Cdz5H66;2wTU-Cb$m8ziMFHayNKGfPtnn4N>|K$=#;|*#A~8HP8*^c8i;x$E<ttR
zEUJP}sPFN4iklg1i0VjhR6|oydtnV~X3n4oAETDYuLS2`4U{cm3UowGX+P9%o{t*g
zPSo07KySmScX^(Y<~Y?u?F9$*KAD9&o=Z`icPDDfkE1@+ZlN~wlaic&HQ-muybubY
zdfE=vzyMSS7g-OZI`}6lUlM;a@&f1~ULQ3By-??S5^5$6quRNKn%NJinat&sHV>Mh
z);Iz+@^PrCU4dG=lc*j)Lk}h`W2Ueus=;=sQ#1&be=Tb2Pof%pg{m)0S<~T~sP~G~
zoq!sgjoK{R&>v5uraDeJGvdOi3YwrQ9Ee(ym8kNkQ8V)gs-u48&GSO2cnegA`l4oJ
zA$oNFcM#ATT|}+XAE;O4zo@A%S;55Hpc<HrI-c856`e$l_#Udm@hY07DTW^64N&>Q
zF*}Yy<y(u{bpFp1P|seWMwFqF$xsbdAPlv3Q*3-AYN^hkX6zyA!z4~+vm~WZ<vOFD
zk3bJDw&_2jX6z2;p?%jU0vcJ)DyD)!)RaY`dOj2Nd;@B&&!Rf~3{_E@0Fzz})v-pX
zCF+6R@~9cwfU5V5ef|s`Rg|HssVD%wo5{upp++(b<6|u9%ju8Slc@K?Wz>gF{A%WT
zCRE4rqIP*TRK5sQN0wkcJXDSIueDBE-AsKo)UoS{>ew{&V61(9#p<qM_Cx{HT6VPY
zai{@&kJ>xeQ1!WMnwiOi+Qd~*&%4)j%v4P#K^b?W8opuUach~)lpnRmwXg>EN6pOl
zs0weQ_DH-yv*x)_BMm?;L08nf|65Fkn^1dgze7L`Kd=uH*ES=_gnC7m$0pbfE8uR7
zhi|YFenhQlxjLrdHmHvEMeT(-s2SRd>d005{1v7k?xe13j$Izq8dgHBRTGSh!%-EC
zK^54FiSQ75@HA?3K0~c}%6eud3Zpt$4>geSs29#o)SK~lWJVoVruybXr#|ZZw?I`G
zW}SvAxC1q^d#EY*ZD2-R81?S2gBn05)T=oPHIQkjjvqkPdmgnkZ!wR~e};x;Edo$e
z6lxug+9dO=KVmuJ_pvNyYh;$LHL7Dnure+|?V+2fQ{&s%<V%98uLNpoT4QqBclEIu
zMxbV34Qj+cpf=T0RKdhe%saj~s)A0a%{0Kq$Du~N4Ap^is29+C)E-IQ)XYpN)EAj1
z=xD^F2x#gSqBi4JR7Dq2Q|a5x%uEi{^YW-A=!6>iSk&6DLzVjp)qywY{fgGy?1AE#
zl=Kd$cEg%;{#D^95>#LvD*g+q=YOFZO3}ht4r>z+LcLhlqt@~=s^Y&<6(?+I%#J!{
z<xm6Zg6gn?TB>C&Isb78+$O<;zoRPfZDq`Y>X1LG!M3QW9E+-O4Qh#gLUrUWYLof4
zHudF4HCPvwFAOzP6Ho(O<q*)P*+JAh`x@$VJYE~~DlLWTKmckcLePVgQF~-F>UiBi
z9n*wuO$SP%I@$_VUw_mLud>fiq4t#Xf`HCr+IHr1zX56uN1`f-L5=JJssnFPBgop`
zypYPF-i&=w`BtMUK7p#|Icl?I>tOa+Q`C%fL+Wu{;|P=|VTFBg)9UJI)-DHXg!NFz
zu0N`wt*9lqfTi#SYUy%!GE-d%)o?r10H>g4=m_c<KgU!$|M@$cV^;|SdC(lS$rfTY
zypLL|d_iVLYM|o5==~`ewaaIr)_8;U1ge7%Q8N~|iz%NC^&wRSz30Cp0iF8@)VUsm
zDzF5#1bc1zRa8T-QJXAbSM$6uYDOBM*19)p>K9`fJcHUR@q$gq{ZaXwp!eVZi?#{V
zQJZ83YPVlQZOQ~8W{OLqI@ANz&^Xl6>_QLTMIE;|-AukhsE*c0Z^tkR@x`ctZtTYS
z*P0z6K`)>is40AjnvrDP&3D5*s3|Llnt|4s5W`V3H2_uNOw?)GXw#2ka^iPTBYtI{
zr|Ds4qG%7ttWiA@v<Z8lI<x{+a35;dpF(Y(H>fqw8frRL67{?mYEOitIxqoMex-fB
z6E%Pvs29~I)R*4G&NpVtvZ8itAZjFoP{(8@s-m5!_rOu~;A2!nem%`Eq4J<+E<fty
zIS@6YO;JnI4Lvv&m2WFnMCS|v9|DQP%m|aBrm8Gz_qIc=`2f^jm}{ROw&@R0=RIC8
zQ*j~GNb91?g`(DeJgUA})Ifj5k~;tK!_B6vfNHo4YSWBHRlE*0WoJ<%x{1l~6{-QB
z2(xrKP&3v6H9`lqREto1WIL*3r&0Aj!MHmADSMl#OowWqII3Vx)Ks=b?THX9jzdrt
zY(aJ4B5G;=Ld|5xK4w5!P@A*{YVR~ebzlH$M&@8a+IJlxpbB212h&EHJx~U9yc(mX
zZZPWkJk%R)FX}YBM2#?hl=;lafquk`pw52<)Ul32b$C8%kL^WAQ+0uWDtw9RNWN&Z
zn;W3gLs1=AiaI6xQA_k5)o|v%{F4kUgBsaT)M?m=nz`dPe%r=Bp~|K1$NAR?iuN-j
zsfpSH?a*5hYN|J)rtUoI#q<)j)>-@8-<F}u^+Szx9;yQePy@P-IxX%2=1rIh*?g|L
z133TM)k8_p2-n#RM^O#@g{mOkK=UQCB5L<GM6LC3)Rc}wo#&OPk;S4fp2xU&1+|H9
zU>$sdnz7Q(AhXGapr&dZYJ^Ks6`n>_cpEhXA8mTZZ%zKfsOL3No3=A*<b6>cn~ueB
z8*203MJ-+G!A7Sn0d2DOsD{U(UKl%3Q+CtF-=k(E`w%k&)lm)iL*<)}`q0^c>gYAp
z%>Ip<vD`z=)VD^($08keTzd(qz**F;e1<9*pQVY9B~Y8RJSN80sHF-<jchoo1KUw+
ze+pI4YgD~{!_2WRi26*ag4%N}(fjj%7y)gvNvJ8`?tQ?qM2+Y^Cc!krO@%qF)lm6^
zP*WO>>d0Kw3u-&+)qM!H*)E{ki9f;&urTJ<`EN}?OEA<vSdZ%AMbt<hqt-O;NV7B^
z)QhSP>XdZAaySvShmN2&-wo99y@%y7<0w<E1!}27(a{vnCZLfXLv5mWs4onDqwNa>
zwIorf^u;#)G*%$)JH{+URn#VnM5V7pb?7!~<nK|ZAnRE3Ml3wm{`}vH1od<xs;7rg
zQ}-Fwp`_!?DanbN@*>u%sF62Et@RZ2$4#i2xrh3APBGqmfhmW2PlTiQbc|<{cu3er
zf~NF5s^9}mfT<^#bDssZwnfo{bx;j`gL*$KMV*EtsHMD(+O&QXjRjEoYNI;T3pMkz
z90H{X97RphN7U}lKFO?kWz=zOi}7$IR>ujbB{_rIBOg%tQcgA%S3orwh8oCpRQ>Z&
z^&dbjrE`OTM(j7mR9GIT5f4FC_!c#yY*Wp*<9ev`I}^2Mj-o1li+ZDFo@P!%S5!k|
zQSXhFHhvV<@IB->I<Az{O~(AFj?_X`9F5wgD^VY#=TK{R4fS#Q4{FWx%`j6Rh#uly
zP)jw^#uuSF`~zxpzC?8_=S+2!^B3R^@IpcLbR4Ro^{5V=Mm6*iy~pS~^A93gpz_VZ
z6u1|)IZvTpT(?j!oQJ66{119C^(<4)AG3MSKLPb<0BX0-LN&M^^<p`J8qrg0{MlxW
zv!jRfrl^LaQ2EB7_Qq0dfhSQjn0=0^zaZ*Z2B4$O)0%)P=wly@LLJA2s29%#)Ny%^
z+EmHrnubfE&T|XY2!m0lU=Zr~&O*)5YE(NXP#wFAsyE3z&cCK8|2#AG0jMeOf*Q#*
z)aF``e)tP&YHwg5-bYnjc)l4xE%Xp?gF0q|P$ONA`fS*X+FN%}GoE4r=U)vLSztC>
zdsM^YQA@A_HIhT<oe5Nh&ux1Ag{I;3=tFuzjDtn6CYHc5IKa9UD--_%)uFu3BC~lK
zqFxxCQ5_hH8rfV_gWJ%9Cs4cp5$Z!F^<uL}YNKW<3^lSDs2SK|y^JdNFKTJ?FEQ;n
zoe6kI7=&881*kRNWz(;r*8UT!!puv}E4Kz}a}Gr{yc{)S$5HtoqUwpi%)|?!roKL^
zp265&=YJ)EKoZ=`%~aOGM8w;prm#EeRk;b(z)jQ}^E0Z#5-ZFm>w@aYXzK=42hL#?
ze2X3|z0!1`6&BI?cL?Z3vl+Ek*H9IuT4gFIhi!;=#2UC8by_~7W-R$?Q(-~W(ltY^
zZ7)=Zzq9EvsHHiLIt7m~FYUY1tTD%@5^AlRp-x3l^xz28-dKT}+JmTu@1XL1LN%Of
zt%(;#y+>-G>T84gaO;D5^^QiB+kuYG=Sc$9@EPhf6klh0*a=l&0@8+S4{D}@Hke<<
zOu?e0A46@{cN^WVSWLdjG;kbsYHp$S%16|UWZP^8R(Uh$-$Ozt60+kk`(Qb$V~4Q>
zKCoukV&e5t?{de+w_#=CzoR~ub8a;av_XAm9E6&YG1djB8Qr?oF%6v|K|Oqln&LFu
z%v$-QHc?Yl&-<g+el}`k>#RqtcTl_gGipG&x0{&>M0KDuYH#(m=?feJ%D4mdhP!0r
z_fQr2#+c`YQ9W*i$*`Ao2x^TdTUVh5vfsw<SU;eL^b|Wx{t~G7fm4@&-r>=xDIba2
z9IMfT`%w+tw7#__-Dzed4{FA0q6QLz>iAe2--6m3=TP|`p*CZpU0xkmRswp(mOyo+
zI;sOrF$spEc6WbN2dAUn4?9pD`w{iwa~U-=PpzL(`IE$&nJtEz!AhuO+|H}R$0Py0
zQ106d8F!mCDvPS1BWlfuqek)_dT<l!o6#9mzQ3^xX4zwAW*BNyE<p|OCTeM(qXw92
zFMEvkT?GgzArSRq=!lhYJgQ^IP;bCbHofpZ6Yq)IoC{H#@gS-rH&8R?`reok8xSpp
z8u<v+j2%Nq4c;K2iW2NM7PdCE_D40a5OoT6qX#eB^!KQ#P5pzh1nLdg7_~(GZG0+f
zCU>Fs!igU^{|fv`f+|S(qbZOV_2sh)>bUek?ba!%e7miePz}AY@k|HI^Kw{`^j7G>
z@2orR^Gm4r%9{g@{Tx1M*0v$4f$law8a3j@Hoo7+FQI1aFVt?&c*x|dhML+SRC<5Z
zsaS&A%m-0l$IqhPv{xJgnxc4zjag9@m&W97b}4Gg!hSL{;-C-lwWu}SVEur4(*+(e
zr=yv*BWlxzqBh?MEQhO6OYhvafy7762uh<qrCOktCep@dU_9bmkk4(`F06^Ej+q&3
zgIc0tsD{>K1w4b=l!=ZT3!`SZG14)|6;42#Yb>gP6{z>Xdi3BP)Dm1po$n8*J(2K)
z`4lW_t&5tu5Y%azfU0*NdfyMInSP2oZN5LNJ<eZd0{S@3X|0SZ&<53D1bWaxb#N)x
z!8KR~U!u-=@ssAb_C~$RSD|KNyY&)kiT*}?s>VCTUZ8!KKLIsV8P#w@J-}ephej`(
zJ_1$2T-1!Lw9gNtI(7v$<+souGo3az!92vrq6ary&!VFSUJ#JJXUt4wM8*A4Yg!kz
z38PUR9BW-<jj_*9phkWjwfq0HrZ{W9s+B{fhoU+>{VeBSKRV4NK_gy|YB&ZP<8dsC
z8GbQeJnEo6_xoWPT#I^s+nW5G$rpe%NbiLWaXSX0`@H$ltqy9YCZ6Z~YlO#0&>FtP
z(pc<*=}31}PY0up(MVK>7ux5WQOD>o>U=*#t?eh&<}3KCnXy3B40b@B``)O}gvAa4
zRk#JUrUy~G^tMfZk6OD#7fnOOF(L8xsE&6-jbs{XMoyvDKJF#+;wg_he(g~|FE}<H
zgWmIhiGV&V+?UO{%!E4k<xoq~2GyZ1s29f|^xzKEj9f&W=Vz#6<#)xD%Zd7QEQAxW
zHEKzIN1clNzj>F+aWx>I5e`C4(K6Jr+JV|EZ%~^q^HuX=Dq(GeY9I`C?&qRjNc&MU
z8t0l>f;6ZGi=zh8!rBYHzyBLeU_K94p&AOfZfuF#jA5u58jgBTEI?JX%X$Vi6A!Q%
z{%hmSZkRO=Lk(;Qs-x3TOScmf>ipj#pbGv(HQ;m8OlcO>T2??UNgvc&PDkb6ftvc$
zm<S)EJ{#Vm2J!*b@npBmvCNN3FO6!aK6?NDZ+8M}U?l3@zXJ6_I$-0!pojQVRKcXT
z&64G}Hn#Rhb#O6itq-DRD&8HlC$gg2$%}n3@DAs{K7l<X<Wt7GX03{%c6Bq{iBnM(
z*Su%)^}sU3r(-2NfqD<b|J{79mqDd}gW6kbu@Ig`4d4^%n5Mh$m<+Y<n+&~B1?HpP
z0|#yTdsGK=KQQn3hN$NwQJZwH^)9M`L=R0pxzRh-n4R?Q*72wr-rx`@MPMJQhc8g)
zGRq&P;@Z~Us2P}x+Rgh=d*BwT;`gW*PR2h?yfkX_wnoixFVv^vUewY&Mx7R?*dw#%
z{j4)l-_N(AI`$K4_kKV>^m}Z61(N}lFFVdff2@vYuo|X(V*Z9i3)CjviK_1cF2n>+
zy_?Z-ts<Z|(>_$so};F^)H8FwJD}p@QF~%LYVDrc^eoTa-oN!$3yYH;gL=i@M~yty
z3-evDGiviK!b!LvTj=w@?n`qlmSTAx?7}Aa5<OV`m081J)ZTEctF5Q4Z}2tGGrcw@
zdt;_J&R?c{9c!@FLGSnf`2=(>V^M2%8WZ4M)SK)v>ciqQdNAo*vqy@eW}+=>#N#n3
z#-e8GsEzx)GaXNX+KgpUZ_Z}ucnCNI^lo2@s^}_ecPDsn;#E+arx)slvKTAkZq$tY
zh3aVL4`z=PLA~iJp!P^-)Mkyw_&6C=Zq^6RzXIQrpjYBO)TdjLzs>GXhh>RZK{Y%8
z^+K6}r`>#CKyA(epG^6QsD^i<cOa<p2|k-mSQT}OI-&N;h|ipV9iJT}XlgE@rtl@|
zn7RHjJ<Ww0VLjARbwG6_3gh8K8=rw1z<N~2cAz?b3{~G9)M@bj*BsZJ4gr0et%6$P
z5LCteP;ay;s1E&LJ&ihs*HL@qPgI9qp?Asn1ZYdV3U<f&*b;r*KHgu?x4|LAm!eLa
zlhwz^^^ibURDpVNe7s+kVo=|RK4M)gAJ@nGRcbV<;IF7JEE#-#yyw0w>Xkeg^#a?0
z{&)+uv}xiQt6&M@p~#Fou7w1&xnfak_6KTrrj768ow{nMczaa7ai|&FgL>oLLVaj`
zM0F^A0w3?2v<#|4!Kf);h|O>>YL6sM=)-B^{Ffx4DQ=F9uq$fqVo;m&C~AtIqSiJ}
zA|LO&I|-@-Sx_A>hZ<RTRKxRa`gzow&z0E6yQKbDglGuXrhV6U1oY~>fq|Ia&rDq?
zYL_lSRd5cqC*mbh&-oljjl30VMxt$eKI%;ui<<h&sDZeXn*8}tr=li0c?k?9paxc>
zI&ckjUUMchQ&$o7erSu@Jm28}Oqtx2n~3V@0W6QNuo4zdVbXh|mT(cOLnmzfbqXKH
zyP2}3G@C0JRWJrMl`m0Kl`EC88P+2{!g>Z963>|0$GiJOQ8Td=wZ=!WIX*^xC<UbP
zaaF~UsCJH|aeTa=-*M8K%~KF-@}Mp@z-c%NZ=&84UDKJF7>ydykEmn!7}e1n=}mo2
zP%|<Rm2U&8zRReY&Yi*7)*+x*=~S$Rr%)qGmC?uh9~SF^9^wa3Q+Ee-yb@<JySy}3
zA>P%x0#)BVt0%LGcR(%SeAK7yuU02P7IUmBT6<X+qjvRKRF6MfOJp_i?ifY-Lew5g
zp3QWuEGpg=FXBYhOays+ydUE;QE$xeF^<mvVFG&f9>WN{i%YO+cC-0jp@(?#9A*ZJ
zTic;JHX8fjUeul`l+!FpC)8TcM$O0-)UHpH%hb~lz2|=b0UeKdsCV=M)D-`Ynt^1w
z&6HI_y_)-AY8;Px!!1U2{8#(DMjn%|J!)XlHa^w52Gf%MBgWVHzeFH0-bB6AA7N5_
zjY-fauUX^ds1Y|tP3dUVW{pL?**>H8LX&*v`E=A9^Dyc|=nZDWr1{NK6hWsD39Sg|
z4L1sP?&o7Nj6uB#52HSGF4_1!)YQI3?fS9>Oh>z;hj?F9J+rM_tjAFuzk_NoRYA_b
z8pvPJjJP6dChDQ4t`+K?9*J3SI%dZ$)^n(H{@R+pkm*1rtU-E5RQ?sH88~9&w@}{$
z+=U%;K64c|Q_~prpf{@GnW*!-8`Xi|Q8VLH#C#T{M2$2v`k+5*3Cg05+W=I<+fntN
zLM_2_)J!CEikc6Ls;H$Hh}s;hZG6A=5vl{}ikS-iQSbgnsQh8521eTS)z-tP4&Fw+
zKR%%H<t%R6b!rjND|0C76s$yLJc%0lU+BT?CCurlhFY?2)`6%FOhTQG6{z#S4>h2B
zsE#HtY04Ky4WtRu5yurlK;KqpU?Mz&s_-||?tg*$Q27V7rsYbRiiV;_wj6a@_MyuC
zY`tTBk6MCc{yyF>qxn(av?_UZ_;nir{eaQQJ{X4@$vo>e)S92bRQMZeQ$Drnex*%E
zGou<RV69=(JEGnrVW^p#kJ|m4uo&&T4inIny+IwP%w^0P)w70Mr=zBH2WrXgpk^R`
zSu@2R^d(*i)sgC`dOM&t^JvsDUXL0;EPDU>|0M!?<2|<zGL|zvEoZHdD%c6t^DtDy
zBW(Ht8()h$ZU=4pJ=C6hfgVg(-jpkgiZ?0G`Pb%%BtaRcqI$dw)!<E={utF@$_nOF
zvLMzc9*KHo|A<<edzb>>+4O`J&5RaC59#f#Lr|w+aYfF*rsg0C+I$aehL@<#l(Le^
zm><=F`lzW5L6vh*Yr7IPgXgg*enxeyaAmVJO;F{+t>dsX@#PKyZMNS~Yw{8`#mTFf
zk>o+0g0iUeTBt9b?NOU{0D5ql^$@C_d#HRq0p|NeR@8`lp*lJZH9%({ff5AHqYC;~
zHB+Ap6A~|u`VgsrdLCw-h-zTHjUPoV<$csl`BXDzLUp_pYR2lK%0(dcIj)HW3X!lL
z^-8>qDv+?c*$de)JMlnN!BEs*8I3Bp5%o&_4K<JtsAE>Bh8ai|)ZVC%+8dowGal)E
z&iR`_KqH%jnxb7;6@NpGC{s-{#br?=XoKp&Q0pqx8|@V8SUy4zCa+~a#EPQ^R^P^l
zqMpygqB{S331}pb(EE-LGzI;wjZp=9S|_1i(VI}4>@sT8eMEg~7OZXRtA(mB3YBlV
zb*Fv)8+yP0$E#xs6hRLe+o7g(uuWfRJ%JkeTT}<K)HS<55S88+wO1CRX7V&@#$KR0
zkfxr=R}M8(o$GP_^<WGM>iK%q+8jZx*$wo^m#7Bv);A+<h#ulYQRSDQ${$AMyNPPR
zw}E+H5S88tm9HP_`Sb>k3B;119^XJMg{z?{SQs_ZCg{O$Q57t-&tq-;ntlEjbu800
zGN1nesD=ii$}L6JzYq1I`@^vhk~cO}RS@-{G3uNS!0fmJRlyPT;BBkBiD@7Q>O9v*
z<?Cb}WSwQ*iW=xi)XX{02x#-9Y-&bY4OKxHYWI&t6<CSdOvg~~h5M*C=5y=cs5hZ+
zGjr@pS_4o6Xn>lT2-LvlA|2-YKY^MgT*WHrX>O*dGpfPKsLi+m)v=T4!3U_0#cyE-
zPym&$Eo!X?q4v-+^x#fZ`Aeuh_7d~cK7U!vR8Z2|6;;7ZR0sB=3S6<iK&@$lRzBYU
z)>{$O`(pxXO4p&vokqQ|9;3ITt<8)UKz)r5#6-038caYL#-b`-kAC<I>O<oOYEQhw
zMwqRQ*<2B*eCx0h?m`c~K{cGFt$C9cN4=5*QJcB5O`m{{UX@D;$QaZnI*Q(g(L?+l
z#>4dO%o=7xO>J#d2il`{b*ObVY6cHmA7MS>DcYNv?tuDkIk`ROU+?TaBxp*WU;@nE
z!E~emsv}jc?NFPiFKR89q6hb3cD#<s@E=sil6EvplL=L>JgVa%Hho}6&c8-HmjvzJ
zEvO~9f%>qB)5(|y^=8Y9THDrG9{XWw+=lwl`UBO#KUfk|b~aOA3pInCP+#%7p*lRv
zA)tb>sGgrj?cy7#P4^jfY|;doJyIFf!5}P)V^PQS0IK{A)LK79m5bNKjJznS<84uU
zZ2)TE&H@7E2yC|rPf!)b>1rxSg_@a)s9pXIs^ECk8ZJdm?J4U!)Bth>o8w#!wdqEn
z%56j~`C+6T$Mu$gdK@pr6wHPiQ59=@R09K16|F>_hBH_N-`e!j-Aso&qrTsdM>RMf
zHIv&=Q+@)~-eb(7^B=dnS*skVHEM}!umfuIjYCb{a@4Lqfcj8+h&u0CdKjysIv9fL
z;8bfYY6fpvlZ2Wjs32+I)scYKYB*|FuSZpI1l8bE)K566zcI%rCu-`Op*E$1+6!Az
zUo`%-X6k9`X<+S(rFp&xwTFI1M-}~TGvo;~6*ROCL+#@2sHuBkP0-6UTmbd?-VT*-
z7^;CCr~y1i&19-@^Sm<Zc_eBttqbS;tAgVssK8Uyn=DO)X|Ne;GxbG1pJm;Ts^~uI
zO_#a1u`H^5a~q$5Dz_Px{}O7mC+TC-1N%5;6Gf1qO|u2HSq@-ZykadGX?~491vPc|
z(SwPj%w{cw+ADReT~T{uh;^Cu2&&wlsCp7P(I%l7>ew|wy$^y=yR<)QPfSD2#0LBP
zBx*_Spr$@fUo+KZP%oG+sHL5b6>vXR#Sf^>TcMw+&*?)zQ#2j*V%TH7j;i2atcV5s
zn{(R(s}Wy-I;J;KQ~D8$qW=IhvJlj!o@m{H>evlbdwv7G-y<AXDFSIpsEk_67N{BM
zW8-5{GqVD{A5!-DQTzNl>Rtcdruz;u<ujq`D{gIo$`^{7(SDdg=YKi@bzlQ(R~|x*
z@D8TJT;H08%c7Q`9%`m~qAHw%`m9)h+U=WA9le4Y$YWGK_h55clA_uviK%Jd)s%n-
zyQ4PEIMlh`h}u*)P*e8~H4}M;m<mdx_CO2NNc*D?&O~*5HY)#m)ByLQ>OF^A8lRz@
z|3U-`63{!jHL8M%sI{MhI-Yw`YkdpV!B6(Nhts2(sE^vs5vclR+4MuGj@?I<cMmha
zbjpgF$(F-7|K$nvBSCIMRrmx|VY1<NQ=#5$A(#Z`ppNS*RK>ec9lL<a_YO6}{3A?y
zQ`8LfLp40vrf(WS&-BhdM?xI@h^p{k)bYza()_O1A2pSAQES>3HI=<lujpl{&xqrw
z&Gi5^lkQPwAaOAv@dBu|FNLbVnPW4AS!dV`yHPW7+4?tXDYA?<1*@TsQ9IO!%ShCk
zZ?n&jpf=r2)Qmkwo%;`{nJPNQ4Af~xKqKmn>iHPdURY-1zhWEW&ry4#&R8?jzNik(
zL{+#OHKOaNrTh!EgvG|0hFYTPjY2KWYGei-*I5EOHm>pJ*c7x@My*v7^k5(B4Ahjz
zpx%5}Z9M4&^QQAhHPi<+Ln~1OJB6CjhnNx*O;nuomxX|O6o48@DC#p{vNr>p%*KzS
z^4&&FX~Icn@1#Smbyd`EuYqcyvyDfgmSQT##fA3yGVDnEt{nvQsg-K7$=C$7TRWn@
z75BCA^{Ds3LDYz@p$Ffhz8|EUVmh7&wOK2pHd{l~QuRX3$PDXVbo2tbOF+h*YIb!V
zYb(^!j6+ovgPPj&sB`W+&BRNfc7F)!^o&H!<Wkg({Ddlh8`Y72QA?X^I_JL(fg01z
z2nM4vPDB-4k6N>%sN?e|Y6Pz_5oVfUraBL5vz0@=7doNp>5ZC+si;l91XJTq>(4Vd
z|C;JsB&fh!R0C;dn%!IpH8U+yBOZXNaFtEpiCU7&s3mx5<F4;a$1<YQ3!@sYi0Wt)
z)C}}@Y+#Nx7B!WZt$(35W2#xkf~YC3j;g3LYO{?&ZO(aE0S}>$<3H$&>1LaOWwF*o
z&4|;BfYxNBbuDVdr%@F@N6m=O9P^?nfa-Z`>j2a%cdqqk)SK}Wmd3(!jlrl6EkM<`
z!^9oebpm>^{AJBP&otD)`Ymcr*P*6zFX}j*Kvj4NHInC88GYxQ25O)>5Qcg~u0ZXj
zbEr-I2EG6PpKJ@vW-E>ANK@2W4Mlx6%*6P(AN7hof;xV`p*HCo)QFQWG<&EjdWd&M
zotELK{5wz`IE%{vO6vUQTx8a+ITj^81hpAAq1O5os-ZtoJ@;K~eo!ffIz44j9gjdQ
z*#guOZANX{GpN1t5jAt!mzesBp!dK3Q<s4DKo?X4V^MoxJ9foiQBz!YsX5mTu`2OM
zRK+_`9k_~mHOE_KUTB4_JyA2a&br@vZW-slA`kA{gdEGw2uh>YtPbi8*dL4FM%1~#
zhML+3sLy~5E6j)+piV(A)Y8pHb?|_F{s7AnkGIl%?GIS#m}51J1fAo#s43rWJ&Rhi
zC#W}CvQ;Kt63Y{BiM4P#YUZw>rasPUvxjnGJmO_h$G8e=CR?GFw3kCbQ$HTH=9{gj
zQ5m10GWx7B6=y|tv@&Y<w?^%OKB!~04)ta99IE_1)J%TB+L(8(nZe$uP40Y4Ks}p=
zdK0ciHTa|T8u}A|hw5PAb!MdXQJb|tYR1-}*7zsX3+xJN=H8-qe}?s@Bc)Is?}E&z
z<NB6>3M@hG&i$wYKcgzRk7^*n29ur}_3;~k%HI&RrtMG_&$8*8QF~_}YH41e>dCax
zY}T?^K%f7?1hi&T?Sn0-5nn^iNQzCye5k3ff|{W=HoY(E*iEwWCFnzZ7skOosHxwN
z+B5Ms8>?bf+II~mpsD-;wR@kT8cMgttWj}mEo(b0%k$nCi0e=teu+AUdAFL=(F}DQ
z$Dr!pgnA#`u<=COIR6z$C{I8c`=K%{vhknMTQO=W@@_Y8wz{a})f21XEY$J5f@&y!
zj5(HNP)pDgRqs;kX;i&`$8i32j*IOuBk78oq7A51@c^~y67Mw63t%PUk*M^osNH?m
z`WZElg1byTO;Inh$*3jUf_n9yM3w)vi}SCZXNvW41z=s&2qvO>ybpD({y<fne7E^m
zwaTC>`WCh8H=-&$fa=gKRKrR3m=C3*s1b*wmUt!V!|Aj`K)W~YUXxH6wTt^&r&!mZ
zw*k~hZdpHC)9o|qC9RE6_4Gt_e3VV!fa>ru)IgnU1Uv*1e{VKbA*@b31U15SsN;DR
zwO8Jw8%wjbR}fgr9Z2|QJZ1|=V0rE@mu9a3dH9!OT?zRnvNo=HvKV*k{C6O88VYtH
z!}hNV{zQiSoTCfe)ws9Wf+@&bEI!}k$={T4EnG{TJt^CUJUM9Oe_ziiuWKRCs$puI
zNB{jP?^TtGzFfI%L#Ih=O66Z)w`>Q0qQcZXi$_JN2`?u78=J8X<s(S9RlB-T&v@=x
zq+PLfw<OMc&14Eje-d;hrqY~LcFo3>c7l5zX{$-&E$s4DL9PfY8%CvlY$w-~_JBMY
ziSut^yB1I;E6*2@_7it%?#AAdY*gyVOnGl7s}iYdd$y7Szu8QENh?N0lZju)XH=*w
z3l)VB{!HGUlr4uvxOJ7aE~V^o@?|G}i#&%YUz}yr^)K-g++2>U9T`HrVe`k|wj(o$
z-Y49OO7tGBO9dAxl*2y%iw;yEEs3qvTbgI@xoePr5A}AjdG%~P@wMb1Y6lTTUB}}w
z{^C5)70$g>jd9K6VH3<t<!vaS|2ys{Dx1#p&!lIjqLjAbPPWWT75wV@M0yPQbhRh!
z^Hpbxd<kp*tC6X{tz;pM{cC%uf>r3;72<bnf$@aP+2>v9<V5nkrED~5mB^b5^V;WS
zY~$bCvM0$mkNbP_<sq#-Wt|6Pu1!Uo$ow1kavpTE1<H|mE8%xM{}%6Zm*!4QnWDB4
zeL{ZZ4yNo<o0i5(vMVp?|0=*Wi~4j8B<(uk`*#1i3R7tp8o9v3hZJ6IE0|5%Jkp9%
zAS>b0I1~$WXQj;ZuNq29h36QVu0*8Qz`NKHUy`2>$N#RG<bB2cLF->dJ+uYelc^u!
zR21w-n6Ch?q&)9{eYn5A;*igeJ+Q>4HzS{ia$||#;hxMrk50~@p{EoafVGIXB+oZI
zYfJt`TK}82@h_E6C4;UCWO_pQ357P<v>+-;Li%tDe@~tfwrofHybaI3zE)GVIB9!%
z{<nQrk#IHAlTkKLpiO*C#FsmmdoA}bWEw*wI|z4(GxOlUR5O1W7+2lZm#L3*<19~p
zC!CL5HOU>Hn)Z>#S782UE2ML;qZwW4$^Yg0mUMnla2=$Ki<_THTnDKm$mUH#_=(M&
zf%=p!2KlQs=5-ZCia!Y-xZ6^gfA#&pYY*Wt(w}qpqR~jywFxT{Z^iS4#8=r4y`e5Y
z;`~(!*HJofllo?p_g7o4H4Y+8*L3fHE{?zn+tXG&$VtK9F_+EcOFT1`rohFvk{6Vj
zX`law14zHYU6XpI(2@P*ZAhNil-o<%k31`be%u#%_Ji%Lcl`R|^@+PY4|DTS*RR|U
zZ3BnADI72=JHzu^6i&cB%~o=a=e@ZbQhpoHyK|T2*)O)dir=9FwYc@oqyc`p(m6!<
zYb~y_Wd4^567ggmg)b3aPlLS)-@rif@GaJR6;m3|kCOJ~8cldQkr2|~QRheQv!wC0
z$(4^YRo^z+j(9P`MW{1A>Dqt)uPf3vqQuUGo6%SvY(T}j-cqnRcX#e0G;oQuG29z@
zUWj{w?bIb(Pa-_e{hKX6$vTC6r}fu`^+VGTBAvL$(wMHF2p1-tgMw4(ZGPgq4$<fc
zn@927wvpmIUrN4}O60oEy}*|7Ch!MeOkJz+6t})nRwV!LaTxzDB9&}K$!Q=f1+UY~
z72LOZ=EF4UddxFje{pZ66R&xGpK|TIseGz@)iHjt;Js3k=CSD=@qq2r0iHgkzAc*n
zNj9@e)FH73@keC#qlY<Zyf5huh%e$ENZOYxK6z(yKTv);vzG^3xw8;oL%Oa&9B9M8
zQJ%l0=DmuLry=Q19TWHd`K_(ImMx&fW>nmT^lvD5jIgfFIEXZU{&LNw(hTIkj~__)
zkY1E~zsc(ANBT{|DHuotjN(~t?lI(T&0m+Y+4uz<l^x@LV;f0JfjGpcaqGHF2ST|M
z+viFfPxv<X0!6qU@%#}^^Tzn3p<@ed{??@3CjNr>IV?dZI`QL@_oscE-;0L~&*=3F
zGVG*6T@MJCp(968*G``2!cyezP1;7{gSkIa@mu26Y(8&h{uo8PFm)Beg_s3bkUx`l
zWdRB$!z@&`nZ$d@5Bc7|5uytE@%(RFVMz)f=Pt-yfIKa9Q>G)&Pue^xGoAE|q<^^r
z)KSt(QP&*8x;hc|&i_Fo$86y<)>$;Llk@;8DT&{Zc@_mL+rmR_zM(unz`e_+lhsv&
zyt-15Hko=F^ZW-IFG-n7Jgdt6H+RuEwBOzqJk7(Aw%{qkzmwj>)Z_jCq-CL^^0rZ%
z?22#8wjliy_fs0ub=ao&z|N$tw&hB&r}R@JfA7!LpJ&ze<4PkEg6Q2&8sEnK9pQ}>
zm`cI>IFq{yX}S)R#@{$|Eg+sA`6<>_lk~}yt4oES@GSS2E0pIYzKWlqE?wts2b()o
zl8F0TGA+U7wxLvH<Tq9PztGrpJiBQ}Hl937s9+|p=l-4NKXLy_9ygT+sCKSJgh!Kp
z$~Mm5dUs8=b^na|mDUh$@A^-)nZ}VR2MzHTIbGSgvl5<epS89<R^_eq2iF;cYZUoz
z)0nOaRGx@<JMw2H-j{mnafguh^)=3P#&JC-)t85_$@CB_6VJvvEhAizObw|xzb!n8
z&Kx%dT{lP@YHRFE_zVpm{;GvEw!=T!0i?5aR3beY;Y_r5L+Ae?h31mjjD|XrsB01?
zq7&&!PfLTdZQ*aM@oXm^Q6_-A`qe`+@>k+{KHIRjBL0}oeUSW5ZQXOo^NezhxxK%x
znrm~`rl*H(rmciWQ&D*ee#Ae?^Ct!J5)Z&aIG?n*gfDWBBhP&9I)tm+5v$r``h%-G
zcO#w;Q-o^)`EFB(la}5T=Yg(23HwpFHt}r4TX2u${)fzQ$-KsPjwDx7;)99zv}MBx
zXCmC2@;=;Cl!+@5Wq%}nInR?&zpfpG8*{g@`_J_giNkEKzq6S#d9(6MJJLJSm>&gn
z#i6oaZC;bYM=y<ZB)vIhoAB&k{F(fTZCzjTJtbdfo}VWnnEW&J<4OS%zg%TWj3H9N
zrlq0bhTOW^QdvdYiAu!xk+(RN@mFSD30V6<giCY(V)N7{|6yBCe$w+1u7Lc?-1Q6P
zOHls5&%f8Uk+EcOQ<<*yWEe>$%k3!iu1HJTYD~iOY~<Bdk+R{WWka{kJC=Oax!2h|
z^^xEGxwi2<iu5ixnz)mYKn)6KHFddW@Nk!{<Q6^Vm%Of~*u_4tPu|XigD?#pork(M
zkY}MSca3l%!iTuG5q?UYU#{<Le#QUL_rGTZwvg!)_m@k*Nb5$!$!x)%Ji9?bKhkvN
zqTv*FWEn|INWOjc**V;2pG~4%N}dh2@hdh@Q_RV;jJ~Y@bt1`aL!WF0HPV!{lw=yN
z2-h4cnP7tYo2RaLw$jeFYz3>bj3AtxPA((tZ|f|@0G=}=wMqMidKZ$Xgx2&EcM~%8
zLS4DYRD*|gY<v+71@K(Ie#}Eb{RTJ>&we3KOFT>d7WgCihH%&A&OqarP*-2dP9{%I
zZe3*!uA}I5rowYn^q$PSF#v-|OUvDfTi5SYK9py=BDhBpe?ny`c>WLReMrknIS-9)
zBOJ}Wo%G8*KSAC&-0{hO2WODh#CC*i%s*Fm5~tb*a!`q`pUD(PrGcdXgVl)t!$>k=
zLMpmN`ZDg*r1dvN{`>PR=@}^#MZQebt*eIhInVY}W;peH*5`k6BD#L3fZC4W!AA<_
z#xK_vp6#)bJJ^=H6wiy`DxR&hdF#^1I?_6EHzi$HN$V==Ou+NC<b6Y%1!?S{L*yn8
z@)Pmpe#C>86e>f;)!5z^);|x?)swrn9Z7O)9Lk*`pZ-xrF?_%Xbxpvz)OVG9C240X
z;lZR|B|N~^>z)6DWUR}>C1iYQE4@biSMGasZU>p$+jRcR1pi%g2_GRAjcdsJ9bx@4
zzLw4Lh;sXB?3pb?7FQEn&#$CE*7v`awkLn+DOV95^q@dAw&U3v)HTYEYA_Y_Qk-Xc
z^nyQLa^EF=I^|L^8-b+9w~Z2X&9HTMrOXoQ$;Pwem|dU$y2g{?7!O-%CQOp6Jeg9E
zz8J?-c?QzQ;6?1p{f6)^o~NSB-*jLI;d!LhC%&EVb;7zrxm)u*0rl$|N&02tzT{ix
zkhshCbSy67VP+n_<_<IYy?=(1S=VFk7%JCwinRB(k@J-8M%ryWVxKF|59A4>t_$4Z
zv{jCHf6R^}$?MGKk73*^ZK3*DhRnLsaEB7^LjhfJnc5JWFPaL**ziumr>J8ucO3F2
zChuO#wX~g6*+JYH$Ul@k`FIvgz8>EHT$nQ3iuzGeCLToMx1<-h9XUk&%e9QW)ommm
z&ubDtXXA0H{2THP;@(d91JBmciI!M``wVv-?qKeEq_@)he*_s{k)Ugj9cfZ3m}0{P
z3CI6xB#+5^(&n%ERr&`yGu+1W5-z}<mb$-OB`GtJcwy?z#xq^D_5RmYjl>={aT?)M
zWNt^il&vt5v}5FLPG>T5PawTB@x)lqRN-1fdTMT6V<_9f*8PsOSELQF@mpAocmz6c
zZGi(cpsNe^vZMQ+N<I@VXrIj|eA;AledbwT8gELxEET;cK8)v4#6J*!M!o5{C)lzo
zc9rK>c@{(3EW#1|<5Jfl0^7L%p@J&hYslDw4B=Ehhx9?Doukk`($kaXZ#z7kJS$26
za@8lFuHxLK$){@#z9D^+iMsmR^o+zSa=+5=Ut_7L0}tv^aYHK1Y%|rO@sqaT0iLC2
z_YcN=<WESrG2w*dc}4y)r0L4doyCR~?@fIvZ707YUsYSTo>eAaVg3HEkL`IFmFY^$
z1Lf;()7ug$L|R+!Iktk6gxgbbD)OA+KF{5icwRbHh|cNS&V7;e?$n!%XIr`bx${%U
zDAJM>*8eWub%ab8DENfLXxqRaq*W&FPeX3hm6(cSP0;n$`V0BKzH*aagL+QoN2pWR
zFU0SVuNzLpxTFuJ&Zk=c4P-27GsfT@DmaZ5Y{iX;N0LX^6e>7M`ZVIbNdHJBRWP&d
zpz@U0A6$Oq8;jpjS26C=<mrxIu7Tb#>%W-_)=}Xw3Z$|Pb)}*8wgZz1Un2cIB?Ad>
zBK<e~nR2_hUz1*s%J+QLiDTp$!oA1Vp+<Mw=gk%2Izk=C?dOj-A(LIVVYZil(CAn)
zRq;OMw-$tF(cm9E|CVPB2<zHytx02>NuN$WU609E)Ykd@tIqWx9Luv#-2b(ooC2Ro
z=*?Y~O8&$Sr0u4%zo_^yjqE4wZ_=7k!T03xaQ{I(9aiC42JWQ9ui_5w%rrh5@A7;F
z=^3z|?d&+>T>S4!Z4dX_UVl%9vovsuMzioNJ>l$x`&0PKm7YA8iR9#21MV-^6YAJO
z<Q~sA(Xg&9lx;+wAkwngwE5(VOZ<(-|ATGVWH*0~hdpE-NMT)#X#5_P)Wigs(<HlM
zZKoPh$5op)8be6`jRsC||ID*wq`f43#pYRN%X#O&4UrZ!=Ek*T3a5dV#KUZF%aQ&E
zm5d~QmkKs=|43Q_Ze2x~rQwwM`pTgQ>Gc@E67F*LxsNTQ$Kj+q?+ElHaDj%0&_Ge!
z=ph=^<;E)%iY3n+Y14nT`IKiB;UwG}sADGa+1P>jHJhgwW~4LoDL<2ND)RhDeOvU;
ze|{kIkG6OJ@L)HYZu3yrOTq<dFo|u{Lt0PLbfu(RMJfwLAM!7x4u^O#tW5q&<O{_O
zJS$;}xcb|6E|X7JE`9&sZ!6Dj6ZN1jh3->9FP?3-&j%6zQ4hJskyZ#V*k?-XLAZ|X
zcpUthv_AIv_cWZE8OZfj{*BbPQQ!Y+kvSU=+S(43AikXVA~KZWd4aDwreI^z5~xM4
z=2U!|d^t$_`Wo?7q?LVk8Iy3oBY$=}la8_(H&Ejg0^?}3ABFDGa3L~ujr-*vQGWTy
zl=~@~gD1LtD52{(xqq-}9@74zwsX{!oxC@{>bCN}BtDJ%1kZJ)B!5=AQJHwWuky~P
zY>>&~I!{=alYk7vxd%`v9ffr5qv3YkNo{-=ok?g5Y$1KI8X|vJ+h76mE$8_W?uXP>
zo&1qJTS7c8o+Pb4MMe{EK>06M8eg_)9%6^7Y#D{l623~Nf)pA+p)Xf!p1<X;OyLYX
z+s&=(0A&`Npld7PrG!h7?=y9L$F0kaZFqK%GHtjgk>*4EJ^421HBp$}-zU=%Du2j>
zXdcW(T~lpuo2vricd0--D>;74-HfzGIL<bvGTX^}&6c}GJP*%xO|}C{Xritu#3$-t
z<)H(4sNfPA=VDpziByusX53DCV><QaDo?yGc_!J4C)#H(NE>J~rLt-HslOZPqip)X
zuj+Y6x^tO?*LJkksW6=~5|1LhlEQa+{(z+Oq~*2w4q{RpR`wU<8OeQ=dj;u5u@7Z`
z=B}U&T)s4x9n;vExk#KVj%%8)&I9Y<nn07uOtNb;@fhN>a5=ZGhQx2+MXKFFcs{qT
zM8sE6t_fA=B-{_<aX+z5O(oAxy48$4A=rdG5rkiHU*jG^S{GIH1NTV^&EO8E@(b9S
z4F6rW!gws$UySj~<&bv{k#{(P^wG9si76XSW9EvvH1|)RnZGW`JhSq`@-aIXZgIy9
zT+IJhphmN*o_tXu(Vl@3eIq>){lh(7gL(&b2@MO44h@OQpUCC$c=F{A&hIf9L%WB2
zBErK4{;vl?;lZAoVcmmz1%>@jiJH}`d%O>-SN|%}<nrVT3GW&?uy_1uQ{BugOB*;%
z)fba)lmDlj_u2nVKTXE}pML6ry5r3d9MUbQZ&>tK!w3nF30wNNyY&C3eedWsmjBZ<
z&1|zg^URz}Q^!Ov&lk6bts^AZ6C4yBl*pAk%JV--Q6W)Lp%LMpo*@IjexjuQp<!X3
zE+L-2Q6a%Gb5?hCr~02_-6A5(dvfHC$`SKw&7rt4XEqMV64U+XG;y6~j5Q=OZ<Hq}
zI5?8JJ$Z9S<@E$dghYA5BceUMf}*?j@YHD7j4nh+(qzMk=#cWB<~>3pLp-6%<LTZv
zC^9HKIwZss-6JTPKSJ09k-?s*zP)=#L`Fw>QzAq9^bLuMW=v6`gF=cVVqb98>E?K!
zG8j+y5c&}mt%3a4dQ{)8T|+{G3we5ng#<-WZ;z0!JypV%502>Cw-+5V#Ui?yZRl-1
zI>Hl0m-?$qYLWrc<Djsxi2fnLMgAMd%#t5d%$#y&d-j$gk)ho}z5V-N6T&DpCo{{Q
z{hYyLSKbrR+uPG_p<yB3r!fV8`PDC9uZVt{1v=U{GLn9oiO{wQ4UY<mG?Nn%9y0UH
zwM;ReuRC#Ow!fXl?THz5yJnJ@($9t`h<Wt(r<Ac561va%rRwe-ns*gK2J{Z;%H+i^
zOY0u(jtxlfuH}whmBC#(X@*{^JxA^${>7qlXhDK{bqVd>H==LUoSS*wSLfWy=bjon
zKEL}&oD|+^=^q;1!_%y2!}6ZoQL)tvyBEeO5f;)fDB5&8I<jvRXQvx8);&BZx-T1o
zT}6q0L1Cf6p2qd6dbi}98^zrFvgGbtxJzg>^=K~^^3<t8u#l%~WC*nd$BruQj+Z3%
zRAu+F_;WVba`XR#2z2l8DWobQL%K$2fAHF1v4d2cbqWdRL3CtjNWakV?n;Y_U0=r?
z7}paP8Wg2@4-My~5)tkS4L7|BiZnA6`>=sKo;&@2>0KjweLX3$*BiQz`Xn_A_9fGt
zPYv7|<}7dGo*Wz4)Lkn{vXFuO)u-r)2v1l<c=y<eo!rIUv1dEG)5T90%88>(U)po^
zG6{2@H*jZ-z2Duv&7Hq5iyj^w+SP1C4TuBhiHho>5o+Q!--%q|5p#a1=}tH2OsKnA
zY?=S3v8#)1vI@gHXT_0b6Bt2Y3N|3fV2Fru6BRUZq7hL@P!vfRV<La+935Hsk?yCo
z+q$)zYY*LDx6zH#v94^4w{#mzywDpi3>Rv=z`vgF$8bSnG#DfJe&1=gF~FGg<~#3s
z|DX4LzN@bX$cH4qw5+&Tv;O-2(!<63N=>UxM=S-U7VStwou*?--q}~OZ*>9AiDmjN
zs5?lUsT%|cCZ<QA2DjEk=*E-;ZXXDkbTiqRIStnsH!C!gY_OWicLq3QAypLON6Ere
zSaOU!LEzAF@+oDvPZATX`<(n^gdH_xD^{+S<jg44@r3v)I)v-x0AdU03kUO!?VC57
z_Ld>$%u|rHzxWfgG36mDTk_w}-<H(bQy{RYX|TUsWbLY=a!XNZals)|NvU~XX~AJ*
zN?CEi9-K||P*h%2ScU*kh}ar8na7s6N&aGl>RuGztBNQ*Qewt&g%8}M*D$+qe+e!-
zy?tdG4nzlUHKUOg9#WE3bl<Qf#{}FS#0Hod@y=kTcCwruZ71Ke>m4K)E_9Gt1itZ;
zYzj|xlZ^zvK1=4$WbI)xlilqjkFnhs$ZPQ11;PmU!X!Xe=@c3t>r|@76nlunMJ3qJ
z!!45a9G*;}BD}|}gJj`*lg!JToDU{gUGPAH<yAH`D>nxv?<lYB<O8R(*}4eX_Kr?~
z50FkH+y4<LTG9i}5`k)lwRm&~YNs31%ZB3-GM7G^2w>8MPN)xe!7PJh**sxZc3qX)
zYUGw`)!wK!M!+*j))?|(P}szCWymgheL9(nGqs{YyWY|ug@=XG6d{k;mF_;Np$kg`
zS1*$g$>bBphI<9c!tN;f)c||PNZKN3_<?+EI3-8M<gr1;YU6DY-fk5%t2pdBx2l~s
zxiuV*_Qs?2+&#kG4r7YaS0@bxrE1rDljLaR)<zz7a$8WY?vjQ)@$q)0zlPU$$u)MV
zc|dYq!eU5OLl_i>&Lc5C5KWRS@2!+NirPdba&x!b?B{`tl841(r*llQ?Y!p6-=lgj
zq77j(9<4<)lGh#|xtx>WTDh$bf2!5TM~A06=3j*3u~y-d-Mv8;G5jL_r6n+^o@W>%
z+L@NRTp81|2mg<_K(eI4ChU*sw^|X!Qb?g@aUuK@c{_bQh9{pJQGEgIB<2^7_G>BX
zsbj??R};7O#G`fG!FbH2`1}*n^>F(pv81xCx5z?jN@4hyBaegq7P*oEu{)$`CfL*H
zcqTiLPBWk^i<YNnYO#2I+!4Wu_^3znMB(Og8X(ZSg1$n)u#*0nz96|fB`20AfE|<0
zG|1gCBYQQM=CQT8^c?#mm%5-UkA9nKsu-4{7to>zILE|omlI)D#&i<4yi5<KJ}0@{
zYTp?ish6A;=v@1G96I3&c*d{PX=Uu|#O&hZUGb3-c4H$Q&RJGwijUQETb1eo6lrWM
z8l8i0SAvoGNKD2Kdq?5qtMqsV<ZhvB(pdj?x&iKNr(e;vE-!EG5L%M2l1FM)dwt@u
z#wwPKW?EZoO7M*8tcEXl&}*s7G$?u;TDcuP++B~mNWOYLW%5)M5I;XOn=F_-7G+Dm
zvVe0J{hKZpji0<Eo|Bi@iQUu<*#$K4=q#1BsrAFWpYcElbB1eXx{JU|pV9qk&rEZj
zlI)bQrdGrd_Xv8?StFb+r`O2JB$8?c5OvZPW2A)Y5x}AnTB}&?F?te~9;X)a5%+`A
z<rG+)!rfB;S>6`p9zU=1B=}pHz32W^9=}fmTqkI4>UzQDiGi4eWz_^SjnmSb03w@b
zr8_bcnu$@;!#`-HPlL@$O*7!Cjc%gpO4!O>Ue!6EgaTl2(417ZvyT1_N1gOV%C0xi
zr7+t?=NREFAI&4s*Fw4Blt7=1lYOa$w{{AoPT*t6t^{ipt5XS$OP)*GsIL@zYo#$|
znkELU)C~NWrWA>)6`fjQZB?kRuRiAS(<ifez^hgT<zO8jbtMEIQDSkX*IrM$*H7PE
zAQGLbgou~yHSmj{-Zo@tQzJtVISyAVyB45lvf?8>Q>HJm%Jcz*!XDa3AnzPK@d*35
lpFYnv4bV*39j0>$3=GhB3CzDpU!Y(aqRR-(8K%n({{oGgluiHu

diff --git a/po/zh_TW.po b/po/zh_TW.po
index 6b9c672..fd8c8c9 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GNU gnupg 2.1.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2022-09-02 14:59+0200\n"
+"POT-Creation-Date: 2021-04-07 19:24+0200\n"
 "PO-Revision-Date: 2019-11-04 09:49+0100\n"
 "Last-Translator: Jedi Lin <Jedi@Jedi.org>\n"
 "Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n"
@@ -21,58 +21,58 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 "X-Generator: Poedit 1.5.7\n"
 
-#: agent/call-pinentry.c:338
+#: agent/call-pinentry.c:328
 #, c-format
 msgid "failed to acquire the pinentry lock: %s\n"
 msgstr "個人識別碼項目鎖定獲取失敗: %s\n"
 
-#. TRANSLATORS: These are labels for buttons etc used in
-#. Pinentries.  An underscore indicates that the next letter
-#. should be used as an accelerator.  Double the underscore for
-#. a literal one.  The actual to be translated text starts after
-#. the second vertical bar.  Note that gpg-agent has been set to
-#. utf-8 so that the strings are in the expected encoding.
-#: agent/call-pinentry.c:544
+#. TRANSLATORS: These are labels for buttons etc as used in
+#. * Pinentries.  In your translation copy the text before the
+#. * second vertical bar verbatim; translate only the following
+#. * text.  An underscore indicates that the next letter should be
+#. * used as an accelerator.  Double the underscore to have
+#. * pinentry display a literal underscore.
+#: agent/call-pinentry.c:546
 msgid "|pinentry-label|_OK"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:545
+#: agent/call-pinentry.c:547
 msgid "|pinentry-label|_Cancel"
 msgstr "|pinentry-label|取消 (_C)"
 
-#: agent/call-pinentry.c:546
+#: agent/call-pinentry.c:548
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_Yes"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:547
+#: agent/call-pinentry.c:549
 #, fuzzy
 #| msgid "|pinentry-label|_OK"
 msgid "|pinentry-label|_No"
 msgstr "|pinentry-label|_OK"
 
-#: agent/call-pinentry.c:548
+#: agent/call-pinentry.c:550
 msgid "|pinentry-label|PIN:"
 msgstr "|pinentry-label|個人識別碼 (PIN):"
 
-#: agent/call-pinentry.c:549
+#: agent/call-pinentry.c:551
 #, fuzzy
 #| msgid "|pinentry-label|_Cancel"
 msgid "|pinentry-label|_Save in password manager"
 msgstr "|pinentry-label|取消 (_C)"
 
-#: agent/call-pinentry.c:550
+#: agent/call-pinentry.c:552
 #, fuzzy
 #| msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgid "Do you really want to make your passphrase visible on the screen?"
 msgstr "你是否真的想要永久刪除 OpenPGP 私鑰:"
 
-#: agent/call-pinentry.c:552
+#: agent/call-pinentry.c:554
 msgid "|pinentry-tt|Make passphrase visible"
 msgstr ""
 
-#: agent/call-pinentry.c:553
+#: agent/call-pinentry.c:555
 #, fuzzy
 #| msgid "Enter new passphrase"
 msgid "|pinentry-tt|Hide passphrase"
@@ -80,7 +80,7 @@ msgstr "請輸入新密語"
 
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for generating a passphrase.
-#: agent/call-pinentry.c:1007
+#: agent/call-pinentry.c:944
 msgid "Suggest"
 msgstr ""
 
@@ -91,7 +91,7 @@ msgstr ""
 #. translate this entry, a default English text (see source)
 #. will be used.  The strcmp thingy is there to detect a
 #. non-translated string.
-#: agent/call-pinentry.c:1029
+#: agent/call-pinentry.c:966
 #, fuzzy
 #| msgid "pinentry.qualitybar.tooltip"
 msgid "pinentry.genpin.tooltip"
@@ -99,22 +99,9 @@ msgstr ""
 "上列輸入文字的優劣程度.\n"
 "關於此規範的細節, 請洽你的系統管理者."
 
-#: agent/call-pinentry.c:1057
-msgid "Note: The blanks are not part of the passphrase."
-msgstr ""
-
-#. TRANSLATORS: This is a text shown by pinentry as title of a dialog
-#. telling the user that the entered new passphrase does not satisfy
-#. the passphrase constraints.  Please keep it short.
-#: agent/call-pinentry.c:1116
-#, fuzzy
-#| msgid "Passphrase too long"
-msgid "Passphrase Not Allowed"
-msgstr "密語太長"
-
 #. TRANSLATORS: This string is displayed by Pinentry as the label
 #. for the quality bar.
-#: agent/call-pinentry.c:1183
+#: agent/call-pinentry.c:998
 msgid "Quality:"
 msgstr "優劣程度: %s"
 
@@ -124,100 +111,94 @@ msgstr "優劣程度: %s"
 #. tooltip is limited to about 900 characters.  If you do not
 #. translate this entry, a default english text (see source)
 #. will be used.
-#: agent/call-pinentry.c:1204
+#: agent/call-pinentry.c:1019
 msgid "pinentry.qualitybar.tooltip"
 msgstr ""
 "上列輸入文字的優劣程度.\n"
 "關於此規範的細節, 請洽你的系統管理者."
 
-#: agent/call-pinentry.c:1367
+#: agent/call-pinentry.c:1263
 msgid ""
 "Please enter your PIN, so that the secret key can be unlocked for this "
 "session"
 msgstr "請輸入你的個人識別碼 (PIN) 以便在此階段作業中解開私鑰"
 
-#: agent/call-pinentry.c:1370
+#: agent/call-pinentry.c:1266
 msgid ""
 "Please enter your passphrase, so that the secret key can be unlocked for "
 "this session"
 msgstr "請輸入你的密語以便在此階段作業中解開私鑰"
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
 msgid "PIN:"
 msgstr ""
 
-#: agent/call-pinentry.c:1407 agent/call-pinentry.c:1615
-#: agent/protect-tool.c:724
+#: agent/call-pinentry.c:1303 agent/call-pinentry.c:1506
+#: agent/protect-tool.c:728
 msgid "Passphrase:"
 msgstr "密語:"
 
-#: agent/call-pinentry.c:1434 agent/call-pinentry.c:1693 agent/command.c:1676
-#: agent/command.c:1735 agent/command-ssh.c:3151 agent/genkey.c:447
+#: agent/call-pinentry.c:1330 agent/call-pinentry.c:1580 agent/command.c:1799
+#: agent/command.c:1852 agent/command-ssh.c:3046 agent/genkey.c:398
 msgid "does not match - try again"
 msgstr "前後不一致 - 請再試一次"
 
 #. TRANSLATORS: The string is appended to an error message in
 #. the pinentry.  The %s is the actual error message, the
 #. two %d give the current and maximum number of tries.
-#. Do not translate the "SETERROR" keyword.
-#. TRANSLATORS: The string is appended to an error message in
-#. the pinentry.  The %s is the actual error message, the
-#. two %d give the current and maximum number of tries.
-#: agent/call-pinentry.c:1457 agent/call-pinentry.c:1721
+#: agent/call-pinentry.c:1351 agent/call-pinentry.c:1603
 #, c-format
 msgid "SETERROR %s (try %d of %d)"
 msgstr "SETERROR %s (第 %d 次嘗試, 最多 %d 次)"
 
-#: agent/call-pinentry.c:1468 agent/call-pinentry.c:1732
+#: agent/call-pinentry.c:1362 agent/call-pinentry.c:1614
 msgid "Repeat:"
 msgstr "重複:"
 
-#: agent/call-pinentry.c:1480 agent/call-pinentry.c:1492
-#: agent/call-pinentry.c:1744 agent/call-pinentry.c:1756
+#: agent/call-pinentry.c:1372 agent/call-pinentry.c:1384
+#: agent/call-pinentry.c:1624 agent/call-pinentry.c:1636
 msgid "PIN too long"
 msgstr "個人識別碼 (PIN) 太長"
 
-#: agent/call-pinentry.c:1481 agent/call-pinentry.c:1745
+#: agent/call-pinentry.c:1373 agent/call-pinentry.c:1625
 msgid "Passphrase too long"
 msgstr "密語太長"
 
-#: agent/call-pinentry.c:1489 agent/call-pinentry.c:1753
+#: agent/call-pinentry.c:1381 agent/call-pinentry.c:1633
 msgid "Invalid characters in PIN"
 msgstr "個人識別碼 (PIN) 含有無效的字符"
 
-#: agent/call-pinentry.c:1494 agent/call-pinentry.c:1758
+#: agent/call-pinentry.c:1386 agent/call-pinentry.c:1638
 msgid "PIN too short"
 msgstr "個人識別碼 (PIN) 太短"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad PIN"
 msgstr "不良的個人識別碼 (PIN)"
 
-#: agent/call-pinentry.c:1513 agent/call-pinentry.c:1776
+#: agent/call-pinentry.c:1405 agent/call-pinentry.c:1656
 msgid "Bad Passphrase"
 msgstr "不良的密語"
 
-#: agent/command.c:654
+#: agent/command.c:697
 msgid "Note: Request from the web browser."
 msgstr ""
 
-#: agent/command.c:655
+#: agent/command.c:698
 msgid "Note: Request from a remote site."
 msgstr ""
 
-#: agent/command.c:1014 agent/command-ssh.c:2391 agent/command-ssh.c:2437
-#: agent/command-ssh.c:2455 agent/command-ssh.c:2612 g10/card-util.c:697
-#: g10/card-util.c:718 g10/skclist.c:435
+#: agent/command.c:1106 g10/card-util.c:708 g10/card-util.c:729
 #, c-format
 msgid "error getting serial number of card: %s\n"
 msgstr "取得此卡片序號時出錯: %s\n"
 
-#: agent/command.c:1503 agent/command.c:1668 agent/command-ssh.c:3079
-#: agent/genkey.c:382
+#: agent/command.c:1634 agent/command.c:1791 agent/command-ssh.c:2974
+#: agent/genkey.c:333
 msgid "Please re-enter this passphrase"
 msgstr "請再次輸入密語"
 
-#: agent/command.c:2423
+#: agent/command.c:2567
 #, fuzzy, c-format
 #| msgid ""
 #| "Please enter the passphrase to protect the imported object within the "
@@ -227,62 +208,52 @@ msgid ""
 "system."
 msgstr "請輸入密語以保護匯入至 GnuPG 系統內的物件."
 
-#: agent/command.c:2553
+#: agent/command.c:2697
 msgid ""
 "This key (or subkey) is not protected with a passphrase.  Please enter a new "
 "passphrase to export it."
 msgstr ""
 
-#: agent/command-ssh.c:665 agent/command-ssh.c:754
+#: agent/command-ssh.c:675 agent/command-ssh.c:764
 #, c-format
 msgid "ssh keys greater than %d bits are not supported\n"
 msgstr "未支援大於 %d 位元的 ssh 金鑰\n"
 
-#: agent/command-ssh.c:862 common/dotlock.c:856 g10/card-util.c:947
-#: g10/exec.c:554 g10/export.c:1320 g10/gpg.c:1400 g10/keygen.c:4998
-#: g10/keyring.c:1322 g10/keyring.c:1637 g10/openfile.c:291 g10/sign.c:1008
-#: g10/sign.c:1322 g10/tdbio.c:753
+#: agent/command-ssh.c:872 common/dotlock.c:852 g10/card-util.c:953
+#: g10/export.c:1329 g10/gpg.c:1430 g10/keygen.c:5327 g10/keyring.c:1319
+#: g10/keyring.c:1632 g10/openfile.c:293 g10/photoid.c:531 g10/photoid.c:549
+#: g10/sign.c:1106 g10/sign.c:1443 g10/tdbio.c:753 tools/gpg-card.c:478
 #, c-format
 msgid "can't create '%s': %s\n"
 msgstr "無法建立 '%s': %s\n"
 
-#: agent/command-ssh.c:874 common/helpfile.c:57 g10/card-util.c:904
+#: agent/command-ssh.c:884 common/helpfile.c:57 g10/card-util.c:910
 #: g10/dearmor.c:59 g10/dearmor.c:106 g10/decrypt.c:65 g10/decrypt.c:136
-#: g10/decrypt.c:153 g10/encrypt.c:239 g10/encrypt.c:673 g10/gpg.c:1401
-#: g10/import.c:364 g10/import.c:548 g10/import.c:776 g10/keygen.c:4036
-#: g10/keyring.c:1663 g10/openfile.c:195 g10/openfile.c:209 g10/plaintext.c:128
-#: g10/plaintext.c:649 g10/sign.c:990 g10/sign.c:1201 g10/sign.c:1306
-#: g10/sign.c:1451 g10/tdbdump.c:145 g10/tdbdump.c:153 g10/tdbio.c:758
-#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2160
-#: sm/gpgsm.c:2190 sm/gpgsm.c:2228 sm/qualified.c:66 dirmngr/certcache.c:420
-#: dirmngr/certcache.c:502 dirmngr/certcache.c:504 dirmngr/crlcache.c:2588
-#: dirmngr/dirmngr.c:1812
+#: g10/decrypt.c:153 g10/encrypt.c:308 g10/encrypt.c:721 g10/gpg.c:1431
+#: g10/import.c:359 g10/import.c:546 g10/import.c:781 g10/keygen.c:4302
+#: g10/keyring.c:1658 g10/openfile.c:197 g10/openfile.c:211 g10/plaintext.c:128
+#: g10/plaintext.c:610 g10/sign.c:1086 g10/sign.c:1311 g10/sign.c:1424
+#: g10/sign.c:1596 g10/tdbdump.c:143 g10/tdbdump.c:151 g10/tdbio.c:758
+#: g10/tdbio.c:829 g10/verify.c:96 g10/verify.c:160 sm/gpgsm.c:2338
+#: sm/gpgsm.c:2368 sm/gpgsm.c:2406 sm/qualified.c:65 dirmngr/certcache.c:396
+#: dirmngr/certcache.c:476 dirmngr/certcache.c:478 dirmngr/crlcache.c:2588
+#: dirmngr/dirmngr.c:1711 tools/gpg-card.c:407
 #, c-format
 msgid "can't open '%s': %s\n"
 msgstr "無法開啟 '%s': %s\n"
 
-#: agent/command-ssh.c:2441
-#, c-format
-msgid "detected card with S/N: %s\n"
-msgstr "偵測到卡片, 其序號為: %s\n"
-
-#: agent/command-ssh.c:2446
-#, c-format
-msgid "no authentication key for ssh on card: %s\n"
-msgstr "卡片上沒有 ssh 用的認證金鑰: %s\n"
-
-#: agent/command-ssh.c:2466
+#: agent/command-ssh.c:2386
 #, c-format
 msgid "no suitable card key found: %s\n"
 msgstr "找不到合適的卡片金鑰: %s\n"
 
-#: agent/command-ssh.c:2598
+#: agent/command-ssh.c:2503
 #, fuzzy, c-format
 #| msgid "error getting stored flags: %s\n"
 msgid "error getting list of cards: %s\n"
 msgstr "取得已存放的旗標時出錯: %s\n"
 
-#: agent/command-ssh.c:2786
+#: agent/command-ssh.c:2678
 #, c-format
 msgid ""
 "An ssh process requested the use of key%%0A  %s%%0A  (%s)%%0ADo you want to "
@@ -290,20 +261,20 @@ msgid ""
 msgstr ""
 "有某個 ssh 程序提出使用金鑰 %%0A  %s%%0A  (%s)%%0A 之請求, 請問是否允許?"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Allow"
 msgstr "允許"
 
-#: agent/command-ssh.c:2793
+#: agent/command-ssh.c:2685
 msgid "Deny"
 msgstr "拒絕"
 
-#: agent/command-ssh.c:2802
+#: agent/command-ssh.c:2694
 #, c-format
 msgid "Please enter the passphrase for the ssh key%%0A  %F%%0A  (%c)"
 msgstr "請輸入此 ssh 金鑰的密語 %%0A  %F%%0A  (%c)"
 
-#: agent/command-ssh.c:3106
+#: agent/command-ssh.c:3001
 #, c-format
 msgid ""
 "Please enter a passphrase to protect the received secret key%%0A   %s%%0A   "
@@ -311,93 +282,89 @@ msgid ""
 msgstr ""
 "請輸入密語以保護收到的私鑰 %%0A   %s%%0A   %s%%0A 於 gpg-agent 的金鑰存放處"
 
-#: agent/command-ssh.c:3689
+#: agent/command-ssh.c:3682
 #, c-format
 msgid "failed to create stream from socket: %s\n"
 msgstr "從 socket 建立串流失敗: %s\n"
 
-#: agent/divert-scd.c:205
+#: agent/divert-scd.c:118
 msgid "Please insert the card with serial number"
 msgstr "請插入下列序號的卡片:"
 
-#: agent/divert-scd.c:206
-msgid "Please remove the current card and insert the one with serial number"
-msgstr "請移除現用中的卡片並插入下列序號的卡片:"
-
-#: agent/divert-scd.c:335
+#: agent/divert-scd.c:243
 msgid "Admin PIN"
 msgstr "管理者個人識別碼 (PIN)"
 
 #. TRANSLATORS: A PUK is the Personal Unblocking Code
 #. used to unblock a PIN.
-#: agent/divert-scd.c:340
+#: agent/divert-scd.c:248
 msgid "PUK"
 msgstr "PIN 重設碼 (PUK)"
 
-#: agent/divert-scd.c:347
+#: agent/divert-scd.c:255
 msgid "Reset Code"
 msgstr "重設碼"
 
-#: agent/divert-scd.c:375
+#: agent/divert-scd.c:283
 msgid "Push ACK button on card/token."
 msgstr ""
 
-#: agent/divert-scd.c:397 agent/divert-scd.c:401
+#: agent/divert-scd.c:305 agent/divert-scd.c:309
 #, fuzzy
 #| msgid "%s%%0A%%0AUse the reader's pinpad for input."
 msgid "Use the reader's pinpad for input."
 msgstr "%s%%0A%%0A使用讀卡機的鍵盤來輸入."
 
-#: agent/divert-scd.c:467
+#: agent/divert-scd.c:375
 msgid "Repeat this Reset Code"
 msgstr "請再次輸入重設碼"
 
-#: agent/divert-scd.c:469
+#: agent/divert-scd.c:377
 msgid "Repeat this PUK"
 msgstr "請再次輸入 PUK"
 
-#: agent/divert-scd.c:470
+#: agent/divert-scd.c:378
 msgid "Repeat this PIN"
 msgstr "請再次輸入個人識別碼 (PIN)"
 
-#: agent/divert-scd.c:475
+#: agent/divert-scd.c:383
 msgid "Reset Code not correctly repeated; try again"
 msgstr "前後兩次輸入的重設碼不一致; 請再試一次"
 
-#: agent/divert-scd.c:477
+#: agent/divert-scd.c:385
 msgid "PUK not correctly repeated; try again"
 msgstr "前後兩次輸入的 PUK 不一致; 請再試一次"
 
-#: agent/divert-scd.c:478
+#: agent/divert-scd.c:386
 msgid "PIN not correctly repeated; try again"
 msgstr "前後兩次輸入的個人識別碼 (PIN) 不一致; 請再試一次"
 
-#: agent/divert-scd.c:491
+#: agent/divert-scd.c:399
 #, c-format
 msgid "Please enter the PIN%s%s%s to unlock the card"
 msgstr "請輸入個人識別碼 (PIN)%s%s%s 以解開卡片"
 
-#: agent/genkey.c:157
-#, fuzzy, c-format
-#| msgid "error writing to %s: %s\n"
-msgid "error writing to pipe: %s\n"
-msgstr "寫入 %s 時出錯: %s\n"
+#: agent/genkey.c:109 sm/certreqgen-ui.c:433
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "建立暫存檔時出錯: %s\n"
+
+#: agent/genkey.c:116
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "寫入暫存檔時出錯: %s\n"
 
-#: agent/genkey.c:182 agent/genkey.c:188
+#: agent/genkey.c:154
 msgid "Enter new passphrase"
 msgstr "請輸入新密語"
 
-#: agent/genkey.c:196
-msgid "Take this one anyway"
-msgstr "無論如何還是要用這個"
-
-#: agent/genkey.c:232
+#: agent/genkey.c:184
 #, c-format
 msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr "你還沒有輸入密語!%0A空密語是不行的."
 
-#: agent/genkey.c:234
+#: agent/genkey.c:186
 #, c-format
 msgid ""
 "You have not entered a passphrase - this is in general a bad idea!%0APlease "
@@ -406,255 +373,266 @@ msgstr ""
 "你還沒有輸入密語 - 通常這可不是個好主意!%0A請確認你不想要對你的金鑰做任何保"
 "è­·."
 
-#: agent/genkey.c:246
+#: agent/genkey.c:198
 msgid "Yes, protection is not needed"
 msgstr "是, 不需要任何保護"
 
-#: agent/genkey.c:263
+#: agent/genkey.c:215
 #, c-format
 msgid "A passphrase should be at least %u character long."
 msgid_plural "A passphrase should be at least %u characters long."
 msgstr[0] "密語至少要有 %u 個字符長."
 
-#: agent/genkey.c:282
+#: agent/genkey.c:234
 #, c-format
 msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
 msgid_plural ""
 "A passphrase should contain at least %u digits or%%0Aspecial characters."
 msgstr[0] "密語至少得要含有 %u 個數字或%%0A特別字符."
 
-#: agent/genkey.c:309
+#: agent/genkey.c:260
 #, fuzzy, c-format
 #| msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgid "A passphrase may not be a known term or match%%0Acertain pattern."
 msgstr "密語不得含有已知的詞彙, 亦不得與%%0A確知的模式吻合."
 
-#: agent/genkey.c:324
+#: agent/genkey.c:275
 msgid "Warning: You have entered an insecure passphrase."
 msgstr "警告: 你輸入了不安全的密語."
 
-#: agent/genkey.c:513
+#: agent/genkey.c:296
+msgid "Take this one anyway"
+msgstr "無論如何還是要用這個"
+
+#: agent/genkey.c:464
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "請輸入密語至%0A以保護你的新金鑰"
 
-#: agent/genkey.c:639
+#: agent/genkey.c:590
 msgid "Please enter the new passphrase"
 msgstr "請輸入新的密語"
 
-#: agent/gpg-agent.c:167 scd/scdaemon.c:116 dirmngr/dirmngr.c:185
+#: agent/gpg-agent.c:161 scd/scdaemon.c:114 dirmngr/dirmngr.c:181
 #, fuzzy
 #| msgid "Options useful for debugging"
 msgid "Options used for startup"
 msgstr "對除錯有幫助的選項"
 
-#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:174
+#: agent/gpg-agent.c:163 scd/scdaemon.c:119 dirmngr/dirmngr.c:170
 msgid "run in daemon mode (background)"
 msgstr "以服務模式執行 (背景)"
 
-#: agent/gpg-agent.c:170 scd/scdaemon.c:118 dirmngr/dirmngr.c:173
+#: agent/gpg-agent.c:164 scd/scdaemon.c:116 dirmngr/dirmngr.c:169
 msgid "run in server mode (foreground)"
 msgstr "以伺服器模式執行 (前景)"
 
-#: agent/gpg-agent.c:172 dirmngr/dirmngr.c:176
+#: agent/gpg-agent.c:166 dirmngr/dirmngr.c:172
 #, fuzzy
 #| msgid "run in server mode"
 msgid "run in supervised mode"
 msgstr "以伺服器模式執行"
 
-#: agent/gpg-agent.c:174 scd/scdaemon.c:122 dirmngr/dirmngr.c:187
+#: agent/gpg-agent.c:168 scd/scdaemon.c:120 dirmngr/dirmngr.c:183
 msgid "do not detach from the console"
 msgstr "不要從 console 分離"
 
-#: agent/gpg-agent.c:175 scd/scdaemon.c:123 dirmngr/dirmngr.c:188
+#: agent/gpg-agent.c:169 scd/scdaemon.c:121 dirmngr/dirmngr.c:184
 msgid "sh-style command output"
 msgstr "sh 樣式的指令輸出"
 
-#: agent/gpg-agent.c:176 scd/scdaemon.c:124 dirmngr/dirmngr.c:189
+#: agent/gpg-agent.c:170 scd/scdaemon.c:122 dirmngr/dirmngr.c:185
 msgid "csh-style command output"
 msgstr "csh 樣式的指令輸出"
 
-#: agent/gpg-agent.c:185 g10/gpg.c:579 scd/scdaemon.c:126 sm/gpgsm.c:410
-#: dirmngr/dirmngr.c:192
+#: agent/gpg-agent.c:178 g10/gpg.c:588 scd/scdaemon.c:124 sm/gpgsm.c:419
+#: dirmngr/dirmngr.c:187
 msgid "|FILE|read options from FILE"
 msgstr "|檔案|從指定檔案中讀取選項"
 
-#: agent/gpg-agent.c:189 g10/gpg.c:566 scd/scdaemon.c:130 sm/gpgsm.c:259
-#: dirmngr/dirmngr.c:196
+#: agent/gpg-agent.c:182 g10/gpg.c:573 scd/scdaemon.c:128 sm/gpgsm.c:262
+#: dirmngr/dirmngr.c:191
 msgid "Options controlling the diagnostic output"
 msgstr "控制著診斷性輸出的選項"
 
-#: agent/gpg-agent.c:191 g10/gpg.c:568 g10/gpgv.c:78 kbx/kbxutil.c:88
-#: scd/scdaemon.c:132 sm/gpgsm.c:261 dirmngr/dirmngr-client.c:70
-#: dirmngr/dirmngr.c:198 tools/gpg-connect-agent.c:78 tools/gpgconf.c:110
+#: agent/gpg-agent.c:184 g10/gpg.c:575 g10/gpgv.c:78 kbx/kbxutil.c:89
+#: scd/scdaemon.c:130 sm/gpgsm.c:264 dirmngr/dirmngr-client.c:69
+#: dirmngr/dirmngr.c:193 dirmngr/dirmngr_ldap.c:102
+#: tools/gpg-connect-agent.c:85 tools/gpgconf.c:111
 msgid "verbose"
 msgstr "囉唆模式"
 
-#: agent/gpg-agent.c:192 g10/gpg.c:570 g10/gpgv.c:79 kbx/kbxutil.c:89
-#: scd/scdaemon.c:133 sm/gpgsm.c:263 dirmngr/dirmngr-client.c:71
-#: dirmngr/dirmngr.c:199
+#: agent/gpg-agent.c:185 g10/gpg.c:577 g10/gpgv.c:79 kbx/kbxutil.c:90
+#: scd/scdaemon.c:131 sm/gpgsm.c:266 dirmngr/dirmngr-client.c:70
+#: dirmngr/dirmngr.c:194 dirmngr/dirmngr_ldap.c:103
 msgid "be somewhat more quiet"
 msgstr "盡量安靜些"
 
-#: agent/gpg-agent.c:200 g10/gpg.c:583 sm/gpgsm.c:276 dirmngr/dirmngr.c:209
+#: agent/gpg-agent.c:193 g10/gpg.c:592 sm/gpgsm.c:280 dirmngr/dirmngr.c:204
 msgid "|FILE|write server mode logs to FILE"
 msgstr "|檔案|將伺服器模式日誌寫入至指定檔案"
 
-#: agent/gpg-agent.c:204 g10/gpg.c:589 scd/scdaemon.c:147 sm/gpgsm.c:283
-#: dirmngr/dirmngr.c:213
+#: agent/gpg-agent.c:197 g10/gpg.c:598 scd/scdaemon.c:145 sm/gpgsm.c:287
+#: dirmngr/dirmngr.c:208
 msgid "Options controlling the configuration"
 msgstr "控制著組態的選項"
 
-#: agent/gpg-agent.c:207
+#: agent/gpg-agent.c:200
 msgid "do not use the SCdaemon"
 msgstr "不要使用 SCdaemon"
 
-#: agent/gpg-agent.c:209
+#: agent/gpg-agent.c:202
 msgid "|PGM|use PGM as the SCdaemon program"
 msgstr "|PGM|使用 PGM 做為 SCdaemon 程式"
 
-#: agent/gpg-agent.c:213
+#: agent/gpg-agent.c:204
+#, fuzzy
+#| msgid "|PGM|use PGM as the SCdaemon program"
+msgid "|PGM|use PGM as the tpm2daemon program"
+msgstr "|PGM|使用 PGM 做為 SCdaemon 程式"
+
+#: agent/gpg-agent.c:208
 #, fuzzy
 #| msgid "|NAME|connect to host NAME"
 msgid "|NAME|accept some commands via NAME"
 msgstr "|名稱|連線至位於指定名稱的主機"
 
-#: agent/gpg-agent.c:217
+#: agent/gpg-agent.c:212
 msgid "ignore requests to change the TTY"
 msgstr "忽略變更 TTY 的要求"
 
-#: agent/gpg-agent.c:219
+#: agent/gpg-agent.c:214
 msgid "ignore requests to change the X display"
 msgstr "忽略變更 X display 的要求"
 
-#: agent/gpg-agent.c:220
+#: agent/gpg-agent.c:215
 msgid "enable ssh support"
 msgstr "啟用 ssh 支援"
 
-#: agent/gpg-agent.c:222
+#: agent/gpg-agent.c:217
 msgid "|ALGO|use ALGO to show ssh fingerprints"
 msgstr ""
 
-#: agent/gpg-agent.c:225
+#: agent/gpg-agent.c:220
 msgid "enable putty support"
 msgstr "啟用 putty 支援"
 
-#: agent/gpg-agent.c:237 g10/gpg.c:831 scd/scdaemon.c:175 sm/gpgsm.c:369
+#: agent/gpg-agent.c:232 g10/gpg.c:843 scd/scdaemon.c:175 sm/gpgsm.c:379
 msgid "Options controlling the security"
 msgstr "控制著安全性的選項"
 
-#: agent/gpg-agent.c:240
+#: agent/gpg-agent.c:235
 msgid "|N|expire cached PINs after N seconds"
 msgstr "|N|讓快取住的個人識別碼 (PIN) 在 N 秒後到期"
 
-#: agent/gpg-agent.c:242
+#: agent/gpg-agent.c:237
 msgid "|N|expire SSH keys after N seconds"
 msgstr "|N|在 N 秒之後讓 SSH 金鑰過期"
 
-#: agent/gpg-agent.c:244
+#: agent/gpg-agent.c:239
 msgid "|N|set maximum PIN cache lifetime to N seconds"
 msgstr "|N|把個人識別碼 (PIN) 快取最大生存時間設成 N 秒"
 
-#: agent/gpg-agent.c:246
+#: agent/gpg-agent.c:241
 msgid "|N|set maximum SSH key lifetime to N seconds"
 msgstr "|N|把 SSH 金鑰最大生存時間設成 N 秒"
 
-#: agent/gpg-agent.c:248
+#: agent/gpg-agent.c:243
 msgid "do not use the PIN cache when signing"
 msgstr "簽署時不要使用個人識別碼 (PIN) 快取"
 
-#: agent/gpg-agent.c:250
+#: agent/gpg-agent.c:245
 #, fuzzy
 #| msgid "do not allow the reuse of old passphrases"
 msgid "disallow the use of an external password cache"
 msgstr "不允許重複使用舊密語"
 
-#: agent/gpg-agent.c:252
+#: agent/gpg-agent.c:247
 msgid "disallow clients to mark keys as \"trusted\""
 msgstr "不允許用戶端將金鑰標記為 \"已信任\""
 
-#: agent/gpg-agent.c:257
+#: agent/gpg-agent.c:250
 msgid "allow presetting passphrase"
 msgstr "允許預先設定密語"
 
-#: agent/gpg-agent.c:262
+#: agent/gpg-agent.c:255
 msgid "Options enforcing a passphrase policy"
 msgstr "強制執行密語原則的選項"
 
-#: agent/gpg-agent.c:265
+#: agent/gpg-agent.c:258
 msgid "do not allow bypassing the passphrase policy"
 msgstr "不允許略過密語原則"
 
-#: agent/gpg-agent.c:267
+#: agent/gpg-agent.c:260
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|把新密語所需的最短長度設成 N"
 
-#: agent/gpg-agent.c:269
+#: agent/gpg-agent.c:262
 msgid "|N|require at least N non-alpha characters for a new passphrase"
 msgstr "|N|新密語至少要有 N 個非字母的字符"
 
-#: agent/gpg-agent.c:272
+#: agent/gpg-agent.c:265
 msgid "|FILE|check new passphrases against pattern in FILE"
 msgstr "|檔案|用指定檔案中的樣式來檢查新密語"
 
-#: agent/gpg-agent.c:276
+#: agent/gpg-agent.c:267
 msgid "|N|expire the passphrase after N days"
 msgstr "|N|在 N 天之後讓密語過期"
 
-#: agent/gpg-agent.c:278
+#: agent/gpg-agent.c:269
 msgid "do not allow the reuse of old passphrases"
 msgstr "不允許重複使用舊密語"
 
-#: agent/gpg-agent.c:281
+#: agent/gpg-agent.c:272
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the PIN-Entry"
 msgstr "控制著安全性的選項"
 
-#: agent/gpg-agent.c:283
+#: agent/gpg-agent.c:274
 msgid "never use the PIN-entry"
 msgstr ""
 
-#: agent/gpg-agent.c:285
+#: agent/gpg-agent.c:276
 msgid "disallow caller to override the pinentry"
 msgstr ""
 
-#: agent/gpg-agent.c:287
+#: agent/gpg-agent.c:278
 #, fuzzy
 #| msgid "do not grab keyboard and mouse"
 msgid "let PIN-Entry grab keyboard and mouse"
 msgstr "不要奪取鍵盤及滑鼠"
 
-#: agent/gpg-agent.c:290
+#: agent/gpg-agent.c:281
 msgid "|PGM|use PGM as the PIN-Entry program"
 msgstr "|PGM|使用 PGM 做為 PIN-Entry 程式"
 
-#: agent/gpg-agent.c:294
+#: agent/gpg-agent.c:285
 #, fuzzy
 #| msgid "|N|set LDAP timeout to N seconds"
 msgid "|N|set the Pinentry timeout to N seconds"
 msgstr "|N|把 LDAP 逾時設成 N 秒"
 
-#: agent/gpg-agent.c:298
+#: agent/gpg-agent.c:287
 msgid "allow passphrase to be prompted through Emacs"
 msgstr ""
 
 #. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
 #. reporting address.  This is so that we can change the
 #. reporting address without breaking the translations.
-#: agent/gpg-agent.c:563 agent/preset-passphrase.c:100 agent/protect-tool.c:155
-#: g10/gpg.c:1108 g10/gpgv.c:149 kbx/kbxutil.c:113 scd/scdaemon.c:313
-#: sm/gpgsm.c:600 dirmngr/dirmngr-client.c:168 dirmngr/dirmngr.c:458
-#: tools/gpg-connect-agent.c:205 tools/gpgconf.c:154
+#: agent/gpg-agent.c:550 agent/preset-passphrase.c:99 agent/protect-tool.c:154
+#: g10/gpg.c:1131 g10/gpgv.c:149 kbx/kbxutil.c:118 scd/scdaemon.c:311
+#: sm/gpgsm.c:609 dirmngr/dirmngr-client.c:167 dirmngr/dirmngr.c:437
+#: dirmngr/dirmngr_ldap.c:175 tools/gpg-connect-agent.c:220 tools/gpgconf.c:151
 #: tools/gpg-check-pattern.c:143
 msgid "Please report bugs to <@EMAIL@>.\n"
 msgstr "翻譯瑕疵請回報給 <Jedi@Jedi.org>, 程式瑕疵則請回報給 <@EMAIL@>.\n"
 
-#: agent/gpg-agent.c:572
+#: agent/gpg-agent.c:559
 msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
 msgstr "用法: @GPG_AGENT@ [選項] (或用 -h 求助)"
 
-#: agent/gpg-agent.c:574
+#: agent/gpg-agent.c:561
 msgid ""
 "Syntax: @GPG_AGENT@ [options] [command [args]]\n"
 "Secret key management for @GNUPG@\n"
@@ -662,137 +640,132 @@ msgstr ""
 "語法: @GPG_AGENT@ [選項] [指令 [引數]]\n"
 "@GNUPG@ 私鑰管理\n"
 
-#: agent/gpg-agent.c:619 g10/gpg.c:1304 scd/scdaemon.c:385 sm/gpgsm.c:748
-#: dirmngr/dirmngr.c:542
+#: agent/gpg-agent.c:606 g10/gpg.c:1336 scd/scdaemon.c:383 sm/gpgsm.c:757
+#: dirmngr/dirmngr.c:521
 #, c-format
 msgid "invalid debug-level '%s' given\n"
 msgstr "給定的除錯等級 '%s' 無效\n"
 
-#: agent/gpg-agent.c:988 g10/gpg.c:3810 g10/gpg.c:3834 sm/gpgsm.c:1585
-#: sm/gpgsm.c:1591
+#: agent/gpg-agent.c:971 g10/gpg.c:3879 g10/gpg.c:3903 sm/gpgsm.c:1736
+#: sm/gpgsm.c:1742
 #, c-format
 msgid "selected digest algorithm is invalid\n"
 msgstr "所選的摘要演算法無效\n"
 
-#: agent/gpg-agent.c:1216 agent/gpg-agent.c:2029 common/argparse.c:1766
-#: common/argparse.c:1858 g10/gpg.c:2517 scd/scdaemon.c:547 sm/gpgsm.c:1007
-#: dirmngr/dirmngr.c:1081 dirmngr/dirmngr.c:1937
+#: agent/gpg-agent.c:1195 agent/gpg-agent.c:2010 g10/gpg.c:2588
+#: scd/scdaemon.c:548 sm/gpgsm.c:1151 dirmngr/dirmngr.c:988
+#: dirmngr/dirmngr.c:1830
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "從 '%s' 讀取選項中\n"
 
-#: agent/gpg-agent.c:1332 g10/gpg.c:3751 scd/scdaemon.c:671 sm/gpgsm.c:1522
-#: dirmngr/dirmngr.c:1190 tools/gpg-connect-agent.c:1244 tools/gpgconf.c:677
+#: agent/gpg-agent.c:1327 g10/gpg.c:3830 scd/scdaemon.c:675 sm/gpgsm.c:1676
+#: dirmngr/dirmngr.c:1099 tools/gpg-connect-agent.c:1270 tools/gpgconf.c:634
 #, c-format
 msgid "Note: '%s' is not considered an option\n"
 msgstr "請注意: '%s' 並不當成選項\n"
 
-#: agent/gpg-agent.c:2165 scd/scdaemon.c:1112 dirmngr/dirmngr.c:1344
+#: agent/gpg-agent.c:2146 scd/scdaemon.c:1096 dirmngr/dirmngr.c:1258
 #, c-format
 msgid "can't create socket: %s\n"
 msgstr "無法建立 socket: %s\n"
 
-#: agent/gpg-agent.c:2182 scd/scdaemon.c:1125 dirmngr/dirmngr.c:1357
+#: agent/gpg-agent.c:2163 scd/scdaemon.c:1109 dirmngr/dirmngr.c:1271
 #, c-format
 msgid "socket name '%s' is too long\n"
 msgstr "socket 名稱 '%s' 太長\n"
 
-#: agent/gpg-agent.c:2220
-#, c-format
-msgid "trying to steal socket from running %s\n"
-msgstr ""
-
-#: agent/gpg-agent.c:2226
+#: agent/gpg-agent.c:2202
 #, c-format
 msgid "a gpg-agent is already running - not starting a new one\n"
 msgstr "已經有一份 gpg-agent 在執行了 - 不會再啟動一份新的\n"
 
-#: agent/gpg-agent.c:2238 scd/scdaemon.c:1149 dirmngr/dirmngr.c:1393
+#: agent/gpg-agent.c:2213 scd/scdaemon.c:1133 dirmngr/dirmngr.c:1303
 #, c-format
 msgid "error getting nonce for the socket\n"
 msgstr "為 socket 取得 nonce 時出錯\n"
 
-#: agent/gpg-agent.c:2243 scd/scdaemon.c:1152 dirmngr/dirmngr.c:1396
+#: agent/gpg-agent.c:2218 scd/scdaemon.c:1136 dirmngr/dirmngr.c:1306
 #, c-format
 msgid "error binding socket to '%s': %s\n"
 msgstr "綁定 socket 至 '%s' 時出錯: %s\n"
 
-#: agent/gpg-agent.c:2254 agent/gpg-agent.c:2294 agent/gpg-agent.c:2303
-#: scd/scdaemon.c:1160 dirmngr/dirmngr.c:1405
+#: agent/gpg-agent.c:2229 agent/gpg-agent.c:2269 agent/gpg-agent.c:2278
+#: scd/scdaemon.c:1144 dirmngr/dirmngr.c:1315
 #, fuzzy, c-format
 #| msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "警告: %s 的權限 \"%s\" 並不安全\n"
 
-#: agent/gpg-agent.c:2268 scd/scdaemon.c:1172 dirmngr/dirmngr.c:1417
+#: agent/gpg-agent.c:2243 scd/scdaemon.c:1156 dirmngr/dirmngr.c:1327
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "正在候聽 socket '%s'\n"
 
-#: agent/gpg-agent.c:2288 agent/gpg-agent.c:2341 common/homedir.c:741
-#: g10/exec.c:269 g10/openfile.c:397
+#: agent/gpg-agent.c:2263 agent/gpg-agent.c:2316 common/homedir.c:517
+#: g10/openfile.c:399 g10/photoid.c:379
 #, c-format
 msgid "can't create directory '%s': %s\n"
 msgstr "無法建立目錄 '%s': %s\n"
 
-#: agent/gpg-agent.c:2291 agent/gpg-agent.c:2346 common/homedir.c:744
-#: g10/openfile.c:400
+#: agent/gpg-agent.c:2266 agent/gpg-agent.c:2321 common/homedir.c:520
+#: g10/openfile.c:402
 #, c-format
 msgid "directory '%s' created\n"
 msgstr "目錄 '%s' 已建立\n"
 
-#: agent/gpg-agent.c:2352
+#: agent/gpg-agent.c:2327
 #, c-format
 msgid "stat() failed for '%s': %s\n"
 msgstr "'%s' 的 stat() 失敗: %s\n"
 
-#: agent/gpg-agent.c:2356
+#: agent/gpg-agent.c:2331
 #, c-format
 msgid "can't use '%s' as home directory\n"
 msgstr "無法使用 '%s' 做為家目錄\n"
 
-#: agent/gpg-agent.c:2514 scd/scdaemon.c:1188 dirmngr/dirmngr.c:2143
+#: agent/gpg-agent.c:2486 scd/scdaemon.c:1172 dirmngr/dirmngr.c:2042
 #, c-format
 msgid "error reading nonce on fd %d: %s\n"
 msgstr "於 fd %d 讀取 nonce 時出錯: %s\n"
 
-#: agent/gpg-agent.c:2721
+#: agent/gpg-agent.c:2693
 #, c-format
 msgid "handler 0x%lx for fd %d started\n"
 msgstr "經手程式 0x%lx (用於 fd %d) 已啟動\n"
 
-#: agent/gpg-agent.c:2726
+#: agent/gpg-agent.c:2698
 #, c-format
 msgid "handler 0x%lx for fd %d terminated\n"
 msgstr "經手程式 0x%lx (用於 fd %d) 已終止\n"
 
-#: agent/gpg-agent.c:2801
+#: agent/gpg-agent.c:2773
 #, c-format
 msgid "ssh handler 0x%lx for fd %d started\n"
 msgstr "ssh 經手程式 0x%lx (用於 fd %d) 已啟動\n"
 
-#: agent/gpg-agent.c:2806
+#: agent/gpg-agent.c:2778
 #, c-format
 msgid "ssh handler 0x%lx for fd %d terminated\n"
 msgstr "ssh 經手程式 0x%lx (用於 fd %d) 已終止\n"
 
-#: agent/gpg-agent.c:3028 scd/scdaemon.c:1380 dirmngr/dirmngr.c:2357
+#: agent/gpg-agent.c:3000 scd/scdaemon.c:1362 dirmngr/dirmngr.c:2256
 #, c-format
 msgid "npth_pselect failed: %s - waiting 1s\n"
 msgstr "npth_select 失敗: %s - 等 1 秒鐘\n"
 
-#: agent/gpg-agent.c:3116 scd/scdaemon.c:1445
+#: agent/gpg-agent.c:3088 scd/scdaemon.c:1427
 #, c-format
 msgid "%s %s stopped\n"
 msgstr "%s %s 已停止\n"
 
-#: agent/gpg-agent.c:3254 common/simple-pwquery.c:247 g10/call-agent.c:260
-#: sm/call-agent.c:156 tools/gpg-connect-agent.c:2254
+#: agent/gpg-agent.c:3226 common/simple-pwquery.c:247 g10/call-agent.c:260
+#: sm/call-agent.c:131 tools/gpg-connect-agent.c:2319 tools/card-call-scd.c:311
 #, c-format
 msgid "no gpg-agent running in this session\n"
 msgstr "在此階段中沒有執行中的 gpg-agent\n"
 
-#: agent/preset-passphrase.c:75 tools/gpg-check-pattern.c:66
+#: agent/preset-passphrase.c:74 tools/gpg-check-pattern.c:70
 msgid ""
 "@Options:\n"
 " "
@@ -800,11 +773,11 @@ msgstr ""
 "@選項:\n"
 " "
 
-#: agent/preset-passphrase.c:104
+#: agent/preset-passphrase.c:103
 msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
 msgstr "用法: gpg-preset-passphrase [選項] 金鑰鑰柄 (或用 -h 求助)\n"
 
-#: agent/preset-passphrase.c:107
+#: agent/preset-passphrase.c:106
 msgid ""
 "Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
 "Password cache maintenance\n"
@@ -812,8 +785,8 @@ msgstr ""
 "語法: gpg-preset-passphrase [選項] 金鑰鑰柄\n"
 "密碼快取維護\n"
 
-#: agent/protect-tool.c:108 g10/gpg.c:441 kbx/kbxutil.c:71 sm/gpgsm.c:210
-#: dirmngr/dirmngr.c:171 tools/gpgconf.c:80
+#: agent/protect-tool.c:107 g10/gpg.c:447 kbx/kbxutil.c:72 sm/gpgsm.c:213
+#: dirmngr/dirmngr.c:167 tools/gpgconf.c:81
 msgid ""
 "@Commands:\n"
 " "
@@ -821,8 +794,8 @@ msgstr ""
 "@指令:\n"
 " "
 
-#: agent/protect-tool.c:117 g10/gpgv.c:76 kbx/kbxutil.c:81
-#: tools/gpg-connect-agent.c:76 tools/gpgconf.c:107
+#: agent/protect-tool.c:116 g10/gpgv.c:76 kbx/kbxutil.c:82
+#: tools/gpg-connect-agent.c:83 tools/gpgconf.c:108
 msgid ""
 "@\n"
 "Options:\n"
@@ -832,11 +805,11 @@ msgstr ""
 "選項:\n"
 " "
 
-#: agent/protect-tool.c:158
+#: agent/protect-tool.c:157
 msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
 msgstr "用法: gpg-protect-tool [選項] (或用 -h 求助)\n"
 
-#: agent/protect-tool.c:160
+#: agent/protect-tool.c:159
 msgid ""
 "Syntax: gpg-protect-tool [options] [args]\n"
 "Secret key maintenance tool\n"
@@ -844,21 +817,21 @@ msgstr ""
 "語法: gpg-protect-tool [選項] [引數]\n"
 "私鑰維護工具\n"
 
-#: agent/protect-tool.c:703 sm/import.c:774
+#: agent/protect-tool.c:707
 msgid "Please enter the passphrase to unprotect the PKCS#12 object."
 msgstr "請輸入密語來取消 PKCS#12 物件的保護."
 
-#: agent/protect-tool.c:708 sm/export.c:710
+#: agent/protect-tool.c:712
 msgid "Please enter the passphrase to protect the new PKCS#12 object."
 msgstr "請輸入密語來保護新的 PKCS#12 物件."
 
-#: agent/protect-tool.c:714
+#: agent/protect-tool.c:718
 msgid ""
 "Please enter the passphrase to protect the imported object within the GnuPG "
 "system."
 msgstr "請輸入密語以保護匯入至 GnuPG 系統內的物件."
 
-#: agent/protect-tool.c:719
+#: agent/protect-tool.c:723
 msgid ""
 "Please enter the passphrase or the PIN\n"
 "needed to complete this operation."
@@ -866,53 +839,52 @@ msgstr ""
 "請輸入完成這項操作所需的\n"
 "密語或個人識別碼 (PIN)."
 
-#: agent/protect-tool.c:730
+#: agent/protect-tool.c:734
 #, c-format
 msgid "cancelled\n"
 msgstr "已取消\n"
 
-#: agent/protect-tool.c:732
+#: agent/protect-tool.c:736
 #, c-format
 msgid "error while asking for the passphrase: %s\n"
 msgstr "詢問密語時出錯: %s\n"
 
-#: agent/trustlist.c:172 agent/trustlist.c:389 dirmngr/dirmngr.c:1709
-#: tools/gpgconf.c:470
+#: agent/trustlist.c:153 agent/trustlist.c:363 tools/gpgconf.c:424
 #, c-format
 msgid "error opening '%s': %s\n"
 msgstr "開啟 '%s' 時出錯: %s\n"
 
-#: agent/trustlist.c:188 common/helpfile.c:73 common/helpfile.c:89
+#: agent/trustlist.c:169 common/helpfile.c:73 common/helpfile.c:89
 #, c-format
 msgid "file '%s', line %d: %s\n"
 msgstr "檔案 '%s', 第 %d 列: %s\n"
 
-#: agent/trustlist.c:211 agent/trustlist.c:219
+#: agent/trustlist.c:192 agent/trustlist.c:200
 #, c-format
 msgid "statement \"%s\" ignored in '%s', line %d\n"
 msgstr "陳述句 \"%s\" 忽略於 '%s', 第 %d 列\n"
 
-#: agent/trustlist.c:225
+#: agent/trustlist.c:206
 #, c-format
 msgid "system trustlist '%s' not available\n"
 msgstr "沒有系統信任清單 '%s' 可用\n"
 
-#: agent/trustlist.c:269
+#: agent/trustlist.c:250
 #, c-format
 msgid "bad fingerprint in '%s', line %d\n"
 msgstr "不良的指紋於 '%s', 第 %d 列\n"
 
-#: agent/trustlist.c:294 agent/trustlist.c:301
+#: agent/trustlist.c:275 agent/trustlist.c:282
 #, c-format
 msgid "invalid keyflag in '%s', line %d\n"
 msgstr "無效的金鑰旗標於 '%s', 第 %d 列\n"
 
-#: agent/trustlist.c:335 common/helpfile.c:136
+#: agent/trustlist.c:316 common/helpfile.c:136
 #, c-format
 msgid "error reading '%s', line %d: %s\n"
 msgstr "讀取 '%s' 時出錯, 第 %d 列: %s\n"
 
-#: agent/trustlist.c:460 agent/trustlist.c:529
+#: agent/trustlist.c:435 agent/trustlist.c:504
 #, c-format
 msgid "error reading list of trusted root certificates\n"
 msgstr "讀取已信任根憑證清單時出錯\n"
@@ -925,18 +897,18 @@ msgstr "讀取已信任根憑證清單時出錯\n"
 #. plain % sign, you need to encode it as "%%25".  The
 #. "%s" gets replaced by the name as stored in the
 #. certificate.
-#: agent/trustlist.c:691
+#: agent/trustlist.c:666
 #, c-format
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
 msgstr "請問你是否徹底信任%%0A  \"%s\"%%0A正確驗證使用者憑證的能力?"
 
-#: agent/trustlist.c:700 common/audit.c:467
+#: agent/trustlist.c:675 common/audit.c:467
 msgid "Yes"
 msgstr "Yes"
 
-#: agent/trustlist.c:700 agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/trustlist.c:675 agent/findkey.c:1485 agent/findkey.c:1499
 #: common/audit.c:469
 msgid "No"
 msgstr "No"
@@ -949,7 +921,7 @@ msgstr "No"
 #. "%%25".  The second "%s" gets replaced by a hexdecimal
 #. fingerprint string whereas the first one receives the name
 #. as stored in the certificate.
-#: agent/trustlist.c:734
+#: agent/trustlist.c:709
 #, c-format
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
@@ -959,35 +931,35 @@ msgstr "請驗證憑證與此完全相同:%%0A  \"%s\"%%0A其指紋為:%%0A  %s"
 #. TRANSLATORS: "Correct" is the label of a button and intended
 #. to be hit if the fingerprint matches the one of the CA.  The
 #. other button is "the default "Cancel" of the Pinentry.
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Correct"
 msgstr "正確"
 
-#: agent/trustlist.c:748
+#: agent/trustlist.c:723
 msgid "Wrong"
 msgstr "錯了"
 
-#: agent/findkey.c:411
+#: agent/findkey.c:367
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
 msgstr "請注意: 密語從未變更過.%0A請現在就變更."
 
-#: agent/findkey.c:427
+#: agent/findkey.c:383
 #, c-format
 msgid ""
 "This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s.  Please change "
 "it now."
 msgstr "密語從下列時刻起就沒有變更過:%%0A%.4s-%.2s-%.2s.  請現在就變更."
 
-#: agent/findkey.c:441 agent/findkey.c:448
+#: agent/findkey.c:397 agent/findkey.c:404
 msgid "Change passphrase"
 msgstr "更改密語"
 
-#: agent/findkey.c:449
+#: agent/findkey.c:405
 msgid "I'll change it later"
 msgstr "我稍後再變更"
 
-#: agent/findkey.c:1656
+#: agent/findkey.c:1461
 #, fuzzy, c-format
 #| msgid "Do you really want to delete the selected keys? (y/N) "
 msgid ""
@@ -995,11 +967,11 @@ msgid ""
 "%%0A?"
 msgstr "你真的想要刪除所選的金鑰嗎? (y/N) "
 
-#: agent/findkey.c:1680 agent/findkey.c:1694
+#: agent/findkey.c:1485 agent/findkey.c:1499
 msgid "Delete key"
 msgstr "刪除金鑰"
 
-#: agent/findkey.c:1691
+#: agent/findkey.c:1496
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1007,93 +979,93 @@ msgstr ""
 "警告: 這把金鑰同時列為 SSH 所使用!\n"
 "刪除這把金鑰可能會讓你失去存取遠端機器的能力."
 
-#: agent/pksign.c:176 g10/seskey.c:293 sm/certcheck.c:88
+#: agent/pksign.c:174 g10/seskey.c:286 sm/certcheck.c:91
 #, c-format
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
 msgstr "DSA 需要 8 位元倍數的雜湊長度\n"
 
-#: agent/pksign.c:187 sm/certcheck.c:100
+#: agent/pksign.c:185 sm/certcheck.c:103
 #, c-format
 msgid "%s key uses an unsafe (%u bit) hash\n"
 msgstr "金鑰 %s 使用不安全 (%u 位元) 的雜湊\n"
 
-#: agent/pksign.c:202
+#: agent/pksign.c:200
 #, c-format
 msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr "%zu 位元的雜湊對 %u 位元的 %s 金鑰無效\n"
 
-#: agent/pksign.c:518
+#: agent/pksign.c:572
 #, c-format
 msgid "checking created signature failed: %s\n"
 msgstr "檢查已建立的簽章時出錯: %s\n"
 
-#: agent/cvt-openpgp.c:338
+#: agent/cvt-openpgp.c:337
 #, c-format
 msgid "secret key parts are not available\n"
 msgstr "私鑰部分無法取用\n"
 
-#: agent/cvt-openpgp.c:344 g10/card-util.c:1556
+#: agent/cvt-openpgp.c:343 g10/card-util.c:1562
 #, c-format
 msgid "public key algorithm %d (%s) is not supported\n"
 msgstr "公鑰演算法 %d (%s) 未支援\n"
 
-#: agent/cvt-openpgp.c:448
+#: agent/cvt-openpgp.c:493
 #, c-format
 msgid "protection algorithm %d (%s) is not supported\n"
 msgstr "保護演算法 %d (%s) 未支援\n"
 
-#: agent/cvt-openpgp.c:455
+#: agent/cvt-openpgp.c:500
 #, c-format
 msgid "protection hash algorithm %d (%s) is not supported\n"
 msgstr "保護雜湊演算法 %d (%s) 未支援\n"
 
-#: common/exechelp-posix.c:368 common/exechelp-w32.c:451
-#: common/exechelp-w32.c:475 common/exechelp-w32.c:505
+#: common/exechelp-posix.c:360 common/exechelp-w32.c:461
+#: common/exechelp-w32.c:485 common/exechelp-w32.c:515
 #, c-format
 msgid "error creating a pipe: %s\n"
 msgstr "建立管道時出錯: %s\n"
 
-#: common/exechelp-posix.c:381 common/exechelp-w32.c:355
-#: common/exechelp-w32.c:461 common/exechelp-w32.c:485
-#: common/exechelp-w32.c:515
+#: common/exechelp-posix.c:373 common/exechelp-w32.c:356
+#: common/exechelp-w32.c:471 common/exechelp-w32.c:495
+#: common/exechelp-w32.c:525
 #, c-format
 msgid "error creating a stream for a pipe: %s\n"
 msgstr "建立管道串流時出錯: %s\n"
 
-#: common/exechelp-posix.c:504 common/exechelp-posix.c:579
-#: common/exechelp-posix.c:865 dirmngr/dirmngr.c:1435
+#: common/exechelp-posix.c:505 common/exechelp-posix.c:580
+#: common/exechelp-posix.c:861 dirmngr/dirmngr.c:1345
 #, c-format
 msgid "error forking process: %s\n"
 msgstr "衍生執行程序時出錯: %s\n"
 
-#: common/exechelp-posix.c:678 common/exechelp-w32ce.c:767
+#: common/exechelp-posix.c:679 common/exechelp-w32ce.c:768
 #, c-format
 msgid "waiting for process %d to terminate failed: %s\n"
 msgstr "等候 %d 處理程序終止時失敗: %s\n"
 
-#: common/exechelp-posix.c:687 common/exechelp-posix.c:808
+#: common/exechelp-posix.c:688 common/exechelp-posix.c:804
 #, c-format
 msgid "error running '%s': probably not installed\n"
 msgstr "執行 '%s' 時出錯: 可能尚未安裝\n"
 
-#: common/exechelp-posix.c:693 common/exechelp-posix.c:815
-#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:781
+#: common/exechelp-posix.c:694 common/exechelp-posix.c:811
+#: common/exechelp-w32.c:839 common/exechelp-w32ce.c:782
 #, c-format
 msgid "error running '%s': exit status %d\n"
 msgstr "執行 '%s' 時出錯: 結束狀態 %d\n"
 
-#: common/exechelp-posix.c:701 common/exechelp-posix.c:823
+#: common/exechelp-posix.c:702 common/exechelp-posix.c:819
 #, c-format
 msgid "error running '%s': terminated\n"
 msgstr "執行 '%s' 時出錯: 已終止\n"
 
-#: common/exechelp-posix.c:764 common/exechelp-w32.c:813
+#: common/exechelp-posix.c:760 common/exechelp-w32.c:820
 #, fuzzy, c-format
 #| msgid "waiting for process %d to terminate failed: %s\n"
 msgid "waiting for processes to terminate failed: %s\n"
 msgstr "等候 %d 處理程序終止時失敗: %s\n"
 
-#: common/exechelp-w32.c:825 common/exechelp-w32ce.c:775
+#: common/exechelp-w32.c:832 common/exechelp-w32ce.c:776
 #, c-format
 msgid "error getting exit code of process %d: %s\n"
 msgstr "取得 %d 執行程序結束碼時出錯: %s\n"
@@ -1108,34 +1080,34 @@ msgstr "無法連接至 '%s': %s\n"
 msgid "problem setting the gpg-agent options\n"
 msgstr "設定 gpg-agent 選項時發生問題\n"
 
-#: common/sysutils.c:168
+#: common/sysutils.c:176
 #, c-format
 msgid "can't disable core dumps: %s\n"
 msgstr "無法讓系統停止傾印核心檔: %s\n"
 
-#: common/sysutils.c:408
+#: common/sysutils.c:416
 #, c-format
 msgid "Warning: unsafe ownership on %s \"%s\"\n"
 msgstr "警告: %s 的所有權 \"%s\" 並不安全\n"
 
-#: common/sysutils.c:440
+#: common/sysutils.c:448
 #, c-format
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "警告: %s 的權限 \"%s\" 並不安全\n"
 
-#: common/sysutils.c:885
+#: common/sysutils.c:905
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
 msgid "waiting for file '%s' to become accessible ...\n"
 msgstr "正在等候代理程式出現 ... (%d 秒)\n"
 
-#: common/sysutils.c:911
+#: common/sysutils.c:931
 #, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "把 '%s' 重新新命成 '%s' 時失敗: %s\n"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: common/yesno.c:45 common/yesno.c:82
+#: common/yesno.c:45 common/yesno.c:82 tools/gpg-card.c:3081
 msgid "yes"
 msgstr "yes"
 
@@ -1189,53 +1161,100 @@ msgstr "在安全記憶體配置 %lu 位元組時超出核心"
 msgid "out of core while allocating %lu bytes"
 msgstr "配置 %lu 位元組時超出核心"
 
-#: common/miscellaneous.c:115 g10/card-util.c:911 tools/no-libgcrypt.c:30
+#: common/miscellaneous.c:115 g10/card-util.c:917 tools/no-libgcrypt.c:30
+#: tools/gpg-card.c:415
 #, c-format
 msgid "error allocating enough memory: %s\n"
 msgstr "配置足夠的記憶體時出錯: %s\n"
 
-#: common/miscellaneous.c:202
+#: common/miscellaneous.c:154
 #, c-format
 msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
 msgstr "%s:%u: 廢棄的 \"%s\" 選項 - 沒有任何影響\n"
 
-#: common/miscellaneous.c:205
+#: common/miscellaneous.c:157
 #, c-format
 msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgstr "警告: \"%s%s\" 是已廢棄的選項 - 沒有效果\n"
 
-#: common/miscellaneous.c:753
+#: common/miscellaneous.c:705
 #, c-format
 msgid "unknown debug flag '%s' ignored\n"
 msgstr ""
 
-#: common/asshelp.c:335
+#: common/asshelp.c:348
+#, c-format
+msgid "waiting for the dirmngr to come up ... (%ds)\n"
+msgstr "正在等候 dirmngr 出現 ... (%d 秒)\n"
+
+#: common/asshelp.c:350
 #, fuzzy, c-format
 #| msgid "waiting for the agent to come up ... (%ds)\n"
-msgid "waiting for the %s to come up ... (%ds)\n"
+msgid "waiting for the keyboxd to come up ... (%ds)\n"
 msgstr "正在等候代理程式出現 ... (%d 秒)\n"
 
-#: common/asshelp.c:347
+#: common/asshelp.c:351
 #, fuzzy, c-format
-#| msgid "connection to agent established\n"
-msgid "connection to %s established\n"
-msgstr "至代理程式的連線已建立\n"
+#| msgid "waiting for the agent to come up ... (%ds)\n"
+msgid "waiting for the agent to come up ... (%ds)\n"
+msgstr "正在等候代理程式出現 ... (%d 秒)\n"
 
-#: common/asshelp.c:430
+#: common/asshelp.c:364
 #, c-format
-msgid "no running gpg-agent - starting '%s'\n"
-msgstr "沒有執行中的 gpg-agent - 正在啟動 '%s'\n"
+msgid "connection to the dirmngr established\n"
+msgstr "連線至 dirmngr 已建立\n"
+
+#: common/asshelp.c:366
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the keyboxd established\n"
+msgstr "連線至 dirmngr 已建立\n"
+
+#: common/asshelp.c:367
+#, fuzzy, c-format
+#| msgid "connection to the dirmngr established\n"
+msgid "connection to the agent established\n"
+msgstr "連線至 dirmngr 已建立\n"
+
+#: common/asshelp.c:485
+#, fuzzy, c-format
+#| msgid "no running Dirmngr - starting '%s'\n"
+msgid "no running %s - starting '%s'\n"
+msgstr "沒有執行中的 Dirmngr - 正在啟動 '%s'\n"
 
-#: common/asshelp.c:521
+#: common/asshelp.c:588
 #, fuzzy, c-format
 #| msgid "connection to agent established\n"
-msgid "connection to agent is in restricted mode\n"
+msgid "connection to the agent is in restricted mode\n"
 msgstr "至代理程式的連線已建立\n"
 
-#: common/asshelp.c:578
+#: common/asshelp.c:725
+#, fuzzy, c-format
+#| msgid "error creating keyring '%s': %s\n"
+msgid "error getting version from '%s': %s\n"
+msgstr "建立鑰匙圈 '%s' 時出錯: %s\n"
+
+#: common/asshelp.c:731
 #, c-format
-msgid "no running Dirmngr - starting '%s'\n"
-msgstr "沒有執行中的 Dirmngr - 正在啟動 '%s'\n"
+msgid "server '%s' is older than us (%s < %s)"
+msgstr ""
+
+#: common/asshelp.c:737 g10/call-dirmngr.c:407
+#, fuzzy, c-format
+#| msgid "WARNING: %s overrides %s\n"
+msgid "WARNING: %s\n"
+msgstr "警告: %s 會推翻 %s\n"
+
+#: common/asshelp.c:740
+#, c-format
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#: common/asshelp.c:742
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "請先使用 \"toggle\" 指令.\n"
 
 #. TRANSLATORS: Copy the prefix between the vertical bars
 #. verbatim.  It will not be printed.
@@ -1305,7 +1324,7 @@ msgid "algorithm: %s"
 msgstr "演算法: %s"
 
 #: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
-#: scd/app-openpgp.c:3557
+#: scd/app-openpgp.c:4212
 #, c-format
 msgid "unsupported algorithm: %s"
 msgstr "未支援的演算法: %s"
@@ -1380,11 +1399,11 @@ msgstr "憑證鏈有效"
 msgid "Root certificate trustworthy"
 msgstr "根憑證可信賴"
 
-#: common/audit.c:1112 sm/certchain.c:1235
+#: common/audit.c:1112 sm/certchain.c:1242
 msgid "no CRL found for certificate"
 msgstr "找不到用於憑證的 CRL"
 
-#: common/audit.c:1115 sm/certchain.c:1245
+#: common/audit.c:1115 sm/certchain.c:1252
 msgid "the available CRL is too old"
 msgstr "可用的 CRL 太舊了"
 
@@ -1421,7 +1440,7 @@ msgstr "'%s' 沒有可用的說明."
 msgid "ignoring garbage line"
 msgstr "忽略垃圾列"
 
-#: common/gettime.c:958
+#: common/gettime.c:919
 msgid "[none]"
 msgstr "[ 無 ]"
 
@@ -1430,134 +1449,26 @@ msgstr "[ 無 ]"
 msgid "invalid radix64 character %02x skipped\n"
 msgstr "已跳過無效的 radix64 字符 %02x\n"
 
-#: common/ttyio.c:447
+#: common/ttyio.c:433
 #, c-format
 msgid "Sorry, we are in batchmode - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:453
+#: common/ttyio.c:439
 #, c-format
 msgid "Sorry, no terminal at all requested - can't get input\n"
 msgstr ""
 
-#: common/ttyio.c:488 common/ttyio.c:498
+#: common/ttyio.c:474 common/ttyio.c:484
 #, c-format
 msgid "too many errors; giving up\n"
 msgstr ""
 
-#: common/ttyio.c:550
+#: common/ttyio.c:536
 #, c-format
 msgid "Control-D detected\n"
 msgstr ""
 
-#: common/argparse.c:520
-msgid "argument not expected"
-msgstr "沒料到有引數"
-
-#: common/argparse.c:522
-msgid "read error"
-msgstr "讀取錯誤"
-
-#: common/argparse.c:524
-msgid "keyword too long"
-msgstr "關鍵字太長"
-
-#: common/argparse.c:526
-msgid "missing argument"
-msgstr "無效的引數"
-
-#: common/argparse.c:528
-msgid "invalid argument"
-msgstr "無效的引數"
-
-#: common/argparse.c:530
-msgid "invalid command"
-msgstr "無效的指令"
-
-#: common/argparse.c:532
-msgid "invalid alias definition"
-msgstr "無效的別名定義"
-
-#: common/argparse.c:534 common/argparse.c:571
-msgid "permission error"
-msgstr ""
-
-#: common/argparse.c:536 common/argparse.c:569
-msgid "out of core"
-msgstr "超出核心"
-
-#: common/argparse.c:540 common/argparse.c:575
-#, fuzzy
-#| msgid "invalid command"
-msgid "invalid meta command"
-msgstr "無效的指令"
-
-#: common/argparse.c:542 common/argparse.c:577
-#, fuzzy
-#| msgid "unknown command '%s'\n"
-msgid "unknown meta command"
-msgstr "未知的指令 '%s'\n"
-
-#: common/argparse.c:544 common/argparse.c:579
-#, fuzzy
-#| msgid "unexpected armor: "
-msgid "unexpected meta command"
-msgstr "未預期的封裝: "
-
-#: common/argparse.c:546
-msgid "invalid option"
-msgstr "無效的選項"
-
-#: common/argparse.c:556
-#, c-format
-msgid "missing argument for option \"%.50s\"\n"
-msgstr "\"%.50s\" 選項遺失了引數\n"
-
-#: common/argparse.c:558 g10/gpg.c:3525
-#, c-format
-msgid "invalid argument for option \"%.50s\"\n"
-msgstr "選項 \"%.50s\" 的引數無效\n"
-
-#: common/argparse.c:560
-#, c-format
-msgid "option \"%.50s\" does not expect an argument\n"
-msgstr "\"%.50s\" 選項沒料到會有引數\n"
-
-#: common/argparse.c:563
-#, c-format
-msgid "invalid command \"%.50s\"\n"
-msgstr "無效的指令 \"%.50s\"\n"
-
-#: common/argparse.c:565
-#, c-format
-msgid "option \"%.50s\" is ambiguous\n"
-msgstr "\"%.50s\" 選項不明確\n"
-
-#: common/argparse.c:567
-#, c-format
-msgid "command \"%.50s\" is ambiguous\n"
-msgstr "\"%.50s\" 指令不明確\n"
-
-#: common/argparse.c:581
-#, c-format
-msgid "invalid option \"%.50s\"\n"
-msgstr "無效的選項 \"%.50s\"\n"
-
-#: common/argparse.c:1756 common/argparse.c:1851
-#, c-format
-msgid "Note: no default option file '%s'\n"
-msgstr "請注意: 沒有預設選項檔 '%s'\n"
-
-#: common/argparse.c:1843
-#, c-format
-msgid "option file '%s': %s\n"
-msgstr "選項檔 '%s': %s\n"
-
-#: common/argparse.c:2266
-#, c-format
-msgid "Note: ignoring option \"--%s\" due to global config\n"
-msgstr ""
-
 #: common/utf8conv.c:123
 #, c-format
 msgid "conversion from '%s' to '%s' not available\n"
@@ -1573,171 +1484,172 @@ msgstr "iconv_open 失敗: %s\n"
 msgid "conversion from '%s' to '%s' failed: %s\n"
 msgstr "從 '%s' 轉換到 '%s' 失敗: %s\n"
 
-#: common/dotlock.c:728
+#: common/dotlock.c:724
 #, c-format
 msgid "failed to create temporary file '%s': %s\n"
 msgstr "建立暫存檔失敗 '%s': %s\n"
 
-#: common/dotlock.c:790
+#: common/dotlock.c:786
 #, c-format
 msgid "error writing to '%s': %s\n"
 msgstr "寫入 '%s' 時出錯: %s\n"
 
-#: common/dotlock.c:1173
+#: common/dotlock.c:1129
 #, c-format
 msgid "removing stale lockfile (created by %d)\n"
 msgstr "正在移除陳腐的鎖定檔 (由 %d 所建立)\n"
 
-#: common/dotlock.c:1210
+#: common/dotlock.c:1165
 #, c-format
 msgid "waiting for lock (held by %d%s) %s...\n"
 msgstr "正在等候鎖定 (被 %d%s 持有) %s...\n"
 
-#: common/dotlock.c:1211
+#: common/dotlock.c:1166
 msgid "(deadlock?) "
 msgstr "(死結嗎?) "
 
-#: common/dotlock.c:1250
+#: common/dotlock.c:1205
 #, c-format
 msgid "lock '%s' not made: %s\n"
 msgstr "未鎖定 '%s': %s\n"
 
-#: common/dotlock.c:1277
+#: common/dotlock.c:1232
 #, c-format
 msgid "waiting for lock %s...\n"
 msgstr "正在等候 `%s' 鎖定...\n"
 
-#: common/init.c:191 sm/gpgsm.c:893 dirmngr/dirmngr.c:987 dirmngr/dirmngr.c:996
+#: common/init.c:191 sm/gpgsm.c:1032 dirmngr/dirmngr.c:894
+#: dirmngr/dirmngr.c:903
 #, c-format
 msgid "%s is too old (need %s, have %s)\n"
 msgstr "%s 太舊了 (需要 %s, 但是祇有 %s)\n"
 
-#: g10/armor.c:423
+#: g10/armor.c:437
 #, c-format
 msgid "armor: %s\n"
 msgstr "封裝: %s\n"
 
-#: g10/armor.c:462
+#: g10/armor.c:476
 #, c-format
 msgid "invalid armor header: "
 msgstr "無效的封裝檔頭: "
 
-#: g10/armor.c:473
+#: g10/armor.c:487
 #, c-format
 msgid "armor header: "
 msgstr "封裝檔頭: "
 
-#: g10/armor.c:486
+#: g10/armor.c:500
 #, c-format
 msgid "invalid clearsig header\n"
 msgstr "無效的明文簽章檔頭\n"
 
-#: g10/armor.c:499
+#: g10/armor.c:513
 #, c-format
 msgid "unknown armor header: "
 msgstr "未知的封裝檔頭: "
 
-#: g10/armor.c:552
+#: g10/armor.c:566
 #, c-format
 msgid "nested clear text signatures\n"
 msgstr "多層明文簽章\n"
 
-#: g10/armor.c:687
+#: g10/armor.c:701
 #, c-format
 msgid "unexpected armor: "
 msgstr "未預期的封裝: "
 
-#: g10/armor.c:700
+#: g10/armor.c:714
 #, c-format
 msgid "invalid dash escaped line: "
 msgstr "無效的破折號逸出列: "
 
-#: g10/armor.c:872 g10/armor.c:1492
+#: g10/armor.c:1002
 #, c-format
 msgid "invalid radix64 character %02X skipped\n"
 msgstr "無效的 64 進位字符 %02x 已跳過\n"
 
-#: g10/armor.c:915
+#: g10/armor.c:1038
 #, c-format
 msgid "premature eof (no CRC)\n"
 msgstr "檔案未預期的結束 (沒有 CRC 的部分)\n"
 
-#: g10/armor.c:949
+#: g10/armor.c:1072
 #, c-format
 msgid "premature eof (in CRC)\n"
 msgstr "檔案未預期的結束 (CRC 的部分未結束)\n"
 
-#: g10/armor.c:957
+#: g10/armor.c:1080
 #, c-format
 msgid "malformed CRC\n"
 msgstr "格式不對的 CRC\n"
 
-#: g10/armor.c:961 g10/armor.c:1529
+#: g10/armor.c:1084
 #, c-format
 msgid "CRC error; %06lX - %06lX\n"
 msgstr "CRC 錯誤; %06lX - %06lX\n"
 
-#: g10/armor.c:981
+#: g10/armor.c:1104
 #, c-format
 msgid "premature eof (in trailer)\n"
 msgstr "檔案未預期的結束 (於結尾處)\n"
 
-#: g10/armor.c:985
+#: g10/armor.c:1108
 #, c-format
 msgid "error in trailer line\n"
 msgstr "結尾列有問題\n"
 
-#: g10/armor.c:1305
+#: g10/armor.c:1514
 #, c-format
 msgid "no valid OpenPGP data found.\n"
 msgstr "找不到有效的 OpenPGP 資料.\n"
 
-#: g10/armor.c:1310
+#: g10/armor.c:1519
 #, c-format
 msgid "invalid armor: line longer than %d characters\n"
 msgstr "無效的封裝: 列長超出 %d 字符\n"
 
-#: g10/armor.c:1314
+#: g10/armor.c:1523
 #, c-format
 msgid ""
 "quoted printable character in armor - probably a buggy MTA has been used\n"
 msgstr "封裝裡出現被引號括住的可列印字符 - 可能是有瑕疵的送信程式造成的\n"
 
-#: g10/build-packet.c:1219
+#: g10/build-packet.c:1459
 #, fuzzy, c-format
 #| msgid "not human readable"
 msgid "[ not human readable (%zu bytes: %s%s) ]"
 msgstr "不是人類能讀得懂的"
 
-#: g10/build-packet.c:1271
+#: g10/build-packet.c:1511
 #, c-format
 msgid ""
 "a notation name must have only printable characters or spaces, and end with "
 "an '='\n"
 msgstr "標記名稱一定要採用可印出的字符或空白, 並以一個 '=' 來結尾\n"
 
-#: g10/build-packet.c:1283 g10/build-packet.c:1379
+#: g10/build-packet.c:1523 g10/build-packet.c:1619
 #, c-format
 msgid "a user notation name must contain the '@' character\n"
 msgstr "使用者標記名稱一定要含有 '@' 字符\n"
 
-#: g10/build-packet.c:1289 g10/build-packet.c:1385
+#: g10/build-packet.c:1529 g10/build-packet.c:1625
 #, c-format
 msgid "a notation name must not contain more than one '@' character\n"
 msgstr "使用者標記名稱不得含有兩個或更多的 '@' 字符\n"
 
-#: g10/build-packet.c:1307
+#: g10/build-packet.c:1547
 #, c-format
 msgid "a notation value must not use any control characters\n"
 msgstr "標記值一定不能使用任何的控制字符\n"
 
-#: g10/build-packet.c:1363
+#: g10/build-packet.c:1603
 #, fuzzy, c-format
 #| msgid "a notation name must not contain more than one '@' character\n"
 msgid "a notation name may not contain an '=' character\n"
 msgstr "使用者標記名稱不得含有兩個或更多的 '@' 字符\n"
 
-#: g10/build-packet.c:1369
+#: g10/build-packet.c:1609
 #, fuzzy, c-format
 #| msgid ""
 #| "a notation name must have only printable characters or spaces, and end "
@@ -1745,374 +1657,367 @@ msgstr "使用者標記名稱不得含有兩個或更多的 '@' 字符\n"
 msgid "a notation name must have only printable characters or spaces\n"
 msgstr "標記名稱一定要採用可印出的字符或空白, 並以一個 '=' 來結尾\n"
 
-#: g10/build-packet.c:1428 g10/build-packet.c:1439
+#: g10/build-packet.c:1668 g10/build-packet.c:1679
 #, c-format
 msgid "WARNING: invalid notation data found\n"
 msgstr "警告: 找到無效的標記資料\n"
 
-#: g10/call-agent.c:144 sm/call-agent.c:239
+#: g10/call-agent.c:155 sm/call-agent.c:214
 #, c-format
 msgid "failed to proxy %s inquiry to client\n"
 msgstr "以 %s 代理伺服器查詢用戶端時失敗\n"
 
-#: g10/call-agent.c:170
+#: g10/call-agent.c:181
 msgid "Enter passphrase: "
 msgstr "請輸入密語: "
 
-#: g10/call-agent.c:199 g10/call-dirmngr.c:153 sm/call-agent.c:98
-#: sm/call-dirmngr.c:165
+#: g10/call-agent.c:318 g10/encrypt.c:282 g10/encrypt.c:818 g10/sign.c:473
+#: sm/call-agent.c:180 sm/encrypt.c:701 sm/sign.c:436
 #, fuzzy, c-format
-#| msgid "error creating keyring '%s': %s\n"
-msgid "error getting version from '%s': %s\n"
-msgstr "建立鑰匙圈 '%s' 時出錯: %s\n"
-
-#: g10/call-agent.c:205 g10/call-dirmngr.c:159 sm/call-agent.c:104
-#: sm/call-dirmngr.c:171
-#, c-format
-msgid "server '%s' is older than us (%s < %s)"
-msgstr ""
+#| msgid "%s does not yet work with %s\n"
+msgid "%s is not compliant with %s mode\n"
+msgstr "%s 還沒辦法跟 %s 一起運作\n"
 
-#: g10/call-agent.c:211 g10/call-dirmngr.c:165 g10/call-dirmngr.c:439
-#: sm/call-agent.c:110 sm/call-dirmngr.c:177
+#: g10/call-agent.c:1081
 #, fuzzy, c-format
-#| msgid "WARNING: %s overrides %s\n"
-msgid "WARNING: %s\n"
-msgstr "警告: %s 會推翻 %s\n"
+#| msgid "error reading from %s: %s\n"
+msgid "error from TPM: %s\n"
+msgstr "讀取 %s 時出錯: %s\n"
 
-#: g10/call-agent.c:214 g10/call-dirmngr.c:168 sm/call-agent.c:113
-#: sm/call-dirmngr.c:180
+#: g10/call-agent.c:2123 g10/passphrase.c:225 g10/passphrase.c:258
+#: tools/card-call-scd.c:1751
 #, c-format
-msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
-
-#: g10/call-agent.c:216 g10/call-dirmngr.c:170 sm/call-agent.c:115
-#: sm/call-dirmngr.c:182
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
-msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "請先使用 \"toggle\" 指令.\n"
-
-#: g10/call-agent.c:318 g10/encrypt.c:213 g10/encrypt.c:531 g10/sign.c:412
-#: sm/call-agent.c:205 sm/encrypt.c:426 sm/sign.c:345
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
-msgid "%s is not compliant with %s mode\n"
-msgstr "%s 還沒辦法跟 %s 一起運作\n"
+msgid "problem with the agent: %s\n"
+msgstr "代理程式的問題: %s\n"
 
-#: g10/call-dirmngr.c:209 sm/call-dirmngr.c:269 tools/gpg-connect-agent.c:2253
+#: g10/call-dirmngr.c:178 sm/call-dirmngr.c:238 tools/gpg-connect-agent.c:2316
 #, fuzzy, c-format
 #| msgid "no gpg-agent running in this session\n"
 msgid "no dirmngr running in this session\n"
 msgstr "在此階段中沒有執行中的 gpg-agent\n"
 
-#: g10/call-dirmngr.c:243
+#: g10/call-dirmngr.c:212
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
-msgid "keyserver option \"%s\" may not be used in %s mode\n"
+msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
 msgstr "你不能夠將 %s 用於 %s 模式中\n"
 
-#: g10/call-dirmngr.c:417
+#: g10/call-dirmngr.c:385
 msgid "WKD uses a cached result"
 msgstr ""
 
-#: g10/call-dirmngr.c:420
+#: g10/call-dirmngr.c:388
 msgid "Tor is not running"
 msgstr ""
 
-#: g10/call-dirmngr.c:422
+#: g10/call-dirmngr.c:390
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "Tor is not properly configured"
 msgstr "\"%s\" 不是指紋\n"
 
-#: g10/call-dirmngr.c:424
+#: g10/call-dirmngr.c:392
 #, fuzzy
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "DNS is not properly configured"
 msgstr "\"%s\" 不是指紋\n"
 
-#: g10/call-dirmngr.c:426
+#: g10/call-dirmngr.c:394
 msgid "unacceptable HTTP redirect from server"
 msgstr ""
 
-#: g10/call-dirmngr.c:428
+#: g10/call-dirmngr.c:396
 msgid "unacceptable HTTP redirect from server was cleaned up"
 msgstr ""
 
-#: g10/call-dirmngr.c:430
+#: g10/call-dirmngr.c:398
 #, fuzzy
 #| msgid "generate a revocation certificate"
 msgid "server uses an invalid certificate"
 msgstr "產生撤銷憑證"
 
-#: g10/call-dirmngr.c:437 g10/gpg.c:4458
+#: g10/call-dirmngr.c:405 g10/gpg.c:4568
 #, fuzzy, c-format
 #| msgid "armor: %s\n"
 msgid "Note: %s\n"
 msgstr "封裝: %s\n"
 
-#: g10/card-util.c:86 g10/card-util.c:366 g10/card-util.c:1918
+#: g10/card-util.c:86 g10/card-util.c:369 g10/card-util.c:1924
+#: tools/gpg-card.c:3038
 #, c-format
 msgid "OpenPGP card not available: %s\n"
 msgstr "沒有可用的 OpenPGP 卡片: %s\n"
 
-#: g10/card-util.c:91 g10/card-util.c:1924
+#: g10/card-util.c:91 g10/card-util.c:1930
 #, c-format
 msgid "OpenPGP card no. %s detected\n"
 msgstr "偵測到 OpenPGP 卡片編號 %s\n"
 
-#: g10/card-util.c:97 g10/card-util.c:2253 g10/delkey.c:160 g10/keyedit.c:1423
-#: g10/keygen.c:4466 g10/revoke.c:214 g10/revoke.c:636
+#: g10/card-util.c:97 g10/card-util.c:2309 g10/delkey.c:164 g10/keyedit.c:1428
+#: g10/keygen.c:4771 g10/revoke.c:214 g10/revoke.c:638
 #, c-format
 msgid "can't do this in batch mode\n"
 msgstr "無法在批次模式中這樣做\n"
 
-#: g10/card-util.c:105
+#: g10/card-util.c:105 tools/gpg-card.c:2942
 #, c-format
 msgid "This command is only available for version 2 cards\n"
 msgstr "祇有第二版卡片纔能用這個指令\n"
 
-#: g10/card-util.c:107 scd/app-openpgp.c:2866
+#: g10/card-util.c:107 scd/app-openpgp.c:3398 tools/gpg-card.c:2947
 #, c-format
 msgid "Reset Code not or not anymore available\n"
 msgstr "(再也) 沒有重設碼\n"
 
-#: g10/card-util.c:140 g10/card-util.c:1442 g10/card-util.c:1704
-#: g10/card-util.c:1796 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
-#: g10/keygen.c:1808 g10/keygen.c:1980 g10/keygen.c:2186 g10/keygen.c:2477
-#: sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:291 sm/certreqgen-ui.c:325
+#: g10/card-util.c:140 g10/card-util.c:1448 g10/card-util.c:1710
+#: g10/card-util.c:1802 g10/keyedit.c:394 g10/keyedit.c:415 g10/keyedit.c:429
+#: g10/keygen.c:1991 g10/keygen.c:2165 g10/keygen.c:2385 g10/keygen.c:2685
+#: sm/certreqgen-ui.c:166 sm/certreqgen-ui.c:292 sm/certreqgen-ui.c:326
+#: tools/gpg-card.c:509
 msgid "Your selection? "
 msgstr "你要選哪一個? "
 
-#: g10/card-util.c:260 g10/card-util.c:311
+#: g10/card-util.c:262 g10/card-util.c:313 tools/gpg-card.c:595
+#: tools/gpg-card.c:635
 msgid "[not set]"
 msgstr "[未設定]"
 
-#: g10/card-util.c:554
+#: g10/card-util.c:558 tools/gpg-card.c:902
 msgid "Mr."
 msgstr ""
 
-#: g10/card-util.c:555
+#: g10/card-util.c:559 tools/gpg-card.c:903
 msgid "Ms."
 msgstr ""
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "not forced"
 msgstr "不強迫使用"
 
-#: g10/card-util.c:582
+#: g10/card-util.c:586 tools/gpg-card.c:930
 msgid "forced"
 msgstr "強迫使用"
 
-#: g10/card-util.c:759
+#: g10/card-util.c:768 tools/gpg-card.c:1467
 msgid "Error: Only plain ASCII is currently allowed.\n"
 msgstr "錯誤: 目前祇允許使用單純的 ASCII 字符.\n"
 
-#: g10/card-util.c:761
+#: g10/card-util.c:770 tools/gpg-card.c:1469
 msgid "Error: The \"<\" character may not be used.\n"
 msgstr "錯誤: 不能使用 \"<\" 字符.\n"
 
-#: g10/card-util.c:763
+#: g10/card-util.c:772 tools/gpg-card.c:1471
 msgid "Error: Double spaces are not allowed.\n"
 msgstr "錯誤: 並不允許使用連續兩個以上的空格.\n"
 
-#: g10/card-util.c:781
+#: g10/card-util.c:789 tools/gpg-card.c:1504
 msgid "Cardholder's surname: "
 msgstr "卡片持有者的姓氏: "
 
-#: g10/card-util.c:783
+#: g10/card-util.c:791 tools/gpg-card.c:1505
 msgid "Cardholder's given name: "
 msgstr "卡片持有者的名字: "
 
-#: g10/card-util.c:802
+#: g10/card-util.c:809 tools/gpg-card.c:1522
 #, c-format
 msgid "Error: Combined name too long (limit is %d characters).\n"
 msgstr "錯誤: 合併後的名字太長 (上限是 %d 個字符).\n"
 
-#: g10/card-util.c:826
+#: g10/card-util.c:830 tools/gpg-card.c:1560
 msgid "URL to retrieve public key: "
 msgstr "取回公鑰的 URL: "
 
-#: g10/card-util.c:920 g10/decrypt-data.c:509 g10/import.c:399 g10/import.c:746
-#: g10/import.c:798 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
-#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1748
-#: tools/gpgconf.c:483 tools/gpgconf.c:529
+#: g10/card-util.c:926 g10/decrypt-data.c:495 g10/import.c:394 g10/import.c:744
+#: g10/import.c:803 dirmngr/crlcache.c:655 dirmngr/crlcache.c:660
+#: dirmngr/crlcache.c:914 dirmngr/crlcache.c:920 dirmngr/dirmngr.c:1657
+#: tools/gpgconf.c:437 tools/gpgconf.c:483 tools/gpg-card.c:425
 #, c-format
 msgid "error reading '%s': %s\n"
 msgstr "讀取 '%s' 時出錯: %s\n"
 
-#: g10/card-util.c:953 g10/decrypt-data.c:512 g10/export.c:2467
-#: dirmngr/crlcache.c:925
+#: g10/card-util.c:959 g10/decrypt-data.c:498 g10/export.c:2496
+#: dirmngr/crlcache.c:925 tools/gpg-card.c:485 tools/gpg-card.c:492
 #, c-format
 msgid "error writing '%s': %s\n"
 msgstr "寫入 '%s' 時出錯: %s\n"
 
-#: g10/card-util.c:980
+#: g10/card-util.c:986 tools/gpg-card.c:1649
 msgid "Login data (account name): "
 msgstr "登入資料 (帳號名稱): "
 
-#: g10/card-util.c:1018
+#: g10/card-util.c:1024 tools/gpg-card.c:1944
 msgid "Private DO data: "
 msgstr "私人的 DO 資料: "
 
-#: g10/card-util.c:1103
+#: g10/card-util.c:1109 tools/gpg-card.c:1698
 msgid "Language preferences: "
 msgstr "介面語言偏好設定: "
 
-#: g10/card-util.c:1111
+#: g10/card-util.c:1117 tools/gpg-card.c:1709
+#, c-format
 msgid "Error: invalid length of preference string.\n"
 msgstr "錯誤: 無效的偏好設定字串長度\n"
 
-#: g10/card-util.c:1120
+#: g10/card-util.c:1126 tools/gpg-card.c:1718
+#, c-format
 msgid "Error: invalid characters in preference string.\n"
 msgstr "錯誤: 偏好設定字串中含有無效的字符\n"
 
-#: g10/card-util.c:1142
+#: g10/card-util.c:1148 tools/gpg-card.c:1752
 msgid "Salutation (M = Mr., F = Ms., or space): "
 msgstr ""
 
-#: g10/card-util.c:1156
+#: g10/card-util.c:1162 tools/gpg-card.c:1769
 msgid "Error: invalid response.\n"
 msgstr "錯誤: 無效的回應.\n"
 
-#: g10/card-util.c:1178
+#: g10/card-util.c:1185 tools/gpg-card.c:1834
 msgid "CA fingerprint: "
 msgstr "憑證中心 (CA) 指紋: "
 
-#: g10/card-util.c:1201
+#: g10/card-util.c:1209 tools/gpg-card.c:1860
+#, c-format
 msgid "Error: invalid formatted fingerprint.\n"
 msgstr "錯誤: 無效的格式化指紋.\n"
 
-#: g10/card-util.c:1252
+#: g10/card-util.c:1259
 #, c-format
 msgid "key operation not possible: %s\n"
 msgstr "不可能進行金鑰操作: %s\n"
 
-#: g10/card-util.c:1253
+#: g10/card-util.c:1260
 msgid "not an OpenPGP card"
 msgstr "這不是 OpenPGP 卡片"
 
-#: g10/card-util.c:1266 g10/keygen.c:4486 g10/keygen.c:5562
+#: g10/card-util.c:1273 g10/keygen.c:4791 g10/keygen.c:5952
 #, c-format
 msgid "error getting current key info: %s\n"
 msgstr "取得現用金鑰資訊時出錯: %s\n"
 
-#: g10/card-util.c:1351
+#: g10/card-util.c:1358
 msgid "Replace existing key? (y/N) "
 msgstr "是否要取代既有的金鑰? (y/N) "
 
-#: g10/card-util.c:1368
+#: g10/card-util.c:1375 tools/gpg-card.c:3327
+#, fuzzy
+#| msgid ""
+#| "Note: There is no guarantee that the card supports the requested size.\n"
+#| "      If the key generation does not succeed, please check the\n"
+#| "      documentation of your card to see what sizes are allowed.\n"
 msgid ""
-"Note: There is no guarantee that the card supports the requested size.\n"
-"      If the key generation does not succeed, please check the\n"
-"      documentation of your card to see what sizes are allowed.\n"
+"Note: There is no guarantee that the card supports the requested\n"
+"      key type or size.  If the key generation does not succeed,\n"
+"      please check the documentation of your card to see which\n"
+"      key types and sizes are supported.\n"
 msgstr ""
 "請注意: 我們完全無法保證卡片支援你想用的尺寸.\n"
 "      如果金鑰產生失敗了, 煩請查閱你卡片上的文件,\n"
 "      看看這張卡片支援哪些尺寸.\n"
 
-#: g10/card-util.c:1390 g10/keygen.c:2363 sm/certreqgen-ui.c:179
+#: g10/card-util.c:1396 g10/keygen.c:2570 sm/certreqgen-ui.c:180
 #, c-format
 msgid "What keysize do you want? (%u) "
 msgstr "你想要用多大的金鑰尺寸? (%u) "
 
-#: g10/card-util.c:1400 g10/keygen.c:2286 g10/keygen.c:2318
-#: sm/certreqgen-ui.c:194
+#: g10/card-util.c:1406 g10/keygen.c:2493 g10/keygen.c:2525
+#: sm/certreqgen-ui.c:195
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "加大到 %u 位元\n"
 
-#: g10/card-util.c:1408 g10/keygen.c:2371 sm/certreqgen-ui.c:184
+#: g10/card-util.c:1414 g10/keygen.c:2578 sm/certreqgen-ui.c:185
 #, c-format
 msgid "%s keysizes must be in the range %u-%u\n"
 msgstr "%s 金鑰尺寸一定要介於 %u 到 %u 之間\n"
 
-#: g10/card-util.c:1427
+#: g10/card-util.c:1433
 msgid "Changing card key attribute for: "
 msgstr ""
 
-#: g10/card-util.c:1429
+#: g10/card-util.c:1435
 #, fuzzy
 #| msgid "   (1) Signature key\n"
 msgid "Signature key\n"
 msgstr "   (1) 簽署用金鑰\n"
 
-#: g10/card-util.c:1431
+#: g10/card-util.c:1437
 #, fuzzy
 #| msgid "   (2) Encryption key\n"
 msgid "Encryption key\n"
 msgstr "   (2) 加密用金鑰\n"
 
-#: g10/card-util.c:1433
+#: g10/card-util.c:1439
 #, fuzzy
 #| msgid "   (3) Authentication key\n"
 msgid "Authentication key\n"
 msgstr "   (3) 憑證用金鑰\n"
 
-#: g10/card-util.c:1435 g10/keygen.c:1926 sm/certreqgen-ui.c:157
+#: g10/card-util.c:1441 g10/keygen.c:2112 sm/certreqgen-ui.c:158
 msgid "Please select what kind of key you want:\n"
 msgstr "請選擇你要使用的金鑰種類:\n"
 
-#: g10/card-util.c:1436 sm/certreqgen-ui.c:158
+#: g10/card-util.c:1442 sm/certreqgen-ui.c:159
 #, c-format
 msgid "   (%d) RSA\n"
 msgstr "   (%d) RSA\n"
 
-#: g10/card-util.c:1437
+#: g10/card-util.c:1443
 #, fuzzy, c-format
 #| msgid "   (%d) ECC and ECC\n"
 msgid "   (%d) ECC\n"
 msgstr "   (%d) ECC 和 ECC\n"
 
-#: g10/card-util.c:1449 g10/card-util.c:1716 g10/card-util.c:1816
-#: g10/keyedit.c:900 g10/keygen.c:1834 g10/keygen.c:1862 g10/keygen.c:1987
-#: g10/keygen.c:2222 g10/keygen.c:2505 g10/revoke.c:838
+#: g10/card-util.c:1455 g10/card-util.c:1722 g10/card-util.c:1822
+#: g10/keyedit.c:900 g10/keygen.c:2017 g10/keygen.c:2045 g10/keygen.c:2172
+#: g10/keygen.c:2425 g10/keygen.c:2713 g10/revoke.c:836
 msgid "Invalid selection.\n"
 msgstr "無效的選擇.\n"
 
-#: g10/card-util.c:1522
+#: g10/card-util.c:1528
 #, c-format
 msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgstr "這張卡片將重新加以組態, 以便產生 %u 位元的金鑰\n"
 
-#: g10/card-util.c:1527
+#: g10/card-util.c:1533
 #, fuzzy, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
 msgstr "這張卡片將重新加以組態, 以便產生 %u 位元的金鑰\n"
 
-#: g10/card-util.c:1563
+#: g10/card-util.c:1569
 #, fuzzy, c-format
 #| msgid "error changing size of key %d to %u bits: %s\n"
 msgid "error changing key attribute for key %d: %s\n"
 msgstr "將金鑰 %d 尺寸變更至 %u 位元時出錯: %s\n"
 
-#: g10/card-util.c:1579 g10/card-util.c:2106
+#: g10/card-util.c:1585 g10/card-util.c:2106 g10/card-util.c:2162
 #, fuzzy, c-format
 #| msgid "error getting current key info: %s\n"
 msgid "error getting card info: %s\n"
 msgstr "取得現用金鑰資訊時出錯: %s\n"
 
-#: g10/card-util.c:1585 g10/card-util.c:1930 g10/card-util.c:2112
+#: g10/card-util.c:1591 g10/card-util.c:1936 g10/card-util.c:2112
+#: g10/card-util.c:2171 tools/gpg-card.c:3056 tools/gpg-card.c:3295
+#: tools/gpg-card.c:3353
 #, fuzzy, c-format
 #| msgid "This command is not allowed while in %s mode.\n"
 msgid "This command is not supported by this card\n"
 msgstr "在 %s 模式中不允許使用這個指令.\n"
 
-#: g10/card-util.c:1631
+#: g10/card-util.c:1637 tools/gpg-card.c:2425
 msgid "Make off-card backup of encryption key? (Y/n) "
 msgstr "是否要為加密用金鑰建立卡外備份? (Y/n) "
 
-#: g10/card-util.c:1645
+#: g10/card-util.c:1651
 #, c-format
 msgid "Note: keys are already stored on the card!\n"
 msgstr "請注意: 金鑰已經存放在卡片上了!\n"
 
-#: g10/card-util.c:1648
+#: g10/card-util.c:1654 tools/gpg-card.c:2397
 msgid "Replace existing keys? (y/N) "
 msgstr "是否要取代既有的金鑰? (y/N) "
 
-#: g10/card-util.c:1660
+#: g10/card-util.c:1666 tools/gpg-card.c:2456
 #, c-format
 msgid ""
 "Please note that the factory settings of the PINs are\n"
@@ -2123,196 +2028,210 @@ msgstr ""
 "   PIN = '%s'     管理者 PIN = '%s'\n"
 "你應該用 --change-pin 指令來加以變更\n"
 
-#: g10/card-util.c:1695
+#: g10/card-util.c:1701
 msgid "Please select the type of key to generate:\n"
 msgstr "請選擇你要產生的金鑰種類:\n"
 
-#: g10/card-util.c:1697 g10/card-util.c:1787
+#: g10/card-util.c:1703 g10/card-util.c:1793
 msgid "   (1) Signature key\n"
 msgstr "   (1) 簽署用金鑰\n"
 
-#: g10/card-util.c:1698 g10/card-util.c:1789
+#: g10/card-util.c:1704 g10/card-util.c:1795
 msgid "   (2) Encryption key\n"
 msgstr "   (2) 加密用金鑰\n"
 
-#: g10/card-util.c:1699 g10/card-util.c:1791
+#: g10/card-util.c:1705 g10/card-util.c:1797
 msgid "   (3) Authentication key\n"
 msgstr "   (3) 憑證用金鑰\n"
 
-#: g10/card-util.c:1784
+#: g10/card-util.c:1790
 msgid "Please select where to store the key:\n"
 msgstr "請選擇要把金鑰存放在哪裡:\n"
 
-#: g10/card-util.c:1830
+#: g10/card-util.c:1836
 #, c-format
 msgid "KEYTOCARD failed: %s\n"
 msgstr "KEYTOCARD 失敗: %s\n"
 
-#: g10/card-util.c:1935
+#: g10/card-util.c:1941 tools/gpg-card.c:3064
 #, fuzzy, c-format
 #| msgid "Note: keys are already stored on the card!\n"
 msgid "Note: This command destroys all keys stored on the card!\n"
 msgstr "請注意: 金鑰已經存放在卡片上了!\n"
 
-#: g10/card-util.c:1938
+#: g10/card-util.c:1944 tools/gpg-card.c:3067 tools/gpg-card.c:3408
 #, fuzzy
 #| msgid "Continue? (Y/n) "
 msgid "Continue? (y/N) "
 msgstr "是否繼續? (Y/n) "
 
-#: g10/card-util.c:1943
+#: g10/card-util.c:1949 tools/gpg-card.c:3078
 msgid "Really do a factory reset? (enter \"yes\") "
 msgstr ""
 
-#: g10/card-util.c:2129
+#: g10/card-util.c:2142
 #, fuzzy, c-format
 #| msgid "error closing %s: %s\n"
 msgid "error for setup KDF: %s\n"
 msgstr "關閉 %s 時出錯: %s\n"
 
-#: g10/card-util.c:2158 g10/keyedit.c:1260
+#: g10/card-util.c:2188
+#, fuzzy, c-format
+#| msgid "error closing %s: %s\n"
+msgid "error for setup UIF: %s\n"
+msgstr "關閉 %s 時出錯: %s\n"
+
+#: g10/card-util.c:2212 g10/keyedit.c:1263 tools/gpg-card.c:3648
 msgid "quit this menu"
 msgstr "離開這個選單"
 
-#: g10/card-util.c:2160
+#: g10/card-util.c:2214
 msgid "show admin commands"
 msgstr "顯示管理者指令"
 
-#: g10/card-util.c:2161 g10/keyedit.c:1263
+#: g10/card-util.c:2215 g10/keyedit.c:1266 tools/gpg-card.c:3651
 msgid "show this help"
 msgstr "顯示這份線上說明"
 
-#: g10/card-util.c:2163
+#: g10/card-util.c:2217 tools/gpg-card.c:3653
 msgid "list all available data"
 msgstr "列出所有可用的資料"
 
-#: g10/card-util.c:2166
+#: g10/card-util.c:2220 tools/gpg-card.c:3655
 msgid "change card holder's name"
 msgstr "變更卡片持有人的名字"
 
-#: g10/card-util.c:2167
+#: g10/card-util.c:2221 tools/gpg-card.c:3656
 msgid "change URL to retrieve key"
 msgstr "變更取回金鑰的 URL"
 
-#: g10/card-util.c:2168
+#: g10/card-util.c:2222 tools/gpg-card.c:3657
 msgid "fetch the key specified in the card URL"
 msgstr "從卡片 URL 取回指定的金鑰"
 
-#: g10/card-util.c:2169
+#: g10/card-util.c:2223 tools/gpg-card.c:3658
 msgid "change the login name"
 msgstr "變更登入名稱"
 
-#: g10/card-util.c:2170
+#: g10/card-util.c:2224 tools/gpg-card.c:3659
 msgid "change the language preferences"
 msgstr "變更介面語言偏好設定"
 
-#: g10/card-util.c:2171
+#: g10/card-util.c:2225 tools/gpg-card.c:3660
 #, fuzzy
 #| msgid "change card holder's sex"
 msgid "change card holder's salutation"
 msgstr "變更卡片持有者的性別"
 
-#: g10/card-util.c:2173
+#: g10/card-util.c:2227 tools/gpg-card.c:3662
 msgid "change a CA fingerprint"
 msgstr "變更某個憑證中心 (CA) 的指紋"
 
-#: g10/card-util.c:2174
+#: g10/card-util.c:2228 tools/gpg-card.c:3663
 msgid "toggle the signature force PIN flag"
 msgstr "切換簽章是否強制使用個人識別碼 (PIN) 的旗標"
 
-#: g10/card-util.c:2175
+#: g10/card-util.c:2229 tools/gpg-card.c:3664
 msgid "generate new keys"
 msgstr "產生新的金鑰"
 
-#: g10/card-util.c:2176
+#: g10/card-util.c:2230 tools/gpg-card.c:3665
 msgid "menu to change or unblock the PIN"
 msgstr "變更或重設個人識別碼 (PIN) 的選單"
 
-#: g10/card-util.c:2177
+#: g10/card-util.c:2231 tools/gpg-card.c:3666
 msgid "verify the PIN and list all data"
 msgstr "驗證個人識別碼 (PIN) 並列出所有的資料"
 
-#: g10/card-util.c:2178
+#: g10/card-util.c:2232 tools/gpg-card.c:3667
 msgid "unblock the PIN using a Reset Code"
 msgstr "用重設碼來解凍個人識別碼 (PIN)"
 
-#: g10/card-util.c:2179
+#: g10/card-util.c:2233 tools/gpg-card.c:3671
 msgid "destroy all keys and data"
 msgstr ""
 
-#: g10/card-util.c:2180
+#: g10/card-util.c:2235
 #, fuzzy
 #| msgid "|NAME|use user NAME for authentication"
-msgid "setup KDF for PIN authentication"
+msgid "setup KDF for PIN authentication (on/single/off)"
 msgstr "|名字|使用指定名字做為認證用的使用者名稱"
 
-#: g10/card-util.c:2181
+#: g10/card-util.c:2236
 #, fuzzy
 #| msgid "change the ownertrust"
 msgid "change the key attribute"
 msgstr "更改主觀信任"
 
-#: g10/card-util.c:2305
+#: g10/card-util.c:2237 tools/gpg-card.c:3673
+#, fuzzy
+#| msgid "change the ownertrust"
+msgid "change the User Interaction Flag"
+msgstr "更改主觀信任"
+
+#: g10/card-util.c:2361 tools/gpg-card.c:3923
 msgid "gpg/card> "
 msgstr "gpg/卡片> "
 
-#: g10/card-util.c:2346
+#: g10/card-util.c:2402
 msgid "Admin-only command\n"
 msgstr "限管理者使用的指令\n"
 
-#: g10/card-util.c:2377
+#: g10/card-util.c:2433
 msgid "Admin commands are allowed\n"
 msgstr "允許使用管理者指令\n"
 
-#: g10/card-util.c:2379
+#: g10/card-util.c:2435
 msgid "Admin commands are not allowed\n"
 msgstr "未允許使用管理者指令\n"
 
-#: g10/card-util.c:2482 g10/keyedit.c:2229
+#: g10/card-util.c:2546 g10/keyedit.c:2275 tools/gpg-card.c:3813
+#: tools/gpg-card.c:4071
+#, c-format
 msgid "Invalid command  (try \"help\")\n"
 msgstr "無效的指令  (試試看 \"help\")\n"
 
-#: g10/decrypt.c:191 g10/encrypt.c:1018
+#: g10/decrypt.c:191 g10/encrypt.c:1214
 #, c-format
 msgid "--output doesn't work for this command\n"
 msgstr "--output 在這個指令中沒有作用\n"
 
-#: g10/decrypt.c:247 g10/gpg.c:5155 g10/keyring.c:399 g10/keyring.c:750
+#: g10/decrypt.c:247 g10/gpg.c:5262 g10/keyring.c:399 g10/keyring.c:750
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "無法開啟 '%s'\n"
 
-#: g10/delkey.c:83 g10/export.c:1947 g10/export.c:2230 g10/export.c:2351
-#: g10/getkey.c:2108 g10/gpg.c:5100 g10/keyedit.c:1445 g10/keyedit.c:2335
-#: g10/keyedit.c:2637 g10/keyedit.c:4600 g10/keylist.c:693 g10/keyserver.c:1092
-#: g10/revoke.c:230 g10/tofu.c:2165
+#: g10/delkey.c:81 g10/export.c:1934 g10/export.c:2342 g10/export.c:2463
+#: g10/getkey.c:1907 g10/gpg.c:5207 g10/keyedit.c:1450 g10/keyedit.c:2382
+#: g10/keyedit.c:2626 g10/keyedit.c:4580 g10/keylist.c:703 g10/keyserver.c:1238
+#: g10/revoke.c:230 g10/tofu.c:2168
 #, c-format
 msgid "key \"%s\" not found: %s\n"
 msgstr "找不到金鑰 \"%s\": %s\n"
 
-#: g10/delkey.c:92 g10/export.c:2015 g10/getkey.c:2116 g10/getkey.c:4517
-#: g10/gpg.c:5109 g10/keyedit.c:2308 g10/keyserver.c:1110 g10/revoke.c:236
-#: g10/revoke.c:663 g10/tofu.c:2173
+#: g10/delkey.c:90 g10/export.c:2002 g10/getkey.c:1915 g10/getkey.c:4303
+#: g10/gpg.c:5216 g10/keyedit.c:2354 g10/keyserver.c:1256 g10/revoke.c:236
+#: g10/revoke.c:665 g10/tofu.c:2176
 #, c-format
 msgid "error reading keyblock: %s\n"
 msgstr "讀取金鑰區塊時出錯: %s\n"
 
-#: g10/delkey.c:150
+#: g10/delkey.c:148
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "key \"%s\" not found\n"
 msgstr "找不到金鑰 \"%s\": %s\n"
 
-#: g10/delkey.c:161 g10/delkey.c:168
-#, c-format
-msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(除非你用指紋指定了金鑰)\n"
-
-#: g10/delkey.c:167
+#: g10/delkey.c:158 g10/delkey.c:171
 #, c-format
 msgid "can't do this in batch mode without \"--yes\"\n"
 msgstr "沒有 \"--yes\" 就沒辦法在批次模式中這麼做\n"
 
+#: g10/delkey.c:165 g10/delkey.c:172
+#, c-format
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(除非你用指紋指定了金鑰)\n"
+
 #: g10/delkey.c:182
 msgid "Note: The public primary key and all its subkeys will be deleted.\n"
 msgstr ""
@@ -2350,9 +2269,9 @@ msgstr "金鑰"
 msgid "subkey"
 msgstr "子鑰"
 
-#: g10/delkey.c:299 g10/keyedit.c:2201 g10/keyedit.c:2211 g10/keyedit.c:2388
-#: g10/keyedit.c:2519 g10/keyedit.c:2589 g10/keyedit.c:2814 g10/keyedit.c:3044
-#: g10/keyedit.c:3113 g10/keyedit.c:3264
+#: g10/delkey.c:299 g10/keyedit.c:2247 g10/keyedit.c:2257 g10/keyedit.c:2435
+#: g10/keyedit.c:2509 g10/keyedit.c:2580 g10/keyedit.c:2793 g10/keyedit.c:3023
+#: g10/keyedit.c:3092 g10/keyedit.c:3242
 #, c-format
 msgid "update failed: %s\n"
 msgstr "更新失敗: %s\n"
@@ -2377,164 +2296,127 @@ msgstr "公鑰 \"%s\" 有相對應的私鑰!\n"
 msgid "use option \"--delete-secret-keys\" to delete it first.\n"
 msgstr "請先以 \"--delete-secret-keys\" 選項來刪除它.\n"
 
-#: g10/encrypt.c:116
-#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
-msgstr "警告: 強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
-
-#: g10/encrypt.c:261 g10/sign.c:1470
+#: g10/encrypt.c:332 g10/sign.c:1613
 #, c-format
 msgid "error creating passphrase: %s\n"
 msgstr "建立密語時出錯: %s\n"
 
-#: g10/encrypt.c:268
+#: g10/encrypt.c:339
 #, c-format
 msgid "can't use a symmetric ESK packet due to the S2K mode\n"
 msgstr "因處於 S2K 模式下而無法使用對稱式 ESK 封包\n"
 
-#: g10/encrypt.c:282
-#, c-format
-msgid "using cipher %s\n"
+#: g10/encrypt.c:370
+#, fuzzy, c-format
+#| msgid "using cipher %s\n"
+msgid "using cipher %s.%s\n"
 msgstr "正在使用 %s 編密法\n"
 
-#: g10/encrypt.c:292 g10/encrypt.c:714
+#: g10/encrypt.c:382 g10/encrypt.c:869
 #, c-format
 msgid "'%s' already compressed\n"
 msgstr "'%s' 已經被壓縮了\n"
 
-#: g10/encrypt.c:349 g10/encrypt.c:750 g10/sign.c:760
+#: g10/encrypt.c:443 g10/encrypt.c:906 g10/sign.c:826
 #, c-format
 msgid "WARNING: '%s' is an empty file\n"
 msgstr "警告: '%s' 是個空檔案\n"
 
-#: g10/encrypt.c:446 g10/encrypt.c:521 g10/decrypt-data.c:266 g10/gpg.c:3959
-#: g10/gpg.c:3999 sm/decrypt.c:826 sm/encrypt.c:416 sm/gpgsm.c:1609
+#: g10/encrypt.c:544 g10/encrypt.c:795
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+msgid "cipher algorithm '%s' may not be used for encryption\n"
+msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n"
+
+#: g10/encrypt.c:547 g10/encrypt.c:798 g10/misc.c:400
+#, c-format
+msgid "(use option \"%s\" to override)\n"
+msgstr ""
+
+#: g10/encrypt.c:555 g10/encrypt.c:808 g10/decrypt-data.c:261 g10/gpg.c:4052
+#: g10/gpg.c:4099 sm/decrypt.c:742 sm/encrypt.c:691 sm/gpgsm.c:1760
 #, fuzzy, c-format
 #| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n"
 
-#: g10/encrypt.c:455 g10/gpg.c:3965 g10/gpg.c:4011 g10/sig-check.c:175
-#: g10/sign.c:391 sm/gpgsm.c:1619 sm/gpgsm.c:1629 sm/sign.c:478 sm/verify.c:506
+#: g10/encrypt.c:564 g10/gpg.c:4064 g10/gpg.c:4111 g10/sig-check.c:155
+#: g10/sign.c:452 sm/gpgsm.c:1770 sm/gpgsm.c:1780 sm/sign.c:596 sm/verify.c:510
 #, fuzzy, c-format
 #| msgid "you may not use digest algorithm '%s' while in %s mode\n"
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "你不該將 '%s' 摘要演算法用於 %s 模式\n"
 
-#: g10/encrypt.c:548 sm/encrypt.c:491
+#: g10/encrypt.c:727
+#, c-format
+msgid "reading from '%s'\n"
+msgstr "正在從 '%s' 讀取\n"
+
+#: g10/encrypt.c:783
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "警告: 強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
+
+#: g10/encrypt.c:838 sm/encrypt.c:766
 #, fuzzy, c-format
 #| msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
 msgstr "警告: \"%s%s\" 是已廢棄的選項 - 沒有效果\n"
 
-#: g10/encrypt.c:679
-#, c-format
-msgid "reading from '%s'\n"
-msgstr "正在從 '%s' 讀取\n"
-
-#: g10/encrypt.c:797 g10/sign.c:1162
+#: g10/encrypt.c:956 g10/sign.c:1266
 #, c-format
 msgid ""
 "WARNING: forcing compression algorithm %s (%d) violates recipient "
 "preferences\n"
 msgstr "警告: 強迫使用 %s (%d) 壓縮演算法會違反收件者偏好設定\n"
 
-#: g10/encrypt.c:965
+#: g10/encrypt.c:1066
 #, c-format
-msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
+
+#: g10/encrypt.c:1159
+#, fuzzy, c-format
+#| msgid "%s/%s encrypted for: \"%s\"\n"
+msgid "%s/%s.%s encrypted for: \"%s\"\n"
 msgstr "%s/%s 已加密給: \"%s\"\n"
 
-#: g10/encrypt.c:993 g10/pkclist.c:1028 g10/pkclist.c:1079
+#: g10/encrypt.c:1189 g10/pkclist.c:1052 g10/pkclist.c:1103
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "option '%s' may not be used in %s mode\n"
 msgstr "你不能夠將 %s 用於 %s 模式中\n"
 
-#: g10/decrypt-data.c:246 g10/mainproc.c:410
-#, c-format
-msgid "%s encrypted data\n"
+#: g10/decrypt-data.c:239 g10/mainproc.c:380 sm/decrypt.c:494
+#, fuzzy, c-format
+#| msgid "%s encrypted data\n"
+msgid "%s.%s encrypted data\n"
 msgstr "%s 已加密的資料\n"
 
-#: g10/decrypt-data.c:249 g10/mainproc.c:416
+#: g10/decrypt-data.c:244
 #, c-format
 msgid "encrypted with unknown algorithm %d\n"
 msgstr "以 %d 未知演算法所加密\n"
 
-#: g10/decrypt-data.c:372 g10/decrypt-data.c:425 sm/decrypt.c:550
+#: g10/decrypt-data.c:361 g10/decrypt-data.c:414 sm/decrypt.c:508
 #, c-format
 msgid ""
 "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr "警告: 訊息已用對稱式編密法的弱金鑰加密了.\n"
 
-#: g10/decrypt-data.c:384 g10/decrypt-data.c:437
+#: g10/decrypt-data.c:373 g10/decrypt-data.c:426
 #, c-format
 msgid "problem handling encrypted packet\n"
 msgstr "處理已加密封包有問題\n"
 
-#: g10/exec.c:60
-#, c-format
-msgid "no remote program execution supported\n"
-msgstr "沒有支援的遠端程式執行\n"
-
-#: g10/exec.c:389
-#, c-format
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
-msgstr "因為不安全的檔案權限選項, 而禁用了外部程式叫用\n"
+#: g10/export.c:119
+msgid "export signatures that are marked as local-only"
+msgstr "匯出標記為僅限本機使用的簽章"
 
-#: g10/exec.c:419
-#, c-format
-msgid "this platform requires temporary files when calling external programs\n"
-msgstr "在這個作業平台上叫用外部程式時需要暫存檔\n"
-
-#: g10/exec.c:497
-#, c-format
-msgid "unable to execute program '%s': %s\n"
-msgstr "無法執行程式 '%s': %s\n"
-
-#: g10/exec.c:500
-#, c-format
-msgid "unable to execute shell '%s': %s\n"
-msgstr "無法執行 shell '%s': %s\n"
-
-#: g10/exec.c:591
-#, c-format
-msgid "system error while calling external program: %s\n"
-msgstr "叫用外部程式時發生系統錯誤: %s\n"
-
-#: g10/exec.c:602 g10/exec.c:669
-#, c-format
-msgid "unnatural exit of external program\n"
-msgstr "外部程式不自然地離開\n"
-
-#: g10/exec.c:617
-#, c-format
-msgid "unable to execute external program\n"
-msgstr "無法執行外部程式\n"
-
-#: g10/exec.c:634
-#, c-format
-msgid "unable to read external program response: %s\n"
-msgstr "無法讀取外部程式回應: %s\n"
-
-#: g10/exec.c:680 g10/exec.c:687
-#, c-format
-msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
-msgstr "警告: 無法移除暫存檔 (%s) '%s': %s\n"
-
-#: g10/exec.c:692
-#, c-format
-msgid "WARNING: unable to remove temp directory '%s': %s\n"
-msgstr "警告: 無法移除暫存目錄 '%s': %s\n"
-
-#: g10/export.c:119
-msgid "export signatures that are marked as local-only"
-msgstr "匯出標記為僅限本機使用的簽章"
-
-#: g10/export.c:121
-msgid "export attribute user IDs (generally photo IDs)"
-msgstr "匯出署名使用者 ID (通常是照片 ID)"
+#: g10/export.c:121
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "匯出署名使用者 ID (通常是照片 ID)"
 
 #: g10/export.c:123
 msgid "export revocation keys marked as \"sensitive\""
@@ -2548,392 +2430,392 @@ msgstr "匯出時從金鑰中移除無法使用的部分"
 msgid "remove as much as possible from key during export"
 msgstr "匯出時盡可能地從金鑰中移除"
 
-#: g10/export.c:133
+#: g10/export.c:132
 msgid "use the GnuPG key backup format"
 msgstr ""
 
-#: g10/export.c:1291
+#: g10/export.c:1300
 msgid " - skipped"
 msgstr " - 已跳過"
 
-#: g10/export.c:1324 g10/import.c:2085 g10/openfile.c:200 g10/openfile.c:294
-#: g10/sign.c:1012 g10/sign.c:1326
+#: g10/export.c:1333 g10/import.c:2112 g10/openfile.c:202 g10/openfile.c:296
+#: g10/sign.c:1110 g10/sign.c:1447
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "正在寫入 '%s'\n"
 
-#: g10/export.c:1769
+#: g10/export.c:1756
 #, c-format
 msgid "key %s: key material on-card - skipped\n"
 msgstr "金鑰 %s: 金鑰資料在卡片上 - 已跳過\n"
 
-#: g10/export.c:1964
+#: g10/export.c:1951
 #, c-format
 msgid "exporting secret keys not allowed\n"
 msgstr "不允許匯出私鑰\n"
 
-#: g10/export.c:2041
+#: g10/export.c:2028
 #, c-format
 msgid "key %s: PGP 2.x style key - skipped\n"
 msgstr "金鑰 %s: PGP 2.x 型態的金鑰 - 已跳過\n"
 
-#: g10/export.c:2135
+#: g10/export.c:2119
 #, c-format
 msgid "WARNING: nothing exported\n"
 msgstr "警告: 沒有匯出任何東西\n"
 
-#: g10/export.c:2432 g10/plaintext.c:153 g10/plaintext.c:162
-#: g10/plaintext.c:168 g10/plaintext.c:191
+#: g10/export.c:2478 g10/plaintext.c:152 g10/plaintext.c:161
+#: g10/plaintext.c:167
 #, c-format
 msgid "error creating '%s': %s\n"
 msgstr "建立 '%s' 時出錯: %s\n"
 
-#: g10/getkey.c:259
+#: g10/getkey.c:252
 msgid "[User ID not found]"
 msgstr "[找不到使用者 ID]"
 
-#: g10/getkey.c:1441
+#: g10/getkey.c:1199
 #, c-format
 msgid "automatically retrieved '%s' via %s\n"
 msgstr "已自動取回 '%s' (經由 %s )\n"
 
-#: g10/getkey.c:1447
+#: g10/getkey.c:1205
 #, c-format
 msgid "error retrieving '%s' via %s: %s\n"
 msgstr "取得 '%s' (經由 %s ) 時出錯: %s\n"
 
-#: g10/getkey.c:1449
+#: g10/getkey.c:1207
 msgid "No fingerprint"
 msgstr "沒有指紋"
 
-#: g10/getkey.c:1670
+#: g10/getkey.c:1449
 #, c-format
 msgid "checking for a fresh copy of an expired key via %s\n"
 msgstr ""
 
-#: g10/getkey.c:2085 g10/revoke.c:655 g10/revoke.c:720
+#: g10/getkey.c:1884 g10/revoke.c:657 g10/revoke.c:718
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "找不到私鑰 \"%s\": %s\n"
 
-#: g10/getkey.c:2088 g10/pkclist.c:988
+#: g10/getkey.c:1887 g10/pkclist.c:1012
 #, fuzzy, c-format
 #| msgid "missing argument for option \"%.50s\"\n"
 msgid "(check argument of option '%s')\n"
 msgstr "\"%.50s\" 選項遺失了引數\n"
 
-#: g10/getkey.c:2164
+#: g10/getkey.c:1965
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "Warning: not using '%s' as default key: %s\n"
 msgstr "|名字|使用指定名字做為預設私鑰"
 
-#: g10/getkey.c:2172
+#: g10/getkey.c:1973
 #, fuzzy, c-format
 #| msgid "|NAME|use NAME as default secret key"
 msgid "using \"%s\" as default secret key for signing\n"
 msgstr "|名字|使用指定名字做為預設私鑰"
 
-#: g10/getkey.c:2179
+#: g10/getkey.c:1980
 #, c-format
 msgid "all values passed to '%s' ignored\n"
 msgstr ""
 
-#: g10/getkey.c:3024
+#: g10/getkey.c:2837
 #, c-format
 msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
 msgstr "無效的金鑰 %s 可以藉由 --allow-non-selfsigned-uid 而生效\n"
 
-#: g10/getkey.c:3874
+#: g10/getkey.c:3703
 #, c-format
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "使用子鑰 %s 來替換主鑰 %s\n"
 
-#: g10/getkey.c:4446 g10/gpg.c:2137
+#: g10/getkey.c:4232 g10/gpg.c:2164
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "valid values for option '%s':\n"
 msgstr "選項 \"%.50s\" 的引數無效\n"
 
-#: g10/gpg.c:443 sm/gpgsm.c:212
+#: g10/gpg.c:449 sm/gpgsm.c:215
 msgid "make a signature"
 msgstr "建立簽章"
 
-#: g10/gpg.c:444
+#: g10/gpg.c:450
 msgid "make a clear text signature"
 msgstr "建立明文簽章"
 
-#: g10/gpg.c:446 sm/gpgsm.c:214
+#: g10/gpg.c:452 sm/gpgsm.c:217
 msgid "make a detached signature"
 msgstr "建立分離式簽章"
 
-#: g10/gpg.c:447 sm/gpgsm.c:215
+#: g10/gpg.c:453 sm/gpgsm.c:218
 msgid "encrypt data"
 msgstr "加密資料"
 
-#: g10/gpg.c:449
+#: g10/gpg.c:455
 msgid "encryption only with symmetric cipher"
 msgstr "僅使用對稱式編密法來加密"
 
-#: g10/gpg.c:451 sm/gpgsm.c:217
+#: g10/gpg.c:457 sm/gpgsm.c:220
 msgid "decrypt data (default)"
 msgstr "資料解密 (預設)"
 
-#: g10/gpg.c:453 sm/gpgsm.c:218
+#: g10/gpg.c:459 sm/gpgsm.c:221
 msgid "verify a signature"
 msgstr "驗證簽章"
 
-#: g10/gpg.c:455 sm/gpgsm.c:219
+#: g10/gpg.c:461 sm/gpgsm.c:222
 msgid "list keys"
 msgstr "列出金鑰"
 
-#: g10/gpg.c:457
+#: g10/gpg.c:463
 msgid "list keys and signatures"
 msgstr "列出金鑰和簽章"
 
-#: g10/gpg.c:460
+#: g10/gpg.c:466
 msgid "list and check key signatures"
 msgstr "列出並檢查金鑰簽章"
 
-#: g10/gpg.c:462 sm/gpgsm.c:224
+#: g10/gpg.c:468 sm/gpgsm.c:227
 msgid "list keys and fingerprints"
 msgstr "列出金鑰和指紋"
 
-#: g10/gpg.c:463 sm/gpgsm.c:222
+#: g10/gpg.c:469 sm/gpgsm.c:225
 msgid "list secret keys"
 msgstr "列出私鑰"
 
-#: g10/gpg.c:465 sm/gpgsm.c:225
+#: g10/gpg.c:471 sm/gpgsm.c:228
 msgid "generate a new key pair"
 msgstr "產生新的金鑰對"
 
-#: g10/gpg.c:468
+#: g10/gpg.c:474
 msgid "quickly generate a new key pair"
 msgstr "快速產生新的金鑰對"
 
-#: g10/gpg.c:471
+#: g10/gpg.c:477
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly add a new user-id"
 msgstr "快速產生新的金鑰對"
 
-#: g10/gpg.c:476
+#: g10/gpg.c:482
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly revoke a user-id"
 msgstr "快速產生新的金鑰對"
 
-#: g10/gpg.c:479
+#: g10/gpg.c:485
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly set a new expiration date"
 msgstr "快速產生新的金鑰對"
 
-#: g10/gpg.c:482
+#: g10/gpg.c:488
 msgid "full featured key pair generation"
 msgstr "全能金鑰對生成"
 
-#: g10/gpg.c:485
+#: g10/gpg.c:491
 msgid "generate a revocation certificate"
 msgstr "產生撤銷憑證"
 
-#: g10/gpg.c:488 sm/gpgsm.c:228
+#: g10/gpg.c:494 sm/gpgsm.c:231
 msgid "remove keys from the public keyring"
 msgstr "從公鑰鑰匙圈裡移除金鑰"
 
-#: g10/gpg.c:490
+#: g10/gpg.c:496
 msgid "remove keys from the secret keyring"
 msgstr "從私鑰鑰匙圈裡移除金鑰"
 
-#: g10/gpg.c:492
+#: g10/gpg.c:498
 msgid "quickly sign a key"
 msgstr "快速簽署金鑰"
 
-#: g10/gpg.c:494
+#: g10/gpg.c:500
 msgid "quickly sign a key locally"
 msgstr "快速在本機簽署金鑰"
 
-#: g10/gpg.c:496
+#: g10/gpg.c:502
 #, fuzzy
 #| msgid "quickly generate a new key pair"
 msgid "quickly revoke a key signature"
 msgstr "快速產生新的金鑰對"
 
-#: g10/gpg.c:497
+#: g10/gpg.c:503
 msgid "sign a key"
 msgstr "簽署金鑰"
 
-#: g10/gpg.c:498
+#: g10/gpg.c:504
 msgid "sign a key locally"
 msgstr "僅在本機簽署金鑰"
 
-#: g10/gpg.c:499
+#: g10/gpg.c:505
 msgid "sign or edit a key"
 msgstr "簽署或編輯金鑰"
 
-#: g10/gpg.c:501 sm/gpgsm.c:246
+#: g10/gpg.c:507 sm/gpgsm.c:249
 msgid "change a passphrase"
 msgstr "更改密語"
 
-#: g10/gpg.c:505
+#: g10/gpg.c:511
 msgid "export keys"
 msgstr "匯出金鑰"
 
-#: g10/gpg.c:506
+#: g10/gpg.c:512
 msgid "export keys to a keyserver"
 msgstr "把金鑰匯出至金鑰伺服器"
 
-#: g10/gpg.c:507
+#: g10/gpg.c:513
 msgid "import keys from a keyserver"
 msgstr "從金鑰伺服器匯入金鑰"
 
-#: g10/gpg.c:510
+#: g10/gpg.c:516
 msgid "search for keys on a keyserver"
 msgstr "在金鑰伺服器上搜尋金鑰"
 
-#: g10/gpg.c:512
+#: g10/gpg.c:518
 msgid "update all keys from a keyserver"
 msgstr "從金鑰伺服器更新所有的金鑰"
 
-#: g10/gpg.c:520
+#: g10/gpg.c:526
 msgid "import/merge keys"
 msgstr "匯入/合併金鑰"
 
-#: g10/gpg.c:523
+#: g10/gpg.c:529
 msgid "print the card status"
 msgstr "列印卡片狀態"
 
-#: g10/gpg.c:524
+#: g10/gpg.c:530
 msgid "change data on a card"
 msgstr "變更卡片上的資料"
 
-#: g10/gpg.c:526
+#: g10/gpg.c:532
 msgid "change a card's PIN"
 msgstr "變更卡片的個人識別碼 (PIN)"
 
-#: g10/gpg.c:538
+#: g10/gpg.c:544
 msgid "update the trust database"
 msgstr "更新信任資料庫"
 
-#: g10/gpg.c:548
+#: g10/gpg.c:554
 msgid "print message digests"
 msgstr "印出訊息摘要"
 
-#: g10/gpg.c:552 sm/gpgsm.c:241
+#: g10/gpg.c:558 sm/gpgsm.c:244
 msgid "run in server mode"
 msgstr "以伺服器模式執行"
 
-#: g10/gpg.c:554
+#: g10/gpg.c:560
 msgid "|VALUE|set the TOFU policy for a key"
 msgstr ""
 
-#: g10/gpg.c:594
+#: g10/gpg.c:603
 msgid "|NAME|use NAME as default secret key"
 msgstr "|名字|使用指定名字做為預設私鑰"
 
-#: g10/gpg.c:596 sm/gpgsm.c:332
+#: g10/gpg.c:605 sm/gpgsm.c:337
 msgid "|NAME|encrypt to user ID NAME as well"
 msgstr "|名字|也加密給指定名字的使用者 ID"
 
-#: g10/gpg.c:604
+#: g10/gpg.c:613
 msgid "|SPEC|set up email aliases"
 msgstr "|SPEC|設定電子郵件別名"
 
-#: g10/gpg.c:616
+#: g10/gpg.c:625
 msgid "use strict OpenPGP behavior"
 msgstr "使用嚴謹的 OpenPGP 行為"
 
-#: g10/gpg.c:641 kbx/kbxutil.c:90 sm/gpgsm.c:412 tools/gpgconf.c:112
+#: g10/gpg.c:650 kbx/kbxutil.c:91 sm/gpgsm.c:421 tools/gpgconf.c:113
 msgid "do not make any changes"
 msgstr "不要做任何改變"
 
-#: g10/gpg.c:642
+#: g10/gpg.c:651
 msgid "prompt before overwriting"
 msgstr "覆寫前先詢問"
 
-#: g10/gpg.c:689 sm/gpgsm.c:304
+#: g10/gpg.c:700 sm/gpgsm.c:307
 #, fuzzy
 #| msgid "Options controlling the security"
 msgid "Options controlling the input"
 msgstr "控制著安全性的選項"
 
-#: g10/gpg.c:707 sm/gpgsm.c:314
+#: g10/gpg.c:718 sm/gpgsm.c:317
 #, fuzzy
 #| msgid "Options controlling the diagnostic output"
 msgid "Options controlling the output"
 msgstr "控制著診斷性輸出的選項"
 
-#: g10/gpg.c:709 sm/gpgsm.c:316
+#: g10/gpg.c:720 sm/gpgsm.c:319
 msgid "create ascii armored output"
 msgstr "建立以 ASCII 封裝過的輸出"
 
-#: g10/gpg.c:713 g10/gpgv.c:82 sm/gpgsm.c:321
+#: g10/gpg.c:724 g10/gpgv.c:82 sm/gpgsm.c:324
 msgid "|FILE|write output to FILE"
 msgstr "|檔案|將輸出寫入至指定檔案"
 
-#: g10/gpg.c:726
+#: g10/gpg.c:737
 msgid "use canonical text mode"
 msgstr "使用標準的文字模式"
 
-#: g10/gpg.c:743
+#: g10/gpg.c:755
 msgid "|N|set compress level to N (0 disables)"
 msgstr "|N|設定壓縮等級為 N (0 表示不壓縮)"
 
-#: g10/gpg.c:750 sm/gpgsm.c:347
+#: g10/gpg.c:761 sm/gpgsm.c:354
 #, fuzzy
 #| msgid "Options controlling the interactivity and enforcement"
 msgid "Options controlling key import and export"
 msgstr "控制著互動及強制執行的選項"
 
-#: g10/gpg.c:753
+#: g10/gpg.c:764
 msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
 msgstr "|MECHANISMS|使用 MECHANISMS 機制來從郵件地址找出金鑰"
 
-#: g10/gpg.c:756
+#: g10/gpg.c:767
 #, fuzzy
 #| msgid "import keys from a keyserver"
 msgid "import missing key from a signature"
 msgstr "從金鑰伺服器匯入金鑰"
 
-#: g10/gpg.c:761
+#: g10/gpg.c:772
 #, fuzzy
 #| msgid "list and check key signatures"
 msgid "include the public key in signatures"
 msgstr "列出並檢查金鑰簽章"
 
-#: g10/gpg.c:764 sm/gpgsm.c:350
+#: g10/gpg.c:775 sm/gpgsm.c:357
 msgid "disable all access to the dirmngr"
 msgstr "停用所有的 dirmngr 存取"
 
-#: g10/gpg.c:776 sm/gpgsm.c:357
+#: g10/gpg.c:787 sm/gpgsm.c:364
 #, fuzzy
 #| msgid "Options controlling the configuration"
 msgid "Options controlling key listings"
 msgstr "控制著組態的選項"
 
-#: g10/gpg.c:805 sm/gpgsm.c:324
+#: g10/gpg.c:817 sm/gpgsm.c:329
 #, fuzzy
 #| msgid "list secret keys"
 msgid "Options to specify keys"
 msgstr "列出私鑰"
 
-#: g10/gpg.c:807 sm/gpgsm.c:326
+#: g10/gpg.c:819 sm/gpgsm.c:331
 msgid "|USER-ID|encrypt for USER-ID"
 msgstr "|使用者-ID|以指定使用者 ID 作為加密對象"
 
-#: g10/gpg.c:815 sm/gpgsm.c:328
+#: g10/gpg.c:827 sm/gpgsm.c:333
 msgid "|USER-ID|use USER-ID to sign or decrypt"
 msgstr "|使用者-ID|拿指定使用者 ID 來簽署或解密"
 
-#: g10/gpg.c:866 sm/gpgsm.c:396
+#: g10/gpg.c:875 sm/gpgsm.c:405
 msgid "Options for unattended use"
 msgstr ""
 
-#: g10/gpg.c:885 sm/gpgsm.c:408 dirmngr/dirmngr.c:294
+#: g10/gpg.c:894 sm/gpgsm.c:417 dirmngr/dirmngr.c:285
 msgid "Other options"
 msgstr ""
 
-#: g10/gpg.c:953 sm/gpgsm.c:440
+#: g10/gpg.c:965 sm/gpgsm.c:450
 msgid ""
 "@\n"
 "(See the man page for a complete listing of all commands and options)\n"
@@ -2941,7 +2823,7 @@ msgstr ""
 "@\n"
 "(請參照線上說明頁面來取得所有命令和選項的完整清單)\n"
 
-#: g10/gpg.c:956
+#: g10/gpg.c:968
 #, fuzzy
 #| msgid ""
 #| "@\n"
@@ -2971,11 +2853,11 @@ msgstr ""
 " --list-keys [名字]         顯示金鑰\n"
 " --fingerprint [名字]       顯示指紋\n"
 
-#: g10/gpg.c:1130
+#: g10/gpg.c:1153
 msgid "Usage: @GPG@ [options] [files] (-h for help)"
 msgstr "用法: @GPG@ [選項] [檔案] (或用 -h 求助)"
 
-#: g10/gpg.c:1133
+#: g10/gpg.c:1156
 msgid ""
 "Syntax: @GPG@ [options] [files]\n"
 "Sign, check, encrypt or decrypt\n"
@@ -2985,7 +2867,7 @@ msgstr ""
 "簽署, 檢查, 加密, 解密\n"
 "預設的操作會依輸入資料而定\n"
 
-#: g10/gpg.c:1144 sm/gpgsm.c:624
+#: g10/gpg.c:1167 sm/gpgsm.c:633
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -2993,546 +2875,562 @@ msgstr ""
 "\n"
 "已支援的演算法:\n"
 
-#: g10/gpg.c:1147
+#: g10/gpg.c:1170
 msgid "Pubkey: "
 msgstr "公鑰: "
 
-#: g10/gpg.c:1154 g10/keyedit.c:3338
+#: g10/gpg.c:1177 g10/keyedit.c:3316
 msgid "Cipher: "
 msgstr "編密法: "
 
-#: g10/gpg.c:1161
+#: g10/gpg.c:1191
 msgid "Hash: "
 msgstr "雜湊: "
 
-#: g10/gpg.c:1168 g10/keyedit.c:3404
+#: g10/gpg.c:1198 g10/keyedit.c:3382
 msgid "Compression: "
 msgstr "壓縮: "
 
-#: g10/gpg.c:1241 sm/gpgsm.c:698
+#: g10/gpg.c:1273 sm/gpgsm.c:707
 #, c-format
 msgid "usage: %s [options] %s\n"
 msgstr "用法: %s [選項] %s\n"
 
-#: g10/gpg.c:1436 sm/gpgsm.c:791
+#: g10/gpg.c:1466 sm/gpgsm.c:800
 #, c-format
 msgid "conflicting commands\n"
 msgstr "指令彼此矛盾\n"
 
-#: g10/gpg.c:1454
+#: g10/gpg.c:1484
 #, c-format
 msgid "no = sign found in group definition '%s'\n"
 msgstr "在群組定義 '%s' 裡找不到 = 記號\n"
 
-#: g10/gpg.c:1652
+#: g10/gpg.c:1682
 #, c-format
 msgid "WARNING: unsafe ownership on homedir '%s'\n"
 msgstr "警告: 家目錄 '%s' 的所有權並不安全\n"
 
-#: g10/gpg.c:1655
+#: g10/gpg.c:1685
 #, c-format
 msgid "WARNING: unsafe ownership on configuration file '%s'\n"
 msgstr "警告: 組態檔案 '%s' 的所有權並不安全\n"
 
-#: g10/gpg.c:1658
+#: g10/gpg.c:1688
 #, c-format
 msgid "WARNING: unsafe ownership on extension '%s'\n"
 msgstr "警告: 延伸模組 '%s' 的所有權並不安全\n"
 
-#: g10/gpg.c:1664
+#: g10/gpg.c:1694
 #, c-format
 msgid "WARNING: unsafe permissions on homedir '%s'\n"
 msgstr "警告: 家目錄 '%s' 的權限並不安全\n"
 
-#: g10/gpg.c:1667
+#: g10/gpg.c:1697
 #, c-format
 msgid "WARNING: unsafe permissions on configuration file '%s'\n"
 msgstr "警告: 組態檔案 '%s' 的權限並不安全\n"
 
-#: g10/gpg.c:1670
+#: g10/gpg.c:1700
 #, c-format
 msgid "WARNING: unsafe permissions on extension '%s'\n"
 msgstr "警告: 延伸模組 '%s' 的權限並不安全\n"
 
-#: g10/gpg.c:1676
+#: g10/gpg.c:1706
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
 msgstr "警告: 家目錄 '%s' 的封入目錄所有權並不安全\n"
 
-#: g10/gpg.c:1679
+#: g10/gpg.c:1709
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
 msgstr "警告: 組態檔案 '%s' 的封入目錄所有權並不安全\n"
 
-#: g10/gpg.c:1682
+#: g10/gpg.c:1712
 #, c-format
 msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
 msgstr "警告: 延伸模組 '%s' 的封入目錄所有權並不安全\n"
 
-#: g10/gpg.c:1688
+#: g10/gpg.c:1718
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
 msgstr "警告: 家目錄 '%s' 的封入目錄權限並不安全\n"
 
-#: g10/gpg.c:1691
+#: g10/gpg.c:1721
 #, c-format
 msgid ""
 "WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
 msgstr "警告: 組態檔案 '%s' 的封入目錄權限並不安全\n"
 
-#: g10/gpg.c:1694
+#: g10/gpg.c:1724
 #, c-format
 msgid "WARNING: unsafe enclosing directory permissions on extension '%s'\n"
 msgstr "警告: 延伸模組 '%s' 的封入目錄權限並不安全\n"
 
-#: g10/gpg.c:1910
+#: g10/gpg.c:1940
 #, c-format
 msgid "unknown configuration item '%s'\n"
 msgstr "未知的組態項目 '%s'\n"
 
-#: g10/gpg.c:2009
+#: g10/gpg.c:2034
 msgid "display photo IDs during key listings"
 msgstr "列出金鑰時顯示照片 ID"
 
-#: g10/gpg.c:2011
+#: g10/gpg.c:2036
 msgid "show key usage information during key listings"
 msgstr "列出金鑰時顯示金鑰用途資訊"
 
-#: g10/gpg.c:2013
+#: g10/gpg.c:2038
 msgid "show policy URLs during signature listings"
 msgstr "列出簽章時顯示原則 URL"
 
-#: g10/gpg.c:2015
+#: g10/gpg.c:2040
 msgid "show all notations during signature listings"
 msgstr "列出簽章時顯示所有的註記"
 
-#: g10/gpg.c:2017
+#: g10/gpg.c:2042
 msgid "show IETF standard notations during signature listings"
 msgstr "列出簽章時顯示 IETF 標準註記"
 
-#: g10/gpg.c:2021
+#: g10/gpg.c:2046
 msgid "show user-supplied notations during signature listings"
 msgstr "列出簽章時顯示使用者提供的註記"
 
-#: g10/gpg.c:2023
+#: g10/gpg.c:2048
 msgid "show preferred keyserver URLs during signature listings"
 msgstr "列出簽章時顯示偏好的金鑰伺服器 URL"
 
-#: g10/gpg.c:2025
+#: g10/gpg.c:2050
 msgid "show user ID validity during key listings"
 msgstr "列出金鑰時顯示使用者 ID 有效性"
 
-#: g10/gpg.c:2027
+#: g10/gpg.c:2052
 msgid "show revoked and expired user IDs in key listings"
 msgstr "列出金鑰時顯示已撤銷或過期的使用者 ID"
 
-#: g10/gpg.c:2029
+#: g10/gpg.c:2054
 msgid "show revoked and expired subkeys in key listings"
 msgstr "列出金鑰時顯示已撤銷或過期的子鑰"
 
-#: g10/gpg.c:2031
+#: g10/gpg.c:2056
 msgid "show the keyring name in key listings"
 msgstr "在金鑰清單中顯示鑰匙圈名稱"
 
-#: g10/gpg.c:2033
+#: g10/gpg.c:2058
 msgid "show expiration dates during signature listings"
 msgstr "列出簽章時顯示有效期限"
 
-#: g10/gpg.c:2148
+#: g10/gpg.c:2175
 #, fuzzy, c-format
 #| msgid "unknown option '%s'\n"
 msgid "unknown TOFU policy '%s'\n"
 msgstr "未知的選項 '%s'\n"
 
-#: g10/gpg.c:2150
+#: g10/gpg.c:2177
 #, c-format
 msgid "(use \"help\" to list choices)\n"
 msgstr ""
 
-#: g10/gpg.c:2240 g10/keyedit.c:1719
-#, c-format
-msgid "This command is not allowed while in %s mode.\n"
-msgstr "在 %s 模式中不允許使用這個指令.\n"
-
-#: g10/gpg.c:2878 g10/gpg.c:3718 g10/gpg.c:3730
+#: g10/gpg.c:2972 g10/gpg.c:3797 g10/gpg.c:3809
 #, c-format
 msgid "Note: %s is not for normal use!\n"
 msgstr "請注意: 一般情況下不採用 %s!\n"
 
-#: g10/gpg.c:3053 g10/gpg.c:3065
+#: g10/gpg.c:3148 g10/gpg.c:3160
 #, c-format
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "'%s' 不是有效的簽章使用期限\n"
 
-#: g10/gpg.c:3087
+#: g10/gpg.c:3182
 #, fuzzy, c-format
 #| msgid "line %d: not a valid email address\n"
 msgid "\"%s\" is not a proper mail address\n"
 msgstr "第 %d 列: 不是有效的電子郵件地址\n"
 
-#: g10/gpg.c:3119 sm/gpgsm.c:1121
+#: g10/gpg.c:3214 sm/gpgsm.c:1265
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
 msgstr "無效的個人識別碼項目模式 '%s'\n"
 
-#: g10/gpg.c:3125 sm/gpgsm.c:1127
+#: g10/gpg.c:3220 sm/gpgsm.c:1271
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "invalid request origin '%s'\n"
 msgstr "選項 \"%.50s\" 的引數無效\n"
 
-#: g10/gpg.c:3179
+#: g10/gpg.c:3277
 #, c-format
 msgid "'%s' is not a valid character set\n"
 msgstr "'%s' 不是有效的字元集\n"
 
-#: g10/gpg.c:3201 g10/gpg.c:3415 g10/keyedit.c:5338
+#: g10/gpg.c:3299 g10/gpg.c:3508 g10/keyedit.c:5319
 #, c-format
 msgid "could not parse keyserver URL\n"
 msgstr "無法剖析金鑰伺服器 URL\n"
 
-#: g10/gpg.c:3219
+#: g10/gpg.c:3317
 #, c-format
 msgid "%s:%d: invalid keyserver options\n"
 msgstr "%s:%d: 無效的金鑰伺服器選項\n"
 
-#: g10/gpg.c:3222
+#: g10/gpg.c:3320
 #, c-format
 msgid "invalid keyserver options\n"
 msgstr "無效的金鑰伺服器選項\n"
 
-#: g10/gpg.c:3229
+#: g10/gpg.c:3327
 #, c-format
 msgid "%s:%d: invalid import options\n"
 msgstr "%s:%d: 無效的匯入選項\n"
 
-#: g10/gpg.c:3232
+#: g10/gpg.c:3330
 #, c-format
 msgid "invalid import options\n"
 msgstr "無效的匯入選項\n"
 
-#: g10/gpg.c:3238 g10/gpg.c:3253
+#: g10/gpg.c:3336 g10/gpg.c:3351
 #, fuzzy, c-format
 #| msgid "invalid list options\n"
 msgid "invalid filter option: %s\n"
 msgstr "無效的清單選項\n"
 
-#: g10/gpg.c:3244
+#: g10/gpg.c:3342
 #, c-format
 msgid "%s:%d: invalid export options\n"
 msgstr "%s:%d: 無效的匯出選項\n"
 
-#: g10/gpg.c:3247
+#: g10/gpg.c:3345
 #, c-format
 msgid "invalid export options\n"
 msgstr "無效的匯出選項\n"
 
-#: g10/gpg.c:3259
+#: g10/gpg.c:3357
 #, c-format
 msgid "%s:%d: invalid list options\n"
 msgstr "%s:%d: 無效的清單選項\n"
 
-#: g10/gpg.c:3262
+#: g10/gpg.c:3360
 #, c-format
 msgid "invalid list options\n"
 msgstr "無效的清單選項\n"
 
-#: g10/gpg.c:3270
+#: g10/gpg.c:3368
 msgid "display photo IDs during signature verification"
 msgstr "驗證簽章時顯示照片 ID"
 
-#: g10/gpg.c:3272
+#: g10/gpg.c:3370
 msgid "show policy URLs during signature verification"
 msgstr "驗證簽章時顯示原則 URL"
 
-#: g10/gpg.c:3274
+#: g10/gpg.c:3372
 msgid "show all notations during signature verification"
 msgstr "驗證簽章時顯示所有的註記"
 
-#: g10/gpg.c:3276
+#: g10/gpg.c:3374
 msgid "show IETF standard notations during signature verification"
 msgstr "驗證簽章時顯示 IETF 標準註記"
 
-#: g10/gpg.c:3280
+#: g10/gpg.c:3378
 msgid "show user-supplied notations during signature verification"
 msgstr "驗證簽章時顯示使用者提供的註記"
 
-#: g10/gpg.c:3282
+#: g10/gpg.c:3380
 msgid "show preferred keyserver URLs during signature verification"
 msgstr "驗證簽章時顯示偏好的金鑰伺服器 URL"
 
-#: g10/gpg.c:3284
+#: g10/gpg.c:3382
 msgid "show user ID validity during signature verification"
 msgstr "驗證簽章時顯示使用者 ID 有效性"
 
-#: g10/gpg.c:3286
+#: g10/gpg.c:3384
 msgid "show revoked and expired user IDs in signature verification"
 msgstr "驗證簽章時顯示已撤銷或過期的使用者 ID"
 
-#: g10/gpg.c:3288
+#: g10/gpg.c:3386
 msgid "show only the primary user ID in signature verification"
 msgstr "驗證簽章時祇顯示主要的使用者 ID"
 
-#: g10/gpg.c:3290
-msgid "validate signatures with PKA data"
-msgstr "以 PKA 資料驗證簽章"
-
-#: g10/gpg.c:3292
-msgid "elevate the trust of signatures with valid PKA data"
-msgstr "提高對持有有效 PKA 資料之簽章的信任"
-
-#: g10/gpg.c:3299
+#: g10/gpg.c:3393
 #, c-format
 msgid "%s:%d: invalid verify options\n"
 msgstr "%s:%d: 無效的驗證選項\n"
 
-#: g10/gpg.c:3302
+#: g10/gpg.c:3396
 #, c-format
 msgid "invalid verify options\n"
 msgstr "無效的驗證選項\n"
 
-#: g10/gpg.c:3309
+#: g10/gpg.c:3403
 #, c-format
 msgid "unable to set exec-path to %s\n"
 msgstr "無法把執行檔路徑設成 %s\n"
 
-#: g10/gpg.c:3513
+#: g10/gpg.c:3610
 #, c-format
 msgid "%s:%d: invalid auto-key-locate list\n"
 msgstr "%s:%d: 無效的自動金鑰定址清單\n"
 
-#: g10/gpg.c:3516
+#: g10/gpg.c:3613
 #, c-format
 msgid "invalid auto-key-locate list\n"
 msgstr "無效的自動金鑰定址清單\n"
 
-#: g10/gpg.c:3700 sm/gpgsm.c:1492
+#: g10/gpg.c:3622
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "選項 \"%.50s\" 的引數無效\n"
+
+#: g10/gpg.c:3776 sm/gpgsm.c:1642
 #, c-format
 msgid "WARNING: program may create a core file!\n"
 msgstr "警告: 程式可能會傾印出核心檔!\n"
 
-#: g10/gpg.c:3711
+#: g10/gpg.c:3790
 #, c-format
 msgid "WARNING: %s overrides %s\n"
 msgstr "警告: %s 會推翻 %s\n"
 
-#: g10/gpg.c:3720
+#: g10/gpg.c:3799
 #, c-format
 msgid "%s not allowed with %s!\n"
 msgstr "%s 不允許跟 %s 併用!\n"
 
-#: g10/gpg.c:3723
+#: g10/gpg.c:3802
 #, c-format
 msgid "%s makes no sense with %s!\n"
 msgstr "%s 跟 %s 放在一起沒有意義!\n"
 
-#: g10/gpg.c:3738 sm/gpgsm.c:1509 dirmngr/dirmngr.c:1205
+#: g10/gpg.c:3817 sm/gpgsm.c:1663 dirmngr/dirmngr.c:1114
 #, c-format
 msgid "WARNING: running with faked system time: "
 msgstr "警告: 正在偽造的系統時間中執行: "
 
-#: g10/gpg.c:3759
+#: g10/gpg.c:3838
 #, c-format
 msgid "will not run with insecure memory due to %s\n"
 msgstr "因為 %s 而不會在不安全的記憶體中執行\n"
 
-#: g10/gpg.c:3804 g10/gpg.c:3828 sm/gpgsm.c:1579
+#: g10/gpg.c:3866 g10/gpg.c:3897 sm/gpgsm.c:1730
 #, c-format
 msgid "selected cipher algorithm is invalid\n"
 msgstr "所選的編密演算法無效\n"
 
-#: g10/gpg.c:3816
+#: g10/gpg.c:3873
+#, fuzzy, c-format
+#| msgid "selected digest algorithm is invalid\n"
+msgid "selected AEAD algorithm is invalid\n"
+msgstr "所選的摘要演算法無效\n"
+
+#: g10/gpg.c:3885
 #, c-format
 msgid "selected compression algorithm is invalid\n"
 msgstr "所選的壓縮演算法無效\n"
 
-#: g10/gpg.c:3822
+#: g10/gpg.c:3891
 #, c-format
 msgid "selected certification digest algorithm is invalid\n"
 msgstr "所選的憑證摘要演算法無效\n"
 
-#: g10/gpg.c:3837
+#: g10/gpg.c:3906
 #, c-format
 msgid "completes-needed must be greater than 0\n"
 msgstr "completes-needed 一定要大於 0\n"
 
-#: g10/gpg.c:3839
+#: g10/gpg.c:3908
 #, c-format
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed 一定要大於 1\n"
 
-#: g10/gpg.c:3841
+#: g10/gpg.c:3910
 #, c-format
 msgid "max-cert-depth must be in the range from 1 to 255\n"
 msgstr "max-cert-depth 一定要介於 1 和 255 之間\n"
 
-#: g10/gpg.c:3843
+#: g10/gpg.c:3912
 #, c-format
 msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
 msgstr "無效的 default-cert-level; 一定要是 0, 1, 2 或 3\n"
 
-#: g10/gpg.c:3845
+#: g10/gpg.c:3914
 #, c-format
 msgid "invalid min-cert-level; must be 1, 2, or 3\n"
 msgstr "無效的 min-cert-level; 一定要是 1, 2 或 3\n"
 
-#: g10/gpg.c:3849
+#: g10/gpg.c:3918
 #, c-format
 msgid "Note: simple S2K mode (0) is strongly discouraged\n"
 msgstr "請注意: 強烈不建議使用單純 S2K 模式 (0)\n"
 
-#: g10/gpg.c:3853
+#: g10/gpg.c:3922
 #, c-format
 msgid "invalid S2K mode; must be 0, 1 or 3\n"
 msgstr "無效的 S2K 模式; 一定要是 0, 1 或 3\n"
 
-#: g10/gpg.c:3860
+#: g10/gpg.c:3929
 #, c-format
 msgid "invalid default preferences\n"
 msgstr "無效的預設偏好\n"
 
-#: g10/gpg.c:3864
+#: g10/gpg.c:3933
 #, c-format
 msgid "invalid personal cipher preferences\n"
 msgstr "無效的個人編密法偏好\n"
 
-#: g10/gpg.c:3868
+#: g10/gpg.c:3936
+#, fuzzy, c-format
+#| msgid "invalid personal cipher preferences\n"
+msgid "invalid personal AEAD preferences\n"
+msgstr "無效的個人編密法偏好\n"
+
+#: g10/gpg.c:3940
 #, c-format
 msgid "invalid personal digest preferences\n"
 msgstr "無效的個人摘要偏好\n"
 
-#: g10/gpg.c:3872
+#: g10/gpg.c:3944
 #, c-format
 msgid "invalid personal compress preferences\n"
 msgstr "無效的個人壓縮偏好\n"
 
-#: g10/gpg.c:3908
+#: g10/gpg.c:3953 g10/gpg.c:3958
+#, fuzzy, c-format
+#| msgid "keysize invalid; using %u bits\n"
+msgid "chunk size invalid - using %d\n"
+msgstr "金鑰尺寸無效; 改用 %u 位元\n"
+
+#: g10/gpg.c:3995
 #, c-format
 msgid "%s does not yet work with %s\n"
 msgstr "%s 還沒辦法跟 %s 一起運作\n"
 
-#: g10/gpg.c:3971
+#: g10/gpg.c:4058
+#, fuzzy, c-format
+#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+msgid "AEAD algorithm '%s' may not be used in %s mode\n"
+msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n"
+
+#: g10/gpg.c:4070
 #, fuzzy, c-format
 #| msgid "you may not use compression algorithm '%s' while in %s mode\n"
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "你不該將 '%s' 壓縮演算法用於 %s 模式\n"
 
-#: g10/gpg.c:4115
+#: g10/gpg.c:4225
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "信任資料庫啟始失敗: %s\n"
 
-#: g10/gpg.c:4127
+#: g10/gpg.c:4237
 #, c-format
 msgid "WARNING: recipients (-r) given without using public key encryption\n"
 msgstr "警告: 給定的收件者 (-r) 未使用公鑰加密\n"
 
-#: g10/gpg.c:4199
+#: g10/gpg.c:4309
 #, c-format
 msgid "symmetric encryption of '%s' failed: %s\n"
 msgstr "'%s' 對稱式加密失敗: %s\n"
 
-#: g10/gpg.c:4228
+#: g10/gpg.c:4338
 #, c-format
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "你不能在 --s2k-mode 0 中使用 --symmetric --encrypt\n"
 
-#: g10/gpg.c:4231
+#: g10/gpg.c:4341
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "你不能在 %s 模式中使用 --symmetric --encrypt\n"
 
-#: g10/gpg.c:4289
+#: g10/gpg.c:4399
 #, c-format
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "你不能在 --s2k-mode 0 中使用 --symmetric --sign --encrypt\n"
 
-#: g10/gpg.c:4292
+#: g10/gpg.c:4402
 #, fuzzy, c-format
 #| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "你不能在 %s 模式中使用 --symmetric --sign --encrypt\n"
 
-#: g10/gpg.c:4692 g10/keyserver.c:1648
+#: g10/gpg.c:4790 g10/keyserver.c:1858
 #, c-format
 msgid "keyserver send failed: %s\n"
 msgstr "送至金鑰伺服器失敗: %s\n"
 
-#: g10/gpg.c:4697
+#: g10/gpg.c:4795
 #, c-format
 msgid "keyserver receive failed: %s\n"
 msgstr "從金鑰伺服器接收失敗: %s\n"
 
-#: g10/gpg.c:4703
+#: g10/gpg.c:4801
 #, c-format
 msgid "key export failed: %s\n"
 msgstr "金鑰匯出失敗: %s\n"
 
-#: g10/gpg.c:4716
+#: g10/gpg.c:4814
 #, fuzzy, c-format
 #| msgid "key export failed: %s\n"
 msgid "export as ssh key failed: %s\n"
 msgstr "金鑰匯出失敗: %s\n"
 
-#: g10/gpg.c:4728
+#: g10/gpg.c:4826
 #, c-format
 msgid "keyserver search failed: %s\n"
 msgstr "用金鑰伺服器搜尋失敗: %s\n"
 
-#: g10/gpg.c:4741
+#: g10/gpg.c:4839
 #, c-format
 msgid "keyserver refresh failed: %s\n"
 msgstr "從金鑰伺服器更新失敗: %s\n"
 
-#: g10/gpg.c:4810
+#: g10/gpg.c:4906
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "解開封裝失敗: %s\n"
 
-#: g10/gpg.c:4821
+#: g10/gpg.c:4917
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "進行封裝失敗: %s\n"
 
-#: g10/gpg.c:4913
+#: g10/gpg.c:5022
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr "無效的雜湊演算法 '%s'\n"
 
-#: g10/gpg.c:5065 g10/tofu.c:2153
+#: g10/gpg.c:5174 g10/tofu.c:2156
 #, fuzzy, c-format
 #| msgid "error loading certificate '%s': %s\n"
 msgid "error parsing key specification '%s': %s\n"
 msgstr "載入憑證 '%s' 時出錯: %s\n"
 
-#: g10/gpg.c:5078
+#: g10/gpg.c:5185
 #, c-format
 msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
 msgstr ""
 
-#: g10/gpg.c:5134
+#: g10/gpg.c:5241
 #, c-format
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
 msgstr ""
 
-#: g10/gpg.c:5145
+#: g10/gpg.c:5252
 #, c-format
 msgid "Go ahead and type your message ...\n"
 msgstr "請開始輸入你的訊息 ...\n"
 
-#: g10/gpg.c:5490
+#: g10/gpg.c:5599
 #, c-format
 msgid "the given certification policy URL is invalid\n"
 msgstr "給定的的憑證原則 URL 無效\n"
 
-#: g10/gpg.c:5492
+#: g10/gpg.c:5601
 #, c-format
 msgid "the given signature policy URL is invalid\n"
 msgstr "給定的簽章原則 URL 無效\n"
 
-#: g10/gpg.c:5525
+#: g10/gpg.c:5634
 #, c-format
 msgid "the given preferred keyserver URL is invalid\n"
 msgstr "給定的偏好金鑰伺服器 URL 無效\n"
@@ -3545,7 +3443,7 @@ msgstr "|檔案|從指定鑰匙圈檔案裡取用金鑰"
 msgid "make timestamp conflicts only a warning"
 msgstr "僅把時間戳印矛盾視為警告"
 
-#: g10/gpgv.c:86 sm/gpgsm.c:402 tools/gpgconf.c:114
+#: g10/gpgv.c:86 sm/gpgsm.c:411 tools/gpgconf.c:116 tools/gpg-card.c:94
 msgid "|FD|write status info to this FD"
 msgstr "|檔案描述|把狀態資訊寫入此指定檔案描述"
 
@@ -3594,300 +3492,318 @@ msgstr "匯入後不要更新信任資料庫"
 
 #: g10/import.c:181
 #, fuzzy
+#| msgid "enable putty support"
+msgid "enable bulk import mode"
+msgstr "啟用 putty 支援"
+
+#: g10/import.c:184
+#, fuzzy
 #| msgid "show key fingerprint"
 msgid "show key during import"
 msgstr "顯示金鑰指紋"
 
-#: g10/import.c:184
+#: g10/import.c:187
+#, fuzzy
+#| msgid "show key fingerprint"
+msgid "show key but do not actually import"
+msgstr "顯示金鑰指紋"
+
+#: g10/import.c:190
 msgid "only accept updates to existing keys"
 msgstr "祇接受既有金鑰的更新"
 
-#: g10/import.c:187
+#: g10/import.c:193
 msgid "remove unusable parts from key after import"
 msgstr "匯入後從金鑰中移除無法使用的部分"
 
-#: g10/import.c:190
+#: g10/import.c:196
 msgid "remove as much as possible from key after import"
 msgstr "匯入後盡可能地從金鑰中移除"
 
-#: g10/import.c:193
+#: g10/import.c:199
 msgid "ignore key-signatures which are not self-signatures"
 msgstr ""
 
-#: g10/import.c:196
+#: g10/import.c:202
 msgid "run import filters and export key immediately"
 msgstr ""
 
-#: g10/import.c:199
+#: g10/import.c:205
 #, fuzzy
 #| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
 msgstr "假設輸入的是二進制格式"
 
-#: g10/import.c:203
+#: g10/import.c:209
 #, fuzzy
 #| msgid "show key fingerprint"
 msgid "repair keys on import"
 msgstr "顯示金鑰指紋"
 
-#: g10/import.c:392 g10/import.c:711
+#: g10/import.c:387 g10/import.c:709
 #, c-format
 msgid "skipping block of type %d\n"
 msgstr "正在跳過 %d 型態的區塊\n"
 
-#: g10/import.c:728
+#: g10/import.c:726
 #, c-format
 msgid "%lu keys processed so far\n"
 msgstr "目前已處理 %lu 把金鑰\n"
 
-#: g10/import.c:814
+#: g10/import.c:819
 #, c-format
 msgid "Total number processed: %lu\n"
 msgstr "處理總量: %lu\n"
 
-#: g10/import.c:817
+#: g10/import.c:822
 #, fuzzy, c-format
 #| msgid "      skipped new keys: %lu\n"
 msgid "    skipped PGP-2 keys: %lu\n"
 msgstr "        已跳過的新金鑰: %lu\n"
 
-#: g10/import.c:819
+#: g10/import.c:824
 #, c-format
 msgid "      skipped new keys: %lu\n"
 msgstr "        已跳過的新金鑰: %lu\n"
 
-#: g10/import.c:822
+#: g10/import.c:827
 #, c-format
 msgid "          w/o user IDs: %lu\n"
 msgstr "       沒有使用者的 ID: %lu\n"
 
-#: g10/import.c:825 sm/import.c:130
+#: g10/import.c:830 sm/import.c:129
 #, c-format
 msgid "              imported: %lu"
 msgstr "                已匯入: %lu"
 
-#: g10/import.c:829 sm/import.c:134
+#: g10/import.c:834 sm/import.c:133
 #, c-format
 msgid "             unchanged: %lu\n"
 msgstr "              未改變的: %lu\n"
 
-#: g10/import.c:831
+#: g10/import.c:836
 #, c-format
 msgid "          new user IDs: %lu\n"
 msgstr "         新的使用者 ID: %lu\n"
 
-#: g10/import.c:833
+#: g10/import.c:838
 #, c-format
 msgid "           new subkeys: %lu\n"
 msgstr "              新的子鑰: %lu\n"
 
-#: g10/import.c:835
+#: g10/import.c:840
 #, c-format
 msgid "        new signatures: %lu\n"
 msgstr "              新的簽章: %lu\n"
 
-#: g10/import.c:837
+#: g10/import.c:842
 #, c-format
 msgid "   new key revocations: %lu\n"
 msgstr "          新的金鑰撤銷: %lu\n"
 
-#: g10/import.c:839 sm/import.c:136
+#: g10/import.c:844 sm/import.c:135
 #, c-format
 msgid "      secret keys read: %lu\n"
 msgstr "          已讀取的私鑰: %lu\n"
 
-#: g10/import.c:841 sm/import.c:138
+#: g10/import.c:846 sm/import.c:137
 #, c-format
 msgid "  secret keys imported: %lu\n"
 msgstr "          已匯入的私鑰: %lu\n"
 
-#: g10/import.c:843 sm/import.c:140
+#: g10/import.c:848 sm/import.c:139
 #, c-format
 msgid " secret keys unchanged: %lu\n"
 msgstr "          未改變的私鑰: %lu\n"
 
-#: g10/import.c:845 sm/import.c:142
+#: g10/import.c:850 sm/import.c:141
 #, c-format
 msgid "          not imported: %lu\n"
 msgstr "              未被匯入: %lu\n"
 
-#: g10/import.c:847
+#: g10/import.c:852
 #, c-format
 msgid "    signatures cleaned: %lu\n"
 msgstr "      已清除的簽章: %lu\n"
 
-#: g10/import.c:849
+#: g10/import.c:854
 #, c-format
 msgid "      user IDs cleaned: %lu\n"
 msgstr " 已清除的使用者 ID: %lu\n"
 
-#: g10/import.c:1276
+#: g10/import.c:1279
 #, c-format
 msgid ""
 "WARNING: key %s contains preferences for unavailable\n"
 "algorithms on these user IDs:\n"
 msgstr "警告: 金鑰 %s 的偏好設定含有這些使用者 ID 無法使用的演算法:\n"
 
-#: g10/import.c:1318
+#: g10/import.c:1321
 #, c-format
 msgid "         \"%s\": preference for cipher algorithm %s\n"
 msgstr "         \"%s\": 編密演算法 %s 的偏好設定\n"
 
-#: g10/import.c:1333
+#: g10/import.c:1339
+#, fuzzy, c-format
+#| msgid "         \"%s\": preference for cipher algorithm %s\n"
+msgid "         \"%s\": preference for AEAD algorithm %s\n"
+msgstr "         \"%s\": 編密演算法 %s 的偏好設定\n"
+
+#: g10/import.c:1354
 #, c-format
 msgid "         \"%s\": preference for digest algorithm %s\n"
 msgstr "         \"%s\": 摘要演算法 %s 的偏好設定\n"
 
-#: g10/import.c:1345
+#: g10/import.c:1366
 #, c-format
 msgid "         \"%s\": preference for compression algorithm %s\n"
 msgstr "         \"%s\": 壓縮演算法 %s 的偏好設定\n"
 
-#: g10/import.c:1358
+#: g10/import.c:1379
 #, c-format
 msgid "it is strongly suggested that you update your preferences and\n"
 msgstr "我們強烈建議你更新偏好設定, 並重新\n"
 
-#: g10/import.c:1360
+#: g10/import.c:1381
 #, c-format
 msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
 msgstr "散佈此金鑰, 以避免潛在的演算法不一致問題.\n"
 
-#: g10/import.c:1385
+#: g10/import.c:1406
 #, c-format
 msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
 msgstr "你可以像這樣來更新偏好設定: gpg --edit-key %s updpref save\n"
 
-#: g10/import.c:1899 g10/import.c:3013
+#: g10/import.c:1920 g10/import.c:3041
 #, c-format
 msgid "key %s: no user ID\n"
 msgstr "金鑰 %s: 沒有使用者 ID\n"
 
-#: g10/import.c:1905
+#: g10/import.c:1926
 #, c-format
 msgid "key %s: %s\n"
 msgstr "金鑰 %s: %s\n"
 
-#: g10/import.c:1906 g10/import.c:2985
+#: g10/import.c:1927 g10/import.c:3013
 msgid "rejected by import screener"
 msgstr "遭到匯入篩選程式駁回"
 
-#: g10/import.c:1950
+#: g10/import.c:1976
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
 msgstr "金鑰 %s: PKS 子鑰的訛誤已被修復\n"
 
-#: g10/import.c:1971
+#: g10/import.c:1997
 #, c-format
 msgid "key %s: accepted non self-signed user ID \"%s\"\n"
 msgstr "金鑰 %s: 已接受非自我簽署的使用者 ID \"%s\"\n"
 
-#: g10/import.c:1981 g10/import.c:2012
+#: g10/import.c:2008 g10/import.c:2039
 #, c-format
 msgid "key %s: no valid user IDs\n"
 msgstr "金鑰 %s: 沒有有效的使用者 ID\n"
 
-#: g10/import.c:1983
+#: g10/import.c:2010
 #, c-format
 msgid "this may be caused by a missing self-signature\n"
 msgstr "這可能肇因於遺失自我簽章所致\n"
 
-#: g10/import.c:2062 g10/import.c:3399
+#: g10/import.c:2089 g10/import.c:3427
 #, c-format
 msgid "key %s: public key not found: %s\n"
 msgstr "金鑰 %s: 找不到公鑰: %s\n"
 
-#: g10/import.c:2068
+#: g10/import.c:2095
 #, c-format
 msgid "key %s: new key - skipped\n"
 msgstr "金鑰 %s: 新的金鑰 - 已跳過\n"
 
-#: g10/import.c:2080
+#: g10/import.c:2107
 #, c-format
 msgid "no writable keyring found: %s\n"
 msgstr "找不到可寫入的鑰匙圈: %s\n"
 
-#: g10/import.c:2112 g10/import.c:2214 g10/import.c:3476
+#: g10/import.c:2139 g10/import.c:2241 g10/import.c:3502
 #, c-format
 msgid "error writing keyring '%s': %s\n"
 msgstr "寫入鑰匙圈 '%s' 時出錯: %s\n"
 
-#: g10/import.c:2135
+#: g10/import.c:2162
 #, c-format
 msgid "key %s: public key \"%s\" imported\n"
 msgstr "金鑰 %s: 公鑰 \"%s\" 已匯入\n"
 
-#: g10/import.c:2162
+#: g10/import.c:2189
 #, c-format
 msgid "key %s: doesn't match our copy\n"
 msgstr "金鑰 %s: 跟我們的副本不吻合\n"
 
-#: g10/import.c:2230
+#: g10/import.c:2257
 #, c-format
 msgid "key %s: \"%s\" 1 new user ID\n"
 msgstr "金鑰 %s: \"%s\" 1 個新的使用者 ID\n"
 
-#: g10/import.c:2233
+#: g10/import.c:2260
 #, c-format
 msgid "key %s: \"%s\" %d new user IDs\n"
 msgstr "金鑰 %s: \"%s\" %d 個新的使用者 ID\n"
 
-#: g10/import.c:2236
+#: g10/import.c:2263
 #, c-format
 msgid "key %s: \"%s\" 1 new signature\n"
 msgstr "金鑰 %s: \"%s\" 1 份新的簽章\n"
 
-#: g10/import.c:2239
+#: g10/import.c:2266
 #, c-format
 msgid "key %s: \"%s\" %d new signatures\n"
 msgstr "金鑰 %s: \"%s\" %d 份新的簽章\n"
 
-#: g10/import.c:2242
+#: g10/import.c:2269
 #, c-format
 msgid "key %s: \"%s\" 1 new subkey\n"
 msgstr "金鑰 %s: \"%s\" 1 把新的子鑰\n"
 
-#: g10/import.c:2245
+#: g10/import.c:2272
 #, c-format
 msgid "key %s: \"%s\" %d new subkeys\n"
 msgstr "金鑰 %s: \"%s\" %d 把新的子鑰\n"
 
-#: g10/import.c:2248
+#: g10/import.c:2275
 #, c-format
 msgid "key %s: \"%s\" %d signature cleaned\n"
 msgstr "金鑰 %s: \"%s\" 已清除 %d 份簽章\n"
 
-#: g10/import.c:2251
+#: g10/import.c:2278
 #, c-format
 msgid "key %s: \"%s\" %d signatures cleaned\n"
 msgstr "金鑰 %s: \"%s\" 已清除 %d 份簽章\n"
 
-#: g10/import.c:2254
+#: g10/import.c:2281
 #, c-format
 msgid "key %s: \"%s\" %d user ID cleaned\n"
 msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
 
-#: g10/import.c:2257
+#: g10/import.c:2284
 #, c-format
 msgid "key %s: \"%s\" %d user IDs cleaned\n"
 msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
 
-#: g10/import.c:2293
+#: g10/import.c:2320
 #, c-format
 msgid "key %s: \"%s\" not changed\n"
 msgstr "金鑰 %s: \"%s\" 未改變\n"
 
-#: g10/import.c:2652 g10/import.c:2847
+#: g10/import.c:2680 g10/import.c:2875
 #, c-format
 msgid "key %s: secret key imported\n"
 msgstr "金鑰 %s: 私鑰已匯入\n"
 
-#: g10/import.c:2660
+#: g10/import.c:2688
 #, c-format
 msgid "key %s: secret key already exists\n"
 msgstr "金鑰 %s: 私鑰已存在\n"
 
-#: g10/import.c:2668
+#: g10/import.c:2696
 #, c-format
 msgid "key %s: error sending to agent: %s\n"
 msgstr "金鑰 %s: 送至代理程式時出錯: %s\n"
@@ -3900,142 +3816,142 @@ msgstr "金鑰 %s: 送至代理程式時出錯: %s\n"
 #. * Instead, user should be suggested to run 'gpg --card-status',
 #. * then, references to a card will be automatically created
 #. * again.
-#: g10/import.c:2837
+#: g10/import.c:2865
 #, c-format
 msgid "To migrate '%s', with each smartcard, run: %s\n"
 msgstr ""
 
-#: g10/import.c:2984
+#: g10/import.c:3012
 #, c-format
 msgid "secret key %s: %s\n"
 msgstr "私鑰 %s: %s\n"
 
-#: g10/import.c:3005 g10/import.c:3044
+#: g10/import.c:3033 g10/import.c:3072
 #, c-format
 msgid "importing secret keys not allowed\n"
 msgstr "未允許匯入私鑰\n"
 
-#: g10/import.c:3032
+#: g10/import.c:3060
 #, c-format
 msgid "key %s: secret key with invalid cipher %d - skipped\n"
 msgstr "金鑰 %s: 私鑰使用了無效的 %d 編密法 - 已跳過\n"
 
-#: g10/import.c:3194 g10/pkclist.c:72 g10/revoke.c:776
+#: g10/import.c:3222 g10/pkclist.c:75 g10/revoke.c:774
 msgid "No reason specified"
 msgstr "未指定原因"
 
-#: g10/import.c:3195 g10/pkclist.c:74 g10/revoke.c:778
+#: g10/import.c:3223 g10/pkclist.c:77 g10/revoke.c:776
 msgid "Key is superseded"
 msgstr "金鑰被代換了"
 
-#: g10/import.c:3196 g10/pkclist.c:76 g10/revoke.c:777
+#: g10/import.c:3224 g10/pkclist.c:79 g10/revoke.c:775
 msgid "Key has been compromised"
 msgstr "金鑰已經被洩漏了"
 
-#: g10/import.c:3197 g10/pkclist.c:78 g10/revoke.c:779
+#: g10/import.c:3225 g10/pkclist.c:81 g10/revoke.c:777
 msgid "Key is no longer used"
 msgstr "金鑰不再被使用了"
 
-#: g10/import.c:3198 g10/pkclist.c:80 g10/revoke.c:780
+#: g10/import.c:3226 g10/pkclist.c:83 g10/revoke.c:778
 msgid "User ID is no longer valid"
 msgstr "使用者 ID 不再有效了"
 
-#: g10/import.c:3323 g10/keylist.c:1258 g10/pkclist.c:84
+#: g10/import.c:3351 g10/keylist.c:1105 g10/pkclist.c:87
 #, c-format
 msgid "reason for revocation: "
 msgstr "撤銷原因: "
 
-#: g10/import.c:3342 g10/keylist.c:1277 g10/pkclist.c:100
+#: g10/import.c:3370 g10/keylist.c:1124 g10/pkclist.c:103
 #, c-format
 msgid "revocation comment: "
 msgstr "撤銷註釋: "
 
-#: g10/import.c:3392
+#: g10/import.c:3420
 #, c-format
 msgid "key %s: no public key - can't apply revocation certificate\n"
 msgstr "金鑰 %s: 沒有公鑰 - 無法套用撤銷憑證\n"
 
-#: g10/import.c:3423
+#: g10/import.c:3449
 #, c-format
 msgid "key %s: can't locate original keyblock: %s\n"
 msgstr "金鑰 %s: 無法定址原始的金鑰區塊: %s\n"
 
-#: g10/import.c:3430
+#: g10/import.c:3456
 #, c-format
 msgid "key %s: can't read original keyblock: %s\n"
 msgstr "金鑰 %s: 無法讀取原始的金鑰區塊: %s\n"
 
-#: g10/import.c:3450
+#: g10/import.c:3476
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - rejected\n"
 msgstr "金鑰 %s: 無效的撤銷憑證: %s - 已駁回\n"
 
-#: g10/import.c:3485
+#: g10/import.c:3511
 #, c-format
 msgid "key %s: \"%s\" revocation certificate imported\n"
 msgstr "金鑰 %s: \"%s\" 撤銷憑證已匯入\n"
 
-#: g10/import.c:3571
+#: g10/import.c:3597
 #, c-format
 msgid "key %s: no user ID for signature\n"
 msgstr "金鑰 %s: 簽章沒有使用者 ID\n"
 
-#: g10/import.c:3588
+#: g10/import.c:3614
 #, c-format
 msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
 msgstr "金鑰 %s: 使用者 ID \"%s\" 用了未支援的公鑰演算法\n"
 
-#: g10/import.c:3590
+#: g10/import.c:3616
 #, c-format
 msgid "key %s: invalid self-signature on user ID \"%s\"\n"
 msgstr "金鑰 %s: 使用者 ID \"%s\" 的自我簽章無效\n"
 
-#: g10/import.c:3607 g10/import.c:3635 g10/import.c:3691
+#: g10/import.c:3633 g10/import.c:3661 g10/import.c:3717
 #, c-format
 msgid "key %s: unsupported public key algorithm\n"
 msgstr "金鑰 %s: 未支援的公鑰演算法\n"
 
-#: g10/import.c:3608
+#: g10/import.c:3634
 #, c-format
 msgid "key %s: invalid direct key signature\n"
 msgstr "金鑰 %s: 無效的直接金鑰簽章\n"
 
-#: g10/import.c:3622
+#: g10/import.c:3648
 #, c-format
 msgid "key %s: no subkey for key binding\n"
 msgstr "金鑰 %s: 沒有可供附帶的子鑰\n"
 
-#: g10/import.c:3637
+#: g10/import.c:3663
 #, c-format
 msgid "key %s: invalid subkey binding\n"
 msgstr "金鑰 %s: 無效的附帶子鑰\n"
 
-#: g10/import.c:3656
+#: g10/import.c:3682
 #, c-format
 msgid "key %s: removed multiple subkey binding\n"
 msgstr "金鑰 %s: 多重附帶子鑰已移除\n"
 
-#: g10/import.c:3680
+#: g10/import.c:3706
 #, c-format
 msgid "key %s: no subkey for key revocation\n"
 msgstr "金鑰 %s: 沒有子鑰可供金鑰撤銷\n"
 
-#: g10/import.c:3693
+#: g10/import.c:3719
 #, c-format
 msgid "key %s: invalid subkey revocation\n"
 msgstr "金鑰 %s: 無效的子鑰撤銷\n"
 
-#: g10/import.c:3708
+#: g10/import.c:3734
 #, c-format
 msgid "key %s: removed multiple subkey revocation\n"
 msgstr "金鑰 %s: 多重子鑰撤銷已移除\n"
 
-#: g10/import.c:3752
+#: g10/import.c:3778
 #, c-format
 msgid "key %s: skipped user ID \"%s\"\n"
 msgstr "金鑰 %s: 使用者 ID \"%s\" 已跳過\n"
 
-#: g10/import.c:3779
+#: g10/import.c:3805
 #, c-format
 msgid "key %s: skipped subkey\n"
 msgstr "金鑰 %s: 子鑰已跳過\n"
@@ -4044,57 +3960,64 @@ msgstr "金鑰 %s: 子鑰已跳過\n"
 #  * to import non-exportable signature when we have the
 #  * the secret key used to create this signature - it
 #  * seems that this makes sense
-#: g10/import.c:3810
+#: g10/import.c:3837
 #, c-format
 msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
 msgstr "金鑰 %s: 不可匯出的簽章 (等級 0x%02X) - 已跳過\n"
 
-#: g10/import.c:3821
+#: g10/import.c:3848
 #, c-format
 msgid "key %s: revocation certificate at wrong place - skipped\n"
 msgstr "金鑰 %s: 撤銷憑證在錯誤的地方 - 已跳過\n"
 
-#: g10/import.c:3839
+#: g10/import.c:3866
 #, c-format
 msgid "key %s: invalid revocation certificate: %s - skipped\n"
 msgstr "金鑰 %s: 無效的撤銷憑證: %s - 已跳過\n"
 
-#: g10/import.c:3853
+#: g10/import.c:3880
 #, c-format
 msgid "key %s: subkey signature in wrong place - skipped\n"
 msgstr "金鑰 %s: 子鑰簽章在錯誤的地方 - 已跳過\n"
 
-#: g10/import.c:3861
+#: g10/import.c:3888
 #, c-format
 msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
 msgstr "金鑰 %s: 非預期的簽章等級 (0x%02X) - 已跳過\n"
 
-#: g10/import.c:4034
+#: g10/import.c:4061
 #, c-format
 msgid "key %s: duplicated user ID detected - merged\n"
 msgstr "金鑰 %s: 偵測到重複的使用者 ID - 已合併\n"
 
-#: g10/import.c:4099
+#: g10/import.c:4168
+#, fuzzy, c-format
+#| msgid "key %s: duplicated user ID detected - merged\n"
+msgid "key %s: duplicated subkeys detected - merged\n"
+msgstr "金鑰 %s: 偵測到重複的使用者 ID - 已合併\n"
+
+#: g10/import.c:4233
 #, c-format
 msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
 msgstr "警告: 金鑰 %s 可能被撤銷了: 正在取回撤銷金鑰 %s\n"
 
-#: g10/import.c:4115
+#: g10/import.c:4249
 #, c-format
 msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
 msgstr "警告: 金鑰 %s 可能被撤銷了: 撤銷金鑰 %s 未出現.\n"
 
-#: g10/import.c:4181
+#: g10/import.c:4315
 #, c-format
 msgid "key %s: \"%s\" revocation certificate added\n"
 msgstr "金鑰 %s: 已新增 \"%s\" 撤銷憑證\n"
 
-#: g10/import.c:4219
+#: g10/import.c:4353
 #, c-format
 msgid "key %s: direct key signature added\n"
 msgstr "金鑰 %s: 已新增直接金鑰簽章\n"
 
-#: g10/key-check.c:133 dirmngr/ldap-wrapper.c:834 dirmngr/ldap-wrapper.c:851
+#: g10/key-check.c:133 dirmngr/dirmngr_ldap.c:650 dirmngr/ldap-wrapper.c:835
+#: dirmngr/ldap-wrapper.c:852
 #, c-format
 msgid "error allocating memory: %s\n"
 msgstr "配置記憶體時出錯: %s\n"
@@ -4118,79 +4041,73 @@ msgstr "卡片不支援 %s 摘要演算法\n"
 msgid " (reordered signatures follow)"
 msgstr "完好的簽章來自於"
 
-#: g10/key-check.c:698
+#: g10/key-check.c:708
 #, fuzzy, c-format
 #| msgid "key %s: %s\n"
 msgid "key %s:\n"
 msgstr "金鑰 %s: %s\n"
 
-#: g10/key-check.c:706
+#: g10/key-check.c:716
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "%d duplicate signature removed\n"
 msgid_plural "%d duplicate signatures removed\n"
 msgstr[0] "使用者 ID \"%s\": 已移除 %d 份簽章\n"
 
-#: g10/key-check.c:715 g10/keylist.c:487
+#: g10/key-check.c:725 g10/keylist.c:499
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to a missing key\n"
 msgid "%d signature not checked due to a missing key\n"
 msgid_plural "%d signatures not checked due to missing keys\n"
 msgstr[0] "有 1 份簽章因為遺失金鑰而未被檢查\n"
 
-#: g10/key-check.c:723 g10/keylist.c:483
+#: g10/key-check.c:733 g10/keylist.c:495
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d bad signature\n"
 msgid_plural "%d bad signatures\n"
 msgstr[0] "%d 份損壞的簽章\n"
 
-#: g10/key-check.c:732
+#: g10/key-check.c:742
 #, fuzzy, c-format
 #| msgid "Good signature from"
 msgid "%d signature reordered\n"
 msgid_plural "%d signatures reordered\n"
 msgstr[0] "完好的簽章來自於"
 
-#: g10/key-check.c:742
+#: g10/key-check.c:752
 #, c-format
 msgid ""
 "Warning: errors found and only checked self-signatures, run '%s' to check "
 "all signatures.\n"
 msgstr ""
 
-#: g10/keydb.c:431 g10/keydb.c:458 sm/keydb.c:190 sm/keydb.c:203
+#: g10/keydb.c:349 g10/keydb.c:376 sm/keydb.c:284 sm/keydb.c:297
 #, c-format
 msgid "error creating keybox '%s': %s\n"
 msgstr "建立金鑰鑰匙盒 '%s' 時出錯: %s\n"
 
-#: g10/keydb.c:434 g10/keydb.c:461
+#: g10/keydb.c:352 g10/keydb.c:379
 #, c-format
 msgid "error creating keyring '%s': %s\n"
 msgstr "建立鑰匙圈 '%s' 時出錯: %s\n"
 
-#: g10/keydb.c:470 sm/keydb.c:209
+#: g10/keydb.c:388 sm/keydb.c:303
 #, c-format
 msgid "keybox '%s' created\n"
 msgstr "鑰匙盒 '%s' 已建立\n"
 
-#: g10/keydb.c:472
+#: g10/keydb.c:390
 #, c-format
 msgid "keyring '%s' created\n"
 msgstr "鑰匙圈 '%s' 已建立\n"
 
-#: g10/keydb.c:863
+#: g10/keydb.c:777
 #, c-format
 msgid "keyblock resource '%s': %s\n"
 msgstr "金鑰區塊資源 '%s': %s\n"
 
-#: g10/keydb.c:969
-#, fuzzy, c-format
-#| msgid "error opening '%s': %s\n"
-msgid "error opening key DB: %s\n"
-msgstr "開啟 '%s' 時出錯: %s\n"
-
-#: g10/keydb.c:1795
+#: g10/keydb.c:1652
 #, c-format
 msgid "failed to rebuild keyring cache: %s\n"
 msgstr "重新建立鑰匙圈快取失敗: %s\n"
@@ -4203,7 +4120,7 @@ msgstr "[撤銷]"
 msgid "[self-signature]"
 msgstr "[自我簽章]"
 
-#: g10/keyedit.c:384 g10/pkclist.c:274
+#: g10/keyedit.c:384 g10/pkclist.c:277
 msgid ""
 "Please decide how far you trust this user to correctly verify other users' "
 "keys\n"
@@ -4213,12 +4130,12 @@ msgstr ""
 "請判斷你有多信任這位使用者確實驗證其他使用者的金鑰\n"
 "(像是查對身份證, 或從不同的來源檢查指紋等...）的能力\n"
 
-#: g10/keyedit.c:388 g10/pkclist.c:286
+#: g10/keyedit.c:388 g10/pkclist.c:289
 #, c-format
 msgid "  %d = I trust marginally\n"
 msgstr "  %d = 我勉強信任\n"
 
-#: g10/keyedit.c:389 g10/pkclist.c:288
+#: g10/keyedit.c:389 g10/pkclist.c:291
 #, c-format
 msgid "  %d = I trust fully\n"
 msgstr "  %d = 我完全信任\n"
@@ -4248,12 +4165,12 @@ msgid "User ID \"%s\" is revoked."
 msgstr "使用者 ID \"%s\" 已撤銷."
 
 #: g10/keyedit.c:569 g10/keyedit.c:597 g10/keyedit.c:624 g10/keyedit.c:809
-#: g10/keyedit.c:1656
+#: g10/keyedit.c:1661
 msgid "Are you sure you still want to sign it? (y/N) "
 msgstr "你仍然想要簽署它嗎? (y/N) "
 
 #: g10/keyedit.c:583 g10/keyedit.c:611 g10/keyedit.c:638 g10/keyedit.c:815
-#: g10/keyedit.c:1661 g10/keyedit.c:2724
+#: g10/keyedit.c:1666 g10/keyedit.c:2703
 msgid "  Unable to sign.\n"
 msgstr "  無法簽署.\n"
 
@@ -4425,190 +4342,194 @@ msgstr "我非常小心地檢查過這把金鑰了.\n"
 msgid "Really sign? (y/N) "
 msgstr "真的要簽署嗎? (y/N)"
 
-#: g10/keyedit.c:1031 g10/keyedit.c:6211 g10/keyedit.c:6294 g10/keyedit.c:6423
-#: g10/keyedit.c:6485 g10/sign.c:466
+#: g10/keyedit.c:1032 g10/keyedit.c:6192 g10/keyedit.c:6275 g10/keyedit.c:6404
+#: g10/keyedit.c:6466 g10/sign.c:528
 #, c-format
 msgid "signing failed: %s\n"
 msgstr "簽署時失敗: %s\n"
 
-#: g10/keyedit.c:1118
+#: g10/keyedit.c:1119
 msgid "Key has only stub or on-card key items - no passphrase to change.\n"
 msgstr "金鑰祇剩下殘骸或者祇含有卡上金鑰項目 - 沒有可變更的密語.\n"
 
-#: g10/keyedit.c:1150
+#: g10/keyedit.c:1151
 #, c-format
 msgid "key %s: error changing passphrase: %s\n"
 msgstr "金鑰 %s: 變更密語時出錯: %s\n"
 
-#: g10/keyedit.c:1262
+#: g10/keyedit.c:1265
 msgid "save and quit"
 msgstr "儲存並離開"
 
-#: g10/keyedit.c:1265
+#: g10/keyedit.c:1268
 msgid "show key fingerprint"
 msgstr "顯示金鑰指紋"
 
-#: g10/keyedit.c:1266
+#: g10/keyedit.c:1269
 #, fuzzy
 #| msgid "Enter the keygrip: "
 msgid "show the keygrip"
 msgstr "請輸入金鑰鑰柄: "
 
-#: g10/keyedit.c:1267
+#: g10/keyedit.c:1270
 msgid "list key and user IDs"
 msgstr "列出金鑰和使用者 ID"
 
-#: g10/keyedit.c:1269
+#: g10/keyedit.c:1272
 msgid "select user ID N"
 msgstr "選擇使用者 ID N"
 
-#: g10/keyedit.c:1270
+#: g10/keyedit.c:1273
 msgid "select subkey N"
 msgstr "選擇子鑰 N"
 
-#: g10/keyedit.c:1271
+#: g10/keyedit.c:1274
 msgid "check signatures"
 msgstr "檢查簽章"
 
-#: g10/keyedit.c:1277
+#: g10/keyedit.c:1280
 msgid "sign selected user IDs [* see below for related commands]"
 msgstr "簽署所選的使用者 ID [* 請參見底下相關的註解]"
 
-#: g10/keyedit.c:1282
+#: g10/keyedit.c:1285
 msgid "sign selected user IDs locally"
 msgstr "僅在本機簽署所選的使用者 ID"
 
-#: g10/keyedit.c:1283
+#: g10/keyedit.c:1286
 msgid "sign selected user IDs with a trust signature"
 msgstr "用信任簽章來簽署所選的使用者 ID"
 
-#: g10/keyedit.c:1285
+#: g10/keyedit.c:1288
 msgid "sign selected user IDs with a non-revocable signature"
 msgstr "用不可撤銷的簽章來簽署所選的使用者 ID"
 
-#: g10/keyedit.c:1287
+#: g10/keyedit.c:1290
 msgid "add a user ID"
 msgstr "增加使用者 ID"
 
-#: g10/keyedit.c:1289
+#: g10/keyedit.c:1292
 msgid "add a photo ID"
 msgstr "增加照片 ID"
 
-#: g10/keyedit.c:1290
+#: g10/keyedit.c:1293
 msgid "delete selected user IDs"
 msgstr "刪除所選的使用者 ID"
 
-#: g10/keyedit.c:1293
+#: g10/keyedit.c:1296
 msgid "add a subkey"
 msgstr "增加子鑰"
 
-#: g10/keyedit.c:1296
+#: g10/keyedit.c:1299
 msgid "add a key to a smartcard"
 msgstr "將金鑰加到智慧卡"
 
-#: g10/keyedit.c:1298
+#: g10/keyedit.c:1301
 msgid "move a key to a smartcard"
 msgstr "將金鑰移動到智慧卡"
 
-#: g10/keyedit.c:1300
+#: g10/keyedit.c:1303
+msgid "convert a key to TPM form using the local TPM"
+msgstr ""
+
+#: g10/keyedit.c:1305
 msgid "move a backup key to a smartcard"
 msgstr "將備份金鑰移動到智慧卡"
 
-#: g10/keyedit.c:1302
+#: g10/keyedit.c:1307
 msgid "delete selected subkeys"
 msgstr "刪除所選的子鑰"
 
-#: g10/keyedit.c:1304
+#: g10/keyedit.c:1309
 msgid "add a revocation key"
 msgstr "增加撤銷金鑰"
 
-#: g10/keyedit.c:1306
+#: g10/keyedit.c:1311
 msgid "delete signatures from the selected user IDs"
 msgstr "從所選的使用者 ID 中刪除簽章"
 
-#: g10/keyedit.c:1308
+#: g10/keyedit.c:1313
 msgid "change the expiration date for the key or selected subkeys"
 msgstr "變更金鑰或所選子鑰的使用期限"
 
-#: g10/keyedit.c:1310
+#: g10/keyedit.c:1315
 msgid "flag the selected user ID as primary"
 msgstr "把所選的使用者 ID 標為主要"
 
-#: g10/keyedit.c:1313
+#: g10/keyedit.c:1318
 msgid "list preferences (expert)"
 msgstr "列出偏好 (專家模式)"
 
-#: g10/keyedit.c:1314
+#: g10/keyedit.c:1319
 msgid "list preferences (verbose)"
 msgstr "列出偏好 (囉唆模式)"
 
-#: g10/keyedit.c:1316
+#: g10/keyedit.c:1321
 msgid "set preference list for the selected user IDs"
 msgstr "設定所選使用者 ID 的偏好清單"
 
-#: g10/keyedit.c:1319
+#: g10/keyedit.c:1324
 msgid "set the preferred keyserver URL for the selected user IDs"
 msgstr "為所選的使用者 ID 設定偏好的金鑰伺服器 URL"
 
-#: g10/keyedit.c:1321
+#: g10/keyedit.c:1326
 msgid "set a notation for the selected user IDs"
 msgstr "為所選的使用者 ID 設定註記"
 
-#: g10/keyedit.c:1323
+#: g10/keyedit.c:1328
 msgid "change the passphrase"
 msgstr "更改密語"
 
-#: g10/keyedit.c:1326
+#: g10/keyedit.c:1331
 msgid "change the ownertrust"
 msgstr "更改主觀信任"
 
-#: g10/keyedit.c:1329
+#: g10/keyedit.c:1334
 msgid "revoke signatures on the selected user IDs"
 msgstr "撤銷所選使用者 ID 的簽章"
 
-#: g10/keyedit.c:1331
+#: g10/keyedit.c:1336
 msgid "revoke selected user IDs"
 msgstr "撤銷所選的使用者 ID"
 
-#: g10/keyedit.c:1334
+#: g10/keyedit.c:1339
 msgid "revoke key or selected subkeys"
 msgstr "撤銷金鑰或所選的子鑰"
 
-#: g10/keyedit.c:1336
+#: g10/keyedit.c:1341
 msgid "enable key"
 msgstr "啟用金鑰"
 
-#: g10/keyedit.c:1337
+#: g10/keyedit.c:1342
 msgid "disable key"
 msgstr "停用金鑰"
 
-#: g10/keyedit.c:1339
+#: g10/keyedit.c:1344
 msgid "show selected photo IDs"
 msgstr "顯示所選的照片 ID"
 
-#: g10/keyedit.c:1341
+#: g10/keyedit.c:1346
 msgid "compact unusable user IDs and remove unusable signatures from key"
 msgstr "從金鑰中精簡無法使用的使用者 ID 並移除無法使用的簽章"
 
-#: g10/keyedit.c:1343
+#: g10/keyedit.c:1348
 msgid "compact unusable user IDs and remove all signatures from key"
 msgstr "從金鑰中精簡無法使用的使用者 ID 並移除所有的簽章"
 
-#: g10/keyedit.c:1464
+#: g10/keyedit.c:1469
 msgid "Secret key is available.\n"
 msgstr "私鑰可用.\n"
 
-#: g10/keyedit.c:1466
+#: g10/keyedit.c:1471
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret subkeys are available.\n"
 msgstr "私鑰可用.\n"
 
-#: g10/keyedit.c:1568
+#: g10/keyedit.c:1573
 msgid "Need the secret key to do this.\n"
 msgstr "要有私鑰纔能這麼做.\n"
 
-#: g10/keyedit.c:1591
+#: g10/keyedit.c:1596
 msgid ""
 "* The 'sign' command may be prefixed with an 'l' for local signatures "
 "(lsign),\n"
@@ -4619,295 +4540,300 @@ msgstr ""
 "  加上 't' 的話就是信任簽章 (tsign), 加上 'nr' 的話就是不可撤銷簽章\n"
 "  (nrsign), 當然也可以任意組合這些選項 (像是 ltsign, tnrsign 等等.).\n"
 
-#: g10/keyedit.c:1649 g10/keyedit.c:2724 g10/keyedit.c:3097 g10/keyedit.c:3165
+#: g10/keyedit.c:1654 g10/keyedit.c:2703 g10/keyedit.c:3076 g10/keyedit.c:3144
 msgid "Key is revoked."
 msgstr "金鑰已撤銷."
 
-#: g10/keyedit.c:1672
+#: g10/keyedit.c:1677
 #, fuzzy
 #| msgid "Really sign all user IDs? (y/N) "
 msgid "Really sign all text user IDs? (y/N) "
 msgstr "真的要簽署所有的使用者 ID 嗎? (y/N) "
 
-#: g10/keyedit.c:1676
+#: g10/keyedit.c:1681
 msgid "Really sign all user IDs? (y/N) "
 msgstr "真的要簽署所有的使用者 ID 嗎? (y/N) "
 
-#: g10/keyedit.c:1684
+#: g10/keyedit.c:1689
 msgid "Hint: Select the user IDs to sign\n"
 msgstr "提示: 選擇使用者 ID 來加以簽署\n"
 
-#: g10/keyedit.c:1695
+#: g10/keyedit.c:1700
 #, c-format
 msgid "Unknown signature type '%s'\n"
 msgstr "未知的簽章種類 '%s'\n"
 
-#: g10/keyedit.c:1741 g10/keyedit.c:1765 g10/keyedit.c:1962
+#: g10/keyedit.c:1724
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "在 %s 模式中不允許使用這個指令.\n"
+
+#: g10/keyedit.c:1746 g10/keyedit.c:1770 g10/keyedit.c:2008
 msgid "You must select at least one user ID.\n"
 msgstr "你至少得選擇一個使用者 ID.\n"
 
-#: g10/keyedit.c:1743 g10/keyedit.c:1767 g10/keyedit.c:1924 g10/keyedit.c:1964
+#: g10/keyedit.c:1748 g10/keyedit.c:1772 g10/keyedit.c:1970 g10/keyedit.c:2010
 #, c-format
 msgid "(Use the '%s' command.)\n"
 msgstr ""
 
-#: g10/keyedit.c:1746
+#: g10/keyedit.c:1751
 msgid "You can't delete the last user ID!\n"
 msgstr "你不能刪除最後一個使用者 ID!\n"
 
-#: g10/keyedit.c:1749
+#: g10/keyedit.c:1754
 msgid "Really remove all selected user IDs? (y/N) "
 msgstr "真的要移除所有被選擇的使用者 ID 嗎? (y/N) "
 
-#: g10/keyedit.c:1750
+#: g10/keyedit.c:1755
 msgid "Really remove this user ID? (y/N) "
 msgstr "真的要移除這個使用者 ID 嗎? (y/N) "
 
 #. TRANSLATORS: Please take care: This is about
 #. moving the key and not about removing it.
-#: g10/keyedit.c:1807
+#: g10/keyedit.c:1813 g10/keyedit.c:1853
 msgid "Really move the primary key? (y/N) "
 msgstr "真的要移動主鑰嗎? (y/N) "
 
-#: g10/keyedit.c:1819 g10/keyedit.c:4860
+#: g10/keyedit.c:1825 g10/keyedit.c:1865 g10/keyedit.c:4841
 msgid "You must select exactly one key.\n"
 msgstr "你一定祇得選擇一把金鑰.\n"
 
-#: g10/keyedit.c:1847
+#: g10/keyedit.c:1893
 msgid "Command expects a filename argument\n"
 msgstr "這項指令要拿一個檔名來當作引數\n"
 
-#: g10/keyedit.c:1868
+#: g10/keyedit.c:1914
 #, c-format
 msgid "Can't open '%s': %s\n"
 msgstr "無法開啟 '%s': %s\n"
 
-#: g10/keyedit.c:1887
+#: g10/keyedit.c:1933
 #, c-format
 msgid "Error reading backup key from '%s': %s\n"
 msgstr "從 '%s' 讀取備份金鑰時出錯: %s\n"
 
-#: g10/keyedit.c:1922
+#: g10/keyedit.c:1968
 msgid "You must select at least one key.\n"
 msgstr "你至少得選擇一把金鑰.\n"
 
-#: g10/keyedit.c:1928
+#: g10/keyedit.c:1974
 msgid "Do you really want to delete the selected keys? (y/N) "
 msgstr "你真的想要刪除所選的金鑰嗎? (y/N) "
 
-#: g10/keyedit.c:1930
+#: g10/keyedit.c:1976
 msgid "Do you really want to delete this key? (y/N) "
 msgstr "你真的想要刪除這把金鑰嗎? (y/N) "
 
-#: g10/keyedit.c:1968
+#: g10/keyedit.c:2014
 msgid "Really revoke all selected user IDs? (y/N) "
 msgstr "真的要撤銷所有所選的使用者 ID 嗎? (y/N) "
 
-#: g10/keyedit.c:1969
+#: g10/keyedit.c:2015
 msgid "Really revoke this user ID? (y/N) "
 msgstr "真的要撤銷這個使用者 ID 嗎? (y/N) "
 
-#: g10/keyedit.c:1987
+#: g10/keyedit.c:2033
 msgid "Do you really want to revoke the entire key? (y/N) "
 msgstr "你真的想要撤銷這整把金鑰嗎? (y/N) "
 
-#: g10/keyedit.c:1998
+#: g10/keyedit.c:2044
 msgid "Do you really want to revoke the selected subkeys? (y/N) "
 msgstr "你真的想要撤銷所選的子鑰嗎? (y/N) "
 
-#: g10/keyedit.c:2000
+#: g10/keyedit.c:2046
 msgid "Do you really want to revoke this subkey? (y/N) "
 msgstr "你真的想要撤銷這把子鑰嗎? (y/N) "
 
-#: g10/keyedit.c:2058
+#: g10/keyedit.c:2104
 msgid "Owner trust may not be set while using a user provided trust database\n"
 msgstr "使用使用者所提供的信任資料庫時可能無法設定主觀信任\n"
 
-#: g10/keyedit.c:2103
+#: g10/keyedit.c:2149
 msgid "Set preference list to:\n"
 msgstr "設定偏好清單至:\n"
 
-#: g10/keyedit.c:2110
+#: g10/keyedit.c:2156
 msgid "Really update the preferences for the selected user IDs? (y/N) "
 msgstr "真的要更新所選使用者 ID 的偏好設定嗎? (y/N) "
 
-#: g10/keyedit.c:2112
+#: g10/keyedit.c:2158
 msgid "Really update the preferences? (y/N) "
 msgstr "真的要更新偏好設定嗎? (y/N) "
 
-#: g10/keyedit.c:2186
+#: g10/keyedit.c:2232
 msgid "Save changes? (y/N) "
 msgstr "要儲存變更嗎? (y/N) "
 
-#: g10/keyedit.c:2190
+#: g10/keyedit.c:2236
 msgid "Quit without saving? (y/N) "
 msgstr "要不儲存就離開嗎? (y/N) "
 
-#: g10/keyedit.c:2217 g10/keyedit.c:2819 g10/keyedit.c:3118 g10/keyedit.c:3271
+#: g10/keyedit.c:2263 g10/keyedit.c:2798 g10/keyedit.c:3097 g10/keyedit.c:3249
 #, c-format
 msgid "Key not changed so no update needed.\n"
 msgstr "金鑰沒有變更所以不需要更新.\n"
 
-#: g10/keyedit.c:2506
+#: g10/keyedit.c:2496
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
 msgstr "你不能刪除最後一個使用者 ID!\n"
 
-#: g10/keyedit.c:2532
+#: g10/keyedit.c:2523
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "revoking the user ID failed: %s\n"
 msgstr "檢查信任清單時失敗: %s\n"
 
-#: g10/keyedit.c:2598
+#: g10/keyedit.c:2589
 #, fuzzy, c-format
 #| msgid "checking the trust list failed: %s\n"
 msgid "setting the primary user ID failed: %s\n"
 msgstr "檢查信任清單時失敗: %s\n"
 
-#: g10/keyedit.c:2629
+#: g10/keyedit.c:2618
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
 msgstr "\"%s\" 不是指紋\n"
 
-#: g10/keyedit.c:2659
+#: g10/keyedit.c:2638
 #, c-format
 msgid "\"%s\" is not the primary fingerprint\n"
 msgstr "\"%s\" 不是主要指紋\n"
 
-#: g10/keyedit.c:2795 g10/keyedit.c:2798
+#: g10/keyedit.c:2774 g10/keyedit.c:2777
 #, fuzzy, c-format
 #| msgid "invalid value\n"
 msgid "Invalid user ID '%s': %s\n"
 msgstr "無效的數值\n"
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "No matching user IDs."
 msgstr "沒有相符的使用者 ID."
 
-#: g10/keyedit.c:2801
+#: g10/keyedit.c:2780
 msgid "Nothing to sign.\n"
 msgstr "沒有東西可以簽署.\n"
 
-#: g10/keyedit.c:2994 g10/keyedit.c:6076
+#: g10/keyedit.c:2973 g10/keyedit.c:6057
 #, c-format
 msgid "Not signed by you.\n"
 msgstr "並非由你所簽署.\n"
 
-#: g10/keyedit.c:3052
+#: g10/keyedit.c:3031
 #, fuzzy, c-format
 #| msgid "checking created signature failed: %s\n"
 msgid "revoking the key signature failed: %s\n"
 msgstr "檢查已建立的簽章時出錯: %s\n"
 
-#: g10/keyedit.c:3173
+#: g10/keyedit.c:3152
 #, fuzzy, c-format
 #| msgid "'%s' is not a valid signature expiration\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' 不是有效的簽章使用期限\n"
 
-#: g10/keyedit.c:3216
+#: g10/keyedit.c:3194
 #, fuzzy, c-format
 #| msgid "\"%s\" is not a fingerprint\n"
 msgid "\"%s\" is not a proper fingerprint\n"
 msgstr "\"%s\" 不是指紋\n"
 
-#: g10/keyedit.c:3240
+#: g10/keyedit.c:3218
 #, fuzzy, c-format
 #| msgid "key \"%s\" not found: %s\n"
 msgid "subkey \"%s\" not found\n"
 msgstr "找不到金鑰 \"%s\": %s\n"
 
-#: g10/keyedit.c:3363
+#: g10/keyedit.c:3341
 msgid "AEAD: "
 msgstr ""
 
-#: g10/keyedit.c:3380
+#: g10/keyedit.c:3358
 msgid "Digest: "
 msgstr "摘要: "
 
-#: g10/keyedit.c:3437
+#: g10/keyedit.c:3415
 msgid "Features: "
 msgstr "特點: "
 
-#: g10/keyedit.c:3454
+#: g10/keyedit.c:3432
 msgid "Keyserver no-modify"
 msgstr "金鑰伺服器無修改"
 
-#: g10/keyedit.c:3469 g10/keylist.c:376
+#: g10/keyedit.c:3447 g10/keylist.c:392
 msgid "Preferred keyserver: "
 msgstr "偏好的金鑰伺服器: "
 
-#: g10/keyedit.c:3477 g10/keyedit.c:3478
+#: g10/keyedit.c:3455 g10/keyedit.c:3456
 msgid "Notations: "
 msgstr "註記: "
 
-#: g10/keyedit.c:3726
+#: g10/keyedit.c:3706
 msgid "There are no preferences on a PGP 2.x-style user ID.\n"
 msgstr "PGP 2.x 型態的使用者 ID 沒有偏好設定.\n"
 
-#: g10/keyedit.c:3798
+#: g10/keyedit.c:3778
 #, c-format
 msgid "The following key was revoked on %s by %s key %s\n"
 msgstr "下列金鑰已經在 %s 時被 %s 金鑰 %s 所撤銷\n"
 
-#: g10/keyedit.c:3822
+#: g10/keyedit.c:3802
 #, c-format
 msgid "This key may be revoked by %s key %s"
 msgstr "這把金鑰可能被 %s 金鑰 %s 所撤銷"
 
-#: g10/keyedit.c:3828
+#: g10/keyedit.c:3808
 msgid "(sensitive)"
 msgstr "(機密)"
 
-#: g10/keyedit.c:3870 g10/keyedit.c:4017 g10/keylist.c:264 g10/keyserver.c:361
+#: g10/keyedit.c:3850 g10/keyedit.c:3997 g10/keylist.c:283 g10/keyserver.c:525
 #, c-format
 msgid "created: %s"
 msgstr "建立: %s"
 
-#: g10/keyedit.c:3873 g10/keylist.c:2153
+#: g10/keyedit.c:3853 g10/keylist.c:2250
 #, c-format
 msgid "revoked: %s"
 msgstr "撤銷: %s"
 
 #  of subkey
-#: g10/keyedit.c:3875 g10/keylist.c:2159
+#: g10/keyedit.c:3855 g10/keylist.c:2256
 #, c-format
 msgid "expired: %s"
 msgstr "過期: %s"
 
 #  of subkey
-#: g10/keyedit.c:3877 g10/keyedit.c:4019 g10/keylist.c:266 g10/keylist.c:2165
-#: g10/keyserver.c:367
+#: g10/keyedit.c:3857 g10/keyedit.c:3999 g10/keylist.c:285 g10/keylist.c:2262
+#: g10/keyserver.c:531
 #, c-format
 msgid "expires: %s"
 msgstr "到期: %s"
 
-#: g10/keyedit.c:3879
+#: g10/keyedit.c:3859
 #, c-format
 msgid "usage: %s"
 msgstr "用途: %s"
 
-#: g10/keyedit.c:3887 g10/keyedit.c:3907 g10/keylist.c:269
+#: g10/keyedit.c:3867 g10/keyedit.c:3887 g10/keylist.c:288
 msgid "card-no: "
 msgstr "卡片編號: "
 
-#: g10/keyedit.c:3946
+#: g10/keyedit.c:3926
 #, c-format
 msgid "trust: %s"
 msgstr "ä¿¡ä»»: %s"
 
-#: g10/keyedit.c:3950
+#: g10/keyedit.c:3930
 #, c-format
 msgid "validity: %s"
 msgstr "有效性: %s"
 
-#: g10/keyedit.c:3957
+#: g10/keyedit.c:3937
 msgid "This key has been disabled"
 msgstr "這把金鑰已經停用了"
 
-#: g10/keyedit.c:3975
+#: g10/keyedit.c:3955
 msgid ""
 "Please note that the shown key validity is not necessarily correct\n"
 "unless you restart the program.\n"
@@ -4915,17 +4841,17 @@ msgstr ""
 "請注意顯示出來的金鑰有效性不需要更正,\n"
 "除非你重新執行程式.\n"
 
-#: g10/keyedit.c:4036 g10/keyedit.c:4467 g10/keyserver.c:371
-#: g10/mainproc.c:2468 g10/tofu.c:1787 g10/trust.c:430 dirmngr/ocsp.c:794
+#: g10/keyedit.c:4016 g10/keyedit.c:4447 g10/keyserver.c:535
+#: g10/mainproc.c:2277 g10/tofu.c:1787 g10/trust.c:437 dirmngr/ocsp.c:791
 msgid "revoked"
 msgstr "已撤銷"
 
-#: g10/keyedit.c:4038 g10/keyedit.c:4469 g10/keyserver.c:375
-#: g10/mainproc.c:2470 g10/tofu.c:1792 g10/trust.c:113
+#: g10/keyedit.c:4018 g10/keyedit.c:4449 g10/keyserver.c:539
+#: g10/mainproc.c:2279 g10/tofu.c:1792 g10/trust.c:124
 msgid "expired"
 msgstr "已過期"
 
-#: g10/keyedit.c:4155
+#: g10/keyedit.c:4135
 #, c-format
 msgid ""
 "WARNING: no user ID has been marked as primary.  This command may\n"
@@ -4934,17 +4860,17 @@ msgstr ""
 "警告: 沒有任何使用者 ID 被標示為主要 ID. 這項指令可能會\n"
 "      導致不同的使用者 ID 被當成主要 ID.\n"
 
-#: g10/keyedit.c:4207
+#: g10/keyedit.c:4187
 #, c-format
 msgid "WARNING: Your encryption subkey expires soon.\n"
 msgstr "警告: 你的加密子鑰很快將到期.\n"
 
-#: g10/keyedit.c:4208
+#: g10/keyedit.c:4188
 #, c-format
 msgid "You may want to change its expiration date too.\n"
 msgstr "你可能也會想變更其使用期限.\n"
 
-#: g10/keyedit.c:4267
+#: g10/keyedit.c:4247
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
 "versions\n"
@@ -4953,72 +4879,72 @@ msgstr ""
 "警告: 這是一把 PGP2 型態的金鑰.\n"
 "      增加照片 ID 可能會導致某些版本的 PGP 駁回這把金鑰.\n"
 
-#: g10/keyedit.c:4272 g10/keyedit.c:4562
+#: g10/keyedit.c:4252 g10/keyedit.c:4542
 msgid "Are you sure you still want to add it? (y/N) "
 msgstr "你確定仍然想要增加嗎? (y/N) "
 
-#: g10/keyedit.c:4278
+#: g10/keyedit.c:4258
 msgid "You may not add a photo ID to a PGP2-style key.\n"
 msgstr "你不可以把照片 ID 增加到 PGP2 型態的金鑰裡.\n"
 
-#: g10/keyedit.c:4293 g10/keygen.c:2899
+#: g10/keyedit.c:4273 g10/keygen.c:3107
 msgid "Such a user ID already exists on this key!\n"
 msgstr "這把金鑰上已經有這樣子的使用者 ID 了!\n"
 
-#: g10/keyedit.c:4395
+#: g10/keyedit.c:4375
 msgid "Delete this good signature? (y/N/q)"
 msgstr "刪除這份完好的簽章嗎? (y/N/q)"
 
-#: g10/keyedit.c:4405
+#: g10/keyedit.c:4385
 msgid "Delete this invalid signature? (y/N/q)"
 msgstr "刪除這份無效的簽章嗎? (y/N/q)"
 
-#: g10/keyedit.c:4409
+#: g10/keyedit.c:4389
 msgid "Delete this unknown signature? (y/N/q)"
 msgstr "刪除這份未知的簽章嗎? (y/N/q)"
 
-#: g10/keyedit.c:4416
+#: g10/keyedit.c:4396
 msgid "Really delete this self-signature? (y/N)"
 msgstr "真的要刪除這份自我簽章嗎? (y/N)"
 
-#: g10/keyedit.c:4432
+#: g10/keyedit.c:4412
 #, fuzzy, c-format
 #| msgid "Deleted %d signature.\n"
 msgid "Deleted %d signature.\n"
 msgid_plural "Deleted %d signatures.\n"
 msgstr[0] "已經刪除了 %d 份簽章.\n"
 
-#: g10/keyedit.c:4436
+#: g10/keyedit.c:4416
 msgid "Nothing deleted.\n"
 msgstr "沒有刪除任何東西.\n"
 
-#: g10/keyedit.c:4471
+#: g10/keyedit.c:4451
 msgid "invalid"
 msgstr "無效"
 
-#: g10/keyedit.c:4473
+#: g10/keyedit.c:4453
 #, c-format
 msgid "User ID \"%s\" compacted: %s\n"
 msgstr "使用者 ID \"%s\" 已精簡: %s\n"
 
-#: g10/keyedit.c:4479
+#: g10/keyedit.c:4459
 #, fuzzy, c-format
 #| msgid "User ID \"%s\": %d signature removed\n"
 msgid "User ID \"%s\": %d signature removed\n"
 msgid_plural "User ID \"%s\": %d signatures removed\n"
 msgstr[0] "使用者 ID \"%s\": 已移除 %d 份簽章\n"
 
-#: g10/keyedit.c:4487
+#: g10/keyedit.c:4467
 #, c-format
 msgid "User ID \"%s\": already minimized\n"
 msgstr "使用者 ID \"%s\": 已經最小化了\n"
 
-#: g10/keyedit.c:4488
+#: g10/keyedit.c:4468
 #, c-format
 msgid "User ID \"%s\": already clean\n"
 msgstr "使用者 ID \"%s\": 已經是乾淨的了\n"
 
-#: g10/keyedit.c:4557
+#: g10/keyedit.c:4537
 msgid ""
 "WARNING: This is a PGP 2.x-style key.  Adding a designated revoker may "
 "cause\n"
@@ -5027,15 +4953,15 @@ msgstr ""
 "警告: 這是一把 PGP2 型態的金鑰.\n"
 "      增加指定撤銷者可能會導致某些版本的 PGP 駁回這把金鑰.\n"
 
-#: g10/keyedit.c:4568
+#: g10/keyedit.c:4548
 msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
 msgstr "你不可以把指定撤銷者增加到 PGP2 型態的金鑰裡.\n"
 
-#: g10/keyedit.c:4585
+#: g10/keyedit.c:4565
 msgid "Enter the user ID of the designated revoker: "
 msgstr "輸入指定撤銷者的使用者 ID: "
 
-#: g10/keyedit.c:4611
+#: g10/keyedit.c:4591
 #, c-format
 msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
 msgstr "無法將 PGP 2.x 型態的金鑰指派為指定撤銷者\n"
@@ -5043,26 +4969,26 @@ msgstr "無法將 PGP 2.x 型態的金鑰指派為指定撤銷者\n"
 #  This actually causes no harm (after all, a key that
 #  designates itself as a revoker is the same as a
 #  regular key), but it's easy enough to check.
-#: g10/keyedit.c:4626
+#: g10/keyedit.c:4607
 #, c-format
 msgid "you cannot appoint a key as its own designated revoker\n"
 msgstr "你不能指派某把金鑰為它自己的指定撤銷者\n"
 
-#: g10/keyedit.c:4648
+#: g10/keyedit.c:4629
 #, c-format
 msgid "this key has already been designated as a revoker\n"
 msgstr "已指定這把金鑰為撤銷者了\n"
 
-#: g10/keyedit.c:4666
+#: g10/keyedit.c:4647
 msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
 msgstr "警告: 一旦把某把金鑰指派為指定撤銷者後, 就無法反悔了!\n"
 
-#: g10/keyedit.c:4672
+#: g10/keyedit.c:4653
 msgid ""
 "Are you sure you want to appoint this key as a designated revoker? (y/N) "
 msgstr "你確定要指派這把金鑰為指定撤銷者嗎? (y/N) "
 
-#: g10/keyedit.c:4740
+#: g10/keyedit.c:4721
 #, fuzzy
 #| msgid ""
 #| "Are you sure you want to appoint this key as a designated revoker? (y/N) "
@@ -5071,257 +4997,263 @@ msgid ""
 "N) "
 msgstr "你確定要指派這把金鑰為指定撤銷者嗎? (y/N) "
 
-#: g10/keyedit.c:4745
+#: g10/keyedit.c:4726
 msgid "Changing expiration time for a subkey.\n"
 msgstr "正在變更子鑰的使用期限.\n"
 
-#: g10/keyedit.c:4748
+#: g10/keyedit.c:4729
 msgid "Changing expiration time for the primary key.\n"
 msgstr "正在變更主鑰的使用期限.\n"
 
-#: g10/keyedit.c:4804
+#: g10/keyedit.c:4785
 #, c-format
 msgid "You can't change the expiration date of a v3 key\n"
 msgstr "你不能變更 v3 金鑰的使用期限\n"
 
-#: g10/keyedit.c:4864
+#: g10/keyedit.c:4845
 #, fuzzy
 #| msgid "Changing expiration time for a subkey.\n"
 msgid "Changing usage of a subkey.\n"
 msgstr "正在變更子鑰的使用期限.\n"
 
-#: g10/keyedit.c:4867
+#: g10/keyedit.c:4848
 #, fuzzy
 #| msgid "Changing expiration time for the primary key.\n"
 msgid "Changing usage of the primary key.\n"
 msgstr "正在變更主鑰的使用期限.\n"
 
-#: g10/keyedit.c:4985
+#: g10/keyedit.c:4966
 #, c-format
 msgid "signing subkey %s is already cross-certified\n"
 msgstr "簽署子鑰 %s 已經交叉認證過了\n"
 
-#: g10/keyedit.c:4991
+#: g10/keyedit.c:4972
 #, c-format
 msgid "subkey %s does not sign and so does not need to be cross-certified\n"
 msgstr "子鑰 %s 不做簽署之用, 因此無須交叉驗證\n"
 
-#: g10/keyedit.c:5108
+#: g10/keyedit.c:5089
 msgid "Please select exactly one user ID.\n"
 msgstr "請祇選擇一個使用者 ID.\n"
 
-#: g10/keyedit.c:5149 g10/keyedit.c:5263 g10/keyedit.c:5376 g10/keyedit.c:5514
+#: g10/keyedit.c:5130 g10/keyedit.c:5244 g10/keyedit.c:5357 g10/keyedit.c:5495
 #, c-format
 msgid "skipping v3 self-signature on user ID \"%s\"\n"
 msgstr "正在跳過使用者 ID \"%s\" 的 v3 自我簽章\n"
 
-#: g10/keyedit.c:5320
+#: g10/keyedit.c:5301
 msgid "Enter your preferred keyserver URL: "
 msgstr "請輸入你的偏好金鑰伺服器 URL: "
 
-#: g10/keyedit.c:5399
+#: g10/keyedit.c:5380
 msgid "Are you sure you want to replace it? (y/N) "
 msgstr "你確定要取代它嗎？ (y/N) "
 
-#: g10/keyedit.c:5400
+#: g10/keyedit.c:5381
 msgid "Are you sure you want to delete it? (y/N) "
 msgstr "你確定要刪除它嗎？ (y/N) "
 
-#: g10/keyedit.c:5460
+#: g10/keyedit.c:5441
 msgid "Enter the notation: "
 msgstr "請輸入註記: "
 
-#: g10/keyedit.c:5607
+#: g10/keyedit.c:5588
 msgid "Proceed? (y/N) "
 msgstr "是否繼續? (y/N) "
 
-#: g10/keyedit.c:5677
+#: g10/keyedit.c:5658
 #, c-format
 msgid "No user ID with index %d\n"
 msgstr "索引 %d 沒有對應到使用者 ID\n"
 
-#: g10/keyedit.c:5739
+#: g10/keyedit.c:5720
 #, c-format
 msgid "No user ID with hash %s\n"
 msgstr "雜湊 %s 沒有對應到使用者 ID\n"
 
-#: g10/keyedit.c:5840
+#: g10/keyedit.c:5821
 #, fuzzy, c-format
 #| msgid "No subkey with index %d\n"
 msgid "No subkey with key ID '%s'.\n"
 msgstr "索引 %d 沒有對應到子鑰\n"
 
-#: g10/keyedit.c:5862
+#: g10/keyedit.c:5843
 #, c-format
 msgid "No subkey with index %d\n"
 msgstr "索引 %d 沒有對應到子鑰\n"
 
-#: g10/keyedit.c:6003
+#: g10/keyedit.c:5984
 #, c-format
 msgid "user ID: \"%s\"\n"
 msgstr "使用者 ID: \"%s\"\n"
 
-#: g10/keyedit.c:6006 g10/keyedit.c:6108 g10/keyedit.c:6156
+#: g10/keyedit.c:5987 g10/keyedit.c:6089 g10/keyedit.c:6137
 #, c-format
 msgid "signed by your key %s on %s%s%s\n"
 msgstr "已被你的金鑰 %s 於 %s%s%s 所簽署\n"
 
-#: g10/keyedit.c:6008 g10/keyedit.c:6110 g10/keyedit.c:6158
+#: g10/keyedit.c:5989 g10/keyedit.c:6091 g10/keyedit.c:6139
 msgid " (non-exportable)"
 msgstr " (不可匯出)"
 
-#: g10/keyedit.c:6012
+#: g10/keyedit.c:5993
 #, c-format
 msgid "This signature expired on %s.\n"
 msgstr "這份簽章已經在 %s 過期了.\n"
 
-#: g10/keyedit.c:6017
+#: g10/keyedit.c:5998
 msgid "Are you sure you still want to revoke it? (y/N) "
 msgstr "你確定仍然想要撤銷它嗎? (y/N) "
 
-#: g10/keyedit.c:6022
+#: g10/keyedit.c:6003
 msgid "Create a revocation certificate for this signature? (y/N) "
 msgstr "要為這份簽章建立一份撤銷憑證嗎? (y/N) "
 
-#: g10/keyedit.c:6082
+#: g10/keyedit.c:6063
 #, c-format
 msgid "You have signed these user IDs on key %s:\n"
 msgstr "你已經簽署了金鑰 %s 上的這些使用者 ID:\n"
 
-#: g10/keyedit.c:6111
+#: g10/keyedit.c:6092
 msgid " (non-revocable)"
 msgstr " (不可撤銷)"
 
-#: g10/keyedit.c:6118
+#: g10/keyedit.c:6099
 #, c-format
 msgid "revoked by your key %s on %s\n"
 msgstr "被你的金鑰 %s 於 %s 所撤銷了\n"
 
-#: g10/keyedit.c:6143
+#: g10/keyedit.c:6124
 msgid "You are about to revoke these signatures:\n"
 msgstr "你正要撤銷這些簽章:\n"
 
-#: g10/keyedit.c:6166
+#: g10/keyedit.c:6147
 msgid "Really create the revocation certificates? (y/N) "
 msgstr "真的要建立撤銷憑證嗎? (y/N) "
 
-#: g10/keyedit.c:6199
+#: g10/keyedit.c:6180
 #, c-format
 msgid "no secret key\n"
 msgstr "沒有私鑰\n"
 
-#: g10/keyedit.c:6247
+#: g10/keyedit.c:6228
 #, c-format
 msgid "tried to revoke a non-user ID: %s\n"
 msgstr ""
 
-#: g10/keyedit.c:6257
+#: g10/keyedit.c:6238
 #, c-format
 msgid "user ID \"%s\" is already revoked\n"
 msgstr "使用者 ID \"%s\" 已撤銷\n"
 
-#: g10/keyedit.c:6274
+#: g10/keyedit.c:6255
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
 msgstr "警告: 有一份使用者 ID 的簽章日期為 %d 秒後的未來\n"
 
-#: g10/keyedit.c:6370
+#: g10/keyedit.c:6351
 #, fuzzy, c-format
 #| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
 msgstr "你不能刪除最後一個使用者 ID!\n"
 
-#: g10/keyedit.c:6408
+#: g10/keyedit.c:6389
 #, c-format
 msgid "Key %s is already revoked.\n"
 msgstr "金鑰 %s 已撤銷.\n"
 
-#: g10/keyedit.c:6470
+#: g10/keyedit.c:6451
 #, c-format
 msgid "Subkey %s is already revoked.\n"
 msgstr "子鑰 %s 已撤銷.\n"
 
-#: g10/keyedit.c:6567
+#: g10/keyedit.c:6548
 #, c-format
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "正在顯示 %s 照片 ID, 其尺寸為 %ld, 屬於金鑰 %s (uid %d) 的照片\n"
 
-#: g10/keygen.c:169
+#: g10/keygen.c:185
 #, fuzzy, c-format
 #| msgid "invalid argument for option \"%.50s\"\n"
 msgid "invalid value for option '%s'\n"
 msgstr "選項 \"%.50s\" 的引數無效\n"
 
-#: g10/keygen.c:322
+#: g10/keygen.c:338
 #, c-format
 msgid "preference '%s' duplicated\n"
 msgstr "偏好設定 '%s' 重複了\n"
 
-#: g10/keygen.c:329
+#: g10/keygen.c:345
 #, c-format
 msgid "too many cipher preferences\n"
 msgstr "編密偏好過多\n"
 
-#: g10/keygen.c:331
+#: g10/keygen.c:347
 #, c-format
 msgid "too many digest preferences\n"
 msgstr "摘要偏好過多\n"
 
-#: g10/keygen.c:333
+#: g10/keygen.c:349
 #, c-format
 msgid "too many compression preferences\n"
 msgstr "壓縮偏好過多\n"
 
-#: g10/keygen.c:493
+#: g10/keygen.c:351
+#, fuzzy, c-format
+#| msgid "too many cipher preferences\n"
+msgid "too many AEAD preferences\n"
+msgstr "編密偏好過多\n"
+
+#: g10/keygen.c:521
 #, c-format
 msgid "invalid item '%s' in preference string\n"
 msgstr "偏好字串中含有無效的項目 '%s'\n"
 
-#: g10/keygen.c:972
+#: g10/keygen.c:1130
 #, c-format
 msgid "writing direct signature\n"
 msgstr "寫入直接簽章中\n"
 
-#: g10/keygen.c:1018
+#: g10/keygen.c:1176
 #, c-format
 msgid "writing self signature\n"
 msgstr "寫入自我簽章中\n"
 
-#: g10/keygen.c:1075
+#: g10/keygen.c:1233
 #, c-format
 msgid "writing key binding signature\n"
 msgstr "寫入附鑰簽章中\n"
 
-#: g10/keygen.c:1440 g10/keygen.c:1445 g10/keygen.c:1497 g10/keygen.c:1502
-#: g10/keygen.c:1656 g10/keygen.c:1661
+#: g10/keygen.c:1598 g10/keygen.c:1603 g10/keygen.c:1655 g10/keygen.c:1660
+#: g10/keygen.c:1832 g10/keygen.c:1837
 #, c-format
 msgid "keysize invalid; using %u bits\n"
 msgstr "金鑰尺寸無效; 改用 %u 位元\n"
 
-#: g10/keygen.c:1451 g10/keygen.c:1508 g10/keygen.c:1516 g10/keygen.c:1667
+#: g10/keygen.c:1609 g10/keygen.c:1666 g10/keygen.c:1674 g10/keygen.c:1843
 #, c-format
 msgid "keysize rounded up to %u bits\n"
 msgstr "金鑰尺寸增大到 %u 位元\n"
 
-#: g10/keygen.c:1542
+#: g10/keygen.c:1700
 #, c-format
 msgid ""
 "WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
 msgstr "警告: 某些 OpenPGP 程式無法處理具有此摘要尺寸的 DSA 金鑰\n"
 
-#: g10/keygen.c:1723
+#: g10/keygen.c:1899
 msgid "Sign"
 msgstr "簽署"
 
-#: g10/keygen.c:1726
+#: g10/keygen.c:1902
 msgid "Certify"
 msgstr "保證"
 
-#: g10/keygen.c:1729
+#: g10/keygen.c:1905
 msgid "Encrypt"
 msgstr "加密"
 
-#: g10/keygen.c:1732
+#: g10/keygen.c:1908
 msgid "Authenticate"
 msgstr "鑑定"
 
@@ -5335,162 +5267,180 @@ msgstr "鑑定"
 #. *   a = Toggle authentication capability
 #. *   q = Finish
 #.
-#: g10/keygen.c:1753
+#: g10/keygen.c:1929
 msgid "SsEeAaQq"
 msgstr "SsEeAaQq"
 
-#: g10/keygen.c:1784
-#, c-format
-msgid "Possible actions for a %s key: "
+#: g10/keygen.c:1966
+#, fuzzy, c-format
+#| msgid "Possible actions for a %s key: "
+msgid "Possible actions for this %s key: "
 msgstr "%s 金鑰可能的動作: "
 
-#: g10/keygen.c:1790
+#: g10/keygen.c:1973
 msgid "Current allowed actions: "
 msgstr "目前可進行的動作: "
 
-#: g10/keygen.c:1795
+#: g10/keygen.c:1978
 #, c-format
 msgid "   (%c) Toggle the sign capability\n"
 msgstr "   (%c) 切換簽署性能\n"
 
-#: g10/keygen.c:1798
+#: g10/keygen.c:1981
 #, c-format
 msgid "   (%c) Toggle the encrypt capability\n"
 msgstr "   (%c) 切換加密性能\n"
 
-#: g10/keygen.c:1801
+#: g10/keygen.c:1984
 #, c-format
 msgid "   (%c) Toggle the authenticate capability\n"
 msgstr "   (%c) 切換鑑定性能\n"
 
-#: g10/keygen.c:1804
+#: g10/keygen.c:1987
 #, c-format
 msgid "   (%c) Finished\n"
 msgstr "   (%c) 已完成\n"
 
-#: g10/keygen.c:1930
-#, c-format
-msgid "   (%d) RSA and RSA (default)\n"
+#: g10/keygen.c:2116
+#, fuzzy, c-format
+#| msgid "   (%d) RSA and RSA (default)\n"
+msgid "   (%d) RSA and RSA%s\n"
 msgstr "   (%d) RSA 和 RSA (預設)\n"
 
-#: g10/keygen.c:1934
-#, c-format
-msgid "   (%d) DSA and Elgamal\n"
+#: g10/keygen.c:2120
+#, fuzzy, c-format
+#| msgid "   (%d) DSA and Elgamal\n"
+msgid "   (%d) DSA and Elgamal%s\n"
 msgstr "   (%d) DSA 和 Elgamal\n"
 
-#: g10/keygen.c:1937
-#, c-format
-msgid "   (%d) DSA (sign only)\n"
+#: g10/keygen.c:2123
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (sign only)\n"
+msgid "   (%d) DSA (sign only)%s\n"
 msgstr "   (%d) DSA (僅能用於簽署)\n"
 
-#: g10/keygen.c:1939
-#, c-format
-msgid "   (%d) RSA (sign only)\n"
+#: g10/keygen.c:2125
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (sign only)\n"
+msgid "   (%d) RSA (sign only)%s\n"
 msgstr "   (%d) RSA (僅能用於簽署)\n"
 
-#: g10/keygen.c:1945
-#, c-format
-msgid "   (%d) Elgamal (encrypt only)\n"
+#: g10/keygen.c:2131
+#, fuzzy, c-format
+#| msgid "   (%d) Elgamal (encrypt only)\n"
+msgid "   (%d) Elgamal (encrypt only)%s\n"
 msgstr "   (%d) Elgamal (僅能用於加密)\n"
 
-#: g10/keygen.c:1947
-#, c-format
-msgid "   (%d) RSA (encrypt only)\n"
+#: g10/keygen.c:2133
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (encrypt only)\n"
+msgid "   (%d) RSA (encrypt only)%s\n"
 msgstr "   (%d) RSA (僅能用於加密)\n"
 
-#: g10/keygen.c:1953
-#, c-format
-msgid "   (%d) DSA (set your own capabilities)\n"
+#: g10/keygen.c:2139
+#, fuzzy, c-format
+#| msgid "   (%d) DSA (set your own capabilities)\n"
+msgid "   (%d) DSA (set your own capabilities)%s\n"
 msgstr "   (%d) DSA (你能自己設定性能)\n"
 
-#: g10/keygen.c:1955
-#, c-format
-msgid "   (%d) RSA (set your own capabilities)\n"
+#: g10/keygen.c:2141
+#, fuzzy, c-format
+#| msgid "   (%d) RSA (set your own capabilities)\n"
+msgid "   (%d) RSA (set your own capabilities)%s\n"
 msgstr "   (%d) RSA (你能自己設定性能)\n"
 
-#: g10/keygen.c:1961
-#, c-format
-msgid "   (%d) ECC and ECC\n"
-msgstr "   (%d) ECC 和 ECC\n"
+#: g10/keygen.c:2147
+#, fuzzy, c-format
+#| msgid "   (%d) sign, encrypt\n"
+msgid "   (%d) ECC (sign and encrypt)%s\n"
+msgstr "   (%d) 簽署, 加密\n"
+
+#: g10/keygen.c:2147 g10/keygen.c:2678
+msgid " *default*"
+msgstr ""
 
-#: g10/keygen.c:1963
+#: g10/keygen.c:2148
 #, c-format
 msgid "  (%d) ECC (sign only)\n"
 msgstr "   (%d) ECC (僅能用於簽署)\n"
 
-#: g10/keygen.c:1965
-#, c-format
-msgid "  (%d) ECC (set your own capabilities)\n"
+#: g10/keygen.c:2150
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (set your own capabilities)\n"
+msgid "  (%d) ECC (set your own capabilities)%s\n"
 msgstr "   (%d) ECC (你能自己設定性能)\n"
 
-#: g10/keygen.c:1967
-#, c-format
-msgid "  (%d) ECC (encrypt only)\n"
+#: g10/keygen.c:2152
+#, fuzzy, c-format
+#| msgid "  (%d) ECC (encrypt only)\n"
+msgid "  (%d) ECC (encrypt only)%s\n"
 msgstr "   (%d) ECC (僅能用於加密)\n"
 
-#: g10/keygen.c:1971
-#, c-format
-msgid "  (%d) Existing key\n"
+#: g10/keygen.c:2156
+#, fuzzy, c-format
+#| msgid "  (%d) Existing key\n"
+msgid "  (%d) Existing key%s\n"
 msgstr "   (%d) 現有的金鑰\n"
 
-#: g10/keygen.c:1973
+#: g10/keygen.c:2158
 #, fuzzy, c-format
 #| msgid "   (%d) Existing key from card\n"
-msgid "  (%d) Existing key from card\n"
+msgid "  (%d) Existing key from card%s\n"
 msgstr "   (%d) 卡片上現存的金鑰\n"
 
-#: g10/keygen.c:2069 sm/certreqgen-ui.c:202
+#: g10/keygen.c:2254 sm/certreqgen-ui.c:203
 msgid "Enter the keygrip: "
 msgstr "請輸入金鑰鑰柄: "
 
-#: g10/keygen.c:2082 sm/certreqgen-ui.c:210
+#: g10/keygen.c:2267 sm/certreqgen-ui.c:211 tools/gpg-card.c:2279
+#, c-format
 msgid "Not a valid keygrip (expecting 40 hex digits)\n"
 msgstr "不是有效的金鑰鑰柄 (應該要是 40 位十六進制數值)\n"
 
-#: g10/keygen.c:2084 sm/certreqgen-ui.c:212
+#: g10/keygen.c:2269 sm/certreqgen-ui.c:213
 msgid "No key with this keygrip\n"
 msgstr "沒有金鑰有此金鑰鑰柄\n"
 
-#: g10/keygen.c:2103 g10/keygen.c:2113 g10/keygen.c:3216 g10/keygen.c:3227
-#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#: g10/keygen.c:2288 g10/keygen.c:2298 g10/keygen.c:3437 g10/keygen.c:3448
+#: sm/certreqgen-ui.c:231 sm/certreqgen-ui.c:240
 #, c-format
 msgid "error reading the card: %s\n"
 msgstr "讀取卡片時出錯: %s\n"
 
-#: g10/keygen.c:2107 g10/keygen.c:3220 sm/certreqgen-ui.c:233
+#: g10/keygen.c:2292 g10/keygen.c:3441 sm/certreqgen-ui.c:234
 #, c-format
 msgid "Serial number of the card: %s\n"
 msgstr "卡片序號: %s\n"
 
-#: g10/keygen.c:2120 sm/certreqgen-ui.c:245
+#: g10/keygen.c:2311 sm/certreqgen-ui.c:246
 msgid "Available keys:\n"
 msgstr "可用金鑰:\n"
 
-#: g10/keygen.c:2297 g10/keygen.c:2311
+#: g10/keygen.c:2504 g10/keygen.c:2518
 #, c-format
 msgid "rounded to %u bits\n"
 msgstr "加大到 %u 位元\n"
 
-#: g10/keygen.c:2352
+#: g10/keygen.c:2559
 #, c-format
 msgid "%s keys may be between %u and %u bits long.\n"
 msgstr "%s 金鑰的長度可能介於 %u 位元和 %u 位元之間.\n"
 
-#: g10/keygen.c:2360
+#: g10/keygen.c:2567
 #, c-format
 msgid "What keysize do you want for the subkey? (%u) "
 msgstr "你的子鑰想要用多大的金鑰尺寸? (%u) "
 
-#: g10/keygen.c:2377 sm/certreqgen-ui.c:189
+#: g10/keygen.c:2584 sm/certreqgen-ui.c:190
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "你所要求的金鑰尺寸是 %u 位元\n"
 
-#: g10/keygen.c:2423
+#: g10/keygen.c:2630
 msgid "Please select which elliptic curve you want:\n"
 msgstr "請選擇你要使用的橢圓曲線:\n"
 
-#: g10/keygen.c:2611
+#: g10/keygen.c:2819
 msgid ""
 "Please specify how long the key should be valid.\n"
 "         0 = key does not expire\n"
@@ -5506,7 +5456,7 @@ msgstr ""
 "      <n>m = 金鑰在 n 月後會到期\n"
 "      <n>y = 金鑰在 n 年後會到期\n"
 
-#: g10/keygen.c:2622
+#: g10/keygen.c:2830
 msgid ""
 "Please specify how long the signature should be valid.\n"
 "         0 = signature does not expire\n"
@@ -5522,38 +5472,38 @@ msgstr ""
 "      <n>m = 簽章在 n 月後會到期\n"
 "      <n>y = 簽章在 n 年後會到期\n"
 
-#: g10/keygen.c:2645
+#: g10/keygen.c:2853
 msgid "Key is valid for? (0) "
 msgstr "金鑰的有效期限是多久? (0) "
 
-#: g10/keygen.c:2650
+#: g10/keygen.c:2858
 #, c-format
 msgid "Signature is valid for? (%s) "
 msgstr "簽章的有效期限是多久? (%s) "
 
-#: g10/keygen.c:2663 g10/keygen.c:2688
+#: g10/keygen.c:2871 g10/keygen.c:2896
 msgid "invalid value\n"
 msgstr "無效的數值\n"
 
-#: g10/keygen.c:2670
+#: g10/keygen.c:2878
 msgid "Key does not expire at all\n"
 msgstr "金鑰完全不會過期\n"
 
-#: g10/keygen.c:2671
+#: g10/keygen.c:2879
 msgid "Signature does not expire at all\n"
 msgstr "簽章完全不會過期\n"
 
-#: g10/keygen.c:2676
+#: g10/keygen.c:2884
 #, c-format
 msgid "Key expires at %s\n"
 msgstr "金鑰將會在 %s 到期\n"
 
-#: g10/keygen.c:2677
+#: g10/keygen.c:2885
 #, c-format
 msgid "Signature expires at %s\n"
 msgstr "簽章將會在 %s 到期.\n"
 
-#: g10/keygen.c:2681
+#: g10/keygen.c:2889
 msgid ""
 "Your system can't display dates beyond 2038.\n"
 "However, it will be correctly handled up to 2106.\n"
@@ -5561,11 +5511,11 @@ msgstr ""
 "你的系統無法顯示 2038 年以後的日期.\n"
 "不過, 它可以正確處理直到 2106 年之前的年份.\n"
 
-#: g10/keygen.c:2694
+#: g10/keygen.c:2902
 msgid "Is this correct? (y/N) "
 msgstr "以上正確嗎? (y/N) "
 
-#: g10/keygen.c:2762
+#: g10/keygen.c:2970
 msgid ""
 "\n"
 "GnuPG needs to construct a user ID to identify your key.\n"
@@ -5579,7 +5529,7 @@ msgstr ""
 #. but you should keep your existing translation.  In case
 #. the new string is not translated this old string will
 #. be used.
-#: g10/keygen.c:2777
+#: g10/keygen.c:2985
 msgid ""
 "\n"
 "You need a user ID to identify your key; the software constructs the user "
@@ -5594,49 +5544,49 @@ msgstr ""
 "    \"Ke-Huan Lin (Jedi) <Jedi@Jedi.org>\"\n"
 "\n"
 
-#: g10/keygen.c:2796
+#: g10/keygen.c:3004
 msgid "Real name: "
 msgstr "真實姓名: "
 
-#: g10/keygen.c:2805
+#: g10/keygen.c:3013
 msgid "Invalid character in name\n"
 msgstr "姓名含有無效的字符\n"
 
-#: g10/keygen.c:2806
+#: g10/keygen.c:3014
 #, c-format
 msgid "The characters '%s' and '%s' may not appear in name\n"
 msgstr ""
 
-#: g10/keygen.c:2810
+#: g10/keygen.c:3018
 msgid "Name may not start with a digit\n"
 msgstr "姓名不可以用數字開頭\n"
 
-#: g10/keygen.c:2813
+#: g10/keygen.c:3021
 msgid "Name must be at least 5 characters long\n"
 msgstr "姓名至少要有五個字符長\n"
 
-#: g10/keygen.c:2823
+#: g10/keygen.c:3031
 msgid "Email address: "
 msgstr "電子郵件地址: "
 
-#: g10/keygen.c:2829
+#: g10/keygen.c:3037
 msgid "Not a valid email address\n"
 msgstr "不是有效的電子郵件地址\n"
 
-#: g10/keygen.c:2838
+#: g10/keygen.c:3046
 msgid "Comment: "
 msgstr "註釋: "
 
-#: g10/keygen.c:2844
+#: g10/keygen.c:3052
 msgid "Invalid character in comment\n"
 msgstr "註釋含有無效的字符\n"
 
-#: g10/keygen.c:2880
+#: g10/keygen.c:3088
 #, c-format
 msgid "You are using the '%s' character set.\n"
 msgstr "你正在使用 '%s' 字元集.\n"
 
-#: g10/keygen.c:2886
+#: g10/keygen.c:3094
 #, c-format
 msgid ""
 "You selected this USER-ID:\n"
@@ -5647,7 +5597,7 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:2891
+#: g10/keygen.c:3099
 msgid "Please don't put the email address into the real name or the comment\n"
 msgstr "請不要把電子郵件地址放進你的真實姓名或註釋裡\n"
 
@@ -5662,31 +5612,31 @@ msgstr "請不要把電子郵件地址放進你的真實姓名或註釋裡\n"
 #. o = Okay (ready, continue)
 #. q = Quit
 #.
-#: g10/keygen.c:2916
+#: g10/keygen.c:3124
 msgid "NnCcEeOoQq"
 msgstr "NnCcEeOoQq"
 
-#: g10/keygen.c:2926
+#: g10/keygen.c:3134
 msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
 msgstr "變更姓名(N), 註釋(C), 電子郵件地址(E)或退出(Q)? "
 
-#: g10/keygen.c:2927
+#: g10/keygen.c:3135
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "變更姓名(N), 註釋(C), 電子郵件地址(E)或確定(O)/退出(Q)? "
 
-#: g10/keygen.c:2932
+#: g10/keygen.c:3140
 msgid "Change (N)ame, (E)mail, or (Q)uit? "
 msgstr "變更姓名(N), 電子郵件地址(E)或退出(Q)? "
 
-#: g10/keygen.c:2933
+#: g10/keygen.c:3141
 msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
 msgstr "變更姓名(N), 電子郵件地址(E)或確定(O)/退出(Q)? "
 
-#: g10/keygen.c:2952
+#: g10/keygen.c:3160
 msgid "Please correct the error first\n"
 msgstr "請先訂正錯誤\n"
 
-#: g10/keygen.c:2998
+#: g10/keygen.c:3206
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (type on the keyboard, move the mouse, utilize the\n"
@@ -5697,13 +5647,13 @@ msgstr ""
 "(像是敲打鍵盤, 移動滑鼠, 讀寫硬碟之類的)\n"
 "這會讓隨機數字產生器有更多的機會獲得夠多的亂數.\n"
 
-#: g10/keygen.c:4278 g10/keygen.c:4349 g10/keygen.c:4367 g10/keygen.c:4395
-#: g10/keygen.c:4739 g10/keygen.c:5239 g10/keygen.c:5534 g10/keygen.c:5639
+#: g10/keygen.c:4570 g10/keygen.c:4643 g10/keygen.c:4661 g10/keygen.c:4690
+#: g10/keygen.c:5066 g10/keygen.c:5612 g10/keygen.c:5923 g10/keygen.c:6030
 #, c-format
 msgid "Key generation failed: %s\n"
 msgstr "產生金鑰失敗: %s\n"
 
-#: g10/keygen.c:4287
+#: g10/keygen.c:4579
 #, c-format
 msgid ""
 "About to create a key for:\n"
@@ -5714,64 +5664,64 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
 
-#: g10/keygen.c:4289
+#: g10/keygen.c:4581
 msgid "Continue? (Y/n) "
 msgstr "是否繼續? (Y/n) "
 
-#: g10/keygen.c:4310
+#: g10/keygen.c:4602
 #, c-format
 msgid "A key for \"%s\" already exists\n"
 msgstr "\"%s\" 的金鑰已存在\n"
 
-#: g10/keygen.c:4315
+#: g10/keygen.c:4607
 msgid "Create anyway? (y/N) "
 msgstr "無論如何還是要建立嗎? (y/N) "
 
-#: g10/keygen.c:4321
+#: g10/keygen.c:4613
 #, c-format
 msgid "creating anyway\n"
 msgstr "總之還是在建立\n"
 
-#: g10/keygen.c:4722
+#: g10/keygen.c:5049
 #, c-format
 msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
 msgstr "請注意: 如需全能金鑰產生對話框請用  \"%s %s\".\n"
 
-#: g10/keygen.c:4771
+#: g10/keygen.c:5098
 #, c-format
 msgid "Key generation canceled.\n"
 msgstr "金鑰產生已取消.\n"
 
-#: g10/keygen.c:4831
+#: g10/keygen.c:5158
 #, c-format
 msgid "can't create backup file '%s': %s\n"
 msgstr "無法建立備份檔案 '%s': %s\n"
 
-#: g10/keygen.c:4851
+#: g10/keygen.c:5178
 #, c-format
 msgid "Note: backup of card key saved to '%s'\n"
 msgstr "請注意: 卡片金鑰的備份已儲存至 '%s'\n"
 
-#: g10/keygen.c:5010 g10/keygen.c:5172
+#: g10/keygen.c:5339 g10/keygen.c:5541
 #, c-format
 msgid "writing public key to '%s'\n"
 msgstr "正在寫入公鑰至 '%s'\n"
 
-#: g10/keygen.c:5166
+#: g10/keygen.c:5535
 #, c-format
 msgid "no writable public keyring found: %s\n"
 msgstr "找不到可寫入的公鑰鑰匙圈: %s\n"
 
-#: g10/keygen.c:5180
+#: g10/keygen.c:5549
 #, c-format
 msgid "error writing public keyring '%s': %s\n"
 msgstr "寫入公鑰鑰匙圈 '%s' 時出錯: %s\n"
 
-#: g10/keygen.c:5210
+#: g10/keygen.c:5583
 msgid "public and secret key created and signed.\n"
 msgstr "公鑰和私鑰已建立及簽署.\n"
 
-#: g10/keygen.c:5226
+#: g10/keygen.c:5599
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--edit-key\" to generate a subkey for this purpose.\n"
@@ -5779,633 +5729,637 @@ msgstr ""
 "請注意這把金鑰不能用於加密.  也許你會想藉由 \"--edit-key\" 指令\n"
 "來產生加密用的子鑰.\n"
 
-#: g10/keygen.c:5401 g10/keygen.c:5590
+#: g10/keygen.c:5781 g10/keygen.c:5980
 #, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr "金鑰已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
 
-#: g10/keygen.c:5403 g10/keygen.c:5592
+#: g10/keygen.c:5783 g10/keygen.c:5982
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr "金鑰已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
 
-#: g10/keygen.c:5414 g10/keygen.c:5603
+#: g10/keygen.c:5794 g10/keygen.c:5993
 #, c-format
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
 msgstr "請注意: 對 v3 金鑰製造子鑰不符合 OpenPGP 規範\n"
 
-#: g10/keygen.c:5426 g10/keygen.c:5428
+#: g10/keygen.c:5806 g10/keygen.c:5808
 #, c-format
 msgid "Secret parts of primary key are not available.\n"
 msgstr "主鑰的私鑰部分無法取用.\n"
 
-#: g10/keygen.c:5435 g10/keygen.c:5437
+#: g10/keygen.c:5815 g10/keygen.c:5817
 #, c-format
 msgid "Secret parts of primary key are stored on-card.\n"
 msgstr "主鑰的私鑰部分存放於卡上.\n"
 
-#: g10/keygen.c:5456 g10/keygen.c:5617
+#: g10/keygen.c:5837 g10/keygen.c:6007
 msgid "Really create? (y/N) "
 msgstr "真的要建立嗎? (y/N) "
 
-#: g10/keyid.c:666 g10/keyid.c:677 g10/keyid.c:688
+#: g10/keyid.c:754 g10/keyid.c:769 g10/keyid.c:784
 msgid "never     "
 msgstr "永遠不過期"
 
-#: g10/keylist.c:332
+#: g10/keylist.c:350
 msgid "Critical signature policy: "
 msgstr "關鍵簽章原則: "
 
-#: g10/keylist.c:334
+#: g10/keylist.c:352
 msgid "Signature policy: "
 msgstr "簽章原則: "
 
-#: g10/keylist.c:374
+#: g10/keylist.c:390
 msgid "Critical preferred keyserver: "
 msgstr "執意偏好的金鑰伺服器: "
 
-#: g10/keylist.c:427
+#: g10/keylist.c:443
 msgid "Critical signature notation: "
 msgstr "關鍵簽章註記: "
 
-#: g10/keylist.c:429
+#: g10/keylist.c:445
 msgid "Signature notation: "
 msgstr "簽章註記: "
 
-#: g10/keylist.c:479
+#: g10/keylist.c:491
 #, fuzzy, c-format
 #| msgid "%d bad signatures\n"
 msgid "%d good signature\n"
 msgid_plural "%d good signatures\n"
 msgstr[0] "%d 份損壞的簽章\n"
 
-#: g10/keylist.c:492
+#: g10/keylist.c:504
 #, fuzzy, c-format
 #| msgid "1 signature not checked due to an error\n"
 msgid "%d signature not checked due to an error\n"
 msgid_plural "%d signatures not checked due to errors\n"
 msgstr[0] "有 1 份簽章因錯誤而未被檢查\n"
 
-#: g10/keylist.c:580
+#: g10/keylist.c:590
 #, fuzzy, c-format
 #| msgid "Warning: %lu key(s) skipped due to their large size\n"
 msgid "Warning: %lu key skipped due to its large size\n"
 msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
 msgstr[0] "警告: %lu 把金鑰因尺寸太大已跳過\n"
 
-#: g10/keylist.c:603
+#: g10/keylist.c:613
 msgid "Keyring"
 msgstr "鑰匙圈"
 
-#: g10/keylist.c:2012
+#: g10/keylist.c:2106
 msgid "Primary key fingerprint:"
 msgstr "               主鑰指紋:"
 
-#: g10/keylist.c:2014
+#: g10/keylist.c:2108
 msgid "     Subkey fingerprint:"
 msgstr "               子鑰指紋:"
 
 #. TRANSLATORS: this should fit into 24 bytes so that the
 #. * fingerprint data is properly aligned with the user ID
-#: g10/keylist.c:2022
+#: g10/keylist.c:2116
 msgid " Primary key fingerprint:"
 msgstr "                主鑰指紋:"
 
-#: g10/keylist.c:2024 g10/keylist.c:2034
+#: g10/keylist.c:2118 g10/keylist.c:2128
 msgid "      Subkey fingerprint:"
 msgstr "                子鑰指紋:"
 
 #  use tty
-#: g10/keylist.c:2029 g10/keylist.c:2045
+#: g10/keylist.c:2123 g10/keylist.c:2139
 msgid "      Key fingerprint ="
 msgstr "      金鑰指紋 ="
 
-#: g10/keylist.c:2096
+#: g10/keylist.c:2190
 msgid "      Card serial no. ="
 msgstr "      卡片序號 ="
 
-#: g10/keyring.c:1470
+#: g10/keyring.c:1467
 #, c-format
 msgid "caching keyring '%s'\n"
 msgstr "快取鑰匙圈 '%s' 中\n"
 
-#: g10/keyring.c:1546
+#: g10/keyring.c:1541
 #, fuzzy, c-format
 #| msgid "%lu keys cached so far (%lu signatures)\n"
 msgid "%lu keys cached so far (%lu signature)\n"
 msgid_plural "%lu keys cached so far (%lu signatures)\n"
 msgstr[0] "目前已檢查 %lu 把金鑰 (共 %lu 份簽章)\n"
 
-#: g10/keyring.c:1562
+#: g10/keyring.c:1557
 #, fuzzy, c-format
 #| msgid "flush the cache"
 msgid "%lu key cached"
 msgid_plural "%lu keys cached"
 msgstr[0] "清除快取"
 
-#: g10/keyring.c:1564
+#: g10/keyring.c:1559
 #, fuzzy, c-format
 #| msgid "1 bad signature\n"
 msgid " (%lu signature)\n"
 msgid_plural " (%lu signatures)\n"
 msgstr[0] "1 份損壞的簽章\n"
 
-#: g10/keyring.c:1641
+#: g10/keyring.c:1636
 #, c-format
 msgid "%s: keyring created\n"
 msgstr "%s: 鑰匙圈已建立\n"
 
-#: g10/keyserver.c:91
+#: g10/keyserver.c:90
 msgid "override proxy options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:93
+#: g10/keyserver.c:92
 msgid "include revoked keys in search results"
 msgstr "在搜尋結果中也包含已撤銷的金鑰"
 
-#: g10/keyserver.c:94
+#: g10/keyserver.c:93
 msgid "include subkeys when searching by key ID"
 msgstr "以金鑰 ID 搜尋時也搜尋子鑰"
 
-#: g10/keyserver.c:96
+#: g10/keyserver.c:95
 msgid "override timeout options set for dirmngr"
 msgstr ""
 
-#: g10/keyserver.c:100
+#: g10/keyserver.c:99
 msgid "automatically retrieve keys when verifying signatures"
 msgstr "驗證簽章時自動取回金鑰"
 
-#: g10/keyserver.c:102
+#: g10/keyserver.c:101
 msgid "honor the preferred keyserver URL set on the key"
 msgstr "尊重金鑰上所設定的偏好金鑰伺服器 URL"
 
-#: g10/keyserver.c:104
-msgid "honor the PKA record set on a key when retrieving keys"
-msgstr "取回金鑰時尊重金鑰所設定的 PKA 記錄"
-
-#: g10/keyserver.c:373
+#: g10/keyserver.c:537
 msgid "disabled"
 msgstr "已停用"
 
-#: g10/keyserver.c:577
+#: g10/keyserver.c:740
 msgid "Enter number(s), N)ext, or Q)uit > "
 msgstr "請輸入數字, N)下一頁, 或 Q)離開 > "
 
-#: g10/keyserver.c:683
+#: g10/keyserver.c:846
 #, c-format
 msgid "invalid keyserver protocol (us %d!=handler %d)\n"
 msgstr "無效的金鑰伺服器協定 (我們用 %d!=經手程式 %d)\n"
 
-#: g10/keyserver.c:824 g10/keyserver.c:939
+#: g10/keyserver.c:986 g10/keyserver.c:1096
 #, c-format
 msgid "\"%s\" not a key ID: skipping\n"
 msgstr "\"%s\" 並非金鑰 ID: 跳過中\n"
 
-#: g10/keyserver.c:1237 g10/keyserver.c:1270
+#: g10/keyserver.c:1418 g10/keyserver.c:1451
 #, fuzzy, c-format
 #| msgid "refreshing %d keys from %s\n"
 msgid "refreshing %d key from %s\n"
 msgid_plural "refreshing %d keys from %s\n"
 msgstr[0] "更新 %d 份金鑰中 (從 %s )\n"
 
-#: g10/keyserver.c:1244
+#: g10/keyserver.c:1425
 #, c-format
 msgid "WARNING: unable to refresh key %s via %s: %s\n"
 msgstr "警告: 無法更新金鑰 %s 於 %s: %s\n"
 
-#: g10/keyserver.c:1336
+#: g10/keyserver.c:1529
 #, c-format
 msgid "key \"%s\" not found on keyserver\n"
 msgstr "在金鑰伺服器上找不到金鑰 \"%s\"\n"
 
-#: g10/keyserver.c:1339
+#: g10/keyserver.c:1532
 #, c-format
 msgid "key not found on keyserver\n"
 msgstr "在金鑰伺服器上找不到金鑰\n"
 
-#: g10/keyserver.c:1504
+#: g10/keyserver.c:1720
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "正在請求金鑰 %s 自 %s 伺服器 %s\n"
+
+#: g10/keyserver.c:1724
 #, c-format
 msgid "requesting key %s from %s\n"
 msgstr "正在請求金鑰 %s 自 %s\n"
 
-#: g10/keyserver.c:1619 g10/keyserver.c:1812
+#: g10/keyserver.c:1829 g10/keyserver.c:2008
 #, fuzzy, c-format
 #| msgid "invalid keyserver options\n"
 msgid "no keyserver known\n"
 msgstr "無效的金鑰伺服器選項\n"
 
-#: g10/keyserver.c:1634 g10/skclist.c:215 g10/skclist.c:243
+#: g10/keyserver.c:1844 g10/skclist.c:213 g10/skclist.c:241
 #, c-format
 msgid "skipped \"%s\": %s\n"
 msgstr "已跳過 \"%s\": %s\n"
 
-#: g10/keyserver.c:1638
+#: g10/keyserver.c:1848
 #, c-format
 msgid "sending key %s to %s\n"
 msgstr "遞送金鑰 %s 至 %s\n"
 
-#: g10/keyserver.c:1681
+#: g10/keyserver.c:1889
 #, c-format
 msgid "requesting key from '%s'\n"
 msgstr "正在向 '%s' 請求金鑰\n"
 
-#: g10/keyserver.c:1699
+#: g10/keyserver.c:1905
 #, c-format
 msgid "WARNING: unable to fetch URI %s: %s\n"
 msgstr "警告: 無法抓取 URI %s: %s\n"
 
-#: g10/mainproc.c:302
+#: g10/mainproc.c:275
 #, c-format
 msgid "weird size for an encrypted session key (%d)\n"
 msgstr "加密過的階段金鑰 (%d) 尺寸詭異\n"
 
-#: g10/mainproc.c:408
-#, c-format
-msgid "%s encrypted session key\n"
+#: g10/mainproc.c:378
+#, fuzzy, c-format
+#| msgid "%s encrypted session key\n"
+msgid "%s.%s encrypted session key\n"
 msgstr "%s 加密過的階段金鑰\n"
 
-#: g10/mainproc.c:422
+#: g10/mainproc.c:385
+#, fuzzy, c-format
+#| msgid "encrypted with unknown algorithm %d\n"
+msgid "encrypted with unknown algorithm %d.%s\n"
+msgstr "以 %d 未知演算法所加密\n"
+
+#: g10/mainproc.c:391
 #, c-format
 msgid "passphrase generated with unknown digest algorithm %d\n"
 msgstr "密語係以未知的 %d 摘要演算法所產生\n"
 
-#: g10/mainproc.c:523
+#: g10/mainproc.c:472
 #, c-format
 msgid "public key is %s\n"
 msgstr "公鑰為 %s\n"
 
-#: g10/mainproc.c:599
-#, c-format
-msgid "public key encrypted data: good DEK\n"
-msgstr "公鑰加密過的資料: 完好的 DEK\n"
-
-#: g10/mainproc.c:632
-#, c-format
-msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+#: g10/mainproc.c:524
+#, fuzzy, c-format
+#| msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgid "encrypted with %s key, ID %s, created %s\n"
 msgstr "已用 %u 位元長的 %s 金鑰,  ID %s, 建立於 %s 所加密\n"
 
-#: g10/mainproc.c:636 g10/pkclist.c:228
+#: g10/mainproc.c:528 g10/pkclist.c:231
 #, c-format
 msgid "      \"%s\"\n"
 msgstr "      \"%s\"\n"
 
-#: g10/mainproc.c:640
+#: g10/mainproc.c:532
 #, c-format
 msgid "encrypted with %s key, ID %s\n"
 msgstr "已用 %s 金鑰, ID %s 所加密\n"
 
-#: g10/mainproc.c:661
-#, c-format
-msgid "public key decryption failed: %s\n"
-msgstr "公鑰解密失敗: %s\n"
-
-#: g10/mainproc.c:686 g10/mainproc.c:1064
+#: g10/mainproc.c:552 g10/mainproc.c:935
 #, c-format
 msgid "WARNING: multiple plaintexts seen\n"
 msgstr "警告: 看到了多份明文\n"
 
-#: g10/mainproc.c:694
+#: g10/mainproc.c:560
 #, c-format
 msgid "encrypted with %lu passphrases\n"
 msgstr "已用 %lu 個密語加密了\n"
 
-#: g10/mainproc.c:696
+#: g10/mainproc.c:562
 #, c-format
 msgid "encrypted with 1 passphrase\n"
 msgstr "已用 1 個密語加密了\n"
 
-#: g10/mainproc.c:730 g10/mainproc.c:751
+#: g10/mainproc.c:577 g10/mainproc.c:602
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "公鑰解密失敗: %s\n"
+
+#: g10/mainproc.c:613
+#, c-format
+msgid "public key encrypted data: good DEK\n"
+msgstr "公鑰加密過的資料: 完好的 DEK\n"
+
+#: g10/mainproc.c:642 g10/mainproc.c:663
 #, c-format
 msgid "assuming %s encrypted data\n"
 msgstr "假定 %s 為加密過的資料\n"
 
-#: g10/mainproc.c:737
+#: g10/mainproc.c:649
 #, c-format
 msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
 msgstr "IDEA 編密法不可用, 我們樂觀地試著改以 %s 代替\n"
 
-#: g10/mainproc.c:839 g10/mainproc.c:883
+#: g10/mainproc.c:742 g10/mainproc.c:780
 #, c-format
 msgid "WARNING: message was not integrity protected\n"
 msgstr "警告: 訊息未受到完整的保護\n"
 
-#: g10/mainproc.c:850
+#: g10/mainproc.c:753
 msgid ""
 "Hint: If this message was created before the year 2003 it is\n"
 "likely that this message is legitimate.  This is because back\n"
 "then integrity protection was not widely used.\n"
 msgstr ""
 
-#: g10/mainproc.c:853
+#: g10/mainproc.c:756
 #, c-format
 msgid "Use the option '%s' to decrypt anyway.\n"
 msgstr ""
 
-#: g10/mainproc.c:858
+#: g10/mainproc.c:761
 #, fuzzy, c-format
 #| msgid "decryption failed: %s\n"
 msgid "decryption forced to fail!\n"
 msgstr "解密失敗: %s\n"
 
-#: g10/mainproc.c:870
+#: g10/mainproc.c:773
 #, c-format
 msgid "decryption okay\n"
 msgstr "解密成功\n"
 
-#: g10/mainproc.c:889
+#: g10/mainproc.c:786
 #, c-format
 msgid "WARNING: encrypted message has been manipulated!\n"
 msgstr "警告: 加密過的訊息已經被變造了!\n"
 
-#: g10/mainproc.c:914
+#: g10/mainproc.c:804
 #, c-format
 msgid "decryption failed: %s\n"
 msgstr "解密失敗: %s\n"
 
-#: g10/mainproc.c:980
+#: g10/mainproc.c:851
 #, c-format
 msgid "Note: sender requested \"for-your-eyes-only\"\n"
 msgstr "請注意: 寄件者要求了 \"只准你用眼睛看\"\n"
 
-#: g10/mainproc.c:987
+#: g10/mainproc.c:858
 #, c-format
 msgid "original file name='%.*s'\n"
 msgstr "原始的檔名 ='%.*s'\n"
 
-#: g10/mainproc.c:1242
+#: g10/mainproc.c:1135
 #, c-format
 msgid "standalone revocation - use \"gpg --import\" to apply\n"
 msgstr "獨立撤銷 - 請用 \"gpg --import\" 來套用\n"
 
-#: g10/mainproc.c:1546 g10/mainproc.c:1589
+#: g10/mainproc.c:1440 g10/mainproc.c:1483
 #, c-format
 msgid "no signature found\n"
 msgstr "找不到簽章\n"
 
-#: g10/mainproc.c:1946
+#: g10/mainproc.c:1763
 #, c-format
 msgid "BAD signature from \"%s\""
 msgstr "*損壞* 的簽章來自於 \"%s\""
 
-#: g10/mainproc.c:1948
+#: g10/mainproc.c:1765
 #, c-format
 msgid "Expired signature from \"%s\""
 msgstr "過期的簽章來自於 \"%s\""
 
-#: g10/mainproc.c:1950
+#: g10/mainproc.c:1767
 #, c-format
 msgid "Good signature from \"%s\""
 msgstr "完好的簽章來自於 \"%s\""
 
-#: g10/mainproc.c:1970
+#: g10/mainproc.c:1789
 #, c-format
 msgid "signature verification suppressed\n"
 msgstr "簽章驗證已抑制\n"
 
-#: g10/mainproc.c:2079
+#: g10/mainproc.c:1903
 #, c-format
 msgid "can't handle this ambiguous signature data\n"
 msgstr "無法處理這個不明確的簽章資料\n"
 
-#: g10/mainproc.c:2095 g10/mainproc.c:2102
+#: g10/mainproc.c:1919 g10/mainproc.c:1926
 #, c-format
 msgid "Signature made %s\n"
 msgstr "由 %s 建立的簽章\n"
 
-#: g10/mainproc.c:2096 g10/mainproc.c:2103 sm/verify.c:476
+#: g10/mainproc.c:1920 g10/mainproc.c:1927 sm/verify.c:480
 #, c-format
 msgid "               using %s key %s\n"
 msgstr "               使用 %s 金鑰 %s\n"
 
-#: g10/mainproc.c:2107
+#: g10/mainproc.c:1931
 #, c-format
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "由 %s 建立的簽章, 使用 %s 金鑰 ID %s\n"
 
-#: g10/mainproc.c:2113
+#: g10/mainproc.c:1937
 #, fuzzy, c-format
 #| msgid "                aka \"%s\""
 msgid "               issuer \"%s\"\n"
 msgstr "                亦即 \"%s\""
 
-#: g10/mainproc.c:2164
+#: g10/mainproc.c:1992
 #, c-format
 msgid "Key available at: "
 msgstr "可用的金鑰於: "
 
-#: g10/mainproc.c:2206
+#: g10/mainproc.c:2033
 #, c-format
 msgid "Note: Use '%s' to make use of this info\n"
 msgstr ""
 
-#: g10/mainproc.c:2422
+#: g10/mainproc.c:2231
 msgid "[uncertain]"
 msgstr "[ 不確定 ]"
 
-#: g10/mainproc.c:2460
+#: g10/mainproc.c:2269
 #, c-format
 msgid "                aka \"%s\""
 msgstr "                亦即 \"%s\""
 
-#: g10/mainproc.c:2535
+#: g10/mainproc.c:2344
 #, fuzzy, c-format
 #| msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
 msgstr "警告: 這把金鑰並非以受信任的簽章所認證!\n"
 
-#: g10/mainproc.c:2553
+#: g10/mainproc.c:2360
 #, c-format
 msgid "Signature expired %s\n"
 msgstr "這份簽署已經在 %s 過期了\n"
 
-#: g10/mainproc.c:2557
+#: g10/mainproc.c:2365
 #, c-format
 msgid "Signature expires %s\n"
 msgstr "這份簽署將在 %s 到期\n"
 
-#: g10/mainproc.c:2568
+#: g10/mainproc.c:2376
 #, c-format
 msgid "%s signature, digest algorithm %s%s%s\n"
 msgstr "%s 簽章, 摘要演算法 %s%s%s\n"
 
-#: g10/mainproc.c:2569
+#: g10/mainproc.c:2377
 msgid "binary"
 msgstr "二進制"
 
-#: g10/mainproc.c:2570
+#: g10/mainproc.c:2378
 msgid "textmode"
 msgstr "文字模式"
 
-#: g10/mainproc.c:2570 g10/trust.c:112 dirmngr/ocsp.c:795
+#: g10/mainproc.c:2378 g10/trust.c:123 dirmngr/ocsp.c:792
 msgid "unknown"
 msgstr "未知"
 
-#: g10/mainproc.c:2572
+#: g10/mainproc.c:2380
 msgid ", key algorithm "
 msgstr ", 金鑰演算法 "
 
-#: g10/mainproc.c:2607
+#: g10/mainproc.c:2415
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
 msgstr ""
 
-#: g10/mainproc.c:2654
+#: g10/mainproc.c:2454
 #, c-format
 msgid "Can't check signature: %s\n"
 msgstr "無法檢查簽章: %s\n"
 
-#: g10/mainproc.c:2750 g10/mainproc.c:2769 g10/mainproc.c:2893
+#: g10/mainproc.c:2550 g10/mainproc.c:2569 g10/mainproc.c:2693
 #, c-format
 msgid "not a detached signature\n"
 msgstr "不是一份分離的簽章\n"
 
-#: g10/mainproc.c:2803
+#: g10/mainproc.c:2603
 #, c-format
 msgid ""
 "WARNING: multiple signatures detected.  Only the first will be checked.\n"
 msgstr "警告: 偵測到多重簽章. 祇有第一個簽章纔會被核選.\n"
 
-#: g10/mainproc.c:2812
+#: g10/mainproc.c:2612
 #, c-format
 msgid "standalone signature of class 0x%02x\n"
 msgstr "等級 0x%02x 的獨立簽章\n"
 
-#: g10/mainproc.c:2897
+#: g10/mainproc.c:2697
 #, c-format
 msgid "old style (PGP 2.x) signature\n"
 msgstr "舊型 (PGP 2.x) 簽章\n"
 
-#: g10/misc.c:106 g10/misc.c:136 g10/misc.c:212
+#: g10/misc.c:107 g10/misc.c:137 g10/misc.c:213
 #, c-format
 msgid "fstat of '%s' failed in %s: %s\n"
 msgstr "'%s' 的 fstat 失敗於 %s: %s\n"
 
-#: g10/misc.c:175
+#: g10/misc.c:176
 #, c-format
 msgid "fstat(%d) failed in %s: %s\n"
 msgstr "fstat(%d) 失敗於 %s: %s\n"
 
-#: g10/misc.c:284
+#: g10/misc.c:304
 #, c-format
 msgid "WARNING: using experimental public key algorithm %s\n"
 msgstr "警告: 正在使用實驗性的 %s 公鑰演算法\n"
 
-#: g10/misc.c:291
+#: g10/misc.c:311
 #, c-format
 msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
 msgstr "警告: 已不建議使用 Elgamal 簽署暨加密金鑰\n"
 
-#: g10/misc.c:305
+#: g10/misc.c:325
 #, c-format
 msgid "WARNING: using experimental cipher algorithm %s\n"
 msgstr "警告: 正在使用實驗性的 %s 編密演算法\n"
 
-#: g10/misc.c:323
+#: g10/misc.c:343
 #, c-format
 msgid "WARNING: using experimental digest algorithm %s\n"
 msgstr "警告: 正在使用實驗性的 %s 摘要演算法\n"
 
-#: g10/misc.c:331
+#: g10/misc.c:351
 #, c-format
 msgid "WARNING: digest algorithm %s is deprecated\n"
 msgstr "警告: 已不建議使用 %s 摘要演算法\n"
 
-#: g10/misc.c:360
+#: g10/misc.c:380
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
 msgstr "請注意: 採用 %s 演算法的簽章已遭駁回\n"
 
-#: g10/misc.c:376
+#: g10/misc.c:396
 #, fuzzy, c-format
 #| msgid "Note: signatures using the %s algorithm are rejected\n"
 msgid "Note: third-party key signatures using the %s algorithm are rejected\n"
 msgstr "請注意: 採用 %s 演算法的簽章已遭駁回\n"
 
-#: g10/misc.c:400
+#: g10/misc.c:421
 #, fuzzy, c-format
 #| msgid "%s:%u: read error: %s\n"
 msgid "(reported error: %s)\n"
 msgstr "%s:%u: 讀取錯誤: %s\n"
 
-#: g10/misc.c:403
+#: g10/misc.c:424
 #, fuzzy, c-format
 #| msgid "read error in '%s': %s\n"
 msgid "(reported error: %s <%s>)\n"
 msgstr "'%s' 讀取錯誤: %s\n"
 
-#: g10/misc.c:422
+#: g10/misc.c:443
 #, c-format
 msgid "(further info: "
 msgstr ""
 
-#: g10/misc.c:1189
+#: g10/misc.c:1171
 #, c-format
 msgid "%s:%d: deprecated option \"%s\"\n"
 msgstr "%s:%d: 不建議使用的選項 \"%s\"\n"
 
-#: g10/misc.c:1193
+#: g10/misc.c:1175
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated option\n"
 msgstr "警告: 已不建議使用 \"%s\" 選項\n"
 
-#: g10/misc.c:1195
+#: g10/misc.c:1177
 #, c-format
 msgid "please use \"%s%s\" instead\n"
 msgstr "請改以 \"%s%s\" 代替\n"
 
-#: g10/misc.c:1202
+#: g10/misc.c:1184
 #, c-format
 msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
 msgstr "警告: \"%s\" 是個棄而不顧的指令 - 別再用了\n"
 
-#: g10/misc.c:1212
+#: g10/misc.c:1194
 #, c-format
 msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
 msgstr "%s:%u: 此檔案內的 \"%s\" 已廢棄 - 僅對 %s 有影響\n"
 
-#: g10/misc.c:1216
+#: g10/misc.c:1198
 #, c-format
 msgid ""
 "WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
 msgstr "警告: \"%s%s\" 是已廢棄的選項 - 除了對 %s 之外沒有效果\n"
 
-#: g10/misc.c:1280
+#: g10/misc.c:1295
 msgid "Uncompressed"
 msgstr "未壓縮"
 
 #. TRANSLATORS: See doc/TRANSLATE about this string.
-#: g10/misc.c:1305
+#: g10/misc.c:1320
 msgid "uncompressed|none"
 msgstr "uncompressed|none|未壓縮|無"
 
-#: g10/misc.c:1410 sm/decrypt.c:1035 sm/encrypt.c:541 sm/verify.c:522
-#, c-format
-msgid "operation forced to fail due to unfulfilled compliance rules\n"
-msgstr ""
-
-#: g10/misc.c:1416
+#: g10/misc.c:1435
 #, c-format
 msgid "this message may not be usable by %s\n"
 msgstr "這個訊息對 %s 來說無法使用\n"
 
-#: g10/misc.c:1591
+#: g10/misc.c:1612
 #, c-format
 msgid "ambiguous option '%s'\n"
 msgstr "不明確的選項 '%s'\n"
 
-#: g10/misc.c:1616
+#: g10/misc.c:1637
 #, c-format
 msgid "unknown option '%s'\n"
 msgstr "未知的選項 '%s'\n"
 
-#: g10/misc.c:1854
+#: g10/misc.c:1875
 #, c-format
 msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n"
 msgstr "ECDSA 公鑰應該要是 8 位元倍數的 SEC 編碼\n"
 
-#: g10/misc.c:1876
+#: g10/misc.c:1897
 #, fuzzy, c-format
 #| msgid "Unknown signature type '%s'\n"
 msgid "unknown weak digest '%s'\n"
@@ -6429,87 +6383,76 @@ msgstr "%s: 未知的副檔名\n"
 msgid "Enter new filename"
 msgstr "請輸入新的檔名"
 
-#: g10/openfile.c:212
+#: g10/openfile.c:214
 #, c-format
 msgid "writing to stdout\n"
 msgstr "寫到標準輸出中\n"
 
-#: g10/openfile.c:360
+#: g10/openfile.c:362
 #, c-format
 msgid "assuming signed data in '%s'\n"
 msgstr "假設被簽署的資料在 '%s'\n"
 
-#: g10/parse-packet.c:378
+#: g10/parse-packet.c:357
 #, c-format
 msgid "can't handle public key algorithm %d\n"
 msgstr "無法操作 %d 公開金鑰演算法\n"
 
-#: g10/parse-packet.c:1320
+#: g10/parse-packet.c:1299
 #, c-format
 msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
 msgstr "警告: 可能並不安全的對稱式加密階段金鑰\n"
 
-#: g10/parse-packet.c:1797
+#: g10/parse-packet.c:1818
 #, fuzzy, c-format
 #| msgid "Critical signature notation: "
 msgid "Unknown critical signature notation: "
 msgstr "關鍵簽章註記: "
 
-#: g10/parse-packet.c:1922
+#: g10/parse-packet.c:1946
 #, c-format
 msgid "subpacket of type %d has critical bit set\n"
 msgstr "%d 類別的子封包設定了關鍵位元\n"
 
-#: g10/passphrase.c:73 g10/passphrase.c:283 g10/passphrase.c:316
-#, c-format
-msgid "problem with the agent: %s\n"
-msgstr "代理程式的問題: %s\n"
-
-#: g10/passphrase.c:251 sm/decrypt.c:341
-#, fuzzy
-#| msgid "Please enter the new passphrase"
-msgid "Please enter the passphrase for decryption."
-msgstr "請輸入新的密語"
-
-#: g10/passphrase.c:253
+#: g10/passphrase.c:208
 msgid "Enter passphrase\n"
 msgstr "請輸入密語\n"
 
-#: g10/passphrase.c:277
+#: g10/passphrase.c:219
 #, c-format
 msgid "cancelled by user\n"
 msgstr "由使用者所取消\n"
 
-#: g10/passphrase.c:523
+#: g10/passphrase.c:460
 #, c-format
 msgid " (main key ID %s)"
 msgstr " (主要金鑰 ID %s)"
 
-#: g10/passphrase.c:530
+#: g10/passphrase.c:467
 msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
 msgstr "請輸入密語來解鎖 OpenPGP 私鑰:"
 
-#: g10/passphrase.c:534
+#: g10/passphrase.c:471
 msgid "Please enter the passphrase to import the OpenPGP secret key:"
 msgstr "請輸入密語來匯入 OpenPGP 私鑰:"
 
-#: g10/passphrase.c:539
+#: g10/passphrase.c:476
 msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
 msgstr "請輸入密語來匯出 OpenPGP 私子鑰:"
 
-#: g10/passphrase.c:542
+#: g10/passphrase.c:479
 msgid "Please enter the passphrase to export the OpenPGP secret key:"
 msgstr "請輸入密語來匯出 OpenPGP 私鑰:"
 
-#: g10/passphrase.c:547
+#: g10/passphrase.c:484
 msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
 msgstr "你是否真的想要永久刪除 OpenPGP 私鑰子鑰:"
 
-#: g10/passphrase.c:550
+#: g10/passphrase.c:487
 msgid "Do you really want to permanently delete the OpenPGP secret key:"
 msgstr "你是否真的想要永久刪除 OpenPGP 私鑰:"
 
-#: g10/passphrase.c:559
+#: g10/passphrase.c:496
 #, c-format
 msgid ""
 "%s\n"
@@ -6524,7 +6467,7 @@ msgstr ""
 "建立於 %s%s.\n"
 "%s"
 
-#: g10/photoid.c:77
+#: g10/photoid.c:78
 msgid ""
 "\n"
 "Pick an image to use for your photo ID.  The image must be a JPEG file.\n"
@@ -6538,95 +6481,136 @@ msgstr ""
 "你的金鑰也會變成非常地大!\n"
 "盡量把圖片尺寸控制在 240x288 左右, 會是個非常理想的大小.\n"
 
-#: g10/photoid.c:99
+#: g10/photoid.c:100
 msgid "Enter JPEG filename for photo ID: "
 msgstr "輸入要當作照片 ID 的 JPEG 檔名: "
 
-#: g10/photoid.c:120
+#: g10/photoid.c:121
 #, c-format
 msgid "unable to open JPEG file '%s': %s\n"
 msgstr "無法開啟 JPEG 圖檔 '%s': %s\n"
 
-#: g10/photoid.c:131
+#: g10/photoid.c:132
 #, c-format
 msgid "This JPEG is really large (%d bytes) !\n"
 msgstr "這個 JPEG 檔案真的很大 (%d 位元組) !\n"
 
-#: g10/photoid.c:133
+#: g10/photoid.c:134
 msgid "Are you sure you want to use it? (y/N) "
 msgstr "你確定要用它嗎? (y/N) "
 
-#: g10/photoid.c:149
+#: g10/photoid.c:150
 #, c-format
 msgid "'%s' is not a JPEG file\n"
 msgstr "'%s' 不是 JPEG 圖檔\n"
 
-#: g10/photoid.c:168
+#: g10/photoid.c:169
 msgid "Is this photo correct (y/N/q)? "
 msgstr "這張照片正確嗎? (y/N/q) "
 
-#: g10/photoid.c:399
+#: g10/photoid.c:314
 #, c-format
-msgid "unable to display photo ID!\n"
-msgstr "無法顯示照片 ID!\n"
+msgid "no remote program execution supported\n"
+msgstr "沒有支援的遠端程式執行\n"
 
-#  a string with valid answers
-#. TRANSLATORS: These are the allowed answers in lower and
-#. uppercase.  Below you will find the matching strings which
-#. should be translated accordingly and the letter changed to
-#. match the one in the answer string.
-#.
-#. i = please show me more information
-#. m = back to the main menu
+#: g10/photoid.c:486
+#, c-format
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "在這個作業平台上叫用外部程式時需要暫存檔\n"
+
+#: g10/photoid.c:506
+#, c-format
+msgid "unable to execute shell '%s': %s\n"
+msgstr "無法執行 shell '%s': %s\n"
+
+#: g10/photoid.c:517 g10/photoid.c:594
+#, c-format
+msgid "unnatural exit of external program\n"
+msgstr "外部程式不自然地離開\n"
+
+#: g10/photoid.c:582
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "叫用外部程式時發生系統錯誤: %s\n"
+
+#: g10/photoid.c:600
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) '%s': %s\n"
+msgstr "警告: 無法移除暫存檔 (%s) '%s': %s\n"
+
+#: g10/photoid.c:604
+#, c-format
+msgid "WARNING: unable to remove temp directory '%s': %s\n"
+msgstr "警告: 無法移除暫存目錄 '%s': %s\n"
+
+#: g10/photoid.c:635
+#, c-format
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr "因為不安全的檔案權限選項, 而禁用了外部程式叫用\n"
+
+#: g10/photoid.c:715
+#, c-format
+msgid "unable to display photo ID!\n"
+msgstr "無法顯示照片 ID!\n"
+
+#  a string with valid answers
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase.  Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
 #. s = skip this key
 #. q = quit
 #.
-#: g10/pkclist.c:216
+#: g10/pkclist.c:219
 msgid "iImMqQsS"
 msgstr "iImMqQsS"
 
-#: g10/pkclist.c:224
+#: g10/pkclist.c:227
 msgid "No trust value assigned to:\n"
 msgstr "下列項目沒有對應的信任值:\n"
 
-#: g10/pkclist.c:257
+#: g10/pkclist.c:260
 #, c-format
 msgid "  aka \"%s\"\n"
 msgstr "  亦即 \"%s\"\n"
 
-#: g10/pkclist.c:267
+#: g10/pkclist.c:270
 msgid ""
 "How much do you trust that this key actually belongs to the named user?\n"
 msgstr "你有多信任這把金鑰真的屬於叫這個名字的使用者?\n"
 
-#: g10/pkclist.c:282
+#: g10/pkclist.c:285
 #, c-format
 msgid "  %d = I don't know or won't say\n"
 msgstr "  %d = 我不知道或不想說\n"
 
-#: g10/pkclist.c:284
+#: g10/pkclist.c:287
 #, c-format
 msgid "  %d = I do NOT trust\n"
 msgstr "  %d = 我*不*信任\n"
 
-#: g10/pkclist.c:290
+#: g10/pkclist.c:293
 #, c-format
 msgid "  %d = I trust ultimately\n"
 msgstr "  %d = 我徹底信任\n"
 
-#: g10/pkclist.c:296
+#: g10/pkclist.c:299
 msgid "  m = back to the main menu\n"
 msgstr "  m = 回到主選單\n"
 
-#: g10/pkclist.c:299
+#: g10/pkclist.c:302
 msgid "  s = skip this key\n"
 msgstr "  s = 跳過這把金鑰\n"
 
-#: g10/pkclist.c:300
+#: g10/pkclist.c:303
 msgid "  q = quit\n"
 msgstr "  q = 離開\n"
 
-#: g10/pkclist.c:304
+#: g10/pkclist.c:307
 #, c-format
 msgid ""
 "The minimum trust level for this key is: %s\n"
@@ -6635,45 +6619,45 @@ msgstr ""
 "這把金鑰的最小信任等級為: %s\n"
 "\n"
 
-#: g10/pkclist.c:310 g10/revoke.c:805
+#: g10/pkclist.c:313 g10/revoke.c:803
 msgid "Your decision? "
 msgstr "你的決定是甚麼? "
 
-#: g10/pkclist.c:331
+#: g10/pkclist.c:334
 msgid "Do you really want to set this key to ultimate trust? (y/N) "
 msgstr "請問你是否真的想把這把金鑰設成徹底信任呢? (y/N) "
 
-#: g10/pkclist.c:345
+#: g10/pkclist.c:348
 msgid "Certificates leading to an ultimately trusted key:\n"
 msgstr "被徹底信任金鑰的憑證:\n"
 
-#: g10/pkclist.c:434
+#: g10/pkclist.c:437
 #, c-format
 msgid "%s: There is no assurance this key belongs to the named user\n"
 msgstr "%s: 沒法保證這把金鑰真的屬於叫這個名字的使用者\n"
 
-#: g10/pkclist.c:439
+#: g10/pkclist.c:442
 #, c-format
 msgid "%s: There is limited assurance this key belongs to the named user\n"
 msgstr "%s: 祇能有限的保證這把金鑰真的屬於叫這個名字的使用者\n"
 
-#: g10/pkclist.c:445
+#: g10/pkclist.c:448
 #, c-format
 msgid "This key probably belongs to the named user\n"
 msgstr "這把金鑰很可能屬於叫這個名字的使用者\n"
 
-#: g10/pkclist.c:450
+#: g10/pkclist.c:453
 #, c-format
 msgid "This key belongs to us\n"
 msgstr "這把金鑰是屬於我們自己的\n"
 
-#: g10/pkclist.c:456
+#: g10/pkclist.c:459
 #, fuzzy, c-format
 #| msgid "root certificate has now been marked as trusted\n"
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
 msgstr "根憑證現在已標記為已信任\n"
 
-#: g10/pkclist.c:484
+#: g10/pkclist.c:487
 #, fuzzy
 #| msgid ""
 #| "It is NOT certain that the key belongs to the person named\n"
@@ -6688,7 +6672,7 @@ msgstr ""
 "除非你 **真的** 知道自己在做甚麼,\n"
 "否則你最好在下一個問題回答 no\n"
 
-#: g10/pkclist.c:489
+#: g10/pkclist.c:492
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
 "in the user ID.  If you *really* know what you are doing,\n"
@@ -6698,144 +6682,163 @@ msgstr ""
 "除非你 **真的** 知道自己在做甚麼,\n"
 "否則你最好在下一個問題回答 no\n"
 
-#: g10/pkclist.c:508
+#: g10/pkclist.c:511
 msgid "Use this key anyway? (y/N) "
 msgstr "無論如何還是使用這把金鑰嗎? (y/N) "
 
-#: g10/pkclist.c:562
+#: g10/pkclist.c:589
 #, c-format
 msgid "WARNING: Using untrusted key!\n"
 msgstr "警告: 正在使用不被信任的金鑰!\n"
 
-#: g10/pkclist.c:569
+#: g10/pkclist.c:600
 #, c-format
 msgid "WARNING: this key might be revoked (revocation key not present)\n"
 msgstr "警告: 這把金鑰可能已撤銷 (撤銷金鑰未出現)\n"
 
-#: g10/pkclist.c:578
+#: g10/pkclist.c:669
+#, fuzzy, c-format
+#| msgid "user ID: \"%s\"\n"
+msgid "checking User ID \"%s\"\n"
+msgstr "使用者 ID: \"%s\"\n"
+
+#: g10/pkclist.c:681
+#, fuzzy, c-format
+#| msgid "line %d: invalid date given\n"
+msgid "option %s given but issuer \"%s\" does not match\n"
+msgstr "第 %d 列: 無效的給定日期\n"
+
+#: g10/pkclist.c:684
+#, fuzzy, c-format
+#| msgid "key %s: doesn't match our copy\n"
+msgid "issuer \"%s\" does not match any User ID\n"
+msgstr "金鑰 %s: 跟我們的副本不吻合\n"
+
+#: g10/pkclist.c:687
+#, fuzzy, c-format
+#| msgid "line %d: invalid date given\n"
+msgid "option %s given but no matching User ID found\n"
+msgstr "第 %d 列: 無效的給定日期\n"
+
+#: g10/pkclist.c:696
 #, c-format
 msgid "WARNING: This key has been revoked by its designated revoker!\n"
 msgstr "警告: 這把金鑰已被指定撤銷者所撤銷!\n"
 
-#: g10/pkclist.c:581
+#: g10/pkclist.c:699
 #, c-format
 msgid "WARNING: This key has been revoked by its owner!\n"
 msgstr "警告: 這把金鑰已被其持有人所撤銷!\n"
 
-#: g10/pkclist.c:582
+#: g10/pkclist.c:700
 #, c-format
 msgid "         This could mean that the signature is forged.\n"
 msgstr "         這很有可能表示此簽章是偽造的.\n"
 
-#: g10/pkclist.c:588
+#: g10/pkclist.c:706
 #, c-format
 msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "警告: 這把子鑰已被其持有人所撤銷!\n"
 
-#: g10/pkclist.c:593
+#: g10/pkclist.c:711
 #, c-format
 msgid "Note: This key has been disabled.\n"
 msgstr "請注意: 這把金鑰已停用.\n"
 
-#: g10/pkclist.c:613
-#, c-format
-msgid "Note: Verified signer's address is '%s'\n"
-msgstr "請注意: 已驗證的簽署者地址為 '%s'\n"
-
-#: g10/pkclist.c:620
-#, c-format
-msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "請注意: 簽署者地址 '%s' 與 DNS 項目並不吻合\n"
-
-#: g10/pkclist.c:632
-#, c-format
-msgid "trustlevel adjusted to FULL due to valid PKA info\n"
-msgstr "信任等級因有效的 PKA 資訊而調整為 *完全*\n"
-
-#: g10/pkclist.c:640
-#, c-format
-msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
-msgstr "信任等級因不良的 PKA 資訊而調整為 *永遠不會*\n"
-
-#: g10/pkclist.c:651
+#: g10/pkclist.c:717
 #, c-format
 msgid "Note: This key has expired!\n"
 msgstr "請注意: 這把金鑰已經過期了!\n"
 
-#: g10/pkclist.c:662
+#: g10/pkclist.c:729
+#, fuzzy, c-format
+#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgid "WARNING: The key's User ID is not certified with a trusted signature!\n"
+msgstr "警告: 這把金鑰並非以受信任的簽章所認證!\n"
+
+#: g10/pkclist.c:732
 #, c-format
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "警告: 這把金鑰並非以受信任的簽章所認證!\n"
 
-#: g10/pkclist.c:664
+#: g10/pkclist.c:734
 #, c-format
 msgid ""
 "         There is no indication that the signature belongs to the owner.\n"
 msgstr "         沒有證據指出這個簽章屬於這個持有者.\n"
 
-#: g10/pkclist.c:673
+#: g10/pkclist.c:743
 #, c-format
 msgid "WARNING: We do NOT trust this key!\n"
 msgstr "警告: 我們 *不* 信任這把金鑰!\n"
 
-#: g10/pkclist.c:674
+#: g10/pkclist.c:744
 #, c-format
 msgid "         The signature is probably a FORGERY.\n"
 msgstr "         這個簽章很有可能是 *偽造的*.\n"
 
-#: g10/pkclist.c:682
+#: g10/pkclist.c:753
+#, fuzzy, c-format
+#| msgid ""
+#| "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: The key's User ID is not certified with sufficiently trusted "
+"signatures!\n"
+msgstr "警告: 這把金鑰並非以足夠信任的簽章所認證!\n"
+
+#: g10/pkclist.c:756
 #, c-format
 msgid ""
 "WARNING: This key is not certified with sufficiently trusted signatures!\n"
 msgstr "警告: 這把金鑰並非以足夠信任的簽章所認證!\n"
 
-#: g10/pkclist.c:684
+#: g10/pkclist.c:758
 #, c-format
 msgid "         It is not certain that the signature belongs to the owner.\n"
 msgstr "         這份簽章並不屬於這個持有者\n"
 
-#: g10/pkclist.c:844 g10/pkclist.c:863 g10/pkclist.c:1049 g10/pkclist.c:1091
+#: g10/pkclist.c:868 g10/pkclist.c:887 g10/pkclist.c:1073 g10/pkclist.c:1115
 #, c-format
 msgid "%s: skipped: %s\n"
 msgstr "%s: 已跳過: %s\n"
 
-#: g10/pkclist.c:879
+#: g10/pkclist.c:903
 #, c-format
 msgid "%s: skipped: public key is disabled\n"
 msgstr "%s: 已跳過: 公鑰已停用\n"
 
-#: g10/pkclist.c:898 g10/pkclist.c:1062
+#: g10/pkclist.c:922 g10/pkclist.c:1086
 #, c-format
 msgid "%s: skipped: public key already present\n"
 msgstr "%s: 已跳過: 公鑰已存在\n"
 
-#: g10/pkclist.c:986
+#: g10/pkclist.c:1010
 #, fuzzy, c-format
 #| msgid "can't connect to '%s': %s\n"
 msgid "can't encrypt to '%s'\n"
 msgstr "無法連接至 '%s': %s\n"
 
-#: g10/pkclist.c:1001
+#: g10/pkclist.c:1025
 #, fuzzy, c-format
 #| msgid "line %d: invalid date given\n"
 msgid "option '%s' given, but no valid default keys given\n"
 msgstr "第 %d 列: 無效的給定日期\n"
 
-#: g10/pkclist.c:1008
+#: g10/pkclist.c:1032
 #, fuzzy, c-format
 #| msgid "line %d: invalid date given\n"
 msgid "option '%s' given, but option '%s' not given\n"
 msgstr "第 %d 列: 無效的給定日期\n"
 
-#: g10/pkclist.c:1111
+#: g10/pkclist.c:1135
 msgid "You did not specify a user ID. (you may use \"-r\")\n"
 msgstr "你沒有指定使用者 ID. (你可能得用 \"-r\")\n"
 
-#: g10/pkclist.c:1135
+#: g10/pkclist.c:1159
 msgid "Current recipients:\n"
 msgstr "目前的收件者:\n"
 
-#: g10/pkclist.c:1161
+#: g10/pkclist.c:1185
 msgid ""
 "\n"
 "Enter the user ID.  End with an empty line: "
@@ -6843,40 +6846,40 @@ msgstr ""
 "\n"
 "請輸入使用者 ID. 以空白列結束: "
 
-#: g10/pkclist.c:1186
+#: g10/pkclist.c:1210
 msgid "No such user ID.\n"
 msgstr "沒有這個使用者 ID.\n"
 
-#: g10/pkclist.c:1197 g10/pkclist.c:1275
+#: g10/pkclist.c:1221 g10/pkclist.c:1299
 #, c-format
 msgid "skipped: public key already set as default recipient\n"
 msgstr "已跳過: 公鑰已經被設成預設收件者\n"
 
-#: g10/pkclist.c:1219
+#: g10/pkclist.c:1243
 msgid "Public key is disabled.\n"
 msgstr "公鑰已停用.\n"
 
-#: g10/pkclist.c:1229
+#: g10/pkclist.c:1253
 #, c-format
 msgid "skipped: public key already set\n"
 msgstr "已跳過: 公鑰已設過\n"
 
-#: g10/pkclist.c:1265
+#: g10/pkclist.c:1289
 #, c-format
 msgid "unknown default recipient \"%s\"\n"
 msgstr "未知的預設收件者 \"%s\"\n"
 
-#: g10/pkclist.c:1314
+#: g10/pkclist.c:1338
 #, c-format
 msgid "no valid addressees\n"
 msgstr "沒有有效的地址\n"
 
-#: g10/pkclist.c:1685
+#: g10/pkclist.c:1735
 #, c-format
 msgid "Note: key %s has no %s feature\n"
 msgstr "請注意: 金鑰 %s 沒有 %s 功能\n"
 
-#: g10/pkclist.c:1710
+#: g10/pkclist.c:1760
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
 msgstr "警告: 金鑰 %s 沒有 %s 的偏好設定\n"
@@ -6886,77 +6889,83 @@ msgstr "警告: 金鑰 %s 沒有 %s 的偏好設定\n"
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr "資料未被儲存; 請用 \"--output\" 選項來儲存\n"
 
-#: g10/plaintext.c:615
+#: g10/plaintext.c:576
 msgid "Detached signature.\n"
 msgstr "分離的簽章.\n"
 
-#: g10/plaintext.c:623
+#: g10/plaintext.c:584
 msgid "Please enter name of data file: "
 msgstr "請輸入資料檔的名稱: "
 
-#: g10/plaintext.c:660
+#: g10/plaintext.c:621
 #, c-format
 msgid "reading stdin ...\n"
 msgstr "正在讀取標準輸入中 ...\n"
 
-#: g10/plaintext.c:705
+#: g10/plaintext.c:666
 #, c-format
 msgid "no signed data\n"
 msgstr "沒有被簽署過的資料\n"
 
-#: g10/plaintext.c:723
+#: g10/plaintext.c:684
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "無法開啟被簽署過的資料 '%s'\n"
 
-#: g10/plaintext.c:758
+#: g10/plaintext.c:719
 #, c-format
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "無法開啟被簽署過的資料 fd=%d: %s\n"
 
-#: g10/pubkey-enc.c:98 g10/pubkey-enc.c:139 sm/decrypt.c:969
+#: g10/pubkey-enc.c:99 sm/decrypt.c:879
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
 msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "憑證無法用於加密\n"
 
-#: g10/pubkey-enc.c:131
+#: g10/pubkey-enc.c:139
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
 msgstr "匿名收件者; 正在嘗試使用私鑰 %s ...\n"
 
-#: g10/pubkey-enc.c:150
+#: g10/pubkey-enc.c:146 g10/pubkey-enc.c:159
+#, fuzzy, c-format
+#| msgid "certificate is not usable for encryption\n"
+msgid "used key is not marked for encryption use.\n"
+msgstr "憑證無法用於加密\n"
+
+#: g10/pubkey-enc.c:157
 #, c-format
 msgid "okay, we are the anonymous recipient.\n"
 msgstr "很好, 我們就是匿名收件者.\n"
 
-#: g10/pubkey-enc.c:311
+#: g10/pubkey-enc.c:327
 #, c-format
 msgid "old encoding of the DEK is not supported\n"
 msgstr "不支援舊式的 DEK 編碼\n"
 
-#: g10/pubkey-enc.c:339
+#: g10/pubkey-enc.c:355
 #, c-format
 msgid "cipher algorithm %d%s is unknown or disabled\n"
 msgstr "%d%s 編密演算法未知或已停用\n"
 
-#: g10/pubkey-enc.c:383
+#: g10/pubkey-enc.c:399
 #, c-format
 msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
 msgstr "警告: 收件者偏好設定中找不到 %s 編密演算法\n"
 
-#: g10/pubkey-enc.c:416
+#: g10/pubkey-enc.c:432
 #, c-format
 msgid "Note: secret key %s expired at %s\n"
 msgstr "請注意: 私鑰 %s 已於 %s 過期\n"
 
-#: g10/pubkey-enc.c:423
+#: g10/pubkey-enc.c:439
 #, c-format
 msgid "Note: key has been revoked"
 msgstr "請注意: 金鑰已撤銷"
 
 #: g10/revoke.c:100 g10/revoke.c:126 g10/revoke.c:172 g10/revoke.c:184
-#: g10/revoke.c:500
+#: g10/revoke.c:502
 #, c-format
 msgid "build_packet failed: %s\n"
 msgstr "build_packet 失敗: %s\n"
@@ -6974,46 +6983,46 @@ msgstr "將被撤銷:\n"
 msgid "(This is a sensitive revocation key)\n"
 msgstr "(這是把機密的撤銷金鑰)\n"
 
-#: g10/revoke.c:321
+#: g10/revoke.c:320
 #, fuzzy
 #| msgid "Secret key is available.\n"
 msgid "Secret key is not available.\n"
 msgstr "私鑰可用.\n"
 
-#: g10/revoke.c:326
+#: g10/revoke.c:325
 msgid "Create a designated revocation certificate for this key? (y/N) "
 msgstr "要為這把金鑰建立一份指定撤銷憑證嗎? (y/N) "
 
-#: g10/revoke.c:335 g10/revoke.c:746
+#: g10/revoke.c:334 g10/revoke.c:744
 msgid "ASCII armored output forced.\n"
 msgstr "已強迫使用 ASCII 封裝過的輸出.\n"
 
-#: g10/revoke.c:351 g10/revoke.c:479
+#: g10/revoke.c:350 g10/revoke.c:481
 #, c-format
 msgid "make_keysig_packet failed: %s\n"
 msgstr "make_keysig_packet 失敗: %s\n"
 
-#: g10/revoke.c:414
+#: g10/revoke.c:416
 msgid "Revocation certificate created.\n"
 msgstr "已建立撤銷憑證.\n"
 
-#: g10/revoke.c:420
+#: g10/revoke.c:422
 #, c-format
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "沒有找到 \"%s\" 用的撤銷金鑰\n"
 
-#: g10/revoke.c:565
+#: g10/revoke.c:567
 msgid "This is a revocation certificate for the OpenPGP key:"
 msgstr "這把 OpenPGP 金鑰有一份撤銷憑證."
 
-#: g10/revoke.c:581
+#: g10/revoke.c:583
 msgid ""
 "A revocation certificate is a kind of \"kill switch\" to publicly\n"
 "declare that a key shall not anymore be used.  It is not possible\n"
 "to retract such a revocation certificate once it has been published."
 msgstr ""
 
-#: g10/revoke.c:584
+#: g10/revoke.c:586
 #, fuzzy
 #| msgid ""
 #| "Use it to revoke this key in case of a compromise or loss of\n"
@@ -7032,7 +7041,7 @@ msgstr ""
 "辦法是產生一份新的撤銷憑證, 並且指明撤銷\n"
 "的理由."
 
-#: g10/revoke.c:590
+#: g10/revoke.c:592
 #, fuzzy
 #| msgid ""
 #| "To avoid an accidental use of this file, a colon has been inserted\n"
@@ -7047,13 +7056,13 @@ msgstr ""
 "真的要使用這份撤銷憑證前, 請先用文字編輯器把那個冒號移除,\n"
 "撤銷憑證才能使用."
 
-#: g10/revoke.c:609
+#: g10/revoke.c:611
 #, fuzzy, c-format
 #| msgid "Revocation certificate created.\n"
 msgid "revocation certificate stored as '%s.rev'\n"
 msgstr "已建立撤銷憑證.\n"
 
-#: g10/revoke.c:653
+#: g10/revoke.c:655
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key \"%s\" not found\n"
@@ -7067,17 +7076,17 @@ msgstr "找不到私鑰 \"%s\": %s\n"
 msgid "'%s' matches multiple secret keys:\n"
 msgstr ""
 
-#: g10/revoke.c:707
+#: g10/revoke.c:705
 #, fuzzy, c-format
 #| msgid "error creating keyring '%s': %s\n"
 msgid "error searching the keyring: %s\n"
 msgstr "建立鑰匙圈 '%s' 時出錯: %s\n"
 
-#: g10/revoke.c:730
+#: g10/revoke.c:728
 msgid "Create a revocation certificate for this key? (y/N) "
 msgstr "要為這把金鑰建立一份撤銷憑證嗎? (y/N) "
 
-#: g10/revoke.c:754
+#: g10/revoke.c:752
 msgid ""
 "Revocation certificate created.\n"
 "\n"
@@ -7096,37 +7105,37 @@ msgstr ""
 "但是千萬小心: 你的機器上的列印系統可能會在列印過\n"
 "程中把這些資料暫存在某個其他人也能夠看得到的地方!\n"
 
-#: g10/revoke.c:788
+#: g10/revoke.c:786
 msgid "Please select the reason for the revocation:\n"
 msgstr "請選擇撤銷的原因:\n"
 
-#: g10/revoke.c:798
+#: g10/revoke.c:796
 msgid "Cancel"
 msgstr "取消"
 
-#: g10/revoke.c:800
+#: g10/revoke.c:798
 #, c-format
 msgid "(Probably you want to select %d here)\n"
 msgstr "(也許你會想要在這裡選擇 %d)\n"
 
-#: g10/revoke.c:841
+#: g10/revoke.c:839
 msgid "Enter an optional description; end it with an empty line:\n"
 msgstr "請輸入選用的描述; 以空白列結束:\n"
 
-#: g10/revoke.c:869
+#: g10/revoke.c:867
 #, c-format
 msgid "Reason for revocation: %s\n"
 msgstr "撤銷原因: %s\n"
 
-#: g10/revoke.c:871
+#: g10/revoke.c:869
 msgid "(No description given)\n"
 msgstr "(沒有給定描述)\n"
 
-#: g10/revoke.c:876
+#: g10/revoke.c:874
 msgid "Is this okay? (y/N) "
 msgstr "這樣可以嗎? (y/N) "
 
-#: g10/seskey.c:62 sm/encrypt.c:124
+#: g10/seskey.c:62 sm/encrypt.c:126
 #, c-format
 msgid "weak key created - retrying\n"
 msgstr "建立了弱金鑰 - 重試中\n"
@@ -7136,62 +7145,57 @@ msgstr "建立了弱金鑰 - 重試中\n"
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr "無法避免對稱式編密法的弱金鑰; 已經試了 %d 次了!\n"
 
-#: g10/seskey.c:306
+#: g10/seskey.c:299
 #, c-format
 msgid "%s key %s uses an unsafe (%zu bit) hash\n"
 msgstr "%s 金鑰 %s 使用不安全 (%zu 位元) 的雜湊\n"
 
-#: g10/seskey.c:324
+#: g10/seskey.c:317
 #, c-format
 msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
 msgstr "%s 金鑰 %s 需要 %zu 位元以上的雜湊 (雜湊為 %s)\n"
 
-#: g10/sig-check.c:78 g10/sign.c:402 sm/sign.c:496 sm/verify.c:498
+#: g10/sig-check.c:170
+#, c-format
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "警告: 簽章摘要與訊息不一致\n"
+
+#: g10/sig-check.c:181 g10/sign.c:463 sm/sign.c:610 sm/verify.c:502
 #, fuzzy, c-format
 #| msgid "you may not use %s while in %s mode\n"
 msgid "key %s may not be used for signing in %s mode\n"
 msgstr "你不能夠將 %s 用於 %s 模式中\n"
 
-#: g10/sig-check.c:82
-#, c-format
-msgid "continuing verification anyway due to option %s\n"
-msgstr ""
-
-#: g10/sig-check.c:190
-#, c-format
-msgid "WARNING: signature digest conflict in message\n"
-msgstr "警告: 簽章摘要與訊息不一致\n"
-
-#: g10/sig-check.c:219
+#: g10/sig-check.c:209
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
 msgstr "警告: 簽署子鑰 %s 未經交叉認證\n"
 
-#: g10/sig-check.c:221
+#: g10/sig-check.c:211
 #, c-format
 msgid "please see %s for more information\n"
 msgstr "請參考 %s 上進一步的資訊\n"
 
-#: g10/sig-check.c:230
+#: g10/sig-check.c:220
 #, c-format
 msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
 msgstr "警告: 簽署子鑰 %s 有無效的交叉憑證\n"
 
-#: g10/sig-check.c:351
+#: g10/sig-check.c:359
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu second newer than the signature\n"
 msgid_plural "public key %s is %lu seconds newer than the signature\n"
 msgstr[0] "公鑰 %s 比簽章還要新了 %lu 秒\n"
 
-#: g10/sig-check.c:359
+#: g10/sig-check.c:367
 #, fuzzy, c-format
 #| msgid "public key %s is %lu second newer than the signature\n"
 msgid "public key %s is %lu day newer than the signature\n"
 msgid_plural "public key %s is %lu days newer than the signature\n"
 msgstr[0] "公鑰 %s 比簽章還要新了 %lu 秒\n"
 
-#: g10/sig-check.c:373 g10/sign.c:361
+#: g10/sig-check.c:381 g10/sign.c:422
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7202,7 +7206,7 @@ msgid_plural ""
 msgstr[0] ""
 "金鑰 %s 已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
 
-#: g10/sig-check.c:382
+#: g10/sig-check.c:390
 #, fuzzy, c-format
 #| msgid ""
 #| "key %s was created %lu second in the future (time warp or clock problem)\n"
@@ -7212,102 +7216,103 @@ msgid_plural ""
 msgstr[0] ""
 "金鑰 %s 已經在 %lu 秒後的未來製妥 (可能是因為時光旅行或時鐘的問題)\n"
 
-#: g10/sig-check.c:400
+#: g10/sig-check.c:408
 #, c-format
 msgid "Note: signature key %s expired %s\n"
 msgstr "請注意: 簽章金鑰 %s 已於 %s 過期\n"
 
-#: g10/sig-check.c:411
+#: g10/sig-check.c:419
 #, c-format
 msgid "Note: signature key %s has been revoked\n"
 msgstr "請注意: 簽章金鑰 %s 已遭撤銷\n"
 
-#: g10/sig-check.c:500
+#: g10/sig-check.c:511
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "等級 0x%02x 的獨立簽章\n"
 
-#: g10/sig-check.c:512
+#: g10/sig-check.c:523
 #, fuzzy, c-format
 #| msgid "standalone signature of class 0x%02x\n"
 msgid "bad data signature from key %s: %s (0x%02x, 0x%x)\n"
 msgstr "等級 0x%02x 的獨立簽章\n"
 
-#: g10/sig-check.c:579
+#: g10/sig-check.c:626
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"
 msgstr "假設金鑰 %s 的損壞簽章導因於某個未知的關鍵位元\n"
 
-#: g10/sig-check.c:1176
+#: g10/sig-check.c:1221
 #, c-format
 msgid "key %s: no subkey for subkey revocation signature\n"
 msgstr "金鑰 %s: 沒有子鑰可供子鑰撤銷簽章使用\n"
 
-#: g10/sig-check.c:1179
+#: g10/sig-check.c:1224
 #, c-format
 msgid "key %s: no subkey for subkey binding signature\n"
 msgstr "金鑰 %s: 沒有子鑰可供附子鑰簽章之用\n"
 
-#: g10/sign.c:96
+#: g10/sign.c:110
 #, c-format
 msgid "WARNING: unable to %%-expand notation (too large).  Using unexpanded.\n"
 msgstr "警告: 註記 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
 
-#: g10/sign.c:122
+#: g10/sign.c:138
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand policy URL (too large).  Using unexpanded.\n"
 msgstr "警告: 原則 URL 的 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
 
-#: g10/sign.c:145
+#: g10/sign.c:161
 #, c-format
 msgid ""
 "WARNING: unable to %%-expand preferred keyserver URL (too large).  Using "
 "unexpanded.\n"
 msgstr "警告: 偏好金鑰伺服器 URL 的 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
 
-#: g10/sign.c:476
+#: g10/sign.c:534
 #, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s 簽章來自: \"%s\"\n"
 
-#: g10/sign.c:1045
+#: g10/sign.c:1146
 #, c-format
 msgid ""
 "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
 msgstr "警告: 強迫使用 %s (%d) 摘要演算法會違反收件者偏好設定\n"
 
-#: g10/sign.c:1187
+#: g10/sign.c:1295
 #, c-format
 msgid "signing:"
 msgstr "簽署:"
 
-#: g10/sign.c:1464
-#, c-format
-msgid "%s encryption will be used\n"
+#: g10/sign.c:1622
+#, fuzzy, c-format
+#| msgid "%s encryption will be used\n"
+msgid "%s.%s encryption will be used\n"
 msgstr "%s 加密將被採用\n"
 
-#: g10/skclist.c:174 g10/skclist.c:255
+#: g10/skclist.c:172 g10/skclist.c:253
 #, c-format
 msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
 msgstr "金鑰未被標示為不安全 - 不能夠拿來跟假的隨機數字產生器併用!\n"
 
-#: g10/skclist.c:206
+#: g10/skclist.c:204
 #, c-format
 msgid "skipped \"%s\": duplicated\n"
 msgstr "已跳過 \"%s\": 重複了\n"
 
-#: g10/skclist.c:225
+#: g10/skclist.c:223
 #, c-format
 msgid "skipped: secret key already present\n"
 msgstr "已跳過: 私鑰已經存在\n"
 
-#: g10/skclist.c:244
+#: g10/skclist.c:242
 msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
 msgstr "這是由 PGP 產生的 ElGamal 金鑰, 用於簽章並不安全!"
 
-#: g10/tdbdump.c:57 g10/trustdb.c:451
+#: g10/tdbdump.c:57 g10/trustdb.c:421
 #, c-format
 msgid "trust record %lu, type %d: write failed: %s\n"
 msgstr "信任記錄 %lu, 類別 %d: 寫入失敗: %s\n"
@@ -7321,43 +7326,43 @@ msgstr ""
 "# 相對應的信任值清單被建立於 %s\n"
 "# (請用 \"gpg --import-ownertrust\" 來取回它們)\n"
 
-#: g10/tdbdump.c:164 g10/tdbdump.c:172 g10/tdbdump.c:177 g10/tdbdump.c:182
+#: g10/tdbdump.c:162 g10/tdbdump.c:170 g10/tdbdump.c:175 g10/tdbdump.c:180
 #, c-format
 msgid "error in '%s': %s\n"
 msgstr "在 '%s' 中出錯: %s\n"
 
-#: g10/tdbdump.c:164
+#: g10/tdbdump.c:162
 msgid "line too long"
 msgstr "列太長"
 
-#: g10/tdbdump.c:172
+#: g10/tdbdump.c:170
 msgid "colon missing"
 msgstr "冒號缺漏"
 
-#: g10/tdbdump.c:178
+#: g10/tdbdump.c:176
 msgid "invalid fingerprint"
 msgstr "無效的指紋"
 
-#: g10/tdbdump.c:183
+#: g10/tdbdump.c:181
 msgid "ownertrust value missing"
 msgstr "主觀信任值缺漏"
 
-#: g10/tdbdump.c:224
+#: g10/tdbdump.c:223
 #, c-format
 msgid "error finding trust record in '%s': %s\n"
 msgstr "在 '%s' 中尋找信任記錄時出錯: %s\n"
 
-#: g10/tdbdump.c:228
+#: g10/tdbdump.c:227
 #, c-format
 msgid "read error in '%s': %s\n"
 msgstr "'%s' 讀取錯誤: %s\n"
 
-#: g10/tdbdump.c:237 g10/trustdb.c:466
+#: g10/tdbdump.c:236 g10/trustdb.c:436
 #, c-format
 msgid "trustdb: sync failed: %s\n"
 msgstr "信任資料庫: 同步化失敗: %s\n"
 
-#: g10/tdbio.c:144 sm/keydb.c:335
+#: g10/tdbio.c:144
 #, c-format
 msgid "can't create lock for '%s'\n"
 msgstr "無法為 '%s' 建立鎖定\n"
@@ -7367,12 +7372,12 @@ msgstr "無法為 '%s' 建立鎖定\n"
 msgid "can't lock '%s'\n"
 msgstr "無法鎖定 '%s'\n"
 
-#: g10/tdbio.c:224 g10/tdbio.c:1855
+#: g10/tdbio.c:224 g10/tdbio.c:1852
 #, c-format
 msgid "trustdb rec %lu: lseek failed: %s\n"
 msgstr "信任資料庫記錄 %lu: 本機搜尋失敗: %s\n"
 
-#: g10/tdbio.c:232 g10/tdbio.c:1866
+#: g10/tdbio.c:232 g10/tdbio.c:1863
 #, c-format
 msgid "trustdb rec %lu: write failed (n=%d): %s\n"
 msgstr "信任資料庫記錄 %lu: 寫入失敗 (n=%d): %s\n"
@@ -7387,7 +7392,7 @@ msgstr "信任資料庫更動量過大\n"
 msgid "%s: directory does not exist!\n"
 msgstr "%s: 目錄不存在!\n"
 
-#: g10/tdbio.c:741 dirmngr/http.c:595 dirmngr/http.c:624
+#: g10/tdbio.c:741 dirmngr/http.c:593 dirmngr/http.c:622
 #, c-format
 msgid "can't access '%s': %s\n"
 msgstr "無法存取 '%s': %s\n"
@@ -7428,7 +7433,7 @@ msgid "%s: error updating version record: %s\n"
 msgstr "%s: 更新版本記錄時錯誤: %s\n"
 
 #: g10/tdbio.c:904 g10/tdbio.c:938 g10/tdbio.c:956 g10/tdbio.c:976
-#: g10/tdbio.c:1013 g10/tdbio.c:1785 g10/tdbio.c:1814
+#: g10/tdbio.c:1013 g10/tdbio.c:1782 g10/tdbio.c:1811
 #, c-format
 msgid "%s: error reading version record: %s\n"
 msgstr "%s: 讀取版本記錄時錯誤: %s\n"
@@ -7438,52 +7443,52 @@ msgstr "%s: 讀取版本記錄時錯誤: %s\n"
 msgid "%s: error writing version record: %s\n"
 msgstr "%s: 寫入版本記錄時錯誤: %s\n"
 
-#: g10/tdbio.c:1535
+#: g10/tdbio.c:1532
 #, c-format
 msgid "trustdb: lseek failed: %s\n"
 msgstr "信任資料庫: 本機搜尋失敗: %s\n"
 
-#: g10/tdbio.c:1546
+#: g10/tdbio.c:1543
 #, c-format
 msgid "trustdb: read failed (n=%d): %s\n"
 msgstr "信任資料庫: 讀取失敗 (n=%d): %s\n"
 
-#: g10/tdbio.c:1571
+#: g10/tdbio.c:1568
 #, c-format
 msgid "%s: not a trustdb file\n"
 msgstr "%s: 不是一個信任資料庫檔案\n"
 
-#: g10/tdbio.c:1596
+#: g10/tdbio.c:1593
 #, c-format
 msgid "%s: version record with recnum %lu\n"
 msgstr "%s: 記錄編號為 %lu 的版本記錄\n"
 
-#: g10/tdbio.c:1602
+#: g10/tdbio.c:1599
 #, c-format
 msgid "%s: invalid file version %d\n"
 msgstr "%s: 無效的檔案版本 %d\n"
 
-#: g10/tdbio.c:1821
+#: g10/tdbio.c:1818
 #, c-format
 msgid "%s: error reading free record: %s\n"
 msgstr "%s: 讀取可用空間記錄時出錯: %s\n"
 
-#: g10/tdbio.c:1827
+#: g10/tdbio.c:1824
 #, c-format
 msgid "%s: error writing dir record: %s\n"
 msgstr "%s: 寫入目錄記錄時出錯: %s\n"
 
-#: g10/tdbio.c:1836
+#: g10/tdbio.c:1833
 #, c-format
 msgid "%s: failed to zero a record: %s\n"
 msgstr "%s: 記錄歸零失敗: %s\n"
 
-#: g10/tdbio.c:1872
+#: g10/tdbio.c:1869
 #, c-format
 msgid "%s: failed to append a record: %s\n"
 msgstr "%s: 附加記錄失敗: %s\n"
 
-#: g10/tdbio.c:1933
+#: g10/tdbio.c:1927
 #, c-format
 msgid "Error: The trustdb is corrupted.\n"
 msgstr "錯誤: 信任資料庫已毀損.\n"
@@ -7525,10 +7530,10 @@ msgstr "未支援的演算法: %s"
 msgid "TOFU DB error"
 msgstr ""
 
-#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2351 g10/tofu.c:2370
-#: g10/tofu.c:2383 g10/tofu.c:2395 g10/tofu.c:2410 g10/tofu.c:2422
-#: g10/tofu.c:3017 g10/tofu.c:3034 g10/tofu.c:3071 g10/tofu.c:3088
-#: g10/tofu.c:3400
+#: g10/tofu.c:687 g10/tofu.c:2073 g10/tofu.c:2354 g10/tofu.c:2373
+#: g10/tofu.c:2386 g10/tofu.c:2398 g10/tofu.c:2413 g10/tofu.c:2425
+#: g10/tofu.c:3021 g10/tofu.c:3038 g10/tofu.c:3075 g10/tofu.c:3092
+#: g10/tofu.c:3404
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error reading TOFU database: %s\n"
@@ -7552,7 +7557,7 @@ msgstr "啟始讀取程式物件時出錯: %s\n"
 msgid "error opening TOFU database '%s': %s\n"
 msgstr "開啟 '%s' 時出錯: %s\n"
 
-#: g10/tofu.c:1148 g10/tofu.c:3454 g10/tofu.c:3600
+#: g10/tofu.c:1148 g10/tofu.c:3458 g10/tofu.c:3604
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error updating TOFU database: %s\n"
@@ -7719,105 +7724,105 @@ msgstr ""
 msgid "Defaulting to unknown.\n"
 msgstr ""
 
-#: g10/tofu.c:2090 g10/tofu.c:2225
+#: g10/tofu.c:2093 g10/tofu.c:2228
 #, c-format
 msgid "TOFU db corruption detected.\n"
 msgstr ""
 
-#: g10/tofu.c:2825
+#: g10/tofu.c:2829
 #, fuzzy, c-format
 #| msgid "error creating a pipe: %s\n"
 msgid "error changing TOFU policy: %s\n"
 msgstr "建立管道時出錯: %s\n"
 
-#: g10/tofu.c:2876
+#: g10/tofu.c:2880
 #, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
 msgstr[0] ""
 
-#: g10/tofu.c:2881
+#: g10/tofu.c:2885
 #, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
 msgstr[0] ""
 
-#: g10/tofu.c:2886
+#: g10/tofu.c:2890
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
 msgstr[0] ""
 
-#: g10/tofu.c:2891
+#: g10/tofu.c:2895
 #, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
 msgstr[0] ""
 
-#: g10/tofu.c:2896
+#: g10/tofu.c:2900
 #, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
 msgstr[0] ""
 
-#: g10/tofu.c:2901
+#: g10/tofu.c:2905
 #, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
 msgstr[0] ""
 
-#: g10/tofu.c:2903
+#: g10/tofu.c:2907
 #, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
 msgstr[0] ""
 
-#: g10/tofu.c:3141
+#: g10/tofu.c:3145
 #, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
 msgstr ""
 
-#: g10/tofu.c:3147
+#: g10/tofu.c:3151
 #, fuzzy, c-format
 #| msgid "Deleted %d signatures.\n"
 msgid "%s: Verified 0 signatures."
 msgstr "已經刪除了 %d 份簽章.\n"
 
-#: g10/tofu.c:3161
+#: g10/tofu.c:3165
 #, fuzzy
 #| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
 msgstr "已用 %lu 個密語加密了\n"
 
-#: g10/tofu.c:3177
+#: g10/tofu.c:3181
 #, fuzzy, c-format
 #| msgid "validity: %s"
 msgid "(policy: %s)"
 msgstr "有效性: %s"
 
-#: g10/tofu.c:3211
+#: g10/tofu.c:3215
 #, c-format
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3214
+#: g10/tofu.c:3218
 #, c-format
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
 
-#: g10/tofu.c:3218
+#: g10/tofu.c:3222
 #, c-format
 msgid "Warning: you have yet to encrypt a message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3221
+#: g10/tofu.c:3225
 #, c-format
 msgid "Warning: you have only encrypted one message to this key!\n"
 msgstr ""
 
-#: g10/tofu.c:3250
+#: g10/tofu.c:3254
 #, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
@@ -7833,162 +7838,162 @@ msgid_plural ""
 "to mark it as being bad.\n"
 msgstr[0] ""
 
-#: g10/tofu.c:3335 g10/tofu.c:3498 g10/tofu.c:3704 g10/tofu.c:3757
-#: g10/tofu.c:3898 g10/tofu.c:3975 g10/tofu.c:4013
+#: g10/tofu.c:3339 g10/tofu.c:3502 g10/tofu.c:3708 g10/tofu.c:3761
+#: g10/tofu.c:3902 g10/tofu.c:3979 g10/tofu.c:4017
 #, fuzzy, c-format
 #| msgid "error sending data: %s\n"
 msgid "error opening TOFU database: %s\n"
 msgstr "送出資料時出錯: %s\n"
 
-#: g10/tofu.c:3531
+#: g10/tofu.c:3535
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
 
-#: g10/trustdb.c:232
+#: g10/trustdb.c:278
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
 msgstr "'%s' 不是有效的長式金鑰 ID\n"
 
-#: g10/trustdb.c:255 g10/trustdb.c:284
+#: g10/trustdb.c:301
 #, c-format
 msgid "key %s: accepted as trusted key\n"
 msgstr "金鑰 %s: 如受信任的金鑰般被接受了\n"
 
-#: g10/trustdb.c:336
+#: g10/trustdb.c:330
 #, c-format
 msgid "key %s occurs more than once in the trustdb\n"
 msgstr "金鑰 %s 在信任資料庫中出現了不止一次\n"
 
-#: g10/trustdb.c:375
+#: g10/trustdb.c:345
 #, c-format
 msgid "key %s: no public key for trusted key - skipped\n"
 msgstr "金鑰 %s: 受信任的金鑰沒有公鑰 - 已跳過\n"
 
-#: g10/trustdb.c:386
+#: g10/trustdb.c:356
 #, c-format
 msgid "key %s marked as ultimately trusted\n"
 msgstr "金鑰 %s 已標記成徹底信任了\n"
 
-#: g10/trustdb.c:430
+#: g10/trustdb.c:400
 #, c-format
 msgid "trust record %lu, req type %d: read failed: %s\n"
 msgstr "信任記錄 %lu, 請求類別 %d: 讀取失敗: %s\n"
 
-#: g10/trustdb.c:436
+#: g10/trustdb.c:406
 #, c-format
 msgid "trust record %lu is not of requested type %d\n"
 msgstr "信任記錄 %lu 不是所請求的類別 %d\n"
 
-#: g10/trustdb.c:511
+#: g10/trustdb.c:481
 #, c-format
 msgid "You may try to re-create the trustdb using the commands:\n"
 msgstr "你可以試著用下列指令來重建信任資料庫:\n"
 
-#: g10/trustdb.c:520
+#: g10/trustdb.c:490
 #, c-format
 msgid "If that does not work, please consult the manual\n"
 msgstr "如果行不通的話, 請查閱手冊\n"
 
-#: g10/trustdb.c:570
+#: g10/trustdb.c:540
 #, c-format
 msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
 msgstr "無法使用未知的信任模型 (%d) - 現在採用 %s 信任模型\n"
 
-#: g10/trustdb.c:576
+#: g10/trustdb.c:546
 #, c-format
 msgid "using %s trust model\n"
 msgstr "正在使用 %s 信任模型\n"
 
-#: g10/trustdb.c:625
+#: g10/trustdb.c:595
 #, c-format
 msgid "no need for a trustdb check\n"
 msgstr "不需要檢查信任資料庫\n"
 
-#: g10/trustdb.c:631 g10/trustdb.c:2326
+#: g10/trustdb.c:601 g10/trustdb.c:2272
 #, c-format
 msgid "next trustdb check due at %s\n"
 msgstr "下次信任資料庫檢查將於 %s 進行\n"
 
-#: g10/trustdb.c:640
+#: g10/trustdb.c:610
 #, c-format
 msgid "no need for a trustdb check with '%s' trust model\n"
 msgstr "在 '%s' 信任模型中並不需要檢查信任資料庫\n"
 
-#: g10/trustdb.c:656
+#: g10/trustdb.c:626
 #, c-format
 msgid "no need for a trustdb update with '%s' trust model\n"
 msgstr "在 '%s' 信任模型中並不需要更新信任資料庫\n"
 
-#: g10/trustdb.c:898 g10/trustdb.c:1485
+#: g10/trustdb.c:848 g10/trustdb.c:1431
 #, c-format
 msgid "public key %s not found: %s\n"
 msgstr "找不到公鑰 %s: %s\n"
 
-#: g10/trustdb.c:1118
+#: g10/trustdb.c:1064
 #, c-format
 msgid "please do a --check-trustdb\n"
 msgstr "請做一次 --check-trustdb\n"
 
-#: g10/trustdb.c:1123
+#: g10/trustdb.c:1069
 #, c-format
 msgid "checking the trustdb\n"
 msgstr "正在檢查信任資料庫\n"
 
-#: g10/trustdb.c:2047
+#: g10/trustdb.c:1993
 #, fuzzy, c-format
 #| msgid "%lu keys processed so far\n"
 msgid "%d key processed"
 msgid_plural "%d keys processed"
 msgstr[0] "目前已處理 %lu 把金鑰\n"
 
-#: g10/trustdb.c:2050
+#: g10/trustdb.c:1996
 #, fuzzy, c-format
 #| msgid "%d keys processed (%d validity counts cleared)\n"
 msgid " (%d validity count cleared)\n"
 msgid_plural " (%d validity counts cleared)\n"
 msgstr[0] "已經處理了 %d 把金鑰 (共計已解決了 %d 份有效性)\n"
 
-#: g10/trustdb.c:2120
+#: g10/trustdb.c:2066
 #, c-format
 msgid "no ultimately trusted keys found\n"
 msgstr "沒有找到任何徹底信任的金鑰\n"
 
-#: g10/trustdb.c:2134
+#: g10/trustdb.c:2080
 #, c-format
 msgid "public key of ultimately trusted key %s not found\n"
 msgstr "找不到徹底信任金鑰 %s 的公鑰\n"
 
-#: g10/trustdb.c:2252
+#: g10/trustdb.c:2198
 #, c-format
 msgid ""
 "depth: %d  valid: %3d  signed: %3d  trust: %d-, %dq, %dn, %dm, %df, %du\n"
 msgstr "深度: %d  有效: %3d  已簽署: %3d  信任: %d-, %dq, %dn, %dm, %df, %du\n"
 
-#: g10/trustdb.c:2333
+#: g10/trustdb.c:2279
 #, c-format
 msgid "unable to update trustdb version record: write failed: %s\n"
 msgstr "無法更新信任資料庫版本記錄: 寫入失敗: %s\n"
 
-#: g10/trust.c:114
+#: g10/trust.c:125
 msgid "undefined"
 msgstr ""
 
-#: g10/trust.c:115
+#: g10/trust.c:126
 #, fuzzy
 #| msgid "never     "
 msgid "never"
 msgstr "永遠不過期"
 
-#: g10/trust.c:116
+#: g10/trust.c:127
 msgid "marginal"
 msgstr ""
 
-#: g10/trust.c:117
+#: g10/trust.c:128
 msgid "full"
 msgstr ""
 
-#: g10/trust.c:118
+#: g10/trust.c:129
 msgid "ultimate"
 msgstr ""
 
@@ -8000,47 +8005,47 @@ msgstr ""
 #. It gets passed to atoi() so everything after the number is
 #. essentially a comment and need not be translated.  Either key and
 #. uid are both NULL, or neither are NULL.
-#: g10/trust.c:155
+#: g10/trust.c:166
 msgid "10 translator see trust.c:uid_trust_string_fixed"
 msgstr ""
 
-#: g10/trust.c:158
+#: g10/trust.c:169
 #, fuzzy
 #| msgid "revoked"
 msgid "[ revoked]"
 msgstr "已撤銷"
 
-#: g10/trust.c:160 g10/trust.c:166
+#: g10/trust.c:171 g10/trust.c:177
 #, fuzzy
 #| msgid "expired"
 msgid "[ expired]"
 msgstr "已過期"
 
-#: g10/trust.c:165
+#: g10/trust.c:176
 #, fuzzy
 #| msgid "unknown"
 msgid "[ unknown]"
 msgstr "未知"
 
-#: g10/trust.c:167
+#: g10/trust.c:178
 msgid "[  undef ]"
 msgstr ""
 
-#: g10/trust.c:168
+#: g10/trust.c:179
 #, fuzzy
 #| msgid "never     "
 msgid "[  never ]"
 msgstr "永遠不過期"
 
-#: g10/trust.c:169
+#: g10/trust.c:180
 msgid "[marginal]"
 msgstr ""
 
-#: g10/trust.c:170
+#: g10/trust.c:181
 msgid "[  full  ]"
 msgstr ""
 
-#: g10/trust.c:171
+#: g10/trust.c:182
 msgid "[ultimate]"
 msgstr ""
 
@@ -8065,19 +8070,31 @@ msgstr "輸入列 %u 太長或者列末的 LF 遺失了\n"
 msgid "can't open fd %d: %s\n"
 msgstr "無法開啟 fd %d: %s\n"
 
-#: kbx/kbxutil.c:92
+#: g10/cipher-cfb.c:70
+#, fuzzy, c-format
+#| msgid "WARNING: message was not integrity protected\n"
+msgid "WARNING: encrypting without integrity protection is dangerous\n"
+msgstr "警告: 訊息未受到完整的保護\n"
+
+#: g10/cipher-cfb.c:72
+#, fuzzy, c-format
+#| msgid "ambiguous option '%s'\n"
+msgid "Hint: Do not use option %s\n"
+msgstr "不明確的選項 '%s'\n"
+
+#: kbx/kbxutil.c:93
 msgid "set debugging flags"
 msgstr "設定除錯旗標"
 
-#: kbx/kbxutil.c:93
+#: kbx/kbxutil.c:94
 msgid "enable full debugging"
 msgstr "啟用完整除錯"
 
-#: kbx/kbxutil.c:117
+#: kbx/kbxutil.c:122
 msgid "Usage: kbxutil [options] [files] (-h for help)"
 msgstr "用法: kbxutil [選項] [檔案] (或用 -h 求助)"
 
-#: kbx/kbxutil.c:120
+#: kbx/kbxutil.c:125
 msgid ""
 "Syntax: kbxutil [options] [files]\n"
 "List, export, import Keybox data\n"
@@ -8088,124 +8105,228 @@ msgstr ""
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-p15.c:5116 scd/app-openpgp.c:2154
+#: scd/app-piv.c:1770 scd/app-p15.c:4741 scd/app-nks.c:1475
+#: scd/app-openpgp.c:2386
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
 msgstr ""
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
-#: scd/app-p15.c:5135 scd/app-openpgp.c:2170
+#: scd/app-piv.c:1787 scd/app-p15.c:4760 scd/app-nks.c:1494
+#: scd/app-openpgp.c:2402
 #, c-format
 msgid "Remaining attempts: %d"
 msgstr ""
 
-#: scd/app-p15.c:5214 scd/app-nks.c:1113
+#: scd/app-piv.c:1845
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new Global-PIN"
+msgstr "||請輸入個人識別碼 (PIN)"
+
+#: scd/app-piv.c:1846
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the Global-PIN of your PIV card"
+msgstr "||請輸入卡片的重設碼"
+
+#: scd/app-piv.c:1853
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "|N|Please enter the new PIN"
+msgstr "||請輸入個人識別碼 (PIN)"
+
+#: scd/app-piv.c:1854
+#, fuzzy
+#| msgid "||Please enter the Reset Code for the card"
+msgid "||Please enter the PIN of your PIV card"
+msgstr "||請輸入卡片的重設碼"
+
+#: scd/app-piv.c:1861
+#, fuzzy
+#| msgid "|A|Please enter the Admin PIN"
+msgid "|N|Please enter the new Unblocking Key"
+msgstr "|A|請輸入管理者 PIN"
+
+#: scd/app-piv.c:1862
+#, fuzzy
+#| msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgid "||Please enter the Unblocking Key of your PIV card"
+msgstr "|P|請輸入標準金鑰的 PIN 重設碼 (PUK)."
+
+#: scd/app-piv.c:1888 scd/app-nks.c:1605 scd/app-openpgp.c:2669
+#: scd/app-openpgp.c:2693 scd/app-openpgp.c:2871 scd/app-openpgp.c:2893
+#: scd/app-openpgp.c:3074 scd/app-openpgp.c:3361 scd/app-openpgp.c:3408
+#: scd/app-openpgp.c:3545 scd/app-dinsig.c:302
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "收回個人識別碼 (PIN) 時傳回錯誤: %s\n"
+
+#: scd/app-piv.c:1895
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too short; minimum length is %d\n"
+msgstr "用於 CHV%d 的個人識別碼 (PIN) 太短; 長度最少要有 %d\n"
+
+#: scd/app-piv.c:1903
+#, fuzzy, c-format
+#| msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgid "PIN is too long; maximum length is %d\n"
+msgstr "用於 CHV%d 的個人識別碼 (PIN) 太短; 長度最少要有 %d\n"
+
+#: scd/app-piv.c:1910
+#, c-format
+msgid "PIN has invalid characters; only digits are allowed\n"
+msgstr ""
+
+#: scd/app-piv.c:2657 scd/app-openpgp.c:3616
+#, c-format
+msgid "key already exists\n"
+msgstr "金鑰已存在\n"
+
+#: scd/app-piv.c:2662 scd/app-openpgp.c:3620
+#, c-format
+msgid "existing key will be replaced\n"
+msgstr "既有的金鑰將被取代\n"
+
+#: scd/app-piv.c:2664 scd/app-openpgp.c:3622
+#, c-format
+msgid "generating new key\n"
+msgstr "正在產生新的金鑰\n"
+
+#: scd/app-piv.c:2666 scd/app-openpgp.c:3624
+#, c-format
+msgid "writing new key\n"
+msgstr "正在寫入新的金鑰\n"
+
+#: scd/app-piv.c:3082 scd/app-openpgp.c:4484 scd/app-openpgp.c:4767
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "存放金鑰失敗: %s\n"
+
+#: scd/app-piv.c:3108 scd/app-openpgp.c:1615
+#, c-format
+msgid "response does not contain the RSA modulus\n"
+msgstr "回應中未包含 RSA 系數\n"
+
+#: scd/app-piv.c:3116 scd/app-openpgp.c:1622
+#, c-format
+msgid "response does not contain the RSA public exponent\n"
+msgstr "回應中未包含 RSA 公用指數\n"
+
+#: scd/app-piv.c:3186 scd/app-openpgp.c:1732
+#, fuzzy, c-format
+#| msgid "response does not contain the EC public point\n"
+msgid "response does not contain the EC public key\n"
+msgstr "回應中未包含 EC 公用指數\n"
+
+#: scd/app-piv.c:3279 scd/app-openpgp.c:4943
+#, c-format
+msgid "please wait while key is being generated ...\n"
+msgstr "正在產生金鑰中, 請稍候 ...\n"
+
+#: scd/app-piv.c:3294 scd/app-openpgp.c:4951
+#, c-format
+msgid "generating key failed\n"
+msgstr "產生金鑰時失敗\n"
+
+#: scd/app-piv.c:3300 scd/app-openpgp.c:4957
+#, fuzzy, c-format
+#| msgid "key generation completed (%d seconds)\n"
+msgid "key generation completed (%d second)\n"
+msgid_plural "key generation completed (%d seconds)\n"
+msgstr[0] "金鑰產生完畢 (%d 秒)\n"
+
+#: scd/app-piv.c:3311 scd/app-openpgp.c:1842 scd/app-openpgp.c:4966
+#, c-format
+msgid "response does not contain the public key data\n"
+msgstr "回應中未包含公鑰資料\n"
+
+#: scd/app-p15.c:4839 scd/app-nks.c:1983
 msgid "||Please enter the PIN for the key to create qualified signatures."
 msgstr "||請輸入金鑰的個人識別碼 (PIN) 以建立完善的簽章."
 
 #. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
 #. the start of the string.  Use %0A (single percent) for a linefeed.
-#: scd/app-p15.c:5217 scd/app-openpgp.c:2464
+#: scd/app-p15.c:4842 scd/app-openpgp.c:2818
 msgid "|A|Please enter the Admin PIN"
 msgstr "|A|請輸入管理者 PIN"
 
-#: scd/app-p15.c:5219 scd/app-nks.c:1103
+#: scd/app-p15.c:4844 scd/app-nks.c:1973
 msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|P|請輸入標準金鑰的 PIN 重設碼 (PUK)."
 
-#: scd/app-p15.c:5222 scd/app-nks.c:1095
+#: scd/app-p15.c:4847 scd/app-nks.c:1964
 msgid "||Please enter the PIN for the standard keys."
 msgstr "||請輸入標準金鑰的個人識別碼 (PIN)."
 
-#: scd/app-nks.c:709 scd/app-openpgp.c:3666
+#: scd/app-nks.c:1413 scd/app-openpgp.c:4321
 #, c-format
 msgid "RSA modulus missing or not of size %d bits\n"
 msgstr "RSA 模組缺漏或者並非 %d 位元大\n"
 
-#: scd/app-nks.c:717 scd/app-openpgp.c:3678
+#: scd/app-nks.c:1421 scd/app-openpgp.c:4333
 #, c-format
 msgid "RSA public exponent missing or larger than %d bits\n"
 msgstr "RSA 公用指數缺漏或者大於 %d 位元\n"
 
-#: scd/app-nks.c:797 scd/app-openpgp.c:2327 scd/app-openpgp.c:2346
-#: scd/app-openpgp.c:2513 scd/app-openpgp.c:2531 scd/app-openpgp.c:2829
-#: scd/app-openpgp.c:2876 scd/app-openpgp.c:2991 scd/app-dinsig.c:302
-#, c-format
-msgid "PIN callback returned error: %s\n"
-msgstr "收回個人識別碼 (PIN) 時傳回錯誤: %s\n"
+#: scd/app-nks.c:1594
+#, fuzzy
+#| msgid "the NullPIN has not yet been changed\n"
+msgid "Note: PIN has not yet been enabled."
+msgstr "NullPIN 還沒有變更過\n"
 
-#: scd/app-nks.c:830
+#: scd/app-nks.c:1641
 #, c-format
 msgid "the NullPIN has not yet been changed\n"
 msgstr "NullPIN 還沒有變更過\n"
 
-#: scd/app-nks.c:1094
+#: scd/app-nks.c:1963
 msgid "|N|Please enter a new PIN for the standard keys."
 msgstr "|N|請輸入標準金鑰將採用的新個人識別碼 (PIN)."
 
-#: scd/app-nks.c:1101
+#: scd/app-nks.c:1971
 msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
 msgstr "|NP|請輸入標準金鑰將採用的 PIN 重設碼 (PUK)."
 
-#: scd/app-nks.c:1111
+#: scd/app-nks.c:1981
 msgid "|N|Please enter a new PIN for the key to create qualified signatures."
 msgstr "|N|請輸入金鑰的新個人識別碼 (PIN) 以建立完善的簽章."
 
-#: scd/app-nks.c:1121
+#: scd/app-nks.c:1991
 msgid ""
 "|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr "|NP|請輸入金鑰的新 PIN 重設碼 (PUK) 以建立完善的簽章."
 
-#: scd/app-nks.c:1123
+#: scd/app-nks.c:1993
 msgid ""
 "|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
 "qualified signatures."
 msgstr "|P|請輸入金鑰的 PIN 重設碼 (PUK) 以建立完善的簽章."
 
-#: scd/app-nks.c:1230 scd/app-openpgp.c:2910 scd/app-dinsig.c:532
+#: scd/app-nks.c:2166 scd/app-openpgp.c:3442 scd/app-dinsig.c:534
 #, c-format
 msgid "error getting new PIN: %s\n"
 msgstr "取得新的個人識別碼 (PIN) 時出錯: %s\n"
 
-#: scd/app-openpgp.c:862
+#: scd/app-openpgp.c:943
 #, c-format
 msgid "failed to store the fingerprint: %s\n"
 msgstr "存放指紋失敗: %s\n"
 
-#: scd/app-openpgp.c:875
+#: scd/app-openpgp.c:956
 #, c-format
 msgid "failed to store the creation date: %s\n"
 msgstr "存放創生日期失敗: %s\n"
 
-#: scd/app-openpgp.c:1271 scd/app-openpgp.c:2857 scd/app-openpgp.c:5041
+#: scd/app-openpgp.c:1427 scd/app-openpgp.c:3389 scd/app-openpgp.c:5715
 #, c-format
 msgid "error retrieving CHV status from card\n"
 msgstr "從卡片取回 CHV 狀態時出錯\n"
 
-#: scd/app-openpgp.c:1429
-#, c-format
-msgid "response does not contain the RSA modulus\n"
-msgstr "回應中未包含 RSA 系數\n"
-
-#: scd/app-openpgp.c:1436
-#, c-format
-msgid "response does not contain the RSA public exponent\n"
-msgstr "回應中未包含 RSA 公用指數\n"
-
-#: scd/app-openpgp.c:1546
-#, fuzzy, c-format
-#| msgid "response does not contain the EC public point\n"
-msgid "response does not contain the EC public key\n"
-msgstr "回應中未包含 EC 公用指數\n"
-
-#: scd/app-openpgp.c:1664 scd/app-openpgp.c:4286
-#, c-format
-msgid "response does not contain the public key data\n"
-msgstr "回應中未包含公鑰資料\n"
-
-#: scd/app-openpgp.c:1771
+#: scd/app-openpgp.c:1949
 #, c-format
 msgid "reading public key failed: %s\n"
 msgstr "讀取公鑰時失敗: %s\n"
@@ -8213,44 +8334,44 @@ msgstr "讀取公鑰時失敗: %s\n"
 #. TRANSLATORS: Put a \x1f right before a colon.  This can be
 #. * used by pinentry to nicely align the names and values.  Keep
 #. * the %s at the start and end of the string.
-#: scd/app-openpgp.c:2141
+#: scd/app-openpgp.c:2373
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
 msgstr ""
 
-#: scd/app-openpgp.c:2281
+#: scd/app-openpgp.c:2621
 #, c-format
 msgid "using default PIN as %s\n"
 msgstr "以 %s 做為預設 PIN\n"
 
-#: scd/app-openpgp.c:2288
+#: scd/app-openpgp.c:2628
 #, c-format
 msgid "failed to use default PIN as %s: %s - disabling further default use\n"
 msgstr "使用 %s 做為預設個人識別碼 (PIN) 失敗: %s - 正在停用之後的預設使用\n"
 
-#: scd/app-openpgp.c:2301
+#: scd/app-openpgp.c:2641
 #, fuzzy
 #| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
 msgstr "||請輸入個人識別碼 (PIN)"
 
-#: scd/app-openpgp.c:2353 scd/app-openpgp.c:2538 scd/app-openpgp.c:2836
+#: scd/app-openpgp.c:2700 scd/app-openpgp.c:2900 scd/app-openpgp.c:3368
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
 msgstr "用於 CHV%d 的個人識別碼 (PIN) 太短; 長度最少要有 %d\n"
 
-#: scd/app-openpgp.c:2367 scd/app-openpgp.c:2414 scd/app-openpgp.c:2552
-#: scd/app-openpgp.c:4644
+#: scd/app-openpgp.c:2717 scd/app-openpgp.c:2760 scd/app-openpgp.c:2917
+#: scd/app-openpgp.c:5325
 #, c-format
 msgid "verify CHV%d failed: %s\n"
 msgstr "驗證 CHV%d 失敗: %s\n"
 
-#: scd/app-openpgp.c:2450 scd/app-openpgp.c:5050
+#: scd/app-openpgp.c:2804 scd/app-openpgp.c:5724
 #, c-format
 msgid "card is permanently locked!\n"
 msgstr "卡片永久鎖定了!!\n"
 
-#: scd/app-openpgp.c:2454
+#: scd/app-openpgp.c:2808
 #, fuzzy, c-format
 #| msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgid "%d Admin PIN attempt remaining before card is permanently locked\n"
@@ -8258,20 +8379,20 @@ msgid_plural ""
 "%d Admin PIN attempts remaining before card is permanently locked\n"
 msgstr[0] "%d 管理者個人識別碼 (PIN) 試圖在卡片永久鎖定前遺留下來\n"
 
-#: scd/app-openpgp.c:2485
+#: scd/app-openpgp.c:2841
 #, c-format
 msgid "access to admin commands is not configured\n"
 msgstr "管理者指令存取權限尚未組態\n"
 
-#: scd/app-openpgp.c:2823
+#: scd/app-openpgp.c:3355
 msgid "||Please enter the PIN"
 msgstr "||請輸入個人識別碼 (PIN)"
 
-#: scd/app-openpgp.c:2872
+#: scd/app-openpgp.c:3404
 msgid "||Please enter the Reset Code for the card"
 msgstr "||請輸入卡片的重設碼"
 
-#: scd/app-openpgp.c:2882 scd/app-openpgp.c:2943
+#: scd/app-openpgp.c:3414 scd/app-openpgp.c:3481
 #, c-format
 msgid "Reset Code is too short; minimum length is %d\n"
 msgstr "重設碼太短; 長度最少要有 %d\n"
@@ -8279,121 +8400,79 @@ msgstr "重設碼太短; 長度最少要有 %d\n"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-openpgp.c:2905
+#: scd/app-openpgp.c:3437
 msgid "|RN|New Reset Code"
 msgstr "|RN|新增重設碼"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|AN|New Admin PIN"
 msgstr "|AN|新增管理者個人識別碼 (PIN)"
 
-#: scd/app-openpgp.c:2906
+#: scd/app-openpgp.c:3438
 msgid "|N|New PIN"
 msgstr "|N|新增個人識別碼 (PIN)"
 
-#: scd/app-openpgp.c:2987
+#: scd/app-openpgp.c:3541
 msgid "||Please enter the Admin PIN and New Admin PIN"
 msgstr "||請輸入管理者 PIN 及新的管理者 PIN"
 
-#: scd/app-openpgp.c:2988
+#: scd/app-openpgp.c:3542
 msgid "||Please enter the PIN and New PIN"
 msgstr "||請輸入個人識別碼及新的個人識別碼 (PIN)"
 
-#: scd/app-openpgp.c:3050 scd/app-openpgp.c:4346
+#: scd/app-openpgp.c:3600 scd/app-openpgp.c:5026
 #, c-format
 msgid "error reading application data\n"
 msgstr "讀取應用程式資料時出錯\n"
 
-#: scd/app-openpgp.c:3056 scd/app-openpgp.c:4353
+#: scd/app-openpgp.c:3606 scd/app-openpgp.c:5033
 #, c-format
 msgid "error reading fingerprint DO\n"
 msgstr "讀取指紋 DO 時出錯\n"
 
-#: scd/app-openpgp.c:3066
-#, c-format
-msgid "key already exists\n"
-msgstr "金鑰已存在\n"
-
-#: scd/app-openpgp.c:3070
-#, c-format
-msgid "existing key will be replaced\n"
-msgstr "既有的金鑰將被取代\n"
-
-#: scd/app-openpgp.c:3072
-#, c-format
-msgid "generating new key\n"
-msgstr "正在產生新的金鑰\n"
-
-#: scd/app-openpgp.c:3074
-#, c-format
-msgid "writing new key\n"
-msgstr "正在寫入新的金鑰\n"
-
-#: scd/app-openpgp.c:3647 scd/app-openpgp.c:3999
+#: scd/app-openpgp.c:4302 scd/app-openpgp.c:4657
 #, c-format
 msgid "creation timestamp missing\n"
 msgstr "缺漏創生時間戳印\n"
 
-#: scd/app-openpgp.c:3688 scd/app-openpgp.c:3696
+#: scd/app-openpgp.c:4343 scd/app-openpgp.c:4351
 #, c-format
 msgid "RSA prime %s missing or not of size %d bits\n"
 msgstr "RSA 質數 %s 缺漏或者並非 %d 位元大\n"
 
-#: scd/app-openpgp.c:3829 scd/app-openpgp.c:4106
-#, c-format
-msgid "failed to store the key: %s\n"
-msgstr "存放金鑰失敗: %s\n"
-
-#: scd/app-openpgp.c:3993
+#: scd/app-openpgp.c:4651
 #, fuzzy, c-format
 #| msgid "unsupported inquiry '%s'\n"
 msgid "unsupported curve\n"
 msgstr "未支援的查詢 '%s'\n"
 
-#: scd/app-openpgp.c:4263
-#, c-format
-msgid "please wait while key is being generated ...\n"
-msgstr "正在產生金鑰中, 請稍候 ...\n"
-
-#: scd/app-openpgp.c:4271
-#, c-format
-msgid "generating key failed\n"
-msgstr "產生金鑰時失敗\n"
-
-#: scd/app-openpgp.c:4277
-#, fuzzy, c-format
-#| msgid "key generation completed (%d seconds)\n"
-msgid "key generation completed (%d second)\n"
-msgid_plural "key generation completed (%d seconds)\n"
-msgstr[0] "金鑰產生完畢 (%d 秒)\n"
-
-#: scd/app-openpgp.c:4311
+#: scd/app-openpgp.c:4991
 #, c-format
 msgid "invalid structure of OpenPGP card (DO 0x93)\n"
 msgstr "無效的 OpenPGP 卡片結構 (DO 0x93)\n"
 
-#: scd/app-openpgp.c:4361
+#: scd/app-openpgp.c:5041
 #, c-format
 msgid "fingerprint on card does not match requested one\n"
 msgstr "卡片上的指紋與所要求的那個並不吻合\n"
 
-#: scd/app-openpgp.c:4560
+#: scd/app-openpgp.c:5240
 #, c-format
 msgid "card does not support digest algorithm %s\n"
 msgstr "卡片不支援 %s 摘要演算法\n"
 
-#: scd/app-openpgp.c:4618
+#: scd/app-openpgp.c:5298
 #, c-format
 msgid "signatures created so far: %lu\n"
 msgstr "目前建立的簽章: %lu\n"
 
-#: scd/app-openpgp.c:5055
+#: scd/app-openpgp.c:5729
 #, c-format
 msgid ""
 "verification of Admin PIN is currently prohibited through this command\n"
 msgstr "目前在此指令中的管理者 PIN 驗證被禁止了\n"
 
-#: scd/app-openpgp.c:5386 scd/app-openpgp.c:5398
+#: scd/app-openpgp.c:6241 scd/app-openpgp.c:6252
 #, c-format
 msgid "can't access %s - invalid OpenPGP card?\n"
 msgstr "無法存取 %s - 無效的 OpenPGP 卡片?\n"
@@ -8405,59 +8484,63 @@ msgstr "||請在讀卡機鍵盤上輸入你的個人識別碼 (PIN)"
 #. TRANSLATORS: Do not translate the "|*|" prefixes but
 #. keep it at the start of the string.  We need this elsewhere
 #. to get some infos on the string.
-#: scd/app-dinsig.c:529
+#: scd/app-dinsig.c:531
 msgid "|N|Initial New PIN"
 msgstr "|N|開始新增個人識別碼 (PIN)"
 
-#: scd/scdaemon.c:120
+#: scd/scdaemon.c:118
 msgid "run in multi server mode (foreground)"
 msgstr "以多重伺服器模式執行 (前景)"
 
-#: scd/scdaemon.c:137 sm/gpgsm.c:268 dirmngr/dirmngr.c:202
+#: scd/scdaemon.c:135 sm/gpgsm.c:271 dirmngr/dirmngr.c:197
 msgid "|LEVEL|set the debugging level to LEVEL"
 msgstr "|等級|設定除錯等級為指定等級"
 
-#: scd/scdaemon.c:143
+#: scd/scdaemon.c:141
 msgid "|FILE|write a log to FILE"
 msgstr "|檔案|將日誌寫入至指定檔案"
 
-#: scd/scdaemon.c:150
+#: scd/scdaemon.c:148
 msgid "|N|connect to reader at port N"
 msgstr "|N|從 N 埠連線至讀卡機"
 
-#: scd/scdaemon.c:152
+#: scd/scdaemon.c:150
 msgid "|NAME|use NAME as ct-API driver"
 msgstr "|名稱|使用指定名稱做為 ct-API 驅動程式"
 
-#: scd/scdaemon.c:154
+#: scd/scdaemon.c:152
 msgid "|NAME|use NAME as PC/SC driver"
 msgstr "|名稱|使用指定名稱做為 PC/SC 驅動程式"
 
-#: scd/scdaemon.c:158
+#: scd/scdaemon.c:156
 msgid "do not use the internal CCID driver"
 msgstr "不要使用內部的 CCID 驅動程式"
 
-#: scd/scdaemon.c:164
+#: scd/scdaemon.c:162
 msgid "|N|disconnect the card after N seconds of inactivity"
 msgstr "|N|沒有活動達 N 秒後就與卡片斷線"
 
-#: scd/scdaemon.c:167
+#: scd/scdaemon.c:165
 msgid "do not use a reader's pinpad"
 msgstr "不要使用讀卡機鍵盤"
 
-#: scd/scdaemon.c:170
+#: scd/scdaemon.c:168
 msgid "use variable length input for pinpad"
 msgstr "輸入 PIN 時在輸入區顯示成變動長度"
 
+#: scd/scdaemon.c:171
+msgid "|LIST|change the application priority to LIST"
+msgstr ""
+
 #: scd/scdaemon.c:179
 msgid "deny the use of admin card commands"
 msgstr "禁用管理者卡片指令"
 
-#: scd/scdaemon.c:326
+#: scd/scdaemon.c:324
 msgid "Usage: @SCDAEMON@ [options] (-h for help)"
 msgstr "用法: @SCDAEMON@ [選項] (或用 -h 求助)"
 
-#: scd/scdaemon.c:328
+#: scd/scdaemon.c:326
 msgid ""
 "Syntax: scdaemon [options] [command [args]]\n"
 "Smartcard daemon for @GNUPG@\n"
@@ -8465,37 +8548,31 @@ msgstr ""
 "語法: scdaemon [選項] [指令 [引數]]\n"
 "@GNUPG@ 智慧卡服務\n"
 
-#: scd/scdaemon.c:822
+#: scd/scdaemon.c:807
 #, c-format
 msgid "please use the option '--daemon' to run the program in the background\n"
 msgstr "請使用 '--daemon' 選項來將此程式執行於背景\n"
 
-#: scd/scdaemon.c:1199 dirmngr/dirmngr.c:2178
+#: scd/scdaemon.c:1183 dirmngr/dirmngr.c:2077
 #, c-format
 msgid "handler for fd %d started\n"
 msgstr "用於 fd %d 的經手程式已啟動\n"
 
-#: scd/scdaemon.c:1211 dirmngr/dirmngr.c:2186
+#: scd/scdaemon.c:1195 dirmngr/dirmngr.c:2085
 #, c-format
 msgid "handler for fd %d terminated\n"
 msgstr "用於 fd %d 的經手程式已終止\n"
 
-#: sm/call-agent.c:1053 sm/certlist.c:134 sm/keylist.c:285
-#: dirmngr/validate.c:1228
-#, c-format
-msgid "error getting key usage information: %s\n"
-msgstr "取得金鑰用途資訊時出錯: %s\n"
-
 #: sm/certchain.c:198
 #, c-format
 msgid "validation model requested by certificate: %s"
 msgstr "憑證所要求的驗證模型: %s"
 
-#: sm/certchain.c:199 sm/certchain.c:2164
+#: sm/certchain.c:199 sm/certchain.c:2172
 msgid "chain"
 msgstr "chain"
 
-#: sm/certchain.c:200 sm/certchain.c:2164
+#: sm/certchain.c:200 sm/certchain.c:2172
 msgid "shell"
 msgstr "shell"
 
@@ -8528,7 +8605,7 @@ msgstr "請注意: 不允許非關鍵的憑證原則"
 msgid "certificate policy not allowed"
 msgstr "未允許憑證原則"
 
-#: sm/certchain.c:595 sm/keydb.c:1084 sm/keydb.c:1171
+#: sm/certchain.c:595 sm/keydb.c:1891 sm/keydb.c:1980
 #, c-format
 msgid "failed to get the fingerprint\n"
 msgstr "取得指紋失敗\n"
@@ -8543,7 +8620,7 @@ msgstr "從外部位置尋找發行者\n"
 msgid "number of issuers matching: %d\n"
 msgstr "吻合的發行者數量: %d\n"
 
-#: sm/certchain.c:723 dirmngr/ocsp.c:685
+#: sm/certchain.c:723 dirmngr/ocsp.c:682
 #, c-format
 msgid "can't get authorityInfoAccess: %s\n"
 msgstr "無法取得 authorityInfoAccess: %s\n"
@@ -8563,231 +8640,231 @@ msgstr "吻合的憑證數量: %d\n"
 msgid "dirmngr cache-only key lookup failed: %s\n"
 msgstr "尋找限於 dirmngr 快取的金鑰時失敗: %s\n"
 
-#: sm/certchain.c:1041 sm/certchain.c:1554 sm/certchain.c:2192 sm/decrypt.c:728
-#: sm/encrypt.c:345 sm/import.c:415 sm/keydb.c:1091 sm/keydb.c:1178
-#: sm/sign.c:337 sm/verify.c:118
+#: sm/certchain.c:1046 sm/certchain.c:1561 sm/certchain.c:2200 sm/decrypt.c:643
+#: sm/encrypt.c:620 sm/import.c:414 sm/keydb.c:1898 sm/keydb.c:1987
+#: sm/sign.c:428 sm/verify.c:117
 #, c-format
 msgid "failed to allocate keyDB handle\n"
 msgstr "配置 keyDB 代號失敗\n"
 
-#: sm/certchain.c:1225
+#: sm/certchain.c:1232
 msgid "certificate has been revoked"
 msgstr "憑證已撤銷"
 
-#: sm/certchain.c:1240
+#: sm/certchain.c:1247
 msgid "the status of the certificate is unknown"
 msgstr "憑證的狀態未知"
 
-#: sm/certchain.c:1247
+#: sm/certchain.c:1254
 #, c-format
 msgid "please make sure that the \"dirmngr\" is properly installed\n"
 msgstr "請確認 \"dirmngr\" 已安裝妥善\n"
 
-#: sm/certchain.c:1253
+#: sm/certchain.c:1260
 #, c-format
 msgid "checking the CRL failed: %s"
 msgstr "檢查 CRL 時失敗: %s"
 
-#: sm/certchain.c:1282 sm/certchain.c:1350 dirmngr/validate.c:497
+#: sm/certchain.c:1289 sm/certchain.c:1357 dirmngr/validate.c:497
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "有效性無效的憑證: %s"
 
-#: sm/certchain.c:1297 sm/certchain.c:1382 dirmngr/validate.c:515
+#: sm/certchain.c:1304 sm/certchain.c:1389 dirmngr/validate.c:515
 #, c-format
 msgid "certificate not yet valid"
 msgstr "憑證尚未生效"
 
-#: sm/certchain.c:1298 sm/certchain.c:1383
+#: sm/certchain.c:1305 sm/certchain.c:1390
 msgid "root certificate not yet valid"
 msgstr "根憑證尚未生效"
 
-#: sm/certchain.c:1299 sm/certchain.c:1384
+#: sm/certchain.c:1306 sm/certchain.c:1391
 msgid "intermediate certificate not yet valid"
 msgstr "媒介憑證尚未生效"
 
-#: sm/certchain.c:1312 dirmngr/validate.c:526
+#: sm/certchain.c:1319 dirmngr/validate.c:526
 #, c-format
 msgid "certificate has expired"
 msgstr "憑證已過期"
 
-#: sm/certchain.c:1313
+#: sm/certchain.c:1320
 msgid "root certificate has expired"
 msgstr "根憑證已過期"
 
-#: sm/certchain.c:1314
+#: sm/certchain.c:1321
 msgid "intermediate certificate has expired"
 msgstr "媒介憑證已過期"
 
-#: sm/certchain.c:1356
+#: sm/certchain.c:1363
 #, c-format
 msgid "required certificate attributes missing: %s%s%s"
 msgstr "遺失所需的憑證屬性: %s%s%s"
 
-#: sm/certchain.c:1365
+#: sm/certchain.c:1372
 msgid "certificate with invalid validity"
 msgstr "有效性無效的憑證"
 
-#: sm/certchain.c:1402
+#: sm/certchain.c:1409
 msgid "signature not created during lifetime of certificate"
 msgstr "簽章並非在憑證生存時間內所造"
 
-#: sm/certchain.c:1404
+#: sm/certchain.c:1411
 msgid "certificate not created during lifetime of issuer"
 msgstr "憑證並非在發行者生存時間內所造"
 
-#: sm/certchain.c:1405
+#: sm/certchain.c:1412
 msgid "intermediate certificate not created during lifetime of issuer"
 msgstr "媒介憑證並非在發行者生存時間內所造"
 
-#: sm/certchain.c:1409
+#: sm/certchain.c:1416
 #, c-format
 msgid "  (  signature created at "
 msgstr "  (            簽章建立於 "
 
-#: sm/certchain.c:1410
+#: sm/certchain.c:1417
 #, c-format
 msgid "  (certificate created at "
 msgstr "  (            憑證建立於 "
 
-#: sm/certchain.c:1413
+#: sm/certchain.c:1420
 #, c-format
 msgid "  (certificate valid from "
 msgstr "  (憑證有效自 "
 
-#: sm/certchain.c:1414
+#: sm/certchain.c:1421
 #, c-format
 msgid "  (     issuer valid from "
 msgstr "  (        發行者有效自 "
 
-#: sm/certchain.c:1444 dirmngr/validate.c:577
+#: sm/certchain.c:1451 dirmngr/validate.c:577
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "指紋=%s\n"
 
-#: sm/certchain.c:1453
+#: sm/certchain.c:1460
 #, c-format
 msgid "root certificate has now been marked as trusted\n"
 msgstr "根憑證現在已標記為已信任\n"
 
-#: sm/certchain.c:1466
+#: sm/certchain.c:1473
 #, c-format
 msgid "interactive marking as trusted not enabled in gpg-agent\n"
 msgstr "在 gpg-agent 中未啟用互動式標記為已信任\n"
 
-#: sm/certchain.c:1472
+#: sm/certchain.c:1479
 #, c-format
 msgid "interactive marking as trusted disabled for this session\n"
 msgstr "互動式標記為已信任在此作業階段中已停用\n"
 
-#: sm/certchain.c:1531
+#: sm/certchain.c:1538
 msgid "WARNING: creation time of signature not known - assuming current time"
 msgstr "警告: 簽章創造時間未知 - 假設為此刻"
 
-#: sm/certchain.c:1595
+#: sm/certchain.c:1602
 msgid "no issuer found in certificate"
 msgstr "憑證中找不到發行者"
 
-#: sm/certchain.c:1673
+#: sm/certchain.c:1680
 msgid "self-signed certificate has a BAD signature"
 msgstr "自簽憑證有 不良 簽章"
 
-#: sm/certchain.c:1742 dirmngr/validate.c:575
+#: sm/certchain.c:1749 dirmngr/validate.c:575
 #, c-format
 msgid "root certificate is not marked trusted"
 msgstr "根憑證未標記為已信任"
 
-#: sm/certchain.c:1758
+#: sm/certchain.c:1765
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "檢查信任清單時失敗: %s\n"
 
-#: sm/certchain.c:1789 sm/import.c:176 sm/keylist.c:1396 dirmngr/validate.c:630
+#: sm/certchain.c:1796 sm/import.c:175 dirmngr/validate.c:630
 #, c-format
 msgid "certificate chain too long\n"
 msgstr "憑證鏈太長\n"
 
-#: sm/certchain.c:1801 dirmngr/validate.c:642
+#: sm/certchain.c:1808 dirmngr/validate.c:642
 #, c-format
 msgid "issuer certificate not found"
 msgstr "找不到發行者憑證"
 
-#: sm/certchain.c:1834 dirmngr/validate.c:668
+#: sm/certchain.c:1842 dirmngr/validate.c:668
 #, c-format
 msgid "certificate has a BAD signature"
 msgstr "憑證有 不良 簽章"
 
-#: sm/certchain.c:1866 dirmngr/validate.c:692
+#: sm/certchain.c:1874 dirmngr/validate.c:692
 msgid "found another possible matching CA certificate - trying again"
 msgstr "找到了另一個可能吻合的 CA 憑證 - 正再試一次"
 
-#: sm/certchain.c:1925 dirmngr/validate.c:717
+#: sm/certchain.c:1933 dirmngr/validate.c:717
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "憑證鏈比 CA 所允許的 (%d) 還長"
 
-#: sm/certchain.c:1967 sm/certchain.c:2263 dirmngr/validate.c:747
+#: sm/certchain.c:1975 sm/certchain.c:2275 dirmngr/validate.c:747
 #, c-format
 msgid "certificate is good\n"
 msgstr "憑證完好\n"
 
-#: sm/certchain.c:1968
+#: sm/certchain.c:1976
 #, c-format
 msgid "intermediate certificate is good\n"
 msgstr "媒介憑證良好\n"
 
-#: sm/certchain.c:1969
+#: sm/certchain.c:1977
 #, c-format
 msgid "root certificate is good\n"
 msgstr "根憑證完好\n"
 
-#: sm/certchain.c:2151
+#: sm/certchain.c:2159
 msgid "switching to chain model"
 msgstr "切換至鏈模型"
 
-#: sm/certchain.c:2160
+#: sm/certchain.c:2168
 #, c-format
 msgid "validation model used: %s"
 msgstr "已使用的驗證模型: %s"
 
-#: sm/certcheck.c:110
+#: sm/certcheck.c:113
 #, c-format
 msgid "a %u bit hash is not valid for a %u bit %s key\n"
 msgstr "%u 位元的雜湊對 %u 位元的 %s 金鑰來說是無效的\n"
 
-#: sm/certcheck.c:238 sm/certcheck.c:262 dirmngr/crlcache.c:1542
-#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1453 dirmngr/validate.c:903
+#: sm/certcheck.c:239 sm/certcheck.c:263 dirmngr/crlcache.c:1542
+#: dirmngr/crlcache.c:1566 dirmngr/dirmngr.c:1363 dirmngr/validate.c:903
 #: dirmngr/validate.c:927
 #, c-format
 msgid "out of core\n"
 msgstr "超出核心\n"
 
-#: sm/certcheck.c:370 sm/verify.c:213
+#: sm/certcheck.c:389 sm/verify.c:212
 #, c-format
 msgid "(this is the MD2 algorithm)\n"
 msgstr "(這是 MD2 演算法)\n"
 
-#: sm/certdump.c:60 sm/certdump.c:92 sm/certdump.c:222 dirmngr/ocsp.c:796
+#: sm/certdump.c:81 sm/certdump.c:109 sm/certdump.c:232 dirmngr/ocsp.c:793
 msgid "none"
 msgstr "無"
 
-#: sm/certdump.c:631 sm/certdump.c:696
+#: sm/certdump.c:641 sm/certdump.c:706
 msgid "[Error - invalid encoding]"
 msgstr "[錯誤 - 無效的編碼]"
 
-#: sm/certdump.c:639
+#: sm/certdump.c:649
 msgid "[Error - out of core]"
 msgstr "[錯誤 - 超出核心]"
 
-#: sm/certdump.c:675
+#: sm/certdump.c:685
 msgid "[Error - No name]"
 msgstr "[錯誤 - 沒有名稱]"
 
-#: sm/certdump.c:702
+#: sm/certdump.c:712
 msgid "[Error - invalid DN]"
 msgstr "[錯誤 - 無效的 DN]"
 
-#: sm/certdump.c:915
+#: sm/certdump.c:926
 #, c-format
 msgid ""
 "Please enter the passphrase to unlock the secret key for the X.509 "
@@ -8801,176 +8878,187 @@ msgstr ""
 "S/N %s, ID 0x%08lX,\n"
 "建立於 %s, 於 %s 到期.\n"
 
-#: sm/certlist.c:124 dirmngr/validate.c:1218
+#: sm/certlist.c:121 dirmngr/validate.c:1218
 #, c-format
 msgid "no key usage specified - assuming all usages\n"
 msgstr "沒有指定的金鑰用途 - 假設為所有的用途\n"
 
-#: sm/certlist.c:145 dirmngr/validate.c:1259
+#: sm/certlist.c:131 sm/keylist.c:329 dirmngr/validate.c:1228
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "取得金鑰用途資訊時出錯: %s\n"
+
+#: sm/certlist.c:142 dirmngr/validate.c:1259
 #, c-format
 msgid "certificate should not have been used for certification\n"
 msgstr "憑證應該還未被用於憑證\n"
 
-#: sm/certlist.c:158 dirmngr/validate.c:1269
+#: sm/certlist.c:155 dirmngr/validate.c:1269
 #, c-format
 msgid "certificate should not have been used for OCSP response signing\n"
 msgstr "憑證應該還未被用於 OCSP 回應簽署\n"
 
-#: sm/certlist.c:174 dirmngr/validate.c:1252
+#: sm/certlist.c:168 dirmngr/validate.c:1252
 #, c-format
 msgid "certificate should not have been used for encryption\n"
 msgstr "憑證應該還未被用於加密\n"
 
-#: sm/certlist.c:175 dirmngr/validate.c:1242
+#: sm/certlist.c:169 dirmngr/validate.c:1242
 #, c-format
 msgid "certificate should not have been used for signing\n"
 msgstr "憑證應該還未被用於簽署\n"
 
-#: sm/certlist.c:176 dirmngr/validate.c:1253
+#: sm/certlist.c:170 dirmngr/validate.c:1253
 #, c-format
 msgid "certificate is not usable for encryption\n"
 msgstr "憑證無法用於加密\n"
 
-#: sm/certlist.c:177 dirmngr/validate.c:1243
+#: sm/certlist.c:171 dirmngr/validate.c:1243
 #, c-format
 msgid "certificate is not usable for signing\n"
 msgstr "憑證無法用於簽署\n"
 
-#: sm/certreqgen.c:465
+#: sm/certlist.c:361
+#, fuzzy, c-format
+#| msgid "lookup a certificate"
+msgid "looking for another certificate\n"
+msgstr "查找憑證"
+
+#: sm/certreqgen.c:468 sm/certreqgen.c:753
 #, c-format
 msgid "line %d: invalid algorithm\n"
 msgstr "第 %d 列: 無效的演算法\n"
 
-#: sm/certreqgen.c:481
+#: sm/certreqgen.c:484
 #, c-format
 msgid "line %d: invalid key length %u (valid are %d to %d)\n"
 msgstr "第 %d 列: 金鑰長度 %u 無效 (有效範圍是從 %d 至 %d)\n"
 
-#: sm/certreqgen.c:499
+#: sm/certreqgen.c:502
 #, c-format
 msgid "line %d: no subject name given\n"
 msgstr "第 %d 列: 沒有給定的物件名稱\n"
 
-#: sm/certreqgen.c:508
+#: sm/certreqgen.c:511
 #, c-format
 msgid "line %d: invalid subject name label '%.*s'\n"
 msgstr "第 %d 列: 無效的主旨名稱標籤 '%.*s'\n"
 
-#: sm/certreqgen.c:511
+#: sm/certreqgen.c:514
 #, c-format
 msgid "line %d: invalid subject name '%s' at pos %d\n"
 msgstr "第 %d 列: 無效的主旨名稱 '%s'  於第 %d 位置\n"
 
-#: sm/certreqgen.c:528
+#: sm/certreqgen.c:531
 #, c-format
 msgid "line %d: not a valid email address\n"
 msgstr "第 %d 列: 不是有效的電子郵件地址\n"
 
-#: sm/certreqgen.c:547
+#: sm/certreqgen.c:550
 #, c-format
 msgid "line %d: invalid serial number\n"
 msgstr "第 %d 列: 無效的序號\n"
 
-#: sm/certreqgen.c:563
+#: sm/certreqgen.c:566
 #, c-format
 msgid "line %d: invalid issuer name label '%.*s'\n"
 msgstr "第 %d 列: 無效的發行者名稱標籤 '%.*s'\n"
 
-#: sm/certreqgen.c:566
+#: sm/certreqgen.c:569
 #, c-format
 msgid "line %d: invalid issuer name '%s' at pos %d\n"
 msgstr "第 %d 列: 無效的發行者名稱 '%s'  於第 %d 位置\n"
 
-#: sm/certreqgen.c:578 sm/certreqgen.c:589
+#: sm/certreqgen.c:581 sm/certreqgen.c:592
 #, c-format
 msgid "line %d: invalid date given\n"
 msgstr "第 %d 列: 無效的給定日期\n"
 
-#: sm/certreqgen.c:602
+#: sm/certreqgen.c:605
 #, c-format
 msgid "line %d: error getting signing key by keygrip '%s': %s\n"
 msgstr "第 %d 列: 以金鑰鑰柄 '%s' 取得簽署金鑰時出錯: %s\n"
 
-#: sm/certreqgen.c:621
+#: sm/certreqgen.c:624
 #, c-format
 msgid "line %d: invalid hash algorithm given\n"
 msgstr "第 %d 列: 無效的給定雜湊演算法\n"
 
-#: sm/certreqgen.c:636
+#: sm/certreqgen.c:639
 #, c-format
 msgid "line %d: invalid authority-key-id\n"
 msgstr "第 %d 列: 無效的 authority-key-id\n"
 
-#: sm/certreqgen.c:651
+#: sm/certreqgen.c:654
 #, c-format
 msgid "line %d: invalid subject-key-id\n"
 msgstr "第 %d 列: 無效的 subject-key-id\n"
 
-#: sm/certreqgen.c:689
+#: sm/certreqgen.c:692
 #, c-format
 msgid "line %d: invalid extension syntax\n"
 msgstr "第 %d 列: 無效的擴充語法\n"
 
-#: sm/certreqgen.c:702
+#: sm/certreqgen.c:705
 #, c-format
 msgid "line %d: error reading key '%s' from card: %s\n"
 msgstr "第 %d 列: 從卡片讀取金鑰 '%s' 時出錯: %s\n"
 
-#: sm/certreqgen.c:715
+#: sm/certreqgen.c:718
 #, c-format
 msgid "line %d: error getting key by keygrip '%s': %s\n"
 msgstr "第 %d 列: 以金鑰鑰柄 '%s' 取得金鑰時出錯: %s\n"
 
-#: sm/certreqgen.c:732
+#: sm/certreqgen.c:762
 #, c-format
 msgid "line %d: key generation failed: %s <%s>\n"
 msgstr "第 %d 列: 金鑰產生失敗: %s <%s>\n"
 
-#: sm/certreqgen.c:1331
+#: sm/certreqgen.c:1498
 msgid ""
 "To complete this certificate request please enter the passphrase for the key "
 "you just created once more.\n"
 msgstr "如欲完成此憑證請求, 請再輸入一次你剛才建立的金鑰密語.\n"
 
-#: sm/certreqgen-ui.c:159
+#: sm/certreqgen-ui.c:160
 #, c-format
 msgid "   (%d) Existing key\n"
 msgstr "   (%d) 現有的金鑰\n"
 
-#: sm/certreqgen-ui.c:160
+#: sm/certreqgen-ui.c:161
 #, c-format
 msgid "   (%d) Existing key from card\n"
 msgstr "   (%d) 卡片上現存的金鑰\n"
 
-#: sm/certreqgen-ui.c:318
+#: sm/certreqgen-ui.c:319
 #, c-format
 msgid "Possible actions for a %s key:\n"
 msgstr "%s 金鑰可能的動作:\n"
 
-#: sm/certreqgen-ui.c:319
+#: sm/certreqgen-ui.c:320
 #, c-format
 msgid "   (%d) sign, encrypt\n"
 msgstr "   (%d) 簽署, 加密\n"
 
-#: sm/certreqgen-ui.c:320
+#: sm/certreqgen-ui.c:321
 #, c-format
 msgid "   (%d) sign\n"
 msgstr "   (%d) 簽署\n"
 
-#: sm/certreqgen-ui.c:321
+#: sm/certreqgen-ui.c:322
 #, c-format
 msgid "   (%d) encrypt\n"
 msgstr "   (%d) 加密\n"
 
-#: sm/certreqgen-ui.c:345
+#: sm/certreqgen-ui.c:346
 msgid "Enter the X.509 subject name: "
 msgstr "請輸入 X.509 主旨名稱: "
 
-#: sm/certreqgen-ui.c:349
+#: sm/certreqgen-ui.c:350
 msgid "No subject name given\n"
 msgstr "沒有給定的物件名稱\n"
 
-#: sm/certreqgen-ui.c:353
+#: sm/certreqgen-ui.c:354
 #, c-format
 msgid "Invalid subject name label '%.*s'\n"
 msgstr "無效的主旨名稱標籤 '%.*s'\n"
@@ -8980,242 +9068,235 @@ msgstr "無效的主旨名稱標籤 '%.*s'\n"
 #. adjust it do the length of your translation.  The
 #. second string is merely passed to atoi so you can
 #. drop everything after the number.
-#: sm/certreqgen-ui.c:362
+#: sm/certreqgen-ui.c:363
 #, c-format
 msgid "Invalid subject name '%s'\n"
 msgstr "無效的主旨名稱 '%s'\n"
 
-#: sm/certreqgen-ui.c:364
+#: sm/certreqgen-ui.c:365
 msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
 msgstr "16"
 
-#: sm/certreqgen-ui.c:376
+#: sm/certreqgen-ui.c:377
 msgid "Enter email addresses"
 msgstr "請輸入電子郵件地址"
 
-#: sm/certreqgen-ui.c:377
+#: sm/certreqgen-ui.c:378
 msgid " (end with an empty line):\n"
 msgstr " (以空白列結束):\n"
 
-#: sm/certreqgen-ui.c:381
+#: sm/certreqgen-ui.c:382
 msgid "Enter DNS names"
 msgstr "請輸入 DNS 名稱"
 
-#: sm/certreqgen-ui.c:382 sm/certreqgen-ui.c:387
+#: sm/certreqgen-ui.c:383 sm/certreqgen-ui.c:388
 msgid " (optional; end with an empty line):\n"
 msgstr " (非必要; 以空白列結束):\n"
 
-#: sm/certreqgen-ui.c:386
+#: sm/certreqgen-ui.c:387
 msgid "Enter URIs"
 msgstr "請輸入 URI"
 
-#: sm/certreqgen-ui.c:393
+#: sm/certreqgen-ui.c:394
 msgid "Create self-signed certificate? (y/N) "
 msgstr "要建立自簽憑證嗎? (y/N) "
 
-#: sm/certreqgen-ui.c:420
+#: sm/certreqgen-ui.c:421
 msgid "These parameters are used:\n"
 msgstr "採用下列這些參數:\n"
 
-#: sm/certreqgen-ui.c:432
-#, c-format
-msgid "error creating temporary file: %s\n"
-msgstr "建立暫存檔時出錯: %s\n"
-
-#: sm/certreqgen-ui.c:438
+#: sm/certreqgen-ui.c:439
 msgid "Now creating self-signed certificate.  "
 msgstr "現在正在建立自簽憑證.  "
 
-#: sm/certreqgen-ui.c:440
+#: sm/certreqgen-ui.c:441
 msgid "Now creating certificate request.  "
 msgstr "現在正在建立憑證請求.  "
 
-#: sm/certreqgen-ui.c:441
+#: sm/certreqgen-ui.c:442
 msgid "This may take a while ...\n"
 msgstr "這可能會花點時間 ...\n"
 
-#: sm/certreqgen-ui.c:452
+#: sm/certreqgen-ui.c:453
 msgid "Ready.\n"
 msgstr "準備妥當.\n"
 
-#: sm/certreqgen-ui.c:455
+#: sm/certreqgen-ui.c:456
 msgid "Ready.  You should now send this request to your CA.\n"
 msgstr "準備好了.  你現在就該把此請求送到你的 CA.\n"
 
-#: sm/certreqgen-ui.c:461
+#: sm/certreqgen-ui.c:462
 #, c-format
 msgid "resource problem: out of core\n"
 msgstr "資源問題: 超出核心\n"
 
-#: sm/decrypt.c:536
-#, fuzzy, c-format
-#| msgid "%s encrypted data\n"
-msgid "%s.%s encrypted data\n"
-msgstr "%s 已加密的資料\n"
-
-#: sm/decrypt.c:803
+#: sm/decrypt.c:719
 #, c-format
 msgid "(this is the RC2 algorithm)\n"
 msgstr "(這是 RC2 演算法)\n"
 
-#: sm/decrypt.c:805
+#: sm/decrypt.c:721
 #, c-format
 msgid "(this does not seem to be an encrypted message)\n"
 msgstr "(這看起來不像是個加密過的訊息)\n"
 
-#: sm/decrypt.c:958
+#: sm/decrypt.c:868
 #, fuzzy, c-format
 #| msgid "encrypted with %s key, ID %s\n"
 msgid "encrypted to %s key %s\n"
 msgstr "已用 %s 金鑰, ID %s 所加密\n"
 
-#: sm/delete.c:51 sm/delete.c:112
+#: sm/delete.c:50 sm/delete.c:109
 #, c-format
 msgid "certificate '%s' not found: %s\n"
 msgstr "找不到憑證 '%s': %s\n"
 
-#: sm/delete.c:122 sm/keydb.c:1189 sm/keydb.c:1288
+#: sm/delete.c:120 sm/keydb.c:1999 sm/keydb.c:2098
 #, c-format
 msgid "error locking keybox: %s\n"
 msgstr "鎖住金鑰鑰匙盒時出錯: %s\n"
 
-#: sm/delete.c:143
+#: sm/delete.c:141
 #, c-format
 msgid "duplicated certificate '%s' deleted\n"
 msgstr "重複的憑證 '%s' 已刪除\n"
 
-#: sm/delete.c:145
+#: sm/delete.c:143
 #, c-format
 msgid "certificate '%s' deleted\n"
 msgstr "憑證 '%s' 已刪除\n"
 
-#: sm/delete.c:175
+#: sm/delete.c:173
 #, c-format
 msgid "deleting certificate \"%s\" failed: %s\n"
 msgstr "刪除憑證 \"%s\" 時失敗: %s\n"
 
-#: sm/encrypt.c:331
+#: sm/encrypt.c:606
 #, c-format
 msgid "no valid recipients given\n"
 msgstr "沒有給定有效的收件者\n"
 
-#: sm/gpgsm.c:221
+#: sm/gpgsm.c:224
 msgid "list external keys"
 msgstr "列出外部金鑰"
 
-#: sm/gpgsm.c:223
+#: sm/gpgsm.c:226
 msgid "list certificate chain"
 msgstr "列出憑證鏈"
 
-#: sm/gpgsm.c:231
+#: sm/gpgsm.c:234
 msgid "import certificates"
 msgstr "匯入憑證"
 
-#: sm/gpgsm.c:232
+#: sm/gpgsm.c:235
 msgid "export certificates"
 msgstr "匯出憑證"
 
-#: sm/gpgsm.c:240
+#: sm/gpgsm.c:243
 msgid "register a smartcard"
 msgstr "註冊智慧卡"
 
-#: sm/gpgsm.c:243
+#: sm/gpgsm.c:246
 msgid "pass a command to the dirmngr"
 msgstr "將指令遞送給 dirmngr"
 
-#: sm/gpgsm.c:245
+#: sm/gpgsm.c:248
 msgid "invoke gpg-protect-tool"
 msgstr "叫用 gpg-protect-tool"
 
-#: sm/gpgsm.c:264
+#: sm/gpgsm.c:267
 msgid "don't use the terminal at all"
 msgstr "完全不要使用終端機"
 
-#: sm/gpgsm.c:290
+#: sm/gpgsm.c:294
 msgid "|N|number of certificates to include"
 msgstr "|N|要包含的憑證數量"
 
-#: sm/gpgsm.c:292
+#: sm/gpgsm.c:296
 msgid "|FILE|take policy information from FILE"
 msgstr "|檔案|從指定檔案中取得原則資訊"
 
-#: sm/gpgsm.c:307
+#: sm/gpgsm.c:310
 msgid "assume input is in PEM format"
 msgstr "假設輸入的是 PEM 格式"
 
-#: sm/gpgsm.c:309
+#: sm/gpgsm.c:312
 msgid "assume input is in base-64 format"
 msgstr "假設輸入的是 base-64 格式"
 
-#: sm/gpgsm.c:311
+#: sm/gpgsm.c:314
 msgid "assume input is in binary format"
 msgstr "假設輸入的是二進制格式"
 
-#: sm/gpgsm.c:320
+#: sm/gpgsm.c:323
 msgid "create base-64 encoded output"
 msgstr "建立以 base-64 編碼過的輸出"
 
-#: sm/gpgsm.c:330
+#: sm/gpgsm.c:335
 msgid "|USER-ID|use USER-ID as default secret key"
 msgstr "|使用者-ID|使用指定使用者 ID 做為預設私鑰"
 
-#: sm/gpgsm.c:341
+#: sm/gpgsm.c:346
 msgid "|FILE|add keyring to the list of keyrings"
 msgstr "|檔案|將此金鑰鑰匙圈加到指定金鑰鑰匙圈清單檔案中"
 
-#: sm/gpgsm.c:352
+#: sm/gpgsm.c:349
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|使用此金鑰伺服器來查找金鑰"
+
+#: sm/gpgsm.c:359
 msgid "fetch missing issuer certificates"
 msgstr "取回遺失的發行者憑證"
 
-#: sm/gpgsm.c:354
+#: sm/gpgsm.c:361
 msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
 msgstr "|名稱|將指定名稱的編碼用於 PKCS#12 密語"
 
-#: sm/gpgsm.c:372
+#: sm/gpgsm.c:382
 msgid "never consult a CRL"
 msgstr "永遠不要查閱 CRL"
 
-#: sm/gpgsm.c:376
+#: sm/gpgsm.c:386
 msgid "do not check CRLs for root certificates"
 msgstr "不要為根憑證檢查 CRL"
 
-#: sm/gpgsm.c:380
+#: sm/gpgsm.c:390
 msgid "check validity using OCSP"
 msgstr "用 OCSP 檢查有效性"
 
-#: sm/gpgsm.c:382
+#: sm/gpgsm.c:392
 msgid "do not check certificate policies"
 msgstr "不要檢查憑證原則"
 
-#: sm/gpgsm.c:385
+#: sm/gpgsm.c:395
 msgid "|NAME|use cipher algorithm NAME"
 msgstr "|名稱|使用指定名稱的編密演算法"
 
-#: sm/gpgsm.c:387
+#: sm/gpgsm.c:397
 msgid "|NAME|use message digest algorithm NAME"
 msgstr "|名稱|使用指定名稱的訊息摘要演算法"
 
-#: sm/gpgsm.c:398
+#: sm/gpgsm.c:407
 msgid "batch mode: never ask"
 msgstr "批次模式: 永遠不詢問"
 
-#: sm/gpgsm.c:400
+#: sm/gpgsm.c:409
 msgid "assume yes on most questions"
 msgstr "假設大部分的問題都回答是"
 
-#: sm/gpgsm.c:401
+#: sm/gpgsm.c:410
 msgid "assume no on most questions"
 msgstr "假設大部分的問題都回答否"
 
-#: sm/gpgsm.c:418
+#: sm/gpgsm.c:427
 msgid "|FILE|write an audit log to FILE"
 msgstr "|檔案|將稽核日誌寫入至指定檔案"
 
-#: sm/gpgsm.c:603
+#: sm/gpgsm.c:612
 msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
 msgstr "用法: @GPGSM@ [選項] [檔案] (或用 -h 求助)"
 
-#: sm/gpgsm.c:606
+#: sm/gpgsm.c:615
 msgid ""
 "Syntax: @GPGSM@ [options] [files]\n"
 "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -9225,87 +9306,124 @@ msgstr ""
 "用 S/MIME 協定來簽署, 檢查, 加密, 解密\n"
 "預設的操作會依輸入資料而定\n"
 
-#: sm/gpgsm.c:814
+#: sm/gpgsm.c:823
 #, c-format
 msgid "Note: won't be able to encrypt to '%s': %s\n"
 msgstr "請注意: 將無法加密為 '%s': %s\n"
 
-#: sm/gpgsm.c:825
+#: sm/gpgsm.c:834
 #, c-format
 msgid "unknown validation model '%s'\n"
 msgstr "未知的驗證模型 '%s'\n"
 
-#: sm/gpgsm.c:1666
+#: sm/gpgsm.c:893 dirmngr/ldapserver.c:89
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: 沒有給定主機名稱\n"
+
+#: sm/gpgsm.c:912 dirmngr/ldapserver.c:108
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: 給定的密碼沒有使用者\n"
+
+#: sm/gpgsm.c:943 dirmngr/ldapserver.c:139
+#, c-format
+msgid "%s:%u: ignoring unknown flag '%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:959 dirmngr/ldapserver.c:155
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: 正在跳過這一列\n"
+
+#: sm/gpgsm.c:1545
+#, c-format
+msgid "could not parse keyserver\n"
+msgstr "無法剖析金鑰伺服器\n"
+
+#: sm/gpgsm.c:1825
 #, c-format
 msgid "importing common certificates '%s'\n"
 msgstr "正在匯入通用憑證 '%s'\n"
 
-#: sm/gpgsm.c:1709
+#: sm/gpgsm.c:1871
 #, c-format
 msgid "can't sign using '%s': %s\n"
 msgstr "無法用 '%s' 來簽署: %s\n"
 
-#: sm/gpgsm.c:2063
+#: sm/gpgsm.c:2231
 #, c-format
 msgid "invalid command (there is no implicit command)\n"
 msgstr "無效的指令 (沒有這樣的指令)\n"
 
-#: sm/import.c:127
+#: sm/import.c:126
 #, c-format
 msgid "total number processed: %lu\n"
 msgstr "處理總量: %lu\n"
 
-#: sm/import.c:246
+#: sm/import.c:245
 #, c-format
 msgid "error storing certificate\n"
 msgstr "存放憑證時出錯\n"
 
-#: sm/import.c:254
+#: sm/import.c:253
 #, c-format
 msgid "basic certificate checks failed - not imported\n"
 msgstr "基本的憑證檢查失敗了 - 未匯入\n"
 
-#: sm/import.c:472 sm/keydb.c:1209 sm/keydb.c:1300
+#: sm/import.c:471 sm/keydb.c:2018 sm/keydb.c:2111
 #, c-format
 msgid "error getting stored flags: %s\n"
 msgstr "取得已存放的旗標時出錯: %s\n"
 
-#: sm/import.c:531 sm/import.c:563
+#: sm/import.c:530 sm/import.c:562
 #, c-format
 msgid "error importing certificate: %s\n"
 msgstr "匯入憑證時出錯: %s\n"
 
-#: sm/import.c:751 tools/gpg-connect-agent.c:1440
+#: sm/import.c:751 tools/gpg-connect-agent.c:1475
 #, c-format
 msgid "error reading input: %s\n"
 msgstr "讀取輸入時出錯: %s\n"
 
-#: sm/keydb.c:1127
+#: sm/keydb.c:503
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keyboxd running in this session\n"
+msgstr "在此階段中沒有執行中的 gpg-agent\n"
+
+#: sm/keydb.c:595
+#, fuzzy, c-format
+#| msgid "error opening '%s': %s\n"
+msgid "error opening key DB: %s\n"
+msgstr "開啟 '%s' 時出錯: %s\n"
+
+#: sm/keydb.c:1936
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
 msgstr "查找既有憑證的問題: %s\n"
 
-#: sm/keydb.c:1139
+#: sm/keydb.c:1948
 #, c-format
 msgid "error finding writable keyDB: %s\n"
 msgstr "尋找可寫入的 keyDB 時出錯: %s\n"
 
-#: sm/keydb.c:1147
+#: sm/keydb.c:1956
 #, c-format
 msgid "error storing certificate: %s\n"
 msgstr "存放憑證時出錯: %s\n"
 
-#: sm/keydb.c:1200
+#: sm/keydb.c:2009
 #, c-format
 msgid "problem re-searching certificate: %s\n"
 msgstr "重新搜尋憑證的問題: %s\n"
 
-#: sm/keydb.c:1221 sm/keydb.c:1311
+#: sm/keydb.c:2030 sm/keydb.c:2122
 #, c-format
 msgid "error storing flags: %s\n"
 msgstr "存放旗標時出錯: %s\n"
 
-#: sm/keylist.c:711
+#: sm/keylist.c:749
 msgid "Error - "
 msgstr "錯誤 - "
 
@@ -9314,17 +9432,17 @@ msgstr "錯誤 - "
 msgid "GPG_TTY has not been set - using maybe bogus default\n"
 msgstr "尚未設定 GPG_TTY - 使用可能是偽造的預設值\n"
 
-#: sm/qualified.c:105
+#: sm/qualified.c:104
 #, c-format
 msgid "invalid formatted fingerprint in '%s', line %d\n"
 msgstr "無效的格式化指紋於 '%s', 第 %d 列\n"
 
-#: sm/qualified.c:123
+#: sm/qualified.c:122
 #, c-format
 msgid "invalid country code in '%s', line %d\n"
 msgstr "無效的國家代碼於 '%s', 第 %d 列\n"
 
-#: sm/qualified.c:206
+#: sm/qualified.c:205
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9340,14 +9458,14 @@ msgstr ""
 "\n"
 "%s%s請問你是否真的確定要這樣做了?"
 
-#: sm/qualified.c:215 sm/verify.c:686
+#: sm/qualified.c:214 sm/verify.c:689
 #, c-format
 msgid ""
 "Note, that this software is not officially approved to create or verify such "
 "signatures.\n"
 msgstr "請注意, 本軟體並未正式被認可來建立或驗證這樣的簽章.\n"
 
-#: sm/qualified.c:282
+#: sm/qualified.c:281
 #, c-format
 msgid ""
 "You are about to create a signature using your certificate:\n"
@@ -9358,54 +9476,60 @@ msgstr ""
 "\"%s\"\n"
 "請注意, 這個憑證並 不會 建立出合格的簽章!"
 
-#: sm/sign.c:465
+#: sm/sign.c:583
 #, c-format
 msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
 msgstr "雜湊演算法 %d (%s) 為簽署者 %d 所用, 但並不支援; 改用 %s\n"
 
-#: sm/sign.c:508
+#: sm/sign.c:622
 #, c-format
 msgid "hash algorithm used for signer %d: %s (%s)\n"
 msgstr "簽署者 %d 所用的雜湊演算法: %s (%s)\n"
 
-#: sm/sign.c:560
+#: sm/sign.c:674
 #, c-format
 msgid "checking for qualified certificate failed: %s\n"
 msgstr "檢查合格憑證時失敗: %s\n"
 
-#: sm/verify.c:463
+#: sm/sign.c:912
+#, fuzzy, c-format
+#| msgid "Signature made %s using %s key ID %s\n"
+msgid "%s/%s signature using %s key %s\n"
+msgstr "由 %s 建立的簽章, 使用 %s 金鑰 ID %s\n"
+
+#: sm/verify.c:467
 #, c-format
 msgid "Signature made "
 msgstr "簽章建立於 "
 
-#: sm/verify.c:475
+#: sm/verify.c:479
 #, c-format
 msgid "[date not given]"
 msgstr "[   未給定日期  ]"
 
-#: sm/verify.c:479
+#: sm/verify.c:483
 #, fuzzy, c-format
 #| msgid "algorithm: %s"
 msgid "algorithm:"
 msgstr "演算法: %s"
 
-#: sm/verify.c:543
+#: sm/verify.c:540
 #, c-format
 msgid ""
 "invalid signature: message digest attribute does not match computed one\n"
 msgstr "無效的簽章: 訊息摘要屬性與計算而得的不吻合\n"
 
-#: sm/verify.c:664
+#: sm/verify.c:666
 #, c-format
 msgid "Good signature from"
 msgstr "完好的簽章來自於"
 
-#: sm/verify.c:665
+#: sm/verify.c:667
 #, c-format
 msgid "                aka"
 msgstr "                亦即"
 
-#: sm/verify.c:683
+#: sm/verify.c:686
 #, c-format
 msgid "This is a qualified signature\n"
 msgstr "這是一份合格簽章\n"
@@ -9430,101 +9554,101 @@ msgstr "無法取得憑證快取的寫入鎖定: %s\n"
 msgid "can't release lock on the certificate cache: %s\n"
 msgstr "無法釋放憑證快取鎖定: %s\n"
 
-#: dirmngr/certcache.c:313
+#: dirmngr/certcache.c:297
 #, c-format
 msgid "dropping %u certificates from the cache\n"
 msgstr "正在從快取中拋棄 %u 份憑證\n"
 
-#: dirmngr/certcache.c:439 dirmngr/certcache.c:531 dirmngr/certcache.c:643
+#: dirmngr/certcache.c:415 dirmngr/certcache.c:505 dirmngr/certcache.c:615
 #, c-format
 msgid "can't parse certificate '%s': %s\n"
 msgstr "無法剖析憑證 '%s': %s\n"
 
-#: dirmngr/certcache.c:447 dirmngr/certcache.c:538 dirmngr/certcache.c:654
+#: dirmngr/certcache.c:423 dirmngr/certcache.c:512 dirmngr/certcache.c:626
 #, c-format
 msgid "certificate '%s' already cached\n"
 msgstr "憑證 '%s' 已快取\n"
 
-#: dirmngr/certcache.c:454 dirmngr/certcache.c:548 dirmngr/certcache.c:666
+#: dirmngr/certcache.c:430 dirmngr/certcache.c:520 dirmngr/certcache.c:635
 #, c-format
 msgid "trusted certificate '%s' loaded\n"
 msgstr "信任的憑證 '%s' 已載入\n"
 
-#: dirmngr/certcache.c:456
+#: dirmngr/certcache.c:432
 #, c-format
 msgid "certificate '%s' loaded\n"
 msgstr "憑證 '%s' 已載入\n"
 
-#: dirmngr/certcache.c:460 dirmngr/certcache.c:550 dirmngr/certcache.c:668
+#: dirmngr/certcache.c:436 dirmngr/certcache.c:522 dirmngr/certcache.c:637
 #, c-format
 msgid "  SHA1 fingerprint = %s\n"
 msgstr "  SHA1 指紋 = %s\n"
 
-#: dirmngr/certcache.c:463 dirmngr/certcache.c:553 dirmngr/certcache.c:671
+#: dirmngr/certcache.c:439 dirmngr/certcache.c:525 dirmngr/certcache.c:640
 msgid "   issuer ="
 msgstr "   發行者 ="
 
-#: dirmngr/certcache.c:464 dirmngr/certcache.c:554 dirmngr/certcache.c:672
+#: dirmngr/certcache.c:440 dirmngr/certcache.c:526 dirmngr/certcache.c:641
 msgid "  subject ="
 msgstr "  主旨 ="
 
-#: dirmngr/certcache.c:470 dirmngr/certcache.c:542 dirmngr/certcache.c:660
+#: dirmngr/certcache.c:444 dirmngr/certcache.c:514 dirmngr/certcache.c:629
 #, c-format
 msgid "error loading certificate '%s': %s\n"
 msgstr "載入憑證 '%s' 時出錯: %s\n"
 
-#: dirmngr/certcache.c:851
+#: dirmngr/certcache.c:819
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "固定載入的憑證: %u\n"
 
-#: dirmngr/certcache.c:853
+#: dirmngr/certcache.c:821
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "    執行時期快取的憑證: %u\n"
 
-#: dirmngr/certcache.c:855
+#: dirmngr/certcache.c:823
 #, fuzzy, c-format
 #| msgid "    runtime cached certificates: %u\n"
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
 msgstr "    執行時期快取的憑證: %u\n"
 
-#: dirmngr/certcache.c:883 dirmngr/dirmngr-client.c:393
+#: dirmngr/certcache.c:851 dirmngr/dirmngr-client.c:392
 #, c-format
 msgid "certificate already cached\n"
 msgstr "憑證早已快取\n"
 
-#: dirmngr/certcache.c:885
+#: dirmngr/certcache.c:853
 #, c-format
 msgid "certificate cached\n"
 msgstr "憑證已快取\n"
 
-#: dirmngr/certcache.c:889 dirmngr/certcache.c:912 dirmngr/dirmngr-client.c:397
+#: dirmngr/certcache.c:855 dirmngr/certcache.c:875 dirmngr/dirmngr-client.c:396
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "快取憑證時出錯: %s\n"
 
-#: dirmngr/certcache.c:975
+#: dirmngr/certcache.c:938
 #, c-format
 msgid "invalid SHA1 fingerprint string '%s'\n"
 msgstr "無效的 SHA1 指紋字串 '%s'\n"
 
-#: dirmngr/certcache.c:1421 dirmngr/certcache.c:1430
+#: dirmngr/certcache.c:1384 dirmngr/certcache.c:1393
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "以序號取得憑證時出錯: %s\n"
 
-#: dirmngr/certcache.c:1639 dirmngr/certcache.c:1648
+#: dirmngr/certcache.c:1579 dirmngr/certcache.c:1588
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "以主旨取得憑證時出錯: %s\n"
 
-#: dirmngr/certcache.c:1754 dirmngr/validate.c:483
+#: dirmngr/certcache.c:1694 dirmngr/validate.c:483
 #, c-format
 msgid "no issuer found in certificate\n"
 msgstr "憑證中找不到發行者\n"
 
-#: dirmngr/certcache.c:1764
+#: dirmngr/certcache.c:1704
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "取得 authorityKeyIdentifier 時出錯: %s\n"
@@ -10036,55 +10160,55 @@ msgstr "不可能存取 CRL 因已停用 %s\n"
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "不可能進行憑證搜尋, 因為已停用 %s\n"
 
-#: dirmngr/dirmngr-client.c:72
+#: dirmngr/dirmngr-client.c:71
 msgid "use OCSP instead of CRLs"
 msgstr "改以 OCSP 代替 CRL"
 
-#: dirmngr/dirmngr-client.c:73
+#: dirmngr/dirmngr-client.c:72
 msgid "check whether a dirmngr is running"
 msgstr "檢查 dirmngr 是否正在執行"
 
-#: dirmngr/dirmngr-client.c:74
+#: dirmngr/dirmngr-client.c:73
 msgid "add a certificate to the cache"
 msgstr "加入憑證至快取"
 
-#: dirmngr/dirmngr-client.c:75
+#: dirmngr/dirmngr-client.c:74
 msgid "validate a certificate"
 msgstr "驗證憑證"
 
-#: dirmngr/dirmngr-client.c:76
+#: dirmngr/dirmngr-client.c:75
 msgid "lookup a certificate"
 msgstr "查找憑證"
 
-#: dirmngr/dirmngr-client.c:77
+#: dirmngr/dirmngr-client.c:76
 msgid "lookup only locally stored certificates"
 msgstr "僅查找存放於本地端的憑證憑證"
 
-#: dirmngr/dirmngr-client.c:78
+#: dirmngr/dirmngr-client.c:77
 msgid "expect an URL for --lookup"
 msgstr "應該要給 --lookup 某個網址"
 
-#: dirmngr/dirmngr-client.c:79
+#: dirmngr/dirmngr-client.c:78
 msgid "load a CRL into the dirmngr"
 msgstr "載入 CRL 至 dirmngr"
 
-#: dirmngr/dirmngr-client.c:80
+#: dirmngr/dirmngr-client.c:79
 msgid "special mode for use by Squid"
 msgstr "搭配 Squid 使用的特殊模式"
 
-#: dirmngr/dirmngr-client.c:81
+#: dirmngr/dirmngr-client.c:80
 msgid "expect certificates in PEM format"
 msgstr "預期憑證應為 PEM 格式"
 
-#: dirmngr/dirmngr-client.c:83
+#: dirmngr/dirmngr-client.c:82
 msgid "force the use of the default OCSP responder"
 msgstr "強制使用預設的 OCSP 回應程式"
 
-#: dirmngr/dirmngr-client.c:172
+#: dirmngr/dirmngr-client.c:171
 msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n"
 msgstr "用法: dirmngr-client [選項] [憑證檔案|模式](或用 -h 求助)\n"
 
-#: dirmngr/dirmngr-client.c:176
+#: dirmngr/dirmngr-client.c:175
 msgid ""
 "Syntax: dirmngr-client [options] [certfile|pattern]\n"
 "Test an X.509 certificate against a CRL or do an OCSP check\n"
@@ -10096,215 +10220,211 @@ msgstr ""
 "如果憑證有效, 此程序將傳回 0; 如果憑證無效\n"
 "則傳回 1; 其他錯誤代碼則代表不同的一般性失敗\n"
 
-#: dirmngr/dirmngr-client.c:282 dirmngr/dirmngr-client.c:912
+#: dirmngr/dirmngr-client.c:281 dirmngr/dirmngr-client.c:911
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "從標準輸入讀取憑證時出錯: %s\n"
 
-#: dirmngr/dirmngr-client.c:289
+#: dirmngr/dirmngr-client.c:288
 #, c-format
 msgid "error reading certificate from '%s': %s\n"
 msgstr "從 '%s' 讀取憑證時出錯: %s\n"
 
-#: dirmngr/dirmngr-client.c:303
+#: dirmngr/dirmngr-client.c:302
 #, c-format
 msgid "certificate too large to make any sense\n"
 msgstr "憑證大到全然不合理的境界\n"
 
-#: dirmngr/dirmngr-client.c:318
+#: dirmngr/dirmngr-client.c:317
 #, c-format
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "無法連接至 dirmngr: %s\n"
 
-#: dirmngr/dirmngr-client.c:340
+#: dirmngr/dirmngr-client.c:339
 #, c-format
 msgid "lookup failed: %s\n"
 msgstr "查找失敗: %s\n"
 
-#: dirmngr/dirmngr-client.c:355
+#: dirmngr/dirmngr-client.c:354
 #, c-format
 msgid "loading CRL '%s' failed: %s\n"
 msgstr "載入 CRL '%s' 時失敗: %s\n"
 
-#: dirmngr/dirmngr-client.c:383
+#: dirmngr/dirmngr-client.c:382
 #, c-format
 msgid "a dirmngr daemon is up and running\n"
 msgstr "有個 dirmngr 服務已啟動並正在執行中\n"
 
-#: dirmngr/dirmngr-client.c:405
+#: dirmngr/dirmngr-client.c:404
 #, c-format
 msgid "validation of certificate failed: %s\n"
 msgstr "憑證之驗證失敗: %s\n"
 
-#: dirmngr/dirmngr-client.c:412 dirmngr/dirmngr-client.c:923
+#: dirmngr/dirmngr-client.c:411 dirmngr/dirmngr-client.c:922
 #, c-format
 msgid "certificate is valid\n"
 msgstr "憑證有效\n"
 
-#: dirmngr/dirmngr-client.c:418 dirmngr/dirmngr-client.c:931
+#: dirmngr/dirmngr-client.c:417 dirmngr/dirmngr-client.c:930
 #, c-format
 msgid "certificate has been revoked\n"
 msgstr "憑證已遭撤銷\n"
 
-#: dirmngr/dirmngr-client.c:423 dirmngr/dirmngr-client.c:933
+#: dirmngr/dirmngr-client.c:422 dirmngr/dirmngr-client.c:932
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "憑證檢查失敗: %s\n"
 
-#: dirmngr/dirmngr-client.c:436
+#: dirmngr/dirmngr-client.c:435
 #, c-format
 msgid "got status: '%s'\n"
 msgstr "得到狀態: '%s'\n"
 
-#: dirmngr/dirmngr-client.c:451
+#: dirmngr/dirmngr-client.c:450
 #, c-format
 msgid "error writing base64 encoding: %s\n"
 msgstr "寫入 base64 編碼時出錯: %s\n"
 
-#: dirmngr/dirmngr-client.c:709
+#: dirmngr/dirmngr-client.c:708
 #, c-format
 msgid "unsupported inquiry '%s'\n"
 msgstr "未支援的查詢 '%s'\n"
 
-#: dirmngr/dirmngr-client.c:811
+#: dirmngr/dirmngr-client.c:810
 #, c-format
 msgid "absolute file name expected\n"
 msgstr "應該要有絕對檔名\n"
 
-#: dirmngr/dirmngr-client.c:856
+#: dirmngr/dirmngr-client.c:855
 #, c-format
 msgid "looking up '%s'\n"
 msgstr "正在查找 '%s'\n"
 
-#: dirmngr/dirmngr.c:178
+#: dirmngr/dirmngr.c:174
 msgid "list the contents of the CRL cache"
 msgstr "列出 CRL 快取的內容"
 
-#: dirmngr/dirmngr.c:179
+#: dirmngr/dirmngr.c:175
 msgid "|FILE|load CRL from FILE into cache"
 msgstr "|檔案|從指定檔案載入 CRL 至快取"
 
-#: dirmngr/dirmngr.c:180
+#: dirmngr/dirmngr.c:176
 msgid "|URL|fetch a CRL from URL"
 msgstr "|網址|從指定網址取得 CRL"
 
-#: dirmngr/dirmngr.c:181
+#: dirmngr/dirmngr.c:177
 msgid "shutdown the dirmngr"
 msgstr "關閉 dirmngr"
 
-#: dirmngr/dirmngr.c:182
+#: dirmngr/dirmngr.c:178
 msgid "flush the cache"
 msgstr "清除快取"
 
-#: dirmngr/dirmngr.c:216
+#: dirmngr/dirmngr.c:211
 msgid "allow online software version check"
 msgstr ""
 
-#: dirmngr/dirmngr.c:219
+#: dirmngr/dirmngr.c:214
 msgid "|N|do not return more than N items in one query"
 msgstr "|N|單次查詢不要傳回超過 N 筆項目"
 
-#: dirmngr/dirmngr.c:226
+#: dirmngr/dirmngr.c:220
 msgid "Network related options"
 msgstr ""
 
-#: dirmngr/dirmngr.c:228
+#: dirmngr/dirmngr.c:222
 msgid "route all network traffic via Tor"
 msgstr ""
 
-#: dirmngr/dirmngr.c:240
+#: dirmngr/dirmngr.c:234
 msgid "Configuration for Keyservers"
 msgstr "金鑰伺服器組態"
 
-#: dirmngr/dirmngr.c:243
+#: dirmngr/dirmngr.c:237
 msgid "|URL|use keyserver at URL"
 msgstr "|URL|使用位於 URL 的金鑰伺服器"
 
-#: dirmngr/dirmngr.c:245
+#: dirmngr/dirmngr.c:239
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|檔案|在 HKP over TLS 的指定檔案中使用 CA 憑證"
 
-#: dirmngr/dirmngr.c:248
+#: dirmngr/dirmngr.c:241
 msgid "Configuration for HTTP servers"
 msgstr "HTTP 伺服器組態"
 
-#: dirmngr/dirmngr.c:250
+#: dirmngr/dirmngr.c:243
 msgid "inhibit the use of HTTP"
 msgstr "避免使用 HTTP"
 
-#: dirmngr/dirmngr.c:252
+#: dirmngr/dirmngr.c:245
 msgid "ignore HTTP CRL distribution points"
 msgstr "忽略 HTTP CRL 分布點"
 
-#: dirmngr/dirmngr.c:254
+#: dirmngr/dirmngr.c:247
 msgid "|URL|redirect all HTTP requests to URL"
 msgstr "|網址|重新導向所有對指定網址提出的 HTTP 請求"
 
-#: dirmngr/dirmngr.c:256
+#: dirmngr/dirmngr.c:249
 msgid "use system's HTTP proxy setting"
 msgstr "使用系統的 HTTP 代理伺服器設定"
 
-#: dirmngr/dirmngr.c:260
+#: dirmngr/dirmngr.c:253
 msgid "Configuration of LDAP servers to use"
 msgstr "要用的 LDAP 伺服器組態"
 
-#: dirmngr/dirmngr.c:262
+#: dirmngr/dirmngr.c:255
 msgid "inhibit the use of LDAP"
 msgstr "避免使用 LDAP"
 
-#: dirmngr/dirmngr.c:264
+#: dirmngr/dirmngr.c:257
 msgid "ignore LDAP CRL distribution points"
 msgstr "忽略 LDAP CRL 分布點"
 
-#: dirmngr/dirmngr.c:266
+#: dirmngr/dirmngr.c:259
 msgid "|HOST|use HOST for LDAP queries"
 msgstr "|主機|指定 LDAP 查詢主機"
 
-#: dirmngr/dirmngr.c:268
+#: dirmngr/dirmngr.c:261
 msgid "do not use fallback hosts with --ldap-proxy"
 msgstr "不要將主機備案與 --ldap-proxy 並用"
 
-#: dirmngr/dirmngr.c:270
-msgid "|SPEC|use this keyserver to lookup keys"
-msgstr "|SPEC|使用此金鑰伺服器來查找金鑰"
-
-#: dirmngr/dirmngr.c:272
+#: dirmngr/dirmngr.c:263
 msgid "|FILE|read LDAP server list from FILE"
 msgstr "|檔案|從指定檔案讀取 LDAP 伺服器清單"
 
-#: dirmngr/dirmngr.c:274
+#: dirmngr/dirmngr.c:265
 msgid "add new servers discovered in CRL distribution points to serverlist"
 msgstr "將從 CRL 分布點發現的新伺服器加入至伺服器清單"
 
-#: dirmngr/dirmngr.c:277
+#: dirmngr/dirmngr.c:268 dirmngr/dirmngr_ldap.c:104
 msgid "|N|set LDAP timeout to N seconds"
 msgstr "|N|把 LDAP 逾時設成 N 秒"
 
-#: dirmngr/dirmngr.c:280
+#: dirmngr/dirmngr.c:271
 msgid "Configuration for OCSP"
 msgstr "OCSP 組態"
 
-#: dirmngr/dirmngr.c:282
+#: dirmngr/dirmngr.c:273
 msgid "allow sending OCSP requests"
 msgstr "允許送出 OCSP 請求"
 
-#: dirmngr/dirmngr.c:284
+#: dirmngr/dirmngr.c:275
 msgid "ignore certificate contained OCSP service URLs"
 msgstr "忽略含有 OCSP 伺服器網址的憑證"
 
-#: dirmngr/dirmngr.c:286
+#: dirmngr/dirmngr.c:277
 msgid "|URL|use OCSP responder at URL"
 msgstr "|網址|使用位於指定網址的 OCSP 回應程式"
 
-#: dirmngr/dirmngr.c:288
+#: dirmngr/dirmngr.c:279
 msgid "|FPR|OCSP response signed by FPR"
 msgstr "|FPR|由 FPR 簽署的 OCSP 回應"
 
-#: dirmngr/dirmngr.c:296
+#: dirmngr/dirmngr.c:287
 msgid "force loading of outdated CRLs"
 msgstr "強迫載入過時的 CRL"
 
-#: dirmngr/dirmngr.c:308
+#: dirmngr/dirmngr.c:298
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -10313,11 +10433,11 @@ msgstr ""
 "@\n"
 "(請參照「資訊」手冊來取得所有命令和選項的完整清單)\n"
 
-#: dirmngr/dirmngr.c:461
+#: dirmngr/dirmngr.c:440
 msgid "Usage: @DIRMNGR@ [options] (-h for help)"
 msgstr "用法: @DIRMNGR@ [選項] (或用 -h 求助)"
 
-#: dirmngr/dirmngr.c:463
+#: dirmngr/dirmngr.c:442
 msgid ""
 "Syntax: @DIRMNGR@ [options] [command [args]]\n"
 "Keyserver, CRL, and OCSP access for @GNUPG@\n"
@@ -10325,114 +10445,296 @@ msgstr ""
 "語法: @DIRMNGR@ [選項] [指令 [引數]]\n"
 "@GNUPG@ 的金鑰伺服器, CRL, OCSP 存取\n"
 
-#: dirmngr/dirmngr.c:543
+#: dirmngr/dirmngr.c:522
 #, c-format
 msgid "valid debug levels are: %s\n"
 msgstr "有效的除錯等級為: %s\n"
 
-#: dirmngr/dirmngr.c:638 tools/gpgconf.c:706 tools/gpgconf.c:741
-#: tools/gpgconf.c:839
+#: dirmngr/dirmngr.c:608 tools/gpgconf.c:667 tools/gpgconf.c:702
+#: tools/gpgconf.c:802
 #, c-format
 msgid "usage: %s [options] "
 msgstr "用法: %s [選項] "
 
-#: dirmngr/dirmngr.c:1337
+#: dirmngr/dirmngr.c:1251
 #, c-format
 msgid "colons are not allowed in the socket name\n"
 msgstr "socket 名稱內不允許使用冒號\n"
 
-#: dirmngr/dirmngr.c:1573 dirmngr/server.c:1885
+#: dirmngr/dirmngr.c:1486 dirmngr/server.c:1824
 #, c-format
 msgid "fetching CRL from '%s' failed: %s\n"
 msgstr "從 '%s' 取回 CRL 時失敗: %s\n"
 
-#: dirmngr/dirmngr.c:1579 dirmngr/server.c:1891
+#: dirmngr/dirmngr.c:1492 dirmngr/server.c:1830
 #, c-format
 msgid "processing CRL from '%s' failed: %s\n"
 msgstr "從 '%s' 處理 CRL 時失敗: %s\n"
 
-#: dirmngr/dirmngr.c:1725
+#: dirmngr/dirmngr.c:1634
 #, c-format
 msgid "%s:%u: line too long - skipped\n"
 msgstr "%s:%u: 列太長 - 已跳過\n"
 
-#: dirmngr/dirmngr.c:1785 dirmngr/dirmngr.c:1874
+#: dirmngr/dirmngr.c:1689 dirmngr/dirmngr.c:1773
 #, c-format
 msgid "%s:%u: invalid fingerprint detected\n"
 msgstr "%s:%u: 偵測到無效的指紋\n"
 
-#: dirmngr/dirmngr.c:1826 dirmngr/dirmngr.c:1852 tools/gpgconf-comp.c:3427
+#: dirmngr/dirmngr.c:1725 dirmngr/dirmngr.c:1751 tools/gpgconf-comp.c:3534
 #, c-format
 msgid "%s:%u: read error: %s\n"
 msgstr "%s:%u: 讀取錯誤: %s\n"
 
-#: dirmngr/dirmngr.c:1887
+#: dirmngr/dirmngr.c:1780
 #, c-format
 msgid "%s:%u: garbage at end of line ignored\n"
 msgstr "%s:%u: 列尾的垃圾已忽略\n"
 
-#: dirmngr/dirmngr.c:1956
+#: dirmngr/dirmngr.c:1849
 #, c-format
 msgid "SIGHUP received - re-reading configuration and flushing caches\n"
 msgstr "收到 SIGHUP - 正在重新讀取組態並清除快取\n"
 
-#: dirmngr/dirmngr.c:1996
+#: dirmngr/dirmngr.c:1890
 #, c-format
 msgid "SIGUSR2 received - no action defined\n"
 msgstr "收到 SIGUSR2 - 無定義行動\n"
 
-#: dirmngr/dirmngr.c:2001
+#: dirmngr/dirmngr.c:1895
 #, c-format
 msgid "SIGTERM received - shutting down ...\n"
 msgstr "收到 SIGTERM - 正在關閉 ...\n"
 
-#: dirmngr/dirmngr.c:2003
+#: dirmngr/dirmngr.c:1897
 #, c-format
 msgid "SIGTERM received - still %d active connections\n"
 msgstr "收到 SIGTERM - 還有 %d 個使用中的連線\n"
 
-#: dirmngr/dirmngr.c:2008
+#: dirmngr/dirmngr.c:1902
 #, c-format
 msgid "shutdown forced\n"
 msgstr "已強迫關閉\n"
 
-#: dirmngr/dirmngr.c:2016
+#: dirmngr/dirmngr.c:1910
 #, c-format
 msgid "SIGINT received - immediate shutdown\n"
 msgstr "收到 SIGINT - 立即關閉\n"
 
-#: dirmngr/dirmngr.c:2023
+#: dirmngr/dirmngr.c:1917
 #, c-format
 msgid "signal %d received - no action defined\n"
 msgstr "收到訊號 %d - 無定義行動\n"
 
-#: dirmngr/http.c:1996 dirmngr/ocsp.c:255
+#: dirmngr/dirmngr_ldap.c:105
+msgid "return all values in a record oriented format"
+msgstr "以記錄導向格式傳回所有數值"
+
+#: dirmngr/dirmngr_ldap.c:108
+msgid "|NAME|ignore host part and connect through NAME"
+msgstr "|名稱|忽略主機的部份並改以指定名稱連線"
+
+#: dirmngr/dirmngr_ldap.c:109
+msgid "force a TLS connection"
+msgstr ""
+
+#: dirmngr/dirmngr_ldap.c:110
+msgid "|NAME|connect to host NAME"
+msgstr "|名稱|連線至位於指定名稱的主機"
+
+#: dirmngr/dirmngr_ldap.c:111
+msgid "|N|connect to port N"
+msgstr "|N|連線至 N 連接埠"
+
+#: dirmngr/dirmngr_ldap.c:112
+msgid "|NAME|use user NAME for authentication"
+msgstr "|名字|使用指定名字做為認證用的使用者名稱"
+
+#: dirmngr/dirmngr_ldap.c:113
+msgid "|PASS|use password PASS for authentication"
+msgstr "|密碼|使用指定密碼作為認證"
+
+#: dirmngr/dirmngr_ldap.c:115
+msgid "take password from $DIRMNGR_LDAP_PASS"
+msgstr "從 $DIRMNGR_LDAP_PASS 取得密碼使用"
+
+#: dirmngr/dirmngr_ldap.c:116
+msgid "|STRING|query DN STRING"
+msgstr "|字串|以只指定字串查詢 DN"
+
+#: dirmngr/dirmngr_ldap.c:117
+msgid "|STRING|use STRING as filter expression"
+msgstr "|字串|以指定字串作為過濾器表示式"
+
+#: dirmngr/dirmngr_ldap.c:118
+msgid "|STRING|return the attribute STRING"
+msgstr "|字串|以指定字串傳回屬性"
+
+#: dirmngr/dirmngr_ldap.c:179
+msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
+msgstr "用法: dirmngr_ldap [選項] [網址] (或用 -h 求助)\n"
+
+#: dirmngr/dirmngr_ldap.c:182
+msgid ""
+"Syntax: dirmngr_ldap [options] [URL]\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
+msgstr ""
+"語法: dirmngr_ldap [選項] [網址]\n"
+"Dirmngr 的內部 LDAP 協助程式\n"
+"介面及選項均可能未經通知即變更\n"
+
+#: dirmngr/dirmngr_ldap.c:291
+#, c-format
+msgid "invalid port number %d\n"
+msgstr "無效的連接埠號碼 %d\n"
+
+#: dirmngr/dirmngr_ldap.c:400
+#, c-format
+msgid "scanning result for attribute '%s'\n"
+msgstr "正在掃描屬性 '%s' 之結果\n"
+
+#: dirmngr/dirmngr_ldap.c:407 dirmngr/dirmngr_ldap.c:490
+#: dirmngr/dirmngr_ldap.c:514 dirmngr/dirmngr_ldap.c:526
+#: dirmngr/dirmngr_ldap.c:722
+#, c-format
+msgid "error writing to stdout: %s\n"
+msgstr "寫入標準輸出時出錯: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:424
+#, c-format
+msgid "          available attribute '%s'\n"
+msgstr "          可用屬性 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:462
+#, c-format
+msgid "attribute '%s' not found\n"
+msgstr "找不到屬性 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:469
+#, c-format
+msgid "found attribute '%s'\n"
+msgstr "找到屬性 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:581
+#, c-format
+msgid "processing url '%s'\n"
+msgstr "正在處理網址 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:588
+#, c-format
+msgid "          user '%s'\n"
+msgstr "          使用者 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:590
+#, c-format
+msgid "          pass '%s'\n"
+msgstr "          密碼 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:592
+#, c-format
+msgid "          host '%s'\n"
+msgstr "          主機 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:593
+#, c-format
+msgid "          port %d\n"
+msgstr "          連接埠 %d\n"
+
+#: dirmngr/dirmngr_ldap.c:595
+#, c-format
+msgid "            DN '%s'\n"
+msgstr "            域名 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:597
+#, c-format
+msgid "        filter '%s'\n"
+msgstr "        過濾器 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:602 dirmngr/dirmngr_ldap.c:605
+#, c-format
+msgid "          attr '%s'\n"
+msgstr "          屬性 '%s'\n"
+
+#: dirmngr/dirmngr_ldap.c:611
+#, c-format
+msgid "no host name in '%s'\n"
+msgstr "'%s' 中沒有主機名稱\n"
+
+#: dirmngr/dirmngr_ldap.c:616
+#, c-format
+msgid "no attribute given for query '%s'\n"
+msgstr "查詢 '%s' 無給定屬性\n"
+
+#: dirmngr/dirmngr_ldap.c:622
+#, c-format
+msgid "WARNING: using first attribute only\n"
+msgstr "警告: 僅使用第一個屬性\n"
+
+#: dirmngr/dirmngr_ldap.c:637 dirmngr/dirmngr_ldap.c:678
+#, c-format
+msgid "LDAP init to '%s:%d' failed: %s\n"
+msgstr "LDAP 初始至 '%s:%d' 失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:659
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' failed: %s\n"
+msgstr "LDAP 初始至 '%s:%d' 失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:665
+#, fuzzy, c-format
+#| msgid "LDAP init to '%s:%d' failed: %s\n"
+msgid "LDAP init to '%s' done\n"
+msgstr "LDAP 初始至 '%s:%d' 失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:704
+#, c-format
+msgid "binding to '%s:%d' failed: %s\n"
+msgstr "綁定至 '%s:%d' 時失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:728
+#, c-format
+msgid "searching '%s' failed: %s\n"
+msgstr "搜尋 '%s' 時失敗: %s\n"
+
+#: dirmngr/dirmngr_ldap.c:759
+#, c-format
+msgid "'%s' is not an LDAP URL\n"
+msgstr "'%s' 不是一個 LDAP 位址\n"
+
+#: dirmngr/dirmngr_ldap.c:765
+#, c-format
+msgid "'%s' is an invalid LDAP URL\n"
+msgstr "'%s' 是無效的 LDAP 網址\n"
+
+#: dirmngr/http.c:1989 dirmngr/ocsp.c:255
 #, c-format
 msgid "error accessing '%s': http status %u\n"
 msgstr "存取 '%s' 時出錯: http 狀態 %u\n"
 
-#: dirmngr/http.c:3647 dirmngr/ocsp.c:229
+#: dirmngr/http.c:3630 dirmngr/ocsp.c:229
 #, c-format
 msgid "URL '%s' redirected to '%s' (%u)\n"
 msgstr "網址 '%s' 重新轉向至 '%s' (%u)\n"
 
-#: dirmngr/http.c:3653 dirmngr/ocsp.c:246
+#: dirmngr/http.c:3636 dirmngr/ocsp.c:246
 #, c-format
 msgid "too many redirections\n"
 msgstr "太多重新導向\n"
 
-#: dirmngr/http.c:3765
+#: dirmngr/http.c:3748
 #, fuzzy, c-format
 #| msgid "writing to '%s'\n"
 msgid "redirection changed to '%s'\n"
 msgstr "正在寫入 '%s'\n"
 
-#: dirmngr/ldap-wrapper.c:233
+#: dirmngr/ldap-wrapper.c:232
 #, c-format
 msgid "error printing log line: %s\n"
 msgstr "印出日誌記錄列時出錯: %s\n"
 
-#: dirmngr/ldap-wrapper.c:263
+#: dirmngr/ldap-wrapper.c:262
 #, c-format
 msgid "error reading log from ldap wrapper %d: %s\n"
 msgstr "從 ldap 封裝程式 %d 讀取日誌記錄時出錯: %s\n"
@@ -10462,51 +10764,31 @@ msgstr "等候 ldap 封裝程式 %d 時失敗: %s\n"
 msgid "ldap wrapper %d stalled - killing\n"
 msgstr "ldap 封裝程式 %d 已卡住 - 正在中止\n"
 
-#: dirmngr/ldap.c:92
+#: dirmngr/ldap.c:91
 #, c-format
 msgid "invalid char 0x%02x in host name - not added\n"
 msgstr "主機名稱中有無效的字符 0x%02x - 不予加入\n"
 
-#: dirmngr/ldap.c:96
+#: dirmngr/ldap.c:95
 #, c-format
 msgid "adding '%s:%d' to the ldap server list\n"
 msgstr "正在加入 '%s:%d' 至 ldap 伺服器清單\n"
 
-#: dirmngr/ldap.c:99 dirmngr/misc.c:512
+#: dirmngr/ldap.c:98 dirmngr/misc.c:512
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "動態記憶體配置失敗: %s\n"
 
-#: dirmngr/ldap.c:221
-#, c-format
-msgid "'%s' is not an LDAP URL\n"
-msgstr "'%s' 不是一個 LDAP 位址\n"
-
-#: dirmngr/ldap.c:227 dirmngr/ldap.c:233
+#: dirmngr/ldap.c:634
 #, c-format
-msgid "'%s' is an invalid LDAP URL\n"
-msgstr "'%s' 是無效的 LDAP 網址\n"
+msgid "start_cert_fetch: invalid pattern '%s'\n"
+msgstr "start_cert_fetch: 無效的模式 '%s'\n"
 
-#: dirmngr/ldap.c:969
+#: dirmngr/ldap.c:846
 #, c-format
 msgid "ldap_search hit the size limit of the server\n"
 msgstr "ldap_search 達到伺服器的尺寸限制\n"
 
-#: dirmngr/ldapserver.c:117
-#, c-format
-msgid "%s:%u: password given without user\n"
-msgstr "%s:%u: 給定的密碼沒有使用者\n"
-
-#: dirmngr/ldapserver.c:181
-#, c-format
-msgid "%s:%u: ignoring unknown flag '%s'\n"
-msgstr ""
-
-#: dirmngr/ldapserver.c:203
-#, c-format
-msgid "%s:%u: skipping this line\n"
-msgstr "%s:%u: 正在跳過這一列\n"
-
 #: dirmngr/misc.c:172
 #, c-format
 msgid "invalid canonical S-expression found\n"
@@ -10593,91 +10875,91 @@ msgstr "計算 '%s' OSCP 回應雜湊時失敗: %s\n"
 msgid "not signed by a default OCSP signer's certificate"
 msgstr "並未由預設 OCSP 簽署者的憑證所簽署"
 
-#: dirmngr/ocsp.c:524
+#: dirmngr/ocsp.c:522
 #, c-format
 msgid "allocating list item failed: %s\n"
 msgstr "配置清單項目時失敗: %s\n"
 
-#: dirmngr/ocsp.c:540 dirmngr/ocsp.c:727
+#: dirmngr/ocsp.c:537 dirmngr/ocsp.c:724
 #, c-format
 msgid "error getting responder ID: %s\n"
 msgstr "取得回應程式 ID 時出錯: %s\n"
 
-#: dirmngr/ocsp.c:587
+#: dirmngr/ocsp.c:584
 #, c-format
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr "找不到適合用來驗證 OCSP 回應的憑證\n"
 
-#: dirmngr/ocsp.c:626 dirmngr/validate.c:648
+#: dirmngr/ocsp.c:623 dirmngr/validate.c:648
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "找不到發行者憑證: %s\n"
 
-#: dirmngr/ocsp.c:636
+#: dirmngr/ocsp.c:633
 #, c-format
 msgid "caller did not return the target certificate\n"
 msgstr "叫用者未傳為目標憑證\n"
 
-#: dirmngr/ocsp.c:643
+#: dirmngr/ocsp.c:640
 #, c-format
 msgid "caller did not return the issuing certificate\n"
 msgstr "叫用者未傳回發行的憑證\n"
 
-#: dirmngr/ocsp.c:653
+#: dirmngr/ocsp.c:650
 #, c-format
 msgid "failed to allocate OCSP context: %s\n"
 msgstr "配置 OCSP 脈絡失敗: %s\n"
 
-#: dirmngr/ocsp.c:692
+#: dirmngr/ocsp.c:689
 #, c-format
 msgid "no default OCSP responder defined\n"
 msgstr "無定義預設 OCSP 回應程式\n"
 
-#: dirmngr/ocsp.c:698
+#: dirmngr/ocsp.c:695
 #, c-format
 msgid "no default OCSP signer defined\n"
 msgstr "未定義預設的 OCSP 簽署程式\n"
 
-#: dirmngr/ocsp.c:705
+#: dirmngr/ocsp.c:702
 #, c-format
 msgid "using default OCSP responder '%s'\n"
 msgstr "正在使用預設的 OCSP 回應程式 '%s'\n"
 
-#: dirmngr/ocsp.c:710
+#: dirmngr/ocsp.c:707
 #, c-format
 msgid "using OCSP responder '%s'\n"
 msgstr "正在使用 %s OCSP 回應程式\n"
 
-#: dirmngr/ocsp.c:767
+#: dirmngr/ocsp.c:764
 #, c-format
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "取得目標憑證 OCSP 狀態時出錯: %s\n"
 
-#: dirmngr/ocsp.c:792
+#: dirmngr/ocsp.c:789
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "憑證狀態為: %s  (本次=%s  下次=%s)\n"
 
-#: dirmngr/ocsp.c:793
+#: dirmngr/ocsp.c:790
 msgid "good"
 msgstr "良好"
 
-#: dirmngr/ocsp.c:799
+#: dirmngr/ocsp.c:796
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "憑證已撤銷於 %s 因: %s\n"
 
-#: dirmngr/ocsp.c:834
+#: dirmngr/ocsp.c:831
 #, c-format
 msgid "OCSP responder returned a status in the future\n"
 msgstr "OCSP 回應程式傳回未來的狀態\n"
 
-#: dirmngr/ocsp.c:846
+#: dirmngr/ocsp.c:843
 #, c-format
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP 回應程式傳回非當下的狀態\n"
 
-#: dirmngr/ocsp.c:861
+#: dirmngr/ocsp.c:858
 #, c-format
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP 回應程式傳回老舊的狀態\n"
@@ -10687,67 +10969,71 @@ msgstr "OCSP 回應程式傳回老舊的狀態\n"
 msgid "assuan_inquire(%s) failed: %s\n"
 msgstr "assuan_inquire(%s) 失敗: %s\n"
 
-#: dirmngr/server.c:1284
+#: dirmngr/server.c:1158
+msgid "ldapserver missing"
+msgstr "遺失 ldapserver"
+
+#: dirmngr/server.c:1224
 msgid "serialno missing in cert ID"
 msgstr "憑證 ID 中遺失 serialno"
 
-#: dirmngr/server.c:1447 dirmngr/server.c:1533 dirmngr/server.c:1970
-#: dirmngr/server.c:2041 dirmngr/server.c:2669 dirmngr/server.c:2684
+#: dirmngr/server.c:1387 dirmngr/server.c:1473 dirmngr/server.c:1909
+#: dirmngr/server.c:1980 dirmngr/server.c:2552 dirmngr/server.c:2567
 #, c-format
 msgid "assuan_inquire failed: %s\n"
 msgstr "assuan_inquire 失敗: %s\n"
 
-#: dirmngr/server.c:1576
+#: dirmngr/server.c:1516
 #, c-format
 msgid "fetch_cert_by_url failed: %s\n"
 msgstr "fetch_cert_by_url 失敗: %s\n"
 
-#: dirmngr/server.c:1588 dirmngr/server.c:1619 dirmngr/server.c:1779
+#: dirmngr/server.c:1528 dirmngr/server.c:1559 dirmngr/server.c:1718
 #, c-format
 msgid "error sending data: %s\n"
 msgstr "送出資料時出錯: %s\n"
 
-#: dirmngr/server.c:1727
+#: dirmngr/server.c:1666
 #, c-format
 msgid "start_cert_fetch failed: %s\n"
 msgstr "start_cert_fetch 失敗: %s\n"
 
-#: dirmngr/server.c:1760
+#: dirmngr/server.c:1699
 #, c-format
 msgid "fetch_next_cert failed: %s\n"
 msgstr "fetch_next_cert 失敗: %s\n"
 
-#: dirmngr/server.c:1787
+#: dirmngr/server.c:1726
 #, c-format
 msgid "max_replies %d exceeded\n"
 msgstr "max_replies %d 已超出\n"
 
-#: dirmngr/server.c:2973
+#: dirmngr/server.c:2856
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "無法配置控制結構: %s\n"
 
-#: dirmngr/server.c:2984
+#: dirmngr/server.c:2867
 #, c-format
 msgid "failed to allocate assuan context: %s\n"
 msgstr "配置 assuan 脈絡失敗: %s\n"
 
-#: dirmngr/server.c:3005
+#: dirmngr/server.c:2888
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "伺服器啟始失敗: %s\n"
 
-#: dirmngr/server.c:3013
+#: dirmngr/server.c:2896
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "向 Assuan 註冊指令時失敗: %s\n"
 
-#: dirmngr/server.c:3046
+#: dirmngr/server.c:2929
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan 接受問題: %s\n"
 
-#: dirmngr/server.c:3065
+#: dirmngr/server.c:2948
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan 處理時失敗: %s\n"
@@ -10790,51 +11076,57 @@ msgstr "憑證鏈完好\n"
 msgid "certificate should not have been used for CRL signing\n"
 msgstr "憑證應該還未被用於 CRL 簽署\n"
 
-#: tools/gpg-connect-agent.c:79 tools/gpgconf.c:111
+#: tools/gpg-connect-agent.c:86 tools/gpgconf.c:112
 msgid "quiet"
 msgstr "安靜模式"
 
-#: tools/gpg-connect-agent.c:80
+#: tools/gpg-connect-agent.c:87
 msgid "print data out hex encoded"
 msgstr "列印資料超出十六進制編碼範圍"
 
-#: tools/gpg-connect-agent.c:81
+#: tools/gpg-connect-agent.c:88
 msgid "decode received data lines"
 msgstr "對已收到的資料列解碼"
 
-#: tools/gpg-connect-agent.c:82
+#: tools/gpg-connect-agent.c:89
 msgid "connect to the dirmngr"
 msgstr "連線至 dirmngr"
 
-#: tools/gpg-connect-agent.c:85
+#: tools/gpg-connect-agent.c:90
+#, fuzzy
+#| msgid "connect to the dirmngr"
+msgid "connect to the keyboxd"
+msgstr "連線至 dirmngr"
+
+#: tools/gpg-connect-agent.c:93
 msgid "|NAME|connect to Assuan socket NAME"
 msgstr "|名稱|連線至指定名稱的 Assuan socket"
 
-#: tools/gpg-connect-agent.c:87
+#: tools/gpg-connect-agent.c:95
 msgid "|ADDR|connect to Assuan server at ADDR"
 msgstr "|ADDR|連線至位於 ADDR 的 Assuan 伺服器"
 
-#: tools/gpg-connect-agent.c:89
+#: tools/gpg-connect-agent.c:97
 msgid "run the Assuan server given on the command line"
 msgstr "執行命令列所給定的 Assuan 伺服器"
 
-#: tools/gpg-connect-agent.c:91
+#: tools/gpg-connect-agent.c:99
 msgid "do not use extended connect mode"
 msgstr "不要使用延伸連線模式"
 
-#: tools/gpg-connect-agent.c:93
+#: tools/gpg-connect-agent.c:101
 msgid "|FILE|run commands from FILE on startup"
 msgstr "|檔案|啟動時執行指定檔案中的指令"
 
-#: tools/gpg-connect-agent.c:94
+#: tools/gpg-connect-agent.c:102
 msgid "run /subst on startup"
 msgstr "啟動時執行 /subst"
 
-#: tools/gpg-connect-agent.c:208
+#: tools/gpg-connect-agent.c:223
 msgid "Usage: @GPG@-connect-agent [options] (-h for help)"
 msgstr "用法: @GPG@-connect-agent [選項] (或用 -h 求助)"
 
-#: tools/gpg-connect-agent.c:211
+#: tools/gpg-connect-agent.c:226
 msgid ""
 "Syntax: @GPG@-connect-agent [options]\n"
 "Connect to a running agent and send commands\n"
@@ -10842,189 +11134,205 @@ msgstr ""
 "語法: @GPG@-connect-agent [選項]\n"
 "連線至運作中的代理程式並送出指令\n"
 
-#: tools/gpg-connect-agent.c:1254
+#: tools/gpg-connect-agent.c:1280
 #, c-format
 msgid "option \"%s\" requires a program and optional arguments\n"
 msgstr "\"%s\" 選項需要有程式及選用的引數\n"
 
-#: tools/gpg-connect-agent.c:1265 tools/gpg-connect-agent.c:1271
-#: tools/gpg-connect-agent.c:1277
+#: tools/gpg-connect-agent.c:1291 tools/gpg-connect-agent.c:1297
+#: tools/gpg-connect-agent.c:1303
 #, c-format
 msgid "option \"%s\" ignored due to \"%s\"\n"
 msgstr "\"%s\" 選項因為 \"%s\" 而被忽略了\n"
 
-#: tools/gpg-connect-agent.c:1375 tools/gpg-connect-agent.c:1870
+#: tools/gpg-connect-agent.c:1401 tools/gpg-connect-agent.c:1915
 #, c-format
 msgid "receiving line failed: %s\n"
 msgstr "接收列時失敗: %s\n"
 
-#: tools/gpg-connect-agent.c:1465
+#: tools/gpg-connect-agent.c:1500
 #, c-format
 msgid "line too long - skipped\n"
 msgstr "列太長 - 已跳過\n"
 
-#: tools/gpg-connect-agent.c:1469
+#: tools/gpg-connect-agent.c:1504
 #, c-format
 msgid "line shortened due to embedded Nul character\n"
 msgstr "列因嵌入的 Nul 字符而縮短了\n"
 
-#: tools/gpg-connect-agent.c:1844
+#: tools/gpg-connect-agent.c:1889
 #, c-format
 msgid "unknown command '%s'\n"
 msgstr "未知的指令 '%s'\n"
 
-#: tools/gpg-connect-agent.c:1862
+#: tools/gpg-connect-agent.c:1907
 #, c-format
 msgid "sending line failed: %s\n"
 msgstr "送出列時失敗: %s\n"
 
-#: tools/gpg-connect-agent.c:2259
+#: tools/gpg-connect-agent.c:2318
+#, fuzzy, c-format
+#| msgid "no gpg-agent running in this session\n"
+msgid "no keybox daemon running in this session\n"
+msgstr "在此階段中沒有執行中的 gpg-agent\n"
+
+#: tools/gpg-connect-agent.c:2324
 #, c-format
 msgid "error sending standard options: %s\n"
 msgstr "送出標準選項時出錯: %s\n"
 
-#: tools/gpgconf-comp.c:625
+#: tools/gpgconf-comp.c:647
 #, fuzzy
 #| msgid "GPG for OpenPGP"
 msgid "OpenPGP"
 msgstr "OpenPGP 版 GPG"
 
-#: tools/gpgconf-comp.c:629
+#: tools/gpgconf-comp.c:651
 #, fuzzy
 #| msgid "GPG for S/MIME"
 msgid "S/MIME"
 msgstr "S/MIME 版 GPG"
 
-#: tools/gpgconf-comp.c:633
+#: tools/gpgconf-comp.c:655
+#, fuzzy
+#| msgid "public key is %s\n"
+msgid "Public Keys"
+msgstr "公鑰為 %s\n"
+
+#: tools/gpgconf-comp.c:659
 msgid "Private Keys"
 msgstr ""
 
-#: tools/gpgconf-comp.c:637
+#: tools/gpgconf-comp.c:663
 #, fuzzy
 #| msgid "Smartcard Daemon"
 msgid "Smartcards"
 msgstr "智慧卡服務"
 
-#: tools/gpgconf-comp.c:641
+#: tools/gpgconf-comp.c:667
+msgid "TPM"
+msgstr ""
+
+#: tools/gpgconf-comp.c:671
 msgid "Network"
 msgstr ""
 
-#: tools/gpgconf-comp.c:645
+#: tools/gpgconf-comp.c:675
 #, fuzzy
 #| msgid "PIN and Passphrase Entry"
 msgid "Passphrase Entry"
 msgstr "個人識別碼及密語項目"
 
-#: tools/gpgconf-comp.c:822
+#: tools/gpgconf-comp.c:939
 msgid "Component not suitable for launching"
 msgstr "元件不適合啟動"
 
-#: tools/gpgconf-comp.c:828
+#: tools/gpgconf-comp.c:945
 #, fuzzy, c-format
 #| msgid "External verification of component %s failed"
 msgid "Configuration file of component %s is broken\n"
 msgstr "元件 %s 的外部驗證失敗"
 
-#: tools/gpgconf-comp.c:831
+#: tools/gpgconf-comp.c:948
 #, fuzzy, c-format
 #| msgid "Please use the command \"toggle\" first.\n"
 msgid "Note: Use the command \"%s%s\" to get details.\n"
 msgstr "請先使用 \"toggle\" 指令.\n"
 
-#: tools/gpgconf-comp.c:2705
+#: tools/gpgconf-comp.c:2811
 #, c-format
 msgid "External verification of component %s failed"
 msgstr "元件 %s 的外部驗證失敗"
 
-#: tools/gpgconf-comp.c:2834
+#: tools/gpgconf-comp.c:2941
 msgid "Note that group specifications are ignored\n"
 msgstr "請注意群組規格已忽略\n"
 
-#: tools/gpgconf-comp.c:3431
+#: tools/gpgconf-comp.c:3538
 #, fuzzy, c-format
 #| msgid "error closing '%s': %s\n"
 msgid "error closing '%s'\n"
 msgstr "關閉 '%s' 時出錯: %s\n"
 
-#: tools/gpgconf-comp.c:3433
+#: tools/gpgconf-comp.c:3540
 #, fuzzy, c-format
 #| msgid "error hashing '%s': %s\n"
 msgid "error parsing '%s'\n"
 msgstr "計算 '%s' 的雜湊時出錯: %s\n"
 
-#: tools/gpgconf.c:82
+#: tools/gpgconf.c:83
 msgid "list all components"
 msgstr "列出所有的元件"
 
-#: tools/gpgconf.c:83
+#: tools/gpgconf.c:84
 msgid "check all programs"
 msgstr "檢查所有的程式"
 
-#: tools/gpgconf.c:84
+#: tools/gpgconf.c:85
 msgid "|COMPONENT|list options"
 msgstr "|元件|列出選項"
 
-#: tools/gpgconf.c:85
+#: tools/gpgconf.c:86
 msgid "|COMPONENT|change options"
 msgstr "|元件|變更選項"
 
-#: tools/gpgconf.c:86
+#: tools/gpgconf.c:87
 msgid "|COMPONENT|check options"
 msgstr "|元件|檢查選項"
 
-#: tools/gpgconf.c:88
+#: tools/gpgconf.c:89
 msgid "apply global default values"
 msgstr "套用全域預設值"
 
-#: tools/gpgconf.c:90
+#: tools/gpgconf.c:91
 #, fuzzy
 #| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
 msgstr "|檔案|從指定檔案中取得原則資訊"
 
-#: tools/gpgconf.c:92
+#: tools/gpgconf.c:93
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "取得 @GPGCONF@ 的組態目錄"
 
-#: tools/gpgconf.c:94
+#: tools/gpgconf.c:95
 msgid "list global configuration file"
 msgstr "列出全域組態檔"
 
-#: tools/gpgconf.c:96
+#: tools/gpgconf.c:97
 msgid "check global configuration file"
 msgstr "檢查全域組態檔案"
 
-#: tools/gpgconf.c:98
+#: tools/gpgconf.c:99
 #, fuzzy
 #| msgid "update the trust database"
 msgid "query the software version database"
 msgstr "更新信任資料庫"
 
-#: tools/gpgconf.c:99
+#: tools/gpgconf.c:100
 msgid "reload all or a given component"
 msgstr "重新載入所有或給定的元件"
 
-#: tools/gpgconf.c:100
+#: tools/gpgconf.c:101
 msgid "launch a given component"
 msgstr "啟動給定的元件"
 
-#: tools/gpgconf.c:101
+#: tools/gpgconf.c:102
 msgid "kill a given component"
 msgstr "刪除給定的元件"
 
-#: tools/gpgconf.c:109
+#: tools/gpgconf.c:110
 msgid "use as output file"
 msgstr "當作輸出檔案來使用"
 
-#: tools/gpgconf.c:113
+#: tools/gpgconf.c:114
 msgid "activate changes at runtime, if possible"
 msgstr "如果可能的話, 在執行期啟用變更"
 
-#: tools/gpgconf.c:157
+#: tools/gpgconf.c:154
 msgid "Usage: @GPGCONF@ [options] (-h for help)"
 msgstr "用法: @GPGCONF@ [選項] (或用 -h 求助)"
 
-#: tools/gpgconf.c:160
+#: tools/gpgconf.c:157
 msgid ""
 "Syntax: @GPGCONF@ [options]\n"
 "Manage configuration options for tools of the @GNUPG@ system\n"
@@ -11032,15 +11340,15 @@ msgstr ""
 "語法: @GPGCONF@ [選項]\n"
 "管理 @GNUPG@ 系統工具的組態選項\n"
 
-#: tools/gpgconf.c:708 tools/gpgconf.c:743
+#: tools/gpgconf.c:669 tools/gpgconf.c:704
 msgid "Need one component argument"
 msgstr "需要一個元件引數"
 
-#: tools/gpgconf.c:717 tools/gpgconf.c:767 tools/gpgconf.c:815
+#: tools/gpgconf.c:678 tools/gpgconf.c:728 tools/gpgconf.c:778
 msgid "Component not found"
 msgstr "找不到元件"
 
-#: tools/gpgconf.c:841
+#: tools/gpgconf.c:804
 msgid "No argument allowed"
 msgstr "未允許使用引數"
 
@@ -11056,151 +11364,240 @@ msgstr ""
 "語法: gpg-check-pattern [選項] 樣式檔案\n"
 "用樣式檔案來檢查由標準輸入給定的密語\n"
 
-#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
-#~ msgstr "強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n"
+#: tools/gpg-card.c:2389
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: key %s is already stored on the card!\n"
+msgstr "請注意: 金鑰已經存放在卡片上了!\n"
 
-#~ msgid "error writing to temporary file: %s\n"
-#~ msgstr "寫入暫存檔時出錯: %s\n"
+#: tools/gpg-card.c:2392
+#, fuzzy, c-format
+#| msgid "Note: keys are already stored on the card!\n"
+msgid "Note: Keys are already stored on the card!\n"
+msgstr "請注意: 金鑰已經存放在卡片上了!\n"
 
-#~ msgid "use a log file for the server"
-#~ msgstr "為伺服器使用日誌檔"
+#: tools/gpg-card.c:2395
+#, fuzzy, c-format
+#| msgid "Replace existing keys? (y/N) "
+msgid "Replace existing key %s ? (y/N) "
+msgstr "是否要取代既有的金鑰? (y/N) "
 
-#~ msgid "|FILE|write a server mode log to FILE"
-#~ msgstr "|檔案|將伺服器模式日誌寫入至指定檔案"
+#: tools/gpg-card.c:2548 tools/gpg-card.c:2711 tools/gpg-card.c:2934
+#: tools/gpg-card.c:3043
+#, fuzzy, c-format
+#| msgid "OpenPGP card no. %s detected\n"
+msgid "%s card no. %s detected\n"
+msgstr "偵測到 OpenPGP 卡片編號 %s\n"
 
-#~ msgid "run without asking a user"
-#~ msgstr "以不詢問使用者的方式執行"
+#: tools/gpg-card.c:3395
+#, c-format
+msgid "User Interaction Flag is set to \"%s\" - can't change\n"
+msgstr ""
 
-#~ msgid "allow PKA lookups (DNS requests)"
-#~ msgstr "允許 PKA 查找 (DNS 請求)"
+#: tools/gpg-card.c:3405 tools/gpg-card.c:3419
+#, c-format
+msgid ""
+"Warning: Setting the User Interaction Flag to \"%s\"\n"
+"         can only be reverted using a factory reset!\n"
+msgstr ""
 
-#~ msgid "Options controlling the format of the output"
-#~ msgstr "控制著輸出格式的選項"
+#: tools/gpg-card.c:3422
+#, c-format
+msgid "Please use \"uif --yes %d %s\"\n"
+msgstr ""
 
+#: tools/gpg-card.c:3668
 #, fuzzy
-#~| msgid "Options controlling the security"
-#~ msgid "Options controlling the use of Tor"
-#~ msgstr "控制著安全性的選項"
+#| msgid "add a certificate to the cache"
+msgid "authenticate to the card"
+msgstr "加入憑證至快取"
 
-#~ msgid "LDAP server list"
-#~ msgstr "LDAP 伺服器清單"
+#: tools/gpg-card.c:3670
+msgid "send a reset to the card daemon"
+msgstr ""
+
+#: tools/gpg-card.c:3672
+#, fuzzy
+#| msgid "|NAME|use user NAME for authentication"
+msgid "setup KDF for PIN authentication"
+msgstr "|名字|使用指定名字做為認證用的使用者名稱"
+
+#: tools/gpg-card.c:3674
+msgid "change a private data object"
+msgstr ""
+
+#: tools/gpg-card.c:3675
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "read a certificate from a data object"
+msgstr "加入憑證至快取"
+
+#: tools/gpg-card.c:3676
+#, fuzzy
+#| msgid "add a certificate to the cache"
+msgid "store a certificate to a data object"
+msgstr "加入憑證至快取"
+
+#: tools/gpg-card.c:3677
+msgid "store a private key to a data object"
+msgstr ""
 
-#~ msgid "requesting key %s from %s server %s\n"
-#~ msgstr "正在請求金鑰 %s 自 %s 伺服器 %s\n"
+#: tools/gpg-card.c:3678
+msgid "Yubikey management commands"
+msgstr ""
 
-#~ msgid "%s:%u: no hostname given\n"
-#~ msgstr "%s:%u: 沒有給定主機名稱\n"
+#: tools/gpg-card.c:3680
+msgid "manage the command history"
+msgstr ""
 
-#~ msgid "could not parse keyserver\n"
-#~ msgstr "無法剖析金鑰伺服器\n"
+#, fuzzy
+#~| msgid "change a passphrase"
+#~ msgid "Suggest a random passphrase."
+#~ msgstr "更改密語"
 
-#~ msgid "return all values in a record oriented format"
-#~ msgstr "以記錄導向格式傳回所有數值"
+#~ msgid "detected card with S/N: %s\n"
+#~ msgstr "偵測到卡片, 其序號為: %s\n"
 
-#~ msgid "|NAME|ignore host part and connect through NAME"
-#~ msgstr "|名稱|忽略主機的部份並改以指定名稱連線"
+#~ msgid "no authentication key for ssh on card: %s\n"
+#~ msgstr "卡片上沒有 ssh 用的認證金鑰: %s\n"
 
-#~ msgid "|NAME|connect to host NAME"
-#~ msgstr "|名稱|連線至位於指定名稱的主機"
+#~ msgid "Please remove the current card and insert the one with serial number"
+#~ msgstr "請移除現用中的卡片並插入下列序號的卡片:"
 
-#~ msgid "|N|connect to port N"
-#~ msgstr "|N|連線至 N 連接埠"
+#~ msgid "use a log file for the server"
+#~ msgstr "為伺服器使用日誌檔"
 
-#~ msgid "|NAME|use user NAME for authentication"
-#~ msgstr "|名字|使用指定名字做為認證用的使用者名稱"
+#, fuzzy
+#~| msgid "connection to agent established\n"
+#~ msgid "connection to %s established\n"
+#~ msgstr "至代理程式的連線已建立\n"
 
-#~ msgid "|PASS|use password PASS for authentication"
-#~ msgstr "|密碼|使用指定密碼作為認證"
+#~ msgid "no running gpg-agent - starting '%s'\n"
+#~ msgstr "沒有執行中的 gpg-agent - 正在啟動 '%s'\n"
 
-#~ msgid "take password from $DIRMNGR_LDAP_PASS"
-#~ msgstr "從 $DIRMNGR_LDAP_PASS 取得密碼使用"
+#~ msgid "argument not expected"
+#~ msgstr "沒料到有引數"
 
-#~ msgid "|STRING|query DN STRING"
-#~ msgstr "|字串|以只指定字串查詢 DN"
+#~ msgid "read error"
+#~ msgstr "讀取錯誤"
 
-#~ msgid "|STRING|use STRING as filter expression"
-#~ msgstr "|字串|以指定字串作為過濾器表示式"
+#~ msgid "keyword too long"
+#~ msgstr "關鍵字太長"
 
-#~ msgid "|STRING|return the attribute STRING"
-#~ msgstr "|字串|以指定字串傳回屬性"
+#~ msgid "missing argument"
+#~ msgstr "無效的引數"
 
-#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
-#~ msgstr "用法: dirmngr_ldap [選項] [網址] (或用 -h 求助)\n"
+#~ msgid "invalid argument"
+#~ msgstr "無效的引數"
 
-#~ msgid ""
-#~ "Syntax: dirmngr_ldap [options] [URL]\n"
-#~ "Internal LDAP helper for Dirmngr\n"
-#~ "Interface and options may change without notice\n"
-#~ msgstr ""
-#~ "語法: dirmngr_ldap [選項] [網址]\n"
-#~ "Dirmngr 的內部 LDAP 協助程式\n"
-#~ "介面及選項均可能未經通知即變更\n"
+#~ msgid "invalid command"
+#~ msgstr "無效的指令"
+
+#~ msgid "invalid alias definition"
+#~ msgstr "無效的別名定義"
+
+#~ msgid "out of core"
+#~ msgstr "超出核心"
+
+#, fuzzy
+#~| msgid "invalid command"
+#~ msgid "invalid meta command"
+#~ msgstr "無效的指令"
+
+#, fuzzy
+#~| msgid "unknown command '%s'\n"
+#~ msgid "unknown meta command"
+#~ msgstr "未知的指令 '%s'\n"
 
-#~ msgid "invalid port number %d\n"
-#~ msgstr "無效的連接埠號碼 %d\n"
+#, fuzzy
+#~| msgid "unexpected armor: "
+#~ msgid "unexpected meta command"
+#~ msgstr "未預期的封裝: "
+
+#~ msgid "invalid option"
+#~ msgstr "無效的選項"
+
+#~ msgid "missing argument for option \"%.50s\"\n"
+#~ msgstr "\"%.50s\" 選項遺失了引數\n"
+
+#~ msgid "option \"%.50s\" does not expect an argument\n"
+#~ msgstr "\"%.50s\" 選項沒料到會有引數\n"
+
+#~ msgid "invalid command \"%.50s\"\n"
+#~ msgstr "無效的指令 \"%.50s\"\n"
+
+#~ msgid "option \"%.50s\" is ambiguous\n"
+#~ msgstr "\"%.50s\" 選項不明確\n"
+
+#~ msgid "command \"%.50s\" is ambiguous\n"
+#~ msgstr "\"%.50s\" 指令不明確\n"
 
-#~ msgid "scanning result for attribute '%s'\n"
-#~ msgstr "正在掃描屬性 '%s' 之結果\n"
+#~ msgid "invalid option \"%.50s\"\n"
+#~ msgstr "無效的選項 \"%.50s\"\n"
 
-#~ msgid "error writing to stdout: %s\n"
-#~ msgstr "寫入標準輸出時出錯: %s\n"
+#~ msgid "Note: no default option file '%s'\n"
+#~ msgstr "請注意: 沒有預設選項檔 '%s'\n"
 
-#~ msgid "          available attribute '%s'\n"
-#~ msgstr "          可用屬性 '%s'\n"
+#~ msgid "option file '%s': %s\n"
+#~ msgstr "選項檔 '%s': %s\n"
 
-#~ msgid "attribute '%s' not found\n"
-#~ msgstr "找不到屬性 '%s'\n"
+#, fuzzy
+#~| msgid "you may not use %s while in %s mode\n"
+#~ msgid "keyserver option \"%s\" may not be used in %s mode\n"
+#~ msgstr "你不能夠將 %s 用於 %s 模式中\n"
 
-#~ msgid "found attribute '%s'\n"
-#~ msgstr "找到屬性 '%s'\n"
+#~ msgid "unable to execute program '%s': %s\n"
+#~ msgstr "無法執行程式 '%s': %s\n"
 
-#~ msgid "processing url '%s'\n"
-#~ msgstr "正在處理網址 '%s'\n"
+#~ msgid "unable to execute external program\n"
+#~ msgstr "無法執行外部程式\n"
 
-#~ msgid "          user '%s'\n"
-#~ msgstr "          使用者 '%s'\n"
+#~ msgid "unable to read external program response: %s\n"
+#~ msgstr "無法讀取外部程式回應: %s\n"
 
-#~ msgid "          pass '%s'\n"
-#~ msgstr "          密碼 '%s'\n"
+#~ msgid "validate signatures with PKA data"
+#~ msgstr "以 PKA 資料驗證簽章"
 
-#~ msgid "          host '%s'\n"
-#~ msgstr "          主機 '%s'\n"
+#~ msgid "elevate the trust of signatures with valid PKA data"
+#~ msgstr "提高對持有有效 PKA 資料之簽章的信任"
 
-#~ msgid "          port %d\n"
-#~ msgstr "          連接埠 %d\n"
+#~ msgid "   (%d) ECC and ECC\n"
+#~ msgstr "   (%d) ECC 和 ECC\n"
 
-#~ msgid "            DN '%s'\n"
-#~ msgstr "            域名 '%s'\n"
+#~ msgid "honor the PKA record set on a key when retrieving keys"
+#~ msgstr "取回金鑰時尊重金鑰所設定的 PKA 記錄"
 
-#~ msgid "        filter '%s'\n"
-#~ msgstr "        過濾器 '%s'\n"
+#~ msgid "Note: Verified signer's address is '%s'\n"
+#~ msgstr "請注意: 已驗證的簽署者地址為 '%s'\n"
 
-#~ msgid "          attr '%s'\n"
-#~ msgstr "          屬性 '%s'\n"
+#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
+#~ msgstr "請注意: 簽署者地址 '%s' 與 DNS 項目並不吻合\n"
 
-#~ msgid "no host name in '%s'\n"
-#~ msgstr "'%s' 中沒有主機名稱\n"
+#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+#~ msgstr "信任等級因有效的 PKA 資訊而調整為 *完全*\n"
 
-#~ msgid "no attribute given for query '%s'\n"
-#~ msgstr "查詢 '%s' 無給定屬性\n"
+#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+#~ msgstr "信任等級因不良的 PKA 資訊而調整為 *永遠不會*\n"
 
-#~ msgid "WARNING: using first attribute only\n"
-#~ msgstr "警告: 僅使用第一個屬性\n"
+#~ msgid "|FILE|write a server mode log to FILE"
+#~ msgstr "|檔案|將伺服器模式日誌寫入至指定檔案"
 
-#~ msgid "LDAP init to '%s:%d' failed: %s\n"
-#~ msgstr "LDAP 初始至 '%s:%d' 失敗: %s\n"
+#~ msgid "run without asking a user"
+#~ msgstr "以不詢問使用者的方式執行"
 
-#~ msgid "binding to '%s:%d' failed: %s\n"
-#~ msgstr "綁定至 '%s:%d' 時失敗: %s\n"
+#~ msgid "allow PKA lookups (DNS requests)"
+#~ msgstr "允許 PKA 查找 (DNS 請求)"
 
-#~ msgid "searching '%s' failed: %s\n"
-#~ msgstr "搜尋 '%s' 時失敗: %s\n"
+#~ msgid "Options controlling the format of the output"
+#~ msgstr "控制著輸出格式的選項"
 
-#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
-#~ msgstr "start_cert_fetch: 無效的模式 '%s'\n"
+#, fuzzy
+#~| msgid "Options controlling the security"
+#~ msgid "Options controlling the use of Tor"
+#~ msgstr "控制著安全性的選項"
 
-#~ msgid "ldapserver missing"
-#~ msgstr "遺失 ldapserver"
+#~ msgid "LDAP server list"
+#~ msgstr "LDAP 伺服器清單"
 
 #~ msgid "Note: old default options file '%s' ignored\n"
 #~ msgstr "請注意: 已忽略舊有的預設選項檔 '%s'\n"
@@ -11256,8 +11653,8 @@ msgstr ""
 #~ msgid "could not open %s for writing: %s\n"
 #~ msgstr "無法開啟 %s 來寫入: %s\n"
 
-#~ msgid "error reading from %s: %s\n"
-#~ msgstr "讀取 %s 時出錯: %s\n"
+#~ msgid "error writing to %s: %s\n"
+#~ msgstr "寫入 %s 時出錯: %s\n"
 
 #~ msgid "error closing %s: %s\n"
 #~ msgstr "關閉 %s 時出錯: %s\n"
@@ -11319,12 +11716,6 @@ msgstr ""
 #~ msgid " using certificate ID 0x%08lX\n"
 #~ msgstr " 以憑證 ID 0x%08lX\n"
 
-#, fuzzy
-#~| msgid "you may not use %s while in %s mode\n"
-#~ msgid ""
-#~ "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
-#~ msgstr "你不能夠將 %s 用於 %s 模式中\n"
-
 #~ msgid "male"
 #~ msgstr "男性"
 
@@ -11380,12 +11771,6 @@ msgstr ""
 #~ msgid "only SHA-1 is supported for OCSP responses\n"
 #~ msgstr "OCSP 回應僅支援 SHA-1\n"
 
-#~ msgid "waiting for the dirmngr to come up ... (%ds)\n"
-#~ msgstr "正在等候 dirmngr 出現 ... (%d 秒)\n"
-
-#~ msgid "connection to the dirmngr established\n"
-#~ msgstr "連線至 dirmngr 已建立\n"
-
 #, fuzzy
 #~| msgid "error closing %s: %s\n"
 #~ msgid "error looking up: %s\n"
diff --git a/regexp/Makefile.in b/regexp/Makefile.in
index 6e03b82..67505eb 100644
--- a/regexp/Makefile.in
+++ b/regexp/Makefile.in
@@ -111,16 +111,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -243,9 +242,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -254,6 +255,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -281,9 +283,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -320,13 +323,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
diff --git a/scd/Makefile.am b/scd/Makefile.am
index 32be6ab..0cc50dc 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -17,7 +17,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc scdaemon.w32-manifest.in
+EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc
 
 libexec_PROGRAMS = scdaemon
 
@@ -26,14 +26,15 @@ AM_CPPFLAGS = $(LIBUSB_CPPFLAGS)
 include $(top_srcdir)/am/cmacros.am
 
 if HAVE_W32_SYSTEM
-scdaemon_robjs = $(resource_objs) scdaemon-w32info.o
+resource_objs += scdaemon-w32info.o
 endif
 
 AM_CFLAGS =  $(LIBGCRYPT_CFLAGS) \
 	     $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
 
-card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c app-sc-hsm.c
+card_apps = app-openpgp.c app-piv.c app-nks.c app-dinsig.c app-p15.c \
+	    app-geldkarte.c app-sc-hsm.c
 
 scdaemon_SOURCES = \
 	scdaemon.c scdaemon.h \
@@ -48,4 +49,4 @@ scdaemon_SOURCES = \
 scdaemon_LDADD = $(libcommonpth) \
 	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
 	$(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
-        $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(scdaemon_robjs)
+        $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(resource_objs)
diff --git a/scd/Makefile.in b/scd/Makefile.in
index d278ee5..cccc52d 100644
--- a/scd/Makefile.in
+++ b/scd/Makefile.in
@@ -138,51 +138,50 @@ libexec_PROGRAMS = scdaemon$(EXEEXT)
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_9 = scdaemon-w32info.o
 subdir = scd
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = scdaemon.w32-manifest
+CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(libexecdir)"
 PROGRAMS = $(libexec_PROGRAMS)
-am__objects_1 = app-openpgp.$(OBJEXT) app-nks.$(OBJEXT) \
-	app-dinsig.$(OBJEXT) app-p15.$(OBJEXT) app-geldkarte.$(OBJEXT) \
-	app-sc-hsm.$(OBJEXT)
+am__objects_1 = app-openpgp.$(OBJEXT) app-piv.$(OBJEXT) \
+	app-nks.$(OBJEXT) app-dinsig.$(OBJEXT) app-p15.$(OBJEXT) \
+	app-geldkarte.$(OBJEXT) app-sc-hsm.$(OBJEXT)
 am_scdaemon_OBJECTS = scdaemon.$(OBJEXT) command.$(OBJEXT) \
 	atr.$(OBJEXT) apdu.$(OBJEXT) ccid-driver.$(OBJEXT) \
 	iso7816.$(OBJEXT) app.$(OBJEXT) app-help.$(OBJEXT) \
 	$(am__objects_1)
 scdaemon_OBJECTS = $(am_scdaemon_OBJECTS)
 am__DEPENDENCIES_1 =
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	scdaemon-w32info.o
 scdaemon_DEPENDENCIES = $(libcommonpth) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+	$(am__DEPENDENCIES_1) $(resource_objs)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -201,10 +200,11 @@ am__maybe_remake_depfiles = depfiles
 am__depfiles_remade = ./$(DEPDIR)/apdu.Po ./$(DEPDIR)/app-dinsig.Po \
 	./$(DEPDIR)/app-geldkarte.Po ./$(DEPDIR)/app-help.Po \
 	./$(DEPDIR)/app-nks.Po ./$(DEPDIR)/app-openpgp.Po \
-	./$(DEPDIR)/app-p15.Po ./$(DEPDIR)/app-sc-hsm.Po \
-	./$(DEPDIR)/app.Po ./$(DEPDIR)/atr.Po \
-	./$(DEPDIR)/ccid-driver.Po ./$(DEPDIR)/command.Po \
-	./$(DEPDIR)/iso7816.Po ./$(DEPDIR)/scdaemon.Po
+	./$(DEPDIR)/app-p15.Po ./$(DEPDIR)/app-piv.Po \
+	./$(DEPDIR)/app-sc-hsm.Po ./$(DEPDIR)/app.Po \
+	./$(DEPDIR)/atr.Po ./$(DEPDIR)/ccid-driver.Po \
+	./$(DEPDIR)/command.Po ./$(DEPDIR)/iso7816.Po \
+	./$(DEPDIR)/scdaemon.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -244,8 +244,7 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in \
-	$(srcdir)/scdaemon.w32-manifest.in $(top_srcdir)/am/cmacros.am \
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
 	$(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -288,9 +287,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -299,6 +300,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -326,9 +328,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -365,13 +368,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -434,14 +440,14 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc scdaemon.w32-manifest.in
+EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = $(LIBUSB_CPPFLAGS) -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -452,18 +458,19 @@ AM_CPPFLAGS = $(LIBUSB_CPPFLAGS) -DLOCALEDIR=\"$(localedir)\" \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_9)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
 libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
-@HAVE_W32_SYSTEM_TRUE@scdaemon_robjs = $(resource_objs) scdaemon-w32info.o
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
 	     $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
-card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c app-sc-hsm.c
+card_apps = app-openpgp.c app-piv.c app-nks.c app-dinsig.c app-p15.c \
+	    app-geldkarte.c app-sc-hsm.c
+
 scdaemon_SOURCES = \
 	scdaemon.c scdaemon.h \
 	command.c \
@@ -476,7 +483,7 @@ scdaemon_SOURCES = \
 scdaemon_LDADD = $(libcommonpth) \
 	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
 	$(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
-        $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(scdaemon_robjs)
+        $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(resource_objs)
 
 all: all-am
 
@@ -512,8 +519,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-scdaemon.w32-manifest: $(top_builddir)/config.status $(srcdir)/scdaemon.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-libexecPROGRAMS: $(libexec_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
@@ -574,6 +579,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-nks.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-openpgp.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-p15.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-piv.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-sc-hsm.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atr.Po@am__quote@ # am--include-marker
@@ -736,6 +742,7 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/app-nks.Po
 	-rm -f ./$(DEPDIR)/app-openpgp.Po
 	-rm -f ./$(DEPDIR)/app-p15.Po
+	-rm -f ./$(DEPDIR)/app-piv.Po
 	-rm -f ./$(DEPDIR)/app-sc-hsm.Po
 	-rm -f ./$(DEPDIR)/app.Po
 	-rm -f ./$(DEPDIR)/atr.Po
@@ -795,6 +802,7 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/app-nks.Po
 	-rm -f ./$(DEPDIR)/app-openpgp.Po
 	-rm -f ./$(DEPDIR)/app-p15.Po
+	-rm -f ./$(DEPDIR)/app-piv.Po
 	-rm -f ./$(DEPDIR)/app-sc-hsm.Po
 	-rm -f ./$(DEPDIR)/app.Po
 	-rm -f ./$(DEPDIR)/atr.Po
diff --git a/scd/apdu.c b/scd/apdu.c
index 9568d25..2d77ae0 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -41,25 +41,12 @@
 #include "rapdu.h"
 #endif /*USE_G10CODE_RAPDU*/
 
-#if defined(GNUPG_SCD_MAIN_HEADER)
-#include GNUPG_SCD_MAIN_HEADER
-#elif GNUPG_MAJOR_VERSION == 1
-/* This is used with GnuPG version < 1.9.  The code has been source
-   copied from the current GnuPG >= 1.9  and is maintained over
-   there. */
-#include "../common/options.h"
-#include "errors.h"
-#include "memory.h"
-#include "../common/util.h"
-#include "../common/i18n.h"
-#include "dynload.h"
-#include "cardglue.h"
-#else /* GNUPG_MAJOR_VERSION != 1 */
-#include "scdaemon.h"
-#include "../common/exechelp.h"
-#endif /* GNUPG_MAJOR_VERSION != 1 */
+#if defined(GNUPG_MAJOR_VERSION)
+# include "scdaemon.h"
+# include "../common/exechelp.h"
+#endif /*GNUPG_MAJOR_VERSION*/
+
 #include "../common/host2net.h"
-#include "../common/membuf.h"
 
 #include "iso7816.h"
 #include "apdu.h"
@@ -73,7 +60,8 @@ struct dev_list {
   int idx_max;
 };
 
-#define MAX_READER 4 /* Number of readers we support concurrently. */
+#define MAX_READER 16 /* Number of readers we support concurrently. */
+                      /* See also MAX_DEVICE in ccid-driver.c.  */
 
 
 #if defined(_WIN32) || defined(__CYGWIN__)
@@ -88,11 +76,17 @@ typedef unsigned int pcsc_dword_t;
 typedef unsigned long pcsc_dword_t;
 #endif
 
+#ifdef HAVE_W32_SYSTEM
+#define HANDLE uintptr_t
+#else
+#define HANDLE long
+#endif
+
 /* PC/SC context to access readers.  Shared among all readers.  */
-static struct pcsc {
-  unsigned int context_valid:1;
-  long context;
-  char *reader_list; /* List of detected readers.  */
+static struct pcsc_global_data {
+  HANDLE context;
+  int count;
+  const char *rdrname[MAX_READER];
 } pcsc;
 
 /* A structure to collect information pertaining to one reader
@@ -120,7 +114,7 @@ struct reader_table_s {
     ccid_driver_t handle;
   } ccid;
   struct {
-    long card;
+    HANDLE card;
     pcsc_dword_t protocol;
     pcsc_dword_t verify_ioctl;
     pcsc_dword_t modify_ioctl;
@@ -135,7 +129,6 @@ struct reader_table_s {
 #endif /*USE_G10CODE_RAPDU*/
   char *rdrname;     /* Name of the connected reader or NULL if unknown. */
   unsigned int is_t0:1;     /* True if we know that we are running T=0. */
-  unsigned int is_spr532:1; /* True if we know that the reader is a SPR532.  */
   unsigned int pinpad_varlen_supported:1;  /* True if we know that the reader
                                               supports variable length pinpad
                                               input.  */
@@ -235,8 +228,8 @@ static npth_mutex_t reader_table_lock;
 #define PCSC_E_NOT_TRANSACTED          0x80100016
 #define PCSC_E_READER_UNAVAILABLE      0x80100017
 #define PCSC_E_NO_SERVICE              0x8010001D
-#define PCSC_E_NO_READERS_AVAILABLE    0x8010002E
 #define PCSC_E_SERVICE_STOPPED         0x8010001E
+#define PCSC_E_NO_READERS_AVAILABLE    0x8010002E
 #define PCSC_W_RESET_CARD              0x80100068
 #define PCSC_W_REMOVED_CARD            0x80100069
 
@@ -273,8 +266,13 @@ static npth_mutex_t reader_table_lock;
 
 struct pcsc_io_request_s
 {
+#if defined(_WIN32) || defined(__CYGWIN__)
+  pcsc_dword_t protocol;
+  pcsc_dword_t pci_len;
+#else
   unsigned long protocol;
   unsigned long pci_len;
+#endif
 };
 
 typedef struct pcsc_io_request_s *pcsc_io_request_t;
@@ -302,36 +300,35 @@ typedef struct pcsc_readerstate_s *pcsc_readerstate_t;
 long (* DLSTDCALL pcsc_establish_context) (pcsc_dword_t scope,
                                            const void *reserved1,
                                            const void *reserved2,
-                                           long *r_context);
-long (* DLSTDCALL pcsc_release_context) (long context);
-long (* DLSTDCALL pcsc_cancel) (long context);
-long (* DLSTDCALL pcsc_list_readers) (long context,
+                                           HANDLE *r_context);
+long (* DLSTDCALL pcsc_release_context) (HANDLE context);
+long (* DLSTDCALL pcsc_list_readers) (HANDLE context,
                                       const char *groups,
                                       char *readers, pcsc_dword_t*readerslen);
-long (* DLSTDCALL pcsc_get_status_change) (long context,
+long (* DLSTDCALL pcsc_get_status_change) (HANDLE context,
                                            pcsc_dword_t timeout,
                                            pcsc_readerstate_t readerstates,
                                            pcsc_dword_t nreaderstates);
-long (* DLSTDCALL pcsc_connect) (long context,
+long (* DLSTDCALL pcsc_connect) (HANDLE context,
                                  const char *reader,
                                  pcsc_dword_t share_mode,
                                  pcsc_dword_t preferred_protocols,
-                                 long *r_card,
+                                 HANDLE *r_card,
                                  pcsc_dword_t *r_active_protocol);
-long (* DLSTDCALL pcsc_reconnect) (long card,
+long (* DLSTDCALL pcsc_reconnect) (HANDLE card,
                                    pcsc_dword_t share_mode,
                                    pcsc_dword_t preferred_protocols,
                                    pcsc_dword_t initialization,
                                    pcsc_dword_t *r_active_protocol);
-long (* DLSTDCALL pcsc_disconnect) (long card,
+long (* DLSTDCALL pcsc_disconnect) (HANDLE card,
                                     pcsc_dword_t disposition);
-long (* DLSTDCALL pcsc_status) (long card,
+long (* DLSTDCALL pcsc_status) (HANDLE card,
                                 char *reader, pcsc_dword_t *readerlen,
                                 pcsc_dword_t *r_state,
                                 pcsc_dword_t *r_protocol,
                                 unsigned char *atr, pcsc_dword_t *atrlen);
 long (* DLSTDCALL pcsc_begin_transaction) (long card);
-long (* DLSTDCALL pcsc_end_transaction) (long card,
+long (* DLSTDCALL pcsc_end_transaction) (HANDLE card,
                                          pcsc_dword_t disposition);
 long (* DLSTDCALL pcsc_transmit) (long card,
                                   const pcsc_io_request_t send_pci,
@@ -340,9 +337,9 @@ long (* DLSTDCALL pcsc_transmit) (long card,
                                   pcsc_io_request_t recv_pci,
                                   unsigned char *recv_buffer,
                                   pcsc_dword_t *recv_len);
-long (* DLSTDCALL pcsc_set_timeout) (long context,
+long (* DLSTDCALL pcsc_set_timeout) (HANDLE context,
                                      pcsc_dword_t timeout);
-long (* DLSTDCALL pcsc_control) (long card,
+long (* DLSTDCALL pcsc_control) (HANDLE card,
                                  pcsc_dword_t control_code,
                                  const void *send_buffer,
                                  pcsc_dword_t send_len,
@@ -472,7 +469,6 @@ new_reader_slot (void)
   reader_table[reader].pinpad_modify = pcsc_pinpad_modify;
 
   reader_table[reader].is_t0 = 1;
-  reader_table[reader].is_spr532 = 0;
   reader_table[reader].pinpad_varlen_supported = 0;
   reader_table[reader].require_get_status = 1;
   reader_table[reader].pcsc.verify_ioctl = 0;
@@ -542,7 +538,9 @@ apdu_strerror (int rc)
   switch (rc)
     {
     case SW_EOF_REACHED    : return "eof reached";
+    case SW_TERM_STATE     : return "termination state";
     case SW_EEPROM_FAILURE : return "eeprom failure";
+    case SW_ACK_TIMEOUT    : return "ACK timeout";
     case SW_WRONG_LENGTH   : return "wrong length";
     case SW_SM_NOT_SUP     : return "secure messaging not supported";
     case SW_CC_NOT_SUP     : return "command chaining not supported";
@@ -556,12 +554,13 @@ apdu_strerror (int rc)
     case SW_NOT_SUPPORTED  : return "not supported";
     case SW_FILE_NOT_FOUND : return "file not found";
     case SW_RECORD_NOT_FOUND:return "record not found";
-    case SW_REF_NOT_FOUND  : return "reference not found";
     case SW_NOT_ENOUGH_MEMORY: return "not enough memory space in the file";
-    case SW_INCONSISTENT_LC: return "Lc inconsistent with TLV structure.";
+    case SW_INCONSISTENT_LC: return "Lc inconsistent with TLV structure";
     case SW_INCORRECT_P0_P1: return "incorrect parameters P0,P1";
     case SW_BAD_LC         : return "Lc inconsistent with P0,P1";
+    case SW_REF_NOT_FOUND  : return "reference not found";
     case SW_BAD_P0_P1      : return "bad P0,P1";
+    case SW_EXACT_LENGTH   : return "exact length";
     case SW_INS_NOT_SUP    : return "instruction not supported";
     case SW_CLA_NOT_SUP    : return "class not supported";
     case SW_SUCCESS        : return "success";
@@ -626,7 +625,6 @@ pcsc_error_string (long err)
     case 0x001c: s = "card unsupported"; break;
     case 0x001d: s = "no service"; break;
     case 0x001e: s = "service stopped"; break;
-    case 0x002e: s = "no readers available"; break;
     default:     s = "unknown PC/SC error code"; break;
     }
   return s;
@@ -648,6 +646,7 @@ pcsc_error_to_sw (long ec)
     case PCSC_E_NO_SERVICE:
     case PCSC_E_SERVICE_STOPPED:
     case PCSC_E_UNKNOWN_READER:      rc = SW_HOST_NO_READER; break;
+    case PCSC_E_NO_READERS_AVAILABLE:rc = SW_HOST_NO_READER; break;
     case PCSC_E_SHARING_VIOLATION:   rc = SW_HOST_LOCKING_FAILED; break;
     case PCSC_E_NO_SMARTCARD:        rc = SW_HOST_NO_CARD; break;
     case PCSC_W_REMOVED_CARD:        rc = SW_HOST_NO_CARD; break;
@@ -829,11 +828,15 @@ static int
 close_pcsc_reader (int slot)
 {
   (void)slot;
-
-  if (pcsc.context_valid)
+  if (--pcsc.count == 0 && npth_mutex_trylock (&reader_table_lock) == 0)
     {
+      int i;
+
       pcsc_release_context (pcsc.context);
-      pcsc.context_valid = 0;
+      pcsc.context = 0;
+      for (i = 0; i < MAX_READER; i++)
+        pcsc.rdrname[i] = NULL;
+      npth_mutex_unlock (&reader_table_lock);
     }
   return 0;
 }
@@ -865,16 +868,6 @@ connect_pcsc_card (int slot)
       if (err != PCSC_E_NO_SMARTCARD)
         log_error ("pcsc_connect failed: %s (0x%lx)\n",
                    pcsc_error_string (err), err);
-      if (err == PCSC_W_REMOVED_CARD && pcsc_cancel)
-        {
-          long err2;
-          err2 = pcsc_cancel (pcsc.context);
-          if (err2)
-            log_error ("pcsc_cancel failed: %s (0x%lx)\n",
-                       pcsc_error_string (err2), err2);
-          else if (opt.verbose)
-            log_error ("pcsc_cancel succeeded\n");
-        }
     }
   else
     {
@@ -1005,7 +998,16 @@ pcsc_vendor_specific_init (int slot)
         {
           if (strstr (reader_table[slot].rdrname, "SPRx32"))
             {
-              reader_table[slot].is_spr532 = 1;
+              const unsigned char cmd[] = { '\x80', '\x02', '\x00' };
+              sw = control_pcsc (slot, CM_IOCTL_VENDOR_IFD_EXCHANGE,
+                                 cmd, sizeof (cmd), NULL, 0);
+
+              /* Even though it's control at IFD level (request to the
+               * reader, not card), it returns an error when card is
+               * not active.  Just ignore the error.
+               */
+              if (sw)
+                log_debug ("Ignore control_pcsc failure.\n");
               reader_table[slot].pinpad_varlen_supported = 1;
             }
           else if (strstr (reader_table[slot].rdrname, "ST-2xxx"))
@@ -1074,12 +1076,21 @@ pcsc_vendor_specific_init (int slot)
       if (sw)
         return SW_NOT_SUPPORTED;
     }
-  else if (vendor == VENDOR_SCM && product == SCM_SPR532) /* SCM SPR532 */
+  else if (vendor == VENDOR_SCM && product == SCM_SPR532)
     {
-      reader_table[slot].is_spr532 = 1;
+      const unsigned char cmd[] = { '\x80', '\x02', '\x00' };
+
+      sw = control_pcsc (slot, CM_IOCTL_VENDOR_IFD_EXCHANGE,
+                         cmd, sizeof (cmd), NULL, 0);
+      /* Even though it's control at IFD level (request to the
+       * reader, not card), it returns an error when card is
+       * not active.  Just ignore the error.
+       */
+      if (sw)
+        log_debug ("Ignore control_pcsc failure.\n");
       reader_table[slot].pinpad_varlen_supported = 1;
     }
-  else if (vendor == 0x046a)
+  else if (vendor == VENDOR_CHERRY)
     {
       /* Cherry ST-2xxx (product == 0x003e) supports TPDU level
        * exchange.  Other products which only support short APDU level
@@ -1088,11 +1099,12 @@ pcsc_vendor_specific_init (int slot)
       reader_table[slot].pcsc.pinmax = 15;
       reader_table[slot].pinpad_varlen_supported = 1;
     }
-  else if (vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
-           || vendor == 0x1a44 /* Tested with Vasco DIGIPASS 920 */
-           || vendor == 0x234b /* Tested with FSIJ Gnuk Token */
-           || vendor == 0x0d46 /* Tested with KAAN Advanced??? */
-           || (vendor == 0x1fc9 && product == 0x81e6) /* Tested with Trustica Cryptoucan */)
+  else if (vendor == VENDOR_REINER /* Tested with Reiner cyberJack GO */
+           || vendor == VENDOR_VASCO /* Tested with Vasco DIGIPASS 920 */
+           || vendor == VENDOR_FSIJ /* Tested with FSIJ Gnuk Token */
+           || vendor == VENDOR_KAAN /* Tested with KAAN Advanced??? */
+           || (vendor == VENDOR_NXP
+               && product == CRYPTOUCAN) /* Tested with Trustica Cryptoucan */)
     reader_table[slot].pinpad_varlen_supported = 1;
 
   return 0;
@@ -1104,7 +1116,7 @@ pcsc_init (void)
   static int pcsc_api_loaded;
   long err;
 
-  /* Load the PC/SC API */
+  /* Lets try the PC/SC API */
   if (!pcsc_api_loaded)
     {
       void *handle;
@@ -1112,14 +1124,13 @@ pcsc_init (void)
       handle = dlopen (opt.pcsc_driver, RTLD_LAZY);
       if (!handle)
         {
-          log_error ("pscd_open_reader: failed to open driver '%s': %s\n",
+          log_error ("apdu_open_reader: failed to open driver '%s': %s\n",
                      opt.pcsc_driver, dlerror ());
           return -1;
         }
 
       pcsc_establish_context = dlsym (handle, "SCardEstablishContext");
       pcsc_release_context   = dlsym (handle, "SCardReleaseContext");
-      pcsc_cancel            = dlsym (handle, "SCardCancel");
       pcsc_list_readers      = dlsym (handle, "SCardListReaders");
 #if defined(_WIN32) || defined(__CYGWIN__)
       if (!pcsc_list_readers)
@@ -1168,7 +1179,7 @@ pcsc_init (void)
         {
           /* Note that set_timeout is currently not used and also not
              available under Windows. */
-          log_error ("pcsc_open_reader: invalid PC/SC driver "
+          log_error ("apdu_open_reader: invalid PC/SC driver "
                      "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n",
                      !!pcsc_establish_context,
                      !!pcsc_release_context,
@@ -1189,194 +1200,38 @@ pcsc_init (void)
       pcsc_api_loaded = 1;
     }
 
-  pcsc.context_valid = 0;
-  err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, &pcsc.context);
+  err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL,
+                                &pcsc.context);
   if (err)
     {
       log_error ("pcsc_establish_context failed: %s (0x%lx)\n",
                  pcsc_error_string (err), err);
       return -1;
     }
-  pcsc.context_valid = 1;
 
   return 0;
 }
 
-
-/* Select a reader from list of readers available.  */
-static const char *
-select_a_reader (const char *list, unsigned int len)
-{
-  const char *black_list_to_skip[] = {
-    /* We do left match by strncmp(3).  */
-    "Windows Hello"
-  };
-  const char *white_list_to_prefer[] = {
-    /* We do substring match by strstr(3).  */
-    "SPRx32",
-    "Yubico"
-  };
-  const char *p = list;
-  const char *candidate = NULL;
-  unsigned int n;
-
-  /*
-   * (1) If one in the white list is found in LIST, that one is
-   *     selected.
-   * (2) Otherwise, if one not in the black list is found in LIST,
-   *     that is a candidate.
-   * (3) Select the first candidate, or in case of no candidate,
-   *     return the first entry even if it's in the black list.
-   */
-  while (len)
-    {
-      int i;
-      int is_bad;
-
-      if (!*p)
-        break;
-
-      for (n=0; n < len; n++)
-        if (!p[n])
-          break;
-
-      /* Something wrong in the LIST.  */
-      if (n >= len)
-        break;
-
-      for (i = 0; i < DIM (white_list_to_prefer); i++)
-        if (strstr (p, white_list_to_prefer[i]))
-          return p;
-
-      is_bad = 0;
-      for (i = 0; i < DIM (black_list_to_skip); i++)
-        if (!strncmp (p, black_list_to_skip[i],
-                      strlen (black_list_to_skip[i])))
-          is_bad = 1;
-
-      if (!is_bad && !candidate)
-        candidate = p;
-
-      len -= n + 1;
-      p += n + 1;
-    }
-
-  if (candidate)
-    return candidate;
-
-  return list;
-}
-
-
-/* Open the PC/SC reader.  If PORTSTR is NULL we default to a suitable
-   port.  Returns -1 on error or a slot number for the reader.  */
+/* Open the PC/SC reader.  Returns -1 on error or a slot number for
+   the reader.  */
 static int
-open_pcsc_reader (const char *portstr)
+open_pcsc_reader (const char *rdrname)
 {
-  long err;
   int slot;
-  char *list = NULL;
-  const char *rdrname = NULL;
-  pcsc_dword_t nreader = 0;
-  const char *p;
-  size_t n;
-  membuf_t reader_mb;
-
-  xfree (pcsc.reader_list);
-  pcsc.reader_list = NULL;
-
-  if (!pcsc.context_valid)
-    if (pcsc_init () < 0)
-      return -1;
-
-  if (DBG_READER)
-    log_debug ("open_pcsc_reader(portstr=%s)\n", portstr);
-
 
   slot = new_reader_slot ();
   if (slot == -1)
-    return -1;  /* No need to cleanup here. */
-
-  err = pcsc_list_readers (pcsc.context, NULL, NULL, &nreader);
-  if (!err)
-    {
-      list = xtrymalloc (nreader+1); /* Better add 1 for safety reasons. */
-      if (!list)
-        {
-          log_error ("error allocating memory for reader list\n");
-          close_pcsc_reader (slot);
-          reader_table[slot].used = 0;
-          unlock_slot (slot);
-          slot = -1 /*SW_HOST_OUT_OF_CORE*/;
-          goto leave;
-        }
-      err = pcsc_list_readers (pcsc.context, NULL, list, &nreader);
-    }
-  if (err)
-    {
-      log_error ("pcsc_list_readers failed: %s (0x%lx)\n",
-                 pcsc_error_string (err), err);
-      close_pcsc_reader (slot);
-      reader_table[slot].used = 0;
-      unlock_slot (slot);
-      xfree (list);
-      slot = -1;
-      goto leave;
-    }
-
-  init_membuf (&reader_mb, 256);
-
-  p = list;
-  while (nreader > 0)
-    {
-      if (!*p)
-        break;
-
-      for (n=0; n < nreader; n++)
-        if (!p[n])
-          break;
-
-      if (n >= nreader)
-         {
-           log_error ("invalid response from pcsc_list_readers\n");
-           xfree (get_membuf (&reader_mb, NULL));
-           close_pcsc_reader (slot);
-           reader_table[slot].used = 0;
-           unlock_slot (slot);
-           xfree (list);
-           slot = -1;
-           goto leave;
-         }
-
-      log_info ("detected reader '%s'\n", p);
-      put_membuf_str (&reader_mb, p);
-      put_membuf (&reader_mb, "\n", 1);
-      if (!rdrname && portstr && !strncmp (p, portstr, strlen (portstr)))
-        rdrname = p;
-      nreader -= n + 1;
-      p += n + 1;
-    }
-  put_membuf (&reader_mb, "", 1);
-  pcsc.reader_list = get_membuf (&reader_mb, NULL);
-  if (!pcsc.reader_list)
-    log_error ("error allocating memory for reader list\n");
-
-  if (!rdrname)
-    rdrname = select_a_reader (list, nreader);
+    return -1;
 
   reader_table[slot].rdrname = xtrystrdup (rdrname);
   if (!reader_table[slot].rdrname)
     {
       log_error ("error allocating memory for reader name\n");
-      close_pcsc_reader (slot);
+      close_pcsc_reader (0);
       reader_table[slot].used = 0;
       unlock_slot (slot);
-      slot = -1;
-      xfree (list);
-      goto leave;
+      return -1;
     }
-  xfree (list);
-  list = NULL;
 
   reader_table[slot].pcsc.card = 0;
   reader_table[slot].atrlen = 0;
@@ -1389,12 +1244,9 @@ open_pcsc_reader (const char *portstr)
   reader_table[slot].send_apdu_reader = pcsc_send_apdu;
   reader_table[slot].dump_status_reader = dump_pcsc_reader_status;
 
+  pcsc.count++;
   dump_reader_status (slot);
   unlock_slot (slot);
-
- leave:
-  if (DBG_READER)
-    log_debug ("open_pcsc_reader => slot=%d\n", slot);
   return slot;
 }
 
@@ -1452,7 +1304,6 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
    */
   unsigned char result[6];
   pcsc_dword_t resultlen = 6;
-  int no_lc;
 
   if (!reader_table[slot].atrlen
       && (sw = reset_pcsc_reader (slot)))
@@ -1465,8 +1316,6 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
   if (!pin_verify)
     return SW_HOST_OUT_OF_CORE;
 
-  no_lc = (!pininfo->fixedlen && reader_table[slot].is_spr532);
-
   pin_verify[0] = 0x00; /* bTimeOut */
   pin_verify[1] = 0x00; /* bTimeOut2 */
   pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
@@ -1483,8 +1332,8 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
   pin_verify[11] = 0x00; /* bMsgIndex */
   pin_verify[12] = 0x00; /* bTeoPrologue[0] */
   pin_verify[13] = 0x00; /* bTeoPrologue[1] */
-  pin_verify[14] = pininfo->fixedlen + 0x05 - no_lc; /* bTeoPrologue[2] */
-  pin_verify[15] = pininfo->fixedlen + 0x05 - no_lc; /* ulDataLength */
+  pin_verify[14] = pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */
+  pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */
   pin_verify[16] = 0x00; /* ulDataLength */
   pin_verify[17] = 0x00; /* ulDataLength */
   pin_verify[18] = 0x00; /* ulDataLength */
@@ -1495,8 +1344,6 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
   pin_verify[23] = pininfo->fixedlen; /* abData[4] */
   if (pininfo->fixedlen)
     memset (&pin_verify[24], 0xff, pininfo->fixedlen);
-  else if (no_lc)
-    len--;
 
   if (DBG_CARD_IO)
     log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n",
@@ -1527,7 +1374,6 @@ pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
   int len = PIN_MODIFY_STRUCTURE_SIZE + 2 * pininfo->fixedlen;
   unsigned char result[6];      /* See the comment at pinpad_verify.  */
   pcsc_dword_t resultlen = 6;
-  int no_lc;
 
   if (!reader_table[slot].atrlen
       && (sw = reset_pcsc_reader (slot)))
@@ -1540,8 +1386,6 @@ pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
   if (!pin_modify)
     return SW_HOST_OUT_OF_CORE;
 
-  no_lc = (!pininfo->fixedlen && reader_table[slot].is_spr532);
-
   pin_modify[0] = 0x00; /* bTimeOut */
   pin_modify[1] = 0x00; /* bTimeOut2 */
   pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
@@ -1569,8 +1413,8 @@ pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
   pin_modify[16] = 0x02; /* bMsgIndex3 */
   pin_modify[17] = 0x00; /* bTeoPrologue[0] */
   pin_modify[18] = 0x00; /* bTeoPrologue[1] */
-  pin_modify[19] = 2 * pininfo->fixedlen + 0x05 - no_lc; /* bTeoPrologue[2] */
-  pin_modify[20] = 2 * pininfo->fixedlen + 0x05 - no_lc; /* ulDataLength */
+  pin_modify[19] = 2 * pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */
+  pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */
   pin_modify[21] = 0x00; /* ulDataLength */
   pin_modify[22] = 0x00; /* ulDataLength */
   pin_modify[23] = 0x00; /* ulDataLength */
@@ -1581,8 +1425,6 @@ pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
   pin_modify[28] = 2 * pininfo->fixedlen; /* abData[4] */
   if (pininfo->fixedlen)
     memset (&pin_modify[29], 0xff, 2 * pininfo->fixedlen);
-  else if (no_lc)
-    len--;
 
   if (DBG_CARD_IO)
     log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n",
@@ -1618,6 +1460,7 @@ static int
 close_ccid_reader (int slot)
 {
   ccid_close_reader (reader_table[slot].ccid.handle);
+  reader_table[slot].ccid.handle = NULL;
   return 0;
 }
 
@@ -1759,13 +1602,15 @@ ccid_pinpad_operation (int slot, int class, int ins, int p0, int p1,
 
 /* Open the reader and try to read an ATR.  */
 static int
-open_ccid_reader (struct dev_list *dl)
+open_ccid_reader (struct dev_list *dl, int *r_cciderr)
 {
   int err;
   int slot;
   int require_get_status;
   reader_table_t slotp;
 
+  *r_cciderr = 0;
+
   slot = new_reader_slot ();
   if (slot == -1)
     return -1;
@@ -1778,13 +1623,17 @@ open_ccid_reader (struct dev_list *dl)
       err = ccid_get_atr (slotp->ccid.handle,
                           slotp->atr, sizeof slotp->atr, &slotp->atrlen);
       if (err)
-        ccid_close_reader (slotp->ccid.handle);
+        {
+          ccid_close_reader (slotp->ccid.handle);
+          slotp->ccid.handle = NULL;
+        }
     }
 
   if (err)
     {
       slotp->used = 0;
       unlock_slot (slot);
+      *r_cciderr = err;
       return -1;
     }
 
@@ -2117,51 +1966,111 @@ gpg_error_t
 apdu_dev_list_start (const char *portstr, struct dev_list **l_p)
 {
   struct dev_list *dl = xtrymalloc (sizeof (struct dev_list));
+  gpg_error_t err;
 
   *l_p = NULL;
   if (!dl)
     return gpg_error_from_syserror ();
 
+  dl->table = NULL;
   dl->portstr = portstr;
   dl->idx = 0;
+  dl->idx_max = 0;
 
   npth_mutex_lock (&reader_table_lock);
 
 #ifdef HAVE_LIBUSB
-  if (opt.disable_ccid)
-    {
-      dl->table = NULL;
-      dl->idx_max = 1;
-    }
-  else
+  if (!opt.disable_ccid)
     {
-      gpg_error_t err;
-
       err = ccid_dev_scan (&dl->idx_max, &dl->table);
       if (err)
-        return err;
+        {
+          npth_mutex_unlock (&reader_table_lock);
+          return err;
+        }
 
       if (dl->idx_max == 0)
         {
-          /* If a CCID reader specification has been given, the user does
-             not want a fallback to other drivers. */
-          if (portstr && strlen (portstr) > 5 && portstr[4] == ':')
+          if (DBG_READER)
+            log_debug ("leave: apdu_open_reader => slot=-1 (no ccid)\n");
+
+          xfree (dl);
+          npth_mutex_unlock (&reader_table_lock);
+          return gpg_error (GPG_ERR_ENODEV);
+        }
+    }
+  else
+#endif
+    { /* PC/SC readers.  */
+      long r;
+      pcsc_dword_t nreader;
+      char *p = NULL;
+
+      if (!pcsc.context)
+        if (pcsc_init () < 0)
+          {
+            npth_mutex_unlock (&reader_table_lock);
+            return gpg_error (GPG_ERR_NO_SERVICE);
+          }
+
+      r = pcsc_list_readers (pcsc.context, NULL, NULL, &nreader);
+      if (!r)
+        {
+          p = xtrymalloc (nreader);
+          if (!p)
             {
-              if (DBG_READER)
-                log_debug ("leave: apdu_open_reader => slot=-1 (no ccid)\n");
+              err = gpg_error_from_syserror ();
 
-              xfree (dl);
+              log_error ("error allocating memory for reader list\n");
+              close_pcsc_reader (0);
               npth_mutex_unlock (&reader_table_lock);
-              return gpg_error (GPG_ERR_ENODEV);
+              return err;
+            }
+          r = pcsc_list_readers (pcsc.context, NULL, p, &nreader);
+        }
+      if (r)
+        {
+          log_error ("pcsc_list_readers failed: %s (0x%lx)\n",
+                     pcsc_error_string (r), r);
+          xfree (p);
+          close_pcsc_reader (0);
+          npth_mutex_unlock (&reader_table_lock);
+          return iso7816_map_sw (pcsc_error_to_sw (r));
+        }
+
+      dl->table = p;
+      dl->idx_max = 0;
+
+      while (nreader > 0)
+        {
+          size_t n;
+
+          if (!*p)
+            break;
+
+          for (n = 0; n < nreader; n++)
+            if (!p[n])
+              break;
+
+          if (n >= nreader)
+            {
+              log_error ("invalid response from pcsc_list_readers\n");
+              break;
+            }
+
+          log_info ("detected reader '%s'\n", p);
+          pcsc.rdrname[dl->idx_max] = p;
+          nreader -= n + 1;
+          p += n + 1;
+          dl->idx_max++;
+          if (dl->idx_max > MAX_READER)
+            {
+              log_error ("too many readers from pcsc_list_readers\n");
+              dl->idx_max--;
+              break;
             }
-          else
-            dl->idx_max = 1;
         }
     }
-#else
-  dl->table = NULL;
-  dl->idx_max = 1;
-#endif /* HAVE_LIBUSB */
 
   *l_p = dl;
   return 0;
@@ -2171,53 +2080,68 @@ void
 apdu_dev_list_finish (struct dev_list *dl)
 {
 #ifdef HAVE_LIBUSB
-  if (dl->table)
-    ccid_dev_scan_finish (dl->table, dl->idx_max);
+  if (!opt.disable_ccid)
+    {
+      if (dl->table)
+        ccid_dev_scan_finish (dl->table, dl->idx_max);
+    }
+  else
 #endif
+    { /* PC/SC readers.  */
+      int i;
+
+      xfree (dl->table);
+      for (i = 0; i < MAX_READER; i++)
+        pcsc.rdrname[i] = NULL;
+
+      if (pcsc.count == 0)
+        {
+          pcsc_release_context (pcsc.context);
+          pcsc.context = 0;
+        }
+    }
   xfree (dl);
   npth_mutex_unlock (&reader_table_lock);
 }
 
 
 int
-apdu_open_reader (struct dev_list *dl, int app_empty)
+apdu_open_reader (struct dev_list *dl)
 {
   int slot;
+  int readerno;
+
+  if (!dl->table)
+    return -1;
+
+  /* See whether we want to use the reader ID string or a reader
+     number. A readerno of -1 indicates that the reader ID string is
+     to be used. */
+  if (dl->portstr && strchr (dl->portstr, ':'))
+    readerno = -1; /* We want to use the readerid.  */
+  else if (dl->portstr)
+    {
+      readerno = atoi (dl->portstr);
+      if (readerno < 0 || readerno >= dl->idx_max)
+        return -1;
+
+      dl->idx = readerno;
+      dl->portstr = NULL;
+    }
+  else
+    readerno = 0;  /* Default. */
 
 #ifdef HAVE_LIBUSB
-  if (dl->table)
+  if (!opt.disable_ccid)
     { /* CCID readers.  */
-      int readerno;
-
-      /* See whether we want to use the reader ID string or a reader
-         number. A readerno of -1 indicates that the reader ID string is
-         to be used. */
-      if (dl->portstr && strchr (dl->portstr, ':'))
-        readerno = -1; /* We want to use the readerid.  */
-      else if (dl->portstr)
-        {
-          readerno = atoi (dl->portstr);
-          if (readerno < 0)
-            {
-              return -1;
-            }
-        }
-      else
-        readerno = 0;  /* Default. */
+      int cciderr;
 
       if (readerno > 0)
         { /* Use single, the specific reader.  */
-          if (readerno >= dl->idx_max)
-            return -1;
-
-          dl->idx = readerno;
-          dl->portstr = NULL;
-          slot = open_ccid_reader (dl);
+          slot = open_ccid_reader (dl, &cciderr);
+          /* And stick the reader and no scan.  */
           dl->idx = dl->idx_max;
-          if (slot >= 0)
-            return slot;
-          else
-            return -1;
+          return slot;
         }
 
       while (dl->idx < dl->idx_max)
@@ -2239,7 +2163,7 @@ apdu_open_reader (struct dev_list *dl, int app_empty)
               if (DBG_READER)
                 log_debug ("apdu_open_reader: new device=%x\n", bai);
 
-              slot = open_ccid_reader (dl);
+              slot = open_ccid_reader (dl, &cciderr);
 
               dl->idx++;
               if (slot >= 0)
@@ -2248,6 +2172,11 @@ apdu_open_reader (struct dev_list *dl, int app_empty)
                 {
                   /* Skip this reader.  */
                   log_error ("ccid open error: skip\n");
+                  if (cciderr == CCID_DRIVER_ERR_USB_ACCESS)
+                    log_info ("check permission of USB device at"
+                              " Bus %03d Device %03d\n",
+                              ((bai >> 16) & 0xff),
+                              ((bai >> 8) & 0xff));
                   continue;
                 }
             }
@@ -2255,26 +2184,60 @@ apdu_open_reader (struct dev_list *dl, int app_empty)
             dl->idx++;
         }
 
-      /* Not found.  Try one for PC/SC, only when it's the initial scan.  */
-      if (app_empty && dl->idx == dl->idx_max)
-        {
-          dl->idx++;
-          slot = open_pcsc_reader (dl->portstr);
-        }
-      else
-        slot = -1;
+      /* Not found.  */
+      slot = -1;
     }
   else
 #endif
     { /* PC/SC readers.  */
+      if (readerno > 0)
+        { /* Use single, the specific reader.  */
+          slot = open_pcsc_reader (pcsc.rdrname[readerno]);
+          /* And stick the reader and no scan.  */
+          dl->idx = dl->idx_max;
+          return slot;
+        }
 
-      if (app_empty && dl->idx == 0)
+      while (dl->idx < dl->idx_max)
         {
-          dl->idx++;
-          slot = open_pcsc_reader (dl->portstr);
+          const char *rdrname = pcsc.rdrname[dl->idx];
+
+          if (DBG_READER)
+            log_debug ("apdu_open_reader: %s\n", rdrname);
+
+          /* Check the identity of reader against already opened one.  */
+          for (slot = 0; slot < MAX_READER; slot++)
+            if (reader_table[slot].used
+                && !strcmp (reader_table[slot].rdrname, rdrname))
+              break;
+
+          if (slot == MAX_READER)
+            { /* Found a new device.  */
+              if (DBG_READER)
+                log_debug ("apdu_open_reader: new device=%s\n", rdrname);
+
+              /* When reader string is specified, check if it is the one.  */
+              if (readerno < 0 && strcmp (rdrname, dl->portstr) != 0)
+                continue;
+
+              slot = open_pcsc_reader (rdrname);
+
+              dl->idx++;
+              if (slot >= 0)
+                return slot;
+              else
+                {
+                  /* Skip this reader.  */
+                  log_error ("pcsc open error: skip\n");
+                  continue;
+                }
+            }
+          else
+            dl->idx++;
         }
-      else
-        slot = -1;
+
+      /* Not found.  */
+      slot = -1;
     }
 
   return slot;
@@ -2353,8 +2316,6 @@ apdu_close_reader (int slot)
   if (reader_table[slot].close_reader)
     {
       sw = reader_table[slot].close_reader (slot);
-      xfree (reader_table[slot].rdrname);
-      reader_table[slot].rdrname = NULL;
       reader_table[slot].used = 0;
       if (DBG_READER)
         log_debug ("leave: apdu_close_reader => 0x%x (close_reader)\n", sw);
@@ -2790,7 +2751,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen,
 }
 
 
-/* Core APDU tranceiver function. Parameters are described at
+/* Core APDU transceiver function. Parameters are described at
    apdu_send_le with the exception of PININFO which indicates pinpad
    related operations if not NULL.  If EXTENDED_MODE is not 0
    command chaining or extended length will be used according to these
@@ -3464,35 +3425,6 @@ apdu_get_reader_name (int slot)
   return reader_table[slot].rdrname;
 }
 
-
-/* Return the list of currently known readers.  Caller must free the
- * returned value.  Might return NULL. */
-char *
-apdu_get_reader_list (void)
-{
-  membuf_t mb;
-  char *ccidlist = NULL;
-
-  init_membuf (&mb, 256);
-#ifdef HAVE_LIBUSB
-  ccidlist = ccid_get_reader_list ();
-#endif
-
-  if (ccidlist && *ccidlist)
-    put_membuf_str (&mb, ccidlist);
-  if (pcsc.reader_list && *pcsc.reader_list)
-    {
-      if (ccidlist && *ccidlist)
-        put_membuf (&mb, "\n", 1);
-      put_membuf_str (&mb, pcsc.reader_list);
-    }
-  xfree (ccidlist);
-  put_membuf (&mb, "", 1);
-
-  return get_membuf (&mb, NULL);
-}
-
-
 gpg_error_t
 apdu_init (void)
 {
@@ -3500,9 +3432,10 @@ apdu_init (void)
   gpg_error_t err;
   int i;
 
-  pcsc.context = -1;
-  pcsc.context_valid = 0;
-  pcsc.reader_list = NULL;
+  pcsc.count = 0;
+  pcsc.context = 0;
+  for (i = 0; i < MAX_READER; i++)
+    pcsc.rdrname[i] = NULL;
 
   if (npth_mutex_init (&reader_table_lock, NULL))
     goto leave;
diff --git a/scd/apdu.h b/scd/apdu.h
index 32b8e9e..2d89d68 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -31,6 +31,7 @@ enum {
   SW_EOF_REACHED    = 0x6282,
   SW_TERM_STATE     = 0x6285, /* Selected file is in termination state.  */
   SW_EEPROM_FAILURE = 0x6581,
+  SW_ACK_TIMEOUT    = 0x6600, /* OpenPGPcard: Ack timeout.  */
   SW_WRONG_LENGTH   = 0x6700,
   SW_SM_NOT_SUP     = 0x6882, /* Secure Messaging is not supported.  */
   SW_CC_NOT_SUP     = 0x6884, /* Command Chaining is not supported.  */
@@ -82,7 +83,9 @@ enum {
   SW_HOST_USB_NO_DEVICE = 0x10024,
   SW_HOST_USB_BUSY      = 0x10026,
   SW_HOST_USB_TIMEOUT   = 0x10027,
-  SW_HOST_USB_OVERFLOW  = 0x10028
+  SW_HOST_USB_OVERFLOW  = 0x10028,
+  SW_HOST_UI_CANCELLED  = 0x10030,
+  SW_HOST_UI_TIMEOUT    = 0x10031
 };
 
 struct dev_list;
@@ -102,7 +105,7 @@ gpg_error_t apdu_dev_list_start (const char *portstr, struct dev_list **l_p);
 void apdu_dev_list_finish (struct dev_list *l);
 
 /* Note, that apdu_open_reader returns no status word but -1 on error. */
-int apdu_open_reader (struct dev_list *l, int app_empty);
+int apdu_open_reader (struct dev_list *l);
 int apdu_open_remote_reader (const char *portstr,
                              const unsigned char *cookie, size_t length,
                              int (*readfnc) (void *opaque,
@@ -151,6 +154,5 @@ int apdu_send_direct (int slot, size_t extended_length,
                       int handle_more, unsigned int *r_sw,
                       unsigned char **retbuf, size_t *retbuflen);
 const char *apdu_get_reader_name (int slot);
-char *apdu_get_reader_list (void);
 
 #endif /*APDU_H*/
diff --git a/scd/app-common.h b/scd/app-common.h
index f95db74..f194828 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -38,32 +38,31 @@
 
 /* Flags used with app_readkey.  */
 #define APP_READKEY_FLAG_INFO    1  /* Send also a KEYPAIRINFO line.  */
-#define APP_READKEY_FLAG_ADVANCED 2 /* (gnupg 2.2 only)  */
 
-/* Bit flags set by the decipher function into R_INFO.  */
+/* Flags set by the decipher function into R_INFO.  */
 #define APP_DECIPHER_INFO_NOPAD  1  /* Padding has been removed.  */
 
 /* Flags used by the app_write_learn_status.  */
 #define APP_LEARN_FLAG_KEYPAIRINFO  1 /* Return only keypair infos.  */
 #define APP_LEARN_FLAG_MULTI        2 /* Return info for all apps.  */
-#define APP_LEARN_FLAG_REREAD       4 /* Re-read infos from the token.  */
+#define APP_LEARN_FLAG_REREAD       4 /* Re-read ifnos from the token.  */
 
 
 /* List of supported card types.  Generic is the usual ISO7817-4
  * compliant card.  More specific card or token versions can be given
- * here.  Introduced in 2.2 for easier backporting from 2.3.  */
+ * here.  Use strcardtype() to map them to a string. */
 typedef enum
   {
    CARDTYPE_GENERIC = 0,
    CARDTYPE_GNUK,
    CARDTYPE_YUBIKEY,
    CARDTYPE_ZEITCONTROL
-  } cardtype_t;
 
+  } cardtype_t;
 
 /* List of supported card applications.  The source code for each
- * application can usually be found in an app-NAME.c file.  Introduced
- * in 2.2 for easier backporting from 2.3.  */
+ * application can usually be found in an app-NAME.c file.  Use
+ * strapptype() to map them to a string.  */
 typedef enum
   {
    APPTYPE_NONE = 0,
@@ -79,46 +78,70 @@ typedef enum
 
 
 /* Forward declarations.  */
+struct card_ctx_s;
 struct app_ctx_s;
 struct app_local_s;  /* Defined by all app-*.c.  */
 
+
+typedef struct card_ctx_s *card_t;
 typedef struct app_ctx_s *app_t;
 
-struct app_ctx_s {
-  struct app_ctx_s *next;
+/* The object describing a card.  */
+struct card_ctx_s {
+  card_t next;
 
   npth_mutex_t lock;
 
-  /* Number of connections currently using this application context.
-     If this is not 0 the application has been initialized and the
-     function pointers may be used.  Note that for unsupported
-     operations the particular function pointer is set to NULL */
+  /* Number of connections currently using this application context.  */
   unsigned int ref_count;
 
   /* Used reader slot. */
   int slot;
 
-  unsigned char *serialno; /* Serialnumber in raw form, allocated. */
-  size_t serialnolen;      /* Length in octets of serialnumber. */
-  apptype_t apptype;
-  unsigned int appversion; /* Version of the application or 0.     */
   cardtype_t cardtype;     /* The token's type.  */
   unsigned int cardversion;/* Firmware version of the token or 0.  */
+
   unsigned int card_status;
+
+  /* The serial number is associated with the card and not with a
+   * specific app.  If a card uses different serial numbers for its
+   * applications, our code picks the serial number of a specific
+   * application and uses that.  */
+  unsigned char *serialno; /* Serialnumber in raw form, allocated. */
+  size_t serialnolen;      /* Length in octets of serialnumber. */
+
+  /* A linked list of applications used on this card.  The app at the
+   * head of the list is the currently active app; To work with the
+   * other apps, switching to that app might be needed.  Switching will
+   * put the active app at the head of the list.  */
+  app_t app;
+
+  /* Various flags.  */
   unsigned int reset_requested:1;
   unsigned int periodical_check_needed:1;
+};
+
+
+/* The object describing a card's applications.  A card may have
+ * several applications and it is usually required to explicitly
+ * switch between applications.  */
+struct app_ctx_s {
+  app_t next;
+
+  card_t card;  /* Link back to the card.  */
+
+  apptype_t apptype;       /* The type of the application.  */
+  unsigned int appversion; /* Version of the application or 0.     */
   unsigned int did_chv1:1;
   unsigned int force_chv1:1;   /* True if the card does not cache CHV1. */
   unsigned int did_chv2:1;
   unsigned int did_chv3:1;
+  unsigned int need_reset:1;   /* Do't allow any functions but deinit.  */
   struct app_local_s *app_local;  /* Local to the application. */
   struct {
     void (*deinit) (app_t app);
-
-    /* prep_reselect and reselect are not used in this version of scd.  */
     gpg_error_t (*prep_reselect) (app_t app, ctrl_t ctrl);
     gpg_error_t (*reselect) (app_t app, ctrl_t ctrl);
-
     gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl, unsigned int flags);
     gpg_error_t (*readcert) (app_t app, const char *certid,
                      unsigned char **cert, size_t *certlen);
@@ -169,9 +192,6 @@ struct app_ctx_s {
     gpg_error_t (*check_pin) (app_t app, ctrl_t ctrl, const char *keyidstr,
                       gpg_error_t (*pincb)(void*, const char *, char **),
                       void *pincb_arg);
-
-    /* with_keygrip is not used in this version of scd but having it
-     * makes back porting app-*.c from later versions easier.  */
     gpg_error_t (*with_keygrip) (app_t app, ctrl_t ctrl, int action,
                                  const char *keygrip_str, int capability);
   } fnc;
@@ -191,16 +211,16 @@ enum
 static inline int
 app_get_slot (app_t app)
 {
-  /* Note that this is a similar function of the one in 2.3 which we
-   * use to make back porting easier.  */
-  if (app)
-    return app->slot;
+  if (app && app->card)
+    return app->card->slot;
   return -1;
 }
 
-/* Macro to access members in app_t which are found in 2.3 in a linked
- * card_t member.  */
-#define APP_CARD(a) (a)
+
+/* Macro to access members in app->card.  We use this macro because in
+ * 2.2 many members are stored directly in app_t and this way we can
+ * easier backport stuff.  */
+#define APP_CARD(a) ((a)->card)
 
 
 /*-- app-help.c --*/
@@ -217,71 +237,96 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
 
 
 /*-- app.c --*/
-void app_send_card_list (ctrl_t ctrl);
+const char *strcardtype (cardtype_t t);
+const char *strapptype (apptype_t t);
+
+void app_update_priority_list (const char *arg);
+gpg_error_t app_send_card_list (ctrl_t ctrl);
+gpg_error_t app_send_active_apps (card_t card, ctrl_t ctrl);
+char *card_get_serialno (card_t card);
 char *app_get_serialno (app_t app);
+char *card_get_dispserialno (card_t card, int nofallback);
 char *app_get_dispserialno (app_t app, int nofallback);
 
 void app_dump_state (void);
 void application_notify_card_reset (int slot);
-gpg_error_t check_application_conflict (const char *name, app_t app);
-gpg_error_t app_reset (app_t app, ctrl_t ctrl, int send_reset);
-gpg_error_t select_application (ctrl_t ctrl, const char *name, app_t *r_app,
+gpg_error_t check_application_conflict (card_t card, const char *name,
+                                        const unsigned char *serialno_bin,
+                                        size_t serialno_bin_len);
+gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset);
+gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app,
                                 int scan, const unsigned char *serialno_bin,
                                 size_t serialno_bin_len);
+gpg_error_t select_additional_application (ctrl_t ctrl, const char *name);
+
+gpg_error_t app_switch_current_card (ctrl_t ctrl,
+                                     const unsigned char *serialno,
+                                     size_t serialnolen);
+gpg_error_t app_switch_active_app (card_t card, ctrl_t ctrl,
+                                   const char *appname);
+
 char *get_supported_applications (void);
-void release_application (app_t app, int locked_already);
-gpg_error_t app_munge_serialno (app_t app);
-gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
+
+card_t card_ref (card_t card);
+void   card_unref (card_t card);
+void   card_unref_locked (card_t card);
+
+gpg_error_t app_munge_serialno (card_t card);
+gpg_error_t app_write_learn_status (card_t card, ctrl_t ctrl,
                                     unsigned int flags);
-gpg_error_t app_readcert (app_t app, ctrl_t ctrl, const char *certid,
+gpg_error_t app_readcert (card_t card, ctrl_t ctrl, const char *certid,
                   unsigned char **cert, size_t *certlen);
-gpg_error_t app_readkey (app_t app, ctrl_t ctrl, int advanced,
-                 const char *keyid, unsigned char **pk, size_t *pklen);
-gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name);
-gpg_error_t app_setattr (app_t app, ctrl_t ctrl, const char *name,
-                 gpg_error_t (*pincb)(void*, const char *, char **),
-                 void *pincb_arg,
-                 const unsigned char *value, size_t valuelen);
-gpg_error_t app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
-              gpg_error_t (*pincb)(void*, const char *, char **),
-              void *pincb_arg,
-              const void *indata, size_t indatalen,
-              unsigned char **outdata, size_t *outdatalen );
-gpg_error_t app_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
+gpg_error_t app_readkey (card_t card, ctrl_t ctrl,
+                         const char *keyid, unsigned int flags,
+                         unsigned char **pk, size_t *pklen);
+gpg_error_t app_getattr (card_t card, ctrl_t ctrl, const char *name);
+gpg_error_t app_setattr (card_t card, ctrl_t ctrl, const char *name,
+                         gpg_error_t (*pincb)(void*, const char *, char **),
+                         void *pincb_arg,
+                         const unsigned char *value, size_t valuelen);
+gpg_error_t app_sign (card_t card, ctrl_t ctrl,
+                      const char *keyidstr, int hashalgo,
                       gpg_error_t (*pincb)(void*, const char *, char **),
                       void *pincb_arg,
                       const void *indata, size_t indatalen,
                       unsigned char **outdata, size_t *outdatalen);
-gpg_error_t app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
+gpg_error_t app_auth (card_t card, ctrl_t ctrl, const char *keyidstr,
+                      gpg_error_t (*pincb)(void*, const char *, char **),
+                      void *pincb_arg,
+                      const void *indata, size_t indatalen,
+                      unsigned char **outdata, size_t *outdatalen);
+gpg_error_t app_decipher (card_t card, ctrl_t ctrl, const char *keyidstr,
                           gpg_error_t (*pincb)(void*, const char *, char **),
                           void *pincb_arg,
                           const void *indata, size_t indatalen,
                           unsigned char **outdata, size_t *outdatalen,
                           unsigned int *r_info);
-gpg_error_t app_writecert (app_t app, ctrl_t ctrl,
+gpg_error_t app_writecert (card_t card, ctrl_t ctrl,
                            const char *certidstr,
                            gpg_error_t (*pincb)(void*, const char *, char **),
                            void *pincb_arg,
                            const unsigned char *keydata, size_t keydatalen);
-gpg_error_t app_writekey (app_t app, ctrl_t ctrl,
+gpg_error_t app_writekey (card_t card, ctrl_t ctrl,
                           const char *keyidstr, unsigned int flags,
                           gpg_error_t (*pincb)(void*, const char *, char **),
                           void *pincb_arg,
                           const unsigned char *keydata, size_t keydatalen);
-gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
+gpg_error_t app_genkey (card_t card, ctrl_t ctrl,
                         const char *keynostr, const char *keytype,
                         unsigned int flags, time_t createtime,
                         gpg_error_t (*pincb)(void*, const char *, char **),
                         void *pincb_arg);
-gpg_error_t app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes,
+gpg_error_t app_get_challenge (card_t card, ctrl_t ctrl, size_t nbytes,
                                unsigned char *buffer);
-gpg_error_t app_change_pin (app_t app, ctrl_t ctrl,
+gpg_error_t app_change_pin (card_t card, ctrl_t ctrl,
                             const char *chvnostr, unsigned int flags,
                             gpg_error_t (*pincb)(void*, const char *, char **),
                             void *pincb_arg);
-gpg_error_t app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
-                   gpg_error_t (*pincb)(void*, const char *, char **),
-                   void *pincb_arg);
+gpg_error_t app_check_pin (card_t card, ctrl_t ctrl, const char *keyidstr,
+                           gpg_error_t (*pincb)(void*, const char *, char **),
+                           void *pincb_arg);
+card_t app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str,
+                            int capability);
 
 
 /*-- app-openpgp.c --*/
@@ -302,5 +347,8 @@ gpg_error_t app_select_geldkarte (app_t app);
 /*-- app-sc-hsm.c --*/
 gpg_error_t app_select_sc_hsm (app_t app);
 
+/*-- app-piv.c --*/
+gpg_error_t app_select_piv (app_t app);
+
 
 #endif /*GNUPG_SCD_APP_COMMON_H*/
diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
index 5a2713e..990de34 100644
--- a/scd/app-dinsig.c
+++ b/scd/app-dinsig.c
@@ -74,7 +74,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 
 #include "scdaemon.h"
@@ -100,7 +99,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 
   /* Return the certificate of the card holder. */
   fid = 0xC000;
-  len = app_help_read_length_of_cert (app->slot, fid, &certoff);
+  len = app_help_read_length_of_cert (app_get_slot (app), fid, &certoff);
   if (!len)
     return 0; /* Card has not been personalized. */
 
@@ -113,7 +112,8 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 
   /* Now we need to read the certificate, so that we can get the
      public key out of it.  */
-  err = iso7816_read_binary (app->slot, certoff, len-certoff, &der, &derlen);
+  err = iso7816_read_binary (app_get_slot (app), certoff, len-certoff,
+                             &der, &derlen);
   if (err)
     {
       log_info ("error reading entire certificate from FID 0x%04X: %s\n",
@@ -192,14 +192,14 @@ do_readcert (app_t app, const char *certid,
   /* Read the entire file.  fixme: This could be optimized by first
      reading the header to figure out how long the certificate
      actually is. */
-  err = iso7816_select_file (app->slot, fid, 0);
+  err = iso7816_select_file (app_get_slot (app), fid, 0);
   if (err)
     {
       log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
       return err;
     }
 
-  err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+  err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen);
   if (err)
     {
       log_error ("error reading certificate from FID 0x%04X: %s\n",
@@ -228,7 +228,7 @@ do_readcert (app_t app, const char *certid,
   else
     return gpg_error (GPG_ERR_INV_OBJ);
   totobjlen = objlen + hdrlen;
-  assert (totobjlen <= buflen);
+  log_assert (totobjlen <= buflen);
 
   err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                           &ndef, &objlen, &hdrlen);
@@ -259,7 +259,7 @@ do_readcert (app_t app, const char *certid,
       if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
         return gpg_error (GPG_ERR_INV_OBJ);
       totobjlen = objlen + hdrlen;
-      assert (save_p + totobjlen <= buffer + buflen);
+      log_assert (save_p + totobjlen <= buffer + buflen);
       memmove (buffer, save_p, totobjlen);
     }
 
@@ -292,7 +292,7 @@ verify_pin (app_t app,
   pininfo.maxlen = 8;
 
   if (!opt.disable_pinpad
-      && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
+      && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) )
     {
       rc = pincb (pincb_arg,
                   _("||Please enter your PIN at the reader's pinpad"),
@@ -303,7 +303,7 @@ verify_pin (app_t app,
                     gpg_strerror (rc));
           return rc;
         }
-      rc = iso7816_verify_kp (app->slot, 0x81, &pininfo);
+      rc = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo);
       /* Dismiss the prompt. */
       pincb (pincb_arg, NULL, NULL);
     }
@@ -344,7 +344,8 @@ verify_pin (app_t app,
           return gpg_error (GPG_ERR_BAD_PIN);
         }
 
-      rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
+      rc = iso7816_verify (app_get_slot (app), 0x81,
+                           pinvalue, strlen (pinvalue));
       if (gpg_err_code (rc) == GPG_ERR_INV_VALUE)
         {
           /* We assume that ISO 9564-1 encoding is used and we failed
@@ -365,7 +366,8 @@ verify_pin (app_t app,
             paddedpin[i++] = (((*s - '0') << 4) | 0x0f);
           while (i < sizeof paddedpin)
             paddedpin[i++] = 0xff;
-          rc = iso7816_verify (app->slot, 0x81, paddedpin, sizeof paddedpin);
+          rc = iso7816_verify (app_get_slot (app), 0x81,
+                               paddedpin, sizeof paddedpin);
         }
       xfree (pinvalue);
     }
@@ -416,7 +418,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       && indatalen != (15+20) && indatalen != (19+32))
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  /* Check that the provided ID is vaid.  This is not really needed
+  /* Check that the provided ID is valid.  This is not really needed
      but we do it to enforce correct usage by the caller. */
   if (strncmp (keyidstr, "DINSIG.", 7) )
     return gpg_error (GPG_ERR_INV_ID);
@@ -483,7 +485,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
 
   rc = verify_pin (app, pincb, pincb_arg);
   if (!rc)
-    rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+    rc = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0,
                              outdata, outdatalen);
   return rc;
 }
@@ -533,7 +535,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
       return err;
     }
 
-  err = iso7816_change_reference_data (app->slot, 0x81,
+  err = iso7816_change_reference_data (app_get_slot (app), 0x81,
                                        oldpin, oldpinlen,
                                        pinvalue, strlen (pinvalue));
   xfree (pinvalue);
@@ -548,7 +550,7 @@ gpg_error_t
 app_select_dinsig (app_t app)
 {
   static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
-  int slot = app->slot;
+  int slot = app_get_slot (app);
   int rc;
 
   rc = iso7816_select_application (slot, aid, sizeof aid, 0);
@@ -556,6 +558,8 @@ app_select_dinsig (app_t app)
     {
       app->apptype = APPTYPE_DINSIG;
 
+      app->fnc.prep_reselect = NULL;
+      app->fnc.reselect = NULL;
       app->fnc.learn_status = do_learn_status;
       app->fnc.readcert = do_readcert;
       app->fnc.getattr = NULL;
diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c
index 5437263..befe6c8 100644
--- a/scd/app-geldkarte.c
+++ b/scd/app-geldkarte.c
@@ -31,7 +31,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 #include <ctype.h>
 
@@ -253,7 +252,7 @@ copy_bcd (const unsigned char *string, size_t length)
 }
 
 
-/* Convert the BCD number at STING of LENGTH into an integer and store
+/* Convert the BCD number at STRING of LENGTH into an integer and store
    that at RESULT.  Return 0 on success.  */
 static gpg_error_t
 bcd_to_int (const unsigned char *string, size_t length, int *result)
@@ -276,7 +275,7 @@ app_select_geldkarte (app_t app)
   static char const aid[] =
     { 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 };
   gpg_error_t err;
-  int slot = app->slot;
+  int slot = app_get_slot (app);
   unsigned char *result = NULL;
   size_t resultlen;
   struct app_local_s *ld;
@@ -313,19 +312,21 @@ app_select_geldkarte (app_t app)
 
   app->apptype = APPTYPE_GELDKARTE;
   app->fnc.deinit = do_deinit;
+  app->fnc.prep_reselect = NULL;
+  app->fnc.reselect = NULL;
 
   /* If we don't have a serialno yet construct it from the EF_ID.  */
-  if (!app->serialno)
+  if (!app->card->serialno)
     {
-      app->serialno = xtrymalloc (10);
-      if (!app->serialno)
+      app->card->serialno = xtrymalloc (10);
+      if (!app->card->serialno)
         {
           err = gpg_error_from_syserror ();
           goto leave;
         }
-      memcpy (app->serialno, result, 10);
-      app->serialnolen = 10;
-      err = app_munge_serialno (app);
+      memcpy (app->card->serialno, result, 10);
+      app->card->serialnolen = 10;
+      err = app_munge_serialno (app->card);
       if (err)
         goto leave;
     }
diff --git a/scd/app-help.c b/scd/app-help.c
index 8d225ef..7774b54 100644
--- a/scd/app-help.c
+++ b/scd/app-help.c
@@ -28,9 +28,9 @@
 #include "../common/tlv.h"
 
 
-/* Count the number of bits, assuming the A represents an unsigned big
-   integer of length LEN bytes.  If A is NULL a length of 0 is
-   returned. */
+/* Count the number of bits, assuming that A represents an unsigned
+ * big integer of length LEN bytes.  If A is NULL a length of 0 is
+ * returned. */
 unsigned int
 app_help_count_bits (const unsigned char *a, size_t len)
 {
@@ -58,8 +58,7 @@ app_help_count_bits (const unsigned char *a, size_t len)
  * there.  The caller needs to call gcry_sexp_release on that.  If
  * R_ALGO is not NULL the public key algorithm id of Libgcrypt is
  * stored there.  If R_ALGOSTR is not NULL and the function succeeds a
- * newly allocated algo string (e.g. "rsa2048") is stored there.
- * HEXKEYGRIP may be NULL if the caller is not interested in it.  */
+ * newly allocated algo string (e.g. "rsa2048") is stored there. */
 gpg_error_t
 app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
                                 gcry_sexp_t *r_pkey, int *r_algo,
@@ -77,7 +76,8 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
   err = gcry_sexp_sscan (&s_pkey, NULL, pk, pklen);
   if (err)
     return err; /* Can't parse that S-expression. */
-  if (hexkeygrip && !gcry_pk_get_keygrip (s_pkey, array))
+
+  if (!gcry_pk_get_keygrip (s_pkey, array))
     {
       gcry_sexp_release (s_pkey);
       return gpg_error (GPG_ERR_GENERAL); /* Failed to calculate the keygrip.*/
@@ -102,8 +102,7 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
   else
     gcry_sexp_release (s_pkey);
 
-  if (hexkeygrip)
-    bin2hex (array, KEYGRIP_LEN, hexkeygrip);
+  bin2hex (array, KEYGRIP_LEN, hexkeygrip);
 
   return 0;
 }
@@ -139,7 +138,6 @@ app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip,
 }
 
 
-/* Get the public key from the binary encoded (CERT,CERTLEN).  */
 gpg_error_t
 app_help_pubkey_from_cert (const void *cert, size_t certlen,
                            unsigned char **r_pk, size_t *r_pklen)
@@ -192,7 +190,6 @@ app_help_pubkey_from_cert (const void *cert, size_t certlen,
   return err;
 }
 
-
 /* Given the SLOT and the File ID FID, return the length of the
    certificate contained in that file. Returns 0 if the file does not
    exists or does not contain a certificate.  If R_CERTOFF is not
diff --git a/scd/app-nks.c b/scd/app-nks.c
index 1f59321..006e6a9 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -1,5 +1,6 @@
 /* app-nks.c - The Telesec NKS card application.
- * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2007-2009 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2007-2009, 2013-2015, 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -18,28 +19,55 @@
  */
 
 /* Notes:
-
-  - We are now targeting TCOS 3 cards and it may happen that there is
-    a regression towards TCOS 2 cards.  Please report.
-
-  - The TKS3 AUT key is not used.  It seems that it is only useful for
-    the internal authentication command and not accessible by other
-    applications.  The key itself is in the encryption class but the
-    corresponding certificate has only the digitalSignature
-    capability.
-
-  - If required, we automagically switch between the NKS application
-    and the SigG application.  This avoids to use the DINSIG
-    application which is somewhat limited, has no support for Secure
-    Messaging as required by TCOS 3 and has no way to change the PIN
-    or even set the NullPIN.
-
-  - We use the prefix NKS-DF01 for TCOS 2 cards and NKS-NKS3 for newer
-    cards.  This is because the NKS application has moved to DF02 with
-    TCOS 3 and thus we better use a DF independent tag.
-
-  - We use only the global PINs for the NKS application.
-
+ *
+ * - We are now targeting TCOS 3 cards and it may happen that there is
+ *   a regression towards TCOS 2 cards.  Please report.
+ *
+ * - The NKS3 AUT key is not used.  It seems that it is only useful for
+ *   the internal authentication command and not accessible by other
+ *   applications.  The key itself is in the encryption class but the
+ *   corresponding certificate has only the digitalSignature
+ *   capability.
+ *   Update: This changed for the Signature Card V2 (nks version 15)
+ *
+ * - If required, we automagically switch between the NKS application
+ *   and the SigG or eSign application.  This avoids to use the DINSIG
+ *   application which is somewhat limited, has no support for Secure
+ *   Messaging as required by TCOS 3 and has no way to change the PIN
+ *   or even set the NullPIN.  With the Signature Card v2 (nks version
+ *   15) the Esign application is used instead of the SigG.
+ *
+ * - We use the prefix NKS-DF01 for TCOS 2 cards and NKS-NKS3 for newer
+ *   cards.  This is because the NKS application has moved to DF02 with
+ *   TCOS 3 and thus we better use a DF independent tag.
+ *
+ * - We use only the global PINs for the NKS application.
+ *
+ *
+ *
+ * Here is a table with PIN stati collected from 3 cards.
+ *
+ *  | app | pwid | NKS3      | SIG_B     | SIG_N     |
+ *  |-----+------+-----------+-----------+-----------|
+ *  | NKS | 0x00 | null -    | -    -    | -    -    |
+ *  |     | 0x01 | 0    3    | -    -    | -    -    |
+ *  |     | 0x02 | 3    null | 15   3    | 15   null |
+ *  |     | 0x03 | -    3    | null -    | 3    -    |
+ *  |     | 0x04 |           | null 0    | 3    3    |
+ *  | SIG | 0x00 | null -    | -    -    | -    -    |
+ *  |     | 0x01 | 0    null | -    null | -    null |
+ *  |     | 0x02 | 3    null | 15   0    | 15   0    |
+ *  |     | 0x03 | -    0    | null null | null null |
+ *  - SIG is either SIGG or ESIGN.
+ *  - "-" indicates reference not found (SW 6A88).
+ *  - "null" indicates a NULLPIN (SW 6985).
+ *  - The first value in each cell is the global PIN;
+ *    the second is the local PIN (high bit of pwid set).
+ *  - The NKS3 card is some older test card.
+ *  - The SIG_B is a Signature Card V2.0 with Brainpool curves.
+ *    Here the PIN 0x82 has been changed from the NULLPIN.
+ *  - The SIG_N is a Signature Card V2.0 with NIST curves.
+ *    The PIN was enabled using the TCOS Windows tool.
  */
 
 #include <config.h>
@@ -47,7 +75,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 
 #include "scdaemon.h"
@@ -59,66 +86,154 @@
 
 static char const aid_nks[]  = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 };
 static char const aid_sigg[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
+static char const aid_esign[] =
+  { 0xA0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4E };
+static char const aid_idlm[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x0c, 0x01 };
+
+
+/* The ids of the different apps on our TCOS cards.  */
+#define NKS_APP_NKS   0
+#define NKS_APP_SIGG  1
+#define NKS_APP_ESIGN 2
+#define NKS_APP_IDLM  3
 
 
 static struct
 {
-  int is_sigg;   /* Valid for SigG application.  */
+  int nks_app_id;/* One of the NKS_APP_ constants.  */
   int fid;       /* File ID. */
-  int nks_ver;   /* 0 for NKS version 2, 3 for version 3. */
+  int nks_ver;   /* 0 for NKS version 2, 3 for version 3, etc.  */
   int certtype;  /* Type of certificate or 0 if it is not a certificate. */
-  int iskeypair; /* If true has the FID of the corresponding certificate. */
+  int iskeypair; /* If true has the FID of the corresponding certificate.
+                  * If no certificate is known a value of -1 is used. */
+  int isauthkey; /* True if file is a key usable for authentication. */
   int issignkey; /* True if file is a key usable for signing. */
-  int isenckey;  /* True if file is a key usable for decryption. */
+  int isencrkey; /* True if file is a key usable for decryption. */
   unsigned char kid;  /* Corresponding key references.  */
 } filelist[] = {
-  { 0, 0x4531, 0, 0,  0xC000, 1, 0, 0x80 }, /* EF_PK.NKS.SIG */
+  { 0, 0x4531, 0, 0,  0xC000, 1,1,0, 0x80}, /* EF_PK.NKS.SIG */
+  /* */                              /* nks15: EF.PK.NKS.ADS */
   { 0, 0xC000, 0, 101 },                    /* EF_C.NKS.SIG  */
-  { 0, 0x4331, 0, 100 },
+  /* */                              /* nks15: EF.C.ICC.ADS  (sign key)  */
+
+  { 0, 0x4331, 0, 100 },                    /* Unnamed.                  */
+  /* */                              /* nks15: EF.C.ICC.RFU1             */
+  /* */                              /* (second cert for sign key)       */
+
   { 0, 0x4332, 0, 100 },
-  { 0, 0xB000, 0, 110 },                    /* EF_PK.RCA.NKS */
-  { 0, 0x45B1, 0, 0,  0xC200, 0, 1, 0x81 }, /* EF_PK.NKS.ENC */
-  { 0, 0xC200, 0, 101 },                    /* EF_C.NKS.ENC  */
-  { 0, 0x43B1, 0, 100 },
+  { 0, 0xB000, 0, 110 },                    /* EF_PK.RCA.NKS             */
+
+  { 0, 0x45B1, 0, 0,  0xC200, 0,0,1, 0x81}, /* EF_PK.NKS.ENC             */
+  /* */                              /* nks15: EF.PK.ICC.ENC1            */
+  { 0, 0xC200, 0, 101 },                    /* EF_C.NKS.ENC              */
+                                     /* nks15: EF.C.ICC.ENC1 (Cert-encr) */
+
+  { 0, 0x43B1, 0, 100 },                    /* Unnamed */
+  /* */                              /* nks15: EF.C.ICC.RFU2             */
+  /* */                              /* (second cert for enc1 key)       */
+
   { 0, 0x43B2, 0, 100 },
-/* The authentication key is not used.  */
-/*   { 0, 0x4571, 3, 0,  0xC500, 0, 0, 0x82 }, /\* EF_PK.NKS.AUT *\/ */
-/*   { 0, 0xC500, 3, 101 },                    /\* EF_C.NKS.AUT  *\/ */
-  { 0, 0x45B2, 3, 0,  0xC201, 0, 1, 0x83 }, /* EF_PK.NKS.ENC1024 */
+  { 0, 0x4371,15, 100 },                    /* EF.C.ICC.RFU3             */
+  /* */                              /* (second cert for auth key)       */
+
+  { 0, 0x45B2, 3, 0,  0xC201, 0,0,1, 0x83}, /* EF_PK.NKS.ENC1024         */
+  /* */                              /* nks15: EF.PK.ICC.ENC2            */
   { 0, 0xC201, 3, 101 },                    /* EF_C.NKS.ENC1024  */
-  { 1, 0x4531, 3, 0,  0xC000, 1, 1, 0x84 }, /* EF_PK.CH.SIG  */
+
+  { 0, 0xC20E,15, 111 },                    /* EF.C.CSP.RCA1 (RootCA 1) */
+  { 0, 0xC208,15, 101 },                    /* EF.C.CSP.SCA1 (SubCA 1) */
+  { 0, 0xC10E,15, 111 },                    /* EF.C.CSP.RCA2 (RootCA 2) */
+  { 0, 0xC108,15, 101 },                    /* EF.C.CSP.SCA2 (SubCA 2) */
+
+  { 0, 0x4571,15, 0,  0xC500, 1,0,0, 0x82}, /* EF.PK.ICC.AUT */
+  { 0, 0xC500,15, 101 },                    /* EF.C.ICC.AUT  (Cert-auth) */
+
+  { 0, 0xC201,15, 101 },                    /* EF.C.ICC.ENC2 (Cert-encr) */
+                                            /* (empty on delivery) */
+
+  { 1, 0x4531, 3, 0,  0xC000, 0,1,1, 0x84}, /* EF_PK.CH.SIG  */
   { 1, 0xC000, 0, 101 },                    /* EF_C.CH.SIG  */
+
   { 1, 0xC008, 3, 101 },                    /* EF_C.CA.SIG  */
   { 1, 0xC00E, 3, 111 },                    /* EF_C.RCA.SIG  */
+
+  { 2, 0x4531, 15, 0, 0xC001, 0,1,1, 0x84}, /* EF_PK.CH.SIG  */
+  { 2, 0xC000, 15,101 },                    /* EF.C.SCA.QES (SubCA) */
+  { 2, 0xC001, 15,100 },                    /* EF.C.ICC.QES (Cert)  */
+  { 2, 0xC00E, 15,111 },                    /* EF.C.RCA.QES (RootCA */
+
+  { 3, 0x4E03,  3, 0, -1 },                 /* EK_PK_03 */
+  { 3, 0x4E04,  3, 0, -1 },                 /* EK_PK_04 */
+  { 3, 0x4E05,  3, 0, -1 },                 /* EK_PK_05 */
+  { 3, 0x4E06,  3, 0, -1 },                 /* EK_PK_06 */
+  { 3, 0x4E07,  3, 0, -1 },                 /* EK_PK_07 */
+  { 3, 0x4E08,  3, 0, -1 },                 /* EK_PK_08 */
+
   { 0, 0 }
 };
 
 
+/* Object to cache information gathered from FIDs. */
+struct fid_cache_s {
+  struct fid_cache_s *next;
+  int nks_app_id;
+  int fid;                          /* Zero for an unused slot.  */
+  unsigned int  got_keygrip:1;      /* The keygrip and algo are valid.  */
+  int algo;
+  char *algostr;                    /* malloced.  */
+  char keygripstr[2*KEYGRIP_LEN+1];
+};
+
 
 /* Object with application (i.e. NKS) specific data.  */
 struct app_local_s {
-  int nks_version;  /* NKS version.  */
+  int active_nks_app;   /* One of the NKS_APP_ constants.  */
+
+  int only_idlm;        /* The application is fixed to IDLM (IDKey card).  */
+  int qes_app_id;       /* Either NKS_APP_SIGG or NKS_APP_ESIGN.  */
 
-  int sigg_active;  /* True if switched to the SigG application.  */
-  int sigg_msig_checked;/*  True if we checked for a mass signature card.  */
-  int sigg_is_msig; /* True if this is a mass signature card.  */
+  int sigg_msig_checked;/* True if we checked for a mass signature card.  */
+  int sigg_is_msig;     /* True if this is a mass signature card.  */
 
-  int need_app_select; /* Need to re-select the application.  */
+  int need_app_select;  /* Need to re-select the application.  */
 
+  struct fid_cache_s *fid_cache; /* Linked list with cached infos.  */
 };
 
 
 
-static gpg_error_t switch_application (app_t app, int enable_sigg);
+static gpg_error_t readcert_from_ef (app_t app, int fid,
+                                     unsigned char **cert, size_t *certlen);
+static gpg_error_t switch_application (app_t app, int nks_app_id);
+static const char *parse_pwidstr (app_t app, const char *pwidstr, int new_mode,
+                                  int *r_nks_app_id, int *r_pwid);
+static gpg_error_t verify_pin (app_t app, int pwid, const char *desc,
+                               gpg_error_t (*pincb)(void*, const char *,
+                                                    char **),
+                               void *pincb_arg);
 
 
 
+static void
+flush_fid_cache (app_t app)
+{
+  while (app->app_local->fid_cache)
+    {
+      struct fid_cache_s *next = app->app_local->fid_cache->next;
+      if (app->app_local->fid_cache)
+        xfree (app->app_local->fid_cache->algostr);
+      xfree (app->app_local->fid_cache);
+      app->app_local->fid_cache = next;
+    }
+}
+
 /* Release local data. */
 static void
 do_deinit (app_t app)
 {
   if (app && app->app_local)
     {
+      flush_fid_cache (app);
       xfree (app->app_local);
       app->app_local = NULL;
     }
@@ -137,33 +252,78 @@ all_zero_p (void *buffer, size_t length)
 }
 
 
-/* Read the file with FID, assume it contains a public key and return
-   its keygrip in the caller provided 41 byte buffer R_GRIPSTR. */
+/* Return an allocated string with the serial number in a format to be
+ * show to the user.  May return NULL on malloc problem.  */
+static char *
+get_dispserialno (app_t app)
+{
+  char *result;
+
+  /* We only need to strip the last zero which is not printed on the
+   * card.  */
+  result = app_get_serialno (app);
+  if (result && *result && result[strlen(result)-1] == '0')
+    result[strlen(result)-1] = 0;
+  return result;
+}
+
+
 static gpg_error_t
-keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
+pubkey_from_pk_file (app_t app, int pkfid, int cfid,
+                     unsigned char **r_pk, size_t *r_pklen)
 {
   gpg_error_t err;
-  unsigned char grip[20];
   unsigned char *buffer[2];
   size_t buflen[2];
-  gcry_sexp_t sexp;
   int i;
   int offset[2] = { 0, 0 };
 
-  err = iso7816_select_file (app->slot, fid, 0);
+  *r_pk = NULL;
+  *r_pklen = 0;
+
+  if (app->appversion == 15)
+    {
+      /* Signature Card v2 - get keygrip from the certificate.  */
+      unsigned char *cert;
+      size_t certlen;
+
+      if (cfid == -1)
+        return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+      /* Fall back to certificate reading.  */
+      err = readcert_from_ef (app, cfid, &cert, &certlen);
+      if (err)
+        {
+          log_error ("nks: error reading certificate %04X: %s\n",
+                     cfid, gpg_strerror (err));
+          return err;
+        }
+
+      err = app_help_pubkey_from_cert (cert, certlen, r_pk, r_pklen);
+      xfree (cert);
+      if (err)
+        log_error ("nks: error parsing certificate %04X: %s\n",
+                   cfid, gpg_strerror (err));
+
+      return err;
+    }
+
+  err = iso7816_select_file (app_get_slot (app), pkfid, 0);
   if (err)
     return err;
-  err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]);
+  err = iso7816_read_record (app_get_slot (app), 1, 1, 0,
+                             &buffer[0], &buflen[0]);
   if (err)
     return err;
-  err = iso7816_read_record (app->slot, 2, 1, 0, &buffer[1], &buflen[1]);
+  err = iso7816_read_record (app_get_slot (app), 2, 1, 0,
+                             &buffer[1], &buflen[1]);
   if (err)
     {
       xfree (buffer[0]);
       return err;
     }
 
-  if (app->app_local->nks_version < 3)
+  if (app->appversion < 3)
     {
       /* Old versions of NKS store the values in a TLV encoded format.
          We need to do some checks.  */
@@ -179,6 +339,12 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
             err = gpg_error (GPG_ERR_INV_OBJ);
           else
             offset[i] = 2;
+          if (err)
+            {
+              xfree (buffer[0]);
+              xfree (buffer[1]);
+              return err;
+            }
         }
     }
   else
@@ -206,11 +372,12 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
 
           newlen = 1 + buflen[i] - offset[i];
           newbuf = xtrymalloc (newlen);
-          if (!newbuf)
+          if (!newlen)
             {
+              err = gpg_error_from_syserror ();
               xfree (buffer[0]);
               xfree (buffer[1]);
-              return gpg_error_from_syserror ();
+              return err;
             }
           newbuf[0] = 0;
           memcpy (newbuf+1, buffer[i]+offset[i], buflen[i] - offset[i]);
@@ -221,41 +388,264 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
         }
     }
 
-  if (!err)
-    err = gcry_sexp_build (&sexp, NULL,
-                           "(public-key (rsa (n %b) (e %b)))",
-                           (int)buflen[0]-offset[0], buffer[0]+offset[0],
-                           (int)buflen[1]-offset[1], buffer[1]+offset[1]);
+  *r_pk = make_canon_sexp_from_rsa_pk (buffer[0]+offset[0], buflen[0]-offset[0],
+                                       buffer[1]+offset[1], buflen[1]-offset[1],
+                                       r_pklen);
 
   xfree (buffer[0]);
   xfree (buffer[1]);
-  if (err)
-    return err;
+  return err;
+}
+
+/* Read the file with PKFID, assume it contains a public key and
+ * return its keygrip in the caller provided 41 byte buffer R_GRIPSTR.
+ * This works only for RSA card.  For the Signature Card v2 ECC is
+ * used and Read Record needs to be replaced by read binary.  Given
+ * all the ECC parameters required, we don't do that but rely that the
+ * corresponding certificate at CFID is already available and get the
+ * public key from there.  Note that a CFID of 1 is indicates that a
+ * certificate is not known.  If R_ALGO is not NULL the public key
+ * algorithm for the returned KEYGRIP is stored there.  If R_ALGOSTR
+ * is not NULL the public key algo string (e.g. "rsa2048") is stored
+ * there.  */
+static gpg_error_t
+keygripstr_from_pk_file (app_t app, int pkfid, int cfid, char *r_gripstr,
+                         int *r_algo, char **r_algostr)
+{
+  gpg_error_t err;
+  int algo = 0;  /* Public key algo.  */
+  char *algostr = NULL; /* Public key algo string.  */
+  struct fid_cache_s *ci;
+  unsigned char *pk;
+  size_t pklen;
+
+  for (ci = app->app_local->fid_cache; ci; ci = ci->next)
+    if (ci->fid && ci->nks_app_id == app->app_local->active_nks_app
+        && ci->fid == pkfid)
+      {
+        if (!ci->got_keygrip)
+          return gpg_error (GPG_ERR_NOT_FOUND);
+        if (r_algostr && !ci->algostr)
+          break;  /* Not in the cache - try w/o cache.  */
+        memcpy (r_gripstr, ci->keygripstr, 2*KEYGRIP_LEN+1);
+        if (r_algo)
+          *r_algo = ci->algo;
+        if (r_algostr)
+          {
+            *r_algostr = xtrystrdup (ci->algostr);
+            if (!*r_algostr)
+              return gpg_error_from_syserror ();
+          }
+        return 0;  /* Found in cache.  */
+      }
 
-  if (!gcry_pk_get_keygrip (sexp, grip))
+  err = pubkey_from_pk_file (app, pkfid, cfid, &pk, &pklen);
+  err = app_help_get_keygrip_string_pk (pk, pklen, r_gripstr, NULL,
+                                        &algo, &algostr);
+  xfree (pk);
+
+  if (!err)
     {
-      err = gpg_error (GPG_ERR_INTERNAL); /* i.e. RSA not supported by
-                                             libgcrypt. */
+      if (r_algostr)
+        {
+          *r_algostr = algostr;
+          algostr = NULL;
+        }
+
+      /* FIXME: We need to implement not_found caching.  */
+      for (ci = app->app_local->fid_cache; ci; ci = ci->next)
+        if (ci->fid
+            && ci->nks_app_id == app->app_local->active_nks_app
+            && ci->fid == pkfid)
+          {
+            /* Update the keygrip.  */
+            memcpy (ci->keygripstr, r_gripstr, 2*KEYGRIP_LEN+1);
+            ci->algo = algo;
+            xfree (ci->algostr);
+            ci->algostr = algostr? xtrystrdup (algostr) : NULL;
+            ci->got_keygrip = 1;
+            break;
+          }
+      if (!ci)
+        {
+          for (ci = app->app_local->fid_cache; ci; ci = ci->next)
+            if (!ci->fid)
+              break;
+          if (!ci)
+            ci = xtrycalloc (1, sizeof *ci);
+          if (!ci)
+            ; /* Out of memory - it is a cache, so we ignore it.  */
+          else
+            {
+              ci->nks_app_id = app->app_local->active_nks_app;
+              ci->fid = pkfid;
+              memcpy (ci->keygripstr, r_gripstr, 2*KEYGRIP_LEN+1);
+              ci->algo = algo;
+              ci->got_keygrip = 1;
+              ci->next = app->app_local->fid_cache;
+              app->app_local->fid_cache = ci;
+            }
+        }
     }
-  else
+  xfree (algostr);
+  return err;
+}
+
+
+/* Parse KEYREF and return the index into the FILELIST at R_IDX.
+ * Returns 0 on success and switches to the requested application.
+ * The public key algo is stored at R_ALGO unless it is NULL.  */
+static gpg_error_t
+find_fid_by_keyref (app_t app, const char *keyref, int *r_idx, int *r_algo)
+{
+  gpg_error_t err;
+  int idx, fid, nks_app_id;
+  char keygripstr[2*KEYGRIP_LEN+1];
+
+  if (!keyref || !keyref[0])
+    err = gpg_error (GPG_ERR_INV_ID);
+  else if (keyref[0] != 'N' && strlen (keyref) == 40)  /* This is a keygrip.  */
+    {
+      struct fid_cache_s *ci;
+
+      for (ci = app->app_local->fid_cache; ci; ci = ci->next)
+        if (ci->fid && ci->got_keygrip && !strcmp (ci->keygripstr, keyref))
+          break;
+      if (ci) /* Cached */
+        {
+          for (idx=0; filelist[idx].fid; idx++)
+            if (filelist[idx].fid == ci->fid)
+              break;
+          if (!filelist[idx].fid)
+            {
+              log_debug ("nks: Ooops: Unkown FID cached!\n");
+              err = gpg_error (GPG_ERR_BUG);
+              goto leave;
+            }
+          err = switch_application (app, filelist[idx].nks_app_id);
+          if (err)
+            goto leave;
+          if (r_algo)
+            *r_algo = ci->algo;
+        }
+      else  /* Not cached.  */
+        {
+          for (idx=0; filelist[idx].fid; idx++)
+            {
+              if (!filelist[idx].iskeypair)
+                continue;
+
+              if (app->app_local->only_idlm)
+                {
+                  if (filelist[idx].nks_app_id != NKS_APP_IDLM)
+                    continue;
+                }
+              else
+                {
+                  if (filelist[idx].nks_app_id != NKS_APP_NKS
+                      && filelist[idx].nks_app_id != app->app_local->qes_app_id)
+                    continue;
+
+                  err = switch_application (app, filelist[idx].nks_app_id);
+                  if (err)
+                    goto leave;
+                }
+
+              err = keygripstr_from_pk_file (app, filelist[idx].fid,
+                                             filelist[idx].iskeypair,
+                                             keygripstr, r_algo, NULL);
+              if (err)
+                {
+                  log_info ("nks: no keygrip for FID 0x%04X: %s - ignored\n",
+                            filelist[idx].fid, gpg_strerror (err));
+                  continue;
+                }
+              if (!strcmp (keygripstr, keyref))
+                break; /* Found */
+            }
+          if (!filelist[idx].fid)
+            {
+              err = gpg_error (GPG_ERR_NOT_FOUND);
+              goto leave;
+            }
+          /* (No need to switch the app as that has already been done
+           * in the loop.)  */
+        }
+      *r_idx = idx;
+      err = 0;
+    }
+  else /* This is a usual keyref.  */
     {
-      bin2hex (grip, 20, r_gripstr);
+      if (!ascii_strncasecmp (keyref, "NKS-NKS3.", 9))
+        nks_app_id = NKS_APP_NKS;
+      else if (!ascii_strncasecmp (keyref, "NKS-ESIGN.", 10)
+               && app->app_local->qes_app_id == NKS_APP_ESIGN)
+        nks_app_id = NKS_APP_ESIGN;
+      else if (!ascii_strncasecmp (keyref, "NKS-SIGG.", 9)
+               && app->app_local->qes_app_id == NKS_APP_SIGG)
+        nks_app_id = NKS_APP_SIGG;
+      else if (!ascii_strncasecmp (keyref, "NKS-IDLM.", 9))
+        nks_app_id = NKS_APP_IDLM;
+      else if (!ascii_strncasecmp (keyref, "NKS-DF01.", 9))
+        nks_app_id = NKS_APP_NKS;
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          goto leave;
+        }
+      keyref += nks_app_id == NKS_APP_ESIGN? 10 : 9;
+
+      if (!hexdigitp (keyref) || !hexdigitp (keyref+1)
+          || !hexdigitp (keyref+2) || !hexdigitp (keyref+3)
+          || keyref[4])
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          goto leave;
+        }
+      fid = xtoi_4 (keyref);
+      for (idx=0; filelist[idx].fid; idx++)
+        if (filelist[idx].iskeypair && filelist[idx].fid == fid
+            && filelist[idx].nks_app_id == nks_app_id)
+          break;
+      if (!filelist[idx].fid)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
+      *r_idx = idx;
+
+      err = switch_application (app, nks_app_id);
+      if (err)
+        goto leave;
+      if (r_algo)
+        {
+          /* We need to get the public key algo.  */
+          err = keygripstr_from_pk_file (app, filelist[idx].fid,
+                                         filelist[idx].iskeypair,
+                                         keygripstr, r_algo, NULL);
+          if (err)
+            log_error ("nks: no keygrip for FID 0x%04X: %s\n",
+                       filelist[idx].fid, gpg_strerror (err));
+        }
     }
-  gcry_sexp_release (sexp);
+
+ leave:
   return err;
 }
 
 
 /* TCOS responds to a verify with empty data (i.e. without the Lc
- * byte) with the status of the PIN.  PWID is the PIN ID, If SIGG is
- * true, the application is switched into SigG mode.  Returns:
+ * byte) with the status of the PIN.  PWID is the PIN ID. NKS_APP_ID
+ * gives the application to first switch to.  Returns:
  * ISO7816_VERIFY_* codes or non-negative number of verification
  * attempts left.  */
 static int
-get_chv_status (app_t app, int sigg, int pwid)
+get_chv_status (app_t app, int nks_app_id, int pwid)
 {
-  if (switch_application (app, sigg))
-    return sigg? -2 : -1; /* No such PIN / General error.  */
+  if (switch_application (app, nks_app_id))
+    return (nks_app_id == NKS_APP_NKS
+            ? ISO7816_VERIFY_ERROR
+            : ISO7816_VERIFY_NO_PIN);
 
   return iso7816_verify_status (app_get_slot (app), pwid);
 }
@@ -273,33 +663,49 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     { "$AUTHKEYID",   1 },
     { "$ENCRKEYID",   2 },
     { "$SIGNKEYID",   3 },
-    { "NKS-VERSION",  4 },
+    { "NKS-VERSION",  4 },  /* Legacy (printed decimal)  */
     { "CHV-STATUS",   5 },
-    { NULL, 0 }
+    { "$DISPSERIALNO",6 },
+    { "SERIALNO",     0 }
   };
   gpg_error_t err = 0;
   int idx;
+  char *p, *p2;
   char buffer[100];
+  int nksver = app->appversion;
 
-  err = switch_application (app, 0);
+  err = switch_application (app, NKS_APP_NKS);
   if (err)
     return err;
 
-  for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
+  for (idx=0; (idx < DIM(table)
+               && ascii_strcasecmp (table[idx].name, name)); idx++)
     ;
-  if (!table[idx].name)
+  if (!(idx < DIM (table)))
     return gpg_error (GPG_ERR_INV_NAME);
 
   switch (table[idx].special)
     {
+    case 0: /* SERIALNO */
+      {
+        p = app_get_serialno (app);
+        if (p)
+          {
+            send_status_direct (ctrl, "SERIALNO", p);
+            xfree (p);
+          }
+      }
+      break;
+
     case 1: /* $AUTHKEYID */
       {
         /* NetKey 3.0 cards define an authentication key but according
            to the specs this key is only usable for encryption and not
            signing.  it might work anyway but it has not yet been
            tested - fixme.  Thus for now we use the NKS signature key
-           for authentication.  */
-        char const tmp[] = "NKS-NKS3.4531";
+           for authentication for netkey 3.  For the Signature Card
+           V2.0 the auth key is defined and thus we use it. */
+        const char *tmp = nksver == 15? "NKS-NKS3.4571" : "NKS-NKS3.4531";
         send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
       }
       break;
@@ -319,33 +725,65 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       break;
 
     case 4: /* NKS-VERSION */
-      snprintf (buffer, sizeof buffer, "%d", app->app_local->nks_version);
+      snprintf (buffer, sizeof buffer, "%d", app->appversion);
       send_status_info (ctrl, table[idx].name,
                         buffer, strlen (buffer), NULL, 0);
       break;
 
     case 5: /* CHV-STATUS */
       {
-        /* Returns: PW1.CH PW2.CH PW1.CH.SIG PW2.CH.SIG That are the
-           two global passwords followed by the two SigG passwords.
-           For the values, see the function get_chv_status.  */
+        /* Return the status for the the PINs as described in the
+         * table below.  See the macros ISO7816_VERIFY_* for a list
+         * for each slot.  The order is
+         *
+         * | idx | name       |
+         * |-----+------------|
+         * |   0 | PW1.CH     |
+         * |   1 | PW2.CH     |
+         * |   2 | PW1.CH.SIG |
+         * |   3 | PW2.CH.SIG |
+         *
+         * See parse_pwidstr for details of the mapping.
+         */
         int tmp[4];
 
         /* We use a helper array so that we can control that there is
-           no superfluous application switch.  Note that PW2.CH.SIG
-           really has the identifier 0x83 and not 0x82 as one would
-           expect.  */
-        tmp[0] = get_chv_status (app, 0, 0x00);
-        tmp[1] = get_chv_status (app, 0, 0x01);
-        tmp[2] = get_chv_status (app, 1, 0x81);
-        tmp[3] = get_chv_status (app, 1, 0x83);
-        snprintf (buffer, sizeof buffer,
-                  "%d %d %d %d", tmp[0], tmp[1], tmp[2], tmp[3]);
+         * no superfluous application switches.  */
+        if (app->appversion == 15)
+          {
+            tmp[0] = get_chv_status (app, 0, 0x03);
+            tmp[1] = get_chv_status (app, 0, 0x04);
+          }
+        else
+          {
+            tmp[0] = get_chv_status (app, 0, 0x00);
+            tmp[1] = get_chv_status (app, 0, 0x01);
+          }
+        tmp[2] = get_chv_status (app, app->app_local->qes_app_id, 0x81);
+        if (app->appversion == 15)
+          tmp[3] = get_chv_status (app, app->app_local->qes_app_id, 0x82);
+        else
+          tmp[3] = get_chv_status (app, app->app_local->qes_app_id, 0x83);
+        snprintf (buffer, sizeof buffer, "%d %d %d %d",
+                  tmp[0], tmp[1], tmp[2], tmp[3]);
         send_status_info (ctrl, table[idx].name,
                           buffer, strlen (buffer), NULL, 0);
       }
       break;
 
+    case 6: /* $DISPSERIALNO */
+      {
+        p = app_get_serialno (app);
+        p2 = get_dispserialno (app);
+        if (p && p2 && strcmp (p, p2))
+          send_status_info (ctrl, table[idx].name, p2, strlen (p2),
+                            NULL, (size_t)0);
+        else /* No abbreviated S/N or identical to the full full S/N.  */
+          err = gpg_error (GPG_ERR_INV_NAME);  /* No Abbreviated S/N.  */
+        xfree (p);
+        xfree (p2);
+      }
+      break;
 
     default:
       err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
@@ -358,17 +796,21 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
 
 
 static void
-do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
+do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags,
+                      int nks_app_id)
 {
   gpg_error_t err;
   char ct_buf[100], id_buf[100];
   int i;
   const char *tag;
-  const char *usage;
 
-  if (is_sigg)
+  if (nks_app_id == NKS_APP_ESIGN)
+    tag = "ESIGN";
+  else if (nks_app_id == NKS_APP_SIGG)
     tag = "SIGG";
-  else if (app->app_local->nks_version < 3)
+  else if (nks_app_id == NKS_APP_IDLM)
+    tag = "IDLM";
+  else if (app->appversion < 3)
     tag = "DF01";
   else
     tag = "NKS3";
@@ -376,17 +818,17 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
   /* Output information about all useful objects in the NKS application. */
   for (i=0; filelist[i].fid; i++)
     {
-      if (filelist[i].nks_ver > app->app_local->nks_version)
+      if (filelist[i].nks_ver > app->appversion)
         continue;
 
-      if (!!filelist[i].is_sigg != !!is_sigg)
+      if (filelist[i].nks_app_id != nks_app_id)
         continue;
 
-      if (filelist[i].certtype && !(flags &1))
+      if (filelist[i].certtype && !(flags & APP_LEARN_FLAG_KEYPAIRINFO))
         {
           size_t len;
 
-          len = app_help_read_length_of_cert (app->slot,
+          len = app_help_read_length_of_cert (app_get_slot (app),
                                               filelist[i].fid, NULL);
           if (len)
             {
@@ -405,8 +847,13 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
       else if (filelist[i].iskeypair)
         {
           char gripstr[40+1];
+          char usagebuf[5];
+          int usageidx = 0;
+          char *algostr = NULL;
 
-          err = keygripstr_from_pk_file (app, filelist[i].fid, gripstr);
+          err = keygripstr_from_pk_file (app, filelist[i].fid,
+                                         filelist[i].iskeypair, gripstr,
+                                         NULL, &algostr);
           if (err)
             log_error ("can't get keygrip from FID 0x%04X: %s\n",
                        filelist[i].fid, gpg_strerror (err));
@@ -414,25 +861,24 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
             {
               snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
                         tag, filelist[i].fid);
-              if (filelist[i].issignkey && filelist[i].isenckey)
-                usage = "sae";
-              else if (filelist[i].issignkey)
-                usage = "sa";
-              else if (filelist[i].isenckey)
-                usage = "e";
-              else
-                usage = "";
-
+              if (filelist[i].issignkey)
+                usagebuf[usageidx++] = 's';
+              if (filelist[i].isauthkey)
+                usagebuf[usageidx++] = 'a';
+              if (filelist[i].isencrkey)
+                usagebuf[usageidx++] = 'e';
+              usagebuf[usageidx] = 0;
               send_status_info (ctrl, "KEYPAIRINFO",
                                 gripstr, 40,
                                 id_buf, strlen (id_buf),
-                                usage, strlen (usage),
+                                usagebuf, strlen (usagebuf),
+                                "-", (size_t)1,
+                                algostr, strlen (algostr),
                                 NULL, (size_t)0);
             }
+          xfree (algostr);
         }
     }
-
-
 }
 
 
@@ -441,33 +887,33 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 {
   gpg_error_t err;
 
-  err = switch_application (app, 0);
+  do_getattr (app, ctrl, "CHV-STATUS");
+
+  err = switch_application (app, NKS_APP_NKS);
   if (err)
     return err;
 
-  do_learn_status_core (app, ctrl, flags, 0);
+  do_learn_status_core (app, ctrl, flags, app->app_local->active_nks_app);
 
-  err = switch_application (app, 1);
+  if (app->app_local->only_idlm)
+    return 0;  /* ready.  */
+
+  err = switch_application (app, app->app_local->qes_app_id);
   if (err)
     return 0;  /* Silently ignore if we can't switch to SigG.  */
 
-  do_learn_status_core (app, ctrl, flags, 1);
+  do_learn_status_core (app, ctrl, flags, app->app_local->qes_app_id);
 
   return 0;
 }
 
 
 
-
-/* Read the certificate with id CERTID (as returned by learn_status in
-   the CERTINFO status lines) and return it in the freshly allocated
-   buffer put into CERT and the length of the certificate put into
-   CERTLEN. */
+/* Helper to read a certificate from the file FID.  The function
+ * assumes that the the application has already been selected.  */
 static gpg_error_t
-do_readcert (app_t app, const char *certid,
-             unsigned char **cert, size_t *certlen)
+readcert_from_ef (app_t app, int fid, unsigned char **cert, size_t *certlen)
 {
-  int i, fid;
   gpg_error_t err;
   unsigned char *buffer;
   const unsigned char *p;
@@ -475,67 +921,32 @@ do_readcert (app_t app, const char *certid,
   int class, tag, constructed, ndef;
   size_t totobjlen, objlen, hdrlen;
   int rootca = 0;
-  int is_sigg = 0;
 
   *cert = NULL;
   *certlen = 0;
 
-  if (!strncmp (certid, "NKS-NKS3.", 9))
-    ;
-  else if (!strncmp (certid, "NKS-DF01.", 9))
-    ;
-  else if (!strncmp (certid, "NKS-SIGG.", 9))
-    is_sigg = 1;
-  else
-    return gpg_error (GPG_ERR_INV_ID);
-
-  err = switch_application (app, is_sigg);
-  if (err)
-    return err;
-
-  certid += 9;
-  if (!hexdigitp (certid) || !hexdigitp (certid+1)
-      || !hexdigitp (certid+2) || !hexdigitp (certid+3)
-      || certid[4])
-    return gpg_error (GPG_ERR_INV_ID);
-  fid = xtoi_4 (certid);
-  for (i=0; filelist[i].fid; i++)
-    if ((filelist[i].certtype || filelist[i].iskeypair)
-        && filelist[i].fid == fid)
-      break;
-  if (!filelist[i].fid)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-
-  /* If the requested objects is a plain public key, redirect it to
-     the corresponding certificate.  The whole system is a bit messy
-     because we sometime use the key directly or let the caller
-     retrieve the key from the certificate.  The rationale for
-     that is to support not-yet stored certificates. */
-  if (filelist[i].iskeypair)
-    fid = filelist[i].iskeypair;
-
-
   /* Read the entire file.  fixme: This could be optimized by first
      reading the header to figure out how long the certificate
      actually is. */
-  err = iso7816_select_file (app->slot, fid, 0);
+  err = iso7816_select_file (app_get_slot (app), fid, 0);
   if (err)
     {
-      log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
+      log_error ("nks: error selecting FID 0x%04X: %s\n",
+                 fid, gpg_strerror (err));
       return err;
     }
 
-  err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+  err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen);
   if (err)
     {
-      log_error ("error reading certificate from FID 0x%04X: %s\n",
+      log_error ("nks: error reading certificate from FID 0x%04X: %s\n",
                  fid, gpg_strerror (err));
       return err;
     }
 
   if (!buflen || *buffer == 0xff)
     {
-      log_info ("no certificate contained in FID 0x%04X\n", fid);
+      log_info ("nks: no certificate contained in FID 0x%04X\n", fid);
       err = gpg_error (GPG_ERR_NOT_FOUND);
       goto leave;
     }
@@ -554,7 +965,7 @@ do_readcert (app_t app, const char *certid,
   else
     return gpg_error (GPG_ERR_INV_OBJ);
   totobjlen = objlen + hdrlen;
-  assert (totobjlen <= buflen);
+  log_assert (totobjlen <= buflen);
 
   err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                           &ndef, &objlen, &hdrlen);
@@ -585,7 +996,7 @@ do_readcert (app_t app, const char *certid,
       if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
         return gpg_error (GPG_ERR_INV_OBJ);
       totobjlen = objlen + hdrlen;
-      assert (save_p + totobjlen <= buffer + buflen);
+      log_assert (save_p + totobjlen <= buffer + buflen);
       memmove (buffer, save_p, totobjlen);
     }
 
@@ -599,12 +1010,187 @@ do_readcert (app_t app, const char *certid,
 }
 
 
+/*
+ * Iterate over FILELIST, supporting two use cases:
+ *
+ * (1) With WANT_KEYGRIPSTR=<GRIP>, finding matching entry.
+ * (2) With WANT_KEYGRIPSTR=NULL, listing entries
+ *     by CAPABILITY (possibly == 0, for all entries).
+ *
+ * Caller supplies an array KEYGRIPSTR.
+ * Caller should start *IDX_P == -1, and keep the index value in IDX_P.
+ *
+ * Returns 0 on success, otherwise returns error value.
+ *
+ * When all entries are tried, returns GPG_ERR_NOT_FOUND for the use
+ * case of (1).  Returns GPG_ERR_TRUE for the use case of (2).
+ */
+static gpg_error_t
+iterate_over_filelist (app_t app, const char *want_keygripstr, int capability,
+                       char keygripstr[2*KEYGRIP_LEN+1], int *idx_p)
+{
+  gpg_error_t err;
+  int idx = *idx_p;
+
+  for (idx++; filelist[idx].fid; idx++)
+    {
+      if (filelist[idx].nks_ver > app->appversion)
+        continue;
+
+      if (!filelist[idx].iskeypair)
+        continue;
+
+      if (app->app_local->only_idlm)
+        {
+          if (filelist[idx].nks_app_id != NKS_APP_IDLM)
+            continue;
+        }
+      else
+        {
+          if (filelist[idx].nks_app_id != NKS_APP_NKS
+              && filelist[idx].nks_app_id != app->app_local->qes_app_id)
+            continue;
+          err = switch_application (app, filelist[idx].nks_app_id);
+          if (err)
+            {
+              *idx_p = idx;
+              return err;
+            }
+        }
+
+      err = keygripstr_from_pk_file (app, filelist[idx].fid,
+                                     filelist[idx].iskeypair, keygripstr,
+                                     NULL, NULL);
+      if (err)
+        {
+          log_error ("can't get keygrip from FID 0x%04X: %s\n",
+                     filelist[idx].fid, gpg_strerror (err));
+          continue;
+        }
+
+      if (want_keygripstr)
+        {
+          if (!strcmp (keygripstr, want_keygripstr))
+            {
+              /* Found */
+              *idx_p = idx;
+              return 0;
+            }
+        }
+      else
+        {
+          if (capability == GCRY_PK_USAGE_SIGN)
+            {
+              if (!filelist[idx].issignkey)
+                continue;
+            }
+          if (capability == GCRY_PK_USAGE_ENCR)
+            {
+              if (!filelist[idx].isencrkey)
+                continue;
+            }
+          if (capability == GCRY_PK_USAGE_AUTH)
+            {
+              if (!filelist[idx].isauthkey)
+                continue;
+            }
+
+          /* Found */
+          *idx_p = idx;
+          return 0;
+        }
+    }
+
+  if (!want_keygripstr)
+    err = gpg_error (GPG_ERR_TRUE);
+  else
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+
+  return err;
+}
+
+/* Read the certificate with id CERTID (as returned by learn_status in
+   the CERTINFO status lines) and return it in the freshly allocated
+   buffer put into CERT and the length of the certificate put into
+   CERTLEN. */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+             unsigned char **cert, size_t *certlen)
+{
+  int i, fid;
+  gpg_error_t err;
+  int nks_app_id;
+
+  *cert = NULL;
+  *certlen = 0;
+
+  /* Handle the case with KEYGRIP.  */
+  if (strlen (certid) == 40)
+    {
+      char keygripstr[2*KEYGRIP_LEN+1];
+
+      i = -1;
+      err = iterate_over_filelist (app, certid, 0, keygripstr, &i);
+      if (err)
+        return err;
+
+      if (filelist[i].iskeypair > 0)
+        fid = filelist[i].iskeypair;
+      else
+        fid = filelist[i].fid;
+
+      return readcert_from_ef (app, fid, cert, certlen);
+    }
+
+  if (!strncmp (certid, "NKS-NKS3.", 9))
+    nks_app_id = NKS_APP_NKS;
+  else if (!strncmp (certid, "NKS-ESIGN.", 10))
+    nks_app_id = NKS_APP_ESIGN;
+  else if (!strncmp (certid, "NKS-SIGG.", 9))
+    nks_app_id = NKS_APP_SIGG;
+  else if (!strncmp (certid, "NKS-DF01.", 9))
+    nks_app_id = NKS_APP_NKS;
+  else if (!strncmp (certid, "NKS-IDLM.", 9))
+    nks_app_id = NKS_APP_IDLM;
+  else
+    return gpg_error (GPG_ERR_INV_ID);
+  certid += nks_app_id == NKS_APP_ESIGN? 10 : 9;
+
+  err = switch_application (app, nks_app_id);
+  if (err)
+    return err;
+
+  if (!hexdigitp (certid) || !hexdigitp (certid+1)
+      || !hexdigitp (certid+2) || !hexdigitp (certid+3)
+      || certid[4])
+    return gpg_error (GPG_ERR_INV_ID);
+  fid = xtoi_4 (certid);
+  for (i=0; filelist[i].fid; i++)
+    if ((filelist[i].certtype || filelist[i].iskeypair > 0)
+        && filelist[i].nks_app_id == nks_app_id
+        && filelist[i].fid == fid)
+      break;
+  if (!filelist[i].fid)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  /* If the requested objects is a plain public key, redirect it to
+     the corresponding certificate.  The whole system is a bit messy
+     because we sometime use the key directly or let the caller
+     retrieve the key from the certificate.  The rationale for
+     that is to support not-yet stored certificates. */
+  if (filelist[i].iskeypair > 0)
+    fid = filelist[i].iskeypair;
+
+  return readcert_from_ef (app, fid, cert, certlen);
+}
+
+
 /* Handle the READKEY command. On success a canonical encoded
    S-expression with the public key will get stored at PK and its
    length at PKLEN; the caller must release that buffer.  On error PK
    and PKLEN are not changed and an error code is returned.  As of now
    this function is only useful for the internal authentication key.
-   Other keys are automagically retrieved via by means of the
+   Other keys are automagically retrieved by means of the
    certificate parsing code in commands.c:cmd_readkey.  For internal
    use PK and PKLEN may be NULL to just check for an existing key.  */
 static gpg_error_t
@@ -616,14 +1202,31 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
   size_t buflen[2];
   unsigned short path[1] = { 0x4500 };
 
-  (void)ctrl;
-
-  if ((flags & APP_READKEY_FLAG_ADVANCED))
-    return GPG_ERR_NOT_SUPPORTED;
-
   /* We use a generic name to retrieve PK.AUT.IFD-SPK.  */
-  if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
+  if (!strcmp (keyid, "$IFDAUTHKEY") && app->appversion >= 3)
     ;
+  else if (strlen (keyid) == 40)
+    {
+      char keygripstr[2*KEYGRIP_LEN+1];
+      int i = -1;
+
+      err = iterate_over_filelist (app, keyid, 0, keygripstr, &i);
+      if (err)
+        return err;
+
+      return pubkey_from_pk_file (app, filelist[i].fid, filelist[i].iskeypair,
+                                  pk, pklen);
+    }
+  else if (!strncmp (keyid, "NKS-IDLM.", 9))
+    {
+      keyid += 9;
+      if (!hexdigitp (keyid) || !hexdigitp (keyid+1)
+          || !hexdigitp (keyid+2) || !hexdigitp (keyid+3)
+          || keyid[4])
+        return gpg_error (GPG_ERR_INV_ID);
+
+      return pubkey_from_pk_file (app, xtoi_4 (keyid), -1, pk, pklen);
+    }
   else /* Return the error code expected by cmd_readkey.  */
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
@@ -634,7 +1237,8 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
   /* Due to the above select we need to re-select our application.  */
   app->app_local->need_app_select = 1;
   /* Get the two records.  */
-  err = iso7816_read_record (app->slot, 5, 1, 0, &buffer[0], &buflen[0]);
+  err = iso7816_read_record (app_get_slot (app), 5, 1, 0,
+                             &buffer[0], &buflen[0]);
   if (err)
     return err;
   if (all_zero_p (buffer[0], buflen[0]))
@@ -642,13 +1246,22 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
       xfree (buffer[0]);
       return gpg_error (GPG_ERR_NOT_FOUND);
     }
-  err = iso7816_read_record (app->slot, 6, 1, 0, &buffer[1], &buflen[1]);
+  err = iso7816_read_record (app_get_slot (app), 6, 1, 0,
+                             &buffer[1], &buflen[1]);
   if (err)
     {
       xfree (buffer[0]);
       return err;
     }
 
+  if ((flags & APP_READKEY_FLAG_INFO))
+    {
+      /* Not yet implemented but we won't get here for any regular
+       * keyrefs anyway, thus the top layer will provide the
+       * keypairinfo from the certificate.  */
+      (void)ctrl;
+    }
+
   if (pk && pklen)
     {
       *pk = make_canon_sexp_from_rsa_pk (buffer[0], buflen[0],
@@ -664,6 +1277,96 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
 }
 
 
+/* Write the certificate (CERT,CERTLEN) to the card at CERTREFSTR.
+ * CERTREFSTR is of the form "NKS_<yyy>.<four_hexdigit_keyref>". */
+static gpg_error_t
+do_writecert (app_t app, ctrl_t ctrl,
+              const char *certid,
+              gpg_error_t (*pincb)(void*, const char *, char **),
+              void *pincb_arg,
+              const unsigned char *cert, size_t certlen)
+{
+  gpg_error_t err;
+  int i, fid, pwid;
+  int nks_app_id, tmp_app_id;
+  const char *desc;
+
+  (void)ctrl;
+
+  if (!strncmp (certid, "NKS-NKS3.", 9))
+    nks_app_id = NKS_APP_NKS;
+  else if (!strncmp (certid, "NKS-ESIGN.", 10))
+    nks_app_id = NKS_APP_ESIGN;
+  else if (!strncmp (certid, "NKS-SIGG.", 9))
+    nks_app_id = NKS_APP_SIGG;
+  else if (!strncmp (certid, "NKS-DF01.", 9))
+    nks_app_id = NKS_APP_NKS;
+  else if (!strncmp (certid, "NKS-IDLM.", 9))
+    nks_app_id = NKS_APP_IDLM;
+  else
+    return gpg_error (GPG_ERR_INV_ID);
+  certid += nks_app_id == NKS_APP_ESIGN? 10 : 9;
+
+  err = switch_application (app, nks_app_id);
+  if (err)
+    return err;
+
+  if (!hexdigitp (certid) || !hexdigitp (certid+1)
+      || !hexdigitp (certid+2) || !hexdigitp (certid+3)
+      || certid[4])
+    return gpg_error (GPG_ERR_INV_ID);
+  fid = xtoi_4 (certid);
+  for (i=0; filelist[i].fid; i++)
+    if ((filelist[i].certtype || filelist[i].iskeypair > 0)
+        && filelist[i].nks_app_id == nks_app_id
+        && filelist[i].fid == fid)
+      break;
+  if (!filelist[i].fid)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  /* If the requested objects is a plain public key, redirect it to
+   * the corresponding certificate.  This makes it easier for the user
+   * to figure out which CERTID to use.  For example gpg-card shows
+   * the id of the key and not of the certificate.  */
+  if (filelist[i].iskeypair > 0)
+    fid = filelist[i].iskeypair;
+
+  /* We have no selective flush mechanism and given the rare use of
+   * writecert it won't harm to flush the entire cache.  */
+  flush_fid_cache (app);
+
+
+  /* The certificates we support all require PW1.CH.  Note that we
+   * check that the nks_app_id matches which sorts out CERTID values
+   * which are subkecy to a different nks_app_id.  */
+  desc = parse_pwidstr (app, "PW1.CH", 0, &tmp_app_id, &pwid);
+  if (!desc || tmp_app_id != nks_app_id)
+    return gpg_error (GPG_ERR_INV_ID);
+  err = verify_pin (app, pwid, desc, pincb, pincb_arg);
+  if (err)
+    return err;
+
+    /* Select the file and write the certificate.  */
+  err = iso7816_select_file (app_get_slot (app), fid, 0);
+  if (err)
+    {
+      log_error ("nks: error selecting FID 0x%04X: %s\n",
+                 fid, gpg_strerror (err));
+      return err;
+    }
+
+  err = iso7816_update_binary (app_get_slot (app), 1, 0, cert, certlen);
+  if (err)
+    {
+      log_error ("nks: error updating certificate at FID 0x%04X: %s\n",
+                 fid, gpg_strerror (err));
+      return err;
+    }
+
+  return 0;
+}
+
+
 /* Handle the WRITEKEY command for NKS.  This function expects a
    canonical encoded S-expression with the public key in KEYDATA and
    its length in KEYDATALEN.  The only supported KEYID is
@@ -685,10 +1388,11 @@ do_writekey (app_t app, ctrl_t ctrl,
   size_t rsa_n_len, rsa_e_len;
   unsigned int nbits;
 
+  (void)ctrl;
   (void)pincb;
   (void)pincb_arg;
 
-  if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
+  if (!strcmp (keyid, "$IFDAUTHKEY") && app->appversion >= 3)
     ;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -726,6 +1430,7 @@ do_writekey (app_t app, ctrl_t ctrl,
 /*     goto leave; */
 
   /* Send the MSE:Store_Public_Key.  */
+  /* We will need to clear the cache here.  */
   err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 /*   mse = xtrymalloc (1000); */
 
@@ -746,7 +1451,7 @@ do_writekey (app_t app, ctrl_t ctrl,
 /*   mse[10] = 0x82; /\* RSA public exponent of up to 4 bytes.  *\/ */
 /*   mse[12] = rsa_e_len; */
 /*   memcpy (mse+12, rsa_e, rsa_e_len); */
-/*   err = iso7816_manage_security_env (app->slot, 0x81, 0xB6, */
+/*   err = iso7816_manage_security_env (app_get_slot (app), 0x81, 0xB6, */
 /*                                      mse, sizeof mse); */
 
  leave:
@@ -754,6 +1459,63 @@ do_writekey (app_t app, ctrl_t ctrl,
 }
 
 
+/* Return an allocated string to be used as prompt.  Returns NULL on
+ * malloc error.  */
+static char *
+make_prompt (app_t app, int remaining, const char *firstline,
+             const char *extraline)
+{
+  char *serial, *tmpbuf, *result;
+
+  serial = get_dispserialno (app);
+
+  /* TRANSLATORS: Put a \x1f right before a colon.  This can be
+   * used by pinentry to nicely align the names and values.  Keep
+   * the %s at the start and end of the string.  */
+  result = xtryasprintf (_("%s"
+                           "Number\x1f: %s%%0A"
+                           "Holder\x1f: %s"
+                           "%s"),
+                         "\x1e",
+                         serial,
+                         "",
+                         "");
+  xfree (serial);
+  if (!result)
+    return NULL; /* Out of core.  */
+
+  /* Append a "remaining attempts" info if needed.  */
+  if (remaining != -1 && remaining < 3)
+    {
+      char *rembuf;
+
+      /* TRANSLATORS: This is the number of remaining attempts to
+       * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed. */
+      rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining);
+      if (rembuf)
+        {
+          tmpbuf = strconcat (firstline, "%0A%0A", result,
+                              "%0A%0A", rembuf, NULL);
+          xfree (rembuf);
+        }
+      else
+        tmpbuf = NULL;
+      xfree (result);
+      result = tmpbuf;
+    }
+  else
+    {
+      tmpbuf = strconcat (firstline, "%0A%0A", result,
+                          extraline? "%0A%0A":"", extraline,
+                          NULL);
+      xfree (result);
+      result = tmpbuf;
+    }
+
+  return result;
+}
+
+
 static gpg_error_t
 basic_pin_checks (const char *pinvalue, int minlen, int maxlen)
 {
@@ -777,21 +1539,67 @@ verify_pin (app_t app, int pwid, const char *desc,
             gpg_error_t (*pincb)(void*, const char *, char **),
             void *pincb_arg)
 {
-  pininfo_t pininfo;
   int rc;
+  pininfo_t pininfo;
+  char *prompt;
+  const char *extrapromptline = NULL;
+  int remaining, nullpin;
 
   if (!desc)
-    desc = "PIN";
+    desc = "||PIN";
 
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.fixedlen = -1;
-  pininfo.minlen = 6;
-  pininfo.maxlen = 16;
+
+  /* FIXME: TCOS allows to read the min. and max. values - do this.  */
+  if (app->appversion == 15)
+    {
+      if (app->app_local->active_nks_app == NKS_APP_NKS && pwid == 0x03)
+        pininfo.minlen = 6;
+      else if (app->app_local->active_nks_app == NKS_APP_ESIGN && pwid == 0x81)
+        pininfo.minlen = 6;
+      else
+        pininfo.minlen = 8;
+      pininfo.maxlen = 24;
+    }
+  else if (app->app_local->active_nks_app == NKS_APP_IDLM)
+    {
+      if (pwid == 0x00)
+        pininfo.minlen = 6;
+      else
+        pininfo.minlen = 8;
+      pininfo.maxlen = 24;
+    }
+  else
+    {
+      /* For NKS3 we used these fixed values; let's keep this.  */
+      pininfo.minlen = 6;
+      pininfo.maxlen = 16;
+    }
+
+  remaining = iso7816_verify_status (app_get_slot (app), pwid);
+  nullpin = (remaining == ISO7816_VERIFY_NULLPIN);
+  if (remaining < 0)
+    remaining = -1; /* We don't care about the concrete error.  */
+  if (remaining < 3)
+    {
+      if (remaining >= 0)
+        log_info ("nks: PIN has %d attempts left\n", remaining);
+    }
+
+  if (nullpin)
+    {
+      log_info ("nks: The NullPIN for PIN 0x%02x has not yet been changed\n",
+                pwid);
+      extrapromptline = _("Note: PIN has not yet been enabled.");
+    }
 
   if (!opt.disable_pinpad
-      && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
+      && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) )
     {
-      rc = pincb (pincb_arg, desc, NULL);
+      prompt = make_prompt (app, remaining, desc, extrapromptline);
+      rc = pincb (pincb_arg, prompt, NULL);
+      xfree (prompt);
       if (rc)
         {
           log_info (_("PIN callback returned error: %s\n"),
@@ -799,14 +1607,16 @@ verify_pin (app_t app, int pwid, const char *desc,
           return rc;
         }
 
-      rc = iso7816_verify_kp (app->slot, pwid, &pininfo);
+      rc = iso7816_verify_kp (app_get_slot (app), pwid, &pininfo);
       pincb (pincb_arg, NULL, NULL);  /* Dismiss the prompt. */
     }
   else
     {
       char *pinvalue;
 
-      rc = pincb (pincb_arg, desc, &pinvalue);
+      prompt = make_prompt (app, remaining, desc, extrapromptline);
+      rc = pincb (pincb_arg, prompt, &pinvalue);
+      xfree (prompt);
       if (rc)
         {
           log_info ("PIN callback returned error: %s\n", gpg_strerror (rc));
@@ -820,7 +1630,8 @@ verify_pin (app_t app, int pwid, const char *desc,
           return rc;
         }
 
-      rc = iso7816_verify (app->slot, pwid, pinvalue, strlen (pinvalue));
+      rc = iso7816_verify (app_get_slot (app), pwid,
+                           pinvalue, strlen (pinvalue));
       xfree (pinvalue);
     }
 
@@ -854,9 +1665,25 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
     { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
       0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
-  int rc, i;
-  int is_sigg = 0;
-  int fid;
+  static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */
+    { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+      0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+      0x1C  };
+  static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */
+    { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+      0x00, 0x04, 0x20  };
+  static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */
+    { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+      0x00, 0x04, 0x30  };
+  static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */
+    { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+      0x00, 0x04, 0x40  };
+  gpg_error_t err;
+  int idx;
+  int pwid;
   unsigned char kid;
   unsigned char data[83];   /* Must be large enough for a SHA-1 digest
                                + the largest OID prefix. */
@@ -864,60 +1691,68 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
 
   (void)ctrl;
 
-  if (!keyidstr || !*keyidstr)
-    return gpg_error (GPG_ERR_INV_VALUE);
   switch (indatalen)
     {
-    case 16: case 20: case 35: case 47: case 51: case 67: case 83: break;
-    default: return gpg_error (GPG_ERR_INV_VALUE);
+    case 20: // plain SHA-1 or RMD160 digest
+    case 28: // plain SHA-224 digest
+    case 32: // plain SHA-256 digest
+    case 48: // plain SHA-384 digest
+    case 64: // plain SHA-512 digest
+    case 35: // ASN.1 encoded SHA-1 or RMD160 digest
+    case 47: // ASN.1 encoded SHA-224 digest
+    case 51: // ASN.1 encoded SHA-256 digest
+    case 67: // ASN.1 encoded SHA-384 digest
+    case 83: // ASN.1 encoded SHA-512 digest
+        break;
+    default:
+      log_debug ("invalid length of input data: %zu\n", indatalen);
+      return gpg_error (GPG_ERR_INV_VALUE);
     }
 
-  /* Check that the provided ID is valid.  This is not really needed
-     but we do it to enforce correct usage by the caller. */
-  if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
-    ;
-  else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
-    ;
-  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
-    is_sigg = 1;
-  else
-    return gpg_error (GPG_ERR_INV_ID);
-  keyidstr += 9;
-
-  rc = switch_application (app, is_sigg);
-  if (rc)
-    return rc;
+  err = find_fid_by_keyref (app, keyidstr, &idx, NULL);
+  if (err)
+    return err;
 
-  if (is_sigg && app->app_local->sigg_is_msig)
+  if (app->app_local->active_nks_app == NKS_APP_SIGG
+      && app->app_local->sigg_is_msig)
     {
       log_info ("mass signature cards are not allowed\n");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
-  if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
-      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
-      || keyidstr[4])
-    return gpg_error (GPG_ERR_INV_ID);
-  fid = xtoi_4 (keyidstr);
-  for (i=0; filelist[i].fid; i++)
-    if (filelist[i].iskeypair && filelist[i].fid == fid)
-      break;
-  if (!filelist[i].fid)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-  if (!filelist[i].issignkey)
-    return gpg_error (GPG_ERR_INV_ID);
-  kid = filelist[i].kid;
+  if (!filelist[idx].issignkey)
+    {
+      log_debug ("key %s is not a signing key\n", keyidstr);
+      return gpg_error (GPG_ERR_INV_ID);
+    }
+
+  kid = filelist[idx].kid;
 
   /* Prepare the DER object from INDATA.  */
-  if (app->app_local->nks_version > 2 && (indatalen == 35
-                                          || indatalen == 47
-                                          || indatalen == 51
-                                          || indatalen == 67
-                                          || indatalen == 83))
-    {
-      /* The caller send data matching the length of the ASN.1 encoded
-         hash for SHA-{1,224,256,384,512}.  Assume that is okay.  */
-      assert (indatalen <= sizeof data);
+  if (app->appversion > 2 && (indatalen == 35
+                              || indatalen == 47
+                              || indatalen == 51
+                              || indatalen == 67
+                              || indatalen == 83))
+    {
+      /* Verify that the caller has sent a proper ASN.1 encoded hash
+         for RMD160 or SHA-{1,224,256,384,512}. */
+#define X(algo,prefix,plaindigestlen)                      \
+      if (hashalgo == (algo)                               \
+          && indatalen == sizeof prefix + (plaindigestlen) \
+          && !memcmp (indata, prefix, sizeof prefix))      \
+        ;
+      X(GCRY_MD_RMD160, rmd160_prefix, 20)
+      else X(GCRY_MD_SHA1, sha1_prefix, 20)
+      else X(GCRY_MD_SHA224, sha224_prefix, 28)
+      else X(GCRY_MD_SHA256, sha256_prefix, 32)
+      else X(GCRY_MD_SHA384, sha384_prefix, 48)
+      else X(GCRY_MD_SHA512, sha512_prefix, 64)
+      else
+        return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+#undef X
+
+      log_assert (indatalen <= sizeof data);
       memcpy (data, indata, indatalen);
       datalen = indatalen;
     }
@@ -934,23 +1769,27 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       memcpy (data, indata, indatalen);
       datalen = 35;
     }
-  else if (indatalen == 20)
-    {
-      if (hashalgo == GCRY_MD_SHA1)
-        memcpy (data, sha1_prefix, 15);
-      else if (hashalgo == GCRY_MD_RMD160)
-        memcpy (data, rmd160_prefix, 15);
-      else
-        return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
-      memcpy (data+15, indata, indatalen);
-      datalen = 35;
+  /* Concatenate prefix and digest.  */
+#define X(algo,prefix,plaindigestlen) \
+  if ((hashalgo == (algo)) && (indatalen == (plaindigestlen))) \
+    {                                                          \
+      datalen = sizeof prefix + indatalen;                     \
+      log_assert (datalen <= sizeof data);                     \
+      memcpy (data, prefix, sizeof prefix);                    \
+      memcpy (data + sizeof prefix, indata, indatalen);        \
     }
+  else X(GCRY_MD_RMD160, rmd160_prefix, 20)
+  else X(GCRY_MD_SHA1, sha1_prefix, 20)
+  else X(GCRY_MD_SHA224, sha224_prefix, 28)
+  else X(GCRY_MD_SHA256, sha256_prefix, 32)
+  else X(GCRY_MD_SHA384, sha384_prefix, 48)
+  else X(GCRY_MD_SHA512, sha512_prefix, 64)
   else
     return gpg_error (GPG_ERR_INV_VALUE);
-
+#undef X
 
   /* Send an MSE for PSO:Computer_Signature.  */
-  if (app->app_local->nks_version > 2)
+  if (app->appversion > 2)
     {
       unsigned char mse[6];
 
@@ -960,17 +1799,23 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       mse[3] = 0x84; /* Private key reference.  */
       mse[4] = 1;
       mse[5] = kid;
-      rc = iso7816_manage_security_env (app->slot, 0x41, 0xB6,
-                                        mse, sizeof mse);
+      err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6,
+                                         mse, sizeof mse);
     }
-  /* Verify using PW1.CH.  */
-  if (!rc)
-    rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
+
+  /* We use the Global PIN 1 */
+  if (app->appversion == 15)
+    pwid = 0x03;
+  else
+    pwid = 0x00;
+
+  if (!err)
+    err = verify_pin (app, pwid, NULL, pincb, pincb_arg);
   /* Compute the signature.  */
-  if (!rc)
-    rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
-                             outdata, outdatalen);
-  return rc;
+  if (!err)
+    err = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0,
+                              outdata, outdatalen);
+  return err;
 }
 
 
@@ -986,48 +1831,53 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
              unsigned char **outdata, size_t *outdatalen,
              unsigned int *r_info)
 {
-  int rc, i;
-  int is_sigg = 0;
-  int fid;
+  gpg_error_t err;
+  int idx;
   int kid;
+  int algo;
+  int pwid;
+  int padind;
+  int extended_mode;
 
   (void)ctrl;
   (void)r_info;
 
-  if (!keyidstr || !*keyidstr || !indatalen)
+  if (!indatalen)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  /* Check that the provided ID is valid.  This is not really needed
-     but we do it to enforce correct usage by the caller. */
-  if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
-    ;
-  else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
-    ;
-  else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
-    is_sigg = 1;
-  else
-    return gpg_error (GPG_ERR_INV_ID);
-  keyidstr += 9;
-
-  rc = switch_application (app, is_sigg);
-  if (rc)
-    return rc;
+  err = find_fid_by_keyref (app, keyidstr, &idx, &algo);
+  if (err)
+    return err;
 
-  if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
-      || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
-      || keyidstr[4])
-    return gpg_error (GPG_ERR_INV_ID);
-  fid = xtoi_4 (keyidstr);
-  for (i=0; filelist[i].fid; i++)
-    if (filelist[i].iskeypair && filelist[i].fid == fid)
-      break;
-  if (!filelist[i].fid)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-  if (!filelist[i].isenckey)
+  if (!filelist[idx].isencrkey)
     return gpg_error (GPG_ERR_INV_ID);
-  kid = filelist[i].kid;
 
-  if (app->app_local->nks_version > 2)
+  kid = filelist[idx].kid;
+
+  if (app->appversion <= 2)
+    {
+      static const unsigned char mse[] =
+        {
+          0x80, 1, 0x10, /* Select algorithm RSA. */
+          0x84, 1, 0x81  /* Select local secret key 1 for decryption. */
+        };
+      err = iso7816_manage_security_env (app_get_slot (app), 0xC1, 0xB8,
+                                         mse, sizeof mse);
+      extended_mode = 0;
+      padind = 0x81;
+    }
+  else if (algo == GCRY_PK_ECC)
+    {
+      unsigned char mse[3];
+      mse[0] = 0x84; /* Private key reference.  */
+      mse[1] = 1;
+      mse[2] = kid;
+      err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB8,
+                                         mse, sizeof mse);
+      extended_mode = 0;
+      padind = 0x00;
+    }
+  else
     {
       unsigned char mse[6];
       mse[0] = 0x80; /* Algorithm reference.  */
@@ -1036,58 +1886,77 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
       mse[3] = 0x84; /* Private key reference.  */
       mse[4] = 1;
       mse[5] = kid;
-      rc = iso7816_manage_security_env (app->slot, 0x41, 0xB8,
-                                        mse, sizeof mse);
+      err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB8,
+                                         mse, sizeof mse);
+      extended_mode = 1;
+      padind = 0x81;
     }
-  else
+  if (err)
     {
-      static const unsigned char mse[] =
-        {
-          0x80, 1, 0x10, /* Select algorithm RSA. */
-          0x84, 1, 0x81  /* Select local secret key 1 for decryption. */
-        };
-      rc = iso7816_manage_security_env (app->slot, 0xC1, 0xB8,
-                                        mse, sizeof mse);
-
+      log_error ("nks: MSE failed: %s\n", gpg_strerror (err));
+      goto leave;
     }
 
-  if (!rc)
-    rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
+  /* We use the Global PIN 1 */
+  if (app->appversion == 15)
+    pwid = 0x03;
+  else
+    pwid = 0x00;
 
-  /* Note that we need to use extended length APDUs for TCOS 3 cards.
-     Command chaining does not work.  */
-  if (!rc)
-    rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0,
-                           indata, indatalen, 0, 0x81,
-                           outdata, outdatalen);
-  return rc;
+  err = verify_pin (app, pwid, NULL, pincb, pincb_arg);
+  if (err)
+    goto leave;
+
+  err = iso7816_decipher (app_get_slot (app), extended_mode,
+                          indata, indatalen, 0, padind,
+                          outdata, outdatalen);
+
+ leave:
+  return err;
 }
 
 
 
 /* Parse a password ID string.  Returns NULL on error or a string
-   suitable as passphrase prompt on success.  On success stores the
-   reference value for the password at R_PWID and a flag indicating
-   that the SigG application is to be used at R_SIGG.  If NEW_MODE is
-   true, the returned description is suitable for a new Password.
-   Supported values for PWIDSTR are:
-
-     PW1.CH       - Global password 1
-     PW2.CH       - Global password 2
-     PW1.CH.SIG   - SigG password 1
-     PW2.CH.SIG   - SigG password 2
+ * suitable as passphrase prompt on success.  On success stores the
+ * reference value for the password at R_PWID and a flag indicating
+ * which app is to be used at R_NKS_APP_ID.  If NEW_MODE is true, the
+ * returned description is suitable for a new password.  Here is a
+ * take mapping the PWIDSTR to the used PWIDs:
+ *
+ *  | pwidstr    |              | NKS3 | NKS15 | IDKEY1 |
+ *  |------------+--------------+------+-------+--------|
+ *  | PW1.CH     | Global PIN 1 | 0x00 |  0x03 | 0x00   |
+ *  | PW2.CH     | Global PIN 2 | 0x01 |  0x04 | 0x01   |
+ *  | PW1.CH.SIG | SigG PIN 1   | 0x81 |  0x81 | -      |
+ *  | PW2.CH.SIG | SigG PIN 2   | 0x83 |  0x82 | -      |
+ *
+ * The names for PWIDSTR are taken from the NKS3 specs; the specs of
+ * other cards use different names but we keep using the.  PIN1 can be
+ * used to unlock PIN2 and vice versa; for consistence with other
+ * cards we name PIN2 a "PUK".  The IDKEY card also features a Card
+ * Reset Key (CR Key 0x01) which can also be used to reset PIN1.
+ *
+ * For testing it is possible to specify the PWID directly; the
+ * prompts are then not very descriptive:
+ *
+ *   NKS.0xnn   - Switch to NKS and select id 0xnn
+ *   SIGG.0xnn  - Switch to SigG and select id 0xnn
+ *   ESIGN.0xnn - Switch to ESIGN and select id 0xnn
  */
 static const char *
-parse_pwidstr (const char *pwidstr, int new_mode, int *r_sigg, int *r_pwid)
+parse_pwidstr (app_t app, const char *pwidstr, int new_mode,
+               int *r_nks_app_id, int *r_pwid)
 {
   const char *desc;
+  int nks15 = app->appversion == 15;
 
   if (!pwidstr)
     desc = NULL;
   else if (!strcmp (pwidstr, "PW1.CH"))
     {
-      *r_sigg = 0;
-      *r_pwid = 0x00;
+      *r_nks_app_id = NKS_APP_NKS;
+      *r_pwid = nks15? 0x03 : 0x00;
       /* TRANSLATORS: Do not translate the "|*|" prefixes but keep
          them verbatim at the start of the string.  */
       desc = (new_mode
@@ -1096,33 +1965,74 @@ parse_pwidstr (const char *pwidstr, int new_mode, int *r_sigg, int *r_pwid)
     }
   else if (!strcmp (pwidstr, "PW2.CH"))
     {
-      *r_pwid = 0x01;
+      *r_nks_app_id = NKS_APP_NKS;
+      *r_pwid = nks15? 0x04 : 0x01;
       desc = (new_mode
               ? _("|NP|Please enter a new PIN Unblocking Code (PUK) "
                   "for the standard keys.")
               : _("|P|Please enter the PIN Unblocking Code (PUK) "
                   "for the standard keys."));
     }
-  else if (!strcmp (pwidstr, "PW1.CH.SIG"))
+  else if (!strcmp (pwidstr, "PW1.CH.SIG") && !app->app_local->only_idlm)
     {
+      *r_nks_app_id = app->app_local->qes_app_id;
       *r_pwid = 0x81;
-      *r_sigg = 1;
       desc = (new_mode
               ? _("|N|Please enter a new PIN for the key to create "
                   "qualified signatures.")
               : _("||Please enter the PIN for the key to create "
                   "qualified signatures."));
     }
-  else if (!strcmp (pwidstr, "PW2.CH.SIG"))
+  else if (!strcmp (pwidstr, "PW2.CH.SIG") && !app->app_local->only_idlm)
     {
-      *r_pwid = 0x83;  /* Yes, that is 83 and not 82.  */
-      *r_sigg = 1;
+      *r_nks_app_id = app->app_local->qes_app_id;
+      *r_pwid = nks15? 0x82 : 0x83;
       desc = (new_mode
               ? _("|NP|Please enter a new PIN Unblocking Code (PUK) "
                   "for the key to create qualified signatures.")
               : _("|P|Please enter the PIN Unblocking Code (PUK) "
                   "for the key to create qualified signatures."));
     }
+  else if (!strncmp (pwidstr, "NKS.0x", 6)
+           && hexdigitp (pwidstr+6) && hexdigitp (pwidstr+7) && !pwidstr[8])
+    {
+      /* Hack to help debugging.  */
+      *r_nks_app_id = NKS_APP_NKS;
+      *r_pwid = xtoi_2 (pwidstr+6);
+      desc = (new_mode
+              ? "|N|Please enter a new PIN for the given NKS pwid"
+              : "||Please enter the PIN for the given NKS pwid" );
+    }
+  else if (!strncmp (pwidstr, "SIGG.0x", 7)
+           && hexdigitp (pwidstr+7) && hexdigitp (pwidstr+8) && !pwidstr[9])
+    {
+      /* Hack to help debugging.  */
+      *r_nks_app_id = NKS_APP_SIGG;
+      *r_pwid = xtoi_2 (pwidstr+7);
+      desc = (new_mode
+              ? "|N|Please enter a new PIN for the given SIGG pwid"
+              : "||Please enter the PIN for the given SIGG pwid" );
+    }
+  else if (!strncmp (pwidstr, "ESIGN.0x", 8)
+           && hexdigitp (pwidstr+8) && hexdigitp (pwidstr+9) && !pwidstr[10])
+    {
+      /* Hack to help debugging.  */
+      *r_nks_app_id = NKS_APP_ESIGN;
+      *r_pwid = xtoi_2 (pwidstr+8);
+      desc = (new_mode
+              ? "|N|Please enter a new PIN for the given ESIGN pwid"
+              : "||Please enter the PIN for the given ESIGN pwid" );
+    }
+  else if (!strncmp (pwidstr, "IDLM.0x", 7)
+           && hexdigitp (pwidstr+7) && hexdigitp (pwidstr+8) && !pwidstr[9])
+    {
+      /* Hack to help debugging.  */
+      *r_nks_app_id = NKS_APP_IDLM;
+      *r_pwid = xtoi_2 (pwidstr+7);
+      desc = (new_mode
+              ? "|N|Please enter a new PIN for the given IDLM pwid"
+              : "||Please enter the PIN for the given IDLM pwid" );
+    }
   else
     {
       *r_pwid = 0; /* Only to avoid gcc warning in calling function.  */
@@ -1146,10 +2056,12 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
   char *oldpin = NULL;
   size_t newpinlen;
   size_t oldpinlen;
-  int is_sigg;
+  int nks_app_id;
   const char *newdesc;
   int pwid;
   pininfo_t pininfo;
+  int remaining;
+  char *prompt;
 
   (void)ctrl;
 
@@ -1159,14 +2071,14 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
   pininfo.minlen = 6;
   pininfo.maxlen = 16;
 
-  newdesc = parse_pwidstr (pwidstr, 1, &is_sigg, &pwid);
+  newdesc = parse_pwidstr (app, pwidstr, 1, &nks_app_id, &pwid);
   if (!newdesc)
     return gpg_error (GPG_ERR_INV_ID);
 
   if ((flags & APP_CHANGE_FLAG_CLEAR))
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
-  err = switch_application (app, is_sigg);
+  err = switch_application (app, nks_app_id);
   if (err)
     return err;
 
@@ -1180,7 +2092,15 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
           err = gpg_error_from_syserror ();
           goto leave;
         }
-      oldpinlen = 6;
+      if (app->appversion == 15)
+        {
+          memset (oldpin, '0', 5);
+          oldpinlen = 5;  /* 5 ascii zeroes.  */
+        }
+      else
+        {
+          oldpinlen = 6;  /* 6 binary Nuls.  */
+        }
     }
   else
     {
@@ -1205,14 +2125,27 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
               err = gpg_error (GPG_ERR_BUG);
               goto leave;
             }
-          desc = parse_pwidstr (altpwidstr, 0, &dummy1, &dummy2);
+          desc = parse_pwidstr (app, altpwidstr, 0, &dummy1, &dummy2);
+          remaining = iso7816_verify_status (app_get_slot (app), dummy2);
         }
       else
         {
           /* Regular change mode:  Ask for the old PIN.  */
-          desc = parse_pwidstr (pwidstr, 0, &dummy1, &dummy2);
+          desc = parse_pwidstr (app, pwidstr, 0, &dummy1, &dummy2);
+          remaining = iso7816_verify_status (app_get_slot (app), pwid);
         }
-      err = pincb (pincb_arg, desc, &oldpin);
+
+      if (remaining < 0)
+        remaining = -1; /* We don't care about the concrete error.  */
+      if (remaining < 3)
+        {
+          if (remaining >= 0)
+            log_info ("nks: PIN has %d attempts left\n", remaining);
+        }
+
+      prompt = make_prompt (app, remaining, desc, NULL);
+      err = pincb (pincb_arg, prompt, &oldpin);
+      xfree (prompt);
       if (err)
         {
           log_error ("error getting old PIN: %s\n", gpg_strerror (err));
@@ -1224,7 +2157,10 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
         goto leave;
     }
 
-  err = pincb (pincb_arg, newdesc, &newpin);
+
+  prompt = make_prompt (app, -1, newdesc, NULL);
+  err = pincb (pincb_arg, prompt, &newpin);
+  xfree (prompt);
   if (err)
     {
       log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
@@ -1249,13 +2185,13 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *pwidstr,
         }
       memcpy (data, oldpin, oldpinlen);
       memcpy (data+oldpinlen, newpin, newpinlen);
-      err = iso7816_reset_retry_counter_with_rc (app->slot, pwid,
+      err = iso7816_reset_retry_counter_with_rc (app_get_slot (app), pwid,
                                                  data, datalen);
       wipememory (data, datalen);
       xfree (data);
     }
   else
-    err = iso7816_change_reference_data (app->slot, pwid,
+    err = iso7816_change_reference_data (app_get_slot (app), pwid,
                                          oldpin, oldpinlen,
                                          newpin, newpinlen);
  leave:
@@ -1273,16 +2209,16 @@ do_check_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
 {
   gpg_error_t err;
   int pwid;
-  int is_sigg;
+  int nks_app_id;
   const char *desc;
 
   (void)ctrl;
 
-  desc = parse_pwidstr (pwidstr, 0, &is_sigg, &pwid);
+  desc = parse_pwidstr (app, pwidstr, 0, &nks_app_id, &pwid);
   if (!desc)
     return gpg_error (GPG_ERR_INV_ID);
 
-  err = switch_application (app, is_sigg);
+  err = switch_application (app, nks_app_id);
   if (err)
     return err;
 
@@ -1290,6 +2226,82 @@ do_check_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
 }
 
 
+/* Process the various keygrip based info requests.  */
+static gpg_error_t
+do_with_keygrip (app_t app, ctrl_t ctrl, int action,
+                 const char *want_keygripstr, int capability)
+{
+  gpg_error_t err;
+  char keygripstr[2*KEYGRIP_LEN+1];
+  char *serialno = NULL;
+  int data = 0;
+  int idx = -1;
+
+  /* First a quick check for valid parameters.  */
+  switch (action)
+    {
+    case KEYGRIP_ACTION_LOOKUP:
+      if (!want_keygripstr)
+        {
+          return gpg_error (GPG_ERR_NOT_FOUND);
+        }
+      break;
+    case KEYGRIP_ACTION_SEND_DATA:
+      data = 1;
+      break;
+    case KEYGRIP_ACTION_WRITE_STATUS:
+      break;
+    default:
+      return gpg_error (GPG_ERR_INV_ARG);
+    }
+
+  /* Allocate the S/N string if needed.  */
+  if (action != KEYGRIP_ACTION_LOOKUP)
+    {
+      serialno = app_get_serialno (app);
+      if (!serialno)
+        return gpg_error_from_syserror ();
+    }
+
+  while (1)
+    {
+      err = iterate_over_filelist (app, want_keygripstr, capability,
+                                   keygripstr, &idx);
+      if (err)
+        break;
+
+      if (want_keygripstr)
+        {
+          if (!err)
+            break;
+        }
+      else
+        {
+          char idbuf[20];
+          const char *tagstr;
+
+          if (app->app_local->active_nks_app == NKS_APP_ESIGN)
+            tagstr = "ESIGN";
+          else if (app->app_local->active_nks_app == NKS_APP_SIGG)
+            tagstr = "SIGG";
+          else if (app->app_local->active_nks_app == NKS_APP_IDLM)
+            tagstr = "IDLM";
+          else if (app->appversion < 3)
+            tagstr = "DF01";
+          else
+            tagstr = "NKS3";
+
+          snprintf (idbuf, sizeof idbuf, "NKS-%s.%04X",
+                    tagstr, filelist[idx].fid);
+          send_keyinfo (ctrl, data, keygripstr, serialno, idbuf);
+        }
+    }
+
+  xfree (serialno);
+  return err;
+}
+
+
 /* Return the version of the NKS application.  */
 static int
 get_nks_version (int slot)
@@ -1301,48 +2313,68 @@ get_nks_version (int slot)
   if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
                            NULL, &result, &resultlen))
     return 2; /* NKS 2 does not support this command.  */
-
-  /* Example value:    04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
-                       vv tt ccccccccccccccccc aa bb cc vvvvvvvvvvv xx
-     vendor (Philips) -+  |  |                 |  |  |  |           |
-     chip type -----------+  |                 |  |  |  |           |
-     chip id ----------------+                 |  |  |  |           |
-     card type (3 - tcos 3) -------------------+  |  |  |           |
-     OS version of card type ---------------------+  |  |           |
-     OS release of card type ------------------------+  |           |
-     OS vendor internal version ------------------------+           |
-     RFU -----------------------------------------------------------+
-  */
+  /* Example values:   04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
+   *                   05 a0 22 3e c8 0c 04 20 0f 01 b6 01 01 00 00 02
+   *                   vv tt ccccccccccccccccc aa bb cc vv ff rr rr xx
+   * vendor -----------+  |  |                 |  |  |  |  |  |  |  |
+   * chip type -----------+  |                 |  |  |  |  |  |  |  |
+   * chip id ----------------+                 |  |  |  |  |  |  |  |
+   * card type --------------------------------+  |  |  |  |  |  |  |
+   * OS version of card type ---------------------+  |  |  |  |  |  |
+   * OS release of card type ------------------------+  |  |  |  |  |
+   * Completion code version number --------------------+  |  |  |  |
+   * File system version ----------------------------------+  |  |  |
+   * RFU (00) ------------------------------------------------+  |  |
+   * RFU (00) ---------------------------------------------------+  |
+   * Authentication key identifier ---------------------------------+
+   *
+   * vendor    4 := Philips
+   *           5 := Infinion
+   * card type 3 := TCOS 3
+   *          15 := TCOS Signature Card (bb,cc is the ROM mask version)
+   * Completion code version number Bit 7..5 := pre-completion code version
+   *                                Bit 4..0 := completion code version
+   *                                (pre-completion by chip vendor)
+   *                                (completion by OS developer)
+   */
   if (resultlen < 16)
     type = 0;  /* Invalid data returned.  */
   else
     type = result[8];
   xfree (result);
-
   return type;
 }
 
 
-/* If ENABLE_SIGG is true switch to the SigG application if not yet
-   active.  If false switch to the NKS application if not yet active.
-   Returns 0 on success.  */
+/* Switch to the NKS app identified by NKS_APP_ID if not yet done.
+ * Returns 0 on success.  */
 static gpg_error_t
-switch_application (app_t app, int enable_sigg)
+switch_application (app_t app, int nks_app_id)
 {
   gpg_error_t err;
 
-  if (((app->app_local->sigg_active && enable_sigg)
-       || (!app->app_local->sigg_active && !enable_sigg))
+  if (app->app_local->only_idlm)
+    return 0;  /* No switching at all */
+  if (app->app_local->active_nks_app == nks_app_id
       && !app->app_local->need_app_select)
     return 0;  /* Already switched.  */
 
-  log_info ("app-nks: switching to %s\n", enable_sigg? "SigG":"NKS");
-  if (enable_sigg)
-    err = iso7816_select_application (app->slot, aid_sigg, sizeof aid_sigg, 0);
+  log_info ("nks: switching to %s\n",
+            nks_app_id == NKS_APP_ESIGN? "eSign" :
+            nks_app_id == NKS_APP_SIGG?  "SigG"  : "NKS");
+
+  if (nks_app_id == NKS_APP_ESIGN)
+    err = iso7816_select_application (app_get_slot (app),
+                                      aid_esign, sizeof aid_esign, 0);
+  else if (nks_app_id == NKS_APP_SIGG)
+    err = iso7816_select_application (app_get_slot (app),
+                                      aid_sigg, sizeof aid_sigg, 0);
   else
-    err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0);
+    err = iso7816_select_application (app_get_slot (app),
+                                      aid_nks, sizeof aid_nks, 0);
 
-  if (!err && enable_sigg && app->app_local->nks_version >= 3
+  if (!err && nks_app_id == NKS_APP_SIGG
+      && app->appversion >= 3
       && !app->app_local->sigg_msig_checked)
     {
       /* Check whether this card is a mass signature card.  */
@@ -1353,9 +2385,10 @@ switch_application (app_t app, int enable_sigg)
 
       app->app_local->sigg_msig_checked = 1;
       app->app_local->sigg_is_msig = 1;
-      err = iso7816_select_file (app->slot, 0x5349, 0);
+      err = iso7816_select_file (app_get_slot (app), 0x5349, 0);
       if (!err)
-        err = iso7816_read_record (app->slot, 1, 1, 0, &buffer, &buflen);
+        err = iso7816_read_record (app_get_slot (app), 1, 1, 0,
+                                   &buffer, &buflen);
       if (!err)
         {
           tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen);
@@ -1367,17 +2400,19 @@ switch_application (app_t app, int enable_sigg)
           xfree (buffer);
         }
       if (app->app_local->sigg_is_msig)
-        log_info ("This is a mass signature card\n");
+        log_info ("nks: This is a mass signature card\n");
     }
 
   if (!err)
     {
       app->app_local->need_app_select = 0;
-      app->app_local->sigg_active = enable_sigg;
+      app->app_local->active_nks_app = nks_app_id;
     }
   else
-    log_error ("app-nks: error switching to %s: %s\n",
-               enable_sigg? "SigG":"NKS", gpg_strerror (err));
+    log_error ("nks: error switching to %s: %s\n",
+               nks_app_id == NKS_APP_ESIGN? "eSign" :
+               nks_app_id == NKS_APP_SIGG?  "SigG"  : "NKS",
+               gpg_strerror (err));
 
   return err;
 }
@@ -1387,10 +2422,16 @@ switch_application (app_t app, int enable_sigg)
 gpg_error_t
 app_select_nks (app_t app)
 {
-  int slot = app->slot;
+  int slot = app_get_slot (app);
   int rc;
+  int is_idlm = 0;
 
   rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0);
+  if (rc)
+    {
+      is_idlm = 1;
+      rc = iso7816_select_application (slot, aid_idlm, sizeof aid_idlm, 0);
+    }
   if (!rc)
     {
       app->apptype = APPTYPE_NKS;
@@ -1402,16 +2443,32 @@ app_select_nks (app_t app)
           goto leave;
         }
 
-      app->app_local->nks_version = get_nks_version (slot);
+      app->appversion = get_nks_version (slot);
+      app->app_local->only_idlm = is_idlm;
+      if (is_idlm) /* Set it once, there won't be any switching.  */
+        app->app_local->active_nks_app = NKS_APP_IDLM;
+
       if (opt.verbose)
-        log_info ("Detected NKS version: %d\n", app->app_local->nks_version);
+        {
+          log_info ("Detected NKS version: %d\n", app->appversion);
+          if (is_idlm)
+            log_info ("Using only the IDLM application\n");
+        }
+
+      if (app->appversion == 15)
+        app->app_local->qes_app_id = NKS_APP_ESIGN;
+      else
+        app->app_local->qes_app_id = NKS_APP_SIGG;
 
       app->fnc.deinit = do_deinit;
+      app->fnc.prep_reselect = NULL;
+      app->fnc.reselect = NULL;
       app->fnc.learn_status = do_learn_status;
       app->fnc.readcert = do_readcert;
       app->fnc.readkey = do_readkey;
       app->fnc.getattr = do_getattr;
       app->fnc.setattr = NULL;
+      app->fnc.writecert = do_writecert;
       app->fnc.writekey = do_writekey;
       app->fnc.genkey = NULL;
       app->fnc.sign = do_sign;
@@ -1419,6 +2476,7 @@ app_select_nks (app_t app)
       app->fnc.decipher = do_decipher;
       app->fnc.change_pin = do_change_pin;
       app->fnc.check_pin = do_check_pin;
+      app->fnc.with_keygrip = do_with_keygrip;
    }
 
  leave:
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index da6dc7a..5508ec6 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -48,11 +48,9 @@
 #include <stdlib.h>
 #include <stdarg.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 
 #include "scdaemon.h"
-
 #include "../common/util.h"
 #include "../common/i18n.h"
 #include "iso7816.h"
@@ -64,6 +62,10 @@
 #define KDF_DATA_LENGTH_MIN  90
 #define KDF_DATA_LENGTH_MAX 110
 
+/* The AID of this application.  */
+static char const openpgp_aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
+
+
 /* A table describing the DOs of the card.  */
 static struct {
   int tag;
@@ -80,7 +82,7 @@ static struct {
                                  status bytes. */
   unsigned int try_extlen:2;           /* Large object; try to use an extended
                                  length APDU when !=0.  The size is
-                                 determined by extcap.max_certlen_3
+                                 determined by extcap.max_certlen
                                  when == 1, and by extcap.max_special_do
                                  when == 2.  */
   char *desc;
@@ -112,9 +114,13 @@ static struct {
   { 0x0104, 0,    0, 0, 0, 0, 0, 2, "Private DO 4"},
   { 0x7F21, 1,    0, 1, 0, 0, 0, 1, "Cardholder certificate"},
   /* V3.0 */
-  { 0x7F74, 0,    0, 1, 0, 0, 0, 0, "General Feature Management"},
+  { 0x7F74, 0, 0x6E, 1, 0, 0, 0, 0, "General Feature Management"},
   { 0x00D5, 0,    0, 1, 0, 0, 0, 0, "AES key data"},
+  { 0x00D6, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Signature"},
+  { 0x00D7, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Decryption"},
+  { 0x00D8, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Authentication"},
   { 0x00F9, 0,    0, 1, 0, 0, 0, 0, "KDF data object"},
+  { 0x00FA, 0,    0, 1, 0, 0, 0, 2, "Algorithm Information"},
   { 0 }
 };
 
@@ -184,7 +190,7 @@ struct app_local_s {
   struct
   {
     unsigned int is_v2:1;              /* Compatible to v2 or later.        */
-    unsigned int extcap_v3:1;          /* Extcap is in v3 format.           */
+    unsigned int is_v3:1;              /* Comatible to v3 or later.         */
     unsigned int has_button:1;         /* Has confirmation button or not.   */
 
     unsigned int sm_supported:1;       /* Secure Messaging is supported.    */
@@ -199,7 +205,7 @@ struct app_local_s {
     unsigned int sm_algo:2;            /* Symmetric crypto algo for SM.     */
     unsigned int pin_blk2:1;           /* PIN block 2 format supported.     */
     unsigned int mse:1;                /* MSE command supported.            */
-    unsigned int max_certlen_3:16;
+    unsigned int max_certlen:16;       /* Maximum size of DO 7F21.          */
     unsigned int max_get_challenge:16; /* Maximum size for get_challenge.   */
     unsigned int max_special_do:16;    /* Maximum size for special DOs.     */
   } extcap;
@@ -211,6 +217,23 @@ struct app_local_s {
     unsigned int def_chv2:1;  /* Use 123456 for CHV2.  */
   } flags;
 
+  /* Flags used to override certain behavior.  */
+  struct
+  {
+    unsigned int cache_6e:1;
+  } override;
+
+  /* Keep track on whether we cache a certain PIN so that we get it
+   * from the cache only if we know we cached it.  This inhibits the
+   * use of the same cache entry for a card plugged in and out without
+   * gpg-agent having noticed that due to a bug.  */
+  struct
+  {
+    unsigned int maybe_chv1:1;
+    unsigned int maybe_chv2:1;
+    unsigned int maybe_chv3:1;
+  } pincache;
+
   /* Pinpad request specified on card.  */
   struct
   {
@@ -220,9 +243,10 @@ struct app_local_s {
     int fixedlen_admin;
   } pinpad;
 
-   struct
-   {
+  struct
+  {
     key_type_t key_type;
+    const char *keyalgo;         /* Algorithm in standard string format.  */
     union {
       struct {
         unsigned int n_bits;     /* Size of the modulus in bits.  The rest
@@ -233,10 +257,12 @@ struct app_local_s {
       } rsa;
       struct {
         const char *curve;
-        int flags;
+        int algo;
+        unsigned int flags;
       } ecc;
     };
    } keyattr[3];
+
 };
 
 #define ECC_FLAG_DJB_TWEAK (1 << 0)
@@ -252,11 +278,14 @@ static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
                             void *pincb_arg,
                             const void *indata, size_t indatalen,
                             unsigned char **outdata, size_t *outdatalen);
-static gpg_error_t parse_algorithm_attribute (app_t app, int keyno);
+static const char *get_algorithm_attribute_string (const unsigned char *buffer,
+                                                   size_t buflen);
+static void parse_algorithm_attribute (app_t app, int keyno);
 static gpg_error_t change_keyattr_from_string
-                           (app_t app,
+                           (app_t app, ctrl_t ctrl,
                             gpg_error_t (*pincb)(void*, const char *, char **),
                             void *pincb_arg,
+                            const char *keyref, const char *keyalgo,
                             const void *value, size_t valuelen);
 
 
@@ -287,7 +316,6 @@ get_manufacturer (unsigned int no)
     case 0x1337: return "Warsaw Hackerspace";
     case 0x2342: return "warpzone"; /* hackerspace Muenster.  */
     case 0x4354: return "Confidential Technologies";   /* cotech.de */
-    case 0x5343: return "SSE Carte à puce";
     case 0x5443: return "TIF-IT e.V.";
     case 0x63AF: return "Trustica";
     case 0xBA53: return "c-base e.V.";
@@ -333,6 +361,35 @@ do_deinit (app_t app)
 }
 
 
+/* This is a helper to do a wipememory followed by a free.  In general
+ * we do not need this if the buffer has been allocated in secure
+ * memory.  However at some places we can't make that sure and thus we
+ * better to an extra wipe here.  */
+static void
+wipe_and_free (void *p, size_t len)
+{
+  if (p)
+    {
+      if (len)
+        wipememory (p, len);
+      xfree (p);
+    }
+}
+
+
+/* Similar to wipe_and_free but assumes P is eitehr NULL or a proper
+ * string.  */
+static void
+wipe_and_free_string (char *p)
+{
+  if (p)
+    {
+      wipememory (p, strlen (p));
+      xfree (p);
+    }
+}
+
+
 /* Wrapper around iso7816_get_data which first tries to get the data
    from the cache.  With GET_IMMEDIATE passed as true, the cache is
    bypassed.  With TRY_EXTLEN extended lengths APDUs are use if
@@ -352,6 +409,9 @@ get_cached_data (app_t app, int tag,
   *result = NULL;
   *resultlen = 0;
 
+  if (tag == 0x6E && app->app_local->override.cache_6e)
+    get_immediate = 0;
+
   if (!get_immediate)
     {
       for (c=app->app_local->cache; c; c = c->next)
@@ -361,7 +421,7 @@ get_cached_data (app_t app, int tag,
               {
                 p = xtrymalloc (c->length);
                 if (!p)
-                  return gpg_error_from_syserror ();
+                  return gpg_error (gpg_err_code_from_errno (errno));
                 memcpy (p, c->data, c->length);
                 *result = p;
               }
@@ -375,8 +435,8 @@ get_cached_data (app_t app, int tag,
   if (try_extlen && app->app_local->cardcap.ext_lc_le)
     {
       if (try_extlen == 1)
-        exmode = app->app_local->extcap.max_certlen_3;
-      else if (try_extlen == 2 && app->app_local->extcap.extcap_v3)
+        exmode = app->app_local->extcap.max_certlen;
+      else if (try_extlen == 2 && app->app_local->extcap.is_v3)
         exmode = app->app_local->extcap.max_special_do;
       else
         exmode = 0;
@@ -384,7 +444,7 @@ get_cached_data (app_t app, int tag,
   else
     exmode = 0;
 
-  err = iso7816_get_data (app->slot, exmode, tag, &p, &len);
+  err = iso7816_get_data (app_get_slot (app), exmode, tag, &p, &len);
   if (err)
     return err;
   if (len)
@@ -405,7 +465,7 @@ get_cached_data (app_t app, int tag,
 
   /* Okay, cache it. */
   for (c=app->app_local->cache; c; c = c->next)
-    assert (c->tag != tag);
+    log_assert (c->tag != tag);
 
   c = xtrymalloc (sizeof *c + len);
   if (c)
@@ -444,7 +504,7 @@ flush_cache_item (app_t app, int tag)
 
         for (c=app->app_local->cache; c ; c = c->next)
           {
-            assert (c->tag != tag); /* Oops: duplicated entry. */
+            log_assert (c->tag != tag); /* Oops: duplicated entry. */
           }
         return;
       }
@@ -515,7 +575,7 @@ get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
   if (app->appversion > 0x0100 && data_objects[i].get_immediate_in_v11)
     {
       exmode = 0;
-      rc = iso7816_get_data (app->slot, exmode, tag, &buffer, &buflen);
+      rc = iso7816_get_data (app_get_slot (app), exmode, tag, &buffer, &buflen);
       if (rc)
         {
           *r_rc = rc;
@@ -665,6 +725,21 @@ count_bits (const unsigned char *a, size_t len)
   return n;
 }
 
+static unsigned int
+count_sos_bits (const unsigned char *a, size_t len)
+{
+  unsigned int n = len * 8;
+  int i;
+
+  if (len == 0 || *a == 0)
+    return n;
+
+  for (i=7; i && !(*a & (1<<i)); i--)
+    n--;
+
+  return n;
+}
+
 /* GnuPG makes special use of the login-data DO, this function parses
    the login data to store the flags for later use.  It may be called
    at any time and should be called after changing the login-data DO.
@@ -838,12 +913,18 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr,
 
   for (i = 0; i < argc; i++)
     {
-      if (algo == PUBKEY_ALGO_RSA || i == 1)
+      if (algo == PUBKEY_ALGO_RSA)
         {
           nbits = count_bits (m[i], mlen[i]);
           *p++ = nbits >> 8;
           *p++ = nbits;
         }
+      else if (i == 1)
+        {
+          nbits = count_sos_bits (m[i], mlen[i]);
+          *p++ = nbits >> 8;
+          *p++ = nbits;
+        }
       memcpy (p, m[i], mlen[i]);
       p += mlen[i];
     }
@@ -857,7 +938,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr,
   tag2 = 0xCE + keynumber;
   flush_cache_item (app, 0xCD);
 
-  rc = iso7816_put_data (app->slot, 0, tag, fpr, 20);
+  rc = iso7816_put_data (app_get_slot (app), 0, tag, fpr, 20);
   if (rc)
     log_error (_("failed to store the fingerprint: %s\n"),gpg_strerror (rc));
 
@@ -870,7 +951,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr,
       buf[2] = timestamp >>  8;
       buf[3] = timestamp;
 
-      rc = iso7816_put_data (app->slot, 0, tag2, buf, 4);
+      rc = iso7816_put_data (app_get_slot (app), 0, tag2, buf, 4);
       if (rc)
         log_error (_("failed to store the creation date: %s\n"),
                    gpg_strerror (rc));
@@ -954,8 +1035,12 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
 {
   char buffer[200];
 
-  assert (keyno >=0 && keyno < DIM(app->app_local->keyattr));
+  log_assert (keyno >=0 && keyno < DIM(app->app_local->keyattr));
 
+  /* Note that the code in gpg-card supports prefixing the key number
+   * with "OPENPGP." but older code does not yet support this.  There
+   * is also a discrepancy with the algorithm numbers: We should use
+   * the gcrypt numbers but the current code assumes OpenPGP numbers.  */
   if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
     snprintf (buffer, sizeof buffer, "%d 1 rsa%u %u %d",
               keyno+1,
@@ -966,9 +1051,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
     {
       snprintf (buffer, sizeof buffer, "%d %d %s",
                 keyno+1,
-                keyno==1? PUBKEY_ALGO_ECDH :
-                (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)?
-                PUBKEY_ALGO_EDDSA : PUBKEY_ALGO_ECDSA,
+                app->app_local->keyattr[keyno].ecc.algo,
                 app->app_local->keyattr[keyno].ecc.curve);
     }
   else
@@ -1026,8 +1109,14 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     { "$ENCRKEYID",   0x0000, -6 },
     { "$SIGNKEYID",   0x0000, -7 },
     { "$DISPSERIALNO",0x0000, -4 },
+    { "UIF-1",        0x00D6, 0 },
+    { "UIF-2",        0x00D7, 0 },
+    { "UIF-3",        0x00D8, 0 },
     { "KDF",          0x00F9, 5 },
     { "MANUFACTURER", 0x0000, -8 },
+    { "UIF",          0x0000, -9 },  /* Shortcut for all UIF */
+    { "KEY-STATUS",   0x00DE,  6 },
+    { "KEY-ATTR-INFO", 0x00FA,  7 },
     { NULL, 0 }
   };
   int idx, i, rc;
@@ -1042,9 +1131,10 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
 
   if (table[idx].special == -1)
     {
-      /* The serial number is very special.  We could have used the
-         AID DO to retrieve it.  The AID DO is available anyway but
-         not hex formatted. */
+      /* The serial number is very special.  We can't use the AID
+         DO (0x4f) because this is the serialno per specs with the
+         correct appversion.  We might however use a serialno with the
+         version set to 0.0 and that is what we need to return.  */
       char *serial = app_get_serialno (app);
 
       if (serial)
@@ -1058,6 +1148,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     {
       char tmp[110];
 
+      /* Noet that with v3 cards mcl3 is used for all certificates.  */
       snprintf (tmp, sizeof tmp,
                 "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d "
                 "sm=%d si=%u dec=%d bt=%d kdf=%d",
@@ -1065,7 +1156,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
                 app->app_local->extcap.key_import,
                 app->app_local->extcap.change_force_chv,
                 app->app_local->extcap.private_dos,
-                app->app_local->extcap.max_certlen_3,
+                app->app_local->extcap.max_certlen,
                 app->app_local->extcap.algo_attr_change,
                 (app->app_local->extcap.sm_supported
                  ? (app->app_local->extcap.sm_algo == 0? CIPHER_ALGO_3DES :
@@ -1087,9 +1178,9 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     }
   if (table[idx].special == -4)
     {
-      char *serial = app_get_dispserialno (app, 0);
+      char *serial;
 
-      if (serial)
+      if ((serial = app_get_dispserialno (app, 0)))
         {
           send_status_info (ctrl, table[idx].name,
                             serial, strlen (serial), NULL, 0);
@@ -1123,6 +1214,15 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
          app->app_local->manufacturer,
          get_manufacturer (app->app_local->manufacturer));
     }
+  if (table[idx].special == -9)
+    {
+      rc = do_getattr (app, ctrl, "UIF-1");
+      if (!rc)
+        rc = do_getattr (app, ctrl, "UIF-2");
+      if (!rc)
+        rc = do_getattr (app, ctrl, "UIF-3");
+      return rc;
+    }
 
   relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &rc);
   if (relptr)
@@ -1167,6 +1267,86 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
 
           send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
         }
+      else if (table[idx].special == 6)
+        {
+          for (i=0,rc=0; !rc && i+1 < valuelen; i += 2)
+            rc = send_status_printf (ctrl, table[idx].name, "OPENPGP.%u %u",
+                                     value[i], value[i+1]);
+          if (gpg_err_code (rc) == GPG_ERR_NO_OBJ)
+            rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+        }
+      else if (table[idx].special == 7)
+        {
+          const unsigned char *p = value;
+          int tag;
+          size_t len;
+
+          if (valuelen < 2)
+            return gpg_error (GPG_ERR_INV_OBJ);
+
+          tag = p[0];
+          len = p[1];
+
+          /* Does it comes tag+len at the head?  */
+          if (tag == 0x00FA)
+            {
+              p += 2;
+
+              if (len == 0x81)
+                {
+                  if (valuelen < 3)
+                    return gpg_error (GPG_ERR_INV_OBJ);
+                  len = *p++;
+                }
+              else if (len == 0x82)
+                {
+                  if (valuelen < 4)
+                    return gpg_error (GPG_ERR_INV_OBJ);
+                  len = *p++;
+                  len = (len << 8) | *p++;
+                }
+
+              valuelen -= (p - value);
+              value = (unsigned char *)p;
+
+              if (valuelen != len)
+                {
+                  if (opt.verbose)
+                    log_info ("Yubikey bug: length %zu != %zu", valuelen, len);
+
+                  if (APP_CARD(app)->cardtype != CARDTYPE_YUBIKEY)
+                    return gpg_error (GPG_ERR_INV_OBJ);
+                }
+            }
+
+          for (; p < value + valuelen; p += len)
+            {
+              const char *key_algo_str;
+              int keyrefno;
+
+              if (p + 2 > value + valuelen)
+                break;
+
+              tag = *p++;
+              len = *p++;
+
+              if (tag < 0xc1)
+                continue;
+
+              if (tag == 0xda)
+                keyrefno = 0x81;
+              else
+                keyrefno = tag - 0xc1 + 1;
+
+              if (p + len > value + valuelen)
+                break;
+
+              key_algo_str = get_algorithm_attribute_string (p, len);
+
+              send_status_printf (ctrl, table[idx].name, "OPENPGP.%u %s",
+                                  keyrefno, key_algo_str);
+            }
+        }
       else
         send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
 
@@ -1231,30 +1411,6 @@ get_disp_name (app_t app)
 }
 
 
-/* Return the pretty formatted serialnumber.  On error NULL is
- * returned.  */
-static char *
-get_disp_serialno (app_t app)
-{
-  char *serial = app_get_serialno (app);
-
-  /* For our OpenPGP cards we do not want to show the entire serial
-   * number but a nicely reformatted actual serial number.  */
-  if (serial && strlen (serial) > 16+12)
-    {
-      memmove (serial, serial+16, 4);
-      serial[4] = ' ';
-      /* memmove (serial+5, serial+20, 4); */
-      /* serial[9] = ' '; */
-      /* memmove (serial+10, serial+24, 4); */
-      /* serial[14] = 0; */
-      memmove (serial+5, serial+20, 8);
-      serial[13] = 0;
-    }
-  return serial;
-}
-
-
 /* Return the number of remaining tries for the standard or the admin
  * pw.  Returns -1 on card error.  */
 static int
@@ -1290,7 +1446,7 @@ retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
   unsigned char *value;
   size_t valuelen;
 
-  assert (keyno >=0 && keyno <= 2);
+  log_assert (keyno >=0 && keyno <= 2);
 
   relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
   if (relptr && valuelen >= 60)
@@ -1302,6 +1458,36 @@ retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
 }
 
 
+/* Retrieve the creation time of the fingerprint for key KEYNO from
+ * the card inserted in the slot of APP and store it at R_FPRTIME.
+ * Returns 0 on success or an error code.  */
+static gpg_error_t
+retrieve_fprtime_from_card (app_t app, int keyno, u32 *r_fprtime)
+{
+  gpg_error_t err = 0;
+  void *relptr;
+  unsigned char *value;
+  size_t valuelen;
+  u32 fprtime;
+
+  log_assert (keyno >=0 && keyno <= 2);
+
+  relptr = get_one_do (app, 0x00CD, &value, &valuelen, NULL);
+  if (relptr && valuelen >= 4*(keyno+1))
+    {
+      fprtime = buf32_to_u32 (value + 4*keyno);
+      if (!fprtime)
+        err = gpg_error (GPG_ERR_NOT_FOUND);
+      else
+        *r_fprtime = fprtime;
+    }
+  else
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+  xfree (relptr);
+  return err;
+}
+
+
 /* Retrieve the public key material for the RSA key, whose fingerprint
    is FPR, from gpg output, which can be read through the stream FP.
    The RSA modulus will be stored at the address of M and MLEN, the
@@ -1512,13 +1698,13 @@ ecdh_params (const char *curve)
   /* See RFC-6637 for those constants.
          0x03: Number of bytes
          0x01: Version for this parameter format
-         KDF hash algo
-         KEK symmetric cipher algo
+         KEK digest algorithm
+         KEK cipher algorithm
   */
   if (nbits <= 256)
     return (const unsigned char*)"\x03\x01\x08\x07";
   else if (nbits <= 384)
-    return (const unsigned char*)"\x03\x01\x09\x08";
+    return (const unsigned char*)"\x03\x01\x09\x09";
   else
     return (const unsigned char*)"\x03\x01\x0a\x09";
 }
@@ -1582,18 +1768,11 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
       send_key_data (ctrl, "curve", oidbuf, oid_len);
     }
 
+  algo = app->app_local->keyattr[keyno].ecc.algo;
   if (keyno == 1)
     {
       if (ctrl)
         send_key_data (ctrl, "kdf/kek", ecdh_params (curve), (size_t)4);
-      algo = PUBKEY_ALGO_ECDH;
-    }
-  else
-    {
-      if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-        algo = PUBKEY_ALGO_EDDSA;
-      else
-        algo = PUBKEY_ALGO_ECDSA;
     }
 
   if (ctrl)
@@ -1625,7 +1804,6 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
 }
 
 
-/* Compute the keygrip form the local info and store it there.  */
 static gpg_error_t
 store_keygrip (app_t app, int keyno)
 {
@@ -1756,18 +1934,18 @@ get_public_key (app_t app, int keyno)
           le_value = 256; /* Use legacy value. */
         }
 
-      err = iso7816_read_public_key (app->slot, exmode,
+      err = iso7816_read_public_key (app_get_slot (app), exmode,
                                      (keyno == 0? "\xB6" :
                                       keyno == 1? "\xB8" : "\xA4"),
                                      2, le_value, &buffer, &buflen);
       if (err)
         {
           /* Yubikey returns wrong code.  Fix it up.  */
-          /*
-           * NOTE: It's not correct to blindly change the error code,
-           * however, for our experiences, it is only Yubikey...
-           */
-          err = gpg_error (GPG_ERR_NO_OBJ);
+          if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+            err = gpg_error (GPG_ERR_NO_OBJ);
+	  /* Yubikey NEO (!CARDTYPE_YUBIKEY) also returns wrong code.  Fix it up.  */
+	  else if (gpg_err_code (err) == GPG_ERR_CARD)
+            err = gpg_error (GPG_ERR_NO_OBJ);
           log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
           goto leave;
         }
@@ -1802,7 +1980,8 @@ get_public_key (app_t app, int keyno)
       hexkeyid = fpr + 24;
 
       ret = gpgrt_asprintf
-        (&command, "gpg --list-keys --with-colons --with-key-data '%s'", fpr);
+        (&command, "%s --list-keys --with-colons --with-key-data '%s'",
+         gnupg_module_name (GNUPG_MODULE_NAME_GPG), fpr);
       if (ret < 0)
         {
           err = gpg_error_from_syserror ();
@@ -1848,7 +2027,6 @@ get_public_key (app_t app, int keyno)
       app->app_local->pk[keyno].key = (unsigned char*)keybuf;
       /* Decrement for trailing '\0' */
       app->app_local->pk[keyno].keylen = len - 1;
-
       err = store_keygrip (app, keyno);
     }
 
@@ -1869,14 +2047,15 @@ send_keypair_info (app_t app, ctrl_t ctrl, int key)
 {
   int keyno = key - 1;
   gpg_error_t err = 0;
-  char idbuf[50];
   const char *usage;
+  u32 fprtime;
+  char *algostr = NULL;
 
   err = get_public_key (app, keyno);
   if (err)
     goto leave;
 
-  assert (keyno >= 0 && keyno <= 2);
+  log_assert (keyno >= 0 && keyno <= 2);
   if (!app->app_local->pk[keyno].key)
     goto leave; /* No such key - ignore. */
 
@@ -1885,17 +2064,35 @@ send_keypair_info (app_t app, ctrl_t ctrl, int key)
     case 0: usage = "sc"; break;
     case 1: usage = "e";  break;
     case 2: usage = "sa"; break;
-    default: usage = "";  break;
+    default: usage = "-";  break;
+    }
+
+  if (retrieve_fprtime_from_card (app, keyno, &fprtime))
+    fprtime = 0;
+
+  {
+    gcry_sexp_t s_pkey;
+    if (gcry_sexp_new (&s_pkey, app->app_local->pk[keyno].key,
+                       app->app_local->pk[keyno].keylen, 0))
+      algostr = xtrystrdup ("?");
+    else
+      {
+        algostr = pubkey_algo_string (s_pkey, NULL);
+        gcry_sexp_release (s_pkey);
+      }
+  }
+  if (!algostr)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
     }
 
-  sprintf (idbuf, "OPENPGP.%d", keyno+1);
-  send_status_info (ctrl, "KEYPAIRINFO",
-                    app->app_local->pk[keyno].keygrip_str, 40,
-                    idbuf, strlen (idbuf),
-                    usage, strlen (usage),
-                    NULL, (size_t)0);
+  err = send_status_printf (ctrl, "KEYPAIRINFO", "%s OPENPGP.%d %s %lu %s",
+                            app->app_local->pk[keyno].keygrip_str,
+                            keyno+1, usage, (unsigned long)fprtime, algostr);
 
  leave:
+  xfree (algostr);
   return err;
 }
 
@@ -1937,6 +2134,10 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
       if (gpg_err_code (err) == GPG_ERR_NO_OBJ)
         err = 0;
     }
+  if (!err && app->app_local->extcap.has_button)
+    err = do_getattr (app, ctrl, "UIF");
+  if (gpg_err_code (err) == GPG_ERR_NO_OBJ)
+    err = 0;
   if (!err && app->app_local->extcap.private_dos)
     {
       if (!err)
@@ -1987,13 +2188,25 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
   int keyno;
   unsigned char *buf;
 
-  (void)ctrl;
+  if (strlen (keyid) == 40)
+    {
+      const unsigned char *keygrip_str;
 
-  if (!strcmp (keyid, "OPENPGP.1"))
+      for (keyno = 0; keyno < 3; keyno++)
+        {
+          keygrip_str = app->app_local->pk[keyno].keygrip_str;
+          if (!strncmp (keygrip_str, keyid, 40))
+            break;
+        }
+
+      if (keyno >= 3)
+        return gpg_error (GPG_ERR_INV_ID);
+    }
+  else if (!ascii_strcasecmp (keyid, "OPENPGP.1"))
     keyno = 0;
-  else if (!strcmp (keyid, "OPENPGP.2"))
+  else if (!ascii_strcasecmp (keyid, "OPENPGP.2"))
     keyno = 1;
-  else if (!strcmp (keyid, "OPENPGP.3"))
+  else if (!ascii_strcasecmp (keyid, "OPENPGP.3"))
     keyno = 2;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -2006,29 +2219,14 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
   if (!buf)
     return gpg_error (GPG_ERR_NO_PUBKEY);
 
-  if ((flags & APP_READKEY_FLAG_ADVANCED))
+  if ((flags & APP_READKEY_FLAG_INFO))
     {
-      gcry_sexp_t s_key;
-
-      err = gcry_sexp_new (&s_key, buf, app->app_local->pk[keyno].keylen, 0);
+      err = send_keypair_info (app, ctrl, keyno+1);
       if (err)
         return err;
-
-      *pklen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, NULL, 0);
-      *pk = xtrymalloc (*pklen);
-      if (!*pk)
-        {
-          err = gpg_error_from_syserror ();
-          *pklen = 0;
-          return err;
-        }
-
-      gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, *pk, *pklen);
-      gcry_sexp_release (s_key);
-      /* Decrement for trailing '\0' */
-      *pklen = *pklen - 1;
     }
-  else
+
+  if (pk && pklen)
     {
       *pklen = app->app_local->pk[keyno].keylen;
       *pk = xtrymalloc (*pklen);
@@ -2046,39 +2244,73 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
 
 /* Read the standard certificate of an OpenPGP v2 card.  It is
    returned in a freshly allocated buffer with that address stored at
-   CERT and the length of the certificate stored at CERTLEN.  CERTID
-   needs to be set to "OPENPGP.3".  */
+   CERT and the length of the certificate stored at CERTLEN.  */
 static gpg_error_t
 do_readcert (app_t app, const char *certid,
              unsigned char **cert, size_t *certlen)
 {
   gpg_error_t err;
-  unsigned char *buffer;
-  size_t buflen;
-  void *relptr;
+  int occurrence = 0;
 
   *cert = NULL;
   *certlen = 0;
-  if (strcmp (certid, "OPENPGP.3"))
+  if (!ascii_strcasecmp (certid, "OPENPGP.3"))
+    ;
+  else if (!ascii_strcasecmp (certid, "OPENPGP.2"))
+    occurrence = 1;
+  else if (!ascii_strcasecmp (certid, "OPENPGP.1"))
+    occurrence = 2;
+  else
     return gpg_error (GPG_ERR_INV_ID);
+  if (!app->app_local->extcap.is_v3 && occurrence)
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
   if (!app->app_local->extcap.is_v2)
     return gpg_error (GPG_ERR_NOT_FOUND);
 
-  relptr = get_one_do (app, 0x7F21, &buffer, &buflen, NULL);
-  if (!relptr)
-    return gpg_error (GPG_ERR_NOT_FOUND);
+  if (occurrence)
+    {
+      int exmode;
 
-  if (!buflen)
-    err = gpg_error (GPG_ERR_NOT_FOUND);
-  else if (!(*cert = xtrymalloc (buflen)))
-    err = gpg_error_from_syserror ();
+      err = iso7816_select_data (app_get_slot (app), occurrence, 0x7F21);
+      if (!err)
+        {
+          if (app->app_local->cardcap.ext_lc_le)
+            exmode = app->app_local->extcap.max_certlen;
+          else
+            exmode = 0;
+
+          err = iso7816_get_data (app_get_slot (app), exmode, 0x7F21,
+                                  cert, certlen);
+          /* We reset the curDO even for an error.  */
+          iso7816_select_data (app_get_slot (app), 0, 0x7F21);
+        }
+
+      if (err)
+        err = gpg_error (GPG_ERR_NOT_FOUND);
+    }
   else
     {
-      memcpy (*cert, buffer, buflen);
-      *certlen = buflen;
-      err  = 0;
+      unsigned char *buffer;
+      size_t buflen;
+      void *relptr;
+
+      relptr = get_one_do (app, 0x7F21, &buffer, &buflen, NULL);
+      if (!relptr)
+        return gpg_error (GPG_ERR_NOT_FOUND);
+
+      if (!buflen)
+        err = gpg_error (GPG_ERR_NOT_FOUND);
+      else if (!(*cert = xtrymalloc (buflen)))
+        err = gpg_error_from_syserror ();
+      else
+        {
+          memcpy (*cert, buffer, buflen);
+          *certlen = buflen;
+          err = 0;
+        }
+      xfree (relptr);
     }
-  xfree (relptr);
+
   return err;
 }
 
@@ -2128,7 +2360,7 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
 {
   char *serial, *disp_name, *rembuf, *tmpbuf, *result;
 
-  serial = get_disp_serialno (app);
+  serial = app_get_dispserialno (app, 0);
   if (!serial)
     return NULL;
 
@@ -2188,25 +2420,39 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
 }
 
 /* Compute hash if KDF-DO is available.  CHVNO must be 0 for reset
-   code, 1 or 2 for user pin and 3 for admin pin.
- */
+ * code, 1 or 2 for user pin and 3 for admin pin.  PIN is the original
+ * PIN as entered by the user.  R_PINVALUE and r_PINLEN will receive a
+ * newly allocated buffer with a possible modified pin.  */
 static gpg_error_t
-pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
+pin2hash_if_kdf (app_t app, int chvno, const char *pin,
+                 char **r_pinvalue, size_t *r_pinlen)
 {
   gpg_error_t err = 0;
   void *relptr = NULL;
   unsigned char *buffer;
-  size_t buflen;
+  size_t pinlen, buflen;
+  char *dek = NULL;
+  size_t deklen = 32;
+
+  *r_pinvalue = NULL;
+  *r_pinlen = 0;
 
+  pinlen = strlen (pin);
   if (app->app_local->extcap.kdf_do
       && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL))
       && buflen >= KDF_DATA_LENGTH_MIN && (buffer[2] == 0x03))
     {
       const char *salt;
       unsigned long s2k_count;
-      char dek[32];
       int salt_index;
 
+      dek = xtrymalloc (deklen);
+      if (!dek)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
       s2k_count = (((unsigned int)buffer[8] << 24)
                    | (buffer[9] << 16) | (buffer[10] << 8) | buffer[11]);
 
@@ -2221,27 +2467,120 @@ pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
         }
 
       salt = &buffer[salt_index];
-      err = gcry_kdf_derive (pinvalue, strlen (pinvalue),
+      err = gcry_kdf_derive (pin, pinlen,
                              GCRY_KDF_ITERSALTED_S2K,
                              DIGEST_ALGO_SHA256, salt, 8,
-                             s2k_count, sizeof (dek), dek);
+                             s2k_count, deklen, dek);
       if (!err)
         {
-          /* pinvalue has a buffer of MAXLEN_PIN+1, 32 is OK.  */
-          *r_pinlen = 32;
-          memcpy (pinvalue, dek, *r_pinlen);
-          wipememory (dek, *r_pinlen);
+          *r_pinlen = deklen;
+          *r_pinvalue = dek;
+          dek = NULL;
         }
-   }
+    }
   else
-    *r_pinlen = strlen (pinvalue);
+    {
+      /* Just copy the PIN to a malloced buffer.  */
+      *r_pinvalue = xtrymalloc_secure (pinlen + 1);
+      if (!*r_pinvalue)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      strcpy (*r_pinvalue, pin);
+      *r_pinlen = pinlen;
+    }
 
  leave:
+  xfree (dek);
   xfree (relptr);
   return err;
 }
 
 
+static const char *
+chvno_to_keyref (int chvno)
+{
+  const char *keyref;
+  switch (chvno)
+    {
+    case 1: keyref = "1"; break;
+    case 2: keyref = "2"; break;
+    case 3: keyref = "3"; break;
+    default: keyref = NULL; break;
+    }
+  return keyref;
+}
+
+
+/* Helper to cache a PIN.  If PIN is NULL the cache is cleared. */
+static void
+cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin)
+{
+  const char *keyref;
+
+  if (opt.pcsc_shared)
+    return;
+
+  keyref = chvno_to_keyref (chvno);
+  if (!keyref)
+    return;
+
+  switch (APP_CARD(app)->cardtype)
+    {
+    case CARDTYPE_YUBIKEY: break;
+    default: return;
+    }
+
+  pincache_put (ctrl, app_get_slot (app), "openpgp", keyref,
+                pin, pin? strlen (pin):0);
+
+  switch (chvno)
+    {
+    case 1: app->app_local->pincache.maybe_chv1 = !!pin; break;
+    case 2: app->app_local->pincache.maybe_chv2 = !!pin; break;
+    case 3: app->app_local->pincache.maybe_chv3 = !!pin; break;
+    }
+}
+
+
+/* If the PIN cache is expected and really has a valid PIN return that
+ * pin at R_PIN.  Returns true if that is the case; otherwise
+ * false.  */
+static int
+pin_from_cache (app_t app, ctrl_t ctrl, int chvno, char **r_pin)
+{
+  const char *keyref = chvno_to_keyref (chvno);
+  int maybe_cached;
+
+  *r_pin = NULL;
+
+  if (!keyref)
+    return 0;
+  switch (APP_CARD(app)->cardtype)
+    {
+    case CARDTYPE_YUBIKEY: break;
+    default: return 0;
+    }
+
+  switch (chvno)
+    {
+    case 1: maybe_cached = app->app_local->pincache.maybe_chv1; break;
+    case 2: maybe_cached = app->app_local->pincache.maybe_chv2; break;
+    case 3: maybe_cached = app->app_local->pincache.maybe_chv3; break;
+    default: maybe_cached = 0; break;
+    }
+
+  if (!maybe_cached)
+    return 0;
+
+  if (pincache_get (ctrl, app_get_slot (app), "openpgp", keyref, r_pin))
+    return 0;
+
+  return 1;
+}
+
+
 /* Verify a CHV either using the pinentry or if possible by
    using a pinpad.  PINCB and PINCB_ARG describe the usual callback
    for the pinentry.  CHVNO must be either 1 or 2. SIGCOUNT is only
@@ -2253,10 +2592,10 @@ pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
    as an indication that the pinpad has been used.
    */
 static gpg_error_t
-verify_a_chv (app_t app,
+verify_a_chv (app_t app, ctrl_t ctrl,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg, int chvno, unsigned long sigcount,
-              char **pinvalue, int *pinlen)
+              char **r_pinvalue, size_t *r_pinlen)
 {
   int rc = 0;
   char *prompt_buffer = NULL;
@@ -2264,11 +2603,12 @@ verify_a_chv (app_t app,
   pininfo_t pininfo;
   int minlen = 6;
   int remaining;
+  char *pin = NULL;
 
   log_assert (chvno == 1 || chvno == 2);
 
-  *pinvalue = NULL;
-  *pinlen = 0;
+  *r_pinvalue = NULL;
+  *r_pinlen = 0;
 
   remaining = get_remaining_tries (app, 0);
   if (remaining == -1)
@@ -2279,7 +2619,7 @@ verify_a_chv (app_t app,
       /* Special case for def_chv2 mechanism. */
       if (opt.verbose)
         log_info (_("using default PIN as %s\n"), "CHV2");
-      rc = iso7816_verify (app->slot, 0x82, "123456", 6);
+      rc = iso7816_verify (app_get_slot (app), 0x82, "123456", 6);
       if (rc)
         {
           /* Verification of CHV2 with the default PIN failed,
@@ -2312,12 +2652,14 @@ verify_a_chv (app_t app,
   }
 
   if (!opt.disable_pinpad
-      && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
+      && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo)
       && !check_pinpad_request (app, &pininfo, 0))
     {
       /* The reader supports the verify command through the pinpad.
-         Note that the pincb appends a text to the prompt telling the
-         user to use the pinpad. */
+       * In this case we do not utilize the PIN cache because by using
+       * a pinpad the PIN can't have been cached.
+       * Note that the pincb appends a text to the prompt telling the
+       * user to use the pinpad. */
       rc = pincb (pincb_arg, prompt, NULL);
       prompt = NULL;
       xfree (prompt_buffer);
@@ -2328,16 +2670,21 @@ verify_a_chv (app_t app,
                     gpg_strerror (rc));
           return rc;
         }
-      rc = iso7816_verify_kp (app->slot, 0x80+chvno, &pininfo);
+      rc = iso7816_verify_kp (app_get_slot (app), 0x80+chvno, &pininfo);
       /* Dismiss the prompt. */
       pincb (pincb_arg, NULL, NULL);
-
-      log_assert (!*pinvalue);
     }
   else
     {
-      /* The reader has no pinpad or we don't want to use it. */
-      rc = pincb (pincb_arg, prompt, pinvalue);
+      /* The reader has no pinpad or we don't want to use it.  If we
+       * have at least the standard 3 remaining tries we first try to
+       * get the PIN from the cache.  With less remaining tries it is
+       * better to let the user know about failed attempts (which
+       * might be due to a bug in the PIN cache handling). */
+      if (remaining >= 3 && pin_from_cache (app, ctrl, chvno, &pin))
+        rc = 0;
+      else
+        rc = pincb (pincb_arg, prompt, &pin);
       prompt = NULL;
       xfree (prompt_buffer);
       prompt_buffer = NULL;
@@ -2348,25 +2695,29 @@ verify_a_chv (app_t app,
           return rc;
         }
 
-      if (strlen (*pinvalue) < minlen)
+      if (strlen (pin) < minlen)
         {
           log_error (_("PIN for CHV%d is too short;"
                        " minimum length is %d\n"), chvno, minlen);
-          xfree (*pinvalue);
-          *pinvalue = NULL;
+          wipe_and_free_string (pin);
           return gpg_error (GPG_ERR_BAD_PIN);
         }
 
-      rc = pin2hash_if_kdf (app, chvno, *pinvalue, pinlen);
+      rc = pin2hash_if_kdf (app, chvno, pin, r_pinvalue, r_pinlen);
       if (!rc)
-        rc = iso7816_verify (app->slot, 0x80+chvno, *pinvalue, *pinlen);
+        rc = iso7816_verify (app_get_slot (app),
+                             0x80 + chvno, *r_pinvalue, *r_pinlen);
+      if (!rc)
+        cache_pin (app, ctrl, chvno, pin);
     }
 
+  wipe_and_free_string (pin);
   if (rc)
     {
       log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
-      xfree (*pinvalue);
-      *pinvalue = NULL;
+      xfree (*r_pinvalue);
+      *r_pinvalue = NULL;
+      *r_pinlen = 0;
       flush_cache_after_error (app);
     }
 
@@ -2377,25 +2728,20 @@ verify_a_chv (app_t app,
 /* Verify CHV2 if required.  Depending on the configuration of the
    card CHV1 will also be verified. */
 static gpg_error_t
-verify_chv2 (app_t app,
+verify_chv2 (app_t app, ctrl_t ctrl,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg)
 {
   int rc;
   char *pinvalue;
-  int pinlen;
-  int i;
+  size_t pinlen;
 
   if (app->did_chv2)
     return 0;  /* We already verified CHV2.  */
 
-  /* Make sure we have load the public keys.  */
-  for (i = 0; i < 3; i++)
-    get_public_key (app, i);
-
   if (app->app_local->pk[1].key || app->app_local->pk[2].key)
     {
-      rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
+      rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
       if (rc)
         return rc;
       app->did_chv2 = 1;
@@ -2406,7 +2752,7 @@ verify_chv2 (app_t app,
              the card is not configured to require a verification before
              each CHV1 controlled operation (force_chv1) and if we are not
              using the pinpad (PINVALUE == NULL). */
-          rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
+          rc = iso7816_verify (app_get_slot (app), 0x81, pinvalue, pinlen);
           if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
             rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
           if (rc)
@@ -2415,32 +2761,40 @@ verify_chv2 (app_t app,
               flush_cache_after_error (app);
             }
           else
-            app->did_chv1 = 1;
+            {
+              app->did_chv1 = 1;
+              /* Note that we are not able to cache the CHV 1 here because
+               * it is possible that due to the use of a KDF-DO PINVALUE
+               * has the hashed binary PIN of length PINLEN.  */
+            }
         }
     }
   else
     {
-      rc = verify_a_chv (app, pincb, pincb_arg, 1, 0, &pinvalue, &pinlen);
+      rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 1, 0, &pinvalue, &pinlen);
       if (rc)
         return rc;
     }
 
-  xfree (pinvalue);
+  wipe_and_free (pinvalue, pinlen);
 
   return rc;
 }
 
 
 /* Build the prompt to enter the Admin PIN.  The prompt depends on the
-   current sdtate of the card.  */
+ * current state of the card.  If R_REMAINING is not NULL the
+ * remaining tries are stored there.  */
 static gpg_error_t
-build_enter_admin_pin_prompt (app_t app, char **r_prompt)
+build_enter_admin_pin_prompt (app_t app, char **r_prompt, int *r_remaining)
 {
   int remaining;
   char *prompt;
   char *infoblock;
 
   *r_prompt = NULL;
+  if (r_remaining)
+    *r_remaining = 0;
 
   remaining = get_remaining_tries (app, 1);
   if (remaining == -1)
@@ -2468,13 +2822,15 @@ build_enter_admin_pin_prompt (app_t app, char **r_prompt)
     return gpg_error_from_syserror ();
 
   *r_prompt = prompt;
+  if (r_remaining)
+    *r_remaining = remaining;
   return 0;
 }
 
 
 /* Verify CHV3 if required. */
 static gpg_error_t
-verify_chv3 (app_t app,
+verify_chv3 (app_t app, ctrl_t ctrl,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg)
 {
@@ -2491,17 +2847,19 @@ verify_chv3 (app_t app,
       pininfo_t pininfo;
       int minlen = 8;
       char *prompt;
+      int remaining;
 
       memset (&pininfo, 0, sizeof pininfo);
       pininfo.fixedlen = -1;
       pininfo.minlen = minlen;
 
-      rc = build_enter_admin_pin_prompt (app, &prompt);
+      rc = build_enter_admin_pin_prompt (app, &prompt, &remaining);
       if (rc)
         return rc;
 
       if (!opt.disable_pinpad
-          && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
+          && !iso7816_check_pinpad (app_get_slot (app),
+                                    ISO7816_VERIFY, &pininfo)
           && !check_pinpad_request (app, &pininfo, 1))
         {
           /* The reader supports the verify command through the pinpad. */
@@ -2514,16 +2872,20 @@ verify_chv3 (app_t app,
                         gpg_strerror (rc));
               return rc;
             }
-          rc = iso7816_verify_kp (app->slot, 0x83, &pininfo);
+          rc = iso7816_verify_kp (app_get_slot (app), 0x83, &pininfo);
           /* Dismiss the prompt. */
           pincb (pincb_arg, NULL, NULL);
         }
       else
         {
+          char *pin;
           char *pinvalue;
-          int pinlen;
+          size_t pinlen;
 
-          rc = pincb (pincb_arg, prompt, &pinvalue);
+          if (remaining >= 3 && pin_from_cache (app, ctrl, 3, &pin))
+            rc = 0;
+          else
+            rc = pincb (pincb_arg, prompt, &pin);
           xfree (prompt);
           prompt = NULL;
           if (rc)
@@ -2533,18 +2895,21 @@ verify_chv3 (app_t app,
               return rc;
             }
 
-          if (strlen (pinvalue) < minlen)
+          if (strlen (pin) < minlen)
             {
               log_error (_("PIN for CHV%d is too short;"
                            " minimum length is %d\n"), 3, minlen);
-              xfree (pinvalue);
+              wipe_and_free_string (pin);
               return gpg_error (GPG_ERR_BAD_PIN);
             }
 
-          rc = pin2hash_if_kdf (app, 3, pinvalue, &pinlen);
+          rc = pin2hash_if_kdf (app, 3, pin, &pinvalue, &pinlen);
+          if (!rc)
+            rc = iso7816_verify (app_get_slot (app), 0x83, pinvalue, pinlen);
           if (!rc)
-            rc = iso7816_verify (app->slot, 0x83, pinvalue, pinlen);
-          xfree (pinvalue);
+            cache_pin (app, ctrl, 3, pin);
+          wipe_and_free_string (pin);
+          wipe_and_free (pinvalue, pinlen);
         }
 
       if (rc)
@@ -2555,6 +2920,7 @@ verify_chv3 (app_t app,
         }
       app->did_chv3 = 1;
     }
+
   return rc;
 }
 
@@ -2576,6 +2942,7 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
     int need_chv;
     int special;
     unsigned int need_v2:1;
+    unsigned int need_v3:1;
   } table[] = {
     { "DISP-NAME",    0x005B, 0,      3 },
     { "LOGIN-DATA",   0x005E, 0,      3, 2 },
@@ -2590,35 +2957,45 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
     { "PRIVATE-DO-2", 0x0102, 0,      3 },
     { "PRIVATE-DO-3", 0x0103, 0,      2 },
     { "PRIVATE-DO-4", 0x0104, 0,      3 },
+    { "CERT-1",       0x7F21, 0,      3,11, 1, 1 },
+    { "CERT-2",       0x7F21, 0,      3,12, 1, 1 },
     { "CERT-3",       0x7F21, 0,      3, 0, 1 },
     { "SM-KEY-ENC",   0x00D1, 0,      3, 0, 1 },
     { "SM-KEY-MAC",   0x00D2, 0,      3, 0, 1 },
     { "KEY-ATTR",     0,      0,      0, 3, 1 },
     { "AESKEY",       0x00D5, 0,      3, 0, 1 },
-    { "KDF",          0x00F9, 0,      3, 4, 1 },
+    { "UIF-1",        0x00D6, 0,      3, 5, 1 },
+    { "UIF-2",        0x00D7, 0,      3, 5, 1 },
+    { "UIF-3",        0x00D8, 0,      3, 5, 1 },
+    { "KDF",          0x00F9, 0,      0, 4, 1 },
     { NULL, 0 }
   };
   int exmode;
 
-  (void)ctrl;
-
   for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
     ;
   if (!table[idx].name)
     return gpg_error (GPG_ERR_INV_NAME);
   if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
-    return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported.  */
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+  if (table[idx].need_v3 && !app->app_local->extcap.is_v3)
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  if (table[idx].special == 5 && app->app_local->extcap.has_button == 0)
+    return gpg_error (GPG_ERR_INV_OBJ);
 
   if (table[idx].special == 3)
-    return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
+    return change_keyattr_from_string (app, ctrl, pincb, pincb_arg,
+                                       NULL, NULL,
+                                       value, valuelen);
 
   switch (table[idx].need_chv)
     {
     case 2:
-      rc = verify_chv2 (app, pincb, pincb_arg);
+      rc = verify_chv2 (app, ctrl, pincb, pincb_arg);
       break;
     case 3:
-      rc = verify_chv3 (app, pincb, pincb_arg);
+      rc = verify_chv3 (app, ctrl, pincb, pincb_arg);
       break;
     default:
       rc = 0;
@@ -2638,19 +3015,124 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
     exmode = -254; /* Command chaining with max. 254 bytes.  */
   else
     exmode = 0;
-  rc = iso7816_put_data (app->slot, exmode, table[idx].tag, value, valuelen);
-  if (rc)
-    log_error ("failed to set '%s': %s\n", table[idx].name, gpg_strerror (rc));
 
-  if (table[idx].special == 1)
-    app->force_chv1 = (valuelen && *value == 0);
-  else if (table[idx].special == 2)
-    parse_login_data (app);
-  else if (table[idx].special == 4)
+  if (table[idx].special == 4)
     {
-      app->did_chv1 = 0;
-      app->did_chv2 = 0;
-      app->did_chv3 = 0;
+      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
+          || APP_CARD(app)->cardtype == CARDTYPE_GNUK)
+        {
+          rc = verify_chv3 (app, ctrl, pincb, pincb_arg);
+          if (rc)
+            return rc;
+
+          if (valuelen == 3
+              && APP_CARD(app)->cardtype == CARDTYPE_GNUK)
+            {
+              value = NULL;
+              valuelen = 0;
+            }
+
+          cache_pin (app, ctrl, 1, NULL);
+          cache_pin (app, ctrl, 2, NULL);
+          cache_pin (app, ctrl, 3, NULL);
+        }
+      else
+        {
+          char *oldpinvalue = NULL;
+          char *buffer1 = NULL;
+          size_t bufferlen1;
+          const char *u, *a;
+          size_t ulen, alen;
+
+          if (valuelen == 3)
+            {
+              u = "123456";
+              a = "12345678";
+              ulen = 6;
+              alen = 8;
+            }
+          else if (valuelen == KDF_DATA_LENGTH_MAX)
+            {
+              u = (const char *)value + 44;
+              a = u + 34;
+              ulen = alen = 32;
+            }
+          else
+            return gpg_error (GPG_ERR_INV_OBJ);
+
+          if (!pin_from_cache (app, ctrl, 3, &oldpinvalue))
+            {
+              char *prompt;
+
+              rc = build_enter_admin_pin_prompt (app, &prompt, NULL);
+              if (rc)
+                return rc;
+
+              rc = pincb (pincb_arg, prompt, &oldpinvalue);
+              if (rc)
+                {
+                  log_info (_("PIN callback returned error: %s\n"),
+                            gpg_strerror (rc));
+                  return rc;
+                }
+            }
+
+          rc = pin2hash_if_kdf (app, 3, oldpinvalue, &buffer1, &bufferlen1);
+          if (!rc)
+            rc = iso7816_change_reference_data (app_get_slot (app),
+                                                0x83,
+                                                buffer1, bufferlen1,
+                                                a, alen);
+          if (!rc)
+            rc = iso7816_verify (app_get_slot (app), 0x83, a, alen);
+          if (!rc)
+            cache_pin (app, ctrl, 3, "12345678");
+
+          if (!rc)
+            rc = iso7816_reset_retry_counter (app_get_slot (app), 0x81, u, ulen);
+          if (!rc)
+            cache_pin (app, ctrl, 1, "123456");
+
+          if (!rc)
+            rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0);
+
+          wipe_and_free (buffer1, bufferlen1);
+          wipe_and_free_string (oldpinvalue);
+        }
+
+      /* Flush the cache again, because pin2hash_if_kdf uses the DO.  */
+      flush_cache_item (app, 0x00F9);
+    }
+
+
+  if (table[idx].special == 11 || table[idx].special == 12) /* CERT-1 or -2 */
+    {
+      rc = iso7816_select_data (app_get_slot (app),
+                                table[idx].special == 11? 2 : 1,
+                                table[idx].tag);
+      if (!rc)
+        {
+          rc = iso7816_put_data (app_get_slot (app),
+                                 exmode, table[idx].tag, value, valuelen);
+          /* We better reset the curDO.  */
+          iso7816_select_data (app_get_slot (app), 0, table[idx].tag);
+        }
+    }
+  else  /* Standard.  */
+    rc = iso7816_put_data (app_get_slot (app),
+                           exmode, table[idx].tag, value, valuelen);
+  if (rc)
+    log_error ("failed to set '%s': %s\n", table[idx].name, gpg_strerror (rc));
+
+  if (table[idx].special == 1)
+    app->force_chv1 = (valuelen && *value == 0);
+  else if (table[idx].special == 2)
+    parse_login_data (app);
+  else if (table[idx].special == 4)
+    {
+      app->did_chv1 = 0;
+      app->did_chv2 = 0;
+      app->did_chv3 = 0;
 
       if ((valuelen == KDF_DATA_LENGTH_MIN || valuelen == KDF_DATA_LENGTH_MAX)
           && (value[2] == 0x03))
@@ -2663,10 +3145,10 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
 }
 
 
-/* Handle the WRITECERT command for OpenPGP.  This rites the standard
-   certifciate to the card; CERTID needs to be set to "OPENPGP.3".
-   PINCB and PINCB_ARG are the usual arguments for the pinentry
-   callback.  */
+/* Handle the WRITECERT command for OpenPGP.  This writes the standard
+ * certificate to the card; CERTID needs to be set to "OPENPGP.3".
+ * PINCB and PINCB_ARG are the usual arguments for the pinentry
+ * callback.  */
 static gpg_error_t
 do_writecert (app_t app, ctrl_t ctrl,
               const char *certidstr,
@@ -2674,19 +3156,68 @@ do_writecert (app_t app, ctrl_t ctrl,
               void *pincb_arg,
               const unsigned char *certdata, size_t certdatalen)
 {
-  if (strcmp (certidstr, "OPENPGP.3"))
+  const char *name;
+  if (!ascii_strcasecmp (certidstr, "OPENPGP.3"))
+    name = "CERT-3";
+  else if (!ascii_strcasecmp (certidstr, "OPENPGP.2"))
+    name = "CERT-2";
+  else if (!ascii_strcasecmp (certidstr, "OPENPGP.1"))
+    name = "CERT-1";
+  else
     return gpg_error (GPG_ERR_INV_ID);
+
   if (!certdata || !certdatalen)
     return gpg_error (GPG_ERR_INV_ARG);
   if (!app->app_local->extcap.is_v2)
     return gpg_error (GPG_ERR_NOT_SUPPORTED);
-  if (certdatalen > app->app_local->extcap.max_certlen_3)
+  /* do_setattr checks that CERT-2 and CERT-1 requires a v3 card.  */
+
+  if (certdatalen > app->app_local->extcap.max_certlen)
     return gpg_error (GPG_ERR_TOO_LARGE);
-  return do_setattr (app, ctrl, "CERT-3", pincb, pincb_arg,
+  return do_setattr (app, ctrl, name, pincb, pincb_arg,
                      certdata, certdatalen);
 }
 
 
+static gpg_error_t
+clear_chv_status (app_t app, ctrl_t ctrl, int chvno)
+{
+  unsigned char apdu[4];
+  gpg_error_t err;
+
+  cache_pin (app, ctrl, chvno, NULL);
+
+  if (!app->app_local->extcap.is_v2)
+    return GPG_ERR_UNSUPPORTED_OPERATION;
+
+  apdu[0] = 0x00;
+  apdu[1] = ISO7816_VERIFY;
+  apdu[2] = 0xff;
+  apdu[3] = 0x80+chvno;
+
+  err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, NULL, NULL, NULL);
+  if (err)
+    {
+      if (gpg_err_code (err) == GPG_ERR_INV_VALUE)
+        err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+      return err;
+    }
+
+  if (chvno == 1)
+    {
+      apdu[3]++;
+      err = iso7816_apdu_direct (app_get_slot (app),
+                                 apdu, 4, 0, NULL, NULL, NULL);
+      app->did_chv1 = app->did_chv2 = 0;
+    }
+  else if (chvno == 2)
+    app->did_chv2 = 0;
+  else if (chvno == 3)
+    app->did_chv3 = 0;
+
+  return err;
+}
+
 
 /* Handle the PASSWD command.  The following combinations are
    possible:
@@ -2721,10 +3252,6 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   pininfo_t pininfo;
   int use_pinpad = 0;
   int minlen = 6;
-  int pinlen0 = 0;
-  int pinlen = 0;
-
-  (void)ctrl;
 
   if (digitp (chvnostr))
     chvno = atoi (chvnostr);
@@ -2741,8 +3268,13 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   pininfo.fixedlen = -1;
   pininfo.minlen = minlen;
 
+  /* Better clear all the PIN caches first.  */
+  cache_pin (app, ctrl, 1, NULL);
+  cache_pin (app, ctrl, 2, NULL);
+  cache_pin (app, ctrl, 3, NULL);
+
   if ((flags & APP_CHANGE_FLAG_CLEAR))
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+    return clear_chv_status (app, ctrl, chvno);
 
   if (reset_mode && chvno == 3)
     {
@@ -2758,7 +3290,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
         {
           /* We always require that the PIN is entered. */
           app->did_chv3 = 0;
-          rc = verify_chv3 (app, pincb, pincb_arg);
+          rc = verify_chv3 (app, ctrl, pincb, pincb_arg);
           if (rc)
             goto leave;
         }
@@ -2771,7 +3303,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           app->force_chv1 = 0;
           app->did_chv1 = 0;
           app->did_chv2 = 0;
-          rc = verify_chv2 (app, pincb, pincb_arg);
+          rc = verify_chv2 (app, ctrl, pincb, pincb_arg);
           app->force_chv1 = save_force;
           if (rc)
             goto leave;
@@ -2787,7 +3319,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
       /* Version 2 cards.  */
 
       if (!opt.disable_pinpad
-          && !iso7816_check_pinpad (app->slot,
+          && !iso7816_check_pinpad (app_get_slot (app),
                                     ISO7816_CHANGE_REFERENCE_DATA, &pininfo)
           && !check_pinpad_request (app, &pininfo, chvno == 3))
         use_pinpad = 1;
@@ -2797,7 +3329,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           /* To reset a PIN the Admin PIN is required. */
           use_pinpad = 0;
           app->did_chv3 = 0;
-          rc = verify_chv3 (app, pincb, pincb_arg);
+          rc = verify_chv3 (app, ctrl, pincb, pincb_arg);
           if (rc)
             goto leave;
 
@@ -2814,7 +3346,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
               if (chvno == 3)
                 {
                   minlen = 8;
-                  rc = build_enter_admin_pin_prompt (app, &promptbuf);
+                  rc = build_enter_admin_pin_prompt (app, &promptbuf, NULL);
                   if (rc)
                     goto leave;
                   prompt = promptbuf;
@@ -2915,26 +3447,32 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
 
   if (resetcode)
     {
-      char *buffer;
+      char *result1 = NULL;
+      char *result2 = NULL;
+      char *buffer = NULL;
+      size_t resultlen1, resultlen2=0, bufferlen=0;
 
-      buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
-      if (!buffer)
-        rc = gpg_error_from_syserror ();
-      else
+      rc = pin2hash_if_kdf (app, 0, resetcode, &result1, &resultlen1);
+      if (!rc)
+        rc = pin2hash_if_kdf (app, 0, pinvalue, &result2, &resultlen2);
+      if (!rc)
         {
-          strcpy (buffer, resetcode);
-          rc = pin2hash_if_kdf (app, 0, buffer, &pinlen0);
-          if (!rc)
+          bufferlen = resultlen1 + resultlen2;
+          buffer = xtrymalloc (bufferlen);
+          if (!buffer)
+            rc = gpg_error_from_syserror ();
+          else
             {
-              strcpy (buffer+pinlen0, pinvalue);
-              rc = pin2hash_if_kdf (app, 1, buffer+pinlen0, &pinlen);
+              memcpy (buffer, result1, resultlen1);
+              memcpy (buffer+resultlen1, result2, resultlen2);
             }
-          if (!rc)
-            rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
-                                                      buffer, pinlen0+pinlen);
-          wipememory (buffer, pinlen0 + pinlen);
-          xfree (buffer);
         }
+      if (!rc)
+        rc = iso7816_reset_retry_counter_with_rc (app_get_slot (app), 0x81,
+                                                  buffer, bufferlen);
+      wipe_and_free (result1, resultlen1);
+      wipe_and_free (result2, resultlen2);
+      wipe_and_free (buffer, bufferlen);
     }
   else if (set_resetcode)
     {
@@ -2945,40 +3483,56 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
         }
       else
         {
-          rc = pin2hash_if_kdf (app, 0, pinvalue, &pinlen);
+          char *buffer = NULL;
+          size_t bufferlen;
+
+          rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen);
           if (!rc)
-            rc = iso7816_put_data (app->slot, 0, 0xD3, pinvalue, pinlen);
+            rc = iso7816_put_data (app_get_slot (app),
+                                   0, 0xD3, buffer, bufferlen);
+
+          wipe_and_free (buffer, bufferlen);
         }
     }
   else if (reset_mode)
     {
-      rc = pin2hash_if_kdf (app, 1, pinvalue, &pinlen);
+      char *buffer = NULL;
+      size_t bufferlen;
+
+      rc = pin2hash_if_kdf (app, 1, pinvalue, &buffer, &bufferlen);
       if (!rc)
-        rc = iso7816_reset_retry_counter (app->slot, 0x81, pinvalue, pinlen);
+        rc = iso7816_reset_retry_counter (app_get_slot (app),
+                                          0x81, buffer, bufferlen);
       if (!rc && !app->app_local->extcap.is_v2)
-        rc = iso7816_reset_retry_counter (app->slot, 0x82, pinvalue, pinlen);
+        rc = iso7816_reset_retry_counter (app_get_slot (app),
+                                          0x82, buffer, bufferlen);
+
+      wipe_and_free (buffer, bufferlen);
     }
   else if (!app->app_local->extcap.is_v2)
     {
       /* Version 1 cards.  */
       if (chvno == 1 || chvno == 2)
         {
-          rc = iso7816_change_reference_data (app->slot, 0x81, NULL, 0,
+          rc = iso7816_change_reference_data (app_get_slot (app),
+                                              0x81, NULL, 0,
                                               pinvalue, strlen (pinvalue));
           if (!rc)
-            rc = iso7816_change_reference_data (app->slot, 0x82, NULL, 0,
+            rc = iso7816_change_reference_data (app_get_slot (app),
+                                                0x82, NULL, 0,
                                                 pinvalue, strlen (pinvalue));
         }
       else /* CHVNO == 3 */
         {
-          rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, NULL, 0,
+          rc = iso7816_change_reference_data (app_get_slot (app),
+                                              0x80 + chvno, NULL, 0,
                                               pinvalue, strlen (pinvalue));
         }
     }
   else
     {
       /* Version 2 cards.  */
-      assert (chvno == 1 || chvno == 3);
+      log_assert (chvno == 1 || chvno == 3);
 
       if (use_pinpad)
         {
@@ -2992,41 +3546,37 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
                         gpg_strerror (rc));
               goto leave;
             }
-          rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0,
+          rc = iso7816_change_reference_data_kp (app_get_slot (app),
+                                                 0x80 + chvno, 0,
                                                  &pininfo);
           pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
         }
       else
-	{
-          rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &pinlen0);
+        {
+          char *buffer1 = NULL;
+          char *buffer2 = NULL;
+          size_t bufferlen1, bufferlen2 = 0;
+
+          rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &buffer1, &bufferlen1);
           if (!rc)
-	    rc = pin2hash_if_kdf (app, chvno, pinvalue, &pinlen);
+            rc = pin2hash_if_kdf (app, chvno, pinvalue, &buffer2, &bufferlen2);
           if (!rc)
-            rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
-                                                oldpinvalue, pinlen0,
-                                                pinvalue, pinlen);
+            rc = iso7816_change_reference_data (app_get_slot (app),
+                                                0x80 + chvno,
+                                                buffer1, bufferlen1,
+                                                buffer2, bufferlen2);
+          wipe_and_free (buffer1, bufferlen1);
+          wipe_and_free (buffer2, bufferlen2);
         }
     }
 
-  if (pinvalue)
-    {
-      wipememory (pinvalue, pinlen);
-      xfree (pinvalue);
-    }
+  wipe_and_free_string (pinvalue);
   if (rc)
     flush_cache_after_error (app);
 
  leave:
-  if (resetcode)
-    {
-      wipememory (resetcode, strlen (resetcode));
-      xfree (resetcode);
-    }
-  if (oldpinvalue)
-    {
-      wipememory (oldpinvalue, pinlen0);
-      xfree (oldpinvalue);
-    }
+  wipe_and_free_string (resetcode);
+  wipe_and_free_string (oldpinvalue);
   return rc;
 }
 
@@ -3043,9 +3593,9 @@ does_key_exist (app_t app, int keyidx, int generating, int force)
   size_t buflen, n;
   int i;
 
-  assert (keyidx >=0 && keyidx <= 2);
+  log_assert (keyidx >=0 && keyidx <= 2);
 
-  if (iso7816_get_data (app->slot, 0, 0x006E, &buffer, &buflen))
+  if (iso7816_get_data (app_get_slot (app), 0, 0x006E, &buffer, &buflen))
     {
       log_error (_("error reading application data\n"));
       return gpg_error (GPG_ERR_GENERAL);
@@ -3083,7 +3633,7 @@ add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
 {
   unsigned char *p = buffer;
 
-  assert (tag <= 0xffff);
+  log_assert (tag <= 0xffff);
   if ( tag > 0xff )
     *p++ = tag >> 8;
   *p++ = tag;
@@ -3147,7 +3697,7 @@ build_privkey_template (app_t app, int keyno,
 
   /* Get the required length for E. Rounded up to the nearest byte  */
   rsa_e_reqlen = (app->app_local->keyattr[keyno].rsa.e_bits + 7) / 8;
-  assert (rsa_e_len <= rsa_e_reqlen);
+  log_assert (rsa_e_len <= rsa_e_reqlen);
 
   /* Build the 7f48 cardholder private key template.  */
   datalen = 0;
@@ -3246,7 +3796,7 @@ build_privkey_template (app_t app, int keyno,
 
   /* Sanity check.  We don't know the exact length because we
      allocated 3 bytes for the first length header.  */
-  assert (tp - template <= template_size);
+  log_assert (tp - template <= template_size);
 
   *result = template;
   *resultlen = tp - template;
@@ -3353,7 +3903,7 @@ build_ecc_privkey_template (app_t app, int keyno,
       tp += ecc_q_len;
     }
 
-  assert (tp - template == template_size);
+  log_assert (tp - template == template_size);
 
   *result = template;
   *resultlen = tp - template;
@@ -3364,36 +3914,41 @@ build_ecc_privkey_template (app_t app, int keyno,
 /* Helper for do_writekey to change the size of a key.  Note that
    this deletes the entire key without asking.  */
 static gpg_error_t
-change_keyattr (app_t app, int keyno, const unsigned char *buf, size_t buflen,
+change_keyattr (app_t app, ctrl_t ctrl,
+                int keyno, const unsigned char *buf, size_t buflen,
                 gpg_error_t (*pincb)(void*, const char *, char **),
                 void *pincb_arg)
 {
   gpg_error_t err;
 
-  assert (keyno >=0 && keyno <= 2);
+  log_assert (keyno >=0 && keyno <= 2);
 
   /* Prepare for storing the key.  */
-  err = verify_chv3 (app, pincb, pincb_arg);
+  err = verify_chv3 (app, ctrl, pincb, pincb_arg);
   if (err)
     return err;
 
   /* Change the attribute.  */
-  err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buf, buflen);
+  err = iso7816_put_data (app_get_slot (app), 0, 0xC1+keyno, buf, buflen);
   if (err)
-    log_error ("error changing key attribute (key=%d)\n", keyno+1);
+    log_error ("error changing key attribute of OPENPGP.%d\n",
+               keyno+1);
   else
-    log_info ("key attribute changed (key=%d)\n", keyno+1);
+    log_info ("key attribute of OPENPGP.%d changed\n", keyno+1);
   flush_cache (app);
-  err = parse_algorithm_attribute (app, keyno);
+  parse_algorithm_attribute (app, keyno);
   app->did_chv1 = 0;
   app->did_chv2 = 0;
   app->did_chv3 = 0;
+  cache_pin (app, ctrl, 1, NULL);
+  cache_pin (app, ctrl, 2, NULL);
+  cache_pin (app, ctrl, 3, NULL);
   return err;
 }
 
 
 static gpg_error_t
-change_rsa_keyattr (app_t app, int keyno, unsigned int nbits,
+change_rsa_keyattr (app_t app, ctrl_t ctrl, int keyno, unsigned int nbits,
                     gpg_error_t (*pincb)(void*, const char *, char **),
                     void *pincb_arg)
 {
@@ -3433,7 +3988,7 @@ change_rsa_keyattr (app_t app, int keyno, unsigned int nbits,
           buflen = 6;
         }
 
-      err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg);
+      err = change_keyattr (app, ctrl, keyno, buf, buflen, pincb, pincb_arg);
       xfree (relptr);
     }
 
@@ -3442,72 +3997,164 @@ change_rsa_keyattr (app_t app, int keyno, unsigned int nbits,
 
 
 /* Helper to process an setattr command for name KEY-ATTR.
-   In (VALUE,VALUELEN), it expects following string:
-        RSA: "--force <key> <algo> rsa<nbits>"
-        ECC: "--force <key> <algo> <curvename>"
-  */
+ *
+ * If KEYREF and KEYALGO are NULL (VALUE,VALUELEN) are expected to
+ * contain one of the following strings:
+ *       RSA: "--force <key> <algo> rsa<nbits>"
+ *       ECC: "--force <key> <algo> <curvename>"
+ *
+ * If KEYREF and KEYALGO is given the key attribute for KEYREF are
+ * changed to what is described by KEYALGO (e.g. "rsa3072", "rsa2048",
+ * or "ed25519").
+ */
 static gpg_error_t
-change_keyattr_from_string (app_t app,
+change_keyattr_from_string (app_t app, ctrl_t ctrl,
                             gpg_error_t (*pincb)(void*, const char *, char **),
                             void *pincb_arg,
+                            const char *keyref, const char *keyalgo,
                             const void *value, size_t valuelen)
 {
   gpg_error_t err = 0;
-  char *string;
+  char *string = NULL;
   int key, keyno, algo;
-  int n = 0;
+  unsigned int nbits = 0;
+  const char *oidstr = NULL; /* OID of the curve.  */
+  char *endp;
+
+  if (keyref && keyalgo && *keyref && *keyalgo)
+    {
+      if (!ascii_strcasecmp (keyref, "OPENPGP.1"))
+        keyno = 0;
+      else if (!ascii_strcasecmp (keyref, "OPENPGP.2"))
+        keyno = 1;
+      else if (!ascii_strcasecmp (keyref, "OPENPGP.3"))
+        keyno = 2;
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          goto leave;
+        }
 
-  /* VALUE is expected to be a string but not guaranteed to be
-     terminated.  Thus copy it to an allocated buffer first. */
-  string = xtrymalloc (valuelen+1);
-  if (!string)
-    return gpg_error_from_syserror ();
-  memcpy (string, value, valuelen);
-  string[valuelen] = 0;
+      if (!strncmp (keyalgo, "rsa", 3) && digitp (keyalgo+3))
+        {
+          errno = 0;
+          nbits = strtoul (keyalgo+3, &endp, 10);
+          if (errno || *endp)
+            {
+              err = gpg_error (GPG_ERR_INV_DATA);
+              goto leave;
+            }
+          algo = PUBKEY_ALGO_RSA;
+        }
+      else if ((!strncmp (keyalgo, "dsa", 3) || !strncmp (keyalgo, "elg", 3))
+               && digitp (keyalgo+3))
+        {
+          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+          goto leave;
+        }
+      else
+        {
+          nbits = 0;
+          oidstr = openpgp_curve_to_oid (keyalgo, NULL, &algo);
+          if (!oidstr)
+            {
+              err = gpg_error (GPG_ERR_INV_DATA);
+              goto leave;
+            }
+          if (!algo)
+            algo = keyno == 1? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA;
+        }
 
-  /* Because this function deletes the key we require the string
-     "--force" in the data to make clear that something serious might
-     happen.  */
-  sscanf (string, "--force %d %d %n", &key, &algo, &n);
-  if (n < 12)
+    }
+  else if (!keyref && !keyalgo && value)
     {
-      err = gpg_error (GPG_ERR_INV_DATA);
+      int n;
+
+      /* VALUE is expected to be a string but not guaranteed to be
+       * terminated.  Thus copy it to an allocated buffer first. */
+      string = xtrymalloc (valuelen+1);
+      if (!string)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      memcpy (string, value, valuelen);
+      string[valuelen] = 0;
+
+      /* Because this function deletes the key we require the string
+       * "--force" in the data to make clear that something serious
+       * might happen.  */
+      n = 0;
+      sscanf (string, "--force %d %d %n", &key, &algo, &n);
+      if (n < 12)
+        {
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      keyno = key - 1;
+      if (algo == PUBKEY_ALGO_RSA)
+        {
+          errno = 0;
+          nbits = strtoul (string+n+3, NULL, 10);
+          if (errno)
+            {
+              err = gpg_error (GPG_ERR_INV_DATA);
+              goto leave;
+            }
+        }
+      else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
+               || algo == PUBKEY_ALGO_EDDSA)
+        {
+          oidstr = openpgp_curve_to_oid (string+n, NULL, NULL);
+          if (!oidstr)
+            {
+              err = gpg_error (GPG_ERR_INV_DATA);
+              goto leave;
+            }
+        }
+      else
+        {
+          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+          goto leave;
+        }
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
       goto leave;
     }
 
-  keyno = key - 1;
   if (keyno < 0 || keyno > 2)
     err = gpg_error (GPG_ERR_INV_ID);
   else if (algo == PUBKEY_ALGO_RSA)
     {
-      unsigned int nbits;
-
-      errno = 0;
-      nbits = strtoul (string+n+3, NULL, 10);
-      if (errno)
-        err = gpg_error (GPG_ERR_INV_DATA);
-      else if (nbits < 1024)
+      if (nbits < 1024)
         err = gpg_error (GPG_ERR_TOO_SHORT);
       else if (nbits > 4096)
         err = gpg_error (GPG_ERR_TOO_LARGE);
       else
-        err = change_rsa_keyattr (app, keyno, nbits, pincb, pincb_arg);
+        err = change_rsa_keyattr (app, ctrl, keyno, nbits, pincb, pincb_arg);
     }
   else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
            || algo == PUBKEY_ALGO_EDDSA)
     {
-      const char *oidstr;
       gcry_mpi_t oid;
       const unsigned char *oidbuf;
       size_t oid_len;
+      unsigned int n;
+
+      /* Check that the requested algo matches the properties of the
+       * key slot.  */
+      if (keyno == 1 && algo != PUBKEY_ALGO_ECDH)
+        err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+      else if (keyno != 1 && algo == PUBKEY_ALGO_ECDH)
+        err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+      else
+        err = 0;
+      if (err)
+        goto leave;
 
-      oidstr = openpgp_curve_to_oid (string+n, NULL, NULL);
-      if (!oidstr)
-        {
-          err = gpg_error (GPG_ERR_INV_DATA);
-          goto leave;
-        }
-
+      /* Convert the OID string to an OpenPGP formatted OID.  */
       err = openpgp_oid_from_str (oidstr, &oid);
       if (err)
         goto leave;
@@ -3515,10 +4162,17 @@ change_keyattr_from_string (app_t app,
       oidbuf = gcry_mpi_get_opaque (oid, &n);
       oid_len = (n+7)/8;
 
-      /* We have enough room at STRING.  */
+      /* Create the template.  */
+      xfree (string);
+      string = xtrymalloc (1 + oid_len);
+      if (!string)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
       string[0] = algo;
       memcpy (string+1, oidbuf+1, oid_len-1);
-      err = change_keyattr (app, keyno, string, oid_len, pincb, pincb_arg);
+      err = change_keyattr (app, ctrl,keyno, string, oid_len, pincb, pincb_arg);
       gcry_mpi_release (oid);
     }
   else
@@ -3531,7 +4185,8 @@ change_keyattr_from_string (app_t app,
 
 
 static gpg_error_t
-rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
+rsa_writekey (app_t app, ctrl_t ctrl,
+              gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg, int keyno,
               const unsigned char *buf, size_t buflen, int depth)
 {
@@ -3657,7 +4312,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
       && app->app_local->extcap.algo_attr_change)
     {
       /* Try to switch the key to a new length.  */
-      err = change_rsa_keyattr (app, keyno, nbits, pincb, pincb_arg);
+      err = change_rsa_keyattr (app, ctrl, keyno, nbits, pincb, pincb_arg);
       if (!err)
         maxbits = app->app_local->keyattr[keyno].rsa.n_bits;
     }
@@ -3759,7 +4414,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
         goto leave;
 
       /* Prepare for storing the key.  */
-      err = verify_chv3 (app, pincb, pincb_arg);
+      err = verify_chv3 (app, ctrl, pincb, pincb_arg);
       if (err)
         goto leave;
 
@@ -3770,7 +4425,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
         exmode = -254;
       else
         exmode = 0;
-      err = iso7816_put_data_odd (app->slot, exmode, 0x3fff,
+      err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff,
                                   template, template_len);
     }
   else
@@ -3781,7 +4436,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
          0xC1   <length> prime p
          0xC2   <length> prime q
       */
-      assert (rsa_e_len <= 4);
+      log_assert (rsa_e_len <= 4);
       template_len = (1 + 1 + 4
                       + 1 + 1 + rsa_p_len
                       + 1 + 1 + rsa_q_len);
@@ -3812,15 +4467,15 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
       memcpy (tp, rsa_q, rsa_q_len);
       tp += rsa_q_len;
 
-      assert (tp - template == template_len);
+      log_assert (tp - template == template_len);
 
       /* Prepare for storing the key.  */
-      err = verify_chv3 (app, pincb, pincb_arg);
+      err = verify_chv3 (app, ctrl, pincb, pincb_arg);
       if (err)
         goto leave;
 
       /* Store the key. */
-      err = iso7816_put_data (app->slot, 0,
+      err = iso7816_put_data (app_get_slot (app), 0,
                               (app->appversion > 0x0007? 0xE0:0xE9)+keyno,
                               template, template_len);
     }
@@ -3843,7 +4498,8 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
 
 
 static gpg_error_t
-ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
+ecc_writekey (app_t app, ctrl_t ctrl,
+              gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg, int keyno,
               const unsigned char *buf, size_t buflen, int depth)
 {
@@ -3872,6 +4528,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
      curve = "secp256k1" */
   /* (private-key(ecc(curve%s)(flags eddsa)(q%m)(d%m))(created-at%d)):
       curve = "Ed25519" */
+  /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)):
+      curve = "Ed448" */
   last_depth1 = depth;
   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
          && depth && depth >= last_depth1)
@@ -4004,6 +4662,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
     algo = PUBKEY_ALGO_EDDSA;
   else if (keyno == 1)
     algo = PUBKEY_ALGO_ECDH;
+  else if (!strcmp (curve, "Ed448"))
+    algo = PUBKEY_ALGO_EDDSA;
   else
     algo = PUBKEY_ALGO_ECDSA;
 
@@ -4042,7 +4702,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
             }
           keyattr[0] = algo;
           memcpy (keyattr+1, oidbuf+1, oid_len-1);
-          err = change_keyattr (app, keyno, keyattr, oid_len, pincb, pincb_arg);
+          err = change_keyattr (app, ctrl, keyno,
+                                keyattr, oid_len, pincb, pincb_arg);
           xfree (keyattr);
           if (err)
             goto leave;
@@ -4080,7 +4741,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
         goto leave;
 
       /* Prepare for storing the key.  */
-      err = verify_chv3 (app, pincb, pincb_arg);
+      err = verify_chv3 (app, ctrl, pincb, pincb_arg);
       if (err)
         {
           xfree (template);
@@ -4094,7 +4755,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
         exmode = -254;
       else
         exmode = 0;
-      err = iso7816_put_data_odd (app->slot, exmode, 0x3fff,
+      err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff,
                                   template, template_len);
       xfree (template);
     }
@@ -4115,6 +4776,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   return err;
 }
 
+
 /* Handle the WRITEKEY command for OpenPGP.  This function expects a
    canonical encoded S-expression with the secret key in KEYDATA and
    its length (for assertions) in KEYDATALEN.  KEYID needs to be the
@@ -4138,11 +4800,11 @@ do_writekey (app_t app, ctrl_t ctrl,
 
   (void)ctrl;
 
-  if (!strcmp (keyid, "OPENPGP.1"))
+  if (!ascii_strcasecmp (keyid, "OPENPGP.1"))
     keyno = 0;
-  else if (!strcmp (keyid, "OPENPGP.2"))
+  else if (!ascii_strcasecmp (keyid, "OPENPGP.2"))
     keyno = 1;
-  else if (!strcmp (keyid, "OPENPGP.3"))
+  else if (!ascii_strcasecmp (keyid, "OPENPGP.3"))
     keyno = 2;
   else
     return gpg_error (GPG_ERR_INV_ID);
@@ -4178,9 +4840,9 @@ do_writekey (app_t app, ctrl_t ctrl,
   if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
     goto leave;
   if (tok && toklen == 3 && memcmp ("rsa", tok, toklen) == 0)
-    err = rsa_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
+    err = rsa_writekey (app, ctrl, pincb, pincb_arg, keyno, buf, buflen, depth);
   else if (tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0)
-    err = ecc_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
+    err = ecc_writekey (app, ctrl, pincb, pincb_arg, keyno, buf, buflen, depth);
   else
     {
       err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
@@ -4195,26 +4857,31 @@ do_writekey (app_t app, ctrl_t ctrl,
 
 /* Handle the GENKEY command. */
 static gpg_error_t
-do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, const char *keytype,
+do_genkey (app_t app, ctrl_t ctrl,  const char *keyref, const char *keyalgo,
            unsigned int flags, time_t createtime,
            gpg_error_t (*pincb)(void*, const char *, char **),
            void *pincb_arg)
 {
   gpg_error_t err;
   char numbuf[30];
+  const char *keynostr;
   unsigned char *buffer = NULL;
   const unsigned char *keydata;
   size_t buflen, keydatalen;
   u32 created_at;
-  int keyno = atoi (keynostr) - 1;
-  int force = (flags & 1);
+  int keyno;
+  int force = !!(flags & APP_GENKEY_FLAG_FORCE);
   time_t start_at;
   int exmode = 0;
   int le_value = 256; /* Use legacy value. */
 
-  (void)keytype;  /* Ignored for OpenPGP cards.  */
+  /* Strip the OpenPGP prefix which is for historical reasons optional.  */
+  keynostr = keyref;
+  if (!ascii_strncasecmp (keynostr, "OPENPGP.", 8))
+    keynostr += 8;
 
-  if (keyno < 0 || keyno > 2)
+  keyno = atoi (keynostr) - 1;
+  if (!digitp (keynostr) || keyno < 0 || keyno > 2)
     return gpg_error (GPG_ERR_INV_ID);
 
   /* We flush the cache to increase the traffic before a key
@@ -4232,6 +4899,19 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, const char *keytype,
   if (err)
     return err;
 
+  if (keyalgo && app->app_local->keyattr[keyno].keyalgo
+      && strcmp (keyalgo, app->app_local->keyattr[keyno].keyalgo))
+    {
+      /* Specific algorithm requested which is not the currently
+       * configured algorithm.  Change it.  */
+      log_info ("openpgp: changing key attribute from %s to %s\n",
+                 app->app_local->keyattr[keyno].keyalgo, keyalgo);
+      err = change_keyattr_from_string (app, ctrl, pincb, pincb_arg,
+                                        keyref, keyalgo, NULL, 0);
+      if (err)
+        return err;
+    }
+
   if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
     {
       unsigned int keybits = app->app_local->keyattr[keyno].rsa.n_bits;
@@ -4255,14 +4935,14 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, const char *keytype,
     }
 
   /* Prepare for key generation by verifying the Admin PIN.  */
-  err = verify_chv3 (app, pincb, pincb_arg);
+  err = verify_chv3 (app, ctrl, pincb, pincb_arg);
   if (err)
     return err;
 
 
   log_info (_("please wait while key is being generated ...\n"));
   start_at = time (NULL);
-  err = iso7816_generate_keypair (app->slot, exmode, 0x80, 0,
+  err = iso7816_generate_keypair (app_get_slot (app), exmode, 0x80, 0,
                                   (keyno == 0? "\xB6" :
                                    keyno == 1? "\xB8" : "\xA4"),
                                   2, le_value, &buffer, &buflen);
@@ -4338,7 +5018,7 @@ compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
   size_t buflen, n;
   int rc, i;
 
-  assert (keyno >= 0 && keyno <= 2);
+  log_assert (keyno >= 0 && keyno <= 2);
 
   rc = get_cached_data (app, 0x006E, &buffer, &buflen, 0, 0);
   if (rc)
@@ -4415,15 +5095,10 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
   const char *s;
   int n;
   const char *fpr = NULL;
-  int i;
 
   if (r_use_auth)
     *r_use_auth = 0;
 
-  /* Make sure we have load the public keys.  */
-  for (i = 0; i < 3; i++)
-    get_public_key (app, i);
-
   if (strlen (keyidstr) < 32)
     return gpg_error (GPG_ERR_INV_ID);
   else
@@ -4452,7 +5127,10 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
             return gpg_error (GPG_ERR_INV_ID);
         }
 
-      if (n != 32 || strncmp (keyidstr, "D27600012401", 12))
+      /* For a description of the serialno compare function see
+       * is_same_serialno.  We don't use that function because here we
+       * are working on a hex string.  */
+      if (n != 32 || ascii_strncasecmp (keyidstr, "D27600012401", 12))
         return gpg_error (GPG_ERR_INV_ID);
       else if (!*s)
         ; /* no fingerprint given: we allow this for now. */
@@ -4460,7 +5138,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
         fpr = s + 1;
 
       serial = app_get_serialno (app);
-      if (strncmp (serial, keyidstr, 32))
+      if (!serial || strlen (serial) != 32
+          || ascii_memcasecmp (serial, "D27600012401", 12)
+          || ascii_memcasecmp (serial+16, keyidstr+16, 16))
         {
           xfree (serial);
           return gpg_error (GPG_ERR_WRONG_CARD);
@@ -4565,9 +5245,9 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
 #undef X
 
   /* Check whether an OpenPGP card of any version has been requested. */
-  if (!strcmp (keyidstr, "OPENPGP.1"))
+  if (!ascii_strcasecmp (keyidstr, "OPENPGP.1"))
     ;
-  else if (!strcmp (keyidstr, "OPENPGP.3"))
+  else if (!ascii_strcasecmp (keyidstr, "OPENPGP.3"))
     use_auth = 1;
   else
     {
@@ -4581,7 +5261,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (hashalgo == GCRY_MD_ ## a && (d) )                      \
     {                                                         \
       datalen = sizeof b ## _prefix + indatalen;              \
-      assert (datalen <= sizeof data);                        \
+      log_assert (datalen <= sizeof data);                        \
       memcpy (data, b ## _prefix, sizeof b ## _prefix);       \
       memcpy (data + sizeof b ## _prefix, indata, indatalen); \
     }
@@ -4621,9 +5301,10 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (!app->did_chv1 || app->force_chv1)
     {
       char *pinvalue;
-      int pinlen;
+      size_t pinlen;
 
-      rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen);
+      rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 1, sigcount,
+                         &pinvalue, &pinlen);
       if (rc)
         return rc;
 
@@ -4636,19 +5317,20 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
          pinpad has been used. */
       if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
         {
-          rc = iso7816_verify (app->slot, 0x82, pinvalue, pinlen);
+          rc = iso7816_verify (app_get_slot (app), 0x82, pinvalue, pinlen);
           if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
             rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
           if (rc)
             {
               log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));
-              xfree (pinvalue);
+              wipe_and_free (pinvalue, pinlen);
               flush_cache_after_error (app);
               return rc;
             }
           app->did_chv2 = 1;
+          cache_pin (app, ctrl, 2, pinvalue);
         }
-      xfree (pinvalue);
+      wipe_and_free (pinvalue, pinlen);
     }
 
 
@@ -4664,10 +5346,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       exmode = 0;
       le_value = 0;
     }
-  rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
+  rc = iso7816_compute_ds (app_get_slot (app), exmode, data, datalen, le_value,
                            outdata, outdatalen);
-  if (!rc && app->force_chv1)
-    app->did_chv1 = 0;
+  if (gpg_err_code (rc) == GPG_ERR_TIMEOUT)
+    clear_chv_status (app, ctrl, 1);
+  else if (!rc && app->force_chv1)
+    {
+      app->did_chv1 = 0;
+      cache_pin (app, ctrl, 1, NULL);
+    }
 
   return rc;
 }
@@ -4691,8 +5378,6 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
 {
   int rc;
 
-  (void)ctrl;
-
   if (!keyidstr || !*keyidstr)
     return gpg_error (GPG_ERR_INV_VALUE);
   if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA
@@ -4726,7 +5411,7 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
         return rc;
     }
 
-  rc = verify_chv2 (app, pincb, pincb_arg);
+  rc = verify_chv2 (app, ctrl, pincb, pincb_arg);
   if (!rc)
     {
       int exmode, le_value;
@@ -4738,27 +5423,16 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
           exmode = 1;    /* Use extended length.  */
           le_value = app->app_local->keyattr[2].rsa.n_bits / 8;
         }
-      else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
-        {
-          exmode = -254; /* Command chaining with max. 254 bytes.  */
-          le_value = 0;
-        }
-      else if (indatalen > 255)
-        {
-          if (!app->app_local->cardcap.ext_lc_le)
-            return gpg_error (GPG_ERR_TOO_LARGE);
-
-          exmode = 1;
-          le_value = 0;
-        }
       else
         {
           exmode = 0;
           le_value = 0;
         }
-      rc = iso7816_internal_authenticate (app->slot, exmode,
+      rc = iso7816_internal_authenticate (app_get_slot (app), exmode,
                                           indata, indatalen, le_value,
                                           outdata, outdatalen);
+      if (gpg_err_code (rc) == GPG_ERR_TIMEOUT)
+        clear_chv_status (app, ctrl, 1);
     }
   return rc;
 }
@@ -4772,15 +5446,13 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
              unsigned char **outdata, size_t *outdatalen,
              unsigned int *r_info)
 {
-  int rc;
   int n;
+  int rc;
   int exmode, le_value;
   unsigned char *fixbuf = NULL;
   int padind = 0;
   int fixuplen = 0;
 
-  (void)ctrl;
-
   if (!keyidstr || !*keyidstr || !indatalen)
     return gpg_error (GPG_ERR_INV_VALUE);
 
@@ -4794,7 +5466,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
         return rc;
     }
 
-  rc = verify_chv2 (app, pincb, pincb_arg);
+  rc = verify_chv2 (app, ctrl, pincb, pincb_arg);
   if (rc)
     return rc;
 
@@ -4951,16 +5623,18 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
   else
     exmode = le_value = 0;
 
-  rc = iso7816_decipher (app->slot, exmode,
+  rc = iso7816_decipher (app_get_slot (app), exmode,
                          indata, indatalen, le_value, padind,
                          outdata, outdatalen);
   xfree (fixbuf);
-  if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
+  if (!rc && app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
     {
       unsigned char prefix = 0;
 
       if (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)
         prefix = 0x40;
+      else if (*outdatalen == 56) /* It's X448 with no prefix.  */
+        ;
       else if ((*outdatalen % 2) == 0) /* No 0x04 -> x-coordinate only */
         prefix = 0x41;
 
@@ -4979,6 +5653,8 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
           *outdatalen = *outdatalen + 1;
         }
     }
+  if (gpg_err_code (rc) == GPG_ERR_TIMEOUT)
+    clear_chv_status (app, ctrl, 1);
 
   if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
       && app->app_local->manufacturer == 5
@@ -5007,10 +5683,8 @@ do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg)
 {
-  int rc;
   int admin_pin = 0;
-
-  (void)ctrl;
+  int rc;
 
   if (!keyidstr || !*keyidstr)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -5058,10 +5732,94 @@ do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
         }
 
       app->did_chv3 = 0; /* Force verification.  */
-      return verify_chv3 (app, pincb, pincb_arg);
+      return verify_chv3 (app, ctrl, pincb, pincb_arg);
     }
   else
-    return verify_chv2 (app, pincb, pincb_arg);
+    return verify_chv2 (app, ctrl, pincb, pincb_arg);
+}
+
+
+static void
+send_keyinfo_if_available (app_t app, ctrl_t ctrl, char *serial,
+                           int data, int i)
+{
+  char idbuf[50];
+
+  if (app->app_local->pk[i].read_done)
+    {
+      sprintf (idbuf, "OPENPGP.%d", i+1);
+      send_keyinfo (ctrl, data,
+                    app->app_local->pk[i].keygrip_str, serial, idbuf);
+    }
+}
+
+static gpg_error_t
+do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str,
+                 int capability)
+{
+  int i;
+
+  /* Make sure we have load the public keys.  */
+  for (i = 0; i < 3; i++)
+    get_public_key (app, i);
+
+  if (action == KEYGRIP_ACTION_LOOKUP)
+    {
+      if (keygrip_str == NULL)
+        return gpg_error (GPG_ERR_NOT_FOUND);
+
+      for (i = 0; i < 3; i++)
+        if (app->app_local->pk[i].read_done
+            && !strcmp (keygrip_str, app->app_local->pk[i].keygrip_str))
+          return 0; /* Found */
+    }
+  else
+    {
+      int data = (action == KEYGRIP_ACTION_SEND_DATA);
+      char *serial = app_get_serialno (app);
+
+      if (keygrip_str == NULL)
+        {
+          if (capability == 0)
+            {
+              for (i = 0; i < 3; i++)
+                send_keyinfo_if_available (app, ctrl, serial, data, i);
+            }
+          else
+            {
+              if (capability == GCRY_PK_USAGE_SIGN)
+                i = 0;
+              else if (capability == GCRY_PK_USAGE_ENCR)
+                i = 1;
+              else if (capability == GCRY_PK_USAGE_AUTH)
+                i = 2;
+              else
+                i = -1;
+              if (i >= 0)
+                send_keyinfo_if_available (app, ctrl, serial, data, i);
+            }
+
+          xfree (serial);
+
+          /* Return an error so that the dispatcher keeps on looping
+           * over the other applications.  Only for clarity we use a
+           * different error code than for the not_found case.  */
+          return gpg_error (GPG_ERR_TRUE);
+        }
+      else
+        {
+          for (i = 0; i < 3; i++)
+            if (!strcmp (keygrip_str, app->app_local->pk[i].keygrip_str))
+              {
+                send_keyinfo_if_available (app, ctrl, serial, data, i);
+                xfree (serial);
+                return 0;
+              }
+          xfree (serial);
+        }
+    }
+
+  return gpg_error (GPG_ERR_NOT_FOUND);
 }
 
 
@@ -5070,7 +5828,7 @@ static void
 show_caps (struct app_local_s *s)
 {
   log_info ("Version-2+ .....: %s\n", s->extcap.is_v2? "yes":"no");
-  log_info ("Extcap-v3 ......: %s\n", s->extcap.extcap_v3? "yes":"no");
+  log_info ("Version-3+ .....: %s\n", s->extcap.is_v3? "yes":"no");
   log_info ("Button .........: %s\n", s->extcap.has_button? "yes":"no");
 
   log_info ("SM-Support .....: %s", s->extcap.sm_supported? "yes":"no");
@@ -5086,8 +5844,8 @@ show_caps (struct app_local_s *s)
   log_info ("Algo-Attr-Change: %s\n", s->extcap.algo_attr_change? "yes":"no");
   log_info ("Symmetric Crypto: %s\n", s->extcap.has_decrypt? "yes":"no");
   log_info ("KDF-Support ....: %s\n", s->extcap.kdf_do? "yes":"no");
-  log_info ("Max-Cert3-Len ..: %u\n", s->extcap.max_certlen_3);
-  if (s->extcap.extcap_v3)
+  log_info ("Max-Cert-Len ...: %u\n", s->extcap.max_certlen);
+  if (s->extcap.is_v3)
     {
       log_info ("PIN-Block-2 ....: %s\n", s->extcap.pin_blk2? "yes":"no");
       log_info ("MSE-Support ....: %s\n", s->extcap.mse? "yes":"no");
@@ -5154,11 +5912,11 @@ parse_historical (struct app_local_s *apploc,
 
 /*
  * Check if the OID in an DER encoding is available by GnuPG/libgcrypt,
- * and return the curve name.  Return NULL if not available.
+ * and return the canonical curve name.  Return NULL if not available.
  * The constant string is not allocated dynamically, never free it.
  */
 static const char *
-ecc_curve (unsigned char *buf, size_t buflen)
+ecc_curve (const unsigned char *buf, size_t buflen)
 {
   gcry_mpi_t oid;
   char *oidstr;
@@ -5189,18 +5947,53 @@ ecc_curve (unsigned char *buf, size_t buflen)
 }
 
 
+static const char *
+get_algorithm_attribute_string (const unsigned char *buffer,
+                                size_t buflen)
+{
+  enum gcry_pk_algos galgo;
+  const char *curve;
+  unsigned int nbits = 0;
+
+  galgo = map_openpgp_pk_to_gcry (*buffer);
+  nbits = 0;
+  curve = NULL;
+
+  if (*buffer == PUBKEY_ALGO_RSA && (buflen == 5 || buflen == 6))
+    nbits = (buffer[1]<<8 | buffer[2]);
+  else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA
+           || *buffer == PUBKEY_ALGO_EDDSA)
+    {
+      int oidlen = buflen - 1;
+
+      if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+        { /* Found "pubkey required"-byte for private key template.  */
+          oidlen--;
+        }
+
+      curve = ecc_curve (buffer + 1, oidlen);
+    }
+  else if (opt.verbose)
+    log_printhex (buffer, buflen, "");
+
+  return get_keyalgo_string (galgo, nbits, curve);
+}
+
+
 /* Parse and optionally show the algorithm attributes for KEYNO.
    KEYNO must be in the range 0..2.  */
-static gpg_error_t
+static void
 parse_algorithm_attribute (app_t app, int keyno)
 {
   unsigned char *buffer;
   size_t buflen;
   void *relptr;
   const char desc[3][5] = {"sign", "encr", "auth"};
-  gpg_error_t err = 0;
+  enum gcry_pk_algos galgo;
+  unsigned int nbits;
+  const char *curve;
 
-  assert (keyno >=0 && keyno <= 2);
+  log_assert (keyno >=0 && keyno <= 2);
 
   app->app_local->keyattr[keyno].key_type = KEY_TYPE_RSA;
   app->app_local->keyattr[keyno].rsa.n_bits = 0;
@@ -5209,17 +6002,22 @@ parse_algorithm_attribute (app_t app, int keyno)
   if (!relptr)
     {
       log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
-      return gpg_error (GPG_ERR_CARD);
+      return;
     }
   if (buflen < 1)
     {
       log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
       xfree (relptr);
-      return gpg_error (GPG_ERR_CARD);
+      return;
     }
 
   if (opt.verbose)
     log_info ("Key-Attr-%s ..: ", desc[keyno]);
+
+  galgo = map_openpgp_pk_to_gcry (*buffer);
+  nbits = 0;
+  curve = NULL;
+
   if (*buffer == PUBKEY_ALGO_RSA && (buflen == 5 || buflen == 6))
     {
       app->app_local->keyattr[keyno].rsa.n_bits = (buffer[1]<<8 | buffer[2]);
@@ -5234,6 +6032,7 @@ parse_algorithm_attribute (app_t app, int keyno)
                                                      buffer[5] == 3? RSA_CRT_N :
                                                      RSA_UNKNOWN_FMT);
 
+      nbits = app->app_local->keyattr[keyno].rsa.n_bits;
       if (opt.verbose)
         log_printf
           ("RSA, n=%u, e=%u, fmt=%s\n",
@@ -5247,44 +6046,29 @@ parse_algorithm_attribute (app_t app, int keyno)
   else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA
            || *buffer == PUBKEY_ALGO_EDDSA)
     {
-      const char *curve;
       int oidlen = buflen - 1;
 
+      app->app_local->keyattr[keyno].ecc.algo = *buffer;
       app->app_local->keyattr[keyno].ecc.flags = 0;
 
-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
-        {
-          /* Yubikey implementations vary.
-           * Firmware version 5.2 returns "pubkey required"-byte with
-           * 0x00, but after removal and second time insertion, it
-           * returns bogus value there.
-           * Firmware version 5.4 returns none.
-           */
-          curve = ecc_curve (buffer + 1, oidlen);
-          if (!curve)
-            curve = ecc_curve (buffer + 1, oidlen - 1);
-        }
-      else
-        {
-          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
-            { /* Found "pubkey required"-byte for private key template.  */
-              oidlen--;
-              if (buffer[buflen-1] == 0xff)
-                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
-            }
-          curve = ecc_curve (buffer + 1, oidlen);
+      if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+        { /* Found "pubkey required"-byte for private key template.  */
+          oidlen--;
+          if (buffer[buflen-1] == 0xff)
+            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
         }
 
+      curve = ecc_curve (buffer + 1, oidlen);
+
       if (!curve)
-        {
-          log_printhex (buffer+1, buflen-1, "Curve with OID not supported: ");
-          err = gpg_error (GPG_ERR_CARD);
-        }
+        log_printhex (buffer+1, buflen-1, "Curve with OID not supported: ");
       else
         {
           app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC;
           app->app_local->keyattr[keyno].ecc.curve = curve;
-          if (*buffer == PUBKEY_ALGO_EDDSA
+          if ((*buffer == PUBKEY_ALGO_EDDSA
+               && !strcmp (app->app_local->keyattr[keyno].ecc.curve,
+                           "Ed25519"))
               || (*buffer == PUBKEY_ALGO_ECDH
                   && !strcmp (app->app_local->keyattr[keyno].ecc.curve,
                               "Curve25519")))
@@ -5299,26 +6083,79 @@ parse_algorithm_attribute (app_t app, int keyno)
   else if (opt.verbose)
     log_printhex (buffer, buflen, "");
 
+  app->app_local->keyattr[keyno].keyalgo
+    = get_keyalgo_string (galgo, nbits, curve);
+
+  if (opt.verbose)
+    log_info ("Key-Algo-%s ..: %s\n",
+              desc[keyno], app->app_local->keyattr[keyno].keyalgo);
+
   xfree (relptr);
+}
+
+
+/* Prepare a reselect of another application.  This is used by cards
+ * which support on-the-fly switching between applications.  The
+ * function is called to give us a chance to save state for a future
+ * reselect of us again.  */
+static gpg_error_t
+do_prep_reselect (app_t app, ctrl_t ctrl)
+{
+  gpg_error_t err;
+
+  (void)app;
+  (void)ctrl;
+
+  err = 0;
   return err;
 }
 
+
+/* Reselect the application.  This is used by cards which support
+ * on-the-fly switching between applications.  */
+static gpg_error_t
+do_reselect (app_t app, ctrl_t ctrl)
+{
+  gpg_error_t err;
+
+  (void)ctrl;
+
+  /* An extra check which should not be necessary because the caller
+   * should have made sure that a re-select is only called for
+   * appropriate cards.  */
+  if (APP_CARD(app)->cardtype != CARDTYPE_YUBIKEY)
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  /* Note that the card can't cope with P2=0xCO, thus we need to pass
+   * a special flag value. */
+  err = iso7816_select_application (app_get_slot (app),
+                                    openpgp_aid, sizeof openpgp_aid, 0x0001);
+  if (!err)
+    {
+      app->did_chv1 = 0;
+      app->did_chv2 = 0;
+      app->did_chv3 = 0;
+    }
+  return err;
+}
+
+
 /* Select the OpenPGP application on the card in SLOT.  This function
    must be used before any other OpenPGP application functions. */
 gpg_error_t
 app_select_openpgp (app_t app)
 {
-  static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
-  int slot = app->slot;
-  gpg_error_t err;
+  int slot = app_get_slot (app);
+  int rc;
   unsigned char *buffer;
   size_t buflen;
   void *relptr;
 
   /* Note that the card can't cope with P2=0xCO, thus we need to pass a
      special flag value. */
-  err = iso7816_select_application (slot, aid, sizeof aid, 0x0001);
-  if (!err)
+  rc = iso7816_select_application (slot,
+                                   openpgp_aid, sizeof openpgp_aid, 0x0001);
+  if (!rc)
     {
       unsigned int manufacturer;
 
@@ -5334,8 +6171,8 @@ app_select_openpgp (app_t app)
          replace a possibly already set one from a EF.GDO with this
          one.  Note, that for current OpenPGP cards, no EF.GDO exists
          and thus it won't matter at all. */
-      err = iso7816_get_data (slot, 0, 0x004F, &buffer, &buflen);
-      if (err)
+      rc = iso7816_get_data (slot, 0, 0x004F, &buffer, &buflen);
+      if (rc)
         goto leave;
       if (opt.verbose)
         {
@@ -5347,24 +6184,42 @@ app_select_openpgp (app_t app)
       app->appversion |= buffer[7];
       manufacturer = (buffer[8]<<8 | buffer[9]);
 
-      xfree (app->serialno);
-      app->serialno = buffer;
-      app->serialnolen = buflen;
+      /* For Yubikey, serialno is set in app.c, already.  The problem
+       * is that the OpenPGP appversion has been set to 0.0 because we
+       * are not able to deduce this if the OpenPGP app has not been
+       * enabled.  Thus we here to to use the appversion from DO 0x4f
+       * but return a serialno with a version 0.0 as set by app.c.
+       * Users of scdaemon taking the version from the serialno won't
+       * work anymore and need to be modified.  Recall that our
+       * architecture requires exactly one serilano per card.
+       */
+      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+        xfree (buffer);
+      else
+        {
+          xfree (APP_CARD(app)->serialno);
+          APP_CARD(app)->serialno = buffer;
+          APP_CARD(app)->serialnolen = buflen;
+        }
+
       buffer = NULL;
       app->app_local = xtrycalloc (1, sizeof *app->app_local);
       if (!app->app_local)
         {
-          err = gpg_error_from_syserror ();
+          rc = gpg_error (gpg_err_code_from_errno (errno));
           goto leave;
         }
 
+      /* We want to temporary cache the DO 6E.  */
+      app->app_local->override.cache_6e = 1;
+
       app->app_local->manufacturer = manufacturer;
 
       if (app->appversion >= 0x0200)
         app->app_local->extcap.is_v2 = 1;
 
       if (app->appversion >= 0x0300)
-        app->app_local->extcap.extcap_v3 = 1;
+        app->app_local->extcap.is_v3 = 1;
 
       /* Read the historical bytes.  */
       relptr = get_one_do (app, 0x5f52, &buffer, &buflen, NULL);
@@ -5385,7 +6240,6 @@ app_select_openpgp (app_t app)
         {
           log_error (_("can't access %s - invalid OpenPGP card?\n"),
                      "CHV Status Bytes");
-          err = gpg_error (GPG_ERR_CARD);
           goto leave;
         }
       app->force_chv1 = (buflen && *buffer == 0);
@@ -5397,7 +6251,6 @@ app_select_openpgp (app_t app)
         {
           log_error (_("can't access %s - invalid OpenPGP card?\n"),
                      "Extended Capability Flags" );
-          err = gpg_error (GPG_ERR_CARD);
           goto leave;
         }
       if (buflen)
@@ -5417,10 +6270,10 @@ app_select_openpgp (app_t app)
           app->app_local->extcap.sm_algo = buffer[1];
           app->app_local->extcap.max_get_challenge
                                                = (buffer[2] << 8 | buffer[3]);
-          app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
+          app->app_local->extcap.max_certlen = (buffer[4] << 8 | buffer[5]);
 
           /* Interpretation is different between v2 and v3, unfortunately.  */
-          if (app->app_local->extcap.extcap_v3)
+          if (app->app_local->extcap.is_v3)
             {
               app->app_local->extcap.max_special_do
                 = (buffer[6] << 8 | buffer[7]);
@@ -5438,26 +6291,29 @@ app_select_openpgp (app_t app)
       /* Check optional DO of "General Feature Management" for button.  */
       relptr = get_one_do (app, 0x7f74, &buffer, &buflen, NULL);
       if (relptr)
-        /* It must be: 03 81 01 20 */
-        app->app_local->extcap.has_button = 1;
+        {
+          /* It must be: 03 81 01 20 */
+          app->app_local->extcap.has_button = 1;
+        }
 
       parse_login_data (app);
 
       if (opt.verbose)
         show_caps (app->app_local);
 
-      err = parse_algorithm_attribute (app, 0);
-      if (!err)
-        err = parse_algorithm_attribute (app, 1);
-      if (!err)
-        err = parse_algorithm_attribute (app, 2);
-      if (err)
-        goto leave;
+      parse_algorithm_attribute (app, 0);
+      parse_algorithm_attribute (app, 1);
+      parse_algorithm_attribute (app, 2);
 
       if (opt.verbose > 1)
         dump_all_do (slot);
 
+      app->app_local->override.cache_6e = 0;
+      flush_cache_item (app, 0x6E);
+
       app->fnc.deinit = do_deinit;
+      app->fnc.prep_reselect = do_prep_reselect;
+      app->fnc.reselect = do_reselect;
       app->fnc.learn_status = do_learn_status;
       app->fnc.readcert = do_readcert;
       app->fnc.readkey = do_readkey;
@@ -5471,10 +6327,11 @@ app_select_openpgp (app_t app)
       app->fnc.decipher = do_decipher;
       app->fnc.change_pin = do_change_pin;
       app->fnc.check_pin = do_check_pin;
+      app->fnc.with_keygrip = do_with_keygrip;
    }
 
 leave:
-  if (err)
+  if (rc)
     do_deinit (app);
-  return err;
+  return rc;
 }
diff --git a/scd/app-p15.c b/scd/app-p15.c
index 2884e0d..20c6e06 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -42,7 +42,6 @@
 #include "../common/i18n.h"
 #include "../common/tlv.h"
 #include "../common/host2net.h"
-#include "../common/openpgpdefs.h"
 #include "apdu.h" /* fixme: we should move the card detection to a
                      separate file */
 
@@ -74,7 +73,6 @@ typedef enum
     CARD_TYPE_MICARDO,
     CARD_TYPE_CARDOS_50,
     CARD_TYPE_CARDOS_53,
-    CARD_TYPE_AET,     /* A.E.T. Europe JCOP card.  */
     CARD_TYPE_BELPIC   /* Belgian eID card specs. */
   }
 card_type_t;
@@ -86,8 +84,7 @@ typedef enum
   {
     CARD_PRODUCT_UNKNOWN,
     CARD_PRODUCT_RSCS,     /* Rohde&Schwarz Cybersecurity       */
-    CARD_PRODUCT_DTRUST,   /* D-Trust GmbH (bundesdruckerei.de) */
-    CARD_PRODUCT_GENUA     /* GeNUA mbH                         */
+    CARD_PRODUCT_DTRUST    /* D-Trust GmbH (bundesdruckerei.de) */
   }
 card_product_t;
 
@@ -122,9 +119,6 @@ static struct
     CARD_TYPE_CARDOS_50 }, /* CardOS 5.0 */
   { 11, X("\x3b\xd2\x18\x00\x81\x31\xfe\x58\xc9\x03\x16"),
     CARD_TYPE_CARDOS_53 }, /* CardOS 5.3 */
-  { 24, X("\x3b\xfe\x18\x00\x00\x80\x31\xfe\x45\x53\x43\x45"
-          "\x36\x30\x2d\x43\x44\x30\x38\x31\x2d\x6e\x46\xa9"),
-    CARD_TYPE_AET },
   { 0 }
 };
 #undef X
@@ -157,14 +151,6 @@ typedef enum
     PIN_TYPE_ISO9564_1 = 4
   } pin_type_t;
 
-/* The AuthenticationTypes as defined in pkcs#15 v1.1 (6.8.1) */
-typedef enum
-  {
-    AUTH_TYPE_PIN = -1,
-    AUTH_TYPE_BIOMETRIC = 0,
-    AUTH_TYPE_AUTHKEY = 1,
-    AUTH_TYPE_EXTERNAL = 2,
-  } auth_type_t;
 
 /* A bit array with for the key usage flags from the
    commonKeyAttributes. */
@@ -268,7 +254,6 @@ struct prkdf_object_s
   unsigned int keygrip_valid:1;
   unsigned int key_reference_valid:1;
   unsigned int have_off:1;
-  unsigned int have_keytime:1;
 
   /* Flag indicating that the corresponding PIN has already been
    * verified.  Note that for cards which are able to return the
@@ -325,10 +310,6 @@ struct prkdf_object_s
    * certificate or NULL if not known.  */
   char *serial_number;
 
-  /* KDF/KEK parameter for OpenPGP's ECDH.  First byte is zero if not
-   * availabale. .*/
-  unsigned char ecdh_kdf[4];
-
   /* Length and allocated buffer with the Id of this object. */
   size_t objidlen;
   unsigned char *objid;
@@ -385,11 +366,6 @@ struct aodf_object_s
   /* The file ID of this AODF.  */
   unsigned short fid;
 
-  /* The type of this authentication object.  */
-  auth_type_t auth_type;
-
-  /* Info used for AUTH_TYPE_PIN: */
-
   /* The PIN Flags. */
   struct
   {
@@ -437,9 +413,6 @@ struct aodf_object_s
      may be NULL.  Malloced.*/
   size_t pathlen;
   unsigned short *path;
-
-  /* Info used for AUTH_TYPE_AUTHKEY: */
-
 };
 typedef struct aodf_object_s *aodf_object_t;
 
@@ -457,14 +430,11 @@ struct app_local_s
   /* The vendor's product.  */
   card_product_t card_product;
 
-  /* Flag indicating that extended_mode is not supported.  */
-  unsigned int no_extended_mode : 1;
-
   /* Flag indicating whether we may use direct path selection. */
-  unsigned int direct_path_selection : 1;
+  int direct_path_selection;
 
   /* Flag indicating whether the card has any key with a gpgusage set.  */
-  unsigned int any_gpgusage : 1;
+  int any_gpgusage;
 
   /* Structure with the EFIDs of the objects described in the ODF
      file. */
@@ -481,7 +451,7 @@ struct app_local_s
     unsigned short auth_objects;
   } odf;
 
-  /* The PKCS#15 serialnumber from EF(TokenInfo) or NULL.  Malloced. */
+  /* The PKCS#15 serialnumber from EF(TokeiNFo) or NULL.  Malloced. */
   unsigned char *serialno;
   size_t serialnolen;
 
@@ -536,7 +506,6 @@ cardtype2str (card_type_t cardtype)
     case CARD_TYPE_CARDOS_50: return "CardOS 5.0";
     case CARD_TYPE_CARDOS_53: return "CardOS 5.3";
     case CARD_TYPE_BELPIC:    return "Belgian eID";
-    case CARD_TYPE_AET:       return "AET";
     }
   return "";
 }
@@ -547,9 +516,8 @@ cardproduct2str (card_product_t cardproduct)
   switch (cardproduct)
     {
     case CARD_PRODUCT_UNKNOWN: return "";
-    case CARD_PRODUCT_RSCS:    return "R&S";
+    case CARD_PRODUCT_RSCS:    return "RSCS";
     case CARD_PRODUCT_DTRUST:  return "D-Trust";
-    case CARD_PRODUCT_GENUA:   return "GeNUA";
     }
   return "";
 }
@@ -667,6 +635,7 @@ do_deinit (app_t app)
 }
 
 
+
 /* Do a select and a read for the file with EFID.  EFID_DESC is a
    desctription of the EF to be used with error messages.  On success
    BUFFER and BUFLEN contain the entire content of the EF.  The caller
@@ -789,27 +758,6 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
           goto err_print_path;
         }
     }
-  else if (pathlen > 1 && path[0] == 0x3fff)
-    {
-      err = iso7816_select_file (app_get_slot (app), 0x3f00, 0);
-      if (err)
-        {
-          log_error ("p15: error selecting part %d from path ", 0);
-          goto err_print_path;
-        }
-      path++;
-      pathlen--;
-      for (i=0; i < pathlen; i++)
-        {
-          err = iso7816_select_file (app_get_slot (app),
-                                     path[i], (i+1 == pathlen)? 2 : 1);
-          if (err)
-            {
-              log_error ("p15: error selecting part %d from path ", i);
-              goto err_print_path;
-            }
-        }
-    }
   else
     {
       if (pathlen && *path != 0x3f00 )
@@ -939,34 +887,6 @@ cdf_object_from_objid (app_t app, size_t objidlen, const unsigned char *objid,
 }
 
 
-/* Find a certificate object by its label and store a pointer to it at
- * R_CDF. */
-static gpg_error_t
-cdf_object_from_label (app_t app, const char *label, cdf_object_t *r_cdf)
-{
-  cdf_object_t cdf;
-
-  if (!label)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-
-  for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
-    if (cdf->label && !strcmp (cdf->label, label))
-      break;
-  if (!cdf)
-    for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next)
-      if (cdf->label && !strcmp (cdf->label, label))
-        break;
-  if (!cdf)
-    for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next)
-      if (cdf->label && !strcmp (cdf->label, label))
-        break;
-  if (!cdf)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-  *r_cdf = cdf;
-  return 0;
-}
-
-
 /* Find a certificate object by the certificate ID CERTID and store a
  * pointer to it at R_CDF. */
 static gpg_error_t
@@ -976,24 +896,12 @@ cdf_object_from_certid (app_t app, const char *certid, cdf_object_t *r_cdf)
   size_t objidlen;
   unsigned char *objid;
   cdf_object_t cdf;
-  prkdf_object_t prkdf;
 
   err = parse_certid (app, certid, &objid, &objidlen);
   if (err)
     return err;
 
   err = cdf_object_from_objid (app, objidlen, objid, &cdf);
-  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
-    {
-      /* Try again by finding the certid in the prkdf and matching by
-       * label.  */
-      for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next)
-        if (prkdf->objidlen == objidlen
-            && !memcmp (prkdf->objid, objid, objidlen))
-          break;
-      if (prkdf)
-        err = cdf_object_from_label (app, prkdf->label, &cdf);
-    }
   xfree (objid);
   if (err)
     return err;
@@ -2656,46 +2564,37 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
 
 
 /*
- * SEQUENCE {
- *   SEQUENCE { -- CommonObjectAttributes
- *     UTF8String 'specific PIN for DS'
- *     BIT STRING 0 unused bits
- *       '00000011'B
- *     }
- *   SEQUENCE { -- CommonAuthenticationObjectAttributes
- *     OCTET STRING
- *       07    -- iD
- *     }
- *
- *   [1] { -- typeAttributes
- *     SEQUENCE { -- PinAttributes
- *       BIT STRING 0 unused bits
- *         '0000100000110010'B  -- local,initialized,needs-padding
- *                              -- exchangeRefData
- *       ENUMERATED 1           -- ascii-numeric
- *       INTEGER 6              -- minLength
- *       INTEGER 6              -- storedLength
- *       INTEGER 8              -- maxLength
- *       [0]
- *         02                   -- pinReference
- *       GeneralizedTime 19/04/2002 12:12 GMT  -- lastPinChange
- *       SEQUENCE {
- *         OCTET STRING
- *           3F 00 40 16        -- path to DF of PIN
- *         }
- *       }
- *     }
- *   }
- *
- * Or for an authKey:
- *
- *   [1] { -- typeAttributes
- *     SEQUENCE { -- AuthKeyAttributes
- *       BOOLEAN TRUE    -- derivedKey
- *       OCTET STRING 02 -- authKeyId
- *       }
- *     }
- *   }
+SEQUENCE {
+  SEQUENCE { -- CommonObjectAttributes
+    UTF8String 'specific PIN for DS'
+    BIT STRING 0 unused bits
+      '00000011'B
+    }
+  SEQUENCE { -- CommonAuthenticationObjectAttributes
+    OCTET STRING
+      07    -- iD
+    }
+
+  [1] { -- typeAttributes
+    SEQUENCE { -- PinAttributes
+      BIT STRING 0 unused bits
+        '0000100000110010'B  -- local,initialized,needs-padding
+                             -- exchangeRefData
+      ENUMERATED 1           -- ascii-numeric
+      INTEGER 6              -- minLength
+      INTEGER 6              -- storedLength
+      INTEGER 8              -- maxLength
+      [0]
+        02                   -- pinReference
+      GeneralizedTime 19/04/2002 12:12 GMT  -- lastPinChange
+      SEQUENCE {
+        OCTET STRING
+          3F 00 40 16        -- path to DF of PIN
+        }
+      }
+    }
+  }
+
 */
 /* Read and parse an Authentication Object Directory File identified
    by FID.  On success a newlist of AODF objects gets stored at RESULT
@@ -2732,7 +2631,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       size_t nn;
       int where;
       const char *errstr = NULL;
-      auth_type_t auth_type;
       aodf_object_t aodf = NULL;
       unsigned long ul;
       const char *s;
@@ -2745,14 +2643,13 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       else if (objlen > n)
         err = gpg_error (GPG_ERR_INV_OBJ);
       else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
-        auth_type = AUTH_TYPE_PIN;    /* PinAttributes */
-      else if (class == CLASS_CONTEXT && tag == 1 )
-        auth_type = AUTH_TYPE_AUTHKEY; /* AuthKeyAttributes */
+        ; /* PinAttributes */
       else if (class == CLASS_CONTEXT)
         {
           switch (tag)
             {
             case 0: errstr = "biometric auth types are not supported"; break;
+            case 1: errstr = "authKey auth types are not supported"; break;
             case 2: errstr = "external auth type are not supported"; break;
             default: errstr = "unknown privateKeyObject"; break;
             }
@@ -2764,6 +2661,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
           goto parse_error;
         }
 
+
       if (err)
         {
           log_error ("p15: error parsing AODF record: %s\n",
@@ -2780,7 +2678,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       if (!aodf)
         goto no_core;
       aodf->fid = fid;
-      aodf->auth_type = auth_type;
 
       /* Parse the commonObjectAttributes.  */
       where = __LINE__;
@@ -2839,7 +2736,7 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
       else if (!err && objlen > nn)
         err = gpg_error (GPG_ERR_INV_OBJ);
       else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
-        ; /* Okay */
+        ; /* A typeAttribute always starts with a sequence */
       else
         err = gpg_error (GPG_ERR_INV_OBJ);
       if (err)
@@ -2847,147 +2744,223 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
 
       nn = objlen;
 
-      if (auth_type == AUTH_TYPE_PIN)
-        {
-          /* PinFlags */
-          where = __LINE__;
-          err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
-                                  &ndef, &objlen, &hdrlen);
-          if (!err && (objlen > nn || !objlen
-                       || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING))
-            err = gpg_error (GPG_ERR_INV_OBJ);
-          if (err)
-            goto parse_error;
+      /* PinFlags */
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nn || !objlen
+                   || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
 
-          {
-            unsigned int bits, mask;
-            int unused, full;
+      {
+        unsigned int bits, mask;
+        int unused, full;
 
-            unused = *pp++; nn--; objlen--;
-            if ((!objlen && unused) || unused/8 > objlen)
-              {
-                err = gpg_error (GPG_ERR_ENCODING_PROBLEM);
-                goto parse_error;
-              }
-            full = objlen - (unused+7)/8;
-            unused %= 8;
-            mask = 0;
-            for (i=1; unused; i <<= 1, unused--)
-              mask |= i;
-
-            /* The first octet */
-            bits = 0;
-            if (objlen)
+        unused = *pp++; nn--; objlen--;
+        if ((!objlen && unused) || unused/8 > objlen)
+          {
+            err = gpg_error (GPG_ERR_ENCODING_PROBLEM);
+            goto parse_error;
+          }
+        full = objlen - (unused+7)/8;
+        unused %= 8;
+        mask = 0;
+        for (i=1; unused; i <<= 1, unused--)
+          mask |= i;
+
+        /* The first octet */
+        bits = 0;
+        if (objlen)
+          {
+            bits = *pp++; nn--; objlen--;
+            if (full)
+              full--;
+            else
               {
-                bits = *pp++; nn--; objlen--;
-                if (full)
-                  full--;
-                else
-                  {
-                    bits &= ~mask;
-                    mask = 0;
-                  }
+                bits &= ~mask;
+                mask = 0;
               }
-            if ((bits & 0x80)) /* ASN.1 bit 0. */
-              aodf->pinflags.case_sensitive = 1;
-            if ((bits & 0x40)) /* ASN.1 bit 1. */
-              aodf->pinflags.local = 1;
-            if ((bits & 0x20))
-              aodf->pinflags.change_disabled = 1;
-            if ((bits & 0x10))
-              aodf->pinflags.unblock_disabled = 1;
-            if ((bits & 0x08))
-              aodf->pinflags.initialized = 1;
-            if ((bits & 0x04))
-              aodf->pinflags.needs_padding = 1;
-            if ((bits & 0x02))
-              aodf->pinflags.unblocking_pin = 1;
-            if ((bits & 0x01))
-              aodf->pinflags.so_pin = 1;
-            /* The second octet. */
-            bits = 0;
-            if (objlen)
+          }
+        if ((bits & 0x80)) /* ASN.1 bit 0. */
+          aodf->pinflags.case_sensitive = 1;
+        if ((bits & 0x40)) /* ASN.1 bit 1. */
+          aodf->pinflags.local = 1;
+        if ((bits & 0x20))
+          aodf->pinflags.change_disabled = 1;
+        if ((bits & 0x10))
+          aodf->pinflags.unblock_disabled = 1;
+        if ((bits & 0x08))
+          aodf->pinflags.initialized = 1;
+        if ((bits & 0x04))
+          aodf->pinflags.needs_padding = 1;
+        if ((bits & 0x02))
+          aodf->pinflags.unblocking_pin = 1;
+        if ((bits & 0x01))
+          aodf->pinflags.so_pin = 1;
+        /* The second octet. */
+        bits = 0;
+        if (objlen)
+          {
+            bits = *pp++; nn--; objlen--;
+            if (full)
+              full--;
+            else
               {
-                bits = *pp++; nn--; objlen--;
-                if (full)
-                  full--;
-                else
-                  {
-                    bits &= ~mask;
-                  }
+                bits &= ~mask;
               }
-            if ((bits & 0x80))
-              aodf->pinflags.disable_allowed = 1;
-            if ((bits & 0x40))
-              aodf->pinflags.integrity_protected = 1;
-            if ((bits & 0x20))
-              aodf->pinflags.confidentiality_protected = 1;
-            if ((bits & 0x10))
-              aodf->pinflags.exchange_ref_data = 1;
-            /* Skip remaining bits. */
-            pp += objlen;
-            nn -= objlen;
           }
+        if ((bits & 0x80))
+          aodf->pinflags.disable_allowed = 1;
+        if ((bits & 0x40))
+          aodf->pinflags.integrity_protected = 1;
+        if ((bits & 0x20))
+          aodf->pinflags.confidentiality_protected = 1;
+        if ((bits & 0x10))
+          aodf->pinflags.exchange_ref_data = 1;
+        /* Skip remaining bits. */
+        pp += objlen;
+        nn -= objlen;
+      }
 
-          /* PinType */
-          where = __LINE__;
-          err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
-                                  &ndef, &objlen, &hdrlen);
-          if (!err && (objlen > nn
-                       || class != CLASS_UNIVERSAL || tag != TAG_ENUMERATED))
-            err = gpg_error (GPG_ERR_INV_OBJ);
-          if (!err && objlen > sizeof (ul))
-            err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
-          if (err)
-            goto parse_error;
 
+      /* PinType */
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nn
+                   || class != CLASS_UNIVERSAL || tag != TAG_ENUMERATED))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (!err && objlen > sizeof (ul))
+        err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+      if (err)
+        goto parse_error;
+
+      for (ul=0; objlen; objlen--)
+        {
+          ul <<= 8;
+          ul |= (*pp++) & 0xff;
+          nn--;
+        }
+      aodf->pintype = ul;
+
+
+      /* minLength */
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nn
+                   || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (!err && objlen > sizeof (ul))
+        err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+      if (err)
+        goto parse_error;
+      for (ul=0; objlen; objlen--)
+        {
+          ul <<= 8;
+          ul |= (*pp++) & 0xff;
+          nn--;
+        }
+      aodf->min_length = ul;
+
+
+      /* storedLength */
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nn
+                   || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (!err && objlen > sizeof (ul))
+        err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+      if (err)
+        goto parse_error;
+      for (ul=0; objlen; objlen--)
+        {
+          ul <<= 8;
+          ul |= (*pp++) & 0xff;
+          nn--;
+        }
+      aodf->stored_length = ul;
+
+      /* optional maxLength */
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (gpg_err_code (err) == GPG_ERR_EOF)
+        goto ready;
+      if (!err && objlen > nn)
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
+      if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER)
+        {
+          if (objlen > sizeof (ul))
+            {
+              err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+              goto parse_error;
+            }
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
               ul |= (*pp++) & 0xff;
               nn--;
             }
-          aodf->pintype = ul;
+          aodf->max_length = ul;
+          aodf->max_length_valid = 1;
 
-          /* minLength */
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
-          if (!err && (objlen > nn
-                       || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto ready;
+          if (!err && objlen > nn)
             err = gpg_error (GPG_ERR_INV_OBJ);
-          if (!err && objlen > sizeof (ul))
-            err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
           if (err)
             goto parse_error;
+        }
+
+      /* Optional pinReference. */
+      if (class == CLASS_CONTEXT && tag == 0)
+        {
+          if (objlen > sizeof (ul))
+            {
+              err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+              goto parse_error;
+            }
           for (ul=0; objlen; objlen--)
             {
               ul <<= 8;
               ul |= (*pp++) & 0xff;
               nn--;
             }
-          aodf->min_length = ul;
+          aodf->pin_reference = ul;
+          aodf->pin_reference_valid = 1;
 
-          /* storedLength */
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
-          if (!err && (objlen > nn
-                       || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto ready;
+          if (!err && objlen > nn)
             err = gpg_error (GPG_ERR_INV_OBJ);
-          if (!err && objlen > sizeof (ul))
-            err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
           if (err)
             goto parse_error;
-          for (ul=0; objlen; objlen--)
+        }
+
+      /* Optional padChar. */
+      if (class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING)
+        {
+          if (objlen != 1)
             {
-              ul <<= 8;
-              ul |= (*pp++) & 0xff;
-              nn--;
+              errstr = "padChar is not of size(1)";
+              goto parse_error;
             }
-          aodf->stored_length = ul;
+          aodf->pad_char = *pp++; nn--;
+          aodf->pad_char_valid = 1;
 
-          /* optional maxLength */
           where = __LINE__;
           err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
                                   &ndef, &objlen, &hdrlen);
@@ -2997,180 +2970,97 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
             err = gpg_error (GPG_ERR_INV_OBJ);
           if (err)
             goto parse_error;
-          if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER)
-            {
-              if (objlen > sizeof (ul))
-                {
-                  err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
-                  goto parse_error;
-                }
-              for (ul=0; objlen; objlen--)
-                {
-                  ul <<= 8;
-                  ul |= (*pp++) & 0xff;
-                  nn--;
-                }
-              aodf->max_length = ul;
-              aodf->max_length_valid = 1;
+        }
 
-              where = __LINE__;
-              err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
-                                      &ndef, &objlen, &hdrlen);
-              if (gpg_err_code (err) == GPG_ERR_EOF)
-                goto ready;
-              if (!err && objlen > nn)
-                err = gpg_error (GPG_ERR_INV_OBJ);
-              if (err)
-                goto parse_error;
-            }
+      /* Skip optional lastPinChange. */
+      if (class == CLASS_UNIVERSAL && tag == TAG_GENERALIZED_TIME)
+        {
+          pp += objlen;
+          nn -= objlen;
 
-          /* Optional pinReference. */
-          if (class == CLASS_CONTEXT && tag == 0)
-            {
-              if (objlen > sizeof (ul))
-                {
-                  err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
-                  goto parse_error;
-                }
-              for (ul=0; objlen; objlen--)
-                {
-                  ul <<= 8;
-                  ul |= (*pp++) & 0xff;
-                  nn--;
-                }
-              aodf->pin_reference = ul;
-              aodf->pin_reference_valid = 1;
+          where = __LINE__;
+          err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                                  &ndef, &objlen, &hdrlen);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto ready;
+          if (!err && objlen > nn)
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (err)
+            goto parse_error;
+        }
 
-              where = __LINE__;
-              err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
-                                      &ndef, &objlen, &hdrlen);
-              if (gpg_err_code (err) == GPG_ERR_EOF)
-                goto ready;
-              if (!err && objlen > nn)
-                err = gpg_error (GPG_ERR_INV_OBJ);
-              if (err)
-                goto parse_error;
-            }
+      /* Optional Path object.  */
+      if (class == CLASS_UNIVERSAL || tag == TAG_SEQUENCE)
+        {
+          const unsigned char *ppp = pp;
+          size_t nnn = objlen;
 
-          /* Optional padChar. */
-          if (class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING)
-            {
-              if (objlen != 1)
-                {
-                  errstr = "padChar is not of size(1)";
-                  goto parse_error;
-                }
-              aodf->pad_char = *pp++; nn--;
-              aodf->pad_char_valid = 1;
+          pp += objlen;
+          nn -= objlen;
 
-              where = __LINE__;
-              err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
-                                      &ndef, &objlen, &hdrlen);
-              if (gpg_err_code (err) == GPG_ERR_EOF)
-                goto ready;
-              if (!err && objlen > nn)
-                err = gpg_error (GPG_ERR_INV_OBJ);
-              if (err)
-                goto parse_error;
-            }
+          where = __LINE__;
+          err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+                                  &ndef, &objlen, &hdrlen);
+          if (!err && objlen > nnn)
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (err)
+            goto parse_error;
 
-          /* Skip optional lastPinChange. */
-          if (class == CLASS_UNIVERSAL && tag == TAG_GENERALIZED_TIME)
+          /* Make sure that the next element is a non zero FID and of
+             even length (FID are two bytes each). */
+          if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
+              ||  !objlen || (objlen & 1) )
             {
-              pp += objlen;
-              nn -= objlen;
+              errstr = "invalid path reference";
+              goto parse_error;
+            }
+
+          aodf->pathlen = objlen/2;
+          aodf->path = xtrycalloc (aodf->pathlen, sizeof *aodf->path);
+          if (!aodf->path)
+            goto no_core;
+          for (i=0; i < aodf->pathlen; i++, ppp += 2, nnn -= 2)
+            aodf->path[i] = ((ppp[0] << 8) | ppp[1]);
 
+          if (nnn)
+            {
+              /* An index and length follows. */
+              aodf->have_off = 1;
               where = __LINE__;
-              err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+              err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
                                       &ndef, &objlen, &hdrlen);
-              if (gpg_err_code (err) == GPG_ERR_EOF)
-                goto ready;
-              if (!err && objlen > nn)
+              if (!err && (objlen > nnn
+                       || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
                 err = gpg_error (GPG_ERR_INV_OBJ);
               if (err)
                 goto parse_error;
-            }
 
-          /* Optional Path object.  */
-          if (class == CLASS_UNIVERSAL || tag == TAG_SEQUENCE)
-            {
-              const unsigned char *ppp = pp;
-              size_t nnn = objlen;
-
-              pp += objlen;
-              nn -= objlen;
+              for (ul=0; objlen; objlen--)
+                {
+                  ul <<= 8;
+                  ul |= (*ppp++) & 0xff;
+                  nnn--;
+                }
+              aodf->off = ul;
 
               where = __LINE__;
               err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
                                       &ndef, &objlen, &hdrlen);
-              if (!err && objlen > nnn)
+              if (!err && (objlen > nnn
+                           || class != CLASS_CONTEXT || tag != 0))
                 err = gpg_error (GPG_ERR_INV_OBJ);
               if (err)
                 goto parse_error;
 
-              /* Make sure that the next element has a path of even
-               * length (FIDs are two bytes each).  */
-              if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
-                  || (objlen & 1) )
-                {
-                  errstr = "invalid path reference";
-                  goto parse_error;
-                }
-
-              aodf->pathlen = objlen/2;
-              aodf->path = xtrycalloc (aodf->pathlen, sizeof *aodf->path);
-              if (!aodf->path)
-                goto no_core;
-              for (i=0; i < aodf->pathlen; i++, ppp += 2, nnn -= 2)
-                aodf->path[i] = ((ppp[0] << 8) | ppp[1]);
-
-              if (nnn)
+              for (ul=0; objlen; objlen--)
                 {
-                  /* An index and length follows. */
-                  aodf->have_off = 1;
-                  where = __LINE__;
-                  err = parse_ber_header (&ppp, &nnn, &class, &tag,
-                                          &constructed,
-                                          &ndef, &objlen, &hdrlen);
-                  if (!err && (objlen > nnn
-                               || class != CLASS_UNIVERSAL
-                               || tag != TAG_INTEGER))
-                    err = gpg_error (GPG_ERR_INV_OBJ);
-                  if (err)
-                    goto parse_error;
-
-                  for (ul=0; objlen; objlen--)
-                    {
-                      ul <<= 8;
-                      ul |= (*ppp++) & 0xff;
-                      nnn--;
-                    }
-                  aodf->off = ul;
-
-                  where = __LINE__;
-                  err = parse_ber_header (&ppp, &nnn, &class, &tag,
-                                          &constructed,
-                                          &ndef, &objlen, &hdrlen);
-                  if (!err && (objlen > nnn
-                               || class != CLASS_CONTEXT || tag != 0))
-                    err = gpg_error (GPG_ERR_INV_OBJ);
-                  if (err)
-                    goto parse_error;
-
-                  for (ul=0; objlen; objlen--)
-                    {
-                      ul <<= 8;
-                      ul |= (*ppp++) & 0xff;
-                      nnn--;
-                    }
-                  aodf->len = ul;
+                  ul <<= 8;
+                  ul |= (*ppp++) & 0xff;
+                  nnn--;
                 }
+              aodf->len = ul;
             }
         }
-      else if (auth_type == AUTH_TYPE_AUTHKEY)
-        {
-
-        }
 
       /* Ignore further objects which might be there due to future
          extensions of pkcs#15. */
@@ -3186,9 +3076,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
           if (aodf->label)
             log_printf (" (%s)", aodf->label);
           log_info ("p15:            ");
-          log_printf (" %s",
-                      aodf->auth_type == AUTH_TYPE_PIN? "pin" :
-                      aodf->auth_type == AUTH_TYPE_AUTHKEY? "authkey" : "?");
           if (aodf->pathlen)
             {
               log_printf (" path=");
@@ -3203,64 +3090,58 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
               for (i=0; i < aodf->authidlen; i++)
                 log_printf ("%02X", aodf->authid[i]);
             }
-          if (aodf->auth_type == AUTH_TYPE_PIN)
-            {
-              if (aodf->pin_reference_valid)
-                log_printf (" pinref=0x%02lX", aodf->pin_reference);
-              log_printf (" min=%lu", aodf->min_length);
-              log_printf (" stored=%lu", aodf->stored_length);
-              if (aodf->max_length_valid)
-                log_printf (" max=%lu", aodf->max_length);
-              if (aodf->pad_char_valid)
-                log_printf (" pad=0x%02x", aodf->pad_char);
-
-              log_info ("p15:             flags=");
-              s = "";
-              if (aodf->pinflags.case_sensitive)
-                log_printf ("%scase_sensitive", s), s = ",";
-              if (aodf->pinflags.local)
-                log_printf ("%slocal", s), s = ",";
-              if (aodf->pinflags.change_disabled)
-                log_printf ("%schange_disabled", s), s = ",";
-              if (aodf->pinflags.unblock_disabled)
-                log_printf ("%sunblock_disabled", s), s = ",";
-              if (aodf->pinflags.initialized)
-                log_printf ("%sinitialized", s), s = ",";
-              if (aodf->pinflags.needs_padding)
-                log_printf ("%sneeds_padding", s), s = ",";
-              if (aodf->pinflags.unblocking_pin)
-                log_printf ("%sunblocking_pin", s), s = ",";
-              if (aodf->pinflags.so_pin)
-                log_printf ("%sso_pin", s), s = ",";
-              if (aodf->pinflags.disable_allowed)
-                log_printf ("%sdisable_allowed", s), s = ",";
-              if (aodf->pinflags.integrity_protected)
-                log_printf ("%sintegrity_protected", s), s = ",";
-              if (aodf->pinflags.confidentiality_protected)
-                log_printf ("%sconfidentiality_protected", s), s = ",";
-              if (aodf->pinflags.exchange_ref_data)
-                log_printf ("%sexchange_ref_data", s), s = ",";
-              {
-                char numbuf[50];
-                const char *s2;
+          if (aodf->pin_reference_valid)
+            log_printf (" pinref=0x%02lX", aodf->pin_reference);
+          log_printf (" min=%lu", aodf->min_length);
+          log_printf (" stored=%lu", aodf->stored_length);
+          if (aodf->max_length_valid)
+            log_printf (" max=%lu", aodf->max_length);
+          if (aodf->pad_char_valid)
+            log_printf (" pad=0x%02x", aodf->pad_char);
+
+          log_info ("p15:             flags=");
+          s = "";
+          if (aodf->pinflags.case_sensitive)
+            log_printf ("%scase_sensitive", s), s = ",";
+          if (aodf->pinflags.local)
+            log_printf ("%slocal", s), s = ",";
+          if (aodf->pinflags.change_disabled)
+            log_printf ("%schange_disabled", s), s = ",";
+          if (aodf->pinflags.unblock_disabled)
+            log_printf ("%sunblock_disabled", s), s = ",";
+          if (aodf->pinflags.initialized)
+            log_printf ("%sinitialized", s), s = ",";
+          if (aodf->pinflags.needs_padding)
+            log_printf ("%sneeds_padding", s), s = ",";
+          if (aodf->pinflags.unblocking_pin)
+            log_printf ("%sunblocking_pin", s), s = ",";
+          if (aodf->pinflags.so_pin)
+            log_printf ("%sso_pin", s), s = ",";
+          if (aodf->pinflags.disable_allowed)
+            log_printf ("%sdisable_allowed", s), s = ",";
+          if (aodf->pinflags.integrity_protected)
+            log_printf ("%sintegrity_protected", s), s = ",";
+          if (aodf->pinflags.confidentiality_protected)
+            log_printf ("%sconfidentiality_protected", s), s = ",";
+          if (aodf->pinflags.exchange_ref_data)
+            log_printf ("%sexchange_ref_data", s), s = ",";
+          {
+            char numbuf[50];
+            const char *s2;
 
-                switch (aodf->pintype)
-                  {
-                  case PIN_TYPE_BCD: s2 = "bcd"; break;
-                  case PIN_TYPE_ASCII_NUMERIC: s2 = "ascii-numeric"; break;
-                  case PIN_TYPE_UTF8: s2 = "utf8"; break;
-                  case PIN_TYPE_HALF_NIBBLE_BCD: s2 = "half-nibble-bcd"; break;
-                  case PIN_TYPE_ISO9564_1: s2 = "iso9564-1"; break;
-                  default:
-                    sprintf (numbuf, "%lu", (unsigned long)aodf->pintype);
-                    s2 = numbuf;
-                  }
-                log_printf ("%stype=%s", s, s2); s = ",";
+            switch (aodf->pintype)
+              {
+              case PIN_TYPE_BCD: s2 = "bcd"; break;
+              case PIN_TYPE_ASCII_NUMERIC: s2 = "ascii-numeric"; break;
+              case PIN_TYPE_UTF8: s2 = "utf8"; break;
+              case PIN_TYPE_HALF_NIBBLE_BCD: s2 = "half-nibble-bcd"; break;
+              case PIN_TYPE_ISO9564_1: s2 = "iso9564-1"; break;
+              default:
+                sprintf (numbuf, "%lu", (unsigned long)aodf->pintype);
+                s2 = numbuf;
               }
-            }
-          else if (aodf->auth_type == AUTH_TYPE_AUTHKEY)
-            {
-            }
+            log_printf ("%stype=%s", s, s2); s = ",";
+          }
           log_printf ("\n");
         }
 
@@ -3572,14 +3453,6 @@ read_p15_info (app_t app)
 
   release_lists (app);
 
-  if (IS_CARDOS_5 (app)
-      && app->app_local->manufacturer_id
-      && !ascii_strcasecmp (app->app_local->manufacturer_id, "GeNUA mbH"))
-    {
-      if (!app->app_local->card_product)
-        app->app_local->card_product = CARD_PRODUCT_GENUA;
-    }
-
   /* Read the ODF so that we know the location of all directory
      files. */
   /* Fixme: We might need to get a non-standard ODF FID from TokenInfo. */
@@ -3644,49 +3517,17 @@ read_p15_info (app_t app)
       cdf_object_t cdf;
       char *extusage;
       char *p, *pend;
-      int seen, i;
+      int seen;
 
       if (opt.debug)
         log_printhex (prkdf->objid, prkdf->objidlen, "p15: prkdf id=");
-      if (cdf_object_from_objid (app, prkdf->objidlen, prkdf->objid, &cdf)
-          && cdf_object_from_label (app, prkdf->label, &cdf))
+      if (cdf_object_from_objid (app, prkdf->objidlen, prkdf->objid, &cdf))
         continue; /* No matching certificate.  */
       if (!cdf->cert)  /* Read and parse the certificate.  */
         readcert_by_cdf (app, cdf, NULL, NULL);
       if (!cdf->cert)
         continue; /* Unsupported or broken certificate.  */
 
-      if (prkdf->is_ecc)
-        {
-          const char *oid;
-          const unsigned char *der;
-          size_t off, derlen, objlen, hdrlen;
-          int class, tag, constructed, ndef;
-
-          for (i=0; !(err = ksba_cert_get_extension
-                      (cdf->cert, i, &oid, NULL, &off, &derlen)); i++)
-            if (!strcmp (oid, "1.3.6.1.4.1.11591.2.2.10") )
-              break;
-          if (!err && (der = ksba_cert_get_image (cdf->cert, NULL)))
-            {
-              der += off;
-              err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                                      &ndef, &objlen, &hdrlen);
-              if (!err && (objlen > derlen || tag != TAG_OCTET_STRING || ndef))
-                err = gpg_error (GPG_ERR_INV_OBJ);
-              if (!err)
-                {
-                  derlen = objlen;
-                  if (opt.debug)
-                    log_printhex (der, derlen, "p15: OpenPGP KDF parms:");
-                  /* Store them if they match the known OpenPGP format. */
-                  if (derlen == 4 && der[0] == 3 && der[1]  == 1)
-                    memcpy (prkdf->ecdh_kdf, der, 4);
-                }
-            }
-          err = 0;
-        }
-
       if (ksba_cert_get_ext_key_usages (cdf->cert, &extusage))
         continue; /* No extended key usage attribute.  */
 
@@ -3785,7 +3626,7 @@ read_p15_info (app_t app)
     }
   if (!app->app_local->card_product
       && app->app_local->token_label
-      && !strncmp (app->app_local->token_label, "D-TRUST Card V3", 15)
+      && !strcmp (app->app_local->token_label, "D-TRUST Card V3")
       && app->app_local->card_type == CARD_TYPE_CARDOS_50)
     {
       app->app_local->card_product = CARD_PRODUCT_DTRUST;
@@ -3933,7 +3774,6 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
                         labelbuf, strlen (labelbuf),
                         NULL, (size_t)0);
       xfree (buf);
-      xfree (labelbuf);
     }
   return 0;
 }
@@ -3961,22 +3801,33 @@ keygrip_from_prkdf (app_t app, prkdf_object_t prkdf)
   xfree (prkdf->serial_number);
   prkdf->serial_number = NULL;
 
-  /* We could have also checked whether a public key directory file
-   * and a matching public key for PRKDF is available.  This would
-   * make extraction of the key faster.  However, this way we don't
-   * have a way to look at extended key attributes to check gpgusage.
-   * FIXME: Add public key lookup if no certificate was found. */
+  /* FIXME: We should check whether a public key directory file and a
+     matching public key for PRKDF is available.  This should make
+     extraction of the key much easier.  My current test card doesn't
+     have one, so we can only use the fallback solution by looking for
+     a matching certificate and extract the key from there. */
 
-  /* Look for a matching certificate. A certificate matches if the id
-   * matches the one of the private key info.  If none was found we
-   * also try to match on the label.  */
-  err = cdf_object_from_objid (app, prkdf->objidlen, prkdf->objid, &cdf);
-  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
-    err = cdf_object_from_label (app, prkdf->label, &cdf);
-  if (!err && !cdf)
-    err = gpg_error (GPG_ERR_NOT_FOUND);
-  if (err)
-    goto leave;
+  /* Look for a matching certificate. A certificate matches if the Id
+     matches the one of the private key info. */
+  for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
+    if (cdf->objidlen == prkdf->objidlen
+        && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+      break;
+  if (!cdf)
+    for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next)
+      if (cdf->objidlen == prkdf->objidlen
+          && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+        break;
+  if (!cdf)
+    for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next)
+      if (cdf->objidlen == prkdf->objidlen
+          && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+        break;
+  if (!cdf)
+    {
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
 
   err = readcert_by_cdf (app, cdf, &der, &derlen);
   if (err)
@@ -4051,7 +3902,6 @@ keygrip_from_prkdf (app_t app, prkdf_object_t prkdf)
       ksba_cert_get_validity (cert, 0, isot);
       t = isotime2epoch (isot);
       prkdf->keytime = (t == (time_t)(-1))? 0 : (u32)t;
-      prkdf->have_keytime = 1;
     }
 
   if (!err && !prkdf->keyalgostr)
@@ -4172,7 +4022,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t prkdf)
             }
 
           log_assert (strlen (prkdf->keygrip) == 40);
-          if (prkdf->keytime && prkdf->have_keytime)
+          if (prkdf->keytime)
             snprintf (keytime, sizeof keytime, "%lu",
                       (unsigned long)prkdf->keytime);
           else
@@ -4284,27 +4134,6 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       return 0;
     }
 
-  if (DBG_CARD)
-    {
-      log_info ("p15: Reading CDF: id=");
-      for (i=0; i < cdf->objidlen; i++)
-        log_printf ("%02X", cdf->objid[i]);
-      if (cdf->label)
-        log_printf (" (%s)", cdf->label);
-      log_info ("p15:             path=");
-      for (i=0; i < cdf->pathlen; i++)
-        log_printf ("%s%04hX", i?"/":"", cdf->path[i]);
-      if (cdf->have_off)
-        log_printf ("[%lu/%lu]", cdf->off, cdf->len);
-      if (cdf->authid)
-        {
-          log_printf (" authid=");
-          for (i=0; i < cdf->authidlen; i++)
-            log_printf ("%02X", cdf->authid[i]);
-        }
-      log_printf ("\n");
-    }
-
   /* Read the entire file.  fixme: This could be optimized by first
      reading the header to figure out how long the certificate
      actually is. */
@@ -4312,12 +4141,8 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
   if (err)
     goto leave;
 
-  if (app->app_local->no_extended_mode || !cdf->len)
-    err = iso7816_read_binary_ext (app_get_slot (app), 0, cdf->off, 0,
-                                   &buffer, &buflen, NULL);
-  else
-    err = iso7816_read_binary_ext (app_get_slot (app), 1, cdf->off, cdf->len,
-                                   &buffer, &buflen, NULL);
+  err = iso7816_read_binary_ext (app_get_slot (app), 1, cdf->off, cdf->len,
+                                 &buffer, &buflen, NULL);
   if (!err && (!buflen || *buffer == 0xff))
     err = gpg_error (GPG_ERR_NOT_FOUND);
   if (err)
@@ -4464,98 +4289,6 @@ compare_aodf_objid (const void *arg_a, const void *arg_b)
 }
 
 
-static void
-send_key_fpr_line (ctrl_t ctrl, int number, const unsigned char *fpr)
-{
-  char buf[41];
-  char numbuf[25];
-
-  bin2hex (fpr, 20, buf);
-  if (number == -1)
-    *numbuf = 0; /* Don't print the key number */
-  else
-    snprintf (numbuf, sizeof numbuf, "%d", number);
-  send_status_info (ctrl, "KEY-FPR",
-                    numbuf, (size_t)strlen(numbuf),
-                    buf, (size_t)strlen (buf),
-                    NULL, 0);
-}
-
-
-/* If possible Emit a FPR-KEY status line for the private key object
- * PRKDF using NUMBER as index.  */
-static void
-send_key_fpr (app_t app, ctrl_t ctrl, prkdf_object_t prkdf, int number)
-{
-  gpg_error_t err;
-  cdf_object_t cdf;
-  unsigned char *pk, *fixed_pk;
-  size_t pklen, fixed_pklen;
-  const unsigned char *m, *e, *q;
-  size_t mlen, elen, qlen;
-  unsigned char fpr20[20];
-
-  if (cdf_object_from_objid (app, prkdf->objidlen, prkdf->objid, &cdf)
-      && cdf_object_from_label (app, prkdf->label, &cdf))
-    return;
-  if (!cdf->cert)
-    readcert_by_cdf (app, cdf, NULL, NULL);
-  if (!cdf->cert)
-    return;
-  if (!prkdf->have_keytime)
-    return;
-  pk = ksba_cert_get_public_key (cdf->cert);
-  if (!pk)
-    return;
-  pklen = gcry_sexp_canon_len (pk, 0, NULL, &err);
-
-  if (uncompress_ecc_q_in_canon_sexp (pk, pklen, &fixed_pk, &fixed_pklen))
-    {
-      xfree (pk);
-      return;
-    }
-  if (fixed_pk)
-    {
-      xfree (pk); pk = NULL;
-      pk = fixed_pk;
-      pklen = fixed_pklen;
-    }
-
-  switch (prkdf->keyalgo)
-    {
-    case GCRY_PK_RSA:
-      if (!get_rsa_pk_from_canon_sexp (pk, pklen,
-                                       &m, &mlen, &e, &elen)
-          && !compute_openpgp_fpr_rsa (4,
-                                       prkdf->keytime,
-                                       m, mlen, e, elen,
-                                       fpr20, NULL))
-        send_key_fpr_line (ctrl, number, fpr20);
-      break;
-
-    case GCRY_PK_ECC:
-    case GCRY_PK_ECDSA:
-    case GCRY_PK_ECDH:
-    case GCRY_PK_EDDSA:
-      /* Note that NUMBER 2 indicates the encryption key.  */
-      if (!get_ecc_q_from_canon_sexp (pk, pklen, &q, &qlen)
-          && !compute_openpgp_fpr_ecc (4,
-                                       prkdf->keytime,
-                                       prkdf->keyalgostr,
-                                       number == 2,
-                                       q, qlen,
-                                       prkdf->ecdh_kdf, 4,
-                                       fpr20, NULL))
-        send_key_fpr_line (ctrl, number, fpr20);
-      break;
-
-    default: /* No Fingerprint for an unknown algo.  */
-      break;
-
-    }
-  xfree (pk);
-}
-
 
 /* Implement the GETATTR command.  This is similar to the LEARN
    command but returns just one value via the status interface. */
@@ -4654,8 +4387,6 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
         }
       else
         {
-          char *sn;
-
           /* We use the first private key object which has a serial
            * number set.  If none was found, we parse the first
            * object and see whether this has then a serial number.  */
@@ -4670,12 +4401,11 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
               if (!prkdf->serial_number)
                 prkdf = NULL;
             }
-          sn = get_dispserialno (app, prkdf);
-          /* Unless there is a bogus S/N in the cert, or the product
-           * has a different strategy for the display-s/n, we should
-           * have a suitable one from the cert now.  */
-          if (sn)
+          if (prkdf)
             {
+              char *sn = get_dispserialno (app, prkdf);
+              /* Unless there is a bogus S/N in the cert we should
+               * have a suitable one from the cert here now.  */
               err = send_status_printf (ctrl, name, "%s", sn);
               xfree (sn);
               return err;
@@ -4685,13 +4415,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     }
   else if (!strcmp (name, "MANUFACTURER"))
     {
-      if (app->app_local->manufacturer_id
-          && !strchr (app->app_local->manufacturer_id, '[')
-          && app->app_local->card_product)
-        return send_status_printf (ctrl, "MANUFACTURER", "0 %s [%s]",
-                              app->app_local->manufacturer_id,
-                              cardproduct2str (app->app_local->card_product));
-      else if (app->app_local->manufacturer_id)
+      if (app->app_local->manufacturer_id)
         return send_status_printf (ctrl, "MANUFACTURER", "0 %s",
                                    app->app_local->manufacturer_id);
       else
@@ -4775,43 +4499,6 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
         }
       return 0;
     }
-  else if (!strcmp (name, "KEY-FPR"))
-    {
-      /* Send KEY-FPR for the two openpgp keys. */
-      for (prkdf = app->app_local->private_key_info; prkdf;
-           prkdf = prkdf->next)
-        {
-          if (app->app_local->any_gpgusage)
-            {
-              if (prkdf->gpgusage.sign)
-                break;
-            }
-          else
-            {
-              if (prkdf->usageflags.sign || prkdf->usageflags.sign_recover)
-                break;
-            }
-        }
-      if (prkdf)
-        send_key_fpr (app, ctrl, prkdf, 1);
-      for (prkdf = app->app_local->private_key_info; prkdf;
-           prkdf = prkdf->next)
-        {
-          if (app->app_local->any_gpgusage)
-            {
-              if (prkdf->gpgusage.encr)
-                break;
-            }
-          else
-            {
-              if (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)
-                break;
-            }
-        }
-      if (prkdf)
-        send_key_fpr (app, ctrl, prkdf, 2);
-      return 0;
-    }
 
   return gpg_error (GPG_ERR_INV_NAME);
 }
@@ -4999,18 +4686,7 @@ any_control_or_space (const char *string)
 {
   const unsigned char *s;
 
-  for (s = string; *s; s++)
-    if (*s <= 0x20 || *s >= 0x7f)
-      return 1;
-  return 0;
-}
-
-static int
-any_control_or_space_mem (const void *buffer, size_t buflen)
-{
-  const unsigned char *s;
-
-  for (s = buffer; buflen; s++, buflen--)
+  for (s = string; *string; string++)
     if (*s <= 0x20 || *s >= 0x7f)
       return 1;
   return 0;
@@ -5023,44 +4699,11 @@ static char *
 get_dispserialno (app_t app, prkdf_object_t prkdf)
 {
   char *serial;
-  const unsigned char *s;
-  int i;
-  size_t n;
 
   /* We prefer the SerialNumber RDN from the Subject-DN but we don't
    * use it if it features a percent sign (special character in pin
-   * prompts) or has any control character.  For some cards we use a
-   * different strategy.  */
-  if (app->app_local->card_product == CARD_PRODUCT_RSCS)
-    {
-      /* We use only the right 8 hex digits.  */
-      serial = app_get_serialno (app);
-      if (serial && (n=strlen (serial)) > 8)
-        memmove (serial, serial + n - 8, 9);
-    }
-  else if (IS_CARDOS_5 (app) && app->app_local->manufacturer_id
-           && !ascii_strcasecmp (app->app_local->manufacturer_id,
-                                 "Technology Nexus")
-           && app->serialno && app->serialnolen == 4+9
-           && !memcmp (app->serialno, "\xff\x00\x00\xff", 4)
-           && !any_control_or_space_mem (app->serialno + 4, 9))
-    {
-      /* Sample: ff0000ff354830313232363537 -> "5H01 2265 7" */
-      serial = xtrymalloc (9+2+1);
-      if (serial)
-        {
-          s = app->serialno + 4;
-          for (i=0; i < 4; i++)
-            serial[i] = *s++;
-          serial[i++] = ' ';
-          for (; i < 9; i++)
-            serial[i] = *s++;
-          serial[i++] = ' ';
-          serial[i++] = *s;
-          serial[i] = 0;
-        }
-    }
-  else if (prkdf && prkdf->serial_number && *prkdf->serial_number
+   * prompts) or has any control character.  */
+  if (prkdf && prkdf->serial_number && *prkdf->serial_number
       && !strchr (prkdf->serial_number, '%')
       && !any_control_or_space (prkdf->serial_number))
     {
@@ -5070,7 +4713,6 @@ get_dispserialno (app_t app, prkdf_object_t prkdf)
     {
       serial = app_get_serialno (app);
     }
-
   return serial;
 }
 
@@ -5082,28 +4724,11 @@ make_pin_prompt (app_t app, int remaining, const char *firstline,
                  prkdf_object_t prkdf)
 {
   char *serial, *tmpbuf, *result;
-  const char *holder = NULL;
+  const char *holder;
 
   serial = get_dispserialno (app, prkdf);
 
-  if (app->app_local->card_product == CARD_PRODUCT_GENUA)
-    {
-      /* The label of the first non SO-PIN is used for the holder.  */
-      aodf_object_t aodf;
-
-      for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next)
-        if (aodf->auth_type == AUTH_TYPE_PIN
-            && !aodf->pinflags.so_pin
-            && aodf->label)
-          {
-            holder = aodf->label;
-            break;
-          }
-    }
-
-  if (holder)
-    ;
-  else if (prkdf && prkdf->common_name)
+  if (prkdf && prkdf->common_name)
     holder = prkdf->common_name;
   else if (app->app_local->token_label)
     holder = app->app_local->token_label;
@@ -5183,8 +4808,8 @@ verify_pin (app_t app,
     {
       /* We know that this card supports a verify status check.  Note
        * that in contrast to PIV cards ISO7816_VERIFY_NOT_NEEDED is
-       * not supported.  We also don't use the pin_verified cache
-       * status because that is not as reliable as to ask the card
+       * not supported.  Noet that we don't use the pin_verified cache
+       * status because that is not as reliable than to ask the card
        * about its state.  */
       if (prkdf)  /* Clear the cache which we don't use.  */
         prkdf->pin_verified = 0;
@@ -5623,7 +5248,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      goto leave;
+      return err;
     }
 
   /* Now that we have all the information available run the actual PIN
@@ -5662,10 +5287,10 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      goto leave;
+      return err;
     }
 
-  if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits >= 2048)
+  if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048)
     {
       exmode = 1;
       le_value = prkdf->keynbits / 8;
@@ -5856,7 +5481,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
 
   exmode = le_value = 0;
   padind = 0;
-  if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits >= 2048)
+  if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048)
     {
       exmode = 1;   /* Extended length w/o a limit.  */
       le_value = prkdf->keynbits / 8;
@@ -6201,12 +5826,7 @@ app_select_p15 (app_t app)
           if (s && n == 2)
             def_home_df = buf16_to_ushort (s);
           else
-            {
-              if (fcilen)
-                log_printhex (fci, fcilen, "fci:");
-              log_info ("p15: select did not return the DF - using default\n");
-              def_home_df = DEFAULT_HOME_DF;
-            }
+            log_error ("p15: select(AID) did not return the DF\n");
         }
       app->app_local->home_df = def_home_df;
 
@@ -6223,9 +5843,6 @@ app_select_p15 (app_t app)
         case CARD_TYPE_CARDOS_53:
           direct = 1;
           break;
-        case CARD_TYPE_AET:
-          app->app_local->no_extended_mode = 1;
-          break;
         default:
           /* Use whatever has been determined above.  */
           break;
diff --git a/scd/app-piv.c b/scd/app-piv.c
new file mode 100644
index 0000000..ead1b19
--- /dev/null
+++ b/scd/app-piv.c
@@ -0,0 +1,3723 @@
+/* app-piv.c - The OpenPGP card application.
+ * Copyright (C) 2019, 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+/* Some notes:
+ * - Specs for PIV are at http://dx.doi.org/10.6028/NIST.SP.800-73-4
+ * - https://developers.yubico.com/PIV/Introduction/PIV_attestation.html
+ *
+ * - Access control matrix:
+ *   | Action       | 9B  | PIN | PUK |                              |
+ *   |--------------+-----+-----+-----+------------------------------|
+ *   | Generate key | yes |     |     |                              |
+ *   | Change 9B    | yes |     |     |                              |
+ *   | Change retry | yes | yes |     | Yubikey only                 |
+ *   | Import key   | yes |     |     |                              |
+ *   | Import cert  | yes |     |     |                              |
+ *   | Change CHUID | yes |     |     |                              |
+ *   | Reset card   |     |     |     | PIN and PUK in blocked state |
+ *   | Verify PIN   |     | yes |     |                              |
+ *   | Sign data    |     | yes |     |                              |
+ *   | Decrypt data |     | yes |     |                              |
+ *   | Change PIN   |     | yes |     |                              |
+ *   | Change PUK   |     |     | yes |                              |
+ *   | Unblock PIN  |     |     | yes | New PIN required             |
+ *   |---------------------------------------------------------------|
+ *   (9B indicates the 24 byte PIV Card Application Administration Key)
+ *
+ * - When generating a key we store the created public key in the
+ *   corresponding data object, so that gpg and gpgsm are able to get
+ *   the public key, create a certificate and store that then in that
+ *   data object.  That is not standard compliant but due to the use
+ *   of other tags, it should not harm.  See do_genkey for the actual
+ *   used tag structure.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+
+#include "scdaemon.h"
+
+#include "../common/util.h"
+#include "../common/i18n.h"
+#include "iso7816.h"
+#include "../common/tlv.h"
+#include "../common/host2net.h"
+#include "apdu.h" /* We use apdu_send_direct.  */
+
+#define PIV_ALGORITHM_3DES_ECB_0 0x00
+#define PIV_ALGORITHM_2DES_ECB   0x01
+#define PIV_ALGORITHM_2DES_CBC   0x02
+#define PIV_ALGORITHM_3DES_ECB   0x03
+#define PIV_ALGORITHM_3DES_CBC   0x04
+#define PIV_ALGORITHM_RSA        0x07
+#define PIV_ALGORITHM_AES128_ECB 0x08
+#define PIV_ALGORITHM_AES128_CBC 0x09
+#define PIV_ALGORITHM_AES192_ECB 0x0A
+#define PIV_ALGORITHM_AES192_CBC 0x0B
+#define PIV_ALGORITHM_AES256_ECB 0x0C
+#define PIV_ALGORITHM_AES256_CBC 0x0D
+#define PIV_ALGORITHM_ECC_P256   0x11
+#define PIV_ALGORITHM_ECC_P384   0x14
+
+
+/* The AID for PIV.  */
+static char const piv_aid[] = { 0xA0, 0x00, 0x00, 0x03, 0x08, /* RID=NIST */
+                                0x00, 0x00, 0x10, 0x00        /* PIX=PIV  */ };
+
+
+/* A table describing the DOs of a PIV card.  */
+struct data_object_s
+{
+  unsigned int tag;
+  unsigned int mandatory:1;
+  unsigned int acr_contact:2;     /* 0=always, 1=VCI, 2=PIN, 3=PINorOCC */
+  unsigned int acr_contactless:2; /* 0=always, 1=VCI, 2=VCIandPIN,
+                                                      3=VCIand(PINorOCC) */
+  unsigned int dont_cache:1;      /* Data item will not be cached.  */
+  unsigned int flush_on_error:1;  /* Flush cached item on error.  */
+  unsigned int keypair:1;         /* Has a public key for a keypair.  */
+  const char keyref[3];           /* The key reference.  */
+  const char *oidsuffix;          /* Suffix of the OID. */
+  const char *usage;              /* Usage string for a keypair or NULL.  */
+  const char *desc;               /* Description of the DO.  */
+};
+typedef struct data_object_s *data_object_t;
+static struct data_object_s data_objects[] = {
+  { 0x5FC107, 1, 0,1, 0,0, 0, "",   "1.219.0", NULL,
+    "Card Capability Container"},
+  { 0x5FC102, 1, 0,0, 0,0, 0, "",   "2.48.0",  NULL,
+    "Cardholder Unique Id" },
+  { 0x5FC105, 1, 0,1, 0,0, 1, "9A", "2.1.1",   "a",
+    "Cert PIV Authentication" },
+  { 0x5FC103, 1, 2,2, 0,0, 0, "",   "2.96.16", NULL,
+    "Cardholder Fingerprints" },
+  { 0x5FC106, 1, 0,1, 0,0, 0, "",   "2.144.0", NULL,
+    "Security Object" },
+  { 0x5FC108, 1, 2,2, 0,0, 0, "",   "2.96.48", NULL,
+    "Cardholder Facial Image" },
+  { 0x5FC101, 1, 0,0, 0,0, 1, "9E", "2.5.0",   "a",
+    "Cert Card Authentication"},
+  { 0x5FC10A, 0, 0,1, 0,0, 1, "9C", "2.1.0",   "sc",
+    "Cert Digital Signature" },
+  { 0x5FC10B, 0, 0,1, 0,0, 1, "9D", "2.1.2",   "e",
+    "Cert Key Management" },
+  { 0x5FC109, 0, 3,3, 0,0, 0, "",   "2.48.1",  NULL,
+    "Printed Information" },
+  { 0x7E,     0, 0,0, 0,0, 0, "",   "2.96.80", NULL,
+    "Discovery Object" },
+  { 0x5FC10C, 0, 0,1, 0,0, 0, "",   "2.96.96", NULL,
+    "Key History Object" },
+  { 0x5FC10D, 0, 0,1, 0,0, 0, "82", "2.16.1",  "e",
+    "Retired Cert Key Mgm 1" },
+  { 0x5FC10E, 0, 0,1, 0,0, 0, "83", "2.16.2",  "e",
+    "Retired Cert Key Mgm 2" },
+  { 0x5FC10F, 0, 0,1, 0,0, 0, "84", "2.16.3",  "e",
+    "Retired Cert Key Mgm 3" },
+  { 0x5FC110, 0, 0,1, 0,0, 0, "85", "2.16.4",  "e",
+    "Retired Cert Key Mgm 4" },
+  { 0x5FC111, 0, 0,1, 0,0, 0, "86", "2.16.5",  "e",
+    "Retired Cert Key Mgm 5" },
+  { 0x5FC112, 0, 0,1, 0,0, 0, "87", "2.16.6",  "e",
+    "Retired Cert Key Mgm 6" },
+  { 0x5FC113, 0, 0,1, 0,0, 0, "88", "2.16.7",  "e",
+    "Retired Cert Key Mgm 7" },
+  { 0x5FC114, 0, 0,1, 0,0, 0, "89", "2.16.8",  "e",
+    "Retired Cert Key Mgm 8" },
+  { 0x5FC115, 0, 0,1, 0,0, 0, "8A", "2.16.9",  "e",
+    "Retired Cert Key Mgm 9" },
+  { 0x5FC116, 0, 0,1, 0,0, 0, "8B", "2.16.10", "e",
+    "Retired Cert Key Mgm 10" },
+  { 0x5FC117, 0, 0,1, 0,0, 0, "8C", "2.16.11", "e",
+    "Retired Cert Key Mgm 11" },
+  { 0x5FC118, 0, 0,1, 0,0, 0, "8D", "2.16.12", "e",
+    "Retired Cert Key Mgm 12" },
+  { 0x5FC119, 0, 0,1, 0,0, 0, "8E", "2.16.13", "e",
+    "Retired Cert Key Mgm 13" },
+  { 0x5FC11A, 0, 0,1, 0,0, 0, "8F", "2.16.14", "e",
+    "Retired Cert Key Mgm 14" },
+  { 0x5FC11B, 0, 0,1, 0,0, 0, "90", "2.16.15", "e",
+    "Retired Cert Key Mgm 15" },
+  { 0x5FC11C, 0, 0,1, 0,0, 0, "91", "2.16.16", "e",
+    "Retired Cert Key Mgm 16" },
+  { 0x5FC11D, 0, 0,1, 0,0, 0, "92", "2.16.17", "e",
+    "Retired Cert Key Mgm 17" },
+  { 0x5FC11E, 0, 0,1, 0,0, 0, "93", "2.16.18", "e",
+    "Retired Cert Key Mgm 18" },
+  { 0x5FC11F, 0, 0,1, 0,0, 0, "94", "2.16.19", "e",
+    "Retired Cert Key Mgm 19" },
+  { 0x5FC120, 0, 0,1, 0,0, 0, "95", "2.16.20", "e",
+    "Retired Cert Key Mgm 20" },
+  { 0x5FC121, 0, 2,2, 0,0, 0, "",   "2.16.21", NULL,
+    "Cardholder Iris Images" },
+  { 0x7F61,   0, 0,0, 0,0, 0, "",   "2.16.22", NULL,
+    "BIT Group Template" },
+  { 0x5FC122, 0, 0,0, 0,0, 0, "",   "2.16.23", NULL,
+    "SM Cert Signer" },
+  { 0x5FC123, 0, 3,3, 0,0, 0, "",   "2.16.24", NULL,
+    "Pairing Code Ref Data" },
+  { 0 }
+  /* Other key reference values without a data object:
+   * "00" Global PIN (not cleared by application switching)
+   * "04" PIV Secure Messaging Key
+   * "80" PIV Application PIN
+   * "81" PIN Unblocking Key
+   * "96" Primary Finger OCC
+   * "97" Secondary Finger OCC
+   * "98" Pairing Code
+   * "9B" PIV Card Application Administration Key
+   *
+   * Yubikey specific data objects:
+   * "F9" Attestation key (preloaded can be replaced)
+   */
+};
+
+
+/* One cache item for DOs.  */
+struct cache_s {
+  struct cache_s *next;
+  int tag;
+  size_t length;
+  unsigned char data[1];
+};
+
+
+/* Object with application specific data.  */
+struct app_local_s {
+  /* A linked list with cached DOs.  */
+  struct cache_s *cache;
+
+  /* Various flags.  */
+  struct
+  {
+    unsigned int yubikey:1;  /* This is on a Yubikey.  */
+  } flags;
+
+  /* Keep track on whether we cache a certain PIN so that we get it
+   * from the cache only if we know we cached it.  This inhibits the
+   * use of the same cache entry for a card plugged in and out without
+   * gpg-agent having noticed that due to a bug.  */
+  struct
+  {
+    unsigned int maybe_00:1;
+    unsigned int maybe_80:1;
+    unsigned int maybe_81:1;
+    unsigned int maybe_96:1;
+    unsigned int maybe_97:1;
+    unsigned int maybe_98:1;
+    unsigned int maybe_9B:1;
+  } pincache;
+
+};
+
+
+/***** Local prototypes  *****/
+static gpg_error_t get_keygrip_by_tag (app_t app, unsigned int tag,
+                                       char **r_keygripstr, int *got_cert);
+static gpg_error_t genkey_parse_rsa (const unsigned char *data, size_t datalen,
+                                     gcry_sexp_t *r_sexp);
+static gpg_error_t genkey_parse_ecc (const unsigned char *data, size_t datalen,
+                                     int mechanism, gcry_sexp_t *r_sexp);
+
+
+
+
+
+/* Deconstructor. */
+static void
+do_deinit (app_t app)
+{
+  if (app && app->app_local)
+    {
+      struct cache_s *c, *c2;
+
+      for (c = app->app_local->cache; c; c = c2)
+        {
+          c2 = c->next;
+          xfree (c);
+        }
+
+      xfree (app->app_local);
+      app->app_local = NULL;
+    }
+}
+
+
+/* Wrapper around iso7816_get_data which first tries to get the data
+ * from the cache.  With GET_IMMEDIATE passed as true, the cache is
+ * bypassed.  The tag-53 container is also removed.  */
+static gpg_error_t
+get_cached_data (app_t app, int tag,
+                 unsigned char **result, size_t *resultlen,
+                 int get_immediate)
+{
+  gpg_error_t err;
+  int i;
+  unsigned char *p;
+  const unsigned char *s;
+  size_t len, n;
+  struct cache_s *c;
+
+  *result = NULL;
+  *resultlen = 0;
+
+  if (!get_immediate)
+    {
+      for (c=app->app_local->cache; c; c = c->next)
+        if (c->tag == tag)
+          {
+            if(c->length)
+              {
+                p = xtrymalloc (c->length);
+                if (!p)
+                  return gpg_error_from_syserror ();
+                memcpy (p, c->data, c->length);
+                *result = p;
+              }
+
+            *resultlen = c->length;
+
+            return 0;
+          }
+    }
+
+  err = iso7816_get_data_odd (app_get_slot (app), 0, tag, &p, &len);
+  if (err)
+    return err;
+
+  /* Unless the Discovery Object or the BIT Group Template is
+   * requested, remove the outer container.
+   * (SP800-73.4 Part 2, section 3.1.2)   */
+  if (tag == 0x7E || tag == 0x7F61)
+    ;
+  else if (len && *p == 0x53 && (s = find_tlv (p, len, 0x53, &n)))
+    {
+      memmove (p, s, n);
+      len = n;
+    }
+
+  if (len)
+    *result = p;
+  *resultlen = len;
+
+  /* Check whether we should cache this object. */
+  if (get_immediate)
+    return 0;
+
+  for (i=0; data_objects[i].tag; i++)
+    if (data_objects[i].tag == tag)
+      {
+        if (data_objects[i].dont_cache)
+          return 0;
+        break;
+      }
+
+  /* Okay, cache it. */
+  for (c=app->app_local->cache; c; c = c->next)
+    log_assert (c->tag != tag);
+
+  c = xtrymalloc (sizeof *c + len);
+  if (c)
+    {
+      if (len)
+        memcpy (c->data, p, len);
+      else
+        xfree (p);
+      c->length = len;
+      c->tag = tag;
+      c->next = app->app_local->cache;
+      app->app_local->cache = c;
+    }
+
+  return 0;
+}
+
+
+/* Remove data object described by TAG from the cache.  If TAG is 0
+ * all cache iterms are flushed.  */
+static void
+flush_cached_data (app_t app, int tag)
+{
+  struct cache_s *c, *cprev;
+
+  for (c=app->app_local->cache, cprev=NULL; c; cprev=c, c = c->next)
+    if (c->tag == tag || !tag)
+      {
+        if (cprev)
+          cprev->next = c->next;
+        else
+          app->app_local->cache = c->next;
+        xfree (c);
+
+        for (c=app->app_local->cache; c ; c = c->next)
+          {
+            log_assert (c->tag != tag); /* Oops: duplicated entry. */
+          }
+        return;
+      }
+}
+
+
+/* Get the DO identified by TAG from the card in SLOT and return a
+ * buffer with its content in RESULT and NBYTES.  The return value is
+ * NULL if not found or a pointer which must be used to release the
+ * buffer holding value.  */
+static void *
+get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
+            int *r_err)
+{
+  gpg_error_t err;
+  int i;
+  unsigned char *buffer;
+  size_t buflen;
+  unsigned char *value;
+  size_t valuelen;
+  gpg_error_t dummyerr;
+
+  if (!r_err)
+    r_err = &dummyerr;
+
+  *result = NULL;
+  *nbytes = 0;
+  *r_err = 0;
+  for (i=0; data_objects[i].tag && data_objects[i].tag != tag; i++)
+    ;
+
+  value = NULL;
+  err = gpg_error (GPG_ERR_ENOENT);
+
+  if (!value) /* Not in a constructed DO, try simple. */
+    {
+      err = get_cached_data (app, tag, &buffer, &buflen,
+                             data_objects[i].dont_cache);
+      if (!err)
+        {
+          value = buffer;
+          valuelen = buflen;
+        }
+    }
+
+  if (!err)
+    {
+      *nbytes = valuelen;
+      *result = value;
+      return buffer;
+    }
+
+  *r_err = err;
+  return NULL;
+}
+
+
+static void
+dump_all_do (int slot)
+{
+  gpg_error_t err;
+  int i;
+  unsigned char *buffer;
+  size_t buflen;
+
+  for (i=0; data_objects[i].tag; i++)
+    {
+      /* We don't try extended length APDU because such large DO would
+         be pretty useless in a log file.  */
+      err = iso7816_get_data_odd (slot, 0, data_objects[i].tag,
+                                 &buffer, &buflen);
+      if (err)
+        {
+          if (gpg_err_code (err) == GPG_ERR_ENOENT
+              && !data_objects[i].mandatory)
+            ;
+          else
+            log_info ("DO '%s' not available: %s\n",
+                      data_objects[i].desc, gpg_strerror (err));
+        }
+      else
+        {
+          if (data_objects[i].tag == 0x5FC109)
+            log_info ("DO '%s': '%.*s'\n", data_objects[i].desc,
+                      (int)buflen, buffer);
+          else
+            {
+              log_info ("DO '%s': ", data_objects[i].desc);
+              if (buflen > 16 && opt.verbose < 2)
+                {
+                  log_printhex (buffer, 16, NULL);
+                  log_printf ("[...]\n");
+                }
+              else
+                log_printhex (buffer, buflen, "");
+            }
+
+        }
+      xfree (buffer); buffer = NULL;
+    }
+}
+
+
+/* Create a TLV tag and value and store it at BUFFER.  Return the
+ * length of tag and length.  A LENGTH greater than 65535 is
+ * truncated.  TAG must be less or equal to 2^16.  If BUFFER is NULL,
+ * only the required length is computed.  */
+static size_t
+add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
+{
+  if (length > 0xffff)
+    length = 0xffff;
+
+  if (buffer)
+    {
+      unsigned char *p = buffer;
+
+      if (tag > 0xff)
+        *p++ = tag >> 8;
+      *p++ = tag;
+      if (length < 128)
+        *p++ = length;
+      else if (length < 256)
+        {
+          *p++ = 0x81;
+          *p++ = length;
+        }
+      else
+        {
+          *p++ = 0x82;
+          *p++ = length >> 8;
+          *p++ = length;
+        }
+
+      return p - buffer;
+    }
+  else
+    {
+      size_t n = 0;
+
+      if (tag > 0xff)
+        n++;
+      n++;
+      if (length < 128)
+        n++;
+      else if (length < 256)
+        n += 2;
+      else
+        n += 3;
+      return n;
+    }
+}
+
+
+/* Function to build a list of TLV and return the result in a malloced
+ * buffer.  The varargs are tuples of (int,size_t,void) each with the
+ * tag, the length and the actual data.  A (0,0,NULL) tuple terminates
+ * the list.  Up to 10 tuples are supported.  If SECMEM is true the
+ * returned buffer is allocated in secure memory.  */
+static gpg_error_t
+concat_tlv_list (int secure, unsigned char **r_result, size_t *r_resultlen, ...)
+{
+  gpg_error_t err;
+  va_list arg_ptr;
+  struct {
+    int tag;
+    unsigned int len;
+    unsigned int contlen;
+    const void *data;
+  } argv[10];
+  int i, j, argc;
+  unsigned char *data = NULL;
+  size_t datalen;
+  unsigned char *p;
+  size_t n;
+
+  *r_result = NULL;
+  *r_resultlen = 0;
+
+  /* Collect all args.  Check that length is <= 2^16 to match the
+   * behaviour of add_tlv.  */
+  va_start (arg_ptr, r_resultlen);
+  argc = 0;
+  while (((argv[argc].tag = va_arg (arg_ptr, int))))
+    {
+      argv[argc].len = va_arg (arg_ptr, size_t);
+      argv[argc].contlen = 0;
+      argv[argc].data = va_arg (arg_ptr, const void *);
+      if (argc >= DIM (argv)-1 || argv[argc].len > 0xffff)
+        {
+          va_end (arg_ptr);
+          err = gpg_error (GPG_ERR_EINVAL);
+          goto leave;
+        }
+      argc++;
+    }
+  va_end (arg_ptr);
+
+  /* Compute the required buffer length and allocate the buffer.  */
+  datalen = 0;
+  for (i=0; i < argc; i++)
+    {
+      if (!argv[i].len && !argv[i].data)
+        {
+          /* Constructed tag.  Compute its length.  Note that we
+           * currently allow only one constructed tag in the list.  */
+          for (n=0, j = i + 1; j < argc; j++)
+            {
+              log_assert (!(!argv[j].len && !argv[j].data));
+              n += add_tlv (NULL, argv[j].tag, argv[j].len);
+              n += argv[j].len;
+            }
+          argv[i].contlen = n;
+          datalen += add_tlv (NULL, argv[i].tag, n);
+        }
+      else
+        {
+          datalen += add_tlv (NULL, argv[i].tag, argv[i].len);
+          datalen += argv[i].len;
+        }
+    }
+  data = secure? xtrymalloc_secure (datalen) : xtrymalloc (datalen);
+  if (!data)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  /* Copy that data to the buffer.  */
+  p = data;
+  for (i=0; i < argc; i++)
+    {
+      if (!argv[i].len && !argv[i].data)
+        {
+          /* Constructed tag.  */
+          p += add_tlv (p, argv[i].tag, argv[i].contlen);
+        }
+      else
+        {
+          p += add_tlv (p, argv[i].tag, argv[i].len);
+          memcpy (p, argv[i].data, argv[i].len);
+          p += argv[i].len;
+        }
+    }
+  log_assert ( data + datalen == p );
+  *r_result = data;
+  data = NULL;
+  *r_resultlen = datalen;
+  err = 0;
+
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+/* Wrapper around iso7816_put_data_odd which also sets the tag into
+ * the '5C' data object.  The varargs are tuples of (int,size_t,void)
+ * with the tag, the length and the actual data.  A (0,0,NULL) tuple
+ * terminates the list.  Up to 10 tuples are supported.  */
+static gpg_error_t
+put_data (int slot, unsigned int tag, ...)
+{
+  gpg_error_t err;
+  va_list arg_ptr;
+  struct {
+    int tag;
+    size_t len;
+    const void *data;
+  } argv[10];
+  int i, argc;
+  unsigned char data5c[5];
+  size_t data5clen;
+  unsigned char *data = NULL;
+  size_t datalen;
+  unsigned char *p;
+  size_t n;
+
+  /* Collect all args.  Check that length is <= 2^16 to match the
+   * behaviour of add_tlv.  */
+  va_start (arg_ptr, tag);
+  argc = 0;
+  while (((argv[argc].tag = va_arg (arg_ptr, int))))
+    {
+      argv[argc].len = va_arg (arg_ptr, size_t);
+      argv[argc].data = va_arg (arg_ptr, const void *);
+      if (argc >= DIM (argv)-1 || argv[argc].len > 0xffff)
+        {
+          va_end (arg_ptr);
+          return GPG_ERR_EINVAL;
+        }
+      argc++;
+    }
+  va_end (arg_ptr);
+
+  /* Build the TLV with the tag to be updated.  */
+  data5c[0] = 0x5c; /* Tag list */
+  if (tag <= 0xff)
+    {
+      data5c[1] = 1;
+      data5c[2] = tag;
+      data5clen = 3;
+    }
+  else if (tag <= 0xffff)
+    {
+      data5c[1] = 2;
+      data5c[2] = (tag >> 8);
+      data5c[3] = tag;
+      data5clen = 4;
+    }
+  else
+    {
+      data5c[1] = 3;
+      data5c[2] = (tag >> 16);
+      data5c[3] = (tag >> 8);
+      data5c[4] = tag;
+      data5clen = 5;
+    }
+
+  /* Compute the required buffer length and allocate the buffer.  */
+  n = 0;
+  for (i=0; i < argc; i++)
+    {
+      n += add_tlv (NULL, argv[i].tag, argv[i].len);
+      n += argv[i].len;
+    }
+  datalen = data5clen + add_tlv (NULL, 0x53, n) + n;
+  data = xtrymalloc (datalen);
+  if (!data)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  /* Copy that data to the buffer.  */
+  p = data;
+  memcpy (p, data5c, data5clen);
+  p += data5clen;
+  p += add_tlv (p, 0x53, n);
+  for (i=0; i < argc; i++)
+    {
+      p += add_tlv (p, argv[i].tag, argv[i].len);
+      memcpy (p, argv[i].data, argv[i].len);
+      p += argv[i].len;
+    }
+  log_assert ( data + datalen == p );
+  err = iso7816_put_data_odd (slot, -1 /* use command chaining */,
+                              0x3fff, data, datalen);
+
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+/* Parse the key reference KEYREFSTR which is expected to hold a key
+ * reference for a CHV object.  Return the one octet keyref or -1 for
+ * an invalid reference.  */
+static int
+parse_chv_keyref (const char *keyrefstr)
+{
+  if (!keyrefstr)
+    return -1;
+  else if (!ascii_strcasecmp (keyrefstr, "PIV.00"))
+    return 0x00;
+  else if (!ascii_strcasecmp (keyrefstr, "PIV.80"))
+    return 0x80;
+  else if (!ascii_strcasecmp (keyrefstr, "PIV.81"))
+    return 0x81;
+  else
+    return -1;
+}
+
+
+/* The verify command can be used to retrieve the security status of
+ * the card.  Given the PIN name (e.g. "PIV.80" for the application
+ * pin, a ISO7817_VERIFY_* code is returned or a non-negative number
+ * of verification attempts left.  */
+static int
+get_chv_status (app_t app, const char *keyrefstr)
+{
+  int keyref;
+
+  keyref = parse_chv_keyref (keyrefstr);
+  if (!keyrefstr)
+    return ISO7816_VERIFY_ERROR;
+  return iso7816_verify_status (app_get_slot (app), keyref);
+}
+
+
+/* Implementation of the GETATTR command.  This is similar to the
+ * LEARN command but returns only one value via status lines.  */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+  static struct {
+    const char *name;
+    int tag;
+    int special;
+  } table[] = {
+    { "SERIALNO",     0x0000, -1 },
+    { "$AUTHKEYID",   0x0000, -2 }, /* Default ssh key.  */
+    { "$ENCRKEYID",   0x0000, -6 }, /* Default encryption key.  */
+    { "$SIGNKEYID",   0x0000, -7 }, /* Default signing key.  */
+    { "$DISPSERIALNO",0x0000, -3 },
+    { "CHV-STATUS",   0x0000, -4 },
+    { "CHV-USAGE",    0x007E, -5 }
+  };
+  gpg_error_t err = 0;
+  int idx;
+  void *relptr;
+  unsigned char *value;
+  size_t valuelen;
+  const unsigned char *s;
+  size_t n;
+
+  for (idx=0; (idx < DIM (table)
+               && ascii_strcasecmp (table[idx].name, name)); idx++)
+    ;
+  if (!(idx < DIM (table)))
+    err = gpg_error (GPG_ERR_INV_NAME);
+  else if (table[idx].special == -1)
+    {
+      char *serial = app_get_serialno (app);
+
+      if (serial)
+        {
+          send_status_direct (ctrl, "SERIALNO", serial);
+          xfree (serial);
+        }
+    }
+  else if (table[idx].special == -2)
+    {
+      char const tmp[] = "PIV.9A"; /* Cert PIV Authenticate.  */
+      send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+    }
+  else if (table[idx].special == -3)
+    {
+      char *tmp = app_get_dispserialno (app, 1);
+
+      if (tmp)
+        {
+          send_status_info (ctrl, table[idx].name,
+                            tmp, strlen (tmp),
+                            NULL, (size_t)0);
+          xfree (tmp);
+        }
+      else
+        err = gpg_error (GPG_ERR_INV_NAME);  /* No Abbreviated S/N.  */
+    }
+  else if (table[idx].special == -4) /* CHV-STATUS */
+    {
+      int tmp[4];
+
+      tmp[0] = get_chv_status (app, "PIV.00");
+      tmp[1] = get_chv_status (app, "PIV.80");
+      tmp[2] = get_chv_status (app, "PIV.81");
+      err = send_status_printf (ctrl, table[idx].name, "%d %d %d",
+                                tmp[0], tmp[1], tmp[2]);
+    }
+  else if (table[idx].special == -5) /* CHV-USAGE (aka PIN Usage Policy) */
+    {
+      /* We return 2 hex bytes or nothing in case the discovery object
+       * is not supported.  */
+      relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &err);
+      if (relptr)
+        {
+          s = find_tlv (value, valuelen, 0x7E, &n);
+          if (s && n && (s = find_tlv (s, n, 0x5F2F, &n)) && n >=2 )
+            err = send_status_printf (ctrl, table[idx].name, "%02X %02X",
+                                      s[0], s[1]);
+          xfree (relptr);
+        }
+    }
+  else if (table[idx].special == -6)
+    {
+      char const tmp[] = "PIV.9D"; /* Key Management.  */
+      send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+    }
+  else if (table[idx].special == -7)
+    {
+      char const tmp[] = "PIV.9C"; /* Digital Signature.  */
+      send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+    }
+  else
+    {
+      relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &err);
+      if (relptr)
+        {
+          send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
+          xfree (relptr);
+        }
+    }
+
+  return err;
+}
+
+
+/* Authenticate the card using the Card Application Administration
+ * Key.  (VALUE,VALUELEN) has that 24 byte key.  */
+static gpg_error_t
+auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
+{
+  gpg_error_t err;
+  unsigned char tmpl[4+24];
+  size_t tmpllen;
+  unsigned char *outdata = NULL;
+  size_t outdatalen;
+  const unsigned char *s;
+  char witness[8];
+  size_t n;
+  gcry_cipher_hd_t cipher = NULL;
+
+  /* Prepare decryption.  */
+  err = gcry_cipher_open (&cipher, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
+  if (err)
+    goto leave;
+  err = gcry_cipher_setkey (cipher, value, valuelen);
+  if (err)
+    goto leave;
+
+  /* Request a witness.  */
+  tmpl[0] = 0x7c;
+  tmpl[1] = 0x02;
+  tmpl[2] = 0x80;
+  tmpl[3] = 0;    /* (Empty witness requests a witness.)  */
+  tmpllen = 4;
+  err = iso7816_general_authenticate (app_get_slot (app), 0,
+                                      PIV_ALGORITHM_3DES_ECB_0, 0x9B,
+                                      tmpl, tmpllen, 0,
+                                      &outdata, &outdatalen);
+  if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+    err = gpg_error (GPG_ERR_BAD_AUTH);
+  if (err)
+    goto leave;
+  if (!(outdatalen && *outdata == 0x7c
+        && (s = find_tlv (outdata, outdatalen, 0x80, &n))
+        && n == 8))
+    {
+      err = gpg_error (GPG_ERR_CARD);
+      log_error ("piv: improper witness received\n");
+      goto leave;
+    }
+  err = gcry_cipher_decrypt (cipher, witness, 8, s, 8);
+  if (err)
+    goto leave;
+
+  /* Return decrypted witness and send our challenge.  */
+  tmpl[0] = 0x7c;
+  tmpl[1] = 22;
+  tmpl[2] = 0x80;
+  tmpl[3] = 8;
+  memcpy (tmpl+4, witness, 8);
+  tmpl[12] = 0x81;
+  tmpl[13] = 8;
+  gcry_create_nonce (tmpl+14, 8);
+  tmpl[22] = 0x80;
+  tmpl[23] = 0;
+  tmpllen = 24;
+  xfree (outdata);
+  err = iso7816_general_authenticate (app_get_slot (app), 0,
+                                      PIV_ALGORITHM_3DES_ECB_0, 0x9B,
+                                      tmpl, tmpllen, 0,
+                                      &outdata, &outdatalen);
+  if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+    err = gpg_error (GPG_ERR_BAD_AUTH);
+  if (err)
+    goto leave;
+  if (!(outdatalen && *outdata == 0x7c
+        && (s = find_tlv (outdata, outdatalen, 0x82, &n))
+        && n == 8))
+    {
+      err = gpg_error (GPG_ERR_CARD);
+      log_error ("piv: improper challenge received\n");
+      goto leave;
+    }
+  /* (We reuse the witness buffer.) */
+  err = gcry_cipher_decrypt (cipher, witness, 8, s, 8);
+  if (err)
+    goto leave;
+  if (memcmp (witness, tmpl+14, 8))
+    {
+      err = gpg_error (GPG_ERR_BAD_AUTH);
+      goto leave;
+    }
+
+ leave:
+   xfree (outdata);
+   gcry_cipher_close (cipher);
+   return err;
+}
+
+
+/* Set a new admin key.  */
+static gpg_error_t
+set_adm_key (app_t app, const unsigned char *value, size_t valuelen)
+{
+  gpg_error_t err;
+  unsigned char apdu[8+24];
+  unsigned int sw;
+
+  /* Check whether it is a weak key and that it is of proper length.  */
+  {
+    gcry_cipher_hd_t cipher;
+
+    err = gcry_cipher_open (&cipher, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
+    if (!err)
+      {
+        err = gcry_cipher_setkey (cipher, value, valuelen);
+        gcry_cipher_close (cipher);
+      }
+    if (err)
+      goto leave;
+  }
+
+  if (app->app_local->flags.yubikey)
+    {
+      /* This is a Yubikey.  */
+      if (valuelen != 24)
+        {
+          err = gpg_error (GPG_ERR_INV_LENGTH);
+          goto leave;
+        }
+
+      /* We use a proprietary Yubikey command.  */
+      apdu[0] = 0;
+      apdu[1] = 0xff;
+      apdu[2] = 0xff;
+      apdu[3] = 0xff;  /* touch policy: 0xff=never, 0xfe = always.  */
+      apdu[4] = 3 + 24;
+      apdu[5] = PIV_ALGORITHM_3DES_ECB;
+      apdu[6] = 0x9b;
+      apdu[7] = 24;
+      memcpy (apdu+8, value, 24);
+      err = iso7816_apdu_direct (app_get_slot (app), apdu, 8+24, 0,
+                                 &sw, NULL, NULL);
+      wipememory (apdu+8, 24);
+      if (err)
+        log_error ("piv: setting admin key failed; sw=%04x\n", sw);
+      /* A PIN is not required, thus use a better error code.  */
+      if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+        err = gpg_error (GPG_ERR_NO_AUTH);
+    }
+  else
+    err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+
+ leave:
+   return err;
+}
+
+/* Handle the SETATTR operation. All arguments are already basically
+ * checked. */
+static gpg_error_t
+do_setattr (app_t app, ctrl_t ctrl, const char *name,
+            gpg_error_t (*pincb)(void*, const char *, char **),
+            void *pincb_arg,
+            const unsigned char *value, size_t valuelen)
+{
+  gpg_error_t err;
+  static struct {
+    const char *name;
+    unsigned short tag;
+    unsigned short flush_tag;  /* The tag which needs to be flushed or 0. */
+    int special;               /* Special mode to use for thus NAME.  */
+  } table[] = {
+    /* Authenticate using the PIV Card Application Administration Key
+     * (0x0B).  Note that Yubico calls this key the "management key"
+     * which we don't do because that term is too similar to "Cert
+     * Management Key" (0x9D).  */
+    { "AUTH-ADM-KEY", 0x0000, 0x0000, 1 },
+    { "SET-ADM-KEY",  0x0000, 0x0000, 2 }
+  };
+  int idx;
+
+  (void)ctrl;
+  (void)pincb;
+  (void)pincb_arg;
+
+  for (idx=0; (idx < DIM (table)
+               && ascii_strcasecmp (table[idx].name, name)); idx++)
+    ;
+  if (!(idx < DIM (table)))
+    return gpg_error (GPG_ERR_INV_NAME);
+
+  /* Flush the cache before writing it, so that the next get operation
+   * will reread the data from the card and thus get synced in case of
+   * errors (e.g. data truncated by the card). */
+  if (table[idx].tag)
+    flush_cached_data (app, table[idx].flush_tag? table[idx].flush_tag
+                       /* */                    : table[idx].tag);
+
+  switch (table[idx].special)
+    {
+    case 1:
+      err = auth_adm_key (app, value, valuelen);
+      break;
+
+    case 2:
+      err = set_adm_key (app, value, valuelen);
+      break;
+
+    default:
+      err = gpg_error (GPG_ERR_BUG);
+      break;
+    }
+
+  return err;
+}
+
+
+/* Send the KEYPAIRINFO back.  DOBJ describes the data object carrying
+ * the key.  This is used by the LEARN command. */
+static gpg_error_t
+send_keypair_and_cert_info (app_t app, ctrl_t ctrl, data_object_t dobj,
+                            int only_keypair)
+{
+  gpg_error_t err = 0;
+  char *keygripstr = NULL;
+  int got_cert;
+  char idbuf[50];
+  const char *usage;
+
+  err = get_keygrip_by_tag (app, dobj->tag, &keygripstr, &got_cert);
+  if (err)
+    goto leave;
+
+  usage = dobj->usage? dobj->usage : "";
+
+  snprintf (idbuf, sizeof idbuf, "PIV.%s", dobj->keyref);
+  send_status_info (ctrl, "KEYPAIRINFO",
+                    keygripstr, strlen (keygripstr),
+                    idbuf, strlen (idbuf),
+                    usage, strlen (usage),
+                    NULL, (size_t)0);
+  if (!only_keypair && got_cert)
+    {
+      /* All certificates are of type 100 (Regular X.509 Cert).  */
+      send_status_info (ctrl, "CERTINFO",
+                        "100", 3,
+                        idbuf, strlen (idbuf),
+                        NULL, (size_t)0);
+    }
+
+ leave:
+  xfree (keygripstr);
+  return err;
+}
+
+
+/* Handle the LEARN command.  */
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+  int i;
+
+  (void)flags;
+
+  do_getattr (app, ctrl, "CHV-USAGE");
+  do_getattr (app, ctrl, "CHV-STATUS");
+
+  for (i=0; data_objects[i].tag; i++)
+    if (data_objects[i].keypair)
+      send_keypair_and_cert_info (app, ctrl, data_objects + i,
+                                  !!(flags & APP_LEARN_FLAG_KEYPAIRINFO));
+
+
+  return 0;
+}
+
+
+/* Core of do_readcert which fetches the certificate based on the
+ * given tag and returns it in a freshly allocated buffer stored at
+ * R_CERT and the length of the certificate stored at R_CERTLEN.  If
+ * on success a non-zero value is stored at R_MECHANISM, the returned
+ * data is not a certificate but a public key (in the format used by the
+ * container '7f49').  */
+static gpg_error_t
+readcert_by_tag (app_t app, unsigned int tag,
+                 unsigned char **r_cert, size_t *r_certlen, int *r_mechanism)
+{
+  gpg_error_t err;
+  unsigned char *buffer;
+  size_t buflen;
+  void *relptr;
+  const unsigned char *s, *s2;
+  size_t n, n2;
+
+  *r_cert = NULL;
+  *r_certlen = 0;
+  *r_mechanism = 0;
+
+  relptr = get_one_do (app, tag, &buffer, &buflen, NULL);
+  if (!relptr || !buflen)
+   {
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
+
+  s = find_tlv (buffer, buflen, 0x71, &n);
+  if (!s)
+    {
+      /* No certificate; check whether a public key has been stored
+       * using our own scheme.  */
+      s = find_tlv (buffer, buflen, 0x7f49, &n);
+      if (!s || !n)
+        {
+          log_error ("piv: No public key in 0x%X\n", tag);
+          err = gpg_error (GPG_ERR_NO_PUBKEY);
+          goto leave;
+        }
+      s2 = find_tlv (buffer, buflen, 0x80, &n2);
+      if (!s2 || n2 != 1 || !*s2)
+        {
+          log_error ("piv: No mechanism for public key in 0x%X\n", tag);
+          err = gpg_error (GPG_ERR_NO_PUBKEY);
+          goto leave;
+        }
+      *r_mechanism = *s2;
+    }
+  else
+    {
+      if (n != 1)
+        {
+          log_error ("piv: invalid CertInfo in 0x%X\n", tag);
+          err = gpg_error (GPG_ERR_INV_CERT_OBJ);
+          goto leave;
+        }
+      if (*s == 0x01)
+        {
+          log_error ("piv: gzip compression not yet supported (tag 0x%X)\n",
+                     tag);
+          err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+          goto leave;
+        }
+      if (*s)
+        {
+          log_error ("piv: invalid CertInfo 0x%02x in 0x%X\n", *s, tag);
+          err = gpg_error (GPG_ERR_INV_CERT_OBJ);
+          goto leave;
+        }
+
+      /* Note: We don't check that the LRC octet has a length of zero
+       * as required by the specs.  */
+
+      /* Get the cert from the container.  */
+      s = find_tlv (buffer, buflen, 0x70, &n);
+      if (!s || !n)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
+    }
+
+  /* The next is common for certificate and public key.  */
+  if (!(*r_cert = xtrymalloc (n)))
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  memcpy (*r_cert, s, n);
+  *r_certlen = n;
+  err = 0;
+
+ leave:
+  xfree (relptr);
+  return err;
+}
+
+
+/* Get the keygrip in hex format of a key from the certificate stored
+ * at TAG.  Caller must free the string at R_KEYGRIPSTR. */
+static gpg_error_t
+get_keygrip_by_tag (app_t app, unsigned int tag,
+                    char **r_keygripstr, int *r_got_cert)
+{
+  gpg_error_t err;
+  unsigned char *certbuf = NULL;
+  size_t certbuflen;
+  int mechanism;
+  gcry_sexp_t s_pkey = NULL;
+  ksba_cert_t cert = NULL;
+  unsigned char grip[KEYGRIP_LEN];
+
+  *r_got_cert = 0;
+  *r_keygripstr = xtrymalloc (2*KEYGRIP_LEN+1);
+  if (!r_keygripstr)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  /* We need to get the public key from the certificate.  */
+  err = readcert_by_tag (app, tag, &certbuf, &certbuflen, &mechanism);
+  if (err)
+    goto leave;
+  if (mechanism) /* Compute keygrip from public key.  */
+    {
+      if (mechanism == PIV_ALGORITHM_RSA)
+        err = genkey_parse_rsa (certbuf, certbuflen, &s_pkey);
+      else if (mechanism == PIV_ALGORITHM_ECC_P256
+               || mechanism == PIV_ALGORITHM_ECC_P384)
+        err = genkey_parse_ecc (certbuf, certbuflen, mechanism, &s_pkey);
+      else
+        err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      if (err)
+        goto leave;
+
+      if (!gcry_pk_get_keygrip (s_pkey, grip))
+        {
+          log_error ("piv: error computing keygrip\n");
+          err = gpg_error (GPG_ERR_GENERAL);
+          goto leave;
+        }
+
+      bin2hex (grip, sizeof grip, *r_keygripstr);
+    }
+  else /* Compute keygrip from certificate.  */
+    {
+      *r_got_cert = 0;
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, certbuf, certbuflen);
+      if (err)
+        goto leave;
+      err = app_help_get_keygrip_string (cert, *r_keygripstr, NULL, NULL);
+    }
+
+ leave:
+  gcry_sexp_release (s_pkey);
+  ksba_cert_release (cert);
+  xfree (certbuf);
+  if (err)
+    {
+      xfree (*r_keygripstr);
+      *r_keygripstr = NULL;
+    }
+  return err;
+}
+
+
+/* Locate the data object from the given KEYREF.  The KEYREF may also
+ * be the corresponding OID of the key object.  Returns the data
+ * object or NULL if not found.  */
+static data_object_t
+find_dobj_by_keyref (app_t app, const char *keyref)
+{
+  int i;
+
+  (void)app;
+
+  if (!ascii_strncasecmp (keyref, "PIV.", 4))  /* Standard keyref */
+    {
+      keyref += 4;
+      for (i=0; data_objects[i].tag; i++)
+        if (*data_objects[i].keyref
+            && !ascii_strcasecmp (keyref, data_objects[i].keyref))
+          {
+            return data_objects + i;
+          }
+    }
+  else if (!strncmp (keyref, "2.16.840.1.101.3.7.", 19))  /* OID */
+    {
+      keyref += 19;
+      for (i=0; data_objects[i].tag; i++)
+        if (*data_objects[i].keyref
+            && !strcmp (keyref, data_objects[i].oidsuffix))
+          {
+            return data_objects + i;
+          }
+    }
+  else if (strlen (keyref) == 40)  /* A keygrip */
+    {
+      char *keygripstr = NULL;
+      int tag, dummy_got_cert;
+
+      for (i=0; (tag=data_objects[i].tag); i++)
+        {
+          if (!data_objects[i].keypair)
+            continue;
+          xfree (keygripstr);
+          if (get_keygrip_by_tag (app, tag, &keygripstr, &dummy_got_cert))
+            continue;
+          if (!strcmp (keygripstr, keyref))
+            {
+              xfree (keygripstr);
+              return data_objects + i;
+            }
+        }
+      xfree (keygripstr);
+    }
+
+  return NULL;
+}
+
+
+/* Return the keyref from DOBJ as an integer.  If it does not exist,
+ * return -1.  */
+static int
+keyref_from_dobj (data_object_t dobj)
+{
+  if (!dobj || !hexdigitp (dobj->keyref) || !hexdigitp (dobj->keyref+1))
+    return -1;
+  return xtoi_2 (dobj->keyref);
+}
+
+
+/* Read a certificate from the card and returned in a freshly
+ * allocated buffer stored at R_CERT and the length of the certificate
+ * stored at R_CERTLEN.  CERTID is either the OID of the cert's
+ * container or of the form "PIV.<two_hexdigit_keyref>"  */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+             unsigned char **r_cert, size_t *r_certlen)
+{
+  gpg_error_t err;
+  data_object_t dobj;
+  int mechanism;
+
+  *r_cert = NULL;
+  *r_certlen = 0;
+
+  /* Hack to read a Yubikey attestation certificate.  */
+  if (app->app_local->flags.yubikey
+      && strlen (certid) == 11
+      && !ascii_strncasecmp (certid, "PIV.ATST.", 9)
+      && hexdigitp (certid+9) && hexdigitp (certid+10))
+    {
+      unsigned char apdu[4];
+      unsigned char *result;
+      size_t resultlen;
+
+      apdu[0] = 0;
+      apdu[1] = 0xf9;  /* Yubikey: Get attestation cert.  */
+      apdu[2] = xtoi_2 (certid+9);
+      apdu[3] = 0;
+      err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 1,
+                                 NULL, &result, &resultlen);
+      if (!err)
+        {
+          *r_cert = result;
+          *r_certlen = resultlen;
+        }
+      return err;
+    }
+
+  dobj = find_dobj_by_keyref (app, certid);
+  if (!dobj)
+    return gpg_error (GPG_ERR_INV_ID);
+
+  err = readcert_by_tag (app, dobj->tag, r_cert, r_certlen, &mechanism);
+  if (!err && mechanism)
+    {
+      /* Well, no certificate but a public key - we don't want it.  */
+      xfree (*r_cert);
+      *r_cert = NULL;
+      *r_certlen = 0;
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+    }
+  return err;
+}
+
+
+/* Return a public key in a freshly allocated buffer.  This will only
+ * work for a freshly generated key as long as no reset of the
+ * application has been performed.  This is because we return a cached
+ * result from key generation.  If no cached result is available, the
+ * error GPG_ERR_UNSUPPORTED_OPERATION is returned so that the higher
+ * layer can then get the key by reading the matching certificate.
+ * On success a canonical encoded s-expression with the public key is
+ * stored at (R_PK,R_PKLEN); the caller must release that buffer.  On
+ * error R_PK and R_PKLEN are not changed and an error code is
+ * returned.
+ */
+static gpg_error_t
+do_readkey (app_t app, ctrl_t ctrl, const char *keyrefstr, unsigned int flags,
+            unsigned char **r_pk, size_t *r_pklen)
+{
+  gpg_error_t err;
+  data_object_t dobj;
+  int keyref;
+  unsigned char *cert = NULL;
+  size_t certlen;
+  int mechanism;
+  gcry_sexp_t s_pkey = NULL;
+  unsigned char *pk = NULL;
+  size_t pklen;
+
+  dobj = find_dobj_by_keyref (app, keyrefstr);
+  if ((keyref = keyref_from_dobj (dobj)) == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+
+  err = readcert_by_tag (app, dobj->tag, &cert, &certlen, &mechanism);
+  if (err)
+    goto leave;
+  if (!mechanism)
+    {
+      /* We got a certificate.  Extract the pubkey from it.  */
+      err = app_help_pubkey_from_cert (cert, certlen, &pk, &pklen);
+      if (err)
+        {
+          log_error ("failed to parse the certificate: %s\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+    }
+  else
+    {
+      /* Convert the public key into the expected s-expression.  */
+      if (mechanism == PIV_ALGORITHM_RSA)
+        err = genkey_parse_rsa (cert, certlen, &s_pkey);
+      else if (mechanism == PIV_ALGORITHM_ECC_P256
+               || mechanism == PIV_ALGORITHM_ECC_P384)
+        err = genkey_parse_ecc (cert, certlen, mechanism, &s_pkey);
+      else
+        err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      if (err)
+        goto leave;
+
+      err = make_canon_sexp (s_pkey, &pk, &pklen);
+      if (err)
+        goto leave;
+    }
+
+  if ((flags & APP_READKEY_FLAG_INFO))
+    {
+      char keygripstr[KEYGRIP_LEN*2+1];
+      char idbuf[50];
+      const char *usage;
+      char *algostr;
+
+      err = app_help_get_keygrip_string_pk (pk, pklen, keygripstr,
+                                            NULL, NULL, &algostr);
+      if (err)
+        {
+          log_error ("app_help_get_keygrip_string_pk failed: %s\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+      usage = dobj->usage? dobj->usage : "";
+
+      snprintf (idbuf, sizeof idbuf, "PIV.%s", dobj->keyref);
+      send_status_info (ctrl, "KEYPAIRINFO",
+                        keygripstr, strlen (keygripstr),
+                        idbuf, strlen (idbuf),
+                        usage, strlen (usage),
+                        "-", (size_t)1,
+                        algostr, strlen (algostr),
+                        NULL, (size_t)0);
+      xfree (algostr);
+    }
+
+  if (r_pk && r_pklen)
+    {
+      *r_pk = pk;
+      pk = NULL;
+      *r_pklen = pklen;
+    }
+
+ leave:
+  gcry_sexp_release (s_pkey);
+  xfree (pk);
+  xfree (cert);
+  return err;
+}
+
+
+/* Given a data object DOBJ return the corresponding PIV algorithm and
+ * store it at R_ALGO.  The algorithm is taken from the corresponding
+ * certificate or from a cache.  */
+static gpg_error_t
+get_key_algorithm_by_dobj (app_t app, data_object_t dobj, int *r_mechanism)
+{
+  gpg_error_t err;
+  unsigned char *certbuf = NULL;
+  size_t certbuflen;
+  int mechanism;
+  ksba_cert_t cert = NULL;
+  ksba_sexp_t k_pkey = NULL;
+  gcry_sexp_t s_pkey = NULL;
+  gcry_sexp_t l1 = NULL;
+  char *algoname = NULL;
+  int algo;
+  size_t n;
+  const char *curve_name;
+
+  *r_mechanism = 0;
+
+  err = readcert_by_tag (app, dobj->tag, &certbuf, &certbuflen, &mechanism);
+  if (err)
+    goto leave;
+  if (mechanism)
+    {
+      /* A public key was found.  That makes it easy.  */
+      switch (mechanism)
+        {
+        case PIV_ALGORITHM_RSA:
+        case PIV_ALGORITHM_ECC_P256:
+        case PIV_ALGORITHM_ECC_P384:
+          *r_mechanism = mechanism;
+          break;
+
+        default:
+          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+          log_error ("piv: unknown mechanism %d in public key at %s\n",
+                     mechanism, dobj->keyref);
+          break;
+        }
+      goto leave;
+    }
+
+  err = ksba_cert_new (&cert);
+  if (err)
+    goto leave;
+
+  err = ksba_cert_init_from_mem (cert, certbuf, certbuflen);
+  if (err)
+    {
+      log_error ("piv: failed to parse the certificate %s: %s\n",
+                 dobj->keyref, gpg_strerror (err));
+      goto leave;
+    }
+  xfree (certbuf);
+  certbuf = NULL;
+
+  k_pkey = ksba_cert_get_public_key (cert);
+  if (!k_pkey)
+    {
+      err = gpg_error (GPG_ERR_NO_PUBKEY);
+      goto leave;
+    }
+  n = gcry_sexp_canon_len (k_pkey, 0, NULL, NULL);
+  err = gcry_sexp_new (&s_pkey, k_pkey, n, 0);
+  if (err)
+    goto leave;
+
+  l1 = gcry_sexp_find_token (s_pkey, "public-key", 0);
+  if (!l1)
+    {
+      err = gpg_error (GPG_ERR_NO_PUBKEY);
+      goto leave;
+    }
+
+  {
+    gcry_sexp_t l_tmp = gcry_sexp_cadr (l1);
+    gcry_sexp_release (l1);
+    l1 = l_tmp;
+  }
+  algoname = gcry_sexp_nth_string (l1, 0);
+  if (!algoname)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  algo = gcry_pk_map_name (algoname);
+  switch (algo)
+    {
+    case GCRY_PK_RSA:
+      algo = PIV_ALGORITHM_RSA;
+      break;
+
+    case GCRY_PK_ECC:
+    case GCRY_PK_ECDSA:
+    case GCRY_PK_ECDH:
+      curve_name = gcry_pk_get_curve (s_pkey, 0, NULL);
+      if (curve_name && !strcmp (curve_name, "NIST P-256"))
+        algo = PIV_ALGORITHM_ECC_P256;
+      else if (curve_name && !strcmp (curve_name, "NIST P-384"))
+        algo = PIV_ALGORITHM_ECC_P384;
+      else
+        {
+          err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+          log_error ("piv: certificate %s, curve '%s': %s\n",
+                     dobj->keyref, curve_name, gpg_strerror (err));
+          goto leave;
+        }
+      break;
+
+    default:
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      log_error ("piv: certificate %s, pubkey algo '%s': %s\n",
+                 dobj->keyref, algoname, gpg_strerror (err));
+      goto leave;
+    }
+  *r_mechanism = algo;
+
+ leave:
+  gcry_free (algoname);
+  gcry_sexp_release (l1);
+  gcry_sexp_release (s_pkey);
+  ksba_free (k_pkey);
+  xfree (certbuf);
+  return err;
+}
+
+
+/* Helper to cache the pin PINNO.  If PIN is NULL the cache is cleared. */
+static void
+cache_pin (app_t app, ctrl_t ctrl, int pinno,
+           const char *pin, unsigned int pinlen)
+{
+  char pinref[20];
+
+  if (opt.pcsc_shared)
+    return;
+
+  if (pinno < 0)
+    return;
+  switch (app->card->cardtype)
+    {
+    case CARDTYPE_YUBIKEY: break;
+    default: return;
+    }
+
+
+
+  snprintf (pinref, sizeof pinref, "%02x", pinno);
+  pincache_put (ctrl, app_get_slot (app), "piv", pinref, pin, pinlen);
+
+  switch (pinno)
+    {
+    case 0x00: app->app_local->pincache.maybe_00 = !!pin; break;
+    case 0x80: app->app_local->pincache.maybe_80 = !!pin; break;
+    case 0x81: app->app_local->pincache.maybe_81 = !!pin; break;
+    case 0x96: app->app_local->pincache.maybe_96 = !!pin; break;
+    case 0x97: app->app_local->pincache.maybe_97 = !!pin; break;
+    case 0x98: app->app_local->pincache.maybe_98 = !!pin; break;
+    case 0x9B: app->app_local->pincache.maybe_9B = !!pin; break;
+    }
+
+}
+
+
+/* If the PIN cache is available and really has a valid PIN return
+ * that pin at R_PIN.  Returns true if that is the case; otherwise
+ * false.  */
+static int
+pin_from_cache (app_t app, ctrl_t ctrl, int pinno, char **r_pin)
+{
+  char pinref[20];
+  int maybe_cached;
+
+  *r_pin = NULL;
+
+  if (pinno < 0)
+    return 0;
+  switch (app->card->cardtype)
+    {
+    case CARDTYPE_YUBIKEY: break;
+    default: return 0;
+    }
+
+  switch (pinno)
+    {
+    case 0x00: maybe_cached = app->app_local->pincache.maybe_00; break;
+    case 0x80: maybe_cached = app->app_local->pincache.maybe_80; break;
+    case 0x81: maybe_cached = app->app_local->pincache.maybe_81; break;
+    case 0x96: maybe_cached = app->app_local->pincache.maybe_96; break;
+    case 0x97: maybe_cached = app->app_local->pincache.maybe_97; break;
+    case 0x98: maybe_cached = app->app_local->pincache.maybe_98; break;
+    case 0x9B: maybe_cached = app->app_local->pincache.maybe_9B; break;
+    default:   maybe_cached = 0;
+    }
+
+  if (!maybe_cached)
+    return 0;
+
+  snprintf (pinref, sizeof pinref, "%02x", pinno);
+  if (pincache_get (ctrl, app_get_slot (app), "piv", pinref, r_pin))
+    return 0;
+
+  return 1;
+}
+
+
+/* Return an allocated string to be used as prompt.  Returns NULL on
+ * malloc error.  */
+static char *
+make_prompt (app_t app, int remaining, const char *firstline)
+{
+  char *serial, *tmpbuf, *result;
+
+  serial = app_get_dispserialno (app, 0);
+  if (!serial)
+    return NULL;
+
+  /* TRANSLATORS: Put a \x1f right before a colon.  This can be
+   * used by pinentry to nicely align the names and values.  Keep
+   * the %s at the start and end of the string.  */
+  result = xtryasprintf (_("%s"
+                           "Number\x1f: %s%%0A"
+                           "Holder\x1f: %s"
+                           "%s"),
+                         "\x1e",
+                         serial,
+                         "Unknown", /* Fixme */
+                         "");
+  xfree (serial);
+
+  /* Append a "remaining attempts" info if needed.  */
+  if (remaining != -1 && remaining < 3)
+    {
+      char *rembuf;
+
+      /* TRANSLATORS: This is the number of remaining attempts to
+       * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed. */
+      rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining);
+      if (rembuf)
+        {
+          tmpbuf = strconcat (firstline, "%0A%0A", result,
+                              "%0A%0A", rembuf, NULL);
+          xfree (rembuf);
+        }
+      else
+        tmpbuf = NULL;
+      xfree (result);
+      result = tmpbuf;
+    }
+  else
+    {
+      tmpbuf = strconcat (firstline, "%0A%0A", result, NULL);
+      xfree (result);
+      result = tmpbuf;
+    }
+
+  return result;
+}
+
+
+/* Helper for verify_chv to ask for the PIN and to prepare/pad it.  On
+ * success the result is stored at (R_PIN,R_PINLEN).  */
+static gpg_error_t
+ask_and_prepare_chv (app_t app, ctrl_t ctrl,
+                     int keyref, int ask_new, int remaining, int no_cache,
+                     gpg_error_t (*pincb)(void*,const char *,char **),
+                     void *pincb_arg, char **r_pin, unsigned int *r_pinlen,
+                     unsigned int *r_unpaddedpinlen)
+{
+  gpg_error_t err;
+  const char *label;
+  char *prompt;
+  char *pinvalue = NULL;
+  unsigned int pinlen;
+  char *pinbuffer = NULL;
+  int minlen, maxlen, padding, onlydigits;
+
+  *r_pin = NULL;
+  *r_pinlen = 0;
+  if (r_unpaddedpinlen)
+    *r_unpaddedpinlen = 0;
+
+  if (ask_new)
+    remaining = -1;
+
+  if (remaining != -1)
+    log_debug ("piv: CHV %02X has %d attempts left\n", keyref, remaining);
+
+  switch (keyref)
+    {
+    case 0x00:
+      minlen = 6;
+      maxlen = 8;
+      padding = 1;
+      onlydigits = 1;
+      label = (ask_new? _("|N|Please enter the new Global-PIN")
+               /**/   : _("||Please enter the Global-PIN of your PIV card"));
+      break;
+    case 0x80:
+      minlen = 6;
+      maxlen = 8;
+      padding = 1;
+      onlydigits = 1;
+      label = (ask_new? _("|N|Please enter the new PIN")
+               /**/   : _("||Please enter the PIN of your PIV card"));
+      break;
+    case 0x81:
+      minlen = 8;
+      maxlen = 8;
+      padding = 0;
+      onlydigits = 0;
+      label = (ask_new? _("|N|Please enter the new Unblocking Key")
+               /**/   :_("||Please enter the Unblocking Key of your PIV card"));
+      break;
+
+    case 0x96:
+    case 0x97:
+    case 0x98:
+    case 0x9B:
+      return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
+    default:
+      return gpg_error (GPG_ERR_INV_ID);
+    }
+
+  /* Ask for the PIN.  */
+  if (!no_cache && remaining >= 3
+      && pin_from_cache (app, ctrl, keyref, &pinvalue))
+    err = 0;
+  else
+    {
+      prompt = make_prompt (app, remaining, label);
+      err = pincb (pincb_arg, prompt, &pinvalue);
+      xfree (prompt);
+      prompt = NULL;
+    }
+  if (err)
+    {
+      log_info (_("PIN callback returned error: %s\n"), gpg_strerror (err));
+      return err;
+    }
+
+  pinlen = pinvalue? strlen (pinvalue) : 0;
+  if (pinlen < minlen)
+    {
+      log_error (_("PIN is too short; minimum length is %d\n"), minlen);
+      if (pinvalue)
+        wipememory (pinvalue, pinlen);
+      xfree (pinvalue);
+      return gpg_error (GPG_ERR_BAD_PIN);
+    }
+  if (pinlen > maxlen)
+    {
+      log_error (_("PIN is too long; maximum length is %d\n"), maxlen);
+      wipememory (pinvalue, pinlen);
+      xfree (pinvalue);
+      return gpg_error (GPG_ERR_BAD_PIN);
+    }
+  if (onlydigits && strspn (pinvalue, "0123456789") != pinlen)
+    {
+      log_error (_("PIN has invalid characters; only digits are allowed\n"));
+      wipememory (pinvalue, pinlen);
+      xfree (pinvalue);
+      return gpg_error (GPG_ERR_BAD_PIN);
+    }
+
+  pinbuffer = xtrymalloc_secure (maxlen);
+  if (!pinbuffer)
+    {
+      err = gpg_error_from_syserror ();
+      wipememory (pinvalue, pinlen);
+      xfree (pinvalue);
+      return err;
+    }
+
+  memcpy (pinbuffer, pinvalue, pinlen);
+  wipememory (pinvalue, pinlen);
+  xfree (pinvalue);
+
+  if (r_unpaddedpinlen)
+    *r_unpaddedpinlen = pinlen;
+
+  if (padding)
+    {
+      memset (pinbuffer + pinlen, 0xff, maxlen - pinlen);
+      pinlen = maxlen;
+    }
+
+  *r_pin = pinbuffer;
+  *r_pinlen = pinlen;
+
+  return 0;
+}
+
+
+/* Verify the card holder verification identified by KEYREF.  This is
+ * either the Application PIN or the Global PIN.  If FORCE is true a
+ * verification is always done.  */
+static gpg_error_t
+verify_chv (app_t app, ctrl_t ctrl, int keyref, int force,
+            gpg_error_t (*pincb)(void*,const char *,char **), void *pincb_arg)
+{
+  gpg_error_t err;
+  int remaining;
+  char *pin = NULL;
+  unsigned int pinlen, unpaddedpinlen;
+
+  /* First check whether a verify is at all needed.  */
+  remaining = iso7816_verify_status (app_get_slot (app), keyref);
+  if (remaining == ISO7816_VERIFY_NOT_NEEDED)
+    {
+      if (!force) /* No need to verification.  */
+        return 0;  /* All fine.  */
+      remaining = -1;
+    }
+  else if (remaining < 0)  /* We don't care about other errors. */
+    remaining = -1;
+
+
+  err = ask_and_prepare_chv (app, ctrl, keyref, 0, remaining, force,
+                             pincb, pincb_arg,
+                             &pin, &pinlen, &unpaddedpinlen);
+  if (err)
+    return err;
+
+  err = iso7816_verify (app_get_slot (app), keyref, pin, pinlen);
+  if (err)
+    {
+      log_error ("CHV %02X verification failed: %s\n",
+                 keyref, gpg_strerror (err));
+      cache_pin (app, ctrl, keyref, NULL, 0);
+    }
+  else
+    cache_pin (app, ctrl, keyref, pin, unpaddedpinlen);
+
+  wipememory (pin, pinlen);
+  xfree (pin);
+
+  return err;
+}
+
+
+/* Handle the PASSWD command.  Valid values for PWIDSTR are
+ * key references related to PINs; in particular:
+ *   PIV.00 - The Global PIN
+ *   PIV.80 - The Application PIN
+ *   PIV.81 - The PIN Unblocking key
+ * The supported flags are:
+ *   APP_CHANGE_FLAG_CLEAR   Clear the PIN verification state.
+ *   APP_CHANGE_FLAG_RESET   Reset a PIN using the PUK.  Only
+ *                           allowed with PIV.80.
+ */
+static gpg_error_t
+do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr,
+               unsigned int flags,
+               gpg_error_t (*pincb)(void*, const char *, char **),
+               void *pincb_arg)
+{
+  gpg_error_t err;
+  int keyref, targetkeyref;
+  unsigned char apdu[4];
+  unsigned int sw;
+  int remaining;
+  char *oldpin = NULL;
+  unsigned int oldpinlen;
+  char *newpin = NULL;
+  unsigned int newpinlen;
+
+  (void)ctrl;
+
+  /* Check for unknown flags.  */
+  if ((flags & ~(APP_CHANGE_FLAG_CLEAR|APP_CHANGE_FLAG_RESET)))
+    {
+      err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+      goto leave;
+    }
+
+  /* Parse the keyref.  */
+  targetkeyref = keyref = parse_chv_keyref (pwidstr);
+  if (keyref == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+
+  cache_pin (app, ctrl, keyref, NULL, 0);
+
+  /* First see whether the special --clear mode has been requested.  */
+  if ((flags & APP_CHANGE_FLAG_CLEAR))
+    {
+      apdu[0] = 0x00;
+      apdu[1] = ISO7816_VERIFY;
+      apdu[2] = 0xff;
+      apdu[3] = keyref;
+      err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0,
+                                 NULL, NULL, NULL);
+      goto leave;
+    }
+
+  /* Prepare reset mode.  */
+  if ((flags & APP_CHANGE_FLAG_RESET))
+    {
+      if (keyref == 0x81)
+        {
+          err = gpg_error (GPG_ERR_INV_ID); /* Can't reset the PUK.  */
+          goto leave;
+        }
+      /* Set the keyref to the PUK and keep the TARGETKEYREF.  */
+      keyref = 0x81;
+    }
+
+  /* Get the remaining tries count.  This is done by using the check
+   * for verified state feature.  */
+  apdu[0] = 0x00;
+  apdu[1] = ISO7816_VERIFY;
+  apdu[2] = 0x00;
+  apdu[3] = keyref;
+  if (!iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, &sw, NULL, NULL))
+    remaining = -1; /* Already verified, thus full number of tries.  */
+  else if ((sw & 0xfff0) == 0x63C0)
+    remaining = (sw & 0x000f); /* PIN has REMAINING tries left.  */
+  else
+    remaining = -1;
+
+  /* Ask for the old pin or puk.  */
+  err = ask_and_prepare_chv (app, ctrl, keyref, 0, remaining, 0,
+                             pincb, pincb_arg,
+                             &oldpin, &oldpinlen, NULL);
+  if (err)
+    return err;
+
+  /* Verify the old pin so that we don't prompt for the new pin if the
+   * old is wrong.  This is not possible for the PUK, though. */
+  if (keyref != 0x81)
+    {
+      err = iso7816_verify (app_get_slot (app), keyref, oldpin, oldpinlen);
+      if (err)
+        {
+          log_error ("CHV %02X verification failed: %s\n",
+                     keyref, gpg_strerror (err));
+          goto leave;
+        }
+    }
+
+  /* Ask for the new pin.  */
+  err = ask_and_prepare_chv (app, ctrl, targetkeyref, 1, -1, 0,
+                             pincb, pincb_arg,
+                             &newpin, &newpinlen, NULL);
+  if (err)
+    return err;
+
+  if ((flags & APP_CHANGE_FLAG_RESET))
+    {
+      char *buf = xtrymalloc_secure (oldpinlen + newpinlen);
+      if (!buf)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      memcpy (buf, oldpin, oldpinlen);
+      memcpy (buf+oldpinlen, newpin, newpinlen);
+      err = iso7816_reset_retry_counter_with_rc (app_get_slot (app),
+                                                 targetkeyref,
+                                                 buf, oldpinlen+newpinlen);
+      xfree (buf);
+      if (err)
+        log_error ("resetting CHV %02X using CHV %02X failed: %s\n",
+                   targetkeyref, keyref, gpg_strerror (err));
+    }
+  else
+    {
+      err = iso7816_change_reference_data (app_get_slot (app), keyref,
+                                           oldpin, oldpinlen,
+                                           newpin, newpinlen);
+      if (err)
+        log_error ("CHV %02X changing PIN failed: %s\n",
+                   keyref, gpg_strerror (err));
+    }
+
+ leave:
+  xfree (oldpin);
+  xfree (newpin);
+  return err;
+}
+
+
+/* Perform a simple verify operation for the PIN specified by PWIDSTR.
+ * For valid values see do_change_chv.  */
+static gpg_error_t
+do_check_chv (app_t app, ctrl_t ctrl, const char *pwidstr,
+              gpg_error_t (*pincb)(void*, const char *, char **),
+              void *pincb_arg)
+{
+  int keyref;
+
+  (void)ctrl;
+
+  keyref = parse_chv_keyref (pwidstr);
+  if (keyref == -1)
+    return gpg_error (GPG_ERR_INV_ID);
+
+  return verify_chv (app, ctrl, keyref, 0, pincb, pincb_arg);
+}
+
+
+/* Compute a digital signature using the GENERAL AUTHENTICATE command
+ * on INDATA which is expected to be the raw message digest.  The
+ * KEYIDSTR has the key reference or its OID (e.g. "PIV.9A").  The
+ * result is stored at (R_OUTDATA,R_OUTDATALEN); on error (NULL,0) is
+ * stored there and an error code returned.  For ECDSA the result is
+ * the simple concatenation of R and S without any DER encoding.  R
+ * and S are left extended with zeroes to make sure they have an equal
+ * length.  If HASHALGO is not zero, the function prepends the hash's
+ * OID to the indata or checks that it is consistent.
+ */
+static gpg_error_t
+do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
+         gpg_error_t (*pincb)(void*, const char *, char **),
+         void *pincb_arg,
+         const void *indata_arg, size_t indatalen,
+         unsigned char **r_outdata, size_t *r_outdatalen)
+{
+  const unsigned char *indata = indata_arg;
+  gpg_error_t err;
+  data_object_t dobj;
+  unsigned char oidbuf[64];
+  size_t oidbuflen;
+  unsigned char *outdata = NULL;
+  size_t outdatalen;
+  const unsigned char *s;
+  size_t n;
+  int keyref, mechanism;
+  unsigned char *indata_buffer = NULL; /* Malloced helper.  */
+  unsigned char *apdudata = NULL;
+  size_t apdudatalen;
+  int force_verify;
+
+  (void)ctrl;
+
+  if (!keyidstr || !*keyidstr)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      goto leave;
+    }
+
+  dobj = find_dobj_by_keyref (app, keyidstr);
+  if ((keyref = keyref_from_dobj (dobj)) == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+
+  /* According to table 4b of SP800-73-4 the signing key always
+   * requires a verify.  */
+  switch (keyref)
+    {
+    case 0x9c: force_verify = 1; break;
+    default: force_verify = 0; break;
+    }
+
+
+  err = get_key_algorithm_by_dobj (app, dobj, &mechanism);
+  if (err)
+    goto leave;
+
+   /* For ECC we need to remove the ASN.1 prefix from INDATA.  For RSA
+    * we need to add the padding and possible also the ASN.1 prefix.  */
+  if (mechanism == PIV_ALGORITHM_ECC_P256
+      || mechanism == PIV_ALGORITHM_ECC_P384)
+    {
+      int need_algo, need_digestlen;
+
+      if (mechanism == PIV_ALGORITHM_ECC_P256)
+        {
+          need_algo = GCRY_MD_SHA256;
+          need_digestlen = 32;
+        }
+      else
+        {
+          need_algo = GCRY_MD_SHA384;
+          need_digestlen = 48;
+        }
+
+      if (hashalgo && hashalgo != need_algo)
+        {
+          err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+          log_error ("piv: hash algo %d does not match mechanism %d\n",
+                     need_algo, mechanism);
+          goto leave;
+        }
+
+      if (indatalen > need_digestlen)
+        {
+          oidbuflen = sizeof oidbuf;
+          err = gcry_md_get_asnoid (need_algo, &oidbuf, &oidbuflen);
+          if (err)
+            {
+              err = gpg_error (GPG_ERR_INTERNAL);
+              log_debug ("piv: no OID for hash algo %d\n", need_algo);
+              goto leave;
+            }
+          if (indatalen != oidbuflen + need_digestlen
+              || memcmp (indata, oidbuf, oidbuflen))
+            {
+              err = gpg_error (GPG_ERR_INV_VALUE);
+              log_error ("piv: bad input for signing with mechanism %d\n",
+                         mechanism);
+              goto leave;
+            }
+          indata += oidbuflen;
+          indatalen -= oidbuflen;
+        }
+    }
+  else if (mechanism == PIV_ALGORITHM_RSA
+           && indatalen == 2048/8 && indata[indatalen-1] == 0xBC)
+    {
+      /* If the provided data length matches the supported RSA
+       * framelen and the last octet of the data is 0xBC, we assume
+       * this is PSS formatted data and we use it verbatim; PIV cards
+       * accept PSS as well as PKCS#1.  */
+    }
+  else if (mechanism == PIV_ALGORITHM_RSA)
+    {
+      /* PIV requires 2048 bit RSA.  */
+      unsigned int framelen = 2048 / 8;
+      unsigned char *frame;
+      int i;
+
+      oidbuflen = sizeof oidbuf;
+      if (!hashalgo)
+        {
+          /* We assume that indata already has the required
+           * digestinfo; thus merely prepend the padding below.  */
+        }
+      else if ((err = gcry_md_get_asnoid (hashalgo, &oidbuf, &oidbuflen)))
+        {
+          log_debug ("piv: no OID for hash algo %d\n", hashalgo);
+          goto leave;
+        }
+      else
+        {
+          unsigned int digestlen = gcry_md_get_algo_dlen (hashalgo);
+
+          if (indatalen == digestlen)
+            {
+              /* Plain hash in INDATA; prepend the digestinfo.  */
+              indata_buffer = xtrymalloc (oidbuflen + indatalen);
+              if (!indata_buffer)
+                {
+                  err = gpg_error_from_syserror ();
+                  goto leave;
+                }
+              memcpy (indata_buffer, oidbuf, oidbuflen);
+              memcpy (indata_buffer+oidbuflen, indata, indatalen);
+              indata = indata_buffer;
+              indatalen = oidbuflen + indatalen;
+            }
+          else if (indatalen == oidbuflen + digestlen
+                   && !memcmp (indata, oidbuf, oidbuflen))
+            ; /* Correct prefix.  */
+          else
+            {
+              err = gpg_error (GPG_ERR_INV_VALUE);
+              log_error ("piv: bad input for signing with RSA and hash %d\n",
+                         hashalgo);
+              goto leave;
+            }
+        }
+      /* Now prepend the pkcs#v1.5 padding.  We require at least 8
+       * byte of padding and 3 extra bytes for the prefix and the
+       * delimiting nul.  */
+      if (!indatalen || indatalen + 8 + 4 > framelen)
+        {
+          err = gpg_error (GPG_ERR_INV_VALUE);
+          log_error ("piv: input does not fit into a %u bit PKCS#v1.5 frame\n",
+                     8*framelen);
+          goto leave;
+        }
+      frame = xtrymalloc (framelen);
+      if (!frame)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      n = 0;
+      frame[n++] = 0;
+      frame[n++] = 1; /* Block type. */
+      i = framelen - indatalen - 3 ;
+      memset (frame+n, 0xff, i);
+      n += i;
+      frame[n++] = 0; /* Delimiter.  */
+      memcpy (frame+n, indata, indatalen);
+      n += indatalen;
+      log_assert (n == framelen);
+      /* And now put it into the indata_buffer.  */
+      xfree (indata_buffer);
+      indata_buffer = frame;
+      indata = indata_buffer;
+      indatalen = framelen;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+      log_debug ("piv: unknown PIV mechanism %d while signing\n", mechanism);
+      goto leave;
+    }
+
+  /* Now verify the Application PIN.  */
+  err = verify_chv (app, ctrl, 0x80, force_verify, pincb, pincb_arg);
+  if (err)
+    return err;
+
+  /* Build the Dynamic Authentication Template.  */
+  err = concat_tlv_list (0, &apdudata, &apdudatalen,
+                         (int)0x7c, (size_t)0, NULL, /* Constructed. */
+                         (int)0x82, (size_t)0, "",
+                         (int)0x81, (size_t)indatalen, indata,
+                         (int)0, (size_t)0, NULL);
+  if (err)
+    goto leave;
+
+  /* Note: the -1 requests command chaining.  */
+  err = iso7816_general_authenticate (app_get_slot (app), -1,
+                                      mechanism, keyref,
+                                      apdudata, (int)apdudatalen, 0,
+                                      &outdata, &outdatalen);
+  if (err)
+    goto leave;
+
+  /* Parse the response.  */
+  if (outdatalen && *outdata == 0x7c
+      && (s = find_tlv (outdata, outdatalen, 0x82, &n)))
+    {
+      if (mechanism == PIV_ALGORITHM_RSA)
+        {
+          memmove (outdata, outdata + (s - outdata), n);
+          outdatalen = n;
+        }
+      else /* ECC */
+        {
+          const unsigned char *rval, *sval;
+          size_t rlen, rlenx, slen, slenx, resultlen;
+          char *result;
+          /* The result of an ECDSA signature is
+           *   SEQUENCE { r INTEGER, s INTEGER }
+           * We re-pack that by concatenating R and S and making sure
+           * that both have the same length.  We simplify parsing by
+           * using find_tlv and not a proper DER parser.  */
+          s = find_tlv (s, n, 0x30, &n);
+          if (!s)
+            goto bad_der;
+          rval = find_tlv (s, n, 0x02, &rlen);
+          if (!rval)
+            goto bad_der;
+          log_assert (n >= (rval-s)+rlen);
+          sval = find_tlv (rval+rlen, n-((rval-s)+rlen), 0x02, &slen);
+          if (!rval)
+            goto bad_der;
+          rlenx = slenx = 0;
+          if (rlen > slen)
+            slenx = rlen - slen;
+          else if (slen > rlen)
+            rlenx = slen - rlen;
+
+          resultlen = rlen + rlenx + slen + slenx;
+          result = xtrycalloc (1, resultlen);
+          if (!result)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          memcpy (result + rlenx, rval, rlen);
+          memcpy (result + rlenx + rlen + slenx, sval, slen);
+          xfree (outdata);
+          outdata = result;
+          outdatalen = resultlen;
+        }
+    }
+  else
+    {
+    bad_der:
+      err = gpg_error (GPG_ERR_CARD);
+      log_error ("piv: response does not contain a proper result\n");
+      goto leave;
+    }
+
+ leave:
+  if (err)
+    {
+      xfree (outdata);
+      *r_outdata = NULL;
+      *r_outdatalen = 0;
+    }
+  else
+    {
+      *r_outdata = outdata;
+      *r_outdatalen = outdatalen;
+    }
+  xfree (apdudata);
+  xfree (indata_buffer);
+  return err;
+}
+
+
+/* AUTH for PIV cards is actually the same as SIGN.  The difference
+ * between AUTH and SIGN is that AUTH expects that pkcs#1.5 padding
+ * for RSA has already been done (digestInfo part w/o the padding)
+ * whereas SIGN may accept a plain digest and does the padding if
+ * needed.  This is also the reason why SIGN takes a hashalgo.  For
+ * both it is also acceptable to receive fully prepared PSS data.  */
+static gpg_error_t
+do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
+         gpg_error_t (*pincb)(void*, const char *, char **),
+         void *pincb_arg,
+         const void *indata, size_t indatalen,
+         unsigned char **r_outdata, size_t *r_outdatalen)
+{
+  return do_sign (app, ctrl, keyidstr, 0, pincb, pincb_arg, indata, indatalen,
+                  r_outdata, r_outdatalen);
+}
+
+
+/* Decrypt the data in (INDATA,INDATALEN) and on success store the
+ * mallocated result at (R_OUTDATA,R_OUTDATALEN).  */
+static gpg_error_t
+do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
+             gpg_error_t (*pincb)(void*, const char *, char **),
+             void *pincb_arg,
+             const void *indata_arg, size_t indatalen,
+             unsigned char **r_outdata, size_t *r_outdatalen,
+             unsigned int *r_info)
+{
+  const unsigned char *indata = indata_arg;
+  gpg_error_t err;
+  data_object_t dobj;
+  unsigned char *outdata = NULL;
+  size_t outdatalen;
+  const unsigned char *s;
+  size_t n;
+  int keyref, mechanism;
+  unsigned int framelen;
+  unsigned char *indata_buffer = NULL; /* Malloced helper.  */
+  unsigned char *apdudata = NULL;
+  size_t apdudatalen;
+
+  (void)ctrl;
+
+  if (!keyidstr || !*keyidstr)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      goto leave;
+    }
+
+  dobj = find_dobj_by_keyref (app, keyidstr);
+  if ((keyref = keyref_from_dobj (dobj)) == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+  if (keyref == 0x9A || keyref == 0x9C || keyref == 0x9E)
+    {
+      /* Signing only reference.  We only allow '9D' and the retired
+       * cert key management DOs.  */
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+
+  err = get_key_algorithm_by_dobj (app, dobj, &mechanism);
+  if (err)
+    goto leave;
+
+  switch (mechanism)
+    {
+    case PIV_ALGORITHM_ECC_P256:
+      framelen = 1+32+32;
+      break;
+    case PIV_ALGORITHM_ECC_P384:
+      framelen = 1+48+48;
+      break;
+    case PIV_ALGORITHM_RSA:
+      framelen = 2048 / 8;
+      break;
+    default:
+      err = gpg_error (GPG_ERR_INTERNAL);
+      log_debug ("piv: unknown PIV mechanism %d while decrypting\n", mechanism);
+      goto leave;
+    }
+
+  /* Check that the ciphertext has the right length; due to internal
+   * convey mechanism using MPIs leading zero bytes might have been
+   * lost.  Adjust for this.  Unfortunately the ciphertext might have
+   * also been prefixed with a leading zero to make it a positive
+   * number; that may be a too long frame and we need to adjust for
+   * this too.  Note that for ECC those fixes are not reqquired
+   * because the first octet is always '04' to indicate an
+   * uncompressed point.  */
+  if (indatalen > framelen)
+    {
+      if (mechanism == PIV_ALGORITHM_RSA
+          && indatalen == framelen + 1 && !*indata)
+        {
+          indata_buffer = xtrycalloc (1, framelen);
+          if (!indata_buffer)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          memcpy (indata_buffer, indata+1, framelen);
+          indata = indata_buffer;
+          indatalen = framelen;
+        }
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_VALUE);
+          log_error ("piv: input of %zu octets too large for mechanism %d\n",
+                     indatalen, mechanism);
+          goto leave;
+        }
+    }
+  if (indatalen < framelen)
+    {
+      indata_buffer = xtrycalloc (1, framelen);
+      if (!indata_buffer)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      memcpy (indata_buffer+(framelen-indatalen), indata, indatalen);
+      indata = indata_buffer;
+      indatalen = framelen;
+    }
+
+  /* Now verify the Application PIN.  */
+  err = verify_chv (app, ctrl, 0x80, 0, pincb, pincb_arg);
+  if (err)
+    return err;
+
+  /* Build the Dynamic Authentication Template.  */
+  err = concat_tlv_list (0, &apdudata, &apdudatalen,
+                         (int)0x7c, (size_t)0, NULL, /* Constructed. */
+                         (int)0x82, (size_t)0, "",
+                         mechanism == PIV_ALGORITHM_RSA?
+                         (int)0x81 : (int)0x85, (size_t)indatalen, indata,
+                         (int)0, (size_t)0, NULL);
+  if (err)
+    goto leave;
+
+  /* Note: the -1 requests command chaining.  */
+  err = iso7816_general_authenticate (app_get_slot (app), -1,
+                                      mechanism, keyref,
+                                      apdudata, (int)apdudatalen, 0,
+                                      &outdata, &outdatalen);
+  if (err)
+    goto leave;
+
+  /* Parse the response.  */
+  if (outdatalen && *outdata == 0x7c
+      && (s = find_tlv (outdata, outdatalen, 0x82, &n)))
+    {
+      memmove (outdata, outdata + (s - outdata), n);
+      outdatalen = n;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_CARD);
+      log_error ("piv: response does not contain a proper result\n");
+      goto leave;
+    }
+
+ leave:
+  if (err)
+    {
+      xfree (outdata);
+      *r_outdata = NULL;
+      *r_outdatalen = 0;
+    }
+  else
+    {
+      *r_outdata = outdata;
+      *r_outdatalen = outdatalen;
+    }
+  *r_info = 0;
+  xfree (apdudata);
+  xfree (indata_buffer);
+  return err;
+}
+
+
+/* Check whether a key for DOBJ already exists.  We detect this by
+ * reading the certificate described by DOBJ.  If FORCE is TRUE a
+ * diagnositic will be printed but no error returned if the key
+ * already exists.  The flag GENERATING is used to select a
+ * diagnositic. */
+static gpg_error_t
+does_key_exist (app_t app, data_object_t dobj, int generating, int force)
+{
+  void *relptr;
+  unsigned char *buffer;
+  size_t buflen;
+  int found;
+
+  relptr = get_one_do (app, dobj->tag, &buffer, &buflen, NULL);
+  found = (relptr && buflen);
+  xfree (relptr);
+
+  if (found && !force)
+    {
+      log_error (_("key already exists\n"));
+      return gpg_error (GPG_ERR_EEXIST);
+    }
+
+  if (found)
+    log_info (_("existing key will be replaced\n"));
+  else if (generating)
+    log_info (_("generating new key\n"));
+  else
+    log_info (_("writing new key\n"));
+  return 0;
+}
+
+
+/* Helper for do_writekey; here the RSA part.  BUF, BUFLEN, and DEPTH
+ * are the current parser state of the S-expression with the key. */
+static gpg_error_t
+writekey_rsa (app_t app, data_object_t dobj, int keyref,
+              const unsigned char *buf, size_t buflen, int depth)
+{
+  gpg_error_t err;
+  const unsigned char *tok;
+  size_t toklen;
+  int last_depth1, last_depth2;
+  const unsigned char *rsa_n = NULL;
+  const unsigned char *rsa_e = NULL;
+  const unsigned char *rsa_p = NULL;
+  const unsigned char *rsa_q = NULL;
+  unsigned char *rsa_dpm1 = NULL;
+  unsigned char *rsa_dqm1 = NULL;
+  unsigned char *rsa_qinv = NULL;
+  size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
+  size_t rsa_dpm1_len, rsa_dqm1_len, rsa_qinv_len;
+  unsigned char *apdudata = NULL;
+  size_t apdudatalen;
+  unsigned char tmpl[1];
+
+  last_depth1 = depth;
+  while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+         && depth && depth >= last_depth1)
+    {
+      if (tok)
+        {
+          err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
+          goto leave;
+        }
+      if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+        goto leave;
+
+      if (tok && toklen == 1)
+        {
+          const unsigned char **mpi;
+          size_t *mpi_len;
+
+          switch (*tok)
+            {
+            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
+            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
+            case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break;
+            case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len; break;
+            default: mpi = NULL;  mpi_len = NULL; break;
+            }
+          if (mpi && *mpi)
+            {
+              err = gpg_error (GPG_ERR_DUP_VALUE);
+              goto leave;
+            }
+
+          if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+            goto leave;
+          if (tok && mpi)
+            {
+              /* Strip off leading zero bytes and save. */
+              for (;toklen && !*tok; toklen--, tok++)
+                ;
+              *mpi = tok;
+              *mpi_len = toklen;
+            }
+        }
+      /* Skip until end of list. */
+      last_depth2 = depth;
+      while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+             && depth && depth >= last_depth2)
+        ;
+      if (err)
+        goto leave;
+    }
+
+  /* Check that we have all parameters.  */
+  if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
+    {
+      err = gpg_error (GPG_ERR_BAD_SECKEY);
+      goto leave;
+    }
+  /* Fixme: Shall we check whether  n == pq ? */
+
+  if (opt.verbose)
+    log_info ("RSA private key size is %u bytes\n", (unsigned int)rsa_n_len);
+
+  /* Compute the dp, dq and u components.  */
+  {
+    gcry_mpi_t mpi_e, mpi_p, mpi_q;
+    gcry_mpi_t mpi_dpm1 = gcry_mpi_snew (0);
+    gcry_mpi_t mpi_dqm1 = gcry_mpi_snew (0);
+    gcry_mpi_t mpi_qinv = gcry_mpi_snew (0);
+    gcry_mpi_t mpi_tmp  = gcry_mpi_snew (0);
+
+    gcry_mpi_scan (&mpi_e, GCRYMPI_FMT_USG, rsa_e, rsa_e_len, NULL);
+    gcry_mpi_scan (&mpi_p, GCRYMPI_FMT_USG, rsa_p, rsa_p_len, NULL);
+    gcry_mpi_scan (&mpi_q, GCRYMPI_FMT_USG, rsa_q, rsa_q_len, NULL);
+
+    gcry_mpi_sub_ui (mpi_tmp, mpi_p, 1);
+    gcry_mpi_invm (mpi_dpm1, mpi_e, mpi_tmp);
+
+    gcry_mpi_sub_ui (mpi_tmp, mpi_q, 1);
+    gcry_mpi_invm (mpi_dqm1, mpi_e, mpi_tmp);
+
+    gcry_mpi_invm (mpi_qinv, mpi_q, mpi_p);
+
+    gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dpm1, &rsa_dpm1_len, mpi_dpm1);
+    gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dqm1, &rsa_dqm1_len, mpi_dqm1);
+    gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_qinv, &rsa_qinv_len, mpi_qinv);
+
+    gcry_mpi_release (mpi_e);
+    gcry_mpi_release (mpi_p);
+    gcry_mpi_release (mpi_q);
+    gcry_mpi_release (mpi_dpm1);
+    gcry_mpi_release (mpi_dqm1);
+    gcry_mpi_release (mpi_qinv);
+    gcry_mpi_release (mpi_tmp);
+  }
+
+  err = concat_tlv_list (1, &apdudata, &apdudatalen,
+                         (int)0x01, (size_t)rsa_p_len, rsa_p,
+                         (int)0x02, (size_t)rsa_q_len, rsa_q,
+                         (int)0x03, (size_t)rsa_dpm1_len, rsa_dpm1,
+                         (int)0x04, (size_t)rsa_dqm1_len, rsa_dqm1,
+                         (int)0x05, (size_t)rsa_qinv_len, rsa_qinv,
+                         (int)0, (size_t)0, NULL);
+  if (err)
+    goto leave;
+
+  err = iso7816_send_apdu (app_get_slot (app),
+                           -1,         /* Use command chaining.  */
+                           0,          /* Class */
+                           0xfe,       /* Ins: Yubikey Import Asym. Key.  */
+                           PIV_ALGORITHM_RSA, /* P1 */
+                           keyref,     /* P2 */
+                           apdudatalen,/* Lc */
+                           apdudata,   /* data */
+                           NULL, NULL, NULL);
+  if (err)
+    goto leave;
+
+  /* Write the public key to the cert object.  */
+  xfree (apdudata);
+  err = concat_tlv_list (0, &apdudata, &apdudatalen,
+                         (int)0x81, (size_t)rsa_n_len, rsa_n,
+                         (int)0x82, (size_t)rsa_e_len, rsa_e,
+                         (int)0, (size_t)0, NULL);
+
+  if (err)
+    goto leave;
+  tmpl[0] = PIV_ALGORITHM_RSA;
+  err = put_data (app_get_slot (app), dobj->tag,
+                  (int)0x80,   (size_t)1, tmpl,
+                  (int)0x7f49, (size_t)apdudatalen, apdudata,
+                  (int)0,      (size_t)0, NULL);
+
+ leave:
+  xfree (rsa_dpm1);
+  xfree (rsa_dqm1);
+  xfree (rsa_qinv);
+  xfree (apdudata);
+  return err;
+}
+
+
+/* Helper for do_writekey; here the ECC part.  BUF, BUFLEN, and DEPTH
+ * are the current parser state of the S-expression with the key. */
+static gpg_error_t
+writekey_ecc (app_t app, data_object_t dobj, int keyref,
+              const unsigned char *buf, size_t buflen, int depth)
+{
+  gpg_error_t err;
+  const unsigned char *tok;
+  size_t toklen;
+  int last_depth1, last_depth2;
+  int mechanism = 0;
+  const unsigned char *ecc_q = NULL;
+  const unsigned char *ecc_d = NULL;
+  size_t ecc_q_len, ecc_d_len;
+  unsigned char *apdudata = NULL;
+  size_t apdudatalen;
+  unsigned char tmpl[1];
+
+  last_depth1 = depth;
+  while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+         && depth && depth >= last_depth1)
+    {
+      if (tok)
+        {
+          err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
+          goto leave;
+        }
+      if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+        goto leave;
+
+      if (tok && toklen == 5 && !memcmp (tok, "curve", 5))
+        {
+          char *name;
+          const char *xname;
+
+          if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+            goto leave;
+
+          name = xtrymalloc (toklen+1);
+          if (!name)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          memcpy (name, tok, toklen);
+          name[toklen] = 0;
+          /* Canonicalize the curve name.  We use the openpgp
+           * functions here because Libgcrypt has no generic curve
+           * alias lookup feature and the PIV supported curves are
+           * also supported by OpenPGP.  */
+          xname = openpgp_oid_to_curve (openpgp_curve_to_oid (name, NULL, NULL),
+                                        0);
+          xfree (name);
+
+          if (xname && !strcmp (xname, "nistp256"))
+            mechanism = PIV_ALGORITHM_ECC_P256;
+          else if (xname && !strcmp (xname, "nistp384"))
+            mechanism = PIV_ALGORITHM_ECC_P384;
+          else
+            {
+              err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+              goto leave;
+            }
+        }
+      else if (tok && toklen == 1)
+        {
+          const unsigned char **mpi;
+          size_t *mpi_len;
+
+          switch (*tok)
+            {
+            case 'q': mpi = &ecc_q; mpi_len = &ecc_q_len; break;
+            case 'd': mpi = &ecc_d; mpi_len = &ecc_d_len; break;
+            default:  mpi = NULL;  mpi_len = NULL; break;
+            }
+          if (mpi && *mpi)
+            {
+              err = gpg_error (GPG_ERR_DUP_VALUE);
+              goto leave;
+            }
+
+          if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+            goto leave;
+          if (tok && mpi)
+            {
+              /* Strip off leading zero bytes and save. */
+              for (;toklen && !*tok; toklen--, tok++)
+                ;
+              *mpi = tok;
+              *mpi_len = toklen;
+            }
+        }
+      /* Skip until end of list. */
+      last_depth2 = depth;
+      while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+             && depth && depth >= last_depth2)
+        ;
+      if (err)
+        goto leave;
+    }
+
+  /* Check that we have all parameters.  */
+  if (!mechanism || !ecc_q || !ecc_d)
+    {
+      err = gpg_error (GPG_ERR_BAD_SECKEY);
+      goto leave;
+    }
+
+  if (opt.verbose)
+    log_info ("ECC private key size is %u bytes\n", (unsigned int)ecc_d_len);
+
+  err = concat_tlv_list (1, &apdudata, &apdudatalen,
+                         (int)0x06, (size_t)ecc_d_len, ecc_d,
+                         (int)0, (size_t)0, NULL);
+  if (err)
+    goto leave;
+
+  err = iso7816_send_apdu (app_get_slot (app),
+                           -1,         /* Use command chaining.  */
+                           0,          /* Class */
+                           0xfe,       /* Ins: Yubikey Import Asym. Key.  */
+                           mechanism,  /* P1 */
+                           keyref,     /* P2 */
+                           apdudatalen,/* Lc */
+                           apdudata,   /* data */
+                           NULL, NULL, NULL);
+  if (err)
+    goto leave;
+
+  /* Write the public key to the cert object.  */
+  xfree (apdudata);
+  err = concat_tlv_list (0, &apdudata, &apdudatalen,
+                         (int)0x86, (size_t)ecc_q_len, ecc_q,
+                         (int)0, (size_t)0, NULL);
+
+  if (err)
+    goto leave;
+  tmpl[0] = mechanism;
+  err = put_data (app_get_slot (app), dobj->tag,
+                  (int)0x80,   (size_t)1, tmpl,
+                  (int)0x7f49, (size_t)apdudatalen, apdudata,
+                  (int)0,      (size_t)0, NULL);
+
+
+ leave:
+  xfree (apdudata);
+  return err;
+}
+
+
+/* Write a key to a slot.  This command requires proprietary
+ * extensions of the PIV specification and is thus only implemnted for
+ * supported card types.  The input is a canonical encoded
+ * S-expression with the secret key in KEYDATA and its length (for
+ * assertion) in KEYDATALEN.  KEYREFSTR needs to be the usual 2
+ * hexdigit slot number prefixed with "PIV."  PINCB and PINCB_ARG are
+ * not used for PIV cards.
+ *
+ * Supported FLAGS are:
+ *   APP_WRITEKEY_FLAG_FORCE   Overwrite existing key.
+ */
+static gpg_error_t
+do_writekey (app_t app, ctrl_t ctrl,
+             const char *keyrefstr, unsigned int flags,
+             gpg_error_t (*pincb)(void*, const char *, char **),
+             void *pincb_arg,
+             const unsigned char *keydata, size_t keydatalen)
+{
+  gpg_error_t err;
+  int force = !!(flags & APP_WRITEKEY_FLAG_FORCE);
+  data_object_t dobj;
+  int keyref;
+  const unsigned char *buf, *tok;
+  size_t buflen, toklen;
+  int depth;
+
+  (void)ctrl;
+  (void)pincb;
+  (void)pincb_arg;
+
+  if (!app->app_local->flags.yubikey)
+    {
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  /* Check keyref and test whether a key already exists.  */
+  dobj = find_dobj_by_keyref (app, keyrefstr);
+  if ((keyref = keyref_from_dobj (dobj)) == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+  err = does_key_exist (app, dobj, 0, force);
+  if (err)
+    goto leave;
+
+  /* Parse the S-expression with the key. */
+  buf = keydata;
+  buflen = keydatalen;
+  depth = 0;
+  if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+    goto leave;
+  if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+    goto leave;
+  if (!tok || toklen != 11 || memcmp ("private-key", tok, toklen))
+    {
+      if (!tok)
+        ;
+      else if (toklen == 21 && !memcmp ("protected-private-key", tok, toklen))
+        log_info ("protected-private-key passed to writekey\n");
+      else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
+        log_info ("shadowed-private-key passed to writekey\n");
+      err = gpg_error (GPG_ERR_BAD_SECKEY);
+      goto leave;
+    }
+  if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+    goto leave;
+  if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+    goto leave;
+
+  /* First clear an existing key.  We do this by writing an empty 7f49
+   * tag.  This will return GPG_ERR_NO_PUBKEY on a later read.  */
+  flush_cached_data (app, dobj->tag);
+  err = put_data (app_get_slot (app), dobj->tag,
+                  (int)0x7f49, (size_t)0, "",
+                  (int)0,      (size_t)0, NULL);
+  if (err)
+    {
+      log_error ("piv: failed to clear the cert DO %s: %s\n",
+                 dobj->keyref, gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Divert to the algo specific implementation.  */
+  if (tok && toklen == 3 && memcmp ("rsa", tok, toklen) == 0)
+    err = writekey_rsa (app, dobj, keyref, buf, buflen, depth);
+  else if (tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0)
+    err = writekey_ecc (app, dobj, keyref, buf, buflen, depth);
+  else
+    err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
+  if (err)
+    {
+      /* A PIN is not required, thus use a better error code.  */
+      if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+        err = gpg_error (GPG_ERR_NO_AUTH);
+      log_error (_("failed to store the key: %s\n"), gpg_strerror (err));
+    }
+
+ leave:
+  return err;
+}
+
+
+/* Parse an RSA response object, consisting of the content of tag
+ * 0x7f49, into a gcrypt s-expression object and store that R_SEXP.
+ * On error NULL is stored at R_SEXP. */
+static gpg_error_t
+genkey_parse_rsa (const unsigned char *data, size_t datalen,
+                  gcry_sexp_t *r_sexp)
+{
+  gpg_error_t err;
+  const unsigned char *m, *e;
+  unsigned char *mbuf = NULL;
+  unsigned char *ebuf = NULL;
+  size_t mlen, elen;
+
+  *r_sexp = NULL;
+
+  m = find_tlv (data, datalen, 0x0081, &mlen);
+  if (!m)
+    {
+      log_error (_("response does not contain the RSA modulus\n"));
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+
+  e = find_tlv (data, datalen, 0x0082, &elen);
+  if (!e)
+    {
+      log_error (_("response does not contain the RSA public exponent\n"));
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+
+  for (; mlen && !*m; mlen--, m++) /* Strip leading zeroes */
+    ;
+  for (; elen && !*e; elen--, e++) /* Strip leading zeroes */
+    ;
+
+  mbuf = xtrymalloc (mlen + 1);
+  if (!mbuf)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  /* Prepend numbers with a 0 if needed.  */
+  if (mlen && (*m & 0x80))
+    {
+      *mbuf = 0;
+      memcpy (mbuf+1, m, mlen);
+      mlen++;
+    }
+  else
+    memcpy (mbuf, m, mlen);
+
+  ebuf = xtrymalloc (elen + 1);
+  if (!ebuf)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  /* Prepend numbers with a 0 if needed.  */
+  if (elen && (*e & 0x80))
+    {
+      *ebuf = 0;
+      memcpy (ebuf+1, e, elen);
+      elen++;
+    }
+  else
+    memcpy (ebuf, e, elen);
+
+  err = gcry_sexp_build (r_sexp, NULL, "(public-key(rsa(n%b)(e%b)))",
+                         (int)mlen, mbuf, (int)elen, ebuf);
+
+ leave:
+  xfree (mbuf);
+  xfree (ebuf);
+  return err;
+}
+
+
+/* Parse an ECC response object, consisting of the content of tag
+ * 0x7f49, into a gcrypt s-expression object and store that R_SEXP.
+ * On error NULL is stored at R_SEXP.  MECHANISM specifies the
+ * curve.  */
+static gpg_error_t
+genkey_parse_ecc (const unsigned char *data, size_t datalen, int mechanism,
+                  gcry_sexp_t *r_sexp)
+{
+  gpg_error_t err;
+  const unsigned char *ecc_q;
+  size_t ecc_qlen;
+  const char *curve;
+
+  *r_sexp = NULL;
+
+  ecc_q = find_tlv (data, datalen, 0x0086, &ecc_qlen);
+  if (!ecc_q)
+    {
+      log_error (_("response does not contain the EC public key\n"));
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+
+  if (mechanism == PIV_ALGORITHM_ECC_P256)
+    curve = "nistp256";
+  else if (mechanism == PIV_ALGORITHM_ECC_P384)
+    curve = "nistp384";
+  else
+    {
+      err = gpg_error (GPG_ERR_BUG); /* Call with wrong parameters.  */
+      goto leave;
+    }
+
+
+  err = gcry_sexp_build (r_sexp, NULL, "(public-key(ecc(curve%s)(q%b)))",
+                         curve, (int)ecc_qlen, ecc_q);
+
+ leave:
+  return err;
+}
+
+
+/* Create a new keypair for KEYREF.  If KEYTYPE is NULL a default
+ * keytype is selected, else it may be one of the strings:
+ *  "rsa2048", "nistp256, or "nistp384".
+ *
+ * Supported FLAGS are:
+ *   APP_GENKEY_FLAG_FORCE   Overwrite existing key.
+ *
+ * Note that CREATETIME is not used for PIV cards.
+ *
+ * Because there seems to be no way to read the public key we need to
+ * retrieve it from a certificate.  The GnuPG system however requires
+ * the use of app_readkey to fetch the public key from the card to
+ * create the certificate; to support this we temporary store the
+ * generated public key in the local context for use by app_readkey.
+ */
+static gpg_error_t
+do_genkey (app_t app, ctrl_t ctrl, const char *keyrefstr, const char *keytype,
+           unsigned int flags, time_t createtime,
+           gpg_error_t (*pincb)(void*, const char *, char **),
+           void *pincb_arg)
+{
+  gpg_error_t err;
+  data_object_t dobj;
+  unsigned char *buffer = NULL;
+  size_t buflen;
+  int force = !!(flags & APP_GENKEY_FLAG_FORCE);
+  int mechanism;
+  time_t start_at;
+  int keyref;
+  unsigned char tmpl[5];
+  size_t tmpllen;
+  const unsigned char *keydata;
+  size_t keydatalen;
+
+  (void)ctrl;
+  (void)createtime;
+  (void)pincb;
+  (void)pincb_arg;
+
+  if (!keytype)
+    keytype = "rsa2048";
+
+  if (!strcmp (keytype, "rsa2048"))
+    mechanism = PIV_ALGORITHM_RSA;
+  else if (!strcmp (keytype, "nistp256"))
+    mechanism = PIV_ALGORITHM_ECC_P256;
+  else if (!strcmp (keytype, "nistp384"))
+    mechanism = PIV_ALGORITHM_ECC_P384;
+  else
+    return gpg_error (GPG_ERR_UNKNOWN_CURVE);
+
+  /* We flush the cache to increase the I/O traffic before a key
+   * generation.  This _might_ help the card to gather more entropy
+   * and is anyway a prerequisite for does_key_exist. */
+  flush_cached_data (app, 0);
+
+  /* Check whether a key already exists.  */
+  dobj = find_dobj_by_keyref (app, keyrefstr);
+  if ((keyref = keyref_from_dobj (dobj)) == -1)
+    {
+      err = gpg_error (GPG_ERR_INV_ID);
+      goto leave;
+    }
+  err = does_key_exist (app, dobj, 1, force);
+  if (err)
+    goto leave;
+
+
+  /* Create the key. */
+  log_info (_("please wait while key is being generated ...\n"));
+  start_at = time (NULL);
+  tmpl[0] = 0xac;
+  tmpl[1] = 3;
+  tmpl[2] = 0x80;
+  tmpl[3] = 1;
+  tmpl[4] = mechanism;
+  tmpllen = 5;
+  err = iso7816_generate_keypair (app_get_slot (app), 0, 0, keyref,
+                                  tmpl, tmpllen, 0, &buffer, &buflen);
+  if (err)
+    {
+      /* A PIN is not required, thus use a better error code.  */
+      if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+        err = gpg_error (GPG_ERR_NO_AUTH);
+      log_error (_("generating key failed\n"));
+      return err;
+    }
+
+  {
+    int nsecs = (int)(time (NULL) - start_at);
+    log_info (ngettext("key generation completed (%d second)\n",
+                       "key generation completed (%d seconds)\n",
+                       nsecs), nsecs);
+  }
+
+  /* Parse the result and store it as an s-expression in a dedicated
+   * cache for later retrieval by app_readkey.  */
+  keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
+  if (!keydata || !keydatalen)
+    {
+      err = gpg_error (GPG_ERR_CARD);
+      log_error (_("response does not contain the public key data\n"));
+      goto leave;
+    }
+
+  tmpl[0] = mechanism;
+  flush_cached_data (app, dobj->tag);
+  err = put_data (app_get_slot (app), dobj->tag,
+                  (int)0x80,   (size_t)1,          tmpl,
+                  (int)0x7f49, (size_t)keydatalen, keydata,
+                  (int)0,      (size_t)0,          NULL);
+  if (err)
+    {
+      log_error ("piv: failed to write key to the cert DO %s: %s\n",
+                 dobj->keyref, gpg_strerror (err));
+      goto leave;
+    }
+
+ leave:
+  xfree (buffer);
+  return err;
+}
+
+
+
+/* Map some names to an OID.  */
+static const unsigned char *
+map_curve_name_to_oid (const unsigned char *name, size_t *namelenp)
+{
+  if (*namelenp == 8 && !memcmp (name, "nistp256", 8))
+    {
+      *namelenp = 19;
+      return "1.2.840.10045.3.1.7";
+    }
+  if (*namelenp == 8 && !memcmp (name, "nistp384", 8))
+    {
+      *namelenp = 12;
+      return "1.3.132.0.34";
+    }
+  if (*namelenp == 8 && !memcmp (name, "nistp521", 8))
+    {
+      *namelenp = 12;
+      return "1.3.132.0.35";
+    }
+  return name;
+}
+
+
+/* Communication object for my_cmp_public_key. */
+struct my_cmp_public_key_parm_s {
+  int curve_seen;
+};
+
+/* Compare function used with cmp_canon_sexp.  */
+static int
+my_cmp_public_key (void *opaque, int depth,
+                   const unsigned char *aval, size_t alen,
+                   const unsigned char *bval, size_t blen)
+{
+  struct my_cmp_public_key_parm_s *parm = opaque;
+
+  (void)depth;
+
+  if (parm->curve_seen)
+    {
+      /* Last token was "curve" - canonicalize its argument.  */
+      parm->curve_seen = 0;
+      aval = map_curve_name_to_oid (aval, &alen);
+      bval = map_curve_name_to_oid (bval, &blen);
+    }
+  else if (alen == 5 && !memcmp (aval, "curve", 5))
+    parm->curve_seen = 1;
+  else
+    parm->curve_seen = 0;
+
+  if (alen > blen)
+    return 1;
+  else if (alen < blen)
+    return -1;
+  else
+    return memcmp (aval, bval, alen);
+}
+
+
+/* Write the certificate (CERT,CERTLEN) to the card at CERTREFSTR.
+ * CERTREFSTR is either the OID of the certificate's container data
+ * object or of the form "PIV.<two_hexdigit_keyref>". */
+static gpg_error_t
+do_writecert (app_t app, ctrl_t ctrl,
+              const char *certrefstr,
+              gpg_error_t (*pincb)(void*, const char *, char **),
+              void *pincb_arg,
+              const unsigned char *cert, size_t certlen)
+{
+  gpg_error_t err;
+  data_object_t dobj;
+  unsigned char *pk = NULL;
+  unsigned char *orig_pk = NULL;
+  size_t pklen, orig_pklen;
+  struct my_cmp_public_key_parm_s cmp_parm = { 0 };
+
+  (void)ctrl;
+  (void)pincb;     /* Not used; instead authentication is needed.  */
+  (void)pincb_arg;
+
+  if (!certlen)
+    return gpg_error (GPG_ERR_INV_CERT_OBJ);
+
+  dobj = find_dobj_by_keyref (app, certrefstr);
+  if (!dobj || !*dobj->keyref)
+    return gpg_error (GPG_ERR_INV_ID);
+
+  flush_cached_data (app, dobj->tag);
+
+  /* Check that the public key parameters from the certificate match
+   * an already stored key.  Note that we do not allow writing a
+   * certificate if no key has yet been created (GPG_ERR_NOT_FOUND) or
+   * if there is a problem reading the public key from the certificate
+   * GPG_ERR_NO_PUBKEY).  We enforce this because otherwise the only
+   * way to detect whether a key exists is by trying to use that
+   * key. */
+  err = do_readkey (app, ctrl, certrefstr, 0, &orig_pk, &orig_pklen);
+  if (err)
+    {
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+        err = gpg_error (GPG_ERR_NO_SECKEY); /* Use a better error code.  */
+      goto leave;
+    }
+
+  /* Compare pubkeys.  */
+  err = app_help_pubkey_from_cert (cert, certlen, &pk, &pklen);
+  if (err)
+    goto leave;  /* No public key in new certificate. */
+  if (cmp_canon_sexp (orig_pk, orig_pklen, pk, pklen,
+                      my_cmp_public_key, &cmp_parm))
+    {
+      err = gpg_error (GPG_ERR_CONFLICT);
+      goto leave;
+    }
+
+  flush_cached_data (app, dobj->tag);
+  err = put_data (app_get_slot (app), dobj->tag,
+                  (int)0x70, (size_t)certlen, cert,/* Certificate */
+                  (int)0x71, (size_t)1,       "",  /* No compress */
+                  (int)0xfe, (size_t)0,       "",  /* Empty LRC. */
+                  (int)0,    (size_t)0,       NULL);
+  /* A PIN is not required, thus use a better error code.  */
+  if (gpg_err_code (err) == GPG_ERR_BAD_PIN)
+    err = gpg_error (GPG_ERR_NO_AUTH);
+  if (err)
+    log_error ("piv: failed to write cert to %s: %s\n",
+               dobj->keyref, gpg_strerror (err));
+
+ leave:
+  xfree (pk);
+  xfree (orig_pk);
+  return err;
+}
+
+
+/* Process the various keygrip based info requests.  */
+static gpg_error_t
+do_with_keygrip (app_t app, ctrl_t ctrl, int action,
+                 const char *want_keygripstr, int capability)
+{
+  gpg_error_t err;
+  char *keygripstr = NULL;
+  char *serialno = NULL;
+  char idbuf[20];
+  int data = 0;
+  int i, tag, dummy_got_cert;
+
+  /* First a quick check for valid parameters.  */
+  switch (action)
+    {
+    case KEYGRIP_ACTION_LOOKUP:
+      if (!want_keygripstr)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
+      break;
+    case KEYGRIP_ACTION_SEND_DATA:
+      data = 1;
+      break;
+    case KEYGRIP_ACTION_WRITE_STATUS:
+      break;
+    default:
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  /* Allocate the s/n string if needed.  */
+  if (action != KEYGRIP_ACTION_LOOKUP)
+    {
+      serialno = app_get_serialno (app);
+      if (!serialno)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+  for (i = 0; (tag = data_objects[i].tag); i++)
+    {
+      if (!data_objects[i].keypair)
+        continue;
+
+      xfree (keygripstr);
+      if (get_keygrip_by_tag (app, tag, &keygripstr, &dummy_got_cert))
+        continue;
+
+      if (action == KEYGRIP_ACTION_LOOKUP)
+        {
+          if (!strcmp (keygripstr, want_keygripstr))
+            {
+              err = 0; /* Found */
+              goto leave;
+            }
+        }
+      else if (!want_keygripstr || !strcmp (keygripstr, want_keygripstr))
+        {
+          if (capability == GCRY_PK_USAGE_SIGN)
+            {
+              if (strcmp (data_objects[i].keyref, "9C"))
+                continue;
+            }
+          if (capability == GCRY_PK_USAGE_ENCR)
+            {
+              if (strcmp (data_objects[i].keyref, "9D"))
+                continue;
+            }
+          if (capability == GCRY_PK_USAGE_AUTH)
+            {
+              if (strcmp (data_objects[i].keyref, "9A"))
+                continue;
+            }
+
+          snprintf (idbuf, sizeof idbuf, "PIV.%s", data_objects[i].keyref);
+          send_keyinfo (ctrl, data, keygripstr, serialno, idbuf);
+          if (want_keygripstr)
+            {
+              err = 0; /* Found */
+              goto leave;
+            }
+        }
+    }
+
+  /* Return an error so that the dispatcher keeps on looping over the
+   * other applications.  For clarity we use a different error code
+   * when listing all keys.  Note that in lookup mode WANT_KEYGRIPSTR
+   * is not NULL.  */
+  if (!want_keygripstr)
+    err = gpg_error (GPG_ERR_TRUE);
+  else
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+
+ leave:
+  xfree (keygripstr);
+  xfree (serialno);
+  return err;
+}
+
+
+/* Prepare a reselect of another application.  This is used by cards
+ * which support on-the-fly switching between applications.  The
+ * function is called to give us a chance to save state for a future
+ * reselect of us again.  */
+static gpg_error_t
+do_prep_reselect (app_t app, ctrl_t ctrl)
+{
+  gpg_error_t err;
+
+  (void)app;
+  (void)ctrl;
+
+  err = 0;
+  return err;
+}
+
+
+/* Reselect the application.  This is used by cards which support
+ * on-the-fly switching between applications.  */
+static gpg_error_t
+do_reselect (app_t app, ctrl_t ctrl)
+{
+  gpg_error_t err;
+
+  (void)ctrl;
+
+  /* An extra check which should not be necessary because the caller
+   * should have made sure that a re-select is only called for
+   * appropriate cards.  */
+  if (!app->app_local->flags.yubikey)
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  err = iso7816_select_application (app_get_slot (app),
+                                    piv_aid, sizeof piv_aid, 0x0001);
+  return err;
+}
+
+
+/* Select the PIV application on the card in SLOT.  This function must
+ * be used before any other PIV application functions. */
+gpg_error_t
+app_select_piv (app_t app)
+{
+  int slot = app_get_slot (app);
+  gpg_error_t err;
+  unsigned char *apt = NULL;
+  size_t aptlen;
+  const unsigned char *s;
+  size_t n;
+
+  /* Note that we select using the AID without the 2 octet version
+   * number.  This allows for better reporting of future specs.  We
+   * need to use the use-zero-for-P2-flag.  */
+  err = iso7816_select_application_ext (slot, piv_aid, sizeof piv_aid, 0x0001,
+                                        &apt, &aptlen);
+  if (err)
+    goto leave;
+
+  app->apptype = APPTYPE_PIV;
+  app->did_chv1 = 0;
+  app->did_chv2 = 0;
+  app->did_chv3 = 0;
+  app->app_local = NULL;
+
+  /* Check the Application Property Template.  */
+  if (opt.verbose)
+    {
+      /* We  use a separate log_info to avoid the "DBG:" prefix.  */
+      log_info ("piv: APT=");
+      log_printhex (apt, aptlen, "");
+    }
+
+  s = find_tlv (apt, aptlen, 0x4F, &n);
+  /* Some cards (new Yubikey) return only the PIX, while others
+   * (old Yubikey, PivApplet) return the RID+PIX. */
+  if (!s || !((n == 6 && !memcmp (s, piv_aid+5, 4))
+              || (n == 11 && !memcmp (s, piv_aid, 9))))
+    {
+      /* The PIX does not match.  */
+      log_error ("piv: missing or invalid DO 0x4F in APT\n");
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+  if (s[n-2] != 1 || s[n-1] != 0)
+    {
+      log_error ("piv: unknown PIV version %u.%u\n", s[4], s[5]);
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+  app->appversion = ((s[n-2] << 8) | s[n-1]);
+
+  s = find_tlv (apt, aptlen, 0x79, &n);
+  if (!s || n < 7)
+    {
+      log_error ("piv: missing or invalid DO 0x79 in APT\n");
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+  s = find_tlv (s, n, 0x4F, &n);
+  /* Some cards may also return the full AID instead of just
+   * the 5-byte RID here. */
+  if (!s || !(n == 5 || n == 11) || memcmp (s, piv_aid, 5))
+    {
+      /* The RID does not match.  */
+      log_error ("piv: missing or invalid DO 0x79.4F in APT\n");
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+
+  app->app_local = xtrycalloc (1, sizeof *app->app_local);
+  if (!app->app_local)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  if (app->card->cardtype == CARDTYPE_YUBIKEY)
+    app->app_local->flags.yubikey = 1;
+
+
+  /* FIXME: Parse the optional and conditional DOs in the APT.  */
+
+  if (opt.verbose)
+    dump_all_do (slot);
+
+  app->fnc.deinit = do_deinit;
+  app->fnc.prep_reselect = do_prep_reselect;
+  app->fnc.reselect = do_reselect;
+  app->fnc.learn_status = do_learn_status;
+  app->fnc.readcert = do_readcert;
+  app->fnc.readkey = do_readkey;
+  app->fnc.getattr = do_getattr;
+  app->fnc.setattr = do_setattr;
+  app->fnc.writecert = do_writecert;
+  app->fnc.writekey = do_writekey;
+  app->fnc.genkey = do_genkey;
+  app->fnc.sign = do_sign;
+  app->fnc.auth = do_auth;
+  app->fnc.decipher = do_decipher;
+  app->fnc.change_pin = do_change_chv;
+  app->fnc.check_pin = do_check_chv;
+  app->fnc.with_keygrip = do_with_keygrip;
+
+
+leave:
+  xfree (apt);
+  if (err)
+    do_deinit (app);
+  return err;
+}
diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c
index 1425b43..1ca709f 100644
--- a/scd/app-sc-hsm.c
+++ b/scd/app-sc-hsm.c
@@ -27,7 +27,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 
 #include "scdaemon.h"
@@ -483,7 +482,8 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult,
   if (!fid)
     return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */
 
-  err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen, 255);
+  err = select_and_read_binary (app_get_slot (app),
+                                fid, "PrKDF", &buffer, &buflen, 255);
   if (err)
     return err;
 
@@ -831,7 +831,7 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult,
   xfree (buffer);
   buffer = NULL;
   buflen = 0;
-  err = select_and_read_binary (app->slot,
+  err = select_and_read_binary (app_get_slot (app),
                                 ((SC_HSM_EE_PREFIX << 8) | (fid & 0xFF)),
                                 "CertEF", &buffer, &buflen, 1);
   if (!err && buffer[0] == 0x30)
@@ -952,7 +952,8 @@ read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result)
   if (!fid)
     return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */
 
-  err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen, 255);
+  err = select_and_read_binary (app_get_slot (app), fid, "CDF",
+                                &buffer, &buflen, 255);
   if (err)
     return err;
 
@@ -1201,7 +1202,7 @@ read_serialno(app_t app)
   size_t n, objlen, hdrlen, chrlen;
   int class, tag, constructed, ndef;
 
-  err = select_and_read_binary (app->slot, 0x2F02, "EF.C_DevAut",
+  err = select_and_read_binary (app_get_slot (app), 0x2F02, "EF.C_DevAut",
                                 &buffer, &buflen, 512);
   if (err)
     return err;
@@ -1228,15 +1229,15 @@ read_serialno(app_t app)
     }
   chrlen -= 5;
 
-  app->serialno = xtrymalloc (chrlen);
-  if (!app->serialno)
+  app->card->serialno = xtrymalloc (chrlen);
+  if (!app->card->serialno)
     {
       err = gpg_error_from_syserror ();
       goto leave;
     }
 
-  app->serialnolen = chrlen;
-  memcpy (app->serialno, chr, chrlen);
+  app->card->serialnolen = chrlen;
+  memcpy (app->card->serialno, chr, chrlen);
 
  leave:
   xfree (buffer);
@@ -1259,7 +1260,7 @@ read_meta (app_t app)
   if (err)
     return err;
 
-  err = list_ef (app->slot, &eflist, &eflistlen);
+  err = list_ef (app_get_slot (app), &eflist, &eflistlen);
   if (err)
     return err;
 
@@ -1386,7 +1387,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
         }
       else
         {
-          assert (strlen (gripstr) == 40);
+          log_assert (strlen (gripstr) == 40);
           send_status_info (ctrl, "KEYPAIRINFO",
                             gripstr, 40,
                             buf, strlen (buf),
@@ -1405,7 +1406,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
 {
   gpg_error_t err;
 
-  if ((flags & 1))
+  if ((flags & APP_LEARN_FLAG_KEYPAIRINFO))
     err = 0;
   else
     {
@@ -1453,7 +1454,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       return 0;
     }
 
-  err = select_and_read_binary (app->slot, cdf->fid, "CD",
+  err = select_and_read_binary (app_get_slot (app), cdf->fid, "CD",
                                 &buffer, &buflen, 4096);
   if (err)
     {
@@ -1482,7 +1483,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       goto leave;
     }
   totobjlen = objlen + hdrlen;
-  assert (totobjlen <= buflen);
+  log_assert (totobjlen <= buflen);
 
   err = parse_ber_header (&p, &n, &class, &tag, &constructed,
                           &ndef, &objlen, &hdrlen);
@@ -1513,7 +1514,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
           goto leave;
         }
       totobjlen = objlen + hdrlen;
-      assert (save_p + totobjlen <= buffer + buflen);
+      log_assert (save_p + totobjlen <= buffer + buflen);
       memmove (buffer, save_p, totobjlen);
     }
 
@@ -1591,7 +1592,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
     }
   else if (!strcmp (name, "$DISPSERIALNO"))
     {
-      send_status_info (ctrl, name, app->serialno, app->serialnolen, NULL, 0);
+      send_status_info (ctrl, name,
+                        app->card->serialno, app->card->serialnolen, NULL, 0);
       return 0;
     }
 
@@ -1692,8 +1694,8 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   char *prompt;
   int sw;
 
-  sw = apdu_send_simple (app->slot, 0, 0x00, ISO7816_VERIFY, 0x00, 0x81,
-                         -1, NULL);
+  sw = apdu_send_simple (app_get_slot (app),
+                         0, 0x00, ISO7816_VERIFY, 0x00, 0x81, -1, NULL);
 
   if (sw == SW_SUCCESS)
     return 0;                   /* PIN already verified */
@@ -1718,7 +1720,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   prompt = "||Please enter the PIN";
 
   if (!opt.disable_pinpad
-      && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
+      && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) )
     {
       err = pincb (pincb_arg, prompt, NULL);
       if (err)
@@ -1727,7 +1729,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
           return err;
         }
 
-      err = iso7816_verify_kp (app->slot, 0x81, &pininfo);
+      err = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo);
       pincb (pincb_arg, NULL, NULL);  /* Dismiss the prompt. */
     }
   else
@@ -1739,7 +1741,8 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
           return err;
         }
 
-      err = iso7816_verify (app->slot, 0x81, pinvalue, strlen(pinvalue));
+      err = iso7816_verify (app_get_slot (app),
+                            0x81, pinvalue, strlen(pinvalue));
       xfree (pinvalue);
     }
   if (err)
@@ -1884,7 +1887,8 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     return err;
 
-  sw = apdu_send_le (app->slot, 1, 0x80, 0x68, prkdf->key_reference, algoid,
+  sw = apdu_send_le (app_get_slot (app),
+                     1, 0x80, 0x68, prkdf->key_reference, algoid,
                      cdsblklen, cdsblk, 0, outdata, outdatalen);
   return iso7816_map_sw (sw);
 }
@@ -2021,7 +2025,8 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
   if (err)
     return err;
 
-  sw = apdu_send_le (app->slot, 1, 0x80, 0x62, prkdf->key_reference, 0x21,
+  sw = apdu_send_le (app_get_slot (app),
+                     1, 0x80, 0x62, prkdf->key_reference, 0x21,
                      p1blklen, p1blk, 0, &rspdata, &rspdatalen);
   err = iso7816_map_sw (sw);
   if (err)
@@ -2047,7 +2052,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
 gpg_error_t
 app_select_sc_hsm (app_t app)
 {
-  int slot = app->slot;
+  int slot = app_get_slot (app);
   int rc;
 
   rc = iso7816_select_application (slot, sc_hsm_aid, sizeof sc_hsm_aid, 0);
@@ -2067,6 +2072,8 @@ app_select_sc_hsm (app_t app)
         goto leave;
 
       app->fnc.deinit = do_deinit;
+      app->fnc.prep_reselect = NULL;
+      app->fnc.reselect = NULL;
       app->fnc.learn_status = do_learn_status;
       app->fnc.readcert = do_readcert;
       app->fnc.getattr = do_getattr;
diff --git a/scd/app.c b/scd/app.c
index 846fc77..d0e990e 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -29,40 +29,66 @@
 #include "iso7816.h"
 #include "apdu.h"
 #include "../common/tlv.h"
+#include "../common/membuf.h"
 
-static npth_mutex_t app_list_lock;
-static app_t app_top;
 
+/* Forward declaration of internal function.  */
+static gpg_error_t
+select_additional_application_internal (card_t card, apptype_t req_apptype);
+static gpg_error_t
+send_serialno_and_app_status (card_t card, int with_apps, ctrl_t ctrl);
+static gpg_error_t run_reselect (ctrl_t ctrl, card_t c, app_t a, app_t a_prev);
+
+/* Lock to protect the list of cards and its associated
+ * applications.  */
+static npth_mutex_t card_list_lock;
+
+/* Notification to threads which keep watching the status change.  */
+static npth_cond_t notify_cond;
 
-/* List of all supported apps.  */
-static struct
+/* A list of card contexts.  A card is a collection of applications
+ * (described by app_t) on the same physical token. */
+static card_t card_top;
+
+
+/* The list of application names and their select function.  If no
+ * specific application is selected the first available application on
+ * a card is selected.  */
+struct app_priority_list_s
 {
   apptype_t apptype;
   char const *name;
-} supported_app_list[] =
-  {{ APPTYPE_OPENPGP  , "openpgp"   },
-   { APPTYPE_NKS      , "nks"       },
-   { APPTYPE_P15      , "p15"       },
-   { APPTYPE_GELDKARTE, "geldkarte" },
-   { APPTYPE_DINSIG   , "dinsig"    },
-   { APPTYPE_SC_HSM   , "sc-hsm"    },
-   { APPTYPE_NONE     , NULL        }
+  gpg_error_t (*select_func)(app_t);
+};
+
+static struct app_priority_list_s app_priority_list[] =
+  {{ APPTYPE_OPENPGP  , "openpgp",   app_select_openpgp   },
+   { APPTYPE_PIV      , "piv",       app_select_piv       },
+   { APPTYPE_NKS      , "nks",       app_select_nks       },
+   { APPTYPE_P15      , "p15",       app_select_p15       },
+   { APPTYPE_GELDKARTE, "geldkarte", app_select_geldkarte },
+   { APPTYPE_DINSIG   , "dinsig",    app_select_dinsig    },
+   { APPTYPE_SC_HSM   , "sc-hsm",    app_select_sc_hsm    },
+   { APPTYPE_NONE     , NULL,        NULL                 }
    /* APPTYPE_UNDEFINED is special and not listed here.  */
   };
 
 
+
+
 
-static void
-print_progress_line (void *opaque, const char *what, int pc, int cur, int tot)
+/* Map a cardtype to a string.  Never returns NULL.  */
+const char *
+strcardtype (cardtype_t t)
 {
-  ctrl_t ctrl = opaque;
-  char line[100];
-
-  if (ctrl)
+  switch (t)
     {
-      snprintf (line, sizeof line, "%s %c %d %d", what, pc, cur, tot);
-      send_status_direct (ctrl, "PROGRESS", line);
+    case CARDTYPE_GENERIC:     return "generic";
+    case CARDTYPE_GNUK:        return "gnuk";
+    case CARDTYPE_YUBIKEY:     return "yubikey";
+    case CARDTYPE_ZEITCONTROL: return "zeitcontrol";
     }
+  return "?";
 }
 
 
@@ -72,13 +98,20 @@ strapptype (apptype_t t)
 {
   int i;
 
-  for (i=0; supported_app_list[i].apptype; i++)
-    if (supported_app_list[i].apptype == t)
-      return supported_app_list[i].name;
+  for (i=0; app_priority_list[i].apptype; i++)
+    if (app_priority_list[i].apptype == t)
+      return app_priority_list[i].name;
   return t == APPTYPE_UNDEFINED? "undefined" : t? "?" : "none";
 }
 
 
+const char *
+xstrapptype (app_t app)
+{
+  return app? strapptype (app->apptype) : "[no_app]";
+}
+
+
 /* Return the apptype for NAME.  */
 static apptype_t
 apptype_from_name (const char *name)
@@ -88,66 +121,229 @@ apptype_from_name (const char *name)
   if (!name)
     return APPTYPE_NONE;
 
-  for (i=0; supported_app_list[i].apptype; i++)
-    if (!ascii_strcasecmp (supported_app_list[i].name, name))
-      return supported_app_list[i].apptype;
+  for (i=0; app_priority_list[i].apptype; i++)
+    if (!ascii_strcasecmp (app_priority_list[i].name, name))
+      return app_priority_list[i].apptype;
   if (!ascii_strcasecmp ("undefined", name))
     return APPTYPE_UNDEFINED;
   return APPTYPE_NONE;
 }
 
 
-/* Lock the reader SLOT.  This function shall be used right before
-   calling any of the actual application functions to serialize access
-   to the reader.  We do this always even if the reader is not
-   actually used.  This allows an actual connection to assume that it
-   never shares a reader (while performing one command).  Returns 0 on
-   success; only then the unlock_reader function must be called after
-   returning from the handler. */
+/* Return the apptype for KEYREF.  This is the first part of the
+ * KEYREF up to the dot.  */
+static apptype_t
+apptype_from_keyref (const char *keyref)
+{
+  int i;
+  unsigned int n;
+  const char *s;
+
+  if (!keyref)
+    return APPTYPE_NONE;
+  s = strchr (keyref, '.');
+  if (!s || s == keyref || !s[1])
+    return APPTYPE_NONE; /* Not a valid keyref.  */
+  n = s - keyref;
+
+  for (i=0; app_priority_list[i].apptype; i++)
+    if (strlen (app_priority_list[i].name) == n
+        && !ascii_strncasecmp (app_priority_list[i].name, keyref, n))
+      return app_priority_list[i].apptype;
+
+  return APPTYPE_NONE;
+}
+
+
+/* Return true if both serilanumbers are the same.  This function
+ * takes care of some peculiarities.  */
+static int
+is_same_serialno (const unsigned char *sna, size_t snalen,
+                  const unsigned char *snb, size_t snblen)
+{
+  if ((!sna && !snb) || (!snalen && !snblen))
+    return 1;
+  if (!sna || !snb)
+    return 0;  /* One of them is NULL.  (Both NULL tested above).  */
+
+  if (snalen != snblen)
+    return 0;  /* (No special cases for this below).  */
+
+  /* The special case for OpenPGP cards where we ignore the version
+   * bytes (vvvv).  Example: D276000124010304000500009D8A0000
+   *                         ^^^^^^^^^^^^vvvvmmmmssssssssrrrr  */
+  if (snalen == 16 && !memcmp (sna, "\xD2\x76\x00\x01\x24\x01", 6))
+    {
+      if (memcmp (snb, "\xD2\x76\x00\x01\x24\x01", 6))
+        return 0;  /* No */
+      return !memcmp (sna + 8, snb + 8, 8);
+    }
+
+  return !memcmp (sna, snb, snalen);
+}
+
+
+
+/* Initialization function to change the default app_priority_list.
+ * LIST is a list of comma or space separated strings with application
+ * names.  Unknown names will only result in warning message.
+ * Application not mentioned in LIST are used in their original order
+ * after the given once.  */
+void
+app_update_priority_list (const char *arg)
+{
+  struct app_priority_list_s save;
+  char **names;
+  int i, j, idx;
+
+  names = strtokenize (arg, ", ");
+  if (!names)
+    log_fatal ("strtokenize failed: %s\n",
+               gpg_strerror (gpg_error_from_syserror ()));
+
+  idx = 0;
+  for (i=0; names[i]; i++)
+    {
+      ascii_strlwr (names[i]);
+      for (j=0; j < i; j++)
+        if (!strcmp (names[j], names[i]))
+          break;
+      if (j < i)
+        {
+          log_info ("warning: duplicate application '%s' in priority list\n",
+                    names[i]);
+          continue;
+        }
+
+      for (j=idx; app_priority_list[j].name; j++)
+        if (!strcmp (names[i], app_priority_list[j].name))
+          break;
+      if (!app_priority_list[j].name)
+        {
+          log_info ("warning: unknown application '%s' in priority list\n",
+                    names[i]);
+          continue;
+        }
+      save = app_priority_list[idx];
+      app_priority_list[idx] = app_priority_list[j];
+      app_priority_list[j] = save;
+      idx++;
+    }
+  log_assert (idx < DIM (app_priority_list));
+
+  xfree (names);
+  for (i=0; app_priority_list[i].name; i++)
+    log_info ("app priority %d: %s\n", i, app_priority_list[i].name);
+}
+
+
+static void
+print_progress_line (void *opaque, const char *what, int pc, int cur, int tot)
+{
+  ctrl_t ctrl = opaque;
+  char line[100];
+
+  if (ctrl)
+    {
+      snprintf (line, sizeof line, "%s %c %d %d", what, pc, cur, tot);
+      send_status_direct (ctrl, "PROGRESS", line);
+    }
+}
+
+
+/* Lock the CARD.  This function shall be used right before calling
+ * any of the actual application functions to serialize access to the
+ * reader.  We do this always even if the card is not actually used.
+ * This allows an actual connection to assume that it never shares a
+ * card (while performing one command).  Returns 0 on success; only
+ * then the unlock_reader function must be called after returning from
+ * the handler.  Right now we assume a that a reader has just one
+ * card; this may eventually need refinement. */
 static gpg_error_t
-lock_app (app_t app, ctrl_t ctrl)
+lock_card (card_t card, ctrl_t ctrl)
 {
-  if (npth_mutex_lock (&app->lock))
+  if (npth_mutex_lock (&card->lock))
     {
       gpg_error_t err = gpg_error_from_syserror ();
-      log_error ("failed to acquire APP lock for %p: %s\n",
-                 app, gpg_strerror (err));
+      log_error ("failed to acquire CARD lock for %p: %s\n",
+                 card, gpg_strerror (err));
       return err;
     }
 
-  apdu_set_progress_cb (app->slot, print_progress_line, ctrl);
-  apdu_set_prompt_cb (app->slot, popup_prompt, ctrl);
+  apdu_set_progress_cb (card->slot, print_progress_line, ctrl);
+  apdu_set_prompt_cb (card->slot, popup_prompt, ctrl);
 
   return 0;
 }
 
-/* Release a lock on the reader.  See lock_reader(). */
+
+/* Release a lock on a card.  See lock_reader(). */
 static void
-unlock_app (app_t app)
+unlock_card (card_t card)
 {
-  apdu_set_progress_cb (app->slot, NULL, NULL);
-  apdu_set_prompt_cb (app->slot, NULL, NULL);
+  apdu_set_progress_cb (card->slot, NULL, NULL);
+  apdu_set_prompt_cb (card->slot, NULL, NULL);
 
-  if (npth_mutex_unlock (&app->lock))
+  if (npth_mutex_unlock (&card->lock))
     {
       gpg_error_t err = gpg_error_from_syserror ();
-      log_error ("failed to release APP lock for %p: %s\n",
-                 app, gpg_strerror (err));
+      log_error ("failed to release CARD lock for %p: %s\n",
+                 card, gpg_strerror (err));
     }
 }
 
 
 /* This function may be called to print information pertaining to the
-   current state of this module to the log. */
+ * current state of this module to the log. */
 void
 app_dump_state (void)
 {
+  card_t c;
+  app_t a;
+
+  npth_mutex_lock (&card_list_lock);
+  for (c = card_top; c; c = c->next)
+    {
+      log_info ("app_dump_state: card=%p slot=%d type=%s refcount=%u\n",
+                c, c->slot, strcardtype (c->cardtype), c->ref_count);
+      /* FIXME The use of log_info risks a race!  */
+      for (a=c->app; a; a = a->next)
+        log_info ("app_dump_state:   app=%p type='%s'\n",
+                  a, strapptype (a->apptype));
+    }
+  npth_mutex_unlock (&card_list_lock);
+}
+
+
+gpg_error_t
+app_send_devinfo (ctrl_t ctrl)
+{
+  card_t c;
   app_t a;
+  int no_device;
+
+  send_status_direct (ctrl, "DEVINFO_START", "");
+
+  npth_mutex_lock (&card_list_lock);
+  no_device = (card_top == NULL);
+  for (c = card_top; c; c = c->next)
+    {
+      char *serialno;
+      char card_info[80];
+
+      serialno = card_get_serialno (c);
+      snprintf (card_info, sizeof card_info, "DEVICE %s %s",
+                strcardtype (c->cardtype), serialno);
+      xfree (serialno);
+
+      for (a = c->app; a; a = a->next)
+        send_status_direct (ctrl, card_info, strapptype (a->apptype));
+    }
+  npth_mutex_unlock (&card_list_lock);
+
+  send_status_direct (ctrl, "DEVINFO_END", "");
 
-  npth_mutex_lock (&app_list_lock);
-  for (a = app_top; a; a = a->next)
-    log_info ("app_dump_state: app=%p type='%s'\n", a, strapptype (a->apptype));
-  npth_mutex_unlock (&app_list_lock);
+  return no_device ? gpg_error (GPG_ERR_NOT_FOUND): 0;
 }
 
 /* Check whether the application NAME is allowed.  This does not mean
@@ -164,35 +360,69 @@ is_app_allowed (const char *name)
 }
 
 
-static gpg_error_t
-check_conflict (app_t app, const char *name)
+/* This function is mainly used by the serialno command to check for
+ * an application conflict which may appear if the serialno command is
+ * used to request a specific application and the connection has
+ * already done a select_application.   Return values are:
+ *   0              - No conflict
+ *   GPG_ERR_FALSE  - Another application is in use but it is possible
+ *                    to switch to the requested application.
+ *   Other code     - Switching is not possible.
+ *
+ * If SERIALNO_BIN is not NULL a conflict is only asserted if the
+ * serialno of the card matches.
+ */
+gpg_error_t
+check_application_conflict (card_t card, const char *name,
+                            const unsigned char *serialno_bin,
+                            size_t serialno_bin_len)
 {
-  if (!app || !name
-      || (app->apptype && app->apptype == apptype_from_name (name)))
+  apptype_t apptype;
+
+  if (!card || !name)
+    return 0;
+  if (!card->app)
+    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen.  */
+
+  if (serialno_bin && card->serialno)
+    {
+      if (!is_same_serialno (card->serialno,  card->serialnolen,
+                             serialno_bin, serialno_bin_len))
+        return 0; /* The card does not match the requested S/N.  */
+    }
+
+  apptype = apptype_from_name (name);
+  if (card->app->apptype == apptype)
     return 0;
 
-  if (app->apptype && app->apptype == APPTYPE_UNDEFINED)
+  if (card->app->apptype == APPTYPE_UNDEFINED)
     return 0;
 
+  if (card->cardtype == CARDTYPE_YUBIKEY)
+    {
+      if (card->app->apptype == APPTYPE_OPENPGP)
+        {
+          /* Current app is OpenPGP.  */
+          if (!ascii_strcasecmp (name, "piv"))
+            return gpg_error (GPG_ERR_FALSE);  /* Switching allowed.  */
+        }
+      else if (card->app->apptype == APPTYPE_PIV)
+        {
+          /* Current app is PIV.  */
+          if (!ascii_strcasecmp (name, "openpgp"))
+            return gpg_error (GPG_ERR_FALSE);  /* Switching allowed.  */
+        }
+    }
+
   log_info ("application '%s' in use - can't switch\n",
-            strapptype (app->apptype));
+            strapptype (card->app->apptype));
 
   return gpg_error (GPG_ERR_CONFLICT);
 }
 
-/* This function is used by the serialno command to check for an
-   application conflict which may appear if the serialno command is
-   used to request a specific application and the connection has
-   already done a select_application. */
-gpg_error_t
-check_application_conflict (const char *name, app_t app)
-{
-  return check_conflict (app, name);
-}
-
 
 gpg_error_t
-app_reset (app_t app, ctrl_t ctrl, int send_reset)
+card_reset (card_t card, ctrl_t ctrl, int send_reset)
 {
   gpg_error_t err = 0;
 
@@ -200,21 +430,22 @@ app_reset (app_t app, ctrl_t ctrl, int send_reset)
     {
       int sw;
 
-      lock_app (app, ctrl);
-      sw = apdu_reset (app->slot);
+      lock_card (card, ctrl);
+      sw = apdu_reset (card->slot);
       if (sw)
         err = gpg_error (GPG_ERR_CARD_RESET);
 
-      app->reset_requested = 1;
-      unlock_app (app);
+      card->reset_requested = 1;
+      unlock_card (card);
 
       scd_kick_the_loop ();
       gnupg_sleep (1);
     }
   else
     {
-      ctrl->app_ctx = NULL;
-      release_application (app, 0);
+      ctrl->card_ctx = NULL;
+      ctrl->current_apptype = APPTYPE_NONE;
+      card_unref (card);
     }
 
   return err;
@@ -225,35 +456,37 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
                   int periodical_check_needed)
 {
   gpg_error_t err = 0;
+  card_t card = NULL;
   app_t app = NULL;
   unsigned char *result = NULL;
   size_t resultlen;
   int want_undefined;
+  int i;
 
-  /* Need to allocate a new one.  */
-  app = xtrycalloc (1, sizeof *app);
-  if (!app)
+  /* Need to allocate a new card object  */
+  card = xtrycalloc (1, sizeof *card);
+  if (!card)
     {
       err = gpg_error_from_syserror ();
       log_info ("error allocating context: %s\n", gpg_strerror (err));
       return err;
     }
 
-  app->slot = slot;
-  app->card_status = (unsigned int)-1;
+  card->slot = slot;
+  card->card_status = (unsigned int)-1;
 
-  if (npth_mutex_init (&app->lock, NULL))
+  if (npth_mutex_init (&card->lock, NULL))
     {
       err = gpg_error_from_syserror ();
       log_error ("error initializing mutex: %s\n", gpg_strerror (err));
-      xfree (app);
+      xfree (card);
       return err;
     }
 
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     {
-      xfree (app);
+      xfree (card);
       return err;
     }
 
@@ -284,7 +517,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
               && !iso7816_apdu_direct (slot, "\x00\x1d\x00\x00\x00", 5, 0,
                                        NULL, &buf, &buflen))
             {
-              app->cardtype = CARDTYPE_YUBIKEY;
+              card->cardtype = CARDTYPE_YUBIKEY;
               if (opt.verbose)
                 {
                   log_info ("Yubico: config=");
@@ -299,25 +532,24 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
                   formfactor = (s0 && n == 1)? *s0 : 0;
 
                   s0 = find_tlv (buf+1, buflen-1, 0x02, &n);  /* Serial */
-                  if (s0 && n <= 4)
+                  if (s0 && n >= 4)
                     {
-                      app->serialno = xtrymalloc (3 + 1 + 4);
-                      if (app->serialno)
+                      card->serialno = xtrymalloc (3 + 1 + n);
+                      if (card->serialno)
                         {
-                          app->serialnolen = 3 + 1 + 4;
-                          app->serialno[0] = 0xff;
-                          app->serialno[1] = 0x02;
-                          app->serialno[2] = 0x0;
-                          app->serialno[3] = formfactor;
-                          memset (app->serialno + 4, 0, 4 - n);
-                          memcpy (app->serialno + 4 + 4 - n, s0, n);
-                          err = app_munge_serialno (app);
+                          card->serialnolen = 3 + 1 + n;
+                          card->serialno[0] = 0xff;
+                          card->serialno[1] = 0x02;
+                          card->serialno[2] = 0x0;
+                          card->serialno[3] = formfactor;
+                          memcpy (card->serialno + 4, s0, n);
+                          err = app_munge_serialno (card);
                         }
                     }
 
                   s0 = find_tlv (buf+1, buflen-1, 0x05, &n);  /* version */
                   if (s0 && n == 3)
-                    app->cardversion = ((s0[0]<<16)|(s0[1]<<8)|s0[2]);
+                    card->cardversion = ((s0[0]<<16)|(s0[1]<<8)|s0[2]);
                   else if (!s0)
                     {
                       /* No version - this is not a Yubikey 5.  We now
@@ -330,7 +562,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
                                                        otp_aid, sizeof otp_aid,
                                                        1, &buf, &buflen)
                           && buflen > 3)
-                        app->cardversion = ((buf[0]<<16)|(buf[1]<<8)|buf[2]);
+                        card->cardversion = ((buf[0]<<16)|(buf[1]<<8)|buf[2]);
                     }
                 }
               xfree (buf);
@@ -346,18 +578,18 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
           if (atr)
             {
               if (atrlen == 21 && atr[2] == 0x11)
-                app->cardtype = CARDTYPE_GNUK;
+                card->cardtype = CARDTYPE_GNUK;
               else if (atrlen == 21 && atr[7] == 0x75)
-                app->cardtype = CARDTYPE_ZEITCONTROL;
+                card->cardtype = CARDTYPE_ZEITCONTROL;
               xfree (atr);
             }
         }
 
-      if (!err && app->cardtype != CARDTYPE_YUBIKEY)
+      if (!err && card->cardtype != CARDTYPE_YUBIKEY)
         err = iso7816_select_file (slot, 0x2F02, 0);
-      if (!err && app->cardtype != CARDTYPE_YUBIKEY)
+      if (!err && card->cardtype != CARDTYPE_YUBIKEY)
         err = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
-      if (!err && app->cardtype != CARDTYPE_YUBIKEY)
+      if (!err && card->cardtype != CARDTYPE_YUBIKEY)
         {
           size_t n;
           const unsigned char *p;
@@ -367,7 +599,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
             resultlen -= (p-result);
           if (p && n > resultlen && n == 0x0d && resultlen+1 == n)
             {
-              /* The object it does not fit into the buffer.  This is an
+              /* The object does not fit into the buffer.  This is an
                  invalid encoding (or the buffer is too short.  However, I
                  have some test cards with such an invalid encoding and
                  therefore I use this ugly workaround to return something
@@ -381,9 +613,9 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
               /* The GDO file is pretty short, thus we simply reuse it for
                  storing the serial number. */
               memmove (result, p, n);
-              app->serialno = result;
-              app->serialnolen = n;
-              err = app_munge_serialno (app);
+              card->serialno = result;
+              card->serialnolen = n;
+              err = app_munge_serialno (card);
               if (err)
                 goto leave;
             }
@@ -393,10 +625,16 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
         }
     }
 
-  /* For certain error codes, there is no need to try more.  */
-  if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT
-      || gpg_err_code (err) == GPG_ERR_ENODEV)
-    goto leave;
+  /* Allocate a new app object.  */
+  app = xtrycalloc (1, sizeof *app);
+  if (!app)
+    {
+      err = gpg_error_from_syserror ();
+      log_info ("error allocating app context: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+  card->app = app;
+  app->card = card;
 
   /* Figure out the application to use.  */
   if (want_undefined)
@@ -404,26 +642,30 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
       /* We switch to the "undefined" application only if explicitly
          requested.  */
       app->apptype = APPTYPE_UNDEFINED;
+      /* Clear the error so that we don't run through the application
+       * selection chain.  */
       err = 0;
     }
   else
-    err = gpg_error (GPG_ERR_NOT_FOUND);
-
-  /* Fixme: Use a table like we do in 2.3.  */
-  if (err && is_app_allowed ("openpgp")
-          && (!name || !strcmp (name, "openpgp")))
-    err = app_select_openpgp (app);
-  if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
-    err = app_select_nks (app);
-  if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
-    err = app_select_p15 (app);
-  if (err && is_app_allowed ("geldkarte")
-      && (!name || !strcmp (name, "geldkarte")))
-    err = app_select_geldkarte (app);
-  if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
-    err = app_select_dinsig (app);
-  if (err && is_app_allowed ("sc-hsm") && (!name || !strcmp (name, "sc-hsm")))
-    err = app_select_sc_hsm (app);
+    {
+      /* For certain error codes, there is no need to try more.  */
+      if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT
+          || gpg_err_code (err) == GPG_ERR_ENODEV)
+        goto leave;
+
+      /* Set a default error so that we run through the application
+       * selection chain.  */
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+    }
+
+  /* Find the first available app if NAME is NULL or the matching
+   * NAME but only if that application is also enabled.  */
+  for (i=0; err && app_priority_list[i].name; i++)
+    {
+      if (is_app_allowed (app_priority_list[i].name)
+          && (!name || !strcmp (name, app_priority_list[i].name)))
+        err = app_priority_list[i].select_func (app);
+    }
   if (err && name && gpg_err_code (err) != GPG_ERR_OBJ_TERM_STATE)
     err = gpg_error (GPG_ERR_NOT_SUPPORTED);
 
@@ -436,51 +678,56 @@ app_new_register (int slot, ctrl_t ctrl, const char *name,
       else
         log_info ("no supported card application found: %s\n",
                   gpg_strerror (err));
-      unlock_app (app);
+      unlock_card (card);
       xfree (app);
+      xfree (card);
       return err;
     }
 
-  app->periodical_check_needed = periodical_check_needed;
+  card->periodical_check_needed = periodical_check_needed;
+  card->next = card_top;
+  card_top = card;
 
-  npth_mutex_lock (&app_list_lock);
-  app->next = app_top;
-  app_top = app;
-  npth_mutex_unlock (&app_list_lock);
-  unlock_app (app);
+  unlock_card (card);
   return 0;
 }
 
+
 /* If called with NAME as NULL, select the best fitting application
-   and return a context; otherwise select the application with NAME
-   and return a context.  Returns an error code and stores NULL at
-   R_APP if no application was found or no card is present. */
+ * and return its card context; otherwise select the application with
+ * NAME and return its card context.  Returns an error code and stores
+ * NULL at R_CARD if no application was found or no card is present.  */
 gpg_error_t
-select_application (ctrl_t ctrl, const char *name, app_t *r_app,
+select_application (ctrl_t ctrl, const char *name, card_t *r_card,
                     int scan, const unsigned char *serialno_bin,
                     size_t serialno_bin_len)
 {
   gpg_error_t err = 0;
-  app_t a, a_prev = NULL;
+  card_t card, card_prev = NULL;
 
-  *r_app = NULL;
+  *r_card = NULL;
 
-  if (scan || !app_top)
+  npth_mutex_lock (&card_list_lock);
+
+  if (scan || !card_top)
     {
       struct dev_list *l;
-      int new_app = 0;
+      int new_card = 0;
 
       /* Scan the devices to find new device(s).  */
       err = apdu_dev_list_start (opt.reader_port, &l);
       if (err)
-        return err;
+        {
+          npth_mutex_unlock (&card_list_lock);
+          return err;
+        }
 
       while (1)
         {
           int slot;
           int periodical_check_needed_this;
 
-          slot = apdu_open_reader (l, !app_top);
+          slot = apdu_open_reader (l);
           if (slot < 0)
             break;
 
@@ -494,240 +741,579 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app,
             {
               err = app_new_register (slot, ctrl, name,
                                       periodical_check_needed_this);
-              new_app++;
+              new_card++;
             }
 
           if (err)
-            apdu_close_reader (slot);
+            {
+              pincache_put (ctrl, slot, NULL, NULL, NULL, 0);
+              apdu_close_reader (slot);
+            }
         }
 
       apdu_dev_list_finish (l);
 
       /* If new device(s), kick the scdaemon loop.  */
-      if (new_app)
+      if (new_card)
         scd_kick_the_loop ();
     }
 
-  npth_mutex_lock (&app_list_lock);
-  for (a = app_top; a; a = a->next)
+  for (card = card_top; card; card = card->next)
     {
-      lock_app (a, ctrl);
+      lock_card (card, ctrl);
       if (serialno_bin == NULL)
         break;
-      if (a->serialnolen == serialno_bin_len
-          && !memcmp (a->serialno, serialno_bin, a->serialnolen))
+      if (is_same_serialno (card->serialno, card->serialnolen,
+                            serialno_bin, serialno_bin_len))
         break;
-      unlock_app (a);
-      a_prev = a;
+      unlock_card (card);
+      card_prev = card;
     }
 
-  if (a)
+  if (card)
     {
-      err = check_conflict (a, name);
+      err = check_application_conflict (card, name, NULL, 0);
       if (!err)
+        ctrl->current_apptype = card->app ? card->app->apptype : APPTYPE_NONE;
+      else if (gpg_err_code (err) == GPG_ERR_FALSE)
         {
-          a->ref_count++;
-          *r_app = a;
-          if (a_prev)
+          apptype_t req_apptype = apptype_from_name (name);
+
+          if (!req_apptype)
+            err = gpg_error (GPG_ERR_NOT_FOUND);
+          else
             {
-              a_prev->next = a->next;
-              a->next = app_top;
-              app_top = a;
+              err = select_additional_application_internal (card, req_apptype);
+              if (!err)
+                ctrl->current_apptype = req_apptype;
             }
-      }
-      unlock_app (a);
+        }
+
+      if (!err)
+        {
+          /* Note: We do not use card_ref as we are already locked.  */
+          card->ref_count++;
+          *r_card = card;
+          if (card_prev)
+            {
+              card_prev->next = card->next;
+              card->next = card_top;
+              card_top = card;
+            }
+        }
+      unlock_card (card);
     }
   else
     err = gpg_error (GPG_ERR_ENODEV);
 
-  npth_mutex_unlock (&app_list_lock);
+  npth_mutex_unlock (&card_list_lock);
 
   return err;
 }
 
 
-char *
-get_supported_applications (void)
+/* Switch the current card for the session CTRL and print a SERIALNO
+ * status line on success.  (SERIALNO, SERIALNOLEN) is the binary s/n
+ * of the card to switch to.  */
+gpg_error_t
+app_switch_current_card (ctrl_t ctrl,
+                         const unsigned char *serialno, size_t serialnolen)
 {
-  const char *list[] = {
-    "openpgp",
-    "nks",
-    "p15",
-    "geldkarte",
-    "dinsig",
-    "sc-hsm",
-    /* Note: "undefined" is not listed here because it needs special
-       treatment by the client.  */
-    NULL
-  };
-  int idx;
-  size_t nbytes;
-  char *buffer, *p;
+  gpg_error_t err;
+  card_t card, cardtmp;
 
-  for (nbytes=1, idx=0; list[idx]; idx++)
-    nbytes += strlen (list[idx]) + 1 + 1;
+  npth_mutex_lock (&card_list_lock);
 
-  buffer = xtrymalloc (nbytes);
-  if (!buffer)
-    return NULL;
+  if (!ctrl->card_ctx)
+    {
+      err = gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+      goto leave;
+    }
 
-  for (p=buffer, idx=0; list[idx]; idx++)
-    if (is_app_allowed (list[idx]))
-      p = stpcpy (stpcpy (p, list[idx]), ":\n");
-  *p = 0;
+  if (serialno && serialnolen)
+    {
+      for (card = card_top; card; card = card->next)
+        {
+          if (is_same_serialno (card->serialno, card->serialnolen,
+                                serialno, serialnolen))
+            break;
+        }
+      if (!card)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
 
-  return buffer;
+      /* Note: We do not use card_ref here because we only swap the
+       * context of the current session and there is no chance of a
+       * context switch.  This also works if the card stays the same. */
+      cardtmp = ctrl->card_ctx;
+      ctrl->card_ctx = card;
+      card->ref_count++;
+      card_unref_locked (cardtmp);
+    }
+
+  /* Print the status line.  */
+  err = send_serialno_and_app_status (ctrl->card_ctx, 0, ctrl);
+
+ leave:
+  npth_mutex_unlock (&card_list_lock);
+  return err;
 }
 
 
-/* Deallocate the application.  */
-static void
-deallocate_app (app_t app)
+static gpg_error_t
+select_additional_application_internal (card_t card, apptype_t req_apptype)
 {
-  app_t a, a_prev = NULL;
+  gpg_error_t err = 0;
+  app_t app;
+  int i;
 
-  for (a = app_top; a; a = a->next)
-    if (a == app)
+  /* Check that the requested app has not yet been put onto the list.  */
+  for (app = card->app; app; app = app->next)
+    if (app->apptype == req_apptype)
       {
-        if (a_prev == NULL)
-          app_top = a->next;
-        else
-          a_prev->next = a->next;
-        break;
+        /* We already got this one.  Note that in this case we don't
+         * make it the current one but it doesn't matter because
+         * maybe_switch_app will do that anyway.  */
+        err = 0;
+        app = NULL;
+        goto leave;
       }
-    else
-      a_prev = a;
 
-  if (app->ref_count)
-    log_error ("trying to release context used yet (%d)\n", app->ref_count);
+  /* Allocate a new app object.  */
+  app = xtrycalloc (1, sizeof *app);
+  if (!app)
+    {
+      err = gpg_error_from_syserror ();
+      log_info ("error allocating app context: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+  app->card = card;
 
-  if (app->fnc.deinit)
+  /* Find the app and run the select.  */
+  for (i=0; app_priority_list[i].apptype; i++)
     {
-      app->fnc.deinit (app);
-      app->fnc.deinit = NULL;
+      if (app_priority_list[i].apptype == req_apptype
+          && is_app_allowed (app_priority_list[i].name))
+        {
+          err = app_priority_list[i].select_func (app);
+          break;
+        }
     }
+  if (!app_priority_list[i].apptype
+      || (err && gpg_err_code (err) != GPG_ERR_OBJ_TERM_STATE))
+    err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  if (err)
+    goto leave;
 
-  xfree (app->serialno);
+  /* Add this app.  We make it the current one to avoid an extra
+   * reselect by maybe_switch_app after the select we just did.  */
+  app->next = card->app;
+  card->app = app;
+  log_info ("added app '%s' to the card context and switched\n",
+            strapptype (app->apptype));
 
-  unlock_app (app);
-  xfree (app);
+ leave:
+  if (err)
+    xfree (app);
+  return err;
 }
 
-/* Free the resources associated with the application APP.  APP is
-   allowed to be NULL in which case this is a no-op.  Note that we are
-   using reference counting to track the users of the application and
-   actually deferring the deallocation to allow for a later reuse by
-   a new connection. */
-void
-release_application (app_t app, int locked_already)
-{
-  if (!app)
-    return;
 
-  /* We don't deallocate app here.  Instead, we keep it.  This is
-     useful so that a card does not get reset even if only one session
-     is using the card - this way the PIN cache and other cached data
-     are preserved.  */
+/* Add all possible additional applications to the card context but do
+ * not change the current one.  This currently works only for Yubikeys. */
+static gpg_error_t
+select_all_additional_applications_internal (ctrl_t ctrl, card_t card)
+{
+  gpg_error_t err = 0;
+  apptype_t candidates[3];
+  int i, j;
+  int any_new = 0;
 
-  if (!locked_already)
-    lock_app (app, NULL);
+  if (card->cardtype == CARDTYPE_YUBIKEY)
+    {
+      candidates[0] = APPTYPE_OPENPGP;
+      candidates[1] = APPTYPE_PIV;
+      candidates[2] = APPTYPE_NONE;
+    }
+  else
+    {
+      candidates[0] = APPTYPE_NONE;
+    }
 
-  if (!app->ref_count)
-    log_bug ("trying to release an already released context\n");
+  /* Find the app and run the select.  */
+  for (i=0; app_priority_list[i].apptype; i++)
+    {
+      app_t app, app_r, app_prev;
 
-  --app->ref_count;
-  if (!locked_already)
-    unlock_app (app);
-}
+      for (j=0; candidates[j]; j++)
+        if (candidates[j] == app_priority_list[i].apptype
+            && is_app_allowed (app_priority_list[i].name))
+          break;
+      if (!candidates[j])
+        continue;
 
+      for (app = card->app; app; app = app->next)
+        if (app->apptype == candidates[j])
+          break;
+      if (app)
+        continue; /* Already on the list of apps.  */
 
+      app = xtrycalloc (1, sizeof *app);
+      if (!app)
+        {
+          err = gpg_error_from_syserror ();
+          log_info ("error allocating app context: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+      app->card = card;
+      err = app_priority_list[i].select_func (app);
+      if (err)
+        {
+          log_error ("error selecting additional app '%s': %s - skipped\n",
+                     strapptype (candidates[j]), gpg_strerror (err));
+          err = 0;
+          xfree (app);
+        }
+      else
+        {
+          /* Append to the list of apps.  */
+          app_prev = card->app;
+          for (app_r=app_prev->next; app_r; app_prev=app_r, app_r=app_r->next)
+            ;
+          app_prev->next = app;
+          log_info ("added app '%s' to the card context\n",
+                    strapptype (app->apptype));
+          any_new = 1;
+        }
+    }
 
-/* The serial number may need some cosmetics.  Do it here.  This
-   function shall only be called once after a new serial number has
-   been put into APP->serialno.
+  /* If we found a new application we need to reselect the original
+   * application so that we are in a well defined state.  */
+  if (!err && any_new && card->app && card->app->fnc.reselect)
+    err = run_reselect (ctrl, card, card->app, NULL);
 
-   Prefixes we use:
+ leave:
+  return err;
+}
 
-     FF 00 00 = For serial numbers starting with an FF
-     FF 01 00 = Some german p15 cards return an empty serial number so the
-                serial number from the EF(TokenInfo) is used instead.
-     FF 7F 00 = No serialno.
 
-     All other serial number not starting with FF are used as they are.
-*/
+/* This function needs to be called with the NAME of the new
+ * application to be selected on CARD.  On success the application is
+ * added to the list of the card's active applications as currently
+ * active application.  On error no new application is allocated.
+ * Selecting an already selected application has no effect. */
 gpg_error_t
-app_munge_serialno (app_t app)
+select_additional_application (ctrl_t ctrl, const char *name)
 {
-  if (app->serialnolen && app->serialno[0] == 0xff)
-    {
-      /* The serial number starts with our special prefix.  This
-         requires that we put our default prefix "FF0000" in front. */
-      unsigned char *p = xtrymalloc (app->serialnolen + 3);
-      if (!p)
-        return gpg_error_from_syserror ();
-      memcpy (p, "\xff\0", 3);
-      memcpy (p+3, app->serialno, app->serialnolen);
-      app->serialnolen += 3;
-      xfree (app->serialno);
-      app->serialno = p;
-    }
-  else if (!app->serialnolen)
+  gpg_error_t err = 0;
+  apptype_t req_apptype;
+  card_t card;
+
+  if (!name)
+    req_apptype = 0;
+  else
     {
-      unsigned char *p = xtrymalloc (3);
-      if (!p)
-        return gpg_error_from_syserror ();
-      memcpy (p, "\xff\x7f", 3);
-      app->serialnolen = 3;
-      xfree (app->serialno);
-      app->serialno = p;
+      req_apptype = apptype_from_name (name);
+      if (!req_apptype)
+        return gpg_error (GPG_ERR_NOT_FOUND);
     }
-  return 0;
-}
 
+  card = ctrl->card_ctx;
+  if (!card)
+    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 
+  err = lock_card (card, ctrl);
+  if (err)
+    return err;
 
-/* Retrieve the serial number of the card.  The serial number is
-   returned as a malloced string (hex encoded) in SERIAL.  Caller must
-   free SERIAL unless the function returns an error.  */
-char *
-app_get_serialno (app_t app)
+  if (req_apptype)
+    {
+      err = select_additional_application_internal (card, req_apptype);
+      if (!err)
+        {
+          ctrl->current_apptype = req_apptype;
+          if (DBG_APP)
+            log_debug ("current_apptype is set to %s\n", name);
+        }
+    }
+  else
+    {
+      err = select_all_additional_applications_internal (ctrl, card);
+    }
+
+  unlock_card (card);
+  return err;
+}
+
+
+char *
+get_supported_applications (void)
+{
+  int idx;
+  size_t nbytes;
+  char *buffer, *p;
+  const char *s;
+
+  for (nbytes=1, idx=0; (s=app_priority_list[idx].name); idx++)
+    nbytes += strlen (s) + 1 + 1;
+
+  buffer = xtrymalloc (nbytes);
+  if (!buffer)
+    return NULL;
+
+  for (p=buffer, idx=0; (s=app_priority_list[idx].name); idx++)
+    if (is_app_allowed (s))
+      p = stpcpy (stpcpy (p, s), ":\n");
+  *p = 0;
+
+  return buffer;
+}
+
+
+/* Deallocate the application.  */
+static void
+deallocate_card (card_t card)
+{
+  card_t c, c_prev = NULL;
+  app_t a, anext;
+
+  for (c = card_top; c; c = c->next)
+    if (c == card)
+      {
+        if (c_prev == NULL)
+          card_top = c->next;
+        else
+          c_prev->next = c->next;
+        break;
+      }
+    else
+      c_prev = c;
+
+  if (card->ref_count)
+    log_error ("releasing still used card context (%d)\n", card->ref_count);
+
+  for (a = card->app; a; a = anext)
+    {
+      if (a->fnc.deinit)
+        {
+          a->fnc.deinit (a);
+          a->fnc.deinit = NULL;
+        }
+      anext = a->next;
+      xfree (a);
+    }
+
+  xfree (card->serialno);
+  unlock_card (card);
+  xfree (card);
+}
+
+
+/* Increment the reference counter of CARD.  Returns CARD.  */
+card_t
+card_ref (card_t card)
+{
+  lock_card (card, NULL);
+  ++card->ref_count;
+  unlock_card (card);
+  return card;
+}
+
+
+/* Decrement the reference counter for CARD.  Note that we are using
+ * reference counting to track the users of the card's application and
+ * are deferring the actual deallocation to allow for a later reuse by
+ * a new connection.  Using NULL for CARD is a no-op. */
+void
+card_unref (card_t card)
+{
+  if (!card)
+    return;
+
+  /* We don't deallocate CARD here.  Instead, we keep it.  This is
+     useful so that a card does not get reset even if only one session
+     is using the card - this way the PIN cache and other cached data
+     are preserved.  */
+
+  lock_card (card, NULL);
+  card_unref_locked (card);
+  unlock_card (card);
+}
+
+
+/* This is the same as card_unref but assumes that CARD is already
+ * locked.  */
+void
+card_unref_locked (card_t card)
+{
+  if (!card)
+    return;
+
+  if (!card->ref_count)
+    log_bug ("tried to release an already released card context\n");
+
+  --card->ref_count;
+}
+
+
+
+/* The serial number may need some cosmetics.  Do it here.  This
+   function shall only be called once after a new serial number has
+   been put into APP->serialno.
+
+   Prefixes we use:
+
+     FF 00 00 = For serial numbers starting with an FF
+     FF 01 00 = Some german p15 cards return an empty serial number so the
+                serial number from the EF(TokenInfo) is used instead.
+     FF 02 00 = Serial number from Yubikey config.
+                This is normally not seen because we modify this here
+                to an OpenPGP Card s/n.
+     FF 7F 00 = No serialno.
+
+     All other serial numbers not starting with FF are used as they are.
+*/
+gpg_error_t
+app_munge_serialno (card_t card)
+{
+  if (card->cardtype == CARDTYPE_YUBIKEY
+      && card->serialnolen == 3 + 1 + 4
+      && !memcmp (card->serialno, "\xff\x02\x00", 3))
+    {
+      /* An example for a serial number is
+       *   FF020001008A77C1
+       *   ~~~~~~--~~~~~~~~
+       *   !     ! !--------- 4 byte s/n
+       *   !     !----------- Form factor
+       *   !----------------- Our prefix
+       * Yubico seems to use the decimalized version of their S/N
+       * as the OpenPGP card S/N.  Thus in theory we can contruct the
+       * number from this information so that we do not rely on having
+       * the OpenPGP app enabled.
+       */
+      unsigned long sn;
+      sn  = card->serialno[4] * 16777216;
+      sn += card->serialno[5] * 65536;
+      sn += card->serialno[6] * 256;
+      sn += card->serialno[7];
+      if (sn <= 99999999ul)
+        {
+          char *buf = xtrymalloc (16);
+          if (!buf)
+            return gpg_error_from_syserror ();
+          memcpy (buf, "\xD2\x76\x00\x01\x24\x01", 6);
+          buf[6] = 0; /* Application version which we don't know  */
+          buf[7] = 0; /* thus we use 0.0 and don't use this directly.  */
+          buf[8] = 0; /* Manufacturer: Yubico (0x0006).  */
+          buf[9] = 6;
+          buf[13] = (sn % 10);
+          sn /= 10;
+          buf[13] |= (sn % 10) << 4;
+          sn /= 10;
+          buf[12] = (sn % 10);
+          sn /= 10;
+          buf[12] |= (sn % 10) << 4;
+          sn /= 10;
+          buf[11] = (sn % 10);
+          sn /= 10;
+          buf[11] |= (sn % 10) << 4;
+          sn /= 10;
+          buf[10] = (sn % 10);
+          sn /= 10;
+          buf[10] |= (sn % 10) << 4;
+          sn /= 10;
+          buf[14] = 0; /* Last two bytes are RFU.  */
+          buf[15] = 0;
+          xfree (card->serialno);
+          card->serialno = buf;
+          card->serialnolen = 16;
+        }
+    }
+  else if (card->serialnolen && card->serialno[0] == 0xff)
+    {
+      /* The serial number starts with our special prefix.  This
+         requires that we put our default prefix "FF0000" in front. */
+      unsigned char *p = xtrymalloc (card->serialnolen + 3);
+      if (!p)
+        return gpg_error_from_syserror ();
+      memcpy (p, "\xff\0", 3);
+      memcpy (p+3, card->serialno, card->serialnolen);
+      card->serialnolen += 3;
+      xfree (card->serialno);
+      card->serialno = p;
+    }
+  else if (!card->serialnolen)
+    {
+      unsigned char *p = xtrymalloc (3);
+      if (!p)
+        return gpg_error_from_syserror ();
+      memcpy (p, "\xff\x7f", 3);
+      card->serialnolen = 3;
+      xfree (card->serialno);
+      card->serialno = p;
+    }
+  return 0;
+}
+
+
+
+/* Retrieve the serial number of the card.  The serial number is
+   returned as a malloced string (hex encoded) in SERIAL.  Caller must
+   free SERIAL unless the function returns an error.  */
+char *
+card_get_serialno (card_t card)
 {
   char *serial;
 
-  if (!app)
+  if (!card)
     return NULL;
 
-  if (!app->serialnolen)
+  if (!card->serialnolen)
     serial = xtrystrdup ("FF7F00");
   else
-    serial = bin2hex (app->serialno, app->serialnolen, NULL);
+    serial = bin2hex (card->serialno, card->serialnolen, NULL);
 
   return serial;
 }
 
+/* Same as card_get_serialno but takes an APP object.  */
+char *
+app_get_serialno (app_t app)
+{
+  if (!app || !app->card)
+    {
+      gpg_err_set_errno (0);
+      return NULL;
+    }
+  return card_get_serialno (app->card);
+}
+
 
 /* Return an allocated string with the serial number in a format to be
  * show to the user.  With NOFALLBACK set to true return NULL if such an
  * abbreviated S/N is not available, else return the full serial
  * number as a hex string.  May return NULL on malloc problem.  */
 char *
-app_get_dispserialno (app_t app, int nofallback)
+card_get_dispserialno (card_t card, int nofallback)
 {
   char *result, *p;
   unsigned long sn;
 
-  if (app && app->serialno && app->serialnolen == 3+1+4
-      && !memcmp (app->serialno, "\xff\x02\x00", 3))
+  if (card && card->serialno && card->serialnolen == 3+1+4
+      && !memcmp (card->serialno, "\xff\x02\x00", 3))
     {
       /* This is a 4 byte S/N of a Yubikey which seems to be printed
        * on the token in decimal.  Maybe they will print larger S/N
        * also in decimal but we can't be sure, thus do it only for
        * these 32 bit numbers.  */
-      sn  = app->serialno[4] * 16777216;
-      sn += app->serialno[5] * 65536;
-      sn += app->serialno[6] * 256;
-      sn += app->serialno[7];
-      if ((app->cardversion >> 16) >= 5)
+      sn  = card->serialno[4] * 16777216;
+      sn += card->serialno[5] * 65536;
+      sn += card->serialno[6] * 256;
+      sn += card->serialno[7];
+      if ((card->cardversion >> 16) >= 5)
         result = xtryasprintf ("%lu %03lu %03lu",
                                (sn/1000000ul),
                                (sn/1000ul % 1000ul),
@@ -735,17 +1321,17 @@ app_get_dispserialno (app_t app, int nofallback)
       else
         result = xtryasprintf ("%lu", sn);
     }
-  else if (app && app->cardtype == CARDTYPE_YUBIKEY)
+  else if (card && card->cardtype == CARDTYPE_YUBIKEY)
     {
       /* Get back the printed Yubikey number from the OpenPGP AID
        * Example: D2760001240100000006120808620000
        */
-      result = app_get_serialno (app);
+      result = card_get_serialno (card);
       if (result && strlen (result) >= 28 && !strncmp (result+16, "0006", 4))
         {
           sn  = atoi_4 (result+20) * 10000;
           sn += atoi_4 (result+24);
-          if ((app->cardversion >> 16) >= 5)
+          if ((card->cardversion >> 16) >= 5)
             p = xtryasprintf ("%lu %03lu %03lu",
                               (sn/1000000ul),
                               (sn/1000ul % 1000ul),
@@ -764,10 +1350,10 @@ app_get_dispserialno (app_t app, int nofallback)
           result = NULL;
         }
     }
-  else if (app && app->apptype == APPTYPE_OPENPGP)
+  else if (card && card->app && card->app->apptype == APPTYPE_OPENPGP)
     {
       /* Extract number from standard OpenPGP AID.  */
-      result = app_get_serialno (app);
+      result = card_get_serialno (card);
       if (result && strlen (result) > 16+12)
         {
           memcpy (result, result+16, 4);
@@ -784,32 +1370,290 @@ app_get_dispserialno (app_t app, int nofallback)
   else if (nofallback)
     result = NULL;  /* No Abbreviated S/N.  */
   else
-    result = app_get_serialno (app);
+    result = card_get_serialno (card);
 
   return result;
 }
 
+/* Same as card_get_dispserialno but takes an APP object.  */
+char *
+app_get_dispserialno (app_t app, int nofallback)
+{
+  if (!app || !app->card)
+    {
+      gpg_err_set_errno (0);
+      return NULL;
+    }
+  return card_get_dispserialno (app->card, nofallback);
+}
 
-/* Write out the application specifig status lines for the LEARN
-   command. */
-gpg_error_t
-app_write_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+
+/* Helper to run the reselect function.  */
+static gpg_error_t
+run_reselect (ctrl_t ctrl, card_t c, app_t a, app_t a_prev)
+{
+  gpg_error_t err;
+
+  if (!a->fnc.reselect)
+    {
+      log_info ("slot %d, app %s: re-select not implemented\n",
+                c->slot, xstrapptype (a));
+      return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+    }
+
+  /* Give the current app a chance to save some state before another
+   * app is selected.  We ignore errors here because that state saving
+   * (e.g. putting PINs into a cache) is a convenience feature and not
+   * required to always work. */
+  if (a_prev && a_prev->fnc.prep_reselect)
+    {
+      if (a_prev->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = a_prev->fnc.prep_reselect (a_prev, ctrl);
+      if (err)
+        log_error ("slot %d, app %s: preparing re-select from %s failed: %s\n",
+                   c->slot, xstrapptype (a),
+                   xstrapptype (a_prev), gpg_strerror (err));
+    }
+
+  if (a->need_reset)
+    err = gpg_error (GPG_ERR_CARD_RESET);
+  else
+    err = a->fnc.reselect (a, ctrl);
+  if (err)
+    {
+      log_error ("slot %d, app %s: error re-selecting: %s\n",
+                     c->slot, xstrapptype (a), gpg_strerror (err));
+      return err;
+    }
+  if (DBG_APP)
+    log_debug ("slot %d, app %s: re-selected\n", c->slot, xstrapptype (a));
+
+  return 0;
+}
+
+
+/* Check that the card has been initialized and whether we need to
+ * switch to another application on the same card.  Switching means
+ * that the new active app will be moved to the head of the list at
+ * CARD->app.  This function must be called with the card lock held. */
+static gpg_error_t
+maybe_switch_app (ctrl_t ctrl, card_t card, const char *keyref)
 {
   gpg_error_t err;
+  app_t app;
+  app_t app_prev = NULL;
+  apptype_t apptype;
 
+  if (!card->ref_count || !card->app)
+    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+  if (!ctrl->current_apptype)
+    {
+      /* For whatever reasons the current apptype has not been set -
+       * fix that and use the current app.  */
+      if (DBG_APP)
+        log_debug ("slot %d: no current app switching to %s\n",
+                   card->slot, strapptype (card->app->apptype));
+      ctrl->current_apptype = card->app->apptype;
+      return 0;
+    }
+  for (app = card->app; app; app = app->next)
+    if (app->apptype == ctrl->current_apptype)
+      break;
+  if (!app)
+    {
+      /* The current app is not supported by this card.  Set the first
+       * app of the card as current.  */
+      if (DBG_APP)
+        log_debug ("slot %d: current app %s not available switching to %s\n",
+                   card->slot, strapptype (ctrl->current_apptype),
+                   strapptype (card->app->apptype));
+      ctrl->current_apptype = card->app->apptype;
+      return 0;
+    }
+  if (DBG_APP)
+    log_debug ("slot %d: have=%s want=%s keyref=%s\n",
+               card->slot, strapptype (card->app->apptype),
+               strapptype (ctrl->current_apptype),
+               keyref? keyref:"[none]");
+
+  app = NULL;
+  if (keyref)
+    {
+      /* Switch based on the requested KEYREF.  */
+      apptype = apptype_from_keyref (keyref);
+      if (apptype)
+        {
+          for (app = card->app; app; app_prev = app, app = app->next)
+            if (app->apptype == apptype)
+              break;
+          if (!app_prev && ctrl->current_apptype == card->app->apptype)
+            return 0;  /* Already the first app - no need to switch.  */
+        }
+      else if (strlen (keyref) == 40)
+        {
+          /* This looks like a keygrip.  Iterate over all apps to find
+           * the corresponding app.  */
+          for (app = card->app; app; app_prev = app, app = app->next)
+            if (app->fnc.with_keygrip
+                && !app->need_reset
+                && !app->fnc.with_keygrip (app, ctrl,
+                                           KEYGRIP_ACTION_LOOKUP, keyref, 0))
+              break;
+          if (!app_prev && ctrl->current_apptype == card->app->apptype)
+            return 0;   /* Already the first app - no need to switch.  */
+        }
+    }
+
+  if (!app)
+    {
+      /* Switch based on the current application of this connection or
+       * if a keyref based switch didn't worked.  */
+      if (ctrl->current_apptype == card->app->apptype)
+        return 0; /* No need to switch.  */
+      app_prev = card->app;
+      for (app = app_prev->next; app; app_prev = app, app = app->next)
+        if (app->apptype == ctrl->current_apptype)
+          break;
+    }
   if (!app)
+    return gpg_error (GPG_ERR_WRONG_CARD);
+
+  err = run_reselect (ctrl, card, app, app_prev);
+  if (err)
+    return err;
+
+  /* Swap APP with the head of the app list if needed.  Note that APP
+   * is not the head of the list. */
+  if (app_prev)
+    {
+      app_prev->next = app->next;
+      app->next = card->app;
+      card->app = app;
+    }
+
+  if (opt.verbose)
+    log_info ("slot %d, app %s: %s\n",
+              card->slot, xstrapptype (app),
+              app_prev? "switched":"re-selected");
+
+  ctrl->current_apptype = app->apptype;
+
+  return 0;
+}
+
+
+/* Helper for app_write_learn_status.  */
+static gpg_error_t
+write_learn_status_core (card_t card, app_t app, ctrl_t ctrl,
+                         unsigned int flags)
+{
+  gpg_error_t err;
+
+  /* We do not send CARD and APPTYPE if only keypairinfo is requested.  */
+  if (!(flags & APP_LEARN_FLAG_KEYPAIRINFO))
+    {
+      if (card && card->cardtype)
+        send_status_direct (ctrl, "CARDTYPE", strcardtype (card->cardtype));
+      if (card && card->cardversion)
+        send_status_printf (ctrl, "CARDVERSION", "%X", card->cardversion);
+      if (app->apptype)
+        send_status_direct (ctrl, "APPTYPE", strapptype (app->apptype));
+      if (app->appversion)
+        send_status_printf (ctrl, "APPVERSION", "%X", app->appversion);
+    }
+
+  if (app->need_reset)
+    err = gpg_error (GPG_ERR_CARD_RESET);
+  else
+    {
+      err = app->fnc.learn_status (app, ctrl, flags);
+      if (err && (flags & APP_LEARN_FLAG_REREAD))
+        app->need_reset = 1;
+    }
+  return err;
+}
+
+
+/* Write out the application specific status lines for the LEARN
+   command. */
+gpg_error_t
+app_write_learn_status (card_t card, ctrl_t ctrl, unsigned int flags)
+{
+  gpg_error_t err, err2, tmperr;
+  app_t app, last_app;
+  int any_reselect = 0;
+
+  if (!card)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->fnc.learn_status)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
-  /* We do not send APPTYPE if only keypairinfo is requested.  */
-  if (app->apptype && !(flags & 1))
-    send_status_direct (ctrl, "APPTYPE", strapptype (app->apptype));
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.learn_status (app, ctrl, flags);
-  unlock_app (app);
+
+  /* Always make sure that the current app for this connection has
+   * been selected and is at the top of the list.  */
+  if ((err = maybe_switch_app (ctrl, card, NULL)))
+    ;
+  else if (!card->app->fnc.learn_status)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      err = write_learn_status_core (card, card->app, ctrl, flags);
+      if (!err && card->app->fnc.reselect && (flags & APP_LEARN_FLAG_MULTI))
+        {
+          /* The current app has the reselect feature so that we can
+           * loop over all other apps which are capable of a reselect
+           * and finally reselect the first app again.  Note that we
+           * did the learn for the currently selected card above.  */
+          app = last_app = card->app;
+          for (app = app->next; app && !err; app = app->next)
+            if (app->fnc.reselect)
+              {
+                if (last_app && last_app->fnc.prep_reselect)
+                  {
+                    tmperr = last_app->fnc.prep_reselect (last_app, ctrl);
+                    if (tmperr)
+                      log_info ("slot %d, app %s:"
+                                " preparing re-select from %s failed: %s\n",
+                                card->slot, xstrapptype (app),
+                                xstrapptype (last_app),
+                                gpg_strerror (tmperr));
+                  }
+                any_reselect = 1;
+                err = app->fnc.reselect (app, ctrl);
+                if (!err)
+                  {
+                    last_app = app;
+                    err = write_learn_status_core (NULL, app, ctrl, flags);
+                  }
+              }
+          app = card->app;
+          if (any_reselect)
+            {
+              if (last_app && last_app->fnc.prep_reselect)
+                {
+                  tmperr = last_app->fnc.prep_reselect (last_app, ctrl);
+                  if (tmperr)
+                    log_info ("slot %d, app %s:"
+                              " preparing re-select from %s failed: %s\n",
+                              card->slot, xstrapptype (app),
+                              xstrapptype (last_app), gpg_strerror (tmperr));
+                }
+              err2 = app->fnc.reselect (app, ctrl);
+              if (err2)
+                {
+                  log_error ("error re-selecting '%s': %s\n",
+                             strapptype(app->apptype), gpg_strerror (err2));
+                  if (!err)
+                    err = err2;
+                }
+            }
+        }
+    }
+
+  unlock_card (card);
   return err;
 }
 
@@ -819,35 +1663,47 @@ app_write_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
    buffer put into CERT and the length of the certificate put into
    CERTLEN. */
 gpg_error_t
-app_readcert (app_t app, ctrl_t ctrl, const char *certid,
+app_readcert (card_t card, ctrl_t ctrl, const char *certid,
               unsigned char **cert, size_t *certlen)
 {
   gpg_error_t err;
 
-  if (!app)
+  if (!card)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.readcert)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.readcert (app, certid, cert, certlen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, certid)))
+    ;
+  else if (!card->app->fnc.readcert)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling readcert(%s)\n",
+                   card->slot, xstrapptype (card->app), certid);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.readcert (card->app, certid, cert, certlen);
+    }
+
+  unlock_card (card);
   return err;
 }
 
 
 /* Read the key with ID KEYID.  On success a canonical encoded
-   S-expression with the public key will get stored at PK and its
-   length (for assertions) at PKLEN; the caller must release that
-   buffer. On error NULL will be stored at PK and PKLEN and an error
-   code returned.
-
-   This function might not be supported by all applications.  */
+ * S-expression with the public key will get stored at PK and its
+ * length (for assertions) at PKLEN; the caller must release that
+ * buffer. On error NULL will be stored at PK and PKLEN and an error
+ * code returned.  If the key is not required NULL may be passed for
+ * PK; this makes sense if the APP_READKEY_FLAG_INFO has also been set.
+ *
+ * This function might not be supported by all applications.  */
 gpg_error_t
-app_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid,
+app_readkey (card_t card, ctrl_t ctrl, const char *keyid, unsigned int flags,
              unsigned char **pk, size_t *pklen)
 {
   gpg_error_t err;
@@ -857,90 +1713,126 @@ app_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid,
   if (pklen)
     *pklen = 0;
 
-  if (!app || !keyid || !pk || !pklen)
+  if (!card || !keyid)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.readkey)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err= app->fnc.readkey (app, ctrl, keyid,
-                         advanced? APP_READKEY_FLAG_ADVANCED : 0,
-                         pk, pklen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keyid)))
+    ;
+  else if (!card->app->fnc.readkey)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling readkey(%s)\n",
+                   card->slot, xstrapptype (card->app), keyid);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.readkey (card->app, ctrl, keyid, flags, pk, pklen);
+    }
+
+  unlock_card (card);
   return err;
 }
 
 
 /* Perform a GETATTR operation.  */
 gpg_error_t
-app_getattr (app_t app, ctrl_t ctrl, const char *name)
+app_getattr (card_t card, ctrl_t ctrl, const char *name)
 {
   gpg_error_t err;
 
-  if (!app || !name || !*name)
+  if (!card || !name || !*name)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+  err = lock_card (card, ctrl);
+  if (err)
+    return err;
 
-  if (app->apptype && name && !strcmp (name, "APPTYPE"))
+  if ((err = maybe_switch_app (ctrl, card, NULL)))
+    ;
+  else if (name && !strcmp (name, "CARDTYPE"))
     {
-      send_status_direct (ctrl, "APPTYPE", strapptype (app->apptype));
-      return 0;
+      send_status_direct (ctrl, "CARDTYPE", strcardtype (card->cardtype));
     }
-  if (name && !strcmp (name, "SERIALNO"))
+  else if (name && !strcmp (name, "APPTYPE"))
+    {
+      send_status_direct (ctrl, "APPTYPE", strapptype (card->app->apptype));
+    }
+  else if (name && !strcmp (name, "SERIALNO"))
     {
       char *serial;
 
-      serial = app_get_serialno (app);
+      serial = app_get_serialno (card->app);
       if (!serial)
-        return gpg_error (GPG_ERR_INV_VALUE);
-
-      send_status_direct (ctrl, "SERIALNO", serial);
-      xfree (serial);
-      return 0;
+        err = gpg_error (GPG_ERR_INV_VALUE);
+      else
+        {
+          send_status_direct (ctrl, "SERIALNO", serial);
+          xfree (serial);
+        }
+    }
+  else if (!card->app->fnc.getattr)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling getattr(%s)\n",
+                   card->slot, xstrapptype (card->app), name);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.getattr (card->app, ctrl, name);
     }
 
-  if (!app->fnc.getattr)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
-  if (err)
-    return err;
-  err =  app->fnc.getattr (app, ctrl, name);
-  unlock_app (app);
+  unlock_card (card);
   return err;
 }
 
+
 /* Perform a SETATTR operation.  */
 gpg_error_t
-app_setattr (app_t app, ctrl_t ctrl, const char *name,
+app_setattr (card_t card, ctrl_t ctrl, const char *name,
              gpg_error_t (*pincb)(void*, const char *, char **),
              void *pincb_arg,
              const unsigned char *value, size_t valuelen)
 {
   gpg_error_t err;
 
-  if (!app || !name || !*name || !value)
+  if (!card || !name || !*name || !value)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.setattr)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.setattr (app, ctrl, name, pincb, pincb_arg, value, valuelen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, NULL)))
+    ;
+  else if (!card->app->fnc.setattr)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling setattr(%s)\n",
+                   card->slot, xstrapptype (card->app), name);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.setattr (card->app, ctrl, name, pincb, pincb_arg,
+                                      value, valuelen);
+    }
+
+  unlock_card (card);
   return err;
 }
 
+
 /* Create the signature and return the allocated result in OUTDATA.
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
 gpg_error_t
-app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
+app_sign (card_t card, ctrl_t ctrl, const char *keyidstr, int hashalgo,
           gpg_error_t (*pincb)(void*, const char *, char **),
           void *pincb_arg,
           const void *indata, size_t indatalen,
@@ -948,31 +1840,43 @@ app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
 {
   gpg_error_t err;
 
-  if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+  if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.sign)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.sign (app, ctrl, keyidstr, hashalgo,
-                       pincb, pincb_arg,
-                       indata, indatalen,
-                       outdata, outdatalen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keyidstr)))
+    ;
+  else if (!card->app->fnc.sign)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling sign(%s)\n",
+                   card->slot, xstrapptype (card->app), keyidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.sign (card->app, ctrl, keyidstr, hashalgo,
+                                   pincb, pincb_arg,
+                                   indata, indatalen,
+                                   outdata, outdatalen);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation sign result: %s\n", gpg_strerror (err));
   return err;
 }
 
+
 /* Create the signature using the INTERNAL AUTHENTICATE command and
    return the allocated result in OUTDATA.  If a PIN is required the
    PINCB will be used to ask for the PIN; it should return the PIN in
    an allocated buffer and put it into PIN.  */
 gpg_error_t
-app_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
+app_auth (card_t card, ctrl_t ctrl, const char *keyidstr,
           gpg_error_t (*pincb)(void*, const char *, char **),
           void *pincb_arg,
           const void *indata, size_t indatalen,
@@ -980,20 +1884,31 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
 {
   gpg_error_t err;
 
-  if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+  if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.auth)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.auth (app, ctrl, keyidstr,
-                       pincb, pincb_arg,
-                       indata, indatalen,
-                       outdata, outdatalen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keyidstr)))
+    ;
+  else if (!card->app->fnc.auth)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling auth(%s)\n",
+                   card->slot, xstrapptype (card->app), keyidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.auth (card->app, ctrl, keyidstr,
+                                   pincb, pincb_arg,
+                                   indata, indatalen,
+                                   outdata, outdatalen);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation auth result: %s\n", gpg_strerror (err));
   return err;
@@ -1004,7 +1919,7 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
    If a PIN is required the PINCB will be used to ask for the PIN; it
    should return the PIN in an allocated buffer and put it into PIN.  */
 gpg_error_t
-app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
+app_decipher (card_t card, ctrl_t ctrl, const char *keyidstr,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg,
               const void *indata, size_t indatalen,
@@ -1015,21 +1930,32 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
 
   *r_info = 0;
 
-  if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+  if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.decipher)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.decipher (app, ctrl, keyidstr,
-                           pincb, pincb_arg,
-                           indata, indatalen,
-                           outdata, outdatalen,
-                           r_info);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keyidstr)))
+    ;
+  else if (!card->app->fnc.decipher)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling decipher(%s)\n",
+                   card->slot, xstrapptype (card->app), keyidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.decipher (card->app, ctrl, keyidstr,
+                                       pincb, pincb_arg,
+                                       indata, indatalen,
+                                       outdata, outdatalen,
+                                       r_info);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation decipher result: %s\n", gpg_strerror (err));
   return err;
@@ -1038,26 +1964,37 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
 
 /* Perform the WRITECERT operation.  */
 gpg_error_t
-app_writecert (app_t app, ctrl_t ctrl,
-              const char *certidstr,
-              gpg_error_t (*pincb)(void*, const char *, char **),
-              void *pincb_arg,
-              const unsigned char *data, size_t datalen)
+app_writecert (card_t card, ctrl_t ctrl,
+               const char *certidstr,
+               gpg_error_t (*pincb)(void*, const char *, char **),
+               void *pincb_arg,
+               const unsigned char *data, size_t datalen)
 {
   gpg_error_t err;
 
-  if (!app || !certidstr || !*certidstr || !pincb)
+  if (!card || !certidstr || !*certidstr || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.writecert)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.writecert (app, ctrl, certidstr,
-                            pincb, pincb_arg, data, datalen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, certidstr)))
+    ;
+  else if (!card->app->fnc.writecert)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling writecert(%s)\n",
+                   card->slot, xstrapptype (card->app), certidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.writecert (card->app, ctrl, certidstr,
+                                        pincb, pincb_arg, data, datalen);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation writecert result: %s\n", gpg_strerror (err));
   return err;
@@ -1066,7 +2003,7 @@ app_writecert (app_t app, ctrl_t ctrl,
 
 /* Perform the WRITEKEY operation.  */
 gpg_error_t
-app_writekey (app_t app, ctrl_t ctrl,
+app_writekey (card_t card, ctrl_t ctrl,
               const char *keyidstr, unsigned int flags,
               gpg_error_t (*pincb)(void*, const char *, char **),
               void *pincb_arg,
@@ -1074,45 +2011,67 @@ app_writekey (app_t app, ctrl_t ctrl,
 {
   gpg_error_t err;
 
-  if (!app || !keyidstr || !*keyidstr || !pincb)
+  if (!card || !keyidstr || !*keyidstr || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.writekey)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.writekey (app, ctrl, keyidstr, flags,
-                           pincb, pincb_arg, keydata, keydatalen);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keyidstr)))
+    ;
+  else if (!card->app->fnc.writekey)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling writekey(%s)\n",
+                   card->slot, xstrapptype (card->app), keyidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.writekey (card->app, ctrl, keyidstr, flags,
+                                       pincb, pincb_arg, keydata, keydatalen);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation writekey result: %s\n", gpg_strerror (err));
   return err;
 }
 
 
-/* Perform a SETATTR operation.  */
+/* Perform a GENKEY operation.  */
 gpg_error_t
-app_genkey (app_t app, ctrl_t ctrl, const char *keynostr,
+app_genkey (card_t card, ctrl_t ctrl, const char *keynostr,
             const char *keytype, unsigned int flags, time_t createtime,
             gpg_error_t (*pincb)(void*, const char *, char **),
             void *pincb_arg)
 {
   gpg_error_t err;
 
-  if (!app || !keynostr || !*keynostr || !pincb)
+  if (!card || !keynostr || !*keynostr || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.genkey)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.genkey (app, ctrl, keynostr, keytype, flags,
-                         createtime, pincb, pincb_arg);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, keynostr)))
+    ;
+  else if (!card->app->fnc.genkey)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling genkey(%s)\n",
+                   card->slot, xstrapptype (card->app), keynostr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.genkey (card->app, ctrl, keynostr, keytype, flags,
+                                     createtime, pincb, pincb_arg);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation genkey result: %s\n", gpg_strerror (err));
   return err;
@@ -1123,44 +2082,59 @@ app_genkey (app_t app, ctrl_t ctrl, const char *keynostr,
    directly accesses the card without any application specific
    wrapper. */
 gpg_error_t
-app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes, unsigned char *buffer)
+app_get_challenge (card_t card, ctrl_t ctrl,
+                   size_t nbytes, unsigned char *buffer)
 {
   gpg_error_t err;
 
-  if (!app || !nbytes || !buffer)
+  if (!card || !nbytes || !buffer)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = iso7816_get_challenge (app->slot, nbytes, buffer);
-  unlock_app (app);
+
+  if (!card->ref_count)
+    err = gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+  else
+    err = iso7816_get_challenge (card->slot, nbytes, buffer);
+
+  unlock_card (card);
   return err;
 }
 
 
-
 /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation.  */
 gpg_error_t
-app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+app_change_pin (card_t card, ctrl_t ctrl, const char *chvnostr,
                 unsigned int flags,
                 gpg_error_t (*pincb)(void*, const char *, char **),
                 void *pincb_arg)
 {
   gpg_error_t err;
 
-  if (!app || !chvnostr || !*chvnostr || !pincb)
+  if (!card || !chvnostr || !*chvnostr || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.change_pin)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.change_pin (app, ctrl, chvnostr, flags, pincb, pincb_arg);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, NULL)))
+    ;
+  else if (!card->app->fnc.change_pin)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling change_pin(%s)\n",
+                   card->slot, xstrapptype (card->app), chvnostr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.change_pin (card->app, ctrl,
+                                         chvnostr, flags, pincb, pincb_arg);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation change_pin result: %s\n", gpg_strerror (err));
   return err;
@@ -1171,28 +2145,41 @@ app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
    be used to initialize a the PIN cache for long lasting other
    operations.  Its use is highly application dependent. */
 gpg_error_t
-app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
+app_check_pin (card_t card, ctrl_t ctrl, const char *keyidstr,
                gpg_error_t (*pincb)(void*, const char *, char **),
                void *pincb_arg)
 {
   gpg_error_t err;
 
-  if (!app || !keyidstr || !*keyidstr || !pincb)
+  if (!card || !keyidstr || !*keyidstr || !pincb)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (!app->ref_count)
-    return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
-  if (!app->fnc.check_pin)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
-  err = lock_app (app, ctrl);
+  err = lock_card (card, ctrl);
   if (err)
     return err;
-  err = app->fnc.check_pin (app, ctrl, keyidstr, pincb, pincb_arg);
-  unlock_app (app);
+
+  if ((err = maybe_switch_app (ctrl, card, NULL)))
+    ;
+  else if (!card->app->fnc.check_pin)
+    err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+  else
+    {
+      if (DBG_APP)
+        log_debug ("slot %d app %s: calling check_pin(%s)\n",
+                   card->slot, xstrapptype (card->app), keyidstr);
+      if (card->app->need_reset)
+        err = gpg_error (GPG_ERR_CARD_RESET);
+      else
+        err = card->app->fnc.check_pin (card->app, ctrl, keyidstr,
+                                        pincb, pincb_arg);
+    }
+
+  unlock_card (card);
   if (opt.verbose)
     log_info ("operation check_pin result: %s\n", gpg_strerror (err));
   return err;
 }
 
+
 static void
 report_change (int slot, int old_status, int cur_status)
 {
@@ -1252,26 +2239,28 @@ report_change (int slot, int old_status, int cur_status)
   xfree (homestr);
 }
 
+
 int
 scd_update_reader_status_file (void)
 {
-  app_t a, app_next;
+  card_t card, card_next;
   int periodical_check_needed = 0;
+  int reported = 0;
 
-  npth_mutex_lock (&app_list_lock);
-  for (a = app_top; a; a = app_next)
+  npth_mutex_lock (&card_list_lock);
+  for (card = card_top; card; card = card_next)
     {
       int sw;
       unsigned int status;
 
-      lock_app (a, NULL);
-      app_next = a->next;
+      lock_card (card, NULL);
+      card_next = card->next;
 
-      if (a->reset_requested)
+      if (card->reset_requested)
         status = 0;
       else
         {
-          sw = apdu_get_status (a->slot, 0, &status);
+          sw = apdu_get_status (card->slot, 0, &status);
           if (sw == SW_HOST_NO_READER)
             {
               /* Most likely the _reader_ has been unplugged.  */
@@ -1280,40 +2269,47 @@ scd_update_reader_status_file (void)
           else if (sw)
             {
               /* Get status failed.  Ignore that.  */
-              if (a->periodical_check_needed)
+              if (card->periodical_check_needed)
                 periodical_check_needed = 1;
-              unlock_app (a);
+              unlock_card (card);
               continue;
             }
         }
 
-      if (a->card_status != status)
+      if (card->card_status != status)
         {
-          report_change (a->slot, a->card_status, status);
-          send_client_notifications (a, status == 0);
+          report_change (card->slot, card->card_status, status);
+          send_client_notifications (card, status == 0);
+          reported++;
 
           if (status == 0)
             {
-              log_debug ("Removal of a card: %d\n", a->slot);
-              apdu_close_reader (a->slot);
-              deallocate_app (a);
+              if (DBG_APP)
+                log_debug ("Removal of a card: %d\n", card->slot);
+              pincache_put (NULL, card->slot, NULL, NULL, NULL, 0);
+              apdu_close_reader (card->slot);
+              deallocate_card (card);
             }
           else
             {
-              a->card_status = status;
-              if (a->periodical_check_needed)
+              card->card_status = status;
+              if (card->periodical_check_needed)
                 periodical_check_needed = 1;
-              unlock_app (a);
+              unlock_card (card);
             }
         }
       else
         {
-          if (a->periodical_check_needed)
+          if (card->periodical_check_needed)
             periodical_check_needed = 1;
-          unlock_app (a);
+          unlock_card (card);
         }
     }
-  npth_mutex_unlock (&app_list_lock);
+
+  if (reported)
+    npth_cond_broadcast (&notify_cond);
+
+  npth_mutex_unlock (&card_list_lock);
 
   return periodical_check_needed;
 }
@@ -1327,30 +2323,305 @@ initialize_module_command (void)
 {
   gpg_error_t err;
 
-  if (npth_mutex_init (&app_list_lock, NULL))
+  if (npth_mutex_init (&card_list_lock, NULL))
     {
       err = gpg_error_from_syserror ();
       log_error ("app: error initializing mutex: %s\n", gpg_strerror (err));
       return err;
     }
 
+  err = npth_cond_init (&notify_cond, NULL);
+  if (err)
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("npth_cond_init failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
   return apdu_init ();
 }
 
-void
-app_send_card_list (ctrl_t ctrl)
+
+/* Sort helper for app_send_card_list.  */
+static int
+compare_card_list_items (const void *arg_a, const void *arg_b)
 {
+  const card_t a = *(const card_t *)arg_a;
+  const card_t b = *(const card_t *)arg_b;
+
+  return a->slot - b->slot;
+}
+
+
+/* Helper for send_card_and_app_list and app_switch_active_app.  */
+static gpg_error_t
+send_serialno_and_app_status (card_t card, int with_apps, ctrl_t ctrl)
+{
+  gpg_error_t err;
   app_t a;
-  char buf[65];
+  char *serial;
+  char *p;
+  membuf_t mb;
+  int any = 0;
+
+  serial = card_get_serialno (card);
+  if (!serial)
+    return 0; /* Oops.  */
+
+  if (with_apps)
+    {
+      /* Note that in case the additional applications have not yet been
+       * added to the card context (which is commonly done by means of
+       * "SERIALNO --all", we do that here.  */
+      err = select_all_additional_applications_internal (ctrl, card);
+      if (err)
+        {
+          xfree (serial);
+          return err;
+        }
+
+      init_membuf (&mb, 256);
+      put_membuf_str (&mb, serial);
+      for (a = card->app; a; a = a->next)
+        {
+          if (!a->fnc.with_keygrip || a->need_reset)
+            continue;
+          any = 1;
+          put_membuf (&mb, " ", 1);
+          put_membuf_str (&mb, xstrapptype (a));
+        }
+      if (!any && card->app)
+        {
+          /* No card app supports the with_keygrip function.  Use the
+           * main app as fallback.  */
+          put_membuf (&mb, " ", 1);
+          put_membuf_str (&mb, xstrapptype (card->app));
+        }
+      put_membuf (&mb, "", 1);
+      p = get_membuf (&mb, NULL);
+      if (!p)
+        {
+          err = gpg_error_from_syserror ();
+          xfree (serial);
+          return err;
+        }
+      send_status_direct (ctrl, "SERIALNO", p);
+      xfree (p);
+    }
+  else
+    send_status_direct (ctrl, "SERIALNO", serial);
+
+  xfree (serial);
+  return 0;
+}
 
-  npth_mutex_lock (&app_list_lock);
-  for (a = app_top; a; a = a->next)
+
+/* Common code for app_send_card_list and app_send_active_apps.  */
+static gpg_error_t
+send_card_and_app_list (ctrl_t ctrl, card_t wantcard, int with_apps)
+{
+  gpg_error_t err;
+  card_t c;
+  card_t *cardlist = NULL;
+  int n, ncardlist;
+
+  npth_mutex_lock (&card_list_lock);
+  for (n=0, c = card_top; c; c = c->next)
+    n++;
+  if (!n)
+    {
+      err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
+      goto leave;
+    }
+  cardlist = xtrycalloc (n, sizeof *cardlist);
+  if (!cardlist)
     {
-      if (DIM (buf) < 2 * a->serialnolen + 1)
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  for (ncardlist=0, c = card_top; c; c = c->next)
+    cardlist[ncardlist++] = c;
+  qsort (cardlist, ncardlist, sizeof *cardlist, compare_card_list_items);
+
+  for (n=0; n < ncardlist; n++)
+    {
+      if (wantcard && wantcard != cardlist[n])
         continue;
+      err = send_serialno_and_app_status (cardlist[n], with_apps, ctrl);
+      if (err)
+        goto leave;
+    }
+
+  err = 0;
+
+ leave:
+  npth_mutex_unlock (&card_list_lock);
+  xfree (cardlist);
+  return err;
+}
+
+
+/* Send status lines with the serialno of all inserted cards.  */
+gpg_error_t
+app_send_card_list (ctrl_t ctrl)
+{
+  return send_card_and_app_list (ctrl, NULL, 0);
+}
 
-      bin2hex (a->serialno, a->serialnolen, buf);
-      send_status_direct (ctrl, "SERIALNO", buf);
+
+/* Send status lines with the serialno and appname of the current card
+ * or of all cards if CARD is NULL.  */
+gpg_error_t
+app_send_active_apps (card_t card, ctrl_t ctrl)
+{
+  return send_card_and_app_list (ctrl, card, 1);
+}
+
+
+/* Switch to APPNAME and print a respective status line with that app
+ * listed first.  If APPNAME is NULL or the empty string no switching
+ * is done but the status line is printed anyway.  */
+gpg_error_t
+app_switch_active_app (card_t card, ctrl_t ctrl, const char *appname)
+{
+  gpg_error_t err;
+  apptype_t apptype;
+
+  if (!card)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  err = lock_card (card, ctrl);
+  if (err)
+    return err;
+
+  /* Note that in case the additional applications have not yet been
+   * added to the card context (which is commonly done by means of
+   * "SERIALNO --all", we do that here.  */
+  err = select_all_additional_applications_internal (ctrl, card);
+  if (err)
+    goto leave;
+
+  if (appname && *appname)
+    {
+      apptype = apptype_from_name (appname);
+      if (!apptype)
+        {
+          err = gpg_error (GPG_ERR_NOT_FOUND);
+          goto leave;
+        }
+
+      ctrl->current_apptype = apptype;
+      err = maybe_switch_app (ctrl, card, NULL);
+      if (err)
+        goto leave;
+    }
+
+  /* Print the status line.  */
+  err = send_serialno_and_app_status (card, 1, ctrl);
+
+ leave:
+  unlock_card (card);
+  return err;
+}
+
+
+/* Execute an action for each app.  ACTION can be one of:
+ *
+ * - KEYGRIP_ACTION_SEND_DATA
+ *
+ *     If KEYGRIP_STR matches a public key of any active application
+ *     send information as LF terminated data lines about the public
+ *     key.  The format of these lines is
+ *         <keygrip> T <serialno> <idstr>
+ *     If a match was found a pointer to the matching application is
+ *     returned.  With the KEYGRIP_STR given as NULL, lines for all
+ *     keys (with CAPABILITY) will be send and the return value is
+ *     GPG_ERR_TRUE.
+ *
+ * - KEYGRIP_ACTION_WRITE_STATUS
+ *
+ *     Same as KEYGRIP_ACTION_SEND_DATA but uses status lines instead
+ *     of data lines.
+ *
+ * - KEYGRIP_ACTION_LOOKUP
+ *
+ *     Returns a pointer to the application matching KEYGRIP_STR but
+ *     does not emit any status or data lines.  If no key with that
+ *     keygrip is available or KEYGRIP_STR is NULL, GPG_ERR_NOT_FOUND
+ *     is returned.
+ */
+card_t
+app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str,
+                     int capability)
+{
+  int locked = 0;
+  card_t c;
+  app_t a, a_prev;
+
+  npth_mutex_lock (&card_list_lock);
+
+  for (c = card_top; c; c = c->next)
+    {
+      if (lock_card (c, ctrl))
+        {
+          c = NULL;
+          goto leave_the_loop;
+        }
+      locked = 1;
+      a_prev = NULL;
+      for (a = c->app; a; a = a->next)
+        {
+          if (!a->fnc.with_keygrip || a->need_reset)
+            continue;
+
+          /* Note that we need to do a re-select even for the current
+           * app because the last selected application (e.g. after
+           * init) might be a different one and we do not run
+           * maybe_switch_app here.  Of course we we do this only iff
+           * we have an additional app. */
+          if (c->app->next)
+            {
+              if (run_reselect (ctrl, c, a, a_prev))
+                continue;
+            }
+          a_prev = a;
+
+          if (DBG_APP)
+            log_debug ("slot %d, app %s: calling with_keygrip(%s)\n",
+                       c->slot, xstrapptype (a),
+                       action == KEYGRIP_ACTION_SEND_DATA? "send_data":
+                       action == KEYGRIP_ACTION_WRITE_STATUS? "status":
+                       action == KEYGRIP_ACTION_LOOKUP? "lookup":"?");
+          if (!a->fnc.with_keygrip (a, ctrl, action, keygrip_str, capability))
+            goto leave_the_loop; /* ACTION_LOOKUP succeeded.  */
+        }
+
+      /* Select the first app again.  */
+      if (c->app->next)
+        run_reselect (ctrl, c, c->app, a_prev);
+
+      unlock_card (c);
+      locked = 0;
+    }
+
+ leave_the_loop:
+  /* Force switching of the app if the selected one is not the current
+   * one.  Changing the current apptype is sufficient to do this.  */
+  if (c && c->app && c->app->apptype != a->apptype)
+    ctrl->current_apptype = a->apptype;
+
+  if (locked && c)
+    {
+      unlock_card (c);
+      locked = 0;
     }
-  npth_mutex_unlock (&app_list_lock);
+  npth_mutex_unlock (&card_list_lock);
+  return c;
+}
+
+void
+app_wait (void)
+{
+  npth_mutex_lock (&card_list_lock);
+  npth_cond_wait (&notify_cond, &card_list_lock);
+  npth_mutex_unlock (&card_list_lock);
 }
diff --git a/scd/atr.c b/scd/atr.c
index 4f5a3b8..4cdc7c4 100644
--- a/scd/atr.c
+++ b/scd/atr.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include <gpg-error.h>
 #include "../common/logging.h"
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 214165f..603c0cd 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -78,7 +78,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
@@ -111,27 +110,11 @@
 /* CCID command timeout.  */
 #define CCID_CMD_TIMEOUT (5*1000)
 
-/* Number of supported devices.  See MAX_READER in apdu.c. */
-#define CCID_MAX_DEVICE 4
-
-
 /* Depending on how this source is used we either define our error
-   output to go to stderr or to the GnuPG based logging functions.  We
-   use the latter when GNUPG_MAJOR_VERSION or GNUPG_SCD_MAIN_HEADER
-   are defined.  */
-#if defined(GNUPG_MAJOR_VERSION) || defined(GNUPG_SCD_MAIN_HEADER)
-
-#if defined(GNUPG_SCD_MAIN_HEADER)
-#  include GNUPG_SCD_MAIN_HEADER
-#elif GNUPG_MAJOR_VERSION == 1 /* GnuPG Version is < 1.9. */
-#  include "options.h"
-#  include "util.h"
-#  include "memory.h"
-#  include "cardglue.h"
-# else /* This is the modularized GnuPG 1.9 or later. */
+ * output to go to stderr or to the GnuPG based logging functions.  We
+ * use the latter when GNUPG_MAJOR_VERSION is defined.  */
+#if defined(GNUPG_MAJOR_VERSION)
 #  include "scdaemon.h"
-#endif
-
 
 # define DEBUGOUT(t)         do { if (debug_level) \
                                   log_debug (DRVNAME t); } while (0)
@@ -177,7 +160,7 @@
 # define DEBUGOUT_LF()        do { if (debug_level) \
                      putc ('\n', stderr); } while (0)
 
-#endif /* This source not used by scdaemon. */
+#endif /* This source is not used by scdaemon. */
 
 
 #ifndef EAGAIN
@@ -265,19 +248,6 @@ struct ccid_driver_s
 };
 
 
-/* Object to keep infos about found ccid devices.  */
-struct ccid_dev_table {
-  int n;                        /* Index to ccid_usb_dev_list */
-  int interface_number;
-  int setting_number;
-  unsigned char *ifcdesc_extra;
-  int ep_bulk_out;
-  int ep_bulk_in;
-  int ep_intr;
-  size_t ifcdesc_extra_len;
-};
-
-
 static int initialized_usb; /* Tracks whether USB has been initialized. */
 static int debug_level;     /* Flag to control the debug output.
                                0 = No debugging
@@ -287,10 +257,6 @@ static int debug_level;     /* Flag to control the debug output.
                               */
 static int ccid_usb_thread_is_alive;
 
-static libusb_device **ccid_usb_dev_list;
-static struct ccid_dev_table ccid_dev_table[CCID_MAX_DEVICE];
-
-
 
 static unsigned int compute_edc (const unsigned char *data, size_t datalen,
                                  int use_crc);
@@ -1325,31 +1291,31 @@ ccid_vendor_specific_setup (ccid_driver_t handle)
 {
   if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
     {
-#ifdef USE_NPTH
-      npth_unprotect ();
-#endif
-      libusb_clear_halt (handle->idev, handle->ep_intr);
-#ifdef USE_NPTH
-      npth_protect ();
-#endif
-    }
-  return 0;
-}
-
-
-static int
-ccid_vendor_specific_pinpad_setup (ccid_driver_t handle)
-{
-  if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
-    {
       DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
       send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3,
                        NULL, 0, NULL);
+      libusb_clear_halt (handle->idev, handle->ep_intr);
     }
   return 0;
 }
 
 
+#define MAX_DEVICE 16 /* See MAX_READER in apdu.c.  */
+
+struct ccid_dev_table {
+  int n;                        /* Index to ccid_usb_dev_list */
+  int interface_number;
+  int setting_number;
+  unsigned char *ifcdesc_extra;
+  int ep_bulk_out;
+  int ep_bulk_in;
+  int ep_intr;
+  size_t ifcdesc_extra_len;
+};
+
+static libusb_device **ccid_usb_dev_list;
+static struct ccid_dev_table ccid_dev_table[MAX_DEVICE];
+
 gpg_error_t
 ccid_dev_scan (int *idx_max_p, void **t_p)
 {
@@ -1434,7 +1400,7 @@ ccid_dev_scan (int *idx_max_p, void **t_p)
                 ccid_dev_table[idx].ep_intr = find_endpoint (ifcdesc, 2);
 
                 idx++;
-                if (idx >= CCID_MAX_DEVICE)
+                if (idx >= MAX_DEVICE)
                   {
                     libusb_free_config_descriptor (config);
                     err = 0;
@@ -1452,15 +1418,15 @@ ccid_dev_scan (int *idx_max_p, void **t_p)
     {
       for (i = 0; i < idx; i++)
         {
-          free (ccid_dev_table[i].ifcdesc_extra);
-          ccid_dev_table[i].n = 0;
-          ccid_dev_table[i].interface_number = 0;
-          ccid_dev_table[i].setting_number = 0;
-          ccid_dev_table[i].ifcdesc_extra = NULL;
-          ccid_dev_table[i].ifcdesc_extra_len = 0;
-          ccid_dev_table[i].ep_bulk_out = 0;
-          ccid_dev_table[i].ep_bulk_in = 0;
-          ccid_dev_table[i].ep_intr = 0;
+          free (ccid_dev_table[idx].ifcdesc_extra);
+          ccid_dev_table[idx].n = 0;
+          ccid_dev_table[idx].interface_number = 0;
+          ccid_dev_table[idx].setting_number = 0;
+          ccid_dev_table[idx].ifcdesc_extra = NULL;
+          ccid_dev_table[idx].ifcdesc_extra_len = 0;
+          ccid_dev_table[idx].ep_bulk_out = 0;
+          ccid_dev_table[idx].ep_bulk_in = 0;
+          ccid_dev_table[idx].ep_intr = 0;
         }
       libusb_free_device_list (ccid_usb_dev_list, 1);
       ccid_usb_dev_list = NULL;
@@ -1601,11 +1567,6 @@ intr_cb (struct libusb_transfer *transfer)
     }
   else if (transfer->status == LIBUSB_TRANSFER_CANCELLED)
     handle->powered_off = 1;
-  else if (transfer->status == LIBUSB_TRANSFER_OVERFLOW)
-    {
-      /* Something goes wrong.  Ignore.  */
-      DEBUGOUT ("CCID: interrupt transfer overflow\n");
-    }
   else
     {
     device_removed:
@@ -1711,7 +1672,6 @@ ccid_open_usb_reader (const char *spec_reader_name,
           *handle = NULL;
           return err;
         }
-      npth_setname_np (thread, "ccid_usb_thread");
 
       npth_attr_destroy (&tattr);
     }
@@ -1756,15 +1716,9 @@ ccid_open_usb_reader (const char *spec_reader_name,
       goto leave;
     }
 
-#ifdef USE_NPTH
-  npth_unprotect ();
-#endif
   rc = libusb_claim_interface (idev, ifc_no);
   if (rc)
     {
-#ifdef USE_NPTH
-      npth_protect ();
-#endif
       DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
       rc = map_libusb_error (rc);
       goto leave;
@@ -1774,18 +1728,11 @@ ccid_open_usb_reader (const char *spec_reader_name,
   rc = libusb_set_interface_alt_setting (idev, ifc_no, set_no);
   if (rc)
     {
-#ifdef USE_NPTH
-      npth_protect ();
-#endif
       DEBUGOUT_1 ("usb_set_interface_alt_setting failed: %d\n", rc);
       rc = map_libusb_error (rc);
       goto leave;
     }
 
-#ifdef USE_NPTH
-  npth_protect ();
-#endif
-
   rc = ccid_vendor_specific_init (*handle);
 
  leave:
@@ -2087,7 +2034,7 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
    is the sequence number used to send the request and EXPECTED_TYPE
    the type of message we expect. Does checks on the ccid
    header. TIMEOUT is the timeout value in ms. NO_DEBUG may be set to
-   avoid debug messages in case of no error; this can be overriden
+   avoid debug messages in case of no error; this can be overridden
    with a glibal debug level of at least 3. Returns 0 on success. */
 static int
 bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
@@ -2202,7 +2149,16 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
         }
     }
   if (CCID_COMMAND_FAILED (buffer))
-    print_command_failed (buffer);
+    {
+      int ec;
+
+      ec = CCID_ERROR_CODE (buffer);
+      print_command_failed (buffer);
+      if (ec == 0xEF)
+        return CCID_DRIVER_ERR_UI_CANCELLED;
+      else if (ec == 0xF0)
+        return CCID_DRIVER_ERR_UI_TIMEOUT;
+    }
 
   /* Check whether a card is at all available.  Note: If you add new
      error codes here, check whether they need to be ignored in
@@ -3129,7 +3085,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
    bit 3     unused
    bit 2..0  Source Node Address (SAD)
 
-   If node adresses are not used, SAD and DAD should be set to 0 on
+   If node addresses are not used, SAD and DAD should be set to 0 on
    the first block sent to the card.  If they are used they should
    have different values (0 for one is okay); that first block sets up
    the addresses of the nodes.
@@ -3232,7 +3188,7 @@ ccid_transceive (ccid_driver_t handle,
 
           apdu = apdu_buf;
           apdulen = apdu_buflen;
-          assert (apdulen);
+          log_assert (apdulen);
 
           /* Construct an I-Block. */
           tpdu = msg + hdrlen;
@@ -3270,7 +3226,7 @@ ccid_transceive (ccid_driver_t handle,
           msg[0] = PC_to_RDR_XfrBlock;
           msg[5] = 0; /* slot */
           msg[6] = seqno = handle->seqno++;
-          msg[7] = (wait_more ? wait_more : 1); /* bBWI */
+          msg[7] = wait_more; /* bBWI */
           msg[8] = 0; /* RFU */
           msg[9] = 0; /* RFU */
           set_msg_len (msg, tpdulen);
@@ -3588,11 +3544,12 @@ ccid_transceive_secure (ccid_driver_t handle,
         cherry_mode = 1;
       break;
     case VENDOR_NXP:
-      if (handle->id_product == CRYPTOUCAN){
-        pininfo->maxlen = 25;
-        enable_varlen = 1;
-        break;
-      }
+      if (handle->id_product == CRYPTOUCAN)
+        {
+          pininfo->maxlen = 25;
+          enable_varlen = 1;
+          break;
+        }
       return CCID_DRIVER_ERR_NOT_SUPPORTED;
     case VENDOR_GEMPC:
       if (handle->id_product == GEMPC_PINPAD)
@@ -3630,8 +3587,6 @@ ccid_transceive_secure (ccid_driver_t handle,
   if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16)
     return CCID_DRIVER_ERR_NOT_SUPPORTED;
 
-  ccid_vendor_specific_pinpad_setup (handle);
-
   msg = send_buffer;
   msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure;
   msg[5] = 0; /* slot */
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index dc17c27..18cbc87 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -77,6 +77,7 @@ enum {
 #define SCM_SCR331      0xe001
 #define SCM_SCR331DI    0x5111
 #define SCM_SCR335      0x5115
+#define SCM_SCR3310     0x5116    /* @MAXX Basic */
 #define SCM_SCR3320     0x5117
 #define SCM_SPR532      0xe003    /* Also used succeeding model SPR332. */
 #define CHERRY_ST2000   0x003e
@@ -115,6 +116,8 @@ enum {
 #define CCID_DRIVER_ERR_USB_BUSY       0x10026
 #define CCID_DRIVER_ERR_USB_TIMEOUT    0x10027
 #define CCID_DRIVER_ERR_USB_OVERFLOW   0x10028
+#define CCID_DRIVER_ERR_UI_CANCELLED   0x10030
+#define CCID_DRIVER_ERR_UI_TIMEOUT     0x10031
 
 struct ccid_driver_s;
 typedef struct ccid_driver_s *ccid_driver_t;
diff --git a/scd/command.c b/scd/command.c
index 925fd75..fc1bb01 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -36,10 +36,14 @@
 #include "iso7816.h"
 #include "apdu.h" /* Required for apdu_*_reader (). */
 #include "atr.h"
+#ifdef HAVE_LIBUSB
+#include "ccid-driver.h"
+#endif
 #include "../common/asshelp.h"
 #include "../common/server-help.h"
 
-/* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
+/* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN.  That
+ * length needs to small compared to the maximum Assuan line length.  */
 #define MAXLEN_PIN 100
 
 /* Maximum allowed size of key data as used in inquiries. */
@@ -51,6 +55,9 @@
 /* Maximum allowed size of certificate data as used in inquiries. */
 #define MAXLEN_CERTDATA 16384
 
+/* Maximum allowed size for "SETATTR --inquire". */
+#define MAXLEN_SETATTRDATA 16384
+
 
 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
 
@@ -82,12 +89,14 @@ struct server_local_s
 
   /* True if the card has been removed and a reset is required to
      continue operation. */
-  int card_removed;
+  unsigned int card_removed:1;
 
   /* If set to true we will be terminate ourself at the end of the
      this session.  */
-  int stopme;
+  unsigned int stopme:1;
 
+  /* If set to true, status change will be reported. */
+  unsigned int watching_status:1;
 };
 
 
@@ -99,6 +108,12 @@ static struct server_local_s *session_list;
    in this variable. */
 static struct server_local_s *locked_session;
 
+
+
+/*  Local prototypes.  */
+static int command_has_option (const char *cmd, const char *cmdopt);
+
+
 
 /* Convert the STRING into a newly allocated buffer while translating
    the hex numbers.  Stops at the first invalid character.  Blanks and
@@ -139,10 +154,10 @@ hex_to_buffer (const char *string, size_t *r_length)
 static void
 do_reset (ctrl_t ctrl, int send_reset, int keep_lock)
 {
-  app_t app = ctrl->app_ctx;
+  card_t card = ctrl->card_ctx;
 
-  if (app)
-    app_reset (app, ctrl, IS_LOCKED (ctrl)? 0: send_reset);
+  if (card)
+    card_reset (card, ctrl, IS_LOCKED (ctrl)? 0: send_reset);
 
   /* If we hold a lock, unlock now. */
   if (!keep_lock && locked_session && ctrl->server_local == locked_session)
@@ -151,6 +166,8 @@ do_reset (ctrl_t ctrl, int send_reset, int keep_lock)
       log_info ("implicitly unlocking due to RESET\n");
     }
 }
+
+
 
 static gpg_error_t
 reset_notify (assuan_context_t ctx, char *line)
@@ -203,44 +220,61 @@ open_card (ctrl_t ctrl)
   if ( IS_LOCKED (ctrl) )
     return gpg_error (GPG_ERR_LOCKED);
 
-  if (ctrl->app_ctx)
+  if (ctrl->card_ctx)
     return 0;
 
-  return select_application (ctrl, NULL, &ctrl->app_ctx, 0, NULL, 0);
+  return select_application (ctrl, NULL, &ctrl->card_ctx, 0, NULL, 0);
 }
 
-/* Explicitly open a card for a specific use of APPTYPE or SERIALNO.  */
+/* Explicitly open a card for a specific use of APPTYPE or SERIALNO.
+ * If OPT_ALL is set also add all possible additional apps. */
 static gpg_error_t
-open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
+open_card_with_request (ctrl_t ctrl,
+                        const char *apptypestr, const char *serialno,
+                        int opt_all)
 {
   gpg_error_t err;
   unsigned char *serialno_bin = NULL;
   size_t serialno_bin_len = 0;
-  app_t app = ctrl->app_ctx;
+  card_t card = ctrl->card_ctx;
+
+  if (serialno)
+    serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
 
   /* If we are already initialized for one specific application we
      need to check that the client didn't requested a specific
      application different from the one in use before we continue. */
-  if (apptype && ctrl->app_ctx)
-    return check_application_conflict (apptype, ctrl->app_ctx);
-
-  /* Re-scan USB devices.  Release APP, before the scan.  */
-  ctrl->app_ctx = NULL;
-  release_application (app, 0);
+  if (apptypestr && ctrl->card_ctx)
+    {
+      err = check_application_conflict (ctrl->card_ctx, apptypestr,
+                                        serialno_bin, serialno_bin_len);
+      if (gpg_err_code (err) == GPG_ERR_FALSE)
+        {
+          /* Different application but switching is supported.  */
+          err = select_additional_application (ctrl, apptypestr);
+        }
+      goto leave;
+    }
 
-  if (serialno)
-    serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
+  /* Re-scan USB devices.  Release CARD, before the scan.  */
+  /* FIXME: Is a card_unref sufficient or do we need to deallocate?  */
+  ctrl->card_ctx = NULL;
+  ctrl->current_apptype = APPTYPE_NONE;
+  card_unref (card);
 
-  err = select_application (ctrl, apptype, &ctrl->app_ctx, 1,
+  err = select_application (ctrl, apptypestr, &ctrl->card_ctx, 1,
                             serialno_bin, serialno_bin_len);
-  xfree (serialno_bin);
+  if (!err && opt_all)
+    err = select_additional_application (ctrl, NULL);
 
+ leave:
+  xfree (serialno_bin);
   return err;
 }
 
 
 static const char hlp_serialno[] =
-  "SERIALNO [--demand=<serialno>] [<apptype>]\n"
+  "SERIALNO [--demand=<serialno>] [--all] [<apptype>]\n"
   "\n"
   "Return the serial number of the card using a status response.  This\n"
   "function should be used to check for the presence of a card.\n"
@@ -248,11 +282,13 @@ static const char hlp_serialno[] =
   "If --demand is given, an application on the card with SERIALNO is\n"
   "selected and an error is returned if no such card available.\n"
   "\n"
+  "If --all is given, all possible other applications of the card are\n"
+  "also selected to prepare for things like \"LEARN --force --multi\".\n"
+  "\n"
   "If APPTYPE is given, an application of that type is selected and an\n"
   "error is returned if the application is not supported or available.\n"
   "The default is to auto-select the application using a hardwired\n"
-  "preference system.  Note, that a future extension to this function\n"
-  "may enable specifying a list and order of applications to try.\n"
+  "preference system.\n"
   "\n"
   "This function is special in that it can be used to reset the card.\n"
   "Most other functions will return an error when a card change has\n"
@@ -269,6 +305,8 @@ cmd_serialno (assuan_context_t ctx, char *line)
   int rc = 0;
   char *serial;
   const char *demand;
+  int opt_all = has_option (line, "--all");
+  int thisslot;
 
   if ( IS_LOCKED (ctrl) )
     return gpg_error (GPG_ERR_LOCKED);
@@ -289,25 +327,25 @@ cmd_serialno (assuan_context_t ctx, char *line)
   line = skip_options (line);
 
   /* Clear the remove flag so that the open_card is able to reread it.  */
-  if (ctrl->server_local->card_removed)
-    ctrl->server_local->card_removed = 0;
-
-  if ((rc = open_card_with_request (ctrl, *line? line:NULL, demand)))
-    {
-      ctrl->server_local->card_removed = 1;
-      return rc;
-    }
-
-  /* Success, clear the card_removed flag for all sessions.  */
+  ctrl->server_local->card_removed = 0;
+  rc = open_card_with_request (ctrl, *line? line:NULL, demand, opt_all);
+  /* Now clear or set the card_removed flag for all sessions using the
+   * current slot.  In the error case make sure that the flag is set
+   * for the current session. */
+  thisslot = ctrl->card_ctx? ctrl->card_ctx->slot : -1;
   for (sl=session_list; sl; sl = sl->next_session)
     {
       ctrl_t c = sl->ctrl_backlink;
-
-      if (c != ctrl)
-        c->server_local->card_removed = 0;
+      if (c && c->card_ctx && c->card_ctx->slot == thisslot)
+        c->server_local->card_removed = rc? 1 : 0;
+    }
+  if (rc)
+    {
+      ctrl->server_local->card_removed = 1;
+      return rc;
     }
 
-  serial = app_get_serialno (ctrl->app_ctx);
+  serial = card_get_serialno (ctrl->card_ctx);
   if (!serial)
     return gpg_error (GPG_ERR_INV_VALUE);
 
@@ -317,8 +355,72 @@ cmd_serialno (assuan_context_t ctx, char *line)
 }
 
 
+
+static const char hlp_switchcard[] =
+  "SWITCHCARD [<serialno>]\n"
+  "\n"
+  "Make the card with SERIALNO the current card.\n"
+  "The command \"getinfo card_list\" can be used to list\n"
+  "the serial numbers of inserted and known cards.  Note\n"
+  "that the command \"SERIALNO\" can be used to refresh\n"
+  "the list of known cards.  A simple SERIALNO status\n"
+  "is printed on success.";
+static gpg_error_t
+cmd_switchcard (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  unsigned char *sn_bin = NULL;
+  size_t sn_bin_len = 0;
+
+  if ((err = open_card (ctrl)))
+    return err;
+
+  line = skip_options (line);
+
+  if (*line)
+    {
+      sn_bin = hex_to_buffer (line, &sn_bin_len);
+      if (!sn_bin)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+  /* Note that an SN_BIN of NULL will only print the status.  */
+  err = app_switch_current_card (ctrl, sn_bin, sn_bin_len);
+
+ leave:
+  xfree (sn_bin);
+  return err;
+}
+
+
+static const char hlp_switchapp[] =
+  "SWITCHAPP [<appname>]\n"
+  "\n"
+  "Make APPNAME the active application for the current card.\n"
+  "Only some cards support switching between application; the\n"
+  "command \"getinfo active_app\" can be used to get a list of\n"
+  "applications which can be switched to.  A SERIALNO status\n"
+  "including the active appname is printed on success.";
+static gpg_error_t
+cmd_switchapp (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+
+  if ((err = open_card (ctrl)))
+    return err;
+
+  line = skip_options (line);
+  return app_switch_active_app (ctrl->card_ctx, ctrl, line);
+}
+
+
 static const char hlp_learn[] =
-  "LEARN [--force] [--keypairinfo]\n"
+  "LEARN [--force] [--keypairinfo] [--reread] [--multi]\n"
   "\n"
   "Learn all useful information of the currently inserted card.  When\n"
   "used without the force options, the command might do an INQUIRE\n"
@@ -330,8 +432,9 @@ static const char hlp_learn[] =
   "or a \"CANCEL\" to force the function to terminate with a Cancel\n"
   "error message.\n"
   "\n"
-  "With the option --keypairinfo only KEYPARIINFO status lines are\n"
-  "returned.\n"
+  "With the option --keypairinfo only KEYPAIRINFO status lines are\n"
+  "returned.  With the option --reread information from the card are\n"
+  "read again without the need for a reset (sone some cards).\n"
   "\n"
   "The response of this command is a list of status lines formatted as\n"
   "this:\n"
@@ -346,15 +449,17 @@ static const char hlp_learn[] =
   "    PIV     = PIV card\n"
   "    NKS     = NetKey card\n"
   "\n"
-  "are implemented.  These strings are aliases for the AID\n"
+  "are implemented.  These strings are aliases for the AID.  With option\n"
+  "--multi information for all switchable apps are returned.\n"
   "\n"
-  "  S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>\n"
+  "  S KEYPAIRINFO <hexgrip> <keyref> [<usage>] [<keytime>] [<algo>]\n"
   "\n"
   "If there is no certificate yet stored on the card a single 'X' is\n"
-  "returned as the keygrip.  In addition to the keypair info, information\n"
-  "about all certificates stored on the card is also returned:\n"
+  "returned as the keygrip.  For more info see doc/DETAILS.  In addition\n"
+  "to the keypair info, information about all certificates stored on the\n"
+  "card is also returned:\n"
   "\n"
-  "  S CERTINFO <certtype> <hexstring_with_id>\n"
+  "  S CERTINFO <certtype> <keyref> [<label>]\n"
   "\n"
   "Where CERTTYPE is a number indicating the type of certificate:\n"
   "   0   := Unknown\n"
@@ -393,6 +498,9 @@ cmd_learn (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc = 0;
   int only_keypairinfo = has_option (line, "--keypairinfo");
+  int opt_multi = has_option (line, "--multi");
+  int opt_reread = has_option (line, "--reread");
+  unsigned int flags;
 
   if ((rc = open_card (ctrl)))
     return rc;
@@ -405,20 +513,20 @@ cmd_learn (assuan_context_t ctx, char *line)
     {
       const char *reader;
       char *serial;
-      app_t app = ctrl->app_ctx;
+      card_t card = ctrl->card_ctx;
 
-      if (!app)
+      if (!card)
         return gpg_error (GPG_ERR_CARD_NOT_PRESENT);
 
-      reader = apdu_get_reader_name (app->slot);
+      reader = apdu_get_reader_name (card->slot);
       if (!reader)
         return out_of_core ();
       send_status_direct (ctrl, "READER", reader);
       /* No need to free the string of READER.  */
 
-      serial = app_get_serialno (ctrl->app_ctx);
+      serial = card_get_serialno (ctrl->card_ctx);
       if (!serial)
-	return gpg_error (GPG_ERR_INV_VALUE);
+        return gpg_error (GPG_ERR_INV_VALUE);
 
       rc = assuan_write_status (ctx, "SERIALNO", serial);
       if (rc < 0)
@@ -454,8 +562,16 @@ cmd_learn (assuan_context_t ctx, char *line)
 
   /* Let the application print out its collection of useful status
      information. */
+  flags = 0;
+  if (only_keypairinfo)
+    flags |= APP_LEARN_FLAG_KEYPAIRINFO;
+  if (opt_multi)
+    flags |= APP_LEARN_FLAG_MULTI;
+  if (opt_reread)
+    flags |= APP_LEARN_FLAG_REREAD;
+
   if (!rc)
-    rc = app_write_learn_status (ctrl->app_ctx, ctrl, only_keypairinfo);
+    rc = app_write_learn_status (ctrl->card_ctx, ctrl, flags);
 
   return rc;
 }
@@ -463,7 +579,7 @@ cmd_learn (assuan_context_t ctx, char *line)
 
 
 static const char hlp_readcert[] =
-  "READCERT <hexified_certid>|<keyid>\n"
+  "READCERT <hexified_certid>|<keyid>|<oid>\n"
   "\n"
   "Note, that this function may even be used on a locked card.";
 static gpg_error_t
@@ -477,8 +593,11 @@ cmd_readcert (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  line = xstrdup (line); /* Need a copy of the line. */
-  rc = app_readcert (ctrl->app_ctx, ctrl, line, &cert, &ncert);
+  line = xtrystrdup (line); /* Need a copy of the line. */
+  if (!line)
+    return gpg_error_from_syserror ();
+
+  rc = app_readcert (ctrl->card_ctx, ctrl, line, &cert, &ncert);
   if (rc)
     log_error ("app_readcert failed: %s\n", gpg_strerror (rc));
   xfree (line);
@@ -495,56 +614,35 @@ cmd_readcert (assuan_context_t ctx, char *line)
 }
 
 
-static const char hlp_readkey[] =
-  "READKEY [--advanced] [--info[-only]] <keyid>\n"
-  "\n"
-  "Return the public key for the given cert or key ID as a standard\n"
-  "S-expression.  With --advanced  the S-expression is returned in\n"
-  "advanced format.  With --info a KEYPAIRINFO status line is also\n"
-  "emitted; with --info-only the regular output is suppressed.";
 static gpg_error_t
-cmd_readkey (assuan_context_t ctx, char *line)
+do_readkey (card_t card, ctrl_t ctrl, const char *line,
+            int opt_info, int opt_nokey,
+            unsigned char **pk_p, size_t *pklen_p)
 {
-  ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
-  int advanced = 0;
-  int opt_info = 0;
-  int opt_nokey = 0;
-  unsigned char *cert = NULL;
-  size_t ncert;
-  unsigned char *pk;
-  size_t pklen;
-  int direct_readkey = 0;
-
-  if ((rc = open_card (ctrl)))
-    return rc;
-
-  if (has_option (line, "--advanced"))
-    advanced = 1;
-  if (has_option (line, "--info"))
-    opt_info = 1;
-  if (has_option (line, "--info-only"))
-    opt_info = opt_nokey = 1;
-
-  line = skip_options (line);
-  line = xstrdup (line); /* Need a copy of the line. */
 
   /* If the application supports the READKEY function we use that.
      Otherwise we use the old way by extracting it from the
      certificate.  */
-  rc = app_readkey (ctrl->app_ctx, ctrl, advanced, line, &pk, &pklen);
+  rc = app_readkey (card, ctrl, line,
+                    opt_info? APP_READKEY_FLAG_INFO : 0,
+                    opt_nokey? NULL : pk_p, pklen_p);
   if (!rc)
-    direct_readkey = 1; /* Yeah, got that key - send it back.  */
+    ; /* Got the key.  */
   else if (gpg_err_code (rc) == GPG_ERR_UNSUPPORTED_OPERATION
            || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
     {
       /* Fall back to certificate reading.  */
-      rc = app_readcert (ctrl->app_ctx, ctrl, line, &cert, &ncert);
+      unsigned char *cert = NULL;
+      size_t ncert;
+
+      rc = app_readcert (card, ctrl, line, &cert, &ncert);
       if (rc)
         log_error ("app_readcert failed: %s\n", gpg_strerror (rc));
       else
         {
-          rc = app_help_pubkey_from_cert (cert, ncert, &pk, &pklen);
+          rc = app_help_pubkey_from_cert (cert, ncert, pk_p, pklen_p);
+          xfree (cert);
           if (rc)
             log_error ("failed to parse the certificate: %s\n",
                        gpg_strerror (rc));
@@ -553,19 +651,19 @@ cmd_readkey (assuan_context_t ctx, char *line)
   else
     log_error ("app_readkey failed: %s\n", gpg_strerror (rc));
 
-  if (!rc && pk && pklen && opt_info && !direct_readkey)
+  if (!rc && opt_info)
     {
       char keygripstr[KEYGRIP_LEN*2+1];
       char *algostr;
 
-      rc = app_help_get_keygrip_string_pk (pk, pklen,
+      rc = app_help_get_keygrip_string_pk (*pk_p, *pklen_p,
                                            keygripstr, NULL, NULL,
                                            &algostr);
       if (rc)
         {
           log_error ("app_help_get_keygrip_string failed: %s\n",
                      gpg_strerror (rc));
-          goto leave;
+          return rc;
         }
 
       /* FIXME: Using LINE is not correct because it might be an
@@ -580,12 +678,100 @@ cmd_readkey (assuan_context_t ctx, char *line)
       xfree (algostr);
     }
 
+  return rc;
+}
 
-  if (!rc && pk && pklen && !opt_nokey)
+static const char hlp_readkey[] =
+  "READKEY [--advanced] [--info[-only]] <keyid>|<oid>|<keygrip>\n"
+  "\n"
+  "Return the public key for the given cert or key ID as a standard\n"
+  "S-expression.  With --advanced  the S-expression is returned in\n"
+  "advanced format.  With --info a KEYPAIRINFO status line is also\n"
+  "emitted; with --info-only the regular output is suppressed.";
+static gpg_error_t
+cmd_readkey (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int rc;
+  int advanced = 0;
+  int opt_info = 0;
+  int opt_nokey = 0;
+  unsigned char *pk = NULL;
+  size_t pklen;
+  card_t card;
+  int direct = 0;
+
+  if ((rc = open_card (ctrl)))
+    return rc;
+
+  if (has_option (line, "--advanced"))
+    advanced = 1;
+  if (has_option (line, "--info"))
+    opt_info = 1;
+  if (has_option (line, "--info-only"))
+    opt_info = opt_nokey = 1;
+
+  line = skip_options (line);
+
+  line = xtrystrdup (line); /* Need a copy of the line. */
+  if (!line)
+    return gpg_error_from_syserror ();
+
+  if (strlen (line) == 40)
+    {
+      card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, line, 0);
+      direct = 1;
+    }
+  else
+    card = ctrl->card_ctx;
+
+  if (card)
+    {
+      if (direct)
+        card_ref (card);
+
+      rc = do_readkey (card, ctrl, line, opt_info, opt_nokey, &pk, &pklen);
+
+      if (direct)
+        card_unref (card);
+    }
+  else
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
+
+  if (rc)
+    goto leave;
+
+  if (opt_nokey)
+    ;
+  else if (advanced)
+    {
+      gcry_sexp_t s_key;
+      unsigned char *pkadv;
+      size_t pkadvlen;
+
+      rc = gcry_sexp_new (&s_key, pk, pklen, 0);
+      if (rc)
+        goto leave;
+
+      pkadvlen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+      pkadv = xtrymalloc (pkadvlen);
+      if (!pkadv)
+        {
+          rc = gpg_error_from_syserror ();
+          goto leave;
+        }
+      log_assert (pkadvlen);
+
+      gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, pkadv, pkadvlen);
+      gcry_sexp_release (s_key);
+      /* (One less to adjust for the trailing '\0') */
+      rc = assuan_send_data (ctx, pkadv, pkadvlen-1);
+      xfree (pkadv);
+    }
+  else
     rc = assuan_send_data (ctx, pk, pklen);
 
  leave:
-  xfree (cert);
   xfree (pk);
   xfree (line);
   return rc;
@@ -698,9 +884,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
 
   /* Fixme: Write an inquire function which returns the result in
      secure memory and check all further handling of the PIN. */
-  assuan_begin_confidential (ctx);
   rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
-  assuan_end_confidential (ctx);
   xfree (command);
   if (rc)
     return rc;
@@ -717,7 +901,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
 
 
 static const char hlp_pksign[] =
-  "PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>\n"
+  "PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5|none]] <hexified_id>\n"
   "\n"
   "The --hash option is optional; the default is SHA1.";
 static gpg_error_t
@@ -729,6 +913,8 @@ cmd_pksign (assuan_context_t ctx, char *line)
   size_t outdatalen;
   char *keyidstr;
   int hash_algo;
+  card_t card;
+  int direct = 0;
 
   if (has_option (line, "--hash=rmd160"))
     hash_algo = GCRY_MD_RMD160;
@@ -744,6 +930,8 @@ cmd_pksign (assuan_context_t ctx, char *line)
     hash_algo = GCRY_MD_SHA512;
   else if (has_option (line, "--hash=md5"))
     hash_algo = GCRY_MD_MD5;
+  else if (has_option (line, "--hash=none"))  /* For raw RSA.  */
+    hash_algo = 0;
   else if (!strstr (line, "--"))
     hash_algo = GCRY_MD_SHA1;
   else
@@ -761,11 +949,30 @@ cmd_pksign (assuan_context_t ctx, char *line)
   if (!keyidstr)
     return out_of_core ();
 
-  rc = app_sign (ctrl->app_ctx, ctrl,
-                 keyidstr, hash_algo,
-                 pin_cb, ctx,
-                 ctrl->in_data.value, ctrl->in_data.valuelen,
-                 &outdata, &outdatalen);
+  /* When it's a keygrip, we directly use the card, with no change of
+     ctrl->card_ctx. */
+  if (strlen (keyidstr) == 40)
+    {
+      card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr, 0);
+      direct = 1;
+    }
+  else
+    card = ctrl->card_ctx;
+
+  if (card)
+    {
+      if (direct)
+        card_ref (card);
+      rc = app_sign (card, ctrl,
+                     keyidstr, hash_algo,
+                     pin_cb, ctx,
+                     ctrl->in_data.value, ctrl->in_data.valuelen,
+                     &outdata, &outdatalen);
+      if (direct)
+        card_unref (card);
+    }
+  else
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
 
   xfree (keyidstr);
   if (rc)
@@ -794,11 +1001,13 @@ cmd_pkauth (assuan_context_t ctx, char *line)
   unsigned char *outdata;
   size_t outdatalen;
   char *keyidstr;
+  card_t card;
+  int direct = 0;
 
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
  /* We have to use a copy of the key ID because the function may use
@@ -808,9 +1017,29 @@ cmd_pkauth (assuan_context_t ctx, char *line)
   if (!keyidstr)
     return out_of_core ();
 
-  rc = app_auth (ctrl->app_ctx, ctrl, keyidstr, pin_cb, ctx,
-                 ctrl->in_data.value, ctrl->in_data.valuelen,
-                 &outdata, &outdatalen);
+  /* When it's a keygrip, we directly use CARD, with no change of
+     ctrl->card_ctx. */
+  if (strlen (keyidstr) == 40)
+    {
+      card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr, 0);
+      direct = 1;
+    }
+  else
+    card = ctrl->card_ctx;
+
+  if (card)
+    {
+      if (direct)
+        card_ref (card);
+      rc = app_auth (card, ctrl, keyidstr, pin_cb, ctx,
+                     ctrl->in_data.value, ctrl->in_data.valuelen,
+                     &outdata, &outdatalen);
+      if (direct)
+        card_unref (card);
+    }
+  else
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
+
   xfree (keyidstr);
   if (rc)
     {
@@ -839,6 +1068,8 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
   size_t outdatalen;
   char *keyidstr;
   unsigned int infoflags;
+  card_t card;
+  int direct = 0;
 
   if ((rc = open_card (ctrl)))
     return rc;
@@ -846,9 +1077,29 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
   keyidstr = xtrystrdup (line);
   if (!keyidstr)
     return out_of_core ();
-  rc = app_decipher (ctrl->app_ctx, ctrl, keyidstr, pin_cb, ctx,
-                     ctrl->in_data.value, ctrl->in_data.valuelen,
-                     &outdata, &outdatalen, &infoflags);
+
+  /* When it's a keygrip, we directly use CARD, with no change of
+     ctrl->card_ctx. */
+  if (strlen (keyidstr) == 40)
+    {
+      card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr, 0);
+      direct = 1;
+    }
+  else
+    card = ctrl->card_ctx;
+
+  if (card)
+    {
+      if (direct)
+        card_ref (card);
+      rc = app_decipher (card, ctrl, keyidstr, pin_cb, ctx,
+                         ctrl->in_data.value, ctrl->in_data.valuelen,
+                         &outdata, &outdatalen, &infoflags);
+      if (direct)
+        card_unref (card);
+    }
+  else
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
 
   xfree (keyidstr);
   if (rc)
@@ -875,7 +1126,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
 
 
 static const char hlp_getattr[] =
-  "GETATTR <name>\n"
+  "GETATTR <name> [<keygrip>]\n"
   "\n"
   "This command is used to retrieve data from a smartcard.  The\n"
   "allowed names depend on the currently selected smartcard\n"
@@ -885,13 +1136,16 @@ static const char hlp_getattr[] =
   "However, the current implementation assumes that Name is not escaped;\n"
   "this works as long as no one uses arbitrary escaping. \n"
   "\n"
-  "Note, that this function may even be used on a locked card.";
+  "Note, that this function may even be used on a locked card.\n"
+  "When KEYGRIP is specified, it accesses directly with the KEYGRIP.";
 static gpg_error_t
 cmd_getattr (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
   const char *keyword;
+  card_t card;
+  int direct = 0;
 
   if ((rc = open_card (ctrl)))
     return rc;
@@ -900,20 +1154,37 @@ cmd_getattr (assuan_context_t ctx, char *line)
   for (; *line && !spacep (line); line++)
     ;
   if (*line)
-      *line++ = 0;
+    *line++ = 0;
+
+  if (strlen (line) == 40)
+    {
+      card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, line, 0);
+      direct = 1;
+    }
+  else
+    card = ctrl->card_ctx;
+
+  if (card)
+    {
+      if (direct)
+        card_ref (card);
 
-  /* (We ignore any garbage for now.) */
+      /* FIXME: Applications should not return sensitive data if the card
+         is locked.  */
+      rc = app_getattr (card, ctrl, keyword);
 
-  /* FIXME: Applications should not return sensitive data if the card
-     is locked.  */
-  rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
+      if (direct)
+        card_unref (card);
+    }
+  else
+    rc = gpg_error (GPG_ERR_NO_SECKEY);
 
   return rc;
 }
 
 
 static const char hlp_setattr[] =
-  "SETATTR <name> <value> \n"
+  "SETATTR [--inquire] <name> <value> \n"
   "\n"
   "This command is used to store data on a smartcard.  The allowed\n"
   "names and values are depend on the currently selected smartcard\n"
@@ -922,6 +1193,10 @@ static const char hlp_setattr[] =
   "However, the current implementation assumes that NAME is not\n"
   "escaped; this works as long as no one uses arbitrary escaping.\n"
   "\n"
+  "If the option --inquire is used, VALUE shall not be given; instead\n"
+  "an inquiry using the keyword \"VALUE\" is used to retrieve it.  The\n"
+  "value is in this case considered to be confidential and not logged.\n"
+  "\n"
   "A PIN will be requested for most NAMEs.  See the corresponding\n"
   "setattr function of the actually used application (app-*.c) for\n"
   "details.";
@@ -929,14 +1204,18 @@ static gpg_error_t
 cmd_setattr (assuan_context_t ctx, char *orig_line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  int rc;
+  gpg_error_t err;
   char *keyword;
   int keywordlen;
   size_t nbytes;
   char *line, *linebuf;
+  int opt_inquire;
 
-  if ((rc = open_card (ctrl)))
-    return rc;
+  opt_inquire = has_option (orig_line, "--inquire");
+  orig_line = skip_options (orig_line);
+
+  if ((err = open_card (ctrl)))
+    return err;
 
   /* We need to use a copy of LINE, because PIN_CB uses the same
      context and thus reuses the Assuan provided LINE. */
@@ -951,20 +1230,38 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
       *line++ = 0;
   while (spacep (line))
     line++;
-  nbytes = percent_plus_unescape_inplace (line, 0);
+  if (opt_inquire)
+    {
+      unsigned char *value;
 
-  rc = app_setattr (ctrl->app_ctx, ctrl, keyword, pin_cb, ctx,
-                    (const unsigned char*)line, nbytes);
-  xfree (linebuf);
+      assuan_begin_confidential (ctx);
+      err = assuan_inquire (ctx, "VALUE", &value, &nbytes, MAXLEN_SETATTRDATA);
+      assuan_end_confidential (ctx);
+      if (!err)
+        {
+          err = app_setattr (ctrl->card_ctx, ctrl, keyword, pin_cb, ctx,
+                             value, nbytes);
+          wipememory (value, nbytes);
+          xfree (value);
+        }
 
-  return rc;
+   }
+  else
+    {
+      nbytes = percent_plus_unescape_inplace (line, 0);
+      err = app_setattr (ctrl->card_ctx, ctrl, keyword, pin_cb, ctx,
+                         (const unsigned char*)line, nbytes);
+    }
+
+  xfree (linebuf);
+  return err;
 }
 
 
 static const char hlp_writecert[] =
   "WRITECERT <hexified_certid>\n"
   "\n"
-  "This command is used to store a certifciate on a smartcard.  The\n"
+  "This command is used to store a certificate on a smartcard.  The\n"
   "allowed certids depend on the currently selected smartcard\n"
   "application. The actual certifciate is requested using the inquiry\n"
   "\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
@@ -993,7 +1290,7 @@ cmd_writecert (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   certid = xtrystrdup (certid);
@@ -1010,7 +1307,7 @@ cmd_writecert (assuan_context_t ctx, char *line)
     }
 
   /* Write the certificate to the card. */
-  rc = app_writecert (ctrl->app_ctx, ctrl, certid,
+  rc = app_writecert (ctrl->card_ctx, ctrl, certid,
                       pin_cb, ctx, certdata, certdatalen);
   xfree (certid);
   xfree (certdata);
@@ -1055,7 +1352,7 @@ cmd_writekey (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   keyid = xtrystrdup (keyid);
@@ -1073,7 +1370,7 @@ cmd_writekey (assuan_context_t ctx, char *line)
     }
 
   /* Write the key to the card. */
-  rc = app_writekey (ctrl->app_ctx, ctrl, keyid, force? 1:0,
+  rc = app_writekey (ctrl->card_ctx, ctrl, keyid, force? 1:0,
                      pin_cb, ctx, keydata, keydatalen);
   xfree (keyid);
   xfree (keydata);
@@ -1083,10 +1380,10 @@ cmd_writekey (assuan_context_t ctx, char *line)
 
 
 static const char hlp_genkey[] =
-  "GENKEY [--force] [--timestamp=<isodate>] <no>\n"
+  "GENKEY [--force] [--timestamp=<isodate>] [--algo=ALGO] <keyref>\n"
   "\n"
-  "Generate a key on-card identified by NO, which is application\n"
-  "specific.  Return values are application specific.  For OpenPGP\n"
+  "Generate a key on-card identified by <keyref>, which is application\n"
+  "specific.  Return values are also application specific.  For OpenPGP\n"
   "cards 3 status lines are returned:\n"
   "\n"
   "  S KEY-FPR  <hexstring>\n"
@@ -1095,7 +1392,7 @@ static const char hlp_genkey[] =
   "\n"
   "  'p' and 'n' are the names of the RSA parameters; '-' is used to\n"
   "  indicate that HEXDATA is the first chunk of a parameter given\n"
-  "  by the next KEY-DATA.\n"
+  "  by the next KEY-DATA.  Only used by GnuPG version < 2.1.\n"
   "\n"
   "--force is required to overwrite an already existing key.  The\n"
   "KEY-CREATED-AT is required for further processing because it is\n"
@@ -1105,16 +1402,21 @@ static const char hlp_genkey[] =
   "value.  The value needs to be in ISO Format; e.g.\n"
   "\"--timestamp=20030316T120000\" and after 1970-01-01 00:00:00.\n"
   "\n"
+  "The option --algo can be used to request creation using a specific\n"
+  "algorithm.  The possible algorithms are card dependent.\n"
+  "\n"
   "The public part of the key can also later be retrieved using the\n"
   "READKEY command.";
 static gpg_error_t
 cmd_genkey (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  int rc;
-  char *save_line;
+  gpg_error_t err;
+  char *keyref_buffer = NULL;
+  char *keyref;
   int force;
   const char *s;
+  char *opt_algo = NULL;
   time_t timestamp;
 
   force = has_option (line, "--force");
@@ -1130,39 +1432,38 @@ cmd_genkey (assuan_context_t ctx, char *line)
   else
     timestamp = 0;
 
+  err = get_option_value (line, "--algo", &opt_algo);
+  if (err)
+    goto leave;
 
   line = skip_options (line);
   if (!*line)
-    {
-      rc = set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
-      goto leave;
-    }
-  save_line = line;
+    return set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
+  keyref = line;
   while (*line && !spacep (line))
     line++;
   *line = 0;
 
-  if ((rc = open_card (ctrl)))
+  if ((err = open_card (ctrl)))
     goto leave;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
+    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+  keyref = keyref_buffer = xtrystrdup (keyref);
+  if (!keyref)
     {
-      rc = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+      err = gpg_error_from_syserror ();
       goto leave;
     }
-
-  {
-    char *tmp = xtrystrdup (save_line);
-    if (!tmp)
-      return gpg_error_from_syserror ();
-    rc = app_genkey (ctrl->app_ctx, ctrl, tmp, NULL,
-                     force? APP_GENKEY_FLAG_FORCE : 0,
-                     timestamp, pin_cb, ctx);
-    xfree (tmp);
-  }
+  err = app_genkey (ctrl->card_ctx, ctrl, keyref, opt_algo,
+                    force? APP_GENKEY_FLAG_FORCE : 0,
+                    timestamp, pin_cb, ctx);
 
  leave:
-  return rc;
+  xfree (keyref_buffer);
+  xfree (opt_algo);
+  return err;
 }
 
 
@@ -1190,14 +1491,14 @@ cmd_random (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   buffer = xtrymalloc (nbytes);
   if (!buffer)
     return out_of_core ();
 
-  rc = app_get_challenge (ctrl->app_ctx, ctrl, nbytes, buffer);
+  rc = app_get_challenge (ctrl->card_ctx, ctrl, nbytes, buffer);
   if (!rc)
     {
       rc = assuan_send_data (ctx, buffer, nbytes);
@@ -1251,13 +1552,13 @@ cmd_passwd (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   chvnostr = xtrystrdup (chvnostr);
   if (!chvnostr)
     return out_of_core ();
-  rc = app_change_pin (ctrl->app_ctx, ctrl, chvnostr, flags, pin_cb, ctx);
+  rc = app_change_pin (ctrl->card_ctx, ctrl, chvnostr, flags, pin_cb, ctx);
   if (rc)
     log_error ("command passwd failed: %s\n", gpg_strerror (rc));
   xfree (chvnostr);
@@ -1297,7 +1598,11 @@ static const char hlp_checkpin[] =
   "   For a definitive list, see the implementation in app-nks.c.\n"
   "   Note that we call a PW2.* PIN a \"PUK\" despite that since TCOS\n"
   "   3.0 they are technically alternative PINs used to mutally\n"
-  "   unblock each other.";
+  "   unblock each other.\n"
+  "\n"
+  "For PKCS#15:\n"
+  "\n"
+  "   The key's ID string or the PIN's label may be used.";
 static gpg_error_t
 cmd_checkpin (assuan_context_t ctx, char *line)
 {
@@ -1308,7 +1613,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
   /* We have to use a copy of the key ID because the function may use
@@ -1318,7 +1623,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
   if (!idstr)
     return out_of_core ();
 
-  rc = app_check_pin (ctrl->app_ctx, ctrl, idstr, pin_cb, ctx);
+  rc = app_check_pin (ctrl->card_ctx, ctrl, idstr, pin_cb, ctx);
   xfree (idstr);
   if (rc)
     log_error ("app_check_pin failed: %s\n", gpg_strerror (rc));
@@ -1400,45 +1705,6 @@ cmd_unlock (assuan_context_t ctx, char *line)
 }
 
 
-/* Ease reading of Assuan data ;ines by sending a physical line after
- * each LF.  */
-static gpg_error_t
-pretty_assuan_send_data (assuan_context_t ctx,
-                         const void *buffer_arg, size_t size)
-{
-  const char *buffer = buffer_arg;
-  const char *p;
-  size_t n, nbytes;
-  gpg_error_t err;
-
-  nbytes = size;
-  do
-    {
-      p = memchr (buffer, '\n', nbytes);
-      n = p ? (p - buffer) + 1 : nbytes;
-      err = assuan_send_data (ctx, buffer, n);
-      if (err)
-        {
-          /* We also set ERRNO in case this function is used by a
-           * custom estream I/O handler.  */
-          gpg_err_set_errno (EIO);
-          goto leave;
-        }
-      buffer += n;
-      nbytes -= n;
-      if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
-        {
-          gpg_err_set_errno (EIO);
-          goto leave;
-        }
-    }
-  while (nbytes);
-
- leave:
-  return err;
-}
-
-
 static const char hlp_getinfo[] =
   "GETINFO <what>\n"
   "\n"
@@ -1456,22 +1722,30 @@ static const char hlp_getinfo[] =
   "                  'u'  Usable card present.\n"
   "                  'r'  Card removed.  A reset is necessary.\n"
   "                These flags are exclusive.\n"
-  "  reader_list - Return a list of detected card readers.\n"
+  "  reader_list - Return a list of detected card readers.  Does\n"
+  "                currently only work with the internal CCID driver.\n"
   "  deny_admin  - Returns OK if admin commands are not allowed or\n"
   "                GPG_ERR_GENERAL if admin commands are allowed.\n"
   "  app_list    - Return a list of supported applications.  One\n"
   "                application per line, fields delimited by colons,\n"
   "                first field is the name.\n"
-  "  card_list   - Return a list of serial numbers of active cards,\n"
-  "                using a status response.";
+  "  card_list   - Return a list of serial numbers of all inserted cards.\n"
+  "  active_apps - Return a list of active apps on the current card.\n"
+  "  all_active_apps\n"
+  "              - Return a list of active apps on all inserted cards.\n"
+  "  cmd_has_option CMD OPT\n"
+  "              - Returns OK if command CMD has option OPT.\n"
+  "  apdu_strerror NUMBER\n"
+  "              - Return a string for a status word.\n";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
 {
   int rc = 0;
+  const char *s;
 
   if (!strcmp (line, "version"))
     {
-      const char *s = VERSION;
+      s = VERSION;
       rc = assuan_send_data (ctx, s, strlen (s));
     }
   else if (!strcmp (line, "pid"))
@@ -1481,10 +1755,41 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
       rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
     }
+  else if (!strncmp (line, "cmd_has_option", 14)
+           && (line[14] == ' ' || line[14] == '\t' || !line[14]))
+    {
+      char *cmd, *cmdopt;
+      line += 14;
+      while (*line == ' ' || *line == '\t')
+        line++;
+      if (!*line)
+        rc = gpg_error (GPG_ERR_MISSING_VALUE);
+      else
+        {
+          cmd = line;
+          while (*line && (*line != ' ' && *line != '\t'))
+            line++;
+          if (!*line)
+            rc = gpg_error (GPG_ERR_MISSING_VALUE);
+          else
+            {
+              *line++ = 0;
+              while (*line == ' ' || *line == '\t')
+                line++;
+              if (!*line)
+                rc = gpg_error (GPG_ERR_MISSING_VALUE);
+              else
+                {
+                  cmdopt = line;
+                  if (!command_has_option (cmd, cmdopt))
+                    rc = gpg_error (GPG_ERR_FALSE);
+                }
+            }
+        }
+    }
   else if (!strcmp (line, "socket_name"))
     {
-      const char *s = scd_get_socket_name ();
-
+      s = scd_get_socket_name ();
       if (s)
         rc = assuan_send_data (ctx, s, strlen (s));
       else
@@ -1511,29 +1816,53 @@ cmd_getinfo (assuan_context_t ctx, char *line)
     }
   else if (!strcmp (line, "reader_list"))
     {
-      char *s = apdu_get_reader_list ();
-      if (s)
-        rc = pretty_assuan_send_data (ctx, s, strlen (s));
+#ifdef HAVE_LIBUSB
+      char *p = ccid_get_reader_list ();
+#else
+      char *p = NULL;
+#endif
+
+      if (p)
+        rc = assuan_send_data (ctx, p, strlen (p));
       else
         rc = gpg_error (GPG_ERR_NO_DATA);
-      xfree (s);
+      xfree (p);
     }
   else if (!strcmp (line, "deny_admin"))
     rc = opt.allow_admin? gpg_error (GPG_ERR_GENERAL) : 0;
   else if (!strcmp (line, "app_list"))
     {
-      char *s = get_supported_applications ();
-      if (s)
-        rc = assuan_send_data (ctx, s, strlen (s));
+      char *p = get_supported_applications ();
+      if (p)
+        rc = assuan_send_data (ctx, p, strlen (p));
       else
         rc = 0;
-      xfree (s);
+      xfree (p);
     }
   else if (!strcmp (line, "card_list"))
     {
       ctrl_t ctrl = assuan_get_pointer (ctx);
 
-      app_send_card_list (ctrl);
+      rc = app_send_card_list (ctrl);
+    }
+  else if (!strcmp (line, "active_apps"))
+    {
+      ctrl_t ctrl = assuan_get_pointer (ctx);
+      if (!ctrl->card_ctx)
+        rc = 0; /* No current card - no active apps.  */
+      else
+        rc = app_send_active_apps (ctrl->card_ctx, ctrl);
+    }
+  else if (!strcmp (line, "all_active_apps"))
+    {
+      ctrl_t ctrl = assuan_get_pointer (ctx);
+      rc = app_send_active_apps (NULL, ctrl);
+    }
+  else if ((s=has_leading_keyword (line, "apdu_strerror")))
+    {
+      unsigned long ul = strtoul (s, NULL, 0);
+      s = apdu_strerror (ul);
+      rc = assuan_send_data (ctx, s, strlen (s));
     }
   else
     rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
@@ -1555,14 +1884,15 @@ static gpg_error_t
 cmd_restart (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  app_t app = ctrl->app_ctx;
+  card_t card = ctrl->card_ctx;
 
   (void)line;
 
-  if (app)
+  if (card)
     {
-      ctrl->app_ctx = NULL;
-      release_application (app, 0);
+      ctrl->card_ctx = NULL;
+      ctrl->current_apptype = APPTYPE_NONE;
+      card_unref (card);
     }
   if (locked_session && ctrl->server_local == locked_session)
     {
@@ -1584,10 +1914,10 @@ cmd_disconnect (assuan_context_t ctx, char *line)
 
   (void)line;
 
-  if (!ctrl->app_ctx)
+  if (!ctrl->card_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
-  apdu_disconnect (ctrl->app_ctx->slot);
+  apdu_disconnect (ctrl->card_ctx->slot);
   return 0;
 }
 
@@ -1599,7 +1929,7 @@ static const char hlp_apdu[] =
   "Send an APDU to the current reader.  This command bypasses the high\n"
   "level functions and sends the data directly to the card.  HEXSTRING\n"
   "is expected to be a proper APDU.  If HEXSTRING is not given no\n"
-  "commands are set to the card but the command will implictly check\n"
+  "commands are set to the card but the command will implicitly check\n"
   "whether the card is ready for use. \n"
   "\n"
   "Using the option \"--atr\" returns the ATR of the card as a status\n"
@@ -1616,7 +1946,7 @@ static gpg_error_t
 cmd_apdu (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  app_t app;
+  card_t card;
   int rc;
   unsigned char *apdu;
   size_t apdulen;
@@ -1626,6 +1956,8 @@ cmd_apdu (assuan_context_t ctx, char *line)
   size_t exlen;
 
   if (has_option (line, "--dump-atr"))
+    with_atr = 3;
+  else if (has_option (line, "--data-atr"))
     with_atr = 2;
   else
     with_atr = has_option (line, "--atr");
@@ -1646,8 +1978,8 @@ cmd_apdu (assuan_context_t ctx, char *line)
   if ((rc = open_card (ctrl)))
     return rc;
 
-  app = ctrl->app_ctx;
-  if (!app)
+  card = ctrl->card_ctx;
+  if (!card)
     return gpg_error (GPG_ERR_CARD_NOT_PRESENT);
 
   if (with_atr)
@@ -1656,13 +1988,13 @@ cmd_apdu (assuan_context_t ctx, char *line)
       size_t atrlen;
       char hexbuf[400];
 
-      atr = apdu_get_atr (app->slot, &atrlen);
+      atr = apdu_get_atr (card->slot, &atrlen);
       if (!atr || atrlen > sizeof hexbuf - 2 )
         {
           rc = gpg_error (GPG_ERR_INV_CARD);
           goto leave;
         }
-      if (with_atr == 2)
+      if (with_atr == 3)
         {
           char *string, *p, *pend;
 
@@ -1679,7 +2011,19 @@ cmd_apdu (assuan_context_t ctx, char *line)
                 rc = assuan_send_data (ctx, p, strlen (p));
               es_free (string);
               if (rc)
-                goto leave;
+                {
+                  xfree (atr);
+                  goto leave;
+                }
+            }
+        }
+      else if (with_atr == 2)
+        {
+          rc = assuan_send_data (ctx, atr, atrlen);
+          if (rc)
+            {
+              xfree (atr);
+              goto leave;
             }
         }
       else
@@ -1701,7 +2045,7 @@ cmd_apdu (assuan_context_t ctx, char *line)
       unsigned char *result = NULL;
       size_t resultlen;
 
-      rc = apdu_send_direct (app->slot, exlen,
+      rc = apdu_send_direct (card->slot, exlen,
                              apdu, apdulen, handle_more,
                              NULL, &result, &resultlen);
       if (rc)
@@ -1736,7 +2080,180 @@ cmd_killscd (assuan_context_t ctx, char *line)
 }
 
 
+static const char hlp_keyinfo[] =
+  "KEYINFO [--list[=auth|encr|sign]] [--data] <keygrip>\n"
+  "\n"
+  "Return information about the key specified by the KEYGRIP.  If the\n"
+  "key is not available GPG_ERR_NOT_FOUND is returned.  If the option\n"
+  "--list is given the keygrip is ignored and information about all\n"
+  "available keys are returned.  Capability may limit the listing.\n"
+  "Unless --data is given, the\n"
+  "information is returned as a status line using the format:\n"
+  "\n"
+  "  KEYINFO <keygrip> T <serialno> <idstr>\n"
+  "\n"
+  "KEYGRIP is the keygrip.\n"
+  "\n"
+  "SERIALNO is an ASCII string with the serial number of the\n"
+  "         smartcard.  If the serial number is not known a single\n"
+  "         dash '-' is used instead.\n"
+  "\n"
+  "IDSTR is the IDSTR used to distinguish keys on a smartcard.  If it\n"
+  "      is not known a dash is used instead.\n"
+  "\n"
+  "More information may be added in the future.";
+static gpg_error_t
+cmd_keyinfo (assuan_context_t ctx, char *line)
+{
+  int cap;
+  int opt_data;
+  int action;
+  char *keygrip_str;
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  card_t card;
+
+  opt_data = has_option (line, "--data");
+
+  cap = 0;
+  keygrip_str = NULL;
+  if (has_option (line, "--list"))
+    cap = 0;
+  else if (has_option (line, "--list=sign"))
+    cap = GCRY_PK_USAGE_SIGN;
+  else if (has_option (line, "--list=encr"))
+    cap = GCRY_PK_USAGE_ENCR;
+  else if (has_option (line, "--list=auth"))
+    cap = GCRY_PK_USAGE_AUTH;
+  else
+    keygrip_str = skip_options (line);
+
+  if (opt_data)
+    action = KEYGRIP_ACTION_SEND_DATA;
+  else
+    action = KEYGRIP_ACTION_WRITE_STATUS;
+
+  card = app_do_with_keygrip (ctrl, action, keygrip_str, cap);
+
+  if (keygrip_str && !card)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+  return 0;
+}
+
+
+/* Send a keyinfo string as used by the KEYGRIP_ACTION_SEND_DATA.  If
+ * DATA is true the string is emitted as a data line, else as a status
+ * line.  */
+void
+send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
+              const char *serialno, const char *idstr)
+{
+  char *string;
+  assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+
+  string = xtryasprintf ("%s T %s %s%s", keygrip_str,
+                         serialno? serialno : "-",
+                         idstr? idstr : "-",
+                         data? "\n" : "");
+
+  if (!string)
+    return;
+
+  if (!data)
+    assuan_write_status (ctx, "KEYINFO", string);
+  else
+    assuan_send_data (ctx, string, strlen (string));
+
+  xfree (string);
+  return;
+}
+
+
+static const char hlp_devinfo[] =
+  "DEVINFO [--watch]\n"
+  "\n"
+  "Return information about devices.  If the option --watch is given,\n"
+  "it keeps reporting status change until it detects no device is\n"
+  "available."
+  "The information is returned as a status line using the format:\n"
+  "\n"
+  "  DEVICE <card_type> <serialno> <app_type>\n"
+  "\n"
+  "CARD_TYPE is the type of the card.\n"
+  "\n"
+  "SERIALNO is an ASCII string with the serial number of the\n"
+  "         smartcard.  If the serial number is not known a single\n"
+  "         dash '-' is used instead.\n"
+  "\n"
+  "APP_TYPE is the type of the application.\n"
+  "\n"
+  "More information may be added in the future.";
+static gpg_error_t
+cmd_devinfo (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  int watch = 0;
+
+  if (has_option (line, "--watch"))
+    {
+      watch = 1;
+      ctrl->server_local->watching_status = 1;
+    }
+
+  /* Firstly, send information of available devices.  */
+  err = app_send_devinfo (ctrl);
+
+  /* If not watching, that's all.  */
+  if (!watch)
+    return err;
+
+  if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+    return err;
+
+  /* Secondly, try to open device(s) available.  */
+
+  /* Clear the remove flag so that the open_card is able to reread it.  */
+  if (ctrl->server_local->card_removed)
+    ctrl->server_local->card_removed = 0;
+
+  if ((err = open_card (ctrl))
+      && gpg_err_code (err) != GPG_ERR_ENODEV)
+    return err;
+
+  err = 0;
+
+  /* Remove reference(s) to the card.  */
+  ctrl->card_ctx = NULL;
+  ctrl->current_apptype = APPTYPE_NONE;
+  card_unref (ctrl->card_ctx);
+
+  /* Then, keep watching the status change.  */
+  while (!err)
+    {
+      app_wait ();
+
+      /* Send information of available devices.  */
+      err = app_send_devinfo (ctrl);
+    }
+
+  ctrl->server_local->watching_status = 0;
+  return 0;
+}
 
+/* Return true if the command CMD implements the option OPT.  */
+static int
+command_has_option (const char *cmd, const char *cmdopt)
+{
+  if (!strcmp (cmd, "SERIALNO"))
+    {
+      if (!strcmp (cmdopt, "all"))
+        return 1;
+    }
+
+  return 0;
+}
+
+
 /* Tell the assuan library about our commands */
 static int
 register_commands (assuan_context_t ctx)
@@ -1747,6 +2264,8 @@ register_commands (assuan_context_t ctx)
     const char * const help;
   } table[] = {
     { "SERIALNO",     cmd_serialno, hlp_serialno },
+    { "SWITCHCARD",   cmd_switchcard,hlp_switchcard },
+    { "SWITCHAPP",    cmd_switchapp,hlp_switchapp },
     { "LEARN",        cmd_learn,    hlp_learn },
     { "READCERT",     cmd_readcert, hlp_readcert },
     { "READKEY",      cmd_readkey,  hlp_readkey },
@@ -1771,6 +2290,8 @@ register_commands (assuan_context_t ctx)
     { "DISCONNECT",   cmd_disconnect,hlp_disconnect },
     { "APDU",         cmd_apdu,     hlp_apdu },
     { "KILLSCD",      cmd_killscd,  hlp_killscd },
+    { "KEYINFO",      cmd_keyinfo,  hlp_keyinfo },
+    { "DEVINFO",      cmd_devinfo,  hlp_devinfo },
     { NULL }
   };
   int i, rc;
@@ -1898,34 +2419,6 @@ scd_command_handler (ctrl_t ctrl, int fd)
 }
 
 
-
-/* Send a keyinfo string.  If DATA is true the string is emitted as a
- * data line, else as a status line.  */
-void
-send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
-              const char *serialno, const char *idstr)
-{
-  char *string;
-  assuan_context_t ctx = ctrl->server_local->assuan_ctx;
-
-  string = xtryasprintf ("%s T %s %s%s", keygrip_str,
-                         serialno? serialno : "-",
-                         idstr? idstr : "-",
-                         data? "\n" : "");
-
-  if (!string)
-    return;
-
-  if (!data)
-    assuan_write_status (ctx, "KEYINFO", string);
-  else
-    assuan_send_data (ctx, string, strlen (string));
-
-  xfree (string);
-  return;
-}
-
-
 /* Send a line with status information via assuan and escape all given
    buffers. The variable elements are pairs of (char *, size_t),
    terminated with a (NULL, 0). */
@@ -1992,7 +2485,7 @@ send_status_direct (ctrl_t ctrl, const char *keyword, const char *args)
 
 
 /* This status functions expects a printf style format string.  No
- * filtering of the data is done instead the orintf formatted data is
+ * filtering of the data is done instead the printf formatted data is
  * send using assuan_send_status. */
 gpg_error_t
 send_status_printf (ctrl_t ctrl, const char *keyword, const char *format, ...)
@@ -2011,6 +2504,242 @@ send_status_printf (ctrl_t ctrl, const char *keyword, const char *format, ...)
 }
 
 
+/* Set a gcrypt key for use with the pincache.  The key is a random
+ * key unique for this process and is useless after this process has
+ * terminated.  This way the cached PINs stored in the gpg-agent are
+ * bound to this specific process.  The main purpose of this
+ * encryption is to hide the PIN in logs of the IPC.  */
+static gpg_error_t
+set_key_for_pincache (gcry_cipher_hd_t hd)
+{
+  static int initialized;
+  static unsigned char keybuf[16];
+
+  if (!initialized)
+    {
+      gcry_randomize (keybuf, sizeof keybuf, GCRY_STRONG_RANDOM);
+      initialized = 1;
+    }
+
+  return gcry_cipher_setkey (hd, keybuf, sizeof keybuf);
+}
+
+
+/* Store the PIN in the PIN cache. The key to identify the PIN
+ * consists of (SLOT,APPNAME,PINREF).  If PIN is NULL the PIN stored
+ * under the given key is cleared.  If APPNAME and PINREF are NULL the
+ * entire PIN cache for SLOT is cleared.  If SLOT is -1 the entire PIN
+ * cache is cleared.  We do no use an scdaemon internal cache but let
+ * gpg-agent cache it because it is better suited for this.  */
+void
+pincache_put (ctrl_t ctrl, int slot, const char *appname, const char *pinref,
+              const char *pin, unsigned int pinlen)
+{
+  gpg_error_t err = 0;
+  assuan_context_t ctx;
+  char line[950];
+  gcry_cipher_hd_t cipherhd = NULL;
+  char *pinbuf = NULL;
+  unsigned char *wrappedkey = NULL;
+  size_t pinbuflen, wrappedkeylen;
+
+  if (!ctrl)
+    {
+      /* No CTRL object provided.  We could pick an arbitrary
+       * connection and send the status to that one.  However, such a
+       * connection is inlikley to wait for a respinse from use and
+       * thus it would at best be read as a response to the next
+       * command send to us.  That is not good because it may clog up
+       * our connection.  Thus we better don't do that.  A better will
+       * be to queue this up and let the agent poll for general status
+       * messages.  */
+      /* struct server_local_s *sl; */
+      /* for (sl=session_list; sl; sl = sl->next_session) */
+      /*   if (sl->ctrl_backlink && sl->ctrl_backlink->server_local */
+      /*       && sl->ctrl_backlink->server_local->assuan_ctx) */
+      /*     { */
+      /*       ctrl = sl->ctrl_backlink; */
+      /*       break; */
+      /*     } */
+    }
+
+  if (!ctrl || !ctrl->server_local || !(ctx=ctrl->server_local->assuan_ctx))
+    return;
+  if (pin && !pinlen)
+    return;  /* Ignore an empty PIN.  */
+
+  snprintf (line, sizeof line, "%d/%s/%s ",
+            slot, appname? appname:"", pinref? pinref:"");
+
+  /* Without an APPNAME etc or without a PIN we clear the cache and
+   * thus there is no need to send the pin - even if the caller
+   * accidentally passed a pin.  */
+  if (pin && slot != -1 && appname && pinref)
+    {
+      /* FIXME: Replace this by OCB mode and use the cache key as
+       * additional data.  */
+      /* Pad with zeroes (AESWRAP requires multiples of 64 bit but
+       * at least 128 bit data).  */
+      pinbuflen = pinlen + 8 - (pinlen % 8);
+      if (pinbuflen < 16)
+        pinbuflen = 16;
+      pinbuf = xtrycalloc_secure (1, pinbuflen);
+      if (!pinbuf)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      memcpy (pinbuf, pin, pinlen);
+      pinlen = pinbuflen;
+      pin = pinbuf;
+
+      err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
+                              GCRY_CIPHER_MODE_AESWRAP, 0);
+      if (!err)
+        err = set_key_for_pincache (cipherhd);
+      if (err)
+        goto leave;
+
+      wrappedkeylen = pinlen + 8;
+      wrappedkey = xtrymalloc (wrappedkeylen);
+      if (!wrappedkey)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen,
+                                 pin, pinlen);
+      if (err)
+        goto leave;
+      gcry_cipher_close (cipherhd);
+      cipherhd = NULL;
+      if (strlen (line) + 2*wrappedkeylen + 1 >= sizeof line)
+        {
+          log_error ("%s: PIN or pinref string too long - ignored", __func__);
+          goto leave;
+        }
+      bin2hex (wrappedkey, wrappedkeylen, line + strlen (line));
+    }
+
+  send_status_direct (ctrl, "PINCACHE_PUT", line);
+
+ leave:
+  xfree (pinbuf);
+  xfree (wrappedkey);
+  gcry_cipher_close (cipherhd);
+  if (err)
+    log_error ("%s: error caching PIN: %s\n", __func__, gpg_strerror (err));
+}
+
+
+/* Ask the agent for a cached PIN for the tuple (SLOT,APPNAME,PINREF).
+ * Returns on success and stores the PIN at R_PIN; the caller needs to
+ * wipe(!)  and then free that value.  On error NULL is stored at
+ * R_PIN and an error code returned.  Common error codes are:
+ *  GPG_ERR_NOT_SUPPORTED - Client does not support the PIN cache
+ *  GPG_ERR_NO_DATA       - No PIN cached for the given key tuple
+ */
+gpg_error_t
+pincache_get (ctrl_t ctrl, int slot, const char *appname, const char *pinref,
+              char **r_pin)
+{
+  gpg_error_t err;
+  assuan_context_t ctx;
+  char command[512];
+  unsigned char *value = NULL;
+  size_t valuelen;
+  unsigned char *wrappedkey = NULL;
+  size_t wrappedkeylen;
+  gcry_cipher_hd_t cipherhd = NULL;
+
+  if (slot == -1 || !appname || !pinref || !r_pin)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+  if (!ctrl || !ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx))
+    {
+      err = gpg_error (GPG_ERR_USE_CONDITIONS);
+      log_error ("%s: called w/o assuan context\n", __func__);
+      goto leave;
+    }
+
+  snprintf (command, sizeof command, "PINCACHE_GET %d/%s/%s",
+            slot, appname? appname:"", pinref? pinref:"");
+
+  /* Limit the inquire to something reasonable.  The 32 extra bytes
+   * are a guessed size for padding etc.  */
+  err = assuan_inquire (ctx, command, &wrappedkey, &wrappedkeylen,
+                        2*MAXLEN_PIN+32);
+  if (gpg_err_code (err) == GPG_ERR_ASS_CANCELED)
+    {
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      log_info ("caller does not feature a PIN cache");
+      goto leave;
+    }
+  if (err)
+    {
+      log_error ("%s: sending PINCACHE_GET to caller failed: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+  if (!wrappedkey || !wrappedkeylen)
+    {
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
+
+  /* Convert to hex to binary and store it in (wrappedkey, wrappedkeylen).  */
+  if (!hex2str (wrappedkey, wrappedkey, wrappedkeylen, &wrappedkeylen))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("%s: caller returned invalid hex string: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  if (!wrappedkey || wrappedkeylen < 24)
+    {
+      err = gpg_error (GPG_ERR_INV_LENGTH); /* too short cryptogram */
+      goto leave;
+    }
+
+  valuelen = wrappedkeylen - 8;
+  value = xtrymalloc_secure (valuelen);
+  if (!value)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
+                          GCRY_CIPHER_MODE_AESWRAP, 0);
+  if (!err)
+    err = set_key_for_pincache (cipherhd);
+  if (err)
+    goto leave;
+
+  err = gcry_cipher_decrypt (cipherhd, value, valuelen,
+                             wrappedkey, wrappedkeylen);
+  if (err)
+    {
+      log_error ("%s: cached value could not be decrypted: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  *r_pin = value;
+  value = NULL;
+
+ leave:
+  gcry_cipher_close (cipherhd);
+  xfree (wrappedkey);
+  xfree (value);
+  return err;
+}
+
+
 void
 popup_prompt (void *opaque, int on)
 {
@@ -2039,9 +2768,10 @@ popup_prompt (void *opaque, int on)
 }
 
 
-/* Helper to send the clients a status change notification.  */
+/* Helper to send the clients a status change notification.  Note that
+ * this function assumes that APP is already locked.  */
 void
-send_client_notifications (app_t app, int removal)
+send_client_notifications (card_t card, int removal)
 {
   struct {
     pid_t pid;
@@ -2056,75 +2786,86 @@ send_client_notifications (app_t app, int removal)
   struct server_local_s *sl;
 
   for (sl=session_list; sl; sl = sl->next_session)
-    if (sl->ctrl_backlink && sl->ctrl_backlink->app_ctx == app)
-      {
-        pid_t pid;
+    {
+      if (sl->watching_status)
+        {
+          if (removal)
+            assuan_write_status (sl->assuan_ctx, "DEVINFO_STATUS", "removal");
+          else
+            assuan_write_status (sl->assuan_ctx, "DEVINFO_STATUS", "new");
+        }
+
+      if (sl->ctrl_backlink && sl->ctrl_backlink->card_ctx == card)
+        {
+          pid_t pid;
 #ifdef HAVE_W32_SYSTEM
-        HANDLE handle;
+          HANDLE handle;
 #else
-        int signo;
+          int signo;
 #endif
 
-        if (removal)
-          {
-            sl->ctrl_backlink->app_ctx = NULL;
-            sl->card_removed = 1;
-            release_application (app, 1);
-          }
+          if (removal)
+            {
+              sl->ctrl_backlink->card_ctx = NULL;
+              sl->ctrl_backlink->current_apptype = APPTYPE_NONE;
+              sl->card_removed = 1;
+              card_unref_locked (card);
+            }
 
-        if (!sl->event_signal || !sl->assuan_ctx)
-          continue;
+          if (!sl->event_signal || !sl->assuan_ctx)
+            continue;
 
-        pid = assuan_get_pid (sl->assuan_ctx);
+          pid = assuan_get_pid (sl->assuan_ctx);
 
 #ifdef HAVE_W32_SYSTEM
-        handle = sl->event_signal;
-        for (kidx=0; kidx < killidx; kidx++)
-          if (killed[kidx].pid == pid
-              && killed[kidx].handle == handle)
-            break;
-        if (kidx < killidx)
-          log_info ("event %p (%p) already triggered for client %d\n",
-                    sl->event_signal, handle, (int)pid);
-        else
-          {
-            log_info ("triggering event %p (%p) for client %d\n",
+          handle = sl->event_signal;
+          for (kidx=0; kidx < killidx; kidx++)
+            if (killed[kidx].pid == pid
+                && killed[kidx].handle == handle)
+              break;
+          if (kidx < killidx)
+            log_info ("event %p (%p) already triggered for client %d\n",
                       sl->event_signal, handle, (int)pid);
-            if (!SetEvent (handle))
-              log_error ("SetEvent(%p) failed: %s\n",
-                         sl->event_signal, w32_strerror (-1));
-            if (killidx < DIM (killed))
-              {
-                killed[killidx].pid = pid;
-                killed[killidx].handle = handle;
-                killidx++;
-              }
-          }
+          else
+            {
+              log_info ("triggering event %p (%p) for client %d\n",
+                        sl->event_signal, handle, (int)pid);
+              if (!SetEvent (handle))
+                log_error ("SetEvent(%p) failed: %s\n",
+                           sl->event_signal, w32_strerror (-1));
+              if (killidx < DIM (killed))
+                {
+                  killed[killidx].pid = pid;
+                  killed[killidx].handle = handle;
+                  killidx++;
+                }
+            }
 #else /*!HAVE_W32_SYSTEM*/
-        signo = sl->event_signal;
-
-        if (pid != (pid_t)(-1) && pid && signo > 0)
-          {
-            for (kidx=0; kidx < killidx; kidx++)
-              if (killed[kidx].pid == pid
-                  && killed[kidx].signo == signo)
-                break;
-            if (kidx < killidx)
-              log_info ("signal %d already sent to client %d\n",
-                        signo, (int)pid);
-            else
-              {
-                log_info ("sending signal %d to client %d\n",
+          signo = sl->event_signal;
+
+          if (pid != (pid_t)(-1) && pid && signo > 0)
+            {
+              for (kidx=0; kidx < killidx; kidx++)
+                if (killed[kidx].pid == pid
+                    && killed[kidx].signo == signo)
+                  break;
+              if (kidx < killidx)
+                log_info ("signal %d already sent to client %d\n",
                           signo, (int)pid);
-                kill (pid, signo);
-                if (killidx < DIM (killed))
-                  {
-                    killed[killidx].pid = pid;
-                    killed[killidx].signo = signo;
-                    killidx++;
-                  }
-              }
-          }
+              else
+                {
+                  log_info ("sending signal %d to client %d\n",
+                            signo, (int)pid);
+                  kill (pid, signo);
+                  if (killidx < DIM (killed))
+                    {
+                      killed[killidx].pid = pid;
+                      killed[killidx].signo = signo;
+                      killidx++;
+                    }
+                }
+            }
 #endif /*!HAVE_W32_SYSTEM*/
-      }
+        }
+    }
 }
diff --git a/scd/iso7816.c b/scd/iso7816.c
index c878a03..e8ee58d 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -23,26 +23,16 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(GNUPG_SCD_MAIN_HEADER)
-#include GNUPG_SCD_MAIN_HEADER
-#elif GNUPG_MAJOR_VERSION == 1
-/* This is used with GnuPG version < 1.9.  The code has been source
-   copied from the current GnuPG >= 1.9  and is maintained over
-   there. */
-#include "options.h"
-#include "errors.h"
-#include "memory.h"
-#include "../common/util.h"
-#include "../common/i18n.h"
-#else /* GNUPG_MAJOR_VERSION != 1 */
-#include "scdaemon.h"
-#endif /* GNUPG_MAJOR_VERSION != 1 */
+#if defined(GNUPG_MAJOR_VERSION)
+# include "scdaemon.h"
+#endif /*GNUPG_MAJOR_VERSION*/
 
 #include "iso7816.h"
 #include "apdu.h"
 
 
 #define CMD_SELECT_FILE 0xA4
+#define CMD_SELECT_DATA 0xA5
 #define CMD_VERIFY                ISO7816_VERIFY
 #define CMD_CHANGE_REFERENCE_DATA ISO7816_CHANGE_REFERENCE_DATA
 #define CMD_RESET_RETRY_COUNTER   ISO7816_RESET_RETRY_COUNTER
@@ -56,6 +46,7 @@
 #define CMD_GET_CHALLENGE         0x84
 #define CMD_READ_BINARY 0xB0
 #define CMD_READ_RECORD 0xB2
+#define CMD_UPDATE_BINARY 0xD6
 
 static gpg_error_t
 map_sw (int sw)
@@ -67,6 +58,7 @@ map_sw (int sw)
     case SW_EEPROM_FAILURE: ec = GPG_ERR_HARDWARE; break;
     case SW_TERM_STATE:     ec = GPG_ERR_OBJ_TERM_STATE; break;
     case SW_WRONG_LENGTH:   ec = GPG_ERR_INV_VALUE; break;
+    case SW_ACK_TIMEOUT:    ec = GPG_ERR_TIMEOUT; break;
     case SW_SM_NOT_SUP:     ec = GPG_ERR_NOT_SUPPORTED; break;
     case SW_CC_NOT_SUP:     ec = GPG_ERR_NOT_SUPPORTED; break;
     case SW_FILE_STRUCT:    ec = GPG_ERR_CARD; break;
@@ -107,6 +99,8 @@ map_sw (int sw)
     case SW_HOST_USB_BUSY:       ec = GPG_ERR_EBUSY; break;
     case SW_HOST_USB_TIMEOUT:    ec = GPG_ERR_TIMEOUT; break;
     case SW_HOST_USB_OVERFLOW:   ec = GPG_ERR_EOVERFLOW; break;
+    case SW_HOST_UI_CANCELLED:   ec = GPG_ERR_CANCELED; break;
+    case SW_HOST_UI_TIMEOUT:     ec = GPG_ERR_TIMEOUT; break;
 
     default:
       if ((sw & 0x010000))
@@ -252,6 +246,39 @@ iso7816_list_directory (int slot, int list_dirs,
 }
 
 
+/* Wrapper around apdu_send. RESULT can be NULL if no result is
+ * expected.  In addition to an gpg-error return code the actual
+ * status word is stored at R_SW unless that is NULL.  */
+gpg_error_t
+iso7816_send_apdu (int slot, int extended_mode,
+                   int class, int ins, int p0, int p1,
+                   int lc, const void *data,
+                   unsigned int *r_sw,
+                   unsigned char **result, size_t *resultlen)
+{
+  int sw;
+
+  if (result)
+    {
+      *result = NULL;
+      *resultlen = 0;
+    }
+
+  sw = apdu_send (slot, extended_mode, class, ins, p0, p1, lc, data,
+                  result, resultlen);
+  if (sw != SW_SUCCESS && result)
+    {
+      /* Make sure that pending buffers are released. */
+      xfree (*result);
+      *result = NULL;
+      *resultlen = 0;
+    }
+  if (r_sw)
+    *r_sw = sw;
+  return map_sw (sw);
+}
+
+
 /* This function sends an already formatted APDU to the card.  With
    HANDLE_MORE set to true a MORE DATA status will be handled
    internally.  The return value is a gpg error code (i.e. a mapped
@@ -444,6 +471,44 @@ iso7816_reset_retry_counter (int slot, int chvno,
 }
 
 
+/* Perform a SELECT DATA command to OCCURANCE of TAG.  */
+gpg_error_t
+iso7816_select_data (int slot, int occurrence, int tag)
+{
+  int sw;
+  int datalen;
+  unsigned char data[7];
+
+  data[0] = 0x60;
+  data[2] = 0x5c;
+  if (tag <= 0xff)
+    {
+      data[3] = 1;
+      data[4] = tag;
+      datalen = 5;
+    }
+  else if (tag <= 0xffff)
+    {
+      data[3] = 2;
+      data[4] = (tag >> 8);
+      data[5] = tag;
+      datalen = 6;
+    }
+  else
+    {
+      data[3] = 3;
+      data[4] = (tag >> 16);
+      data[5] = (tag >> 8);
+      data[6] = tag;
+      datalen = 7;
+    }
+  data[1] = datalen - 2;
+
+  sw = apdu_send_le (slot, 0, 0x00, CMD_SELECT_DATA,
+                     occurrence, 0x04, datalen, data, 0, NULL, NULL);
+  return map_sw (sw);
+}
+
 
 /* Perform a GET DATA command requesting TAG and storing the result in
    a newly allocated buffer at the address passed by RESULT.  Return
@@ -483,6 +548,70 @@ iso7816_get_data (int slot, int extended_mode, int tag,
 }
 
 
+/* Perform a GET DATA command requesting TAG and storing the result in
+ * a newly allocated buffer at the address passed by RESULT.  Return
+ * the length of this data at the address of RESULTLEN.  This variant
+ * is needed for long (3 octet) tags. */
+gpg_error_t
+iso7816_get_data_odd (int slot, int extended_mode, unsigned int tag,
+                      unsigned char **result, size_t *resultlen)
+{
+  int sw;
+  int le;
+  int datalen;
+  unsigned char data[5];
+
+  if (!result || !resultlen)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  *result = NULL;
+  *resultlen = 0;
+
+  if (extended_mode > 0 && extended_mode < 256)
+    le = 65534; /* Not 65535 in case it is used as some special flag.  */
+  else if (extended_mode > 0)
+    le = extended_mode;
+  else
+    le = 256;
+
+  data[0] = 0x5c;
+  if (tag <= 0xff)
+    {
+      data[1] = 1;
+      data[2] = tag;
+      datalen = 3;
+    }
+  else if (tag <= 0xffff)
+    {
+      data[1] = 2;
+      data[2] = (tag >> 8);
+      data[3] = tag;
+      datalen = 4;
+    }
+  else
+    {
+      data[1] = 3;
+      data[2] = (tag >> 16);
+      data[3] = (tag >> 8);
+      data[4] = tag;
+      datalen = 5;
+    }
+
+  sw = apdu_send_le (slot, extended_mode, 0x00, CMD_GET_DATA + 1,
+                     0x3f, 0xff, datalen, data, le,
+                     result, resultlen);
+  if (sw != SW_SUCCESS)
+    {
+      /* Make sure that pending buffers are released. */
+      xfree (*result);
+      *result = NULL;
+      *resultlen = 0;
+      return map_sw (sw);
+    }
+
+  return 0;
+}
+
+
 /* Perform a PUT DATA command on card in SLOT.  Write DATA of length
    DATALEN to TAG.  EXTENDED_MODE controls whether extended length
    headers or command chaining is used instead of single length
@@ -514,7 +643,7 @@ iso7816_put_data_odd (int slot, int extended_mode, int tag,
 
 /* Manage Security Environment.  This is a weird operation and there
    is no easy abstraction for it.  Furthermore, some card seem to have
-   a different interpreation of 7816-8 and thus we resort to let the
+   a different interpretation of 7816-8 and thus we resort to let the
    caller decide what to do. */
 gpg_error_t
 iso7816_manage_security_env (int slot, int p1, int p2,
@@ -532,7 +661,7 @@ iso7816_manage_security_env (int slot, int p1, int p2,
 
 
 /* Perform the security operation COMPUTE DIGITAL SIGANTURE.  On
-   success 0 is returned and the data is availavle in a newly
+   success 0 is returned and the data is available in a newly
    allocated buffer stored at RESULT with its length stored at
    RESULTLEN.  For LE see do_generate_keypair. */
 gpg_error_t
@@ -640,7 +769,6 @@ iso7816_pso_csv (int slot, int extended_mode,
 {
   int sw;
   unsigned char *buf;
-  unsigned int nbuf;
 
   if (!data || !datalen || !result || !resultlen)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -652,29 +780,16 @@ iso7816_pso_csv (int slot, int extended_mode,
   else if (le >= 0 && le < 256)
     le = 256;
 
-  /* Data needs to be in BER-TLV format. */
-  buf = xtrymalloc (datalen + 4);
+  /* Data needds to be TLV format. */
+  buf = xtrymalloc (datalen + 2);
   if (!buf)
     return gpg_error_from_syserror ();
-  nbuf = 0;
-  buf[nbuf++] = 0x9c;
-  if (datalen < 128)
-    buf[nbuf++] = datalen;
-  else if (datalen < 256)
-    {
-      buf[nbuf++] = 0x81;
-      buf[nbuf++] = datalen;
-    }
-  else
-    {
-      buf[nbuf++] = 0x82;
-      buf[nbuf++] = datalen << 8;
-      buf[nbuf++] = datalen;
-    }
-  memcpy (buf+nbuf, data, datalen);
+  buf[0] = 0x9c;
+  buf[1] = datalen;
+  memcpy (buf+2, data, datalen);
   sw = apdu_send_le (slot, extended_mode,
                      0x00, CMD_PSO, 0x80, 0xa6,
-                     datalen+nbuf, (const char *)buf, le,
+                     datalen+2, (const char *)buf, le,
                      result, resultlen);
   xfree (buf);
   if (sw != SW_SUCCESS)
@@ -1025,6 +1140,7 @@ iso7816_read_record_ext (int slot, int recno, int reccount, int short_ef,
   return 0;
 }
 
+
 gpg_error_t
 iso7816_read_record (int slot, int recno, int reccount, int short_ef,
                      unsigned char **result, size_t *resultlen)
@@ -1032,3 +1148,23 @@ iso7816_read_record (int slot, int recno, int reccount, int short_ef,
   return iso7816_read_record_ext (slot, recno, reccount, short_ef,
                                   result, resultlen, NULL);
 }
+
+
+/* Perform an UPDATE BINARY command on card in SLOT.  Write DATA of
+ * length DATALEN to a transparent file at OFFSET.  */
+gpg_error_t
+iso7816_update_binary (int slot, int extended_mode, size_t offset,
+                       const void *data, size_t datalen)
+{
+  int sw;
+
+  /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
+   * we check for this limit. */
+  if (offset > 32767)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  sw = apdu_send_simple (slot, extended_mode, 0x00, CMD_UPDATE_BINARY,
+                         ((offset>>8) & 0xff), (offset & 0xff),
+                         datalen, (const char*)data);
+  return map_sw (sw);
+}
diff --git a/scd/iso7816.h b/scd/iso7816.h
index d22f0be..67b9f47 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -69,9 +69,14 @@ gpg_error_t iso7816_select_mf (int slot);
 gpg_error_t iso7816_select_file (int slot, int tag, int is_dir);
 gpg_error_t iso7816_select_path (int slot,
                                  const unsigned short *path, size_t pathlen,
-                                 unsigned short top_df);
+                                 unsigned short topdf);
 gpg_error_t iso7816_list_directory (int slot, int list_dirs,
                                     unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_send_apdu (int slot, int extended_mode,
+                               int class, int ins, int p0, int p1,
+                               int lc, const void *data,
+                               unsigned int *r_sw,
+                               unsigned char **result, size_t *resultlen);
 gpg_error_t iso7816_apdu_direct (int slot,
                                  const void *apdudata, size_t apdudatalen,
                                  int handle_more, unsigned int *r_sw,
@@ -93,8 +98,11 @@ gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
 gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
                                                  const char *data,
                                                  size_t datalen);
+gpg_error_t iso7816_select_data (int slot, int occurrence, int tag);
 gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag,
                               unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_get_data_odd (int slot, int extended_mode, unsigned int tag,
+                                  unsigned char **result, size_t *resultlen);
 gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag,
                               const void *data, size_t datalen);
 gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag,
@@ -150,5 +158,7 @@ gpg_error_t iso7816_read_record_ext (int slot, int recno, int reccount,
 gpg_error_t iso7816_read_record (int slot, int recno, int reccount,
                                  int short_ef,
                                  unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_update_binary (int slot, int extended_mode, size_t offset,
+                                   const void *data, size_t datalen);
 
 #endif /*ISO7816_H*/
diff --git a/scd/scdaemon-w32info.rc b/scd/scdaemon-w32info.rc
index c1dae54..aa0eba4 100644
--- a/scd/scdaemon-w32info.rc
+++ b/scd/scdaemon-w32info.rc
@@ -48,5 +48,3 @@
       VALUE "Translation", 0x409, 0x4b0
     END
   END
-
-1 RT_MANIFEST "scdaemon.w32-manifest"
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index b62f5b6..eddc832 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -28,7 +28,6 @@
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <time.h>
 #include <fcntl.h>
 #ifndef HAVE_W32_SYSTEM
@@ -101,15 +100,14 @@ enum cmd_and_opt_values
   oAllowAdmin,
   oDenyAdmin,
   oDisableApplication,
+  oApplicationPriority,
   oEnablePinpadVarlen,
-  oListenBacklog,
-
-  oNoop
+  oListenBacklog
 };
 
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
   ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
 
@@ -169,6 +167,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen",
                 N_("use variable length input for pinpad")),
   ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
+  ARGPARSE_s_s (oApplicationPriority, "application-priority",
+                N_("|LIST|change the application priority to LIST")),
   ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
 
 
@@ -178,8 +178,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDenyAdmin, "deny-admin",
                 N_("deny the use of admin card commands")),
 
-  /* Stubs for options which are implemented by 2.3 or later.  */
-  ARGPARSE_s_s (oNoop, "application-priority", "@"),
 
   ARGPARSE_end ()
 };
@@ -195,9 +193,9 @@ static struct debug_flags_s debug_flags [] =
     { DBG_MEMSTAT_VALUE, "memstat" },
     { DBG_HASHING_VALUE, "hashing" },
     { DBG_IPC_VALUE    , "ipc"     },
-    { DBG_CARD_VALUE   , "card"    },
     { DBG_CARD_IO_VALUE, "cardio"  },
     { DBG_READER_VALUE , "reader"  },
+    { DBG_APP_VALUE    , "app"     },
     { 0, NULL }
   };
 
@@ -437,7 +435,7 @@ setup_signal_mask (void)
 int
 main (int argc, char **argv )
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   char *last_configname = NULL;
@@ -459,9 +457,10 @@ main (int argc, char **argv )
   struct assuan_malloc_hooks malloc_hooks;
   int res;
   npth_t pipecon_handler;
+  const char *application_priority = NULL;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
   /* Please note that we may running SUID(ROOT), so be very CAREFUL
      when adding any stuff between here and the call to INIT_SECMEM()
@@ -502,7 +501,7 @@ main (int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -518,18 +517,20 @@ main (int argc, char **argv )
   /* Reset the flags.  */
   pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
 
-  /* Initialize the secure memory. */
+  /* initialize the secure memory. */
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
   maybe_setuid = 0;
 
   /*
-   * Now we are working under our real uid
-   */
+     Now we are working under our real uid
+  */
 
   /* The configuraton directories for use by gpgrt_argparser.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
+  /* We are re-using the struct, thus the reset flag.  We OR the
+   * flags so that the internal intialized flag won't be cleared. */
   argc = orig_argc;
   argv = orig_argv;
   pargs.argc = &argc;
@@ -538,7 +539,7 @@ main (int argc, char **argv )
                    | ARGPARSE_FLAG_KEEP
                    | ARGPARSE_FLAG_SYS
                    | ARGPARSE_FLAG_USER);
-  while (gnupg_argparser (&pargs, opts, SCDAEMON_NAME EXTSEP_S "conf"))
+  while (gpgrt_argparser (&pargs, opts, SCDAEMON_NAME EXTSEP_S "conf"))
     {
       switch (pargs.r_opt)
         {
@@ -618,14 +619,16 @@ main (int argc, char **argv )
           add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
           break;
 
+        case oApplicationPriority:
+          application_priority = pargs.r.ret_str;
+          break;
+
         case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
 
         case oListenBacklog:
           listen_backlog = pargs.r.ret_int;
           break;
 
-        case oNoop: break;
-
         default:
           if (configname)
             pargs.err = ARGPARSE_PRINT_WARNING;
@@ -634,12 +637,13 @@ main (int argc, char **argv )
           break;
         }
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (!last_configname)
-    config_filename = make_filename (gnupg_homedir (),
-                                     SCDAEMON_NAME EXTSEP_S "conf",
-                                     NULL);
+    config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                         SCDAEMON_NAME EXTSEP_S "conf",
+                                         NULL);
   else
     {
       config_filename = last_configname;
@@ -654,8 +658,8 @@ main (int argc, char **argv )
   if (greeting)
     {
       es_fprintf (es_stderr, "%s %s; %s\n",
-                  strusage(11), strusage(13), strusage(14) );
-      es_fprintf (es_stderr, "%s\n", strusage(15) );
+                  gpgrt_strusage (11),gpgrt_strusage (13),gpgrt_strusage (14));
+      es_fprintf (es_stderr, "%s\n", gpgrt_strusage (15));
     }
 #ifdef IS_DEVELOPMENT_VERSION
   log_info ("NOTE: this is a development version!\n");
@@ -692,34 +696,10 @@ main (int argc, char **argv )
   if (gpgconf_list)
     {
       /* List options and default values in the GPG Conf format.  */
-      char *filename_esc;
-
-      filename_esc = percent_escape (config_filename, NULL);
-      es_printf ("%s-%s.conf:%lu:\"%s\n",
-                 GPGCONF_NAME, SCDAEMON_NAME,
-                 GC_OPT_FLAG_DEFAULT, filename_esc);
-      xfree (filename_esc);
-
-      es_printf ("verbose:%lu:\n"
-                 "quiet:%lu:\n"
-                 "debug-level:%lu:\"none:\n"
-                 "log-file:%lu:\n",
-                 GC_OPT_FLAG_NONE,
-                 GC_OPT_FLAG_NONE,
-                 GC_OPT_FLAG_DEFAULT,
-                 GC_OPT_FLAG_NONE );
-
-      es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE );
-      es_printf ("ctapi-driver:%lu:\n", GC_OPT_FLAG_NONE );
+      es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
       es_printf ("pcsc-driver:%lu:\"%s:\n",
-              GC_OPT_FLAG_DEFAULT, DEFAULT_PCSC_DRIVER );
-#ifdef HAVE_LIBUSB
-      es_printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE );
-#endif
-      es_printf ("deny-admin:%lu:\n", GC_OPT_FLAG_NONE );
-      es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
+                 GC_OPT_FLAG_DEFAULT, DEFAULT_PCSC_DRIVER );
       es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
-      es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
 
       scd_exit (0);
     }
@@ -728,7 +708,9 @@ main (int argc, char **argv )
   if (logfile)
     {
       log_set_file (logfile);
-      log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
+      log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+                             | GPGRT_LOG_WITH_TIME
+                             | GPGRT_LOG_WITH_PID));
     }
 
   if (debug_wait && pipe_server)
@@ -739,6 +721,9 @@ main (int argc, char **argv )
       log_debug ("... okay\n");
     }
 
+  if (application_priority)
+    app_update_priority_list (application_priority);
+
   if (pipe_server)
     {
       /* This is the simple pipe based server */
@@ -956,7 +941,6 @@ main (int argc, char **argv )
   return 0;
 }
 
-
 void
 scd_exit (int rc)
 {
@@ -1048,7 +1032,7 @@ handle_signal (int signo)
       if (shutdown_pending > 2)
         {
           log_info ("shutdown forced\n");
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+          log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
           cleanup ();
           scd_exit (0);
         }
@@ -1056,7 +1040,7 @@ handle_signal (int signo)
 
     case SIGINT:
       log_info ("SIGINT received - immediate shutdown\n");
-      log_info( "%s %s stopped\n", strusage(11), strusage(13));
+      log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
       cleanup ();
       scd_exit (0);
       break;
@@ -1071,7 +1055,7 @@ handle_signal (int signo)
 /* Create a name for the socket.  We check for valid characters as
    well as against a maximum allowed length for a unix domain socket
    is done.  The function terminates the process in case of an error.
-   Retunrs: Pointer to an allcoated string with the absolute name of
+   Returns: Pointer to an allocated string with the absolute name of
    the socket used.  */
 static char *
 create_socket_name (char *standard_name)
@@ -1235,7 +1219,7 @@ scd_kick_the_loop (void)
 #else
   int ret = kill (main_thread_pid, SIGCONT);
   if (ret < 0)
-    log_error ("sending signal for scd_kick_the_loop failed: %s\n",
+    log_error ("SetEvent for scd_kick_the_loop failed: %s\n",
                gpg_strerror (gpg_error_from_syserror ()));
 #endif
 }
@@ -1291,8 +1275,6 @@ handle_connections (int listen_fd)
 
     events[0] = the_event = INVALID_HANDLE_VALUE;
     events[1] = INVALID_HANDLE_VALUE;
-    /* Create event for manual reset, initially non-signaled.  Make it
-     * waitable and inheritable.  */
     h = CreateEvent (&sa, TRUE, FALSE, NULL);
     if (!h)
       log_error ("can't create scd event: %s\n", w32_strerror (-1) );
@@ -1442,7 +1424,7 @@ handle_connections (int listen_fd)
   close (pipe_fd[1]);
 #endif
   cleanup ();
-  log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
+  log_info (_("%s %s stopped\n"), gpgrt_strusage(11), gpgrt_strusage(13));
   npth_attr_destroy (&tattr);
 }
 
diff --git a/scd/scdaemon.h b/scd/scdaemon.h
index bb7c1b0..9ff72c1 100644
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -69,27 +69,28 @@ struct
 } opt;
 
 
+#define DBG_APP_VALUE     1     /* Debug app speific stuff.  */
 #define DBG_MPI_VALUE	  2	/* debug mpi details */
 #define DBG_CRYPTO_VALUE  4	/* debug low level crypto */
-#define DBG_CARD_VALUE    16    /* debug card info  */
 #define DBG_MEMORY_VALUE  32	/* debug memory allocation stuff */
 #define DBG_CACHE_VALUE   64	/* debug the caching */
 #define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
 #define DBG_HASHING_VALUE 512	/* debug hashing operations */
 #define DBG_IPC_VALUE     1024
-#define DBG_CARD_IO_VALUE 2048  /* debug card I/O (e.g. APDUs).  */
+#define DBG_CARD_IO_VALUE 2048
 #define DBG_READER_VALUE  4096  /* Trace reader related functions.  */
 
+#define DBG_APP     (opt.debug & DBG_APP_VALUE)
 #define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
 #define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
 #define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
 #define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
-#define DBG_CARD    (opt.debug & DBG_CARD_VALUE)
 #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
 #define DBG_READER  (opt.debug & DBG_READER_VALUE)
 
 struct server_local_s;
+struct card_ctx_s;
 struct app_ctx_s;
 
 struct server_control_s
@@ -107,7 +108,12 @@ struct server_control_s
      associated.  Note that this is shared with the other connections:
      All connections accessing the same reader are using the same
      application context. */
-  struct app_ctx_s *app_ctx;
+  struct card_ctx_s *card_ctx;
+
+  /* The currently active application for this context.  We need to
+   * know this for cards which are able to switch on the fly between
+   * apps.  */
+  apptype_t current_apptype;
 
   /* Helper to store the value we are going to sign */
   struct
@@ -125,21 +131,31 @@ const char *scd_get_socket_name (void);
 /*-- command.c --*/
 gpg_error_t initialize_module_command (void);
 int  scd_command_handler (ctrl_t, int);
-void send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
-                   const char *serialno, const char *idstr);
 void send_status_info (ctrl_t ctrl, const char *keyword, ...)
      GPGRT_ATTR_SENTINEL(1);
-gpg_error_t send_status_direct (ctrl_t ctrl, const char *keyword,
-                                const char *args);
+gpg_error_t send_status_direct (ctrl_t ctrl,
+                                const char *keyword, const char *args);
 gpg_error_t send_status_printf (ctrl_t ctrl, const char *keyword,
                                 const char *format, ...) GPGRT_ATTR_PRINTF(3,4);
+void send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
+                   const char *serialno, const char *idstr);
+
+void pincache_put (ctrl_t ctrl, int slot, const char *appname,
+                   const char *pinref, const char *pin, unsigned int pinlen);
+gpg_error_t pincache_get (ctrl_t ctrl, int slot, const char *appname,
+                          const char *pinref, char **r_pin);
 
 void popup_prompt (void *opaque, int on);
-void send_client_notifications (app_t app, int removal);
+
+/* Take care: this function assumes that CARD is locked.  */
+void send_client_notifications (card_t card, int removal);
+
 void scd_kick_the_loop (void);
 int get_active_connection_count (void);
 
 /*-- app.c --*/
 int scd_update_reader_status_file (void);
+void app_wait (void);
+gpg_error_t app_send_devinfo (ctrl_t ctrl);
 
 #endif /*SCDAEMON_H*/
diff --git a/scd/scdaemon.w32-manifest.in b/scd/scdaemon.w32-manifest.in
deleted file mode 100644
index 22dabb6..0000000
--- a/scd/scdaemon.w32-manifest.in
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
-<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-<description>GNU Privacy Guard (Scmartcard daemon)</description>
-<assemblyIdentity
-    type="win32"
-    name="GnuPG.scdaemon"
-    version="@BUILD_VERSION@"
-    />
-<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
-  <application>
-    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><!-- 10 -->
-    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><!-- 8.1 -->
-    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><!-- 8 -->
-    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><!-- 7 -->
-    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><!-- Vista -->
-  </application>
-</compatibility>
-</assembly>
diff --git a/sm/Makefile.am b/sm/Makefile.am
index 0bc7640..9e768aa 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -17,20 +17,25 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc gpgsm.w32-manifest.in
+EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc
 
 bin_PROGRAMS = gpgsm
+noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+if DISABLE_TESTS
+TESTS =
+else
+TESTS = $(module_tests)
+endif
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) \
+            $(NPTH_CFLAGS) $(GPG_ERROR_CFLAGS)
 
 AM_CPPFLAGS = -DKEYBOX_WITH_X509=1
 include $(top_srcdir)/am/cmacros.am
 
 if HAVE_W32_SYSTEM
-gpgsm_robjs = $(resource_objs) gpgsm-w32info.o
-gpgsm-w32info.o : gpgsm.w32-manifest
-else
-gpgsm_robjs =
+resource_objs += gpgsm-w32info.o
 endif
 
 gpgsm_SOURCES = \
@@ -60,14 +65,30 @@ gpgsm_SOURCES = \
 	passphrase.c passphrase.h
 
 
-common_libs = ../kbx/libkeybox509.a $(libcommon)
+common_libs = ../kbx/libkeybox509.a $(libcommonpth)
 
 gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \
               $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
-              $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
-	      $(LIBICONV) $(gpgsm_robjs) $(extra_sys_libs) $(NETLIBS)
+              $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
+	      $(LIBICONV) $(resource_objs) $(extra_sys_libs) $(NETLIBS)
 gpgsm_LDFLAGS = $(extra_bin_ldflags)
 
+
+module_tests =
+module_maint_tests = t-minip12
+
+t_common_src =
+t_common_ldadd = $(libcommon) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) \
+                 $(GPG_ERROR_LIBS) $(LIBINTL)
+
+
+t_minip12_CFLAGS = -DWITHOUT_NPTH=1 \
+	           $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+t_minip12_SOURCES = $(t_common_src) t-minip12.c minip12.c
+t_minip12_LDADD   = $(t_common_ldadd) $(NETLIBS)
+
+
+
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
 $(PROGRAMS): $(common_libs)
diff --git a/sm/Makefile.in b/sm/Makefile.in
index 286b652..06c15db 100644
--- a/sm/Makefile.in
+++ b/sm/Makefile.in
@@ -124,6 +124,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 bin_PROGRAMS = gpgsm$(EXEEXT)
+noinst_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
+@DISABLE_TESTS_FALSE@TESTS = $(am__EXEEXT_1)
 @HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\""            \
 @HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""    \
 @HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\""  \
@@ -138,34 +140,37 @@ bin_PROGRAMS = gpgsm$(EXEEXT)
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_9 = gpgsm-w32info.o
 subdir = sm
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = gpgsm.w32-manifest
+CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)"
-PROGRAMS = $(bin_PROGRAMS)
+am__EXEEXT_1 =
+am__EXEEXT_2 = t-minip12$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
 am_gpgsm_OBJECTS = gpgsm.$(OBJEXT) misc.$(OBJEXT) keydb.$(OBJEXT) \
 	server.$(OBJEXT) call-agent.$(OBJEXT) call-dirmngr.$(OBJEXT) \
 	fingerprint.$(OBJEXT) certlist.$(OBJEXT) certdump.$(OBJEXT) \
@@ -176,16 +181,24 @@ am_gpgsm_OBJECTS = gpgsm.$(OBJEXT) misc.$(OBJEXT) keydb.$(OBJEXT) \
 	minip12.$(OBJEXT) qualified.$(OBJEXT) passphrase.$(OBJEXT)
 gpgsm_OBJECTS = $(am_gpgsm_OBJECTS)
 am__DEPENDENCIES_1 =
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpgsm-w32info.o
 gpgsm_DEPENDENCIES = $(common_libs) ../common/libgpgrl.a \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(resource_objs) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 gpgsm_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(gpgsm_LDFLAGS) \
 	$(LDFLAGS) -o $@
+am__objects_1 =
+am_t_minip12_OBJECTS = $(am__objects_1) t_minip12-t-minip12.$(OBJEXT) \
+	t_minip12-minip12.$(OBJEXT)
+t_minip12_OBJECTS = $(am_t_minip12_OBJECTS)
+am__DEPENDENCIES_2 = $(libcommon) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+t_minip12_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
+t_minip12_LINK = $(CCLD) $(t_minip12_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -213,8 +226,13 @@ am__depfiles_remade = ./$(DEPDIR)/call-agent.Po \
 	./$(DEPDIR)/minip12.Po ./$(DEPDIR)/misc.Po \
 	./$(DEPDIR)/passphrase.Po ./$(DEPDIR)/qualified.Po \
 	./$(DEPDIR)/server.Po ./$(DEPDIR)/sign.Po \
-	./$(DEPDIR)/verify.Po
+	./$(DEPDIR)/t_minip12-minip12.Po \
+	./$(DEPDIR)/t_minip12-t-minip12.Po ./$(DEPDIR)/verify.Po
 am__mv = mv -f
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 AM_V_CC = $(am__v_CC_@AM_V@)
@@ -227,8 +245,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(gpgsm_SOURCES)
-DIST_SOURCES = $(gpgsm_SOURCES)
+SOURCES = $(gpgsm_SOURCES) $(t_minip12_SOURCES)
+DIST_SOURCES = $(gpgsm_SOURCES) $(t_minip12_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -253,8 +271,29 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in \
-	$(srcdir)/gpgsm.w32-manifest.in $(top_srcdir)/am/cmacros.am \
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
 	$(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -297,9 +336,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -308,6 +349,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -335,9 +377,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -374,13 +417,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -443,15 +489,17 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc gpgsm.w32-manifest.in
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) \
+            $(NPTH_CFLAGS) $(GPG_ERROR_CFLAGS)
+
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = -DKEYBOX_WITH_X509=1 -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -462,15 +510,13 @@ AM_CPPFLAGS = -DKEYBOX_WITH_X509=1 -DLOCALEDIR=\"$(localedir)\" \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_9)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
 libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
-@HAVE_W32_SYSTEM_FALSE@gpgsm_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpgsm_robjs = $(resource_objs) gpgsm-w32info.o
 gpgsm_SOURCES = \
 	gpgsm.c	gpgsm.h \
 	misc.c \
@@ -497,13 +543,24 @@ gpgsm_SOURCES = \
 	qualified.c \
 	passphrase.c passphrase.h
 
-common_libs = ../kbx/libkeybox509.a $(libcommon)
+common_libs = ../kbx/libkeybox509.a $(libcommonpth)
 gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \
               $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
-              $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
-	      $(LIBICONV) $(gpgsm_robjs) $(extra_sys_libs) $(NETLIBS)
+              $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
+	      $(LIBICONV) $(resource_objs) $(extra_sys_libs) $(NETLIBS)
 
 gpgsm_LDFLAGS = $(extra_bin_ldflags)
+module_tests = 
+module_maint_tests = t-minip12
+t_common_src = 
+t_common_ldadd = $(libcommon) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) \
+                 $(GPG_ERROR_LIBS) $(LIBINTL)
+
+t_minip12_CFLAGS = -DWITHOUT_NPTH=1 \
+	           $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+
+t_minip12_SOURCES = $(t_common_src) t-minip12.c minip12.c
+t_minip12_LDADD = $(t_common_ldadd) $(NETLIBS)
 all: all-am
 
 .SUFFIXES:
@@ -538,8 +595,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-gpgsm.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpgsm.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
@@ -583,10 +638,17 @@ uninstall-binPROGRAMS:
 clean-binPROGRAMS:
 	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
 
+clean-noinstPROGRAMS:
+	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+
 gpgsm$(EXEEXT): $(gpgsm_OBJECTS) $(gpgsm_DEPENDENCIES) $(EXTRA_gpgsm_DEPENDENCIES) 
 	@rm -f gpgsm$(EXEEXT)
 	$(AM_V_CCLD)$(gpgsm_LINK) $(gpgsm_OBJECTS) $(gpgsm_LDADD) $(LIBS)
 
+t-minip12$(EXEEXT): $(t_minip12_OBJECTS) $(t_minip12_DEPENDENCIES) $(EXTRA_t_minip12_DEPENDENCIES) 
+	@rm -f t-minip12$(EXEEXT)
+	$(AM_V_CCLD)$(t_minip12_LINK) $(t_minip12_OBJECTS) $(t_minip12_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
@@ -616,6 +678,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qualified.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_minip12-minip12.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_minip12-t-minip12.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@ # am--include-marker
 
 $(am__depfiles_remade):
@@ -638,6 +702,34 @@ am--depfiles: $(am__depfiles_remade)
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
+t_minip12-t-minip12.o: t-minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -MT t_minip12-t-minip12.o -MD -MP -MF $(DEPDIR)/t_minip12-t-minip12.Tpo -c -o t_minip12-t-minip12.o `test -f 't-minip12.c' || echo '$(srcdir)/'`t-minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_minip12-t-minip12.Tpo $(DEPDIR)/t_minip12-t-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-minip12.c' object='t_minip12-t-minip12.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -c -o t_minip12-t-minip12.o `test -f 't-minip12.c' || echo '$(srcdir)/'`t-minip12.c
+
+t_minip12-t-minip12.obj: t-minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -MT t_minip12-t-minip12.obj -MD -MP -MF $(DEPDIR)/t_minip12-t-minip12.Tpo -c -o t_minip12-t-minip12.obj `if test -f 't-minip12.c'; then $(CYGPATH_W) 't-minip12.c'; else $(CYGPATH_W) '$(srcdir)/t-minip12.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_minip12-t-minip12.Tpo $(DEPDIR)/t_minip12-t-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-minip12.c' object='t_minip12-t-minip12.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -c -o t_minip12-t-minip12.obj `if test -f 't-minip12.c'; then $(CYGPATH_W) 't-minip12.c'; else $(CYGPATH_W) '$(srcdir)/t-minip12.c'; fi`
+
+t_minip12-minip12.o: minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -MT t_minip12-minip12.o -MD -MP -MF $(DEPDIR)/t_minip12-minip12.Tpo -c -o t_minip12-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_minip12-minip12.Tpo $(DEPDIR)/t_minip12-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='minip12.c' object='t_minip12-minip12.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -c -o t_minip12-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c
+
+t_minip12-minip12.obj: minip12.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -MT t_minip12-minip12.obj -MD -MP -MF $(DEPDIR)/t_minip12-minip12.Tpo -c -o t_minip12-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_minip12-minip12.Tpo $(DEPDIR)/t_minip12-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='minip12.c' object='t_minip12-minip12.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_minip12_CFLAGS) $(CFLAGS) -c -o t_minip12-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi`
+
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
 tags: tags-am
@@ -690,6 +782,99 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
+check-TESTS: $(TESTS)
+	@failed=0; all=0; xfail=0; xpass=0; skip=0; \
+	srcdir=$(srcdir); export srcdir; \
+	list=' $(TESTS) '; \
+	$(am__tty_colors); \
+	if test -n "$$list"; then \
+	  for tst in $$list; do \
+	    if test -f ./$$tst; then dir=./; \
+	    elif test -f $$tst; then dir=; \
+	    else dir="$(srcdir)/"; fi; \
+	    if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *[\ \	]$$tst[\ \	]*) \
+		xpass=`expr $$xpass + 1`; \
+		failed=`expr $$failed + 1`; \
+		col=$$red; res=XPASS; \
+	      ;; \
+	      *) \
+		col=$$grn; res=PASS; \
+	      ;; \
+	      esac; \
+	    elif test $$? -ne 77; then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *[\ \	]$$tst[\ \	]*) \
+		xfail=`expr $$xfail + 1`; \
+		col=$$lgn; res=XFAIL; \
+	      ;; \
+	      *) \
+		failed=`expr $$failed + 1`; \
+		col=$$red; res=FAIL; \
+	      ;; \
+	      esac; \
+	    else \
+	      skip=`expr $$skip + 1`; \
+	      col=$$blu; res=SKIP; \
+	    fi; \
+	    echo "$${col}$$res$${std}: $$tst"; \
+	  done; \
+	  if test "$$all" -eq 1; then \
+	    tests="test"; \
+	    All=""; \
+	  else \
+	    tests="tests"; \
+	    All="All "; \
+	  fi; \
+	  if test "$$failed" -eq 0; then \
+	    if test "$$xfail" -eq 0; then \
+	      banner="$$All$$all $$tests passed"; \
+	    else \
+	      if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+	      banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+	    fi; \
+	  else \
+	    if test "$$xpass" -eq 0; then \
+	      banner="$$failed of $$all $$tests failed"; \
+	    else \
+	      if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+	      banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+	    fi; \
+	  fi; \
+	  dashes="$$banner"; \
+	  skipped=""; \
+	  if test "$$skip" -ne 0; then \
+	    if test "$$skip" -eq 1; then \
+	      skipped="($$skip test was not run)"; \
+	    else \
+	      skipped="($$skip tests were not run)"; \
+	    fi; \
+	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$skipped"; \
+	  fi; \
+	  report=""; \
+	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+	    report="Please report to $(PACKAGE_BUGREPORT)"; \
+	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$report"; \
+	  fi; \
+	  dashes=`echo "$$dashes" | sed s/./=/g`; \
+	  if test "$$failed" -eq 0; then \
+	    col="$$grn"; \
+	  else \
+	    col="$$red"; \
+	  fi; \
+	  echo "$${col}$$dashes$${std}"; \
+	  echo "$${col}$$banner$${std}"; \
+	  test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+	  test -z "$$report" || echo "$${col}$$report$${std}"; \
+	  echo "$${col}$$dashes$${std}"; \
+	  test "$$failed" -eq 0; \
+	else :; fi
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -724,6 +909,7 @@ distdir-am: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(PROGRAMS)
 installdirs:
@@ -762,7 +948,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
+clean-am: clean-binPROGRAMS clean-generic clean-noinstPROGRAMS \
+	mostlyclean-am
 
 distclean: distclean-am
 		-rm -f ./$(DEPDIR)/call-agent.Po
@@ -788,6 +975,8 @@ distclean: distclean-am
 	-rm -f ./$(DEPDIR)/qualified.Po
 	-rm -f ./$(DEPDIR)/server.Po
 	-rm -f ./$(DEPDIR)/sign.Po
+	-rm -f ./$(DEPDIR)/t_minip12-minip12.Po
+	-rm -f ./$(DEPDIR)/t_minip12-t-minip12.Po
 	-rm -f ./$(DEPDIR)/verify.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
@@ -857,6 +1046,8 @@ maintainer-clean: maintainer-clean-am
 	-rm -f ./$(DEPDIR)/qualified.Po
 	-rm -f ./$(DEPDIR)/server.Po
 	-rm -f ./$(DEPDIR)/sign.Po
+	-rm -f ./$(DEPDIR)/t_minip12-minip12.Po
+	-rm -f ./$(DEPDIR)/t_minip12-t-minip12.Po
 	-rm -f ./$(DEPDIR)/verify.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -875,28 +1066,27 @@ ps-am:
 
 uninstall-am: uninstall-binPROGRAMS
 
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
-	clean-binPROGRAMS clean-generic cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
-	ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-binPROGRAMS
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-binPROGRAMS clean-generic \
+	clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
+	distclean-compile distclean-generic distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-binPROGRAMS install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS
 
 .PRECIOUS: Makefile
 
 
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
-@HAVE_W32_SYSTEM_TRUE@gpgsm-w32info.o : gpgsm.w32-manifest
 
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 0c271d9..868497e 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
 #endif
@@ -76,6 +75,13 @@ struct import_key_parm_s
   size_t keylen;
 };
 
+struct sethash_inq_parm_s
+{
+  assuan_context_t ctx;
+  const void *data;
+  size_t datalen;
+};
+
 struct default_inq_parm_s
 {
   ctrl_t ctrl;
@@ -89,42 +95,11 @@ static gpg_error_t
 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
                        const char *servername, int mode)
 {
-  gpg_error_t err;
-  char *serverversion;
-  const char *myversion = strusage (13);
-
-  err = get_assuan_server_version (ctx, mode, &serverversion);
-  if (err)
-    log_error (_("error getting version from '%s': %s\n"),
-               servername, gpg_strerror (err));
-  else if (compare_version_strings (serverversion, myversion) < 0)
-    {
-      char *warn;
-
-      warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
-                           servername, serverversion, myversion);
-      if (!warn)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          log_info (_("WARNING: %s\n"), warn);
-          if (!opt.quiet)
-            {
-              log_info (_("Note: Outdated servers may lack important"
-                          " security fixes.\n"));
-              log_info (_("Note: Use the command \"%s\" to restart them.\n"),
-                        "gpgconf --kill all");
-            }
-          gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
-                         warn, NULL);
-          xfree (warn);
-        }
-    }
-  xfree (serverversion);
-  return err;
+  return warn_server_version_mismatch (ctx, servername, mode,
+                                       gpgsm_status2, ctrl,
+                                       !opt.quiet);
 }
 
-
 /* Try to connect to the agent via socket or fork it off and work by
    pipes.  Handle the server's initial greeting */
 static int
@@ -257,8 +232,29 @@ default_inq_cb (void *opaque, const char *line)
 
 
 
+/* This is the inquiry callback required by the SETHASH command.  */
+static gpg_error_t
+sethash_inq_cb (void *opaque, const char *line)
+{
+  gpg_error_t err = 0;
+  struct sethash_inq_parm_s *parm = opaque;
+
+  if (has_leading_keyword (line, "TBSDATA"))
+    {
+      err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
+    }
+  else
+    log_error ("ignoring gpg-agent inquiry '%s'\n", line);
+
+  return err;
+}
+
+
 /* Call the agent to do a sign operation using the key identified by
-   the hex string KEYGRIP. */
+ * the hex string KEYGRIP.  If DIGESTALGO is given (DIGEST,DIGESTLEN)
+ * gives the to be signed hash created using the given algo.  If
+ * DIGESTALGO is not given (i.e. zero) (DIGEST,DIGESTALGO) give the
+ * entire data to-be-signed. */
 int
 gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                     unsigned char *digest, size_t digestlen, int digestalgo,
@@ -277,7 +273,7 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
   inq_parm.ctrl = ctrl;
   inq_parm.ctx = agent_ctx;
 
-  if (digestlen*2 + 50 > DIM(line))
+  if (digestalgo && digestlen*2 + 50 > DIM(line))
     return gpg_error (GPG_ERR_GENERAL);
 
   rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
@@ -298,11 +294,26 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
         return rc;
     }
 
-  sprintf (line, "SETHASH %d ", digestalgo);
-  p = line + strlen (line);
-  for (i=0; i < digestlen ; i++, p += 2 )
-    sprintf (p, "%02X", digest[i]);
-  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+  if (!digestalgo)
+    {
+      struct sethash_inq_parm_s sethash_inq_parm;
+
+      sethash_inq_parm.ctx = agent_ctx;
+      sethash_inq_parm.data = digest;
+      sethash_inq_parm.datalen = digestlen;
+      rc = assuan_transact (agent_ctx, "SETHASH --inquire",
+                            NULL, NULL, sethash_inq_cb, &sethash_inq_parm,
+                            NULL, NULL);
+    }
+  else
+    {
+      snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
+      p = line + strlen (line);
+      for (i=0; i < digestlen ; i++, p += 2 )
+        sprintf (p, "%02X", digest[i]);
+      rc = assuan_transact (agent_ctx, line,
+                            NULL, NULL, NULL, NULL, NULL, NULL);
+    }
   if (rc)
     return rc;
 
@@ -334,7 +345,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
                   unsigned char *digest, size_t digestlen, int digestalgo,
                   unsigned char **r_buf, size_t *r_buflen )
 {
-  int rc, i;
+  int rc, i, pkalgo;
   char *p, line[ASSUAN_LINELENGTH];
   membuf_t data;
   size_t len;
@@ -342,6 +353,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
   unsigned char *sigbuf;
   size_t sigbuflen;
   struct default_inq_parm_s inq_parm;
+  gcry_sexp_t sig;
 
   (void)desc;
 
@@ -353,6 +365,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
     case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
     case GCRY_MD_MD5:   hashopt = "--hash=md5"; break;
     case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
+    case GCRY_MD_SHA512:hashopt = "--hash=sha512"; break;
     default:
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
@@ -366,6 +379,23 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
   if (digestlen*2 + 50 > DIM(line))
     return gpg_error (GPG_ERR_GENERAL);
 
+  /* Get the key type from the scdaemon. */
+  snprintf (line, DIM(line), "SCD READKEY %s", keyid);
+  init_membuf (&data, 1024);
+  rc = assuan_transact (agent_ctx, line,
+                        put_membuf_cb, &data, NULL, NULL, NULL, NULL);
+  if (rc)
+    {
+      xfree (get_membuf (&data, &len));
+      return rc;
+    }
+
+  p = get_membuf (&data, &len);
+  pkalgo = get_pk_algo_from_canon_sexp (p, len);
+  xfree (p);
+  if (!pkalgo)
+    return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
   p = stpcpy (line, "SCD SETDATA " );
   for (i=0; i < digestlen ; i++, p += 2 )
     sprintf (p, "%02X", digest[i]);
@@ -386,26 +416,39 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
     }
   sigbuf = get_membuf (&data, &sigbuflen);
 
-  /* Create an S-expression from it which is formatted like this:
-     "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
-     creates non-RSA keys we need to change things. */
-  *r_buflen = 21 + 11 + sigbuflen + 4;
-  p = xtrymalloc (*r_buflen);
-  *r_buf = (unsigned char*)p;
-  if (!p)
+  switch(pkalgo)
     {
-      xfree (sigbuf);
-      return 0;
+    case GCRY_PK_RSA:
+      rc = gcry_sexp_build (&sig, NULL, "(sig-val(rsa(s%b)))",
+                            (int)sigbuflen, sigbuf);
+      break;
+
+    case GCRY_PK_ECC:
+      rc = gcry_sexp_build (&sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))",
+                            (int)sigbuflen/2, sigbuf,
+                            (int)sigbuflen/2, sigbuf + sigbuflen/2);
+      break;
+
+    case GCRY_PK_EDDSA:
+      rc = gcry_sexp_build (&sig, NULL, "(sig-val(eddsa(r%b)(s%b)))",
+                            (int)sigbuflen/2, sigbuf,
+                            (int)sigbuflen/2, sigbuf + sigbuflen/2);
+      break;
+
+    default:
+      rc = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+      break;
     }
-  p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
-  sprintf (p, "%u:", (unsigned int)sigbuflen);
-  p += strlen (p);
-  memcpy (p, sigbuf, sigbuflen);
-  p += sigbuflen;
-  strcpy (p, ")))");
   xfree (sigbuf);
+  if (rc)
+    return rc;
 
-  assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
+  rc = make_canon_sexp (sig, r_buf, r_buflen);
+  gcry_sexp_release (sig);
+  if (rc)
+    return rc;
+
+  log_assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
   return  0;
 }
 
@@ -467,7 +510,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   if (rc)
     return rc;
 
-  assert ( DIM(line) >= 50 );
+  log_assert ( DIM(line) >= 50 );
   snprintf (line, DIM(line), "SETKEY %s", keygrip);
   rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
   if (rc)
@@ -501,7 +544,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   buf = get_membuf (&data, &len);
   if (!buf)
     return gpg_error (GPG_ERR_ENOMEM);
-  assert (len); /* (we forced Nul termination.)  */
+  log_assert (len); /* (we forced Nul termination.)  */
 
   if (*buf == '(')
     {
@@ -989,8 +1032,6 @@ learn_cb (void *opaque, const void *buffer, size_t length)
   char *buf;
   ksba_cert_t cert;
   int rc;
-  char *string, *p, *pend;
-  strlist_t sl;
 
   if (parm->error)
     return 0;
@@ -1027,35 +1068,6 @@ learn_cb (void *opaque, const void *buffer, size_t length)
       return 0;
     }
 
-  /* Ignore certificates matching certain extended usage flags.  */
-  rc = ksba_cert_get_ext_key_usages (cert, &string);
-  if (!rc)
-    {
-      p = string;
-      while (p && (pend=strchr (p, ':')))
-        {
-          *pend++ = 0;
-          for (sl=opt.ignore_cert_with_oid;
-               sl && strcmp (sl->d, p); sl = sl->next)
-            ;
-          if (sl)
-            {
-              if (opt.verbose)
-                log_info ("certificate ignored due to OID %s\n", sl->d);
-              goto leave;
-            }
-          p = pend;
-          if ((p = strchr (p, '\n')))
-            p++;
-        }
-    }
-  else if (gpg_err_code (rc) != GPG_ERR_NO_DATA)
-    log_error (_("error getting key usage information: %s\n"),
-               gpg_strerror (rc));
-  xfree (string);
-  string = NULL;
-
-
   /* We do not store a certifciate with missing issuers as ephemeral
      because we can assume that the --learn-card command has been used
      on purpose.  */
@@ -1076,9 +1088,6 @@ learn_cb (void *opaque, const void *buffer, size_t length)
         }
     }
 
- leave:
-  xfree (string);
-  string = NULL;
   ksba_cert_release (cert);
   init_membuf (parm->data, 4096);
   return 0;
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 1a411f2..8222d99 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpgsm.h"
@@ -156,39 +155,9 @@ static gpg_error_t
 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
                        const char *servername, int mode)
 {
-  gpg_error_t err;
-  char *serverversion;
-  const char *myversion = strusage (13);
-
-  err = get_assuan_server_version (ctx, mode, &serverversion);
-  if (err)
-    log_error (_("error getting version from '%s': %s\n"),
-               servername, gpg_strerror (err));
-  else if (compare_version_strings (serverversion, myversion) < 0)
-    {
-      char *warn;
-
-      warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
-                           servername, serverversion, myversion);
-      if (!warn)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          log_info (_("WARNING: %s\n"), warn);
-          if (!opt.quiet)
-            {
-              log_info (_("Note: Outdated servers may lack important"
-                          " security fixes.\n"));
-              log_info (_("Note: Use the command \"%s\" to restart them.\n"),
-                        "gpgconf --kill all");
-            }
-          gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
-                         warn, NULL);
-          xfree (warn);
-        }
-    }
-  xfree (serverversion);
-  return err;
+  return warn_server_version_mismatch (ctx, servername, mode,
+                                       gpgsm_status2, ctrl,
+                                       !opt.quiet);
 }
 
 
@@ -198,7 +167,7 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
 static void
 prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
 {
-  strlist_t server;
+  struct keyserver_spec *server;
 
   if (!err)
     err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
@@ -219,13 +188,13 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
   while (server)
     {
       char line[ASSUAN_LINELENGTH];
+      char *user = server->user ? server->user : "";
+      char *pass = server->pass ? server->pass : "";
+      char *base = server->base ? server->base : "";
 
-      /* If the host is "ldap" we prefix the entire line with "ldap:"
-       * to avoid an ambiguity on the server due to the introduction
-       * of this optional prefix.  */
-      snprintf (line, DIM (line), "LDAPSERVER %s%s",
-                !strncmp (server->d, "ldap:", 5)? "ldap:":"",
-                server->d);
+      snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s:%s",
+		server->host, server->port, user, pass, base,
+                server->use_ldaps? "ldaps":"");
 
       assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
       /* The code below is not required because we don't return an error.  */
@@ -283,7 +252,7 @@ start_dirmngr (ctrl_t ctrl)
 {
   gpg_error_t err;
 
-  assert (! dirmngr_ctx_locked);
+  log_assert (! dirmngr_ctx_locked);
   dirmngr_ctx_locked = 1;
 
   err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
@@ -313,7 +282,7 @@ start_dirmngr2 (ctrl_t ctrl)
 {
   gpg_error_t err;
 
-  assert (! dirmngr2_ctx_locked);
+  log_assert (! dirmngr2_ctx_locked);
   dirmngr2_ctx_locked = 1;
 
   err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
@@ -391,7 +360,7 @@ inq_certificate (void *opaque, const char *line)
     }
   else
     {
-      log_error ("unsupported certificate inquiry '%s'\n", line);
+      log_error ("unsupported inquiry '%s'\n", line);
       return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 
@@ -475,7 +444,7 @@ isvalid_status_cb (void *opaque, const char *line)
     {
       parm->seen++;
       if (!*s || !unhexify_fpr (s, parm->fpr))
-        parm->seen++; /* Bumb it to indicate an error. */
+        parm->seen++; /* Bump it to indicate an error. */
     }
   return 0;
 }
@@ -506,8 +475,6 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
   struct inq_certificate_parm_s parm;
   struct isvalid_status_parm_s stparm;
 
-  keydb_close_all_files ();
-
   rc = start_dirmngr (ctrl);
   if (rc)
     return rc;
@@ -580,7 +547,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
                  from the dirmngr.  Try our own cert store now.  */
               KEYDB_HANDLE kh;
 
-              kh = keydb_new ();
+              kh = keydb_new (ctrl);
               if (!kh)
                 rc = gpg_error (GPG_ERR_ENOMEM);
               if (!rc)
@@ -778,8 +745,6 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri,
   if ((names && uri) || (!names && !uri))
     return gpg_error (GPG_ERR_INV_ARG);
 
-  keydb_close_all_files ();
-
   /* The lookup function can be invoked from the callback of a lookup
      function, for example to walk the chain.  */
   if (!dirmngr_ctx_locked)
@@ -975,33 +940,9 @@ run_command_inq_cb (void *opaque, const char *line)
       line = s;
       log_info ("dirmngr: %s\n", line);
     }
-  else if ((s = has_leading_keyword (line, "ISTRUSTED")))
-    {
-      /* The server is asking us whether the certificate is a trusted
-         root certificate.  */
-      char fpr[41];
-      struct rootca_flags_s rootca_flags;
-      int n;
-
-      line = s;
-
-      for (s=line,n=0; hexdigitp (s); s++, n++)
-        ;
-      if (*s || n != 40)
-        return gpg_error (GPG_ERR_ASS_PARAMETER);
-      for (s=line, n=0; n < 40; s++, n++)
-        fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
-      fpr[n] = 0;
-
-      if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
-        rc = assuan_send_data (parm->ctx, "1", 1);
-      else
-        rc = 0;
-      return rc;
-    }
   else
     {
-      log_error ("unsupported command inquiry '%s'\n", line);
+      log_error ("unsupported inquiry '%s'\n", line);
       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 
@@ -1048,8 +989,6 @@ gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
   size_t len;
   struct run_command_parm_s parm;
 
-  keydb_close_all_files ();
-
   rc = start_dirmngr (ctrl);
   if (rc)
     return rc;
diff --git a/sm/certchain.c b/sm/certchain.c
index d2a1800..e23a1c4 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -26,7 +26,6 @@
 #include <unistd.h>
 #include <time.h>
 #include <stdarg.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -123,7 +122,8 @@ do_list (int is_error, int listmode, estream_t fp, const char *format, ...)
     }
   else
     {
-      log_logv (is_error? GPGRT_LOG_ERROR: GPGRT_LOG_INFO, format, arg_ptr);
+      log_logv (is_error? GPGRT_LOGLVL_ERROR: GPGRT_LOGLVL_INFO,
+                format, arg_ptr);
       log_printf ("\n");
     }
   va_end (arg_ptr);
@@ -440,7 +440,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
 
 /* Helper function for find_up.  This resets the key handle and search
    for an issuer ISSUER with a subjectKeyIdentifier of KEYID.  Returns
-   0 on success or -1 when not found. */
+   0 on success or GPG_ERR_NOT_FOUND when not found. */
 static int
 find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
                          const char *issuer, ksba_sexp_t keyid)
@@ -460,7 +460,7 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
       if (rc)
         {
           log_error ("keydb_get_cert() failed: rc=%d\n", rc);
-          rc = -1;
+          rc = gpg_error (GPG_ERR_NOT_FOUND);
           goto leave;
         }
       xfree (subj);
@@ -475,7 +475,7 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
               if (rc)
                 {
                   log_error ("keydb_get_validity() failed: rc=%d\n", rc);
-                  rc = -1;
+                  rc = gpg_error (GPG_ERR_NOT_FOUND);
                   goto leave;
                 }
 
@@ -544,7 +544,7 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
   if (rc)
     {
       log_error ("keydb_get_validity() failed: rc=%d\n", rc);
-      rc = -1;
+      rc = gpg_error (GPG_ERR_NOT_FOUND);
       goto leave;
     }
   if (*not_after && strcmp (ctrl->current_time, not_after) > 0 )
@@ -558,10 +558,10 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
       if (rc)
         {
           log_error ("keydb_search_fpr() failed: rc=%d\n", rc);
-          rc = -1;
+          rc = gpg_error (GPG_ERR_NOT_FOUND);
           goto leave;
         }
-      /* Ready.  The NE_FOUND_CERT is availabale via keydb_get_cert.  */
+      /* Ready.  The NE_FOUND_CERT is available via keydb_get_cert.  */
     }
 
  leave:
@@ -569,7 +569,7 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
   ksba_cert_release (ne_found_cert);
   ksba_cert_release (cert);
   xfree (subj);
-  return rc? -1:0;
+  return rc? gpg_error (GPG_ERR_NOT_FOUND) : 0;
 }
 
 
@@ -646,10 +646,10 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
   if (rc)
     {
       log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
-      rc = -1;
+      rc = gpg_error (GPG_ERR_NOT_FOUND);
     }
   else if (!find_up_store_certs_parm.count)
-    rc = -1;
+    rc = gpg_err_code (rc) == GPG_ERR_NOT_FOUND;
   else
     {
       int old;
@@ -815,10 +815,11 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
   if (opt.verbose)
     log_info (_("number of matching certificates: %d\n"),
               find_up_store_certs_parm.count);
-  if (rc && !opt.quiet)
+  if (rc && opt.verbose)
     log_info (_("dirmngr cache-only key lookup failed: %s\n"),
               gpg_strerror (rc));
-  return (!rc && find_up_store_certs_parm.count)? 0 : -1;
+  return ((!rc && find_up_store_certs_parm.count)
+          ? 0 : gpg_error (GPG_ERR_NOT_FOUND));
 }
 
 
@@ -828,15 +829,15 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
    FIND_NEXT is true, the function shall return the next possible
    issuer.  The certificate itself is not directly returned but a
    keydb_get_cert on the keydb context KH will return it.  Returns 0
-   on success, -1 if not found or an error code.  */
-static int
+   on success, GPG_ERR_NOT_FOUND if not found or another error code.  */
+static gpg_error_t
 find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
          ksba_cert_t cert, const char *issuer, int find_next)
 {
   ksba_name_t authid;
   ksba_sexp_t authidno;
   ksba_sexp_t keyid;
-  int rc = -1;
+  gpg_error_t err = gpg_error (GPG_ERR_NOT_FOUND);
 
   if (DBG_X509)
     log_debug ("looking for parent certificate\n");
@@ -845,90 +846,91 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
       const char *s = ksba_name_enum (authid, 0);
       if (s && *authidno)
         {
-          rc = keydb_search_issuer_sn (ctrl, kh, s, authidno);
-          if (rc)
+          err = keydb_search_issuer_sn (ctrl, kh, s, authidno);
+          if (err)
             keydb_search_reset (kh);
 
-          if (!rc && DBG_X509)
+          if (!err && DBG_X509)
             log_debug ("  found via authid and sn+issuer\n");
 
           /* In case of an error, try to get the certificate from the
-             dirmngr.  That is done by trying to put that certifcate
+             dirmngr.  That is done by trying to put that certificate
              into the ephemeral DB and let the code below do the
              actual retrieve.  Thus there is no error checking.
              Skipped in find_next mode as usual. */
-          if (rc == -1 && !find_next)
+          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && !find_next)
             find_up_dirmngr (ctrl, kh, authidno, s, 0);
 
           /* In case of an error try the ephemeral DB.  We can't do
              that in find_next mode because we can't keep the search
              state then. */
-          if (rc == -1 && !find_next)
+          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && !find_next)
             {
               int old = keydb_set_ephemeral (kh, 1);
               if (!old)
                 {
-                  rc = keydb_search_issuer_sn (ctrl, kh, s, authidno);
-                  if (rc)
+                  err = keydb_search_issuer_sn (ctrl, kh, s, authidno);
+                  if (err)
                     keydb_search_reset (kh);
 
-                  if (!rc && DBG_X509)
+                  if (!err && DBG_X509)
                     log_debug ("  found via authid and sn+issuer (ephem)\n");
                 }
               keydb_set_ephemeral (kh, old);
             }
-          if (rc)
-            rc = -1; /* Need to make sure to have this error code. */
+          if (err) /* Need to make sure to have this error code. */
+            err = gpg_error (GPG_ERR_NOT_FOUND);
         }
 
-      if (rc == -1 && keyid && !find_next)
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && keyid && !find_next)
         {
           /* Not found by AKI.issuer_sn.  Lets try the AKI.ki
              instead. Loop over all certificates with that issuer as
              subject and stop for the one with a matching
              subjectKeyIdentifier. */
           /* Fixme: Should we also search in the dirmngr?  */
-          rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
-          if (!rc && DBG_X509)
+          err = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
+          if (!err && DBG_X509)
             log_debug ("  found via authid and keyid\n");
-          if (rc)
+          if (err)
             {
               int old = keydb_set_ephemeral (kh, 1);
               if (!old)
-                rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
-              if (!rc && DBG_X509)
+                err = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
+              if (!err && DBG_X509)
                 log_debug ("  found via authid and keyid (ephem)\n");
               keydb_set_ephemeral (kh, old);
             }
-          if (rc)
-            rc = -1; /* Need to make sure to have this error code. */
+          if (err) /* Need to make sure to have this error code. */
+            err = gpg_error (GPG_ERR_NOT_FOUND);
         }
 
       /* If we still didn't found it, try to find it via the subject
          from the dirmngr-cache.  */
-      if (rc == -1 && !find_next)
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && !find_next)
         {
           if (!find_up_dirmngr (ctrl, kh, NULL, issuer, 1))
             {
               int old = keydb_set_ephemeral (kh, 1);
               if (keyid)
-                rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
+                err = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
               else
                 {
                   keydb_search_reset (kh);
-                  rc = keydb_search_subject (ctrl, kh, issuer);
+                  err = keydb_search_subject (ctrl, kh, issuer);
                 }
               keydb_set_ephemeral (kh, old);
             }
-          if (rc)
-            rc = -1; /* Need to make sure to have this error code. */
+          if (err) /* Need to make sure to have this error code. */
+            err = gpg_error (GPG_ERR_NOT_FOUND);
 
-          if (!rc && DBG_X509)
+          if (!err && DBG_X509)
             log_debug ("  found via authid and issuer from dirmngr cache\n");
         }
 
       /* If we still didn't found it, try an external lookup.  */
-      if (rc == -1 && !find_next && !ctrl->offline)
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
+          && !find_next && !ctrl->offline)
         {
           /* We allow AIA also if CRLs are enabled; both can be used
            * as a web bug so it does not make sense to not use AIA if
@@ -938,12 +940,12 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
             {
               if (DBG_X509)
                 log_debug ("  found via authorityInfoAccess.caIssuers\n");
-              rc = 0;
+              err = 0;
             }
           else if (opt.auto_issuer_key_retrieve)
             {
-              rc = find_up_external (ctrl, kh, issuer, keyid);
-              if (!rc && DBG_X509)
+              err = find_up_external (ctrl, kh, issuer, keyid);
+              if (!err && DBG_X509)
                 log_debug ("  found via authid and external lookup\n");
             }
         }
@@ -952,37 +954,40 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
       /* Print a note so that the user does not feel too helpless when
          an issuer certificate was found and gpgsm prints BAD
          signature because it is not the correct one. */
-      if (rc == -1 && opt.quiet)
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && opt.quiet)
         ;
-      else if (rc == -1)
+      else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
         {
-          log_info ("%sissuer certificate ", find_next?"next ":"");
-          if (keyid)
-            {
-              log_printf ("{");
-              gpgsm_dump_serial (keyid);
-              log_printf ("} ");
-            }
-          if (authidno)
+          if (!opt.quiet)
             {
-              log_printf ("(#");
-              gpgsm_dump_serial (authidno);
-              log_printf ("/");
-              gpgsm_dump_string (s);
-              log_printf (") ");
+              log_info ("%sissuer certificate ", find_next?"next ":"");
+              if (keyid)
+                {
+                  log_printf ("{");
+                  gpgsm_dump_serial (keyid);
+                  log_printf ("} ");
+                }
+              if (authidno)
+                {
+                  log_printf ("(#");
+                  gpgsm_dump_serial (authidno);
+                  log_printf ("/");
+                  gpgsm_dump_string (s);
+                  log_printf (") ");
+                }
+              log_printf ("not found using authorityKeyIdentifier\n");
             }
-          log_printf ("not found using authorityKeyIdentifier\n");
         }
-      else if (rc)
-        log_error ("failed to find authorityKeyIdentifier: rc=%d\n", rc);
+      else if (err)
+        log_error ("failed to find authorityKeyIdentifier: err=%d\n", err);
       xfree (keyid);
       ksba_name_release (authid);
       xfree (authidno);
     }
 
-  if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
-    rc = keydb_search_subject (ctrl, kh, issuer);
-  if (rc == -1 && !find_next)
+  if (err) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
+    err = keydb_search_subject (ctrl, kh, issuer);
+  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && !find_next)
     {
       int old;
 
@@ -995,51 +1000,51 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
       if (!old)
         {
           keydb_search_reset (kh);
-          rc = keydb_search_subject (ctrl, kh, issuer);
+          err = keydb_search_subject (ctrl, kh, issuer);
         }
       keydb_set_ephemeral (kh, old);
 
-      if (!rc && DBG_X509)
+      if (!err && DBG_X509)
         log_debug ("  found via issuer\n");
     }
 
   /* Still not found.  If enabled, try an external lookup.  */
-  if (rc == -1 && !find_next && !ctrl->offline)
+  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND && !find_next && !ctrl->offline)
     {
       if ((opt.auto_issuer_key_retrieve || !opt.no_crl_check)
           && !find_up_via_auth_info_access (ctrl, kh, cert))
         {
           if (DBG_X509)
             log_debug ("  found via authorityInfoAccess.caIssuers\n");
-          rc = 0;
+          err = 0;
         }
       else if (opt.auto_issuer_key_retrieve)
         {
-          rc = find_up_external (ctrl, kh, issuer, NULL);
-          if (!rc && DBG_X509)
+          err = find_up_external (ctrl, kh, issuer, NULL);
+          if (!err && DBG_X509)
             log_debug ("  found via issuer and external lookup\n");
         }
     }
 
-  return rc;
+  return err;
 }
 
 
 /* Return the next certificate up in the chain starting at START.
-   Returns -1 when there are no more certificates. */
-int
+   Returns GPG_ERR_NOT_FOUND when there are no more certificates. */
+gpg_error_t
 gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
 {
-  int rc = 0;
+  gpg_error_t err = 0;
   char *issuer = NULL;
   char *subject = NULL;
-  KEYDB_HANDLE kh = keydb_new ();
+  KEYDB_HANDLE kh = keydb_new (ctrl);
 
   *r_next = NULL;
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
-      rc = gpg_error (GPG_ERR_GENERAL);
+      err = gpg_error (GPG_ERR_GENERAL);
       goto leave;
     }
 
@@ -1048,45 +1053,47 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
   if (!issuer)
     {
       log_error ("no issuer found in certificate\n");
-      rc = gpg_error (GPG_ERR_BAD_CERT);
+      err = gpg_error (GPG_ERR_BAD_CERT);
       goto leave;
     }
   if (!subject)
     {
       log_error ("no subject found in certificate\n");
-      rc = gpg_error (GPG_ERR_BAD_CERT);
+      err = gpg_error (GPG_ERR_BAD_CERT);
       goto leave;
     }
 
   if (is_root_cert (start, issuer, subject))
     {
-      rc = -1; /* we are at the root */
+      err = gpg_error (GPG_ERR_NOT_FOUND); /* we are at the root */
       goto leave;
     }
 
-  rc = find_up (ctrl, kh, start, issuer, 0);
-  if (rc)
+  err = find_up (ctrl, kh, start, issuer, 0);
+  if (err)
     {
       /* It is quite common not to have a certificate, so better don't
          print an error here.  */
-      if (rc != -1 && opt.verbose > 1)
-        log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-      rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+      if (gpg_err_code (err) != GPG_ERR_NOT_FOUND && opt.verbose > 1)
+        log_error ("failed to find issuer's certificate: %s <%s>\n",
+                   gpg_strerror (err), gpg_strsource (err));
+      err = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
       goto leave;
     }
 
-  rc = keydb_get_cert (kh, r_next);
-  if (rc)
+  err = keydb_get_cert (kh, r_next);
+  if (err)
     {
-      log_error ("keydb_get_cert() failed: rc=%d\n", rc);
-      rc = gpg_error (GPG_ERR_GENERAL);
+      log_error ("keydb_get_cert() failed: %s <%s>\n",
+                 gpg_strerror (err), gpg_strsource (err));
+      err = gpg_error (GPG_ERR_GENERAL);
     }
 
  leave:
   xfree (issuer);
   xfree (subject);
   keydb_release (kh);
-  return rc;
+  return err;
 }
 
 
@@ -1115,7 +1122,7 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
     {
       if (gpg_err_code (err) == GPG_ERR_NO_DATA)
         return 1; /* Yes. Without a authorityKeyIdentifier this needs
-                     to be the Root certifcate (our trust anchor).  */
+                     to be the Root certificate (our trust anchor).  */
       log_error ("error getting authorityKeyIdentifier: %s\n",
                  gpg_strerror (err));
       return 0; /* Well, it is broken anyway.  Return No. */
@@ -1328,7 +1335,7 @@ check_validity_period (ksba_isotime_t current_time,
 }
 
 /* This is a variant of check_validity_period used with the chain
-   model.  The dextra contraint here is that notBefore and notAfter
+   model.  The extra constraint here is that notBefore and notAfter
    must exists and if the additional argument CHECK_TIME is given this
    time is used to check the validity period of SUBJECT_CERT.  */
 static gpg_error_t
@@ -1396,7 +1403,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
           || strcmp (check_time, not_after) > 0))
     {
       /* Note that we don't need a case for the root certificate
-         because its own consitency has already been checked.  */
+         because its own consistency has already been checked.  */
       do_list(opt.ignore_expiration?0:1, listmode, listfp,
               depth == 0 ?
               _("signature not created during lifetime of certificate") :
@@ -1548,7 +1555,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
       return 0;
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -1567,7 +1574,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
   for (;;)
     {
       int is_root;
-      gpg_error_t istrusted_rc = -1;
+      gpg_error_t istrusted_rc = gpg_error (GPG_ERR_NOT_TRUSTED);
 
       /* Put the certificate on our list.  */
       {
@@ -1779,7 +1786,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
           if (rc)
             goto leave;
 
-          break;  /* Okay: a self-signed certicate is an end-point. */
+          break;  /* Okay: a self-signed certificate is an end-point. */
         } /* End is_root.  */
 
 
@@ -1796,10 +1803,10 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
       rc = find_up (ctrl, kh, subject_cert, issuer, 0);
       if (rc)
         {
-          if (rc == -1)
+          if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
             {
               do_list (0, listmode, listfp, _("issuer certificate not found"));
-              if (!listmode)
+              if (!listmode && !opt.quiet)
                 {
                   log_info ("issuer certificate: #/");
                   gpgsm_dump_string (issuer);
@@ -1807,7 +1814,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
                 }
             }
           else
-            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+            log_error ("failed to find issuer's certificate: %s <%s>\n",
+                       gpg_strerror (rc), gpg_strsource (rc));
           rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
@@ -1879,7 +1887,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
         }
 
       is_root = gpgsm_is_root_cert (issuer_cert);
-      istrusted_rc = -1;
+      istrusted_rc = gpg_error (GPG_ERR_NOT_TRUSTED);
 
 
       /* Check that a CA is allowed to issue certificates. */
@@ -2186,7 +2194,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
       return 0;
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -2225,14 +2233,18 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
       rc = find_up (ctrl, kh, cert, issuer, 0);
       if (rc)
         {
-          if (rc == -1)
+          if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
             {
-              log_info ("issuer certificate (#/");
-              gpgsm_dump_string (issuer);
-              log_printf (") not found\n");
+              if (!opt.quiet)
+                {
+                  log_info ("issuer certificate (#/");
+                  gpgsm_dump_string (issuer);
+                  log_printf (") not found\n");
+                }
             }
           else
-            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+            log_error ("failed to find issuer's certificate: %s <%s>\n",
+                       gpg_strerror (rc), gpg_strsource (rc));
           rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
@@ -2340,7 +2352,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
       cert = next;
     }
   ksba_cert_release (cert);
-  if (rc != -1 || !depth || depth == DIM(array) )
+  if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND || !depth || depth == DIM(array) )
     {
       /* We did not reached the root. */
       goto leave;
diff --git a/sm/certcheck.c b/sm/certcheck.c
index d6b967c..fca4575 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -27,7 +27,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -35,6 +34,7 @@
 
 #include "keydb.h"
 #include "../common/i18n.h"
+#include "../common/membuf.h"
 
 
 /* Return the number of bits of the Q parameter from the DSA key
@@ -74,14 +74,17 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
   size_t nframe;
   unsigned char *frame;
 
-  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA)
+  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
     {
-      unsigned int qbits;
+      unsigned int qbits0, qbits;
 
-      if ( pkalgo == GCRY_PK_ECDSA )
-        qbits = gcry_pk_get_nbits (pkey);
+      if ( pkalgo == GCRY_PK_ECC )
+        {
+          qbits0 = gcry_pk_get_nbits (pkey);
+          qbits = qbits0 == 521? 512 : qbits0;
+        }
       else
-        qbits = get_dsa_qbits (pkey);
+        qbits0 = qbits = get_dsa_qbits (pkey);
 
       if ( (qbits%8) )
 	{
@@ -98,7 +101,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
       if (qbits < 160)
 	{
 	  log_error (_("%s key uses an unsafe (%u bit) hash\n"),
-                     gcry_pk_algo_name (pkalgo), qbits);
+                     gcry_pk_algo_name (pkalgo), qbits0);
 	  return gpg_error (GPG_ERR_INTERNAL);
 	}
 
@@ -109,7 +112,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
         {
 	  log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
                      (unsigned int)nframe*8,
-                     gcry_pk_get_nbits (pkey),
+                     qbits0,
                      gcry_pk_algo_name (pkalgo));
           /* FIXME: we need to check the requirements for ECDSA.  */
           if (nframe < 20 || pkalgo == GCRY_PK_DSA  )
@@ -165,12 +168,12 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
       frame[n++] = 0;
       frame[n++] = 1; /* block type */
       i = nframe - len - asnlen -3 ;
-      assert ( i > 1 );
+      log_assert ( i > 1 );
       memset ( frame+n, 0xff, i ); n += i;
       frame[n++] = 0;
       memcpy ( frame+n, asn, asnlen ); n += asnlen;
       memcpy ( frame+n, gcry_md_read(md, algo), len ); n += len;
-      assert ( n == nframe );
+      log_assert ( n == nframe );
     }
   if (DBG_CRYPTO)
     {
@@ -210,10 +213,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
     algo = GCRY_PK_RSA;
   else if (n==3 && !memcmp (name, "dsa", 3))
     algo = GCRY_PK_DSA;
-  /* Because this function is called only for verification we can
-     assume that ECC actually means ECDSA.  */
   else if (n==3 && !memcmp (name, "ecc", 3))
-    algo = GCRY_PK_ECDSA;
+    algo = GCRY_PK_ECC;
   else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
     algo = GCRY_PK_RSA;
   else
@@ -293,6 +294,7 @@ extract_pss_params (gcry_sexp_t s_sig, int *r_algo, unsigned int *r_saltlen)
   if (*r_saltlen < 20)
     {
       log_error ("length of PSS salt too short\n");
+      gcry_sexp_release (s_sig);
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
   if (!*r_algo)
@@ -349,20 +351,37 @@ int
 gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
 {
   const char *algoid;
-  gcry_md_hd_t md;
+  gcry_md_hd_t md = NULL;
+  void *certder = NULL;
+  size_t certderlen;
   int rc, algo;
   ksba_sexp_t p;
   size_t n;
   gcry_sexp_t s_sig, s_data, s_pkey;
   int use_pss = 0;
+  int use_eddsa = 0;
   unsigned int saltlen;
 
+  /* Note that we map the 4 algos which current Libgcrypt versions are
+   * not aware of the OID.  */
   algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
   if (!algo && algoid && !strcmp (algoid, "1.2.840.113549.1.1.10"))
     use_pss = 1;
+  else if (algoid && !strcmp (algoid, "1.3.101.112"))
+    use_eddsa = 1;
+  else if (algoid && !strcmp (algoid, "1.3.101.113"))
+    use_eddsa = 2;
+  else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.1"))
+    algo = GCRY_MD_SHA224; /* ecdsa-with-sha224 */
+  else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.2"))
+    algo = GCRY_MD_SHA256; /* ecdsa-with-sha256 */
+  else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.3"))
+    algo = GCRY_MD_SHA384; /* ecdsa-with-sha384 */
+  else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.4"))
+    algo = GCRY_MD_SHA512; /* ecdsa-with-sha512 */
   else if (!algo)
     {
-      log_error ("unknown digest algorithm '%s' used certificate\n",
+      log_error ("unknown digest algorithm '%s' used in certificate\n",
                  algoid? algoid:"?");
       if (algoid
           && (  !strcmp (algoid, "1.2.840.113549.1.1.2")
@@ -401,24 +420,50 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
     }
 
 
-  /* Hash the to-be-signed parts of the certificate.  */
-  rc = gcry_md_open (&md, algo, 0);
-  if (rc)
+  /* Hash the to-be-signed parts of the certificate or but them into a
+   * buffer for the EdDSA algorithms.  */
+  if (use_eddsa)
     {
-      log_error ("md_open failed: %s\n", gpg_strerror (rc));
-      return rc;
-    }
-  if (DBG_HASHING)
-    gcry_md_debug (md, "hash.cert");
+      membuf_t mb;
 
-  rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
-  if (rc)
+      init_membuf (&mb, 2048);
+      rc = ksba_cert_hash (cert, 1,
+                           (void (*)(void *, const void*,size_t))put_membuf,
+                           &mb);
+      if (rc)
+        {
+          log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
+          xfree (get_membuf (&mb, NULL));
+          return rc;
+        }
+      certder = get_membuf (&mb, &certderlen);
+      if (!certder)
+        {
+          rc = gpg_error_from_syserror ();
+          log_error ("getting tbsCertificate failed: %s\n", gpg_strerror (rc));
+          return rc;
+        }
+    }
+  else
     {
-      log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
-      gcry_md_close (md);
-      return rc;
+      rc = gcry_md_open (&md, algo, 0);
+      if (rc)
+        {
+          log_error ("md_open failed: %s\n", gpg_strerror (rc));
+          return rc;
+        }
+      if (DBG_HASHING)
+        gcry_md_debug (md, "hash.cert");
+
+      rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
+      if (rc)
+        {
+          log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
+          gcry_md_close (md);
+          return rc;
+        }
+      gcry_md_final (md);
     }
-  gcry_md_final (md);
 
   /* Get the public key from the certificate.  */
   p = ksba_cert_get_public_key (issuer_cert);
@@ -429,6 +474,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       gcry_md_close (md);
       ksba_free (p);
       gcry_sexp_release (s_sig);
+      xfree (certder);
       return gpg_error (GPG_ERR_BUG);
     }
   rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
@@ -438,6 +484,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
       gcry_md_close (md);
       gcry_sexp_release (s_sig);
+      xfree (certder);
       return rc;
     }
   if (DBG_CRYPTO)
@@ -456,6 +503,21 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       if (rc)
         BUG ();
     }
+  else if (use_eddsa)
+    {
+      rc = gcry_sexp_build (&s_data, NULL,
+                            "(data(flags eddsa)(hash-algo %s)(value %b))",
+                            use_eddsa == 1? "sha512":"shake256",
+                            (int)certderlen, certder);
+      xfree (certder);
+      certder = NULL;
+      if (rc)
+        {
+          log_error ("building data for eddsa failed: %s\n", gpg_strerror (rc));
+          gcry_sexp_release (s_sig);
+          return rc;
+        }
+    }
   else
     {
       /* RSA or DSA: Prepare the hash for verification.  */
@@ -480,7 +542,59 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
   /* Verify.  */
   rc = gcry_pk_verify (s_sig, s_data, s_pkey);
   if (DBG_X509)
-      log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
+    log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
+  if (use_eddsa && (gpg_err_code (rc) == GPG_ERR_INTERNAL
+                    || gpg_err_code (rc) == GPG_ERR_INV_CURVE))
+    {
+      /* Let's assume that this is a certificate for an ECDH key
+       * signed using EdDSA.  This won't work.  We should have located
+       * the public key using subjectKeyIdentifier (SKI) to not run
+       * into this problem.  However, we don't do this for self-signed
+       * certificates and we don't have a way to search for arbitrary
+       * keys based on the SKI.  Note: The sample certificate from
+       * RFC-8410 uses a SHA-1 hash of the public key for the SKI; so
+       * we are not able to verify it.
+       */
+      ksba_sexp_t ski;
+      const unsigned char *skider;
+      size_t skiderlen;
+
+      if (DBG_X509)
+        log_debug ("retrying using the ski\n");
+      if (!ksba_cert_get_subj_key_id (issuer_cert, NULL, &ski))
+        {
+          skider = gpgsm_get_serial (ski, &skiderlen);
+          if (!skider)
+            ;
+          else if (skiderlen == (use_eddsa==1? 32:57))
+            {
+              /* Here we assume that the SKI is actually the public key.  */
+              gcry_sexp_release (s_pkey);
+              rc = gcry_sexp_build (&s_pkey, NULL,
+                                     "(public-key(ecc(curve%s)(q%b)))",
+                                     use_eddsa==1? "1.3.101.112":"1.3.101.113",
+                                     (int)skiderlen, skider);
+              if (rc)
+                log_error ("building pubkey from SKI failed: %s\n",
+                           gpg_strerror (rc));
+              else
+                rc = gcry_pk_verify (s_sig, s_data, s_pkey);
+              if (DBG_X509)
+                log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
+            }
+          else if (skiderlen == 20)
+            {
+              log_printhex (skider, skiderlen, "ski might be the SHA-1:");
+            }
+          else
+            {
+              if (DBG_X509)
+                log_debug(skider, skiderlen, "ski is:");
+            }
+          ksba_free (ski);
+        }
+    }
+
   gcry_md_close (md);
   gcry_sexp_release (s_sig);
   gcry_sexp_release (s_data);
diff --git a/sm/certdump.c b/sm/certdump.c
index 57e8112..5c9f8a9 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -24,7 +24,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
 #endif
@@ -48,6 +47,28 @@ struct dn_array_s {
 };
 
 
+/* Get the first first element from the s-expression SN and return a
+ * pointer to it.  Stores the length at R_LENGTH.  Returns NULL for no
+ * value or an invalid expression.  */
+const void *
+gpgsm_get_serial (ksba_const_sexp_t sn, size_t *r_length)
+{
+  const char *p = (const char *)sn;
+  unsigned long n;
+  char *endp;
+
+  if (!p || *p != '(')
+    return NULL;
+  p++;
+  n = strtoul (p, &endp, 10);
+  p = endp;
+  if (*p++ != ':')
+    return NULL;
+  *r_length = n;
+  return p;
+}
+
+
 /* Print the first element of an S-Expression. */
 void
 gpgsm_print_serial (estream_t fp, ksba_const_sexp_t sn)
@@ -82,11 +103,7 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
   unsigned long n, i;
   char *endp;
   gcry_mpi_t a, r, ten;
-#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
   unsigned int dd;
-#else
-  unsigned char numbuf[10];
-#endif
 
   if (!p)
     es_fputs (_("none"), fp);
@@ -113,15 +130,8 @@ gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn)
           do
             {
               gcry_mpi_div (a, r, a, ten, 0);
-#if GCRYPT_VERSION_NUMBER >= 0x010900 /* >= 1.9.0 */
               gcry_mpi_get_ui (&dd, r);
               put_membuf_printf (&mb, "%u", dd);
-#else
-              *numbuf = 0;  /* Need to clear because USB format prints
-                             * an empty string for a value of 0.  */
-              gcry_mpi_print (GCRYMPI_FMT_USG, numbuf, 10, NULL, r);
-              put_membuf_printf (&mb, "%u", (unsigned int)*numbuf);
-#endif
             }
           while (gcry_mpi_cmp_ui (a, 0));
 
@@ -632,7 +642,7 @@ pretty_es_print_sexp (estream_t fp, const unsigned char *buf, size_t buflen)
       return;
     }
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
-  assert (len);
+  log_assert (len);
   result = xtrymalloc (len);
   if (!result)
     {
@@ -641,7 +651,7 @@ pretty_es_print_sexp (estream_t fp, const unsigned char *buf, size_t buflen)
       return;
     }
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
-  assert (len);
+  log_assert (len);
   for (p = result; len; len--, p++)
     {
       if (*p == '\n')
@@ -737,6 +747,7 @@ format_name_writer (void *cookie, const void *buffer, size_t size)
   struct format_name_cookie *c = cookie;
   char *p;
 
+  /* FIXME: Replace the whole thing using es_fopenmem based code.  */
   if (!buffer)  /* Flush. */
     return 0;  /* (Actually we could use SIZE because that should be 0 too.)  */
 
diff --git a/sm/certlist.c b/sm/certlist.c
index b1ae58c..61125ac 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -52,11 +51,9 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
 {
   gpg_error_t err;
   unsigned int use;
-  unsigned int encr_bits, sign_bits;
   char *extkeyusages;
   int have_ocsp_signing = 0;
 
-
   err = ksba_cert_get_ext_key_usages (cert, &extkeyusages);
   if (gpg_err_code (err) == GPG_ERR_NO_DATA)
     err = 0; /* no policy given */
@@ -160,13 +157,10 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
       return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
     }
 
-  encr_bits = (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT);
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
-    encr_bits |= KSBA_KEYUSAGE_KEY_AGREEMENT;
-
-  sign_bits = (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION);
-
-  if ((use & ((mode&1)? encr_bits : sign_bits)))
+  if ((use & ((mode&1)?
+              (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
+              (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+      )
     return 0;
 
   if (!silent)
@@ -329,7 +323,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
   rc = classify_user_id (name, &desc, 0);
   if (!rc)
     {
-      kh = keydb_new ();
+      kh = keydb_new (ctrl);
       if (!kh)
         rc = gpg_error (GPG_ERR_ENOMEM);
       else
@@ -357,19 +351,14 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                 {
                   /* There might be another certificate with the
                      correct usage, so we try again */
-                  if (!wrong_usage)
-                    { /* save the first match */
-                      wrong_usage = rc;
-                      ksba_cert_release (cert);
-                      cert = NULL;
-                      goto get_next;
-                    }
-                  else if (same_subject_issuer (first_subject, first_issuer,
-                                                cert))
+                  if (!wrong_usage
+                      || same_subject_issuer (first_subject, first_issuer,cert))
                     {
-                      wrong_usage = rc;
+                      if (!wrong_usage)
+                        wrong_usage = rc; /* save error of the first match */
                       ksba_cert_release (cert);
                       cert = NULL;
+                      log_info (_("looking for another certificate\n"));
                       goto get_next;
                     }
                   else
@@ -387,7 +376,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 
             next_ambigious:
               rc = keydb_search (ctrl, kh, &desc, 1);
-              if (rc == -1)
+              if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
                 rc = 0;
               else if (!rc)
                 {
@@ -405,7 +394,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 
                      Further we ignore them if they are due to an
                      identical certificate (which may happen if a
-                     certificate is accidential duplicated in the
+                     certificate is accidentally duplicated in the
                      keybox).  */
                   if (!keydb_get_cert (kh, &cert2))
                     {
@@ -461,7 +450,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                 {
                   certlist_t cl = xtrycalloc (1, sizeof *cl);
                   if (!cl)
-                    rc = out_of_core ();
+                    rc = gpg_error_from_syserror ();
                   else
                     {
                       cl->cert = cert; cert = NULL;
@@ -476,7 +465,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
 
   keydb_release (kh);
   ksba_cert_release (cert);
-  return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
+  return (gpg_err_code (rc) == GPG_ERR_NOT_FOUND
+          ? gpg_error (GPG_ERR_NO_PUBKEY): rc);
 }
 
 
@@ -510,7 +500,7 @@ gpgsm_find_cert (ctrl_t ctrl,
   rc = classify_user_id (name, &desc, 0);
   if (!rc)
     {
-      kh = keydb_new ();
+      kh = keydb_new (ctrl);
       if (!kh)
         rc = gpg_error (GPG_ERR_ENOMEM);
       else
@@ -543,7 +533,7 @@ gpgsm_find_cert (ctrl_t ctrl,
             }
 
           /* If we don't have the KEYID filter we need to check for
-             ambiguous search results.  Note, that it is somehwat
+             ambiguous search results.  Note, that it is somewhat
              reasonable to assume that a specification of a KEYID
              won't lead to ambiguous names. */
           if (!rc && !keyid)
@@ -560,7 +550,7 @@ gpgsm_find_cert (ctrl_t ctrl,
                 }
             next_ambiguous:
               rc = keydb_search (ctrl, kh, &desc, 1);
-              if (rc == -1)
+              if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
                 rc = 0;
               else
                 {
@@ -614,5 +604,6 @@ gpgsm_find_cert (ctrl_t ctrl,
     }
 
   keydb_release (kh);
-  return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
+  return (gpg_err_code (rc) == GPG_ERR_NOT_FOUND?
+          gpg_error (GPG_ERR_NO_PUBKEY): rc);
 }
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
index d75b017..6ea4815 100644
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@@ -24,7 +24,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -86,7 +85,7 @@ store_mb_lines (membuf_t *mb, membuf_t *lines)
 }
 
 
-/* Chech whether we have a key for the key with HEXGRIP.  Returns NULL
+/* Check whether we have a key for the key with HEXGRIP.  Returns NULL
    if not or a string describing the type of the key (RSA, ELG, DSA,
    etc..).  */
 static const char *
@@ -113,7 +112,9 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
     case GCRY_PK_RSA:   return "RSA";
     case GCRY_PK_DSA:   return "DSA";
     case GCRY_PK_ELG:   return "ELG";
-    case GCRY_PK_EDDSA: return "ECDSA";
+    case GCRY_PK_ECC:   return "ECC";
+    case GCRY_PK_ECDSA: return "ECDSA";
+    case GCRY_PK_EDDSA: return "EdDSA";
     default: return NULL;
     }
 }
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 92d6ffe..7534338 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -59,7 +59,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -67,6 +66,7 @@
 
 #include "keydb.h"
 #include "../common/i18n.h"
+#include "../common/membuf.h"
 
 
 enum para_name
@@ -74,6 +74,7 @@ enum para_name
     pKEYTYPE,
     pKEYLENGTH,
     pKEYGRIP,
+    pKEYCURVE,
     pKEYUSAGE,
     pNAMEDN,
     pNAMEEMAIL,
@@ -236,6 +237,7 @@ read_parameters (ctrl_t ctrl, estream_t fp, estream_t out_fp)
     { "Key-Type",       pKEYTYPE},
     { "Key-Length",     pKEYLENGTH },
     { "Key-Grip",       pKEYGRIP },
+    { "Key-Curve",      pKEYCURVE },
     { "Key-Usage",      pKEYUSAGE },
     { "Name-DN",        pNAMEDN },
     { "Name-Email",     pNAMEEMAIL, 1 },
@@ -433,6 +435,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
   struct para_data_s *r;
   const char *s, *string;
   int i;
+  int algo;
   unsigned int nbits;
   char numbuf[20];
   unsigned char keyparms[100];
@@ -444,21 +447,21 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
   char *cardkeyid = NULL;
 
   /* Check that we have all required parameters; */
-  assert (get_parameter (para, pKEYTYPE, 0));
-
-  /* We can only use RSA for now.  There is a problem with pkcs-10 on
-     how to use ElGamal because it is expected that a PK algorithm can
-     always be used for signing. Another problem is that on-card
-     generated encryption keys may not be used for signing.  */
-  i = get_parameter_algo (para, pKEYTYPE);
-  if (!i && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s)
+  log_assert (get_parameter (para, pKEYTYPE, 0));
+
+  /* There is a problem with pkcs-10 on how to use ElGamal because it
+     is expected that a PK algorithm can always be used for
+     signing.  Another problem is that on-card generated encryption
+     keys may not be used for signing.  */
+  algo = get_parameter_algo (para, pKEYTYPE);
+  if (!algo && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s)
     {
       /* Hack to allow creation of certificates directly from a smart
          card.  For example: "Key-Type: card:OPENPGP.3".  */
       if (!strncmp (s, "card:", 5) && s[5])
         cardkeyid = xtrystrdup (s+5);
     }
-  if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid )
+  if (algo < 1 && !cardkeyid)
     {
       r = get_parameter (para, pKEYTYPE, 0);
       if (r)
@@ -626,7 +629,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
 
   /* Check the optional AuthorityKeyId.  */
   string = get_parameter_value (para, pAUTHKEYID, 0);
-  if (string)
+  if (string && strcmp (string, "none"))
     {
       for (s=string, i=0; hexdigitp (s); s++, i++)
         ;
@@ -641,7 +644,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
 
   /* Check the optional SubjectKeyId.  */
   string = get_parameter_value (para, pSUBJKEYID, 0);
-  if (string)
+  if (string && strcmp (string, "none"))
     {
       for (s=string, i=0; hexdigitp (s); s++, i++)
         ;
@@ -721,10 +724,37 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
     }
   else if (!outctrl->dryrun) /* Generate new key.  */
     {
-      sprintf (numbuf, "%u", nbits);
-      snprintf ((char*)keyparms, DIM (keyparms),
-                "(6:genkey(3:rsa(5:nbits%d:%s)))",
-                (int)strlen (numbuf), numbuf);
+      if (algo == GCRY_PK_RSA)
+        {
+          sprintf (numbuf, "%u", nbits);
+          snprintf ((char*)keyparms, DIM (keyparms),
+                    "(6:genkey(3:rsa(5:nbits%d:%s)))",
+                    (int)strlen (numbuf), numbuf);
+        }
+      else if (algo == GCRY_PK_ECC)
+        {
+          const char *curve = get_parameter_value (para, pKEYCURVE, 0);
+          const char *flags;
+
+          if (!strcmp (curve, "Ed25519"))
+            flags = "(5:flags5:eddsa)";
+          else if (!strcmp (curve, "Curve25519"))
+            flags = "(5:flags9:djb-tweak)";
+          else
+            flags = "";
+
+          snprintf ((char*)keyparms, DIM (keyparms),
+                    "(6:genkey(3:ecc(5:curve%zu:%s)%s))",
+                    strlen (curve), curve, flags);
+        }
+      else
+        {
+          r = get_parameter (para, pKEYTYPE, 0);
+          log_error (_("line %d: invalid algorithm\n"), r?r->lnr:0);
+          xfree (sigkey);
+          xfree (cardkeyid);
+          return gpg_error (GPG_ERR_INV_PARAMETER);
+        }
       rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
       if (rc)
         {
@@ -805,26 +835,49 @@ create_request (ctrl_t ctrl,
   ksba_isotime_t atime;
   int certmode = 0;
   int mdalgo;
+  membuf_t tbsbuffer;
+  membuf_t *tbsmb = NULL;
+  size_t publiclen;
+  size_t sigkeylen;
+  int publicpkalgo;  /* The gcrypt public key algo of the public key.  */
+  int sigkeypkalgo;  /* The gcrypt public key algo of the signing key.  */
 
   err = ksba_certreq_new (&cr);
   if (err)
     return err;
 
-  string = get_parameter_value (para, pHASHALGO, 0);
-  if (string)
-    mdalgo = gcry_md_map_name (string);
+  publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
+  sigkeylen = sigkey? gcry_sexp_canon_len (sigkey, 0, NULL, NULL) : 0;
+
+  publicpkalgo = get_pk_algo_from_canon_sexp (public, publiclen);
+  sigkeypkalgo = sigkey? get_pk_algo_from_canon_sexp (public, publiclen) : 0;
+
+  if (publicpkalgo == GCRY_PK_EDDSA)
+    {
+      mdalgo = GCRY_MD_SHA512;
+      md = NULL;  /* We sign the data and not a hash.  */
+      init_membuf (&tbsbuffer, 2048);
+      tbsmb = &tbsbuffer;
+      ksba_certreq_set_hash_function
+        (cr, (void (*)(void *, const void*,size_t))put_membuf, tbsmb);
+    }
   else
-    mdalgo = GCRY_MD_SHA256;
-  rc = gcry_md_open (&md, mdalgo, 0);
-  if (rc)
     {
-      log_error ("md_open failed: %s\n", gpg_strerror (rc));
-      goto leave;
+      if ((string = get_parameter_value (para, pHASHALGO, 0)))
+        mdalgo = gcry_md_map_name (string);
+      else
+        mdalgo = GCRY_MD_SHA256;
+      rc = gcry_md_open (&md, mdalgo, 0);
+      if (rc)
+        {
+          log_error ("md_open failed: %s\n", gpg_strerror (rc));
+          goto leave;
+        }
+      if (DBG_HASHING)
+        gcry_md_debug (md, "cr.cri");
+      ksba_certreq_set_hash_function (cr, HASH_FNC, md);
     }
-  if (DBG_HASHING)
-    gcry_md_debug (md, "cr.cri");
 
-  ksba_certreq_set_hash_function (cr, HASH_FNC, md);
   ksba_certreq_set_writer (cr, writer);
 
   err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
@@ -861,7 +914,7 @@ create_request (ctrl_t ctrl,
   for (seq=0; (s = get_parameter_value (para, pNAMEDNS, seq)); seq++)
     {
       len = strlen (s);
-      assert (len);
+      log_assert (len);
       snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
       buf = p = xtrymalloc (11 + strlen (numbuf) + len + 3);
       if (!buf)
@@ -888,7 +941,7 @@ create_request (ctrl_t ctrl,
   for (seq=0; (s = get_parameter_value (para, pNAMEURI, seq)); seq++)
     {
       len = strlen (s);
-      assert (len);
+      log_assert (len);
       snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
       buf = p = xtrymalloc (6 + strlen (numbuf) + len + 3);
       if (!buf)
@@ -912,12 +965,10 @@ create_request (ctrl_t ctrl,
         }
     }
 
-
   err = ksba_certreq_set_public_key (cr, public);
   if (err)
     {
-      log_error ("error setting the public key: %s\n",
-                 gpg_strerror (err));
+      log_error ("error setting the public key: %s\n", gpg_strerror (err));
       rc = err;
       goto leave;
     }
@@ -1113,14 +1164,17 @@ create_request (ctrl_t ctrl,
          given we set it to the public key to create a self-signed
          certificate. */
       if (!sigkey)
-        sigkey = public;
+        {
+          sigkey = public;
+          sigkeylen = publiclen;
+          sigkeypkalgo = publicpkalgo;
+        }
 
+      /* Set the the digestinfo aka siginfo.  */
       {
         unsigned char *siginfo;
 
-        err = transform_sigval (sigkey,
-                                gcry_sexp_canon_len (sigkey, 0, NULL, NULL),
-                                mdalgo, &siginfo, NULL);
+        err = transform_sigval (sigkey, sigkeylen, mdalgo, &siginfo, NULL);
         if (!err)
           {
             err = ksba_certreq_set_siginfo (cr, siginfo);
@@ -1135,9 +1189,12 @@ create_request (ctrl_t ctrl,
           }
       }
 
+
       /* Insert the AuthorityKeyId.  */
       string = get_parameter_value (para, pAUTHKEYID, 0);
-      if (string)
+      if (string && !strcmp (string, "none"))
+        ; /* Do not issue an AKI.  */
+      else if (string)
         {
           char *hexbuf;
 
@@ -1163,20 +1220,69 @@ create_request (ctrl_t ctrl,
           hexbuf[2] = 0x80;  /* Context tag for an implicit Octet string.  */
           hexbuf[3] = len;
           err = ksba_certreq_add_extension (cr, oidstr_authorityKeyIdentifier,
-                                            0,
-                                            hexbuf, 4+len);
+                                            0, hexbuf, 4+len);
           xfree (hexbuf);
           if (err)
             {
-              log_error ("error setting the authority-key-id: %s\n",
+              log_error ("error setting the AKI: %s\n", gpg_strerror (err));
+              goto leave;
+            }
+        }
+      else if (publicpkalgo == GCRY_PK_EDDSA || publicpkalgo == GCRY_PK_ECC)
+        {
+          /* For EdDSA and ECC we add the public key as default identifier.  */
+          const unsigned char *q;
+          size_t qlen, derlen;
+          unsigned char *der;
+
+          err = get_ecc_q_from_canon_sexp (public, publiclen, &q, &qlen);
+          if (err)
+            {
+              log_error ("error getting Q from public key: %s\n",
                          gpg_strerror (err));
               goto leave;
             }
+          if (publicpkalgo == GCRY_PK_EDDSA && qlen>32 && (qlen&1) && *q==0x40)
+            {
+              /* Skip our optional native encoding octet.  */
+              q++;
+              qlen--;
+            }
+          /* FIXME: For plain ECC we should better use a compressed
+           * point.  That requires an updated Libgcrypt.  Without that
+           * using nistp521 won't work due to the length check below.  */
+          if (qlen > 125)
+            {
+              err = gpg_error (GPG_ERR_TOO_LARGE);
+              goto leave;
+            }
+          derlen = 4 + qlen;
+          der = xtrymalloc (derlen);
+          if (!der)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          der[0] = 0x30; /* Sequence */
+          der[1] = qlen + 2;
+          der[2] = 0x80; /* Context tag for an implict Octet String. */
+          der[3] = qlen;
+          memcpy (der+4, q, qlen);
+          err = ksba_certreq_add_extension (cr, oidstr_authorityKeyIdentifier,
+                                            0, der, derlen);
+          xfree (der);
+          if (err)
+            {
+              log_error ("error setting the AKI: %s\n", gpg_strerror (err));
+              goto leave;
+            }
         }
 
       /* Insert the SubjectKeyId.  */
       string = get_parameter_value (para, pSUBJKEYID, 0);
-      if (string)
+      if (string && !strcmp (string, "none"))
+        ; /* Do not issue an SKI.  */
+      else if (string)
         {
           char *hexbuf;
 
@@ -1204,10 +1310,57 @@ create_request (ctrl_t ctrl,
           xfree (hexbuf);
           if (err)
             {
-              log_error ("error setting the subject-key-id: %s\n",
+              log_error ("error setting SKI: %s\n", gpg_strerror (err));
+              goto leave;
+            }
+        }
+      else if (sigkeypkalgo == GCRY_PK_EDDSA || sigkeypkalgo == GCRY_PK_ECC)
+        {
+          /* For EdDSA and ECC we add the public key as default identifier.  */
+          const unsigned char *q;
+          size_t qlen, derlen;
+          unsigned char *der;
+
+          /* FIXME: This assumes that the to-be-certified key uses the
+           * same algorithm as the certification key - this is not
+           * always the case; in fact it is common that they
+           * differ.  */
+          err = get_ecc_q_from_canon_sexp (sigkey, sigkeylen, &q, &qlen);
+          if (err)
+            {
+              log_error ("error getting Q from signature key: %s\n",
                          gpg_strerror (err));
               goto leave;
             }
+          if (sigkeypkalgo == GCRY_PK_EDDSA && qlen>32 && (qlen&1) && *q==0x40)
+            {
+              /* Skip our optional native encoding octet.  */
+              q++;
+              qlen--;
+            }
+          if (qlen > 127)
+            {
+              err = gpg_error (GPG_ERR_TOO_LARGE);
+              goto leave;
+            }
+          derlen = 2 + qlen;
+          der = xtrymalloc (derlen);
+          if (!der)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          der[0] = 0x04; /* Octet String */
+          der[1] = qlen;
+          memcpy (der+2, q, qlen);
+          err = ksba_certreq_add_extension (cr, oidstr_subjectKeyIdentifier, 0,
+                                            der, derlen);
+          xfree (der);
+          if (err)
+            {
+              log_error ("error setting the SKI: %s\n", gpg_strerror (err));
+              goto leave;
+            }
         }
 
       /* Insert additional extensions.  */
@@ -1269,7 +1422,11 @@ create_request (ctrl_t ctrl,
         }
     }
   else
-    sigkey = public;
+    {
+      sigkey = public;
+      sigkeylen = publiclen;
+      sigkeypkalgo = publicpkalgo;
+    }
 
   do
     {
@@ -1283,20 +1440,14 @@ create_request (ctrl_t ctrl,
       if (stopreason == KSBA_SR_NEED_SIG)
         {
           gcry_sexp_t s_pkey;
-          size_t n;
           unsigned char grip[20];
           char hexgrip[41];
           unsigned char *sigval, *newsigval;
           size_t siglen;
+          void *tbsdata;
+          size_t tbsdatalen;
 
-          n = gcry_sexp_canon_len (sigkey, 0, NULL, NULL);
-          if (!n)
-            {
-              log_error ("libksba did not return a proper S-Exp\n");
-              rc = gpg_error (GPG_ERR_BUG);
-              goto leave;
-            }
-          rc = gcry_sexp_sscan (&s_pkey, NULL, (const char*)sigkey, n);
+          rc = gcry_sexp_sscan (&s_pkey, NULL, (const char*)sigkey, sigkeylen);
           if (rc)
             {
               log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
@@ -1312,15 +1463,31 @@ create_request (ctrl_t ctrl,
           gcry_sexp_release (s_pkey);
           bin2hex (grip, 20, hexgrip);
 
-          log_info ("about to sign the %s for key: &%s\n",
-                    certmode? "certificate":"CSR", hexgrip);
+          if (!opt.quiet)
+            log_info ("about to sign the %s for key: &%s\n",
+                      certmode? "certificate":"CSR", hexgrip);
 
           if (carddirect && !certmode)
-            rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
-                                   gcry_md_read (md, mdalgo),
-                                   gcry_md_get_algo_dlen (mdalgo),
-                                   mdalgo,
-                                   &sigval, &siglen);
+            {
+              if (tbsmb)
+                {
+                  tbsdata = get_membuf (tbsmb, &tbsdatalen);
+                  tbsmb = NULL;
+                  if (!tbsdata)
+                    rc = gpg_error_from_syserror ();
+                  else
+                    rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
+                                           tbsdata, tbsdatalen, 0,
+                                           &sigval, &siglen);
+                  xfree (tbsdata);
+                }
+              else
+                rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
+                                       gcry_md_read (md, mdalgo),
+                                       gcry_md_get_algo_dlen (mdalgo),
+                                       mdalgo,
+                                       &sigval, &siglen);
+            }
           else
             {
               char *orig_codeset;
@@ -1332,11 +1499,25 @@ create_request (ctrl_t ctrl,
                    " the passphrase for the key you just created once"
                    " more.\n"));
               i18n_switchback (orig_codeset);
-              rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
-                                       gcry_md_read(md, mdalgo),
-                                       gcry_md_get_algo_dlen (mdalgo),
-                                       mdalgo,
-                                       &sigval, &siglen);
+              if (tbsmb)
+                {
+                  tbsdata = get_membuf (tbsmb, &tbsdatalen);
+                  tbsmb = NULL;
+                  if (!tbsdata)
+                    rc = gpg_error_from_syserror ();
+                  else
+                    rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
+                                             tbsdata, tbsdatalen, 0,
+
+                                             &sigval, &siglen);
+                  xfree (tbsdata);
+                }
+              else
+                rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
+                                         gcry_md_read(md, mdalgo),
+                                         gcry_md_get_algo_dlen (mdalgo),
+                                         mdalgo,
+                                         &sigval, &siglen);
               xfree (desc);
             }
           if (rc)
@@ -1345,8 +1526,7 @@ create_request (ctrl_t ctrl,
               goto leave;
             }
 
-          err = transform_sigval (sigval, siglen, mdalgo,
-                                  &newsigval, NULL);
+          err = transform_sigval (sigval, siglen, mdalgo, &newsigval, NULL);
           xfree (sigval);
           if (!err)
             {
@@ -1366,6 +1546,8 @@ create_request (ctrl_t ctrl,
 
 
  leave:
+  if (tbsmb)
+    xfree (get_membuf (tbsmb, NULL));
   gcry_md_close (md);
   ksba_certreq_release (cr);
   return rc;
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 2aa716f..aa91b37 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -1,7 +1,7 @@
 /* decrypt.c - Decrypt a message
  * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
  * Copyright (C) 2001-2019 Werner Koch
- * Copyright (C) 2015-2021 g10 Code GmbH
+ * Copyright (C) 2015-2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -27,7 +27,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -35,17 +34,8 @@
 
 #include "keydb.h"
 #include "../common/i18n.h"
-#include "../common/compliance.h"
 #include "../common/tlv.h"
-
-/* We can provide an enum value which is only availabale with KSBA
- * 1.6.0 so that we can compile even against older versions.  Some
- * calls will of course return an error in this case.  This value is
- * currently not used because the cipher mode is sufficient here.  */
-/* #if KSBA_VERSION_NUMBER < 0x010600  /\* 1.6.0 *\/ */
-/* # define KSBA_CT_AUTHENVELOPED_DATA 10 */
-/* #endif */
-
+#include "../common/compliance.h"
 
 struct decrypt_filter_parm_s
 {
@@ -61,7 +51,6 @@ struct decrypt_filter_parm_s
   char helpblock[16];  /* needed because there is no block buffering in
                           libgcrypt (yet) */
   int  helpblocklen;
-  int is_de_vs;        /* Helper to track CO_DE_VS state.  */
 };
 
 
@@ -82,289 +71,285 @@ string_from_gcry_buffer (gcry_buffer_t *buffer)
 }
 
 
-/* Helper for pwri_decrypt to parse the derive info.
- * Example data for (DER,DERLEN):
- * SEQUENCE {
- *   OCTET STRING
- *     60 76 4B E9 5E DF 3C F8 B2 F9 B6 C2 7D 5A FB 90
- *     23 B6 47 DF
- *   INTEGER 10000
- *   SEQUENCE {
- *     OBJECT IDENTIFIER
- *       hmacWithSHA512 (1 2 840 113549 2 11)
- *     NULL
- *     }
- *   }
- */
+/* Helper to construct and hash the
+ *  ECC-CMS-SharedInfo ::= SEQUENCE {
+ *      keyInfo         AlgorithmIdentifier,
+ *      entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
+ *      suppPubInfo [2] EXPLICIT OCTET STRING  }
+ * as described in RFC-5753, 7.2.  */
 static gpg_error_t
-pwri_parse_pbkdf2 (const unsigned char *der, size_t derlen,
-                   unsigned char const **r_salt, unsigned int *r_saltlen,
-                   unsigned long *r_iterations,
-                   enum gcry_md_algos *r_digest)
+hash_ecc_cms_shared_info (gcry_md_hd_t hash_hd, const char *wrap_algo_str,
+                          unsigned int keylen,
+                          const void *ukm, unsigned int ukmlen)
 {
   gpg_error_t err;
-  size_t objlen, hdrlen;
-  int class, tag, constructed, ndef;
-  char *oidstr;
-
-  err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                          &ndef, &objlen, &hdrlen);
-  if (!err && (objlen > derlen || tag != TAG_SEQUENCE
-               || !constructed || ndef))
-    err = gpg_error (GPG_ERR_INV_OBJ);
-  if (err)
-    return err;
-  derlen = objlen;
+  void *p;
+  unsigned char *oid;
+  size_t n, oidlen, toidlen, tkeyinfo, tukmlen, tsupppubinfo;
+  unsigned char keylenbuf[6];
+  membuf_t mb = MEMBUF_ZERO;
 
-  err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                          &ndef, &objlen, &hdrlen);
-  if (!err && (objlen > derlen || tag != TAG_OCTET_STRING
-               || constructed || ndef))
-    err = gpg_error (GPG_ERR_INV_OBJ);
-  if (err)
-    return err;
-  *r_salt = der;
-  *r_saltlen = objlen;
-  der += objlen;
-  derlen -= objlen;
-
-  err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                          &ndef, &objlen, &hdrlen);
-  if (!err && (objlen > derlen || tag != TAG_INTEGER
-               || constructed || ndef))
-    err = gpg_error (GPG_ERR_INV_OBJ);
+  err = ksba_oid_from_str (wrap_algo_str, &oid, &oidlen);
   if (err)
     return err;
-  *r_iterations = 0;
-  for (; objlen; objlen--)
+  toidlen = get_tlv_length (CLASS_UNIVERSAL, TAG_OBJECT_ID, 0, oidlen);
+  tkeyinfo = get_tlv_length (CLASS_UNIVERSAL, TAG_SEQUENCE, 1, toidlen);
+
+  tukmlen = ukm? get_tlv_length (CLASS_CONTEXT, 0, 1, ukmlen) : 0;
+
+  keylen *= 8;
+  keylenbuf[0] = TAG_OCTET_STRING;
+  keylenbuf[1] = 4;
+  keylenbuf[2] = (keylen >> 24);
+  keylenbuf[3] = (keylen >> 16);
+  keylenbuf[4] = (keylen >> 8);
+  keylenbuf[5] = keylen;
+
+  tsupppubinfo = get_tlv_length (CLASS_CONTEXT, 2, 1, sizeof keylenbuf);
+
+  put_tlv_to_membuf (&mb, CLASS_UNIVERSAL, TAG_SEQUENCE, 1,
+                     tkeyinfo + tukmlen + tsupppubinfo);
+  put_tlv_to_membuf (&mb, CLASS_UNIVERSAL, TAG_SEQUENCE, 1,
+                     toidlen);
+  put_tlv_to_membuf (&mb, CLASS_UNIVERSAL, TAG_OBJECT_ID, 0, oidlen);
+  put_membuf (&mb, oid, oidlen);
+  ksba_free (oid);
+
+  if (ukm)
     {
-      *r_iterations <<= 8;
-      *r_iterations |= (*der++) & 0xff;
-      derlen--;
+      put_tlv_to_membuf (&mb, CLASS_CONTEXT, 0, 1, ukmlen);
+      put_membuf (&mb, ukm, ukmlen);
     }
 
-  err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                          &ndef, &objlen, &hdrlen);
-  if (!err && (objlen > derlen || tag != TAG_SEQUENCE
-               || !constructed || ndef))
-    err = gpg_error (GPG_ERR_INV_OBJ);
-  if (err)
-    return err;
-  derlen = objlen;
+  put_tlv_to_membuf (&mb, CLASS_CONTEXT, 2, 1, sizeof keylenbuf);
+  put_membuf (&mb, keylenbuf, sizeof keylenbuf);
+
+  p = get_membuf (&mb, &n);
+  if (!p)
+    return gpg_error_from_syserror ();
+
+  gcry_md_write (hash_hd, p, n);
+  xfree (p);
+  return 0;
+}
+
+
 
-  err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
-                          &ndef, &objlen, &hdrlen);
-  if (!err && (objlen > derlen || tag != TAG_OBJECT_ID
-               || constructed || ndef))
-    err = gpg_error (GPG_ERR_INV_OBJ);
+/* Derive a KEK (key wrapping key) using (SECRET,SECRETLEN), an
+ * optional (UKM,ULMLEN), the wrap algorithm WRAP_ALGO_STR in decimal
+ * dotted form, and the hash algorithm HASH_ALGO.  On success a key of
+ * length KEYLEN is stored at KEY.  */
+gpg_error_t
+ecdh_derive_kek (unsigned char *key, unsigned int keylen,
+                 int hash_algo, const char *wrap_algo_str,
+                 const void *secret, unsigned int secretlen,
+                 const void *ukm, unsigned int ukmlen)
+{
+  gpg_error_t err = 0;
+  unsigned int hashlen;
+  gcry_md_hd_t hash_hd;
+  unsigned char counter;
+  unsigned int n, ncopy;
+
+  hashlen = gcry_md_get_algo_dlen (hash_algo);
+  if (!hashlen)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  err = gcry_md_open (&hash_hd, hash_algo, 0);
   if (err)
     return err;
 
-  oidstr = ksba_oid_to_str (der, objlen);
-  if (!oidstr)
-    return gpg_error_from_syserror ();
-  *r_digest = gcry_md_map_name (oidstr);
-  if (*r_digest)
-    ;
-  else if (!strcmp (oidstr, "1.2.840.113549.2.7"))
-    *r_digest = GCRY_MD_SHA1;
-  else if (!strcmp (oidstr, "1.2.840.113549.2.8"))
-    *r_digest = GCRY_MD_SHA224;
-  else if (!strcmp (oidstr, "1.2.840.113549.2.9"))
-    *r_digest = GCRY_MD_SHA256;
-  else if (!strcmp (oidstr, "1.2.840.113549.2.10"))
-    *r_digest = GCRY_MD_SHA384;
-  else if (!strcmp (oidstr, "1.2.840.113549.2.11"))
-    *r_digest = GCRY_MD_SHA512;
-  else
-    err = gpg_error (GPG_ERR_DIGEST_ALGO);
-  ksba_free (oidstr);
+  /* According to SEC1 3.6.1 we should check that
+   *   SECRETLEN + UKMLEN + 4 < maxhashlen
+   * However, we have no practical limit on the hash length and thus
+   * there is no point in checking this.  The second check that
+   *   KEYLEN < hashlen*(2^32-1)
+   * is obviously also not needed.
+   */
+  for (n=0, counter=1; n < keylen; counter++)
+    {
+      if (counter > 1)
+        gcry_md_reset (hash_hd);
+      gcry_md_write (hash_hd, secret, secretlen);
+      gcry_md_write (hash_hd, "\x00\x00\x00", 3);  /* MSBs of counter */
+      gcry_md_write (hash_hd, &counter, 1);
+      err = hash_ecc_cms_shared_info (hash_hd, wrap_algo_str, keylen,
+                                      ukm, ukmlen);
+      if (err)
+        break;
+      gcry_md_final (hash_hd);
+      if (n + hashlen > keylen)
+        ncopy = keylen - n;
+      else
+        ncopy = hashlen;
+      memcpy (key+n, gcry_md_read (hash_hd, 0), ncopy);
+      n += ncopy;
+    }
 
+  gcry_md_close (hash_hd);
   return err;
 }
 
 
-/* Password based decryption.
- * ENC_VAL has the form:
- *  (enc-val
- *    (pwri
- *      (derive-algo <oid>) --| both are optional
- *      (derive-parm <der>) --|
- *      (encr-algo <oid>)
- *      (encr-parm <iv>)
- *      (encr-key <key>)))  -- this is the encrypted session key
- *
- */
+/* This function will modify SECRET.  NBITS is the size of the curve
+ * which which we took from the certificate.  */
 static gpg_error_t
-pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val,
-              unsigned char **r_result, unsigned int *r_resultlen,
-              struct decrypt_filter_parm_s *parm)
+ecdh_decrypt (unsigned char *secret, size_t secretlen,
+              unsigned int nbits, gcry_sexp_t enc_val,
+              unsigned char **r_result, unsigned int *r_resultlen)
 {
   gpg_error_t err;
-  gcry_buffer_t ioarray[5] = { {0} };
-  char *derive_algo_str = NULL;
+  gcry_buffer_t ioarray[4] = { {0}, {0}, {0}, {0} };
   char *encr_algo_str = NULL;
-  const unsigned char *dparm;  /* Alias for ioarray[1].  */
-  unsigned int dparmlen;
-  const unsigned char *eparm;  /* Alias for ioarray[3].  */
-  unsigned int eparmlen;
-  const unsigned char *ekey;   /* Alias for ioarray[4].  */
-  unsigned int ekeylen;
-  unsigned char kek[32];
-  unsigned int keklen;
-  enum gcry_cipher_algos encr_algo;
-  enum gcry_cipher_modes encr_mode;
-  gcry_cipher_hd_t encr_hd = NULL;
+  char *wrap_algo_str = NULL;
+  int hash_algo, cipher_algo;
+  const unsigned char *ukm;  /* Alias for ioarray[2].  */
+  unsigned int ukmlen;
+  const unsigned char *data;  /* Alias for ioarray[3].  */
+  unsigned int datalen;
+  unsigned int keylen;
+  unsigned char key[32];
+  gcry_cipher_hd_t cipher_hd = NULL;
   unsigned char *result = NULL;
   unsigned int resultlen;
-  unsigned int blklen;
-  const unsigned char *salt;   /* Points int dparm. */
-  unsigned int saltlen;
-  unsigned long iterations;
-  enum gcry_md_algos digest_algo;
-  char *passphrase = NULL;
-
 
   *r_resultlen = 0;
   *r_result = NULL;
 
-  err = gcry_sexp_extract_param (enc_val, "enc-val!pwri",
-                                 "&'derive-algo'?'derive-parm'?"
-                                 "'encr-algo''encr-parm''encr-key'",
+  /* Extract X from SECRET; this is the actual secret.  Unless a
+   * smartcard diretcly returns X, it must be in the format of:
+   *
+   *   04 || X || Y
+   *   40 || X
+   *   41 || X
+   */
+  if (secretlen < 2)
+    return gpg_error (GPG_ERR_BAD_DATA);
+  if (secretlen == (nbits+7)/8)
+    ; /* Matches curve length - this is already the X coordinate.  */
+  else if (*secret == 0x04)
+    {
+      secretlen--;
+      memmove (secret, secret+1, secretlen);
+      if ((secretlen & 1))
+        return gpg_error (GPG_ERR_BAD_DATA);
+      secretlen /= 2;
+    }
+  else if (*secret == 0x40 || *secret == 0x41)
+    {
+      secretlen--;
+      memmove (secret, secret+1, secretlen);
+    }
+  else
+    return gpg_error (GPG_ERR_BAD_DATA);
+  if (!secretlen)
+    return gpg_error (GPG_ERR_BAD_DATA);
+
+  if (DBG_CRYPTO)
+    log_printhex (secret, secretlen, "ECDH X ..:");
+
+  /* We have now the shared secret bytes in (SECRET,SECRETLEN).  Now
+   * we will compute the KEK using a value dervied from the secret
+   * bytes. */
+  err = gcry_sexp_extract_param (enc_val, "enc-val",
+                                 "&'encr-algo''wrap-algo''ukm'?s",
                                  ioarray+0, ioarray+1,
-                                 ioarray+2, ioarray+3, ioarray+4, NULL);
+                                 ioarray+2, ioarray+3, NULL);
   if (err)
     {
-      /* If this is not pwri element, it is likly a kekri element
-       * which we do not yet support.  Change the error back to the
-       * original as returned by ksba_cms_get_issuer.  */
-      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
-        err = gpg_error (GPG_ERR_UNSUPPORTED_CMS_OBJ);
-      else
-        log_error ("extracting PWRI parameter failed: %s\n",
-                   gpg_strerror (err));
+      log_error ("extracting ECDH parameter failed: %s\n", gpg_strerror (err));
       goto leave;
     }
-
-  if (ioarray[0].data)
+  encr_algo_str = string_from_gcry_buffer (ioarray);
+  if (!encr_algo_str)
     {
-      derive_algo_str = string_from_gcry_buffer (ioarray+0);
-      if (!derive_algo_str)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
+      err = gpg_error_from_syserror ();
+      goto leave;
     }
-  dparm    = ioarray[1].data;
-  dparmlen = ioarray[1].len;
-  encr_algo_str = string_from_gcry_buffer (ioarray+2);
-  if (!encr_algo_str)
+  wrap_algo_str = string_from_gcry_buffer (ioarray+1);
+  if (!wrap_algo_str)
     {
       err = gpg_error_from_syserror ();
       goto leave;
     }
-  eparm    = ioarray[3].data;
-  eparmlen = ioarray[3].len;
-  ekey     = ioarray[4].data;
-  ekeylen  = ioarray[4].len;
+  ukm = ioarray[2].data;
+  ukmlen = ioarray[2].len;
+  data = ioarray[3].data;
+  datalen = ioarray[3].len;
 
   /* Check parameters.  */
   if (DBG_CRYPTO)
     {
-      if (derive_algo_str)
-        {
-          log_debug ("derive algo: %s\n", derive_algo_str);
-          log_printhex (dparm, dparmlen, "derive parm:");
-        }
-      log_debug ("encr algo .: %s\n", encr_algo_str);
-      log_printhex (eparm, eparmlen, "encr parm .:");
-      log_printhex (ekey, ekeylen,   "encr key  .:");
+      log_debug ("encr_algo: %s\n", encr_algo_str);
+      log_debug ("wrap_algo: %s\n", wrap_algo_str);
+      log_printhex (ukm, ukmlen, "ukm .....:");
+      log_printhex (data, datalen, "data ....:");
     }
 
-  if (!derive_algo_str)
+  if (!strcmp (encr_algo_str, "1.3.132.1.11.1"))
     {
-      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-      log_info ("PWRI with no key derivation detected\n");
-      goto leave;
+      /* dhSinglePass-stdDH-sha256kdf-scheme */
+      hash_algo = GCRY_MD_SHA256;
     }
-  if (strcmp (derive_algo_str, "1.2.840.113549.1.5.12"))
+  else if (!strcmp (encr_algo_str, "1.3.132.1.11.2"))
     {
-      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-      log_info ("PWRI does not use PBKDF2 (but %s)\n", derive_algo_str);
-      goto leave;
+      /* dhSinglePass-stdDH-sha384kdf-scheme */
+      hash_algo = GCRY_MD_SHA384;
     }
-
-  digest_algo = 0;  /*(silence cc warning)*/
-  err = pwri_parse_pbkdf2 (dparm, dparmlen,
-                           &salt, &saltlen, &iterations, &digest_algo);
-  if (err)
+  else if (!strcmp (encr_algo_str, "1.3.132.1.11.3"))
     {
-      log_error ("parsing PWRI parameter failed: %s\n", gpg_strerror (err));
-      goto leave;
+      /* dhSinglePass-stdDH-sha512kdf-scheme */
+      hash_algo = GCRY_MD_SHA512;
     }
-
-  parm->is_de_vs = (parm->is_de_vs
-                    && gnupg_digest_is_compliant (CO_DE_VS, digest_algo));
-
-
-  encr_algo = gcry_cipher_map_name (encr_algo_str);
-  encr_mode = gcry_cipher_mode_from_oid (encr_algo_str);
-  if (!encr_algo || !encr_mode)
+  else if (!strcmp (encr_algo_str, "1.3.133.16.840.63.0.2"))
+    {
+      /* dhSinglePass-stdDH-sha1kdf-scheme */
+      hash_algo = GCRY_MD_SHA1;
+    }
+  else
     {
-      log_error ("PWRI uses unknown algorithm %s\n", encr_algo_str);
-      err = gpg_error (GPG_ERR_CIPHER_ALGO);
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
       goto leave;
     }
 
-  parm->is_de_vs =
-    (parm->is_de_vs
-     && gnupg_cipher_is_compliant (CO_DE_VS, encr_algo, encr_mode));
-
-  keklen = gcry_cipher_get_algo_keylen (encr_algo);
-  blklen = gcry_cipher_get_algo_blklen (encr_algo);
-  if (!keklen || keklen > sizeof kek || blklen != 16 )
+  if (!strcmp (wrap_algo_str, "2.16.840.1.101.3.4.1.5"))
     {
-      log_error ("PWRI algorithm %s cannot be used\n", encr_algo_str);
-      err = gpg_error (GPG_ERR_INV_KEYLEN);
-      goto leave;
+      cipher_algo = GCRY_CIPHER_AES128;
+      keylen = 16;
     }
-  if ((ekeylen % blklen) || (ekeylen / blklen < 2))
+  else if (!strcmp (wrap_algo_str, "2.16.840.1.101.3.4.1.25"))
     {
-      /* Note that we need at least two full blocks.  */
-      log_error ("PWRI uses a wrong length of encrypted key\n");
-      err = gpg_error (GPG_ERR_INV_KEYLEN);
-      goto leave;
+      cipher_algo = GCRY_CIPHER_AES192;
+      keylen = 24;
     }
-
-  err = gpgsm_agent_ask_passphrase
-    (ctrl,
-     i18n_utf8 (N_("Please enter the passphrase for decryption.")),
-     0, &passphrase);
-  if (err)
-    goto leave;
-
-  err = gcry_kdf_derive (passphrase, strlen (passphrase),
-                         GCRY_KDF_PBKDF2, digest_algo,
-                         salt, saltlen, iterations,
-                         keklen, kek);
-  if (passphrase)
+  else if (!strcmp (wrap_algo_str, "2.16.840.1.101.3.4.1.45"))
     {
-      wipememory (passphrase, strlen (passphrase));
-      xfree (passphrase);
-      passphrase = NULL;
+      cipher_algo = GCRY_CIPHER_AES256;
+      keylen = 32;
     }
-  if (err)
+  else
     {
-      log_error ("deriving key from passphrase failed: %s\n",
-                 gpg_strerror (err));
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
       goto leave;
     }
 
+  err = ecdh_derive_kek (key, keylen, hash_algo, wrap_algo_str,
+                         secret, secretlen, ukm, ukmlen);
+  if (err)
+    goto leave;
+
   if (DBG_CRYPTO)
-    log_printhex (kek, keklen, "KEK .......:");
+    log_printhex (key, keylen, "KEK .....:");
 
   /* Unwrap the key.  */
-  resultlen = ekeylen;
+  if ((datalen % 8) || datalen < 16)
+    {
+      log_error ("can't use a shared secret of %u bytes for ecdh\n", datalen);
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      goto leave;
+    }
+
+  resultlen = datalen - 8;
   result = xtrymalloc_secure (resultlen);
   if (!result)
     {
@@ -372,53 +357,30 @@ pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val,
       goto leave;
     }
 
-  err = gcry_cipher_open (&encr_hd, encr_algo, encr_mode, 0);
+  err = gcry_cipher_open (&cipher_hd, cipher_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
   if (err)
     {
-      log_error ("PWRI failed to open cipher: %s\n", gpg_strerror (err));
+      log_error ("ecdh failed to initialize AESWRAP: %s\n", gpg_strerror (err));
       goto leave;
     }
 
-  err = gcry_cipher_setkey (encr_hd, kek, keklen);
-  wipememory (kek, sizeof kek);
-  if (!err)
-    err = gcry_cipher_setiv (encr_hd, ekey + ekeylen - 2 * blklen, blklen);
-  if (!err)
-    err = gcry_cipher_decrypt (encr_hd, result + ekeylen - blklen, blklen,
-                               ekey + ekeylen - blklen, blklen);
-  if (!err)
-    err = gcry_cipher_setiv (encr_hd, result + ekeylen - blklen, blklen);
-  if (!err)
-    err = gcry_cipher_decrypt (encr_hd, result, ekeylen - blklen,
-                               ekey, ekeylen - blklen);
-  /* (We assume that that eparm is the octet string with the IV)  */
-  if (!err)
-    err = gcry_cipher_setiv (encr_hd, eparm, eparmlen);
-  if (!err)
-    err = gcry_cipher_decrypt (encr_hd, result, resultlen, NULL, 0);
-
+  err = gcry_cipher_setkey (cipher_hd, key, keylen);
+  wipememory (key, sizeof key);
   if (err)
     {
-      log_error ("KEK decryption failed for PWRI: %s\n", gpg_strerror (err));
+      log_error ("ecdh failed in gcry_cipher_setkey: %s\n", gpg_strerror (err));
       goto leave;
     }
 
-  if (DBG_CRYPTO)
-    log_printhex (result, resultlen, "Frame .....:");
-
-  if (result[0] < 8                /* At least 64 bits */
-      || (result[0] % 8)           /* Multiple of 64 bits */
-      || result[0] > resultlen - 4 /* Not more than the size of the input */
-      || ( (result[1] ^ result[4]) /* Matching check bytes.  */
-           & (result[2] ^ result[5])
-           & (result[3] ^ result[6]) ) != 0xff)
+  err = gcry_cipher_decrypt (cipher_hd, result, resultlen, data, datalen);
+  if (err)
     {
-      err = gpg_error (GPG_ERR_BAD_PASSPHRASE);
+      log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",gpg_strerror (err));
       goto leave;
     }
 
-  *r_resultlen = result[0];
-  *r_result = memmove (result, result + 4, result[0]);
+  *r_resultlen = resultlen;
+  *r_result = result;
   result = NULL;
 
  leave:
@@ -427,51 +389,45 @@ pwri_decrypt (ctrl_t ctrl, gcry_sexp_t enc_val,
       wipememory (result, resultlen);
       xfree (result);
     }
-  if (passphrase)
-    {
-      wipememory (passphrase, strlen (passphrase));
-      xfree (passphrase);
-    }
-  gcry_cipher_close (encr_hd);
-  xfree (derive_algo_str);
+  gcry_cipher_close (cipher_hd);
   xfree (encr_algo_str);
+  xfree (wrap_algo_str);
   xfree (ioarray[0].data);
   xfree (ioarray[1].data);
   xfree (ioarray[2].data);
   xfree (ioarray[3].data);
-  xfree (ioarray[4].data);
   return err;
 }
 
 
+
 /* Decrypt the session key and fill in the parm structure.  The
    algo and the IV is expected to be already in PARM. */
 static int
-prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+prepare_decryption (ctrl_t ctrl, const char *hexkeygrip,
+                    int pk_algo, unsigned int nbits, const char *desc,
                     ksba_const_sexp_t enc_val,
                     struct decrypt_filter_parm_s *parm)
 {
   char *seskey = NULL;
   size_t n, seskeylen;
-  int pwri = !hexkeygrip;
   int rc;
 
   if (DBG_CRYPTO)
     log_printcanon ("decrypting:", enc_val, 0);
-
-  if (!pwri)
+  rc = gpgsm_agent_pkdecrypt (ctrl, hexkeygrip, desc, enc_val,
+                              &seskey, &seskeylen);
+  if (rc)
     {
-      rc = gpgsm_agent_pkdecrypt (ctrl, hexkeygrip, desc, enc_val,
-                                  &seskey, &seskeylen);
-      if (rc)
-        {
-          log_error ("error decrypting session key: %s\n", gpg_strerror (rc));
-          goto leave;
-        }
+      log_error ("error decrypting session key: %s\n", gpg_strerror (rc));
+      goto leave;
     }
 
+  if (DBG_CRYPTO)
+    log_printhex (seskey, seskeylen, "DEK frame:");
+
   n=0;
-  if (pwri) /* Password based encryption.  */
+  if (pk_algo == GCRY_PK_ECC)
     {
       gcry_sexp_t s_enc_val;
       unsigned char *decrypted;
@@ -482,13 +438,15 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
       if (rc)
         goto leave;
 
-      rc = pwri_decrypt (ctrl, s_enc_val, &decrypted, &decryptedlen, parm);
+      rc = ecdh_decrypt (seskey, seskeylen, nbits, s_enc_val,
+                         &decrypted, &decryptedlen);
       gcry_sexp_release (s_enc_val);
       if (rc)
         goto leave;
       xfree (seskey);
       seskey = decrypted;
       seskeylen = decryptedlen;
+
     }
   else if (seskeylen == 32 || seskeylen == 24 || seskeylen == 16)
     {
@@ -530,7 +488,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
     }
 
   if (DBG_CRYPTO)
-    log_printhex (seskey+n, seskeylen-n, "session key:");
+    log_printhex (seskey+n, seskeylen-n, "CEK .....:");
 
   if (opt.verbose)
     log_info (_("%s.%s encrypted data\n"),
@@ -557,20 +515,7 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
       goto leave;
     }
 
-  rc = gcry_cipher_setiv (parm->hd, parm->iv, parm->ivlen);
-  if (rc)
-    {
-      log_error("IV setup failed: %s\n", gpg_strerror(rc) );
-      goto leave;
-    }
-
-  if (parm->mode == GCRY_CIPHER_MODE_GCM)
-    {
-      /* GCM mode really sucks in CMS.  We need to know the AAD before
-       * we start decrypting but CMS puts the AAD after the content.
-       * Thus temporary files are required.  Let's hope that no real
-       * messages with actual AAD are ever used.  OCB Rules! */
-    }
+  gcry_cipher_setiv (parm->hd, parm->iv, parm->ivlen);
 
  leave:
   xfree (seskey);
@@ -648,7 +593,7 @@ decrypt_filter (void *arg,
   *inused = inlen + parm->helpblocklen;
   if (inlen)
     {
-      assert (inlen >= blklen);
+      log_assert (inlen >= blklen);
       if (parm->any_data)
         {
           gcry_cipher_decrypt (parm->hd, (char*)outbuf+blklen, inlen,
@@ -671,36 +616,6 @@ decrypt_filter (void *arg,
 }
 
 
-/* This is the GCM version of decrypt_filter.  */
-static gpg_error_t
-decrypt_gcm_filter (void *arg,
-                    const void *inbuf, size_t inlen, size_t *inused,
-                    void *outbuf, size_t maxoutlen, size_t *outlen)
-{
-  struct decrypt_filter_parm_s *parm = arg;
-
-  if (!inlen)
-    return gpg_error (GPG_ERR_BUG);
-
-  if (maxoutlen < parm->blklen)
-    return gpg_error (GPG_ERR_BUG);
-
-  if (inlen > maxoutlen)
-    inlen = maxoutlen;
-
-  *inused = inlen;
-  if (inlen)
-    {
-      gcry_cipher_decrypt (parm->hd, outbuf, inlen, inbuf, inlen);
-      *outlen = inlen;
-      parm->any_data = 1;
-    }
-  else
-    *outlen = 0;
-  return 0;
-}
-
-
 
 /* Perform a decrypt operation.  */
 int
@@ -722,7 +637,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
   audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT);
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -766,7 +681,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
   rc = ksba_cms_set_reader_writer (cms, reader, writer);
   if (rc)
     {
-      log_debug ("ksba_cms_set_reader_writer failed: %s\n",
+      log_error ("ksba_cms_set_reader_writer failed: %s\n",
                  gpg_strerror (rc));
       goto leave;
     }
@@ -779,7 +694,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
       rc = ksba_cms_parse (cms, &stopreason);
       if (rc)
         {
-          log_debug ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
+          log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
 
@@ -789,6 +704,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
           int algo, mode;
           const char *algoid;
           int any_key = 0;
+          int is_de_vs;	/* Computed compliance with CO_DE_VS.  */
 
           audit_log (ctrl->audit, AUDIT_GOT_DATA);
 
@@ -832,7 +748,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
             }
 
           /* For CMS, CO_DE_VS demands CBC mode.  */
-          dfparm.is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
+          is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
 
           audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
           dfparm.algo = algo;
@@ -865,7 +781,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
               ksba_cert_t cert = NULL;
               unsigned int nbits;
               int pk_algo = 0;
-              int maybe_pwri = 0;
 
               *kidbuf = 0;
 
@@ -873,22 +788,16 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
               if (tmp_rc == -1 && recp)
                 break; /* no more recipients */
               audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
-              if (gpg_err_code (tmp_rc) == GPG_ERR_UNSUPPORTED_CMS_OBJ)
-                {
-                  maybe_pwri = 1;
-                }
-              else if (tmp_rc)
-                {
-                  log_error ("recp %d - error getting info: %s\n",
-                             recp, gpg_strerror (tmp_rc));
-                }
+              if (tmp_rc)
+                log_error ("recp %d - error getting info: %s\n",
+                           recp, gpg_strerror (tmp_rc));
               else
                 {
                   if (opt.verbose)
                     {
-                      log_debug ("recp %d - issuer: '%s'\n",
+                      log_info ("recp %d - issuer: '%s'\n",
                                  recp, issuer? issuer:"[NONE]");
-                      log_debug ("recp %d - serial: ", recp);
+                      log_info ("recp %d - serial: ", recp);
                       gpgsm_dump_serial (serial);
                       log_printf ("\n");
                     }
@@ -951,6 +860,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
                   hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
                   desc = gpgsm_format_keydesc (cert);
+
                   pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
                   pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
                   pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
@@ -975,38 +885,30 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                     }
 
                   /* Check that all certs are compliant with CO_DE_VS.  */
-                  dfparm.is_de_vs =
-                    (dfparm.is_de_vs
-                     && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0,
-                                               NULL, nbits, NULL));
+                  is_de_vs = (is_de_vs
+                              && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0,
+                                                        NULL, nbits, NULL));
 
                 oops:
                   if (rc)
                     {
                       /* We cannot check compliance of certs that we
                        * don't have.  */
-                      dfparm.is_de_vs = 0;
+                      is_de_vs = 0;
                     }
                   xfree (issuer);
                   xfree (serial);
                   ksba_cert_release (cert);
                 }
 
-              if ((!hexkeygrip || !pk_algo) && !maybe_pwri)
+              if (!hexkeygrip || !pk_algo)
                 ;
               else if (!(enc_val = ksba_cms_get_enc_val (cms, recp)))
-                {
-                  log_error ("recp %d - error getting encrypted session key\n",
-                             recp);
-                  if (maybe_pwri)
-                    log_info ("(possibly unsupported KEK info)\n");
-                }
+                log_error ("recp %d - error getting encrypted session key\n",
+                           recp);
               else
                 {
-                  if (maybe_pwri && opt.verbose)
-                    log_info ("recp %d - KEKRI or PWRI\n", recp);
-
-                  rc = prepare_decryption (ctrl, hexkeygrip,
+                  rc = prepare_decryption (ctrl, hexkeygrip, pk_algo, nbits,
                                            desc, enc_val, &dfparm);
                   xfree (enc_val);
                   if (rc)
@@ -1019,23 +921,14 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   else
                     { /* setup the bulk decrypter */
                       any_key = 1;
-                      ksba_writer_set_filter
-                        (writer,
-                         dfparm.mode == GCRY_CIPHER_MODE_GCM?
-                         decrypt_gcm_filter : decrypt_filter,
-                         &dfparm);
-
-                      if (dfparm.is_de_vs
-                          && gnupg_gcrypt_is_compliant (CO_DE_VS))
+                      ksba_writer_set_filter (writer,
+                                              decrypt_filter,
+                                              &dfparm);
+
+                      if (is_de_vs && gnupg_gcrypt_is_compliant (CO_DE_VS))
                         gpgsm_status (ctrl, STATUS_DECRYPTION_COMPLIANCE_MODE,
                                       gnupg_status_compliance_flag (CO_DE_VS));
-                      else if (opt.require_compliance
-                               && opt.compliance == CO_DE_VS)
-                        {
-                          log_error (_("operation forced to fail due to"
-                                       " unfulfilled compliance rules\n"));
-                          gpgsm_errors_seen = 1;
-                        }
+
                     }
                   audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc);
                 }
@@ -1062,7 +955,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
                   if (tmp_rc)
                     log_error ("recp %d - error getting info: %s\n",
-                               recp, gpg_strerror (rc));
+                               recp, gpg_strerror (tmp_rc));
                   else
                     {
                       char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
@@ -1076,18 +969,15 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
           if (!any_key)
             {
-              rc = gpg_error (GPG_ERR_NO_SECKEY);
+              if (!rc)
+                rc = gpg_error (GPG_ERR_NO_SECKEY);
               goto leave;
             }
         }
       else if (stopreason == KSBA_SR_END_DATA)
         {
           ksba_writer_set_filter (writer, NULL, NULL);
-          if (dfparm.mode == GCRY_CIPHER_MODE_GCM)
-            {
-              /* Nothing yet to do.  We wait for the ready event.  */
-            }
-          else if (dfparm.any_data )
+          if (dfparm.any_data)
             { /* write the last block with padding removed */
               int i, npadding = dfparm.lastblock[dfparm.blklen-1];
               if (!npadding || npadding > dfparm.blklen)
@@ -1113,28 +1003,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                 }
             }
         }
-      else if (stopreason == KSBA_SR_READY)
-        {
-          if (dfparm.mode == GCRY_CIPHER_MODE_GCM)
-            {
-              char *authtag;
-              size_t authtaglen;
 
-              rc = ksba_cms_get_message_digest (cms, 0, &authtag, &authtaglen);
-              if (rc)
-                {
-                  log_error ("error getting authtag: %s\n", gpg_strerror (rc));
-                  goto leave;
-                }
-              if (DBG_CRYPTO)
-                log_printhex (authtag, authtaglen, "Authtag ...:");
-              rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
-              xfree (authtag);
-              if (rc)
-                log_error ("data is not authentic: %s\n", gpg_strerror (rc));
-              goto leave;
-            }
-        }
     }
   while (stopreason != KSBA_SR_READY);
 
diff --git a/sm/delete.c b/sm/delete.c
index 56d5b1f..ccd3893 100644
--- a/sm/delete.c
+++ b/sm/delete.c
@@ -24,7 +24,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -54,7 +53,7 @@ delete_one (ctrl_t ctrl, const char *username)
       goto leave;
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error ("keydb_new failed\n");
@@ -64,8 +63,6 @@ delete_one (ctrl_t ctrl, const char *username)
   /* If the key is specified in a unique way, include ephemeral keys
      in the search.  */
   if ( desc.mode == KEYDB_SEARCH_MODE_FPR
-       || desc.mode == KEYDB_SEARCH_MODE_FPR20
-       || desc.mode == KEYDB_SEARCH_MODE_FPR16
        || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP )
     {
       is_ephem = 1;
@@ -83,7 +80,7 @@ delete_one (ctrl_t ctrl, const char *username)
 
     next_ambigious:
       rc = keydb_search (ctrl, kh, &desc, 1);
-      if (rc == -1)
+      if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
         rc = 0;
       else if (!rc)
         {
@@ -107,7 +104,7 @@ delete_one (ctrl_t ctrl, const char *username)
     }
   if (rc)
     {
-      if (rc == -1)
+      if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
         rc = gpg_error (GPG_ERR_NO_PUBKEY);
       log_error (_("certificate '%s' not found: %s\n"),
                  username, gpg_strerror (rc));
@@ -115,7 +112,8 @@ delete_one (ctrl_t ctrl, const char *username)
       goto leave;
     }
 
-  /* We need to search again to get back to the right position. */
+  /* We need to search again to get back to the right position.  Note
+   * that the lock is kept until the KH is released.  */
   rc = keydb_lock (kh);
   if (rc)
     {
@@ -134,7 +132,7 @@ delete_one (ctrl_t ctrl, const char *username)
           goto leave;
         }
 
-      rc = keydb_delete (kh, duplicates ? 0 : 1);
+      rc = keydb_delete (kh);
       if (rc)
         goto leave;
       if (opt.verbose)
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 587b568..92ca341 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -1,6 +1,8 @@
 /* encrypt.c - Encrypt a message
  * Copyright (C) 2001, 2003, 2004, 2007, 2008,
  *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2019 Werner Koch
+ * Copyright (C) 2015-2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -16,6 +18,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -25,7 +28,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -144,7 +146,7 @@ init_dek (DEK dek)
   return 0;
 }
 
-
+/* Encode an RSA session key.  */
 static int
 encode_session_key (DEK dek, gcry_sexp_t * r_data)
 {
@@ -165,10 +167,266 @@ encode_session_key (DEK dek, gcry_sexp_t * r_data)
 }
 
 
+/* Encrypt DEK using ECDH.  S_PKEY is the public key.  On success the
+ * result is stored at R_ENCVAL.  Example of a public key:
+ *
+ *   (public-key (ecc (curve "1.3.132.0.34") (q #04B0[...]B8#)))
+ *
+ */
+static gpg_error_t
+ecdh_encrypt (DEK dek, gcry_sexp_t s_pkey, gcry_sexp_t *r_encval)
+{
+  gpg_error_t err;
+  gcry_sexp_t l1;
+  char *curvebuf = NULL;
+  const char *curve;
+  unsigned int curvebits;
+  const char *encr_algo_str;
+  const char *wrap_algo_str;
+  int hash_algo, cipher_algo;
+  unsigned int keylen;
+  unsigned char key[32];
+  gcry_sexp_t s_data = NULL;
+  gcry_sexp_t s_encr = NULL;
+  gcry_buffer_t ioarray[2] = { {0}, {0} };
+  unsigned char *secret;  /* Alias for ioarray[0].  */
+  unsigned int secretlen;
+  unsigned char *pubkey;  /* Alias for ioarray[1].  */
+  unsigned int pubkeylen;
+  gcry_cipher_hd_t cipher_hd = NULL;
+  unsigned char *result = NULL;
+  unsigned int resultlen;
+
+  *r_encval = NULL;
+
+  /* Figure out the encryption and wrap algo OIDs.  */
+  /* Get the curve name if any,  */
+  l1 = gcry_sexp_find_token (s_pkey, "curve", 0);
+  if (l1)
+    {
+      curvebuf = gcry_sexp_nth_string (l1, 1);
+      gcry_sexp_release (l1);
+    }
+  if (!curvebuf)
+    {
+      err = gpg_error (GPG_ERR_INV_CURVE);
+      log_error ("%s: invalid public key: no curve\n", __func__);
+      goto leave;
+    }
+
+  /* We need to use our OpenPGP mapping to turn a curve name into its
+   * canonical numerical OID.  We also use this to get the size of the
+   * curve which we need to figure out a suitable hash algo.  We
+   * should have a Libgcrypt function to do this; see bug report #4926.  */
+  curve = openpgp_curve_to_oid (curvebuf, &curvebits, NULL);
+  if (!curve)
+    {
+      err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+      log_error ("%s: invalid public key: %s\n", __func__, gpg_strerror (err));
+      goto leave;
+    }
+  xfree (curvebuf);
+  curvebuf = NULL;
+
+  /* Our mapping matches the recommended algorithms from RFC-5753 but
+   * not supporting the short curves which would require 3DES.  */
+  if (curvebits < 255)
+    {
+      err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+      log_error ("%s: curve '%s' is not supported\n", __func__, curve);
+      goto leave;
+    }
+  else if (opt.force_ecdh_sha1kdf)
+    {
+      /* dhSinglePass-stdDH-sha1kdf-scheme */
+      encr_algo_str = "1.3.133.16.840.63.0.2";
+      wrap_algo_str = "2.16.840.1.101.3.4.1.45";
+      hash_algo     = GCRY_MD_SHA1;
+      cipher_algo   = GCRY_CIPHER_AES256;
+      keylen        = 32;
+    }
+  else if (curvebits <= 256)
+    {
+      /* dhSinglePass-stdDH-sha256kdf-scheme */
+      encr_algo_str = "1.3.132.1.11.1";
+      wrap_algo_str = "2.16.840.1.101.3.4.1.5";
+      hash_algo     = GCRY_MD_SHA256;
+      cipher_algo   = GCRY_CIPHER_AES128;
+      keylen        = 16;
+    }
+  else if (curvebits <= 384)
+    {
+      /* dhSinglePass-stdDH-sha384kdf-scheme */
+      encr_algo_str = "1.3.132.1.11.2";
+      wrap_algo_str = "2.16.840.1.101.3.4.1.25";
+      hash_algo     = GCRY_MD_SHA384;
+      cipher_algo   = GCRY_CIPHER_AES256;
+      keylen        = 24;
+    }
+  else
+    {
+      /* dhSinglePass-stdDH-sha512kdf-scheme*/
+      encr_algo_str = "1.3.132.1.11.3";
+      wrap_algo_str = "2.16.840.1.101.3.4.1.45";
+      hash_algo     = GCRY_MD_SHA512;
+      cipher_algo   = GCRY_CIPHER_AES256;
+      keylen        = 32;
+    }
+
+
+  /* Create a secret and an ephemeral key.  */
+  {
+    char *k;
+    k = gcry_random_bytes_secure ((curvebits+7)/8, GCRY_STRONG_RANDOM);
+    if (DBG_CRYPTO)
+      log_printhex (k, (curvebits+7)/8, "ephm. k .:");
+    err = gcry_sexp_build (&s_data, NULL, "%b", (int)(curvebits+7)/8, k);
+    xfree (k);
+  }
+  if (err)
+    {
+      log_error ("%s: error building ephemeral secret: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  err = gcry_pk_encrypt (&s_encr, s_data, s_pkey);
+  if (err)
+    {
+      log_error ("%s: error encrypting ephemeral secret: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+  err = gcry_sexp_extract_param (s_encr, NULL, "&se",
+                                 &ioarray+0, ioarray+1, NULL);
+  if (err)
+    {
+      log_error ("%s: error extracting ephemeral key and secret: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+  secret    = ioarray[0].data;
+  secretlen = ioarray[0].len;
+  pubkey    = ioarray[1].data;
+  pubkeylen = ioarray[1].len;
+
+  if (DBG_CRYPTO)
+    {
+      log_printhex (pubkey, pubkeylen, "pubkey ..:");
+      log_printhex (secret, secretlen, "secret ..:");
+    }
+
+  /* Extract X coordinate from SECRET.  */
+  if (secretlen < 5)  /* 5 because N could be reduced to (n-1)/2.  */
+    err = gpg_error (GPG_ERR_BAD_DATA);
+  else if (*secret == 0x04)
+    {
+      secretlen--;
+      memmove (secret, secret+1, secretlen);
+      if ((secretlen & 1))
+        {
+          err = gpg_error (GPG_ERR_BAD_DATA);
+          goto leave;
+        }
+      secretlen /= 2;
+    }
+  else if (*secret == 0x40 || *secret == 0x41)
+    {
+      secretlen--;
+      memmove (secret, secret+1, secretlen);
+    }
+  else
+    err = gpg_error (GPG_ERR_BAD_DATA);
+  if (err)
+    goto leave;
+
+  if (DBG_CRYPTO)
+    log_printhex (secret, secretlen, "ECDH X ..:");
+
+  err = ecdh_derive_kek (key, keylen, hash_algo, wrap_algo_str,
+                         secret, secretlen, NULL, 0);
+  if (err)
+    goto leave;
+
+  if (DBG_CRYPTO)
+    log_printhex (key, keylen, "KEK .....:");
+
+  /* Wrap the key.  */
+  if ((dek->keylen % 8) || dek->keylen < 16)
+    {
+      log_error ("%s: can't use a session key of %u bytes\n",
+                 __func__, dek->keylen);
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      goto leave;
+    }
+
+  resultlen = dek->keylen + 8;
+  result = xtrymalloc_secure (resultlen);
+  if (!result)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  err = gcry_cipher_open (&cipher_hd, cipher_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
+  if (err)
+    {
+      log_error ("%s: failed to initialize AESWRAP: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  err = gcry_cipher_setkey (cipher_hd, key, keylen);
+  wipememory (key, sizeof key);
+  if (err)
+    {
+      log_error ("%s: failed in gcry_cipher_setkey: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  err = gcry_cipher_encrypt (cipher_hd, result, resultlen,
+                             dek->key, dek->keylen);
+  if (err)
+    {
+      log_error ("%s: failed in gcry_cipher_encrypt: %s\n",
+                 __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+  if (DBG_CRYPTO)
+    log_printhex (result, resultlen, "w(CEK) ..:");
+
+  err = gcry_sexp_build (r_encval, NULL,
+                         "(enc-val(ecdh(e%b)(s%b)(encr-algo%s)(wrap-algo%s)))",
+                         (int)pubkeylen, pubkey,
+                         (int)resultlen, result,
+                         encr_algo_str,
+                         wrap_algo_str,
+                         NULL);
+  if (err)
+    log_error ("%s: failed building final S-exp: %s\n",
+               __func__, gpg_strerror (err));
+
+ leave:
+  gcry_cipher_close (cipher_hd);
+  wipememory (key, sizeof key);
+  xfree (result);
+  xfree (ioarray[0].data);
+  xfree (ioarray[1].data);
+  gcry_sexp_release (s_data);
+  gcry_sexp_release (s_encr);
+  xfree (curvebuf);
+  return err;
+}
+
+
 /* Encrypt the DEK under the key contained in CERT and return it as a
-   canonical S-Exp in encval. */
+ * canonical S-expressions at ENCVAL. PK_ALGO is the public key
+ * algorithm which the caller has already retrieved from CERT.  */
 static int
-encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
+encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo,
+             unsigned char **encval)
 {
   gcry_sexp_t s_ciph, s_data, s_pkey;
   int rc;
@@ -198,21 +456,38 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
       return rc;
     }
 
+  if (DBG_CRYPTO)
+    {
+      log_printsexp (" pubkey:", s_pkey);
+      log_printhex (dek->key, dek->keylen, "CEK .....:");
+    }
+
   /* Put the encoded cleartext into a simple list. */
   s_data = NULL; /* (avoid compiler warning) */
-  rc = encode_session_key (dek, &s_data);
-  if (rc)
+  if (pk_algo == GCRY_PK_ECC)
     {
-      gcry_sexp_release (s_pkey);
-      log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
-      return rc;
+      rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
     }
+  else
+    {
+      rc = encode_session_key (dek, &s_data);
+      if (rc)
+        {
+          log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
+          return rc;
+        }
+      if (DBG_CRYPTO)
+        log_printsexp ("   data:", s_data);
 
-  /* pass it to libgcrypt */
-  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+      /* pass it to libgcrypt */
+      rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+    }
   gcry_sexp_release (s_data);
   gcry_sexp_release (s_pkey);
 
+  if (DBG_CRYPTO)
+    log_printsexp ("enc-val:", s_ciph);
+
   /* Reformat it. */
   if (!rc)
     {
@@ -339,7 +614,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
     count++;
   audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -387,7 +662,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
   err = ksba_cms_set_reader_writer (cms, reader, writer);
   if (err)
     {
-      log_debug ("ksba_cms_set_reader_writer failed: %s\n",
+      log_error ("ksba_cms_set_reader_writer failed: %s\n",
                  gpg_strerror (err));
       rc = err;
       goto leave;
@@ -402,7 +677,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
     err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
   if (err)
     {
-      log_debug ("ksba_cms_set_content_type failed: %s\n",
+      log_error ("ksba_cms_set_content_type failed: %s\n",
                  gpg_strerror (err));
       rc = err;
       goto leave;
@@ -500,7 +775,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
           && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0, NULL, nbits, NULL))
         compliant = 0;
 
-      rc = encrypt_dek (dek, cl->cert, &encval);
+      rc = encrypt_dek (dek, cl->cert, pk_algo, &encval);
       if (rc)
         {
           audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
@@ -535,15 +810,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
   if (compliant && gnupg_gcrypt_is_compliant (CO_DE_VS))
     gpgsm_status (ctrl, STATUS_ENCRYPTION_COMPLIANCE_MODE,
                   gnupg_status_compliance_flag (CO_DE_VS));
-  else if (opt.require_compliance
-           && opt.compliance == CO_DE_VS)
-    {
-      log_error (_("operation forced to fail due to"
-                   " unfulfilled compliance rules\n"));
-      gpgsm_errors_seen = 1;
-      rc = gpg_error (GPG_ERR_FORBIDDEN);
-      goto leave;
-    }
 
   /* Main control loop for encryption. */
   recpno = 0;
diff --git a/sm/export.c b/sm/export.c
index 3da06d7..32f0456 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -24,7 +24,6 @@
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -47,7 +46,7 @@ struct duptable_s
   struct duptable_s *next;
 
   /* Note that we only need to store 19 bytes because the first byte
-     is implictly given by the table index (we require at least 8
+     is implicitly given by the table index (we require at least 8
      bits). */
   unsigned char fpr[19];
 };
@@ -150,7 +149,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
       goto leave;
     }
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     {
       log_error ("keydb_new failed\n");
@@ -198,8 +197,6 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
     {
       for (i=0; (i < ndesc
                  && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
-                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
-                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR16
                      || desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
         ;
       if (i == ndesc)
@@ -298,7 +295,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
       ksba_cert_release (cert);
       cert = NULL;
     }
-  if (rc && rc != -1)
+  if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
   else if (b64writer)
     {
@@ -341,7 +338,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
   void *data;
   size_t datalen;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     {
       log_error ("keydb_new failed\n");
@@ -392,7 +389,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
             }
           err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
         }
-      else if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
+      else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
         err = 0;
       if (err)
         {
@@ -430,8 +427,11 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
                   opt.p12_charset);
     }
 
+
   if (rawmode == 0)
     ctrl->pem_name = "PKCS12";
+  else if (gpgsm_get_key_algo_info (cert, NULL) == GCRY_PK_ECC)
+    ctrl->pem_name = "EC PRIVATE KEY";
   else if (rawmode == 1)
     ctrl->pem_name = "PRIVATE KEY";
   else
@@ -553,7 +553,6 @@ sexp_to_kparms (gcry_sexp_t sexp)
   const char *s;
   size_t n;
   int idx;
-  const char *elems;
   gcry_mpi_t *array;
 
   list = gcry_sexp_find_token (sexp, "private-key", 0 );
@@ -563,49 +562,67 @@ sexp_to_kparms (gcry_sexp_t sexp)
   gcry_sexp_release (list);
   list = l2;
   name = gcry_sexp_nth_data (list, 0, &n);
-  if(!name || n != 3 || memcmp (name, "rsa", 3))
+  if (name && n == 3 && !memcmp (name, "rsa", 3))
     {
-      gcry_sexp_release (list);
-      return NULL;
-    }
+      /* Parameter names used with RSA in the pkcs#12 order. */
+      const char *elems = "nedqp--u";
 
-  /* Parameter names used with RSA in the pkcs#12 order. */
-  elems = "nedqp--u";
-  array = xtrycalloc (strlen(elems) + 1, sizeof *array);
-  if (!array)
-    {
-      gcry_sexp_release (list);
-      return NULL;
+      array = xtrycalloc (strlen(elems) + 1, sizeof *array);
+      if (!array)
+        {
+          gcry_sexp_release (list);
+          return NULL;
+        }
+      for (idx=0, s=elems; *s; s++, idx++ )
+        {
+          if (*s == '-')
+            continue; /* Computed below  */
+          l2 = gcry_sexp_find_token (list, s, 1);
+          if (l2)
+            {
+              array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+              gcry_sexp_release (l2);
+            }
+          if (!array[idx]) /* Required parameter not found or invalid.  */
+            {
+              for (idx=0; array[idx]; idx++)
+                gcry_mpi_release (array[idx]);
+              xfree (array);
+              gcry_sexp_release (list);
+              return NULL;
+            }
+        }
+
+      array[5] = gcry_mpi_snew (0);  /* compute d mod (q-1) */
+      gcry_mpi_sub_ui (array[5], array[3], 1);
+      gcry_mpi_mod (array[5], array[2], array[5]);
+
+      array[6] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
+      gcry_mpi_sub_ui (array[6], array[4], 1);
+      gcry_mpi_mod (array[6], array[2], array[6]);
     }
-  for (idx=0, s=elems; *s; s++, idx++ )
+  else if (name && n == 3 && !memcmp (name, "ecc", 3))
     {
-      if (*s == '-')
-        continue; /* Computed below  */
-      l2 = gcry_sexp_find_token (list, s, 1);
-      if (l2)
+      array = xtrycalloc (3 + 1, sizeof *array);
+      if (!array)
         {
-          array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
-          gcry_sexp_release (l2);
+          gcry_sexp_release (list);
+          return NULL;
         }
-      if (!array[idx]) /* Required parameter not found or invalid.  */
+
+      if (gcry_sexp_extract_param (list, NULL,  "/'curve'qd",
+                                   array+0, array+1, array+2, NULL))
         {
-          for (idx=0; array[idx]; idx++)
-            gcry_mpi_release (array[idx]);
           xfree (array);
-          gcry_sexp_release (list);
-          return NULL;
+          array = NULL;  /* Error.  */
         }
     }
-  gcry_sexp_release (list);
-
-  array[5] = gcry_mpi_snew (0);  /* compute d mod (q-1) */
-  gcry_mpi_sub_ui (array[5], array[3], 1);
-  gcry_mpi_mod (array[5], array[2], array[5]);
-
-  array[6] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
-  gcry_mpi_sub_ui (array[6], array[4], 1);
-  gcry_mpi_mod (array[6], array[2], array[6]);
+  else
+    {
+      array = NULL;
+    }
 
+  gcry_sexp_release (list);
   return array;
 }
 
@@ -707,8 +724,8 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
     {
       err = gpgsm_agent_ask_passphrase
         (ctrl,
-         i18n_utf8 (N_("Please enter the passphrase to protect the "
-                       "new PKCS#12 object.")),
+         i18n_utf8 ("Please enter the passphrase to protect the "
+                    "new PKCS#12 object."),
          1, &passphrase);
       if (err)
         goto leave;
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index 2e01cf1..70ca0e9 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -24,7 +24,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 
 #include "gpgsm.h"
@@ -55,7 +54,7 @@ gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
     algo = GCRY_MD_SHA1;
 
   len = gcry_md_get_algo_dlen (algo);
-  assert (len);
+  log_assert (len);
   if (!array)
     array = xmalloc (len);
 
@@ -67,7 +66,7 @@ gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
     {
       size_t buflen;
 
-      assert (len >= 20);
+      log_assert (len >= 20);
       if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
                                     array, len, &buflen)
           && buflen == 20)
@@ -115,7 +114,7 @@ gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo)
     algo = GCRY_MD_SHA1;
 
   len = gcry_md_get_algo_dlen (algo);
-  assert (len <= MAX_DIGEST_LEN );
+  log_assert (len <= MAX_DIGEST_LEN );
   gpgsm_get_fingerprint (cert, algo, digest, NULL);
   buf = xmalloc (len*3+1);
   bin2hexcolon (digest, len, buf);
@@ -135,7 +134,7 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
     algo = GCRY_MD_SHA1;
 
   len = gcry_md_get_algo_dlen (algo);
-  assert (len <= MAX_DIGEST_LEN );
+  log_assert (len <= MAX_DIGEST_LEN );
   gpgsm_get_fingerprint (cert, algo, digest, NULL);
   buf = xmalloc (len*2+1);
   bin2hex (digest, len, buf);
@@ -158,7 +157,7 @@ gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
 
 
 /* Return the so called KEYGRIP which is the SHA-1 hash of the public
-   key parameters expressed as an canoncial encoded S-Exp.  ARRAY must
+   key parameters expressed as an canonical encoded S-Exp.  ARRAY must
    be 20 bytes long.  Returns ARRAY or a newly allocated buffer if ARRAY was
    given as NULL.  May return NULL on error.  */
 unsigned char *
@@ -196,7 +195,7 @@ gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
       return NULL;
     }
   if (DBG_X509)
-    log_printhex (array, 20, "keygrip=");
+    log_printhex (array, 20, "keygrip:");
 
   return array;
 }
@@ -219,20 +218,25 @@ gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
 
 
 /* Return the PK algorithm used by CERT as well as the length in bits
-   of the public key at NBITS. */
+ * of the public key at NBITS.  If R_CURVE is not NULL and an ECC
+ * algorithm is used the name or OID of the curve is stored there; the
+ * caller needs to free this value.  */
 int
-gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
 {
   gcry_sexp_t s_pkey;
   int rc;
   ksba_sexp_t p;
   size_t n;
   gcry_sexp_t l1, l2;
+  const char *curve;
   const char *name;
   char namebuf[128];
 
   if (nbits)
     *nbits = 0;
+  if (r_curve)
+    *r_curve = NULL;
 
   p = ksba_cert_get_public_key (cert);
   if (!p)
@@ -258,6 +262,24 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
       gcry_sexp_release (s_pkey);
       return 0;
     }
+
+  if (r_curve)
+    {
+      curve = gcry_pk_get_curve (l1, 0, NULL);
+      if (curve)
+        {
+          name = openpgp_oid_to_curve (openpgp_curve_to_oid (curve,
+                                                             NULL, NULL), 0);
+          *r_curve = xtrystrdup (name? name : curve);
+          if (!*r_curve)
+            {
+              gcry_sexp_release (l1);
+              gcry_sexp_release (s_pkey);
+              return 0;  /* Out of core.  */
+            }
+        }
+    }
+
   l2 = gcry_sexp_cadr (l1);
   gcry_sexp_release (l1);
   l1 = l2;
@@ -277,6 +299,13 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
 }
 
 
+int
+gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+{
+  return gpgsm_get_key_algo_info2 (cert, nbits, NULL);
+}
+
+
 /* This is a wrapper around pubkey_algo_string which takes a KSBA
  * certificate instead of a Gcrypt public key.  Note that this
  * function may return NULL on error.  */
@@ -313,6 +342,71 @@ gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid)
 }
 
 
+/* If KEY is an RSA key, return its modulus.  For non-RSA keys or on
+ * error return NULL.  */
+gcry_mpi_t
+gpgsm_get_rsa_modulus (ksba_cert_t cert)
+{
+  gpg_error_t err;
+  gcry_sexp_t key;
+  gcry_sexp_t list = NULL;
+  gcry_sexp_t l2 = NULL;
+  char *name = NULL;
+  gcry_mpi_t modulus = NULL;
+
+  {
+    ksba_sexp_t ckey;
+    size_t n;
+
+    ckey = ksba_cert_get_public_key (cert);
+    if (!ckey)
+      return NULL;
+    n = gcry_sexp_canon_len (ckey, 0, NULL, NULL);
+    if (!n)
+      {
+        xfree (ckey);
+        return NULL;
+      }
+    err = gcry_sexp_sscan (&key, NULL, (char *)ckey, n);
+    xfree (ckey);
+    if (err)
+      return NULL;
+  }
+
+  list = gcry_sexp_find_token (key, "public-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "private-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "protected-private-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
+
+  gcry_sexp_release (key);
+  if (!list)
+    return NULL;  /* No suitable key.  */
+
+  l2 = gcry_sexp_cadr (list);
+  gcry_sexp_release (list);
+  list = l2;
+  l2 = NULL;
+
+  name = gcry_sexp_nth_string (list, 0);
+  if (!name)
+    ;
+  else if (gcry_pk_map_name (name) == GCRY_PK_RSA)
+    {
+      l2 = gcry_sexp_find_token (list, "n", 1);
+      if (l2)
+        modulus = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+    }
+
+  gcry_free (name);
+  gcry_sexp_release (l2);
+  gcry_sexp_release (list);
+  return modulus;
+}
+
+
 
 /* For certain purposes we need a certificate id which has an upper
    limit of the size.  We use the hash of the issuer name and the
diff --git a/sm/gpgsm-w32info.rc b/sm/gpgsm-w32info.rc
index 537afdb..d813b0d 100644
--- a/sm/gpgsm-w32info.rc
+++ b/sm/gpgsm-w32info.rc
@@ -48,5 +48,3 @@
       VALUE "Translation", 0x409, 0x4b0
     END
   END
-
-1 RT_MANIFEST "gpgsm.w32-manifest"
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 2716890..fd59fc7 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -28,6 +28,8 @@
 #include <ctype.h>
 #include <unistd.h>
 #include <fcntl.h>
+/*#include <mcheck.h>*/
+#include <npth.h>
 
 #define INCLUDED_BY_MAIN_MODULE 1
 
@@ -47,7 +49,6 @@
 #include "../common/compliance.h"
 #include "minip12.h"
 
-
 #ifndef O_BINARY
 #define O_BINARY 0
 #endif
@@ -106,6 +107,7 @@ enum cmd_and_opt_values {
   oDebugAllowCoreDump,
   oDebugNoChainValidation,
   oDebugIgnoreExpiration,
+  oDebugForceECDHSHA1KDF,
   oLogFile,
   oNoLogFile,
   oAuditLog,
@@ -156,12 +158,12 @@ enum cmd_and_opt_values {
   oDisablePolicyChecks,
   oEnablePolicyChecks,
   oAutoIssuerKeyRetrieve,
-  oMinRSALength,
 
   oWithFingerprint,
   oWithMD5Fingerprint,
   oWithKeygrip,
   oWithSecret,
+  oWithKeyScreening,
   oAnswerYes,
   oAnswerNo,
   oKeyring,
@@ -188,7 +190,6 @@ enum cmd_and_opt_values {
   oSkipVerify,
   oValidationModel,
   oKeyServer,
-  oKeyServer_deprecated,
   oEncryptTo,
   oNoEncryptTo,
   oLoggerFD,
@@ -198,14 +199,16 @@ enum cmd_and_opt_values {
   oNoRandomSeedFile,
   oNoCommonCertsImport,
   oIgnoreCertExtension,
-  oIgnoreCertWithOID,
-  oRequireCompliance,
-  oCompatibilityFlags,
+  oAuthenticode,
+  oAttribute,
+  oChUid,
+  oUseKeyboxd,
+  oKeyboxdProgram,
   oNoAutostart
  };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   ARGPARSE_group (300, N_("@Commands:\n ")),
 
@@ -272,6 +275,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
   ARGPARSE_s_n (oDebugNoChainValidation, "debug-no-chain-validation", "@"),
   ARGPARSE_s_n (oDebugIgnoreExpiration,  "debug-ignore-expiration", "@"),
+  ARGPARSE_s_n (oDebugForceECDHSHA1KDF,  "debug-force-ecdh-sha1kdf", "@"),
   ARGPARSE_s_s (oLogFile, "log-file",
                 N_("|FILE|write server mode logs to FILE")),
   ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
@@ -291,12 +295,11 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oPolicyFile, "policy-file",
                 N_("|FILE|take policy information from FILE")),
   ARGPARSE_s_s (oCompliance, "compliance",   "@"),
-  ARGPARSE_p_u (oMinRSALength, "min-rsa-length", "@"),
   ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"),
   ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
-  ARGPARSE_s_s (oIgnoreCertWithOID, "ignore-cert-with-oid", "@"),
   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+  ARGPARSE_s_s (oKeyboxdProgram, "keyboxd-program", "@"),
   ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
   ARGPARSE_s_s (oProtectToolProgram, "protect-tool-program", "@"),
 
@@ -319,6 +322,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
   ARGPARSE_s_n (oBase64, "base64", N_("create base-64 encoded output")),
   ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
+  ARGPARSE_s_n (oAuthenticode, "authenticode", "@"),
+  ARGPARSE_s_s (oAttribute,    "attribute", "@"),
 
 
   ARGPARSE_header (NULL, N_("Options to specify keys")),
@@ -340,8 +345,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oKeyring, "keyring",
                 N_("|FILE|add keyring to the list of keyrings")),
   ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
-  ARGPARSE_s_s (oKeyServer_deprecated, "ldapserver", "@"),
-  ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
+  ARGPARSE_s_s (oKeyServer, "keyserver",
+                N_("|SPEC|use this keyserver to lookup keys")),
+  ARGPARSE_s_n (oUseKeyboxd,    "use-keyboxd", "@"),
+
 
   ARGPARSE_header ("ImportExport",
                    N_("Options controlling key import and export")),
@@ -365,6 +372,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
   ARGPARSE_s_n (oWithKeygrip,     "with-keygrip", "@"),
   ARGPARSE_s_n (oWithSecret,      "with-secret", "@"),
+  ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"),
+
+
 
   ARGPARSE_header ("Security", N_("Options controlling the security")),
 
@@ -390,7 +400,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
   ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
   ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
-  ARGPARSE_s_n (oRequireCompliance, "require-compliance", "@"),
 
 
   ARGPARSE_header (NULL, N_("Options for unattended use")),
@@ -423,7 +432,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oLCctype,    "lc-ctype", "@"),
   ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
   ARGPARSE_s_s (oXauthority, "xauthority", "@"),
-  ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
+  ARGPARSE_s_s (oChUid, "chuid", "@"),
+
 
   ARGPARSE_header (NULL, ""),  /* Stop the header group.  */
 
@@ -455,14 +465,8 @@ static struct debug_flags_s debug_flags [] =
     { DBG_MEMSTAT_VALUE, "memstat" },
     { DBG_HASHING_VALUE, "hashing" },
     { DBG_IPC_VALUE    , "ipc"     },
-    { 0, NULL }
-  };
-
-
-/* The list of compatibility flags.  */
-static struct compatibility_flags_s compatibility_flags [] =
-  {
-    { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
+    { DBG_CLOCK_VALUE  , "clock"   },
+    { DBG_LOOKUP_VALUE , "lookup"  },
     { 0, NULL }
   };
 
@@ -515,6 +519,7 @@ our_pk_test_algo (int algo)
     {
     case GCRY_PK_RSA:
     case GCRY_PK_ECDSA:
+    case GCRY_PK_EDDSA:
       return gcry_pk_test_algo (algo);
     default:
       return 1;
@@ -564,6 +569,10 @@ our_md_test_algo (int algo)
 }
 
 
+/* nPth wrapper function definitions. */
+ASSUAN_SYSTEM_NPTH_IMPL;
+
+
 static char *
 make_libversion (const char *libname, const char *(*getfnc)(const char*))
 {
@@ -828,11 +837,139 @@ parse_validation_model (const char *model)
 }
 
 
+/* Release the list of SERVERS.  As usual it is okay to call this
+   function with SERVERS passed as NULL.  */
+void
+keyserver_list_free (struct keyserver_spec *servers)
+{
+  while (servers)
+    {
+      struct keyserver_spec *tmp = servers->next;
+      xfree (servers->host);
+      xfree (servers->user);
+      if (servers->pass)
+        memset (servers->pass, 0, strlen (servers->pass));
+      xfree (servers->pass);
+      xfree (servers->base);
+      xfree (servers);
+      servers = tmp;
+    }
+}
+
+/* See also dirmngr ldapserver_parse_one().  */
+struct keyserver_spec *
+parse_keyserver_line (char *line,
+		      const char *filename, unsigned int lineno)
+{
+  char *p;
+  char *endp;
+  const char *s;
+  struct keyserver_spec *server;
+  int fieldno;
+  int fail = 0;
+  int i;
+
+  if (!filename)
+    {
+      filename = "[cmd]";
+      lineno = 0;
+    }
+
+  /* Parse the colon separated fields.  */
+  server = xcalloc (1, sizeof *server);
+  for (fieldno = 1, p = line; p; p = endp, fieldno++ )
+    {
+      endp = strchr (p, ':');
+      if (endp)
+	*endp++ = '\0';
+      trim_spaces (p);
+      switch (fieldno)
+	{
+	case 1:
+	  if (*p)
+            server->host = xstrdup (p);
+	  else
+	    {
+	      log_error (_("%s:%u: no hostname given\n"),
+			 filename, lineno);
+	      fail = 1;
+	    }
+	  break;
+
+	case 2:
+	  if (*p)
+	    server->port = atoi (p);
+	  break;
+
+	case 3:
+	  if (*p)
+	    server->user = xstrdup (p);
+	  break;
+
+	case 4:
+	  if (*p && !server->user)
+	    {
+	      log_error (_("%s:%u: password given without user\n"),
+			 filename, lineno);
+	      fail = 1;
+	    }
+	  else if (*p)
+	    server->pass = xstrdup (p);
+	  break;
+
+	case 5:
+	  if (*p)
+	    server->base = xstrdup (p);
+	  break;
+
+        case 6:
+          {
+            char **flags = NULL;
+
+            flags = strtokenize (p, ",");
+            if (!flags)
+              log_fatal ("strtokenize failed: %s\n",
+                         gpg_strerror (gpg_error_from_syserror ()));
+
+            for (i=0; (s = flags[i]); i++)
+              {
+                if (!*s)
+                  ;
+                else if (!ascii_strcasecmp (s, "ldaps"))
+                  server->use_ldaps = 1;
+                else if (!ascii_strcasecmp (s, "ldap"))
+                  server->use_ldaps = 0;
+                else
+                  log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
+                            filename, lineno, s);
+              }
+
+            xfree (flags);
+          }
+          break;
+
+	default:
+	  /* (We silently ignore extra fields.) */
+	  break;
+	}
+    }
+
+  if (fail)
+    {
+      log_info (_("%s:%u: skipping this line\n"), filename, lineno);
+      keyserver_list_free (server);
+      server = NULL;
+    }
+
+  return server;
+}
+
 
 int
 main ( int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpg_error_t err = 0;
+  gpgrt_argparse_t pargs;
   int orig_argc;
   char **orig_argv;
   /*  char *username;*/
@@ -870,18 +1007,20 @@ main ( int argc, char **argv)
   int pwfd = -1;
 
   static const char *homedirvalue;
+  static const char *changeuser;
+
 
   early_system_init ();
   gnupg_reopen_std (GPGSM_NAME);
   /* trap_unaligned ();*/
   gnupg_rl_initialize ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
 
   /* Please note that we may running SUID(ROOT), so be very CAREFUL
      when adding any stuff between here and the call to secmem_init()
      somewhere after the option parsing */
-  log_set_prefix (GPGSM_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_NO_REGISTRY);
+  log_set_prefix (GPGSM_NAME, GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init ();
@@ -922,7 +1061,7 @@ main ( int argc, char **argv)
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -941,6 +1080,10 @@ main ( int argc, char **argv)
           homedirvalue = pargs.r.ret_str;
           break;
 
+        case oChUid:
+          changeuser = pargs.r.ret_str;
+          break;
+
         case aCallProtectTool:
           /* Make sure that --version and --help are passed to the
            * protect-tool. */
@@ -951,13 +1094,12 @@ main ( int argc, char **argv)
   /* Reset the flags.  */
   pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
 
-
   /* Initialize the secure memory. */
   gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
   maybe_setuid = 0;
 
   /*
-   * Now we are now working under our real uid
+     Now we are now working under our real uid
    */
 
   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
@@ -969,7 +1111,9 @@ main ( int argc, char **argv)
   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
   setup_libassuan_logging (&opt.debug, NULL);
 
-  /* Set homedir.  */
+  /* Change UID and then set homedir.  */
+  if (changeuser && gnupg_chuid (changeuser, 0))
+    log_inc_errorcount (); /* Force later termination.  */
   gnupg_set_homedir (homedirvalue);
 
   /* Setup a default control structure for command line mode */
@@ -983,8 +1127,8 @@ main ( int argc, char **argv)
   opt.policy_file = make_filename (gnupg_homedir (), "policies.txt", NULL);
 
   /* The configuraton directories for use by gpgrt_argparser.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   /* We are re-using the struct, thus the reset flag.  We OR the
    * flags so that the internal intialized flag won't be cleared. */
@@ -998,7 +1142,7 @@ main ( int argc, char **argv)
                    | ARGPARSE_FLAG_USER);
 
   while (!no_more_options
-         && gnupg_argparser (&pargs, opts, GPGSM_NAME EXTSEP_S "conf"))
+         && gpgrt_argparser (&pargs, opts, GPGSM_NAME EXTSEP_S "conf"))
     {
       switch (pargs.r_opt)
         {
@@ -1225,6 +1369,7 @@ main ( int argc, char **argv)
         case oAnswerNo: opt.answer_no = 1; break;
 
         case oKeyring: append_to_strlist (&nrings, pargs.r.ret_str); break;
+        case oUseKeyboxd: opt.use_keyboxd = 1; break;
 
         case oDebug:
           if (parse_debug_flag (pargs.r.ret_str, &debug_value, debug_flags))
@@ -1242,15 +1387,7 @@ main ( int argc, char **argv)
           break;
         case oDebugNoChainValidation: opt.no_chain_validation = 1; break;
         case oDebugIgnoreExpiration: opt.ignore_expiration = 1; break;
-
-        case oCompatibilityFlags:
-          if (parse_compatibility_flags (pargs.r.ret_str, &opt.compat_flags,
-                                         compatibility_flags))
-            {
-              pargs.r_opt = ARGPARSE_INVALID_ARG;
-              pargs.err = ARGPARSE_PRINT_ERROR;
-            }
-          break;
+        case oDebugForceECDHSHA1KDF: opt.force_ecdh_sha1kdf = 1; break;
 
         case oStatusFD:
             ctrl.status_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 1);
@@ -1270,8 +1407,14 @@ main ( int argc, char **argv)
           opt.with_keygrip = 1;
           break;
 
+        case oWithKeyScreening:
+          opt.with_key_screening = 1;
+          break;
+
         case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
+        case oChUid: break;  /* Command line only (see above).  */
         case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
+        case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str;  break;
 
         case oDisplay:
           set_opt_session_env ("DISPLAY", pargs.r.ret_str);
@@ -1394,19 +1537,31 @@ main ( int argc, char **argv)
         case oValidationModel: parse_validation_model (pargs.r.ret_str); break;
 
 	case oKeyServer:
-          append_to_strlist (&opt.keyserver, pargs.r.ret_str);
+	  {
+	    struct keyserver_spec *keyserver;
+	    keyserver = parse_keyserver_line (pargs.r.ret_str,
+					      configname, pargs.lineno);
+	    if (! keyserver)
+	      log_error (_("could not parse keyserver\n"));
+	    else
+	      {
+		/* FIXME: Keep last next pointer.  */
+		struct keyserver_spec **next_p = &opt.keyserver;
+		while (*next_p)
+		  next_p = &(*next_p)->next;
+		*next_p = keyserver;
+	      }
+	  }
 	  break;
 
-        case oKeyServer_deprecated:
-          obsolete_option (configname, pargs.lineno, "ldapserver");
-          break;
-
         case oIgnoreCertExtension:
           add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str);
           break;
 
-        case oIgnoreCertWithOID:
-          add_to_strlist (&opt.ignore_cert_with_oid, pargs.r.ret_str);
+        case oAuthenticode: opt.authenticode = 1; break;
+
+        case oAttribute:
+          add_to_strlist (&opt.attributes, pargs.r.ret_str);
           break;
 
         case oNoAutostart: opt.autostart = 0; break;
@@ -1418,20 +1573,15 @@ main ( int argc, char **argv)
                 { "gnupg", CO_GNUPG },
                 { "de-vs", CO_DE_VS }
               };
-            int compliance = gnupg_parse_compliance_option (pargs.r.ret_str,
-                                                            compliance_options,
-                                                            DIM (compliance_options),
-                                                            opt.quiet);
+            int compliance = gnupg_parse_compliance_option
+              (pargs.r.ret_str, compliance_options, DIM (compliance_options),
+               opt.quiet);
             if (compliance < 0)
               log_inc_errorcount (); /* Force later termination.  */
             opt.compliance = compliance;
           }
           break;
 
-        case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;
-
-        case oRequireCompliance: opt.require_compliance = 1;  break;
-
         default:
           if (configname)
             pargs.err = ARGPARSE_PRINT_WARNING;
@@ -1447,12 +1597,12 @@ main ( int argc, char **argv)
 	}
     }
 
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (!last_configname)
-    opt.config_filename = make_filename (gnupg_homedir (),
-                                         GPGSM_NAME EXTSEP_S "conf",
-                                         NULL);
+    opt.config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                             GPGSM_NAME EXTSEP_S "conf",
+                                             NULL);
   else
     opt.config_filename = last_configname;
 
@@ -1476,21 +1626,25 @@ main ( int argc, char **argv)
   if (greeting)
     {
       es_fprintf (es_stderr, "%s %s; %s\n",
-                  strusage(11), strusage(13), strusage(14) );
-      es_fprintf (es_stderr, "%s\n", strusage(15) );
+                  gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14) );
+      es_fprintf (es_stderr, "%s\n", gpgrt_strusage(15) );
     }
-#  ifdef IS_DEVELOPMENT_VERSION
+#ifdef IS_DEVELOPMENT_VERSION
   if (!opt.batch)
     {
       log_info ("NOTE: THIS IS A DEVELOPMENT VERSION!\n");
       log_info ("It is only intended for test purposes and should NOT be\n");
       log_info ("used in a production environment or with production keys!\n");
     }
-#  endif
+#endif
 
   if (may_coredump && !opt.quiet)
     log_info (_("WARNING: program may create a core file!\n"));
 
+  npth_init ();
+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
+
 /*   if (opt.qualsig_approval && !opt.quiet) */
 /*     log_info (_("This software has officially been approved to " */
 /*                 "create and verify\n" */
@@ -1528,11 +1682,8 @@ main ( int argc, char **argv)
   gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
 
   set_debug ();
-  if (opt.verbose) /* Print the compatibility flags.  */
-    parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
-  gnupg_set_compliance_extra_info (opt.min_rsa_length);
 
-  /* Although we always use gpgsm_exit, we better install a regualr
+  /* Although we always use gpgsm_exit, we better install a regular
      exit handler so that at least the secure memory gets wiped
      out. */
   if (atexit (emergency_cleanup))
@@ -1648,8 +1799,16 @@ main ( int argc, char **argv)
   if (!cmd && opt.fingerprint && !with_fpr)
     set_cmd (&cmd, aListKeys);
 
+  /* If no pinentry is expected shunt
+   * gnupg_allow_set_foregound_window to avoid useless error
+   * messages on Windows.  */
+  if (opt.pinentry_mode != PINENTRY_MODE_ASK)
+    {
+      gnupg_inhibit_set_foregound_window (1);
+    }
+
   /* Add default keybox. */
-  if (!nrings && default_keyring)
+  if (!nrings && default_keyring && !opt.use_keyboxd)
     {
       int created;
 
@@ -1670,8 +1829,11 @@ main ( int argc, char **argv)
           xfree (filelist[0]);
         }
     }
-  for (sl = nrings; sl; sl = sl->next)
-    keydb_add_resource (&ctrl, sl->d, 0, NULL);
+  if (!opt.use_keyboxd)
+    {
+      for (sl = nrings; sl; sl = sl->next)
+        keydb_add_resource (&ctrl, sl->d, 0, NULL);
+    }
   FREE_STRLIST(nrings);
 
 
@@ -1747,7 +1909,7 @@ main ( int argc, char **argv)
   switch (cmd)
     {
     case aGPGConfList:
-      { /* List options and default values in the GPG Conf format.  */
+      { /* List default option values in the GPG Conf format.  */
 
 	es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
         es_printf ("include-certs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
@@ -1762,6 +1924,7 @@ main ( int argc, char **argv)
            proc_parameters actually implements.  */
         es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
                    "RSA-3072");
+
       }
       break;
     case aGPGConfTest:
@@ -1799,13 +1962,16 @@ main ( int argc, char **argv)
         set_binary (stdin);
 
         if (!argc) /* Source is stdin. */
-          gpgsm_encrypt (&ctrl, recplist, 0, fp);
+          err = gpgsm_encrypt (&ctrl, recplist, 0, fp);
         else if (argc == 1)  /* Source is the given file. */
-          gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
+          err = gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
         else
           wrong_args ("--encrypt [datafile]");
 
-        es_fclose (fp);
+        if (err)
+          gpgrt_fcancel (fp);
+        else
+          es_fclose (fp);
       }
       break;
 
@@ -1817,14 +1983,22 @@ main ( int argc, char **argv)
            signing because that is what gpg does.*/
         set_binary (stdin);
         if (!argc) /* Create from stdin. */
-          gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
+          err = gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
         else if (argc == 1) /* From file. */
-          gpgsm_sign (&ctrl, signerlist,
+          err = gpgsm_sign (&ctrl, signerlist,
                       open_read (*argv), detached_sig, fp);
         else
           wrong_args ("--sign [datafile]");
 
+#if GPGRT_VERSION_NUMBER >= 0x012700 /* >= 1.39 */
+        if (err)
+          gpgrt_fcancel (fp);
+        else
+          es_fclose (fp);
+#else
+        (void)err;
         es_fclose (fp);
+#endif
       }
       break;
 
@@ -1862,22 +2036,16 @@ main ( int argc, char **argv)
     case aDecrypt:
       {
         estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-");
-        gpg_error_t err;
 
         set_binary (stdin);
         if (!argc)
-          err = gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
+          gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
         else if (argc == 1)
-          err = gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
+          gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
         else
           wrong_args ("--decrypt [filename]");
 
-#if GPGRT_VERSION_NUMBER >= 0x012700  /* 1.39 */
-        if (err)
-          gpgrt_fcancel (fp);
-        else
-#endif
-          es_fclose (fp);
+        es_fclose (fp);
       }
       break;
 
@@ -2078,7 +2246,8 @@ main ( int argc, char **argv)
     }
 
   /* cleanup */
-  free_strlist (opt.keyserver);
+  gpgsm_deinit_default_ctrl (&ctrl);
+  keyserver_list_free (opt.keyserver);
   opt.keyserver = NULL;
   gpgsm_release_certlist (recplist);
   gpgsm_release_certlist (signerlist);
@@ -2123,6 +2292,15 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
 }
 
 
+/* This function is called to deinitialize a control object.  The
+ * control object is is not released, though.  */
+void
+gpgsm_deinit_default_ctrl (ctrl_t ctrl)
+{
+  gpgsm_keydb_deinit_session_data (ctrl);
+}
+
+
 int
 gpgsm_parse_validation_model (const char *model)
 {
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 53ef165..e96f157 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -36,8 +36,26 @@
 #include "../common/ksba-io-support.h"
 #include "../common/compliance.h"
 
+/* The maximum length of a binary fingerprints.  This is used to
+ * provide a static buffer and will be increased if we need to support
+ * longer fingerprints.  */
+#define MAX_FINGERPRINT_LEN 32
 
-#define MAX_DIGEST_LEN 64
+/* The maximum length of a binary digest.  */
+#define MAX_DIGEST_LEN 64     /* Fits for SHA-512 */
+
+
+struct keyserver_spec
+{
+  struct keyserver_spec *next;
+
+  char *host;
+  int port;
+  char *user;
+  char *pass;
+  char *base;
+  unsigned int use_ldaps:1;
+};
 
 
 /* A large struct named "opt" to keep global flags. */
@@ -52,10 +70,13 @@ struct
   int answer_no;    /* assume no on most questions */
   int dry_run;      /* don't change any persistent data */
   int no_homedir_creation;
+  int use_keyboxd;  /* Use the external keyboxd as storage backend.  */
 
   const char *config_filename; /* Name of the used config file. */
   const char *agent_program;
 
+  const char *keyboxd_program;
+
   session_env_t session_env;
   char *lc_ctype;
   char *lc_messages;
@@ -66,7 +87,7 @@ struct
   const char *protect_tool_program;
   char *outfile;    /* name of output file */
 
-  int with_key_data;/* include raw key in the column delimted output */
+  int with_key_data;/* include raw key in the column delimited output */
 
   int fingerprint;  /* list fingerprints in all key listings */
 
@@ -75,6 +96,8 @@ struct
 
   int with_keygrip; /* Option --with-keygrip active.  */
 
+  int with_key_screening; /* Option  --with-key-screening active.  */
+
   int pinentry_mode;
   int request_origin;
 
@@ -92,6 +115,8 @@ struct
 
   int forced_digest_algo; /* User forced hash algorithm. */
 
+  int force_ecdh_sha1kdf; /* Only for debugging and testing.  */
+
   char *def_recipient;    /* userID of the default recipient */
   int def_recipient_self; /* The default recipient is the default key */
 
@@ -130,28 +155,29 @@ struct
                                the integrity of the software at
                                runtime. */
 
-  unsigned int min_rsa_length;   /* Used for compliance checks.  */
-
-  strlist_t keyserver;
+  struct keyserver_spec *keyserver;
 
   /* A list of certificate extension OIDs which are ignored so that
      one can claim that a critical extension has been handled.  One
      OID per string.  */
   strlist_t ignored_cert_extensions;
 
-  /* A list of OIDs which will be used to ignore certificates with
-   * sunch an OID during --learn-card.  */
-  strlist_t ignore_cert_with_oid;
-
-  /* The current compliance mode.  */
   enum gnupg_compliance_mode compliance;
 
-  /* Fail if an operation can't be done in the requested compliance
-   * mode.  */
-  int require_compliance;
-
-  /* Compatibility flags (COMPAT_FLAG_xxxx).  */
-  unsigned int compat_flags;
+  /* Enable creation of authenticode signatures.  */
+  int authenticode;
+
+  /* A list of extra attributes put into a signed data object.  For a
+   * signed each attribute each string has the format:
+   *   <oid>:s:<hex_or_filename>
+   * and for an unsigned attribute
+   *   <oid>:u:<hex_or_filename>
+   * The OID is in the usual dotted decimal for. The HEX_OR_FILENAME
+   * is either a list of hex digits or a filename with the DER encoded
+   * value.  A filename is detected by the presence of a slash in the
+   * HEX_OR_FILENAME.  The actual value needs to be encoded as a SET OF
+   * attribute values.  */
+  strlist_t attributes;
 } opt;
 
 /* Debug values and macros.  */
@@ -163,6 +189,8 @@ struct
 #define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
 #define DBG_HASHING_VALUE 512	/* debug hashing operations */
 #define DBG_IPC_VALUE     1024  /* debug assuan communication */
+#define DBG_CLOCK_VALUE   4096
+#define DBG_LOOKUP_VALUE  8192	/* debug the key lookup */
 
 #define DBG_X509    (opt.debug & DBG_X509_VALUE)
 #define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
@@ -170,22 +198,17 @@ struct
 #define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
 #define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
-
-
-/* Compatibility flags */
-/* Telesec RSA cards produced for NRW in 2022 came with only the
- * keyAgreement bit set.  This flag allows there use for encryption
- * anyway.  Example cert:
- *    Issuer: /CN=DOI CA 10a/OU=DOI/O=PKI-1-Verwaltung/C=DE
- * key usage: digitalSignature nonRepudiation keyAgreement
- *  policies: 1.3.6.1.4.1.7924.1.1:N:
- */
-#define COMPAT_ALLOW_KA_TO_ENCR   1
-
+#define DBG_CLOCK   (opt.debug & DBG_CLOCK_VALUE)
+#define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
 
 /* Forward declaration for an object defined in server.c */
 struct server_local_s;
 
+/* Object used to keep state locally in keydb.c  */
+struct keydb_local_s;
+typedef struct keydb_local_s *keydb_local_t;
+
+
 /* Session control object.  This object is passed down to most
    functions.  Note that the default values for it are set by
    gpgsm_init_default_ctrl(). */
@@ -195,6 +218,8 @@ struct server_control_s
   int  status_fd;     /* Only for non-server mode */
   struct server_local_s *server_local;
 
+  keydb_local_t keydb_local;  /* Local data for call-keyboxd.c  */
+
   audit_ctx_t audit;  /* NULL or a context for the audit subsystem.  */
   int agent_seen;     /* Flag indicating that the gpg-agent has been
                          accessed.  */
@@ -236,6 +261,7 @@ struct certlist_s
   ksba_cert_t cert;
   int is_encrypt_to; /* True if the certificate has been set through
                         the --encrypto-to option. */
+  int pk_algo;       /* The PK_ALGO from CERT or 0 if not yet known.  */
   int hash_algo;     /* Used to track the hash algorithm to use.  */
   const char *hash_algo_oid;  /* And the corresponding OID.  */
 };
@@ -254,10 +280,9 @@ struct rootca_flags_s
 
 
 /*-- gpgsm.c --*/
-extern int gpgsm_errors_seen;
-
 void gpgsm_exit (int rc);
 void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
+void gpgsm_deinit_default_ctrl (ctrl_t ctrl);
 int  gpgsm_parse_validation_model (const char *model);
 
 /*-- server.c --*/
@@ -281,11 +306,15 @@ unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
 int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
+int  gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits,
+                               char **r_curve);
 char *gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid);
+gcry_mpi_t gpgsm_get_rsa_modulus (ksba_cert_t cert);
 char *gpgsm_get_certid (ksba_cert_t cert);
 
 
 /*-- certdump.c --*/
+const void *gpgsm_get_serial (ksba_const_sexp_t sn, size_t *r_length);
 void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
 void gpgsm_print_serial_decimal (estream_t fp, ksba_const_sexp_t sn);
 void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
@@ -330,8 +359,8 @@ int gpgsm_create_cms_signature (ctrl_t ctrl,
 #define VALIDATE_FLAG_CHAIN_MODEL 2
 #define VALIDATE_FLAG_STEED       4
 
-int gpgsm_walk_cert_chain (ctrl_t ctrl,
-                           ksba_cert_t start, ksba_cert_t *r_next);
+gpg_error_t gpgsm_walk_cert_chain (ctrl_t ctrl,
+                                   ksba_cert_t start, ksba_cert_t *r_next);
 int gpgsm_is_root_cert (ksba_cert_t cert);
 int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
                           ksba_isotime_t checktime,
@@ -387,6 +416,10 @@ int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist,
                    int in_fd, estream_t out_fp);
 
 /*-- decrypt.c --*/
+gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen,
+                             int hash_algo, const char *wrap_algo_str,
+                             const void *secret, unsigned int secretlen,
+                             const void *ukm, unsigned int ukmlen);
 int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp);
 
 /*-- certreqgen.c --*/
diff --git a/sm/import.c b/sm/import.c
index 8a75a2b..3d08254 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -23,7 +23,6 @@
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#include <assert.h>
 #include <unistd.h>
 
 #include "gpgsm.h"
@@ -408,7 +407,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
   ksba_cert_t cert = NULL;
   unsigned int flags;
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       err = gpg_error (GPG_ERR_ENOMEM);;
@@ -551,7 +550,7 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
           int fd = of (*files);
           rc = import_one (ctrl, &stats, fd);
           close (fd);
-          if (rc == -1)
+          if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
             rc = 0;
         }
     }
@@ -717,6 +716,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
   gcry_sexp_t s_key = NULL;
   unsigned char grip[20];
   int bad_pass = 0;
+  char *curve = NULL;
   int i;
   struct store_cert_parm_s store_cert_parm;
 
@@ -771,14 +771,14 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
 
   err = gpgsm_agent_ask_passphrase
     (ctrl,
-     i18n_utf8 (N_("Please enter the passphrase to unprotect the PKCS#12 object.")),
+     i18n_utf8 ("Please enter the passphrase to unprotect the PKCS#12 object."),
      0, &passphrase);
   if (err)
     goto leave;
 
   kparms = p12_parse (p12buffer + p12bufoff, p12buflen - p12bufoff,
-                      passphrase, store_cert_cb, &store_cert_parm,
-                      &bad_pass, NULL);
+                      passphrase, store_cert_cb,
+                      &store_cert_parm, &bad_pass, &curve);
 
   xfree (passphrase);
   passphrase = NULL;
@@ -790,35 +790,79 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
       goto leave;
     }
 
-/*    print_mpi ("   n", kparms[0]); */
-/*    print_mpi ("   e", kparms[1]); */
-/*    print_mpi ("   d", kparms[2]); */
-/*    print_mpi ("   p", kparms[3]); */
-/*    print_mpi ("   q", kparms[4]); */
-/*    print_mpi ("dmp1", kparms[5]); */
-/*    print_mpi ("dmq1", kparms[6]); */
-/*    print_mpi ("   u", kparms[7]); */
-
-  sk.n = kparms[0];
-  sk.e = kparms[1];
-  sk.d = kparms[2];
-  sk.q = kparms[3];
-  sk.p = kparms[4];
-  sk.u = kparms[7];
-  err = rsa_key_check (&sk);
-  if (err)
-    goto leave;
-/*    print_mpi ("   n", sk.n); */
-/*    print_mpi ("   e", sk.e); */
-/*    print_mpi ("   d", sk.d); */
-/*    print_mpi ("   p", sk.p); */
-/*    print_mpi ("   q", sk.q); */
-/*    print_mpi ("   u", sk.u); */
-
-  /* Create an S-expression from the parameters. */
-  err = gcry_sexp_build (&s_key, NULL,
-                         "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
-                         sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
+  if (curve)
+    {
+      gcry_ctx_t ecctx = NULL;
+
+      /* log_debug ("curve: %s\n", curve); */
+      /* gcry_log_debugmpi ("MPI[0]", kparms[0]); */
+
+      /* We need to get the public key.  */
+      err = gcry_mpi_ec_new (&ecctx, NULL, curve);
+      if (err)
+        {
+          log_error ("error creating context for curve '%s': %s\n",
+                     curve, gpg_strerror (err));
+          goto leave;
+        }
+      err = gcry_mpi_ec_set_mpi ("d", kparms[0], ecctx);
+      if (err)
+        {
+          log_error ("error setting 'd' into context of curve '%s': %s\n",
+                     curve, gpg_strerror (err));
+          gcry_ctx_release (ecctx);
+          goto leave;
+        }
+
+      kparms[1] = gcry_mpi_ec_get_mpi ("q", ecctx, 1);
+      if (!kparms[1])
+        {
+          log_error ("error computing 'q' from 'd' for curve '%s'\n", curve);
+          gcry_ctx_release (ecctx);
+          goto leave;
+        }
+
+      gcry_ctx_release (ecctx);
+
+      err = gcry_sexp_build (&s_key, NULL,
+                             "(private-key(ecc(curve %s)(q%m)(d%m)))",
+                             curve, kparms[1], kparms[0], NULL);
+    }
+  else /* RSA */
+    {
+      /*    print_mpi ("   n", kparms[0]); */
+      /*    print_mpi ("   e", kparms[1]); */
+      /*    print_mpi ("   d", kparms[2]); */
+      /*    print_mpi ("   p", kparms[3]); */
+      /*    print_mpi ("   q", kparms[4]); */
+      /*    print_mpi ("dmp1", kparms[5]); */
+      /*    print_mpi ("dmq1", kparms[6]); */
+      /*    print_mpi ("   u", kparms[7]); */
+
+      sk.n = kparms[0];
+      sk.e = kparms[1];
+      sk.d = kparms[2];
+      sk.q = kparms[3];
+      sk.p = kparms[4];
+      sk.u = kparms[7];
+      err = rsa_key_check (&sk);
+      if (err)
+        goto leave;
+      /*    print_mpi ("   n", sk.n); */
+      /*    print_mpi ("   e", sk.e); */
+      /*    print_mpi ("   d", sk.d); */
+      /*    print_mpi ("   p", sk.p); */
+      /*    print_mpi ("   q", sk.q); */
+      /*    print_mpi ("   u", sk.u); */
+
+      /* Create an S-expression from the parameters. */
+      err = gcry_sexp_build (&s_key, NULL,
+                             "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+                             sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
+    }
+
+  /* The next is very ugly - we really should not rely on our
+   * knowledge of p12_parse internals.  */
   for (i=0; i < 8; i++)
     gcry_mpi_release (kparms[i]);
   gcry_free (kparms);
@@ -838,7 +882,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
       goto leave;
     }
   if (DBG_X509)
-    log_printhex (grip, 20, "keygrip=");
+    log_printhex (grip, 20, "keygrip:");
 
   /* Convert to canonical encoding using a function which pads it to a
      multiple of 64 bits.  We need this padding for AESWRAP.  */
@@ -925,6 +969,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
   xfree (kek);
   xfree (get_membuf (&p12mbuf, NULL));
   xfree (p12buffer);
+  xfree (curve);
 
   if (bad_pass)
     {
diff --git a/sm/keydb.c b/sm/keydb.c
index 564d449..e092e4a 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -1,6 +1,6 @@
 /* keydb.c - key database dispatcher
  * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
- * Copyright (C) 2014 g10 Code GmbH
+ * Copyright (C) 2014, 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -23,17 +23,18 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
 
 #include "gpgsm.h"
+#include <assuan.h>
 #include "../kbx/keybox.h"
 #include "keydb.h"
 #include "../common/i18n.h"
+#include "../common/asshelp.h"
+#include "../kbx/kbx-client-util.h"
 
-static int active_handles;
 
 typedef enum {
     KEYDB_RESOURCE_TYPE_NONE = 0,
@@ -47,23 +48,92 @@ struct resource_item {
     KEYBOX_HANDLE kr;
   } u;
   void *token;
-  dotlock_t lockhandle;
 };
 
+
+/* Data used to keep track of keybox daemon sessions.  This allows us
+ * to use several sessions with the keyboxd and also to re-use already
+ * established sessions.  Note that gpgdm.h defines the type
+ * keydb_local_t for this structure.  */
+struct keydb_local_s
+{
+  /* Link to other keyboxd contexts which are used simultaneously.  */
+  struct keydb_local_s *next;
+
+  /* The active Assuan context. */
+  assuan_context_t ctx;
+
+  /* The client data helper context.  */
+  kbx_client_data_t kcd;
+
+  /* I/O buffer with the last search result or NULL.  Used if
+   * D-lines are used to convey the keyblocks. */
+  struct {
+    char *buf;
+    size_t len;
+  } search_result;
+
+  /* This flag set while an operation is running on this context.  */
+  unsigned int is_active : 1;
+
+  /* Flag indicating that a search reset is required.  */
+  unsigned int need_search_reset : 1;
+};
+
+
 static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
 static int used_resources;
 
 /* Whether we have successfully registered any resource.  */
 static int any_registered;
 
+/* Number of active handles.  */
+static int active_handles;
+
+
 
 struct keydb_handle {
+
+  /* CTRL object passed to keydb_new.  */
+  ctrl_t ctrl;
+
+  /* If set the keyboxdd is used instead of the local files.  */
+  int use_keyboxd;
+
+  /* BEGIN USE_KEYBOXD */
+  /* (These fields are only valid if USE_KEYBOXD is set.) */
+
+  /* Connection info which also keeps the local state.  (This points
+   * into the CTRL->keybox_local list.) */
+  keydb_local_t kbl;
+
+  /* Various flags.  */
+  unsigned int last_ubid_valid:1;
+  unsigned int last_is_ephemeral;  /* Last found key is ephemeral.  */
+
+  /* The UBID of the last returned keyblock.  */
+  unsigned char last_ubid[UBID_LEN];
+
+  /* END USE_KEYBOXD */
+
+  /* BEGIN !USE_KEYBOXD */
+  /* (The remaining fields are only valid if USE_KEYBOXD is cleared.)  */
+
+  /* If this flag is set the resources is locked.  */
+  int locked;
+
+  /* If this flag is set a lock will only be released by
+   * keydb_release.  */
+  int keep_lock;
+
   int found;
   int saved_found;
   int current;
   int is_ephemeral;
   int used; /* items in active */
   struct resource_item active[MAX_KEYDB_RESOURCES];
+
+  /* END !USE_KEYBOXD */
 };
 
 
@@ -71,6 +141,30 @@ static int lock_all (KEYDB_HANDLE hd);
 static void unlock_all (KEYDB_HANDLE hd);
 
 
+
+/* Deinitialize all session resources pertaining to the keyboxd.  */
+void
+gpgsm_keydb_deinit_session_data (ctrl_t ctrl)
+{
+  keydb_local_t kbl;
+
+  while ((kbl = ctrl->keydb_local))
+    {
+      ctrl->keydb_local = kbl->next;
+      if (kbl->is_active)
+        log_error ("oops: trying to cleanup an active keydb context\n");
+      else
+        {
+          kbx_client_data_release (kbl->kcd);
+          kbl->kcd = NULL;
+          assuan_release (kbl->ctx);
+          kbl->ctx = NULL;
+        }
+      xfree (kbl);
+    }
+}
+
+
 static void
 try_make_homedir (const char *fname)
 {
@@ -82,7 +176,7 @@ try_make_homedir (const char *fname)
 
 
 /* Handle the creation of a keybox if it does not yet exist.  Take
-   into acount that other processes might have the keybox already
+   into account that other processes might have the keybox already
    locked.  This lock check does not work if the directory itself is
    not yet available.  If R_CREATED is not NULL it will be set to true
    if the function created a new keybox.  */
@@ -146,7 +240,7 @@ maybe_create_keybox (char *filename, int force, int *r_created)
     }
   *last_slash_in_filename = save_slash;
 
-  /* To avoid races with other instances of gpg/gpgsm trying to create or
+  /* To avoid races with other instances of gpg trying to create or
      update the keybox (it is removed during an update for a short
      time), we do the next stuff in a locked state. */
   lockhd = dotlock_create (filename, 0);
@@ -174,7 +268,7 @@ maybe_create_keybox (char *filename, int force, int *r_created)
     }
 
   /* Now the real test while we are locked. */
-  if (!gnupg_access(filename, F_OK))
+  if (!access(filename, F_OK))
     {
       rc = 0;  /* Okay, we may access the file now.  */
       goto leave;
@@ -325,26 +419,23 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
           err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
         else
           {
+            KEYBOX_HANDLE kbxhd;
+
             all_resources[used_resources].type = rt;
             all_resources[used_resources].u.kr = NULL; /* Not used here */
             all_resources[used_resources].token = token;
 
-            all_resources[used_resources].lockhandle
-              = dotlock_create (filename, 0);
-            if (!all_resources[used_resources].lockhandle)
-              log_fatal ( _("can't create lock for '%s'\n"), filename);
-
-            /* Do a compress run if needed and the file is not locked. */
-            if (!dotlock_take (all_resources[used_resources].lockhandle, 0))
+            /* Do a compress run if needed and the keybox is not locked. */
+            kbxhd = keybox_new_x509 (token, 0);
+            if (kbxhd)
               {
-                KEYBOX_HANDLE kbxhd = keybox_new_x509 (token, 0);
-
-                if (kbxhd)
+                if (!keybox_lock (kbxhd, 1, 0))
                   {
                     keybox_compress (kbxhd);
-                    keybox_release (kbxhd);
+                    keybox_lock (kbxhd, 0, 0);
                   }
-                dotlock_release (all_resources[used_resources].lockhandle);
+
+                keybox_release (kbxhd);
               }
 
             used_resources++;
@@ -374,84 +465,220 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
 }
 
 
-/* This is a helper requyired under Windows to close all files so that
- * a rename will work.  */
-void
-keydb_close_all_files (void)
+/* Print a warning if the server's version number is less than our
+   version number.  Returns an error code on a connection problem.  */
+static gpg_error_t
+warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
+                       const char *servername)
 {
-#ifdef HAVE_W32_SYSTEM
-  int i;
+  return warn_server_version_mismatch (ctx, servername, 0,
+                                       gpgsm_status2, ctrl,
+                                       !opt.quiet);
+}
 
-  log_assert (used_resources <= MAX_KEYDB_RESOURCES);
-  for (i=0; i < used_resources; i++)
-    if (all_resources[i].type == KEYDB_RESOURCE_TYPE_KEYBOX)
-      keybox_close_all_files (all_resources[i].token);
-#endif
+
+/* Connect to the keybox daemon and launch it if necessary.  Handle
+ * the server's initial greeting and set global options.  Returns a
+ * new assuan context or an error.  */
+static gpg_error_t
+create_new_context (ctrl_t ctrl, assuan_context_t *r_ctx)
+{
+  gpg_error_t err;
+  assuan_context_t ctx;
+
+  *r_ctx = NULL;
+
+  err = start_new_keyboxd (&ctx,
+                           GPG_ERR_SOURCE_DEFAULT,
+                           opt.keyboxd_program,
+                           opt.autostart, opt.verbose, DBG_IPC,
+                           NULL, ctrl);
+  if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_KEYBOXD)
+    {
+      static int shown;
+
+      if (!shown)
+        {
+          shown = 1;
+          log_info (_("no keyboxd running in this session\n"));
+        }
+    }
+  else if (!err && !(err = warn_version_mismatch (ctrl, ctx, KEYBOXD_NAME)))
+    {
+      /* Place to emit global options.  */
+    }
+
+  if (err)
+    assuan_release (ctx);
+  else
+    *r_ctx = ctx;
+
+  return err;
 }
 
 
+/* Get a context for accessing keyboxd.  If no context is available a
+ * new one is created and if necessary keyboxd is started.  R_KBL
+ * receives a pointer to the local context object.  */
+static gpg_error_t
+open_context (ctrl_t ctrl, keydb_local_t *r_kbl)
+{
+  gpg_error_t err;
+  keydb_local_t kbl;
+
+  *r_kbl = NULL;
+  for (;;)
+    {
+      for (kbl = ctrl->keydb_local; kbl && kbl->is_active; kbl = kbl->next)
+        ;
+      if (kbl)
+        {
+          /* Found an inactive keyboxd session - return that.  */
+          log_assert (!kbl->is_active);
+
+          kbl->is_active = 1;
+          kbl->need_search_reset = 1;
+
+          *r_kbl = kbl;
+          return 0;
+        }
+
+      /* None found.  Create a new session and retry.  */
+      kbl = xtrycalloc (1, sizeof *kbl);
+      if (!kbl)
+        return gpg_error_from_syserror ();
+
+      err = create_new_context (ctrl, &kbl->ctx);
+      if (err)
+        {
+          xfree (kbl);
+          return err;
+        }
+
+      err = kbx_client_data_new (&kbl->kcd, kbl->ctx, 1);
+      if (err)
+        {
+          assuan_release (kbl->ctx);
+          xfree (kbl);
+          return err;
+        }
+
+      /* For thread-saftey we add it to the list and retry; this is
+       * easier than to employ a lock.  */
+      kbl->next = ctrl->keydb_local;
+      ctrl->keydb_local = kbl;
+    }
+  /*NOTREACHED*/
+}
+
 
 KEYDB_HANDLE
-keydb_new (void)
+keydb_new (ctrl_t ctrl)
 {
+  gpg_error_t err;
   KEYDB_HANDLE hd;
-  int i, j;
+  int rc, i, j;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter\n", __func__);
 
   hd = xcalloc (1, sizeof *hd);
   hd->found = -1;
   hd->saved_found = -1;
-
-  assert (used_resources <= MAX_KEYDB_RESOURCES);
-  for (i=j=0; i < used_resources; i++)
+  hd->use_keyboxd = opt.use_keyboxd;
+  hd->ctrl = ctrl;
+  if (hd->use_keyboxd)
     {
-      switch (all_resources[i].type)
+      err = open_context (ctrl, &hd->kbl);
+      if (err)
         {
-        case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
-          break;
-        case KEYDB_RESOURCE_TYPE_KEYBOX:
-          hd->active[j].type   = all_resources[i].type;
-          hd->active[j].token  = all_resources[i].token;
-          hd->active[j].lockhandle = all_resources[i].lockhandle;
-          hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, 0);
-          if (!hd->active[j].u.kr)
+          log_error (_("error opening key DB: %s\n"), gpg_strerror (err));
+          xfree (hd);
+          hd = NULL;
+          if (!(rc = gpg_err_code_to_errno (err)))
+            rc = gpg_err_code_to_errno (GPG_ERR_EIO);
+          gpg_err_set_errno (rc);
+          goto leave;
+        }
+    }
+  else /* Use the local keybox.  */
+    {
+      log_assert (used_resources <= MAX_KEYDB_RESOURCES);
+      for (i=j=0; i < used_resources; i++)
+        {
+          switch (all_resources[i].type)
             {
-              xfree (hd);
-              return NULL; /* fixme: release all previously allocated handles*/
+            case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
+              break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              hd->active[j].type   = all_resources[i].type;
+              hd->active[j].token  = all_resources[i].token;
+              hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, 0);
+              if (!hd->active[j].u.kr)
+                {
+                  xfree (hd);
+                  return NULL; /* fixme: free all previously allocated handles*/
+                }
+              j++;
+              break;
             }
-          j++;
-          break;
         }
+      hd->used = j;
     }
-  hd->used = j;
 
   active_handles++;
+
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (hd=%p)\n", __func__, hd);
   return hd;
 }
 
 void
 keydb_release (KEYDB_HANDLE hd)
 {
+  keydb_local_t kbl;
   int i;
 
   if (!hd)
     return;
-  assert (active_handles > 0);
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  log_assert (active_handles > 0);
   active_handles--;
 
-  unlock_all (hd);
-  for (i=0; i < hd->used; i++)
+  if (hd->use_keyboxd)
     {
-      switch (hd->active[i].type)
+      kbl = hd->kbl;
+      if (DBG_CLOCK)
+        log_clock ("close_context (found)");
+      if (!kbl->is_active)
+        log_fatal ("closing inactive keyboxd context %p\n", kbl);
+      kbl->is_active = 0;
+      hd->kbl = NULL;
+    }
+  else
+    {
+      hd->keep_lock = 0;
+      unlock_all (hd);
+      for (i=0; i < hd->used; i++)
         {
-        case KEYDB_RESOURCE_TYPE_NONE:
-          break;
-        case KEYDB_RESOURCE_TYPE_KEYBOX:
-          keybox_release (hd->active[i].u.kr);
+          switch (hd->active[i].type)
+            {
+            case KEYDB_RESOURCE_TYPE_NONE:
           break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              keybox_release (hd->active[i].u.kr);
+              break;
+            }
         }
     }
 
-    xfree (hd);
+  xfree (hd);
+  if (DBG_CLOCK)
+    log_clock ("%s: leave\n", __func__);
 }
 
 
@@ -470,6 +697,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
   if (!hd)
     return NULL;
 
+  if (hd->use_keyboxd)
+    return "[keyboxd]";
+
   if ( hd->found >= 0 && hd->found < hd->used)
     idx = hd->found;
   else if ( hd->current >= 0 && hd->current < hd->used)
@@ -499,6 +729,10 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
   if (!hd)
     return 0;
 
+  if (hd->use_keyboxd)
+    return 0; /* FIXME: No support yet.  */
+
+
   yes = !!yes;
   if (hd->is_ephemeral != yes)
     {
@@ -521,27 +755,41 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
 }
 
 
-
 /* If the keyring has not yet been locked, lock it now.  This
-   operation is required before any update operation; On Windows it is
-   always required to disallow other processes to open the file which
-   in turn would inhibit our copy+update+rename method.  The lock is
-   released with keydb_released. */
+ * operation is required before any update operation; it is optional
+ * for an insert operation.  The lock is kept until a keydb_release so
+ * that internal unlock_all calls have no effect.  */
 gpg_error_t
 keydb_lock (KEYDB_HANDLE hd)
 {
+  gpg_error_t err;
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_HANDLE);
-  return lock_all (hd);
+  if (hd->use_keyboxd)
+    return 0;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+  err = lock_all (hd);
+  if (!err)
+    hd->keep_lock = 1;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
+  return err;
 }
 
 
-/* Same as keydb_lock but no check for an invalid HD.  */
+
 static int
 lock_all (KEYDB_HANDLE hd)
 {
   int i, rc = 0;
 
+  if (hd->use_keyboxd)
+    return 0;
+
   /* Fixme: This locking scheme may lead to deadlock if the resources
      are not added in the same order by all processes.  We are
      currently only allowing one resource so it is not a problem. */
@@ -552,8 +800,7 @@ lock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
         case KEYDB_RESOURCE_TYPE_KEYBOX:
-          if (hd->active[i].lockhandle)
-            rc = dotlock_take (hd->active[i].lockhandle, -1);
+          rc = keybox_lock (hd->active[i].u.kr, 1, -1);
           break;
         }
       if (rc)
@@ -562,7 +809,7 @@ lock_all (KEYDB_HANDLE hd)
 
     if (rc)
       {
-        /* revert the already set locks */
+        /* Revert the already set locks.  */
         for (i--; i >= 0; i--)
           {
             switch (hd->active[i].type)
@@ -570,25 +817,28 @@ lock_all (KEYDB_HANDLE hd)
               case KEYDB_RESOURCE_TYPE_NONE:
                 break;
               case KEYDB_RESOURCE_TYPE_KEYBOX:
-                if (hd->active[i].lockhandle)
-                  dotlock_release (hd->active[i].lockhandle);
+                keybox_lock (hd->active[i].u.kr, 0, 0);
                 break;
               }
           }
       }
+    else
+      hd->locked = 1;
 
-    /* make_dotlock () does not yet guarantee that errno is set, thus
-       we can't rely on the error reason and will simply use
-       EACCES. */
-    return rc? gpg_error (GPG_ERR_EACCES) : 0;
+    return rc;
 }
 
-
 static void
 unlock_all (KEYDB_HANDLE hd)
 {
   int i;
 
+  if (hd->use_keyboxd)
+    return;
+
+  if (!hd->locked || hd->keep_lock)
+    return;
+
   for (i=hd->used-1; i >= 0; i--)
     {
       switch (hd->active[i].type)
@@ -596,11 +846,11 @@ unlock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_NONE:
           break;
         case KEYDB_RESOURCE_TYPE_KEYBOX:
-          if (hd->active[i].lockhandle)
-            dotlock_release (hd->active[i].lockhandle);
+          keybox_lock (hd->active[i].u.kr, 0, 0);
           break;
         }
     }
+  hd->locked = 0;
 }
 
 
@@ -612,6 +862,9 @@ keydb_push_found_state (KEYDB_HANDLE hd)
   if (!hd)
     return;
 
+  if (hd->use_keyboxd)
+    return; /* FIXME: Do we need this? */
+
   if (hd->found < 0 || hd->found >= hd->used)
     {
       hd->saved_found = -1;
@@ -629,6 +882,8 @@ keydb_push_found_state (KEYDB_HANDLE hd)
 
   hd->saved_found = hd->found;
   hd->found = -1;
+  if (DBG_CLOCK)
+    log_clock ("%s: done (hd=%p)\n", __func__, hd);
 }
 
 
@@ -639,6 +894,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
   if (!hd)
     return;
 
+  if (hd->use_keyboxd)
+    return; /* FIXME: Do we need this? */
+
   hd->found = hd->saved_found;
   hd->saved_found = -1;
   if (hd->found < 0 || hd->found >= hd->used)
@@ -652,39 +910,85 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
       keybox_pop_found_state (hd->active[hd->found].u.kr);
       break;
     }
+  if (DBG_CLOCK)
+    log_clock ("%s: done (hd=%p)\n", __func__, hd);
 }
 
 
 
-/*
-  Return the last found object.  Caller must free it.  The returned
-  keyblock has the kbode flag bit 0 set for the node with the public
-  key used to locate the keyblock or flag bit 1 set for the user ID
-  node.  */
+/* Return the last found certificate.  Caller must free it.  */
 int
 keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
 {
-  int rc = 0;
+  int err = 0;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  if (hd->use_keyboxd)
+    {
+      ksba_cert_t cert;
+
+      /* Fixme: We should clear that also in non-keyboxd mode but we
+       * did not in the past and thus all code should be checked
+       * whether this is okay.  If we run into error in keyboxd mode,
+       * this is a not as severe because keyboxd is currently
+       * experimental.  */
+      *r_cert = NULL;
+
+      if (!hd->kbl->search_result.buf || !hd->kbl->search_result.len)
+        {
+          err = gpg_error (GPG_ERR_VALUE_NOT_FOUND);
+          goto leave;
+        }
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert,
+                                     hd->kbl->search_result.buf,
+                                     hd->kbl->search_result.len);
+      if (err)
+        {
+          ksba_cert_release (cert);
+          goto leave;
+        }
+      xfree (hd->kbl->search_result.buf);
+      hd->kbl->search_result.buf = NULL;
+      hd->kbl->search_result.len = 0;
+      *r_cert = cert;
+      goto leave;
+    }
+
   if ( hd->found < 0 || hd->found >= hd->used)
-    return -1; /* nothing found */
+    {
+      /* Fixme: It would be better to use GPG_ERR_VALUE_NOT_FOUND here
+       * but for now we use NOT_FOUND because that is our standard
+       * replacement for the formerly used (-1).  */
+      err = gpg_error (GPG_ERR_NOT_FOUND); /* nothing found */
+      goto leave;
+    }
 
+  err = GPG_ERR_BUG;
   switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
-      rc = gpg_error (GPG_ERR_GENERAL); /* oops */
+      err = gpg_error (GPG_ERR_GENERAL); /* oops */
       break;
     case KEYDB_RESOURCE_TYPE_KEYBOX:
-      rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
+      err = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
       break;
     }
 
-  return rc;
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (rc=%d)\n", __func__, err);
+  return err;
 }
 
+
 /* Return a flag of the last found object. WHICH is the flag requested;
    it should be one of the KEYBOX_FLAG_ values.  If the operation is
    successful, the flag value will be stored at the address given by
@@ -692,14 +996,29 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
 gpg_error_t
 keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
 {
-  int err = 0;
+  gpg_error_t err;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  if (hd->use_keyboxd)
+    {
+      /* FIXME */
+      *value = 0;
+      err = 0;
+      goto leave;
+    }
+
   if ( hd->found < 0 || hd->found >= hd->used)
-    return gpg_error (GPG_ERR_NOTHING_FOUND);
+    {
+      err = gpg_error (GPG_ERR_NOTHING_FOUND);
+      goto leave;
+    }
 
+  err = gpg_error (GPG_ERR_BUG);
   switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
@@ -710,9 +1029,13 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
       break;
     }
 
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
   return err;
 }
 
+
 /* Set a flag of the last found object. WHICH is the flag to be set; it
    should be one of the KEYBOX_FLAG_ values.  If the operation is
    successful, the flag value will be stored in the keybox.  Note,
@@ -722,16 +1045,31 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
 gpg_error_t
 keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
 {
-  int err = 0;
+  gpg_error_t err = 0;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  if (hd->use_keyboxd)
+    {
+      /* FIXME */
+      goto leave;
+    }
+
   if ( hd->found < 0 || hd->found >= hd->used)
-    return gpg_error (GPG_ERR_NOTHING_FOUND);
+    {
+      err = gpg_error (GPG_ERR_NOTHING_FOUND);
+      goto leave;
+    }
 
-  if (!dotlock_is_locked (hd->active[hd->found].lockhandle))
-    return gpg_error (GPG_ERR_NOT_LOCKED);
+  if (!hd->locked)
+    {
+      err = gpg_error (GPG_ERR_NOT_LOCKED);
+      goto leave;
+    }
 
   switch (hd->active[hd->found].type)
     {
@@ -743,16 +1081,49 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
       break;
     }
 
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
   return err;
 }
 
+
+
+/* Communication object for Keyboxd STORE commands.  */
+struct store_parm_s
+{
+  assuan_context_t ctx;
+  const void *data;   /* The certificate in X.509 binary format.  */
+  size_t datalen;     /* The length of DATA.  */
+};
+
+
+/* Handle the inquiries from the STORE command.  */
+static gpg_error_t
+store_inq_cb (void *opaque, const char *line)
+{
+  struct store_parm_s *parm = opaque;
+  gpg_error_t err = 0;
+
+  if (has_leading_keyword (line, "BLOB"))
+    {
+      if (parm->data)
+        err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
+    }
+  else
+    return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+
+  return err;
+}
+
+
 /*
  * Insert a new Certificate into one of the resources.
  */
-int
+gpg_error_t
 keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
 {
-  int rc = -1;
+  gpg_error_t err;
   int idx;
   unsigned char digest[20];
 
@@ -762,66 +1133,186 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
   if (opt.dry_run)
     return 0;
 
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  if (hd->use_keyboxd)
+    {
+      struct store_parm_s parm;
+
+      parm.ctx = hd->kbl->ctx;
+      parm.data = ksba_cert_get_image (cert, &parm.datalen);
+      if (!parm.data)
+        {
+          log_debug ("broken ksba cert object\n");
+          err = gpg_error (GPG_ERR_GENERAL);
+          goto leave;
+        }
+      err = assuan_transact (hd->kbl->ctx, "STORE --insert",
+                             NULL, NULL,
+                             store_inq_cb, &parm,
+                             NULL, NULL);
+      goto leave;
+    }
+
   if ( hd->found >= 0 && hd->found < hd->used)
     idx = hd->found;
   else if ( hd->current >= 0 && hd->current < hd->used)
     idx = hd->current;
   else
-    return gpg_error (GPG_ERR_GENERAL);
+    {
+      err = gpg_error (GPG_ERR_GENERAL);
+      goto leave;
+    }
 
-  if (!dotlock_is_locked (hd->active[idx].lockhandle))
-    return gpg_error (GPG_ERR_NOT_LOCKED);
+  if (!hd->locked)
+    {
+      err = gpg_error (GPG_ERR_NOT_LOCKED);
+      goto leave;
+    }
 
   gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
 
+  err = gpg_error (GPG_ERR_BUG);
   switch (hd->active[idx].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
-      rc = gpg_error (GPG_ERR_GENERAL);
+      err = gpg_error (GPG_ERR_GENERAL);
       break;
     case KEYDB_RESOURCE_TYPE_KEYBOX:
-      rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
+      err = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
       break;
     }
 
   unlock_all (hd);
-  return rc;
+
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
+  return err;
+}
+
+
+
+/* Update the current keyblock with KB.  */
+/* Note: This function is currently not called.  */
+gpg_error_t
+keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
+{
+  (void)hd;
+  (void)cert;
+  return GPG_ERR_BUG;
+#if 0
+  gpg_error_t err;
+  unsigned char digest[20];
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if ( hd->found < 0 || hd->found >= hd->used)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  if (opt.dry_run)
+    return 0;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
+  if (hd->use_keyboxd)
+    {
+      /* FIXME */
+      goto leave;
+    }
+
+  err = lock_all (hd);
+  if (err)
+    goto leave;
+
+  gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
+
+  err = gpg_error (GPG_ERR_BUG);
+  switch (hd->active[hd->found].type)
+    {
+    case KEYDB_RESOURCE_TYPE_NONE:
+      err = gpg_error (GPG_ERR_GENERAL); /* oops */
+      break;
+    case KEYDB_RESOURCE_TYPE_KEYBOX:
+      err = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
+      break;
+    }
+
+  unlock_all (hd);
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
+  return err;
+#endif /*0*/
 }
 
 
 /*
  * The current keyblock or cert will be deleted.
  */
-int
-keydb_delete (KEYDB_HANDLE hd, int unlock)
+gpg_error_t
+keydb_delete (KEYDB_HANDLE hd)
 {
-  int rc = -1;
+  gpg_error_t err;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  if ( hd->found < 0 || hd->found >= hd->used)
-    return -1; /* nothing found */
+  if (!hd->use_keyboxd && (hd->found < 0 || hd->found >= hd->used))
+    return gpg_error (GPG_ERR_NOT_FOUND);
 
-  if( opt.dry_run )
+  if (opt.dry_run)
     return 0;
 
-  if (!dotlock_is_locked (hd->active[hd->found].lockhandle))
-    return gpg_error (GPG_ERR_NOT_LOCKED);
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
 
+  if (hd->use_keyboxd)
+    {
+      unsigned char hexubid[UBID_LEN * 2 + 1];
+      char line[ASSUAN_LINELENGTH];
+
+      if (!hd->last_ubid_valid)
+        {
+          err = gpg_error (GPG_ERR_VALUE_NOT_FOUND);
+          goto leave;
+        }
+
+      bin2hex (hd->last_ubid, UBID_LEN, hexubid);
+      snprintf (line, sizeof line, "DELETE %s", hexubid);
+      err = assuan_transact (hd->kbl->ctx, line,
+                             NULL, NULL,
+                             NULL, NULL,
+                             NULL, NULL);
+      goto leave;
+    }
+
+  if (!hd->locked)
+    {
+      err = gpg_error (GPG_ERR_NOT_LOCKED);
+      goto leave;
+    }
+
+  err = gpg_error (GPG_ERR_BUG);
   switch (hd->active[hd->found].type)
     {
     case KEYDB_RESOURCE_TYPE_NONE:
-      rc = gpg_error (GPG_ERR_GENERAL);
+      err = gpg_error (GPG_ERR_GENERAL);
       break;
     case KEYDB_RESOURCE_TYPE_KEYBOX:
-      rc = keybox_delete (hd->active[hd->found].u.kr);
+      err = keybox_delete (hd->active[hd->found].u.kr);
       break;
     }
 
-  if (unlock)
-    unlock_all (hd);
-  return rc;
+  unlock_all (hd);
+
+ leave:
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
+  return err;
 }
 
 
@@ -831,7 +1322,7 @@ keydb_delete (KEYDB_HANDLE hd, int unlock)
  * operation (which is only relevant for inserts) will be done on this
  * resource.
  */
-int
+static gpg_error_t
 keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
 {
   int rc;
@@ -841,6 +1332,9 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (hd->use_keyboxd)
+    return 0;  /* Not required.  */
+
   rc = keydb_search_reset (hd); /* this does reset hd->current */
   if (rc)
     return rc;
@@ -859,7 +1353,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
         }
     }
 
-  return -1;
+  return gpg_error (GPG_ERR_NOT_FOUND);
 }
 
 /*
@@ -870,6 +1364,9 @@ keydb_rebuild_caches (void)
 {
   int i;
 
+  /* This function does nothing and thus we don't need to handle keyboxd in a
+   * special way.  */
+
   for (i=0; i < used_resources; i++)
     {
       switch (all_resources[i].type)
@@ -894,77 +1391,386 @@ keydb_rebuild_caches (void)
 gpg_error_t
 keydb_search_reset (KEYDB_HANDLE hd)
 {
+  gpg_error_t err = 0;
   int i;
-  gpg_error_t rc = 0;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
+
   hd->current = 0;
   hd->found = -1;
-  /* and reset all resources */
-  for (i=0; !rc && i < hd->used; i++)
+  if (hd->use_keyboxd)
     {
-      switch (hd->active[i].type)
+      /* All we need is to tell search that a reset is pending.  Note that
+       * keydb_new sets this flag as well.  To comply with the
+       * specification of keydb_delete_keyblock we also need to clear the
+       * ubid flag so that after a reset a delete can't be performed.  */
+      hd->kbl->need_search_reset = 1;
+      hd->last_ubid_valid = 0;
+   }
+  else
+    {
+      /* Reset all resources */
+      for (i=0; !err && i < hd->used; i++)
         {
-        case KEYDB_RESOURCE_TYPE_NONE:
-          break;
-        case KEYDB_RESOURCE_TYPE_KEYBOX:
-          rc = keybox_search_reset (hd->active[i].u.kr);
-          break;
+          switch (hd->active[i].type)
+            {
+            case KEYDB_RESOURCE_TYPE_NONE:
+              break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              err = keybox_search_reset (hd->active[i].u.kr);
+              break;
+            }
         }
     }
-  return rc;
+
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (err=%s)\n", __func__, gpg_strerror (err));
+  return err;
 }
 
-/*
- * Search through all keydb resources, starting at the current position,
- * for a keyblock which contains one of the keys described in the DESC array.
- */
-int
+
+char *
+keydb_search_desc_dump (struct keydb_search_desc *desc)
+{
+  char *fpr;
+  char *result;
+
+  switch (desc->mode)
+    {
+    case KEYDB_SEARCH_MODE_EXACT:
+      return xasprintf ("EXACT: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_SUBSTR:
+      return xasprintf ("SUBSTR: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_MAIL:
+      return xasprintf ("MAIL: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_MAILSUB:
+      return xasprintf ("MAILSUB: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_MAILEND:
+      return xasprintf ("MAILEND: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_WORDS:
+      return xasprintf ("WORDS: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_SHORT_KID:
+      return xasprintf ("SHORT_KID: '%08lX'", (ulong)desc->u.kid[1]);
+    case KEYDB_SEARCH_MODE_LONG_KID:
+      return xasprintf ("LONG_KID: '%08lX%08lX'",
+                        (ulong)desc->u.kid[0], (ulong)desc->u.kid[1]);
+    case KEYDB_SEARCH_MODE_FPR:
+      fpr = bin2hexcolon (desc->u.fpr, desc->fprlen, NULL);
+      result = xasprintf ("FPR%02d: '%s'", desc->fprlen, fpr);
+      xfree (fpr);
+      return result;
+    case KEYDB_SEARCH_MODE_ISSUER:
+      return xasprintf ("ISSUER: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_ISSUER_SN:
+      return xasprintf ("ISSUER_SN: '#%.*s/%s'",
+                        (int)desc->snlen,desc->sn, desc->u.name);
+    case KEYDB_SEARCH_MODE_SN:
+      return xasprintf ("SN: '%.*s'",
+                        (int)desc->snlen, desc->sn);
+    case KEYDB_SEARCH_MODE_SUBJECT:
+      return xasprintf ("SUBJECT: '%s'", desc->u.name);
+    case KEYDB_SEARCH_MODE_KEYGRIP:
+      return xasprintf ("KEYGRIP: %s", desc->u.grip);
+    case KEYDB_SEARCH_MODE_FIRST:
+      return xasprintf ("FIRST");
+    case KEYDB_SEARCH_MODE_NEXT:
+      return xasprintf ("NEXT");
+    default:
+      return xasprintf ("Bad search mode (%d)", desc->mode);
+    }
+}
+
+
+
+/* Status callback for SEARCH and NEXT operaions.  */
+static gpg_error_t
+search_status_cb (void *opaque, const char *line)
+{
+  KEYDB_HANDLE hd = opaque;
+  gpg_error_t err = 0;
+  const char *s;
+  unsigned int n;
+
+  if ((s = has_leading_keyword (line, "PUBKEY_INFO")))
+    {
+      if (atoi (s) != PUBKEY_TYPE_X509)
+        err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+      else
+        {
+          hd->last_ubid_valid = 0;
+          while (*s && !spacep (s))
+            s++;
+          if (!(n=hex2fixedbuf (s, hd->last_ubid, sizeof hd->last_ubid)))
+            err = gpg_error (GPG_ERR_INV_VALUE);
+          else
+            {
+              hd->last_ubid_valid = 1;
+              s += n;
+              hd->last_is_ephemeral = (*s == 'e');
+            }
+        }
+    }
+
+  return err;
+}
+
+/* Search through all keydb resources, starting at the current
+ * position, for a keyblock which contains one of the keys described
+ * in the DESC array.  In keyboxd mode the search is instead delegated
+ * to the keyboxd.
+ *
+ * DESC is an array of search terms with NDESC entries.  The search
+ * terms are or'd together.  That is, the next entry in the DB that
+ * matches any of the descriptions will be returned.
+ *
+ * Note: this function resumes searching where the last search left
+ * off (i.e., at the current file position).  If you want to search
+ * from the start of the database, then you need to first call
+ * keydb_search_reset().
+ *
+ * If no key matches the search description, the error code
+ * GPG_ERR_NOT_FOUND is retruned.  If there was a match, 0 is
+ * returned.  If an error occurred, that error code is returned.
+ *
+ * The returned key is considered to be selected and the certificate
+ * can be detched via keydb_get_cert.  */
+gpg_error_t
 keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
               KEYDB_SEARCH_DESC *desc, size_t ndesc)
 {
-  int rc;
+  gpg_error_t err = gpg_error (GPG_ERR_EOF);
   unsigned long skipped;
+  int i;
 
   if (!hd)
     return gpg_error (GPG_ERR_INV_VALUE);
 
-  if (!any_registered)
+  if (!any_registered && !hd->use_keyboxd)
     {
       gpgsm_status_with_error (ctrl, STATUS_ERROR, "keydb_search",
                                gpg_error (GPG_ERR_KEYRING_OPEN));
       return gpg_error (GPG_ERR_NOT_FOUND);
     }
 
-  rc = lock_all (hd);
-  if (rc)
-    return rc;
-  rc = -1;
+  if (DBG_CLOCK)
+    log_clock ("%s: enter (hd=%p)\n", __func__, hd);
 
-  while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
+  if (DBG_LOOKUP)
     {
-      switch (hd->active[hd->current].type)
+      log_debug ("%s: %zd search description(s):\n", __func__, ndesc);
+      for (i = 0; i < ndesc; i ++)
         {
-        case KEYDB_RESOURCE_TYPE_NONE:
-          BUG(); /* we should never see it here */
+          char *t = keydb_search_desc_dump (&desc[i]);
+          log_debug ("%s:   %d: %s\n", __func__, i, t);
+          xfree (t);
+        }
+    }
+
+  if (hd->use_keyboxd)
+    {
+      char line[ASSUAN_LINELENGTH];
+
+      /* Clear the result objects.  */
+      if (hd->kbl->search_result.buf)
+        {
+          xfree (hd->kbl->search_result.buf);
+          hd->kbl->search_result.buf = NULL;
+          hd->kbl->search_result.len = 0;
+        }
+
+      /* Check whether this is a NEXT search.  */
+      if (!hd->kbl->need_search_reset)
+        {
+          /* A reset was not requested thus continue the search.  The
+           * keyboxd keeps the context of the search and thus the NEXT
+           * operates on the last search pattern.  This is the way how
+           * we always used the keydb functions.  In theory we were
+           * able to modify the search pattern between searches but
+           * that is not anymore supported by keyboxd and a cursory
+           * check does not show that we actually made use of that
+           * misfeature.  */
+          snprintf (line, sizeof line, "NEXT --x509");
+          goto do_search;
+        }
+
+      hd->kbl->need_search_reset = 0;
+
+      if (!ndesc)
+        {
+          err = gpg_error (GPG_ERR_INV_ARG);
+          goto leave;
+        }
+
+      /* FIXME: Implement --multi */
+      switch (desc->mode)
+        {
+        case KEYDB_SEARCH_MODE_EXACT:
+          snprintf (line, sizeof line, "SEARCH --x509 =%s", desc[0].u.name);
           break;
-        case KEYDB_RESOURCE_TYPE_KEYBOX:
-          rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
-                              KEYBOX_BLOBTYPE_X509,
-                              NULL, &skipped);
+
+        case KEYDB_SEARCH_MODE_SUBSTR:
+          snprintf (line, sizeof line, "SEARCH --x509 *%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAIL:
+          snprintf (line, sizeof line, "SEARCH --x509 <%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAILSUB:
+          snprintf (line, sizeof line, "SEARCH --x509 @%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_MAILEND:
+          snprintf (line, sizeof line, "SEARCH --x509 .%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_WORDS:
+          snprintf (line, sizeof line, "SEARCH --x509 +%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SHORT_KID:
+          snprintf (line, sizeof line, "SEARCH --x509 0x%08lX",
+                    (ulong)desc->u.kid[1]);
+          break;
+
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          snprintf (line, sizeof line, "SEARCH --x509 0x%08lX%08lX",
+                    (ulong)desc->u.kid[0], (ulong)desc->u.kid[1]);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR:
+          {
+            unsigned char hexfpr[MAX_FINGERPRINT_LEN * 2 + 1];
+            log_assert (desc[0].fprlen <= MAX_FINGERPRINT_LEN);
+            bin2hex (desc[0].u.fpr, desc[0].fprlen, hexfpr);
+            snprintf (line, sizeof line, "SEARCH --x509 0x%s", hexfpr);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_ISSUER:
+          snprintf (line, sizeof line, "SEARCH --x509 #/%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_ISSUER_SN:
+          if (desc[0].snhex)
+            snprintf (line, sizeof line, "SEARCH --x509 #%.*s/%s",
+                      (int)desc[0].snlen, desc[0].sn, desc[0].u.name);
+          else
+            {
+              char *hexsn = bin2hex (desc[0].sn, desc[0].snlen, NULL);
+              if (!hexsn)
+                {
+                  err = gpg_error_from_syserror ();
+                  goto leave;
+                }
+              snprintf (line, sizeof line, "SEARCH --x509 #%s/%s",
+                        hexsn, desc[0].u.name);
+              xfree (hexsn);
+            }
           break;
+
+        case KEYDB_SEARCH_MODE_SN:
+          snprintf (line, sizeof line, "SEARCH --x509 #%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBJECT:
+          snprintf (line, sizeof line, "SEARCH --x509 /%s", desc[0].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_KEYGRIP:
+          {
+            unsigned char hexgrip[KEYGRIP_LEN * 2 + 1];
+            bin2hex (desc[0].u.grip, KEYGRIP_LEN, hexgrip);
+            snprintf (line, sizeof line, "SEARCH --x509 &%s", hexgrip);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_UBID:
+          {
+            unsigned char hexubid[UBID_LEN * 2 + 1];
+            bin2hex (desc[0].u.ubid, UBID_LEN, hexubid);
+            snprintf (line, sizeof line, "SEARCH --x509 ^%s", hexubid);
+          }
+          break;
+
+        case KEYDB_SEARCH_MODE_FIRST:
+          snprintf (line, sizeof line, "SEARCH --x509");
+          break;
+
+        case KEYDB_SEARCH_MODE_NEXT:
+          log_debug ("%s: mode next - we should not get to here!\n", __func__);
+          snprintf (line, sizeof line, "NEXT --x509");
+          break;
+
+        default:
+          err = gpg_error (GPG_ERR_INV_ARG);
+          goto leave;
         }
-      if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
-        { /* EOF -> switch to next resource */
-          hd->current++;
+
+    do_search:
+      hd->last_ubid_valid = 0;
+      /* To avoid silent truncation we error out on a too long line.  */
+      if (strlen (line) + 5 >= sizeof line)
+        err = gpg_error (GPG_ERR_ASS_LINE_TOO_LONG);
+      else
+        err = kbx_client_data_cmd (hd->kbl->kcd, line, search_status_cb, hd);
+      if (!err && !(err = kbx_client_data_wait (hd->kbl->kcd,
+                                                &hd->kbl->search_result.buf,
+                                                &hd->kbl->search_result.len)))
+        {
+          /* if (hd->last_ubid_valid) */
+          /*   log_printhex (hd->last_ubid, 20, "found UBID%s:", */
+          /*                 hd->last_is_ephemeral? "(ephemeral)":""); */
         }
-      else if (!rc)
-        hd->found = hd->current;
+
     }
+  else /* Local keyring search.  */
+    {
+      while (gpg_err_code (err) == GPG_ERR_EOF
+             && hd->current >= 0 && hd->current < hd->used)
+        {
+          switch (hd->active[hd->current].type)
+            {
+            case KEYDB_RESOURCE_TYPE_NONE:
+              BUG(); /* we should never see it here */
+              break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              err = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
+                                   KEYBOX_BLOBTYPE_X509,
+                                   NULL, &skipped);
+              if (err == -1) /* Map legacy code.  */
+                err = gpg_error (GPG_ERR_EOF);
+              break;
+            }
 
-  return rc;
+          if (DBG_LOOKUP)
+            log_debug ("%s: searched %s (resource %d of %d) => %s\n",
+                       __func__,
+                       hd->active[hd->current].type==KEYDB_RESOURCE_TYPE_KEYBOX
+                       ? "keybox" : "unknown type",
+                       hd->current, hd->used, gpg_strerror (err));
+
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            { /* EOF -> switch to next resource */
+              hd->current++;
+            }
+          else if (!err)
+            hd->found = hd->current;
+        }
+    }
+
+ leave:
+  /* The NOTHING_FOUND error is triggered by a NEXT command.  */
+  if (gpg_err_code (err) == GPG_ERR_EOF
+      || gpg_err_code (err) == GPG_ERR_NOTHING_FOUND)
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+  if (DBG_CLOCK)
+    log_clock ("%s: leave (%s)\n", __func__, gpg_strerror (err));
+  return err;
 }
 
 
@@ -1010,6 +1816,7 @@ keydb_search_fpr (ctrl_t ctrl, KEYDB_HANDLE hd, const byte *fpr)
   memset (&desc, 0, sizeof desc);
   desc.mode = KEYDB_SEARCH_MODE_FPR;
   memcpy (desc.u.fpr, fpr, 20);
+  desc.fprlen = 20;
   return keydb_search (ctrl, hd, &desc, 1);
 }
 
@@ -1085,7 +1892,7 @@ keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, int *existed)
       return gpg_error (GPG_ERR_GENERAL);
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -1096,13 +1903,15 @@ keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, int *existed)
      records.  */
   keydb_set_ephemeral (kh, 1);
 
-  keydb_close_all_files ();
-  rc = lock_all (kh);
-  if (rc)
-    return rc;
+  if (!kh->use_keyboxd)
+    {
+      rc = lock_all (kh);
+      if (rc)
+        return rc;
+    }
 
   rc = keydb_search_fpr (ctrl, kh, fpr);
-  if (rc != -1)
+  if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
     {
       keydb_release (kh);
       if (!rc)
@@ -1172,7 +1981,7 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
       return gpg_error (GPG_ERR_GENERAL);
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -1182,21 +1991,21 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
   if (ephemeral)
     keydb_set_ephemeral (kh, 1);
 
-  keydb_close_all_files ();
-  err = lock_all (kh);
-  if (err)
+  if (!kh->use_keyboxd)
     {
-      log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
-      keydb_release (kh);
-      return err;
+      err = keydb_lock (kh);
+      if (err)
+        {
+          log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
+          keydb_release (kh);
+          return err;
+        }
     }
 
   err = keydb_search_fpr (ctrl, kh, fpr);
   if (err)
     {
-      if (err == -1)
-        err = gpg_error (GPG_ERR_NOT_FOUND);
-      else
+      if (gpg_err_code (err) != gpg_error (GPG_ERR_NOT_FOUND))
         log_error (_("problem re-searching certificate: %s\n"),
                    gpg_strerror (err));
       keydb_release (kh);
@@ -1244,7 +2053,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
 
   (void)ctrl;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     {
       log_error ("keydb_new failed\n");
@@ -1281,12 +2090,14 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
         }
     }
 
-  keydb_close_all_files ();
-  err = lock_all (hd);
-  if (err)
+  if (!hd->use_keyboxd)
     {
-      log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
-      goto leave;
+      err = keydb_lock (hd);
+      if (err)
+        {
+          log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
+          goto leave;
+        }
     }
 
   while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
@@ -1313,8 +2124,8 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
             }
         }
     }
-  if (rc && rc != -1)
-    log_error ("%s failed: %s\n", __func__, gpg_strerror (rc));
+  if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
+    log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
 
  leave:
   xfree (desc);
diff --git a/sm/keydb.h b/sm/keydb.h
index 226cac2..2725cad 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -31,11 +31,10 @@ typedef struct keydb_handle *KEYDB_HANDLE;
 
 
 /*-- keydb.c --*/
+void gpgsm_keydb_deinit_session_data (ctrl_t ctrl);
 gpg_error_t keydb_add_resource (ctrl_t ctrl, const char *url,
                                 int force, int *auto_created);
-void keydb_close_all_files (void);
-
-KEYDB_HANDLE keydb_new (void);
+KEYDB_HANDLE keydb_new (ctrl_t ctrl);
 void keydb_release (KEYDB_HANDLE hd);
 int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
 const char *keydb_get_resource_name (KEYDB_HANDLE hd);
@@ -48,15 +47,15 @@ gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx,
 void keydb_push_found_state (KEYDB_HANDLE hd);
 void keydb_pop_found_state (KEYDB_HANDLE hd);
 int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert);
-int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
+gpg_error_t keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
+gpg_error_t keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
 
-int keydb_delete (KEYDB_HANDLE hd, int unlock);
+gpg_error_t keydb_delete (KEYDB_HANDLE hd);
 
-int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
 void keydb_rebuild_caches (void);
 
 gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
-int keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
+gpg_error_t keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
                   KEYDB_SEARCH_DESC *desc, size_t ndesc);
 int keydb_search_first (ctrl_t ctrl, KEYDB_HANDLE hd);
 int keydb_search_next (ctrl_t ctrl, KEYDB_HANDLE hd);
diff --git a/sm/keylist.c b/sm/keylist.c
index 2d51aa7..1a062d1 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 
@@ -37,6 +36,7 @@
 #include "../common/i18n.h"
 #include "../common/tlv.h"
 #include "../common/compliance.h"
+#include "../common/pkscreening.h"
 
 struct list_external_parm_s
 {
@@ -49,36 +49,6 @@ struct list_external_parm_s
 };
 
 
-/* This table is to map Extended Key Usage OIDs to human readable
-   names.  */
-struct
-{
-  const char *oid;
-  const char *name;
-} key_purpose_map[] = {
-  { "1.3.6.1.5.5.7.3.1",  "serverAuth" },
-  { "1.3.6.1.5.5.7.3.2",  "clientAuth" },
-  { "1.3.6.1.5.5.7.3.3",  "codeSigning" },
-  { "1.3.6.1.5.5.7.3.4",  "emailProtection" },
-  { "1.3.6.1.5.5.7.3.5",  "ipsecEndSystem" },
-  { "1.3.6.1.5.5.7.3.6",  "ipsecTunnel" },
-  { "1.3.6.1.5.5.7.3.7",  "ipsecUser" },
-  { "1.3.6.1.5.5.7.3.8",  "timeStamping" },
-  { "1.3.6.1.5.5.7.3.9",  "ocspSigning" },
-  { "1.3.6.1.5.5.7.3.10", "dvcs" },
-  { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth" },
-  { "1.3.6.1.5.5.7.3.13", "eapOverPPP" },
-  { "1.3.6.1.5.5.7.3.14", "wlanSSID" },
-
-  { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */
-  { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */
-
-  { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" },
-
-  { NULL, NULL }
-};
-
-
 /* Do not print this extension in the list of extensions.  This is set
    for oids which are already available via ksba functions. */
 #define OID_FLAG_SKIP 1
@@ -86,6 +56,8 @@ struct
 #define OID_FLAG_UTF8 2
 /* The extension can be trnted as a hex string.  */
 #define OID_FLAG_HEX  4
+/* Define if this specififies a key purpose.  */
+#define OID_FLAG_KP   8
 
 /* A table mapping OIDs to a descriptive string. */
 static struct
@@ -143,7 +115,23 @@ static struct
   { "1.3.6.1.5.5.7.1.10", "acProxying" },
   { "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },
 
+  { "1.3.6.1.5.5.7.3.1",  "serverAuth", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.2",  "clientAuth", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.3",  "codeSigning", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.4",  "emailProtection", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.5",  "ipsecEndSystem", OID_FLAG_KP }, /* historic */
+  { "1.3.6.1.5.5.7.3.6",  "ipsecTunnel", OID_FLAG_KP },    /* historic */
+  { "1.3.6.1.5.5.7.3.7",  "ipsecUser", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.8",  "timeStamping", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.9",  "ocspSigning", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.10", "dvcs", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.13", "eapOverPPP", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.14", "wlanSSID", OID_FLAG_KP },
+  { "1.3.6.1.5.5.7.3.17", "ipsecIKE", OID_FLAG_KP },       /* rfc-4945 */
+
   { "1.3.6.1.5.5.7.48.1", "ocsp" },
+  { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck", OID_FLAG_KP },
   { "1.3.6.1.5.5.7.48.2", "caIssuers" },
   { "1.3.6.1.5.5.7.48.3", "timeStamping" },
   { "1.3.6.1.5.5.7.48.5", "caRepository" },
@@ -171,6 +159,7 @@ static struct
   { "2.5.29.35", "authorityKeyIdentifier", OID_FLAG_SKIP},
   { "2.5.29.36", "policyConstraints" },
   { "2.5.29.37", "extKeyUsage", OID_FLAG_SKIP},
+  { "2.5.29.37.0", "anyExtendedKeyUsage", OID_FLAG_KP},
   { "2.5.29.46", "freshestCRL" },
   { "2.5.29.54", "inhibitAnyPolicy" },
 
@@ -186,11 +175,16 @@ static struct
   { "2.16.840.1.113730.1.11", "netscape-userPicture" },
   { "2.16.840.1.113730.1.12", "netscape-ssl-server-name" },
   { "2.16.840.1.113730.1.13", "netscape-comment" },
+  { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns", OID_FLAG_KP },
 
   /* GnuPG extensions */
   { "1.3.6.1.4.1.11591.2.1.1", "pkaAddress" },
   { "1.3.6.1.4.1.11591.2.2.1", "standaloneCertificate" },
   { "1.3.6.1.4.1.11591.2.2.2", "wellKnownPrivateKey" },
+  { "1.3.6.1.4.1.11591.2.6.1", "gpgUsageCert", OID_FLAG_KP },
+  { "1.3.6.1.4.1.11591.2.6.2", "gpgUsageSign", OID_FLAG_KP },
+  { "1.3.6.1.4.1.11591.2.6.3", "gpgUsageEncr", OID_FLAG_KP },
+  { "1.3.6.1.4.1.11591.2.6.4", "gpgUsageAuth", OID_FLAG_KP },
 
   /* Extensions used by the Bundesnetzagentur.  */
   { "1.3.6.1.4.1.8301.3.5", "validityModel" },
@@ -201,20 +195,40 @@ static struct
   { "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX },
   { "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX },
 
+  /* Microsoft extensions.  */
+  { "1.3.6.1.4.1.311.3.10.3.12","ms-old-documentSigning", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.10.3.3", "ms-serverGatedCrypto", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.10.3.11","ms-keyRecovery", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.10.3.12","ms-documentSigning", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.10.3.4", "ms-encryptedFileSystem", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.10.3.4.1","ms-efsRecovery", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.20.2.1", "ms-enrollmentAgent", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.20.2.2", "ms-smartcardLogon", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.21.5",   "ms-caExchange", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.21.6",   "ms-keyRecovery", OID_FLAG_KP },
+  { "1.3.6.1.4.1.311.21.19",  "ms-dsEmailReplication", OID_FLAG_KP },
+
+  /* Other vendor extensions.  */
+  { "1.3.6.1.4.1.30205.13.1.1", "trusted-disk", OID_FLAG_KP },
+  { "1.2.840.113583.1.1.5",     "pdfAuthenticDocumentsTrust", OID_FLAG_KP },
+  { "1.3.6.1.4.1.6449.1.3.5.2", "comodoCertifiedDeliveryService", OID_FLAG_KP },
+
   { NULL }
 };
 
 
-/* Return the description for OID; if no description is available
-   NULL is returned. */
+/* Return the description for OID; if no description is available NULL
+ * is returned.  If MATCHFLAG is set the flag of the OID must match
+ * MATCHFLAG; otherwise NULL is returned.  */
 static const char *
-get_oid_desc (const char *oid, unsigned int *flag)
+get_oid_desc (const char *oid, unsigned int matchflag, unsigned int *flag)
 {
   int i;
 
   if (oid)
     for (i=0; oidtranstbl[i].oid; i++)
-      if (!strcmp (oidtranstbl[i].oid, oid))
+      if (!strcmp (oidtranstbl[i].oid, oid)
+          && (!matchflag || (oidtranstbl[i].flag & matchflag)))
         {
           if (flag)
             *flag = oidtranstbl[i].flag;
@@ -246,16 +260,46 @@ print_key_data (ksba_cert_t cert, estream_t fp)
 #endif
 }
 
+
+/* Various public key screenings.  (Right now just ROCA).  With
+ * COLON_MODE set the output is formatted for use in the compliance
+ * field of a colon listing.  */
+static void
+print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp)
+{
+  gpg_error_t err;
+  gcry_mpi_t modulus;
+
+  modulus = gpgsm_get_rsa_modulus (cert);
+  if (modulus)
+    {
+      err = screen_key_for_roca (modulus);
+      if (!err)
+        ;
+      else if (gpg_err_code (err) == GPG_ERR_TRUE)
+        {
+          if (colon_mode)
+            es_fprintf (fp, colon_mode > 1? " %d":"%d", 6001);
+          else
+            es_fprintf (fp, "    screening: ROCA vulnerability detected\n");
+        }
+      else if (!colon_mode)
+        es_fprintf (fp, "    screening: [ROCA check failed: %s]\n",
+                    gpg_strerror (err));
+      gcry_mpi_release (modulus);
+    }
+
+}
+
+
 static void
 print_capabilities (ksba_cert_t cert, estream_t fp)
 {
   gpg_error_t err;
   unsigned int use;
-  unsigned int is_encr, is_sign, is_cert;
   size_t buflen;
   char buffer[1];
 
-
   err = ksba_cert_get_user_data (cert, "is_qualified",
                                  &buffer, sizeof (buffer), &buflen);
   if (!err && buflen)
@@ -287,33 +331,17 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
       return;
     }
 
-  is_encr = is_sign = is_cert = 0;
-
   if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
-    is_encr = 1;
-  if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
-    is_sign = 1;
-  if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
-    is_cert = 1;
-
-  /* We need to returned the faked key usage to frontends so that they
-   * can select the right key.  Note that we don't do this for the
-   * human readable keyUsage.  */
-  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
-      && (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
-    is_encr = 1;
-
-  if (is_encr)
     es_putc ('e', fp);
-  if (is_sign)
+  if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
     es_putc ('s', fp);
-  if (is_cert)
+  if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
     es_putc ('c', fp);
-  if (is_encr)
+  if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
     es_putc ('E', fp);
-  if (is_sign)
+  if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
     es_putc ('S', fp);
-  if (is_cert)
+  if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
     es_putc ('C', fp);
 }
 
@@ -377,6 +405,7 @@ static void
 print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits,
                         estream_t fp)
 {
+  int indent = 0;
   int hashalgo;
 
   /* Note that we do not need to test for PK_ALGO_FLAG_RSAPSS because
@@ -388,8 +417,12 @@ print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits,
       if (gnupg_digest_is_compliant (CO_DE_VS, hashalgo))
         {
           es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp);
+          indent = 1;
         }
     }
+
+  if (opt.with_key_screening)
+    print_pk_screening (cert, 1+indent, fp);
 }
 
 
@@ -408,6 +441,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   gpg_error_t valerr;
   int algo;
   unsigned int nbits;
+  char *curve = NULL;
   const char *chain_id;
   char *chain_id_buffer = NULL;
   int is_root = 0;
@@ -432,8 +466,9 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
         chain_id = chain_id_buffer;
         ksba_cert_release (next);
       }
-    else if (rc == -1)  /* We have reached the root certificate. */
+    else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
       {
+        /* We have reached the root certificate. */
         chain_id = fpr;
         is_root = 1;
       }
@@ -499,7 +534,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   if (*truststring)
     es_fputs (truststring, fp);
 
-  algo = gpgsm_get_key_algo_info (cert, &nbits);
+  algo = gpgsm_get_key_algo_info2 (cert, &nbits, &curve);
   es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
 
   ksba_cert_get_validity (cert, 0, t);
@@ -563,6 +598,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
     }
   es_putc (':', fp);  /* End of field 15. */
   es_putc (':', fp);  /* End of field 16. */
+  if (curve)
+    es_fputs (curve, fp);
   es_putc (':', fp);  /* End of field 17. */
   print_compliance_flags (cert, algo, nbits, fp);
   es_putc (':', fp);  /* End of field 18. */
@@ -626,6 +663,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
       xfree (p);
     }
   xfree (kludge_uid);
+  xfree (curve);
 }
 
 
@@ -825,16 +863,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   es_putc ('\n', fp);
 
   oid = ksba_cert_get_digest_algo (cert);
-  s = get_oid_desc (oid, NULL);
+  s = get_oid_desc (oid, 0, NULL);
   es_fprintf (fp, "     hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
 
   {
-    const char *algoname;
-    unsigned int nbits;
+    char *algostr;
 
-    algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
-    es_fprintf (fp, "      keyType: %u bit %s\n",
-                nbits, algoname? algoname:"?");
+    algostr = gpgsm_pubkey_algo_string (cert, NULL);
+    es_fprintf (fp, "      keyType: %s\n", algostr? algostr : "[error]");
+    xfree (algostr);
   }
 
   /* subjectKeyIdentifier */
@@ -925,10 +962,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
           while (p && (pend=strchr (p, ':')))
             {
               *pend++ = 0;
-              for (i=0; key_purpose_map[i].oid; i++)
-                if ( !strcmp (key_purpose_map[i].oid, p) )
-                  break;
-              es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+              s = get_oid_desc (p, OID_FLAG_KP, NULL);
+              es_fputs (s ? s : p, fp);
               p = pend;
               if (*p != 'C')
                 es_fputs (" (suggested)", fp);
@@ -958,10 +993,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
           while (p && (pend=strchr (p, ':')))
             {
               *pend++ = 0;
-              for (i=0; key_purpose_map[i].oid; i++)
-                if ( !strcmp (key_purpose_map[i].oid, p) )
-                  break;
-              es_fputs (p, fp);
+              s = get_oid_desc (p, OID_FLAG_KP, NULL);
+              es_fputs (s?s:p, fp);
               p = pend;
               if (*p == 'C')
                 es_fputs (" (critical)", fp);
@@ -1038,7 +1071,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
                                                          &name)); idx++)
     {
       es_fputs ("     authInfo: ", fp);
-      s = get_oid_desc (string, NULL);
+      s = get_oid_desc (string, 0, NULL);
       es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
       print_names_raw (fp, -15, name);
       ksba_name_release (name);
@@ -1055,7 +1088,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
                                                          &name)); idx++)
     {
       es_fputs ("  subjectInfo: ", fp);
-      s = get_oid_desc (string, NULL);
+      s = get_oid_desc (string, 0, NULL);
       es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
       print_names_raw (fp, -15, name);
       ksba_name_release (name);
@@ -1073,7 +1106,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
     {
       unsigned int flag;
 
-      s = get_oid_desc (oid, &flag);
+      s = get_oid_desc (oid, 0, &flag);
       if ((flag & OID_FLAG_SKIP))
         continue;
 
@@ -1135,12 +1168,12 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
   ksba_sexp_t sexp;
   char *dn;
   ksba_isotime_t t;
-  int idx, i;
+  int idx;
   int is_ca, chainlen;
   unsigned int kusage;
   char *string, *p, *pend;
   size_t off, len;
-  const char *oid;
+  const char *oid, *s;
   const unsigned char *cert_der = NULL;
 
 
@@ -1192,15 +1225,13 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
 
 
   {
-    const char *algoname;
-    unsigned int nbits;
+    char *algostr;
 
-    algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
-    es_fprintf (fp, "     key type: %u bit %s\n",
-                nbits, algoname? algoname:"?");
+    algostr = gpgsm_pubkey_algo_string (cert, NULL);
+    es_fprintf (fp, "     key type: %s\n", algostr? algostr : "[error]");
+    xfree (algostr);
   }
 
-
   err = ksba_cert_get_key_usage (cert, &kusage);
   if (gpg_err_code (err) != GPG_ERR_NO_DATA)
     {
@@ -1243,10 +1274,8 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
           while (p && (pend=strchr (p, ':')))
             {
               *pend++ = 0;
-              for (i=0; key_purpose_map[i].oid; i++)
-                if ( !strcmp (key_purpose_map[i].oid, p) )
-                  break;
-              es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+              s = get_oid_desc (p, OID_FLAG_KP, NULL);
+              es_fputs (s? s : p, fp);
               p = pend;
               if (*p != 'C')
                 es_fputs (" (suggested)", fp);
@@ -1269,7 +1298,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
         {
           if (!cert_der)
             cert_der = ksba_cert_get_image (cert, NULL);
-          assert (cert_der);
+          log_assert (cert_der);
           es_fputs ("  restriction: ", fp);
           print_utf8_extn (fp, 15, cert_der+off, len);
         }
@@ -1318,7 +1347,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
     }
 
   dn = gpgsm_get_fingerprint_string (cert, 0);
-  es_fprintf (fp, "  fingerprint: %s\n", dn?dn:"error");
+  es_fprintf (fp, "     sha1 fpr: %s\n", dn?dn:"error");
   xfree (dn);
 
   dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA256);
@@ -1335,6 +1364,9 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
         }
     }
 
+  if (opt.with_key_screening)
+    print_pk_screening (cert, 0, fp);
+
   if (have_secret)
     {
       char *cardsn;
@@ -1371,6 +1403,8 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
       else
         es_fprintf (fp, "  [certificate is bad: %s]\n", gpg_strerror (err));
     }
+  if (opt.debug)
+    es_fflush (fp);
 }
 
 
@@ -1381,7 +1415,6 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
                  estream_t fp, int with_validation)
 {
   ksba_cert_t next = NULL;
-  int depth = 0;
 
   if (raw_mode)
     list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
@@ -1390,13 +1423,8 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
   ksba_cert_ref (cert);
   while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
     {
-      es_fputs ("Certified by\n", fp);
-      if (++depth > 50)
-        {
-          es_fputs (_("certificate chain too long\n"), fp);
-          break;
-        }
       ksba_cert_release (cert);
+      es_fputs ("Certified by\n", fp);
       if (raw_mode)
         list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
       else
@@ -1429,7 +1457,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
   int have_secret;
   int want_ephemeral = ctrl->with_ephemeral_keys;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     {
       log_error ("keydb_new failed\n");
@@ -1481,8 +1509,6 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
 
       for (i=0; (i < ndesc
                  && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
-                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
-                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR16
                      || desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
         ;
       if (i == ndesc)
@@ -1586,7 +1612,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
       lastcert = cert;
       cert = NULL;
     }
-  if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1 )
+  if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
     rc = 0;
   if (rc)
     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
diff --git a/sm/minip12.c b/sm/minip12.c
index ad29fc2..820e0d6 100644
--- a/sm/minip12.c
+++ b/sm/minip12.c
@@ -1,7 +1,6 @@
 /* minip12.c - A minimal pkcs-12 implementation.
  * Copyright (C) 2002, 2003, 2004, 2006, 2011 Free Software Foundation, Inc.
  * Copyright (C) 2014 Werner Koch
- * Copyright (C) 2022 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -17,7 +16,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 /* References:
@@ -143,26 +141,6 @@ struct tag_info
   int ndef;              /* It is an indefinite length */
 };
 
-/* Parser communication object.  */
-struct p12_parse_ctx_s
-{
-  /* The callback for parsed certificates and its arg.  */
-  void (*certcb)(void*, const unsigned char*, size_t);
-  void *certcbarg;
-
-  /* The supplied parseword.  */
-  const char *password;
-
-  /* Set to true if the password was wrong.  */
-  int badpass;
-
-  /* Malloced name of the curve.  */
-  char *curve;
-
-  /* The private key as an MPI array.   */
-  gcry_mpi_t *privatekey;
-};
-
 
 static int opt_verbose;
 
@@ -174,16 +152,6 @@ p12_set_verbosity (int verbose)
 }
 
 
-/* static void */
-/* dump_tag_info (struct tag_info *ti) */
-/* { */
-/*   log_debug ("p12_parse: ti.class=%d tag=%lu len=%lu nhdr=%d %s%s\n", */
-/*              ti->class, ti->tag, ti->length, ti->nhdr, */
-/*              ti->is_constructed?" cons":"", */
-/*              ti->ndef?" ndef":""); */
-/* } */
-
-
 /* Wrapper around tlv_builder_add_ptr to add an OID.  When we
  * eventually put the whole tlv_builder stuff into Libksba, we can add
  * such a function there.  Right now we don't do this to avoid a
@@ -394,7 +362,7 @@ cram_octet_string (const unsigned char *input, size_t *length,
   if (!output)
     goto bailout;
 
-  while (n)
+  for (;;)
     {
       if (parse_tag (&s, &n, &ti))
         goto bailout;
@@ -759,11 +727,14 @@ bag_decrypted_data_p (const void *plaintext, size_t length)
   return 1;
 }
 
-
+/* Note: If R_RESULT is passed as NULL, a key object as already be
+   processed and thus we need to skip it here. */
 static int
-parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
-                          const unsigned char *buffer, size_t length,
-                          int startoffset, size_t *r_consumed)
+parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
+                          int startoffset, size_t *r_consumed, const char *pw,
+                          void (*certcb)(void*, const unsigned char*, size_t),
+                          void *certcbarg, gcry_mpi_t **r_result,
+                          int *r_badpass)
 {
   struct tag_info ti;
   const unsigned char *p = buffer;
@@ -775,12 +746,16 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
   char iv[16];
   unsigned int iter;
   unsigned char *plain = NULL;
+  int bad_pass = 0;
   unsigned char *cram_buffer = NULL;
   size_t consumed = 0; /* Number of bytes consumed from the original buffer. */
   int is_3des = 0;
   int is_pbes2 = 0;
-  int keyelem_count;
+  gcry_mpi_t *result = NULL;
+  int result_count;
 
+  if (r_result)
+    *r_result = NULL;
   where = "start";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
@@ -955,20 +930,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
       p = p_start = cram_buffer;
       if (r_consumed)
         *r_consumed = consumed;
-      r_consumed = NULL; /* Donot update that value on return. */
-      ti.length = n;
-    }
-  else if (ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.is_constructed)
-    {
-      where = "octets-rc2or3des-ciphertext";
-      n = ti.length;
-      cram_buffer = cram_octet_string ( p, &n, &consumed);
-      if (!cram_buffer)
-        goto bailout;
-      p = p_start = cram_buffer;
-      if (r_consumed)
-        *r_consumed = consumed;
-      r_consumed = NULL; /* Do not update that value on return. */
+      r_consumed = NULL; /* Ugly hack to not update that value any further. */
       ti.length = n;
     }
   else if (ti.class == CLASS_CONTEXT && ti.tag == 0 && ti.length )
@@ -987,7 +949,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
       goto bailout;
     }
   decrypt_block (p, plain, ti.length, salt, saltlen, iter,
-                 iv, is_pbes2?16:0, ctx->password,
+                 iv, is_pbes2?16:0, pw,
                  is_pbes2 ? GCRY_CIPHER_AES128 :
                  is_3des  ? GCRY_CIPHER_3DES : GCRY_CIPHER_RFC2268_40,
                  bag_decrypted_data_p);
@@ -998,18 +960,18 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
   where = "outer.outer.seq";
   if (parse_tag (&p, &n, &ti))
     {
-      ctx->badpass = 1;
+      bad_pass = 1;
       goto bailout;
     }
   if (ti.class || ti.tag != TAG_SEQUENCE)
     {
-      ctx->badpass = 1;
+      bad_pass = 1;
       goto bailout;
     }
 
   if (parse_tag (&p, &n, &ti))
     {
-      ctx->badpass = 1;
+      bad_pass = 1;
       goto bailout;
     }
 
@@ -1065,7 +1027,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
           p += ti.length;
           n -= ti.length;
         }
-      else if (iskeybag && ctx->privatekey)
+      else if (iskeybag && (result || !r_result))
         {
           log_info ("one keyBag already processed; skipping this one\n");
           p += ti.length;
@@ -1115,17 +1077,16 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
             goto bailout;
           len = ti.length;
 
-          log_assert (!ctx->privatekey);
-          ctx->privatekey = gcry_calloc (10, sizeof *ctx->privatekey);
-          if (!ctx->privatekey)
+          result = gcry_calloc (10, sizeof *result);
+          if (!result)
             {
-              log_error ("error allocating private key element array\n");
+              log_error ( "error allocating result array\n");
               goto bailout;
             }
-          keyelem_count = 0;
+          result_count = 0;
 
           where = "reading.keybag.key-parameters";
-          for (keyelem_count = 0; len && keyelem_count < 9;)
+          for (result_count = 0; len && result_count < 9;)
             {
               if ( parse_tag (&p, &n, &ti)
                    || ti.class || ti.tag != TAG_INTEGER)
@@ -1136,14 +1097,13 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
               if (len < ti.length)
                 goto bailout;
               len -= ti.length;
-              if (!keyelem_count && ti.length == 1 && !*p)
+              if (!result_count && ti.length == 1 && !*p)
                 ; /* ignore the very first one if it is a 0 */
               else
                 {
                   int rc;
 
-                  rc = gcry_mpi_scan (ctx->privatekey+keyelem_count,
-                                      GCRYMPI_FMT_USG, p,
+                  rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p,
                                       ti.length, NULL);
                   if (rc)
                     {
@@ -1151,7 +1111,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
                                  gpg_strerror (rc));
                       goto bailout;
                     }
-                  keyelem_count++;
+                  result_count++;
                 }
               p += ti.length;
               n -= ti.length;
@@ -1188,8 +1148,8 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
             goto bailout;
 
           /* Return the certificate. */
-          if (ctx->certcb)
-            ctx->certcb (ctx->certcbarg, p, ti.length);
+          if (certcb)
+            certcb (certcbarg, p, ti.length);
 
           p += ti.length;
           n -= ti.length;
@@ -1228,21 +1188,32 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx,
     *r_consumed = consumed;
   gcry_free (plain);
   gcry_free (cram_buffer);
+  if (r_result)
+    *r_result = result;
   return 0;
 
  bailout:
+  if (result)
+    {
+      int i;
+
+      for (i=0; result[i]; i++)
+        gcry_mpi_release (result[i]);
+      gcry_free (result);
+    }
   if (r_consumed)
     *r_consumed = consumed;
   gcry_free (plain);
   gcry_free (cram_buffer);
   log_error ("encryptedData error at \"%s\", offset %u\n",
              where, (unsigned int)((p - p_start)+startoffset));
-  if (ctx->badpass)
+  if (bad_pass)
     {
       /* Note, that the following string might be used by other programs
          to check for a bad passphrase; it should therefore not be
          translated or changed. */
       log_error ("possibly bad passphrase given\n");
+      *r_badpass = 1;
     }
   return -1;
 }
@@ -1275,13 +1246,11 @@ bag_data_p (const void *plaintext, size_t length)
 }
 
 
-static gpg_error_t
-parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
-                        const unsigned char *buffer, size_t length,
-                        int startoffset,
-                        size_t *r_consumed)
+static gcry_mpi_t *
+parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
+                size_t *r_consumed, char **r_curve, const char *pw)
 {
-  gpg_error_t err = 0;
+  int rc;
   struct tag_info ti;
   const unsigned char *p = buffer;
   const unsigned char *p_start = buffer;
@@ -1293,12 +1262,61 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
   unsigned int iter;
   int len;
   unsigned char *plain = NULL;
+  gcry_mpi_t *result = NULL;
+  int result_count, i;
   unsigned char *cram_buffer = NULL;
   size_t consumed = 0; /* Number of bytes consumed from the original buffer. */
   int is_pbes2 = 0;
-  int keyelem_count = 0;
+  char *curve = NULL;
+
+  where = "start";
+  if (parse_tag (&p, &n, &ti))
+    goto bailout;
+  if (ti.class != CLASS_CONTEXT || ti.tag)
+    goto bailout;
+  if (parse_tag (&p, &n, &ti))
+    goto bailout;
+  if (ti.class || ti.tag != TAG_OCTET_STRING)
+    goto bailout;
+
+  consumed = p - p_start;
+  if (ti.is_constructed && ti.ndef)
+    {
+      /* Mozilla exported certs now come with single byte chunks of
+         octet strings.  (Mozilla Firefox 1.0.4).  Arghh. */
+      where = "cram-data.outersegs";
+      cram_buffer = cram_octet_string ( p, &n, &consumed);
+      if (!cram_buffer)
+        goto bailout;
+      p = p_start = cram_buffer;
+      if (r_consumed)
+        *r_consumed = consumed;
+      r_consumed = NULL; /* Ugly hack to not update that value any further. */
+    }
+
+
+  where = "data.outerseqs";
+  if (parse_tag (&p, &n, &ti))
+    goto bailout;
+  if (ti.class || ti.tag != TAG_SEQUENCE)
+    goto bailout;
+  if (parse_tag (&p, &n, &ti))
+    goto bailout;
+  if (ti.class || ti.tag != TAG_SEQUENCE)
+    goto bailout;
+
+  where = "data.objectidentifier";
+  if (parse_tag (&p, &n, &ti))
+    goto bailout;
+  if (ti.class || ti.tag != TAG_OBJECT_ID
+      || ti.length != DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)
+      || memcmp (p, oid_pkcs_12_pkcs_8ShroudedKeyBag,
+                 DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)))
+    goto bailout;
+  p += DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
+  n -= DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
 
-  where = "shrouded_key_bag";
+  where = "shrouded,outerseqs";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
   if (ti.class != CLASS_CONTEXT || ti.tag)
@@ -1334,7 +1352,7 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
 
   if (is_pbes2)
     {
-      where = "shrouded_key_bag.pkcs5PBES2-params";
+      where = "pkcs5PBES2-params";
       if (parse_tag (&p, &n, &ti))
         goto bailout;
       if (ti.class || ti.tag != TAG_SEQUENCE)
@@ -1399,7 +1417,7 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
     }
   else
     {
-      where = "shrouded_key_bag.3des-params";
+      where = "3des-params";
       if (parse_tag (&p, &n, &ti))
         goto bailout;
       if (ti.class || ti.tag != TAG_SEQUENCE)
@@ -1425,7 +1443,7 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
         }
     }
 
-  where = "shrouded_key_bag.3desoraes-ciphertext";
+  where = "3desoraes-ciphertext";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
   if (ti.class || ti.tag != TAG_OCTET_STRING || !ti.length )
@@ -1443,14 +1461,14 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
     }
   consumed += p - p_start + ti.length;
   decrypt_block (p, plain, ti.length, salt, saltlen, iter,
-                 iv, is_pbes2? 16:0, ctx->password,
+                 iv, is_pbes2? 16:0, pw,
                  is_pbes2? GCRY_CIPHER_AES128 : GCRY_CIPHER_3DES,
                  bag_data_p);
   n = ti.length;
   startoffset = 0;
   p_start = p = plain;
 
-  where = "shrouded_key_bag.decrypted-text";
+  where = "decrypted-text";
   if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
     goto bailout;
   if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER
@@ -1493,9 +1511,8 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
       len -= ti.nhdr;
       if (ti.class || ti.tag != TAG_OBJECT_ID)
         goto bailout;
-      ksba_free (ctx->curve);
-      ctx->curve = ksba_oid_to_str (p, ti.length);
-      if (!ctx->curve)
+      curve = ksba_oid_to_str (p, ti.length);
+      if (!curve)
         goto bailout;
       /* log_debug ("OID of curve is: %s\n", curve); */
       p += ti.length;
@@ -1516,22 +1533,16 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
     goto bailout;
   len = ti.length;
 
-  if (ctx->privatekey)
-    {
-      log_error ("a key has already been received\n");
-      goto bailout;
-    }
-  ctx->privatekey = gcry_calloc (10, sizeof *ctx->privatekey);
-  if (!ctx->privatekey)
+  result = gcry_calloc (10, sizeof *result);
+  if (!result)
     {
-
-      log_error ("error allocating privatekey element array\n");
+      log_error ( "error allocating result array\n");
       goto bailout;
     }
-  keyelem_count = 0;
+  result_count = 0;
 
-  where = "shrouded_key_bag.reading.key-parameters";
-  if (ctx->curve)  /* ECC case.  */
+  where = "reading.key-parameters";
+  if (curve)  /* ECC case.  */
     {
       if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER)
         goto bailout;
@@ -1558,11 +1569,10 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
         goto bailout;
       len -= ti.length;
       /* log_printhex (p, ti.length, "ecc q="); */
-      err = gcry_mpi_scan (ctx->privatekey, GCRYMPI_FMT_USG,
-                           p, ti.length, NULL);
-      if (err)
+      rc = gcry_mpi_scan (result, GCRYMPI_FMT_USG, p, ti.length, NULL);
+      if (rc)
         {
-          log_error ("error parsing key parameter: %s\n", gpg_strerror (err));
+          log_error ("error parsing key parameter: %s\n", gpg_strerror (rc));
           goto bailout;
         }
       p += ti.length;
@@ -1572,7 +1582,7 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
     }
   else  /* RSA case */
     {
-      for (keyelem_count=0; len && keyelem_count < 9;)
+      for (result_count=0; len && result_count < 9;)
         {
           if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER)
             goto bailout;
@@ -1582,19 +1592,19 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
           if (len < ti.length)
             goto bailout;
           len -= ti.length;
-          if (!keyelem_count && ti.length == 1 && !*p)
+          if (!result_count && ti.length == 1 && !*p)
             ; /* ignore the very first one if it is a 0 */
           else
             {
-              err = gcry_mpi_scan (ctx->privatekey+keyelem_count,
-                                  GCRYMPI_FMT_USG, p, ti.length, NULL);
-              if (err)
+              rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p,
+                                  ti.length, NULL);
+              if (rc)
                 {
                   log_error ("error parsing key parameter: %s\n",
-                             gpg_strerror (err));
+                             gpg_strerror (rc));
                   goto bailout;
                 }
-              keyelem_count++;
+              result_count++;
             }
           p += ti.length;
           n -= ti.length;
@@ -1607,217 +1617,29 @@ parse_shrouded_key_bag (struct p12_parse_ctx_s *ctx,
 
  bailout:
   gcry_free (plain);
-  log_error ("data error at \"%s\", offset %zu\n",
-              where, (size_t)((p - p_start) + startoffset));
-  if (!err)
-    err = gpg_error (GPG_ERR_GENERAL);
-
- leave:
-  gcry_free (cram_buffer);
-  if (r_consumed)
-    *r_consumed = consumed;
-  return err;
-}
-
-
-static gpg_error_t
-parse_cert_bag (struct p12_parse_ctx_s *ctx,
-                const unsigned char *buffer, size_t length,
-                int startoffset,
-                size_t *r_consumed)
-{
-  gpg_error_t err = 0;
-  struct tag_info ti;
-  const unsigned char *p = buffer;
-  const unsigned char *p_start = buffer;
-  size_t n = length;
-  const char *where;
-  size_t consumed = 0; /* Number of bytes consumed from the original buffer. */
-
-  if (opt_verbose)
-    log_info ("processing certBag\n");
-
-  /* Expect:
-   *  [0]
-   *    SEQUENCE
-   *      OBJECT IDENTIFIER pkcs-12-certBag
-   */
-  where = "certbag.before.certheader";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class != CLASS_CONTEXT || ti.tag)
-    goto bailout;
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_SEQUENCE)
-    goto bailout;
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_OBJECT_ID
-      || ti.length != DIM(oid_x509Certificate_for_pkcs_12)
-      || memcmp (p, oid_x509Certificate_for_pkcs_12,
-                 DIM(oid_x509Certificate_for_pkcs_12)))
-    goto bailout;
-  p += DIM(oid_x509Certificate_for_pkcs_12);
-  n -= DIM(oid_x509Certificate_for_pkcs_12);
-
-  /* Expect:
-   *  [0]
-   *    OCTET STRING encapsulates -- the certificates
-   */
-  where = "certbag.before.octetstring";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class != CLASS_CONTEXT || ti.tag)
-    goto bailout;
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef)
-    goto bailout;
-
-  /* Return the certificate from the octet string. */
-  if (ctx->certcb)
-     ctx->certcb (ctx->certcbarg, p, ti.length);
-
-  p += ti.length;
-  n -= ti.length;
-
-  if (!n)
-    goto leave;  /* ready.  */
-
-  /* Expect:
-   *  SET
-   *    SEQUENCE  -- we actually ignore this.
-   */
-  where = "certbag.attribute_set";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (!ti.class && ti.tag == TAG_SET && !ti.ndef)
-    { /* Comsume the optional SET. */
-      p += ti.length;
-      n -= ti.length;
-      if (parse_tag (&p, &n, &ti))
-        goto bailout;
+  if (result)
+    {
+      for (i=0; result[i]; i++)
+        gcry_mpi_release (result[i]);
+      gcry_free (result);
     }
-
-  goto leave;
-
- bailout:
   log_error ( "data error at \"%s\", offset %u\n",
-              where, (unsigned int)((p - p_start) + startoffset));
-  err = gpg_error (GPG_ERR_GENERAL);
+              where, (unsigned int)((p - buffer) + startoffset));
+  result = NULL;
 
  leave:
-  if (r_consumed)
-    *r_consumed = consumed;
-  return err;
-}
-
-
-static gpg_error_t
-parse_bag_data (struct p12_parse_ctx_s *ctx,
-                const unsigned char *buffer, size_t length, int startoffset,
-                size_t *r_consumed)
-{
-  gpg_error_t err = 0;
-  struct tag_info ti;
-  const unsigned char *p = buffer;
-  const unsigned char *p_start = buffer;
-  size_t n = length;
-  const char *where;
-  unsigned char *cram_buffer = NULL;
-  size_t consumed = 0; /* Number of bytes consumed from the original buffer. */
-
-  /* Expect:
-   * [0]
-   *   OCTET STRING, encapsulates
-   */
-  where = "data";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class != CLASS_CONTEXT || ti.tag)
-    goto bailout;
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_OCTET_STRING)
-    goto bailout;
-
-
-  consumed = p - p_start;
-  if (ti.is_constructed && ti.ndef)
+  if (r_curve && result)
     {
-      /* Mozilla exported certs now come with single byte chunks of
-         octet strings.  (Mozilla Firefox 1.0.4).  Arghh. */
-      where = "data.cram_os";
-      cram_buffer = cram_octet_string ( p, &n, &consumed);
-      if (!cram_buffer)
-        goto bailout;
-      p = p_start = cram_buffer;
-      if (r_consumed)
-        *r_consumed = consumed;
-      r_consumed = NULL; /* Ugly hack to not update that value on return. */
+      *r_curve = curve;
+      curve = NULL;
     }
-
-  /* Expect:
-   * SEQUENCE
-   *   SEQUENCE
-   */
-  where = "data.2seqs";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_SEQUENCE)
-    goto bailout;
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_SEQUENCE)
-    goto bailout;
-
-  /* Expect:
-   * OBJECT IDENTIFIER
-   */
-  where = "data.oid";
-  if (parse_tag (&p, &n, &ti))
-    goto bailout;
-  if (ti.class || ti.tag != TAG_OBJECT_ID)
-    goto bailout;
-
-  /* Now divert to the actual parser.  */
-  if (ti.length == DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)
-      && !memcmp (p, oid_pkcs_12_pkcs_8ShroudedKeyBag,
-                 DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)))
-    {
-      p += DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
-      n -= DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
-
-      if (parse_shrouded_key_bag (ctx, p, n,
-                                  startoffset + (p - p_start), r_consumed))
-        goto bailout;
-    }
-  else if ( ti.length == DIM(oid_pkcs_12_CertBag)
-            && !memcmp (p, oid_pkcs_12_CertBag, DIM(oid_pkcs_12_CertBag)))
-    {
-      p += DIM(oid_pkcs_12_CertBag);
-      n -= DIM(oid_pkcs_12_CertBag);
-
-      if (parse_cert_bag (ctx, p, n,
-                          startoffset + (p - p_start), r_consumed))
-        goto bailout;
-    }
-  else
-    goto bailout;
-
-  goto leave;
-
- bailout:
-  log_error ( "data error at \"%s\", offset %u\n",
-              where, (unsigned int)((p - p_start) + startoffset));
-  err = gpg_error (GPG_ERR_GENERAL);
-
- leave:
+  else if (r_curve)
+    *r_curve = NULL;
+  ksba_free (curve);
   gcry_free (cram_buffer);
-  if (r_consumed) /* Store the number of consumed bytes unless already done. */
+  if (r_consumed)
     *r_consumed = consumed;
-  return err;
+  return result;
 }
 
 
@@ -1826,8 +1648,7 @@ parse_bag_data (struct p12_parse_ctx_s *ctx,
    that it is only able to look for 3DES encoded encryptedData and
    tries to extract the first private key object it finds.  In case of
    an error NULL is returned. CERTCB and CERRTCBARG are used to pass
-   X.509 certificates back to the caller.  If R_CURVE is not NULL and
-   an ECC key was found the OID of the curve is stored there. */
+   X.509 certificates back to the caller. */
 gcry_mpi_t *
 p12_parse (const unsigned char *buffer, size_t length, const char *pw,
            void (*certcb)(void*, const unsigned char*, size_t),
@@ -1840,17 +1661,11 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
   const char *where;
   int bagseqlength, len;
   int bagseqndef, lenndef;
+  gcry_mpi_t *result = NULL;
   unsigned char *cram_buffer = NULL;
-  size_t consumed;
-  struct p12_parse_ctx_s ctx = { NULL };
+  char *curve = NULL;
 
   *r_badpass = 0;
-
-  ctx.certcb = certcb;
-  ctx.certcbarg = certcbarg;
-  ctx.password = pw;
-
-
   where = "pfx";
   if (parse_tag (&p, &n, &ti))
     goto bailout;
@@ -1906,7 +1721,7 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
   bagseqlength = ti.length;
   while (bagseqlength || bagseqndef)
     {
-      /* log_debug ("p12_parse: at offset %ld\n", (p - p_start)); */
+/*       log_debug ( "at offset %u\n", (p - p_start)); */
       where = "bag-sequence";
       if (parse_tag (&p, &n, &ti))
         goto bailout;
@@ -1938,14 +1753,16 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
       if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_encryptedData)
           && !memcmp (p, oid_encryptedData, DIM(oid_encryptedData)))
         {
+          size_t consumed = 0;
 
           p += DIM(oid_encryptedData);
           n -= DIM(oid_encryptedData);
           if (!lenndef)
             len -= DIM(oid_encryptedData);
           where = "bag.encryptedData";
-          consumed = 0;
-          if (parse_bag_encrypted_data (&ctx, p, n, (p - p_start), &consumed))
+          if (parse_bag_encrypted_data (p, n, (p - p_start), &consumed, pw,
+                                        certcb, certcbarg,
+                                        result? NULL : &result, r_badpass))
             goto bailout;
           if (lenndef)
             len += consumed;
@@ -1953,21 +1770,31 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
       else if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_data)
                && !memcmp (p, oid_data, DIM(oid_data)))
         {
-          p += DIM(oid_data);
-          n -= DIM(oid_data);
-          if (!lenndef)
-            len -= DIM(oid_data);
-
-          where = "bag.data";
-          consumed = 0;
-          if (parse_bag_data (&ctx, p, n, (p - p_start), &consumed))
-            goto bailout;
-          if (lenndef)
-            len += consumed;
+          if (result)
+            {
+              log_info ("already got an key object, skipping this one\n");
+              p += ti.length;
+              n -= ti.length;
+            }
+          else
+            {
+              size_t consumed = 0;
+
+              p += DIM(oid_data);
+              n -= DIM(oid_data);
+              if (!lenndef)
+                len -= DIM(oid_data);
+              result = parse_bag_data (p, n, (p - p_start),
+                                       &consumed, &curve, pw);
+              if (!result)
+                goto bailout;
+              if (lenndef)
+                len += consumed;
+            }
         }
       else
         {
-          log_info ("unknown outer bag type - skipped\n");
+          log_info ("unknown bag type - skipped\n");
           p += ti.length;
           n -= ti.length;
         }
@@ -1987,29 +1814,23 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
     }
 
   gcry_free (cram_buffer);
-  if (r_curve)
-    *r_curve = ctx.curve;
-  else
-    gcry_free (ctx.curve);
-
-  return ctx.privatekey;
+  *r_curve = curve;
+  return result;
 
  bailout:
   log_error ("error at \"%s\", offset %u\n",
              where, (unsigned int)(p - p_start));
-  if (ctx.privatekey)
+  if (result)
     {
       int i;
 
-      for (i=0; ctx.privatekey[i]; i++)
-        gcry_mpi_release (ctx.privatekey[i]);
-      gcry_free (ctx.privatekey);
-      ctx.privatekey = NULL;
+      for (i=0; result[i]; i++)
+        gcry_mpi_release (result[i]);
+      gcry_free (result);
     }
   gcry_free (cram_buffer);
-  gcry_free (ctx.curve);
-  if (r_curve)
-    *r_curve = NULL;
+  gcry_free (curve);
+  *r_curve = NULL;
   return NULL;
 }
 
@@ -2201,7 +2022,7 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
   /* Ready. */
   resultlen = p - result;
   if (needed != resultlen)
-    log_debug ("p12_parse: warning: length mismatch: %lu, %lu\n",
+    log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)resultlen);
 
   *r_length = resultlen;
@@ -2392,7 +2213,7 @@ build_rsa_key_sequence (gcry_mpi_t *kparms, int mode, size_t *r_length)
  * For details see RFC-5480 and RFC-5915 (ECparameters are not created).
  *
  * KPARMS[0] := Opaque MPI with the curve name as dotted-decimal string.
- * KPARMS[1] := Opaque MPI with the public key (q)
+ * KPARMS[1] := Opaque MPI with the pgublic key (q)
  * KPARMS[2] := Opaque MPI with the private key (d)
  * MODE controls what is being generated:
  *    0 - As described above
@@ -2642,7 +2463,7 @@ build_key_bag (unsigned char *buffer, size_t buflen, char *salt,
 
   keybaglen = p - keybag;
   if (needed != keybaglen)
-    log_debug ("p12_parse: warning: length mismatch: %lu, %lu\n",
+    log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)keybaglen);
 
   *r_length = keybaglen;
@@ -2741,7 +2562,7 @@ build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
   certbaglen = p - certbag;
 
   if (needed != certbaglen)
-    log_debug ("p12_parse: warning: length mismatch: %lu, %lu\n",
+    log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)certbaglen);
 
   *r_length = certbaglen;
@@ -2852,7 +2673,7 @@ build_cert_sequence (const unsigned char *buffer, size_t buflen,
 
   certseqlen = p - certseq;
   if (needed != certseqlen)
-    log_debug ("p12_parse: warning: length mismatch: %lu, %lu\n",
+    log_debug ("length mismatch: %lu, %lu\n",
                (unsigned long)needed, (unsigned long)certseqlen);
 
   /* Append some pad characters; we already allocated extra space. */
@@ -3018,8 +2839,8 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
 }
 
 
-/* This is actually not a PKCS#12 function but one which creates an
- * unencrypted PKCS#1 private key.  */
+/* This is actually not a pkcs#12 function but one which creates an
+   unencrypted a pkcs#1 private key.  */
 unsigned char *
 p12_raw_build (gcry_mpi_t *kparms, int rawmode, size_t *r_length)
 {
diff --git a/sm/misc.c b/sm/misc.c
index 66d928c..d489820 100644
--- a/sm/misc.c
+++ b/sm/misc.c
@@ -101,7 +101,7 @@ setup_pinentry_env (void)
    function ignores missing parameters so that it can also be used to
    create an siginfo value as expected by ksba_certreq_set_siginfo.
    To create a siginfo s-expression a public-key s-expression may be
-   used instead of a sig-val.  We only support RSA for now.  */
+   used instead of a sig-val.  */
 gpg_error_t
 transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
                   unsigned char **r_newsigval, size_t *r_newsigvallen)
@@ -109,12 +109,16 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
   gpg_error_t err;
   const unsigned char *buf, *tok;
   size_t buflen, toklen;
-  int depth, last_depth1, last_depth2;
+  int depth, last_depth1, last_depth2, pkalgo;
   int is_pubkey = 0;
-  const unsigned char *rsa_s = NULL;
-  size_t rsa_s_len = 0;
+  const unsigned char *rsa_s, *ecc_r, *ecc_s;
+  size_t rsa_s_len, ecc_r_len, ecc_s_len;
   const char *oid;
   gcry_sexp_t sexp;
+  const char *eddsa_curve = NULL;
+
+  rsa_s = ecc_r = ecc_s = NULL;
+  rsa_s_len = ecc_r_len = ecc_s_len = 0;
 
   *r_newsigval = NULL;
   if (r_newsigvallen)
@@ -137,7 +141,17 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
     return err;
   if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
     return err;
-  if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
+  if (!tok)
+    return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+  if (toklen == 3 && !memcmp ("rsa", tok, 3))
+    pkalgo = GCRY_PK_RSA;
+  else if (toklen == 3 && !memcmp ("ecc", tok, 3))
+    pkalgo = GCRY_PK_ECC;
+  else if (toklen == 5 && !memcmp ("ecdsa", tok, 5))
+    pkalgo = GCRY_PK_ECC;
+  else if (toklen == 5 && !memcmp ("eddsa", tok, 5))
+    pkalgo = GCRY_PK_EDDSA;
+  else
     return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
 
   last_depth1 = depth;
@@ -150,16 +164,27 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
         return err;
       if (tok && toklen == 1)
         {
-          const unsigned char **mpi;
-          size_t *mpi_len;
+          const unsigned char **mpi = NULL;
+          size_t *mpi_len = NULL;
 
           switch (*tok)
             {
-            case 's': mpi = &rsa_s; mpi_len = &rsa_s_len; break;
+            case 's':
+              if (pkalgo == GCRY_PK_RSA)
+                {
+                  mpi = &rsa_s;
+                  mpi_len = &rsa_s_len;
+                }
+              else if (pkalgo == GCRY_PK_ECC || pkalgo == GCRY_PK_EDDSA)
+                {
+                  mpi = &ecc_s;
+                  mpi_len = &ecc_s_len;
+                }
+              break;
+
+            case 'r': mpi = &ecc_r; mpi_len = &ecc_r_len; break;
             default:  mpi = NULL;   mpi_len = NULL; break;
             }
-          if (mpi && *mpi)
-            return gpg_error (GPG_ERR_DUP_VALUE);
 
           if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
             return err;
@@ -169,6 +194,18 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
               *mpi_len = toklen;
             }
         }
+      else if (toklen == 5 && !memcmp (tok, "curve", 5))
+        {
+          if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+            return err;
+          if ((toklen == 7 && !memcmp (tok, "Ed25519", 7))
+              || (toklen == 22 && !memcmp (tok, "1.3.6.1.4.1.11591.15.1", 22))
+              || (toklen == 11 && !memcmp (tok, "1.3.101.112", 11)))
+            eddsa_curve = "1.3.101.112";
+          else if ((toklen == 5 && !memcmp (tok, "Ed448", 5))
+                   || (toklen == 11 && !memcmp (tok, "1.3.101.113", 11)))
+            eddsa_curve = "1.3.101.113";
+        }
 
       /* Skip to the end of the list. */
       last_depth2 = depth;
@@ -181,34 +218,65 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
   if (err)
     return err;
 
-  /* Map the hash algorithm to an OID.  */
-  switch (mdalgo)
+  if (eddsa_curve)
+    oid = eddsa_curve;
+  else
     {
-    case GCRY_MD_SHA1:
-      oid = "1.2.840.113549.1.1.5";  /* sha1WithRSAEncryption */
-      break;
+      /* Map the hash algorithm to an OID.  */
+      if (mdalgo < 0 || mdalgo > (1<<15) || pkalgo < 0 || pkalgo > (1<<15))
+        return gpg_error (GPG_ERR_DIGEST_ALGO);
 
-    case GCRY_MD_SHA256:
-      oid = "1.2.840.113549.1.1.11"; /* sha256WithRSAEncryption */
-      break;
+      switch (mdalgo | (pkalgo << 16))
+        {
+        case GCRY_MD_SHA1 | (GCRY_PK_RSA << 16):
+          oid = "1.2.840.113549.1.1.5";  /* sha1WithRSAEncryption */
+          break;
 
-    case GCRY_MD_SHA384:
-      oid = "1.2.840.113549.1.1.12"; /* sha384WithRSAEncryption */
-      break;
+        case GCRY_MD_SHA256 | (GCRY_PK_RSA << 16):
+          oid = "1.2.840.113549.1.1.11"; /* sha256WithRSAEncryption */
+          break;
 
-    case GCRY_MD_SHA512:
-      oid = "1.2.840.113549.1.1.13"; /* sha512WithRSAEncryption */
-      break;
+        case GCRY_MD_SHA384 | (GCRY_PK_RSA << 16):
+          oid = "1.2.840.113549.1.1.12"; /* sha384WithRSAEncryption */
+          break;
 
-    default:
-      return gpg_error (GPG_ERR_DIGEST_ALGO);
+        case GCRY_MD_SHA512 | (GCRY_PK_RSA << 16):
+          oid = "1.2.840.113549.1.1.13"; /* sha512WithRSAEncryption */
+          break;
+
+        case GCRY_MD_SHA224 | (GCRY_PK_ECC << 16):
+          oid = "1.2.840.10045.4.3.1"; /* ecdsa-with-sha224 */
+          break;
+
+        case GCRY_MD_SHA256 | (GCRY_PK_ECC << 16):
+          oid = "1.2.840.10045.4.3.2"; /* ecdsa-with-sha256 */
+          break;
+
+        case GCRY_MD_SHA384 | (GCRY_PK_ECC << 16):
+          oid = "1.2.840.10045.4.3.3"; /* ecdsa-with-sha384 */
+          break;
+
+        case GCRY_MD_SHA512 | (GCRY_PK_ECC << 16):
+          oid = "1.2.840.10045.4.3.4"; /* ecdsa-with-sha512 */
+          break;
+
+        case GCRY_MD_SHA512 | (GCRY_PK_EDDSA << 16):
+          oid = "1.3.101.112"; /* ed25519 */
+          break;
+
+        default:
+          return gpg_error (GPG_ERR_DIGEST_ALGO);
+        }
     }
 
-  if (rsa_s && !is_pubkey)
-    err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s(s%b)))",
-                           oid, (int)rsa_s_len, rsa_s);
-  else
+  if (is_pubkey)
     err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s))", oid);
+  else if (pkalgo == GCRY_PK_RSA)
+    err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s(s%b)))", oid,
+                           (int)rsa_s_len, rsa_s);
+  else if (pkalgo == GCRY_PK_ECC || pkalgo == GCRY_PK_EDDSA)
+    err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s(r%b)(s%b)))", oid,
+                           (int)ecc_r_len, ecc_r, (int)ecc_s_len, ecc_s);
   if (err)
     return err;
   err = make_canon_sexp (sexp, r_newsigval, r_newsigvallen);
diff --git a/sm/qualified.c b/sm/qualified.c
index b433717..4d8dfcc 100644
--- a/sm/qualified.c
+++ b/sm/qualified.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
-#include <assert.h>
 #include <errno.h>
 
 #include "gpgsm.h"
@@ -58,7 +57,7 @@ read_list (char *key, char *country, int *lnr)
 
   if (!listname)
     {
-      listname = make_filename (gnupg_datadir (), "qualified.txt", NULL);
+      listname = make_filename (gnupg_sysconfdir (), "qualified.txt", NULL);
       listfp = es_fopen (listname, "r");
       if (!listfp && errno != ENOENT)
         {
@@ -106,7 +105,7 @@ read_list (char *key, char *country, int *lnr)
                  listname, *lnr);
       return gpg_error (GPG_ERR_BAD_DATA);
     }
-  assert (p[i]);
+  log_assert (p[i]);
   i++;
   while (spacep (p+i))
     i++;
@@ -140,7 +139,7 @@ read_list (char *key, char *country, int *lnr)
    Returns: 0 if the certificate is included.  GPG_ERR_NOT_FOUND if it
    is not in the list or any other error (e.g. if no list of
    qualified signatures is available.  If COUNTRY has not been passed
-   as NULL a string witha maximum length of 2 will be copied into it;
+   as NULL a string with a maximum length of 2 will be copied into it;
    thus the caller needs to provide a buffer of length 3. */
 gpg_error_t
 gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert, char *country)
diff --git a/sm/server.c b/sm/server.c
index 5341d31..874f0db 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1,6 +1,6 @@
 /* server.c - Server mode and main entry point
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2010 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2011, 2013-2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -724,13 +724,8 @@ cmd_export (assuan_context_t ctx, char *line)
 
   if (opt_secret)
     {
-      if (!list)
+      if (!list || !*list->d)
         return set_error (GPG_ERR_NO_DATA, "No key given");
-      if (!*list->d)
-        {
-          free_strlist (list);
-          return set_error (GPG_ERR_NO_DATA, "No key given");
-        }
       if (list->next)
         return set_error (GPG_ERR_TOO_MANY, "Only one key allowed");
   }
@@ -888,10 +883,10 @@ cmd_message (assuan_context_t ctx, char *line)
 
 
 static const char hlp_listkeys[] =
-  "LISTKEYS [<patterns>]\n"
-  "LISTSECRETKEYS [<patterns>]\n"
-  "DUMPKEYS [<patterns>]\n"
-  "DUMPSECRETKEYS [<patterns>]\n"
+  "LISTKEYS       [<options>] [<patterns>]\n"
+  "LISTSECRETKEYS [<options>] [<patterns>]\n"
+  "DUMPKEYS       [<options>] [<patterns>]\n"
+  "DUMPSECRETKEYS [<options>] [<patterns>]\n"
   "\n"
   "List all certificates or only those specified by PATTERNS.  Each\n"
   "pattern shall be a percent-plus escaped certificate specification.\n"
@@ -900,8 +895,12 @@ static const char hlp_listkeys[] =
   "smartcard has been registered.  The \"DUMP\" versions of the command\n"
   "are only useful for debugging.  The output format is a percent escaped\n"
   "colon delimited listing as described in the manual.\n"
+  "Supported values for OPTIONS are:\n"
+  "  --           Stop option processing\n"
+  "  --issuer-der PATTERN is a DER of the serialnumber as hexstring;\n"
+  "               the issuer is then inquired with \"ISSUER_DER\".\n"
   "\n"
-  "These \"OPTION\" command keys effect the output::\n"
+  "These Assuan \"OPTION\" command keys effect the output::\n"
   "\n"
   "  \"list-mode\" set to 0: List only local certificates (default).\n"
   "                     1: Ditto.\n"
@@ -921,9 +920,14 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   estream_t fp;
   char *p;
+  size_t n;
   strlist_t list, sl;
   unsigned int listmode;
   gpg_error_t err;
+  int opt_issuer_der;
+
+  opt_issuer_der = has_option (line, "--issuer-der");
+  line = skip_options (line);
 
   /* Break the line down into an strlist. */
   list = NULL;
@@ -947,33 +951,80 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
           list = sl;
         }
     }
+  if (opt_issuer_der && (!list || list->next))
+    {
+      free_strlist (list);
+      return set_error (GPG_ERR_INV_ARG,
+                        "only one arg for --issuer-der please");
+    }
 
-  if (ctrl->server_local->list_to_output)
+  if (opt_issuer_der)
     {
-      int outfd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+      unsigned char *value = NULL;
+      size_t valuelen;
+      char *issuer;
 
-      if ( outfd == -1 )
+      err = assuan_inquire (ctx, "ISSUER_DER", &value, &valuelen, 0);
+      if (err)
         {
           free_strlist (list);
-          return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+          return err;
         }
-      fp = es_fdopen_nc (outfd, "w");
-      if (!fp)
+      if (!valuelen)
+        {
+          xfree (value);
+          free_strlist (list);
+          return gpg_error (GPG_ERR_MISSING_VALUE);
+        }
+      err = ksba_dn_der2str (value, valuelen, &issuer);
+      xfree (value);
+      if (err)
         {
           free_strlist (list);
-          return set_error (gpg_err_code_from_syserror (),
-                            "es_fdopen() failed");
+          return err;
         }
+      /* ksba_dn_der2str seems to always append "\\0A".  Trim that.  */
+      n = strlen (issuer);
+      if (n > 3 && !strcmp (issuer + n - 3, "\\0A"))
+        issuer[n-3] = 0;
+
+      p = strconcat ("#", list->d, "/", issuer, NULL);
+      if (!p)
+        {
+          err = gpg_error_from_syserror ();
+          ksba_free (issuer);
+          free_strlist (list);
+          return err;
+        }
+      ksba_free (issuer);
+      free_strlist (list);
+      list = NULL;
+      if (!add_to_strlist_try (&list, p))
+        {
+          err = gpg_error_from_syserror ();
+          xfree (p);
+          return err;
+        }
+      xfree (p);
+    }
+
+
+  if (ctrl->server_local->list_to_output)
+    {
+      int outfd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+
+      if ( outfd == -1 )
+        return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+      fp = es_fdopen_nc (outfd, "w");
+      if (!fp)
+        return set_error (gpg_err_code_from_syserror (), "es_fdopen() failed");
     }
   else
     {
       fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
       if (!fp)
-        {
-          free_strlist (list);
-          return set_error (GPG_ERR_ASS_GENERAL,
-                            "error setting up a data stream");
-        }
+        return set_error (GPG_ERR_ASS_GENERAL,
+                          "error setting up a data stream");
     }
 
   ctrl->with_colons = 1;
@@ -1399,6 +1450,8 @@ gpgsm_server (certlist_t default_recplist)
   audit_release (ctrl.audit);
   ctrl.audit = NULL;
 
+  gpgsm_deinit_default_ctrl (&ctrl);
+
   assuan_release (ctx);
 }
 
diff --git a/sm/sign.c b/sm/sign.c
index dd7612f..46c71f0 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -141,7 +140,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
   int rc;
   char *p;
 
-  hd = keydb_new ();
+  hd = keydb_new (ctrl);
   if (!hd)
     return gpg_error (GPG_ERR_GENERAL);
   rc = keydb_search_first (ctrl, hd);
@@ -218,7 +217,7 @@ get_default_signer (ctrl_t ctrl)
       return NULL;
     }
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     return NULL;
 
@@ -255,7 +254,6 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
   ksba_cert_ref (cert);
 
   n = ctrl->include_certs;
-  log_debug ("adding certificates at level %d\n", n);
   if (n == -2)
     {
       not_root = 1;
@@ -293,7 +291,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
     }
   ksba_cert_release (cert);
 
-  return rc == -1? 0: rc;
+  return gpg_err_code (rc) == GPG_ERR_NOT_FOUND? 0 : rc;
 
  ksba_failure:
   ksba_cert_release (cert);
@@ -302,6 +300,99 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
 }
 
 
+#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */
+static gpg_error_t
+add_signed_attribute (ksba_cms_t cms, const char *attrstr)
+{
+  gpg_error_t err;
+  char **fields = NULL;
+  const char *s;
+  int i;
+  unsigned char *der = NULL;
+  size_t derlen;
+
+  fields = strtokenize (attrstr, ":");
+  if (!fields)
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("strtokenize failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  for (i=0; fields[i]; i++)
+    ;
+  if (i != 3)
+    {
+      err = gpg_error (GPG_ERR_SYNTAX);
+      log_error ("invalid attribute specification '%s': %s\n",
+                 attrstr, i < 3 ? "not enough fields":"too many fields");
+      goto leave;
+    }
+  if (!ascii_strcasecmp (fields[1], "u"))
+    {
+      err = 0;
+      goto leave; /* Skip unsigned attributes.  */
+    }
+  if (ascii_strcasecmp (fields[1], "s"))
+    {
+      err = gpg_error (GPG_ERR_SYNTAX);
+      log_error ("invalid attribute specification '%s': %s\n",
+                 attrstr, "type is not 's' or 'u'");
+      goto leave;
+    }
+  /* Check that the OID is valid.  */
+  err = ksba_oid_from_str (fields[0], &der, &derlen);
+  if (err)
+    {
+      log_error ("invalid attribute specification '%s': %s\n",
+                 attrstr, gpg_strerror (err));
+      goto leave;
+    }
+  xfree (der);
+  der = NULL;
+
+  if (strchr (fields[2], '/'))
+    {
+      /* FIXME: read from file. */
+    }
+  else /* Directly given in hex.  */
+    {
+      for (i=0, s = fields[2]; hexdigitp (s); s++, i++)
+        ;
+      if (*s || !i || (i&1))
+        {
+          log_error ("invalid attribute specification '%s': %s\n",
+                     attrstr, "invalid hex encoding of the data");
+          err = gpg_error (GPG_ERR_SYNTAX);
+          goto leave;
+        }
+      der = xtrystrdup (fields[2]);
+      if (!der)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("malloc failed: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+      for (s=fields[2], derlen=0; s[0] && s[1]; s += 2)
+        der[derlen++] = xtoi_2 (s);
+    }
+
+  /* Store the data in the CMS object for all signers.  */
+  err = ksba_cms_add_attribute (cms, -1, fields[0], 0, der, derlen);
+  if (err)
+    {
+      log_error ("invalid attribute specification '%s': %s\n",
+                 attrstr, gpg_strerror (err));
+      goto leave;
+    }
+
+ leave:
+  xfree (der);
+  xfree (fields);
+  return err;
+}
+#endif /*ksba >= 1.4.0 */
+
 
 
 /* Perform a sign operation.
@@ -331,7 +422,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
 
   audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN);
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -377,10 +468,17 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       goto leave;
     }
 
-  /* We are going to create signed data with data as encap. content */
+  /* We are going to create signed data with data as encap. content.
+   * In authenticode mode we use spcIndirectDataContext instead.  */
   err = ksba_cms_set_content_type (cms, 0, KSBA_CT_SIGNED_DATA);
   if (!err)
-    err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
+    err = ksba_cms_set_content_type
+      (cms, 1,
+#if KSBA_VERSION_NUMBER >= 0x010400 && 0
+       opt.authenticode? KSBA_CT_SPC_IND_DATA_CTX :
+#endif
+       KSBA_CT_DATA
+       );
   if (err)
     {
       log_debug ("ksba_cms_set_content_type failed: %s\n",
@@ -430,6 +528,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       release_signerlist = 1;
     }
 
+
   /* Figure out the hash algorithm to use. We do not want to use the
      one for the certificate but if possible an OID for the plain
      algorithm.  */
@@ -438,6 +537,11 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
   for (i=0, cl=signerlist; cl; cl = cl->next, i++)
     {
       const char *oid;
+      unsigned int nbits;
+      int pk_algo;
+
+      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+      cl->pk_algo = pk_algo;
 
       if (opt.forced_digest_algo)
         {
@@ -446,7 +550,21 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         }
       else
         {
-          oid = ksba_cert_get_digest_algo (cl->cert);
+          if (pk_algo == GCRY_PK_ECC)
+            {
+              /* Map the Curve to a corresponding hash algo.  */
+              if (nbits <= 256)
+                oid = "2.16.840.1.101.3.4.2.1"; /* sha256 */
+              else if (nbits <= 384)
+                oid = "2.16.840.1.101.3.4.2.2"; /* sha384 */
+              else
+                oid = "2.16.840.1.101.3.4.2.3"; /* sha512 */
+            }
+          else
+            {
+              /* For RSA we reuse the hash algo used by the certificate.  */
+              oid = ksba_cert_get_digest_algo (cl->cert);
+            }
           cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;
         }
       switch (cl->hash_algo)
@@ -482,27 +600,23 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
           goto leave;
         }
 
-      {
-        unsigned int nbits;
-        int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
-
-        if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo, 0,
-                                   NULL, nbits, NULL))
-          {
-            char  kidstr[10+1];
-
-            snprintf (kidstr, sizeof kidstr, "0x%08lX",
-                      gpgsm_get_short_fingerprint (cl->cert, NULL));
-            log_error (_("key %s may not be used for signing in %s mode\n"),
-                       kidstr,
-                       gnupg_compliance_option_string (opt.compliance));
-            err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-            goto leave;
-          }
-      }
+      if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo, 0,
+                                 NULL, nbits, NULL))
+        {
+          char  kidstr[10+1];
+
+          snprintf (kidstr, sizeof kidstr, "0x%08lX",
+                    gpgsm_get_short_fingerprint (cl->cert, NULL));
+          log_error (_("key %s may not be used for signing in %s mode\n"),
+                     kidstr,
+                     gnupg_compliance_option_string (opt.compliance));
+          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+          goto leave;
+        }
+
     }
 
-  if (opt.verbose)
+  if (opt.verbose > 1 || opt.debug)
     {
       for (i=0, cl=signerlist; cl; cl = cl->next, i++)
         log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
@@ -643,6 +757,21 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         }
     }
 
+  /* We can add signed attributes only when build against libksba 1.4.  */
+#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */
+  {
+    strlist_t sl;
+
+    for (sl = opt.attributes; sl; sl = sl->next)
+      if ((err = add_signed_attribute (cms, sl->d)))
+        goto leave;
+  }
+#else
+  if (opt.attributes)
+    log_info ("Note: option --attribute is ignored by this version\n");
+#endif /*ksba >= 1.4.0  */
+
+
   /* We need to write at least a minimal list of our capabilities to
      try to convince some MUAs to use 3DES and not the crippled
      RC2. Our list is:
@@ -678,7 +807,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
           unsigned char *digest;
           size_t digest_len;
 
-          assert (!detached);
+          log_assert (!detached);
 
           rc = hash_and_copy_data (data_fd, data_md, writer);
           if (rc)
@@ -777,17 +906,23 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                   goto leave;
                 }
               rc = 0;
-              {
-                int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
-                buf = xtryasprintf ("%c %d %d 00 %s %s",
-                                    detached? 'D':'S',
-                                    pkalgo,
-                                    cl->hash_algo,
-                                    signed_at,
-                                    fpr);
-                if (!buf)
-                  rc = gpg_error_from_syserror ();
-              }
+              if (opt.verbose)
+                {
+                  char *pkalgostr = gpgsm_pubkey_algo_string (cl->cert, NULL);
+                  log_info (_("%s/%s signature using %s key %s\n"),
+                            pubkey_algo_to_string (cl->pk_algo),
+                            gcry_md_algo_name (cl->hash_algo),
+                            pkalgostr, fpr);
+                  xfree (pkalgostr);
+                }
+              buf = xtryasprintf ("%c %d %d 00 %s %s",
+                                  detached? 'D':'S',
+                                  cl->pk_algo,
+                                  cl->hash_algo,
+                                  signed_at,
+                                  fpr);
+              if (!buf)
+                rc = gpg_error_from_syserror ();
               xfree (fpr);
               if (rc)
                 {
@@ -813,7 +948,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
   audit_log (ctrl->audit, AUDIT_SIGNING_DONE);
   log_info ("signature created\n");
 
-
  leave:
   if (rc)
     log_error ("error creating signature: %s <%s>\n",
diff --git a/sm/t-minip12.c b/sm/t-minip12.c
new file mode 100644
index 0000000..97bbcb9
--- /dev/null
+++ b/sm/t-minip12.c
@@ -0,0 +1,165 @@
+/* t-minip12.c - Test driver for minip12.c
+ * Copyright (C) 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "../common/util.h"
+#include "minip12.h"
+
+
+#define PGM "t-minip12"
+
+static int verbose;
+static int debug;
+
+
+
+static void
+cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
+{
+  (void)opaque;
+  (void)cert;
+
+  if (verbose)
+    log_info ("got a certificate of %zu bytes length\n", certlen);
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+  int last_argc = -1;
+  char const *name = NULL;
+  char const *pass = NULL;
+  FILE *fp;
+  struct stat st;
+  unsigned char *buf;
+  size_t buflen;
+  gcry_mpi_t *result;
+  int badpass;
+  char *curve = NULL;
+
+  if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM " <pkcs12file> [<passphrase>]\n"
+                 "Options:\n"
+                 "  --verbose           print timings etc.\n"
+                 "  --debug             flyswatter\n"
+                 , stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose += 2;
+          debug++;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+
+  if (argc == 1)
+    {
+      name = argv[0];
+      pass = "";
+    }
+  else if (argc == 2)
+    {
+      name = argv[0];
+      pass = argv[1];
+    }
+  else
+    {
+      fprintf (stderr, "usage: " PGM " <file> [<passphrase>]\n");
+      exit (1);
+    }
+
+  gcry_control (GCRYCTL_DISABLE_SECMEM, NULL);
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL);
+
+
+  fp = fopen (name, "rb");
+  if (!fp)
+    {
+      fprintf (stderr, PGM": can't open '%s': %s\n", name, strerror (errno));
+      return 1;
+    }
+
+  if (fstat (fileno(fp), &st))
+    {
+      fprintf (stderr, PGM": can't stat '%s': %s\n", name, strerror (errno));
+      return 1;
+    }
+
+  buflen = st.st_size;
+  buf = gcry_malloc (buflen+1);
+  if (!buf || fread (buf, buflen, 1, fp) != 1)
+    {
+      fprintf (stderr, "error reading '%s': %s\n", name, strerror (errno));
+      return 1;
+    }
+  fclose (fp);
+
+  result = p12_parse (buf, buflen, pass, cert_cb, NULL, &badpass, &curve);
+  if (result)
+    {
+      int i, rc;
+      unsigned char *tmpbuf;
+
+      if (curve)
+        log_info ("curve: %s\n", curve);
+      for (i=0; result[i]; i++)
+        {
+          rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &tmpbuf, NULL, result[i]);
+          if (rc)
+            log_error ("%d: [error printing number: %s]\n",
+                       i, gpg_strerror (rc));
+          else
+            {
+              log_info ("%d: %s\n", i, tmpbuf);
+              gcry_free (tmpbuf);
+            }
+        }
+    }
+
+  return 0;
+}
diff --git a/sm/verify.c b/sm/verify.c
index 5510f42..fe111c3 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -28,7 +28,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpgsm.h"
 #include <gcrypt.h>
@@ -112,7 +111,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
   audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
 
-  kh = keydb_new ();
+  kh = keydb_new (ctrl);
   if (!kh)
     {
       log_error (_("failed to allocate keyDB handle\n"));
@@ -363,7 +362,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
         }
       else if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
         {
-          assert (!msgdigest);
+          log_assert (!msgdigest);
           rc = 0;
           algoid = NULL;
           algo = 0;
@@ -459,7 +458,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
       pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
       pkalgo = gpgsm_get_key_algo_info (cert, &nbits);
+      /* Remap the ECC algo to the algo we use.  Note that EdDSA has
+       * already been mapped.  */
+      if (pkalgo == GCRY_PK_ECC)
+        pkalgo = GCRY_PK_ECDSA;
 
+      /* Print infos about the signature.  */
       log_info (_("Signature made "));
       if (*sigtime)
         {
@@ -501,7 +505,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           goto next_signer;
         }
 
-      if (!gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
+      if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
         {
           log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
                      gcry_md_algo_name (sigval_hash_algo),
@@ -516,13 +520,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
         gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
                       gnupg_status_compliance_flag (CO_DE_VS));
-      else if (opt.require_compliance
-               && opt.compliance == CO_DE_VS)
-        {
-          log_error (_("operation forced to fail due to"
-                       " unfulfilled compliance rules\n"));
-          gpgsm_errors_seen = 1;
-        }
 
 
       /* Now we can check the signature.  */
@@ -628,6 +625,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
         xfree (fpr);
 
+        /* FIXME: INFO_PKALGO correctly shows ECDSA but PKALGO is then
+         * ECC.  We should use the ECDSA here and need to find a way to
+         * figure this oult without using the bodus assumtion in
+         * gpgsm_check_cms_signature that ECC is alwas ECDSA.  */
+
         fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
         tstr = strtimestamp_r (sigtime);
         buf = xasprintf ("%s %s %s %s 0 0 %d %d 00", fpr, tstr,
@@ -669,6 +671,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           ksba_free (p);
         }
 
+
       /* Print a note if this is a qualified signature.  */
       {
         size_t qualbuflen;
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 65978ae..624334c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -18,7 +18,13 @@
 
 ## Process this file with automake to produce Makefile.in
 
-SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits .
+if TEST_LIBTSS
+tpm2dtests = tpm2dtests
+else
+tpm2dtests =
+endif
+
+SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits $(tpm2dtests) .
 
 GPGSM = ../sm/gpgsm
 
diff --git a/tests/Makefile.in b/tests/Makefile.in
index a70f0d0..9e3e4ed 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -113,16 +113,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -228,7 +227,8 @@ am__tty_colors = { \
     std=''; \
   fi; \
 }
-DIST_SUBDIRS = $(SUBDIRS)
+DIST_SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits tpm2dtests \
+	.
 am__DIST_COMMON = $(srcdir)/Makefile.in \
 	$(top_srcdir)/build-aux/depcomp \
 	$(top_srcdir)/build-aux/mkinstalldirs
@@ -297,9 +297,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -308,6 +310,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -335,9 +338,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -374,13 +378,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -443,7 +450,9 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits .
+@TEST_LIBTSS_FALSE@tpm2dtests = 
+@TEST_LIBTSS_TRUE@tpm2dtests = tpm2dtests
+SUBDIRS = gpgscm openpgp migrations gpgsm gpgme pkits $(tpm2dtests) .
 GPGSM = ../sm/gpgsm
 
 # Note that we need to use /bin/pwd so that we don't get into trouble
diff --git a/tests/asschk.c b/tests/asschk.c
index 65828e5..c77fd7c 100644
--- a/tests/asschk.c
+++ b/tests/asschk.c
@@ -30,7 +30,7 @@
    expanded once and non existing macros expand to the empty string.
    A macro is dereferenced by prefixing its name with a dollar sign;
    the end of the name is currently indicated by a white space, a
-   dollar sign or a slash.  To use a dollor sign verbatim, double it.
+   dollar sign or a slash.  To use a dollar sign verbatim, double it.
 
    A macro is assigned by prefixing a statement with the macro name
    and an equal sign.  The value is assigned verbatim if it does not
@@ -47,7 +47,7 @@
 
    [<name> =] <statement> [<args>]
 
-   If NAME is not specifed but the statement returns a value it is
+   If NAME is not specified but the statement returns a value it is
    assigned to the name "?" so that it can be referenced using "$?".
    The following commands are implemented:
 
@@ -274,7 +274,7 @@ writen (int fd, const char *buffer, size_t length)
    type and store that in recv_type.  The function terminates on a
    communication error.  Returns a pointer into the inputline to the
    first byte of the arguments.  The parsing is very strict to match
-   exaclty what we want to send. */
+   exactly what we want to send. */
 static char *
 read_assuan (int fd)
 {
@@ -397,7 +397,7 @@ write_assuan (int fd, const char *line)
 
 /* Start the server with path PGMNAME and connect its stdout and
    strerr to a newly created pipes; the file descriptors are then
-   store in the gloabl variables SERVER_SEND_FD and
+   store in the global variables SERVER_SEND_FD and
    SERVER_RECV_FD. The initial handcheck is performed.*/
 static void
 start_server (const char *pgmname)
@@ -468,7 +468,7 @@ start_server (const char *pgmname)
 
 
 
-/* Script intepreter. */
+/* Script interpreter. */
 
 static void
 unset_var (const char *name)
diff --git a/tests/gpgme/Makefile.in b/tests/gpgme/Makefile.in
index d06bad8..7c7ea31 100644
--- a/tests/gpgme/Makefile.in
+++ b/tests/gpgme/Makefile.in
@@ -138,24 +138,24 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 subdir = tests/gpgme
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -226,9 +226,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -237,6 +239,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -264,9 +267,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -303,13 +307,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -384,7 +391,7 @@ required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
 AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
diff --git a/tests/gpgscm/Makefile.in b/tests/gpgscm/Makefile.in
index 503903a..369eeb0 100644
--- a/tests/gpgscm/Makefile.in
+++ b/tests/gpgscm/Makefile.in
@@ -139,9 +139,10 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 bin_PROGRAMS = gpgscm$(EXEEXT)
 noinst_PROGRAMS = t-child$(EXEEXT)
 subdir = tests/gpgscm
@@ -149,16 +150,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -286,9 +286,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -297,6 +299,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -324,9 +327,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -363,13 +367,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -452,7 +459,7 @@ EXTRA_DIST = \
 AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c
index f2b12aa..bd579c4 100644
--- a/tests/gpgscm/main.c
+++ b/tests/gpgscm/main.c
@@ -43,7 +43,6 @@
 #include "scheme-private.h"
 #include "ffi.h"
 #include "../common/i18n.h"
-#include "../../common/argparse.h"
 #include "../../common/init.h"
 #include "../../common/logging.h"
 #include "../../common/strlist.h"
@@ -66,7 +65,7 @@ enum cmd_and_opt_values
   };
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] =
+static gpgrt_opt_t opts[] =
   {
     ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
     ARGPARSE_end (),
@@ -77,10 +76,9 @@ size_t scmpath_len = 0;
 
 /* Command line parsing.  */
 static void
-parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
+parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
 {
-
-  while (gnupg_argparse (NULL, pargs, popts))
+  while (gpgrt_argparse (NULL, pargs, popts))
     {
       switch (pargs->r_opt)
         {
@@ -254,7 +252,7 @@ main (int argc, char **argv)
   int retcode;
   gpg_error_t err;
   char *argv0;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   scheme *sc;
   char *p;
 #if _WIN32
@@ -281,7 +279,7 @@ main (int argc, char **argv)
     if (*p == pathsep)
       *p = 0, scmpath_len++;
 
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("gpgscm", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
@@ -299,7 +297,7 @@ main (int argc, char **argv)
   pargs.argv  = &argv;
   pargs.flags = 0;
   parse_arguments (&pargs, opts);
-  gnupg_argparse (NULL, &pargs, NULL);
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (log_get_errorcount (0))
     exit (2);
diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
index 86d70b3..a819165 100644
--- a/tests/gpgscm/scheme.c
+++ b/tests/gpgscm/scheme.c
@@ -44,8 +44,6 @@
 # endif
 #endif
 
-#include "gpgrt.h"   /* For GGPRT_GCC_VERSION */
-
 /* Used for documentation purposes, to signal functions in 'interface' */
 #define INTERFACE
 
@@ -172,7 +170,6 @@ type_to_string (enum scheme_types typ)
      case T_FRAME: return "frame";
      }
      assert (! "not reached");
-     return "?";
 }
 
 /* ADJ is enough slack to align cells in a TYPE_BITS-bit boundary */
@@ -2993,13 +2990,23 @@ _Error_1(scheme *sc, const char *s, pointer a) {
 /* Define a label OP and emit a case statement for OP.  For use in the
  * dispatch function.  The slightly peculiar goto that is never
  * executed avoids warnings about unused labels.  */
+#if __GNUC__ > 6
+#define CASE(OP)	OP: __attribute__((unused)); case OP
+#else
 #define CASE(OP)	case OP: if (0) goto OP; OP
+#endif
 
 #else	/* USE_THREADED_CODE */
 #define s_thread_to(sc, a)	s_goto(sc, a)
 #define CASE(OP)		case OP
 #endif	/* USE_THREADED_CODE */
 
+#if __GNUC__ > 6
+#define FALLTHROUGH __attribute__ ((fallthrough))
+#else
+#define FALLTHROUGH /* fallthrough */
+#endif
+
 /* Return to the previous frame on the dump stack, setting the current
  * value to A.  */
 #define s_return(sc, a)	s_goto(sc, _s_return(sc, a, 0))
@@ -3441,11 +3448,6 @@ int list_length(scheme *sc, pointer a) {
 
 
 
-#if GPGRT_GCC_VERSION >= 80000
-# pragma GCC diagnostic push
-# pragma GCC diagnostic ignored "-Wimplicit-fallthrough"
-#endif
-
 #define s_retbool(tf)    s_return(sc,(tf) ? sc->T : sc->F)
 
 /* kernel of this interpreter */
@@ -3565,7 +3567,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
          putstr(sc,"\nEval: ");
          s_thread_to(sc,OP_P0LIST);
        }
-       /* fall through */
+       FALLTHROUGH;
      CASE(OP_REAL_EVAL):
 #endif
           if (is_symbol(sc->code)) {    /* symbol */
@@ -3643,7 +3645,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
 	  free_cons(sc, sc->args, &callsite, &sc->args);
 	  sc->code = car(sc->args);
 	  sc->args = cdr(sc->args);
-	  /* Fallthrough.  */
+	  FALLTHROUGH;
 
      CASE(OP_APPLY):      /* apply 'code' to 'args' */
 #if USE_TRACING
@@ -3654,7 +3656,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
          putstr(sc,"\nApply to: ");
          s_thread_to(sc,OP_P0LIST);
        }
-       /* fall through */
+       FALLTHROUGH;
      CASE(OP_REAL_APPLY):
 #endif
 #if USE_HISTORY
@@ -3735,12 +3737,11 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
                     s_thread_to(sc,OP_APPLY);
                }
           }
-	  /* Fallthrough. */
 #else
      CASE(OP_LAMBDA):     /* lambda */
 	  sc->value = sc->code;
-	  /* Fallthrough. */
 #endif
+	  FALLTHROUGH;
 
      CASE(OP_LAMBDA1):
 	  gc_disable(sc, 1);
@@ -4663,13 +4664,9 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
      CASE(OP_NULLP):       /* null? */
           s_retbool(car(sc->args) == sc->NIL);
      CASE(OP_NUMEQ):      /* = */
-	  /* Fallthrough.  */
      CASE(OP_LESS):       /* < */
-	  /* Fallthrough.  */
      CASE(OP_GRE):        /* > */
-	  /* Fallthrough.  */
      CASE(OP_LEQ):        /* <= */
-	  /* Fallthrough.  */
      CASE(OP_GEQ):        /* >= */
           switch(op) {
                case OP_NUMEQ: comp_func=num_eq; break;
@@ -4758,9 +4755,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_return(sc,sc->value);
 
      CASE(OP_WRITE):      /* write */
-	  /* Fallthrough.  */
      CASE(OP_DISPLAY):    /* display */
-	  /* Fallthrough.  */
      CASE(OP_WRITE_CHAR): /* write-char */
           if(is_pair(cdr(sc->args))) {
                if(cadr(sc->args)!=sc->outport) {
@@ -4908,9 +4903,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_return(sc,sc->outport);
 
      CASE(OP_OPEN_INFILE): /* open-input-file */
-	  /* Fallthrough.  */
      CASE(OP_OPEN_OUTFILE): /* open-output-file */
-	  /* Fallthrough.  */
      CASE(OP_OPEN_INOUTFILE): /* open-input-output-file */ {
           int prop=0;
           pointer p;
@@ -4930,7 +4923,6 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
 
 #if USE_STRING_PORTS
      CASE(OP_OPEN_INSTRING): /* open-input-string */
-	  /* Fallthrough.  */
      CASE(OP_OPEN_INOUTSTRING): /* open-input-output-string */ {
           int prop=0;
           pointer p;
@@ -5011,7 +5003,6 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_thread_to(sc,OP_READ_INTERNAL);
 
      CASE(OP_READ_CHAR): /* read-char */
-	  /* Fallthrough.  */
      CASE(OP_PEEK_CHAR): /* peek-char */ {
           int c;
           if(is_pair(sc->args)) {
@@ -5331,11 +5322,6 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
   }
 }
 
-#if GPGRT_GCC_VERSION >= 80000
-# pragma GCC diagnostic pop
-#endif
-
-
 typedef int (*test_predicate)(pointer);
 
 static int is_any(pointer p) {
diff --git a/tests/gpgsm/Makefile.in b/tests/gpgsm/Makefile.in
index 69109fd..c149dbc 100644
--- a/tests/gpgsm/Makefile.in
+++ b/tests/gpgsm/Makefile.in
@@ -138,24 +138,24 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 subdir = tests/gpgsm
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -226,9 +226,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -237,6 +239,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -264,9 +267,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -303,13 +307,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -384,7 +391,7 @@ required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
 AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
diff --git a/tests/migrations/Makefile.in b/tests/migrations/Makefile.in
index 0cc6786..9fc00bb 100644
--- a/tests/migrations/Makefile.in
+++ b/tests/migrations/Makefile.in
@@ -138,24 +138,24 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 subdir = tests/migrations
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -226,9 +226,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -237,6 +239,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -264,9 +267,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -303,13 +307,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -384,7 +391,7 @@ required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
 AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 59f39e2..984b63f 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -102,9 +102,6 @@ XTESTS = \
 	issue2929.scm \
 	issue2941.scm
 
-# Temporary removed tests:
-#	trust-pgp-4.scm
-
 
 # XXX: Currently, one cannot override automake's 'check' target.  As a
 # workaround, we avoid defining 'TESTS', thus automake will not emit
@@ -268,7 +265,7 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
 
 EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
 	     mkdemodirs signdemokey $(priv_keys) $(sample_keys)   \
-	     $(sample_msgs) ChangeLog-2011 run-tests.scm trust-pgp-4.scm \
+	     $(sample_msgs) ChangeLog-2011 run-tests.scm \
 	     setup.scm shell.scm all-tests.scm signed-messages.scm
 
 CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \
diff --git a/tests/openpgp/Makefile.in b/tests/openpgp/Makefile.in
index a911259..4622ca0 100644
--- a/tests/openpgp/Makefile.in
+++ b/tests/openpgp/Makefile.in
@@ -140,25 +140,25 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
 noinst_PROGRAMS = fake-pinentry$(EXEEXT)
 subdir = tests/openpgp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -269,9 +269,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -280,6 +282,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -307,9 +310,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -346,13 +350,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -427,7 +434,7 @@ required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
 AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
+	$(am__append_7) $(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -619,7 +626,7 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
 
 EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
 	     mkdemodirs signdemokey $(priv_keys) $(sample_keys)   \
-	     $(sample_msgs) ChangeLog-2011 run-tests.scm trust-pgp-4.scm \
+	     $(sample_msgs) ChangeLog-2011 run-tests.scm \
 	     setup.scm shell.scm all-tests.scm signed-messages.scm
 
 CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \
@@ -912,9 +919,6 @@ uninstall-am:
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
 
-# Temporary removed tests:
-#	trust-pgp-4.scm
-
 # XXX: Currently, one cannot override automake's 'check' target.  As a
 # workaround, we avoid defining 'TESTS', thus automake will not emit
 # the 'check' target.  For extra robustness, we merely define a
diff --git a/tests/openpgp/README b/tests/openpgp/README
index 22b7211..d85ff3f 100644
--- a/tests/openpgp/README
+++ b/tests/openpgp/README
@@ -32,7 +32,7 @@ If you want to run gpg under valgrind add with_valgrind=1.
 
 To inspect the environment in which tests are running, or to quickly
 create keys for debugging or testing, you can start a shell.  There is
-one test that doese just that:
+one test that does just that:
 
   obj $ make -C tests/openpgp check TESTS=shell.scm
   PASS: tests/openpgp/setup.scm
diff --git a/tests/openpgp/all-tests.scm b/tests/openpgp/all-tests.scm
index d687fe4..046012c 100644
--- a/tests/openpgp/all-tests.scm
+++ b/tests/openpgp/all-tests.scm
@@ -45,34 +45,37 @@
      (string-append "--" variant))))
 
  (define setup-use-keyring (setup* "use-keyring"))
- (define setup-extended-key-format (setup* "extended-key-format"))
+ (define setup-use-keyboxd (setup* "use-keyboxd"))
 
  (define all-tests
-   (parse-makefile-expand (in-srcdir "tests" "openpgp" "Makefile.am")
+   (parse-makefile-expand "Makefile"
 			  (lambda (filename port key) (parse-makefile port key))
 			  "XTESTS"))
 
  (define tests
    (map (lambda (name)
 	  (test::scm setup
-		     (path-join "tests" "openpgp" name)
+		     (qualify (path-join "tests" "openpgp" name) "standard")
 		     (in-srcdir "tests" "openpgp" name))) all-tests))
 
  (when *run-all-tests*
        (set! tests
 	     (append
 	      tests
+              ;; The second pass uses the keyboxd
 	      (map (lambda (name)
-		     (test::scm setup-use-keyring
+		     (test::scm setup-use-keyboxd
 				(qualify (path-join "tests" "openpgp" name)
-					 "use-keyring")
+					 "keyboxd")
 				(in-srcdir "tests" "openpgp" name)
-				"--use-keyring")) all-tests)
+				"--use-keyboxd")) all-tests)
+              ;; The third pass uses the legact pubring.gpg
 	      (map (lambda (name)
-		     (test::scm setup-extended-key-format
+		     (test::scm setup-use-keyring
 				(qualify (path-join "tests" "openpgp" name)
-					 "extended-key-format")
+					 "keyring")
 				(in-srcdir "tests" "openpgp" name)
-				"--extended-key-format")) all-tests))))
+				"--use-keyring")) all-tests)
+              )))
 
  tests)
diff --git a/tests/openpgp/armor.scm b/tests/openpgp/armor.scm
index 3c117dd..a1b0aa9 100755
--- a/tests/openpgp/armor.scm
+++ b/tests/openpgp/armor.scm
@@ -191,7 +191,7 @@ nW1ff9rt1YcTH9LiiE4EGBECAAYFAjnKLe0AEgkQ3uyMCd5BWw4HZUdQRwABAZeBAKDsa7tc
 (info "Checking armored_key_8192")
 (pipe:do
  (pipe:echo armored_key_8192)
- (pipe:gpg '(--import)))
+ (pipe:gpg '(--debug-set-iobuf-size=8 --import)))
 
 (define nopad_armored_msg "-----BEGIN PGP MESSAGE-----
 Version: GnuPG v1.4.11-svn5139 (GNU/Linux)
@@ -758,10 +758,10 @@ wg7Md81a5RI3F2FG8747t9gX
 (info "Importing alpha_seckey")
 (pipe:do
  (pipe:echo alpha_seckey)
- (pipe:gpg '(--import)))
+ (pipe:gpg '(--debug-set-iobuf-size=8 --import)))
 
 (info "Checking for bug #1179")
 (tr:do
  (tr:pipe-do
   (pipe:echo nopad_armored_msg)
-  (pipe:gpg '(--decrypt))))
+  (pipe:gpg '(--debug-set-iobuf-size=8 --decrypt))))
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index b864005..d26d383 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -192,7 +192,7 @@
 
 (define (tool which)
   (case which
-    ((gpg gpg-agent scdaemon gpgsm dirmngr)
+    ((gpg gpg-agent scdaemon gpgsm keyboxd dirmngr)
      (:gc:c:pgmname (assoc (symbol->string which) gpg-components)))
     (else
      (tool-hardcoded which))))
@@ -216,7 +216,7 @@
   (tr:spawn input `(,@GPG --output **out** ,@args **in**)))
 
 (define (pipe:gpg args)
-  (pipe:spawn `(,@GPG --output - ,@args -)))
+  (pipe:spawn `(,@GPG --output - ,@args)))
 
 (define (gpg-with-colons args)
   (let ((s (call-popen `(,@GPG --with-colons ,@args) "")))
@@ -336,6 +336,8 @@
       (create-file "pubring.gpg"))
 
   (create-file "gpg.conf"
+               ;;"log-file socket:///tmp/S.wklog"
+               ;;"verbose"
 	       "no-greeting"
 	       "no-secmem-warning"
 	       "no-permission-warning"
@@ -343,20 +345,27 @@
                "no-auto-key-retrieve"
                "no-auto-key-locate"
 	       "allow-weak-digest-algos"
-               "allow-weak-key-signatures"
+	       "allow-old-cipher-algos"
                "ignore-mdc-error"
 	       (if have-opt-always-trust
 		   "no-auto-check-trustdb" "#no-auto-check-trustdb")
 	       (string-append "agent-program "
 			      (tool 'gpg-agent)
 			      "|--debug-quick-random\n")
+	       (if (flag "--use-keyboxd" *args*)
+		   "use-keyboxd" "#use-keyboxd")
 	       )
+  (create-file "keyboxd.conf"
+               ;;"log-file socket:///tmp/S.wklog"
+               ;;"verbose"
+               ;;"debug ipc"
+	       )
+
   (create-file "gpg-agent.conf"
 	       "allow-preset-passphrase"
 	       "no-grab"
 	       "enable-ssh-support"
-	       (if (flag "--extended-key-format" *args*)
-		   "enable-extended-key-format" "#enable-extended-key-format")
+               "s2k-count 65536"
 	       (string-append "pinentry-program " (tool 'pinentry))
 	       "disable-scdaemon"))
 
@@ -505,5 +514,7 @@
   (set! gpg `(,@valgrind ,@gpg)))
 
 
+;;(set! *args* (append *args* (list "--use-keyboxd")))
+
 
 ;; end
diff --git a/tests/openpgp/gpgconf.scm b/tests/openpgp/gpgconf.scm
index 16e435d..6b70f0a 100644
--- a/tests/openpgp/gpgconf.scm
+++ b/tests/openpgp/gpgconf.scm
@@ -37,10 +37,11 @@
 		(assert (or (not (opt::value)) (string=? "" (opt::value)))))))
 	(progress ".")))))
  (lambda (name . rest) name)
- (list "keyserver" "verbose")
- (list (gpg-config 'gpg "keyserver")
-       (gpg-config 'gpg "verbose"))
- (list (lambda (i) (if (even? i) "hkp://foo.bar" "hkps://bar.baz"))
+ (list "compliance" "verbose" "quiet")
+ (list (gpg-config 'gpg "compliance")
+       (gpg-config 'gpg "verbose")
+       (gpg-config 'gpg "quiet"))
+ (list (lambda (i) (if (even? i) "rfc4880bis" "rfc4880"))
        ;; gpgconf: argument for option verbose of type 0 (none) must
        ;; be positive
        (lambda (i) (+ 1 i))
diff --git a/tests/openpgp/gpgv.scm b/tests/openpgp/gpgv.scm
index 819d15f..398f050 100755
--- a/tests/openpgp/gpgv.scm
+++ b/tests/openpgp/gpgv.scm
@@ -21,7 +21,16 @@
 (load (in-srcdir "tests" "openpgp" "signed-messages.scm"))
 (setup-legacy-environment)
 
-(define keyring (if (file-exists? "pubring.kbx") "pubring.kbx" "pubring.gpg"))
+;; In keyboxd mode we need to export all keys first
+(if (flag "--use-keyboxd" *args*)
+    (call-check `(,@GPG --quiet --yes
+                        --export --yes --batch -o mytrustedkeys.gpg)))
+
+(define keyring (if (flag "--use-keyboxd" *args*)
+                    "mytrustedkeys.gpg"
+                    (if (file-exists? "pubring.kbx")
+                        "pubring.kbx"
+                        "pubring.gpg")))
 
 ;;
 ;; Two simple tests to check that verify fails for bad input data
@@ -66,6 +75,9 @@
 ;; Need to import the ed25519 sample key used for the next two tests.
 (call-check `(,@gpg --quiet --yes
 		    --import ,(in-srcdir "tests" "openpgp" key-file2)))
+(if (flag "--use-keyboxd" *args*)
+    (call-check `(,@GPG --quiet --yes
+                        --export --yes --batch -o mytrustedkeys.gpg)))
 (for-each-p
  "Checking that a valid Ed25519 signature is verified as such"
  (lambda (armored-file)
diff --git a/tests/openpgp/issue2419.scm b/tests/openpgp/issue2419.scm
index 641fb32..1bfabb0 100755
--- a/tests/openpgp/issue2419.scm
+++ b/tests/openpgp/issue2419.scm
@@ -25,5 +25,5 @@
  (onebyte)
  (dearmor (in-srcdir "tests" "openpgp" "samplemsgs/issue2419.asc") onebyte)
  (catch (assert (string-contains? (car *error*) "invalid packet"))
-	(call-popen `(,@GPG --list-packets ,onebyte) "")
+	(call-popen `(,@GPG --log-file - --list-packets ,onebyte) "")
 	(fail "Expected an error but got none")))
diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
index 6cdf19a..2023f17 100755
--- a/tests/openpgp/quick-key-manipulation.scm
+++ b/tests/openpgp/quick-key-manipulation.scm
@@ -34,8 +34,6 @@
 (define alpha "Alpha <alpha@invalid.example.net>")
 (define bravo "Bravo <bravo@invalid.example.net>")
 (define charlie "Charlie <charlie@invalid.example.net>")
-(define delta "Delta <delta@invalid.example.net>")
-(define deltahash "359DC5EFF98B14A58AAA615C638E8BD0CEDA537B")
 
 (define (key-data key)
   (filter (lambda (x) (or (string=? (car x) "pub")
@@ -89,10 +87,6 @@
 (info "Checking that we can revoke a user ID...")
 (call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,alpha))
 
-(info "Checking that we can revoke a user ID by its hash...")
-(call-check `(,@GPG --quick-add-uid ,(exact bravo) ,delta))
-(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,deltahash))
-
 (info "Checking that we get an error revoking a non-existent user ID.")
 (catch '()
        (call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,charlie))
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index f8a7e9e..74635c7 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -20,6 +20,8 @@ ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
 silent-running.asc     Collection of sample secret keys (no passphrases)
 rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
 rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.
+v5-sample-1-pub.asc    A version 5 key (ed25519/cert,sign,v5+cv25519/v5)
+v5-sample-1-sec.asc    Ditto, but the secret keyblock (unprotected).
 
 
 Notes:
diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm
index 22c89a3..b92dc07 100755
--- a/tests/openpgp/setup.scm
+++ b/tests/openpgp/setup.scm
@@ -38,7 +38,7 @@
       (for-each
        (lambda (t)
 	 (log (pad t 25) (tool t)))
-       '(gpgconf gpg gpg-agent scdaemon gpgsm dirmngr gpg-connect-agent
+       '(gpgconf gpg gpg-agent scdaemon gpgsm keyboxd dirmngr gpg-connect-agent
 		 gpg-preset-passphrase gpgtar pinentry)))
 
 (setenv "GNUPGHOME" (getcwd) #t)
diff --git a/tests/openpgp/verify.scm b/tests/openpgp/verify.scm
index b4dd49b..afa6b6a 100755
--- a/tests/openpgp/verify.scm
+++ b/tests/openpgp/verify.scm
@@ -51,16 +51,12 @@
  '(msg_ols_asc msg_cols_asc msg_sl_asc msg_oolss_asc msg_cls_asc msg_clss_asc))
 
 (for-each-p
- "Checking that a valid signature over multiple messages is verified as such"
+ "Checking that a valid signature over multiple messages is rejected"
  (lambda (armored-file)
-   (pipe:do
-    (pipe:echo (eval armored-file (current-environment)))
-    (pipe:spawn `(,@GPG --verify --allow-multiple-messages)))
    (catch '()
-	  (pipe:do
-	   (pipe:defer (lambda (sink)
-			 (display armored-file (fdopen sink "w"))))
-	   (pipe:spawn `(,@GPG --verify)))
+          (pipe:do
+           (pipe:echo (eval armored-file (current-environment)))
+           (pipe:spawn `(,@GPG --verify)))
 	  (fail "verification succeeded but should not")))
  '(msg_olsols_asc_multiple msg_clsclss_asc_multiple))
 
diff --git a/tests/pkits/Makefile.in b/tests/pkits/Makefile.in
index accdff2..250d7b5 100644
--- a/tests/pkits/Makefile.in
+++ b/tests/pkits/Makefile.in
@@ -111,16 +111,15 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -213,9 +212,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -224,6 +225,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -251,9 +253,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -290,13 +293,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
diff --git a/tests/sm-verify b/tests/sm-verify
index b06dc16..fa09323 100644
--- a/tests/sm-verify
+++ b/tests/sm-verify
@@ -90,7 +90,7 @@ fail-if !$trusted
 send BYE
 expect-ok
 
-# We als have tampered version.
+# We also have tampered version.
 sig = openfile $srcdir/text-2.osig-bad.pem
 
 pipeserver $GPGSM
diff --git a/tests/tpm2dtests/Makefile.am b/tests/tpm2dtests/Makefile.am
new file mode 100644
index 0000000..eeae399
--- /dev/null
+++ b/tests/tpm2dtests/Makefile.am
@@ -0,0 +1,80 @@
+# Makefile.am - For tests/openpgp
+# Copyright (C) 1998, 1999, 2000, 2001, 2003,
+#               2010 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# Process this file with automake to create Makefile.in
+
+
+# Programs required before we can run these tests.
+required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
+                ../../tools/gpg-connect-agent$(EXEEXT) \
+		../gpgscm/gpgscm$(EXEEXT) ../openpgp/fake-pinentry$(EXEEXT)
+
+AM_CPPFLAGS = -I$(top_srcdir)/common
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS =
+
+TESTS_ENVIRONMENT = LC_ALL=C \
+	EXEEXT=$(EXEEXT) \
+	PATH="../gpgscm:$(PATH)" \
+	abs_top_srcdir="$(abs_top_srcdir)" \
+	objdir="$(abs_top_builddir)" \
+	TPMSERVER="$(TPMSERVER)" \
+	SWTPM="$(SWTPM)" \
+	SWTPM_IOCTL="$(SWTPM_IOCTL)" \
+	GPGSCM_PATH="$(abs_top_srcdir)/tests/gpgscm"
+
+XTESTS = \
+	rsa.scm \
+	ecc.scm \
+	longpassphrase.scm \
+	unimportable.scm
+
+# XXX: Currently, one cannot override automake's 'check' target.  As a
+# workaround, we avoid defining 'TESTS', thus automake will not emit
+# the 'check' target.  For extra robustness, we merely define a
+# dependency on 'xcheck', so this hack should also work even if
+# automake would emit the 'check' target, as adding dependencies to
+# targets is okay.
+check: xcheck
+
+.PHONY: xcheck
+xcheck: tpm_server_found
+	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm \
+	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
+
+tpm_server_found:
+	@if [ -z "$(TPMSERVER)" -a -z "$(SWTPM)" -a -z "$(FORCE)" ]; then echo "ERROR: No Software TPM has been found, cannot run TPM tests.  Set FORCE=1 to force using the physical TPM"; exit 1; fi
+
+EXTRA_DIST = defs.scm shell.scm all-tests.scm run-tests.scm $(XTESTS) \
+	     start_sw_tpm.sh
+
+CLEANFILES = gpg.conf gpg-agent.conf S.gpg-agent \
+	     pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
+	     secring.gpg pubring.pkr secring.skr \
+	     gnupg-test.stop random_seed gpg-agent.log tofu.db \
+	     passphrases sshcontrol S.gpg-agent.ssh report.xml \
+	     msg.txt *.log
+
+clean-local:
+	-rm -rf private-keys-v1.d openpgp-revocs.d
+
+
+# We need to depend on a couple of programs so that the tests don't
+# start before all programs are built.
+all-local: $(required_pgms)
diff --git a/tests/tpm2dtests/Makefile.in b/tests/tpm2dtests/Makefile.in
new file mode 100644
index 0000000..dafe7a9
--- /dev/null
+++ b/tests/tpm2dtests/Makefile.in
@@ -0,0 +1,660 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - For tests/openpgp
+# Copyright (C) 1998, 1999, 2000, 2001, 2003,
+#               2010 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# Process this file with automake to create Makefile.in
+
+# cmacros.am - C macro definitions
+#     Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\""            \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""    \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\""  \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc.  Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+subdir = tests/tpm2dtests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
+	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
+	$(top_srcdir)/build-aux/mkinstalldirs
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+AWK_HEX_NUMBER_OPTION = @AWK_HEX_NUMBER_OPTION@
+BUILD_FILEVERSION = @BUILD_FILEVERSION@
+BUILD_HOSTNAME = @BUILD_HOSTNAME@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+BUILD_REVISION = @BUILD_REVISION@
+BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
+BUILD_VERSION = @BUILD_VERSION@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENCFS = @ENCFS@
+EXEEXT = @EXEEXT@
+FUSERMOUNT = @FUSERMOUNT@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGRT_CONFIG = @GPGRT_CONFIG@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
+GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
+GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LBER_LIBS = @LBER_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
+LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+NPTH_CFLAGS = @NPTH_CFLAGS@
+NPTH_CONFIG = @NPTH_CONFIG@
+NPTH_LIBS = @NPTH_LIBS@
+NTBTLS_CFLAGS = @NTBTLS_CFLAGS@
+NTBTLS_CONFIG = @NTBTLS_CONFIG@
+NTBTLS_LIBS = @NTBTLS_LIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
+SYSROOT = @SYSROOT@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
+USE_C99_CFLAGS = @USE_C99_CFLAGS@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WINDRES = @WINDRES@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+YAT2M = @YAT2M@
+ZLIBS = @ZLIBS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+# Programs required before we can run these tests.
+required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
+                ../../tools/gpg-connect-agent$(EXEEXT) \
+		../gpgscm/gpgscm$(EXEEXT) ../openpgp/fake-pinentry$(EXEEXT)
+
+
+# NB: AM_CFLAGS may also be used by tools running on the build
+# platform to create source files.
+AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
+	$(am__append_1) $(am__append_2) $(am__append_3) \
+	$(am__append_4) $(am__append_5) $(am__append_6) \
+	$(am__append_7) $(am__append_8)
+@HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
+
+# Under Windows we use LockFileEx.  WindowsCE provides this only on
+# the WindowsMobile 6 platform and thus we need to use the coredll6
+# import library.  We also want to use a stacksize of 256k instead of
+# the 2MB which is the default with cegcc.  256k is the largest stack
+# we use with pth.
+@HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
+@HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
+@HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
+resource_objs = 
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+libcommontls = ../common/libcommontls.a
+libcommontlsnpth = ../common/libcommontlsnpth.a
+AM_CFLAGS = 
+TESTS_ENVIRONMENT = LC_ALL=C \
+	EXEEXT=$(EXEEXT) \
+	PATH="../gpgscm:$(PATH)" \
+	abs_top_srcdir="$(abs_top_srcdir)" \
+	objdir="$(abs_top_builddir)" \
+	TPMSERVER="$(TPMSERVER)" \
+	SWTPM="$(SWTPM)" \
+	SWTPM_IOCTL="$(SWTPM_IOCTL)" \
+	GPGSCM_PATH="$(abs_top_srcdir)/tests/gpgscm"
+
+XTESTS = \
+	rsa.scm \
+	ecc.scm \
+	longpassphrase.scm \
+	unimportable.scm
+
+EXTRA_DIST = defs.scm shell.scm all-tests.scm run-tests.scm $(XTESTS) \
+	     start_sw_tpm.sh
+
+CLEANFILES = gpg.conf gpg-agent.conf S.gpg-agent \
+	     pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
+	     secring.gpg pubring.pkr secring.skr \
+	     gnupg-test.stop random_seed gpg-agent.log tofu.db \
+	     passphrases sshcontrol S.gpg-agent.ssh report.xml \
+	     msg.txt *.log
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .o .rc
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/tpm2dtests/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu tests/tpm2dtests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+$(top_srcdir)/am/cmacros.am $(am__empty):
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-local mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am all-local check check-am clean clean-generic \
+	clean-local cscopelist-am ctags-am distclean distclean-generic \
+	distdir dvi dvi-am html html-am info info-am install \
+	install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
+	uninstall-am
+
+.PRECIOUS: Makefile
+
+
+@HAVE_W32_SYSTEM_TRUE@.rc.o:
+@HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
+
+# XXX: Currently, one cannot override automake's 'check' target.  As a
+# workaround, we avoid defining 'TESTS', thus automake will not emit
+# the 'check' target.  For extra robustness, we merely define a
+# dependency on 'xcheck', so this hack should also work even if
+# automake would emit the 'check' target, as adding dependencies to
+# targets is okay.
+check: xcheck
+
+.PHONY: xcheck
+xcheck: tpm_server_found
+	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm \
+	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
+
+tpm_server_found:
+	@if [ -z "$(TPMSERVER)" -a -z "$(SWTPM)" -a -z "$(FORCE)" ]; then echo "ERROR: No Software TPM has been found, cannot run TPM tests.  Set FORCE=1 to force using the physical TPM"; exit 1; fi
+
+clean-local:
+	-rm -rf private-keys-v1.d openpgp-revocs.d
+
+# We need to depend on a couple of programs so that the tests don't
+# start before all programs are built.
+all-local: $(required_pgms)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/tpm2dtests/all-tests.scm b/tests/tpm2dtests/all-tests.scm
new file mode 100644
index 0000000..bf7a981
--- /dev/null
+++ b/tests/tpm2dtests/all-tests.scm
@@ -0,0 +1,81 @@
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(export all-tests
+ ;; Parse the Makefile.am to find all tests.
+
+ (load (with-path "makefile.scm"))
+
+ (define (expander filename port key)
+   (parse-makefile port key))
+
+ (define (parse filename key)
+   (parse-makefile-expand filename expander key))
+
+ (define setup
+   (make-environment-cache
+    (test::scm
+     #f
+     (path-join "tests" "openpgp" "setup.scm")
+     (in-srcdir "tests" "openpgp" "setup.scm"))))
+
+ (define (qualify path variant)
+   (string-append "<" variant ">" path))
+
+ (define (setup* variant)
+   (make-environment-cache
+    (test::scm
+     #f
+     (qualify (path-join "tests" "openpgp" "setup.scm") variant)
+     (in-srcdir "tests" "openpgp" "setup.scm")
+     (string-append "--" variant))))
+
+ (define setup-use-keyring (setup* "use-keyring"))
+ (define setup-use-keyboxd (setup* "use-keyboxd"))
+
+ (define all-tests
+   (parse-makefile-expand "Makefile"
+			  (lambda (filename port key) (parse-makefile port key))
+			  "XTESTS"))
+
+ (define tests
+   (map (lambda (name)
+	  (test::scm setup
+		     (qualify (path-join "tests" "tpm2dtests" name) "standard")
+		     (in-srcdir "tests" "tpm2dtests" name))) all-tests))
+
+ (when *run-all-tests*
+       (set! tests
+	     (append
+	      tests
+              ;; The second pass uses the keyboxd
+	      (map (lambda (name)
+		     (test::scm setup-use-keyboxd
+				(qualify (path-join "tests" "tpm2dtests" name)
+					 "keyboxd")
+				(in-srcdir "tests" "tpm2dtests" name)
+				"--use-keyboxd")) all-tests)
+              ;; The third pass uses the legact pubring.gpg
+	      (map (lambda (name)
+		     (test::scm setup-use-keyring
+				(qualify (path-join "tests" "tpm2dtests" name)
+					 "keyring")
+				(in-srcdir "tests" "tpm2dtests" name)
+				"--use-keyring")) all-tests)
+              )))
+
+ tests)
diff --git a/tests/tpm2dtests/defs.scm b/tests/tpm2dtests/defs.scm
new file mode 100644
index 0000000..2a09109
--- /dev/null
+++ b/tests/tpm2dtests/defs.scm
@@ -0,0 +1,473 @@
+;; Common definitions for the OpenPGP test scripts.
+;;
+;; Copyright (C) 2016, 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(let ((verbose (string->number (getenv "verbose"))))
+  (if (number? verbose)
+      (*set-verbose!* verbose)))
+
+(define (qualify executable)
+  (string-append executable (getenv "EXEEXT")))
+
+(define (getenv' key default)
+  (let ((value (getenv key)))
+    (if (string=? "" value)
+	default
+	value)))
+
+(define (percent-decode s)
+  (define (decode c)
+    (if (and (> (length c) 2) (char=? #\% (car c)))
+	(integer->char (string->number (string #\# #\x (cadr c) (caddr c))))
+	#f))
+  (let loop ((i 0) (c (string->list s)) (r (make-string (string-length s))))
+    (if (null? c)
+	(substring r 0 i)
+	(let ((decoded (decode c)))
+	  (string-set! r i (if decoded decoded (car c)))
+	  (loop (+ 1 i) (if decoded (cdddr c) (cdr c)) r)))))
+(assert (equal? (percent-decode "") ""))
+(assert (equal? (percent-decode "%61") "a"))
+(assert (equal? (percent-decode "foob%61r") "foobar"))
+
+(define (percent-encode s)
+  (define (encode c)
+    `(#\% ,@(string->list (number->string (char->integer c) 16))))
+  (let loop ((acc '()) (cs (reverse (string->list s))))
+    (if (null? cs)
+	(list->string acc)
+	(case (car cs)
+	  ((#\: #\%)
+	   (loop (append (encode (car cs)) acc) (cdr cs)))
+	  (else
+	   (loop (cons (car cs) acc) (cdr cs)))))))
+(assert (equal? (percent-encode "") ""))
+(assert (equal? (percent-encode "%61") "%2561"))
+(assert (equal? (percent-encode "foob%61r") "foob%2561r"))
+
+(define tools
+  '((gpgv "GPGV" "g10/gpgv")
+    (gpg-connect-agent "GPG_CONNECT_AGENT" "tools/gpg-connect-agent")
+    (gpgconf "GPGCONF" "tools/gpgconf")
+    (gpg-preset-passphrase "GPG_PRESET_PASSPHRASE"
+			   "agent/gpg-preset-passphrase")
+    (gpgtar "GPGTAR" "tools/gpgtar")
+    (gpg-zip "GPGZIP" "tools/gpg-zip")
+    (pinentry "PINENTRY" "tests/openpgp/fake-pinentry")
+    (tpm2daemon "TPM2DAEMON" "tpm2d/tpm2daemon")))
+
+(define bin-prefix (getenv "BIN_PREFIX"))
+(define installed? (not (string=? "" bin-prefix)))
+(define with-valgrind? (not (string=? (getenv "with_valgrind") "")))
+
+(define (tool-hardcoded which)
+  (let ((t (assoc which tools)))
+    (getenv' (cadr t)
+	     (qualify (if installed?
+			  (string-append bin-prefix "/" (basename (caddr t)))
+			  (string-append (getenv "objdir") "/" (caddr t)))))))
+
+;; You can splice VALGRIND into your argument vector to run programs
+;; under valgrind.  For example, to run valgrind on gpg, you may want
+;; to redefine gpg:
+;;
+;; (set! gpg `(,@valgrind ,@gpg))
+;;
+(define valgrind
+  '("/usr/bin/valgrind" -q --leak-check=no --track-origins=yes
+                        --error-exitcode=154 --exit-on-first-error=yes))
+
+(unless installed?
+	(setenv "GNUPG_BUILDDIR" (getenv "objdir") #t))
+
+(define (gpg-conf . args)
+  (gpg-conf' "" args))
+(define (gpg-conf' input args)
+  (let ((s (call-popen `(,(tool-hardcoded 'gpgconf)
+			 ,@(if installed? '()
+			       (list '--build-prefix (getenv "objdir")))
+			 ,@args) input)))
+    (map (lambda (line) (map percent-decode (string-split line #\:)))
+	 (string-split-newlines s))))
+(define :gc:c:name car)
+(define :gc:c:description cadr)
+(define :gc:c:pgmname caddr)
+(define (:gc:o:name x)             (list-ref x 0))
+(define (:gc:o:flags x)            (string->number (list-ref x 1)))
+(define (:gc:o:level x)            (string->number (list-ref x 2)))
+(define (:gc:o:description x)      (list-ref x 3))
+(define (:gc:o:type x)             (string->number (list-ref x 4)))
+(define (:gc:o:alternate-type x)   (string->number (list-ref x 5)))
+(define (:gc:o:argument-name x)    (list-ref x 6))
+(define (:gc:o:default-value x)    (list-ref x 7))
+(define (:gc:o:default-argument x) (list-ref x 8))
+(define (:gc:o:value x)            (if (< (length x) 10) "" (list-ref x 9)))
+
+(define (gpg-config component key)
+  (package
+   (define (value)
+     (let* ((conf (assoc key (gpg-conf '--list-options component)))
+	    (type (:gc:o:type conf))
+	    (value (:gc:o:value conf)))
+       (case type
+	 ((0 2 3) (string->number value))
+	 ((1 32) (substring value 1 (string-length value))))))
+   (define (update value)
+     (let ((value' (cond
+		    ((string? value) (string-append "\"" value))
+		    ((number? value) (number->string value))
+		    (else (throw "Unsupported value" value)))))
+       (gpg-conf' (string-append key ":0:" (percent-encode value'))
+		  `(--change-options ,component))))
+   (define (clear)
+     (gpg-conf' (string-append key ":16:")
+		`(--change-options ,component)))))
+
+(define gpg-components (apply gpg-conf '(--list-components)))
+
+(define (tool which)
+  (case which
+    ((gpg gpg-agent scdaemon gpgsm dirmngr)
+     (:gc:c:pgmname (assoc (symbol->string which) gpg-components)))
+    (else
+     (tool-hardcoded which))))
+
+(define (gpg-has-option? option)
+  (string-contains? (call-popen `(,(tool 'gpg) --dump-options) "")
+		    option))
+
+(define have-opt-always-trust
+  (catch #f
+	 (with-ephemeral-home-directory (lambda ()) (lambda ())
+	   (call-check `(,(tool 'gpg) --gpgconf-test --always-trust)))
+	 #t))
+
+(define GPG `(,(tool 'gpg) --no-permission-warning
+	      ,@(if have-opt-always-trust '(--always-trust) '())))
+(define GPGV `(,(tool 'gpgv)))
+(define PINENTRY (tool 'pinentry))
+(define TPM2DAEMON (tool 'tpm2daemon))
+
+(define (tr:gpg input args)
+  (tr:spawn input `(,@GPG --output **out** ,@args **in**)))
+
+(define (pipe:gpg args)
+  (pipe:spawn `(,@GPG --output - ,@args)))
+
+(define (gpg-with-colons args)
+  (let ((s (call-popen `(,@GPG --with-colons ,@args) "")))
+    (map (lambda (line) (string-split line #\:))
+	 (string-split-newlines s))))
+
+(define (secinfo name)
+  (assoc "sec" (gpg-with-colons `(--list-secret-key ,name))))
+(define (ssbinfo name)
+  (assoc "ssb" (gpg-with-colons `(--list-secret-key ,name))))
+(define (fingerprint name)
+  (:fpr (assoc "fpr" (gpg-with-colons `(--list-secret-key ,name)))))
+;; convenient accessors for sec
+(define (:cardinfo x) (list-ref x 14))
+;; Convenient accessors for the colon output of pub.
+(define (:type x)   (string->symbol (list-ref x 0)))
+(define (:length x) (string->number (list-ref x 2)))
+(define (:alg x) (string->number (list-ref x 3)))
+(define (:expire x) (list-ref x 6))
+(define (:fpr x) (list-ref x 9))
+(define (:cap x) (list-ref x 11))
+
+(define (have-public-key? key)
+  (catch #f
+	 (pair? (filter (lambda (l) (and (equal? 'fpr (:type l))
+					 (equal? key::fpr (:fpr l))))
+			(gpg-with-colons `(--list-keys ,key::fpr))))))
+
+(define (have-secret-key? key)
+  (catch #f
+	 (pair? (filter (lambda (l) (and (equal? 'fpr (:type l))
+					 (equal? key::fpr (:fpr l))))
+			(gpg-with-colons `(--list-secret-keys ,key::fpr))))))
+
+(define (have-secret-key-file? key)
+  (file-exists? (path-join (getenv "GNUPGHOME") "private-keys-v1.d"
+			   (string-append key::grip ".key"))))
+
+(define (get-config what)
+  (string-split (caddar (gpg-with-colons `(--list-config ,what))) #\;))
+
+(define all-pubkey-algos (delay (get-config "pubkeyname")))
+(define all-hash-algos (delay (get-config "digestname")))
+(define all-cipher-algos (delay (get-config "ciphername")))
+(define all-compression-algos (delay (get-config "compressname")))
+
+(define (have-pubkey-algo? x)
+  (not (not (member x (force all-pubkey-algos)))))
+(define (have-hash-algo? x)
+  (not (not (member x (force all-hash-algos)))))
+(define (have-cipher-algo? x)
+  (not (not (member x (force all-cipher-algos)))))
+(define (have-compression-algo? x)
+  (not (not (member x (force all-compression-algos)))))
+
+(define (gpg-pipe args0 args1 errfd)
+  (lambda (source sink)
+    (let* ((p (pipe))
+	   (task0 (spawn-process-fd `(,@GPG ,@args0)
+		   source (:write-end p) errfd))
+	   (_ (close (:write-end p)))
+	   (task1 (spawn-process-fd `(,@GPG ,@args1)
+		   (:read-end p) sink errfd)))
+      (close (:read-end p))
+      (wait-processes (list GPG GPG) (list task0 task1) #t))))
+
+;;
+;; Do we have a software tpm
+;;
+(define have-swtpm? (not (and (string=? "" (getenv "TPMSERVER"))
+			      (string=? "" (getenv "SWTPM")))))
+(setenv "GPG_AGENT_INFO" "" #t)
+(setenv "GNUPGHOME" (getcwd) #t)
+(if have-swtpm?
+    (setenv "TPM_INTERFACE_TYPE" "socsim" #t))
+(define GNUPGHOME (getcwd))
+
+;;
+;; GnuPG helper.
+;;
+
+;; Call GPG to obtain the hash sums.  Either specify an input file in
+;; ARGS, or an string in INPUT.  Returns a list of (<algo>
+;; "<hashsum>") lists.
+(define (gpg-hash-string args input)
+  (map
+   (lambda (line)
+     (let ((p (string-split line #\:)))
+       (list (string->number (cadr p)) (caddr p))))
+   (string-split-newlines
+    (call-popen `(,@GPG --with-colons ,@args) input))))
+
+;; Dearmor a file.
+(define (dearmor source-name sink-name)
+  (pipe:do
+   (pipe:open source-name (logior O_RDONLY O_BINARY))
+   (pipe:spawn `(,@GPG --dearmor))
+   (pipe:write-to sink-name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
+
+(define (gpg-dump-packets source-name sink-name)
+  (pipe:do
+   (pipe:open source-name (logior O_RDONLY O_BINARY))
+   (pipe:spawn `(,@GPG --list-packets))
+   (pipe:write-to sink-name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
+
+;;
+;; Support for test environment creation and teardown.
+;;
+
+(define (make-test-data filename size)
+  (call-with-binary-output-file
+   filename
+   (lambda (port)
+     (display (make-random-string size) port))))
+
+(define (create-file name . lines)
+  (catch #f (unlink name))
+  (letfd ((fd (open name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
+    (let ((port (fdopen fd "wb")))
+      (for-each (lambda (line) (display line port) (newline port))
+		lines))))
+
+(define (create-gpghome)
+  (log "Creating test environment...")
+
+  (srandom (getpid))
+  (make-test-data "random_seed" 600)
+
+  (log "Creating configuration files")
+
+  (if (flag "--use-keyring" *args*)
+      (create-file "pubring.gpg"))
+
+  (create-file "gpg.conf"
+               ;;"log-file socket:///tmp/S.wklog"
+               ;;"verbose"
+	       "no-greeting"
+	       "no-secmem-warning"
+	       "no-permission-warning"
+	       "batch"
+               "no-auto-key-retrieve"
+               "no-auto-key-locate"
+	       "allow-weak-digest-algos"
+               "ignore-mdc-error"
+	       (if have-opt-always-trust
+		   "no-auto-check-trustdb" "#no-auto-check-trustdb")
+	       (string-append "agent-program "
+			      (tool 'gpg-agent)
+			      "|--debug-quick-random\n")
+	       (if (flag "--use-keyboxd" *args*)
+		   "use-keyboxd" "#use-keyboxd")
+	       )
+  (create-file "gpg-agent.conf"
+	       "allow-preset-passphrase"
+	       "debug-all"
+	       "log-file gpg-agent.log"
+	       "no-grab"
+	       "enable-ssh-support"
+               "s2k-count 65536"
+	       (string-append "pinentry-program " (tool 'pinentry))
+	       (string-append "tpm2daemon-program " (tool 'tpm2daemon))
+	       "disable-scdaemon")
+  (create-file "msg.txt"
+	       "This is a test of TPM signing and encryption"
+	       "With two lines of text"))
+
+;; Initialize the test environment, install appropriate configuration
+;; and start the agent, without any keys.
+(define (setup-environment)
+  (create-gpghome)
+  (start-agent)
+  (start-tpm))
+
+(define (setup-environment-no-atexit)
+  (create-gpghome)
+  (start-agent #t))
+
+;; Initialize the test environment, install appropriate configuration
+;; and start the agent, with the keys from the legacy test suite.
+(define (setup-legacy-environment)
+  (create-gpghome)
+  (if (member "--unpack-tarball" *args*)
+      (begin
+	(call-check `(,(tool 'gpgtar) --extract --directory=. ,(cadr *args*)))
+	(start-agent))
+      (begin
+	(start-agent)
+	(create-legacy-gpghome)))
+  (preset-passphrases))
+
+;; start the tpm server
+(define (start-tpm)
+  (if have-swtpm?
+      (begin (define pid (call-check `(,(in-srcdir "tests" "tpm2dtests" "start_sw_tpm.sh"))))
+	     (if (not (null? pid))
+		 (atexit (lambda ()
+			   (call-check `("/bin/kill" ,pid))))))))
+
+;; Create the socket dir and start the agent.
+(define (start-agent . args)
+  (log "Starting gpg-agent...")
+  (let ((gnupghome (getenv "GNUPGHOME")))
+    (if (null? args)
+	(atexit (lambda ()
+		  (with-home-directory gnupghome (stop-agent))))))
+  (catch (log "Warning: Creating socket directory failed:" (car *error*))
+	 (gpg-conf '--create-socketdir))
+  (call-check `(,(tool 'gpg-connect-agent) --verbose
+		,(string-append "--agent-program=" (tool 'gpg-agent)
+				"|--debug-quick-random")
+		/bye)))
+
+;; Stop the agent and other daemons and remove the socket dir.
+(define (stop-agent)
+  (log "Stopping gpg-agent...")
+  (gpg-conf '--kill 'all)
+  (catch (log "Warning: Removing socket directory failed.")
+	 (gpg-conf '--remove-socketdir)))
+
+;; Get the trust level for KEYID.  Any remaining arguments are simply
+;; passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (gettrust keyid . args)
+  (let ((trust
+	  (list-ref (assoc "pub" (gpg-with-colons
+				   `(,@args
+				      --list-keys ,keyid))) 1)))
+    (unless (and (= 1 (string-length trust))
+		 (member (string-ref trust 0) (string->list "oidreqnmfuws-")))
+	    (fail "Bad trust value:" trust))
+    trust))
+
+;; Check that KEYID's trust level matches EXPECTED-TRUST.  Any
+;; remaining arguments are simply passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (checktrust keyid expected-trust . args)
+  (let ((trust (apply gettrust `(,keyid ,@args))))
+    (unless (string=? trust expected-trust)
+	    (fail keyid ": Expected trust to be" expected-trust
+		  "but got" trust))))
+
+(define (keytotpm name select)
+  (let ((result (call-with-io `(,@GPG --command-fd=0 --edit-key ,name ,select keytotpm)  "y\n")))
+    (if (= 0 (:retcode result))
+	(:stdout result)
+	(throw "keytotpm failed"
+	       (:stderr result)))))
+
+
+(define (quick-gen name algo)
+  (info "creating TPM " algo " key")
+  (call-check `(,@GPG --quick-generate-key ,name ,algo))
+  (keytotpm name "key 0")
+  (unless (string=? (:cardinfo (secinfo name)) "TPM-Protected")
+      (throw "key is not in the TPM")))
+
+(define (quick-add name algo)
+  (info "adding TPM encryption " algo " key")
+  (call-check `(,@GPG --quick-add-key ,(fingerprint name) ,algo "encr"))
+  (keytotpm name "key 1")
+  (unless (string=? (:cardinfo (ssbinfo name)) "TPM-Protected")
+      (throw "Added key is not in the TPM")))
+
+(define (check-sig name)
+  (info "checking TPM signing")
+  (call-check `(,@GPG --default-key ,name --sign msg.txt))
+  (call-check `(,@GPG --verify msg.txt.gpg))
+  (unlink "msg.txt.gpg"))
+
+(define (check-encrypt name)
+  (info "Checking TPM decryption")
+  (call-check `(,@GPG --recipient ,name --encrypt msg.txt))
+  (call-check `(,@GPG --output msg.out.txt --decrypt msg.txt.gpg))
+  (unless (file=? "msg.txt" "msg.out.txt")
+	  (throw "File did not decrypt to the same message"))
+  (unlink "msg.out.txt")
+  (unlink "msg.txt.gpg"))
+
+;;
+;; Tests are very simple: create primary key in TPM add encryption key
+;; in TPM (verifies TPM primary can certify secondary), sign a message
+;; with primary key and check signature encrypt a message with
+;; encryption key and check signature
+;;
+(define (test-tpm name algo)
+  (quick-gen name algo)
+  (quick-add name algo)
+  (check-sig name)
+  (check-encrypt name))
+
+;;
+;; Enable checking with valgrind if the envvar "with_valgrind" is set
+;;
+(when with-valgrind?
+  (set! gpg `(,@valgrind ,@gpg)))
+
+
+;;(set! *args* (append *args* (list "--use-keyboxd")))
+
+
+;; end
diff --git a/tests/tpm2dtests/ecc.scm b/tests/tpm2dtests/ecc.scm
new file mode 100644
index 0000000..8b28cad
--- /dev/null
+++ b/tests/tpm2dtests/ecc.scm
@@ -0,0 +1,23 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2021 James.Bottomley@HansenPartnership.com
+;;
+;; SPDX-License-Identifier: GPL-3.0-or-later
+;;
+(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
+
+(setup-environment)
+(setenv "PINENTRY_USER_DATA" "ecckey" #t)
+
+;;
+;; try checking signature and encryption on supported elliptic
+;; curve keys.  Note this list must be allowable by the swtpm
+;; used for the test, which is why it's so small
+;;
+(define key-list '("nistp256" "nistp384"))
+
+(for-each
+ (lambda (algo)
+   (define name algo "<" algo "@example.com>")
+   (test-tpm name algo))
+ key-list)
diff --git a/tests/tpm2dtests/longpassphrase.scm b/tests/tpm2dtests/longpassphrase.scm
new file mode 100644
index 0000000..6e72dc3
--- /dev/null
+++ b/tests/tpm2dtests/longpassphrase.scm
@@ -0,0 +1,36 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2021 James.Bottomley@HansenPartnership.com
+;;
+;; SPDX-License-Identifier: GPL-3.0-or-later
+;;
+(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
+
+(setup-environment)
+
+;;
+;; Check that a key with a long passphrase can be created and check
+;; the passphrase can be truncated and still work
+;;
+(define name "ecc <ecc@example.com>")
+(define name1 "ecc1 <ecc1@example.com>")
+(define algo "nistp256")
+
+(setenv "PINENTRY_USER_DATA" "this is a password longer than the TPM max of the name algorithm (i.e. 32)" #t)
+(quick-gen name algo)
+
+(setenv "PINENTRY_USER_DATA" "this is a password longer than the TPM max of the name" #t)
+(check-sig name)
+
+;; exactly the TPM limit (sha256 hash name algorithm: 32)
+(setenv "PINENTRY_USER_DATA" "12345678901234567890123456789012" #t)
+(quick-gen name1 algo)
+
+(info "checking TPM signing failure with truncated passphrase")
+;; passphrase one character shorter, should fail with bad passphrase
+(setenv "PINENTRY_USER_DATA" "1234567890123456789012345678901" #t)
+(let ((result (call-with-io `(,@GPG --default-key ,name1 --sign msg.txt) "")))
+  (if (= 0 (:retcode result))
+      (throw "Signing Key succeeded with wrong passphrase")
+      (unless (string-contains? (:stderr result) "Bad passphrase")
+	      (throw "Unexpected signing error:" (:stderr result)))))
diff --git a/tests/tpm2dtests/rsa.scm b/tests/tpm2dtests/rsa.scm
new file mode 100644
index 0000000..aaae352
--- /dev/null
+++ b/tests/tpm2dtests/rsa.scm
@@ -0,0 +1,13 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2021 James.Bottomley@HansenPartnership.com
+;;
+;; SPDX-License-Identifier: GPL-3.0-or-later
+;;
+(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
+
+(setup-environment)
+
+(setenv "PINENTRY_USER_DATA" "rsakey" #t)
+
+(test-tpm "rsa <rsa@example.com>" "rsa2048")
diff --git a/tests/tpm2dtests/run-tests.scm b/tests/tpm2dtests/run-tests.scm
new file mode 100644
index 0000000..fdf1859
--- /dev/null
+++ b/tests/tpm2dtests/run-tests.scm
@@ -0,0 +1,43 @@
+;; Test-suite runner.
+;;
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(if (string=? "" (getenv "abs_top_srcdir"))
+    (begin
+      (echo "Environment variable 'abs_top_srcdir' not set.  Please point it to"
+	    "tests/tpm2dtests.")
+      (exit 2)))
+
+;; Set objdir so that the tests can locate built programs.
+(setenv "objdir" (getcwd) #f)
+
+(define setup
+  (make-environment-cache (test::scm
+			   #f
+			   (path-join "tests" "tpm2dtests" "setup.scm")
+			   (in-srcdir "tests" "tpm2dtests" "setup.scm"))))
+
+(define tests (filter (lambda (arg) (not (string-prefix? arg "--"))) *args*))
+
+(run-tests (if (null? tests)
+	      (load-tests "tests" "tpm2dtests")
+	      (map (lambda (name)
+		      (test::scm setup
+				 (path-join "tests" "tpm2dtests" name)
+				 (in-srcdir "tests" "tpm2dtests" name)
+				 "--use-keyring")) tests)))
diff --git a/tests/tpm2dtests/shell.scm b/tests/tpm2dtests/shell.scm
new file mode 100644
index 0000000..a0d32ec
--- /dev/null
+++ b/tests/tpm2dtests/shell.scm
@@ -0,0 +1,51 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
+
+;; This is not a test, but can be used to inspect the test
+;; environment.  Simply execute
+;;
+;;   make -Ctests/tpm2dtests check TESTS=shell.scm
+;;
+;; to run it.
+
+(setup-environment)
+
+(if (prompt-yes-no? "Drop 'batch' from gpg.conf" #t)
+    (apply create-file
+	   (cons "gpg.conf"
+		 (filter (lambda (line) (not (equal? "batch" line)))
+			 (string-split-newlines
+			  (call-with-input-file "gpg.conf" read-all)))))
+    (begin
+      (echo "Note that gpg.conf includes 'batch'.  If you want to use gpg")
+      (echo "interactively you should drop that.")))
+
+;; Add paths to tools to PATH.
+(setenv "PATH" (pathsep-join
+		(append (map (lambda (t) (dirname (tool t)))
+			     '(gpg gpg-agent scdaemon gpgsm dirmngr gpgconf tpm2daemon))
+			(pathsep-split (getenv "PATH"))))
+	#t)
+
+(echo "\nEnjoy your test environment. "
+      "Type 'exit' to exit it, it will be cleaned up after you.\n")
+
+(interactive-shell)
diff --git a/tests/tpm2dtests/start_sw_tpm.sh b/tests/tpm2dtests/start_sw_tpm.sh
new file mode 100755
index 0000000..36e1a80
--- /dev/null
+++ b/tests/tpm2dtests/start_sw_tpm.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# remove any prior TPM contents
+rm -f NVChip h*.bin *.permall
+if [ -x "${SWTPM}" ]; then
+    ${SWTPM} socket --tpm2 --server type=tcp,port=2321 \
+         --ctrl type=tcp,port=2322 --tpmstate dir=`pwd` &
+else
+    ${TPMSERVER} > /dev/null 2>&1  &
+fi
+pid=$!
+##
+# This powers on the tpm and starts it
+# then we derive the RSA version of the storage seed and
+# store it permanently at handle 81000001 and flush the transient
+##
+a=0; while [ $a -lt 10 ]; do
+    if [ -x "${SWTPM_IOCTL}" ]; then
+	${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -i > /dev/null 2>&1
+    else
+	tsspowerup > /dev/null 2>&1
+    fi
+    if [ $? -eq 0 ]; then
+	break;
+    fi
+    sleep 1
+    a=$[$a+1]
+done
+if [ $a -eq 10 ]; then
+    echo "Waited 10s for tpm_server to come up; exiting"
+    exit 1
+fi
+
+tssstartup || exit 1
+echo -n $pid
diff --git a/tests/tpm2dtests/unimportable.scm b/tests/tpm2dtests/unimportable.scm
new file mode 100644
index 0000000..be84c13
--- /dev/null
+++ b/tests/tpm2dtests/unimportable.scm
@@ -0,0 +1,28 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2021 James.Bottomley@HansenPartnership.com
+;;
+;; SPDX-License-Identifier: GPL-3.0-or-later
+;;
+(load (in-srcdir "tests" "tpm2dtests" "defs.scm"))
+
+(setup-environment)
+(setenv "PINENTRY_USER_DATA" "this is a password" #t)
+
+;;
+;; Tries to import a selection of keys with no TPM representation
+;; and verifies it fails.  There are many unimportable keys, so
+;; save time by only choosing one EC and one RSA one
+;;
+(define key-list '("ed25519" "rsa4096"))
+
+(for-each
+ (lambda(algo)
+   (info "Checking failure to import" algo)
+   (define name algo "<ecc" algo "@example.com>")
+   (call-check `(,@GPG --quick-generate-key ,name ,algo))
+   (let ((result (call-with-io `(,@GPG --command-fd=0 --edit-key ,name "key 0" keytotpm)  "y\n")))
+     (if (= 0 (:retcode result))
+	 (throw "Importing Key succeeded")
+	 (:stderr result))))
+ key-list)
diff --git a/tools/Makefile.am b/tools/Makefile.am
index acc649c..4c29f84 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -21,61 +21,50 @@ EXTRA_DIST = \
 	addgnupghome applygnupgdefaults \
 	lspgpot mail-signed-keys convert-from-106 sockprox.c \
 	ccidmon.c ChangeLog-2011 \
+	gpg-connect-agent-w32info.rc gpg-connect-agent.w32-manifest.in \
 	gpgconf-w32info.rc           gpgconf.w32-manifest.in \
 	gpgtar-w32info.rc            gpgtar.w32-manifest.in \
-        gpg-connect-agent-w32info.rc gpg-connect-agent.w32-manifest.in \
 	gpg-check-pattern-w32info.rc gpg-check-pattern.w32-manifest.in \
-	gpg-wks-client-w32info.rc    gpg-wks-client.w32-manifest.in
-
+	gpg-wks-client-w32info.rc    gpg-wks-client.w32-manifest.in \
+	gpg-card-w32info.rc          gpg-card.w32-manifest.in
 
 AM_CPPFLAGS =
 include $(top_srcdir)/am/cmacros.am
 
 if HAVE_W32_SYSTEM
-gpgconf_robjs =           $(resource_objs) gpgconf-w32info.o
-gpgtar_robjs =            $(resource_objs) gpgtar-w32info.o
-gpg_connect_agent_robjs = $(resource_objs) gpg-connect-agent-w32info.o
-gpg_check_pattern_robjs = $(resource_objs) gpg-check-pattern-w32info.o
-gpg_wks_client_robjs =    $(resource_objs) gpg-wks-client-w32info.o
-
-gpgconf-w32info.o:           gpgconf.w32-manifest
-gpgtar-w32info.o:            gpgtar.w32-manifest
-gpg-connect-agent-w32info.o: gpg-connect-agent.w32-manifest
-gpg-check-pattern-w32info.o: gpg-check-pattern.w32-manifest
-gpg-wks-client-w32info.o:    gpg-wks-client.w32-manifest
-else
-gpg_connect_agent_robjs =
-gpgconf_robjs =
-gpg_check_pattern_robjs =
-gpgtar_robjs =
-gpg_wks_client_robjs =
+gpg_connect_agent_rc_objs = gpg-connect-agent-w32info.o
+gpgconf_rc_objs           = gpgconf-w32info.o
+gpg_card_rc_objs          = gpg-card-w32info.o
+gpgtar_rc_objs            = gpgtar-w32info.o
+gpg_check_pattern_rc_objs = gpg-check-pattern-w32info.o
+gpg_wks_client_rc_objs    = gpg-wks-client-w32info.o
+resource_objs += $(gpg_connect_agent_rc_objs)
+resource_objs += $(gpgconf_rc_objs)
+resource_objs += $(gpg_card_tool_rc_objs)
+resource_objs += $(gpgtar_rc_objs)
+resource_objs += $(gpg_check_pattern_rc_objs)
+resource_objs += $(gpg_wks_client_rc_objs)
 endif
 
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
 
 sbin_SCRIPTS = addgnupghome applygnupgdefaults
 
-if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
-endif
-
 if BUILD_WKS_TOOLS
   gpg_wks_server = gpg-wks-server
 else
   gpg_wks_server =
 endif
 
-libexec_PROGRAMS = gpg-wks-client
 
-bin_PROGRAMS = gpgconf gpg-connect-agent
+bin_PROGRAMS = gpgconf gpg-connect-agent gpg-card gpg-wks-client
 if !HAVE_W32_SYSTEM
 bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} gpgsplit
 else
 bin_PROGRAMS += gpgconf-w32
 endif
 
-libexec_PROGRAMS += gpg-check-pattern
+libexec_PROGRAMS = gpg-check-pattern gpg-pair-tool
 
 if !HAVE_W32CE_SYSTEM
 noinst_PROGRAMS = clean-sat make-dns-cert
@@ -123,7 +112,7 @@ gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c
 gpgconf_LDADD = $(maybe_commonpth_libs) $(opt_libassuan_libs) \
                 $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	        $(LIBICONV) $(W32SOCKLIBS) \
-	        $(gpgconf_robjs)
+	        $(gpgconf_rc_objs)
 gpgconf_LDFLAGS = $(extra_bin_ldflags)
 
 gpgconf_w32_SOURCES = $(gpgconf_SOURCES)
@@ -141,24 +130,42 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
 	                  $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
                           $(GPG_ERROR_LIBS) \
                           $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
-                          $(gpg_connect_agent_robjs)
+                          $(gpg_connect_agent_rc_objs)
+
+
+gpg_card_SOURCES   = \
+	gpg-card.c \
+	gpg-card.h     \
+	card-call-scd.c \
+	card-keys.c \
+	card-yubikey.c \
+	card-misc.c
+
+gpg_card_LDADD = \
+	../common/libgpgrl.a $(common_libs) \
+	$(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
+	$(GPG_ERROR_LIBS) \
+        $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
+        $(gpg_card_rc_objs)
+
 
 gpg_check_pattern_SOURCES = gpg-check-pattern.c
 gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_check_pattern_LDADD = $(common_libs) $(regexp_libs) $(LIBGCRYPT_LIBS) \
 			  $(GPG_ERROR_LIBS) \
 			  $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \
-			  $(LIBICONV) $(gpg_check_pattern_robjs)
+			  $(LIBICONV) \
+		          $(gpg_check_pattern_rc_objs)
 
 gpgtar_SOURCES = \
 	gpgtar.c gpgtar.h \
 	gpgtar-create.c \
 	gpgtar-extract.c \
 	gpgtar-list.c
-gpgtar_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS)
 gpgtar_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
                $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \
-	       $(gpgtar_robjs)
+	       $(gpgtar_rc_objs)
 
 gpg_wks_server_SOURCES = \
 	gpg-wks-server.c \
@@ -170,7 +177,7 @@ gpg_wks_server_SOURCES = \
 	mime-maker.c  mime-maker.h  \
 	send-mail.c   send-mail.h
 
-gpg_wks_server_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
+gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
 		       $(LIBINTL) $(LIBICONV)
 
@@ -185,13 +192,35 @@ gpg_wks_client_SOURCES = \
 	send-mail.c   send-mail.h   \
 	call-dirmngr.c call-dirmngr.h
 
-gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-			$(GPG_ERROR_CFLAGS) $(INCICONV)
+gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_wks_client_LDADD = $(libcommon) \
 		       $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
 		       $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-		       $(gpg_wks_client_robjs)
-
+	               $(gpg_wks_client_rc_objs)
+
+gpg_pair_tool_SOURCES = \
+	gpg-pair-tool.c
+
+gpg_pair_tool_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
+gpg_pair_tool_LDADD =  $(libcommon) \
+		       $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+		       $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
+
+# Instead of a symlink we install a simple wrapper script for the new
+# gpg-wks-client location.  We assume bin is a sibling of libexec.
+install-exec-local:
+	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+	(set -e ;\
+	 if [ "$(libexecdir)" != "$(bindir)" ]; then \
+	   printf '#!/bin/sh\nexec "$(bindir)/gpg-wks-client" "$$@"\n' \
+	          > $(DESTDIR)$(libexecdir)/gpg-wks-client ;\
+	   chmod +x $(DESTDIR)$(libexecdir)/gpg-wks-client ;\
+	 fi )
+
+uninstall-local:
+	(if [ "$(libexecdir)" != "$(bindir)" ]; then \
+	   rm $(DESTDIR)$(libexecdir)/gpg-wks-client || true ;\
+         fi )
 
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
diff --git a/tools/Makefile.in b/tools/Makefile.in
index e1b7da9..2187f44 100644
--- a/tools/Makefile.in
+++ b/tools/Makefile.in
@@ -139,43 +139,51 @@ host_triplet = @host@
 @GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
 @GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
 @GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-libexec_PROGRAMS = gpg-wks-client$(EXEEXT) gpg-check-pattern$(EXEEXT)
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+@HAVE_W32_SYSTEM_TRUE@am__append_9 = $(gpg_connect_agent_rc_objs) \
+@HAVE_W32_SYSTEM_TRUE@	$(gpgconf_rc_objs) \
+@HAVE_W32_SYSTEM_TRUE@	$(gpg_card_tool_rc_objs) \
+@HAVE_W32_SYSTEM_TRUE@	$(gpgtar_rc_objs) \
+@HAVE_W32_SYSTEM_TRUE@	$(gpg_check_pattern_rc_objs) \
+@HAVE_W32_SYSTEM_TRUE@	$(gpg_wks_client_rc_objs)
 bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \
-	$(am__EXEEXT_2) $(am__EXEEXT_3) $(am__EXEEXT_4)
-@HAVE_W32_SYSTEM_FALSE@am__append_8 = watchgnupg gpgparsemail ${gpg_wks_server} gpgsplit
-@HAVE_W32_SYSTEM_TRUE@am__append_9 = gpgconf-w32
+	gpg-card$(EXEEXT) gpg-wks-client$(EXEEXT) $(am__EXEEXT_2) \
+	$(am__EXEEXT_3) $(am__EXEEXT_4)
+@HAVE_W32_SYSTEM_FALSE@am__append_10 = watchgnupg gpgparsemail ${gpg_wks_server} gpgsplit
+@HAVE_W32_SYSTEM_TRUE@am__append_11 = gpgconf-w32
+libexec_PROGRAMS = gpg-check-pattern$(EXEEXT) gpg-pair-tool$(EXEEXT)
 @HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \
 @HAVE_W32CE_SYSTEM_FALSE@	make-dns-cert$(EXEEXT) \
 @HAVE_W32CE_SYSTEM_FALSE@	$(am__EXEEXT_5)
-@BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_10 = gpgtar
-@BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar
+@BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar
+@BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_13 = gpgtar
 subdir = tools
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/readline.m4 \
-	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
-	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = gpg-zip gpgconf.w32-manifest gpgtar.w32-manifest \
-	gpg-connect-agent.w32-manifest gpg-check-pattern.w32-manifest \
-	gpg-wks-client.w32-manifest
+CONFIG_CLEAN_FILES = gpg-connect-agent.w32-manifest \
+	gpgconf.w32-manifest gpgtar.w32-manifest \
+	gpg-check-pattern.w32-manifest gpg-wks-client.w32-manifest \
+	gpg-card.w32-manifest
 CONFIG_CLEAN_VPATH_FILES =
 @BUILD_WKS_TOOLS_TRUE@am__EXEEXT_1 = gpg-wks-server$(EXEEXT)
 @HAVE_W32_SYSTEM_FALSE@am__EXEEXT_2 = watchgnupg$(EXEEXT) \
@@ -192,28 +200,39 @@ PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
 clean_sat_SOURCES = clean-sat.c
 clean_sat_OBJECTS = clean-sat.$(OBJEXT)
 clean_sat_LDADD = $(LDADD)
+am_gpg_card_OBJECTS = gpg-card.$(OBJEXT) card-call-scd.$(OBJEXT) \
+	card-keys.$(OBJEXT) card-yubikey.$(OBJEXT) card-misc.$(OBJEXT)
+gpg_card_OBJECTS = $(am_gpg_card_OBJECTS)
+am__DEPENDENCIES_1 =
+gpg_card_DEPENDENCIES = ../common/libgpgrl.a $(common_libs) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(gpg_card_rc_objs)
 am_gpg_check_pattern_OBJECTS =  \
 	gpg_check_pattern-gpg-check-pattern.$(OBJEXT)
 gpg_check_pattern_OBJECTS = $(am_gpg_check_pattern_OBJECTS)
-am__DEPENDENCIES_1 =
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpg-check-pattern-w32info.o
 gpg_check_pattern_DEPENDENCIES = $(common_libs) $(regexp_libs) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+	$(am__DEPENDENCIES_1) $(gpg_check_pattern_rc_objs)
 gpg_check_pattern_LINK = $(CCLD) $(gpg_check_pattern_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 am_gpg_connect_agent_OBJECTS = gpg-connect-agent.$(OBJEXT)
 gpg_connect_agent_OBJECTS = $(am_gpg_connect_agent_OBJECTS)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpg-connect-agent-w32info.o
 gpg_connect_agent_DEPENDENCIES = ../common/libgpgrl.a $(common_libs) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3)
+	$(am__DEPENDENCIES_1) $(gpg_connect_agent_rc_objs)
+am_gpg_pair_tool_OBJECTS = gpg_pair_tool-gpg-pair-tool.$(OBJEXT)
+gpg_pair_tool_OBJECTS = $(am_gpg_pair_tool_OBJECTS)
+gpg_pair_tool_DEPENDENCIES = $(libcommon) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+gpg_pair_tool_LINK = $(CCLD) $(gpg_pair_tool_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 am_gpg_wks_client_OBJECTS = gpg_wks_client-gpg-wks-client.$(OBJEXT) \
 	gpg_wks_client-wks-util.$(OBJEXT) \
 	gpg_wks_client-wks-receive.$(OBJEXT) \
@@ -223,12 +242,10 @@ am_gpg_wks_client_OBJECTS = gpg_wks_client-gpg-wks-client.$(OBJEXT) \
 	gpg_wks_client-send-mail.$(OBJEXT) \
 	gpg_wks_client-call-dirmngr.$(OBJEXT)
 gpg_wks_client_OBJECTS = $(am_gpg_wks_client_OBJECTS)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpg-wks-client-w32info.o
 gpg_wks_client_DEPENDENCIES = $(libcommon) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4)
+	$(am__DEPENDENCIES_1) $(gpg_wks_client_rc_objs)
 gpg_wks_client_LINK = $(CCLD) $(gpg_wks_client_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 am_gpg_wks_server_OBJECTS = gpg_wks_server-gpg-wks-server.$(OBJEXT) \
@@ -246,25 +263,21 @@ gpg_wks_server_LINK = $(CCLD) $(gpg_wks_server_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 am_gpgconf_OBJECTS = gpgconf.$(OBJEXT) gpgconf-comp.$(OBJEXT)
 gpgconf_OBJECTS = $(am_gpgconf_OBJECTS)
-@HAVE_W32CE_SYSTEM_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_1)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_6 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpgconf-w32info.o
-gpgconf_DEPENDENCIES = $(maybe_commonpth_libs) $(am__DEPENDENCIES_5) \
+@HAVE_W32CE_SYSTEM_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
+gpgconf_DEPENDENCIES = $(maybe_commonpth_libs) $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_6)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(gpgconf_rc_objs)
 gpgconf_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(gpgconf_LDFLAGS) \
 	$(LDFLAGS) -o $@
 am__objects_1 = gpgconf.$(OBJEXT) gpgconf-comp.$(OBJEXT)
 am_gpgconf_w32_OBJECTS = $(am__objects_1)
 gpgconf_w32_OBJECTS = $(am_gpgconf_w32_OBJECTS)
-am__DEPENDENCIES_7 = $(maybe_commonpth_libs) $(am__DEPENDENCIES_5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+am__DEPENDENCIES_3 = $(maybe_commonpth_libs) $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_6)
-gpgconf_w32_DEPENDENCIES = $(am__DEPENDENCIES_7)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(gpgconf_rc_objs)
+gpgconf_w32_DEPENDENCIES = $(am__DEPENDENCIES_3)
 gpgconf_w32_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(gpgconf_w32_LDFLAGS) $(LDFLAGS) -o $@
 am_gpgparsemail_OBJECTS = gpgparsemail.$(OBJEXT) rfc822parse.$(OBJEXT)
@@ -280,12 +293,10 @@ am_gpgtar_OBJECTS = gpgtar-gpgtar.$(OBJEXT) \
 	gpgtar-gpgtar-create.$(OBJEXT) gpgtar-gpgtar-extract.$(OBJEXT) \
 	gpgtar-gpgtar-list.$(OBJEXT)
 gpgtar_OBJECTS = $(am_gpgtar_OBJECTS)
-@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_8 = $(am__DEPENDENCIES_1) \
-@HAVE_W32_SYSTEM_TRUE@	gpgtar-w32info.o
 gpgtar_DEPENDENCIES = $(libcommon) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_8)
+	$(am__DEPENDENCIES_1) $(gpgtar_rc_objs)
 gpgtar_LINK = $(CCLD) $(gpgtar_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
 make_dns_cert_SOURCES = make-dns-cert.c
@@ -321,7 +332,7 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-SCRIPTS = $(noinst_SCRIPTS) $(sbin_SCRIPTS)
+SCRIPTS = $(sbin_SCRIPTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -337,9 +348,12 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/clean-sat.Po \
-	./$(DEPDIR)/gpg-connect-agent.Po \
+am__depfiles_remade = ./$(DEPDIR)/card-call-scd.Po \
+	./$(DEPDIR)/card-keys.Po ./$(DEPDIR)/card-misc.Po \
+	./$(DEPDIR)/card-yubikey.Po ./$(DEPDIR)/clean-sat.Po \
+	./$(DEPDIR)/gpg-card.Po ./$(DEPDIR)/gpg-connect-agent.Po \
 	./$(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po \
+	./$(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po \
 	./$(DEPDIR)/gpg_wks_client-call-dirmngr.Po \
 	./$(DEPDIR)/gpg_wks_client-gpg-wks-client.Po \
 	./$(DEPDIR)/gpg_wks_client-mime-maker.Po \
@@ -379,13 +393,15 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = clean-sat.c $(gpg_check_pattern_SOURCES) \
-	$(gpg_connect_agent_SOURCES) $(gpg_wks_client_SOURCES) \
-	$(gpg_wks_server_SOURCES) $(gpgconf_SOURCES) \
-	$(gpgconf_w32_SOURCES) $(gpgparsemail_SOURCES) gpgsplit.c \
-	$(gpgtar_SOURCES) make-dns-cert.c $(watchgnupg_SOURCES)
-DIST_SOURCES = clean-sat.c $(gpg_check_pattern_SOURCES) \
-	$(gpg_connect_agent_SOURCES) $(gpg_wks_client_SOURCES) \
+SOURCES = clean-sat.c $(gpg_card_SOURCES) $(gpg_check_pattern_SOURCES) \
+	$(gpg_connect_agent_SOURCES) $(gpg_pair_tool_SOURCES) \
+	$(gpg_wks_client_SOURCES) $(gpg_wks_server_SOURCES) \
+	$(gpgconf_SOURCES) $(gpgconf_w32_SOURCES) \
+	$(gpgparsemail_SOURCES) gpgsplit.c $(gpgtar_SOURCES) \
+	make-dns-cert.c $(watchgnupg_SOURCES)
+DIST_SOURCES = clean-sat.c $(gpg_card_SOURCES) \
+	$(gpg_check_pattern_SOURCES) $(gpg_connect_agent_SOURCES) \
+	$(gpg_pair_tool_SOURCES) $(gpg_wks_client_SOURCES) \
 	$(gpg_wks_server_SOURCES) $(gpgconf_SOURCES) \
 	$(gpgconf_w32_SOURCES) $(gpgparsemail_SOURCES) gpgsplit.c \
 	$(gpgtar_SOURCES) make-dns-cert.c $(watchgnupg_SOURCES)
@@ -414,9 +430,10 @@ am__define_uniq_tagged_files = \
 ETAGS = etags
 CTAGS = ctags
 am__DIST_COMMON = $(srcdir)/Makefile.in \
+	$(srcdir)/gpg-card.w32-manifest.in \
 	$(srcdir)/gpg-check-pattern.w32-manifest.in \
 	$(srcdir)/gpg-connect-agent.w32-manifest.in \
-	$(srcdir)/gpg-wks-client.w32-manifest.in $(srcdir)/gpg-zip.in \
+	$(srcdir)/gpg-wks-client.w32-manifest.in \
 	$(srcdir)/gpgconf.w32-manifest.in \
 	$(srcdir)/gpgtar.w32-manifest.in $(top_srcdir)/am/cmacros.am \
 	$(top_srcdir)/build-aux/depcomp \
@@ -461,9 +478,11 @@ GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
 GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
 GPGRT_CONFIG = @GPGRT_CONFIG@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
@@ -472,6 +491,7 @@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -499,9 +519,10 @@ LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
 LIBREADLINE = @LIBREADLINE@
 LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
 LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
 LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
@@ -538,13 +559,16 @@ RANLIB = @RANLIB@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-SHRED = @SHRED@
 SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
 STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
 USE_C99_CFLAGS = @USE_C99_CFLAGS@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
@@ -612,18 +636,20 @@ EXTRA_DIST = \
 	addgnupghome applygnupgdefaults \
 	lspgpot mail-signed-keys convert-from-106 sockprox.c \
 	ccidmon.c ChangeLog-2011 \
+	gpg-connect-agent-w32info.rc gpg-connect-agent.w32-manifest.in \
 	gpgconf-w32info.rc           gpgconf.w32-manifest.in \
 	gpgtar-w32info.rc            gpgtar.w32-manifest.in \
-        gpg-connect-agent-w32info.rc gpg-connect-agent.w32-manifest.in \
 	gpg-check-pattern-w32info.rc gpg-check-pattern.w32-manifest.in \
-	gpg-wks-client-w32info.rc    gpg-wks-client.w32-manifest.in
+	gpg-wks-client-w32info.rc    gpg-wks-client.w32-manifest.in \
+	gpg-card-w32info.rc          gpg-card.w32-manifest.in
 
 
 # NB: AM_CFLAGS may also be used by tools running on the build
 # platform to create source files.
 AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
-	$(am__append_5) $(am__append_6) $(am__append_7)
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
 @HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
 
 # Under Windows we use LockFileEx.  WindowsCE provides this only on
@@ -634,28 +660,21 @@ AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
 @HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
 @HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
 @HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
+resource_objs = $(am__append_9)
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
 libcommontls = ../common/libcommontls.a
 libcommontlsnpth = ../common/libcommontlsnpth.a
-@HAVE_W32_SYSTEM_FALSE@gpgconf_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpgconf_robjs = $(resource_objs) gpgconf-w32info.o
-@HAVE_W32_SYSTEM_FALSE@gpgtar_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpgtar_robjs = $(resource_objs) gpgtar-w32info.o
-@HAVE_W32_SYSTEM_FALSE@gpg_connect_agent_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpg_connect_agent_robjs = $(resource_objs) gpg-connect-agent-w32info.o
-@HAVE_W32_SYSTEM_FALSE@gpg_check_pattern_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpg_check_pattern_robjs = $(resource_objs) gpg-check-pattern-w32info.o
-@HAVE_W32_SYSTEM_FALSE@gpg_wks_client_robjs = 
-@HAVE_W32_SYSTEM_TRUE@gpg_wks_client_robjs = $(resource_objs) gpg-wks-client-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpg_connect_agent_rc_objs = gpg-connect-agent-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpgconf_rc_objs = gpgconf-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpg_card_rc_objs = gpg-card-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpgtar_rc_objs = gpgtar-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpg_check_pattern_rc_objs = gpg-check-pattern-w32info.o
+@HAVE_W32_SYSTEM_TRUE@gpg_wks_client_rc_objs = gpg-wks-client-w32info.o
 AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
 sbin_SCRIPTS = addgnupghome applygnupgdefaults
-
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
 @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = 
 @BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server
 common_libs = $(libcommon)
@@ -679,7 +698,7 @@ gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c
 gpgconf_LDADD = $(maybe_commonpth_libs) $(opt_libassuan_libs) \
                 $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	        $(LIBICONV) $(W32SOCKLIBS) \
-	        $(gpgconf_robjs)
+	        $(gpgconf_rc_objs)
 
 gpgconf_LDFLAGS = $(extra_bin_ldflags)
 gpgconf_w32_SOURCES = $(gpgconf_SOURCES)
@@ -694,14 +713,30 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
 	                  $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
                           $(GPG_ERROR_LIBS) \
                           $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
-                          $(gpg_connect_agent_robjs)
+                          $(gpg_connect_agent_rc_objs)
+
+gpg_card_SOURCES = \
+	gpg-card.c \
+	gpg-card.h     \
+	card-call-scd.c \
+	card-keys.c \
+	card-yubikey.c \
+	card-misc.c
+
+gpg_card_LDADD = \
+	../common/libgpgrl.a $(common_libs) \
+	$(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
+	$(GPG_ERROR_LIBS) \
+        $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
+        $(gpg_card_rc_objs)
 
 gpg_check_pattern_SOURCES = gpg-check-pattern.c
 gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_check_pattern_LDADD = $(common_libs) $(regexp_libs) $(LIBGCRYPT_LIBS) \
 			  $(GPG_ERROR_LIBS) \
 			  $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \
-			  $(LIBICONV) $(gpg_check_pattern_robjs)
+			  $(LIBICONV) \
+		          $(gpg_check_pattern_rc_objs)
 
 gpgtar_SOURCES = \
 	gpgtar.c gpgtar.h \
@@ -709,10 +744,10 @@ gpgtar_SOURCES = \
 	gpgtar-extract.c \
 	gpgtar-list.c
 
-gpgtar_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS)
 gpgtar_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
                $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \
-	       $(gpgtar_robjs)
+	       $(gpgtar_rc_objs)
 
 gpg_wks_server_SOURCES = \
 	gpg-wks-server.c \
@@ -724,7 +759,7 @@ gpg_wks_server_SOURCES = \
 	mime-maker.c  mime-maker.h  \
 	send-mail.c   send-mail.h
 
-gpg_wks_server_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
+gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
 		       $(LIBINTL) $(LIBICONV)
 
@@ -739,13 +774,19 @@ gpg_wks_client_SOURCES = \
 	send-mail.c   send-mail.h   \
 	call-dirmngr.c call-dirmngr.h
 
-gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-			$(GPG_ERROR_CFLAGS) $(INCICONV)
-
+gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
 gpg_wks_client_LDADD = $(libcommon) \
 		       $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
 		       $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-		       $(gpg_wks_client_robjs)
+	               $(gpg_wks_client_rc_objs)
+
+gpg_pair_tool_SOURCES = \
+	gpg-pair-tool.c
+
+gpg_pair_tool_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
+gpg_pair_tool_LDADD = $(libcommon) \
+		       $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+		       $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
 
 all: all-am
 
@@ -781,18 +822,18 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-gpg-zip: $(top_builddir)/config.status $(srcdir)/gpg-zip.in
+gpg-connect-agent.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-connect-agent.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 gpgconf.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpgconf.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 gpgtar.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpgtar.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-gpg-connect-agent.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-connect-agent.w32-manifest.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 gpg-check-pattern.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-check-pattern.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 gpg-wks-client.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-wks-client.w32-manifest.in
 	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+gpg-card.w32-manifest: $(top_builddir)/config.status $(srcdir)/gpg-card.w32-manifest.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
@@ -885,6 +926,10 @@ clean-sat$(EXEEXT): $(clean_sat_OBJECTS) $(clean_sat_DEPENDENCIES) $(EXTRA_clean
 	@rm -f clean-sat$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(clean_sat_OBJECTS) $(clean_sat_LDADD) $(LIBS)
 
+gpg-card$(EXEEXT): $(gpg_card_OBJECTS) $(gpg_card_DEPENDENCIES) $(EXTRA_gpg_card_DEPENDENCIES) 
+	@rm -f gpg-card$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(gpg_card_OBJECTS) $(gpg_card_LDADD) $(LIBS)
+
 gpg-check-pattern$(EXEEXT): $(gpg_check_pattern_OBJECTS) $(gpg_check_pattern_DEPENDENCIES) $(EXTRA_gpg_check_pattern_DEPENDENCIES) 
 	@rm -f gpg-check-pattern$(EXEEXT)
 	$(AM_V_CCLD)$(gpg_check_pattern_LINK) $(gpg_check_pattern_OBJECTS) $(gpg_check_pattern_LDADD) $(LIBS)
@@ -893,6 +938,10 @@ gpg-connect-agent$(EXEEXT): $(gpg_connect_agent_OBJECTS) $(gpg_connect_agent_DEP
 	@rm -f gpg-connect-agent$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(gpg_connect_agent_OBJECTS) $(gpg_connect_agent_LDADD) $(LIBS)
 
+gpg-pair-tool$(EXEEXT): $(gpg_pair_tool_OBJECTS) $(gpg_pair_tool_DEPENDENCIES) $(EXTRA_gpg_pair_tool_DEPENDENCIES) 
+	@rm -f gpg-pair-tool$(EXEEXT)
+	$(AM_V_CCLD)$(gpg_pair_tool_LINK) $(gpg_pair_tool_OBJECTS) $(gpg_pair_tool_LDADD) $(LIBS)
+
 gpg-wks-client$(EXEEXT): $(gpg_wks_client_OBJECTS) $(gpg_wks_client_DEPENDENCIES) $(EXTRA_gpg_wks_client_DEPENDENCIES) 
 	@rm -f gpg-wks-client$(EXEEXT)
 	$(AM_V_CCLD)$(gpg_wks_client_LINK) $(gpg_wks_client_OBJECTS) $(gpg_wks_client_LDADD) $(LIBS)
@@ -970,9 +1019,15 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-call-scd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-keys.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-misc.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-yubikey.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clean-sat.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg-card.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg-connect-agent.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_wks_client-call-dirmngr.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_wks_client-gpg-wks-client.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_wks_client-mime-maker.Po@am__quote@ # am--include-marker
@@ -1034,6 +1089,20 @@ gpg_check_pattern-gpg-check-pattern.obj: gpg-check-pattern.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_check_pattern_CFLAGS) $(CFLAGS) -c -o gpg_check_pattern-gpg-check-pattern.obj `if test -f 'gpg-check-pattern.c'; then $(CYGPATH_W) 'gpg-check-pattern.c'; else $(CYGPATH_W) '$(srcdir)/gpg-check-pattern.c'; fi`
 
+gpg_pair_tool-gpg-pair-tool.o: gpg-pair-tool.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_pair_tool_CFLAGS) $(CFLAGS) -MT gpg_pair_tool-gpg-pair-tool.o -MD -MP -MF $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Tpo -c -o gpg_pair_tool-gpg-pair-tool.o `test -f 'gpg-pair-tool.c' || echo '$(srcdir)/'`gpg-pair-tool.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Tpo $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gpg-pair-tool.c' object='gpg_pair_tool-gpg-pair-tool.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_pair_tool_CFLAGS) $(CFLAGS) -c -o gpg_pair_tool-gpg-pair-tool.o `test -f 'gpg-pair-tool.c' || echo '$(srcdir)/'`gpg-pair-tool.c
+
+gpg_pair_tool-gpg-pair-tool.obj: gpg-pair-tool.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_pair_tool_CFLAGS) $(CFLAGS) -MT gpg_pair_tool-gpg-pair-tool.obj -MD -MP -MF $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Tpo -c -o gpg_pair_tool-gpg-pair-tool.obj `if test -f 'gpg-pair-tool.c'; then $(CYGPATH_W) 'gpg-pair-tool.c'; else $(CYGPATH_W) '$(srcdir)/gpg-pair-tool.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Tpo $(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gpg-pair-tool.c' object='gpg_pair_tool-gpg-pair-tool.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_pair_tool_CFLAGS) $(CFLAGS) -c -o gpg_pair_tool-gpg-pair-tool.obj `if test -f 'gpg-pair-tool.c'; then $(CYGPATH_W) 'gpg-pair-tool.c'; else $(CYGPATH_W) '$(srcdir)/gpg-pair-tool.c'; fi`
+
 gpg_wks_client-gpg-wks-client.o: gpg-wks-client.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_wks_client_CFLAGS) $(CFLAGS) -MT gpg_wks_client-gpg-wks-client.o -MD -MP -MF $(DEPDIR)/gpg_wks_client-gpg-wks-client.Tpo -c -o gpg_wks_client-gpg-wks-client.o `test -f 'gpg-wks-client.c' || echo '$(srcdir)/'`gpg-wks-client.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gpg_wks_client-gpg-wks-client.Tpo $(DEPDIR)/gpg_wks_client-gpg-wks-client.Po
@@ -1428,9 +1497,15 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
 	clean-noinstPROGRAMS mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/clean-sat.Po
+		-rm -f ./$(DEPDIR)/card-call-scd.Po
+	-rm -f ./$(DEPDIR)/card-keys.Po
+	-rm -f ./$(DEPDIR)/card-misc.Po
+	-rm -f ./$(DEPDIR)/card-yubikey.Po
+	-rm -f ./$(DEPDIR)/clean-sat.Po
+	-rm -f ./$(DEPDIR)/gpg-card.Po
 	-rm -f ./$(DEPDIR)/gpg-connect-agent.Po
 	-rm -f ./$(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po
+	-rm -f ./$(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-call-dirmngr.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-gpg-wks-client.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-mime-maker.Po
@@ -1479,8 +1554,8 @@ install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
-	install-sbinSCRIPTS
+install-exec-am: install-binPROGRAMS install-exec-local \
+	install-libexecPROGRAMS install-sbinSCRIPTS
 
 install-html: install-html-am
 
@@ -1503,9 +1578,15 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/clean-sat.Po
+		-rm -f ./$(DEPDIR)/card-call-scd.Po
+	-rm -f ./$(DEPDIR)/card-keys.Po
+	-rm -f ./$(DEPDIR)/card-misc.Po
+	-rm -f ./$(DEPDIR)/card-yubikey.Po
+	-rm -f ./$(DEPDIR)/clean-sat.Po
+	-rm -f ./$(DEPDIR)/gpg-card.Po
 	-rm -f ./$(DEPDIR)/gpg-connect-agent.Po
 	-rm -f ./$(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po
+	-rm -f ./$(DEPDIR)/gpg_pair_tool-gpg-pair-tool.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-call-dirmngr.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-gpg-wks-client.Po
 	-rm -f ./$(DEPDIR)/gpg_wks_client-mime-maker.Po
@@ -1548,7 +1629,7 @@ ps: ps-am
 ps-am:
 
 uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-sbinSCRIPTS
+	uninstall-local uninstall-sbinSCRIPTS
 
 .MAKE: install-am install-strip
 
@@ -1558,15 +1639,15 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
 	distclean-compile distclean-generic distclean-tags distdir dvi \
 	dvi-am html html-am info info-am install install-am \
 	install-binPROGRAMS install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am \
+	install-dvi-am install-exec install-exec-am install-exec-local \
+	install-html install-html-am install-info install-info-am \
 	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
 	install-ps install-ps-am install-sbinSCRIPTS install-strip \
 	installcheck installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
 	uninstall-am uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-sbinSCRIPTS
+	uninstall-local uninstall-sbinSCRIPTS
 
 .PRECIOUS: Makefile
 
@@ -1574,11 +1655,21 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
 @HAVE_W32_SYSTEM_TRUE@.rc.o:
 @HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
 
-@HAVE_W32_SYSTEM_TRUE@gpgconf-w32info.o:           gpgconf.w32-manifest
-@HAVE_W32_SYSTEM_TRUE@gpgtar-w32info.o:            gpgtar.w32-manifest
-@HAVE_W32_SYSTEM_TRUE@gpg-connect-agent-w32info.o: gpg-connect-agent.w32-manifest
-@HAVE_W32_SYSTEM_TRUE@gpg-check-pattern-w32info.o: gpg-check-pattern.w32-manifest
-@HAVE_W32_SYSTEM_TRUE@gpg-wks-client-w32info.o:    gpg-wks-client.w32-manifest
+# Instead of a symlink we install a simple wrapper script for the new
+# gpg-wks-client location.  We assume bin is a sibling of libexec.
+install-exec-local:
+	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
+	(set -e ;\
+	 if [ "$(libexecdir)" != "$(bindir)" ]; then \
+	   printf '#!/bin/sh\nexec "$(bindir)/gpg-wks-client" "$$@"\n' \
+	          > $(DESTDIR)$(libexecdir)/gpg-wks-client ;\
+	   chmod +x $(DESTDIR)$(libexecdir)/gpg-wks-client ;\
+	 fi )
+
+uninstall-local:
+	(if [ "$(libexecdir)" != "$(bindir)" ]; then \
+	   rm $(DESTDIR)$(libexecdir)/gpg-wks-client || true ;\
+         fi )
 
 # Make sure that all libs are build before we use them.  This is
 # important for things like make -j2.
diff --git a/tools/card-call-scd.c b/tools/card-call-scd.c
new file mode 100644
index 0000000..086503b
--- /dev/null
+++ b/tools/card-call-scd.c
@@ -0,0 +1,1788 @@
+/* card-call-scd.c - IPC calls to scdaemon.
+ * Copyright (C) 2019, 2020 g10 Code GmbH
+ * Copyright (C) 2001-2003, 2006-2011, 2013 Free Software Foundation, Inc.
+ * Copyright (C) 2013-2015  Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "../common/i18n.h"
+#include "../common/asshelp.h"
+#include "../common/sysutils.h"
+#include "../common/status.h"
+#include "../common/host2net.h"
+#include "../common/openpgpdefs.h"
+#include "gpg-card.h"
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+#define START_AGENT_NO_STARTUP_CMDS 1
+#define START_AGENT_SUPPRESS_ERRORS 2
+
+struct default_inq_parm_s
+{
+  assuan_context_t ctx;
+  struct {
+    u32 *keyid;
+    u32 *mainkeyid;
+    int pubkey_algo;
+  } keyinfo;
+};
+
+struct cipher_parm_s
+{
+  struct default_inq_parm_s *dflt;
+  assuan_context_t ctx;
+  unsigned char *ciphertext;
+  size_t ciphertextlen;
+};
+
+struct writecert_parm_s
+{
+  struct default_inq_parm_s *dflt;
+  const unsigned char *certdata;
+  size_t certdatalen;
+};
+
+struct writekey_parm_s
+{
+  struct default_inq_parm_s *dflt;
+  const unsigned char *keydata;
+  size_t keydatalen;
+};
+
+struct genkey_parm_s
+{
+  struct default_inq_parm_s *dflt;
+  const char *keyparms;
+  const char *passphrase;
+};
+
+struct card_cardlist_parm_s
+{
+  gpg_error_t error;
+  int with_apps;
+  strlist_t list;
+};
+
+struct import_key_parm_s
+{
+  struct default_inq_parm_s *dflt;
+  const void *key;
+  size_t keylen;
+};
+
+
+struct cache_nonce_parm_s
+{
+  char **cache_nonce_addr;
+  char **passwd_nonce_addr;
+};
+
+
+
+/*
+ * File local variables
+ */
+
+/* The established context to the agent.  Note that all calls to
+ * scdaemon are routed via the agent and thus we only need to care
+ * about the IPC with the agent.  */
+static assuan_context_t agent_ctx;
+
+
+
+/*
+ * Local prototypes
+ */
+static gpg_error_t learn_status_cb (void *opaque, const char *line);
+
+
+
+
+/* Release the card info structure INFO. */
+void
+release_card_info (card_info_t info)
+{
+  int i;
+
+
+  if (!info)
+    return;
+
+  xfree (info->reader); info->reader = NULL;
+  xfree (info->cardtype); info->cardtype = NULL;
+  xfree (info->manufacturer_name); info->manufacturer_name = NULL;
+  xfree (info->serialno); info->serialno = NULL;
+  xfree (info->dispserialno); info->dispserialno = NULL;
+  xfree (info->apptypestr); info->apptypestr = NULL;
+  info->apptype = APP_TYPE_NONE;
+  xfree (info->disp_name); info->disp_name = NULL;
+  xfree (info->disp_lang); info->disp_lang = NULL;
+  xfree (info->pubkey_url); info->pubkey_url = NULL;
+  xfree (info->login_data); info->login_data = NULL;
+  info->cafpr1len = info->cafpr2len = info->cafpr3len = 0;
+  for (i=0; i < DIM(info->private_do); i++)
+    {
+      xfree (info->private_do[i]);
+      info->private_do[i] = NULL;
+    }
+  while (info->kinfo)
+    {
+      key_info_t kinfo = info->kinfo->next;
+      xfree (info->kinfo->label);
+      xfree (info->kinfo);
+      info->kinfo = kinfo;
+    }
+  info->chvusage[0] = info->chvusage[1] = 0;
+  xfree (info->chvlabels); info->chvlabels = NULL;
+  for (i=0; i < DIM(info->supported_keyalgo); i++)
+    {
+      free_strlist (info->supported_keyalgo[i]);
+      info->supported_keyalgo[i] = NULL;
+    }
+}
+
+
+/* Map an application type string to an integer.  */
+static app_type_t
+map_apptypestr (const char *string)
+{
+  app_type_t result;
+
+  if (!string)
+    result = APP_TYPE_NONE;
+  else if (!ascii_strcasecmp (string, "OPENPGP"))
+    result = APP_TYPE_OPENPGP;
+  else if (!ascii_strcasecmp (string, "NKS"))
+    result = APP_TYPE_NKS;
+  else if (!ascii_strcasecmp (string, "DINSIG"))
+    result = APP_TYPE_DINSIG;
+  else if (!ascii_strcasecmp (string, "P15"))
+    result = APP_TYPE_P15;
+  else if (!ascii_strcasecmp (string, "GELDKARTE"))
+    result = APP_TYPE_GELDKARTE;
+  else if (!ascii_strcasecmp (string, "SC-HSM"))
+    result = APP_TYPE_SC_HSM;
+  else if (!ascii_strcasecmp (string, "PIV"))
+    result = APP_TYPE_PIV;
+  else
+    result = APP_TYPE_UNKNOWN;
+
+  return result;
+}
+
+
+/* Return a string representation of the application type.  */
+const char *
+app_type_string (app_type_t app_type)
+{
+  const char *result = "?";
+  switch (app_type)
+    {
+    case APP_TYPE_NONE:      result = "None"; break;
+    case APP_TYPE_OPENPGP:   result = "OpenPGP"; break;
+    case APP_TYPE_NKS:       result = "NetKey"; break;
+    case APP_TYPE_DINSIG:    result = "DINSIG"; break;
+    case APP_TYPE_P15:       result = "P15"; break;
+    case APP_TYPE_GELDKARTE: result = "Geldkarte"; break;
+    case APP_TYPE_SC_HSM:    result = "SC-HSM"; break;
+    case APP_TYPE_PIV:       result = "PIV"; break;
+    case APP_TYPE_UNKNOWN:   result = "Unknown"; break;
+    }
+  return result;
+}
+
+
+
+/* If RC is not 0, write an appropriate status message. */
+static gpg_error_t
+status_sc_op_failure (gpg_error_t err)
+{
+  switch (gpg_err_code (err))
+    {
+    case 0:
+      break;
+    case GPG_ERR_CANCELED:
+    case GPG_ERR_FULLY_CANCELED:
+      gnupg_status_printf (STATUS_SC_OP_FAILURE, "1");
+      break;
+    case GPG_ERR_BAD_PIN:
+      gnupg_status_printf (STATUS_SC_OP_FAILURE, "2");
+      break;
+    default:
+      gnupg_status_printf (STATUS_SC_OP_FAILURE, NULL);
+      break;
+    }
+  return err;
+}
+
+
+/* This is the default inquiry callback.  It mainly handles the
+   Pinentry notifications.  */
+static gpg_error_t
+default_inq_cb (void *opaque, const char *line)
+{
+  gpg_error_t err = 0;
+  struct default_inq_parm_s *parm = opaque;
+
+  (void)parm;
+
+  if (has_leading_keyword (line, "PINENTRY_LAUNCHED"))
+    {
+      /* err = gpg_proxy_pinentry_notify (parm->ctrl, line); */
+      /* if (err) */
+      /*   log_error (_("failed to proxy %s inquiry to client\n"), */
+      /*              "PINENTRY_LAUNCHED"); */
+      /* We do not pass errors to avoid breaking other code.  */
+    }
+  else
+    log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
+
+  return err;
+}
+
+
+/* Print a warning if the server's version number is less than our
+   version number.  Returns an error code on a connection problem.  */
+static gpg_error_t
+warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
+{
+  return warn_server_version_mismatch (ctx, servername, mode,
+                                       gnupg_status_strings, NULL,
+                                       !opt.quiet);
+}
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ * pipes.  Handle the server's initial greeting.  */
+static gpg_error_t
+start_agent (unsigned int flags)
+{
+  gpg_error_t err;
+  int started = 0;
+
+  if (agent_ctx)
+    err = 0;
+  else
+    {
+      started = 1;
+      err = start_new_gpg_agent (&agent_ctx,
+                                 GPG_ERR_SOURCE_DEFAULT,
+                                 opt.agent_program,
+                                 opt.lc_ctype, opt.lc_messages,
+                                 opt.session_env,
+                                 opt.autostart, opt.verbose, DBG_IPC,
+                                 NULL, NULL);
+      if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_AGENT)
+        {
+          static int shown;
+
+          if (!shown)
+            {
+              shown = 1;
+              log_info (_("no gpg-agent running in this session\n"));
+            }
+        }
+      else if (!err
+               && !(err = warn_version_mismatch (agent_ctx, GPG_AGENT_NAME, 0)))
+        {
+          /* Tell the agent that we support Pinentry notifications.
+             No error checking so that it will work also with older
+             agents.  */
+          assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
+                           NULL, NULL, NULL, NULL, NULL, NULL);
+          /* Tell the agent about what version we are aware.  This is
+             here used to indirectly enable GPG_ERR_FULLY_CANCELED.  */
+          assuan_transact (agent_ctx, "OPTION agent-awareness=2.1.0",
+                           NULL, NULL, NULL, NULL, NULL, NULL);
+        }
+    }
+
+  if (started && !err && !(flags & START_AGENT_NO_STARTUP_CMDS))
+    {
+      /* Request the serial number of the card for an early test.  */
+      struct card_info_s info;
+
+      memset (&info, 0, sizeof info);
+
+      if (!(flags & START_AGENT_SUPPRESS_ERRORS))
+        err = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
+
+      if (!err)
+        err = assuan_transact (agent_ctx, "SCD SERIALNO --all",
+                               NULL, NULL, NULL, NULL,
+                               learn_status_cb, &info);
+      if (err && !(flags & START_AGENT_SUPPRESS_ERRORS))
+        {
+          switch (gpg_err_code (err))
+            {
+            case GPG_ERR_NOT_SUPPORTED:
+            case GPG_ERR_NO_SCDAEMON:
+              gnupg_status_printf (STATUS_CARDCTRL, "6"); /* No card support. */
+              break;
+            case GPG_ERR_OBJ_TERM_STATE:
+              /* Card is in termination state. */
+              gnupg_status_printf (STATUS_CARDCTRL, "7");
+              break;
+            default:
+              gnupg_status_printf (STATUS_CARDCTRL, "4");  /* No card.  */
+              break;
+            }
+        }
+
+      if (!err && info.serialno)
+        gnupg_status_printf (STATUS_CARDCTRL, "3 %s", info.serialno);
+
+      release_card_info (&info);
+    }
+
+  return err;
+}
+
+
+/* Return a new malloced string by unescaping the string S.  Escaping
+ * is percent escaping and '+'/space mapping.  A binary nul will
+ * silently be replaced by a 0xFF.  Function returns NULL to indicate
+ * an out of memory status. */
+static char *
+unescape_status_string (const unsigned char *s)
+{
+  return percent_plus_unescape (s, 0xff);
+}
+
+
+/* Take a 20 or 32 byte hexencoded string and put it into the provided
+ * FPRLEN byte long buffer FPR in binary format.  Returns the actual
+ * used length of the FPR buffer or 0 on error.  */
+static unsigned int
+unhexify_fpr (const char *hexstr, unsigned char *fpr, unsigned int fprlen)
+{
+  const char *s;
+  int n;
+
+  for (s=hexstr, n=0; hexdigitp (s); s++, n++)
+    ;
+  if ((*s && *s != ' ') || !(n == 40 || n == 64))
+    return 0; /* no fingerprint (invalid or wrong length). */
+  for (s=hexstr, n=0; *s && n < fprlen; s += 2, n++)
+    fpr[n] = xtoi_2 (s);
+
+  return (n == 20 || n == 32)? n : 0;
+}
+
+
+/* Take the serial number from LINE and return it verbatim in a newly
+ * allocated string.  We make sure that only hex characters are
+ * returned.  Returns NULL on error. */
+static char *
+store_serialno (const char *line)
+{
+  const char *s;
+  char *p;
+
+  for (s=line; hexdigitp (s); s++)
+    ;
+  p = xtrymalloc (s + 1 - line);
+  if (p)
+    {
+      memcpy (p, line, s-line);
+      p[s-line] = 0;
+    }
+  return p;
+}
+
+
+
+/* Send an APDU to the current card.  On success the status word is
+ * stored at R_SW inless R_SW is NULL.  With HEXAPDU being NULL only a
+ * RESET command is send to scd.  HEXAPDU may also be one of theseo
+ * special strings:
+ *
+ *   "undefined"       :: Send the command "SCD SERIALNO undefined"
+ *   "lock"            :: Send the command "SCD LOCK --wait"
+ *   "trylock"         :: Send the command "SCD LOCK"
+ *   "unlock"          :: Send the command "SCD UNLOCK"
+ *   "reset-keep-lock" :: Send the command "SCD RESET --keep-lock"
+ *
+ * If R_DATA is not NULL the data without the status code is stored
+ * there.  Caller must release it.  If OPTIONS is not NULL, this will
+ * be passed verbatim to the SCDaemon's APDU command.  */
+gpg_error_t
+scd_apdu (const char *hexapdu, const char *options, unsigned int *r_sw,
+          unsigned char **r_data, size_t *r_datalen)
+{
+  gpg_error_t err;
+
+  if (r_data)
+    *r_data = NULL;
+  if (r_datalen)
+    *r_datalen = 0;
+
+  err = start_agent (START_AGENT_NO_STARTUP_CMDS);
+  if (err)
+    return err;
+
+  if (!hexapdu)
+    {
+      err = assuan_transact (agent_ctx, "SCD RESET",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+
+    }
+  else if (!strcmp (hexapdu, "reset-keep-lock"))
+    {
+      err = assuan_transact (agent_ctx, "SCD RESET --keep-lock",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+  else if (!strcmp (hexapdu, "lock"))
+    {
+      err = assuan_transact (agent_ctx, "SCD LOCK --wait",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+  else if (!strcmp (hexapdu, "trylock"))
+    {
+      err = assuan_transact (agent_ctx, "SCD LOCK",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+  else if (!strcmp (hexapdu, "unlock"))
+    {
+      err = assuan_transact (agent_ctx, "SCD UNLOCK",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+  else if (!strcmp (hexapdu, "undefined"))
+    {
+      err = assuan_transact (agent_ctx, "SCD SERIALNO undefined",
+                             NULL, NULL, NULL, NULL, NULL, NULL);
+    }
+  else
+    {
+      char line[ASSUAN_LINELENGTH];
+      membuf_t mb;
+      unsigned char *data;
+      size_t datalen;
+      int no_sw;
+
+      init_membuf (&mb, 256);
+
+      no_sw = (options && (strstr (options, "--dump-atr")
+                           || strstr (options, "--data-atr")));
+
+      snprintf (line, DIM(line), "SCD APDU %s%s%s",
+                options?options:"", options?" -- ":"", hexapdu);
+      err = assuan_transact (agent_ctx, line,
+                             put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
+      if (!err)
+        {
+          data = get_membuf (&mb, &datalen);
+          if (!data)
+            err = gpg_error_from_syserror ();
+          else if (datalen < (no_sw?1:2)) /* Ooops */
+            err = gpg_error (GPG_ERR_CARD);
+          else
+            {
+              if (r_sw)
+                *r_sw = no_sw? 0 : buf16_to_uint (data+datalen-2);
+              if (r_data && r_datalen)
+                {
+                  *r_data = data;
+                  *r_datalen = datalen - (no_sw?0:2);
+                  data = NULL;
+                }
+            }
+          xfree (data);
+        }
+    }
+
+  return err;
+}
+
+
+/* This is a dummy data line callback.  */
+static gpg_error_t
+dummy_data_cb (void *opaque, const void *buffer, size_t length)
+{
+  (void)opaque;
+  (void)buffer;
+  (void)length;
+  return 0;
+}
+
+/* A simple callback used to return the serialnumber of a card.  */
+static gpg_error_t
+get_serialno_cb (void *opaque, const char *line)
+{
+  char **serialno = opaque;
+  const char *keyword = line;
+  const char *s;
+  int keywordlen, n;
+
+  for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+    ;
+  while (spacep (line))
+    line++;
+
+  /* FIXME: Should we use has_leading_keyword? */
+  if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+    {
+      if (*serialno)
+        return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
+      for (n=0,s=line; hexdigitp (s); s++, n++)
+        ;
+      if (!n || (n&1)|| !(spacep (s) || !*s) )
+        return gpg_error (GPG_ERR_ASS_PARAMETER);
+      *serialno = xtrymalloc (n+1);
+      if (!*serialno)
+        return out_of_core ();
+      memcpy (*serialno, line, n);
+      (*serialno)[n] = 0;
+    }
+
+  return 0;
+}
+
+
+/* Make the card with SERIALNO the current one.  */
+gpg_error_t
+scd_switchcard (const char *serialno)
+{
+  int err;
+  char line[ASSUAN_LINELENGTH];
+
+  err = start_agent (START_AGENT_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  snprintf (line, DIM(line), "SCD SWITCHCARD -- %s", serialno);
+  return assuan_transact (agent_ctx, line,
+                          NULL, NULL, NULL, NULL,
+                          NULL, NULL);
+}
+
+
+/* Make the app APPNAME the one on the card.  */
+gpg_error_t
+scd_switchapp (const char *appname)
+{
+  int err;
+  char line[ASSUAN_LINELENGTH];
+
+  if (appname && !*appname)
+    appname = NULL;
+
+  err = start_agent (START_AGENT_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  snprintf (line, DIM(line), "SCD SWITCHAPP --%s%s",
+            appname? " ":"", appname? appname:"");
+  return assuan_transact (agent_ctx, line,
+                          NULL, NULL, NULL, NULL,
+                          NULL, NULL);
+}
+
+
+/* For historical reasons OpenPGP cards simply use the numbers 1 to 3
+ * for the <keyref>.  Other cards and future versions of
+ * scd/app-openpgp.c may print the full keyref; i.e. "OpenPGP.1"
+ * instead of "1".  This is a helper to cope with that. */
+static const char *
+parse_keyref_helper (const char *string)
+{
+  if (*string == '1' && spacep (string+1))
+    return "OPENPGP.1";
+  else if (*string == '2' && spacep (string+1))
+    return "OPENPGP.2";
+  else if (*string == '3' && spacep (string+1))
+    return "OPENPGP.3";
+  else
+    return string;
+}
+
+
+/* Create a new key info object with KEYREF.  All fields but the
+ * keyref are zeroed out.  Never returns NULL.  The created object is
+ * appended to the list at INFO. */
+static key_info_t
+create_kinfo (card_info_t info, const char *keyref)
+{
+  key_info_t kinfo, ki;
+
+  kinfo = xcalloc (1, sizeof *kinfo + strlen (keyref));
+  strcpy (kinfo->keyref, keyref);
+
+  if (!info->kinfo)
+    info->kinfo = kinfo;
+  else
+    {
+      for (ki=info->kinfo; ki->next; ki = ki->next)
+        ;
+      ki->next = kinfo;
+    }
+  return kinfo;
+}
+
+
+/* The status callback to handle the LEARN and GETATTR commands.  */
+static gpg_error_t
+learn_status_cb (void *opaque, const char *line)
+{
+  struct card_info_s *parm = opaque;
+  const char *keyword = line;
+  int keywordlen;
+  char *line_buffer = NULL; /* In case we need a copy.  */
+  char *pline, *endp;
+  key_info_t kinfo;
+  const char *keyref;
+  int i;
+
+  for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+    ;
+  while (spacep (line))
+    line++;
+
+  switch (keywordlen)
+    {
+    case 3:
+      if (!memcmp (keyword, "KDF", 3))
+        {
+          parm->kdf_do_enabled = 1;
+        }
+      break;
+
+    case 5:
+      if (!memcmp (keyword, "UIF-", 4)
+          && strchr("123", keyword[4]))
+        {
+          unsigned char *data;
+          int no = keyword[4] - '1';
+
+          log_assert (no >= 0 && no <= 2);
+          data = unescape_status_string (line);
+          /* I am not sure why we test for 0xff but we better keep
+           * that in case of bogus card versions which did not
+           * initialize that DO correctly.  */
+          parm->uif[no] = (data[0] == 0xff)? 0 : data[0];
+          xfree (data);
+        }
+      break;
+
+    case 6:
+      if (!memcmp (keyword, "READER", keywordlen))
+        {
+          xfree (parm->reader);
+          parm->reader = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "EXTCAP", keywordlen))
+        {
+          char *p, *p2, *buf;
+          int abool;
+          unsigned long number;
+
+          buf = p = unescape_status_string (line);
+          if (buf)
+            {
+              for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
+                {
+                  p2 = strchr (p, '=');
+                  if (p2)
+                    {
+                      *p2++ = 0;
+                      abool = (*p2 == '1');
+                      if (!strcmp (p, "ki"))
+                        parm->extcap.ki = abool;
+                      else if (!strcmp (p, "aac"))
+                        parm->extcap.aac = abool;
+                      else if (!strcmp (p, "bt"))
+                        parm->extcap.bt = abool;
+                      else if (!strcmp (p, "kdf"))
+                        parm->extcap.kdf = abool;
+                      else if (!strcmp (p, "si"))
+                        parm->status_indicator = strtoul (p2, NULL, 10);
+                      else if (!strcmp (p, "pd"))
+                        parm->extcap.private_dos = abool;
+                      else if (!strcmp (p, "mcl3"))
+                        parm->extcap.mcl3 = strtoul (p2, NULL, 10);
+                      else if (!strcmp (p, "sm"))
+                        {
+                          /* Unfortunately this uses OpenPGP algorithm
+                           * ids so that we need to map them to Gcrypt
+                           * ids.  The mapping is limited to what
+                           * OpenPGP cards support.  Other cards
+                           * should use a different tag than "sm". */
+                          parm->extcap.sm = 1;
+                          number = strtoul (p2, NULL, 10);
+                          switch (number)
+                            {
+                            case CIPHER_ALGO_3DES:
+                              parm->extcap.smalgo = GCRY_CIPHER_3DES;
+                              break;
+                            case CIPHER_ALGO_AES:
+                              parm->extcap.smalgo = GCRY_CIPHER_AES;
+                              break;
+                            case CIPHER_ALGO_AES192:
+                              parm->extcap.smalgo = GCRY_CIPHER_AES192;
+                              break;
+                            case CIPHER_ALGO_AES256:
+                              parm->extcap.smalgo = GCRY_CIPHER_AES256;
+                              break;
+                            default:
+                              /* Unknown algorithm; dont claim SM support.  */
+                              parm->extcap.sm = 0;
+                              break;
+                            }
+                        }
+                    }
+                }
+              xfree (buf);
+            }
+        }
+      else if (!memcmp (keyword, "CA-FPR", keywordlen))
+        {
+          int no = atoi (line);
+          while (*line && !spacep (line))
+            line++;
+          while (spacep (line))
+            line++;
+          if (no == 1)
+            parm->cafpr1len = unhexify_fpr (line, parm->cafpr1,
+                                            sizeof parm->cafpr1);
+          else if (no == 2)
+            parm->cafpr2len = unhexify_fpr (line, parm->cafpr2,
+                                            sizeof parm->cafpr2);
+          else if (no == 3)
+            parm->cafpr3len = unhexify_fpr (line, parm->cafpr3,
+                                            sizeof parm->cafpr3);
+        }
+      break;
+
+    case 7:
+      if (!memcmp (keyword, "APPTYPE", keywordlen))
+        {
+          xfree (parm->apptypestr);
+          parm->apptypestr = unescape_status_string (line);
+          parm->apptype = map_apptypestr (parm->apptypestr);
+        }
+      else if (!memcmp (keyword, "KEY-FPR", keywordlen))
+        {
+          /* The format of such a line is:
+           *   KEY-FPR <keyref> <fingerprintinhex>
+           */
+          const char *fpr;
+
+          line_buffer = pline = xstrdup (line);
+
+          keyref = parse_keyref_helper (pline);
+          while (*pline && !spacep (pline))
+            pline++;
+          if (*pline)
+            *pline++ = 0; /* Terminate keyref.  */
+          while (spacep (pline)) /* Skip to the fingerprint.  */
+            pline++;
+          fpr = pline;
+
+          /* Check whether we already have an item for the keyref.  */
+          kinfo = find_kinfo (parm, keyref);
+          if (!kinfo)  /* No: new entry.  */
+            kinfo = create_kinfo (parm, keyref);
+          else /* Existing entry - clear the fpr.  */
+            memset (kinfo->fpr, 0, sizeof kinfo->fpr);
+
+          /* Set or update or the fingerprint.  */
+          kinfo->fprlen = unhexify_fpr (fpr, kinfo->fpr, sizeof kinfo->fpr);
+        }
+      break;
+
+    case 8:
+      if (!memcmp (keyword, "SERIALNO", keywordlen))
+        {
+          xfree (parm->serialno);
+          parm->serialno = store_serialno (line);
+          parm->is_v2 = (strlen (parm->serialno) >= 16
+                         && (xtoi_2 (parm->serialno+12) == 0 /* Yubikey */
+                             || xtoi_2 (parm->serialno+12) >= 2));
+        }
+      else if (!memcmp (keyword, "CARDTYPE", keywordlen))
+        {
+          xfree (parm->cardtype);
+          parm->cardtype = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "DISP-SEX", keywordlen))
+        {
+          parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
+        }
+      else if (!memcmp (keyword, "KEY-ATTR", keywordlen))
+        {
+          char keyrefbuf[20];
+          int keyno, algo, n;
+          const char *curve;
+          unsigned int nbits;
+
+          /* To prepare for future changes we allow for a full OpenPGP
+           * keyref here.  */
+          if (!ascii_strncasecmp (line, "OPENPGP.", 8))
+            line += 8;
+
+          /* Note that KEY-ATTR returns OpenPGP algorithm numbers but
+           * we want to use the Gcrypt numbers here.  A compatible
+           * change would be to add another parameter along with a
+           * magic algo number to indicate that.  */
+          algo = PUBKEY_ALGO_RSA;
+          keyno = n = 0;
+          sscanf (line, "%d %d %n", &keyno, &algo, &n);
+          algo = map_openpgp_pk_to_gcry (algo);
+          if (keyno < 1 || keyno > 3)
+            ; /* Out of range - ignore.  */
+          else
+            {
+              snprintf (keyrefbuf, sizeof keyrefbuf, "OPENPGP.%d", keyno);
+              keyref = keyrefbuf;
+
+              kinfo = find_kinfo (parm, keyref);
+              if (!kinfo)  /* No: new entry.  */
+                kinfo = create_kinfo (parm, keyref);
+
+              /* Although we could use the the value at %n directly as
+               * keyalgo string, we want to use the standard
+               * keyalgo_string function and thus we reconstruct it
+               * here to make sure the displayed form of the curve
+               * names is used.  */
+              nbits = 0;
+              curve = NULL;
+              if (algo == GCRY_PK_ECDH || algo == GCRY_PK_ECDSA
+                  || algo == GCRY_PK_EDDSA || algo == GCRY_PK_ECC)
+                {
+                  curve = openpgp_is_curve_supported (line + n, NULL, NULL);
+                }
+              else /* For rsa we see here for example "rsa2048".  */
+                {
+                  if (line[n] && line[n+1] && line[n+2])
+                    nbits = strtoul (line+n+3, NULL, 10);
+                }
+              kinfo->keyalgo = get_keyalgo_string (algo, nbits, curve);
+              kinfo->keyalgo_id = algo;
+            }
+        }
+      break;
+
+    case 9:
+      if (!memcmp (keyword, "DISP-NAME", keywordlen))
+        {
+          xfree (parm->disp_name);
+          parm->disp_name = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "DISP-LANG", keywordlen))
+        {
+          xfree (parm->disp_lang);
+          parm->disp_lang = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "CHV-USAGE", keywordlen))
+        {
+          unsigned int byte1, byte2;
+
+          byte1 = byte2 = 0;
+          sscanf (line, "%x %x", &byte1, &byte2);
+          parm->chvusage[0] = byte1;
+          parm->chvusage[1] = byte2;
+        }
+      else if (!memcmp (keyword, "CHV-LABEL", keywordlen))
+        {
+          xfree (parm->chvlabels);
+          parm->chvlabels = xstrdup (line);
+        }
+      else if (!memcmp (keyword, "KEY-LABEL", keywordlen))
+        {
+          /* The format of such a line is:
+           *   KEY-LABEL <keyref> [label|"-"]           */
+          const char *fields[2];
+          int nfields;
+          char *label;
+
+          line_buffer = pline = xstrdup (line);
+
+          if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
+            goto leave;  /* not enough args - ignore.  */
+
+          keyref = fields[0];
+          /* We don't remove the percent escaping because that is only
+           * used in case of strange characters in the label; we
+           * should not print them.  Note that this info is only for
+           * human consumption, anyway.  */
+          label = xtrystrdup (fields[1]);
+          if (!label)
+            goto leave; /* We ignore malloc failures here.  */
+
+          /* Check whether we already have an item for the keyref.  */
+          kinfo = find_kinfo (parm, keyref);
+          if (!kinfo)  /* New entry.  */
+            kinfo = create_kinfo (parm, keyref);
+
+          xfree (kinfo->label);
+          kinfo->label = label;
+        }
+      break;
+
+    case 10:
+      if (!memcmp (keyword, "PUBKEY-URL", keywordlen))
+        {
+          xfree (parm->pubkey_url);
+          parm->pubkey_url = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "LOGIN-DATA", keywordlen))
+        {
+          xfree (parm->login_data);
+          parm->login_data = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "CHV-STATUS", keywordlen))
+        {
+          char *p, *buf;
+
+          buf = p = unescape_status_string (line);
+          if (buf)
+            while (spacep (p))
+              p++;
+
+          if (!buf)
+            ;
+          else if (parm->apptype == APP_TYPE_OPENPGP)
+            {
+              parm->chv1_cached = atoi (p);
+              while (*p && !spacep (p))
+                p++;
+              while (spacep (p))
+                p++;
+              for (i=0; *p && i < 3; i++)
+                {
+                  parm->chvmaxlen[i] = atoi (p);
+                  while (*p && !spacep (p))
+                    p++;
+                  while (spacep (p))
+                    p++;
+                }
+              parm->nchvmaxlen = 3;
+              for (i=0; *p && i < 3; i++)
+                {
+                  parm->chvinfo[i] = atoi (p);
+                  while (*p && !spacep (p))
+                    p++;
+                  while (spacep (p))
+                    p++;
+                }
+              parm->nchvinfo = 3;
+            }
+          else
+            {
+              for (i=0; *p && i < DIM (parm->chvinfo); i++)
+                {
+                  parm->chvinfo[i] = atoi (p);
+                  while (*p && !spacep (p))
+                    p++;
+                  while (spacep (p))
+                    p++;
+                }
+              parm->nchvinfo = i;
+            }
+
+          xfree (buf);
+        }
+      else if (!memcmp (keyword, "APPVERSION", keywordlen))
+        {
+          unsigned int val = 0;
+
+          sscanf (line, "%x", &val);
+          parm->appversion = val;
+        }
+      break;
+
+    case 11:
+      if (!memcmp (keyword, "SIG-COUNTER", keywordlen))
+        {
+          parm->sig_counter = strtoul (line, NULL, 0);
+        }
+      else if (!memcmp (keyword, "KEYPAIRINFO", keywordlen))
+        {
+          /* The format of such a line is:
+           *   KEYPAIRINFO <hexgrip> <keyref> [usage] [keytime]
+           */
+          const char *fields[4];
+          int nfields;
+          const char *hexgrp, *usage;
+          time_t keytime;
+
+          line_buffer = pline = xstrdup (line);
+
+          if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
+            goto leave;  /* not enough args - invalid status line.  */
+
+          hexgrp = fields[0];
+          keyref = fields[1];
+          if (nfields > 2)
+            usage = fields[2];
+          else
+            usage = "";
+          if (nfields > 3)
+            keytime = parse_timestamp (fields[3], NULL);
+          else
+            keytime = 0;
+
+          /* Check whether we already have an item for the keyref.  */
+          kinfo = find_kinfo (parm, keyref);
+          if (!kinfo)  /* New entry.  */
+            kinfo = create_kinfo (parm, keyref);
+          else /* Existing entry - clear grip and usage  */
+            {
+              memset (kinfo->grip, 0, sizeof kinfo->grip);
+              kinfo->usage = 0;
+            }
+
+          /* Set or update the grip.  Note that due to the
+           * calloc/memset an erroneous too short grip will be nul
+           * padded on the right. */
+          unhexify_fpr (hexgrp, kinfo->grip, sizeof kinfo->grip);
+          /* Parse and set the usage.  */
+          for (; *usage; usage++)
+            {
+              switch (*usage)
+                {
+                case 's': kinfo->usage |= GCRY_PK_USAGE_SIGN; break;
+                case 'c': kinfo->usage |= GCRY_PK_USAGE_CERT; break;
+                case 'a': kinfo->usage |= GCRY_PK_USAGE_AUTH; break;
+                case 'e': kinfo->usage |= GCRY_PK_USAGE_ENCR; break;
+                }
+            }
+          /* Store the keytime.  */
+          kinfo->created = keytime == (time_t)(-1)? 0 : (u32)keytime;
+        }
+      else if (!memcmp (keyword, "CARDVERSION", keywordlen))
+        {
+          unsigned int val = 0;
+
+          sscanf (line, "%x", &val);
+          parm->cardversion = val;
+        }
+      break;
+
+    case 12:
+      if (!memcmp (keyword, "PRIVATE-DO-", 11)
+          && strchr("1234", keyword[11]))
+        {
+          int no = keyword[11] - '1';
+          log_assert (no >= 0 && no <= 3);
+          xfree (parm->private_do[no]);
+          parm->private_do[no] = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "MANUFACTURER", 12))
+        {
+          xfree (parm->manufacturer_name);
+          parm->manufacturer_name = NULL;
+          parm->manufacturer_id = strtoul (line, &endp, 0);
+          while (endp && spacep (endp))
+            endp++;
+          if (endp && *endp)
+            parm->manufacturer_name = xstrdup (endp);
+        }
+      break;
+
+    case 13:
+      if (!memcmp (keyword, "$DISPSERIALNO", keywordlen))
+        {
+          xfree (parm->dispserialno);
+          parm->dispserialno = unescape_status_string (line);
+        }
+      else if (!memcmp (keyword, "KEY-ATTR-INFO", keywordlen))
+        {
+          if (!strncmp (line, "OPENPGP.", 8))
+            {
+              int no;
+
+              line += 8;
+              no = atoi (line);
+              if (no >= 1 && no <= 3)
+                {
+                  no--;
+                  line++;
+                  while (spacep (line))
+                    line++;
+                  append_to_strlist (&parm->supported_keyalgo[no],
+                                     xstrdup (line));
+                }
+            }
+          /* Skip when it's not "OPENPGP.[123]".  */
+        }
+      break;
+
+    default:
+      /* Unknown.  */
+      break;
+    }
+
+ leave:
+  xfree (line_buffer);
+  return 0;
+}
+
+
+/* Call the scdaemon to learn about a smartcard.  This fills INFO
+ * with data from the card. */
+gpg_error_t
+scd_learn (card_info_t info, int reread)
+{
+  gpg_error_t err;
+  struct default_inq_parm_s parm;
+  struct card_info_s dummyinfo;
+
+  if (!info)
+    info = &dummyinfo;
+
+  memset (info, 0, sizeof *info);
+  memset (&parm, 0, sizeof parm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  parm.ctx = agent_ctx;
+  err = assuan_transact (agent_ctx,
+                         reread? "SCD LEARN --force --reread"
+                         /*  */: "SCD LEARN --force",
+                         dummy_data_cb, NULL, default_inq_cb, &parm,
+                         learn_status_cb, info);
+  /* Also try to get some other key attributes.  */
+  if (!err)
+    {
+      info->initialized = 1;
+
+      err = scd_getattr ("KEY-ATTR", info);
+      if (gpg_err_code (err) == GPG_ERR_INV_NAME
+          || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
+        err = 0; /* Not implemented or GETATTR not supported.  */
+      err = scd_getattr ("$DISPSERIALNO", info);
+      if (gpg_err_code (err) == GPG_ERR_INV_NAME
+          || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
+        err = 0; /* Not implemented or GETATTR not supported.  */
+      err = scd_getattr ("KEY-LABEL", info);
+      if (gpg_err_code (err) == GPG_ERR_INV_NAME
+          || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
+        err = 0; /* Not implemented or GETATTR not supported.  */
+    }
+
+  if (info == &dummyinfo)
+    release_card_info (info);
+
+  return err;
+}
+
+
+/* Call the agent to retrieve a data object.  This function returns
+ * the data in the same structure as used by the learn command.  It is
+ * allowed to update such a structure using this command. */
+gpg_error_t
+scd_getattr (const char *name, struct card_info_s *info)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  struct default_inq_parm_s parm;
+
+  memset (&parm, 0, sizeof parm);
+
+  if (!*name)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  /* We assume that NAME does not need escaping. */
+  if (12 + strlen (name) > DIM(line)-1)
+    return gpg_error (GPG_ERR_TOO_LARGE);
+  stpcpy (stpcpy (line, "SCD GETATTR "), name);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  parm.ctx = agent_ctx;
+  err = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
+                        learn_status_cb, info);
+
+  return err;
+}
+
+
+/* Send an setattr command to the SCdaemon.  */
+gpg_error_t
+scd_setattr (const char *name,
+             const unsigned char *value, size_t valuelen)
+{
+  gpg_error_t err;
+  char *tmp;
+  char *line = NULL;
+  struct default_inq_parm_s parm;
+
+
+  if (!*name || !valuelen)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  tmp = strconcat ("SCD SETATTR ", name, " ", NULL);
+  if (!tmp)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  line = percent_data_escape (1, tmp, value, valuelen);
+  xfree (tmp);
+  if (!line)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  if (strlen (line) + 10 > ASSUAN_LINELENGTH)
+    {
+      err = gpg_error (GPG_ERR_TOO_LARGE);
+      goto leave;
+    }
+
+  err = start_agent (0);
+  if (err )
+    goto leave;
+
+  memset (&parm, 0, sizeof parm);
+  parm.ctx = agent_ctx;
+  err = assuan_transact (agent_ctx, line, NULL, NULL,
+                         default_inq_cb, &parm, NULL, NULL);
+
+ leave:
+  xfree (line);
+  return status_sc_op_failure (err);
+}
+
+
+
+/* Handle a CERTDATA inquiry.  Note, we only send the data,
+ * assuan_transact takes care of flushing and writing the END
+ * command. */
+static gpg_error_t
+inq_writecert_parms (void *opaque, const char *line)
+{
+  gpg_error_t err;
+  struct writecert_parm_s *parm = opaque;
+
+  if (has_leading_keyword (line, "CERTDATA"))
+    {
+      err = assuan_send_data (parm->dflt->ctx,
+                              parm->certdata, parm->certdatalen);
+    }
+  else
+    err = default_inq_cb (parm->dflt, line);
+
+  return err;
+}
+
+
+/* Send a WRITECERT command to the SCdaemon. */
+gpg_error_t
+scd_writecert (const char *certidstr,
+               const unsigned char *certdata, size_t certdatalen)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  struct writecert_parm_s parms;
+  struct default_inq_parm_s dfltparm;
+
+  memset (&dfltparm, 0, sizeof dfltparm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  memset (&parms, 0, sizeof parms);
+
+  snprintf (line, sizeof line, "SCD WRITECERT %s", certidstr);
+  dfltparm.ctx = agent_ctx;
+  parms.dflt = &dfltparm;
+  parms.certdata = certdata;
+  parms.certdatalen = certdatalen;
+
+  err = assuan_transact (agent_ctx, line, NULL, NULL,
+                         inq_writecert_parms, &parms, NULL, NULL);
+
+  return status_sc_op_failure (err);
+}
+
+
+
+/* Send a WRITEKEY command to the agent (so that the agent can fetch
+ * the key to write).  KEYGRIP is the hexified keygrip of the source
+ * key which will be written to the slot KEYREF.  FORCE must be true
+ * to overwrite an existing key.  */
+gpg_error_t
+scd_writekey (const char *keyref, int force, const char *keygrip)
+{
+  gpg_error_t err;
+  struct default_inq_parm_s parm;
+  char line[ASSUAN_LINELENGTH];
+
+  memset (&parm, 0, sizeof parm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  /* Note: We don't send the s/n but "-" because gpg-agent has
+   * currently no use for it. */
+  /* FIXME: For OpenPGP we should provide the creation time.  */
+  snprintf (line, sizeof line, "KEYTOCARD%s %s - %s",
+            force? " --force":"", keygrip, keyref);
+  err = assuan_transact (agent_ctx, line, NULL, NULL,
+                         default_inq_cb, &parm, NULL, NULL);
+
+  return status_sc_op_failure (err);
+}
+
+
+
+/* Status callback for the SCD GENKEY command. */
+static gpg_error_t
+scd_genkey_cb (void *opaque, const char *line)
+{
+  u32 *createtime = opaque;
+  const char *keyword = line;
+  int keywordlen;
+
+  for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+    ;
+  while (spacep (line))
+    line++;
+
+ if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
+    {
+      if (createtime)
+        *createtime = (u32)strtoul (line, NULL, 10);
+    }
+  else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
+    {
+      gnupg_status_printf (STATUS_PROGRESS, "%s", line);
+    }
+
+  return 0;
+}
+
+
+/* Send a GENKEY command to the SCdaemon.  If *CREATETIME is not 0,
+ * the value will be passed to SCDAEMON with --timestamp option so that
+ * the key is created with this.  Otherwise, timestamp was generated by
+ * SCDAEMON.  On success, creation time is stored back to CREATETIME.  */
+gpg_error_t
+scd_genkey (const char *keyref, int force, const char *algo, u32 *createtime)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  gnupg_isotime_t tbuf;
+  struct default_inq_parm_s dfltparm;
+
+  memset (&dfltparm, 0, sizeof dfltparm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  if (createtime && *createtime)
+    epoch2isotime (tbuf, *createtime);
+  else
+    *tbuf = 0;
+
+  snprintf (line, sizeof line, "SCD GENKEY %s%s %s %s%s -- %s",
+            *tbuf? "--timestamp=":"", tbuf,
+            force? "--force":"",
+            algo? "--algo=":"",
+            algo? algo:"",
+            keyref);
+
+  dfltparm.ctx = agent_ctx;
+  err = assuan_transact (agent_ctx, line,
+                         NULL, NULL, default_inq_cb, &dfltparm,
+                         scd_genkey_cb, createtime);
+
+  return status_sc_op_failure (err);
+}
+
+
+
+/* Return the serial number of the card or an appropriate error.  The
+ * serial number is returned as a hexstring.  If DEMAND is not NULL
+ * the reader with the a card of the serial number DEMAND is
+ * requested.  */
+gpg_error_t
+scd_serialno (char **r_serialno, const char *demand)
+{
+  int err;
+  char *serialno = NULL;
+  char line[ASSUAN_LINELENGTH];
+
+  err = start_agent (START_AGENT_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  if (!demand)
+    strcpy (line, "SCD SERIALNO --all");
+  else
+    snprintf (line, DIM(line), "SCD SERIALNO --demand=%s --all", demand);
+
+  err = assuan_transact (agent_ctx, line,
+                         NULL, NULL, NULL, NULL,
+                         get_serialno_cb, &serialno);
+  if (err)
+    {
+      xfree (serialno);
+      return err;
+    }
+
+  if (r_serialno)
+    *r_serialno = serialno;
+  else
+    xfree (serialno);
+  return 0;
+}
+
+
+
+/* Send a READCERT command to the SCdaemon. */
+gpg_error_t
+scd_readcert (const char *certidstr, void **r_buf, size_t *r_buflen)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  membuf_t data;
+  size_t len;
+  struct default_inq_parm_s dfltparm;
+
+  memset (&dfltparm, 0, sizeof dfltparm);
+
+  *r_buf = NULL;
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  dfltparm.ctx = agent_ctx;
+
+  init_membuf (&data, 2048);
+
+  snprintf (line, sizeof line, "SCD READCERT %s", certidstr);
+  err = assuan_transact (agent_ctx, line,
+                         put_membuf_cb, &data,
+                         default_inq_cb, &dfltparm,
+                         NULL, NULL);
+  if (err)
+    {
+      xfree (get_membuf (&data, &len));
+      return err;
+    }
+
+  *r_buf = get_membuf (&data, r_buflen);
+  if (!*r_buf)
+    return gpg_error_from_syserror ();
+
+  return 0;
+}
+
+
+
+/* Send a READKEY command to the SCdaemon.  On success a new
+ * s-expression is stored at R_RESULT.  */
+gpg_error_t
+scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  membuf_t data;
+  unsigned char *buf;
+  size_t len, buflen;
+
+  *r_result = NULL;
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  init_membuf (&data, 1024);
+  snprintf (line, DIM(line), "SCD READKEY %s", keyrefstr);
+  err = assuan_transact (agent_ctx, line,
+                         put_membuf_cb, &data,
+                         NULL, NULL,
+                         NULL, NULL);
+  if (err)
+    {
+      xfree (get_membuf (&data, &len));
+      return err;
+    }
+  buf = get_membuf (&data, &buflen);
+  if (!buf)
+    return gpg_error_from_syserror ();
+
+  err = gcry_sexp_new (r_result, buf, buflen, 0);
+  xfree (buf);
+
+  return err;
+}
+
+
+
+/* Callback function for card_cardlist.  */
+static gpg_error_t
+card_cardlist_cb (void *opaque, const char *line)
+{
+  struct card_cardlist_parm_s *parm = opaque;
+  const char *keyword = line;
+  int keywordlen;
+
+  for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+    ;
+  while (spacep (line))
+    line++;
+
+  if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+    {
+      const char *s;
+      int n;
+
+      for (n=0,s=line; hexdigitp (s); s++, n++)
+        ;
+
+      if (!n || (n&1))
+        parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+      if (parm->with_apps)
+        {
+          /* Format of the stored string is the S/N, a space, and a
+           * space separated list of appnames.  */
+          if (*s && (*s != ' ' || spacep (s+1) || !s[1]))
+            parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+          else /* We assume the rest of the line is well formatted.  */
+            add_to_strlist (&parm->list, line);
+        }
+      else
+        {
+          if (*s)
+            parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+          else
+            add_to_strlist (&parm->list, line);
+        }
+    }
+
+  return 0;
+}
+
+
+/* Return the serial numbers of all cards currently inserted.  */
+gpg_error_t
+scd_cardlist (strlist_t *result)
+{
+  gpg_error_t err;
+  struct card_cardlist_parm_s parm;
+
+  memset (&parm, 0, sizeof parm);
+  *result = NULL;
+
+  err = start_agent (START_AGENT_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  err = assuan_transact (agent_ctx, "SCD GETINFO card_list",
+                         NULL, NULL, NULL, NULL,
+                         card_cardlist_cb, &parm);
+  if (!err && parm.error)
+    err = parm.error;
+
+  if (!err)
+    *result = parm.list;
+  else
+    free_strlist (parm.list);
+
+  return err;
+}
+
+
+/* Return the serial numbers and appnames of the current card or, with
+ * ALL given has true, of all cards currently inserted.  */
+gpg_error_t
+scd_applist (strlist_t *result, int all)
+{
+  gpg_error_t err;
+  struct card_cardlist_parm_s parm;
+
+  memset (&parm, 0, sizeof parm);
+  *result = NULL;
+
+  err = start_agent (START_AGENT_SUPPRESS_ERRORS);
+  if (err)
+    return err;
+
+  parm.with_apps = 1;
+  err = assuan_transact (agent_ctx,
+                         all ? "SCD GETINFO all_active_apps"
+                         /**/: "SCD GETINFO active_apps",
+                         NULL, NULL, NULL, NULL,
+                         card_cardlist_cb, &parm);
+  if (!err && parm.error)
+    err = parm.error;
+
+  if (!err)
+    *result = parm.list;
+  else
+    free_strlist (parm.list);
+
+  return err;
+}
+
+
+
+/* Change the PIN of a card or reset the retry counter.  If NULLPIN is
+ * set the TCOS specific NullPIN is changed.  */
+gpg_error_t
+scd_change_pin (const char *pinref, int reset_mode, int nullpin)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  struct default_inq_parm_s dfltparm;
+
+  memset (&dfltparm, 0, sizeof dfltparm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+  dfltparm.ctx = agent_ctx;
+
+  snprintf (line, sizeof line, "SCD PASSWD%s %s",
+            nullpin? " --nullpin": reset_mode? " --reset":"", pinref);
+  err = assuan_transact (agent_ctx, line,
+                         NULL, NULL,
+                         default_inq_cb, &dfltparm,
+                         NULL, NULL);
+
+  return status_sc_op_failure (err);
+}
+
+
+/* Perform a CHECKPIN operation.  SERIALNO should be the serial
+ * number of the card - optionally followed by the fingerprint;
+ * however the fingerprint is ignored here. */
+gpg_error_t
+scd_checkpin (const char *serialno)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  struct default_inq_parm_s dfltparm;
+
+  memset (&dfltparm, 0, sizeof dfltparm);
+
+  err = start_agent (0);
+  if (err)
+    return err;
+  dfltparm.ctx = agent_ctx;
+
+  snprintf (line, sizeof line, "SCD CHECKPIN %s", serialno);
+  err = assuan_transact (agent_ctx, line,
+                         NULL, NULL,
+                         default_inq_cb, &dfltparm,
+                         NULL, NULL);
+  return status_sc_op_failure (err);
+}
+
+
+/* Return the S2K iteration count as computed by gpg-agent.  On error
+ * print a warning and return a default value. */
+unsigned long
+agent_get_s2k_count (void)
+{
+  gpg_error_t err;
+  membuf_t data;
+  char *buf;
+  unsigned long count = 0;
+
+  err = start_agent (0);
+  if (err)
+    goto leave;
+
+  init_membuf (&data, 32);
+  err = assuan_transact (agent_ctx, "GETINFO s2k_count",
+                        put_membuf_cb, &data,
+                        NULL, NULL, NULL, NULL);
+  if (err)
+    xfree (get_membuf (&data, NULL));
+  else
+    {
+      put_membuf (&data, "", 1);
+      buf = get_membuf (&data, NULL);
+      if (!buf)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          count = strtoul (buf, NULL, 10);
+          xfree (buf);
+        }
+    }
+
+ leave:
+  if (err || count < 65536)
+    {
+      /* Don't print an error if an older agent is used.  */
+      if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+        log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+
+      /* Default to 65536 which was used up to 2.0.13.  */
+      count = 65536;
+    }
+
+  return count;
+}
+
+
+/* Return a malloced string describing the statusword SW.  On error
+ * NULL is returned.  */
+char *
+scd_apdu_strerror (unsigned int sw)
+{
+  gpg_error_t err;
+  char line[ASSUAN_LINELENGTH];
+  membuf_t data;
+  char *buf;
+
+  err = start_agent (0);
+  if (err)
+    return NULL;
+
+  init_membuf (&data, 64);
+  snprintf (line, sizeof line, "SCD GETINFO apdu_strerror 0x%x", sw);
+  err = assuan_transact (agent_ctx, line, put_membuf_cb, &data,
+                         NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      xfree (get_membuf (&data, NULL));
+      return NULL;
+    }
+
+  put_membuf (&data, "", 1);
+  buf = get_membuf (&data, NULL);
+  return buf;
+}
diff --git a/tools/card-keys.c b/tools/card-keys.c
new file mode 100644
index 0000000..3027de9
--- /dev/null
+++ b/tools/card-keys.c
@@ -0,0 +1,652 @@
+/* card-keys.c - OpenPGP and CMS related functions for gpg-card
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../common/util.h"
+#include "../common/i18n.h"
+#include "../common/ccparray.h"
+#include "../common/exectool.h"
+#include "../common/openpgpdefs.h"
+#include "gpg-card.h"
+
+
+/* It is quite common that all keys of an OpenPGP card belong to the
+ * the same OpenPGP keyblock.  To avoid running several queries
+ * despite that we already got the information with the previous
+ * keyblock, we keep a small cache of of previous done queries.  */
+static struct
+{
+  unsigned int lru;
+  keyblock_t keyblock;
+} keyblock_cache[5];
+
+
+
+/* Helper for release_keyblock.  */
+static void
+do_release_keyblock (keyblock_t keyblock)
+{
+  pubkey_t pubkey;
+  userid_t uid;
+
+  while (keyblock)
+    {
+      keyblock_t keyblocknext = keyblock->next;
+      pubkey = keyblock->keys;
+      while (pubkey)
+        {
+          pubkey_t pubkeynext = pubkey->next;
+          xfree (pubkey);
+          pubkey = pubkeynext;
+        }
+      uid = keyblock->uids;
+      while (uid)
+        {
+          userid_t uidnext = uid->next;
+          xfree (uid->value);
+          xfree (uid);
+          uid = uidnext;
+        }
+      xfree (keyblock);
+      keyblock = keyblocknext;
+    }
+}
+
+
+/* Release a keyblock object.  */
+void
+release_keyblock (keyblock_t keyblock)
+{
+  static unsigned int lru_counter;
+  unsigned int lru;
+  int i, lru_idx;
+
+  if (!keyblock)
+    return;
+
+  lru = (unsigned int)(-1);
+  lru_idx = 0;
+  for (i=0; i < DIM (keyblock_cache); i++)
+    {
+      if (!keyblock_cache[i].keyblock)
+        {
+          keyblock_cache[i].keyblock = keyblock;
+          keyblock_cache[i].lru = ++lru_counter;
+          goto leave;
+        }
+      if (keyblock_cache[i].lru < lru)
+        {
+          lru = keyblock_cache[i].lru;
+          lru_idx = i;
+        }
+    }
+
+  /* No free slot.  Replace one. */
+  do_release_keyblock (keyblock_cache[lru_idx].keyblock);
+  keyblock_cache[lru_idx].keyblock = keyblock;
+  keyblock_cache[lru_idx].lru = ++lru_counter;
+
+ leave:
+  if (!lru_counter)
+    {
+      /* Wrapped around.  We simply clear the entire cache. */
+      flush_keyblock_cache ();
+    }
+}
+
+
+/* Flush the enire keyblock cache.  */
+void
+flush_keyblock_cache (void)
+{
+  int i;
+
+  for (i=0; i < DIM (keyblock_cache); i++)
+    {
+      do_release_keyblock (keyblock_cache[i].keyblock);
+      keyblock_cache[i].keyblock = NULL;
+    }
+}
+
+
+
+/* Object to communicate with the status_cb. */
+struct status_cb_s
+{
+  const char *pgm; /* Name of the program for debug purposes. */
+  int no_pubkey;   /* Result flag.  */
+};
+
+
+/* Status callback helper for the exec functions.  */
+static void
+status_cb (void *opaque, const char *keyword, char *args)
+{
+  struct status_cb_s *c = opaque;
+  const char *s;
+
+  if (DBG_EXTPROG)
+    log_debug ("%s: status: %s %s\n", c->pgm, keyword, args);
+
+  if (!strcmp (keyword, "ERROR")
+      && (s=has_leading_keyword (args, "keylist.getkey"))
+      && gpg_err_code (atoi (s)) == GPG_ERR_NO_PUBKEY)
+    {
+      /* No public key was found.  gpg terminates with an error in
+       * this case and we can't change that behaviour.  Instead we
+       * detect this status and carry that error forward. */
+      c->no_pubkey = 1;
+    }
+
+}
+
+
+/* Helper for get_matching_keys to parse "pub" style records.  */
+static gpg_error_t
+parse_key_record (char **fields, int nfields, pubkey_t *r_pubkey)
+{
+  pubkey_t pubkey;
+
+  (void)fields; /* Not yet used.  */
+  (void)nfields;
+
+  pubkey = xtrycalloc (1, sizeof *pubkey);
+  if (!pubkey)
+    return gpg_error_from_syserror ();
+
+  if (nfields > 5)
+    pubkey->created = parse_timestamp (fields[5], NULL);
+
+  *r_pubkey = pubkey;
+  return 0;
+}
+
+
+/* Run gpg or gpgsm to get a list of all keys matching the 20 byte
+ * KEYGRIP.  PROTOCOL is one of or a combination of
+ * GNUPG_PROTOCOL_OPENPGP and GNUPG_PROTOCOL_CMS.  On success a new
+ * keyblock is stored at R_KEYBLOCK; on error NULL is stored there. */
+gpg_error_t
+get_matching_keys (const unsigned char *keygrip, int protocol,
+                   keyblock_t *r_keyblock)
+{
+  gpg_error_t err;
+  ccparray_t ccp;
+  const char **argv;
+  estream_t listing;
+  char hexgrip[1 + (2*KEYGRIP_LEN) + 1];
+  char *line = NULL;
+  size_t length_of_line = 0;
+  size_t maxlen;
+  ssize_t len;
+  char **fields = NULL;
+  int nfields;
+  int first_seen;
+  int i;
+  keyblock_t keyblock_head, *keyblock_tail, kb;
+  pubkey_t pubkey, pk;
+  size_t n;
+  struct status_cb_s status_cb_parm;
+
+  *r_keyblock = NULL;
+
+  keyblock_head = NULL;
+  keyblock_tail = &keyblock_head;
+  kb = NULL;
+
+  /* Shortcut to run a listing on both protocols.  */
+  if ((protocol & GNUPG_PROTOCOL_OPENPGP) && (protocol & GNUPG_PROTOCOL_CMS))
+    {
+      err = get_matching_keys (keygrip, GNUPG_PROTOCOL_OPENPGP, &kb);
+      if (!err || gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
+        {
+          if (!err)
+            {
+              *keyblock_tail = kb;
+              keyblock_tail = &kb->next;
+              kb = NULL;
+            }
+          err = get_matching_keys (keygrip, GNUPG_PROTOCOL_CMS, &kb);
+          if (!err)
+            {
+              *keyblock_tail = kb;
+              keyblock_tail = &kb->next;
+              kb = NULL;
+            }
+          else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)
+            err = 0;
+        }
+      if (err)
+        release_keyblock (keyblock_head);
+      else
+        *r_keyblock = keyblock_head;
+      return err;
+    }
+
+  /* Check that we have only one protocol.  */
+  if (protocol != GNUPG_PROTOCOL_OPENPGP && protocol != GNUPG_PROTOCOL_CMS)
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+
+  /* Try to get it from our cache. */
+  for (i=0; i < DIM (keyblock_cache); i++)
+    for (kb = keyblock_cache[i].keyblock; kb; kb = kb->next)
+      if (kb->protocol == protocol)
+        for (pk = kb->keys; pk; pk = pk->next)
+          if (pk->grip_valid && !memcmp (pk->grip, keygrip, KEYGRIP_LEN))
+            {
+              *r_keyblock = keyblock_cache[i].keyblock;
+              keyblock_cache[i].keyblock = NULL;
+              return 0;
+            }
+
+  /* Open a memory stream.  */
+  listing = es_fopenmem (0, "w+b");
+  if (!listing)
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
+      return err;
+    }
+
+  status_cb_parm.pgm = protocol == GNUPG_PROTOCOL_OPENPGP? "gpg":"gpgsm";
+  status_cb_parm.no_pubkey = 0;
+
+  hexgrip[0] = '&';
+  bin2hex (keygrip, KEYGRIP_LEN, hexgrip+1);
+
+  ccparray_init (&ccp, 0);
+
+  if (opt.verbose > 1 || DBG_EXTPROG)
+    ccparray_put (&ccp, "--verbose");
+  else
+    ccparray_put (&ccp, "--quiet");
+  ccparray_put (&ccp, "--no-options");
+  ccparray_put (&ccp, "--batch");
+  ccparray_put (&ccp, "--status-fd=2");
+  ccparray_put (&ccp, "--with-colons");
+  ccparray_put (&ccp, "--with-keygrip");
+  ccparray_put (&ccp, "--list-keys");
+  ccparray_put (&ccp, hexgrip);
+
+  ccparray_put (&ccp, NULL);
+  argv = ccparray_get (&ccp, NULL);
+  if (!argv)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  err = gnupg_exec_tool_stream (protocol == GNUPG_PROTOCOL_OPENPGP?
+                                opt.gpg_program : opt.gpgsm_program,
+                                argv, NULL, NULL, listing, status_cb,
+                                &status_cb_parm);
+  if (err)
+    {
+      if (status_cb_parm.no_pubkey)
+        err = gpg_error (GPG_ERR_NO_PUBKEY);
+      else if (gpg_err_code (err) != GPG_ERR_GENERAL)
+        log_error ("key listing failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  es_rewind (listing);
+  first_seen = 0;
+  maxlen = 8192; /* Set limit large enough for all escaped UIDs.  */
+  while ((len = es_read_line (listing, &line, &length_of_line, &maxlen)) > 0)
+    {
+      if (!maxlen)
+        {
+          log_error ("received line too long\n");
+          err = gpg_error (GPG_ERR_LINE_TOO_LONG);
+          goto leave;
+        }
+      /* Strip newline and carriage return, if present.  */
+      while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r'))
+	line[--len] = '\0';
+
+      xfree (fields);
+      fields = strtokenize (line, ":");
+      if (!fields)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("strtokenize failed: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+      for (nfields = 0; fields[nfields]; nfields++)
+        ;
+      if (!nfields)
+        {
+          err = gpg_error (GPG_ERR_INV_ENGINE);
+          goto leave;
+        }
+
+      /* Skip over all records until we reach a pub or sec.  */
+      if (!first_seen
+          && (!strcmp (fields[0], "pub") || !strcmp (fields[0], "sec")
+              || !strcmp (fields[0], "crt") || !strcmp (fields[0], "crs")))
+        first_seen = 1;
+      if (!first_seen)
+        continue;
+
+      if (!strcmp (fields[0], "pub") || !strcmp (fields[0], "sec")
+          || !strcmp (fields[0], "crt") || !strcmp (fields[0], "crs"))
+        {
+          if (kb)  /* Finish the current keyblock.  */
+            {
+              *keyblock_tail = kb;
+              keyblock_tail = &kb->next;
+            }
+          kb = xtrycalloc (1, sizeof *kb);
+          if (!kb)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          kb->protocol = protocol;
+          err = parse_key_record (fields, nfields, &pubkey);
+          if (err)
+            goto leave;
+          kb->keys = pubkey;
+          pubkey = NULL;
+        }
+      else if (!strcmp (fields[0], "sub") || !strcmp (fields[0], "ssb"))
+        {
+          log_assert (kb && kb->keys);
+          err = parse_key_record (fields, nfields, &pubkey);
+          if (err)
+            goto leave;
+          for (pk = kb->keys; pk->next; pk = pk->next)
+                ;
+          pk->next = pubkey;
+          pubkey = NULL;
+        }
+      else if (!strcmp (fields[0], "fpr") && nfields > 9)
+        {
+          log_assert (kb && kb->keys);
+          n = strlen (fields[9]);
+          if (n != 64 && n != 40 && n != 32)
+            {
+              log_debug ("bad length (%zu) in fpr record\n", n);
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+          n /= 2;
+
+          for (pk = kb->keys; pk->next; pk = pk->next)
+            ;
+          if (pk->fprlen)
+            {
+              log_debug ("too many fpr records\n");
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+          log_assert (n <= sizeof pk->fpr);
+          pk->fprlen = n;
+          if (hex2bin (fields[9], pk->fpr, n) < 0)
+            {
+              log_debug ("bad chars in fpr record\n");
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+        }
+      else if (!strcmp (fields[0], "grp") && nfields > 9)
+        {
+          log_assert (kb && kb->keys);
+          n = strlen (fields[9]);
+          if (n != 2*KEYGRIP_LEN)
+            {
+              log_debug ("bad length (%zu) in grp record\n", n);
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+          n /= 2;
+
+          for (pk = kb->keys; pk->next; pk = pk->next)
+            ;
+          if (pk->grip_valid)
+            {
+              log_debug ("too many grp records\n");
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+          if (hex2bin (fields[9], pk->grip, KEYGRIP_LEN) < 0)
+            {
+              log_debug ("bad chars in fpr record\n");
+              err = gpg_error (GPG_ERR_INV_ENGINE);
+              goto leave;
+            }
+          pk->grip_valid = 1;
+          if (!memcmp (pk->grip, keygrip, KEYGRIP_LEN))
+            pk->requested = 1;
+        }
+      else if (!strcmp (fields[0], "uid") && nfields > 9)
+        {
+          userid_t uid, u;
+
+          uid = xtrycalloc (1, sizeof *uid);
+          if (!uid)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          uid->value = decode_c_string (fields[9]);
+          if (!uid->value)
+            {
+              err = gpg_error_from_syserror ();
+              xfree (uid);
+              goto leave;
+            }
+          if (!kb->uids)
+            kb->uids = uid;
+          else
+            {
+              for (u = kb->uids; u->next; u = u->next)
+                ;
+              u->next = uid;
+            }
+        }
+    }
+  if (len < 0 || es_ferror (listing))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error reading memory stream\n");
+      goto leave;
+    }
+
+  if (kb) /* Finish the current keyblock.  */
+    {
+      *keyblock_tail = kb;
+      keyblock_tail = &kb->next;
+      kb = NULL;
+    }
+
+  if (!keyblock_head)
+    err = gpg_error (GPG_ERR_NO_PUBKEY);
+
+ leave:
+  if (err)
+    release_keyblock (keyblock_head);
+  else
+    *r_keyblock = keyblock_head;
+  xfree (kb);
+  xfree (fields);
+  es_free (line);
+  xfree (argv);
+  es_fclose (listing);
+  return err;
+}
+
+
+void
+dump_keyblock (keyblock_t keyblock)
+{
+  keyblock_t kb;
+  pubkey_t pubkey;
+  userid_t uid;
+
+  for (kb = keyblock; kb; kb = kb->next)
+    {
+      log_info ("%s key:\n",
+                 kb->protocol == GNUPG_PROTOCOL_OPENPGP? "OpenPGP":"X.509");
+      for (pubkey = kb->keys; pubkey; pubkey = pubkey->next)
+        {
+          log_info ("  grip: ");
+          if (pubkey->grip_valid)
+            log_printhex (pubkey->grip, KEYGRIP_LEN, NULL);
+          log_printf ("%s\n", pubkey->requested? " (*)":"");
+
+          log_info ("   fpr: ");
+          log_printhex (pubkey->fpr, pubkey->fprlen, "");
+        }
+      for (uid = kb->uids; uid; uid = uid->next)
+        {
+          log_info ("   uid: %s\n", uid->value);
+        }
+    }
+}
+
+
+
+gpg_error_t
+test_get_matching_keys (const char *hexgrip)
+{
+  gpg_error_t err;
+  unsigned char grip[KEYGRIP_LEN];
+  keyblock_t keyblock;
+
+  if (strlen (hexgrip) != 40)
+    {
+      log_error ("error: invalid keygrip\n");
+      return 0;
+    }
+  if (hex2bin (hexgrip, grip, sizeof grip) < 0)
+    {
+      log_error ("error: bad kegrip\n");
+      return 0;
+    }
+  err = get_matching_keys (grip,
+                           (GNUPG_PROTOCOL_OPENPGP | GNUPG_PROTOCOL_CMS),
+                           &keyblock);
+  if (err)
+    {
+      log_error ("get_matching_keys failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
+  dump_keyblock (keyblock);
+  release_keyblock (keyblock);
+  return 0;
+}
+
+
+
+
+struct export_key_status_parm_s
+{
+  const char *fpr;
+  int found;
+  int count;
+};
+
+
+static void
+export_key_status_cb (void *opaque, const char *keyword, char *args)
+{
+  struct export_key_status_parm_s *parm = opaque;
+
+  if (!strcmp (keyword, "EXPORTED"))
+    {
+      parm->count++;
+      if (!ascii_strcasecmp (args, parm->fpr))
+        parm->found = 1;
+    }
+}
+
+
+/* Get a key by fingerprint from gpg's keyring.  The binary key is
+ * returned as a new memory stream at R_KEY.  */
+gpg_error_t
+get_minimal_openpgp_key (estream_t *r_key, const char *fingerprint)
+{
+  gpg_error_t err;
+  ccparray_t ccp;
+  const char **argv = NULL;
+  estream_t key = NULL;
+  struct export_key_status_parm_s parm = { NULL };
+
+  *r_key = NULL;
+
+  key = es_fopenmem (0, "w+b");
+  if (!key)
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  ccparray_init (&ccp, 0);
+
+  ccparray_put (&ccp, "--no-options");
+  if (!opt.verbose)
+    ccparray_put (&ccp, "--quiet");
+  else if (opt.verbose > 1)
+    ccparray_put (&ccp, "--verbose");
+  ccparray_put (&ccp, "--batch");
+  ccparray_put (&ccp, "--status-fd=2");
+  ccparray_put (&ccp, "--always-trust");
+  ccparray_put (&ccp, "--no-armor");
+  ccparray_put (&ccp, "--export-options=export-minimal");
+  ccparray_put (&ccp, "--export");
+  ccparray_put (&ccp, "--");
+  ccparray_put (&ccp, fingerprint);
+
+  ccparray_put (&ccp, NULL);
+  argv = ccparray_get (&ccp, NULL);
+  if (!argv)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  parm.fpr = fingerprint;
+  err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL,
+                                NULL, key,
+                                export_key_status_cb, &parm);
+  if (!err && parm.count > 1)
+    err = gpg_error (GPG_ERR_TOO_MANY);
+  else if (!err && !parm.found)
+    err = gpg_error (GPG_ERR_NOT_FOUND);
+  if (err)
+    {
+      log_error ("export failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  es_rewind (key);
+  *r_key = key;
+  key = NULL;
+
+ leave:
+  es_fclose (key);
+  xfree (argv);
+  return err;
+}
diff --git a/tools/card-misc.c b/tools/card-misc.c
new file mode 100644
index 0000000..6466e98
--- /dev/null
+++ b/tools/card-misc.c
@@ -0,0 +1,118 @@
+/* card-misc.c - Helper functions for gpg-card
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "../common/util.h"
+#include "../common/i18n.h"
+#include "../common/openpgpdefs.h"
+#include "gpg-card.h"
+
+/* Return the key info object for the key KEYREF.  If it is not found
+ * NULL is returned.  */
+key_info_t
+find_kinfo (card_info_t info, const char *keyref)
+{
+  key_info_t kinfo;
+
+  for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
+    if (!strcmp (kinfo->keyref, keyref))
+      return kinfo;
+  return NULL;
+}
+
+
+/* Convert STRING into a newly allocated buffer while translating the
+ * hex numbers.  Blanks and colons are allowed to separate pairs of
+ * hex digits.  Returns NULL on error or a newly malloced buffer and
+ * its length in LENGTH.  */
+void *
+hex_to_buffer (const char *string, size_t *r_length)
+{
+  unsigned char *buffer;
+  const char *s;
+  size_t n;
+
+  buffer = xtrymalloc (strlen (string)+1);
+  if (!buffer)
+    return NULL;
+  for (s=string, n=0; *s; s++)
+    {
+      if (ascii_isspace (*s) || *s == ':')
+        continue;
+      if (hexdigitp (s) && hexdigitp (s+1))
+        {
+          buffer[n++] = xtoi_2 (s);
+          s++;
+        }
+      else
+        {
+          xfree (buffer);
+          gpg_err_set_errno (EINVAL);
+          return NULL;
+        }
+    }
+  *r_length = n;
+  return buffer;
+}
+
+
+/* Direct sending of an hex encoded APDU with error printing.  This is
+ * a simple wrapper around scd_apdu.  */
+gpg_error_t
+send_apdu (const char *hexapdu, const char *desc, unsigned int ignore,
+           unsigned char **r_data, size_t *r_datalen)
+{
+  gpg_error_t err;
+  unsigned int sw;
+
+  err = scd_apdu (hexapdu, NULL, &sw, r_data, r_datalen);
+  if (err)
+    log_error ("sending card command %s failed: %s\n", desc,
+               gpg_strerror (err));
+  else if (!hexapdu
+           || !strcmp (hexapdu, "undefined")
+           || !strcmp (hexapdu, "reset-keep-lock")
+           || !strcmp (hexapdu, "lock")
+           || !strcmp (hexapdu, "trylock")
+           || !strcmp (hexapdu, "unlock"))
+    ; /* Ignore pseudo APDUs.  */
+  else if (ignore == 0xffff)
+    ; /* Ignore all status words.  */
+  else if (sw != 0x9000)
+    {
+      switch (sw)
+        {
+        case 0x6285: err = gpg_error (GPG_ERR_OBJ_TERM_STATE); break;
+        case 0x6982: err = gpg_error (GPG_ERR_BAD_PIN); break;
+        case 0x6985: err = gpg_error (GPG_ERR_USE_CONDITIONS); break;
+        default: err = gpg_error (GPG_ERR_CARD);
+        }
+      if (!(ignore && ignore == sw))
+        log_error ("card command %s failed: %s (0x%04x)\n", desc,
+                   gpg_strerror (err),  sw);
+    }
+  return err;
+}
diff --git a/tools/card-yubikey.c b/tools/card-yubikey.c
new file mode 100644
index 0000000..ece7edc
--- /dev/null
+++ b/tools/card-yubikey.c
@@ -0,0 +1,446 @@
+/* card-yubikey.c - Yubikey specific functions.
+ * Copyright (C) 2019 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "../common/util.h"
+#include "../common/i18n.h"
+#include "../common/tlv.h"
+#include "../common/ttyio.h"
+#include "gpg-card.h"
+
+
+/* Object to describe requested interface options.  */
+struct iface_s {
+  unsigned int usb:1;
+  unsigned int nfc:1;
+};
+
+
+/* Bit flags as used by the fields in struct ykapps_s. */
+#define YKAPP_USB_SUPPORTED  0x01
+#define YKAPP_USB_ENABLED    0x02
+#define YKAPP_NFC_SUPPORTED  0x04
+#define YKAPP_NFC_ENABLED    0x08
+#define YKAPP_SELECTED       0x80  /* Selected by the command.  */
+
+/* An object to describe the applications on a Yubikey.  Each field
+ * has 8 bits to hold the above flag values.  */
+struct ykapps_s {
+  unsigned int otp:8;
+  unsigned int u2f:8;
+  unsigned int opgp:8;
+  unsigned int piv:8;
+  unsigned int oath:8;
+  unsigned int fido2:8;
+};
+
+
+
+/* Helper to parse an unsigned integer config value consisting of bit
+ * flags.  TAG select the config item and MASK is the mask ORed into
+ * the value for a set bit.  The function modifies YK.  */
+static gpg_error_t
+parse_ul_config_value (struct ykapps_s *yk,
+                       const unsigned char *config, size_t configlen,
+                       int tag, unsigned int mask)
+{
+  const unsigned char *s;
+  size_t n;
+  unsigned long ul = 0;
+  int i;
+
+  s = find_tlv (config, configlen, tag, &n);
+  if (s && n)
+    {
+      if (n > sizeof ul)
+        {
+          log_error ("too large integer in Yubikey config tag %02x detected\n",
+                     tag);
+          if (opt.verbose)
+            log_printhex (config, configlen, "config:");
+          return gpg_error (GPG_ERR_CARD);
+        }
+      for (i=0; i < n; i++)
+        {
+          ul <<=8;
+          ul |= s[i];
+        }
+      if (ul & 0x01)
+        yk->otp |= mask;
+      if (ul & 0x02)
+        yk->u2f |= mask;
+      if (ul & 0x08)
+        yk->opgp |= mask;
+      if (ul & 0x10)
+        yk->piv |= mask;
+      if (ul & 0x20)
+        yk->oath |= mask;
+      if (ul & 0x200)
+        yk->fido2 |= mask;
+    }
+  return 0;
+}
+
+
+/* Create an unsigned integer config value for TAG from the data in YK
+ * and store it the provided 4 byte buffer RESULT. If ENABLE is true
+ * the respective APP_SELECTED bit in YK sets the corresponding bit
+ * flags, it is is false that bit flag is cleared.  IF APP_SELECTED is
+ * not set the bit flag is not changed.  */
+static void
+set_ul_config_value (struct ykapps_s *yk,
+                     unsigned int bitflag, int tag, unsigned int enable,
+                     unsigned char *result)
+{
+  unsigned long ul = 0;
+
+  /* First set the current values.  */
+  if ((yk->otp & bitflag))
+    ul |= 0x01;
+  if ((yk->u2f & bitflag))
+    ul |= 0x02;
+  if ((yk->opgp & bitflag))
+    ul |= 0x08;
+  if ((yk->piv & bitflag))
+    ul |= 0x10;
+  if ((yk->oath & bitflag))
+    ul |= 0x20;
+  if ((yk->fido2 & bitflag))
+    ul |= 0x200;
+
+  /* Then enable or disable the bits according to the selection flag.  */
+  if (enable)
+    {
+      if ((yk->otp & YKAPP_SELECTED))
+        ul |= 0x01;
+      if ((yk->u2f & YKAPP_SELECTED))
+        ul |= 0x02;
+      if ((yk->opgp & YKAPP_SELECTED))
+        ul |= 0x08;
+      if ((yk->piv & YKAPP_SELECTED))
+        ul |= 0x10;
+      if ((yk->oath & YKAPP_SELECTED))
+        ul |= 0x20;
+      if ((yk->fido2 & YKAPP_SELECTED))
+        ul |= 0x200;
+    }
+  else
+    {
+      if ((yk->otp & YKAPP_SELECTED))
+        ul &= ~0x01;
+      if ((yk->u2f & YKAPP_SELECTED))
+        ul &= ~0x02;
+      if ((yk->opgp & YKAPP_SELECTED))
+        ul &= ~0x08;
+      if ((yk->piv & YKAPP_SELECTED))
+        ul &= ~0x10;
+      if ((yk->oath & YKAPP_SELECTED))
+        ul &= ~0x20;
+      if ((yk->fido2 & YKAPP_SELECTED))
+        ul &= ~0x200;
+    }
+
+  /* Make sure that we do not disable the CCID transport.  Without
+   * CCID we won't have any way to change the configuration again.  We
+   * would instead need one of the other Yubikey tools to enable an
+   * application and thus its transport again.  */
+  if (bitflag == YKAPP_USB_ENABLED && !(ul & (0x08|0x10|0x20)))
+    {
+      log_info ("Enabling PIV to have at least one CCID transport\n");
+      ul |= 0x10;
+    }
+
+  result[0] = tag;
+  result[1] = 2;
+  result[2] = ul >> 8;
+  result[3] = ul;
+}
+
+
+/* Print the info from YK.  */
+static void
+yk_list (estream_t fp, struct ykapps_s *yk)
+{
+  if (opt.interactive)
+    tty_fprintf (fp, ("Application  USB    NFC\n"
+                      "-----------------------\n"));
+  tty_fprintf (fp, "OTP          %s    %s\n",
+               (yk->otp & YKAPP_USB_SUPPORTED)?
+               (yk->otp & YKAPP_USB_ENABLED?   "yes" : "no ") : "-  ",
+               (yk->otp & YKAPP_NFC_SUPPORTED)?
+               (yk->otp & YKAPP_NFC_ENABLED?   "yes" : "no ") : "-  ");
+  tty_fprintf (fp, "U2F          %s    %s\n",
+               (yk->otp & YKAPP_USB_SUPPORTED)?
+               (yk->otp & YKAPP_USB_ENABLED?   "yes" : "no ") : "-  ",
+               (yk->otp & YKAPP_NFC_SUPPORTED)?
+               (yk->otp & YKAPP_NFC_ENABLED?   "yes" : "no ") : "-  ");
+  tty_fprintf (fp, "OPGP         %s    %s\n",
+               (yk->opgp & YKAPP_USB_SUPPORTED)?
+               (yk->opgp & YKAPP_USB_ENABLED?  "yes" : "no ") : "-  ",
+               (yk->opgp & YKAPP_NFC_SUPPORTED)?
+               (yk->opgp & YKAPP_NFC_ENABLED?  "yes" : "no ") : "-  ");
+  tty_fprintf (fp, "PIV          %s    %s\n",
+               (yk->piv & YKAPP_USB_SUPPORTED)?
+               (yk->piv & YKAPP_USB_ENABLED?   "yes" : "no ") : "-  ",
+               (yk->piv & YKAPP_NFC_SUPPORTED)?
+               (yk->piv & YKAPP_NFC_ENABLED?   "yes" : "no ") : "-  ");
+  tty_fprintf (fp, "OATH         %s    %s\n",
+               (yk->oath & YKAPP_USB_SUPPORTED)?
+               (yk->oath & YKAPP_USB_ENABLED?  "yes" : "no ") : "-  ",
+               (yk->oath & YKAPP_NFC_SUPPORTED)?
+               (yk->oath & YKAPP_NFC_ENABLED?  "yes" : "no ") : "-  ");
+  tty_fprintf (fp, "FIDO2        %s    %s\n",
+               (yk->fido2 & YKAPP_USB_SUPPORTED)?
+               (yk->fido2 & YKAPP_USB_ENABLED? "yes" : "no ") : "-  ",
+               (yk->fido2 & YKAPP_NFC_SUPPORTED)?
+               (yk->fido2 & YKAPP_NFC_ENABLED? "yes" : "no ") : "-  ");
+}
+
+
+/* Enable disable the apps as marked in YK with flag YKAPP_SELECTED.  */
+static gpg_error_t
+yk_enable_disable (struct ykapps_s *yk, struct iface_s *iface,
+                   const unsigned char *config, size_t configlen, int enable)
+{
+  gpg_error_t err = 0;
+  unsigned char apdu[100];
+  unsigned int apdulen;
+  /* const unsigned char *s; */
+  /* size_t n; */
+  char *hexapdu = NULL;
+
+  apdulen = 0;
+  apdu[apdulen++] = 0x00;
+  apdu[apdulen++] = 0x1c;  /* Write Config instruction.  */
+  apdu[apdulen++] = 0x00;
+  apdu[apdulen++] = 0x00;
+  apdu[apdulen++] = 0x00;  /* Lc will be fixed up later.  */
+  apdu[apdulen++] = 0x00;  /* Length of data will also be fixed up later.  */
+
+  /* The ykman tool has no way to set NFC and USB flags in one go.
+   * Reasoning about the Yubikey's firmware it seems plausible that
+   * combining should work.  Let's try it here if the user called for
+   * setting both interfaces.  */
+  if (iface->nfc)
+    {
+      set_ul_config_value (yk, YKAPP_NFC_ENABLED, 0x0e, enable, apdu+apdulen);
+      apdulen += 4;
+    }
+  if (iface->usb)
+    {
+      set_ul_config_value (yk, YKAPP_USB_ENABLED, 0x03, enable, apdu+apdulen);
+      apdulen += 4;
+      /* Yubikey's ykman copies parts of the config data when writing
+       * the config for USB.  Below is a commented example on how that
+       * can be done.  */
+      (void)config;
+      (void)configlen;
+      /* Copy the device flags.  */
+      /* s = find_tlv (config, configlen, 0x08, &n); */
+      /* if (s && n) */
+      /*   { */
+      /*     s -= 2; */
+      /*     n += 2; */
+      /*     if (apdulen + n > sizeof apdu) */
+      /*       { */
+      /*         err = gpg_error (GPG_ERR_BUFFER_TOO_SHORT); */
+      /*         goto leave; */
+      /*       } */
+      /*     memcpy (apdu+apdulen, s, n); */
+      /*     apdulen += n; */
+      /*   } */
+    }
+  if (iface->nfc || iface->usb)
+    {
+      if (apdulen + 2 > sizeof apdu)
+        {
+          err = gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
+          goto leave;
+        }
+      /* Disable the next two lines to let the card reboot.  Not doing
+       * this is however more convenient for this tool because further
+       * commands don't end up with an error.  It seems to be better
+       * that a "reset" command from gpg-card-tool is run at the
+       * user's discretion.  */
+      /* apdu[apdulen++] = 0x0c;  /\* Reboot tag *\/ */
+      /* apdu[apdulen++] = 0;     /\* No data for reboot.  *\/ */
+      /* Fixup the lngth bytes.  */
+      apdu[4] = apdulen - 6 + 1;
+      apdu[5] = apdulen - 6;
+
+      hexapdu = bin2hex (apdu, apdulen, NULL);
+      if (!hexapdu)
+        err = gpg_error_from_syserror ();
+      else
+        err = send_apdu (hexapdu, "YK.write_config", 0, NULL, NULL);
+    }
+
+ leave:
+  xfree (hexapdu);
+  return err;
+}
+
+
+/* Implementation part of cmd_yubikey.  ARGV is an array of size ARGc
+ * with the argumets given to the yubikey command.  Note that ARGV has
+ * no terminating NULL so that ARGC must be considered.  FP is the
+ * stream to output information.  This function must only be called on
+ * Yubikeys. */
+gpg_error_t
+yubikey_commands (card_info_t info, estream_t fp, int argc, const char *argv[])
+{
+  gpg_error_t err;
+  enum {ykLIST, ykENABLE, ykDISABLE } cmd;
+  struct iface_s iface = {0,0};
+  struct ykapps_s ykapps = {0};
+  unsigned char *config = NULL;
+  size_t configlen;
+  int i;
+
+  if (!argc)
+    return gpg_error (GPG_ERR_SYNTAX);
+
+  /* Parse command.  */
+  if (!ascii_strcasecmp (argv[0], "list"))
+    cmd = ykLIST;
+  else if (!ascii_strcasecmp (argv[0], "enable"))
+    cmd = ykENABLE;
+  else if (!ascii_strcasecmp (argv[0], "disable"))
+    cmd = ykDISABLE;
+  else
+    {
+      err = gpg_error (GPG_ERR_UNKNOWN_COMMAND);
+      goto leave;
+    }
+
+  if (info->cardversion < 0x050000 && cmd != ykLIST)
+    {
+      log_info ("Sub-command '%s' is only support by Yubikey-5 and later\n",
+                argv[0]);
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  /* Parse interface if needed.  */
+  if (cmd == ykLIST)
+    iface.usb = iface.nfc = 1;
+  else if (argc < 2)
+    {
+      err = gpg_error (GPG_ERR_SYNTAX);
+      goto leave;
+    }
+  else if (!ascii_strcasecmp (argv[1], "usb"))
+    iface.usb = 1;
+  else if (!ascii_strcasecmp (argv[1], "nfc"))
+    iface.nfc = 1;
+  else if (!ascii_strcasecmp (argv[1], "all") || !strcmp (argv[1], "*"))
+    iface.usb = iface.nfc = 1;
+  else
+    {
+      err = gpg_error (GPG_ERR_SYNTAX);
+      goto leave;
+    }
+
+  /* Parse list of applications.  */
+  for (i=2; i < argc; i++)
+    {
+      if (!ascii_strcasecmp (argv[i], "otp"))
+        ykapps.otp = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "u2f"))
+        ykapps.u2f = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "opgp")
+               ||!ascii_strcasecmp (argv[i], "openpgp"))
+        ykapps.opgp = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "piv"))
+        ykapps.piv = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "oath")
+               || !ascii_strcasecmp (argv[i], "oauth"))
+        ykapps.oath = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "fido2"))
+        ykapps.fido2 = 0x80;
+      else if (!ascii_strcasecmp (argv[i], "all")|| !strcmp (argv[i], "*"))
+        {
+          ykapps.otp = ykapps.u2f = ykapps.opgp = ykapps.piv = ykapps.oath
+            = ykapps.fido2 = 0x80;
+        }
+      else
+        {
+          err = gpg_error (GPG_ERR_SYNTAX);
+          goto leave;
+        }
+    }
+
+  /* Select the Yubikey Manager application.  */
+  err = send_apdu ("00A4040008a000000527471117", "Select.YK-Manager", 0,
+                   NULL, NULL);
+  if (err)
+    goto leave;
+  /* Send the read config command.  */
+  err = send_apdu ("001D000000", "YK.read_config", 0, &config, &configlen);
+  if (err)
+    goto leave;
+  if (!configlen || *config > configlen - 1)
+    {
+      /* The length byte is shorter than the actual length. */
+      log_error ("Yubikey returned improper config data\n");
+      log_printhex (config, configlen, "config:");
+      err = gpg_error (GPG_ERR_CARD);
+      goto leave;
+    }
+  if (configlen-1 > *config)
+    {
+      log_info ("Extra config data ignored\n");
+      log_printhex (config, configlen, "config:");
+    }
+  configlen = *config;
+
+  err = parse_ul_config_value (&ykapps, config+1, configlen,
+                               0x01, YKAPP_USB_SUPPORTED);
+  if (!err)
+    err = parse_ul_config_value (&ykapps, config+1, configlen,
+                                 0x03, YKAPP_USB_ENABLED);
+  if (!err)
+    err = parse_ul_config_value (&ykapps, config+1, configlen,
+                                 0x0d, YKAPP_NFC_SUPPORTED);
+  if (!err)
+    err = parse_ul_config_value (&ykapps, config+1, configlen,
+                                 0x0e, YKAPP_NFC_ENABLED);
+  if (err)
+    goto leave;
+
+  switch (cmd)
+    {
+    case ykLIST: yk_list (fp, &ykapps); break;
+    case ykENABLE: err = yk_enable_disable (&ykapps, &iface,
+                                            config+1, configlen, 1); break;
+    case ykDISABLE: err = yk_enable_disable (&ykapps, &iface,
+                                             config+1, configlen, 0); break;
+    }
+
+ leave:
+  xfree (config);
+  return err;
+}
diff --git a/tools/ccidmon.c b/tools/ccidmon.c
index d61bb3c..4e99da5 100644
--- a/tools/ccidmon.c
+++ b/tools/ccidmon.c
@@ -64,9 +64,10 @@ static int any_error;
 struct
 {
   int is_bi;
+  char timestamp[20];
   char address[50];
   int count;
-  char data[2000];
+  char data[16000];
 } databuffer;
 
 
@@ -576,7 +577,10 @@ flush_data (void)
     return;
 
   if (verbose)
-    printf ("Address: %s\n", databuffer.address);
+    {
+      printf ("Timestamp: %s\n", databuffer.timestamp);
+      printf ("Address..: %s\n", databuffer.address);
+    }
   if (databuffer.is_bi)
     {
       print_r2p (databuffer.data, databuffer.count);
@@ -590,7 +594,8 @@ flush_data (void)
 }
 
 static void
-collect_data (char *hexdata, const char *address, unsigned int lineno)
+collect_data (char *hexdata, const char *timestamp,
+              const char *address, unsigned int lineno)
 {
   size_t length;
   int is_bi;
@@ -602,6 +607,9 @@ collect_data (char *hexdata, const char *address, unsigned int lineno)
   if (databuffer.is_bi != is_bi || strcmp (databuffer.address, address))
     flush_data ();
   databuffer.is_bi = is_bi;
+  if (strlen (timestamp) >= sizeof databuffer.timestamp)
+    die ("timestamp field too long");
+  strcpy (databuffer.timestamp, timestamp);
   if (strlen (address) >= sizeof databuffer.address)
     die ("address field too long");
   strcpy (databuffer.address, address);
@@ -627,7 +635,7 @@ collect_data (char *hexdata, const char *address, unsigned int lineno)
 
       if (length >= sizeof (databuffer.data))
         {
-          err ("too much data at line %u - can handle only up to % bytes",
+          err ("too much data at line %u - can handle only up to %zu bytes",
                lineno, sizeof (databuffer.data));
           break;
         }
@@ -641,43 +649,50 @@ static void
 parse_line (char *line, unsigned int lineno)
 {
   char *p;
-  char *event_type, *address, *data, *status, *datatag;
+  char *timestamp, *event_type, *address, *data, *status, *datatag;
+
+  if (*line == '#' || !*line)
+    return;
 
   if (debug)
     printf ("line[%u] ='%s'\n", lineno, line);
 
   p = strtok (line, " ");
   if (!p)
-    die ("invalid line %d (no URB)");
-  p = strtok (NULL, " ");
-  if (!p)
-    die ("invalid line %d (no timestamp)");
+    die ("invalid line %d (no URB)", lineno);
+  timestamp = strtok (NULL, " ");
+  if (!timestamp)
+    die ("invalid line %d (no timestamp)", lineno);
   event_type = strtok (NULL, " ");
   if (!event_type)
-    die ("invalid line %d (no event type)");
+    die ("invalid line %d (no event type)", lineno);
   address = strtok (NULL, " ");
   if (!address)
-    die ("invalid line %d (no address");
+    die ("invalid line %d (no address", lineno);
   if (usb_bus || usb_dev)
     {
       int bus, dev;
 
       p = strchr (address, ':');
       if (!p)
-        die ("invalid line %d (invalid address");
+        die ("invalid line %d (invalid address", lineno);
       p++;
       bus = atoi (p);
       p = strchr (p, ':');
       if (!p)
-        die ("invalid line %d (invalid address");
+        die ("invalid line %d (invalid address", lineno);
       p++;
       dev = atoi (p);
 
       if ((usb_bus && usb_bus != bus) || (usb_dev && usb_dev != dev))
         return;  /* We don't want that one.  */
     }
-  if (*address != 'B' || (address[1] != 'o' && address[1] != 'i'))
-    return; /* We only want block in and block out.  */
+  if (*address == 'B' && (address[1] == 'o' || address[1] == 'i'))
+    ; /* We want block ind and out.  */
+  else if (*address == 'C' && (address[1] == 'o' || address[1] == 'i'))
+    ; /* We want control ind and out.  */
+  else
+    return; /* But nothing else.  */
   status = strtok (NULL, " ");
   if (!status)
     return;
@@ -692,7 +707,7 @@ parse_line (char *line, unsigned int lineno)
   if (datatag && *datatag == '=')
     {
       data = strtok (NULL, "");
-      collect_data (data?data:"", address, lineno);
+      collect_data (data?data:"", timestamp, address, lineno);
     }
 }
 
diff --git a/dirmngr/dirmngr-w32info.rc b/tools/gpg-card-w32info.rc
similarity index 81%
rename from dirmngr/dirmngr-w32info.rc
rename to tools/gpg-card-w32info.rc
index c8101b3..e333dfb 100644
--- a/dirmngr/dirmngr-w32info.rc
+++ b/tools/gpg-card-w32info.rc
@@ -1,5 +1,5 @@
-/* dirmngr-w32info.rc                                        -*- c -*-
- * Copyright (C) 2020 g10 Code GmbH
+/* gpg-card-w32info.rc                                         -*- c -*-
+ * Copyright (C) 2019 g10 Code GmbH
  *
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
@@ -32,9 +32,10 @@
     BEGIN
         BLOCK "040904b0"  /* US English (0409), Unicode (04b0) */
         BEGIN
-            VALUE "FileDescription", L"GnuPG\x2019s network daemon\0"
-            VALUE "InternalName", "dirmngr\0"
-            VALUE "OriginalFilename", "dirmngr.exe\0"
+            VALUE "FileDescription", L"GnuPG\x2019s card tool \
+to the agent\0"
+            VALUE "InternalName", "gpg-card\0"
+            VALUE "OriginalFilename", "gpg-card.exe\0"
             VALUE "ProductName",    W32INFO_PRODUCTNAME
             VALUE "ProductVersion", W32INFO_PRODUCTVERSION
             VALUE "CompanyName", W32INFO_COMPANYNAME
@@ -49,4 +50,4 @@
     END
   END
 
-1 RT_MANIFEST "dirmngr.w32-manifest"
+1 RT_MANIFEST "gpg-card.w32-manifest"
diff --git a/tools/gpg-card.c b/tools/gpg-card.c
new file mode 100644
index 0000000..d9d626c
--- /dev/null
+++ b/tools/gpg-card.c
@@ -0,0 +1,4158 @@
+/* gpg-card.c - An interactive tool to work with cards.
+ * Copyright (C) 2019, 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_LIBREADLINE
+# define GNUPG_LIBREADLINE_H_INCLUDED
+# include <readline/readline.h>
+#endif /*HAVE_LIBREADLINE*/
+
+#define INCLUDED_BY_MAIN_MODULE 1
+
+#include "../common/util.h"
+#include "../common/status.h"
+#include "../common/i18n.h"
+#include "../common/init.h"
+#include "../common/sysutils.h"
+#include "../common/asshelp.h"
+#include "../common/userids.h"
+#include "../common/ccparray.h"
+#include "../common/exectool.h"
+#include "../common/ttyio.h"
+#include "../common/server-help.h"
+#include "../common/openpgpdefs.h"
+#include "../common/tlv.h"
+
+#include "gpg-card.h"
+
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+#define HISTORYNAME ".gpg-card_history"
+
+/* Constants to identify the commands and options. */
+enum opt_values
+  {
+    aNull = 0,
+
+    oQuiet      = 'q',
+    oVerbose	= 'v',
+
+    oDebug      = 500,
+
+    oGpgProgram,
+    oGpgsmProgram,
+    oStatusFD,
+    oWithColons,
+    oNoAutostart,
+    oAgentProgram,
+
+    oDisplay,
+    oTTYname,
+    oTTYtype,
+    oXauthority,
+    oLCctype,
+    oLCmessages,
+
+    oNoKeyLookup,
+    oNoHistory,
+    oChUid,
+
+    oDummy
+  };
+
+
+/* The list of commands and options. */
+static gpgrt_opt_t opts[] = {
+  ARGPARSE_group (301, ("@\nOptions:\n ")),
+
+  ARGPARSE_s_n (oVerbose, "verbose", ("verbose")),
+  ARGPARSE_s_n (oQuiet,	"quiet",  ("be somewhat more quiet")),
+  ARGPARSE_s_s (oDebug, "debug", "@"),
+  ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
+  ARGPARSE_s_s (oGpgsmProgram, "gpgsm", "@"),
+  ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
+  ARGPARSE_s_n (oWithColons, "with-colons", "@"),
+  ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
+  ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+  ARGPARSE_s_s (oDisplay,    "display",    "@"),
+  ARGPARSE_s_s (oTTYname,    "ttyname",    "@"),
+  ARGPARSE_s_s (oTTYtype,    "ttytype",    "@"),
+  ARGPARSE_s_s (oXauthority, "xauthority", "@"),
+  ARGPARSE_s_s (oLCctype,    "lc-ctype",   "@"),
+  ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
+  ARGPARSE_s_n (oNoKeyLookup,"no-key-lookup",
+                "use --no-key-lookup for \"list\""),
+  ARGPARSE_s_n (oNoHistory,"no-history",
+                "do not use the command history file"),
+  ARGPARSE_s_s (oChUid,      "chuid",      "@"),
+
+  ARGPARSE_end ()
+};
+
+/* The list of supported debug flags.  */
+static struct debug_flags_s debug_flags [] =
+  {
+    { DBG_IPC_VALUE    , "ipc"     },
+    { DBG_EXTPROG_VALUE, "extprog" },
+    { 0, NULL }
+  };
+
+
+/* An object to create lists of labels and keyrefs.  */
+struct keyinfolabel_s
+{
+  const char *label;
+  const char *keyref;
+};
+typedef struct keyinfolabel_s *keyinfolabel_t;
+
+/* Helper for --chuid.  */
+static const char *changeuser;
+
+/* Limit of size of data we read from a file for certain commands.  */
+#define MAX_GET_DATA_FROM_FILE 16384
+
+/* Constants for OpenPGP cards.  */
+#define OPENPGP_USER_PIN_DEFAULT  "123456"
+#define OPENPGP_ADMIN_PIN_DEFAULT "12345678"
+#define OPENPGP_KDF_DATA_LENGTH_MIN  90
+#define OPENPGP_KDF_DATA_LENGTH_MAX 110
+
+
+
+
+/* Local prototypes.  */
+static void show_keysize_warning (void);
+static gpg_error_t dispatch_command (card_info_t info, const char *command);
+static void interactive_loop (void);
+#ifdef HAVE_LIBREADLINE
+static char **command_completion (const char *text, int start, int end);
+#endif /*HAVE_LIBREADLINE*/
+
+
+
+/* Print usage information and provide strings for help. */
+static const char *
+my_strusage( int level )
+{
+  const char *p;
+
+  switch (level)
+    {
+    case  9: p = "GPL-3.0-or-later"; break;
+    case 11: p = "gpg-card"; break;
+    case 12: p = "@GNUPG@"; break;
+    case 13: p = VERSION; break;
+    case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+    case 19: p = ("Please report bugs to <@EMAIL@>.\n"); break;
+
+    case 1:
+    case 40:
+      p = ("Usage: gpg-card"
+           " [options] [{[--] command [args]}]  (-h for help)");
+      break;
+    case 41:
+      p = ("Syntax: gpg-card"
+           " [options] [command [args] {-- command [args]}]\n\n"
+           "Tool to manage cards and tokens.  With a command an interactive\n"
+           "mode is used.  Use command \"help\" to list all commands.");
+      break;
+
+    default: p = NULL; break;
+    }
+  return p;
+}
+
+
+static void
+set_opt_session_env (const char *name, const char *value)
+{
+  gpg_error_t err;
+
+  err = session_env_setenv (opt.session_env, name, value);
+  if (err)
+    log_fatal ("error setting session environment: %s\n",
+               gpg_strerror (err));
+}
+
+
+
+/* Command line parsing.  */
+static void
+parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
+{
+  while (gpgrt_argparse (NULL, pargs, popts))
+    {
+      switch (pargs->r_opt)
+        {
+	case oQuiet:     opt.quiet = 1; break;
+        case oVerbose:   opt.verbose++; break;
+        case oDebug:
+          if (parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags))
+            {
+              pargs->r_opt = ARGPARSE_INVALID_ARG;
+              pargs->err = ARGPARSE_PRINT_ERROR;
+            }
+          break;
+
+        case oGpgProgram:   opt.gpg_program = pargs->r.ret_str; break;
+        case oGpgsmProgram: opt.gpgsm_program = pargs->r.ret_str; break;
+        case oAgentProgram: opt.agent_program = pargs->r.ret_str; break;
+
+        case oStatusFD:
+          gnupg_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1));
+          break;
+
+        case oWithColons:  opt.with_colons = 1; break;
+        case oNoAutostart: opt.autostart = 0; break;
+
+        case oDisplay: set_opt_session_env ("DISPLAY", pargs->r.ret_str); break;
+        case oTTYname: set_opt_session_env ("GPG_TTY", pargs->r.ret_str); break;
+        case oTTYtype: set_opt_session_env ("TERM", pargs->r.ret_str); break;
+        case oXauthority: set_opt_session_env ("XAUTHORITY",
+                                               pargs->r.ret_str); break;
+        case oLCctype:     opt.lc_ctype = pargs->r.ret_str; break;
+        case oLCmessages:  opt.lc_messages = pargs->r.ret_str; break;
+
+        case oNoKeyLookup: opt.no_key_lookup = 1; break;
+        case oNoHistory:   opt.no_history = 1; break;
+
+        case oChUid:       changeuser = pargs->r.ret_str; break;
+
+        default: pargs->err = 2; break;
+	}
+    }
+}
+
+
+
+/* gpg-card main. */
+int
+main (int argc, char **argv)
+{
+  gpg_error_t err;
+  gpgrt_argparse_t pargs;
+  char **command_list = NULL;
+  int cmdidx;
+  char *command;
+
+  gnupg_reopen_std ("gpg-card");
+  gpgrt_set_strusage (my_strusage);
+  gnupg_rl_initialize ();
+  log_set_prefix ("gpg-card", GPGRT_LOG_WITH_PREFIX);
+
+  /* Make sure that our subsystems are ready.  */
+  i18n_init();
+  init_common_subsystems (&argc, &argv);
+
+  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+  setup_libassuan_logging (&opt.debug, NULL);
+
+  /* Setup default options.  */
+  opt.autostart = 1;
+  opt.session_env = session_env_new ();
+  if (!opt.session_env)
+    log_fatal ("error allocating session environment block: %s\n",
+               gpg_strerror (gpg_error_from_syserror ()));
+
+
+  /* Parse the command line. */
+  pargs.argc  = &argc;
+  pargs.argv  = &argv;
+  pargs.flags = ARGPARSE_FLAG_KEEP;
+  parse_arguments (&pargs, opts);
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  if (changeuser && gnupg_chuid (changeuser, 0))
+    log_inc_errorcount (); /* Force later termination.  */
+
+  if (log_get_errorcount (0))
+    exit (2);
+
+  /* Set defaults for non given options.  */
+  if (!opt.gpg_program)
+    opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
+  if (!opt.gpgsm_program)
+    opt.gpgsm_program = gnupg_module_name (GNUPG_MODULE_NAME_GPGSM);
+
+  /* Now build the list of commands.  We guess the size of the array
+   * by assuming each item is a complete command.  Obviously this will
+   * be rarely the case, but it is less code to allocate a possible
+   * too large array.  */
+  command_list = xcalloc (argc+1, sizeof *command_list);
+  cmdidx = 0;
+  command = NULL;
+  while (argc)
+    {
+      for ( ; argc && strcmp (*argv, "--"); argc--, argv++)
+        {
+          if (!command)
+            command = xstrdup (*argv);
+          else
+            {
+              char *tmp = xstrconcat (command, " ", *argv, NULL);
+              xfree (command);
+              command = tmp;
+            }
+        }
+      if (argc)
+        { /* Skip the double dash.  */
+          argc--;
+          argv++;
+        }
+      if (command)
+        {
+          command_list[cmdidx++] = command;
+          command = NULL;
+        }
+    }
+  opt.interactive = !cmdidx;
+
+  if (!opt.interactive)
+    opt.no_history = 1;
+
+  if (opt.interactive)
+    {
+      interactive_loop ();
+      err = 0;
+    }
+  else
+    {
+      struct card_info_s info_buffer = { 0 };
+      card_info_t info = &info_buffer;
+
+      err = 0;
+      for (cmdidx=0; (command = command_list[cmdidx]); cmdidx++)
+        {
+          err = dispatch_command (info, command);
+          if (err)
+            break;
+        }
+      if (gpg_err_code (err) == GPG_ERR_EOF)
+        err = 0; /* This was a "quit".  */
+      else if (command && !opt.quiet)
+        log_info ("stopped at command '%s'\n", command);
+    }
+
+  flush_keyblock_cache ();
+  if (command_list)
+    {
+      for (cmdidx=0; command_list[cmdidx]; cmdidx++)
+        xfree (command_list[cmdidx]);
+      xfree (command_list);
+    }
+  if (err)
+    gnupg_status_printf (STATUS_FAILURE, "- %u", err);
+  else if (log_get_errorcount (0))
+    gnupg_status_printf (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL);
+  else
+    gnupg_status_printf (STATUS_SUCCESS, NULL);
+  return log_get_errorcount (0)? 1:0;
+}
+
+
+/* Return S or the string "[none]" if S is NULL.  */
+static GPGRT_INLINE const char *
+nullnone (const char *s)
+{
+  return s? s: "[none]";
+}
+
+
+/* Read data from file FNAME up to MAX_GET_DATA_FROM_FILE characters.
+ * On error return an error code and stores NULL at R_BUFFER; on
+ * success returns 0 and stores the number of bytes read at R_BUFLEN
+ * and the address of a newly allocated buffer at R_BUFFER.  A
+ * complementary nul byte is always appended to the data but not
+ * counted; this allows to pass NULL for R-BUFFER and consider the
+ * returned data as a string. */
+static gpg_error_t
+get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen)
+{
+  gpg_error_t err;
+  estream_t fp;
+  char *data;
+  int n;
+
+  *r_buffer = NULL;
+  if (r_buflen)
+    *r_buflen = 0;
+
+  fp = es_fopen (fname, "rb");
+  if (!fp)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+      return err;
+    }
+
+  data = xtrymalloc (MAX_GET_DATA_FROM_FILE);
+  if (!data)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error allocating enough memory: %s\n"), gpg_strerror (err));
+      es_fclose (fp);
+      return err;
+    }
+
+  n = es_fread (data, 1, MAX_GET_DATA_FROM_FILE - 1, fp);
+  es_fclose (fp);
+  if (n < 0)
+    {
+      err = gpg_error_from_syserror ();
+      tty_printf (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
+      xfree (data);
+      return err;
+    }
+  data[n] = 0;
+
+  *r_buffer = data;
+  if (r_buflen)
+    *r_buflen = n;
+  return 0;
+}
+
+
+/* Fixup the ENODEV error from scdaemon which we may see after
+ * removing a card due to scdaemon scanning for readers with cards.
+ * We also map the CAERD REMOVED error to the more useful CARD_NOT
+ * PRESENT.  */
+static gpg_error_t
+fixup_scd_errors (gpg_error_t err)
+{
+  if ((gpg_err_code (err) == GPG_ERR_ENODEV
+       || gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
+      && gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
+    err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
+  return err;
+}
+
+
+/* Set the card removed flag from INFO depending on ERR.  This does
+ * not clear the flag.  */
+static gpg_error_t
+maybe_set_card_removed (card_info_t info, gpg_error_t err)
+{
+  if ((gpg_err_code (err) == GPG_ERR_ENODEV
+       || gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
+      && gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
+    info->card_removed = 1;
+  return err;
+}
+
+
+/* Write LENGTH bytes from BUFFER to file FNAME.  Return 0 on
+ * success.  */
+static gpg_error_t
+put_data_to_file (const char *fname, const void *buffer, size_t length)
+{
+  gpg_error_t err;
+  estream_t fp;
+
+  fp = es_fopen (fname, "wb");
+  if (!fp)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("can't create '%s': %s\n"), fname, gpg_strerror (err));
+      return err;
+    }
+
+  if (length && es_fwrite (buffer, length, 1, fp) != 1)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
+      es_fclose (fp);
+      return err;
+    }
+  if (es_fclose (fp))
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error writing '%s': %s\n"), fname, gpg_strerror (err));
+      return err;
+    }
+  return 0;
+}
+
+
+/* Return a malloced string with the number opf the menu PROMPT.
+ * Control-D is mapped to "Q".  */
+static char *
+get_selection (const char *prompt)
+{
+  char *answer;
+
+  tty_printf ("\n");
+  tty_printf ("%s", prompt);
+  tty_printf ("\n");
+  answer = tty_get (_("Your selection? "));
+  tty_kill_prompt ();
+  if (*answer == CONTROL_D)
+    strcpy (answer, "q");
+  return answer;
+}
+
+
+
+/* Simply prints TEXT to the output.  Returns 0 as a convenience.
+ * This is a separate function so that it can be extended to run
+ * less(1) or so.  The extra arguments are int values terminated by a
+ * 0 to indicate card application types supported with this command.
+ * If none are given (just the final 0), this is a general
+ * command.  */
+static gpg_error_t
+print_help (const char *text, ...)
+{
+  estream_t fp;
+  va_list arg_ptr;
+  int value;
+  int any = 0;
+
+  fp = opt.interactive? NULL : es_stdout;
+  tty_fprintf (fp, "%s\n", text);
+
+  va_start (arg_ptr, text);
+  while ((value = va_arg (arg_ptr, int)))
+    {
+      if (!any)
+        tty_fprintf (fp, "[Supported by: ");
+      tty_fprintf (fp, "%s%s", any?", ":"", app_type_string (value));
+      any = 1;
+    }
+  if (any)
+    tty_fprintf (fp, "]\n");
+
+  va_end (arg_ptr);
+  return 0;
+}
+
+
+/* Print an (OpenPGP) fingerprint.  */
+static void
+print_shax_fpr (estream_t fp, const unsigned char *fpr, unsigned int fprlen)
+{
+  int i;
+
+  if (fpr)
+    {
+      for (i=0; i < fprlen ; i++, fpr++)
+        tty_fprintf (fp, "%02X", *fpr);
+    }
+  else
+    tty_fprintf (fp, " [none]");
+  tty_fprintf (fp, "\n");
+}
+
+/* Print the keygrip GRP.  */
+static void
+print_keygrip (estream_t fp, const unsigned char *grp)
+{
+  int i;
+
+  for (i=0; i < 20 ; i++, grp++)
+    tty_fprintf (fp, "%02X", *grp);
+  tty_fprintf (fp, "\n");
+}
+
+
+/* Print a string but avoid printing control characters.  */
+static void
+print_string (estream_t fp, const char *text, const char *name)
+{
+  tty_fprintf (fp, "%s", text);
+
+  /* FIXME: tty_printf_utf8_string2 eats everything after and
+     including an @ - e.g. when printing an url. */
+  if (name && *name)
+    {
+      if (fp)
+        print_utf8_buffer2 (fp, name, strlen (name), '\n');
+      else
+        tty_print_utf8_string2 (NULL, name, strlen (name), 0);
+    }
+  else
+    tty_fprintf (fp, _("[not set]"));
+  tty_fprintf (fp, "\n");
+}
+
+
+/* Print an ISO formatted name or "[not set]".  */
+static void
+print_isoname (estream_t fp, const char *name)
+{
+  if (name && *name)
+    {
+      char *p, *given, *buf;
+
+      buf = xstrdup (name);
+      given = strstr (buf, "<<");
+      for (p=buf; *p; p++)
+        if (*p == '<')
+          *p = ' ';
+      if (given && given[2])
+        {
+          *given = 0;
+          given += 2;
+          if (fp)
+            print_utf8_buffer2 (fp, given, strlen (given), '\n');
+          else
+            tty_print_utf8_string2 (NULL, given, strlen (given), 0);
+
+          if (*buf)
+            tty_fprintf (fp, " ");
+        }
+
+      if (fp)
+        print_utf8_buffer2 (fp, buf, strlen (buf), '\n');
+      else
+        tty_print_utf8_string2 (NULL, buf, strlen (buf), 0);
+
+      xfree (buf);
+    }
+  else
+    {
+      tty_fprintf (fp, _("[not set]"));
+    }
+
+  tty_fprintf (fp, "\n");
+}
+
+
+/* Return true if the buffer MEM of length memlen consists only of zeroes. */
+static int
+mem_is_zero (const char *mem, unsigned int memlen)
+{
+  int i;
+
+  for (i=0; i < memlen && !mem[i]; i++)
+    ;
+  return (i == memlen);
+}
+
+
+
+/* Helper to list a single keyref.  LABEL_KEYREF is a fallback key
+ * reference if no info is available; it may be NULL.  */
+static void
+list_one_kinfo (card_info_t info, key_info_t kinfo,
+                const char *label_keyref, estream_t fp, int no_key_lookup)
+{
+  gpg_error_t err;
+  key_info_t firstkinfo = info->kinfo;
+  keyblock_t keyblock = NULL;
+  keyblock_t kb;
+  pubkey_t pubkey;
+  userid_t uid;
+  key_info_t ki;
+  const char *s;
+  gcry_sexp_t s_pkey;
+  int any;
+
+  if (firstkinfo && kinfo)
+    {
+      tty_fprintf (fp, " ");
+      if (mem_is_zero (kinfo->grip, sizeof kinfo->grip))
+        {
+          tty_fprintf (fp, "[none]\n");
+          tty_fprintf (fp, "      keyref .....: %s\n", kinfo->keyref);
+          if (kinfo->label)
+            tty_fprintf (fp, "      label ......: %s\n", kinfo->label);
+          tty_fprintf (fp, "      algorithm ..: %s\n",
+                       nullnone (kinfo->keyalgo));
+          goto leave;
+        }
+
+      print_keygrip (fp, kinfo->grip);
+      tty_fprintf (fp, "      keyref .....: %s", kinfo->keyref);
+      if (kinfo->usage)
+        {
+          any = 0;
+          tty_fprintf (fp, "  (");
+          if ((kinfo->usage & GCRY_PK_USAGE_SIGN))
+            { tty_fprintf (fp, "sign"); any=1; }
+          if ((kinfo->usage & GCRY_PK_USAGE_CERT))
+            { tty_fprintf (fp, "%scert", any?",":""); any=1; }
+          if ((kinfo->usage & GCRY_PK_USAGE_AUTH))
+            { tty_fprintf (fp, "%sauth", any?",":""); any=1; }
+          if ((kinfo->usage & GCRY_PK_USAGE_ENCR))
+            { tty_fprintf (fp, "%sencr", any?",":""); any=1; }
+          tty_fprintf (fp, ")");
+        }
+      tty_fprintf (fp, "\n");
+
+      if (kinfo->label)
+        tty_fprintf (fp, "      label ......: %s\n", kinfo->label);
+
+      if (!(err = scd_readkey (kinfo->keyref, &s_pkey)))
+        {
+          char *tmp = pubkey_algo_string (s_pkey, NULL);
+          tty_fprintf (fp, "      algorithm ..: %s\n", nullnone (tmp));
+          xfree (tmp);
+          gcry_sexp_release (s_pkey);
+          s_pkey = NULL;
+        }
+      else
+        {
+          maybe_set_card_removed (info, err);
+          tty_fprintf (fp, "      algorithm ..: %s\n",
+                       nullnone (kinfo->keyalgo));
+        }
+
+      if (kinfo->fprlen && kinfo->created)
+        {
+          tty_fprintf (fp, "      stored fpr .: ");
+          print_shax_fpr (fp, kinfo->fpr, kinfo->fprlen);
+          tty_fprintf (fp, "      created ....: %s\n",
+                       isotimestamp (kinfo->created));
+        }
+      if (no_key_lookup)
+        err = 0;
+      else
+        err = get_matching_keys (kinfo->grip,
+                                 (GNUPG_PROTOCOL_OPENPGP | GNUPG_PROTOCOL_CMS),
+                                 &keyblock);
+      if (err)
+        {
+          if (gpg_err_code (err) != GPG_ERR_NO_PUBKEY)
+            tty_fprintf (fp, "      used for ...: [%s]\n", gpg_strerror (err));
+          goto leave;
+        }
+      for (kb = keyblock; kb; kb = kb->next)
+        {
+          tty_fprintf (fp, "      used for ...: %s\n",
+                       kb->protocol == GNUPG_PROTOCOL_OPENPGP? "OpenPGP" :
+                       kb->protocol == GNUPG_PROTOCOL_CMS? "X.509" : "?");
+          pubkey = kb->keys;
+          if (kb->protocol == GNUPG_PROTOCOL_OPENPGP)
+            {
+              /* If this is not the primary key print the primary
+               * key's fingerprint or a reference to it.  */
+              tty_fprintf (fp, "        main key .: ");
+              for (ki=firstkinfo; ki; ki = ki->next)
+                if (pubkey->grip_valid
+                    && !memcmp (ki->grip, pubkey->grip, KEYGRIP_LEN))
+                  break;
+              if (ki)
+                {
+                  /* Fixme: Replace mapping by a table lookup.  */
+                  if (!memcmp (kinfo->grip, pubkey->grip, KEYGRIP_LEN))
+                    s = "this";
+                  else if (!strcmp (ki->keyref, "OPENPGP.1"))
+                    s = "Signature key";
+                  else if (!strcmp (ki->keyref, "OPENPGP.2"))
+                    s = "Encryption key";
+                  else if (!strcmp (ki->keyref, "OPENPGP.3"))
+                    s = "Authentication key";
+                  else
+                    s = NULL;
+                  if (s)
+                    tty_fprintf (fp, "<%s>\n", s);
+                  else
+                    tty_fprintf (fp, "<Key %s>\n", ki->keyref);
+                }
+              else /* Print the primary key as fallback.  */
+                print_shax_fpr (fp, pubkey->fpr, pubkey->fprlen);
+
+              /* Find the primary or subkey of that key.  */
+              for (; pubkey; pubkey = pubkey->next)
+                if (pubkey->grip_valid
+                    && !memcmp (kinfo->grip, pubkey->grip, KEYGRIP_LEN))
+                  break;
+              if (pubkey)
+                {
+                  tty_fprintf (fp, "        fpr ......: ");
+                  print_shax_fpr (fp, pubkey->fpr, pubkey->fprlen);
+                  tty_fprintf (fp, "        created ..: %s\n",
+                               isotimestamp (pubkey->created));
+                }
+            }
+          for (uid = kb->uids; uid; uid = uid->next)
+            {
+              print_string (fp, "        user id ..: ", uid->value);
+            }
+
+        }
+    }
+  else
+    {
+      tty_fprintf (fp, " [none]\n");
+      if (label_keyref)
+        tty_fprintf (fp, "      keyref .....: %s\n", label_keyref);
+      if (kinfo)
+        tty_fprintf (fp, "      algorithm ..: %s\n",
+                     nullnone (kinfo->keyalgo));
+    }
+
+ leave:
+  release_keyblock (keyblock);
+}
+
+
+/* List all keyinfo in INFO using the list of LABELS.  */
+static void
+list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
+                int no_key_lookup)
+{
+  key_info_t kinfo;
+  int idx, i, j;
+
+  /* Print the keyinfo.  We first print those we known and then all
+   * remaining item.  */
+  for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
+    kinfo->xflag = 0;
+  if (labels)
+    {
+      for (idx=0; labels[idx].label; idx++)
+        {
+          tty_fprintf (fp, "%s", labels[idx].label);
+          kinfo = find_kinfo (info, labels[idx].keyref);
+          list_one_kinfo (info, kinfo, labels[idx].keyref,
+                          fp, no_key_lookup);
+          if (kinfo)
+            kinfo->xflag = 1;
+        }
+    }
+  for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
+    {
+      if (kinfo->xflag)
+        continue;
+      tty_fprintf (fp, "Key %s", kinfo->keyref);
+      for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1)
+        tty_fprintf (fp, j? ".":" ");
+      tty_fprintf (fp, ":");
+      list_one_kinfo (info, kinfo, NULL, fp, no_key_lookup);
+    }
+}
+
+
+static void
+list_retry_counter (card_info_t info, estream_t fp)
+{
+  const char *s;
+  int i;
+
+  if (info->chvlabels)
+    tty_fprintf (fp, "PIN labels .......: %s\n", info->chvlabels);
+  tty_fprintf (fp, "PIN retry counter :");
+  for (i=0; i < DIM (info->chvinfo) && i < info->nchvinfo; i++)
+    {
+      if (info->chvinfo[i] >= 0)
+        tty_fprintf (fp, " %d", info->chvinfo[i]);
+      else
+        {
+          switch (info->chvinfo[i])
+            {
+            case -1: s = "[error]"; break;
+            case -2: s = "-"; break;  /* No such PIN or info not available. */
+            case -3: s = "[blocked]"; break;
+            case -4: s = "[nullpin]"; break;
+            case -5: s = "[verified]"; break;
+            default: s = "[?]"; break;
+            }
+          tty_fprintf (fp, " %s", s);
+        }
+    }
+  tty_fprintf (fp, "\n");
+}
+
+
+/* List OpenPGP card specific data.  */
+static void
+list_openpgp (card_info_t info, estream_t fp, int no_key_lookup)
+{
+  static struct keyinfolabel_s keyinfolabels[] = {
+    { "Signature key ....:", "OPENPGP.1" },
+    { "Encryption key....:", "OPENPGP.2" },
+    { "Authentication key:", "OPENPGP.3" },
+    { NULL, NULL }
+  };
+
+  if (info->apptype != APP_TYPE_OPENPGP)
+    {
+      tty_fprintf (fp, "invalid OpenPGP card\n");
+      return;
+    }
+
+  tty_fprintf (fp, "Name of cardholder: ");
+  print_isoname (fp, info->disp_name);
+
+  print_string (fp, "Language prefs ...: ", info->disp_lang);
+  tty_fprintf (fp, "Salutation .......: %s\n",
+               info->disp_sex == 1? _("Mr."):
+               info->disp_sex == 2? _("Ms.") : "");
+  print_string (fp, "URL of public key : ", info->pubkey_url);
+  print_string (fp, "Login data .......: ", info->login_data);
+  if (info->private_do[0])
+    print_string (fp, "Private DO 1 .....: ", info->private_do[0]);
+  if (info->private_do[1])
+    print_string (fp, "Private DO 2 .....: ", info->private_do[1]);
+  if (info->private_do[2])
+    print_string (fp, "Private DO 3 .....: ", info->private_do[2]);
+  if (info->private_do[3])
+    print_string (fp, "Private DO 4 .....: ", info->private_do[3]);
+  if (info->cafpr1len)
+    {
+      tty_fprintf (fp, "CA fingerprint %d .:", 1);
+      print_shax_fpr (fp, info->cafpr1, info->cafpr1len);
+    }
+  if (info->cafpr2len)
+    {
+      tty_fprintf (fp, "CA fingerprint %d .:", 2);
+      print_shax_fpr (fp, info->cafpr2, info->cafpr2len);
+    }
+  if (info->cafpr3len)
+    {
+      tty_fprintf (fp, "CA fingerprint %d .:", 3);
+      print_shax_fpr (fp, info->cafpr3, info->cafpr3len);
+    }
+  tty_fprintf (fp, "Signature PIN ....: %s\n",
+               info->chv1_cached? _("not forced"): _("forced"));
+  tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
+               info->chvmaxlen[0], info->chvmaxlen[1], info->chvmaxlen[2]);
+  list_retry_counter (info, fp);
+  tty_fprintf (fp, "Signature counter : %lu\n", info->sig_counter);
+  tty_fprintf (fp, "Capabilities .....:");
+  if (info->extcap.ki)
+    tty_fprintf (fp, " key-import");
+  if (info->extcap.aac)
+    tty_fprintf (fp, " algo-change");
+  if (info->extcap.bt)
+    tty_fprintf (fp, " button");
+  if (info->extcap.sm)
+    tty_fprintf (fp, " sm(%s)", gcry_cipher_algo_name (info->extcap.smalgo));
+  if (info->extcap.private_dos)
+    tty_fprintf (fp, " priv-data");
+  tty_fprintf (fp, "\n");
+  if (info->extcap.kdf)
+    {
+      tty_fprintf (fp, "KDF setting ......: %s\n",
+                   info->kdf_do_enabled ? "on" : "off");
+    }
+  if (info->extcap.bt)
+    {
+      tty_fprintf (fp, "UIF setting ......: Sign=%s Decrypt=%s Auth=%s\n",
+                   info->uif[0] ? (info->uif[0]==2? "permanent": "on") : "off",
+                   info->uif[1] ? (info->uif[0]==2? "permanent": "on") : "off",
+                   info->uif[2] ? (info->uif[0]==2? "permanent": "on") : "off");
+    }
+
+  list_all_kinfo (info, keyinfolabels, fp, no_key_lookup);
+
+}
+
+
+/* List PIV card specific data.  */
+static void
+list_piv (card_info_t info, estream_t fp, int no_key_lookup)
+{
+  static struct keyinfolabel_s keyinfolabels[] = {
+    { "PIV authentication:", "PIV.9A" },
+    { "Card authenticat. :", "PIV.9E" },
+    { "Digital signature :", "PIV.9C" },
+    { "Key management ...:", "PIV.9D" },
+    { NULL, NULL }
+  };
+
+  if (info->chvusage[0] || info->chvusage[1])
+    {
+      tty_fprintf (fp, "PIN usage policy .:");
+      if ((info->chvusage[0] & 0x40))
+          tty_fprintf (fp, " app-pin");
+      if ((info->chvusage[0] & 0x20))
+        tty_fprintf (fp, " global-pin");
+      if ((info->chvusage[0] & 0x10))
+        tty_fprintf (fp, " occ");
+      if ((info->chvusage[0] & 0x08))
+        tty_fprintf (fp, " vci");
+      if ((info->chvusage[0] & 0x08) && !(info->chvusage[0] & 0x04))
+        tty_fprintf (fp, " pairing");
+
+      if (info->chvusage[1] == 0x10)
+        tty_fprintf (fp, " primary:card");
+      else if (info->chvusage[1] == 0x20)
+        tty_fprintf (fp, " primary:global");
+
+      tty_fprintf (fp, "\n");
+    }
+
+  list_retry_counter (info, fp);
+  list_all_kinfo (info, keyinfolabels, fp, no_key_lookup);
+}
+
+
+/* List Netkey card specific data.  */
+static void
+list_nks (card_info_t info, estream_t fp, int no_key_lookup)
+{
+  static struct keyinfolabel_s keyinfolabels[] = {
+    { NULL, NULL }
+  };
+
+  list_retry_counter (info, fp);
+  list_all_kinfo (info, keyinfolabels, fp, no_key_lookup);
+}
+
+
+/* List PKCS#15 card specific data.  */
+static void
+list_p15 (card_info_t info, estream_t fp, int no_key_lookup)
+{
+  static struct keyinfolabel_s keyinfolabels[] = {
+    { NULL, NULL }
+  };
+
+  list_retry_counter (info, fp);
+  list_all_kinfo (info, keyinfolabels, fp, no_key_lookup);
+}
+
+
+static void
+print_a_version (estream_t fp, const char *prefix, unsigned int value)
+{
+  unsigned int a, b, c, d;
+  a = ((value >> 24) & 0xff);
+  b = ((value >> 16) & 0xff);
+  c = ((value >>  8) & 0xff);
+  d = ((value      ) & 0xff);
+
+  if (a)
+    tty_fprintf (fp, "%s %u.%u.%u.%u\n", prefix, a, b, c, d);
+  else if (b)
+    tty_fprintf (fp, "%s %u.%u.%u\n", prefix, b, c, d);
+  else if (c)
+    tty_fprintf (fp, "%s %u.%u\n", prefix, c, d);
+  else
+    tty_fprintf (fp, "%s %u\n", prefix, d);
+}
+
+
+/* Print all available information about the current card.  With
+ * NO_KEY_LOOKUP the sometimes expensive listing of all matching
+ * OpenPGP and X.509 keys is not done */
+static void
+list_card (card_info_t info, int no_key_lookup)
+{
+  estream_t fp = opt.interactive? NULL : es_stdout;
+
+  tty_fprintf (fp, "Reader ...........: %s\n", nullnone (info->reader));
+  if (info->cardtype)
+    tty_fprintf (fp, "Card type ........: %s\n", info->cardtype);
+  if (info->cardversion)
+    print_a_version (fp, "Card firmware ....:", info->cardversion);
+  tty_fprintf (fp, "Serial number ....: %s\n", nullnone (info->serialno));
+  tty_fprintf (fp, "Application type .: %s%s%s%s\n",
+               app_type_string (info->apptype),
+               info->apptype == APP_TYPE_UNKNOWN && info->apptypestr? "(":"",
+               info->apptype == APP_TYPE_UNKNOWN && info->apptypestr
+               ? info->apptypestr:"",
+               info->apptype == APP_TYPE_UNKNOWN && info->apptypestr? ")":"");
+  if (info->appversion)
+    print_a_version (fp, "Version ..........:", info->appversion);
+  if (info->serialno && info->dispserialno
+      && strcmp (info->serialno, info->dispserialno))
+    tty_fprintf (fp, "Displayed s/n ....: %s\n", info->dispserialno);
+
+  if (info->manufacturer_name && info->manufacturer_id)
+    tty_fprintf (fp, "Manufacturer .....: %s (%x)\n",
+                 info->manufacturer_name, info->manufacturer_id);
+  else if (info->manufacturer_name && !info->manufacturer_id)
+    tty_fprintf (fp, "Manufacturer .....: %s\n", info->manufacturer_name);
+  else if (info->manufacturer_id)
+    tty_fprintf (fp, "Manufacturer .....: (%x)\n", info->manufacturer_id);
+
+  switch (info->apptype)
+    {
+    case APP_TYPE_OPENPGP: list_openpgp (info, fp, no_key_lookup); break;
+    case APP_TYPE_PIV:     list_piv (info, fp, no_key_lookup); break;
+    case APP_TYPE_NKS:     list_nks (info, fp, no_key_lookup); break;
+    case APP_TYPE_P15:     list_p15 (info, fp, no_key_lookup); break;
+    default: break;
+    }
+}
+
+
+
+/* Helper for cmd_list.  */
+static void
+print_card_list (estream_t fp, card_info_t info, strlist_t cards,
+                 int only_current)
+{
+  int count;
+  strlist_t sl;
+  size_t snlen;
+  int star;
+  const char *s;
+
+  for (count = 0, sl = cards; sl; sl = sl->next, count++)
+    {
+      if (info && info->serialno)
+        {
+          s = strchr (sl->d, ' ');
+          if (s)
+            snlen = s - sl->d;
+          else
+            snlen = strlen (sl->d);
+          star = (strlen (info->serialno) == snlen
+                  && !memcmp (info->serialno, sl->d, snlen));
+        }
+      else
+        star = 0;
+      if (!only_current || star)
+        tty_fprintf (fp, "%d%c %s\n", count, star? '*':' ', sl->d);
+    }
+}
+
+
+/* The LIST command.  This also updates INFO if needed. */
+static gpg_error_t
+cmd_list (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int opt_cards, opt_apps, opt_info, opt_reread, opt_no_key_lookup;
+  strlist_t cards = NULL;
+  strlist_t sl;
+  estream_t fp = opt.interactive? NULL : es_stdout;
+  const char *cardsn = NULL;
+  char *appstr = NULL;
+  int count;
+  int need_learn = 0;
+
+  if (!info)
+    return print_help
+      ("LIST [--cards] [--apps] [--info] [--reread]"
+       " [--no-key-lookup] [N] [APP]\n\n"
+       "Show the content of the current card.\n"
+       "With N given select and list the N-th card;\n"
+       "with APP also given select that application.\n"
+       "To select an APP on the current card use '-' for N.\n"
+       "The S/N of the card may be used instead of N.\n"
+       "  --cards   lists available cards\n"
+       "  --apps    lists additional card applications\n"
+       "  --info    selects a card and prints its s/n\n"
+       "  --reread  read infos from PCKS#15 cards again\n"
+       "  --no-key-lookup does not list matching OpenPGP or X.509 keys\n"
+       , 0);
+
+  opt_cards = has_leading_option (argstr, "--cards");
+  opt_apps = has_leading_option (argstr, "--apps");
+  opt_info = has_leading_option (argstr, "--info");
+  opt_reread = has_leading_option (argstr, "--reread");
+  opt_no_key_lookup = has_leading_option (argstr, "--no-key-lookup");
+  argstr = skip_options (argstr);
+
+  if (opt.no_key_lookup)
+    opt_no_key_lookup = 1;
+
+  if (hexdigitp (argstr) || (*argstr == '-' && spacep (argstr+1)))
+    {
+      if (*argstr == '-' && (argstr[1] || spacep (argstr+1)))
+        argstr++;  /* Keep current card.  */
+      else
+        {
+          cardsn = argstr;
+          while (hexdigitp (argstr))
+            argstr++;
+          if (*argstr && !spacep (argstr))
+            {
+              err = gpg_error (GPG_ERR_INV_ARG);
+              goto leave;
+            }
+          if (*argstr)
+            *argstr++ = 0;
+        }
+
+      while (spacep (argstr))
+        argstr++;
+      if (*argstr)
+        {
+          appstr = argstr;
+          while (*argstr && !spacep (argstr))
+            argstr++;
+          while (spacep (argstr))
+            argstr++;
+          if (*argstr)
+            {
+              /* Extra arguments found.  */
+              err = gpg_error (GPG_ERR_INV_ARG);
+              goto leave;
+            }
+        }
+    }
+  else if (*argstr)
+    {
+      /* First argument needs to be a digit.  */
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if (!info->serialno || info->need_sn_cmd)
+    {
+      /* This is probably the first call or was explictly requested.
+       * We need to send a SERIALNO command to scdaemon so that our
+       * session knows all cards.  */
+      err = scd_serialno (NULL, NULL);
+      if (err)
+        goto leave;
+      info->need_sn_cmd = 0;
+      need_learn = 1;
+    }
+
+  if (opt_cards || opt_apps)
+    {
+      /* Note that with option --apps CARDS is here the list of all
+       * apps.  Format is "SERIALNO APPNAME {APPNAME}".  We print the
+       * card number in the first column. */
+      if (opt_apps)
+        err = scd_applist (&cards, opt_cards);
+      else
+        err = scd_cardlist (&cards);
+      if (err)
+        goto leave;
+      print_card_list (fp, info, cards, 0);
+    }
+  else
+    {
+      if (cardsn)
+        {
+          int i, cardno;
+
+          err = scd_cardlist (&cards);
+          if (err)
+            goto leave;
+
+          /* Switch to the requested card.  */
+          for (i=0; digitp (cardsn+i); i++)
+            ;
+          if (i && i < 4 && !cardsn[i])
+            { /* Looks like an index into the card list.  */
+              cardno = atoi (cardsn);
+              for (count = 0, sl = cards; sl; sl = sl->next, count++)
+                if (count == cardno)
+                  break;
+              if (!sl)
+                {
+                  err = gpg_error (GPG_ERR_INV_INDEX);
+                  goto leave;
+                }
+            }
+          else  /* S/N of card specified.  */
+            {
+              for (sl = cards; sl; sl = sl->next)
+                if (!ascii_strcasecmp (sl->d, cardsn))
+                  break;
+              if (!sl)
+                {
+                  err = gpg_error (GPG_ERR_INV_INDEX);
+                  goto leave;
+                }
+            }
+          err = scd_switchcard (sl->d);
+          need_learn = 1;
+        }
+      else /* show app list.  */
+        {
+          err = scd_applist (&cards, 1);
+          if (err)
+            goto leave;
+        }
+
+      if (appstr && *appstr)
+        {
+          /* Switch to the requested app.  */
+          err = scd_switchapp (appstr);
+          if (err)
+            goto leave;
+          need_learn = 1;
+        }
+
+      if (need_learn)
+        err = scd_learn (info, opt_reread);
+      else
+        err = 0;
+
+      if (err)
+        ;
+      else if (opt_info)
+        print_card_list (fp, info, cards, 1);
+      else
+        {
+          size_t snlen;
+          const char *s;
+
+          /* First get the list of active cards and check whether the
+           * current card is still in the list.  If not the card has
+           * been removed.  Note that during the listing the card
+           * remove state might also be detected but only if an access
+           * to the scdaemon is required; it is anyway better to test
+           * that before starting a listing.  */
+          free_strlist (cards);
+          err = scd_cardlist (&cards);
+          if (err)
+            goto leave;
+          for (sl = cards; sl; sl = sl->next)
+            {
+              if (info && info->serialno)
+                {
+                  s = strchr (sl->d, ' ');
+                  if (s)
+                    snlen = s - sl->d;
+                  else
+                    snlen = strlen (sl->d);
+                  if (strlen (info->serialno) == snlen
+                      && !memcmp (info->serialno, sl->d, snlen))
+                    break;
+                }
+            }
+          if (!sl)
+            {
+              info->need_sn_cmd = 1;
+              err = gpg_error (GPG_ERR_CARD_REMOVED);
+              goto leave;
+            }
+
+          list_card (info, opt_no_key_lookup);
+        }
+    }
+
+ leave:
+  free_strlist (cards);
+  return err;
+}
+
+
+
+/* The VERIFY command.  */
+static gpg_error_t
+cmd_verify (card_info_t info, char *argstr)
+{
+  gpg_error_t err, err2;
+  const char *pinref;
+
+  if (!info)
+    return print_help ("verify [chvid]", 0);
+
+  if (*argstr)
+    pinref = argstr;
+  else if (info->apptype == APP_TYPE_OPENPGP)
+    pinref = info->serialno;
+  else if (info->apptype == APP_TYPE_PIV)
+    pinref = "PIV.80";
+  else
+    return gpg_error (GPG_ERR_MISSING_VALUE);
+
+  err = scd_checkpin (pinref);
+  if (err)
+    log_error ("verify failed: %s <%s>\n",
+               gpg_strerror (err), gpg_strsource (err));
+  /* In any case update the CHV status, so that the next "list" shows
+   * the correct retry counter values.  */
+  err2 = scd_getattr ("CHV-STATUS", info);
+  return err ? err : err2;
+}
+
+
+static gpg_error_t
+cmd_authenticate (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int opt_setkey;
+  int opt_raw;
+  char *string = NULL;
+  char *key = NULL;
+  size_t keylen;
+
+  if (!info)
+    return print_help
+      ("AUTHENTICATE [--setkey] [--raw] [< FILE]|KEY\n\n"
+       "Perform a mutual authentication either by reading the key\n"
+       "from FILE or by taking it from the command line.  Without\n"
+       "the option --raw the key is expected to be hex encoded.\n"
+       "To install a new administration key --setkey is used; this\n"
+       "requires a prior authentication with the old key.",
+       APP_TYPE_PIV, 0);
+
+  if (info->apptype != APP_TYPE_PIV)
+    {
+      log_info ("Note: This is a PIV only command.\n");
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+  opt_setkey = has_leading_option (argstr, "--setkey");
+  opt_raw = has_leading_option (argstr, "--raw");
+  argstr = skip_options (argstr);
+
+  if (*argstr == '<')  /* Read key from a file. */
+    {
+      for (argstr++; spacep (argstr); argstr++)
+        ;
+      err = get_data_from_file (argstr, &string, NULL);
+      if (err)
+        goto leave;
+    }
+
+  if (opt_raw)
+    {
+      key = string? string : xstrdup (argstr);
+      string = NULL;
+      keylen = strlen (key);
+    }
+  else
+    {
+      key = hex_to_buffer (string? string: argstr, &keylen);
+      if (!key)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+  err = scd_setattr (opt_setkey? "SET-ADM-KEY":"AUTH-ADM-KEY", key, keylen);
+
+ leave:
+  if (key)
+    {
+      wipememory (key, keylen);
+      xfree (key);
+    }
+  xfree (string);
+  return err;
+}
+
+
+/* Helper for cmd_name to qyery a part of name.  */
+static char *
+ask_one_name (const char *prompt)
+{
+  char *name;
+  int i;
+
+  for (;;)
+    {
+      name = tty_get (prompt);
+      trim_spaces (name);
+      tty_kill_prompt ();
+      if (!*name || *name == CONTROL_D)
+        {
+          if (*name == CONTROL_D)
+            tty_fprintf (NULL, "\n");
+          xfree (name);
+          return NULL;
+        }
+      for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
+        ;
+
+      /* The name must be in Latin-1 and not UTF-8 - lacking the code
+       * to ensure this we restrict it to ASCII. */
+      if (name[i])
+        tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
+      else if (strchr (name, '<'))
+        tty_printf (_("Error: The \"<\" character may not be used.\n"));
+      else if (strstr (name, "  "))
+        tty_printf (_("Error: Double spaces are not allowed.\n"));
+      else
+        return name;
+      xfree (name);
+    }
+}
+
+
+/* The NAME command.  */
+static gpg_error_t
+cmd_name (card_info_t info, const char *argstr)
+{
+  gpg_error_t err;
+  char *surname, *givenname;
+  char *isoname, *p;
+
+  if (!info)
+    return print_help
+      ("name [--clear]\n\n"
+       "Set the name field of an OpenPGP card.  With --clear the stored\n"
+       "name is cleared off the card.", APP_TYPE_OPENPGP, APP_TYPE_NKS, 0);
+
+  if (info->apptype != APP_TYPE_OPENPGP)
+    {
+      log_info ("Note: This is an OpenPGP only command.\n");
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+ again:
+  if (!strcmp (argstr, "--clear"))
+    isoname = xstrdup (" "); /* No real way to clear; set to space instead. */
+  else
+    {
+      surname = ask_one_name (_("Cardholder's surname: "));
+      givenname = ask_one_name (_("Cardholder's given name: "));
+      if (!surname || !givenname || (!*surname && !*givenname))
+        {
+          xfree (surname);
+          xfree (givenname);
+          return gpg_error (GPG_ERR_CANCELED);
+        }
+
+      isoname = xstrconcat (surname, "<<", givenname, NULL);
+      xfree (surname);
+      xfree (givenname);
+      for (p=isoname; *p; p++)
+        if (*p == ' ')
+          *p = '<';
+
+      if (strlen (isoname) > 39 )
+        {
+          log_info (_("Error: Combined name too long "
+                      "(limit is %d characters).\n"), 39);
+          xfree (isoname);
+          goto again;
+        }
+    }
+
+  err = scd_setattr ("DISP-NAME", isoname, strlen (isoname));
+
+  xfree (isoname);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_url (card_info_t info, const char *argstr)
+{
+  gpg_error_t err;
+  char *url;
+
+  if (!info)
+    return print_help
+      ("URL [--clear]\n\n"
+       "Set the URL data object.  That data object can be used by\n"
+       "the FETCH command to retrieve the full public key.  The\n"
+       "option --clear deletes the content of that data object.",
+       APP_TYPE_OPENPGP, 0);
+
+  if (info->apptype != APP_TYPE_OPENPGP)
+    {
+      log_info ("Note: This is an OpenPGP only command.\n");
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+  if (!strcmp (argstr, "--clear"))
+    url = xstrdup (" "); /* No real way to clear; set to space instead. */
+  else
+    {
+      url = tty_get (_("URL to retrieve public key: "));
+      trim_spaces (url);
+      tty_kill_prompt ();
+      if (!*url || *url == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+    }
+
+  err = scd_setattr ("PUBKEY-URL", url, strlen (url));
+
+ leave:
+  xfree (url);
+  return err;
+}
+
+
+/* Fetch the key from the URL given on the card or try to get it from
+ * the default keyserver.  */
+static gpg_error_t
+cmd_fetch (card_info_t info)
+{
+  gpg_error_t err;
+  key_info_t kinfo;
+
+  if (!info)
+    return print_help
+      ("FETCH\n\n"
+       "Retrieve a key using the URL data object or if that is missing\n"
+       "using the fingerprint.", APP_TYPE_OPENPGP, 0);
+
+  if (info->pubkey_url && *info->pubkey_url)
+    {
+      /* strlist_t sl = NULL; */
+
+      /* add_to_strlist (&sl, info.pubkey_url); */
+      /* err = keyserver_fetch (ctrl, sl, KEYORG_URL); */
+      /* free_strlist (sl); */
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);  /* FIXME */
+    }
+  else if ((kinfo = find_kinfo (info, "OPENPGP.1")) && kinfo->fprlen)
+    {
+      /* rc = keyserver_import_fprint (ctrl, info.fpr1, info.fpr1len, */
+      /*                               opt.keyserver, 0); */
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);  /* FIXME */
+    }
+  else
+    err = gpg_error (GPG_ERR_NO_DATA);
+
+  return err;
+}
+
+
+static gpg_error_t
+cmd_login (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  char *data;
+  size_t datalen;
+  int use_default_pin;
+
+  if (!info)
+    return print_help
+      ("LOGIN [--clear|--use-default-pin] [< FILE]\n\n"
+       "Set the login data object.  If FILE is given the data is\n"
+       "is read from that file.  This allows for binary data.\n"
+       "The option --clear deletes the login data.  --use-default-pin\n"
+       "tells the card to always use the default PIN (\"123456\").",
+       APP_TYPE_OPENPGP, 0);
+
+  use_default_pin = has_leading_option (argstr, "--use-default-pin");
+  argstr = skip_options (argstr);
+
+  if (!strcmp (argstr, "--clear"))
+    {
+      data = xstrdup (" "); /* kludge.  */
+      datalen = 1;
+    }
+  else if (*argstr == '<')  /* Read it from a file */
+    {
+      for (argstr++; spacep (argstr); argstr++)
+        ;
+      err = get_data_from_file (argstr, &data, &datalen);
+      if (err)
+        goto leave;
+    }
+  else
+    {
+      data = tty_get (_("Login data (account name): "));
+      trim_spaces (data);
+      tty_kill_prompt ();
+      if ((!*data && !use_default_pin) || *data == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+      datalen = strlen (data);
+    }
+
+  if (use_default_pin)
+    {
+      char *tmpdata = xmalloc (datalen + 5);
+      memcpy (tmpdata, data, datalen);
+      memcpy (tmpdata+datalen, "\n\x14" "F=3", 5);
+      xfree (data);
+      data = tmpdata;
+      datalen += 5;
+    }
+
+  err = scd_setattr ("LOGIN-DATA", data, datalen);
+
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_lang (card_info_t info, const char *argstr)
+{
+  gpg_error_t err;
+  char *data, *p;
+
+  if (!info)
+    return print_help
+      ("LANG [--clear]\n\n"
+       "Change the language info for the card.  This info can be used\n"
+       "by applications for a personalized greeting.  Up to 4 two-digit\n"
+       "language identifiers can be entered as a preference.  The option\n"
+       "--clear removes all identifiers.  GnuPG does not use this info.",
+       APP_TYPE_OPENPGP, 0);
+
+  if (!strcmp (argstr, "--clear"))
+    data = xstrdup ("  "); /* Note that we need two spaces here.  */
+  else
+    {
+    again:
+      data = tty_get (_("Language preferences: "));
+      trim_spaces (data);
+      tty_kill_prompt ();
+      if (!*data || *data == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+
+      if (strlen (data) > 8 || (strlen (data) & 1))
+        {
+          log_info (_("Error: invalid length of preference string.\n"));
+          xfree (data);
+          goto again;
+        }
+
+      for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
+        ;
+      if (*p)
+        {
+          log_info (_("Error: invalid characters in preference string.\n"));
+          xfree (data);
+          goto again;
+        }
+    }
+
+  err = scd_setattr ("DISP-LANG", data, strlen (data));
+
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_salut (card_info_t info, const char *argstr)
+{
+  gpg_error_t err;
+  char *data = NULL;
+  const char *str;
+
+  if (!info)
+    return print_help
+      ("SALUT [--clear]\n\n"
+       "Change the salutation info for the card.  This info can be used\n"
+       "by applications for a personalized greeting.  The option --clear\n"
+       "removes this data object.  GnuPG does not use this info.",
+       APP_TYPE_OPENPGP, 0);
+
+ again:
+  if (!strcmp (argstr, "--clear"))
+    str = "9";
+  else
+    {
+      data = tty_get (_("Salutation (M = Mr., F = Ms., or space): "));
+      trim_spaces (data);
+      tty_kill_prompt ();
+      if (*data == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+
+      if (!*data)
+        str = "9";
+      else if ((*data == 'M' || *data == 'm') && !data[1])
+        str = "1";
+      else if ((*data == 'F' || *data == 'f') && !data[1])
+        str = "2";
+      else
+        {
+          tty_printf (_("Error: invalid response.\n"));
+          xfree (data);
+          goto again;
+        }
+    }
+
+  err = scd_setattr ("DISP-SEX", str, 1);
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_cafpr (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  char *data = NULL;
+  const char *s;
+  int i, c;
+  unsigned char fpr[32];
+  int fprlen;
+  int fprno;
+  int opt_clear = 0;
+
+  if (!info)
+    return print_help
+      ("CAFPR [--clear] N\n\n"
+       "Change the CA fingerprint number N.  N must be in the\n"
+       "range 1 to 3.  The option --clear clears the specified\n"
+       "CA fingerprint N or all of them if N is 0 or not given.",
+       APP_TYPE_OPENPGP, 0);
+
+
+  opt_clear = has_leading_option (argstr, "--clear");
+  argstr = skip_options (argstr);
+
+  if (digitp (argstr))
+    {
+      fprno = atoi (argstr);
+      while (digitp (argstr))
+        argstr++;
+      while (spacep (argstr))
+        argstr++;
+    }
+  else
+    fprno = 0;
+
+  if (opt_clear && !fprno)
+    ; /* Okay: clear all fprs.  */
+  else if (fprno < 1 || fprno > 3)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+ again:
+  if (opt_clear)
+    {
+      memset (fpr, 0, 20);
+      fprlen = 20;
+    }
+  else
+    {
+      xfree (data);
+      data = tty_get (_("CA fingerprint: "));
+      trim_spaces (data);
+      tty_kill_prompt ();
+      if (!*data || *data == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+
+      for (i=0, s=data; i < sizeof fpr && *s; )
+        {
+          while (spacep(s))
+            s++;
+          if (*s == ':')
+            s++;
+          while (spacep(s))
+            s++;
+          c = hextobyte (s);
+          if (c == -1)
+            break;
+          fpr[i++] = c;
+          s += 2;
+        }
+      fprlen = i;
+      if ((fprlen != 20 && fprlen != 32) || *s)
+        {
+          log_error (_("Error: invalid formatted fingerprint.\n"));
+          goto again;
+        }
+    }
+
+  if (!fprno)
+    {
+      log_assert (opt_clear);
+      err = scd_setattr ("CA-FPR-1", fpr, fprlen);
+      if (!err)
+        err = scd_setattr ("CA-FPR-2", fpr, fprlen);
+      if (!err)
+        err = scd_setattr ("CA-FPR-3", fpr, fprlen);
+    }
+  else
+    err = scd_setattr (fprno==1?"CA-FPR-1":
+                       fprno==2?"CA-FPR-2":
+                       fprno==3?"CA-FPR-3":"x", fpr, fprlen);
+
+ leave:
+  xfree (data);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_privatedo (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int opt_clear;
+  char *do_name = NULL;
+  char *data = NULL;
+  size_t datalen;
+  int do_no;
+
+  if (!info)
+    return print_help
+      ("PRIVATEDO [--clear] N [< FILE]\n\n"
+       "Change the private data object N.  N must be in the\n"
+       "range 1 to 4.  If FILE is given the data is is read\n"
+       "from that file.  The option --clear clears the data.",
+       APP_TYPE_OPENPGP, 0);
+
+  opt_clear = has_leading_option (argstr, "--clear");
+  argstr = skip_options (argstr);
+
+  if (digitp (argstr))
+    {
+      do_no = atoi (argstr);
+      while (digitp (argstr))
+        argstr++;
+      while (spacep (argstr))
+        argstr++;
+    }
+  else
+    do_no = 0;
+
+  if (do_no < 1 || do_no > 4)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+  do_name = xasprintf ("PRIVATE-DO-%d", do_no);
+
+  if (opt_clear)
+    {
+      data = xstrdup (" ");
+      datalen = 1;
+    }
+  else if (*argstr == '<')  /* Read it from a file */
+    {
+      for (argstr++; spacep (argstr); argstr++)
+        ;
+      err = get_data_from_file (argstr, &data, &datalen);
+      if (err)
+        goto leave;
+    }
+  else if (*argstr)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+  else
+    {
+      data = tty_get (_("Private DO data: "));
+      trim_spaces (data);
+      tty_kill_prompt ();
+      datalen = strlen (data);
+      if (!*data || *data == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+    }
+
+  err = scd_setattr (do_name, data, datalen);
+
+ leave:
+  xfree (do_name);
+  xfree (data);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_writecert (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int opt_clear;
+  int opt_openpgp;
+  char *certref_buffer = NULL;
+  char *certref;
+  char *data = NULL;
+  size_t datalen;
+  estream_t key = NULL;
+
+
+  if (!info)
+    return print_help
+      ("WRITECERT CERTREF '<' FILE\n"
+       "WRITECERT --openpgp CERTREF ['<' FILE|FPR]\n"
+       "WRITECERT --clear CERTREF\n\n"
+       "Write a certificate to the card under the id CERTREF.\n"
+       "The option --clear removes the certificate from the card.\n"
+       "The option --openpgp expects an OpenPGP keyblock and stores\n"
+       "it encapsulated in a CMS container; the keyblock is taken\n"
+       "from FILE or directly from the OpenPGP key with FPR",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  opt_clear = has_leading_option (argstr, "--clear");
+  opt_openpgp = has_leading_option (argstr, "--openpgp");
+  argstr = skip_options (argstr);
+
+  certref = argstr;
+  if ((argstr = strchr (certref, ' ')))
+    {
+      *argstr++ = 0;
+      trim_spaces (certref);
+      trim_spaces (argstr);
+    }
+  else /* Let argstr point to an empty string.  */
+    argstr = certref + strlen (certref);
+
+  if (info->apptype == APP_TYPE_OPENPGP)
+    {
+      if (!ascii_strcasecmp (certref, "OPENPGP.3") || !strcmp (certref, "3"))
+        certref_buffer = xstrdup ("OPENPGP.3");
+      else if (!ascii_strcasecmp (certref, "OPENPGP.2")||!strcmp (certref,"2"))
+        certref_buffer = xstrdup ("OPENPGP.2");
+      else if (!ascii_strcasecmp (certref, "OPENPGP.1")||!strcmp (certref,"1"))
+        certref_buffer = xstrdup ("OPENPGP.1");
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          log_error ("Error: CERTREF must be OPENPGP.N or just N"
+                     " with N being 1..3\"");
+          goto leave;
+        }
+      certref = certref_buffer;
+    }
+  else /* Upcase the certref; prepend cardtype if needed.  */
+    {
+      if (!strchr (certref, '.'))
+        certref_buffer = xstrconcat (app_type_string (info->apptype), ".",
+                                     certref, NULL);
+      else
+        certref_buffer = xstrdup (certref);
+      ascii_strupr (certref_buffer);
+      certref = certref_buffer;
+    }
+
+  if (opt_clear)
+    {
+      data = xstrdup (" ");
+      datalen = 1;
+    }
+  else if (*argstr == '<')  /* Read it from a file */
+    {
+      for (argstr++; spacep (argstr); argstr++)
+        ;
+      err = get_data_from_file (argstr, &data, &datalen);
+      if (err)
+        goto leave;
+      if (ascii_memistr (data, datalen, "-----BEGIN CERTIFICATE-----")
+          && ascii_memistr (data, datalen, "-----END CERTIFICATE-----")
+          && !memchr (data, 0, datalen) && !memchr (data, 1, datalen))
+        {
+          struct b64state b64;
+
+          err = b64dec_start (&b64, "");
+          if (!err)
+            err = b64dec_proc (&b64, data, datalen, &datalen);
+          if (!err)
+            err = b64dec_finish (&b64);
+          if (err)
+            goto leave;
+        }
+    }
+  else if (opt_openpgp && *argstr)
+    {
+      err = get_minimal_openpgp_key (&key, argstr);
+      if (err)
+        goto leave;
+      if (es_fclose_snatch (key, (void*)&data, &datalen))
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      key = NULL;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if (opt_openpgp && !opt_clear)
+    {
+      tlv_builder_t tb;
+      void *tmpder;
+      size_t tmpderlen;
+
+      tb = tlv_builder_new (0);
+      if (!tb)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      tlv_builder_add_tag (tb, 0, TAG_SEQUENCE);
+      tlv_builder_add_ptr (tb, 0, TAG_OBJECT_ID,
+                           "\x2B\x06\x01\x04\x01\xDA\x47\x02\x03\x01", 10);
+      tlv_builder_add_tag (tb, CLASS_CONTEXT, 0);
+      tlv_builder_add_ptr (tb, 0, TAG_OCTET_STRING, data, datalen);
+      tlv_builder_add_end (tb);
+      tlv_builder_add_end (tb);
+
+      err = tlv_builder_finalize (tb, &tmpder, &tmpderlen);
+      if (err)
+        goto leave;
+      xfree (data);
+      data = tmpder;
+      datalen = tmpderlen;
+    }
+
+
+  err = scd_writecert (certref, data, datalen);
+
+ leave:
+  es_fclose (key);
+  xfree (data);
+  xfree (certref_buffer);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_readcert (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  char *certref_buffer = NULL;
+  char *certref;
+  void *data = NULL;
+  size_t datalen, dataoff;
+  const char *fname;
+  int opt_openpgp;
+
+  if (!info)
+    return print_help
+      ("READCERT [--openpgp] CERTREF > FILE\n\n"
+       "Read the certificate for key CERTREF and store it in FILE.\n"
+       "With option \"--openpgp\" an OpenPGP keyblock is expected\n"
+       "and stored in FILE.\n",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  opt_openpgp = has_leading_option (argstr, "--openpgp");
+  argstr = skip_options (argstr);
+
+  certref = argstr;
+  if ((argstr = strchr (certref, ' ')))
+    {
+      *argstr++ = 0;
+      trim_spaces (certref);
+      trim_spaces (argstr);
+    }
+  else /* Let argstr point to an empty string.  */
+    argstr = certref + strlen (certref);
+
+  if (info->apptype == APP_TYPE_OPENPGP)
+    {
+      if (!ascii_strcasecmp (certref, "OPENPGP.3") || !strcmp (certref, "3"))
+        certref_buffer = xstrdup ("OPENPGP.3");
+      else if (!ascii_strcasecmp (certref, "OPENPGP.2")||!strcmp (certref,"2"))
+        certref_buffer = xstrdup ("OPENPGP.2");
+      else if (!ascii_strcasecmp (certref, "OPENPGP.1")||!strcmp (certref,"1"))
+        certref_buffer = xstrdup ("OPENPGP.1");
+      else
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          log_error ("Error: CERTREF must be OPENPGP.N or just N"
+                     " with N being 1..3\"");
+          goto leave;
+        }
+      certref = certref_buffer;
+    }
+
+  if (*argstr == '>')  /* Write it to a file */
+    {
+      for (argstr++; spacep (argstr); argstr++)
+        ;
+      fname = argstr;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  dataoff = 0;
+  err = scd_readcert (certref, &data, &datalen);
+  if (err)
+    goto leave;
+
+  if (opt_openpgp)
+    {
+      /* Check whether DATA contains an OpenPGP keyblock and put only
+       * this into FILE.  If the data is something different, return
+       * an error.  */
+      const unsigned char *p;
+      size_t n, objlen, hdrlen;
+      int class, tag, cons, ndef;
+
+      p = data;
+      n = datalen;
+      if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
+        goto not_openpgp;
+      if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
+        goto not_openpgp; /* Does not start with a sequence.  */
+      if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
+        goto not_openpgp;
+      if (!(class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !cons))
+        goto not_openpgp; /* No Object ID.  */
+      if (objlen > n)
+        goto not_openpgp; /* Inconsistent lengths.  */
+      if (objlen != 10
+          || memcmp (p, "\x2B\x06\x01\x04\x01\xDA\x47\x02\x03\x01", objlen))
+        goto not_openpgp; /* Wrong Object ID.  */
+      p += objlen;
+      n -= objlen;
+      if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
+        goto not_openpgp;
+      if (!(class == CLASS_CONTEXT && tag == 0 && cons))
+        goto not_openpgp; /* Not a [0] context tag.  */
+      if (parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen))
+        goto not_openpgp;
+      if (!(class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING && !cons))
+        goto not_openpgp; /* Not an octet string.  */
+      if (objlen > n)
+        goto not_openpgp; /* Inconsistent lengths.  */
+      dataoff = p - (const unsigned char*)data;
+      datalen = objlen;
+    }
+
+  err = put_data_to_file (fname, (unsigned char*)data+dataoff, datalen);
+  goto leave;
+
+ not_openpgp:
+  err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ leave:
+  xfree (data);
+  xfree (certref_buffer);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_writekey (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int opt_force;
+  const char *argv[2];
+  int argc;
+  char *keyref_buffer = NULL;
+  const char *keyref;
+  const char *keygrip;
+
+  if (!info)
+    return print_help
+      ("WRITEKEY [--force] KEYREF KEYGRIP\n\n"
+       "Write a private key object identified by KEYGRIP to slot KEYREF.\n"
+       "Use --force to overwrite an existing key.",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  opt_force = has_leading_option (argstr, "--force");
+  argstr = skip_options (argstr);
+
+  argc = split_fields (argstr, argv, DIM (argv));
+  if (argc < 2)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  /* Upcase the keyref; prepend cardtype if needed.  */
+  keyref = argv[0];
+  if (!strchr (keyref, '.'))
+    keyref_buffer = xstrconcat (app_type_string (info->apptype), ".",
+                                keyref, NULL);
+  else
+    keyref_buffer = xstrdup (keyref);
+  ascii_strupr (keyref_buffer);
+  keyref = keyref_buffer;
+
+  /* Get the keygrip.  */
+  keygrip = argv[1];
+  if (strlen (keygrip) != 40
+      && !(keygrip[0] == '&' && strlen (keygrip+1) == 40))
+    {
+      log_error (_("Not a valid keygrip (expecting 40 hex digits)\n"));
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  err = scd_writekey (keyref, opt_force, keygrip);
+
+ leave:
+  xfree (keyref_buffer);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_forcesig (card_info_t info)
+{
+  gpg_error_t err;
+  int newstate;
+
+  if (!info)
+    return print_help
+      ("FORCESIG\n\n"
+       "Toggle the forcesig flag of an OpenPGP card.",
+       APP_TYPE_OPENPGP, 0);
+
+  if (info->apptype != APP_TYPE_OPENPGP)
+    {
+      log_info ("Note: This is an OpenPGP only command.\n");
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+  newstate = !info->chv1_cached;
+
+  err = scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1);
+  if (err)
+    goto leave;
+
+  /* Read it back to be sure we have the right toggle state the next
+   * time.  */
+  err = scd_getattr ("CHV-STATUS", info);
+
+ leave:
+  return err;
+}
+
+
+
+/* Helper for cmd_generate_openpgp.  Note that either 0 or 1 is stored at
+ * FORCED_CHV1. */
+static gpg_error_t
+check_pin_for_key_operation (card_info_t info, int *forced_chv1)
+{
+  gpg_error_t err = 0;
+
+  *forced_chv1 = !info->chv1_cached;
+  if (*forced_chv1)
+    { /* Switch off the forced mode so that during key generation we
+       * don't get bothered with PIN queries for each self-signature. */
+      err = scd_setattr ("CHV-STATUS-1", "\x01", 1);
+      if (err)
+        {
+          log_error ("error clearing forced signature PIN flag: %s\n",
+                     gpg_strerror (err));
+          *forced_chv1 = -1;  /* Not changed.  */
+          goto leave;
+        }
+    }
+
+  /* Check the PIN now, so that we won't get asked later for each
+   * binding signature.  */
+  err = scd_checkpin (info->serialno);
+  if (err)
+    log_error ("error checking the PIN: %s\n", gpg_strerror (err));
+
+ leave:
+  return err;
+}
+
+
+/* Helper for cmd_generate_openpgp.  */
+static void
+restore_forced_chv1 (int *forced_chv1)
+{
+  gpg_error_t err;
+
+  /* Note the possible values stored at FORCED_CHV1:
+   *   0 - forcesig was not enabled.
+   *   1 - forcesig was enabled - enable it again.
+   *  -1 - We have not changed anything.  */
+  if (*forced_chv1 == 1)
+    { /* Switch back to forced state. */
+      err = scd_setattr ("CHV-STATUS-1", "", 1);
+      if (err)
+        log_error ("error setting forced signature PIN flag: %s\n",
+                   gpg_strerror (err));
+      *forced_chv1 = 0;
+    }
+}
+
+
+/* Ask whether existing keys shall be overwritten.  With NULL used for
+ * KINFO it will ask for all keys, other wise for the given key.  */
+static gpg_error_t
+ask_replace_keys (key_info_t kinfo)
+{
+  gpg_error_t err;
+  char *answer;
+
+  tty_printf ("\n");
+  if (kinfo)
+    log_info (_("Note: key %s is already stored on the card!\n"),
+              kinfo->keyref);
+  else
+    log_info (_("Note: Keys are already stored on the card!\n"));
+  tty_printf ("\n");
+  if (kinfo)
+    answer = tty_getf (_("Replace existing key %s ? (y/N) "), kinfo->keyref);
+  else
+    answer = tty_get (_("Replace existing keys? (y/N) "));
+  tty_kill_prompt ();
+  if (*answer == CONTROL_D)
+    err = gpg_error (GPG_ERR_CANCELED);
+  else if (!answer_is_yes_no_default (answer, 0/*(default to No)*/))
+    err = gpg_error (GPG_ERR_CANCELED);
+  else
+    err = 0;
+
+  xfree (answer);
+  return err;
+}
+
+
+/* Implementation of cmd_generate for OpenPGP cards to generate all
+ * standard keys at once.  */
+static gpg_error_t
+generate_all_openpgp_card_keys (card_info_t info, char **algos)
+{
+  gpg_error_t err;
+  int forced_chv1 = -1;
+  int want_backup;
+  char *answer = NULL;
+  key_info_t kinfo1, kinfo2, kinfo3;
+
+  if (info->extcap.ki)
+    {
+      xfree (answer);
+      answer = tty_get (_("Make off-card backup of encryption key? (Y/n) "));
+      want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
+      tty_kill_prompt ();
+      if (*answer == CONTROL_D)
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+    }
+  else
+    want_backup = 0;
+
+  kinfo1 = find_kinfo (info, "OPENPGP.1");
+  kinfo2 = find_kinfo (info, "OPENPGP.2");
+  kinfo3 = find_kinfo (info, "OPENPGP.3");
+
+  if ((kinfo1 && kinfo1->fprlen && !mem_is_zero (kinfo1->fpr,kinfo1->fprlen))
+      || (kinfo2 && kinfo2->fprlen && !mem_is_zero (kinfo2->fpr,kinfo2->fprlen))
+      || (kinfo3 && kinfo3->fprlen && !mem_is_zero (kinfo3->fpr,kinfo3->fprlen))
+      )
+    {
+      err = ask_replace_keys (NULL);
+      if (err)
+        goto leave;
+    }
+
+  /* If no displayed name has been set, we assume that this is a fresh
+   * card and print a hint about the default PINs.  */
+  if (!info->disp_name || !*info->disp_name)
+    {
+      tty_printf ("\n");
+      tty_printf (_("Please note that the factory settings of the PINs are\n"
+                    "   PIN = '%s'     Admin PIN = '%s'\n"
+                    "You should change them using the command --change-pin\n"),
+                  OPENPGP_USER_PIN_DEFAULT, OPENPGP_ADMIN_PIN_DEFAULT);
+      tty_printf ("\n");
+    }
+
+  err = check_pin_for_key_operation (info, &forced_chv1);
+  if (err)
+    goto leave;
+
+  (void)algos;  /* FIXME: If we have ALGOS, we need to change the key attr. */
+
+  /* FIXME: We need to divert to a function which spawns gpg which
+   * will then create the key.  This also requires new features in
+   * gpg.  We might also first create the keys on the card and then
+   * tell gpg to use them to create the OpenPGP keyblock. */
+  /* generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); */
+  (void)want_backup;
+  err = scd_genkey ("OPENPGP.1", 1, NULL, NULL);
+
+ leave:
+  restore_forced_chv1 (&forced_chv1);
+  xfree (answer);
+  return err;
+}
+
+
+/* Create a single key.  This is a helper for cmd_generate.  */
+static gpg_error_t
+generate_key (card_info_t info, const char *keyref, int force,
+              const char *algo)
+{
+  gpg_error_t err;
+  key_info_t kinfo;
+
+  if (info->apptype == APP_TYPE_OPENPGP)
+    {
+      kinfo = find_kinfo (info, keyref);
+      if (!kinfo)
+        {
+          err = gpg_error (GPG_ERR_INV_ID);
+          goto leave;
+        }
+
+      if (!force
+          && kinfo->fprlen && !mem_is_zero (kinfo->fpr, kinfo->fprlen))
+        {
+          err = ask_replace_keys (NULL);
+          if (err)
+            goto leave;
+          force = 1;
+        }
+    }
+
+  err = scd_genkey (keyref, force, algo, NULL);
+
+ leave:
+  return err;
+}
+
+
+static gpg_error_t
+cmd_generate (card_info_t info, char *argstr)
+{
+  static char * const valid_algos[] =
+    { "rsa2048", "rsa3072", "rsa4096", "",
+      "nistp256", "nistp384", "nistp521", "",
+      "brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1", "",
+      "ed25519", "cv25519",
+      NULL
+    };
+  gpg_error_t err;
+  int opt_force;
+  char *p;
+  char **opt_algo = NULL;      /* Malloced.  */
+  char *keyref_buffer = NULL;  /* Malloced.  */
+  char *keyref;          /* Points into argstr or keyref_buffer.  */
+  int i, j;
+
+  if (!info)
+    return print_help
+      ("GENERATE [--force] [--algo=ALGO{+ALGO2}] KEYREF\n\n"
+       "Create a new key on a card.\n"
+       "Use --force to overwrite an existing key.\n"
+       "Use \"help\" for ALGO to get a list of known algorithms.\n"
+       "For OpenPGP cards several algos may be given.\n"
+       "Note that the OpenPGP key generation is done interactively\n"
+       "unless a single ALGO or KEYREF are given.",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  if (opt.interactive || opt.verbose)
+    log_info (_("%s card no. %s detected\n"),
+              app_type_string (info->apptype),
+              info->dispserialno? info->dispserialno : info->serialno);
+
+  opt_force = has_leading_option (argstr, "--force");
+  err = get_option_value (argstr, "--algo", &p);
+  if (err)
+    goto leave;
+  if (p)
+    {
+      opt_algo = strtokenize (p, "+");
+      if (!opt_algo)
+        {
+          err = gpg_error_from_syserror ();
+          xfree (p);
+          goto leave;
+        }
+      xfree (p);
+    }
+
+  argstr = skip_options (argstr);
+
+  keyref = argstr;
+  if ((argstr = strchr (keyref, ' ')))
+    {
+      *argstr++ = 0;
+      trim_spaces (keyref);
+      trim_spaces (argstr);
+    }
+  else /* Let argstr point to an empty string.  */
+    argstr = keyref + strlen (keyref);
+
+  if (!*keyref)
+    keyref = NULL;
+
+  if (*argstr)
+    {
+      /* Extra arguments found.  */
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if (opt_algo)
+    {
+      /* opt_algo is an array of algos.  */
+      for (i=0; opt_algo[i]; i++)
+        {
+          for (j=0; valid_algos[j]; j++)
+            if (*valid_algos[j] && !strcmp (valid_algos[j], opt_algo[i]))
+              break;
+          if (!valid_algos[j])
+            {
+              int lf = 1;
+              if (!ascii_strcasecmp (opt_algo[i], "help"))
+                log_info ("Known algorithms:\n");
+              else
+                {
+                  log_info ("Invalid algorithm '%s' given.  Use one of:\n",
+                            opt_algo[i]);
+                  err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+                }
+              for (i=0; valid_algos[i]; i++)
+                {
+                  if (!*valid_algos[i])
+                    lf = 1;
+                  else if (lf)
+                    {
+                      lf = 0;
+                      log_info ("  %s%s",
+                                valid_algos[i], valid_algos[i+1]?",":".");
+                    }
+                  else
+                    log_printf (" %s%s",
+                                valid_algos[i], valid_algos[i+1]?",":".");
+                }
+              log_printf ("\n");
+              show_keysize_warning ();
+              goto leave;
+            }
+        }
+    }
+
+  /* Upcase the keyref; if it misses the cardtype, prepend it.  */
+  if (keyref)
+    {
+      if (!strchr (keyref, '.'))
+        keyref_buffer = xstrconcat (app_type_string (info->apptype), ".",
+                                    keyref, NULL);
+      else
+        keyref_buffer = xstrdup (keyref);
+      ascii_strupr (keyref_buffer);
+      keyref = keyref_buffer;
+    }
+
+  /* Special checks.  */
+  if ((info->cardtype && !strcmp (info->cardtype, "yubikey"))
+      && info->cardversion >= 0x040200 && info->cardversion < 0x040305)
+    {
+      log_error ("On-chip key generation on this YubiKey has been blocked.\n");
+      log_info ("Please see <https://yubi.co/ysa201701> for details\n");
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  /* Divert to dedicated functions.  */
+  if (info->apptype == APP_TYPE_OPENPGP
+      && !keyref
+      && (!opt_algo || (opt_algo[0] && opt_algo[1])))
+    {
+      /* With no algo requested or more than one algo requested and no
+       * keyref given we create all keys.  */
+      if (opt_force || keyref)
+        log_info ("Note: OpenPGP key generation is interactive.\n");
+      err = generate_all_openpgp_card_keys (info, opt_algo);
+    }
+  else if (!keyref)
+    err = gpg_error (GPG_ERR_INV_ID);
+  else if (opt_algo && opt_algo[0] && opt_algo[1])
+    {
+      log_error ("only one algorithm expected as value for --algo.\n");
+      err = gpg_error (GPG_ERR_INV_ARG);
+    }
+  else
+    err = generate_key (info, keyref, opt_force, opt_algo? opt_algo[0]:NULL);
+
+  if (!err)
+    {
+      err = scd_learn (info, 0);
+      if (err)
+        log_error ("Error re-reading card: %s\n", gpg_strerror (err));
+    }
+
+ leave:
+  xfree (opt_algo);
+  xfree (keyref_buffer);
+  return err;
+}
+
+
+
+/* Change a PIN.  */
+static gpg_error_t
+cmd_passwd (card_info_t info, char *argstr)
+{
+  gpg_error_t err = 0;
+  char *answer = NULL;
+  const char *pinref = NULL;
+  int reset_mode = 0;
+  int nullpin = 0;
+  int menu_used = 0;
+
+  if (!info)
+    return print_help
+      ("PASSWD [--reset|--nullpin] [PINREF]\n\n"
+       "Change or unblock the PINs.  Note that in interactive mode\n"
+       "and without a PINREF a menu is presented for certain cards;\n"
+       "in non-interactive and without a PINREF a default value is\n"
+       "used for these cards.  The option --reset is used with TCOS\n"
+       "cards to reset the PIN using the PUK or vice versa; --nullpin\n"
+       "is used for these cards to set the intial PIN.",
+       0);
+
+  if (opt.interactive || opt.verbose)
+    log_info (_("%s card no. %s detected\n"),
+              app_type_string (info->apptype),
+              info->dispserialno? info->dispserialno : info->serialno);
+
+
+  if (has_option (argstr, "--reset"))
+    reset_mode = 1;
+  else if (has_option (argstr, "--nullpin"))
+    nullpin = 1;
+  argstr = skip_options (argstr);
+
+  /* If --reset or --nullpin has been given we force non-interactive mode.  */
+  if (*argstr || reset_mode || nullpin)
+    {
+      pinref = argstr;
+      if (!*pinref)
+        {
+          err = gpg_error (GPG_ERR_MISSING_VALUE);
+          goto leave;
+        }
+    }
+  else if (opt.interactive && info->apptype == APP_TYPE_OPENPGP)
+    {
+      menu_used = 1;
+      while (!pinref)
+        {
+          xfree (answer);
+          answer = get_selection ("1 - change the PIN\n"
+                                  "2 - unblock and set new a PIN\n"
+                                  "3 - change the Admin PIN\n"
+                                  "4 - set the Reset Code\n"
+                                  "Q - quit\n");
+          if (strlen (answer) != 1)
+            continue;
+          else if (*answer == 'q' || *answer == 'Q')
+            goto leave;
+          else if (*answer == '1')
+            pinref = "OPENPGP.1";
+          else if (*answer == '2')
+            { pinref = "OPENPGP.1"; reset_mode = 1; }
+          else if (*answer == '3')
+            pinref = "OPENPGP.3";
+          else if (*answer == '4')
+            { pinref = "OPENPGP.2"; reset_mode = 1; }
+        }
+    }
+  else if (info->apptype == APP_TYPE_OPENPGP)
+    pinref = "OPENPGP.1";
+  else if (opt.interactive && info->apptype == APP_TYPE_PIV)
+    {
+      menu_used = 1;
+      while (!pinref)
+        {
+          xfree (answer);
+          answer = get_selection ("1 - change the PIN\n"
+                                  "2 - change the PUK\n"
+                                  "3 - change the Global PIN\n"
+                                  "Q - quit\n");
+          if (strlen (answer) != 1)
+            ;
+          else if (*answer == 'q' || *answer == 'Q')
+            goto leave;
+          else if (*answer == '1')
+            pinref = "PIV.80";
+          else if (*answer == '2')
+            pinref = "PIV.81";
+          else if (*answer == '3')
+            pinref = "PIV.00";
+        }
+    }
+  else if (opt.interactive && info->apptype == APP_TYPE_NKS)
+    {
+      int for_qualified = 0;
+
+      menu_used = 1;
+
+      log_assert (DIM (info->chvinfo) >= 4);
+
+      /* If there is a qualified signature use a a menu to select
+       * between standard PIN and QES PINs.  */
+      if (info->chvinfo[2] != -2 || info->chvinfo[3] != -2)
+        {
+          for (;;)
+            {
+              xfree (answer);
+              answer = get_selection (" 1 - Standard PIN/PUK\n"
+                                      " 2 - PIN/PUK for qualified signature\n"
+                                  " Q - quit\n");
+              if (!ascii_strcasecmp (answer, "q"))
+                goto leave;
+              else if (!strcmp (answer, "1"))
+                break;
+              else if (!strcmp (answer, "2"))
+                {
+                  for_qualified = 1;
+                  break;
+                }
+            }
+        }
+
+      if (info->chvinfo[for_qualified? 2 : 0] == -4)
+        {
+          while (!pinref)
+            {
+              xfree (answer);
+              answer = get_selection
+                ("The NullPIN is still active on this card.\n"
+                 "You need to choose and set a PIN first.\n"
+                 "\n"
+                 " 1 - Set your PIN\n"
+                 " Q - quit\n");
+              if (!ascii_strcasecmp (answer, "q"))
+                goto leave;
+              else if (!strcmp (answer, "1"))
+                {
+                  pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
+                  nullpin = 1;
+                }
+            }
+        }
+      else
+        {
+          while (!pinref)
+            {
+              xfree (answer);
+              answer = get_selection (" 1 - change PIN\n"
+                                      " 2 - reset PIN\n"
+                                      " 3 - change PUK\n"
+                                      " 4 - reset PUK\n"
+                                      " Q - quit\n");
+              if (!ascii_strcasecmp (answer, "q"))
+                goto leave;
+              else if (!strcmp (answer, "1"))
+                {
+                  pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
+                }
+              else if (!strcmp (answer, "2"))
+                {
+                  pinref = for_qualified? "PW1.CH.SIG" : "PW1.CH";
+                  reset_mode = 1;
+                }
+              else if (!strcmp (answer, "3"))
+                {
+                  pinref = for_qualified? "PW2.CH.SIG" : "PW2.CH";
+                }
+              else if (!strcmp (answer, "4"))
+                {
+                  pinref = for_qualified? "PW2.CH.SIG" : "PW2.CH";
+                  reset_mode = 1;
+                }
+            }
+        }
+    }
+  else if (info->apptype == APP_TYPE_PIV)
+    pinref = "PIV.80";
+  else
+    {
+      err = gpg_error (GPG_ERR_MISSING_VALUE);
+      goto leave;
+    }
+
+  err = scd_change_pin (pinref, reset_mode, nullpin);
+  if (err)
+    {
+      if (!opt.interactive && !menu_used && !opt.verbose)
+        ;
+      else if (gpg_err_code (err) == GPG_ERR_CANCELED
+               && gpg_err_source (err) == GPG_ERR_SOURCE_PINENTRY)
+        log_info ("%s\n", gpg_strerror (err));
+      else if (!ascii_strcasecmp (pinref, "PIV.81"))
+        log_error ("Error changing the PUK.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.1") && reset_mode)
+        log_error ("Error unblocking the PIN.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.2") && reset_mode)
+        log_error ("Error setting the Reset Code.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
+        log_error ("Error changing the Admin PIN.\n");
+      else if (reset_mode)
+        log_error ("Error resetting the PIN.\n");
+      else
+        log_error ("Error changing the PIN.\n");
+    }
+  else
+    {
+      if (!opt.interactive && !opt.verbose)
+        ;
+      else if (!ascii_strcasecmp (pinref, "PIV.81"))
+        log_info ("PUK changed.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.1") && reset_mode)
+        log_info ("PIN unblocked and new PIN set.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.2") && reset_mode)
+        log_info ("Reset Code set.\n");
+      else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
+        log_info ("Admin PIN changed.\n");
+      else if (reset_mode)
+        log_info ("PIN resetted.\n");
+      else
+        log_info ("PIN changed.\n");
+
+      /* Update the CHV status.  */
+      err = scd_getattr ("CHV-STATUS", info);
+    }
+
+ leave:
+  xfree (answer);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_unblock (card_info_t info)
+{
+  gpg_error_t err = 0;
+
+  if (!info)
+    return print_help
+      ("UNBLOCK\n\n"
+       "Unblock a PIN using a PUK or Reset Code.  Note that OpenPGP\n"
+       "cards prior to version 2 can't use this; instead the PASSWD\n"
+       "command can be used to set a new PIN.",
+       0);
+
+  if (opt.interactive || opt.verbose)
+    log_info (_("%s card no. %s detected\n"),
+              app_type_string (info->apptype),
+              info->dispserialno? info->dispserialno : info->serialno);
+
+  if (info->apptype == APP_TYPE_OPENPGP)
+    {
+      if (!info->is_v2)
+        {
+          log_error (_("This command is only available for version 2 cards\n"));
+          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+        }
+      else if (!info->chvinfo[1])
+        {
+          log_error (_("Reset Code not or not anymore available\n"));
+          err = gpg_error (GPG_ERR_PIN_BLOCKED);
+        }
+      else
+        {
+          err = scd_change_pin ("OPENPGP.2", 0, 0);
+          if (!err)
+            log_info ("PIN changed.\n");
+        }
+    }
+  else if (info->apptype == APP_TYPE_PIV)
+    {
+      /* Unblock the Application PIN.  */
+      err = scd_change_pin ("PIV.80", 1, 0);
+      if (!err)
+        log_info ("PIN unblocked and changed.\n");
+    }
+  else
+    {
+      log_info ("Unblocking not supported for '%s'.\n",
+                app_type_string (info->apptype));
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+    }
+
+  return err;
+}
+
+
+/* Note: On successful execution a redisplay should be scheduled.  If
+ * this function fails the card may be in an unknown state. */
+static gpg_error_t
+cmd_factoryreset (card_info_t info)
+{
+  gpg_error_t err;
+  char *answer = NULL;
+  int termstate = 0;
+  int any_apdu = 0;
+  int is_yubikey = 0;
+  int locked = 0;
+  int i;
+
+
+  if (!info)
+    return print_help
+      ("FACTORY-RESET\n\n"
+       "Do a complete reset of some OpenPGP and PIV cards.  This\n"
+       "deletes all data and keys and resets the PINs to their default.\n"
+       "This is mainly used by developers with scratch cards.  Don't\n"
+       "worry, you need to confirm before the command proceeds.",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  /* We support the factory reset for most OpenPGP cards and Yubikeys
+   * with the PIV application.  */
+  if (info->apptype == APP_TYPE_OPENPGP)
+    ;
+  else if (info->apptype == APP_TYPE_PIV
+           && info->cardtype && !strcmp (info->cardtype, "yubikey"))
+    is_yubikey = 1;
+  else
+
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  /* For an OpenPGP card the code below basically does the same what
+   * this gpg-connect-agent script does:
+   *
+   *   scd reset
+   *   scd serialno undefined
+   *   scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
+   *   scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
+   *   scd apdu 00 e6 00 00
+   *   scd apdu 00 44 00 00
+   *   scd reset
+   *   /echo Card has been reset to factory defaults
+   *
+   * For a PIV application on a Yubikey it merely issues the Yubikey
+   * specific resset command.
+   */
+
+  err = scd_learn (info, 0);
+  if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE
+      && gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
+    termstate = 1;
+  else if (err)
+    {
+      log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
+      goto leave;
+    }
+
+  if (opt.interactive || opt.verbose)
+    log_info (_("%s card no. %s detected\n"),
+              app_type_string (info->apptype),
+              info->dispserialno? info->dispserialno : info->serialno);
+
+  if (!termstate || is_yubikey)
+    {
+      if (!is_yubikey)
+        {
+          if (!(info->status_indicator == 3 || info->status_indicator == 5))
+            {
+              /* Note: We won't see status-indicator 3 here because it
+               * is not possible to select a card application in
+               * termination state.  */
+              log_error (_("This command is not supported by this card\n"));
+              err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+              goto leave;
+            }
+        }
+
+      tty_printf ("\n");
+      log_info
+        (_("Note: This command destroys all keys stored on the card!\n"));
+      tty_printf ("\n");
+      xfree (answer);
+      answer = tty_get (_("Continue? (y/N) "));
+      tty_kill_prompt ();
+      trim_spaces (answer);
+      if (*answer == CONTROL_D
+          || !answer_is_yes_no_default (answer, 0/*(default to no)*/))
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+
+      xfree (answer);
+      answer = tty_get (_("Really do a factory reset? (enter \"yes\") "));
+      tty_kill_prompt ();
+      trim_spaces (answer);
+      if (strcmp (answer, "yes") && strcmp (answer,_("yes")))
+        {
+          err = gpg_error (GPG_ERR_CANCELED);
+          goto leave;
+        }
+
+
+      if (is_yubikey)
+        {
+          /* If the PIV application is already selected, we only need to
+           * send the special reset APDU after having blocked PIN and
+           * PUK.  Note that blocking the PUK is done using the
+           * unblock PIN command.  */
+          any_apdu = 1;
+          for (i=0; i < 5; i++)
+            send_apdu ("0020008008FFFFFFFFFFFFFFFF", "VERIFY", 0xffff,
+                       NULL, NULL);
+          for (i=0; i < 5; i++)
+            send_apdu ("002C008010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+                       "RESET RETRY COUNTER", 0xffff, NULL, NULL);
+          err = send_apdu ("00FB000001FF", "YUBIKEY RESET", 0, NULL, NULL);
+          if (err)
+            goto leave;
+        }
+      else /* OpenPGP card.  */
+        {
+          any_apdu = 1;
+          /* We need to select a card application before we can send
+           * APDUs to the card without scdaemon doing anything on its
+           * own.  We then lock the connection so that other tools
+           * (e.g. Kleopatra) don't try a new select.  */
+          err = send_apdu ("lock", "locking connection ", 0, NULL, NULL);
+          if (err)
+            goto leave;
+          locked = 1;
+          err = send_apdu ("reset-keep-lock", "reset", 0, NULL, NULL);
+          if (err)
+            goto leave;
+          err = send_apdu ("undefined", "dummy select ", 0, NULL, NULL);
+          if (err)
+            goto leave;
+          /* Select the OpenPGP application.  */
+          err = send_apdu ("00A4040006D27600012401", "SELECT AID", 0,
+                           NULL, NULL);
+          if (err)
+            goto leave;
+
+          /* Do some dummy verifies with wrong PINs to set the retry
+           * counter to zero.  We can't easily use the card version 2.1
+           * feature of presenting the admin PIN to allow the terminate
+           * command because there is no machinery in scdaemon to catch
+           * the verify command and ask for the PIN when the "APDU"
+           * command is used.
+           * Here, the length of dummy wrong PIN is 32-byte, also
+           * supporting authentication with KDF DO.  */
+          for (i=0; i < 4; i++)
+            send_apdu ("0020008120"
+                       "40404040404040404040404040404040"
+                       "40404040404040404040404040404040", "VERIFY", 0xffff,
+                       NULL, NULL);
+          for (i=0; i < 4; i++)
+            send_apdu ("0020008320"
+                       "40404040404040404040404040404040"
+                       "40404040404040404040404040404040", "VERIFY", 0xffff,
+                       NULL, NULL);
+
+          /* Send terminate datafile command.  */
+          err = send_apdu ("00e60000", "TERMINATE DF", 0x6985, NULL, NULL);
+          if (err)
+            goto leave;
+        }
+    }
+
+  if (!is_yubikey)
+    {
+      any_apdu = 1;
+      /* Send activate datafile command.  This is used without
+       * confirmation if the card is already in termination state.  */
+      err = send_apdu ("00440000", "ACTIVATE DF", 0, NULL, NULL);
+      if (err)
+        goto leave;
+    }
+
+  /* Finally we reset the card reader once more.  */
+  if (locked)
+    err = send_apdu ("reset-keep-lock", "reset", 0, NULL, NULL);
+  else
+    err = send_apdu (NULL, "RESET", 0, NULL, NULL);
+  if (err)
+    goto leave;
+
+  /* Then, connect the card again.  */
+  err = scd_serialno (NULL, NULL);
+  if (!err)
+    info->need_sn_cmd = 0;
+
+ leave:
+  if (err && any_apdu && !is_yubikey)
+    {
+      log_info ("Due to an error the card might be in an inconsistent state\n"
+                "You should run the LIST command to check this.\n");
+      /* FIXME: We need a better solution in the case that the card is
+       * in a termination state, i.e. the card was removed before the
+       * activate was sent.  The best solution I found with v2.1
+       * Zeitcontrol card was to kill scdaemon and the issue this
+       * sequence with gpg-connect-agent:
+       *   scd reset
+       *   scd serialno undefined
+       *   scd apdu 00A4040006D27600012401 (returns error)
+       *   scd apdu 00440000
+       * Then kill scdaemon again and issue:
+       *   scd reset
+       *   scd serialno openpgp
+       */
+    }
+  if (locked)
+    send_apdu ("unlock", "unlocking connection ", 0, NULL, NULL);
+  xfree (answer);
+  return err;
+}
+
+
+/* Generate KDF data.  This is a helper for cmd_kdfsetup.  */
+static gpg_error_t
+gen_kdf_data (unsigned char *data, int single_salt)
+{
+  gpg_error_t err;
+  const unsigned char h0[] = { 0x81, 0x01, 0x03,
+                               0x82, 0x01, 0x08,
+                               0x83, 0x04 };
+  const unsigned char h1[] = { 0x84, 0x08 };
+  const unsigned char h2[] = { 0x85, 0x08 };
+  const unsigned char h3[] = { 0x86, 0x08 };
+  const unsigned char h4[] = { 0x87, 0x20 };
+  const unsigned char h5[] = { 0x88, 0x20 };
+  unsigned char *p, *salt_user, *salt_admin;
+  unsigned char s2k_char;
+  unsigned int iterations;
+  unsigned char count_4byte[4];
+
+  p = data;
+
+  s2k_char = encode_s2k_iterations (agent_get_s2k_count ());
+  iterations = S2K_DECODE_COUNT (s2k_char);
+  count_4byte[0] = (iterations >> 24) & 0xff;
+  count_4byte[1] = (iterations >> 16) & 0xff;
+  count_4byte[2] = (iterations >>  8) & 0xff;
+  count_4byte[3] = (iterations & 0xff);
+
+  memcpy (p, h0, sizeof h0);
+  p += sizeof h0;
+  memcpy (p, count_4byte, sizeof count_4byte);
+  p += sizeof count_4byte;
+  memcpy (p, h1, sizeof h1);
+  salt_user = (p += sizeof h1);
+  gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
+  p += 8;
+
+  if (single_salt)
+    salt_admin = salt_user;
+  else
+    {
+      memcpy (p, h2, sizeof h2);
+      p += sizeof h2;
+      gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
+      p += 8;
+      memcpy (p, h3, sizeof h3);
+      salt_admin = (p += sizeof h3);
+      gcry_randomize (p, 8, GCRY_STRONG_RANDOM);
+      p += 8;
+    }
+
+  memcpy (p, h4, sizeof h4);
+  p += sizeof h4;
+  err = gcry_kdf_derive (OPENPGP_USER_PIN_DEFAULT,
+                         strlen (OPENPGP_USER_PIN_DEFAULT),
+                         GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
+                         salt_user, 8, iterations, 32, p);
+  p += 32;
+  if (!err)
+    {
+      memcpy (p, h5, sizeof h5);
+      p += sizeof h5;
+      err = gcry_kdf_derive (OPENPGP_ADMIN_PIN_DEFAULT,
+                             strlen (OPENPGP_ADMIN_PIN_DEFAULT),
+                             GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
+                             salt_admin, 8, iterations, 32, p);
+    }
+
+  return err;
+}
+
+
+static gpg_error_t
+cmd_kdfsetup (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  unsigned char kdf_data[OPENPGP_KDF_DATA_LENGTH_MAX];
+  int single = (*argstr != 0);
+
+  if (!info)
+    return print_help
+      ("KDF-SETUP\n\n"
+       "Prepare the OpenPGP card KDF feature for this card.",
+       APP_TYPE_OPENPGP, 0);
+
+  if (info->apptype != APP_TYPE_OPENPGP)
+    {
+      log_info ("Note: This is an OpenPGP only command.\n");
+      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+    }
+
+  if (!info->extcap.kdf)
+    {
+      log_error (_("This command is not supported by this card\n"));
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  err = gen_kdf_data (kdf_data, single);
+  if (err)
+    goto leave;
+
+  err = scd_setattr ("KDF", kdf_data,
+                     single ? OPENPGP_KDF_DATA_LENGTH_MIN
+                     /* */  : OPENPGP_KDF_DATA_LENGTH_MAX);
+  if (err)
+    goto leave;
+
+  err = scd_getattr ("KDF", info);
+
+ leave:
+  return err;
+}
+
+
+
+static void
+show_keysize_warning (void)
+{
+  static int shown;
+
+  if (shown)
+    return;
+  shown = 1;
+  tty_printf
+    (_("Note: There is no guarantee that the card supports the requested\n"
+       "      key type or size.  If the key generation does not succeed,\n"
+       "      please check the documentation of your card to see which\n"
+       "      key types and sizes are supported.\n")
+     );
+}
+
+
+static gpg_error_t
+cmd_uif (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  int keyno;
+  char name[50];
+  unsigned char data[2];
+  char *answer = NULL;
+  int opt_yes;
+
+  if (!info)
+    return print_help
+      ("UIF N [on|off|permanent]\n\n"
+       "Change the User Interaction Flag.  N must in the range 1 to 3.",
+       APP_TYPE_OPENPGP, APP_TYPE_PIV, 0);
+
+  if (!info->extcap.bt)
+    {
+      log_error (_("This command is not supported by this card\n"));
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  opt_yes = has_leading_option (argstr, "--yes");
+  argstr = skip_options (argstr);
+
+  if (digitp (argstr))
+    {
+      keyno = atoi (argstr);
+      while (digitp (argstr))
+        argstr++;
+      while (spacep (argstr))
+        argstr++;
+    }
+  else
+    keyno = 0;
+
+  if (keyno < 1 || keyno > 3)
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if ( !strcmp (argstr, "off") )
+    data[0] = 0x00;
+  else if ( !strcmp (argstr, "on") )
+    data[0] = 0x01;
+  else if ( !strcmp (argstr, "permanent") )
+    data[0] = 0x02;
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+  data[1] = 0x20;
+
+
+  log_assert (keyno - 1 < DIM(info->uif));
+  if (info->uif[keyno-1] == 2)
+    {
+      log_info (_("User Interaction Flag is set to \"%s\" - can't change\n"),
+                "permanent");
+      err = gpg_error (GPG_ERR_INV_STATE);
+      goto leave;
+    }
+
+  if (data[0] == 0x02)
+    {
+      if (opt.interactive)
+        {
+          tty_printf (_("Warning: Setting the User Interaction Flag to \"%s\"\n"
+                        "         can only be reverted using a factory reset!\n"
+                        ), "permanent");
+          answer = tty_get (_("Continue? (y/N) "));
+          tty_kill_prompt ();
+          if (*answer == CONTROL_D)
+            err = gpg_error (GPG_ERR_CANCELED);
+          else if (!answer_is_yes_no_default (answer, 0/*(default to No)*/))
+            err = gpg_error (GPG_ERR_CANCELED);
+          else
+            err = 0;
+        }
+      else if (!opt_yes)
+        {
+          log_info (_("Warning: Setting the User Interaction Flag to \"%s\"\n"
+                      "         can only be reverted using a factory reset!\n"
+                      ), "permanent");
+          log_info (_("Please use \"uif --yes %d %s\"\n"),
+                    keyno, "permanent");
+          err = gpg_error (GPG_ERR_CANCELED);
+        }
+      else
+        err = 0;
+
+      if (err)
+        goto leave;
+    }
+
+  snprintf (name, sizeof name, "UIF-%d", keyno);
+  err = scd_setattr (name, data, 2);
+  if (!err) /* Read all UIF attributes again.  */
+    err = scd_getattr ("UIF", info);
+
+ leave:
+  xfree (answer);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_yubikey (card_info_t info, char *argstr)
+{
+  gpg_error_t err, err2;
+  estream_t fp = opt.interactive? NULL : es_stdout;
+  const char *words[20];
+  int nwords;
+
+  if (!info)
+    return print_help
+      ("YUBIKEY <cmd> args\n\n"
+       "Various commands pertaining to Yubikey tokens with <cmd> being:\n"
+       "\n"
+       "  LIST \n"
+       "\n"
+       "List supported and enabled applications.\n"
+       "\n"
+       "  ENABLE  usb|nfc|all [otp|u2f|opgp|piv|oath|fido2|all]\n"
+       "  DISABLE usb|nfc|all [otp|u2f|opgp|piv|oath|fido2|all]\n"
+       "\n"
+       "Enable or disable the specified or all applications on the\n"
+       "given interface.",
+       0);
+
+  argstr = skip_options (argstr);
+
+  if (!info->cardtype || strcmp (info->cardtype, "yubikey"))
+    {
+      log_info ("This command can only be used with Yubikeys.\n");
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto leave;
+    }
+
+  nwords = split_fields (argstr, words, DIM (words));
+  if (nwords < 1)
+    {
+      err = gpg_error (GPG_ERR_SYNTAX);
+      goto leave;
+    }
+
+
+  /* Note that we always do a learn to get a chance to the card back
+   * into a usable state.  */
+  err = yubikey_commands (info, fp, nwords, words);
+  err2 = scd_learn (info, 0);
+  if (err2)
+    log_error ("Error re-reading card: %s\n", gpg_strerror (err));
+
+ leave:
+  return err;
+}
+
+
+static gpg_error_t
+cmd_apdu (card_info_t info, char *argstr)
+{
+  gpg_error_t err;
+  estream_t fp = opt.interactive? NULL : es_stdout;
+  int with_atr;
+  int handle_more;
+  const char *s;
+  const char  *exlenstr;
+  int exlenstrlen;
+  char *options = NULL;
+  unsigned int sw;
+  unsigned char *result = NULL;
+  size_t i, j, resultlen;
+
+  if (!info)
+    return print_help
+      ("APDU [--more] [--exlen[=N]] <hexstring>\n"
+       "\n"
+       "Send an APDU to the current card.  This command bypasses the high\n"
+       "level functions and sends the data directly to the card.  HEXSTRING\n"
+       "is expected to be a proper APDU.\n"
+       "\n"
+       "Using the option \"--more\" handles the card status word MORE_DATA\n"
+       "(61xx) and concatenates all responses to one block.\n"
+       "\n"
+       "Using the option \"--exlen\" the returned APDU may use extended\n"
+       "length up to N bytes.  If N is not given a default value is used.\n",
+       0);
+
+  if (has_option (argstr, "--dump-atr"))
+    with_atr = 2;
+  else
+    with_atr = has_option (argstr, "--atr");
+  handle_more = has_option (argstr, "--more");
+
+  exlenstr = has_option_name (argstr, "--exlen");
+  exlenstrlen = 0;
+  if (exlenstr)
+    {
+      for (s=exlenstr; *s && !spacep (s); s++)
+        exlenstrlen++;
+    }
+
+  argstr = skip_options (argstr);
+
+  if (with_atr || handle_more || exlenstr)
+    options = xasprintf ("%s%s%s%.*s",
+                         with_atr == 2? " --dump-atr":
+                         with_atr? " --data-atr":"",
+                         handle_more?" --more":"",
+                         exlenstr?" --exlen=":"",
+                         exlenstrlen, exlenstr?exlenstr:"");
+
+  err = scd_apdu (argstr, options, &sw, &result, &resultlen);
+  if (err)
+    goto leave;
+  if (!with_atr)
+    {
+      if (opt.interactive || opt.verbose)
+        {
+          char *p = scd_apdu_strerror (sw);
+          log_info ("Statusword: 0x%04x (%s)\n", sw, p? p: "?");
+          xfree (p);
+        }
+      else
+        log_info ("Statusword: 0x%04x\n", sw);
+    }
+  for (i=0; i < resultlen; )
+    {
+      size_t save_i = i;
+
+      tty_fprintf (fp, "D[%04X] ", (unsigned int)i);
+      for (j=0; j < 16 ; j++, i++)
+        {
+          if (j == 8)
+            tty_fprintf (fp, " ");
+          if (i < resultlen)
+            tty_fprintf (fp, " %02X", result[i]);
+          else
+            tty_fprintf (fp, "   ");
+        }
+      tty_fprintf (fp, "   ");
+      i = save_i;
+      for (j=0; j < 16; j++, i++)
+        {
+          unsigned int c = result[i];
+          if ( i >= resultlen )
+            tty_fprintf (fp, " ");
+          else if (isascii (c) && isprint (c) && !iscntrl (c))
+            tty_fprintf (fp, "%c", c);
+          else
+            tty_fprintf (fp, ".");
+        }
+      tty_fprintf (fp, "\n");
+    }
+
+ leave:
+  xfree (result);
+  xfree (options);
+  return err;
+}
+
+
+static gpg_error_t
+cmd_history (card_info_t info, char *argstr)
+{
+  int opt_list, opt_clear;
+
+  opt_list  = has_option (argstr, "--list");
+  opt_clear = has_option (argstr, "--clear");
+
+  if (!info || !(opt_list || opt_clear))
+    return print_help
+      ("HISTORY --list\n"
+       "   List the command history\n"
+       "HISTORY --clear\n"
+       "   Clear the command history",
+       0);
+
+  if (opt_list)
+    tty_printf ("Sorry, history listing not yet possible\n");
+
+  if (opt_clear)
+    tty_read_history (NULL, 0);
+
+  return 0;
+}
+
+
+
+
+/* Data used by the command parser.  This needs to be outside of the
+ * function scope to allow readline based command completion.  */
+enum cmdids
+  {
+    cmdNOP = 0,
+    cmdQUIT, cmdHELP, cmdLIST, cmdRESET, cmdVERIFY,
+    cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSALUT, cmdCAFPR,
+    cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
+    cmdREADCERT, cmdWRITEKEY,  cmdUNBLOCK, cmdFACTRST, cmdKDFSETUP,
+    cmdUIF, cmdAUTH, cmdYUBIKEY, cmdAPDU, cmdHISTORY,
+    cmdINVCMD
+  };
+
+static struct
+{
+  const char *name;
+  enum cmdids id;
+  const char *desc;
+} cmds[] = {
+  { "quit"    ,  cmdQUIT,       N_("quit this menu")},
+  { "q"       ,  cmdQUIT,       NULL },
+  { "bye"     ,  cmdQUIT,       NULL },
+  { "help"    ,  cmdHELP,       N_("show this help")},
+  { "?"       ,  cmdHELP,       NULL },
+  { "list"    ,  cmdLIST,       N_("list all available data")},
+  { "l"       ,  cmdLIST,       NULL },
+  { "name"    ,  cmdNAME,       N_("change card holder's name")},
+  { "url"     ,  cmdURL,        N_("change URL to retrieve key")},
+  { "fetch"   ,  cmdFETCH,      N_("fetch the key specified in the card URL")},
+  { "login"   ,  cmdLOGIN,      N_("change the login name")},
+  { "lang"    ,  cmdLANG,       N_("change the language preferences")},
+  { "salutation",cmdSALUT,      N_("change card holder's salutation")},
+  { "salut"   ,  cmdSALUT,      NULL },
+  { "cafpr"   ,  cmdCAFPR ,     N_("change a CA fingerprint")},
+  { "forcesig",  cmdFORCESIG,   N_("toggle the signature force PIN flag")},
+  { "generate",  cmdGENERATE,   N_("generate new keys")},
+  { "passwd"  ,  cmdPASSWD,     N_("menu to change or unblock the PIN")},
+  { "verify"  ,  cmdVERIFY,     N_("verify the PIN and list all data")},
+  { "unblock" ,  cmdUNBLOCK,    N_("unblock the PIN using a Reset Code")},
+  { "authenticate",cmdAUTH,     N_("authenticate to the card")},
+  { "auth"    ,  cmdAUTH,       NULL },
+  { "reset"   ,  cmdRESET,      N_("send a reset to the card daemon")},
+  { "factory-reset",cmdFACTRST, N_("destroy all keys and data")},
+  { "kdf-setup", cmdKDFSETUP,   N_("setup KDF for PIN authentication")},
+  { "uif",       cmdUIF,        N_("change the User Interaction Flag")},
+  { "privatedo", cmdPRIVATEDO,  N_("change a private data object")},
+  { "readcert",  cmdREADCERT,   N_("read a certificate from a data object")},
+  { "writecert", cmdWRITECERT,  N_("store a certificate to a data object")},
+  { "writekey",  cmdWRITEKEY,   N_("store a private key to a data object")},
+  { "yubikey",   cmdYUBIKEY,    N_("Yubikey management commands")},
+  { "apdu",      cmdAPDU,       NULL},
+  { "history",   cmdHISTORY,    N_("manage the command history")},
+  { NULL, cmdINVCMD, NULL }
+};
+
+
+/* The command line command dispatcher.  */
+static gpg_error_t
+dispatch_command (card_info_t info, const char *orig_command)
+{
+  gpg_error_t err = 0;
+  enum cmdids cmd;             /* The command.  */
+  char *command;               /* A malloced copy of ORIG_COMMAND.  */
+  char *argstr;                /* The argument as a string.  */
+  int i;
+  int ignore_error;
+
+  if ((ignore_error = *orig_command == '-'))
+    orig_command++;
+  command = xstrdup (orig_command);
+  argstr = NULL;
+  if ((argstr = strchr (command, ' ')))
+    {
+      *argstr++ = 0;
+      trim_spaces (command);
+      trim_spaces (argstr);
+    }
+
+  for (i=0; cmds[i].name; i++ )
+    if (!ascii_strcasecmp (command, cmds[i].name ))
+      break;
+  cmd = cmds[i].id; /* (If not found this will be cmdINVCMD). */
+
+  /* Make sure we have valid strings for the args.  They are allowed
+   * to be modified and must thus point to a buffer.  */
+  if (!argstr)
+    argstr = command + strlen (command);
+
+  /* For most commands we need to make sure that we have a card.  */
+  if (!info)
+    ;  /* Help mode */
+  else if (!(cmd == cmdNOP || cmd == cmdQUIT || cmd == cmdHELP
+             || cmd == cmdINVCMD)
+           && !info->initialized)
+    {
+      err = scd_learn (info, 0);
+      if (err)
+        {
+          err = fixup_scd_errors (err);
+          log_error ("Error reading card: %s\n", gpg_strerror (err));
+          goto leave;
+        }
+    }
+
+  if (info)
+    info->card_removed = 0;
+
+  switch (cmd)
+    {
+    case cmdNOP:
+      if (!info)
+        print_help ("NOP\n\n"
+                    "Dummy command.", 0);
+      break;
+
+    case cmdQUIT:
+      if (!info)
+        print_help ("QUIT\n\n"
+                    "Stop processing.", 0);
+      else
+        {
+          err = gpg_error (GPG_ERR_EOF);
+          goto leave;
+        }
+      break;
+
+    case cmdHELP:
+      if (!info)
+        print_help ("HELP [command]\n\n"
+                    "Show all commands.  With an argument show help\n"
+                    "for that command.", 0);
+      else if (*argstr)
+        dispatch_command (NULL, argstr);
+      else
+        {
+          es_printf
+            ("List of commands (\"help <command>\" for details):\n");
+          for (i=0; cmds[i].name; i++ )
+            if(cmds[i].desc)
+              es_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
+          es_printf ("Prefix a command with a dash to ignore its error.\n");
+        }
+      break;
+
+    case cmdRESET:
+      if (!info)
+        print_help ("RESET\n\n"
+                    "Send a RESET to the card daemon.", 0);
+      else
+        {
+          flush_keyblock_cache ();
+          err = scd_apdu (NULL, NULL, NULL, NULL, NULL);
+          if (!err)
+            info->need_sn_cmd = 1;
+        }
+      break;
+
+    case cmdLIST:         err = cmd_list (info, argstr); break;
+    case cmdVERIFY:       err = cmd_verify (info, argstr); break;
+    case cmdAUTH:         err = cmd_authenticate (info, argstr); break;
+    case cmdNAME:         err = cmd_name (info, argstr); break;
+    case cmdURL:          err = cmd_url (info, argstr);  break;
+    case cmdFETCH:        err = cmd_fetch (info);  break;
+    case cmdLOGIN:        err = cmd_login (info, argstr); break;
+    case cmdLANG:         err = cmd_lang (info, argstr); break;
+    case cmdSALUT:        err = cmd_salut (info, argstr); break;
+    case cmdCAFPR:        err = cmd_cafpr (info, argstr); break;
+    case cmdPRIVATEDO:    err = cmd_privatedo (info, argstr); break;
+    case cmdWRITECERT:    err = cmd_writecert (info, argstr); break;
+    case cmdREADCERT:     err = cmd_readcert (info, argstr); break;
+    case cmdWRITEKEY:     err = cmd_writekey (info, argstr); break;
+    case cmdFORCESIG:     err = cmd_forcesig (info); break;
+    case cmdGENERATE:     err = cmd_generate (info, argstr); break;
+    case cmdPASSWD:       err = cmd_passwd (info, argstr); break;
+    case cmdUNBLOCK:      err = cmd_unblock (info); break;
+    case cmdFACTRST:      err = cmd_factoryreset (info); break;
+    case cmdKDFSETUP:     err = cmd_kdfsetup (info, argstr); break;
+    case cmdUIF:          err = cmd_uif (info, argstr); break;
+    case cmdYUBIKEY:      err = cmd_yubikey (info, argstr); break;
+    case cmdAPDU:         err = cmd_apdu (info, argstr); break;
+    case cmdHISTORY:      err = 0; break; /* Only used in interactive mode.  */
+
+    case cmdINVCMD:
+    default:
+      log_error (_("Invalid command  (try \"help\")\n"));
+      break;
+    } /* End command switch. */
+
+
+ leave:
+  /* Return GPG_ERR_EOF only if its origin was "quit".  */
+  es_fflush (es_stdout);
+  if (gpg_err_code (err) == GPG_ERR_EOF && cmd != cmdQUIT)
+    err = gpg_error (GPG_ERR_GENERAL);
+
+  if (!err && info && info->card_removed)
+    {
+      info->card_removed = 0;
+      info->need_sn_cmd = 1;
+      err = gpg_error (GPG_ERR_CARD_REMOVED);
+    }
+
+  if (err && gpg_err_code (err) != GPG_ERR_EOF)
+    {
+      err = fixup_scd_errors (err);
+      if (ignore_error)
+        {
+          log_info ("Command '%s' failed: %s\n", command, gpg_strerror (err));
+          err = 0;
+        }
+      else
+        {
+          log_error ("Command '%s' failed: %s\n", command, gpg_strerror (err));
+          if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
+            info->need_sn_cmd = 1;
+        }
+    }
+  xfree (command);
+
+  return err;
+}
+
+
+/* The interactive main loop.  */
+static void
+interactive_loop (void)
+{
+  gpg_error_t err;
+  char *answer = NULL;         /* The input line.  */
+  enum cmdids cmd = cmdNOP;    /* The command.  */
+  char *argstr;                /* The argument as a string.  */
+  int redisplay = 1;           /* Whether to redisplay the main info.  */
+  char *help_arg = NULL;       /* Argument of the HELP command.         */
+  struct card_info_s info_buffer = { 0 };
+  card_info_t info = &info_buffer;
+  char *p;
+  int i;
+  char *historyname = NULL;
+
+  /* In the interactive mode we do not want to print the program prefix.  */
+  log_set_prefix (NULL, 0);
+
+  if (!opt.no_history)
+    {
+      historyname = make_filename (gnupg_homedir (), HISTORYNAME, NULL);
+      if (tty_read_history (historyname, 500))
+        log_info ("error reading '%s': %s\n",
+                  historyname, gpg_strerror (gpg_error_from_syserror ()));
+    }
+
+  for (;;)
+    {
+      if (help_arg)
+        {
+          /* Clear info to indicate helpmode */
+          info = NULL;
+        }
+      else if (!info)
+        {
+          /* Get out of help.  */
+          info = &info_buffer;
+          help_arg = NULL;
+          redisplay = 0;
+        }
+      else if (redisplay)
+        {
+          err = cmd_list (info, "");
+          if (err)
+            {
+              err = fixup_scd_errors (err);
+              log_error ("Error reading card: %s\n", gpg_strerror (err));
+            }
+          else
+            {
+              tty_printf("\n");
+              redisplay = 0;
+            }
+	}
+
+      if (!info)
+        {
+          /* Copy the pending help arg into our answer.  Note that
+           * help_arg points into answer.  */
+          p = xstrdup (help_arg);
+          help_arg = NULL;
+          xfree (answer);
+          answer = p;
+        }
+      else
+        {
+          do
+            {
+              xfree (answer);
+              tty_enable_completion (command_completion);
+              answer = tty_get (_("gpg/card> "));
+              tty_kill_prompt();
+              tty_disable_completion ();
+              trim_spaces(answer);
+            }
+          while ( *answer == '#' );
+        }
+
+      argstr = NULL;
+      if (!*answer)
+        cmd = cmdLIST; /* We default to the list command */
+      else if (*answer == CONTROL_D)
+        cmd = cmdQUIT;
+      else
+        {
+          if ((argstr = strchr (answer,' ')))
+            {
+              *argstr++ = 0;
+              trim_spaces (answer);
+              trim_spaces (argstr);
+            }
+
+          for (i=0; cmds[i].name; i++ )
+            if (!ascii_strcasecmp (answer, cmds[i].name ))
+              break;
+
+          cmd = cmds[i].id;
+        }
+
+      /* Make sure we have valid strings for the args.  They are
+       * allowed to be modified and must thus point to a buffer.  */
+      if (!argstr)
+        argstr = answer + strlen (answer);
+
+      if (!(cmd == cmdNOP || cmd == cmdQUIT || cmd == cmdHELP
+            || cmd == cmdHISTORY || cmd == cmdINVCMD))
+        {
+          /* If redisplay is set we know that there was an error reading
+           * the card.  In this case we force a LIST command to retry.  */
+          if (!info)
+            ; /* In help mode.  */
+          else if (redisplay)
+            {
+              cmd = cmdLIST;
+            }
+          else if (!info->serialno)
+            {
+              /* Without a serial number most commands won't work.
+               * Catch it here.  */
+              if (cmd == cmdRESET || cmd == cmdLIST)
+                info->need_sn_cmd = 1;
+              else
+                {
+                  tty_printf ("\n");
+                  tty_printf ("Serial number missing\n");
+                  continue;
+                }
+            }
+        }
+
+      if (info)
+        info->card_removed = 0;
+      err = 0;
+      switch (cmd)
+        {
+        case cmdNOP:
+          if (!info)
+            print_help ("NOP\n\n"
+                        "Dummy command.", 0);
+          break;
+
+        case cmdQUIT:
+          if (!info)
+            print_help ("QUIT\n\n"
+                        "Leave this tool.", 0);
+          else
+            {
+              tty_printf ("\n");
+              goto leave;
+            }
+          break;
+
+        case cmdHELP:
+          if (!info)
+            print_help ("HELP [command]\n\n"
+                        "Show all commands.  With an argument show help\n"
+                        "for that command.", 0);
+          else if (*argstr)
+            help_arg = argstr; /* Trigger help for a command.  */
+          else
+            {
+              tty_printf
+                ("List of commands (\"help <command>\" for details):\n");
+              for (i=0; cmds[i].name; i++ )
+                if(cmds[i].desc)
+                  tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
+            }
+          break;
+
+        case cmdRESET:
+          if (!info)
+            print_help ("RESET\n\n"
+                        "Send a RESET to the card daemon.", 0);
+          else
+            {
+              flush_keyblock_cache ();
+              err = scd_apdu (NULL, NULL, NULL, NULL, NULL);
+              if (!err)
+                info->need_sn_cmd = 1;
+            }
+          break;
+
+        case cmdLIST:      err = cmd_list (info, argstr); break;
+        case cmdVERIFY:
+          err = cmd_verify (info, argstr);
+          if (!err)
+            redisplay = 1;
+          break;
+        case cmdAUTH:      err = cmd_authenticate (info, argstr); break;
+        case cmdNAME:      err = cmd_name (info, argstr); break;
+        case cmdURL:       err = cmd_url (info, argstr);  break;
+	case cmdFETCH:     err = cmd_fetch (info);  break;
+        case cmdLOGIN:     err = cmd_login (info, argstr); break;
+        case cmdLANG:      err = cmd_lang (info, argstr); break;
+        case cmdSALUT:     err = cmd_salut (info, argstr); break;
+        case cmdCAFPR:     err = cmd_cafpr (info, argstr); break;
+        case cmdPRIVATEDO: err = cmd_privatedo (info, argstr); break;
+        case cmdWRITECERT: err = cmd_writecert (info, argstr); break;
+        case cmdREADCERT:  err = cmd_readcert (info, argstr); break;
+        case cmdWRITEKEY:  err = cmd_writekey (info, argstr); break;
+        case cmdFORCESIG:  err = cmd_forcesig (info); break;
+        case cmdGENERATE:  err = cmd_generate (info, argstr); break;
+        case cmdPASSWD:    err = cmd_passwd (info, argstr); break;
+        case cmdUNBLOCK:   err = cmd_unblock (info); break;
+        case cmdFACTRST:
+          err = cmd_factoryreset (info);
+          if (!err)
+            redisplay = 1;
+          break;
+        case cmdKDFSETUP:  err = cmd_kdfsetup (info, argstr); break;
+        case cmdUIF:       err = cmd_uif (info, argstr); break;
+        case cmdYUBIKEY:   err = cmd_yubikey (info, argstr); break;
+        case cmdAPDU:      err = cmd_apdu (info, argstr); break;
+        case cmdHISTORY:   err = cmd_history (info, argstr); break;
+
+        case cmdINVCMD:
+        default:
+          tty_printf ("\n");
+          tty_printf (_("Invalid command  (try \"help\")\n"));
+          break;
+        } /* End command switch. */
+
+      if (!err && info && info->card_removed)
+        {
+          info->card_removed = 0;
+          info->need_sn_cmd = 1;
+          err = gpg_error (GPG_ERR_CARD_REMOVED);
+        }
+
+      if (gpg_err_code (err) == GPG_ERR_CANCELED)
+        tty_fprintf (NULL, "\n");
+      else if (err)
+        {
+          const char *s = "?";
+          for (i=0; cmds[i].name; i++ )
+            if (cmd == cmds[i].id)
+              {
+                s = cmds[i].name;
+                break;
+              }
+
+          err = fixup_scd_errors (err);
+          log_error ("Command '%s' failed: %s\n", s, gpg_strerror (err));
+          if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
+            info->need_sn_cmd = 1;
+        }
+
+    } /* End of main menu loop. */
+
+ leave:
+  if (historyname && tty_write_history (historyname))
+    log_info ("error writing '%s': %s\n",
+              historyname, gpg_strerror (gpg_error_from_syserror ()));
+
+  release_card_info (info);
+  xfree (historyname);
+  xfree (answer);
+}
+
+#ifdef HAVE_LIBREADLINE
+/* Helper function for readline's command completion. */
+static char *
+command_generator (const char *text, int state)
+{
+  static int list_index, len;
+  const char *name;
+
+  /* If this is a new word to complete, initialize now.  This includes
+   * saving the length of TEXT for efficiency, and initializing the
+   index variable to 0. */
+  if (!state)
+    {
+      list_index = 0;
+      len = strlen(text);
+    }
+
+  /* Return the next partial match */
+  while ((name = cmds[list_index].name))
+    {
+      /* Only complete commands that have help text. */
+      if (cmds[list_index++].desc && !strncmp (name, text, len))
+	return strdup(name);
+    }
+
+  return NULL;
+}
+
+/* Second helper function for readline's command completion.  */
+static char **
+command_completion (const char *text, int start, int end)
+{
+  (void)end;
+
+  /* If we are at the start of a line, we try and command-complete.
+   * If not, just do nothing for now.  The support for help completion
+   * needs to be more smarter. */
+  if (!start)
+    return rl_completion_matches (text, command_generator);
+  else if (start == 5 && !ascii_strncasecmp (rl_line_buffer, "help ", 5))
+    return rl_completion_matches (text, command_generator);
+
+  rl_attempted_completion_over = 1;
+
+  return NULL;
+}
+#endif /*HAVE_LIBREADLINE*/
diff --git a/tools/gpg-card.h b/tools/gpg-card.h
new file mode 100644
index 0000000..0407da1
--- /dev/null
+++ b/tools/gpg-card.h
@@ -0,0 +1,259 @@
+/* gpg-card.h - Common definitions for the gpg-card-tool
+ * Copyright (C) 2019, 2020 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef GNUPG_GPG_CARD_H
+#define GNUPG_GPG_CARD_H
+
+#include "../common/session-env.h"
+#include "../common/strlist.h"
+
+
+/* We keep all global options in the structure OPT.  */
+EXTERN_UNLESS_MAIN_MODULE
+struct
+{
+  int interactive;
+  int verbose;
+  unsigned int debug;
+  int quiet;
+  int with_colons;
+  const char *gpg_program;
+  const char *gpgsm_program;
+  const char *agent_program;
+  int autostart;
+
+  int no_key_lookup;  /* Assume --no-key-lookup for "list".  */
+
+  int no_history;     /* Do not use the command line history.  */
+
+  /* Options passed to the gpg-agent: */
+  session_env_t session_env;
+  char *lc_ctype;
+  char *lc_messages;
+
+} opt;
+
+/* Debug values and macros.  */
+#define DBG_IPC_VALUE      1024 /* Debug assuan communication.  */
+#define DBG_EXTPROG_VALUE 16384 /* Debug external program calls */
+
+#define DBG_IPC       (opt.debug & DBG_IPC_VALUE)
+#define DBG_EXTPROG   (opt.debug & DBG_EXTPROG_VALUE)
+
+/* The maximum length of a binary fingerprint.  */
+#define MAX_FINGERPRINT_LEN  32
+
+
+/*
+ * Data structures to store keyblocks (aka certificates).
+ */
+struct pubkey_s
+{
+  struct pubkey_s *next;   /* The next key.  */
+  unsigned char grip[KEYGRIP_LEN];
+  unsigned char fpr[MAX_FINGERPRINT_LEN];
+  unsigned char fprlen;     /* The used length of a FPR.  */
+  time_t created;           /* The creation date of the key.  */
+  unsigned int grip_valid:1;/* The grip is valid.  */
+  unsigned int requested: 1;/* This is the requested grip.  */
+};
+typedef struct pubkey_s *pubkey_t;
+
+struct userid_s
+{
+  struct userid_s *next;
+  char *value;   /* Malloced.  */
+};
+typedef struct userid_s *userid_t;
+
+struct keyblock_s
+{
+  struct keyblock_s *next;  /* Allow to link several keyblocks.  */
+  int protocol;      /* GPGME_PROTOCOL_OPENPGP or _CMS. */
+  pubkey_t keys;     /* The key.  For OpenPGP primary + list of subkeys.  */
+  userid_t uids;     /* The list of user ids.  */
+};
+typedef struct keyblock_s *keyblock_t;
+
+
+
+/* Enumeration of the known card application types. */
+typedef enum
+  {
+   APP_TYPE_NONE,        /* Not yet known or for direct APDU sending.  */
+   APP_TYPE_OPENPGP,
+   APP_TYPE_NKS,
+   APP_TYPE_DINSIG,
+   APP_TYPE_P15,
+   APP_TYPE_GELDKARTE,
+   APP_TYPE_SC_HSM,
+   APP_TYPE_PIV,
+   APP_TYPE_UNKNOWN      /* Unknown by this tool.  */
+  } app_type_t;
+
+
+/* An object to store information pertaining to a key pair as stored
+ * on a card.  This is commonly used as a linked list with all keys
+ * known for the current card.  */
+struct key_info_s
+{
+  struct key_info_s *next;
+
+  unsigned char grip[20];/* The keygrip.  */
+
+  unsigned char xflag;   /* Temporary flag to help processing a list. */
+
+  /* OpenPGP card and possible other cards keyalgo string (an atom)
+   * and the id of the algorithm. */
+  const char *keyalgo;
+  enum gcry_pk_algos keyalgo_id;
+
+  /* An optional malloced label for the key.  */
+  char *label;
+
+  /* The three next items are mostly useful for OpenPGP cards.  */
+  unsigned char fprlen;  /* Use length of the next item.  */
+  unsigned char fpr[32]; /* The binary fingerprint of length FPRLEN.  */
+  u32 created;           /* The time the key was created.  */
+  unsigned int usage;    /* Usage flags.  (GCRY_PK_USAGE_*) */
+  char keyref[1];        /* String with the keyref (e.g. OPENPGP.1).  */
+};
+typedef struct key_info_s *key_info_t;
+
+
+/*
+ * The object used to store information about a card.
+ */
+struct card_info_s
+{
+  int initialized;   /* True if a learn command was successful. */
+  int need_sn_cmd;   /* The SERIALNO command needs to be issued.  */
+  int card_removed;  /* Helper flag set by some listing functions.  */
+  int error;         /* private. */
+  char *reader;      /* Reader information.  */
+  char *cardtype;    /* NULL or type of the card.  */
+  unsigned int cardversion; /* Firmware version of the card.  */
+  char *apptypestr;  /* Malloced application type string.  */
+  app_type_t apptype;/* Translated from APPTYPESTR.  */
+  unsigned int appversion; /* Version of the application.  */
+  unsigned int manufacturer_id;
+  char *manufacturer_name; /* malloced. */
+  char *serialno;    /* malloced hex string. */
+  char *dispserialno;/* malloced string. */
+  char *disp_name;   /* malloced. */
+  char *disp_lang;   /* malloced. */
+  int  disp_sex;     /* 0 = unspecified, 1 = male, 2 = female */
+  char *pubkey_url;  /* malloced. */
+  char *login_data;  /* malloced. */
+  char *private_do[4]; /* malloced. */
+  char cafpr1len;     /* Length of the CA-fingerprint or 0 if invalid.  */
+  char cafpr2len;
+  char cafpr3len;
+  char cafpr1[20];
+  char cafpr2[20];
+  char cafpr3[20];
+  key_info_t kinfo;  /* Linked list with all keypair related data.  */
+  unsigned long sig_counter;
+  int chv1_cached;   /* For openpgp this is true if a PIN is not
+                        required for each signing.  Note that the
+                        gpg-agent might cache it anyway. */
+  int is_v2;         /* True if this is a v2 openpgp card.  */
+  byte nchvmaxlen;   /* Number of valid items in CHVMAXLEN.  */
+  int chvmaxlen[4];  /* Maximum allowed length of a CHV. */
+  byte nchvinfo;     /* Number of valid items in CHVINFO.  */
+  int chvinfo[4];    /* Allowed retries for the CHV; 0 = blocked. */
+  char *chvlabels;   /* Malloced String with CHV labels.  */
+  unsigned char chvusage[2]; /* Data object 5F2F */
+  struct {
+    unsigned int ki:1;     /* Key import available.  */
+    unsigned int aac:1;    /* Algorithm attributes are changeable.  */
+    unsigned int kdf:1;    /* KDF object to support PIN hashing available.  */
+    unsigned int bt:1;     /* Button for confirmation available.     */
+    unsigned int sm:1;     /* Secure messaging available.            */
+    unsigned int smalgo:15;/* Secure messaging cipher algorithm.     */
+    unsigned int private_dos:1;/* Support fpr private use DOs.       */
+    unsigned int mcl3:16;  /* Max. length for a OpenPGP card cert.3  */
+  } extcap;
+  unsigned int status_indicator;
+  int kdf_do_enabled;      /* True if card has a KDF object.  */
+  int uif[3];              /* True if User Interaction Flag is on.   */
+                           /* 1 = on, 2 = permanent on.              */
+  strlist_t supported_keyalgo[3];
+};
+typedef struct card_info_s *card_info_t;
+
+
+/*-- card-keys.c --*/
+void release_keyblock (keyblock_t keyblock);
+void flush_keyblock_cache (void);
+gpg_error_t get_matching_keys (const unsigned char *keygrip, int protocol,
+                               keyblock_t *r_keyblock);
+gpg_error_t test_get_matching_keys (const char *hexgrip);
+gpg_error_t get_minimal_openpgp_key (estream_t *r_key, const char *fingerprint);
+
+
+/*-- card-misc.c --*/
+key_info_t find_kinfo (card_info_t info, const char *keyref);
+void *hex_to_buffer (const char *string, size_t *r_length);
+gpg_error_t send_apdu (const char *hexapdu, const char *desc,
+                       unsigned int ignore,
+                       unsigned char **r_data, size_t *r_datalen);
+
+/*-- card-call-scd.c --*/
+void release_card_info (card_info_t info);
+const char *app_type_string (app_type_t app_type);
+
+gpg_error_t scd_apdu (const char *hexapdu, const char *options,
+                      unsigned int *r_sw,
+                      unsigned char **r_data, size_t *r_datalen);
+
+gpg_error_t scd_switchcard (const char *serialno);
+gpg_error_t scd_switchapp (const char *appname);
+
+gpg_error_t scd_learn (card_info_t info, int reread);
+gpg_error_t scd_getattr (const char *name, struct card_info_s *info);
+gpg_error_t scd_setattr (const char *name,
+                         const unsigned char *value, size_t valuelen);
+gpg_error_t scd_writecert (const char *certidstr,
+                           const unsigned char *certdata, size_t certdatalen);
+gpg_error_t scd_writekey (const char *keyref, int force, const char *keygrip);
+gpg_error_t scd_genkey (const char *keyref, int force, const char *algo,
+                        u32 *createtime);
+gpg_error_t scd_serialno (char **r_serialno, const char *demand);
+
+gpg_error_t scd_readcert (const char *certidstr,
+                          void **r_buf, size_t *r_buflen);
+gpg_error_t scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result);
+gpg_error_t scd_cardlist (strlist_t *result);
+gpg_error_t scd_applist (strlist_t *result, int all);
+gpg_error_t scd_change_pin (const char *pinref, int reset_mode, int nullpin);
+gpg_error_t scd_checkpin (const char *serialno);
+
+unsigned long agent_get_s2k_count (void);
+
+char *scd_apdu_strerror (unsigned int sw);
+
+
+/*-- card-yubikey.c --*/
+gpg_error_t yubikey_commands (card_info_t info,
+                              estream_t fp, int argc, const char *argv[]);
+
+
+#endif /*GNUPG_GPG_CARD_H*/
diff --git a/sm/gpgsm.w32-manifest.in b/tools/gpg-card.w32-manifest.in
similarity index 89%
rename from sm/gpgsm.w32-manifest.in
rename to tools/gpg-card.w32-manifest.in
index 3055788..ab853f8 100644
--- a/sm/gpgsm.w32-manifest.in
+++ b/tools/gpg-card.w32-manifest.in
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-<description>GNU Privacy Guard (X409/CMS tool)</description>
+<description>GNU Privacy Guard (Card tool)</description>
 <assemblyIdentity
     type="win32"
-    name="GnuPG.gpgsm"
+    name="GnuPG.gpg-card"
     version="@BUILD_VERSION@"
     />
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c
index 77176cc..d798dbe 100644
--- a/tools/gpg-check-pattern.c
+++ b/tools/gpg-check-pattern.c
@@ -1,5 +1,4 @@
 /* gpg-check-pattern.c - A tool to check passphrases against pattern.
- * Copyright (C) 2021 g10 Code GmbH
  * Copyright (C) 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -27,6 +26,7 @@
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
+#include <assert.h>
 #ifdef HAVE_LOCALE_H
 # include <locale.h>
 #endif
@@ -50,7 +50,11 @@
 enum cmd_and_opt_values
 { aNull = 0,
   oVerbose	  = 'v',
+  oArmor          = 'a',
+  oPassphrase     = 'P',
 
+  oProtect        = 'p',
+  oUnprotect      = 'u',
   oNull           = '0',
 
   oNoVerbose = 500,
@@ -61,7 +65,7 @@ enum cmd_and_opt_values
 
 
 /* The list of commands and options.  */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
   { 301, NULL, 0, N_("@Options:\n ") },
 
@@ -88,7 +92,7 @@ static struct
 enum {
   PAT_NULL,    /* Indicates end of the array.  */
   PAT_STRING,  /* The pattern is a simple string.  */
-  PAT_REGEX    /* The pattern is an extended regualr expression. */
+  PAT_REGEX    /* The pattern is an extended regular expression. */
 };
 
 
@@ -97,10 +101,6 @@ struct pattern_s
 {
   int type;
   unsigned int lineno;     /* Line number of the pattern file.  */
-  unsigned int newblock;   /* First pattern in a new block.     */
-  unsigned int icase:1;    /* Case insensitive match.  */
-  unsigned int accept:1;   /* In accept mode. */
-  unsigned int reverse:1;  /* Reverse the outcome of a regexp match.  */
   union {
     struct {
       const char *string;  /* Pointer to the actual string (nul termnated).  */
@@ -160,13 +160,13 @@ my_strusage (int level)
 int
 main (int argc, char **argv )
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   char *raw_pattern;
   size_t raw_pattern_length;
   pattern_t *patternarray;
 
   early_system_init ();
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
   log_set_prefix ("gpg-check-pattern", GPGRT_LOG_WITH_PREFIX);
 
@@ -180,7 +180,7 @@ main (int argc, char **argv )
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -192,16 +192,15 @@ main (int argc, char **argv )
         default : pargs.err = 2; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
-
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
   if (log_get_errorcount(0))
     exit (2);
 
   if (argc != 1)
-    usage (1);
+    gpgrt_usage (1);
 
   /* We read the entire pattern file into our memory and parse it
-     using a separate function.  This allows us to eventually do the
+     using a separate function.  This allows us to eventual do the
      reading while running setuid so that the pattern file can be
      hidden from regular users.  I am not sure whether this makes
      sense, but lets be prepared for it.  */
@@ -220,7 +219,7 @@ main (int argc, char **argv )
 #endif
   process (stdin, patternarray);
 
-  return 4; /*NOTREACHED*/
+  return log_get_errorcount(0)? 1 : 0;
 }
 
 
@@ -228,7 +227,7 @@ main (int argc, char **argv )
 /* Read a file FNAME into a buffer and return that malloced buffer.
    Caller must free the buffer.  On error NULL is returned, on success
    the valid length of the buffer is stored at R_LENGTH.  The returned
-   buffer is guarnteed to be nul terminated.  */
+   buffer is guaranteed to be nul terminated.  */
 static char *
 read_file (const char *fname, size_t *r_length)
 {
@@ -311,7 +310,6 @@ get_regerror (int errcode, regex_t *compiled)
   return buffer;
 }
 
-
 /* Parse the pattern given in the memory aread DATA/DATALEN and return
    a new pattern array.  The end of the array is indicated by a NULL
    entry.  On error an error message is printed and the function
@@ -326,9 +324,6 @@ parse_pattern_file (char *data, size_t datalen)
   pattern_t *array;
   size_t arraysize, arrayidx;
   unsigned int lineno = 0;
-  unsigned int icase_mode = 1;
-  unsigned int accept_mode = 0;
-  unsigned int newblock = 1;  /* The first implict block.  */
 
   /* Estimate the number of entries by counting the non-comment lines.  */
   arraysize = 0;
@@ -354,7 +349,7 @@ parse_pattern_file (char *data, size_t datalen)
         }
       else
         p2 = p + datalen;
-      log_assert (!*p2);
+      assert (!*p2);
       p2--;
       while (isascii (*p) && isspace (*p))
         p++;
@@ -364,57 +359,23 @@ parse_pattern_file (char *data, size_t datalen)
         *p2-- = 0;
       if (!*p)
         continue;
-      if (!strcmp (p, "[case]"))
-        {
-          icase_mode = 0;
-          continue;
-        }
-      if (!strcmp (p, "[icase]"))
-        {
-          icase_mode = 1;
-          continue;
-        }
-      if (!strcmp (p, "[accept]"))
-        {
-          accept_mode = 1;
-          newblock = 1;
-          continue;
-        }
-      if (!strcmp (p, "[reject]"))
-        {
-          accept_mode = 0;
-          newblock = 1;
-          continue;
-        }
-
-      log_assert (arrayidx < arraysize);
+      assert (arrayidx < arraysize);
       array[arrayidx].lineno = lineno;
-      array[arrayidx].icase = icase_mode;
-      array[arrayidx].accept = accept_mode;
-      array[arrayidx].reverse = 0;
-      array[arrayidx].newblock = newblock;
-      newblock = 0;
-
-      if (*p == '/' || (*p == '!' && p[1] == '/'))
+      if (*p == '/')
         {
           int rerr;
-          int reverse;
 
-          reverse = (*p == '!');
           p++;
-          if (reverse)
-            p++;
           array[arrayidx].type = PAT_REGEX;
           if (*p && p[strlen(p)-1] == '/')
             p[strlen(p)-1] = 0;  /* Remove optional delimiter.  */
           array[arrayidx].u.r.regex = xcalloc (1, sizeof (regex_t));
-          array[arrayidx].reverse = reverse;
           rerr = regcomp (array[arrayidx].u.r.regex, p,
-                          (array[arrayidx].icase? REG_ICASE:0)|REG_EXTENDED);
+                          REG_ICASE|REG_EXTENDED);
           if (rerr)
             {
               char *rerrbuf = get_regerror (rerr, array[arrayidx].u.r.regex);
-              log_error ("invalid regexp at line %u: %s\n", lineno, rerrbuf);
+              log_error ("invalid r.e. at line %u: %s\n", lineno, rerrbuf);
               xfree (rerrbuf);
               if (!opt.checkonly)
                 exit (1);
@@ -422,44 +383,25 @@ parse_pattern_file (char *data, size_t datalen)
         }
       else
         {
-          if (*p == '[')
-            {
-              static int shown;
-
-              if (!shown)
-                {
-                  log_info ("future warning: do no start a string with '['"
-                            " but use a regexp (line %u)\n", lineno);
-                  shown = 1;
-                }
-            }
           array[arrayidx].type = PAT_STRING;
           array[arrayidx].u.s.string = p;
           array[arrayidx].u.s.length = strlen (p);
         }
-
       arrayidx++;
     }
-  log_assert (arrayidx < arraysize);
+  assert (arrayidx < arraysize);
   array[arrayidx].type = PAT_NULL;
 
-  if (lineno && newblock)
-    log_info ("warning: pattern list ends with a singleton"
-              " accept or reject tag\n");
-
   return array;
 }
 
 
-/* Check whether string matches any of the pattern in PATARRAY and
+/* Check whether string macthes any of the pattern in PATARRAY and
    returns the matching pattern item or NULL.  */
 static pattern_t *
 match_p (const char *string, pattern_t *patarray)
 {
   pattern_t *pat;
-  int match;
-  int accept_match;  /* Tracks matchinf state in an accept block.  */
-  int accept_skip;   /* Skip remaining patterns in an accept block.  */
 
   if (!*string)
     {
@@ -468,84 +410,30 @@ match_p (const char *string, pattern_t *patarray)
       return NULL;
     }
 
-  accept_match = 0;
-  accept_skip = 0;
   for (pat = patarray; pat->type != PAT_NULL; pat++)
     {
-      match = 0;
-      if (pat->newblock)
-        accept_match = accept_skip = 0;
-
       if (pat->type == PAT_STRING)
         {
-          if (pat->icase)
-            {
-              if (!strcasecmp (pat->u.s.string, string))
-                match = 1;
-            }
-          else
-            {
-              if (!strcmp (pat->u.s.string, string))
-                match = 1;
-            }
+          if (!strcasecmp (pat->u.s.string, string))
+            return pat;
         }
       else if (pat->type == PAT_REGEX)
         {
           int rerr;
 
           rerr = regexec (pat->u.r.regex, string, 0, NULL, 0);
-          if (pat->reverse)
-            {
-              if (!rerr)
-                rerr = REG_NOMATCH;
-              else if (rerr == REG_NOMATCH)
-                rerr = 0;
-            }
-
           if (!rerr)
-            match = 1;
+            return pat;
           else if (rerr != REG_NOMATCH)
             {
               char *rerrbuf = get_regerror (rerr, pat->u.r.regex);
-              log_error ("matching regexp failed: %s\n", rerrbuf);
+              log_error ("matching r.e. failed: %s\n", rerrbuf);
               xfree (rerrbuf);
-              if (pat->accept)
-                match = 0;  /* Better indicate no match on error.  */
-              else
-                match = 1;  /* Better indicate a match on error.  */
+              return pat;  /* Better indicate a match on error.  */
             }
         }
       else
         BUG ();
-
-      if (pat->accept)
-        {
-          /* Accept mode: all patterns in the accept block must match.
-           * Thus we need to check whether the next pattern has a
-           * transition and act only then. */
-          if (match && !accept_skip)
-            accept_match = 1;
-          else
-            {
-              accept_match = 0;
-              accept_skip = 1;
-            }
-
-          if (pat[1].type == PAT_NULL || pat[1].newblock)
-            {
-              /* Transition detected.  Note that this also handles the
-               * end of pattern loop case.  */
-              if (accept_match)
-                return pat;
-              /* The next is not really but we do it for clarity.  */
-              accept_match = accept_skip = 0;
-            }
-        }
-      else  /* Reject mode: Return true on the first match.  */
-        {
-          if (match)
-            return pat;
-        }
     }
   return NULL;
 }
@@ -561,7 +449,6 @@ process (FILE *fp, pattern_t *patarray)
   int c;
   unsigned long lineno = 0;
   pattern_t *pat;
-  int last_is_accept;
 
   idx = 0;
   c = 0;
@@ -581,28 +468,17 @@ process (FILE *fp, pattern_t *patarray)
           pat = match_p (buffer, patarray);
           if (pat)
             {
-              /* Note that the accept mode works correctly only with
-               * one input line.  */
               if (opt.verbose)
-                log_info ("input line %lu matches pattern at line %u"
-                          " - %s\n",
-                          lineno, pat->lineno,
-                          pat->accept? "accepted":"rejected");
+                log_error ("input line %lu matches pattern at line %u"
+                           " - rejected\n",
+                           lineno, pat->lineno);
+              exit (1);
             }
           idx = 0;
-          wipememory (buffer, sizeof buffer);
-          if (pat)
-            {
-              if (pat->accept)
-                exit (0);
-              else
-                exit (1);
-            }
         }
       else
         idx++;
     }
-  wipememory (buffer, sizeof buffer);
   if (c != EOF)
     {
       log_error ("input line %lu too long - rejected\n", lineno+1);
@@ -614,20 +490,6 @@ process (FILE *fp, pattern_t *patarray)
                  lineno+1, strerror (errno));
       exit (1);
     }
-
-  /* Check last pattern to see whether we are in accept mode.  */
-  last_is_accept = 0;
-  for (pat = patarray; pat->type != PAT_NULL; pat++)
-    last_is_accept = pat->accept;
-
   if (opt.verbose)
-    log_info ("no input line matches the pattern - %s\n",
-              last_is_accept? "rejected":"accepted");
-
-  if (log_get_errorcount(0))
-    exit (2);  /* Ooops - reject.  */
-  else if (last_is_accept)
-    exit (1);  /* Reject */
-  else
-    exit (0);  /* Accept */
+    log_info ("no input line matches the pattern - accepted\n");
 }
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
index eecfd67..142f691 100644
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@@ -20,7 +20,6 @@
  */
 
 #include <config.h>
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -45,6 +44,9 @@
 #define CONTROL_D ('D' - 'A' + 1)
 #define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
 
+#define HISTORYNAME ".gpg-connect_history"
+
+
 /* Constants to identify the commands and options. */
 enum cmd_and_opt_values
   {
@@ -61,18 +63,23 @@ enum cmd_and_opt_values
     oHomedir,
     oAgentProgram,
     oDirmngrProgram,
+    oKeyboxdProgram,
     oHex,
     oDecode,
     oNoExtConnect,
     oDirmngr,
+    oKeyboxd,
     oUIServer,
+    oNoHistory,
     oNoAutostart,
+    oChUid,
 
+    oNoop
   };
 
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (301, N_("@\nOptions:\n ")),
 
   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@@ -80,6 +87,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oHex,   "hex",       N_("print data out hex encoded")),
   ARGPARSE_s_n (oDecode,"decode",    N_("decode received data lines")),
   ARGPARSE_s_n (oDirmngr,"dirmngr",  N_("connect to the dirmngr")),
+  ARGPARSE_s_n (oKeyboxd,"keyboxd",  N_("connect to the keyboxd")),
   ARGPARSE_s_n (oUIServer, "uiserver", "@"),
   ARGPARSE_s_s (oRawSocket, "raw-socket",
                 N_("|NAME|connect to Assuan socket NAME")),
@@ -95,9 +103,13 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
   ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
+  ARGPARSE_s_n (oNoHistory,"no-history",
+                "do not use the command history file"),
   ARGPARSE_s_s (oHomedir, "homedir", "@" ),
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
   ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
+  ARGPARSE_s_s (oKeyboxdProgram, "keyboxd-program", "@"),
+  ARGPARSE_s_s (oChUid,          "chuid",           "@"),
 
   ARGPARSE_end ()
 };
@@ -110,11 +122,13 @@ struct
   int quiet;		/* Be extra quiet.  */
   int autostart;        /* Start the server if not running.  */
   const char *homedir;  /* Configuration directory name */
-  const char *agent_program;  /* Value of --agent-program.  */
+  const char *agent_program;    /* Value of --agent-program.    */
   const char *dirmngr_program;  /* Value of --dirmngr-program.  */
+  const char *keyboxd_program;  /* Value of --keyboxd-program.  */
   int hex;              /* Print data lines in hex format. */
   int decode;           /* Decode received data lines.  */
   int use_dirmngr;      /* Use the dirmngr and not gpg-agent.  */
+  int use_keyboxd;      /* Use the keyboxd and not gpg-agent.  */
   int use_uiserver;     /* Use the standard UI server.  */
   const char *raw_socket; /* Name of socket to connect in raw mode. */
   const char *tcp_socket; /* Name of server to connect in tcp mode. */
@@ -122,6 +136,7 @@ struct
   unsigned int connect_flags;    /* Flags used for connecting. */
   int enable_varsubst;  /* Set if variable substitution is enabled.  */
   int trim_leading_spaces;
+  int no_history;
 } opt;
 
 
@@ -489,7 +504,7 @@ arithmetic_op (int operator, const char *operands)
 
      unescape ARGS
            Remove C-style escapes from string.  Note that "\0" and
-           "\x00" terminate the string implictly.  Use "\x7d" to
+           "\x00" terminate the string implicitly.  Use "\x7d" to
            represent the closing brace.  The args start right after
            the first space after the function name.
 
@@ -1151,7 +1166,7 @@ help_cmd_p (const char *line)
 int
 main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   int no_more_options = 0;
   assuan_context_t ctx;
   char *line, *p;
@@ -1173,11 +1188,15 @@ main (int argc, char **argv)
   } loopstack[20];
   int        loopidx;
   char **cmdline_commands = NULL;
+  char *historyname = NULL;
+
+  static const char *changeuser;
+
 
   early_system_init ();
   gnupg_rl_initialize ();
-  set_strusage (my_strusage);
-  log_set_prefix ("gpg-connect-agent", GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_NO_REGISTRY);
+  gpgrt_set_strusage (my_strusage);
+  log_set_prefix ("gpg-connect-agent", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init();
@@ -1194,7 +1213,7 @@ main (int argc, char **argv)
   pargs.argc  = &argc;
   pargs.argv  = &argv;
   pargs.flags = ARGPARSE_FLAG_KEEP;
-  while (!no_more_options && gnupg_argparse (NULL, &pargs, opts))
+  while (!no_more_options && gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -1204,10 +1223,13 @@ main (int argc, char **argv)
         case oHomedir:   gnupg_set_homedir (pargs.r.ret_str); break;
         case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
         case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str;  break;
+        case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str;  break;
         case oNoAutostart:    opt.autostart = 0; break;
+        case oNoHistory: opt.no_history = 1; break;
         case oHex:       opt.hex = 1; break;
         case oDecode:    opt.decode = 1; break;
         case oDirmngr:   opt.use_dirmngr = 1; break;
+        case oKeyboxd:   opt.use_keyboxd = 1; break;
         case oUIServer:  opt.use_uiserver = 1; break;
         case oRawSocket: opt.raw_socket = pargs.r.ret_str; break;
         case oTcpSocket: opt.tcp_socket = pargs.r.ret_str; break;
@@ -1218,11 +1240,15 @@ main (int argc, char **argv)
           opt.enable_varsubst = 1;
           opt.trim_leading_spaces = 1;
           break;
+        case oChUid:     changeuser = pargs.r.ret_str; break;
 
         default: pargs.err = 2; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  if (changeuser && gnupg_chuid (changeuser, 0))
+    log_inc_errorcount (); /* Force later termination.  */
 
   if (log_get_errorcount (0))
     exit (2);
@@ -1416,6 +1442,15 @@ main (int argc, char **argv)
         {
           keep_line = 0;
           xfree (line);
+          if (!historyname && !opt.no_history)
+            {
+              historyname = make_filename (gnupg_homedir (), HISTORYNAME, NULL);
+              if (tty_read_history (historyname, 500))
+                log_info ("error reading '%s': %s\n",
+                          historyname,
+                          gpg_strerror (gpg_error_from_syserror ()));
+            }
+
           line = tty_get ("> ");
           n = strlen (line);
           if (n==1 && *line == CONTROL_D)
@@ -1803,7 +1838,7 @@ main (int argc, char **argv)
                     }
                 }
             }
-          else if (!strcmp (cmd, "bye"))
+          else if (!strcmp (cmd, "bye") || !strcmp (cmd, "quit"))
             {
               break;
             }
@@ -1811,6 +1846,15 @@ main (int argc, char **argv)
             {
               gnupg_sleep (1);
             }
+          else if (!strcmp (cmd, "history"))
+            {
+              if (!strcmp (p, "--clear"))
+                {
+                  tty_read_history (NULL, 0);
+                }
+              else
+                log_error ("Only \"/history --clear\" is supported\n");
+            }
           else if (!strcmp (cmd, "help"))
             {
               puts (
@@ -1837,6 +1881,7 @@ main (int argc, char **argv)
 "/if VAR                Begin conditional block controlled by VAR.\n"
 "/while VAR             Begin loop controlled by VAR.\n"
 "/end                   End loop or condition\n"
+"/history               Manage the history\n"
 "/bye                   Terminate gpg-connect-agent.\n"
 "/help                  Print this help.");
             }
@@ -1884,7 +1929,16 @@ main (int argc, char **argv)
     }
 
   if (opt.verbose)
-    log_info ("closing connection to agent\n");
+    log_info ("closing connection to %s\n",
+              opt.use_dirmngr? "dirmngr" :
+              opt.use_keyboxd? "keyboxd" :
+              "agent");
+
+
+  if (historyname && tty_write_history (historyname))
+    log_info ("error writing '%s': %s\n",
+              historyname, gpg_strerror (gpg_error_from_syserror ()));
+
 
   /* XXX: We would like to release the context here, but libassuan
      nicely says good bye to the server, which results in a SIGPIPE if
@@ -1895,6 +1949,7 @@ main (int argc, char **argv)
     assuan_release (ctx);
   else
     gpgrt_annotate_leaked_object (ctx);
+  xfree (historyname);
   xfree (line);
   return 0;
 }
@@ -1971,7 +2026,7 @@ handle_inquire (assuan_context_t ctx, char *line)
         }
       else
         {
-          fp = gnupg_fopen (d->file, "rb");
+          fp = fopen (d->file, "rb");
           if (!fp)
             log_error ("error opening '%s': %s\n", d->file, strerror (errno));
           else if (opt.verbose)
@@ -2230,6 +2285,13 @@ start_agent (void)
                              opt.autostart,
                              !opt.quiet, 0,
                              NULL, NULL);
+  else if (opt.use_keyboxd)
+    err = start_new_keyboxd (&ctx,
+                             GPG_ERR_SOURCE_DEFAULT,
+                             opt.keyboxd_program,
+                             opt.autostart,
+                             !opt.quiet, 0,
+                             NULL, NULL);
   else
     err = start_new_gpg_agent (&ctx,
                                GPG_ERR_SOURCE_DEFAULT,
@@ -2245,12 +2307,15 @@ start_agent (void)
     {
       if (!opt.autostart
           && (gpg_err_code (err)
-              == (opt.use_dirmngr? GPG_ERR_NO_DIRMNGR : GPG_ERR_NO_AGENT)))
+              == (opt.use_dirmngr? GPG_ERR_NO_DIRMNGR :
+                  opt.use_keyboxd? GPG_ERR_NO_KEYBOXD : GPG_ERR_NO_AGENT)))
         {
           /* In the no-autostart case we don't make gpg-connect-agent
              fail on a missing server.  */
           log_info (opt.use_dirmngr?
                     _("no dirmngr running in this session\n"):
+                    opt.use_keyboxd?
+                    _("no keybox daemon running in this session\n"):
                     _("no gpg-agent running in this session\n"));
           exit (0);
         }
diff --git a/tools/gpg-pair-tool.c b/tools/gpg-pair-tool.c
new file mode 100644
index 0000000..4054f5d
--- /dev/null
+++ b/tools/gpg-pair-tool.c
@@ -0,0 +1,1965 @@
+/* gpg-pair-tool.c - The tool to run the pairing protocol.
+ * Copyright (C) 2018 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ */
+
+/* Protocol:
+ *
+ *    Initiator             Responder
+ *       |                     |
+ *       |    COMMIT           |
+ *       |-------------------->|
+ *       |                     |
+ *       |    DHPART1          |
+ *       |<--------------------|
+ *       |                     |
+ *       |    DHPART2          |
+ *       |-------------------->|
+ *       |                     |
+ *       |    CONFIRM          |
+ *       |<--------------------|
+ *       |                     |
+ *
+ * The initiator creates a keypar (PKi,SKi) and sends this COMMIT
+ * message to the responder:
+ *
+ *   7 byte Magic, value: "GPG-pa1"
+ *   1 byte MessageType, value 1 (COMMIT)
+ *   8 byte SessionId, value: 8 random bytes
+ *   1 byte Realm, value 1
+ *   2 byte reserved, value 0
+ *   5 byte ExpireTime, value: seconds since Epoch as an unsigned int.
+ *  32 byte Hash(PKi)
+ *
+ * The initiator also needs to locally store the sessionid, the realm,
+ * the expiration time, the keypair and a hash of the entire message
+ * sent.
+ *
+ * The responder checks that the received message has not expired and
+ * stores sessionid, realm, expiretime and the Hash(PKi).  The
+ * Responder then creates and locally stores its own keypair (PKr,SKr)
+ * and sends the DHPART1 message back:
+ *
+ *   7 byte Magic, value: "GPG-pa1"
+ *   1 byte MessageType, value 2 (DHPART1)
+ *   8 byte SessionId from COMMIT message
+ *  32 byte PKr
+ *  32 byte Hash(Hash(COMMIT) || DHPART1[0..47])
+ *
+ * Note that Hash(COMMIT) is the hash over the entire received COMMIT
+ * message.  DHPART1[0..47] are the first 48 bytes of the created
+ * DHPART1 message.
+ *
+ * The Initiator receives the DHPART1 message and checks that the hash
+ * matches.  Although this hash is easily malleable it is later in the
+ * protocol used to assert the integrity of all messages.  The
+ * Initiator then computes the shared master secret from its SKi and
+ * the received PKr.  Using this master secret several keys are
+ * derived:
+ *
+ *  - HMACi-key using the label "GPG-pa1-HMACi-key".
+ *  - SYMx-key using the label "GPG-pa1-SYMx-key"
+ *
+ * For details on the KDF see the implementation of the function kdf.
+ * The master secret is stored securily in the local state.  The
+ * DHPART2 message is then created and send to the Responder:
+ *
+ *   7 byte Magic, value: "GPG-pa1"
+ *   1 byte MessageType, value 3 (DHPART2)
+ *   8 byte SessionId from COMMIT message
+ *  32 byte PKi
+ *  32 byte MAC(HMACi-key, Hash(DHPART1) || DHPART2[0..47] || SYMx-key)
+ *
+ * The Responder receives the DHPART2 message and checks that the hash
+ * of the received PKi matches the Hash(PKi) value as received earlier
+ * with the COMMIT message.  The Responder now also computes the
+ * shared master secret from its SKr and the received PKi and derives
+ * the keys:
+ *
+ *  - HMACi-key using the label "GPG-pa1-HMACi-key".
+ *  - HMACr-key using the label "GPG-pa1-HMACr-key".
+ *  - SYMx-key using the label "GPG-pa1-SYMx-key"
+ *  - SAS using the label "GPG-pa1-SAS"
+ *
+ * With these keys the MAC from the received DHPART2 message is
+ * checked.  On success a SAS is displayed to the user and a CONFIRM
+ * message send back:
+ *
+ *   7 byte Magic, value: "GPG-pa1"
+ *   1 byte MessageType, value 4 (CONFIRM)
+ *   8 byte SessionId from COMMIT message
+ *  32 byte MAC(HMACr-key, Hash(DHPART2) || CONFIRM[0..15] || SYMx-key)
+ *
+ * The Initiator receives this CONFIRM message, gets the master shared
+ * secrey from its local state and derives the keys.  It checks the
+ * the MAC in the received CONFIRM message and ask the user to enter
+ * the SAS as displayed by the responder.  Iff the SAS matches the
+ * master key is flagged as confirmed and the Initiator may now use a
+ * derived key to send encrypted data to the Responder.
+ *
+ * In case the Responder also needs to send encrypted data we need to
+ * introduce another final message to tell the responder that the
+ * Initiator validated the SAS.
+ *
+ * TODO:  Encrypt the state files using a key stored in gpg-agent's cache.
+ *
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <stdarg.h>
+
+#include "../common/util.h"
+#include "../common/status.h"
+#include "../common/i18n.h"
+#include "../common/sysutils.h"
+#include "../common/init.h"
+#include "../common/name-value.h"
+
+/* Constants to identify the commands and options. */
+enum cmd_and_opt_values
+  {
+    aNull       = 0,
+
+    oQuiet      = 'q',
+    oVerbose	= 'v',
+    oOutput     = 'o',
+    oArmor      = 'a',
+
+    aInitiate   = 400,
+    aRespond    = 401,
+    aGet        = 402,
+    aCleanup    = 403,
+
+    oDebug      = 500,
+    oStatusFD,
+    oHomedir,
+    oSAS,
+
+    oDummy
+  };
+
+
+/* The list of commands and options. */
+static gpgrt_opt_t opts[] = {
+  ARGPARSE_group (300, ("@Commands:\n ")),
+
+  ARGPARSE_c (aInitiate, "initiate", N_("initiate a pairing request")),
+  ARGPARSE_c (aRespond,  "respond", N_("respond to a pairing request")),
+  ARGPARSE_c (aGet,      "get",     N_("return the keys")),
+  ARGPARSE_c (aCleanup,  "cleanup", N_("remove expired states etc.")),
+
+  ARGPARSE_group (301, ("@\nOptions:\n ")),
+
+  ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+  ARGPARSE_s_n (oQuiet,	"quiet", N_("be somewhat more quiet")),
+  ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
+  ARGPARSE_s_s (oSAS, "sas", N_("|SAS|the SAS as shown by the peer")),
+  ARGPARSE_s_s (oDebug, "debug", "@"),
+  ARGPARSE_s_s (oOutput, "output", N_("|FILE|write the request to FILE")),
+  ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
+
+  ARGPARSE_s_s (oHomedir, "homedir", "@"),
+
+  ARGPARSE_end ()
+};
+
+
+/* We keep all global options in the structure OPT.  */
+static struct
+{
+  int verbose;
+  unsigned int debug;
+  int quiet;
+  int armor;
+  const char *output;
+  estream_t statusfp;
+  unsigned int ttl;
+  const char *sas;
+} opt;
+
+
+/* Debug values and macros.  */
+#define DBG_MESSAGE_VALUE     2 /* Debug the messages.  */
+#define DBG_CRYPTO_VALUE      4	/* Debug low level crypto.  */
+#define DBG_MEMORY_VALUE     32	/* Debug memory allocation stuff.  */
+
+#define DBG_MESSAGE  (opt.debug & DBG_MESSAGE_VALUE)
+#define DBG_CRYPTO   (opt.debug & DBG_CRYPTO_VALUE)
+
+
+/* The list of supported debug flags.  */
+static struct debug_flags_s debug_flags [] =
+  {
+    { DBG_MESSAGE_VALUE, "message"  },
+    { DBG_CRYPTO_VALUE , "crypto"  },
+    { DBG_MEMORY_VALUE , "memory"  },
+    { 0, NULL }
+  };
+
+
+/* The directory name below the cache dir to store paring states.  */
+#define PAIRING_STATE_DIR  "state"
+
+/* Message types.  */
+#define MSG_TYPE_COMMIT  1
+#define MSG_TYPE_DHPART1 2
+#define MSG_TYPE_DHPART2 3
+#define MSG_TYPE_CONFIRM 4
+
+
+/* Realm values.  */
+#define REALM_STANDARD  1
+
+
+
+
+/* Local prototypes.  */
+static void wrong_args (const char *text) GPGRT_ATTR_NORETURN;
+static void xnvc_set_printf (nvc_t nvc, const char *name, const char *format,
+                             ...) GPGRT_ATTR_PRINTF(3,4);
+static void *hash_data (void *result, size_t resultsize,
+                        ...) GPGRT_ATTR_SENTINEL(0);
+static void *hmac_data (void *result, size_t resultsize,
+                        const unsigned char *key, size_t keylen,
+                        ...) GPGRT_ATTR_SENTINEL(0);
+
+
+static gpg_error_t command_initiate (void);
+static gpg_error_t command_respond (void);
+static gpg_error_t command_cleanup (void);
+static gpg_error_t command_get (const char *sessionidstr);
+
+
+
+
+/* Print usage information and provide strings for help. */
+static const char *
+my_strusage( int level )
+{
+  const char *p;
+
+  switch (level)
+    {
+    case 9:  p = "LGPL-2.1-or-later"; break;
+    case 11: p = "gpg-pair-tool"; break;
+    case 12: p = "@GNUPG@"; break;
+    case 13: p = VERSION; break;
+    case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+    case 1:
+    case 40:
+      p = ("Usage: gpg-pair-tool [command] [options] [args] (-h for help)");
+      break;
+    case 41:
+      p = ("Syntax: gpg-pair-tool [command] [options] [args]\n"
+           "Client to run the pairing protocol\n");
+      break;
+
+    default: p = NULL; break;
+    }
+  return p;
+}
+
+
+static void
+wrong_args (const char *text)
+{
+  es_fprintf (es_stderr, _("usage: %s [options] %s\n"),
+              gpgrt_strusage (11), text);
+  exit (2);
+}
+
+
+/* Set the status FD.  */
+static void
+set_status_fd (int fd)
+{
+  static int last_fd = -1;
+
+  if (fd != -1 && last_fd == fd)
+    return;
+
+  if (opt.statusfp && opt.statusfp != es_stdout && opt.statusfp != es_stderr)
+    es_fclose (opt.statusfp);
+  opt.statusfp = NULL;
+  if (fd == -1)
+    return;
+
+  if (fd == 1)
+    opt.statusfp = es_stdout;
+  else if (fd == 2)
+    opt.statusfp = es_stderr;
+  else
+    opt.statusfp = es_fdopen (fd, "w");
+  if (!opt.statusfp)
+    {
+      log_fatal ("can't open fd %d for status output: %s\n",
+                 fd, gpg_strerror (gpg_error_from_syserror ()));
+    }
+  last_fd = fd;
+}
+
+
+/* Write a status line with code NO followed by the output of the
+ * printf style FORMAT.  The caller needs to make sure that LFs and
+ * CRs are not printed.  */
+static void
+write_status (int no, const char *format, ...)
+{
+  va_list arg_ptr;
+
+  if (!opt.statusfp)
+    return;  /* Not enabled.  */
+
+  es_fputs ("[GNUPG:] ", opt.statusfp);
+  es_fputs (get_status_string (no), opt.statusfp);
+  if (format)
+    {
+      es_putc (' ', opt.statusfp);
+      va_start (arg_ptr, format);
+      es_vfprintf (opt.statusfp, format, arg_ptr);
+      va_end (arg_ptr);
+    }
+  es_putc ('\n', opt.statusfp);
+}
+
+
+
+/* gpg-pair-tool main. */
+int
+main (int argc, char **argv)
+{
+  gpg_error_t err;
+  gpgrt_argparse_t pargs = { &argc, &argv };
+  enum cmd_and_opt_values cmd = 0;
+
+  opt.ttl = 8*3600; /* Default to 8 hours.  */
+
+  gnupg_reopen_std ("gpg-pair-tool");
+  gpgrt_set_strusage (my_strusage);
+  log_set_prefix ("gpg-pair-tool", GPGRT_LOG_WITH_PREFIX);
+
+  /* Make sure that our subsystems are ready.  */
+  i18n_init();
+  init_common_subsystems (&argc, &argv);
+
+  /* Parse the command line. */
+  while (gpgrt_argparse (NULL, &pargs, opts))
+    {
+      switch (pargs.r_opt)
+        {
+	case oQuiet:     opt.quiet = 1; break;
+        case oVerbose:   opt.verbose++; break;
+        case oArmor:     opt.armor = 1; break;
+
+        case oDebug:
+          if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
+            {
+              pargs.r_opt = ARGPARSE_INVALID_ARG;
+              pargs.err   = ARGPARSE_PRINT_ERROR;
+            }
+          break;
+
+        case oOutput:
+          opt.output = pargs.r.ret_str;
+          break;
+
+        case oStatusFD:
+          set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
+          break;
+
+        case oHomedir:
+          gnupg_set_homedir (pargs.r.ret_str);
+          break;
+
+        case oSAS:
+          opt.sas = pargs.r.ret_str;
+          break;
+
+	case aInitiate:
+	case aRespond:
+	case aGet:
+	case aCleanup:
+          if (cmd && cmd != pargs.r_opt)
+            log_error (_("conflicting commands\n"));
+          else
+            cmd = pargs.r_opt;
+          break;
+
+        default: pargs.err = ARGPARSE_PRINT_WARNING; break;
+	}
+    }
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  /* Print a warning if an argument looks like an option.  */
+  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
+    {
+      int i;
+
+      for (i=0; i < argc; i++)
+        if (argv[i][0] == '-' && argv[i][1] == '-')
+          log_info (("NOTE: '%s' is not considered an option\n"), argv[i]);
+    }
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Free internal memory.  */
+
+  if (opt.sas)
+    {
+      if (strlen (opt.sas) != 11
+          || !digitp (opt.sas+0) || !digitp (opt.sas+1) || !digitp (opt.sas+2)
+          || opt.sas[3] != '-'
+          || !digitp (opt.sas+4) || !digitp (opt.sas+5) || !digitp (opt.sas+6)
+          || opt.sas[7] != '-'
+          || !digitp (opt.sas+8) || !digitp (opt.sas+9) || !digitp (opt.sas+10))
+        log_error ("invalid formatted SAS\n");
+    }
+
+  /* Stop if any error, inclduing ARGPARSE_PRINT_WARNING, occurred.  */
+  if (log_get_errorcount (0))
+    exit (2);
+
+  if (DBG_CRYPTO)
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1|2);
+
+
+  /* Now run the requested command.  */
+  switch (cmd)
+    {
+    case aInitiate:
+      if (argc)
+        wrong_args ("--initiate");
+      err = command_initiate ();
+      break;
+
+    case aRespond:
+      if (argc)
+        wrong_args ("--respond");
+      err = command_respond ();
+      break;
+
+    case aGet:
+      if (argc > 1)
+        wrong_args ("--respond [sessionid]");
+      err = command_get (argc? *argv:NULL);
+      break;
+
+    case aCleanup:
+      if (argc)
+        wrong_args ("--cleanup");
+      err = command_cleanup ();
+      break;
+
+    default:
+      gpgrt_usage (1);
+      err = 0;
+      break;
+    }
+
+  if (err)
+    write_status (STATUS_FAILURE, "- %u", err);
+  else if (log_get_errorcount (0))
+    write_status (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL);
+  else
+    write_status (STATUS_SUCCESS, NULL);
+  return log_get_errorcount (0)? 1:0;
+}
+
+
+
+/* Wrapper around nvc_new which terminates in the error case.  */
+static nvc_t
+xnvc_new (void)
+{
+  nvc_t c = nvc_new ();
+  if (!c)
+    log_fatal ("error creating NVC object: %s\n",
+               gpg_strerror (gpg_error_from_syserror ()));
+  return c;
+}
+
+/* Wrapper around nvc_set which terminates in the error case.  */
+static void
+xnvc_set (nvc_t nvc, const char *name, const char *value)
+{
+  gpg_error_t err = nvc_set (nvc, name, value);
+  if (err)
+    log_fatal ("error updating NVC object: %s\n", gpg_strerror (err));
+}
+
+/* Call vnc_set with (BUFFER, BUFLEN) converted to a hex string as
+ * value.  Terminates in the error case.  */
+static void
+xnvc_set_hex (nvc_t nvc, const char *name, const void *buffer, size_t buflen)
+{
+  char *hex;
+
+  hex = bin2hex (buffer, buflen, NULL);
+  if (!hex)
+    xoutofcore ();
+  strlwr (hex);
+  xnvc_set (nvc, name, hex);
+  xfree (hex);
+}
+
+/* Call nvc_set with a value created from the string generated using
+ * the printf style FORMAT.  Terminates in the error case.  */
+static void
+xnvc_set_printf (nvc_t nvc, const char *name, const char *format, ...)
+{
+  va_list arg_ptr;
+  char *buffer;
+
+  va_start (arg_ptr, format);
+  if (gpgrt_vasprintf (&buffer, format, arg_ptr) < 0)
+    log_fatal ("estream_asprintf failed: %s\n",
+               gpg_strerror (gpg_error_from_syserror ()));
+  va_end (arg_ptr);
+  xnvc_set (nvc, name, buffer);
+  xfree (buffer);
+}
+
+
+/* Return the string for the first entry in NVC with NAME.  If NAME is
+ * missing, an empty string is returned.  The returned string is a
+ * pointer into NVC.  */
+static const char *
+xnvc_get_string (nvc_t nvc, const char *name)
+{
+  nve_t item;
+
+  if (!nvc)
+    return "";
+  item = nvc_lookup (nvc, name);
+  if (!item)
+    return "";
+  return nve_value (item);
+}
+
+
+
+/* Return a string for MSGTYPE.  */
+const char *
+msgtypestr (int msgtype)
+{
+  switch (msgtype)
+    {
+    case MSG_TYPE_COMMIT:  return "Commit";
+    case MSG_TYPE_DHPART1: return "DHPart1";
+    case MSG_TYPE_DHPART2: return "DHPart2";
+    case MSG_TYPE_CONFIRM: return "Confirm";
+    }
+  return "?";
+}
+
+
+/* Private to {get,set}_session_id().  */
+static struct {
+  int initialized;
+  unsigned char sessid[8];
+} session_id;
+
+
+/* Return the 8 octet session.  */
+static unsigned char *
+get_session_id (void)
+{
+  if (!session_id.initialized)
+    {
+      session_id.initialized = 1;
+      gcry_create_nonce (session_id.sessid, sizeof session_id.sessid);
+    }
+
+  return session_id.sessid;
+}
+
+static void
+set_session_id (const void *sessid, size_t len)
+{
+  log_assert (!session_id.initialized);
+  if (len > sizeof session_id.sessid)
+    len = sizeof session_id.sessid;
+  memcpy (session_id.sessid, sessid, len);
+  if (len < sizeof session_id.sessid)
+    memset (session_id.sessid+len, 0, sizeof session_id.sessid - len);
+  session_id.initialized = 1;
+}
+
+/* Return a string with the hexified session id.  */
+static const char *
+get_session_id_hex (void)
+{
+  static char hexstr[16+1];
+
+  bin2hex (get_session_id (), 8, hexstr);
+  strlwr (hexstr);
+  return hexstr;
+}
+
+
+/* Return a fixed string with the directory used to store the state of
+ * pairings.  On error a diagnostic is printed but the file name is
+ * returned anyway.  It is expected that the expected failure of the
+ * following open is responsible for error handling.  */
+static const char *
+get_pairing_statedir (void)
+{
+  static char *fname;
+  gpg_error_t err = 0;
+  char *tmpstr;
+  struct stat statbuf;
+
+  if (fname)
+    return fname;
+
+  fname = make_filename (gnupg_homedir (), GNUPG_CACHE_DIR, NULL);
+  if (gnupg_stat (fname, &statbuf) && errno == ENOENT)
+    {
+      if (gnupg_mkdir (fname, "-rwx"))
+        {
+          err = gpg_error_from_syserror ();
+          log_error (_("can't create directory '%s': %s\n"),
+                     fname, gpg_strerror (err) );
+        }
+      else if (!opt.quiet)
+        log_info (_("directory '%s' created\n"), fname);
+    }
+
+  tmpstr = make_filename (fname, PAIRING_STATE_DIR, NULL);
+  xfree (fname);
+  fname = tmpstr;
+  if (gnupg_stat (fname, &statbuf) && errno == ENOENT)
+    {
+      if (gnupg_mkdir (fname, "-rwx"))
+        {
+          if (!err)
+            {
+              err = gpg_error_from_syserror ();
+              log_error (_("can't create directory '%s': %s\n"),
+                         fname, gpg_strerror (err) );
+            }
+        }
+      else if (!opt.quiet)
+        log_info (_("directory '%s' created\n"), fname);
+    }
+
+  return fname;
+}
+
+
+/* Open the pairing state file.  SESSIONID is a 8 byte buffer with the
+ * session-id.  If CREATE_FLAG is set the file is created and will
+ * always return a valid stream.  If CREATE_FLAG is not set the file
+ * is opened for reading and writing.  If the file does not exist NULL
+ * is return; in all other error cases the process is terminated.  If
+ * R_FNAME is not NULL the name of the file is stored there and the
+ * caller needs to free it.  */
+static estream_t
+open_pairing_state (const unsigned char *sessionid, int create_flag,
+                    char **r_fname)
+{
+  gpg_error_t err;
+  char *fname, *tmpstr;
+  estream_t fp;
+
+  /* The filename is the session id with a "pa1" suffix.  Note that
+   * the state dir may eventually be used for other purposes as well
+   * and thus the suffix identifies that the file belongs to this
+   * tool.  We use lowercase file names for no real reason.  */
+  tmpstr = bin2hex (sessionid, 8, NULL);
+  if (!tmpstr)
+    xoutofcore ();
+  strlwr (tmpstr);
+  fname = xstrconcat (tmpstr, ".pa1", NULL);
+  xfree (tmpstr);
+  tmpstr = make_filename (get_pairing_statedir (), fname, NULL);
+  xfree (fname);
+  fname = tmpstr;
+
+  fp = es_fopen (fname, create_flag? "wbx,mode=-rw": "rb+,mode=-rw");
+  if (!fp)
+    {
+      err = gpg_error_from_syserror ();
+      if (create_flag)
+        {
+          /* We should always be able to create a file.  Also we use a
+           * 64 bit session id, it is theoretically possible that such
+           * a session already exists.  However, that is rare enough
+           * and thus the fatal error message should still be  okay.  */
+          log_fatal ("can't create '%s': %s\n", fname, gpg_strerror (err));
+        }
+      else if (gpg_err_code (err) == GPG_ERR_ENOENT)
+        {
+          /* That is an expected error; return NULL.  */
+        }
+      else
+        {
+          log_fatal ("can't open '%s': %s\n", fname, gpg_strerror (err));
+        }
+    }
+
+  if (r_fname)
+    *r_fname = fname;
+  else
+    xfree (fname);
+
+  return fp;
+}
+
+
+/* Write the state to a possible new state file.  */
+static void
+write_state (nvc_t state, int create_flag)
+{
+  gpg_error_t err;
+  char *fname = NULL;
+  estream_t fp;
+
+  fp = open_pairing_state (get_session_id (), create_flag, &fname);
+  log_assert (fp);
+
+  err = nvc_write (state, fp);
+  if (err)
+    {
+      es_fclose  (fp);
+      gnupg_remove (fname);
+      log_fatal ("error writing '%s': %s\n", fname, gpg_strerror (err));
+    }
+
+  /* If we did not create the file, we need to truncate the file.  */
+  if (!create_flag && ftruncate (es_fileno (fp), es_ftello (fp)))
+    {
+      err = gpg_error_from_syserror ();
+      log_fatal ("error truncating '%s': %s\n", fname, gpg_strerror (err));
+    }
+  if (es_ferror (fp) || es_fclose (fp))
+    {
+      err = gpg_error_from_syserror ();
+      es_fclose  (fp);
+      gnupg_remove (fname);
+      log_fatal ("error writing '%s': %s\n", fname, gpg_strerror (err));
+    }
+}
+
+
+/* Read the state into a newly allocated state object and store that
+ * at R_STATE. If no state is available GPG_ERR_NOT_FOUND is returned
+ * and as with all errors NULL is tored at R_STATE.  SESSIONID is an
+ * input with the 8 session id.  */
+static gpg_error_t
+read_state (nvc_t *r_state)
+{
+  gpg_error_t err;
+  char *fname = NULL;
+  estream_t fp;
+  nvc_t state = NULL;
+  nve_t item;
+  const char *value;
+  unsigned long expire;
+
+  *r_state = NULL;
+
+  fp = open_pairing_state (get_session_id (), 0, &fname);
+  if (!fp)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  err = nvc_parse (&state, NULL, fp);
+  if (err)
+    {
+      log_info ("failed to parse state file '%s': %s\n",
+                fname, gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Check whether the state already expired.  */
+  item = nvc_lookup (state, "Expires:");
+  if (!item)
+    {
+      log_info ("invalid state file '%s': %s\n",
+                fname, "field 'expire' not found");
+      goto leave;
+    }
+  value = nve_value (item);
+  if (!value || !(expire = strtoul (value, NULL, 10)))
+    {
+      log_info ("invalid state file '%s': %s\n",
+                fname, "field 'expire' has an invalid value");
+      goto leave;
+    }
+  if (expire <= gnupg_get_time ())
+    {
+      es_fclose (fp);
+      fp = NULL;
+      if (gnupg_remove (fname))
+        {
+          err = gpg_error_from_syserror ();
+          log_info ("failed to delete state file '%s': %s\n",
+                    fname, gpg_strerror (err));
+        }
+      else if (opt.verbose)
+        log_info ("state file '%s' deleted\n", fname);
+      err = gpg_error (GPG_ERR_NOT_FOUND);
+      goto leave;
+    }
+
+  *r_state = state;
+  state = NULL;
+
+ leave:
+  nvc_release (state);
+  es_fclose (fp);
+  return err;
+}
+
+
+/* Send (MSG,MSGLEN) to the output device.  */
+static void
+send_message (const unsigned char *msg, size_t msglen)
+{
+  gpg_error_t err;
+
+  if (opt.verbose)
+    log_info ("session %s: sending %s message\n",
+              get_session_id_hex (), msgtypestr (msg[7]));
+
+  if (DBG_MESSAGE)
+    log_printhex (msg, msglen, "send msg(%s):", msgtypestr (msg[7]));
+
+  /* FIXME: For now only stdout.  */
+  if (opt.armor)
+    {
+      gpgrt_b64state_t state;
+
+      state = gpgrt_b64enc_start (es_stdout, "");
+      if (!state)
+        log_fatal ("error setting up base64 encoder: %s\n",
+                   gpg_strerror (gpg_error_from_syserror ()));
+      err = gpgrt_b64enc_write (state, msg, msglen);
+      if (!err)
+        err = gpgrt_b64enc_finish (state);
+      if (err)
+        log_fatal ("error writing base64 to stdout: %s\n", gpg_strerror (err));
+    }
+  else
+    {
+      if (es_fwrite (msg, msglen, 1, es_stdout) != 1)
+        log_fatal ("error writing to stdout: %s\n",
+                   gpg_strerror (gpg_error_from_syserror ()));
+    }
+  es_fputc ('\n', es_stdout);
+}
+
+
+/* Read a message from stdin and store it at the address (R_MSG,
+ * R_MSGLEN).  This function detects armoring and removes it.  On
+ * error NULL is stored at R_MSG, a diagnostic printed and an error
+ * code returned.  The returned message has a proper message type and
+ * an appropriate length.  The message type is stored at R_MSGTYPE and
+ * if a state is available it is stored at R_STATE.  */
+static gpg_error_t
+read_message (unsigned char **r_msg, size_t *r_msglen, int *r_msgtype,
+              nvc_t *r_state)
+{
+  gpg_error_t err;
+  unsigned char msg[128];  /* max msg size is 80 but 107 with base64.  */
+  size_t msglen;
+  size_t reqlen;
+
+  *r_msg = NULL;
+  *r_state = NULL;
+
+  es_setvbuf (es_stdin, NULL, _IONBF, 0);
+  es_set_binary (es_stdin);
+
+  if (es_read (es_stdin, msg, sizeof msg, &msglen))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error reading from message: %s\n", gpg_strerror (err));
+      return err;
+    }
+
+  if (msglen > 4 && !memcmp (msg, "R1BH", 4))
+    {
+      /* This is base64 of the first 3 bytes.  */
+      gpgrt_b64state_t state = gpgrt_b64dec_start (NULL);
+      if (!state)
+        log_fatal ("error setting up base64 decoder: %s\n",
+                   gpg_strerror (gpg_error_from_syserror ()));
+      err = gpgrt_b64dec_proc (state, msg, msglen, &msglen);
+      gpgrt_b64dec_finish (state);
+      if (err)
+        {
+          log_error ("error decoding message: %s\n", gpg_strerror (err));
+          return err;
+        }
+    }
+
+  if (msglen < 16 || memcmp (msg, "GPG-pa1", 7))
+    {
+      log_error ("error parsing message: %s\n",
+                 msglen? "invalid header":"empty message");
+      return gpg_error (GPG_ERR_INV_RESPONSE);
+    }
+  switch (msg[7])
+    {
+    case MSG_TYPE_COMMIT:  reqlen = 56; break;
+    case MSG_TYPE_DHPART1: reqlen = 80; break;
+    case MSG_TYPE_DHPART2: reqlen = 80; break;
+    case MSG_TYPE_CONFIRM: reqlen = 48; break;
+
+    default:
+      log_error ("error parsing message: %s\n", "invalid message type");
+      return gpg_error (GPG_ERR_INV_RESPONSE);
+    }
+  if (msglen < reqlen)
+    {
+      log_error ("error parsing message: %s\n", "message too short");
+      return gpg_error (GPG_ERR_INV_RESPONSE);
+    }
+
+  if (DBG_MESSAGE)
+    log_printhex (msg, msglen, "recv msg(%s):", msgtypestr (msg[7]));
+
+  /* Note that we ignore any garbage at the end of a message.  */
+  msglen = reqlen;
+
+  set_session_id (msg+8, 8);
+
+  if (opt.verbose)
+    log_info ("session %s: received %s message\n",
+              get_session_id_hex (), msgtypestr (msg[7]));
+
+  /* Read the state.  */
+  err = read_state (r_state);
+  if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+    return err;
+
+  *r_msg = xmalloc (msglen);
+  memcpy (*r_msg, msg, msglen);
+  *r_msglen = msglen;
+  *r_msgtype = msg[7];
+  return err;
+}
+
+
+/* Display the Short Authentication String (SAS). If WAIT is true the
+ * function waits until the user has entered the SAS as seen at the
+ * peer.
+ *
+ * To construct the SAS we take the 4 most significant octets of HASH,
+ * interpret them as a 32 bit big endian unsigned integer, divide that
+ * integer by 10^9 and take the remainder.  The remainder is displayed
+ * as 3 groups of 3 decimal digits delimited by a hyphens.  This gives
+ * a search space of close to 2^30 and is still easy to compare.
+ */
+static gpg_error_t
+display_sas (const unsigned char *hash, size_t hashlen, int wait)
+{
+  gpg_error_t err = 0;
+  unsigned long sas = 0;
+  char sasbuf[12];
+
+  log_assert (hashlen >= 4);
+
+  sas |= (unsigned long)hash[20] << 24;
+  sas |= (unsigned long)hash[21] << 16;
+  sas |= (unsigned long)hash[22] <<  8;
+  sas |= (unsigned long)hash[23];
+  sas %= 1000000000ul;
+  snprintf (sasbuf, sizeof sasbuf, "%09lu", sas);
+  memmove (sasbuf+8, sasbuf+6, 3);
+  memmove (sasbuf+4, sasbuf+3, 3);
+  sasbuf[3] = sasbuf[7] = '-';
+  sasbuf[11] = 0;
+
+  if (wait)
+    log_info ("Please check the SAS:\n");
+  else
+    log_info ("Please note the SAS:\n");
+  log_info ("\n");
+  log_info ("   %s\n", sasbuf);
+  log_info ("\n");
+
+  if (wait)
+    {
+      if (!opt.sas || strcmp (sasbuf, opt.sas))
+        err = gpg_error (GPG_ERR_NOT_CONFIRMED);
+      else
+        log_info ("SAS confirmed\n");
+    }
+
+  if (err)
+    log_info ("checking SAS failed: %s\n", gpg_strerror (err));
+  return err;
+}
+
+
+
+static gpg_error_t
+create_dh_keypair (unsigned char *dh_secret, size_t dh_secret_len,
+                   unsigned char *dh_public, size_t dh_public_len)
+{
+  gpg_error_t err;
+  unsigned char *p;
+
+  /* We need a temporary buffer for the public key.  Check the length
+   * for the later memcpy.  */
+  if (dh_public_len < 32 || dh_secret_len < 32)
+    return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
+
+  if (gcry_ecc_get_algo_keylen (GCRY_ECC_CURVE25519) > dh_public_len)
+    return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
+
+  p = gcry_random_bytes (32, GCRY_VERY_STRONG_RANDOM);
+  if (!p)
+    return gpg_error_from_syserror ();
+
+  memcpy (dh_secret, p, 32);
+  xfree (p);
+
+  err = gcry_ecc_mul_point (GCRY_ECC_CURVE25519, dh_public, dh_secret, NULL);
+  if (err)
+    return err;
+
+  if (DBG_CRYPTO)
+    {
+      log_printhex (dh_secret, 32, "DH secret:");
+      log_printhex (dh_public, 32, "DH public:");
+    }
+
+  return 0;
+}
+
+
+/* SHA256 the data given as varargs tuples of (const void*, size_t)
+ * and store the result in RESULT.  The end of the list is indicated
+ * by a NULL element in a tuple.  RESULTLEN gives the length of the
+ * RESULT buffer which must be at least 32.  Note that the second item
+ * of the tuple is the length and it is a size_t.  */
+static void *
+hash_data (void *result, size_t resultsize, ...)
+{
+  va_list arg_ptr;
+  gpg_error_t err;
+  gcry_md_hd_t hd;
+  const void *data;
+  size_t datalen;
+
+  log_assert (resultsize >= 32);
+
+  err = gcry_md_open (&hd, GCRY_MD_SHA256, 0);
+  if (err)
+    log_fatal ("error creating a Hash handle: %s\n", gpg_strerror (err));
+  /* log_printhex ("", 0, "Hash-256:"); */
+
+  va_start (arg_ptr, resultsize);
+  while ((data = va_arg (arg_ptr, const void *)))
+    {
+      datalen = va_arg (arg_ptr, size_t);
+      /* log_printhex (data, datalen, "    data:"); */
+      gcry_md_write (hd, data, datalen);
+    }
+  va_end (arg_ptr);
+
+  memcpy (result, gcry_md_read (hd, 0), 32);
+  /* log_printhex (result, 32, "  result:"); */
+
+  gcry_md_close (hd);
+
+  return result;
+}
+
+
+/* HMAC-SHA256 the data given as varargs tuples of (const void*,
+ * size_t) using (KEYLEN,KEY) and store the result in RESULT.  The end
+ * of the list is indicated by a NULL element in a tuple.  RESULTLEN
+ * gives the length of the RESULT buffer which must be at least 32.
+ * Note that the second item of the tuple is the length and it is a
+ * size_t.  */
+static void *
+hmac_data (void *result, size_t resultsize,
+           const unsigned char *key, size_t keylen, ...)
+{
+  va_list arg_ptr;
+  gpg_error_t err;
+  gcry_mac_hd_t hd;
+  const void *data;
+  size_t datalen;
+
+  log_assert (resultsize >= 32);
+
+  err = gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA256, 0, NULL);
+  if (err)
+    log_fatal ("error creating a MAC handle: %s\n", gpg_strerror (err));
+  err = gcry_mac_setkey (hd, key, keylen);
+  if (err)
+    log_fatal ("error setting the MAC key: %s\n", gpg_strerror (err));
+  /* log_printhex (key, keylen, "HMAC-key:"); */
+
+  va_start (arg_ptr, keylen);
+  while ((data = va_arg (arg_ptr, const void *)))
+    {
+      datalen = va_arg (arg_ptr, size_t);
+      /* log_printhex (data, datalen, "    data:"); */
+      err = gcry_mac_write (hd, data, datalen);
+      if (err)
+        log_fatal ("error writing to the MAC handle: %s\n", gpg_strerror (err));
+    }
+  va_end (arg_ptr);
+
+  err = gcry_mac_read (hd, result, &resultsize);
+  if (err || resultsize != 32)
+    log_fatal ("error reading MAC value: %s\n", gpg_strerror (err));
+  /* log_printhex (result, resultsize, "  result:"); */
+
+  gcry_mac_close (hd);
+
+  return result;
+}
+
+
+/* Key derivation function:
+ *
+ * FIXME(doc)
+ */
+static void
+kdf (unsigned char *result, size_t resultlen,
+     const unsigned char *master, size_t masterlen,
+     const unsigned char *sessionid, size_t sessionidlen,
+     const unsigned char *expire, size_t expirelen,
+     const char *label)
+{
+  log_assert (masterlen == 32 && sessionidlen == 8 && expirelen == 5);
+  log_assert (*label);
+  log_assert (resultlen == 32);
+
+  hmac_data (result, resultlen, master, masterlen,
+             "\x00\x00\x00\x01", (size_t)4,      /* Counter=1*/
+             label, strlen (label) + 1,          /* Label, 0x00 */
+             sessionid, sessionidlen,            /* Context */
+             expire, expirelen,                  /* Context */
+             "\x00\x00\x01\x00", (size_t)4,      /* L=256 */
+             NULL);
+}
+
+
+static gpg_error_t
+compute_master_secret (unsigned char *master, size_t masterlen,
+                       const unsigned char *sk_a, size_t sk_a_len,
+                       const unsigned char *pk_b, size_t pk_b_len)
+{
+  gpg_error_t err;
+
+  log_assert (masterlen == 32);
+  log_assert (sk_a_len == 32);
+  log_assert (pk_b_len == 32);
+
+  err = gcry_ecc_mul_point (GCRY_ECC_CURVE25519, master, sk_a, pk_b);
+  if (err)
+    log_error ("error computing DH: %s\n", gpg_strerror (err));
+
+  return err;
+}
+
+
+/* We are the Initiator: Create the commit message.  This function
+ * sends the COMMIT message and writes STATE. */
+static gpg_error_t
+make_msg_commit (nvc_t state)
+{
+  gpg_error_t err;
+  uint64_t now, expire;
+  unsigned char secret[32];
+  unsigned char public[32];
+  unsigned char *newmsg;
+  size_t newmsglen;
+  unsigned char tmphash[32];
+
+  err = create_dh_keypair (secret, sizeof secret, public, sizeof public );
+  if (err)
+    log_error ("creating DH keypair failed: %s\n", gpg_strerror (err));
+
+  now = gnupg_get_time ();
+  expire = now + opt.ttl;
+
+  newmsglen = 7+1+8+1+2+5+32;
+  newmsg = xmalloc (newmsglen);
+  memcpy (newmsg+0, "GPG-pa1", 7);
+  newmsg[7] = MSG_TYPE_COMMIT;
+  memcpy (newmsg+8, get_session_id (), 8);
+  newmsg[16] = REALM_STANDARD;
+  newmsg[17] = 0;
+  newmsg[18] = 0;
+  newmsg[19] = expire >> 32;
+  newmsg[20] = expire >> 24;
+  newmsg[21] = expire >> 16;
+  newmsg[22] = expire >> 8;
+  newmsg[23] = expire;
+  gcry_md_hash_buffer (GCRY_MD_SHA256, newmsg+24, public, 32);
+
+  /* Create the state file.  */
+  xnvc_set (state, "State:", "Commit-sent");
+  xnvc_set_printf (state, "Created:", "%llu", (unsigned long long)now);
+  xnvc_set_printf (state, "Expires:", "%llu", (unsigned long long)expire);
+  xnvc_set_hex (state, "DH-PKi:", public, 32);
+  xnvc_set_hex (state, "DH-SKi:", secret, 32);
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, newmsg, newmsglen);
+  xnvc_set_hex (state, "Hash-Commit:", tmphash, 32);
+
+  /* Write the state.  Note that we need to create it.  The state
+   * updating should in theory be done atomically with send_message.
+   * However, we can't assure that the message will actually be
+   * delivered and thus it doesn't matter whether we have an already
+   * update state when we later fail in send_message.  */
+  write_state (state, 1);
+
+  /* Write the message.  */
+  send_message (newmsg, newmsglen);
+
+   xfree (newmsg);
+  return err;
+}
+
+
+/* We are the Responder: Process a commit message in (MSG,MSGLEN)
+ * which has already been validated to have a correct header and
+ * message type.  Sends the DHPart1 message and writes STATE.  */
+static gpg_error_t
+proc_msg_commit (nvc_t state, const unsigned char *msg, size_t msglen)
+{
+  gpg_error_t err;
+  uint64_t now, expire;
+  unsigned char tmphash[32];
+  unsigned char secret[32];
+  unsigned char public[32];
+  unsigned char *newmsg = NULL;
+  size_t newmsglen;
+
+  log_assert (msglen >= 56);
+  now = gnupg_get_time ();
+
+  /* Check that the message has not expired.  */
+  expire  = (uint64_t)msg[19] << 32;
+  expire |= (uint64_t)msg[20] << 24;
+  expire |= (uint64_t)msg[21] << 16;
+  expire |= (uint64_t)msg[22] <<  8;
+  expire |= (uint64_t)msg[23];
+  if (expire < now)
+    {
+      log_error ("received %s message is too old\n",
+                 msgtypestr (MSG_TYPE_COMMIT));
+      err = gpg_error (GPG_ERR_TOO_OLD);
+      goto leave;
+    }
+
+  /* Create the response.  */
+  err = create_dh_keypair (secret, sizeof secret, public, sizeof public );
+  if (err)
+    {
+      log_error ("creating DH keypair failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  newmsglen = 7+1+8+32+32;
+  newmsg = xmalloc (newmsglen);
+  memcpy (newmsg+0, "GPG-pa1", 7);
+  newmsg[7] = MSG_TYPE_DHPART1;
+  memcpy (newmsg+8, msg + 8, 8);   /* SessionID.  */
+  memcpy (newmsg+16, public, 32);  /* PKr */
+  /* Hash(Hash(Commit) || DHPart1[0..47]) */
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, msg, msglen);
+  hash_data (newmsg+48, 32,
+             tmphash, sizeof tmphash,
+             newmsg, (size_t)48,
+             NULL);
+
+  /* Update the state.  */
+  xnvc_set (state, "State:", "DHPart1-sent");
+  xnvc_set_printf (state, "Created:", "%llu", (unsigned long long)now);
+  xnvc_set_printf (state, "Expires:", "%llu", (unsigned long long)expire);
+  xnvc_set_hex (state, "Hash-PKi:", msg+24, 32);
+  xnvc_set_hex (state, "DH-PKr:", public, 32);
+  xnvc_set_hex (state, "DH-SKr:", secret, 32);
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, newmsg, newmsglen);
+  xnvc_set_hex (state, "Hash-DHPart1:", tmphash, 32);
+
+  /* Write the state.  Note that we need to create it. */
+  write_state (state, 1);
+
+  /* Write the message.  */
+  send_message (newmsg, newmsglen);
+
+ leave:
+  xfree (newmsg);
+  return err;
+}
+
+
+/* We are the Initiator: Process a DHPART1 message in (MSG,MSGLEN)
+ * which has already been validated to have a correct header and
+ * message type.  Sends the DHPart2 message and writes STATE.  */
+static gpg_error_t
+proc_msg_dhpart1 (nvc_t state, const unsigned char *msg, size_t msglen)
+{
+  gpg_error_t err;
+  unsigned char hash[32];
+  unsigned char tmphash[32];
+  unsigned char pki[32];
+  unsigned char pkr[32];
+  unsigned char ski[32];
+  unsigned char master[32];
+  uint64_t expire;
+  unsigned char expirebuf[5];
+  unsigned char hmacikey[32];
+  unsigned char symxkey[32];
+  unsigned char *newmsg = NULL;
+  size_t newmsglen;
+
+  log_assert (msglen >= 80);
+
+  /* Check that the message includes the Hash(Commit). */
+  if (hex2bin (xnvc_get_string (state, "Hash-Commit:"), hash, sizeof hash) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'Hash-Commit' in our state file\n");
+      goto leave;
+    }
+  hash_data (tmphash, 32,
+             hash, sizeof hash,
+             msg, (size_t)48,
+             NULL);
+  if (memcmp (msg+48, tmphash, 32))
+    {
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("manipulation of received %s message detected: %s\n",
+                 msgtypestr (MSG_TYPE_DHPART1), "Bad Hash");
+      goto leave;
+    }
+  /* Check that the received PKr is different from our PKi and copy
+   * PKr into PKR.  */
+  if (hex2bin (xnvc_get_string (state, "DH-PKi:"), pki, sizeof pki) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'DH-PKi' in our state file\n");
+      goto leave;
+    }
+  if (!memcmp (msg+16, pki, 32))
+    {
+      /* This can only happen if the state file leaked to the
+       * responder.  */
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("received our own public key PKi instead of PKr\n");
+      goto leave;
+    }
+  memcpy (pkr, msg+16, 32);
+
+  /* Put the expire value into a buffer.  */
+  expire = string_to_u64 (xnvc_get_string (state, "Expires:"));
+  if (!expire)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no 'Expire' in our state file\n");
+      goto leave;
+    }
+  expirebuf[0] = expire >> 32;
+  expirebuf[1] = expire >> 24;
+  expirebuf[2] = expire >> 16;
+  expirebuf[3] = expire >> 8;
+  expirebuf[4] = expire;
+
+  /* Get our secret from the state.  */
+  if (hex2bin (xnvc_get_string (state, "DH-SKi:"), ski, sizeof ski) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'DH-SKi' in our state file\n");
+      goto leave;
+    }
+
+  /* Compute the shared secrets.  */
+  err = compute_master_secret (master, sizeof master,
+                               ski, sizeof ski, pkr, sizeof pkr);
+  if (err)
+    {
+      log_error ("creating DH keypair failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  kdf (hmacikey, sizeof hmacikey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-HMACi-key");
+  kdf (symxkey, sizeof symxkey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-SYMx-key");
+
+
+  /* Create the response.  */
+  newmsglen = 7+1+8+32+32;
+  newmsg = xmalloc (newmsglen);
+  memcpy (newmsg+0, "GPG-pa1", 7);
+  newmsg[7] = MSG_TYPE_DHPART2;
+  memcpy (newmsg+8, msg + 8, 8); /* SessionID.  */
+  memcpy (newmsg+16, pki, 32);   /* PKi */
+  /* MAC(HMACi-key, Hash(DHPART1) || DHPART2[0..47] || SYMx-key) */
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, msg, msglen);
+  hmac_data (newmsg+48, 32, hmacikey, sizeof hmacikey,
+             tmphash, sizeof tmphash,
+             newmsg, (size_t)48,
+             symxkey, sizeof symxkey,
+             NULL);
+
+  /* Update the state.  */
+  xnvc_set (state, "State:", "DHPart2-sent");
+  xnvc_set_hex (state, "DH-Master:", master, sizeof master);
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, newmsg, newmsglen);
+  xnvc_set_hex (state, "Hash-DHPart2:", tmphash, 32);
+
+  /* Write the state.  */
+  write_state (state, 0);
+
+  /* Write the message.  */
+  send_message (newmsg, newmsglen);
+
+ leave:
+  xfree (newmsg);
+  return err;
+}
+
+
+/* We are the Responder: Process a DHPART2 message in (MSG,MSGLEN)
+ * which has already been validated to have a correct header and
+ * message type.  Sends the CONFIRM message and writes STATE.  */
+static gpg_error_t
+proc_msg_dhpart2 (nvc_t state, const unsigned char *msg, size_t msglen)
+{
+  gpg_error_t err;
+  unsigned char hash[32];
+  unsigned char tmphash[32];
+  uint64_t expire;
+  unsigned char expirebuf[5];
+  unsigned char pki[32];
+  unsigned char pkr[32];
+  unsigned char skr[32];
+  unsigned char master[32];
+  unsigned char hmacikey[32];
+  unsigned char hmacrkey[32];
+  unsigned char symxkey[32];
+  unsigned char sas[32];
+  unsigned char *newmsg = NULL;
+  size_t newmsglen;
+
+  log_assert (msglen >= 80);
+
+  /* Check that the PKi in the message matches the Hash(Pki) received
+   * with the Commit message. */
+  memcpy (pki, msg + 16, 32);
+  gcry_md_hash_buffer (GCRY_MD_SHA256, hash, pki, 32);
+  if (hex2bin (xnvc_get_string (state, "Hash-PKi:"),
+               tmphash, sizeof tmphash) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'Hash-PKi' in our state file\n");
+      goto leave;
+    }
+  if (memcmp (hash, tmphash, 32))
+    {
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("Initiator sent a different key in %s than announced in %s\n",
+                 msgtypestr (MSG_TYPE_DHPART2),
+                 msgtypestr (MSG_TYPE_COMMIT));
+      goto leave;
+    }
+  /* Check that the received PKi is different from our PKr.  */
+  if (hex2bin (xnvc_get_string (state, "DH-PKr:"), pkr, sizeof pkr) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'DH-PKr' in our state file\n");
+      goto leave;
+    }
+  if (!memcmp (pkr, pki, 32))
+    {
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("Initiator sent our own PKr back\n");
+      goto leave;
+    }
+
+  /* Put the expire value into a buffer.  */
+  expire = string_to_u64 (xnvc_get_string (state, "Expires:"));
+  if (!expire)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no 'Expire' in our state file\n");
+      goto leave;
+    }
+  expirebuf[0] = expire >> 32;
+  expirebuf[1] = expire >> 24;
+  expirebuf[2] = expire >> 16;
+  expirebuf[3] = expire >> 8;
+  expirebuf[4] = expire;
+
+  /* Get our secret from the state.  */
+  if (hex2bin (xnvc_get_string (state, "DH-SKr:"), skr, sizeof skr) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'DH-SKr' in our state file\n");
+      goto leave;
+    }
+
+  /* Compute the shared secrets.  */
+  err = compute_master_secret (master, sizeof master,
+                               skr, sizeof skr, pki, sizeof pki);
+  if (err)
+    {
+      log_error ("creating DH keypair failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  kdf (hmacikey, sizeof hmacikey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-HMACi-key");
+  kdf (hmacrkey, sizeof hmacrkey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-HMACr-key");
+  kdf (symxkey, sizeof symxkey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-SYMx-key");
+  kdf (sas, sizeof sas,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-SAS");
+
+  /* Check the MAC from the message which is
+   *   MAC(HMACi-key, Hash(DHPART1) || DHPART2[0..47] || SYMx-key).
+   * For that we need to fetch the stored hash from the state.  */
+  if (hex2bin (xnvc_get_string (state, "Hash-DHPart1:"),
+               tmphash, sizeof tmphash) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'Hash-DHPart1' in our state file\n");
+      goto leave;
+    }
+  hmac_data (hash, 32, hmacikey, sizeof hmacikey,
+             tmphash, sizeof tmphash,
+             msg, 48,
+             symxkey, sizeof symxkey,
+             NULL);
+  if (memcmp (msg+48, hash, 32))
+    {
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("manipulation of received %s message detected: %s\n",
+                 msgtypestr (MSG_TYPE_DHPART2), "Bad MAC");
+      goto leave;
+    }
+
+  /* Create the response.  */
+  newmsglen = 7+1+8+32;
+  newmsg = xmalloc (newmsglen);
+  memcpy (newmsg+0, "GPG-pa1", 7);
+  newmsg[7] = MSG_TYPE_CONFIRM;
+  memcpy (newmsg+8, msg + 8, 8); /* SessionID.  */
+  /* MAC(HMACr-key, Hash(DHPART2) || CONFIRM[0..15] || SYMx-key) */
+  gcry_md_hash_buffer (GCRY_MD_SHA256, tmphash, msg, msglen);
+  hmac_data (newmsg+16, 32, hmacrkey, sizeof hmacrkey,
+             tmphash, sizeof tmphash,
+             newmsg, (size_t)16,
+             symxkey, sizeof symxkey,
+             NULL);
+
+  /* Update the state.  */
+  xnvc_set (state, "State:", "Confirm-sent");
+  xnvc_set_hex (state, "DH-Master:", master, sizeof master);
+
+  /* Write the state.  */
+  write_state (state, 0);
+
+  /* Write the message.  */
+  send_message (newmsg, newmsglen);
+
+  display_sas (sas, sizeof sas, 0);
+
+
+ leave:
+  xfree (newmsg);
+  return err;
+}
+
+
+/* We are the Initiator: Process a CONFIRM message in (MSG,MSGLEN)
+ * which has already been validated to have a correct header and
+ * message type.  Does not send anything back.  */
+static gpg_error_t
+proc_msg_confirm (nvc_t state, const unsigned char *msg, size_t msglen)
+{
+  gpg_error_t err;
+  unsigned char hash[32];
+  unsigned char tmphash[32];
+  unsigned char master[32];
+  uint64_t expire;
+  unsigned char expirebuf[5];
+  unsigned char hmacrkey[32];
+  unsigned char symxkey[32];
+  unsigned char sas[32];
+
+  log_assert (msglen >= 48);
+
+  /* Put the expire value into a buffer.  */
+  expire = string_to_u64 (xnvc_get_string (state, "Expires:"));
+  if (!expire)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no 'Expire' in our state file\n");
+      goto leave;
+    }
+  expirebuf[0] = expire >> 32;
+  expirebuf[1] = expire >> 24;
+  expirebuf[2] = expire >> 16;
+  expirebuf[3] = expire >> 8;
+  expirebuf[4] = expire;
+
+  /* Get the master secret.  */
+  if (hex2bin (xnvc_get_string (state, "DH-Master:"),master,sizeof master) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'DH-Master' in our state file\n");
+      goto leave;
+    }
+
+  kdf (hmacrkey, sizeof hmacrkey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-HMACr-key");
+  kdf (symxkey, sizeof symxkey,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-SYMx-key");
+  kdf (sas, sizeof sas,
+       master, sizeof master, msg+8, 8, expirebuf, sizeof expirebuf,
+       "GPG-pa1-SAS");
+
+  /* Check the MAC from the message which is */
+  /*   MAC(HMACr-key, Hash(DHPART2) || CONFIRM[0..15] || SYMx-key). */
+  if (hex2bin (xnvc_get_string (state, "Hash-DHPart2:"),
+               tmphash, sizeof tmphash) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("no or garbled 'Hash-DHPart2' in our state file\n");
+      goto leave;
+    }
+  hmac_data (hash, 32, hmacrkey, sizeof hmacrkey,
+             tmphash, sizeof tmphash,
+             msg, (size_t)16,
+             symxkey, sizeof symxkey,
+             NULL);
+  if (!memcmp (msg+48, hash, 32))
+    {
+      err = gpg_error (GPG_ERR_BAD_DATA);
+      log_error ("manipulation of received %s message detected: %s\n",
+                 msgtypestr (MSG_TYPE_CONFIRM), "Bad MAC");
+      goto leave;
+    }
+
+
+  err = display_sas (sas, sizeof sas, 1);
+  if (err)
+    goto leave;
+
+  /* Update the state.  */
+  xnvc_set (state, "State:", "Confirmed");
+
+  /* Write the state.  */
+  write_state (state, 0);
+
+ leave:
+  return err;
+}
+
+
+
+/* Expire old state files.  This loops over all state files and remove
+ * those which are expired.  */
+static void
+expire_old_states (void)
+{
+  gpg_error_t err = 0;
+  const char *dirname;
+  gnupg_dir_t dir = NULL;
+  gnupg_dirent_t dir_entry;
+  char *fname = NULL;
+  estream_t fp = NULL;
+  nvc_t nvc = NULL;
+  nve_t item;
+  const char *value;
+  unsigned long expire;
+  unsigned long now = gnupg_get_time ();
+
+  dirname = get_pairing_statedir ();
+  dir = gnupg_opendir (dirname);
+  if (!dir)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  while ((dir_entry = gnupg_readdir (dir)))
+    {
+      if (strlen (dir_entry->d_name) != 16+4
+          || strcmp (dir_entry->d_name + 16, ".pa1"))
+        continue;
+
+      xfree (fname);
+      fname = make_filename (dirname, dir_entry->d_name, NULL);
+      es_fclose (fp);
+      fp = es_fopen (fname, "rb");
+      if (!fp)
+        {
+          err = gpg_error_from_syserror ();
+          if (gpg_err_code (err) != GPG_ERR_ENOENT)
+            log_info ("failed to open state file '%s': %s\n",
+                      fname, gpg_strerror (err));
+          continue;
+        }
+      nvc_release (nvc);
+
+      /* NB.: The following is similar to code in read_state.  */
+      err = nvc_parse (&nvc, NULL, fp);
+      if (err)
+        {
+          log_info ("failed to parse state file '%s': %s\n",
+                    fname, gpg_strerror (err));
+          continue; /* Skip */
+        }
+      item = nvc_lookup (nvc, "Expires:");
+      if (!item)
+        {
+          log_info ("invalid state file '%s': %s\n",
+                    fname, "field 'expire' not found");
+          continue; /* Skip */
+        }
+      value = nve_value (item);
+      if (!value || !(expire = strtoul (value, NULL, 10)))
+        {
+          log_info ("invalid state file '%s': %s\n",
+                    fname, "field 'expire' has an invalid value");
+          continue; /* Skip */
+        }
+
+      if (expire <= now)
+        {
+          es_fclose (fp);
+          fp = NULL;
+          if (gnupg_remove (fname))
+            {
+              err = gpg_error_from_syserror ();
+              log_info ("failed to delete state file '%s': %s\n",
+                        fname, gpg_strerror (err));
+            }
+          else if (opt.verbose)
+            log_info ("state file '%s' deleted\n", fname);
+        }
+    }
+
+ leave:
+  if (err)
+    log_error ("expiring old states in '%s' failed: %s\n",
+               dirname, gpg_strerror (err));
+  gnupg_closedir (dir);
+  es_fclose (fp);
+  xfree (fname);
+}
+
+
+
+/* Initiate a pairing.  The output needs to be conveyed to the
+ * peer  */
+static gpg_error_t
+command_initiate (void)
+{
+  gpg_error_t err;
+  nvc_t state;
+
+  state = xnvc_new ();
+  xnvc_set (state, "Version:", "GPG-pa1");
+  xnvc_set_hex (state, "Session:", get_session_id (), 8);
+  xnvc_set (state, "Role:", "Initiator");
+
+  err = make_msg_commit (state);
+
+  nvc_release (state);
+  return err;
+}
+
+
+
+/* Helper for command_respond().  */
+static gpg_error_t
+expect_state (int msgtype, const char *statestr, const char *expected)
+{
+  if (strcmp (statestr, expected))
+    {
+      log_error ("received %s message in %s state (should be %s)\n",
+                 msgtypestr (msgtype), statestr, expected);
+      return gpg_error (GPG_ERR_INV_RESPONSE);
+    }
+  return 0;
+}
+
+/* Respond to a pairing intiation.  This is used by the peer and later
+ * by the original responder.  Depending on the state the output needs
+ * to be conveyed to the peer.  */
+static gpg_error_t
+command_respond (void)
+{
+  gpg_error_t err;
+  unsigned char *msg;
+  size_t msglen = 0; /* In case that read_message returns an error.  */
+  int msgtype = 0;   /* ditto.  */
+  nvc_t state;
+  const char *rolestr;
+  const char *statestr;
+
+  err = read_message (&msg, &msglen, &msgtype, &state);
+  if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+    goto leave;
+  rolestr = xnvc_get_string (state, "Role:");
+  statestr = xnvc_get_string (state, "State:");
+  if (DBG_MESSAGE)
+    {
+      if (!state)
+        log_debug ("no state available\n");
+      else
+        log_debug ("we are %s, our current state is %s\n", rolestr, statestr);
+      log_debug ("got message of type %s (%d)\n",
+                 msgtypestr (msgtype), msgtype);
+    }
+
+  if (!state)
+    {
+      if (msgtype == MSG_TYPE_COMMIT)
+        {
+          state = xnvc_new ();
+          xnvc_set (state, "Version:", "GPG-pa1");
+          xnvc_set_hex (state, "Session:", get_session_id (), 8);
+          xnvc_set (state, "Role:", "Responder");
+          err = proc_msg_commit (state, msg, msglen);
+        }
+      else
+        {
+          log_error ("%s message expected but got %s\n",
+                     msgtypestr (MSG_TYPE_COMMIT), msgtypestr (msgtype));
+          if (msgtype == MSG_TYPE_DHPART1)
+            log_info ("the pairing probably took too long and timed out\n");
+          err = gpg_error (GPG_ERR_INV_RESPONSE);
+          goto leave;
+        }
+    }
+  else if (!strcmp (rolestr, "Initiator"))
+    {
+      if (msgtype == MSG_TYPE_DHPART1)
+        {
+          if (!(err = expect_state (msgtype, statestr, "Commit-sent")))
+            err = proc_msg_dhpart1 (state, msg, msglen);
+        }
+      else if (msgtype == MSG_TYPE_CONFIRM)
+        {
+          if (!(err = expect_state (msgtype, statestr, "DHPart2-sent")))
+            err = proc_msg_confirm (state, msg, msglen);
+        }
+      else
+        {
+          log_error ("%s message not expected by Initiator\n",
+                     msgtypestr (msgtype));
+          err = gpg_error (GPG_ERR_INV_RESPONSE);
+          goto leave;
+        }
+    }
+  else if (!strcmp (rolestr, "Responder"))
+    {
+      if (msgtype == MSG_TYPE_DHPART2)
+        {
+          if (!(err = expect_state (msgtype, statestr, "DHPart1-sent")))
+            err = proc_msg_dhpart2 (state, msg, msglen);
+        }
+      else
+        {
+          log_error ("%s message not expected by Responder\n",
+                     msgtypestr (msgtype));
+          err = gpg_error (GPG_ERR_INV_RESPONSE);
+          goto leave;
+        }
+    }
+  else
+    log_fatal ("invalid role '%s' in state file\n", rolestr);
+
+
+ leave:
+  xfree (msg);
+  nvc_release (state);
+  return err;
+}
+
+
+
+/* Return the keys for SESSIONIDSTR or the last one if it is NULL.
+ * Two keys are returned: The first is the one for sending encrypted
+ * data and the second one for decrypting received data.  The keys are
+ * always returned hex encoded and both are terminated by a LF. */
+static gpg_error_t
+command_get (const char *sessionidstr)
+{
+  gpg_error_t err;
+  unsigned char sessid[8];
+  nvc_t state;
+
+  if (!sessionidstr)
+    {
+      log_error ("calling without session-id is not yet implemented\n");
+      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+      goto leave;
+    }
+  if (hex2bin (sessionidstr, sessid, sizeof sessid) < 0)
+    {
+      err = gpg_error (GPG_ERR_INV_VALUE);
+      log_error ("invalid session id given\n");
+      goto leave;
+    }
+  set_session_id (sessid, sizeof sessid);
+  err = read_state (&state);
+  if (err)
+    {
+      log_error ("reading state of session %s failed: %s\n",
+                 sessionidstr, gpg_strerror (err));
+      goto leave;
+    }
+
+ leave:
+  return err;
+}
+
+
+
+/* Cleanup command.  */
+static gpg_error_t
+command_cleanup (void)
+{
+  expire_old_states ();
+  return 0;
+}
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 4ebf50f..b563432 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -20,6 +20,7 @@
  */
 
 #include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -77,7 +78,7 @@ enum cmd_and_opt_values
 
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (300, ("@Commands:\n ")),
 
   ARGPARSE_c (aSupported, "supported",
@@ -186,7 +187,8 @@ my_strusage( int level )
 static void
 wrong_args (const char *text)
 {
-  es_fprintf (es_stderr, _("usage: %s [options] %s\n"), strusage (11), text);
+  es_fprintf (es_stderr, _("usage: %s [options] %s\n"),
+              gpgrt_strusage (11), text);
   exit (2);
 }
 
@@ -194,12 +196,12 @@ wrong_args (const char *text)
 
 /* Command line parsing.  */
 static enum cmd_and_opt_values
-parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
+parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
 {
   enum cmd_and_opt_values cmd = 0;
   int no_more_options = 0;
 
-  while (!no_more_options && gnupg_argparse (NULL, pargs, popts))
+  while (!no_more_options && gpgrt_argparse (NULL, pargs, popts))
     {
       switch (pargs->r_opt)
         {
@@ -261,11 +263,11 @@ int
 main (int argc, char **argv)
 {
   gpg_error_t err, delayed_err;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   enum cmd_and_opt_values cmd;
 
   gnupg_reopen_std ("gpg-wks-client");
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("gpg-wks-client", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
@@ -280,7 +282,7 @@ main (int argc, char **argv)
   pargs.argv  = &argv;
   pargs.flags = ARGPARSE_FLAG_KEEP;
   cmd = parse_arguments (&pargs, opts);
-  gnupg_argparse (NULL, &pargs, NULL);
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (log_get_errorcount (0))
     exit (2);
@@ -426,7 +428,7 @@ main (int argc, char **argv)
       break;
 
     default:
-      usage (1);
+      gpgrt_usage (1);
       err = 0;
       break;
     }
@@ -556,7 +558,7 @@ decrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
     log_debug ("gpg status: %s %s\n", keyword, args);
   if (!strcmp (keyword, "DECRYPTION_KEY") && !decinfo->fpr)
     {
-      char *fields[3];
+      const char *fields[3];
 
       if (split_fields (args, fields, DIM (fields)) >= 3)
         {
@@ -784,11 +786,11 @@ command_supported (char *userid)
   if (!strchr (userid, '@'))
     {
       char *tmp = xstrconcat ("foo@", userid, NULL);
-      addrspec = mailbox_from_userid (tmp);
+      addrspec = mailbox_from_userid (tmp, 0);
       xfree (tmp);
     }
   else
-    addrspec = mailbox_from_userid (userid);
+    addrspec = mailbox_from_userid (userid, 0);
   if (!addrspec)
     {
       log_error (_("\"%s\" is not a proper mail address\n"), userid);
@@ -851,7 +853,7 @@ command_check (char *userid)
   uidinfo_list_t sl;
   int found = 0;
 
-  addrspec = mailbox_from_userid (userid);
+  addrspec = mailbox_from_userid (userid, 0);
   if (!addrspec)
     {
       log_error (_("\"%s\" is not a proper mail address\n"), userid);
@@ -954,15 +956,14 @@ command_send (const char *fingerprint, const char *userid)
   time_t thistime;
 
   if (classify_user_id (fingerprint, &desc, 1)
-      || !(desc.mode == KEYDB_SEARCH_MODE_FPR
-           || desc.mode == KEYDB_SEARCH_MODE_FPR20))
+      || desc.mode != KEYDB_SEARCH_MODE_FPR)
     {
       log_error (_("\"%s\" is not a fingerprint\n"), fingerprint);
       err = gpg_error (GPG_ERR_INV_NAME);
       goto leave;
     }
 
-  addrspec = mailbox_from_userid (userid);
+  addrspec = mailbox_from_userid (userid, 0);
   if (!addrspec)
     {
       log_error (_("\"%s\" is not a proper mail address\n"), userid);
@@ -1198,7 +1199,7 @@ static void
 encrypt_response_status_cb (void *opaque, const char *keyword, char *args)
 {
   gpg_error_t *failure = opaque;
-  char *fields[2];
+  const char *fields[2];
 
   if (DBG_CRYPTO)
     log_debug ("gpg status: %s %s\n", keyword, args);
@@ -1560,7 +1561,7 @@ read_confirmation_request (estream_t msg)
         {
           err = gpg_error (GPG_ERR_WRONG_SECKEY);
           log_error ("key used to decrypt the confirmation request"
-                     " was not generated by us\n");
+                     " was not generated by us (otrust=%c)\n", decinfo.otrust);
         }
       else
         err = process_confirmation_request (plaintext, decinfo.mainfpr);
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 74bb551..9374792 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -25,6 +25,7 @@
  */
 
 #include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -84,7 +85,7 @@ enum cmd_and_opt_values
 
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (300, ("@Commands:\n ")),
 
   ARGPARSE_c (aReceive,   "receive",
@@ -199,7 +200,7 @@ my_strusage( int level )
 static void
 wrong_args (const char *text)
 {
-  es_fprintf (es_stderr, "usage: %s [options] %s\n", strusage (11), text);
+  es_fprintf (es_stderr, "usage: %s [options] %s\n", gpgrt_strusage (11), text);
   exit (2);
 }
 
@@ -207,12 +208,12 @@ wrong_args (const char *text)
 
 /* Command line parsing.  */
 static enum cmd_and_opt_values
-parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
+parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
 {
   enum cmd_and_opt_values cmd = 0;
   int no_more_options = 0;
 
-  while (!no_more_options && gnupg_argparse (NULL, pargs, popts))
+  while (!no_more_options && gpgrt_argparse (NULL, pargs, popts))
     {
       switch (pargs->r_opt)
         {
@@ -275,11 +276,11 @@ int
 main (int argc, char **argv)
 {
   gpg_error_t err, firsterr;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   enum cmd_and_opt_values cmd;
 
   gnupg_reopen_std ("gpg-wks-server");
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix ("gpg-wks-server", GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
@@ -290,7 +291,7 @@ main (int argc, char **argv)
   pargs.argv  = &argv;
   pargs.flags = ARGPARSE_FLAG_KEEP;
   cmd = parse_arguments (&pargs, opts);
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (log_get_errorcount (0))
     exit (2);
@@ -420,7 +421,7 @@ main (int argc, char **argv)
       break;
 
     default:
-      usage (1);
+      gpgrt_usage (1);
       err = gpg_error (GPG_ERR_BUG);
       break;
     }
@@ -808,65 +809,17 @@ get_policy_flags (policy_flags_t policy, const char *mbox)
 }
 
 
-/* Create the name for the pending file from NONCE and ADDRSPEC and
- * store it at R_NAME.  */
-static gpg_error_t
-make_pending_fname (const char *nonce, const char *addrspec, char **r_name)
-{
-  gpg_error_t err = 0;
-  const char *domain;
-  char *addrspechash = NULL;
-  char sha1buf[20];
-
-  *r_name = NULL;
-
-  domain = addrspec? strchr (addrspec, '@') : NULL;
-  if (!domain || !domain[1] || domain == addrspec)
-    {
-      err = gpg_error (GPG_ERR_INV_ARG);
-      goto leave;
-    }
-  domain++;
-  if (strchr (domain, '/') || strchr (domain, '\\'))
-    {
-      log_info ("invalid domain detected ('%s')\n", domain);
-      err = gpg_error (GPG_ERR_NOT_FOUND);
-      goto leave;
-    }
-  gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, addrspec, domain - addrspec - 1);
-  addrspechash = zb32_encode (sha1buf, 8*20);
-  if (!addrspechash)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
-  *r_name = strconcat (nonce, ".", addrspechash, NULL);
-  if (!*r_name)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
- leave:
-  xfree (addrspechash);
-  return err;
-}
-
-
 /* We store the key under the name of the nonce we will then send to
  * the user.  On success the nonce is stored at R_NONCE and the file
- * name at R_FNAME.  ADDRSPEC is used as part of the pending file name
- * so that the nonce is associated with an address */
+ * name at R_FNAME.  */
 static gpg_error_t
-store_key_as_pending (const char *dir, estream_t key, const char *addrspec,
+store_key_as_pending (const char *dir, estream_t key,
                       char **r_nonce, char **r_fname)
 {
   gpg_error_t err;
   char *dname = NULL;
   char *fname = NULL;
   char *nonce = NULL;
-  char *pendingname = NULL;
   estream_t outfp = NULL;
   char buffer[1024];
   size_t nbytes, nwritten;
@@ -895,11 +848,7 @@ store_key_as_pending (const char *dir, estream_t key, const char *addrspec,
       goto leave;
     }
 
-  err = make_pending_fname (nonce, addrspec, &pendingname);
-  if (err)
-    goto leave;
-
-  fname = strconcat (dname, "/", pendingname, NULL);
+  fname = strconcat (dname, "/", nonce, NULL);
   if (!fname)
     {
       err = gpg_error_from_syserror ();
@@ -968,7 +917,6 @@ store_key_as_pending (const char *dir, estream_t key, const char *addrspec,
       xfree (fname);
     }
   xfree (dname);
-  xfree (pendingname);
   return err;
 }
 
@@ -1259,7 +1207,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
 
           xfree (nonce);
           xfree (fname);
-          err = store_key_as_pending (dname, key, sl->mbox, &nonce, &fname);
+          err = store_key_as_pending (dname, key, &nonce, &fname);
           if (err)
             goto leave;
 
@@ -1415,7 +1363,6 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
   char *fnewname = NULL;
   estream_t key = NULL;
   char *hash = NULL;
-  char *pendingname = NULL;
   const char *domain;
   const char *s;
   uidinfo_list_t sl;
@@ -1432,21 +1379,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
   domain = strchr (address, '@');
   log_assert (domain && domain[1]);
   domain++;
-  if (strchr (domain, '/') || strchr (domain, '\\')
-      || strchr (nonce, '/') || strchr (nonce, '\\'))
-    {
-      log_info ("invalid domain or nonce received ('%s', '%s')\n",
-                domain, nonce);
-      err = gpg_error (GPG_ERR_NOT_FOUND);
-      goto leave;
-    }
-
-  err = make_pending_fname (nonce, address, &pendingname);
-  if (err)
-    goto leave;
-
-  fname = make_filename_try (opt.directory, domain, "pending", pendingname,
-                             NULL);
+  fname = make_filename_try (opt.directory, domain, "pending", nonce, NULL);
   if (!fname)
     {
       err = gpg_error_from_syserror ();
@@ -1510,7 +1443,7 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
     }
 
   /* Make sure it is world readable.  */
-  if (gnupg_chmod (fnewname, "-rw-r--r--"))
+  if (gnupg_chmod (fnewname, "-rwxr--r--"))
     log_error ("can't set permissions of '%s': %s\n",
                fnewname, gpg_strerror (gpg_err_code_from_syserror()));
 
@@ -1558,7 +1491,6 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
   xfree (fnewname);
   xfree (fname);
   xfree (nonce2);
-  xfree (pendingname);
   return err;
 }
 
@@ -1785,8 +1717,7 @@ expire_one_domain (const char *top_dirname, const char *domain)
                      __func__, gpg_strerror (err));
           goto leave;
         }
-      /* The old files are 32 bytes, those created since 2.3.8 are 65 bytes. */
-      if (strlen (dentry->d_name) != 32 && strlen (dentry->d_name) != 65)
+      if (strlen (dentry->d_name) != 32)
         {
           log_info ("garbage file '%s' ignored\n", fname);
           continue;
diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in
deleted file mode 100644
index 9047e36..0000000
--- a/tools/gpg-zip.in
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/bin/sh
-
-# gpg-archive - gpg-ized tar using the same format as PGP's PGP Zip.
-# Copyright (C) 2005 Free Software Foundation, Inc.
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-# Despite the name, PGP Zip format is actually an OpenPGP-wrapped tar
-# file.  To be compatible with PGP itself, this must be a USTAR format
-# tar file.  Unclear on whether there is a distinction here between
-# the GNU or POSIX variant of USTAR.
-
-VERSION=@VERSION@
-TAR=@TAR@
-GPG=gpg
-
-usage="\
-Usage: gpg-zip [--help] [--version] [--encrypt] [--decrypt] [--symmetric]
-       [--list-archive] [--output FILE] [--gpg GPG] [--gpg-args ARGS]
-       [--tar TAR] [--tar-args ARGS] filename1 [filename2, ...]
-       directory1 [directory2, ...]
-
-Encrypt or sign files into an archive."
-
-
-echo "gpg-zip: This script is deprecated - please use gpgtar instead." >&2
-
-tar_verbose_opt="v"
-
-while test $# -gt 0 ; do
-  case $1 in
-    -h | --help | --h*)
-      echo "$usage"
-      exit 0
-      ;;
-    --list-archive)
-      list=yes
-      create=no
-      unpack=no
-      shift
-      ;;
-    --encrypt | -e)
-      gpg_args="$gpg_args --encrypt"
-      list=no
-      create=yes
-      unpack=no
-      shift
-      ;;
-    --decrypt | -d)
-      gpg_args="$gpg_args --decrypt"
-      list=no
-      create=no
-      unpack=yes
-      shift
-      ;;
-    --symmetric | -c)
-      gpg_args="$gpg_args --symmetric"
-      list=no
-      create=yes
-      unpack=no
-      shift
-      ;;
-    --sign | -s)
-      gpg_args="$gpg_args --sign"
-      list=no
-      create=yes
-      unpack=no
-      shift
-      ;;
-    --recipient | -r)
-      gpg_args="$gpg_args --recipient $2"
-      shift
-      shift
-      ;;
-    --local-user | -u)
-      gpg_args="$gpg_args --local-user $2"
-      shift
-      shift
-      ;;
-    --output | -o)
-      gpg_args="$gpg_args --output $2"
-      shift
-      shift
-      ;;
-    --version)
-      echo "gpg-zip (GnuPG) $VERSION"
-      exit 0
-      ;;
-    --gpg)
-      GPG=$2
-      shift
-      shift
-      ;;
-    --gpg-args)
-      gpg_args="$gpg_args $2"
-      shift
-      shift
-      ;;
-    --tar)
-      TAR=$2
-      shift
-      shift
-      ;;
-    --tar-args)
-      tar_args="$tar_args $2"
-      shift
-      shift
-      ;;
-    --quiet)
-      tar_verbose_opt=""
-      shift
-      ;;
-    --)
-      shift
-      break
-      ;;
-    -*)
-      echo "$usage" 1>&2
-      exit 1
-      ;;
-    *)
-      break
-      ;;
-  esac
-done
-
-if test x$create = xyes ; then
-#   echo "$TAR $tar_args -cf - "$@" | $GPG --set-filename x.tar $gpg_args" 1>&2
-   $TAR $tar_args -cf - "$@" | $GPG --set-filename x.tar $gpg_args
-elif test x$list = xyes ; then
-#   echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -tf -" 1>&2
-   cat "$1" | $GPG $gpg_args | $TAR $tar_args -tf -
-elif test x$unpack = xyes ; then
-#   echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -xvf -" 1>&2
-   cat "$1" | $GPG $gpg_args | $TAR $tar_args -x${tar_verbose_opt}f -
-else
-   echo "$usage" 1>&2
-   exit 1
-fi
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index c9bdfeb..ca15aa8 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1,7 +1,7 @@
 /* gpgconf-comp.c - Configuration utility for GnuPG.
  * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
  * Copyright (C) 2016 Werner Koch
- * Copyright (C) 2020-2022 g10 Code GmbH
+ * Copyright (C) 2020, 2021 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -17,6 +17,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #if HAVE_CONFIG_H
@@ -52,14 +53,6 @@
 #include "../common/gc-opt-flags.h"
 #include "gpgconf.h"
 
-/* There is a problem with gpg 1.4 under Windows: --gpgconf-list
-   returns a plain filename without escaping.  As long as we have not
-   fixed that we need to use gpg2.  */
-#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
-#define GPGNAME "gpg2"
-#else
-#define GPGNAME GPG_NAME
-#endif
 
 
 
@@ -80,7 +73,7 @@ gc_error (int status, int errnum, const char *fmt, ...)
   va_list arg_ptr;
 
   va_start (arg_ptr, fmt);
-  log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
+  log_logv (GPGRT_LOGLVL_ERROR, fmt, arg_ptr);
   va_end (arg_ptr);
 
   if (errnum)
@@ -100,8 +93,9 @@ gc_error (int status, int errnum, const char *fmt, ...)
 /* Forward declaration.  */
 static void gpg_agent_runtime_change (int killflag);
 static void scdaemon_runtime_change (int killflag);
+static void tpm2daemon_runtime_change (int killflag);
 static void dirmngr_runtime_change (int killflag);
-
+static void keyboxd_runtime_change (int killflag);
 
 
 
@@ -283,7 +277,6 @@ static const struct
 #define GC_OPT_FLAG_RUNTIME	(1UL << 3)
 
 
-
 /* A human-readable description for each flag.  */
 static const struct
 {
@@ -329,8 +322,8 @@ typedef struct known_option_s known_option_t;
 static known_option_t known_options_gpg_agent[] =
   {
    { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
-   { "disable-scdaemon", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
-                         GC_LEVEL_ADVANCED },
+   { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
+   { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "ssh-fingerprint-digest", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
    { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
@@ -356,8 +349,6 @@ static known_option_t known_options_gpg_agent[] =
    { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
    { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
      /**/                        GC_ARG_TYPE_FILENAME },
-   { "check-sym-passphrase-pattern", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
-     /**/                        GC_ARG_TYPE_FILENAME },
    { "max-passphrase-days", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
    { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
    { "pinentry-timeout", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
@@ -370,6 +361,7 @@ static known_option_t known_options_gpg_agent[] =
 static known_option_t known_options_scdaemon[] =
   {
    { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
+   { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "reader-port",  GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
    { "ctapi-driver", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
@@ -378,6 +370,7 @@ static known_option_t known_options_scdaemon[] =
    { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
    { "enable-pinpad-varlen", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
    { "card-timeout",         GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
+   { "application-priority", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
    { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED},
    { "log-file",    GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
      GC_ARG_TYPE_FILENAME },
@@ -386,11 +379,27 @@ static known_option_t known_options_scdaemon[] =
    { NULL }
  };
 
+/* The known options of the GC_COMPONENT_TPM2DAEMON component.  */
+static known_option_t known_options_tpm2daemon[] =
+  {
+   { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
+   { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
+   { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+   { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED},
+   { "log-file",    GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+     GC_ARG_TYPE_FILENAME },
+   { "deny-admin",  GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
+   { "parent",  GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
+
+   { NULL }
+ };
+
 
 /* The known options of the GC_COMPONENT_GPG component.  */
 static known_option_t known_options_gpg[] =
   {
    { "verbose",              GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
+   { "quiet",                GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "no-greeting",          GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "default-key",          GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "encrypt-to",           GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
@@ -402,20 +411,18 @@ static known_option_t known_options_gpg[] =
    { "debug-level",          GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED },
    { "log-file",             GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      GC_ARG_TYPE_FILENAME },
-   { "keyserver",            GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "auto-key-locate",      GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "auto-key-import",      GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
-   { "no-auto-key-import",   GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "auto-key-retrieve",    GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
-   { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "include-key-block",    GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
-   { "no-include-key-block", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "disable-dirmngr",      GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
    { "max-cert-depth",       GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "completes-needed",     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "marginals-needed",     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
 
-   /* The next is a pseudo option which we read via --gpgconf-list.
+   { "use-keyboxd",          GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+
+   /* The next items are pseudo options which we read via --gpgconf-list.
     * The meta information is taken from the table below.  */
    { "default_pubkey_algo",  GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "compliance_de_vs",     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
@@ -437,12 +444,13 @@ static const char *known_pseudo_options_gpg[] =
 static known_option_t known_options_gpgsm[] =
  {
    { "verbose",           GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
+   { "quiet",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "no-greeting",       GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "default-key",       GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "encrypt-to",        GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "disable-dirmngr",   GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
    { "p12-charset",       GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
-   { "keyserver",         GC_OPT_FLAG_LIST, GC_LEVEL_INVISIBLE,
+   { "keyserver",         GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
                           GC_ARG_TYPE_LDAP_SERVER },
    { "compliance",        GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
    { "debug-level",       GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED },
@@ -458,6 +466,8 @@ static known_option_t known_options_gpgsm[] =
    { "cipher-algo",                    GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
 
+   { "use-keyboxd",                    GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+
    /* Pseudo option follows.  See also table below. */
    { "default_pubkey_algo",            GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
 
@@ -474,6 +484,7 @@ static const char *known_pseudo_options_gpgsm[] =
 static known_option_t known_options_dirmngr[] =
  {
    { "verbose",           GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
+   { "quiet",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "no-greeting",       GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "resolver-timeout",  GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "nameserver",        GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
@@ -481,11 +492,10 @@ static known_option_t known_options_dirmngr[] =
    { "log-file",          GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
                           GC_ARG_TYPE_FILENAME },
    { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+   { "batch",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "force",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "use-tor",           GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "keyserver",         GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
-   { "ldapserver",        GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
-                          GC_ARG_TYPE_LDAP_SERVER },
    { "disable-http",      GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "ignore-http-dp",    GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "http-proxy",        GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
@@ -494,7 +504,7 @@ static known_option_t known_options_dirmngr[] =
    { "ignore-ldap-dp",    GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
    { "ldap-proxy",        GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "only-ldap-proxy",   GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
-   { "add-servers",       GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
+   { "add-servers",       GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
    { "ldaptimeout",       GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "max-replies",       GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "allow-ocsp",        GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
@@ -507,6 +517,18 @@ static known_option_t known_options_dirmngr[] =
    { NULL }
  };
 
+/* The known options of the GC_COMPONENT_KEYBOXD component.  */
+static known_option_t known_options_keyboxd[] =
+ {
+   { "verbose",           GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
+   { "quiet",             GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
+   { "log-file",          GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+                          GC_ARG_TYPE_FILENAME },
+   { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+
+   { NULL }
+ };
+
 
 /* The known options of the GC_COMPONENT_PINENTRY component.  */
 static known_option_t known_options_pinentry[] =
@@ -528,7 +550,7 @@ struct gc_option_s
   unsigned int opt_arg:1;      /* The option's argument is optional.    */
   unsigned int runtime:1;      /* The option is runtime changeable.  */
 
-  unsigned int gpgconf_list:1; /* Has been announced in gpgconf-list.  */
+  unsigned int gpgconf_list:1; /* Mentioned by --gpgconf-list.  */
 
   unsigned int has_default:1;  /* The option has a default value.  */
   unsigned int def_in_desc:1;  /* The default is in the descrition.  */
@@ -607,7 +629,7 @@ static struct
    * header lines and such.  This is suitable to be passed to
    * gpgrt_argparser.  Will be filled in by
    * retrieve_options_from_program. */
-  gnupg_opt_t *opt_table;
+  gpgrt_opt_t *opt_table;
 
   /* The full table including data from OPT_TABLE.  The end of the
    * table is marked by NULL entry for NAME.  Will be filled in by
@@ -630,6 +652,10 @@ static struct
      GNUPG_MODULE_NAME_GPGSM, GPGSM_NAME ".conf",
      known_options_gpgsm, known_pseudo_options_gpgsm },
 
+   { KEYBOXD_NAME, KEYBOXD_DISP_NAME, "gnupg", N_("Public Keys"),
+     GNUPG_MODULE_NAME_KEYBOXD, KEYBOXD_NAME ".conf",
+     known_options_keyboxd, NULL, keyboxd_runtime_change },
+
    { GPG_AGENT_NAME, GPG_AGENT_DISP_NAME, "gnupg", N_("Private Keys"),
      GNUPG_MODULE_NAME_AGENT, GPG_AGENT_NAME ".conf",
      known_options_gpg_agent, NULL, gpg_agent_runtime_change },
@@ -638,6 +664,10 @@ static struct
      GNUPG_MODULE_NAME_SCDAEMON, SCDAEMON_NAME ".conf",
      known_options_scdaemon, NULL, scdaemon_runtime_change},
 
+   { TPM2DAEMON_NAME, TPM2DAEMON_DISP_NAME, "gnupg", N_("TPM"),
+     GNUPG_MODULE_NAME_TPM2DAEMON, TPM2DAEMON_NAME ".conf",
+     known_options_tpm2daemon, NULL, tpm2daemon_runtime_change},
+
    { DIRMNGR_NAME, DIRMNGR_DISP_NAME, "gnupg",   N_("Network"),
      GNUPG_MODULE_NAME_DIRMNGR, DIRMNGR_NAME ".conf",
      known_options_dirmngr, NULL, dirmngr_runtime_change },
@@ -701,6 +731,7 @@ gpg_agent_runtime_change (int killflag)
   const char *argv[5];
   pid_t pid = (pid_t)(-1);
   int i = 0;
+  int cmdidx;
 
   pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
   if (!gnupg_default_homedir_p ())
@@ -709,8 +740,10 @@ gpg_agent_runtime_change (int killflag)
       argv[i++] = gnupg_homedir ();
     }
   argv[i++] = "--no-autostart";
+  cmdidx = i;
   argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
-  argv[i++] = NULL;
+  argv[i] = NULL;
+  log_assert (i < DIM(argv));
 
   if (!err)
     err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
@@ -718,7 +751,7 @@ gpg_agent_runtime_change (int killflag)
     err = gnupg_wait_process (pgmname, pid, 1, NULL);
   if (err)
     gc_error (0, 0, "error running '%s %s': %s",
-              pgmname, argv[1], gpg_strerror (err));
+              pgmname, argv[cmdidx], gpg_strerror (err));
   gnupg_release_process (pid);
 }
 
@@ -731,6 +764,7 @@ scdaemon_runtime_change (int killflag)
   const char *argv[9];
   pid_t pid = (pid_t)(-1);
   int i = 0;
+  int cmdidx;
 
   (void)killflag;  /* For scdaemon kill and reload are synonyms.  */
 
@@ -749,9 +783,11 @@ scdaemon_runtime_change (int killflag)
   argv[i++] = "--no-autostart";
   argv[i++] = "GETINFO scd_running";
   argv[i++] = "/if ${! $?}";
+  cmdidx = i;
   argv[i++] = "scd killscd";
   argv[i++] = "/end";
-  argv[i++] = NULL;
+  argv[i] = NULL;
+  log_assert (i < DIM(argv));
 
   if (!err)
     err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
@@ -759,31 +795,109 @@ scdaemon_runtime_change (int killflag)
     err = gnupg_wait_process (pgmname, pid, 1, NULL);
   if (err)
     gc_error (0, 0, "error running '%s %s': %s",
-              pgmname, argv[4], gpg_strerror (err));
+              pgmname, argv[cmdidx], gpg_strerror (err));
   gnupg_release_process (pid);
 }
 
 
 static void
-dirmngr_runtime_change (int killflag)
+tpm2daemon_runtime_change (int killflag)
 {
   gpg_error_t err = 0;
   const char *pgmname;
-  const char *argv[6];
+  const char *argv[9];
   pid_t pid = (pid_t)(-1);
   int i = 0;
   int cmdidx;
 
+  (void)killflag;  /* For scdaemon kill and reload are synonyms.  */
+
+  /* We use "GETINFO app_running" to see whether the agent is already
+     running and kill it only in this case.  This avoids an explicit
+     starting of the agent in case it is not yet running.  There is
+     obviously a race condition but that should not harm too much.  */
+
   pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
   if (!gnupg_default_homedir_p ())
     {
       argv[i++] = "--homedir";
       argv[i++] = gnupg_homedir ();
     }
+  argv[i++] = "-s";
+  argv[i++] = "--no-autostart";
+  argv[i++] = "GETINFO tpm2d_running";
+  argv[i++] = "/if ${! $?}";
+  cmdidx = i;
+  argv[i++] = "scd killtpm2cd";
+  argv[i++] = "/end";
+  argv[i] = NULL;
+  log_assert (i < DIM(argv));
+
+  if (!err)
+    err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
+  if (!err)
+    err = gnupg_wait_process (pgmname, pid, 1, NULL);
+  if (err)
+    gc_error (0, 0, "error running '%s %s': %s",
+              pgmname, argv[cmdidx], gpg_strerror (err));
+  gnupg_release_process (pid);
+}
+
+
+static void
+dirmngr_runtime_change (int killflag)
+{
+  gpg_error_t err = 0;
+  const char *pgmname;
+  const char *argv[6];
+  pid_t pid = (pid_t)(-1);
+  int i = 0;
+  int cmdidx;
+
+  pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
   argv[i++] = "--no-autostart";
   argv[i++] = "--dirmngr";
   cmdidx = i;
   argv[i++] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
+  if (!gnupg_default_homedir_p ())
+    {
+      argv[i++] = "--homedir";
+      argv[i++] = gnupg_homedir ();
+    }
+  argv[i] = NULL;
+  log_assert (i < DIM(argv));
+
+  if (!err)
+    err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
+  if (!err)
+    err = gnupg_wait_process (pgmname, pid, 1, NULL);
+  if (err)
+    gc_error (0, 0, "error running '%s %s': %s",
+              pgmname, argv[cmdidx], gpg_strerror (err));
+  gnupg_release_process (pid);
+}
+
+
+static void
+keyboxd_runtime_change (int killflag)
+{
+  gpg_error_t err = 0;
+  const char *pgmname;
+  const char *argv[6];
+  pid_t pid = (pid_t)(-1);
+  int i = 0;
+  int cmdidx;
+
+  pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
+  argv[i++] = "--no-autostart";
+  argv[i++] = "--keyboxd";
+  cmdidx = i;
+  argv[i++] = killflag? "KILLKEYBOXD" : "RELOADKEYBOXD";
+  if (!gnupg_default_homedir_p ())
+    {
+      argv[i++] = "--homedir";
+      argv[i++] = gnupg_homedir ();
+    }
   argv[i] = NULL;
   log_assert (i < DIM(argv));
 
@@ -812,11 +926,14 @@ gc_component_launch (int component)
     {
       err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
       if (!err)
+        err = gc_component_launch (GC_COMPONENT_KEYBOXD);
+      if (!err)
         err = gc_component_launch (GC_COMPONENT_DIRMNGR);
       return err;
     }
 
   if (!(component == GC_COMPONENT_GPG_AGENT
+        || component == GC_COMPONENT_KEYBOXD
         || component == GC_COMPONENT_DIRMNGR))
     {
       log_error ("%s\n", _("Component not suitable for launching"));
@@ -842,6 +959,8 @@ gc_component_launch (int component)
     }
   if (component == GC_COMPONENT_DIRMNGR)
     argv[i++] = "--dirmngr";
+  else if (component == GC_COMPONENT_KEYBOXD)
+    argv[i++] = "--keyboxd";
   argv[i++] = "NOP";
   argv[i] = NULL;
   log_assert (i < DIM(argv));
@@ -852,7 +971,8 @@ gc_component_launch (int component)
   if (err)
     gc_error (0, 0, "error running '%s%s%s': %s",
               pgmname,
-              component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
+              component == GC_COMPONENT_DIRMNGR? " --dirmngr"
+              : component == GC_COMPONENT_KEYBOXD? " --keyboxd":"",
               " NOP",
               gpg_strerror (err));
   gnupg_release_process (pid);
@@ -905,9 +1025,9 @@ gc_component_reload (int component)
 /* More or less Robust version of dgettext.  It has the side effect of
    switching the codeset to utf-8 because this is what we want to
    output.  In theory it is possible to keep the original code set and
-   switch back for regular disgnostic output (redefine "_(" for that)
-   but given the natur of this tool, being something invoked from
-   other pograms, it does not make much sense.  */
+   switch back for regular diagnostic output (redefine "_(" for that)
+   but given the nature of this tool, being something invoked from
+   other programs, it does not make much sense.  */
 static const char *
 my_dgettext (const char *domain, const char *msgid)
 {
@@ -947,7 +1067,7 @@ my_dgettext (const char *domain, const char *msgid)
           switched_codeset = 1;
           bind_textdomain_codeset (PACKAGE_GT, "utf-8");
 
-          bindtextdomain (DIRMNGR_NAME, gnupg_localedir ());
+          bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
           bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
 
         }
@@ -982,9 +1102,7 @@ gc_percent_escape (const char *src)
 
   if (esc_str_len < new_len)
     {
-      char *new_esc_str = realloc (esc_str, new_len);
-      if (!new_esc_str)
-	gc_error (1, errno, "can not escape string");
+      char *new_esc_str = xrealloc (esc_str, new_len);
       esc_str = new_esc_str;
       esc_str_len = new_len;
     }
@@ -1041,9 +1159,7 @@ percent_deescape (const char *src)
 
   if (str_len < new_len)
     {
-      char *new_str = realloc (str, new_len);
-      if (!new_str)
-	gc_error (1, errno, "can not deescape string");
+      char *new_str = xrealloc (str, new_len);
       str = new_str;
       str_len = new_len;
     }
@@ -1229,7 +1345,8 @@ gc_component_check_options (int component, estream_t out, const char *conf_file)
     argv[i++] = "--version";
   else
     argv[i++] = "--gpgconf-test";
-  argv[i++] = NULL;
+  argv[i] = NULL;
+  log_assert (i < DIM(argv));
 
   result = 0;
   errlines = NULL;
@@ -1335,10 +1452,6 @@ list_one_option (gc_component_id_t component,
   unsigned long flags;
   const char *desc_domain = gc_component[component].desc_domain;
 
-  /* Don't show options with the ignore attribute.  */
-  if (option->attr_ignore && !option->attr_force)
-    return;
-
   if (option->desc)
     {
       desc = my_dgettext (desc_domain, option->desc);
@@ -1375,7 +1488,6 @@ list_one_option (gc_component_id_t component,
   if (option->def_in_desc) flags |= GC_OPT_FLAG_DEF_DESC;
   if (option->no_arg_desc) flags |= GC_OPT_FLAG_NO_ARG_DESC;
   if (option->no_change)   flags |= GC_OPT_FLAG_NO_CHANGE;
-  if (option->attr_force)  flags |= GC_OPT_FLAG_NO_CHANGE;
   es_fprintf (out, ":%lu", flags);
   if (opt.verbose)
     {
@@ -1535,6 +1647,7 @@ find_option (gc_component_id_t component, const char *name)
 }
 
 
+
 
 struct read_line_wrapper_parm_s
 {
@@ -1585,7 +1698,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
 {
   gpg_error_t err;
   const char *pgmname;
-  const char *argv[4];
+  const char *argv[2];
   estream_t outfp;
   int exitcode;
   pid_t pid;
@@ -1595,10 +1708,10 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
   size_t line_len;
   ssize_t length;
   const char *config_name;
-  gnupg_argparse_t pargs;
+  gpgrt_argparse_t pargs;
   int dummy_argc;
   char *twopartconfig_name = NULL;
-  gnupg_opt_t *opt_table = NULL;      /* A malloced option table.    */
+  gpgrt_opt_t *opt_table = NULL;      /* A malloced option table.    */
   size_t opt_table_used = 0;          /* Its current length.         */
   size_t opt_table_size = 0;          /* Its allocated length.       */
   gc_option_t *opt_info = NULL;       /* A malloced options table.  */
@@ -1639,13 +1752,14 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
   pseudo_count = 0;
   while ((length = read_line_wrapper (&read_line_parm)) > 0)
     {
-      char *fields[4];
-      char *optname, *optdesc;
+      const char *fields[4];
+      const char *optname, *optdesc;
       unsigned int optflags;
       int short_opt;
       gc_arg_type_t arg_type;
       int pseudo = 0;
 
+
       if (read_line_parm.extra_line_buffer)
         {
           line = read_line_parm.extra_line_buffer;
@@ -1716,8 +1830,8 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
                                         string_array_size,
                                         sizeof *string_array);
         }
-      string_array[string_array_used++] = optname = xstrdup (fields[0]);
-      string_array[string_array_used++] = optdesc = xstrdup (fields[3]);
+      optname = string_array[string_array_used++] = xstrdup (fields[0]);
+      optdesc = string_array[string_array_used++] = xstrdup (fields[3]);
 
       /* Create an option table which can then be supplied to
        * gpgrt_parser.  Unfortunately there is no private pointer in
@@ -1759,6 +1873,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
       if (pseudo) /* Pseudo options are always no_change.  */
         opt_info[opt_info_used].no_change = 1;
 
+
       if ((optflags & ARGPARSE_OPT_HEADER))
         opt_info[opt_info_used].is_header = 1;
       if (known_option)
@@ -1769,7 +1884,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
            * We need to check the code whether both specifications match.  */
           if ((known_option->flags & GC_OPT_FLAG_ARG_OPT))
             opt_info[opt_info_used].opt_arg = 1;
-          /* Same here.  */
+
           if ((known_option->flags & GC_OPT_FLAG_RUNTIME))
             opt_info[opt_info_used].runtime = 1;
 
@@ -1785,6 +1900,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
   line_len = read_line_parm.line_len;
   log_assert (opt_table_used + pseudo_count == opt_info_used);
 
+
   err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
   if (err)
     gc_error (1, 0, "running %s failed (exitcode=%d): %s",
@@ -1922,18 +2038,21 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
   if (opt.verbose)
     pargs.flags |= ARGPARSE_FLAG_VERBOSE;
 
-  while (gnupg_argparser (&pargs, opt_table, config_name))
+  while (gpgrt_argparser (&pargs, opt_table, config_name))
     {
       char *opt_value;
 
+      if (pargs.r_type & ARGPARSE_OPT_IGNORE)
+        {
+          /* log_debug ("ignored\n"); */
+          continue;
+        }
       if (pargs.r_opt == ARGPARSE_CONFFILE)
         {
           /* log_debug ("current conffile='%s'\n", */
           /*            pargs.r_type? pargs.r.ret_str: "[cmdline]"); */
           continue;
         }
-      if ((pargs.r_type & ARGPARSE_OPT_IGNORE))
-        continue;
 
       /* We only have the short option.  Search in the option table
        * for the long option name.  */
@@ -1949,18 +2068,8 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
       if (!option)
         continue;  /* We don't want to handle this option.  */
 
-      /* Set the force and ignore attributes.  The idea is that there
-       * is no way to clear them again, thus we set them when first
-       * encountered.  */
-      if ((pargs.r_type & ARGPARSE_ATTR_FORCE))
-        option->attr_force  = 1;
-      if ((pargs.r_type & ARGPARSE_ATTR_IGNORE))
-        option->attr_ignore = 1;
-
-      /* If an option has been ignored, there is no need to return
-       * that option with gpgconf --list-options.  */
-      if (option->attr_ignore)
-        continue;
+      option->attr_ignore = !!(pargs.r_type & ARGPARSE_ATTR_IGNORE);
+      option->attr_force  = !!(pargs.r_type & ARGPARSE_ATTR_FORCE);
 
       switch ((pargs.r_type & ARGPARSE_TYPE_MASK))
         {
@@ -1974,10 +2083,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
           opt_value = xasprintf ("%lu", pargs.r.ret_ulong);
           break;
         case ARGPARSE_TYPE_STRING:
-          if (!pargs.r.ret_str)
-            opt_value = xstrdup ("\"(none)"); /* We should not see this.  */
-          else
-            opt_value = xasprintf ("\"%s", gc_percent_escape (pargs.r.ret_str));
+          opt_value = xasprintf ("\"%s", gc_percent_escape (pargs.r.ret_str));
           break;
         default: /* ARGPARSE_TYPE_NONE or any unknown type.  */
           opt_value = xstrdup ("1");  /* Make sure we have some value.  */
@@ -2006,6 +2112,7 @@ retrieve_options_from_program (gc_component_id_t component, int only_installed)
 }
 
 
+
 /* Retrieve the currently active options and their defaults for this
    component.  Using -1 for component will retrieve all options from
    all installed components. */
@@ -2213,7 +2320,7 @@ copy_file (const char *src_name, const char *dst_name)
 
 
 /* Create and verify the new configuration file for the specified
- * component.  Returns 0 on success and -1 on error.  If
+ *  component.  Returns 0 on success and -1 on error.  If
  * VERBATIM is set the profile mode is used.  This function may store
  * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
  * ORIG_FILENAMEP.  Those must be freed by the caller.  The strings
@@ -2258,7 +2365,6 @@ change_options_program (gc_component_id_t component,
 
   dest_filename = make_absfilename
     (gnupg_homedir (), gc_component[component].option_config_filename, NULL);
-
   src_filename = xasprintf ("%s.%s.%i.new",
                             dest_filename, GPGCONF_NAME, (int)getpid ());
   orig_filename = xasprintf ("%s.%s.%i.bak",
@@ -2797,6 +2903,7 @@ gc_component_change_options (int component, estream_t in, estream_t out,
       char *backup_filename;
 
       log_assert (dest_filename);
+
       backup_filename = xasprintf ("%s.%s.bak",
                                    dest_filename, GPGCONF_NAME);
       gnupg_rename_file (orig_filename, backup_filename, NULL);
@@ -2813,7 +2920,7 @@ gc_component_change_options (int component, estream_t in, estream_t out,
 }
 
 
-/* Check whether USER matches the current user of one of its group.
+/* Check whether USER matches the current user or one of its group.
    This function may change USER.  Returns true is there is a
    match.  */
 static int
@@ -2958,7 +3065,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
          when running in syntax check mode.  */
       if (errno != ENOENT || !update)
         {
-          gc_error (0, errno, "can not open global config file '%s'", fname);
+          gc_error (0, errno, "can't open global config file '%s'", fname);
           result = -1;
         }
       xfree (fname);
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index 1b3f2be..63c3054 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -1,6 +1,6 @@
 /* gpgconf.c - Configuration utility for GnuPG
  * Copyright (C) 2003, 2007, 2009, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2016, 2020 g10 Code GmbH.
+ * Copyright (C) 2016 g10 Code GmbH.
  *
  * This file is part of GnuPG.
  *
@@ -20,6 +20,7 @@
  */
 
 #include <config.h>
+
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -46,17 +47,12 @@ enum cmd_and_opt_values
     oRuntime    = 'r',
     oComponent  = 'c',
     oNull       = '0',
-    aListDirs   = 'L',
-    aKill       = 'K',
-    aReload     = 'R',
-    aShowVersions = 'V',
-    aShowConfigs  = 'X',
-
     oNoVerbose	= 500,
     oHomedir,
     oBuilddir,
     oStatusFD,
     oShowSocket,
+    oChUid,
 
     aListComponents,
     aCheckPrograms,
@@ -67,15 +63,20 @@ enum cmd_and_opt_values
     aListConfig,
     aCheckConfig,
     aQuerySWDB,
+    aListDirs,
     aLaunch,
+    aKill,
     aCreateSocketDir,
     aRemoveSocketDir,
-    aApplyProfile
+    aApplyProfile,
+    aReload,
+    aShowVersions,
+    aShowCodepages
   };
 
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] =
+static gpgrt_opt_t opts[] =
   {
     { 300, NULL, 0, N_("@Commands:\n ") },
 
@@ -101,8 +102,8 @@ static ARGPARSE_OPTS opts[] =
     { aKill,          "kill", 256,   N_("kill a given component")},
     { aCreateSocketDir, "create-socketdir", 256, "@"},
     { aRemoveSocketDir, "remove-socketdir", 256, "@"},
-    ARGPARSE_c (aShowVersions, "show-versions", ""),
-    ARGPARSE_c (aShowConfigs,  "show-configs", ""),
+    ARGPARSE_c (aShowVersions, "show-versions", "@"),
+    ARGPARSE_c (aShowCodepages, "show-codepages", "@"),
 
     { 301, NULL, 0, N_("@\nOptions:\n ") },
 
@@ -111,29 +112,25 @@ static ARGPARSE_OPTS opts[] =
     { oQuiet, "quiet",      0, N_("quiet") },
     { oDryRun, "dry-run",   0, N_("do not make any changes") },
     { oRuntime, "runtime",  0, N_("activate changes at runtime, if possible") },
-  ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
+    ARGPARSE_s_i (oStatusFD, "status-fd",
+                  N_("|FD|write status info to this FD")),
     /* hidden options */
     { oHomedir, "homedir", 2, "@" },
     { oBuilddir, "build-prefix", 2, "@" },
     { oNull, "null", 0, "@" },
     { oNoVerbose, "no-verbose",  0, "@"},
     ARGPARSE_s_n (oShowSocket, "show-socket", "@"),
+    ARGPARSE_s_s (oChUid, "chuid", "@"),
 
     ARGPARSE_end(),
   };
 
 
-
-#define CUTLINE_FMT \
-  "--8<---------------cut here---------------%s------------->8---\n"
-
-
 /* The stream to output the status information.  Status Output is disabled if
  * this is NULL.  */
 static estream_t statusfp;
 
 static void show_versions (estream_t fp);
-static void show_configs (estream_t fp);
 
 
 
@@ -243,7 +240,7 @@ gpgconf_write_status (int no, const char *format, ...)
 
 
 static void
-list_dirs (estream_t fp, char **names, int special)
+list_dirs (estream_t fp, char **names)
 {
   static struct {
     const char *name;
@@ -258,6 +255,7 @@ list_dirs (estream_t fp, char **names, int special)
     { "localedir",          gnupg_localedir,  NULL },
     { "socketdir",          gnupg_socketdir,  NULL },
     { "dirmngr-socket",     dirmngr_socket_name, NULL,},
+    { "keyboxd-socket",     keyboxd_socket_name, NULL,},
     { "agent-ssh-socket",   gnupg_socketdir,  GPG_AGENT_SSH_SOCK_NAME },
     { "agent-extra-socket", gnupg_socketdir,  GPG_AGENT_EXTRA_SOCK_NAME },
     { "agent-browser-socket",gnupg_socketdir, GPG_AGENT_BROWSER_SOCK_NAME },
@@ -301,56 +299,12 @@ list_dirs (estream_t fp, char **names, int special)
                                   "HomeDir");
   if (tmp)
     {
-      int hkcu = 0;
-      int hklm = 0;
-
-      xfree (tmp);
-      if ((tmp = read_w32_registry_string ("HKEY_CURRENT_USER",
-                                           GNUPG_REGISTRY_DIR,
-                                           "HomeDir")))
-        {
-          xfree (tmp);
-          hkcu = 1;
-        }
-      if ((tmp = read_w32_registry_string ("HKEY_LOCAL_MACHINE",
-                                           GNUPG_REGISTRY_DIR,
-                                           "HomeDir")))
-        {
-          xfree (tmp);
-          hklm = 1;
-        }
-
       es_fflush (fp);
-      if (special)
-        es_fprintf (fp, "\n"
-                    "### Note: homedir taken from registry key %s%s\\%s:%s\n"
-                    "\n",
-                    hkcu?" HKCU":"", hklm?" HKLM":"",
-                    GNUPG_REGISTRY_DIR, "HomeDir");
-      else
-        log_info ("Warning: homedir taken from registry key (%s:%s) in%s%s\n",
-                  GNUPG_REGISTRY_DIR, "HomeDir",
-                  hkcu?" HKCU":"",
-                  hklm?" HKLM":"");
-    }
-  else if ((tmp = read_w32_registry_string (NULL,
-                                            GNUPG_REGISTRY_DIR,
-                                            NULL)))
-    {
+      log_info ("Warning: homedir taken from registry key (%s %s)\n",
+                GNUPG_REGISTRY_DIR, "HomeDir");
       xfree (tmp);
-      es_fflush (fp);
-      if (special)
-        es_fprintf (fp, "\n"
-                    "### Note: registry key %s without value in HKCU or HKLM\n"
-                    "\n", GNUPG_REGISTRY_DIR);
-      else
-        log_info ("Warning: registry key (%s) without value in HKCU or HKLM\n",
-                  GNUPG_REGISTRY_DIR);
     }
-
-#else /*!HAVE_W32_SYSTEM*/
-  (void)special;
-#endif /*!HAVE_W32_SYSTEM*/
+#endif /*HAVE_W32_SYSTEM*/
 }
 
 
@@ -393,7 +347,7 @@ valid_swdb_name_p (const char *name)
  *            Common codes seen:
  *            GPG_ERR_TOO_OLD :: The SWDB file is to old to be used.
  *            GPG_ERR_ENOENT  :: The SWDB file is not available.
- *            GPG_ERR_BAD_SIGNATURE :: Currupted SWDB file.
+ *            GPG_ERR_BAD_SIGNATURE :: Corrupted SWDB file.
  * filedate:: Date of the swdb file (yyyymmddThhmmss)
  * verified:: Date we checked the validity of the file (yyyyymmddThhmmss)
  * version :: The version string from the swdb.
@@ -414,7 +368,7 @@ query_swdb (estream_t out, const char *name, const char *current_version)
   size_t length_of_line = 0;
   size_t  maxlen;
   ssize_t len;
-  char *fields[2];
+  const char *fields[2];
   char *p;
   gnupg_isotime_t filedate = {0};
   gnupg_isotime_t verified = {0};
@@ -599,17 +553,18 @@ int
 main (int argc, char **argv)
 {
   gpg_error_t err;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
   const char *fname;
   int no_more_options = 0;
   enum cmd_and_opt_values cmd = 0;
   estream_t outfp = NULL;
   int show_socket = 0;
+  const char *changeuser = NULL;
 
   early_system_init ();
   gnupg_reopen_std (GPGCONF_NAME);
-  set_strusage (my_strusage);
-  log_set_prefix (GPGCONF_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_NO_REGISTRY);
+  gpgrt_set_strusage (my_strusage);
+  log_set_prefix (GPGCONF_NAME, GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init();
@@ -620,7 +575,7 @@ main (int argc, char **argv)
   pargs.argc  = &argc;
   pargs.argv  = &argv;
   pargs.flags = ARGPARSE_FLAG_KEEP;
-  while (!no_more_options && gnupg_argparse (NULL, &pargs, opts))
+  while (!no_more_options && gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -637,6 +592,7 @@ main (int argc, char **argv)
           set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
           break;
         case oShowSocket: show_socket = 1; break;
+        case oChUid:      changeuser = pargs.r.ret_str; break;
 
 	case aListDirs:
         case aListComponents:
@@ -655,14 +611,15 @@ main (int argc, char **argv)
         case aCreateSocketDir:
         case aRemoveSocketDir:
         case aShowVersions:
-        case aShowConfigs:
+        case aShowCodepages:
 	  cmd = pargs.r_opt;
 	  break;
 
-        default: pargs.err = ARGPARSE_PRINT_ERROR; break;
+        default: pargs.err = 2; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (log_get_errorcount (0))
     gpgconf_failure (GPG_ERR_USER_2);
@@ -679,11 +636,15 @@ main (int argc, char **argv)
 
   fname = argc ? *argv : NULL;
 
+  /* If requested switch to the requested user or die.  */
+  if (changeuser && (err = gnupg_chuid (changeuser, 0)))
+    gpgconf_failure (err);
+
   /* Set the configuraton directories for use by gpgrt_argparser.  We
    * don't have a configuration file for this program but we have code
    * which reads the component's config files.  */
-  gnupg_set_confdir (GNUPG_CONFDIR_SYS, gnupg_sysconfdir ());
-  gnupg_set_confdir (GNUPG_CONFDIR_USER, gnupg_homedir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   switch (cmd)
     {
@@ -779,11 +740,13 @@ main (int argc, char **argv)
                     names[0] = "agent-socket";
                   else if (idx == GC_COMPONENT_DIRMNGR)
                     names[0] = "dirmngr-socket";
+                  else if (idx == GC_COMPONENT_KEYBOXD)
+                    names[0] = "keyboxd-socket";
                   else
                     names[0] = NULL;
                   names[1] = NULL;
                   get_outfp (&outfp);
-                  list_dirs (outfp, names, 0);
+                  list_dirs (outfp, names);
                 }
               if (err)
                 gpgconf_failure (0);
@@ -860,7 +823,7 @@ main (int argc, char **argv)
     case aListDirs:
       /* Show the system configuration directories for gpgconf.  */
       get_outfp (&outfp);
-      list_dirs (outfp, argc? argv : NULL, 0);
+      list_dirs (outfp, argc? argv : NULL);
       break;
 
     case aQuerySWDB:
@@ -928,9 +891,9 @@ main (int argc, char **argv)
           log_info ("ignoring request to remove non /run/user socket dir\n");
         else if (opt.dry_run)
           ;
-        else if (gnupg_rmdir (socketdir))
+        else if (rmdir (socketdir))
           {
-            /* If the director is not empty we first try to delet
+            /* If the director is not empty we first try to delete
              * socket files.  */
             err = gpg_error_from_syserror ();
             if (gpg_err_code (err) == GPG_ERR_ENOTEMPTY
@@ -942,6 +905,7 @@ main (int argc, char **argv)
                   GPG_AGENT_BROWSER_SOCK_NAME,
                   GPG_AGENT_SSH_SOCK_NAME,
                   SCDAEMON_SOCK_NAME,
+                  KEYBOXD_SOCK_NAME,
                   DIRMNGR_SOCK_NAME
                 };
                 int i;
@@ -954,7 +918,7 @@ main (int argc, char **argv)
                       gnupg_remove (p);
                     xfree (p);
                   }
-                if (gnupg_rmdir (socketdir))
+                if (rmdir (socketdir))
                   gc_error (1, 0, "error removing '%s': %s",
                             socketdir, gpg_strerror (err));
               }
@@ -977,13 +941,22 @@ main (int argc, char **argv)
       }
       break;
 
-    case aShowConfigs:
+    case aShowCodepages:
+#ifdef HAVE_W32_SYSTEM
       {
         get_outfp (&outfp);
-        show_configs (outfp);
+        if (GetConsoleCP () != GetConsoleOutputCP ())
+          es_fprintf (outfp, "Console: CP%u/CP%u\n",
+                      GetConsoleCP (), GetConsoleOutputCP ());
+        else
+          es_fprintf (outfp, "Console: CP%u\n", GetConsoleCP ());
+        es_fprintf (outfp, "ANSI: CP%u\n", GetACP ());
+        es_fprintf (outfp, "OEM: CP%u\n", GetOEMCP ());
       }
+#endif
       break;
 
+
     }
 
   if (outfp != es_stdout)
@@ -1040,52 +1013,16 @@ get_revision_from_blurb (const char *blurb, int *r_len)
 
 
 static void
-show_version_gnupg (estream_t fp, const char *prefix)
+show_version_gnupg (estream_t fp)
 {
-  char *fname, *p;
-  size_t n;
-  estream_t verfp;
-  char line[100];
-
-  es_fprintf (fp, "%s%sGnuPG %s (%s)\n%s%s\n", prefix, *prefix?"":"* ",
-              strusage (13), BUILD_REVISION, prefix, strusage (17));
-
-  /* Show the GnuPG VS-Desktop version in --show-configs mode  */
-  if (prefix && *prefix == '#')
-    {
-      fname = make_filename (gnupg_bindir (), NULL);
-      n = strlen (fname);
-      if (n > 10 && (!ascii_strcasecmp (fname + n - 10, "/GnuPG/bin")
-                     || !ascii_strcasecmp (fname + n - 10, "\\GnuPG\\bin")))
-        {
-          /* Append VERSION to the ../../ direcory.  Note that VERSION
-           * is only 7 bytes and thus fits.  */
-          strcpy (fname + n - 9, "VERSION");
-          verfp = es_fopen (fname, "r");
-          if (!verfp)
-            es_fprintf (fp, "%s[VERSION file not found]\n", prefix);
-          else if (!es_fgets (line, sizeof line, verfp))
-            es_fprintf (fp, "%s[VERSION file is empty]\n", prefix);
-          else
-            {
-              trim_spaces (line);
-              for (p=line; *p; p++)
-                if (*p < ' ' || *p > '~' || *p == '[')
-                  *p = '?';
-              es_fprintf (fp, "%s%s\n", prefix, line);
-            }
-          es_fclose (verfp);
-        }
-      xfree (fname);
-    }
-
+  es_fprintf (fp, "* GnuPG %s (%s)\n%s\n",
+              gpgrt_strusage (13), BUILD_REVISION, gpgrt_strusage (17));
 #ifdef HAVE_W32_SYSTEM
   {
     OSVERSIONINFO osvi = { sizeof (osvi) };
 
     GetVersionEx (&osvi);
-    es_fprintf (fp, "%sWindows %lu.%lu build %lu%s%s%s\n",
-                prefix,
+    es_fprintf (fp, "Windows %lu.%lu build %lu%s%s%s\n",
                 (unsigned long)osvi.dwMajorVersion,
                 (unsigned long)osvi.dwMinorVersion,
                 (unsigned long)osvi.dwBuildNumber,
@@ -1190,7 +1127,7 @@ show_versions_via_dirmngr (estream_t fp)
 static void
 show_versions (estream_t fp)
 {
-  show_version_gnupg (fp, "");
+  show_version_gnupg (fp);
   es_fputc ('\n', fp);
   show_version_libgcrypt (fp);
   es_fputc ('\n', fp);
@@ -1198,408 +1135,3 @@ show_versions (estream_t fp)
   es_fputc ('\n', fp);
   show_versions_via_dirmngr (fp);
 }
-
-
-
-/* Copy data from file SRC to DST.  Returns 0 on success or an error
- * code on failure.  If LISTP is not NULL, that strlist is updated
- * with the variabale or registry key names detected.  Flag bit 0
- * indicates a registry entry.  */
-static gpg_error_t
-my_copy_file (estream_t src, estream_t dst, strlist_t *listp)
-{
-  gpg_error_t err;
-  char *line = NULL;
-  size_t line_len = 0;
-  ssize_t length;
-  int written;
-
-  while ((length = es_read_line (src, &line, &line_len, NULL)) > 0)
-    {
-      /* Strip newline and carriage return, if present.  */
-      written = gpgrt_fwrite (line, 1, length, dst);
-      if (written != length)
-	return gpg_error_from_syserror ();
-      trim_spaces (line);
-      if (*line == '[' && listp)
-        {
-          char **tokens;
-          char *p;
-
-          for (p=line+1; *p; p++)
-            if (*p != ' ' && *p != '\t')
-              break;
-          if (*p && p[strlen (p)-1] == ']')
-            p[strlen (p)-1] = 0;
-          tokens = strtokenize (p, " \t");
-          if (!tokens)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("strtokenize failed: %s\n", gpg_strerror (err));
-              return err;
-            }
-
-          /* Check whether we have a getreg or getenv statement and
-           * store the third token to later retrieval.  */
-          if (tokens[0]  && tokens[1] && tokens[2]
-              && (!strcmp (tokens[0], "getreg")
-                  || !strcmp (tokens[0], "getenv")))
-            {
-              int isreg = (tokens[0][3] == 'r');
-              strlist_t sl = *listp;
-
-              for (sl = *listp; sl; sl = sl->next)
-                if (!strcmp (sl->d, tokens[2]) && (sl->flags & 1) == isreg)
-                  break;
-              if (!sl) /* Not yet in the respective list.  */
-                {
-                  sl = add_to_strlist (listp, tokens[2]);
-                  if (isreg)
-                    sl->flags = 1;
-                }
-            }
-
-          xfree (tokens);
-        }
-    }
-  if (length < 0 || es_ferror (src))
-    return gpg_error_from_syserror ();
-
-  if (gpgrt_fflush (dst))
-    return gpg_error_from_syserror ();
-
-  return 0;
-}
-
-
-/* Helper for show_configs  */
-static void
-show_configs_one_file (const char *fname, int global, estream_t outfp,
-                       strlist_t *listp)
-{
-  gpg_error_t err;
-  estream_t fp;
-
-  fp = es_fopen (fname, "r");
-  if (!fp)
-    {
-      err = gpg_error_from_syserror ();
-      es_fprintf (outfp, "###\n### %s config \"%s\": %s\n###\n",
-                  global? "global":"local", fname,
-                  (gpg_err_code (err) == GPG_ERR_ENOENT)?
-                  "not installed" : gpg_strerror (err));
-    }
-  else
-    {
-      es_fprintf (outfp, "###\n### %s config \"%s\"\n###\n",
-                  global? "global":"local", fname);
-      es_fprintf (outfp, CUTLINE_FMT, "start");
-      err = my_copy_file (fp, outfp, listp);
-      if (err)
-        log_error ("error copying file \"%s\": %s\n",
-                   fname, gpg_strerror (err));
-      es_fprintf (outfp, CUTLINE_FMT, "end--");
-      es_fclose (fp);
-    }
-}
-
-
-#ifdef HAVE_W32_SYSTEM
-/* Print registry entries relevant to the GnuPG system and related
- * software.  */
-static void
-show_other_registry_entries (estream_t outfp)
-{
-  static struct {
-    int group;
-    const char *name;
-  } names[] =
-  {
-    { 1, "HKLM\\Software\\Gpg4win:Install Directory" },
-    { 1, "HKLM\\Software\\Gpg4win:Desktop-Version" },
-    { 1, "HKLM\\Software\\Gpg4win:VS-Desktop-Version" },
-    { 1, "\\" GNUPG_REGISTRY_DIR ":HomeDir" },
-    { 1, "\\" GNUPG_REGISTRY_DIR ":DefaultLogFile" },
-    { 2, "\\Software\\Microsoft\\Office\\Outlook\\Addins\\GNU.GpgOL"
-      ":LoadBehavior" },
-    { 2, "HKCU\\Software\\Microsoft\\Office\\16.0\\Outlook\\Options\\Mail:"
-      "ReadAsPlain" },
-    { 2, "HKCU\\Software\\Policies\\Microsoft\\Office\\16.0\\Outlook\\"
-      "Options\\Mail:ReadAsPlain" },
-    { 3, "logFile" },
-    { 3, "enableDebug" },
-    { 3, "searchSmimeServers" },
-    { 3, "smimeInsecureReplyAllowed" },
-    { 3, "enableSmime" },
-    { 3, "preferSmime" },
-    { 3, "encryptDefault" },
-    { 3, "signDefault" },
-    { 3, "inlinePGP" },
-    { 3, "replyCrypt" },
-    { 3, "autoresolve" },
-    { 3, "autoretrieve" },
-    { 3, "automation" },
-    { 3, "autosecure" },
-    { 3, "autotrust" },
-    { 3, "autoencryptUntrusted" },
-    { 3, "autoimport" },
-    { 3, "splitBCCMails" },
-    { 3, "combinedOpsEnabled" },
-    { 3, "encryptSubject" },
-    { 0, NULL }
-  };
-  int idx;
-  int group = 0;
-  char *namebuf = NULL;
-  const char *name;
-  int from_hklm;
-
-  for (idx=0; (name = names[idx].name); idx++)
-    {
-      char *value;
-
-      if (names[idx].group == 3)
-        {
-          xfree (namebuf);
-          namebuf = xstrconcat ("\\Software\\GNU\\GpgOL", ":",
-                                names[idx].name, NULL);
-          name = namebuf;
-        }
-
-      value = read_w32_reg_string (name, &from_hklm);
-      if (!value)
-        continue;
-
-      if (names[idx].group != group)
-        {
-          group = names[idx].group;
-          es_fprintf (outfp, "###\n### %s related:\n",
-                      group == 1 ? "GnuPG Desktop" :
-                      group == 2 ? "Outlook" :
-                      group == 3 ? "\\Software\\GNU\\GpgOL"
-                      : "System" );
-        }
-
-      if (group == 3)
-        es_fprintf (outfp, "### %s=%s%s\n", names[idx].name, value,
-                    from_hklm? " [hklm]":"");
-      else
-        es_fprintf (outfp, "### %s\n###   ->%s<-%s\n", name, value,
-                    from_hklm? " [hklm]":"");
-
-      xfree (value);
-    }
-
-  es_fprintf (outfp, "###\n");
-  xfree (namebuf);
-}
-
-
-/* Print registry entries take from a configuration file.  */
-static void
-show_registry_entries_from_file (estream_t outfp)
-{
-  gpg_error_t err;
-  char *fname;
-  estream_t fp;
-  char *line = NULL;
-  size_t length_of_line = 0;
-  size_t  maxlen;
-  ssize_t len;
-  char *value = NULL;
-  int from_hklm;
-  int any = 0;
-
-  fname = make_filename (gnupg_datadir (), "gpgconf.rnames", NULL);
-  fp = es_fopen (fname, "r");
-  if (!fp)
-    {
-      err = gpg_error_from_syserror ();
-      if (gpg_err_code (err) != GPG_ERR_ENOENT)
-        log_error ("error opening '%s': %s\n", fname, gpg_strerror (err));
-      goto leave;
-    }
-
-  maxlen = 2048; /* Set limit.  */
-  while ((len = es_read_line (fp, &line, &length_of_line, &maxlen)) > 0)
-    {
-      if (!maxlen)
-        {
-          err = gpg_error (GPG_ERR_LINE_TOO_LONG);
-          log_error ("error reading '%s': %s\n", fname, gpg_strerror (err));
-          goto leave;
-        }
-      trim_spaces (line);
-      if (*line == '#')
-        continue;
-
-      xfree (value);
-      value = read_w32_reg_string (line, &from_hklm);
-      if (!value)
-        continue;
-
-      if (!any)
-        {
-          any = 1;
-          es_fprintf (outfp, "### Taken from gpgconf.rnames:\n");
-        }
-
-      es_fprintf (outfp, "### %s\n###   ->%s<-%s\n", line, value,
-                  from_hklm? " [hklm]":"");
-
-    }
-  if (len < 0 || es_ferror (fp))
-    {
-      err = gpg_error_from_syserror ();
-      log_error ("error reading '%s': %s\n", fname, gpg_strerror (err));
-    }
-
- leave:
-  if (any)
-    es_fprintf (outfp, "###\n");
-  xfree (value);
-  xfree (line);
-  es_fclose (fp);
-  xfree (fname);
-}
-#endif /*HAVE_W32_SYSTEM*/
-
-
-/* Show all config files.  */
-static void
-show_configs (estream_t outfp)
-{
-  static const char *names[] = { "common.conf", "gpg-agent.conf",
-                                 "scdaemon.conf", "dirmngr.conf",
-                                 "gpg.conf", "gpgsm.conf" };
-  gpg_error_t err;
-  int idx;
-  char *fname;
-  gnupg_dir_t dir;
-  gnupg_dirent_t dir_entry;
-  size_t n;
-  int any;
-  strlist_t list = NULL;
-  strlist_t sl;
-  const char *s;
-
-  es_fprintf (outfp, "### Dump of all standard config files\n");
-  show_version_gnupg (outfp, "### ");
-  es_fprintf (outfp, "### Libgcrypt %s\n", gcry_check_version (NULL));
-  es_fprintf (outfp, "### GpgRT %s\n", gpg_error_check_version (NULL));
-#ifdef HAVE_W32_SYSTEM
-  es_fprintf (outfp, "### Codepages:");
-  if (GetConsoleCP () != GetConsoleOutputCP ())
-    es_fprintf (outfp, " %u/%u", GetConsoleCP (), GetConsoleOutputCP ());
-  else
-    es_fprintf (outfp, " %u", GetConsoleCP ());
-  es_fprintf (outfp, " %u", GetACP ());
-  es_fprintf (outfp, " %u\n", GetOEMCP ());
-#endif
-  es_fprintf (outfp, "###\n\n");
-
-  list_dirs (outfp, NULL, 1);
-  es_fprintf (outfp, "\n");
-
-  for (idx = 0; idx < DIM (names); idx++)
-    {
-      fname = make_filename (gnupg_sysconfdir (), names[idx], NULL);
-      show_configs_one_file (fname, 1, outfp, &list);
-      xfree (fname);
-      fname = make_filename (gnupg_homedir (), names[idx], NULL);
-      show_configs_one_file (fname, 0, outfp, &list);
-      xfree (fname);
-      es_fprintf (outfp, "\n");
-    }
-
-  /* Print the encountered registry values and envvars.  */
-  if (list)
-    {
-      any = 0;
-      for (sl = list; sl; sl = sl->next)
-        if (!(sl->flags & 1))
-          {
-            if (!any)
-              {
-                any = 1;
-                es_fprintf (outfp,
-                            "###\n"
-                            "### List of encountered environment variables:\n");
-              }
-            if ((s = getenv (sl->d)))
-              es_fprintf (outfp, "### %-12s ->%s<-\n", sl->d, s);
-            else
-              es_fprintf (outfp, "### %-12s [not set]\n", sl->d);
-          }
-      if (any)
-        es_fprintf (outfp, "###\n");
-    }
-
-#ifdef HAVE_W32_SYSTEM
-  es_fprintf (outfp, "###\n### Registry entries:\n");
-  any = 0;
-  if (list)
-    {
-      for (sl = list; sl; sl = sl->next)
-        if ((sl->flags & 1))
-          {
-            char *p;
-            int from_hklm;
-
-            if (!any)
-              {
-                any = 1;
-                es_fprintf (outfp, "###\n### Encountered in config files:\n");
-              }
-            if ((p = read_w32_reg_string (sl->d, &from_hklm)))
-              es_fprintf (outfp, "### %s ->%s<-%s\n", sl->d, p,
-                          from_hklm? " [hklm]":"");
-            else
-              es_fprintf (outfp, "### %s [not set]\n", sl->d);
-            xfree (p);
-          }
-    }
-  if (!any)
-    es_fprintf (outfp, "###\n");
-  show_other_registry_entries (outfp);
-  show_registry_entries_from_file (outfp);
-#endif /*HAVE_W32_SYSTEM*/
-
-  free_strlist (list);
-
-  /* Check for uncommon files in the home directory.  */
-  dir = gnupg_opendir (gnupg_homedir ());
-  if (!dir)
-    {
-      err = gpg_error_from_syserror ();
-      log_error ("error reading directory \"%s\": %s\n",
-                 gnupg_homedir (), gpg_strerror (err));
-      return;
-    }
-
-  any = 0;
-  while ((dir_entry = gnupg_readdir (dir)))
-    {
-      for (idx = 0; idx < DIM (names); idx++)
-        {
-          n = strlen (names[idx]);
-          if (!ascii_strncasecmp (dir_entry->d_name, names[idx], n)
-              && dir_entry->d_name[n] == '-'
-              && ascii_strncasecmp (dir_entry->d_name, "gpg.conf-1", 10))
-            {
-              if (!any)
-                {
-                  any = 1;
-                  es_fprintf (outfp,
-                              "###\n"
-                              "### Warning: suspicious files in \"%s\":\n",
-                              gnupg_homedir ());
-                }
-              es_fprintf (outfp, "### %s\n", dir_entry->d_name);
-            }
-        }
-    }
-  if (any)
-    es_fprintf (outfp, "###\n");
-  gnupg_closedir (dir);
-}
diff --git a/tools/gpgconf.h b/tools/gpgconf.h
index 83aee9a..e398442 100644
--- a/tools/gpgconf.h
+++ b/tools/gpgconf.h
@@ -58,12 +58,18 @@ typedef enum
     /* GPG for S/MIME.  */
     GC_COMPONENT_GPGSM,
 
+    /* The optional public key daermon.  */
+    GC_COMPONENT_KEYBOXD,
+
     /* The GPG Agent.  */
     GC_COMPONENT_GPG_AGENT,
 
     /* The Smardcard Daemon.  */
     GC_COMPONENT_SCDAEMON,
 
+    /* The TPM2 Daemon.  */
+    GC_COMPONENT_TPM2DAEMON,
+
     /* The LDAP Directory Manager for CRLs.  */
     GC_COMPONENT_DIRMNGR,
 
diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c
index d65348c..7257b63 100644
--- a/tools/gpgsplit.c
+++ b/tools/gpgsplit.c
@@ -19,6 +19,7 @@
  */
 
 #include <config.h>
+
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -67,7 +68,7 @@ enum cmd_and_opt_values {
 };
 
 
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
 
     { 301, NULL, 0, "@Options:\n " },
 
@@ -114,19 +115,22 @@ my_strusage (int level)
 int
 main (int argc, char **argv)
 {
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
 
 #ifdef HAVE_DOSISH_SYSTEM
   setmode( fileno(stdin), O_BINARY );
   setmode( fileno(stdout), O_BINARY );
 #endif
   log_set_prefix ("gpgsplit", GPGRT_LOG_WITH_PREFIX);
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
+  /* Register our string mapper with gpgrt.  Usually done in
+   * init_common_subsystems, but we don't need that here.  */
+  gpgrt_set_fixed_string_mapper (map_static_macro_string);
 
   pargs.argc = &argc;
   pargs.argv = &argv;
   pargs.flags= ARGPARSE_FLAG_KEEP;
-  while (gnupg_argparse (NULL, &pargs, opts))
+  while (gpgrt_argparse (NULL, &pargs, opts))
     {
       switch (pargs.r_opt)
         {
@@ -135,10 +139,10 @@ main (int argc, char **argv)
         case oUncompress: opt_uncompress = 1; break;
         case oSecretToPublic: opt_secret_to_public = 1; break;
         case oNoSplit: opt_no_split = 1; break;
-        default : pargs.err = ARGPARSE_PRINT_ERROR; break;
+        default : pargs.err = 2; break;
 	}
     }
-  gnupg_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
 
   if (log_get_errorcount(0))
     g10_exit (2);
@@ -556,7 +560,7 @@ write_part (FILE *fpin, unsigned long pktlen,
     {
       if (opt_verbose)
         log_info ("writing '%s'\n", outname);
-      fpout = gnupg_fopen (outname, "wb");
+      fpout = fopen (outname, "wb");
       if (!fpout)
         {
           log_error ("error creating '%s': %s\n", outname, strerror(errno));
@@ -877,7 +881,7 @@ split_packets (const char *fname)
       fp = stdin;
       fname = "-";
     }
-  else if ( !(fp = gnupg_fopen (fname,"rb")) )
+  else if ( !(fp = fopen (fname,"rb")) )
     {
       log_error ("can't open '%s': %s\n", fname, strerror (errno));
       return;
diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
index e642da0..6114d68 100644
--- a/tools/gpgtar-create.c
+++ b/tools/gpgtar-create.c
@@ -1,6 +1,4 @@
 /* gpgtar-create.c - Create a TAR archive
- * Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
- * Copyright (C) 2010, 2012, 2013 Werner Koch
  * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -17,7 +15,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -28,21 +25,20 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <dirent.h>
-#include <unistd.h>
 #ifdef HAVE_W32_SYSTEM
 # define WIN32_LEAN_AND_MEAN
 # include <windows.h>
 #else /*!HAVE_W32_SYSTEM*/
+# include <unistd.h>
 # include <pwd.h>
 # include <grp.h>
 #endif /*!HAVE_W32_SYSTEM*/
+#include <assert.h>
 
 #include "../common/i18n.h"
-#include <gpg-error.h>
-#include "../common/exechelp.h"
+#include "../common/exectool.h"
 #include "../common/sysutils.h"
 #include "../common/ccparray.h"
-#include "../common/membuf.h"
 #include "gpgtar.h"
 
 #ifndef HAVE_LSTAT
@@ -50,11 +46,6 @@
 #endif
 
 
-/* Count the number of written headers.  Extended headers are not
- * counted. */
-static unsigned long global_header_count;
-
-
 /* Object to control the file scanning.  */
 struct scanctrl_s;
 typedef struct scanctrl_s *scanctrl_t;
@@ -114,7 +105,7 @@ fillup_entry_w32 (tar_header_t hdr)
   for (p=hdr->name; *p; p++)
     if (*p == '/')
       *p = '\\';
-  wfname = gpgrt_fname_to_wchar (hdr->name);
+  wfname = utf8_to_wchar (hdr->name);
   for (p=hdr->name; *p; p++)
     if (*p == '\\')
       *p = '/';
@@ -157,7 +148,7 @@ fillup_entry_w32 (tar_header_t hdr)
 
   /* Only set the size for a regular file.  */
   if (hdr->typeflag == TF_REGULAR)
-    hdr->size = (fad.nFileSizeHigh * ((unsigned long long)MAXDWORD+1)
+    hdr->size = (fad.nFileSizeHigh * (unsigned long long)(MAXDWORD+1)
                  + fad.nFileSizeLow);
 
   hdr->mtime = (((unsigned long long)fad.ftLastWriteTime.dwHighDateTime << 32)
@@ -294,10 +285,8 @@ add_entry (const char *dname, const char *entryname, scanctrl_t scanctrl)
     xfree (hdr);
   else
     {
-      /* FIXME: We don't have the extended info yet available so we
-       * can't print them.  */
       if (opt.verbose)
-        gpgtar_print_header (hdr, NULL, log_get_stream ());
+        gpgtar_print_header (hdr, log_get_stream ());
       *scanctrl->flist_tail = hdr;
       scanctrl->flist_tail = &hdr->next;
     }
@@ -345,7 +334,7 @@ scan_directory (const char *dname, scanctrl_t scanctrl)
     for (p=fname; *p; p++)
       if (*p == '/')
         *p = '\\';
-    wfname = gpgrt_fname_to_wchar (fname);
+    wfname = utf8_to_wchar (fname);
     xfree (fname);
     if (!wfname)
       {
@@ -448,7 +437,7 @@ scan_recursive (const char *dname, scanctrl_t scanctrl)
     }
   scanctrl->nestlevel++;
 
-  log_assert (scanctrl->flist_tail);
+  assert (scanctrl->flist_tail);
   start_tail = scanctrl->flist_tail;
   scan_directory (dname, scanctrl);
   stop_tail = scanctrl->flist_tail;
@@ -499,7 +488,7 @@ store_xoctal (char *buffer, size_t length, unsigned long long value)
   size_t n;
   unsigned long long v;
 
-  log_assert (length > 1);
+  assert (length > 1);
 
   v = value;
   n = length;
@@ -604,75 +593,16 @@ store_gname (char *buffer, size_t length, unsigned long gid)
 }
 
 
-static void
-compute_checksum (void *record)
-{
-  struct ustar_raw_header *raw = record;
-  unsigned long chksum = 0;
-  unsigned char *p;
-  size_t n;
-
-  memset (raw->checksum, ' ', sizeof raw->checksum);
-  p = record;
-  for (n=0; n < RECORDSIZE; n++)
-    chksum += *p++;
-  store_xoctal (raw->checksum, sizeof raw->checksum - 1, chksum);
-  raw->checksum[7] = ' ';
-}
-
-
-
-/* Read a symlink without truncating it.  Caller must release the
- * returned buffer.  Returns NULL on error.  */
-#ifndef HAVE_W32_SYSTEM
-static char *
-myreadlink (const char *name)
-{
-  char *buffer;
-  size_t size;
-  int nread;
-
-  for (size = 1024; size <= 65536; size *= 2)
-    {
-      buffer = xtrymalloc (size);
-      if (!buffer)
-        return NULL;
-
-      nread = readlink (name, buffer, size - 1);
-      if (nread < 0)
-        {
-          xfree (buffer);
-          return NULL;
-        }
-      if (nread < size - 1)
-        {
-          buffer[nread] = 0;
-          return buffer;  /* Got it. */
-        }
-
-      xfree (buffer);
-    }
-  gpg_err_set_errno (ERANGE);
-  return NULL;
-}
-#endif /*Unix*/
-
-
-
-/* Build a header.  If the filename or the link name ist too long
- * allocate an exthdr and use a replacement file name in RECORD.
- * Caller should always release R_EXTHDR; this function initializes it
- * to point to NULL.  */
 static gpg_error_t
-build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
+build_header (void *record, tar_header_t hdr)
 {
   gpg_error_t err;
   struct ustar_raw_header *raw = record;
   size_t namelen, n;
-  strlist_t sl;
+  unsigned long chksum;
+  unsigned char *p;
 
   memset (record, 0, RECORDSIZE);
-  *r_exthdr = NULL;
 
   /* Store name and prefix.  */
   namelen = strlen (hdr->name);
@@ -693,23 +623,10 @@ build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
         }
       else
         {
-          /* Too long - prepare extended header.  */
-          sl = add_to_strlist_try (r_exthdr, hdr->name);
-          if (!sl)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("error storing file '%s': %s\n",
-                         hdr->name, gpg_strerror (err));
-              return err;
-            }
-          sl->flags = 1;  /* Mark as path */
-          /* The name we use is not POSIX compliant but because we
-           * expect that (for security issues) a tarball will anyway
-           * be extracted to a unique new directory, a simple counter
-           * will do.  To ease testing we also put in the PID.  The
-           * count is bumped after the header has been written.  */
-          snprintf (raw->name, sizeof raw->name-1, "_@paxheader.%u.%lu",
-                    (unsigned int)getpid(), global_header_count + 1);
+          err = gpg_error (GPG_ERR_TOO_LARGE);
+          log_error ("error storing file '%s': %s\n",
+                     hdr->name, gpg_strerror (err));
+          return err;
         }
     }
 
@@ -742,7 +659,6 @@ build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
   if (hdr->typeflag == TF_SYMLINK)
     {
       int nread;
-      char *p;
 
       nread = readlink (hdr->name, raw->linkname, sizeof raw->linkname -1);
       if (nread < 0)
@@ -753,133 +669,22 @@ build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
           return err;
         }
       raw->linkname[nread] = 0;
-      if (nread == sizeof raw->linkname -1)
-        {
-          /* Truncated - read again and store as extended header.  */
-          p = myreadlink (hdr->name);
-          if (!p)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("error reading symlink '%s': %s\n",
-                         hdr->name, gpg_strerror (err));
-              return err;
-            }
-
-          sl = add_to_strlist_try (r_exthdr, p);
-          xfree (p);
-          if (!sl)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("error storing syslink '%s': %s\n",
-                         hdr->name, gpg_strerror (err));
-              return err;
-            }
-          sl->flags = 2;  /* Mark as linkpath */
-        }
     }
-#endif /*!HAVE_W32_SYSTEM*/
+#endif /*HAVE_W32_SYSTEM*/
 
-  compute_checksum (record);
+  /* Compute the checksum.  */
+  memset (raw->checksum, ' ', sizeof raw->checksum);
+  chksum = 0;
+  p = record;
+  for (n=0; n < RECORDSIZE; n++)
+    chksum += *p++;
+  store_xoctal (raw->checksum, sizeof raw->checksum - 1, chksum);
+  raw->checksum[7] = ' ';
 
   return 0;
 }
 
 
-/* Add an extended header record (NAME,VALUE) to the buffer MB.  */
-static void
-add_extended_header_record (membuf_t *mb, const char *name, const char *value)
-{
-  size_t n, n0, n1;
-  char numbuf[35];
-  size_t valuelen;
-
-  /* To avoid looping in most cases, we guess the initial value.  */
-  valuelen = strlen (value);
-  n1 = valuelen > 95? 3 : 2;
-  do
-    {
-      n0 = n1;
-      /*       (3 for the space before name, the '=', and the LF.)  */
-      n = n0 + strlen (name) + valuelen + 3;
-      snprintf (numbuf, sizeof numbuf, "%zu", n);
-      n1 = strlen (numbuf);
-    }
-  while (n0 != n1);
-  put_membuf_str (mb, numbuf);
-  put_membuf (mb, " ", 1);
-  put_membuf_str (mb, name);
-  put_membuf (mb, "=", 1);
-  put_membuf (mb, value, valuelen);
-  put_membuf (mb, "\n", 1);
-}
-
-
-
-/* Write the extended header specified by EXTHDR to STREAM.   */
-static gpg_error_t
-write_extended_header (estream_t stream, const void *record, strlist_t exthdr)
-{
-  gpg_error_t err = 0;
-  struct ustar_raw_header raw;
-  strlist_t sl;
-  membuf_t mb;
-  char *buffer, *p;
-  size_t buflen;
-
-  init_membuf (&mb, 2*RECORDSIZE);
-
-  for (sl=exthdr; sl; sl = sl->next)
-    {
-      if (sl->flags == 1)
-        add_extended_header_record (&mb, "path", sl->d);
-      else if (sl->flags == 2)
-        add_extended_header_record (&mb, "linkpath", sl->d);
-    }
-
-  buffer = get_membuf (&mb, &buflen);
-  if (!buffer)
-    {
-      err = gpg_error_from_syserror ();
-      log_error ("error building extended header: %s\n", gpg_strerror (err));
-      goto leave;
-    }
-
-  /* We copy the header from the standard header record, so that an
-   * extracted extended header (using a non-pax aware software) is
-   * written with the same properties as the original file.  The real
-   * entry will overwrite it anyway.  Of course we adjust the size and
-   * the type.  */
-  memcpy (&raw, record, RECORDSIZE);
-  store_xoctal (raw.size,  sizeof raw.size,  buflen);
-  raw.typeflag[0] = 'x'; /* Mark as extended header.  */
-  compute_checksum (&raw);
-
-  err = write_record (stream, &raw);
-  if (err)
-    goto leave;
-
-  for (p = buffer; buflen >= RECORDSIZE; p += RECORDSIZE, buflen -= RECORDSIZE)
-    {
-      err = write_record (stream, p);
-      if (err)
-        goto leave;
-    }
-  if (buflen)
-    {
-      /* Reuse RAW for builidng the last record.  */
-      memcpy (&raw, p, buflen);
-      memset ((char*)&raw+buflen, 0, RECORDSIZE - buflen);
-      err = write_record (stream, &raw);
-      if (err)
-        goto leave;
-    }
-
- leave:
-  xfree (buffer);
-  return err;
-}
-
-
 static gpg_error_t
 write_file (estream_t stream, tar_header_t hdr)
 {
@@ -887,10 +692,9 @@ write_file (estream_t stream, tar_header_t hdr)
   char record[RECORDSIZE];
   estream_t infp;
   size_t nread, nbytes;
-  strlist_t exthdr = NULL;
   int any;
 
-  err = build_header (record, hdr, &exthdr);
+  err = build_header (record, hdr);
   if (err)
     {
       if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
@@ -903,7 +707,7 @@ write_file (estream_t stream, tar_header_t hdr)
 
   if (hdr->typeflag == TF_REGULAR)
     {
-      infp = es_fopen (hdr->name, "rb,sysopen");
+      infp = es_fopen (hdr->name, "rb");
       if (!infp)
         {
           err = gpg_error_from_syserror ();
@@ -915,12 +719,9 @@ write_file (estream_t stream, tar_header_t hdr)
   else
     infp = NULL;
 
-  if (exthdr && (err = write_extended_header (stream, record, exthdr)))
-    goto leave;
   err = write_record (stream, record);
   if (err)
     goto leave;
-  global_header_count++;
 
   if (hdr->typeflag == TF_REGULAR)
     {
@@ -940,8 +741,6 @@ write_file (estream_t stream, tar_header_t hdr)
                          any? " (file shrunk?)":"");
               goto leave;
             }
-          else if (nbytes < RECORDSIZE)
-            memset (record + nbytes, 0, RECORDSIZE - nbytes);
           any = 1;
           err = write_record (stream, record);
           if (err)
@@ -958,7 +757,6 @@ write_file (estream_t stream, tar_header_t hdr)
   else if ((err = es_fclose (infp)))
     log_error ("error closing file '%s': %s\n", hdr->name, gpg_strerror (err));
 
-  free_strlist (exthdr);
   return err;
 }
 
@@ -993,22 +791,12 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
   tar_header_t hdr, *start_tail;
   estream_t files_from_stream = NULL;
   estream_t outstream = NULL;
+  estream_t cipher_stream = NULL;
   int eof_seen = 0;
-  pid_t pid = (pid_t)(-1);
 
   memset (scanctrl, 0, sizeof *scanctrl);
   scanctrl->flist_tail = &scanctrl->flist;
 
-  /* { unsigned int cpno, cpno2, cpno3; */
-
-  /*   cpno = GetConsoleOutputCP (); */
-  /*   cpno2 = GetACP (); */
-  /*   cpno3 = GetOEMCP (); */
-  /*   log_debug ("Codepages: Console: %u  ANSI: %u  OEM: %u\n", */
-  /*              cpno, cpno2, cpno3); */
-  /* } */
-
-
   if (!inpattern)
     {
       if (!files_from || !strcmp (files_from, "-"))
@@ -1147,37 +935,64 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
   if (files_from_stream && files_from_stream != es_stdin)
     es_fclose (files_from_stream);
 
+  if (opt.outfile)
+    {
+      if (!strcmp (opt.outfile, "-"))
+        outstream = es_stdout;
+      else
+        outstream = es_fopen (opt.outfile, "wb");
+      if (!outstream)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+  else
+    {
+      outstream = es_stdout;
+    }
+
+  if (outstream == es_stdout)
+    es_set_binary (es_stdout);
+
+  if (encrypt || sign)
+    {
+      cipher_stream = outstream;
+      outstream = es_fopenmem (0, "rwb");
+      if (! outstream)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+  for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
+    {
+      err = write_file (outstream, hdr);
+      if (err)
+        goto leave;
+    }
+  err = write_eof_mark (outstream);
+  if (err)
+    goto leave;
+
   if (encrypt || sign)
     {
       strlist_t arg;
       ccparray_t ccp;
       const char **argv;
 
+      err = es_fseek (outstream, 0, SEEK_SET);
+      if (err)
+        goto leave;
+
       /* '--encrypt' may be combined with '--symmetric', but 'encrypt'
-       * is set either way.  Clear it if no recipients are specified.
-       */
+         is set either way.  Clear it if no recipients are specified.
+         XXX: Fix command handling.  */
       if (opt.symmetric && opt.recipients == NULL)
         encrypt = 0;
 
       ccparray_init (&ccp, 0);
-      if (opt.batch)
-        ccparray_put (&ccp, "--batch");
-      if (opt.answer_yes)
-        ccparray_put (&ccp, "--yes");
-      if (opt.answer_no)
-        ccparray_put (&ccp, "--no");
-      if (opt.require_compliance)
-        ccparray_put (&ccp, "--require-compliance");
-      if (opt.status_fd != -1)
-        {
-          static char tmpbuf[40];
-
-          snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
-          ccparray_put (&ccp, tmpbuf);
-        }
-
-      ccparray_put (&ccp, "--output");
-      ccparray_put (&ccp, opt.outfile? opt.outfile : "-");
       if (encrypt)
         ccparray_put (&ccp, "--encrypt");
       if (sign)
@@ -1205,76 +1020,27 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
           goto leave;
         }
 
-      err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
-                                 (GNUPG_SPAWN_KEEP_STDOUT
-                                  | GNUPG_SPAWN_KEEP_STDERR),
-                                 &outstream, NULL, NULL, &pid);
+      err = gnupg_exec_tool_stream (opt.gpg_program, argv,
+                                    outstream, NULL, cipher_stream, NULL, NULL);
       xfree (argv);
       if (err)
         goto leave;
-      es_set_binary (outstream);
-    }
-  else if (opt.outfile) /* No crypto  */
-    {
-      if (!strcmp (opt.outfile, "-"))
-        outstream = es_stdout;
-      else
-        outstream = es_fopen (opt.outfile, "wb,sysopen");
-      if (!outstream)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      if (outstream == es_stdout)
-        es_set_binary (es_stdout);
-
-    }
-  else /* Also no crypto.  */
-    {
-      outstream = es_stdout;
-      es_set_binary (outstream);
-    }
-
-
-  for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
-    {
-      err = write_file (outstream, hdr);
-      if (err)
-        goto leave;
-    }
-  err = write_eof_mark (outstream);
-  if (err)
-    goto leave;
-
-
-  if (pid != (pid_t)(-1))
-    {
-      int exitcode;
-
-      err = es_fclose (outstream);
-      outstream = NULL;
-      if (err)
-        log_error ("error closing pipe: %s\n", gpg_strerror (err));
-      else
-        {
-          err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
-          if (err)
-            log_error ("running %s failed (exitcode=%d): %s",
-                       opt.gpg_program, exitcode, gpg_strerror (err));
-          gnupg_release_process (pid);
-          pid = (pid_t)(-1);
-        }
     }
 
  leave:
   if (!err)
     {
       gpg_error_t first_err;
-      if (outstream != es_stdout || pid != (pid_t)(-1))
+      if (outstream != es_stdout)
         first_err = es_fclose (outstream);
       else
         first_err = es_fflush (outstream);
       outstream = NULL;
+      if (cipher_stream != es_stdout)
+        err = es_fclose (cipher_stream);
+      else
+        err = es_fflush (cipher_stream);
+      cipher_stream = NULL;
       if (! err)
         err = first_err;
     }
@@ -1284,6 +1050,8 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
                  opt.outfile ? opt.outfile : "-", gpg_strerror (err));
       if (outstream && outstream != es_stdout)
         es_fclose (outstream);
+      if (cipher_stream && cipher_stream != es_stdout)
+        es_fclose (cipher_stream);
       if (opt.outfile)
         gnupg_remove (opt.outfile);
     }
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
index 832039b..3da100c 100644
--- a/tools/gpgtar-extract.c
+++ b/tools/gpgtar-extract.c
@@ -1,6 +1,4 @@
 /* gpgtar-extract.c - Extract from a TAR archive
- * Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
- * Copyright (C) 2010, 2012, 2013 Werner Koch
  * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -17,7 +15,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -28,79 +25,39 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <assert.h>
 
 #include "../common/i18n.h"
-#include <gpg-error.h>
-#include "../common/exechelp.h"
+#include "../common/exectool.h"
 #include "../common/sysutils.h"
 #include "../common/ccparray.h"
 #include "gpgtar.h"
 
-static gpg_error_t
-check_suspicious_name (const char *name)
-{
-  size_t n;
-
-  n = strlen (name);
-#ifdef HAVE_DOSISH_SYSTEM
-  if (strchr (name, '\\'))
-    {
-      log_error ("filename '%s' contains a backslash - "
-                 "can't extract on this system\n", name);
-      return gpg_error (GPG_ERR_INV_NAME);
-    }
-#endif /*HAVE_DOSISH_SYSTEM*/
-
-  if (!n
-      || strstr (name, "//")
-      || strstr (name, "/../")
-      || !strncmp (name, "../", 3)
-      || (n >= 3 && !strcmp (name+n-3, "/.." )))
-    {
-      log_error ("filename '%s' has suspicious parts - not extracting\n",
-                 name);
-      return gpg_error (GPG_ERR_INV_NAME);
-    }
-
-  return 0;
-}
-
 
 static gpg_error_t
 extract_regular (estream_t stream, const char *dirname,
-                 tarinfo_t info, tar_header_t hdr, strlist_t exthdr)
+                 tarinfo_t info, tar_header_t hdr)
 {
   gpg_error_t err;
   char record[RECORDSIZE];
   size_t n, nbytes, nwritten;
-  char *fname_buffer = NULL;
-  const char *fname;
+  char *fname;
   estream_t outfp = NULL;
-  strlist_t sl;
-
-  fname = hdr->name;
-  for (sl = exthdr; sl; sl = sl->next)
-    if (sl->flags == 1)
-      fname = sl->d;
 
-  err = check_suspicious_name (fname);
-  if (err)
-    goto leave;
-
-  fname_buffer = strconcat (dirname, "/", fname, NULL);
-  if (!fname_buffer)
+  fname = strconcat (dirname, "/", hdr->name, NULL);
+  if (!fname)
     {
       err = gpg_error_from_syserror ();
       log_error ("error creating filename: %s\n", gpg_strerror (err));
       goto leave;
     }
-  fname = fname_buffer;
-
+  else
+    err = 0;
 
   if (opt.dry_run)
-    outfp = es_fopen ("/dev/null", "wb");
+    outfp = es_fopenmem (0, "wb");
   else
-    outfp = es_fopen (fname, "wb,sysopen");
+    outfp = es_fopen (fname, "wb");
   if (!outfp)
     {
       err = gpg_error_from_syserror ();
@@ -140,36 +97,29 @@ extract_regular (estream_t stream, const char *dirname,
         log_error ("error removing incomplete file '%s': %s\n",
                    fname, gpg_strerror (gpg_error_from_syserror ()));
     }
-  xfree (fname_buffer);
+  xfree (fname);
   return err;
 }
 
 
 static gpg_error_t
-extract_directory (const char *dirname, tar_header_t hdr, strlist_t exthdr)
+extract_directory (const char *dirname, tar_header_t hdr)
 {
   gpg_error_t err;
-  const char *name;
-  char *fname = NULL;
-  strlist_t sl;
-
-  name = hdr->name;
-  for (sl = exthdr; sl; sl = sl->next)
-    if (sl->flags == 1)
-      name = sl->d;
-
-  err = check_suspicious_name (name);
-  if (err)
-    goto leave;
+  char *fname;
+  size_t prefixlen;
 
-  fname = strconcat (dirname, "/", name, NULL);
+  prefixlen = strlen (dirname) + 1;
+  fname = strconcat (dirname, "/", hdr->name, NULL);
   if (!fname)
     {
       err = gpg_error_from_syserror ();
       log_error ("error creating filename: %s\n", gpg_strerror (err));
       goto leave;
     }
-  /* Remove a possible trailing slash.  */
+  else
+    err = 0;
+
   if (fname[strlen (fname)-1] == '/')
     fname[strlen (fname)-1] = 0;
 
@@ -186,13 +136,8 @@ extract_directory (const char *dirname, tar_header_t hdr, strlist_t exthdr)
         {
           /* Try to create the directory with parents but keep the
              original error code in case of a failure.  */
-          int rc = 0;
           char *p;
-          size_t prefixlen;
-
-          /* (PREFIXLEN is the length of the new directory we use to
-           *  extract the tarball.)  */
-          prefixlen = strlen (dirname) + 1;
+          int rc = 0;
 
           for (p = fname+prefixlen; (p = strchr (p, '/')); p++)
             {
@@ -220,15 +165,36 @@ extract_directory (const char *dirname, tar_header_t hdr, strlist_t exthdr)
 
 static gpg_error_t
 extract (estream_t stream, const char *dirname, tarinfo_t info,
-         tar_header_t hdr, strlist_t exthdr)
+         tar_header_t hdr)
 {
   gpg_error_t err;
   size_t n;
 
+  n = strlen (hdr->name);
+#ifdef HAVE_DOSISH_SYSTEM
+  if (strchr (hdr->name, '\\'))
+    {
+      log_error ("filename '%s' contains a backslash - "
+                 "can't extract on this system\n", hdr->name);
+      return gpg_error (GPG_ERR_INV_NAME);
+    }
+#endif /*HAVE_DOSISH_SYSTEM*/
+
+  if (!n
+      || strstr (hdr->name, "//")
+      || strstr (hdr->name, "/../")
+      || !strncmp (hdr->name, "../", 3)
+      || (n >= 3 && !strcmp (hdr->name+n-3, "/.." )))
+    {
+      log_error ("filename '%s' as suspicious parts - not extracting\n",
+                 hdr->name);
+      return gpg_error (GPG_ERR_INV_NAME);
+    }
+
   if (hdr->typeflag == TF_REGULAR || hdr->typeflag == TF_UNKNOWN)
-    err = extract_regular (stream, dirname, info, hdr, exthdr);
+    err = extract_regular (stream, dirname, info, hdr);
   else if (hdr->typeflag == TF_DIRECTORY)
-    err = extract_directory (dirname, hdr, exthdr);
+    err = extract_directory (dirname, hdr);
   else
     {
       char record[RECORDSIZE];
@@ -317,53 +283,34 @@ gpg_error_t
 gpgtar_extract (const char *filename, int decrypt)
 {
   gpg_error_t err;
-  estream_t stream = NULL;
+  estream_t stream;
+  estream_t cipher_stream = NULL;
   tar_header_t header = NULL;
-  strlist_t extheader = NULL;
   const char *dirprefix = NULL;
   char *dirname = NULL;
   struct tarinfo_s tarinfo_buffer;
   tarinfo_t tarinfo = &tarinfo_buffer;
-  pid_t pid = (pid_t)(-1);
-  char *logfilename = NULL;
-
 
   memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
 
-  if (opt.directory)
-    dirname = xtrystrdup (opt.directory);
-  else
+  if (filename)
     {
-      if (opt.filename)
-        {
-          dirprefix = strrchr (opt.filename, '/');
-          if (dirprefix)
-            dirprefix++;
-          else
-            dirprefix = opt.filename;
-        }
-      else if (filename)
-        {
-          dirprefix = strrchr (filename, '/');
-          if (dirprefix)
-            dirprefix++;
-          else
-            dirprefix = filename;
-        }
-
-      if (!dirprefix || !*dirprefix)
-        dirprefix = "GPGARCH";
-
-      dirname = create_directory (dirprefix);
-      if (!dirname)
+      if (!strcmp (filename, "-"))
+        stream = es_stdin;
+      else
+        stream = es_fopen (filename, "rb");
+      if (!stream)
         {
-          err = gpg_error (GPG_ERR_GENERAL);
-          goto leave;
+          err = gpg_error_from_syserror ();
+          log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
+          return err;
         }
     }
+  else
+    stream = es_stdin;
 
-  if (opt.verbose)
-    log_info ("extracting to '%s/'\n", dirname);
+  if (stream == es_stdin)
+    es_set_binary (es_stdin);
 
   if (decrypt)
     {
@@ -371,34 +318,19 @@ gpgtar_extract (const char *filename, int decrypt)
       ccparray_t ccp;
       const char **argv;
 
-      ccparray_init (&ccp, 0);
-      if (opt.batch)
-        ccparray_put (&ccp, "--batch");
-      if (opt.require_compliance)
-        ccparray_put (&ccp, "--require-compliance");
-      if (opt.status_fd != -1)
-        {
-          static char tmpbuf[40];
-
-          snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
-          ccparray_put (&ccp, tmpbuf);
-        }
-      if (opt.with_log)
+      cipher_stream = stream;
+      stream = es_fopenmem (0, "rwb");
+      if (! stream)
         {
-          ccparray_put (&ccp, "--log-file");
-          logfilename = xstrconcat (dirname, ".log", NULL);
-          ccparray_put (&ccp, logfilename);
+          err = gpg_error_from_syserror ();
+          goto leave;
         }
-      ccparray_put (&ccp, "--output");
-      ccparray_put (&ccp, "-");
+
+      ccparray_init (&ccp, 0);
+
       ccparray_put (&ccp, "--decrypt");
       for (arg = opt.gpg_arguments; arg; arg = arg->next)
         ccparray_put (&ccp, arg->d);
-      if (filename)
-        {
-          ccparray_put (&ccp, "--");
-          ccparray_put (&ccp, filename);
-        }
 
       ccparray_put (&ccp, NULL);
       argv = ccparray_get (&ccp, NULL);
@@ -408,78 +340,72 @@ gpgtar_extract (const char *filename, int decrypt)
           goto leave;
         }
 
-      err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
-                                 ((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
-                                  | GNUPG_SPAWN_KEEP_STDERR),
-                                 NULL, &stream, NULL, &pid);
+      err = gnupg_exec_tool_stream (opt.gpg_program, argv,
+                                    cipher_stream, NULL, stream, NULL, NULL);
       xfree (argv);
       if (err)
         goto leave;
-      es_set_binary (stream);
+
+      err = es_fseek (stream, 0, SEEK_SET);
+      if (err)
+        goto leave;
     }
-  else if (filename)
+
+  if (opt.directory)
+    dirname = xtrystrdup (opt.directory);
+  else
     {
-      if (!strcmp (filename, "-"))
-        stream = es_stdin;
-      else
-        stream = es_fopen (filename, "rb,sysopen");
-      if (!stream)
+      if (opt.filename)
         {
-          err = gpg_error_from_syserror ();
-          log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
-          return err;
+          dirprefix = strrchr (opt.filename, '/');
+          if (dirprefix)
+            dirprefix++;
+          else
+            dirprefix = opt.filename;
+        }
+      else if (filename)
+        {
+          dirprefix = strrchr (filename, '/');
+          if (dirprefix)
+            dirprefix++;
+          else
+            dirprefix = filename;
+        }
+
+      if (!dirprefix || !*dirprefix)
+        dirprefix = "GPGARCH";
+
+      dirname = create_directory (dirprefix);
+      if (!dirname)
+        {
+          err = gpg_error (GPG_ERR_GENERAL);
+          goto leave;
         }
-      if (stream == es_stdin)
-        es_set_binary (es_stdin);
-    }
-  else
-    {
-      stream = es_stdin;
-      es_set_binary (es_stdin);
     }
 
+  if (opt.verbose)
+    log_info ("extracting to '%s/'\n", dirname);
 
   for (;;)
     {
-      err = gpgtar_read_header (stream, tarinfo, &header, &extheader);
+      err = gpgtar_read_header (stream, tarinfo, &header);
       if (err || header == NULL)
         goto leave;
 
-      err = extract (stream, dirname, tarinfo, header, extheader);
+      err = extract (stream, dirname, tarinfo, header);
       if (err)
         goto leave;
-      free_strlist (extheader);
-      extheader = NULL;
       xfree (header);
       header = NULL;
     }
 
-  if (pid != (pid_t)(-1))
-    {
-      int exitcode;
-
-      err = es_fclose (stream);
-      stream = NULL;
-      if (err)
-        log_error ("error closing pipe: %s\n", gpg_strerror (err));
-      else
-        {
-          err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
-          if (err)
-            log_error ("running %s failed (exitcode=%d): %s",
-                       opt.gpg_program, exitcode, gpg_strerror (err));
-          gnupg_release_process (pid);
-          pid = (pid_t)(-1);
-        }
-    }
-
 
  leave:
-  free_strlist (extheader);
   xfree (header);
   xfree (dirname);
-  xfree (logfilename);
   if (stream != es_stdin)
     es_fclose (stream);
+  if (stream != cipher_stream)
+    es_fclose (cipher_stream);
   return err;
 }
diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
index 08ab967..396e837 100644
--- a/tools/gpgtar-list.c
+++ b/tools/gpgtar-list.c
@@ -1,6 +1,4 @@
 /* gpgtar-list.c - List a TAR archive
- * Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
- * Copyright (C) 2010, 2012, 2013 Werner Koch
  * Copyright (C) 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
@@ -17,7 +15,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
- * SPDX-License-Identifier: GPL-3.0-or-later
  */
 
 #include <config.h>
@@ -25,12 +22,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <assert.h>
 
 #include "../common/i18n.h"
-#include <gpg-error.h>
 #include "gpgtar.h"
-#include "../common/exechelp.h"
-#include "../common/sysutils.h"
+#include "../common/exectool.h"
 #include "../common/ccparray.h"
 
 
@@ -164,15 +160,11 @@ parse_header (const void *record, const char *filename, tarinfo_t info)
     case '5': header->typeflag = TF_DIRECTORY; break;
     case '6': header->typeflag = TF_FIFO; break;
     case '7': header->typeflag = TF_RESERVED; break;
-    case 'g': header->typeflag = TF_GEXTHDR; break;
-    case 'x': header->typeflag = TF_EXTHDR; break;
     default:  header->typeflag = TF_UNKNOWN; break;
     }
 
   /* Compute the number of data records following this header.  */
-  if (header->typeflag == TF_REGULAR
-      || header->typeflag == TF_EXTHDR
-      || header->typeflag == TF_UNKNOWN)
+  if (header->typeflag == TF_REGULAR || header->typeflag == TF_UNKNOWN)
     header->nrecords = (header->size + RECORDSIZE-1)/RECORDSIZE;
   else
     header->nrecords = 0;
@@ -189,93 +181,18 @@ parse_header (const void *record, const char *filename, tarinfo_t info)
   return header;
 }
 
-/* Parse the extended header.  This funcion may modify BUFFER.  */
-static gpg_error_t
-parse_extended_header (const char *fname,
-                       char *buffer, size_t buflen, strlist_t *r_exthdr)
-{
-  unsigned int reclen;
-  unsigned char *p, *record;
-  strlist_t sl;
-
-  while (buflen)
-    {
-      record = buffer; /* Remember begin of record.  */
-      reclen = 0;
-      for (p = buffer; buflen && digitp (p); buflen--, p++)
-        {
-          reclen *= 10;
-          reclen += (*p - '0');
-        }
-      if (!buflen || *p != ' ')
-        {
-          log_error ("%s: malformed record length in extended header\n", fname);
-          return gpg_error (GPG_ERR_INV_RECORD);
-        }
-      p++;  /* Skip space.  */
-      buflen--;
-      if (buflen + (p-record) < reclen)
-        {
-          log_error ("%s: extended header record larger"
-                     " than total extended header data\n", fname);
-          return gpg_error (GPG_ERR_INV_RECORD);
-        }
-      if (reclen < (p-record)+2 || record[reclen-1] != '\n')
-        {
-          log_error ("%s: malformed extended header record\n", fname);
-          return gpg_error (GPG_ERR_INV_RECORD);
-        }
-      record[reclen-1] = 0; /* For convenience change LF to a Nul. */
-      reclen -= (p-record);
-      /* P points to the begin of the keyword and RECLEN is the
-       * remaining length of the record excluding the LF.  */
-      if (memchr (p, 0, reclen-1)
-          && (!strncmp (p, "path=", 5) || !strncmp (p, "linkpath=", 9)))
-        {
-          log_error ("%s: extended header record has an embedded nul"
-                     " - ignoring\n", fname);
-        }
-      else if (!strncmp (p, "path=", 5))
-        {
-          sl = add_to_strlist_try (r_exthdr, p+5);
-          if (!sl)
-            return gpg_error_from_syserror ();
-          sl->flags = 1;  /* Mark as path */
-        }
-      else if (!strncmp (p, "linkpath=", 9))
-        {
-          sl = add_to_strlist_try (r_exthdr, p+9);
-          if (!sl)
-            return gpg_error_from_syserror ();
-          sl->flags = 2;  /* Mark as linkpath */
-        }
-
-      buffer = p + reclen;
-      buflen -= reclen;
-    }
-
-  return 0;
-}
 
 
 /* Read the next block, assuming it is a tar header.  Returns a header
- * object on success in R_HEADER, or an error.  If the stream is
- * consumed (i.e. end-of-archive), R_HEADER is set to NULL.  In case
- * of an error an error message is printed.  If the header is an
- * extended header, a string list is allocated and stored at
- * R_EXTHEADER; the caller should provide a pointer to NULL.  Such an
- * extended header is fully processed here and the returned R_HEADER
- * has then the next regular header.  */
+   object on success in R_HEADER, or an error.  If the stream is
+   consumed, R_HEADER is set to NULL.  In case of an error an error
+   message has been printed.  */
 static gpg_error_t
-read_header (estream_t stream, tarinfo_t info,
-             tar_header_t *r_header, strlist_t *r_extheader)
+read_header (estream_t stream, tarinfo_t info, tar_header_t *r_header)
 {
   gpg_error_t err;
   char record[RECORDSIZE];
   int i;
-  tar_header_t hdr;
-  char *buffer;
-  size_t buflen, nrec;
 
   err = read_record (stream, record);
   if (err)
@@ -307,67 +224,7 @@ read_header (estream_t stream, tarinfo_t info,
     }
 
   *r_header = parse_header (record, es_fname_get (stream), info);
-  if (!*r_header)
-    return gpg_error_from_syserror ();
-  hdr = *r_header;
-
-  if (hdr->typeflag != TF_EXTHDR || !r_extheader)
-    return 0;
-
-  /* Read the extended header.  */
-  if (!hdr->nrecords)
-    {
-      /* More than 64k for an extedned header is surely too large.  */
-      log_info ("%s: warning: empty extended header\n",
-                 es_fname_get (stream));
-      return 0;
-    }
-  if (hdr->nrecords > 65536 / RECORDSIZE)
-    {
-      /* More than 64k for an extedned header is surely too large.  */
-      log_error ("%s: extended header too large - skipping\n",
-                 es_fname_get (stream));
-      return 0;
-    }
-
-  buffer = xtrymalloc (hdr->nrecords * RECORDSIZE);
-  if (!buffer)
-    {
-      err = gpg_error_from_syserror ();
-      log_error ("%s: error allocating space for extended header: %s\n",
-                 es_fname_get (stream), gpg_strerror (err));
-      return err;
-    }
-  buflen = 0;
-
-  for (nrec=0; nrec < hdr->nrecords;)
-    {
-      err = read_record (stream, buffer + buflen);
-      if (err)
-        {
-          xfree (buffer);
-          return err;
-        }
-      info->nblocks++;
-      nrec++;
-      if (nrec < hdr->nrecords || (hdr->size && !(hdr->size % RECORDSIZE)))
-        buflen += RECORDSIZE;
-      else
-        buflen += (hdr->size % RECORDSIZE);
-    }
-
-  err = parse_extended_header (es_fname_get (stream),
-                               buffer, buflen, r_extheader);
-  if (err)
-    {
-      free_strlist (*r_extheader);
-      *r_extheader = NULL;
-    }
-
-  xfree (buffer);
-  /* Now tha the extedned header has been read, we read the next
-   * header without allowing an extended header.  */
-  return read_header (stream, info, r_header, NULL);
+  return *r_header ? 0 : gpg_error_from_syserror ();
 }
 
 
@@ -392,13 +249,11 @@ skip_data (estream_t stream, tarinfo_t info, tar_header_t header)
 
 
 static void
-print_header (tar_header_t header, strlist_t extheader, estream_t out)
+print_header (tar_header_t header, estream_t out)
 {
   unsigned long mask;
   char modestr[10+1];
   int i;
-  strlist_t sl;
-  const char *name, *linkname;
 
   *modestr = '?';
   switch (header->typeflag)
@@ -411,8 +266,6 @@ print_header (tar_header_t header, strlist_t extheader, estream_t out)
     case TF_DIRECTORY:*modestr = 'd'; break;
     case TF_FIFO:     *modestr = 'f'; break;
     case TF_RESERVED: *modestr = '='; break;
-    case TF_EXTHDR:   break;
-    case TF_GEXTHDR:  break;
     case TF_UNKNOWN:  break;
     case TF_NOTSUP:   break;
     }
@@ -426,25 +279,9 @@ print_header (tar_header_t header, strlist_t extheader, estream_t out)
     modestr[9] = modestr[9] == 'x'? 't':'T';
   modestr[10] = 0;
 
-  /* FIXME: We do not parse the linkname unless its part of an
-   * extended header.  */
-  name = header->name;
-  linkname = header->typeflag == TF_SYMLINK? "?" : NULL;
-
-  for (sl = extheader; sl; sl = sl->next)
-    {
-      if (sl->flags == 1)
-        name = sl->d;
-      else if (sl->flags == 2)
-        linkname = sl->d;
-    }
-
-  es_fprintf (out, "%s %lu %lu/%lu %12llu %s %s%s%s\n",
+  es_fprintf (out, "%s %lu %lu/%lu %12llu %s %s\n",
               modestr, header->nlink, header->uid, header->gid, header->size,
-              isotimestamp (header->mtime),
-              name,
-              linkname? " -> " : "",
-              linkname? linkname : "");
+              isotimestamp (header->mtime), header->name);
 }
 
 
@@ -455,43 +292,52 @@ gpg_error_t
 gpgtar_list (const char *filename, int decrypt)
 {
   gpg_error_t err;
-  estream_t stream = NULL;
+  estream_t stream;
+  estream_t cipher_stream = NULL;
   tar_header_t header = NULL;
-  strlist_t extheader = NULL;
   struct tarinfo_s tarinfo_buffer;
   tarinfo_t tarinfo = &tarinfo_buffer;
-  pid_t pid = (pid_t)(-1);
 
   memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
 
+  if (filename)
+    {
+      if (!strcmp (filename, "-"))
+        stream = es_stdin;
+      else
+        stream = es_fopen (filename, "rb");
+      if (!stream)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
+          return err;
+        }
+    }
+  else
+    stream = es_stdin;
+
+  if (stream == es_stdin)
+    es_set_binary (es_stdin);
+
   if (decrypt)
     {
       strlist_t arg;
       ccparray_t ccp;
       const char **argv;
 
-      ccparray_init (&ccp, 0);
-      if (opt.batch)
-        ccparray_put (&ccp, "--batch");
-      if (opt.require_compliance)
-        ccparray_put (&ccp, "--require-compliance");
-      if (opt.status_fd != -1)
+      cipher_stream = stream;
+      stream = es_fopenmem (0, "rwb");
+      if (! stream)
         {
-          static char tmpbuf[40];
-
-          snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
-          ccparray_put (&ccp, tmpbuf);
+          err = gpg_error_from_syserror ();
+          goto leave;
         }
-      ccparray_put (&ccp, "--output");
-      ccparray_put (&ccp, "-");
+
+      ccparray_init (&ccp, 0);
+
       ccparray_put (&ccp, "--decrypt");
       for (arg = opt.gpg_arguments; arg; arg = arg->next)
         ccparray_put (&ccp, arg->d);
-      if (filename)
-        {
-          ccparray_put (&ccp, "--");
-          ccparray_put (&ccp, filename);
-        }
 
       ccparray_put (&ccp, NULL);
       argv = ccparray_get (&ccp, NULL);
@@ -501,90 +347,50 @@ gpgtar_list (const char *filename, int decrypt)
           goto leave;
         }
 
-      err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
-                                 ((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
-                                  | GNUPG_SPAWN_KEEP_STDERR),
-                                 NULL, &stream, NULL, &pid);
+      err = gnupg_exec_tool_stream (opt.gpg_program, argv,
+                                    cipher_stream, NULL, stream, NULL, NULL);
       xfree (argv);
       if (err)
         goto leave;
-      es_set_binary (stream);
-    }
-  else if (filename)  /* No decryption requested.  */
-    {
-      if (!strcmp (filename, "-"))
-        stream = es_stdin;
-      else
-        stream = es_fopen (filename, "rb,sysopen");
-      if (!stream)
-        {
-          err = gpg_error_from_syserror ();
-          log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
-          goto leave;
-        }
-      if (stream == es_stdin)
-        es_set_binary (es_stdin);
-    }
-  else
-    {
-      stream = es_stdin;
-      es_set_binary (es_stdin);
+
+      err = es_fseek (stream, 0, SEEK_SET);
+      if (err)
+        goto leave;
     }
 
   for (;;)
     {
-      err = read_header (stream, tarinfo, &header, &extheader);
+      err = read_header (stream, tarinfo, &header);
       if (err || header == NULL)
         goto leave;
 
-      print_header (header, extheader, es_stdout);
+      print_header (header, es_stdout);
 
       if (skip_data (stream, tarinfo, header))
         goto leave;
-      free_strlist (extheader);
-      extheader = NULL;
       xfree (header);
       header = NULL;
     }
 
-  if (pid != (pid_t)(-1))
-    {
-      int exitcode;
-
-      err = es_fclose (stream);
-      stream = NULL;
-      if (err)
-        log_error ("error closing pipe: %s\n", gpg_strerror (err));
-      else
-        {
-          err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
-          if (err)
-            log_error ("running %s failed (exitcode=%d): %s",
-                       opt.gpg_program, exitcode, gpg_strerror (err));
-          gnupg_release_process (pid);
-          pid = (pid_t)(-1);
-        }
-    }
 
  leave:
-  free_strlist (extheader);
   xfree (header);
   if (stream != es_stdin)
     es_fclose (stream);
+  if (stream != cipher_stream)
+    es_fclose (cipher_stream);
   return err;
 }
 
-
 gpg_error_t
-gpgtar_read_header (estream_t stream, tarinfo_t info,
-                    tar_header_t *r_header, strlist_t *r_extheader)
+gpgtar_read_header (estream_t stream, tarinfo_t info, tar_header_t *r_header)
 {
-  return read_header (stream, info, r_header, r_extheader);
+  return read_header (stream, info, r_header);
 }
 
 void
-gpgtar_print_header (tar_header_t header, strlist_t extheader, estream_t out)
+gpgtar_print_header (tar_header_t header, estream_t out)
 {
   if (header && out)
-    print_header (header, extheader, out);
+    print_header (header, out);
 }
diff --git a/tools/gpgtar.c b/tools/gpgtar.c
index e86ed32..a06e870 100644
--- a/tools/gpgtar.c
+++ b/tools/gpgtar.c
@@ -1,6 +1,5 @@
 /* gpgtar.c - A simple TAR implementation mainly useful for Windows.
  * Copyright (C) 2010 Free Software Foundation, Inc.
- * Copyright (C) 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -29,11 +28,13 @@
    gpg.  So here we go.  */
 
 #include <config.h>
+
 #include <ctype.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <assert.h>
 
 #define INCLUDED_BY_MAIN_MODULE 1
 #include "../common/util.h"
@@ -76,24 +77,18 @@ enum cmd_and_opt_values
     oNull,
     oUtf8Strings,
 
-    oBatch,
-    oAnswerYes,
-    oAnswerNo,
-    oStatusFD,
-    oRequireCompliance,
-    oWithLog,
-
     /* Compatibility with gpg-zip.  */
     oGpgArgs,
     oTarArgs,
+    oTarProgram,
 
     /* Debugging.  */
-    oDryRun
+    oDryRun,
   };
 
 
 /* The list of commands and options. */
-static ARGPARSE_OPTS opts[] = {
+static gpgrt_opt_t opts[] = {
   ARGPARSE_group (300, N_("@Commands:\n ")),
 
   ARGPARSE_c (aCreate,    "create",  N_("create an archive")),
@@ -119,13 +114,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oOpenPGP, "openpgp", "@"),
   ARGPARSE_s_n (oCMS, "cms", "@"),
 
-  ARGPARSE_s_n (oBatch, "batch", "@"),
-  ARGPARSE_s_n (oAnswerYes, "yes", "@"),
-  ARGPARSE_s_n (oAnswerNo, "no", "@"),
-  ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
-  ARGPARSE_s_n (oRequireCompliance, "require-compliance", "@"),
-  ARGPARSE_s_n (oWithLog, "with-log", "@"),
-
   ARGPARSE_group (302, N_("@\nTar options:\n ")),
 
   ARGPARSE_s_s (oDirectory, "directory",
@@ -142,13 +130,14 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oGpgArgs, "gpg-args", "@"),
   ARGPARSE_s_s (oTarArgs, "tar-args", "@"),
+  ARGPARSE_s_s (oTarProgram, "tar", "@"),
 
   ARGPARSE_end ()
 };
 
 
 /* The list of commands and options for tar that we understand. */
-static ARGPARSE_OPTS tar_opts[] = {
+static gpgrt_opt_t tar_opts[] = {
   ARGPARSE_s_s (oDirectory, "directory",
                 N_("|DIRECTORY|extract files into DIRECTORY")),
   ARGPARSE_s_s (oFilesFrom, "files-from",
@@ -272,7 +261,7 @@ shell_parse_stringlist (const char *str, strlist_t *r_list)
           break;
 
         case doublequote:
-          log_assert (s > str || !"cannot be quoted at first char");
+          assert (s > str || !"cannot be quoted at first char");
           if (*s == doublequote && *(s - 1) != '\\')
             quoted = unquoted;
           else
@@ -280,7 +269,7 @@ shell_parse_stringlist (const char *str, strlist_t *r_list)
           break;
 
         default:
-          log_assert (! "reached");
+          assert (! "reached");
         }
     }
 
@@ -327,11 +316,11 @@ shell_parse_argv (const char *s, int *r_argc, char ***r_argv)
 
 /* Command line parsing.  */
 static void
-parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
+parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
 {
   int no_more_options = 0;
 
-  while (!no_more_options && gnupg_argparse (NULL, pargs, popts))
+  while (!no_more_options && gpgrt_argparse (NULL, pargs, popts))
     {
       switch (pargs->r_opt)
         {
@@ -386,13 +375,6 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
         case oOpenPGP: /* Dummy option for now.  */ break;
         case oCMS:     /* Dummy option for now.  */ break;
 
-        case oBatch: opt.batch = 1; break;
-        case oAnswerYes: opt.answer_yes = 1; break;
-        case oAnswerNo: opt.answer_no = 1; break;
-        case oStatusFD: opt.status_fd = pargs->r.ret_int; break;
-        case oRequireCompliance: opt.require_compliance = 1; break;
-        case oWithLog: opt.with_log = 1; break;
-
         case oGpgArgs:;
           {
             strlist_t list;
@@ -409,6 +391,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
           }
           break;
 
+        case oTarProgram:  /* Dummy option.  */
+          break;
+
         case oTarArgs:
           {
             int tar_argc;
@@ -419,12 +404,12 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
                          pargs->r.ret_str);
             else
               {
-                ARGPARSE_ARGS tar_args;
+                gpgrt_argparse_t tar_args;
                 tar_args.argc = &tar_argc;
                 tar_args.argv = &tar_argv;
                 tar_args.flags = ARGPARSE_FLAG_ARG0;
                 parse_arguments (&tar_args, tar_opts);
-                gnupg_argparse (NULL, &tar_args, NULL);
+                gpgrt_argparse (NULL, &tar_args, NULL);
                 if (tar_args.err)
                   log_error ("unsupported tar arguments '%s'\n",
                              pargs->r.ret_str);
@@ -442,6 +427,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
     }
 }
 
+
 
 /* gpgtar main. */
 int
@@ -449,28 +435,24 @@ main (int argc, char **argv)
 {
   gpg_error_t err;
   const char *fname;
-  ARGPARSE_ARGS pargs;
+  gpgrt_argparse_t pargs;
 
   gnupg_reopen_std (GPGTAR_NAME);
-  set_strusage (my_strusage);
+  gpgrt_set_strusage (my_strusage);
   log_set_prefix (GPGTAR_NAME, GPGRT_LOG_WITH_PREFIX);
 
   /* Make sure that our subsystems are ready.  */
   i18n_init();
   init_common_subsystems (&argc, &argv);
-  gnupg_init_signals (0, NULL);
 
   log_assert (sizeof (struct ustar_raw_header) == 512);
 
-  /* Set default options */
-  opt.status_fd = -1;
-
   /* Parse the command line. */
   pargs.argc  = &argc;
   pargs.argv  = &argv;
   pargs.flags = ARGPARSE_FLAG_KEEP;
   parse_arguments (&pargs, opts);
-  gnupg_argparse (NULL, &pargs, NULL);
+  gpgrt_argparse (NULL, &pargs, NULL);
 
   if (log_get_errorcount (0))
     exit (2);
@@ -495,7 +477,7 @@ main (int argc, char **argv)
     {
     case aList:
       if (argc > 1)
-        usage (1);
+        gpgrt_usage (1);
       fname = argc ? *argv : NULL;
       if (opt.filename)
         log_info ("note: ignoring option --set-filename\n");
@@ -511,7 +493,7 @@ main (int argc, char **argv)
     case aSignEncrypt:
       if ((!argc && !files_from)
           || (argc && files_from))
-        usage (1);
+        gpgrt_usage (1);
       if (opt.filename)
         log_info ("note: ignoring option --set-filename\n");
       err = gpgtar_create (files_from? NULL : argv,
@@ -526,7 +508,7 @@ main (int argc, char **argv)
 
     case aDecrypt:
       if (argc != 1)
-        usage (1);
+        gpgrt_usage (1);
       if (opt.outfile)
         log_info ("note: ignoring option --output\n");
       if (files_from)
@@ -547,7 +529,7 @@ main (int argc, char **argv)
 
 
 /* Read the next record from STREAM.  RECORD is a buffer provided by
-   the caller and must be at least of size RECORDSIZE.  The function
+   the caller and must be at leadt of size RECORDSIZE.  The function
    return 0 on success and error code on failure; a diagnostic
    printed as well.  Note that there is no need for an EOF indicator
    because a tarball has an explicit EOF record. */
diff --git a/tools/gpgtar.h b/tools/gpgtar.h
index 9f3c90f..c931b82 100644
--- a/tools/gpgtar.h
+++ b/tools/gpgtar.h
@@ -41,12 +41,6 @@ struct
   int symmetric;
   const char *filename;
   const char *directory;
-  int batch;
-  int answer_yes;
-  int answer_no;
-  int status_fd;
-  int require_compliance;
-  int with_log;
 } opt;
 
 
@@ -101,14 +95,12 @@ typedef enum
     TF_DIRECTORY,
     TF_FIFO,
     TF_RESERVED,
-    TF_GEXTHDR,    /* Global extended header.  */
-    TF_EXTHDR,     /* Extended header.  */
     TF_UNKNOWN,    /* Needs to be treated as regular file.  */
     TF_NOTSUP      /* Not supported (used with --create).  */
   } typeflag_t;
 
 
-/* The internal represenation of a TAR header.  */
+/* The internal representation of a TAR header.  */
 struct tar_header_s;
 typedef struct tar_header_s *tar_header_t;
 struct tar_header_s
@@ -148,9 +140,8 @@ gpg_error_t gpgtar_extract (const char *filename, int decrypt);
 /*-- gpgtar-list.c --*/
 gpg_error_t gpgtar_list (const char *filename, int decrypt);
 gpg_error_t gpgtar_read_header (estream_t stream, tarinfo_t info,
-                                tar_header_t *r_header, strlist_t *r_extheader);
-void gpgtar_print_header (tar_header_t header, strlist_t extheader,
-                          estream_t out);
+                                tar_header_t *r_header);
+void gpgtar_print_header (tar_header_t header, estream_t out);
 
 
 #endif /*GPGTAR_H*/
diff --git a/tools/mime-parser.c b/tools/mime-parser.c
index a151dc6..0db1a9c 100644
--- a/tools/mime-parser.c
+++ b/tools/mime-parser.c
@@ -50,7 +50,7 @@ struct mime_parser_context_s
 {
   void *cookie;                /* Cookie passed to all callbacks.  */
 
-  /* The callback to announce the transation from header to body.  */
+  /* The callback to announce the transition from header to body.  */
   gpg_error_t (*t2body) (void *cookie, int level);
 
   /* The callback to announce a new part.  */
@@ -130,7 +130,7 @@ show_message_parser_event (rfc822parse_event_t event)
 /* Do in-place decoding of quoted-printable data of LENGTH in BUFFER.
    Returns the new length of the buffer and stores true at R_SLBRK if
    the line ended with a soft line break; false is stored if not.
-   This function asssumes that a complete line is passed in
+   This function assumes that a complete line is passed in
    buffer.  */
 static size_t
 qp_decode (char *buffer, size_t length, int *r_slbrk)
@@ -196,7 +196,7 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
   const char *s;
   int rc = 0;
 
-  /* Make the RFC822 parser context availabale for callbacks.  */
+  /* Make the RFC822 parser context available for callbacks.  */
   ctx->msg = msg;
 
   if (ctx->debug)
diff --git a/tools/no-libgcrypt.c b/tools/no-libgcrypt.c
index 8739968..3b57756 100644
--- a/tools/no-libgcrypt.c
+++ b/tools/no-libgcrypt.c
@@ -114,7 +114,7 @@ gcry_free (void *a)
 
 
 /* We need this dummy because exechelp.c uses gcry_control to
-   terminate the secure memeory.  */
+   terminate the secure memory.  */
 gcry_error_t
 gcry_control (enum gcry_ctl_cmds cmd, ...)
 {
diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
index 0a4e2bc..ac6ecb1 100644
--- a/tools/rfc822parse.c
+++ b/tools/rfc822parse.c
@@ -96,7 +96,7 @@ struct rfc822parse_context
   void *callback_value;
   int callback_error;
   int in_body;
-  int in_preamble;      /* Wether we are before the first boundary. */
+  int in_preamble;      /* Whether we are before the first boundary. */
   part_t parts;         /* The tree of parts. */
   part_t current_part;  /* Whom we are processing (points into parts). */
   const char *boundary; /* Current boundary. */
@@ -176,7 +176,7 @@ my_stpcpy (char *a,const char *b)
 #endif
 
 
-/* If a callback has been registerd, call it for the event of type
+/* If a callback has been registered, call it for the event of type
    EVENT. */
 static int
 do_callback (rfc822parse_t msg, rfc822parse_event_t event)
@@ -420,7 +420,12 @@ transition_to_body (rfc822parse_t msg)
               s = rfc822parse_query_parameter (ctx, "boundary", 0);
               if (s)
                 {
-                  assert (!msg->current_part->boundary);
+                  if (msg->current_part->boundary)
+                    {
+                      errno = ENOENT;
+                      return -1;
+                    }
+
                   msg->current_part->boundary = malloc (strlen (s) + 1);
                   if (msg->current_part->boundary)
                     {
@@ -437,7 +442,11 @@ transition_to_body (rfc822parse_t msg)
                           return -1;
                         }
                       rc = do_callback (msg, RFC822PARSE_LEVEL_DOWN);
-                      assert (!msg->current_part->down);
+                      if (msg->current_part->down)
+                        {
+                          errno = ENOENT;
+                          return -1;
+                        }
                       msg->current_part->down = part;
                       msg->current_part = part;
                       msg->in_preamble = 1;
@@ -458,8 +467,12 @@ transition_to_header (rfc822parse_t msg)
 {
   part_t part;
 
-  assert (msg->current_part);
-  assert (!msg->current_part->right);
+  if (!(msg->current_part
+        && !msg->current_part->right))
+    {
+      errno = ENOENT;
+      return -1;
+    }
 
   part = new_part ();
   if (!part)
@@ -476,7 +489,12 @@ insert_header (rfc822parse_t msg, const unsigned char *line, size_t length)
 {
   HDR_LINE hdr;
 
-  assert (msg->current_part);
+  if (!msg->current_part)
+    {
+      errno = ENOENT;
+      return -1;
+    }
+
   if (!length)
     {
       msg->in_body = 1;
@@ -643,7 +661,7 @@ rfc822parse_get_field (rfc822parse_t msg, const char *name, int which,
 
 /****************
  * Enumerate all header.  Caller has to provide the address of a pointer
- * which has to be initialzed to NULL, the caller should then never change this
+ * which has to be initialized to NULL, the caller should then never change this
  * pointer until he has closed the enumeration by passing again the address
  * of the pointer but with msg set to NULL.
  * The function returns pointers to all the header lines or NULL when
@@ -681,7 +699,7 @@ rfc822parse_enum_header_lines (rfc822parse_t msg, void **context)
  *	   >0 : Retrieve the n-th field
 
  * RPREV may be used to return the predecessor of the returned field;
- * which may be NULL for the very first one. It has to be initialzed
+ * which may be NULL for the very first one. It has to be initialized
  * to either NULL in which case the search start at the first header line,
  * or it may point to a headerline, where the search should start
  */
@@ -1078,7 +1096,7 @@ is_parameter (TOKEN t)
    parse context is valid; NULL is returned in case that attr is not
    defined in the header, a missing value is reppresented by an empty string.
 
-   With LOWER_VALUE set to true, a matching field valuebe be
+   With LOWER_VALUE set to true, a matching field value will be
    lowercased.
 
    Note, that ATTR should be lowercase.
diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c
index fc58d14..7a7544b 100644
--- a/tools/watchgnupg.c
+++ b/tools/watchgnupg.c
@@ -1,5 +1,6 @@
 /* watchgnupg.c - Socket server for GnuPG logs
  *	Copyright (C) 2003, 2004, 2010 Free Software Foundation, Inc.
+ *	Copyright (C) 2003, 2004, 2010, 2020 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -30,6 +31,8 @@
 #include <unistd.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <sys/types.h>
+#include <sys/wait.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <fcntl.h>
@@ -53,6 +56,10 @@
 #include "../common/mischelp.h"
 #endif
 
+#ifndef GNUPG_DEF_COPYRIGHT_LINE
+#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2020 g10 Code GmbH"
+#endif
+
 
 static int verbose;
 static int time_only;
@@ -136,8 +143,29 @@ static void
 print_fd_and_time (int fd)
 {
   struct tm *tp;
-  time_t atime = time (NULL);
+  time_t atime;
+
+#ifdef ENABLE_LOG_CLOCK
+  if (time_only == 2)
+    {
+      struct timespec tv;
+      unsigned long long now;
+
+      if (clock_gettime (CLOCK_REALTIME, &tv))
+        now = 0;  /* Error getting clock.  */
+      else
+        {
+          now = tv.tv_sec * 1000000000ull;
+          now += tv.tv_nsec;
+          now /= 1000000;
+        }
+
+      printf ("%3d - %6llu ", fd, now);
+      return;
+    }
+#endif /* ENABLE_LOG_CLOCK */
 
+  atime = time (NULL);
   tp = localtime (&atime);
   if (time_only)
     printf ("%3d - %02d:%02d:%02d ",
@@ -248,12 +276,92 @@ setup_client (int server_fd, int is_un)
 }
 
 
+/* Get the logsocketname by reading from gpgconf.  Caller needs to
+ * release the buffer.  */
+static char *
+get_logname (const char *homedir)
+{
+  int rp[2];
+  pid_t pid;
+  int i, c;
+  unsigned int pos;
+  char filename[1024], *buf;
+  FILE *fp;
+
+  if (pipe (rp) == -1)
+    die ("error creating a pipe: %s", strerror (errno));
+
+  pid = fork ();
+  if (pid == -1)
+    die ("error forking process: %s", strerror (errno));
+
+  if (!pid)
+    { /* Child. */
+      int fd;
+
+      fd = open ("/dev/null", O_WRONLY);
+      if (fd == -1)
+        die ("can't open '/dev/null': %s", strerror (errno));
+      if (fd != 0 && dup2 (fd, 0) == -1)
+        die ("dup2 stderr failed: %s", strerror (errno));
+
+      /* Connect stdout to our pipe. */
+      if (rp[1] != 1 && dup2 (rp[1], 1) == -1)
+        die ("dup2 stdout failed: %s", strerror (errno));
+
+      /* Close other files.  20 is an arbitrary number; at this point
+       * we have not opened many files. */
+      for (i=3; i < 20; i++)
+        close (i);
+      errno = 0;
+
+      if (homedir)
+        execlp ("gpgconf", "gpgconf", "--homedir", homedir,
+                "-0", "--list-dirs", "socketdir", NULL);
+      else
+        execlp ("gpgconf", "gpgconf",
+                "-0", "--list-dirs", "socketdir", NULL);
+      die ("failed to exec gpgconf: %s", strerror (errno));
+    }
+
+  /* Parent. */
+  close (rp[1]);
+
+  fp = fdopen (rp[0], "r");
+  if (!fp)
+    die ("can't fdopen pipe for reading: %s", strerror (errno));
+
+  pos = 0;
+  while ((c=getc (fp)) != EOF)
+    {
+      if (pos+1 >= sizeof filename)
+        die ("gpgconf returned a too long filename\n");
+      filename[pos++] = c;
+      if (!c)
+        break;
+    }
+  fclose (fp);
+  if (c == EOF)
+    die ("error reading from gpgconf: %s", "premature EOF");
+
+  while ((i=waitpid (pid, NULL, 0)) == -1 && errno == EINTR)
+    ;
+  if (i == -1)
+    die ("waiting for gpgconf failed: %s", strerror (errno));
+
+  buf = xmalloc (strlen (filename) + 6 + 1);
+  strcpy (buf, filename);
+  strcat (buf, "/S.log");
+
+  return buf;
+}
+
 
 static void
 print_version (int with_help)
 {
   fputs (MYVERSION_LINE "\n"
-         "Copyright (C) 2017 Free Software Foundation, Inc.\n"
+         GNUPG_DEF_COPYRIGHT_LINE "\n"
          "License GPLv3+: "
          "GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>\n"
          "This is free software: you are free to change and redistribute it.\n"
@@ -262,17 +370,20 @@ print_version (int with_help)
   if (with_help)
     fputs
       ("\n"
-       "Usage: " PGM " [OPTIONS] SOCKETNAME\n"
+       "Usage: " PGM " [OPTIONS] [SOCKETNAME]\n"
        "       " PGM " [OPTIONS] PORT [SOCKETNAME]\n"
        "Open the local socket SOCKETNAME (or the TCP port PORT)\n"
-       "and display log messages\n"
+       "and display log messages.  If --tcp is not used and no\n"
+       "socket name is given, it is taken from the gpgconf tool.\n"
        "\n"
-       "  --tcp       listen on a TCP port and optionally on a local socket\n"
-       "  --force     delete an already existing socket file\n"
-       "  --verbose   enable extra informational output\n"
-       "  --time-only print only the time; not a full timestamp\n"
-       "  --version   print version of the program and exit\n"
-       "  --help      display this help and exit\n"
+       "  --tcp         listen on a TCP port and optionally on a local socket\n"
+       "  --force       delete an already existing socket file\n"
+       "  --verbose     enable extra informational output\n"
+       "  --time-only   print only the time; not a full timestamp\n"
+       "  --clock       print only a millisecond timestamp\n"
+       "  --homedir DIR use DIR for gpgconf's --homedir option\n"
+       "  --version     print version of the program and exit\n"
+       "  --help        display this help and exit\n"
        BUGREPORT_LINE, stdout );
 
   exit (0);
@@ -284,6 +395,8 @@ main (int argc, char **argv)
   int last_argc = -1;
   int force = 0;
   int tcp = 0;
+  char *homedir = NULL;
+  char *logname = NULL;
 
   struct sockaddr_un srvr_addr_un;
   struct sockaddr_in srvr_addr_in;
@@ -320,6 +433,11 @@ main (int argc, char **argv)
           time_only = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--clock"))
+        {
+          time_only = 2;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--force"))
         {
           force = 1;
@@ -330,11 +448,31 @@ main (int argc, char **argv)
           tcp = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--homedir"))
+        {
+          argc--; argv++;
+          if (!argc)
+            die ("option --homedir requires an argument\n");
+          argc--;
+          homedir = *argv++;
+        }
     }
 
-  if (!((!tcp && argc == 1) || (tcp && (argc == 1 || argc == 2))))
+  if (!tcp && argc == 1)
+    ;
+  else if (tcp && (argc == 1 || argc == 2))
+    ; /* Option --tcp optionally allows to also read from a socket. */
+  else if (!tcp && !argc)
     {
-      fprintf (stderr, "usage: " PGM " socketname\n"
+      /* No args given - figure out the socket using gpgconf.  We also
+       * force overwriting the socket because the constructed name
+       * can't be some accidentally given name.  */
+      logname = get_logname (homedir);
+      force = 1;
+    }
+  else
+    {
+      fprintf (stderr, "usage: " PGM " [socketname]\n"
                        "       " PGM " --tcp port [socketname]\n");
       exit (1);
     }
@@ -348,6 +486,8 @@ main (int argc, char **argv)
     {
       port = 0;
     }
+  if (argc)
+    logname = *argv;
 
   setvbuf (stdout, NULL, _IOLBF, 0);
 
@@ -366,13 +506,13 @@ main (int argc, char **argv)
   else
     server_in = -1;
 
-  if (argc)
+  if (logname)
     {
       server_un = socket (PF_LOCAL, SOCK_STREAM, 0);
       if (server_un == -1)
         die ("socket(PF_LOCAL) failed: %s\n", strerror (errno));
       if (verbose)
-        fprintf (stderr, "listening on socket '%s'\n", *argv);
+        fprintf (stderr, "listening on socket '%s'\n", logname);
     }
   else
     server_un = -1;
@@ -406,11 +546,12 @@ main (int argc, char **argv)
       addr_in = (struct sockaddr *)&srvr_addr_in;
       addrlen_in = sizeof srvr_addr_in;
     }
-  if (argc)
+  if (logname)
     {
       memset (&srvr_addr_un, 0, sizeof srvr_addr_un);
       srvr_addr_un.sun_family = AF_LOCAL;
-      strncpy (srvr_addr_un.sun_path, *argv, sizeof (srvr_addr_un.sun_path)-1);
+      strncpy (srvr_addr_un.sun_path, logname,
+               sizeof (srvr_addr_un.sun_path)-1);
       srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path) - 1] = 0;
       addr_un = (struct sockaddr *)&srvr_addr_un;
       addrlen_un = SUN_LEN (&srvr_addr_un);
@@ -431,7 +572,7 @@ main (int argc, char **argv)
           goto again;
         }
       else
-        die ("bind to '%s' failed: %s\n", *argv, strerror (errno));
+        die ("bind to '%s' failed: %s\n", logname, strerror (errno));
     }
 
   if (server_in != -1 && listen (server_in, 5))
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 4fa28bb..516c7fe 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -71,7 +71,7 @@ wks_set_status_fd (int fd)
 }
 
 
-/* Write a status line with code NO followed by the outout of the
+/* Write a status line with code NO followed by the output of the
  * printf style FORMAT.  The caller needs to make sure that LFs and
  * CRs are not printed.  */
 void
@@ -98,28 +98,19 @@ wks_write_status (int no, const char *format, ...)
 
 
 /* Append UID to LIST and return the new item.  On success LIST is
- * updated.  C-style escaping is removed from UID.  On error ERRNO is
- * set and NULL returned. */
+ * updated.  On error ERRNO is set and NULL returned. */
 static uidinfo_list_t
 append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
 {
   uidinfo_list_t r, sl;
-  char *plainuid;
 
-  plainuid = decode_c_string (uid);
-  if (!plainuid)
-    return NULL;
-
-  sl = xtrymalloc (sizeof *sl + strlen (plainuid));
+  sl = xtrymalloc (sizeof *sl + strlen (uid));
   if (!sl)
-    {
-      xfree (plainuid);
-      return NULL;
-    }
+    return NULL;
 
-  strcpy (sl->uid, plainuid);
+  strcpy (sl->uid, uid);
   sl->created = created;
-  sl->mbox = mailbox_from_userid (plainuid);
+  sl->mbox = mailbox_from_userid (uid, 0);
   sl->next = NULL;
   if (!*list)
     *list = sl;
@@ -129,8 +120,6 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
         ;
       r->next = sl;
     }
-
-  xfree (plainuid);
   return sl;
 }
 
@@ -359,7 +348,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
       /* log_debug ("line '%s'\n", line); */
 
       xfree (fields);
-      fields = strtokenize_nt (line, ":");
+      fields = strtokenize (line, ":");
       if (!fields)
         {
           err = gpg_error_from_syserror ();
@@ -406,6 +395,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
         }
       else if (!strcmp (fields[0], "uid") && nfields > 9)
         {
+          /* Fixme: Unescape fields[9] */
           if (!append_to_uidinfo_list (&mboxes, fields[9],
                                        parse_timestamp (fields[5], NULL)))
             {
@@ -477,7 +467,7 @@ wks_filter_uid (estream_t *r_newkey, estream_t key, const char *uid,
     es_fputs ("Content-Type: application/pgp-keys\n"
               "\n", newkey);
 
-  filterexp = es_bsprintf ("keep-uid=-t uid= %s", uid);
+  filterexp = es_bsprintf ("keep-uid=uid= %s", uid);
   if (!filterexp)
     {
       err = gpg_error_from_syserror ();
@@ -778,7 +768,7 @@ wks_fname_from_userid (const char *userid, int hash_only,
   if (r_addrspec)
     *r_addrspec = NULL;
 
-  addrspec = mailbox_from_userid (userid);
+  addrspec = mailbox_from_userid (userid, 0);
   if (!addrspec)
     {
       if (opt.verbose || hash_only)
@@ -790,12 +780,6 @@ wks_fname_from_userid (const char *userid, int hash_only,
   domain = strchr (addrspec, '@');
   log_assert (domain);
   domain++;
-  if (strchr (domain, '/') || strchr (domain, '\\'))
-    {
-      log_info ("invalid domain detected ('%s')\n", domain);
-      err = gpg_error (GPG_ERR_NOT_FOUND);
-      goto leave;
-    }
 
   /* Hash user ID and create filename.  */
   s = strchr (addrspec, '@');
@@ -851,11 +835,6 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec)
   if (!domain || !domain[1] || domain == addrspec)
     return gpg_error (GPG_ERR_INV_ARG);
   domain++;
-  if (strchr (domain, '/') || strchr (domain, '\\'))
-    {
-      log_info ("invalid domain detected ('%s')\n", domain);
-      return gpg_error (GPG_ERR_NOT_FOUND);
-    }
 
   gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, addrspec, domain - addrspec - 1);
   hash = zb32_encode (sha1buf, 8*20);
@@ -866,13 +845,13 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec)
   fname = make_filename_try (opt.directory, domain, NULL);
   if (fname && gnupg_stat (fname, &sb)
       && gpg_err_code_from_syserror () == GPG_ERR_ENOENT)
-    if (!gnupg_mkdir (fname, "-rwxr-xr-x") && opt.verbose)
+    if (!gnupg_mkdir (fname, "-rwxr--r--") && opt.verbose)
       log_info ("directory '%s' created\n", fname);
   xfree (fname);
   fname = make_filename_try (opt.directory, domain, "hu", NULL);
   if (fname && gnupg_stat (fname, &sb)
       && gpg_err_code_from_syserror () == GPG_ERR_ENOENT)
-    if (!gnupg_mkdir (fname, "-rwxr-xr-x") && opt.verbose)
+    if (!gnupg_mkdir (fname, "-rwxr--r--") && opt.verbose)
       log_info ("directory '%s' created\n", fname);
   xfree (fname);
 
@@ -904,11 +883,6 @@ ensure_policy_file (const char *addrspec)
   if (!domain || !domain[1] || domain == addrspec)
     return gpg_error (GPG_ERR_INV_ARG);
   domain++;
-  if (strchr (domain, '/') || strchr (domain, '\\'))
-    {
-      log_info ("invalid domain detected ('%s')\n", domain);
-      return gpg_error (GPG_ERR_NOT_FOUND);
-    }
 
   /* Create the filename.  */
   fname = make_filename_try (opt.directory, domain, "policy", NULL);
@@ -980,7 +954,7 @@ install_key_from_spec_file (const char *fname)
   char *line = NULL;
   size_t linelen = 0;
   size_t maxlen = 2048;
-  char *fields[2];
+  const char *fields[2];
   unsigned int lnr = 0;
 
   if (!fname || !strcmp (fname, ""))
@@ -1052,7 +1026,7 @@ wks_cmd_install_key (const char *fname, const char *userid)
   if (!userid)
     return install_key_from_spec_file (fname);
 
-  addrspec = mailbox_from_userid (userid);
+  addrspec = mailbox_from_userid (userid, 0);
   if (!addrspec)
     {
       log_error ("\"%s\" is not a proper mail address\n", userid);
@@ -1061,8 +1035,7 @@ wks_cmd_install_key (const char *fname, const char *userid)
     }
 
   if (!classify_user_id (fname, &desc, 1)
-      && (desc.mode == KEYDB_SEARCH_MODE_FPR
-          || desc.mode == KEYDB_SEARCH_MODE_FPR20))
+      && desc.mode == KEYDB_SEARCH_MODE_FPR)
     {
       /* FNAME looks like a fingerprint.  Get the key from the
        * standard keyring.  */
diff --git a/tpm2d/Makefile.am b/tpm2d/Makefile.am
new file mode 100644
index 0000000..ef94871
--- /dev/null
+++ b/tpm2d/Makefile.am
@@ -0,0 +1,37 @@
+# Makfile.am - Makefile for tpm2d
+# Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+AM_CPPFLAGS =
+
+include $(top_srcdir)/am/cmacros.am
+
+libexec_PROGRAMS = tpm2daemon
+
+AM_CFLAGS =  $(LIBGCRYPT_CFLAGS) \
+	     $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(LIBTSS_CFLAGS)
+
+tpm2daemon_SOURCES = \
+        command.c \
+        tpm2daemon.c \
+        tpm2.c tpm2.h \
+        tpm2daemon.h ibm-tss.h intel-tss.h
+
+tpm2daemon_LDADD = $(libcommonpth) \
+	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
+	$(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(LIBTSS_LIBS)
diff --git a/tpm2d/Makefile.in b/tpm2d/Makefile.in
new file mode 100644
index 0000000..f55ffbe
--- /dev/null
+++ b/tpm2d/Makefile.in
@@ -0,0 +1,799 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makfile.am - Makefile for tpm2d
+# Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# cmacros.am - C macro definitions
+#     Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\""            \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""    \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\""  \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc.  Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_TPM2DAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_TPM2DAEMON="\"@GNUPG_TPM2DAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
+libexec_PROGRAMS = tpm2daemon$(EXEEXT)
+subdir = tpm2d
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
+	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/ksba.m4 $(top_srcdir)/m4/lcmessage.m4 \
+	$(top_srcdir)/m4/ldap.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libassuan.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/npth.m4 \
+	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
+	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)"
+PROGRAMS = $(libexec_PROGRAMS)
+am_tpm2daemon_OBJECTS = command.$(OBJEXT) tpm2daemon.$(OBJEXT) \
+	tpm2.$(OBJEXT)
+tpm2daemon_OBJECTS = $(am_tpm2daemon_OBJECTS)
+am__DEPENDENCIES_1 =
+tpm2daemon_DEPENDENCIES = $(libcommonpth) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/command.Po ./$(DEPDIR)/tpm2.Po \
+	./$(DEPDIR)/tpm2daemon.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(tpm2daemon_SOURCES)
+DIST_SOURCES = $(tpm2daemon_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/am/cmacros.am \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/mkinstalldirs
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+AWK_HEX_NUMBER_OPTION = @AWK_HEX_NUMBER_OPTION@
+BUILD_FILEVERSION = @BUILD_FILEVERSION@
+BUILD_HOSTNAME = @BUILD_HOSTNAME@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+BUILD_REVISION = @BUILD_REVISION@
+BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
+BUILD_VERSION = @BUILD_VERSION@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENCFS = @ENCFS@
+EXEEXT = @EXEEXT@
+FUSERMOUNT = @FUSERMOUNT@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_KEYBOXD_PGM = @GNUPG_KEYBOXD_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GNUPG_TPM2DAEMON_PGM = @GNUPG_TPM2DAEMON_PGM@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGRT_CONFIG = @GPGRT_CONFIG@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
+GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
+GREP = @GREP@
+HAVE_LIBTSS = @HAVE_LIBTSS@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LBER_LIBS = @LBER_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBTSS_CFLAGS = @LIBTSS_CFLAGS@
+LIBTSS_LIBS = @LIBTSS_LIBS@
+LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+NPTH_CFLAGS = @NPTH_CFLAGS@
+NPTH_CONFIG = @NPTH_CONFIG@
+NPTH_LIBS = @NPTH_LIBS@
+NTBTLS_CFLAGS = @NTBTLS_CFLAGS@
+NTBTLS_CONFIG = @NTBTLS_CONFIG@
+NTBTLS_LIBS = @NTBTLS_LIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+STRIP = @STRIP@
+SWTPM = @SWTPM@
+SWTPM_IOCTL = @SWTPM_IOCTL@
+SYSROOT = @SYSROOT@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TPMSERVER = @TPMSERVER@
+TSSSTARTUP = @TSSSTARTUP@
+TSS_INCLUDE = @TSS_INCLUDE@
+USE_C99_CFLAGS = @USE_C99_CFLAGS@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WINDRES = @WINDRES@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+YAT2M = @YAT2M@
+ZLIBS = @ZLIBS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+# NB: AM_CFLAGS may also be used by tools running on the build
+# platform to create source files.
+AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_1) \
+	$(am__append_2) $(am__append_3) $(am__append_4) \
+	$(am__append_5) $(am__append_6) $(am__append_7) \
+	$(am__append_8)
+@HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
+
+# Under Windows we use LockFileEx.  WindowsCE provides this only on
+# the WindowsMobile 6 platform and thus we need to use the coredll6
+# import library.  We also want to use a stacksize of 256k instead of
+# the 2MB which is the default with cegcc.  256k is the largest stack
+# we use with pth.
+@HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
+@HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
+@HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
+resource_objs = 
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+libcommontls = ../common/libcommontls.a
+libcommontlsnpth = ../common/libcommontlsnpth.a
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
+	     $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) $(LIBTSS_CFLAGS)
+
+tpm2daemon_SOURCES = \
+        command.c \
+        tpm2daemon.c \
+        tpm2.c tpm2.h \
+        tpm2daemon.h ibm-tss.h intel-tss.h
+
+tpm2daemon_LDADD = $(libcommonpth) \
+	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
+	$(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(LIBTSS_LIBS)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj .rc
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tpm2d/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu tpm2d/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+$(top_srcdir)/am/cmacros.am $(am__empty):
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(libexecdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(libexecdir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+tpm2daemon$(EXEEXT): $(tpm2daemon_OBJECTS) $(tpm2daemon_DEPENDENCIES) $(EXTRA_tpm2daemon_DEPENDENCIES) 
+	@rm -f tpm2daemon$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tpm2daemon_OBJECTS) $(tpm2daemon_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm2.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm2daemon.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(libexecdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/command.Po
+	-rm -f ./$(DEPDIR)/tpm2.Po
+	-rm -f ./$(DEPDIR)/tpm2daemon.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/command.Po
+	-rm -f ./$(DEPDIR)/tpm2.Po
+	-rm -f ./$(DEPDIR)/tpm2daemon.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+	clean-generic clean-libexecPROGRAMS cscopelist-am ctags \
+	ctags-am distclean distclean-compile distclean-generic \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am uninstall-libexecPROGRAMS
+
+.PRECIOUS: Makefile
+
+
+@HAVE_W32_SYSTEM_TRUE@.rc.o:
+@HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tpm2d/command.c b/tpm2d/command.c
new file mode 100644
index 0000000..3517811
--- /dev/null
+++ b/tpm2d/command.c
@@ -0,0 +1,505 @@
+/* command.c - TPM2daemon command handler
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ *               2007, 2008, 2009, 2011  Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <signal.h>
+#ifdef USE_NPTH
+# include <npth.h>
+#endif
+
+#include "tpm2daemon.h"
+#include "tpm2.h"
+#include <assuan.h>
+#include <ksba.h>
+#include "../common/asshelp.h"
+#include "../common/server-help.h"
+
+/* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
+#define MAXLEN_PIN 100
+
+/* Maximum allowed size of key data as used in inquiries. */
+#define MAXLEN_KEYDATA 4096
+
+/* Maximum allowed total data size for SETDATA.  */
+#define MAXLEN_SETDATA 4096
+
+/* Maximum allowed size of certificate data as used in inquiries. */
+#define MAXLEN_CERTDATA 16384
+
+
+#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
+
+/* Data used to associate an Assuan context with local server data.
+   This object describes the local properties of one session.  */
+struct server_local_s
+{
+  /* We keep a list of all active sessions with the anchor at
+     SESSION_LIST (see below).  This field is used for linking. */
+  struct server_local_s *next_session;
+
+  /* This object is usually assigned to a CTRL object (which is
+     globally visible).  While enumerating all sessions we sometimes
+     need to access data of the CTRL object; thus we keep a
+     backpointer here. */
+  ctrl_t ctrl_backlink;
+
+  /* The Assuan context used by this session/server. */
+  assuan_context_t assuan_ctx;
+
+#ifdef HAVE_W32_SYSTEM
+  unsigned long event_signal;   /* Or 0 if not used. */
+#else
+  int event_signal;             /* Or 0 if not used. */
+#endif
+
+  /* True if the card has been removed and a reset is required to
+     continue operation. */
+  int card_removed;
+
+  /* If set to true we will be terminate ourself at the end of the
+     this session.  */
+  int stopme;
+
+};
+
+
+/* To keep track of all running sessions, we link all active server
+   contexts and the anchor in this variable.  */
+static struct server_local_s *session_list;
+
+
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+  (void) ctx;
+  (void) line;
+
+  return 0;
+}
+
+
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+
+  if (!strcmp (key, "event-signal"))
+    {
+      /* A value of 0 is allowed to reset the event signal. */
+#ifdef HAVE_W32_SYSTEM
+      if (!*value)
+        return gpg_error (GPG_ERR_ASS_PARAMETER);
+      ctrl->server_local->event_signal = strtoul (value, NULL, 16);
+#else
+      int i = *value? atoi (value) : -1;
+      if (i < 0)
+        return gpg_error (GPG_ERR_ASS_PARAMETER);
+      ctrl->server_local->event_signal = i;
+#endif
+    }
+
+ return 0;
+}
+
+
+static gpg_error_t
+pin_cb (ctrl_t ctrl, const char *info, char **retstr)
+{
+  assuan_context_t ctx = ctrl->ctx;
+  char *command;
+  int rc;
+  unsigned char *value;
+  size_t valuelen;
+
+  *retstr = NULL;
+  log_debug ("asking for PIN '%s'\n", info);
+
+  rc = gpgrt_asprintf (&command, "NEEDPIN %s", info);
+  if (rc < 0)
+    return gpg_error (gpg_err_code_from_errno (errno));
+
+  /* Fixme: Write an inquire function which returns the result in
+     secure memory and check all further handling of the PIN. */
+  rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+  xfree (command);
+  if (rc)
+    return rc;
+
+  if (!valuelen)
+    {
+      /* We require that the returned value is an UTF-8 string */
+      xfree (value);
+      return gpg_error (GPG_ERR_INV_RESPONSE);
+    }
+  *retstr = (char*)value;
+  return 0;
+}
+
+static const char hlp_import[] =
+  "IMPORT\n"
+  "\n"
+  "This command is used to convert a public and secret key to tpm format.\n"
+  "keydata is communicated via an inquire KEYDATA command\n"
+  "The keydata is expected to be the usual canonical encoded\n"
+  "S-expression.  The return will be a TPM format S-expression\n"
+  "\n"
+  "A PIN will be requested.";
+static gpg_error_t
+cmd_import (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int rc;
+  unsigned char *keydata;
+  size_t keydatalen;
+  TSS_CONTEXT *tssc;
+  gcry_sexp_t s_key;
+  unsigned char *shadow_info = NULL;
+  size_t shadow_len;
+
+  line = skip_options (line);
+
+  if (*line)
+    return set_error (GPG_ERR_ASS_PARAMETER, "additional parameters given");
+
+  /* Now get the actual keydata. */
+  assuan_begin_confidential (ctx);
+  rc = assuan_inquire (ctx, "KEYDATA", &keydata, &keydatalen, MAXLEN_KEYDATA);
+  assuan_end_confidential (ctx);
+  if (rc)
+    return rc;
+
+  if ((rc = tpm2_start (&tssc)))
+    goto out;
+  gcry_sexp_new (&s_key, keydata, keydatalen, 0);
+  rc = tpm2_import_key (ctrl, tssc, pin_cb, &shadow_info, &shadow_len,
+			s_key, opt.parent);
+  gcry_sexp_release (s_key);
+  tpm2_end (tssc);
+  if (rc)
+    goto out;
+
+  rc = assuan_send_data (ctx, shadow_info, shadow_len);
+
+ out:
+  xfree (shadow_info);
+  xfree (keydata);
+
+  return rc;
+}
+
+static const char hlp_pksign[] =
+  "PKSIGN\n"
+  "\n"
+  "Get the TPM to produce a signature.  KEYDATA will request the TPM\n"
+  "form S-expression (returned by IMPORT) and EXTRA will be the hash\n"
+  "to sign.  The TPM currently deduces hash type from length.\n"
+  "\n"
+  "A PIN will be requested.";
+static gpg_error_t
+cmd_pksign (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int rc;
+  unsigned char *shadow_info;
+  size_t len;
+  TSS_CONTEXT *tssc;
+  TPM_HANDLE key;
+  TPMI_ALG_PUBLIC type;
+  unsigned char *digest;
+  size_t digestlen;
+  unsigned char *sig;
+  size_t siglen;
+
+  line = skip_options (line);
+
+  if (*line)
+    return set_error (GPG_ERR_ASS_PARAMETER, "additional parameters given");
+
+  /* Now get the actual keydata. */
+  rc = assuan_inquire (ctx, "KEYDATA", &shadow_info, &len, MAXLEN_KEYDATA);
+  if (rc)
+    return rc;
+
+  rc = assuan_inquire (ctx, "EXTRA", &digest, &digestlen, MAXLEN_KEYDATA);
+  if (rc)
+    goto out_freeshadow;
+
+  rc = tpm2_start (&tssc);
+  if (rc)
+    goto out;
+
+  rc = tpm2_load_key (tssc, shadow_info, &key, &type);
+  if (rc)
+    goto end_out;
+
+  rc = tpm2_sign (ctrl, tssc, key, pin_cb, type, digest, digestlen,
+		 &sig, &siglen);
+
+  tpm2_flush_handle (tssc, key);
+
+ end_out:
+  tpm2_end (tssc);
+
+  if (rc)
+    goto out;
+
+  rc = assuan_send_data (ctx, sig, siglen);
+  xfree (sig);
+
+ out:
+  xfree (digest);
+ out_freeshadow:
+  xfree (shadow_info);
+
+  return rc;
+}
+
+static const char hlp_pkdecrypt[] =
+  "PKDECRYPT\n"
+  "Get the TPM to recover a symmetric key.  KEYDATA will request the TPM\n"
+  "form S-expression (returned by IMPORT) and EXTRA will be the input\n"
+  "to derive or decrypt.  The return will be the symmetric key\n"
+  "\n"
+  "\n"
+  "A PIN will be requested.";
+static gpg_error_t
+cmd_pkdecrypt (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  int rc;
+  unsigned char *shadow_info;
+  size_t len;
+  TSS_CONTEXT *tssc;
+  TPM_HANDLE key;
+  TPMI_ALG_PUBLIC type;
+  unsigned char *crypto;
+  size_t cryptolen;
+  char *buf;
+  size_t buflen;
+
+  line = skip_options (line);
+
+  if (*line)
+    return set_error (GPG_ERR_ASS_PARAMETER, "additional parameters given");
+
+  /* Now get the actual keydata. */
+  rc = assuan_inquire (ctx, "KEYDATA", &shadow_info, &len, MAXLEN_KEYDATA);
+  if (rc)
+    return rc;
+
+  rc = assuan_inquire (ctx, "EXTRA", &crypto, &cryptolen, MAXLEN_KEYDATA);
+  if (rc)
+    goto out_freeshadow;
+
+  rc = tpm2_start (&tssc);
+  if (rc)
+    goto out;
+
+  rc = tpm2_load_key (tssc, shadow_info, &key, &type);
+  if (rc)
+    goto end_out;
+
+  if (type == TPM_ALG_RSA)
+    rc = tpm2_rsa_decrypt (ctrl, tssc, key, pin_cb, crypto,
+			   cryptolen, &buf, &buflen);
+  else if (type == TPM_ALG_ECC)
+    rc = tpm2_ecc_decrypt (ctrl, tssc, key, pin_cb, crypto,
+			   cryptolen, &buf, &buflen);
+
+  tpm2_flush_handle (tssc, key);
+
+ end_out:
+  tpm2_end (tssc);
+
+  if (rc)
+    goto out;
+
+  rc = assuan_send_data (ctx, buf, buflen);
+  xfree (buf);
+
+ out:
+  xfree (crypto);
+ out_freeshadow:
+  xfree (shadow_info);
+
+  return rc;
+}
+
+static const char hlp_killtpm2d[] =
+  "KILLTPM2D\n"
+  "\n"
+  "Commit suicide.";
+static gpg_error_t
+cmd_killtpm2d (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+
+  (void)line;
+
+  ctrl->server_local->stopme = 1;
+  assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
+  return 0;
+}
+
+
+
+/* Tell the assuan library about our commands */
+static int
+register_commands (assuan_context_t ctx)
+{
+  static struct {
+    const char *name;
+    assuan_handler_t handler;
+    const char * const help;
+  } table[] = {
+    { "IMPORT",       cmd_import,     hlp_import },
+    { "PKSIGN",       cmd_pksign,     hlp_pksign },
+    { "PKDECRYPT",    cmd_pkdecrypt,  hlp_pkdecrypt },
+    { "KILLTPM2D",    cmd_killtpm2d,  hlp_killtpm2d },
+    { NULL }
+  };
+  int i, rc;
+
+  for (i=0; table[i].name; i++)
+    {
+      rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+                                    table[i].help);
+      if (rc)
+        return rc;
+    }
+  assuan_set_hello_line (ctx, "GNU Privacy Guard's TPM2 server ready");
+
+  assuan_register_reset_notify (ctx, reset_notify);
+  assuan_register_option_handler (ctx, option_handler);
+  return 0;
+}
+
+
+/* Startup the server.  If FD is given as -1 this is simple pipe
+   server, otherwise it is a regular server.  Returns true if there
+   are no more active asessions.  */
+int
+tpm2d_command_handler (ctrl_t ctrl, int fd)
+{
+  int rc;
+  assuan_context_t ctx = NULL;
+  int stopme;
+
+  rc = assuan_new (&ctx);
+  if (rc)
+    {
+      log_error ("failed to allocate assuan context: %s\n",
+                 gpg_strerror (rc));
+      tpm2d_exit (2);
+    }
+
+  if (fd == -1)
+    {
+      assuan_fd_t filedes[2];
+
+      filedes[0] = assuan_fdopen (0);
+      filedes[1] = assuan_fdopen (1);
+      rc = assuan_init_pipe_server (ctx, filedes);
+    }
+  else
+    {
+      rc = assuan_init_socket_server (ctx, INT2FD (fd),
+                                      ASSUAN_SOCKET_SERVER_ACCEPTED);
+    }
+  if (rc)
+    {
+      log_error ("failed to initialize the server: %s\n",
+                 gpg_strerror (rc));
+      tpm2d_exit (2);
+    }
+  rc = register_commands (ctx);
+  if (rc)
+    {
+      log_error ("failed to register commands with Assuan: %s\n",
+                 gpg_strerror (rc));
+      tpm2d_exit (2);
+    }
+  assuan_set_pointer (ctx, ctrl);
+  ctrl->ctx = ctx;
+
+  /* Allocate and initialize the server object.  Put it into the list
+     of active sessions. */
+  ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local);
+  ctrl->server_local->next_session = session_list;
+  session_list = ctrl->server_local;
+  ctrl->server_local->ctrl_backlink = ctrl;
+  ctrl->server_local->assuan_ctx = ctx;
+
+  /* Command processing loop. */
+  for (;;)
+    {
+      rc = assuan_accept (ctx);
+      if (rc == -1)
+        {
+          break;
+        }
+      else if (rc)
+        {
+          log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
+          break;
+        }
+
+      rc = assuan_process (ctx);
+      if (rc)
+        {
+          log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
+          continue;
+        }
+    }
+
+  /* Release the server object.  */
+  if (session_list == ctrl->server_local)
+    session_list = ctrl->server_local->next_session;
+  else
+    {
+      struct server_local_s *sl;
+
+      for (sl=session_list; sl->next_session; sl = sl->next_session)
+        if (sl->next_session == ctrl->server_local)
+          break;
+      if (!sl->next_session)
+          BUG ();
+      sl->next_session = ctrl->server_local->next_session;
+    }
+  stopme = ctrl->server_local->stopme;
+  xfree (ctrl->server_local);
+  ctrl->server_local = NULL;
+
+  /* Release the Assuan context.  */
+  assuan_release (ctx);
+
+  if (stopme)
+    tpm2d_exit (0);
+
+  /* If there are no more sessions return true.  */
+  return !session_list;
+}
diff --git a/tpm2d/ibm-tss.h b/tpm2d/ibm-tss.h
new file mode 100644
index 0000000..4ca49a6
--- /dev/null
+++ b/tpm2d/ibm-tss.h
@@ -0,0 +1,396 @@
+/* ibm-tss.h -  Supporting TPM routines for the IBM TSS
+ * Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef _TPM2_IBM_TSS_H
+#define _TPM2_IBM_TSS_H
+
+#define TSSINCLUDE(x) < TSS_INCLUDE/x >
+#include TSSINCLUDE(tss.h)
+#include TSSINCLUDE(tssutils.h)
+#include TSSINCLUDE(tssresponsecode.h)
+#include TSSINCLUDE(tssmarshal.h)
+#include TSSINCLUDE(Unmarshal_fp.h)
+#include TSSINCLUDE(tsscryptoh.h)
+
+#define EXT_TPM_RH_OWNER	TPM_RH_OWNER
+
+#define VAL(X)			X.val
+#define VAL_2B(X, MEMBER)	X.t.MEMBER
+
+static const char *tpm2_dir;
+
+/* The TPM builds a small database of active files representing key
+ * parameters used for authentication and session encryption.  Make sure
+ * they're contained in a separate directory to avoid stepping on any
+ * other application uses of the TPM */
+static inline const char *
+tpm2_set_unique_tssdir (void)
+{
+  char *prefix = getenv ("XDG_RUNTIME_DIR"), *template,
+    *dir;
+  int len = 0;
+
+  if (!prefix)
+    prefix = "/tmp";
+
+  len = snprintf (NULL, 0, "%s/tss2.XXXXXX", prefix);
+  if (len <= 0)
+    return NULL;
+  template = xtrymalloc (len + 1);
+  if (!template)
+    return NULL;
+
+  len++;
+  len = snprintf (template, len, "%s/tss2.XXXXXX", prefix);
+
+  dir = mkdtemp (template);
+
+  return dir;
+}
+
+static inline void
+tpm2_error (TPM_RC rc, const char *prefix)
+{
+  const char *msg, *submsg, *num;
+
+  TSS_ResponseCode_toString (&msg, &submsg, &num, rc);
+  log_error ("%s gave TPM2 Error: %s%s%s", prefix, msg, submsg, num);
+}
+
+static inline int
+TSS_start (TSS_CONTEXT **tssc)
+{
+  TPM_RC rc;
+
+  tpm2_dir = tpm2_set_unique_tssdir ();
+  if (!tpm2_dir)
+    /* make this non fatal */
+    log_error ("Failed to set unique TPM directory\n");
+
+  rc = TSS_Create (tssc);
+  if (rc)
+    {
+      tpm2_error (rc, "TSS_Create");
+      return GPG_ERR_CARD;
+    }
+  rc = TSS_SetProperty (*tssc, TPM_DATA_DIR, tpm2_dir);
+  if (rc)
+    /* make this non fatal */
+    tpm2_error (rc, "TSS_SetProperty");
+
+  return 0;
+}
+
+static inline TPM_RC
+tpm2_CreatePrimary (TSS_CONTEXT *tssContext, TPM_HANDLE primaryHandle,
+		    TPM2B_SENSITIVE_CREATE *inSensitive,
+		    TPM2B_PUBLIC *inPublic, TPM_HANDLE *objectHandle)
+{
+  CreatePrimary_In in;
+  CreatePrimary_Out out;
+  TPM_RC rc;
+
+  in.primaryHandle = primaryHandle;
+  in.inSensitive = *inSensitive;
+  in.inPublic = *inPublic;
+  /* no outside info */
+  in.outsideInfo.t.size = 0;
+  /* no PCR state */
+  in.creationPCR.count = 0;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_CreatePrimary,
+		    TPM_RS_PW, NULL, 0,
+		    TPM_RH_NULL, NULL, 0);
+
+  *objectHandle = out.objectHandle;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_FlushContext (TSS_CONTEXT *tssContext, TPM_HANDLE flushHandle)
+{
+  FlushContext_In in;
+  TPM_RC rc;
+
+  in.flushHandle = flushHandle;
+
+  rc = TSS_Execute (tssContext,
+		    NULL,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_FlushContext,
+		    TPM_RH_NULL, NULL, 0);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_ReadPublic (TSS_CONTEXT *tssContext, TPM_HANDLE objectHandle,
+		 TPMT_PUBLIC *pub, TPM_HANDLE auth)
+{
+  ReadPublic_In rin;
+  ReadPublic_Out rout;
+  TPM_RC rc;
+  UINT32 flags = 0;
+
+  if (auth != TPM_RH_NULL)
+    flags = TPMA_SESSION_ENCRYPT;
+
+  rin.objectHandle = objectHandle;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&rout,
+		    (COMMAND_PARAMETERS *)&rin,
+		    NULL,
+		    TPM_CC_ReadPublic,
+		    auth, NULL, flags,
+		    TPM_RH_NULL, NULL, 0);
+
+  if (rc)
+    {
+      tpm2_error (rc, "TPM2_ReadPublic");
+      return rc;
+    }
+
+  if (pub)
+    *pub = rout.outPublic.publicArea;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_StartAuthSession (TSS_CONTEXT *tssContext, TPM_HANDLE tpmKey,
+		       TPM_HANDLE bind, TPM_SE sessionType,
+		       TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash,
+		       TPM_HANDLE *sessionHandle,
+		       const char *bindPassword)
+{
+  StartAuthSession_In in;
+  StartAuthSession_Out out;
+  StartAuthSession_Extra extra;
+  TPM_RC rc;
+
+  memset (&in, 0, sizeof(in));
+  memset (&extra, 0 , sizeof(extra));
+
+  extra.bindPassword = bindPassword;
+
+  in.tpmKey = tpmKey;
+  in.bind = bind;
+  in.sessionType = sessionType;
+  in.symmetric = *symmetric;
+  in.authHash = authHash;
+
+  if (tpmKey != TPM_RH_NULL)
+    {
+      /*
+       * For the TSS to use a key as salt, it must have
+       * access to the public part.  It does this by keeping
+       * key files, but request the public part just to make
+       * sure
+       */
+      tpm2_ReadPublic (tssContext, tpmKey,  NULL, TPM_RH_NULL);
+      /*
+       * don't care what rout returns, the purpose of the
+       * operation was to get the public key parameters into
+       * the tss so it can construct the salt
+       */
+    }
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    (EXTRA_PARAMETERS *)&extra,
+		    TPM_CC_StartAuthSession,
+		    TPM_RH_NULL, NULL, 0);
+
+  *sessionHandle = out.sessionHandle;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_Sign (TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle, DIGEST_2B *digest,
+	   TPMT_SIG_SCHEME *inScheme, TPMT_SIGNATURE *signature,
+	   TPM_HANDLE auth, const char *authVal)
+{
+  Sign_In in;
+  Sign_Out out;
+  TPM_RC rc;
+
+  in.keyHandle = keyHandle;
+  in.digest.t = *digest;
+  in.inScheme = *inScheme;
+  in.validation.tag = TPM_ST_HASHCHECK;
+  in.validation.hierarchy = TPM_RH_NULL;
+  in.validation.digest.t.size = 0;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_Sign,
+		    auth, authVal, 0,
+		    TPM_RH_NULL, NULL, 0);
+
+  *signature = out.signature;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_ECDH_ZGen (TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle,
+		TPM2B_ECC_POINT *inPoint, TPM2B_ECC_POINT *outPoint,
+		TPM_HANDLE auth, const char *authVal)
+{
+  ECDH_ZGen_In in;
+  ECDH_ZGen_Out out;
+  TPM_RC rc;
+
+  in.keyHandle = keyHandle;
+  in.inPoint = *inPoint;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_ECDH_ZGen,
+		    auth, authVal, TPMA_SESSION_ENCRYPT,
+		    TPM_RH_NULL, NULL, 0);
+
+  *outPoint = out.outPoint;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_RSA_Decrypt (TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle,
+		  PUBLIC_KEY_RSA_2B *cipherText, TPMT_RSA_DECRYPT *inScheme,
+		  PUBLIC_KEY_RSA_2B *message,
+		  TPM_HANDLE auth, const char *authVal, int flags)
+{
+  RSA_Decrypt_In in;
+  RSA_Decrypt_Out out;
+  TPM_RC rc;
+
+  in.keyHandle = keyHandle;
+  in.inScheme = *inScheme;
+  in.cipherText.t = *cipherText;
+  in.label.t.size = 0;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_RSA_Decrypt,
+		    auth, authVal, flags,
+		    TPM_RH_NULL, NULL, 0);
+
+  *message = out.message.t;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_Load (TSS_CONTEXT *tssContext, TPM_HANDLE parentHandle,
+	   PRIVATE_2B *inPrivate, TPM2B_PUBLIC *inPublic,
+	   TPM_HANDLE *objectHandle,
+	   TPM_HANDLE auth, const char *authVal)
+{
+  Load_In in;
+  Load_Out out;
+  TPM_RC rc;
+
+  in.parentHandle = parentHandle;
+  in.inPrivate.t = *inPrivate;
+  in.inPublic = *inPublic;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&out,
+		    (COMMAND_PARAMETERS *)&in,
+		    NULL,
+		    TPM_CC_Load,
+		    auth, authVal, 0,
+		    TPM_RH_NULL, NULL, 0);
+
+  if (rc == TPM_RC_SUCCESS)
+    *objectHandle = out.objectHandle;
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_Import (TSS_CONTEXT *tssContext, TPM_HANDLE parentHandle,
+	     DATA_2B *encryptionKey, TPM2B_PUBLIC *objectPublic,
+	     PRIVATE_2B *duplicate, ENCRYPTED_SECRET_2B *inSymSeed,
+	     TPMT_SYM_DEF_OBJECT *symmetricAlg, PRIVATE_2B *outPrivate,
+	     TPM_HANDLE auth, const char *authVal)
+{
+  Import_In iin;
+  Import_Out iout;
+  TPM_RC rc;
+
+  iin.parentHandle = parentHandle;
+  iin.encryptionKey.t = *encryptionKey;
+  iin.objectPublic = *objectPublic;
+  iin.duplicate.t = *duplicate;
+  iin.inSymSeed.t = *inSymSeed;
+  iin.symmetricAlg = *symmetricAlg;
+
+  rc = TSS_Execute (tssContext,
+		    (RESPONSE_PARAMETERS *)&iout,
+		    (COMMAND_PARAMETERS *)&iin,
+		    NULL,
+		    TPM_CC_Import,
+		    auth, authVal, TPMA_SESSION_DECRYPT,
+		    TPM_RH_NULL, NULL, 0);
+
+  *outPrivate = iout.outPrivate.t;
+
+  return rc;
+}
+
+static inline TPM_HANDLE
+tpm2_handle_int (TSS_CONTEXT *tssContext, TPM_HANDLE h)
+{
+  (void)tssContext;
+  return h;
+}
+
+static inline TPM_HANDLE
+tpm2_handle_ext (TSS_CONTEXT *tssContext, TPM_HANDLE h)
+{
+  (void)tssContext;
+  return h;
+}
+
+static inline int
+tpm2_handle_mso (TSS_CONTEXT *tssContext, TPM_HANDLE h, UINT32 mso)
+{
+  (void)tssContext;
+  return (h >> 24) == mso;
+}
+
+#endif
diff --git a/tpm2d/intel-tss.h b/tpm2d/intel-tss.h
new file mode 100644
index 0000000..615f81e
--- /dev/null
+++ b/tpm2d/intel-tss.h
@@ -0,0 +1,684 @@
+/* intel-tss.h -  Supporting TPM routines for the Intel TSS
+ * Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+ *
+ * Some portions of the TSS routines are
+ * (c) Copyright IBM Corporation 2015 - 2019
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef _GNUPG_TPM2_INTEL_TSS_H
+#define _GNUPG_TPM2_INTEL_TSS_H
+
+#include <tss2/tss2_esys.h>
+#include <tss2/tss2_mu.h>
+#include <tss2/tss2_rc.h>
+#include <tss2/tss2_tcti.h>
+#include <tss2/tss2_tctildr.h>
+
+#define EXT_TPM_RH_OWNER	TPM2_RH_OWNER
+#define EXT_TPM_RH_PLATFORM	TPM2_RH_PLATFORM
+#define EXT_TPM_RH_ENDORSEMENT	TPM2_RH_ENDORSEMENT
+#define EXT_TPM_RH_NULL		TPM2_RH_NULL
+#define INT_TPM_RH_NULL		ESYS_TR_RH_NULL
+
+#define TSS_CONTEXT		ESYS_CONTEXT
+
+#define MAX_RESPONSE_SIZE	TPM2_MAX_RESPONSE_SIZE
+#define MAX_RSA_KEY_BYTES	TPM2_MAX_RSA_KEY_BYTES
+#define MAX_ECC_CURVES		TPM2_MAX_ECC_CURVES
+#define MAX_ECC_KEY_BYTES	TPM2_MAX_ECC_KEY_BYTES
+#define MAX_SYM_DATA		TPM2_MAX_SYM_DATA
+
+#define AES_128_BLOCK_SIZE_BYTES	16
+
+/*
+ * The TCG defines all begin TPM_ but for some unknown reason Intel
+ * ignored this and all its defines begin TPM2_
+ */
+
+#define TPM_RC_SUCCESS		TPM2_RC_SUCCESS
+#define TPM_RC_SYMMETRIC	TPM2_RC_SYMMETRIC
+#define TPM_RC_ASYMMETRIC	TPM2_RC_ASYMMETRIC
+#define TPM_RC_CURVE		TPM2_RC_CURVE
+#define TPM_RC_KEY_SIZE		TPM2_RC_KEY_SIZE
+#define TPM_RC_KEY		TPM2_RC_KEY
+#define TPM_RC_VALUE		TPM2_RC_VALUE
+#define TPM_RC_POLICY		TPM2_RC_POLICY
+#define TPM_RC_FAILURE		TPM2_RC_FAILURE
+#define TPM_RC_AUTH_FAIL	TPM2_RC_AUTH_FAIL
+#define TPM_RC_BAD_AUTH		TPM2_RC_BAD_AUTH
+
+#define RC_VER1			TPM2_RC_VER1
+#define RC_FMT1			TPM2_RC_FMT1
+
+#define TPM_EO_EQ		TPM2_EO_EQ
+#define TPM_EO_NEQ		TPM2_EO_NEQ
+#define TPM_EO_SIGNED_GT	TPM2_EO_SIGNED_GT
+#define TPM_EO_UNSIGNED_GT	TPM2_EO_UNSIGNED_GT
+#define TPM_EO_SIGNED_LT	TPM2_EO_SIGNED_LT
+#define TPM_EO_UNSIGNED_LT	TPM2_EO_UNSIGNED_LT
+#define TPM_EO_SIGNED_GE	TPM2_EO_SIGNED_GE
+#define TPM_EO_UNSIGNED_GE	TPM2_EO_UNSIGNED_GE
+#define TPM_EO_SIGNED_LE	TPM2_EO_SIGNED_LE
+#define TPM_EO_UNSIGNED_LE	TPM2_EO_UNSIGNED_LE
+#define TPM_EO_BITSET		TPM2_EO_BITSET
+#define TPM_EO_BITCLEAR		TPM2_EO_BITCLEAR
+
+#define TPM_CC_PolicyPCR	TPM2_CC_PolicyPCR
+#define TPM_CC_PolicyAuthValue	TPM2_CC_PolicyAuthValue
+#define TPM_CC_PolicyCounterTimer	TPM2_CC_PolicyCounterTimer
+
+#define TPM_ST_HASHCHECK	TPM2_ST_HASHCHECK
+
+#define TPM_RH_OWNER		ESYS_TR_RH_OWNER
+#define TPM_RH_PLATFORM		ESYS_TR_RH_PLATFORM
+#define TPM_RH_ENDORSEMENT	ESYS_TR_RH_ENDORSEMENT
+#define TPM_RH_NULL		ESYS_TR_NONE
+#define TPM_RS_PW		ESYS_TR_PASSWORD
+
+#define TPM_HT_PERMANENT	TPM2_HT_PERMANENT
+#define TPM_HT_TRANSIENT	TPM2_HT_TRANSIENT
+#define TPM_HT_PERSISTENT	TPM2_HT_PERSISTENT
+
+#define TPM_HANDLE		ESYS_TR
+#define TPM_RC			TPM2_RC
+#define TPM_CC			TPM2_CC
+
+#define TPM_ALG_ID		TPM2_ALG_ID
+#define TPM_SE			TPM2_SE
+#define TPM_SE_HMAC		TPM2_SE_HMAC
+#define TPM_SE_POLICY		TPM2_SE_POLICY
+#define TPM_CAP			TPM2_CAP
+#define TPM_CAP_ECC_CURVES	TPM2_CAP_ECC_CURVES
+#define TPM_EO			TPM2_EO
+
+#define TPM_ECC_NONE		TPM2_ECC_NONE
+#define TPM_ECC_NIST_P192	TPM2_ECC_NIST_P192
+#define TPM_ECC_NIST_P224	TPM2_ECC_NIST_P224
+#define TPM_ECC_NIST_P256	TPM2_ECC_NIST_P256
+#define TPM_ECC_NIST_P384	TPM2_ECC_NIST_P384
+#define TPM_ECC_NIST_P521	TPM2_ECC_NIST_P521
+#define TPM_ECC_BN_P256		TPM2_ECC_BN_P256
+#define TPM_ECC_BN_P638		TPM2_ECC_BN_P638
+#define TPM_ECC_SM2_P256	TPM2_ECC_SM2_P256
+
+#define TPM_ALG_NULL		TPM2_ALG_NULL
+#define TPM_ALG_SHA1		TPM2_ALG_SHA1
+#define TPM_ALG_SHA256		TPM2_ALG_SHA256
+#define TPM_ALG_SHA384		TPM2_ALG_SHA384
+#define TPM_ALG_SHA512		TPM2_ALG_SHA512
+#define TPM_ALG_AES		TPM2_ALG_AES
+#define TPM_ALG_CFB		TPM2_ALG_CFB
+#define TPM_ALG_RSA		TPM2_ALG_RSA
+#define TPM_ALG_RSASSA		TPM2_ALG_RSASSA
+#define TPM_ALG_ECC		TPM2_ALG_ECC
+#define TPM_ALG_KEYEDHASH	TPM2_ALG_KEYEDHASH
+#define TPM_ALG_RSAES		TPM2_ALG_RSAES
+#define TPM_ALG_OAEP		TPM2_ALG_OAEP
+#define TPM_ALG_ECDSA		TPM2_ALG_ECDSA
+
+/* the odd TPMA_OBJECT_  type is wrong too */
+
+#define TPMA_OBJECT_SIGN	TPMA_OBJECT_SIGN_ENCRYPT
+
+/* Intel and IBM have slightly different names for all the 2B structures */
+
+#define NAME_2B			TPM2B_NAME
+#define DATA_2B			TPM2B_DATA
+#define PRIVATE_2B		TPM2B_PRIVATE
+#define ENCRYPTED_SECRET_2B	TPM2B_ENCRYPTED_SECRET
+#define KEY_2B			TPM2B_KEY
+#define TPM2B_KEY		TPM2B_DATA
+#define DIGEST_2B		TPM2B_DIGEST
+#define ECC_PARAMETER_2B	TPM2B_ECC_PARAMETER
+#define SENSITIVE_DATA_2B	TPM2B_SENSITIVE_DATA
+#define PUBLIC_KEY_RSA_2B	TPM2B_PUBLIC_KEY_RSA
+
+#define FALSE			0
+#define TRUE			1
+
+typedef struct {
+	uint16_t size;
+	BYTE buffer[];
+} TPM2B;
+
+#define TSS_CONVERT_MARSHAL(TYPE, PTR)				\
+static inline TPM_RC						\
+TSS_##TYPE##_Marshal(const TYPE *source, UINT16 *written,	\
+		     BYTE **buffer, INT32 *size)		\
+{								\
+  size_t offset = 0;						\
+  TPM_RC rc;							\
+								\
+  rc = Tss2_MU_##TYPE##_Marshal(PTR source, *buffer, *size, &offset); \
+								\
+  *buffer += offset;						\
+  *size -= offset;						\
+  *written = offset;						\
+								\
+  return rc;							\
+}
+#define TSS_CONVERT_UNMARSHAL(TYPE, ARG)			\
+static inline TPM_RC						\
+TYPE##_Unmarshal##ARG(TYPE *dest,				\
+		 BYTE **buffer, INT32 *size)			\
+{								\
+  size_t offset = 0;						\
+  TPM_RC rc;							\
+								\
+  memset(dest, 0, sizeof(TYPE));				\
+  rc = Tss2_MU_##TYPE##_Unmarshal(*buffer, *size, &offset, dest);	\
+								\
+  *buffer += offset;						\
+  *size -= offset;						\
+								\
+  return rc;							\
+}
+
+TSS_CONVERT_MARSHAL(TPMT_PUBLIC, )
+TSS_CONVERT_MARSHAL(UINT16, *)
+TSS_CONVERT_MARSHAL(TPMT_SENSITIVE, )
+TSS_CONVERT_MARSHAL(TPM2B_ECC_POINT, )
+TSS_CONVERT_MARSHAL(TPM2B_DIGEST, )
+TSS_CONVERT_MARSHAL(TPM2B_PUBLIC, )
+TSS_CONVERT_MARSHAL(TPM2B_PRIVATE, )
+
+TSS_CONVERT_UNMARSHAL(TPML_PCR_SELECTION, )
+TSS_CONVERT_UNMARSHAL(TPM2B_PRIVATE, )
+TSS_CONVERT_UNMARSHAL(TPM2B_PUBLIC, X)
+TSS_CONVERT_UNMARSHAL(TPM2B_ENCRYPTED_SECRET, )
+TSS_CONVERT_UNMARSHAL(UINT16, )
+TSS_CONVERT_UNMARSHAL(UINT32, )
+
+#define ARRAY_SIZE(A) (sizeof(A)/sizeof(A[0]))
+
+#define TPM2B_PUBLIC_Unmarshal(A, B, C, D) TPM2B_PUBLIC_UnmarshalX(A, B, C)
+#define TPM_EO_Unmarshal	UINT16_Unmarshal
+#define TPM_CC_Unmarshal	UINT32_Unmarshal
+
+#define VAL(X) X
+#define VAL_2B(X, MEMBER) X.MEMBER
+#define VAL_2B_P(X, MEMBER) X->MEMBER
+
+static const struct {
+  TPM_ALG_ID alg;
+  int gcrypt_algo;
+  int size;
+} TSS_Hashes[] = {
+  { TPM_ALG_SHA1,   GCRY_MD_SHA1,     20 },
+  { TPM_ALG_SHA256, GCRY_MD_SHA256,   32 },
+  { TPM_ALG_SHA384, GCRY_MD_SHA3_384, 48 },
+  { TPM_ALG_SHA512, GCRY_MD_SHA3_512, 64 }
+};
+
+static inline void
+intel_auth_helper(TSS_CONTEXT *tssContext, TPM_HANDLE auth, const char *authVal)
+{
+  TPM2B_AUTH authVal2B;
+
+  if (authVal)
+    {
+      authVal2B.size = strlen(authVal);
+      memcpy(authVal2B.buffer, authVal, authVal2B.size);
+    }
+  else
+    {
+      authVal2B.size = 0;
+    }
+  Esys_TR_SetAuth(tssContext, auth, &authVal2B);
+}
+
+static inline void
+intel_sess_helper(TSS_CONTEXT *tssContext, TPM_HANDLE auth, TPMA_SESSION flags)
+{
+  Esys_TRSess_SetAttributes(tssContext, auth, flags,
+			    TPMA_SESSION_CONTINUESESSION | flags);
+}
+
+static inline TPM_HANDLE
+intel_handle(TPM_HANDLE h)
+{
+  if (h == 0)
+    return ESYS_TR_NONE;
+  return h;
+}
+
+static inline void
+TSS_Delete(TSS_CONTEXT *tssContext)
+{
+  TSS2_TCTI_CONTEXT *tcti_ctx;
+  TPM_RC rc;
+
+  rc = Esys_GetTcti(tssContext, &tcti_ctx);
+  Esys_Finalize(&tssContext);
+  if (rc == TPM_RC_SUCCESS)
+    Tss2_TctiLdr_Finalize(&tcti_ctx);
+}
+
+static inline TPM_RC
+TSS_Create(TSS_CONTEXT **tssContext)
+{
+  TPM_RC rc;
+  TSS2_TCTI_CONTEXT *tcti_ctx = NULL;
+  char *intType;
+  char *tctildr = NULL;
+
+  intType = getenv("TPM_INTERFACE_TYPE");
+  /*
+   * FIXME: This should be way more sophisticated, but it's
+   * enough to get the simulator tests running
+   */
+  if (intType)
+    {
+      if (strcmp("socsim", intType) == 0) {
+	tctildr = "mssim";
+      }
+      else if (strcmp("dev", intType) == 0)
+	{
+	  tctildr = "device";
+	}
+      else
+	{
+	  fprintf(stderr, "Unknown TPM_INTERFACE_TYPE %s\n", intType);
+	}
+    }
+
+  rc = Tss2_TctiLdr_Initialize(tctildr, &tcti_ctx);
+  if (rc)
+    return rc;
+
+  rc =  Esys_Initialize(tssContext, tcti_ctx, NULL);
+
+  return rc;
+}
+
+static inline int
+TSS_GetDigestSize(TPM_ALG_ID alg) {
+  int i;
+
+  for (i = 0; i < ARRAY_SIZE(TSS_Hashes); i++)
+    if (TSS_Hashes[i].alg == alg)
+      return TSS_Hashes[i].size;
+  return -1;
+}
+
+static inline int
+TSS_Hash_GetMd(int *algo, TPM_ALG_ID alg) {
+  int i;
+
+  for (i = 0; i < ARRAY_SIZE(TSS_Hashes); i++)
+    if (TSS_Hashes[i].alg == alg)
+      {
+	*algo = TSS_Hashes[i].gcrypt_algo;
+	return 0;
+      }
+  return TPM_RC_FAILURE;
+}
+
+/* copied with modifications from the IBM TSS tsscrypto.c */
+static inline TPM_RC
+TSS_Hash_Generate(TPMT_HA *digest, ...)
+{
+  TPM_RC rc = 0;
+  int length;
+  uint8_t *buffer;
+  int algo;
+  gcry_md_hd_t md;
+  va_list ap;
+
+  va_start(ap, digest);
+
+  rc = TSS_Hash_GetMd(&algo, digest->hashAlg);
+  if (rc)
+    {
+      fprintf(stderr, "TSS_HASH_GENERATE: Unknown hash %d\n",
+	      digest->hashAlg);
+      goto out;
+    }
+
+  rc = gcry_md_open (&md, algo, 0);
+  if (rc != 0)
+    {
+      fprintf(stderr, "TSS_Hash_Generate: EVP_MD_CTX_create failed\n");
+      rc = TPM_RC_FAILURE;
+      goto out;
+    }
+
+  rc = TPM_RC_FAILURE;
+  for (;;)
+    {
+      length = va_arg(ap, int);		/* first vararg is the length */
+      buffer = va_arg(ap, unsigned char *);	/* second vararg is the array */
+      if (buffer == NULL)			/* loop until a NULL buffer terminates */
+	break;
+      if (length < 0)
+	{
+	  fprintf(stderr, "TSS_Hash_Generate: Length is negative\n");
+	  goto out_free;
+	}
+      if (length != 0)
+	gcry_md_write (md, buffer, length);
+    }
+
+  memcpy (&digest->digest, gcry_md_read (md, algo),
+	  TSS_GetDigestSize(digest->hashAlg));
+  rc = TPM_RC_SUCCESS;
+ out_free:
+  gcry_md_close (md);
+ out:
+  va_end(ap);
+  return rc;
+}
+
+static inline TPM_RC
+TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size,
+		 uint16_t targetSize)
+{
+  if (size > targetSize)
+    return TSS2_MU_RC_INSUFFICIENT_BUFFER;
+  target->size = size;
+  if (size)
+    memmove(target->buffer, buffer, size);
+  return TPM_RC_SUCCESS;
+}
+
+static inline void
+tpm2_error(TPM_RC rc, const char *reason)
+{
+  const char *msg;
+
+  fprintf(stderr, "%s failed with %d\n", reason, rc);
+  msg = Tss2_RC_Decode(rc);
+  fprintf(stderr, "%s\n", msg);
+}
+
+static inline int
+TSS_start (TSS_CONTEXT **tssc)
+{
+  TPM_RC rc;
+
+  rc = TSS_Create (tssc);
+  if (rc)
+    {
+      tpm2_error(rc, "TSS_Create");
+      return GPG_ERR_CARD;
+    }
+
+  return 0;
+}
+
+static inline TPM_RC
+tpm2_Import(TSS_CONTEXT *tssContext, TPM_HANDLE parentHandle,
+	    DATA_2B *encryptionKey, TPM2B_PUBLIC *objectPublic,
+	    PRIVATE_2B *duplicate, ENCRYPTED_SECRET_2B *inSymSeed,
+	    TPMT_SYM_DEF_OBJECT *symmetricAlg, PRIVATE_2B *outPrivate,
+	    TPM_HANDLE auth, const char *authVal)
+{
+  PRIVATE_2B *out;
+  TPM_RC rc;
+
+  intel_auth_helper(tssContext, parentHandle, authVal);
+  intel_sess_helper(tssContext, auth, TPMA_SESSION_DECRYPT);
+  rc = Esys_Import(tssContext, parentHandle, auth, ESYS_TR_NONE,
+		   ESYS_TR_NONE, encryptionKey, objectPublic,
+		   duplicate, inSymSeed, symmetricAlg, &out);
+  if (rc)
+    return rc;
+
+  *outPrivate = *out;
+  free(out);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_Create(TSS_CONTEXT *tssContext, TPM_HANDLE parentHandle,
+	    TPM2B_SENSITIVE_CREATE *inSensitive, TPM2B_PUBLIC *inPublic,
+	    PRIVATE_2B *outPrivate, TPM2B_PUBLIC *outPublic,
+	    TPM_HANDLE auth, const char *authVal)
+{
+  TPM_RC rc;
+  PRIVATE_2B *opriv;
+  TPM2B_PUBLIC *opub;
+  DATA_2B outsideInfo;
+  TPML_PCR_SELECTION creationPCR;
+
+  outsideInfo.size = 0;
+  creationPCR.count = 0;
+
+  intel_auth_helper(tssContext, parentHandle, authVal);
+  intel_sess_helper(tssContext, auth, TPMA_SESSION_DECRYPT);
+  rc = Esys_Create(tssContext, parentHandle, auth,
+		   ESYS_TR_NONE, ESYS_TR_NONE, inSensitive,
+		   inPublic, &outsideInfo, &creationPCR, &opriv,
+		   &opub, NULL, NULL, NULL);
+
+  if (rc)
+    return rc;
+
+  *outPublic = *opub;
+  free(opub);
+  *outPrivate = *opriv;
+  free(opriv);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_ReadPublic(TSS_CONTEXT *tssContext, TPM_HANDLE objectHandle,
+		TPMT_PUBLIC *pub, TPM_HANDLE auth)
+{
+  TPM2B_PUBLIC *out;
+  TPM_RC rc;
+
+  if (auth != TPM_RH_NULL)
+    intel_sess_helper(tssContext, auth, TPMA_SESSION_ENCRYPT);
+
+  rc = Esys_ReadPublic(tssContext, objectHandle, auth, ESYS_TR_NONE,
+			     ESYS_TR_NONE, &out, NULL, NULL);
+  if (rc)
+    return rc;
+
+  if (pub)
+    *pub = out->publicArea;
+  free(out);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_RSA_Decrypt(TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle,
+		 PUBLIC_KEY_RSA_2B *cipherText, TPMT_RSA_DECRYPT *inScheme,
+		 PUBLIC_KEY_RSA_2B *message,
+		 TPM_HANDLE auth, const char *authVal, int flags)
+{
+  PUBLIC_KEY_RSA_2B *out;
+  DATA_2B label;
+  TPM_RC rc;
+
+  label.size = 0;
+
+  intel_auth_helper(tssContext, keyHandle, authVal);
+  intel_sess_helper(tssContext, auth, flags);
+  rc = Esys_RSA_Decrypt(tssContext, keyHandle, auth, ESYS_TR_NONE,
+			ESYS_TR_NONE, cipherText,
+			inScheme, &label, &out);
+
+  if (rc)
+    return rc;
+
+  *message = *out;
+  free(out);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_Sign(TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle, DIGEST_2B *digest,
+	  TPMT_SIG_SCHEME *inScheme, TPMT_SIGNATURE *signature,
+	  TPM_HANDLE auth, const char *authVal)
+{
+  TPM_RC rc;
+  TPMT_TK_HASHCHECK validation;
+  TPMT_SIGNATURE *out;
+
+  validation.tag = TPM_ST_HASHCHECK;
+  validation.hierarchy = EXT_TPM_RH_NULL;
+  validation.digest.size = 0;
+
+  intel_auth_helper(tssContext, keyHandle, authVal);
+  intel_sess_helper(tssContext, auth, 0);
+  rc = Esys_Sign(tssContext, keyHandle, auth, ESYS_TR_NONE,
+		 ESYS_TR_NONE, digest, inScheme, &validation, &out);
+
+  if (rc)
+    return rc;
+
+  *signature = *out;
+  free(out);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_ECDH_ZGen(TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle,
+	       TPM2B_ECC_POINT *inPoint, TPM2B_ECC_POINT *outPoint,
+	       TPM_HANDLE auth, const char *authVal)
+{
+  TPM2B_ECC_POINT *out;
+  TPM_RC rc;
+
+  intel_auth_helper(tssContext, keyHandle, authVal);
+  intel_sess_helper(tssContext, auth, TPMA_SESSION_ENCRYPT);
+  rc = Esys_ECDH_ZGen(tssContext, keyHandle, auth, ESYS_TR_NONE,
+		      ESYS_TR_NONE, inPoint, &out);
+
+  if (rc)
+    return rc;
+
+  *outPoint = *out;
+  free(out);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_CreatePrimary(TSS_CONTEXT *tssContext, TPM_HANDLE primaryHandle,
+		   TPM2B_SENSITIVE_CREATE *inSensitive,
+		   TPM2B_PUBLIC *inPublic, TPM_HANDLE *objectHandle)
+{
+  TPM2B_DATA outsideInfo;
+  TPML_PCR_SELECTION creationPcr;
+  TPM_RC rc;
+
+  /* FIXME will generate wrong value for NULL hierarchy */
+  primaryHandle = intel_handle(primaryHandle);
+
+  outsideInfo.size = 0;
+  creationPcr.count = 0;
+
+  rc = Esys_CreatePrimary(tssContext, primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE,
+			  ESYS_TR_NONE, inSensitive, inPublic,
+			  &outsideInfo, &creationPcr, objectHandle,
+			  NULL, NULL, NULL, NULL);
+
+  return rc;
+}
+
+static inline TPM_RC
+tpm2_FlushContext(TSS_CONTEXT *tssContext, TPM_HANDLE flushHandle)
+{
+  return Esys_FlushContext(tssContext, flushHandle);
+}
+
+static inline TPM_RC
+tpm2_StartAuthSession(TSS_CONTEXT *tssContext, TPM_HANDLE tpmKey,
+		      TPM_HANDLE bind, TPM_SE sessionType,
+		      TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH authHash,
+		      TPM_HANDLE *sessionHandle,
+		      const char *bindPassword)
+{
+  bind = intel_handle(bind);
+  tpmKey = intel_handle(tpmKey);
+  if (bind != ESYS_TR_NONE)
+    intel_auth_helper(tssContext, bind, bindPassword);
+
+  return Esys_StartAuthSession(tssContext, tpmKey, bind, ESYS_TR_NONE,
+			       ESYS_TR_NONE, ESYS_TR_NONE, NULL,
+			       sessionType, symmetric, authHash,
+			       sessionHandle);
+}
+
+static inline TPM_RC
+tpm2_Load(TSS_CONTEXT *tssContext, TPM_HANDLE parentHandle,
+	  PRIVATE_2B *inPrivate, TPM2B_PUBLIC *inPublic,
+	  TPM_HANDLE *objectHandle,
+	  TPM_HANDLE auth, const char *authVal)
+{
+  intel_auth_helper(tssContext, parentHandle, authVal);
+  intel_sess_helper(tssContext, auth, 0);
+  return Esys_Load(tssContext, parentHandle, auth, ESYS_TR_NONE,
+		   ESYS_TR_NONE, inPrivate, inPublic, objectHandle);
+}
+
+static inline TPM_HANDLE
+tpm2_handle_ext(TSS_CONTEXT *tssContext, TPM_HANDLE esysh)
+{
+  TPM2_HANDLE realh = 0;
+
+  Esys_TR_GetTpmHandle(tssContext, esysh, &realh);
+
+  return realh;
+}
+
+static inline TPM_HANDLE
+tpm2_handle_int(TSS_CONTEXT *tssContext, TPM_HANDLE realh)
+{
+  TPM_HANDLE esysh = 0;
+
+  /* ***ing thing doesn't transform permanent handles */
+  if ((realh >> 24) == TPM_HT_PERMANENT)
+    {
+      switch (realh)
+	{
+	case TPM2_RH_OWNER:
+	  return TPM_RH_OWNER;
+	case TPM2_RH_PLATFORM:
+	  return TPM_RH_PLATFORM;
+	case TPM2_RH_ENDORSEMENT:
+	  return TPM_RH_ENDORSEMENT;
+	case TPM2_RH_NULL:
+	  return ESYS_TR_RH_NULL;
+	default:
+	  return 0;
+	}
+    }
+
+  Esys_TR_FromTPMPublic(tssContext, realh, ESYS_TR_NONE,
+			ESYS_TR_NONE, ESYS_TR_NONE, &esysh);
+
+  return esysh;
+}
+
+static inline int
+tpm2_handle_mso(TSS_CONTEXT *tssContext, TPM_HANDLE esysh, UINT32 mso)
+{
+  return (tpm2_handle_ext(tssContext, esysh) >> 24) == mso;
+}
+
+#endif
diff --git a/tpm2d/tpm2.c b/tpm2d/tpm2.c
new file mode 100644
index 0000000..3e908dd
--- /dev/null
+++ b/tpm2d/tpm2.c
@@ -0,0 +1,1007 @@
+/* tpm2.c - Supporting TPM routines for the IBM TSS
+ * Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <arpa/inet.h>
+
+#include "tpm2.h"
+
+#include "../common/i18n.h"
+#include "../common/sexp-parse.h"
+
+int
+tpm2_start (TSS_CONTEXT **tssc)
+{
+  return TSS_start(tssc);
+}
+
+void
+tpm2_end (TSS_CONTEXT *tssc)
+{
+  TSS_Delete (tssc);
+}
+
+static TPM_HANDLE
+tpm2_get_parent (TSS_CONTEXT *tssc, TPM_HANDLE p)
+{
+  TPM_RC rc;
+  TPM2B_SENSITIVE_CREATE inSensitive;
+  TPM2B_PUBLIC inPublic;
+  TPM_HANDLE objectHandle;
+
+  p = tpm2_handle_int(tssc, p);
+  if (tpm2_handle_mso(tssc, p, TPM_HT_PERSISTENT))
+    return p;			/* should only be permanent */
+
+  /*  assume no hierarchy auth */
+  VAL_2B (inSensitive.sensitive.userAuth, size) = 0;
+  /* no sensitive date for storage keys */
+  VAL_2B (inSensitive.sensitive.data, size) = 0;
+
+  /* public parameters for a P-256 EC key  */
+  inPublic.publicArea.type = TPM_ALG_ECC;
+  inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
+  VAL (inPublic.publicArea.objectAttributes) =
+    TPMA_OBJECT_NODA |
+    TPMA_OBJECT_SENSITIVEDATAORIGIN |
+    TPMA_OBJECT_USERWITHAUTH |
+    TPMA_OBJECT_DECRYPT |
+    TPMA_OBJECT_RESTRICTED |
+    TPMA_OBJECT_FIXEDPARENT |
+    TPMA_OBJECT_FIXEDTPM;
+
+  inPublic.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
+  inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128;
+  inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
+  inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+  inPublic.publicArea.parameters.eccDetail.curveID = TPM_ECC_NIST_P256;
+  inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+
+  VAL_2B (inPublic.publicArea.unique.ecc.x, size) = 0;
+  VAL_2B (inPublic.publicArea.unique.ecc.y, size) = 0;
+  VAL_2B (inPublic.publicArea.authPolicy, size) = 0;
+
+  rc = tpm2_CreatePrimary (tssc, p, &inSensitive, &inPublic, &objectHandle);
+  if (rc)
+    {
+      tpm2_error (rc, "TSS_CreatePrimary");
+      return 0;
+    }
+  return objectHandle;
+}
+
+void
+tpm2_flush_handle (TSS_CONTEXT *tssc, TPM_HANDLE h)
+{
+  /* only flush volatile handles */
+  if (tpm2_handle_mso(tssc, h, TPM_HT_PERSISTENT))
+    return;
+
+  tpm2_FlushContext(tssc, h);
+}
+
+static int
+tpm2_get_hmac_handle (TSS_CONTEXT *tssc, TPM_HANDLE *handle,
+		      TPM_HANDLE salt_key)
+{
+  TPM_RC rc;
+  TPMT_SYM_DEF symmetric;
+
+  symmetric.algorithm = TPM_ALG_AES;
+  symmetric.keyBits.aes = 128;
+  symmetric.mode.aes = TPM_ALG_CFB;
+
+  rc = tpm2_StartAuthSession(tssc, salt_key, TPM_RH_NULL, TPM_SE_HMAC,
+			     &symmetric, TPM_ALG_SHA256, handle, NULL);
+  if (rc)
+    {
+      tpm2_error (rc, "TPM2_StartAuthSession");
+      return GPG_ERR_CARD;
+    }
+
+  return 0;
+}
+
+static int
+tpm2_pre_auth (ctrl_t ctrl, TSS_CONTEXT *tssc,
+	       gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+				     char **retstr),
+	       TPM_HANDLE *ah, char **auth)
+{
+  TPM_RC rc;
+  int len;
+
+  rc = pin_cb (ctrl, _("TPM Key Passphrase"), auth);
+  if (rc)
+    return rc;
+
+  len = strlen(*auth);
+  /*
+   * TPMs can't accept a longer passphrase than the name algorithm.
+   * We hard code the name algorithm to SHA256 so the max passphrase
+   * length is 32
+   */
+  if (len > 32)
+    {
+      log_error ("Truncating Passphrase to TPM allowed 32\n");
+      (*auth)[32] = '\0';
+    }
+
+  rc = tpm2_get_hmac_handle (tssc, ah, TPM_RH_NULL);
+
+  return rc;
+}
+
+static int
+tpm2_post_auth (TSS_CONTEXT *tssc, TPM_RC rc, TPM_HANDLE ah,
+		char **auth, const char *cmd_str)
+{
+  gcry_free (*auth);
+  *auth = NULL;
+  if (rc)
+    {
+      tpm2_error (rc, cmd_str);
+      tpm2_flush_handle (tssc, ah);
+      switch (rc & 0xFF)
+	{
+	case TPM_RC_BAD_AUTH:
+	case TPM_RC_AUTH_FAIL:
+	  return GPG_ERR_BAD_PASSPHRASE;
+	default:
+	  return GPG_ERR_CARD;
+	}
+    }
+  return 0;
+}
+
+static unsigned char *
+make_tpm2_shadow_info (uint32_t parent, const char *pub, int pub_len,
+                       const char *priv, int priv_len, size_t *len)
+{
+  gcry_sexp_t s_exp;
+  char *info;
+
+  gcry_sexp_build (&s_exp, NULL, "(%u%b%b)", parent, pub_len, pub,
+		   priv_len, priv);
+
+  *len = gcry_sexp_sprint (s_exp, GCRYSEXP_FMT_CANON, NULL, 0);
+  info = xtrymalloc (*len);
+  if (!info)
+	  goto out;
+  gcry_sexp_sprint (s_exp, GCRYSEXP_FMT_CANON, info, *len);
+
+ out:
+  gcry_sexp_release (s_exp);
+  return (unsigned char *)info;
+}
+
+static gpg_error_t
+parse_tpm2_shadow_info (const unsigned char *shadow_info,
+                        uint32_t *parent,
+                        const char **pub, int *pub_len,
+                        const char **priv, int *priv_len)
+{
+  const unsigned char *s;
+  size_t n;
+  int i;
+
+  s = shadow_info;
+  if (*s != '(')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  s++;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+  *parent = 0;
+  for (i = 0; i < n; i++)
+    {
+      *parent *= 10;
+      *parent += atoi_1(s+i);
+    }
+
+  s += n;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+
+  *pub_len = n;
+  *pub = s;
+
+  s += n;
+  n = snext (&s);
+  if (!n)
+    return gpg_error (GPG_ERR_INV_SEXP);
+
+  *priv_len = n;
+  *priv = s;
+
+  return 0;
+}
+
+int
+tpm2_load_key (TSS_CONTEXT *tssc, const unsigned char *shadow_info,
+	       TPM_HANDLE *key, TPMI_ALG_PUBLIC *type)
+{
+  uint32_t parent;
+  TPM_HANDLE parentHandle;
+  PRIVATE_2B inPrivate;
+  TPM2B_PUBLIC inPublic;
+  const char *pub, *priv;
+  int ret, pub_len, priv_len;
+  TPM_RC rc;
+  BYTE *buf;
+  uint32_t size;
+
+  ret = parse_tpm2_shadow_info (shadow_info, &parent, &pub, &pub_len,
+                                &priv, &priv_len);
+  if (ret)
+    return ret;
+
+  parentHandle = tpm2_get_parent (tssc, parent);
+
+  buf = (BYTE *)priv;
+  size = priv_len;
+  TPM2B_PRIVATE_Unmarshal ((TPM2B_PRIVATE *)&inPrivate, &buf, &size);
+
+  buf = (BYTE *)pub;
+  size = pub_len;
+  TPM2B_PUBLIC_Unmarshal (&inPublic, &buf, &size, FALSE);
+
+  *type = inPublic.publicArea.type;
+
+  rc = tpm2_Load (tssc, parentHandle, &inPrivate, &inPublic, key,
+		  TPM_RS_PW, NULL);
+
+  tpm2_flush_handle (tssc, parentHandle);
+
+  if (rc != TPM_RC_SUCCESS)
+    {
+      tpm2_error (rc, "TPM2_Load");
+      return GPG_ERR_CARD;
+    }
+
+  return 0;
+}
+
+int
+tpm2_sign (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+	   gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+				 char **retstr),
+	   TPMI_ALG_PUBLIC type,
+	   const unsigned char *digest, size_t digestlen,
+	   unsigned char **r_sig, size_t *r_siglen)
+{
+  int ret;
+  DIGEST_2B digest2b;
+  TPMT_SIG_SCHEME inScheme;
+  TPMT_SIGNATURE signature;
+  TPM_HANDLE ah;
+  char *auth;
+
+  /* The TPM insists on knowing the digest type, so
+   * calculate that from the size */
+  switch (digestlen)
+    {
+    case 20:
+      inScheme.details.rsassa.hashAlg = TPM_ALG_SHA1;
+      break;
+    case 32:
+      inScheme.details.rsassa.hashAlg = TPM_ALG_SHA256;
+      break;
+    case 48:
+      inScheme.details.rsassa.hashAlg = TPM_ALG_SHA384;
+      break;
+#ifdef TPM_ALG_SHA512
+    case 64:
+      inScheme.details.rsassa.hashAlg = TPM_ALG_SHA512;
+      break;
+#endif
+    default:
+      log_error ("Unknown signature digest length, cannot deduce hash type for TPM\n");
+      return GPG_ERR_NO_SIGNATURE_SCHEME;
+    }
+  digest2b.size = digestlen;
+  memcpy (digest2b.buffer, digest, digestlen);
+
+  if (type == TPM_ALG_RSA)
+    inScheme.scheme = TPM_ALG_RSASSA;
+  else if (type == TPM_ALG_ECC)
+    inScheme.scheme = TPM_ALG_ECDSA;
+  else
+    return GPG_ERR_PUBKEY_ALGO;
+
+  ret = tpm2_pre_auth (ctrl, tssc, pin_cb, &ah, &auth);
+  if (ret)
+    return ret;
+  ret = tpm2_Sign (tssc, key, &digest2b, &inScheme, &signature, ah, auth);
+  ret = tpm2_post_auth (tssc, ret, ah, &auth, "TPM2_Sign");
+  if (ret)
+    return ret;
+
+  if (type == TPM_ALG_RSA)
+    *r_siglen = VAL_2B (signature.signature.rsassa.sig, size);
+  else if (type == TPM_ALG_ECC)
+    *r_siglen = VAL_2B (signature.signature.ecdsa.signatureR, size)
+      + VAL_2B (signature.signature.ecdsa.signatureS, size);
+
+  *r_sig = xtrymalloc (*r_siglen);
+  if (!r_sig)
+    return GPG_ERR_ENOMEM;
+
+  if (type == TPM_ALG_RSA)
+    {
+      memcpy (*r_sig, VAL_2B (signature.signature.rsassa.sig, buffer),
+	      *r_siglen);
+    }
+  else if (type == TPM_ALG_ECC)
+    {
+      memcpy (*r_sig, VAL_2B (signature.signature.ecdsa.signatureR, buffer),
+	      VAL_2B (signature.signature.ecdsa.signatureR, size));
+      memcpy (*r_sig + VAL_2B (signature.signature.ecdsa.signatureR, size),
+	      VAL_2B (signature.signature.ecdsa.signatureS, buffer),
+	      VAL_2B (signature.signature.ecdsa.signatureS, size));
+    }
+
+  return 0;
+}
+
+static int
+sexp_to_tpm2_sensitive_ecc (TPMT_SENSITIVE *s, gcry_sexp_t key)
+{
+  gcry_mpi_t d;
+  gcry_sexp_t l;
+  int rc = -1;
+  size_t len;
+
+  s->sensitiveType = TPM_ALG_ECC;
+  VAL_2B (s->seedValue, size) = 0;
+
+  l = gcry_sexp_find_token (key, "d", 0);
+  if (!l)
+    return rc;
+  d = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
+  gcry_sexp_release (l);
+  len = sizeof (VAL_2B (s->sensitive.ecc, buffer));
+  rc = gcry_mpi_print (GCRYMPI_FMT_USG, VAL_2B (s->sensitive.ecc, buffer),
+		       len, &len, d);
+  VAL_2B (s->sensitive.ecc, size) = len;
+  gcry_mpi_release (d);
+
+  return rc;
+}
+
+/* try to match the libgcrypt curve names to known TPM parameters.
+ *
+ * As of 2018 the TCG defined curves are only NIST
+ * (192,224,256,384,521) Barreto-Naehring (256,638) and the Chinese
+ * SM2 (256), which means only the NIST ones overlap with libgcrypt */
+static struct {
+  const char *name;
+  TPMI_ECC_CURVE c;
+} tpm2_curves[] = {
+  { "NIST P-192", TPM_ECC_NIST_P192 },
+  { "prime192v1", TPM_ECC_NIST_P192 },
+  { "secp192r1", TPM_ECC_NIST_P192 },
+  { "nistp192", TPM_ECC_NIST_P192 },
+  { "NIST P-224", TPM_ECC_NIST_P224 },
+  { "secp224r1", TPM_ECC_NIST_P224 },
+  { "nistp224", TPM_ECC_NIST_P224 },
+  { "NIST P-256", TPM_ECC_NIST_P256 },
+  { "prime256v1", TPM_ECC_NIST_P256 },
+  { "secp256r1", TPM_ECC_NIST_P256 },
+  { "nistp256", TPM_ECC_NIST_P256 },
+  { "NIST P-384", TPM_ECC_NIST_P384 },
+  { "secp384r1", TPM_ECC_NIST_P384 },
+  { "nistp384", TPM_ECC_NIST_P384 },
+  { "NIST P-521", TPM_ECC_NIST_P521 },
+  { "secp521r1", TPM_ECC_NIST_P521 },
+  { "nistp521", TPM_ECC_NIST_P521 },
+};
+
+static int
+tpm2_ecc_curve (const char *curve_name, TPMI_ECC_CURVE *c)
+{
+  int i;
+
+  for (i = 0; i < DIM (tpm2_curves); i++)
+    if (strcmp (tpm2_curves[i].name, curve_name) == 0)
+      break;
+  if (i == DIM (tpm2_curves))
+    {
+      log_error ("curve %s does not match any available TPM curves\n", curve_name);
+      return GPG_ERR_UNKNOWN_CURVE;
+    }
+
+  *c = tpm2_curves[i].c;
+
+  return 0;
+}
+
+static int
+sexp_to_tpm2_public_ecc (TPMT_PUBLIC *p, gcry_sexp_t key)
+{
+  const char *q;
+  gcry_sexp_t l;
+  int rc = GPG_ERR_BAD_PUBKEY;
+  size_t len;
+  TPMI_ECC_CURVE curve;
+  char *curve_name;
+
+  l = gcry_sexp_find_token (key, "curve", 0);
+  if (!l)
+    return rc;
+  curve_name = gcry_sexp_nth_string (l, 1);
+  if (!curve_name)
+    goto out;
+  rc = tpm2_ecc_curve (curve_name, &curve);
+  gcry_free (curve_name);
+  if (rc)
+    goto out;
+  gcry_sexp_release (l);
+
+  l = gcry_sexp_find_token (key, "q", 0);
+  if (!l)
+    return rc;
+  q = gcry_sexp_nth_data (l, 1, &len);
+  /* This is a point representation, the first byte tells you what
+   * type.  The only format we understand is uncompressed (0x04)
+   * which has layout 0x04 | x | y */
+  if (q[0] != 0x04)
+    {
+      log_error ("Point format for q is not uncompressed\n");
+      goto out;
+    }
+  q++;
+  len--;
+  /* now should have to equal sized big endian point numbers */
+  if ((len & 0x01) == 1)
+    {
+      log_error ("Point format for q has incorrect length\n");
+      goto out;
+    }
+
+  len >>= 1;
+
+  p->type = TPM_ALG_ECC;
+  p->nameAlg = TPM_ALG_SHA256;
+  VAL (p->objectAttributes) = TPMA_OBJECT_NODA |
+    TPMA_OBJECT_SIGN |
+    TPMA_OBJECT_DECRYPT |
+    TPMA_OBJECT_USERWITHAUTH;
+  VAL_2B (p->authPolicy, size) = 0;
+  p->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
+  p->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+  p->parameters.eccDetail.curveID = curve;
+  p->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+  memcpy (VAL_2B (p->unique.ecc.x, buffer), q, len);
+  VAL_2B (p->unique.ecc.x, size) = len;
+  memcpy (VAL_2B (p->unique.ecc.y, buffer), q + len, len);
+  VAL_2B (p->unique.ecc.y, size) = len;
+ out:
+  gcry_sexp_release (l);
+  return rc;
+}
+
+static int
+sexp_to_tpm2_sensitive_rsa (TPMT_SENSITIVE *s, gcry_sexp_t key)
+{
+  gcry_mpi_t p;
+  gcry_sexp_t l;
+  int rc = -1;
+  size_t len;
+
+  s->sensitiveType = TPM_ALG_RSA;
+  VAL_2B (s->seedValue, size) = 0;
+
+  l = gcry_sexp_find_token (key, "p", 0);
+  if (!l)
+    return rc;
+  p = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
+  gcry_sexp_release (l);
+  len = sizeof (VAL_2B (s->sensitive.rsa, buffer));
+  rc = gcry_mpi_print (GCRYMPI_FMT_USG, VAL_2B (s->sensitive.rsa, buffer),
+		       len, &len, p);
+  VAL_2B (s->sensitive.rsa, size) = len;
+  gcry_mpi_release (p);
+
+  return rc;
+}
+
+static int
+sexp_to_tpm2_public_rsa (TPMT_PUBLIC *p, gcry_sexp_t key)
+{
+  gcry_mpi_t n, e;
+  gcry_sexp_t l;
+  int rc = -1, i;
+  size_t len;
+  /* longer than an int */
+  unsigned char ebuf[5];
+  uint32_t exp = 0;
+
+  p->type = TPM_ALG_RSA;
+  p->nameAlg = TPM_ALG_SHA256;
+  VAL (p->objectAttributes) = TPMA_OBJECT_NODA |
+    TPMA_OBJECT_DECRYPT |
+    TPMA_OBJECT_SIGN |
+    TPMA_OBJECT_USERWITHAUTH;
+  VAL_2B (p->authPolicy, size) = 0;
+  p->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+  p->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+
+  l = gcry_sexp_find_token (key, "n", 0);
+  if (!l)
+    return rc;
+  n = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
+  gcry_sexp_release (l);
+  len = sizeof (VAL_2B (p->unique.rsa, buffer));
+  p->parameters.rsaDetail.keyBits = gcry_mpi_get_nbits (n);
+  rc = gcry_mpi_print (GCRYMPI_FMT_USG, VAL_2B (p->unique.rsa, buffer),
+		       len, &len, n);
+  VAL_2B (p->unique.rsa, size) = len;
+  gcry_mpi_release (n);
+  if (rc)
+    return rc;
+  rc = -1;
+  l = gcry_sexp_find_token (key, "e", 0);
+  if (!l)
+    return rc;
+  e = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
+  gcry_sexp_release (l);
+  len = sizeof (ebuf);
+  rc = gcry_mpi_print (GCRYMPI_FMT_USG, ebuf, len, &len, e);
+  gcry_mpi_release (e);
+  if (rc)
+    return rc;
+  if (len > 4)
+    return -1;
+
+  /* MPI are simply big endian integers, so convert to uint32 */
+  for (i = 0; i < len; i++)
+    {
+      exp <<= 8;
+      exp += ebuf[i];
+    }
+  if (exp == 0x10001)
+    p->parameters.rsaDetail.exponent = 0;
+  else
+    p->parameters.rsaDetail.exponent = exp;
+  return 0;
+}
+
+static int
+sexp_to_tpm2(TPMT_PUBLIC *p, TPMT_SENSITIVE *s, gcry_sexp_t s_skey)
+{
+  gcry_sexp_t l1, l2;
+  int rc = -1;
+
+  /* find the value of (private-key */
+  l1 = gcry_sexp_nth (s_skey, 1);
+  if (!l1)
+    return rc;
+
+  l2 = gcry_sexp_find_token (l1, "rsa", 0);
+  if (l2)
+    {
+      rc = sexp_to_tpm2_public_rsa (p, l2);
+      if (!rc)
+	rc = sexp_to_tpm2_sensitive_rsa (s, l2);
+    }
+  else
+    {
+      l2 = gcry_sexp_find_token (l1, "ecc", 0);
+      if (!l2)
+	goto out;
+      rc = sexp_to_tpm2_public_ecc (p, l2);
+      if (!rc)
+	rc = sexp_to_tpm2_sensitive_ecc (s, l2);
+    }
+
+  gcry_sexp_release (l2);
+
+ out:
+  gcry_sexp_release (l1);
+  return rc;
+}
+
+/* copied from TPM implementation code */
+static TPM_RC
+tpm2_ObjectPublic_GetName (NAME_2B *name,
+			   TPMT_PUBLIC *tpmtPublic)
+{
+  TPM_RC rc = 0;
+  uint16_t written = 0;
+  TPMT_HA digest;
+  uint32_t sizeInBytes;
+  uint8_t buffer[MAX_RESPONSE_SIZE];
+
+  /* marshal the TPMT_PUBLIC */
+  if (rc == 0)
+    {
+      INT32 size = MAX_RESPONSE_SIZE;
+      uint8_t *buffer1 = buffer;
+      rc = TSS_TPMT_PUBLIC_Marshal (tpmtPublic, &written, &buffer1, &size);
+    }
+  /* hash the public area */
+  if (rc == 0)
+    {
+      sizeInBytes = TSS_GetDigestSize (tpmtPublic->nameAlg);
+      digest.hashAlg = tpmtPublic->nameAlg;       /* Name digest algorithm */
+      /* generate the TPMT_HA */
+      rc = TSS_Hash_Generate (&digest, written, buffer, 0, NULL);
+    }
+  if (rc == 0)
+    {
+      TPMI_ALG_HASH nameAlgNbo;
+
+      /* copy the digest */
+      memcpy (name->name + sizeof (TPMI_ALG_HASH),
+	      (uint8_t *)&digest.digest, sizeInBytes);
+      /* copy the hash algorithm */
+      nameAlgNbo = htons (tpmtPublic->nameAlg);
+      memcpy (name->name, (uint8_t *)&nameAlgNbo, sizeof (TPMI_ALG_HASH));
+      /* set the size */
+      name->size = sizeInBytes + sizeof (TPMI_ALG_HASH);
+    }
+  return rc;
+}
+
+/*
+ * Cut down version of Part 4 Supporting Routines 7.6.3.10
+ *
+ * Hard coded to symmetrically encrypt with aes128 as the inner
+ * wrapper and no outer wrapper but with a prototype that allows
+ * drop in replacement with a tss equivalent
+ */
+TPM_RC tpm2_SensitiveToDuplicate (TPMT_SENSITIVE *s,
+				  NAME_2B *name,
+				  TPM_ALG_ID nalg,
+				  TPMT_SYM_DEF_OBJECT *symdef,
+				  DATA_2B *innerkey,
+				  PRIVATE_2B *p)
+{
+  BYTE *buf = p->buffer;
+
+  p->size = 0;
+  memset (p, 0, sizeof (*p));
+
+  /* hard code AES CFB */
+  if (symdef->algorithm == TPM_ALG_AES
+      && symdef->mode.aes == TPM_ALG_CFB)
+    {
+      TPMT_HA hash;
+      const int hlen = TSS_GetDigestSize (nalg);
+      TPM2B *digest = (TPM2B *)buf;
+      TPM2B *s2b;
+      int32_t size;
+      unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
+      UINT16 bsize, written = 0;
+      gcry_cipher_hd_t hd;
+
+      /* WARNING: don't use the static null_iv trick here:
+       * the AES routines alter the passed in iv */
+      memset (null_iv, 0, sizeof (null_iv));
+
+      /* reserve space for hash before the encrypted sensitive */
+      bsize = sizeof (digest->size) + hlen;
+      buf += bsize;
+      p->size += bsize;
+      s2b = (TPM2B *)buf;
+
+      /* marshal the digest size */
+      buf = (BYTE *)&digest->size;
+      bsize = hlen;
+      size = 2;
+      TSS_UINT16_Marshal (&bsize, &written, &buf, &size);
+
+      /* marshal the unencrypted sensitive in place */
+      size = sizeof (*s);
+      bsize = 0;
+      buf = s2b->buffer;
+      TSS_TPMT_SENSITIVE_Marshal (s, &bsize, &buf, &size);
+      buf = (BYTE *)&s2b->size;
+      size = 2;
+      TSS_UINT16_Marshal (&bsize, &written, &buf, &size);
+
+      bsize = bsize + sizeof (s2b->size);
+      p->size += bsize;
+
+      /* compute hash of unencrypted marshalled sensitive and
+       * write to the digest buffer */
+      hash.hashAlg = nalg;
+      TSS_Hash_Generate (&hash, bsize, s2b,
+			 name->size, name->name,
+			 0, NULL);
+      memcpy (digest->buffer, &hash.digest, hlen);
+      gcry_cipher_open (&hd, GCRY_CIPHER_AES128,
+			GCRY_CIPHER_MODE_CFB, GCRY_CIPHER_SECURE);
+      gcry_cipher_setiv (hd, null_iv, sizeof (null_iv));
+      gcry_cipher_setkey (hd, innerkey->buffer, innerkey->size);
+      /* encrypt the hash and sensitive in-place */
+      gcry_cipher_encrypt (hd, p->buffer, p->size, NULL, 0);
+      gcry_cipher_close (hd);
+
+    }
+  else if (symdef->algorithm == TPM_ALG_NULL)
+    {
+      /* Code is for debugging only, should never be used in production */
+      TPM2B *s2b = (TPM2B *)buf;
+      int32_t size = sizeof (*s);
+      UINT16 bsize = 0, written = 0;
+
+      log_error ("Secret key sent to TPM unencrypted\n");
+      buf = s2b->buffer;
+
+      /* marshal the unencrypted sensitive in place */
+      TSS_TPMT_SENSITIVE_Marshal (s, &bsize, &buf, &size);
+      buf = (BYTE *)&s2b->size;
+      size = 2;
+      TSS_UINT16_Marshal (&bsize, &written, &buf, &size);
+
+      p->size += bsize + sizeof (s2b->size);
+    }
+  else
+    {
+      log_error ("Unknown symmetric algorithm\n");
+      return TPM_RC_SYMMETRIC;
+    }
+
+  return TPM_RC_SUCCESS;
+}
+
+int
+tpm2_import_key (ctrl_t ctrl, TSS_CONTEXT *tssc,
+		 gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+				       char **retstr),
+		 unsigned char **shadow_info, size_t *shadow_len,
+		 gcry_sexp_t s_skey, unsigned long parent)
+{
+  TPM_HANDLE parentHandle;
+  DATA_2B encryptionKey;
+  TPM2B_PUBLIC objectPublic;
+  PRIVATE_2B duplicate;
+  ENCRYPTED_SECRET_2B inSymSeed;
+  TPMT_SYM_DEF_OBJECT symmetricAlg;
+  PRIVATE_2B outPrivate;
+  NAME_2B name;
+  const int aes_key_bits = 128;
+  const int aes_key_bytes = aes_key_bits/8;
+
+  TPMT_SENSITIVE s;
+  TPM_HANDLE ah;
+  TPM_RC rc;
+
+  uint32_t size;
+  uint16_t len;
+  BYTE *buffer;
+  int ret;
+  char *passphrase;
+
+  char pub[sizeof (TPM2B_PUBLIC)];
+  int pub_len;
+  char priv[sizeof (TPM2B_PRIVATE)];
+  int priv_len;
+
+  if (parent == 0)
+    parent = EXT_TPM_RH_OWNER;
+
+  ret = sexp_to_tpm2 (&objectPublic.publicArea, &s, s_skey);
+  if (ret)
+    {
+      log_error ("Failed to parse Key s-expression: key corrupt?\n");
+      return ret;
+    }
+
+  /* add an authorization password to the key which the TPM will check */
+
+  ret = pin_cb (ctrl,  _("Please enter the TPM Authorization passphrase for the key."), &passphrase);
+  if (ret)
+    return ret;
+  len = strlen(passphrase);
+  if (len > TSS_GetDigestSize(objectPublic.publicArea.nameAlg))
+    {
+      len = TSS_GetDigestSize(objectPublic.publicArea.nameAlg);
+      log_error ("Truncating Passphrase to TPM allowed %d\n", len);
+    }
+  VAL_2B (s.authValue, size) = len;
+  memcpy (VAL_2B (s.authValue, buffer), passphrase, len);
+
+  /* We're responsible for securing the data in transmission to the
+   * TPM here.  The TPM provides parameter encryption via a session,
+   * but only for the first parameter.  For TPM2_Import, the first
+   * parameter is a symmetric key used to encrypt the sensitive data,
+   * so we must populate this key with random value and encrypt the
+   * sensitive data with it */
+  parentHandle = tpm2_get_parent (tssc, parent);
+  tpm2_ObjectPublic_GetName (&name, &objectPublic.publicArea);
+  gcry_randomize (encryptionKey.buffer,
+                 aes_key_bytes, GCRY_STRONG_RANDOM);
+  encryptionKey.size = aes_key_bytes;
+
+  /* set random symSeed */
+  inSymSeed.size = 0;
+  symmetricAlg.algorithm = TPM_ALG_AES;
+  symmetricAlg.keyBits.aes = aes_key_bits;
+  symmetricAlg.mode.aes = TPM_ALG_CFB;
+
+  tpm2_SensitiveToDuplicate (&s, &name, objectPublic.publicArea.nameAlg,
+			     &symmetricAlg, &encryptionKey, &duplicate);
+
+  /* use salted parameter encryption to hide the key.  First we read
+   * the public parameters of the parent key and use them to agree an
+   * encryption for the first parameter */
+  rc = tpm2_get_hmac_handle (tssc, &ah, parentHandle);
+  if (rc)
+    {
+      tpm2_flush_handle (tssc, parentHandle);
+      return GPG_ERR_CARD;
+    }
+
+  rc = tpm2_Import (tssc, parentHandle, &encryptionKey, &objectPublic,
+		    &duplicate, &inSymSeed, &symmetricAlg, &outPrivate,
+		    ah, NULL);
+  tpm2_flush_handle (tssc, parentHandle);
+  if (rc)
+    {
+      tpm2_error (rc, "TPM2_Import");
+      /* failure means auth handle is not flushed */
+      tpm2_flush_handle (tssc, ah);
+
+      if ((rc & 0xbf) == TPM_RC_VALUE)
+	{
+	  log_error ("TPM cannot import RSA key: wrong size");
+	  return GPG_ERR_UNSUPPORTED_ALGORITHM;
+	}
+      else if ((rc & 0xbf) == TPM_RC_CURVE)
+	{
+	  log_error ("TPM cannot import requested curve");
+	  return GPG_ERR_UNKNOWN_CURVE;
+	}
+      return GPG_ERR_CARD;
+    }
+
+  size = sizeof (pub);
+  buffer = pub;
+  len = 0;
+  TSS_TPM2B_PUBLIC_Marshal (&objectPublic,
+                            &len, &buffer, &size);
+  pub_len = len;
+
+  size = sizeof (priv);
+  buffer = priv;
+  len = 0;
+  TSS_TPM2B_PRIVATE_Marshal ((TPM2B_PRIVATE *)&outPrivate,
+			     &len, &buffer, &size);
+  priv_len = len;
+
+  *shadow_info = make_tpm2_shadow_info (parent, pub, pub_len,
+					priv, priv_len, shadow_len);
+  return rc;
+}
+
+int
+tpm2_ecc_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+		  gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+					char **retstr),
+		  const char *ciphertext, int ciphertext_len,
+		  char **decrypt, size_t *decrypt_len)
+{
+  TPM2B_ECC_POINT inPoint;
+  TPM2B_ECC_POINT outPoint;
+  TPM_HANDLE ah;
+  char *auth;
+  size_t len;
+  int ret;
+
+  /* This isn't really a decryption per se.  The ciphertext actually
+   * contains an EC Point which we must multiply by the private key number.
+   *
+   * The reason is to generate a diffe helman agreement on a shared
+   * point.  This shared point is then used to generate the per
+   * session encryption key.
+   */
+  if (ciphertext[0] != 0x04)
+    {
+      log_error ("Decryption Shared Point format is not uncompressed\n");
+      return GPG_ERR_ENCODING_PROBLEM;
+    }
+  if ((ciphertext_len & 0x01) != 1)
+    {
+      log_error ("Decryption Shared Point has incorrect length\n");
+      return GPG_ERR_ENCODING_PROBLEM;
+    }
+  len = ciphertext_len >> 1;
+
+  memcpy (VAL_2B (inPoint.point.x, buffer), ciphertext + 1, len);
+  VAL_2B (inPoint.point.x, size) = len;
+  memcpy (VAL_2B (inPoint.point.y, buffer), ciphertext + 1 + len, len);
+  VAL_2B (inPoint.point.y, size) = len;
+
+  ret = tpm2_pre_auth (ctrl, tssc, pin_cb, &ah, &auth);
+  if (ret)
+    return ret;
+  ret = tpm2_ECDH_ZGen (tssc, key, &inPoint, &outPoint, ah, auth);
+  ret = tpm2_post_auth (tssc, ret, ah, &auth, "TPM2_ECDH_ZGen");
+  if (ret)
+    return ret;
+
+  *decrypt_len = VAL_2B (outPoint.point.x, size) +
+	  VAL_2B (outPoint.point.y, size) + 1;
+  *decrypt = xtrymalloc (*decrypt_len);
+  (*decrypt)[0] = 0x04;
+  memcpy (*decrypt + 1, VAL_2B (outPoint.point.x, buffer),
+	  VAL_2B (outPoint.point.x, size));
+  memcpy (*decrypt + 1 + VAL_2B (outPoint.point.x, size),
+	  VAL_2B (outPoint.point.y, buffer),
+	  VAL_2B (outPoint.point.y, size));
+
+  return 0;
+}
+
+int
+tpm2_rsa_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+		  gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+					char **retstr),
+		  const char *ciphertext, int ciphertext_len,
+		  char **decrypt, size_t *decrypt_len)
+{
+  int ret;
+  PUBLIC_KEY_RSA_2B cipherText;
+  TPMT_RSA_DECRYPT inScheme;
+  PUBLIC_KEY_RSA_2B message;
+  TPM_HANDLE ah;
+  char *auth;
+
+  inScheme.scheme = TPM_ALG_RSAES;
+  /*
+   * apparent gcrypt error: occasionally rsa ciphertext will
+   * be one byte too long and have a leading zero
+   */
+  if ((ciphertext_len & 1) == 1 && ciphertext[0] == 0)
+    {
+      log_info ("Fixing Wrong Ciphertext size %d\n", ciphertext_len);
+      ciphertext_len--;
+      ciphertext++;
+    }
+  cipherText.size = ciphertext_len;
+  memcpy (cipherText.buffer, ciphertext, ciphertext_len);
+
+  ret = tpm2_pre_auth (ctrl, tssc, pin_cb, &ah, &auth);
+  if (ret)
+    return ret;
+  ret = tpm2_RSA_Decrypt (tssc, key, &cipherText, &inScheme, &message,
+			  ah, auth, TPMA_SESSION_ENCRYPT);
+  ret = tpm2_post_auth (tssc, ret, ah, &auth, "TPM2_RSA_Decrypt");
+  if (ret)
+    return ret;
+
+  *decrypt_len = message.size;
+  *decrypt = xtrymalloc (message.size);
+  memcpy (*decrypt, message.buffer, message.size);
+
+  return 0;
+}
diff --git a/tpm2d/tpm2.h b/tpm2d/tpm2.h
new file mode 100644
index 0000000..db79ade
--- /dev/null
+++ b/tpm2d/tpm2.h
@@ -0,0 +1,58 @@
+/* tpm2.h - Definitions for supporting TPM routines for the IBM TSS
+ * Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef _GNUPG_TPM2_H
+#define _GNUPG_TPM2_H
+
+#include "../common/util.h"
+#ifdef HAVE_INTEL_TSS
+#include "intel-tss.h"
+#else
+#include "ibm-tss.h"
+#endif
+
+int tpm2_start (TSS_CONTEXT **tssc);
+void tpm2_end (TSS_CONTEXT *tssc);
+void tpm2_flush_handle (TSS_CONTEXT *tssc, TPM_HANDLE h);
+int tpm2_load_key (TSS_CONTEXT *tssc, const unsigned char *shadow_info,
+		   TPM_HANDLE *key, TPMI_ALG_PUBLIC *type);
+int tpm2_sign (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+	       gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+				     char **retstr),
+	       TPMI_ALG_PUBLIC type,
+	       const unsigned char *digest, size_t digestlen,
+	       unsigned char **r_sig, size_t *r_siglen);
+int tpm2_import_key (ctrl_t ctrl, TSS_CONTEXT *tssc,
+		     gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+					   char **retstr),
+		     unsigned char **shadow_info, size_t *shadow_len,
+		     gcry_sexp_t s_skey, unsigned long parent);
+int tpm2_rsa_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+		      gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+					    char **retstr),
+		      const char *ciphertext, int ciphertext_len,
+		      char **decrypt, size_t *decrypt_len);
+int tpm2_ecc_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+		      gpg_error_t (*pin_cb)(ctrl_t ctrl, const char *info,
+					    char **retstr),
+		      const char *ciphertext, int ciphertext_len,
+		      char **decrypt, size_t *decrypt_len);
+
+#endif
diff --git a/tpm2d/tpm2daemon.c b/tpm2d/tpm2daemon.c
new file mode 100644
index 0000000..261896c
--- /dev/null
+++ b/tpm2d/tpm2daemon.c
@@ -0,0 +1,1290 @@
+/* tpm2daemon.c  -  The GnuPG tpm2 Daemon
+ * Copyright (C) 2001-2002, 2004-2005, 2007-2009 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2002, 2004-2005, 2007-2014 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <time.h>
+#include <fcntl.h>
+#ifndef HAVE_W32_SYSTEM
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif /*HAVE_W32_SYSTEM*/
+#include <unistd.h>
+#include <signal.h>
+#include <npth.h>
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#define GNUPG_COMMON_NEED_AFLOCAL
+#include "tpm2daemon.h"
+#include <gcrypt.h>
+
+#include <assuan.h> /* malloc hooks */
+
+#include "../common/i18n.h"
+#include "../common/sysutils.h"
+#include "../common/gc-opt-flags.h"
+#include "../common/asshelp.h"
+#include "../common/exechelp.h"
+#include "../common/init.h"
+
+#ifndef ENAMETOOLONG
+# define ENAMETOOLONG EINVAL
+#endif
+
+enum cmd_and_opt_values
+{ aNull = 0,
+  oCsh            = 'c',
+  oQuiet          = 'q',
+  oSh             = 's',
+  oVerbose        = 'v',
+
+  oNoVerbose = 500,
+  aGPGConfList,
+  aGPGConfTest,
+  oOptions,
+  oDebug,
+  oDebugAll,
+  oDebugLevel,
+  oDebugWait,
+  oDebugAllowCoreDump,
+  oDebugLogTid,
+  oDebugAssuanLogCats,
+  oNoGreeting,
+  oNoOptions,
+  oHomedir,
+  oNoDetach,
+  oNoGrab,
+  oLogFile,
+  oServer,
+  oMultiServer,
+  oDaemon,
+  oListenBacklog,
+  oParent
+};
+
+
+
+static gpgrt_opt_t opts[] = {
+  ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
+  ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
+
+  ARGPARSE_group (301, N_("@Options:\n ")),
+
+  ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")),
+  ARGPARSE_s_n (oMultiServer, "multi-server",
+                N_("run in multi server mode (foreground)")),
+  ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
+  ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+  ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+  ARGPARSE_s_n (oSh,    "sh", N_("sh-style command output")),
+  ARGPARSE_s_n (oCsh,   "csh", N_("csh-style command output")),
+  ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
+  ARGPARSE_s_s (oDebug, "debug", "@"),
+  ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
+  ARGPARSE_s_s (oDebugLevel, "debug-level" ,
+                N_("|LEVEL|set the debugging level to LEVEL")),
+  ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
+  ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
+  ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
+  ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"),
+  ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
+  ARGPARSE_s_s (oLogFile,  "log-file", N_("|FILE|write a log to FILE")),
+  ARGPARSE_s_s (oHomedir,    "homedir",      "@"),
+  ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
+  ARGPARSE_p_u (oParent, "tpm2-parent",
+		N_("Specify tpm2 parent for key")),
+
+  ARGPARSE_end ()
+};
+
+
+/* The list of supported debug flags.  */
+static struct debug_flags_s debug_flags [] =
+  {
+    { DBG_MPI_VALUE    , "mpi"     },
+    { DBG_CRYPTO_VALUE , "crypto"  },
+    { DBG_IPC_VALUE    , "ipc"     },
+    { 0, NULL }
+  };
+
+
+/* The timer tick used to check card removal.
+
+   We poll every 500ms to let the user immediately know a status
+   change.
+
+   For a card reader with an interrupt endpoint, this timer is not
+   used with the internal CCID driver.
+
+   This is not too good for power saving but given that there is no
+   easy way to block on card status changes it is the best we can do.
+   For PC/SC we could in theory use an extra thread to wait for status
+   changes but that requires a native thread because there is no way
+   to make the underlying PC/SC card change function block using a Npth
+   mechanism.  Given that a native thread could only be used under W32
+   we don't do that at all.  */
+#define TIMERTICK_INTERVAL_SEC     (0)
+#define TIMERTICK_INTERVAL_USEC    (500000)
+
+/* Flag to indicate that a shutdown was requested. */
+static int shutdown_pending;
+
+/* It is possible that we are currently running under setuid permissions */
+static int maybe_setuid = 1;
+
+/* Flag telling whether we are running as a pipe server.  */
+static int pipe_server;
+
+/* Name of the communication socket */
+static char *socket_name;
+/* Name of the redirected socket or NULL.  */
+static char *redir_socket_name;
+
+/* We need to keep track of the server's nonces (these are dummies for
+   POSIX systems). */
+static assuan_sock_nonce_t socket_nonce;
+
+/* Value for the listen() backlog argument.  Change at runtime with
+ * --listen-backlog.  */
+static int listen_backlog = 64;
+
+#ifdef HAVE_W32_SYSTEM
+static HANDLE the_event;
+#else
+/* PID to notify update of usb devices.  */
+static pid_t main_thread_pid;
+#endif
+#ifdef HAVE_PSELECT_NO_EINTR
+/* FD to notify changes.  */
+static int notify_fd;
+#endif
+
+static char *create_socket_name (char *standard_name);
+static gnupg_fd_t create_server_socket (const char *name,
+                                        char **r_redir_name,
+                                        assuan_sock_nonce_t *nonce);
+
+static void *start_connection_thread (void *arg);
+static void handle_connections (int listen_fd);
+
+/* Pth wrapper function definitions. */
+ASSUAN_SYSTEM_NPTH_IMPL;
+
+static int active_connections;
+
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+  const char *s;
+  char *result;
+
+  if (maybe_setuid)
+    {
+      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+      maybe_setuid = 0;
+    }
+  s = getfnc (NULL);
+  result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+  strcpy (stpcpy (stpcpy (result, libname), " "), s);
+  return result;
+}
+
+
+static const char *
+my_strusage (int level)
+{
+  static char *ver_gcry;
+  const char *p;
+
+  switch (level)
+    {
+    case 11: p = "@TPM2DAEMON@ (@GNUPG@)";
+      break;
+    case 13: p = VERSION; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+    case 20:
+      if (!ver_gcry)
+        ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+      p = ver_gcry;
+      break;
+    case 1:
+    case 40: p =  _("Usage: @TPM2DAEMON@ [options] (-h for help)");
+      break;
+    case 41: p =  _("Syntax: tpm2daemon [options] [command [args]]\n"
+                    "TPM2 daemon for @GNUPG@\n");
+    break;
+
+    default: p = NULL;
+    }
+  return p;
+}
+
+
+static int
+tid_log_callback (unsigned long *rvalue)
+{
+  int len = sizeof (*rvalue);
+  npth_t thread;
+
+  thread = npth_self ();
+  if (sizeof (thread) < len)
+    len = sizeof (thread);
+  memcpy (rvalue, &thread, len);
+
+  return 2; /* Use use hex representation.  */
+}
+
+
+/* Setup the debugging.  With a LEVEL of NULL only the active debug
+   flags are propagated to the subsystems.  With LEVEL set, a specific
+   set of debug flags is set; thus overriding all flags already
+   set. */
+static void
+set_debug (const char *level)
+{
+  int numok = (level && digitp (level));
+  int numlvl = numok? atoi (level) : 0;
+
+  if (!level)
+    ;
+  else if (!strcmp (level, "none") || (numok && numlvl < 1))
+    opt.debug = 0;
+  else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
+    opt.debug = DBG_IPC_VALUE;
+  else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
+    opt.debug = DBG_IPC_VALUE;
+  else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
+    opt.debug = DBG_IPC_VALUE;
+  else if (!strcmp (level, "guru") || numok)
+      opt.debug = ~0;
+  else
+    {
+      log_error (_("invalid debug-level '%s' given\n"), level);
+      tpm2d_exit (2);
+    }
+
+
+  if (opt.debug && !opt.verbose)
+    opt.verbose = 1;
+  if (opt.debug && opt.quiet)
+    opt.quiet = 0;
+
+  if (opt.debug & DBG_MPI_VALUE)
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+  if (opt.debug & DBG_CRYPTO_VALUE )
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+  gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+  if (opt.debug)
+    parse_debug_flag (NULL, &opt.debug, debug_flags);
+}
+
+
+
+static void
+cleanup (void)
+{
+  if (socket_name && *socket_name)
+    {
+      char *name;
+
+      name = redir_socket_name? redir_socket_name : socket_name;
+
+      gnupg_remove (name);
+      *socket_name = 0;
+    }
+}
+
+
+
+int
+main (int argc, char **argv )
+{
+  gpgrt_argparse_t pargs;
+  int orig_argc;
+  char **orig_argv;
+  char *last_configname = NULL;
+  const char *configname = NULL;
+  const char *shell;
+  int parse_debug = 0;
+  const char *debug_level = NULL;
+  int greeting = 0;
+  int nogreeting = 0;
+  int multi_server = 0;
+  int is_daemon = 0;
+  int nodetach = 0;
+  int csh_style = 0;
+  char *logfile = NULL;
+  int debug_wait = 0;
+  int gpgconf_list = 0;
+  char *config_filename = NULL;
+  int allow_coredump = 0;
+  struct assuan_malloc_hooks malloc_hooks;
+  int res;
+  npth_t pipecon_handler;
+
+  early_system_init ();
+  gpgrt_set_strusage (my_strusage);
+  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+  /* Please note that we may running SUID(ROOT), so be very CAREFUL
+     when adding any stuff between here and the call to INIT_SECMEM()
+     somewhere after the option parsing */
+  log_set_prefix ("tpm2daemon", GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID);
+
+  /* Make sure that our subsystems are ready.  */
+  i18n_init ();
+  init_common_subsystems (&argc, &argv);
+
+  malloc_hooks.malloc = gcry_malloc;
+  malloc_hooks.realloc = gcry_realloc;
+  malloc_hooks.free = gcry_free;
+  assuan_set_malloc_hooks (&malloc_hooks);
+  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
+  assuan_sock_init ();
+  setup_libassuan_logging (&opt.debug, NULL);
+
+  setup_libgcrypt_logging ();
+  gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+  disable_core_dumps ();
+
+  /* Set default options. */
+  opt.parent = 0;		/* 0 means TPM uses default */
+
+  shell = getenv ("SHELL");
+  if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
+    csh_style = 1;
+
+  /* Check whether we have a config file on the commandline */
+  orig_argc = argc;
+  orig_argv = argv;
+  pargs.argc = &argc;
+  pargs.argv = &argv;
+  pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
+  while (gpgrt_argparse (NULL, &pargs, opts))
+    {
+      switch (pargs.r_opt)
+        {
+        case oDebug:
+        case oDebugAll:
+          parse_debug++;
+          break;
+        case oHomedir:
+          gnupg_set_homedir (pargs.r.ret_str);
+          break;
+        }
+    }
+  /* Reset the flags.  */
+  pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
+
+  /* initialize the secure memory. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+  maybe_setuid = 0;
+
+  /*
+     Now we are working under our real uid
+  */
+
+
+  /* The configuraton directories for use by gpgrt_argparser.  */
+  gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+  gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
+
+  /* We are re-using the struct, thus the reset flag.  We OR the
+   * flags so that the internal intialized flag won't be cleared. */
+  argc = orig_argc;
+  argv = orig_argv;
+  pargs.argc = &argc;
+  pargs.argv = &argv;
+  pargs.flags |=  (ARGPARSE_FLAG_RESET
+                   | ARGPARSE_FLAG_KEEP
+                   | ARGPARSE_FLAG_SYS
+                   | ARGPARSE_FLAG_USER);
+  while (gpgrt_argparser (&pargs, opts, TPM2DAEMON_NAME EXTSEP_S "conf"))
+    {
+      switch (pargs.r_opt)
+        {
+        case ARGPARSE_CONFFILE:
+          if (parse_debug)
+            log_info (_("reading options from '%s'\n"),
+                      pargs.r_type? pargs.r.ret_str: "[cmdline]");
+          if (pargs.r_type)
+            {
+              xfree (last_configname);
+              last_configname = xstrdup (pargs.r.ret_str);
+              configname = last_configname;
+            }
+          else
+            configname = NULL;
+          break;
+
+        case aGPGConfList: gpgconf_list = 1; break;
+        case aGPGConfTest: gpgconf_list = 2; break;
+        case oQuiet: opt.quiet = 1; break;
+        case oVerbose: opt.verbose++; break;
+
+        case oDebug:
+          if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
+            {
+              pargs.r_opt = ARGPARSE_INVALID_ARG;
+              pargs.err = ARGPARSE_PRINT_ERROR;
+            }
+          break;
+        case oDebugAll: opt.debug = ~0; break;
+        case oDebugLevel: debug_level = pargs.r.ret_str; break;
+        case oDebugWait: debug_wait = pargs.r.ret_int; break;
+        case oDebugAllowCoreDump:
+          enable_core_dumps ();
+          allow_coredump = 1;
+          break;
+        case oDebugLogTid:
+          log_set_pid_suffix_cb (tid_log_callback);
+          break;
+        case oDebugAssuanLogCats:
+          set_libassuan_log_cats (pargs.r.ret_ulong);
+          break;
+
+        case oNoGreeting: nogreeting = 1; break;
+        case oNoVerbose: opt.verbose = 0; break;
+        case oNoOptions: break; /* no-options */
+        case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
+        case oNoDetach: nodetach = 1; break;
+        case oLogFile: logfile = pargs.r.ret_str; break;
+        case oCsh: csh_style = 1; break;
+        case oSh: csh_style = 0; break;
+        case oServer: pipe_server = 1; break;
+        case oMultiServer: pipe_server = 1; multi_server = 1; break;
+        case oDaemon: is_daemon = 1; break;
+
+        case oListenBacklog:
+          listen_backlog = pargs.r.ret_int;
+          break;
+
+	case oParent:
+	  opt.parent = pargs.r.ret_ulong;
+	  break;
+
+        default:
+          if (configname)
+            pargs.err = ARGPARSE_PRINT_WARNING;
+          else
+            pargs.err = ARGPARSE_PRINT_ERROR;
+          break;
+        }
+    }
+  gpgrt_argparse (NULL, &pargs, NULL);  /* Release internal state.  */
+
+  if (!last_configname)
+    config_filename = gpgrt_fnameconcat (gnupg_homedir (),
+                                         TPM2DAEMON_NAME EXTSEP_S "conf",
+                                         NULL);
+  else
+    {
+      config_filename = last_configname;
+      last_configname = NULL;
+    }
+
+  if (log_get_errorcount (0))
+    exit (2);
+  if (nogreeting )
+    greeting = 0;
+
+  if (greeting)
+    {
+      es_fprintf (es_stderr, "%s %s; %s\n",
+                  gpgrt_strusage (11), gpgrt_strusage (13),
+		  gpgrt_strusage (14) );
+      es_fprintf (es_stderr, "%s\n", gpgrt_strusage (15) );
+    }
+#ifdef IS_DEVELOPMENT_VERSION
+  log_info ("NOTE: this is a development version!\n");
+#endif
+
+  /* Print a warning if an argument looks like an option.  */
+  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
+    {
+      int i;
+
+      for (i=0; i < argc; i++)
+        if (argv[i][0] == '-' && argv[i][1] == '-')
+          log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
+    }
+
+  if (atexit (cleanup))
+    {
+      log_error ("atexit failed\n");
+      cleanup ();
+      exit (1);
+    }
+
+  set_debug (debug_level);
+
+  if (gpgconf_list == 2)
+    tpm2d_exit (0);
+  if (gpgconf_list)
+    {
+      es_printf ("verbose:%lu:\n"
+                 "quiet:%lu:\n"
+                 "debug-level:%lu:\"none:\n"
+                 "log-file:%lu:\n",
+                 GC_OPT_FLAG_NONE,
+                 GC_OPT_FLAG_NONE,
+                 GC_OPT_FLAG_DEFAULT,
+                 GC_OPT_FLAG_NONE );
+
+      tpm2d_exit (0);
+    }
+
+  /* Now start with logging to a file if this is desired.  */
+  if (logfile)
+    {
+      log_set_file (logfile);
+      log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
+    }
+
+  if (debug_wait && pipe_server)
+    {
+      log_debug ("waiting for debugger - my pid is %u .....\n",
+                 (unsigned int)getpid ());
+      gnupg_sleep (debug_wait);
+      log_debug ("... okay\n");
+    }
+
+  if (pipe_server)
+    {
+      /* This is the simple pipe based server */
+      ctrl_t ctrl;
+      npth_attr_t tattr;
+      int fd = -1;
+
+#ifndef HAVE_W32_SYSTEM
+      {
+        struct sigaction sa;
+
+        sa.sa_handler = SIG_IGN;
+        sigemptyset (&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction (SIGPIPE, &sa, NULL);
+      }
+#endif
+
+      npth_init ();
+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
+
+      /* If --debug-allow-core-dump has been given we also need to
+         switch the working directory to a place where we can actually
+         write. */
+      if (allow_coredump)
+        {
+          if (chdir ("/tmp"))
+            log_debug ("chdir to '/tmp' failed: %s\n", strerror (errno));
+          else
+            log_debug ("changed working directory to '/tmp'\n");
+        }
+
+      /* In multi server mode we need to listen on an additional
+         socket.  Create that socket now before starting the handler
+         for the pipe connection.  This allows that handler to send
+         back the name of that socket. */
+      if (multi_server)
+        {
+          socket_name = create_socket_name (TPM2DAEMON_SOCK_NAME);
+          fd = FD2INT (create_server_socket (socket_name,
+					     &redir_socket_name,
+					     &socket_nonce));
+        }
+
+      res = npth_attr_init (&tattr);
+      if (res)
+        {
+          log_error ("error allocating thread attributes: %s\n",
+                     strerror (res));
+          tpm2d_exit (2);
+        }
+      npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+
+      ctrl = xtrycalloc (1, sizeof *ctrl);
+      if ( !ctrl )
+        {
+          log_error ("error allocating connection control data: %s\n",
+                     strerror (errno) );
+          tpm2d_exit (2);
+        }
+      ctrl->thread_startup.fd = GNUPG_INVALID_FD;
+      res = npth_create (&pipecon_handler, &tattr, start_connection_thread, ctrl);
+      if (res)
+        {
+          log_error ("error spawning pipe connection handler: %s\n",
+                     strerror (res) );
+          xfree (ctrl);
+          tpm2d_exit (2);
+        }
+      npth_setname_np (pipecon_handler, "pipe-connection");
+      npth_attr_destroy (&tattr);
+
+      /* We run handle_connection to wait for the shutdown signal and
+         to run the ticker stuff.  */
+      handle_connections (fd);
+      if (fd != -1)
+        close (fd);
+    }
+  else if (!is_daemon)
+    {
+      log_info (_("please use the option '--daemon'"
+                  " to run the program in the background\n"));
+    }
+  else
+    { /* Regular server mode */
+      int fd;
+#ifndef HAVE_W32_SYSTEM
+      pid_t pid;
+      int i;
+#endif
+
+      /* Create the socket.  */
+      socket_name = create_socket_name (TPM2DAEMON_SOCK_NAME);
+      fd = FD2INT (create_server_socket (socket_name,
+                                         &redir_socket_name, &socket_nonce));
+
+
+      fflush (NULL);
+#ifdef HAVE_W32_SYSTEM
+      (void)csh_style;
+      (void)nodetach;
+#else
+      pid = fork ();
+      if (pid == (pid_t)-1)
+        {
+          log_fatal ("fork failed: %s\n", strerror (errno) );
+          exit (1);
+        }
+      else if (pid)
+        { /* we are the parent */
+          char *infostr;
+
+          close (fd);
+
+          /* create the info string: <name>:<pid>:<protocol_version> */
+          if (gpgrt_asprintf (&infostr, "TPM2DAEMON_INFO=%s:%lu:1",
+                              socket_name, (ulong) pid) < 0)
+            {
+              log_error ("out of core\n");
+              kill (pid, SIGTERM);
+              exit (1);
+            }
+          *socket_name = 0; /* don't let cleanup() remove the socket -
+                               the child should do this from now on */
+          if (argc)
+            { /* run the program given on the commandline */
+              if (putenv (infostr))
+                {
+                  log_error ("failed to set environment: %s\n",
+                             strerror (errno) );
+                  kill (pid, SIGTERM );
+                  exit (1);
+                }
+              execvp (argv[0], argv);
+              log_error ("failed to run the command: %s\n", strerror (errno));
+              kill (pid, SIGTERM);
+              exit (1);
+            }
+          else
+            {
+              /* Print the environment string, so that the caller can use
+                 shell's eval to set it */
+              if (csh_style)
+                {
+                  *strchr (infostr, '=') = ' ';
+                  es_printf ( "setenv %s;\n", infostr);
+                }
+              else
+                {
+                  es_printf ( "%s; export TPM2DAEMON_INFO;\n", infostr);
+                }
+              xfree (infostr);
+              exit (0);
+            }
+          /* NOTREACHED */
+        } /* end parent */
+
+      /* This is the child. */
+
+      npth_init ();
+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
+
+      /* Detach from tty and put process into a new session. */
+      if (!nodetach )
+        {
+          /* Close stdin, stdout and stderr unless it is the log stream. */
+          for (i=0; i <= 2; i++)
+            {
+              if (!log_test_fd (i) && i != fd )
+                {
+                  if ( !close (i)
+                       && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
+                    {
+                      log_error ("failed to open '%s': %s\n",
+                                 "/dev/null", strerror (errno));
+                      cleanup ();
+                      exit (1);
+                    }
+                }
+            }
+
+          if (setsid () == -1)
+            {
+              log_error ("setsid() failed: %s\n", strerror (errno) );
+              cleanup ();
+              exit (1);
+            }
+        }
+
+      {
+        struct sigaction sa;
+
+        sa.sa_handler = SIG_IGN;
+        sigemptyset (&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction (SIGPIPE, &sa, NULL);
+      }
+
+#endif /*!HAVE_W32_SYSTEM*/
+
+      if (gnupg_chdir (gnupg_daemon_rootdir ()))
+        {
+          log_error ("chdir to '%s' failed: %s\n",
+                     gnupg_daemon_rootdir (), strerror (errno));
+          exit (1);
+        }
+
+      handle_connections (fd);
+
+      close (fd);
+    }
+
+  xfree (config_filename);
+  return 0;
+}
+
+void
+tpm2d_exit (int rc)
+{
+  gcry_control (GCRYCTL_TERM_SECMEM );
+  rc = rc? rc : log_get_errorcount (0)? 2 : 0;
+  exit (rc);
+}
+
+
+static void
+tpm2d_init_default_ctrl (ctrl_t ctrl)
+{
+  (void)ctrl;
+}
+
+static void
+tpm2d_deinit_default_ctrl (ctrl_t ctrl)
+{
+  if (!ctrl)
+    return;
+  xfree (ctrl->in_data.value);
+  ctrl->in_data.value = NULL;
+  ctrl->in_data.valuelen = 0;
+}
+
+
+/* Return the name of the socket to be used to connect to this
+   process.  If no socket is available, return NULL. */
+const char *
+tpm2d_get_socket_name (void)
+{
+  if (socket_name && *socket_name)
+    return socket_name;
+  return NULL;
+}
+
+
+#ifndef HAVE_W32_SYSTEM
+static void
+handle_signal (int signo)
+{
+  switch (signo)
+    {
+    case SIGHUP:
+      log_info ("SIGHUP received - "
+                "re-reading configuration\n");
+/*       reread_configuration (); */
+      break;
+
+    case SIGUSR1:
+      log_info ("SIGUSR1 received - printing internal information:\n");
+      /* Fixme: We need to see how to integrate pth dumping into our
+         logging system.  */
+      /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
+#if 0
+      app_dump_state ();
+#endif
+      break;
+
+    case SIGUSR2:
+      log_info ("SIGUSR2 received - no action defined\n");
+      break;
+
+    case SIGCONT:
+      /* Nothing.  */
+      log_debug ("SIGCONT received - breaking select\n");
+      break;
+
+    case SIGTERM:
+      if (!shutdown_pending)
+        log_info ("SIGTERM received - shutting down ...\n");
+      else
+        log_info ("SIGTERM received - still %i running threads\n",
+                  active_connections);
+      shutdown_pending++;
+      if (shutdown_pending > 2)
+        {
+          log_info ("shutdown forced\n");
+          log_info ("%s %s stopped\n", gpgrt_strusage (11),
+		    gpgrt_strusage (13) );
+          cleanup ();
+          tpm2d_exit (0);
+        }
+      break;
+
+    case SIGINT:
+      log_info ("SIGINT received - immediate shutdown\n");
+      log_info ( "%s %s stopped\n", gpgrt_strusage (11), gpgrt_strusage (13));
+      cleanup ();
+      tpm2d_exit (0);
+      break;
+
+    default:
+      log_info ("signal %d received - no action defined\n", signo);
+    }
+}
+#endif /*!HAVE_W32_SYSTEM*/
+
+
+/* Create a name for the socket.  We check for valid characters as
+   well as against a maximum allowed length for a unix domain socket
+   is done.  The function terminates the process in case of an error.
+   Retunrs: Pointer to an allcoated string with the absolute name of
+   the socket used.  */
+static char *
+create_socket_name (char *standard_name)
+{
+  char *name;
+
+  name = make_filename (gnupg_socketdir (), standard_name, NULL);
+  if (strchr (name, PATHSEP_C))
+    {
+      log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
+      tpm2d_exit (2);
+    }
+  return name;
+}
+
+
+
+/* Create a Unix domain socket with NAME.  Returns the file descriptor
+   or terminates the process in case of an error.  If the socket has
+   been redirected the name of the real socket is stored as a malloced
+   string at R_REDIR_NAME. */
+static gnupg_fd_t
+create_server_socket (const char *name, char **r_redir_name,
+                      assuan_sock_nonce_t *nonce)
+{
+  struct sockaddr *addr;
+  struct sockaddr_un *unaddr;
+  socklen_t len;
+  gnupg_fd_t fd;
+  int rc;
+
+  xfree (*r_redir_name);
+  *r_redir_name = NULL;
+
+  fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
+  if (fd == GNUPG_INVALID_FD)
+    {
+      log_error (_("can't create socket: %s\n"), strerror (errno));
+      tpm2d_exit (2);
+    }
+
+  unaddr = xmalloc (sizeof (*unaddr));
+  addr = (struct sockaddr*)unaddr;
+
+  {
+    int redirected;
+
+    if (assuan_sock_set_sockaddr_un (name, addr, &redirected))
+      {
+        if (errno == ENAMETOOLONG)
+          log_error (_("socket name '%s' is too long\n"), name);
+        else
+          log_error ("error preparing socket '%s': %s\n",
+                     name, gpg_strerror (gpg_error_from_syserror ()));
+        tpm2d_exit (2);
+      }
+    if (redirected)
+      {
+        *r_redir_name = xstrdup (unaddr->sun_path);
+        if (opt.verbose)
+          log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name);
+      }
+  }
+
+  len = SUN_LEN (unaddr);
+
+  rc = assuan_sock_bind (fd, addr, len);
+  if (rc == -1 && errno == EADDRINUSE)
+    {
+      gnupg_remove (unaddr->sun_path);
+      rc = assuan_sock_bind (fd, addr, len);
+    }
+  if (rc != -1
+      && (rc=assuan_sock_get_nonce (addr, len, nonce)))
+    log_error (_("error getting nonce for the socket\n"));
+ if (rc == -1)
+    {
+      log_error (_("error binding socket to '%s': %s\n"),
+                 unaddr->sun_path,
+                 gpg_strerror (gpg_error_from_syserror ()));
+      assuan_sock_close (fd);
+      tpm2d_exit (2);
+    }
+
+  if (gnupg_chmod (unaddr->sun_path, "-rwx"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               unaddr->sun_path, strerror (errno));
+
+  if (listen (FD2INT (fd), listen_backlog) == -1)
+    {
+      log_error ("listen(fd, %d) failed: %s\n",
+                 listen_backlog, gpg_strerror (gpg_error_from_syserror ()));
+      assuan_sock_close (fd);
+      tpm2d_exit (2);
+    }
+
+  if (opt.verbose)
+    log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
+
+  return fd;
+}
+
+
+
+/* This is the standard connection thread's main function.  */
+static void *
+start_connection_thread (void *arg)
+{
+  ctrl_t ctrl = arg;
+
+  if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
+      && assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
+    {
+      log_info (_("error reading nonce on fd %d: %s\n"),
+                FD2INT (ctrl->thread_startup.fd), strerror (errno));
+      assuan_sock_close (ctrl->thread_startup.fd);
+      xfree (ctrl);
+      return NULL;
+    }
+
+  active_connections++;
+
+  tpm2d_init_default_ctrl (ctrl);
+  if (opt.verbose)
+    log_info (_("handler for fd %d started\n"),
+              FD2INT (ctrl->thread_startup.fd));
+
+  /* If this is a pipe server, we request a shutdown if the command
+     handler asked for it.  With the next ticker event and given that
+     no other connections are running the shutdown will then
+     happen.  */
+  if (tpm2d_command_handler (ctrl, FD2INT (ctrl->thread_startup.fd))
+      && pipe_server)
+    shutdown_pending = 1;
+
+  if (opt.verbose)
+    log_info (_("handler for fd %d terminated\n"),
+              FD2INT (ctrl->thread_startup.fd));
+
+  tpm2d_deinit_default_ctrl (ctrl);
+  xfree (ctrl);
+
+  if (--active_connections == 0)
+    tpm2d_kick_the_loop ();
+
+  return NULL;
+}
+
+
+void
+tpm2d_kick_the_loop (void)
+{
+#ifdef HAVE_W32_SYSTEM
+  int ret;
+
+  /* Kick the select loop.  */
+  ret = SetEvent (the_event);
+  if (ret == 0)
+    log_error ("SetEvent for tpm2d_kick_the_loop failed: %s\n",
+               w32_strerror (-1));
+#elif defined(HAVE_PSELECT_NO_EINTR)
+  write (notify_fd, "", 1);
+#else
+  int ret;
+
+  ret = kill (main_thread_pid, SIGCONT);
+  if (ret < 0)
+    log_error ("SetEvent for tpm2d_kick_the_loop failed: %s\n",
+               gpg_strerror (gpg_error_from_syserror ()));
+#endif
+}
+
+/* Connection handler loop.  Wait for connection requests and spawn a
+   thread after accepting a connection.  LISTEN_FD is allowed to be -1
+   in which case this code will only do regular timeouts and handle
+   signals. */
+static void
+handle_connections (int listen_fd)
+{
+  npth_attr_t tattr;
+  struct sockaddr_un paddr;
+  socklen_t plen;
+  fd_set fdset, read_fdset;
+  int nfd;
+  int ret;
+  int fd;
+  struct timespec timeout;
+  struct timespec *t;
+  int saved_errno;
+#ifdef HAVE_W32_SYSTEM
+  HANDLE events[2];
+  unsigned int events_set;
+#else
+  int signo;
+#endif
+#ifdef HAVE_PSELECT_NO_EINTR
+  int pipe_fd[2];
+
+  ret = gnupg_create_pipe (pipe_fd);
+  if (ret)
+    {
+      log_error ("pipe creation failed: %s\n", gpg_strerror (ret));
+      return;
+    }
+  notify_fd = pipe_fd[1];
+#endif
+
+  ret = npth_attr_init (&tattr);
+  if (ret)
+    {
+      log_error ("npth_attr_init failed: %s\n", strerror (ret));
+      return;
+    }
+
+  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+
+#ifdef HAVE_W32_SYSTEM
+  {
+    HANDLE h, h2;
+    SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
+
+    events[0] = the_event = INVALID_HANDLE_VALUE;
+    events[1] = INVALID_HANDLE_VALUE;
+    h = CreateEvent (&sa, TRUE, FALSE, NULL);
+    if (!h)
+      log_error ("can't create tpm2d event: %s\n", w32_strerror (-1) );
+    else if (!DuplicateHandle (GetCurrentProcess (), h,
+                               GetCurrentProcess (), &h2,
+                               EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
+      {
+        log_error ("setting synchronize for tpm2d_kick_the_loop failed: %s\n",
+                   w32_strerror (-1) );
+        CloseHandle (h);
+      }
+    else
+      {
+        CloseHandle (h);
+        events[0] = the_event = h2;
+      }
+  }
+#else
+  npth_sigev_init ();
+  npth_sigev_add (SIGHUP);
+  npth_sigev_add (SIGUSR1);
+  npth_sigev_add (SIGUSR2);
+  npth_sigev_add (SIGINT);
+  npth_sigev_add (SIGCONT);
+  npth_sigev_add (SIGTERM);
+  npth_sigev_fini ();
+  main_thread_pid = getpid ();
+#endif
+
+  FD_ZERO (&fdset);
+  nfd = 0;
+  if (listen_fd != -1)
+    {
+      FD_SET (listen_fd, &fdset);
+      nfd = listen_fd;
+    }
+
+  for (;;)
+    {
+      int periodical_check;
+      int max_fd = nfd;
+
+      if (shutdown_pending)
+        {
+          if (active_connections == 0)
+            break; /* ready */
+
+          /* Do not accept anymore connections but wait for existing
+             connections to terminate. We do this by clearing out all
+             file descriptors to wait for, so that the select will be
+             used to just wait on a signal or timeout event. */
+          FD_ZERO (&fdset);
+          listen_fd = -1;
+        }
+
+      periodical_check = 0;
+
+      timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
+      timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
+
+      if (shutdown_pending || periodical_check)
+        t = &timeout;
+      else
+        t = NULL;
+
+      /* POSIX says that fd_set should be implemented as a structure,
+         thus a simple assignment is fine to copy the entire set.  */
+      read_fdset = fdset;
+
+#ifdef HAVE_PSELECT_NO_EINTR
+      FD_SET (pipe_fd[0], &read_fdset);
+      if (max_fd < pipe_fd[0])
+        max_fd = pipe_fd[0];
+#endif
+
+#ifndef HAVE_W32_SYSTEM
+      ret = npth_pselect (max_fd+1, &read_fdset, NULL, NULL, t,
+                          npth_sigev_sigmask ());
+      saved_errno = errno;
+
+      while (npth_sigev_get_pending (&signo))
+        handle_signal (signo);
+#else
+      ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t,
+                          events, &events_set);
+      saved_errno = errno;
+      if (events_set & 1)
+        continue;
+#endif
+
+      if (ret == -1 && saved_errno != EINTR)
+        {
+          log_error (_("npth_pselect failed: %s - waiting 1s\n"),
+                     strerror (saved_errno));
+          npth_sleep (1);
+          continue;
+        }
+
+      if (ret <= 0)
+        /* Timeout.  Will be handled when calculating the next timeout.  */
+        continue;
+
+#ifdef HAVE_PSELECT_NO_EINTR
+      if (FD_ISSET (pipe_fd[0], &read_fdset))
+        {
+          char buf[256];
+
+          read (pipe_fd[0], buf, sizeof buf);
+        }
+#endif
+
+      if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
+        {
+          ctrl_t ctrl;
+
+          plen = sizeof paddr;
+          fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
+          if (fd == -1)
+            {
+              log_error ("accept failed: %s\n", strerror (errno));
+            }
+          else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
+            {
+              log_error ("error allocating connection control data: %s\n",
+                         strerror (errno) );
+              close (fd);
+            }
+          else
+            {
+              char threadname[50];
+              npth_t thread;
+
+              snprintf (threadname, sizeof threadname, "conn fd=%d", fd);
+              ctrl->thread_startup.fd = INT2FD (fd);
+              ret = npth_create (&thread, &tattr, start_connection_thread, ctrl);
+              if (ret)
+                {
+                  log_error ("error spawning connection handler: %s\n",
+                             strerror (ret));
+                  xfree (ctrl);
+                  close (fd);
+                }
+              else
+                npth_setname_np (thread, threadname);
+            }
+        }
+    }
+
+#ifdef HAVE_W32_SYSTEM
+  if (the_event != INVALID_HANDLE_VALUE)
+    CloseHandle (the_event);
+#endif
+#ifdef HAVE_PSELECT_NO_EINTR
+  close (pipe_fd[0]);
+  close (pipe_fd[1]);
+#endif
+  cleanup ();
+  log_info (_("%s %s stopped\n"), gpgrt_strusage (11), gpgrt_strusage (13));
+  npth_attr_destroy (&tattr);
+}
+
+/* Return the number of active connections. */
+int
+get_active_connection_count (void)
+{
+  return active_connections;
+}
diff --git a/tpm2d/tpm2daemon.h b/tpm2d/tpm2daemon.h
new file mode 100644
index 0000000..095978a
--- /dev/null
+++ b/tpm2d/tpm2daemon.h
@@ -0,0 +1,100 @@
+/* tpm2daemon.h - Global definitions for the TPM2D
+ * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2021 James Bottomley <James.Bottomley@HansenPartnership.com>
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#ifndef TPM2DAEMON_H
+#define TPM2DAEMON_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+/* FIXME: Replace this hard coded value as soon as we require a newer
+ *        libgpg-error.  */
+#define GPG_ERR_SOURCE_DEFAULT  16 /* GPG_ERR_SOURCE_TPM2 */
+#include <gpg-error.h>
+
+#include <time.h>
+#include <gcrypt.h>
+#include "../common/util.h"
+#include "../common/sysutils.h"
+
+/* Maximum length of a digest.  */
+#define MAX_DIGEST_LEN 64
+
+
+
+/* A large struct name "opt" to keep global flags. */
+EXTERN_UNLESS_MAIN_MODULE
+struct
+{
+  unsigned int debug; /* Debug flags (DBG_foo_VALUE). */
+  int verbose;        /* Verbosity level. */
+  int quiet;          /* Be as quiet as possible. */
+  unsigned long parent;	      /* TPM parent */
+} opt;
+
+
+#define DBG_MPI_VALUE	  2	/* debug mpi details */
+#define DBG_CRYPTO_VALUE  4	/* debug low level crypto */
+#define DBG_IPC_VALUE     1024
+
+#define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
+
+struct server_local_s;
+
+struct server_control_s
+{
+  /* Private data used to fire up the connection thread.  We use this
+     structure do avoid an extra allocation for just a few bytes. */
+  struct {
+    gnupg_fd_t fd;
+  } thread_startup;
+
+  /* Local data of the server; used only in command.c. */
+  struct server_local_s *server_local;
+
+  /* The application context used with this connection or NULL if none
+     associated.  Note that this is shared with the other connections:
+     All connections accessing the same reader are using the same
+     application context. */
+  struct assuan_context_s *ctx;
+
+  /* Helper to store the value we are going to sign */
+  struct
+  {
+    unsigned char *value;
+    int valuelen;
+  } in_data;
+};
+
+typedef struct app_ctx_s *app_t;
+
+/*-- tpm2daemon.c --*/
+void tpm2d_exit (int rc);
+
+/*-- command.c --*/
+gpg_error_t initialize_module_command (void);
+int  tpm2d_command_handler (ctrl_t, int);
+void send_client_notifications (app_t app, int removal);
+void tpm2d_kick_the_loop (void);
+int get_active_connection_count (void);
+
+#endif /*TPM2DAEMON_H*/
-- 
2.7.4